IABSD.fr/src/sys/netinet

Branch :


Log

Author Commit Date CI Message
b51defdf 2020-03-06 10:40:13 Fix uninitialized use of variable 'len'. ok bluhm@
b4f292f9 2020-01-26 09:39:36 add define for IPTOS_DSCP_LE; "low effort" DSCP codepoint standardised in RFC8622; ok job@
fd4abc02 2019-12-23 22:33:57 rdr-to with loopback destination should work even though IP forwarding is disabled. Issue reported by Daniel Jakots (danj@) OK bluhm@
a07febcb 2019-12-10 17:58:54 Make bundled IPcomp/ESP policies work with IPSEC_LEVEL_REQUIRE. We only install flows for IPcomp. When processing an incoming ESP SA, look for a bundled IPcomp SA and use that in the policy check. ok bluhm@
59e813f9 2019-12-09 06:48:52 always pull in if_types.h, to unbreak ramdisks
144d7e8e 2019-12-08 11:08:22 Make sure packet destination address matches interface address, where such packet is bound to. This check is enforced if and only IP forwarding is disabled. Change discussed with bluhm@, claudio@, deraadt@, markus@, tobhe@ OK bluhm@, claudio@, tobhe@
08ae2611 2019-12-06 14:43:14 Checking the IPsec policy is expensive. Check only when IPsec is used. ok bluhm@
baa28055 2019-12-01 21:12:42 Don't require a valid sa_len for a bunch of IPv4 "get" ioctls Same fix as for the IPv6 case. Fixes a regression in ports/net/openvpn spotted by landry@, ok bluhm@
56d9df26 2019-11-29 22:06:19 Change the default security level for incoming IPsec flows from isakmpd and iked to REQUIRE. Filter policy violations earlier. ok sashan@ bluhm@
8718e781 2019-11-28 00:50:41 Although ifconfig(8) checks it already, enforce contiguous inet netmask in the kernel. OK visa@
492c1b75 2019-11-13 17:36:02 Add DoT 853 to DEFBADDYNAMICPORTS_TCP. This port will be increasingly unfiltered in the future, so this prevents rresvport_af(3) from randomly exposing a service intended for local visibility only. ok florian
32906ae9 2019-11-11 21:17:21 Prevent underflows in tp->snd_wnd if the remote side ACKs more than tp->snd_wnd. This can happen, for example, when the remote side responds to a window probe by ACKing the one byte it contains. from FreeBSD; via markus@; OK sashan@ tobhe@
8a584077 2019-11-08 07:51:41 void being too clever about setting/clearing ifpromisc on the parent. ifpromisc() already refcounts, so carp doesn't have to do it implicitly with the carpdev list. there's no functional change, the code just gets a bit simpler.
f22742ab 2019-11-08 07:16:29 convert interface address change hooks to tasks and a task_list. this follows what's been done for detach and link state hooks, and makes handling of hooks generally more robust. address hooks are a bit different to detach/link state hooks in that there's only a few things that register hooks (carp, pf, vxlan), but a lot of places to run the hooks (lots of ipv4 and ipv6 address configuration). an address hook cookie was in struct pfi_kif, which is part of the pf abi. rather than break pfctl -sI, this maintains the void * used for the cookie and uses it to store a task, which is then used as intended with the new api.
b36fd3da 2019-11-07 13:25:44 Do propper kernel input validation for in_control() ioctl(2) SIOCGIFADDR, SIOCGIFNETMASK, SIOCGIFDSTADDR, SIOCGIFBRDADDR, SIOCSIFADDR, SIOCSIFNETMASK, SIOCSIFDSTADDR, and SIOCSIFBRDADDR. Name in_ioctl_set_ifaddr() consistently. Use in_sa2sin() to validate inet address. Combine if_addrlist loops and add comment. Although netmask is not a inet address, length must be valid. Reported-by: syzbot+5fc6da002fc4e8d994be@syzkaller.appspotmail.com OK visa@
b5675ff3 2019-11-07 11:23:23 Avoid NULL dereference in arpinvalidate() and nd6_invalidate() by making RTM_INVALIDATE code path perform same check as RTM_DELETE does. ok mpi@
4f5e51a4 2019-11-07 07:36:31 turn the linkstate hooks into a task list, like the detach hooks. this is largely mechanical, except for carp. this moves the addition of the carp link state hook after we're committed to using the new interface as a carpdev. because the add can't fail, we avoid a complicated unwind dance. also, this tweaks the carp linkstate hook so it only updates the relevant carp interface, not all of the carpdevs on the parent. hrvoje popovski has tested an early version of this diff and it's generally ok, but there's some splasserts that this diff fires that i'll fix in an upcoming diff. ok claudio@
3fe9d1bd 2019-11-06 03:51:26 replace the hooks used with if_detachhooks with a task list. the main semantic change is that things registering detach hooks have to allocate and set a task structure that then gets added to the list. this means if the task is allocated up front (eg, as part of carps softc or bridges port structure), it avoids the possibility that adding a hook can fail. a lot of drivers weren't checking for failure, and unwinding state in the event of failure in other parts was error prone. while doing this i discovered that the list operations have to be in a particular order, but drivers weren't doing that consistently either. this diff wraps the list ops up so you have to seriously go out of your way to screw them up. ive also sprinkled some NET_ASSERT_LOCKED around the list operations so we can make sure there's no potential for the list to be corrupted, especially while it's being run. hrvoje popovski has tested this a bit, and some issues he discovered have been fixed. ok sashan@
5d9904c1 2019-11-04 23:52:27 remove mobileip(4) noone seems to use it, and we should not encourage people to use it by having it available. it's been disabled for most of the last release and noones asked for it in 6.6, so i'm taking that as an ok for this removal.
cf6a5eb2 2019-10-25 01:46:02 make whitespace in the IPPROTO defines consistent. no functional change.
b9442e90 2019-10-25 01:44:02 +#define IPPROTO_UDPLITE 136, as per RFC 3828 and the IANA allocation please don't interpret this as an intention on my part to implement UDP-Lite.
71713a9b 2019-10-23 19:58:32 Kernel is missing propper input validation when configuring addresses. Fix the SIOCAIFADDR and SIOCDIFADDR ioctl(2) by implementing in_sa2sin() to validate inet address family and address length. OK visa@
018bdca7 2019-10-17 00:51:28 in6_setsockaddr and in6_setpeeraddr can't fail, so let them return void. this also brings them in line with the AF_INET equivalents. ok visa@ bluhm@
bb293f58 2019-10-16 10:22:01 tsleep(9) -> tsleep_nsec(9) ok cheloha@, visa@
81d7692a 2019-10-07 11:51:19 ip_ether.c is empty, and now unlinked from the build. ok jca@ deraadt@ claudio@ visa@
a3a66860 2019-10-04 05:00:49 gif shouldn't include netinet/ip_ether.h, cos gif doesnt do etherip. ip_ether.h is where netinet/ip_ipip.h got the forward declaration for struct tdb from though, so fix that before cutting ip_ether.h out of gif.
ca2436c0 2019-10-04 04:52:40 get rid of prototypes for mplsip_input and mplsip_output. they don't exist.
f1d9eb97 2019-09-30 01:53:04 remove the "copy function" argument to bpf_mtap_hdr. it was previously (ab)used by pflog, which has since been fixed. apart from that nothing else used it, so we can trim the cruft. ok kn@ claudio@ visa@ visa@ also made sure i fixed ipw(4) so i386 won't break.
d599800f 2019-09-02 13:12:09 Fix a route use after free in multicast route. Move the rt_mcast_del() out of the rtable_walk(). This avoids recursion to prevent stack overflow. Also it allows freeing the route outside of the walk. Now mrt_mcast_del() frees the route only when it is deleted from the routing table. If that fails, it must not be freed. After the route is returned by mfc_find(), it is reference counted. Then we need a rtfree(), but not in the other caes. Move rt_timer_remove_all() into rt_mcast_del(). OK mpi@
8f6d2e8b 2019-08-06 22:57:54 When we needed the kernel lock for local IP packet delivery, mpi@ introduced a queue to grab the lock for multiple packets. Now we have only netlock for both IP and protocol input. So the queue is not necessary anymore. It just switches CPU and decreases performance. So remove the inet and inet6 ip queue for local packets. To get TCP running on loopback, we have to queue once between TCP input and output of the two sockets. So use the loopback queue in looutput() unconditionally. OK visa@
367b0a2e 2019-07-25 13:56:23 Add IFXF_AUTOCONF4 to if_xflags to match IFXF_AUTOCONF6. Let ifconfig set/unset it. ok deraadt@ kmos@
78cd82e3 2019-07-17 16:46:17 Introduce ETHER_IS_BROADCAST/ANYADDR/EQ() and use them where appropriate. ok dlg@, sthen@, millert@
67365417 2019-07-15 12:40:42 Initialize struct inpcb pool not on demand, but during initialization. Removes a global variable and avoids MP problems. OK mpi@ visa@
0c04e3b6 2019-07-12 19:43:51 Count the number of TCP SACK options that were dropped due to the sack hole list length or pool limit. OK claudio@
ed8fdce7 2019-07-10 18:45:31 Received SACK options are managed by a linked list at the TCP socket. There is a global tunable limit net.inet.tcp.sackholelimit, default is 32768. If an attacker manages to attach all these sack holes to a few TCP connections, the lists may grow long. Traversing them might cause higher CPU consumption on the victim machine. In practice such a situation is hard to create as the TCP retransmit and 2*msl timer flush the list periodically. For additional protection, enforce a per connection limit of 128 SACK holes in the list. reported by Reuven Plevinsky and Tal Vainshtein discussed with claudio@ and procter@; OK deraadt@
05aee34c 2019-07-08 17:49:57 free(9) sizes for M_RTABLE. ok kn@
8edbca89 2019-07-05 01:23:22 add ac_trunkport to arpcom so trunks can coordinate owning an interface Ethernet interfaces can be used by trunk(4), and i'm about to commit a new aggr(4) driver which should not be able to use an interface while trunk owns it and visa versa.
cf34c7c3 2019-06-21 17:11:42 Prevent recursions by not deleting entries inside rtable_walk(9). rtable_walk(9) now passes a routing entry back to the caller when a non zero value is returned and if it asked for it. This allows us to call rtdeletemsg()/rtrequest_delete() from the caller without creating a recursion because of rtflushclone(). Multicast code hasn't been adapted and is still possibly creating recursions. However multicast route entries aren't cloned so if a recursion exists it isn't because of rtflushclone(). Fix stack exhaustion triggered by the use of "-msave-args". Issue reported by Dániel Lévai on bugs@ confirmed by and ok bluhm@.
4cb08838 2019-06-13 08:15:26 In arp_rtrequest and nd6_rtrequest return early if the RTF_MPLS flag is set. These mpls routes use the rt_llinfo structure to store the MPLS label and would confuse the arp and nd6 code. OK bluhm@ anton@ Reported-by: syzbot+927e93a362f3ae33dd9c@syzkaller.appspotmail.com
ff10691e 2019-06-13 08:12:10 Copy the user provided sockaddr into a normalized sockaddr in rtrequest() before adding it to the routing table. The rtable code is doing memcmp() of those rt_dest sockaddrs so it is important that they are stored in a canonical form. To do this struct domain is extended to include the sockaddr size for this address family. OK bluhm@ anton@ Reported-by: syzbot+10fe9cd8d0211c562ead@syzkaller.appspotmail.com
9f78c7ff 2019-06-10 23:48:21 use m_microtime instead of microtime for SO_TIMESTAMP socketopt handling drivers can set ph_timestamp when packets are received by the hardware, which should be more accurate and cheaper than getting the clock when the packet is queued on the socket.
b82d192b 2019-06-10 16:32:51 Use mallocarray(9) & put some free(9) sizes for M_IPMOPTS allocations. ok semarie@, visa@
a8f2b5c7 2019-06-04 16:11:13 Add missing NULL check for the protocol control block (pcb) pointer in mrt{6,}_ioctl. Calling shutdown(2) on the socket prior to the ioctl command can cause it to be NULL. ok bluhm@ claudio@ Reported-by: syzbot+bdc489ecb509995a21ed@syzkaller.appspotmail.com Reported-by: syzbot+156405fdea9f2ab15d40@syzkaller.appspotmail.com
beb5f675 2019-05-11 17:16:21 unbreak the build without IPSEC. ok claudio@ deraadt@
96c4247c 2019-04-28 22:15:57 Removes the KERNEL_LOCK() from bridge(4)'s output fast-path. This redefines the ifp <-> bridge relationship. No lock can be currently used across the multiples contexts where the bridge has tentacles to protect a pointer, use an interface index. Tested by various, ok dlg@, visa@
26415d92 2019-04-23 10:53:45 a first cut at converting some virtual ethernet interfaces to if_vinput this let's input processing bypass ifiqs. there's a performance benefit from this, and it will let me tweak the backpressure detection mechanism that ifiqs use without impacting on a stack of virtual interfaces. ive tested all of these except mpw, which i will end up testing soon anyway.
53d5a470 2019-04-22 22:47:49 In in_cksum() and in6_cksum() convert types to C99 style and make both functions consistent. In in_cksum() panic if len is longer than mbuf, but in in6_cksum() do not panic if off and len match exactly to the end of mbuf. OK claudio@
d4718bab 2019-04-05 14:42:06 In debug mode print TCP flag names to console correctly. from Mitchell Krome
8f960e22 2019-02-13 23:47:42 change rt_ifa_add and rt_ifa_del so they take an rdomain argument. this allows mpls interfaces (mpe, mpw) to pass the rdomain they wish the local label to be in, rather than have it implicitly forced to 0 by these functions. right now they'll pass 0, but it will soon be possible to have them rx packets in other rdomains. previously the functions used ifp->if_rdomain for the rdomain. everything other than mpls still passes ifp->if_rdomain. ok mpi@
62cb75b3 2019-02-10 22:32:26 remove the implict RTF_MPATH flag that rt_ifa_add() sets on new routes. MPLS interfaces (ab)use rt_ifa_add for adding the local MPLS label that they listen on for incoming packets, while every other use of rt_ifa_add is for adding addresses on local interfaces. MPLS does this cos the addresses involved are in basically the same shape as ones used for setting up local addresses. It is appropriate for interfaces to want RTF_MPATH on local addresses, but in the MPLS case it means you can have multiple local things listening on the same label, which doesn't actually work. mpe in particular keeps track of in use labels to it can handle collisions, however, mpw does not. It is currently possible to have multiple mpw interfaces on the same local label, and sharing the same label as mpe or possible normal forwarding labels. Moving the RTF_MPATH flag out of rt_ifa_add means all the callers that still want it need to pass it themselves. The mpe and mpw callers are left alone without the flag, and will now get EEXIST from rt_ifa_add when a label is already in use. ok (and a huge amount of patience and help) mpi@ claudio@ is ok with the idea, but saw a much much earlier solution to the problem
e0f3d217 2019-02-06 17:32:16 Fix a possible mbuf leak in tcp_usrreq(). Make the error handling more consistent to the other protocols' usrreq functions. OK visa@ claudio@
418b2720 2019-02-04 21:40:52 Avoid an mbuf double free in the oob soreceive() path. In the usrreq functions move the mbuf m_freem() logic to the release block instead of distributing it over the switch statement. Then the goto release in the initial check, whether the pcb still exists, will not free the mbuf for the PRU_RCVD, PRU_RVCOOB, PRU_SENSE command. OK claudio@ mpi@ visa@ Reported-by: syzbot+8e7997d4036ae523c79c@syzkaller.appspotmail.com
fe07dcc8 2019-01-20 23:43:13 Refresh arp entries that are about to expire. Once their life time is less then 1/8 of net.inet.ip.arptimeout the system will send out a arp request about every 30 seconds until either the entry is updated or expired. Not refreshing arp entries will result in packet drop every time a entry expires which is not ideal for important gateway entries. Came up with this after a discussion with deraadt@. OK benno@ deraadt@
8dfea2b7 2019-01-18 20:46:03 Bring back the ip_pcbopts() refactor. Pad the option buffer and therefor the mbuf to the next word length as it is required by the standard. Also use the correct offset from the input mbuf. OK visa@, input & OK bluhm@
96ffc0c6 2019-01-18 02:10:40 Revert Rev 1.351, the change is not quite right yet.
dcde5866 2019-01-08 01:47:55 Botched up an if conditional in the last commit. The IP length needs to bigger than the IP header len to be valid. With this I can traceroute again.
c7d3e42a 2019-01-07 07:54:25 Validate the version, and all length fields of IP packets passed to a raw socket with INP_HDRINCL. There is no reason to allow badly constructed packets through our network stack. Especially since they may trigger diagnostic checks further down the stack. Now EINVAL is returned instead which was already used for some checks that happened before. OK florian@ Reported-by: syzbot+0361ed02deed123667cb@syzkaller.appspotmail.com
4d255d6a 2019-01-06 11:05:09 Rewrite ip_pcbopts() to fill a fresh mbuf with the ip options instead of fiddling with the user supplied mbuf and then copy it at the end. OK visa@
5112d5d9 2019-01-03 08:46:40 Replace a funky 'else switch' construct into something that is equal but a lot easier to read. The if can simply return the error and so the else branch is no longer needed. Input and OK dhill@
16bb085c 2018-12-25 19:28:25 rework icmp6_error() to be closer to icmp_error() input & OK mpi@
bcb17f64 2018-12-20 13:27:54 Replace a wrong poor mans m_trailingspace() with the real thing. The mbuf passed to ip_pcbopts could be a cluster and so the size check is all wrong. found by Greg Steuck; OK bluhm@ Reported-by: syzbot+c2543ae6b6692a5843e3@syzkaller.appspotmail.com eVS: ----------------------------------------------------------------------
008971d8 2018-12-17 09:17:30 Switch from timeout_add with tvtohz to just timeout_add_tv. Now this change will reduce the sleep time by one tick which doesn't matter in the common case. The code never passes a true 0 timeval to timeout_add_tv so the code will always sleep for at least 1 tick which is good enough. OK kn@, florian@, visa@, cheloha@
32303230 2018-12-11 01:27:08 split ether_output into resolution, encapsulation, and output functions if if_output can be overridden on ethernet interfaces, it will allow things like vlan to do it's packet encapsulation during output before putting the packet directly on the underlying interface for output. this has two benefits. first, it can avoid having ether_output on pseudo interfaces recurse, which makes profiling of the network stack a lot clearer. secondly, and more importantly, it allows pseudo ethernet interface packet encapsulation to by run concurrently by the stack, rather than having packets unnecessarily serialied by an ifq. this diff just splits ether_output up, it doesnt have any interface take advantage of it yet. tweaks and ok claudio@
999be342 2018-12-04 12:39:54 Use m_align() and while there reorder the pkthdr initalisation a bit. This also makes the IPv4 and IPv6 code more similar. OK phessler@
49729d6e 2018-12-03 10:10:49 In PRU_DISCONNECT don't fall through into PRU_ABORT since the latter frees the inpcb apart from the disconnect. Just call soisdisconnected() and clear the inp->inp_faddr since the socket is still valid after a disconnect. Problem found by syzkaller via Greg Steuck OK visa@ Fixes: Reported-by: syzbot+2cd350dfe5c96f6469f2@syzkaller.appspotmail.com Reported-by: syzbot+139ac2d7d3d60162334b@syzkaller.appspotmail.com Reported-by: syzbot+02168317bd0156c13b69@syzkaller.appspotmail.com Reported-by: syzbot+de8d2459ecf4cdc576a1@syzkaller.appspotmail.com
da17b520 2018-11-30 09:27:56 MH_ALIGN -> m_align. In revarprequest() set the ph_rtableid so that the function is doing the same initialisation as arprequest(). OK bluhm@
253ef672 2018-11-28 08:15:29 Further cleanup of icmp_do_error. - Use m_align() since it handles all cases - Use same rounding logic in the size check as in m_align() so all data will filt always. - consolidate pkthdr initalisation into one place - use m_prepend() instead of direct pointer manipulation (including the panic in case an underflow happens). OK bluhm@
d29df515 2018-11-19 10:15:04 Retire dom_rtkeylen from struct domain. Nothing is using this anymore. It was used by the original patricia tree. OK mpi@
412c1a0a 2018-11-14 23:55:04 provide ip_tos_patch() for setting ip_tos and patching the ipv4 cksum. previously the gif code would patch the tos field and not recalc the cksum, which would cause ip input code to drop the packet due to a cksum failure. the ipip code patched ip_tos and unconditionally recalculated the cksum, making it correct, but also wiping out any errors that may have been present before the recalculation. updating the cksum rather than replacing it lets cksum failures still fire. ip_tos_patch() is provided in the ecn code since it's because of ecn propagation that we need to update the tos field. internally it works like pf_patch_8 and pf_cksum_fixup, but since pf is optional it rolls its own code. procter may fix that in the future... ok claudio@
097c9a81 2018-11-10 18:40:34 Do not translate the EACCES error from pf(4) to EHOSTUNREACH anymore. It also translated a documented send(2) EACCES case erroneously. This was too much magic and always prone to errors. from Jan Klemkow; man page jmc@; OK claudio@
b5b7f62e 2018-11-09 14:14:31 M_LEADINGSPACE() and M_TRAILINGSPACE() are just wrappers for m_leadingspace() and m_trailingspace(). Convert all callers to call directly the functions and remove the defines. OK krw@, mpi@
c18a9976 2018-11-09 13:26:12 Remove the last few XXX rdomain markers. Even those functions respect the rdomain now and are therefor rdomain save. OK mpi@
a4abeaa0 2018-11-05 21:50:39 In icmp_input_if() m_pullup up the maximum size of required data at the start. The maximum is ICMP_MINLEN (8) + max IPv4 header size (60) + IPv6 header (40) for the IPv6 over IPv4 transition case. By having up to this amount of data consequtive in an mbuf makes the rest of the code simpler and no more extra m_pullup calls are needed. Only length checks are now required.The maximum size is also big enough for all other ICMP types that don't embed the IP heaader. This ensures that all data has been m_pullup-ed before calling the ctlinput function which can look that deep into the header. OK bluhm@ markus@
e0f05071 2018-11-05 20:52:22 Consider the size of IP header when doing the ICMP length overflow check. This code was never reached as ICMP length was truncated before, but fix the wrong calculation anyway. OK claudio@
a85795af 2018-11-05 10:06:10 Fixup the case where an mbuf cluster is used. Correctly offset the data to the end of the cluster (there is no M_ALIGN version for clusters so it is hard coded). Also make the sanity check more general by using m_leadingspace. Not a security issue since the cluster code is not reachable, there is enough space in an mbuf. OK bluhm@
2fbbe403 2018-11-04 19:36:25 The change of the sb_mbmax calculation in sbreserve() broke setting a fixed socket send buffer size for TCP. tcp_update_sndspace() could overwrite the value as the algorithms were not in sync. OK benno@ claudio@
c138a5a5 2018-10-22 15:32:19 ipsec: use monotonic clock for SA creation/lookup timestamps; ok dlg@
56616aef 2018-10-18 15:46:28 Partial revert of previous. Only the queue(3) stuff should have gone in.
fd2bed47 2018-10-18 15:23:04 igmp, struct router_info: use queue(3) In particular, use LIST_* to preserve O(n) removal in rti_delete(). While here, clean up two malloc(9) calls. Suggested by mpi@. ok visa@
346625e3 2018-10-13 18:36:01 Expose net.inet.ip.arpq.drops to help debug what's going on when a lot of packets are being dropped but non of the other counters are increasing. From Daniel Hokka Zakrisson (daniel AT hozac DOT com), thanks! OK florian, phessler
52b89152 2018-10-10 11:46:59 RT_TABLEID_MAX is 255, fix places that assumed that it is less than 255. rtable 255 is a valid routing table or domain id that wasn't handled by the ip[6]_mroute code or by snmpd. The arrays in the ip[6]_mroute code where off by one and didn't allocate space for rtable 255; snmpd simply ignored rtable 255. All other places in the tree seem to handle RT_TABLEID_MAX correctly. OK florian@ benno@ henning@ deraadt@
30226613 2018-10-04 17:33:40 Revert the inpcb table mutex commit. It triggers a witness panic in raw IP delivery and UDP broadcast loops. There inpcbtable_mtx is held and sorwakeup() is called within the loop. As sowakeup() grabs the kernel lock, we have a lock ordering problem. found by Hrvoje Popovski; OK deraadt@ mpi@
6bf002b1 2018-09-24 12:25:52 Turn carp_ourether() mp-safe, this is a requirement for taking bridge(4) out of the KERNEL_LOCK(). ok visa@, bluhm@
8a7b43ff 2018-09-20 18:59:10 As a step towards per inpcb or socket locks, remove the net lock for netstat -a. Introduce a global mutex that protects the tables and hashes for the internet PCBs. To detect detached PCB, set its inp_socket field to NULL. This has to be protected by a per PCB mutex. The protocol pointer has to be protected by the mutex as netstat uses it. Always take the kernel lock in in_pcbnotifyall() and in6_pcbnotify() before the table mutex to avoid lock ordering problems in the notify functions. OK visa@
af446eb3 2018-09-17 14:07:48 Do not acknowledge a received ack-only tcp packet that we would drop due to PAWS. Otherwise we could trigger a retransmit of the opposite party with another wrong timestamp and produce loop. I have seen this with a buggy server which messed up tcp timestamps. Suggested by Prof. Jacobson for FreeBSD. ok krw, bluhm, henning, mpi
9c5f84c7 2018-09-14 23:40:10 Initialize the TDB to NULL in ipsec_common_input() and ipsec_{input,output}_cb() so that in the case of sending or receiving a bogus mbuf (NULL) we don't end up trying to dereference the TDB, while being an uninitialized pointer, to increase the drops. Coverity IDs 1473312, 1473313 and 1473317. OK mpi@ visa@
1d4d3d77 2018-09-14 12:55:17 In general it is a bad idea to use one random secret for two things. The inet PCB uses one hash with local and foreign addresses, and one with local port numbers. Give both hashes separate keys. Also document the struct fields. OK visa@
518a1a65 2018-09-14 07:25:02 unbreak userland uses of in_pcb.h by including sys/refcnt.h ok visa@
0e560947 2018-09-13 19:53:58 Add reference counting for inet pcb, this will be needed when we start locking the socket. An inp can be referenced by the PCB queue and hashes, by a pf mbuf header, or by a pf state key. OK visa@
4b5fa55e 2018-09-13 12:29:43 Include the size of IPCOMP header when checking for compression. Problem found and anaylyzed by Romain Gabet, ok markus@
7017ab2c 2018-09-11 21:04:03 Convert inetctlerrmap to u_char like inet6ctlerrmap. That is also what FreeBSD does. Remove old #if 0 version of inet6ctlerrmap. OK mpi@
531c7ccd 2018-09-11 14:34:49 Make the distribution of in_ and in6_ functions in in_pcb.c and in6_pcb.c consistent, to ease comparing the code. Move all inet6 functions to in6_. Bring functions in both source files in same order. Cleanup the include section. Now in_pcb.c is a superset of in6_pcb.c. The latter contains all the special implementations. Just moving arround, no code change intended. OK mpi@
b4ed758a 2018-09-10 22:21:39 Remove useless INPCBHASH() macros. Just expand them. OK stsp@
f02cb2e8 2018-09-10 16:14:07 Instead of calculating the mbuf packet header length here and there, put the algorithm into a new function m_calchdrlen(). Also set an uninitialized m_len to 0 in NFS code. OK claudio@
c1746f11 2018-09-10 12:47:02 During fragment reassembly, mbuf chains with packet headers were created. Add a new function m_removehdr() do convert packet header mbufs within the chain to regular mbufs. Assert that the mbuf at the beginning of the chain has a packet header. found by Maxime Villard in NetBSD; from markus@; OK claudio@
1da83368 2018-09-07 10:55:35 Explain the special case for redirect to localhost in a comment. input and OK claudio@
41ea91ae 2018-09-06 03:42:21 sync icmp_mtudisc_clone() with icmp6_mtudisc_clone(); prompted by bluhm@
2edaa7ba 2018-08-28 15:15:02 Add per-TDB counters and a new SADB extension to export them to userland. Inputs from markus@, ok sthen@
89776af2 2018-07-23 21:14:00 Coverity CID 1470233 complainst that the m != NULL check in syn_cache_get() is not neccessary. Also make the abort label consistent to resetandabort and free the mbuf there. OK mpi@
1e2c197e 2018-07-16 07:49:31 Fix for uninitialized variables. Found by and ok jsg@, ok markus@