Commit Graph

1024 Commits

Author SHA1 Message Date
Garrett Wollman
ef53690bb4 Fix potential crash where a user attempts to perform an implied
connect in TCP while sending urgent data.  It is not clear what
purpose is served by doing this, but there's no good reason why it
shouldn't work.

Submitted by:	tjevans@raleigh.ibm.com via wpaul
1997-02-21 16:30:31 +00:00
Garrett Wollman
7e05e70c2c Fix the parameters of a call to in_setsockaddr(). 1997-02-20 18:39:33 +00:00
Darren Reed
f1743588c7 change IP Filter hooks to match new 3.1.8 patches for FreeBSD 1997-02-19 14:02:27 +00:00
Garrett Wollman
117bcae7c4 Convert raw IP from mondo-switch-statement-from-Hell to
pr_usrreqs.  Collapse duplicates with udp_usrreq.c and
tcp_usrreq.c (calling the generic routines in uipc_socket2.c and
in_pcb.c).  Calling sockaddr()_ or peeraddr() on a detached
socket now traps, rather than harmlessly returning an error; this
should never happen.  Allow the raw IP buffer sizes to be
controlled via sysctl.
1997-02-18 20:46:36 +00:00
Garrett Wollman
d0390e0570 Fix the mechanism for choosing wehether to save the slow-start threshold
in the route.  This allows us to remove the unconditional setting of the
pipesize in the route, which should mean that SO_SNDBUF and SO_RCVBUF
should actually work again.  While we're at it:

- Convert udp_usrreq from `mondo switch statement from Hell' to new-style.
- Delete old TCP mondo switch statement from Hell, which had previously
  been diked out.
1997-02-14 18:15:53 +00:00
Garrett Wollman
39191c8eb8 Provide PRC_IFDOWN and PRC_IFUP support for IP. Now, when an interface
is administratively downed, all routes to that interface (including the
interface route itself) which are not static will be deleted.  When
it comes back up, and addresses remaining will have their interface routes
re-added.  This solves the problem where, for example, an Ethernet interface
is downed by traffic continues to flow by way of ARP entries.
1997-02-13 19:46:45 +00:00
Darren Reed
afed1b4988 Add IP Filter hooks (from patches). 1997-02-10 11:45:37 +00:00
Brian Somers
47c861ecc7 Don't zero ip->ip_sum during sum validation. This should only
affect programs that sit on top of divert(4) sockets.  The
multicast routing code already unconditionally zeros the sum
before recalculating.

Any code that unconditionaly sums a packet without first zeroing
the sum (assuming that it's already zero'd) will break.  No such
code seems to exist.
1997-02-06 11:14:22 +00:00
Brian Somers
d81e40431a Reset ip_divert_ignore to zero immediately after use - also,
set it in the first place, independent of whether sin->sin_port
is set.

The result is that diverted packets that are being forwarded
will be diverted once and only once on the way in (ip_input())
and again, once and only once on the way out (ip_output()) -
twice in total.  ICMP packets that don't contain a port will
now also be diverted.
1997-02-02 16:33:12 +00:00
Garrett Wollman
82c39223b9 Count multicast packets received for groups of which we are not
a member separately from generic ``can't forward'' packets.  This
would have helped me find the previous bug much faster.
1997-01-21 21:08:09 +00:00
Garrett Wollman
93e808cd76 Who had the conical hat? Correct a typo, hidden by a bad cast,
which prevented IP multicast reception from happening.
1997-01-21 19:44:46 +00:00
Joerg Wunsch
e4107dcf00 This mega-merge brings Matt Thomas' 960801 FDDI driver (almost) up
to -current.

Thanks goes to Ulrike Nitzsche <ulrike@ifw-dresden.de> for giving me
a chance to test this.  Only the PCI driver is tested though.

One final patch will follow in a separate commit.  This is so that
everything up to here can be dragged into 2.2, if we decide so.

Reviewed by:	joerg
Submitted by:	Matt Thomas <matt@3am-software.com>
1997-01-17 23:54:45 +00:00
Adam David
839cc09e53 implement "not" keyword for inverting the address logic 1997-01-16 21:04:29 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Garrett Wollman
477180fbc8 Use the new if_multiaddrs list for multicast addresses rather than the
previous hackery involving struct in_ifaddr and arpcom.  Get rid of the
abominable multi_kludge.  Update all network interfaces to use the
new machanism.  Distressingly few Ethernet drivers program the multicast
filter properly (assuming the hardware has one, which it usually does).
1997-01-13 21:26:53 +00:00
Garrett Wollman
c41ac00245 Expose more of these structures to tthe user so that netstat
doesn't walk around with its KERNEL exposed.

More commits to follow...
1997-01-03 19:53:35 +00:00
Garrett Wollman
9cb3aff230 Move the ethertypes from <netinet/if_ether.h> to <net/ethernet.h>.
Many programs need the numbers but don't need the internals of ARP.

More commits to follow...
1997-01-03 19:51:54 +00:00
Peter Wemm
c922550c95 Add INADDR_LOOPBACK, moved from <rpc/rpc.h> 1996-12-30 15:34:17 +00:00
Garrett Wollman
ee3c980de5 Some days, it just doesn't pay to get out of bed. Fix another broken
reference to the now-dead-for-real-this-time ia_next field.

Reminded by: Russell Vincent
1996-12-15 22:44:00 +00:00
Garrett Wollman
771f021675 Somehow the removal of ia_next didn't make it in the last time. Hope
it makes it in this time, and remember not to commit changes next time
late on a Friday evening!
1996-12-15 20:46:39 +00:00
Bruce Evans
cbf5d94928 Attempt to complete the fix in the previous revision. This version
fixes the problem reported by max.
1996-12-15 20:38:30 +00:00
John Dyson
97db6f8d69 Missing TAILQ mod. 1996-12-14 17:49:58 +00:00
Garrett Wollman
59562606b9 Convert the interface address and IP interface address structures
to TAILQs.  Fix places which referenced these for no good reason
that I can see (the references remain, but were fixed to compile
again; they are still questionable).
1996-12-13 21:29:07 +00:00
Garrett Wollman
294121822b Use queue macros for the list of interfaces. Next stop: ifaddrs! 1996-12-11 20:38:25 +00:00
Garrett Wollman
4963f4cd96 Include <net/if_arp.h> in the one header that requires it,
<netinet/if_ether.h>, rather than in <net/if.h>, most of whose callers
have no need of it.

Pointed-out-by:	bde
1996-12-11 17:46:33 +00:00
David Greenman
c7a6ccb33e Only pay attention to the offset and the IP_MF flag in ip_off. Pointed
out by Nathaniel D. Daw (daw@panix.com), but fixed differently by me.
1996-12-11 03:26:36 +00:00
Bill Fenner
2f1a0ba831 Allocate a header mbuf for the start of the encapsulated packet.
The rest of the code was treating it as a header mbuf, but it was
allocated as a normal mbuf.

This fixes the panic: ip_output no HDR when you have a multicast
tunnel configured.
1996-11-23 19:07:02 +00:00
Bill Fenner
254de4ea96 Reword two messages:
duplicate ip address 204.162.228.7! sent from ethernet address: 08:00:20:09:7b:1d
changed to
arp: 08:00:20:09:7b:1d is using my IP address 204.162.228.7!

and

arp info overwritten for 204.162.228.2 by 08:00:20:09:7b:1d
changed to
arp: 204.162.228.2 moved from 08:00:20:07:b6:a0 to 08:00:20:09:7b:1d

I think the new wordings are more clear and could save some support
questions.
1996-11-15 18:50:31 +00:00
Bruce Evans
ca5d5e7397 Forward-declare `struct inpcb' so that including this file doesn't cause
lots of warnings.

Should be in 2.2.   Previous version shouldn't have been in 2.2.
1996-11-12 10:02:09 +00:00
Bill Fenner
82c23eba89 Add the IP_RECVIF socket option, which supplies a packet's incoming interface
using a sockaddr_dl.

Fix the other packet-information socket options (SO_TIMESTAMP, IP_RECVDSTADDR)
to work for multicast UDP and raw sockets as well.  (They previously only
worked for unicast UDP).
1996-11-11 04:56:32 +00:00
Bill Fenner
39172c9401 Re-enable the TCP SYN-attack protection code. I was the one who didn't
understand the socket state flag.

2.2 candidate.
1996-11-10 07:37:24 +00:00
Peter Wemm
37bd2b301c Fix braino on my part. When we have three different port ranges (default,
"high" and "secure"), we can't use a single variable to track the most
recently used port in all three ranges.. :-]  This caused the next
transient port to be allocated from the start of the range more often than
it should.
1996-10-30 06:13:10 +00:00
Bill Fenner
430d30d837 Don't allow reassembly to create packets bigger than IP_MAXPACKET, and count
attempts to do so.
Don't allow users to source packets bigger than IP_MAXPACKET.
Make UDP length and ipovly's protocol length unsigned short.

Reviewed by:	wollman
Submitted by:	(partly by) kml@nas.nasa.gov (Kevin Lahey)
1996-10-25 17:57:53 +00:00
Garrett Wollman
64682bc28a Give ip_len and ip_off more natural, unsigned types. 1996-10-23 18:35:50 +00:00
Søren Schmidt
6713d4a747 Changed args to the nat functions. 1996-10-22 22:26:02 +00:00
Alexander Langer
af44ef0a2f Reword two comments. 1996-10-19 20:23:12 +00:00
Bruce Evans
5e26bd9a05 Forward-declared `struct route' for the KERNEL case so that <net/route.h>
isn't a prerequisite.

Fixed style of ifdefs.
1996-10-15 16:54:47 +00:00
Bruce Evans
4458ac71b1 Removed nested include if <sys/socket.h> from <net/if.h> and
<net/if_arp.h> and fixed the things that depended on it.  The nested
include just allowed unportable programs to compile and made my
simple #include checking program report that networking code doesn't
need to include <sys/socket.h>.
1996-10-12 19:49:43 +00:00
Alexander Langer
bfcffdaf03 Log the interface name which received the packet.
Suggested by:	Hal Snyder <hsndyer@thoughtport.com>
1996-10-12 19:38:50 +00:00
Paul Traina
a51764a8bf Fix two bugs I accidently put into the syn code at the last minute
(yes I had tested the hell out of this).

I've also temporarily disabled the code so that it behaves as it previously
did (tail drop's the syns) pending discussion with fenner about some socket
state flags that I don't fully understand.

Submitted by:	fenner
1996-10-11 19:26:42 +00:00
Garrett Wollman
5893891624 All three files: make COMPAT_IPFW==0 case work again.
ip_input.c:
	- delete some dusty code
	- _IP_VHL
	- use fast inline header checksum when possible
1996-10-07 19:21:46 +00:00
David Greenman
6d6a026b47 Improved in_pcblookuphash() to support wildcarding, and changed relavent
callers of it to take advantage of this. This reduces new connection
request overhead in the face of a large number of PCBs in the system.
Thanks to David Filo <filo@yahoo.com> for suggesting this and providing
a sample implementation (which wasn't used, but showed that it could be
done).

Reviewed by:	wollman
1996-10-07 19:06:12 +00:00
Paul Traina
ebb0cbea75 Increase robustness of FreeBSD against high-rate connection attempt
denial of service attacks.

Reviewed by:	bde,wollman,olah
Inspired by:	vjs@sgi.com
1996-10-07 04:32:42 +00:00
Paul Traina
12eafeb016 I don't understand, I committed this fix (move a counter and fixed a typo)
this evening.

I think I'm going insane.
1996-09-21 06:39:20 +00:00
Andrey A. Chernov
96d719e6e0 Syntax error: so_incom -> so_incomp 1996-09-21 06:30:06 +00:00
Paul Traina
4195b4af58 If the incomplete listen queue for a given socket is full,
drop the oldest entry in the queue.

There was a fair bit of discussion as to whether or not the
proper action is to drop a random entry in the queue.  It's
my conclusion that a random drop is better than a head drop,
however profiling this section of code (done by John Capo)
shows that a head-drop results in a significant performance
increase.

There are scenarios where a random drop is more appropriate.
If I find one in reality, I'll add the random drop code under
a conditional.

Obtained from: discussions and code done by Vernon Schryver (vjs@sgi.com).
1996-09-20 21:25:18 +00:00
Paul Traina
9c4b2574d4 Handle ICMP codes defined in RFC1812 more appropriately 1996-09-20 08:23:54 +00:00
Paul Traina
561c2ad31c Move TCPCTL_KEEPINIT to end of MIB list (sigh) 1996-09-13 23:54:03 +00:00
Paul Traina
7b40aa327d Make the misnamed tcp initial keepalive timer value (which is really the
time, in seconds, that state for non-established TCP sessions stays about)
a sysctl modifyable variable.

[part 1 of two commits, I just realized I can't play with the indices as
 I was typing this commit message.]
1996-09-13 23:51:44 +00:00
Paul Traina
7ff19458de Receipt of two SYN's are sufficient to set the t_timer[TCPT_KEEP]
to "keepidle".  this should not occur unless the connection has
been established via the 3-way handshake which requires an ACK

Submitted by:	jmb
Obtained from:	problem discussed in Stevens vol. 3
1996-09-13 18:47:03 +00:00
Garrett Wollman
f87313106d Set subnetsarelocal to false. In a classless world, the other case
is almost never useful.  (This is only a quick hack; someone should
go back and delete the entire subnetsarelocal==1 code path.)
1996-09-09 20:17:24 +00:00
David Greenman
e7c819442a Dequeue mbuf before freeing it. Fixes mbuf leak and a potential crash when
handling IP fragments.

Submitted by:	Darren Reed <avalon@coombs.anu.edu.au>
1996-09-08 13:45:49 +00:00
Alexander Langer
80afcdeef5 Fix the visibility of the sysctl variables.
Submitted by:	phk
1996-08-31 21:05:20 +00:00
Søren Schmidt
8f52c18724 Oops, send the operation type, not the name to the NAT code... 1996-08-27 20:52:27 +00:00
Poul-Henning Kamp
321a284625 Mark sockets where the kernel chose the port# for.
This can be used by netstat to behave more intelligently.
1996-08-23 18:59:07 +00:00
Søren Schmidt
fed1c7e9e4 Add hooks for an IP NAT module, much like the firewall stuff...
Move the sockopt definitions for the firewall code from
ip_fw.h to in.h where it belongs.
1996-08-21 21:37:07 +00:00
Bill Fenner
e329301e65 Add #define's for RFC1716/RFC1812 new ICMP UNREACHABLE types.
Obtained from:	LBL's tcpdump distribution
1996-08-20 23:11:30 +00:00
Paul Traina
cc98643e68 Completely rewrite handling of protocol field for firewalls, things are
now completely consistent across all IP protocols and should be quite a
bit faster.

Discussed with: fenner & alex
1996-08-13 19:43:41 +00:00
Peter Wemm
bbd42ad0e5 Add two more portrange sysctls, which control the area of the below
IPPORT_RESERVED that is used for selection when bind() is told to allocate
a reserved port.

Also, implement simple sanity checking for all the addresses set, to make
it a little harder for a user/sysadmin to shoot themselves in the feet.
1996-08-12 14:05:54 +00:00
Poul-Henning Kamp
26a8b0bf7e Megacommit to straigthen out ETHER_ mess.
I'm pretty convinced after looking at this that the majority of our
drivers are confused about the in/exclusion of ETHER_CRC_LEN :-(
1996-08-06 21:14:36 +00:00
Alexander Langer
71c011477f Filter by IP protocol.
Submitted by: fenner (with modifications by me)

Use a common prefix string for all warning messages generated during
ip_fw_ctl.
1996-08-05 02:35:04 +00:00
Garrett Wollman
5e2d069649 Eliminate some more references to separate ip_v and ip_hl fields. 1996-07-24 18:46:19 +00:00
Alexander Langer
c616bf2a71 Removed extraneous return. 1996-07-20 00:16:20 +00:00
Alexander Langer
889fe95791 Switch back to logging accepted packets with the text "Allow" instead
of "Accept"
1996-07-14 21:12:52 +00:00
David Greenman
af7a299930 Fixed two bugs in previous commit: be sure to include tcp_debug.h when
TCPDEBUG is defined, and fix typo in TCPDEBUG2() macro.
1996-07-12 17:28:47 +00:00
Bill Fenner
32bd8943f8 Fix braino in rev 1.30 fix; m_copy() the mbuf that has the header
pulled up already.  This bug can cause the first packet from a source
to a group to be corrupted when it is delivered to a process listening
on the mrouter.
1996-07-12 17:22:32 +00:00
Bruce Evans
6ab46d52a5 Don't use NULL in non-pointer contexts. 1996-07-12 04:12:25 +00:00
Garrett Wollman
2c37256e5a Modify the kernel to use the new pr_usrreqs interface rather than the old
pr_usrreq mechanism which was poorly designed and error-prone.  This
commit renames pr_usrreq to pr_ousrreq so that old code which depended on it
would break in an obvious manner.  This commit also implements the new
interface for TCP, although the old function is left as an example
(#ifdef'ed out).  This commit ALSO fixes a longstanding bug in the
TCP timer processing (introduced by davidg on 1995/04/12) which caused
timer processing on a TCB to always stop after a single timer had
expired (because it misinterpreted the return value from tcp_usrreq()
to indicate that the TCB had been deleted).  Finally, some code
related to polling has been deleted from if.c because it is not
relevant t -current and doesn't look at all like my current code.
1996-07-11 16:32:50 +00:00
Julian Elischer
93e0e11657 Adding changes to ipfw and the kernel to support ip packet diversion..
This stuff should not be too destructive if the IPDIVERT is not compiled in..
 be aware that this changes the size of the ip_fw struct
so ipfw needs to be recompiled to use it.. more changes coming to clean this up.
1996-07-10 19:44:30 +00:00
Nate Williams
bce2d3379e Functionality for IPFIREWALL_VERBOSE logging:
- State when we've reached the limit on a particular rule in the kernel logfile
- State when a rule or all rules have been zero'd.

This gives a log of all actions that occur w/regard to the firewall
occurances, and can explain why a particular break-in attempt might not
get logged due to the limit being reached.

Reviewed by:	alex
1996-07-09 20:49:38 +00:00
Alexander Langer
32fb6c089b Reject rules which try to mix ports with incompatible protocols. 1996-06-29 03:33:20 +00:00
Alexander Langer
830b0d3039 Allow fragment checking to work with specific protocols.
Reviewed by:	phk

Reject the addition of rules that will never match (for example,
1.2.3.4:255.255.255.0).  User level utilities specify the policy by either
masking the IP address for the user (as ipfw(8) does) or rejecting the
entry with an error.  In either case, the kernel should not modify chain
entries to make them work.
1996-06-25 00:22:20 +00:00
Bruce Evans
7472e2e0f8 Use IPFIREWALL_MODULE instead of ACTUALLY_LKM_NOT_KERNEL to indicate
LKM'ness.  ACTUALLY_LKM_NOT_KERNEL is supposed to be so ugly that it
only gets used until <machine/conf.h> goes away.  bsd.kmod.mk should
define a better-named general macro for this.  Some places use
PSEUDO_LKM.  This is another bad name.

Makefile:
Added IPFIREWALL_VERBOSE_LIMIT option (commented out).
1996-06-23 14:28:02 +00:00
Peter Wemm
51a109a174 Set the rmx.rmx_expire to 0 when creating fake ethernet addresses for the
broadcast and multicast routes, otherwise they will be expired by
arptimeout after a few minutes, reverting to " (incomplete)". This makes
the work done by rev 1.27 stay around until the route itself is deleted.
This is mainly cosmetic for 'arp' and 'netstat -r'.
1996-06-21 21:45:58 +00:00
Bill Fenner
94334d8fc4 Use the route that's guaranteed to exist when picking a source address
for ARP requests.

The NetBSD version of this patch (see NetBSD PR kern/2381) has this change
already.  This should close our PR kern/1140 .

Although it's not quite what he submitted, I got the idea from him so
Submitted by:	Jin Guojun <jin@george.lbl.gov>
1996-06-20 22:53:08 +00:00
Bill Fenner
d7e74838d6 Remove one last rip_output from inetsw (gpalmer missed it in rev 1.30) 1996-06-20 17:52:32 +00:00
Nate Williams
17040b78cd Put the 'debug' messages of the type:
/kernel: in_rtqtimo: adjusted rtq_reallyold to 1066
  /kernel: in_rtqtimo: adjusted rtq_reallyold to 710
inside of #ifdef DIAGNOSTIC to avoid the support questions from folks
asking what this means.
1996-06-20 15:41:23 +00:00
Alexander Langer
6875d5c1b3 Fix chain numbering bug when the highest line number installed >= 65435
and the rule being added has no explicit line number set.

Submitted by:	Archie Cobbs <archie@whistle.com>
1996-06-17 00:00:35 +00:00
Garrett Wollman
51fb392203 Better selection of initial retransmit timeout when no cached
RTT information is available.

Submitted by: kbracey@art.acorn.co.uk (Kevin Bracey)
(slightly modified by me)
1996-06-14 17:17:32 +00:00
Gary Palmer
5d2541dab0 Don't try to include opt_ipfw.h in LKMs
Submitted by:	Ollivier Robert <roberto@keltia.freenix.fr>
1996-06-13 17:35:28 +00:00
David Greenman
34bed8b0ee Keep ether_type in network order for BPF to be consistent with other
systems.

Submitted by:	Ted Lemon, Matt Thomas, and others. Retrofitted for
		-current by me.
1996-06-13 02:54:19 +00:00
Gary Palmer
74a9466cc2 Convert ipfw to use opt_ipfw.h 1996-06-12 19:34:33 +00:00
Gary Palmer
c23670e294 Clean up -Wunused warnings.
Reviewed by:		bde
1996-06-12 05:11:41 +00:00
Alexander Langer
7a99108603 Big sweep over ipfw, picking up where Poul left off:
- Log ICMP type during verbose output.
  - Added IPFIREWALL_VERBOSE_LIMIT option to prevent denial of service
    attacks via syslog flooding.
  - Filter based on ICMP type.
  - Timestamp chain entries when they are matched.
  - Interfaces can now be matched with a wildcard specification (i.e.
    will match any interface unit for a given name).
  - Prevent the firewall chain from being manipulated when securelevel
    is greater than 2.
  - Fixed bug that allowed the default policy to be deleted.
  - Ability to zero individual accounting entries.
  - Remove definitions of old_chk_ptr and old_ctl_ptr when compiling
    ipfw as a lkm.
  - Remove some redundant code shared between ip_fw_init and ipfw_load.

Closes PRs: 1192, 1219, and 1267.
1996-06-09 23:46:21 +00:00
Bruce Evans
0453d3cbb3 Changed some memcpy()'s back to bcopy()'s.
gcc only inlines memcpy()'s whose count is constant and didn't inline
these.  I want memcpy() in the kernel go away so that it's obvious that
it doesn't need to be optimized.  Now it is only used for one struct
copy in si.c.
1996-06-08 08:19:03 +00:00
Garrett Wollman
c611d82e64 Instrument UDP PCB hashing to see how often the hash lookup is effective
for incoming packets.
1996-06-05 17:20:35 +00:00
Garrett Wollman
6da5712b60 Correct formula for TCP RTO calculation. Also try to do a better job in
filling in a new PCB's rttvar (but this is not the last word on the subject).
And get rid of `#ifdef RTV_RTT', it's been true for four years now...
1996-06-05 16:57:38 +00:00
John Polstra
588c92252f Fix a bug in the handling of the "persist" state which, under certain
circumstances, caused perfectly good connections to be dropped.  This
happened for connections over a LAN, where the retransmit timer
calculation TCP_REXMTVAL(tp) returned 0.  If sending was blocked by flow
control for long enough, the old code dropped the connection, even
though timely replies were being received for all window probes.

Reviewed by:	W. Richard Stevens <rstevens@noao.edu>
1996-06-03 15:37:52 +00:00
Gary Palmer
b750974745 Correct spelling error in comment 1996-06-02 00:15:19 +00:00
Peter Wemm
62d2e87ec1 More closely preserve the original operation of rresvport() when using
IP_PORTRANGE_LOW.
1996-05-31 05:11:22 +00:00
Garrett Wollman
f9493383fc Conditionalize calls to IPFW code on COMPAT_IPFW. This is done slightly
unconventionally:
	If COMPAT_IPFW is not defined, or if it is defined to 1, enable;
otherwise, disable.

This means that these changes actually have no effect on anyone at the
moment.  (It just makes it easier for me to keep my code in sync.)
In the future, the `not defined' part of the hack should be eliminated,
but doing this now would require everyone to change their config files.

The same conditionals need to be made in ip_input.c as well for this to
ave any useful effect, but I'm not ready to do that right now.
1996-05-22 17:23:09 +00:00
Peter Wemm
ce8c72b147 Fix an embarresing error on my part that made the IP_PORTRANGE options
return a failure code (even though it worked).
This commit brought to you by the 'C' keyword "break".. :-)
1996-05-21 20:47:31 +00:00
Garrett Wollman
82dab6ce62 Make it possible to return more than one piece of control information
(PR #1178).
Define a new SO_TIMESTAMP socket option for datagram sockets to return
packet-arrival timestamps  as control information (PR #1179).

Submitted by:	Louis Mamakos <loiue@TransSys.com>
1996-05-09 20:15:26 +00:00
Gary Palmer
b1e8a2c542 Remove useless entries from the inetsw structure initiliser which
only produced compile-time warnings.

Reviewed/Tested by: Bill Fenner <fenner@parc.xerox.com>
1996-05-08 04:34:03 +00:00
Gary Palmer
6ddbf1e299 Clean up various compiler warnings. Most (if not all) were benign
Reviewed by:	bde
1996-05-08 04:29:08 +00:00
Poul-Henning Kamp
83606d2247 Several locations in sys/netinet/ip_fw.c are lacking or incorrectly
use spl() functions.

Reviewed by:	phk
Submitted by:	Alex Nash <alex@zen.nash.org>
1996-05-06 20:31:04 +00:00
Garrett Wollman
9f9b3dc4ae Add three new route flags to help determine what sort of address
the destination represents.  For IP:

- Iff it is a host route, RTF_LOCAL and RTF_BROADCAST indicate local
  (belongs to this host) and broadcast addresses, respectively.

- For all routes, RTF_MULTICAST is set if the destination is multicast.

The RTF_BROADCAST flag is used by ip_output() to eliminate a call to
in_broadcast() in a common case; this gives about 1% in our packet-generation
experiments.  All three flags might be used (although they aren't now)
to determine whether a packet can be forwarded; a given host route can
represent a forwardable address if:

	(rt->rt_flags & (RTF_HOST | RTF_LOCAL | RTF_BROADCAST | RTF_MULTICAST))
	== RTF_HOST

Obviously, one still has to do all the work if a host route is not present,
but this code allows one to cache the results of such a lookup if rtalloc1()
is called without masking RTF_PRCLONING.
1996-05-06 17:42:13 +00:00
Bill Fenner
df5c0b8a7a Back out my stupid braino; I was thinking strlen and not sizeof. 1996-05-02 05:54:14 +00:00
Bill Fenner
af00f8007c Size temp var correctly; buf[4*sizeof "123"] is not long enough
to store "192.252.119.189\0".
1996-05-02 05:31:13 +00:00
Andrey A. Chernov
75cfc95fe2 inet_ntoa buffer was evaluated twice in log_in_vain, fix it.
Thanx to: jdp
1996-04-27 18:19:12 +00:00
Garrett Wollman
a2352fc148 Delete #ifdef notdef blocks containing old method of srtt calculation.
Requested by: davidg
1996-04-26 18:32:58 +00:00
Garrett Wollman
93902408b8 Delete #if 0 block containing remnants of pre-MTU discovery rmx_mtu
initialization.
1996-04-26 18:31:41 +00:00
Garrett Wollman
7c1c2d7ebd Delete #if 0 block containing unused definitions for ARPANET/DDN IMP
and HYPERchannel link layers.
1996-04-26 18:30:52 +00:00
Bruce Evans
e2184122c5 Fixed in-line IP header checksumming. It was performed on the wrong header
in one case.
1996-04-21 13:47:43 +00:00
Garrett Wollman
9c9137ea6c Three speed-ups in the output path (two small, one substantial):
1) Require all callers to pass a valid route pointer to ip_output()
   so that we don't have to check and allocate one off the stack
   as was done before.  This eliminates one test and some stack
    bloat from the common (UDP and TCP) case.

2) Perform the IP header checksum in-line if it's of the usual length.
    This results in about a 5% speed-up in my packet-generation test.

3) Use ip_vhl field rather than ip_v and ip_hl bitfields.
1996-04-18 15:49:06 +00:00
Garrett Wollman
61e5033f0a Define a few macros useful in the _IP_VHL case. 1996-04-18 15:42:50 +00:00
Garrett Wollman
dbe4b3f026 Fix a warning by not referencing ip_output() as a pr_output() member. 1996-04-18 15:41:51 +00:00
Garrett Wollman
2eba88186e Always call ip_output() with a valid route pointer. For igmp, also get the
multicast option structure off the stack rather than malloc.
1996-04-18 15:41:11 +00:00
David Greenman
2d8266af5c Two fixes from Rich Stevens:
1) Set the persist timer to help time-out connections in the CLOSING state.
2) Honor the keep-alive timer in the CLOSING state.

   This fixes problems with connections getting "stuck" due to incompletion
of the final connection shutdown which can be a BIG problem on busy WWW
servers.
1996-04-15 03:46:33 +00:00
Bruce Evans
c5294719c3 Eliminated sloppy common-style declarations. Now there are no duplicated
common labels for LINT.  There are still some common declarations for the
!KERNEL case in tcp_debug.h and spx_debug.h.  trpt depends on the ones in
tcp_debug.h.
1996-04-13 12:45:57 +00:00
Poul-Henning Kamp
539e53bad3 Fix a bogon I introduced with my last change.
Submitted by:	Andreas Klemm <andreas@knobel.gun.de>
1996-04-12 09:24:22 +00:00
Paul Traina
d78a37ad5a Logging UDP and TCP connection attempts should not be enabled by default.
It's trivial to create a denial of service attack on a box so enabled.

These messages, if enabled at all, must be rate-limited. (!)
1996-04-09 07:01:53 +00:00
David Greenman
c655b7c4f4 Added proper splnet protection while modifying the interface address list.
This fixes a panic that occurs when ifconfig ioctl(s) were interrupted
by IP traffic at the wrong time - resulting in a NULL pointer dereference.
This was originally noticed on a FreeBSD 1.0 system, but the problem still
exists in current sources.
1996-04-07 06:59:52 +00:00
Poul-Henning Kamp
34be9bf3ce Add a sysctl (net.inet.tcp.always_keepalive: 0) that when set will force
keepalive on all tcp sessions.  Setsockopt(2) cannot override this setting.
Maybe another one is needed that just changes the default for SO_KEEPALIVE ?
Requested by: Joe Greco <jgreco@brasil.moneng.mei.com>
1996-04-04 11:17:04 +00:00
Poul-Henning Kamp
816a3d836e Log TCP syn packets for ports we don't listen on.
Controlled by: sysctl net.inet.tcp.log_in_vain: 1

Log UDP syn packets for ports we don't listen on.
Controlled by: sysctl net.inet.udp.log_in_vain: 1

Suggested by:	Warren Toomey <wkt@cs.adfa.oz.au>
1996-04-04 10:46:44 +00:00
Garrett Wollman
d3d20ad196 Always pass a route structure when calling ip_output(). 1996-04-03 18:52:22 +00:00
Poul-Henning Kamp
23bf99538c Add feature for tcp "established".
Change interface between netinet and ip_fw to be more general, and thus
hopefully also support other ip filtering implementations.
1996-04-03 13:52:20 +00:00
Poul-Henning Kamp
7e6f7714ce Fix two cases where ia->ia_ifp could be NULL. 1996-04-02 12:26:10 +00:00
Garrett Wollman
ebcae94e4f In tcp_respond(), check that ro->ro_rt is non-null before RTFREEing
it.
1996-03-27 18:23:16 +00:00
Bill Fenner
e62b8c4939 Make rip_input() take the header length
Move ipip_input() and rsvp_input() prototypes to ip_var.h
Remove unused prototype for rip_ip_input() from ip_var.h
Remove unused variable *opts from rip_output()
1996-03-26 19:16:46 +00:00
Bill Fenner
fbc6ab006d Add missing splx(s) in IP_MULTICAST_IF
Submitted by:	Jim Binkley <jrb@cs.pdx.edu>
1996-03-26 18:56:51 +00:00
Garrett Wollman
9e2874b067 Slight modification of RTO floor calculation. 1996-03-25 20:13:21 +00:00
Poul-Henning Kamp
6ed666afb9 Check the validity of ia->ia_ifp before we dereference it. 1996-03-25 17:41:23 +00:00
Bill Fenner
203f0c075f Send ARP's for aliased subnets with the proper source address.
Get rid of ac->ac_ipaddr and arpwhohas() since they assume that
an interface has only one address.

Obtained from:	BSD/OS 2.1, via Rich Stevens <rstevens@noao.edu>
1996-03-23 01:32:30 +00:00
Garrett Wollman
9512fd2ec6 Make sure tcp_respond() always calls ip_output() with a valid
route pointer.  This has no effect in the current ip_output(),
but my version requires that ip_output() always be passed a route.
1996-03-22 18:11:25 +00:00
Garrett Wollman
233e8c18e8 A number of performance-reducing flaws fixed based on comments
from Larry Peterson &co. at Arizona:

- Header prediction for ACKs did not exclude Fast Retransmit/Recovery.
- srtt calculation tended to get ``stuck'' and could never decrease
  when below 8.  It still can't, but the scaling factors are adjusted
  so that this artifact does not cause as bad an effect on the RTO
  value as it used to.

The paper also points out the incr/8 error that has been long since fixed,
and the problems with ACKing frequency resulting from the use of options
which I suspect to be fixed already as well (as part of the T/TCP work).

Obtained from:	Brakmo & Peterson, ``Performance Problems in BSD4.4 TCP''
1996-03-22 18:09:21 +00:00
Bill Fenner
ac0aa47369 Allow SIOCGIFBRDADDR and SIOCGIFNETMASK to return information about
aliases, if the alias address was passed in the struct ifreq.
Default to first address on the list, for backwards compatibility.
1996-03-15 17:08:07 +00:00
Bill Fenner
49fa849bc8 IGMPv2 routines rewritten, to be more compact and to fully comply
with the IGMPv2 Internet Draft (including Router Alert IP option)
1996-03-14 16:59:20 +00:00
Paul Traina
072b9b24e3 Fix ip option processing for raw IP sockets. This whole thing is a compromise
between ignoring options specified in the setsockopt call if IP_HDRINCL is set
(the UCB choice when VJ's code was brought in) vs allowing them (what everyone
else did, and what is assumed by programs everywhere...sigh).

Also perform some checking of the passed down packet to avoid running off
the end of a mbuf chain.

Reviewed by:	fenner
1996-03-13 08:02:45 +00:00
Bill Fenner
a5a2f8adf3 Cleaned up uninitialized 'rt' warning properly
Make a copy of the header of a packet that gets queued due to
 lack of forwarding cache entry, so that nobody else can step
 on it.  Thanks to Mike Karels <karels@bsdi.com> for pointing
 this one out.
1996-03-11 17:11:23 +00:00
David Greenman
2ee45d7d28 Move or add #include <queue.h> in preparation for upcoming struct socket
changes.
1996-03-11 15:13:58 +00:00
Peter Wemm
4bd4912865 Add more options into the conf/options and i386/conf/options.i386 files
and the #include hooks so that 'make depend' is more useful.  This
covers most of the options I regularly use (but not all) and some other
easy ones.
1996-03-02 18:24:13 +00:00
Poul-Henning Kamp
827bc33af4 Forgot to remove this file. 1996-02-28 13:30:14 +00:00
Bruce Evans
3420f4ab37 Spell tcp_listendrop consistently so that tcp_input.c and netstat compile. 1996-02-27 15:12:53 +00:00
Guido van Rooij
1347f5b8e5 Add a counter for the number of times the listen queue was overflowed to
the tcpstat structure. (netstat -s)
Reviewed by:	wollman
Obtained from: Steves, TCP/IP Ill. vol.3, page 189
1996-02-26 21:47:13 +00:00
Poul-Henning Kamp
ae2a1587f0 Fix wrong logic, certain rules never matched. 1996-02-26 15:28:15 +00:00
Poul-Henning Kamp
09bb5f7589 Make getsockopt() capable of handling more than one mbuf worth of data.
Use this to read rules out of ipfw.
Add the lkm code to ipfw.c
1996-02-24 13:38:28 +00:00
Poul-Henning Kamp
b83e431483 The new firewall functionality:
Filter on the direction (in/out).
	Filter on fragment/not fragment.
1996-02-24 00:17:35 +00:00
Poul-Henning Kamp
a2ebc3ee0f I overlooked this one. 1996-02-23 20:11:37 +00:00
Poul-Henning Kamp
e7319bab6b Big sweep over the IPFIREWALL and IPACCT code.
Close the ip-fragment hole.
Waste less memory.
Rewrite to contemporary more readable style.
Kill separate IPACCT facility, use "accept" rules in IPFIREWALL.
Filter incoming >and< outgoing packets.
Replace "policy" by sticky "deny all" rule.
Rules have numbers used for ordering and deletion.
Remove "rerorder" code entirely.
Count packet & bytecount matches for rules.

Code in -current & -stable is now the same.
1996-02-23 15:47:58 +00:00
Peter Wemm
33b3ac0633 Make the default behavior of local port assignment match traditional
systems (my last change did not mix well with some firewall
configurations).  As much as I dislike firewalls, this is one thing I
I was not prepared to break by default.. :-)

Allow the user to nominate one of three ranges of port numbers as
candidates for selecting a local address to replace a zero port number.
The ranges are selected via a setsockopt(s, IPPROTO_IP, IP_PORTRANGE, &arg)
call.  The three ranges are: default, high (to bypass firewalls) and
low (to get a port below 1024).

The default and high port ranges are sysctl settable under sysctl
net.inet.ip.portrange.*

This code also fixes a potential deadlock if the system accidently ran out
of local port addresses. It'd drop into an infinite while loop.

The secure port selection (for root) should reduce overheads and increase
reliability of rlogin/rlogind/rsh/rshd if they are modified to take
advantage of it.

Partly suggested by: pst
Reviewed by: wollman
1996-02-22 21:32:23 +00:00
David Greenman
f9d5a964af Fixed bug in Path MTU Discovery that caused the system to have to re-
discover the Path MTU for each connection if the connecting host didn't
offer an initial MSS.

Submitted by:	davidg & olah
1996-02-22 11:46:39 +00:00
Bill Fenner
7d1ba41375 Make the "arpresolve: can't allocate llinfo" error message
more useful by printing out the IP address it was trying to
resolve, since we're seeing so many complaints about this
error.
1996-02-20 17:54:17 +00:00
Garrett Wollman
4de31ee58e #if out unsupported IMP code. 1996-02-08 15:43:35 +00:00
Garrett Wollman
c67b1d17da Provide a direct entry point for IP input. This actually results
in a slight decrease in performance, but will lead to better
performance later.
1996-02-05 20:36:02 +00:00
Garrett Wollman
cbb0b46ab7 Fill in the corresponding ether address of multicast and broadcast
pseudo-``ARP entries'' so arp(8) doesn't show them as `unresolved'.
1996-02-05 18:04:30 +00:00
Poul-Henning Kamp
821c204e91 Make the sorting of IPFW rules an option. You don't want it to sort them.
>>>WARNING<<<  you may have to revisit your firewall setup.
1996-02-03 11:48:12 +00:00
Andras Olah
07e43e10f8 Fix a bug related to the interworking of T/TCP and window scaling:
when a connection enters the ESTBLS state using T/TCP, then window
scaling wasn't properly handled.  The fix is twofold.

1) When the 3WHS completes, make sure that we update our window
scaling state variables.

2) When setting the `virtual advertized window', then make sure
that we do not try to offer a window that is larger than the maximum
window without scaling (TCP_MAXWIN).

Reviewed by:	davidg
Reported by:	Jerry Chen <chen@Ipsilon.COM>
1996-01-31 08:22:24 +00:00
Mike Pritchard
6c5e9bbdf5 Fix a bunch of spelling errors in the comment fields of
a bunch of system include files.
1996-01-30 23:02:38 +00:00
Poul-Henning Kamp
18b7be4064 The last part of the ether_sprint -> %6D change.
Sorry for the delay.
(%D is for hexdumping.)
1996-01-26 09:29:29 +00:00
Poul-Henning Kamp
1ce9bf88c3 Use new printf features rather than local kludges. 1996-01-24 21:12:23 +00:00
Bill Fenner
4dde4205e1 First piece of fixing ppp/proxy arp problem:
If an attempt to add a route fails because an "ARP table" entry is in
the way, remove the ARP entry and retry the add.

Reviewed by:	nate
1996-01-23 05:15:30 +00:00
Peter Wemm
34da58488d remove tcp_lastport - it has not been used for quite a while (at least
since the hashed pcb's I think).
1996-01-19 08:02:34 +00:00
Peter Wemm
101f9fc846 Change the default local address range for IP from 1024 through 5000
to 20000 through 30000.  These numbers are used for local IP port numbers
when an explicit address is not specified.

The values are sysctl modifiable under: net.inet.ip.port_{first|last}_auto

These numbers do not overlap with any known server addresses, without going
above 32768 which are "negative" on some other implementations.

20000 through 30000 is 2.5 times larger than the old range, but some have
suggested even that may not be enough... (gasp!)  Setting a low address
of 10000 should be plenty.. :-)
1996-01-19 08:00:58 +00:00
Bill Fenner
4840541232 Add definitions for ICMP router discovery.
Reviewed by:	wollman
1996-01-19 01:19:08 +00:00
Andras Olah
81165e4880 Be more conservative when T/TCP extensions are disabled. In particular,
do not send data and/or FIN on SYN segments in this case.
1996-01-17 09:35:23 +00:00
David Greenman
ce00153c1f Fix logic bug (!= should be ==) in recent P2P/multicast kludge.
Reviewed by:	Bill Fenner <fenner@parc.xerox.com>
Submitted by:	Dave Marquardt <marquard@austin.ibm.com>
1996-01-09 08:26:07 +00:00
Guido van Rooij
8dd27fd68b Fix a bug where having a process listening to both a INADDR_ANY and a
local address, that was assigned with ifconfig alias and netmask
0xffffffff, would receive duplictae udp packets.
This behaviour can easily be seen by having named run, and using the alias
address as the name server.
This solution is not the pretiest one, but after talk with Garreth, it
is seen as the most easy one.
1996-01-08 20:59:06 +00:00
Garrett Wollman
d4fb926c62 Finally demolished the last, tottering remnants of GATEWAY. If you want
to enable IP forwarding, use sysctl(8).  Also did the same for IPX,
which involved inventing a completely new MIB from whole cloth (which
I may not quite have correct); be aware of this if you use IPX forwarding.
(The two should never have been controlled by the same option anyway.)
1996-01-05 20:47:05 +00:00
Andras Olah
74b48c1de1 Reverse the modification which caused the annoying m_copydata crash: set
the TF_ACKNOW flag when the REXMT timer goes off to force a
retransmission.  In certain situations pulling snd_nxt back to snd_una
is not sufficient.
1996-01-04 21:34:21 +00:00
Garrett Wollman
33d06b436b Try to make multicast routing work correctly over point-to-point
links (which was broken previously by the support for half-routers).

Submitted by:	Bill Fenner <fenner@parc.xerox.com>
1996-01-03 20:24:33 +00:00
David Greenman
858c045f77 Remove some bogus externs. 1995-12-29 01:12:02 +00:00
Garrett Wollman
1814a725c2 If _IP_VHL is defined, declare a single ip_vhl member in struct ip rather
than separate ip_v and ip_hl members.  Should have no effect on current code,
but I'd eventually like to get rid of those obnoxious bitfields completely.
1995-12-21 21:20:27 +00:00
Garrett Wollman
3dbdcb2c95 Delete old-style-broadcast-address compatibility cruft in IP input path.
If users want to use the old-style broadcast addresses, they will have to
currectly configure their systems.
1995-12-21 21:12:22 +00:00
Garrett Wollman
602d513c5a in_proto.c: spell ``Internet'' right and put whitespace after commas.
others: start to populate the link-layer branch of the net mib, by
moving ARP to its proper place.  (ARP is not a protocol family, it's an
interface layer between a medium-access layer and a protocol family.)
sysctl(8) needs to be taught about the structure of this branch, unless
Poul-Henning implements dynamic MIB exploration soon.
1995-12-20 21:53:53 +00:00
Garrett Wollman
b97d15cbb7 Demolish DIRECTED_BROADCAST. It was always a bad idea, and nobody uses it. 1995-12-20 18:04:19 +00:00
Garrett Wollman
bda4c85ae6 Fix a nagging divide-by-zero error resulting from the MTU discovery code
getting triggered at a bad time.
1995-12-20 17:42:28 +00:00
Garrett Wollman
994fdef98a Added a comment about why trying to make a one-behind cache for
the route in ip_output() is a bad idea.
1995-12-19 21:24:19 +00:00
Garrett Wollman
ce29ab3ac6 Actually call in_rtqdrain()as was originally intended. 1995-12-19 20:46:15 +00:00
Bruce Evans
b62d102cbb Uniformized pr_ctlinput protosw functions. The third arg is now `void
*' instead of caddr_t and it isn't optional (it never was).  Most of the
netipx (and netns) pr_ctlinput functions abuse the second arg instead of
using the third arg but fixing this is beyond the scope of this round
of changes.
1995-12-16 02:14:44 +00:00
Bruce Evans
081d3b932c Added a prototype. 1995-12-16 00:05:40 +00:00
Poul-Henning Kamp
f708ef1b9e Another mega commit to staticize things. 1995-12-14 09:55:16 +00:00
Poul-Henning Kamp
f6d24a780b Staticize. 1995-12-09 20:43:53 +00:00
Poul-Henning Kamp
885f1aa42b Remove old ballast, clean up a little bit, staticize.
Add five sysctl variables that you should probably never tweak.
	net.arp.t_prune: 300
	net.arp.t_keep: 1200
	net.arp.t_down: 20
	net.arp.maxtries: 5
	net.arp.useloopback: 1
	net.arp.proxyall: 0

(It's net.arp because arp isn't limited to inet, though our present
implementation surely is).
1995-12-09 16:06:54 +00:00
Garrett Wollman
be070f4335 Added a conditionalized printf for debugging MTU discovery. 1995-12-08 16:46:06 +00:00
Bruce Evans
2baeef32b6 Removed unnecessary #includes of vm stuff. Most of them were once
prerequisites for <sys/sysctl.h>.

subr_prof.c:
Also replaced #include of <sys/user.h> by #include of <sys/resourcevar.h>.
1995-12-06 23:37:44 +00:00
Bruce Evans
f1844d4cdf Added explicit include of <sys/queue.h>. Currently, some things only
compile because <vm/vm.h> happens to be gratuitously included before
<netinet/in_pcb.h> and <vm/vm.h> happens to include <sys/queue.h>.
1995-12-05 21:26:34 +00:00
Garrett Wollman
b7a44e3486 Path MTU Discovery is now standard. 1995-12-05 17:46:50 +00:00
David Greenman
4a5f1499b0 all:
Removed ifnet.if_init and ifnet.if_reset as they are generally unused.
Change the parameter passed to if_watchdog to be a ifnet * rather than
a unit number. All of this is an attempt to move toward not needing an
array of softc pointers (which is usually static in size) to point to
the driver softc.

if_ed.c:
Changed some of the argument passing to some functions to make a little
more sense.

if_ep.c, if_vx.c:
Killed completely bogus use of if_timer. It was being set in such a way
that the interface was being reset once per second (blech!).
1995-12-05 02:01:59 +00:00
Bruce Evans
ce7609a49c Completed function declarations and/or added prototypes. 1995-12-02 19:38:06 +00:00
Poul-Henning Kamp
dcc3cb753b fix #includes & warnings. 1995-11-20 12:28:21 +00:00
Bruce Evans
1031ab97d2 Fixed the type of a function pointer. 1995-11-18 13:25:41 +00:00
Bruce Evans
ff98689d2d Fixed recent staticizations. Some protypes for static functions were
left in headers and not staticized.
1995-11-16 09:51:22 +00:00
Poul-Henning Kamp
0312fbe97d New style sysctl & staticize alot of stuff. 1995-11-14 20:34:56 +00:00
Poul-Henning Kamp
98163b98dc Start adding new style sysctl here too. 1995-11-09 20:23:09 +00:00
Andras Olah
845799c166 Cosmetic changes to processing of segments in the SYN_SENT state:
- remove a redundant condition;
- complete all validity checks on segment before calling
  soisconnected(so).

Reviewed by:	Richard Stevens, davidg, wollman
1995-11-03 22:31:54 +00:00
Andras Olah
356ad1b0cb Setting the TF_ACKNOW flag was redundant in the REXMT timeout because
tcp_output() checks for the condition snd_nxt == snd_una.

Reviewed by:	davidg, wollman, olah
Suggested by:	Richard Stevens
1995-11-03 22:19:50 +00:00
Andras Olah
a45d27261d Fix a logical error in T/TCP: when we actively open a connection, we
have to decide whether to send a CC or CCnew option in our SYN segment
depending on the contents of our TAO cache.  This decision has to be
made once when the connection starts.  The earlier code delayed this
decision until the segment was assembled in tcp_output() and
retransmitted SYN segments could have different CC options.

Reviewed by:	Richard Stevens, davidg, wollman
1995-11-03 22:08:13 +00:00
Garrett Wollman
054ef37088 Instrument the IP input queue with two new read-only MIB entries:
net.inet.ip.intr-queue-maxlen (=== ipintrq.ifq_maxlen)
and	net.inet.ip.intr-queue-drops (=== ipintrq.ifq_drops)

There should probably be a standard way of getting the same information
going the other way.
1995-11-01 17:18:27 +00:00
Andras Olah
b6239c4a19 Start the 2MSL timer when the socket is closed and the TCP connection is
in the FIN_WAIT_2 state in order to prevent the conn. hanging there
forever.

Reviewed by:	davidg, olah
Submitted by:	Arne Henrik Juul <arnej@imf.unit.no>
Obtained from:	bugs@netbsd.org
1995-10-29 21:30:25 +00:00
Poul-Henning Kamp
a98ca4699e Second batch of cleanup changes.
This time mostly making a lot of things static and some unused
variables here and there.
1995-10-29 15:33:36 +00:00
Julian Elischer
cc6a66f20e Reviewed by: julian and jhay@mikom.csir.co.za
Submitted by:	Mike Mitchell, supervisor@alb.asctmd.com

This is a bulk mport of Mike's IPX/SPX protocol stacks and all the
related gunf that goes with it..
it is not guaranteed to work 100% correctly at this time
but as we had several people trying to work on it
I figured it would be better to get it checked in so
they could all get teh same thing to work on..

Mikes been using it for a year or so
but on 2.0

more changes and stuff will be merged in from other developers now that this is in.

Mike Mitchell, Network Engineer
AMTECH Systems Corporation, Technology and Manufacturing
8600 Jefferson Street, Albuquerque, New Mexico 87113 (505) 856-8000
supervisor@alb.asctmd.com
1995-10-26 20:31:59 +00:00
Ugen J.S. Antsilevich
7934237885 Support all the tcpflag options in firewall.
Add reading options from file, now ipfw <filename> will
read commands string after string from file , form of strings
same as command line interface.
1995-10-23 03:58:06 +00:00
Poul-Henning Kamp
e3965e5b67 Remove the last trace of arptnew() 1995-10-22 19:07:58 +00:00
David Greenman
c1f8a6cefa Fix panic caused by PRU_CONTROL not being dealt with properly. Bug pointed
out by David Maltz <dmaltz@orval.mach.cs.cmu.edu>, but this fix is by me.
1995-10-21 02:12:20 +00:00
Garrett Wollman
3d1f141b23 The ability to administratively change the MTU of an interface presents
a few new wrinkles for MTU discovery which tcp_output() had better
be prepared to handle.  ip_output() is also modified to do something
helpful in this case, since it has already calculated the information
we need.
1995-10-16 18:21:26 +00:00
Garrett Wollman
91badc866f Routes can be asymmetric. Always offer to /accept/ an MSS of up to the
capacity of the link, even if the route's MTU indicates that we cannot
send that much in their direction.  (This might actually make it possible
to test Path MTU discovery in a useful variety of cases.)
1995-10-13 16:00:25 +00:00
Garrett Wollman
3abc79d2ee The additional checks involving sequence numbers in MTU discovery resends
turned out not to be necessary; simply watching for MTU decreases (which
we already did) automagically eliminates all the cases we were trying to
protect against.
1995-10-12 17:37:25 +00:00
Garrett Wollman
143d7a5499 More MTU discovery: avoid over-retransmission if route changes in the
middle of a fully-open window.  Also, keep track of how many retransmits
we do as a result of MTU discovery.  This may actually do more work than
necessary, but it's an unusual condition...

Suggested by: Janey Hoe <janey@lcs.mit.edu>
1995-10-10 17:45:43 +00:00
Garrett Wollman
1cb55cbffc Put newline at end of log()ed messages so syslog can't fill up your
/var quite as fast.
1995-10-06 19:30:43 +00:00
Garrett Wollman
66800f5742 Convert ARP to use queue.h macros rather than insque/remque. While
we're at it, eliminate obsolete exposure of `struct llinfo_arp' to
the world.  (This dates back to when ARP entries were not stored in
the routing table, and there was no other way for the `arp' program
to read the whole table than to grovel around in /dev/kmem.)
1995-10-05 20:08:43 +00:00
Garrett Wollman
6bb9a8e77d Make a whole bunch of PCB variables ints rather than shorts. There appear
to be no ill effects, and so far as Iknow none of the variables in
question depend on 16-bit wraparound behavior.  (The sizes are in
many cases relics from when a PCB had to fit inside a 128-byte mbuf.  PCBs
are no longer stored in that way, and the old structure would not have
fit, either.)
1995-10-04 20:49:03 +00:00
Garrett Wollman
e79adb8ed6 Finish 4.4-Lite-2 merge: randomize TCP initial sequence numbers
to make ISS-guessing spoofing attacks harder.
1995-10-03 16:54:17 +00:00
Ugen J.S. Antsilevich
37afa1e829 Well..finally..this is the first part..it should take care of
matching IP options..Check and test this - i made only a couple
of rough tests and this could be buggy.. Ipaccounting can't use
IP Options (and i don't see any need to cound packets with specific
options either..)
More to come...
1995-10-01 21:52:50 +00:00
Garrett Wollman
d7f570e630 Merge 4.4-Lite-2: update version number (we already have the same fixes).
Obtained from:	4.4BSD-Lite-2
1995-09-22 20:05:58 +00:00
Garrett Wollman
6dfab5b1e1 Merge 4.4-Lite-2: always check the UDP checksum if it is present, even
if we are not generating checksums.  (Save a test in the input path.)
1995-09-22 19:56:26 +00:00
Garrett Wollman
f001bbb882 Correct spelling error in MTUDISC code. 1995-09-22 17:43:37 +00:00
Peter Wemm
4dc45a5fa1 Remove duplicate definition for tcps_persistdrop, as added by davidg some
time ago.  I left in Garrett's one, because his was in the 4.4-Lite-2
location, making any diffs just that little bit smaller.

I presume this choice means that netstat needs to be recompiled before
"netstat -s" will give a meaningful answer on tcp stats.
1995-09-22 07:40:18 +00:00
Garrett Wollman
25f26ad85a Merge with 4.4-Lite-2: fix bug that caused getsockopt of IP_HDRINCL
to fail.

Obtained from:	4.4BSD-Lite-2
1995-09-21 19:59:43 +00:00
Garrett Wollman
3271ad14d8 Merge 4.4-Lite-2 by updating the version number.
Obtained from:	4.4BSD-Lite-2
1995-09-21 18:04:43 +00:00
Garrett Wollman
425f123ed4 Merge 4.4-Lite-2: update some declarations that we don't support anyway.
Obtained from:	4.4BSD-Lite-2
1995-09-21 17:58:07 +00:00
Garrett Wollman
2469dd60b7 Merge 4.4-Lite-2: use M_NOWAIT in in_pcballoc(), and return EACCES rather
than EPERM on illegal attempt to bind a reserved port.

Obtained from:	4.4BSD-Lite-2
1995-09-21 17:55:49 +00:00
Garrett Wollman
2180b92513 Merge with 4.4-Lite-2. This is actually a 64-bit fix; the second parameter
to in_control() is sometimes a pointer, and sometimes an integer, so use
u_long rather than int.

Obtained from:	4.4BSD-Lite-2
1995-09-21 17:50:45 +00:00
Garrett Wollman
ef91e5283e Merge with 4.4-Lite-2. This involves changing the version number and
moving a declaration around.

Obtained from:	4.4BSD-Lite-2
1995-09-21 17:39:51 +00:00
Garrett Wollman
6c52bc4648 Merge with 4.4-Lite-2. This just adds a couple of tcpstat entries which
we don't currently set, but might in the future.
1995-09-21 17:29:13 +00:00
Garrett Wollman
f138387af1 Add support in TCP for Path MTU discovery. This is highly experimental
and gated on `options MTUDISC' in the source.  It is also practically
untested becausse (sniff!) I don't have easy access to a network with
an MTU of less than an Ethernet.  If you have a small MTU network,
please try it and tell me if it works!
1995-09-20 21:00:59 +00:00
Garrett Wollman
5cbf3e086c Initial back-end support for IP MTU discovery, gated on MTUDISC. The support
for TCP has yet to be written.
1995-09-18 15:51:40 +00:00
Garrett Wollman
b6e3d50f4c Don't leak mbufs in an unusual error case in tcp_usrreq().
Reviewed by:	Andras Olah <olah@freebsd.org>
Obtained from:	Lite-2
1995-09-13 17:54:03 +00:00
Garrett Wollman
51823c3a93 If tcp_output() is unable to allocate space for a copy of the data waiting
to be sent, just clean up and return ENOBUFS rather than silently
proceeding without sending any of the data.  This makes it consistent
with the `#ifdef notyet' case immediately above.

Reviewed by:	Andras Olah <olah@freebsd.org>
Obtained from:	Lite-2
1995-09-13 17:36:31 +00:00
Garrett Wollman
2b758395ea Fix long-standing bug in ICMPPRINTFS code where NTOHL was used instead
of ntohl for printing IP addresses, by instead substituting inet_ntoa()
to produce human-readable output.

Obtained from:	4.4-Lite-2
1995-08-29 17:49:04 +00:00
Garrett Wollman
6adca7ad76 Fix some problems with multicast forwarding:
Garrett,

  Here are some patches for the rate limiting code.  It should be faster,
and in particular it doesn't leak malloc'd memory any more when rate_limit'ing
a phyint.

  It now uses an mbuf chain at each vif, instead of the static queue array.
This means that the MAXQSIZE is now variable per vif (although there is no
interface to change it other than a debugger); this is an area for more
experimentation.

  Bill

Submitted by:	Bill Fenner <fenner@parc.xerox.com>
1995-08-23 18:20:17 +00:00
Andras Olah
7eb7a449c4 Add a sanity check for the UDP length field in order to prevent
malformed UDP packets to panic the kernel.
Reviewed by:	davidg, wollman
Obtained from:	dab@berserkly.cray.com (David A. Borman) via end2end list
1995-08-17 22:09:14 +00:00
Gary Palmer
7d4aa0825d Try to make the `syn' blocking code act a bit more sensibly - don't
block `syn' packets that have `ack' set.
Reviewed by:
Submitted by:
Obtained from:
1995-07-31 13:58:35 +00:00
Andras Olah
d3eede9d32 Remove a redundant `if' from tcp_reass().
Correct a typo in a comment (SEND_SYN -> NEEDSYN).

Reviewed by:	David Greenman
1995-07-31 10:24:22 +00:00
David Greenman
cc0964fb2b Add connection drop capability for persist timeouts.
Reviewed by:	Andras Olah
Obtained from:	4.4BSD-lite2 via W. Richard Stevens
1995-07-29 18:48:44 +00:00
Garrett Wollman
b124e4f284 Fix test for determining when RSVP is inactive in a router. (In this
case, multicast options are not passed to ip_mforward().)  The previous
version had a wrong test, thus causing RSVP mrouters to forward RSVP messages
in violation of the spec.
1995-07-26 18:05:16 +00:00
Garrett Wollman
59929500b4 Declare rsvp_input() to take the correct set of arguments and figure out
the receipt interface in the correct way.
1995-07-24 18:15:13 +00:00
Garrett Wollman
b4489dc30a Completely turn off RSVP intercept when a socket being used for that purpose
is PRU_DETACHed.  This solves the problem that RSVP would not come up inm
raw mode if previously killed.
1995-07-24 16:33:51 +00:00
David Greenman
f70b105004 Added $Id$. 1995-07-23 05:36:31 +00:00
Peter Wemm
42c03a52ba Change the compile-time option of DIRECTED_BROADCAST into a sysctl
variable underneath ip, "directed-broadcast".
Reviewed by:	David Greenman
Obtained from:	NetBSD, by Darren Reed.
1995-07-18 09:56:44 +00:00
Garrett Wollman
357b78a939 Return EDESTADDRREQ rather than EADDRNOTAVAIL if the user attempts to
half-configure a point-to-point interface.

Submitted by:	Jonathan M. Bresler <jmb@kryten.atinc.com>
1995-07-17 15:15:15 +00:00
Garrett Wollman
5b7ee6ed04 ICMP messages received from broken hosts which reply to multicast packets
were mistakenly delivered, rather than getting thrown out, which caused
substantial lossage.

Submitted by: Bill Fenner <fenner@parc.xerox.com>
1995-07-10 16:16:00 +00:00
Garrett Wollman
dd22498271 tcp_input.c - keep track of how many times a route contained a cached rtt
or ssthresh that we were able to use

tcp_var.h - declare tcpstat entries for above; declare tcp_{send,recv}space

in_rmx.c - fill in the MTU and pipe sizes with the defaults TCP would have
	used anyway in the absence of values here
1995-07-10 15:39:16 +00:00
David Greenman
c6e8c3576e Fixed panic that occurs on certain firewall rejected packets that was
caused by dtom() being used on an mbuf cluster. The fix involves passing
around the mbuf pointer.

Submitted by:	Bill Fenner
1995-07-09 14:29:46 +00:00
David Greenman
04c3f9f7ab Added some spaces for KNF. Moved some zero-initialized pointers into the
kernel's .bss.
1995-07-04 05:46:13 +00:00
David Greenman
09270166bb This is the end result of about a dozen passes through this code to fix
incorrect indents, a variety of poor coding practices such as comparing
pointers to constants ('0'), poor code structuring, etc, etc. This brings
the code up to the minimum standards for inclusion in FreeBSD.
1995-07-04 05:39:03 +00:00
David Greenman
ed64321cec Define TRUE and FALSE. 1995-07-04 05:29:30 +00:00
David Greenman
7e9367a410 1) Removed bogus #include
2) Rewrote "bad_packet" code to be less buggy and more readable.
3) Removed a pile of goto's; the code is now somewhat less reminiscent
   of a certain Italian pasta.
4) Changed all boolean returns of "0" and "1" to FALSE/TRUE.
1995-07-04 03:35:20 +00:00
Joerg Wunsch
40a63d93aa Slightly modify my previous change to return EINVAL instead of
EFAULT.

Submitted by:	Peter Wemm
1995-07-02 16:45:07 +00:00
Joerg Wunsch
d700586c3a I saw a very low-key commit message on the netbsd mailing lists and
figured out what the problem was..  Anyway, I rate it as "highly
serious".

Submitted by:	peter@haywire.DIALix.COM (Peter Wemm)
1995-07-01 19:09:40 +00:00
Garrett Wollman
fc97827135 Keep track of the number of samples through the srtt filter so that we
know better when to cache values in the route, rather than relying on a
heuristic involving sequence numbers that broke when tcp_sendspace
was increased to 16k.
1995-06-29 18:11:24 +00:00
Gary Palmer
06cf932bcb Add a missing `goto' statement so that this compiles yet again. 1995-06-28 13:22:36 +00:00
David Greenman
e9ce2e7d20 Added function prototypes for ip_rsvp_vif_init, ip_rsvp_vif_done, and
ip_rsvp_force_done.
1995-06-28 05:13:02 +00:00
Garrett Wollman
20dc68b204 Delete obsolete #if 0 block. 1995-06-27 20:36:34 +00:00
Guido van Rooij
a0aa52a646 reject option in ip_fw used to panic the system. This fixes it.
-Guido
Reviewed by:
Submitted by:
Obtained from:
1995-06-27 17:26:27 +00:00
Garrett Wollman
524743b0fe From Bill Fenner:
> Also, I don't remember if I sent you this; it affects PIM assert processing.

Submitted by:	Bill Fenner <fenner@parc.xerox.com>
1995-06-26 16:15:49 +00:00
Garrett Wollman
fba14c2e49 Corrected a bug that caused protocol-4 tunnels (used for multicast
forwarding between networks that aren't directly connected) not to work
by intercepting the wrong protocol number.  This should fix a bug reported
previously by someone I don't remember.
1995-06-26 16:11:51 +00:00
Garrett Wollman
43bed81d64 Fix an error in the comparison direction of the ap->updating case of
in_rtqkill().

Submitted by: W. Richard Stevens
1995-06-21 19:48:53 +00:00
Garrett Wollman
4650161123 Fix a resource allocation bug where multicast forwarding would leak mbufs
in certain cases when allocation of another mbuf has already failed.

Submitted by: Bill Fenner <fenner@parc.xerox.com>
1995-06-19 17:22:01 +00:00
Garrett Wollman
9167720192 Now that we've gone to all sorts of effort to allow TCP to cache some of
its connection parameters, we want to keep statistics on how often this
actually happens to see whether there is any work that needs to be done in
TCP itself.

Suggested by: John Wroclawski <jtw@lcs.mit.edu>
1995-06-19 16:45:33 +00:00
Garrett Wollman
1c5de19afb Kernel side of 3.5 multicast routing code, based on work by Bill Fenner
and other work done here.  The LKM support is probably broken, but it
still compiles and will be fixed later.
1995-06-13 17:51:16 +00:00
Rodney W. Grimes
d3628763db Merge RELENG_2_0_5 into HEAD 1995-06-11 19:33:05 +00:00
Rodney W. Grimes
9b2e535452 Remove trailing whitespace. 1995-05-30 08:16:23 +00:00
David Greenman
765b90447e These diffs modify the behaviour of multicast clients to conform with the
IGMPv2 spec.  This fixes the following bugs:

o ntohs() on a char provides silly results
o timer needs to be scaled to units of PR_FASTHZ; this was being done
  inconsistenly so now it gets done when it is initialized.

Reviewed by:	Garrett Wollman
Submitted by:	Bill Fenner <fenner@parc.xerox.com>
1995-05-16 01:28:29 +00:00
Andrey A. Chernov
2f632e8fe8 Fix getsockopt(IP_ACCT_*) to not panic kernel
Submitted by: Bill Fenner <fenner@parc.xerox.com>
1995-05-12 20:00:21 +00:00
Rodney W. Grimes
b2b795f07c Fix -Wformat warnings from LINT kernel. 1995-05-11 19:26:53 +00:00
David Greenman
6b067b0744 #ifdef'd my Nagel/ACK hack with "TCP_ACK_HACK", disabled by default. I'm
currently considering reducing the TCP fasttimo to 100ms to help improve
things, but this would be done as a seperate step at some point in the
future.
This was done because it was causing some sometimes serious performance
problems with T/TCP.
1995-05-11 01:41:06 +00:00
Garrett Wollman
748e0b0acc Make networking domains drop-ins, through the magic of GNU ld. (Some day,
there may even be LKMs.)  Also, change the internal name of `unixdomain'
to `localdomain' since AF_LOCAL is now the preferred name of this family.
Declare netisr correctly and in the right place.
1995-05-11 00:13:26 +00:00
David Greenman
94a5d9b6a1 Replaced some bcopy()'s with memcpy()'s so that gcc while inline/optimize. 1995-05-09 13:35:48 +00:00
Andras Olah
40db8ef747 Fix a misspelled constant in tcp_input.c.
On Tue, 09 May 1995 04:35:27 PDT, Richard Stevens wrote:
> In tcp_dooptions() under the case TCPOPT_CC there is an assignment
>
>       to->to_flag |= TCPOPT_CC;
>
> that should be
>
>       to->to_flag |= TOF_CC;
>
> I haven't thought through the ramifications of what's been happening ...
>
>       Rich Stevens

Submitted by:	rstevens@noao.edu (Richard Stevens)
1995-05-09 12:32:06 +00:00
Andrey A. Chernov
2ee32961f5 Add IPTOS_MINCOST according to RFC 1349
Change IPTOS_PREC_ROUTINE to 0 (was conflict with IPTOS_LOWDELAY) according
to RFC 791 (unchanged since it) and BSDI 2.0 style
Submitted by: Igor Sviridov <siac@ua.net>
1995-05-05 14:36:38 +00:00
David Greenman
0d7b7d3ea7 Changed in_pcblookuphash() to not automatically call in_pcblookup() if
the lookup fails. Updated callers to deal with this. Call in_pcblookuphash
instead of in_pcblookup() in in_pcbconnect; this improves performance of
UDP output by about 17% in the standard case.
1995-05-03 07:16:53 +00:00
Paul Traina
f5fea3ddc9 Cleanup loopback interface support.
Reviewed by:	wollman
1995-04-26 18:10:58 +00:00
Garrett Wollman
1067217d5d Disallow half-configured point-to-point interfaces. It's still possible to
get into a half-configured state by using the old-style ioctls;this
may be a feature.
1995-04-25 19:50:20 +00:00
Andras Olah
c4575b2416 Include <sys/queue.h> because <netinet/in_pcb.h> (also included
later in tcp_debug.c) requires it due to the pcb changes of DavidG.
1995-04-19 10:26:04 +00:00
David Greenman
230620627b Fixed bug I introduced when changing PCB list to use 4.4BSD style queue
macros. Basically, detect 'tp' going away differently.
1995-04-12 06:49:56 +00:00
David Greenman
d79940da0a Further satisfy my paranoia by making sure that the ACKNOW is only
set when ti_len is non-zero.
1995-04-10 17:37:46 +00:00
David Greenman
afa70c96dd Fixed bug I introduced with my Nagel hack which caused tcp_input and
tcp_output to loop endlessly. This was freefall's problem during the past
day.
1995-04-10 17:16:10 +00:00
David Greenman
7bc4aca7f0 Added splnet protections for PCB list manipulations and traversals. 1995-04-10 08:52:45 +00:00
David Greenman
64e4231041 Backed out Jordan's #include of queue.h 1995-04-10 00:43:18 +00:00
Jordan K. Hubbard
cb7533f532 #include <sys/queue.h> or die horribly. 1995-04-09 16:46:47 +00:00
David Greenman
15bd2b4385 Implemented PCB hashing. Includes new functions in_pcbinshash, in_pcbrehash,
and in_pcblookuphash.
1995-04-09 01:29:31 +00:00
Andras Olah
755c1f07c8 Fix a bug in tcp_input reported by Rick Jones <raj@hpisrdq.cup.hp.com>.
If a goto findpcb occurred during the processing of a segment, the TCP and
IP headers were dropped twice from the mbuf which resulted in data acked
by TCP but not delivered to the user.
Reviewed by:	davidg
1995-04-05 10:32:14 +00:00
Bruce Evans
8c62f8d80f Remove redundant declarations. 1995-04-02 19:05:09 +00:00
Bill Paul
5f6d32c735 Add declaration for struct ether_addr (this is where Sun documents
it to go).
1995-04-02 01:26:26 +00:00
David Greenman
8a31826613 Backed out changes in rev 1.5 that prevent sending FIN if in CLOSING
state. This causes an infinite loop in some rare cases (probably caused
by some other, much more difficult to find bug).
1995-03-30 23:35:55 +00:00
David Greenman
e612a582cc Re-apply my "breakage" to the Nagel congestion avoidence. This version
differs slightly in the logic from the previous version; packets are now
acked immediately if the sender set PUSH.
1995-03-27 07:12:24 +00:00
Garrett Wollman
ffa5b11ab5 in_var.h: in_multi structures now form a queue(3)-style LIST structure
in.c: when an interface address is deleted, keep its multicast membership
.     records (attached to a struct multi_kludge) for attachment to the
.     next address on the same interface.  Also, in_multi structures now
.     gain a reference to the ifaddr so that they won't point off into
.     freed memory if an interface goes away and doesn't come back before
.     the last socket reference drops.  This is analogous to how it is
.     done for routes, and seems to make the most sense.
1995-03-23 18:14:41 +00:00
Garrett Wollman
20e8807c09 This should be splimp() rather than splnet() since ifaddrs might go away
as a result of link-layer processing.
1995-03-20 18:31:51 +00:00
Garrett Wollman
9b626c29f7 Fix race conditions involved in setting IP multicast options. This should
fix Dennis Fortin's problem for good, if I've got it figured out right.

(The problem was that a `struct ifaddr' could get deleted out from under
the current requester, thus leaving him with an invalid interface pointer
and causing even more bogus accesses.)
1995-03-20 18:11:31 +00:00
David Greenman
edf8a81561 Removed redundant newlines that were in some panic strings. 1995-03-19 14:29:26 +00:00
Garrett Wollman
1025071f85 Reject source routes unless configured on by administrator. 1995-03-16 18:22:28 +00:00
Bruce Evans
b5e8ce9f12 Add and move declarations to fix all of the warnings from `gcc -Wimplicit'
(except in netccitt, netiso and netns) and most of the warnings from
`gcc -Wnested-externs'.  Fix all the bugs found.  There were no serious
ones.
1995-03-16 18:17:34 +00:00
Garrett Wollman
ef0cdf3329 Add inet_ntoa() and replace ARP's private routine with same. 1995-03-16 17:32:27 +00:00
Garrett Wollman
d99c7a23fa This set of patches enables IP multicasting to work under FreeBSD. I am
submitting them as context diffs for the following files:

sys/netinet/ip_mroute.c
sys/netinet/ip_var.h
sys/netinet/raw_ip.c
usr.sbin/mrouted/igmp.c
usr.sbin/mrouted/prune.c

The routine rip_ip_input in raw_ip.c is suggested by Mark Tinguely
(tinguely@plains.nodak.edu). I have been running mrouted with these patches
for over a week and nothing has seemed seriously wrong. It is being run in
two places on our network as a tunnel on one and a subnet querier on the
other. The only problem I have run into is that mrouted on the tunnel must
start up last or the pruning isn't done correctly and multicast packets
flood your subnets.

Submitted by:	Soochon Radee <slr@mitre.org>
1995-03-16 16:25:55 +00:00
David Greenman
2c8fe19f89 pcb allocations are not always done on behalf of a process; it is not
okay to wait.
1995-03-14 21:50:55 +00:00
David Greenman
d41f24e742 Added support for generic FDDI and the DEC DEFEA and DEFPA FDDI adapters.
Submitted by:	Matt Thomas
1995-03-14 09:16:07 +00:00
Ugen J.S. Antsilevich
9870b4d2de Allocate memory as M_IPFW,now we can watch firewall memory usage
in vmstat..
1995-03-12 13:28:13 +00:00
Nate Williams
9617d8b1f6 Removed unnecessary define for TCPOUTFLAGS since they are not used. 1995-03-06 02:49:24 +00:00
David Greenman
3dbdc25caa Move exact match pcb's to the head of the list to improve lookup
performance.
1995-03-02 19:29:42 +00:00
Ugen J.S. Antsilevich
29fe22b93f Allow "via" to be specified ever as IP adress or
as interface name/unit...
1995-02-24 14:33:54 +00:00
Bruce Evans
6f05a6e836 Fix benign type mismatch. 1995-02-22 07:23:26 +00:00
David Greenman
38aa9fc375 Added missing newlines to calls to log(). 1995-02-20 15:48:46 +00:00
Garrett Wollman
c7a82f9016 Include missing <sys/kernel.h> for `hz'.
Submitted by:  David Greenman, Rod Grimes, Christoph Kukulies
1995-02-17 00:29:42 +00:00
Garrett Wollman
cb04d5c55b Don't need to retransmit FIN bit in CLOSING state.
Obtained from: Stevens, vol. 2, exercise 29.5 (solution p. 1090)
1995-02-16 01:53:31 +00:00
Garrett Wollman
1c09f77422 spl back down in unusual out-of-memory condition in udp_output().
Obtained from: Stevens, vol. 2, exercise 23.4 (solution p. 1083)
1995-02-16 01:47:36 +00:00
Garrett Wollman
1fdbc7ae46 Correctly initialize so_linger in ticks (not seconds).
Obtained from: Stevens, vol. 2, p. 1010
1995-02-16 01:42:45 +00:00
Garrett Wollman
dac2030182 Avoid deadlock situation described by Stevens using his suggested replacement
code.

Obtained from: Stevens, vol. 2, pp. 959-960
1995-02-16 01:39:19 +00:00
Garrett Wollman
9bb8795d71 Don't add back in the IP header length to ip_len; icmp_error will do it
for us.

Obtained from: Stevens, vol. 2, p. 774
1995-02-16 01:25:06 +00:00
Garrett Wollman
41f82abe5a Transaction TCP support now standard. Hack away! 1995-02-16 00:55:44 +00:00
Garrett Wollman
f2ea20e676 Add lots of useful MIB variables and a few not-so-useful ones for
completeness.
1995-02-16 00:27:47 +00:00
Garrett Wollman
628e3e3401 After dynamically reducing rtq_reallyold, have in_rtqkill() reduce the
expiration timer of anything which would expire later than that.  (There
should be a way to call this from ip_sysctl() as well, but there currently
isn't.)
1995-02-14 23:11:26 +00:00
Garrett Wollman
ea80aed1a9 Attempt to make the host route cache a bit smarter under conditions of
high load:

	1) If there ever get to be more than net.inet.ip.rtmaxcache entries
	   in the cache, in_rtqtimo() will reduce net.inet.ip.rtexpire by
	   1/3 and do another round, unles net.inet.ip.rtexpire is less than
	   net.inet.ip.rtminexpire, and never more than once in ten minutes
	   (rtq_timeout).

	2) If net.inet.ip.rtexpire is set to zero, don't bother to cache
	   anything.
1995-02-14 23:04:52 +00:00
Poul-Henning Kamp
c70f45100d YFfix. 1995-02-14 06:28:25 +00:00
Poul-Henning Kamp
c178994d81 YPfix 1995-02-14 06:25:17 +00:00
Garrett Wollman
2f96f1f446 Get rid of some unneeded #ifdef TTCP lines. Also, get rid of some
bogus commons declared in header files.
1995-02-14 02:35:19 +00:00
Garrett Wollman
a0292f2375 Merge Transaction TCP, courtesy of Andras Olah <olah@cs.utwente.nl> and
Bob Braden <braden@isi.edu>.

NB: This has not had David's TCP ACK hack re-integrated.  It is not clear
what the correct solution to this problem is, if any.  If a better solution
doesn't pop up in response to this message, I'll put David's code back in
(or he's welcome to do so himself).
1995-02-09 23:13:27 +00:00
David Greenman
e99d026c60 Fixed another TTCP ifdef problem...there isn't any tcp_sysctl field in
!TTCP.
1995-02-09 00:56:09 +00:00
David Greenman
512ff5eaa0 Fix/#ifdef prototype for tcp_mss...apparantly overlooked by Garrett. 1995-02-09 00:49:20 +00:00
Garrett Wollman
999f1343a5 T/TCP changes to generic IP code. This is all ifdefed TTCP so should
have no effect on most users for now.  (Eventually, once this code is
fully tested, the ifdefs will go away.)
1995-02-08 20:22:09 +00:00
Garrett Wollman
eb6ad69646 Merge in T/TCP TCP header file changes. 1995-02-08 20:18:48 +00:00
Gary Palmer
6db216a6d7 Remove a possible loophole - previously the code wouldn't pass packets destined
to the loopback address to the packet filter.

Reviewed by:	"Ugen J.S.Antsilevich" <ugen@netvision.net.il>
1995-02-07 20:30:42 +00:00
Garrett Wollman
838ecf4225 Make sure to disable RSVP intercept when the socket is closed. 1995-02-07 02:53:14 +00:00
Garrett Wollman
479bb8da0e Correct long-standing error in the RSVP hooks (would initialize but never
return success).
1995-01-26 18:59:02 +00:00
Ugen J.S. Antsilevich
2b43c8c9db ip_fwdef.c was missing some assignments , and this
caused that bug by which firewall code was not working
if configured into kernel and worked only as lkm.
Now this must be fixed...Sorry guys..
1995-01-26 10:26:15 +00:00
David Greenman
8eea120788 Kill previous commit as it isn't necessary. 1995-01-26 03:56:20 +00:00
David Greenman
b99f012ec5 Extended the previous change to cover the non-options case, too. 1995-01-24 08:03:22 +00:00
David Greenman
297a37f334 Applied fix from Andreas Schulz with a different comment by me. Fixes a
bug where TCP connections are closed prematurely.

Submitted by:	Andreas Schulz
1995-01-23 17:58:27 +00:00
Garrett Wollman
bbb7c7109b Change caching strategy somewhat:
1) Don't clone routes to multicast destinations; there is nothing useful
   to be gained in this case.
2) Reduce default expiration timer to one hour.  Busy sites will still
   likely want to reduce this, but for ordinary users this is a reasonable
   value to use.
1995-01-23 02:02:50 +00:00
Ugen J.S. Antsilevich
4dd1662b4c Actual firewall change.
1) Firewall is not subdivided on forwarding / blocking chains
   anymore.Actually only one chain left-it was the blocking one.
2) LKM support.ip_fwdef.c is function pointers definition and
goes into kernel along with all INET stuff.
1995-01-12 13:06:32 +00:00
David Greenman
aedcdea1de Fixed mbuf lossage when level != IPPROTO_IP. Problem reported by Robert
Dobbs, hint from Charles Hannum, fix by me.
1995-01-12 10:53:25 +00:00
Garrett Wollman
b2774d00ad Make arp_rtrequest() static since nobody needs to referene it any more. 1994-12-22 22:00:30 +00:00
Garrett Wollman
dd2e410221 Move ARP interface initialization into if_ether.c:arp_ifinit(). 1994-12-22 21:56:22 +00:00
Garrett Wollman
f811ab0233 Avoid a serious race by blocking netisrs while walking the route tree.
(IWBRNI we could just block IP netisrs...)
1994-12-21 17:25:52 +00:00
Garrett Wollman
3c896bda76 Correct sysctl info so that net.inet.ip.rtexpire is actually accessible. 1994-12-21 17:23:59 +00:00
Garrett Wollman
9ee39fc64d Fix PR 59: don't allow TCP connections withmulticast addresses at either
end.
1994-12-15 20:39:34 +00:00
Garrett Wollman
5be2baf843 Make rtq_reallyold user-configurable via sysctl. 1994-12-14 19:06:37 +00:00
Garrett Wollman
2c17fe9339 Call rtalloc_ign() so that protocol cloning will not occur at the IP layer. 1994-12-13 23:08:12 +00:00
Garrett Wollman
31246bc25f Update calls to rtalloc1(). Also merge rt_prflags with rt_flags. 1994-12-13 22:32:45 +00:00
Ugen J.S. Antsilevich
3107b31b8d Add clear one accounting entry control.
Structure fields changed to seem more standart.
1994-12-13 15:57:34 +00:00
Ugen J.S. Antsilevich
f3caf95e23 Late patch for delete control.. 1994-12-12 18:10:41 +00:00
Ugen J.S. Antsilevich
10a642bb05 Add match by interface from which packet arrived (via)
Handle right fragmented packets. Remove checking option
from kernel..
1994-12-12 17:20:55 +00:00
Garrett Wollman
1db18e0fc4 Advanced route cache management is now an official part of IP support. 1994-12-11 21:36:10 +00:00
Garrett Wollman
114a506d1a Delete old, confusing comment. 1994-12-02 23:10:32 +00:00
Garrett Wollman
73579c400f Add a check to make sure that we don't fiddle with the NFS routing tables
as well (bleah!).  Also, increase the interval to the real-life value and
eliminate debugging printfs.  This will be standard once tested by others.
1994-12-02 03:32:24 +00:00
Garrett Wollman
fa1f0e90fb Add latest version of ``advanced route metric management'' :-)
As before, this is currently conditionalized on options IN_RMX until
I'm sure it's working.
1994-12-01 23:19:48 +00:00
Ugen J.S. Antsilevich
c334f8666a Added: ICMP reply,TCP SYN check,logging.. 1994-11-28 12:35:14 +00:00
Jordan K. Hubbard
63f8d699ac Ugen J.S.Antsilevich's latest, happiest, IP firewall code.
Poul:  Please take this into BETA.  It's non-intrusive, and a rather
substantial improvement over what was there before.
1994-11-16 10:17:11 +00:00
Jordan K. Hubbard
dbdc296687 Ugen makes it in with 10 seconds to spare with a one-char diff. Some
people are born lucky..
Submitted by:	ugen
1994-11-08 14:25:17 +00:00
Jordan K. Hubbard
72e8fea57e Almost 12th hour (the 11th hour was almost an hour ago :-) patches
from Ugen.
1994-11-08 12:47:29 +00:00
Jordan K. Hubbard
ad63b51399 2 11th-hour fixes from Ugen (not Uben, sorry!) J.S.Antsilevich.
I think it's time for Ugen to get a freefall account, just so I can
direct mail at him directly and let him drop off patches for us here.  Ugen?
Done!
Submitted by:	ugen
1994-11-07 10:01:32 +00:00
Garrett Wollman
df00058df7 Fix off-by-one error reported to NetBSD by Karl Fox in
<9411031449.AA11102@gefilte.MorningStar.Com>.
1994-11-03 21:04:21 +00:00
Garrett Wollman
bb0135e920 Completely replace JTW's idea with my (incompletely implemented) original
idea.  This is les likely to crash your machine.  As before, this code is only
enabled under `options IN_RMX'.
1994-11-03 01:05:34 +00:00
Garrett Wollman
d4a8d8f240 This is the file that actually implements the smarter behavior. 1994-11-02 04:42:14 +00:00
Garrett Wollman
5c2dae8edc Add code to be a bit smarter about IP routes, conditioned on the option
IN_RMX.  (Eventually this will be standard, but I just wrote the code today
and don't want to break anyone.)
1994-11-02 04:41:39 +00:00
Garrett Wollman
ac234f9399 Clean up ARP error messages: format IP addresses, explain arplookup()
failures in English.
1994-11-02 00:58:29 +00:00
Jordan K. Hubbard
0a87b23329 Latest changes from Uben.
Submitted by:	uben
1994-10-31 23:58:04 +00:00
Paul Traina
6c4b8d672e Detect old-style multicast routers and interoperate properly 1994-10-31 06:36:47 +00:00
Jordan K. Hubbard
100ba1a617 IP Firewall code from Daniel Boulet and J.S.Antsilevich
Submitted by:	danny ugen
1994-10-28 15:09:49 +00:00
Steven Wallace
1bc8a80906 Patch for proper multicast support on point-to-point links.
Submitted by:	apg@demos.su (Paul Antonov) - patch020
1994-10-25 22:13:32 +00:00
Garrett Wollman
ccc999917e Bug fixes from John Brezak. 1994-10-21 02:38:29 +00:00
Garrett Wollman
e2637b6b1c Fix some endianness and packet header bugs found in BSDi's port of this code.
(From mbone mailing-list.)
1994-10-13 22:12:42 +00:00
Garrett Wollman
10be56487a As suggested by Sally Floyd, don't add the ``small fraction of the window
size'' when doing congestion avoidance.

Submitted by:	Mark Andrews
1994-10-13 18:36:32 +00:00
Garrett Wollman
5df7296441 Fix a bug which caused panics when attempting to change just the flags of
a route.  (This still doesn't work, but it doesn't panic now.)  It looks
like there may be a number of incipient bugs in this code.

Also, get ready for the time when all IP gateway routes are cloning, which
is necessary to keep proper TCP statistics.
1994-10-11 23:16:38 +00:00
Poul-Henning Kamp
61ce519bad Cosmetics. Silence gcc -Wall. 1994-10-10 07:56:07 +00:00
Poul-Henning Kamp
ac0776aed7 Cosmetics: silences gcc -Wall. 1994-10-08 22:39:58 +00:00
Poul-Henning Kamp
623ae52e4e GCC cleanup.
Reviewed by:
Submitted by:
Obtained from:
1994-10-02 17:48:58 +00:00
Garrett Wollman
28e822955c Implement full proxy ARP, gated on option ARP_PROXYALL. This allows
a FreeBSD box to do proxy ARP as easily as most commercial routers do,
without messing around with (potentially variable) Ethernet addresses.
This code is really quite simple; I'm not at all sure why it wasn't
implemented in 4.4.

It might be worth stealing an interface flag (maybe IFF_LINK1) to use for
finer-grained control over which interfaces get proxy treatment.  For the
moment, it's all or nothing.
1994-10-01 21:50:33 +00:00
Poul-Henning Kamp
fe95e21fed Made the kernel compile even without "ether". 1994-09-16 05:47:06 +00:00
David Greenman
610ee2f9b5 Made TCPDEBUG truely optional. Based on changes I made in FreeBSD 1.1.5.
Fixed somebody's idea of a joke - about the first half of the lines in
in_proto.c were spaced over by one space.
1994-09-15 10:36:56 +00:00
Garrett Wollman
dea246f55a Add code to make multicast routing be an LKM. 1994-09-14 21:21:29 +00:00
Garrett Wollman
5e9ae478ac Shuffle some functions and variables around to make it possible for
multicast routing to be implemented as an LKM.  (There's still a bit of
work to do in this area.)
1994-09-14 03:10:15 +00:00
Garrett Wollman
01d6dc8860 Disable IPMULTICAST_VIF socket option when MROUTING is not defined,
since it doesn'tmake any sense for non-routers.
CVS:
1994-09-09 22:05:02 +00:00
Garrett Wollman
f0068c4a70 Initial get-the-easy-case-working upgrade of the multicast code
to something more recent than the ancient 1.2 release contained in
4.4.  This code has the following advantages as compared to
previous versions (culled from the README file for the SunOS release):

- True multicast delivery
- Configurable rate-limiting of forwarded multicast traffic on each
  physical interface or tunnel, using a token-bucket limiter.
- Simplistic classification of packets for prioritized dropping.
- Administrative scoping of multicast address ranges.
- Faster detection of hosts leaving groups.
- Support for multicast traceroute (code not yet available).
- Support for RSVP, the Resource Reservation Protocol.

What still needs to be done:

- The multicast forwarder needs testing.
- The multicast routing daemon needs to be ported.
- Network interface drivers need to have the `#ifdef MULTICAST' goop ripped
  out of them.
- The IGMP code should probably be bogon-tested.

Some notes about the porting process:

In some cases, the Berkeley people decided to incorporate functionality from
later releases of the multicast code, but then had to do things differently.
As a result, if you look at Deering's patches, and then look at
our code, it is not always obvious whether the patch even applies.  Let
the reader beware.

I ran ip_mroute.c through several passes of `unifdef' to get rid of
useless grot, and to permanently enable the RSVP support, which we will
include as standard.

Ported by: 	Garrett Wollman
Submitted by:	Steve Deering and Ajit Thyagarajan (among others)
1994-09-06 22:42:31 +00:00
Garrett Wollman
6a7be6e8e0 Obey RFC 793, section 3.4:
Several examples of connection initiation follow.  Although these
  examples do not show connection synchronization using data-carrying
  segments, this is perfectly legitimate, so long as the receiving TCP
  doesn't deliver the data to the user until it is clear the data is
  valid (i.e., the data must be buffered at the receiver until the
  connection reaches the ESTABLISHED state).
1994-08-26 22:27:16 +00:00
Paul Richards
707f139edb Made idempotent.
Submitted by:	Paul
1994-08-21 05:27:42 +00:00
Garrett Wollman
f23b4c91c4 Fix up some sloppy coding practices:
- Delete redundant declarations.
- Add -Wredundant-declarations to Makefile.i386 so they don't come back.
- Delete sloppy COMMON-style declarations of uninitialized data in
  header files.
- Add a few prototypes.
- Clean up warnings resulting from the above.

NB: ioconf.c will still generate a redundant-declaration warning, which
is unavoidable unless somebody volunteers to make `config' smarter.
1994-08-18 22:36:09 +00:00
David Greenman
3c4dd3568f Added $Id$ 1994-08-02 07:55:43 +00:00
David Greenman
b53902964f fixed bug where large amounts of unidirectional UDP traffic would fill
the interface output queue and further udp packets would be fragmented
and only partially sent - keeping the output queue full and jamming the
network, but not actually getting any real work done (because you can't
send just 'part' of a udp packet - if you fragment it, you must send
the whole thing). The fix involves adding a check to make sure that the
output queue has sufficient space for all of the fragments.
1994-08-01 12:01:45 +00:00
David Greenman
b164106fa7 Fixed bug with Nagel Congestion Avoidance where a tcp connection would
stall unnecessarily - always send an ACK when a packet len of < mss is
received.
1994-08-01 12:00:25 +00:00
David Greenman
26e30fbba5 Increased tcp_send/recvspace to 16k, and added TCP_SMALLSPACE ifdef
to set it to 4k.
1994-05-29 07:42:47 +00:00
David Greenman
d4d0967e5b Added missing ntohl()'s that are needed before calling IN_MULTICAST in
a couple of places.
Submitted by:	Johannes Helander
1994-05-26 09:51:33 +00:00
Rodney W. Grimes
26f9a76710 The big 4.4BSD Lite to FreeBSD 2.0.0 (Development) patch.
Reviewed by:	Rodney W. Grimes
Submitted by:	John Dyson and David Greenman
1994-05-25 09:21:21 +00:00
Rodney W. Grimes
df8bae1de4 BSD 4.4 Lite Kernel Sources 1994-05-24 10:09:53 +00:00