| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
These are the last ones in if_pppoe.c and if_spppsubr.c.
OK beck
|
| | |
|
| |
|
|
|
| |
Reported by Maxime Villard, fix from Matt Dunwoodie after feeedback from
claudio who is fine with either of the two suggested fixes going in.
|
| |
|
|
| |
ok yasuoka@
|
| |
|
|
|
|
|
|
|
|
| |
pipex(4) layer this `ifnet' still uses `if_data'. Also pppx(4) doesn't
use per cpu counters but `if_data'.
Add per cpu counters to pppx(4) and pipex(4). This finishes interface
statistics collecting mess.
ok yasuoka@
|
| |
|
|
|
|
| |
Fixes CID 1496732.
ok patrick@
|
| |
|
|
| |
ok deraadt@
|
| |
|
|
|
|
|
|
|
|
|
| |
Although technically a point-to-multipoint interface, point-to-point
semantics apply/fit when installing local routes, e.g. configuring IPv6
addresses on it.
This is to fix SIOCGNBRINFO_IN6 and thus ndp(8).
Report and diff from Matt Dunwoodie <ncon at noconroy dot net>, thanks!
OK tobhe
|
| |
|
|
|
|
|
|
|
|
| |
pipex_iface of struct pipex_session with owner_sc which refers the
owner device. This makes ioctl commands for pppac or pppx device
simpler. PIPEX{S,G}MODE became dummy since both pppac and pppx is
always used with pipex. Also move some pppac specific things to the
pppac part on if_pppx.c.
suggestions from mvs, ok mvs
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When "once" rules expire, they are removed from the active ruleset,
hence the main ruleset needs to be rehashed iff itself contains once rules.
After the previous commit, pf_setup_pfsync_matching() became much simpler
but its name even less accurate; simplify it further and rename it to
pf_calc_chksum() while here.
Admins using "once" rules in combination with pfsync(4) are hopefully aware
of this caveat (self-changing rulesets) already, but now the checksum in
"pfctl -v -s info" actually indicates out-of-sync rulesets and is no longer
misleading.
OK sashan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Each ruleset's rules are stored in a TAILQ called "ptr" with "rcount"
representing the number of rules in the ruleset; "ptr_array" points to an
array of the same length.
"ptr" is backed by pool_get(9) and may change in size as "expired" rules
get removed from the ruleset - see "once" in pf.conf(5).
"ptr_array" is allocated momentarily through mallocarray(9) and gets filled
with the TAILQ entries, so that the sole user pfsync(4) can access the list
of rules by index to pick the n-th rule during state insertion.
Remove "ptr_array" and make pfsync iterate over the TAILQ instead to get the
matching rule's index. This simplifies both code and data structures and
avoids duplicate memory management.
OK sashan
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Simply reuse struct size or buffer length variables for free() the very
same way they are used with malloc(), often within the same scope and/or
only a few lines above.
This leaves only a few selected free() calls with size zero in due to the
fact that there is currently no variable to keep track of name and secret
string lengths.
OK mvs
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Most clonable interface drivers (except bridge, enc, loop, pppx,
switch, trunk and vlan) initialise the send queue's length to IFQ_MAXLEN
during *_clone_create() even though ifq_init(), which is eventually called
through if_attach(), does the same.
Remove all early "ifq_set_maxlen(&ifq->if_snd, IFQ_MAXLEN);" lines to leave
it to ifq_init() and have clonable drivers a tad more in sync.
OK mvs
|
| |
|
|
|
|
|
|
| |
There are either length variables tracking the allocated buffer or strings
allocated by their length, reuse the same idiom each time when freeing.
Reminder from Peter J. Philipp to account for NUL bytes in strings as well
OK mvs
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ifconfig(8) detects switch(4) through its unique SIOCSWGDPID ioctl(2) and
further does another switch specific ioctl for the default output regardless
of configuration and/or members.
But since these two ioctls are limited to root, running ifconfig as
unprivileged user makes switch interfaces partially appear as bridge devices
because the detection fails, e.g. STP parameters are shown instead of
datapath id and flow parameters.
ifioctl() limits a list of set/write ioctls to root, but these two read-only
ioctls seem to have been listed by mistake, so remove them to omit the root
check and fix "ifconfig switch" output for unprivileged users.
Feedback from dlg
|
| |
|
|
|
|
| |
Unused since r1.138 from 2015: "remove cisco hdlc code from sppp(4)".
OK mpi
|
| |
|
|
|
|
|
| |
packets output out of KERNEL_LOCK. pppx(4) and pipex(4) are ready to
this.
ok yasuoka@ mpi@
|
| |
|
|
|
|
|
|
| |
filtering out messages for routes with flags matching any bit in a mask.
This allows routing daemons to opt out of receiving messages for L2 and
broadcast route entries, which they currently discard.
ok dlg@ sthen@ deraadt@
|
| |
|
|
|
|
|
|
| |
messages, and save the route flags before deleting the route. For L2
route entries, the RTF_LLINFO flag is cleared during deletion, so saving
the flags beforehand means they're correct in the routing socket message.
ok mpi@
|
| |
|
|
|
|
| |
count them because `if_snd' does this.
ok yasuoka@
|
| |
|
|
|
|
| |
pfsyncstart() does not require the big lock, make it use the ifq API.
OK mvs
|
| |
|
|
|
|
|
| |
packets output out of KERNEL_LOCK. pppac(4) and pipex(4) are ready to
this.
ok yasuoka@
|
| |
|
|
|
|
|
| |
So set `IFXF_MPSAFE' bit. This allows to discard outgoing packets without
kernel lock.
ok kn@
|
| |
|
|
|
|
| |
information. Make sure to only copy out actually used memory.
ok patrick@
|
| |
|
|
| |
joint work markus@ patrick@ bluhm@
|
| |
|
|
| |
ok mpi@
|
| |
|
|
| |
ok patrick@
|
| |
|
|
| |
done under both the KERNEL_LOCK() and NET_LOCK().
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
related mbufs. Each mbuf(9) passed to these queues stores the pointer to
corresponding pipex(4) session referenced as `m_pkthdr.ph_cookie'. When
session was destroyed its reference can still be in these queues so we
have use after free issue while pipexintr() dereference it.
I removed `pipexinq', `pipexoutq' and pipexintr(). This not only allows
us to avoid issue described above, but also removes unnecessary context
switch in packet processing. Also it makes code simpler.
ok mpi@ yasuoka@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this will be used so a bpf filter can make a decision based on a
random number, which in turn will be used so a filter can perform
random sampling of packets rather than capturing all packets. random
sampling means that we don't have to figure out how to make bpf
coordinate multiple concurrent calls to do counter based sampling.
BPF_RND is currently backed with arc4random.
discussed with many including jmatthew@, alex wilson, claudio@,
sthen@, deraadt@, and tb@
ok kn@ tb@ jmatthew@
i call this extended bpf... xBPF.
|
| |
|
|
|
|
|
| |
Replace this pointer by interface index. This allow us to avoid some use
after free issues caused by ifioctl() races.
ok sashan@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pflog wants to copy and patch the packet that is being logged to
properly show if it is being transformed, and it does this by copying
the ip and transport headers into a local mbuf and patching them
there, and then wiring the remaining data from the original packet
into an mbuf chain hanging off this patched mbuf.
it's just unfortunate that the mbufs it was using are global and
not locked. this is particularly unfortunate if you're running the
stack in parallel on multiple cpus and pflog gets to running
concurrently.
this changes pflog to use an mbuf on the stack to copy the headers
into and patch. the mbuf used to point to the trailing data has
been replaced with an m_hdr, also on the stack, like what bpf_mtap_ether
does to skip past where a vlan shim should be.
ok sashan@ jmatthew@
|
| |
|
|
|
|
| |
as signed. u_int used within pipex(4) for consistency with other code.
ok dlg@ mpi@
|
| |
|
|
|
|
|
|
| |
pointer obtained by ifunit() and it's reference counter is not bumped.
This can cause use after free issue. Replace this pointer by interface
index.
ok dlg@ sashan@
|
| |
|
|
|
|
|
|
|
|
|
| |
It serves no purpose and is deprecated as per netintro(4).
ifconfig(8) output improves as well:
# ifconfig tpmr0 inet6 2001:db8::1
-ifconfig: SIOCAIFADDR: Address family not supported by protocol family
+ifconfig: SIOCAIFADDR: Inappropriate ioctl for device
OK dlg
|
| |
|
|
|
|
| |
value.
ok sashan
|
| |
|
|
| |
ok sashan
|
| |
|
|
| |
ok mpi@
|
| |
|
|
|
|
|
|
|
|
| |
Those are for the gateway sockaddrs which get allocated in rt_setgate()
with the same ROUNDUP(sa_len) approach.
mpi already added a sizes for a few rt_gateway sockaddrs in two commits,
these are the last one in route.c leaving only ifafree() behind.
OK mpi
|
| |
|
|
| |
ok mpi@
|
| |
|
|
| |
ok mpi@
|
| |
|
|
|
|
|
|
|
|
|
| |
Required for ifconfig(8) to print tpmr(4) members in bridge fashion.
When copying out members, merely fill in the interface names and set
IFBIF_SPAN such that ifconfig rightfully assumes no member does STP.
As with switch(4), there are no rules but ifconfig requires an ioctl stub.
Feedback OK dlg
|
| |
|
|
|
|
| |
In accordance to bridge(4) which behaves correctly as per the manual.
OK dlg
|
| |
|
|
| |
ok sashan@
|
| |
|
|
|
|
|
| |
by sticky-address. Also fix the problem that the interface which is
specified by the selected table entry is not used properly.
ok jung sashan
|
| |
|
|
|
|
|
|
|
|
| |
ifconfig(8) commands "lacptimeout 1" and "lacpmode active" error out with
"ifconfig: Invalid option for trunk: tpmr0"; tpmr(4) has no mode or config,
so these ioctls are inappropiate in the first place.
Remove SIOCSTRUNKOPTS, SIOCGTRUNKOPTS stubs and now unused <net/if_trunk.h>.
OK dlg
|
| |
|
|
|
|
|
|
|
|
| |
ifconfig(8) prints "trunk: trunkdev tpmrN" for member interfaces, which is
misleading as tpmr(4) is being completed into a bridge-like interface.
Remove SIOCGTRUNKPORT so tpmr(4) does not report members as trunk devices
(next diff will implement SIOCBRDGIFS).
OK dlg
|
| |
|
|
|
|
|
|
|
| |
ifconfig(8) prints "trunk: trunkproto none" for tpmr(4) which is useless as
there is no configurable protocol in the first place.
Remove SIOCSTRUNK and SIOCGTRUNK which were just simple stubs anyway.
OK dlg
|
| |
|
|
| |
ok yasuoka@
|
| |
|
|
| |
no functional change.
|
kn
tb
mvs
tobhe
yasuoka
jmatthew
bluhm
dlg