| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
- Acquire read (not write) lock in case of IP_FW_TABLE_LIST.
In collaboration with: ru
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
right from the beginning and partly clean up the differences in handling
between SYN_SENT and SYN_RCVD (syncache).
Further changes to this code to come. This is a first incremental step
to a general overhaul and streamlining of the TCP code.
PR: kern/15095
PR: kern/92690 (partly)
Reviewed by: qingli (and tested with ANVL)
Sponsored by: TCP/IP Optimization Fundraise 2005
|
| |
|
|
|
|
|
|
|
|
| |
simultaneous open. Both the bug and the patch were verified using the
ANVL test suite.
PR: kern/74935
Submitted by: qingli (before I became committer)
Reviewed by: andre
MFC after: 5 days
|
| |
|
|
|
| |
Reported by: Peter Losher <plosher-keyword-freebsd.a36e57__at__plosh.net>
MFC after: 3 days
|
| |
|
|
|
|
|
| |
to others.
Submitted by: garys
PR: kern/86437
|
| |
|
|
|
| |
Submitted by: Andre Albsmeier <Andre.Albsmeier-at-siemens.com>
PR: kern/85203
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
threshold. Inflight doesn't make sense on a LAN as it has
trouble figuring out the maximal bandwidth because of the coarse
tick granularity.
The sysctl net.inet.tcp.inflight.rttthresh specifies the threshold
in milliseconds below which inflight will disengage. It defaults
to 10ms.
Tested by: Joao Barros <joao.barros-at-gmail.com>,
Rich Murphey <rich-at-whiteoaklabs.com>
Sponsored by: TCP/IP Optimization Fundraise 2005
|
| |
|
|
|
|
|
| |
to find the outgoing interface for this connection.
Sponsored by: TCP/IP Optimization Fundraise 2005
MFC after: 2 weeks
|
| |
|
|
|
|
|
| |
of being private to tcp_timer.c.
Sponsored by: TCP/IP Optimization Fundraise 2005
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
| |
it so that ip_id etc. don't get overwritten. This fixes forwarding
of fragmented IP packets through a dummynet pipe -- fragments came
out with modified and different(!) ip_id's, making it impossible to
reassemble a datagram at the receiver side.
Submitted by: Alexander Karptsov (reworked by me)
MFC after: 3 days
|
| |
|
|
|
| |
Reviewed by: andre, glebius
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
| |
zone, eliminating the need to call bzero() after each syncache entry
allocation.
Suggested by: glebius
Reviewed by: andre
MFC after: 3 days
|
| |
|
|
|
|
|
|
| |
in syncache_lookup() is not cleared and may lead to an arbitrary and
bogus rtentry pointer which later gets free'd.
Reviewed by: andre
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
| |
pseudo header) hardware rx checksum offloading ip_reass() fails to calculate
TCP/UDP checksum for reassembled packet correctly. This also should fix
recent 'NFS over UDP over bge' issue exposed by if_bge.c rev. 1.123
Reviewed by: sam (earlier version), bde
Approved by: glebius (mentor)
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
| |
we have another PCB which is bound to 0.0.0.0. If a PCB has the
INP_IPV6 flag, then we set its cost higher than IPv4 only PCBs.
Submitted by: Keiichi SHIMA <keiichi__at__iijlab.net>
Obtained from: KAME
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
| |
store some pipe pointers on stack. If user reconfigures dummynet
in the interlock gap, we can work with freed pipes after relock.
To fix this, we decided not to send packets in transmit_event(),
but fill a queue. At the end of dummynet() and dummynet_io(),
after the lock is dropped, if there is something in the queue
we run dummynet_send() to process the queue.
In collaboration with: ru
|
| | |
|
| |
|
|
|
|
|
| |
rw_assert. This un-breaks the build.
Submitted by: Kostik Belousov
Pointy hat to: csjp
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
filtering mechanisms to use the new rwlock(9) locking API:
- Drop the variables stored in the phil_head structure which were specific to
conditions and the home rolled read/write locking mechanism.
- Drop some includes which were used for condition variables
- Drop the inline functions, and convert them to macros. Also, move these
macros into pfil.h
- Move pfil list locking macros intp phil.h as well
- Rename ph_busy_count to ph_nhooks. This variable will represent the number
of IN/OUT hooks registered with the pfil head structure
- Define PFIL_HOOKED macro which evaluates to true if there are any
hooks to be ran by pfil_run_hooks
- In the IP/IP6 stacks, change the ph_busy_count comparison to use the new
PFIL_HOOKED macro.
- Drop optimization in pfil_run_hooks which checks to see if there are any
hooks to be ran, and returns if not. This check is already performed by the
IP stacks when they call:
if (!PFIL_HOOKED(ph))
goto skip_hooks;
- Drop in assertion which makes sure that the number of hooks never drops
below 0 for good measure. This in theory should never happen, and if it
does than there are problems somewhere
- Drop special logic around PFIL_WAITOK because rw_wlock(9) does not sleep
- Drop variables which support home rolled read/write locking mechanism from
the IPFW firewall chain structure.
- Swap out the read/write firewall chain lock internal to use the rwlock(9)
API instead of our home rolled version
- Convert the inlined functions to macros
Reviewed by: mlaier, andre, glebius
Thanks to: jhb for the new locking API
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
and signifincantly improve the readability of ip_input() and
ip_output() again.
The resulting IPSEC hooks in ip_input() and ip_output() may be
used later on for making IPSEC loadable.
This move is mostly mechanical and should preserve current IPSEC
behaviour as-is. Nothing shall prevent improvements in the way
IPSEC interacts with the IPv4 stack.
Discussed with: bz, gnn, rwatson; (earlier version)
|
| | |
|
| |
|
|
|
| |
Tested on: amd64
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
| |
will be sent if there is an address on the bridge. Exclude the bridge from the
special arp handling.
This has been tested with all combinations of addresses on the bridge and members.
Pointed out by: Michal Mertl
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
however IPv4-in-IPv4 tunnels are now stable on SMP. Details:
- Add per-softc mutex.
- Hold the mutex on output.
The main problem was the rtentry, placed in softc. It could be
freed by ip_output(). Meanwhile, another thread being in
in_gif_output() can read and write this rtentry.
Reported by: many
Tested by: Alexander Shiryaev <aixp mail.ru>
|
| |
|
|
|
| |
addresses. One for the bridged interface with the IP address assigned but then
another with the mac for the bridge itself.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ip_forward() would report back a zero MTU in ICMP needfrag messages
because on a IPSEC SP lookup failure no MTU got computed.
Fix this by changing the logic to compute a new MTU in any case if
IPSEC didn't do it.
Change MTU computation logic to use egress interface MTU if available
or the next smaller MTU compared to the current packet size instead
of falling back to a very small fixed MTU.
Fix associated comment.
PR: kern/91412
MFC after: 3 days
|
| |
|
|
|
|
| |
PR: kern/91851
Submitted by: SAKAI Hiroaki <sakai.hiroaki-at-jp.fujitsu.com>
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
| |
ia_hash only if it actually is an AF_INET address. All other places
test for sa_family == AF_INET but this one.
PR: kern/92091
Submitted by: Seth Kingsley <sethk-at-meowfishies.com>
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
| |
If net.link.ether.inet.useloopback=1 and we send broadcast packet using our
own source ip address it may be rejected by uRPF rules.
Same bug was fixed for IPv6 in rev. 1.115 by suz.
PR: kern/76971
Approved by: glebius (mentor)
MFC after: 3 days
|
| |
|
|
|
|
| |
it should work, however it never did. People expect it to work.
PR: kern/90834
|
| | |
|
| |
|
|
|
|
|
|
| |
silencing code analysis tools.
Found by: Coverity Prevent(tm)
Coverity ID: CID341
Sponsored by: TCP/IP Optimization Fundraise 2005
|
| |
|
|
|
|
| |
'register' where present.
MFC after: 1 week
|
| |
|
|
|
|
| |
declaration.
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Vararg functions have a different calling convention than regular
functions on amd64. Casting a varag function to a regular one to
match the function pointer declaration will hide the varargs from
the caller and we will end up with an incorrectly setup stack.
Entirely remove the varargs from these functions and change the
functions to match the declaration of the function pointers.
Remove the now unnecessary casts.
Lots of explanations and help from: peter
Reviewed by: peter
PR: amd64/89261
MFC after: 6 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
errors from rn_inithead back to the ipfw initialization function.
- Check return value of rn_inithead for failure, if table allocation has
failed for any reason, free up any tables we have created and return ENOMEM
- In ipfw_init check the return value of init_tables and free up any mutexes or
UMA zones which may have been created.
- Assert that the supplied table is not NULL before attempting to dereference.
This fixes panics which were a result of invalid memory accesses due to failed
table allocation. This is an issue mainly because the R_Zalloc function is a
malloc(M_NOWAIT) wrapper, thus making it possible for allocations to fail.
Found by: Coverity Prevent (tm)
Coverity ID: CID79
MFC after: 1 week
|
| |
|
|
|
|
| |
initial default rule.
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
| |
This fixes a bug in the previous commit.
Found by: Coverity Prevent(tm)
Coverity ID: CID253
Sponsored by: TCP/IP Optimization Fundraise 2005
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
change the mbuf pointer and we don't have any way of passing
it back to the callers. Instead just fail silently without
updating the checksum but leaving the mbuf+chain intact.
A search in our GNATS database did not turn up any match for
the existing warning message when this case is encountered.
Found by: Coverity Prevent(tm)
Coverity ID: CID779
Sponsored by: TCP/IP Optimization Fundraise 2005
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
| |
that currently can't be triggered. But better be safe than sorry
later on. Additionally it properly silences Coverity Prevent for
future tests.
Found by: Coverity Prevent(tm)
Coverity ID: CID802
Sponsored by: TCP/IP Optimization Fundraise 2005
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
| |
route MTU.
This bug is very difficult to reach and not remotely exploitable.
Found by: Coverity Prevent(tm)
Coverity ID: CID162
Sponsored by: TCP/IP Optimization Fundraise 2005
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
| |
may have changed by m_pullup() during fastforward processing.
While this is a bug it is actually never triggered in real world
situations and it is not remotely exploitable.
Found by: Coverity Prevent(tm)
Coverity ID: CID780
Sponsored by: TCP/IP Optimization Fundraise 2005
|
| |
|
|
|
|
|
|
|
|
| |
ipq_zone, to allocate fragment headers from, rather than using cast mbuf
storage. This was one of the few remaining uses of mbuf storage for
local data structures that relied on dtom(). Implement the resource
limit on ipq's using UMA zone limits, but preserve current sysctl
semantics using a sysctl proc.
MFC after: 3 weeks
|
| |
|
|
| |
MFC after: 3 days
|
| |
|
|
|
|
| |
Submitted by: glebius
Reviewed by: gnn, bz
Found with: Coverity Prevent(tm)
|
| |
|
|
|
|
|
| |
also in case of generic memory shortage. In the latter case we may
not find an old entry.
Found with: Coverity Prevent(tm)
|
| |
|
|
|
|
|
| |
so no need to assign it to NULL or conditionally free it.
Found with: Coverity Prevent(tm)
MFC after: 3 days
|
| |
|
|
|
| |
PR: 90973
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Correct insecure temporary file usage in ee. [06:02]
Correct a race condition when setting file permissions, sanitize file
names by default, and fix a buffer overflow when handling files
larger than 4GB in cpio. [06:03]
Fix an error in the handling of IP fragments in ipfw which can cause
a kernel panic. [06:04]
Security: FreeBSD-SA-06:01.texindex
Security: FreeBSD-SA-06:02.ee
Security: FreeBSD-SA-06:03.cpio
Security: FreeBSD-SA-06:04.ipfw
|
| |
|
|
|
|
|
|
| |
interfaces to bridges, which will then send and receive IP protocol 97 packets.
Packets are Ethernet frames with an EtherIP header prepended.
Obtained from: NetBSD
MFC after: 2 weeks
|
