Commit Graph

592 Commits

Author SHA1 Message Date
gnn
0228f1899a The KAME project ceased work on IPv6 and IPSec in March of 2006.
Remove the README file which warns against cosmetic or local only
changes.  FreeBSD committers should now feel free to work on the
IPv6 and IPSec code without fetters.  The KAME mailing lists still
exist and it is always a good idea to ask questions about this code
on the snap-users@kame.net mailing list.

Reviewed by:	rwatson, brooks
2006-07-22 02:32:32 +00:00
rwatson
720efebbba Change semantics of socket close and detach. Add a new protocol switch
function, pru_close, to notify protocols that the file descriptor or
other consumer of a socket is closing the socket.  pru_abort is now a
notification of close also, and no longer detaches.  pru_detach is no
longer used to notify of close, and will be called during socket
tear-down by sofree() when all references to a socket evaporate after
an earlier call to abort or close the socket.  This means detach is now
an unconditional teardown of a socket, whereas previously sockets could
persist after detach of the protocol retained a reference.

This faciliates sharing mutexes between layers of the network stack as
the mutex is required during the checking and removal of references at
the head of sofree().  With this change, pru_detach can now assume that
the mutex will no longer be required by the socket layer after
completion, whereas before this was not necessarily true.

Reviewed by:	gnn
2006-07-21 17:11:15 +00:00
ups
ee0a5eb928 Fix race conditions on enumerating pcb lists by moving the initialization
( and where appropriate the destruction) of the pcb mutex to the init/finit
functions of the pcb zones.
This allows locking of the pcb entries and race condition free comparison
of the generation count.
Rearrange locking a bit to avoid extra locking operation to update the generation
count in in_pcballoc(). (in_pcballoc now returns the pcb locked)

I am planning to convert pcb list handling from a type safe to a reference count
model soon. ( As this allows really freeing the PCBs)

Reviewed by:	rwatson@, mohans@
MFC after:	1 week
2006-07-18 22:34:27 +00:00
oleg
e6e6ae67a2 Complete timebase (time_second -> time_uptime) conversion.
PR:		kern/94249
Reviewed by:	andre (few months ago)
Approved by:	glebius (mentor)
2006-07-05 23:37:21 +00:00
yar
563866983d We needn't check "m" for NULL here because "off" should be within
the mbuf chain.  If we ever get a buggy caller, a bogus "off" should
be caught by the sanity check at the function entry.  Null "m" here
means a very unusual condition of a totally broken mbuf chain (wrong
m_pkthdr.len or whatever), so we can just page fault later.

Found by:	Coverity Prevent(tm)
CID:		825
2006-06-30 18:25:07 +00:00
yar
ba19b1ecd4 There is a consensus that ifaddr.ifa_addr should never be NULL,
except in places dealing with ifaddr creation or destruction; and
in such special places incomplete ifaddrs should never be linked
to system-wide data structures.  Therefore we can eliminate all the
superfluous checks for "ifa->ifa_addr != NULL" and get ready
to the system crashing honestly instead of masking possible bugs.

Suggested by:	glebius, jhb, ru
2006-06-29 19:22:05 +00:00
yar
976c2bc374 Use queue(3) macros instead of accessing list/queue internals directly. 2006-06-29 16:56:07 +00:00
bz
ed6ddd5a31 Use INPLOOKUP_WILDCARD instead of just 1 more consistently.
OKed by: rwatson (some weeks ago)
2006-06-29 10:49:49 +00:00
pjd
f5154298f6 - Use suser_cred(9) instead of directly comparing cr_uid.
- Compare pointer with NULL, instead of 0.

Reviewed by:	rwatson
2006-06-27 11:40:05 +00:00
pjd
7f09680f0c - Use suser_cred(9) instead of directly checking cr_uid.
- Change the order of conditions to first verify that we actually need
  to check for privileges and then eventually check them.

Reviewed by:	rwatson
2006-06-27 11:35:53 +00:00
rwatson
7e8f1a7958 Use suser_cred() instead of a direct comparison of cr_uid with 0 in
rip6_output().

MFC after:	1 week
2006-06-25 13:54:59 +00:00
gnn
3b364427e5 Fix spurious warnings from neighbor discovery when working with IPv6 over
point to point tunnels (gif).

PR:		93220
Submitted by:	Jinmei Tatuya
MFC after:	1 week
2006-06-08 00:31:17 +00:00
tanimura
713caab1d6 Avoid spurious release of an rtentry. 2006-05-23 00:32:22 +00:00
bz
25768fb082 In IN6_IS_ADDR_V4MAPPED case instead of returning directly set error and
goto out so that locks will be dropped.

Reviewed by: rwatson, gnn
2006-05-20 13:26:08 +00:00
mlaier
123e91766b Remove ip6fw. Since ipfw has full functional IPv6 support now and - in
contrast to ip6fw - is properly lockes, it is time to retire ip6fw.
2006-05-12 20:39:23 +00:00
bz
cb7d941f7e Assert ip6_forward_rt protected by Giant adding GIANT_REQUIRED to
functions not yet asserting it but working on global ip6_forward_rt
route cache which is not locked and perhaps should go away in the
future though cache hit/miss ration wasn't bad.

It's #if 0ed in frag6 because the code working on ip6_forward_rt is.
2006-05-04 18:41:08 +00:00
rwatson
517c01ed07 Break out socket access control and delivery logic from udp6_input()
into its own function, udp6_append().  This mirrors a similar structure
in udp_input() and udp_append(), and makes the whole thing a lot more
readable.

While here, add missing inpcb locking in UDP6 input path.

Reviewed by:	bz
MFC after:	3 months
2006-05-01 21:39:48 +00:00
rwatson
7c7c50f35d Move lock assertions to top of in6_pcbladdr(): we still want them to run
even if we're going to return an argument-based error.

Assert pcbinfo lock in in6_pcblookup_local(), in6_pcblookup_hash(), since
they walk pcbinfo inpcb lists.

Assert inpcb and pcbinfo locks in in6_pcbsetport(), since
port reservations are changing.

MFC after:	3 months
2006-04-25 12:09:58 +00:00
rwatson
00366b63e3 Modify in6_pcbpurgeif0() to accept a pcbinfo structure rather than a pcb
list head structure; this improves congruence to IPv4, and also allows
in6_pcbpurgeif0() to lock the pcbinfo.  Modify in6_pcbpurgeif0() to lock
the pcbinfo before iterating the pcb list, use queue(9)'s LIST_FOREACH()
for the iteration, and to lock individual inpcb's while manipulating
them.

MFC after:	3 months
2006-04-23 15:06:16 +00:00
ps
10b2fe8dea Allow for nmbclusters and maxsockets to be increased via sysctl.
An eventhandler is used to update all the various zones that depend
on these values.
2006-04-21 09:25:40 +00:00
rwatson
6e218df686 Mirror IPv4 pcb locking into in6_setsockaddr() and in6_setpeeraddr():
acquire inpcb lock when reading inpcb port+address in order to prevent
races with other threads that may be changing them.

MFC after:	3 months
2006-04-15 05:24:23 +00:00
rwatson
de19fa1701 Assert the inpcb lock in udp6_output(), as we dereference various
fields.

MFC after:	3 months
2006-04-12 03:34:22 +00:00
rwatson
63a6c29297 Add comment to udp6_input() that locking is missing from multicast
UDPv6 delivery.

Lock the inpcb of the UDP connection being delivered to before
processing IPSEC policy and other delivery activities.

MFC after:	3 months
2006-04-12 03:32:54 +00:00
rwatson
8a39e7b800 Add udbinfo locking in udp6_input() to protect lookups of the inpcb
lists during UDPv6 receipt.

MFC after:	3 months
2006-04-12 03:23:56 +00:00
rwatson
c67babbd23 Don't use spl around call to in_pcballoc() in IPv6 raw socket support;
all necessary synchronization appears present.

MFC after:	3 months
2006-04-12 03:07:22 +00:00
rwatson
695637abdc Remove one remaining use of spl in the IPv6 fragmentation code, as
this code appears properly locked.

MFC after:	3 months
2006-04-12 03:06:20 +00:00
rwatson
600ea5a782 Add missing locking to udp6_getcred(), remove spl use.
MFC after:	3 months
2006-04-12 03:03:47 +00:00
rwatson
6f0c2ddcfa Remove spl use from IPv6 inpcb code.
In various inpcb methods for IPv6 sockets, don't check of so_pcb is NULL,
assert it isn't.

MFC after:	3 months
2006-04-12 02:52:14 +00:00
suz
7fd1474b9c ip6_mrouter_done(): use if_allmulti(0) for disabling the multicast promiscuous mode
Obtained from: KAME
MFC after: 2 days
2006-04-10 14:33:22 +00:00
rwatson
6354a580b6 Fix assertion description: !=, not ==.
Submitted by:	pjd
MFC after:	3 months
2006-04-09 16:33:41 +00:00
rwatson
a7c2bca553 Update in_pcb-derived basic socket types following changes to
pru_abort(), pru_detach(), and in_pcbdetach():

- Universally support and enforce the invariant that so_pcb is
  never NULL, converting dozens of unnecessary NULL checks into
  assertions, and eliminating dozens of unnecessary error handling
  cases in protocol code.

- In some cases, eliminate unnecessary pcbinfo locking, as it is no
  longer required to ensure so_pcb != NULL.  For example, in protocol
  shutdown methods, and in raw IP send.

- Abort and detach protocol switch methods no longer return failures,
  nor attempt to free sockets, as the socket layer does this.

- Invoke in_pcbfree() after in_pcbdetach() in order to free the
  detached in_pcb structure for a socket.

MFC after:	3 months
2006-04-01 16:20:54 +00:00
rwatson
71cc03392b Break out in_pcbdetach() into two functions:
- in_pcbdetach(), which removes the link between an inpcb and its
  socket.

- in_pcbfree(), which frees a detached pcb.

Unlike the previous in_pcbdetach(), neither of these functions will
attempt to conditionally free the socket, as they are responsible only
for managing in_pcb memory.  Mirror these changes into in6_pcbdetach()
by breaking it into in6_pcbdetach() and in6_pcbfree().

While here, eliminate undesired checks for NULL inpcb pointers in
sockets, as we will now have as an invariant that sockets will always
have valid so_pcb pointers.

MFC after:	3 months
2006-04-01 16:04:42 +00:00
rwatson
5479e5d692 Chance protocol switch method pru_detach() so that it returns void
rather than an error.  Detaches do not "fail", they other occur or
the protocol flags SS_PROTOREF to take ownership of the socket.

soclose() no longer looks at so_pcb to see if it's NULL, relying
entirely on the protocol to decide whether it's time to free the
socket or not using SS_PROTOREF.  so_pcb is now entirely owned and
managed by the protocol code.  Likewise, no longer test so_pcb in
other socket functions, such as soreceive(), which have no business
digging into protocol internals.

Protocol detach routines no longer try to free the socket on detach,
this is performed in the socket code if the protocol permits it.

In rts_detach(), no longer test for rp != NULL in detach, and
likewise in other protocols that don't permit a NULL so_pcb, reduce
the incidence of testing for it during detach.

netinet and netinet6 are not fully updated to this change, which
will be in an upcoming commit.  In their current state they may leak
memory or panic.

MFC after:	3 months
2006-04-01 15:42:02 +00:00
rwatson
8622e776f9 Change protocol switch pru_abort() API so that it returns void rather
than an int, as an error here is not meaningful.  Modify soabort() to
unconditionally free the socket on the return of pru_abort(), and
modify most protocols to no longer conditionally free the socket,
since the caller will do this.

This commit likely leaves parts of netinet and netinet6 in a situation
where they may panic or leak memory, as they have not are not fully
updated by this commit.  This will be corrected shortly in followup
commits to these components.

MFC after:      3 months
2006-04-01 15:15:05 +00:00
dwmalone
b5db288bf6 This comment on various IPPORT_ defines was copied from in.h and
probably never fully applied to IPv6. Over time it has become more
stale, so replace it with something more up to date.

Reviewed by:	ume
MFC after:	1 month
2006-03-28 12:51:22 +00:00
rwatson
61ae660ca7 Remove manual assignment of m_pkthdr from one mbuf to another in
ipsec_copypkt(), as this is already handled by the call to M_MOVE_PKTHDR(),
which also knows how to correctly handle MAC m_tags.  This corrects a panic
when running with MAC and KAME IPSEC.

PR:		kern/94599
Submitted by:	zhouyi zhou <zhouyi04 at ios dot cn>
Reviewed by:	bz
MFC after:	3 days
2006-03-28 10:16:38 +00:00
suz
0f0a98fed8 fixed a memory leak when net.inet6.icmp6.nd6_maxqueuelen is greater than 1
Obtained from: KAME
MFC after: 3 days
2006-03-24 16:20:12 +00:00
dwmalone
2dd230f5c3 Make net.inet.ip.portrange.reservedhigh and
net.inet.ip.portrange.reservedlow apply to IPv6 aswell as IPv4.

We could have made new sysctls for IPv6, but that potentially makes
things complicated for mapped addresses. This seems like the least
confusing option and least likely to cause obscure problems in the
future.

This change makes the mac_portacl module useful with IPv6 apps.

Reviewed by:	ume
MFC after:	1 month
2006-03-19 11:48:48 +00:00
suz
64762b215d implements section 2.2 of RFC4191, regarding the reserved preference value (10)
Obtained from: KAME
MFC after: 1 day
2006-03-19 06:38:39 +00:00
suz
9a911c0d05 updates net.inet6.ip6.kame_version as the proof of the latest KAME merge
Reviewed by: KAME
MFC after: 2 days
2006-03-19 02:11:42 +00:00
suz
97cfef1237 fixed a bug that an MLD report is not advertised when group-specific MLD query is received.
PR:	kern/93526
Obtained from:	KAME
MFC after:	1 day
2006-03-04 09:17:11 +00:00
ume
0189407c96 avoided the use of purged address structure when an address became
invalid in nd6_timer().

PR:		kern/93170
Reported by:	kris
Submitted by:	JINMEI Tatuya <jinmei__at__isl.rdc.toshiba.co.jp>
Confirmed by:	kris
Obtained from:	KAME
MFC after:	2 days
2006-02-12 15:37:08 +00:00
gnn
4d8070a25b Fix for an inappropriate bzero of the ICMPv6 stats. The code was zero'ing the wrong structure member but setting the correct one.
Submitted by:	James dot Juran at baesystems dot com
Reviewed by:	gnn
MFC after:	1 week
2006-02-08 07:16:46 +00:00
ume
e1e7fa68be shut up strict-aliasing rules warning. 2006-02-05 09:52:40 +00:00
ume
bd1c5824b3 make IPV6_V6ONLY socket option work for UDP as well.
PR:		ports/92620
Reported by:	Kurt Miller <kurt__at__intricatesoftware.com>
MFC after:	1 week
2006-02-02 11:46:05 +00:00
csjp
31292a14b6 Somewhat re-factor the read/write locking mechanism associated with the packet
filtering mechanisms to use the new rwlock(9) locking API:

- Drop the variables stored in the phil_head structure which were specific to
  conditions and the home rolled read/write locking mechanism.
- Drop some includes which were used for condition variables
- Drop the inline functions, and convert them to macros. Also, move these
  macros into pfil.h
- Move pfil list locking macros intp phil.h as well
- Rename ph_busy_count to ph_nhooks. This variable will represent the number
  of IN/OUT hooks registered with the pfil head structure
- Define PFIL_HOOKED macro which evaluates to true if there are any
  hooks to be ran by pfil_run_hooks
- In the IP/IP6 stacks, change the ph_busy_count comparison to use the new
  PFIL_HOOKED macro.
- Drop optimization in pfil_run_hooks which checks to see if there are any
  hooks to be ran, and returns if not. This check is already performed by the
  IP stacks when they call:

        if (!PFIL_HOOKED(ph))
                goto skip_hooks;

- Drop in assertion which makes sure that the number of hooks never drops
  below 0 for good measure. This in theory should never happen, and if it
  does than there are problems somewhere
- Drop special logic around PFIL_WAITOK because rw_wlock(9) does not sleep
- Drop variables which support home rolled read/write locking mechanism from
  the IPFW firewall chain structure.
- Swap out the read/write firewall chain lock internal to use the rwlock(9)
  API instead of our home rolled version
- Convert the inlined functions to macros

Reviewed by:	mlaier, andre, glebius
Thanks to:	jhb for the new locking API
2006-02-02 03:13:16 +00:00
glebius
aecf4a6244 Add some initial locking to gif(4). It doesn't covers the whole driver,
however IPv4-in-IPv4 tunnels are now stable on SMP. Details:

- Add per-softc mutex.
- Hold the mutex on output.

The main problem was the rtentry, placed in softc. It could be
freed by ip_output(). Meanwhile, another thread being in
in_gif_output() can read and write this rtentry.

Reported by:	many
Tested by:	Alexander Shiryaev <aixp mail.ru>
2006-01-30 08:39:09 +00:00
ume
a4f310a8a6 don't embed scope id before running packet filters.
Reported by:	YAMAMOTO Takashi <yamt__at__mwd.biglobe.ne.jp>
Obtained from:	NetBSD
MFC after:	1 week
2006-01-25 08:17:02 +00:00
rwatson
772467d029 Convert in6_cksum() to ANSI C function declaration.
MFC after:	1 week
2006-01-22 01:17:57 +00:00
rwatson
e4a63cbf9b When storing the results of malloc() in a pointer to a pointer, check
the pointer to a pointer for NULL, not the pointer for NULL.

Noticed by:	Coverity Prevent analysis tool
MFC after:	3 days
2006-01-14 00:09:41 +00:00