summaryrefslogtreecommitdiffstats
path: root/sys/netinet6/in6.c
Commit message (Collapse)AuthorAgeFilesLines
* MFC r296063 r297397 r299213sbruno2016-07-281-8/+0
| | | | | | | | | | | | | | | | | | | | | | | | 296063: Lock the NDP default router list and count defrouter references. This addresses a number of race conditions that can cause crashes as a result of unsynchronized access to the list. 297397 Modify nd6_llinfo_timer() to acquire the nd6 lock before the LLE lock. When expiring a neighbour cache entry we may need to look up the associated default router, which requires the nd6 read lock. To avoid an LOR, the nd6 lock should be acquired first. 299213 Clean up callers of nd6_prelist_add(). nd6_prelist_add() sets *newp if and only if it is successful, so there's no need for code that handles the case where the return value is 0 and *newp == NULL. Fix some style bugs in nd6_prelist_add() while here. Submitted by: Jason Wolfe <j@nitrology.com>
* MFC 292953:bz2016-01-211-2/+2
| | | | | | This code is not in modules that need KPI stability so no need to use the wrapper functions as used in r252511 (head). We can directly use the locking macros.
* MFH r292836:wollman2016-01-071-0/+1
| | | | | | | | | | | in6_if2idlen: treat bridge(4) interfaces like other Ethernet interfaces bridge(4) interfaces have an if_type of IFT_BRIDGE, rather than IFT_ETHER, even though they only support Ethernet-style links. This caused in6_if2idlen to emit an "unknown link type (209)" warning to the console every time it was called. Add IFT_BRIDGE to the case statement in the appropriate place, indicating that it uses the same IPv6 address format as other Ethernet-like interfaces.
* Remove extra space introduced in r287734. This is a stable/10 only fixgarga2015-09-221-1/+1
| | | | | | | since original commit (r287094) is correct. Approved by: loos Sponsored by: Rubicon Communications (Netgate)
* MFC 287094:hrs2015-09-131-11/+10
| | | | | | | | | | | | | | | | | | | - Deprecate IN6_IFF_NODAD. It was used to prevent DAD on a loopback interface but in6if_do_dad() already had a check for IFF_LOOPBACK. - Remove in6if_do_dad() check in in6_broadcast_ifa(). An address which needs DAD always has IN6_IFF_TENTATIVE there. - in6if_do_dad() now returns EAGAIN when the interface is not ready since DAD callout handler ignores such an interface. - In DAD callout handler, mark an address as IN6_IFF_TENTATIVE when the interface has ND6_IFF_IFDISABLED. And Do IFF_UP and IFF_DRV_RUNNING check consistently when DAD is required. - draft-ietf-6man-enhanced-dad is now published as RFC 7527. - Fix some typos.
* MFC 287095, 287610, 287611, 287617:hrs2015-09-131-2/+0
| | | | Remove obsolete API (SIOCGDRLST_IN6 and SIOCGPRLST_IN6) support.
* MFC 287609:hrs2015-09-131-4/+6
| | | | Do not add IN6_IFF_TENTATIVE when ND6_IFF_NO_DAD.
* MFC r285710:ae2015-08-051-0/+1
| | | | Invoke LLE event handler when entry is deleted.
* MFC r273992:hrs2015-07-231-26/+24
| | | | | | | Fix a bug which prevented ND6_IFF_IFDISABLED flag from clearing when the newly-added IPv6 address was /128. Approved by: re (gjb)
* Rework r281868 to not skip RTM announces for tunneling interfaces.ae2015-06-051-22/+21
| | | | | | This is direct commit to stable/10. Tested by: tuexen@
* MFC r261708, r261847, r268525, r274316, r274347, r275593,hiren2015-05-081-1/+2
| | | | | | | | | | | | | | | r276844, r276847, r279531, r279559, r279564, r279676 A bunch of IPv6 fixes by melifaro, hrs and ae Major changes: Simplify nd6_output_lle() Add refcounting to DAD and fix races and other errors Implement Enhanced DAD algorithm for IPv6 Suggested by: ae Tested by: Jason Wolfe <j at nitrology.com> Sponsored by: Limelight Networks
* MFC r274988 (with modification):ae2015-04-221-0/+2
| | | | | | Skip L2 addresses lookups for tunneling interfaces. PR: 197286
* MFC of r278472rrs2015-02-151-2/+1
| | | | | | | | | | | | | | | | | | | | This fixes a bug in the way that the LLE timers for nd6 and arp were being used. They basically would pass in the mutex to the callout_init. Because they used this method to the callout system, it was possible to "stop" the callout. When flushing the table and you stopped the running callout, the callout_stop code would return 1 indicating that it was going to stop the callout (that was about to run on the callout_wheel blocked by the function calling the stop). Now when 1 was returned, it would lower the reference count one extra time for the stopped timer, then a few lines later delete the memory. Of course the callout_wheel was stuck in the lock code and would then crash since it was accessing freed memory. By using callout_init(c, 1) we always get a 0 back and the reference counting bug does not rear its head. We do have to make a few adjustments to the callouts themselves though to make sure it does the proper thing if rescheduled as well as gets the lock. Sponsored by: Netflix Inc.
* MFC r278268:ae2015-02-121-1/+2
| | | | Print IPv6 address in log message instead of address of pointer.
* MFC r270348:markj2014-09-061-16/+11
| | | | | | | | | | | | | | Add some missing checks for unsupported interfaces (e.g. pflog(4)) when handling ioctls. While here, remove duplicated checks for a NULL ifp in in6_control(): this check is already done near the beginning of the function. MFC r270349: Suppress warnings when retrieving protocol stats from interfaces that don't support IPv6 (e.g. pflog(4)). PR: 189117 Approved by: re (gjb)
* MFC r260151 (by adrian):ae2014-01-101-0/+1
| | | | | | | | | | | | | | | | | Use an RLOCK here instead of an RWLOCK - matching all the other calls to lla_lookup(). This drastically reduces the very high lock contention when doing parallel TCP throughput tests (> 1024 sockets) with IPv6. MFC r260187: lla_lookup() does modification only when LLE_CREATE is specified. Thus we can use IF_AFDATA_RLOCK() instead of IF_AFDATA_LOCK() when doing lla_lookup() without LLE_CREATE flag. MFC r260217: Add IF_AFDATA_WLOCK_ASSERT() in case lla_lookup() is called with LLE_CREATE flag.
* Fix the length calculation for the final block of a sendfile(2)des2013-09-101-0/+12
| | | | | | | | | | | | | | | | | | | | transmission which could be tricked into rounding up to the nearest page size, leaking up to a page of kernel memory. [13:11] In IPv6 and NetATM, stop SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR and SIOCSIFNETMASK at the socket layer rather than pass them on to the link layer without validation or credential checks. [SA-13:12] Prevent cross-mount hardlinks between different nullfs mounts of the same underlying filesystem. [SA-13:13] Security: CVE-2013-5666 Security: FreeBSD-SA-13:11.sendfile Security: CVE-2013-5691 Security: FreeBSD-SA-13:12.ifioctl Security: CVE-2013-5710 Security: FreeBSD-SA-13:13.nullfs Approved by: re
* - Use time_uptime instead of time_second in data structures forhrs2013-08-051-9/+9
| | | | | | | | | PF_INET6 in kernel. This fixes various malfunction when the wall time clock is changed. Bump __FreeBSD_version to 1000041. - Use clock_gettime(CLOCK_MONOTONIC_FAST) in userland utilities. MFC after: 1 month
* Allocate in6_ifextra (ifp->if_afdata[AF_INET6]) only for IPv6-capablehrs2013-07-311-0/+7
| | | | | | | interfaces. This eliminates unnecessary IPv6 processing for non-IPv6 interfaces. MFC after: 3 days
* Correct the size of allocated memory to store array of counters.ae2013-07-091-3/+4
|
* Migrate structs in6_ifstat and icmp6_ifstat to PCPU counters.ae2013-07-091-15/+20
|
* - Allow ND6_IFF_AUTO_LINKLOCAL for IFT_BRIDGE. An interface with IFT_BRIDGEhrs2013-07-021-0/+26
| | | | | | | | | | | | | | | | | | | | | | | is initialized with !ND6_IFF_AUTO_LINKLOCAL && !ND6_IFF_ACCEPT_RTADV regardless of net.inet6.ip6.accept_rtadv and net.inet6.ip6.auto_linklocal. To configure an autoconfigured link-local address (RFC 4862), the following rc.conf(5) configuration can be used: ifconfig_bridge0_ipv6="inet6 auto_linklocal" - if_bridge(4) now removes IPv6 addresses on a member interface to be added when the parent interface or one of the existing member interfaces has an IPv6 address. if_bridge(4) merges each link-local scope zone which the member interfaces form respectively, so it causes address scope violation. Removal of the IPv6 addresses prevents it. - if_lagg(4) now removes IPv6 addresses on a member interfaces unconditionally. - Set reasonable flags to non-IPv6-capable interfaces. [*] Submitted by: rpaulo [*] MFC after: 1 week
* Really fix netmask address family this time.melifaro2013-05-191-1/+1
| | | | MFC with: r250813
* Finish r85740 : Make IPv6 netmask has address family set.melifaro2013-05-191-0/+1
| | | | | | This pleases routing daemons like bird. MFC after: 2 weeks
* Use FF02:0:0:0:0:2:FF00::/104 prefix for IPv6 Node Information Grouphrs2013-05-041-0/+14
| | | | | | | | | | | | | | | | | | Address. Although KAME implementation used FF02:0:0:0:0:2::/96 based on older versions of draft-ietf-ipngwg-icmp-name-lookup, it has been changed in RFC 4620. The kernel always joins the /104-prefixed address, and additionally does /96-prefixed one only when net.inet6.icmp6.nodeinfo_oldmcprefix=1. The default value of the sysctl is 1. ping6(8) -N flag now uses /104-prefixed one. When this flag is specified twice, it uses /96-prefixed one instead. Reviewed by: ume Based on work by: Thomas Scheffler PR: conf/174957 MFC after: 2 weeks
* Plug static llentry leak (ipv4 & ipv6 were affected).oleg2013-04-211-8/+10
| | | | | PR: kern/172985 MFC after: 1 month
* Temporarily revert rev 244678. This is causing loopback problems withpeter2013-01-031-9/+0
| | | | the lo (loopback) interfaces.
* The SIOCSIFFLAGS ioctl handler runs if_up()/if_down() that notifyglebius2012-12-251-0/+9
| | | | | | | | | | | | | | | | | | all interested parties in case if interface flag IFF_UP has changed. However, not only SIOCSIFFLAGS can raise the flag, but SIOCAIFADDR and SIOCAIFADDR_IN6 can, too. The actual |= is done not in the protocol code, but in code of interface drivers. To fix this historical layering violation, we will check whether ifp->if_ioctl(SIOCSIFADDR) raised the IFF_UP flag, and if it did, run the if_up() handler. This fixes configuring an address under CARP control on an interface that was initially !IFF_UP. P.S. I intentionally omitted handling the IFF_SMART flag. This flag was never ever used in any driver since it was introduced, and since it means another layering violation, it should be garbage collected instead of pretended to be supported.
* In additional to the tailq of IPv6 addresses add the hash table.ae2012-12-151-10/+11
| | | | | | | | | | For now use 256 buckets and fnv_hash function. Use xor'ed 32-bit s6_addr32 parts of in6_addr structure as a hash key. Update in6_localip and in6_is_addr_deprecated to use hash table for fastest lookup. Sponsored by: Yandex LLC Discussed with: dwmalone, glebius, bz
* - Move definition of V_deembed_scopeid to scope6_var.h.hrs2012-12-051-0/+2
| | | | | | - Deembed scope id in L3 address in in6_lltable_dump(). - Simplify scope id recovery in rtsock routines. - Remove embedded scope id handling in ndp(8) and route(8) completely.
* Remove __P.delphij2012-10-221-4/+4
| | | | | | Submitted by: kevlo Reviewed by: md5(1) MFC after: 2 months
* Mechanically remove the last stray remains of spl* calls from net*/*.andre2012-10-181-8/+1
| | | | They have been Noop's for a long time now.
* Fix races between in_lltable_prefix_free(), lla_lookup(),glebius2012-08-021-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | llentry_free() and arptimer(): o Use callout_init_rw() for lle timeout, this allows us safely disestablish them. - This allows us to simplify the arptimer() and make it race safe. o Consistently use ifp->if_afdata_lock to lock access to linked lists in the lle hashes. o Introduce new lle flag LLE_LINKED, which marks an entry that is attached to the hash. - Use LLE_LINKED to avoid double unlinking via consequent calls to llentry_free(). - Mark lle with LLE_DELETED via |= operation istead of =, so that other flags won't be lost. o Make LLE_ADDREF(), LLE_REMREF() and LLE_FREE_LOCKED() more consistent and provide more informative KASSERTs. The patch is a collaborative work of all submitters and myself. PR: kern/165863 Submitted by: Andrey Zonov <andrey zonov.org> Submitted by: Ryan Stone <rysto32 gmail.com> Submitted by: Eric van Gyzen <eric_van_gyzen dell.com>
* Some more whitespace cleanup.glebius2012-08-011-3/+3
|
* Some style(9) and whitespace changes.glebius2012-07-311-43/+40
| | | | Together with: Andrey Zonov <andrey zonov.org>
* As mentioned in the commit message of r237571 (copied from a prototypebz2012-07-081-1/+3
| | | | | | | patch of mine) also check if the 2nd in6_setscope() failed and return the error in that case. MFC after: 5 days
* Fix a LOR acquiring the if_afdata lock while holding an rtentry lock.delphij2012-06-251-18/+16
| | | | | | | | | | | | Possibly do some entra work in case we would not get into the ifa0 != NULL paths later as we already do for the mltaddr before. XXX We should possibly error in case in6_setscope fails. Reference: http://lists.freebsd.org/pipermail/freebsd-net/2011-September/029829.html Submitted by: bz MFC after: 1 week
* Plug two interface address refcount leaks in early error return casesbz2012-06-051-1/+6
| | | | | | | | in the ioctl path. Reported by: rpaulo Reviewed by: emax MFC after: 3 days
* When we return deprecated addresses, we need to reference them.emax2012-05-301-3/+9
| | | | | Reviewed by: bz, scottl MFC after: 3 days
* When using flowtable llentrys can outlive the interface with which they're ↵kmacy2012-02-231-15/+15
| | | | | | | | | | | associated at which the lle_tbl pointer points to freed memory and the llt_free pointer is no longer valid. Move the free pointer in to the llentry itself and update the initalization sites. MFC after: 2 weeks
* Merge multi-FIB IPv6 support from projects/multi-fibv6/head/:bz2012-02-171-271/+278
| | | | | | | | | | | | Extend the so far IPv4-only support for multiple routing tables (FIBs) introduced in r178888 to IPv6 providing feature parity. This includes an extended rtalloc(9) KPI for IPv6, the necessary adjustments to the network stack, and user land support as in netstat. Sponsored by: Cisco Systems, Inc. Reviewed by: melifaro (basically) MFC after: 10 days
* Plug a possible ifa_ref leak in case of premature return from in6_purgeaddr().bz2012-01-241-2/+2
| | | | | Reviewed by: rwatson MFC after: 3 days
* Remove the stale XXX rt_newaddrmsg comment.pluknet2012-01-241-4/+0
| | | | | | | A routing socket message is generated since r192282. Reviewed by: bz MFC after: 3 days
* Remove unnecessary line break.bz2012-01-241-2/+1
| | | | MFC after: 3 days
* Convert all users of IF_ADDR_LOCK to use new locking macros that specifyjhb2012-01-051-20/+20
| | | | | | | either a read lock or write lock. Reviewed by: bz MFC after: 2 weeks
* Use correct locking when traversing interface address list.glebius2012-01-041-4/+2
| | | | Reviewed by: bz
* Grab a reference on the matching interface address (ifa) in the handlingjhb2012-01-031-2/+10
| | | | | | | | | of the SIOC[DG]LIFADDR icotls before dropping the IF_ADDR_LOCK() and release the reference after using it. This prevents the address from being potentially freed out from under the ioctl handler. Reviewed by: bz MFC after: 1 week
* Use TAILQ_FOREACH() instead of TAILQ_FOREACH_SAFE() for some loops thatjhb2012-01-031-2/+2
| | | | | | do not modify the queues they iterate over. Submitted by: glebius
* Use queue(3) macros instead of home-rolled versions in several places injhb2011-12-291-3/+2
| | | | | | | | the INET6 code. This includes retiring the 'ndpr_next' and 'pfr_next' macros. Submitted by: pluknet (earlier version) Reviewed by: pluknet
* Provide ABI compatibility shim to enable configuring of addressesglebius2011-12-211-1/+8
| | | | | | with ifconfig(8) prior to r228571. Requested by: brooks
OpenPOWER on IntegriCloud