Commit Graph

2643 Commits

Author SHA1 Message Date
Paul Saab
4f590175b7 Allow for nmbclusters and maxsockets to be increased via sysctl.
An eventhandler is used to update all the various zones that depend
on these values.
2006-04-21 09:25:40 +00:00
Gleb Smirnoff
4cbb118526 Merge rev. 1.240 of ip_output.c, so that IPFIREWALL_FORWARD_EXTENDED
kernel option will affect both forwarding methods - classic and fast.
2006-04-18 09:20:16 +00:00
Robert Watson
3cbe7fafa5 Modify tcp_timewait() to accept an inpcb reference, not a tcptw
reference.  For now, we allow the possibility that the in_ppcb
pointer in the inpcb may be NULL if a timewait socket has had its
tcptw structure recycled.  This allows tcp_timewait() to
consistently unlock the inpcb.

Reported by:	Kazuaki Oda <kaakun at highway dot ne dot jp>
MFC after:	3 months
2006-04-09 16:59:19 +00:00
Mohan Srinivasan
1714e18e79 Eliminate debug code that catches bugs in the hinting of sack variables
(tcp_sack_output_debug checks cached hints aginst computed values by walking the
scoreboard and reports discrepancies). The sack hinting code has been stable for
many months now so it is time for the debug code to go. Leaving tcp_sack_output_debug
ifdef'ed out in case we need to resurrect it at a later point.
2006-04-06 17:21:16 +00:00
Robert Watson
a460ae4b4c Don't unlock a timewait structure if the pointer is NULL in
tcp_timewait().  This corrects a bug (or lack of fixing of a bug)
in tcp_input.c:1.295.

Submitted by:	Kazuaki Oda <kaakun at highway dot ne dot jp>
MFC after:	3 months
2006-04-05 08:45:59 +00:00
Mohan Srinivasan
1f65c2cd31 Certain (bad) values of sack blocks can end up corrupting the sack scoreboard.
Make the checks in tcp_sack_doack() more robust to prevent this.

Submitted by: Raja Mukerji (raja@mukerji.com)
Reviewed by:  Mohan Srinivasan
2006-04-05 00:11:04 +00:00
Gleb Smirnoff
a73b656763 Add a tunable net.inet.tcp.maxtcptw, that allows to set a limit
on tcptw zone independently from setting a limit on socket zone.
2006-04-04 14:31:37 +00:00
Robert Watson
ae0e714308 Before dereferencing intotw() when INP_TIMEWAIT, check for inp_ppcb being
NULL.  We currently do allow this to happen, but may want to remove that
possibility in the future.  This case can occur when a socket is left
open after TCP wraps up, and the timewait state is recycled.  This will
be cleaned up in the future.

Found by:	Kazuaki Oda <kaakun at highway dot ne dot jp>
MFC after:	3 months
2006-04-04 12:26:07 +00:00
Robert Watson
cb895fb9b0 In TCP notify routines, check inpcb for INP_TIMEWAIT and INP_DROPPED.
The INP_DROPPED check replaces the current NULL checks; the INP_TIMEWAIT
checks appear to have always been required, but not been there, which
is/was a bug.  This avoids unconditionally casting of in_ppcb to a tcpcb,
when it may be a twtcb, which may have resulted in obscure ICMP-related
panics in earlier releases.

MFC after:	3 months
2006-04-03 14:07:50 +00:00
Robert Watson
afa39e25c4 Change inp_ppcb from caddr_t to void *, fix/remove associated related
casts.

Consistently use intotw() to cast inp_ppcb pointers to struct tcptw *
pointers.

Consistently use intotcpcb() to cast inp_ppcb pointers to struct tcpcb *
pointers.

Don't assign tp to the results to intotcpcb() during variable declation
at the top of functions, as that is before the asserts relating to
locking have been performed.  Do this later in the function after
appropriate assertions have run to allow that operation to be conisdered
safe.

MFC after:	3 months
2006-04-03 13:33:55 +00:00
Robert Watson
43f56a32a0 Style tweaks: convert to ANSI from K&R function prototypes.
MFC after:	3 months
2006-04-03 12:59:27 +00:00
Robert Watson
2fc5ae87d0 Update comment on tcp_close() for new world order.
MFC after:	3 months
2006-04-03 12:52:13 +00:00
Robert Watson
e6e65783d6 Clarify comment on handling of non-timewait TCP states in
tcp_usr_detach().

MFC after:	3 months
2006-04-03 12:43:56 +00:00
Robert Watson
fa38deac65 Fix up locking surrounding tcp_drop sysctl: in the new world order, we
don't free inpcbs until after the socket is closed, so we always need
to unlock an inpcb after calling tcp_drop() on it.

MFC after:	3 months
2006-04-03 11:57:12 +00:00
Robert Watson
3d2d3ef434 After checking for SO_ISDISCONNECTED in tcp_usr_accept(), return
immediately rather than jumping to the normal output handling, which
assumes we've pulled out the inpcb, which hasn't happened at this
point (and isn't necessary).

Return ECONNABORTED instead of EINVAL when the inpcb has entered
INP_TIMEWAIT or INP_DROPPED, as this is the documented error value.

This may correct the panic seen by Ganbold.

MFC after:	1 month
Reported by:	Ganbold <ganbold at micom dot mng dot net>
2006-04-03 09:52:55 +00:00
Robert Watson
a34f6c1e1d Correct incorrect assertion in div_bind(): inp must not be NULL here.
Reported by:	tegge
MFC after:	3 months
2006-04-03 09:01:17 +00:00
Robert Watson
953b5606df During reformulation of tcp_usr_detach(), the call to initiate TCP
disconnect for fully connected sockets was dropped, meaning that if
the socket was closed while the connection was alive, it would be
leaked.  Structure tcp_usr_detach() so that there are two clear
parts: initiating disconnect, and reclaiming state, and reintroduce
the tcp_disconnect() call in the first part.

MFC after:	3 months
2006-04-02 16:42:51 +00:00
Robert Watson
34af7bae80 Properly handle an edge case previously not handled correctly: a
socket can have a tcp connection that has entered time wait
attached to it, in the event that shutdown() is called on the
socket and the FINs properly exchange before close().  In this
case we don't detach or free the inpcb, just leave the tcptw
detached and freed, but we must release the inpcb lock (which we
didn't previously).

MFC after:	3 months
2006-04-01 23:53:25 +00:00
Robert Watson
623dce13c6 Update TCP for infrastructural changes to the socket/pcb refcount model,
pru_abort(), pru_detach(), and in_pcbdetach():

- Universally support and enforce the invariant that so_pcb is
  never NULL, converting dozens of unnecessary NULL checks into
  assertions, and eliminating dozens of unnecessary error handling
  cases in protocol code.

- In some cases, eliminate unnecessary pcbinfo locking, as it is no
  longer required to ensure so_pcb != NULL.  For example, the receive
  code no longer requires the pcbinfo lock, and the send code only
  requires it if building a new connection on an otherwise unconnected
  socket triggered via sendto() with an address.  This should
  significnatly reduce tcbinfo lock contention in the receive and send
  cases.

- In order to support the invariant that so_pcb != NULL, it is now
  necessary for the TCP code to not discard the tcpcb any time a
  connection is dropped, but instead leave the tcpcb until the socket
  is shutdown.  This case is handled by setting INP_DROPPED, to
  substitute for using a NULL so_pcb to indicate that the connection
  has been dropped.  This requires the inpcb lock, but not the pcbinfo
  lock.

- Unlike all other protocols in the tree, TCP may need to retain access
  to the socket after the file descriptor has been closed.  Set
  SS_PROTOREF in tcp_detach() in order to prevent the socket from being
  freed, and add a flag, INP_SOCKREF, so that the TCP code knows whether
  or not it needs to free the socket when the connection finally does
  close.  The typical case where this occurs is if close() is called on
  a TCP socket before all sent data in the send socket buffer has been
  transmitted or acknowledged.  If INP_SOCKREF is found when the
  connection is dropped, we release the inpcb, tcpcb, and socket instead
  of flagging INP_DROPPED.

- Abort and detach protocol switch methods no longer return failures,
  nor attempt to free sockets, as the socket layer does this.

- Annotate the existence of a long-standing race in the TCP timer code,
  in which timers are stopped but not drained when the socket is freed,
  as waiting for drain may lead to deadlocks, or have to occur in a
  context where waiting is not permitted.  This race has been handled
  by testing to see if the tcpcb pointer in the inpcb is NULL (and vice
  versa), which is not normally permitted, but may be true of a inpcb
  and tcpcb have been freed.  Add a counter to test how often this race
  has actually occurred, and a large comment for each instance where
  we compare potentially freed memory with NULL.  This will have to be
  fixed in the near future, but requires is to further address how to
  handle the timer shutdown shutdown issue.

- Several TCP calls no longer potentially free the passed inpcb/tcpcb,
  so no longer need to return a pointer to indicate whether the argument
  passed in is still valid.

- Un-macroize debugging and locking setup for various protocol switch
  methods for TCP, as it lead to more obscurity, and as locking becomes
  more customized to the methods, offers less benefit.

- Assert copyright on tcp_usrreq.c due to significant modifications that
  have been made as part of this work.

These changes significantly modify the memory management and connection
logic of our TCP implementation, and are (as such) High Risk Changes,
and likely to contain serious bugs.  Please report problems to the
current@ mailing list ASAP, ideally with simple test cases, and
optionally, packet traces.

MFC after:	3 months
2006-04-01 16:36:36 +00:00
Robert Watson
14ba8add01 Update in_pcb-derived basic socket types following changes to
pru_abort(), pru_detach(), and in_pcbdetach():

- Universally support and enforce the invariant that so_pcb is
  never NULL, converting dozens of unnecessary NULL checks into
  assertions, and eliminating dozens of unnecessary error handling
  cases in protocol code.

- In some cases, eliminate unnecessary pcbinfo locking, as it is no
  longer required to ensure so_pcb != NULL.  For example, in protocol
  shutdown methods, and in raw IP send.

- Abort and detach protocol switch methods no longer return failures,
  nor attempt to free sockets, as the socket layer does this.

- Invoke in_pcbfree() after in_pcbdetach() in order to free the
  detached in_pcb structure for a socket.

MFC after:	3 months
2006-04-01 16:20:54 +00:00
Robert Watson
4c7c478d0f Break out in_pcbdetach() into two functions:
- in_pcbdetach(), which removes the link between an inpcb and its
  socket.

- in_pcbfree(), which frees a detached pcb.

Unlike the previous in_pcbdetach(), neither of these functions will
attempt to conditionally free the socket, as they are responsible only
for managing in_pcb memory.  Mirror these changes into in6_pcbdetach()
by breaking it into in6_pcbdetach() and in6_pcbfree().

While here, eliminate undesired checks for NULL inpcb pointers in
sockets, as we will now have as an invariant that sockets will always
have valid so_pcb pointers.

MFC after:	3 months
2006-04-01 16:04:42 +00:00
Robert Watson
bc725eafc7 Chance protocol switch method pru_detach() so that it returns void
rather than an error.  Detaches do not "fail", they other occur or
the protocol flags SS_PROTOREF to take ownership of the socket.

soclose() no longer looks at so_pcb to see if it's NULL, relying
entirely on the protocol to decide whether it's time to free the
socket or not using SS_PROTOREF.  so_pcb is now entirely owned and
managed by the protocol code.  Likewise, no longer test so_pcb in
other socket functions, such as soreceive(), which have no business
digging into protocol internals.

Protocol detach routines no longer try to free the socket on detach,
this is performed in the socket code if the protocol permits it.

In rts_detach(), no longer test for rp != NULL in detach, and
likewise in other protocols that don't permit a NULL so_pcb, reduce
the incidence of testing for it during detach.

netinet and netinet6 are not fully updated to this change, which
will be in an upcoming commit.  In their current state they may leak
memory or panic.

MFC after:	3 months
2006-04-01 15:42:02 +00:00
Robert Watson
ac45e92ff2 Change protocol switch pru_abort() API so that it returns void rather
than an int, as an error here is not meaningful.  Modify soabort() to
unconditionally free the socket on the return of pru_abort(), and
modify most protocols to no longer conditionally free the socket,
since the caller will do this.

This commit likely leaves parts of netinet and netinet6 in a situation
where they may panic or leak memory, as they have not are not fully
updated by this commit.  This will be corrected shortly in followup
commits to these components.

MFC after:      3 months
2006-04-01 15:15:05 +00:00
Robert Watson
6882aa2c03 Define two new inpcb flags in the inp_vflag field, which for whatever
reason, seems to be where new flags are getting defined:

INP_DROPPED - The protocol has terminated this connection and the socket
              is not reusable: when the socket code enters the protocol,
              an error is immediately returned.  This will substitute for
              NULLing the so_pcb socket field, helping to implement the
              invariant that all valid sockets have valid pcb's in TCP.

INP_SOCKREF - The protocol has become the owner of the socket reference,
              and will need to free it when freeing the pcb, which will
              be used when a TCP socket is closed but still has queued
              data.

MFC after:	1 month
2006-03-26 11:30:31 +00:00
Robert Watson
a07b8fd178 Minor style tweak: tab after #define, not space.
MFC after:	1 month
2006-03-26 11:26:12 +00:00
Robert Watson
1c53f80637 Explicitly assert socket pointer is non-NULL in tcp_input() so as to
provide better debugging information.

Prefer explicit comparison to NULL for tcpcb pointers rather than
treating them as booleans.

MFC after:	1 month
2006-03-26 01:33:41 +00:00
Gleb Smirnoff
0fa0801895 o Introduce carp_multicast_cleanup(), which removes and frees
multicast addresses from carp interface. [1]
o Rewrite carpdetach(), so that it does the following things: [1]
  - Stops callouts.
  - Decrements carp_suppress_preempt, if needed.
  - Downs interface and sets CARP state to INIT.
  - Calls carp_multicast_cleanup().
  - Detaches softc from carp_if and if we are the last frees
    the carp_if.
o Use new carpdetach() in carp_clone_destroy().
o In carp_ifdetach() acquire the carp_if lock and cleanup all
  interfaces hanging on carp_if. [1]
o Make carp_ifdetach() static and use EVENT(9) to call it
  from if_detach(). [2]
o In carp_setrun() exit if the softc doesn't have a valid pointer
  to parent. [1]

Obtained from:	OpenBSD [1]
Submitted by:	Dan Lukes <dan obluda.cz> [2]
PR:		kern/82908 [2]
2006-03-21 14:29:48 +00:00
Giorgos Keramidas
f92e18f4fc Add descriptions for the sysctls:
net.inet.icmp.drop_redirect
    net.inet.icmp.log_redirect
    net.inet.icmp.icmplim
    net.inet.icmp.icmplim_output

Approved & text by:	andre
2006-03-20 21:44:12 +00:00
David Malone
fcd1001c63 Make net.inet.ip.portrange.reservedhigh and
net.inet.ip.portrange.reservedlow apply to IPv6 aswell as IPv4.

We could have made new sysctls for IPv6, but that potentially makes
things complicated for mapped addresses. This seems like the least
confusing option and least likely to cause obscure problems in the
future.

This change makes the mac_portacl module useful with IPv6 apps.

Reviewed by:	ume
MFC after:	1 month
2006-03-19 11:48:48 +00:00
Robert Watson
92c07a345e Change soabort() from returning int to returning void, since all
consumers ignore the return value, soabort() is required to succeed,
and protocols produce errors here to report multiple freeing of the
pcb, which we hope to eliminate.
2006-03-16 07:03:14 +00:00
Andrew Thompson
7f2d8767e0 Further refine the bridge hack in the arp code. Only do the special arp
handling for interfaces which are actually in the bridge group, ignore all
others.

MFC after:	3 days
2006-03-07 21:40:44 +00:00
Gleb Smirnoff
e2779391fa - Do not leak read lock in IP_FW_TABLE_GETSIZE case of ipfw_ctl().
- Acquire read (not write) lock in case of IP_FW_TABLE_LIST.

In collaboration with:	ru
2006-03-03 12:10:59 +00:00
Andre Oppermann
464fcfbc5c Rework TCP window scaling (RFC1323) to properly scale the send window
right from the beginning and partly clean up the differences in handling
between SYN_SENT and SYN_RCVD (syncache).

Further changes to this code to come.  This is a first incremental step
to a general overhaul and streamlining of the TCP code.

PR:		kern/15095
PR:		kern/92690 (partly)
Reviewed by:	qingli (and tested with ANVL)
Sponsored by:	TCP/IP Optimization Fundraise 2005
2006-02-28 23:05:59 +00:00
Qing Li
4b8e98d632 This patch fixes the problem where the current TCP code can not handle
simultaneous open. Both the bug and the patch were verified using the
ANVL test suite.

PR:		kern/74935
Submitted by:	qingli (before I became committer)
Reviewed by:	andre
MFC after:	5 days
2006-02-23 21:14:34 +00:00
Hajimu UMEMOTO
9bf40914d2 Obey opt_inet6.h in kernel build directory.
Reported by:	Peter Losher <plosher-keyword-freebsd.a36e57__at__plosh.net>
MFC after:	3 days
2006-02-20 12:30:32 +00:00
Andre Oppermann
8e8aab7aec Remove unneeded includes and provide more accurate description
to others.

Submitted by:	garys
PR:		kern/86437
2006-02-18 17:05:00 +00:00
Andre Oppermann
da3482e0f6 Add missing TH_PUSH to the TH_FLAGS enumeration.
Submitted by:	Andre Albsmeier <Andre.Albsmeier-at-siemens.com>
PR:		kern/85203
2006-02-18 16:50:08 +00:00
Andre Oppermann
eaf80179e2 Have TCP Inflight disable itself if the RTT is below a certain
threshold.  Inflight doesn't make sense on a LAN as it has
trouble figuring out the maximal bandwidth because of the coarse
tick granularity.

The sysctl net.inet.tcp.inflight.rttthresh specifies the threshold
in milliseconds below which inflight will disengage.  It defaults
to 10ms.

Tested by:	Joao Barros <joao.barros-at-gmail.com>,
		Rich Murphey <rich-at-whiteoaklabs.com>
Sponsored by:	TCP/IP Optimization Fundraise 2005
2006-02-16 19:38:07 +00:00
Andre Oppermann
cf744713e8 In in_pcbconnect_setup() reduce code duplication and use ip_rtaddr()
to find the outgoing interface for this connection.

Sponsored by:	TCP/IP Optimization Fundraise 2005
MFC after:	2 weeks
2006-02-16 15:45:28 +00:00
Andre Oppermann
a4684d742d Make sysctl_msec_to_ticks(SYSCTL_HANDLER_ARGS) generally available instead
of being private to tcp_timer.c.

Sponsored by:	TCP/IP Optimization Fundraise 2005
MFC after:	3 days
2006-02-16 15:40:36 +00:00
Ruslan Ermilov
ea9dce1461 When sending a packet from dummynet, indicate that we're forwarding
it so that ip_id etc. don't get overwritten.  This fixes forwarding
of fragmented IP packets through a dummynet pipe -- fragments came
out with modified and different(!) ip_id's, making it impossible to
reassemble a datagram at the receiver side.

Submitted by:	Alexander Karptsov (reworked by me)
MFC after:	3 days
2006-02-14 06:36:39 +00:00
Qing Li
eee9df08bd Set the M_ZERO flag when calling uma_zalloc() to allocate a syncache entry.
Reviewed by:	andre, glebius
MFC after:	3 days
2006-02-09 21:29:02 +00:00
Qing Li
c1fd993af9 Redo the previous fix by setting the UMA_ZONE_ZINIT bit in the syncache
zone, eliminating the need to call bzero() after each syncache entry
allocation.

Suggested by:	glebius
Reviewed by:	andre
MFC after:	3 days
2006-02-08 23:32:57 +00:00
Qing Li
737b12e98f Fixes a crash due to the memory of the newly allocated syncache entry
in syncache_lookup() is not cleared and may lead to an arbitrary and
bogus rtentry pointer which later gets free'd.

Reviewed by: andre
MFC after: 3 days
2006-02-07 19:59:46 +00:00
Oleg Bulyzhin
6edb555dbc Fix five years old bug in ip_reass(): if we are using 'full' (i.e. including
pseudo header) hardware rx checksum offloading ip_reass() fails to calculate
TCP/UDP checksum for reassembled packet correctly.  This also should fix
recent 'NFS over UDP over bge' issue exposed by if_bge.c rev. 1.123

Reviewed by:	sam (earlier version), bde
Approved by:	glebius (mentor)
MFC after:	2 weeks
2006-02-07 11:48:10 +00:00
Hajimu UMEMOTO
d5e8a67ee9 Never select the PCB that has INP_IPV6 flag and is bound to :: if
we have another PCB which is bound to 0.0.0.0.  If a PCB has the
INP_IPV6 flag, then we set its cost higher than IPv4 only PCBs.

Submitted by:	Keiichi SHIMA <keiichi__at__iijlab.net>
Obtained from:	KAME
MFC after:	1 week
2006-02-04 07:59:17 +00:00
Gleb Smirnoff
a7908db153 Dropping the lock in the transmit_event() is not safe, because we
store some pipe pointers on stack. If user reconfigures dummynet
in the interlock gap, we can work with freed pipes after relock.

To fix this, we decided not to send packets in transmit_event(),
but fill a queue. At the end of dummynet() and dummynet_io(),
after the lock is dropped, if there is something in the queue
we run dummynet_send() to process the queue.

In collaboration with:	ru
2006-02-03 11:38:19 +00:00
Gleb Smirnoff
ce62866023 Axe unused function. 2006-02-03 10:42:28 +00:00
Christian S.J. Peron
f5cdbcf14c Use PFIL_HOOKED macros in if_bridge and pass the right argument to
rw_assert. This un-breaks the build.

Submitted by:	Kostik Belousov
Pointy hat to:	csjp
2006-02-02 16:41:20 +00:00
Christian S.J. Peron
604afec496 Somewhat re-factor the read/write locking mechanism associated with the packet
filtering mechanisms to use the new rwlock(9) locking API:

- Drop the variables stored in the phil_head structure which were specific to
  conditions and the home rolled read/write locking mechanism.
- Drop some includes which were used for condition variables
- Drop the inline functions, and convert them to macros. Also, move these
  macros into pfil.h
- Move pfil list locking macros intp phil.h as well
- Rename ph_busy_count to ph_nhooks. This variable will represent the number
  of IN/OUT hooks registered with the pfil head structure
- Define PFIL_HOOKED macro which evaluates to true if there are any
  hooks to be ran by pfil_run_hooks
- In the IP/IP6 stacks, change the ph_busy_count comparison to use the new
  PFIL_HOOKED macro.
- Drop optimization in pfil_run_hooks which checks to see if there are any
  hooks to be ran, and returns if not. This check is already performed by the
  IP stacks when they call:

        if (!PFIL_HOOKED(ph))
                goto skip_hooks;

- Drop in assertion which makes sure that the number of hooks never drops
  below 0 for good measure. This in theory should never happen, and if it
  does than there are problems somewhere
- Drop special logic around PFIL_WAITOK because rw_wlock(9) does not sleep
- Drop variables which support home rolled read/write locking mechanism from
  the IPFW firewall chain structure.
- Swap out the read/write firewall chain lock internal to use the rwlock(9)
  API instead of our home rolled version
- Convert the inlined functions to macros

Reviewed by:	mlaier, andre, glebius
Thanks to:	jhb for the new locking API
2006-02-02 03:13:16 +00:00
Andre Oppermann
1dfcf0d2a3 Move the IPSEC related code blocks to their own file to unclutter
and signifincantly improve the readability of ip_input() and
ip_output() again.

The resulting IPSEC hooks in ip_input() and ip_output() may be
used later on for making IPSEC loadable.

This move is mostly mechanical and should preserve current IPSEC
behaviour as-is.  Nothing shall prevent improvements in the way
IPSEC interacts with the IPv4 stack.

Discussed with:	bz, gnn, rwatson; (earlier version)
2006-02-01 13:55:03 +00:00
Ruslan Ermilov
e46c3da737 Brain-o (use standard int types now). 2006-02-01 06:15:37 +00:00
Ruslan Ermilov
bc7eeed4c9 Fix multicast routing on 64-bit platforms.
Tested on:	amd64
MFC after:	3 days
2006-01-31 22:39:35 +00:00
Andrew Thompson
235073f4c0 Now that the bridge also processes Ethernet frames as itself, two arp replies
will be sent if there is an address on the bridge. Exclude the bridge from the
special arp handling.

This has been tested with all combinations of addresses on the bridge and members.

Pointed out by:	Michal Mertl
2006-01-31 21:29:41 +00:00
Gleb Smirnoff
25af0bb50e Add some initial locking to gif(4). It doesn't covers the whole driver,
however IPv4-in-IPv4 tunnels are now stable on SMP. Details:

- Add per-softc mutex.
- Hold the mutex on output.

The main problem was the rtentry, placed in softc. It could be
freed by ip_output(). Meanwhile, another thread being in
in_gif_output() can read and write this rtentry.

Reported by:	many
Tested by:	Alexander Shiryaev <aixp mail.ru>
2006-01-30 08:39:09 +00:00
Andrew Thompson
74948aa6f3 Back out of r1.148, it causes two arp replies to be sent with different mac
addresses. One for the bridged interface with the IP address assigned but then
another with the mac for the bridge itself.
2006-01-29 23:21:01 +00:00
Andre Oppermann
ab48768b20 When doing IP forwarding with [FAST_]IPSEC compiled into the kernel
ip_forward() would report back a zero MTU in ICMP needfrag messages
because on a IPSEC SP lookup failure no MTU got computed.

Fix this by changing the logic to compute a new MTU in any case if
IPSEC didn't do it.

Change MTU computation logic to use egress interface MTU if available
or the next smaller MTU compared to the current packet size instead
of falling back to a very small fixed MTU.

Fix associated comment.

PR:		kern/91412
MFC after:	3 days
2006-01-24 17:57:19 +00:00
Andre Oppermann
1dec73a153 In ip_mdq() compute the TV_DELTA the correct way around.
PR:		kern/91851
Submitted by:	SAKAI Hiroaki <sakai.hiroaki-at-jp.fujitsu.com>
MFC after:	3 days
2006-01-24 17:09:12 +00:00
Andre Oppermann
31343a3da2 In in_control() remove the temporary in_ifaddr structure from the
ia_hash only if it actually is an AF_INET address.  All other places
test for sa_family == AF_INET but this one.

PR:		kern/92091
Submitted by:	Seth Kingsley <sethk-at-meowfishies.com>
MFC after:	3 days
2006-01-24 16:19:31 +00:00
Oleg Bulyzhin
44a515834f Fix minor bug in uRPF:
If net.link.ether.inet.useloopback=1 and we send broadcast packet using our
  own source ip address it may be rejected by uRPF rules.

  Same bug was fixed for IPv6 in rev. 1.115 by suz.

PR:		kern/76971
Approved by:	glebius (mentor)
MFC after:	3 days
2006-01-24 13:38:06 +00:00
Gleb Smirnoff
0b4ae859ac Implement 'ipfw fwd laddr,port' feature for UDP. According to ipfw(8)
it should work, however it never did. People expect it to work.

PR:		kern/90834
2006-01-24 09:08:54 +00:00
Gleb Smirnoff
1c0b0f523d Fix build. 2006-01-23 20:10:49 +00:00
Andre Oppermann
06003a1e7c Simplify ip_next_mtu() and make its logic more easy to see while
silencing code analysis tools.

Found by:	Coverity Prevent(tm)
Coverity ID:	CID341
Sponsored by:	TCP/IP Optimization Fundraise 2005
2006-01-23 17:06:32 +00:00
Robert Watson
136d4f1cf2 Convert remaining functions to ANSI C function declarations; remove
'register' where present.

MFC after:	1 week
2006-01-22 01:16:25 +00:00
Robert Watson
d0c75d36b9 Convert last remaining function in ip_gre.c to ANSI C function
declaration.

MFC after:	1 week
2006-01-22 01:08:30 +00:00
Bjoern A. Zeeb
3f2e28fe9f Fix stack corruptions on amd64.
Vararg functions have a different calling convention than regular
functions on amd64. Casting a varag function to a regular one to
match the function pointer declaration will hide the varargs from
the caller and we will end up with an incorrectly setup stack.

Entirely remove the varargs from these functions and change the
functions to match the declaration of the function pointers.
Remove the now unnecessary casts.

Lots of explanations and help from:     peter
Reviewed by:                            peter
PR:                                     amd64/89261
MFC after:                              6 days
2006-01-21 10:44:34 +00:00
Christian S.J. Peron
9c57c204be - Change the return type for init_tables from void to int so we can propagate
errors from rn_inithead back to the ipfw initialization function.
- Check return value of rn_inithead for failure, if table allocation has
  failed for any reason, free up any tables we have created and return ENOMEM
- In ipfw_init check the return value of init_tables and free up any mutexes or
  UMA zones which may have been created.
- Assert that the supplied table is not NULL before attempting to dereference.

This fixes panics which were a result of invalid memory accesses due to failed
table allocation. This is an issue mainly because the R_Zalloc function is a
malloc(M_NOWAIT) wrapper, thus making it possible for allocations to fail.

Found by:	Coverity Prevent (tm)
Coverity ID:	CID79
MFC after:	1 week
2006-01-20 05:35:27 +00:00
Christian S.J. Peron
e9186cb94b Destroy the dynamic rule zone in the event that we fail to insert the
initial default rule.

MFC after:	1 week
2006-01-20 03:21:25 +00:00
Andre Oppermann
0270746230 Do not derefence the ip header pointer in the IPv6 case.
This fixes a bug in the previous commit.

Found by:	Coverity Prevent(tm)
Coverity ID:	CID253
Sponsored by:	TCP/IP Optimization Fundraise 2005
MFC after:	3 days
2006-01-18 18:59:30 +00:00
Andre Oppermann
8f8d29f686 In in_delayed_cksum() we can't perform a m_pullup() as it may
change the mbuf pointer and we don't have any way of passing
it back to the callers.  Instead just fail silently without
updating the checksum but leaving the mbuf+chain intact.

A search in our GNATS database did not turn up any match for
the existing warning message when this case is encountered.

Found by:	Coverity Prevent(tm)
Coverity ID:	CID779
Sponsored by:	TCP/IP Optimization Fundraise 2005
MFC after:	3 days
2006-01-18 18:49:16 +00:00
Andre Oppermann
79eb490467 In syncache_expand() insert a proper syncache_free() to fix a case
that currently can't be triggered.  But better be safe than sorry
later on.  Additionally it properly silences Coverity Prevent for
future tests.

Found by:	Coverity Prevent(tm)
Coverity ID:	CID802
Sponsored by:	TCP/IP Optimization Fundraise 2005
MFC after:	3 days
2006-01-18 18:25:03 +00:00
Andre Oppermann
39550088cf Prevent dereferencing a NULL route pointer when trying to update the
route MTU.

This bug is very difficult to reach and not remotely exploitable.

Found by:	Coverity Prevent(tm)
Coverity ID:	CID162
Sponsored by:	TCP/IP Optimization Fundraise 2005
MFC after:	3 days
2006-01-18 15:05:05 +00:00
Andre Oppermann
5d691e6da8 Return mbuf pointer or NULL from ip_fastforward() as the mbuf pointer
may have changed by m_pullup() during fastforward processing.

While this is a bug it is actually never triggered in real world
situations and it is not remotely exploitable.

Found by:	Coverity Prevent(tm)
Coverity ID:	CID780
Sponsored by:	TCP/IP Optimization Fundraise 2005
2006-01-18 14:24:39 +00:00
Robert Watson
d248c7d7f5 Modify the IP fragment reassembly code so that it uses a new UMA zone,
ipq_zone, to allocate fragment headers from, rather than using cast mbuf
storage.  This was one of the few remaining uses of mbuf storage for
local data structures that relied on dtom().  Implement the resource
limit on ipq's using UMA zone limits, but preserve current sysctl
semantics using a sysctl proc.

MFC after:	3 weeks
2006-01-15 18:58:21 +00:00
Robert Watson
dfa60d9354 Staticize ipqlock, since it is local to ip_input.c.
MFC after:	3 days
2006-01-15 17:05:48 +00:00
George V. Neville-Neil
34f83c52e7 Check the correct TTL in both the IPv6 and IPv4 cases.
Submitted by:	glebius
Reviewed by:	gnn, bz
Found with:     Coverity Prevent(tm)
2006-01-14 16:39:31 +00:00
Gleb Smirnoff
ecedca7441 UMA can return NULL not only in case when our zone is full, but
also in case of generic memory shortage. In the latter case we may
not find an old entry.

Found with:	Coverity Prevent(tm)
2006-01-14 13:04:08 +00:00
Robert Watson
e5bc0aa3c3 Remove dead code: 'opts' is not used in udp_append(), only in udp_input(),
so no need to assign it to NULL or conditionally free it.

Found with:	Coverity Prevent(tm)
MFC after:	3 days
2006-01-14 11:18:32 +00:00
Andrew Thompson
54c427e0e2 Include the bridge interface itself in the special arp handling.
PR:		90973
MFC after:	1 week
2006-01-12 21:05:30 +00:00
Colin Percival
9ed97bee65 Correct insecure temporary file usage in texindex. [06:01]
Correct insecure temporary file usage in ee. [06:02]
Correct a race condition when setting file permissions, sanitize file
names by default, and fix a buffer overflow when handling files
larger than 4GB in cpio. [06:03]
Fix an error in the handling of IP fragments in ipfw which can cause
a kernel panic. [06:04]

Security:	FreeBSD-SA-06:01.texindex
Security:	FreeBSD-SA-06:02.ee
Security:	FreeBSD-SA-06:03.cpio
Security:	FreeBSD-SA-06:04.ipfw
2006-01-11 08:02:16 +00:00
Andrew Thompson
73ff045c57 Add RFC 3378 EtherIP support. This change makes it possible to add gif
interfaces to bridges, which will then send and receive IP protocol 97 packets.
Packets are Ethernet frames with an EtherIP header prepended.

Obtained from:	NetBSD
MFC after:	2 weeks
2005-12-21 21:29:45 +00:00
Xin LI
92e0a4a2a4 Use consistent indent character as other IPPROTO_* lines did. 2005-12-20 09:38:03 +00:00
George V. Neville-Neil
496f9fc522 Add protocol number for SCTP.
Submitted by:	Randall Stewart rrs at cisco.com
MFC after:	1 week
2005-12-20 09:24:04 +00:00
Gleb Smirnoff
3939390679 Add a knob to suppress logging of attempts to modify
permanent ARP entries.

Submitted by:	Andrew Alcheyev <buddy telenet.ru>
2005-12-18 19:11:56 +00:00
Ed Maste
bd2b686fe8 Add descriptions for sysctl -d.
Approved by:	glebius
Silence from:	rwatson (mentor)
2005-12-16 15:01:44 +00:00
Gleb Smirnoff
6e02dbdfa3 Cleanup __FreeBSD_version. 2005-12-16 13:10:32 +00:00
John Baldwin
636a309adb Use %t (ptrdiff_t modifier) to print a couple of pointer differences rather
than casting them to int.
2005-12-15 21:57:32 +00:00
Maxime Henrion
e59898ff36 Fix a bunch of SYSCTL_INT() that should have been SYSCTL_ULONG() to
match the type of the variable they are exporting.

Spotted by:	Thomas Hurst <tom@hur.st>
MFC after:	3 days
2005-12-14 22:27:48 +00:00
Gleb Smirnoff
40b1ae9e00 Add a new feature for optimizining ipfw rulesets - substitution of the
action argument with the value obtained from table lookup. The feature
is now applicable only to "pipe", "queue", "divert", "tee", "netgraph"
and "ngtee" rules.

An example usage:

  ipfw pipe 1000 config bw 1000Kbyte/s
  ipfw pipe 4000 config bw 4000Kbyte/s
  ipfw table 1 add x.x.x.x 1000
  ipfw table 1 add x.x.x.y 4000
  ipfw pipe tablearg ip from table(1) to any

In the example above the rule will throw different packets to different pipes.

TODO:
  - Support "skipto" action, but without searching all rules.
  - Improve parser, so that it warns about bad rules. These are:
    - "tablearg" argument to action, but no "table" in the rule. All
      traffic will be blocked.
    - "tablearg" argument to action, but "table" searches for entry with
      a specific value. All traffic will be blocked.
    - "tablearg" argument to action, and two "table" looks - for src and
      for dst. The last lookup will match.
2005-12-13 12:16:03 +00:00
Gleb Smirnoff
bbce982bd5 When we drop packet due to no space in output interface output queue, also
increase the ifp->if_snd.ifq_drops.

PR:		72440
Submitted by:	ikob
2005-12-06 11:16:11 +00:00
Gleb Smirnoff
95d1f36f82 Optimize parallel processing of ipfw(4) rulesets eliminating the locking
of the radix lookup tables. Since several rnh_lookup() can run in
parallel on the same table, we can piggyback on the shared locking
provided by ipfw(4).
  However, the single entry cache in the ip_fw_table can't be used lockless,
so it is removed. This pessimizes two cases: processing of bursts of similar
packets and matching one packet against the same table several times during
one ipfw_chk() lookup. To optimize the processing of similar packet bursts
administrator should use stateful firewall. To optimize the second problem
a solution will be provided soon.

Details:
  o Since we piggyback on the ipfw(4) locking, and the latter is per-chain,
    the tables are moved from the global declaration to the
    struct ip_fw_chain.
  o The struct ip_fw_table is shrunk to one entry and thus vanished.
  o All table manipulating functions are extended to accept the struct
    ip_fw_chain * argument.
  o All table modifing functions use IPFW_WLOCK_ASSERT().
2005-12-06 10:45:49 +00:00
Ruslan Ermilov
f4e9888107 Fix -Wundef. 2005-12-04 02:12:43 +00:00
Hajimu UMEMOTO
8846bbf3ce obey opt_inet6.h and opt_ipsec.h in kernel build directory.
Requested by:	hrs
2005-11-29 17:56:11 +00:00
Gleb Smirnoff
b090e4ce1f Garbage-collect now unused struct _ipfw_insn_pipe and flush_pipe_ptrs(),
thus removing a few XXXes.
  Document the ABI breakage in UPDATING.
2005-11-29 08:59:41 +00:00
Gleb Smirnoff
99b41b34fb First step in removing welding between ipfw(4) and dummynet.
o Do not use ipfw_insn_pipe->pipe_ptr in locate_flowset(). The
  _ipfw_insn_pipe isn't touched by this commit to preserve ABI
  compatibility.
o To optimize the lookup of the pipe/flowset in locate_flowset()
  introduce hashes for pipes and queues:
  - To preserve ABI compatibility utilize the place of global list
    pointer for SLIST_ENTRY.
  - Introduce locate_flowset(queue nr) and locate_pipe(pipe nr).
o Rework all the dummynet code to deal with the hashes, not global
  lists. Also did some style(9) changes in the code blocks that were
  touched by this sweep:
  - Be conservative about flowset and pipe variable names on stack,
    use "fs" and "pipe" everywhere.
  - Cleanup whitespaces.
  - Sort variables.
  - Give variables more meaningful names.
  - Uppercase and dots in comments.
  - ENOMEM when malloc(9) failed.
2005-11-29 00:11:01 +00:00
Ruslan Ermilov
fc1eaecf4a Fix prototype. 2005-11-24 14:17:35 +00:00
Paul Saab
d0a14f55c3 Fix for a bug that causes SACK scoreboard corruption when the limit
on holes per connection is reached.

Reported by:	Patrik Roos
Submitted by:	Mohan Srinivasan
Reviewed by:	Raja Mukerji, Noritoshi Demizu
2005-11-21 19:22:10 +00:00
Andre Oppermann
22f2c8b5db Remove 'ipprintfs' which were protected under DIAGNOSTIC. It doesn't
have any know to enable it from userland and could only be enabled by
either setting it to 1 at compile time or through the kernel debugger.

In the future it may be brought back as KTR tracing points.

Discussed with:	rwatson
Sponsored by:	TCP/IP Optimization Fundraise 2005
2005-11-19 17:04:52 +00:00
Andre Oppermann
c444cdded2 Move MAX_IPOPTLEN and struct ipoption back into ip_var.h as
userland programs depend on it.

Pointed out by:	le
Sponsored by:	TCP/IP Optimization Fundraise 2005
2005-11-19 14:01:32 +00:00
Andre Oppermann
ef39adf007 Consolidate all IP Options handling functions into ip_options.[ch] and
include ip_options.h into all files making use of IP Options functions.

From ip_input.c rev 1.306:
  ip_dooptions(struct mbuf *m, int pass)
  save_rte(m, option, dst)
  ip_srcroute(m0)
  ip_stripoptions(m, mopt)

From ip_output.c rev 1.249:
  ip_insertoptions(m, opt, phlen)
  ip_optcopy(ip, jp)
  ip_pcbopts(struct inpcb *inp, int optname, struct mbuf *m)

No functional changes in this commit.

Discussed with:	rwatson
Sponsored by:	TCP/IP Optimization Fundraise 2005
2005-11-18 20:12:40 +00:00
Andre Oppermann
147f74d176 Purge layer specific mbuf flags on layer crossings to avoid confusing
upper or lower layers.

Sponsored by:	TCP/IP Optimization Fundraise 2005
2005-11-18 16:23:26 +00:00
Andre Oppermann
e86ebebc52 Rework icmp_error() to deal with truncated IP packets from
ip_forward() when doing extended quoting in error messages.

Sponsored by:	TCP/IP Optimization Fundraise 2005
2005-11-18 14:48:42 +00:00
Andre Oppermann
780b2f698c In ip_forward() copy as much into the temporary error mbuf as we
have free space in it.  Allocate correct mbuf from the beginning.
This allows icmp_error() to quote the entire TCP header in error
messages.

Sponsored by:	TCP/IP Optimization Fundraise 2005
2005-11-18 14:44:48 +00:00
Gleb Smirnoff
218837618a MFOpenBSD 1.62:
Prevent backup CARP hosts from replying to arp requests, fixes strangeness
  with some layer-3 switches. From Bill Marquette.

Tested by:	Kazuaki Oda <kaakun highway.ne.jp>
2005-11-17 12:56:40 +00:00
Ruslan Ermilov
433aaf04cb Unbreak for !INET6 case. 2005-11-14 12:50:23 +00:00
Ruslan Ermilov
4a0d6638b3 - Store pointer to the link-level address right in "struct ifnet"
rather than in ifindex_table[]; all (except one) accesses are
  through ifp anyway.  IF_LLADDR() works faster, and all (except
  one) ifaddr_byindex() users were converted to use ifp->if_addr.

- Stop storing a (pointer to) Ethernet address in "struct arpcom",
  and drop the IFP2ENADDR() macro; all users have been converted
  to use IF_LLADDR() instead.
2005-11-11 16:04:59 +00:00
SUZUKI Shinsuke
d9a989231e fixed a bug that uRPF does not work properly for an IPv6 packet bound for the sending machine itself (this is a bug introduced due to a change in ip6_input.c:Rev.1.83)
Pointed out by: Sean McNeil and J.R.Oldroyd
MFC after: 3 days
2005-11-10 22:10:39 +00:00
Ruslan Ermilov
303989a2f3 Use sparse initializers for "struct domain" and "struct protosw",
so they are easier to follow for the human being.
2005-11-09 13:29:16 +00:00
Andrew Thompson
4e7e0183e1 Move the cloned interface list management in to if_clone. For some drivers the
softc lists and associated mutex are now unused so these have been removed.

Calling if_clone_detach() will now destroy all the cloned interfaces for the
driver and in most cases is all thats needed to unload.

Idea by:	brooks
Reviewed by:	brooks
2005-11-08 20:08:34 +00:00
Gleb Smirnoff
e1ff74c58d Rework ARP retransmission algorythm so that ARP requests are
retransmitted without suppression, while there is demand for
such ARP entry. As before, retransmission is rate limited to
one packet per second. Details:
  - Remove net.link.ether.inet.host_down_time
  - Do not set/clear RTF_REJECT flag on route, to
    avoid rt_check() returning error. We will generate error
    ourselves.
  - Return EWOULDBLOCK on first arp_maxtries failed
    requests , and return EHOSTDOWN/EHOSTUNREACH
    on further requests.
  - Retransmit ARP request always, independently from return
    code. Ratelimit to 1 pps.
2005-11-08 12:05:57 +00:00
Andre Oppermann
34333b16cd Retire MT_HEADER mbuf type and change its users to use MT_DATA.
Having an additional MT_HEADER mbuf type is superfluous and redundant
as nothing depends on it.  It only adds a layer of confusion.  The
distinction between header mbuf's and data mbuf's is solely done
through the m->m_flags M_PKTHDR flag.

Non-native code is not changed in this commit.  For compatibility
MT_HEADER is mapped to MT_DATA.

Sponsored by:	TCP/IP Optimization Fundraise 2005
2005-11-02 13:46:32 +00:00
Robert Watson
5bb84bc84b Normalize a significant number of kernel malloc type names:
- Prefer '_' to ' ', as it results in more easily parsed results in
  memory monitoring tools such as vmstat.

- Remove punctuation that is incompatible with using memory type names
  as file names, such as '/' characters.

- Disambiguate some collisions by adding subsystem prefixes to some
  memory types.

- Generally prefer lower case to upper case.

- If the same type is defined in multiple architecture directories,
  attempt to use the same name in additional cases.

Not all instances were caught in this change, so more work is required to
finish this conversion.  Similar changes are required for UMA zone names.
2005-10-31 15:41:29 +00:00
Robert Watson
d374e81efd Push the assignment of a new or updated so_qlimit from solisten()
following the protocol pru_listen() call to solisten_proto(), so
that it occurs under the socket lock acquisition that also sets
SO_ACCEPTCONN.  This requires passing the new backlog parameter
to the protocol, which also allows the protocol to be aware of
changes in queue limit should it wish to do something about the
new queue limit.  This continues a move towards the socket layer
acting as a library for the protocol.

Bump __FreeBSD_version due to a change in the in-kernel protocol
interface.  This change has been tested with IPv4 and UNIX domain
sockets, but not other protocols.
2005-10-30 19:44:40 +00:00
Gleb Smirnoff
f3d30eb20d First fill in structure with valid values, and only then attach it
to the global list.

Reviewed by:	rwatson
2005-10-28 20:29:42 +00:00
Yaroslav Tykhiy
9f4abef9a3 Since carp(4) interfaces presently are kinda fake yet possess
IP addresses, mark them with LOOPBACK so that routing daemons
take them easy for link-state routing protocols.

Reviewed by:	glebius
2005-10-26 05:57:35 +00:00
Max Laier
1e4b360655 Fix build after in6_joingroup change. It remains unclear if DAD breaks CARP
or not.
2005-10-22 14:54:02 +00:00
Gleb Smirnoff
bfb26eecfb In in_addprefix() compare not only route addresses, but their masks,
too. This fixes problem when connected prefixes overlap.

Obtained from:	OpenBSD (rev. 1.40 by claudio);
		[ I came to this fix myself, and then found out that
		  OpenBSD had already fixed it the same way.]
2005-10-22 14:50:27 +00:00
SUZUKI Shinsuke
743eee666f sync with KAME regarding NDP
- introduced fine-grain-timer to manage ND-caches and IPv6 Multicast-Listeners
- supports Router-Preference <draft-ietf-ipv6-router-selection-07.txt>
- better prefix lifetime management
- more spec-comformant DAD advertisement
- updated RFC/internet-draft revisions

Obtained from: KAME
Reviewed by: ume, gnn
MFC after: 2 month
2005-10-21 16:23:01 +00:00
Robert Watson
a65e12b09d Convert if (tp->t_state == TCPS_LISTEN) panic() into a KASSERT.
MFC after:	2 weeks
2005-10-19 09:37:52 +00:00
Andrew Thompson
febd0759f3 Change the reference counting to count the number of cloned interfaces for each
cloner. This ensures that ifc->ifc_units is not prematurely freed in
if_clone_detach() before the clones are destroyed, resulting in memory modified
after free. This could be triggered with if_vlan.

Assert that all cloners have been destroyed when freeing the memory.

Change all simple cloners to destroy their clones with ifc_simple_destroy() on
module unload so the reference count is properly updated. This also cleans up
the interface destroy routines and allows future optimisation.

Discussed with:	brooks, pjd, -current
Reviewed by:	brooks
2005-10-12 19:52:16 +00:00
Maxim Konovalov
d46ff6bd1e o INP_ONESBCAST is inpcb.inp_vflag flag not inp_flags. The confusion
with IP_PORTRANGE_HIGH leads to the incorrect checksum calculation.

PR:		kern/87306
Submitted by:	Rickard Lind
Reviewed by:	bms
MFC after:	2 weeks
2005-10-12 18:13:25 +00:00
Philip Paeps
7691747aac Unbreak the net.inet6.tcp6.getcred sysctl.
This makes inetd/auth work again in IPv6 setups.

Pointy hat to:	ume/KAME
2005-10-12 09:24:18 +00:00
Andrew Thompson
f69453ca8b When bridging is enabled and an ARP request is recieved on a member interface,
the arp code will search all local interfaces for a match. This triggers a
kernel log if the bridge has been assigned an address.

arp: ac🇩🇪48:18:83:3d is using my IP address 192.168.0.142!

bridge0: flags=8041<UP,RUNNING,MULTICAST> mtu 1500
        inet 192.168.0.142 netmask 0xffffff00
        ether ac🇩🇪48:18:83:3d

Silence this warning for 6.0 to stop unnecessary bug reports, the code will need
to be reworked.

Approved by:	mlaier (mentor)
MFC after:	3 days
2005-10-04 19:50:02 +00:00
Andre Oppermann
1fd7af262a Correct brainfart in SO_BINTIME test.
Pointed out by:	nate
Pointy hat to:	andre
2005-10-04 18:19:21 +00:00
Andre Oppermann
e5fbf72cd8 Make SO_BINTIME timestamps available on raw_ip sockets.
Sponsored by:	TCP/IP Optimization Fundraise 2005
2005-10-04 18:07:11 +00:00
Robert Watson
c48b03fb69 Unlock Giant symmetrically with respect to lock acquire order as that's
generally nicer.

Spotted by:	johan
MFC after:	1 week
2005-10-03 11:34:29 +00:00
Robert Watson
1fa9efeffb Acquire Giant conditionally in in_addmulti() and in_delmulti() based on
whether the interface being accessed is IFF_NEEDSGIANT or not.  This
avoids lock order reversals when calling into the interface ioctl
handler, which could potentially lead to deadlock.

The long term solution is to eliminate non-MPSAFE network drivers.

Discussed with:	jhb
MFC after:	1 week
2005-10-03 11:09:39 +00:00
Maxim Konovalov
ac827533df o Teach sysctl_drop() how to deal with the sockets in TIME_WAIT state.
This is a special case because tcp_twstart() destroys a tcp control
block via tcp_discardcb() so we cannot call tcp_drop(struct *tcpcb) on
such connections.  Use tcp_twclose() instead.

MFC after:	5 days
2005-10-02 08:43:57 +00:00
Max Laier
b6de9e91bd Remove bridge(4) from the tree. if_bridge(4) is a full functional
replacement and has additional features which make it superior.

Discussed on:	-arch
Reviewed by:	thompsa
X-MFC-after:	never (RELENG_6 as transition period)
2005-09-27 18:10:43 +00:00
Andre Oppermann
b2828ad291 Implement IP_DONTFRAG IP socket option enabling the Don't Fragment
flag on IP packets.  Currently this option is only repected on udp
and raw ip sockets.  On tcp sockets the DF flag is controlled by the
path MTU discovery option.

Sending a packet larger than the MTU size of the egress interface
returns an EMSGSIZE error.

Discussed with:	rwatson
Sponsored by:	TCP/IP Optimization Fundraise 2005
2005-09-26 20:25:16 +00:00
Andre Oppermann
fe53256dc2 Use monotonic 'time_uptime' instead of 'time_second' as timebase
for rt->rt_rmx.rmx_expire.
2005-09-19 22:54:55 +00:00
Andre Oppermann
e6b9152d20 Use monotonic 'time_uptime' instead of 'time_second' as timebase
for timeouts.
2005-09-19 22:31:45 +00:00
Robert Watson
b1c53bc9c0 Take a first cut at cleaning up ifnet removal and multicast socket
panics, which occur when stale ifnet pointers are left in struct
moptions hung off of inpcbs:

- Add in_ifdetach(), which matches in6_ifdetach(), and allows the
  protocol to perform early tear-down on the interface early in
  if_detach().

- Annotate that if_detach() needs careful consideration.

- Remove calls to in_pcbpurgeif0() in the handling of SIOCDIFADDR --
  this is not the place to detect interface removal!  This also
  removes what is basically a nasty (and now unnecessary) hack.

- Invoke in_pcbpurgeif0() from in_ifdetach(), in both raw and UDP
  IPv4 sockets.

It is now possible to run the msocket_ifnet_remove regression test
using HEAD without panicking.

MFC after:	3 days
2005-09-18 17:36:28 +00:00
Andre Oppermann
db1240661f Do not ignore all other TCP options (eg. timestamp, window scaling)
when responding to TCP SYN packets with TCP_MD5 enabled and set.

PR:		kern/82963
Submitted by:	<demizu at dd.iij4u.or.jp>
MFC after:	3 days
2005-09-14 15:06:22 +00:00
Bjoern A. Zeeb
75398603ad Fix panic when kernel compiled without INET6 by rejecting
IPv6 opcodes which are behind #if(n)def INET6 now.

PR:		kern/85826
MFC after:	3 days
2005-09-14 07:53:54 +00:00
Andre Oppermann
ffabe3dce8 In tcp_ctlinput() do not swap ip->ip_len a second time. It
has been done in icmp_input() already.

This fixes the ICMP_UNREACH_NEEDFRAG case where no MTU was
proposed in the ICMP reply.

PR:		kern/81813
Submitted by:	Vitezslav Novy <vita at fio.cz>
MFC after:	3 days
2005-09-10 07:43:29 +00:00
Gleb Smirnoff
a20e25385c - Do not hold route entry lock, when calling arprequest(). One such
call was introduced by me in 1.139, the other one was present before.
- Do all manipulations with rtentry and la before dropping the lock.
- Copy interface address from route into local variable before dropping
  the lock. Supply this copy as argument to arprequest()

LORs fixed:
		http://sources.zabbadoz.net/freebsd/lor/003.html
		http://sources.zabbadoz.net/freebsd/lor/037.html
		http://sources.zabbadoz.net/freebsd/lor/061.html
		http://sources.zabbadoz.net/freebsd/lor/062.html
		http://sources.zabbadoz.net/freebsd/lor/064.html
		http://sources.zabbadoz.net/freebsd/lor/068.html
		http://sources.zabbadoz.net/freebsd/lor/071.html
		http://sources.zabbadoz.net/freebsd/lor/074.html
		http://sources.zabbadoz.net/freebsd/lor/077.html
		http://sources.zabbadoz.net/freebsd/lor/093.html
		http://sources.zabbadoz.net/freebsd/lor/135.html
		http://sources.zabbadoz.net/freebsd/lor/140.html
		http://sources.zabbadoz.net/freebsd/lor/142.html
		http://sources.zabbadoz.net/freebsd/lor/145.html
		http://sources.zabbadoz.net/freebsd/lor/152.html
		http://sources.zabbadoz.net/freebsd/lor/158.html
2005-09-09 10:06:27 +00:00
Gleb Smirnoff
5d40d65b5a When a carp(4) interface is being destroyed and is in a promiscous mode,
first interface is detached from parent and then bpfdetach() is called.
If the interface was the last carp(4) interface attached to parent, then
the mutex on parent is destroyed. When bpfdetach() calls if_setflags()
we panic on destroyed mutex.

To prevent the above scenario, clear pointer to parent, when we detach
ourselves from parent.
2005-09-09 08:41:39 +00:00
Sam Leffler
245c31ccaf clear lock on error in O_LIMIT case of install_state
Submitted by:	Ted Unangst
MFC after:	3 days
2005-09-04 17:33:40 +00:00
Andre Oppermann
e0aec68255 Use the correct mbuf type for MGET(). 2005-08-30 16:35:27 +00:00
Gleb Smirnoff
e3ea67a077 Add newline to debuging printf.
PR:		kern/85271
Submitted by:	Simon Morgan
2005-08-26 15:27:18 +00:00
Gleb Smirnoff
360856f60e - Refuse hashsize of 0, since it is invalid.
- Use defined constant instead of 512.
2005-08-25 13:57:00 +00:00
Gleb Smirnoff
510b360fc0 When we have a published ARP entry for some IP address, do reply on
ARP requests only on the network where this IP address belong, to.

Before this change we did replied on all interfaces. This could
lead to an IP address conflict with host we are doing ARP proxy
for.

PR:		kern/75634
Reviewed by:	andre
2005-08-25 13:25:57 +00:00
Paul Saab
4d3b134633 Remove a KASSERT in the sack path that fails because of a interaction
between sack and a bug in the "bad retransmit recovery" logic. This is
a workaround, the underlying bug will be fixed later.

Submitted by:   Mohan Srinivasan, Noritoshi Demizu
2005-08-24 02:48:45 +00:00
Paul Saab
b24de0e665 Fix up the comment for MAX_SACK_BLKS.
Submitted by:	Noritoshi Demizu
2005-08-24 02:47:16 +00:00
Andre Oppermann
ef8fd90476 Remove unnecessary IPSEC includes.
MFC after:	2 weeks
Sponsored by:	TCP/IP Optimization Fundraise 2005
2005-08-23 14:42:40 +00:00
Andre Oppermann
23655387e9 o Fix a logic error when not doing mbuf cluster allocation.
o Change an old panic() to a clean function exit.

MFC after:	2 weeks
Sponsored by:	TCP/IP Optimization Fundraise 2005
2005-08-22 22:13:41 +00:00
Andre Oppermann
936cd18dad Add socketoption IP_MINTTL. May be used to set the minimum acceptable
TTL a packet must have when received on a socket.  All packets with a
lower TTL are silently dropped.  Works on already connected/connecting
and listening sockets for RAW/UDP/TCP.

This option is only really useful when set to 255 preventing packets
from outside the directly connected networks reaching local listeners
on sockets.

Allows userland implementation of 'The Generalized TTL Security Mechanism
(GTSM)' according to RFC3682.  Examples of such use include the Cisco IOS
BGP implementation command "neighbor ttl-security".

MFC after:	2 weeks
Sponsored by:	TCP/IP Optimization Fundraise 2005
2005-08-22 16:13:08 +00:00
Andre Oppermann
6b773dff30 Always quote the entire TCP header when responding and allocate an mbuf
cluster if needed.

Fixes the TCP issues raised in I-D draft-gont-icmp-payload-00.txt.

This aids in-the-wild debugging a lot and allows the receiver to do
more elaborate checks on the validity of the response.

MFC after:	2 weeks
Sponsored by:	TCP/IP Optimization Fundraise 2005
2005-08-22 14:12:18 +00:00
Andre Oppermann
d56ea155bd Handle pure layer 2 broad- and multicasts properly and simplify related
checks.

PR:		kern/85052
Submitted by:	Dmitrij Tejblum <tejblum at yandex-team.ru>
MFC after:	3 days
2005-08-22 12:06:26 +00:00
Andre Oppermann
bb10780f9f Commit correct version of the change and note the name of the new
sysctl: net.inet.icmp.quotelen and defaults to 8 bytes.

Pointy hat to:	andre
2005-08-21 15:18:00 +00:00
Andre Oppermann
e875dfb826 Add a sysctl to change to length of the quotation of the original
packet in an ICMP reply.  The minimum of 8 bytes is internally
enforced.  The maximum quotation is the remaining space in the
reply mbuf.

This option is added in response to the issues raised in I-D
draft-gont-icmp-payload-00.txt.

MFC after:	2 weeks
Spnsored by:	TCP/IP Optimizations Fundraise 2005
2005-08-21 15:09:07 +00:00
Andre Oppermann
a0866c8d4e Add an option to have ICMP replies to non-local packets generated with
the IP address the packet came through in.  This is useful for routers
to show in traceroutes the actual path a packet has taken instead of
the possibly different return path.

The new sysctl is named net.inet.icmp.reply_from_interface and defaults
to off.

MFC after:	2 weeks
2005-08-21 12:29:39 +00:00
Gleb Smirnoff
1ae954096e In order to support CARP interfaces kernel was taught to handle more
than one interface in one subnet. However, some userland apps rely on
the believe that this configuration is impossible.

Add a sysctl switch net.inet.ip.same_prefix_carp_only. If the switch
is on, then kernel will refuse to add an additional interface to
already connected subnet unless the interface is CARP. Default
value is off.

PR:			bin/82306
In collaboration with:	mlaier
2005-08-18 10:34:30 +00:00
Bjoern A. Zeeb
bd2e5495d1 Fix broken build of rev. 1.108 in case of no INET6 and IPFIREWALL
compiled into kernel.

Spotted and tested by:	Michal Mertl <mime at traveller.cz>
2005-08-14 18:20:33 +00:00
Bjoern A. Zeeb
9066356ba1 * Add dynamic sysctl for net.inet6.ip6.fw.
* Correct handling of IPv6 Extension Headers.
* Add unreach6 code.
* Add logging for IPv6.

Submitted by:	sysctl handling derived from patch from ume needed for ip6fw
Obtained from:	is_icmp6_query and send_reject6 derived from similar
		functions of netinet6,ip6fw
Reviewed by:	ume, gnn; silence on ipfw@
Test setup provided by: CK Software GmbH
MFC after:	6 days
2005-08-13 11:02:34 +00:00
Craig Rodrigues
eee9fe3078 Add NATM_LOCK() and NATM_UNLOCK() in places where npcb_add() and
npcb_free() are called, in order to eliminate witness panics.
This was overlooked in removal of GIANT from ATM.

Reviewed by: rwatson
2005-08-12 02:38:20 +00:00
Gleb Smirnoff
1ed7bf1e3b o Fix a race between three threads: output path,
incoming ARP packet and route request adding/removing
  ARP entries. The root of the problem is that
  struct llinfo_arp was accessed without any locks.
  To close race we will use locking provided by
  rtentry, that references this llinfo_arp:
  - Make arplookup() return a locked rtentry.
  - In arpresolve() hold the lock provided by
    rt_check()/arplookup() until the end of function,
    covering all accesses to the rtentry itself and
    llinfo_arp it refers to.
  - In in_arpinput() do not drop lock provided by
    arplookup() during first part of the function.
  - Simplify logic in the first part of in_arpinput(),
    removing one level of indentation.
  - In the second part of in_arpinput() hold rtentry
    lock while copying address.

o Fix a condition when route entry is destroyed, while
  another thread is contested on its lock:
  - When storing a pointer to rtentry in llinfo_arp list,
    always add a reference to this rtentry, to prevent
    rtentry being destroyed via RTM_DELETE request.
  - Remove this reference when removing entry from
    llinfo_arp list.

o Further cleanup of arptimer():
  - Inline arptfree() into arptimer().
  - Use official queue(3) way to pass LIST.
  - Hold rtentry lock while reading its structure.
  - Do not check that sdl_family is AF_LINK, but
    assert this.

Reviewed by:	sam
Stress test:	http://www.holm.cc/stress/log/cons141.html
Stress test:	http://people.freebsd.org/~pho/stress/log/cons144.html
2005-08-11 08:25:48 +00:00
David E. O'Brien
c11ba30c9a Remove public declarations of variables that were forgotten when they were
made static.
2005-08-10 07:10:02 +00:00
David E. O'Brien
31793d594b Match IPv6 and use a static struct pr_usrreqs nousrreqs. 2005-08-10 06:41:04 +00:00
Robert Watson
a2dc1f5021 Add helper function ip_findmoptions(), which accepts an inpcb, and attempts
to atomically return either an existing set of IP multicast options for the
PCB, or a newlly allocated set with default values.  The inpcb is returned
locked.  This function may sleep.

Call ip_moptions() to acquire a reference to a PCB's socket options, and
perform the update of the options while holding the PCB lock.  Release the
lock before returning.

Remove garbage collection of multicast options when values return to the
default, as this complicates locking substantially.  Most applications
allocate a socket either to be multicast, or not, and don't tend to keep
around sockets that have previously been used for multicast, then used for
unicast.

This closes a number of race conditions involving multiple threads or
processes modifying the IP multicast state of a socket simultaenously.

MFC after:	7 days
2005-08-09 17:19:21 +00:00
Robert Watson
13f4c340ae Propagate rename of IFF_OACTIVE and IFF_RUNNING to IFF_DRV_OACTIVE and
IFF_DRV_RUNNING, as well as the move from ifnet.if_flags to
ifnet.if_drv_flags.  Device drivers are now responsible for
synchronizing access to these flags, as they are in if_drv_flags.  This
helps prevent races between the network stack and device driver in
maintaining the interface flags field.

Many __FreeBSD__ and __FreeBSD_version checks maintained and continued;
some less so.

Reviewed by:	pjd, bz
MFC after:	7 days
2005-08-09 10:20:02 +00:00
Gleb Smirnoff
9bd8ca3014 In preparation for fixing races in ARP (and probably in other
L2/L3 mappings) make rt_check() return a locked rtentry.
2005-08-09 08:39:56 +00:00
Robert Watson
dd5a318ba3 Introduce in_multi_mtx, which will protect IPv4-layer multicast address
lists, as well as accessor macros.  For now, this is a recursive mutex
due code sequences where IPv4 multicast calls into IGMP calls into
ip_output(), which then tests for a multicast forwarding case.

For support macros in in_var.h to check multicast address lists, assert
that in_multi_mtx is held.

Acquire in_multi_mtx around iteration over the IPv4 multicast address
lists, such as in ip_input() and ip_output().

Acquire in_multi_mtx when manipulating the IPv4 layer multicast addresses,
as well as over the manipulation of ifnet multicast address lists in order
to keep the two layers in sync.

Lock down accesses to IPv4 multicast addresses in IGMP, or assert the
lock when performing IGMP join/leave events.

Eliminate spl's associated with IPv4 multicast addresses, portions of
IGMP that weren't previously expunged by IGMP locking.

Add in_multi_mtx, igmp_mtx, and if_addr_mtx lock order to hard-coded
lock order in WITNESS, in that order.

Problem reported by:	Ed Maste <emaste at phaedrus dot sandvine dot ca>
MFC after:		10 days
2005-08-03 19:29:47 +00:00
Robert Watson
bccb41014a Modify network protocol consumers of the ifnet multicast address lists
to lock if_addr_mtx.

Problem reported by:	Ed Maste <emaste at phaedrus dot sandvine dot ca>
MFC after:		1 week
2005-08-02 23:51:22 +00:00
Hajimu UMEMOTO
4dad226e45 recover the line which was wrongly disappeared during scope cleanup.
tcpdrop(8) should work for IPv6, again.
2005-08-01 12:08:49 +00:00
Bjoern A. Zeeb
9e669156d4 Add support for IPv6 over GRE [1]. PR kern/80340 includes the
FreeBSD specific ip_newid() changes NetBSD does not have.
Correct handling of non AF_INET packets passed to bpf [2].

PR:		kern/80340[1], NetBSD PRs 29150[1], 30844[2]
Obtained from:	NetBSD ip_gre.c rev. 1.34,1.35, if_gre.c rev. 1.56
Submitted by:	Gert Doering <gert at greenie.muc.de>[2]
MFC after:	4 days
2005-08-01 08:14:21 +00:00
Hajimu UMEMOTO
c85ed85b1c include scope6_var.h for in6_clearscope(). 2005-07-26 00:19:58 +00:00
Hajimu UMEMOTO
29da8af658 include netinet6/scope6_var.h. 2005-07-25 12:36:43 +00:00
Hajimu UMEMOTO
a1f7e5f8ee scope cleanup. with this change
- most of the kernel code will not care about the actual encoding of
  scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
  scoped addresses as a special case.
- scope boundary check will be stricter.  For example, the current
  *BSD code allows a packet with src=::1 and dst=(some global IPv6
  address) to be sent outside of the node, if the application do:
    s = socket(AF_INET6);
    bind(s, "::1");
    sendto(s, some_global_IPv6_addr);
  This is clearly wrong, since ::1 is only meaningful within a single
  node, but the current implementation of the *BSD kernel cannot
  reject this attempt.

Submitted by:	JINMEI Tatuya <jinmei__at__isl.rdc.toshiba.co.jp>
Obtained from:	KAME
2005-07-25 12:31:43 +00:00
Giorgos Keramidas
a09ad79379 Misc spelling and/or English fixes in comments.
Reviewed by:	glebius, andre
2005-07-23 00:59:13 +00:00
Hajimu UMEMOTO
6c4eaa873f move RFC3542 related definitions into ip6.h.
Submitted by:	Keiichi SHIMA <keiichi__at__iijlab.net>
Reviewed by:	mlaier
Obtained from:	KAME
2005-07-20 10:30:52 +00:00
Hajimu UMEMOTO
77b6f9ed40 add missing RFC3542 definition.
Submitted by:	Keiichi SHIMA <keiichi__at__iijlab.net>
Obtained from:	KAME
2005-07-20 09:17:41 +00:00
Hajimu UMEMOTO
18b35df8fe update comments:
- RFC2292bis -> RFC3542
  - typo fixes

Submitted by:	Keiichi SHIMA <keiichi__at__iijlab.net>
Obtained from:	KAME
2005-07-20 08:59:45 +00:00
Robert Watson
de35559f82 Remove no-op spl references in in_pcb.c, since in_pcb locking has been
basically complete for several years now.  Update one spl comment to
reference the locking strategy.

MFC after:	3 days
2005-07-19 12:24:27 +00:00
Robert Watson
f59a9ebf10 Remove no-op spl's and most comment references to spls, as TCP locking
is believed to be basically done (modulo any remaining bugs).

MFC after:	3 days
2005-07-19 12:21:26 +00:00
Robert Watson
b77634d046 Remove spl() calls from ip_slowtimo(), as IP fragment queue locking was
merged several years ago.

Submitted by:	gnn
MFC after:	1 day
2005-07-19 12:14:22 +00:00
Max Laier
6de8d9dc52 Export pfsyncstats via sysctl "net.inet.pfsync" in order to print them with
netstat (seperate commit).

Requested by:	glebius
MFC after:	1 week
2005-07-14 22:22:51 +00:00
Robert Watson
3c308b091f Eliminate MAC entry point mac_create_mbuf_from_mbuf(), which is
redundant with respect to existing mbuf copy label routines.  Expose
a new mac_copy_mbuf() routine at the top end of the Framework and
use that; use the existing mpo_copy_mbuf_label() routine on the
bottom end.

Obtained from:	TrustedBSD Project
Sponsored by:	SPARTA, SPAWAR
Approved by:	re (scottl)
2005-07-05 23:39:51 +00:00
Paul Saab
d758711729 Fix for a bug in newreno partial ack handling where if a large amount
of data is partial acked, snd_cwnd underflows, causing a burst.

Found, Submitted by:	Noritoshi Demizu
Approved by:		re
2005-07-05 19:23:02 +00:00
Max Laier
b4373150d9 Remove ambiguity from hlen. IPv4 is now indicated by is_ipv4 and we need a
proper hlen value for IPv6 to implement O_REJECT and O_LOG.

Reviewed by:	glebius, brooks, gnn
Approved by:	re (scottl)
2005-07-03 15:42:22 +00:00
Andrew Thompson
2fcb030ad5 Check the alignment of the IP header before passing the packet up to the
packet filter. This would cause a panic on architectures that require strict
alignment such as sparc64 (tier1) and ia64/ppc (tier2).

This adds two new macros that check the alignment, these are compile time
dependent on __NO_STRICT_ALIGNMENT which is set for i386 and amd64 where
alignment isn't need so the cost is avoided.

 IP_HDR_ALIGNED_P()
 IP6_HDR_ALIGNED_P()

Move bridge_ip_checkbasic()/bridge_ip6_checkbasic() up so that the alignment
is checked for ipfw and dummynet too.

PR:		ia64/81284
Obtained from:	NetBSD
Approved by:	re (dwhite), mlaier (mentor)
2005-07-02 23:13:31 +00:00
Paul Saab
482ac96888 Fix for a bug in the change that defers sack option processing until
after PAWS checks. The symptom of this is an inconsistency in the cached
sack state, caused by the fact that the sack scoreboard was not being
updated for an ACK handled in the header prediction path.

Found by:	Andrey Chernov.
Submitted by:	Noritoshi Demizu, Raja Mukerji.
Approved by:	re
2005-07-01 22:54:18 +00:00
Paul Saab
69e0362019 Fix for a SACK crash caused by a bug in tcp_reass(). tcp_reass()
does not clear tlen and frees the mbuf (leaving th pointing at
freed memory), if the data segment is a complete duplicate.
This change works around that bug. A fix for the tcp_reass() bug
will appear later (that bug is benign for now, as neither th nor
tlen is referenced in tcp_input() after the call to tcp_reass()).

Found by:	Pawel Jakub Dawidek.
Submitted by:	Raja Mukerji, Noritoshi Demizu.
Approved by:	re
2005-07-01 22:52:46 +00:00
Gleb Smirnoff
a196a3c8aa When doing ARP load balancing source IP is taken in network byte order,
so residue of division for all hosts on net is the same, and thus only
one VHID answers. Change source IP in host byte order.

Reviewed by:	mlaier
Approved by:	re (scottl)
2005-07-01 08:22:13 +00:00
Simon L. B. Nielsen
0a389eab22 Fix ipfw packet matching errors with address tables.
The ipfw tables lookup code caches the result of the last query.  The
kernel may process multiple packets concurrently, performing several
concurrent table lookups.  Due to an insufficient locking, a cached
result can become corrupted that could cause some addresses to be
incorrectly matched against a lookup table.

Submitted by:	ru
Reviewed by:	csjp, mlaier
Security:	CAN-2005-2019
Security:	FreeBSD-SA-05:13.ipfw

Correct bzip2 permission race condition vulnerability.

Obtained from:	Steve Grubb via RedHat
Security:	CAN-2005-0953
Security:	FreeBSD-SA-05:14.bzip2
Approved by:	obrien

Correct TCP connection stall denial of service vulnerability.

A TCP packets with the SYN flag set is accepted for established
connections, allowing an attacker to overwrite certain TCP options.

Submitted by:	Noritoshi Demizu
Reviewed by:	andre, Mohan Srinivasan
Security:	CAN-2005-2068
Security:	FreeBSD-SA-05:15.tcp

Approved by:	re (security blanket), cperciva
2005-06-29 21:36:49 +00:00
Paul Saab
5a53ca1627 - Postpone SACK option processing until after PAWS checks. SACK option
processing is now done in the ACK processing case.
- Merge tcp_sack_option() and tcp_del_sackholes() into a new function
  called tcp_sack_doack().
- Test (SEG.ACK < SND.MAX) before processing the ACK.

Submitted by:	Noritoshi Demizu
Reveiewed by:	Mohan Srinivasan, Raja Mukerji
Approved by:	re
2005-06-27 22:27:42 +00:00
Poul-Henning Kamp
dca9c930da Libalias incorrectly applies proxy rules to the global divert
socket: it should only look for existing translation entries,
not create new ones (no matter how it got the idea).

Approved by:	re(scottl)
2005-06-27 22:21:42 +00:00
Gleb Smirnoff
59dde15e82 Disable checksum processing in LibAlias, when it works as a
kernel module. LibAlias is not aware about checksum offloading,
so the caller should provide checksum calculation. (The only
current consumer is ng_nat(4)). When TCP packet internals has
been changed and it requires checksum recalculation, a cookie
is set in th_x2 field of TCP packet, to inform caller that it
needs to recalculate checksum. This ugly hack would be removed
when LibAlias is made more kernel friendly.

Incremental checksum updates are left as is, since they don't
conflict with offloading.

Approved by:	re (scottl)
2005-06-27 07:36:02 +00:00
David Malone
01399f34a5 Fix some long standing bugs in writing to the BPF device attached to
a DLT_NULL interface. In particular:

        1) Consistently use type u_int32_t for the header of a
           DLT_NULL device - it continues to represent the address
           family as always.
        2) In the DLT_NULL case get bpf_movein to store the u_int32_t
           in a sockaddr rather than in the mbuf, to be consistent
           with all the DLT types.
        3) Consequently fix a bug in bpf_movein/bpfwrite which
           only permitted packets up to 4 bytes less than the MTU
           to be written.
        4) Fix all DLT_NULL devices to have the code required to
           allow writing to their bpf devices.
        5) Move the code to allow writing to if_lo from if_simloop
           to looutput, because it only applies to DLT_NULL devices
           but was being applied to other devices that use if_simloop
           possibly incorrectly.

PR:		82157
Submitted by:	Matthew Luckie <mjl@luckie.org.nz>
Approved by:	re (scottl)
2005-06-26 18:11:11 +00:00
Stephan Uphoff
68d376254c Fix a timer ticks wrap around bug for minmssoverload processing.
Approved by:	re (scottl,dwhite)
MFC after:	4 weeks
2005-06-25 22:24:45 +00:00
Warner Losh
d980b05275 Add back missing copyright and license statement. This is identical
to the statement in ip_mroute.h, as well as being the same as what
OpenBSD has done with this file.  It matches the copyright in NetBSD's
1.1 through 1.14 versions of the file as well, which they subsequently
added back.

It appears to have been lost in the 4.4-lite1 import for FreeBSD 2.0,
but where and why I've not investigated further.  OpenBSD had the same
problem.  NetBSD had a copyright notice until Multicast 3.5 was
integrated verbatim back in 1995.  This appears to be the version that
made it into 4.4-lite1.

Approved by: re (scottl)
MFC after: 3 days
2005-06-23 18:42:58 +00:00
Paul Saab
9004ded9df Fix for a bug in tcp_sack_option() causing crashes.
Submitted by:	Noritoshi Demizu, Mohan Srinivasan.
Approved by:	re (scottl blanket SACK)
2005-06-23 00:18:54 +00:00
Bjoern A. Zeeb
67df9f3896 Fix IP(v6) over IP tunneling most likely broken with ifnet changes.
Reviewed by:	gnn
Approved by:	re (dwhite), rwatson (mentor)
2005-06-20 08:39:30 +00:00
Gleb Smirnoff
72f2d6578c - Don't use legacy function in a non-legacy one. This gives us
possibility to compile libalias without legacy support.
- Use correct way to mark variable as unused.

Approved by:	re (dwhite)
2005-06-20 08:31:48 +00:00
Max Laier
e4c959952b In verify_rev_path6():
- do not use static memory as we are under a shared lock only
 - properly rtfree routes allocated with rtalloc
 - rename to verify_path6()
 - implement the full functionality of the IPv4 version

Also make O_ANTISPOOF work with IPv6.

Reviewed by:	gnn
Approved by:	re (blanket)
2005-06-16 14:55:58 +00:00
Max Laier
ad7abe197d Fix indentation in INET6 section in preperation of more serious work.
Approved by:	re (blanket ip6fw removal)
2005-06-16 13:20:36 +00:00
Max Laier
cf21d53cbf When doing matching based on dst_ip/src_ip make sure we are really looking
on an IPv4 packet as these variables are uninitialized if not.  This used to
allow arbitrary IPv6 packets depending on the value in the uninitialized
variables.

Some opcodes (most noteably O_REJECT) do not support IPv6 at all right now.

Reviewed by:	brooks, glebius
Security:	IPFW might pass IPv6 packets depending on stack contents.
Approved by:	re (blanket)
2005-06-12 16:27:10 +00:00
Brooks Davis
fc74a9f93a Stop embedding struct ifnet at the top of driver softcs. Instead the
struct ifnet or the layer 2 common structure it was embedded in have
been replaced with a struct ifnet pointer to be filled by a call to the
new function, if_alloc(). The layer 2 common structure is also allocated
via if_alloc() based on the interface type. It is hung off the new
struct ifnet member, if_l2com.

This change removes the size of these structures from the kernel ABI and
will allow us to better manage them as interfaces come and go.

Other changes of note:
 - Struct arpcom is no longer referenced in normal interface code.
   Instead the Ethernet address is accessed via the IFP2ENADDR() macro.
   To enforce this ac_enaddr has been renamed to _ac_enaddr.
 - The second argument to ether_ifattach is now always the mac address
   from driver private storage rather than sometimes being ac_enaddr.

Reviewed by:	sobomax, sam
2005-06-10 16:49:24 +00:00
Brian Feldman
b34d56f1ef Modify send_pkt() to return the generated packet and have the caller
do the subsequent ip_output() in IPFW.  In ipfw_tick(), the keep-alive
packets must be generated from the data that resides under the
stateful lock, but they must not be sent at that time, as this would
cause a lock order reversal with the normal ordering (interface's
lock, then locks belonging to the pfil hooks).

In practice, this caused deadlocks when using IPFW and if_bridge(4)
together to do stateful transparent filtering.

MFC after: 1 week
2005-06-10 12:28:17 +00:00