d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
823db0e9dd
freebsd-dev/sys/netinet
History
Don Lewis 823db0e9dd Disable interface checking when IP forwarding is engaged so that packets 
addressed to the interface on the other side of the box follow their
historical path.

Explicitly block packets sent to the loopback network sent from the outside,
which is consistent with the behavior of the forwarding path between
interfaces as implemented in in_canforward().

Always check the arrival interface when matching the packet destination
against the interface broadcast addresses.  This bug allowed TCP
connections to be made to the broadcast address of an interface on the
far side of the system because the M_BCAST flag was not set because the
packet was unicast to the interface on the near side.  This was broken
when the directed broadcast code was removed from revision 1.32.  If
the directed broadcast code was stil present, the destination would not
have been recognized as local until the packet was forwarded to the output
interface and ether_output() looped a copy back to ip_input() with
M_BCAST set and the receive interface set to the output interface.

Optimize the order of the tests.

Reviewed by:	jlemon
2001-03-04 01:39:19 +00:00
..
libalias Add a few ``const''s to silence some -Wwrite-strings warnings 2001-01-29 11:44:13 +00:00
accf_data.c Remove headers not needed. 2000-10-07 23:15:17 +00:00
accf_http.c Fix incorrect logic wouldn't disconnect incomming connections that had been 2001-01-03 19:50:23 +00:00
fil.c fix conflicts 2001-02-04 14:26:56 +00:00
icmp6.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
icmp_var.h Clean up RST ratelimiting. Previously, ratelimiting occured before tests 2001-02-11 07:39:51 +00:00
if_atm.c
if_atm.h Add $FreeBSD$ 2000-05-01 20:32:07 +00:00
if_ether.c Sync with the bridge/dummynet/ipfw code already tested in stable. 2001-02-10 00:10:18 +00:00
if_ether.h
if_fddi.h
igmp_var.h
igmp.c Add #include <machine/in_cksum.h>, in order to pick up the checksum 2000-05-06 18:19:58 +00:00
igmp.h
in_cksum.c
in_gif.c Another round of the <sys/queue.h> FOREACH transmogriffer. 2001-02-04 16:08:18 +00:00
in_gif.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
in_hostcache.c Convert more malloc+bzero to malloc+M_ZERO. 2000-12-08 21:51:06 +00:00
in_hostcache.h
in_pcb.c Fix jails. 2001-02-28 09:38:48 +00:00
in_pcb.h Remove in_pcbnotify and use in_pcblookup_hash to find the cb directly. 2001-02-26 21:19:47 +00:00
in_proto.c Make netstat(1) to be aware of divert(4) sockets. 2000-08-03 14:09:52 +00:00
in_rmx.c
in_systm.h
in_var.h Convert if_multiaddrs from LIST to TAILQ so that it can be traversed 2001-02-06 10:12:15 +00:00
in.c Another round of the <sys/queue.h> FOREACH transmogriffer. 2001-02-04 16:08:18 +00:00
in.h o Move per-process jail pointer (p->pr_prison) to inside of the subject 2001-02-21 06:39:57 +00:00
ip6.h remove m_pulldown statistics, which is highly experimental and does not 2000-07-12 16:39:13 +00:00
ip_auth.c fix conflicts 2001-02-04 14:26:56 +00:00
ip_auth.h fix conflicts from rcsids 2000-10-26 12:33:42 +00:00
ip_compat.h fix conflicts 2001-02-04 14:26:56 +00:00
ip_divert.c Mechanical change to use <sys/queue.h> macro API instead of 2001-02-04 13:13:25 +00:00
ip_dummynet.c Sync with the bridge/dummynet/ipfw code already tested in stable. 2001-02-10 00:10:18 +00:00
ip_dummynet.h MFS: bridge/ipfw/dummynet fixes (bridge.c will be committed separately) 2001-02-02 00:18:00 +00:00
ip_ecn.c sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
ip_ecn.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
ip_encap.c Mechanical change to use <sys/queue.h> macro API instead of 2001-02-04 13:13:25 +00:00
ip_encap.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
ip_fil.c While I'm here, get rid of (now useless) MCLISREFERENCED and use MEXT_IS_REF 2000-11-11 23:05:59 +00:00
ip_fil.h fix conflicts 2001-02-04 14:26:56 +00:00
ip_flow.c Back out the previous change to the queue(3) interface. 2000-05-26 02:09:24 +00:00
ip_flow.h Back out the previous change to the queue(3) interface. 2000-05-26 02:09:24 +00:00
ip_frag.c fix conflicts 2001-02-04 14:26:56 +00:00
ip_frag.h fix conflicts 2001-02-04 14:26:56 +00:00
ip_ftp_pxy.c fix conflicts 2001-02-04 14:26:56 +00:00
ip_fw.c The TCP header-specific section suffered a little bit of bitrot recently: 2001-02-27 10:20:44 +00:00
ip_fw.h Introduce a new feature in IPFW: Check of the source or destination 2001-02-13 14:12:37 +00:00
ip_icmp.c Allow ICMP unreachables which map into PRC_UNREACH_ADMIN_PROHIB to 2001-02-23 20:51:46 +00:00
ip_icmp.h
ip_input.c Disable interface checking when IP forwarding is engaged so that packets 2001-03-04 01:39:19 +00:00
ip_log.c resolve conflicts 2000-08-13 04:31:06 +00:00
ip_mroute.c Fix typo: seperate -> separate. 2001-02-06 11:21:58 +00:00
ip_mroute.h
ip_nat.c fix duplicate rcsid 2001-02-04 15:25:15 +00:00
ip_nat.h fix conflicts 2001-02-04 14:26:56 +00:00
ip_output.c Remove conditionals for vax support. 2001-02-26 20:05:32 +00:00
ip_proxy.c fix conflicts 2000-05-24 04:21:35 +00:00
ip_proxy.h fix conflicts 2001-02-04 14:26:56 +00:00
ip_raudio_pxy.c Fix conflicts creted by import. 2000-10-29 07:53:05 +00:00
ip_rcmd_pxy.c fix conflicts 2001-02-04 14:26:56 +00:00
ip_state.c fix conflicts 2001-02-04 14:26:56 +00:00
ip_state.h fix conflicts from rcsids 2000-10-26 12:33:42 +00:00
ip_var.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
ip.h
ipl.h fix conflicts 2001-02-04 14:26:56 +00:00
ipprotosw.h activate pfil_hooks and covert ipfilter to use it 2000-07-31 13:11:42 +00:00
mlfk_ipl.c fix conflicts 2001-02-04 14:26:56 +00:00
raw_ip.c Mechanical change to use <sys/queue.h> macro API instead of 2001-02-04 13:13:25 +00:00
tcp_debug.c sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
tcp_debug.h Sorry in this just befor code freeze commit. 2000-01-29 11:49:07 +00:00
tcp_fsm.h
tcp_input.c Do not delay a new ack if there already is a delayed ack pending on the 2001-02-25 15:17:24 +00:00
tcp_output.c Convert all users of fldoff() to offsetof(). fldoff() is bad 2000-10-27 11:45:49 +00:00
tcp_reass.c Do not delay a new ack if there already is a delayed ack pending on the 2001-02-25 15:17:24 +00:00
tcp_seq.h Use stronger random number generation for TCP_ISSINCR and tcp_iss. 2000-09-29 01:37:19 +00:00
tcp_subr.c Remove in_pcbnotify and use in_pcblookup_hash to find the cb directly. 2001-02-26 21:19:47 +00:00
tcp_timer.c Use more aggressive retransmit timeouts for the initial SYN packet. 2001-02-26 21:33:55 +00:00
tcp_timer.h
tcp_timewait.c Remove in_pcbnotify and use in_pcblookup_hash to find the cb directly. 2001-02-26 21:19:47 +00:00
tcp_usrreq.c o Move per-process jail pointer (p->pr_prison) to inside of the subject 2001-02-21 06:39:57 +00:00
tcp_var.h Remove in_pcbnotify and use in_pcblookup_hash to find the cb directly. 2001-02-26 21:19:47 +00:00
tcp.h o Minor style(9)ism to make consistent with -STABLE 2001-01-09 18:26:17 +00:00
tcpip.h Remove struct full_tcpiphdr{}. 2001-02-26 20:10:16 +00:00
udp_usrreq.c Remove in_pcbnotify and use in_pcblookup_hash to find the cb directly. 2001-02-26 21:19:47 +00:00
udp_var.h remove unused data structure definition, and corresponding macro into*() 2001-02-18 07:10:03 +00:00
udp.h