summaryrefslogtreecommitdiffstats
path: root/sys/netinet6/in6.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* The IPv6 source address selection rewrite had one (known) differenceflorian2020-08-071-2/+33
| | | | | | | | | | | | | | | | | | | | to the previous behavior: In case of a tie the new implementation would keep the current best address while the old implementation replaced the best address. Since IPv6 addresses are stored in a TAILQ this meant that the rewrite would use the "oldest" address while the previous behavior was to use the "newest". RFC 6724 section 5 has no opinion which one is better and leaves the tie break up to implementers. naddy found out the hard way that this breaks his IPv6 connectivity in case of flash renumbering events when the link on his cpe flaps and a new prefix is used since we would always pick an old address. While we could pick the newest address in a tie break this feels too much like an implementation detail, a solution much more in the spirit of IPv6 is to pick the address with the highest preferred lifetime (or valid lifetime in case of another tie). very patient testing naddy@
* Validate input given to ioctl(SIOCAIFADDR_IN6) like NetBSD already does.anton2020-08-041-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | Fixes a bunch of panics reported by syzkaller. ok florian@ Reported-by: syzbot+02f2e07964a89ab65ea4@syzkaller.appspotmail.com Reported-by: syzbot+c26b058a499ce38f689f@syzkaller.appspotmail.com Reported-by: syzbot+62af76d8cb7c09ac017c@syzkaller.appspotmail.com Reported-by: syzbot+d70144b3ae2ec068e318@syzkaller.appspotmail.com Reported-by: syzbot+3c87ca9873bfd0492f5c@syzkaller.appspotmail.com Reported-by: syzbot+323549177062adb80f84@syzkaller.appspotmail.com Reported-by: syzbot+e745c1c29d960337ce14@syzkaller.appspotmail.com Reported-by: syzbot+91da988a445013baf925@syzkaller.appspotmail.com Reported-by: syzbot+747cbcbbed6318542061@syzkaller.appspotmail.com Reported-by: syzbot+ca5efa23e00130bc8000@syzkaller.appspotmail.com Reported-by: syzbot+731ab8c9a0342ace4189@syzkaller.appspotmail.com Reported-by: syzbot+6c80b815a0ff8f09be69@syzkaller.appspotmail.com Reported-by: syzbot+7939d2c4bc9a5dfa707a@syzkaller.appspotmail.com Reported-by: syzbot+e893fb0259640a314d06@syzkaller.appspotmail.com Reported-by: syzbot+b6a3447070ae8ffcb125@syzkaller.appspotmail.com Reported-by: syzbot+23c0824b688f28c79c1b@syzkaller.appspotmail.com Reported-by: syzbot+6cc72412d8ddcf87f8a1@syzkaller.appspotmail.com
* Rewrite IPv6 source address selection in terms of the 8 rules given inflorian2020-07-281-153/+52
| | | | | | | RFC 6724 section 5. This simplifies the code considerably while extensive testing shows no change in behaviour. It is time to volunteer some more testers. OK denis@ some time ago.
* Rename IN6_IFF_PRIVACY to IN6_IFF_TEMPORARY.florian2020-07-031-7/+7
| | | | | | | | This is the name the other BSDs use for this, there is no reason to be different, the IPv6 RFCs call these addresses temporary, and some software in ports wants to use this as well. Most recently pointed out for firefox by landry. OK claudio, sthen
* Fix two places where carp backup state is misspelled in comments.benno2020-06-301-4/+4
| | | | ok claudio@
* kernel: use gettime(9)/getuptime(9) in lieu of time_second(9)/time_uptime(9)cheloha2020-06-241-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | time_second(9) and time_uptime(9) are widely used in the kernel to quickly get the system UTC or system uptime as a time_t. However, time_t is 64-bit everywhere, so it is not generally safe to use them on 32-bit platforms: you have a split-read problem if your hardware cannot perform atomic 64-bit reads. This patch replaces time_second(9) with gettime(9), a safer successor interface, throughout the kernel. Similarly, time_uptime(9) is replaced with getuptime(9). There is a performance cost on 32-bit platforms in exchange for eliminating the split-read problem: instead of two register reads you now have a lockless read loop to pull the values from the timehands. This is really not *too* bad in the grand scheme of things, but compared to what we were doing before it is several times slower. There is no performance cost on 64-bit (__LP64__) platforms. With input from visa@, dlg@, and tedu@. Several bugs squashed by visa@. ok kettenis@
* Document the various flavors of NET_LOCK() and rename the reader version.mpi2020-05-271-3/+3
| | | | | | | | | | Since our last concurrency mistake only ioctl(2) ans sysctl(2) code path take the reader lock. This is mostly for documentation purpose as long as the softnet thread is converted back to use a read lock. dlg@ said that comments should be good enough. ok sashan@
* Guard SIOCDELMULTI if_ioctl calls with KERNEL_LOCK() where the call isvisa2020-03-151-1/+3
| | | | | | | | | | made from socket close path. Most device drivers are not MP-safe yet, and the closing of AF_INET and AF_INET6 sockets is no longer under the kernel lock. This fixes a panic seen by jcs@. OK mpi@
* Accept inet6 address with missing sa_len for the get ioctl(2).bluhm2019-11-181-1/+2
| | | | | dhcpcd from ports uses SIOCGIFAFLAG_IN6 without setting sin6_len. OK deraadt@ millert@
* Kernel is missing propper input validation when configuring IPv6bluhm2019-11-111-33/+42
| | | | | | | | addresses. Implement in6_sa2sin6() to validate inet6 address family and address length. The SIOCGIFDSTADDR_IN6, SIOCGIFNETMASK_IN6, SIOCGIFAFLAG_IN6, SIOCGIFALIFETIME_IN6, and SIOCDIFADDR_IN6 ioctl(2) are safe now. OK visa@
* convert interface address change hooks to tasks and a task_list.dlg2019-11-081-5/+5
| | | | | | | | | | | | | | | this follows what's been done for detach and link state hooks, and makes handling of hooks generally more robust. address hooks are a bit different to detach/link state hooks in that there's only a few things that register hooks (carp, pf, vxlan), but a lot of places to run the hooks (lots of ipv4 and ipv6 address configuration). an address hook cookie was in struct pfi_kif, which is part of the pf abi. rather than break pfctl -sI, this maintains the void * used for the cookie and uses it to store a task, which is then used as intended with the new api.
* Fix white spaces and use __func__ in printf().bluhm2019-10-221-26/+26
|
* change rt_ifa_add and rt_ifa_del so they take an rdomain argument.dlg2019-02-131-6/+9
| | | | | | | | | | | | this allows mpls interfaces (mpe, mpw) to pass the rdomain they wish the local label to be in, rather than have it implicitly forced to 0 by these functions. right now they'll pass 0, but it will soon be possible to have them rx packets in other rdomains. previously the functions used ifp->if_rdomain for the rdomain. everything other than mpls still passes ifp->if_rdomain. ok mpi@
* remove the implict RTF_MPATH flag that rt_ifa_add() sets on new routes.dlg2019-02-101-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | MPLS interfaces (ab)use rt_ifa_add for adding the local MPLS label that they listen on for incoming packets, while every other use of rt_ifa_add is for adding addresses on local interfaces. MPLS does this cos the addresses involved are in basically the same shape as ones used for setting up local addresses. It is appropriate for interfaces to want RTF_MPATH on local addresses, but in the MPLS case it means you can have multiple local things listening on the same label, which doesn't actually work. mpe in particular keeps track of in use labels to it can handle collisions, however, mpw does not. It is currently possible to have multiple mpw interfaces on the same local label, and sharing the same label as mpe or possible normal forwarding labels. Moving the RTF_MPATH flag out of rt_ifa_add means all the callers that still want it need to pass it themselves. The mpe and mpw callers are left alone without the flag, and will now get EEXIST from rt_ifa_add when a label is already in use. ok (and a huge amount of patience and help) mpi@ claudio@ is ok with the idea, but saw a much much earlier solution to the problem
* Do not join node information multicast group (RFC 4620).florian2018-10-051-14/+1
| | | | | | | | Benno removed code to answer ICMP queries over 4 years ago. Aham Brahmasmi (aham.brahmasmi AT gmx.com) points out that we still joined the group though. OK sthen, bluhm, kn
* Make the code a bit easier on the eye by factoring repeated embeddedtb2018-05-121-53/+44
| | | | | | scope check and clearing of the scope id into separate functions. input & ok visa, mpi
* Nuke unused ia6_createtime struct member.florian2018-05-061-2/+2
| | | | OK tb
* Continue refactoring and cleanup of in6_ioctl().tb2018-05-061-32/+40
| | | | | | | | | Hoist privilege check to the top and split out handling of SIOCAIFADDR_IN6 and SIOCDIFADDR_IN6 into a separate function. Merge tangled switches and simplify the code paths. tested by hrvoje ok visa
* Split handling of SIOCGIF*_IN6 into a separate function in6_ioctl_get()tb2018-05-041-107/+142
| | | | | | | that only needs a read lock. Tested by hrvoje ok visa
* Push the NET_LOCK() down in in6_control() similar to what was donetb2018-05-021-26/+42
| | | | | | | | | for in_control(). Protect mrt6_ioctl() and nd6_ioctl() with a read lock and in6_ioctl with the NET_LOCK() while establishing a single exit point. tested by kn ok florian, mpi, visa
* Make the ramdisks compile again, we don't have MROUTING on them.florian2018-04-241-7/+7
| | | | Found the hard way.
* Push NET_LOCK down in the default ifioctl case.pirofti2018-04-241-3/+10
| | | | | | | For the PRU_CONTROL bit the NET_LOCK surrounds in[6]_control() and on the ENOTSUPP case we guard the driver if_ioctl functions. OK mpi@
* Run duplicate address detection again if an existing address getsflorian2018-04-241-5/+8
| | | | | | | | updated from userland that was marked duplicated or tentative. Otherwise we would just lose the duplicated / tentative state and assume that the address is now unique and usable. OK kn
* Replace non mp-safe carp_iamatch6() with mp-safe carp_iamatch().mpi2017-11-231-2/+2
| | | | | | | They have the same functionnality since friehm@ cleaned up balancing code. ok florian@, visa@, patrick@, bluhm@, jmatthew@
* Stop calling ifp->if_ioctl() inside in{,6}_ioctl().mpi2017-11-041-7/+6
| | | | | | | | | Instead return EOPNOTSUPP and call it from ifioctl(). This will help getting per-driver ioctl routines outside of need the NET_LOCK(). While here always return ENXIO when ``ifp'' is NULL. ok visa@, florian@
* Over 17 years is probably 'a while...'florian2017-11-021-4/+1
| | | | | Also it does not change behaviour. OK jca
* Kill deprecated IPv6 ioctl(2)s.mpi2017-10-261-25/+1
| | | | ok florian@, sthen@, jsg@
* Remove some more tests checking for a non-NULL `ifp->if_ioctl'.mpi2017-10-241-2/+1
| | | | if_attach() enforces it is properly defined.
* Remove support for never used ioctls originating from KAME.mpi2017-10-241-248/+2
| | | | ok florian@, claudio@, bluhm@
* Do not test if if_ioctl is NULL, it isn't.mpi2017-10-201-8/+1
| | | | ok florian@, claudio@, visa@, bluhm@
* Remove kernel support for the following ioctl(2)s, deprecated since 2001:mpi2017-10-161-4/+1
| | | | | | | | | | | - SIOCSIFPHYADDR - SIOCSIFPHYADDR_IN6 - SIOCGIFPSRCADDR - SIOCGIFPSRCADDR_IN6 - SIOCGIFPDSTADDR - SIOCGIFPDSTADDR_IN6 ok bluhm@
* After we stopped processing router advertisements in the kernelflorian2017-08-151-27/+1
| | | | | | | | sppp_update_ip6_addr() became the last user of n6_are_prefix_equal(). Since it compares /128 prefixes it doesn't need all the bells and whistles and can be converted to a memcmp. Remove the now unused n6_are_prefix_equal(). OK bluhm, mpi
* Validate sockaddr from userland in central functions. This resultsbluhm2017-08-111-1/+19
| | | | | | | in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
* Stop running nd6_expire every second.florian2017-08-081-1/+3
| | | | | We know when pltime or vltime decrease to zero. Run nd6_expire then. Input & OK mpi, bluhm
* in6_leavegroup can't fail; OK phesslerflorian2017-08-061-3/+2
|
* Purging is at last at hand. Day of Doom is here. All that is evilflorian2017-07-111-13/+5
| | | | | | | | | shall all be cleansed. Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days. Input & OK bluhm@, mpi@
* Allow passing in IN6_IFF_AUTOCONF from userland. Needed by slaacd(8)florian2017-05-291-3/+2
| | | | OK naddy
* Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().mpi2017-05-161-6/+6
| | | | ok visa@
* Added initial IPv6 multicast routing support for multiple rdomains:rzalamena2017-05-081-2/+2
| | | | | | | | * don't share mifs (multicast interface) between rdomains * allow multiple routing sockets connected at the same time if they are in different rdomains. ok bluhm@
* Introduce sstosa() for converting sockaddr_storage with a type safebluhm2017-05-041-7/+6
| | | | | | | inline function instead of casting it to sockaddr. While there, use inline instead of __inline for all these conversions. Some struct sockaddr casts can be avoided completely. OK dhill@ mpi@
* We need to update the ia6_updatetime when changing the vltime/pltimeflorian2017-04-171-1/+2
| | | | | | | | vio ioctl(2). Otherwise ifconfig shows the wrong times since vltime/pltime are calculated from this value on export. The handling of router advertisements does the right thing. OK bluhm
* Userland expects pltime to be a time stamp not number of seconds.florian2017-03-161-3/+8
| | | | | | pltime conversion was missing from rev 1.193 which did the vltime conversion only. OK mpi
* Kill global list of IPv6 addresses.mpi2017-03-061-4/+1
| | | | ok bluhm@
* Revert "Release the NET_LOCK() before entering per-driver ioctl() routine".mpi2017-02-161-4/+1
| | | | | | | | | | | | | | | This is most likely to be the cause of the deadlock seen by port builders since it's the only changed that happened after a2k17. Instead bring back pirofti@ original hack to release the NET_LOCK() inside iwm(4) and iwn(4). This fixes some splassert reported by bluhm@ Deadlock reported by naddy@ and rpe@ and ajacoutot@ confirmed the deadlock has been introduced post a2k17. Tested by and ok tb@
* Release the NET_LOCK() before entering per-driver ioctl() routine.mpi2017-02-071-3/+8
| | | | | | | | | This prevents a deadlock with the X server and some wireless drivers. The real fix is to take unix domain socket code out of the NET_LOCK(). Issue reported by pirofti@ and ajacoutot@ ok tb@, stsp@, pirofti@
* Use percpu counters for ip6statjca2017-02-051-7/+7
| | | | | | | | | Try to follow the existing examples. Some notes: - don't implement counters_dec() yet, which could be used in two similar chunks of code. Let's see if there are more users first. - stop incrementing IPv6-specific mbuf stats, IPv4 has no equivalent. Input from mpi@, ok bluhm@ mpi@
* Remove recursive splsoftnet() from the ioctl(2) path.mpi2016-12-211-18/+6
| | | | ok bluhm@
* Explicitly initialize rti_ifa when automagically adding a route.mpi2016-11-281-4/+4
| | | | | | This will allow to strengthen checks when userland adds a route. ok phessler@, bluhm@
* Correct the flag checks inside rt_ifa_addlocal(9) and rt_ifa_dellocal(9).mpi2016-10-041-2/+2
| | | | | | | | | | | | | There's no need to insert an RTF_LOCAL route if it is already there, not if a route with the same destination exist. This fixes a KASSERT() triggered by adding an alias for an address already present in the ARP cache as reported by weerd@ and Peter J. Philipp. This should also fix a KASSERT() triggered by a NDP change reported by Sebastien Marie. ok bluhm@
* Convert some of the remaining usages of time_second to time_uptime.mpi2016-10-031-6/+11
| | | | | | | | | | | | | | | | time_second is unix time so it can be affected by clock changes. time_uptime is monotonic so it isnt affected by clock changes. that in turn means route expiries wont jump with clock changes if set against time_uptime. the expiry is translated into unix time for export to userland though. Should fix mismatch between route timers that were already converted and ND default routers that were still using time_second. Tested by matthieu@ and sthen@ ok sthen@, dlg@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.