summaryrefslogtreecommitdiff
path: root/sys/netinet/in_pcb.c
AgeCommit message (Collapse)Author
2020-05-27Connectionless sockets like UDP can be re-connected to a differentAlexander Bluhm
address. In that case, the linking to the pf state must be dissolved as the latter still contains the old address. If it is a divert state, also remove the state as any divert state must be associated with a matching socket. Call pf_remove_divert_state() and pf_inp_unlink() from in_pcbconnect(). reported by Tim Kuijsten; OK sashan@ claudio@
2019-07-15Initialize struct inpcb pool not on demand, but during initialization.Alexander Bluhm
Removes a global variable and avoids MP problems. OK mpi@ visa@
2018-10-04Revert the inpcb table mutex commit. It triggers a witness panicAlexander Bluhm
in raw IP delivery and UDP broadcast loops. There inpcbtable_mtx is held and sorwakeup() is called within the loop. As sowakeup() grabs the kernel lock, we have a lock ordering problem. found by Hrvoje Popovski; OK deraadt@ mpi@
2018-09-20As a step towards per inpcb or socket locks, remove the net lockAlexander Bluhm
for netstat -a. Introduce a global mutex that protects the tables and hashes for the internet PCBs. To detect detached PCB, set its inp_socket field to NULL. This has to be protected by a per PCB mutex. The protocol pointer has to be protected by the mutex as netstat uses it. Always take the kernel lock in in_pcbnotifyall() and in6_pcbnotify() before the table mutex to avoid lock ordering problems in the notify functions. OK visa@
2018-09-14In general it is a bad idea to use one random secret for two things.Alexander Bluhm
The inet PCB uses one hash with local and foreign addresses, and one with local port numbers. Give both hashes separate keys. Also document the struct fields. OK visa@
2018-09-13Add reference counting for inet pcb, this will be needed when weAlexander Bluhm
start locking the socket. An inp can be referenced by the PCB queue and hashes, by a pf mbuf header, or by a pf state key. OK visa@
2018-09-11Make the distribution of in_ and in6_ functions in in_pcb.c andAlexander Bluhm
in6_pcb.c consistent, to ease comparing the code. Move all inet6 functions to in6_. Bring functions in both source files in same order. Cleanup the include section. Now in_pcb.c is a superset of in6_pcb.c. The latter contains all the special implementations. Just moving arround, no code change intended. OK mpi@
2018-09-10Remove useless INPCBHASH() macros. Just expand them.Alexander Bluhm
OK stsp@
2018-09-07Explain the special case for redirect to localhost in a comment.Alexander Bluhm
input and OK claudio@
2018-07-11Retire RTM_LOSING, it no longer makes sense and on busy servers theClaudio Jeker
route socket is flooded with those messages. Instead maek sure that the removal of the dynamic route that can happen is actually also sent to the routing socket. OK mpi@ henning@
2018-06-14In in_pcballoc() finish the inp initialization before adding it toAlexander Bluhm
the global inpcb queue and hashes. OK visa@ mpi@ as part of a larger diff
2018-06-14Assert that the INP_IPV6 in in6_pcbconnect() is correct. Just callAlexander Bluhm
in_pcbconnect() to avoid the address family maze in syn_cache_get(). input claudio@; OK mpi@
2018-06-11Do not unlock the KERNEL_LOCK() unconditionally in sounlock().Martin Pieuchot
Instead introduce two flags to deal with global lock recursion. This is necessary until we get per-socket lock. Req. by and ok visa@
2018-06-11Push the KERNEL_LOCK() inside route_input().Martin Pieuchot
ok visa@, tb@
2018-06-07The global zero addresses must not change, mark them constant.Alexander Bluhm
OK tb@ visa@
2018-06-06Pass the socket to sounlock(), this prepare the terrain for per-socketMartin Pieuchot
locking. ok visa@, bluhm@
2018-06-03Use variable names for rtable and rdomain consistently in the in_pcbAlexander Bluhm
functions. discussed with and OK mpi@ visa@
2018-06-03Rename the incpb table field inpt_hash to inpt_mask as it containsAlexander Bluhm
the hashmask. For the resize calculations it is clearer to use the field inpt_size. OK visa@ mpi@
2018-06-02Cleanup the in_pcbnotifymiss diagnostic printfs. Always print theAlexander Bluhm
rdomain. Move the printf to the end of the pcb lookup functions. OK tb@ mpi@ visa@
2018-06-02The function in_pcbrehash() does not modify the pcb table queue.Alexander Bluhm
So in in_pcbresize() the variant without _SAFE of the TAILQ_FOREACH macro is sufficient. OK tb@ mpi@ visa@
2018-03-30Store the allocation size in inpcbhead for free().David Hill
OK visa@
2018-02-19Remove almost unused `flags' argument of suser().Martin Pieuchot
The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field. No objection from millert@, ok tedu@, bluhm@
2017-12-04Make divert lookup similar for all socket types. If PF_TAG_DIVERTEDAlexander Bluhm
is set, pf_find_divert() cannot fail so put an assert there. Explicitly check all possible divert types, panic in the default case. For raw sockets call pf_find_divert() before of the socket loop. Divert reply should not match on TCP or UDP listen sockets. OK sashan@ visa@
2017-12-01Fix white spaces and shorten long line.Alexander Bluhm
2017-12-01Simplify the reverse PCB lookup logic. The PF_TAG_TRANSLATE_LOCALHOSTAlexander Bluhm
security check prevents that the user accidentally configures redirect where a divert-to would be appropriate. Instead of spreading the logic into tcp and udp input, check the flag during PCB listen lookup. This also reduces parameters of in_pcblookup_listen(). OK visa@
2017-08-11Validate sockaddr from userland in central functions. This resultsAlexander Bluhm
in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
2017-08-04The in_pcbhashlookup() in in_pcbconnect() enforces that the 4 tupelAlexander Bluhm
of src/dst ip/port is unique for TCP. But if the socket is not bound, the automatic bind by connect happens after the check. If the socket has the SO_REUSEADDR flag, in_pcbbind() may select an existing local port. Then we had two colliding TCP PCBs. This resulted in a packet storm of ACK packets on loopback. The softnet task was constantly holding the netlock and has a high priority, so the system hung. Do the in_pcbhashlookup() again after in_pcbbind(). This creates sporadic "connect: Address already in use" errors instead of a hang. bug report and testing Olivier Antoine; OK mpi@
2017-06-09Replace rtrequest(RTM_DELETE...) rtrequest_delete() and do not evenMartin Pieuchot
try to remove a route from the table if it is and invalid cache. This is a step towards decoupling code dealing with userland and kernel inserted routes. ok bluhm@
2017-06-07Grab the KERNEL_LOCK() around rtm*() functions. Routing sockets globalsMartin Pieuchot
aren't protected by the NET_LOCK(). While here change lock assertions in rt_{set,put}gwroute(), the NET_LOCK() is enough. Tested by Hrvoje Popovski. ok jmatthew@, claudio@
2017-03-07When the inpcb queue and hash lists are traversed or modified weAlexander Bluhm
need netlock. Remove the obsolete splnet. OK mpi@
2017-03-07Initially in_pcballoc() hooked all new inpcb, including the IPv6Alexander Bluhm
ones, into the IPv4 hash. They cannot be used before bind(2) anyway and then they are rehashed and rehooked, so this was not noticed. Nevertheless put IPv6 PCBs into the IPv6 hash from the beginning. OK jca@ mpi@
2017-03-06Kill global list of IPv6 addresses.Martin Pieuchot
ok bluhm@
2017-03-06Prefix functions dealing with routing messages with 'rtm_' and keepMartin Pieuchot
them all in net/rtsock.c. This allows to easily spot which functions are doing a copyout(9) when dealing with the routing midlayer. ok phessler@, bluhm@, dhill@, krw@, claudio@
2016-10-06Remove redundant comments that say a function must be called atAlexander Bluhm
splsoftnet() if the function does a splsoftassert(IPL_SOFTNET) anyway.
2016-09-15all pools have their ipl set via pool_setipl, so fold it into pool_init.David Gwynne
the ioff argument to pool_init() is unused and has been for many years, so this replaces it with an ipl argument. because the ipl will be set on init we no longer need pool_setipl. most of these changes have been done with coccinelle using the spatch below. cocci sucks at formatting code though, so i fixed that by hand. the manpage and subr_pool.c bits i did myself. ok tedu@ jmatthew@ @ipl@ expression pp; expression ipl; expression s, a, o, f, m, p; @@ -pool_init(pp, s, a, o, f, m, p); -pool_setipl(pp, ipl); +pool_init(pp, s, a, ipl, f, m, p);
2016-09-06pool_setipl for various netinet and netinet6 bitsDavid Gwynne
thank you to everyone who helped reviewed these diffs ok mpi@
2016-08-04Commit in6_selectsrc() split again, with missing assignment fixed.Vincent Gross
2016-07-22Revert in_selectsrc() refactoring, it breaks IPv6.Martin Pieuchot
Reported by Heiko on bugs@. ok stsp@, claudio@
2016-07-20Split in6_selectsrc() into a low-level part and a pcb-level part, andVincent Gross
convert in_selectsrc() prototype to match. Ok bluhm@ mpi@.
2016-07-19NULLify a route pointer after calling rtfree(9).Martin Pieuchot
This should theoretically be a no-op because we're freeing the PCB right after, but it helps us debug a reference count problem found by otto@. ok mikeb@
2016-07-05Do not use ``rt_addr'' in in{6,}_selectsrc() it doesn't work with magicMartin Pieuchot
addresses set on p2p interfaces. Found the hardway by naddy@
2016-06-30Use ``rt_addr'' rather than ``rt_ifa'' to get the source addressMartin Pieuchot
corresponding to a route. ok florian@ on a previous version, input and ok bluhm@
2016-06-18Add net.inet.{tcp,udp}.rootonly sysctl, to mark which portsVincent Gross
cannot be bound to by non-root users. Ok millert@ bluhm@
2016-04-19Use the correct byte-order when checking against baddynamic ports,Stuart Henderson
restoring pre-1.190 behaviour. ok millert@ mpi@
2016-04-13Remove extra parenthesis around comparison.Vincent Gross
Found by David Hill <dhill@mindcry.org> with clang.
2016-04-12Unbreak tree. Put 'laddr6' declaration inside #ifdef INET6/#endif.Kenneth R Westerback
2016-04-11Simplify in_pcblookup_local() logic.Vincent Gross
ok mpi@
2016-04-11Rename in_pcblookup() to in_pcblookup_local() and change its prototypeVincent Gross
to get rid of the now useless foreign address and ports parameters. ok mpi@
2016-04-08We must always check if the socket is already bound, and always setVincent Gross
INPLOOKUP_IPV6 when applicable. Bug introduced in revision 1.197 by yours truly. Ok bluhm@
2016-04-05Move reserved port checks from in(6)_pcbaddrisavail() to in_pcbbind().Vincent Gross
Kill old comments while at it. Ok mpi@ bluhm@