| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
adapated from netbsd. okay angelos@
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Ok millert@
|
| |
|
|
| |
UDP PCB's if the socket is connected.
|
| |
|
|
| |
checksum errors as hardware checksum packets as well.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
output hardware checksumming. Not tested yet, but should be done
tonight.
Remain to be solved: interactions with bridge, TCP/UDP output
checksumming, interactions of TCP/UDP checksumming with routing
changes.
|
| |
|
|
| |
are not taken into consideration in anything just yet.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
PCB; store information from the TDB to the PCB, if it's not
initialized, so processed can eventually retrieve it.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
with IPv6 TCP PMTUD is mandatory, compute mss size accordingly.
sync with kame
|
| |
|
|
|
|
|
|
|
| |
security properties of the packets to be pushed up to the application
(not done yet). Eventually, this will be turned into a packet
attributes framework.
Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS)
does weird things with mbufs.
|
| |
|
|
| |
makes upgrades/code sharing much easier.
|
| | |
|
| |
|
|
|
|
|
| |
validate ICMPv6 too big messages (pmtud) based on pcb. we accept
certain amount of non-validated ones, as IPv6 mandates ICMPv6 (so even for
traffic from unconnected pcb, we need pmtud).
sync with kame
|
| |
|
|
| |
to less than N per 1 second.
|
| |
|
|
|
| |
we don't support IPv4 mapped address,
and there are inconsistent bit manipulation code so it's safer to nuke them.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
flag delayed to ip_output(). That halves the code and reduces most of
the route lookups. okay deraadt@
|
| |
|
|
| |
osuga@mml.yrp.nttdocomo.co.jp
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
unspecified address (::) to mean "unbounded" or "unconnected",
and can be confused by packets from outside.
use of :: as source is not documented well in IPv6 specification.
not sure if it presents a real threat. the worst case scenario is a DoS
against TCP listening socket:
- outsider transmit TCP SYN with :: as IPv6 source
- receiving side creates TCP control block with:
local address = my addres
remote address = :: (meaning "unconnected")
state = SYN_RCVD
note that SYN ACK will not be sent due to ip6_output() filter.
this stays until it timeouts.
- the TCP control block prevents listening TCP control block from
being contacted (DoS).
|
| |
|
|
| |
on diff from "Pete Kazmier" <pete@kazmier.com>
|
| |
|
|
|
| |
not sure if there is a real threat or not, but it seems that there's
possibility for overrun/underrun (like non-NOP option with optlen > cnt).
|
| |
|
|
| |
Remove netinet.h within ifdef INET6; this is already included.
|
| |
|
|
|
|
|
|
|
| |
- protect IPv6 ND from being hosed (due to neighbor unreachability detection
hint) by wrong tcp traffic. still not sure if there's real attack, but
it is good to be cautious.
- avoid bitfield for router renumbering header decl.
- implement packet-per-sec limitation for icmp6 errors, turn interval
limit off (it is not very useful due to unix timer resolution).
|
| |
|
|
| |
cleanup (indentation, v4-or-v6 conditions)
|
| |
|
|
|
|
|
|
|
| |
inconsistency in corner cases (from NRL I believe).
todd (fries) and I have seen panic, with the following call chain:
ip6_input -> tcp_input -> tcp_respond -> ip_input -> bang!
more cleanups should be done, to decrease complexity.
for example, INP_IPV6_MAPPED should be nuked.
|
| |
|
|
|
| |
as per TCP-imply IETF WG draft(s). The correct approach is to just use
the relevant interface's MTU.
|
| |
|
|
|
|
| |
touch tcp header before m_adj, than the other way around.
(no behavior change with the current m_adj code, new code is safer against
any future m_adj changes)
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(I mean, IPv4) do not try to use rmx_mtu on routing table.
this symptom was introduced by rmx_mtu initialization (necessary for IPv6
path MTU discovery) in net/route.c. now prior behavior is recovered.
From: Hugh Graham <hugh@openbsd.org>
there are several question about mssdflt semantics, though:
Question 1: with the current code, mssdflt does not override rmx_mtu value
(mssdflt overrides interface mtu only). should we override rmx_mtu by
mssdflt as well?
Question 2: with the current code, mssdflt overrides mss computed from
if mtu, only when the destination is IPv4 non-local. is it safe enough?
we may want to use mssdflt, whenever we are uncertain.
mss = if mtu - hdrsiz;
if (IPv4 non-local destination)
mss = min(mss, mssdflt);
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- tcp_sack_adjust() was completely rewritten, since it was erroneously
referencing receiver side sequence numbers and comparing with sender
side sequence numbers (thanks to Arun Desai (adesai@cisco.com) who
discovered the problem)
- in tcp_output(), moved assignment of sendalot=0 to the piece of code
immediately following the search for sack-eligible retransmissions
(bug identified by Arun Desai).
- tcp_input() was not clearing t_dupacks if fewer than three dupacks arrived
between acks of new data. (bug identified by Gaurav Banga (gaurav@netapp.com))
|
| |
|
|
| |
SACK is disabled for the connection or via sysctl
|
provos
espie
angelos
deraadt
aaron
itojun
chris
fgsch