rev. 1.39 sys/net/if_gre.c
rev. 1.21 sys/netinet/ip_gre.c rev. 1.4 sys/netinet/ip_gre.h
rev. 1.12 sys/netipsec/keysock.c rev. 1.3 sys/netipsec/keysock.h
rev. 1.32 sys/netkey/keysock.c rev. 1.9 sys/netkey/keysock.h
Fix stack corruptions on amd64.
Vararg functions have a different calling convention than regular
functions on amd64. Casting a varag function to a regular one to
match the function pointer declaration will hide the varargs from
the caller and we will end up with an incorrectly setup stack.
Entirely remove the varargs from these functions and change the
functions to match the declaration of the function pointers.
Remove the now unnecessary casts.
Lots of explanations and help from: peter
PR: amd64/89261
MFC 1.88:
Improve handling flags that must be propagated
to the parent interface, such as IFF_PROMISC and
IFF_ALLMULTI. In addition, vlan(4) gains ability
to migrate from one parent to another w/o losing
its own flags.
PR: kern/81978
them to userland. [1]
MFC rev. 1.16 of sys/contrib/pf/net/pf_norm.c: Correct an error in pf
handling of IP packet fragments which could result in a kernel panic.
[2]
Security: FreeBSD-SA-06:06.kmem [1]
Security: FreeBSD-SA-06:07.pf [2]
1.17: convert from network byte order to host byte order not to reverse.
1.19: Get rid of the bogus IFP2FC() macro and use IFP2FWC().
1.20: Fix ip_fastforward() return handling.
PR: kern/91307 (1.19)
Found by: Coverity Prevent(tm) (1.20)
- Use VLAN_TAG_VALUE() not only to read a dot1q tag
value from an m_tag, but also to set it. This reduces
complex code duplication and improves its readability.
- Fix VLAN_INPUT_TAG() macro, so that it doesn't touch mtag in
case if memory allocation failed.
- Remove fourth argument from VLAN_INPUT_TAG(), that was used
incorrectly in almost all drivers. Indicate failure with
mbuf value of NULL.
- Do not raise IFF_DRV_OACTIVE flag in vlan_start, because this
can lead to stalled interface
- Explain this fact in a comment.
Reviewed by: rwatson, thompsa, yar
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
sys/net/if_gif.c: 1.53
sys/net/if_spppsubr.c: 1.120
sys/netinet/icmp6.h: 1.19
sys/netinet/ip_carp.c: 1.28,1.29
sys/netinet/ip_fw2.c: 1.107
sys/netinet/tcp_subr.c: 1.230,1.231,1.235
sys/netinet/tcp_usrreq.c: 1.125
sys/netinet6/ah_core.c: 1.26
sys/netinet6/icmp6.c: 1.63,1.64
sys/netinet6/in6.c: 1.52
sys/netinet6/in6.h: 1.38
sys/netinet6/in6_cksum.c: 1.11
sys/netinet6/in6_ifattach.c: 1.27
sys/netinet6/in6_pcb.c: 1.63
sys/netinet6/in6_proto.c: 1.33
sys/netinet6/in6_src.c: 1.31,1.32
sys/netinet6/in6_var.h: 1.22
sys/netinet6/ip6_forward.c: 1.29
sys/netinet6/ip6_input.c: 1.83
sys/netinet6/ip6_mroute.c: 1.30
sys/netinet6/ip6_output.c: 1.95
sys/netinet6/ip6_var.h: 1.33
sys/netinet6/ipsec.c: 1.43
sys/netinet6/mld6.c: 1.21
sys/netinet6/nd6.c: 1.50
sys/netinet6/nd6_nbr.c: 1.30
sys/netinet6/nd6_rtr.c: 1.27
sys/netinet6/raw_ip6.c: 1.54
sys/netinet6/route6.c: 1.12
sys/netinet6/scope6.c: 1.13,1.14,1.15
sys/netinet6/scope6_var.h: 1.5
sys/netinet6/udp6_output.c: 1.23
sys/netinet6/udp6_usrreq.c: 1.55
sys/netkey/key.c: 1.72,1.73
"firewire" to "if_firewire." According to the PR originator and Cai's
test, this bug prevents a RELENG_6 GENERIC kernel from loading if_fwip.ko
and will panic the kernel if users compile "device fwip" into their
GENERIC kernel.
Approved by: re (scottl)
> If we have been called from ether_ifdetach() then do not try and clear the
> promisc flag from the member interface, this is a no-op anyway since the
> interface is disappearing. The driver may have already released
> its resources such as miibus and this is likely to panic the kernel.
Approved by: re (scottl)
> Use bridge_ifdetach() to notify the bridge that a member has been detached.
> The bridge can then remove it from its interface list and not try to send
> out via a dead pointer.
Approved by: re (scottl)
> Do not packet filter in the bridge_start() routine, locally generated packets
> are already filtered by the higher layers.
Approved by: re (kensmith)
Rename net.isr.enable to net.isr.direct.
No compatibility code is provided, as this will be the production name
as of 6.0. Previously this has been an experimental and unsupported
feature.
Requested by: scottl
Approved by: re (kensmith)
Take a first cut at cleaning up ifnet removal and multicast socket
panics, which occur when stale ifnet pointers are left in struct
moptions hung off of inpcbs:
- Add in_ifdetach(), which matches in6_ifdetach(), and allows the
protocol to perform early tear-down on the interface early in
if_detach().
- Annotate that if_detach() needs careful consideration.
- Remove calls to in_pcbpurgeif0() in the handling of SIOCDIFADDR --
this is not the place to detect interface removal! This also
removes what is basically a nasty (and now unnecessary) hack.
- Invoke in_pcbpurgeif0() from in_ifdetach(), in both raw and UDP
IPv4 sockets.
It is now possible to run the msocket_ifnet_remove regression test
using HEAD without panicking.
Reported by: Gavin Atkinson <gavin dot atkinson at ury dot york dot ac dot uk>
Approved by: re (scottl)
Several fixes to rt_setgate(), that fix problems with route changing:
- Rearrange code so that in a case of failure the affected
route is not changed. Otherwise, a bogus rtentry will be
left and later rt_check() can recurse on its lock. [1]
- Remove comment about protocol cloning.
- Fix two places where rtentry mutex was recursed on, because
accessed via two different pointers, that were actually pointing
to the same rtentry in some cases. [1]
- Return EADDRINUSE instead of bogus EDQUOT, in case when gateway
uses the same route. [2]
Reported & tested by: ps, Andrej Zverev <az inec.ru> [1]
PR: kern/64090 [2]
Approved by: re (scottl)
> Fix an alignment panic my preserving the 2byte padding (ETHER_ALIGN) on our
> copied mbuf, which keeps the IP header 32-bit aligned. This copied mbuf is
> reinjected back into ether_input and off to the IP routines.
>
> Reported and tested by: Peter van Dijk
Approved by: re (scottl), mlaier (mentor)
Test the new M_VLANTAG packet flag before calling
m_tag_locate(). This adds little overhead of a simple
bitwise operation in case hardware VLAN acceleration
is on, yet saves the more expensive function call if
the acceleration is off.
Reviewed by: ru, glebius
Approved by: re (kensmith)
In netkqfilter(), return EINVAL instead of 1 (EPERM) when a filter type
is requested on a network interface file descriptor that is
non-applicable.
Approved by: re (kensmith)
nd6.c, r1.55; nd6_nbr.c, r1.33
> Add support for multicast to the bridge and allow inet6 addresses to be
> assigned to the interface.
>
> IPv6 auto-configuration is disabled. An IPv6 link-local address has a
> link-local scope within one link, the spec is unclear for the bridge case and
> it may cause scope violation.
>
> An address can be assigned in the usual way;
> ifconfig bridge0 inet6 xxxx:...
>
> Tested by: bmah
> Reviewed by: ume (netinet6)
> Approved by: mlaier (mentor)
Approved by: re (kensmith), mlaier (mentor)
> Fix a panic in softclock() if the interface is destroyed with a bpf consumer
> attached.
>
> This is caused by bpf_detachd clearing IFF_PROMISC on the interface which does
> a SIOCSIFFLAGS ioctl. The problem here is that while the interface has been
> stopped, IFF_UP has not been cleared so IFF_UP != IFF_DRV_RUNNING, this causes
> the ioctl function to init() the interface which resets the callouts.
>
> The destroy then completes and frees the softc but softclock will panic on a
> dead callout pointer.
>
> Ensure ifp->if_flags matches reality by clearing IFF_UP when we destroy.
Approved by: re (kensmith), mlaier (mentor)
> Mark the callouts as MPSAFE as if_bridge has been giant-free since day 1.
>
> Use the SMP friendly callout_init_mtx() while we are here.
>
Approved by: re (kensmith), mlaier (mentor)
Don't loop back packets that have been routed by pf. This fixes an
endless loop where the same packet is sent over and over again.
Obtained from: OpenBSD
Reported by: Sergey Lapin
Tested by: Sergey Lapin
Approved by: re (scottl)
