Commit Graph

64 Commits

Author SHA1 Message Date
Garrett Wollman
eb6ad69646 Merge in T/TCP TCP header file changes. 1995-02-08 20:18:48 +00:00
Gary Palmer
6db216a6d7 Remove a possible loophole - previously the code wouldn't pass packets destined
to the loopback address to the packet filter.

Reviewed by:	"Ugen J.S.Antsilevich" <ugen@netvision.net.il>
1995-02-07 20:30:42 +00:00
Garrett Wollman
838ecf4225 Make sure to disable RSVP intercept when the socket is closed. 1995-02-07 02:53:14 +00:00
Garrett Wollman
479bb8da0e Correct long-standing error in the RSVP hooks (would initialize but never
return success).
1995-01-26 18:59:02 +00:00
Ugen J.S. Antsilevich
2b43c8c9db ip_fwdef.c was missing some assignments , and this
caused that bug by which firewall code was not working
if configured into kernel and worked only as lkm.
Now this must be fixed...Sorry guys..
1995-01-26 10:26:15 +00:00
David Greenman
8eea120788 Kill previous commit as it isn't necessary. 1995-01-26 03:56:20 +00:00
David Greenman
b99f012ec5 Extended the previous change to cover the non-options case, too. 1995-01-24 08:03:22 +00:00
David Greenman
297a37f334 Applied fix from Andreas Schulz with a different comment by me. Fixes a
bug where TCP connections are closed prematurely.

Submitted by:	Andreas Schulz
1995-01-23 17:58:27 +00:00
Garrett Wollman
bbb7c7109b Change caching strategy somewhat:
1) Don't clone routes to multicast destinations; there is nothing useful
   to be gained in this case.
2) Reduce default expiration timer to one hour.  Busy sites will still
   likely want to reduce this, but for ordinary users this is a reasonable
   value to use.
1995-01-23 02:02:50 +00:00
Ugen J.S. Antsilevich
4dd1662b4c Actual firewall change.
1) Firewall is not subdivided on forwarding / blocking chains
   anymore.Actually only one chain left-it was the blocking one.
2) LKM support.ip_fwdef.c is function pointers definition and
goes into kernel along with all INET stuff.
1995-01-12 13:06:32 +00:00
David Greenman
aedcdea1de Fixed mbuf lossage when level != IPPROTO_IP. Problem reported by Robert
Dobbs, hint from Charles Hannum, fix by me.
1995-01-12 10:53:25 +00:00
Garrett Wollman
b2774d00ad Make arp_rtrequest() static since nobody needs to referene it any more. 1994-12-22 22:00:30 +00:00
Garrett Wollman
dd2e410221 Move ARP interface initialization into if_ether.c:arp_ifinit(). 1994-12-22 21:56:22 +00:00
Garrett Wollman
f811ab0233 Avoid a serious race by blocking netisrs while walking the route tree.
(IWBRNI we could just block IP netisrs...)
1994-12-21 17:25:52 +00:00
Garrett Wollman
3c896bda76 Correct sysctl info so that net.inet.ip.rtexpire is actually accessible. 1994-12-21 17:23:59 +00:00
Garrett Wollman
9ee39fc64d Fix PR 59: don't allow TCP connections withmulticast addresses at either
end.
1994-12-15 20:39:34 +00:00
Garrett Wollman
5be2baf843 Make rtq_reallyold user-configurable via sysctl. 1994-12-14 19:06:37 +00:00
Garrett Wollman
2c17fe9339 Call rtalloc_ign() so that protocol cloning will not occur at the IP layer. 1994-12-13 23:08:12 +00:00
Garrett Wollman
31246bc25f Update calls to rtalloc1(). Also merge rt_prflags with rt_flags. 1994-12-13 22:32:45 +00:00
Ugen J.S. Antsilevich
3107b31b8d Add clear one accounting entry control.
Structure fields changed to seem more standart.
1994-12-13 15:57:34 +00:00
Ugen J.S. Antsilevich
f3caf95e23 Late patch for delete control.. 1994-12-12 18:10:41 +00:00
Ugen J.S. Antsilevich
10a642bb05 Add match by interface from which packet arrived (via)
Handle right fragmented packets. Remove checking option
from kernel..
1994-12-12 17:20:55 +00:00
Garrett Wollman
1db18e0fc4 Advanced route cache management is now an official part of IP support. 1994-12-11 21:36:10 +00:00
Garrett Wollman
114a506d1a Delete old, confusing comment. 1994-12-02 23:10:32 +00:00
Garrett Wollman
73579c400f Add a check to make sure that we don't fiddle with the NFS routing tables
as well (bleah!).  Also, increase the interval to the real-life value and
eliminate debugging printfs.  This will be standard once tested by others.
1994-12-02 03:32:24 +00:00
Garrett Wollman
fa1f0e90fb Add latest version of ``advanced route metric management'' :-)
As before, this is currently conditionalized on options IN_RMX until
I'm sure it's working.
1994-12-01 23:19:48 +00:00
Ugen J.S. Antsilevich
c334f8666a Added: ICMP reply,TCP SYN check,logging.. 1994-11-28 12:35:14 +00:00
Jordan K. Hubbard
63f8d699ac Ugen J.S.Antsilevich's latest, happiest, IP firewall code.
Poul:  Please take this into BETA.  It's non-intrusive, and a rather
substantial improvement over what was there before.
1994-11-16 10:17:11 +00:00
Jordan K. Hubbard
dbdc296687 Ugen makes it in with 10 seconds to spare with a one-char diff. Some
people are born lucky..
Submitted by:	ugen
1994-11-08 14:25:17 +00:00
Jordan K. Hubbard
72e8fea57e Almost 12th hour (the 11th hour was almost an hour ago :-) patches
from Ugen.
1994-11-08 12:47:29 +00:00
Jordan K. Hubbard
ad63b51399 2 11th-hour fixes from Ugen (not Uben, sorry!) J.S.Antsilevich.
I think it's time for Ugen to get a freefall account, just so I can
direct mail at him directly and let him drop off patches for us here.  Ugen?
Done!
Submitted by:	ugen
1994-11-07 10:01:32 +00:00
Garrett Wollman
df00058df7 Fix off-by-one error reported to NetBSD by Karl Fox in
<9411031449.AA11102@gefilte.MorningStar.Com>.
1994-11-03 21:04:21 +00:00
Garrett Wollman
bb0135e920 Completely replace JTW's idea with my (incompletely implemented) original
idea.  This is les likely to crash your machine.  As before, this code is only
enabled under `options IN_RMX'.
1994-11-03 01:05:34 +00:00
Garrett Wollman
d4a8d8f240 This is the file that actually implements the smarter behavior. 1994-11-02 04:42:14 +00:00
Garrett Wollman
5c2dae8edc Add code to be a bit smarter about IP routes, conditioned on the option
IN_RMX.  (Eventually this will be standard, but I just wrote the code today
and don't want to break anyone.)
1994-11-02 04:41:39 +00:00
Garrett Wollman
ac234f9399 Clean up ARP error messages: format IP addresses, explain arplookup()
failures in English.
1994-11-02 00:58:29 +00:00
Jordan K. Hubbard
0a87b23329 Latest changes from Uben.
Submitted by:	uben
1994-10-31 23:58:04 +00:00
Paul Traina
6c4b8d672e Detect old-style multicast routers and interoperate properly 1994-10-31 06:36:47 +00:00
Jordan K. Hubbard
100ba1a617 IP Firewall code from Daniel Boulet and J.S.Antsilevich
Submitted by:	danny ugen
1994-10-28 15:09:49 +00:00
Steven Wallace
1bc8a80906 Patch for proper multicast support on point-to-point links.
Submitted by:	apg@demos.su (Paul Antonov) - patch020
1994-10-25 22:13:32 +00:00
Garrett Wollman
ccc999917e Bug fixes from John Brezak. 1994-10-21 02:38:29 +00:00
Garrett Wollman
e2637b6b1c Fix some endianness and packet header bugs found in BSDi's port of this code.
(From mbone mailing-list.)
1994-10-13 22:12:42 +00:00
Garrett Wollman
10be56487a As suggested by Sally Floyd, don't add the ``small fraction of the window
size'' when doing congestion avoidance.

Submitted by:	Mark Andrews
1994-10-13 18:36:32 +00:00
Garrett Wollman
5df7296441 Fix a bug which caused panics when attempting to change just the flags of
a route.  (This still doesn't work, but it doesn't panic now.)  It looks
like there may be a number of incipient bugs in this code.

Also, get ready for the time when all IP gateway routes are cloning, which
is necessary to keep proper TCP statistics.
1994-10-11 23:16:38 +00:00
Poul-Henning Kamp
61ce519bad Cosmetics. Silence gcc -Wall. 1994-10-10 07:56:07 +00:00
Poul-Henning Kamp
ac0776aed7 Cosmetics: silences gcc -Wall. 1994-10-08 22:39:58 +00:00
Poul-Henning Kamp
623ae52e4e GCC cleanup.
Reviewed by:
Submitted by:
Obtained from:
1994-10-02 17:48:58 +00:00
Garrett Wollman
28e822955c Implement full proxy ARP, gated on option ARP_PROXYALL. This allows
a FreeBSD box to do proxy ARP as easily as most commercial routers do,
without messing around with (potentially variable) Ethernet addresses.
This code is really quite simple; I'm not at all sure why it wasn't
implemented in 4.4.

It might be worth stealing an interface flag (maybe IFF_LINK1) to use for
finer-grained control over which interfaces get proxy treatment.  For the
moment, it's all or nothing.
1994-10-01 21:50:33 +00:00
Poul-Henning Kamp
fe95e21fed Made the kernel compile even without "ether". 1994-09-16 05:47:06 +00:00
David Greenman
610ee2f9b5 Made TCPDEBUG truely optional. Based on changes I made in FreeBSD 1.1.5.
Fixed somebody's idea of a joke - about the first half of the lines in
in_proto.c were spaced over by one space.
1994-09-15 10:36:56 +00:00