| Age | Commit message (Collapse) | Author |
|---|
|
state as diverted. This is necessary for IP input to accept the
packet as ours. But it must not be used to match the ICMP packet
to a raw socket. Clear the PF_TAG_DIVERTED mbuf pf flag for the
special ICMP and ICMP6 packets in icmp_input_if() and icmp6_input().
The m_tag_delete_chain() caused an inconsistent PF_TAG_DIVERTED
mbuf pf flag and PACKET_TAG_PF_DIVERT mbuf tag which triggered an
assert in rip_input(). Deleting all mbuf tags can have undesired
side effects and is not necessary anymore since icmp_reflect() calls
m_resethdr(). Do not touch the mbuf tags and adjust the mbuf pf
flags for the correct behavior of rip_input() and rip6_input().
reported by Chris Eidem, James Turner, vicviq, Scott Vanderbilt
OK mpi@
|
|
for the Source Link-layer Address Options.
Merge nd6_rs_input() and nd6_ra_input() into one generic function that
does just that.
input & OK mpi
|
|
off the mbuf properties with m_resethdr(). It is a new packet,
especially M_LOOP indicating that it was running through lo(4)
should be cleared. Use the ph_loopcnt to prevent looping at the
upper end of the stack. Although not strictly necessary in icmp
reflect, it is a good idea to increase and check the counter here,
like in socket splicing.
OK mpi@ sashan@
|
|
from icmp6_reflect() to ip6_send_dispatch() when ip6_send() was
introduced. Move the comment that explains this flag also to the
place where it is used.
from sashan@
|
|
Exposes per-CPU counters to real parrallelism.
ok visa@, bluhm@, jca@
|
|
all the callers to call m_freem(9).
Support from deraadt@ and tedu@, ok visa@, bluhm@
|
|
retransmit timeout. Do not run path MTU discovery on local routes
as we never want that on loopback. For permanent ARP or ND entries
disable path MTU discovery as they use the same rt_expire field.
This prevents that permanent routes and entries disappear.
bug analysis friehm@; OK mpi@
|
|
over 10 years ago by RFC 4443. We are probably not going back.
OK deraadt, jca
|
|
With this we can also get rid of in6_prefix and in6_defrouter. They
are meaningless, the kernel no longer tracks this information.
Pointed out by & OK mpi
|
|
::1 as source address. It should be the link-local address of the
attached interface. The rtalloc() in icmp6_reflect() did not find
the correct local address. The IPv6 routing table does not use
sin6_scope_id, but the embedded scope. So do not recover the scope.
bug report Harald Dunkel; OK mpi@
|
|
ether_input(). Now we use mbuf tags instead of modifying the MAC
address.
ok mpi@
|
|
clang.
with tweak from and ok bluhm@
|
|
M_LOOP flag dance in ip6_output().
ok bluhm@, mpi@
|
|
change the pointer. Then *mp keeps the invalid pointer and it might
be used. Fix the potential use after free and also reset *mp in
other places to have less dangling pointers to freed mbufs.
OK mpi@ mikeb@
|
|
Merge these functions together and remove icmp6_rip6_input().
OK mpi@
|
|
No binary change.
OK mpi@
|
|
allows to simplify code used for both IPv4 and IPv6.
OK mikeb@ deraadt@
|
|
zero the buffers first. All the current objects appear to be safe,
however future changes might introduce structure pads.
Discussed with guenther, ok bluhm
|
|
OK mpi@
|
|
ok bluhm@
|
|
ok bluhm@
|
|
ok mpi@
|
|
Try to follow the existing examples. Some notes:
- don't implement counters_dec() yet, which could be used in two
similar chunks of code. Let's see if there are more users first.
- stop incrementing IPv6-specific mbuf stats, IPv4 has no equivalent.
Input from mpi@, ok bluhm@ mpi@
|
|
the netlock held. This also changes the prototypes of the *ctloutput
functions to take an mbuf instead of an mbuf pointer.
help, guidance from bluhm@ and mpi@
ok bluhm@
|
|
generating atomic fragments. So remove the code that sends them.
CVE-2016-10142 has been assigned to that issue.
OK visa@ mpi@
|
|
No functional change.
|
|
of the network stack that are not yet ready to be executed in parallel or
where new sleeping points are not possible.
This first pass replace all the entry points leading to ip_output(). This
is done to not introduce new sleeping points when trying to acquire ART's
write lock, needed when a new L2 entry is created via the RT_RESOLVE.
Inputs from and ok bluhm@, ok dlg@
|
|
This will allow to strengthen checks when userland adds a route.
ok phessler@, bluhm@
|
|
IPv4 dynamic route inherits the priority. Only clone from a valid
IPv6 route. Do not use splsoftnet() in IPv6. Some stylistic changes
to make the functions similar.
OK mpi@
|
|
From Rivo Nurges; OK claudio@ mpi@ phessler@
|
|
Timers configured via rt_timer_add(9) always run at IPL_SOFTNET, so
assert that rather than calling splsoftnet().
ok bluhm@
|
|
This is another little step towards deprecating 'struct route{,_in6}'.
ok bluhm@
|
|
|
|
Reported by Heiko on bugs@.
ok stsp@, claudio@
|
|
convert in_selectsrc() prototype to match.
Ok bluhm@ mpi@.
|
|
|
|
ok bluhm@ jca@
|
|
ok mpi@
|
|
This will allows for stricter checks inside rtdeletemsg() and it should be
up to the caller to decide if the route needs to be deleted or not.
ok vgross@
|
|
this avoids current recursion to pf_test() function. the change also
switches icmp_error()/icmp6_error() to use ip_send()/ip6_send() so
they are safe for PF.
The idea comes from Markus Friedl. bluhm, mikeb and mpi helped me
a lot to get it into shape.
OK bluhm@, mpi@
|
|
are not used anymore. This has to be done before any interface
fields become invalid.
As the route delete request cannot call if_get() anymore, pass down
the interface. Split rtrequest_delete() into a separate function
that may take an existing inteface.
OK mpi@
|
|
for failed route lookups. This is something that was maybe useful in the
90is but in this modern times it is just annoying and nothing expect it
anyway. OK mpi@, sthen@
|
|
ok bluhm@
|
|
ok sthen@, visa@, sashan@, florian@
|
|
Found by LLVM/Clang Static Analyzer.
ok bluhm@ mpi@
|
|
OK mpi@
|
|
die and ifp->if_mtu is the one true mtu.
Suggested by and OK mpi@
|
|
Instead of casts they check wether the incoming object has the
expected type. So introduce satosdl() and sdltosa() in the kernel.
OK mpi@
|
|
While here add two missing ``rtableid'' checks in in6_selectsrc().
ok bluhm@
|
|
callers rtfree(9) it.
Inputs and ok bluhm@
|
