summaryrefslogtreecommitdiffstats
path: root/sys/netinet6
Commit message (Collapse)AuthorAgeFilesLines
* Plug well observed races on la_hold entries with the callout handler.bz2010-11-293-58/+90
| | | | | | | | | | | | | | | | | | | Call the handler function with the lock held, return unlocked as we might free the entry. Rework functions later in the call graph to be either called with the lock held or, only if needed, unlocked. Place asserts to document and tighten assumptions on various lle locking, which were not always true before. We call nd6_ns_output() unlocked and the assignment of ip6->ip6_src was decentralized to minimize possible complexity introduced with the formerly missing locking there. This also resulted in a push down of local variable scopes into smaller blocks. Reported by: many PR: kern/148857 Submitted by: Dmitrij Tejblum (tejblum yandex-team.ru) (original version) MFC After: 4 days
* Fix more continuous/contiguous typos (cf. r215955)brucec2010-11-274-6/+6
|
* After some off-list discussion, revert a number of changes to thedim2010-11-2212-30/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | DPCPU_DEFINE and VNET_DEFINE macros, as these cause problems for various people working on the affected files. A better long-term solution is still being considered. This reversal may give some modules empty set_pcpu or set_vnet sections, but these are harmless. Changes reverted: ------------------------------------------------------------------------ r215318 | dim | 2010-11-14 21:40:55 +0100 (Sun, 14 Nov 2010) | 4 lines Instead of unconditionally emitting .globl's for the __start_set_xxx and __stop_set_xxx symbols, only emit them when the set_vnet or set_pcpu sections are actually defined. ------------------------------------------------------------------------ r215317 | dim | 2010-11-14 21:38:11 +0100 (Sun, 14 Nov 2010) | 3 lines Apply the STATIC_VNET_DEFINE and STATIC_DPCPU_DEFINE macros throughout the tree. ------------------------------------------------------------------------ r215316 | dim | 2010-11-14 21:23:02 +0100 (Sun, 14 Nov 2010) | 2 lines Add macros to define static instances of VNET_DEFINE and DPCPU_DEFINE.
* In case of an early return from the function there is no need to zerobz2010-11-201-2/+2
| | | | | | the route upfront, so defer as long as we can. MFC after: 3 days
* Do not initialize flag variables before needed.bz2010-11-171-6/+7
| | | | | | | | | | Consistently use the LLE_ prefix for lla_lookup() and the ND6_ prefix for nd6_lookup() even though both are defined the same. Use the right flag variable when checking each. No real functional change. MFC after: 4 days
* No need to re-initialize the callout. We initially do it in in6_lltable_new()bz2010-11-171-3/+1
| | | | | | right after allocation. Worse, we are losing the right flags here. MFC after: 4 days
* Apply the STATIC_VNET_DEFINE and STATIC_DPCPU_DEFINE macros throughoutdim2010-11-1412-30/+30
| | | | the tree.
* Make the IPsec SADB embedded route cache a union to be able to hold both thebz2010-10-231-1/+1
| | | | | | | | | legacy and IPv6 route destination address. Previously in case of IPv6, there was a memory overwrite due to not enough space for the IPv6 address. PR: kern/122565 MFC After: 2 weeks
* Purposely tell the compiler that we ignore the return value of ADDCARRY()rpaulo2010-10-131-1/+1
| | | | | | in the REDUCE macro. Reviewed by: dim, rdivacky
* Add a bandaid for a long-standing race condition during route entrydelphij2010-09-271-1/+3
| | | | | | | | | | | | | | | | | | | | | | un-expiring. The previous version of code have no locking when testing rt_refcnt. The result of the lack of locking may result in a condition where a routing entry have a reference count but at the same time have RTPRF_OURS bit set and an expiration timer. These would eventually lead to a panic: panic: rtqkill route really not free When the system have ICMP redirects accepted from local gateway in a moderate frequency, for instance. Commit this workaround for now until we have some better solution. PR: kern/149804 Reviewed by: bz Tested by: Zhao Xin, Pete French MFC after: 2 weeks
* IP_BINDANY is not correctly handled in getsockopt() case.attilio2010-09-241-0/+1
| | | | | | | | | Fix it by specifying the correct bits. Sponsored by: Sandvine Incorporated Reviewed by: bz, emaste, rstone Obtained from: Sandvine Incorporated MFC after: 10 days
* Remove unused variables.tuexen2010-09-151-3/+5
| | | | MFC after: 2 weeks.
* MFp4 CH=183052 183053 183258:bz2010-09-022-0/+61
| | | | | | | | | | | | | | | | | | | | | In protosw we define pr_protocol as short, while on the wire it is an uint8_t. That way we can have "internal" protocols like DIVERT, SEND or gaps for modules (PROTO_SPACER). Switch ipproto_{un,}register to accept a short protocol number(*) and do an upfront check for valid boundries. With this we also consistently report EPROTONOSUPPORT for out of bounds protocols, as we did for proto == 0. This allows a caller to not error for this case, which is especially important if we want to automatically call these from domain handling. (*) the functions have been without any in-tree consumer since the initial introducation, so this is considered save. Implement ip6proto_{un,}register() similarly to their legacy IP counter parts to allow modules to hook up dynamically. Reviewed by: philip, will MFC after: 1 week
* Fix the the SCTP_WITH_NO_CSUM option when used in combination withtuexen2010-08-291-1/+9
| | | | | | | interface supporting CRC offload. While at it, make use of the feature that the loopback interface provides CRC offloading. MFC after: 4 weeks
* Fix the switching on/off of CMT using sysctl and socket option.tuexen2010-08-281-1/+6
| | | | | | | | Fix the switching on/off of PF and NR-SACKs using sysctl. Add minor improvement in handling malloc failures. Improve the address checks when sending. MFC after: 4 weeks
* optp may be NULL.ume2010-08-201-1/+2
|
* Fix mbuf leakages and remove unneccessary duplicate mbuf frees.anchie2010-08-191-13/+7
| | | | | | | Use the right copy of an mbuf for the IP6_EXTHDR_CHECK. Reported by: zec, hrs Approved by: bz (mentor)
* MFp4: anchie_soc2009 branch:anchie2010-08-196-14/+602
| | | | | | | | | | | | | | | | | | | | Add kernel side support for Secure Neighbor Discovery (SeND), RFC 3971. The implementation consists of a kernel module that gets packets from the nd6 code, sends them to user space on a dedicated socket and reinjects them back for further processing. Hooks are used from nd6 code paths to divert relevant packets to the send implementation for processing in user space. The hooks are only triggered if the send module is loaded. In case no user space application is connected to the send socket, processing continues normaly as if the module would not be loaded. Unloading the module is not possible at this time due to missing nd6 locking. The native SeND socket is similar to a raw IPv6 socket but with its own, internal pseudo-protocol. Approved by: bz (mentor)
* Make `ping6 -I' work with net.inet6.ip6.use_defaultzone=1.ume2010-08-171-2/+5
| | | | MFC after: 2 weeks
* In rip6_input(), in case of multicast, we might skip the normal processingbz2010-08-141-0/+1
| | | | | | | | | | | and go to the next iteration early if multicast filtering would decide that this socket shall not receive the data. Unlock the pcb in that case or we leak the read lock and next time trying to get a write lock, would hang forever. PR: kern/149608 Submitted by: Chris Luke (chrisy flirble.org) MFC after: 3 days
* Unbreak LINT by moving all carp hooks to net/if.c / netinet/ip_carp.h, withwill2010-08-111-4/+1
| | | | | | | the appropriate ifdefs. Reviewed by: bz Approved by: ken (mentor)
* Allow carp(4) to be loaded as a kernel module. Follow precedent set bywill2010-08-112-32/+6
| | | | | | | | | | | | | | | bridge(4), lagg(4) etc. and make use of function pointers and pf_proto_register() to hook carp into the network stack. Currently, because of the uncertainty about whether the unload path is free of race condition panics, unloads are disallowed by default. Compiling with CARPMOD_CAN_UNLOAD in CFLAGS removes this anti foot shooting measure. This commit requires IP6PROTOSPACER, introduced in r211115. Reviewed by: bz, simon Approved by: ken (mentor) MFC after: 2 weeks
* MFp4 CH180235:bz2010-08-091-0/+17
| | | | | | | | | | | Add proto spacers to inet6sw like we have for legacy IP. This allows us to dynamically pf_proto_register() for INET6 from modules, needed by upcoming CARP changes and SeND. MC and SCTP could make use of it as well in theory in the future after upcoming VIMAGE vnet teardown work. Discussed with: will, anchie MFC after: 10 days
* Document the mandatory argument to the arptimer() andbz2010-07-311-7/+2
| | | | | | | | | | | | | | | | nd6_llinfo_timer() functions with a KASSERT(). Note: there is no need to return after panic. In the legacy IP case, only assign the arg after the check, in the IPv6 case, remove the extra checks for the table and interface as they have to be there unless we freed and forgot to cancel the timer. It doesn't matter anyway as we would panic on the NULL pointer deref immediately and the bug is elsewhere. This unifies the code of both address families to some extend. Reviewed by: rwatson MFC after: 6 days
* Since r186119 IP6 input counters for octets and packets were notbz2010-07-211-3/+47
| | | | | | | | | | | | | | working anymore. In addition more checks and operations were missing. In case lla_lookup results in a match, get the ifaddr to update the statistics counters, and check that the address is neither tentative, duplicate or otherwise invalid before accepting the packet. If ok, record the address information in the mbuf. [ as is done in case lla_lookup does not return a result and we go through the FIB ]. Reported by: remko Tested by: remko MFC after: 2 weeks
* Fix our version of IPv6 address representation.alfred2010-05-191-2/+19
| | | | | | | | | | | | | | | | | | | | | | We do not respect rules 3 and 4 in the required list: 1. omit leading zeros 2. "::" used to their maximum extent whenever possible 3. "::" used where shortens address the most 4. "::" used in the former part in case of a tie breaker 5. do not shorten one 16 bit 0 field 6. use lower case http://tools.ietf.org/html/draft-ietf-6man-text-addr-representation-04.html Submitted by: Kalluru Abhiram @ Juniper Networks Obtained from: Juniper Networks Reviewed by: hrs, dougb
* allocate ipv6 flows from the ipv6 flow zonekmacy2010-05-161-1/+1
| | | | | | reported by: rrs@ MFC after: 3 days
* do a proper fixkmacy2010-05-131-1/+1
| | | | | | Pointed out by: np@ MFC after: 3 days
* fix compile error on some builds by doing the equivalent ofkmacy2010-05-131-1/+1
| | | | | | an "extern VNET_DEFINE" without "__used" MFC after: 3 days
* try working around panic by validating rt and llekmacy2010-05-121-1/+2
| | | | MFC after: 3 days
* boot time size the flowtablekmacy2010-05-101-3/+15
| | | | MFC after: 3 days
* Add flowtable support to IPv6kmacy2010-05-094-6/+60
| | | | | | | Tested by: qingli@ Reviewed by: qingli@ MFC after: 3 days
* MFP4: @176978-176982, 176984, 176990-176994, 177441bz2010-04-2917-295/+175
| | | | | | | | | | | | | | | | | | | | | | | | | | "Whitspace" churn after the VIMAGE/VNET whirls. Remove the need for some "init" functions within the network stack, like pim6_init(), icmp_init() or significantly shorten others like ip6_init() and nd6_init(), using static initialization again where possible and formerly missed. Move (most) variables back to the place they used to be before the container structs and VIMAGE_GLOABLS (before r185088) and try to reduce the diff to stable/7 and earlier as good as possible, to help out-of-tree consumers to update from 6.x or 7.x to 8 or 9. This also removes some header file pollution for putatively static global variables. Revert VIMAGE specific changes in ipfilter::ip_auth.c, that are no longer needed. Reviewed by: jhb Discussed with: rwatson Sponsored by: The FreeBSD Foundation Sponsored by: CK Software GmbH MFC after: 6 days
* Enhance the historic behaviour of raw sockets and jails in a waybz2010-04-271-1/+1
| | | | | | | | | | | | | | that we allow all possible jail IPs as source address rather than forcing the "primary". While IPv6 naturally has source address selection, for legacy IP we do not go through the pain in case IP_HDRINCL was not set. People should bind(2) for that. This will, for example, allow ping(|6) -S to work correctly for non-primary addresses. Reported by: (ten 211.ru) Tested by: (ten 211.ru) MFC after: 4 days
* Make sure IPv6 source address selection does not change interfacebz2010-04-271-5/+20
| | | | | | | | | addresses while walking the IPv6 address list if in the jail case something is connecting to ::1. Reported by: Pieter de Boer (pieter thedarkside.nl) Tested by: Pieter de Boer (pieter thedarkside.nl) MFC after: 4 days
* Provide 32bit compat for SIOCGDEFIFACE_IN6.kib2010-04-271-0/+25
| | | | | | Based on submission by: pluknet gmail com Reviewed by: emaste MFC after: 2 weeks
* Plug reference leaks in the link-layer code ("new-arp") that previouslybz2010-04-112-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | prevented the link-layer entry from being freed. In both in.c and in6.c (though that code path seems to be basically dead) plug a reference leak in case of a pending callout being drained. In if_ether.c consistently add a reference before resetting the callout and in case we canceled a pending one remove the reference for that. In the final case in arptimer, before freeing the expired entry, remove the reference again and explicitly call callout_stop() to clear the active flag. In nd6.c:nd6_free() we are only ever called from the callout function and thus need to remove the reference there as well before calling into llentry_free(). In if_llatbl.c when freeing entire tables make sure that in case we cancel a pending callout to remove the reference as well. Reviewed by: qingli (earlier version) MFC after: 10 days Problem observed, patch tested by: simon on ipv6gw.f.o, Christian Kratzer (ck cksoft.de), Evgenii Davidov (dado korolev-net.ru) PR: kern/144564 Configurations still affected: with options FLOWTABLE
* When embedding the scope ID in MLDv1 output, check if the scope of the addressbms2010-04-101-2/+4
| | | | | | | | | | | being embedded is in fact link-local, before attempting to embed it. Note that this operation is a side-effect of trying to avoid recursion on the IN6 scope lock. PR: 144560 Submitted by: Petr Lampa MFC after: 3 days
* * Fix some race condition in SACK/NR-SACK processing.tuexen2010-04-031-1/+1
| | | | | | | | * Fix handling of mapping arrays when draining mbufs or processing FORWARD-TSN chunks. * Cleanup code (no duplicate code anymore for SACKs and NR-SACKs). Part of this code was developed together with rrs. MFC after: 2 weeks.
* We are holding a write lock here so avoid aquiring it twice callingbz2010-03-251-1/+1
| | | | | | the "locked" version rather than the wrapper function. MFC after: 6 days
* The proper fix for the delayed SCTP checksum is torrs2010-03-121-1/+1
| | | | | | | | | | have the delayed function take an argument as to the offset to the SCTP header. This allows it to work for V4 and V6. This of course means changing all callers of the function to either pass the header len, if they have it, or create it (ip_hl << 2 or sizeof(ip6_hdr)). PR: 144529 MFC after: 2 weeks
* With the recent change of the sctp checksum to support offload,rrs2010-03-121-0/+19
| | | | | | | | | | | no delayed checksum was added to the ip6 output code. This causes cards that do not support SCTP checksum offload to have SCTP packets that are IPv6 NOT have the sctp checksum performed. Thus you could not communicate with a peer. This adds the missing bits to make the checksum happen for these cards. PR: 144529 MFC after: 2 weeks
* Use reference counting instead of locking to secure an address whileqingli2010-02-271-3/+6
| | | | | | | that address is being used to generate temporary IPv6 address. This approach is sufficient and avoids recursive locking. MFC after: 3 days
* No need to include security/mac/mac_framework.h here.pjd2010-02-181-2/+0
|
* Correct a typo.bz2010-01-241-1/+1
| | | | | Submitted by: kensmith MFC after: 3 days
* Garbage collect references to the no longer implemented tcp_fasttimo().bz2010-01-171-1/+0
| | | | | Discussed with: rwatson MFC after: 5 days
* Add ip4.saddrsel/ip4.nosaddrsel (and equivalent for ip6) to controlbz2010-01-171-0/+7
| | | | | | | | | | | | | | | | | | | | whether to use source address selection (default) or the primary jail address for unbound outgoing connections. This is intended to be used by people upgrading from single-IP jails to multi-IP jails but not having to change firewall rules, application ACLs, ... but to force their connections (unless otherwise changed) to the primry jail IP they had been used for years, as well as for people prefering to implement similar policies. Note that for IPv6, if configured incorrectly, this might lead to scope violations, which single-IPv6 jails could as well, as by the design of jails. [1] Reviewed by: jamie, hrs (ipv6 part) Pointed out by: hrs [1] MFC After: 2 weeks Asked for by: Jase Thew (bazerka beardz.net)
* Replace several instances of 'if (!a & b)' with 'if (!(a &b))' in ordertrasz2010-01-081-1/+1
| | | | to silence newer GCC versions.
* Correct a typo.bz2010-01-061-1/+1
| | | | | Submitted by: sn_ (sn_ gmx.net) on hackers@ MFC after: 3 days
* The IFA_RTSELF address flag marks a loopback route has been installedqingli2010-01-041-1/+1
| | | | | | | | | | | | for the interface address. This marker is necessary to properly support PPP types of links where multiple links can have the same local end IP address. The IFA_RTSELF flag bit maps to the RTF_HOST value, which was combined into the route flag bits during prefix installation in IPv6. This inclusion causing the prefix route to be unusable. This patch fixes this bug by excluding the IFA_RTSELF flag during route installation. MFC after: 5 days
OpenPOWER on IntegriCloud