Commit Graph

2556 Commits

Author SHA1 Message Date
ozaki-r
0d787d119d Commit a forgotten change for "Prepare netipsec for rump-ification"
- Allow encapinit to be called twice (by ifinit and ipe4_attach)
  - ifinit didn't call encapinit if IPSEC is enabled (ipe4_attach called
    it instead), however, on a rump kernel ipe4_attach may not be called
    even if IPSEC is enabled. So we need to allow ifinit to call it anyway
2017-04-07 03:31:50 +00:00
ozaki-r
26a0055807 Get rid of unused macros 2017-04-04 09:53:02 +00:00
ozaki-r
67c047d165 Don't use a single global variable to store source route information for multiple incoming packets
It's not MP-safe. So use a m_tag to store the information instead.

Pointed out by knakahara@
The fix is from OpenBSD (originally fixed in FreeBSD)
2017-03-31 06:49:44 +00:00
ozaki-r
1abfd1a0eb Don't use a single global variable as a temporal storage for multiple packets
It's not MP-safe. So use local variables instead.
2017-03-31 06:42:19 +00:00
knakahara
d35df4a96d remove duplicated validation. That is already done in l2tp_lookup_session_ref().
pointed out by s-yamaguchi@IIJ, thanks.
2017-03-30 23:13:54 +00:00
roy
56d35f4e73 Add the local route after finishing the configuration of the address.
This fixes the issue where the initial address announced had an
invalid broadcast address.
2017-03-17 17:26:20 +00:00
roy
ea016466e3 If we're not doing DAD, don't set IN_IFF_TENTATIVE. 2017-03-17 16:15:11 +00:00
ozaki-r
0eaf4e5356 Use if_acquire and if_release instead of using psref API directly
- Provide if_release for consistency to if_acquire
- Use if_acquire and if_release for ifp iterations
- Make ifnet_psref_class static
2017-03-14 09:03:08 +00:00
roy
a0a6c91f2c If an ARP packet is received to the null host (0.0.0.0) then look for
an address matching the sender IP address on the interface.
This allows DAD to fail during the probe phase when a reverse ARP
proxy is present.
2017-03-10 20:27:31 +00:00
roy
074272399a Only check target address collision if the sender address is the null
address (ie a DAD probe) or our matching address is either TENTATIVE
or DUPLICATED.
2017-03-09 08:41:56 +00:00
ozaki-r
ab7c3877f1 Make sure icmp_redirect_timeout_q and ip_mtudisc_timeout_q are initialized on bootup
Fix PR kern/52029
2017-03-06 07:31:15 +00:00
ozaki-r
89bba5e4dd Fix the position of curlwp_bindx; it should be after if_put 2017-03-05 11:07:46 +00:00
ozaki-r
2495e7a0c7 Pass inpcb/in6pcb instead of socket to ip_output/ip6_output
- Passing a socket to Layer 3 is layer violation and even unnecessary
- The change makes codes of callers and IPsec a bit simple
2017-03-03 07:13:06 +00:00
ozaki-r
030b9751dc Protect ia_allhosts by in_ifaddr_lock 2017-03-02 05:31:04 +00:00
ozaki-r
d0c11d0872 Make sure imo_membership is protected by inp's lock (solock) 2017-03-02 05:29:31 +00:00
ozaki-r
36ae5d22b0 Make usages of ifp MP-safe in some functions of IP multicast 2017-03-02 05:24:23 +00:00
ozaki-r
5ca786c5d4 Make CARP on IPv6 work
It passes ATF tests but no more, no less.
2017-02-27 08:26:53 +00:00
roy
808f48e3a5 Only do DaD if the interface actually has the address. 2017-02-24 13:42:18 +00:00
ozaki-r
559b831490 Add assertions and comments for lock states of socket and pcb 2017-02-22 07:05:04 +00:00
ozaki-r
67412bb47f Replace malloc for DAD with kmem and move them out of the lock for DAD 2017-02-21 03:58:23 +00:00
ozaki-r
d453ae2d83 Fix return value 2017-02-17 18:09:25 +00:00
ozaki-r
d412d1c277 Protect sysctl_net_inet_ip_pmtudto with icmp_mtx instead of softnet_lock 2017-02-17 04:32:10 +00:00
ozaki-r
77a7c1c676 Make NOMPSAFE comments informative 2017-02-17 04:31:34 +00:00
knakahara
706b73f634 add missing files. 2017-02-16 08:23:35 +00:00
knakahara
939a415a7d add l2tp(4) L2TPv3 interface.
originally implemented by IIJ SEIL team.
2017-02-16 08:12:43 +00:00
ozaki-r
19c4d830db Protect mtudisc and redirect stuffs of icmp/icmp6 with mutex
We have to run pr_init of icmp and icmp6 prior to tcp and tcp6 ones
for mutex initialization.
2017-02-13 07:18:20 +00:00
ozaki-r
10400e2a88 Use IFQ_LOCK instead of splnet for if_snd 2017-02-13 04:06:39 +00:00
ozaki-r
b070ee09f7 Replace splnet with splsoftnet 2017-02-13 04:05:58 +00:00
roy
a3139fb2e1 Allow Unicast Poll from RFC 1122 to bypass DaD checking. 2017-02-11 15:37:30 +00:00
ozaki-r
57c38b2894 Add missing NULL checks for m_get_rcvif 2017-02-07 02:38:08 +00:00
ozaki-r
589739056f Defer some pr_input to workqueue
pr_input is currently called in softint. Some pr_input such as ICMP, ICMPv6
and CARP can add/delete/update IP addresses and routing table entries. For
example, icmp6_redirect_input updates an a routing table entry and
nd6_ra_input may delete an IP address.

Basically such operations shouldn't be done in softint. That aside, we have
a reason to avoid the situation; psz/psref waits cannot be used in softint,
however they are required to work in such pr_input in the MP-safe world.

The change implements the workqueue pr_input framework called wqinput which
provides a means to defer pr_input of a protocol to workqueue easily.
Currently icmp_input, icmp6_input, carp_proto_input and carp6_proto_input
are deferred to workqueue by the framework.

Proposed and discussed on tech-kern and tech-net
2017-02-02 02:52:10 +00:00
ozaki-r
9e8d969cf0 Tweak softnet_lock and NET_MPSAFE
- Don't hold softnet_lock in some functions if NET_MPSAFE
- Add softnet_lock to sysctl_net_inet_icmp_redirtimeout
- Add softnet_lock to expire_upcalls of ip_mroute.c
- Restore softnet_lock for in{,6}_pcbpurgeif{,0} if NET_MPSAFE
- Mark some softnet_lock for future work
2017-01-24 07:09:24 +00:00
ozaki-r
c26964ba3f Replace some splnet with splsoftnet 2017-01-23 10:19:03 +00:00
ozaki-r
14cc93cb28 Get rid of splnet for pool(9)
We don't need it anymore.
2017-01-23 09:14:24 +00:00
maxv
416bf33c7c Add some checks, mostly same as in_arpinput. 2017-01-21 11:07:46 +00:00
maxv
a87e9a2b62 Make sure the protocol address length equals that of IPv4. Also, make sure
the hardware address length equals that of the interface we received the
packet on. Otherwise a packet could easily set them both to zero and make
the kernel read beyond the allocated mbuf, which is terrible.

Note: for the latter we drop the packet instead of replying, since it is
malformed.

Note: I also added an ugly hack in CARP, since it apparently expects at
least six bytes.
2017-01-20 19:21:01 +00:00
maxv
cb01df4fa5 Style 2017-01-20 17:50:52 +00:00
maxv
0b9f08e68e Reput a nullcheck that was mistakenly removed in rev1.204. ar_hrd is
packet-controlled.
2017-01-20 17:45:42 +00:00
ozaki-r
fc198510fe Fix build w/ SCTP and w/o SCTP_DEBUG 2017-01-17 01:24:44 +00:00
christos
35561f6b22 ip6_sprintf -> IN6_PRINT so that we pass the size. 2017-01-16 15:44:46 +00:00
christos
fcb36c6a50 really, use. 2017-01-16 15:44:05 +00:00
christos
f068397dd4 rename arplog -> ARPLOG to make it clear that it is a macro and tuck-in the
buffer used for address formatting.
2017-01-16 15:14:16 +00:00
ryo
28f4c24cc2 Make ip6_sprintf(), in_fmtaddr(), lla_snprintf() and icmp6_redirect_diag() mpsafe.
Reviewed by ozaki-r@
2017-01-16 07:33:36 +00:00
ozaki-r
2b82ef9b8f Get rid of unnecessary header inclusions 2017-01-11 13:08:29 +00:00
christos
1aeddccb19 add a couple of lint comments. 2017-01-10 20:32:27 +00:00
knakahara
23e409fe79 avoid double rtcache_unref().
reviewed by ozaki-r@n.o.
2017-01-10 07:39:52 +00:00
knakahara
cc189cdb90 remove unnecessary conversion.
gif_softc->gif_pdst is already valid sockaddr.
2017-01-06 03:25:13 +00:00
martin
68f5a34706 Fix optlen calculation for the SACK block - 2 bytes too few were
calculated, causing corruption in PR kern/51767.
2017-01-04 15:09:37 +00:00
kre
c6fa5aa928 Remove redundant tests: if optlen === 0, then optlen % 4 != 2 (it is 0)
so there is no need to test both.
2017-01-04 12:35:14 +00:00
christos
106cdf0378 use symbolic constants; no functional change. 2017-01-03 20:59:32 +00:00