|
Revision tags: release/7.1.0_cvs, release/7.1.0 |
|
| #
41fe50f5 |
| 20-Dec-2008 |
Sam Leffler <sam@FreeBSD.org> |
MFH @ 186335
|
| #
1b193af6 |
| 13-Dec-2008 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Second round of putting global variables, which were virtualized
but formerly missed under VIMAGE_GLOBAL.
Put the extern declarations of the virtualized globals
under VIMAGE_GLOBAL as the globals t
Second round of putting global variables, which were virtualized
but formerly missed under VIMAGE_GLOBAL.
Put the extern declarations of the virtualized globals
under VIMAGE_GLOBAL as the globals themsevles are already.
This will help by the time when we are going to remove the globals
entirely.
Sponsored by: The FreeBSD Foundation
show more ...
|
|
Revision tags: release/6.4.0_cvs, release/6.4.0, release/7.0.0_cvs, release/7.0.0, release/6.3.0_cvs, release/6.3.0 |
|
| #
08af97b7 |
| 20-Jul-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Attempt to improve feature parity between UDPv4 and UDPv6 by merging
UDPv4 features to UDPv6:
- Add MAC checks on delivery and MAC labeling on transmit.
- Check for (and reject) datagrams with desti
Attempt to improve feature parity between UDPv4 and UDPv6 by merging
UDPv4 features to UDPv6:
- Add MAC checks on delivery and MAC labeling on transmit.
- Check for (and reject) datagrams with destination port 0.
- For multicast delivery, check the source port only if the socket being
considered as a destination has been connected.
- Implement UDP blackholing based on net.inet.udp.blackhole.
- Add a new ICMPv6 unreachable reply rate limiting category for failed
delivery attempts and implement rate limiting for UDPv6 (submitted by
bz).
Approved by: re (kensmith)
Reviewed by: bz
show more ...
|
|
Revision tags: release/6.2.0_cvs, release/6.2.0, release/5.5.0_cvs, release/5.5.0, release/6.1.0_cvs, release/6.1.0, release/6.0.0_cvs, release/6.0.0, release/5.4.0_cvs, release/5.4.0, release/4.11.0_cvs, release/4.11.0 |
|
| #
c398230b |
| 07-Jan-2005 |
Warner Losh <imp@FreeBSD.org> |
/* -> /*- for license, minor formatting changes
|
|
Revision tags: release/5.3.0_cvs, release/5.3.0 |
|
| #
a4f757cd |
| 16-Aug-2004 |
Robert Watson <rwatson@FreeBSD.org> |
White space cleanup for netinet before branch:
- Trailing tab/space cleanup
- Remove spurious spaces between or before tabs
This change avoids touching files that Andre likely has in his working
se
White space cleanup for netinet before branch:
- Trailing tab/space cleanup
- Remove spurious spaces between or before tabs
This change avoids touching files that Andre likely has in his working
set for PFIL hooks changes for IPFW/DUMMYNET.
Approved by: re (scottl)
Submitted by: Xin LI <delphij@frontfree.net>
show more ...
|
|
Revision tags: release/4.10.0_cvs, release/4.10.0 |
|
| #
f36cfd49 |
| 07-Apr-2004 |
Warner Losh <imp@FreeBSD.org> |
Remove advertising clause from University of California Regent's
license, per letter dated July 22, 1999 and email from Peter Wemm,
Alan Cox and Robert Watson.
Approved by: core, peter, alc, rwatson
|
| #
cc5934f5 |
| 26-Feb-2004 |
Max Laier <mlaier@FreeBSD.org> |
Tweak existing header and other build infrastructure to be able to build
pf/pflog/pfsync as modules. Do not list them in NOTES or modules/Makefile
(i.e. do not connect it to any (automatic) builds -
Tweak existing header and other build infrastructure to be able to build
pf/pflog/pfsync as modules. Do not list them in NOTES or modules/Makefile
(i.e. do not connect it to any (automatic) builds - yet).
Approved by: bms(mentor)
show more ...
|
|
Revision tags: release/5.2.1_cvs, release/5.2.1, release/5.2.0_cvs, release/5.2.0, release/4.9.0_cvs, release/4.9.0, release/5.1.0_cvs, release/5.1.0, release/4.8.0_cvs, release/4.8.0, release/5.0.0_cvs, release/5.0.0, release/4.7.0_cvs, release/4.6.2_cvs, release/4.6.2, release/4.6.1, release/4.6.0_cvs |
|
| #
4d77a549 |
| 19-Mar-2002 |
Alfred Perlstein <alfred@FreeBSD.org> |
Remove __P.
|
|
Revision tags: release/4.5.0_cvs, release/4.4.0_cvs |
|
| #
effa274e |
| 14-Dec-2001 |
Jonathan Lemon <jlemon@FreeBSD.org> |
whitespace fixes.
|
| #
bd714208 |
| 30-Nov-2001 |
Ruslan Ermilov <ru@FreeBSD.org> |
- Make ip_rtaddr() global, and use it to look up the correct source
address in icmp_reflect().
- Two new "struct icmpstat" members: icps_badaddr and icps_noroute.
PR: kern/31575
Obtained from: BS
- Make ip_rtaddr() global, and use it to look up the correct source
address in icmp_reflect().
- Two new "struct icmpstat" members: icps_badaddr and icps_noroute.
PR: kern/31575
Obtained from: BSD/OS
MFC after: 1 week
show more ...
|
|
Revision tags: release/4.3.0_cvs, release/4.3.0 |
|
| #
a57815ef |
| 11-Feb-2001 |
Bosko Milekic <bmilekic@FreeBSD.org> |
Clean up RST ratelimiting. Previously, ratelimiting occured before tests
were performed to determine if the received packet should be reset. This
created erroneous ratelimiting and false alarms in so
Clean up RST ratelimiting. Previously, ratelimiting occured before tests
were performed to determine if the received packet should be reset. This
created erroneous ratelimiting and false alarms in some cases. The code
has now been reorganized so that the checks for validity come before
the call to badport_bandlim. Additionally, a few changes in the symbolic
names of the bandlim types have been made, as well as a clarification of
exactly which type each RST case falls under.
Submitted by: Mike Silbersack <silby@silby.com>
show more ...
|
| #
09f81a46 |
| 15-Dec-2000 |
Bosko Milekic <bmilekic@FreeBSD.org> |
Change the following:
1. ICMP ECHO and TSTAMP replies are now rate limited.
2. RSTs generated due to packets sent to open and unopen ports
are now limited by seperate counters.
3. Eac
Change the following:
1. ICMP ECHO and TSTAMP replies are now rate limited.
2. RSTs generated due to packets sent to open and unopen ports
are now limited by seperate counters.
3. Each rate limiting queue now has its own description, as
follows:
Limiting icmp unreach response from 439 to 200 packets per second
Limiting closed port RST response from 283 to 200 packets per second
Limiting open port RST response from 18724 to 200 packets per second
Limiting icmp ping response from 211 to 200 packets per second
Limiting icmp tstamp response from 394 to 200 packets per second
Submitted by: Mike Silbersack <silby@silby.com>
show more ...
|
|
Revision tags: release/4.2.0, release/4.1.1_cvs, release/4.1.0, release/3.5.0_cvs |
|
| #
4f14ee00 |
| 22-May-2000 |
Dan Moschuk <dan@FreeBSD.org> |
sysctl'ize ICMP_BANDLIM and ICMP_BANDLIM_SUPPRESS_OUTPUT.
Suggested by: des/nbm
|
|
Revision tags: release/4.0.0_cvs |
|
| #
664a31e4 |
| 29-Dec-1999 |
Peter Wemm <peter@FreeBSD.org> |
Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL"
is an application space macro and the applications are supposed to be free
to use it as they please (but cannot). This is cons
Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL"
is an application space macro and the applications are supposed to be free
to use it as they please (but cannot). This is consistant with the other
BSD's who made this change quite some time ago. More commits to come.
show more ...
|
|
Revision tags: release/3.4.0_cvs, release/3.3.0_cvs |
|
| #
c3aac50f |
| 28-Aug-1999 |
Peter Wemm <peter@FreeBSD.org> |
$Id$ -> $FreeBSD$
|
|
Revision tags: release/3.2.0 |
|
| #
ce02431f |
| 16-Feb-1999 |
Doug Rabson <dfr@FreeBSD.org> |
* Change sysctl from using linker_set to construct its tree using SLISTs.
This makes it possible to change the sysctl tree at runtime.
* Change KLD to find and register any sysctl nodes contained
* Change sysctl from using linker_set to construct its tree using SLISTs.
This makes it possible to change the sysctl tree at runtime.
* Change KLD to find and register any sysctl nodes contained in the loaded
file and to unregister them when the file is unloaded.
Reviewed by: Archie Cobbs <archie@whistle.com>,
Peter Wemm <peter@netplex.com.au> (well they looked at it anyway)
show more ...
|
|
Revision tags: release/3.1.0, release/3.0.0, release/2.2.8 |
|
| #
5fce7fc4 |
| 04-Dec-1998 |
Matthew Dillon <dillon@FreeBSD.org> |
Cleanup icmp_var.h, make icmp bandlim sysctl permanent but if ICMP_BANDLIM
option not defined the sysctl int value is set to -1 and read-only.
#ifdef KERNEL's added appropriately to wall off
Cleanup icmp_var.h, make icmp bandlim sysctl permanent but if ICMP_BANDLIM
option not defined the sysctl int value is set to -1 and read-only.
#ifdef KERNEL's added appropriately to wall off visibility of kernel
routines from user code.
show more ...
|
| #
a3e7459d |
| 04-Dec-1998 |
Matthew Dillon <dillon@FreeBSD.org> |
Obtained from: "Andrey A. Chernov" <ache@nagual.pp.ru>
Quick add #ifdef KERNEL for ICMP_BANDLIM option so userland program
can #include icmp_var.h
|
| #
51508de1 |
| 03-Dec-1998 |
Matthew Dillon <dillon@FreeBSD.org> |
Reviewed by: freebsd-current
Add ICMP_BANDLIM option and 'net.inet.icmp.icmplim' sysctl. If option
is specified in kernel config, icmplim defaults to 100 pps. Setting it
to 0 will disa
Reviewed by: freebsd-current
Add ICMP_BANDLIM option and 'net.inet.icmp.icmplim' sysctl. If option
is specified in kernel config, icmplim defaults to 100 pps. Setting it
to 0 will disable the feature. This feature limits ICMP error responses
for packets sent to bad tcp or udp ports, which does a lot to help the
machine handle network D.O.S. attacks.
The kernel will report packet rates that exceed the limit at a rate of
one kernel printf per second. There is one issue in regards to the
'tail end' of an attack... the kernel will not output the last report
until some unrelated and valid icmp error packet is return at some
point after the attack is over. This is a minor reporting issue only.
show more ...
|
|
Revision tags: release/2.2.7, release/2.2.6, release/2.2.5_cvs |
|
| #
bea0f0be |
| 07-Sep-1997 |
Bruce Evans <bde@FreeBSD.org> |
Some staticized variables were still declared to be extern.
|
| #
fe0fb8ab |
| 25-Aug-1997 |
Garrett Wollman <wollman@FreeBSD.org> |
ICMP Timestamp Request messages could have harbored the same sort of
problem as Echo Requests when broad/multicast. When multicast echo responses
are disabled, also do the same for timestamp respons
ICMP Timestamp Request messages could have harbored the same sort of
problem as Echo Requests when broad/multicast. When multicast echo responses
are disabled, also do the same for timestamp responses.
show more ...
|
| #
7022ea0a |
| 25-Aug-1997 |
Garrett Wollman <wollman@FreeBSD.org> |
Configurably don't reply to broadcast or multicast echos. There are still
potential problems with other automatic-reply ICMPs, but some of them may
depend on broadcast/multicast to operate. (This c
Configurably don't reply to broadcast or multicast echos. There are still
potential problems with other automatic-reply ICMPs, but some of them may
depend on broadcast/multicast to operate. (This code can simply be
moved to the `reflect' label to generalize it.)
show more ...
|
|
Revision tags: release/2.2.2_cvs, release/2.2.1_cvs, release/2.2.0, release/2.1.7_cvs |
|
| #
6875d254 |
| 22-Feb-1997 |
Peter Wemm <peter@FreeBSD.org> |
Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not
ready for it yet.
|
|
Revision tags: release/2.1.6_cvs, release/2.1.6.1 |
|
| #
1130b656 |
| 14-Jan-1997 |
Jordan K. Hubbard <jkh@FreeBSD.org> |
Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so
Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
show more ...
|
|
Revision tags: release/2.1.5_cvs, release/2.1.0_cvs, release/2.0.5_cvs |
|
| #
f2ea20e6 |
| 16-Feb-1995 |
Garrett Wollman <wollman@FreeBSD.org> |
Add lots of useful MIB variables and a few not-so-useful ones for
completeness.
|