summaryrefslogtreecommitdiffstats
path: root/sys/netinet/ip_icmp.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Revert rtdeletemsg conversion. It was not ok'd, I misunderstood bluhm@'smpi2015-01-281-3/+19
| | | | email.
* Call rtdeletemsg(9) instead of rerolling its code. As a bonus you'llmpi2015-01-261-19/+3
| | | | | | get userland notification for free. ok blambert@, bluhm@
* Make sure rtrequest1(9) is called under splsoftnet().mpi2014-12-221-1/+10
|
* Do not use a "struct route" when a "struct rtentry" is enough.mpi2014-12-081-11/+8
| | | | ok millert@, bluhm@
* Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.mpi2014-12-051-1/+2
| | | | ok mikeb@, krw@, bluhm@, tedu@
* Rename rtalloc1() into rtalloc(9) and convert its flags to only enablempi2014-11-011-4/+4
| | | | | | functionnality instead of a mix of enable/disable. ok bluhm@, jca@
* Do not use the global list of IPv4 addresses in icmp_reflect()...mpi2014-09-301-31/+28
| | | | | | | | | | ...but the routing table! Note that this lookup is redundant with the one done in in_ouraddr() and we should be able to save this information instead of redoing a lookup if we need to send an error message. ok kspillner@, bluhm@, claudio@
* remove uneeded proc.h includesjsg2014-09-141-2/+1
| | | | ok mpi@ kspillner@
* Stop using old n_time, n_long and n_short types in netinet headers.mpi2014-07-131-4/+4
| | | | ok deraadt@, naddy@
* Remove some m->m_pkthdr.rcvif dereference to help for upcomingmpi2014-05-071-7/+9
| | | | | | receiving pointer -> index conversion. No functional change. ok chrisz@, jca@, mikeb@, lteo@
* ip_output() using varargs always struck me as bizarre, esp since it's onlyhenning2014-04-211-2/+2
| | | | | | ever used to pass on uint32 (for ipsec). stop that madness and just pass the uint32, 0 in all cases but the two that pass the ipsec flowinfo. ok deraadt reyk guenther
* we'll do fine without casting NULL to struct foo * / void *henning2014-04-211-2/+2
| | | | ok gcc & md5 (alas, no binary change)
* "struct pkthdr" holds a routing table ID, not a routing domain one.mpi2014-04-141-9/+9
| | | | | | | | | | | | | | Avoid the confusion by using an appropriate name for the variable. Note that since routing domain IDs are a subset of the set of routing table IDs, the following idiom is correct: rtableid = rdomain But to get the routing domain ID corresponding to a given routing table ID, you must call rtable_l2(9). claudio@ likes it, ok mikeb@
* rt_timer* spring cleanup.mpi2014-03-211-3/+2
| | | | | | | | | Rename and document rt_timer_count() into rt_timer_queue_count() to be consistent with the other functions. Remove unused argument from rt_timer_queue_destroy(), clean the definitions and finally use the same order in NAME and DESCRIPTION as requested by jmc@. ok henning@
* revert rev. 1.115benno2014-03-201-1/+20
| | | | | | | | | | In case imcp_reflect() is called without a given source address do not try to find a matching address by iterating over a global list and always use the routing table. This breaks icmp echo replies (and maybe more) on machines with >1 ip "reverting is safer and make it clear that this function needs more love" ok florian@, mpi@ for the revert
* fix buffer overflows in icmp redirect handling introduced in rev 1.106jsg2014-03-131-4/+7
| | | | ok mpi@ millert@
* In case imcp_reflect() is called without a given source addressmpi2014-03-111-20/+1
| | | | | | | do not try to find a matching address by iterating over a global list and always use the routing table. Idea from claudio@, moral support from henning@, ok mikeb@
* Start counting droped icmp errors because the rate limit is exceeded.claudio2014-01-191-3/+5
| | | | OK benno@ deraadt@
* bzero/bcmp -> memset/memcmp. ok matthewtedu2014-01-091-12/+12
|
* bcopy -> memcpy. reviewed with one fix from matthewtedu2013-12-311-7/+6
|
* instead of calculating the icmp checksum here, just set the flag thathenning2013-11-261-4/+3
| | | | | | it is needed and the lower parts of the stack will take care of it. fixes a cksum bug in a rather constructed case and is just the right thing to do now. ok mpi naddy
* Instead of stripping the IP options manually in icmp_reflect(),bluhm2013-11-171-13/+2
| | | | | | just call ip_stripoptions(). Remove an unneeded parameter and adjust the ip length in ip_stripoptions(). from FreeBSD; OK deraadt@ henninh@ lteo@
* Replace most of our formating functions to convert IPv4/6 addresses frommpi2013-11-111-14/+17
| | | | | | | | network to presentation format to inet_ntop(). The few remaining functions will be soon converted. ok mikeb@, deraadt@ and moral support from henning@
* There are gasps of shock! Add a pmtu delay sysctl BUTTON for netinet6,deraadt2013-10-211-7/+4
| | | | | making the code the same as netinet4 along the way. ok bluhm phessler
* Put a large chunk of the IPv6 rdomain support in-tree.phessler2013-10-201-1/+3
| | | | | | Still some important missing pieces, and this is not yet enabled. OK bluhm@
* Stop using static variables in ICMP. While this is perfectly ok formpi2013-08-211-31/+41
| | | | | | | | | | | the moment because there might be at most one caller at a time, it wont be so as soon as this part of the network stack is run in parallel. While here also reduce the difference with the icmp6 code adding a redirect route. ok mikeb@
* When net.inet.ip.sourceroute is enable, store the source routempi2013-08-131-2/+2
| | | | | | | | | | | | of incoming IPv4 packets with the SSRR or LSRR header option in a m_tag rather than in a single static entry. Use a new m_tag type, PACKET_TAG_SRCROUTE, for this and bump PACKET_TAG_MAXSIZE accordingly. Adapted from FreeBSD r135274 with inputs from bluhm@. ok bluhm@, mikeb@
* Constify the table of common MTUs and use nitems(), no functional change.mpi2013-08-081-10/+8
|
* Change MTU discovery functions to not abuse the global icmpsrc variablempi2013-08-081-7/+14
| | | | | | to pass the destination address of the route to clone. ok markus@, mikeb@
* In icmp_do_exthdr(), calculate the ICMP extension header checksums withlteo2013-06-171-8/+3
| | | | | | | | | | | in4_cksum() instead of in_cksum(). This gets rid of the clunky m_data/m_len dance, which was described as "disgusting" in the original comments. :) Tested on a small MPLS test network (since icmp_do_exthdr() is currently only used by MPLS code, specifically mpls_do_error()). ok bluhm henning mikeb
* If an ICMP packet gets diverted to a raw IP socket, if must not bebluhm2013-06-051-1/+24
| | | | | | | consumed by icmp_input(). As an exception, control packets that belong to a connection to a local socket must go to pr_ctlinput(). Add a switch over the ICMP type to handle that. OK markus@ henning@
* Calculate ICMP checksums with in4_cksum() which lets us get rid of thelteo2013-06-051-13/+5
| | | | | | | | | | | | | clunky m_data/m_len dance needed by in_cksum(). Tested on amd64, hppa, i386, loongson, macppc, sgi, and sparc64. Thanks to blambert@, bluhm@, and henning@ for help and feedback; abieber@ for testing this diff independently on macppc; krw@ for access to his hppa, sgi, and sparc64 test systems at t2k13; nick@ for helping me figure out Ken's hppa so that I can test this diff. :) ok blambert bluhm henning mikeb
* Document which gobal variables are used for sysctl(8), add static tompi2013-05-031-6/+10
| | | | | | | gobals used only in this file and explain that the printf/debug variable must be settable by ddb. ok henning@, sthen@
* Instead of having various extern declarations for protocol variables,mpi2013-04-241-6/+1
| | | | declare them once in their corresponding header file.
* Remove various external variable declaration from sources files andmpi2013-04-101-4/+4
| | | | | | | move them to the corresponding header with an appropriate comment if necessary. ok guenther@
* sysctl calls shouldn't clobber route timers without spl protectionblambert2012-09-181-15/+23
| | | | | | | the spl call in the icmp case may be too aggressive, but better safe than sorry ok claudio@
* unneccessary casts to unsigned; ok claudioderaadt2012-04-131-2/+2
|
* allow /31s on broadcast interfaces (eg ethernet) to work as per rfc3021.dlg2011-07-061-3/+8
| | | | | | | | | | | | | | | | | the issue in our kernel was the broadcast address calculated on the /31 caused a ton of checks for use of broadcast addresses to kick in and prevent one of the two addresses on the /31 from being used. this diff basically detects if a /31 has been configured and doesnt configure a broadcast address for it, which makes the ips usable for normal traffic. i wrote this so i could interoperate with "carrier" network gear better, and sthen wants it so he can conserve address space use. the further special casing of broadcast address handling was from claudio@ ok claudio@ markus@ sthen@ henning@
* Do not accept ICMP redirects when acting as router (ipforwarding = 1).claudio2011-04-041-2/+3
| | | | | Same logic is already implemented in netinet6 OK henning@ deraadt@
* Change icmp_reflect() so that it does not call icmp_send directly. Thisclaudio2010-09-131-28/+95
| | | | | | | allows other users (like MPLS) use this function instead of rolling a own version. Implement icmp_do_exthdr() to attach an RFC 4884 extension header to an ICMP error produced by icmp_do_error(). "best to get it in." deraadt@
* Add the rtableid to struct rttimer and therefor make it available toclaudio2010-07-091-9/+10
| | | | | | | the callback functions. This fixes a problem where dynamic routes in different tables would not get deleted because the callback was doing the remove on the wrong table. OK henning@
* Fix the naming of interfaces and variables for rdomains and rtablesguenther2010-07-031-1/+2
| | | | | | | | | | | | and make it possible to bind sockets (including listening sockets!) to rtables and not just rdomains. This changes the name of the system calls, socket option, and ioctl. After building with this you should remove the files /usr/share/man/cat2/[gs]etrdomain.0. Since this removes the existing [gs]etrdomain() system calls, the libc major is bumped. Written by claudio@, criticized^Wcritiqued by me
* Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1claudio2010-05-071-3/+3
| | | | | | | | accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
* remove proc.h include from uvm_map.h. This has far reaching effects, astedu2010-04-201-1/+2
| | | | | | sysctl.h was reliant on this particular include, and many drivers included sysctl.h unnecessarily. remove sysctl.h or add proc.h as needed. ok deraadt
* Before cloning a route to change the MTU check that the route we clone fromclaudio2010-02-091-1/+6
| | | | | | | | is valid and usable (reject and blackholes are not conidered usable). TCP has this nasty behaviour to clone routes to disable PMTU and this combined with dynamic routing resulted in dead sessions when there was a default reject route installed. OK henning@, sthen@
* Extend the protosw pr_ctlinput function to include the rdomain. This isclaudio2009-11-131-5/+6
| | | | | | | | needed so that the route and inp lookups done in TCP and UDP know where to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain argument as well for similar reasons. With this tcp seems to be now fully rdomain save and no longer leaks single packets into the main domain. Looks good markus@, henning@
* rtables are stacked on rdomains (it is possible to have multiple routingclaudio2009-11-031-4/+3
| | | | | | | | | | | | | | tables on top of a rdomain) but until now our code was a crazy mix so that it was impossible to correctly use rtables in that case. Additionally pf(4) only knows about rtables and not about rdomains. This is especially bad when tracking (possibly conflicting) states in various domains. This diff fixes all or most of these issues. It adds a lookup function to get the rdomain id based on a rtable id. Makes pf understand rdomains and allows pf to move packets between rdomains (it is similar to NAT). Because pf states now track the rdomain id as well it is necessary to modify the pfsync wire format. So old and new systems will not sync up. A lot of help by dlg@, tested by sthen@, jsg@ and probably more OK dlg@, mpf@, deraadt@
* By default, don't accept IPv4 ICMP redirects. This behaviour can besthen2009-06-091-2/+2
| | | | | | | | | changed with a sysctl, so note it in sysctl.conf. v6 needs further testing following discussions on the tech mailing list; rainer@ points out possible interactions with neighbour discovery which need to be investigated first. "go ahead on the v4 part" deraadt@
* Initial support for routing domains. This allows to bind interfaces toclaudio2009-06-051-9/+16
| | | | | | | | | alternate routing table and separate them from other interfaces in distinct routing tables. The same network can now be used in any doamin at the same time without causing conflicts. This diff is mostly mechanical and adds the necessary rdomain checks accross net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6. input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@
* icmp_reflect reuses mbufs. call pf_pkt_addr_changed to clear the statehenning2008-09-101-1/+10
| | | | key stuff.
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.