summaryrefslogtreecommitdiffstats
path: root/sys/netinet/raw_ip.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Avoid an mbuf double free in the oob soreceive() path. In thebluhm2019-02-041-8/+8
| | | | | | | | | | usrreq functions move the mbuf m_freem() logic to the release block instead of distributing it over the switch statement. Then the goto release in the initial check, whether the pcb still exists, will not free the mbuf for the PRU_RCVD, PRU_RVCOOB, PRU_SENSE command. OK claudio@ mpi@ visa@ Reported-by: syzbot+8e7997d4036ae523c79c@syzkaller.appspotmail.com
* Botched up an if conditional in the last commit. The IP length needs toclaudio2019-01-081-2/+2
| | | | bigger than the IP header len to be valid. With this I can traceroute again.
* Validate the version, and all length fields of IP packets passed to a raw socketclaudio2019-01-071-16/+82
| | | | | | | | | | with INP_HDRINCL. There is no reason to allow badly constructed packets through our network stack. Especially since they may trigger diagnostic checks further down the stack. Now EINVAL is returned instead which was already used for some checks that happened before. OK florian@ Reported-by: syzbot+0361ed02deed123667cb@syzkaller.appspotmail.com
* In PRU_DISCONNECT don't fall through into PRU_ABORT since the latter freesclaudio2018-12-031-2/+4
| | | | | | | | | | | | the inpcb apart from the disconnect. Just call soisdisconnected() and clear the inp->inp_faddr since the socket is still valid after a disconnect. Problem found by syzkaller via Greg Steuck OK visa@ Fixes: Reported-by: syzbot+2cd350dfe5c96f6469f2@syzkaller.appspotmail.com Reported-by: syzbot+139ac2d7d3d60162334b@syzkaller.appspotmail.com Reported-by: syzbot+02168317bd0156c13b69@syzkaller.appspotmail.com Reported-by: syzbot+de8d2459ecf4cdc576a1@syzkaller.appspotmail.com
* Do not translate the EACCES error from pf(4) to EHOSTUNREACH anymore.bluhm2018-11-101-3/+1
| | | | | | It also translated a documented send(2) EACCES case erroneously. This was too much magic and always prone to errors. from Jan Klemkow; man page jmc@; OK claudio@
* Revert the inpcb table mutex commit. It triggers a witness panicbluhm2018-10-041-4/+1
| | | | | | | in raw IP delivery and UDP broadcast loops. There inpcbtable_mtx is held and sorwakeup() is called within the loop. As sowakeup() grabs the kernel lock, we have a lock ordering problem. found by Hrvoje Popovski; OK deraadt@ mpi@
* As a step towards per inpcb or socket locks, remove the net lockbluhm2018-09-201-1/+4
| | | | | | | | | | | | for netstat -a. Introduce a global mutex that protects the tables and hashes for the internet PCBs. To detect detached PCB, set its inp_socket field to NULL. This has to be protected by a per PCB mutex. The protocol pointer has to be protected by the mutex as netstat uses it. Always take the kernel lock in in_pcbnotifyall() and in6_pcbnotify() before the table mutex to avoid lock ordering problems in the notify functions. OK visa@
* Add reference counting for inet pcb, this will be needed when webluhm2018-09-131-2/+2
| | | | | | start locking the socket. An inp can be referenced by the PCB queue and hashes, by a pf mbuf header, or by a pf state key. OK visa@
* It was possible to leak the control mbuf in raw ip user requestbluhm2018-07-051-2/+4
| | | | | | with sendmsg(2) and MSG_OOB. Sync the code in udp, rip, and rip6_usrreq. Add an inp NULL check in rip6_usrreq for consistency. OK benno@ mpi@
* Prevent a mbuf double free by not freeing it along the error-path inanton2018-07-041-3/+5
| | | | | | rip{6,}_usrreq() since soreceive() will free it. ok bluhm@
* Push NET_LOCK down in the default ifioctl case.pirofti2018-04-241-3/+3
| | | | | | | For the PRU_CONTROL bit the NET_LOCK surrounds in[6]_control() and on the ENOTSUPP case we guard the driver if_ioctl functions. OK mpi@
* Make divert lookup similar for all socket types. If PF_TAG_DIVERTEDbluhm2017-12-041-16/+22
| | | | | | | | is set, pf_find_divert() cannot fail so put an assert there. Explicitly check all possible divert types, panic in the default case. For raw sockets call pf_find_divert() before of the socket loop. Divert reply should not match on TCP or UDP listen sockets. OK sashan@ visa@
* The divert structure was using the port number to indicate thatbluhm2017-11-281-2/+2
| | | | | | | | | | divert-to or divert-reply was active. If the address was also set, it meant divert-to. Divert packet used a separate structure. This is confusing and makes it hard to add new features. It is better to have a divert type that explicitly says what is configured. Adapt the pf rule struct in kernel and pfctl, no functional change. Note that kernel and pfctl have to be updated together. OK sashan@
* Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare runningmpi2017-11-201-4/+6
| | | | | | pr_input handlers without KERNEL_LOCK(). ok visa@
* Move PRU_DETACH out of pr_usrreq into per proto pr_detachflorian2017-11-021-4/+21
| | | | | | functions to pave way for more fine grained locking. Suggested by, comments & OK mpi
* Kill the divert-packet socket option IP_DIVERTFL to filter packets.bluhm2017-10-061-33/+2
| | | | | | | | It used a loop over the global list divbtable that would be hard to make MP safe. The port net/dnsfilter does not work without this, it should be converted to divert-to. Neither other ports nor base use this filter feature. ports checked by sthen@; OK mpi@ benno@
* Replace NET_ASSERT_LOCKED() by soassertlocked() in *_usrreq().mpi2017-09-051-2/+2
| | | | | | Not all of them need the NET_LOCK(). ok bluhm@
* Change sosetopt() to no longer free the mbuf it receives and changempi2017-09-011-10/+2
| | | | | | all the callers to call m_freem(9). Support from deraadt@ and tedu@, ok visa@, bluhm@
* Validate sockaddr from userland in central functions. This resultsbluhm2017-08-111-19/+10
| | | | | | | in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
* Assert that the corresponding socket is locked when manipulating socketmpi2017-06-261-4/+5
| | | | | | | | | | | | | | | | buffers. This is one step towards unlocking TCP input path. Note that all the functions asserting for the socket lock are not necessarilly MP-safe. All the fields of 'struct socket' aren't protected. Introduce a new kernel-only kqueue hint, NOTE_SUBMIT, to be able to tell when a filter needs to lock the underlying data structures. Logic and name taken from NetBSD. Tested by Hrvoje Popovski. ok claudio@, bluhm@, mikeb@
* The raw ip input functions are called from several places. Use thebluhm2017-04-171-1/+3
| | | | | | address family passed down with pr_input to check that the correct one is used. OK florian@
* Pass down the address family through the pr_input calls. Thisbluhm2017-04-141-2/+2
| | | | | allows to simplify code used for both IPv4 and IPv6. OK mikeb@ deraadt@
* Move PRU_ATTACH out of the pr_usrreq functions into pr_attach.claudio2017-03-131-21/+24
| | | | | | | Attach is quite a different thing to the other PRU functions and this should make locking a bit simpler. This also removes the ugly hack on how proto was passed to the attach function. OK bluhm@ and mpi@ on a previous version
* Convert the variable argument list of the pr_output functions tobluhm2017-03-031-15/+12
| | | | | fixed parameters. OK mpi@ claudio@ dhill@
* In sogetopt, preallocate an mbuf to avoid using sleeping mallocs withdhill2017-02-011-19/+17
| | | | | | | | the netlock held. This also changes the prototypes of the *ctloutput functions to take an mbuf instead of an mbuf pointer. help, guidance from bluhm@ and mpi@ ok bluhm@
* Change the IPv4 pr_input function to the way IPv6 is implemented,bluhm2017-01-291-3/+5
| | | | | | | to get rid of struct ip6protosw and some wrapper functions. It is more consistent to have less different structures. The divert_input functions cannot be called anyway, so remove them. OK visa@ mpi@
* Since raw_input() and route_input() are gone from pr_input, we canbluhm2017-01-251-2/+2
| | | | | | make the variable parameters of the protocol input functions fixed. Also add the proto to make it similar to IPv6. OK mpi@ guenther@ millert@
* The function raw_input() has not been called since netiso has beenbluhm2017-01-231-6/+1
| | | | | | | | | removed in 2004. The comment about raw_input() above rip_input() was added in 1981, but it is wrong since 1992. After that it has been copied to rip6_input(). (*pr_input)() is never called with the parameters (mbuf, sockproto, sockaddr, sockaddr). So retire raw_input(). OK guenther@ deraadt@
* Remove NULL checks before m_free(9), it deals with it.mpi2017-01-101-3/+2
| | | | ok bluhm@, kettenis@
* Extend the multicast sockets and multicast hash table support to multiplerzalamena2016-12-191-3/+3
| | | | | | | domains. This is one step towards supporting to run more than one multicast socket in different domains at the same time. ok mpi@
* Introduce the NET_LOCK() a rwlock used to serialize accesses to the partsmpi2016-12-191-2/+2
| | | | | | | | | | | of the network stack that are not yet ready to be executed in parallel or where new sleeping points are not possible. This first pass replace all the entry points leading to ip_output(). This is done to not introduce new sleeping points when trying to acquire ART's write lock, needed when a new L2 entry is created via the RT_RESOLVE. Inputs from and ok bluhm@, ok dlg@
* Enforce that pr_usrreq functions are called at IPL_SOFTNET.mpi2016-11-211-5/+3
| | | | | | | This will allow us to keep locking simple as soon as we trade splsoftnet() for a rwlock. ok bluhm@, claudio@
* turn ipstat into a set of percpu counters.dlg2016-11-141-4/+9
| | | | | | | | | | | | each counter is identified by an enum value which correspond to the original members of the ipstat struct. ipstat_inc(ips_foo) replaces ipstat.ips_foo++ for the actual updates. ipstat_inc is a thin wrapper around counters_inc. counters are still returned to userland via the ipstat struct for now. ok mpi@ mikeb@
* Sync no-argument function declaration and definition by adding (void).naddy2016-03-071-2/+2
| | | | ok mpi@ millert@
* Remove broadcast matching from ifa_ifwithaddr(), use in_broadcast() wherevgross2015-12-031-1/+2
| | | | | | required. ok bluhm@ mpi@.
* Implement pf divert-reply for raw sockets. Note that an emptybluhm2015-07-281-1/+4
| | | | | | | | | divert->addr means that the rule has a divert-reply option. With divert-to the divert->addr is always set. The divert-reply rules should compare the original packet with the socket addresses. So skip the step that compares the inp->inp_laddr with the empty divert->addr. OK mikeb@
* use mp for the name of a variable of type struct mbuf **, rather than mderaadt2015-07-151-20/+20
|
* m_freem() can handle NULL, do not check for this condition beforehands.deraadt2015-07-151-10/+7
| | | | ok stsp mpi
* Get rid of the undocumented & temporary* m_copy() macro added formpi2015-06-301-2/+2
| | | | | | | | compatibility with 4.3BSD in September 1989. *Pick your own definition for "temporary". ok bluhm@, claudio@, dlg@
* Replace a bunch of == 0 with == NULL in pointer tests. Nuke somekrw2015-06-071-8/+8
| | | | | | | annoying trailing, leading and embedded whitespace. No change to .o files. ok deraadt@
* Userland (base & ports) was adapted to always include <netinet/in.h>deraadt2015-01-241-2/+3
| | | | | | before <net/pfvar.h> or <net/if_pflog.h>. The kernel files can be cleaned up next. Some sockaddr_union steps make it into here as well. ok naddy
* Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.mpi2014-12-051-1/+2
| | | | ok mikeb@, krw@, bluhm@, tedu@
* To implement transparent relays for connectionless protocols, thebluhm2014-11-091-1/+7
| | | | | | | | | | pf the state has to vanish immediately when the relay closes the socket. To make this work reliably, the linkage between state and socket must be established with the first packet. This packet could be incomming or outgoing. Link the pf state in the socket layer earlier. This makes all tests in /usr/src/regress/sys/net/pf_divert pass. OK henning@
* Don't check for an empty list of interfaces. This is never true even ifmpi2014-10-141-6/+2
| | | | | | | you don't have a physical interface on your machine, so why rawip should be more clever^Wparanoid than the others? ok henning@, mikeb@
* Kill MRT_{ADD,DEL}_BW_UPCALL interfaces and the bandwidth monitoringmpi2014-08-141-3/+1
| | | | | | code that comes with them. ok mikeb@, henning@
* Fewer <netinet/in_systm.h> !mpi2014-07-221-2/+1
|
* Simply use ifa_ifwithaddr() to check if the binding address is on thempi2014-06-021-4/+4
| | | | | | | system. This function checks for unicast and broadcast addresses, so there is no need to do two lookups instead of one. Inputs & ok jca@, ok mikeb@
* ip_output() using varargs always struck me as bizarre, esp since it's onlyhenning2014-04-211-2/+2
| | | | | | ever used to pass on uint32 (for ipsec). stop that madness and just pass the uint32, 0 in all cases but the two that pass the ipsec flowinfo. ok deraadt reyk guenther
* "struct pkthdr" holds a routing table ID, not a routing domain one.mpi2014-04-141-4/+4
| | | | | | | | | | | | | | Avoid the confusion by using an appropriate name for the variable. Note that since routing domain IDs are a subset of the set of routing table IDs, the following idiom is correct: rtableid = rdomain But to get the routing domain ID corresponding to a given routing table ID, you must call rtable_l2(9). claudio@ likes it, ok mikeb@
* Retire kernel support for SO_DONTROUTE, this time without breakingmpi2014-04-071-2/+2
| | | | | | | | | | | localhost connections. The plan is to always use the routing table for addresses and routes resolutions, so there is no future for an option that wants to bypass it. This option has never been implemented for IPv6 anyway, so let's just remove the IPv4 bits that you weren't aware of. Tested a least by lteo@, guenther@ and chrisz@, ok mikeb@, benno@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.