| Age | Commit message (Collapse) | Author |
|---|
|
the big change is removing the integration with and reliance on
bridge(4) for learning vxlan endpoints. we have the etherbridge
layer now (which is used by veb, nvgre, bpe, etc) so vxlan can
operate independently of bridge(4) (or any other driver) while still
dynamically learning about other endpoints.
vxlan now uses the udp socket upcall mechanism to receive packets.
this means it actually creates and binds udp sockets to use rather
adding code in the udp layer for stealing packets from the udp
layer.
i think it's also important to note that this adds loop prevention
to the code. this stops a vxlan interface being used to transmit a
packet that was encapsulated in itself.
i want to clear this out of my tree where it's been sitting for
nearly a year. noone seems too concerned with the change either
way.
ok claudio@
|
|
do not bother operating on its first 8 bytes, which will always be zero.
ok visa@
|
|
A few variables in the kernel are only writeable before securelevel is
raised. It makes sense to handle them with less code.
OK sthen@ bluhm@
|
|
u_int t_flags. Shifting TF_TIMER with TCPT_DELACK can touch the
sign bit.
found by kubsan; suggested by deraadt@; OK miod@
|
|
found by kubsan; joint work with tobhe@; OK miod@
|
|
trees. ipsp_ids_lookup() returns `ids' with bumped reference
counter. original diff from mvs
ok mvs
|
|
ok jmc@ reads ok tb@
|
|
found by clang 13; OK tobhe@
|
|
dirty hacks, it is better to protect IPsec input and output with
kernel lock. Not much is lost as crypto needs the kernel lock
anyway. From here we can refine the lock later.
Note that there is no kernel lock in the SPD lockup path. Goal is
to keep that lock free to allow fast forwarding with non IPsec
traffic.
tested by Hrvoje Popovski; OK tobhe@
|
|
per packet and improve readability.
ok bluhm@
|
|
ok bluhm@
|
|
'tdb_data' struct became unused and was removed.
Tested by Hrvoje Popovski.
ok bluhm@
|
|
|
|
sleep. So holding the tdb_sadb_mtx() when calling walker() is not
allowed. Move the TDB from the TDB-Hash to a temporary list that
is protected by netlock. Then unlock tdb_sadb_mtx and traverse the
list to call the walker.
OK mvs@
|
|
and tdb_cleanspd(). gettdb...() can return a TDB before tdb_unlink().
Then ipsp_spd_lookup() could add it to tdb_policy_head after
tdb_cleanspd(). There it would stay until it hits the kassert in
tdb_free().
OK tobhe@
|
|
therefore the mandatory idiom is completely clearing structs before
building them for copyout -- that means ALMOST ALL STRUCTS, because
we never know when some architecture will pad a struct.. In two more
cases, the clearing wasn't performed.
from Reno Robert ZDI
ok millert bluhm
|
|
is NULL. It should be set in rti_fill(), but is not if malloc(9)
fails. There is no rollback after malloc failure so the field stays
uninitialized. The code is only called from ioctl, setsockopt or
a task. Malloc should wait instead of failing, otherwise syscalls
would be unreliable. While there also put an M_WAIT in the init
code. During init malloc must not fail.
OK mvs@
Reported-by: syzbot+e22326057ccf34908d78@syzkaller.appspotmail.com
|
|
two ECN bits. From daisuke.higashi at gmail.com via OpenSSH bz#3373,
ok claudio@, job@, djm@.
|
|
is also a list of SAs that belong to a policy. To make it MP safe,
protect these pointers with a mutex.
tested by Hrvoje Popovski; OK mvs@
|
|
TDB. Clearing the timeout flags just before pool put in tdb_free()
does not make sense. Move this to tdb_delete(). While there make
the parentheses in the flag check consistent.
tested by Hrvoje Popovski; OK tobhe@
|
|
that gettdb_dir() is MP safe now. Add the tdb_sadb_mtx mutex in
udpencap_ctlinput() to protect the access to tdb_snext. Make the
braces consistently for all these TDB loops. Move NET_ASSERT_LOCKED()
into the functions where the read access happens.
OK mvs@
|
|
may prevent that tdb_free() is called. It is not a real leak as
ipsecctl -F or termination of iked flush this cache when they remove
the IPsec policy. Move the code from tdb_free() to tdb_delete(),
then the kernel does the cleanup itself.
OK mvs@ tobhe@
|
|
pfkey_flush().
ok bluhm@ mvs@
|
|
pointer is passed to the function, it will return a refcounted TDB.
The ref happens when ipsp_spd_inp() copies the pointer from
ipo->ipo_tdb. The caller of ipsp_spd_lookup() has to unref after
using it.
tested by Hrvoje Popovski; OK mvs@ tobhe@
|
|
tunnels. It is never used, so this is useless code. Remove ipn
and ip6n IP header variables and the m_copydata() to fill them.
OK mvs@ kn@ sthen@
|
|
OK mpi@ mvs@
|
|
out whether the TDB is linked to the hash bucket does not work.
This fixes removal of SAs that could not be flushed with ipsecctl -F.
OK tobhe@
|
|
is not always needed, but the error value is necessary for the
caller. As TDB should be refcounted, it makes not sense to always
return it. Pass an output pointer for the TDB which can be NULL.
OK mvs@ tobhe@
|
|
OK mvs@ yasuoka@
|
|
the TDB sadb mutex with that. The old IPL_NET was chosen by accident.
OK mpi@
|
|
not make sense. Do not use the freeme pointer for TDB in pfkeyv2_send().
The pattern is tdb_alloc() and tdb_unref() in case of error. Replace
tdb_free() in reserve_spi() with tdb_unref() to keep this consistent.
Only tdb_unref() should call tdb_free().
OK mvs@
|
|
OK tobhe@
|
|
Protect tdb_unlink() and puttdb() for SADB_UPDATE with tdb_sadb_mutex.
Tested by Hrvoje Popovski
ok bluhm@ mvs@
|
|
|
|
covered yet, more ref counts to come. The timeouts are protected,
so the racy tdb_reaper() gets retired. The tdb_policy_head, onext
and inext lists are protected. All gettdb...() functions return a
tdb that is ref counted and has to be unrefed later. A flag ensures
that tdb_delete() is called only once.
Tested by Hrvoje Popovski; OK sthen@ mvs@ tobhe@
|
|
ICMP packet could be wrong. The mtu was taken from the loopback
interface as the tdb mtu was copied to the route too late. Without
crypto task, ipsp_process_packet() returns the EMSGSIZE error
earlier. Immediately update tdb and route mtu.
IPv4 part from markus@; OK tobhe@
|
|
in IPsec IPv6 tunnel. Implement sending ICMP6 packet too big
messages. Also implement the pf error case in ip6_forward(). While
there, do some cleanup and make the IPv4 and IPv6 code look similar.
OK tobhe@
|
|
userland the TDBs which exceeded hard limit.
Also the `ipsec_notdb' counter description in header doesn't math to
netstat(1) description. We never count `ipsec_notdb' and the netstat(1)
description looks more appropriate so it's used to avoid confusion with
the new counter.
ok bluhm@
|
|
|
|
string. help claudio@ ok bluhm@
|
|
and "show all tdbs" in ddb.
tested by Hrvoje Popovski; OK mvs@
|
|
crypto task anymore, it is possible to return the next protocol.
Then ip_deliver() will walk the header chain in its loop.
IPsec bridge(4) tested by jan@
OK mvs@ tobhe@ jan@
|
|
ok patrick@
|
|
ok patrick@
|
|
all callers get an update if the mbuf changes.
OK tobhe@
|
|
called from tdb_walk(). tdb_walk() needs mutex tdb_sadb_mtx to
protect the loop traversal. First take the kernel lock in tdb_walk()
to preserve lock order.
found by witness
OK tobhe@ mvs@
|
|
set the error output parameter or return a tdb. Both are ignored
in in_pcbconnect(). Remove the code that does nothing.
OK tobhe@ jca@ mvs@
|
|
mutex locking against myself panic introduced by my previous commit.
OK beck@ patrick@
|
|
the processing path. If rehashing fails due to low memory, just
keep the old hash buckets.
OK tobhe@
|
|
Found by jsg@
ok patrick@
|
