| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since revision 1.87 of ip_icmp.c icmp_mtudisc_clone() ignored reject
routes. Otherwise TCP would clone these routes for PMTU discovery.
They will not work, even after dynamic routing has found a better
route than the reject route.
With IPsec the use case is different. First you need a route, but
then the flow handles the packet without routing. Usually this
route should be a reject route to avoid sending unencrypted traffic
if the flow is missing. But IPsec needs this route for PMTU
discovery, so use it for that.
OK claudio@ tobhe@
|
| |
|
|
|
|
|
|
|
|
|
| |
The maximum is ICMP_MINLEN (8) + max IPv4 header size (60) + IPv6 header (40)
for the IPv6 over IPv4 transition case. By having up to this amount of data
consequtive in an mbuf makes the rest of the code simpler and no more extra
m_pullup calls are needed. Only length checks are now required.The maximum
size is also big enough for all other ICMP types that don't embed the IP
heaader. This ensures that all data has been m_pullup-ed before calling the
ctlinput function which can look that deep into the header.
OK bluhm@ markus@
|
| |
|
|
|
| |
allows to simplify code used for both IPv4 and IPv6.
OK mikeb@ deraadt@
|
| |
|
|
|
|
|
| |
to get rid of struct ip6protosw and some wrapper functions. It is
more consistent to have less different structures. The divert_input
functions cannot be called anyway, so remove them.
OK visa@ mpi@
|
| |
|
|
|
|
| |
make the variable parameters of the protocol input functions fixed.
Also add the proto to make it similar to IPv6.
OK mpi@ guenther@ millert@
|
| | |
|
| |
|
|
| |
ok deraadt@, naddy@
|
| |
|
|
|
|
| |
to pass the destination address of the route to clone.
ok markus@, mikeb@
|
| |
|
|
|
|
|
| |
allows other users (like MPLS) use this function instead of rolling a own
version. Implement icmp_do_exthdr() to attach an RFC 4884 extension header
to an ICMP error produced by icmp_do_error().
"best to get it in." deraadt@
|
| |
|
|
|
|
| |
like time exceeded messages. This will allow to add additional information
to those messges like the incomming MPLS label.
OK deraadt@, dhill@
|
| |
|
|
|
|
|
|
|
| |
alternate routing table and separate them from other interfaces in distinct
routing tables. The same network can now be used in any doamin at the same
time without causing conflicts.
This diff is mostly mechanical and adds the necessary rdomain checks accross
net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6.
input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@
|
| |
|
|
|
|
|
|
|
| |
than a pointer to struct ifnet containing it.
Saves a 448 byte stack allocation in ip_forward which previously faked up
a struct ifnet just for this purpose.
idea ok deraadt millert
|
| |
|
|
| |
rescinded 22 July 1999. Proofed by myself and Theo.
|
| | |
|
| | |
|
| |
|
|
| |
instead of it being sent to ip_output().
|
| | |
|
| |
|
|
|
|
|
|
| |
rediraccept allows one to ignore ICMP_REDIRECT
redirtimeout sets a timeout on the routing entries pretaining to
ICMP_REDIRECT, this timeout is defaulted to 10 minutes. (same as ipv6)
From NetBSD.
millert@ ok
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
tcpdump/print-icmp.c since they were in BSD first.
|
| |
|
|
|
|
|
|
|
|
| |
14 = Host Precedence Violation. Sent by the first hop router to a
host to indicate that a requested precedence is not permitted
for the particular combination of source/destination host or
15 = Precedence cutoff in effect. The network operators have imposed
a minimum level of precedence required for operation, the
datagram was sent with a precedence below this level;
|
| |
|
|
| |
as in RFC-1812 Section 5.2.7.1 Destination Unreachable
|
| | |
|
| | |
|
| |
|
bluhm
claudio
mmcc
mpi
pascoe
millert
dhartmei
itojun
jasoni
ericj
angelos
mickey
provos
deraadt
kstailey
tholo
niklas