rev 1.66. This fix contains both belt and suspenders.
Belt: ignore packets where src == dst and srcport == dstport in TCPS_LISTEN.
These packets can only legitimately occur when connecting a socket to itself,
which doesn't go through TCPS_LISTEN (it goes CLOSED->SYN_SENT->SYN_RCVD->
ESTABLISHED). This prevents the "standard" "land" attack, although doesn't
prevent the multi-homed variation.
Suspenders: send a RST in response to a SYN/ACK in SYN_RECEIVED state.
The only packets we should get in SYN_RECEIVED are
1. A retransmitted SYN, or
2. An ack of our SYN/ACK.
The "land" attack depends on us accepting our own SYN/ACK as an ACK;
in SYN_RECEIVED state; this should prevent all "land" attacks.
We also move up the sequence number check for the ACK in SYN_RECEIVED.
This neither helps nor hurts with respect to the "land" attack, but
puts more of the validation checking in one spot.
PR: kern/5103
it is built with this defined (which it isn't by default). This change
to sys.mk treats the absence of MACHINE_ARCH as i386 on the assumption
that it will be appropriately defined (as something else) on any other
architecture. When building FreeBSD's make with NetBSD tools, both
MACHINE and MACHINE_ARCH are correctly set (e.g. when bootstrapping
FreeBSD's make on NetBSD/mvme68k, MACHINE=mvme68k and
MACHINE_ARCH=m68k). This isn't really needed for the alpha which
has both defined as 'alpha', but I thought it was worth getting the
distinction between a MACHINE and a MACHINE_ARCH correct now.
Now, shouldn't PC98 have MACHINE=pc98 and MACHINE_ARCH=i386 ??!!
The delay defaults to 1 sec (as it always has) unless we've done
a ~p in interactive mode or we've actually detected a HDLC frame.
This is now cleanly implemented (via async timers) so that it is
possible for LCP to come up despite the delay if an LCP REQ is
received.
This will hopefully solve situations with slow servers or slirp
scenarios (where ECHO is left on the port for a second or so before
the peer enters packet mode).
Also, ~p in interactive mode no longer changes the value of the default
openmode delay and -dedicated mode enters packet mode in the right state
according to the value of openmode.
and initializes the next two ports in order starting at 03e0. This
also patches pcic_p.h to reduce the I/O ports mapped from 4 to 2.
Submitted by: Ted Faber <faber@ISI.EDU>
MOUNT_LFS to "lfs" in one place. The merge was painful because it
conflicted with cosmetic FreeBSD changes. lfs_cleanerd still compiles
cleanly but has aproximately the same chance of working as before (0).
types. The NetBSD compatibility cruft was more correct for -current
than FreeBSD's own code. It just used NetBSD #defines instead of
string literals for the filesystem names. NetBSD's MOUNT_UFS is
"ffs", so using a literal "ufs" gives wrong results, but this is
unimportant, especially for bootstrapping.
Fixed style bugs in trymmap().
Fixed some disordered declarations.
via wollman's changes in rev.1.2 being adopted by Lite2 and the
nfsv3 changes in rev.1.3 being adopted by both FreeBSD and Lite2.
We were only missing lookup of the type number for nfs (MOUNT_NFS
doesn't exist in Lite2).
isn't a prerequisite, since it isn't required for the prototypes
and isn't always needed to call the functions (the address family
might be a variable).
- Set UN_ULOCK in union_lock() when UN_KLOCK is set. Caller expects
that vnode is locked correctly, and may call another function which
expects locked vnode and may unlock the vnode.
- Do not assume the behavior of inside functions in FreeBSD's
vfs_suber.c is same as 4.4BSD-Lite2. Vnode may be locked in
vget() even though flag is zero. (Locked vnode is, of course,
unlocked before returning from vget.)
Move sigjmp_buf and jmp_buf structure definitions to machine/setjmp.h
so that i386 can continue to use int as the basic register type and
alpha can use long. Bruce was concerned about possible differing
alignment. I've left the definition of _JBLEN in machine/setjmp.h
even though Bruce's example used the number directly. I don't know if
any other code relies on _JBLEN, so I left it to avoid potential
breakage.
so that existing programs which were compiled before the introduction
of the new mouse code and use these ioctls will run unmodified.
Suggested by msmith.