#
259065 |
|
07-Dec-2013 |
gjb |
- Copy stable/10 (r259064) to releng/10.0 as part of the 10.0-RELEASE cycle. - Update __FreeBSD_version [1] - Set branch name to -RC1
[1] 10.0-CURRENT __FreeBSD_version value ended at '55', so start releng/10.0 at '100' so the branch is started with a value ending in zero.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
254925 |
|
26-Aug-2013 |
jhb |
Remove most of the remaining sysctl name list macros. They were only ever intended for use in sysctl(8) and it has not used them for many years.
Reviewed by: bde Tested by: exp-run by bdrewery
|
#
250000 |
|
27-Apr-2013 |
cperciva |
Move IPPROTO_IPV6 from #ifdef __BSD_VISIBLE to #if __POSIX_VISIBLE >= 201112 since POSIX 2001 states that it shall be defined.
Reported by: sbruno Reviewed by: jilles MFC after: 1 week
|
#
241913 |
|
22-Oct-2012 |
glebius |
Switch the entire IPv4 stack to keep the IP packet header in network byte order. Any host byte order processing is done in local variables and host byte order values are never[1] written to a packet.
After this change a packet processed by the stack isn't modified at all[2] except for TTL.
After this change a network stack hacker doesn't need to scratch his head trying to figure out what is the byte order at the given place in the stack.
[1] One exception still remains. The raw sockets convert host byte order before pass a packet to an application. Probably this would remain for ages for compatibility.
[2] The ip_input() still subtructs header len from ip->ip_len, but this is planned to be fixed soon.
Reviewed by: luigi, Maxim Dounin <mdounin mdounin.ru> Tested by: ray, Olivier Cochard-Labbe <olivier cochard.me>
|
#
236959 |
|
12-Jun-2012 |
tuexen |
Add a IP_RECVTOS socket option to receive for received UDP/IPv4 packets a cmsg of type IP_RECVTOS which contains the TOS byte. Much like IP_RECVTTL does for TTL. This allows to implement a protocol on top of UDP and implementing ECN.
MFC after: 3 days
|
#
236157 |
|
27-May-2012 |
emaste |
Add IPPROTO_MPLS (rfc4023) IP protocol definition
There are currently no in-tree consumers; I'm adding it now for use by vendor code. This matches the change OpenBSD made while implementing MPLS in gif(4).
|
#
226402 |
|
15-Oct-2011 |
glebius |
Add support for IPv4 /31 prefixes, as described in RFC3021.
To run a /31 network, participating hosts MUST drop support for directed broadcasts, and treat the first and last addresses on subnet as unicast. The broadcast address for the prefix should be the link local broadcast address, INADDR_BROADCAST.
|
#
213103 |
|
24-Sep-2010 |
attilio |
Make the RPC specific __rpc_inet_ntop() and __rpc_inet_pton() general in the kernel (just as inet_ntoa() and inet_aton()) are and sync their prototype accordingly with already mentioned functions.
Sponsored by: Sandvine Incorporated Reviewed by: emaste, rstone Approved by: dfr MFC after: 2 weeks
|
#
211501 |
|
19-Aug-2010 |
anchie |
MFp4: anchie_soc2009 branch:
Add kernel side support for Secure Neighbor Discovery (SeND), RFC 3971.
The implementation consists of a kernel module that gets packets from the nd6 code, sends them to user space on a dedicated socket and reinjects them back for further processing.
Hooks are used from nd6 code paths to divert relevant packets to the send implementation for processing in user space. The hooks are only triggered if the send module is loaded. In case no user space application is connected to the send socket, processing continues normaly as if the module would not be loaded. Unloading the module is not possible at this time due to missing nd6 locking.
The native SeND socket is similar to a raw IPv6 socket but with its own, internal pseudo-protocol.
Approved by: bz (mentor)
|
#
206022 |
|
31-Mar-2010 |
delphij |
Add definition of IPv6 mobility header's protocol number, as assigned by IANA and defined in RFC 3775.
Obtained from: KAME
|
#
201122 |
|
28-Dec-2009 |
luigi |
bring in several cleanups tested in ipfw3-head branch, namely:
r201011 - move most of ng_ipfw.h into ip_fw_private.h, as this code is ipfw-specific. This removes a dependency on ng_ipfw.h from some files.
- move many equivalent definitions of direction (IN, OUT) for reinjected packets into ip_fw_private.h
- document the structure of the packet tags used for dummynet and netgraph;
r201049 - merge some common code to attach/detach hooks into a single function.
r201055 - remove some duplicated code in ip_fw_pfil. The input and output processing uses almost exactly the same code so there is no need to use two separate hooks. ip_fw_pfil.o goes from 2096 to 1382 bytes of .text
r201057 (see the svn log for full details) - macros to make the conversion of ip_len and ip_off between host and network format more explicit
r201113 (the remaining parts) - readability fixes -- put braces around some large for() blocks, localize variables so the compiler does not think they are uninitialized, do not insist on precise allocation size if we have more than we need.
r201119 - when doing a lookup, keys must be in big endian format because this is what the radix code expects (this fixes a bug in the recently-introduced 'lookup' option)
No ABI changes in this commit.
MFC after: 1 week
|
#
200023 |
|
02-Dec-2009 |
luigi |
Add new sockopt names for ipfw and dummynet.
This commit is just grabbing entries for the new names that will be used in the future, so you don't need to rebuild anything now.
MFC after: 3 days
|
#
199208 |
|
11-Nov-2009 |
attilio |
Move inet_aton() (specular to inet_ntoa(), already present in libkern) into libkern in order to made it usable by other modules than alias_proxy.
Obtained from: Sandvine Incorporated Sponsored by: Sandvine Incorporated MFC: 1 week
|
#
196967 |
|
08-Sep-2009 |
phk |
Move the duplicate definition of struct sockaddr_storage to its own include file, and include this where the previous duplicate definitions were.
Static program checkers like FlexeLint rightfully take a dim view of duplicate definitions, even if they currently are identical.
|
#
193217 |
|
01-Jun-2009 |
pjd |
- Rename IP_NONLOCALOK IP socket option to IP_BINDANY, to be more consistent with OpenBSD (and BSD/OS originally). We can't easly do it SOL_SOCKET option as there is no more space for more SOL_SOCKET options, but this option also fits better as an IP socket option, it seems. - Implement this functionality also for IPv6 and RAW IP sockets. - Always compile it in (don't use additional kernel options). - Remove sysctl to turn this functionality on and off. - Introduce new privilege - PRIV_NETINET_BINDANY, which allows to use this functionality (currently only unjail root can use it).
Discussed with: julian, adrian, jhb, rwatson, kmacy
|
#
189829 |
|
14-Mar-2009 |
das |
Namespace: Defining htonl() and friends here instead of arpa/inet.h is a BSD extension.
|
#
189592 |
|
09-Mar-2009 |
bms |
Merge IGMPv3 and Source-Specific Multicast (SSM) to the FreeBSD IPv4 stack.
Diffs are minimized against p4. PCS has been used for some protocol verification, more widespread testing of recorded sources in Group-and-Source queries is needed. sizeof(struct igmpstat) has changed.
__FreeBSD_version is bumped to 800070.
|
#
189346 |
|
04-Mar-2009 |
bms |
Add various defines/macros required by IGMPv3: * MCAST_UNDEFINED state. * in_allhosts() macro (group is 224.0.0.1). This uses a const endian comparison. * IP_MAX_GROUP_SRC_FILTER, IP_MAX_SOCK_SRC_FILTER default resource limits.
|
#
186960 |
|
09-Jan-2009 |
adrian |
Better comment what the socket option does. Thanks to Sam Leffler for suggesting this.
|
#
186955 |
|
09-Jan-2009 |
adrian |
Implement a new IP option (not compiled/enabled by default) to allow applications to specify a non-local IP address when bind()'ing a socket to a local endpoint.
This allows applications to spoof the client IP address of connections if (obviously!) they somehow are able to receive the traffic normally destined to said clients.
This patch doesn't include any changes to ipfw or the bridging code to redirect the client traffic through the PCB checks so TCP gets a shot at it. The normal behaviour is that packets with a non-local destination IP address are not handled locally. This can be dealth with some IPFW hackery; modifications to IPFW to make this less hacky will occur in subsequent commmits.
Thanks to Julian Elischer and others at Ironport. This work was approved and donated before Cisco acquired them.
Obtained from: Julian Elischer and others MFC after: 2 weeks
|
#
185571 |
|
02-Dec-2008 |
bz |
Rather than using hidden includes (with cicular dependencies), directly include only the header files needed. This reduces the unneeded spamming of various headers into lots of files.
For now, this leaves us with very few modules including vnet.h and thus needing to depend on opt_route.h.
Reviewed by: brooks, gnn, des, zec, imp Sponsored by: The FreeBSD Foundation
|
#
183550 |
|
02-Oct-2008 |
zec |
Step 1.5 of importing the network stack virtualization infrastructure from the vimage project, as per plan established at devsummit 08/08: http://wiki.freebsd.org/Image/Notes200808DevSummit
Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator macros, and CURVNET_SET() context setting macros, all currently resolving to NOPs.
Prepare for virtualization of selected SYSCTL objects by introducing a family of SYSCTL_V_*() macros, currently resolving to their global counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT().
Move selected #defines from sys/sys/vimage.h to newly introduced header files specific to virtualized subsystems (sys/net/vnet.h, sys/netinet/vinet.h etc.).
All the changes are verified to have zero functional impact at this point in time by doing MD5 comparision between pre- and post-change object files(*).
(*) netipsec/keysock.c did not validate depending on compile time options.
Implemented by: julian, bz, brooks, zec Reviewed by: julian, bz, brooks, kris, rwatson, ... Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation
|
#
178280 |
|
17-Apr-2008 |
gnn |
Clean up the code that checks the types of address so that it is done by understandable macros.
Fix the bug that prevented the system from responding on interfaces with link local addresses assigned.
PR: 120958 Submitted by: James Snow <snow at teardrop.org> MFC after: 2 weeks
|
#
176805 |
|
04-Mar-2008 |
rpaulo |
Change the default port range for outgoing connections by introducing IPPORT_EPHEMERALFIRST and IPPORT_EPHEMERALLAST with values 10000 and 65535 respectively. The rationale behind is that it makes the attacker's life more difficult if he/she wants to guess the ephemeral port range and also lowers the probability of a port colision (described in draft-ietf-tsvwg-port-randomization-01.txt).
While there, remove code duplication in in_pcbbind_setup().
Submitted by: Fernando Gont <fernando at gont.com.ar> Approved by: njl (mentor) Reviewed by: silby, bms Discussed on: freebsd-net
|
#
170613 |
|
12-Jun-2007 |
bms |
Import rewrite of IPv4 socket multicast layer to support source-specific and protocol-independent host mode multicast. The code is written to accomodate IPv6, IGMPv3 and MLDv2 with only a little additional work.
This change only pertains to FreeBSD's use as a multicast end-station and does not concern multicast routing; for an IGMPv3/MLDv2 router implementation, consider the XORP project.
The work is based on Wilbert de Graaf's IGMPv3 code drop for FreeBSD 4.6, which is available at: http://www.kloosterhof.com/wilbert/igmpv3.html
Summary * IPv4 multicast socket processing is now moved out of ip_output.c into a new module, in_mcast.c. * The in_mcast.c module implements the IPv4 legacy any-source API in terms of the protocol-independent source-specific API. * Source filters are lazy allocated as the common case does not use them. They are part of per inpcb state and are covered by the inpcb lock. * struct ip_mreqn is now supported to allow applications to specify multicast joins by interface index in the legacy IPv4 any-source API. * In UDP, an incoming multicast datagram only requires that the source port matches the 4-tuple if the socket was already bound by source port. An unbound socket SHOULD be able to receive multicasts sent from an ephemeral source port. * The UDP socket multicast filter mode defaults to exclusive, that is, sources present in the per-socket list will be blocked from delivery. * The RFC 3678 userland functions have been added to libc: setsourcefilter, getsourcefilter, setipv4sourcefilter, getipv4sourcefilter. * Definitions for IGMPv3 are merged but not yet used. * struct sockaddr_storage is now referenced from <netinet/in.h>. It is therefore defined there if not already declared in the same way as for the C99 types. * The RFC 1724 hack (specify 0.0.0.0/8 addresses to IP_MULTICAST_IF which are then interpreted as interface indexes) is now deprecated. * A patch for the Rhyolite.com routed in the FreeBSD base system is available in the -net archives. This only affects individuals running RIPv1 or RIPv2 via point-to-point and/or unnumbered interfaces. * Make IPv6 detach path similar to IPv4's in code flow; functionally same. * Bump __FreeBSD_version to 700048; see UPDATING.
This work was financially supported by another FreeBSD committer.
Obtained from: p4://bms_netdev Submitted by: Wilbert de Graaf (original work) Reviewed by: rwatson (locking), silence from fenner, net@ (but with encouragement)
|
#
167072 |
|
27-Feb-2007 |
bms |
Add INADDR_ALLRPTS_GROUP define for 224.0.0.22 for future IGMPv3 support.
Obtained from: OpenSolaris
|
#
166368 |
|
31-Jan-2007 |
bms |
Import macros IN_LINKLOCAL(), IN_PRIVATE(), IN_LOCAL_GROUP(), IN_ANY_LOCAL(). This is not a functional change.
IN_LINKLOCAL() tests if an address falls within the IPv4 link-local prefix. IN_PRIVATE() tests if an address falls within an RFC 1918 private prefix. IN_LOCAL_GROUP() tests if an address falls within the statically assigned link-local multicast scope specified in RFC 2365. IN_ANY_LOCAL() tests for either of IN_LINKLOCAL() or IN_LOCAL_GROUP().
As with the existing macros in the FreeBSD netinet stack, comparisons are performed in host-byte order.
See also: RFC 1918, RFC 2365, RFC 3927 Obtained from: NetBSD (dyoung@) MFC after: 2 weeks
|
#
165648 |
|
29-Dec-2006 |
piso |
Summer of Code 2005: improve libalias - part 2 of 2
With the second (and last) part of my previous Summer of Code work, we get:
-ipfw's in kernel nat
-redirect_* and LSNAT support
General information about nat syntax and some examples are available in the ipfw (8) man page. The redirect and LSNAT syntax are identical to natd, so please refer to natd (8) man page.
To enable in kernel nat in rc.conf, two options were added:
o firewall_nat_enable: equivalent to natd_enable
o firewall_nat_interface: equivalent to natd_interface
Remember to set net.inet.ip.fw.one_pass to 0, if you want the packet to continue being checked by the firewall ruleset after being (de)aliased.
NOTA BENE: due to some problems with libalias architecture, in kernel nat won't work with TSO enabled nic, thus you have to disable TSO via ifconfig (ifconfig foo0 -tso).
Approved by: glebius (mentor)
|
#
158563 |
|
14-May-2006 |
bms |
Fix a long-standing limitation in IPv4 multicast group membership.
By making the imo_membership array a dynamically allocated vector, this minimizes disruption to existing IPv4 multicast code. This change breaks the ABI for the kernel module ip_mroute.ko, and may cause a small amount of churn for folks working on the IGMPv3 merge.
Previously, sockets were subject to a compile-time limitation on the number of IPv4 group memberships, which was hard-coded to 20. The imo_membership relationship, however, is 1:1 with regards to a tuple of multicast group address and interface address. Users who ran routing protocols such as OSPF ran into this limitation on machines with a large system interface tree.
|
#
153553 |
|
20-Dec-2005 |
delphij |
Use consistent indent character as other IPPROTO_* lines did.
|
#
153552 |
|
20-Dec-2005 |
gnn |
Add protocol number for SCTP.
Submitted by: Randall Stewart rrs at cisco.com MFC after: 1 week
|
#
150594 |
|
26-Sep-2005 |
andre |
Implement IP_DONTFRAG IP socket option enabling the Don't Fragment flag on IP packets. Currently this option is only repected on udp and raw ip sockets. On tcp sockets the DF flag is controlled by the path MTU discovery option.
Sending a packet larger than the MTU size of the egress interface returns an EMSGSIZE error.
Discussed with: rwatson Sponsored by: TCP/IP Optimization Fundraise 2005
|
#
150296 |
|
18-Sep-2005 |
rwatson |
Take a first cut at cleaning up ifnet removal and multicast socket panics, which occur when stale ifnet pointers are left in struct moptions hung off of inpcbs:
- Add in_ifdetach(), which matches in6_ifdetach(), and allows the protocol to perform early tear-down on the interface early in if_detach().
- Annotate that if_detach() needs careful consideration.
- Remove calls to in_pcbpurgeif0() in the handling of SIOCDIFADDR -- this is not the place to detect interface removal! This also removes what is basically a nasty (and now unnecessary) hack.
- Invoke in_pcbpurgeif0() from in_ifdetach(), in both raw and UDP IPv4 sockets.
It is now possible to run the msocket_ifnet_remove regression test using HEAD without panicking.
MFC after: 3 days
|
#
149371 |
|
22-Aug-2005 |
andre |
Add socketoption IP_MINTTL. May be used to set the minimum acceptable TTL a packet must have when received on a socket. All packets with a lower TTL are silently dropped. Works on already connected/connecting and listening sockets for RAW/UDP/TCP.
This option is only really useful when set to 255 preventing packets from outside the directly connected networks reaching local listeners on sockets.
Allows userland implementation of 'The Generalized TTL Security Mechanism (GTSM)' according to RFC3682. Examples of such use include the Cisco IOS BGP implementation command "neighbor ttl-security".
MFC after: 2 weeks Sponsored by: TCP/IP Optimization Fundraise 2005
|
#
142215 |
|
22-Feb-2005 |
glebius |
Add CARP (Common Address Redundancy Protocol), which allows multiple hosts to share an IP address, providing high availability and load balancing.
Original work on CARP done by Michael Shalayeff, with many additions by Marco Pfatschbacher and Ryan McBride.
FreeBSD port done solely by Max Laier.
Patch by: mlaier Obtained from: OpenBSD (mickey, mcbride)
|
#
139823 |
|
06-Jan-2005 |
imp |
/* -> /*- for license, minor formatting changes
|
#
136712 |
|
19-Oct-2004 |
andre |
Pre-emptively define IPPROTO_SPACER to 32767, the same value as PROTO_SPACER to document that this value is globally assigned for a special purpose and may not be reused within the IPPROTO number space.
|
#
133874 |
|
16-Aug-2004 |
rwatson |
White space cleanup for netinet before branch:
- Trailing tab/space cleanup - Remove spurious spaces between or before tabs
This change avoids touching files that Andre likely has in his working set for PFIL hooks changes for IPFW/DUMMYNET.
Approved by: re (scottl) Submitted by: Xin LI <delphij@frontfree.net>
|
#
133486 |
|
11-Aug-2004 |
andre |
Add the function in_localip() which returns 1 if an internet address is for the local host and configured on one of its interfaces.
|
#
130609 |
|
16-Jun-2004 |
mlaier |
Prepare for pf 3.5 import: - Remove pflog and pfsync modules. Things will change in such a fashion that there will be one module with pf+pflog that can be loaded into GENERIC without problems (which is what most people want). pfsync is no longer possible as a module. - Add multicast address for in-kernel multicast pfsync protocol. Protocol glue will follow once the import is done. - Add one more mbuf tag
|
#
130281 |
|
09-Jun-2004 |
ru |
Introduce a new feature to IPFW2: lookup tables. These are useful for handling large sparse address sets. Initial implementation by Vsevolod Lobko <seva@ip.net.ua>, refined by me.
MFC after: 1 week
|
#
128019 |
|
07-Apr-2004 |
imp |
Remove advertising clause from University of California Regent's license, per letter dated July 22, 1999 and email from Peter Wemm, Alan Cox and Robert Watson.
Approved by: core, peter, alc, rwatson
|
#
121498 |
|
25-Oct-2003 |
ume |
correct namespace pollution.
Submitted by: bde
|
#
121472 |
|
24-Oct-2003 |
ume |
Switch Advanced Sockets API for IPv6 from RFC2292 to RFC3542 (aka RFC2292bis). Though I believe this commit doesn't break backward compatibility againt existing binaries, it breaks backward compatibility of API. Now, the applications which use Advanced Sockets API such as telnet, ping6, mld6query and traceroute6 use RFC3542 API.
Obtained from: KAME
|
#
119178 |
|
20-Aug-2003 |
bms |
Add the IP_ONESBCAST option, to enable undirected IP broadcasts to be sent on specific interfaces. This is required by aodvd, and may in future help us in getting rid of the requirement for BPF from our import of isc-dhcp.
Suggested by: fenestro Obtained from: BSD/OS Reviewed by: mini, sam Approved by: jake (mentor)
|
#
118622 |
|
07-Aug-2003 |
hsu |
1. Basic PIM kernel support Disabled by default. To enable it, the new "options PIM" must be added to the kernel configuration file (in addition to MROUTING):
options MROUTING # Multicast routing options PIM # Protocol Independent Multicast
2. Add support for advanced multicast API setup/configuration and extensibility.
3. Add support for kernel-level PIM Register encapsulation. Disabled by default. Can be enabled by the advanced multicast API.
4. Implement a mechanism for "multicast bandwidth monitoring and upcalls".
Submitted by: Pavlin Radoslavov <pavlin@icir.org>
|
#
114259 |
|
29-Apr-2003 |
mdodd |
Add definitions for IN6ADDR_LINKLOCAL_ALLMDNS_INIT and INADDR_ALLMDNS_GROUP.
|
#
114258 |
|
29-Apr-2003 |
mdodd |
IP_RECVTTL socket option.
Reviewed by: Stuart Cheshire <cheshire@apple.com>
|
#
112985 |
|
02-Apr-2003 |
mdodd |
Back out support for RFC3514.
RFC3514 poses an unacceptale risk to compliant systems.
|
#
112929 |
|
01-Apr-2003 |
mdodd |
Implement support for RFC 3514 (The Security Flag in the IPv4 Header). (See: ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt)
This fulfills the host requirements for userland support by way of the setsockopt() IP_EVIL_INTENT message.
There are three sysctl tunables provided to govern system behavior.
net.inet.ip.rfc3514:
Enables support for rfc3514. As this is an Informational RFC and support is not yet widespread this option is disabled by default.
net.inet.ip.hear_no_evil
If set the host will discard all received evil packets.
net.inet.ip.speak_no_evil
If set the host will discard all transmitted evil packets.
The IP statistics counter 'ips_evil' (available via 'netstat') provides information on the number of 'evil' packets recieved.
For reference, the '-E' option to 'ping' has been provided to demonstrate and test the implementation.
|
#
108533 |
|
01-Jan-2003 |
schweikh |
Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup, especially in troff files.
|
#
106152 |
|
29-Oct-2002 |
fenner |
Renumber IPPROTO_DIVERT out of the range of valid IP protocol numbers. This allows socket() to return an error when the kernel is not built with IPDIVERT, and doesn't prevent future applications from using the "borrowed" IP protocol number. The sysctl net.inet.raw.olddiverterror controls whether opening a socket with the "borrowed" IP protocol fails with an accompanying kernel printf; this code should last only a couple of releases.
Approved by: re
|
#
105651 |
|
21-Oct-2002 |
iedowse |
Implement a new IP_SENDSRCADDR ancillary message type that permits a server process bound to a wildcard UDP socket to select the IP address from which outgoing packets are sent on a per-datagram basis. When combined with IP_RECVDSTADDR, such a server process can guarantee to reply to an incoming request using the same source IP address as the destination IP address of the request, without having to open one socket per server IP address.
Discussed on: -net Approved by: re
|
#
102925 |
|
04-Sep-2002 |
sobomax |
Add in_hosteq() and in_nullhost() macros to make life of developers porting NetBSD code a little bit easier.
Obtained from: NetBSD
|
#
102227 |
|
21-Aug-2002 |
mike |
o Merge <machine/ansi.h> and <machine/types.h> into a new header called <machine/_types.h>. o <machine/ansi.h> will continue to live so it can define MD clock macros, which are only MD because of gratuitous differences between architectures. o Change all headers to make use of this. This mainly involves changing: #ifdef _BSD_FOO_T_ typedef _BSD_FOO_T_ foo_t; #undef _BSD_FOO_T_ #endif to: #ifndef _FOO_T_DECLARED typedef __foo_t foo_t; #define _FOO_T_DECLARED #endif
Concept by: bde Reviewed by: jake, obrien
|
#
96431 |
|
11-May-2002 |
mike |
Remove some duplicate types that should have been removed as part of the rearranging in the previous revision.
Pointy hat to: cvs update (merging), mike (for not noticing)
|
#
95336 |
|
23-Apr-2002 |
mike |
Rearrange <netinet/in.h> so that it is easier to conditionalize sections for various standards. Conditionalize sections for various standards. Use standards conforming spelling for types in the sockaddr_in structure.
|
#
95099 |
|
20-Apr-2002 |
mike |
Add sa_family_t type to <sys/_types.h> and typedefs to <netinet/in.h> and <sys/socket.h>. Previously, sa_family_t was only typedef'd in <sys/socket.h>.
|
#
94379 |
|
10-Apr-2002 |
silby |
Totally nuke IPPORT_USERRESERVED, it is no longer used anywhere, update remaining comments to reflect new ephemeral port range.
Reminded by: Maxim Konovalov <maxim@macomnet.ru> MFC after: 3 days
|
#
94357 |
|
10-Apr-2002 |
mike |
Unconditionalize the definition of INET_ADDRSTRLEN and INET6_ADDRSTRLEN. Doing this helps expose bogus redefinitions in 3rd party software.
|
#
94291 |
|
09-Apr-2002 |
silby |
Update comments to reflect the recent ephemeral port range change.
Noticed by: ru MFC After: 1 day
|
#
93514 |
|
01-Apr-2002 |
mike |
o Implement <sys/_types.h>, a new header for storing types that are MI, not required to be a fixed size, and used in multiple headers. This will grow in time, as more things move here from <sys/types.h> and <machine/ansi.h>. o Add missing type definitions (uint16_t and uint32_t) to <arpa/inet.h> and <netinet/in.h>. o Reduce pollution in <sys/types.h> by using `#if _FOO_T_DECLARED' widgets to avoid including <sys/stdint.h>. o Add some missing type definitions to <unistd.h> and note the ones that still need to be added. o Make use of <sys/_types.h> primitives in <grp.h> and <sys/types.h>.
Reviewed by: bde
|
#
92723 |
|
19-Mar-2002 |
alfred |
Remove __P.
|
#
91984 |
|
10-Mar-2002 |
mike |
o Add INET_ADDRSTRLEN and INET6_ADDRSTRLEN defines to <arpa/inet.h> for POSIX.1-2001 conformance. o Add magic to <netinet/in.h> and <netinet6/in6.h> to prevent redefining INET_ADDRSTRLEN and INET6_ADDRSTRLEN. o Add a note about missing typedefs in <arpa/inet.h>.
|
#
91959 |
|
09-Mar-2002 |
mike |
o Don't require long long support in bswap64() functions. o In i386's <machine/endian.h>, macros have some advantages over inlines, so change some inlines to macros. o In i386's <machine/endian.h>, ungarbage collect word_swap_int() (previously __uint16_swap_uint32), it has some uses on i386's with PDP endianness.
Submitted by: bde
o Move a comment up in <machine/endian.h> that was accidentially moved down a few revisions ago. o Reenable userland's use of optimized inline-asm versions of byteorder(3) functions. o Fix ordering of prototypes vs. redefinition of byteorder(3) functions, so that the non-GCC (libc asm) case has proper prototypes. o Add proper prototypes for byteorder(3) functions in <sys/param.h>. o Prevent redundant duplicate prototypes by making use of the _BYTEORDER_PROTOTYPED define. o Move the bswap16(), bswap32(), bswap64() C functions into MD space for platforms in which asm versions don't exist. This significantly reduces the complexity of some things at the cost of duplicate code.
Reviewed by: bde
|
#
90868 |
|
18-Feb-2002 |
mike |
o Move NTOHL() and associated macros into <sys/param.h>. These are deprecated in favor of the POSIX-defined lowercase variants. o Change all occurrences of NTOHL() and associated marcros in the source tree to use the lowercase function variants. o Add missing license bits to sparc64's <machine/endian.h>. Approved by: jake o Clean up <machine/endian.h> files. o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>. o Remove prototypes for non-existent bswapXX() functions. o Include <machine/endian.h> in <arpa/inet.h> to define the POSIX-required ntohl() family of functions. o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>, and <sys/param.h>. o Prepend underscores to the ntohl() family to help deal with complexities associated with having MD (asm and inline) versions, and having to prevent exposure of these functions in other headers that happen to make use of endian-specific defines. o Create weak aliases to the canonical function name to help deal with third-party software forgetting to include an appropriate header. o Remove some now unneeded pollution from <sys/types.h>. o Add missing <arpa/inet.h> includes in userland.
Tested on: alpha, i386 Reviewed by: bde, jake, tmm
|
#
87158 |
|
01-Dec-2001 |
mike |
o Stop abusing MD headers with non-MD types. o Hide nonstandard functions and types in <netinet/in.h> when _POSIX_SOURCE is defined. o Add some missing types (required by POSIX.1-200x) to <netinet/in.h>. o Restore vendor ID from Rev 1.1 in <netinet/in.h> and make use of new __FBSDID() macro. o Fix some miscellaneous issues in <arpa/inet.h>. o Correct final argument for the inet_ntop() function (POSIX.1-200x). o Get rid of the namespace pollution from <sys/types.h> in <arpa/inet.h>.
Reviewed by: fenner Partially submitted by: bde
|
#
84101 |
|
29-Sep-2001 |
jlemon |
Centralize satosin(), sintosa() and ifatoia() macros in <netinet/in.h> Remove local definitions.
|
#
84023 |
|
27-Sep-2001 |
luigi |
Remove unused (and duplicate) struct ip_opts which is never used, not referenced in Stevens, and does not compile with g++. There is an equivalent structure, struct ipoption in ip_var.h which is actually used in various parts of the kernel, and also referenced in Stevens.
Bill Fenner also says: ... if you want the trivia, struct ip_opts was introduced in in.h SCCS revision 7.9, on 6/28/1990, by Mike Karels. struct ipoption was introduced in ip_var.h SCCS revision 6.5, on 9/16/1985, by... Mike Karels.
MFC-after: 3 days
|
#
78243 |
|
14-Jun-2001 |
peter |
Fix a stack of KAME netinet6/in6.h warnings: 592: warning: `struct mbuf' declared inside parameter list 595: warning: `struct ifnet' declared inside parameter list
|
#
74700 |
|
23-Mar-2001 |
ume |
IPv4 address is not unsigned int. This change introduces in_addr_t.
PR: 9982 Adviced by: des Reviewed by: -alpha and -net (no objection) Obtained from: OpenBSD
|
#
72786 |
|
21-Feb-2001 |
rwatson |
o Move per-process jail pointer (p->pr_prison) to inside of the subject credential structure, ucred (cr->cr_prison). o Allow jail inheritence to be a function of credential inheritence. o Abstract prison structure reference counting behind pr_hold() and pr_free(), invoked by the similarly named credential reference management functions, removing this code from per-ABI fork/exit code. o Modify various jail() functions to use struct ucred arguments instead of struct proc arguments. o Introduce jailed() function to determine if a credential is jailed, rather than directly checking pointers all over the place. o Convert PRISON_CHECK() macro to prison_check() function. o Move jail() function prototypes to jail.h. o Emulate the P_JAILED flag in fill_kinfo_proc() and no longer set the flag in the process flags field itself. o Eliminate that "const" qualifier from suser/p_can/etc to reflect mutex use.
Notes:
o Some further cleanup of the linux/jail code is still required. o It's now possible to consider resolving some of the process vs credential based permission checking confusion in the socket code. o Mutex protection of struct prison is still not present, and is required to protect the reference count plus some fields in the structure.
Reviewed by: freebsd-arch Obtained from: TrustedBSD Project
|
#
72486 |
|
14-Feb-2001 |
asmodai |
Add definitions for IPPROTO numbers 55-57.
|
#
70951 |
|
12-Jan-2001 |
bmilekic |
Prototype inet_ntoa_r and thereby silence a warning from GCC. The function is prototyped immediately under inet_ntoa, which is also from libkern.
|
#
62587 |
|
04-Jul-2000 |
itojun |
sync with kame tree as of july00. tons of bug fixes/improvements.
API changes: - additional IPv6 ioctls - IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8). (also syntax change)
|
#
60105 |
|
06-May-2000 |
jlemon |
Add #include <machine/in_cksum.h>, in order to pick up the checksum inline functions and prototypes.
|
#
57120 |
|
10-Feb-2000 |
shin |
Forbid include of soem inet6 header files from wrong place
KAME put INET6 related stuff into sys/netinet6 dir, but IPv6 standard API(RFC2553) require following files to be under sys/netinet. netinet/ip6.h netinet/icmp6.h Now those header files just include each following files. netinet6/ip6.h netinet6/icmp6.h
Also KAME has netinet6/in6.h for easy INET6 common defs sharing between different BSDs, but RFC2553 requires only netinet/in.h should be included from userland. So netinet/in.h also includes netinet6/in6.h inside.
To keep apps portability, apps should not directly include above files from netinet6 dir. Ideally, all contents of, netinet6/ip6.h netinet6/icmp6.h netinet6/in6.h should be moved into netinet/ip6.h netinet/icmp6.h netinet/in.h but to avoid big changes in this stage, add some hack, that -Put some special macro define into those files under neitnet -Let files under netinet6 cause error if it is included from some apps, and, if the specifal macro define is not defined. (which should have been defined if files under netinet is included) -And let them print an error message which tells the correct name of the include file to be included.
Also fix apps which includes invalid header files.
Approved by: jkh
Obtained from: KAME project
|
#
55205 |
|
29-Dec-1999 |
peter |
Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL" is an application space macro and the applications are supposed to be free to use it as they please (but cannot). This is consistant with the other BSD's who made this change quite some time ago. More commits to come.
|
#
55009 |
|
22-Dec-1999 |
shin |
IPSEC support in the kernel. pr_input() routines prototype is also changed to support IPSEC and IPV6 chained protocol headers.
Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project
|
#
52904 |
|
05-Nov-1999 |
shin |
KAME related header files additions and merges. (only those which don't affect c source files so much)
Reviewed by: cvs-committers Obtained from: KAME project
|
#
50477 |
|
27-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
#
49350 |
|
01-Aug-1999 |
green |
Make ipfw's logging more dynamic. Now, log will use the default limit _or_ you may specify "log logamount number" to set logging specifically the rule. In addition, "ipfw resetlog" has been added, which will reset the logging counters on any/all rule(s). ipfw resetlog does not affect the packet/byte counters (as ipfw reset does), and is the only "set" command that can be run at securelevel >= 3. This should address complaints about not being able to set logging amounts, not being able to restart logging at a high securelevel, and not being able to just reset logging without resetting all of the counters in a rule.
|
#
46696 |
|
08-May-1999 |
peter |
Pre-declare struct proc to avoid 'inside param list' warnings.
|
#
46420 |
|
04-May-1999 |
luigi |
Free the dummynet descriptor in ip_dummynet, not in the called routines. The descriptor contains parameters which could be used within those routines (eg. ip_output() ).
On passing, add IPPROTO_PGM entry to netinet/in.h
|
#
46155 |
|
28-Apr-1999 |
phk |
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname.
Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
|
#
45869 |
|
20-Apr-1999 |
peter |
Tidy up some stray / unused stuff in the IPFW package and friends. - unifdef -DCOMPAT_IPFW (this was on by default already) - remove traces of in-kernel ip_nat package, it was never committed. - Make IPFW and DUMMYNET initialize themselves rather than depend on compiled-in hooks in ip_init(). This means they initialize the same way both in-kernel and as kld modules. (IPFW initializes now :-)
|
#
41793 |
|
14-Dec-1998 |
luigi |
Last bits (i think) of dummynet for -current.
|
#
38482 |
|
23-Aug-1998 |
wollman |
Yow! Completely change the way socket options are handled, eliminating another specialized mbuf type in the process. Also clean up some of the cruft surrounding IPFW, multicast routing, RSVP, and other ill-explored corners.
|
#
37409 |
|
06-Jul-1998 |
julian |
Support for IPFW based transparent forwarding. Any packet that can be matched by a ipfw rule can be redirected transparently to another port or machine. Redirection to another port mostly makes sense with tcp, where a session can be set up between a proxy and an unsuspecting client. Redirection to another machine requires that the other machine also be expecting to receive the forwarded packets, as their headers will not have been modified.
/sbin/ipfw must be recompiled!!!
Reviewed by: Peter Wemm <peter@freebsd.org> Submitted by: Chrisy Luke <chrisy@flix.net>
|
#
36708 |
|
06-Jun-1998 |
julian |
Fix wrong data type for a pointer.
|
#
36707 |
|
06-Jun-1998 |
julian |
clean up the changes made to ipfw over the last weeks (should make the ipfw lkm work again)
|
#
36192 |
|
19-May-1998 |
dg |
Added fast IP forwarding code by Matt Thomas <matt@3am-software.com> via NetBSD, ported to FreeBSD by Pierre Beyssac <pb@fasterix.freenix.org> and minorly tweaked by me. This is a standard part of FreeBSD, but must be enabled with: "sysctl -w net.inet.ip.fastforwarding=1" ...and of course forwarding must also be enabled. This should probably be modified to use the zone allocator for speed and space efficiency. The current algorithm also appears to lose if the number of active paths exceeds IPFLOW_MAX (256), in which case it wastes lots of time trying to figure out which cache entry to drop.
|
#
35919 |
|
10-May-1998 |
jb |
Treat all internet addresses as u_int32_t.
|
#
35304 |
|
19-Apr-1998 |
phk |
According to:
ftp://ftp.isi.edu/in-notes/iana/assignments/port-numbers
port numbers are divided into three ranges:
0 - 1023 Well Known Ports 1024 - 49151 Registered Ports 49152 - 65535 Dynamic and/or Private Ports
This patch changes the "local port range" from 40000-44999 to the range shown above (plus fix the comment in in_pcb.c).
WARNING: This may have an impact on firewall configurations!
PR: 5402 Reviewed by: phk Submitted by: Stephen J. Roznowski <sjr@home.net>
|
#
33814 |
|
25-Feb-1998 |
julian |
OOPs typo TCF, not TCP....
|
#
33804 |
|
25-Feb-1998 |
julian |
Bring our in.h up to date with respect to allocated IP protocol numbers. It is possible that the names may require tuning, but the numbers represent what is in rfc1700 which is the present active RFC.
|
#
33440 |
|
16-Feb-1998 |
guido |
Add new sysctl variable: net.inet.ip.accept_sourceroute It controls if the system is to accept source routed packets. It used to be such that, no matter if the setting of net.inet.ip.sourceroute, source routed packets destined at us would be accepted. Now it is controllable with eth default set to NOT accept those.
|
#
29838 |
|
24-Sep-1997 |
wollman |
Export ipstat via sysctl. Don't understand why this wasn't done before.
|
#
22975 |
|
22-Feb-1997 |
peter |
Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not ready for it yet.
|
#
21673 |
|
14-Jan-1997 |
jkh |
Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
|
#
21098 |
|
30-Dec-1996 |
peter |
Add INADDR_LOOPBACK, moved from <rpc/rpc.h>
|
#
19622 |
|
11-Nov-1996 |
fenner |
Add the IP_RECVIF socket option, which supplies a packet's incoming interface using a sockaddr_dl.
Fix the other packet-information socket options (SO_TIMESTAMP, IP_RECVDSTADDR) to work for multicast UDP and raw sockets as well. (They previously only worked for unicast UDP).
|
#
19113 |
|
22-Oct-1996 |
sos |
Changed args to the nat functions.
|
#
19035 |
|
19-Oct-1996 |
alex |
Reword two comments.
|
#
17758 |
|
21-Aug-1996 |
sos |
Add hooks for an IP NAT module, much like the firewall stuff... Move the sockopt definitions for the firewall code from ip_fw.h to in.h where it belongs.
|
#
17541 |
|
12-Aug-1996 |
peter |
Add two more portrange sysctls, which control the area of the below IPPORT_RESERVED that is used for selection when bind() is told to allocate a reserved port.
Also, implement simple sanity checking for all the addresses set, to make it a little harder for a user/sysadmin to shoot themselves in the feet.
|
#
17072 |
|
10-Jul-1996 |
julian |
Adding changes to ipfw and the kernel to support ip packet diversion.. This stuff should not be too destructive if the IPDIVERT is not compiled in.. be aware that this changes the size of the ip_fw struct so ipfw needs to be recompiled to use it.. more changes coming to clean this up.
|
#
15026 |
|
03-Apr-1996 |
phk |
Add feature for tcp "established". Change interface between netinet and ip_fw to be more general, and thus hopefully also support other ip filtering implementations.
|
#
14622 |
|
14-Mar-1996 |
fenner |
IGMPv2 routines rewritten, to be more compact and to fully comply with the IGMPv2 Internet Draft (including Router Alert IP option)
|
#
14195 |
|
22-Feb-1996 |
peter |
Make the default behavior of local port assignment match traditional systems (my last change did not mix well with some firewall configurations). As much as I dislike firewalls, this is one thing I I was not prepared to break by default.. :-)
Allow the user to nominate one of three ranges of port numbers as candidates for selecting a local address to replace a zero port number. The ranges are selected via a setsockopt(s, IPPROTO_IP, IP_PORTRANGE, &arg) call. The three ranges are: default, high (to bypass firewalls) and low (to get a port below 1024).
The default and high port ranges are sysctl settable under sysctl net.inet.ip.portrange.*
This code also fixes a potential deadlock if the system accidently ran out of local port addresses. It'd drop into an infinite while loop.
The secure port selection (for root) should reduce overheads and increase reliability of rlogin/rlogind/rsh/rshd if they are modified to take advantage of it.
Partly suggested by: pst Reviewed by: wollman
|
#
13491 |
|
19-Jan-1996 |
peter |
Change the default local address range for IP from 1024 through 5000 to 20000 through 30000. These numbers are used for local IP port numbers when an explicit address is not specified.
The values are sysctl modifiable under: net.inet.ip.port_{first|last}_auto
These numbers do not overlap with any known server addresses, without going above 32768 which are "negative" on some other implementations.
20000 through 30000 is 2.5 times larger than the old range, but some have suggested even that may not be enough... (gasp!) Setting a low address of 10000 should be plenty.. :-)
|
#
12296 |
|
14-Nov-1995 |
phk |
New style sysctl & staticize alot of stuff.
|
#
12003 |
|
01-Nov-1995 |
wollman |
Instrument the IP input queue with two new read-only MIB entries: net.inet.ip.intr-queue-maxlen (=== ipintrq.ifq_maxlen) and net.inet.ip.intr-queue-drops (=== ipintrq.ifq_drops)
There should probably be a standard way of getting the same information going the other way.
|
#
9575 |
|
18-Jul-1995 |
peter |
Change the compile-time option of DIRECTED_BROADCAST into a sysctl variable underneath ip, "directed-broadcast". Reviewed by: David Greenman Obtained from: NetBSD, by Darren Reed.
|
#
9209 |
|
13-Jun-1995 |
wollman |
Kernel side of 3.5 multicast routing code, based on work by Bill Fenner and other work done here. The LKM support is probably broken, but it still compiles and will be fixed later.
|
#
7091 |
|
16-Mar-1995 |
wollman |
Reject source routes unless configured on by administrator.
|
#
7088 |
|
16-Mar-1995 |
wollman |
Add inet_ntoa() and replace ARP's private routine with same.
|
#
6399 |
|
14-Feb-1995 |
wollman |
Attempt to make the host route cache a bit smarter under conditions of high load:
1) If there ever get to be more than net.inet.ip.rtmaxcache entries in the cache, in_rtqtimo() will reduce net.inet.ip.rtexpire by 1/3 and do another round, unles net.inet.ip.rtexpire is less than net.inet.ip.rtminexpire, and never more than once in ten minutes (rtq_timeout).
2) If net.inet.ip.rtexpire is set to zero, don't bother to cache anything.
|
#
5179 |
|
21-Dec-1994 |
wollman |
Correct sysctl info so that net.inet.ip.rtexpire is actually accessible.
|
#
5109 |
|
14-Dec-1994 |
wollman |
Make rtq_reallyold user-configurable via sysctl.
|
#
2531 |
|
06-Sep-1994 |
wollman |
Initial get-the-easy-case-working upgrade of the multicast code to something more recent than the ancient 1.2 release contained in 4.4. This code has the following advantages as compared to previous versions (culled from the README file for the SunOS release):
- True multicast delivery - Configurable rate-limiting of forwarded multicast traffic on each physical interface or tunnel, using a token-bucket limiter. - Simplistic classification of packets for prioritized dropping. - Administrative scoping of multicast address ranges. - Faster detection of hosts leaving groups. - Support for multicast traceroute (code not yet available). - Support for RSVP, the Resource Reservation Protocol.
What still needs to be done:
- The multicast forwarder needs testing. - The multicast routing daemon needs to be ported. - Network interface drivers need to have the `#ifdef MULTICAST' goop ripped out of them. - The IGMP code should probably be bogon-tested.
Some notes about the porting process:
In some cases, the Berkeley people decided to incorporate functionality from later releases of the multicast code, but then had to do things differently. As a result, if you look at Deering's patches, and then look at our code, it is not always obvious whether the patch even applies. Let the reader beware.
I ran ip_mroute.c through several passes of `unifdef' to get rid of useless grot, and to permanently enable the RSVP support, which we will include as standard.
Ported by: Garrett Wollman Submitted by: Steve Deering and Ajit Thyagarajan (among others)
|
#
2169 |
|
21-Aug-1994 |
paul |
Made idempotent.
Submitted by: Paul
|
#
1817 |
|
02-Aug-1994 |
dg |
Added $Id$
|
#
1542 |
|
24-May-1994 |
rgrimes |
This commit was generated by cvs2svn to compensate for changes in r1541, which included commits to RCS files with non-trunk default branches.
|
#
1541 |
|
24-May-1994 |
rgrimes |
BSD 4.4 Lite Kernel Sources
|