1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-11-26 07:55:01 +00:00
freebsd/sys/netinet
Kristof Provost 8e1864ed07 pf: syncookie support
Import OpenBSD's syncookie support for pf. This feature help pf resist
TCP SYN floods by only creating states once the remote host completes
the TCP handshake rather than when the initial SYN packet is received.

This is accomplished by using the initial sequence numbers to encode a
cookie (hence the name) in the SYN+ACK response and verifying this on
receipt of the client ACK.

Reviewed by:	kbowling
Obtained from:	OpenBSD
MFC after:	1 week
Sponsored by:	Modirum MDPay
Differential Revision:	https://reviews.freebsd.org/D31138
2021-07-20 10:36:13 +02:00
..
cc tcp: fix two bugs in new reno 2021-06-11 15:40:34 +02:00
khelp
libalias libalias: fix divide by zero causing panic 2021-07-10 13:08:18 +02:00
netdump Use zfree() instead of explicit_bzero() and free(). 2020-06-25 20:17:34 +00:00
tcp_stacks tcp: fix RACK and BBR when using VIMAGE enabled kernel 2021-07-20 00:29:18 +02:00
accf_data.c Define a module version for accept filter modules. 2020-05-19 18:35:08 +00:00
accf_dns.c Define a module version for accept filter modules. 2020-05-19 18:35:08 +00:00
accf_http.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
dccp.h Add header definition for RFC4340, Datagram Congestion Control Protocol 2020-06-17 13:27:13 +00:00
icmp6.h icmp6: Count packets dropped due to an invalid hop limit 2020-10-19 17:07:19 +00:00
icmp_var.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
if_ether.c arp/nd: Cope with late calls to iflladdr_event 2021-02-23 13:54:07 +01:00
if_ether.h Retire arpresolve_addr(), which is not used anywhere, from if_ether.c. 2018-11-17 16:08:36 +00:00
igmp_var.h igmp: convert igmpstat to use PCPU counters 2020-11-08 18:49:23 +00:00
igmp.c igmp: Avoid an out-of-bounds access when zeroing counters 2021-05-05 17:12:51 -04:00
igmp.h
in_cksum.c
in_debug.c
in_fib_algo.c Fix IPv4 fib bsearch4() lookup array construction. 2021-01-17 20:32:26 +00:00
in_fib_dxr.c Introduce DXR as an IPv4 longest prefix matching / FIB module 2021-05-05 13:45:52 +02:00
in_fib.c Add modular fib lookup framework. 2020-12-25 11:33:17 +00:00
in_fib.h Refactor fib4/fib6 functions. 2020-11-29 13:41:49 +00:00
in_gif.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
in_jail.c
in_kdtrace.c Separate out SCTP related dtrace code. 2019-10-14 20:32:11 +00:00
in_kdtrace.h Separate out SCTP related dtrace code. 2019-10-14 20:32:11 +00:00
in_mcast.c Always use inp fib in the inp_lookup_mcast_ifp(). 2021-04-10 13:47:49 +00:00
in_pcb.c Add missing sockaddr length and family validation to various protocols 2021-05-03 13:35:19 -04:00
in_pcb.h tcp: HPTS performance enhancements 2021-07-07 07:22:35 -04:00
in_pcbgroup.c
in_prot.c
in_proto.c capsicum: Limit socket operations in capability mode 2021-04-07 14:32:56 -04:00
in_rmx.c Refactor rib iterator functions. 2020-11-22 20:21:10 +00:00
in_rss.c Implement flowid calculation for outbound connections to balance 2020-10-18 17:15:47 +00:00
in_rss.h Implement flowid calculation for outbound connections to balance 2020-10-18 17:15:47 +00:00
in_systm.h
in_var.h net: remove legacy in_addmulti() 2021-02-25 10:13:52 +01:00
in.c Re-enable network ioctls in capability mode 2021-04-23 09:22:49 -04:00
in.h Add IP(V6)_VLAN_PCP to set 802.1 priority per-flow. 2020-10-09 12:06:43 +00:00
ip6.h net: Introduce IPV6_DSCP(), IPV6_ECN() and IPV6_TRAFFIC_CLASS() macros 2021-03-04 20:56:48 +01:00
ip_carp.c Further refactor IPv4 interface route creation. 2021-01-21 21:48:49 +00:00
ip_carp.h carp: replace caddr_t with char * 2019-12-06 16:35:48 +00:00
ip_divert.c Fix mbuf leaks in various pru_send implementations 2021-05-12 13:00:09 -04:00
ip_divert.h
ip_dummynet.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
ip_ecn.c
ip_ecn.h
ip_encap.c Widen NET_EPOCH coverage. 2019-10-07 22:40:05 +00:00
ip_encap.h
ip_fastfwd.c ip_fastfwd: style(9) tidy for r367628 2020-11-13 18:25:07 +00:00
ip_fw.h Allow setting alias port ranges in libalias and ipfw. This will allow a system 2021-02-02 13:24:17 -08:00
ip_gre.c Introduce NET_EPOCH_CALL() macro and use it everywhere where we free 2020-01-15 06:05:20 +00:00
ip_icmp.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
ip_icmp.h
ip_id.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
ip_input.c ip_forward: Restore RFC reference 2021-05-23 00:01:37 +02:00
ip_mroute.c ip_mroute: initialize vif ifnet properly 2021-06-23 10:13:52 +02:00
ip_mroute.h ip_mroute: rework ip_mroute 2021-05-31 05:48:15 +02:00
ip_options.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
ip_options.h
ip_output.c mroute: fix race condition during mrouter shutting down 2021-05-11 12:34:20 +02:00
ip_reass.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
ip_var.h An earlier commit effectively turned out the fast forwading path 2020-11-12 21:58:47 +00:00
ip.h
pim_var.h
pim.h
raw_ip.c Fix mbuf leaks in various pru_send implementations 2021-05-12 13:00:09 -04:00
sctp_asconf.c sctp: Fix errno in case of association setup failures 2021-07-09 23:19:25 +02:00
sctp_asconf.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sctp_auth.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sctp_auth.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sctp_bsd_addr.c Don't pass RFPROC to kproc_create(), it is redundant. 2021-03-12 09:48:10 -08:00
sctp_bsd_addr.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sctp_cc_functions.c Minor cleanups. 2020-10-07 15:22:48 +00:00
sctp_constants.h sctp: Fix errno in case of association setup failures 2021-07-09 23:19:25 +02:00
sctp_crc32.c No need to include netinet/sctp_crc32.h twice. 2020-06-22 14:36:14 +00:00
sctp_crc32.h Add the SCTP_SUPPORT kernel option. 2020-06-18 19:32:34 +00:00
sctp_header.h Whitespace changes. 2020-09-24 12:26:06 +00:00
sctp_indata.c sctp: Fix errno in case of association setup failures 2021-07-09 23:19:25 +02:00
sctp_indata.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sctp_input.c sctp: Fix errno in case of association setup failures 2021-07-09 23:19:25 +02:00
sctp_input.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sctp_kdtrace.c Separate out SCTP related dtrace code. 2019-10-14 20:32:11 +00:00
sctp_kdtrace.h Separate out SCTP related dtrace code. 2019-10-14 20:32:11 +00:00
sctp_lock_bsd.h Whitespace changes. 2020-09-24 12:26:06 +00:00
sctp_module.c Provide support for building SCTP as a loadable module. 2020-07-10 14:56:05 +00:00
sctp_os_bsd.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sctp_os.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sctp_output.c sctp: Fix errno in case of association setup failures 2021-07-09 23:19:25 +02:00
sctp_output.h Whitespace changes. 2020-09-24 12:26:06 +00:00
sctp_pcb.c sctp: Fix errno in case of association setup failures 2021-07-09 23:19:25 +02:00
sctp_pcb.h sctp: initialize sequence numbers for ECN correctly 2021-06-27 20:14:48 +02:00
sctp_peeloff.c Non-functional changes due to upstream cleanup. 2020-06-11 13:34:09 +00:00
sctp_peeloff.h
sctp_ss_functions.c Fix a few typos in comments 2021-03-13 16:37:28 +01:00
sctp_structs.h sctp: improve consistency 2021-01-24 00:07:41 +01:00
sctp_syscalls.c Convert remaining cap_rights_init users to cap_rights_init_one 2021-01-12 13:16:10 +00:00
sctp_sysctl.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sctp_sysctl.h Improve the handling of cookie life times. 2020-10-16 10:44:48 +00:00
sctp_timer.c sctp: Fix errno in case of association setup failures 2021-07-09 23:19:25 +02:00
sctp_timer.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sctp_uio.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sctp_usrreq.c sctp: Fix errno in case of association setup failures 2021-07-09 23:19:25 +02:00
sctp_var.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sctp.h Improve the handling of cookie life times. 2020-10-16 10:44:48 +00:00
sctputil.c sctp: Fix errno in case of association setup failures 2021-07-09 23:19:25 +02:00
sctputil.h sctp: Fix errno in case of association setup failures 2021-07-09 23:19:25 +02:00
siftr.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
tcp_accounting.h This brings into sync FreeBSD with the netflix versions of rack and bbr. 2021-05-06 11:22:26 -04:00
tcp_debug.c
tcp_debug.h
tcp_fastopen.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
tcp_fastopen.h
tcp_fsm.h White space cleanup -- remove trailing tab's or spaces 2020-02-12 13:31:36 +00:00
tcp_hostcache.c tcp_hostcache: use SMR for lookups, mutex(9) for updates. 2021-04-20 10:02:20 -07:00
tcp_hpts.c tcp: Fix 32 bit platform breakage 2021-07-08 08:16:45 -04:00
tcp_hpts.h tcp: HPTS performance enhancements 2021-07-07 07:22:35 -04:00
tcp_input.c tcp: Add PRR cwnd reduction for non-SACK loss 2021-06-19 19:25:22 +02:00
tcp_log_buf.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
tcp_log_buf.h This brings into sync FreeBSD with the netflix versions of rack and bbr. 2021-05-06 11:22:26 -04:00
tcp_lro.c tcp: Lro needs to validate that it does not go beyond the end of the mbuf as it parses. 2021-07-16 06:07:13 -04:00
tcp_lro.h tcp: HPTS performance enhancements 2021-07-07 07:22:35 -04:00
tcp_offload.c Path MTU discovery hooks for offloaded TCP connections. 2021-04-21 13:00:16 -07:00
tcp_offload.h Path MTU discovery hooks for offloaded TCP connections. 2021-04-21 13:00:16 -07:00
tcp_output.c tcp: Preparation for allowing hardware TLS to be able to kick a tcp connection that is retransmitting too much out of hardware and back to software. 2021-06-25 09:30:54 -04:00
tcp_pcap.c Step 4.2: start divorce of M_EXT and M_EXTPG 2020-05-03 00:37:16 +00:00
tcp_pcap.h
tcp_ratelimit.c This brings into sync FreeBSD with the netflix versions of rack and bbr. 2021-05-06 11:22:26 -04:00
tcp_ratelimit.h This takes Warners suggested approach to making it so that 2021-05-07 17:32:32 -04:00
tcp_reass.c tcp: A better fix for the previously attempted fix of the ack-war issue with tcp. 2021-06-04 05:26:43 -04:00
tcp_sack.c tcp: SACK Lost Retransmission Detection (LRD) 2021-05-10 19:06:20 +02:00
tcp_seq.h
tcp_stats.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
tcp_subr.c tcp: TCP_LRO getting bad checksums and sending it in to TCP incorrectly. 2021-07-13 12:45:15 -04:00
tcp_syncache.c Unbreak TFO, that was broken with 8d5719aa74. These two assignments 2021-06-22 16:03:44 -07:00
tcp_syncache.h tcp: add support for TCP over UDP 2021-04-18 16:16:42 +02:00
tcp_timer.c Improve the TCP blackhole detection. The principle is to reduce the 2020-04-14 16:35:05 +00:00
tcp_timer.h kern: net: remove TCP_LINGERTIME 2021-02-18 22:36:01 -06:00
tcp_timewait.c tcp_twcheck(): use correct unlock macro. 2021-05-06 10:19:21 -07:00
tcp_usrreq.c tcp: A better fix for the previously attempted fix of the ack-war issue with tcp. 2021-06-04 05:26:43 -04:00
tcp_var.h tcp: TCP_LRO getting bad checksums and sending it in to TCP incorrectly. 2021-07-13 12:45:15 -04:00
tcp.h pf: syncookie support 2021-07-20 10:36:13 +02:00
tcpip.h
toecore.c toe: Read-lock the inp in toe_4tuple_check(). 2021-06-22 16:31:01 -07:00
toecore.h Path MTU discovery hooks for offloaded TCP connections. 2021-04-21 13:00:16 -07:00
udp_usrreq.c tcp, udp: Permit binding with AF_UNSPEC if the address is INADDR_ANY 2021-05-31 18:53:34 -04:00
udp_var.h Add a knob to allow zero UDP checksums for UDP/IPv6 traffic on the given UDP port. 2020-09-18 02:21:15 +00:00
udp.h White space cleanup -- remove trailing tab's or spaces 2020-02-12 13:31:36 +00:00
udplite.h White space cleanup -- remove trailing tab's or spaces 2020-02-12 13:31:36 +00:00