Commit Graph

177 Commits

Author SHA1 Message Date
maxv 5b040abec8 Replace M_ALIGN and MH_ALIGN by m_align. 2018-12-22 14:28:56 +00:00
maxv 5c98710094 Remove the 't' argument from m_tag_find(). 2018-11-15 10:23:55 +00:00
maxv 15652348f3 Use non-variadic function pointer in protosw::pr_input. 2018-09-14 05:09:51 +00:00
riastradh d1579b2d70 Rename min/max -> uimin/uimax for better honesty.
These functions are defined on unsigned int.  The generic name
min/max should not silently truncate to 32 bits on 64-bit systems.
This is purely a name change -- no functional change intended.

HOWEVER!  Some subsystems have

	#define min(a, b)	((a) < (b) ? (a) : (b))
	#define max(a, b)	((a) > (b) ? (a) : (b))

even though our standard name for that is MIN/MAX.  Although these
may invite multiple evaluation bugs, these do _not_ cause integer
truncation.

To avoid `fixing' these cases, I first changed the name in libkern,
and then compile-tested every file where min/max occurred in order to
confirm that it failed -- and thus confirm that nothing shadowed
min/max -- before changing it.

I have left a handful of bootloaders that are too annoying to
compile-test, and some dead code:

cobalt ews4800mips hp300 hppa ia64 luna68k vax
acorn32/if_ie.c (not included in any kernels)
macppc/if_gm.c (superseded by gem(4))

It should be easy to fix the fallout once identified -- this way of
doing things fails safe, and the goal here, after all, is to _avoid_
silent integer truncations, not introduce them.

Maybe one day we can reintroduce min/max as type-generic things that
never silently truncate.  But we should avoid doing that for a while,
so that existing code has a chance to be detected by the compiler for
conversion to uimin/uimax without changing the semantics until we can
properly audit it all.  (Who knows, maybe in some cases integer
truncation is actually intended!)
2018-09-03 16:29:22 +00:00
maxv 3b4bbaf4c5 Fix compilation of PF/IPF... 2018-08-10 07:16:13 +00:00
maxv d22d69a653 Rename
ip6_undefer_csum  -> in6_undefer_cksum
	in6_delayed_cksum -> in6_undefer_cksum_tcpudp

The two previous names were inconsistent and misleading.

Put the two functions into in6_offload.c. Add comments to explain what
we're doing.

Same as IPv4.
2018-08-10 06:46:08 +00:00
kre c935a86e5e Fix build. pf_ioctl.c needs netinet/in_offload.h (after previous change).
Because this is in a module, apparently, that means that netinet_in_offload.h
needs to get installed in /usr/include, so do that as well.

Feel free to fix this in a better way...
2018-07-11 11:13:16 +00:00
maxv 3574e9908d Rename
ip_undefer_csum  -> in_undefer_cksum
	in_delayed_cksum -> in_undefer_cksum_tcpudp

The two previous names were inconsistent and misleading.

Put the two functions into in_offload.c. Add comments to explain what
we're doing.

The same could be done for IPv6.
2018-07-11 05:25:45 +00:00
msaitoh 391c832089 Add missing BPF_D_OUT. Reported by John D. Baker. 2018-06-27 03:31:44 +00:00
msaitoh 3cd62456f9 Implement the BPF direction filter (BIOC[GS]DIRECTION). It provides backward
compatibility with BIOC[GS]SEESENT ioctl. The userland interface is the same
as FreeBSD.

 This change also fixes a bug that the direction is misunderstand on some
environment by passing the direction to bpf_mtap*() instead of checking
m->m_pkthdr.rcvif.
2018-06-26 06:47:57 +00:00
maxv 4a165b5280 Remove m_copy completely. 2018-05-03 07:01:08 +00:00
christos 8c5df217eb It is normal for socket credentials to be missing for incoming sockets,
so don't warn.
2018-02-19 23:03:00 +00:00
christos f85f8fe67a PR/53036: Alexander Nasonov: 'block user' in pf's ruleset panics 8.0_BETA
Check for NULL.
2018-02-18 21:51:28 +00:00
maya 4004dcca06 Don't invoke UB.
Heads up by John D. Baker.
2018-02-14 16:07:55 +00:00
maxv ecab785878 Oh, what is this. Fix a remotely-triggerable integer overflow: the way we
define TCPOLEN_SACK makes it unsigned, and the comparison in the while()
is unsigned too. That's not the expected behavior, the original code
wanted a signed comparison.

It's pretty easy to make 'hlen' go negative and trigger a buffer overflow.

This bug was reported 8 years ago by Lucio Albornoz in PR/44059.
2018-02-09 21:25:04 +00:00
christos e37a7e0920 PR/52682: David Binderman: Fix wrong assignment (in the !__NetBSD__ code) 2017-10-31 15:00:03 +00:00
pgoyette de283441cd Defer initialization of pf_status.host_id
The call to cprng_fast32() requires that per-cpu data has been initialized
by corng_fast_init(), which doesn't get called until after the first part
of auto-configuration is done, long after pfattach() calls cprng_fast32().

Fixed PR kern/52620

XXX This needs pull-up to the -8 branch.
2017-10-15 04:30:05 +00:00
ozaki-r 0eaf4e5356 Use if_acquire and if_release instead of using psref API directly
- Provide if_release for consistency to if_acquire
- Use if_acquire and if_release for ifp iterations
- Make ifnet_psref_class static
2017-03-14 09:03:08 +00:00
ozaki-r 3f909d1769 Do ND in L2_output in the same manner as arpresolve
The benefits of this change are:
- The flow is consistent with IPv4 (and FreeBSD and OpenBSD)
  - old: ip6_output => nd6_output (do ND if needed) => L2_output (lookup a stored cache)
  - new: ip6_output => L2_output (lookup a cache. Do ND if cache not found)
- We can remove some workarounds in nd6_output
- We can move L2 specific operations to their own place
- The performance slightly improves because one cache lookup is reduced
2017-02-14 03:05:06 +00:00
christos 97e4301caa use in6_print 2017-01-16 15:46:19 +00:00
ryo 28f4c24cc2 Make ip6_sprintf(), in_fmtaddr(), lla_snprintf() and icmp6_redirect_diag() mpsafe.
Reviewed by ozaki-r@
2017-01-16 07:33:36 +00:00
christos 8dd9914047 pfil(9) improvements to handle address changes:
Add:
  PFIL_IFADDR     call on interface reconfig (mbuf is ioctl #)
  PFIL_IFNET      call on interface attach/detach (mbuf is PFIL_IFNET_*)

from rmind@
2016-12-26 23:21:49 +00:00
ozaki-r 4c25fb2f83 Add rtcache_unref to release points of rtentry stemming from rtcache
In the MP-safe world, a rtentry stemming from a rtcache can be freed at any
points. So we need to protect rtentries somehow say by reference couting or
passive references. Regardless of the method, we need to call some release
function of a rtentry after using it.

The change adds a new function rtcache_unref to release a rtentry. At this
point, this function does nothing because for now we don't add a reference
to a rtentry when we get one from a rtcache. We will add something useful
in a further commit.

This change is a part of changes for MP-safe routing table. It is separated
to avoid one big change that makes difficult to debug by bisecting.
2016-12-08 05:16:33 +00:00
ozaki-r 4f21a42704 Apply pserialize to some iterations of IP address lists 2016-07-20 07:37:51 +00:00
ozaki-r 9e4c2bda8a Switch the address list of intefaces to pslist(9)
As usual, we leave the old list to avoid breaking kvm(3) users.
2016-07-07 09:32:01 +00:00
ozaki-r 4b54d200aa Remove unnecessary NULL checks of ifa->ifa_addr
If it's NULL, it should be a bug. There many IFADDR_FOREACH that don't do
NULL check. If it can be NULL, they should fire already.
2016-06-22 07:48:17 +00:00
ozaki-r 43c5ab376f Replace ifp of ip_moptions and ip6_moptions with if_index
The motivation is the same as the mbuf's rcvif case; avoid having a pointer
of an ifnet object in ip_moptions and ip6_moptions, which is not MP-safe.

ip_moptions and ip6_moptions can be stored in a PCB for inet or inet6
that's life time is different from ifnet one and so an ifnet object can be
disappeared anytime we get it via them. Thus we need to look up an ifnet
object by if_index every time for safe.
2016-06-21 03:28:27 +00:00
knakahara 95fc145695 apply if_output_lock() to L3 callers which call ifp->if_output() of L2(or L3 tunneling). 2016-06-20 06:46:37 +00:00
ozaki-r e1135cd9b9 Use curlwp_bind and curlwp_bindx instead of open-coding LP_BOUND 2016-06-16 02:38:40 +00:00
ozaki-r fe6d427551 Avoid storing a pointer of an interface in a mbuf
Having a pointer of an interface in a mbuf isn't safe if we remove big
kernel locks; an interface object (ifnet) can be destroyed anytime in any
packet processing and accessing such object via a pointer is racy. Instead
we have to get an object from the interface collection (ifindex2ifnet) via
an interface index (if_index) that is stored to a mbuf instead of an
pointer.

The change provides two APIs: m_{get,put}_rcvif_psref that use psref(9)
for sleep-able critical sections and m_{get,put}_rcvif that use
pserialize(9) for other critical sections. The change also adds another
API called m_get_rcvif_NOMPSAFE, that is NOT MP-safe and for transition
moratorium, i.e., it is intended to be used for places where are not
planned to be MP-ified soon.

The change adds some overhead due to psref to performance sensitive paths,
however the overhead is not serious, 2% down at worst.

Proposed on tech-kern and tech-net.
2016-06-10 13:31:43 +00:00
ozaki-r d938d837b3 Introduce m_set_rcvif and m_reset_rcvif
The API is used to set (or reset) a received interface of a mbuf.
They are counterpart of m_get_rcvif, which will come in another
commit, hide internal of rcvif operation, and reduce the diff of
the upcoming change.

No functional change.
2016-06-10 13:27:10 +00:00
ozaki-r 040205ae93 Protect ifnet list with psz and psref
The change ensures that ifnet objects in the ifnet list aren't freed during
list iterations by using pserialize(9) and psref(9).

Note that the change adds a pslist(9) for ifnet but doesn't remove the
original ifnet list (ifnet_list) to avoid breaking kvm(3) users. We
shouldn't use the original list in the kernel anymore.
2016-05-12 02:24:16 +00:00
ozaki-r 2cf7873b92 Constify rtentry of if_output
We no longer need to change rtentry below if_output.

The change makes it clear where rtentries are changed (or not)
and helps forthcoming locking (os psrefing) rtentries.
2016-04-28 00:16:56 +00:00
christos e7ae23fd9e include "ioconf.h" to get the 'void <driver>attach(int count);' prototype. 2015-08-20 14:40:16 +00:00
riastradh 6c3a21ccc3 <sys/rnd.h> not needed for pf_norm.c. 2015-04-13 16:35:33 +00:00
dholland f9228f4225 Add d_discard to all struct cdevsw instances I could find.
All have been set to "nodiscard"; some should get a real implementation.
2014-07-25 08:10:31 +00:00
ozaki-r de94e6c564 Unbreak the build of pf 2014-07-25 04:09:58 +00:00
rmind 60d350cf6d - Implement pktqueue interface for lockless IP input queue.
- Replace ipintrq and ip6intrq with the pktqueue mechanism.
- Eliminate kernel-lock from ipintr() and ip6intr().
- Some preparation work to push softnet_lock out of ipintr().

Discussed on tech-net.
2014-06-05 23:48:16 +00:00
rmind 44b8265175 Fix previous. 2014-05-17 21:00:33 +00:00
rmind f7741dab17 - Move IFNET_*() macros under #ifdef _KERNEL.
- Replace TAILQ_FOREACH on ifnet with IFNET_FOREACH().
2014-05-17 20:44:24 +00:00
dholland a68f9396b6 Change (mostly mechanically) every cdevsw/bdevsw I can find to use
designated initializers.

I have not built every extant kernel so I have probably broken at
least one build; however I've also found and fixed some wrong
cdevsw/bdevsw entries so even if so I think we come out ahead.
2014-03-16 05:20:22 +00:00
nonaka fefa462b86 remove unused variable to avoid warning from gcc 4.8. 2014-03-06 15:21:58 +00:00
christos 3cf53c78f3 fix compiler warnings 2013-10-20 21:05:47 +00:00
skrll 34b5ada363 PFIL_HOOKS is dead. 2013-07-01 08:32:48 +00:00
njoly 8b89b15c25 Fix pf module build. Adjust pfil_remove_hook 3rd arguments. 2013-06-30 17:23:52 +00:00
rmind 430eae4e07 Update pf to pfil(9) changes. Missed in previous commit. 2013-06-30 14:58:48 +00:00
drochner 364a06bb29 remove KAME IPSEC, replaced by FAST_IPSEC 2012-03-22 20:34:37 +00:00
drochner 0d96157461 protect "union sockaddr_union" from being defined twice by a CPP symbol
(copied from FreeBSD), allows coexistence of (FAST_)IPSEC and pf
2012-01-11 14:37:45 +00:00
drochner 496df2a91f do missing ipsec->kame_ipsec renames 2011-12-19 16:10:07 +00:00
tls 6e1dd068e9 Separate /dev/random pseudodevice implemenation from kernel entropy pool
implementation.  Rewrite pseudodevice code to use cprng_strong(9).

The new pseudodevice is cloning, so each caller gets bits from a stream
generated with its own key.  Users of /dev/urandom get their generators
keyed on a "best effort" basis -- the kernel will rekey generators
whenever the entropy pool hits the high water mark -- while users of
/dev/random get their generators rekeyed every time key-length bits
are output.

The underlying cprng_strong API can use AES-256 or AES-128, but we use
AES-128 because of concerns about related-key attacks on AES-256.  This
improves performance (and reduces entropy pool depletion) significantly
for users of /dev/urandom but does cause users of /dev/random to rekey
twice as often.

Also fixes various bugs (including some missing locking and a reseed-counter
overflow in the CTR_DRBG code) found while testing this.

For long reads, this generator is approximately 20 times as fast as the
old generator (dd with bs=64K yields 53MB/sec on 2Ghz Core2 instead of
2.5MB/sec) and also uses a separate mutex per instance so concurrency
is greatly improved.  For reads of typical key sizes for modern
cryptosystems (16-32 bytes) performance is about the same as the old
code: a little better for 32 bytes, a little worse for 16 bytes.
2011-12-17 20:05:38 +00:00