summaryrefslogtreecommitdiff
path: root/sys/net
AgeCommit message (Collapse)Author
2011-03-14fixed a use-after-free bug introduced at 1.7 in pipex_mppe_output().YASUOKA Masahiko
ok dlg@ tested by jono
2011-03-14fix typoYASUOKA Masahiko
patch from Gleydson Soares ok dlg@
2011-03-13Add a way to enable/disable Wake On LAN with ifconfig.Stefan Sperling
ok deraadt
2011-03-07Declare the inline function pf_addr_compare() non-static in pfvar.hAlexander Bluhm
to make it reusable by pf fragment reassembly. No functional change. discussed with henning@, claudio@, deraadt@, kettenis@ ok guenther@
2011-03-05The function pf_tag_packet() never fails. Remove a redundant checkAlexander Bluhm
and make it void. ok henning@, markus@, mcbride@
2011-03-02when sending deferred packets use ip6_output for v6 frames instead ofDavid Gwynne
blindly assuming everything is v4 to be sent with ip_output. problem originally reported by Marco Fretz. fix verified locally. ok henning@ mcbride@
2011-02-24Don't use address and control field on PPPoE, they must not be used asYASUOKA Masahiko
the protocol.
2011-02-23fixup source address rewriting for the icmp errors with the rdr-to setup.Mike Belopuhov
problem was reported by babut at yandex dot ru in the pr 6564, tested by the pr originator and me, ok henning mcbride. shaves off a bunch of XXXs.
2011-02-18when changing the vlandev of a running vlan(4) interface, we also need toReyk Floeter
move the configured multicast addresses and preserve the promisc mode settings of the parent. this fixes an issue when carp stopped working on a vlan after the vlandev was manually changed. ok naddy@ phessler@
2011-02-14free mbuf in failure case. fix for pr6562. ok claudio.Ted Unangst
2011-02-14Add missing byte-order swap to pf_match_addr_range. Without this, rulesStuart Henderson
using address ranges (e.g. "10.1.1.1 - 10.1.1.5") did not match addresses correctly on little-endian systems. ok henning@
2011-02-13Unbreak userland as well, since bpf_filter.c is also used in libpcap.Can Erkin Acar
Noticed by robert at openbsd pap st, thanks.
2011-02-12Unbreak previous commit by adding the proper header file.Can Erkin Acar
2011-02-12Clear the filter memory area before using it. Leaving it uninitialized mayCan Erkin Acar
leak previous kernel stack contents through a malicioius BPF filter. Reported by Dan Rosenberg via Alistair Crooks. ok deraadt@, krw@, claudio@
2011-02-06pf_translate() may be called from pflog_packet(). Make sure thatAlexander Bluhm
IPv4-ICMP6 and IPv6-ICMP packets are not rewritten in case they are dropped and logged. spotted by mikeb@; ok henning@
2011-02-06pf_test() and pf_test6() drop IPv4-ICMP6 and IPv6-ICMP packets. DoAlexander Bluhm
not do the same check in pf_test_rule() again. ok henning
2011-02-05When a packet with an unusual protocol number got rewritten, theAlexander Bluhm
header lenght was uninitialized. This resulted in a panic in m_clget(). Initialize hdrlen with 0 and call m_copyback() only if necessary. ok henning@
2011-02-01The check for invalid IPv6 fragment size in pf_normalize_ip6() wasAlexander Bluhm
wrong. As an effect small valid fragmented packets got dropped and some invalid fragmented packets were passed. plen is the payload lenght of the ipv6 packet without the ipv6 header. off is relative to the whole packet including the ipv6 header. Add sizeof(struct ip6_hdr) in the calculation. ok henning@ markus@
2011-01-28Replace another m_free() with m_freem() to plug an mbuf leak in mpe_input().Reyk Floeter
ok gollo@
2011-01-28Fix another memory leak by replacing m_free() with m_freem() in trunk'sReyk Floeter
broadcast mode. ok blambert@ mikeb@
2011-01-28Change an m_free() to m_freem() to free the whole mbuf chain and to preventReyk Floeter
a possible memory leak with bpf's BIOCSFILDROP option which is currently used by dhcpd and dhclient. Found by gollo@
2011-01-28make sure that the size of the addresses userland is trying to configureDavid Gwynne
make sense, not just the family. from jonathan matthew ok yasuoka@
2011-01-25pool is properly spelled pl. makes this one fit in netstat column.Ted Unangst
2011-01-22Pf must not scrub packets which will be dropped anyway.Alexander Bluhm
ok henning@ markus@
2011-01-21make mpls compile w/o errors when inet6 is not definedMike Belopuhov
diff from form@ who's too busy drinking vodka with pelmeni to commit this; ok claudio
2011-01-20The reason accounting in pf_reassemble() was not correct. ChangeAlexander Bluhm
pf_reassemble() to return PF_DROP or PF_PASS and *m0 is NULL or the reassembled packet. In case of PF_DROP, the mbuf must be valid, e.g. for logging, and will be freed later. In case the reassembled packet is too big, use the reassembled mbuf for PF_DROP. ok henning@ markus@
2011-01-19Give pf_normalize_ip() the same 3 way semantics as pf_test().Alexander Bluhm
- PF_DROP, the packet is bad, the mbuf still exists and must be freed. - PF_PASS and *m0 is NULL, the packet has been processed, not an error. - PF_PASS and *m0 is not NULL, continue with packet processing. This fixes a potential mbuf use after free. ok henning@ markus@ mpf@
2011-01-18When changing the ifa_broadaddr broadcast address, ifa_update_broadaddr()Alexander Bluhm
copied the pointer to the sockaddr instead of the content of sockaddr_in. As the source of the data resides on the stack, the pointer got invalid later and the kernel crashed. As only addresses with fixed size are used, sa_len bytes of the sockaddr can be coppied. ok krw@ markus@ mpf@ claudio@ henning@
2011-01-12Never include SADB_X_EXT_REMOTE_AUTH (which is either aMike Belopuhov
passphrase or an RSA key) in the reply message. There's nothing that justifies this behavior and PF_KEY RFC prefers to exclude keys and other sensitive material from replies. Discussed with reyk, no objections from deraadt.
2011-01-11for key material that is being being discarded, convert bzero() toTheo de Raadt
explicit_bzero() where required ok markus mikeb
2011-01-11Perform IP options check in pf_test_rule(), before creating state.Ryan Thomas McBride
ok claudio henning dlg miod
2011-01-11delay deferred packets for a maximum of 20ms instead of 100 ticks (whichDavid Gwynne
varies by arch). the 20ms is still up for discussion. ok deraadt@
2011-01-10If pf_test() was called recursively, the global variable pf_hdrsAlexander Bluhm
could be used multiple times for different packets. This happened when pflow(4) was used. Instead of a global variable, store the pf_headers in a local variable on the stack. david@ found the bug, narrowed it down and tested the fix. ok henning@
2011-01-10DPFPRINTF already adds the "pf: ", no need to put it in the errorRyan Thomas McBride
string. ok henning dlg claudio
2011-01-06dst my point to memory inside rt so move the check up before theClaudio Jeker
rtfree(rt). Without this the sp_protocol on RTM_DELETE is garbage and rtsocket user that restrict the AF of the socket (like ospfd) will not see a single one of the RTM_DELETE. OK henning@, dlg@
2011-01-06Minor style nitClaudio Jeker
2011-01-06Put htons() around ip_randomid() for pf scrub random-id to make itAlexander Bluhm
consistent with the network stack. ok mcbride@ henning@
2011-01-06Do not assign m->m_pkthdr.rdomain before m was allocated.Claudio Jeker
Fix for rev 1.37 commit which would crash when slip(4) is used. Problem found the hard way by Henri Kemppainen.
2011-01-05Remove mbuf ptr save dance in pf_test6(). It was a leftover withAlexander Bluhm
misleading comment that did nothing. ok henning@ jsing@
2011-01-04in bpf_movein(), range-check mbuf size against MCLBYTES beforeTheo de Raadt
size_t to int truncation ok claudio
2011-01-03Allow to change vlan options of existing vlan(4)/svlan(4) devices atReyk Floeter
runtime instead of forcing the user to-recreate the interface with the changed options. The code now re-configures the interface instead of returning EBUSY. For example, it is now possible to run "ifconfig vlan1 vlandev em0; ifconfig vlan1 vlandev em1" in a sequence. ok claudio@ deraadt@
2010-12-31Remove dead code from pf_norm.c. The fragment cache is some leftoverAlexander Bluhm
from fragment crop. PFFRAG_NOBUFFER and PFFRAG_DROP are never set. pf_cache_pl and pf_cent_pl have no pool_get. ok henning@
2010-12-31Address comparisson is implemented twice in pf.c. Put this into aAlexander Bluhm
common function pf_addr_compare(). ok henning@
2010-12-24in pf_src_connlimit, the indices to sk->addr were swapped.Henning Brauer
tracked down and diff sent by Robert B Mills <rbmills at sdf.lonestar.org> thanks, very good work! ok claudio
2010-12-21Convert netisr to a normal soft interrupt instead of hanving MD codeClaudio Jeker
for it. This makes the netisr a real C function which will help further development. No noticable performance change on i386 and amd64. With input from kettenis@ and miod@ additional OKs mikeb@ and henning@
2010-12-15Be more careful when copying the pf rule from userland into the kernel.Claudio Jeker
All pointers in the struct need to be cleared and reset. So instead of bcopy the struct and clear some fields start with a clean struct and assign the values that need to be copied. Fixes a local vulnerability but only root can issue the problematic ioctl(). Reported by Jean Sigwald, has been in snaps for a while and OK deraadt@
2010-12-07remove a bunch of unused argumentsJonathan Gray
ok henning@
2010-11-29Let ifa_print_rb() build on INET6-free kernels. Repairs RAMDISK on a fewMiod Vallat
platforms.
2010-11-29use m_pulldown to get a contig view of the pfsync_header instead ofDavid Gwynne
m_pullup. not really a significant change since most rx bufs (which we read pfsync packets from) are a single contig cluster coming off the network, so we rarely hit the case m_pullup was called in.
2010-11-29get rid of struct pfsync_pkt. it was used to store data on the stack toDavid Gwynne
pass to all the submessage handlers, but only the flags part of it was ever used. just pass the flags directly instead.