| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out that MINIPORT_INITIALIZE can actually delay system load,
and we currently have reports of people's systems hanging indefinitely.
WskCaptureNPI is known to deadlock if called too early in boot (say,
from DriverEntry of a PnP driver), but it was thought that
MINIPORT_INITIALIZE was sufficiently late that it was okay. Perhaps that
assumption is incorrect. In case it is, this patch moves WSK
initialization to when sockets are created, which always happens in the
context of a user thread, which naturally happens late in boot and can
block.
We know empirically that MINIPORT_INITIALIZE can block system boot, by
adding a `KeDelayExecutionThread(KernelMode, FALSE, &(LARGE_INTEGER){
.QuadPart = -SEC_TO_SYS_TIME_UNITS(300) });` to the top and noting that
boot takes 5 minutes longer. So the theory that the assumption is
incorrect is at least plausible.
All this commit does is move the call to WskInit() from InitializeEx in
device.c to SocketInit() in socket.c. The diff looks more verbose than
it is because making WskInit static and removing its forward declaration
required shuffling some functions around in socket.c, but no code
changed during that shuffle.
Reported-by: Oliver Freyermuth <freyermuth@physik.uni-bonn.de>
Reported-by: Joshua Sjoding <joshua.sjoding@scjalliance.com>
Reported-by: John-Paul Andreini <jandreini@geonerco.com>
Reported-by: Arlo Clauser <Arlo@starcubedesign.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
| |
Some routers using hardware NAT can't handle this. A packet goes through
initially, but then once the flow is established and it's offloaded to
the NAT hardware, the zero checksum causes most packets to be dropped.
So, unfortunately, we have to remove this optimization.
Reported-by: Christian Ã…rebrand <myspysgaddan@hotmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
Not only will this improve performance, but it will eliminate a big
issue with IP_PKTINFO.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
Otherwise, we can't reply to incoming endpoints.
Reported-by: Peter Whisker <peter.whisker@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the cmsg only contains an IP_PKTINFO or IP_PKTINFO_EX, then on some
systems, the entire control message will be stripped out early before
passing it to WFP. Presumably this is an optimization gone bad. The lack
of a valid controlMessage member in FWPS_INCOMING_METADATA_VALUES0 when
callouts are triggered results in big problems.
Specifically, problems occur with drivers like NFSDK or McAfee or
various other applications users install that install callouts that
capture an outgoing packet, and then later reinject it (with, say,
FwpsInjectTransportSendAsync0). McAfee does this for their DPI. NFSDK
does this for their userspace parser library. Various things seem to use
this technique. The problem is that when IN_PKTINFO is stripped from
FWPS_INCOMING_METADATA_VALUES0, then it's not subsequently passed to
FwpsInjectTransportSendAsync0, so it's as if the packet was sent without
IP_PKTINFO in the first place. This causes routing loops, and users have
a dysfunctional tunnel with high CPU usage, as packets route round and
round. These issues go away when the callout and
FwpsInjectTransportSendAsync0 dance is removed, indicating that
IN_PKTINFO is working as intended in the rest of the networking stack.
It turns out that the faulty optimization only triggers if IP_PKTINFO is
the only control message used. So, we tag on a second control message
that (hopefully) does nothing; IP_WFP_REDIRECT_RECORDS seems like a
reasonable candidate. It happens to be Windows 8+, so we disable it on
Windows 7, which doesn't need the hack anyway. Adding an extra control
message and potentially adding additional overhead to the egress path is
pretty awful, but currently, I'm not aware of a better workaround.
Reported-by: Keshav Kejriwal <kesh.kejriwal@gmail.com>
Reported-by: Kai Haberzettl <khaberz@gmail.com>
Reported-by: Seyed Mohammad Hossein Amirkhalili <hosami@gmail.com>
Reported-by: Francky Meyer <francky.meyer@hotmail.fr>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
You can still create loops, but ever since we started making copies on
both RX and TX, and freeing TX buffers really early (after encryption),
we no longer have a stack chaining issue on free.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
| |
It expects to receive the total space, with padding, for the cmsg length
argument, so pad out cmsg_len to the data padding multiple, which
amounts to the same thing. This will fix IPv6 endpoints.
Reported-by: Darren VanBuren <onekopaka@theoks.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
The most ridiculous function gets even more ridiculous: we need a heap
allocation. We should probably find a new strategy here, as this is
growing unwieldy.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
This is preparation for the next commit, which will attempt to allocate
everything at once for the RX path.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
| |
This should allow better transition between wifi and wired.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
Otherwise we wind up retrying and doing the routing generation
comparison at the top needlessly.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
Very silly error that caused non-default routes to be ignored.
Reported-by: Peter Whisker <peter.whisker@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
Co-authored-by: Simon Rozman <simon@rozman.si>
Signed-off-by: Simon Rozman <simon@rozman.si>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
Jason A. Donenfeld