d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5f5e32f1b3
freebsd-dev/sys/net
History
Kristof Provost 5f5e32f1b3 pf: protect the rpool from races 
The roundrobin pool stores its state in the rule, which could
potentially lead to invalid addresses being returned.

For example, thread A just executed PF_AINC(&rpool->counter) and
immediately afterwards thread B executes PF_ACPY(naddr, &rpool->counter)
(i.e. after the pf_match_addr() check of rpool->counter).

Lock the rpool with its own mutex to prevent these races. The
performance impact of this is expected to be low, as each rule has its
own lock, and the lock is also only relevant when state is being created
(so only for the initial packets of a connection, not for all traffic).

See also:	https://redmine.pfsense.org/issues/12660
Reviewed by:	glebius
MFC after:	3 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D33874
2022-01-14 10:30:33 +01:00
..
altq altq: mark callouts as mpsafe 2021-09-04 17:26:10 +02:00
route Fix kernel build without INET and INET6 2022-01-05 09:41:38 -05:00
bpf_buffer.c
bpf_buffer.h
bpf_filter.c
bpf_jitter.c
bpf_jitter.h
bpf_zerocopy.c
bpf_zerocopy.h
bpf.c bpf: Fix the write filter for detached descriptors 2021-10-26 10:00:39 -04:00
bpf.h bpf: Add an ioctl to set the VLAN Priority on packets sent by bpf 2021-07-26 23:13:31 +02:00
bpfdesc.h bpf: Add an ioctl to set the VLAN Priority on packets sent by bpf 2021-07-26 23:13:31 +02:00
bridgestp.c bridgestp: validate timer values in config BPDU 2021-04-19 12:09:18 +02:00
bridgestp.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
debugnet_inet.c debugnet: Fix false-positive assertions for dp_state 2021-07-28 16:34:14 -07:00
debugnet_int.h
debugnet.c debugnet: Include some required headers 2021-09-14 11:02:45 -04:00
debugnet.h
dlt.h
ethernet.h net: make ethernet.h self-contained 2021-12-17 12:38:35 +01:00
firewire.h
ieee8023ad_lacp.c LACP: Do not wait response for marker messages not sent 2021-09-23 10:57:11 +02:00
ieee8023ad_lacp.h LACP: When suppressing distributing, return ENOBUFS 2020-11-18 14:55:49 +00:00
ieee_oui.h Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights 2021-08-08 10:42:24 -04:00
if_arp.h
if_bridge.c if_bridge: add ALTQ support 2021-08-26 11:23:44 +02:00
if_bridgevar.h net: make if_bridgevar.h self-contained 2021-12-17 12:38:35 +01:00
if_clone.c Fix subinterface vlan creation. 2021-01-29 21:43:20 +00:00
if_clone.h
if_dead.c Add a switch structure for send tags. 2021-09-14 11:43:41 -07:00
if_disc.c routing: Allow using IPv6 next-hops for IPv4 routes (RFC 5549). 2021-08-22 22:56:08 +00:00
if_dl.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
if_edsc.c
if_enc.c
if_enc.h
if_epair.c if_epair: Also mark the flag of pair b with IFF_KNOWSEPOCH 2021-12-01 15:54:23 +01:00
if_ethersubr.c routing: Allow using IPv6 next-hops for IPv4 routes (RFC 5549). 2021-08-22 22:56:08 +00:00
if_fwsubr.c routing: Allow using IPv6 next-hops for IPv4 routes (RFC 5549). 2021-08-22 22:56:08 +00:00
if_gif.c if_gif: fix vnet shutdown panic 2021-11-08 12:00:00 +01:00
if_gif.h
if_gre.c routing: Allow using IPv6 next-hops for IPv4 routes (RFC 5549). 2021-08-22 22:56:08 +00:00
if_gre.h
if_infiniband.c routing: Allow using IPv6 next-hops for IPv4 routes (RFC 5549). 2021-08-22 22:56:08 +00:00
if_ipsec.c Use network epoch to protect local IPv4 addresses hash. 2021-10-22 14:40:53 -07:00
if_ipsec.h
if_lagg.c lagg: fix unused-but-set-variable 2021-11-19 22:01:27 +01:00
if_lagg.h Fix for IPoIB over lagg(4). 2020-12-29 17:35:06 +01:00
if_llatbl.c Fix kernel build without INET and INET6 2022-01-05 09:41:38 -05:00
if_llatbl.h routing: Add unified level-based logging support for the routing subsystem. 2021-12-29 21:30:18 +00:00
if_llc.h
if_loop.c routing: Allow using IPv6 next-hops for IPv4 routes (RFC 5549). 2021-08-22 22:56:08 +00:00
if_me.c Use network epoch to protect local IPv4 addresses hash. 2021-10-22 14:40:53 -07:00
if_media.c if_media.c SIOCGMEDIAX handler: improve loop 2020-11-03 14:33:04 +00:00
if_media.h if_media: definitions for 40GE LM4 ethernet media type 2020-09-16 14:45:16 +00:00
if_mib.c ifnet: make V_if_index static to if.c 2021-12-06 09:32:31 -08:00
if_mib.h
if_pflog.h pf: make if_pflog.h self-contained 2021-12-17 12:38:35 +01:00
if_pfsync.h pf: make if_pfsync.h self-contained 2021-12-17 12:38:35 +01:00
if_stf.c if_stf: KASAN fix 2021-11-30 17:35:15 +01:00
if_stf.h if_stf: make if_stf.h self-contained 2021-12-17 12:38:34 +01:00
if_tap.h
if_tun.h
if_tuntap.c routing: Allow using IPv6 next-hops for IPv4 routes (RFC 5549). 2021-08-22 22:56:08 +00:00
if_types.h base: remove if_wg(4) and associated utilities, manpage 2021-03-17 09:14:48 -05:00
if_var.h ifnet: make V_if_index static to if.c 2021-12-06 09:32:31 -08:00
if_vlan_var.h vlan: deduplicate bpf_setpcp() and pf_ieee8021q_setpcp() 2021-07-26 23:13:31 +02:00
if_vlan.c Add a switch structure for send tags. 2021-09-14 11:43:41 -07:00
if_vxlan.c Make LINT NOINET and NOIP kernel builds warning free. 2021-06-06 14:03:06 +00:00
if_vxlan.h if_vxlan(4): add support for hardware assisted checksumming, TSO, and RSS. 2020-09-18 02:37:57 +00:00
if.c Fix ifa refcount leak in ifa_ifwithnet() 2022-01-06 15:04:24 -05:00
if.h Use thunks for compat ioctls using struct ifgroupreq. 2021-05-05 13:59:00 -07:00
ifdi_if.m iflib: add support for admin completion queues 2021-03-03 00:40:47 +01:00
iflib_clone.c Create wrapper for Giant taken for newbus 2021-12-09 17:04:45 -07:00
iflib_private.h
iflib.c Revert "iflib: Relax timer period from 0.5 to 0.5-0.75s." 2022-01-10 09:40:38 -05:00
iflib.h iflib: Add a new quirk 2021-06-24 13:00:56 +02:00
ifq.h Make net/ifq.h C++ friendly 2020-11-20 14:45:45 +00:00
infiniband.h Factor out generic IP over infiniband, IPoIB, definitions and code 2020-10-22 09:09:53 +00:00
mp_ring.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
mp_ring.h
mppc.h
mppcc.c
mppcd.c
netisr_internal.h
netisr.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
netisr.h
netmap_legacy.h netmap: add kernel support for the "offsets" feature 2021-03-29 16:29:01 +00:00
netmap_user.h netmap: import changes from upstream 2021-08-22 09:31:05 +00:00
netmap_virt.h netmap: add kernel support for the "offsets" feature 2021-03-29 16:29:01 +00:00
netmap.h netmap: several typo fixes 2021-04-02 07:01:20 +00:00
paravirt.h
pfil.c net: whack "set but not used" warnings in net/pfil.c 2021-11-14 17:19:58 +00:00
pfil.h
pfkeyv2.h Add SADB_SAFLAGS_ESN flag 2020-10-16 11:22:29 +00:00
pfvar.h pf: protect the rpool from races 2022-01-14 10:30:33 +01:00
ppp_defs.h
radix.c routing: Fix crashes with dpdk_lpm[46] algo. 2021-08-17 20:46:22 +00:00
radix.h routing: Fix crashes with dpdk_lpm[46] algo. 2021-08-17 20:46:22 +00:00
raw_cb.c
raw_cb.h protocols: init with standard SYSINIT(9) or VNET_SYSINIT 2022-01-03 10:15:21 -08:00
raw_usrreq.c protocols: init with standard SYSINIT(9) or VNET_SYSINIT 2022-01-03 10:15:21 -08:00
rndis.h Hyper-V: hn: Enable vSwitch RSC support in hn netvsc driver 2021-03-12 04:35:16 +00:00
route.c routing: fix source address selection rules for IPv4 over IPv6. 2021-09-07 21:41:05 +00:00
route.h routing: Add unified level-based logging support for the routing subsystem. 2021-12-29 21:30:18 +00:00
rss_config.c Revert "wpa: Import wpa_supplicant/hostapd commit 14ab4a816" 2021-12-02 14:45:04 -08:00
rss_config.h
rtsock.c domains: make domain_init() initialize only global state 2022-01-03 10:15:22 -08:00
sff8436.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sff8472.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
slcompress.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
slcompress.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
toeplitz.c
toeplitz.h
vnet.c Widen ifnet_detach_sxlock coverage 2021-02-11 16:12:29 +01:00
vnet.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00