| Age | Commit message (Collapse) | Author |
|---|
|
Add a NULL check to prevent crash in pflog(4) introduced in previous
commit.
Reported-by: syzbot+c6d2f2ad34b822bce98a@syzkaller.appspotmail.com
|
|
rdr-to, nat-to, af-to rules. The kernel uses the information from
the packet description and fills it into the fields in the pflog
header. While doing this, it is trival to figure out whether the
packet has been rewritten.
OK sashan@
|
|
and af-to addresses and ports applied. Therefore it created a mbuf
chain on the stack with a partial copy. This is too complicated
for IP options, extension header, NAT46 af-to, and fragmented mbuf
chains. It even caused a crash in syzkaller. Usually the length
checks in pf_setup_pdesc() rejected the faked mbuf and the goto
copy logged the packet unmodified. Remove the pflog_mtap() function
and call bpf_mtap_hdr() directly. As the old buggy code was bypassed
in most cases, tcpdump(8) output of pflog does not change.
Uncondionally log the unmodified packet.
Reported-by: syzbot+947e89e06ac3fec187d0@syzkaller.appspotmail.com
OK sashan@
|
|
`pflogifs' array. This was done to prevent panics caused by internal
malloc(9) limit.
Also we avoid the case while single pflog(4) interface with a high index
allocates an array for all indices below and eats up kernel memory.
Since we have a very little count of pflog(4) interfaces linear search
does not performance impact.
ok bluhm@ claudio@ kn@
|
|
the rule did not specify it. Check the option again for the log
rule in case another rule has triggered a socket lookup. Remove
logopt group, it is not documented and cannot work as struct pfloghdr
does not contain a gid. Rename PF_LOG_SOCKET_LOOKUP to PF_LOG_USER
to express what it does. The lookup involved is only an implemntation
detail.
OK kn@ sashan@ mvs@
|
|
pflog(4) does not send or generate packets by design.
OK mvs sashan
|
|
ok deraadt@
|
|
Most clonable interface drivers (except bridge, enc, loop, pppx,
switch, trunk and vlan) initialise the send queue's length to IFQ_MAXLEN
during *_clone_create() even though ifq_init(), which is eventually called
through if_attach(), does the same.
Remove all early "ifq_set_maxlen(&ifq->if_snd, IFQ_MAXLEN);" lines to leave
it to ifq_init() and have clonable drivers a tad more in sync.
OK mvs
|
|
pflog wants to copy and patch the packet that is being logged to
properly show if it is being transformed, and it does this by copying
the ip and transport headers into a local mbuf and patching them
there, and then wiring the remaining data from the original packet
into an mbuf chain hanging off this patched mbuf.
it's just unfortunate that the mbufs it was using are global and
not locked. this is particularly unfortunate if you're running the
stack in parallel on multiple cpus and pflog gets to running
concurrently.
this changes pflog to use an mbuf on the stack to copy the headers
into and patch. the mbuf used to point to the trailing data has
been replaced with an m_hdr, also on the stack, like what bpf_mtap_ether
does to skip past where a vlan shim should be.
ok sashan@ jmatthew@
|
|
ok dlg@ tobhe@
|
|
ok dlg@ tobhe@
|
|
This is clearer and more consistent with the rest of the kernel.
OK deraadt@ sashan@
|
|
it was previously (ab)used by pflog, which has since been fixed.
apart from that nothing else used it, so we can trim the cruft.
ok kn@ claudio@ visa@
visa@ also made sure i fixed ipw(4) so i386 won't break.
|
|
currently pflog prepares a pfloghdr and then passes that, the
original mbuf, and a pflog copy function to bpf. bpf matches on the
original packet, and then if bpf decides it wants the packet it
uses the custom function to copy the packet for userland to read.
the custom function patches the packet so you see the packet after
nat and rdr and af-to and so on. however, this means bpf is matching
on the original packet and reporting a patched packet.
this is also the only use of a custom copy function in the tree,
and it relies on some behaviours that should be internal to bpf to
get away with it.
this pulls the patching up so it's done before the packet is given
to bpf. this simplifies the code a bit, and means bpf is now matching
on and reporting the same packet. removing this custom copy code
also means that we can get rid of that functionality from the
bpf_mtap_hdr function.
ok sashan@ visa@
|
|
ok kn@
|
|
These are just unhelpful case conversion.
OK sashan henning
|
|
memory shortage. As it is invoked from a system call, it should
not fail and wait instead.
OK visa@ mpi@
|
|
Tested by Hrvoje Popovski, ok bluhm@
|
|
ok bluhm@
|
|
rectification.
|
|
only once per packet.
Fix a regression introduced when if_input() started to be called by
every pseudo-driver.
ok claudio@, dlg@
|
|
Prevent pf_socket_lookup() reading uninitialised header buffers on fragments.
OK blum@ sashan@
|
|
pfvar_priv.h. The pf_headers had to be defined in multiple .c files
before. In pfvar.h it would have unknown storage size, this file
is included in too many places. The idea is to have a private pf
header that is only included in the pf part of the kernel. For now
it contains pf_pdesc and pf_headers, it may be extended later.
discussion, input and OK henning@ procter@ sashan@
|
|
and pretending the output succeeded. Packets are still dropped!
Idea from jsg@ following same change to bridge(4). ok mpi@
|
|
|
|
ok mpi@ uebayasi@
|
|
since July. The code involved deals with af-to handling.
|
|
ok stsp mpi
|
|
define in sys/limits.h. OK guenther@
|
|
is a debug tool change of semantics not considered problematic.
up until now, log(matches) forced logging on subsequent matching rules,
the actual logging used the log settings from that matched rule.
now, log(matches) causes subsequent matches to be logged with the log settings
from the log(matches) rule. in particular (this was the driving point),
log(matches, to pflog23) allows you to have the trace log going to a seperate
pflog interface, not clobbering your regular pflogs, actually not affecting
them at all.
long conversation with bluhm about it, which didn't lead to a single bit
changed in the diff but was very very helpful. ok bluhm as well.
|
|
long live the one true internet.
ok henning mikeb
|
|
ok mikeb@, krw@, bluhm@, tedu@
|
|
|
|
function pflog_bpfcopy() is setting up a packet description with
pf_setup_pdesc(). When pf_setup_pdesc() is droppig a bad packet,
it increments the the pf status counters. This way bad packets
could be accounted multiple times. Now pflog_bpfcopy() passes a
reason pointer NULL to indicate that no accounting should be done.
From Florian Riehm; OK henning@
|
|
ok miod@ mpi@
|
|
|
|
after discussions with beck deraadt kettenis.
|
|
now that it is a trivial wrapper around the extended bpf_mtap_hdr, we can
use bpf_mtap_hdr directly. added benefit: pflog_bpfcopy doesn't need to
be exported any more and can stay private to if_pflog.c
ok benno bluhm reyk
|
|
From Alexandr Nedvedicky <alexandr ! nedvedicky at oracle ! com>. Thanks!
|
|
Found by LLVM/Clang Static Analyzer.
ok henning@ mikeb@ bluhm@
|
|
global variables to in6.h.
ok deraadt@
|
|
global variables to in.h.
ok mikeb@, deraadt@
|
|
created a bunch of useless dependencies. Remove this implicit
inclusion and do an explicit #include <netinet6/in6_var.h> when it
is needed.
OK mpi@ henning@
|
|
under some circumstances repair broken checksums on the way.
ok ryan naddy mikeb
.
redo most of the protocol (tcp/udp/...) checksum handling
-assume we have hardware checksum offloading. stop mucking with the
checksum in most of the stack
-stop checksum mucking in pf, just set a "needs checksumming" flag if needed
-in all output pathes, very late, if we figure out the outbound interface
doesn't have hw cksum offloading, do the cksum in software. this especially
makes the bridge path behave like a regular output path
-little special casing for bridge still required until the broadcast path
loses its disgusting shortcut hacks, but at least it's in one place now
and not all over the stack
in6_proto_cksum_out mostly written by krw@
started at k2k11 in iceland more than 1.5 years ago - yes it took that
long, this stuff is everything but easy.
this happens to fix the infamous pf rdr bug that made us turn off proto
cksum offloading on almost all interface drivers.
|
|
ok beck@, mikeb@
|
|
|
|
-assume we have hardware checksum offloading. stop mucking with the
checksum in most of the stack
-stop checksum mucking in pf, just set a "needs checksumming" flag if needed
-in all output pathes, very late, if we figure out the outbound interface
doesn't have hw cksum offloading, do the cksum in software. this especially
makes the bridge path behave like a regular output path
-little special casing for bridge still required until the broadcast path
loses its disgusting shortcut hacks, but at least it's in one place now
and not all over the stack
in6_proto_cksum_out mostly written by krw@
started at k2k11 in iceland more than 1.5 years ago - yes it took that
long, this stuff is everything but easy.
this happens to fix the infamous pf rdr bug that made us turn off proto
cksum offloading on almost all interface drivers.
ok camield sthen claudio, testing by many, thanks!
|
|
mostly by dynamically allocating pflogifs instead of making that a static
array. ok claudio zinke
|
|
pf to fix that.
- add #ifdef INET6 in obvious places
- af translation is only possible with both INET and INET6
- interleave #endif /* INET6 */ and closing brace correctly
- it is not necessary to #ifdef function prototypes
- do not compile af translate functions at all instead of empty stub,
then the linker will report inconsistencies
- pf_poolmask() actually takes an sa_family_t not an u_int8_t argument
No binary change for GENERIC compiled with -O2 and -UDIAGNOSTIC.
reported by Olivier Cochard-Labbe; ok mikeb@ henning@
|
|
returned early. As a result tcpdump -i pflog0 printed uninitialized
kernel memory for short packets. Fix this by copying the mbuf data
we have if we cannot decode the packet.
ok mikeb@ henning@
|
