Commit Graph

436 Commits

Author SHA1 Message Date
Bill Fenner
610a2e9ca5 Don't allow the window to be increased beyond what is possible to
represent in the TCP header.  The old code did effectively:
	win = min(win, MAX_ALLOWED);
	win = max(win, what_i_think_i_advertised_last_time);
so if what_i_think_i_advertised_last_time is bigger than can be
represented in the header (e.g. large buffers and no window scaling)
then we stuff a too-big number into a short.  This fix reverses the
order of the comparisons.

PR:		kern/4712
1997-10-07 21:10:06 +00:00
David Greenman
4281faf253 Killed the SYN_RECEIVED addition from rev 1.52. It results in legitimate
RST's being ignored, keeping a connection around until it times out, and
thus has the opposite effect of what was intended (which is to make the
system more robust to DoS attacks).
1997-10-02 02:10:40 +00:00
Bill Fenner
026650e576 Don't consider a SYN/ACK with CC but no CCECHO a proper T/TCP
handshake.

Reviewed by:	Rich Stevens <rstevens@kohala.com>
1997-09-30 16:38:09 +00:00
Garrett Wollman
6fce01c990 Export ipstat via sysctl. Don't understand why this wasn't done before. 1997-09-25 00:34:35 +00:00
Justin T. Gibbs
6c951b4441 Update for new callout interface. 1997-09-21 22:02:25 +00:00
Joerg Wunsch
0cc12cc57e Make TCPDEBUG a new-style option. 1997-09-16 18:36:06 +00:00
Bruce Evans
514ede0953 Fixed gratuitous ANSIisms. 1997-09-16 11:44:05 +00:00
Andrey A. Chernov
194a213eff Prevent overflow with fragmented packets
Reviewed by: wollman
1997-09-15 23:07:01 +00:00
Peter Wemm
f8f6cbba92 Update network code to use poll support. 1997-09-14 03:10:42 +00:00
Peter Wemm
5bfe67ef0a Some mbuf -> sockaddr changes seem to have been missed here. 1997-09-13 15:40:55 +00:00
Peter Wemm
ffdd472de7 Allow a compile-time override of the ipfw deny rule. For a 'firewall'
you don't want this (and the documentation explains why), but if you
use ipfw as an as-needed casual filter as needed which normally runs as
'allow all' then having the kernel and /sbin/ipfw get out of sync is a
*MAJOR* pain in the behind.

PR: 4141
Submitted by: Heikki Suonsivu <hsu@mail.clinet.fi>
1997-09-10 03:07:14 +00:00
Bruce Evans
bea0f0be7b Some staticized variables were still declared to be extern. 1997-09-07 05:27:26 +00:00
Brian Somers
59354a4e8d Upgrade to 2.4 (Fix -PKT_ALIAS_UNREGISTERED_ONLY)
Submitted by:	Charles Mott <cmott@srv.net>

Add __libalias_version so that ppp can derive the
correct library name for dlopen()
1997-09-06 11:11:43 +00:00
Bruce Evans
4d1d4912ae Added used #include - don't depend on <sys/mbuf.h> including
<sys/malloc.h> (unless we only use the bogusly shared M*WAIT flags).
1997-09-02 01:19:47 +00:00
Garrett Wollman
fe0fb8abd0 ICMP Timestamp Request messages could have harbored the same sort of
problem as Echo Requests when broad/multicast.  When multicast echo responses
are disabled, also do the same for timestamp responses.
1997-08-25 16:29:27 +00:00
Garrett Wollman
7022ea0a0c Configurably don't reply to broadcast or multicast echos. There are still
potential problems with other automatic-reply ICMPs, but some of them may
depend on broadcast/multicast to operate.  (This code can simply be
moved to the `reflect' label to generalize it.)
1997-08-25 01:25:31 +00:00
Alexander Langer
643811317c Fixed logging of verbose limited packets.
PR:		4351
Submitted by:	Ron Bickers <rbickers@intercenter.net>
1997-08-23 14:28:22 +00:00
Garrett Wollman
57bf258e3d Fix all areas of the system (or at least all those in LINT) to avoid storing
socket addresses in mbufs.  (Socket buffers are the one exception.)  A number
of kernel APIs needed to get fixed in order to make this happen.  Also,
fix three protocol families which kept PCBs in mbufs to not malloc them
instead.  Delete some old compatibility cruft while we're at it, and add
some new routines in the in_cksum family.
1997-08-16 19:16:27 +00:00
Brian Somers
4fe071a9f7 Fix file descriptor leak.
Submitted by:	Charles Mott <cmott@srv.net>
Identified by:	Gordon Burditt
1997-08-11 22:05:10 +00:00
Alexander Langer
750f6aad7b Support interface names up to 15 characters in length. In order to
accommodate the expanded name, the ICMP types bitmap has been
reduced from 256 bits to 32.

A recompile of kernel and user level ipfw is required.

To be merged into 2.2 after a brief period in -current.

PR:		bin/4209
Reviewed by:	Archie Cobbs <archie@whistle.com>
1997-08-08 14:36:29 +00:00
Alexander Langer
37d06d64cd Ensure that the interface name is terminated. 1997-08-06 00:19:05 +00:00
Brian Somers
3efa11bb71 Update to version 2.2. Only the PacketAlias*()
functions should now be used.  The old 2.1 stuff is
there for backwards compatability.
Submitted by:	Charles Mott <cmott@snake.srv.net>
1997-08-03 18:20:03 +00:00
Bruce Evans
1fd0b0588f Removed unused #includes. 1997-08-02 14:33:27 +00:00
Brian Somers
af782f1c59 Recalculate ip_sum before passing a
re-assembled packet to a divert port.
Pointed-out by:	Ari Suutari <ari@suutari.iki.fi>
VS:   then name the system in this line, otherwise delete it.
1997-07-25 03:58:21 +00:00
Bill Fenner
407529c04f Remove crufty LBL ifdef that only applies to Suns.
Submitted by:	Craig Leres <leres@ee.lbl.gov>
1997-07-19 20:07:07 +00:00
John Polstra
66e39adc7c Fix a bug (apparently very old) that can cause a TCP connection to
be dropped when it has an unusual traffic pattern.  For full details
as well as a test case that demonstrates the failure, see the
referenced PR.

Under certain circumstances involving the persist state, it is
possible for the receive side's tp->rcv_nxt to advance beyond its
tp->rcv_adv.  This causes (tp->rcv_adv - tp->rcv_nxt) to become
negative.  However, in the code affected by this fix, that difference
was interpreted as an unsigned number by max().  Since it was
negative, it was taken as a huge unsigned number.  The effect was
to cause the receiver to believe that its receive window had negative
size, thereby rejecting all received segments including ACKs.  As
the test case shows, this led to fruitless retransmissions and
eventually to a dropped connection.  Even connections using the
loopback interface could be dropped.  The fix substitutes the signed
imax() for the unsigned max() function.

PR:		closes kern/3998
Reviewed by:	davidg, fenner, wollman
1997-07-01 05:42:16 +00:00
Garrett Wollman
131d416032 Add for public examination the beginnings of the per-host cache support
which will for the basis of RTF_PRCLONING's more efficient, better-
designed replacement.
1997-06-18 01:24:28 +00:00
Julian Elischer
c7c219131b make it compile with -Wall
Submitted by: Archi Cobbs, archie@whistle.com
1997-06-04 22:09:15 +00:00
Julian Elischer
e4676ba603 Submitted by: Whistle Communications (archie Cobbs)
these are quite extensive additions to the ipfw code.
they include a change to the API because the old method was
broken, but the user view is kept the same.

The new code allows a particular match to skip forward to a particular
line number, so that blocks of rules can be
used without checking all the intervening rules.
There are also many more ways of rejecting
connections especially TCP related, and
many many more ...

see the man page for a complete description.
1997-06-02 05:02:37 +00:00
Peter Wemm
b34db546ea typo fix, s/imp/inp'; move lookup call inside splnet since there were
comments on it being outside.
1997-06-01 15:58:44 +00:00
Peter Wemm
159fe49b6f Uninitialised inp variable in div_bind().
Submitted by: Åge Røbekk <aagero@aage.priv.no>
1997-05-26 03:33:48 +00:00
Darren Reed
ca9409f111 This commit was generated by cvs2svn to compensate for changes in r26124,
which included commits to RCS files with non-trunk default branches.
1997-05-25 15:50:46 +00:00
Darren Reed
e10102a12a Import version 3.2alpha7 1997-05-25 15:50:46 +00:00
Peter Wemm
77d1915b56 Connect the ipdivert div_usrreqs struct to the ip proto switch table 1997-05-25 06:09:23 +00:00
Peter Wemm
9f90798686 Attempt to convert the ip_divert code to use the new-style protocol request
switch.  I needed 'LINT' to compile for other reasons so I kinda got the
blood on my hands.  Note: I don't know how to test this, I don't know if
it works correctly.
1997-05-24 17:23:11 +00:00
Julian Elischer
41fbdc966f submitted by: archie@whistle.com
Don't search for interface addresses matching interface "NULL"
it's likely to cause a page fault..
this can be triggered by the ipfw code rejecting a locally generated
packet (e.g. you decide to make some network unreachable by local users)
1997-05-23 22:33:16 +00:00
Brian Somers
3b160b8b6e Create the alias library. This is currently only used by
ppp (or will be shortly).  Natd can now be updated to use
this library rather than carrying its own version of the code.

Submitted by:	Charles Mott <cmott@srv.net>
1997-05-23 04:41:31 +00:00
Bill Fenner
911089957e Disallow writing raw IP packets shorter than the IP header. 1997-05-22 20:52:56 +00:00
Tor Egge
fdc984f7b6 Break apart initialization of s and inp from the declarations in
in_setsockaddr and in_setpeeraddr.
Suggested by:	Justin T. Gibbs <gibbs@plutotech.com>
1997-05-19 01:28:39 +00:00
Tor Egge
db112f04dc Disallow network interrupts while the address is found and copied in
in_setsockaddr and in_setpeeraddr.
Handle the case where the socket was disconnected before the network
interrupts were disabled.
Reviewed by:	Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
1997-05-19 00:18:30 +00:00
Tor Egge
dd570d4d64 Don't send arp request for the ip address 0.0.0.0. 1997-05-14 16:39:52 +00:00
Tor Egge
432aad0e98 Bring in some kernel bootp support. This removes the need for netboot
to fill in the nfs_diskless structure, at the cost of some kernel
bloat. The advantage is that this code works on a wider range of
network adapters than netboot. Several new kernel options are
documented in LINT.
Obtained from: parts of the code comes from NetBSD.
1997-05-11 18:05:39 +00:00
Kenjiro Cho
413fe3928f import Chuck Cranor's ATM driver 1997-05-09 07:48:14 +00:00
Bill Fenner
86b1d6d24d Pull up the IP header in ip_mloopback(). This makes sure that the
operations on the header inside ip_mloopback() are performed on
a private copy instead of a shared cluster.

PR:		kern/3410
1997-05-06 21:22:04 +00:00
Alexander Langer
af28de7ca8 Create the default rule with flags IP_FW_F_IN | IP_FW_F_OUT.
Closes PR#3100.
1997-05-06 02:12:18 +00:00
Garrett Wollman
a29f300e80 The long-awaited mega-massive-network-code- cleanup. Part I.
This commit includes the following changes:
1) Old-style (pr_usrreq()) protocols are no longer supported, the compatibility
glue for them is deleted, and the kernel will panic on boot if any are compiled
in.

2) Certain protocol entry points are modified to take a process structure,
so they they can easily tell whether or not it is possible to sleep, and
also to access credentials.

3) SS_PRIV is no more, and with it goes the SO_PRIVSTATE setsockopt()
call.  Protocols should use the process pointer they are now passed.

4) The PF_LOCAL and PF_ROUTE families have been updated to use the new
style, as has the `raw' skeleton family.

5) PF_LOCAL sockets now obey the process's umask when creating a socket
in the filesystem.

As a result, LINT is now broken.  I'm hoping that some enterprising hacker
with a bit more time will either make the broken bits work (should be
easy for netipx) or dike them out.
1997-04-27 20:01:29 +00:00
Peter Dufault
0ddf9be1f0 Make MOD_* macros almost consistent:
Use the name argument almost the same in all LKM types.  Maintain
the current behavior for the external (e.g., modstat) name for DEV,
EXEC, and MISC types being #name ## "_mod" and SYCALL and VFS only
#name.  This is a candidate for change and I vote just the name without
the "_mod".

Change the DISPATCH macro to MOD_DISPATCH for consistency with the
other macros.

Add an LKM_ANON #define to eliminate the magic -1 and associated
signed/unsigned warnings.

Add MOD_PRIVATE to support wcd.c's poking around in the lkm structure.

Change source in tree to use the new interface.

Reviewed by:	Bruce Evans
1997-04-06 11:14:13 +00:00
Darren Reed
beec821495 Resolve conflicts created by import. 1997-04-03 10:47:12 +00:00
Darren Reed
1fddb84ad6 Really import sys/netinet changes for IP Filter 3.2alpha4 this time. 1997-04-03 10:39:35 +00:00
Darren Reed
992cd951e8 This commit was generated by cvs2svn to compensate for changes in r24586,
which included commits to RCS files with non-trunk default branches.
1997-04-03 10:39:35 +00:00