CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Wed Apr 15 14:52:29 UTC 2020 Modified Files: src/sys/netinet6 [netbsd-7]: nd6_rtr.c Log Message: Pull up following revision(s) (requested by kim in ticket #1727): sys/netinet6/nd6_rtr.c: revision 1.148 (via patch) Fix default route selection The primary issue was that in revision 1.79 a check was added in the nd6_defrouter_select() search loop to ignore the entry if RA processing is enabled on its interface. In practice this results in all entries being ignored. This fix reverses the condition, so that an entry is ignored when RA processing is NOT enabled on its interface. Further, the entry is only ignored for being selected as the default router. The currently installed router must be identified regardless of the (current) status of its interface, so that we can delete the route before installing a new one. I also added error logging when adding or deleting a route fails. This should help the administrator (or kernel developer) in noticing possible problems. Finally, if deleting a route fails, the corresponding default route entry no longer has its "installed" flag cleared, so that deletion will be retried. At a minimum, this will cause repeated messages about the failed deletion as opposed to only getting repeated messages about the installation of a new default route failing. Fixes PR kern/55091 and also PR bin/54997 as far as the behaviour observed with ndp(8). To generate a diff of this commit: cvs rdiff -u -r1.93.2.3 -r1.93.2.4 src/sys/netinet6/nd6_rtr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Tue Aug 14 14:34:42 UTC 2018 Modified Files: src/sys/netinet6 [netbsd-7]: frag6.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1630): sys/netinet6/frag6.c: revision 1.64 Kick zero-sized fragments. We can't allow them to enter; two fragments could be put at the same offset. To generate a diff of this commit: cvs rdiff -u -r1.55.4.2 -r1.55.4.3 src/sys/netinet6/frag6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Sun Apr 1 09:12:43 UTC 2018 Modified Files: src/sys/netinet6 [netbsd-7]: raw_ip6.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1591): sys/netinet6/raw_ip6.c: revision 1.161 Fix use-after-free, the first m_copyback_cow may have freed the mbuf, so it is wrong to read ip6->ip6_nxt. To generate a diff of this commit: cvs rdiff -u -r1.136.2.2 -r1.136.2.3 src/sys/netinet6/raw_ip6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Sun Apr 1 09:09:04 UTC 2018 Modified Files: src/sys/netinet6 [netbsd-7]: ip6_forward.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1590): sys/netinet6/ip6_forward.c: revision 1.91 (via patch) Fix two pretty bad mistakes. If ipsec6_check_policy fails m is not freed, and a 'goto out' is missing after ipsec6_process_packet. To generate a diff of this commit: cvs rdiff -u -r1.73.2.2 -r1.73.2.3 src/sys/netinet6/ip6_forward.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: snj Date: Sun Feb 25 23:17:47 UTC 2018 Modified Files: src/sys/netinet6 [netbsd-7]: ip6_input.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1572): sys/netinet6/ip6_input.c: 1.188 via patch Kick nested fragments. To generate a diff of this commit: cvs rdiff -u -r1.149.2.2 -r1.149.2.3 src/sys/netinet6/ip6_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: snj Date: Mon Feb 12 18:37:51 UTC 2018 Modified Files: src/sys/netinet6 [netbsd-7]: ip6_forward.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1551): sys/netinet6/ip6_forward.c: 1.89-1.90 via patch Fix use-after-free of mbuf by ip6flow_create This fixes recent failures of some ATF tests such as t_ipsec_tunnel_odd. -- Fix use-after-free of mbuf by ip6flow_create (one more) To generate a diff of this commit: cvs rdiff -u -r1.73.2.1 -r1.73.2.2 src/sys/netinet6/ip6_forward.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Fri Feb 2 13:03:05 UTC 2018 Modified Files: src/sys/netinet6 [netbsd-7]: nd6_nbr.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1562): sys/netinet6/nd6_nbr.c: revision 1.145 Fix memory leak. Contrary to what the XXX indicates, this place is 100% reachable remotely. To generate a diff of this commit: cvs rdiff -u -r1.100.2.2 -r1.100.2.3 src/sys/netinet6/nd6_nbr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Fri Feb 2 10:58:44 UTC 2018 Modified Files: src/sys/netinet6 [netbsd-7]: ip6_mroute.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1561): sys/netinet6/ip6_mroute.c: revision 1.120 Fix a pretty simple, yet pretty tragic typo: we should return IPPROTO_DONE, not IPPROTO_NONE. With IPPROTO_NONE we will keep parsing the header chain on an mbuf that was already freed. To generate a diff of this commit: cvs rdiff -u -r1.107 -r1.107.2.1 src/sys/netinet6/ip6_mroute.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Tue Jan 30 18:28:46 UTC 2018 Modified Files: src/sys/netinet6 [netbsd-7]: frag6.c ip6_input.c ip6_var.h raw_ip6.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1560): sys/netinet6/frag6.c: revision 1.65 sys/netinet6/ip6_input.c: revision 1.187 sys/netinet6/ip6_var.h: revision 1.78 sys/netinet6/raw_ip6.c: revision 1.160 (patch) Fix a buffer overflow in ip6_get_prevhdr. Doing mtod(m, char *) + len is wrong, an option is allowed to be located in another mbuf of the chain. If the offset of an option within the chain is bigger than the length of the first mbuf in that chain, we are reading/writing one byte of packet- controlled data beyond the end of the first mbuf. The length of this first mbuf depends on the layout the network driver chose. In the most difficult case, it will allocate a 2KB cluster, which is bigger than the Ethernet MTU. But there is at least one way of exploiting this case: by sending a special combination of nested IPv6 fragments, the packet can control a good bunch of 'len'. By luck, the memory pool containing clusters does not embed the pool header in front of the items, so it is not straightforward to predict what is located at 'mtod(m, char *) + len'. However, by sending offending fragments in a loop, it is possible to crash the kernel - at some point we will hit important data structures. As far as I can tell, PF protects against this difficult case, because it kicks nested fragments. NPF does not protect against this. IPF I don't know. Then there are the more easy cases, if the MTU is bigger than a cluster, or if the network driver did not allocate a cluster, or perhaps if the fragments are received via a tunnel; I haven't investigated these cases. Change ip6_get_prevhdr so that it returns an offset in the chain, and always use IP6_EXTHDR_GET to get a writable pointer. IP6_EXTHDR_GET leaves M_PKTHDR untouched. This place is still fragile. To generate a diff of this commit: cvs rdiff -u -r1.55 -r1.55.4.1 src/sys/netinet6/frag6.c cvs rdiff -u -r1.149.2.1 -r1.149.2.2 src/sys/netinet6/ip6_input.c cvs rdiff -u -r1.62.2.1 -r1.62.2.2 src/sys/netinet6/ip6_var.h cvs rdiff -u -r1.136.2.1 -r1.136.2.2 src/sys/netinet6/raw_ip6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: bouyer Date: Wed Sep 28 20:24:06 UTC 2016 Modified Files: src/sys/netinet6 [netbsd-7]: in6_pcb.c raw_ip6.c Log Message: Pull up following revision(s) (requested by roy in ticket #1243): sys/netinet6/raw_ip6.c: revision 1.150 via patch sys/netinet6/in6_pcb.c: revision 1.149 via patch Allow explicit binding to detached addresss. Fixes PR kern/51435. To generate a diff of this commit: cvs rdiff -u -r1.128.2.2 -r1.128.2.3 src/sys/netinet6/in6_pcb.c cvs rdiff -u -r1.136 -r1.136.2.1 src/sys/netinet6/raw_ip6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: msaitoh Date: Wed Nov 18 08:33:08 UTC 2015 Modified Files: src/sys/netinet6 [netbsd-7]: mld6.c Log Message: Pull up following revision(s) (requested by joerg in ticket #1035): sys/netinet6/mld6.c: revision 1.64 Ensure that the callout of the multicast address is valid before hooking it up. To generate a diff of this commit: cvs rdiff -u -r1.59.2.2 -r1.59.2.3 src/sys/netinet6/mld6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: riz Date: Thu Nov 5 20:36:03 UTC 2015 Modified Files: src/sys/netinet6 [netbsd-7]: icmp6.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #982): sys/netinet6/icmp6.c: revision 1.177 Update icmp6_redirect_timeout_q when changing net.inet6.icmp6.redirtimeout We have to update icmp6_redirect_timeout_q as well as icmp6_redirtimeout when changing net.inet6.icmp6.redirtimeout via sysctl. The updating logic is copied from sysctl_net_inet_icmp_redirtimeout. This change is from s-yamaguchi@IIJ (with KNF by ozaki-r) and fixes PR kern/50240. To generate a diff of this commit: cvs rdiff -u -r1.169 -r1.169.2.1 src/sys/netinet6/icmp6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: snj Date: Fri May 15 03:58:06 UTC 2015 Modified Files: src/sys/netinet6 [netbsd-7]: scope6.c Log Message: Pull up following revision(s) (requested by joerg in ticket #770): sys/netinet6/scope6.c: revision 1.10 Drop impossible check. To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.9.2.1 src/sys/netinet6/scope6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Sat May 2 18:23:26 UTC 2015 Modified Files: src/sys/netinet6 [netbsd-7]: nd6_rtr.c Log Message: Pull up following revision(s) (requested by roy in ticket #731): sys/netinet6/nd6_rtr.c: revision 1.99 Mitigate Local Denial of Service with IPv6 Router Advertisements and log attack attempts. Fixes CVE-2015-2923, taken from FreeBSD. To generate a diff of this commit: cvs rdiff -u -r1.93.2.2 -r1.93.2.3 src/sys/netinet6/nd6_rtr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: snj Date: Mon Apr 6 01:32:33 UTC 2015 Modified Files: src/sys/netinet6 [netbsd-7]: in6.c in6_ifattach.c nd6.c nd6.h nd6_nbr.c nd6_rtr.c Log Message: Pull up following revision(s) (requested by martin in ticket #655): sys/netinet6/in6.c: revision 1.182 via patch sys/netinet6/in6_ifattach.c: revision 1.95 via patch sys/netinet6/nd6.c: revision 1.158 via patch sys/netinet6/nd6.h: revision 1.62 via patch sys/netinet6/nd6_nbr.c: revision 1.104 via patch sys/netinet6/nd6_rtr.c: revision 1.96 via patch Rearange interface detachement slightly: before we free the INET6 specific per-interface data, make sure to call nd6_purge() with it to remove routing entries pointing to the going interface. When we should happen to call this function again later, with the data already gone, just return. Fixes PR kern/49682, ok: christos. To generate a diff of this commit: cvs rdiff -u -r1.174.2.1 -r1.174.2.2 src/sys/netinet6/in6.c cvs rdiff -u -r1.91.2.1 -r1.91.2.2 src/sys/netinet6/in6_ifattach.c cvs rdiff -u -r1.152.2.2 -r1.152.2.3 src/sys/netinet6/nd6.c cvs rdiff -u -r1.59.2.1 -r1.59.2.2 src/sys/netinet6/nd6.h cvs rdiff -u -r1.100.2.1 -r1.100.2.2 src/sys/netinet6/nd6_nbr.c cvs rdiff -u -r1.93.2.1 -r1.93.2.2 src/sys/netinet6/nd6_rtr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: snj Date: Sat Feb 14 07:14:23 UTC 2015 Modified Files: src/sys/netinet6 [netbsd-7]: ip6_output.c Log Message: Pull up following revision(s) (requested by roy in ticket #509): sys/netinet6/ip6_output.c: revision 1.163 CID/1267860: Missing break in switch To generate a diff of this commit: cvs rdiff -u -r1.157.2.2 -r1.157.2.3 src/sys/netinet6/ip6_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Fri Jan 23 09:27:15 UTC 2015 Modified Files: src/sys/netinet6 [netbsd-7]: in6.h in6_src.c ip6_input.c ip6_output.c ip6_var.h mld6.c Log Message: Pull up following revision(s) (requested by pettai in ticket #441): sys/netinet6/ip6_var.h: revision 1.64 sys/netinet6/in6.h: revision 1.82 sys/netinet6/in6_src.c: revision 1.56 sys/netinet6/mld6.c: revision 1.62 sys/netinet6/ip6_input.c: revision 1.150 sys/netinet6/ip6_output.c: revision 1.161 Add net.inet6.ip6.prefer_tempaddr sysctl knob so that we can prefer IPv6 temporary addresses as the source address. Fixes PR kern/47100 based on a patch by Dieter Roelants. To generate a diff of this commit: cvs rdiff -u -r1.78 -r1.78.2.1 src/sys/netinet6/in6.h cvs rdiff -u -r1.54 -r1.54.2.1 src/sys/netinet6/in6_src.c cvs rdiff -u -r1.149 -r1.149.2.1 src/sys/netinet6/ip6_input.c cvs rdiff -u -r1.157.2.1 -r1.157.2.2 src/sys/netinet6/ip6_output.c cvs rdiff -u -r1.62 -r1.62.2.1 src/sys/netinet6/ip6_var.h cvs rdiff -u -r1.59.2.1 -r1.59.2.2 src/sys/netinet6/mld6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Mon Dec 29 17:33:49 UTC 2014 Modified Files: src/sys/netinet6 [netbsd-7]: mld6.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #360): sys/netinet6/mld6.c: revision 1.61 Ensure callout isn't running and pending before callout_destroy Call callout_halt before callout_destroy. And also let callout (mld_timeo) not call callout_schedule when we already called callout_halt. This fixes PR 47881. To generate a diff of this commit: cvs rdiff -u -r1.59 -r1.59.2.1 src/sys/netinet6/mld6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Wed Dec 17 18:43:48 UTC 2014 Modified Files: src/sys/netinet6 [netbsd-7]: nd6.c nd6.h nd6_nbr.c nd6_rtr.c Log Message: Pull up following revision(s) (requested by roy in ticket #332): sys/netinet6/nd6_nbr.c: revision 1.103 sys/netinet6/nd6_rtr.c: revision 1.95 sys/netinet6/nd6.h: revision 1.61 sys/netinet6/nd6.c: revision 1.156 Report route additions/changes/deletions for cached neighbours to userland. To generate a diff of this commit: cvs rdiff -u -r1.152.2.1 -r1.152.2.2 src/sys/netinet6/nd6.c cvs rdiff -u -r1.59 -r1.59.2.1 src/sys/netinet6/nd6.h cvs rdiff -u -r1.100 -r1.100.2.1 src/sys/netinet6/nd6_nbr.c cvs rdiff -u -r1.93 -r1.93.2.1 src/sys/netinet6/nd6_rtr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Mon Oct 27 13:39:11 UTC 2014 Modified Files: src/sys/netinet6 [netbsd-7]: nd6.c Log Message: Pull up following revision(s) (requested by roy in ticket #159): sys/netinet6/nd6.c: revision 1.153 Tests for neighbour now work correctly on bridge(4) and carp(4) interfaces. To generate a diff of this commit: cvs rdiff -u -r1.152 -r1.152.2.1 src/sys/netinet6/nd6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
