summaryrefslogtreecommitdiffstats
path: root/sys/netinet6/in6.c
Commit message (Collapse)AuthorAgeFilesLines
* MFC r260151 (by adrian):ae2014-01-101-0/+1
| | | | | | | | | | | | | | | | | Use an RLOCK here instead of an RWLOCK - matching all the other calls to lla_lookup(). This drastically reduces the very high lock contention when doing parallel TCP throughput tests (> 1024 sockets) with IPv6. MFC r260187: lla_lookup() does modification only when LLE_CREATE is specified. Thus we can use IF_AFDATA_RLOCK() instead of IF_AFDATA_LOCK() when doing lla_lookup() without LLE_CREATE flag. MFC r260217: Add IF_AFDATA_WLOCK_ASSERT() in case lla_lookup() is called with LLE_CREATE flag.
* Fix the length calculation for the final block of a sendfile(2)des2013-09-101-0/+12
| | | | | | | | | | | | | | | | | | | | transmission which could be tricked into rounding up to the nearest page size, leaking up to a page of kernel memory. [13:11] In IPv6 and NetATM, stop SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR and SIOCSIFNETMASK at the socket layer rather than pass them on to the link layer without validation or credential checks. [SA-13:12] Prevent cross-mount hardlinks between different nullfs mounts of the same underlying filesystem. [SA-13:13] Security: CVE-2013-5666 Security: FreeBSD-SA-13:11.sendfile Security: CVE-2013-5691 Security: FreeBSD-SA-13:12.ifioctl Security: CVE-2013-5710 Security: FreeBSD-SA-13:13.nullfs Approved by: re
* - Use time_uptime instead of time_second in data structures forhrs2013-08-051-9/+9
| | | | | | | | | PF_INET6 in kernel. This fixes various malfunction when the wall time clock is changed. Bump __FreeBSD_version to 1000041. - Use clock_gettime(CLOCK_MONOTONIC_FAST) in userland utilities. MFC after: 1 month
* Allocate in6_ifextra (ifp->if_afdata[AF_INET6]) only for IPv6-capablehrs2013-07-311-0/+7
| | | | | | | interfaces. This eliminates unnecessary IPv6 processing for non-IPv6 interfaces. MFC after: 3 days
* Correct the size of allocated memory to store array of counters.ae2013-07-091-3/+4
|
* Migrate structs in6_ifstat and icmp6_ifstat to PCPU counters.ae2013-07-091-15/+20
|
* - Allow ND6_IFF_AUTO_LINKLOCAL for IFT_BRIDGE. An interface with IFT_BRIDGEhrs2013-07-021-0/+26
| | | | | | | | | | | | | | | | | | | | | | | is initialized with !ND6_IFF_AUTO_LINKLOCAL && !ND6_IFF_ACCEPT_RTADV regardless of net.inet6.ip6.accept_rtadv and net.inet6.ip6.auto_linklocal. To configure an autoconfigured link-local address (RFC 4862), the following rc.conf(5) configuration can be used: ifconfig_bridge0_ipv6="inet6 auto_linklocal" - if_bridge(4) now removes IPv6 addresses on a member interface to be added when the parent interface or one of the existing member interfaces has an IPv6 address. if_bridge(4) merges each link-local scope zone which the member interfaces form respectively, so it causes address scope violation. Removal of the IPv6 addresses prevents it. - if_lagg(4) now removes IPv6 addresses on a member interfaces unconditionally. - Set reasonable flags to non-IPv6-capable interfaces. [*] Submitted by: rpaulo [*] MFC after: 1 week
* Really fix netmask address family this time.melifaro2013-05-191-1/+1
| | | | MFC with: r250813
* Finish r85740 : Make IPv6 netmask has address family set.melifaro2013-05-191-0/+1
| | | | | | This pleases routing daemons like bird. MFC after: 2 weeks
* Use FF02:0:0:0:0:2:FF00::/104 prefix for IPv6 Node Information Grouphrs2013-05-041-0/+14
| | | | | | | | | | | | | | | | | | Address. Although KAME implementation used FF02:0:0:0:0:2::/96 based on older versions of draft-ietf-ipngwg-icmp-name-lookup, it has been changed in RFC 4620. The kernel always joins the /104-prefixed address, and additionally does /96-prefixed one only when net.inet6.icmp6.nodeinfo_oldmcprefix=1. The default value of the sysctl is 1. ping6(8) -N flag now uses /104-prefixed one. When this flag is specified twice, it uses /96-prefixed one instead. Reviewed by: ume Based on work by: Thomas Scheffler PR: conf/174957 MFC after: 2 weeks
* Plug static llentry leak (ipv4 & ipv6 were affected).oleg2013-04-211-8/+10
| | | | | PR: kern/172985 MFC after: 1 month
* Temporarily revert rev 244678. This is causing loopback problems withpeter2013-01-031-9/+0
| | | | the lo (loopback) interfaces.
* The SIOCSIFFLAGS ioctl handler runs if_up()/if_down() that notifyglebius2012-12-251-0/+9
| | | | | | | | | | | | | | | | | | all interested parties in case if interface flag IFF_UP has changed. However, not only SIOCSIFFLAGS can raise the flag, but SIOCAIFADDR and SIOCAIFADDR_IN6 can, too. The actual |= is done not in the protocol code, but in code of interface drivers. To fix this historical layering violation, we will check whether ifp->if_ioctl(SIOCSIFADDR) raised the IFF_UP flag, and if it did, run the if_up() handler. This fixes configuring an address under CARP control on an interface that was initially !IFF_UP. P.S. I intentionally omitted handling the IFF_SMART flag. This flag was never ever used in any driver since it was introduced, and since it means another layering violation, it should be garbage collected instead of pretended to be supported.
* In additional to the tailq of IPv6 addresses add the hash table.ae2012-12-151-10/+11
| | | | | | | | | | For now use 256 buckets and fnv_hash function. Use xor'ed 32-bit s6_addr32 parts of in6_addr structure as a hash key. Update in6_localip and in6_is_addr_deprecated to use hash table for fastest lookup. Sponsored by: Yandex LLC Discussed with: dwmalone, glebius, bz
* - Move definition of V_deembed_scopeid to scope6_var.h.hrs2012-12-051-0/+2
| | | | | | - Deembed scope id in L3 address in in6_lltable_dump(). - Simplify scope id recovery in rtsock routines. - Remove embedded scope id handling in ndp(8) and route(8) completely.
* Remove __P.delphij2012-10-221-4/+4
| | | | | | Submitted by: kevlo Reviewed by: md5(1) MFC after: 2 months
* Mechanically remove the last stray remains of spl* calls from net*/*.andre2012-10-181-8/+1
| | | | They have been Noop's for a long time now.
* Fix races between in_lltable_prefix_free(), lla_lookup(),glebius2012-08-021-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | llentry_free() and arptimer(): o Use callout_init_rw() for lle timeout, this allows us safely disestablish them. - This allows us to simplify the arptimer() and make it race safe. o Consistently use ifp->if_afdata_lock to lock access to linked lists in the lle hashes. o Introduce new lle flag LLE_LINKED, which marks an entry that is attached to the hash. - Use LLE_LINKED to avoid double unlinking via consequent calls to llentry_free(). - Mark lle with LLE_DELETED via |= operation istead of =, so that other flags won't be lost. o Make LLE_ADDREF(), LLE_REMREF() and LLE_FREE_LOCKED() more consistent and provide more informative KASSERTs. The patch is a collaborative work of all submitters and myself. PR: kern/165863 Submitted by: Andrey Zonov <andrey zonov.org> Submitted by: Ryan Stone <rysto32 gmail.com> Submitted by: Eric van Gyzen <eric_van_gyzen dell.com>
* Some more whitespace cleanup.glebius2012-08-011-3/+3
|
* Some style(9) and whitespace changes.glebius2012-07-311-43/+40
| | | | Together with: Andrey Zonov <andrey zonov.org>
* As mentioned in the commit message of r237571 (copied from a prototypebz2012-07-081-1/+3
| | | | | | | patch of mine) also check if the 2nd in6_setscope() failed and return the error in that case. MFC after: 5 days
* Fix a LOR acquiring the if_afdata lock while holding an rtentry lock.delphij2012-06-251-18/+16
| | | | | | | | | | | | Possibly do some entra work in case we would not get into the ifa0 != NULL paths later as we already do for the mltaddr before. XXX We should possibly error in case in6_setscope fails. Reference: http://lists.freebsd.org/pipermail/freebsd-net/2011-September/029829.html Submitted by: bz MFC after: 1 week
* Plug two interface address refcount leaks in early error return casesbz2012-06-051-1/+6
| | | | | | | | in the ioctl path. Reported by: rpaulo Reviewed by: emax MFC after: 3 days
* When we return deprecated addresses, we need to reference them.emax2012-05-301-3/+9
| | | | | Reviewed by: bz, scottl MFC after: 3 days
* When using flowtable llentrys can outlive the interface with which they're ↵kmacy2012-02-231-15/+15
| | | | | | | | | | | associated at which the lle_tbl pointer points to freed memory and the llt_free pointer is no longer valid. Move the free pointer in to the llentry itself and update the initalization sites. MFC after: 2 weeks
* Merge multi-FIB IPv6 support from projects/multi-fibv6/head/:bz2012-02-171-271/+278
| | | | | | | | | | | | Extend the so far IPv4-only support for multiple routing tables (FIBs) introduced in r178888 to IPv6 providing feature parity. This includes an extended rtalloc(9) KPI for IPv6, the necessary adjustments to the network stack, and user land support as in netstat. Sponsored by: Cisco Systems, Inc. Reviewed by: melifaro (basically) MFC after: 10 days
* Plug a possible ifa_ref leak in case of premature return from in6_purgeaddr().bz2012-01-241-2/+2
| | | | | Reviewed by: rwatson MFC after: 3 days
* Remove the stale XXX rt_newaddrmsg comment.pluknet2012-01-241-4/+0
| | | | | | | A routing socket message is generated since r192282. Reviewed by: bz MFC after: 3 days
* Remove unnecessary line break.bz2012-01-241-2/+1
| | | | MFC after: 3 days
* Convert all users of IF_ADDR_LOCK to use new locking macros that specifyjhb2012-01-051-20/+20
| | | | | | | either a read lock or write lock. Reviewed by: bz MFC after: 2 weeks
* Use correct locking when traversing interface address list.glebius2012-01-041-4/+2
| | | | Reviewed by: bz
* Grab a reference on the matching interface address (ifa) in the handlingjhb2012-01-031-2/+10
| | | | | | | | | of the SIOC[DG]LIFADDR icotls before dropping the IF_ADDR_LOCK() and release the reference after using it. This prevents the address from being potentially freed out from under the ioctl handler. Reviewed by: bz MFC after: 1 week
* Use TAILQ_FOREACH() instead of TAILQ_FOREACH_SAFE() for some loops thatjhb2012-01-031-2/+2
| | | | | | do not modify the queues they iterate over. Submitted by: glebius
* Use queue(3) macros instead of home-rolled versions in several places injhb2011-12-291-3/+2
| | | | | | | | the INET6 code. This includes retiring the 'ndpr_next' and 'pfr_next' macros. Submitted by: pluknet (earlier version) Reviewed by: pluknet
* Provide ABI compatibility shim to enable configuring of addressesglebius2011-12-211-1/+8
| | | | | | with ifconfig(8) prior to r228571. Requested by: brooks
* A major overhaul of the CARP implementation. The ip_carp.c was startedglebius2011-12-161-1/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | from scratch, copying needed functionality from the old implemenation on demand, with a thorough review of all code. The main change is that interface layer has been removed from the CARP. Now redundant addresses are configured exactly on the interfaces, they run on. The CARP configuration itself is, as before, configured and read via SIOCSVH/SIOCGVH ioctls. A new prefix created with SIOCAIFADDR or SIOCAIFADDR_IN6 may now be configured to a particular virtual host id, which makes the prefix redundant. ifconfig(8) semantics has been changed too: now one doesn't need to clone carpXX interface, he/she should directly configure a vhid on a Ethernet interface. To supply vhid data from the kernel to an application the getifaddrs(8) function had been changed to pass ifam_data with each address. [1] The new implementation definitely closes all PRs related to carp(4) being an interface, and may close several others. It also allows to run a single redundant IP per interface. Big thanks to Bjoern Zeeb for his help with inet6 part of patch, for idea on using ifam_data and for several rounds of reviewing! PR: kern/117000, kern/126945, kern/126714, kern/120130, kern/117448 Reviewed by: bz Submitted by: bz [1]
* A default route learned from the RAs could be deleted manuallyqingli2011-11-111-1/+1
| | | | | | | | | | | | after its installation. This removal may be accidental and can prevent the default route from being installed in the future if the associated default router has the best preference. The cause is the lack of status update in the default router on the state of its route installation in the kernel FIB. This patch fixes the described problem. Reviewed by: hrs, discussed with hrs MFC after: 5 days
* The code change made in r226040 was incomplete and resulted inqingli2011-10-161-3/+6
| | | | | | | | routes such as fe80::1%lo0 no being installed. This patch completes the original intended fix. Reviewed by: hrs, bz MFC after: 3 days
* Restore functions in6_ifaddloop() and in6_ifremloop() that wereglebius2011-10-131-68/+85
| | | | | | | | inlined by Qing Li in his big new-ARP commit. I am going to utilize them in my newcarp work, and also these functions left declared in in6_var.h for all the time they were absent. Reviewed by: bz
* The IFA_RTSELF instead of the IFA_ROUTE flag should be checked toqingli2011-10-051-2/+2
| | | | | | | | | determine if a loopback route should be installed for an interface IPv6 address. Another condition is the address must not belong to a looopback interface. Reviewed by: hrs MFC after: 3 days
* Add an in6_localip() helper function as in6_localaddr() is not doing whatbz2011-08-201-0/+21
| | | | | | | | | people think: returning true for an address in any connected subnet, not necessarily on the local machine. Sponsored by: Sandvine Incorporated MFC after: 2 weeks Approved by: re (kib)
* Permit ARP to proceed for IPv4 host routes for which the gateway is thezec2011-07-081-2/+0
| | | | | | | | | same as the host address. This already works fine for INET6 and ND6. While here, remove two function pointers from struct lltable which are only initialized but never used. MFC after: 3 days
* - Make the code more proactively clear an ND6_IFF_IFDISABLED flag whenhrs2011-06-061-1/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | an explicit action for INET6 configuration happens. The changes are: 1. When an ND6 flag is changed via SIOCSIFINFO_FLAGS ioctl, setting ND6_IFF_ACCEPT_RTADV and/or ND6_IFF_AUTO_LINKLOCAL now triggers an attempt to clear the ND6_IFF_IFDISABLED flag. 2. When an AF_INET6 address is added successfully to an interface and it is marked as ND6_IFF_IFDISABLED, an attempt to clear the ND6_IFF_IFDISABLED happens. This simplifies ND6_IFF_IFDISABLED flag manipulation by users via ifconfig(8); in most cases manual configuration is no longer needed. - When ND6_IFF_AUTO_LINKLOCAL is set and no link-local address is assigned to an interface, SIOCSIFINFO_FLAGS ioctl now calls in6_ifattach() to configure a link-local address. This change ensures link-local address configuration when "ifconfig IF inet6" command is invoked. For example, "ifconfig IF inet6 auto_linklocal" now always try to configure an LL addr even if ND6_IFF_AUTO_LINKLOCAL is already set to 1 (i.e. down/up cycle is no longer needed). Reviewed by: bz
* The statically configured (permanent) ARP entries are removed when anqingli2011-05-201-2/+8
| | | | | | | | | | interface is brought down, even though the interface address is still valid. This patch maintains the permanent ARP entries as long as the interface address (having the same prefix as that of the ARP entries) is valid. Reviewed by: delphij MFC after: 5 days
* - Merge changes to the base system to support OFED. These includejeff2011-03-211-0/+1
| | | | | a wider arg2 for sysctl, updates to vlan code, IFT_INFINIBAND, and other miscellaneous small features.
* Plug well observed races on la_hold entries with the callout handler.bz2010-11-291-1/+3
| | | | | | | | | | | | | | | | | | | Call the handler function with the lock held, return unlocked as we might free the entry. Rework functions later in the call graph to be either called with the lock held or, only if needed, unlocked. Place asserts to document and tighten assumptions on various lle locking, which were not always true before. We call nd6_ns_output() unlocked and the assignment of ip6->ip6_src was decentralized to minimize possible complexity introduced with the formerly missing locking there. This also resulted in a push down of local variable scopes into smaller blocks. Reported by: many PR: kern/148857 Submitted by: Dmitrij Tejblum (tejblum yandex-team.ru) (original version) MFC After: 4 days
* Fix our version of IPv6 address representation.alfred2010-05-191-2/+19
| | | | | | | | | | | | | | | | | | | | | | We do not respect rules 3 and 4 in the required list: 1. omit leading zeros 2. "::" used to their maximum extent whenever possible 3. "::" used where shortens address the most 4. "::" used in the former part in case of a tie breaker 5. do not shorten one 16 bit 0 field 6. use lower case http://tools.ietf.org/html/draft-ietf-6man-text-addr-representation-04.html Submitted by: Kalluru Abhiram @ Juniper Networks Obtained from: Juniper Networks Reviewed by: hrs, dougb
* Provide 32bit compat for SIOCGDEFIFACE_IN6.kib2010-04-271-0/+25
| | | | | | Based on submission by: pluknet gmail com Reviewed by: emaste MFC after: 2 weeks
* Plug reference leaks in the link-layer code ("new-arp") that previouslybz2010-04-111-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | prevented the link-layer entry from being freed. In both in.c and in6.c (though that code path seems to be basically dead) plug a reference leak in case of a pending callout being drained. In if_ether.c consistently add a reference before resetting the callout and in case we canceled a pending one remove the reference for that. In the final case in arptimer, before freeing the expired entry, remove the reference again and explicitly call callout_stop() to clear the active flag. In nd6.c:nd6_free() we are only ever called from the callout function and thus need to remove the reference there as well before calling into llentry_free(). In if_llatbl.c when freeing entire tables make sure that in case we cancel a pending callout to remove the reference as well. Reviewed by: qingli (earlier version) MFC after: 10 days Problem observed, patch tested by: simon on ipv6gw.f.o, Christian Kratzer (ck cksoft.de), Evgenii Davidov (dado korolev-net.ru) PR: kern/144564 Configurations still affected: with options FLOWTABLE
* The proxy arp entries could not be added into the system over theqingli2009-12-301-4/+12
| | | | | | | | | | | | | | | | | | IFF_POINTOPOINT link types. The reason was due to the routing entry returned from the kernel covering the remote end is of an interface type that does not support ARP. This patch fixes this problem by providing a hint to the kernel routing code, which indicates the prefix route instead of the PPP host route should be returned to the caller. Since a host route to the local end point is also added into the routing table, and there could be multiple such instantiations due to multiple PPP links can be created with the same local end IP address, this patch also fixes the loopback route installation failure problem observed prior to this patch. The reference count of loopback route to local end would be either incremented or decremented. The first instantiation would create the entry and the last removal would delete the route entry. MFC after: 5 days
OpenPOWER on IntegriCloud