summaryrefslogtreecommitdiffstats
path: root/sys/netinet/tcp_input.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Kill yet another argument to functions in IPv6. This time ip6_output'sclaudio2015-09-111-2/+2
| | | | | | | ifpp - XXX: just for statistics ifpp is always NULL in all callers so that statistic confirms ifpp is dying OK mpi@
* Only half of the IPv6 source address was used as input for the synbluhm2015-09-101-11/+11
| | | | | | | cache hash. That makes it trivial to create syn cache collisions. Take the full address, xor it with random data and put it into the hash function. OK markus@
* if_put added to the if_get calls. Reshuffle some code to make this easier.claudio2015-09-101-10/+22
| | | | OK dlg@
* The syn cache is completely implemented in tcp_input.c. So all itsbluhm2015-08-271-1/+8
| | | | | global variables should also live there. OK markus@
* Set the required IPL at the syn-cache pool instead of doing abluhm2015-08-241-10/+5
| | | | | | | splsoftnet() explicitly. The function syn_cache_lookup() is always called at IPL_SOFTNET so a splsoftassert() is better than a needless splsoftnet(). OK markus@ dlg@
* Rename the syn cache counter into tcp_syn_cache_count to have thebluhm2015-08-241-7/+9
| | | | | | | | same prefix for all variables. Convert the counter type to int, the limit is also int. Before searching the cache, check that it is not empty. Do not access the counter outside of the syn cache from tcp_ctlinput(), let the syn_cache_lookup() function handle it. OK dlg@
* Use foreach queue macros in tcp syn cache.bluhm2015-08-131-6/+3
| | | | OK markus@
* In tcp syn cache convert the struct sockaddr casts to satosin()bluhm2015-08-131-13/+12
| | | | | | inline functions. They have the advantage to check the old type before casting. OK dlg@
* Expand ancient NTOHL/NTOHS/HTONS/HTONL macros.mpi2015-07-161-10/+10
| | | | ok guenther@, henning@
* m_freem() can handle NULL, do not check for this condition beforehands.deraadt2015-07-151-9/+5
| | | | ok stsp mpi
* Make KASSERT in tcp_input() less strict, tcpcb may be NULL.bluhm2015-07-101-2/+2
| | | | OK deraadt@
* Remove unused arguments and the associated code from nd6_nud_hint().mpi2015-07-091-2/+2
| | | | ok claudio@
* Store a unique ID, an interface index, rather than a pointer to thempi2015-06-161-6/+7
| | | | | | | | | | | | | | | receiving interface in the packet header of every mbuf. The interface pointer should now be retrieved when necessary with if_get(). If a NULL pointer is returned by if_get(), the interface has probably been destroy/removed and the mbuf should be freed. Such mechanism will simplify garbage collection of mbufs and limit problems with dangling ifp pointers. Tested by jmatthew@ and krw@, discussed with many. ok mikeb@, bluhm@, dlg@
* Introduce unhandled_af() for cases where code conditionally doesjsg2015-06-071-3/+5
| | | | | | | | | | | something based on an address family and later assumes one of the paths was taken. This was initially just calls to panic until guenther suggested a function to reduce the amount of strings needed. This reduces the amount of noise with static analysers and acts as a sanity check. ok guenther@ bluhm@
* Replace a bunch of == 0 with == NULL in pointer tests. Nuke somekrw2015-06-071-21/+21
| | | | | | | annoying trailing, leading and embedded whitespace. No change to .o files. ok deraadt@
* test mbuf pointers against NULL not 0jsg2015-05-131-2/+2
| | | | ok krw@ miod@
* remove unfinished/unused support for socket-attached ipsec-policiesmarkus2015-04-161-29/+1
| | | | ok mikeb
* Remove support for storing credentials and auth information in the kernel.mikeb2015-04-141-22/+1
| | | | | | | | | This code is largely unfinished and is not used for anything. The change leaves identities as only objects referenced by ipsec_ref structure and their handling requires some changes to support more advanced matching of IPsec connections. No objections from reyk and hshoexer, with and OK markus.
* Count dropped SYN packets on the tcpstat. They are dropped due to theyasuoka2015-02-081-2/+4
| | | | | | listen queue (backlog) limit or the memory shortage in syn-cache. ok henning reyk claudio
* unifdef INET in net code as a precursor to removing the pretend option.tedu2014-12-191-13/+1
| | | | | long live the one true internet. ok henning mikeb
* Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.mpi2014-12-051-1/+2
| | | | ok mikeb@, krw@, bluhm@, tedu@
* In TCP and UDP layers do not (ab)use the receiving interface to checkmpi2014-11-201-6/+1
| | | | | | | | | | | for a multicast/broadcast destination address. These checks have already been done in the Ethernet and IP layers and the mbuf(9) should contain all the required information at this point. But since we cannot trust this spaghetti stack, be paranoid and make sure to set the flags in the IP input routines. Use explicit comments, requested by deraadt@. ok claudio@
* move arc4random prototype to systm.h. more appropriate for most codetedu2014-11-181-3/+1
| | | | to include that than rdnvar.h. ok deraadt dlg
* Remove "pl" suffix on pool names.mpi2014-11-041-2/+2
| | | | ok dlg@, uebayasi@, mikeb@
* Fix indentation of closing brace.bluhm2014-10-241-2/+2
| | | | From Florian Riehm
* Use rtfree() instead of RTFREE(), NULLify some free'd route pointers andmpi2014-10-141-3/+5
| | | | | | kill the macro. ok mikeb@, henning@
* Remove #ifdef SO_OOBINLINE, it is always defined.bluhm2014-10-081-6/+3
| | | | OK henning@
* Fewer <netinet/in_systm.h> !mpi2014-07-221-2/+1
|
* There is a use-after-free somewhere in the code that links the pfbluhm2014-07-111-2/+5
| | | | | | state to the socket pcb. Add an additional assert to narrow down the panics. OK henning@
* Kill in_localaddr(), one less usage of the global list of IPv4 addresses.mpi2014-04-251-11/+8
| | | | | | | | | | This function is used only once in our tree to optimize the size of the MSS if the forward address correspond to a host on one of our subnets, but only if ip.mutdisc is disable, which is not the default! While here get rid of the "#ifdef RTV_MTU", it is here. ok henning@, mikeb@, bluhm@
* ip_output() using varargs always struck me as bizarre, esp since it's onlyhenning2014-04-211-2/+2
| | | | | | ever used to pass on uint32 (for ipsec). stop that madness and just pass the uint32, 0 in all cases but the two that pass the ipsec flowinfo. ok deraadt reyk guenther
* we'll do fine without casting NULL to struct foo * / void *henning2014-04-211-4/+3
| | | | ok gcc & md5 (alas, no binary change)
* "struct pkthdr" holds a routing table ID, not a routing domain one.mpi2014-04-141-11/+11
| | | | | | | | | | | | | | Avoid the confusion by using an appropriate name for the variable. Note that since routing domain IDs are a subset of the set of routing table IDs, the following idiom is correct: rtableid = rdomain But to get the routing domain ID corresponding to a given routing table ID, you must call rtable_l2(9). claudio@ likes it, ok mikeb@
* clearing the _CSUM_IN_OK flags is now utterly pointless, was only done forhenning2014-01-241-4/+2
| | | | statistics sideeffects before. ok lteo naddy
* since the cksum rewrite the counters for hardware checksummed packetshenning2014-01-231-5/+4
| | | | | | | | | | are are lie, since the software engine emulates hardware offloading and that is later indistinguishable. so kill the hw cksummed counters. introduce software checksummed packet counters instead. tcp/udp handles ip & ipvshit, ip cksum covered, 6 has no ip layer cksum. as before we still have a miscounting bug for inbound with pf on, to be fixed in the next step. found by, prodding & ok naddy
* Propagate an rdomain number to the nd6_lookup independently frommikeb2014-01-071-2/+3
| | | | | the ifp pointer which can be NULL. This prevents a crash reported by David Hill <dhill at mindcry ! org>. OK bluhm
* Put a large chunk of the IPv6 rdomain support in-tree.phessler2013-10-201-3/+5
| | | | | | Still some important missing pieces, and this is not yet enabled. OK bluhm@
* In one core dump the pointers to socket, inpcb, tcpcb on the stackbluhm2013-09-061-1/+3
| | | | | | | | | | | | | of tcp_input() and tcp_output() were very inconsistent. Especially the so->so_pcb is NULL which can only happen after the inp has been detached. The whole issue looks similar to the old panic: pool_do_get(inpcbpl): free list modified. http://marc.info/?l=openbsd-bugs&m=132630237316970&w=2 To get more information, add some asserts that guarantee the consistency of the socket, inpcb, tcpcb linking. They should trigger when an inp is taken from the pcb hashes after it has been freed. OK henning@
* When net.inet.ip.sourceroute is enable, store the source routempi2013-08-131-3/+3
| | | | | | | | | | | | of incoming IPv4 packets with the SSRR or LSRR header option in a m_tag rather than in a single static entry. Use a new m_tag type, PACKET_TAG_SRCROUTE, for this and bump PACKET_TAG_MAXSIZE accordingly. Adapted from FreeBSD r135274 with inputs from bluhm@. ok bluhm@, mikeb@
* Move bridge_broadcast and subsequently all IPsec SPD lookup code outmikeb2013-07-311-7/+3
| | | | | | | | of the IPL_NET. pf_test should be no longer called under IPL_NET as well. The problem became evident after the related issue was brought up by David Hill <dhill at mindcry ! org>. With input from and OK mpi. Tested by David and me.
* The reverse parameter of in_pcblookup_listen() is a boolean and notbluhm2013-07-011-5/+5
| | | | | | a flag. Rename the variable inpl_flags in tcp_input() to inpl_reverse like in udp_input(). No binary change. OK mikeb@
* Always make sure that the temporary TCP protocol control blockmikeb2013-06-201-4/+3
| | | | | structure is zeroed out before use. From David Hill <dhill at mindcry ! org>; ok blambert claudio henning
* Increment udpstat.udps_nosec and tcpstat.tcps_rcvnosec in case packet isyasuoka2013-06-091-1/+2
| | | | | | dropped by IPsec security policy. input from and ok mikeb
* Link pf states and socket inpcbs together more tightly. The linkingbluhm2013-06-031-3/+16
| | | | | | | | | | | | | | was only done when a packet traveled up the stack from pf to tcp_input(). Now also link the state and inpcb when the packet is going down from tcp_output() to pf. As a consequence, divert-reply states where the initial SYN does not get an answer, can be handled more correctly. This change is part of a larger diff that has been backed out in 2011. Bring the feature back in small steps to see when bad things start to happen. OK henning deraadt
* Merge the duplicate IPv4 and IPv6 checksum checking code in tcp_input()bluhm2013-06-031-35/+30
| | | | | into one block. OK mpi@
* Remove various external variable declaration from sources files andmpi2013-04-101-3/+1
| | | | | | | move them to the corresponding header with an appropriate comment if necessary. ok guenther@
* Use macros sotoinpcb() and intotcpcb() instead of casts. Use NULLbluhm2013-04-021-7/+7
| | | | | instead of 0 for pointers. No binary change. OK mpi@
* Declare struct pf_state_key in the mbuf and in_pcb header files tobluhm2013-03-291-5/+4
| | | | | avoid ugly casts. OK krw@ tedu@
* code that calls timeout functions should include timeout.htedu2013-03-281-1/+2
| | | | | slipped by on i386, but the zaurus doesn't automagically pick it up. spotted by patrick
* tedu faith(4), suggested by todd@ some weeks ago after a submission bympi2013-03-141-16/+1
| | | | | | dhill. ok krw@, mikeb@, tedu@ (implicit)
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.