Commit Graph

483 Commits

Author SHA1 Message Date
gpalmer
301f2161ba Remove useless entries from the inetsw structure initiliser which
only produced compile-time warnings.

Reviewed/Tested by: Bill Fenner <fenner@parc.xerox.com>
1996-05-08 04:34:03 +00:00
gpalmer
c79cc630ed Clean up various compiler warnings. Most (if not all) were benign
Reviewed by:	bde
1996-05-08 04:29:08 +00:00
phk
76d21f8e79 Several locations in sys/netinet/ip_fw.c are lacking or incorrectly
use spl() functions.

Reviewed by:	phk
Submitted by:	Alex Nash <alex@zen.nash.org>
1996-05-06 20:31:04 +00:00
wollman
a62508b8be Add three new route flags to help determine what sort of address
the destination represents.  For IP:

- Iff it is a host route, RTF_LOCAL and RTF_BROADCAST indicate local
  (belongs to this host) and broadcast addresses, respectively.

- For all routes, RTF_MULTICAST is set if the destination is multicast.

The RTF_BROADCAST flag is used by ip_output() to eliminate a call to
in_broadcast() in a common case; this gives about 1% in our packet-generation
experiments.  All three flags might be used (although they aren't now)
to determine whether a packet can be forwarded; a given host route can
represent a forwardable address if:

	(rt->rt_flags & (RTF_HOST | RTF_LOCAL | RTF_BROADCAST | RTF_MULTICAST))
	== RTF_HOST

Obviously, one still has to do all the work if a host route is not present,
but this code allows one to cache the results of such a lookup if rtalloc1()
is called without masking RTF_PRCLONING.
1996-05-06 17:42:13 +00:00
fenner
1284248a56 Back out my stupid braino; I was thinking strlen and not sizeof. 1996-05-02 05:54:14 +00:00
fenner
2163f66f9a Size temp var correctly; buf[4*sizeof "123"] is not long enough
to store "192.252.119.189\0".
1996-05-02 05:31:13 +00:00
ache
8a5de28c05 inet_ntoa buffer was evaluated twice in log_in_vain, fix it.
Thanx to: jdp
1996-04-27 18:19:12 +00:00
wollman
c9ab94c878 Delete #ifdef notdef blocks containing old method of srtt calculation.
Requested by: davidg
1996-04-26 18:32:58 +00:00
wollman
411e2af1bd Delete #if 0 block containing remnants of pre-MTU discovery rmx_mtu
initialization.
1996-04-26 18:31:41 +00:00
wollman
8fcdf08026 Delete #if 0 block containing unused definitions for ARPANET/DDN IMP
and HYPERchannel link layers.
1996-04-26 18:30:52 +00:00
bde
22a2f6a4fc Fixed in-line IP header checksumming. It was performed on the wrong header
in one case.
1996-04-21 13:47:43 +00:00
wollman
c1be8d9d1d Three speed-ups in the output path (two small, one substantial):
1) Require all callers to pass a valid route pointer to ip_output()
   so that we don't have to check and allocate one off the stack
   as was done before.  This eliminates one test and some stack
    bloat from the common (UDP and TCP) case.

2) Perform the IP header checksum in-line if it's of the usual length.
    This results in about a 5% speed-up in my packet-generation test.

3) Use ip_vhl field rather than ip_v and ip_hl bitfields.
1996-04-18 15:49:06 +00:00
wollman
26b91f003d Define a few macros useful in the _IP_VHL case. 1996-04-18 15:42:50 +00:00
wollman
753262bd8b Fix a warning by not referencing ip_output() as a pr_output() member. 1996-04-18 15:41:51 +00:00
wollman
de80c032c5 Always call ip_output() with a valid route pointer. For igmp, also get the
multicast option structure off the stack rather than malloc.
1996-04-18 15:41:11 +00:00
dg
64edb8a1f6 Two fixes from Rich Stevens:
1) Set the persist timer to help time-out connections in the CLOSING state.
2) Honor the keep-alive timer in the CLOSING state.

   This fixes problems with connections getting "stuck" due to incompletion
of the final connection shutdown which can be a BIG problem on busy WWW
servers.
1996-04-15 03:46:33 +00:00
bde
6eb67292b0 Eliminated sloppy common-style declarations. Now there are no duplicated
common labels for LINT.  There are still some common declarations for the
!KERNEL case in tcp_debug.h and spx_debug.h.  trpt depends on the ones in
tcp_debug.h.
1996-04-13 12:45:57 +00:00
phk
a6adcd28ee Fix a bogon I introduced with my last change.
Submitted by:	Andreas Klemm <andreas@knobel.gun.de>
1996-04-12 09:24:22 +00:00
pst
67931eee29 Logging UDP and TCP connection attempts should not be enabled by default.
It's trivial to create a denial of service attack on a box so enabled.

These messages, if enabled at all, must be rate-limited. (!)
1996-04-09 07:01:53 +00:00
dg
d12b1628ed Added proper splnet protection while modifying the interface address list.
This fixes a panic that occurs when ifconfig ioctl(s) were interrupted
by IP traffic at the wrong time - resulting in a NULL pointer dereference.
This was originally noticed on a FreeBSD 1.0 system, but the problem still
exists in current sources.
1996-04-07 06:59:52 +00:00
phk
8fad3d6dbc Add a sysctl (net.inet.tcp.always_keepalive: 0) that when set will force
keepalive on all tcp sessions.  Setsockopt(2) cannot override this setting.
Maybe another one is needed that just changes the default for SO_KEEPALIVE ?
Requested by: Joe Greco <jgreco@brasil.moneng.mei.com>
1996-04-04 11:17:04 +00:00
phk
1eff72b85f Log TCP syn packets for ports we don't listen on.
Controlled by: sysctl net.inet.tcp.log_in_vain: 1

Log UDP syn packets for ports we don't listen on.
Controlled by: sysctl net.inet.udp.log_in_vain: 1

Suggested by:	Warren Toomey <wkt@cs.adfa.oz.au>
1996-04-04 10:46:44 +00:00
wollman
a9ce2b638f Always pass a route structure when calling ip_output(). 1996-04-03 18:52:22 +00:00
phk
8a4381b139 Add feature for tcp "established".
Change interface between netinet and ip_fw to be more general, and thus
hopefully also support other ip filtering implementations.
1996-04-03 13:52:20 +00:00
phk
5a3487eb35 Fix two cases where ia->ia_ifp could be NULL. 1996-04-02 12:26:10 +00:00
wollman
97675e8fd0 In tcp_respond(), check that ro->ro_rt is non-null before RTFREEing
it.
1996-03-27 18:23:16 +00:00
fenner
3a263cba5b Make rip_input() take the header length
Move ipip_input() and rsvp_input() prototypes to ip_var.h
Remove unused prototype for rip_ip_input() from ip_var.h
Remove unused variable *opts from rip_output()
1996-03-26 19:16:46 +00:00
fenner
17873515fa Add missing splx(s) in IP_MULTICAST_IF
Submitted by:	Jim Binkley <jrb@cs.pdx.edu>
1996-03-26 18:56:51 +00:00
wollman
444648d459 Slight modification of RTO floor calculation. 1996-03-25 20:13:21 +00:00
phk
8e228c5ec3 Check the validity of ia->ia_ifp before we dereference it. 1996-03-25 17:41:23 +00:00
fenner
02d2342bc2 Send ARP's for aliased subnets with the proper source address.
Get rid of ac->ac_ipaddr and arpwhohas() since they assume that
an interface has only one address.

Obtained from:	BSD/OS 2.1, via Rich Stevens <rstevens@noao.edu>
1996-03-23 01:32:30 +00:00
wollman
a24ad9f082 Make sure tcp_respond() always calls ip_output() with a valid
route pointer.  This has no effect in the current ip_output(),
but my version requires that ip_output() always be passed a route.
1996-03-22 18:11:25 +00:00
wollman
acfe4c4467 A number of performance-reducing flaws fixed based on comments
from Larry Peterson &co. at Arizona:

- Header prediction for ACKs did not exclude Fast Retransmit/Recovery.
- srtt calculation tended to get ``stuck'' and could never decrease
  when below 8.  It still can't, but the scaling factors are adjusted
  so that this artifact does not cause as bad an effect on the RTO
  value as it used to.

The paper also points out the incr/8 error that has been long since fixed,
and the problems with ACKing frequency resulting from the use of options
which I suspect to be fixed already as well (as part of the T/TCP work).

Obtained from:	Brakmo & Peterson, ``Performance Problems in BSD4.4 TCP''
1996-03-22 18:09:21 +00:00
fenner
7eae8f5c38 Allow SIOCGIFBRDADDR and SIOCGIFNETMASK to return information about
aliases, if the alias address was passed in the struct ifreq.
Default to first address on the list, for backwards compatibility.
1996-03-15 17:08:07 +00:00
fenner
fac8f2c922 IGMPv2 routines rewritten, to be more compact and to fully comply
with the IGMPv2 Internet Draft (including Router Alert IP option)
1996-03-14 16:59:20 +00:00
pst
8c5e343745 Fix ip option processing for raw IP sockets. This whole thing is a compromise
between ignoring options specified in the setsockopt call if IP_HDRINCL is set
(the UCB choice when VJ's code was brought in) vs allowing them (what everyone
else did, and what is assumed by programs everywhere...sigh).

Also perform some checking of the passed down packet to avoid running off
the end of a mbuf chain.

Reviewed by:	fenner
1996-03-13 08:02:45 +00:00
fenner
e994b234d9 Cleaned up uninitialized 'rt' warning properly
Make a copy of the header of a packet that gets queued due to
 lack of forwarding cache entry, so that nobody else can step
 on it.  Thanks to Mike Karels <karels@bsdi.com> for pointing
 this one out.
1996-03-11 17:11:23 +00:00
dg
3f0638f73b Move or add #include <queue.h> in preparation for upcoming struct socket
changes.
1996-03-11 15:13:58 +00:00
peter
13a0014ac8 Add more options into the conf/options and i386/conf/options.i386 files
and the #include hooks so that 'make depend' is more useful.  This
covers most of the options I regularly use (but not all) and some other
easy ones.
1996-03-02 18:24:13 +00:00
phk
f327e1fb69 Forgot to remove this file. 1996-02-28 13:30:14 +00:00
bde
da4d15fbc1 Spell tcp_listendrop consistently so that tcp_input.c and netstat compile. 1996-02-27 15:12:53 +00:00
guido
89b4ca893f Add a counter for the number of times the listen queue was overflowed to
the tcpstat structure. (netstat -s)
Reviewed by:	wollman
Obtained from: Steves, TCP/IP Ill. vol.3, page 189
1996-02-26 21:47:13 +00:00
phk
7d088ff674 Fix wrong logic, certain rules never matched. 1996-02-26 15:28:15 +00:00
phk
45a7f29691 Make getsockopt() capable of handling more than one mbuf worth of data.
Use this to read rules out of ipfw.
Add the lkm code to ipfw.c
1996-02-24 13:38:28 +00:00
phk
91b3fcc1e2 The new firewall functionality:
Filter on the direction (in/out).
	Filter on fragment/not fragment.
1996-02-24 00:17:35 +00:00
phk
f4937893f0 I overlooked this one. 1996-02-23 20:11:37 +00:00
phk
37d6472c4f Big sweep over the IPFIREWALL and IPACCT code.
Close the ip-fragment hole.
Waste less memory.
Rewrite to contemporary more readable style.
Kill separate IPACCT facility, use "accept" rules in IPFIREWALL.
Filter incoming >and< outgoing packets.
Replace "policy" by sticky "deny all" rule.
Rules have numbers used for ordering and deletion.
Remove "rerorder" code entirely.
Count packet & bytecount matches for rules.

Code in -current & -stable is now the same.
1996-02-23 15:47:58 +00:00
peter
fe35eac01c Make the default behavior of local port assignment match traditional
systems (my last change did not mix well with some firewall
configurations).  As much as I dislike firewalls, this is one thing I
I was not prepared to break by default.. :-)

Allow the user to nominate one of three ranges of port numbers as
candidates for selecting a local address to replace a zero port number.
The ranges are selected via a setsockopt(s, IPPROTO_IP, IP_PORTRANGE, &arg)
call.  The three ranges are: default, high (to bypass firewalls) and
low (to get a port below 1024).

The default and high port ranges are sysctl settable under sysctl
net.inet.ip.portrange.*

This code also fixes a potential deadlock if the system accidently ran out
of local port addresses. It'd drop into an infinite while loop.

The secure port selection (for root) should reduce overheads and increase
reliability of rlogin/rlogind/rsh/rshd if they are modified to take
advantage of it.

Partly suggested by: pst
Reviewed by: wollman
1996-02-22 21:32:23 +00:00
dg
41aff73dfb Fixed bug in Path MTU Discovery that caused the system to have to re-
discover the Path MTU for each connection if the connecting host didn't
offer an initial MSS.

Submitted by:	davidg & olah
1996-02-22 11:46:39 +00:00
fenner
b2e0f850a9 Make the "arpresolve: can't allocate llinfo" error message
more useful by printing out the IP address it was trying to
resolve, since we're seeing so many complaints about this
error.
1996-02-20 17:54:17 +00:00
wollman
af1fba7084 #if out unsupported IMP code. 1996-02-08 15:43:35 +00:00
wollman
9bfe2ca847 Provide a direct entry point for IP input. This actually results
in a slight decrease in performance, but will lead to better
performance later.
1996-02-05 20:36:02 +00:00
wollman
0f4941f370 Fill in the corresponding ether address of multicast and broadcast
pseudo-``ARP entries'' so arp(8) doesn't show them as `unresolved'.
1996-02-05 18:04:30 +00:00
phk
fb13b8ddcf Make the sorting of IPFW rules an option. You don't want it to sort them.
>>>WARNING<<<  you may have to revisit your firewall setup.
1996-02-03 11:48:12 +00:00
olah
09077f7acf Fix a bug related to the interworking of T/TCP and window scaling:
when a connection enters the ESTBLS state using T/TCP, then window
scaling wasn't properly handled.  The fix is twofold.

1) When the 3WHS completes, make sure that we update our window
scaling state variables.

2) When setting the `virtual advertized window', then make sure
that we do not try to offer a window that is larger than the maximum
window without scaling (TCP_MAXWIN).

Reviewed by:	davidg
Reported by:	Jerry Chen <chen@Ipsilon.COM>
1996-01-31 08:22:24 +00:00
mpp
f3dd75a38d Fix a bunch of spelling errors in the comment fields of
a bunch of system include files.
1996-01-30 23:02:38 +00:00
phk
2dd896405c The last part of the ether_sprint -> %6D change.
Sorry for the delay.
(%D is for hexdumping.)
1996-01-26 09:29:29 +00:00
phk
e7b9c377f8 Use new printf features rather than local kludges. 1996-01-24 21:12:23 +00:00
fenner
ef1b06ef29 First piece of fixing ppp/proxy arp problem:
If an attempt to add a route fails because an "ARP table" entry is in
the way, remove the ARP entry and retry the add.

Reviewed by:	nate
1996-01-23 05:15:30 +00:00
peter
751bd9fd9c remove tcp_lastport - it has not been used for quite a while (at least
since the hashed pcb's I think).
1996-01-19 08:02:34 +00:00
peter
2f93f3daa7 Change the default local address range for IP from 1024 through 5000
to 20000 through 30000.  These numbers are used for local IP port numbers
when an explicit address is not specified.

The values are sysctl modifiable under: net.inet.ip.port_{first|last}_auto

These numbers do not overlap with any known server addresses, without going
above 32768 which are "negative" on some other implementations.

20000 through 30000 is 2.5 times larger than the old range, but some have
suggested even that may not be enough... (gasp!)  Setting a low address
of 10000 should be plenty.. :-)
1996-01-19 08:00:58 +00:00
fenner
d9db1417ad Add definitions for ICMP router discovery.
Reviewed by:	wollman
1996-01-19 01:19:08 +00:00
olah
93bd3a261b Be more conservative when T/TCP extensions are disabled. In particular,
do not send data and/or FIN on SYN segments in this case.
1996-01-17 09:35:23 +00:00
dg
376af46ac8 Fix logic bug (!= should be ==) in recent P2P/multicast kludge.
Reviewed by:	Bill Fenner <fenner@parc.xerox.com>
Submitted by:	Dave Marquardt <marquard@austin.ibm.com>
1996-01-09 08:26:07 +00:00
guido
128060c302 Fix a bug where having a process listening to both a INADDR_ANY and a
local address, that was assigned with ifconfig alias and netmask
0xffffffff, would receive duplictae udp packets.
This behaviour can easily be seen by having named run, and using the alias
address as the name server.
This solution is not the pretiest one, but after talk with Garreth, it
is seen as the most easy one.
1996-01-08 20:59:06 +00:00
wollman
9e6f88883f Finally demolished the last, tottering remnants of GATEWAY. If you want
to enable IP forwarding, use sysctl(8).  Also did the same for IPX,
which involved inventing a completely new MIB from whole cloth (which
I may not quite have correct); be aware of this if you use IPX forwarding.
(The two should never have been controlled by the same option anyway.)
1996-01-05 20:47:05 +00:00
olah
d8eaf8a564 Reverse the modification which caused the annoying m_copydata crash: set
the TF_ACKNOW flag when the REXMT timer goes off to force a
retransmission.  In certain situations pulling snd_nxt back to snd_una
is not sufficient.
1996-01-04 21:34:21 +00:00
wollman
5aca0b4f83 Try to make multicast routing work correctly over point-to-point
links (which was broken previously by the support for half-routers).

Submitted by:	Bill Fenner <fenner@parc.xerox.com>
1996-01-03 20:24:33 +00:00
dg
5f2491a2da Remove some bogus externs. 1995-12-29 01:12:02 +00:00
wollman
3b1844ffed If _IP_VHL is defined, declare a single ip_vhl member in struct ip rather
than separate ip_v and ip_hl members.  Should have no effect on current code,
but I'd eventually like to get rid of those obnoxious bitfields completely.
1995-12-21 21:20:27 +00:00
wollman
2f6b2c3a32 Delete old-style-broadcast-address compatibility cruft in IP input path.
If users want to use the old-style broadcast addresses, they will have to
currectly configure their systems.
1995-12-21 21:12:22 +00:00
wollman
3bc72fd215 in_proto.c: spell ``Internet'' right and put whitespace after commas.
others: start to populate the link-layer branch of the net mib, by
moving ARP to its proper place.  (ARP is not a protocol family, it's an
interface layer between a medium-access layer and a protocol family.)
sysctl(8) needs to be taught about the structure of this branch, unless
Poul-Henning implements dynamic MIB exploration soon.
1995-12-20 21:53:53 +00:00
wollman
d1c087d3d5 Demolish DIRECTED_BROADCAST. It was always a bad idea, and nobody uses it. 1995-12-20 18:04:19 +00:00
wollman
901107a3b5 Fix a nagging divide-by-zero error resulting from the MTU discovery code
getting triggered at a bad time.
1995-12-20 17:42:28 +00:00
wollman
91849f5fa5 Added a comment about why trying to make a one-behind cache for
the route in ip_output() is a bad idea.
1995-12-19 21:24:19 +00:00
wollman
1074a27504 Actually call in_rtqdrain()as was originally intended. 1995-12-19 20:46:15 +00:00
bde
113a24d243 Uniformized pr_ctlinput protosw functions. The third arg is now `void
*' instead of caddr_t and it isn't optional (it never was).  Most of the
netipx (and netns) pr_ctlinput functions abuse the second arg instead of
using the third arg but fixing this is beyond the scope of this round
of changes.
1995-12-16 02:14:44 +00:00
bde
1e4a69fd03 Added a prototype. 1995-12-16 00:05:40 +00:00
phk
9cb413a93c Another mega commit to staticize things. 1995-12-14 09:55:16 +00:00
phk
8f20b511b7 Staticize. 1995-12-09 20:43:53 +00:00
phk
88842a65c3 Remove old ballast, clean up a little bit, staticize.
Add five sysctl variables that you should probably never tweak.
	net.arp.t_prune: 300
	net.arp.t_keep: 1200
	net.arp.t_down: 20
	net.arp.maxtries: 5
	net.arp.useloopback: 1
	net.arp.proxyall: 0

(It's net.arp because arp isn't limited to inet, though our present
implementation surely is).
1995-12-09 16:06:54 +00:00
wollman
ed86a6f0a2 Added a conditionalized printf for debugging MTU discovery. 1995-12-08 16:46:06 +00:00
bde
63875293f2 Removed unnecessary #includes of vm stuff. Most of them were once
prerequisites for <sys/sysctl.h>.

subr_prof.c:
Also replaced #include of <sys/user.h> by #include of <sys/resourcevar.h>.
1995-12-06 23:37:44 +00:00
bde
fafc2e709f Added explicit include of <sys/queue.h>. Currently, some things only
compile because <vm/vm.h> happens to be gratuitously included before
<netinet/in_pcb.h> and <vm/vm.h> happens to include <sys/queue.h>.
1995-12-05 21:26:34 +00:00
wollman
da652f957a Path MTU Discovery is now standard. 1995-12-05 17:46:50 +00:00
dg
8156a5707a all:
Removed ifnet.if_init and ifnet.if_reset as they are generally unused.
Change the parameter passed to if_watchdog to be a ifnet * rather than
a unit number. All of this is an attempt to move toward not needing an
array of softc pointers (which is usually static in size) to point to
the driver softc.

if_ed.c:
Changed some of the argument passing to some functions to make a little
more sense.

if_ep.c, if_vx.c:
Killed completely bogus use of if_timer. It was being set in such a way
that the interface was being reset once per second (blech!).
1995-12-05 02:01:59 +00:00
bde
66a99891e3 Completed function declarations and/or added prototypes. 1995-12-02 19:38:06 +00:00
phk
ea269de61c fix #includes & warnings. 1995-11-20 12:28:21 +00:00
bde
39bf0372f9 Fixed the type of a function pointer. 1995-11-18 13:25:41 +00:00
bde
fd57258459 Fixed recent staticizations. Some protypes for static functions were
left in headers and not staticized.
1995-11-16 09:51:22 +00:00
phk
db2c71245d New style sysctl & staticize alot of stuff. 1995-11-14 20:34:56 +00:00
phk
c1dbd5b377 Start adding new style sysctl here too. 1995-11-09 20:23:09 +00:00
olah
d4e1ca409e Cosmetic changes to processing of segments in the SYN_SENT state:
- remove a redundant condition;
- complete all validity checks on segment before calling
  soisconnected(so).

Reviewed by:	Richard Stevens, davidg, wollman
1995-11-03 22:31:54 +00:00
olah
eceba0e335 Setting the TF_ACKNOW flag was redundant in the REXMT timeout because
tcp_output() checks for the condition snd_nxt == snd_una.

Reviewed by:	davidg, wollman, olah
Suggested by:	Richard Stevens
1995-11-03 22:19:50 +00:00
olah
7c2efeb6de Fix a logical error in T/TCP: when we actively open a connection, we
have to decide whether to send a CC or CCnew option in our SYN segment
depending on the contents of our TAO cache.  This decision has to be
made once when the connection starts.  The earlier code delayed this
decision until the segment was assembled in tcp_output() and
retransmitted SYN segments could have different CC options.

Reviewed by:	Richard Stevens, davidg, wollman
1995-11-03 22:08:13 +00:00
wollman
c53e4d30ed Instrument the IP input queue with two new read-only MIB entries:
net.inet.ip.intr-queue-maxlen (=== ipintrq.ifq_maxlen)
and	net.inet.ip.intr-queue-drops (=== ipintrq.ifq_drops)

There should probably be a standard way of getting the same information
going the other way.
1995-11-01 17:18:27 +00:00
olah
9e5e91cf15 Start the 2MSL timer when the socket is closed and the TCP connection is
in the FIN_WAIT_2 state in order to prevent the conn. hanging there
forever.

Reviewed by:	davidg, olah
Submitted by:	Arne Henrik Juul <arnej@imf.unit.no>
Obtained from:	bugs@netbsd.org
1995-10-29 21:30:25 +00:00
phk
88d6fa4d4a Second batch of cleanup changes.
This time mostly making a lot of things static and some unused
variables here and there.
1995-10-29 15:33:36 +00:00
julian
90ae06d6ac Reviewed by: julian and jhay@mikom.csir.co.za
Submitted by:	Mike Mitchell, supervisor@alb.asctmd.com

This is a bulk mport of Mike's IPX/SPX protocol stacks and all the
related gunf that goes with it..
it is not guaranteed to work 100% correctly at this time
but as we had several people trying to work on it
I figured it would be better to get it checked in so
they could all get teh same thing to work on..

Mikes been using it for a year or so
but on 2.0

more changes and stuff will be merged in from other developers now that this is in.

Mike Mitchell, Network Engineer
AMTECH Systems Corporation, Technology and Manufacturing
8600 Jefferson Street, Albuquerque, New Mexico 87113 (505) 856-8000
supervisor@alb.asctmd.com
1995-10-26 20:31:59 +00:00
ugen
1074db22b1 Support all the tcpflag options in firewall.
Add reading options from file, now ipfw <filename> will
read commands string after string from file , form of strings
same as command line interface.
1995-10-23 03:58:06 +00:00
phk
0104ec6360 Remove the last trace of arptnew() 1995-10-22 19:07:58 +00:00
dg
6eb3fd6437 Fix panic caused by PRU_CONTROL not being dealt with properly. Bug pointed
out by David Maltz <dmaltz@orval.mach.cs.cmu.edu>, but this fix is by me.
1995-10-21 02:12:20 +00:00
wollman
e52c654ee2 The ability to administratively change the MTU of an interface presents
a few new wrinkles for MTU discovery which tcp_output() had better
be prepared to handle.  ip_output() is also modified to do something
helpful in this case, since it has already calculated the information
we need.
1995-10-16 18:21:26 +00:00
wollman
7c65eebe94 Routes can be asymmetric. Always offer to /accept/ an MSS of up to the
capacity of the link, even if the route's MTU indicates that we cannot
send that much in their direction.  (This might actually make it possible
to test Path MTU discovery in a useful variety of cases.)
1995-10-13 16:00:25 +00:00
wollman
4afe99dda1 The additional checks involving sequence numbers in MTU discovery resends
turned out not to be necessary; simply watching for MTU decreases (which
we already did) automagically eliminates all the cases we were trying to
protect against.
1995-10-12 17:37:25 +00:00
wollman
ba18d18f32 More MTU discovery: avoid over-retransmission if route changes in the
middle of a fully-open window.  Also, keep track of how many retransmits
we do as a result of MTU discovery.  This may actually do more work than
necessary, but it's an unusual condition...

Suggested by: Janey Hoe <janey@lcs.mit.edu>
1995-10-10 17:45:43 +00:00
wollman
07202edd8d Put newline at end of log()ed messages so syslog can't fill up your
/var quite as fast.
1995-10-06 19:30:43 +00:00
wollman
91aa19bcd7 Convert ARP to use queue.h macros rather than insque/remque. While
we're at it, eliminate obsolete exposure of `struct llinfo_arp' to
the world.  (This dates back to when ARP entries were not stored in
the routing table, and there was no other way for the `arp' program
to read the whole table than to grovel around in /dev/kmem.)
1995-10-05 20:08:43 +00:00
wollman
306caafb86 Make a whole bunch of PCB variables ints rather than shorts. There appear
to be no ill effects, and so far as Iknow none of the variables in
question depend on 16-bit wraparound behavior.  (The sizes are in
many cases relics from when a PCB had to fit inside a 128-byte mbuf.  PCBs
are no longer stored in that way, and the old structure would not have
fit, either.)
1995-10-04 20:49:03 +00:00
wollman
3fc43db861 Finish 4.4-Lite-2 merge: randomize TCP initial sequence numbers
to make ISS-guessing spoofing attacks harder.
1995-10-03 16:54:17 +00:00
ugen
5d0e3b6e78 Well..finally..this is the first part..it should take care of
matching IP options..Check and test this - i made only a couple
of rough tests and this could be buggy.. Ipaccounting can't use
IP Options (and i don't see any need to cound packets with specific
options either..)
More to come...
1995-10-01 21:52:50 +00:00
wollman
cd0bc69e2f Merge 4.4-Lite-2: update version number (we already have the same fixes).
Obtained from:	4.4BSD-Lite-2
1995-09-22 20:05:58 +00:00
wollman
1d9235770f Merge 4.4-Lite-2: always check the UDP checksum if it is present, even
if we are not generating checksums.  (Save a test in the input path.)
1995-09-22 19:56:26 +00:00
wollman
5290fd51da Correct spelling error in MTUDISC code. 1995-09-22 17:43:37 +00:00
peter
78e8883c28 Remove duplicate definition for tcps_persistdrop, as added by davidg some
time ago.  I left in Garrett's one, because his was in the 4.4-Lite-2
location, making any diffs just that little bit smaller.

I presume this choice means that netstat needs to be recompiled before
"netstat -s" will give a meaningful answer on tcp stats.
1995-09-22 07:40:18 +00:00
wollman
1dee1ca9d4 Merge with 4.4-Lite-2: fix bug that caused getsockopt of IP_HDRINCL
to fail.

Obtained from:	4.4BSD-Lite-2
1995-09-21 19:59:43 +00:00
wollman
c1b49715cb Merge 4.4-Lite-2 by updating the version number.
Obtained from:	4.4BSD-Lite-2
1995-09-21 18:04:43 +00:00
wollman
d8b16c6b3a Merge 4.4-Lite-2: update some declarations that we don't support anyway.
Obtained from:	4.4BSD-Lite-2
1995-09-21 17:58:07 +00:00
wollman
b4a12df8bb Merge 4.4-Lite-2: use M_NOWAIT in in_pcballoc(), and return EACCES rather
than EPERM on illegal attempt to bind a reserved port.

Obtained from:	4.4BSD-Lite-2
1995-09-21 17:55:49 +00:00
wollman
6bdd60bf36 Merge with 4.4-Lite-2. This is actually a 64-bit fix; the second parameter
to in_control() is sometimes a pointer, and sometimes an integer, so use
u_long rather than int.

Obtained from:	4.4BSD-Lite-2
1995-09-21 17:50:45 +00:00
wollman
0930d1478e Merge with 4.4-Lite-2. This involves changing the version number and
moving a declaration around.

Obtained from:	4.4BSD-Lite-2
1995-09-21 17:39:51 +00:00
wollman
c23cac3d65 Merge with 4.4-Lite-2. This just adds a couple of tcpstat entries which
we don't currently set, but might in the future.
1995-09-21 17:29:13 +00:00
wollman
e18c331b1e Add support in TCP for Path MTU discovery. This is highly experimental
and gated on `options MTUDISC' in the source.  It is also practically
untested becausse (sniff!) I don't have easy access to a network with
an MTU of less than an Ethernet.  If you have a small MTU network,
please try it and tell me if it works!
1995-09-20 21:00:59 +00:00
wollman
ea496cc61f Initial back-end support for IP MTU discovery, gated on MTUDISC. The support
for TCP has yet to be written.
1995-09-18 15:51:40 +00:00
wollman
65ee16fd5b Don't leak mbufs in an unusual error case in tcp_usrreq().
Reviewed by:	Andras Olah <olah@freebsd.org>
Obtained from:	Lite-2
1995-09-13 17:54:03 +00:00
wollman
9cd7fc1376 If tcp_output() is unable to allocate space for a copy of the data waiting
to be sent, just clean up and return ENOBUFS rather than silently
proceeding without sending any of the data.  This makes it consistent
with the `#ifdef notyet' case immediately above.

Reviewed by:	Andras Olah <olah@freebsd.org>
Obtained from:	Lite-2
1995-09-13 17:36:31 +00:00
wollman
895b868d39 Fix long-standing bug in ICMPPRINTFS code where NTOHL was used instead
of ntohl for printing IP addresses, by instead substituting inet_ntoa()
to produce human-readable output.

Obtained from:	4.4-Lite-2
1995-08-29 17:49:04 +00:00
wollman
e56598df10 Fix some problems with multicast forwarding:
Garrett,

  Here are some patches for the rate limiting code.  It should be faster,
and in particular it doesn't leak malloc'd memory any more when rate_limit'ing
a phyint.

  It now uses an mbuf chain at each vif, instead of the static queue array.
This means that the MAXQSIZE is now variable per vif (although there is no
interface to change it other than a debugger); this is an area for more
experimentation.

  Bill

Submitted by:	Bill Fenner <fenner@parc.xerox.com>
1995-08-23 18:20:17 +00:00
olah
a34f5ed305 Add a sanity check for the UDP length field in order to prevent
malformed UDP packets to panic the kernel.
Reviewed by:	davidg, wollman
Obtained from:	dab@berserkly.cray.com (David A. Borman) via end2end list
1995-08-17 22:09:14 +00:00
gpalmer
9b39baf16c Try to make the `syn' blocking code act a bit more sensibly - don't
block `syn' packets that have `ack' set.
Reviewed by:
Submitted by:
Obtained from:
1995-07-31 13:58:35 +00:00
olah
fd35d46e41 Remove a redundant `if' from tcp_reass().
Correct a typo in a comment (SEND_SYN -> NEEDSYN).

Reviewed by:	David Greenman
1995-07-31 10:24:22 +00:00
dg
03d42e175c Add connection drop capability for persist timeouts.
Reviewed by:	Andras Olah
Obtained from:	4.4BSD-lite2 via W. Richard Stevens
1995-07-29 18:48:44 +00:00
wollman
39a85a58ed Fix test for determining when RSVP is inactive in a router. (In this
case, multicast options are not passed to ip_mforward().)  The previous
version had a wrong test, thus causing RSVP mrouters to forward RSVP messages
in violation of the spec.
1995-07-26 18:05:16 +00:00
wollman
9fcb833ae6 Declare rsvp_input() to take the correct set of arguments and figure out
the receipt interface in the correct way.
1995-07-24 18:15:13 +00:00
wollman
f5dd123567 Completely turn off RSVP intercept when a socket being used for that purpose
is PRU_DETACHed.  This solves the problem that RSVP would not come up inm
raw mode if previously killed.
1995-07-24 16:33:51 +00:00
dg
3da1e3ecc4 Added $Id$. 1995-07-23 05:36:31 +00:00
peter
8424d675bc Change the compile-time option of DIRECTED_BROADCAST into a sysctl
variable underneath ip, "directed-broadcast".
Reviewed by:	David Greenman
Obtained from:	NetBSD, by Darren Reed.
1995-07-18 09:56:44 +00:00
wollman
0c919b414e Return EDESTADDRREQ rather than EADDRNOTAVAIL if the user attempts to
half-configure a point-to-point interface.

Submitted by:	Jonathan M. Bresler <jmb@kryten.atinc.com>
1995-07-17 15:15:15 +00:00
wollman
8be4be0de5 ICMP messages received from broken hosts which reply to multicast packets
were mistakenly delivered, rather than getting thrown out, which caused
substantial lossage.

Submitted by: Bill Fenner <fenner@parc.xerox.com>
1995-07-10 16:16:00 +00:00
wollman
ae6523c0e5 tcp_input.c - keep track of how many times a route contained a cached rtt
or ssthresh that we were able to use

tcp_var.h - declare tcpstat entries for above; declare tcp_{send,recv}space

in_rmx.c - fill in the MTU and pipe sizes with the defaults TCP would have
	used anyway in the absence of values here
1995-07-10 15:39:16 +00:00
dg
de86e24516 Fixed panic that occurs on certain firewall rejected packets that was
caused by dtom() being used on an mbuf cluster. The fix involves passing
around the mbuf pointer.

Submitted by:	Bill Fenner
1995-07-09 14:29:46 +00:00
dg
711bd7d109 Added some spaces for KNF. Moved some zero-initialized pointers into the
kernel's .bss.
1995-07-04 05:46:13 +00:00
dg
5d30bb533f This is the end result of about a dozen passes through this code to fix
incorrect indents, a variety of poor coding practices such as comparing
pointers to constants ('0'), poor code structuring, etc, etc. This brings
the code up to the minimum standards for inclusion in FreeBSD.
1995-07-04 05:39:03 +00:00
dg
f131661e5a Define TRUE and FALSE. 1995-07-04 05:29:30 +00:00
dg
c200b4b97b 1) Removed bogus #include
2) Rewrote "bad_packet" code to be less buggy and more readable.
3) Removed a pile of goto's; the code is now somewhat less reminiscent
   of a certain Italian pasta.
4) Changed all boolean returns of "0" and "1" to FALSE/TRUE.
1995-07-04 03:35:20 +00:00
joerg
d295fcd072 Slightly modify my previous change to return EINVAL instead of
EFAULT.

Submitted by:	Peter Wemm
1995-07-02 16:45:07 +00:00
joerg
579762e798 I saw a very low-key commit message on the netbsd mailing lists and
figured out what the problem was..  Anyway, I rate it as "highly
serious".

Submitted by:	peter@haywire.DIALix.COM (Peter Wemm)
1995-07-01 19:09:40 +00:00
wollman
35b757bd67 Keep track of the number of samples through the srtt filter so that we
know better when to cache values in the route, rather than relying on a
heuristic involving sequence numbers that broke when tcp_sendspace
was increased to 16k.
1995-06-29 18:11:24 +00:00
gpalmer
f3e714fb0e Add a missing `goto' statement so that this compiles yet again. 1995-06-28 13:22:36 +00:00
dg
2bc3a773d6 Added function prototypes for ip_rsvp_vif_init, ip_rsvp_vif_done, and
ip_rsvp_force_done.
1995-06-28 05:13:02 +00:00
wollman
132de1262b Delete obsolete #if 0 block. 1995-06-27 20:36:34 +00:00
guido
5d28c984cc reject option in ip_fw used to panic the system. This fixes it.
-Guido
Reviewed by:
Submitted by:
Obtained from:
1995-06-27 17:26:27 +00:00
wollman
e99bd397ee From Bill Fenner:
> Also, I don't remember if I sent you this; it affects PIM assert processing.

Submitted by:	Bill Fenner <fenner@parc.xerox.com>
1995-06-26 16:15:49 +00:00
wollman
f32cb3242a Corrected a bug that caused protocol-4 tunnels (used for multicast
forwarding between networks that aren't directly connected) not to work
by intercepting the wrong protocol number.  This should fix a bug reported
previously by someone I don't remember.
1995-06-26 16:11:51 +00:00
wollman
cd236828a0 Fix an error in the comparison direction of the ap->updating case of
in_rtqkill().

Submitted by: W. Richard Stevens
1995-06-21 19:48:53 +00:00
wollman
4133e8a26c Fix a resource allocation bug where multicast forwarding would leak mbufs
in certain cases when allocation of another mbuf has already failed.

Submitted by: Bill Fenner <fenner@parc.xerox.com>
1995-06-19 17:22:01 +00:00
wollman
a1aa4b6c80 Now that we've gone to all sorts of effort to allow TCP to cache some of
its connection parameters, we want to keep statistics on how often this
actually happens to see whether there is any work that needs to be done in
TCP itself.

Suggested by: John Wroclawski <jtw@lcs.mit.edu>
1995-06-19 16:45:33 +00:00
wollman
20ad4f8359 Kernel side of 3.5 multicast routing code, based on work by Bill Fenner
and other work done here.  The LKM support is probably broken, but it
still compiles and will be fixed later.
1995-06-13 17:51:16 +00:00
rgrimes
1b1ee55538 Merge RELENG_2_0_5 into HEAD 1995-06-11 19:33:05 +00:00
rgrimes
c86f0c7a71 Remove trailing whitespace. 1995-05-30 08:16:23 +00:00
dg
e28dccb6df These diffs modify the behaviour of multicast clients to conform with the
IGMPv2 spec.  This fixes the following bugs:

o ntohs() on a char provides silly results
o timer needs to be scaled to units of PR_FASTHZ; this was being done
  inconsistenly so now it gets done when it is initialized.

Reviewed by:	Garrett Wollman
Submitted by:	Bill Fenner <fenner@parc.xerox.com>
1995-05-16 01:28:29 +00:00
ache
2810d3d8da Fix getsockopt(IP_ACCT_*) to not panic kernel
Submitted by: Bill Fenner <fenner@parc.xerox.com>
1995-05-12 20:00:21 +00:00
rgrimes
0e1db07cf9 Fix -Wformat warnings from LINT kernel. 1995-05-11 19:26:53 +00:00
dg
fc19afab24 #ifdef'd my Nagel/ACK hack with "TCP_ACK_HACK", disabled by default. I'm
currently considering reducing the TCP fasttimo to 100ms to help improve
things, but this would be done as a seperate step at some point in the
future.
This was done because it was causing some sometimes serious performance
problems with T/TCP.
1995-05-11 01:41:06 +00:00
wollman
37660997fe Make networking domains drop-ins, through the magic of GNU ld. (Some day,
there may even be LKMs.)  Also, change the internal name of `unixdomain'
to `localdomain' since AF_LOCAL is now the preferred name of this family.
Declare netisr correctly and in the right place.
1995-05-11 00:13:26 +00:00
dg
522567dac1 Replaced some bcopy()'s with memcpy()'s so that gcc while inline/optimize. 1995-05-09 13:35:48 +00:00
olah
e994f8f005 Fix a misspelled constant in tcp_input.c.
On Tue, 09 May 1995 04:35:27 PDT, Richard Stevens wrote:
> In tcp_dooptions() under the case TCPOPT_CC there is an assignment
>
>       to->to_flag |= TCPOPT_CC;
>
> that should be
>
>       to->to_flag |= TOF_CC;
>
> I haven't thought through the ramifications of what's been happening ...
>
>       Rich Stevens

Submitted by:	rstevens@noao.edu (Richard Stevens)
1995-05-09 12:32:06 +00:00
ache
d9ea51f5f0 Add IPTOS_MINCOST according to RFC 1349
Change IPTOS_PREC_ROUTINE to 0 (was conflict with IPTOS_LOWDELAY) according
to RFC 791 (unchanged since it) and BSDI 2.0 style
Submitted by: Igor Sviridov <siac@ua.net>
1995-05-05 14:36:38 +00:00
dg
b8a73effc2 Changed in_pcblookuphash() to not automatically call in_pcblookup() if
the lookup fails. Updated callers to deal with this. Call in_pcblookuphash
instead of in_pcblookup() in in_pcbconnect; this improves performance of
UDP output by about 17% in the standard case.
1995-05-03 07:16:53 +00:00
pst
321a03d090 Cleanup loopback interface support.
Reviewed by:	wollman
1995-04-26 18:10:58 +00:00
wollman
27a554f1ab Disallow half-configured point-to-point interfaces. It's still possible to
get into a half-configured state by using the old-style ioctls;this
may be a feature.
1995-04-25 19:50:20 +00:00
olah
81afb19f85 Include <sys/queue.h> because <netinet/in_pcb.h> (also included
later in tcp_debug.c) requires it due to the pcb changes of DavidG.
1995-04-19 10:26:04 +00:00
dg
b915c765f3 Fixed bug I introduced when changing PCB list to use 4.4BSD style queue
macros. Basically, detect 'tp' going away differently.
1995-04-12 06:49:56 +00:00
dg
30e9776583 Further satisfy my paranoia by making sure that the ACKNOW is only
set when ti_len is non-zero.
1995-04-10 17:37:46 +00:00
dg
95eb1b8365 Fixed bug I introduced with my Nagel hack which caused tcp_input and
tcp_output to loop endlessly. This was freefall's problem during the past
day.
1995-04-10 17:16:10 +00:00
dg
01191f6af4 Added splnet protections for PCB list manipulations and traversals. 1995-04-10 08:52:45 +00:00
dg
eb729114f7 Backed out Jordan's #include of queue.h 1995-04-10 00:43:18 +00:00
jkh
409c5ad6ef #include <sys/queue.h> or die horribly. 1995-04-09 16:46:47 +00:00
dg
919fdebd0e Implemented PCB hashing. Includes new functions in_pcbinshash, in_pcbrehash,
and in_pcblookuphash.
1995-04-09 01:29:31 +00:00
olah
ccccd069f4 Fix a bug in tcp_input reported by Rick Jones <raj@hpisrdq.cup.hp.com>.
If a goto findpcb occurred during the processing of a segment, the TCP and
IP headers were dropped twice from the mbuf which resulted in data acked
by TCP but not delivered to the user.
Reviewed by:	davidg
1995-04-05 10:32:14 +00:00
bde
c73d54cc9e Remove redundant declarations. 1995-04-02 19:05:09 +00:00
wpaul
4628637ad1 Add declaration for struct ether_addr (this is where Sun documents
it to go).
1995-04-02 01:26:26 +00:00
dg
87d561b053 Backed out changes in rev 1.5 that prevent sending FIN if in CLOSING
state. This causes an infinite loop in some rare cases (probably caused
by some other, much more difficult to find bug).
1995-03-30 23:35:55 +00:00
dg
b8b34df69c Re-apply my "breakage" to the Nagel congestion avoidence. This version
differs slightly in the logic from the previous version; packets are now
acked immediately if the sender set PUSH.
1995-03-27 07:12:24 +00:00
wollman
04db7a9c80 in_var.h: in_multi structures now form a queue(3)-style LIST structure
in.c: when an interface address is deleted, keep its multicast membership
.     records (attached to a struct multi_kludge) for attachment to the
.     next address on the same interface.  Also, in_multi structures now
.     gain a reference to the ifaddr so that they won't point off into
.     freed memory if an interface goes away and doesn't come back before
.     the last socket reference drops.  This is analogous to how it is
.     done for routes, and seems to make the most sense.
1995-03-23 18:14:41 +00:00
wollman
2a30dae2a5 This should be splimp() rather than splnet() since ifaddrs might go away
as a result of link-layer processing.
1995-03-20 18:31:51 +00:00
wollman
fd40ec89df Fix race conditions involved in setting IP multicast options. This should
fix Dennis Fortin's problem for good, if I've got it figured out right.

(The problem was that a `struct ifaddr' could get deleted out from under
the current requester, thus leaving him with an invalid interface pointer
and causing even more bogus accesses.)
1995-03-20 18:11:31 +00:00
dg
9cd78521d8 Removed redundant newlines that were in some panic strings. 1995-03-19 14:29:26 +00:00
wollman
a428f47a5d Reject source routes unless configured on by administrator. 1995-03-16 18:22:28 +00:00
bde
289f11acb4 Add and move declarations to fix all of the warnings from `gcc -Wimplicit'
(except in netccitt, netiso and netns) and most of the warnings from
`gcc -Wnested-externs'.  Fix all the bugs found.  There were no serious
ones.
1995-03-16 18:17:34 +00:00
wollman
8882d76eda Add inet_ntoa() and replace ARP's private routine with same. 1995-03-16 17:32:27 +00:00
wollman
b6beceae27 This set of patches enables IP multicasting to work under FreeBSD. I am
submitting them as context diffs for the following files:

sys/netinet/ip_mroute.c
sys/netinet/ip_var.h
sys/netinet/raw_ip.c
usr.sbin/mrouted/igmp.c
usr.sbin/mrouted/prune.c

The routine rip_ip_input in raw_ip.c is suggested by Mark Tinguely
(tinguely@plains.nodak.edu). I have been running mrouted with these patches
for over a week and nothing has seemed seriously wrong. It is being run in
two places on our network as a tunnel on one and a subnet querier on the
other. The only problem I have run into is that mrouted on the tunnel must
start up last or the pruning isn't done correctly and multicast packets
flood your subnets.

Submitted by:	Soochon Radee <slr@mitre.org>
1995-03-16 16:25:55 +00:00
dg
903067464b pcb allocations are not always done on behalf of a process; it is not
okay to wait.
1995-03-14 21:50:55 +00:00
dg
68d73d5130 Added support for generic FDDI and the DEC DEFEA and DEFPA FDDI adapters.
Submitted by:	Matt Thomas
1995-03-14 09:16:07 +00:00
ugen
b132c690f3 Allocate memory as M_IPFW,now we can watch firewall memory usage
in vmstat..
1995-03-12 13:28:13 +00:00
nate
426c2d1173 Removed unnecessary define for TCPOUTFLAGS since they are not used. 1995-03-06 02:49:24 +00:00
dg
2fed68467b Move exact match pcb's to the head of the list to improve lookup
performance.
1995-03-02 19:29:42 +00:00
ugen
7ef3525e29 Allow "via" to be specified ever as IP adress or
as interface name/unit...
1995-02-24 14:33:54 +00:00
bde
a1c965a8b5 Fix benign type mismatch. 1995-02-22 07:23:26 +00:00
dg
2e01b70346 Added missing newlines to calls to log(). 1995-02-20 15:48:46 +00:00
wollman
cb466c876c Include missing <sys/kernel.h> for `hz'.
Submitted by:  David Greenman, Rod Grimes, Christoph Kukulies
1995-02-17 00:29:42 +00:00
wollman
fa9ba11c33 Don't need to retransmit FIN bit in CLOSING state.
Obtained from: Stevens, vol. 2, exercise 29.5 (solution p. 1090)
1995-02-16 01:53:31 +00:00
wollman
b834398cc6 spl back down in unusual out-of-memory condition in udp_output().
Obtained from: Stevens, vol. 2, exercise 23.4 (solution p. 1083)
1995-02-16 01:47:36 +00:00
wollman
a5efc62126 Correctly initialize so_linger in ticks (not seconds).
Obtained from: Stevens, vol. 2, p. 1010
1995-02-16 01:42:45 +00:00
wollman
fb4135032a Avoid deadlock situation described by Stevens using his suggested replacement
code.

Obtained from: Stevens, vol. 2, pp. 959-960
1995-02-16 01:39:19 +00:00
wollman
021dfc17d7 Don't add back in the IP header length to ip_len; icmp_error will do it
for us.

Obtained from: Stevens, vol. 2, p. 774
1995-02-16 01:25:06 +00:00
wollman
0f1c96e359 Transaction TCP support now standard. Hack away! 1995-02-16 00:55:44 +00:00
wollman
d9804d3f5c Add lots of useful MIB variables and a few not-so-useful ones for
completeness.
1995-02-16 00:27:47 +00:00
wollman
5ec42e3963 After dynamically reducing rtq_reallyold, have in_rtqkill() reduce the
expiration timer of anything which would expire later than that.  (There
should be a way to call this from ip_sysctl() as well, but there currently
isn't.)
1995-02-14 23:11:26 +00:00
wollman
e3defa4503 Attempt to make the host route cache a bit smarter under conditions of
high load:

	1) If there ever get to be more than net.inet.ip.rtmaxcache entries
	   in the cache, in_rtqtimo() will reduce net.inet.ip.rtexpire by
	   1/3 and do another round, unles net.inet.ip.rtexpire is less than
	   net.inet.ip.rtminexpire, and never more than once in ten minutes
	   (rtq_timeout).

	2) If net.inet.ip.rtexpire is set to zero, don't bother to cache
	   anything.
1995-02-14 23:04:52 +00:00
phk
832a9eda23 YFfix. 1995-02-14 06:28:25 +00:00
phk
448a078f6e YPfix 1995-02-14 06:25:17 +00:00
wollman
58747a5507 Get rid of some unneeded #ifdef TTCP lines. Also, get rid of some
bogus commons declared in header files.
1995-02-14 02:35:19 +00:00
wollman
72af2aa44a Merge Transaction TCP, courtesy of Andras Olah <olah@cs.utwente.nl> and
Bob Braden <braden@isi.edu>.

NB: This has not had David's TCP ACK hack re-integrated.  It is not clear
what the correct solution to this problem is, if any.  If a better solution
doesn't pop up in response to this message, I'll put David's code back in
(or he's welcome to do so himself).
1995-02-09 23:13:27 +00:00
dg
79e7847479 Fixed another TTCP ifdef problem...there isn't any tcp_sysctl field in
!TTCP.
1995-02-09 00:56:09 +00:00
dg
6ca0e1e381 Fix/#ifdef prototype for tcp_mss...apparantly overlooked by Garrett. 1995-02-09 00:49:20 +00:00
wollman
97873f1113 T/TCP changes to generic IP code. This is all ifdefed TTCP so should
have no effect on most users for now.  (Eventually, once this code is
fully tested, the ifdefs will go away.)
1995-02-08 20:22:09 +00:00
wollman
25cedbd345 Merge in T/TCP TCP header file changes. 1995-02-08 20:18:48 +00:00
gpalmer
8e0d212fc2 Remove a possible loophole - previously the code wouldn't pass packets destined
to the loopback address to the packet filter.

Reviewed by:	"Ugen J.S.Antsilevich" <ugen@netvision.net.il>
1995-02-07 20:30:42 +00:00
wollman
d963f7f61f Make sure to disable RSVP intercept when the socket is closed. 1995-02-07 02:53:14 +00:00
wollman
043393d8b8 Correct long-standing error in the RSVP hooks (would initialize but never
return success).
1995-01-26 18:59:02 +00:00
ugen
ba39702411 ip_fwdef.c was missing some assignments , and this
caused that bug by which firewall code was not working
if configured into kernel and worked only as lkm.
Now this must be fixed...Sorry guys..
1995-01-26 10:26:15 +00:00
dg
66f518c22e Kill previous commit as it isn't necessary. 1995-01-26 03:56:20 +00:00
dg
14991e48cf Extended the previous change to cover the non-options case, too. 1995-01-24 08:03:22 +00:00
dg
b9115b6cb8 Applied fix from Andreas Schulz with a different comment by me. Fixes a
bug where TCP connections are closed prematurely.

Submitted by:	Andreas Schulz
1995-01-23 17:58:27 +00:00
wollman
07d192a9fb Change caching strategy somewhat:
1) Don't clone routes to multicast destinations; there is nothing useful
   to be gained in this case.
2) Reduce default expiration timer to one hour.  Busy sites will still
   likely want to reduce this, but for ordinary users this is a reasonable
   value to use.
1995-01-23 02:02:50 +00:00
ugen
dd3cca2bda Actual firewall change.
1) Firewall is not subdivided on forwarding / blocking chains
   anymore.Actually only one chain left-it was the blocking one.
2) LKM support.ip_fwdef.c is function pointers definition and
goes into kernel along with all INET stuff.
1995-01-12 13:06:32 +00:00
dg
596e11c208 Fixed mbuf lossage when level != IPPROTO_IP. Problem reported by Robert
Dobbs, hint from Charles Hannum, fix by me.
1995-01-12 10:53:25 +00:00
wollman
cb6f19622f Make arp_rtrequest() static since nobody needs to referene it any more. 1994-12-22 22:00:30 +00:00
wollman
e6ec63204f Move ARP interface initialization into if_ether.c:arp_ifinit(). 1994-12-22 21:56:22 +00:00
wollman
408291338b Avoid a serious race by blocking netisrs while walking the route tree.
(IWBRNI we could just block IP netisrs...)
1994-12-21 17:25:52 +00:00
wollman
fc1509a009 Correct sysctl info so that net.inet.ip.rtexpire is actually accessible. 1994-12-21 17:23:59 +00:00
wollman
d7b829d989 Fix PR 59: don't allow TCP connections withmulticast addresses at either
end.
1994-12-15 20:39:34 +00:00
wollman
17700af9e7 Make rtq_reallyold user-configurable via sysctl. 1994-12-14 19:06:37 +00:00
wollman
64047b0829 Call rtalloc_ign() so that protocol cloning will not occur at the IP layer. 1994-12-13 23:08:12 +00:00
wollman
10cd28c622 Update calls to rtalloc1(). Also merge rt_prflags with rt_flags. 1994-12-13 22:32:45 +00:00
ugen
a10269c105 Add clear one accounting entry control.
Structure fields changed to seem more standart.
1994-12-13 15:57:34 +00:00
ugen
cc4646f030 Late patch for delete control.. 1994-12-12 18:10:41 +00:00
ugen
dd9e9b49e3 Add match by interface from which packet arrived (via)
Handle right fragmented packets. Remove checking option
from kernel..
1994-12-12 17:20:55 +00:00
wollman
139bfd799e Advanced route cache management is now an official part of IP support. 1994-12-11 21:36:10 +00:00
wollman
7677602dc2 Delete old, confusing comment. 1994-12-02 23:10:32 +00:00
wollman
f41e70adc3 Add a check to make sure that we don't fiddle with the NFS routing tables
as well (bleah!).  Also, increase the interval to the real-life value and
eliminate debugging printfs.  This will be standard once tested by others.
1994-12-02 03:32:24 +00:00
wollman
098465c845 Add latest version of ``advanced route metric management'' :-)
As before, this is currently conditionalized on options IN_RMX until
I'm sure it's working.
1994-12-01 23:19:48 +00:00
ugen
f625842f61 Added: ICMP reply,TCP SYN check,logging.. 1994-11-28 12:35:14 +00:00
jkh
e8b4c66232 Ugen J.S.Antsilevich's latest, happiest, IP firewall code.
Poul:  Please take this into BETA.  It's non-intrusive, and a rather
substantial improvement over what was there before.
1994-11-16 10:17:11 +00:00
jkh
f8f6e0f3d0 Ugen makes it in with 10 seconds to spare with a one-char diff. Some
people are born lucky..
Submitted by:	ugen
1994-11-08 14:25:17 +00:00
jkh
4975a57b63 Almost 12th hour (the 11th hour was almost an hour ago :-) patches
from Ugen.
1994-11-08 12:47:29 +00:00
jkh
319fc7e1e0 2 11th-hour fixes from Ugen (not Uben, sorry!) J.S.Antsilevich.
I think it's time for Ugen to get a freefall account, just so I can
direct mail at him directly and let him drop off patches for us here.  Ugen?
Done!
Submitted by:	ugen
1994-11-07 10:01:32 +00:00
wollman
b3774b68a5 Fix off-by-one error reported to NetBSD by Karl Fox in
<9411031449.AA11102@gefilte.MorningStar.Com>.
1994-11-03 21:04:21 +00:00
wollman
34890f9dd9 Completely replace JTW's idea with my (incompletely implemented) original
idea.  This is les likely to crash your machine.  As before, this code is only
enabled under `options IN_RMX'.
1994-11-03 01:05:34 +00:00