summaryrefslogtreecommitdiff
path: root/sys/netinet
AgeCommit message (Collapse)Author
2006-01-13Path MTU discovery for NAT-T.Marco Pfatschbacher
OK markus@, "looks good" hshoexer@
2006-01-03m_pullup the same amount we copied, not just the IP header.Marco Pfatschbacher
Any pf(4) translation that modifies more than IP addresses, was happening on the shared mbuf cluster. Thus we were sending icmp errors with corrupted payload. OK dhartmei@, markus@
2005-12-23Remove unnecessary #ifdef MROUTING blocks. OK brad@ markus@Claudio Jeker
2005-12-20use M_READONLY when trying to find out whether we have to copyMarkus Friedl
the mbuf before encryption. otherwise mbufs with M_EXT but w/o M_CLUSTER get modified; ok hshoexer
2005-12-11bitfields must be off an int or such typeTheo de Raadt
2005-12-10in ansi c, bitfields must be done against int, unsigned int, or _Bool.Theo de Raadt
so we must start to use u_int; ok cloder
2005-12-01allow RST if the th_seq matches rcv_nxt in case the RST follows theMarkus Friedl
data immediately. otherwise we would ignore RST for delayed acks; ok deraadt, dhartmei
2005-11-29Fix IPv6 hmac calculation.Marco Pfatschbacher
OK mcbride@
2005-11-29something in the eurobsdcon route-a-thon broke my simple home networkJolan Luff
router so back out the routing stuff to pre-eurobsdcon where my machine doesn't crash immediately. i am happy to test diffs and report success/failures but i am not happy to have instantaneous crashes when i reboot with a new kernel that was compiled from pristine sources. if you are going to be an elitist asshole then you could at least make sure your code works. ok and "be crass towards them" deraadt@
2005-11-27don't let anything outside route.c access the routing table heads directly,Henning Brauer
but go through a provided wrapper. also provide rt_lookup() instead of doing the lookup manually in many places. ryan ok
2005-11-27Completly remove transition path INIT -> MASTER.Marco Pfatschbacher
A bug introduced in -r 1.4 led lower priotorized hosts switching to MASTER state for a short time at bootup, if preemption was enabled. OK mcbride@
2005-11-27Sort the IP addresses in ascending order when doing the carp hmac; makesRyan Thomas McBride
alias address order on the interface irrelevant. prodding by henning@, ok mpf@
2005-11-24Remove kernfs, okay deraadt@.Pedro Martelletto
2005-11-20splimp -> splvm. mbuf allocation here.Brad Smith
ok henning@
2005-11-15Only two `h' in threshold.Miod Vallat
2005-11-04Add carp_hash() - hash the ethernet address of the ARP request and useRyan Thomas McBride
the result to determine which carp interface should answer rather than simply using the ip address. Fixes breakage debugged by Matt Bradford <m.bradford@isrc.qut.edu.au> 'just commit' deraadt@
2005-11-02inherit sack_enable from the listen socket, this should allow connectionsMarkus Friedl
with both sack and md5 options in SYN.
2005-10-31Fix a TAILQ_FOREACH where the item containing the next pointer could beChristopher Pascoe
freed. ok canacar deraadt
2005-10-24Remove redundant duplicate packet length check.Ryan Thomas McBride
ok mpf@
2005-10-17make pf use one mbuf tag instead of 6 distinct ones. use a little structHenning Brauer
in the data part for the data from the previously distinct tags. look up the tag early and carry a pointer to it around. makes the code easier and saves some tag lookups and thus helps performance, as proven by tests run by Schberle Dniel <Schoeberle.Daniel@aamtech.hu> Initially hacked up somewhere over the atlantic ocean in an A330 early testing reyk and moritz, "put it in" theo
2005-10-05Add multicast routing to GENERIC.Esben Norby
It is now possible to enable multicast routing in the kernel with the sysctl option net.inet.ip.mforwarding=1 Based on intial work by msf@ help claudio@ ok claudio@ deraadt@
2005-09-29Rework of multicast deletion code.Marco Pfatschbacher
The previous code could wrongly delete multicast groups on the parent interface. Now we forward only remembered delete requests to the carpdev. OK mcbride, mickey. "Get it in" deraadt.
2005-09-28Enable RFC3390 by default and remove a few compile time options whichBrad Smith
can be changed via sysctl's. ok markus@
2005-09-19A few 'demon' -> 'daemon'.Kenneth R Westerback
ok deraadt@
2005-09-19typoTheo de Raadt
2005-09-19Fix initialisation of baddynamicports.udp, busted since 1997, wow.Theo de Raadt
found by leonardo@iken.com.br
2005-08-31Comment out KASSERT(mc != NULL) in carp_ether_delmulti. Because we mess withRyan Thomas McBride
the multicast list elsewhere, it can occur under certain conditions (PR4475). ok deraadt@ mpf@
2005-08-11New counter for not joined IPv4 multicast groups.Marco Pfatschbacher
Don't count link local scope multicast as not forwardable. This stops ips_cantforward growing on carp(4) networks. tested and ok mcbride@, ok markus@.
2005-08-11don't accept SYN-only TCP options for established connections;Markus Friedl
cf FreeBSD-SA-05:15.tcp; ok claudio, mcbride
2005-08-05don't panic for SADB_ADD w/o enc/auth, with and ok hshoexer@Markus Friedl
2005-08-02change the TCP reass queue from LIST to TAILQ;Markus Friedl
ok henning claudio fgsch krw
2005-08-02use arc4random for random packet padding (largely acedemic because it isDamien Miller
deprecated anyway); ok hshoexer@
2005-07-31Introduce bpf_mtap_af and bpf_mtap_hdr to be used when passing a mbuf chainChristopher Pascoe
to bpf with either an address family or other header added. These helpers only allocate a much smaller struct m_hdr on the stack when needed, rather than leaving 256 byte struct mbufs on the stack in deep call paths. Also removes a fair bit of duplicated code. commit now, tune after deraadt@
2005-07-31Change the API for icmp_do_error so that it takes the mtu directly, ratherChristopher Pascoe
than a pointer to struct ifnet containing it. Saves a 448 byte stack allocation in ip_forward which previously faked up a struct ifnet just for this purpose. idea ok deraadt millert
2005-07-25minor whitespace cleanupChristopher Pascoe
2005-07-14More netccitt and netns removals; OK henning, brad, mickeyUwe Stuehler
2005-07-04remove TUBA, ok manyMarkus Friedl
2005-06-30implement PMTU checks fromMarkus Friedl
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html i.e. don't act on ICMP-need-frag immediately if adhoc checks on the advertised mtu fail. the mtu update is delayed until a tcp retransmit happens. initial patch by Fernando Gont, tested by many.
2005-06-24simplify port allocation in pcb_bind(); based on freebsd; ok claudio henningMarkus Friedl
2005-06-19Don't reflect CARP's internal state via IFF_UP (which a user can modify), useChristopher Pascoe
IFF_RUNNING instead. Also, do not blindly restore flags onto an interface when returning to the running state. This eliminates the possibility that the kernel will bring the interface back up after a link state change on the physical interface, even though the user may have done an "ifconfig carpN down" in the meantime. Similarly two link state down events on the physical interface in succession could result in us never coming out of the INIT state. The master/backup state is still reported via link state information, so bgpd/ospfd, etc, should function as before. This also addresses PR4238. ok mpf@, ok with the idea etc henning@
2005-06-15remove from "attempted source route ..." message; ok deraadt, mpf, henning, ↵Markus Friedl
millert
2005-06-10make sure the IP packet contains a full struct ip_timestampMarkus Friedl
from art; ok deraadt, claudio, henning
2005-06-10getsockopt(): allocate a mbuf cluster for large ipsec credentialsMarkus Friedl
fixes kernel panic from pr 4252; Stefan Miltchev; ok deraadt@
2005-06-08netns bites the dustHenning Brauer
2005-06-06another leftover from the src routing adventure a year agoHenning Brauer
2005-06-03Hold a reference to the relevant struct in_ifaddr while a multicast addressChristopher Pascoe
is bound on the interface. ok mcbride@ henning@
2005-05-28Add SA replay counter synchronization to pfsync(4). Required for IPsecHakan Olsson
failover gateways. ok mcbride@, "looks good" hshoexer@
2005-05-27long overdue snprintf cleanup in kernfs related codeHans-Joerg Hoexer
ok cloder
2005-05-27wrap some commentsHans-Joerg Hoexer
2005-05-27comment out unused PACKET_TAG_IPSEC_IN_CRYPTO_DONE code; ok hshoexerMarkus Friedl