Commit Graph

1253 Commits

Author SHA1 Message Date
rmind
b92d93cc0e Remove the wrapper of frag6_input(), restore the behaviour changed in r1.50.
Fix ip6_reass_packet() wrapper used by NPF.  Remove #if 0 code for handling
overlaping fragments - IPv6 desupported them anyway.  Convert to kmem(9).
2012-07-01 22:04:44 +00:00
abs
e14333f8c1 Some fun in trying to work out what was broken with gcc-4.1 to
trigger the following warning when gcc-4.5 was silent:
  nd6_rtr.c: In function 'nd6_ra_input':
  nd6_rtr.c:788: warning: 'ext' may be used uninitialized in this function
Eventually determined that it was not unreasonable for gcc-4.1 to
bleat in this case as there is a nasty 'goto insert' which could
indeed have resulted in an uninitialised variable use. Yay gcc 4.1.
2012-06-25 17:25:29 +00:00
christos
84f52095ad rename rfc6056 -> portalgo, requested by yamt 2012-06-25 15:28:38 +00:00
christos
443eb0a284 4 new sysctls to avoid ipv6 DoS attacks from OpenBSD 2012-06-23 03:13:41 +00:00
christos
40114b997c PR/46602: Move the rfc6056 port randomization to the IP layer. 2012-06-22 14:54:34 +00:00
drochner
364a06bb29 remove KAME IPSEC, replaced by FAST_IPSEC 2012-03-22 20:34:37 +00:00
elad
0c9d8d15c9 Replace the remaining KAUTH_GENERIC_ISSUSER authorization calls with
something meaningful. All relevant documentation has been updated or
written.

Most of these changes were brought up in the following messages:

    http://mail-index.netbsd.org/tech-kern/2012/01/18/msg012490.html
    http://mail-index.netbsd.org/tech-kern/2012/01/19/msg012502.html
    http://mail-index.netbsd.org/tech-kern/2012/02/17/msg012728.html

Thanks to christos, manu, njoly, and jmmv for input.

Huge thanks to pgoyette for spinning these changes through some build
cycles and ATF.
2012-03-13 18:40:26 +00:00
rmind
4ed932b4c4 ip6_output: check for rtcache_setdst() error, which may happen if running
out of memory.
2012-02-05 00:41:15 +00:00
christos
6a74395ce6 PR/45764, PR/45914
Part 1:
nd6_purge can be called after dom_ifdetach, and if_afdata[AF_INET6] is
going to be freed and point to garbage. Make sure we check for NULL, before
taking the pointer offset.
While I am here, add an M_ZERO.
2012-02-03 03:32:45 +00:00
christos
d647fec80c use FOREACH_SAFE. 2012-02-02 19:35:18 +00:00
liamjfoy
b723329891 Remove ip6f_start from ip6f struct 2012-01-19 13:19:34 +00:00
drochner
3ad69fe553 remove conditionals which can't succeed, and also shouldn't because
one would get a kernel NULL dereference immediately
2012-01-10 20:05:37 +00:00
drochner
cf21c579f1 add patch from Arnaud Degroote to handle IPv6 extended options with
(FAST_)IPSEC, tested lightly with a DSTOPTS header consisting
of PAD1
2012-01-10 20:01:56 +00:00
drochner
d107562abc Make FAST_IPSEC the default IPSEC implementation which is built
into the kernel if the "IPSEC" kernel option is given.
The old implementation is still available as KAME_IPSEC.
Do some minimal manpage adjustment -- kame_ipsec(4) is a copy
of the old ipsec(4) and the latter is now a copy of fast_ipsec(4).
2012-01-09 15:16:30 +00:00
drochner
47a381e15e more IPSEC header cleanup: don't install unneeded headers to userland,
and remove some differences berween KAME and FAST_IPSEC
2012-01-06 14:17:10 +00:00
drochner
3712f81ced -consistently use "char *" for the compiled policy buffer in the
ipsec_*_policy() functions, as it was documented and used by clients
-remove "ipsec_policy_t" which was undocumented and only present
 in the KAME version of the ipsec.h header
-misc cleanup of historical artefacts, and to remove unnecessary
 differences between KAME ans FAST_IPSEC
2012-01-04 15:55:35 +00:00
christos
42c420856f - fix offsetof usage, and redundant defines
- kill pointer casts to 0
2011-12-31 20:41:58 +00:00
drochner
23e5beaef1 rename the IPSEC in-kernel CPP variable and config(8) option to
KAME_IPSEC, and make IPSEC define it so that existing kernel
config files work as before
Now the default can be easily be changed to FAST_IPSEC just by
setting the IPSEC alias to FAST_IPSEC.
2011-12-19 11:59:56 +00:00
jakllsch
3ccd1982e5 Take softnet_lock and kernel lock in frag6_slowtimo and frag6_fasttimo,
similar to how it's done with other protocols.

If we don't do this sending ICMPv6 messages in this path can cause races
in network interface drivers.
2011-12-16 00:57:59 +00:00
tls
3afd44cf08 First step of random number subsystem rework described in
<20111022023242.BA26F14A158@mail.netbsd.org>.  This change includes
the following:

	An initial cleanup and minor reorganization of the entropy pool
	code in sys/dev/rnd.c and sys/dev/rndpool.c.  Several bugs are
	fixed.  Some effort is made to accumulate entropy more quickly at
	boot time.

	A generic interface, "rndsink", is added, for stream generators to
	request that they be re-keyed with good quality entropy from the pool
	as soon as it is available.

	The arc4random()/arc4randbytes() implementation in libkern is
	adjusted to use the rndsink interface for rekeying, which helps
	address the problem of low-quality keys at boot time.

	An implementation of the FIPS 140-2 statistical tests for random
	number generator quality is provided (libkern/rngtest.c).  This
	is based on Greg Rose's implementation from Qualcomm.

	A new random stream generator, nist_ctr_drbg, is provided.  It is
	based on an implementation of the NIST SP800-90 CTR_DRBG by
	Henric Jungheim.  This generator users AES in a modified counter
	mode to generate a backtracking-resistant random stream.

	An abstraction layer, "cprng", is provided for in-kernel consumers
	of randomness.  The arc4random/arc4randbytes API is deprecated for
	in-kernel use.  It is replaced by "cprng_strong".  The current
	cprng_fast implementation wraps the existing arc4random
	implementation.  The current cprng_strong implementation wraps the
	new CTR_DRBG implementation.  Both interfaces are rekeyed from
	the entropy pool automatically at intervals justifiable from best
	current cryptographic practice.

	In some quick tests, cprng_fast() is about the same speed as
	the old arc4randbytes(), and cprng_strong() is about 20% faster
	than rnd_extract_data().  Performance is expected to improve.

	The AES code in src/crypto/rijndael is no longer an optional
	kernel component, as it is required by cprng_strong, which is
	not an optional kernel component.

	The entropy pool output is subjected to the rngtest tests at
	startup time; if it fails, the system will reboot.  There is
	approximately a 3/10000 chance of a false positive from these
	tests.  Entropy pool _input_ from hardware random numbers is
	subjected to the rngtest tests at attach time, as well as the
	FIPS continuous-output test, to detect bad or stuck hardware
	RNGs; if any are detected, they are detached, but the system
	continues to run.

	A problem with rndctl(8) is fixed -- datastructures with
	pointers in arrays are no longer passed to userspace (this
	was not a security problem, but rather a major issue for
	compat32).  A new kernel will require a new rndctl.

	The sysctl kern.arandom() and kern.urandom() nodes are hooked
	up to the new generators, but the /dev/*random pseudodevices
	are not, yet.

	Manual pages for the new kernel interfaces are forthcoming.
2011-11-19 22:51:18 +00:00
gdt
c9bfbf1142 Move RTF_ANNOUNCE flag so that it no longer conflicts with RTF_PROTO2.
RTF_ANNOUNCE was defined as RTF_PROTO2.  The flag is used to indicated
that host should act as a proxy for a link level arp or ndp request.
(If RTF_PROTO2 is used as an experimental flag (as advertised),
various problems can occur.)

This commit provides a first-class definition with its own bit for
RTF_ANNOUNCE, removes the old aliasing definitions, and adds support
for the new RTF_ANNOUNCE flag to netstat(8) and route(8).,

Also, remove unused RTF_ flags that collide with RTF_PROTO1:
  netinet/icmp6.h defined RTF_PROBEMTU as RTF_PROTO1
  netinet/if_inarp.h defined RTF_USETRAILERS as RTF_PROTO1
  (Neither of these flags are used anywhere.  Both have been removed
  to reduce chances of collision with RTF_PROTO1.)

Figuring this out and the diff are the work of Beverly Schwartz of
BBN.

(Passed release build, boot in VM, with no apparently related atf
failures.)

Approved for Public Release, Distribution Unlimited
This material is based upon work supported by the Defense Advanced
Research Projects Agency and Space and Naval Warfare Systems Center,
Pacific, under Contract No. N66001-09-C-2073.
2011-11-11 15:09:32 +00:00
seanb
d0ff9c06e4 - Remove unused variable from nd6_timer(). 2011-11-10 17:10:00 +00:00
zoltan
766dd565c7 Change the IPv6 reassembly mechanism to use mutex(9).
Also add ip6_reass_packet() to be used by NPF.
2011-11-04 00:22:33 +00:00
dyoung
386d3978d1 Use if_addr_init() and if_mcast_op() instead of ifp->if_ioctl(). 2011-10-19 01:52:22 +00:00
christos
5ec72efbaa Add inet6 part of the rfc6056 code contributed by Vlad Balan as part of
Google SoC-2011
2011-09-24 17:22:14 +00:00
plunky
7f3d4048d7 NULL does not need a cast 2011-08-31 18:31:02 +00:00
joerg
3eb244d801 Retire varargs.h support. Move machine/stdarg.h logic into MI
sys/stdarg.h and expect compiler to provide proper builtins, defaulting
to the GCC interface. lint still has a special fallback.
Reduce abuse of _BSD_VA_LIST_ by defining __va_list by default and
derive va_list as required by standards.
2011-07-17 20:54:30 +00:00
dyoung
8f7c4dceea Don't refer to extern tcbtable here, it is unused. 2011-06-01 22:59:44 +00:00
spz
5f1fd2312c RA flood mitigation via a limit on accepted routes:
- introduce a limit for the routes accepted via IPv6 Router Advertisement:
  a common 2 interface client will have 6, the default limit is 100 and
  can be adjusted via sysctl
- report the current number of routes installed via RA via sysctl
- count discarded route additions. Note that one RA message is two routes.
  This is at present only across all interfaces even though per-interface
  would be more useful, since the per-interface structure complies to RFC2466
- bump kernel version due to the previous change
- adjust netstat to use the new value (with netstat -p icmp6)
2011-05-24 18:07:11 +00:00
dholland
ebbcc1e872 Add missing $NetBSD$ header. 2011-05-17 04:39:57 +00:00
dyoung
c1922724a7 Invalidate the vestigital PCB at the top of in6_pcblookup_connect() to
fix the bug where incoming TCPv6 connections were reset.
2011-05-04 01:45:48 +00:00
dyoung
c2e43be1c5 Reduces the resources demanded by TCP sessions in TIME_WAIT-state using
methods called Vestigial Time-Wait (VTW) and Maximum Segment Lifetime
Truncation (MSLT).

MSLT and VTW were contributed by Coyote Point Systems, Inc.

Even after a TCP session enters the TIME_WAIT state, its corresponding
socket and protocol control blocks (PCBs) stick around until the TCP
Maximum Segment Lifetime (MSL) expires.  On a host whose workload
necessarily creates and closes down many TCP sockets, the sockets & PCBs
for TCP sessions in TIME_WAIT state amount to many megabytes of dead
weight in RAM.

Maximum Segment Lifetimes Truncation (MSLT) assigns each TCP session to
a class based on the nearness of the peer.  Corresponding to each class
is an MSL, and a session uses the MSL of its class.  The classes are
loopback (local host equals remote host), local (local host and remote
host are on the same link/subnet), and remote (local host and remote
host communicate via one or more gateways).  Classes corresponding to
nearer peers have lower MSLs by default: 2 seconds for loopback, 10
seconds for local, 60 seconds for remote.  Loopback and local sessions
expire more quickly when MSLT is used.

Vestigial Time-Wait (VTW) replaces a TIME_WAIT session's PCB/socket
dead weight with a compact representation of the session, called a
"vestigial PCB".  VTW data structures are designed to be very fast and
memory-efficient: for fast insertion and lookup of vestigial PCBs,
the PCBs are stored in a hash table that is designed to minimize the
number of cacheline visits per lookup/insertion.  The memory both
for vestigial PCBs and for elements of the PCB hashtable come from
fixed-size pools, and linked data structures exploit this to conserve
memory by representing references with a narrow index/offset from the
start of a pool instead of a pointer.  When space for new vestigial PCBs
runs out, VTW makes room by discarding old vestigial PCBs, oldest first.
VTW cooperates with MSLT.

It may help to think of VTW as a "FIN cache" by analogy to the SYN
cache.

A 2.8-GHz Pentium 4 running a test workload that creates TIME_WAIT
sessions as fast as it can is approximately 17% idle when VTW is active
versus 0% idle when VTW is inactive.  It has 103 megabytes more free RAM
when VTW is active (approximately 64k vestigial PCBs are created) than
when it is inactive.
2011-05-03 18:28:44 +00:00
dyoung
ac162b774b *_drain() routines may be called with locks held, so instead of doing
any work in *_drain(), set a drain-needed flag.  Do the work in the
fasttimo handler.

Contributed by Coyote Point Systems, Inc.
2011-05-03 17:44:30 +00:00
yamt
0cc7ac519a undefer csum in looutput.
looutput is used by various code (ether_output, mcast) to loopback packets.
2011-04-25 22:20:59 +00:00
yamt
61e76cd651 ip6_undefer_csum:
- don't forget ntohs
- KNF
2011-04-25 22:07:57 +00:00
yamt
e86be17a4f fix assertions 2011-04-25 22:04:32 +00:00
dholland
423044e331 Prune dead assignment, from Henning Petersen in PR 44890. 2011-04-21 06:58:31 +00:00
spz
5e98b9a2eb mitigation for CVE-2011-1547
this should really be solved by counting nested headers (like in the
inet6 case) instead
2011-04-01 08:25:02 +00:00
dyoung
060522dec8 Hide the radix-trie implementation of the forwarding table so that we
will have an easier time replacing it with something different, even if
it is a second radix-trie implementation.

sys/net/route.c and sys/net/rtsock.c no longer operate directly on
radix_nodes or radix_node_heads.

Hopefully this will reduce the temptation to implement multipath or
source-based routing using grotty hacks to the grotty old radix-trie
code, too. :-)
2011-03-31 19:40:51 +00:00
dyoung
2158ec89af Delete unnecessary casts to void *. No functional change intended. Same
assembly generated before and after this change.
2011-02-06 19:12:55 +00:00
mlelstv
f724a1d32d When deleting a fragment header use the simple copy operation only if it fits
completely into the mbuf.
2011-01-22 18:26:36 +00:00
matt
ebb2d31714 Add routines to calculate a checkesum if the driver concludes that the
h/w can't do it.
2010-12-11 22:37:46 +00:00
oki
e7b1f54727 Fixed mbuf leak possibility. 2010-10-14 03:34:42 +00:00
drochner
bd39bacef7 avoid NULL dereference in error case 2010-09-12 16:04:57 +00:00
jakllsch
c77ac47598 Make the EtherIP in IPv6 input path work.
XXX: Figure out if we really need a separate protosw for IPv6.
2010-08-24 00:07:00 +00:00
joerg
0253fb8bf4 Remove stray { 2010-08-20 16:38:16 +00:00
joerg
0e26070ea9 Consider a mapped IPv4 address of 0.0.0.0 as unspecified. This allows
using mapped IPv4 address with connect without preceding bind.
2010-08-20 15:01:11 +00:00
jym
f3fb0a5620 Fix some code paths where pointers are dereferenced after checking that
they are NULL (oops?)

XXX pull-ups for NetBSD-4 and NetBSD-5.
2010-08-14 18:28:59 +00:00
jakllsch
8688cfe5da Make MRT6DEBUG compile on LP64 by using ptrdiff_t printf() format specifier. 2010-07-27 13:59:40 +00:00
dyoung
a055a1e00a Under some circumstances, udp6_output() would call ip6_clearpktopts()
with an uninitialized struct ip6_pktopts on the stack, opt.
ip6_clearpktopts(&opt, ...) could dereference dangling pointers,
leading to memory corruption or a crash.  Now, udp6_output() calls
ip6_clearpktopts(&opt, ...) only if opt was initialized. Thanks to
Clement LECIGNE for reporting this bug.

Fix a potential memory leak: it is udp6_output()'s responsibility
to free its mbuf arguments on error.  In the unlikely event that
sa6_embedscope() failed, udp6_output() would not free its mbuf
arguments.

I will ask for this to be pulled up to -4, -5, and -5-0.
2010-07-15 23:46:55 +00:00