Commit Graph

478 Commits

Author SHA1 Message Date
Peter Wemm
f8f6cbba92 Update network code to use poll support. 1997-09-14 03:10:42 +00:00
Peter Wemm
5bfe67ef0a Some mbuf -> sockaddr changes seem to have been missed here. 1997-09-13 15:40:55 +00:00
Peter Wemm
ffdd472de7 Allow a compile-time override of the ipfw deny rule. For a 'firewall'
you don't want this (and the documentation explains why), but if you
use ipfw as an as-needed casual filter as needed which normally runs as
'allow all' then having the kernel and /sbin/ipfw get out of sync is a
*MAJOR* pain in the behind.

PR: 4141
Submitted by: Heikki Suonsivu <hsu@mail.clinet.fi>
1997-09-10 03:07:14 +00:00
Bruce Evans
bea0f0be7b Some staticized variables were still declared to be extern. 1997-09-07 05:27:26 +00:00
Brian Somers
59354a4e8d Upgrade to 2.4 (Fix -PKT_ALIAS_UNREGISTERED_ONLY)
Submitted by:	Charles Mott <cmott@srv.net>

Add __libalias_version so that ppp can derive the
correct library name for dlopen()
1997-09-06 11:11:43 +00:00
Bruce Evans
4d1d4912ae Added used #include - don't depend on <sys/mbuf.h> including
<sys/malloc.h> (unless we only use the bogusly shared M*WAIT flags).
1997-09-02 01:19:47 +00:00
Garrett Wollman
fe0fb8abd0 ICMP Timestamp Request messages could have harbored the same sort of
problem as Echo Requests when broad/multicast.  When multicast echo responses
are disabled, also do the same for timestamp responses.
1997-08-25 16:29:27 +00:00
Garrett Wollman
7022ea0a0c Configurably don't reply to broadcast or multicast echos. There are still
potential problems with other automatic-reply ICMPs, but some of them may
depend on broadcast/multicast to operate.  (This code can simply be
moved to the `reflect' label to generalize it.)
1997-08-25 01:25:31 +00:00
Alexander Langer
643811317c Fixed logging of verbose limited packets.
PR:		4351
Submitted by:	Ron Bickers <rbickers@intercenter.net>
1997-08-23 14:28:22 +00:00
Garrett Wollman
57bf258e3d Fix all areas of the system (or at least all those in LINT) to avoid storing
socket addresses in mbufs.  (Socket buffers are the one exception.)  A number
of kernel APIs needed to get fixed in order to make this happen.  Also,
fix three protocol families which kept PCBs in mbufs to not malloc them
instead.  Delete some old compatibility cruft while we're at it, and add
some new routines in the in_cksum family.
1997-08-16 19:16:27 +00:00
Brian Somers
4fe071a9f7 Fix file descriptor leak.
Submitted by:	Charles Mott <cmott@srv.net>
Identified by:	Gordon Burditt
1997-08-11 22:05:10 +00:00
Alexander Langer
750f6aad7b Support interface names up to 15 characters in length. In order to
accommodate the expanded name, the ICMP types bitmap has been
reduced from 256 bits to 32.

A recompile of kernel and user level ipfw is required.

To be merged into 2.2 after a brief period in -current.

PR:		bin/4209
Reviewed by:	Archie Cobbs <archie@whistle.com>
1997-08-08 14:36:29 +00:00
Alexander Langer
37d06d64cd Ensure that the interface name is terminated. 1997-08-06 00:19:05 +00:00
Brian Somers
3efa11bb71 Update to version 2.2. Only the PacketAlias*()
functions should now be used.  The old 2.1 stuff is
there for backwards compatability.
Submitted by:	Charles Mott <cmott@snake.srv.net>
1997-08-03 18:20:03 +00:00
Bruce Evans
1fd0b0588f Removed unused #includes. 1997-08-02 14:33:27 +00:00
Brian Somers
af782f1c59 Recalculate ip_sum before passing a
re-assembled packet to a divert port.
Pointed-out by:	Ari Suutari <ari@suutari.iki.fi>
VS:   then name the system in this line, otherwise delete it.
1997-07-25 03:58:21 +00:00
Bill Fenner
407529c04f Remove crufty LBL ifdef that only applies to Suns.
Submitted by:	Craig Leres <leres@ee.lbl.gov>
1997-07-19 20:07:07 +00:00
John Polstra
66e39adc7c Fix a bug (apparently very old) that can cause a TCP connection to
be dropped when it has an unusual traffic pattern.  For full details
as well as a test case that demonstrates the failure, see the
referenced PR.

Under certain circumstances involving the persist state, it is
possible for the receive side's tp->rcv_nxt to advance beyond its
tp->rcv_adv.  This causes (tp->rcv_adv - tp->rcv_nxt) to become
negative.  However, in the code affected by this fix, that difference
was interpreted as an unsigned number by max().  Since it was
negative, it was taken as a huge unsigned number.  The effect was
to cause the receiver to believe that its receive window had negative
size, thereby rejecting all received segments including ACKs.  As
the test case shows, this led to fruitless retransmissions and
eventually to a dropped connection.  Even connections using the
loopback interface could be dropped.  The fix substitutes the signed
imax() for the unsigned max() function.

PR:		closes kern/3998
Reviewed by:	davidg, fenner, wollman
1997-07-01 05:42:16 +00:00
Garrett Wollman
131d416032 Add for public examination the beginnings of the per-host cache support
which will for the basis of RTF_PRCLONING's more efficient, better-
designed replacement.
1997-06-18 01:24:28 +00:00
Julian Elischer
c7c219131b make it compile with -Wall
Submitted by: Archi Cobbs, archie@whistle.com
1997-06-04 22:09:15 +00:00
Julian Elischer
e4676ba603 Submitted by: Whistle Communications (archie Cobbs)
these are quite extensive additions to the ipfw code.
they include a change to the API because the old method was
broken, but the user view is kept the same.

The new code allows a particular match to skip forward to a particular
line number, so that blocks of rules can be
used without checking all the intervening rules.
There are also many more ways of rejecting
connections especially TCP related, and
many many more ...

see the man page for a complete description.
1997-06-02 05:02:37 +00:00
Peter Wemm
b34db546ea typo fix, s/imp/inp'; move lookup call inside splnet since there were
comments on it being outside.
1997-06-01 15:58:44 +00:00
Peter Wemm
159fe49b6f Uninitialised inp variable in div_bind().
Submitted by: Åge Røbekk <aagero@aage.priv.no>
1997-05-26 03:33:48 +00:00
Darren Reed
e10102a12a Import version 3.2alpha7 1997-05-25 15:50:46 +00:00
Darren Reed
ca9409f111 This commit was generated by cvs2svn to compensate for changes in r26124,
which included commits to RCS files with non-trunk default branches.
1997-05-25 15:50:46 +00:00
Peter Wemm
77d1915b56 Connect the ipdivert div_usrreqs struct to the ip proto switch table 1997-05-25 06:09:23 +00:00
Peter Wemm
9f90798686 Attempt to convert the ip_divert code to use the new-style protocol request
switch.  I needed 'LINT' to compile for other reasons so I kinda got the
blood on my hands.  Note: I don't know how to test this, I don't know if
it works correctly.
1997-05-24 17:23:11 +00:00
Julian Elischer
41fbdc966f submitted by: archie@whistle.com
Don't search for interface addresses matching interface "NULL"
it's likely to cause a page fault..
this can be triggered by the ipfw code rejecting a locally generated
packet (e.g. you decide to make some network unreachable by local users)
1997-05-23 22:33:16 +00:00
Brian Somers
3b160b8b6e Create the alias library. This is currently only used by
ppp (or will be shortly).  Natd can now be updated to use
this library rather than carrying its own version of the code.

Submitted by:	Charles Mott <cmott@srv.net>
1997-05-23 04:41:31 +00:00
Bill Fenner
911089957e Disallow writing raw IP packets shorter than the IP header. 1997-05-22 20:52:56 +00:00
Tor Egge
fdc984f7b6 Break apart initialization of s and inp from the declarations in
in_setsockaddr and in_setpeeraddr.
Suggested by:	Justin T. Gibbs <gibbs@plutotech.com>
1997-05-19 01:28:39 +00:00
Tor Egge
db112f04dc Disallow network interrupts while the address is found and copied in
in_setsockaddr and in_setpeeraddr.
Handle the case where the socket was disconnected before the network
interrupts were disabled.
Reviewed by:	Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
1997-05-19 00:18:30 +00:00
Tor Egge
dd570d4d64 Don't send arp request for the ip address 0.0.0.0. 1997-05-14 16:39:52 +00:00
Tor Egge
432aad0e98 Bring in some kernel bootp support. This removes the need for netboot
to fill in the nfs_diskless structure, at the cost of some kernel
bloat. The advantage is that this code works on a wider range of
network adapters than netboot. Several new kernel options are
documented in LINT.
Obtained from: parts of the code comes from NetBSD.
1997-05-11 18:05:39 +00:00
Kenjiro Cho
413fe3928f import Chuck Cranor's ATM driver 1997-05-09 07:48:14 +00:00
Bill Fenner
86b1d6d24d Pull up the IP header in ip_mloopback(). This makes sure that the
operations on the header inside ip_mloopback() are performed on
a private copy instead of a shared cluster.

PR:		kern/3410
1997-05-06 21:22:04 +00:00
Alexander Langer
af28de7ca8 Create the default rule with flags IP_FW_F_IN | IP_FW_F_OUT.
Closes PR#3100.
1997-05-06 02:12:18 +00:00
Garrett Wollman
a29f300e80 The long-awaited mega-massive-network-code- cleanup. Part I.
This commit includes the following changes:
1) Old-style (pr_usrreq()) protocols are no longer supported, the compatibility
glue for them is deleted, and the kernel will panic on boot if any are compiled
in.

2) Certain protocol entry points are modified to take a process structure,
so they they can easily tell whether or not it is possible to sleep, and
also to access credentials.

3) SS_PRIV is no more, and with it goes the SO_PRIVSTATE setsockopt()
call.  Protocols should use the process pointer they are now passed.

4) The PF_LOCAL and PF_ROUTE families have been updated to use the new
style, as has the `raw' skeleton family.

5) PF_LOCAL sockets now obey the process's umask when creating a socket
in the filesystem.

As a result, LINT is now broken.  I'm hoping that some enterprising hacker
with a bit more time will either make the broken bits work (should be
easy for netipx) or dike them out.
1997-04-27 20:01:29 +00:00
Peter Dufault
0ddf9be1f0 Make MOD_* macros almost consistent:
Use the name argument almost the same in all LKM types.  Maintain
the current behavior for the external (e.g., modstat) name for DEV,
EXEC, and MISC types being #name ## "_mod" and SYCALL and VFS only
#name.  This is a candidate for change and I vote just the name without
the "_mod".

Change the DISPATCH macro to MOD_DISPATCH for consistency with the
other macros.

Add an LKM_ANON #define to eliminate the magic -1 and associated
signed/unsigned warnings.

Add MOD_PRIVATE to support wcd.c's poking around in the lkm structure.

Change source in tree to use the new interface.

Reviewed by:	Bruce Evans
1997-04-06 11:14:13 +00:00
Darren Reed
beec821495 Resolve conflicts created by import. 1997-04-03 10:47:12 +00:00
Darren Reed
1fddb84ad6 Really import sys/netinet changes for IP Filter 3.2alpha4 this time. 1997-04-03 10:39:35 +00:00
Darren Reed
992cd951e8 This commit was generated by cvs2svn to compensate for changes in r24586,
which included commits to RCS files with non-trunk default branches.
1997-04-03 10:39:35 +00:00
David Greenman
ca98b82c8d Reorganize elements of the inpcb struct to take better advantage of
cache lines. Removed the struct ip proto since only a couple of chars
were actually being used in it. Changed the order of compares in the
PCB hash lookup to take advantage of partial cache line fills (on PPro).

Discussed-with: wollman
1997-04-03 05:14:45 +00:00
Bruce Evans
51a534883a Don't include <sys/ioctl.h> in the kernel. Stage 2: include
<sys/sockio.h> instead of <sys/ioctl.h> in network files.
1997-03-24 11:33:46 +00:00
Bruce Evans
fce002fdef Don't include <sys/ioctl.h> in the kernel. Stage 1: don't include
it when it is not used.  In most cases, the reasons for including it
went away when the special ioctl headers became self-sufficient.
1997-03-24 11:25:10 +00:00
David Greenman
ddd79a9790 Improved performance of hash algorithm while (hopefully) not reducing
the quality of the hash distribution. This does not fix a problem dealing
with poor distribution when using lots of IP aliases and listening
on the same port on every one of them...some other day perhaps; fixing
that requires significant code changes.
The use of xor was inspired by David S. Miller <davem@jenolan.rutgers.edu>
1997-03-03 09:23:37 +00:00
Peter Wemm
413e00145c Import ipfilter 3.1.8 kernel components 1997-03-02 15:50:35 +00:00
Peter Wemm
2236e17352 This commit was generated by cvs2svn to compensate for changes in r23285,
which included commits to RCS files with non-trunk default branches.
1997-03-02 15:50:35 +00:00
Peter Wemm
3589f3628a Replacement import of ipfilter 3.1.7 components used in kernel.
(This is to repair the vendor branching)
1997-03-02 15:49:41 +00:00
Peter Wemm
5c45aebbdc This commit was generated by cvs2svn to compensate for changes in r23282,
which included commits to RCS files with non-trunk default branches.
1997-03-02 15:49:41 +00:00
Bill Fenner
e1596dff1e Fix a comment and some commented-out code in ip_mloopback to
reflect how multicast loopback really works.
1997-02-28 19:40:48 +00:00
Garrett Wollman
b110a8a2b3 Fix #include order. 1997-02-24 20:31:25 +00:00
Peter Wemm
6875d25465 Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not
ready for it yet.
1997-02-22 09:48:43 +00:00
Garrett Wollman
cf4dae1061 Properly notice error returns from if_allmulti(). 1997-02-21 18:34:58 +00:00
Garrett Wollman
ef53690bb4 Fix potential crash where a user attempts to perform an implied
connect in TCP while sending urgent data.  It is not clear what
purpose is served by doing this, but there's no good reason why it
shouldn't work.

Submitted by:	tjevans@raleigh.ibm.com via wpaul
1997-02-21 16:30:31 +00:00
Garrett Wollman
7e05e70c2c Fix the parameters of a call to in_setsockaddr(). 1997-02-20 18:39:33 +00:00
Darren Reed
f1743588c7 change IP Filter hooks to match new 3.1.8 patches for FreeBSD 1997-02-19 14:02:27 +00:00
Garrett Wollman
117bcae7c4 Convert raw IP from mondo-switch-statement-from-Hell to
pr_usrreqs.  Collapse duplicates with udp_usrreq.c and
tcp_usrreq.c (calling the generic routines in uipc_socket2.c and
in_pcb.c).  Calling sockaddr()_ or peeraddr() on a detached
socket now traps, rather than harmlessly returning an error; this
should never happen.  Allow the raw IP buffer sizes to be
controlled via sysctl.
1997-02-18 20:46:36 +00:00
Garrett Wollman
d0390e0570 Fix the mechanism for choosing wehether to save the slow-start threshold
in the route.  This allows us to remove the unconditional setting of the
pipesize in the route, which should mean that SO_SNDBUF and SO_RCVBUF
should actually work again.  While we're at it:

- Convert udp_usrreq from `mondo switch statement from Hell' to new-style.
- Delete old TCP mondo switch statement from Hell, which had previously
  been diked out.
1997-02-14 18:15:53 +00:00
Garrett Wollman
39191c8eb8 Provide PRC_IFDOWN and PRC_IFUP support for IP. Now, when an interface
is administratively downed, all routes to that interface (including the
interface route itself) which are not static will be deleted.  When
it comes back up, and addresses remaining will have their interface routes
re-added.  This solves the problem where, for example, an Ethernet interface
is downed by traffic continues to flow by way of ARP entries.
1997-02-13 19:46:45 +00:00
Darren Reed
afed1b4988 Add IP Filter hooks (from patches). 1997-02-10 11:45:37 +00:00
Brian Somers
47c861ecc7 Don't zero ip->ip_sum during sum validation. This should only
affect programs that sit on top of divert(4) sockets.  The
multicast routing code already unconditionally zeros the sum
before recalculating.

Any code that unconditionaly sums a packet without first zeroing
the sum (assuming that it's already zero'd) will break.  No such
code seems to exist.
1997-02-06 11:14:22 +00:00
Brian Somers
d81e40431a Reset ip_divert_ignore to zero immediately after use - also,
set it in the first place, independent of whether sin->sin_port
is set.

The result is that diverted packets that are being forwarded
will be diverted once and only once on the way in (ip_input())
and again, once and only once on the way out (ip_output()) -
twice in total.  ICMP packets that don't contain a port will
now also be diverted.
1997-02-02 16:33:12 +00:00
Garrett Wollman
82c39223b9 Count multicast packets received for groups of which we are not
a member separately from generic ``can't forward'' packets.  This
would have helped me find the previous bug much faster.
1997-01-21 21:08:09 +00:00
Garrett Wollman
93e808cd76 Who had the conical hat? Correct a typo, hidden by a bad cast,
which prevented IP multicast reception from happening.
1997-01-21 19:44:46 +00:00
Joerg Wunsch
e4107dcf00 This mega-merge brings Matt Thomas' 960801 FDDI driver (almost) up
to -current.

Thanks goes to Ulrike Nitzsche <ulrike@ifw-dresden.de> for giving me
a chance to test this.  Only the PCI driver is tested though.

One final patch will follow in a separate commit.  This is so that
everything up to here can be dragged into 2.2, if we decide so.

Reviewed by:	joerg
Submitted by:	Matt Thomas <matt@3am-software.com>
1997-01-17 23:54:45 +00:00
Adam David
839cc09e53 implement "not" keyword for inverting the address logic 1997-01-16 21:04:29 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Garrett Wollman
477180fbc8 Use the new if_multiaddrs list for multicast addresses rather than the
previous hackery involving struct in_ifaddr and arpcom.  Get rid of the
abominable multi_kludge.  Update all network interfaces to use the
new machanism.  Distressingly few Ethernet drivers program the multicast
filter properly (assuming the hardware has one, which it usually does).
1997-01-13 21:26:53 +00:00
Garrett Wollman
c41ac00245 Expose more of these structures to tthe user so that netstat
doesn't walk around with its KERNEL exposed.

More commits to follow...
1997-01-03 19:53:35 +00:00
Garrett Wollman
9cb3aff230 Move the ethertypes from <netinet/if_ether.h> to <net/ethernet.h>.
Many programs need the numbers but don't need the internals of ARP.

More commits to follow...
1997-01-03 19:51:54 +00:00
Peter Wemm
c922550c95 Add INADDR_LOOPBACK, moved from <rpc/rpc.h> 1996-12-30 15:34:17 +00:00
Garrett Wollman
ee3c980de5 Some days, it just doesn't pay to get out of bed. Fix another broken
reference to the now-dead-for-real-this-time ia_next field.

Reminded by: Russell Vincent
1996-12-15 22:44:00 +00:00
Garrett Wollman
771f021675 Somehow the removal of ia_next didn't make it in the last time. Hope
it makes it in this time, and remember not to commit changes next time
late on a Friday evening!
1996-12-15 20:46:39 +00:00
Bruce Evans
cbf5d94928 Attempt to complete the fix in the previous revision. This version
fixes the problem reported by max.
1996-12-15 20:38:30 +00:00
John Dyson
97db6f8d69 Missing TAILQ mod. 1996-12-14 17:49:58 +00:00
Garrett Wollman
59562606b9 Convert the interface address and IP interface address structures
to TAILQs.  Fix places which referenced these for no good reason
that I can see (the references remain, but were fixed to compile
again; they are still questionable).
1996-12-13 21:29:07 +00:00
Garrett Wollman
294121822b Use queue macros for the list of interfaces. Next stop: ifaddrs! 1996-12-11 20:38:25 +00:00
Garrett Wollman
4963f4cd96 Include <net/if_arp.h> in the one header that requires it,
<netinet/if_ether.h>, rather than in <net/if.h>, most of whose callers
have no need of it.

Pointed-out-by:	bde
1996-12-11 17:46:33 +00:00
David Greenman
c7a6ccb33e Only pay attention to the offset and the IP_MF flag in ip_off. Pointed
out by Nathaniel D. Daw (daw@panix.com), but fixed differently by me.
1996-12-11 03:26:36 +00:00
Bill Fenner
2f1a0ba831 Allocate a header mbuf for the start of the encapsulated packet.
The rest of the code was treating it as a header mbuf, but it was
allocated as a normal mbuf.

This fixes the panic: ip_output no HDR when you have a multicast
tunnel configured.
1996-11-23 19:07:02 +00:00
Bill Fenner
254de4ea96 Reword two messages:
duplicate ip address 204.162.228.7! sent from ethernet address: 08:00:20:09:7b:1d
changed to
arp: 08:00:20:09:7b:1d is using my IP address 204.162.228.7!

and

arp info overwritten for 204.162.228.2 by 08:00:20:09:7b:1d
changed to
arp: 204.162.228.2 moved from 08:00:20:07:b6:a0 to 08:00:20:09:7b:1d

I think the new wordings are more clear and could save some support
questions.
1996-11-15 18:50:31 +00:00
Bruce Evans
ca5d5e7397 Forward-declare `struct inpcb' so that including this file doesn't cause
lots of warnings.

Should be in 2.2.   Previous version shouldn't have been in 2.2.
1996-11-12 10:02:09 +00:00
Bill Fenner
82c23eba89 Add the IP_RECVIF socket option, which supplies a packet's incoming interface
using a sockaddr_dl.

Fix the other packet-information socket options (SO_TIMESTAMP, IP_RECVDSTADDR)
to work for multicast UDP and raw sockets as well.  (They previously only
worked for unicast UDP).
1996-11-11 04:56:32 +00:00
Bill Fenner
39172c9401 Re-enable the TCP SYN-attack protection code. I was the one who didn't
understand the socket state flag.

2.2 candidate.
1996-11-10 07:37:24 +00:00
Peter Wemm
37bd2b301c Fix braino on my part. When we have three different port ranges (default,
"high" and "secure"), we can't use a single variable to track the most
recently used port in all three ranges.. :-]  This caused the next
transient port to be allocated from the start of the range more often than
it should.
1996-10-30 06:13:10 +00:00
Bill Fenner
430d30d837 Don't allow reassembly to create packets bigger than IP_MAXPACKET, and count
attempts to do so.
Don't allow users to source packets bigger than IP_MAXPACKET.
Make UDP length and ipovly's protocol length unsigned short.

Reviewed by:	wollman
Submitted by:	(partly by) kml@nas.nasa.gov (Kevin Lahey)
1996-10-25 17:57:53 +00:00
Garrett Wollman
64682bc28a Give ip_len and ip_off more natural, unsigned types. 1996-10-23 18:35:50 +00:00
Søren Schmidt
6713d4a747 Changed args to the nat functions. 1996-10-22 22:26:02 +00:00
Alexander Langer
af44ef0a2f Reword two comments. 1996-10-19 20:23:12 +00:00
Bruce Evans
5e26bd9a05 Forward-declared `struct route' for the KERNEL case so that <net/route.h>
isn't a prerequisite.

Fixed style of ifdefs.
1996-10-15 16:54:47 +00:00
Bruce Evans
4458ac71b1 Removed nested include if <sys/socket.h> from <net/if.h> and
<net/if_arp.h> and fixed the things that depended on it.  The nested
include just allowed unportable programs to compile and made my
simple #include checking program report that networking code doesn't
need to include <sys/socket.h>.
1996-10-12 19:49:43 +00:00
Alexander Langer
bfcffdaf03 Log the interface name which received the packet.
Suggested by:	Hal Snyder <hsndyer@thoughtport.com>
1996-10-12 19:38:50 +00:00
Paul Traina
a51764a8bf Fix two bugs I accidently put into the syn code at the last minute
(yes I had tested the hell out of this).

I've also temporarily disabled the code so that it behaves as it previously
did (tail drop's the syns) pending discussion with fenner about some socket
state flags that I don't fully understand.

Submitted by:	fenner
1996-10-11 19:26:42 +00:00
Garrett Wollman
5893891624 All three files: make COMPAT_IPFW==0 case work again.
ip_input.c:
	- delete some dusty code
	- _IP_VHL
	- use fast inline header checksum when possible
1996-10-07 19:21:46 +00:00
David Greenman
6d6a026b47 Improved in_pcblookuphash() to support wildcarding, and changed relavent
callers of it to take advantage of this. This reduces new connection
request overhead in the face of a large number of PCBs in the system.
Thanks to David Filo <filo@yahoo.com> for suggesting this and providing
a sample implementation (which wasn't used, but showed that it could be
done).

Reviewed by:	wollman
1996-10-07 19:06:12 +00:00
Paul Traina
ebb0cbea75 Increase robustness of FreeBSD against high-rate connection attempt
denial of service attacks.

Reviewed by:	bde,wollman,olah
Inspired by:	vjs@sgi.com
1996-10-07 04:32:42 +00:00
Paul Traina
12eafeb016 I don't understand, I committed this fix (move a counter and fixed a typo)
this evening.

I think I'm going insane.
1996-09-21 06:39:20 +00:00
Andrey A. Chernov
96d719e6e0 Syntax error: so_incom -> so_incomp 1996-09-21 06:30:06 +00:00
Paul Traina
4195b4af58 If the incomplete listen queue for a given socket is full,
drop the oldest entry in the queue.

There was a fair bit of discussion as to whether or not the
proper action is to drop a random entry in the queue.  It's
my conclusion that a random drop is better than a head drop,
however profiling this section of code (done by John Capo)
shows that a head-drop results in a significant performance
increase.

There are scenarios where a random drop is more appropriate.
If I find one in reality, I'll add the random drop code under
a conditional.

Obtained from: discussions and code done by Vernon Schryver (vjs@sgi.com).
1996-09-20 21:25:18 +00:00