| Age | Commit message (Collapse) | Author |
|---|
|
Tested with multiple Window 10 Pro (ver 2004) clients, and OpenBSD+iked
as the server.
OK tobhe@ sthen@ kn@
|
|
Advised by bluhm@
|
|
Unlike the other cases of sysctl_bounded_arr this one uses a dynamic limit.
OK millert@
|
|
this helps nvgre follow things like carp masters changing on the
inside of the virtual network.
"makes sense" jmatthew@
|
|
fixes a "noise_keypair: lock not held" panic observed by Caspar Sc
hutijser
from Jason A. Donenfeld
|
|
Based/previous work on an idea from deraadt@
Input from claudio@, djm@, deraadt@, sthen@
OK deraadt@
|
|
Reported-by: syzbot+b9af9c29ed1a6dabda25@syzkaller.appspotmail.com
OK anton@
|
|
file as part of tcpdump(8). Unbreaks the tree.
ok deraadt@
|
|
OK mpi
|
|
Used a different variable to not shadow `entry' allocated before grabbing
the lock.
|
|
outside of NET_LOCK()/PF_LOCK() scope in easy spots.
OK kn@
|
|
have to pull in <sys/param.h>
ok kn@ sashan@ deraadt@
|
|
|
|
if_clone_{create,destroy}(). This fixes the races described below.
if_clone_{create,destroy}() are kernel locked, but since they touch
various sleep points introduced by rwlocks and M_WAITOK allocations,
without serialization they can intersect due to race condition.
The avoided races are:
1. While performing if_clone_create(), concurrent thread which performing
if_clone_create() can attach `ifp' with the same `if_xname' and made
inconsistent `if_list' where all attached interfaces linked.
2. While performing if_clone_create(), concurrent thread which performing
if_clone_destroy() can kill this incomplete `ifp'.
3. While performing if_clone_destroy(), concurrent thread which performing
if_clone_destroy() can kill this dying `ifp'.
ok claudio@ kn@ mpi@ sashan@
|
|
unused by the rule. So skip the rest of the check in that case.
Fixes rulest loading for semarie@
OK semarie@
|
|
Unlike "... rtable N", pf.conf(5)'s "on rdomain N" does not alter packet
state and will always work no matter if rdomain N currently exists or not,
i.e. the rule "pass on rdomain 42" will simply match (and pass) packets if
rdomain 42 exists, and it will simply not match (neither pass nor block)
packets if 42 does not exist.
There's no need to reload the ruleset whenever routing domains are created
or deleted, which can already be observed now by creating an rdomain,
loading rules referencing it and deleting the same rdomain immediately
afterwards: pf will continue to work as expected.
Relax both pfctl(8)'s parser check as well as pf(4)'s copyin routine to
accept any valid routing domain ID without expecting it to exist at the time
of ruleset creation - this lifts the requirement to create rdomains before
referencing them in pf.conf while keeping pf behaviour unchanged.
Prompted by yasuoka's recent pfctl parse.y r1.702 commit requiring an rtable
to exist upon ruleset creation.
Discussed with claudio and bluhm at k2k20.
Feedback sashan
OK sashan yasouka claudio
|
|
|
|
ok deraadt@ claudio@
|
|
"Correct" by deraadt@
|
|
ok mpi@
|
|
pppx_if_qstart() and pppac_qstart() with netlock held. Otherwise we can't
be sure about netlock status while performing these handlers.
Problem reported by Glen Faustino.
ok yasuoka@
|
|
Pretty much all members are under the net lock, some are proctected by
both net and kernel lock, e.g. the start routine is called with
KERNEL_LOCK().
OK mpi
|
|
There is no reason to change flags on member interfaces when removing
them, aggr(4) does not pull its members down either.
OK florian bluhm
|
|
These are the last ones in if_pppoe.c and if_spppsubr.c.
OK beck
|
|
|
|
Reported by Maxime Villard, fix from Matt Dunwoodie after feeedback from
claudio who is fine with either of the two suggested fixes going in.
|
|
ok yasuoka@
|
|
pipex(4) layer this `ifnet' still uses `if_data'. Also pppx(4) doesn't
use per cpu counters but `if_data'.
Add per cpu counters to pppx(4) and pipex(4). This finishes interface
statistics collecting mess.
ok yasuoka@
|
|
Fixes CID 1496732.
ok patrick@
|
|
ok deraadt@
|
|
Although technically a point-to-multipoint interface, point-to-point
semantics apply/fit when installing local routes, e.g. configuring IPv6
addresses on it.
This is to fix SIOCGNBRINFO_IN6 and thus ndp(8).
Report and diff from Matt Dunwoodie <ncon at noconroy dot net>, thanks!
OK tobhe
|
|
pipex_iface of struct pipex_session with owner_sc which refers the
owner device. This makes ioctl commands for pppac or pppx device
simpler. PIPEX{S,G}MODE became dummy since both pppac and pppx is
always used with pipex. Also move some pppac specific things to the
pppac part on if_pppx.c.
suggestions from mvs, ok mvs
|
|
When "once" rules expire, they are removed from the active ruleset,
hence the main ruleset needs to be rehashed iff itself contains once rules.
After the previous commit, pf_setup_pfsync_matching() became much simpler
but its name even less accurate; simplify it further and rename it to
pf_calc_chksum() while here.
Admins using "once" rules in combination with pfsync(4) are hopefully aware
of this caveat (self-changing rulesets) already, but now the checksum in
"pfctl -v -s info" actually indicates out-of-sync rulesets and is no longer
misleading.
OK sashan
|
|
Each ruleset's rules are stored in a TAILQ called "ptr" with "rcount"
representing the number of rules in the ruleset; "ptr_array" points to an
array of the same length.
"ptr" is backed by pool_get(9) and may change in size as "expired" rules
get removed from the ruleset - see "once" in pf.conf(5).
"ptr_array" is allocated momentarily through mallocarray(9) and gets filled
with the TAILQ entries, so that the sole user pfsync(4) can access the list
of rules by index to pick the n-th rule during state insertion.
Remove "ptr_array" and make pfsync iterate over the TAILQ instead to get the
matching rule's index. This simplifies both code and data structures and
avoids duplicate memory management.
OK sashan
|
|
Simply reuse struct size or buffer length variables for free() the very
same way they are used with malloc(), often within the same scope and/or
only a few lines above.
This leaves only a few selected free() calls with size zero in due to the
fact that there is currently no variable to keep track of name and secret
string lengths.
OK mvs
|
|
Most clonable interface drivers (except bridge, enc, loop, pppx,
switch, trunk and vlan) initialise the send queue's length to IFQ_MAXLEN
during *_clone_create() even though ifq_init(), which is eventually called
through if_attach(), does the same.
Remove all early "ifq_set_maxlen(&ifq->if_snd, IFQ_MAXLEN);" lines to leave
it to ifq_init() and have clonable drivers a tad more in sync.
OK mvs
|
|
There are either length variables tracking the allocated buffer or strings
allocated by their length, reuse the same idiom each time when freeing.
Reminder from Peter J. Philipp to account for NUL bytes in strings as well
OK mvs
|
|
ifconfig(8) detects switch(4) through its unique SIOCSWGDPID ioctl(2) and
further does another switch specific ioctl for the default output regardless
of configuration and/or members.
But since these two ioctls are limited to root, running ifconfig as
unprivileged user makes switch interfaces partially appear as bridge devices
because the detection fails, e.g. STP parameters are shown instead of
datapath id and flow parameters.
ifioctl() limits a list of set/write ioctls to root, but these two read-only
ioctls seem to have been listed by mistake, so remove them to omit the root
check and fix "ifconfig switch" output for unprivileged users.
Feedback from dlg
|
|
Unused since r1.138 from 2015: "remove cisco hdlc code from sppp(4)".
OK mpi
|
|
packets output out of KERNEL_LOCK. pppx(4) and pipex(4) are ready to
this.
ok yasuoka@ mpi@
|
|
filtering out messages for routes with flags matching any bit in a mask.
This allows routing daemons to opt out of receiving messages for L2 and
broadcast route entries, which they currently discard.
ok dlg@ sthen@ deraadt@
|
|
messages, and save the route flags before deleting the route. For L2
route entries, the RTF_LLINFO flag is cleared during deletion, so saving
the flags beforehand means they're correct in the routing socket message.
ok mpi@
|
|
count them because `if_snd' does this.
ok yasuoka@
|
|
pfsyncstart() does not require the big lock, make it use the ifq API.
OK mvs
|
|
packets output out of KERNEL_LOCK. pppac(4) and pipex(4) are ready to
this.
ok yasuoka@
|
|
So set `IFXF_MPSAFE' bit. This allows to discard outgoing packets without
kernel lock.
ok kn@
|
|
information. Make sure to only copy out actually used memory.
ok patrick@
|
|
joint work markus@ patrick@ bluhm@
|
|
ok mpi@
|
|
ok patrick@
|
