IABSD.fr/src/sys/net

Branch :


Log

Author Commit Date CI Message
38f7444c 2022-01-05 05:19:22 add NSH and NHRP ethertypes, mostly for tcpdump stuff. ok deraadt@
83aa0ba6 2022-01-05 05:18:24 rename ETHERTYPE_PAE to ETHERTYPE_EAPOL. everyone else seems to use ETHERTYPE_EAPOL, and as a bonus it also appears to be more correct. ok deraadt@ stsp@
4d544115 2022-01-04 06:32:39 Add `ipsec_flows_mtx' mutex(9) to protect `ipsp_ids_*' list and trees. ipsp_ids_lookup() returns `ids' with bumped reference counter. original diff from mvs ok mvs
df8d9afd 2022-01-02 22:36:03 spelling ok jmc@ reads ok tb@
7945134b 2021-12-30 14:25:39 Use a distinct variable while iterating the list of existing devices. ok mvs@ Reported-by: syzbot+e2d1df67f742a5a47938@syzkaller.appspotmail.com Reported-by: syzbot+72298724beda82ec8e7f@syzkaller.appspotmail.com
188a0a69 2021-12-30 00:49:41 Prevent concurrent access to incomplete or dying `sc' caused by sleep points in pppacopen() and pppacclose() paths. Use the same "sc_ready" logic we use for 'pppx_if' structure. Reported-by: syzbot+a7ac144b48f7f471f689@syzkaller.appspotmail.com ok anton@ dlg@
5bac415b 2021-12-28 23:13:20 whitespace tweak, no functional change.
02cdd809 2021-12-28 23:10:58 it doesnt make sense to configure a vport as a span port.
6b7aaaa8 2021-12-28 23:10:30 move away from using the M_PROTO1 flag to prevent loops with vports if a vlan interface is configured on a vport interface, vlan(4) will take the packet away from ether_input before the veb bridge input handler gets to clear M_PROTO1. this leaves the flag on the mbuf as it goes through the l3 stacks. if it goes back out a vport into a veb, the presence of M_PROTO1 means the packet ends up getting dropped, which is unexpected. this diff specialises vport handling by veb even more to avoid the problem the flag was handling. vports get their own bridge input handler that skips veb processing completely because a packet being received on a vport can only occur if a veb has decided to forward it there and has already processed it. when the stack sends a packet out a vport interface, then we do actual veb bridge input handling. bug reported on misc@ and the fix tested by Simon Baker
5a50f165 2021-12-26 14:04:29 DIOCHANGERRULE ioctl must set pointer to ruleset in rule it inserts. Reported-by: syzbot+7718c5f69c595f76b298@syzkaller.appspotmail.com OK bluhm@, OK jmatthew@
840840b0 2021-12-26 01:00:32 make 'set skip on ...' in pf.conf dynamic This is an old issue in pf(4): whenever new interface appears in IP stack, we must reload pf.conf to apply 'set skip on ...' to newly plumbed network interfaces. Time has come to fix it. The idea is to also create pfi_kif for interfaces, which are referred by 'set skip on ...'. Such pfi_kif instances are created/destroyed by pfi_set_flags()/pfi_clear_flags(). claudio@ dragged my attention to this in Gouveia. Also his feedback helped me to put change into shape. OK claudio@
5ee194bc 2021-12-23 12:21:48 IPsec is not MP safe yet. To allow forwarding in parallel without dirty hacks, it is better to protect IPsec input and output with kernel lock. Not much is lost as crypto needs the kernel lock anyway. From here we can refine the lock later. Note that there is no kernel lock in the SPD lockup path. Goal is to keep that lock free to allow fast forwarding with non IPsec traffic. tested by Hrvoje Popovski; OK tobhe@
d997d144 2021-12-20 15:59:09 Use per-CPU counters for tunnel descriptor block (TDB) statistics. 'tdb_data' struct became unused and was removed. Tested by Hrvoje Popovski. ok bluhm@
9cb0c582 2021-12-19 23:30:08 There are occasions where the walker function in tdb_walk() might sleep. So holding the tdb_sadb_mtx() when calling walker() is not allowed. Move the TDB from the TDB-Hash to a temporary list that is protected by netlock. Then unlock tdb_sadb_mtx and traverse the list to call the walker. OK mvs@
e966ab90 2021-12-16 09:33:56 When adding the extra 10% of space to a needed sysctl buffer use math that is less likely to overflow the int type used. A BGP fullfeed is now so big that this calculation overflowed and then got sign extended. The result was for example 'route -n show' failures. Problem identified with deraadt@ OK deraadt@ (more cleanup needed but this fix is a good start)
38bfd041 2021-12-16 02:01:59 fix zero division found by syzkaller. The sanity checks in pf(4) ioctls are not powerful enough to detect invalid port ranges (or even invalid rules). syzkaller does not use pfctl(8), it uses ioctl(2) to pass some random chunk of memory as a rule to pf(4). Fix adds explicit check for 0 divider to pf_get_transaddr(). It should make syzkaller happy without disturbing anyone else. OK gnezdo@ Reported-by: syzbot+d1f00da48fa717e171f3@syzkaller.appspotmail.com
4023ddd7 2021-12-16 00:54:42 pool_get w/ PR_ZERO is better than following with a bzero, because pools hold dirty and clean memory, and can hand out the right time cheaper ok dlg
bdf46359 2021-12-14 17:50:37 To cache lookups, the policy ipo is linked to its SA tdb. There is also a list of SAs that belong to a policy. To make it MP safe, protect these pointers with a mutex. tested by Hrvoje Popovski; OK mvs@
59b9936b 2021-12-11 16:33:46 Protect the write access to the TDB flags field with a mutex per TDB. Clearing the timeout flags just before pool put in tdb_free() does not make sense. Move this to tdb_delete(). While there make the parentheses in the flag check consistent. tested by Hrvoje Popovski; OK tobhe@
8cdd540d 2021-12-08 14:24:18 Start documenting the locking strategy of struct tdb fields. Note that gettdb_dir() is MP safe now. Add the tdb_sadb_mtx mutex in udpencap_ctlinput() to protect the access to tdb_snext. Make the braces consistently for all these TDB loops. Move NET_ASSERT_LOCKED() into the functions where the read access happens. OK mvs@
655f9804 2021-12-06 07:41:33 fix odd check in pfi_kif_free() pointed out by jsg@ OK jsg@
c4d43372 2021-12-03 19:04:49 Add tdb_delete_locked() to replace duplicate tdb deletion code in pfkey_flush(). ok bluhm@ mvs@
31a6915f 2021-12-03 17:18:34 Add TDB reference counting to ipsp_spd_lookup(). If an output pointer is passed to the function, it will return a refcounted TDB. The ref happens when ipsp_spd_inp() copies the pointer from ipo->ipo_tdb. The caller of ipsp_spd_lookup() has to unref after using it. tested by Hrvoje Popovski; OK mvs@ tobhe@
2400aaeb 2021-12-01 22:34:31 Reintroduce the TDBF_DELETED flag. Checking next pointer to figure out whether the TDB is linked to the hash bucket does not work. This fixes removal of SAs that could not be flushed with ipsecctl -F. OK tobhe@
45b43d79 2021-12-01 21:48:00 mention that the "flags" field in the enchdr is uses m_flags values (see mbuf.h)
e7111b64 2021-12-01 12:51:09 Let ipsp_spd_lookup() return an error instead of a TDB. The TDB is not always needed, but the error value is necessary for the caller. As TDB should be refcounted, it makes not sense to always return it. Pass an output pointer for the TDB which can be NULL. OK mvs@ tobhe@
08d984e5 2021-11-29 15:39:59 Using a void pointer for temporary allocated TDB in pfkeyv2 does not make sense. Do not use the freeme pointer for TDB in pfkeyv2_send(). The pattern is tdb_alloc() and tdb_unref() in case of error. Replace tdb_free() in reserve_spi() with tdb_unref() to keep this consistent. Only tdb_unref() should call tdb_free(). OK mvs@
acf1bec5 2021-11-26 16:16:35 Replace TDBF_DELETED flag with check if tdb was already unlinked. Protect tdb_unlink() and puttdb() for SADB_UPDATE with tdb_sadb_mutex. Tested by Hrvoje Popovski ok bluhm@ mvs@
4b0e5db3 2021-11-25 13:46:02 Implement reference counting for IPsec tdbs. Not all cases are covered yet, more ref counts to come. The timeouts are protected, so the racy tdb_reaper() gets retired. The tdb_policy_head, onext and inext lists are protected. All gettdb...() functions return a tdb that is ref counted and has to be unrefed later. A flag ensures that tdb_delete() is called only once. Tested by Hrvoje Popovski; OK sthen@ mvs@ tobhe@
e0790d6d 2021-11-23 19:13:45 Use system uptime not UTC time to calculate PPPoE session duration Systems without RTC are likely to boot with wrong time, but pppoe(4) used microtime(9) anyway to remember when a new session began. (In)adequately, ifconfig(8) used gettimeofday(2) and calculated the difference between two absoloute dates to infer the PPPoE session duration. This goes off the rails if the wall clock jumps in between, e.g. due to NTP kicking in. Use getmicrouptime(9) and clock_gettime(2)/CLOCK_BOOTTIME instead to rely on the monotonically increasing system uptime instead to fix this. Reported and tested by Peter J. Philipp <pjp AT delphinusdns DOT org> on some octeon box without RTC. I've seen this on a Edgerouter 4 as well (2m uptime, 19d session). OK claudio
ac7c051c 2021-11-22 12:56:04 move PFR_TFLAG_CONST test, missed in rev 1.138 prompted by uninitialised var found by bluhm@ running regress on sparc64 ok sashan@
97bcf35f 2021-11-17 18:00:24 Display DNS information from sppp(4) in ifconfig(8) Behaviour is similar to that of umb(4). OK kn@
999a6f61 2021-11-16 20:51:30 move memory allocations in pfr_add_addrs() outside of NET_LOCK()/PF_LOCK() scope. feedback by bluhm@ OK bluhm@
d04b6041 2021-11-12 15:49:41 "netconfigd" is now better known as resolvd(8)
bec0ed23 2021-11-11 18:08:17 Do not call ip_deliver() recursively from IPsec. As there is no crypto task anymore, it is possible to return the next protocol. Then ip_deliver() will walk the header chain in its loop. IPsec bridge(4) tested by jan@ OK mvs@ tobhe@ jan@
c97e8838 2021-11-11 12:35:01 Allow pfi_kif_get() callers to pre-allocate buffer for new kif. If kif object exists already, then caller must free the pre-allocated buffer. If caller does not pre-allocate buffer, the pfi_kif_get() will get memory from pool using M_NOWAIT flag. Commit is also polishing pfi_initialize() a bit so it uses M_WAITOK allocation for pfi_all. there is no change in current behaviour. feedback by bluhm@ OK bluhm@
9f9935a8 2021-11-11 10:03:08 Retire switch(4) it never really was production ready and the OpenFlow API implemented is a deadend. OK akoshibe@ yasuoka@ deraadt@ kn@ patrick@ sthen@
6371cd0b 2021-11-10 20:24:22 Give sppp(4) its own RTP_PROPOSAL priority OK semarie@
3265d83c 2021-11-10 15:04:26 sppp(4) - support PPP IPCP extensions for DNS RFC 1877 extends the family of network control protocols for establishing and configuring the IPCP over PPP, defining the negotiation of primary and secondary DNS addresses. After negotiation, rtm_proposal() is used to send out DNS updates. Feedback from claudio@ and kn@. OK claudio@, kn@
48a17b0d 2021-11-10 04:46:25 whitespace tweak, no functional change. enjoy rebuilding all the things cos i deleted a space.
3c33e230 2021-11-10 04:45:15 whitespace tweaks, no functional change.
b26d8e6e 2021-11-08 04:54:44 whitespace tweak, no functional change
728741be 2021-11-08 04:50:54 whitespace tweaks, no functional change.
e4692c21 2021-11-08 04:15:46 veb rules are an smr list, so traversal should be in an smr crit section reported by stsp@ an earlier diff was tested by and ok stsp@ ok jmatthew@
c2f23716 2021-10-25 18:25:01 Call a locked variant of tdb_unlink() from tdb_walk(). Fixes a mutex locking against myself panic introduced by my previous commit. OK beck@ patrick@
7f9adf34 2021-10-24 10:58:43 let pf_table.c to use standard way to work with lists OK todd@, mvs@, kn@
d5072c26 2021-10-23 22:19:37 There is an m_pullup() down in AH input. As it may free or change the mbuf, the callers must be careful. Although there is no bug, use the common pattern to handle this. Pass down an mbuf pointer mp and let m_pullup() update the pointer in all callers. It looks like the tcp signature functions should not be called. Avoid an mbuf leak and return an error. OK mvs@
828d9ca1 2021-10-23 15:00:11 Fix double free after allocation failure in bpf(4). Reported by Peter J. Philipp. OK mpi@
ac7813e4 2021-10-23 09:36:58 YIELD() in pf_table.c should preempt for ioctl() callers only OK @mpi
7834797c 2021-10-22 12:30:53 After deleting hifn(4) the only provider for the LZS compression algorithm is gone. Reomve all LZS references from the tree. The v42bis in isakmpd also looks unsupported. OK mvs@ patrick@ sthen@
7853af73 2021-09-14 09:15:55 Add missing kernel lock for Bi-directional Forwarding Detection data. Also bfdset() calls pool_get(9) with PR_WAITOK flag so it should be done before we check the existence of this `bfd', otherwise it could be added multiple times. We have BFD disabled in the default kernel so this diff is for consistency mostly. ok mpi@
d2084f83 2021-09-07 16:07:46 Fix NULL pointer dereference introduced by previous commit. Reported-by: syzbot+684597dbbb9b516e76ae@syzkaller.appspotmail.com ok mpi@
40192866 2021-09-07 09:56:00 Fix the race between if_detach() and rtm_output(). When the dying network interface descriptor has if_get(9) obtained reference owned by foreign thread, the if_detach() thread will sleep just after it removed this interface from the interface index map. The data related to this interface is still in routing table, so if_get(9) called by concurrent rtm_output() thread will return NULL and the following "ifp != NULL" assertion will be triggered. So remove the "ifp != NULL" assertions from rtm_output() and try to grab `ifp' as early as possible then hold it until we finish the work. In the case we won the race and we have `ifp' non NULL, concurrent if_detach() thread will wait us. In the case we lost we just return ESRCH. The problem reported by danj@. Diff tested by danj@. ok mpi@
73ce225a 2021-08-30 14:44:39 remove a bunch of forward-only structs that were found with ctfconv. ok mpi@
304cf3fd 2021-08-19 10:22:00 implement reception of "VLAN 0 priority tagged" packets. according to 802.1Q, vlan 0 on the wire is special and should be interpreted as if it was a packet received on the parent interface, but you get the packet priority information encoded in the vlan header. historically we drop vlan tagged packets that don't have a vlan interface configured for the received tag number. historically we have deviated from 802.1Q by allowing for the configuration of a vlan subinterface with the vnetid "unset". this works just like any other vlan interface, but it uses tag 0 on the wire. however, if you're in a situation where you're receiving vlan tagged 0 packets that really are part of the same layer 2 ethernet domain as the parent inteface, this doesnt work well. landry@ is in such a situation at work where the network is sending his OpenBSD boxes packets with VLAN tag 0. sometimes. most of the time the packets are untagged, which is expected, but sometimes they have a VLAN header set. this causes problems, particularly with arp. this diff does the smallest possible change to enable reception of these vlan 0 priority tagged packets. if an "unset" vlan interface is not configured on the parent, then vlan 0 tagged packets get their header stripped and continue stack processing as if they didnt have the tag at all. landry has been running this for months. ok sthen@ claudio@
2f84ac13 2021-08-05 13:37:04 m_freem in wg_send's path where a peer has no endpoint address, fixing an mbuf leak way with wgpka (keepalive) found the hard way by Matt P. Diff from Matt Dunwoodie, ok claudio@
60a682ed 2021-08-02 21:10:55 Don't call rtm_ifchg() in trunk_port_state(). The preceding trunk_link_active() already produced RTM_IFINFO message when trunk(4) state was changed. I such case we double RTM_IFINFO message or we produce false message when trunk(4) state was not changed. ok florian@
1ff726c6 2021-07-27 17:13:03 Revert "Use per-CPU counters for tunnel descriptor block" diff. Panic reported by Hrvoje Popovski.
2960d3c8 2021-07-27 09:29:09 Introduce mutex(9) to protect pipex(4) session content. With bluhm@'s diff for parallel forwarding pipex(4) could be accessed in parallel through (*ifp->if_input)() -> ether_input() -> pipex_pppoe_input(). PPPOE pipex(4) sessions are mostly immutable except MPPE crypt. The new per-session `pxs_mtx' mutex(9) used to protect session's `ccp-id' which is incremented each time we send CCP reset-request. The new `pxm_mtx' mutex(9) used to protect MPPE context. Each pipex(4) session has two of them: one for the input and one for output path. Where is no lock order limitations because those new mutex(9)'es never held together. ok bluhm@
5a1e2cae 2021-07-26 23:17:06 Use per-CPU counters for tunnel descriptor block (tdb) statistics. 'tdb_data' struct became unused and was removed. ok bluhm@
0258c1b1 2021-07-22 16:40:19 Add sizes for free() in zlib Rebased version of a diff from miod who described it as follows: This tries to keep diffability against upstream, hence a questionable choice of the size type for zcfree() - but all sizes should fit in 32 bits anyway. Since all zcfree routines used in the tree cope with NULL arguments (including the various alloc.c used by the boot blocks), I have simplified TRY_FREE to compensate for the growth. Reminded by and ok mpi
df21f681 2021-07-20 16:44:55 Turn pipex(4) session statistics to per-CPU counters. This makes pipex(4) more compliant to bluhm@'s work on traffic forwarding parallelization. ok yasuoka@ bluhm@
b8500bb4 2021-07-20 16:32:28 The current workaround to disable parallel IPsec did not work. Variable nettaskqs must not change at runtime. Interface input queues choose the thread during init with ifiq_softnet = net_tq(). So it cannot be modified after pfkeyv2_send() sets the first SA in kernel. Also changing the calculation in net_tq() may call task_del() with a different taskq than task_add(). Instead of restricting the index to the first softnet task, use an exclusive lock. For now just move the comment. We can later decide if a write net lock or kernel lock is better. OK mvs@
8ee934e7 2021-07-19 19:00:58 Fix an alignment fault observed on an octeon machine while pppoe(4) was attempting to negotiate a large MTU. Copy the peer's max payload size from the discovery packet with memcpy() instead of using a pointer to this value's offset in the packet buffer. tweak and ok visa@ additional testing and ok sthen@
094e3f7d 2021-07-14 22:39:26 Export SA replay counters via pfkey and print with ipsecctl. This is useful for debugging replay window issues with 64 bit sequence numbers in IPsec. ok bluhm@
01ae73c5 2021-07-09 01:22:05 ifq_hdatalen can return 0 if ifq_empty is true, which avoids locks.
8bd2aa04 2021-07-08 16:39:55 Initialize `ipsec_acquire_pool' pool (9) within pfkey_init() instead of doing that in runtime within ipsp_acquire_sa(). ok bluhm@
698a75dd 2021-07-08 15:13:14 Debug printfs in encdebug were inconsistent, some missing newlines produced ugly output. Move the function name and the newline into the DPRINTF macro. This simplifies the debug statements. OK tobhe@
baf71576 2021-07-07 20:19:01 tell ether_input() to call pf_test() outside of smr_read sections, because smr_read sections don't play well with sleeping locks in pf(4). OK bluhm@
52ade9e7 2021-07-07 18:38:25 pfsync_undefer() must be called outside of PF_LOCK OK @bluhm
f3218c34 2021-07-05 12:01:20 Export tdb MTU to userland via SADB_GET. This helps debug path MTU discovery issues with ESP in UDP. ok bluhm@ sthen@ mpi@
dd76c598 2021-07-05 04:17:41 etherbridge_map was way too clever, so simplify it. the code tried to carry state from the quick smr based lookup through to the actual map update under the mutex, but this led to refcnt leaks, and logic errors. the simplification is that if the smr based checks say the map needs updating, we prepare the update and then forget what we learnt inside the smr critical section and redo them under the mutex again. entries in an etherbridge map are either in it or they aren't, so we don't need to refcnt them. this means the thing that takes an entry out of the map becomes directly responsible for destroy it, so they can do the smr call or barrier directly rather than via a refcnt. found by hrvoje popovski while testing the stack running in parallel, and fix tested by him too. ok sashan@
a0ebdf48 2021-06-30 13:23:33 Remove splnet() from ifnewlladdr(), it is not needed anymore. Add asserts and comments for the locks that are necessary. discussed with dlg@ mpi@ mvs@; tested by Hrvoje Popovski; OK mpi@
7845b46b 2021-06-25 23:48:30 let pfsync_request_update actually retry when it overfills a packet. a continue in the middle of a do { } while (0) loop is effectively a break, it doesnt restart the loop. without the retry, the code leaked update messages which in turn made pool_destroy in pfsync destroy trip over a kassert cos items were still out. found by and fix tested by hrvoje popovski ok sashan@
b1f2ff08 2021-06-23 16:10:45 rtsock: revert from timeout_set_flags(9) to timeout_set_proc(9); ok mvs@
3f1b5c31 2021-06-23 06:53:51 augment the global pf state list with its own locks. before this, things that iterated over the global list of pf states had to take the net, pf, or pf state locks. in particular, the ioctls that dump the state table took the net and pf state locks before iterating over the states and using copyout to export them to userland. when we tried replacing the use rwlocks with mutexes under the pf locks, this blew up because you can't sleep when holding a mutex and there's a sleeping lock used inside copyout. this diff introduces two locks around the global state list: a mutex that protects the head and tail of the list, and an rwlock that protects the links between elements in the list. inserts on the state list only occur during packet handling and can be done by taking the mutex and putting the state on the tail before releasing the mutex. iterating over states is only done from thread/process contexts, so we can take a read lock, then the mutex to get a snapshot of the head and tail pointers, and then keep the read lock to iterate between the head and tail points. because it's a read lock we can then take other sleeping locks (eg, the one inside copyout) without (further) gymnastics. the pf state purge code takes the rwlock exclusively and the mutex to remove elements from the list. this allows the ioctls and purge code to loop over the list concurrently and largely without blocking the creation of states when pf is processing packets. pfsync also iterates over the state list when doing bulk sends, which the state purge code needs to be careful around. ok sashan@
db679a19 2021-06-23 05:51:27 pf_purge_expired_states can check the time once instead of for every state.
ec01c30c 2021-06-23 05:43:53 pfsync_undefer_notify needs to be careful before dereferecing state keys. pfsync_undefer_notify uses the state keys to look up the address family, which is used to figure out if it should call ipv4 or ipv6 functions. however, the pf state purge code can unlink a state from the trees (ie, the state keys get removed) while the pfsync defer code is holding a reference to it and expects to be able to send the deferred packet in the future. we can test if the state keys are set by checking if the timeout state is PFTM_UNLINK or not. this currently relies on both pf_remove_state and pfsync_undefer_notify being called with the NET_LOCK held. this probably needs to be rethought later but is good enough for now. found the hard way on a production firewall at work.
99e6e1ef 2021-06-23 04:16:32 rework pf_state_expires to avoid confusion around state->timeout. im going to make it so pf_purge_expired_states() can gather states largely without sharing a lock with pfsync or actual packet processing in pf. if pf or pfsync unlink a state while pf_purge_expired_states is looking at it, we can race with some checks and fall over a KASSERT. i'm fixing this by having the caller of pf_state_expires read state->timeout first, do it's checks, and then pass the value as an argument into pf_state_expires. this means there's a consistent view of the state->timeout variable across all the checks that pf_purge_expired_states in particular does. if pf/pfsync does change the timeout while pf_purge_expired_states is looking at it, the worst thing that happens is that it doesn't get picked as a candidate for purging in this pass and will have to wait for the next sweep. ok sashan@ as part of a bigger diff
b8dc9bf2 2021-06-17 00:18:09 more consistently use pfsync_free_deferral to free the mbuf. pfsync_free_deferral doesnt need to check pd_m for NULL before calling m_freem because m_freem does that anyway. if pf_setup_pdesc in pfsync_undefer_notify failed, the mbuf was freed but the pd_m pointer was not cleared, which would have led to a double free when pfsync_free_deferral tried to do the same thing for it. if pfsync_undefer is supposed to drop the mbuf, let pfsync_free_deferral do it for us. ok jmatthew@
58d69225 2021-06-15 10:10:22 use getnsecuptime instead of getmicrouptime. working on a uint64_t is easier than remembering how timercmp and timersub works. ok jmatthew@
a7d9d424 2021-06-15 08:36:19 get the uptime before comparing to it. "that seems kind of important" jmatthew@
4ea72498 2021-06-15 05:24:46 factor out nsecuptime and getnsecuptime. these functions were implemented in a bunch of places with comments saying it should be moved to kern_tc.c when more pop up, and i was about to add another one. i think it's time to move them to kern_tc.c. ok cheloa@ jmatthew@
1c3ff09a 2021-06-15 05:06:24 rework pfsync deferal timeout handling. instead of having a timeout per deferred packet structure, use a single timeout in pfsync that pulls items off the list of deferred packets. this avoids confusion about whether a timeout is handling the defer or another context owns it. this way round, the context that removes a defer from the list owns it and is responsible for completing it. this should fix a panic we hit on the firewalls at work. there's still another one that needs a fix, but sashan@ has been looking at it. this might make it simpler to deal with though. ok sashan@ jmatthew@
35ae5119 2021-06-09 03:24:54 whitespace tweak. no functional change.
3cc9bc2c 2021-06-02 21:49:31 With parallel execution of pf_test() two packets may try to update the same state in pfsync(4) queue. pfsync_q_ins() takes that race into account with one exception: the KASSERT() at line 2352. That KASSERT() needs to be removed. 2346 void 2347 pfsync_q_ins(struct pf_state *st, int q) 2348 { 2349 struct pfsync_softc *sc = pfsyncif; 2350 size_t nlen, sc_len; 2351 2352 KASSERT(st->sync_state == PFSYNC_S_NONE); 2353 2354 #if defined(PFSYNC_DEBUG) 2355 if (sc->sc_len < PFSYNC_MINPKT) 2356 panic("pfsync pkt len is too low %zd", sc->sc_len); 2357 #endif 2358 do { 2359 mtx_enter(&sc->sc_mtx[q]); 2360 2361 /* 2362 * If two threads are competing to insert the same state, then 2363 * there must be just single winner. 2364 */ 2365 if (st->sync_state != PFSYNC_S_NONE) { 2366 mtx_leave(&sc->sc_mtx[q]); 2367 break; 2368 } OK bluhm@
f561b0b3 2021-06-02 07:46:22 whitespace tweaks, no functional change.
9f67f65b 2021-06-02 01:37:10 only read the if_bpf pointer once.
2fbecff6 2021-06-02 01:36:10 tpmr_input is called in an smr crit section, so it doesnt need its own. this simplifies the code a little bit.
12b9e3f3 2021-06-02 01:30:30 read the tpmr if_flags once in tpmr_input so link flags apply consistently. this avoids IFF_LINK1 getting set by another cpu halfway through tpmr_input. if LINK1 is not set when a packet enters a tpmr pair it skips ip/pf checks, but if it is then set then only pf is run against it. this way you either get the ip checks and pf when the packet enters and leaves tpmr, or you dont get the ip and pf checks at all.
fdb9e118 2021-06-02 00:44:18 use ipv4_check and ipv6_check to well, check ip headers before running pf. unlike bridge(4), these checks are only run when the packet is entering the veb/tpmr topology. the assumption is that only valid IP packets end up inside the topology so we don't have to check them when they're leaving. ok bluhm@ sashan@
b35addb2 2021-06-02 00:40:51 use ipv4_check and ipv6_check provided by the network stacks. this removes the duplication of the check code, and lets the v6 code in particular pick up a lot more sanity checks around valid addresses on the wire. ok bluhm@ sashan@
66f5a49c 2021-06-01 14:23:34 Check `so_state' in rtm_senddesync() and return if SS_ISCONNECTED or SS_CANTRCVMORE bits are set. The first check required to prevent timeout_add(9) reschedule `rop_timeout', otherwise timeout_del_barrier(9) can't help us. The second check is for the case when shutdown(2) with SHUT_RD argument occurred on this socket and we should not receive anything include RTM_DESYNC packets. ok claudio@
e793fd61 2021-06-01 09:57:11 a couple of minor whitespace tweaks. no functional change. am i a pf hacker now?
b688c8f8 2021-05-30 21:01:27 Declare all struct protosw as constant. OK mvs@
d103d05a 2021-05-27 03:46:15 ajacoutot says i missed copying some bits from bridge for divert-to.
884f1619 2021-05-27 03:43:23 ajacouto says i missed copying some bits from bridge for divert-to.
2537beac 2021-05-26 08:28:34 Use `so_lock' to protect key management (PF_KEY) sockets. This can be done because we have no cases where one thread should lock two sockets simultaneously. tested by yasuoka@ ok bluhm@ markus@
e4207ed0 2021-05-26 06:44:28 add support for pf divert-to on tpmr, like what was done for veb(4). when a divert-to rule applies to a packet, pf doesnt take the packet away and shove it in the socket directly. pf marks the packet, and then ip (or ipv6) input processing looks at the mark and picks the local socket to queue it on. because tpmr operates at layer 2, ip input has no chance to look at the packet and let the divert socket steal it. bridge(4) and now veb(4) handle this by checking if the packet has the pf divert to mark set on it and calls ip input if it's set. this copies the semantic to tpmr.
603ab61f 2021-05-26 02:38:01 support divert-to when pf applies it to a packet. when a divert-to rule applies to a packet, pf doesnt take the packet away and shove it in the socket directly. pf marks the packet, and then ip (or ipv6) input processing looks at the mark and picks the local socket to queue it on. because veb operates at layer 2, ip input processing only occurred if the packet was destined to go into a vport interface. bridge(4) handles this by checking if the packet has the pf divert to mark set on it and calls ip input if it's set. this copies the semantic to veb. this allows divert-to to steal (take?) packets going over a veb and process them on a local socket. reported by ajacatot@