ozaki-r
0d787d119d
Commit a forgotten change for "Prepare netipsec for rump-ification"
...
- Allow encapinit to be called twice (by ifinit and ipe4_attach)
- ifinit didn't call encapinit if IPSEC is enabled (ipe4_attach called
it instead), however, on a rump kernel ipe4_attach may not be called
even if IPSEC is enabled. So we need to allow ifinit to call it anyway
2017-04-07 03:31:50 +00:00
ozaki-r
26a0055807
Get rid of unused macros
2017-04-04 09:53:02 +00:00
ozaki-r
67c047d165
Don't use a single global variable to store source route information for multiple incoming packets
...
It's not MP-safe. So use a m_tag to store the information instead.
Pointed out by knakahara@
The fix is from OpenBSD (originally fixed in FreeBSD)
2017-03-31 06:49:44 +00:00
ozaki-r
1abfd1a0eb
Don't use a single global variable as a temporal storage for multiple packets
...
It's not MP-safe. So use local variables instead.
2017-03-31 06:42:19 +00:00
knakahara
d35df4a96d
remove duplicated validation. That is already done in l2tp_lookup_session_ref().
...
pointed out by s-yamaguchi@IIJ, thanks.
2017-03-30 23:13:54 +00:00
roy
56d35f4e73
Add the local route after finishing the configuration of the address.
...
This fixes the issue where the initial address announced had an
invalid broadcast address.
2017-03-17 17:26:20 +00:00
roy
ea016466e3
If we're not doing DAD, don't set IN_IFF_TENTATIVE.
2017-03-17 16:15:11 +00:00
ozaki-r
0eaf4e5356
Use if_acquire and if_release instead of using psref API directly
...
- Provide if_release for consistency to if_acquire
- Use if_acquire and if_release for ifp iterations
- Make ifnet_psref_class static
2017-03-14 09:03:08 +00:00
roy
a0a6c91f2c
If an ARP packet is received to the null host (0.0.0.0) then look for
...
an address matching the sender IP address on the interface.
This allows DAD to fail during the probe phase when a reverse ARP
proxy is present.
2017-03-10 20:27:31 +00:00
roy
074272399a
Only check target address collision if the sender address is the null
...
address (ie a DAD probe) or our matching address is either TENTATIVE
or DUPLICATED.
2017-03-09 08:41:56 +00:00
ozaki-r
ab7c3877f1
Make sure icmp_redirect_timeout_q and ip_mtudisc_timeout_q are initialized on bootup
...
Fix PR kern/52029
2017-03-06 07:31:15 +00:00
ozaki-r
89bba5e4dd
Fix the position of curlwp_bindx; it should be after if_put
2017-03-05 11:07:46 +00:00
ozaki-r
2495e7a0c7
Pass inpcb/in6pcb instead of socket to ip_output/ip6_output
...
- Passing a socket to Layer 3 is layer violation and even unnecessary
- The change makes codes of callers and IPsec a bit simple
2017-03-03 07:13:06 +00:00
ozaki-r
030b9751dc
Protect ia_allhosts by in_ifaddr_lock
2017-03-02 05:31:04 +00:00
ozaki-r
d0c11d0872
Make sure imo_membership is protected by inp's lock (solock)
2017-03-02 05:29:31 +00:00
ozaki-r
36ae5d22b0
Make usages of ifp MP-safe in some functions of IP multicast
2017-03-02 05:24:23 +00:00
ozaki-r
5ca786c5d4
Make CARP on IPv6 work
...
It passes ATF tests but no more, no less.
2017-02-27 08:26:53 +00:00
roy
808f48e3a5
Only do DaD if the interface actually has the address.
2017-02-24 13:42:18 +00:00
ozaki-r
559b831490
Add assertions and comments for lock states of socket and pcb
2017-02-22 07:05:04 +00:00
ozaki-r
67412bb47f
Replace malloc for DAD with kmem and move them out of the lock for DAD
2017-02-21 03:58:23 +00:00
ozaki-r
d453ae2d83
Fix return value
2017-02-17 18:09:25 +00:00
ozaki-r
d412d1c277
Protect sysctl_net_inet_ip_pmtudto with icmp_mtx instead of softnet_lock
2017-02-17 04:32:10 +00:00
ozaki-r
77a7c1c676
Make NOMPSAFE comments informative
2017-02-17 04:31:34 +00:00
knakahara
706b73f634
add missing files.
2017-02-16 08:23:35 +00:00
knakahara
939a415a7d
add l2tp(4) L2TPv3 interface.
...
originally implemented by IIJ SEIL team.
2017-02-16 08:12:43 +00:00
ozaki-r
19c4d830db
Protect mtudisc and redirect stuffs of icmp/icmp6 with mutex
...
We have to run pr_init of icmp and icmp6 prior to tcp and tcp6 ones
for mutex initialization.
2017-02-13 07:18:20 +00:00
ozaki-r
10400e2a88
Use IFQ_LOCK instead of splnet for if_snd
2017-02-13 04:06:39 +00:00
ozaki-r
b070ee09f7
Replace splnet with splsoftnet
2017-02-13 04:05:58 +00:00
roy
a3139fb2e1
Allow Unicast Poll from RFC 1122 to bypass DaD checking.
2017-02-11 15:37:30 +00:00
ozaki-r
57c38b2894
Add missing NULL checks for m_get_rcvif
2017-02-07 02:38:08 +00:00
ozaki-r
589739056f
Defer some pr_input to workqueue
...
pr_input is currently called in softint. Some pr_input such as ICMP, ICMPv6
and CARP can add/delete/update IP addresses and routing table entries. For
example, icmp6_redirect_input updates an a routing table entry and
nd6_ra_input may delete an IP address.
Basically such operations shouldn't be done in softint. That aside, we have
a reason to avoid the situation; psz/psref waits cannot be used in softint,
however they are required to work in such pr_input in the MP-safe world.
The change implements the workqueue pr_input framework called wqinput which
provides a means to defer pr_input of a protocol to workqueue easily.
Currently icmp_input, icmp6_input, carp_proto_input and carp6_proto_input
are deferred to workqueue by the framework.
Proposed and discussed on tech-kern and tech-net
2017-02-02 02:52:10 +00:00
ozaki-r
9e8d969cf0
Tweak softnet_lock and NET_MPSAFE
...
- Don't hold softnet_lock in some functions if NET_MPSAFE
- Add softnet_lock to sysctl_net_inet_icmp_redirtimeout
- Add softnet_lock to expire_upcalls of ip_mroute.c
- Restore softnet_lock for in{,6}_pcbpurgeif{,0} if NET_MPSAFE
- Mark some softnet_lock for future work
2017-01-24 07:09:24 +00:00
ozaki-r
c26964ba3f
Replace some splnet with splsoftnet
2017-01-23 10:19:03 +00:00
ozaki-r
14cc93cb28
Get rid of splnet for pool(9)
...
We don't need it anymore.
2017-01-23 09:14:24 +00:00
maxv
416bf33c7c
Add some checks, mostly same as in_arpinput.
2017-01-21 11:07:46 +00:00
maxv
a87e9a2b62
Make sure the protocol address length equals that of IPv4. Also, make sure
...
the hardware address length equals that of the interface we received the
packet on. Otherwise a packet could easily set them both to zero and make
the kernel read beyond the allocated mbuf, which is terrible.
Note: for the latter we drop the packet instead of replying, since it is
malformed.
Note: I also added an ugly hack in CARP, since it apparently expects at
least six bytes.
2017-01-20 19:21:01 +00:00
maxv
cb01df4fa5
Style
2017-01-20 17:50:52 +00:00
maxv
0b9f08e68e
Reput a nullcheck that was mistakenly removed in rev1.204. ar_hrd is
...
packet-controlled.
2017-01-20 17:45:42 +00:00
ozaki-r
fc198510fe
Fix build w/ SCTP and w/o SCTP_DEBUG
2017-01-17 01:24:44 +00:00
christos
35561f6b22
ip6_sprintf -> IN6_PRINT so that we pass the size.
2017-01-16 15:44:46 +00:00
christos
fcb36c6a50
really, use.
2017-01-16 15:44:05 +00:00
christos
f068397dd4
rename arplog -> ARPLOG to make it clear that it is a macro and tuck-in the
...
buffer used for address formatting.
2017-01-16 15:14:16 +00:00
ryo
28f4c24cc2
Make ip6_sprintf(), in_fmtaddr(), lla_snprintf() and icmp6_redirect_diag() mpsafe.
...
Reviewed by ozaki-r@
2017-01-16 07:33:36 +00:00
ozaki-r
2b82ef9b8f
Get rid of unnecessary header inclusions
2017-01-11 13:08:29 +00:00
christos
1aeddccb19
add a couple of lint comments.
2017-01-10 20:32:27 +00:00
knakahara
23e409fe79
avoid double rtcache_unref().
...
reviewed by ozaki-r@n.o.
2017-01-10 07:39:52 +00:00
knakahara
cc189cdb90
remove unnecessary conversion.
...
gif_softc->gif_pdst is already valid sockaddr.
2017-01-06 03:25:13 +00:00
martin
68f5a34706
Fix optlen calculation for the SACK block - 2 bytes too few were
...
calculated, causing corruption in PR kern/51767.
2017-01-04 15:09:37 +00:00
kre
c6fa5aa928
Remove redundant tests: if optlen === 0, then optlen % 4 != 2 (it is 0)
...
so there is no need to test both.
2017-01-04 12:35:14 +00:00
christos
106cdf0378
use symbolic constants; no functional change.
2017-01-03 20:59:32 +00:00