d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd-nq/sys/netinet
History
Jesper Skriver 2b1a209a17 Prevent denial of service using bogus fragmented IPv4 packets. 
A attacker sending a lot of bogus fragmented packets to the target
(with different IPv4 identification field - ip_id), may be able
to put the target machine into mbuf starvation state.

By setting a upper limit on the number of reassembly queues we
prevent this situation.

This upper limit is controlled by the new sysctl
net.inet.ip.maxfragpackets which defaults to NMBCLUSTERS/4

If you want old behaviour (no upper limit) set this sysctl
to a negative value.

If you don't want to accept any fragments (not recommended)
set the sysctl to 0 (zero)

Obtained from:	NetBSD (partially)
MFC after:	1 week
2001-05-31 21:57:29 +00:00
..
libalias
Add an integer field to keep protocol-specific flags with links.
2001-05-30 14:24:35 +00:00
accf_data.c
Remove headers not needed.
2000-10-07 23:15:17 +00:00
accf_http.c
Fix incorrect logic wouldn't disconnect incomming connections that had been
2001-01-03 19:50:23 +00:00
fil.c
fix conflicts
2001-02-04 14:26:56 +00:00
icmp6.h
sync with kame tree as of july00. tons of bug fixes/improvements.
2000-07-04 16:35:15 +00:00
icmp_var.h
Clean up RST ratelimiting. Previously, ratelimiting occured before tests
2001-02-11 07:39:51 +00:00
if_atm.c
udp IPv6 support, IPv6/IPv4 tunneling support in kernel,
1999-12-07 17:39:16 +00:00
if_atm.h
Add $FreeBSD$
2000-05-01 20:32:07 +00:00
if_ether.c
Add a missing m_pullup() before a mtod() in in_arpinput().
2001-03-27 12:34:58 +00:00
if_ether.h
Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL"
1999-12-29 04:46:21 +00:00
if_fddi.h
Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL"
1999-12-29 04:46:21 +00:00
igmp_var.h
Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL"
1999-12-29 04:46:21 +00:00
igmp.c
Add #include <machine/in_cksum.h>, in order to pick up the checksum
2000-05-06 18:19:58 +00:00
igmp.h
in_cksum.c
in_gif.c
Another round of the <sys/queue.h> FOREACH transmogriffer.
2001-02-04 16:08:18 +00:00
in_gif.h
sync with kame tree as of july00. tons of bug fixes/improvements.
2000-07-04 16:35:15 +00:00
in_hostcache.c
Convert more malloc+bzero to malloc+M_ZERO.
2000-12-08 21:51:06 +00:00
in_hostcache.h
Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL"
1999-12-29 04:46:21 +00:00
in_pcb.c
Fix a style(9) nit.
2001-03-16 19:36:23 +00:00
in_pcb.h
Remove in_pcbnotify and use in_pcblookup_hash to find the cb directly.
2001-02-26 21:19:47 +00:00
in_proto.c
Make netstat(1) to be aware of divert(4) sockets.
2000-08-03 14:09:52 +00:00
in_rmx.c
In in_ifadown(), differentiate between whether the interface goes
2001-05-11 14:37:34 +00:00
in_systm.h
Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL"
1999-12-29 04:46:21 +00:00
in_var.h
In in_ifadown(), differentiate between whether the interface goes
2001-05-11 14:37:34 +00:00
in.c
In in_ifadown(), differentiate between whether the interface goes
2001-05-11 14:37:34 +00:00
in.h
IPv4 address is not unsigned int. This change introduces in_addr_t.
2001-03-23 18:59:31 +00:00
ip6.h
remove m_pulldown statistics, which is highly experimental and does not
2000-07-12 16:39:13 +00:00
ip_auth.c
fix conflicts
2001-02-04 14:26:56 +00:00
ip_auth.h
fix conflicts from rcsids
2000-10-26 12:33:42 +00:00
ip_compat.h
fix conflicts
2001-02-04 14:26:56 +00:00
ip_divert.c
Mechanical change to use <sys/queue.h> macro API instead of
2001-02-04 13:13:25 +00:00
ip_dummynet.c
Sync with the bridge/dummynet/ipfw code already tested in stable.
2001-02-10 00:10:18 +00:00
ip_dummynet.h
MFS: bridge/ipfw/dummynet fixes (bridge.c will be committed separately)
2001-02-02 00:18:00 +00:00
ip_ecn.c
sync with kame tree as of july00. tons of bug fixes/improvements.
2000-07-04 16:35:15 +00:00
ip_ecn.h
sync with kame tree as of july00. tons of bug fixes/improvements.
2000-07-04 16:35:15 +00:00
ip_encap.c
Mechanical change to use <sys/queue.h> macro API instead of
2001-02-04 13:13:25 +00:00
ip_encap.h
sync with kame tree as of july00. tons of bug fixes/improvements.
2000-07-04 16:35:15 +00:00
ip_fil.c
While I'm here, get rid of (now useless) MCLISREFERENCED and use MEXT_IS_REF
2000-11-11 23:05:59 +00:00
ip_fil.h
fix conflicts
2001-02-04 14:26:56 +00:00
ip_flow.c
Back out the previous change to the queue(3) interface.
2000-05-26 02:09:24 +00:00
ip_flow.h
Back out the previous change to the queue(3) interface.
2000-05-26 02:09:24 +00:00
ip_frag.c
fix security hole created by fragment cache
2001-04-06 15:52:28 +00:00
ip_frag.h
fix security hole created by fragment cache
2001-04-06 15:52:28 +00:00
ip_ftp_pxy.c
fix conflicts
2001-02-04 14:26:56 +00:00
ip_fw.c
pipe/queue are the only consumers of flow_id, so only set it in those cases
2001-04-06 06:52:25 +00:00
ip_fw.h
Introduce a new feature in IPFW: Check of the source or destination
2001-02-13 14:12:37 +00:00
ip_icmp.c
MFC candidate.
2001-03-28 14:13:19 +00:00
ip_icmp.h
Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL"
1999-12-29 04:46:21 +00:00
ip_input.c
Prevent denial of service using bogus fragmented IPv4 packets.
2001-05-31 21:57:29 +00:00
ip_log.c
resolve conflicts
2000-08-13 04:31:06 +00:00
ip_mroute.c
Fix typo: seperate -> separate.
2001-02-06 11:21:58 +00:00
ip_mroute.h
Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL"
1999-12-29 04:46:21 +00:00
ip_nat.c
fix security hole created by fragment cache
2001-04-06 15:52:28 +00:00
ip_nat.h
fix security hole created by fragment cache
2001-04-06 15:52:28 +00:00
ip_output.c
RFC768 (UDP) requires that "if the computed checksum is zero, it
2001-03-13 17:07:06 +00:00
ip_proxy.c
fix conflicts
2000-05-24 04:21:35 +00:00
ip_proxy.h
fix conflicts
2001-02-04 14:26:56 +00:00
ip_raudio_pxy.c
Fix conflicts creted by import.
2000-10-29 07:53:05 +00:00
ip_rcmd_pxy.c
fix conflicts
2001-02-04 14:26:56 +00:00
ip_state.c
fix security hole created by fragment cache
2001-04-06 15:52:28 +00:00
ip_state.h
fix conflicts from rcsids
2000-10-26 12:33:42 +00:00
ip_var.h
Invalidate cached forwarding route (ipforward_rt) whenever a new route
2001-03-19 09:16:16 +00:00
ip.h
IPSEC support in the kernel.
1999-12-22 19:13:38 +00:00
ipl.h
fix conflicts
2001-02-04 14:26:56 +00:00
ipprotosw.h
activate pfil_hooks and covert ipfilter to use it
2000-07-31 13:11:42 +00:00
mlfk_ipl.c
Send the remains (such as I have located) of "block major numbers" to
2001-03-26 12:41:29 +00:00
raw_ip.c
In in_ifadown(), differentiate between whether the interface goes
2001-05-11 14:37:34 +00:00
tcp_debug.c
sync with kame tree as of july00. tons of bug fixes/improvements.
2000-07-04 16:35:15 +00:00
tcp_debug.h
Sorry in this just befor code freeze commit.
2000-01-29 11:49:07 +00:00
tcp_fsm.h
Undo rev 1.10, which took out TH_FIN from the CLOSING state. This
1999-11-07 04:18:30 +00:00
tcp_input.c
Inline TCP_REASS() in the single location where it's used,
2001-05-29 19:54:45 +00:00
tcp_output.c
Undo part of the tangle of having sys/lock.h and sys/mutex.h included in
2001-05-01 08:13:21 +00:00
tcp_reass.c
Inline TCP_REASS() in the single location where it's used,
2001-05-29 19:54:45 +00:00
tcp_seq.h
Say goodbye to TCP_COMPAT_42
2001-04-20 11:58:56 +00:00
tcp_subr.c
Say goodbye to TCP_COMPAT_42
2001-04-20 11:58:56 +00:00
tcp_timer.c
Disable rfc1323 and rfc1644 TCP extensions if we havn't got
2001-05-31 19:24:49 +00:00
tcp_timer.h
Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL"
1999-12-29 04:46:21 +00:00
tcp_timewait.c
Say goodbye to TCP_COMPAT_42
2001-04-20 11:58:56 +00:00
tcp_usrreq.c
Say goodbye to TCP_COMPAT_42
2001-04-20 11:58:56 +00:00
tcp_var.h
Randomize the TCP initial sequence numbers more thoroughly.
2001-04-17 18:08:01 +00:00
tcp.h
o Minor style(9)ism to make consistent with -STABLE
2001-01-09 18:26:17 +00:00
tcpip.h
Remove struct full_tcpiphdr{}.
2001-02-26 20:10:16 +00:00
udp_usrreq.c
Count and show incoming UDP datagrams with no checksum.
2001-03-13 13:26:06 +00:00
udp_var.h
remove unused data structure definition, and corresponding macro into*()
2001-02-18 07:10:03 +00:00
udp.h