Commit Graph

626 Commits

Author SHA1 Message Date
bms
dd70643685 MFC after: 3 days 2007-02-05 11:05:41 +00:00
ume
de9e7e731d ng_iface requiers neighbor cache as well.
MFC after:	3 days
2007-02-03 09:34:36 +00:00
bmah
c083ee91fa Revert nd6.c revs. 1.67, 1.68, 1.69, 1.70 in an attempt to unbreak
IPv6 over point-to-point gif(4) tunnels.

These revisions caused a host route to the destination of a
point-to-point gif(4) interface to not get installed when the interface
and destination addresses were assigned.  This caused
"no route to host" errors when trying to send traffic over the
interface.  The first packet arriving inbound over the tunnel,
however, would cause the correct route to get installed, allowing
subsequent outbound traffic to be routed correctly.

gif(4) interfaces with prefix lengths of less than 128 bits
(i.e. no explicit destination address assigned) were not affected
by this bug.

This bug fix is a possible candidate for a 6.2-RELEASE errata note.

Approved by:	jhay (original committer)
Discussed with:	jhay, JINMEI Tatuya
MFC after:	3 days
2007-01-26 23:22:58 +00:00
rrs
1b181171ae - most all includes (#include <>) migrate to the sctp_os_bsd.h file
- Finally all splxx() are removed
 - Count error fixed in mapping array which might
   cause a wrong cumack generation.
 - Invariants around panic for case D + printf when no invariants.
 - one-to-one model race condition fixed by using
   a pre-formed connection and then completing the
   work so accept won't happen on a non-formed
   association.
 - Some additional paranoia checks in sctp_output.
 - Locks that were missing in the accept code.

Approved by:	gnn
2007-01-18 09:58:43 +00:00
ume
66ac91ed3b Avoid infinite loop if nicmp6 and nip6 are not on the same mbuf.
NetBSD PR 34994+35333

MFC after:	3 days
2007-01-16 15:55:29 +00:00
rrs
094d70fac7 - Macroizes the V6ONLY flag check.
- Added a short time wait (not used yet) constant
- Corrected the type of the crc32c table (it was
  unsigned long and really is a uint32_t
- Got rid of the user of MHeaders until they
  are truely needed by lower layers.
- Fixed an initialization problem in the readq structure
  (ordering was off).
- Found yet another collision bug when the random number
  generator returns two numbers on one side (during a collision)
  that are the same. Also added some tracking of cookies
  that will go away when we know that we have the last collision
  bug gone.
- Fixed an init bug for book_size_scale, that was causing
  Early FR code to run when it should not.
- Fixed a flight size tracking bug that was associated with
  Early FR but due to above bug also effected all FR's
- Fixed it so Max Burst also will apply to Fast Retransmit.
- Fixed a bug in the temporary logging code that allowed a
  static log array overflow
- hashinit_flags is now used.
- Two last mcopym's were converted to the macro sctp_m_copym that
  has always been used by all other places
- macro sctp_m_copym was converted to upper case.
- We now validate sinfo_flags on input (we did not before).
- Fixed a bug that prevented a user from sending data and immediately
  shuting down with one send operation.
- Moved to use hashdestroy instead of free() in our macros.
- Fixed an init problem in our timed_wait vtag where we
  did not fully initialize our time-wait blocks.
- Timer stops were re-positioned.
- A pcb cleanup method was added, however this probably will
  not be used in BSD.. unless we make module loadable protocols
- I think this fixes the mysterious timer bug.. it was a
  ordering of locks problem in the way we did timers. It
  now conforms to the timeout(9) manual (except for the
  _drain part, we had to do this a different way due
  to locks).
- Fixed error return code so we get either CONNREUSED or CONNRESET
  depending on where one is in progression
- Purged an unused clone macro.
- Fixed a read erro code issue where we were NOT getting the proper
  error when the connection was reset.
- Purged an unused clone macro.
- Fixed a read erro code issue where we were NOT getting the proper
  error when the connection was reset.
Approved by:	gnn
2007-01-15 15:12:10 +00:00
imp
aafe8d188d Marked these as packed correctly 2007-01-12 07:20:25 +00:00
rrs
d392a291a2 a) macro-ization of all mbuf and random number
access plus timers. This makes the code
   more portable and able to change out the
   mbuf or timer system used more easily ;-)
b) removal of all use of pkt-hdr's until only
   the places we need them (before ip_output routines).
c) remove a bunch of code not needed due to <b> aka
   worrying about pkthdr's :-)
d) There was one last reorder problem it looks where
   if a restart occur's and we release and relock (at
   the point where we setup our alias vtag) we would
   end up possibly getting the wrong TSN in place. The
   code that fixed the TSN's just needed to be shifted
   around BEFORE the release of the lock.. also code that
   set the state (since this also could contribute).
Approved by:	gnn
2006-12-29 20:21:42 +00:00
bz
2ea10fad24 In ip6_sprintf print the addresses in a more common/readable
format eliminating leading zeros like in :0001 -> :1.

Reviewed by:	mlaier
2006-12-16 14:15:31 +00:00
rrs
3de80805ff 1) Fixes on a number of different collision case LOR's.
2) Fix all "magic numbers" to be constants.
3) A collision case that would generate two associations to
   the same peer due to a missing lock is fixed.
4) Added tracking of where timers are stopped.
Approved by:	gnn
2006-12-14 17:02:55 +00:00
bz
297206ec2a MFp4: 92972, 98913 + one more change
In ip6_sprintf no longer use and return one of eight static buffers
for printing/logging ipv6 addresses.
The caller now has to hand in a sufficiently large buffer as first
argument.
2006-12-12 12:17:58 +00:00
ru
667552ba96 - In nd6_rtrequest(), when caching an rtentry, don't forget
to add a reference to it; otherwise, we could later access
  a freed memory.  This is believed to fix panics some users
  were observing when running route6d(8), and is similar to
  the fix in sys/netinet/if_ether.c,v 1.139 by glebius@.

PR:		kern/93910, kern/105437
Testing by:	Wojciech Puchar (still ongoing)

- Add rtentry locking to nd6_output() similar to rt_check().

MFC after:	4 days
2006-11-25 20:38:56 +00:00
rrs
1bedc49b68 -Fixes first of all the getcred on IPv6 and V4. The
copy's were incorrect and so was the locking.
-A bug was also found that would create a race and
 panic when an abort arrived on a socket being read
 from.
-Also fix the reader to get MSG_TRUNC when a partial
 delivery is aborted.
-Also addresses a couple of coverity caught error path
 memory leaks and a couple of other valid complaints
Approved by:	gnn
2006-11-08 00:21:13 +00:00
rwatson
572da55a43 Convert three new suser(9) calls introduced between when the priv(9)
patch was prepared and committed to priv(9) calls.  Add XXX comments
as, in each case, the semantics appear to differ from the TCP/UDP
versions of the calls with respect to jail, and because cr_canseecred()
is not used to validate the query.

Obtained from:	TrustedBSD Project
2006-11-06 14:54:06 +00:00
rwatson
10d0d9cf47 Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
specific privilege names to a broad range of privileges.  These may
require some future tweaking.

Sponsored by:           nCircle Network Security, Inc.
Obtained from:          TrustedBSD Project
Discussed on:           arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
                        Alex Lyashkov <umka at sevcity dot net>,
                        Skip Ford <skip dot ford at verizon dot net>,
                        Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:42:10 +00:00
rrs
20dc61d3a4 Tons of fixes to get all the 64bit issues removed.
This also moves two 16 bit int's to become 32 bit
values so we do not have to use atomic_add_16.
Most of the changes are %p, casts and other various
nasty's that were in the orignal code base. With this
commit my machine will now do a build universe.. however
I as yet have not tested on a 64bit machine .. it may not work :-(
2006-11-05 13:25:18 +00:00
rrs
d203a1d908 Opps... in my fix up of all the $FreeBSD:$-> $FreeBSD$ I
inserted a few to the new files.. but I falied to
add the #include <sys/cdef.h>

Which causes a compile error.. sorry about that... got it
now :-)

Approved by:gnn
2006-11-03 17:21:53 +00:00
rrs
3d3e3f2242 Ok, here it is, we finally add SCTP to current. Note that this
work is not just mine, but it is also the works of Peter Lei
and Michael Tuexen. They both are my two key other developers
working on the project.. and they need ata-boy's too:
****
peterlei@cisco.com
tuexen@fh-muenster.de
****
I did do a make sysent which updated the
syscall's and sysproto.. I hope that is correct... without
it you don't build since we have new syscalls for SCTP :-0

So go out and look at the NOTES, add
option SCTP (make sure inet and inet6 are present too)
and play with SCTP.

I will see about comitting some test tools I have after I
figure out where I should place them. I also have a
lib (libsctp.a) that adds some of the missing socketapi
functions that I need to put into lib's.. I will talk
to George about this :-)

There may still be some 64 bit issues in here, none of
us have a 64 bit processor to test with yet.. Michael
may have a MAC but thats another beast too..

If you have a mac and want to use SCTP contact Michael
he maintains a web site with a loadable module with
this code :-)

Reviewed by:	gnn
Approved by:	gnn
2006-11-03 15:23:16 +00:00
rwatson
7beaaf5cd2 Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.h
begun with a repo-copy of mac.h to mac_framework.h.  sys/mac.h now
contains the userspace and user<->kernel API and definitions, with all
in-kernel interfaces moved to mac_framework.h, which is now included
across most of the kernel instead.

This change is the first step in a larger cleanup and sweep of MAC
Framework interfaces in the kernel, and will not be MFC'd.

Obtained from:	TrustedBSD Project
Sponsored by:	SPARTA
2006-10-22 11:52:19 +00:00
ume
8b35df5a80 Make net.inet6.ip6.auto_linklocal tunable. Someone may want to
enable/disable auto_linklocal even in single user mode.

Discussed with:	re@, gnn@
MFC after:	3 days
2006-10-13 12:45:53 +00:00
ume
73c8098699 Revert the default value of net.inet6.ip6.auto_linklocal to 1.
If ipv6_enable is not set to "YES", net.inet6.ip6.auto_linklocal
is turned to 0 at boot.

Discussed with:	re@, gnn@
MFC after:	3 days
2006-10-13 12:41:36 +00:00
jhay
8c3f4d74b0 Hopefully the last tweak in trying to make it possible to add ipv6 direct
host routes without side effects.

Submitted by:	JINMEI Tatuya
MFC after:	4 days
2006-10-02 19:15:10 +00:00
gnn
3b143b31f6 Turn off automatic link local address if ipv6_enable is not set to YES
in rc.conf

Reviewed by:    KAME core team, cperciva
MFC after:      3 days
2006-10-02 10:13:30 +00:00
jhay
d911786867 A better fix is to check if it is a host route.
Submitted by:	ume
MFC after:	5 days
2006-09-30 20:25:33 +00:00
jhay
1bd8a2893d My previous commit broke "route add -inet6 <network_addr> -interface gif0".
Fix that by excluding point-to-point interfaces.

MFC after:	5 days
2006-09-30 14:08:57 +00:00
bms
b7f17de1eb Nits.
Submitted by:	ru
2006-09-29 16:16:41 +00:00
bms
686e54733a Push removal of mrouted down to the rest of the tree. 2006-09-29 15:45:11 +00:00
suz
b119ccaff8 fixed a bug that IPv6 packets arriving to stf are not accepted.
(a degrade introduced in in6.c Rev 1.61)

PR: kern/103415
Submitted by: JINMEI Tatuya
MFC after: 1 week
2006-09-22 01:42:22 +00:00
jhay
ac9152509c Make it possible to add an IPv6 host route to a host directly connected.
Use something like this:
route add -inet6 <dest_addr> <my_addr_on_that_interface> -interface -llinfo

This is usefull for wireless adhoc mesh networks.

MFC after:	5 days
2006-09-16 06:24:28 +00:00
jhay
13e2e37860 All multicast listeners on a port should get one copy of the packet. This
was broken during the locking changes.
2006-09-07 18:44:54 +00:00
andre
cb05913fd2 First step of TSO (TCP segmentation offload) support in our network stack.
o add IFCAP_TSO[46] for drivers to announce this capability for IPv4 and IPv6
 o add CSUM_TSO flag to mbuf pkthdr csum_flags field
 o add tso_segsz field to mbuf pkthdr
 o enhance ip_output() packet length check to allow for large TSO packets
 o extend tcp_maxmtu[46]() with a flag pointer to pass interface capabilities
 o adjust all callers of tcp_maxmtu[46]() accordingly

Discussed on:	-current, -net
Sponsored by:	TCP/IP Optimization Fundraise 2005
2006-09-06 21:51:59 +00:00
jhay
b02696f240 Use net.inet6.ip6.redirect / ip6_sendredirects as part of the decision
to generate icmp6 redirects. Now it is possible to switch redirects off.

MFC after:	1 week
2006-09-05 19:20:42 +00:00
brooks
bc6ab54808 With exception of the if_name() macro, all definitions in net_osdep.h
were unused or already in if_var.h so add if_name() to if_var.h and
remove net_osdep.h along with all references to it.

Longer term we may want to kill off if_name() entierly since all modern
BSDs have if_xname variables rendering it unnecessicary.
2006-08-04 21:27:40 +00:00
rwatson
fe855a5667 Align IPv6 socket locking with IPv4 locking: lock socket buffer explicitly
and use _locked variants to avoid extra lock and unlock operations.

Reviewed by:	gnn
MFC after:	1 week
2006-07-23 12:24:22 +00:00
gnn
0228f1899a The KAME project ceased work on IPv6 and IPSec in March of 2006.
Remove the README file which warns against cosmetic or local only
changes.  FreeBSD committers should now feel free to work on the
IPv6 and IPSec code without fetters.  The KAME mailing lists still
exist and it is always a good idea to ask questions about this code
on the snap-users@kame.net mailing list.

Reviewed by:	rwatson, brooks
2006-07-22 02:32:32 +00:00
rwatson
720efebbba Change semantics of socket close and detach. Add a new protocol switch
function, pru_close, to notify protocols that the file descriptor or
other consumer of a socket is closing the socket.  pru_abort is now a
notification of close also, and no longer detaches.  pru_detach is no
longer used to notify of close, and will be called during socket
tear-down by sofree() when all references to a socket evaporate after
an earlier call to abort or close the socket.  This means detach is now
an unconditional teardown of a socket, whereas previously sockets could
persist after detach of the protocol retained a reference.

This faciliates sharing mutexes between layers of the network stack as
the mutex is required during the checking and removal of references at
the head of sofree().  With this change, pru_detach can now assume that
the mutex will no longer be required by the socket layer after
completion, whereas before this was not necessarily true.

Reviewed by:	gnn
2006-07-21 17:11:15 +00:00
ups
ee0a5eb928 Fix race conditions on enumerating pcb lists by moving the initialization
( and where appropriate the destruction) of the pcb mutex to the init/finit
functions of the pcb zones.
This allows locking of the pcb entries and race condition free comparison
of the generation count.
Rearrange locking a bit to avoid extra locking operation to update the generation
count in in_pcballoc(). (in_pcballoc now returns the pcb locked)

I am planning to convert pcb list handling from a type safe to a reference count
model soon. ( As this allows really freeing the PCBs)

Reviewed by:	rwatson@, mohans@
MFC after:	1 week
2006-07-18 22:34:27 +00:00
oleg
e6e6ae67a2 Complete timebase (time_second -> time_uptime) conversion.
PR:		kern/94249
Reviewed by:	andre (few months ago)
Approved by:	glebius (mentor)
2006-07-05 23:37:21 +00:00
yar
563866983d We needn't check "m" for NULL here because "off" should be within
the mbuf chain.  If we ever get a buggy caller, a bogus "off" should
be caught by the sanity check at the function entry.  Null "m" here
means a very unusual condition of a totally broken mbuf chain (wrong
m_pkthdr.len or whatever), so we can just page fault later.

Found by:	Coverity Prevent(tm)
CID:		825
2006-06-30 18:25:07 +00:00
yar
ba19b1ecd4 There is a consensus that ifaddr.ifa_addr should never be NULL,
except in places dealing with ifaddr creation or destruction; and
in such special places incomplete ifaddrs should never be linked
to system-wide data structures.  Therefore we can eliminate all the
superfluous checks for "ifa->ifa_addr != NULL" and get ready
to the system crashing honestly instead of masking possible bugs.

Suggested by:	glebius, jhb, ru
2006-06-29 19:22:05 +00:00
yar
976c2bc374 Use queue(3) macros instead of accessing list/queue internals directly. 2006-06-29 16:56:07 +00:00
bz
ed6ddd5a31 Use INPLOOKUP_WILDCARD instead of just 1 more consistently.
OKed by: rwatson (some weeks ago)
2006-06-29 10:49:49 +00:00
pjd
f5154298f6 - Use suser_cred(9) instead of directly comparing cr_uid.
- Compare pointer with NULL, instead of 0.

Reviewed by:	rwatson
2006-06-27 11:40:05 +00:00
pjd
7f09680f0c - Use suser_cred(9) instead of directly checking cr_uid.
- Change the order of conditions to first verify that we actually need
  to check for privileges and then eventually check them.

Reviewed by:	rwatson
2006-06-27 11:35:53 +00:00
rwatson
7e8f1a7958 Use suser_cred() instead of a direct comparison of cr_uid with 0 in
rip6_output().

MFC after:	1 week
2006-06-25 13:54:59 +00:00
gnn
3b364427e5 Fix spurious warnings from neighbor discovery when working with IPv6 over
point to point tunnels (gif).

PR:		93220
Submitted by:	Jinmei Tatuya
MFC after:	1 week
2006-06-08 00:31:17 +00:00
tanimura
713caab1d6 Avoid spurious release of an rtentry. 2006-05-23 00:32:22 +00:00
bz
25768fb082 In IN6_IS_ADDR_V4MAPPED case instead of returning directly set error and
goto out so that locks will be dropped.

Reviewed by: rwatson, gnn
2006-05-20 13:26:08 +00:00
mlaier
123e91766b Remove ip6fw. Since ipfw has full functional IPv6 support now and - in
contrast to ip6fw - is properly lockes, it is time to retire ip6fw.
2006-05-12 20:39:23 +00:00
bz
cb7d941f7e Assert ip6_forward_rt protected by Giant adding GIANT_REQUIRED to
functions not yet asserting it but working on global ip6_forward_rt
route cache which is not locked and perhaps should go away in the
future though cache hit/miss ration wasn't bad.

It's #if 0ed in frag6 because the code working on ip6_forward_rt is.
2006-05-04 18:41:08 +00:00