| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
This also makes the IPv4 and IPv6 code more similar.
OK phessler@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
the inpcb apart from the disconnect. Just call soisdisconnected() and
clear the inp->inp_faddr since the socket is still valid after a disconnect.
Problem found by syzkaller via Greg Steuck
OK visa@
Fixes:
Reported-by: syzbot+2cd350dfe5c96f6469f2@syzkaller.appspotmail.com
Reported-by: syzbot+139ac2d7d3d60162334b@syzkaller.appspotmail.com
Reported-by: syzbot+02168317bd0156c13b69@syzkaller.appspotmail.com
Reported-by: syzbot+de8d2459ecf4cdc576a1@syzkaller.appspotmail.com
|
| |
|
|
|
| |
the function is doing the same initialisation as arprequest().
OK bluhm@
|
| |
|
|
|
|
|
|
|
|
| |
- Use m_align() since it handles all cases
- Use same rounding logic in the size check as in m_align() so all data will
filt always.
- consolidate pkthdr initalisation into one place
- use m_prepend() instead of direct pointer manipulation (including the panic
in case an underflow happens).
OK bluhm@
|
| |
|
|
|
| |
It was used by the original patricia tree.
OK mpi@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
previously the gif code would patch the tos field and not recalc
the cksum, which would cause ip input code to drop the packet due
to a cksum failure. the ipip code patched ip_tos and unconditionally
recalculated the cksum, making it correct, but also wiping out any
errors that may have been present before the recalculation. updating
the cksum rather than replacing it lets cksum failures still fire.
ip_tos_patch() is provided in the ecn code since it's because of ecn
propagation that we need to update the tos field. internally it
works like pf_patch_8 and pf_cksum_fixup, but since pf is optional
it rolls its own code. procter may fix that in the future...
ok claudio@
|
| |
|
|
|
|
| |
It also translated a documented send(2) EACCES case erroneously.
This was too much magic and always prone to errors.
from Jan Klemkow; man page jmc@; OK claudio@
|
| |
|
|
|
|
| |
m_leadingspace() and m_trailingspace(). Convert all callers to call
directly the functions and remove the defines.
OK krw@, mpi@
|
| |
|
|
|
| |
rdomain now and are therefor rdomain save.
OK mpi@
|
| |
|
|
|
|
|
|
|
|
|
| |
The maximum is ICMP_MINLEN (8) + max IPv4 header size (60) + IPv6 header (40)
for the IPv6 over IPv4 transition case. By having up to this amount of data
consequtive in an mbuf makes the rest of the code simpler and no more extra
m_pullup calls are needed. Only length checks are now required.The maximum
size is also big enough for all other ICMP types that don't embed the IP
heaader. This ensures that all data has been m_pullup-ed before calling the
ctlinput function which can look that deep into the header.
OK bluhm@ markus@
|
| |
|
|
|
|
| |
check. This code was never reached as ICMP length was truncated
before, but fix the wrong calculation anyway.
OK claudio@
|
| |
|
|
|
|
|
|
| |
the end of the cluster (there is no M_ALIGN version for clusters so it is
hard coded). Also make the sanity check more general by using m_leadingspace.
Not a security issue since the cluster code is not reachable, there is enough
space in an mbuf.
OK bluhm@
|
| |
|
|
|
|
| |
a fixed socket send buffer size for TCP. tcp_update_sndspace()
could overwrite the value as the algorithms were not in sync.
OK benno@ claudio@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
In particular, use LIST_* to preserve O(n) removal in rti_delete().
While here, clean up two malloc(9) calls.
Suggested by mpi@.
ok visa@
|
| |
|
|
|
|
|
| |
of packets are being dropped but non of the other counters are increasing.
From Daniel Hokka Zakrisson (daniel AT hozac DOT com), thanks!
OK florian, phessler
|
| |
|
|
|
|
|
|
|
|
| |
rtable 255 is a valid routing table or domain id that wasn't handled
by the ip[6]_mroute code or by snmpd. The arrays in the ip[6]_mroute
code where off by one and didn't allocate space for rtable 255; snmpd
simply ignored rtable 255. All other places in the tree seem to
handle RT_TABLEID_MAX correctly.
OK florian@ benno@ henning@ deraadt@
|
| |
|
|
|
|
|
| |
in raw IP delivery and UDP broadcast loops. There inpcbtable_mtx
is held and sorwakeup() is called within the loop. As sowakeup()
grabs the kernel lock, we have a lock ordering problem.
found by Hrvoje Popovski; OK deraadt@ mpi@
|
| |
|
|
|
|
| |
out of the KERNEL_LOCK().
ok visa@, bluhm@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
for netstat -a. Introduce a global mutex that protects the tables
and hashes for the internet PCBs. To detect detached PCB, set its
inp_socket field to NULL. This has to be protected by a per PCB
mutex. The protocol pointer has to be protected by the mutex as
netstat uses it.
Always take the kernel lock in in_pcbnotifyall() and in6_pcbnotify()
before the table mutex to avoid lock ordering problems in the notify
functions.
OK visa@
|
| |
|
|
|
|
|
|
|
| |
PAWS. Otherwise we could trigger a retransmit of the opposite party with another
wrong timestamp and produce loop. I have seen this with a buggy server which
messed up tcp timestamps.
Suggested by Prof. Jacobson for FreeBSD.
ok krw, bluhm, henning, mpi
|
| |
|
|
|
|
|
|
|
|
| |
ipsec_{input,output}_cb() so that in the case of sending or receiving a bogus
mbuf (NULL) we don't end up trying to dereference the TDB, while being an
uninitialized pointer, to increase the drops.
Coverity IDs 1473312, 1473313 and 1473317.
OK mpi@ visa@
|
| |
|
|
|
|
|
| |
The inet PCB uses one hash with local and foreign addresses, and
one with local port numbers. Give both hashes separate keys. Also
document the struct fields.
OK visa@
|
| |
|
|
| |
ok visa@
|
| |
|
|
|
|
| |
start locking the socket. An inp can be referenced by the PCB queue
and hashes, by a pf mbuf header, or by a pf state key.
OK visa@
|
| |
|
|
| |
Problem found and anaylyzed by Romain Gabet, ok markus@
|
| |
|
|
|
| |
what FreeBSD does. Remove old #if 0 version of inet6ctlerrmap.
OK mpi@
|
| |
|
|
|
|
|
|
|
| |
in6_pcb.c consistent, to ease comparing the code. Move all inet6
functions to in6_. Bring functions in both source files in same
order. Cleanup the include section. Now in_pcb.c is a superset
of in6_pcb.c. The latter contains all the special implementations.
Just moving arround, no code change intended.
OK mpi@
|
| |
|
|
| |
OK stsp@
|
| |
|
|
|
|
| |
put the algorithm into a new function m_calchdrlen(). Also set an
uninitialized m_len to 0 in NFS code.
OK claudio@
|
| |
|
|
|
|
|
| |
created. Add a new function m_removehdr() do convert packet header
mbufs within the chain to regular mbufs. Assert that the mbuf at
the beginning of the chain has a packet header.
found by Maxime Villard in NetBSD; from markus@; OK claudio@
|
| |
|
|
| |
input and OK claudio@
|
| | |
|
| |
|
|
|
|
| |
userland.
Inputs from markus@, ok sthen@
|
| |
|
|
|
|
| |
syn_cache_get() is not neccessary. Also make the abort label
consistent to resetandabort and free the mbuf there.
OK mpi@
|
| |
|
|
| |
Found by and ok jsg@, ok markus@
|
| |
|
|
|
|
|
|
| |
dropped packets in the output path.
While here fix a memory leak when compression is not needed w/ IPcomp.
ok markus@
|
| |
|
|
|
| |
magic constant to panic() calls.
ok benno@ henning@ tb@
|
| |
|
|
|
|
|
| |
route socket is flooded with those messages. Instead maek sure that the
removal of the dynamic route that can happen is actually also sent to
the routing socket.
OK mpi@ henning@
|
| |
|
|
|
|
|
| |
these changes to the routing table have not been visible whereas the
RTM_DELETE of those routes have been. Remove this inconsistency.
Input and OK mpi@
OK henning@
|
| |
|
|
| |
ok markus@
|
| |
|
|
|
|
|
|
|
|
| |
callbacks to be able to count dropped packet.
Having more generic statistics will help troubleshooting problems
with specific tunnels. Per-TDB counters are coming once all the
refactoring bits are in.
ok markus@
|
| |
|
|
|
|
|
| |
why it was necessary.
OK bluhm@
'ok but watch for fallouts' mpi@
|
| |
|
|
|
|
| |
with sendmsg(2) and MSG_OOB. Sync the code in udp, rip, and
rip6_usrreq. Add an inp NULL check in rip6_usrreq for consistency.
OK benno@ mpi@
|
| |
|
|
|
|
| |
rip{6,}_usrreq() since soreceive() will free it.
ok bluhm@
|
| |
|
|
| |
ok visa@ as part of a larger bigger diff
|
| |
|
|
|
| |
the global inpcb queue and hashes.
OK visa@ mpi@ as part of a larger diff
|
| |
|
|
|
| |
in_pcbconnect() to avoid the address family maze in syn_cache_get().
input claudio@; OK mpi@
|
| |
|
|
| |
ok bluhm
|
claudio
dlg
bluhm
cheloha
florian
reyk
mpi
friehm
mestre
jsg
miko
nayden
anton
yasuoka