Commit Graph

4285 Commits

Author SHA1 Message Date
Poul-Henning Kamp
e7319bab6b Big sweep over the IPFIREWALL and IPACCT code.
Close the ip-fragment hole.
Waste less memory.
Rewrite to contemporary more readable style.
Kill separate IPACCT facility, use "accept" rules in IPFIREWALL.
Filter incoming >and< outgoing packets.
Replace "policy" by sticky "deny all" rule.
Rules have numbers used for ordering and deletion.
Remove "rerorder" code entirely.
Count packet & bytecount matches for rules.

Code in -current & -stable is now the same.
1996-02-23 15:47:58 +00:00
Peter Wemm
33b3ac0633 Make the default behavior of local port assignment match traditional
systems (my last change did not mix well with some firewall
configurations).  As much as I dislike firewalls, this is one thing I
I was not prepared to break by default.. :-)

Allow the user to nominate one of three ranges of port numbers as
candidates for selecting a local address to replace a zero port number.
The ranges are selected via a setsockopt(s, IPPROTO_IP, IP_PORTRANGE, &arg)
call.  The three ranges are: default, high (to bypass firewalls) and
low (to get a port below 1024).

The default and high port ranges are sysctl settable under sysctl
net.inet.ip.portrange.*

This code also fixes a potential deadlock if the system accidently ran out
of local port addresses. It'd drop into an infinite while loop.

The secure port selection (for root) should reduce overheads and increase
reliability of rlogin/rlogind/rsh/rshd if they are modified to take
advantage of it.

Partly suggested by: pst
Reviewed by: wollman
1996-02-22 21:32:23 +00:00
David Greenman
f9d5a964af Fixed bug in Path MTU Discovery that caused the system to have to re-
discover the Path MTU for each connection if the connecting host didn't
offer an initial MSS.

Submitted by:	davidg & olah
1996-02-22 11:46:39 +00:00
Bill Fenner
7d1ba41375 Make the "arpresolve: can't allocate llinfo" error message
more useful by printing out the IP address it was trying to
resolve, since we're seeing so many complaints about this
error.
1996-02-20 17:54:17 +00:00
Garrett Wollman
4de31ee58e #if out unsupported IMP code. 1996-02-08 15:43:35 +00:00
Garrett Wollman
c67b1d17da Provide a direct entry point for IP input. This actually results
in a slight decrease in performance, but will lead to better
performance later.
1996-02-05 20:36:02 +00:00
Garrett Wollman
cbb0b46ab7 Fill in the corresponding ether address of multicast and broadcast
pseudo-``ARP entries'' so arp(8) doesn't show them as `unresolved'.
1996-02-05 18:04:30 +00:00
Poul-Henning Kamp
821c204e91 Make the sorting of IPFW rules an option. You don't want it to sort them.
>>>WARNING<<<  you may have to revisit your firewall setup.
1996-02-03 11:48:12 +00:00
Andras Olah
07e43e10f8 Fix a bug related to the interworking of T/TCP and window scaling:
when a connection enters the ESTBLS state using T/TCP, then window
scaling wasn't properly handled.  The fix is twofold.

1) When the 3WHS completes, make sure that we update our window
scaling state variables.

2) When setting the `virtual advertized window', then make sure
that we do not try to offer a window that is larger than the maximum
window without scaling (TCP_MAXWIN).

Reviewed by:	davidg
Reported by:	Jerry Chen <chen@Ipsilon.COM>
1996-01-31 08:22:24 +00:00
Mike Pritchard
6c5e9bbdf5 Fix a bunch of spelling errors in the comment fields of
a bunch of system include files.
1996-01-30 23:02:38 +00:00
Poul-Henning Kamp
18b7be4064 The last part of the ether_sprint -> %6D change.
Sorry for the delay.
(%D is for hexdumping.)
1996-01-26 09:29:29 +00:00
Poul-Henning Kamp
1ce9bf88c3 Use new printf features rather than local kludges. 1996-01-24 21:12:23 +00:00
Bill Fenner
4dde4205e1 First piece of fixing ppp/proxy arp problem:
If an attempt to add a route fails because an "ARP table" entry is in
the way, remove the ARP entry and retry the add.

Reviewed by:	nate
1996-01-23 05:15:30 +00:00
Peter Wemm
34da58488d remove tcp_lastport - it has not been used for quite a while (at least
since the hashed pcb's I think).
1996-01-19 08:02:34 +00:00
Peter Wemm
101f9fc846 Change the default local address range for IP from 1024 through 5000
to 20000 through 30000.  These numbers are used for local IP port numbers
when an explicit address is not specified.

The values are sysctl modifiable under: net.inet.ip.port_{first|last}_auto

These numbers do not overlap with any known server addresses, without going
above 32768 which are "negative" on some other implementations.

20000 through 30000 is 2.5 times larger than the old range, but some have
suggested even that may not be enough... (gasp!)  Setting a low address
of 10000 should be plenty.. :-)
1996-01-19 08:00:58 +00:00
Bill Fenner
4840541232 Add definitions for ICMP router discovery.
Reviewed by:	wollman
1996-01-19 01:19:08 +00:00
Andras Olah
81165e4880 Be more conservative when T/TCP extensions are disabled. In particular,
do not send data and/or FIN on SYN segments in this case.
1996-01-17 09:35:23 +00:00
David Greenman
ce00153c1f Fix logic bug (!= should be ==) in recent P2P/multicast kludge.
Reviewed by:	Bill Fenner <fenner@parc.xerox.com>
Submitted by:	Dave Marquardt <marquard@austin.ibm.com>
1996-01-09 08:26:07 +00:00
Guido van Rooij
8dd27fd68b Fix a bug where having a process listening to both a INADDR_ANY and a
local address, that was assigned with ifconfig alias and netmask
0xffffffff, would receive duplictae udp packets.
This behaviour can easily be seen by having named run, and using the alias
address as the name server.
This solution is not the pretiest one, but after talk with Garreth, it
is seen as the most easy one.
1996-01-08 20:59:06 +00:00
Garrett Wollman
d4fb926c62 Finally demolished the last, tottering remnants of GATEWAY. If you want
to enable IP forwarding, use sysctl(8).  Also did the same for IPX,
which involved inventing a completely new MIB from whole cloth (which
I may not quite have correct); be aware of this if you use IPX forwarding.
(The two should never have been controlled by the same option anyway.)
1996-01-05 20:47:05 +00:00
Andras Olah
74b48c1de1 Reverse the modification which caused the annoying m_copydata crash: set
the TF_ACKNOW flag when the REXMT timer goes off to force a
retransmission.  In certain situations pulling snd_nxt back to snd_una
is not sufficient.
1996-01-04 21:34:21 +00:00
Garrett Wollman
33d06b436b Try to make multicast routing work correctly over point-to-point
links (which was broken previously by the support for half-routers).

Submitted by:	Bill Fenner <fenner@parc.xerox.com>
1996-01-03 20:24:33 +00:00
David Greenman
858c045f77 Remove some bogus externs. 1995-12-29 01:12:02 +00:00
Garrett Wollman
1814a725c2 If _IP_VHL is defined, declare a single ip_vhl member in struct ip rather
than separate ip_v and ip_hl members.  Should have no effect on current code,
but I'd eventually like to get rid of those obnoxious bitfields completely.
1995-12-21 21:20:27 +00:00
Garrett Wollman
3dbdcb2c95 Delete old-style-broadcast-address compatibility cruft in IP input path.
If users want to use the old-style broadcast addresses, they will have to
currectly configure their systems.
1995-12-21 21:12:22 +00:00
Garrett Wollman
602d513c5a in_proto.c: spell ``Internet'' right and put whitespace after commas.
others: start to populate the link-layer branch of the net mib, by
moving ARP to its proper place.  (ARP is not a protocol family, it's an
interface layer between a medium-access layer and a protocol family.)
sysctl(8) needs to be taught about the structure of this branch, unless
Poul-Henning implements dynamic MIB exploration soon.
1995-12-20 21:53:53 +00:00
Garrett Wollman
b97d15cbb7 Demolish DIRECTED_BROADCAST. It was always a bad idea, and nobody uses it. 1995-12-20 18:04:19 +00:00
Garrett Wollman
bda4c85ae6 Fix a nagging divide-by-zero error resulting from the MTU discovery code
getting triggered at a bad time.
1995-12-20 17:42:28 +00:00
Garrett Wollman
994fdef98a Added a comment about why trying to make a one-behind cache for
the route in ip_output() is a bad idea.
1995-12-19 21:24:19 +00:00
Garrett Wollman
ce29ab3ac6 Actually call in_rtqdrain()as was originally intended. 1995-12-19 20:46:15 +00:00
Bruce Evans
b62d102cbb Uniformized pr_ctlinput protosw functions. The third arg is now `void
*' instead of caddr_t and it isn't optional (it never was).  Most of the
netipx (and netns) pr_ctlinput functions abuse the second arg instead of
using the third arg but fixing this is beyond the scope of this round
of changes.
1995-12-16 02:14:44 +00:00
Bruce Evans
081d3b932c Added a prototype. 1995-12-16 00:05:40 +00:00
Poul-Henning Kamp
f708ef1b9e Another mega commit to staticize things. 1995-12-14 09:55:16 +00:00
Poul-Henning Kamp
f6d24a780b Staticize. 1995-12-09 20:43:53 +00:00
Poul-Henning Kamp
885f1aa42b Remove old ballast, clean up a little bit, staticize.
Add five sysctl variables that you should probably never tweak.
	net.arp.t_prune: 300
	net.arp.t_keep: 1200
	net.arp.t_down: 20
	net.arp.maxtries: 5
	net.arp.useloopback: 1
	net.arp.proxyall: 0

(It's net.arp because arp isn't limited to inet, though our present
implementation surely is).
1995-12-09 16:06:54 +00:00
Garrett Wollman
be070f4335 Added a conditionalized printf for debugging MTU discovery. 1995-12-08 16:46:06 +00:00
Bruce Evans
2baeef32b6 Removed unnecessary #includes of vm stuff. Most of them were once
prerequisites for <sys/sysctl.h>.

subr_prof.c:
Also replaced #include of <sys/user.h> by #include of <sys/resourcevar.h>.
1995-12-06 23:37:44 +00:00
Bruce Evans
f1844d4cdf Added explicit include of <sys/queue.h>. Currently, some things only
compile because <vm/vm.h> happens to be gratuitously included before
<netinet/in_pcb.h> and <vm/vm.h> happens to include <sys/queue.h>.
1995-12-05 21:26:34 +00:00
Garrett Wollman
b7a44e3486 Path MTU Discovery is now standard. 1995-12-05 17:46:50 +00:00
David Greenman
4a5f1499b0 all:
Removed ifnet.if_init and ifnet.if_reset as they are generally unused.
Change the parameter passed to if_watchdog to be a ifnet * rather than
a unit number. All of this is an attempt to move toward not needing an
array of softc pointers (which is usually static in size) to point to
the driver softc.

if_ed.c:
Changed some of the argument passing to some functions to make a little
more sense.

if_ep.c, if_vx.c:
Killed completely bogus use of if_timer. It was being set in such a way
that the interface was being reset once per second (blech!).
1995-12-05 02:01:59 +00:00
Bruce Evans
ce7609a49c Completed function declarations and/or added prototypes. 1995-12-02 19:38:06 +00:00
Poul-Henning Kamp
dcc3cb753b fix #includes & warnings. 1995-11-20 12:28:21 +00:00
Bruce Evans
1031ab97d2 Fixed the type of a function pointer. 1995-11-18 13:25:41 +00:00
Bruce Evans
ff98689d2d Fixed recent staticizations. Some protypes for static functions were
left in headers and not staticized.
1995-11-16 09:51:22 +00:00
Poul-Henning Kamp
0312fbe97d New style sysctl & staticize alot of stuff. 1995-11-14 20:34:56 +00:00
Poul-Henning Kamp
98163b98dc Start adding new style sysctl here too. 1995-11-09 20:23:09 +00:00
Andras Olah
845799c166 Cosmetic changes to processing of segments in the SYN_SENT state:
- remove a redundant condition;
- complete all validity checks on segment before calling
  soisconnected(so).

Reviewed by:	Richard Stevens, davidg, wollman
1995-11-03 22:31:54 +00:00
Andras Olah
356ad1b0cb Setting the TF_ACKNOW flag was redundant in the REXMT timeout because
tcp_output() checks for the condition snd_nxt == snd_una.

Reviewed by:	davidg, wollman, olah
Suggested by:	Richard Stevens
1995-11-03 22:19:50 +00:00
Andras Olah
a45d27261d Fix a logical error in T/TCP: when we actively open a connection, we
have to decide whether to send a CC or CCnew option in our SYN segment
depending on the contents of our TAO cache.  This decision has to be
made once when the connection starts.  The earlier code delayed this
decision until the segment was assembled in tcp_output() and
retransmitted SYN segments could have different CC options.

Reviewed by:	Richard Stevens, davidg, wollman
1995-11-03 22:08:13 +00:00
Garrett Wollman
054ef37088 Instrument the IP input queue with two new read-only MIB entries:
net.inet.ip.intr-queue-maxlen (=== ipintrq.ifq_maxlen)
and	net.inet.ip.intr-queue-drops (=== ipintrq.ifq_drops)

There should probably be a standard way of getting the same information
going the other way.
1995-11-01 17:18:27 +00:00
Andras Olah
b6239c4a19 Start the 2MSL timer when the socket is closed and the TCP connection is
in the FIN_WAIT_2 state in order to prevent the conn. hanging there
forever.

Reviewed by:	davidg, olah
Submitted by:	Arne Henrik Juul <arnej@imf.unit.no>
Obtained from:	bugs@netbsd.org
1995-10-29 21:30:25 +00:00
Poul-Henning Kamp
a98ca4699e Second batch of cleanup changes.
This time mostly making a lot of things static and some unused
variables here and there.
1995-10-29 15:33:36 +00:00
Julian Elischer
cc6a66f20e Reviewed by: julian and jhay@mikom.csir.co.za
Submitted by:	Mike Mitchell, supervisor@alb.asctmd.com

This is a bulk mport of Mike's IPX/SPX protocol stacks and all the
related gunf that goes with it..
it is not guaranteed to work 100% correctly at this time
but as we had several people trying to work on it
I figured it would be better to get it checked in so
they could all get teh same thing to work on..

Mikes been using it for a year or so
but on 2.0

more changes and stuff will be merged in from other developers now that this is in.

Mike Mitchell, Network Engineer
AMTECH Systems Corporation, Technology and Manufacturing
8600 Jefferson Street, Albuquerque, New Mexico 87113 (505) 856-8000
supervisor@alb.asctmd.com
1995-10-26 20:31:59 +00:00
Ugen J.S. Antsilevich
7934237885 Support all the tcpflag options in firewall.
Add reading options from file, now ipfw <filename> will
read commands string after string from file , form of strings
same as command line interface.
1995-10-23 03:58:06 +00:00
Poul-Henning Kamp
e3965e5b67 Remove the last trace of arptnew() 1995-10-22 19:07:58 +00:00
David Greenman
c1f8a6cefa Fix panic caused by PRU_CONTROL not being dealt with properly. Bug pointed
out by David Maltz <dmaltz@orval.mach.cs.cmu.edu>, but this fix is by me.
1995-10-21 02:12:20 +00:00
Garrett Wollman
3d1f141b23 The ability to administratively change the MTU of an interface presents
a few new wrinkles for MTU discovery which tcp_output() had better
be prepared to handle.  ip_output() is also modified to do something
helpful in this case, since it has already calculated the information
we need.
1995-10-16 18:21:26 +00:00
Garrett Wollman
91badc866f Routes can be asymmetric. Always offer to /accept/ an MSS of up to the
capacity of the link, even if the route's MTU indicates that we cannot
send that much in their direction.  (This might actually make it possible
to test Path MTU discovery in a useful variety of cases.)
1995-10-13 16:00:25 +00:00
Garrett Wollman
3abc79d2ee The additional checks involving sequence numbers in MTU discovery resends
turned out not to be necessary; simply watching for MTU decreases (which
we already did) automagically eliminates all the cases we were trying to
protect against.
1995-10-12 17:37:25 +00:00
Garrett Wollman
143d7a5499 More MTU discovery: avoid over-retransmission if route changes in the
middle of a fully-open window.  Also, keep track of how many retransmits
we do as a result of MTU discovery.  This may actually do more work than
necessary, but it's an unusual condition...

Suggested by: Janey Hoe <janey@lcs.mit.edu>
1995-10-10 17:45:43 +00:00
Garrett Wollman
1cb55cbffc Put newline at end of log()ed messages so syslog can't fill up your
/var quite as fast.
1995-10-06 19:30:43 +00:00
Garrett Wollman
66800f5742 Convert ARP to use queue.h macros rather than insque/remque. While
we're at it, eliminate obsolete exposure of `struct llinfo_arp' to
the world.  (This dates back to when ARP entries were not stored in
the routing table, and there was no other way for the `arp' program
to read the whole table than to grovel around in /dev/kmem.)
1995-10-05 20:08:43 +00:00
Garrett Wollman
6bb9a8e77d Make a whole bunch of PCB variables ints rather than shorts. There appear
to be no ill effects, and so far as Iknow none of the variables in
question depend on 16-bit wraparound behavior.  (The sizes are in
many cases relics from when a PCB had to fit inside a 128-byte mbuf.  PCBs
are no longer stored in that way, and the old structure would not have
fit, either.)
1995-10-04 20:49:03 +00:00
Garrett Wollman
e79adb8ed6 Finish 4.4-Lite-2 merge: randomize TCP initial sequence numbers
to make ISS-guessing spoofing attacks harder.
1995-10-03 16:54:17 +00:00
Ugen J.S. Antsilevich
37afa1e829 Well..finally..this is the first part..it should take care of
matching IP options..Check and test this - i made only a couple
of rough tests and this could be buggy.. Ipaccounting can't use
IP Options (and i don't see any need to cound packets with specific
options either..)
More to come...
1995-10-01 21:52:50 +00:00
Garrett Wollman
d7f570e630 Merge 4.4-Lite-2: update version number (we already have the same fixes).
Obtained from:	4.4BSD-Lite-2
1995-09-22 20:05:58 +00:00
Garrett Wollman
6dfab5b1e1 Merge 4.4-Lite-2: always check the UDP checksum if it is present, even
if we are not generating checksums.  (Save a test in the input path.)
1995-09-22 19:56:26 +00:00
Garrett Wollman
f001bbb882 Correct spelling error in MTUDISC code. 1995-09-22 17:43:37 +00:00
Peter Wemm
4dc45a5fa1 Remove duplicate definition for tcps_persistdrop, as added by davidg some
time ago.  I left in Garrett's one, because his was in the 4.4-Lite-2
location, making any diffs just that little bit smaller.

I presume this choice means that netstat needs to be recompiled before
"netstat -s" will give a meaningful answer on tcp stats.
1995-09-22 07:40:18 +00:00
Garrett Wollman
25f26ad85a Merge with 4.4-Lite-2: fix bug that caused getsockopt of IP_HDRINCL
to fail.

Obtained from:	4.4BSD-Lite-2
1995-09-21 19:59:43 +00:00
Garrett Wollman
3271ad14d8 Merge 4.4-Lite-2 by updating the version number.
Obtained from:	4.4BSD-Lite-2
1995-09-21 18:04:43 +00:00
Garrett Wollman
425f123ed4 Merge 4.4-Lite-2: update some declarations that we don't support anyway.
Obtained from:	4.4BSD-Lite-2
1995-09-21 17:58:07 +00:00
Garrett Wollman
2469dd60b7 Merge 4.4-Lite-2: use M_NOWAIT in in_pcballoc(), and return EACCES rather
than EPERM on illegal attempt to bind a reserved port.

Obtained from:	4.4BSD-Lite-2
1995-09-21 17:55:49 +00:00
Garrett Wollman
2180b92513 Merge with 4.4-Lite-2. This is actually a 64-bit fix; the second parameter
to in_control() is sometimes a pointer, and sometimes an integer, so use
u_long rather than int.

Obtained from:	4.4BSD-Lite-2
1995-09-21 17:50:45 +00:00
Garrett Wollman
ef91e5283e Merge with 4.4-Lite-2. This involves changing the version number and
moving a declaration around.

Obtained from:	4.4BSD-Lite-2
1995-09-21 17:39:51 +00:00
Garrett Wollman
6c52bc4648 Merge with 4.4-Lite-2. This just adds a couple of tcpstat entries which
we don't currently set, but might in the future.
1995-09-21 17:29:13 +00:00
Garrett Wollman
f138387af1 Add support in TCP for Path MTU discovery. This is highly experimental
and gated on `options MTUDISC' in the source.  It is also practically
untested becausse (sniff!) I don't have easy access to a network with
an MTU of less than an Ethernet.  If you have a small MTU network,
please try it and tell me if it works!
1995-09-20 21:00:59 +00:00
Garrett Wollman
5cbf3e086c Initial back-end support for IP MTU discovery, gated on MTUDISC. The support
for TCP has yet to be written.
1995-09-18 15:51:40 +00:00
Garrett Wollman
b6e3d50f4c Don't leak mbufs in an unusual error case in tcp_usrreq().
Reviewed by:	Andras Olah <olah@freebsd.org>
Obtained from:	Lite-2
1995-09-13 17:54:03 +00:00
Garrett Wollman
51823c3a93 If tcp_output() is unable to allocate space for a copy of the data waiting
to be sent, just clean up and return ENOBUFS rather than silently
proceeding without sending any of the data.  This makes it consistent
with the `#ifdef notyet' case immediately above.

Reviewed by:	Andras Olah <olah@freebsd.org>
Obtained from:	Lite-2
1995-09-13 17:36:31 +00:00
Garrett Wollman
2b758395ea Fix long-standing bug in ICMPPRINTFS code where NTOHL was used instead
of ntohl for printing IP addresses, by instead substituting inet_ntoa()
to produce human-readable output.

Obtained from:	4.4-Lite-2
1995-08-29 17:49:04 +00:00
Garrett Wollman
6adca7ad76 Fix some problems with multicast forwarding:
Garrett,

  Here are some patches for the rate limiting code.  It should be faster,
and in particular it doesn't leak malloc'd memory any more when rate_limit'ing
a phyint.

  It now uses an mbuf chain at each vif, instead of the static queue array.
This means that the MAXQSIZE is now variable per vif (although there is no
interface to change it other than a debugger); this is an area for more
experimentation.

  Bill

Submitted by:	Bill Fenner <fenner@parc.xerox.com>
1995-08-23 18:20:17 +00:00
Andras Olah
7eb7a449c4 Add a sanity check for the UDP length field in order to prevent
malformed UDP packets to panic the kernel.
Reviewed by:	davidg, wollman
Obtained from:	dab@berserkly.cray.com (David A. Borman) via end2end list
1995-08-17 22:09:14 +00:00
Gary Palmer
7d4aa0825d Try to make the `syn' blocking code act a bit more sensibly - don't
block `syn' packets that have `ack' set.
Reviewed by:
Submitted by:
Obtained from:
1995-07-31 13:58:35 +00:00
Andras Olah
d3eede9d32 Remove a redundant `if' from tcp_reass().
Correct a typo in a comment (SEND_SYN -> NEEDSYN).

Reviewed by:	David Greenman
1995-07-31 10:24:22 +00:00
David Greenman
cc0964fb2b Add connection drop capability for persist timeouts.
Reviewed by:	Andras Olah
Obtained from:	4.4BSD-lite2 via W. Richard Stevens
1995-07-29 18:48:44 +00:00
Garrett Wollman
b124e4f284 Fix test for determining when RSVP is inactive in a router. (In this
case, multicast options are not passed to ip_mforward().)  The previous
version had a wrong test, thus causing RSVP mrouters to forward RSVP messages
in violation of the spec.
1995-07-26 18:05:16 +00:00
Garrett Wollman
59929500b4 Declare rsvp_input() to take the correct set of arguments and figure out
the receipt interface in the correct way.
1995-07-24 18:15:13 +00:00
Garrett Wollman
b4489dc30a Completely turn off RSVP intercept when a socket being used for that purpose
is PRU_DETACHed.  This solves the problem that RSVP would not come up inm
raw mode if previously killed.
1995-07-24 16:33:51 +00:00
David Greenman
f70b105004 Added $Id$. 1995-07-23 05:36:31 +00:00
Peter Wemm
42c03a52ba Change the compile-time option of DIRECTED_BROADCAST into a sysctl
variable underneath ip, "directed-broadcast".
Reviewed by:	David Greenman
Obtained from:	NetBSD, by Darren Reed.
1995-07-18 09:56:44 +00:00
Garrett Wollman
357b78a939 Return EDESTADDRREQ rather than EADDRNOTAVAIL if the user attempts to
half-configure a point-to-point interface.

Submitted by:	Jonathan M. Bresler <jmb@kryten.atinc.com>
1995-07-17 15:15:15 +00:00
Garrett Wollman
5b7ee6ed04 ICMP messages received from broken hosts which reply to multicast packets
were mistakenly delivered, rather than getting thrown out, which caused
substantial lossage.

Submitted by: Bill Fenner <fenner@parc.xerox.com>
1995-07-10 16:16:00 +00:00
Garrett Wollman
dd22498271 tcp_input.c - keep track of how many times a route contained a cached rtt
or ssthresh that we were able to use

tcp_var.h - declare tcpstat entries for above; declare tcp_{send,recv}space

in_rmx.c - fill in the MTU and pipe sizes with the defaults TCP would have
	used anyway in the absence of values here
1995-07-10 15:39:16 +00:00
David Greenman
c6e8c3576e Fixed panic that occurs on certain firewall rejected packets that was
caused by dtom() being used on an mbuf cluster. The fix involves passing
around the mbuf pointer.

Submitted by:	Bill Fenner
1995-07-09 14:29:46 +00:00
David Greenman
04c3f9f7ab Added some spaces for KNF. Moved some zero-initialized pointers into the
kernel's .bss.
1995-07-04 05:46:13 +00:00
David Greenman
09270166bb This is the end result of about a dozen passes through this code to fix
incorrect indents, a variety of poor coding practices such as comparing
pointers to constants ('0'), poor code structuring, etc, etc. This brings
the code up to the minimum standards for inclusion in FreeBSD.
1995-07-04 05:39:03 +00:00
David Greenman
ed64321cec Define TRUE and FALSE. 1995-07-04 05:29:30 +00:00
David Greenman
7e9367a410 1) Removed bogus #include
2) Rewrote "bad_packet" code to be less buggy and more readable.
3) Removed a pile of goto's; the code is now somewhat less reminiscent
   of a certain Italian pasta.
4) Changed all boolean returns of "0" and "1" to FALSE/TRUE.
1995-07-04 03:35:20 +00:00
Joerg Wunsch
40a63d93aa Slightly modify my previous change to return EINVAL instead of
EFAULT.

Submitted by:	Peter Wemm
1995-07-02 16:45:07 +00:00
Joerg Wunsch
d700586c3a I saw a very low-key commit message on the netbsd mailing lists and
figured out what the problem was..  Anyway, I rate it as "highly
serious".

Submitted by:	peter@haywire.DIALix.COM (Peter Wemm)
1995-07-01 19:09:40 +00:00
Garrett Wollman
fc97827135 Keep track of the number of samples through the srtt filter so that we
know better when to cache values in the route, rather than relying on a
heuristic involving sequence numbers that broke when tcp_sendspace
was increased to 16k.
1995-06-29 18:11:24 +00:00
Gary Palmer
06cf932bcb Add a missing `goto' statement so that this compiles yet again. 1995-06-28 13:22:36 +00:00
David Greenman
e9ce2e7d20 Added function prototypes for ip_rsvp_vif_init, ip_rsvp_vif_done, and
ip_rsvp_force_done.
1995-06-28 05:13:02 +00:00
Garrett Wollman
20dc68b204 Delete obsolete #if 0 block. 1995-06-27 20:36:34 +00:00
Guido van Rooij
a0aa52a646 reject option in ip_fw used to panic the system. This fixes it.
-Guido
Reviewed by:
Submitted by:
Obtained from:
1995-06-27 17:26:27 +00:00
Garrett Wollman
524743b0fe From Bill Fenner:
> Also, I don't remember if I sent you this; it affects PIM assert processing.

Submitted by:	Bill Fenner <fenner@parc.xerox.com>
1995-06-26 16:15:49 +00:00
Garrett Wollman
fba14c2e49 Corrected a bug that caused protocol-4 tunnels (used for multicast
forwarding between networks that aren't directly connected) not to work
by intercepting the wrong protocol number.  This should fix a bug reported
previously by someone I don't remember.
1995-06-26 16:11:51 +00:00
Garrett Wollman
43bed81d64 Fix an error in the comparison direction of the ap->updating case of
in_rtqkill().

Submitted by: W. Richard Stevens
1995-06-21 19:48:53 +00:00
Garrett Wollman
4650161123 Fix a resource allocation bug where multicast forwarding would leak mbufs
in certain cases when allocation of another mbuf has already failed.

Submitted by: Bill Fenner <fenner@parc.xerox.com>
1995-06-19 17:22:01 +00:00
Garrett Wollman
9167720192 Now that we've gone to all sorts of effort to allow TCP to cache some of
its connection parameters, we want to keep statistics on how often this
actually happens to see whether there is any work that needs to be done in
TCP itself.

Suggested by: John Wroclawski <jtw@lcs.mit.edu>
1995-06-19 16:45:33 +00:00
Garrett Wollman
1c5de19afb Kernel side of 3.5 multicast routing code, based on work by Bill Fenner
and other work done here.  The LKM support is probably broken, but it
still compiles and will be fixed later.
1995-06-13 17:51:16 +00:00
Rodney W. Grimes
d3628763db Merge RELENG_2_0_5 into HEAD 1995-06-11 19:33:05 +00:00
Rodney W. Grimes
9b2e535452 Remove trailing whitespace. 1995-05-30 08:16:23 +00:00
David Greenman
765b90447e These diffs modify the behaviour of multicast clients to conform with the
IGMPv2 spec.  This fixes the following bugs:

o ntohs() on a char provides silly results
o timer needs to be scaled to units of PR_FASTHZ; this was being done
  inconsistenly so now it gets done when it is initialized.

Reviewed by:	Garrett Wollman
Submitted by:	Bill Fenner <fenner@parc.xerox.com>
1995-05-16 01:28:29 +00:00
Andrey A. Chernov
2f632e8fe8 Fix getsockopt(IP_ACCT_*) to not panic kernel
Submitted by: Bill Fenner <fenner@parc.xerox.com>
1995-05-12 20:00:21 +00:00
Rodney W. Grimes
b2b795f07c Fix -Wformat warnings from LINT kernel. 1995-05-11 19:26:53 +00:00
David Greenman
6b067b0744 #ifdef'd my Nagel/ACK hack with "TCP_ACK_HACK", disabled by default. I'm
currently considering reducing the TCP fasttimo to 100ms to help improve
things, but this would be done as a seperate step at some point in the
future.
This was done because it was causing some sometimes serious performance
problems with T/TCP.
1995-05-11 01:41:06 +00:00
Garrett Wollman
748e0b0acc Make networking domains drop-ins, through the magic of GNU ld. (Some day,
there may even be LKMs.)  Also, change the internal name of `unixdomain'
to `localdomain' since AF_LOCAL is now the preferred name of this family.
Declare netisr correctly and in the right place.
1995-05-11 00:13:26 +00:00
David Greenman
94a5d9b6a1 Replaced some bcopy()'s with memcpy()'s so that gcc while inline/optimize. 1995-05-09 13:35:48 +00:00
Andras Olah
40db8ef747 Fix a misspelled constant in tcp_input.c.
On Tue, 09 May 1995 04:35:27 PDT, Richard Stevens wrote:
> In tcp_dooptions() under the case TCPOPT_CC there is an assignment
>
>       to->to_flag |= TCPOPT_CC;
>
> that should be
>
>       to->to_flag |= TOF_CC;
>
> I haven't thought through the ramifications of what's been happening ...
>
>       Rich Stevens

Submitted by:	rstevens@noao.edu (Richard Stevens)
1995-05-09 12:32:06 +00:00
Andrey A. Chernov
2ee32961f5 Add IPTOS_MINCOST according to RFC 1349
Change IPTOS_PREC_ROUTINE to 0 (was conflict with IPTOS_LOWDELAY) according
to RFC 791 (unchanged since it) and BSDI 2.0 style
Submitted by: Igor Sviridov <siac@ua.net>
1995-05-05 14:36:38 +00:00
David Greenman
0d7b7d3ea7 Changed in_pcblookuphash() to not automatically call in_pcblookup() if
the lookup fails. Updated callers to deal with this. Call in_pcblookuphash
instead of in_pcblookup() in in_pcbconnect; this improves performance of
UDP output by about 17% in the standard case.
1995-05-03 07:16:53 +00:00
Paul Traina
f5fea3ddc9 Cleanup loopback interface support.
Reviewed by:	wollman
1995-04-26 18:10:58 +00:00
Garrett Wollman
1067217d5d Disallow half-configured point-to-point interfaces. It's still possible to
get into a half-configured state by using the old-style ioctls;this
may be a feature.
1995-04-25 19:50:20 +00:00
Andras Olah
c4575b2416 Include <sys/queue.h> because <netinet/in_pcb.h> (also included
later in tcp_debug.c) requires it due to the pcb changes of DavidG.
1995-04-19 10:26:04 +00:00
David Greenman
230620627b Fixed bug I introduced when changing PCB list to use 4.4BSD style queue
macros. Basically, detect 'tp' going away differently.
1995-04-12 06:49:56 +00:00
David Greenman
d79940da0a Further satisfy my paranoia by making sure that the ACKNOW is only
set when ti_len is non-zero.
1995-04-10 17:37:46 +00:00
David Greenman
afa70c96dd Fixed bug I introduced with my Nagel hack which caused tcp_input and
tcp_output to loop endlessly. This was freefall's problem during the past
day.
1995-04-10 17:16:10 +00:00
David Greenman
7bc4aca7f0 Added splnet protections for PCB list manipulations and traversals. 1995-04-10 08:52:45 +00:00
David Greenman
64e4231041 Backed out Jordan's #include of queue.h 1995-04-10 00:43:18 +00:00
Jordan K. Hubbard
cb7533f532 #include <sys/queue.h> or die horribly. 1995-04-09 16:46:47 +00:00
David Greenman
15bd2b4385 Implemented PCB hashing. Includes new functions in_pcbinshash, in_pcbrehash,
and in_pcblookuphash.
1995-04-09 01:29:31 +00:00
Andras Olah
755c1f07c8 Fix a bug in tcp_input reported by Rick Jones <raj@hpisrdq.cup.hp.com>.
If a goto findpcb occurred during the processing of a segment, the TCP and
IP headers were dropped twice from the mbuf which resulted in data acked
by TCP but not delivered to the user.
Reviewed by:	davidg
1995-04-05 10:32:14 +00:00
Bruce Evans
8c62f8d80f Remove redundant declarations. 1995-04-02 19:05:09 +00:00
Bill Paul
5f6d32c735 Add declaration for struct ether_addr (this is where Sun documents
it to go).
1995-04-02 01:26:26 +00:00
David Greenman
8a31826613 Backed out changes in rev 1.5 that prevent sending FIN if in CLOSING
state. This causes an infinite loop in some rare cases (probably caused
by some other, much more difficult to find bug).
1995-03-30 23:35:55 +00:00
David Greenman
e612a582cc Re-apply my "breakage" to the Nagel congestion avoidence. This version
differs slightly in the logic from the previous version; packets are now
acked immediately if the sender set PUSH.
1995-03-27 07:12:24 +00:00
Garrett Wollman
ffa5b11ab5 in_var.h: in_multi structures now form a queue(3)-style LIST structure
in.c: when an interface address is deleted, keep its multicast membership
.     records (attached to a struct multi_kludge) for attachment to the
.     next address on the same interface.  Also, in_multi structures now
.     gain a reference to the ifaddr so that they won't point off into
.     freed memory if an interface goes away and doesn't come back before
.     the last socket reference drops.  This is analogous to how it is
.     done for routes, and seems to make the most sense.
1995-03-23 18:14:41 +00:00
Garrett Wollman
20e8807c09 This should be splimp() rather than splnet() since ifaddrs might go away
as a result of link-layer processing.
1995-03-20 18:31:51 +00:00
Garrett Wollman
9b626c29f7 Fix race conditions involved in setting IP multicast options. This should
fix Dennis Fortin's problem for good, if I've got it figured out right.

(The problem was that a `struct ifaddr' could get deleted out from under
the current requester, thus leaving him with an invalid interface pointer
and causing even more bogus accesses.)
1995-03-20 18:11:31 +00:00
David Greenman
edf8a81561 Removed redundant newlines that were in some panic strings. 1995-03-19 14:29:26 +00:00
Garrett Wollman
1025071f85 Reject source routes unless configured on by administrator. 1995-03-16 18:22:28 +00:00
Bruce Evans
b5e8ce9f12 Add and move declarations to fix all of the warnings from `gcc -Wimplicit'
(except in netccitt, netiso and netns) and most of the warnings from
`gcc -Wnested-externs'.  Fix all the bugs found.  There were no serious
ones.
1995-03-16 18:17:34 +00:00
Garrett Wollman
ef0cdf3329 Add inet_ntoa() and replace ARP's private routine with same. 1995-03-16 17:32:27 +00:00
Garrett Wollman
d99c7a23fa This set of patches enables IP multicasting to work under FreeBSD. I am
submitting them as context diffs for the following files:

sys/netinet/ip_mroute.c
sys/netinet/ip_var.h
sys/netinet/raw_ip.c
usr.sbin/mrouted/igmp.c
usr.sbin/mrouted/prune.c

The routine rip_ip_input in raw_ip.c is suggested by Mark Tinguely
(tinguely@plains.nodak.edu). I have been running mrouted with these patches
for over a week and nothing has seemed seriously wrong. It is being run in
two places on our network as a tunnel on one and a subnet querier on the
other. The only problem I have run into is that mrouted on the tunnel must
start up last or the pruning isn't done correctly and multicast packets
flood your subnets.

Submitted by:	Soochon Radee <slr@mitre.org>
1995-03-16 16:25:55 +00:00
David Greenman
2c8fe19f89 pcb allocations are not always done on behalf of a process; it is not
okay to wait.
1995-03-14 21:50:55 +00:00
David Greenman
d41f24e742 Added support for generic FDDI and the DEC DEFEA and DEFPA FDDI adapters.
Submitted by:	Matt Thomas
1995-03-14 09:16:07 +00:00
Ugen J.S. Antsilevich
9870b4d2de Allocate memory as M_IPFW,now we can watch firewall memory usage
in vmstat..
1995-03-12 13:28:13 +00:00
Nate Williams
9617d8b1f6 Removed unnecessary define for TCPOUTFLAGS since they are not used. 1995-03-06 02:49:24 +00:00
David Greenman
3dbdc25caa Move exact match pcb's to the head of the list to improve lookup
performance.
1995-03-02 19:29:42 +00:00
Ugen J.S. Antsilevich
29fe22b93f Allow "via" to be specified ever as IP adress or
as interface name/unit...
1995-02-24 14:33:54 +00:00
Bruce Evans
6f05a6e836 Fix benign type mismatch. 1995-02-22 07:23:26 +00:00
David Greenman
38aa9fc375 Added missing newlines to calls to log(). 1995-02-20 15:48:46 +00:00
Garrett Wollman
c7a82f9016 Include missing <sys/kernel.h> for `hz'.
Submitted by:  David Greenman, Rod Grimes, Christoph Kukulies
1995-02-17 00:29:42 +00:00
Garrett Wollman
cb04d5c55b Don't need to retransmit FIN bit in CLOSING state.
Obtained from: Stevens, vol. 2, exercise 29.5 (solution p. 1090)
1995-02-16 01:53:31 +00:00
Garrett Wollman
1c09f77422 spl back down in unusual out-of-memory condition in udp_output().
Obtained from: Stevens, vol. 2, exercise 23.4 (solution p. 1083)
1995-02-16 01:47:36 +00:00
Garrett Wollman
1fdbc7ae46 Correctly initialize so_linger in ticks (not seconds).
Obtained from: Stevens, vol. 2, p. 1010
1995-02-16 01:42:45 +00:00
Garrett Wollman
dac2030182 Avoid deadlock situation described by Stevens using his suggested replacement
code.

Obtained from: Stevens, vol. 2, pp. 959-960
1995-02-16 01:39:19 +00:00
Garrett Wollman
9bb8795d71 Don't add back in the IP header length to ip_len; icmp_error will do it
for us.

Obtained from: Stevens, vol. 2, p. 774
1995-02-16 01:25:06 +00:00
Garrett Wollman
41f82abe5a Transaction TCP support now standard. Hack away! 1995-02-16 00:55:44 +00:00
Garrett Wollman
f2ea20e676 Add lots of useful MIB variables and a few not-so-useful ones for
completeness.
1995-02-16 00:27:47 +00:00
Garrett Wollman
628e3e3401 After dynamically reducing rtq_reallyold, have in_rtqkill() reduce the
expiration timer of anything which would expire later than that.  (There
should be a way to call this from ip_sysctl() as well, but there currently
isn't.)
1995-02-14 23:11:26 +00:00
Garrett Wollman
ea80aed1a9 Attempt to make the host route cache a bit smarter under conditions of
high load:

	1) If there ever get to be more than net.inet.ip.rtmaxcache entries
	   in the cache, in_rtqtimo() will reduce net.inet.ip.rtexpire by
	   1/3 and do another round, unles net.inet.ip.rtexpire is less than
	   net.inet.ip.rtminexpire, and never more than once in ten minutes
	   (rtq_timeout).

	2) If net.inet.ip.rtexpire is set to zero, don't bother to cache
	   anything.
1995-02-14 23:04:52 +00:00
Poul-Henning Kamp
c70f45100d YFfix. 1995-02-14 06:28:25 +00:00
Poul-Henning Kamp
c178994d81 YPfix 1995-02-14 06:25:17 +00:00
Garrett Wollman
2f96f1f446 Get rid of some unneeded #ifdef TTCP lines. Also, get rid of some
bogus commons declared in header files.
1995-02-14 02:35:19 +00:00
Garrett Wollman
a0292f2375 Merge Transaction TCP, courtesy of Andras Olah <olah@cs.utwente.nl> and
Bob Braden <braden@isi.edu>.

NB: This has not had David's TCP ACK hack re-integrated.  It is not clear
what the correct solution to this problem is, if any.  If a better solution
doesn't pop up in response to this message, I'll put David's code back in
(or he's welcome to do so himself).
1995-02-09 23:13:27 +00:00
David Greenman
e99d026c60 Fixed another TTCP ifdef problem...there isn't any tcp_sysctl field in
!TTCP.
1995-02-09 00:56:09 +00:00
David Greenman
512ff5eaa0 Fix/#ifdef prototype for tcp_mss...apparantly overlooked by Garrett. 1995-02-09 00:49:20 +00:00
Garrett Wollman
999f1343a5 T/TCP changes to generic IP code. This is all ifdefed TTCP so should
have no effect on most users for now.  (Eventually, once this code is
fully tested, the ifdefs will go away.)
1995-02-08 20:22:09 +00:00
Garrett Wollman
eb6ad69646 Merge in T/TCP TCP header file changes. 1995-02-08 20:18:48 +00:00
Gary Palmer
6db216a6d7 Remove a possible loophole - previously the code wouldn't pass packets destined
to the loopback address to the packet filter.

Reviewed by:	"Ugen J.S.Antsilevich" <ugen@netvision.net.il>
1995-02-07 20:30:42 +00:00
Garrett Wollman
838ecf4225 Make sure to disable RSVP intercept when the socket is closed. 1995-02-07 02:53:14 +00:00
Garrett Wollman
479bb8da0e Correct long-standing error in the RSVP hooks (would initialize but never
return success).
1995-01-26 18:59:02 +00:00
Ugen J.S. Antsilevich
2b43c8c9db ip_fwdef.c was missing some assignments , and this
caused that bug by which firewall code was not working
if configured into kernel and worked only as lkm.
Now this must be fixed...Sorry guys..
1995-01-26 10:26:15 +00:00
David Greenman
8eea120788 Kill previous commit as it isn't necessary. 1995-01-26 03:56:20 +00:00
David Greenman
b99f012ec5 Extended the previous change to cover the non-options case, too. 1995-01-24 08:03:22 +00:00
David Greenman
297a37f334 Applied fix from Andreas Schulz with a different comment by me. Fixes a
bug where TCP connections are closed prematurely.

Submitted by:	Andreas Schulz
1995-01-23 17:58:27 +00:00
Garrett Wollman
bbb7c7109b Change caching strategy somewhat:
1) Don't clone routes to multicast destinations; there is nothing useful
   to be gained in this case.
2) Reduce default expiration timer to one hour.  Busy sites will still
   likely want to reduce this, but for ordinary users this is a reasonable
   value to use.
1995-01-23 02:02:50 +00:00
Ugen J.S. Antsilevich
4dd1662b4c Actual firewall change.
1) Firewall is not subdivided on forwarding / blocking chains
   anymore.Actually only one chain left-it was the blocking one.
2) LKM support.ip_fwdef.c is function pointers definition and
goes into kernel along with all INET stuff.
1995-01-12 13:06:32 +00:00
David Greenman
aedcdea1de Fixed mbuf lossage when level != IPPROTO_IP. Problem reported by Robert
Dobbs, hint from Charles Hannum, fix by me.
1995-01-12 10:53:25 +00:00
Garrett Wollman
b2774d00ad Make arp_rtrequest() static since nobody needs to referene it any more. 1994-12-22 22:00:30 +00:00
Garrett Wollman
dd2e410221 Move ARP interface initialization into if_ether.c:arp_ifinit(). 1994-12-22 21:56:22 +00:00
Garrett Wollman
f811ab0233 Avoid a serious race by blocking netisrs while walking the route tree.
(IWBRNI we could just block IP netisrs...)
1994-12-21 17:25:52 +00:00
Garrett Wollman
3c896bda76 Correct sysctl info so that net.inet.ip.rtexpire is actually accessible. 1994-12-21 17:23:59 +00:00
Garrett Wollman
9ee39fc64d Fix PR 59: don't allow TCP connections withmulticast addresses at either
end.
1994-12-15 20:39:34 +00:00
Garrett Wollman
5be2baf843 Make rtq_reallyold user-configurable via sysctl. 1994-12-14 19:06:37 +00:00
Garrett Wollman
2c17fe9339 Call rtalloc_ign() so that protocol cloning will not occur at the IP layer. 1994-12-13 23:08:12 +00:00
Garrett Wollman
31246bc25f Update calls to rtalloc1(). Also merge rt_prflags with rt_flags. 1994-12-13 22:32:45 +00:00
Ugen J.S. Antsilevich
3107b31b8d Add clear one accounting entry control.
Structure fields changed to seem more standart.
1994-12-13 15:57:34 +00:00
Ugen J.S. Antsilevich
f3caf95e23 Late patch for delete control.. 1994-12-12 18:10:41 +00:00
Ugen J.S. Antsilevich
10a642bb05 Add match by interface from which packet arrived (via)
Handle right fragmented packets. Remove checking option
from kernel..
1994-12-12 17:20:55 +00:00
Garrett Wollman
1db18e0fc4 Advanced route cache management is now an official part of IP support. 1994-12-11 21:36:10 +00:00
Garrett Wollman
114a506d1a Delete old, confusing comment. 1994-12-02 23:10:32 +00:00
Garrett Wollman
73579c400f Add a check to make sure that we don't fiddle with the NFS routing tables
as well (bleah!).  Also, increase the interval to the real-life value and
eliminate debugging printfs.  This will be standard once tested by others.
1994-12-02 03:32:24 +00:00
Garrett Wollman
fa1f0e90fb Add latest version of ``advanced route metric management'' :-)
As before, this is currently conditionalized on options IN_RMX until
I'm sure it's working.
1994-12-01 23:19:48 +00:00
Ugen J.S. Antsilevich
c334f8666a Added: ICMP reply,TCP SYN check,logging.. 1994-11-28 12:35:14 +00:00
Jordan K. Hubbard
63f8d699ac Ugen J.S.Antsilevich's latest, happiest, IP firewall code.
Poul:  Please take this into BETA.  It's non-intrusive, and a rather
substantial improvement over what was there before.
1994-11-16 10:17:11 +00:00
Jordan K. Hubbard
dbdc296687 Ugen makes it in with 10 seconds to spare with a one-char diff. Some
people are born lucky..
Submitted by:	ugen
1994-11-08 14:25:17 +00:00
Jordan K. Hubbard
72e8fea57e Almost 12th hour (the 11th hour was almost an hour ago :-) patches
from Ugen.
1994-11-08 12:47:29 +00:00
Jordan K. Hubbard
ad63b51399 2 11th-hour fixes from Ugen (not Uben, sorry!) J.S.Antsilevich.
I think it's time for Ugen to get a freefall account, just so I can
direct mail at him directly and let him drop off patches for us here.  Ugen?
Done!
Submitted by:	ugen
1994-11-07 10:01:32 +00:00
Garrett Wollman
df00058df7 Fix off-by-one error reported to NetBSD by Karl Fox in
<9411031449.AA11102@gefilte.MorningStar.Com>.
1994-11-03 21:04:21 +00:00
Garrett Wollman
bb0135e920 Completely replace JTW's idea with my (incompletely implemented) original
idea.  This is les likely to crash your machine.  As before, this code is only
enabled under `options IN_RMX'.
1994-11-03 01:05:34 +00:00
Garrett Wollman
d4a8d8f240 This is the file that actually implements the smarter behavior. 1994-11-02 04:42:14 +00:00
Garrett Wollman
5c2dae8edc Add code to be a bit smarter about IP routes, conditioned on the option
IN_RMX.  (Eventually this will be standard, but I just wrote the code today
and don't want to break anyone.)
1994-11-02 04:41:39 +00:00
Garrett Wollman
ac234f9399 Clean up ARP error messages: format IP addresses, explain arplookup()
failures in English.
1994-11-02 00:58:29 +00:00
Jordan K. Hubbard
0a87b23329 Latest changes from Uben.
Submitted by:	uben
1994-10-31 23:58:04 +00:00
Paul Traina
6c4b8d672e Detect old-style multicast routers and interoperate properly 1994-10-31 06:36:47 +00:00
Jordan K. Hubbard
100ba1a617 IP Firewall code from Daniel Boulet and J.S.Antsilevich
Submitted by:	danny ugen
1994-10-28 15:09:49 +00:00
Steven Wallace
1bc8a80906 Patch for proper multicast support on point-to-point links.
Submitted by:	apg@demos.su (Paul Antonov) - patch020
1994-10-25 22:13:32 +00:00
Garrett Wollman
ccc999917e Bug fixes from John Brezak. 1994-10-21 02:38:29 +00:00
Garrett Wollman
e2637b6b1c Fix some endianness and packet header bugs found in BSDi's port of this code.
(From mbone mailing-list.)
1994-10-13 22:12:42 +00:00
Garrett Wollman
10be56487a As suggested by Sally Floyd, don't add the ``small fraction of the window
size'' when doing congestion avoidance.

Submitted by:	Mark Andrews
1994-10-13 18:36:32 +00:00
Garrett Wollman
5df7296441 Fix a bug which caused panics when attempting to change just the flags of
a route.  (This still doesn't work, but it doesn't panic now.)  It looks
like there may be a number of incipient bugs in this code.

Also, get ready for the time when all IP gateway routes are cloning, which
is necessary to keep proper TCP statistics.
1994-10-11 23:16:38 +00:00
Poul-Henning Kamp
61ce519bad Cosmetics. Silence gcc -Wall. 1994-10-10 07:56:07 +00:00
Poul-Henning Kamp
ac0776aed7 Cosmetics: silences gcc -Wall. 1994-10-08 22:39:58 +00:00
Poul-Henning Kamp
623ae52e4e GCC cleanup.
Reviewed by:
Submitted by:
Obtained from:
1994-10-02 17:48:58 +00:00
Garrett Wollman
28e822955c Implement full proxy ARP, gated on option ARP_PROXYALL. This allows
a FreeBSD box to do proxy ARP as easily as most commercial routers do,
without messing around with (potentially variable) Ethernet addresses.
This code is really quite simple; I'm not at all sure why it wasn't
implemented in 4.4.

It might be worth stealing an interface flag (maybe IFF_LINK1) to use for
finer-grained control over which interfaces get proxy treatment.  For the
moment, it's all or nothing.
1994-10-01 21:50:33 +00:00
Poul-Henning Kamp
fe95e21fed Made the kernel compile even without "ether". 1994-09-16 05:47:06 +00:00
David Greenman
610ee2f9b5 Made TCPDEBUG truely optional. Based on changes I made in FreeBSD 1.1.5.
Fixed somebody's idea of a joke - about the first half of the lines in
in_proto.c were spaced over by one space.
1994-09-15 10:36:56 +00:00
Garrett Wollman
dea246f55a Add code to make multicast routing be an LKM. 1994-09-14 21:21:29 +00:00
Garrett Wollman
5e9ae478ac Shuffle some functions and variables around to make it possible for
multicast routing to be implemented as an LKM.  (There's still a bit of
work to do in this area.)
1994-09-14 03:10:15 +00:00
Garrett Wollman
01d6dc8860 Disable IPMULTICAST_VIF socket option when MROUTING is not defined,
since it doesn'tmake any sense for non-routers.
CVS:
1994-09-09 22:05:02 +00:00
Garrett Wollman
f0068c4a70 Initial get-the-easy-case-working upgrade of the multicast code
to something more recent than the ancient 1.2 release contained in
4.4.  This code has the following advantages as compared to
previous versions (culled from the README file for the SunOS release):

- True multicast delivery
- Configurable rate-limiting of forwarded multicast traffic on each
  physical interface or tunnel, using a token-bucket limiter.
- Simplistic classification of packets for prioritized dropping.
- Administrative scoping of multicast address ranges.
- Faster detection of hosts leaving groups.
- Support for multicast traceroute (code not yet available).
- Support for RSVP, the Resource Reservation Protocol.

What still needs to be done:

- The multicast forwarder needs testing.
- The multicast routing daemon needs to be ported.
- Network interface drivers need to have the `#ifdef MULTICAST' goop ripped
  out of them.
- The IGMP code should probably be bogon-tested.

Some notes about the porting process:

In some cases, the Berkeley people decided to incorporate functionality from
later releases of the multicast code, but then had to do things differently.
As a result, if you look at Deering's patches, and then look at
our code, it is not always obvious whether the patch even applies.  Let
the reader beware.

I ran ip_mroute.c through several passes of `unifdef' to get rid of
useless grot, and to permanently enable the RSVP support, which we will
include as standard.

Ported by: 	Garrett Wollman
Submitted by:	Steve Deering and Ajit Thyagarajan (among others)
1994-09-06 22:42:31 +00:00
Garrett Wollman
6a7be6e8e0 Obey RFC 793, section 3.4:
Several examples of connection initiation follow.  Although these
  examples do not show connection synchronization using data-carrying
  segments, this is perfectly legitimate, so long as the receiving TCP
  doesn't deliver the data to the user until it is clear the data is
  valid (i.e., the data must be buffered at the receiver until the
  connection reaches the ESTABLISHED state).
1994-08-26 22:27:16 +00:00
Paul Richards
707f139edb Made idempotent.
Submitted by:	Paul
1994-08-21 05:27:42 +00:00
Garrett Wollman
f23b4c91c4 Fix up some sloppy coding practices:
- Delete redundant declarations.
- Add -Wredundant-declarations to Makefile.i386 so they don't come back.
- Delete sloppy COMMON-style declarations of uninitialized data in
  header files.
- Add a few prototypes.
- Clean up warnings resulting from the above.

NB: ioconf.c will still generate a redundant-declaration warning, which
is unavoidable unless somebody volunteers to make `config' smarter.
1994-08-18 22:36:09 +00:00
David Greenman
3c4dd3568f Added $Id$ 1994-08-02 07:55:43 +00:00
David Greenman
b53902964f fixed bug where large amounts of unidirectional UDP traffic would fill
the interface output queue and further udp packets would be fragmented
and only partially sent - keeping the output queue full and jamming the
network, but not actually getting any real work done (because you can't
send just 'part' of a udp packet - if you fragment it, you must send
the whole thing). The fix involves adding a check to make sure that the
output queue has sufficient space for all of the fragments.
1994-08-01 12:01:45 +00:00
David Greenman
b164106fa7 Fixed bug with Nagel Congestion Avoidance where a tcp connection would
stall unnecessarily - always send an ACK when a packet len of < mss is
received.
1994-08-01 12:00:25 +00:00
David Greenman
26e30fbba5 Increased tcp_send/recvspace to 16k, and added TCP_SMALLSPACE ifdef
to set it to 4k.
1994-05-29 07:42:47 +00:00
David Greenman
d4d0967e5b Added missing ntohl()'s that are needed before calling IN_MULTICAST in
a couple of places.
Submitted by:	Johannes Helander
1994-05-26 09:51:33 +00:00
Rodney W. Grimes
26f9a76710 The big 4.4BSD Lite to FreeBSD 2.0.0 (Development) patch.
Reviewed by:	Rodney W. Grimes
Submitted by:	John Dyson and David Greenman
1994-05-25 09:21:21 +00:00
Rodney W. Grimes
df8bae1de4 BSD 4.4 Lite Kernel Sources 1994-05-24 10:09:53 +00:00