summaryrefslogtreecommitdiffstats
path: root/sys/netinet/udp_usrreq.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Use the new IPsec tags.angelos2001-05-271-2/+2
|
* Use packet tags instead of tdbi.angelos2001-05-201-8/+8
|
* Check m_pullup() and m_pullup2() return for NULL, not 0; itojun@ okaaron2001-05-111-2/+3
|
* Allow tdbi's to appear in mbufs throughout the stack; this allowsangelos2001-03-281-33/+2
| | | | | | | | | security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs.
* Move the test for bogus packet length in udp_output() closer to the top ofaaron2001-03-061-10/+10
| | | | | | the function. Previously it was possible for us to get stuck in splsoftnet() under certain situations. Bug reported by hunter@dg.net.ua, fix by me ok'd by deraadt@, provos@, angelos@.
* remove IPv6 case from udp_output. now we have separate udp6_output.itojun2001-02-161-185/+34
|
* pull in new pcb notification code from kame. better handling of scope address.itojun2001-02-161-47/+101
|
* nuke #ifdef TCP6 (no longer supported).itojun2000-12-111-34/+107
| | | | | | | validate ICMPv6 too big messages (pmtud) based on pcb. we accept certain amount of non-validated ones, as IPv6 mandates ICMPv6 (so even for traffic from unconnected pcb, we need pmtud). sync with kame
* validate mbuf chain length on *_ctlinput. remote node may be able toitojun2000-10-131-9/+11
| | | | transmit a truncated icmp6 packet and panic the system. sync with kame.
* nuke inp_flags bits for controlling IPv4 mapped address.itojun2000-10-111-21/+10
| | | | | we don't support IPv4 mapped address, and there are inconsistent bit manipulation code so it's safer to nuke them.
* Move the PI_MAGIC define outside the INET6 ifdef block (doh!)angelos2000-09-221-3/+3
|
* Lots and lots of changes.angelos2000-09-191-38/+52
|
* raw6/udp6 sockets are okay with :: in src.itojun2000-07-271-14/+1
|
* be proactive about unspecified IPv6 source address. pcb layer usesitojun2000-07-271-1/+14
| | | | | | | | | | | | | | | | | | | unspecified address (::) to mean "unbounded" or "unconnected", and can be confused by packets from outside. use of :: as source is not documented well in IPv6 specification. not sure if it presents a real threat. the worst case scenario is a DoS against TCP listening socket: - outsider transmit TCP SYN with :: as IPv6 source - receiving side creates TCP control block with: local address = my addres remote address = :: (meaning "unconnected") state = SYN_RCVD note that SYN ACK will not be sent due to ip6_output() filter. this stays until it timeouts. - the TCP control block prevents listening TCP control block from being contacted (DoS).
* sync with KAME udp6_output(). udp output logic is very different betweenitojun2000-06-181-1/+8
| | | | | | | IPv4/v6 so the separation should make more sense. TODO: remove IPv6 case from udp_output() TODO: remove/comment out/#if 0 IPv4 mapped address cases
* comment out flowinfo manipulation on inbound. the spec is not very clear.itojun2000-06-131-13/+9
|
* avoid mbuf leak on non-matching ifp/sockaddritojun2000-06-131-3/+5
|
* on UDPv6 sendto, correctly set oifp.itojun2000-06-131-2/+2
|
* allow link-local IPv6 addres in in6_pcbbind.itojun2000-06-131-42/+13
|
* Pass ip_off and ip_len in the correct byte order to icmp_error(); thisangelos2000-04-091-3/+1
| | | | should fix the crash problems with isic, reported last week.
* fix alignment problem in ancillary data (alpha).itojun2000-02-181-2/+2
| | | | | | only ipv6 tools (which touches ancillary data) are affected. From: =?iso-8859-1?Q?G=F6ran_Bengtson?= <goeran@cdg.chalmers.se>
* fix include file path related to ip6.itojun2000-02-071-3/+3
|
* Early check for destination port 0 (itojun@)angelos2000-01-071-1/+7
|
* keep paren match.itojun2000-01-041-3/+4
|
* remove support for v4 mapped address completely.itojun2000-01-041-47/+1
|
* be sure to cleanup "opts" pointer on multicast udp packet reception.itojun1999-12-311-1/+4
|
* be paranoid about malicious use of v4 mapped addr on v6 packet.itojun1999-12-211-1/+8
| | | | | | | | | malicious party may try to use v4 mapped addr as source/dest to confuse tcp/udp layer, or to bypass security checks, for example, naive stack can mistakingly think a packet with src = ::ffff:127.0.0.1 is from local node. (sync with kame)
* reject AF mismatch for inbonud multicast traffic.itojun1999-12-191-13/+8
|
* do not accept IPv4 traffic by AF_INET6 socket. IPv4 mapped address isitojun1999-12-171-1/+11
| | | | | bad for access controls. (quickhack fix, need sysctl/setsockopt knob to enable this functionality)
* fix IPv6 advanced API (RFC2292) for udp socket.itojun1999-12-121-70/+64
| | | | TODO: ditto for raw and tcp socket
* bring in KAME IPv6 code, dated 19991208.itojun1999-12-081-61/+265
| | | | | | | | | replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details. GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
* Add comment about gettdb() and spl level.ho1999-11-041-1/+3
|
* fix same-interface-out-as-in and packet gets corrupted bug noted byderaadt1999-09-231-3/+1
| | | | | | | james@oaktree.co.uk by re-working icmp embedded-packet code so that ip_forward() m_copy()-aliased packet can be forwarded to ip_output and icmp_error() safely, because no packet tweaking is needed before calling icmp_error()
* avoid a future problem inside an #ifdef notyetderaadt1999-06-061-1/+2
|
* add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoingprovos1999-03-271-1/+38
| | | | | | | | | SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company.
* Reworked udp_output() to minimize the number of if() statements needed to getcmetz1999-03-241-49/+46
| | | | | packets out. Also had the nice side effect of fewer blocks now move around by ifdefs, which makes it more readable.
* inet6 indentderaadt1999-02-171-161/+188
|
* report on no udp checksumderaadt1999-02-041-9/+10
|
* IN_MULTICAST takes network order addressesniklas1999-01-151-2/+2
|
* Use bzero instead of memset in the kernelniklas1999-01-111-6/+6
|
* netinet merge of NRL stuff. some indent and shrinkage needed; NRL/cmetzderaadt1999-01-111-29/+378
|
* in_pcblookup() now takes ptr to both ip address argumentsderaadt1999-01-071-3/+3
|
* mangle uh_sum as before, but recover it for icmp errorsderaadt1998-12-311-2/+5
|
* ensure the ip packet embedded inside an icmp packet has correct ip_len,deraadt1998-12-281-2/+5
| | | | | ip_off, ip_id. for udp, also correct uh_sum. ip_sum is still set to 0; (all this debugged using nmap)
* first step to the setsockopt/getsockopt interface as described inprovos1998-05-181-2/+11
| | | | | | | draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy.
* sysctl for def sizes for tcp/udp send/recv queuesmickey1998-01-241-3/+7
|
* for broadcast/multicast packets, correct m_pkthdr.len on the way up to the socket; drochner@zelz26.zel.kfa-juelich.dederaadt1997-09-071-3/+5
|
* The list of tcp/udp ports not to allocate dynamically is nowmillert1997-08-091-1/+7
| | | | | | a bitmask configurable via sysctl([38]). The default values have not changed. If one wants to change the list it should be done early on in /etc/rc.
* cmd is a u_longderaadt1997-07-241-2/+2
|
* udp icmp errors had ip_len 20 bytes too large; stevens p774; koji@math.human.nagoya-u.ac.jpderaadt1997-06-271-2/+1
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.