Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| 0a52e75e | 2023-01-24 20:06:16 | Refactor nd6_options() a bit more. Rewrite the loop to be a proper loop and not some endless loop with some gotos. OK kn@ | ||
| 4b9bfff3 | 2023-01-22 12:05:44 | Move SS_CANTRCVMORE and SS_RCVATMARK bits from `so_state' to `sb_state' of receive buffer. As it was done for SS_CANTSENDMORE bit, the definition kept as is, but now these bits belongs to the `sb_state' of receive buffer. `sb_state' ored with `so_state' when socket data exporting to the userland. ok bluhm@ | ||
| f704dce3 | 2023-01-06 14:35:34 | Clean up struct nd_opts, use nd6_options() function local variables nd_opts_search is really the next option, so call it next_opt. nd_opts_done == 1 means next_opt == NULL, i.e. no more option to handle, so zap the former and use the latter to stop. Finally drop the useless struct members, all under _KERNEL. OK claudio | ||
| 40a2ab36 | 2023-01-06 14:32:55 | Inline nd6_option() helper, remove indirections Move the function body into the while loop, merge identical variables, pull the `invalid' label out of the loop and straighten `skip' into the `skip1' label. Merging nd6_option() into nd6_options() is now much clearer after the previous clean up. nd_opts_{search,last,done} are now clearly "private" to n6_options() and can be cleaned up from struct nd_opts next. OK claudio | ||
| 4afaba8b | 2023-01-06 14:29:47 | Clarify nd6_option() return semantics nd_opts_last is set only once in nd6_options() during struct init and guaranteed non-NULL as it is set to the function's argument *opt which is passed in as (struct_ptr + 1) in both callers. nd6_option(), the internal helper, returns a pointer to the next option or NULL, which means either "no option, ok" or "invalid option, fail". Failure is signaled through nd_opts_last being NULL after nd6_option() returned, which only happens if nd6_option() zeroed the whole *ndopts. Move the two cases under mnemonic labels and zap the now obviously redundant bzero() call in nd6_options(). OK claudio | ||
| 0a2b5415 | 2023-01-06 14:24:36 | Simplify nd6_options() initialise logic nd_opts_{search,last,done} are exlusively used in the internal option handling machinery; the only two nd6_options() callers only use nd_opts_{src,tgt}_lladdr. nd6_options() always zeroes and initialises the caller's struct nd_opts. If icmp6len is zero, i.e. if there are no ICMP6 header options left, everything inside *ndopts is zero, except nd_opts_done=1 which is not used by the callers. Set the internal nd_opts_{search,last,done} members only when needed. OK claudio | ||
| 576e5f39 | 2023-01-06 14:17:15 | Merge common code into new nd6_dad_destroy() The current code wrt. stopping DAD for and removing a particular IP from the list is flawed. Introduce a single nd6_dad_destroy() to the cleanup, so that there's only one place to fix. This is just a mechanical deduplication without significant behaviour change; in case a duplicated address was found, RTM_CHGADDRATTR now goes out before cleanup, which should be no problem. The nd6_dad_create() pendant could be done as well, but the end of nd6_dad_start() is currently the only place where a new IP/DAD entry is set up, so little gain besides function name symmetry. OK claudio | ||
| 6c0f7fa9 | 2022-12-10 23:45:51 | Remove unused experimental ICMP6 redirect low water bits Dead since introduction in 2001 with icmp6.c r1.31: implement upper limit to icmp6 redirects (experimental, turned off) negative value to {mtudisc,redirect}_{hi,lo}wat will turn off the limitation. sync with kame. icmp6_redirect_lowat was always -1 and never hit the empty conditional. icmp6_redirect_hiwat never existed. icmp6_mtudisc_{hi,lo}wat are exposed as net.inet6.icmp6.mtudisc_{hi,lo}wat sysctl(2)s, so don't touch those for now. OK mvs | ||
| bc5cfb1f | 2022-12-10 22:40:58 | Reuse off variable from previous line; no object change | ||
| b4dfd86d | 2022-12-10 22:16:24 | zap 68 trailing spaces from a single line | ||
| 038092c1 | 2022-12-10 21:29:10 | `dp' was just allocated with M_ZERO flag, so the following bzero(3) is not required. ok kn@ | ||
| 2a46a9b4 | 2022-12-10 21:26:21 | Merge nd6_option_init() into nd6_options() All call-sites call nd6_options() directly after nd6_option_init(). Fold them to simplify the logic and do less pointing around. Feedback OK bluhm florian | ||
| eaf13d83 | 2022-12-09 17:32:53 | Switch nd_opts from a union to just a struct. The ND6 option handling in the kernel got a lot simpler since only the tgt and src lladdr option are inspected by the kernel. The magic of assigning options via one side of the union and accessing them via the other is total overkill and actually quite error prone. OK florian@ | ||
| 153dcafa | 2022-12-07 17:34:20 | Do not store unused ICMPv6 Option PREFIX_INFORMATION Dead since 2017 sys/netinet6/nd6_rtr.c r1.163 Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days. sysctl(2) net.inet6.icmp6.nd6_debug does not warn about it like it does for, e.g., duplicate MTU options, so don't do anything with this option. Remove access macros for other unused options while here. Eventually, union nd_opts should be removed completely. All under _KERNEL. tcpdump(8)/rad(8)/slaacd(8) keep showing/sending/receiving this option when running this diff on both router and client. OK claudio | ||
| bfb4dd3f | 2022-12-06 22:19:39 | Add missing kernel lock around (*if_ioctl)() call within in{,6}_addmulti(). Since kernel lock is no more taken while following setsockopt() path, it should be taken in this place. Corresponding in{,6}_delmulti() already acquire kernel lock around (*if_ioctl)(). Problem reported and diff tested by weerd@ ok kn@ bluhm@ | ||
| abcde9bc | 2022-12-02 15:35:35 | Remove constant basereachable and retrans members from struct nd_ifinfo Both are initalised with compile-time constants and never written to. They are part of the Neighbour Discovery machinery and only surface through the single-user SIOCGIFINFO_IN6: $ ndp -i lo0 basereachable=30s0ms, reachable=39s, retrans=1s0ms These values are read-only since 2017 sys/netinet6/nd6.c r1.217 usr.sbin/ndp/ndp.c r1.85 Remove knob and always do neighbor unreachable detection Inline the macros (to keep meaningful names), shrink the per-interface allocated struct nd_ifinfo to what is actually needed and inline nd6_dad_starttimer()'s constant `msec' argument. Nothing else in base, incl. regress, uses SIOCGIFINFO_IN6 or `ndp -i'. OK bluhm | ||
| 24793c0c | 2022-12-02 12:58:37 | Remove useless variable, simplify code Using a local `duplicate' variable to defer the actual checks by a few lines, interleaved with comments (saying the same thing but negated), is harder to follow that neccessary. Fold the logic and merge comments (remove the last obvious one missing a negation) to save 20 LOC. OK bluhm | ||
| 4e88faf9 | 2022-12-02 12:56:51 | Unlock in6_ioctl_get() aka. SIOCGIF{DSTADDR,NETMASK,AFLAG,ALIFETIME}_IN6 First the right address is picked from the net lock protected if_addrlist. Then all ioctls just copy out the address, nothing requires the kernel lock. SIOCGIFDSTADDR_IN6 checks the net lock protected if_flags, SIOCGIFALIFETIME_IN6 computes lifetimes which only need the address. This removes the last kernel lock from IPv6 read ioctls (multicast being the untouched exception here). Users of these ioctl(2)s are route6d(8), rad(8), slaacd(8), isakmpd(8) and of course ifconfig(8). OK mvs | ||
| 3cf38294 | 2022-11-30 14:01:02 | Unlock nd6_ioctl(), push kernel lock into in6_ioctl_{get,change_ifaddr}() Neighbour Discovery information is protected by the net lock, as documented in nd6.h struct nd_ifinfo. ndp(8) is the only SIOCGIFINFO_IN6 and SIOCGNBRINFO_IN6 user in base. nd6_lookup(), also used in ICMP6 input and IPv6 forwarding, only needs the net lock. OK mvs | ||
| 43abdd53 | 2022-11-28 19:13:36 | Document struct nd_ifinfo protection, remove obsolete .initialized member All access to struct ifnet's member *if_nd is read-only, with the one write exception being nd6_slowtimo() updating ND information. IPv6 Neighbour Discovery information is fully protected by the net lock. --- nd6_ifattach() allocates and unconditionally initialises struct ifnet's *if_nd member, so early in if_attachsetup() that there is no way to query unitialised Neighour Unreachable Detection bits. Only SIOCGIFINFO_IN6 through ndp(8) used the .initialized member: Added/set since 2002 sys/netinet6/nd6.c r1.42 attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame Read since 2002 usr.sbin/ndp/ndp.c r1.16 use new SIOCGIFINFO_IN6. random other cleanups. sync w/kame. Obsolete since 2017 sys/netinet6/nd6.c r1.217 usr.sbin/ndp/ndp.c r1.85 Remove knob and always do neighbor unreachable detection. Feedback OK bluhm | ||
| eb50a1c0 | 2022-11-28 13:10:58 | Remove useless nd6_init_done Only ip6_init() calls nd6_init(), exactly once, just like it calls frag6_init() which on the other hand does not have some fra6_init_done to guard against itself. Like all other domains, ip6_init() is called in domaininit(), early in the kernel's main(). This variable was probably never useful and stems from nd6.c r1.1: bring in KAME IPv6 code, dated 19991208. OK mvs | ||
| 143c0f7f | 2022-11-28 13:08:53 | Statically initialise DAD list, remove obsolete dad_init The list of IPv6 addresses to perfom Duplicate Address Detection on is local to nd6_nbr.c; statically initialise it so `dad_init' can go. nd6_dad_find() keeps returning NULL on an initialised but empty list, so nd6_dad_stop() keeps returning early. Feedback OK mvs | ||
| 15235fc5 | 2022-11-27 15:31:36 | Remove useless casts All *dp variables are of type 'struct dadq *'; no object change. OK mvs | ||
| 77b9cbdf | 2022-11-25 15:03:24 | Revert hunk accidentially committed in r1.248 "Clarify/typofix comments" | ||
| e0b284df | 2022-11-23 19:35:42 | Remove unused NDPRF_* defines; dead since 2017 sys/netinet6/nd6.c r1.210 Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days. Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree. OK mvs claudio bluhm | ||
| 77a8ef7f | 2022-11-23 19:35:18 | Remove unused struct in6_ndifreq; dead since 2013 sys/netinet6/in6_var.h r1.37 Remove unused code manipulating a default interface and its index This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway. Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree. OK mvs claudio bluhm | ||
| 6b0dbb71 | 2022-11-23 19:34:59 | Remove unused struct prf_ra; dead since 2017 sys/netinet/icmp6.h r1.45 Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information. Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree. OK mvs claudio bluhm | ||
| cc076951 | 2022-11-23 16:59:10 | Inline useless ND_IFINFO() macro A single cast-free struct pointer dereference needs no indirection. ND_IFINFO() is under _KERNEL. OK mvs | ||
| 4d7e99f8 | 2022-11-23 16:57:37 | Let nd6_if{at,de}tach() be void and take an ifp argument Do it like the rest of at/detach routines which modify a struct ifnet pointer without returning anything. OK mvs | ||
| ac40cb16 | 2022-11-23 14:48:27 | Add *if_nd to struct ifnet, call nd6_if{at,de}tach() directly *if_afdata[] and struct domain's dom_if{at,de}tach() are only used with IPv6 Neighbour Discovery in6_dom{at,de}tach(), which allocate/init and free single struct nd_ifinfo. Set up a new ND-specific *if_nd member directly to avoid yet another layer of indirection and thus make the generic domain API obsolete. The per-interface data is only accessed in nd6.c and nd6_nbr.c through the ND_IFINFO() macro; it is allocated and freed exactly once during interface at/detach, so document it as [I]mmutable. OK bluhm mvs claudio | ||
| 2c55d1bc | 2022-11-23 08:05:49 | ND_IFINFO() cannot be NULL, use inline read-only idiom for clarity ND_IFINFO() always points at a valid struct nd_ifinfo; ND6_LLINFO_DELAY checks for NULL, while other cases in nd6_llinfo_timer() dereference it unconditionally. Inline all three per-case read-only usages rather than having one hoisted *ndi pointer which could be used to write. nd6_nbr.c already uses this `ND_IFINFO(ifp)->retrans' idiom which makes it immediately clear that data is only read. OK bluhm | ||
| 624d60b6 | 2022-11-23 07:57:39 | Recommit previous "Remove useless struct in6_ifextra" This was the right diff after all, I just confused myself between trees. OK bluhm --- Remove useless struct in6_ifextra in6_var.h r1.75 removed all other struct members. Now It only contains a single struct nd_ifinfo pointer, so address family specific data might as well be just that. ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is no other usage of if_afdata[]. One allocation and unhelpful indirection less per interface. All under _KERNEL. OK claudio | ||
| 0d1947d9 | 2022-11-22 19:28:29 | Backout "Remove useless struct in6_ifextra" commit I committed the wrong iteration of this diff, sorry for the noise. | ||
| f42926ca | 2022-11-22 15:49:06 | Use local variable consistently All prior lines in this function already use it, do so on the last one. OK claudio | ||
| 3ba6a4db | 2022-11-22 14:51:01 | Remove useless struct in6_ifextra in6_var.h r1.75 removed all other struct members. Now It only contains a single struct nd_ifinfo pointer, so address family specific data might as well be just that. ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is no other usage of if_afdata[]. One allocation and unhelpful indirection less per interface. All under _KERNEL. OK claudio | ||
| ceecbd6e | 2022-11-19 14:26:39 | Push kernel lock into pru_control() aka. in6_control() / in_control() so->so_state is already read without kernel lock inside soo_ioctl() which calls pru_control() aka in6_control() and in_control(). OK mvs | ||
| bef794e1 | 2022-11-15 18:42:46 | Not assigning a link local address by default breaks various things. A lot of code depends on a eui64 address to be present. So revert this bit of the last commit. OK florian@ | ||
| 345c4d05 | 2022-11-14 17:12:55 | Relax the list of interfaces which support IPv6 a bit. No longer require IFF_MULTICAST for all interfaces. It is save to skip this for interfaces that don't require a ND cache. Also do not assign a link-local address in such cases. This affects point-to-point interfaces and the NBMA / point-to-multipoint interfaces like mpe(4), mgre(4) and wg(4). The NBMA interfaces need some alternative way to figure out the address mapping. In the end this allows non-multicast interfaces to work with IPv6. OK dlg@ kn@ | ||
| a9bf6d57 | 2022-11-12 16:36:07 | Remove unused fields from struct in6_ifextra This is all under _KERNEL: - rs_lhcookie was added in 2014 110585f259f4974284e531f0a1e121b001a580dc "Move sending of router solicitations to the kernel; [...]" but never used - nprefixes and ndefrouters became obsolete with 2017 4a2f474d14c160dc7829cce0149ead09d473ece9 "Remove sending of router solicitations and processing of router advertisements from the kernel. [...]" OK mpi | ||
| a41b0a5b | 2022-11-12 02:53:17 | Remove unused RS_LHCOOKIE macro Added in 2014 110585f259f4974284e531f0a1e121b001a580dc Move sending of router solicitations to the kernel; [...] but never used. | ||
| d0d50c10 | 2022-11-12 02:50:59 | Zap comment about dead linkmtu Removed in 2015 a923c8476c6771493ee2bc4f277a429c9ae3eaff Remove linkmtu and maxmtu from struct nd_ifinfo. | ||
| 20dd158f | 2022-11-12 02:49:34 | Zap dead ip6_auto_linklocal Removed in 2015 15f0a5b39a2bb226b44457ed81a5d989cfee0393 Ensure that link-local addresses are correctly configured on loopback interfaces. | ||
| a37edb63 | 2022-11-10 16:00:17 | Use local variable for consistency OK claudio | ||
| acbded78 | 2022-11-07 10:45:39 | Run the ND6 expiry timer without kernel lock Added in 2017 to Reduce contention on the NET_LOCK() by moving the nd6 address expiration task to the `softnettq`. This should no longer be needed thanks to sys/net/if.c r1.652 in 2022: Activate parallel IP forwarding. Start 4 softnet tasks. Limit the usage to the number of CPUs. Nothing in nd6_expire() or nd6_expire_timer_update() requires protection by the kernel lock. The interface list and per-interface address lists remain protected by the net lock. Tests by Hrvoje OK mpi | ||
| 280d7fb5 | 2022-10-17 14:49:01 | Change pru_abort() return type to the type of void and make pru_abort() optional. We have no interest on pru_abort() return value. We call it only from soabort() which is dummy pru_abort() wrapper and has no return value. Only the connection oriented sockets need to implement (*pru_abort)() handler. Such sockets are tcp(4) and unix(4) sockets, so remove existing code for all others, it doesn't called. ok guenther@ | ||
| 62440853 | 2022-10-03 16:43:52 | System calls should not fail due to temporary memory shortage in malloc(9) or pool_get(9). Pass down a wait flag to pru_attach(). During syscall socket(2) it is ok to wait, this logic was missing for internet pcb. Pfkey and route sockets were already waiting. sonewconn() must not wait when called during TCP 3-way handshake. This logic has been preserved. Unix domain stream socket connect(2) can wait until the other side has created the socket to accept. OK mvs@ | ||
| d0e7fa22 | 2022-09-13 09:05:02 | Do soreceive() with shared netlock for raw sockets. ok bluhm@ | ||
| 3bb2119c | 2022-09-09 12:05:52 | Clarify/typofix comments OpenBSD is not FreeBSD and has no stf(4) interface. No object change. | ||
| ccb45f8e | 2022-09-08 10:22:05 | Rename global ifnet TAILQ Naming the list like the struct itself makes for awful grepping. Call the global variable "ifnetlist" from now on. There used to be kvm(3) consumers in base picking up this symbol, but those have long been converted to other interfaces. A few potential ports users remain, same deal as sys/net/if_var.h r1.116 "Remove struct ifnet's unused if_switchport member": they get bumped. Previous users pointed out by deraadt OK bluhm | ||
| 56bdcea2 | 2022-09-05 15:47:39 | Move mld6 address variables from data to stack memory to make them MP safe. Due to the KAME scope address hack, the link-local all nodes and all routers IPv6 addresses cannot be const. OK benno@ | ||
| 9bbbb445 | 2022-09-05 14:56:08 | Use shared netlock in soreceive(). The UDP and IP divert layer provide locking of the PCB. If that is possible, use shared instead of exclusive netlock in soreceive(). The PCB mutex provides a per socket lock against multiple soreceive() running in parallel. Release and regrab both locks in sosleep_nsec(). OK mvs@ | ||
| a192f6dd | 2022-09-04 06:49:11 | spelling | ||
| c3a3d609 | 2022-09-03 22:43:38 | Move PRU_PEERADDR request to (*pru_peeraddr)(). Introduce in{,6}_peeraddr() and use them for inet and inet6 sockets, except tcp(4) case. Also remove *_usrreq() handlers. ok bluhm@ | ||
| 0dc53d81 | 2022-09-03 18:48:49 | Move PRU_SOCKADDR request to (*pru_sockaddr)() Introduce in{,6}_sockaddr() functions, and use them for all except tcp(4) inet sockets. For tcp(4) sockets use tcp_sockaddr() to keep debug ability. The key management and route domain sockets returns EINVAL error for PRU_SOCKADDR request, so keep this behaviour for a while instead of make pru_sockaddr handler optional and return EOPNOTSUPP. ok bluhm@ | ||
| 3f68dcd3 | 2022-09-02 13:12:31 | Move PRU_CONTROL request to (*pru_control)(). The 'proc *' arg is not used for PRU_CONTROL request, so remove it from pru_control() wrapper. Split out {tcp,udp}6_usrreqs from {tcp,udp}_usrreqs and use them for inet6 case. ok guenther@ bluhm@ | ||
| 621c53d4 | 2022-09-01 18:21:22 | Move PRU_CONNECT2 request to (*pru_connect2)(). ok bluhm@ | ||
| f0a6a678 | 2022-08-31 21:23:02 | Move PRU_SENDOOB request to (*pru_sendoob)(). PRU_SENDOOB request always consumes passed `top' and `control' mbufs. To avoid dummy m_freem(9) handlers for all protocols release passed mbufs in the pru_sendoob() EOPNOTSUPP error path. Also fix `control' mbuf(9) leak in the tcp(4) PRU_SENDOOB error path. ok bluhm@ | ||
| a6b8fd29 | 2022-08-30 11:53:03 | Refactor internet PCB lookup function. Rename in_pcbhashlookup() so the public API is in_pcblookup() and in_pcblookup_listen(). For internal use introduce in_pcbhash_insert() and in_pcbhash_lookup() to avoid code duplication. Routing domain is unsigned, change the type to u_int. OK mvs@ | ||
| 52454f70 | 2022-08-29 08:08:17 | Move PRU_RCVOOB request to (*pru_rcvoob)(). ok bluhm@ | ||
| 18a44669 | 2022-08-29 07:51:45 | Use struct refcnt for interface address reference counting. There was a crash due to use after free of the ifa although it is ref counted. As ifa_refcnt was a simple integer increment, there may be a path where multiple CPUs access it concurrently. So change to struct refcnt which is MP safe and provides dt(4) leak debugging. Link level address for IPsec enc(4) and various MPLS interfaces is special. There ifa is part of struct sc. Use refcount anyway and add a panic to detect use after free. bug report stsp@; OK mvs@ | ||
| 4024125e | 2022-08-28 21:35:11 | Move PRU_SENSE request to (*pru_sense)(). ok bluhm@ | ||
| fbc11c67 | 2022-08-28 18:44:16 | Move PRU_ABORT request to (*pru_abort)(). We abort only the sockets which are linked to `so_q' or `so_q0' queues of listening socket. Such sockets have no corresponding file descriptor and are not accessed from userland, so PRU_ABORT used to destroy them on listening socket destruction. Currently all our sockets support PRU_ABORT request, but actually it required only for tcp(4) and unix(4) sockets, so i should be optional. However, they will be removed with separate diff, and this time PRU_ABORT requests were converted as is. Also, the socket should be destroyed on PRU_ABORT request, but route and key management sockets leave it alive. This was also converted as is, because this wrong code never called. ok bluhm@ | ||
| 90b3510c | 2022-08-27 20:28:01 | Move PRU_SEND request to (*pru_send)(). The former PRU_SEND error path of gre_usrreq() had `control' mbuf(9) leak. It was fixed in new gre_send(). The former pfkeyv2_send() was renamed to pfkeyv2_dosend(). ok bluhm@ | ||
| cc9f6b97 | 2022-08-26 16:17:38 | Move PRU_RCVD request to (*pru_rcvd)(). ok bluhm@ | ||
| 86e05c94 | 2022-08-22 21:18:48 | Move PRU_SHUTDOWN request to (*pru_shutdown)(). ok bluhm@ | ||
| 679bdce9 | 2022-08-22 21:02:44 | Document that igmp_timers_are_running and mld6_timers_are_running are protected by netlock. They are only used as shortcut in fast timer. Common prefix in mld6.c is mld6. OK mvs@ | ||
| e00787e6 | 2022-08-22 13:23:06 | Move PRU_DISCONNECT request to (*pru_disconnect). ok bluhm@ | ||
| da3acf12 | 2022-08-22 10:37:27 | Use rwlock per inpcb table to protect notify list. The notify function may sleep, so holding a mutex is not possible. The same list entry and rwlock is used for UDP multicast and raw IP delivery. By adding a write lock, exclusive netlock is no longer necessary for PCB notify and UDP and raw IP input. OK mvs@ | ||
| 92a454d9 | 2022-08-22 08:08:46 | Move PRU_ACCEPT request to (*pru_accept)(). ok bluhm@ | ||
| 14817007 | 2022-08-21 23:04:45 | Only grab netlock in igmp and mdl6 fast timer when necessary. There are status variables that can be used to avoid locking if timers are not running. This should reduce contention on exclusive netlock. OK kn@ mvs@ | ||
| 074c8388 | 2022-08-21 22:45:55 | Move PRU_CONNECT request to (*pru_connect)() handler. ok bluhm@ | ||
| cfab0d99 | 2022-08-21 17:30:21 | Move PRU_LISTEN request to (*pru_listen)() handler. ok bluhm@ | ||
| cfa8497d | 2022-08-21 14:15:55 | Remove ip_local() and ip6_local(). After moving the IPv4 fragment reassembly and IPv6 hob-by-hob header chain processing out of ip_local() and ip6_local(), they are almost empty stubs. The check for local deliver loop in ip_ours() and ip6_ours() is sufficient. Recover mbuf offset and next protocol directly in ipintr() and ip6intr(). OK mvs@ | ||
| 53fadfdc | 2022-08-21 11:44:53 | Introduce a mutex per inpcb to serialize access to socket receive buffer. Later it may be used to protect more of the PCB or socket. In divert input replace the kernel lock with this mutex. OK mvs@ | ||
| 121fc5cf | 2022-08-20 23:48:57 | Move PRU_BIND request to (*pru_bind)() handler. For the protocols which don't support request, leave handler NULL. Do the NULL check within corresponding pru_() wrapper and return EOPNOTSUPP in such case. This will be done for all upcoming user request handlers. ok bluhm@ guenther@ | ||
| 0b448d84 | 2022-08-15 16:15:36 | Run IPv6 hop-by-hop options processing in parallel. The ip6_hbhchcheck() code is MP safe and moves from ip6_local() to ip6_ours(). If there are any options, store the chain offset and next protocol in a mbuf tag. When dequeuing without tag, it is a regular IPv6 header. As mbuf tags degrade performance, use them only if a hop-by-hop header is present. Such packets are rare and pf drops them by default. OK mvs@ | ||
| 7985bfd0 | 2022-08-15 09:11:38 | Introduce 'pr_usrreqs' structure and move existing user-protocol handlers into it. We want to split existing (*pr_usrreq)() to multiple short handlers for each PRU_ request as it was already done for PRU_ATTACH and PRU_DETACH. This is the preparation step, (*pr_usrreq)() split will be done with the following diffs. Based on reverted diff from guenther@. ok bluhm@ | ||
| 4daa6442 | 2022-08-12 17:04:16 | Remove differences between ip_fragment() and ip6_fragment(). They do nearly the same thing, so they should look similar. OK sashan@ | ||
| 0b5e72a3 | 2022-08-12 14:49:15 | There are some places in ip and ip6 input where operations fail due to out of memory. Use a generic idropped counter for those. OK mvs@ | ||
| f42e2e0a | 2022-08-12 12:08:54 | At successful return ip6_check_rh0hdr() keeps *offp unmodified. The IPv6 routing header type 0 check should modify *offp only in case of an error, so that the generated icmp6 packet has the correct pointer. OK sashan@ | ||
| a01b2dc3 | 2022-08-09 21:10:02 | Backout "Call getuptime() just once per function" This caused stuck ndp cache entries as found by naddy, sorry. | ||
| ce9d227c | 2022-08-08 23:00:51 | If interface drivers had enabled transmit offloading of the payload checksum, IPv6 fragments contained invalid checksum. For fragments the protocol checksum has to be calculated before fragmentation. Hardware cannot do this as it is too late. Do it earlier in software. tested and OK mbuhl@ | ||
| b7607505 | 2022-08-08 17:47:59 | Constify in6_addr pointer arguments in nd6_*() functions All of them are passed to inspect/copy out fields, none of the functions writes to the struct. This makes it easier to argue about code (in MP context). OK bluhm | ||
| 5d905914 | 2022-08-08 15:56:35 | Call getuptime() just once per function IPv6 pendant to bluhm's sys/netinet/if_ether.c r1.249: Instead of calling getuptime() all the time in ARP code, do it only once per function. This gives a more consistent time value. OK claudio@ miod@ mvs@ OK bluhm | ||
| 9e8a1cdf | 2022-08-08 12:06:30 | To make protocol input functions MP safe, internet PCB need protection. Use their reference counter in more places. The in_pcb lookup functions hold the PCBs in hash tables protected by table->inpt_mtx mutex. Whenever a result is returned, increment the ref count before releasing the mutex. Then the inp can be used as long as neccessary. Unref it at the end of all functions that call in_pcb lookup. As a shortcut, pf may also hold a reference to the PCB. When pf_inp_lookup() returns it, it also incements the ref count and the caller can handle it like the inp from table lookup. OK sashan@ | ||
| 6a1c2aef | 2022-08-06 15:57:58 | Clean up the netlock macros. Merge NET_RLOCK_IN_SOFTNET and NET_RLOCK_IN_IOCTL, which have the same implementation. The R and W are hard to see, call the new macro NET_LOCK_SHARED. Rename the opposite assertion from NET_ASSERT_WLOCKED to NET_ASSERT_LOCKED_EXCLUSIVE. Update some outdated comments about net locking. OK mpi@ mvs@ | ||
| c259178c | 2022-07-28 13:11:44 | Zap prototypes for nonexistent nd6_setmtu() and in6_ifdel() Removed in 2015 and 2002, respectively. OK claudio | ||
| b8a3baa4 | 2022-07-28 13:10:37 | Zap outdated nd6_free() comment about static Added in 2002 r1.48 "sync with latest KAME [...]" along the attribute, but nd6_free() became a global void function in 2017 r1.212. Afaik static kernel functions are avoided to aid ddb'ugging and I presume the "significant changes in the kernel" bits of the comment stem from something 20 years ago no longer holding true today. Afterall, this change has been safe for five years. OK claudio | ||
| f96d279d | 2022-07-24 22:38:25 | Fix assertion for write netlock in rip6_input(). ip6_input() has shared net lock. ip_deliver() needs exclusive net lock. Instead of calling ip_deliver() directly, use ip6_ours() to queue the packet. Move the write lock assertion into ip_deliver() to catch such bugs earlier. The assertion was only triggered with IPv6 multicast forwarding or router alert hop by hop option. Found by regress test. OK kn@ mvs@ | ||
| 185986d5 | 2022-07-22 20:29:27 | Zap nd6_recalc_reachtm_interval indirection Only used once, so use the macro directly like ND6_SLOWTIMER_INTERVAL is used in many places. OK florian | ||
| 84c68b93 | 2022-07-22 15:34:46 | Leftovers from florian's RS/NA purge from the kernel in 2017. OK bluhm | ||
| ea006b74 | 2022-07-22 13:27:17 | Zap dead store nd6_allocated There since KAME IPv6 import in 1999. OK "Pool statistics has this info already." bluhm | ||
| 713fe098 | 2022-07-22 13:26:00 | Call nd6_timer() without argument nd6_timer_to is a global struct and nd6_timer() accesses it as such, thereby ignoring its function argument. Make that clear when setting the timeout, which now goes like the other two timeouts. OK bluhem | ||
| 80467c39 | 2022-06-29 22:45:24 | Pass a pointer to mbuf pointer further down into ip6_process_hopopts() and ip6_unknown_opt(). Instead of having dangling pointer in caller, use m_freemp() to set mbuf to NULL. OK sashan@ | ||
| bb8a5d95 | 2022-06-29 11:22:10 | Pass down the pointer to mbuf pointer into ip6_hbhchcheck(). This allows to set the mbuf to NULL and keep it consistent in the caller, instead of having dangling pointer after free. OK sashan@ | ||
| 5b1db52d | 2022-06-28 08:24:29 | The ip6_hbhchcheck() function never reads the nxtp parameter, it only sets its value. It is more obvious to return the next protocol or IPPROTO_DONE to signal error. All IP protocol functions do that. OK sashan@ florian@ | ||
| ddfdd69b | 2022-05-09 19:33:46 | Protect sbappendaddr() in divert_packet() with kernel lock. With divert-packet rules pf calls directly from IP layer to protocol layer. As the former has only shared net lock, additional protection against parallel access is needed. Kernel lock is a temporary workaround until the socket layer is MP safe. discussed with kettenis@ mvs@ | ||
| 37b541b9 | 2022-05-05 16:44:22 | Clean up divert_packet(). Function does not return error, make it void. Introduce mutex and refcounting for inp like in the other PCB functions. OK sashan@ | ||
| 2028c273 | 2022-05-05 13:57:40 | Use static objects for struct rttimer_queue instead of dynamically allocate them. Currently there are 6 rttimer_queues and not many more will follow. So change rt_timer_queue_create() to rt_timer_queue_init() which now takes a struct rttimer_queue * as argument which will be initialized. Since this changes the gloabl vars from pointer to struct adjust other callers as well. OK bluhm@ | ||
| 38f7d33d | 2022-05-04 16:52:10 | Move rttimer callback function from the rttimer itself to rttimer_queue. All users use the same callback per queue so that makes sense. Also replace rt_timer_queue_destroy() with rt_timer_queue_flush(). OK bluhm@ |