Age | Commit message (Collapse) | Author |
|
|
|
ok bluhm@ dlg@ florian@ mpi@
|
|
pfsync_sendout. more specifically, move the reset of sc->sc_len to
PFSYNC_MINPKT above ip_output.
this prevents a situation where ipsec via ip_output calls
pfsync_update_tdb for syncing the ipsec flow to a peer, which
accounts for the tdb in the next pfsync packet, before unwinding
back to pfsync_output which resets the accounting we just did.
the next pfsync packet to be sent out will be allocated with a short
length because sc_len is wrong, and the long lists of things (eg,
the tdb) can overwrite memory after the mbuf. this manifests as
incorrect poisoning or xsimpleq entry corruption in mbufs still in
a pool, or random corruption of m->m_next on other mbufs in the
system.
bug found, fix tested, and ok stsp@
|
|
ok miod@ mpi@
|
|
|
|
after discussions with beck deraadt kettenis.
|
|
ever used to pass on uint32 (for ipsec). stop that madness and just pass
the uint32, 0 in all cases but the two that pass the ipsec flowinfo.
ok deraadt reyk guenther
|
|
Avoid the confusion by using an appropriate name for the variable.
Note that since routing domain IDs are a subset of the set of routing
table IDs, the following idiom is correct:
rtableid = rdomain
But to get the routing domain ID corresponding to a given routing table
ID, you must call rtable_l2(9).
claudio@ likes it, ok mikeb@
|
|
Found by LLVM/Clang Static Analyzer.
ok benno@ henning@
|
|
from erik at halon dot se, ok benno phessler benno
|
|
created a bunch of useless dependencies. Remove this implicit
inclusion and do an explicit #include <netinet6/in6_var.h> when it
is needed.
OK mpi@ henning@
|
|
not getting assigned to rules like they should cos pfsync_in_upd() wasnt
passing the PFSYNC_SI_CKSUM flag along to pfsync_state_import.
found and fixed by pedro
|
|
Reported by naddy@
|
|
structure rather than doing various M_WAITOK allocations during
the *attach() functions, we always rely on them anyway.
ok mikeb@, uebayasi@
|
|
key we need to sync our state key pointers with whatever values
the function will pick. Not doing so will produce wrong results
if address translation must be applied afterwards and we happen
to have a state key collision. Then pf_translate will follow an
old pointer and punch in garbage addresses into the packet.
Noticed, initial patch and tests by Vitaly Sinilin <vs @ kp4 ! ru>
ok tedu, henning
|
|
|
|
ok beck@, mikeb@
|
|
runtime while time_uptime is monotonic. Prevent underflows in
pfsync(4) and pflow(4) by using signed variables. pfsync(4) problem
pointed out by camield.
Diff originally by dlg, frag and pflow bits by me.
feedback dlg
man page tweak jmc
Various versions of the pflow bits tested by Hrvoje Popovski
(hrvoje AT srce DOT hr), thanks!
ok benno, henning, dlg
|
|
the syncdev gets set. this also makes sure we no longer leak hooks on
repeatet 'ifconfig syncdev' invocations.
ok mikeb@
|
|
followed by ifconfig destroy; ok mikeb
|
|
it's cancelling the bulk update and can leave the machine in a
demoted state.
bug was noticed by benno, who was kind enough to verify that the
fix is working fine. ok mpf, benno
|
|
with the latter
no change in md5 checksum of generated files
ok claudio@ henning@
|
|
ok camield mpf
|
|
to the 16 bit flags; reminded by claudio, ok henning
|
|
1) demote by 32 on the first bulk update to prevent failovers w/o having
a full state table;
2) don't do any demotion adjustments on the link up event and undemote
when bulk update finishes (or times out) preventing a race between
nodes getting a link state update asynchronously.
With phessler; tested by phessler and Kapetanakis Giannis. Thanks!
Looked through by henning and dlg. Now the correct version.
|
|
|
|
|
|
1) demote by 32 on the first bulk update to prevent failovers w/o having
a full state table;
2) don't do any demotion adjustments on the link up event and undemote
when bulk update finishes (or times out) preventing a race between
nodes getting a link state update asynchronously.
With phessler; tested by phessler and Kapetanakis Giannis. Thanks!
Looked through by henning and dlg.
|
|
figured out by and ok guenther
|
|
|
|
moving the state export functionality from pfsync code into pf.
Based on the initial diff diff by guenther, ok henning.
|
|
pf to fix that.
- add #ifdef INET6 in obvious places
- af translation is only possible with both INET and INET6
- interleave #endif /* INET6 */ and closing brace correctly
- it is not necessary to #ifdef function prototypes
- do not compile af translate functions at all instead of empty stub,
then the linker will report inconsistencies
- pf_poolmask() actually takes an sa_family_t not an u_int8_t argument
No binary change for GENERIC compiled with -O2 and -UDIAGNOSTIC.
reported by Olivier Cochard-Labbe; ok mikeb@ henning@
|
|
this prevents backup to failover back to master immediately
after getting link back on carpdev interface if underlying
pfsync interface went down as well. instead pfsync will
request a bulk update to get new states from the master.
sthen and mpf like the idea, ok dlg
|
|
ok dlg claudio
|
|
with every other thing that stores the state id (including other pfsync
messages).
includes improvements to the systat code to consider the creatorid as well
as the state id in its cache to avoid collisions between states created on
different hosts.
tested by me in production and on amd64 talking to sparc64.
ok henning@
|
|
accidental race conditions. From Erik Lax, thanks! ok dlg
|
|
connection does not observe the route-to option.
ok dlg mikeb
|
|
skewed at runtime by things like date(1) and ntpd. time_uptime is
monotonic and therefore more useful to compare against.
ok deraadt@ mikeb@
|
|
only when we're going up, not when we set PROMISC or any other
flag. Fixes spontaneous CARP failovers when running tcpdump
on pfsync.
ok henning, mcbride, camield
|
|
calculations, and does _not_ denote the time when to expire. So
it should never be added to (set into the future).
Try to reconstruct it with an educated guess on state import and
just set it to the current time on state updates.
This fixes a problem on pfsync listeners where the expiry time
could be double the expected value and cause a lot more states
to linger.
Timeout code from mikeb.
Found and testing by Maxim Bourmistrov.
ok mikeb dlg
|
|
an icmp<->icmp6 state (nat64); ok henning, mcbride, dlg
|
|
interface. Problem report and fix from Erik Lax, thanks!
|
|
than the syncdev MTU. Prompted by the discussion with and tested
by Maxim Bourmistrov; ok dlg, mpf
|
|
mcbride agrees, ok mpf, dlg
|
|
"af-to" a generic IP version translator for pf(4).
Not everything perfect yet but lets fix these things in the tree.
Insane amount of work done by sperreault@, mikeb@ and reyk@.
Looked over by mcbride@ henning@ and myself at eurobsdcon.
OK mcbride@ and general put it in from deraadt@
|
|
without growing it in pfsync_state too.
to keep the wire format compat this uses some of the pad bytes to send
all the state flags on the wire as well as maintaining the old state_flags
field. after 5.0 we'll deprecate the original field and only use the new
one.
discussed with mcbride and deraadt and based on a diff from deraadt.
tested against an "old" pfsync locally.
ok mcbride@ henning@ deraadt@
|
|
Reject states with pfsync_state->af == 0 in pfsync_state_import(), in
preparation for states which specify an address family in each state key
instead (change will take place post-5.0).
ok dlg henning mikeb
|
|
|
|
no change in binary
"Sure" claudio@
|
|
actually removed it from the timeout wheel before releasing it. if
timeout_del returns 0 then you know the timeout is about to run or
is already running, meaning it will free itself so you dont have
to.
this handling is only done for the undefer paths at SOFTNET since
it is higher than SOFTCLOCK which timeouts run from. it is possible
for a timeout to start running at softclock and get interrupted by
softnet. the undefer in process context blocks both these interrupts
while it undefers, so it is impossible for the timeout to run and
cause the list to be in this inconsistent state.
|