| Age | Commit message (Collapse) | Author |
|---|
|
strict. ICMP error packets generated by pf were not passed
immediately, but could be blocked. Preserve PF_TAG_GENERATED flag
in icmp_reflect() and icmp6_reflect().
reported by sf@; OK patrick@ kn@
|
|
icmp_send() must update IP header length if IP optaions are appended.
Such packet also has to be dispatched with IP_RAWOUTPUT flags.
Bug reported and fix co-designed by Dominik Schreilechner _at_ siemens _dot_ com
OK bluhm@
|
|
the first cut of this diff was made with coccinelle using this spatch:
@rule@
type caddr_t;
expression m, off, len, cp;
@@
-m_copydata(m, off, len, (caddr_t)cp)
+m_copydata(m, off, len, cp)
i had fix it's opinionated idea of formatting by hand though, so
i'm not sure it was worth it.
ok deraadt@ bluhm@
|
|
Since revision 1.87 of ip_icmp.c icmp_mtudisc_clone() ignored reject
routes. Otherwise TCP would clone these routes for PMTU discovery.
They will not work, even after dynamic routing has found a better
route than the reject route.
With IPsec the use case is different. First you need a route, but
then the flow handles the packet without routing. Usually this
route should be a reject route to avoid sending unencrypted traffic
if the flow is missing. But IPsec needs this route for PMTU
discovery, so use it for that.
OK claudio@ tobhe@
|
|
... these all look fine, derradt@
|
|
Range violations are now consistently reported as EOPNOTSUPP.
Previously they were mixed with ENOPROTOOPT.
OK kn@
|
|
- Use m_align() since it handles all cases
- Use same rounding logic in the size check as in m_align() so all data will
filt always.
- consolidate pkthdr initalisation into one place
- use m_prepend() instead of direct pointer manipulation (including the panic
in case an underflow happens).
OK bluhm@
|
|
The maximum is ICMP_MINLEN (8) + max IPv4 header size (60) + IPv6 header (40)
for the IPv6 over IPv4 transition case. By having up to this amount of data
consequtive in an mbuf makes the rest of the code simpler and no more extra
m_pullup calls are needed. Only length checks are now required.The maximum
size is also big enough for all other ICMP types that don't embed the IP
heaader. This ensures that all data has been m_pullup-ed before calling the
ctlinput function which can look that deep into the header.
OK bluhm@ markus@
|
|
check. This code was never reached as ICMP length was truncated
before, but fix the wrong calculation anyway.
OK claudio@
|
|
the end of the cluster (there is no M_ALIGN version for clusters so it is
hard coded). Also make the sanity check more general by using m_leadingspace.
Not a security issue since the cluster code is not reachable, there is enough
space in an mbuf.
OK bluhm@
|
|
|
|
these changes to the routing table have not been visible whereas the
RTM_DELETE of those routes have been. Remove this inconsistency.
Input and OK mpi@
OK henning@
|
|
It does not make sense to call if_get() again, just pass ifp as
parameter. Move the IFT_CARP check into the function instead of
doing it everywhere. Replace the inverted match variable logic
with simple returns.
OK mpi@ friehm@
|
|
state as diverted. This is necessary for IP input to accept the
packet as ours. But it must not be used to match the ICMP packet
to a raw socket. Clear the PF_TAG_DIVERTED mbuf pf flag for the
special ICMP and ICMP6 packets in icmp_input_if() and icmp6_input().
The m_tag_delete_chain() caused an inconsistent PF_TAG_DIVERTED
mbuf pf flag and PACKET_TAG_PF_DIVERT mbuf tag which triggered an
assert in rip_input(). Deleting all mbuf tags can have undesired
side effects and is not necessary anymore since icmp_reflect() calls
m_resethdr(). Do not touch the mbuf tags and adjust the mbuf pf
flags for the correct behavior of rip_input() and rip6_input().
reported by Chris Eidem, James Turner, vicviq, Scott Vanderbilt
OK mpi@
|
|
off the mbuf properties with m_resethdr(). It is a new packet,
especially M_LOOP indicating that it was running through lo(4)
should be cleared. Use the ph_loopcnt to prevent looping at the
upper end of the stack. Although not strictly necessary in icmp
reflect, it is a good idea to increase and check the counter here,
like in socket splicing.
OK mpi@ sashan@
|
|
Exposes per-CPU counters to real parrallelism.
ok visa@, bluhm@, jca@
|
|
retransmit timeout. Do not run path MTU discovery on local routes
as we never want that on loopback. For permanent ARP or ND entries
disable path MTU discovery as they use the same rt_expire field.
This prevents that permanent routes and entries disappear.
bug analysis friehm@; OK mpi@
|
|
bugs could easily result in use-after-free or double free. Introduce
m_freemp() which automatically resets the pointer before freeing
it. So we have less dangling pointers in the kernel.
OK krw@ mpi@ claudio@
|
|
ether_input(). Now we use mbuf tags instead of modifying the MAC
address.
ok mpi@
|
|
Free the options in icmp_input_if() after a successful call to
icmp_reflect().
bug report and analysis by Hendrik Gerlach
OK krw@ claudio@ phessler@
|
|
change the pointer. Then *mp keeps the invalid pointer and it might
be used. Fix the potential use after free and also reset *mp in
other places to have less dangling pointers to freed mbufs.
OK mpi@ mikeb@
|
|
No binary change.
OK mpi@
|
|
allows to simplify code used for both IPv4 and IPv6.
OK mikeb@ deraadt@
|
|
zero the buffers first. All the current objects appear to be safe,
however future changes might introduce structure pads.
Discussed with guenther, ok bluhm
|
|
ok dlg@ a while ago
some input from jca@ who wrote the same diff
|
|
to get rid of struct ip6protosw and some wrapper functions. It is
more consistent to have less different structures. The divert_input
functions cannot be called anyway, so remove them.
OK visa@ mpi@
|
|
IPv4 pr_ctlinput functions did return a void pointer that was always
NULL and never used. Make all functions void like in the IPv6 case.
OK mpi@
|
|
make the variable parameters of the protocol input functions fixed.
Also add the proto to make it similar to IPv6.
OK mpi@ guenther@ millert@
|
|
softnet assert failures. It is better to place the lock into
net_sysctl() where all the protocol sysctls are called via pr_sysctl.
As calling sysctl(2) is in the slow path, doing fine grained locking
has no benefit. Many sysctl cases copy out a struct. Having a
lock around that keeps the struct consistent. Put assertions in
the protocol sysctls that need it.
OK mpi@
|
|
of the network stack that are not yet ready to be executed in parallel or
where new sleeping points are not possible.
This first pass replace all the entry points leading to ip_output(). This
is done to not introduce new sleeping points when trying to acquire ART's
write lock, needed when a new L2 entry is created via the RT_RESOLVE.
Inputs from and ok bluhm@, ok dlg@
|
|
This will allow to strengthen checks when userland adds a route.
ok phessler@, bluhm@
|
|
IPv4 dynamic route inherits the priority. Only clone from a valid
IPv6 route. Do not use splsoftnet() in IPv6. Some stylistic changes
to make the functions similar.
OK mpi@
|
|
From Rivo Nurges; OK claudio@ mpi@ phessler@
|
|
each counter is identified by an enum value which correspond to the
original members of the ipstat struct.
ipstat_inc(ips_foo) replaces ipstat.ips_foo++ for the actual updates.
ipstat_inc is a thin wrapper around counters_inc.
counters are still returned to userland via the ipstat struct for now.
ok mpi@ mikeb@
|
|
Timers configured via rt_timer_add(9) always run at IPL_SOFTNET, so
assert that rather than calling splsoftnet().
ok bluhm@
|
|
This could result in a use after free if the route entry was holding
the last reference of the address descriptor.
ok jca@, bluhm@, claudio@
|
|
This will allows for stricter checks inside rtdeletemsg() and it should be
up to the caller to decide if the route needs to be deleted or not.
ok vgross@
|
|
this avoids current recursion to pf_test() function. the change also
switches icmp_error()/icmp6_error() to use ip_send()/ip6_send() so
they are safe for PF.
The idea comes from Markus Friedl. bluhm, mikeb and mpi helped me
a lot to get it into shape.
OK bluhm@, mpi@
|
|
are not used anymore. This has to be done before any interface
fields become invalid.
As the route delete request cannot call if_get() anymore, pass down
the interface. Split rtrequest_delete() into a separate function
that may take an existing inteface.
OK mpi@
|
|
for failed route lookups. This is something that was maybe useful in the
90is but in this modern times it is just annoying and nothing expect it
anyway. OK mpi@, sthen@
|
|
ok bluhm@
|
|
Inputs from and ok florian@, ok sthen@, visa@, sashan@
|
|
OK mpi@
|
|
|
|
While here add a missing ``rtableid'' check in in_selectsrc().
ok bluhm@
|
|
net/ip_input.c
|
|
specific places.
ok claudio@, benno@
|
|
the mbuf packet header. If the packet and is later dropped in
ip6_forward(), the TCP mbuf is copied and passed to icmp6_error().
IPv6 uses m_copym() and M_PREPEND() which preserve the packet header.
The inherited M_TCP_CSUM_OUT flag generates ICMP6 packets with an
incorrect checksum. So reset the csum_flags when packets are
generated by icmp6_reflect() or icmp6_redirect_output().
IPv4 does m_copydata() into a fresh mbuf. There m_inithdr() clears
the packet header, so the problem does not occur. But setting the
csum_flags explicitly also makes sense for icmp_send(). Do not or
M_ICMP_CSUM_OUT to a value that is 0 because of some function calls
before.
OK mpi@ lteo@
|
|
instead of chasing all the ways out of icmp_input, rename it to
icmp_input_if and call it from a wrapper that gets the ifp and puts
it after icmp_input_if call.
ok claudio@
|
|
From David Hill; OK mpi@; tested kspillner@; tweaks bluhm@
|
