Commit Graph

231 Commits

Author SHA1 Message Date
bmilekic
88ef993e5e During a flood, we don't call rtfree(), but we remove the entry ourselves.
However, if the RTF_DELCLONE and RTF_WASCLONED condition passes, but the ref
count is > 1, we won't decrement the count at all. This could lead to
route entries never being deleted.

Here, we call rtfree() not only if the initial two conditions fail, but
also if the ref count is > 1 (and we therefore don't immediately delete
the route, but let rtfree() handle it).

This is an urgent MFC candidate. Thanks go to Mike Silbersack for the
fix, once again. :-)

Submitted by: Mike Silbersack <silby@silby.com>
2001-03-04 21:28:40 +00:00
phk
78a2aff290 Fix jails. 2001-02-28 09:38:48 +00:00
jlemon
8260da124e Remove in_pcbnotify and use in_pcblookup_hash to find the cb directly.
For TCP, verify that the sequence number in the ICMP packet falls within
the tcp receive window before performing any actions indicated by the
icmp packet.

Clean up some layering violations (access to tcp internals from in_pcb)
2001-02-26 21:19:47 +00:00
jesper
65fa889a56 Redo the security update done in rev 1.54 of src/sys/netinet/tcp_subr.c
and 1.84 of src/sys/netinet/udp_usrreq.c

The changes broken down:

- remove 0 as a wildcard for addresses and port numbers in
  src/sys/netinet/in_pcb.c:in_pcbnotify()
- add src/sys/netinet/in_pcb.c:in_pcbnotifyall() used to notify
  all sessions with the specific remote address.
- change
  - src/sys/netinet/udp_usrreq.c:udp_ctlinput()
  - src/sys/netinet/tcp_subr.c:tcp_ctlinput()
  to use in_pcbnotifyall() to notify multiple sessions, instead of
  using in_pcbnotify() with 0 as src address and as port numbers.
- remove check for src port == 0 in
  - src/sys/netinet/tcp_subr.c:tcp_ctlinput()
  - src/sys/netinet/udp_usrreq.c:udp_ctlinput()
  as they are no longer needed.
- move handling of redirects and host dead from in_pcbnotify() to
  udp_ctlinput() and tcp_ctlinput(), so they will call
  in_pcbnotifyall() to notify all sessions with the specific
  remote address.

Approved by:	jlemon
Inspired by:    NetBSD
2001-02-22 21:23:45 +00:00
rwatson
ab5676fc87 o Move per-process jail pointer (p->pr_prison) to inside of the subject
credential structure, ucred (cr->cr_prison).
o Allow jail inheritence to be a function of credential inheritence.
o Abstract prison structure reference counting behind pr_hold() and
  pr_free(), invoked by the similarly named credential reference
  management functions, removing this code from per-ABI fork/exit code.
o Modify various jail() functions to use struct ucred arguments instead
  of struct proc arguments.
o Introduce jailed() function to determine if a credential is jailed,
  rather than directly checking pointers all over the place.
o Convert PRISON_CHECK() macro to prison_check() function.
o Move jail() function prototypes to jail.h.
o Emulate the P_JAILED flag in fill_kinfo_proc() and no longer set the
  flag in the process flags field itself.
o Eliminate that "const" qualifier from suser/p_can/etc to reflect
  mutex use.

Notes:

o Some further cleanup of the linux/jail code is still required.
o It's now possible to consider resolving some of the process vs
  credential based permission checking confusion in the socket code.
o Mutex protection of struct prison is still not present, and is
  required to protect the reference count plus some fields in the
  structure.

Reviewed by:	freebsd-arch
Obtained from:	TrustedBSD Project
2001-02-21 06:39:57 +00:00
jesper
36f802a12c Remove unneeded loop increment in src/sys/netinet/in_pcb.c:in_pcbnotify
Forgotten by phk, when committing fix in kern/23986

PR:		kern/23986
Reviewed by:	phk
Approved by:	phk
2001-02-20 21:11:29 +00:00
phk
709379c1ae Another round of the <sys/queue.h> FOREACH transmogriffer.
Created with:   sed(1)
Reviewed by:    md5(1)
2001-02-04 16:08:18 +00:00
phk
e87f7a15ad Mechanical change to use <sys/queue.h> macro API instead of
fondling implementation details.

Created with: sed(1)
Reviewed by: md5(1)
2001-02-04 13:13:25 +00:00
wes
eeda0df2a3 When attempting to bind to an ephemeral port, if no such port is
available, the error return should be EADDRNOTAVAIL rather than
EAGAIN.

PR:		14181
Submitted by:	Dima Dorfman <dima@unixfreak.org>
Reviewed by:	Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
2001-01-23 07:27:56 +00:00
des
b3c27aaaf7 First step towards an MP-safe zone allocator:
- have zalloc() and zfree() always lock the vm_zone.
 - remove zalloci() and zfreei(), which are now redundant.

Reviewed by:	bmilekic, jasone
2001-01-21 22:23:11 +00:00
assar
9df0aaf2c1 include tcp header files to get the prototype for tcp_seq_vs_sess 2000-12-27 03:02:29 +00:00
phk
6bfb7240b8 Update the "icmp_admin_prohib_like_rst" code to check the tcp-window and
to be configurable with respect to acting only in SYN or in all TCP states.

PR:		23665
Submitted by:	Jesper Skriver <jesper@skriver.dk>
2000-12-24 10:57:21 +00:00
dwmalone
dd75d1d73b Convert more malloc+bzero to malloc+M_ZERO.
Submitted by:	josh@zipperup.org
Submitted by:	Robert Drehmel <robd@gmx.net>
2000-12-08 21:51:06 +00:00
phk
cb69a028ad Properly jail UDP sockets. This is quite a bit more tricky than TCP.
This fixes a !root userland panic, and some cases where the wrong
interface was chosen for a jailed UDP socket.

PR:		20167, 19839, 20946
2000-09-17 13:35:42 +00:00
jayanth
8c2fae5374 When a connection is being dropped due to a listen queue overflow,
delete the cloned route that is associated with the connection.
This does not exhaust the routing table memory when the system
is under a SYN flood attack. The route entry is not deleted if there
is any prior information cached in it.

Reviewed by: Peter Wemm,asmodai
2000-07-21 23:26:37 +00:00
itojun
5f4e854de1 sync with kame tree as of july00. tons of bug fixes/improvements.
API changes:
- additional IPv6 ioctls
- IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8).
  (also syntax change)
2000-07-04 16:35:15 +00:00
phk
e5de271d47 Previous commit changing SYSCTL_HANDLER_ARGS violated KNF.
Pointed out by:	bde
2000-07-04 11:25:35 +00:00
phk
61ff05be25 Style police catches up with rev 1.26 of src/sys/sys/sysctl.h:
Sanitize SYSCTL_HANDLER_ARGS so that simplistic tools can grog our
sources:

        -sysctl_vm_zone SYSCTL_HANDLER_ARGS
        +sysctl_vm_zone (SYSCTL_HANDLER_ARGS)
2000-07-03 09:35:31 +00:00
peter
e7bffe5da6 Return ECONNRESET instead of EINVAL if the connection has been shot
down as a result of a reset.  Returning EINVAL in that case makes no
sense at all and just confuses people as to what happened.  It could be
argued that we should save the original address somewhere so that
getsockname() etc can tell us what it used to be so we know where the
problem connection attempts are coming from.
2000-05-19 00:55:21 +00:00
ps
7de430ad34 Try and make the kernel build again without INET6. 2000-04-02 03:49:25 +00:00
shin
09037f119d Support per socket based IPv4 mapped IPv6 addr enable/disable control.
Submitted by: ume
2000-04-01 22:35:47 +00:00
green
08e4f07002 in6_pcb.c:
Remove a bogus (redundant, just weird, etc.) key_freeso(so).
	There are no consumers of it now, nor does it seem there
	ever will be.

in6?_pcb.c:
	Add an if (inp->in6?p_sp != NULL) before the call to
	ipsec[46]_delete_pcbpolicy(inp).  In low-memory conditions
	this can cause a crash because in6?_sp can be NULL...
2000-03-22 02:27:30 +00:00
shin
50ba589c66 IPSEC support in the kernel.
pr_input() routines prototype is also changed to support IPSEC and IPV6
chained protocol headers.

Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
1999-12-22 19:13:38 +00:00
eivind
8befc1a2b8 Change incorrect NULLs to 0s 1999-12-21 11:14:12 +00:00
shin
70f0bdf681 udp IPv6 support, IPv6/IPv4 tunneling support in kernel,
packet divert at kernel for IPv6/IPv4 translater daemon

This includes queue related patch submitted by jburkhol@home.com.

Submitted by: queue related patch from jburkhol@home.com
Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
1999-12-07 17:39:16 +00:00
shin
cad2014b27 KAME netinet6 basic part(no IPsec,no V6 Multicast Forwarding, no UDP/TCP
for IPv6 yet)

With this patch, you can assigne IPv6 addr automatically, and can reply to
IPv6 ping.

Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
1999-11-22 02:45:11 +00:00
shin
7efc91cadc KAME related header files additions and merges.
(only those which don't affect c source files so much)

Reviewed by: cvs-committers
Obtained from: KAME project
1999-11-05 14:41:39 +00:00
green
4395e552e2 Change so_cred's type to a ucred, not a pcred. THis makes more sense, actually.
Make a sonewconn3() which takes an extra argument (proc) so new sockets created
with sonewconn() from a user's system call get the correct credentials, not
just the parent's credentials.
1999-09-19 02:17:02 +00:00
peter
3b842d34e8 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
green
78204b1ba9 Correct a mistake in so_cred changes. In practice, I don't think that it
would make a difference. However, my previous diff _did_ change the
behavior in some way (not necessarily break it), so I'm fixing it.

Found by:	bde
Submitted by:	bde
1999-07-12 18:58:23 +00:00
pb
3213b13650 In in_pcbconnect(), check the return value from in_pcbbind() and
exit on errors.

If we don't, in_pcbrehash() is called without a preceeding
in_pcbinshash(), causing a crash.

There are apparently several conditions that could cause the crash;
PR misc/12256 is only one of these.

PR:		misc/12256
1999-06-25 23:46:47 +00:00
green
4c7609f41f Reviewed by: the cast of thousands
This is the change to struct sockets that gets rid of so_uid and replaces
it with a much more useful struct pcred *so_cred. This is here to be able
to do socket-level credential checks (i.e. IPFW uid/gid support, to be added
to HEAD soon). Along with this comes an update to pidentd which greatly
simplifies the code necessary to get a uid from a socket. Soon to come:
a sysctl() interface to finding individual sockets' credentials.
1999-06-17 23:54:50 +00:00
phk
ca21a25f17 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
phk
16e3fbd2c1 Suser() simplification:
1:
  s/suser/suser_xxx/

2:
  Add new function: suser(struct proc *), prototyped in <sys/proc.h>.

3:
  s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/

The remaining suser_xxx() calls will be scrutinized and dealt with
later.

There may be some unneeded #include <sys/cred.h>, but they are left
as an exercise for Bruce.

More changes to the suser() API will come along with the "jail" code.
1999-04-27 11:18:52 +00:00
dillon
dbf5cd2b57 Fix warnings in preparation for adding -Wall -Wcast-qual to the
kernel compile
1999-01-27 22:42:27 +00:00
archie
60d13c7a9d The "easy" fixes for compiling the kernel -Wunused: remove unreferenced static
and local variables, goto labels, and functions declared but not defined.
1998-12-07 21:58:50 +00:00
fenner
f32632b69e Fix the bind security fix introduced in rev 1.38 to work with multicast:
- Don't bother checking for conflicting sockets if we're binding to a
  multicast address.
- Don't return an error if we're binding to INADDR_ANY, the conflicting
  socket is bound to INADDR_ANY, and the conflicting socket has SO_REUSEPORT
  set.

PR:		kern/7713
1998-09-17 18:42:16 +00:00
wollman
bbc4497ada Convert socket structures to be type-stable and add a version number.
Define a parameter which indicates the maximum number of sockets in a
system, and use this to size the zone allocators used for sockets and
for certain PCBs.

Convert PF_LOCAL PCB structures to be type-stable and add a version number.

Define an external format for infomation about socket structures and use
it in several places.

Define a mechanism to get all PF_LOCAL and PF_INET PCB lists through
sysctl(3) without blocking network interrupts for an unreasonable
length of time.  This probably still has some bugs and/or race
conditions, but it seems to work well enough on my machines.

It is now possible for `netstat' to get almost all of its information
via the sysctl(3) interface rather than reading kmem (changes to follow).
1998-05-15 20:11:40 +00:00
phk
0f961b2277 According to:
ftp://ftp.isi.edu/in-notes/iana/assignments/port-numbers

port numbers are divided into three ranges:

	    0 -  1023 Well Known Ports
	 1024 - 49151 Registered Ports
	49152 - 65535 Dynamic and/or Private Ports

This patch changes the "local port range" from 40000-44999
to the range shown above (plus fix the comment in in_pcb.c).

WARNING: This may have an impact on firewall configurations!

PR:		5402
Reviewed by:	phk
Submitted by:	Stephen J. Roznowski <sjr@home.net>
1998-04-19 17:22:30 +00:00
bde
cd450d6714 Moved some #includes from <sys/param.h> nearer to where they are actually
used.
1998-03-28 10:33:27 +00:00
bde
dee7f44b92 Fixed style bugs (mostly) in previous commit. 1998-03-28 10:18:26 +00:00
wollman
d43e6115b6 Use the zone allocator to allocate inpcbs and tcpcbs. Each protocol creates
its own zone; this is used particularly by TCP which allocates both inpcb and
tcpcb in a single allocation.  (Some hackery ensures that the tcpcb is
reasonably aligned.)  Also keep track of the number of pcbs of each type
allocated, and keep a generation count (instance version number) for future
use.
1998-03-24 18:06:34 +00:00
guido
406aea3e09 Make sure that you can only bind a more specific address when it is
done by the same uid.
Obtained from: OpenBSD
1998-03-01 19:39:29 +00:00
dg
7262ff6e58 Improved connection establishment performance by doing local port lookups via
a hashed port list. In the new scheme, in_pcblookup() goes away and is
replaced by a new routine, in_pcblookup_local() for doing the local port
check. Note that this implementation is space inefficient in that the PCB
struct is now too large to fit into 128 bytes. I might deal with this in the
future by using the new zone allocator, but I wanted these changes to be
extensively tested in their current form first.

Also:
1) Fixed off-by-one errors in the port lookup loops in in_pcbbind().
2) Got rid of some unneeded rehashing. Adding a new routine, in_pcbinshash()
   to do the initialial hash insertion.
3) Renamed in_pcblookuphash() to in_pcblookup_hash() for easier readability.
4) Added a new routine, in_pcbremlists() to remove the PCB from the various
   hash lists.
5) Added/deleted comments where appropriate.
6) Removed unnecessary splnet() locking. In general, the PCB functions should
   be called at splnet()...there are unfortunately a few exceptions, however.
7) Reorganized a few structs for better cache line behavior.
8) Killed my TCP_ACK_HACK kludge. It may come back in a different form in
   the future, however.

These changes have been tested on wcarchive for more than a month. In tests
done here, connection establishment overhead is reduced by more than 50
times, thus getting rid of one of the major networking scalability problems.

Still to do: make tcp_fastimo/tcp_slowtimo scale well for systems with a
large number of connections. tcp_fastimo is easy; tcp_slowtimo is difficult.

WARNING: Anything that knows about inpcb and tcpcb structs will have to be
         recompiled; at the very least, this includes netstat(1).
1998-01-27 09:15:13 +00:00
dg
2a494c06e2 The spl fixes in in_setsockaddr and in_setpeeraddr that were meant to
fix PR#3618 weren't sufficient since malloc() can block - allowing the
net interrupts in and leading to the same problem mentioned in the
PR (a panic). The order of operations has been changed so that this
is no longer a problem.
Needs to be brought into the 2.2.x branch.
PR:		3618
1997-12-25 06:57:36 +00:00
alex
064cf03a22 Removed unnecessary setting of 'error' -- binding to a privileged port
by a non-root user always returns EACCES.
1997-12-23 01:40:40 +00:00
bde
fb826377ff Removed unused #includes. 1997-10-28 15:59:26 +00:00
wollman
4542c1cf5d Fix all areas of the system (or at least all those in LINT) to avoid storing
socket addresses in mbufs.  (Socket buffers are the one exception.)  A number
of kernel APIs needed to get fixed in order to make this happen.  Also,
fix three protocol families which kept PCBs in mbufs to not malloc them
instead.  Delete some old compatibility cruft while we're at it, and add
some new routines in the in_cksum family.
1997-08-16 19:16:27 +00:00
tegge
4f2495eff0 Break apart initialization of s and inp from the declarations in
in_setsockaddr and in_setpeeraddr.
Suggested by:	Justin T. Gibbs <gibbs@plutotech.com>
1997-05-19 01:28:39 +00:00
tegge
ffb9c56f76 Disallow network interrupts while the address is found and copied in
in_setsockaddr and in_setpeeraddr.
Handle the case where the socket was disconnected before the network
interrupts were disabled.
Reviewed by:	Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
1997-05-19 00:18:30 +00:00
wollman
6afbf203bd The long-awaited mega-massive-network-code- cleanup. Part I.
This commit includes the following changes:
1) Old-style (pr_usrreq()) protocols are no longer supported, the compatibility
glue for them is deleted, and the kernel will panic on boot if any are compiled
in.

2) Certain protocol entry points are modified to take a process structure,
so they they can easily tell whether or not it is possible to sleep, and
also to access credentials.

3) SS_PRIV is no more, and with it goes the SO_PRIVSTATE setsockopt()
call.  Protocols should use the process pointer they are now passed.

4) The PF_LOCAL and PF_ROUTE families have been updated to use the new
style, as has the `raw' skeleton family.

5) PF_LOCAL sockets now obey the process's umask when creating a socket
in the filesystem.

As a result, LINT is now broken.  I'm hoping that some enterprising hacker
with a bit more time will either make the broken bits work (should be
easy for netipx) or dike them out.
1997-04-27 20:01:29 +00:00
dg
3913f72826 Reorganize elements of the inpcb struct to take better advantage of
cache lines. Removed the struct ip proto since only a couple of chars
were actually being used in it. Changed the order of compares in the
PCB hash lookup to take advantage of partial cache line fills (on PPro).

Discussed-with: wollman
1997-04-03 05:14:45 +00:00
bde
117209856b Don't include <sys/ioctl.h> in the kernel. Stage 1: don't include
it when it is not used.  In most cases, the reasons for including it
went away when the special ioctl headers became self-sufficient.
1997-03-24 11:25:10 +00:00
dg
1e7a910ca1 Improved performance of hash algorithm while (hopefully) not reducing
the quality of the hash distribution. This does not fix a problem dealing
with poor distribution when using lots of IP aliases and listening
on the same port on every one of them...some other day perhaps; fixing
that requires significant code changes.
The use of xor was inspired by David S. Miller <davem@jenolan.rutgers.edu>
1997-03-03 09:23:37 +00:00
peter
94b6d72794 Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not
ready for it yet.
1997-02-22 09:48:43 +00:00
wollman
9c02696981 Convert raw IP from mondo-switch-statement-from-Hell to
pr_usrreqs.  Collapse duplicates with udp_usrreq.c and
tcp_usrreq.c (calling the generic routines in uipc_socket2.c and
in_pcb.c).  Calling sockaddr()_ or peeraddr() on a detached
socket now traps, rather than harmlessly returning an error; this
should never happen.  Allow the raw IP buffer sizes to be
controlled via sysctl.
1997-02-18 20:46:36 +00:00
jkh
808a36ef65 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
wollman
3417f94110 Convert the interface address and IP interface address structures
to TAILQs.  Fix places which referenced these for no good reason
that I can see (the references remain, but were fixed to compile
again; they are still questionable).
1996-12-13 21:29:07 +00:00
peter
0ddb96bd1e Fix braino on my part. When we have three different port ranges (default,
"high" and "secure"), we can't use a single variable to track the most
recently used port in all three ranges.. :-]  This caused the next
transient port to be allocated from the start of the range more often than
it should.
1996-10-30 06:13:10 +00:00
dg
00503a161c Improved in_pcblookuphash() to support wildcarding, and changed relavent
callers of it to take advantage of this. This reduces new connection
request overhead in the face of a large number of PCBs in the system.
Thanks to David Filo <filo@yahoo.com> for suggesting this and providing
a sample implementation (which wasn't used, but showed that it could be
done).

Reviewed by:	wollman
1996-10-07 19:06:12 +00:00
phk
b8aebaca26 Mark sockets where the kernel chose the port# for.
This can be used by netstat to behave more intelligently.
1996-08-23 18:59:07 +00:00
peter
cff0cee56f Add two more portrange sysctls, which control the area of the below
IPPORT_RESERVED that is used for selection when bind() is told to allocate
a reserved port.

Also, implement simple sanity checking for all the addresses set, to make
it a little harder for a user/sysadmin to shoot themselves in the feet.
1996-08-12 14:05:54 +00:00
peter
47ebff663e More closely preserve the original operation of rresvport() when using
IP_PORTRANGE_LOW.
1996-05-31 05:11:22 +00:00
dg
3f0638f73b Move or add #include <queue.h> in preparation for upcoming struct socket
changes.
1996-03-11 15:13:58 +00:00
peter
fe35eac01c Make the default behavior of local port assignment match traditional
systems (my last change did not mix well with some firewall
configurations).  As much as I dislike firewalls, this is one thing I
I was not prepared to break by default.. :-)

Allow the user to nominate one of three ranges of port numbers as
candidates for selecting a local address to replace a zero port number.
The ranges are selected via a setsockopt(s, IPPROTO_IP, IP_PORTRANGE, &arg)
call.  The three ranges are: default, high (to bypass firewalls) and
low (to get a port below 1024).

The default and high port ranges are sysctl settable under sysctl
net.inet.ip.portrange.*

This code also fixes a potential deadlock if the system accidently ran out
of local port addresses. It'd drop into an infinite while loop.

The secure port selection (for root) should reduce overheads and increase
reliability of rlogin/rlogind/rsh/rshd if they are modified to take
advantage of it.

Partly suggested by: pst
Reviewed by: wollman
1996-02-22 21:32:23 +00:00
peter
2f93f3daa7 Change the default local address range for IP from 1024 through 5000
to 20000 through 30000.  These numbers are used for local IP port numbers
when an explicit address is not specified.

The values are sysctl modifiable under: net.inet.ip.port_{first|last}_auto

These numbers do not overlap with any known server addresses, without going
above 32768 which are "negative" on some other implementations.

20000 through 30000 is 2.5 times larger than the old range, but some have
suggested even that may not be enough... (gasp!)  Setting a low address
of 10000 should be plenty.. :-)
1996-01-19 08:00:58 +00:00
phk
db2c71245d New style sysctl & staticize alot of stuff. 1995-11-14 20:34:56 +00:00
phk
88d6fa4d4a Second batch of cleanup changes.
This time mostly making a lot of things static and some unused
variables here and there.
1995-10-29 15:33:36 +00:00
wollman
b4a12df8bb Merge 4.4-Lite-2: use M_NOWAIT in in_pcballoc(), and return EACCES rather
than EPERM on illegal attempt to bind a reserved port.

Obtained from:	4.4BSD-Lite-2
1995-09-21 17:55:49 +00:00
rgrimes
c86f0c7a71 Remove trailing whitespace. 1995-05-30 08:16:23 +00:00
dg
b8a73effc2 Changed in_pcblookuphash() to not automatically call in_pcblookup() if
the lookup fails. Updated callers to deal with this. Call in_pcblookuphash
instead of in_pcblookup() in in_pcbconnect; this improves performance of
UDP output by about 17% in the standard case.
1995-05-03 07:16:53 +00:00
dg
01191f6af4 Added splnet protections for PCB list manipulations and traversals. 1995-04-10 08:52:45 +00:00
dg
919fdebd0e Implemented PCB hashing. Includes new functions in_pcbinshash, in_pcbrehash,
and in_pcblookuphash.
1995-04-09 01:29:31 +00:00
bde
289f11acb4 Add and move declarations to fix all of the warnings from `gcc -Wimplicit'
(except in netccitt, netiso and netns) and most of the warnings from
`gcc -Wnested-externs'.  Fix all the bugs found.  There were no serious
ones.
1995-03-16 18:17:34 +00:00
dg
903067464b pcb allocations are not always done on behalf of a process; it is not
okay to wait.
1995-03-14 21:50:55 +00:00
dg
2fed68467b Move exact match pcb's to the head of the list to improve lookup
performance.
1995-03-02 19:29:42 +00:00
wollman
0f1c96e359 Transaction TCP support now standard. Hack away! 1995-02-16 00:55:44 +00:00
wollman
97873f1113 T/TCP changes to generic IP code. This is all ifdefed TTCP so should
have no effect on most users for now.  (Eventually, once this code is
fully tested, the ifdefs will go away.)
1995-02-08 20:22:09 +00:00
dg
8d205697aa Added $Id$ 1994-08-02 07:55:43 +00:00
rgrimes
2469c867a1 The big 4.4BSD Lite to FreeBSD 2.0.0 (Development) patch.
Reviewed by:	Rodney W. Grimes
Submitted by:	John Dyson and David Greenman
1994-05-25 09:21:21 +00:00
rgrimes
8fb65ce818 BSD 4.4 Lite Kernel Sources 1994-05-24 10:09:53 +00:00