| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
The best-guessed limits will be tested by trial.
|
| |
|
|
|
|
|
| |
Range violations are now consistently reported as EOPNOTSUPP.
Previously they were mixed with ENOPROTOOPT.
OK kn@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
time_second(9) and time_uptime(9) are widely used in the kernel to
quickly get the system UTC or system uptime as a time_t. However,
time_t is 64-bit everywhere, so it is not generally safe to use them
on 32-bit platforms: you have a split-read problem if your hardware
cannot perform atomic 64-bit reads.
This patch replaces time_second(9) with gettime(9), a safer successor
interface, throughout the kernel. Similarly, time_uptime(9) is replaced
with getuptime(9).
There is a performance cost on 32-bit platforms in exchange for
eliminating the split-read problem: instead of two register reads you
now have a lockless read loop to pull the values from the timehands.
This is really not *too* bad in the grand scheme of things, but
compared to what we were doing before it is several times slower.
There is no performance cost on 64-bit (__LP64__) platforms.
With input from visa@, dlg@, and tedu@.
Several bugs squashed by visa@.
ok kettenis@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
encryption or decryption. This allows us to keep plaintext and encrypted
network traffic seperated and reduces the attack surface for network
sidechannel attacks.
The only way to reach the inner rdomain from outside is by successful
decryption and integrity verification through the responsible Security
Association (SA).
The only way for internal traffic to get out is getting encrypted and
moved through the outgoing SA.
Multiple plaintext rdomains can share the same encrypted rdomain while
the unencrypted packets are still kept seperate.
The encrypted and unencrypted rdomains can have different default routes.
The rdomains can be configured with the new SADB_X_EXT_RDOMAIN pfkey
extension. Each SA (tdb) gets a new attribute 'tdb_rdomain_post'.
If this differs from 'tdb_rdomain' then the packet is moved to
'tdb_rdomain_post' afer IPsec processing.
Flows and outgoing IPsec SAs are installed in the plaintext rdomain,
incoming IPsec SAs are installed in the encrypted rdomain.
IPCOMP SAs are always installed in the plaintext rdomain.
They can be viewed with 'route -T X exec ipsecctl -sa' where X is the
rdomain ID.
As the kernel does not create encX devices automatically when creating
rdomains they have to be added by hand with ifconfig for IPsec to work
in non-default rdomains.
discussed with chris@ and kn@
ok markus@, patrick@
|
| |
|
|
|
|
|
|
| |
it was previously (ab)used by pflog, which has since been fixed.
apart from that nothing else used it, so we can trim the cruft.
ok kn@ claudio@ visa@
visa@ also made sure i fixed ipw(4) so i386 won't break.
|
| |
|
|
|
| |
rdomain now and are therefor rdomain save.
OK mpi@
|
| |
|
|
|
|
|
|
|
|
| |
ipsec_{input,output}_cb() so that in the case of sending or receiving a bogus
mbuf (NULL) we don't end up trying to dereference the TDB, while being an
uninitialized pointer, to increase the drops.
Coverity IDs 1473312, 1473313 and 1473317.
OK mpi@ visa@
|
| |
|
|
|
|
| |
userland.
Inputs from markus@, ok sthen@
|
| |
|
|
| |
ok markus@
|
| |
|
|
|
|
|
|
|
|
| |
callbacks to be able to count dropped packet.
Having more generic statistics will help troubleshooting problems
with specific tunnels. Per-TDB counters are coming once all the
refactoring bits are in.
ok markus@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
switches for protocol and address family. Move this code to the
specific functions from where the common function is called.
As a consequence the raw ip input functions can never be called
from udp_input() anymore. If IPsec is disabled, the functions
ah6_input(), esp6_input(), and ipcomp6_input() do not start processing
the header chain. The raw ip input functions are called with the
mbuf and offset pointers from the protocol walking loop which is
the usual behavior.
OK mpi@ markus@
|
| |
|
|
| |
from markus@; OK mpi@
|
| |
|
|
|
|
| |
pr_input handlers without KERNEL_LOCK().
ok visa@
|
| |
|
|
| |
ok bluhm@, visa@
|
| |
|
|
| |
OK bluhm@, mpi@
|
| |
|
|
| |
ok kettenis@, dhill@, visa@, jca@
|
| |
|
|
|
|
| |
Exposes per-CPU counters to real parrallelism.
ok visa@, bluhm@, jca@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the inner IP packet into the internet queue. The IPv6 local delivery
code has a loop to deal with header chains. The idea is to use
this loop and avoid the queueing and rescheduling. The IPsec packet
will be processed in a single flow.
Merge the IP deliver loop from both IP versions into a single
ip_deliver() function that can handle both addresss families. This
allows to process an IP in IP header like a normal extension header.
If af != AF_UNSPEC, we are already in a deliver loop and have the
kernel look. Then we can just return the next protocol. Otherwise
we enqueue. The dequeue thread has the kernel lock and starts an
IP delivery loop.
OK mpi@
|
| |
|
|
|
|
|
| |
bugs could easily result in use-after-free or double free. Introduce
m_freemp() which automatically resets the pointer before freeing
it. So we have less dangling pointers in the kernel.
OK krw@ mpi@ claudio@
|
| |
|
|
|
|
|
| |
as the pr_input functions. Add an assert that IPv4 delivery ends
in IP proto done to assure that IPv4 protocol functions work like
IPv6.
OK mpi@
|
| |
|
|
|
| |
and give them better names.
input and OK mikeb@
|
| |
|
|
| |
ok visa@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
they have been decrypted. That means that all the IP header fields
were checked twice. Also fragment reassembly was tried twice.
At pf incoming packets in tunnel mode appeared twice on the enc0
interface, once as IP-in-IP and once as the inner packet. In the
outgoing path pf only sees the inner packet. Asymmetry is bad for
stateful filtering.
IPv6 shows that IPsec works without that. After decrypting immediately
continue with local delivery. In tunnel mode the IP-in-IP protocol
functions pass the inner header to ip6_input(). In transport mode
only pf_test() has to be called for the enc0 device.
Introduce ip_local() to avoid needless processing and cleaner pf
behavior in IPv4 IPsec.
OK mikeb@
|
| |
|
|
|
|
|
| |
early if the IPsec security protocol is unknown. ipsec_common_input()
and ipsec_common_input_cb() can only be called with the IP protocols
ESP, AH, or IPComp. Everything else is a programming mistake.
OK claudio@
|
| |
|
|
|
|
|
|
| |
decrypted packets in the input path were not checked with pf. So
with stateful filtering on enc0, direction aware protocols like
ping or TCP did not pass. Add an explicit pf_test() in
ipsec_common_input_cb() for IPv6 transport mode to fix this.
OK mikeb@
|
| |
|
|
|
| |
kernel. It was only used in IPsec sources. No binary change
OK deraadt@
|
| |
|
|
|
| |
allows to simplify code used for both IPv4 and IPv6.
OK mikeb@ deraadt@
|
| |
|
|
|
|
|
| |
properly aligned and sockaddr_union fields, or with memcpy when
the memory doesn't overlap.
OK bluhm@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
forwarding path.
Rename ip6_ours() in ip6_local() as this function dispatches packets
to the upper layer.
Introduce ip6_ours() and get rid of 'goto hbhcheck'. This function
will be later used to enqueue local packets.
As a bonus this reduces differences with IPv4.
Inputs and ok bluhm@
|
| |
|
|
|
|
| |
it in ipsec_common_input_cb() instead. The code that was copied
to ah6_input_cb() is now in ip6_ours() so we can call it directly.
OK mpi@
|
| |
|
|
|
|
| |
asynchronous callbacks. Make the IPsec functions void, there is
already a counter in the error path.
OK mpi@
|
| |
|
|
|
|
|
|
|
| |
Try to follow the existing examples. Some notes:
- don't implement counters_dec() yet, which could be used in two
similar chunks of code. Let's see if there are more users first.
- stop incrementing IPv6-specific mbuf stats, IPv4 has no equivalent.
Input from mpi@, ok bluhm@ mpi@
|
| |
|
|
|
|
|
| |
to get rid of struct ip6protosw and some wrapper functions. It is
more consistent to have less different structures. The divert_input
functions cannot be called anyway, so remove them.
OK visa@ mpi@
|
| |
|
|
|
|
| |
IPv4 pr_ctlinput functions did return a void pointer that was always
NULL and never used. Make all functions void like in the IPv6 case.
OK mpi@
|
| |
|
|
|
|
| |
make the variable parameters of the protocol input functions fixed.
Also add the proto to make it similar to IPv6.
OK mpi@ guenther@ millert@
|
| |
|
|
| |
ok benno@
|
| |
|
|
| |
Tested by Hrvoje Popovski, ok visa@
|
| |
|
|
|
|
| |
the relevant counters.
Ok mikeb@
|
| |
|
|
|
| |
the 3rd argument of in6_recoverscope() and make it return void.
OK dlg@ mikeb@
|
| |
|
|
|
|
|
|
| |
We do not export those per-ifp statistics and they will soon all die.
"We're putting inet6 on a diet" claudio@
ok dlg@, mikeb@, claudio@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
receiving interface in the packet header of every mbuf.
The interface pointer should now be retrieved when necessary with
if_get(). If a NULL pointer is returned by if_get(), the interface
has probably been destroy/removed and the mbuf should be freed.
Such mechanism will simplify garbage collection of mbufs and limit
problems with dangling ifp pointers.
Tested by jmatthew@ and krw@, discussed with many.
ok mikeb@, bluhm@, dlg@
|
| | |
|
| |
|
|
| |
ok krw@ miod@
|
| |
|
|
| |
No objection from reyk@, OK markus, hshoexer
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
with niqueues.
this change is so big because there's a lot of code that takes
pointers to different input queues (eg, ether_input picks between
ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through
to code to enqueue packets against the pointer. if i changed only
one of the input queues id have to add sepearate code paths, one
for ifqueues and one for niqueues in each of these places
by flipping all these input queues at once i can keep the currently
common code common.
testing by mpi@ sthen@ and rafael zalamena
ok mpi@ sthen@ claudio@ henning@
|
| |
|
|
| |
ok markus, hshoexer
|
| |
|
|
|
|
| |
before <net/pfvar.h> or <net/if_pflog.h>. The kernel files can be
cleaned up next. Some sockaddr_union steps make it into here as well.
ok naddy
|
| |
|
|
|
| |
long live the one true internet.
ok henning mikeb
|
| |
|
|
| |
ok mikeb@, krw@, bluhm@, tedu@
|
gnezdo
cheloha
tobhe
dlg
claudio
mestre
mpi
bluhm
visa
dhill
jca
vgross
mikeb
jsg
deraadt
tedu