Age | Commit message (Collapse) | Author |
|
checksum field is located. During rip6 input and output make sure
that this field is within the packet. The offset my be -1 to disable
the feature, otherwise it must be non-negative and aligned. Do a
stricter check during setsockopt(2).
from FreeBSD; OK claudio@
|
|
rip6_sysctl_rip6stat() copy out rip6counters, not ip6counters.
OK deraadt@ claudio@
|
|
usrreq functions move the mbuf m_freem() logic to the release block
instead of distributing it over the switch statement. Then the
goto release in the initial check, whether the pcb still exists,
will not free the mbuf for the PRU_RCVD, PRU_RVCOOB, PRU_SENSE
command.
OK claudio@ mpi@ visa@
Reported-by: syzbot+8e7997d4036ae523c79c@syzkaller.appspotmail.com
|
|
rdomain now and are therefor rdomain save.
OK mpi@
|
|
in raw IP delivery and UDP broadcast loops. There inpcbtable_mtx
is held and sorwakeup() is called within the loop. As sowakeup()
grabs the kernel lock, we have a lock ordering problem.
found by Hrvoje Popovski; OK deraadt@ mpi@
|
|
for netstat -a. Introduce a global mutex that protects the tables
and hashes for the internet PCBs. To detect detached PCB, set its
inp_socket field to NULL. This has to be protected by a per PCB
mutex. The protocol pointer has to be protected by the mutex as
netstat uses it.
Always take the kernel lock in in_pcbnotifyall() and in6_pcbnotify()
before the table mutex to avoid lock ordering problems in the notify
functions.
OK visa@
|
|
start locking the socket. An inp can be referenced by the PCB queue
and hashes, by a pf mbuf header, or by a pf state key.
OK visa@
|
|
with sendmsg(2) and MSG_OOB. Sync the code in udp, rip, and
rip6_usrreq. Add an inp NULL check in rip6_usrreq for consistency.
OK benno@ mpi@
|
|
rip{6,}_usrreq() since soreceive() will free it.
ok bluhm@
|
|
For the PRU_CONTROL bit the NET_LOCK surrounds in[6]_control() and
on the ENOTSUPP case we guard the driver if_ioctl functions.
OK mpi@
|
|
It was not guaranteed that the mbuf data was not somewhere else in
the chain. So return an offset and do a proper mbuf pulldown.
found by Maxime Villard; from NetBSD; with markus@; OK deraadt@
|
|
is set, pf_find_divert() cannot fail so put an assert there.
Explicitly check all possible divert types, panic in the default
case. For raw sockets call pf_find_divert() before of the socket
loop. Divert reply should not match on TCP or UDP listen sockets.
OK sashan@ visa@
|
|
divert-to or divert-reply was active. If the address was also set,
it meant divert-to. Divert packet used a separate structure. This
is confusing and makes it hard to add new features. It is better
to have a divert type that explicitly says what is configured.
Adapt the pf rule struct in kernel and pfctl, no functional change.
Note that kernel and pfctl have to be updated together.
OK sashan@
|
|
pr_input handlers without KERNEL_LOCK().
ok visa@
|
|
functions to pave way for more fine grained locking.
Suggested by, comments & OK mpi
|
|
wrap it.
|
|
It used a loop over the global list divbtable that would be hard
to make MP safe. The port net/dnsfilter does not work without this,
it should be converted to divert-to. Neither other ports nor base
use this filter feature.
ports checked by sthen@; OK mpi@ benno@
|
|
Not all of them need the NET_LOCK().
ok bluhm@
|
|
all the callers to call m_freem(9).
Support from deraadt@ and tedu@, ok visa@, bluhm@
|
|
Especially in tcp_usrreq() connect detect the correct address family
based on the inp_flags instead of the sa_family user input.
OK mpi@
|
|
in common checks for unix, inet, inet6 instead of partial checks
here and there. Some checks are already done at a higher layer,
but better be paranoid with user input.
OK claudio@ millert@
|
|
buffers.
This is one step towards unlocking TCP input path. Note that all the
functions asserting for the socket lock are not necessarilly MP-safe.
All the fields of 'struct socket' aren't protected.
Introduce a new kernel-only kqueue hint, NOTE_SUBMIT, to be able to
tell when a filter needs to lock the underlying data structures. Logic
and name taken from NetBSD.
Tested by Hrvoje Popovski.
ok claudio@, bluhm@, mikeb@
|
|
udp6_output(). Move the EAFNOSUPPORT error from rip6_usrreq() to
rip6_output() like it is done for UDP.
OK mpi@
|
|
* don't share mifs (multicast interface) between rdomains
* allow multiple routing sockets connected at the same time if they are
in different rdomains.
ok bluhm@
|
|
in ip6_input(). Do not check that again in the protocol input
functions.
OK mpi@
|
|
Merge these functions together and remove icmp6_rip6_input().
OK mpi@
|
|
address family passed down with pr_input to check that the correct
one is used.
OK florian@
|
|
allows to simplify code used for both IPv4 and IPv6.
OK mikeb@ deraadt@
|
|
Attach is quite a different thing to the other PRU functions and
this should make locking a bit simpler. This also removes the ugly
hack on how proto was passed to the attach function.
OK bluhm@ and mpi@ on a previous version
|
|
fixed parameters.
OK mpi@ claudio@ dhill@
|
|
ok mpi@
|
|
Try to follow the existing examples. Some notes:
- don't implement counters_dec() yet, which could be used in two
similar chunks of code. Let's see if there are more users first.
- stop incrementing IPv6-specific mbuf stats, IPv4 has no equivalent.
Input from mpi@, ok bluhm@ mpi@
|
|
the netlock held. This also changes the prototypes of the *ctloutput
functions to take an mbuf instead of an mbuf pointer.
help, guidance from bluhm@ and mpi@
ok bluhm@
|
|
removed in 2004. The comment about raw_input() above rip_input()
was added in 1981, but it is wrong since 1992. After that it has
been copied to rip6_input(). (*pr_input)() is never called with
the parameters (mbuf, sockproto, sockaddr, sockaddr).
So retire raw_input().
OK guenther@ deraadt@
|
|
ok bluhm@, kettenis@
|
|
ok mpi@
|
|
of the network stack that are not yet ready to be executed in parallel or
where new sleeping points are not possible.
This first pass replace all the entry points leading to ip_output(). This
is done to not introduce new sleeping points when trying to acquire ART's
write lock, needed when a new L2 entry is created via the RT_RESOLVE.
Inputs from and ok bluhm@, ok dlg@
|
|
This will allow us to keep locking simple as soon as we trade
splsoftnet() for a rwlock.
ok bluhm@, claudio@
|
|
a port doesn't make sense for a raw socket.
I forgot to commit this hunk in the previous commit. Sorry about that.
|
|
in6_pcbaddrisavail() which does all the checking for us instead of
hand rolling half of it.
Input & OK bluhm@
bluhm@ also points out that this relaxes the check for valid addresses
a bit, deprecated addresses become valid for raw sockets. This should
be fine, it brings raw sockets in line with udp/tcp sockets and it
might be particularly interesting for debugging purposes.
|
|
|
|
|
|
|
|
Reported by Heiko on bugs@.
ok stsp@, claudio@
|
|
convert in_selectsrc() prototype to match.
Ok bluhm@ mpi@.
|
|
|
|
quite unsafe. Juste delete it.
Ok mpi@
|
|
ok bluhm@ jca@
|
|
ok mpi@ millert@
|
|
As a bonus this removes a "#if NCARP > 0", say yeah!
|