upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-14 10:13:48 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/netinet/libalias/HISTORY
Lutz Donnerhacke 3a96a25da8 libalias: Switch to SPLAY trees 
Current data structure is using a hash of unordered lists.  Those
unordered lists are quite efficient, because the least recently
inserted entries are most likely to be used again.  In order to avoid
long search times in other cases, the lists are hashed into many
buckets.  Unfortunatly a search for a miss needs an exhaustive
inspection and a careful definition of the hash.

Splay trees offer a similar feature - almost O(1) for access of the
least recently used entries), and amortized O(ln(n) - for almost all
other cases.  Get rid of the hash.

Now the data structure should able to quickly react to external
packets without eating CPU cycles for breakfast, preventing a DoS.

PR:		192888
Discussed with:	Dimitry Luhtionov
Differential Revision: https://reviews.freebsd.org/D30516
Differential Revision: https://reviews.freebsd.org/D30536
Differential Revision: https://reviews.freebsd.org/D30844

(cherry picked from commit 935fc93af1)
(cherry picked from commit d261e57dea)
(cherry picked from commit f70c98a2f5)
(cherry picked from commit 25392fac94)
(cherry picked from commit 2f4d91f9cb)
(cherry picked from commit 4060e77f49)
2021-07-06 08:55:53 +02:00

150 lines
4.9 KiB
Text
Raw Blame History

$FreeBSD$
Version 1.0: August 11, 1996 (cjm)
Version 1.1: August 20, 1996 (cjm)
- Host accepts incoming connections for ports 0 to 1023.
Version 1.2: September 7, 1996 (cjm)
- Fragment handling error in alias_db.c corrected.
Version 1.3: September 15, 1996 (cjm)
- Generalized mechanism for handling incoming
connections (no more 0 to 1023 restriction).
- Increased ICMP support (will handle traceroute now).
- Improved TCP close connection logic.
Version 1.4: September 16, 1996 (cjm)
Version 1.5: September 17, 1996 (cjm)
- Corrected error in handling incoming UDP packets
with zero checksum.
Version 1.6: September 18, 1996
- Simplified ICMP data storage. Will now handle
tracert from Win95 and NT as well as FreeBSD
traceroute, which uses UDP packets to non-existent
ports.
Version 1.7: January 9, 1997 (cjm)
- Reduced malloc() activity for ICMP echo and
timestamp requests.
- Added handling for out-of-order IP fragments.
- Switched to differential checksum computation
for IP headers (TCP, UDP and ICMP checksums
were already differential).
- Accepts FTP data connections from other than
port 20. This allows one ftp connections
from two hosts which are both running packet
aliasing.
- Checksum error on FTP transfers. Problem
in code located by Martin Renters and
Brian Somers.
Version 1.8: January 14, 1997 (cjm)
- Fixed data type error in function StartPoint()
in alias_db.c (this bug did not exist before v1.7)
Problem in code located by Ari Suutari.
Version 1.9: February 1, 1997 (Eivind Eklund <perhaps@yes.no>)
- Added support for IRC DCC (ee)
- Changed the aliasing routines to use ANSI style
throughout (ee)
- Minor API changes for integration with other
programs than PPP (ee)
- Fixed minor security hole in alias_ftp.c for
other applications of the aliasing software.
Hole could _not_ manifest in ppp+pktAlias, but
could potentially manifest in other applications
of the aliasing. (ee)
- Connections initiated from packet aliasing
host machine will not have their port number
aliased unless it conflicts with an aliasing
port already being used. (There is an option
to disable this for debugging) (cjm)
- Sockets will be allocated in cases where
there might be port interference with the
host machine. This can be disabled in cases
where the ppp host will be acting purely as a
masquerading router and not generate any
traffic of its own.
(cjm)
Version 2.0: March, 1997 (cjm)
- Aliasing links are cleared only when a host interface address
changes.
- PacketAliasPermanentLink() API added.
- Option for only aliasing private, unregistered
IP addresses added.
- Substantial rework to the aliasing lookup engine.
Version 2.1: May, 1997 (cjm)
- Continuing rework to the aliasing lookup engine
to support multiple incoming addresses and static
NAT. PacketAliasRedirectPort() and
PacketAliasRedirectAddr() added to API.
- Now supports outgoing as well as incoming ICMP
error messages.
Version 2.2: July, 1997 (cjm)
- Rationalized API function names to all begin with
"PacketAlias..." Old function names are retained
for backwards compatibility.
- Packet aliasing engine will now free memory of
fragments which are never resolved after a timeout
period. Once a fragment is resolved, it becomes
the users responsibility to free the memory.
Version 2.3: August 11, 1997 (cjm)
- Problem associated with socket file descriptor
accumulation in alias_db.c corrected. The sockets
had to be closed when a binding failed. Problem
in code located by Gordon Burditt.
Version 2.4: September 1, 1997 (cjm)
- PKT_ALIAS_UNREGISTERED_ONLY option repaired.
This part of the code was incorrectly re-implemented
in version 2.1.
Version 2.5: December, 1997 (ee)
- Added PKT_ALIAS_PUNCH_FW mode for firewall
bypass of FTP/IRC DCC data connections. Also added
improved TCP connection monitoring.
Version 2.6: May, 1998 (amurai)
- Added supporting routine for NetBios over TCP/IP.
Version 3.0: January 1, 1999
- Transparent proxying support added.
- PPTP redirecting support added based on patches
contributed by Dru Nelson <dnelson@redwoodsoft.com>.
Version 3.1: May, 2000 (Erik Salander, erik@whistle.com)
- Added support to alias 227 replies, allows aliasing for
FTP servers in passive mode.
- Added support for PPTP aliasing.
Version 3.2: July, 2000 (Erik Salander, erik@whistle.com and
Junichi Satoh, junichi@junichi.org)
- Added support for streaming media (RTSP and PNA) aliasing.
Version 3.3: May 2021 (donner)
- Dropped LibAliasCheckNewLink
- Refactor the database handling
- Switch to more effienct SPLAY trees
Reference in a new issue View git blame Copy permalink