![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sys / netinet
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.157 / (download) - annotate - [select for diffs], Fri Apr 19 10:13:58 2024 UTC (7 weeks, 3 days ago) by bluhm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.156: +5 -3 lines
Diff to previous 1.156 (colored)
Merge IPv4 and IPv6 options in inpcb. A internet PCB has either inp_options or inp_outputopts6. Put them into a common anonymous union. OK mvs@ kn@
Revision 1.156 / (download) - annotate - [select for diffs], Wed Apr 17 20:48:51 2024 UTC (7 weeks, 5 days ago) by bluhm
Branch: MAIN
Changes since 1.155: +2 -6 lines
Diff to previous 1.155 (colored)
Use struct ipsec_level within inpcb. Instead of passing around u_char[4], introduce struct ipsec_level that contains 4 ipsec levels. This provides better type safety. The embedding struct inpcb is globally visible for netstat(1), so put struct ipsec_level outside of #ifdef _KERNEL. OK deraadt@ mvs@
Revision 1.155 / (download) - annotate - [select for diffs], Mon Apr 15 18:31:04 2024 UTC (8 weeks ago) by bluhm
Branch: MAIN
Changes since 1.154: +1 -4 lines
Diff to previous 1.154 (colored)
Delete unused inp_csumoffset define. OK mvs@
Revision 1.154 / (download) - annotate - [select for diffs], Fri Mar 22 21:48:38 2024 UTC (2 months, 2 weeks ago) by bluhm
Branch: MAIN
Changes since 1.153: +4 -7 lines
Diff to previous 1.153 (colored)
Remove padding from union inpaddru. Alignment of IPv4 address with lower part of IPv6 address looks like a leftover from times when IPv6 compatible addresses should contain IPv4 addreses. Better use a simple union for both IPv4 and IPv6 addresses like everywhere else. Use this type also for common zero address. OK mvs@
Revision 1.153 / (download) - annotate - [select for diffs], Fri Mar 22 18:05:01 2024 UTC (2 months, 2 weeks ago) by bluhm
Branch: MAIN
Changes since 1.152: +3 -2 lines
Diff to previous 1.152 (colored)
Make local port which is bound during connect(2) unique per laddr. in_pcbconnect() did not pass down the address it got from in_pcbselsrc() to in_pcbpickport(). As a consequence local port numbers selected during connect(2) were globally unique although they belong to different addresses. This strict uniqueness is not necessary and wastes usable ports for outgoing connections. To solve this, pass ina from in_pcbconnect() to in_pcbbind_locked(). This does not interfere how wildcard sockets are matched with specific sockets during bind(2). It only allows non-wildcard sockets to share a local port during connect(2). OK mvs@ deraadt@
Revision 1.152 / (download) - annotate - [select for diffs], Tue Feb 13 12:22:09 2024 UTC (3 months, 3 weeks ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.151: +2 -7 lines
Diff to previous 1.151 (colored)
Merge struct route and struct route_in6. Use a common struct route for both inet and inet6. Unfortunately struct sockaddr is shorter than sockaddr_in6, so netinet/in.h has to be exposed from net/route.h. Struct route has to be bsd visible for userland as netstat kvm code inspects inp_route. Internet PCB and TCP SYN cache can use a plain struct route now. All specific sockaddr types for inet and inet6 are embeded there. OK claudio@
Revision 1.151 / (download) - annotate - [select for diffs], Sun Feb 11 01:27:45 2024 UTC (3 months, 4 weeks ago) by bluhm
Branch: MAIN
Changes since 1.150: +1 -2 lines
Diff to previous 1.150 (colored)
Remove include netinet6/ip6_var.h from netinet/in_pcb.h. OK mvs@
Revision 1.150 / (download) - annotate - [select for diffs], Wed Jan 31 12:27:57 2024 UTC (4 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.149: +3 -1 lines
Diff to previous 1.149 (colored)
Split in_pcbrtentry() and in6_pcbrtentry() based on INP_IPV6. Splitting the IPv6 code into a separate function results in less #ifdef INET6. Also struct route_in6 *ro in in6_pcbrtentry() is of the correct type and in_pcbrtentry() does not rely on the fact that inp_route and inp_route6 are pointers to the same union. OK kn@ claudio@
Revision 1.149 / (download) - annotate - [select for diffs], Sun Jan 28 20:34:25 2024 UTC (4 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.148: +3 -3 lines
Diff to previous 1.148 (colored)
Use more specific sockaddr type for inpcb notify. in_pcbnotifyall() is an IPv4 only function. All callers check that sockaddr dst is in fact a sockaddr_in. Pass the more spcific type and remove the runtime check at beginning of in_pcbnotifyall(). Use const sockaddr_in in in_pcbnotifyall() and const sockaddr_in6 in6_pcbnotify() as dst parameter. OK millert@
Revision 1.148 / (download) - annotate - [select for diffs], Tue Jan 9 19:57:00 2024 UTC (5 months ago) by bluhm
Branch: MAIN
Changes since 1.147: +6 -6 lines
Diff to previous 1.147 (colored)
Convert some struct inpcb parameter to const pointer. OK millert@
Revision 1.147 / (download) - annotate - [select for diffs], Wed Jan 3 11:07:04 2024 UTC (5 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.146: +3 -2 lines
Diff to previous 1.146 (colored)
Run connect(2) in parallel within inet doamin. This unlocks soconnect() for UDP, rip, rip6 and divert. It takes shared net lock in combination with per socket lock. TCP and GRE still use exclusive net lock when connecting. OK mvs@
Revision 1.146 / (download) - annotate - [select for diffs], Mon Jan 1 22:16:51 2024 UTC (5 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.145: +3 -2 lines
Diff to previous 1.145 (colored)
Protect link between pf and inp with mutex. Introduce global mutex to protect the pointers between pf state key and internet PCB. Then in_pcbdisconnect() and in_pcbdetach() do not need exclusive netlock anymore. Use a bunch of read once unlocked access to reduce performance impact. OK sashan@
Revision 1.145 / (download) - annotate - [select for diffs], Mon Dec 18 13:11:20 2023 UTC (5 months, 3 weeks ago) by bluhm
Branch: MAIN
Changes since 1.144: +33 -1 lines
Diff to previous 1.144 (colored)
Run bind(2) system call in parallel. For protocols that care about locking, use the shared net lock to call sobind(). Use the per socket rwlock together with shared net lock. This affects protocols UDP, raw IP, and divert. Move the inpcb mutex locking into soreceive(), it is only used there. Add a comment to describe the current inmplementation of inpcb locking. OK mvs@ sashan@
Revision 1.144 / (download) - annotate - [select for diffs], Fri Dec 15 00:24:56 2023 UTC (5 months, 3 weeks ago) by bluhm
Branch: MAIN
Changes since 1.143: +6 -6 lines
Diff to previous 1.143 (colored)
Use inpcb table mutex to set addresses. Protect all remaining write access to inp_faddr and inp_laddr with inpcb table mutex. Document inpcb locking for foreign and local address and port and routing table id. Reading will be made MP safe by adding per socket rw-locks in a next step. OK sashan@ mvs@
Revision 1.143 / (download) - annotate - [select for diffs], Thu Dec 7 16:08:30 2023 UTC (6 months ago) by bluhm
Branch: MAIN
Changes since 1.142: +10 -6 lines
Diff to previous 1.142 (colored)
Inpcb table mutex protects addr and port during bind(2) and connect(2). in_pcbbind(), in_pcbconnect(), and in6_pcbconnect() have to set addresses and ports within the same critical section as the inpcb hash table calculation. Also lookup and address selection have to be protected to avoid bindings and connections that are not unique. For that in_pcbpickport() and in_pcbbind_locked() expect that the table mutex is already taken. The functions in_pcblookup_lock(), in_pcblookup_local_lock(), and in_pcbaddrisavail_lock() grab the mutex iff the lock parameter is IN_PCBLOCK_GRAB. Otherwise the parameter is IN_PCBLOCK_HOLD has the lock has to be taken already. Note that in_pcblookup_lock() and in_pcblookup_local() return an inp with increased reference iff they take and release the lock. Otherwise the caller protects the life time of the inp. This gives enough flexibility that in_pcbbind() and in_pcbconnect() can hold the table mutex when they need it. The public inpcb API does not change. OK sashan@ mvs@
Revision 1.142 / (download) - annotate - [select for diffs], Sun Dec 3 20:24:17 2023 UTC (6 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.141: +2 -4 lines
Diff to previous 1.141 (colored)
Use INP_IPV6 flag instead of sotopf(). During initialization in_pcballoc() sets INP_IPV6 once to avoid reaching through inp_socket->so_proto->pr_domain->dom_family. Use this flag consistently. OK sashan@ mvs@
Revision 1.141 / (download) - annotate - [select for diffs], Fri Dec 1 15:30:46 2023 UTC (6 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.140: +6 -1 lines
Diff to previous 1.140 (colored)
Set inp address, port and rtable together with inpcb hash. The inpcb hash table is protected by table->inpt_mtx. The hash is based on addresses, ports, and routing table. These fields were not sychronized with the hash. Put writes and hash update into the same critical section. Move the updates from ip_ctloutput(), ip6_ctloutput(), syn_cache_get(), tcp_connect(), udp_disconnect() to dedicated inpcb set functions. There they use the same table mutex as in_pcbrehash(). in_pcbbind(), in_pcbconnect(), and in6_pcbconnect() need more work and are not included yet. OK sashan@ mvs@
Revision 1.140 / (download) - annotate - [select for diffs], Wed Nov 29 18:30:48 2023 UTC (6 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.139: +2 -2 lines
Diff to previous 1.139 (colored)
Document inp_socket as immutable and remove NULL checks. Struct inpcb field inp_socket is initialized in in_pcballoc(). It is not NULL and never changed. OK mvs@
Revision 1.139 / (download) - annotate - [select for diffs], Tue Nov 28 13:23:20 2023 UTC (6 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.138: +5 -5 lines
Diff to previous 1.138 (colored)
Remove struct inpcb from in6_embedscope() parameters. rip6_output() did modify inp_outputopts6 temporarily to provide different ip6_pktopts to in6_embedscope(). Better pass inp_outputopts6 and inp_moptions6 as separate arguments to in6_embedscope(). Simplify the code that deals with these options in in6_embedscope(). Doucument inp_moptions and inp_moptions6 as protected by net lock. OK kn@
Revision 1.138 / (download) - annotate - [select for diffs], Sun Nov 26 22:08:10 2023 UTC (6 months, 2 weeks ago) by bluhm
Branch: MAIN
Changes since 1.137: +2 -2 lines
Diff to previous 1.137 (colored)
Remove inp parameter from ip_output(). ip_output() received inp as parameter. This is only used to lookup the IPsec level of the socket. Reasoning about MP locking is much easier if only relevant data is passed around. Convert ip_output() to receive constant inp_seclevel as argument and mark it as protected by net lock. OK mvs@
Revision 1.137 / (download) - annotate - [select for diffs], Sun Nov 12 23:19:15 2023 UTC (6 months, 4 weeks ago) by bluhm
Branch: MAIN
Changes since 1.136: +5 -3 lines
Diff to previous 1.136 (colored)
Declare global variable zeroin46_addr as const. OK mvs@ jca@
Revision 1.136 / (download) - annotate - [select for diffs], Sat Jun 24 20:54:46 2023 UTC (11 months, 2 weeks ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.135: +3 -4 lines
Diff to previous 1.135 (colored)
Calculate inet PCB SIP hash without table mutex. Goal is to run UDP input in parallel. Btrace kstack analysis shows that SIP hash for PCB lookup is quite expensive. When running in parallel, there is also lock contention on the PCB table mutex. It results in better performance to calculate the hash value before taking the mutex. The hash secret has to be constant as hash calculation must not depend on values protected by the table mutex. Do not reseed anymore when hash table gets resized. Analysis also shows that asserting a rw_lock while holding a mutex is a bit expensive. Just remove the netlock assert. OK dlg@ mvs@
Revision 1.135 / (download) - annotate - [select for diffs], Mon Oct 3 16:43:52 2022 UTC (20 months, 1 week ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.134: +2 -2 lines
Diff to previous 1.134 (colored)
System calls should not fail due to temporary memory shortage in malloc(9) or pool_get(9). Pass down a wait flag to pru_attach(). During syscall socket(2) it is ok to wait, this logic was missing for internet pcb. Pfkey and route sockets were already waiting. sonewconn() must not wait when called during TCP 3-way handshake. This logic has been preserved. Unix domain stream socket connect(2) can wait until the other side has created the socket to accept. OK mvs@
Revision 1.134 / (download) - annotate - [select for diffs], Sat Sep 3 22:43:38 2022 UTC (21 months, 1 week ago) by mvs
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.133: +3 -1 lines
Diff to previous 1.133 (colored)
Move PRU_PEERADDR request to (*pru_peeraddr)().
Introduce in{,6}_peeraddr() and use them for inet and inet6 sockets,
except tcp(4) case.
Also remove *_usrreq() handlers.
ok bluhm@
Revision 1.133 / (download) - annotate - [select for diffs], Sat Sep 3 18:48:50 2022 UTC (21 months, 1 week ago) by mvs
Branch: MAIN
Changes since 1.132: +3 -1 lines
Diff to previous 1.132 (colored)
Move PRU_SOCKADDR request to (*pru_sockaddr)()
Introduce in{,6}_sockaddr() functions, and use them for all except tcp(4)
inet sockets. For tcp(4) sockets use tcp_sockaddr() to keep debug ability.
The key management and route domain sockets returns EINVAL error for
PRU_SOCKADDR request, so keep this behaviour for a while instead of make
pru_sockaddr handler optional and return EOPNOTSUPP.
ok bluhm@
Revision 1.132 / (download) - annotate - [select for diffs], Tue Aug 30 11:53:04 2022 UTC (21 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.131: +4 -4 lines
Diff to previous 1.131 (colored)
Refactor internet PCB lookup function. Rename in_pcbhashlookup() so the public API is in_pcblookup() and in_pcblookup_listen(). For internal use introduce in_pcbhash_insert() and in_pcbhash_lookup() to avoid code duplication. Routing domain is unsigned, change the type to u_int. OK mvs@
Revision 1.131 / (download) - annotate - [select for diffs], Mon Aug 22 10:37:27 2022 UTC (21 months, 2 weeks ago) by bluhm
Branch: MAIN
Changes since 1.130: +5 -2 lines
Diff to previous 1.130 (colored)
Use rwlock per inpcb table to protect notify list. The notify function may sleep, so holding a mutex is not possible. The same list entry and rwlock is used for UDP multicast and raw IP delivery. By adding a write lock, exclusive netlock is no longer necessary for PCB notify and UDP and raw IP input. OK mvs@
Revision 1.130 / (download) - annotate - [select for diffs], Sun Aug 21 11:44:53 2022 UTC (21 months, 2 weeks ago) by bluhm
Branch: MAIN
Changes since 1.129: +3 -1 lines
Diff to previous 1.129 (colored)
Introduce a mutex per inpcb to serialize access to socket receive buffer. Later it may be used to protect more of the PCB or socket. In divert input replace the kernel lock with this mutex. OK mvs@
Revision 1.129 / (download) - annotate - [select for diffs], Sun May 15 09:12:20 2022 UTC (2 years ago) by dlg
Branch: MAIN
Changes since 1.128: +2 -2 lines
Diff to previous 1.128 (colored)
have in_pcbselsrc copy the selected address to memory provided by the caller. having it return a pointer to something that has a lifetime managed by a lock without accounting for it or taking a reference count or anything like that is asking for trouble. copying the address to caller provded memory while still inside the lock is a lot safer. discussed with visa@ ok bluhm@ claudio@
Revision 1.128 / (download) - annotate - [select for diffs], Mon Mar 21 23:37:09 2022 UTC (2 years, 2 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.127: +2 -2 lines
Diff to previous 1.127 (colored)
For multicast and broadcast packets udp_input() traverses the loop of all UDP PCBs. From there it calls udp_sbappend() while holding the UDP table mutex. This ends in sorwakeup() where we finally grab the kernel lock while holding a mutex. Witness detects this misuse. Use the same solution as for PCB notify. Collect the affected PCBs in a temporary list. The list is protected by exclusive net lock. Reported-by: syzbot+7596cb96fb9f3c9d6f4f@syzkaller.appspotmail.com OK sashan@
Revision 1.127 / (download) - annotate - [select for diffs], Mon Mar 21 09:12:34 2022 UTC (2 years, 2 months ago) by bluhm
Branch: MAIN
Changes since 1.126: +20 -11 lines
Diff to previous 1.126 (colored)
Header netinet/in_pcb.h includes sys/mutex.h now. Recommit mutex for PCB tables. It does not break userland build anymore. pf_socket_lookup() calls in_pcbhashlookup() in the PCB layer. To run pf in parallel, make parts of the stack MP safe. Protect the list and hashes in the PCB tables with a mutex. Note that the protocol notify functions may call pf via tcp_output(). As the pf lock is a sleeping rw_lock, we must not hold a mutex. To solve this for now, collect these PCBs in inp_notify list and protect it with exclusive netlock. OK sashan@
Revision 1.126 / (download) - annotate - [select for diffs], Sun Mar 20 19:16:29 2022 UTC (2 years, 2 months ago) by bluhm
Branch: MAIN
Changes since 1.125: +2 -1 lines
Diff to previous 1.125 (colored)
Include sys/mutex.h from netinet/in_pcb.h. Struct mutex will be needed to make inpcb in kernel MP safe. To build sysctl and libkvm based programs, we have to export it to userland. OK claudio@
Revision 1.125 / (download) - annotate - [select for diffs], Mon Mar 14 22:38:43 2022 UTC (2 years, 2 months ago) by tb
Branch: MAIN
Changes since 1.124: +10 -19 lines
Diff to previous 1.124 (colored)
Unbreak the tree, revert commitid aZ8fm4iaUnTCc0ul This reverts the commit protecting the list and hashes in the PCB tables with a mutex since the build of sysctl(8) breaks, as found by kettenis. ok sthen
Revision 1.124 / (download) - annotate - [select for diffs], Mon Mar 14 17:23:00 2022 UTC (2 years, 2 months ago) by bluhm
Branch: MAIN
Changes since 1.123: +20 -11 lines
Diff to previous 1.123 (colored)
pf_socket_lookup() calls in_pcbhashlookup() in the PCB layer. To run pf in parallel, make parts of the stack MP safe. Protect the list and hashes in the PCB tables with a mutex. Note that the protocol notify functions may call pf via tcp_output(). As the pf lock is a sleeping rw_lock, we must not hold a mutex. To solve this for now, collect these PCBs in inp_notify list and protect it with exclusive netlock. OK sashan@
Revision 1.123 / (download) - annotate - [select for diffs], Wed Mar 2 12:53:15 2022 UTC (2 years, 3 months ago) by bluhm
Branch: MAIN
Changes since 1.122: +2 -2 lines
Diff to previous 1.122 (colored)
The return value of in6_pcbnotify() is never used. Make it a void function. OK gnezdo@ mvs@ florian@ sashan@
Revision 1.122 / (download) - annotate - [select for diffs], Thu Jan 20 11:06:57 2022 UTC (2 years, 4 months ago) by bluhm
Branch: MAIN
Changes since 1.121: +4 -4 lines
Diff to previous 1.121 (colored)
Shifting signed integers left by 31 is undefined behavior in C. found by kubsan; joint work with tobhe@; OK miod@
Revision 1.121 / (download) - annotate - [select for diffs], Mon Jan 25 03:40:46 2021 UTC (3 years, 4 months ago) by dlg
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.120: +2 -1 lines
Diff to previous 1.120 (colored)
if stoeplitz is enabled, use it to provide a flowid for tcp packets. drivers that implement rss and multiple rings depend on the symmetric toeplitz code, and use it to generate a key that decides with rx ring a packet lands on. if the toeplitz code is enabled, this diff has the pcb and tcp layer use the toeplitz code to generate a flowid for packets they send, which in turn is used to pick a tx ring. because the nic and the stack use the same key, the tx and rx sides end up with the same hash/flowid. at the very least this means that the same rx and tx queue pair on a particular nic are used for both sides of the connection. as the stack becomes more parallel, it will also help keep both sides of the tcp connection processing in the one place.
Revision 1.120 / (download) - annotate - [select for diffs], Sun Jun 21 05:14:04 2020 UTC (3 years, 11 months ago) by dlg
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.119: +3 -2 lines
Diff to previous 1.119 (colored)
knf: the inp_upcall line was too long.
Revision 1.119 / (download) - annotate - [select for diffs], Sun Jun 21 05:12:06 2020 UTC (3 years, 11 months ago) by dlg
Branch: MAIN
Changes since 1.118: +3 -1 lines
Diff to previous 1.118 (colored)
add a inp_upcall function pointer and inp_upcall_arg to struct in_pcb. this is so protocols (eg, udp) can let things (eg, kernel support for wireguard or vxlan or geneve) look at and possibly steal packets before they get added to a socket buffer. i wrote the original version of this, but it was tweaked by Matt Dunwoodie and Jason A. Donenfeld for use with wireguard.
Revision 1.118 / (download) - annotate - [select for diffs], Wed Nov 13 17:36:02 2019 UTC (4 years, 6 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.117: +2 -2 lines
Diff to previous 1.117 (colored)
Add DoT 853 to DEFBADDYNAMICPORTS_TCP. This port will be increasingly unfiltered in the future, so this prevents rresvport_af(3) from randomly exposing a service intended for local visibility only. ok florian
Revision 1.117 / (download) - annotate - [select for diffs], Thu Oct 17 00:51:28 2019 UTC (4 years, 7 months ago) by dlg
Branch: MAIN
Changes since 1.116: +3 -3 lines
Diff to previous 1.116 (colored)
in6_setsockaddr and in6_setpeeraddr can't fail, so let them return void. this also brings them in line with the AF_INET equivalents. ok visa@ bluhm@
Revision 1.116 / (download) - annotate - [select for diffs], Mon Jul 15 12:40:42 2019 UTC (4 years, 10 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.115: +2 -1 lines
Diff to previous 1.115 (colored)
Initialize struct inpcb pool not on demand, but during initialization. Removes a global variable and avoids MP problems. OK mpi@ visa@
Revision 1.115 / (download) - annotate - [select for diffs], Thu Oct 4 17:33:41 2018 UTC (5 years, 8 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.114: +13 -22 lines
Diff to previous 1.114 (colored)
Revert the inpcb table mutex commit. It triggers a witness panic in raw IP delivery and UDP broadcast loops. There inpcbtable_mtx is held and sorwakeup() is called within the loop. As sowakeup() grabs the kernel lock, we have a lock ordering problem. found by Hrvoje Popovski; OK deraadt@ mpi@
Revision 1.114 / (download) - annotate - [select for diffs], Thu Sep 20 18:59:10 2018 UTC (5 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.113: +22 -13 lines
Diff to previous 1.113 (colored)
As a step towards per inpcb or socket locks, remove the net lock for netstat -a. Introduce a global mutex that protects the tables and hashes for the internet PCBs. To detect detached PCB, set its inp_socket field to NULL. This has to be protected by a per PCB mutex. The protocol pointer has to be protected by the mutex as netstat uses it. Always take the kernel lock in in_pcbnotifyall() and in6_pcbnotify() before the table mutex to avoid lock ordering problems in the notify functions. OK visa@
Revision 1.113 / (download) - annotate - [select for diffs], Fri Sep 14 12:55:17 2018 UTC (5 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.112: +11 -10 lines
Diff to previous 1.112 (colored)
In general it is a bad idea to use one random secret for two things. The inet PCB uses one hash with local and foreign addresses, and one with local port numbers. Give both hashes separate keys. Also document the struct fields. OK visa@
Revision 1.112 / (download) - annotate - [select for diffs], Fri Sep 14 07:25:02 2018 UTC (5 years, 8 months ago) by jsg
Branch: MAIN
Changes since 1.111: +2 -1 lines
Diff to previous 1.111 (colored)
unbreak userland uses of in_pcb.h by including sys/refcnt.h ok visa@
Revision 1.111 / (download) - annotate - [select for diffs], Thu Sep 13 19:53:58 2018 UTC (5 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.110: +5 -1 lines
Diff to previous 1.110 (colored)
Add reference counting for inet pcb, this will be needed when we start locking the socket. An inp can be referenced by the PCB queue and hashes, by a pf mbuf header, or by a pf state key. OK visa@
Revision 1.110 / (download) - annotate - [select for diffs], Tue Sep 11 14:34:49 2018 UTC (5 years, 9 months ago) by bluhm
Branch: MAIN
Changes since 1.109: +5 -1 lines
Diff to previous 1.109 (colored)
Make the distribution of in_ and in6_ functions in in_pcb.c and in6_pcb.c consistent, to ease comparing the code. Move all inet6 functions to in6_. Bring functions in both source files in same order. Cleanup the include section. Now in_pcb.c is a superset of in6_pcb.c. The latter contains all the special implementations. Just moving arround, no code change intended. OK mpi@
Revision 1.109 / (download) - annotate - [select for diffs], Sun Jun 3 21:00:15 2018 UTC (6 years ago) by bluhm
Branch: MAIN
Changes since 1.108: +2 -2 lines
Diff to previous 1.108 (colored)
Rename the incpb table field inpt_hash to inpt_mask as it contains the hashmask. For the resize calculations it is clearer to use the field inpt_size. OK visa@ mpi@
Revision 1.108 / (download) - annotate - [select for diffs], Sat Jun 2 16:38:21 2018 UTC (6 years ago) by bluhm
Branch: MAIN
Changes since 1.107: +2 -1 lines
Diff to previous 1.107 (colored)
Move the declarations of the raw ip and ip6 pcb tables into the in_pcb.h header file. OK mpi@ visa@
Revision 1.107 / (download) - annotate - [select for diffs], Fri Mar 30 17:33:54 2018 UTC (6 years, 2 months ago) by dhill
Branch: MAIN
Changes since 1.106: +2 -2 lines
Diff to previous 1.106 (colored)
Store the allocation size in inpcbhead for free(). OK visa@
Revision 1.106 / (download) - annotate - [select for diffs], Fri Dec 1 10:33:33 2017 UTC (6 years, 6 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.105: +4 -5 lines
Diff to previous 1.105 (colored)
Simplify the reverse PCB lookup logic. The PF_TAG_TRANSLATE_LOCALHOST security check prevents that the user accidentally configures redirect where a divert-to would be appropriate. Instead of spreading the logic into tcp and udp input, check the flag during PCB listen lookup. This also reduces parameters of in_pcblookup_listen(). OK visa@
Revision 1.105 / (download) - annotate - [select for diffs], Fri Oct 6 21:14:55 2017 UTC (6 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.104: +1 -2 lines
Diff to previous 1.104 (colored)
Kill the divert-packet socket option IP_DIVERTFL to filter packets. It used a loop over the global list divbtable that would be hard to make MP safe. The port net/dnsfilter does not work without this, it should be converted to divert-to. Neither other ports nor base use this filter feature. ports checked by sthen@; OK mpi@ benno@
Revision 1.104 / (download) - annotate - [select for diffs], Sat Sep 3 14:18:42 2016 UTC (7 years, 9 months ago) by phessler
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.103: +4 -2 lines
Diff to previous 1.103 (colored)
Reserve the BFD destination ports in baddynamic OK claudio@, henning@
Revision 1.103 / (download) - annotate - [select for diffs], Thu Aug 4 20:46:24 2016 UTC (7 years, 10 months ago) by vgross
Branch: MAIN
Changes since 1.102: +2 -3 lines
Diff to previous 1.102 (colored)
Commit in6_selectsrc() split again, with missing assignment fixed.
Revision 1.102 / (download) - annotate - [select for diffs], Fri Jul 22 11:14:41 2016 UTC (7 years, 10 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.101: +2 -1 lines
Diff to previous 1.101 (colored)
Revert in_selectsrc() refactoring, it breaks IPv6. Reported by Heiko on bugs@. ok stsp@, claudio@
Revision 1.101 / (download) - annotate - [select for diffs], Wed Jul 20 18:51:50 2016 UTC (7 years, 10 months ago) by vgross
Branch: MAIN
Changes since 1.100: +2 -3 lines
Diff to previous 1.100 (colored)
Split in6_selectsrc() into a low-level part and a pcb-level part, and convert in_selectsrc() prototype to match. Ok bluhm@ mpi@.
Revision 1.100 / (download) - annotate - [select for diffs], Mon Jun 27 16:33:48 2016 UTC (7 years, 11 months ago) by jca
Branch: MAIN
Changes since 1.99: +2 -1 lines
Diff to previous 1.99 (colored)
Implement IPV6_MINHOPCOUNT support. Useful to implement GTSM support in daemons such as bgpd(8). Diff from 2013 revived by renato@. Input from bluhm@, ok bluhm@ deraadt@
Revision 1.99 / (download) - annotate - [select for diffs], Sat Jun 18 10:36:13 2016 UTC (7 years, 11 months ago) by vgross
Branch: MAIN
Changes since 1.98: +10 -1 lines
Diff to previous 1.98 (colored)
Add net.inet.{tcp,udp}.rootonly sysctl, to mark which ports
cannot be bound to by non-root users.
Ok millert@ bluhm@
Revision 1.98 / (download) - annotate - [select for diffs], Mon Apr 11 21:24:29 2016 UTC (8 years, 2 months ago) by vgross
Branch: MAIN
Changes since 1.97: +2 -3 lines
Diff to previous 1.97 (colored)
Rename in_pcblookup() to in_pcblookup_local() and change its prototype to get rid of the now useless foreign address and ports parameters. ok mpi@
Revision 1.97 / (download) - annotate - [select for diffs], Tue Apr 5 19:34:05 2016 UTC (8 years, 2 months ago) by vgross
Branch: MAIN
Changes since 1.96: +2 -2 lines
Diff to previous 1.96 (colored)
Move inp_laddr assignment after in_pcbpickport(), extend in_pcbpickport() as needed. Ok bluhm@
Revision 1.96 / (download) - annotate - [select for diffs], Wed Mar 23 15:50:36 2016 UTC (8 years, 2 months ago) by vgross
Branch: MAIN
Changes since 1.95: +1 -2 lines
Diff to previous 1.95 (colored)
Merge in_pcbbind() and in6_pcbbind(), and change every call to in6_pcbbind() into in_pcbbind(). Ok jca@ mpi@
Revision 1.95 / (download) - annotate - [select for diffs], Wed Mar 23 00:07:31 2016 UTC (8 years, 2 months ago) by vgross
Branch: MAIN
Changes since 1.94: +3 -1 lines
Diff to previous 1.94 (colored)
Extract in_pcbaddrisavail() from in_pcbbind(). ok jca@
Revision 1.94 / (download) - annotate - [select for diffs], Mon Mar 21 21:21:35 2016 UTC (8 years, 2 months ago) by vgross
Branch: MAIN
Changes since 1.93: +3 -1 lines
Diff to previous 1.93 (colored)
Extract in6_pcbaddrisavail() from in6_pcbbind(), and use it when checking for source availability in udp6_output(); This time with all the files. Ok jca@ bluhm@
Revision 1.93 / (download) - annotate - [select for diffs], Thu Dec 3 10:34:24 2015 UTC (8 years, 6 months ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.92: +2 -3 lines
Diff to previous 1.92 (colored)
rm unused kernel only IPV6_RECVRTHDRDSTOPTS sockopt. ok deraadt sthen
Revision 1.92 / (download) - annotate - [select for diffs], Wed Dec 2 22:13:44 2015 UTC (8 years, 6 months ago) by vgross
Branch: MAIN
Changes since 1.91: +2 -2 lines
Diff to previous 1.91 (colored)
Move port picking away from in_pcbbind() ok sthen@
Revision 1.91 / (download) - annotate - [select for diffs], Sat Oct 24 16:08:48 2015 UTC (8 years, 7 months ago) by mpi
Branch: MAIN
Changes since 1.90: +2 -2 lines
Diff to previous 1.90 (colored)
Ignore Router Advertisment's current hop limit. Appart from the usual inet6 axe murdering exercise to keep you fit, this allows us to get rid of a lot of layer violation due to the use of per- ifp variables to store the current hop limit. Imputs from bluhm@, ok phessler@, florian@, bluhm@
Revision 1.90 / (download) - annotate - [select for diffs], Tue Sep 22 09:34:39 2015 UTC (8 years, 8 months ago) by vgross
Branch: MAIN
Changes since 1.89: +1 -2 lines
Diff to previous 1.89 (colored)
Remove inpt_lastport from struct inpcbtable, use local variables in in_pcbbind() and in6_pcbsetport() ok claudio@, with input from David Hill
Revision 1.89 / (download) - annotate - [select for diffs], Thu Apr 16 19:24:13 2015 UTC (9 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.88: +1 -9 lines
Diff to previous 1.88 (colored)
remove unfinished/unused support for socket-attached ipsec-policies ok mikeb
Revision 1.88 / (download) - annotate - [select for diffs], Tue Apr 14 12:22:15 2015 UTC (9 years, 1 month ago) by mikeb
Branch: MAIN
Changes since 1.87: +1 -3 lines
Diff to previous 1.87 (colored)
Remove support for storing credentials and auth information in the kernel. This code is largely unfinished and is not used for anything. The change leaves identities as only objects referenced by ipsec_ref structure and their handling requires some changes to support more advanced matching of IPsec connections. No objections from reyk and hshoexer, with and OK markus.
Revision 1.87 / (download) - annotate - [select for diffs], Sat Nov 15 10:55:47 2014 UTC (9 years, 6 months ago) by dlg
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.86: +7 -2 lines
Diff to previous 1.86 (colored)
use siphash in the in_pcb hashing. this mitigates it against flooding attacks. this is a textbook use of siphash. the idea of using siphash for this came from yasuoka-san, but i had the time to do it. he also tested and tweaked this diff. ok yasuoka@ mikeb@
Revision 1.86 / (download) - annotate - [select for diffs], Sat Jul 12 21:06:34 2014 UTC (9 years, 11 months ago) by yasuoka
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.85: +2 -1 lines
Diff to previous 1.85 (colored)
Resize the pcb hashtable automatically. The table size will be doubled when the number of the hash entries reaches 75% of the table size. ok dlg henning, 'commit in' claudio
Revision 1.85 / (download) - annotate - [select for diffs], Fri Apr 18 10:48:29 2014 UTC (10 years, 1 month ago) by jca
Branch: MAIN
Changes since 1.84: +3 -4 lines
Diff to previous 1.84 (colored)
Invert the signature logic of in{,6}_selectsrc, make them return the
error code and pass the resulting source address back to the caller
through a pointer, as suggested by chrisz. This gives us more readable
code, and eases the deletion of useless checks in the callers' error path.
Add a bunch of "0 -> NULL" conversions, while here.
ok chrisz@ mpi@
Revision 1.84 / (download) - annotate - [select for diffs], Wed Apr 16 13:04:38 2014 UTC (10 years, 1 month ago) by mpi
Branch: MAIN
Changes since 1.83: +4 -5 lines
Diff to previous 1.83 (colored)
Merge in_fixaddr() into in_selectsrc() in order to prepare for IP_SENDSRCADDR support. This reduces the differences with the IPv6 version and kill some comments that are no longer true. ok jca@, chrisz@, mikeb@
Revision 1.83 / (download) - annotate - [select for diffs], Sun Apr 6 17:13:23 2014 UTC (10 years, 2 months ago) by chrisz
Branch: MAIN
Changes since 1.82: +3 -1 lines
Diff to previous 1.82 (colored)
factor out source and destination address mangling from in_pcbconnect() for later reuse in udp_output(). "Apart from that OK" claudio@
Revision 1.82 / (download) - annotate - [select for diffs], Fri Dec 20 02:04:08 2013 UTC (10 years, 5 months ago) by krw
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.81: +3 -3 lines
Diff to previous 1.81 (colored)
Switch inpt_queue from CIRCLEQ to TAILQ. Thus ending use of CIRCLEQ in the base. Ports fixes to follow shortly for the two ports (gkrellm and net-snmp) affected. ok zhuk@ millert@
Revision 1.81 / (download) - annotate - [select for diffs], Wed Oct 23 19:57:50 2013 UTC (10 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.80: +4 -9 lines
Diff to previous 1.80 (colored)
Back when some NRL code was merged into KAME to create the *BSD IPV6 stack (factoid: by a bunch of people in my living room), some compatibility #define's were created to shim incompatible inpcb access methods. There was an understanding they would eventually be removed. Since they are error prone, and 1999 is a long time ago, now they die. ok mikeb claudio mpi
Revision 1.80 / (download) - annotate - [select for diffs], Sun Oct 20 11:03:00 2013 UTC (10 years, 7 months ago) by phessler
Branch: MAIN
Changes since 1.79: +5 -4 lines
Diff to previous 1.79 (colored)
Put a large chunk of the IPv6 rdomain support in-tree. Still some important missing pieces, and this is not yet enabled. OK bluhm@
Revision 1.79 / (download) - annotate - [select for diffs], Fri May 31 13:15:53 2013 UTC (11 years ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.78: +5 -5 lines
Diff to previous 1.78 (colored)
The function rip6_ctlinput() claims that sa6_src is constant to allow the assingment of &sa6_any. But rip6_ctlinput() could not guarantee that as it casted away the const attribute when it passes the pointer to in6_pcbnotify(). Replace sockaddr with const sockaddr_in6 in the in6_pcbnotify() parameters. This reduces the number of casts. Also adjust in6_pcbhashlookup() to handle the const attribute correctly. Input and OK claudio@
Revision 1.78 / (download) - annotate - [select for diffs], Fri May 17 09:04:30 2013 UTC (11 years ago) by mpi
Branch: MAIN
Changes since 1.77: +3 -1 lines
Diff to previous 1.77 (colored)
Move an extern declaration into its corresponding header file.
Revision 1.77 / (download) - annotate - [select for diffs], Fri Mar 29 13:16:14 2013 UTC (11 years, 2 months ago) by bluhm
Branch: MAIN
Changes since 1.76: +4 -2 lines
Diff to previous 1.76 (colored)
Declare struct pf_state_key in the mbuf and in_pcb header files to avoid ugly casts. OK krw@ tedu@
Revision 1.76 / (download) - annotate - [select for diffs], Thu Mar 14 11:18:37 2013 UTC (11 years, 3 months ago) by mpi
Branch: MAIN
Changes since 1.75: +1 -2 lines
Diff to previous 1.75 (colored)
tedu faith(4), suggested by todd@ some weeks ago after a submission by dhill. ok krw@, mikeb@, tedu@ (implicit)
Revision 1.75 / (download) - annotate - [select for diffs], Wed Jan 16 00:07:22 2013 UTC (11 years, 4 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.74: +6 -6 lines
Diff to previous 1.74 (colored)
Pass struct inpcb pointer to in_pcb...() functions instead of void pointer. Allows stricter type checking. No functional change. OK claudio@
Revision 1.74 / (download) - annotate - [select for diffs], Sun Oct 21 13:06:03 2012 UTC (11 years, 7 months ago) by benno
Branch: MAIN
Changes since 1.73: +2 -1 lines
Diff to previous 1.73 (colored)
Add the IP_DIVERTFL socket option on divert(4) sockets to control which packets (as in direction) of the traffic will be diverted through the divert socket. ok claudio@, henning@
Revision 1.73 / (download) - annotate - [select for diffs], Mon Sep 17 20:01:26 2012 UTC (11 years, 8 months ago) by yasuoka
Branch: MAIN
Changes since 1.72: +3 -2 lines
Diff to previous 1.72 (colored)
add IPV6_RECVDSTPORT socket option, which enables us to get original (= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT. from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
Revision 1.72 / (download) - annotate - [select for diffs], Mon Jul 16 18:05:36 2012 UTC (11 years, 10 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.71: +2 -1 lines
Diff to previous 1.71 (colored)
add IP_IPSECFLOWINFO option to sendmsg() and recvmsg(), so npppd(4) can use this to select the IPsec tunnel for sending L2TP packets. this fixes Windows (always binding to 1701) and Android clients (negotiating wildcard flows); feedback mpf@ and yasuoka@; ok henning@ and yasuoka@; ok jmc@ for the manpage
Revision 1.71 / (download) - annotate - [select for diffs], Wed Jun 15 09:11:01 2011 UTC (12 years, 11 months ago) by mikeb
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.70: +4 -2 lines
Diff to previous 1.70 (colored)
Add IP_RECVRTABLE socket option to be used with a IPPROTO_IP level that allows one to retrieve the original routing domain of UDP datagrams diverted by the pf via "divert-to" with a recvmsg(2). ok claudio
Revision 1.70 / (download) - annotate - [select for diffs], Thu Sep 23 04:45:15 2010 UTC (13 years, 8 months ago) by yasuoka
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.69: +2 -1 lines
Diff to previous 1.69 (colored)
add a new IP level socket option IP_PIPEX. This option is used for L2TP support by pipex. OK henning@, "Carry on" blambert@
Revision 1.69 / (download) - annotate - [select for diffs], Sat Jul 3 04:44:51 2010 UTC (13 years, 11 months ago) by guenther
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.68: +2 -2 lines
Diff to previous 1.68 (colored)
Fix the naming of interfaces and variables for rdomains and rtables and make it possible to bind sockets (including listening sockets!) to rtables and not just rdomains. This changes the name of the system calls, socket option, and ioctl. After building with this you should remove the files /usr/share/man/cat2/[gs]etrdomain.0. Since this removes the existing [gs]etrdomain() system calls, the libc major is bumped. Written by claudio@, criticized^Wcritiqued by me
Revision 1.68 / (download) - annotate - [select for diffs], Fri Nov 13 20:54:05 2009 UTC (14 years, 7 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.67: +2 -2 lines
Diff to previous 1.67 (colored)
Extend the protosw pr_ctlinput function to include the rdomain. This is needed so that the route and inp lookups done in TCP and UDP know where to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain argument as well for similar reasons. With this tcp seems to be now fully rdomain save and no longer leaks single packets into the main domain. Looks good markus@, henning@
Revision 1.67 / (download) - annotate - [select for diffs], Fri Jun 5 00:05:22 2009 UTC (15 years ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6
Changes since 1.66: +6 -5 lines
Diff to previous 1.66 (colored)
Initial support for routing domains. This allows to bind interfaces to alternate routing table and separate them from other interfaces in distinct routing tables. The same network can now be used in any doamin at the same time without causing conflicts. This diff is mostly mechanical and adds the necessary rdomain checks accross net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6. input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@
Revision 1.66 / (download) - annotate - [select for diffs], Thu Jul 10 02:19:28 2008 UTC (15 years, 11 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.65: +5 -2 lines
Diff to previous 1.65 (colored)
add X11 ports to default TCP baddynamic list
Revision 1.65 / (download) - annotate - [select for diffs], Wed Jul 9 20:20:46 2008 UTC (15 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.64: +7 -7 lines
Diff to previous 1.64 (colored)
expand the net.inet.(tcp|udp).baddynamic dynamic source port skipping bitmasks to cover the entire 65536 port space - previously they covered 512-1024 only. sysctl needs to be updated to cope with this change; please "make includes" before rebuilding it. feedback millert@ ok millert@ deraadt@ markus@
Revision 1.64 / (download) - annotate - [select for diffs], Thu Jul 3 15:46:24 2008 UTC (15 years, 11 months ago) by henning
Branch: MAIN
Changes since 1.63: +2 -1 lines
Diff to previous 1.63 (colored)
link pf state keys to tcp pcbs and vice versa. when we first do a pcb lookup and we have a pointer to a pf state key in the mbuf header, store the state key pointer in the pcb and a pointer to the pcb we just found in the state key. when either the state key or the pcb is removed, clear the pointers. on subsequent packets inbound we can skip the pcb lookup and just use the pointer from the state key. on subsequent packets outbound we can skip the state key lookup and use the pointer from the pcb. about 8% speedup with 100 concurrent tcp sessions, should help much more with more tcp sessions. ok markus ryan
Revision 1.63 / (download) - annotate - [select for diffs], Fri May 23 15:51:12 2008 UTC (16 years ago) by thib
Branch: MAIN
Changes since 1.62: +3 -3 lines
Diff to previous 1.62 (colored)
Deal with the situation when TCP nfs mounts timeout and processes
get hung in nfs_reconnect() because they do not have the proper
privilages to bind to a socket, by adding a struct proc * argument
to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind)
and do the sobind() with proc0 in nfs_connect.
OK markus@, blambert@.
"go ahead" deraadt@.
Fixes an issue reported by bernd@ (Tested by bernd@).
Fixes PR5135 too.
Revision 1.62 / (download) - annotate - [select for diffs], Thu May 15 19:40:38 2008 UTC (16 years ago) by markus
Branch: MAIN
Changes since 1.61: +2 -2 lines
Diff to previous 1.61 (colored)
divert for ipv6; ok henning, pyr
Revision 1.61 / (download) - annotate - [select for diffs], Fri May 9 02:56:36 2008 UTC (16 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.60: +3 -2 lines
Diff to previous 1.60 (colored)
IP_RECVDSTPORT, allows you to get the destination port of UDP datagrams for pf(4) diverted packets; based on patch by Scot Loach; ok beck@
Revision 1.60 / (download) - annotate - [select for diffs], Fri May 9 02:44:54 2008 UTC (16 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.59: +3 -2 lines
Diff to previous 1.59 (colored)
divert packets to local socket without modifying the ip header; makes transparent proxies much easier; ok beck@, feedback claudio@
Revision 1.59 / (download) - annotate - [select for diffs], Thu Feb 22 20:23:07 2007 UTC (17 years, 3 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3,
OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.58: +3 -3 lines
Diff to previous 1.58 (colored)
Remove TCP ports 760 and 761 from DEFBADDYNAMICPORTS_TCP; they are not used with Heimdal. Add UDP port 749 to DEFBADDYNAMICPORTS_UDP for consistency with DEFBADDYNAMICPORTS_TCP. We retain some Kerberos 4 ports for people running Heimdal in Kerberos 4 compat mode. OK deraadt@ beck@
Revision 1.58 / (download) - annotate - [select for diffs], Sat Dec 9 01:12:28 2006 UTC (17 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.57: +7 -5 lines
Diff to previous 1.57 (colored)
switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542). the kernel still handles RFC2292 set/getsockopts, so that compiled binary has no trouble running. userland sees RFC3542 symbols only on header file so new code has to use RFC3542 API. bump libc shlib minor for function additions. tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
Revision 1.57 / (download) - annotate - [select for diffs], Wed Oct 11 09:34:51 2006 UTC (17 years, 8 months ago) by henning
Branch: MAIN
Changes since 1.56: +1 -0 lines
Diff to previous 1.56 (colored)
implement IP_MINTTL socket option fo tcp sockets This is for RFC3682 aka the TTL security hack - sender sets TTL to 255, receiver checks no router on the way (or, no more than expected) reduced the TTL. carp uses that technique already. modeled after FreeBSD implementation. ok claudio djm deraadt
Revision 1.56 / (download) - annotate - [select for diffs], Wed Oct 11 09:29:20 2006 UTC (17 years, 8 months ago) by henning
Branch: MAIN
Changes since 1.55: +3 -2 lines
Diff to previous 1.55 (colored)
implement IP_RECVTTL socket option. when set on raw or udp sockets, userland receives the incoming packet's TTL as ancillary data (cmsg shitz). modeled after the FreeBSD implementation. ok claudio djm deraadt
Revision 1.55 / (download) - annotate - [select for diffs], Tue Sep 26 21:10:53 2006 UTC (17 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.54: +2 -2 lines
Diff to previous 1.54 (colored)
udp port 664 is sometimes also stolen on the wire by ipmi/asf balony. Did these vendors really really really not think? Absolute morons.
Revision 1.54 / (download) - annotate - [select for diffs], Tue May 30 19:26:57 2006 UTC (18 years ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.53: +2 -2 lines
Diff to previous 1.53 (colored)
Put ASF/IPMI port 623 into the bad dynamic udp table, because otherwise we will randomly choose that stupid port, which NIC's are sometimes programmed to eat invisibly; sthen@bootes.spacehopper.org, pr5139
Revision 1.53 / (download) - annotate - [select for diffs], Mon May 29 20:42:27 2006 UTC (18 years ago) by claudio
Branch: MAIN
Changes since 1.52: +5 -4 lines
Diff to previous 1.52 (colored)
Make savecontrol functions more generic and use them now for raw IP too. Additionally add the IP_RECVIF option which returns the interface a packet was received on. OK markus@ norby@
Revision 1.52 / (download) - annotate - [select for diffs], Sat Dec 10 01:30:14 2005 UTC (18 years, 6 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_9
Changes since 1.51: +2 -2 lines
Diff to previous 1.51 (colored)
in ansi c, bitfields must be done against int, unsigned int, or _Bool. so we must start to use u_int; ok cloder
Revision 1.51 / (download) - annotate - [select for diffs], Tue Aug 10 20:12:15 2004 UTC (19 years, 10 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE,
OPENBSD_3_8,
OPENBSD_3_7_BASE,
OPENBSD_3_7,
OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.50: +1 -3 lines
Diff to previous 1.50 (colored)
remove in_pcbnotify, it is no longer used.
Revision 1.22.2.8 / (download) - annotate - [select for diffs], Sun Jun 13 08:50:18 2004 UTC (20 years ago) by niklas
Branch: SMP
Changes since 1.22.2.7: +4 -1 lines
Diff to previous 1.22.2.7 (colored) to branchpoint 1.22 (colored) next main 1.23 (colored)
sync to HEAD
Revision 1.50 / (download) - annotate - [select for diffs], Sat Jun 12 04:36:13 2004 UTC (20 years ago) by itojun
Branch: MAIN
CVS Tags: SMP_SYNC_A
Changes since 1.49: +5 -2 lines
Diff to previous 1.49 (colored)
support IPV6_USE_MIN_MTU (forgot to commit the file, sorry). noted by Anil
Revision 1.22.2.7 / (download) - annotate - [select for diffs], Thu Feb 19 10:57:23 2004 UTC (20 years, 3 months ago) by niklas
Branch: SMP
Changes since 1.22.2.6: +10 -4 lines
Diff to previous 1.22.2.6 (colored) to branchpoint 1.22 (colored)
Merge of current from two weeks agointo the SMP branch
Revision 1.49 / (download) - annotate - [select for diffs], Sun Dec 21 15:12:27 2003 UTC (20 years, 5 months ago) by markus
Branch: MAIN
CVS Tags: SMP_SYNC_B,
OPENBSD_3_5_BASE,
OPENBSD_3_5
Changes since 1.48: +2 -2 lines
Diff to previous 1.48 (colored)
change in*_pcbnotify to return numbers of matches; ok itojun, mcbride, henning
Revision 1.48 / (download) - annotate - [select for diffs], Mon Dec 8 07:07:36 2003 UTC (20 years, 6 months ago) by mcbride
Branch: MAIN
Changes since 1.47: +3 -3 lines
Diff to previous 1.47 (colored)
Mbuf tag tcp and udp packets which are translated to localhost, and
use the the presence of this tag to reverse the match order in
in{6}_pcblookup_listen(). Some daemons (such as portmap) do a double
bind, binding to both * and localhost in order to differentiate local
from non-local connections, and potentially granting more privilege to
local ones. This change ensures that redirected connections to localhost
do not appear local to such a daemon.
Bulk of changes from dhartmei@, some changes markus@
ok dhartmei@ deraadt@
Revision 1.47 / (download) - annotate - [select for diffs], Tue Nov 4 21:43:16 2003 UTC (20 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.46: +6 -1 lines
Diff to previous 1.46 (colored)
add in(6)_pcblookup_listen() and replace all calls to in_pcblookup() with either in(6)_pcbhashlookup() or in(6)_pcblookup_listen(); in_pcblookup is now only used by bind(2); speeds up pcb lookup for listening sockets; from Claudio Jeker
Revision 1.46 / (download) - annotate - [select for diffs], Sat Oct 25 12:15:24 2003 UTC (20 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.45: +4 -3 lines
Diff to previous 1.45 (colored)
additional hash for local port; improves speed of implicit bind from >1000K cpu cycles to 20-30K for 18000 sockets on i386; test+feedback by Claudio Jeker; ok itojun@; [make sure you rebuild netstat/systat, too]
Revision 1.22.2.6 / (download) - annotate - [select for diffs], Sat Jun 7 11:06:08 2003 UTC (21 years ago) by ho
Branch: SMP
Changes since 1.22.2.5: +2 -6 lines
Diff to previous 1.22.2.5 (colored) to branchpoint 1.22 (colored)
Sync SMP branch to -current
Revision 1.45 / (download) - annotate - [select for diffs], Mon Jun 2 23:28:14 2003 UTC (21 years ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE,
OPENBSD_3_4
Changes since 1.44: +2 -6 lines
Diff to previous 1.44 (colored)
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
Revision 1.22.2.5 / (download) - annotate - [select for diffs], Fri Mar 28 00:06:54 2003 UTC (21 years, 2 months ago) by niklas
Branch: SMP
Changes since 1.22.2.4: +7 -15 lines
Diff to previous 1.22.2.4 (colored) to branchpoint 1.22 (colored)
Sync the SMP branch with 3.3
Revision 1.38.4.2 / (download) - annotate - [select for diffs], Tue Oct 29 00:36:47 2002 UTC (21 years, 7 months ago) by art
Branch: UBC
Changes since 1.38.4.1: +5 -5 lines
Diff to previous 1.38.4.1 (colored) to branchpoint 1.38 (colored) next main 1.39 (colored)
sync to -current
Revision 1.44 / (download) - annotate - [select for diffs], Wed Sep 4 07:26:53 2002 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
CVS Tags: UBC_SYNC_B,
UBC_SYNC_A,
OPENBSD_3_3_BASE,
OPENBSD_3_3,
OPENBSD_3_2_BASE,
OPENBSD_3_2
Changes since 1.43: +2 -2 lines
Diff to previous 1.43 (colored)
pass struct proc * down to in6_pcbsetport
Revision 1.38.4.1 / (download) - annotate - [select for diffs], Tue Jun 11 03:31:36 2002 UTC (22 years ago) by art
Branch: UBC
Changes since 1.38: +36 -44 lines
Diff to previous 1.38 (colored)
Sync UBC branch to -current
Revision 1.43 / (download) - annotate - [select for diffs], Sun Jun 9 16:26:10 2002 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.42: +4 -4 lines
Diff to previous 1.42 (colored)
whitespace
Revision 1.42 / (download) - annotate - [select for diffs], Sat Jun 8 21:22:02 2002 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.41: +3 -8 lines
Diff to previous 1.41 (colored)
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
Revision 1.41 / (download) - annotate - [select for diffs], Fri May 31 02:39:25 2002 UTC (22 years ago) by angelos
Branch: MAIN
Changes since 1.40: +2 -5 lines
Diff to previous 1.40 (colored)
Keep an policy attached to each socket (that needs it), and cleanup as needed on socket tear-down.
Revision 1.22.2.4 / (download) - annotate - [select for diffs], Thu Mar 28 14:56:45 2002 UTC (22 years, 2 months ago) by niklas
Branch: SMP
Changes since 1.22.2.3: +36 -36 lines
Diff to previous 1.22.2.3 (colored) to branchpoint 1.22 (colored)
Merge in -current from roughly a week ago
Revision 1.40 / (download) - annotate - [select for diffs], Thu Mar 14 03:16:11 2002 UTC (22 years, 3 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE,
OPENBSD_3_1
Changes since 1.39: +7 -7 lines
Diff to previous 1.39 (colored)
Final __P removal plus some cosmetic fixups
Revision 1.39 / (download) - annotate - [select for diffs], Thu Mar 14 01:27:11 2002 UTC (22 years, 3 months ago) by millert
Branch: MAIN
Changes since 1.38: +30 -30 lines
Diff to previous 1.38 (colored)
First round of __P removal in sys
Revision 1.22.2.3 / (download) - annotate - [select for diffs], Wed Oct 31 03:29:03 2001 UTC (22 years, 7 months ago) by nate
Branch: SMP
Changes since 1.22.2.2: +3 -2 lines
Diff to previous 1.22.2.2 (colored) to branchpoint 1.22 (colored)
Sync the SMP branch to something just after 3.0
Revision 1.38 / (download) - annotate - [select for diffs], Thu Jul 5 08:31:47 2001 UTC (22 years, 11 months ago) by jjbg
Branch: MAIN
CVS Tags: UBC_BASE,
OPENBSD_3_0_BASE,
OPENBSD_3_0
Branch point for: UBC
Changes since 1.37: +3 -2 lines
Diff to previous 1.37 (colored)
IPComp itself (include files). angelos@ ok.
Revision 1.22.2.2 / (download) - annotate - [select for diffs], Wed Jul 4 10:54:34 2001 UTC (22 years, 11 months ago) by niklas
Branch: SMP
Changes since 1.22.2.1: +12 -2 lines
Diff to previous 1.22.2.1 (colored) to branchpoint 1.22 (colored)
Merge in -current from two days ago in the SMP branch. As usual with merges, they do not indicate progress, so do not hold your breath for working SMP, and do not mail me and ask about the state of it. It has not changed. There is work ongoing, but very, very slowly. The commit is done in parts as to not lock up the tree in too big chunks at a time.
Revision 1.37 / (download) - annotate - [select for diffs], Tue Jun 12 10:59:53 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.36: +3 -2 lines
Diff to previous 1.36 (colored)
IPsec-related socket options; these can be set/removed/retrieved, but are not taken into consideration in anything just yet.
Revision 1.36 / (download) - annotate - [select for diffs], Sat Jun 9 07:03:40 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.35: +6 -2 lines
Diff to previous 1.35 (colored)
Inclusion protection.
Revision 1.35 / (download) - annotate - [select for diffs], Sun May 27 03:53:09 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.34: +2 -1 lines
Diff to previous 1.34 (colored)
Keep local authentication material on the PCB.
Revision 1.34 / (download) - annotate - [select for diffs], Mon May 21 03:02:18 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.33: +5 -1 lines
Diff to previous 1.33 (colored)
Use a reference-counted structure for IPsec IDs and credentials, so we can cheaply keep copies of them at the PCB. ok deraadt@
Revision 1.22.2.1 / (download) - annotate - [select for diffs], Mon May 14 22:40:08 2001 UTC (23 years, 1 month ago) by niklas
Branch: SMP
Changes since 1.22: +15 -14 lines
Diff to previous 1.22 (colored)
merge in approximately 2.9 into SMP branch
Revision 1.33 / (download) - annotate - [select for diffs], Wed Mar 28 20:03:02 2001 UTC (23 years, 2 months ago) by angelos
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE,
OPENBSD_2_9
Changes since 1.32: +4 -4 lines
Diff to previous 1.32 (colored)
Allow tdbi's to appear in mbufs throughout the stack; this allows security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs.
Revision 1.32 / (download) - annotate - [select for diffs], Fri Feb 16 16:00:53 2001 UTC (23 years, 3 months ago) by itojun
Branch: MAIN
Changes since 1.31: +2 -2 lines
Diff to previous 1.31 (colored)
pull in new pcb notification code from kame. better handling of scope address.
Revision 1.31 / (download) - annotate - [select for diffs], Fri Feb 16 14:45:11 2001 UTC (23 years, 3 months ago) by itojun
Branch: MAIN
Changes since 1.30: +1 -5 lines
Diff to previous 1.30 (colored)
amove in6_{embed,recover}scope prototypes to in6_var.h (kernel only).
add in6_clearscope. sync better with kame
Revision 1.30 / (download) - annotate - [select for diffs], Thu Feb 8 18:46:22 2001 UTC (23 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.29: +7 -3 lines
Diff to previous 1.29 (colored)
witch raw ip6 socket code from NRL to kame. makes upgrades/code sharing much easier.
Revision 1.29 / (download) - annotate - [select for diffs], Wed Oct 11 09:14:11 2000 UTC (23 years, 8 months ago) by itojun
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE,
OPENBSD_2_8
Changes since 1.28: +1 -7 lines
Diff to previous 1.28 (colored)
nuke inp_flags bits for controlling IPv4 mapped address. we don't support IPv4 mapped address, and there are inconsistent bit manipulation code so it's safer to nuke them.
Revision 1.28 / (download) - annotate - [select for diffs], Tue Oct 10 15:16:02 2000 UTC (23 years, 8 months ago) by provos
Branch: MAIN
Changes since 1.27: +1 -2 lines
Diff to previous 1.27 (colored)
verify payload of the icmp need fragment message at the tcp layer. okay itojun@
Revision 1.27 / (download) - annotate - [select for diffs], Mon Oct 9 14:39:46 2000 UTC (23 years, 8 months ago) by provos
Branch: MAIN
Changes since 1.26: +2 -1 lines
Diff to previous 1.26 (colored)
check if we have a tcb connected to the destination quoted in the icmp need fragment message when doing path mtu discovery. okay angelos@
Revision 1.26 / (download) - annotate - [select for diffs], Mon Sep 18 22:06:37 2000 UTC (23 years, 8 months ago) by provos
Branch: MAIN
Changes since 1.25: +3 -1 lines
Diff to previous 1.25 (colored)
Path MTU discovery based on NetBSD but with the decision to use the DF flag delayed to ip_output(). That halves the code and reduces most of the route lookups. okay deraadt@
Revision 1.25 / (download) - annotate - [select for diffs], Sun Jun 18 17:32:48 2000 UTC (23 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.24: +2 -1 lines
Diff to previous 1.24 (colored)
sync with KAME udp6_output(). udp output logic is very different between IPv4/v6 so the separation should make more sense. TODO: remove IPv6 case from udp_output() TODO: remove/comment out/#if 0 IPv4 mapped address cases
Revision 1.24 / (download) - annotate - [select for diffs], Tue Jun 13 10:12:00 2000 UTC (24 years ago) by itojun
Branch: MAIN
Changes since 1.23: +5 -1 lines
Diff to previous 1.23 (colored)
allow link-local IPv6 addres in in6_pcbbind.
Revision 1.23 / (download) - annotate - [select for diffs], Thu Apr 27 15:41:06 2000 UTC (24 years, 1 month ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE,
OPENBSD_2_7
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)
add TCP port 587 to default list of reserved ports not to allocate dynamically in order to reserve it for sendmail.
Revision 1.22 / (download) - annotate - [select for diffs], Mon Feb 7 06:09:09 2000 UTC (24 years, 4 months ago) by itojun
Branch: MAIN
CVS Tags: SMP_BASE
Branch point for: SMP
Changes since 1.21: +3 -3 lines
Diff to previous 1.21 (colored)
fix include file path related to ip6.
Revision 1.21 / (download) - annotate - [select for diffs], Tue Jan 11 01:13:49 2000 UTC (24 years, 5 months ago) by angelos
Branch: MAIN
Changes since 1.20: +1 -9 lines
Diff to previous 1.20 (colored)
Remove ifdef'ed out definitions.
Revision 1.20 / (download) - annotate - [select for diffs], Mon Dec 27 06:40:38 1999 UTC (24 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.19: +24 -16 lines
Diff to previous 1.19 (colored)
synchronize inp_flags definition across kame/*bsd. this would ease us implement future COMPAT_*BSD. (sync with kame tree)
Revision 1.19 / (download) - annotate - [select for diffs], Sun Dec 12 12:10:43 1999 UTC (24 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.18: +14 -14 lines
Diff to previous 1.18 (colored)
make it easier to synchronize INP_xx flags and IN6P_xx flags.
Revision 1.18 / (download) - annotate - [select for diffs], Wed Dec 8 06:50:19 1999 UTC (24 years, 6 months ago) by itojun
Branch: MAIN
CVS Tags: kame_19991208
Changes since 1.17: +78 -8 lines
Diff to previous 1.17 (colored)
bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).
Revision 1.17 / (download) - annotate - [select for diffs], Sat Mar 27 21:04:19 1999 UTC (25 years, 2 months ago) by provos
Branch: MAIN
CVS Tags: OPENBSD_2_6_BASE,
OPENBSD_2_6,
OPENBSD_2_5_BASE,
OPENBSD_2_5
Changes since 1.16: +4 -1 lines
Diff to previous 1.16 (colored)
add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company.
Revision 1.16 / (download) - annotate - [select for diffs], Wed Mar 24 02:33:02 1999 UTC (25 years, 2 months ago) by cmetz
Branch: MAIN
Changes since 1.15: +1 -2 lines
Diff to previous 1.15 (colored)
Removed inclusion of netinet6/in6.h. This was an artifact of when the core IPv6 symbols were there rather than in netinet/in.h, and now not only is unnecessary but also could create problems (see PR library/781).
Revision 1.15 / (download) - annotate - [select for diffs], Mon Jan 11 02:01:34 1999 UTC (25 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.14: +5 -1 lines
Diff to previous 1.14 (colored)
netinet merge of NRL stuff. some indent and shrinkage needed; NRL/cmetz
Revision 1.14 / (download) - annotate - [select for diffs], Fri Jan 8 07:47:54 1999 UTC (25 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.13: +12 -2 lines
Diff to previous 1.13 (colored)
more IPV6 merge; cmetz
Revision 1.13 / (download) - annotate - [select for diffs], Thu Jan 7 21:50:52 1999 UTC (25 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.12: +66 -12 lines
Diff to previous 1.12 (colored)
INET6 support
Revision 1.12 / (download) - annotate - [select for diffs], Thu Jan 7 06:05:04 1999 UTC (25 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.11: +3 -3 lines
Diff to previous 1.11 (colored)
in_pcblookup() now takes ptr to both ip address arguments
Revision 1.11 / (download) - annotate - [select for diffs], Thu Jan 7 05:44:32 1999 UTC (25 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.10: +2 -1 lines
Diff to previous 1.10 (colored)
rename baddynamic() to in_baddynamic(), and export it
Revision 1.10 / (download) - annotate - [select for diffs], Mon May 18 21:10:28 1998 UTC (26 years ago) by provos
Branch: MAIN
CVS Tags: OPENBSD_2_4_BASE,
OPENBSD_2_4
Changes since 1.9: +7 -2 lines
Diff to previous 1.9 (colored)
first step to the setsockopt/getsockopt interface as described in draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy.
Revision 1.9 / (download) - annotate - [select for diffs], Tue Aug 26 20:02:30 1997 UTC (26 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_2_3_BASE,
OPENBSD_2_3,
OPENBSD_2_2_BASE,
OPENBSD_2_2
Changes since 1.8: +2 -2 lines
Diff to previous 1.8 (colored)
indent
Revision 1.8 / (download) - annotate - [select for diffs], Tue Aug 19 06:29:50 1997 UTC (26 years, 9 months ago) by millert
Branch: MAIN
Changes since 1.7: +2 -1 lines
Diff to previous 1.7 (colored)
Add DP_CLR() macro
Revision 1.7 / (download) - annotate - [select for diffs], Tue Aug 19 04:54:52 1997 UTC (26 years, 9 months ago) by millert
Branch: MAIN
Changes since 1.6: +1 -5 lines
Diff to previous 1.6 (colored)
Theo doesn't like extra kernel options, so don't allow DEFBADDYNAMICPORTS_TCP and DEFBADDYNAMICPORTS_UDP to be overridden from the kernel. It's not really too useful since there is a nice sysctl interface for this stuff.
Revision 1.6 / (download) - annotate - [select for diffs], Sat Aug 16 16:49:42 1997 UTC (26 years, 10 months ago) by millert
Branch: MAIN
Changes since 1.5: +5 -1 lines
Diff to previous 1.5 (colored)
Allow DEFBADDYNAMICPORTS_TCP and DEFBADDYNAMICPORTS_UDP to be overridden via kernel config file.
Revision 1.5 / (download) - annotate - [select for diffs], Sat Aug 9 23:36:25 1997 UTC (26 years, 10 months ago) by millert
Branch: MAIN
Changes since 1.4: +16 -1 lines
Diff to previous 1.4 (colored)
The list of tcp/udp ports not to allocate dynamically is now a bitmask configurable via sysctl([38]). The default values have not changed. If one wants to change the list it should be done early on in /etc/rc.
Revision 1.4 / (download) - annotate - [select for diffs], Fri Feb 28 04:03:48 1997 UTC (27 years, 3 months ago) by angelos
Branch: MAIN
CVS Tags: OPENBSD_2_1_BASE,
OPENBSD_2_1
Changes since 1.3: +4 -0 lines
Diff to previous 1.3 (colored)
Moved IPsec socket state to the PCB.
Revision 1.3 / (download) - annotate - [select for diffs], Mon Jul 29 02:34:30 1996 UTC (27 years, 10 months ago) by downsj
Branch: MAIN
CVS Tags: OPENBSD_2_0_BASE,
OPENBSD_2_0
Changes since 1.2: +3 -1 lines
Diff to previous 1.2 (colored)
From FreeBSD (with slightly different sysctl names): "... Allow the user to nominate one of three ranges of port numbers as candidates for selecting a local address to replace a zero port number. The ranges are selected via a setsockopt(s, IPPROTO_IP, IP_PORTRANGE, &arg) call. The three ranges are: default, high (to bypass firewalls) and low (to get a port below 1024). The default and high port ranges are sysctl settable under sysctl net.inet.ip.portrange.* [net.inet.ip.portfirst, net.inet.ip.portlast, net.inet.ip.porthifirst, and net.inet.ip.porthilast currently in OpenBSD.] This code also fixes a potential deadlock if the system accidently ran out of local port addresses. It'd drop into an infinite while loop. The secure port selection (for root) should reduce overheads and increase reliability of rlogin/rlogind/rsh/rshd if they are modified to take advantage of it."
Revision 1.2 / (download) - annotate - [select for diffs], Sun Mar 3 22:30:32 1996 UTC (28 years, 3 months ago) by niklas
Branch: MAIN
Changes since 1.1: +19 -11 lines
Diff to previous 1.1 (colored)
From NetBSD: 960217 merge
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Wed Oct 18 08:53:11 1995 UTC (28 years, 8 months ago) by deraadt
CVS Tags: netbsd_1_1
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
initial import of NetBSD tree
Revision 1.1 / (download) - annotate - [select for diffs], Wed Oct 18 08:53:11 1995 UTC (28 years, 8 months ago) by deraadt
Branch: MAIN
Initial revision