d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1456816425
freebsd-nq/sys/netinet
History
Robert Wing eb18708ec8 syncache: accept packet with no SA when TCP_MD5SIG is set 
When TCP_MD5SIG is set on a socket, all packets are dropped that don't
contain an MD5 signature. Relax this behavior to accept a non-signed
packet when a security association doesn't exist with the peer.

This is useful when a listen socket set with TCP_MD5SIG wants to handle
connections protected with and without MD5 signatures.

Reviewed by:	bz (previous version)
Sponsored by:   nepustil.net
Sponsored by:   Klara Inc.
Differential Revision:	https://reviews.freebsd.org/D33227
2022-01-08 16:32:14 -09:00
..
cc Revert "wpa: Import wpa_supplicant/hostapd commit 14ab4a816" 2021-12-02 14:45:04 -08:00
khelp
libalias Fix fragmented UDP packets handling since rev.360967. 2021-10-15 16:48:12 -07:00
netdump netdump: send key before dump, in case dump fails 2021-08-11 10:54:56 -05:00
tcp_stacks tcp_bbr(4): Fix a few typos in sysctl descriptions 2022-01-02 18:03:10 +01:00
accf_data.c Define a module version for accept filter modules. 2020-05-19 18:35:08 +00:00
accf_dns.c Define a module version for accept filter modules. 2020-05-19 18:35:08 +00:00
accf_http.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
dccp.h Add header definition for RFC4340, Datagram Congestion Control Protocol 2020-06-17 13:27:13 +00:00
icmp6.h icmp6: Count packets dropped due to an invalid hop limit 2020-10-19 17:07:19 +00:00
icmp_var.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
if_ether.c Use network epoch to protect local IPv4 addresses hash. 2021-10-22 14:40:53 -07:00
if_ether.h
igmp_var.h igmp: convert igmpstat to use PCPU counters 2020-11-08 18:49:23 +00:00
igmp.c ifnet_byindex() actually requires network epoch 2021-12-06 09:32:31 -08:00
igmp.h
in_cksum.c netinet: Implement in_cksum_skip() using m_apply() 2021-11-24 13:31:16 -05:00
in_debug.c Use network epoch to protect local IPv4 addresses hash. 2021-10-22 14:40:53 -07:00
in_fib_algo.c Fix IPv4 fib bsearch4() lookup array construction. 2021-01-17 20:32:26 +00:00
in_fib_dxr.c [fib_algo][dxr] Retire counters which are no longer used 2021-10-09 13:47:10 +02:00
in_fib.c Fix some common typos in comments 2021-08-08 10:16:06 +02:00
in_fib.h Refactor fib4/fib6 functions. 2020-11-29 13:41:49 +00:00
in_gif.c Use network epoch to protect local IPv4 addresses hash. 2021-10-22 14:40:53 -07:00
in_jail.c jail: network epoch protection for IP address lists 2021-12-26 10:45:50 -08:00
in_kdtrace.c Fix dtrace SDT probe tcp:::debug-input 2021-12-20 17:15:43 -09:00
in_kdtrace.h Separate out SCTP related dtrace code. 2019-10-14 20:32:11 +00:00
in_mcast.c ifnet_byindex() actually requires network epoch 2021-12-06 09:32:31 -08:00
in_pcb_var.h in_pcb: use jenkins hash over the entire IPv6 (or IPv4) address 2021-12-26 10:47:28 -08:00
in_pcb.c inpcb: use global UMA zones for protocols 2022-01-03 10:17:46 -08:00
in_pcb.h inpcb: garbage collect INP_LOCK_INIT(), used only once in sctp 2022-01-03 10:20:30 -08:00
in_prot.c
in_proto.c domains: make domain_init() initialize only global state 2022-01-03 10:15:22 -08:00
in_rmx.c Refactor rib iterator functions. 2020-11-22 20:21:10 +00:00
in_rss.c Revert "wpa: Import wpa_supplicant/hostapd commit 14ab4a816" 2021-12-02 14:45:04 -08:00
in_rss.h Implement flowid calculation for outbound connections to balance 2020-10-18 17:15:47 +00:00
in_systm.h
in_var.h Use network epoch to protect local IPv4 addresses hash. 2021-10-22 14:40:53 -07:00
in.c [lltable] Add per-family lltable getters. 2021-12-29 20:57:15 +00:00
in.h Add in_localip_fib(), in6_localip_fib(). 2021-11-12 08:59:42 -08:00
ip6.h net: Introduce IPV6_DSCP(), IPV6_ECN() and IPV6_TRAFFIC_CLASS() macros 2021-03-04 20:56:48 +01:00
ip_carp.c carp: fix send error demotion recovery 2021-12-18 17:19:26 -08:00
ip_carp.h carp: replace caddr_t with char * 2019-12-06 16:35:48 +00:00
ip_divert.c inpcb: use global UMA zones for protocols 2022-01-03 10:17:46 -08:00
ip_divert.h
ip_dummynet.h ipfw: use unsigned int for dummynet bandwidth 2021-08-19 10:48:53 +02:00
ip_ecn.c
ip_ecn.h
ip_encap.c Widen NET_EPOCH coverage. 2019-10-07 22:40:05 +00:00
ip_encap.h
ip_fastfwd.c IPv4: fix redirect sending conditions 2021-12-26 15:33:48 +00:00
ip_fw.h Allow setting alias port ranges in libalias and ipfw. This will allow a system 2021-02-02 13:24:17 -08:00
ip_gre.c Revert "wpa: Import wpa_supplicant/hostapd commit 14ab4a816" 2021-12-02 14:45:04 -08:00
ip_icmp.c Use network epoch to protect local IPv4 addresses hash. 2021-10-22 14:40:53 -07:00
ip_icmp.h
ip_id.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
ip_input.c protocols: init with standard SYSINIT(9) or VNET_SYSINIT 2022-01-03 10:15:21 -08:00
ip_mroute.c mroute: add missing WUNLOCK 2021-10-28 07:12:23 +02:00
ip_mroute.h ip_mroute: rework ip_mroute 2021-05-31 05:48:15 +02:00
ip_options.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
ip_options.h
ip_output.c netinet: Remove unneeded mb_unmapped_to_ext() calls 2021-11-24 13:31:16 -05:00
ip_reass.c ip_reass: do less work in ipreass_slowtimo if possible 2021-08-14 18:50:12 +02:00
ip_var.h protocols: init with standard SYSINIT(9) or VNET_SYSINIT 2022-01-03 10:15:21 -08:00
ip.h
pim_var.h
pim.h
raw_ip.c inpcb: use global UMA zones for protocols 2022-01-03 10:17:46 -08:00
sctp_asconf.c sctp: cleanup, no functional change intended 2021-09-15 10:18:11 +02:00
sctp_asconf.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sctp_auth.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sctp_auth.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sctp_bsd_addr.c Don't pass RFPROC to kproc_create(), it is redundant. 2021-03-12 09:48:10 -08:00
sctp_bsd_addr.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sctp_cc_functions.c sctp: remove some set, but unused variables 2021-08-09 15:58:46 +02:00
sctp_constants.h sctp: cleanup the SCTP_MAXSEG socket option. 2021-12-27 23:40:31 +01:00
sctp_crc32.c sctp: Use m_apply() to calcuate a checksum for an mbuf chain 2021-11-16 13:36:30 -05:00
sctp_crc32.h Add the SCTP_SUPPORT kernel option. 2020-06-18 19:32:34 +00:00
sctp_header.h Whitespace changes. 2020-09-24 12:26:06 +00:00
sctp_indata.c sctp: Fix errno in case of association setup failures 2021-07-09 23:19:25 +02:00
sctp_indata.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sctp_input.c sctp: improve counting of incoming chunks 2022-01-01 20:59:47 +01:00
sctp_input.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sctp_kdtrace.c Separate out SCTP related dtrace code. 2019-10-14 20:32:11 +00:00
sctp_kdtrace.h Separate out SCTP related dtrace code. 2019-10-14 20:32:11 +00:00
sctp_lock_bsd.h sctp: Simplify stream scheduler usage 2021-09-21 17:13:57 +02:00
sctp_module.c protocols: init with standard SYSINIT(9) or VNET_SYSINIT 2022-01-03 10:15:21 -08:00
sctp_os_bsd.h sctp: use the correct traffic class when sending SCTP/IPv6 packets 2021-12-03 21:36:44 +01:00
sctp_os.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sctp_output.c sctp: retire sctp_mtu_size_reset() 2021-12-30 15:30:11 +01:00
sctp_output.h sctp: cleanup the SCTP_MAXSEG socket option. 2021-12-27 23:40:31 +01:00
sctp_pcb.c inpcb: garbage collect INP_LOCK_INIT(), used only once in sctp 2022-01-03 10:20:30 -08:00
sctp_pcb.h sctp: Tighten up locking around sctp_aloc_assoc() 2021-09-11 10:15:21 -04:00
sctp_peeloff.c sctp: Remove an unused sctp_inpcb field 2021-09-07 11:19:29 -04:00
sctp_peeloff.h
sctp_ss_functions.c sctp: improve KASSERT messages 2021-10-08 11:33:56 +02:00
sctp_structs.h sctp: Cleanup stream schedulers. 2021-09-23 14:16:56 +02:00
sctp_syscalls.c Convert remaining cap_rights_init users to cap_rights_init_one 2021-01-12 13:16:10 +00:00
sctp_sysctl.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sctp_sysctl.h Improve the handling of cookie life times. 2020-10-16 10:44:48 +00:00
sctp_timer.c sctp: avoid locking an already locked mutex 2021-09-28 05:17:03 +02:00
sctp_timer.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sctp_uio.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sctp_usrreq.c sctp: miror change due to upstreaming 2022-01-03 23:03:06 +01:00
sctp_var.h protocols: init with standard SYSINIT(9) or VNET_SYSINIT 2022-01-03 10:15:21 -08:00
sctp.h Improve the handling of cookie life times. 2020-10-16 10:44:48 +00:00
sctputil.c sctp: retire sctp_mtu_size_reset() 2021-12-30 15:30:11 +01:00
sctputil.h sctp: retire sctp_mtu_size_reset() 2021-12-30 15:30:11 +01:00
siftr.c SIFTR: Fix compilation with -DSIFTR_IPV6 2021-11-04 00:32:17 +00:00
tcp_accounting.h This brings into sync FreeBSD with the netflix versions of rack and bbr. 2021-05-06 11:22:26 -04:00
tcp_debug.c
tcp_debug.h inet: remove tcp_debug from netinet/tcp_debug.h 2021-11-01 23:10:30 +00:00
tcp_fastopen.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
tcp_fastopen.h
tcp_fsm.h tcp: Remove unused v6 state definitions 2021-08-27 08:31:32 -04:00
tcp_hostcache.c tcp(4): Fix a typo in a sysctl description 2021-11-30 07:17:30 +01:00
tcp_hpts.c tcp: remove delayed drop KPI 2021-12-26 08:48:24 -08:00
tcp_hpts.h tcp: remove delayed drop KPI 2021-12-26 08:48:24 -08:00
tcp_input.c tcp: mechanically substitute call to tfb_tcp_output to new method. 2021-12-26 08:47:59 -08:00
tcp_log_buf.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
tcp_log_buf.h tcp: remove delayed drop KPI 2021-12-26 08:48:24 -08:00
tcp_lro.c tcp: remove delayed drop KPI 2021-12-26 08:48:24 -08:00
tcp_lro.h Update the TCP LRO code to handle both encrypted and un-encrypted traffic. 2021-08-06 11:28:44 +02:00
tcp_offload.c Path MTU discovery hooks for offloaded TCP connections. 2021-04-21 13:00:16 -07:00
tcp_offload.h Path MTU discovery hooks for offloaded TCP connections. 2021-04-21 13:00:16 -07:00
tcp_output.c tcp: welcome back tcp_output() as the right way to run output on tcpcb. 2021-12-26 08:47:42 -08:00
tcp_pcap.c Step 4.2: start divorce of M_EXT and M_EXTPG 2020-05-03 00:37:16 +00:00
tcp_pcap.h
tcp_ratelimit.c Add a switch structure for send tags. 2021-09-14 11:43:41 -07:00
tcp_ratelimit.h This takes Warners suggested approach to making it so that 2021-05-07 17:32:32 -04:00
tcp_reass.c tcp: A better fix for the previously attempted fix of the ack-war issue with tcp. 2021-06-04 05:26:43 -04:00
tcp_sack.c tcp: mechanically substitute call to tfb_tcp_output to new method. 2021-12-26 08:47:59 -08:00
tcp_seq.h
tcp_stats.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
tcp_subr.c inpcb: use global UMA zones for protocols 2022-01-03 10:17:46 -08:00
tcp_syncache.c syncache: accept packet with no SA when TCP_MD5SIG is set 2022-01-08 16:32:14 -09:00
tcp_syncache.h tcp: add support for TCP over UDP 2021-04-18 16:16:42 +02:00
tcp_timer.c tcp: TCP output method can request tcp_drop 2021-12-26 08:48:19 -08:00
tcp_timer.h tcp: virtualise net.inet.tcp.msl sysctl. 2021-12-26 14:56:04 +00:00
tcp_timewait.c tcp: remove delayed drop KPI 2021-12-26 08:48:24 -08:00
tcp_usrreq.c tcp_usr_shutdown: don't cast inp_ppcb to tcpcb before checking inp_flags 2021-12-28 08:50:02 -08:00
tcp_var.h protocols: init with standard SYSINIT(9) or VNET_SYSINIT 2022-01-03 10:15:21 -08:00
tcp.h tcp: socket option to get stack alias name 2021-10-27 08:21:59 -07:00
tcpip.h
toecore.c tcp: TCP output method can request tcp_drop 2021-12-26 08:48:19 -08:00
toecore.h Path MTU discovery hooks for offloaded TCP connections. 2021-04-21 13:00:16 -07:00
udp_usrreq.c inpcb: use global UMA zones for protocols 2022-01-03 10:17:46 -08:00
udp_var.h protocols: init with standard SYSINIT(9) or VNET_SYSINIT 2022-01-03 10:15:21 -08:00
udp.h headers: make a few more headers self-contained 2022-01-03 10:12:30 +01:00
udplite.h White space cleanup -- remove trailing tab's or spaces 2020-02-12 13:31:36 +00:00