Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| b51defdf | 2020-03-06 10:40:13 | Fix uninitialized use of variable 'len'. ok bluhm@ | ||
| b4f292f9 | 2020-01-26 09:39:36 | add define for IPTOS_DSCP_LE; "low effort" DSCP codepoint standardised in RFC8622; ok job@ | ||
| fd4abc02 | 2019-12-23 22:33:57 | rdr-to with loopback destination should work even though IP forwarding is disabled. Issue reported by Daniel Jakots (danj@) OK bluhm@ | ||
| a07febcb | 2019-12-10 17:58:54 | Make bundled IPcomp/ESP policies work with IPSEC_LEVEL_REQUIRE. We only install flows for IPcomp. When processing an incoming ESP SA, look for a bundled IPcomp SA and use that in the policy check. ok bluhm@ | ||
| 59e813f9 | 2019-12-09 06:48:52 | always pull in if_types.h, to unbreak ramdisks | ||
| 144d7e8e | 2019-12-08 11:08:22 | Make sure packet destination address matches interface address, where such packet is bound to. This check is enforced if and only IP forwarding is disabled. Change discussed with bluhm@, claudio@, deraadt@, markus@, tobhe@ OK bluhm@, claudio@, tobhe@ | ||
| 08ae2611 | 2019-12-06 14:43:14 | Checking the IPsec policy is expensive. Check only when IPsec is used. ok bluhm@ | ||
| baa28055 | 2019-12-01 21:12:42 | Don't require a valid sa_len for a bunch of IPv4 "get" ioctls Same fix as for the IPv6 case. Fixes a regression in ports/net/openvpn spotted by landry@, ok bluhm@ | ||
| 56d9df26 | 2019-11-29 22:06:19 | Change the default security level for incoming IPsec flows from isakmpd and iked to REQUIRE. Filter policy violations earlier. ok sashan@ bluhm@ | ||
| 8718e781 | 2019-11-28 00:50:41 | Although ifconfig(8) checks it already, enforce contiguous inet netmask in the kernel. OK visa@ | ||
| 492c1b75 | 2019-11-13 17:36:02 | Add DoT 853 to DEFBADDYNAMICPORTS_TCP. This port will be increasingly unfiltered in the future, so this prevents rresvport_af(3) from randomly exposing a service intended for local visibility only. ok florian | ||
| 32906ae9 | 2019-11-11 21:17:21 | Prevent underflows in tp->snd_wnd if the remote side ACKs more than tp->snd_wnd. This can happen, for example, when the remote side responds to a window probe by ACKing the one byte it contains. from FreeBSD; via markus@; OK sashan@ tobhe@ | ||
| 8a584077 | 2019-11-08 07:51:41 | void being too clever about setting/clearing ifpromisc on the parent. ifpromisc() already refcounts, so carp doesn't have to do it implicitly with the carpdev list. there's no functional change, the code just gets a bit simpler. | ||
| f22742ab | 2019-11-08 07:16:29 | convert interface address change hooks to tasks and a task_list. this follows what's been done for detach and link state hooks, and makes handling of hooks generally more robust. address hooks are a bit different to detach/link state hooks in that there's only a few things that register hooks (carp, pf, vxlan), but a lot of places to run the hooks (lots of ipv4 and ipv6 address configuration). an address hook cookie was in struct pfi_kif, which is part of the pf abi. rather than break pfctl -sI, this maintains the void * used for the cookie and uses it to store a task, which is then used as intended with the new api. | ||
| b36fd3da | 2019-11-07 13:25:44 | Do propper kernel input validation for in_control() ioctl(2) SIOCGIFADDR, SIOCGIFNETMASK, SIOCGIFDSTADDR, SIOCGIFBRDADDR, SIOCSIFADDR, SIOCSIFNETMASK, SIOCSIFDSTADDR, and SIOCSIFBRDADDR. Name in_ioctl_set_ifaddr() consistently. Use in_sa2sin() to validate inet address. Combine if_addrlist loops and add comment. Although netmask is not a inet address, length must be valid. Reported-by: syzbot+5fc6da002fc4e8d994be@syzkaller.appspotmail.com OK visa@ | ||
| b5675ff3 | 2019-11-07 11:23:23 | Avoid NULL dereference in arpinvalidate() and nd6_invalidate() by making RTM_INVALIDATE code path perform same check as RTM_DELETE does. ok mpi@ | ||
| 4f5e51a4 | 2019-11-07 07:36:31 | turn the linkstate hooks into a task list, like the detach hooks. this is largely mechanical, except for carp. this moves the addition of the carp link state hook after we're committed to using the new interface as a carpdev. because the add can't fail, we avoid a complicated unwind dance. also, this tweaks the carp linkstate hook so it only updates the relevant carp interface, not all of the carpdevs on the parent. hrvoje popovski has tested an early version of this diff and it's generally ok, but there's some splasserts that this diff fires that i'll fix in an upcoming diff. ok claudio@ | ||
| 3fe9d1bd | 2019-11-06 03:51:26 | replace the hooks used with if_detachhooks with a task list. the main semantic change is that things registering detach hooks have to allocate and set a task structure that then gets added to the list. this means if the task is allocated up front (eg, as part of carps softc or bridges port structure), it avoids the possibility that adding a hook can fail. a lot of drivers weren't checking for failure, and unwinding state in the event of failure in other parts was error prone. while doing this i discovered that the list operations have to be in a particular order, but drivers weren't doing that consistently either. this diff wraps the list ops up so you have to seriously go out of your way to screw them up. ive also sprinkled some NET_ASSERT_LOCKED around the list operations so we can make sure there's no potential for the list to be corrupted, especially while it's being run. hrvoje popovski has tested this a bit, and some issues he discovered have been fixed. ok sashan@ | ||
| 5d9904c1 | 2019-11-04 23:52:27 | remove mobileip(4) noone seems to use it, and we should not encourage people to use it by having it available. it's been disabled for most of the last release and noones asked for it in 6.6, so i'm taking that as an ok for this removal. | ||
| cf6a5eb2 | 2019-10-25 01:46:02 | make whitespace in the IPPROTO defines consistent. no functional change. | ||
| b9442e90 | 2019-10-25 01:44:02 | +#define IPPROTO_UDPLITE 136, as per RFC 3828 and the IANA allocation please don't interpret this as an intention on my part to implement UDP-Lite. | ||
| 71713a9b | 2019-10-23 19:58:32 | Kernel is missing propper input validation when configuring addresses. Fix the SIOCAIFADDR and SIOCDIFADDR ioctl(2) by implementing in_sa2sin() to validate inet address family and address length. OK visa@ | ||
| 018bdca7 | 2019-10-17 00:51:28 | in6_setsockaddr and in6_setpeeraddr can't fail, so let them return void. this also brings them in line with the AF_INET equivalents. ok visa@ bluhm@ | ||
| bb293f58 | 2019-10-16 10:22:01 | tsleep(9) -> tsleep_nsec(9) ok cheloha@, visa@ | ||
| 81d7692a | 2019-10-07 11:51:19 | ip_ether.c is empty, and now unlinked from the build. ok jca@ deraadt@ claudio@ visa@ | ||
| a3a66860 | 2019-10-04 05:00:49 | gif shouldn't include netinet/ip_ether.h, cos gif doesnt do etherip. ip_ether.h is where netinet/ip_ipip.h got the forward declaration for struct tdb from though, so fix that before cutting ip_ether.h out of gif. | ||
| ca2436c0 | 2019-10-04 04:52:40 | get rid of prototypes for mplsip_input and mplsip_output. they don't exist. | ||
| f1d9eb97 | 2019-09-30 01:53:04 | remove the "copy function" argument to bpf_mtap_hdr. it was previously (ab)used by pflog, which has since been fixed. apart from that nothing else used it, so we can trim the cruft. ok kn@ claudio@ visa@ visa@ also made sure i fixed ipw(4) so i386 won't break. | ||
| d599800f | 2019-09-02 13:12:09 | Fix a route use after free in multicast route. Move the rt_mcast_del() out of the rtable_walk(). This avoids recursion to prevent stack overflow. Also it allows freeing the route outside of the walk. Now mrt_mcast_del() frees the route only when it is deleted from the routing table. If that fails, it must not be freed. After the route is returned by mfc_find(), it is reference counted. Then we need a rtfree(), but not in the other caes. Move rt_timer_remove_all() into rt_mcast_del(). OK mpi@ | ||
| 8f6d2e8b | 2019-08-06 22:57:54 | When we needed the kernel lock for local IP packet delivery, mpi@ introduced a queue to grab the lock for multiple packets. Now we have only netlock for both IP and protocol input. So the queue is not necessary anymore. It just switches CPU and decreases performance. So remove the inet and inet6 ip queue for local packets. To get TCP running on loopback, we have to queue once between TCP input and output of the two sockets. So use the loopback queue in looutput() unconditionally. OK visa@ | ||
| 367b0a2e | 2019-07-25 13:56:23 | Add IFXF_AUTOCONF4 to if_xflags to match IFXF_AUTOCONF6. Let ifconfig set/unset it. ok deraadt@ kmos@ | ||
| 78cd82e3 | 2019-07-17 16:46:17 | Introduce ETHER_IS_BROADCAST/ANYADDR/EQ() and use them where appropriate. ok dlg@, sthen@, millert@ | ||
| 67365417 | 2019-07-15 12:40:42 | Initialize struct inpcb pool not on demand, but during initialization. Removes a global variable and avoids MP problems. OK mpi@ visa@ | ||
| 0c04e3b6 | 2019-07-12 19:43:51 | Count the number of TCP SACK options that were dropped due to the sack hole list length or pool limit. OK claudio@ | ||
| ed8fdce7 | 2019-07-10 18:45:31 | Received SACK options are managed by a linked list at the TCP socket. There is a global tunable limit net.inet.tcp.sackholelimit, default is 32768. If an attacker manages to attach all these sack holes to a few TCP connections, the lists may grow long. Traversing them might cause higher CPU consumption on the victim machine. In practice such a situation is hard to create as the TCP retransmit and 2*msl timer flush the list periodically. For additional protection, enforce a per connection limit of 128 SACK holes in the list. reported by Reuven Plevinsky and Tal Vainshtein discussed with claudio@ and procter@; OK deraadt@ | ||
| 05aee34c | 2019-07-08 17:49:57 | free(9) sizes for M_RTABLE. ok kn@ | ||
| 8edbca89 | 2019-07-05 01:23:22 | add ac_trunkport to arpcom so trunks can coordinate owning an interface Ethernet interfaces can be used by trunk(4), and i'm about to commit a new aggr(4) driver which should not be able to use an interface while trunk owns it and visa versa. | ||
| cf34c7c3 | 2019-06-21 17:11:42 | Prevent recursions by not deleting entries inside rtable_walk(9). rtable_walk(9) now passes a routing entry back to the caller when a non zero value is returned and if it asked for it. This allows us to call rtdeletemsg()/rtrequest_delete() from the caller without creating a recursion because of rtflushclone(). Multicast code hasn't been adapted and is still possibly creating recursions. However multicast route entries aren't cloned so if a recursion exists it isn't because of rtflushclone(). Fix stack exhaustion triggered by the use of "-msave-args". Issue reported by Dániel Lévai on bugs@ confirmed by and ok bluhm@. | ||
| 4cb08838 | 2019-06-13 08:15:26 | In arp_rtrequest and nd6_rtrequest return early if the RTF_MPLS flag is set. These mpls routes use the rt_llinfo structure to store the MPLS label and would confuse the arp and nd6 code. OK bluhm@ anton@ Reported-by: syzbot+927e93a362f3ae33dd9c@syzkaller.appspotmail.com | ||
| ff10691e | 2019-06-13 08:12:10 | Copy the user provided sockaddr into a normalized sockaddr in rtrequest() before adding it to the routing table. The rtable code is doing memcmp() of those rt_dest sockaddrs so it is important that they are stored in a canonical form. To do this struct domain is extended to include the sockaddr size for this address family. OK bluhm@ anton@ Reported-by: syzbot+10fe9cd8d0211c562ead@syzkaller.appspotmail.com | ||
| 9f78c7ff | 2019-06-10 23:48:21 | use m_microtime instead of microtime for SO_TIMESTAMP socketopt handling drivers can set ph_timestamp when packets are received by the hardware, which should be more accurate and cheaper than getting the clock when the packet is queued on the socket. | ||
| b82d192b | 2019-06-10 16:32:51 | Use mallocarray(9) & put some free(9) sizes for M_IPMOPTS allocations. ok semarie@, visa@ | ||
| a8f2b5c7 | 2019-06-04 16:11:13 | Add missing NULL check for the protocol control block (pcb) pointer in mrt{6,}_ioctl. Calling shutdown(2) on the socket prior to the ioctl command can cause it to be NULL. ok bluhm@ claudio@ Reported-by: syzbot+bdc489ecb509995a21ed@syzkaller.appspotmail.com Reported-by: syzbot+156405fdea9f2ab15d40@syzkaller.appspotmail.com | ||
| beb5f675 | 2019-05-11 17:16:21 | unbreak the build without IPSEC. ok claudio@ deraadt@ | ||
| 96c4247c | 2019-04-28 22:15:57 | Removes the KERNEL_LOCK() from bridge(4)'s output fast-path. This redefines the ifp <-> bridge relationship. No lock can be currently used across the multiples contexts where the bridge has tentacles to protect a pointer, use an interface index. Tested by various, ok dlg@, visa@ | ||
| 26415d92 | 2019-04-23 10:53:45 | a first cut at converting some virtual ethernet interfaces to if_vinput this let's input processing bypass ifiqs. there's a performance benefit from this, and it will let me tweak the backpressure detection mechanism that ifiqs use without impacting on a stack of virtual interfaces. ive tested all of these except mpw, which i will end up testing soon anyway. | ||
| 53d5a470 | 2019-04-22 22:47:49 | In in_cksum() and in6_cksum() convert types to C99 style and make both functions consistent. In in_cksum() panic if len is longer than mbuf, but in in6_cksum() do not panic if off and len match exactly to the end of mbuf. OK claudio@ | ||
| d4718bab | 2019-04-05 14:42:06 | In debug mode print TCP flag names to console correctly. from Mitchell Krome | ||
| 8f960e22 | 2019-02-13 23:47:42 | change rt_ifa_add and rt_ifa_del so they take an rdomain argument. this allows mpls interfaces (mpe, mpw) to pass the rdomain they wish the local label to be in, rather than have it implicitly forced to 0 by these functions. right now they'll pass 0, but it will soon be possible to have them rx packets in other rdomains. previously the functions used ifp->if_rdomain for the rdomain. everything other than mpls still passes ifp->if_rdomain. ok mpi@ | ||
| 62cb75b3 | 2019-02-10 22:32:26 | remove the implict RTF_MPATH flag that rt_ifa_add() sets on new routes. MPLS interfaces (ab)use rt_ifa_add for adding the local MPLS label that they listen on for incoming packets, while every other use of rt_ifa_add is for adding addresses on local interfaces. MPLS does this cos the addresses involved are in basically the same shape as ones used for setting up local addresses. It is appropriate for interfaces to want RTF_MPATH on local addresses, but in the MPLS case it means you can have multiple local things listening on the same label, which doesn't actually work. mpe in particular keeps track of in use labels to it can handle collisions, however, mpw does not. It is currently possible to have multiple mpw interfaces on the same local label, and sharing the same label as mpe or possible normal forwarding labels. Moving the RTF_MPATH flag out of rt_ifa_add means all the callers that still want it need to pass it themselves. The mpe and mpw callers are left alone without the flag, and will now get EEXIST from rt_ifa_add when a label is already in use. ok (and a huge amount of patience and help) mpi@ claudio@ is ok with the idea, but saw a much much earlier solution to the problem | ||
| e0f3d217 | 2019-02-06 17:32:16 | Fix a possible mbuf leak in tcp_usrreq(). Make the error handling more consistent to the other protocols' usrreq functions. OK visa@ claudio@ | ||
| 418b2720 | 2019-02-04 21:40:52 | Avoid an mbuf double free in the oob soreceive() path. In the usrreq functions move the mbuf m_freem() logic to the release block instead of distributing it over the switch statement. Then the goto release in the initial check, whether the pcb still exists, will not free the mbuf for the PRU_RCVD, PRU_RVCOOB, PRU_SENSE command. OK claudio@ mpi@ visa@ Reported-by: syzbot+8e7997d4036ae523c79c@syzkaller.appspotmail.com | ||
| fe07dcc8 | 2019-01-20 23:43:13 | Refresh arp entries that are about to expire. Once their life time is less then 1/8 of net.inet.ip.arptimeout the system will send out a arp request about every 30 seconds until either the entry is updated or expired. Not refreshing arp entries will result in packet drop every time a entry expires which is not ideal for important gateway entries. Came up with this after a discussion with deraadt@. OK benno@ deraadt@ | ||
| 8dfea2b7 | 2019-01-18 20:46:03 | Bring back the ip_pcbopts() refactor. Pad the option buffer and therefor the mbuf to the next word length as it is required by the standard. Also use the correct offset from the input mbuf. OK visa@, input & OK bluhm@ | ||
| 96ffc0c6 | 2019-01-18 02:10:40 | Revert Rev 1.351, the change is not quite right yet. | ||
| dcde5866 | 2019-01-08 01:47:55 | Botched up an if conditional in the last commit. The IP length needs to bigger than the IP header len to be valid. With this I can traceroute again. | ||
| c7d3e42a | 2019-01-07 07:54:25 | Validate the version, and all length fields of IP packets passed to a raw socket with INP_HDRINCL. There is no reason to allow badly constructed packets through our network stack. Especially since they may trigger diagnostic checks further down the stack. Now EINVAL is returned instead which was already used for some checks that happened before. OK florian@ Reported-by: syzbot+0361ed02deed123667cb@syzkaller.appspotmail.com | ||
| 4d255d6a | 2019-01-06 11:05:09 | Rewrite ip_pcbopts() to fill a fresh mbuf with the ip options instead of fiddling with the user supplied mbuf and then copy it at the end. OK visa@ | ||
| 5112d5d9 | 2019-01-03 08:46:40 | Replace a funky 'else switch' construct into something that is equal but a lot easier to read. The if can simply return the error and so the else branch is no longer needed. Input and OK dhill@ | ||
| 16bb085c | 2018-12-25 19:28:25 | rework icmp6_error() to be closer to icmp_error() input & OK mpi@ | ||
| bcb17f64 | 2018-12-20 13:27:54 | Replace a wrong poor mans m_trailingspace() with the real thing. The mbuf passed to ip_pcbopts could be a cluster and so the size check is all wrong. found by Greg Steuck; OK bluhm@ Reported-by: syzbot+c2543ae6b6692a5843e3@syzkaller.appspotmail.com eVS: ---------------------------------------------------------------------- | ||
| 008971d8 | 2018-12-17 09:17:30 | Switch from timeout_add with tvtohz to just timeout_add_tv. Now this change will reduce the sleep time by one tick which doesn't matter in the common case. The code never passes a true 0 timeval to timeout_add_tv so the code will always sleep for at least 1 tick which is good enough. OK kn@, florian@, visa@, cheloha@ | ||
| 32303230 | 2018-12-11 01:27:08 | split ether_output into resolution, encapsulation, and output functions if if_output can be overridden on ethernet interfaces, it will allow things like vlan to do it's packet encapsulation during output before putting the packet directly on the underlying interface for output. this has two benefits. first, it can avoid having ether_output on pseudo interfaces recurse, which makes profiling of the network stack a lot clearer. secondly, and more importantly, it allows pseudo ethernet interface packet encapsulation to by run concurrently by the stack, rather than having packets unnecessarily serialied by an ifq. this diff just splits ether_output up, it doesnt have any interface take advantage of it yet. tweaks and ok claudio@ | ||
| 999be342 | 2018-12-04 12:39:54 | Use m_align() and while there reorder the pkthdr initalisation a bit. This also makes the IPv4 and IPv6 code more similar. OK phessler@ | ||
| 49729d6e | 2018-12-03 10:10:49 | In PRU_DISCONNECT don't fall through into PRU_ABORT since the latter frees the inpcb apart from the disconnect. Just call soisdisconnected() and clear the inp->inp_faddr since the socket is still valid after a disconnect. Problem found by syzkaller via Greg Steuck OK visa@ Fixes: Reported-by: syzbot+2cd350dfe5c96f6469f2@syzkaller.appspotmail.com Reported-by: syzbot+139ac2d7d3d60162334b@syzkaller.appspotmail.com Reported-by: syzbot+02168317bd0156c13b69@syzkaller.appspotmail.com Reported-by: syzbot+de8d2459ecf4cdc576a1@syzkaller.appspotmail.com | ||
| da17b520 | 2018-11-30 09:27:56 | MH_ALIGN -> m_align. In revarprequest() set the ph_rtableid so that the function is doing the same initialisation as arprequest(). OK bluhm@ | ||
| 253ef672 | 2018-11-28 08:15:29 | Further cleanup of icmp_do_error. - Use m_align() since it handles all cases - Use same rounding logic in the size check as in m_align() so all data will filt always. - consolidate pkthdr initalisation into one place - use m_prepend() instead of direct pointer manipulation (including the panic in case an underflow happens). OK bluhm@ | ||
| d29df515 | 2018-11-19 10:15:04 | Retire dom_rtkeylen from struct domain. Nothing is using this anymore. It was used by the original patricia tree. OK mpi@ | ||
| 412c1a0a | 2018-11-14 23:55:04 | provide ip_tos_patch() for setting ip_tos and patching the ipv4 cksum. previously the gif code would patch the tos field and not recalc the cksum, which would cause ip input code to drop the packet due to a cksum failure. the ipip code patched ip_tos and unconditionally recalculated the cksum, making it correct, but also wiping out any errors that may have been present before the recalculation. updating the cksum rather than replacing it lets cksum failures still fire. ip_tos_patch() is provided in the ecn code since it's because of ecn propagation that we need to update the tos field. internally it works like pf_patch_8 and pf_cksum_fixup, but since pf is optional it rolls its own code. procter may fix that in the future... ok claudio@ | ||
| 097c9a81 | 2018-11-10 18:40:34 | Do not translate the EACCES error from pf(4) to EHOSTUNREACH anymore. It also translated a documented send(2) EACCES case erroneously. This was too much magic and always prone to errors. from Jan Klemkow; man page jmc@; OK claudio@ | ||
| b5b7f62e | 2018-11-09 14:14:31 | M_LEADINGSPACE() and M_TRAILINGSPACE() are just wrappers for m_leadingspace() and m_trailingspace(). Convert all callers to call directly the functions and remove the defines. OK krw@, mpi@ | ||
| c18a9976 | 2018-11-09 13:26:12 | Remove the last few XXX rdomain markers. Even those functions respect the rdomain now and are therefor rdomain save. OK mpi@ | ||
| a4abeaa0 | 2018-11-05 21:50:39 | In icmp_input_if() m_pullup up the maximum size of required data at the start. The maximum is ICMP_MINLEN (8) + max IPv4 header size (60) + IPv6 header (40) for the IPv6 over IPv4 transition case. By having up to this amount of data consequtive in an mbuf makes the rest of the code simpler and no more extra m_pullup calls are needed. Only length checks are now required.The maximum size is also big enough for all other ICMP types that don't embed the IP heaader. This ensures that all data has been m_pullup-ed before calling the ctlinput function which can look that deep into the header. OK bluhm@ markus@ | ||
| e0f05071 | 2018-11-05 20:52:22 | Consider the size of IP header when doing the ICMP length overflow check. This code was never reached as ICMP length was truncated before, but fix the wrong calculation anyway. OK claudio@ | ||
| a85795af | 2018-11-05 10:06:10 | Fixup the case where an mbuf cluster is used. Correctly offset the data to the end of the cluster (there is no M_ALIGN version for clusters so it is hard coded). Also make the sanity check more general by using m_leadingspace. Not a security issue since the cluster code is not reachable, there is enough space in an mbuf. OK bluhm@ | ||
| 2fbbe403 | 2018-11-04 19:36:25 | The change of the sb_mbmax calculation in sbreserve() broke setting a fixed socket send buffer size for TCP. tcp_update_sndspace() could overwrite the value as the algorithms were not in sync. OK benno@ claudio@ | ||
| c138a5a5 | 2018-10-22 15:32:19 | ipsec: use monotonic clock for SA creation/lookup timestamps; ok dlg@ | ||
| 56616aef | 2018-10-18 15:46:28 | Partial revert of previous. Only the queue(3) stuff should have gone in. | ||
| fd2bed47 | 2018-10-18 15:23:04 | igmp, struct router_info: use queue(3) In particular, use LIST_* to preserve O(n) removal in rti_delete(). While here, clean up two malloc(9) calls. Suggested by mpi@. ok visa@ | ||
| 346625e3 | 2018-10-13 18:36:01 | Expose net.inet.ip.arpq.drops to help debug what's going on when a lot of packets are being dropped but non of the other counters are increasing. From Daniel Hokka Zakrisson (daniel AT hozac DOT com), thanks! OK florian, phessler | ||
| 52b89152 | 2018-10-10 11:46:59 | RT_TABLEID_MAX is 255, fix places that assumed that it is less than 255. rtable 255 is a valid routing table or domain id that wasn't handled by the ip[6]_mroute code or by snmpd. The arrays in the ip[6]_mroute code where off by one and didn't allocate space for rtable 255; snmpd simply ignored rtable 255. All other places in the tree seem to handle RT_TABLEID_MAX correctly. OK florian@ benno@ henning@ deraadt@ | ||
| 30226613 | 2018-10-04 17:33:40 | Revert the inpcb table mutex commit. It triggers a witness panic in raw IP delivery and UDP broadcast loops. There inpcbtable_mtx is held and sorwakeup() is called within the loop. As sowakeup() grabs the kernel lock, we have a lock ordering problem. found by Hrvoje Popovski; OK deraadt@ mpi@ | ||
| 6bf002b1 | 2018-09-24 12:25:52 | Turn carp_ourether() mp-safe, this is a requirement for taking bridge(4) out of the KERNEL_LOCK(). ok visa@, bluhm@ | ||
| 8a7b43ff | 2018-09-20 18:59:10 | As a step towards per inpcb or socket locks, remove the net lock for netstat -a. Introduce a global mutex that protects the tables and hashes for the internet PCBs. To detect detached PCB, set its inp_socket field to NULL. This has to be protected by a per PCB mutex. The protocol pointer has to be protected by the mutex as netstat uses it. Always take the kernel lock in in_pcbnotifyall() and in6_pcbnotify() before the table mutex to avoid lock ordering problems in the notify functions. OK visa@ | ||
| af446eb3 | 2018-09-17 14:07:48 | Do not acknowledge a received ack-only tcp packet that we would drop due to PAWS. Otherwise we could trigger a retransmit of the opposite party with another wrong timestamp and produce loop. I have seen this with a buggy server which messed up tcp timestamps. Suggested by Prof. Jacobson for FreeBSD. ok krw, bluhm, henning, mpi | ||
| 9c5f84c7 | 2018-09-14 23:40:10 | Initialize the TDB to NULL in ipsec_common_input() and ipsec_{input,output}_cb() so that in the case of sending or receiving a bogus mbuf (NULL) we don't end up trying to dereference the TDB, while being an uninitialized pointer, to increase the drops. Coverity IDs 1473312, 1473313 and 1473317. OK mpi@ visa@ | ||
| 1d4d3d77 | 2018-09-14 12:55:17 | In general it is a bad idea to use one random secret for two things. The inet PCB uses one hash with local and foreign addresses, and one with local port numbers. Give both hashes separate keys. Also document the struct fields. OK visa@ | ||
| 518a1a65 | 2018-09-14 07:25:02 | unbreak userland uses of in_pcb.h by including sys/refcnt.h ok visa@ | ||
| 0e560947 | 2018-09-13 19:53:58 | Add reference counting for inet pcb, this will be needed when we start locking the socket. An inp can be referenced by the PCB queue and hashes, by a pf mbuf header, or by a pf state key. OK visa@ | ||
| 4b5fa55e | 2018-09-13 12:29:43 | Include the size of IPCOMP header when checking for compression. Problem found and anaylyzed by Romain Gabet, ok markus@ | ||
| 7017ab2c | 2018-09-11 21:04:03 | Convert inetctlerrmap to u_char like inet6ctlerrmap. That is also what FreeBSD does. Remove old #if 0 version of inet6ctlerrmap. OK mpi@ | ||
| 531c7ccd | 2018-09-11 14:34:49 | Make the distribution of in_ and in6_ functions in in_pcb.c and in6_pcb.c consistent, to ease comparing the code. Move all inet6 functions to in6_. Bring functions in both source files in same order. Cleanup the include section. Now in_pcb.c is a superset of in6_pcb.c. The latter contains all the special implementations. Just moving arround, no code change intended. OK mpi@ | ||
| b4ed758a | 2018-09-10 22:21:39 | Remove useless INPCBHASH() macros. Just expand them. OK stsp@ | ||
| f02cb2e8 | 2018-09-10 16:14:07 | Instead of calculating the mbuf packet header length here and there, put the algorithm into a new function m_calchdrlen(). Also set an uninitialized m_len to 0 in NFS code. OK claudio@ | ||
| c1746f11 | 2018-09-10 12:47:02 | During fragment reassembly, mbuf chains with packet headers were created. Add a new function m_removehdr() do convert packet header mbufs within the chain to regular mbufs. Assert that the mbuf at the beginning of the chain has a packet header. found by Maxime Villard in NetBSD; from markus@; OK claudio@ | ||
| 1da83368 | 2018-09-07 10:55:35 | Explain the special case for redirect to localhost in a comment. input and OK claudio@ | ||
| 41ea91ae | 2018-09-06 03:42:21 | sync icmp_mtudisc_clone() with icmp6_mtudisc_clone(); prompted by bluhm@ | ||
| 2edaa7ba | 2018-08-28 15:15:02 | Add per-TDB counters and a new SADB extension to export them to userland. Inputs from markus@, ok sthen@ | ||
| 89776af2 | 2018-07-23 21:14:00 | Coverity CID 1470233 complainst that the m != NULL check in syn_cache_get() is not neccessary. Also make the abort label consistent to resetandabort and free the mbuf there. OK mpi@ | ||
| 1e2c197e | 2018-07-16 07:49:31 | Fix for uninitialized variables. Found by and ok jsg@, ok markus@ |