Prior to this change, Accidental recursion protection was done by
the diverted daemon feeding back the divert port number it got
the packet on, as the port number on a sendto(). IPFW knew not to
redivert a packet to this port (again). Processing of the ruleset
started at the beginning again, skipping that divert port.
The new semantic (which is how we should have done it the first time)
is that the port number in the sendto() is the rule number AFTER which
processing should restart, and on a recvfrom(), the port number is the
rule number which caused the diversion. This is much more flexible,
and also more intuitive. If the user uses the same sockaddr received
when resending, processing resumes at the rule number following that
that caused the diversion. The user can however select to resume rule
processing at any rule. (0 is restart at the beginning)
To enable the new code use
option IPFW_DIVERT_RESTART
This should become the default as soon as people have looked at it a bit
passed to the user process for incoming packets. When the sockaddr_in
is passed back to the divert socket later, use thi sas the primary
interface lookup and only revert to the IP address when the name fails.
This solves a long standing bug with divert sockets:
When two interfaces had the same address (P2P for example) the interface
"assigned" to the reinjected packet was sometimes incorect.
Probably we should define a "sockaddr_div" to officially hold this
extended information in teh same manner as sockaddr_dl.
group is 0 in /etc/passwd even if they aren't listed
as a member in /etc/group. This is more inline with
what the group manpage says.
PR: 6696
Submitted by: Max Euston <meuston@jmrodgers.com>
transferring session rights with them. Instead, create two
`/bin/cat' processes. A new child is spawned and disassociated from
the terminal and the parent, which continues with the rest of the ppp
process. Meanwhile, the parent spawns another child, and both the
parent and child exec the `/bin/cat' commands with the appropriate
descriptors. This way, the session is owned by the parent, and the
tty is held open.
o Close LCPs that have done a TLF and are now in ST_STOPPED before
calling Down. This prevents them from trying to come back up again
after the peer has shut them down (it seems a bit strange that the
rfc says that a Down in ST_STOPPED will cause a TLS etc).
o Don't try to set the physical link name pointer when we're receiving
and renaming a datalink. The physical hasn't been created yet, and as
it happens, the garbage physical pointer happens to be the value of another
physical - so we're pointing that other physical name at ourselves.
yeuck.
o Re-arrange the order of things in main (DoLoop()). We now handle
signals only after the select and not before the UpdateSet. It's
possible that either a signal (FSM timeout) or a descriptor_Read()
brings a link down, after which we'd better tidy up any dead direct
and 1off descriptors before calling UpdateSet() again.
o Mention when we detect a PPP packet when we see one before the link
is up (then start LCP as before).
of the TCP payload. See RFC1122 section 4.2.2.6 . This allows
Path MTU discovery to be used along with IP options.
PR: problem discovered by Kevin Lahey <kml@nas.nasa.gov>
so it must be adjusted (minus 1) before using it to do the length check.
I'm not sure who to give the credit to, but the bug was reported by
Jennifer Dawn Myers <jdm@enteract.com>, who also supplied a patch. It
was also fixed in OpenBSD previously by andreas.gunnarsson@emw.ericsson.se,
and of course I did the homework to verify that the fix was correct per
the specification.
PR: 6738
for better packing. This means that we can choose better values for the
various hash entries without having to try and get it all to fit within
an artificial power of two limit for malloc's sake.
It's now dealt with by the `server' object. This simplifies
things as we only have one list of prompt descriptors and
the log_ routines check prompt::logactive to determine
whether it should be used for output.
o Include the MP socket UpdateSet() result in bundle::UpdateSet().
o Don't select on the tun device unless we're in NETWORK
phase or AUTO mode.
o Stop the idle timer when we go to DEAD phase. We may
have transferred a link and not had a chance to kill
it.
o Don't fail when trying to unlink our transferred datalink
from our descriptor lists just before the transfer.
o Add our link descriptor to the write set if we got a short
write the last time (physical::out is set).
o Log the connection source address when a connection is closed.
o Remove descriptor::next field. Descriptor lists are not required
any more.
incoming fragments when a link goes down.
o Don't use the minimum sequence numbers of links that aren't open.
o Understand sequence number wrapping when determining the minimum
sequence number.
o Add & adjust a few comments.
