Age | Commit message (Collapse) | Author |
|
|
|
|
|
just use nitems(). (this leaves NENTS() alone for now)
ok deraadt@ krw@
|
|
No need to wrap input validation inside spltdb().
Simplify code by using a break instead of an else-block.
OK guenther@
|
|
localhost DoS everywhere. To help minimize further issues, make the
mbuf != NULL test explicit instead of implicit in a length test.
Suggestions and initial work by mpf@ and miod@
ok henning@, mpf@, claudio@,
|
|
a twist; ok millert@ kettenis@
|
|
tested by phessler@ pyr@
ok claudio@
"go ahead" deraadt@
|
|
tables on top of a rdomain) but until now our code was a crazy mix so that
it was impossible to correctly use rtables in that case. Additionally pf(4)
only knows about rtables and not about rdomains. This is especially bad when
tracking (possibly conflicting) states in various domains.
This diff fixes all or most of these issues. It adds a lookup function to
get the rdomain id based on a rtable id. Makes pf understand rdomains and
allows pf to move packets between rdomains (it is similar to NAT).
Because pf states now track the rdomain id as well it is necessary to modify
the pfsync wire format. So old and new systems will not sync up.
A lot of help by dlg@, tested by sthen@, jsg@ and probably more
OK dlg@, mpf@, deraadt@
|
|
mbuf allocated by the subroutines. OK kettenis@
|
|
IP_IPCOMP_LEVEL found by Clement LECIGNE, localhost root exploitable on
userland/kernel shared vm machines (ie. i386, amd64, arm, sparc (but not
sparc64), sh, ...) on OpenBSD 4.3 or older
copy of the ipv4 bug, spotted by claudio
|
|
destination of a packet was changed by pf. This allows for some evil
games with rdr-to or nat-to but is mostly needed for better rdomain/rtable
support. This is a first step and more work and cleanup is needed.
Here a list of what works and what does not (needs a patched pfctl):
pass out rdr-to:
from local rdr-to local addr works (if state tracking on lo0 is done)
from remote rdr-to local addr does NOT work
from local rdr-to remote works
from remote rdr-to remote works
pass in nat-to:
from remote nat-to local addr does NOT work
from remote nat-to non-local addr works
non-local is an IP that is routed to the FW but is not assigned on the FW.
The non working cases need some magic to correctly rewrite the incomming
packet since the rewriting would happen outbound which is too late.
"time to get it in" deraadt@
|
|
with m_tag_copy_chain() failures.
Use m_defrag() to eliminate hand rolled defragging of mbufs and
some uses of M_DUP_PKTHDR().
Original diff from thib@, claudio@'s feedback integrated by me.
Tests kevlo@ claudio@, "reads ok" blambert@
ok thib@ claudio@, "m_defrag() bits ok" kettenis@
|
|
as its a void function.
ok claudio@
|
|
alternate routing table and separate them from other interfaces in distinct
routing tables. The same network can now be used in any doamin at the same
time without causing conflicts.
This diff is mostly mechanical and adds the necessary rdomain checks accross
net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6.
input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@
|
|
ifconfig em0 -inet6
deletes all v6 addresses including link-local and prevents new ones from
being added.
ifconfig em0 inet6 <addr>
re-enables v6, brings the link local back and adds optional <addr>
ok theo reyk
|
|
OK deraadt@, miod@
|
|
code. In pf rtableid == -1 means don't change the rtableid because
of this rule. So it has to be signed int there. Before the value
is passed from pf to route it is always checked to be >= 0. Change
the type to int in pf and to u_int in netinet and netinet6 to make
the checks work. Otherwise -1 may be used as an array index and
the kernel crashes.
ok henning@
|
|
levels. This will allow for platforms where soft interrupt levels do not
map to real hardware interrupt levels to have soft ipl values overlapping
hard ipl values without breaking spl asserts.
|
|
the minimal IPv6 MTU minus the size of a frag header (which is needed because
of a hack in ip6_output/ip6_setpmtu).
Inspired by a similar fix from netbsd. OK markus@, OK deraadt@
|
|
the rest of the switch cases is a good camouflage.
|
|
This makes it possible to get a new default route by router advertisement
after the old one got deleted (or timed out).
Ok henning@, claudio@, mcbride@
|
|
Interface configuration causes neighbour discoverery, which runs packets
through parts of the stack that require at least splsoftnet(), like pf and
pfsync.
ok dlg
|
|
ok fries, hshoexer, claudio
|
|
Before accessing a ro_rt make sure the route is either freshly allocated or
RTF_UP is set. If not ro_rt should be freed and reallocated or at least no
info from the ro_rt should be considered valid.
This seems to solve the crashes seen by Felipe Alfaro Solana.
some sort of OK dlg@
|
|
M_ANYCAST6 was only used to signal tcp6_input() that it should drop the
packet and send back icmp error. This can be done in ip6_input() without
the need for a mbuf flag. Gives us back one slot in m_flags for possible
future need. Looked at and some input by naddy@ and henning@. OK dlg@
|
|
ok bluhm, fries, mpf; fixes pr 4188
|
|
This should take care of the simpler ones (i.e., timeout values of
integer multiples of hz).
ok krw@, art@
|
|
recycle mbufs. Based on an initial diff by henning@, also tested by todd@.
ok henning@
|
|
that the source address matches one of the interfaces address prefixes.
From NetBSD, tested by todd@ and naddy@
|
|
to prevent state key mismatches.
ok henning@
|
|
Found by LLVM/Clang Static Analyzer.
ok henning@ mpf@
|
|
pf_pkt_addr_changed to clear the recorded pf state information in the hdr
claudio ok
|
|
OK deraadt@, henning@
|
|
been moved to the protocol layer from ip_output at 2002/05/31. The
IPv6 part has been forgotten so packets could get encrypted
unintentionally.
ok hshoexer markus
|
|
every field individually.
ok claudio@ markus@ henning@ deraadt@
|
|
code. This fixes in6_ifloop_request warnings seen on carp interfaces.
OK henning@, found and tested by david@
|
|
ok todd deraadt naddy bluhm
|
|
ok mpf naddy
|
|
near maximal (2^32) cycle times. These are useful for network
IDs in cases where there are negative consequences to ID prediction
and/or reuse.
Use the idgen32() functions to generate IPv6 IDs and NFS client/server
XIDs.
Pseudorandom permutation code in crypto/idgen.c based on public
domain skip32.c from Greg Rose.
feedback & ok thib@ deraadt@
|
|
take a proc argument, theres no need for these, since
they are just wrappers.
OK claudio@
|
|
get hung in nfs_reconnect() because they do not have the proper
privilages to bind to a socket, by adding a struct proc * argument
to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind)
and do the sobind() with proc0 in nfs_connect.
OK markus@, blambert@.
"go ahead" deraadt@.
Fixes an issue reported by bernd@ (Tested by bernd@).
Fixes PR5135 too.
|
|
|
|
|
|
be left over. OK henning@
|
|
ln_hold or la_hold into temporary storage and null ln_hold or
la_hold before manually processing the mbuf chain. Discard the mbuf chain
if it is put back in the hold area.
ok claudio@ markus@
|
|
and the one route with the lowest number wins. This will be used by the
routing daemons to resolve the synchronisations issue in case of conflicts.
The nasty bits of this are in the multipath code. If no priority is specified
the kernel will choose an appropriate priority.
Looked at by a few people at n2k8 code is much older
|
|
|
|
it by reading the queues head pointer. if that pointer is not null
then it takes splnet and dequeues a packet for handling. this is
bad because the ifqueue head is modified at splnet and the sofnet
handlers read it without holding splnet.
this removes that check of the head pointer and simply checks if
the dequeue gave us a packet or not before proceeding.
found while reading mpls code.
discussed with norby@ and henning@
ok mcbride@ henning@
|
|
power of two.
use arc4random_bytes() when requesting more than a word of PRNG
output.
ok deraadt@
|
|
cmsg's, including alignments, ie. the sum of CMSG_SPACE()'s. any other
interpretation would be in violation of various unix specifications.
RFC3542 section 20.2 is totally and completely wrong -- it is not
allowed to over-ride the specification of msg_controllen, since the
intent is that one could mix-and-match various types of cmsg's and an
exact match is therefore required. ok kettenis, tested by many
|