summaryrefslogtreecommitdiff
path: root/sys/netinet6/raw_ip6.c
AgeCommit message (Collapse)Author
2019-04-23For raw IPv6 sockets userland may specify an offset where theAlexander Bluhm
checksum field is located. During rip6 input and output make sure that this field is within the packet. The offset my be -1 to disable the feature, otherwise it must be non-negative and aligned. Do a stricter check during setsockopt(2). from FreeBSD; OK claudio@
2019-04-20Statistics of "netstat -s -f inet6 -p rip6" did not work. InAlexander Bluhm
rip6_sysctl_rip6stat() copy out rip6counters, not ip6counters. OK deraadt@ claudio@
2019-02-04Avoid an mbuf double free in the oob soreceive() path. In theAlexander Bluhm
usrreq functions move the mbuf m_freem() logic to the release block instead of distributing it over the switch statement. Then the goto release in the initial check, whether the pcb still exists, will not free the mbuf for the PRU_RCVD, PRU_RVCOOB, PRU_SENSE command. OK claudio@ mpi@ visa@ Reported-by: syzbot+8e7997d4036ae523c79c@syzkaller.appspotmail.com
2018-11-09Remove the last few XXX rdomain markers. Even those functions respect theClaudio Jeker
rdomain now and are therefor rdomain save. OK mpi@
2018-10-04Revert the inpcb table mutex commit. It triggers a witness panicAlexander Bluhm
in raw IP delivery and UDP broadcast loops. There inpcbtable_mtx is held and sorwakeup() is called within the loop. As sowakeup() grabs the kernel lock, we have a lock ordering problem. found by Hrvoje Popovski; OK deraadt@ mpi@
2018-09-20As a step towards per inpcb or socket locks, remove the net lockAlexander Bluhm
for netstat -a. Introduce a global mutex that protects the tables and hashes for the internet PCBs. To detect detached PCB, set its inp_socket field to NULL. This has to be protected by a per PCB mutex. The protocol pointer has to be protected by the mutex as netstat uses it. Always take the kernel lock in in_pcbnotifyall() and in6_pcbnotify() before the table mutex to avoid lock ordering problems in the notify functions. OK visa@
2018-09-13Add reference counting for inet pcb, this will be needed when weAlexander Bluhm
start locking the socket. An inp can be referenced by the PCB queue and hashes, by a pf mbuf header, or by a pf state key. OK visa@
2018-07-05It was possible to leak the control mbuf in raw ip user requestAlexander Bluhm
with sendmsg(2) and MSG_OOB. Sync the code in udp, rip, and rip6_usrreq. Add an inp NULL check in rip6_usrreq for consistency. OK benno@ mpi@
2018-07-04Prevent a mbuf double free by not freeing it along the error-path inanton
rip{6,}_usrreq() since soreceive() will free it. ok bluhm@
2018-04-24Push NET_LOCK down in the default ifioctl case.Paul Irofti
For the PRU_CONTROL bit the NET_LOCK surrounds in[6]_control() and on the ENOTSUPP case we guard the driver if_ioctl functions. OK mpi@
2018-02-01The function ip6_get_prevhdr() did return a pointer into a mbuf.Alexander Bluhm
It was not guaranteed that the mbuf data was not somewhere else in the chain. So return an offset and do a proper mbuf pulldown. found by Maxime Villard; from NetBSD; with markus@; OK deraadt@
2017-12-04Make divert lookup similar for all socket types. If PF_TAG_DIVERTEDAlexander Bluhm
is set, pf_find_divert() cannot fail so put an assert there. Explicitly check all possible divert types, panic in the default case. For raw sockets call pf_find_divert() before of the socket loop. Divert reply should not match on TCP or UDP listen sockets. OK sashan@ visa@
2017-11-28The divert structure was using the port number to indicate thatAlexander Bluhm
divert-to or divert-reply was active. If the address was also set, it meant divert-to. Divert packet used a separate structure. This is confusing and makes it hard to add new features. It is better to have a divert type that explicitly says what is configured. Adapt the pf rule struct in kernel and pfctl, no functional change. Note that kernel and pfctl have to be updated together. OK sashan@
2017-11-20Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare runningMartin Pieuchot
pr_input handlers without KERNEL_LOCK(). ok visa@
2017-11-02Move PRU_DETACH out of pr_usrreq into per proto pr_detachFlorian Obser
functions to pave way for more fine grained locking. Suggested by, comments & OK mpi
2017-10-08ramdisks do not contain MROUTING, so the local variable becomes unused.Theo de Raadt
wrap it.
2017-10-06Kill the divert-packet socket option IP_DIVERTFL to filter packets.Alexander Bluhm
It used a loop over the global list divbtable that would be hard to make MP safe. The port net/dnsfilter does not work without this, it should be converted to divert-to. Neither other ports nor base use this filter feature. ports checked by sthen@; OK mpi@ benno@
2017-09-05Replace NET_ASSERT_LOCKED() by soassertlocked() in *_usrreq().Martin Pieuchot
Not all of them need the NET_LOCK(). ok bluhm@
2017-09-01Change sosetopt() to no longer free the mbuf it receives and changeMartin Pieuchot
all the callers to call m_freem(9). Support from deraadt@ and tedu@, ok visa@, bluhm@
2017-08-15Convert hand rolled sockaddr checks to the nam2sin functions.Alexander Bluhm
Especially in tcp_usrreq() connect detect the correct address family based on the inp_flags instead of the sa_family user input. OK mpi@
2017-08-11Validate sockaddr from userland in central functions. This resultsAlexander Bluhm
in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
2017-06-26Assert that the corresponding socket is locked when manipulating socketMartin Pieuchot
buffers. This is one step towards unlocking TCP input path. Note that all the functions asserting for the socket lock are not necessarilly MP-safe. All the fields of 'struct socket' aren't protected. Introduce a new kernel-only kqueue hint, NOTE_SUBMIT, to be able to tell when a filter needs to lock the underlying data structures. Logic and name taken from NetBSD. Tested by Hrvoje Popovski. ok claudio@, bluhm@, mikeb@
2017-05-13Check for mapped addesses in rip6_output() like it is done inAlexander Bluhm
udp6_output(). Move the EAFNOSUPPORT error from rip6_usrreq() to rip6_output() like it is done for UDP. OK mpi@
2017-05-08Added initial IPv6 multicast routing support for multiple rdomains:Rafael Zalamena
* don't share mifs (multicast interface) between rdomains * allow multiple routing sockets connected at the same time if they are in different rdomains. ok bluhm@
2017-05-06Checking for IPv4 mapped addreses and dropping the packet is doneAlexander Bluhm
in ip6_input(). Do not check that again in the protocol input functions. OK mpi@
2017-04-19icmp6_rip6_input() was mostly duplicated code from rip6_input().Alexander Bluhm
Merge these functions together and remove icmp6_rip6_input(). OK mpi@
2017-04-17The raw ip input functions are called from several places. Use theAlexander Bluhm
address family passed down with pr_input to check that the correct one is used. OK florian@
2017-04-14Pass down the address family through the pr_input calls. ThisAlexander Bluhm
allows to simplify code used for both IPv4 and IPv6. OK mikeb@ deraadt@
2017-03-13Move PRU_ATTACH out of the pr_usrreq functions into pr_attach.Claudio Jeker
Attach is quite a different thing to the other PRU functions and this should make locking a bit simpler. This also removes the ugly hack on how proto was passed to the attach function. OK bluhm@ and mpi@ on a previous version
2017-03-03Convert the variable argument list of the pr_output functions toAlexander Bluhm
fixed parameters. OK mpi@ claudio@ dhill@
2017-02-09percpu counters for raw ipv6 and icmp6 statsJeremie Courreges-Anglas
ok mpi@
2017-02-05Use percpu counters for ip6statJeremie Courreges-Anglas
Try to follow the existing examples. Some notes: - don't implement counters_dec() yet, which could be used in two similar chunks of code. Let's see if there are more users first. - stop incrementing IPv6-specific mbuf stats, IPv4 has no equivalent. Input from mpi@, ok bluhm@ mpi@
2017-02-01In sogetopt, preallocate an mbuf to avoid using sleeping mallocs withDavid Hill
the netlock held. This also changes the prototypes of the *ctloutput functions to take an mbuf instead of an mbuf pointer. help, guidance from bluhm@ and mpi@ ok bluhm@
2017-01-23The function raw_input() has not been called since netiso has beenAlexander Bluhm
removed in 2004. The comment about raw_input() above rip_input() was added in 1981, but it is wrong since 1992. After that it has been copied to rip6_input(). (*pr_input)() is never called with the parameters (mbuf, sockproto, sockaddr, sockaddr). So retire raw_input(). OK guenther@ deraadt@
2017-01-10Remove NULL checks before m_free(9), it deals with it.Martin Pieuchot
ok bluhm@, kettenis@
2016-12-22Remove PIM support from the multicast stack.Rafael Zalamena
ok mpi@
2016-12-19Introduce the NET_LOCK() a rwlock used to serialize accesses to the partsMartin Pieuchot
of the network stack that are not yet ready to be executed in parallel or where new sleeping points are not possible. This first pass replace all the entry points leading to ip_output(). This is done to not introduce new sleeping points when trying to acquire ART's write lock, needed when a new L2 entry is created via the RT_RESOLVE. Inputs from and ok bluhm@, ok dlg@
2016-11-21Enforce that pr_usrreq functions are called at IPL_SOFTNET.Martin Pieuchot
This will allow us to keep locking simple as soon as we trade splsoftnet() for a rwlock. ok bluhm@, claudio@
2016-10-25bluhm@ pointed out that addr->sin6_port should be forced to zero sinceFlorian Obser
a port doesn't make sense for a raw socket. I forgot to commit this hunk in the previous commit. Sorry about that.
2016-10-25Fix bind(2)ing link local addresses to raw sockets by callingFlorian Obser
in6_pcbaddrisavail() which does all the checking for us instead of hand rolling half of it. Input & OK bluhm@ bluhm@ also points out that this relaxes the check for valid addresses a bit, deprecated addresses become valid for raw sockets. This should be fine, it brings raw sockets in line with udp/tcp sockets and it might be particularly interesting for debugging purposes.
2016-09-19convert bcopy to memcpy. from david hill. ok jcaTed Unangst
2016-08-22Sizes for free(9) from David Hill.Martin Pieuchot
2016-08-04Commit in6_selectsrc() split again, with missing assignment fixed.Vincent Gross
2016-07-22Revert in_selectsrc() refactoring, it breaks IPv6.Martin Pieuchot
Reported by Heiko on bugs@. ok stsp@, claudio@
2016-07-20Split in6_selectsrc() into a low-level part and a pcb-level part, andVincent Gross
convert in_selectsrc() prototype to match. Ok bluhm@ mpi@.
2016-07-05Expand IN6_IFF_NOTREADY, ok bluhm@Martin Pieuchot
2016-04-11This code chunk has been disabled since its import, and what is does isVincent Gross
quite unsafe. Juste delete it. Ok mpi@
2016-03-29remove dead stores and unused variablesCharles Longeau
ok bluhm@ jca@
2016-03-07Sync no-argument function declaration and definition by adding (void).Christian Weisgerber
ok mpi@ millert@
2015-11-24No need for <net/if_types.h>Martin Pieuchot
As a bonus this removes a "#if NCARP > 0", say yeah!