summaryrefslogtreecommitdiffstats
path: root/sys/netinet/udp_usrreq.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* The function rip6_ctlinput() claims that sa6_src is constant tobluhm2013-05-311-6/+5
| | | | | | | | | | allow the assingment of &sa6_any. But rip6_ctlinput() could not guarantee that as it casted away the const attribute when it passes the pointer to in6_pcbnotify(). Replace sockaddr with const sockaddr_in6 in the in6_pcbnotify() parameters. This reduces the number of casts. Also adjust in6_pcbhashlookup() to handle the const attribute correctly. Input and OK claudio@
* Move an extern declaration into its corresponding header file.mpi2013-05-171-4/+1
|
* Remove various external variable declaration from sources files andmpi2013-04-101-4/+2
| | | | | | | move them to the corresponding header with an appropriate comment if necessary. ok guenther@
* Merge the duplicate IPv4 and IPv6 checksum checking code in udp_input()bluhm2013-04-041-35/+25
| | | | | into one block. OK mpi@
* Use macros sotoinpcb() and intotcpcb() instead of casts. Use NULLbluhm2013-04-021-5/+4
| | | | | instead of 0 for pointers. No binary change. OK mpi@
* The call to in_pcballoc() in user request attach was handled inbluhm2013-03-311-7/+6
| | | | | | | | three different ways. Use the same code in udp_usrreq() and rip_usrreq() and rip6_usrreq(). This also fixes a pcb and socket leak in udp_usrreq() in case soreserve() fails. Put an splsoftassert() into in_pcballoc() for safety. OK mpi@
* Do not transfer diverted packets into IPsec processing. They shouldbluhm2013-03-311-1/+4
| | | | | reach the socket that the user has specified in pf.conf. OK reyk@
* Declare struct pf_state_key in the mbuf and in_pcb header files tobluhm2013-03-291-4/+3
| | | | | avoid ugly casts. OK krw@ tedu@
* tedu faith(4), suggested by todd@ some weeks ago after a submission bympi2013-03-141-16/+1
| | | | | | dhill. ok krw@, mikeb@, tedu@ (implicit)
* Fix a bug in udp socket splicing in case a packet gets diverted andbluhm2013-02-161-6/+2
| | | | | | | | spliced and routed to loopback. The content of the pf header in the mbuf was keeping the divert information on its way. Reinitialize the whole packet header of the mbuf and remove the mbuf tags when the packet gets spliced. OK claudio@ markus@
* After finding the socket's inp by using the pf's statekey, resetbluhm2013-01-171-1/+10
| | | | | | | | | the pointer to the statekey in the mbuf. When an UDP socket is spliced, pf would use this key during ip_output() although the packet went through two sockets in the meantime. Reset the mbuf's statekey in tcp_input() and udp_input() to eliminate the pointer to pf lingering in the socket buffers. OK claudio@
* free the control message in udp_input() if the packet is passed to pipexmarkus2012-09-281-2/+5
| | | | ok yasuoka@
* add IPV6_RECVDSTPORT socket option, which enables us to get originalyasuoka2012-09-171-1/+11
| | | | | | | | (= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT. from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
* use IPsec flowinfo on pipex(4) to select the IPsec tunnel for sendingyasuoka2012-07-171-9/+14
| | | | | | L2TP packets. ok markus henning
* add IP_IPSECFLOWINFO option to sendmsg() and recvmsg(), so npppd(4)markus2012-07-161-4/+56
| | | | | | | can use this to select the IPsec tunnel for sending L2TP packets. this fixes Windows (always binding to 1701) and Android clients (negotiating wildcard flows); feedback mpf@ and yasuoka@; ok henning@ and yasuoka@; ok jmc@ for the manpage
* pipex hook in udp_usrreq() mistakenly assumed that `inp' is connected.yasuoka2012-04-041-1/+7
| | | | | | | | | It could not use the destination address properly, so it failed to find the pipex session. This bug caused LCP keepalive failures on some clients. found and tested by sebastia@ and mxb at alumni.chalmers.se. ok sthen
* remove IP_JUMBO, SO_JUMBO, and RTF_JUMBO.dlg2012-03-171-3/+2
| | | | no objection from mcbride@ krw@ markus@ deraadt@
* Include PIPEX in kernel by default. And add new sysctl variableyasuoka2011-07-081-2/+2
| | | | | | | | `net.pipex.enable' to enable PIPEX. By default, pipex is disabled and it will not process packets from wire. Update man pages and update HOWTO_PIPEX_NPPPD.txt for testers. discussed with dlg@, ok deraadt@ mcbride@ claudio@
* Revert the pf->socket linking diff.oga2011-05-131-15/+2
| | | | | | | | | | | | | | | | | | | | | | | | | at least krw@, pirofti@ and todd@ have been seeing panics (todd and krw with xxxterm not sure about pirofti) involving pool corruption while using this commit. krw and todd confirm that this backout fixes the problem. ok blambert@ krw@, todd@ henning@ and kettenis@ Double link between pf states and sockets. Henning has already implemented half of it. The additional part is: - The pf state lookup for outgoing packets is optimized by using mbuf->inp->state. - For incomming tcp, udp, raw, raw6 packets the socket lookup always is optimized by using mbuf->state->inp. - All protocols establish the link for incomming packets. - All protocols set the inp in the mbuf for outgoing packets. This allows the linkage beginning with the first packet for outgoing connections. - In case of divert states, delete the state when the socket closes. Otherwise new connections could match on old states instead of being diverted to the listen socket. ok henning@
* Collapse m_pullup and m_pullup2 into a single function, as they'reblambert2011-05-041-2/+2
| | | | | | | | essentially identical; the only difference being that m_pullup2 is capable of handling mbuf clusters, but called m_pullup for shorter lengths (!). testing dlg@ ok claudio@
* Make in_broadcast() rdomain aware. Mostly mechanical change.claudio2011-04-281-3/+4
| | | | | | This fixes the problem of binding sockets to broadcast IPs in other rdomains. OK henning@
* Double link between pf states and sockets. Henning has alreadybluhm2011-04-241-2/+15
| | | | | | | | | | | | | | | | implemented half of it. The additional part is: - The pf state lookup for outgoing packets is optimized by using mbuf->inp->state. - For incomming tcp, udp, raw, raw6 packets the socket lookup always is optimized by using mbuf->state->inp. - All protocols establish the link for incomming packets. - All protocols set the inp in the mbuf for outgoing packets. This allows the linkage beginning with the first packet for outgoing connections. - In case of divert states, delete the state when the socket closes. Otherwise new connections could match on old states instead of being diverted to the listen socket. ok henning@
* mechanic rename M_{TCP|UDP}V4_CSUM_OUT -> M_{TCP|UDP}_CSUM_OUThenning2011-04-051-2/+2
| | | | ok claudio krw
* Don't attempt to enqueue mbufs on sockets marked as SS_CANTRCVMORE, asblambert2011-04-031-1/+3
| | | | | | was done earlier for routing sockets. ok claudio@
* Add L2TP support to PIPEX.hsuenaga2010-09-241-1/+38
| | | | | | | | We can use IPv6 address as outer header of L2TP. Kernel ABI is changed. You must update npppd. OK @claudio, yasuoka@, dlg@
* Return EACCES when pf_test() blocks a packet in ip_output(). This allowsclaudio2010-09-081-1/+3
| | | | | | | | ip_forward() to know the difference between blocked packets and those that can't be forwarded (EHOSTUNREACH). Only in the latter case an ICMP should be sent. In the other callers of ip_output() change the error back to EHOSTUNREACH since userland may not expect EACCES on a sendto(). OK henning@, markus@
* Add support for using IPsec in multiple rdomains.reyk2010-07-091-2/+3
| | | | | | | | | | | | | | | | | This allows to run isakmpd/iked/ipsecctl in multiple rdomains independently (with "route exec"); the kernel will pickup the rdomain from the process context of the pfkey socket and load the flows and SAs into the matching rdomain encap routing table. The network stack also needs to pass the rdomain to the ipsec stack to lookup the correct rdomain that belongs to an interface/mbuf/... You can now run individual IPsec configs per rdomain or create IPsec VPNs between multiple rdomains on the same machine ;). Note that a primary enc(4) in addition to enc0 interface is required per rdomain, eg. enc1 rdomain 1. Test by some people, mostly on existing "rdomain 0" setups. Was in snaps for some days and people didn't complain. ok claudio@ naddy@
* Fix the naming of interfaces and variables for rdomains and rtablesguenther2010-07-031-3/+4
| | | | | | | | | | | | and make it possible to bind sockets (including listening sockets!) to rtables and not just rdomains. This changes the name of the system calls, socket option, and ioctl. After building with this you should remove the files /usr/share/man/cat2/[gs]etrdomain.0. Since this removes the existing [gs]etrdomain() system calls, the libc major is bumped. Written by claudio@, criticized^Wcritiqued by me
* remove proc.h include from uvm_map.h. This has far reaching effects, astedu2010-04-201-1/+2
| | | | | | sysctl.h was reliant on this particular include, and many drivers included sysctl.h unnecessarily. remove sysctl.h or add proc.h as needed. ok deraadt
* unbreak the build with a custom kernel config including "pseudo-devicesthen2010-03-111-1/+4
| | | | faith 1", noticed by Andris Kadar. ok kettenis@ beck@
* Extend the protosw pr_ctlinput function to include the rdomain. This isclaudio2009-11-131-5/+5
| | | | | | | | needed so that the route and inp lookups done in TCP and UDP know where to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain argument as well for similar reasons. With this tcp seems to be now fully rdomain save and no longer leaks single packets into the main domain. Looks good markus@, henning@
* rtables are stacked on rdomains (it is possible to have multiple routingclaudio2009-11-031-2/+2
| | | | | | | | | | | | | | tables on top of a rdomain) but until now our code was a crazy mix so that it was impossible to correctly use rtables in that case. Additionally pf(4) only knows about rtables and not about rdomains. This is especially bad when tracking (possibly conflicting) states in various domains. This diff fixes all or most of these issues. It adds a lookup function to get the rdomain id based on a rtable id. Makes pf understand rdomains and allows pf to move packets between rdomains (it is similar to NAT). Because pf states now track the rdomain id as well it is necessary to modify the pfsync wire format. So old and new systems will not sync up. A lot of help by dlg@, tested by sthen@, jsg@ and probably more OK dlg@, mpf@, deraadt@
* remove stray * from comment, probably a rewrapping artefactsthen2009-06-081-2/+2
|
* Initial support for routing domains. This allows to bind interfaces toclaudio2009-06-051-4/+12
| | | | | | | | | alternate routing table and separate them from other interfaces in distinct routing tables. The same network can now be used in any doamin at the same time without causing conflicts. This diff is mostly mechanical and adds the necessary rdomain checks accross net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6. input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@
* add the basic infrastructure to take advantage of TCP and UDP receivenaddy2009-06-031-4/+16
| | | | checksum offload over IPv6; ok deraadt@
* 0 -> NULLblambert2009-06-021-2/+2
| | | | ok claudio@
* disable the pcb linking for udp for the moment since there is some weirdhenning2008-10-131-2/+2
| | | | | bug with IPv6 in some circumstances. we'll find it one day... lots of debugging dhill
* do not set the pkthdr mbuf state key pointer to the state key saved in thehenning2008-09-031-2/+1
| | | | | | | | | | pcb. the state key ptr in the pcb is the one that had to be used by pf outbound. but by convention the state key pointer in the pkthdr is the one used INbound, so pf follows its reverse pointer to find the sk to use, and since a reverse doesn't exist for locally terminated connections the reverse pointer is null and thus the whole game a noop. note that this only affects packets FROM local udp/tcp sockets, for the other direction everything works as expected.
* link udp pcbs to pf states, same as done for tcp alreadyhenning2008-07-161-8/+27
| | | | ok markus, also tested david sthen
* Include "faith.h" in order to get NFAITH. Also clean up NFAITH conditionalsjsing2008-06-141-2/+4
| | | | | | whilst we're here. ok henning@ deraadt@
* ANSIfy function definitions.jsing2008-06-141-29/+10
| | | | ok markus@
* Remove {tcp/udp}6_usrreq(); Since the normal ones nowthib2008-05-241-15/+1
| | | | | | | take a proc argument, theres no need for these, since they are just wrappers. OK claudio@
* Deal with the situation when TCP nfs mounts timeout and processesthib2008-05-231-5/+6
| | | | | | | | | | | | | get hung in nfs_reconnect() because they do not have the proper privilages to bind to a socket, by adding a struct proc * argument to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind) and do the sobind() with proc0 in nfs_connect. OK markus@, blambert@. "go ahead" deraadt@. Fixes an issue reported by bernd@ (Tested by bernd@). Fixes PR5135 too.
* divert for ipv6; ok henning, pyrmarkus2008-05-151-2/+2
|
* IP_RECVDSTPORT, allows you to get the destination port of UDP datagramsmarkus2008-05-091-1/+9
| | | | for pf(4) diverted packets; based on patch by Scot Loach; ok beck@
* divert packets to local socket without modifying the ip header;markus2008-05-091-2/+2
| | | | makes transparent proxies much easier; ok beck@, feedback claudio@
* Make the SO_TIMESTAMP sockopt work. When set, this allows the user tockuethe2008-05-021-7/+15
| | | | | | | | | get a timestamp of when the datagram was accepted (by udp(4), for example) rather than having to take a timestamp with gettimeofday(2) when recv(2) returns - possibly several hundreds of microseconds later. May be of use to those interested in precision network timing schemes or QoS for media applications. Tested on alpha, amd64, i386 and sparc64. manpage suggestions from jmc, ok deraadt
* implement sysctls to report IP, TCP, UDP, and ICMP statistics andreyk2007-12-131-1/+8
| | | | | | | | change netstat to use them instead of accessing kvm for it. more protocols will be added later. discussed with deraadt@ claudio@ gilles@ ok deraadt@
* there was code inside #if NPF > 0, but pf.h was not included, so it didhenning2007-06-111-7/+2
| | | | | | not get build. the code looks at flags that used to be in mbuf tags, now they are in the mbuf header, so we can check them unconditionally. problem spotted by Daniel Roethlisberger <daniel@roe.ch>, ok ryan markus
* -staticdlg2007-05-271-5/+5
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.