CVS commit: [netbsd-7] src/sys/netinet
Module Name:src Committed By: martin Date: Wed Jun 6 09:48:50 UTC 2018 Modified Files: src/sys/netinet [netbsd-7]: udp_usrreq.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1607): sys/netinet/udp_usrreq.c: revision 1.237 (via patch) Fix three pretty bad mistakes in NAT-T: * If we got a keepalive packet, we need to call m_freem, not m_free. Here the next mbufs in the chain are not freed. Seems easy to remotely DoS the system by sending fragmented keepalives in a loop. * If !ipsec_used, free the mbuf. * In udp_input, we need to update 'uh', because udp4_realinput may have modified the chain. Perhaps we also need to re-enforce alignment, so add an XXX. To generate a diff of this commit: cvs rdiff -u -r1.217 -r1.217.2.1 src/sys/netinet/udp_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/udp_usrreq.c diff -u src/sys/netinet/udp_usrreq.c:1.217 src/sys/netinet/udp_usrreq.c:1.217.2.1 --- src/sys/netinet/udp_usrreq.c:1.217 Sat Aug 9 05:33:01 2014 +++ src/sys/netinet/udp_usrreq.c Wed Jun 6 09:48:50 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: udp_usrreq.c,v 1.217 2014/08/09 05:33:01 rtr Exp $ */ +/* $NetBSD: udp_usrreq.c,v 1.217.2.1 2018/06/06 09:48:50 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -66,7 +66,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.217 2014/08/09 05:33:01 rtr Exp $"); +__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.217.2.1 2018/06/06 09:48:50 martin Exp $"); #include "opt_inet.h" #include "opt_compat_netbsd.h" @@ -395,7 +395,15 @@ udp_input(struct mbuf *m, ...) */ return; } + ip = mtod(m, struct ip *); + IP6_EXTHDR_GET(uh, struct udphdr *, m, iphlen, sizeof(struct udphdr)); + if (uh == NULL) { + UDP_STATINC(UDP_STAT_HDROPS); + return; + } + /* XXX Re-enforce alignment? */ + #ifdef INET6 if (IN_MULTICAST(ip->ip_dst.s_addr) || n == 0) { struct sockaddr_in6 src6, dst6; @@ -1301,7 +1309,7 @@ udp4_espinudp(struct mbuf **mp, int off, /* Ignore keepalive packets */ if ((len == 1) && (*(unsigned char *)data == 0xff)) { - m_free(m); + m_freem(m); *mp = NULL; /* avoid any further processiong by caller ... */ return 1; } @@ -1383,7 +1391,8 @@ udp4_espinudp(struct mbuf **mp, int off, #ifdef IPSEC if (ipsec_used) ipsec4_common_input(m, iphdrlen, IPPROTO_ESP); - /* XXX: else */ + else + m_freem(m); #else esp4_input(m, iphdrlen); #endif
CVS commit: [netbsd-7] src/sys/netinet
Module Name:src Committed By: martin Date: Fri Feb 9 13:37:09 UTC 2018 Modified Files: src/sys/netinet [netbsd-7]: ip_input.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1563): sys/netinet/ip_input.c: revision 1.366 (via patch) Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a completely dumb idea, because they have security implications. By sending an IPv4 packet containing an LSRR option, an attacker will cause the system to forward the packet to another IPv4 address - and this way he white-washes the source of the packet. It is also possible for an attacker to reach hidden networks: if a server has a public address, and a private one on an internal network (network which has several internal machines connected), the attacker can send a packet with: source = 0.0.0.0 destination = public address of the server LSRR first address = address of a machine on the internal network And the packet will be forwarded, by the server, to the internal machine, in some cases even with the internal IP address of the server as a source. To generate a diff of this commit: cvs rdiff -u -r1.319 -r1.319.2.1 src/sys/netinet/ip_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_input.c diff -u src/sys/netinet/ip_input.c:1.319 src/sys/netinet/ip_input.c:1.319.2.1 --- src/sys/netinet/ip_input.c:1.319 Mon Jun 16 00:33:39 2014 +++ src/sys/netinet/ip_input.c Fri Feb 9 13:37:09 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.319 2014/06/16 00:33:39 ozaki-r Exp $ */ +/* $NetBSD: ip_input.c,v 1.319.2.1 2018/02/09 13:37:09 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.319 2014/06/16 00:33:39 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.319.2.1 2018/02/09 13:37:09 martin Exp $"); #include "opt_inet.h" #include "opt_compat_netbsd.h" @@ -157,10 +157,10 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v #define IPSENDREDIRECTS 1 #endif #ifndef IPFORWSRCRT -#define IPFORWSRCRT 1 /* forward source-routed packets */ +#define IPFORWSRCRT 0 /* forward source-routed packets */ #endif #ifndef IPALLOWSRCRT -#define IPALLOWSRCRT 1 /* allow source-routed packets */ +#define IPALLOWSRCRT 0 /* allow source-routed packets */ #endif #ifndef IPMTUDISC #define IPMTUDISC 1
CVS commit: [netbsd-7] src/sys/netinet
Module Name:src Committed By: snj Date: Mon Sep 11 05:46:44 UTC 2017 Modified Files: src/sys/netinet [netbsd-7]: tcp_usrreq.c Log Message: Pull up following revision(s) (requested by jdolecek in ticket #1498): sys/netinet/tcp_usrreq.c: revision 1.216 add some more getsockopt(2) params To generate a diff of this commit: cvs rdiff -u -r1.200.2.2 -r1.200.2.3 src/sys/netinet/tcp_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_usrreq.c diff -u src/sys/netinet/tcp_usrreq.c:1.200.2.2 src/sys/netinet/tcp_usrreq.c:1.200.2.3 --- src/sys/netinet/tcp_usrreq.c:1.200.2.2 Sat Feb 21 13:40:19 2015 +++ src/sys/netinet/tcp_usrreq.c Mon Sep 11 05:46:43 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_usrreq.c,v 1.200.2.2 2015/02/21 13:40:19 martin Exp $ */ +/* $NetBSD: tcp_usrreq.c,v 1.200.2.3 2017/09/11 05:46:43 snj Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -99,7 +99,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_usrreq.c,v 1.200.2.2 2015/02/21 13:40:19 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_usrreq.c,v 1.200.2.3 2017/09/11 05:46:43 snj Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" @@ -500,17 +500,14 @@ tcp_ctloutput(int op, struct socket *so, #ifdef TCP_SIGNATURE case TCP_MD5SIG: optval = (tp->t_flags & TF_SIGNATURE) ? 1 : 0; - error = sockopt_set(sopt, &optval, sizeof(optval)); - break; + goto setval; #endif case TCP_NODELAY: optval = tp->t_flags & TF_NODELAY; - error = sockopt_set(sopt, &optval, sizeof(optval)); - break; + goto setval; case TCP_MAXSEG: optval = tp->t_peermss; - error = sockopt_set(sopt, &optval, sizeof(optval)); - break; + goto setval; case TCP_INFO: tcp_fill_info(tp, &ti); error = sockopt_set(sopt, &ti, sizeof ti); @@ -519,6 +516,19 @@ tcp_ctloutput(int op, struct socket *so, case TCP_CONGCTL: break; #endif + case TCP_KEEPIDLE: + optval = tp->t_keepidle; + goto setval; + case TCP_KEEPINTVL: + optval = tp->t_keepintvl; + goto setval; + case TCP_KEEPCNT: + optval = tp->t_keepcnt; + goto setval; + case TCP_KEEPINIT: + optval = tp->t_keepcnt; +setval: error = sockopt_set(sopt, &optval, sizeof(optval)); + break; default: error = ENOPROTOOPT; break;
CVS commit: [netbsd-7] src/sys/netinet
Module Name:src Committed By: sborrill Date: Fri May 12 10:48:11 UTC 2017 Modified Files: src/sys/netinet [netbsd-7]: ip_carp.c Log Message: Pull up the following revisions(s) (requested by roy in ticket #1420): sys/netinet/ip_carp.c: revision 1.88 carp should call if_link_state_change instead of affecting if_link_state directly. To generate a diff of this commit: cvs rdiff -u -r1.59.2.4 -r1.59.2.5 src/sys/netinet/ip_carp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_carp.c diff -u src/sys/netinet/ip_carp.c:1.59.2.4 src/sys/netinet/ip_carp.c:1.59.2.5 --- src/sys/netinet/ip_carp.c:1.59.2.4 Sat Aug 27 04:29:41 2016 +++ src/sys/netinet/ip_carp.c Fri May 12 10:48:11 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_carp.c,v 1.59.2.4 2016/08/27 04:29:41 snj Exp $ */ +/* $NetBSD: ip_carp.c,v 1.59.2.5 2017/05/12 10:48:11 sborrill Exp $ */ /* $OpenBSD: ip_carp.c,v 1.113 2005/11/04 08:11:54 mcbride Exp $ */ /* @@ -31,7 +31,7 @@ #include "opt_mbuftrace.h" #include -__KERNEL_RCSID(0, "$NetBSD: ip_carp.c,v 1.59.2.4 2016/08/27 04:29:41 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_carp.c,v 1.59.2.5 2017/05/12 10:48:11 sborrill Exp $"); /* * TODO: @@ -2127,6 +2127,8 @@ static void carp_set_state(struct carp_softc *sc, int state) { static const char *carp_states[] = { CARP_STATES }; + int link_state; + if (sc->sc_state == state) return; @@ -2135,16 +2137,16 @@ carp_set_state(struct carp_softc *sc, in sc->sc_state = state; switch (state) { case BACKUP: - sc->sc_if.if_link_state = LINK_STATE_DOWN; + link_state = LINK_STATE_DOWN; break; case MASTER: - sc->sc_if.if_link_state = LINK_STATE_UP; + link_state = LINK_STATE_UP; break; default: - sc->sc_if.if_link_state = LINK_STATE_UNKNOWN; + link_state = LINK_STATE_UNKNOWN; break; } - rt_ifmsg(&sc->sc_if); + if_link_state_change(&sc->sc_if, link_state); } void
CVS commit: [netbsd-7] src/sys/netinet
Module Name:src Committed By: snj Date: Sun Feb 5 19:20:23 UTC 2017 Modified Files: src/sys/netinet [netbsd-7]: if_arp.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1356): sys/netinet/if_arp.c: revision 1.238, 1.239 via patch Make sure the protocol address length equals that of IPv4. Also, make sure the hardware address length equals that of the interface we received the packet on. Otherwise a packet could easily set them both to zero and make the kernel read beyond the allocated mbuf, which is terrible. Note: for the latter we drop the packet instead of replying, since it is malformed. Note: I also added an ugly hack in CARP, since it apparently expects at least six bytes. -- Add some checks, mostly same as in_arpinput. To generate a diff of this commit: cvs rdiff -u -r1.158.2.1 -r1.158.2.2 src/sys/netinet/if_arp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/if_arp.c diff -u src/sys/netinet/if_arp.c:1.158.2.1 src/sys/netinet/if_arp.c:1.158.2.2 --- src/sys/netinet/if_arp.c:1.158.2.1 Fri Nov 6 00:46:50 2015 +++ src/sys/netinet/if_arp.c Sun Feb 5 19:20:22 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: if_arp.c,v 1.158.2.1 2015/11/06 00:46:50 riz Exp $ */ +/* $NetBSD: if_arp.c,v 1.158.2.2 2017/02/05 19:20:22 snj Exp $ */ /*- * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc. @@ -68,7 +68,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.158.2.1 2015/11/06 00:46:50 riz Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.158.2.2 2017/02/05 19:20:22 snj Exp $"); #include "opt_ddb.h" #include "opt_inet.h" @@ -974,6 +974,9 @@ in_arpinput(struct mbuf *m) break; } + if (ah->ar_pln != sizeof(struct in_addr)) + goto out; + memcpy(&isaddr, ar_spa(ah), sizeof (isaddr)); memcpy(&itaddr, ar_tpa(ah), sizeof (itaddr)); @@ -1004,7 +1007,10 @@ in_arpinput(struct mbuf *m) ((ia->ia_ifp->if_flags & (IFF_UP|IFF_RUNNING)) == (IFF_UP|IFF_RUNNING))) { index++; + + /* XXX: ar_hln? */ if (ia->ia_ifp == m->m_pkthdr.rcvif && + (ah->ar_hln >= 6) && carp_iamatch(ia, ar_sha(ah), &count, index)) { break; @@ -1036,6 +1042,14 @@ in_arpinput(struct mbuf *m) } #endif + if (ah->ar_hln != ifp->if_addrlen) { + ARP_STATINC(ARP_STAT_RCVBADLEN); + log(LOG_WARNING, + "arp from %s: addr len: new %d, i/f %d (ignored)\n", + in_fmtaddr(isaddr), ah->ar_hln, ifp->if_addrlen); + goto out; + } + if (ia == NULL) { INADDR_TO_IA(isaddr, ia); while ((ia != NULL) && ia->ia_ifp != m->m_pkthdr.rcvif) @@ -1130,14 +1144,7 @@ in_arpinput(struct mbuf *m) "arp from %s: new addr len %d, was %d\n", in_fmtaddr(isaddr), ah->ar_hln, sdl->sdl_alen); } - if (ifp->if_addrlen != ah->ar_hln) { - ARP_STATINC(ARP_STAT_RCVBADLEN); - log(LOG_WARNING, - "arp from %s: addr len: new %d, i/f %d (ignored)\n", - in_fmtaddr(isaddr), ah->ar_hln, - ifp->if_addrlen); - goto reply; - } + #if NTOKEN > 0 /* * XXX uses m_data and assumes the complete answer including @@ -1436,6 +1443,10 @@ in_revarpinput(struct mbuf *m) tha = ar_tha(ah); if (tha == NULL) goto out; + if (ah->ar_pln != sizeof(struct in_addr)) + goto out; + if (ah->ar_hln != ifp->if_sadl->sdl_alen) + goto out; if (memcmp(tha, CLLADDR(ifp->if_sadl), ifp->if_sadl->sdl_alen)) goto out; memcpy(&srv_ip, ar_spa(ah), sizeof(srv_ip));
CVS commit: [netbsd-7] src/sys/netinet
Module Name:src Committed By: martin Date: Thu Jan 5 08:08:46 UTC 2017 Modified Files: src/sys/netinet [netbsd-7]: tcp_congctl.c Log Message: Pull up following revision(s) (requested by skrll in ticket #1347): sys/netinet/tcp_congctl.c: revision 1.23 Restore behaviour to pre- tcp_congctl.c:1.18 for SACK. Further analysis of the change is required. OK kefren@ PR/51753 tcp SACK causes SSH disconnect To generate a diff of this commit: cvs rdiff -u -r1.19 -r1.19.4.1 src/sys/netinet/tcp_congctl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_congctl.c diff -u src/sys/netinet/tcp_congctl.c:1.19 src/sys/netinet/tcp_congctl.c:1.19.4.1 --- src/sys/netinet/tcp_congctl.c:1.19 Mon Nov 18 11:48:34 2013 +++ src/sys/netinet/tcp_congctl.c Thu Jan 5 08:08:46 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_congctl.c,v 1.19 2013/11/18 11:48:34 kefren Exp $ */ +/* $NetBSD: tcp_congctl.c,v 1.19.4.1 2017/01/05 08:08:46 martin Exp $ */ /*- * Copyright (c) 1997, 1998, 1999, 2001, 2005, 2006 The NetBSD Foundation, Inc. @@ -135,7 +135,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_congctl.c,v 1.19 2013/11/18 11:48:34 kefren Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_congctl.c,v 1.19.4.1 2017/01/05 08:08:46 martin Exp $"); #include "opt_inet.h" #include "opt_tcp_debug.h" @@ -707,7 +707,6 @@ tcp_newreno_fast_retransmit_newack(struc tp->t_partialacks++; TCP_TIMER_DISARM(tp, TCPT_REXMT); tp->t_rtttime = 0; - tp->snd_nxt = th->th_ack; if (TCP_SACK_ENABLED(tp)) { /* @@ -734,6 +733,7 @@ tcp_newreno_fast_retransmit_newack(struc tp->t_flags |= TF_ACKNOW; (void) tcp_output(tp); } else { + tp->snd_nxt = th->th_ack; /* * Set snd_cwnd to one segment beyond ACK'd offset * snd_una is not yet updated when we're called
CVS commit: [netbsd-7] src/sys/netinet
Module Name:src Committed By: snj Date: Sat Aug 27 04:29:41 UTC 2016 Modified Files: src/sys/netinet [netbsd-7]: ip_carp.c Log Message: Pull up following revision(s) (requested by is in ticket #1209): sys/netinet/ip_carp.c: revision 1.76 Print the IPv6 or IPv4 source addresses of packets with wrong hash, to help debugging. To generate a diff of this commit: cvs rdiff -u -r1.59.2.3 -r1.59.2.4 src/sys/netinet/ip_carp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_carp.c diff -u src/sys/netinet/ip_carp.c:1.59.2.3 src/sys/netinet/ip_carp.c:1.59.2.4 --- src/sys/netinet/ip_carp.c:1.59.2.3 Sat Aug 27 04:25:50 2016 +++ src/sys/netinet/ip_carp.c Sat Aug 27 04:29:41 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_carp.c,v 1.59.2.3 2016/08/27 04:25:50 snj Exp $ */ +/* $NetBSD: ip_carp.c,v 1.59.2.4 2016/08/27 04:29:41 snj Exp $ */ /* $OpenBSD: ip_carp.c,v 1.113 2005/11/04 08:11:54 mcbride Exp $ */ /* @@ -31,7 +31,7 @@ #include "opt_mbuftrace.h" #include -__KERNEL_RCSID(0, "$NetBSD: ip_carp.c,v 1.59.2.3 2016/08/27 04:25:50 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_carp.c,v 1.59.2.4 2016/08/27 04:29:41 snj Exp $"); /* * TODO: @@ -92,6 +92,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip_carp.c,v #include #include #include +#include #endif #include @@ -675,9 +676,29 @@ carp_proto_input_c(struct mbuf *m, struc /* verify the hash */ if (carp_hmac_verify(sc, ch->carp_counter, ch->carp_md)) { + struct ip *ip; + struct ip6_hdr *ip6; + CARP_STATINC(CARP_STAT_BADAUTH); sc->sc_if.if_ierrors++; - CARP_LOG(sc, ("incorrect hash")); + + switch(af) { + + case AF_INET: + ip = mtod(m, struct ip *); + CARP_LOG(sc, ("incorrect hash from %s", + in_fmtaddr(ip->ip_src))); + break; + + case AF_INET6: + ip6 = mtod(m, struct ip6_hdr *); + CARP_LOG(sc, ("incorrect hash from %s", +ip6_sprintf(&ip6->ip6_src))); + break; + + default: CARP_LOG(sc, ("incorrect hash")); + break; + } m_freem(m); return; }
CVS commit: [netbsd-7] src/sys/netinet
Module Name:src Committed By: snj Date: Sat Aug 27 04:25:50 UTC 2016 Modified Files: src/sys/netinet [netbsd-7]: ip_carp.c Log Message: Pull up following revision(s) (requested by is in ticket #1208): sys/netinet/ip_carp.c: revision 1.75 Workaround for PR 47013 by bouyer@. Only works for mixed IPv4/IPv6 environemnts, not for pure-IPv6 yet. A real fix is still needed. To generate a diff of this commit: cvs rdiff -u -r1.59.2.2 -r1.59.2.3 src/sys/netinet/ip_carp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_carp.c diff -u src/sys/netinet/ip_carp.c:1.59.2.2 src/sys/netinet/ip_carp.c:1.59.2.3 --- src/sys/netinet/ip_carp.c:1.59.2.2 Sat Jul 23 13:33:32 2016 +++ src/sys/netinet/ip_carp.c Sat Aug 27 04:25:50 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_carp.c,v 1.59.2.2 2016/07/23 13:33:32 is Exp $ */ +/* $NetBSD: ip_carp.c,v 1.59.2.3 2016/08/27 04:25:50 snj Exp $ */ /* $OpenBSD: ip_carp.c,v 1.113 2005/11/04 08:11:54 mcbride Exp $ */ /* @@ -31,7 +31,7 @@ #include "opt_mbuftrace.h" #include -__KERNEL_RCSID(0, "$NetBSD: ip_carp.c,v 1.59.2.2 2016/07/23 13:33:32 is Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_carp.c,v 1.59.2.3 2016/08/27 04:25:50 snj Exp $"); /* * TODO: @@ -1067,7 +1067,7 @@ carp_send_ad(void *v) } } #endif /* INET */ -#ifdef INET6 +#ifdef INET6_notyet if (sc->sc_naddrs6) { struct ip6_hdr *ip6; @@ -1475,7 +1475,7 @@ carp_setrun(struct carp_softc *sc, sa_fa callout_schedule(&sc->sc_md_tmo, tvtohz(&tv)); break; #endif /* INET */ -#ifdef INET6 +#ifdef INET6_notyet case AF_INET6: callout_schedule(&sc->sc_md6_tmo, tvtohz(&tv)); break; @@ -1483,8 +1483,10 @@ carp_setrun(struct carp_softc *sc, sa_fa default: if (sc->sc_naddrs) callout_schedule(&sc->sc_md_tmo, tvtohz(&tv)); +#ifdef INET6_notyet if (sc->sc_naddrs6) callout_schedule(&sc->sc_md6_tmo, tvtohz(&tv)); +#endif /* INET6 */ break; } break;
CVS commit: [netbsd-7] src/sys/netinet
Module Name:src Committed By: is Date: Sat Jul 23 13:33:32 UTC 2016 Modified Files: src/sys/netinet [netbsd-7]: ip_carp.c Log Message: backout last change (wrong branch). To generate a diff of this commit: cvs rdiff -u -r1.59.2.1 -r1.59.2.2 src/sys/netinet/ip_carp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_carp.c diff -u src/sys/netinet/ip_carp.c:1.59.2.1 src/sys/netinet/ip_carp.c:1.59.2.2 --- src/sys/netinet/ip_carp.c:1.59.2.1 Sat Jul 23 13:24:40 2016 +++ src/sys/netinet/ip_carp.c Sat Jul 23 13:33:32 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_carp.c,v 1.59.2.1 2016/07/23 13:24:40 is Exp $ */ +/* $NetBSD: ip_carp.c,v 1.59.2.2 2016/07/23 13:33:32 is Exp $ */ /* $OpenBSD: ip_carp.c,v 1.113 2005/11/04 08:11:54 mcbride Exp $ */ /* @@ -31,7 +31,7 @@ #include "opt_mbuftrace.h" #include -__KERNEL_RCSID(0, "$NetBSD: ip_carp.c,v 1.59.2.1 2016/07/23 13:24:40 is Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_carp.c,v 1.59.2.2 2016/07/23 13:33:32 is Exp $"); /* * TODO: @@ -92,7 +92,6 @@ __KERNEL_RCSID(0, "$NetBSD: ip_carp.c,v #include #include #include -#include #endif #include @@ -676,29 +675,9 @@ carp_proto_input_c(struct mbuf *m, struc /* verify the hash */ if (carp_hmac_verify(sc, ch->carp_counter, ch->carp_md)) { - struct ip *ip; - struct ip6_hdr *ip6; - CARP_STATINC(CARP_STAT_BADAUTH); sc->sc_if.if_ierrors++; - - switch(af) { - - case AF_INET: - ip = mtod(m, struct ip *); - CARP_LOG(sc, ("incorrect hash from %s", - in_fmtaddr(ip->ip_src))); - break; - - case AF_INET6: - ip6 = mtod(m, struct ip6_hdr *); - CARP_LOG(sc, ("incorrect hash from %s", -ip6_sprintf(&ip6->ip6_src))); - break; - - default: CARP_LOG(sc, ("incorrect hash")); - break; - } + CARP_LOG(sc, ("incorrect hash")); m_freem(m); return; }
CVS commit: [netbsd-7] src/sys/netinet
Module Name:src Committed By: is Date: Sat Jul 23 13:24:40 UTC 2016 Modified Files: src/sys/netinet [netbsd-7]: ip_carp.c Log Message: Log the IPv4/IPv6 source of incorrect hash packets, too. Needed for meaningful debugging. To generate a diff of this commit: cvs rdiff -u -r1.59 -r1.59.2.1 src/sys/netinet/ip_carp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_carp.c diff -u src/sys/netinet/ip_carp.c:1.59 src/sys/netinet/ip_carp.c:1.59.2.1 --- src/sys/netinet/ip_carp.c:1.59 Thu Jul 31 02:37:25 2014 +++ src/sys/netinet/ip_carp.c Sat Jul 23 13:24:40 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_carp.c,v 1.59 2014/07/31 02:37:25 ozaki-r Exp $ */ +/* $NetBSD: ip_carp.c,v 1.59.2.1 2016/07/23 13:24:40 is Exp $ */ /* $OpenBSD: ip_carp.c,v 1.113 2005/11/04 08:11:54 mcbride Exp $ */ /* @@ -31,7 +31,7 @@ #include "opt_mbuftrace.h" #include -__KERNEL_RCSID(0, "$NetBSD: ip_carp.c,v 1.59 2014/07/31 02:37:25 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_carp.c,v 1.59.2.1 2016/07/23 13:24:40 is Exp $"); /* * TODO: @@ -92,6 +92,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip_carp.c,v #include #include #include +#include #endif #include @@ -675,9 +676,29 @@ carp_proto_input_c(struct mbuf *m, struc /* verify the hash */ if (carp_hmac_verify(sc, ch->carp_counter, ch->carp_md)) { + struct ip *ip; + struct ip6_hdr *ip6; + CARP_STATINC(CARP_STAT_BADAUTH); sc->sc_if.if_ierrors++; - CARP_LOG(sc, ("incorrect hash")); + + switch(af) { + + case AF_INET: + ip = mtod(m, struct ip *); + CARP_LOG(sc, ("incorrect hash from %s", + in_fmtaddr(ip->ip_src))); + break; + + case AF_INET6: + ip6 = mtod(m, struct ip6_hdr *); + CARP_LOG(sc, ("incorrect hash from %s", +ip6_sprintf(&ip6->ip6_src))); + break; + + default: CARP_LOG(sc, ("incorrect hash")); + break; + } m_freem(m); return; }
CVS commit: [netbsd-7] src/sys/netinet
Module Name:src Committed By: riz Date: Fri Nov 6 00:46:50 UTC 2015 Modified Files: src/sys/netinet [netbsd-7]: if_arp.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #985): sys/netinet/if_arp.c: revision 1.160 Add sysctl to selectively log arp packets from unknown network. (Adrien URBAN). To generate a diff of this commit: cvs rdiff -u -r1.158 -r1.158.2.1 src/sys/netinet/if_arp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/if_arp.c diff -u src/sys/netinet/if_arp.c:1.158 src/sys/netinet/if_arp.c:1.158.2.1 --- src/sys/netinet/if_arp.c:1.158 Tue Jun 3 01:24:32 2014 +++ src/sys/netinet/if_arp.c Fri Nov 6 00:46:50 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: if_arp.c,v 1.158 2014/06/03 01:24:32 ozaki-r Exp $ */ +/* $NetBSD: if_arp.c,v 1.158.2.1 2015/11/06 00:46:50 riz Exp $ */ /*- * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc. @@ -68,7 +68,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.158 2014/06/03 01:24:32 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.158.2.1 2015/11/06 00:46:50 riz Exp $"); #include "opt_ddb.h" #include "opt_inet.h" @@ -194,6 +194,7 @@ static int arp_drainwanted; static int log_movements = 1; static int log_permanent_modify = 1; static int log_wrong_iface = 1; +static int log_unknown_network = 1; /* * this should be elsewhere. @@ -1305,17 +1306,20 @@ arplookup1(struct mbuf *m, const struct return (struct llinfo_arp *)rt->rt_llinfo; if (create) { - if (rt->rt_flags & RTF_GATEWAY) - why = "host is not on local network"; - else if ((rt->rt_flags & RTF_LLINFO) == 0) { + if (rt->rt_flags & RTF_GATEWAY) { + if (log_unknown_network) +why = "host is not on local network"; + } else if ((rt->rt_flags & RTF_LLINFO) == 0) { ARP_STATINC(ARP_STAT_ALLOCFAIL); why = "could not allocate llinfo"; } else why = "gateway route is not ours"; - log(LOG_DEBUG, "arplookup: unable to enter address" - " for %s@%s on %s (%s)\n", - in_fmtaddr(*addr), lla_snprintf(ar_sha(ah), ah->ar_hln), - (ifp) ? ifp->if_xname : "null", why); + if (why) { + log(LOG_DEBUG, "arplookup: unable to enter address" + " for %s@%s on %s (%s)\n", in_fmtaddr(*addr), + lla_snprintf(ar_sha(ah), ah->ar_hln), + (ifp) ? ifp->if_xname : "null", why); + } if (rt->rt_refcnt <= 0 && (rt->rt_flags & RTF_CLONED) != 0) { rtrequest(RTM_DELETE, rt_getkey(rt), rt->rt_gateway, rt_mask(rt), rt->rt_flags, NULL); @@ -1704,6 +1708,13 @@ sysctl_net_inet_arp_setup(struct sysctll " interface"), NULL, 0, &log_wrong_iface, 0, CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL); + + sysctl_createv(clog, 0, NULL, NULL, + CTLFLAG_PERMANENT|CTLFLAG_READWRITE, + CTLTYPE_INT, "log_unknown_network", + SYSCTL_DESCR("log ARP packets from non-local network"), + NULL, 0, &log_unknown_network, 0, + CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL); } #endif /* INET */
CVS commit: [netbsd-7] src/sys/netinet
Module Name:src Committed By: martin Date: Fri Jul 24 07:30:40 UTC 2015 Modified Files: src/sys/netinet [netbsd-7]: tcp_input.c tcp_output.c Log Message: Pull up following revision(s) (requested by matt in ticket #886): sys/netinet/tcp_output.c: revision 1.184 sys/netinet/tcp_input.c: revision 1.343 If we are sending a window probe and there's unacked data in the socket, make sure at least the persist timer is running. Make sure that snd_win doesn't go negative. To generate a diff of this commit: cvs rdiff -u -r1.334.2.1 -r1.334.2.2 src/sys/netinet/tcp_input.c cvs rdiff -u -r1.176.2.4 -r1.176.2.5 src/sys/netinet/tcp_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.334.2.1 src/sys/netinet/tcp_input.c:1.334.2.2 --- src/sys/netinet/tcp_input.c:1.334.2.1 Sat Feb 21 13:40:19 2015 +++ src/sys/netinet/tcp_input.c Fri Jul 24 07:30:40 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.334.2.1 2015/02/21 13:40:19 martin Exp $ */ +/* $NetBSD: tcp_input.c,v 1.334.2.2 2015/07/24 07:30:40 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.334.2.1 2015/02/21 13:40:19 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.334.2.2 2015/07/24 07:30:40 martin Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" @@ -2714,7 +2714,10 @@ after_listen: tp->t_lastm = NULL; sbdrop(&so->so_snd, acked); tp->t_lastoff -= acked; - tp->snd_wnd -= acked; + if (tp->snd_wnd > acked) +tp->snd_wnd -= acked; + else +tp->snd_wnd = 0; ourfinisacked = 0; } sowwakeup(so); Index: src/sys/netinet/tcp_output.c diff -u src/sys/netinet/tcp_output.c:1.176.2.4 src/sys/netinet/tcp_output.c:1.176.2.5 --- src/sys/netinet/tcp_output.c:1.176.2.4 Sat Feb 21 13:40:19 2015 +++ src/sys/netinet/tcp_output.c Fri Jul 24 07:30:40 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_output.c,v 1.176.2.4 2015/02/21 13:40:19 martin Exp $ */ +/* $NetBSD: tcp_output.c,v 1.176.2.5 2015/07/24 07:30:40 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -135,7 +135,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.176.2.4 2015/02/21 13:40:19 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.176.2.5 2015/07/24 07:30:40 martin Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" @@ -1522,14 +1522,24 @@ send: * of retransmit time. */ timer: - if (TCP_TIMER_ISARMED(tp, TCPT_REXMT) == 0 && - ((sack_rxmit && tp->snd_nxt != tp->snd_max) || - tp->snd_nxt != tp->snd_una)) { - if (TCP_TIMER_ISARMED(tp, TCPT_PERSIST)) { -TCP_TIMER_DISARM(tp, TCPT_PERSIST); + if (TCP_TIMER_ISARMED(tp, TCPT_REXMT) == 0) { + if ((sack_rxmit && tp->snd_nxt != tp->snd_max) + || tp->snd_nxt != tp->snd_una) { +if (TCP_TIMER_ISARMED(tp, TCPT_PERSIST)) { + TCP_TIMER_DISARM(tp, TCPT_PERSIST); + tp->t_rxtshift = 0; +} +TCP_TIMER_ARM(tp, TCPT_REXMT, tp->t_rxtcur); + } else if (len == 0 && so->so_snd.sb_cc > 0 + && TCP_TIMER_ISARMED(tp, TCPT_PERSIST) == 0) { +/* + * If we are sending a window probe and there's + * unacked data in the socket, make sure at + * least the persist timer is running. + */ tp->t_rxtshift = 0; +tcp_setpersist(tp); } - TCP_TIMER_ARM(tp, TCPT_REXMT, tp->t_rxtcur); } } else if (SEQ_GT(tp->snd_nxt + len, tp->snd_max))
CVS commit: [netbsd-7] src/sys/netinet
Module Name:src Committed By: snj Date: Tue Apr 14 05:17:31 UTC 2015 Modified Files: src/sys/netinet [netbsd-7]: in.c Log Message: Pull up following revision(s) (requested by christos in ticket #689): sys/netinet/in.c: revision 1.149 Don't pass junk in sin_family and sin_len for SIOCGIFNETMASK, and explain why. XXX: pullup 7? To generate a diff of this commit: cvs rdiff -u -r1.147 -r1.147.2.1 src/sys/netinet/in.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/in.c diff -u src/sys/netinet/in.c:1.147 src/sys/netinet/in.c:1.147.2.1 --- src/sys/netinet/in.c:1.147 Tue Jul 1 05:49:18 2014 +++ src/sys/netinet/in.c Tue Apr 14 05:17:31 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: in.c,v 1.147 2014/07/01 05:49:18 rtr Exp $ */ +/* $NetBSD: in.c,v 1.147.2.1 2015/04/14 05:17:31 snj Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: in.c,v 1.147 2014/07/01 05:49:18 rtr Exp $"); +__KERNEL_RCSID(0, "$NetBSD: in.c,v 1.147.2.1 2015/04/14 05:17:31 snj Exp $"); #include "opt_inet.h" #include "opt_inet_conf.h" @@ -427,6 +427,7 @@ in_control(struct socket *so, u_long cmd ia->ia_ifa.ifa_getifa = NULL; #endif /* IPSELSRC */ ia->ia_sockmask.sin_len = 8; + ia->ia_sockmask.sin_family = AF_INET; if (ifp->if_flags & IFF_BROADCAST) { ia->ia_broadaddr.sin_len = sizeof(ia->ia_addr); ia->ia_broadaddr.sin_family = AF_INET; @@ -473,7 +474,14 @@ in_control(struct socket *so, u_long cmd break; case SIOCGIFNETMASK: - ifreq_setaddr(cmd, ifr, sintocsa(&ia->ia_sockmask)); + /* + * We keep the number of trailing zero bytes the sin_len field + * of ia_sockmask, so we fix this before we pass it back to + * userland. + */ + oldaddr = ia->ia_sockmask; + oldaddr.sin_len = sizeof(struct sockaddr_in); + ifreq_setaddr(cmd, ifr, (const void *)&oldaddr); break; case SIOCSIFDSTADDR:
CVS commit: [netbsd-7] src/sys/netinet
Module Name:src Committed By: martin Date: Sat Feb 21 18:24:51 UTC 2015 Modified Files: src/sys/netinet [netbsd-7]: icmp_var.h ip_icmp.h Log Message: Pull up following revision(s) (requested by christos in ticket #537): sys/netinet/icmp_var.h: revision 1.30 sys/netinet/ip_icmp.h: revision 1.34 PR/49676: Ryo Shimizu: ICMP_STATINC() buffer overflows XXX: pullup-7 To generate a diff of this commit: cvs rdiff -u -r1.29 -r1.29.22.1 src/sys/netinet/icmp_var.h cvs rdiff -u -r1.33 -r1.33.22.1 src/sys/netinet/ip_icmp.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/icmp_var.h diff -u src/sys/netinet/icmp_var.h:1.29 src/sys/netinet/icmp_var.h:1.29.22.1 --- src/sys/netinet/icmp_var.h:1.29 Sat Dec 24 19:54:41 2011 +++ src/sys/netinet/icmp_var.h Sat Feb 21 18:24:51 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: icmp_var.h,v 1.29 2011/12/24 19:54:41 christos Exp $ */ +/* $NetBSD: icmp_var.h,v 1.29.22.1 2015/02/21 18:24:51 martin Exp $ */ /* * Copyright (c) 1982, 1986, 1993 @@ -56,8 +56,8 @@ #define ICMP_STAT_BMCASTTSTAMP 10 /* b/mcast tstamp requests dropped */ #define ICMP_STAT_LAST 16 /* Allow for 5 spare ones */ #define ICMP_STAT_OUTHIST ICMP_STAT_LAST -#define ICMP_STAT_INHIST (ICMP_STAT_LAST + ICMP_MAXTYPE) -#define ICMP_NSTATS (ICMP_STAT_LAST + 2 * ICMP_MAXTYPE) +#define ICMP_STAT_INHIST (ICMP_STAT_LAST + ICMP_NTYPES) +#define ICMP_NSTATS (ICMP_STAT_LAST + 2 * ICMP_NTYPES) /* * Names for ICMP sysctl objects Index: src/sys/netinet/ip_icmp.h diff -u src/sys/netinet/ip_icmp.h:1.33 src/sys/netinet/ip_icmp.h:1.33.22.1 --- src/sys/netinet/ip_icmp.h:1.33 Sat Dec 24 20:18:54 2011 +++ src/sys/netinet/ip_icmp.h Sat Feb 21 18:24:51 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_icmp.h,v 1.33 2011/12/24 20:18:54 christos Exp $ */ +/* $NetBSD: ip_icmp.h,v 1.33.22.1 2015/02/21 18:24:51 martin Exp $ */ /* * Copyright (c) 1982, 1986, 1993 @@ -189,6 +189,7 @@ struct icmp { #define ICMP_PHOTURIS_NEED_AUTHZ 5 /* no authorization */ #define ICMP_MAXTYPE 40 +#define ICMP_NTYPES (ICMP_MAXTYPE + 1) #ifdef ICMP_STRINGS static const char *icmp_type[] = {
CVS commit: [netbsd-7] src/sys/netinet
Module Name:src Committed By: martin Date: Mon Dec 1 13:08:14 UTC 2014 Modified Files: src/sys/netinet [netbsd-7]: in4_cksum.c Log Message: Pull up following revision(s) (requested by christos in ticket #281): sys/netinet/in4_cksum.c: revision 1.20 Only check that the offset < sizeof(struct ip) if nxt != 0, i.e. in the tcp and udp cases. From kre. To generate a diff of this commit: cvs rdiff -u -r1.19 -r1.19.12.1 src/sys/netinet/in4_cksum.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/in4_cksum.c diff -u src/sys/netinet/in4_cksum.c:1.19 src/sys/netinet/in4_cksum.c:1.19.12.1 --- src/sys/netinet/in4_cksum.c:1.19 Tue Mar 12 21:54:36 2013 +++ src/sys/netinet/in4_cksum.c Mon Dec 1 13:08:14 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: in4_cksum.c,v 1.19 2013/03/12 21:54:36 christos Exp $ */ +/* $NetBSD: in4_cksum.c,v 1.19.12.1 2014/12/01 13:08:14 martin Exp $ */ /*- * Copyright (c) 2008 Joerg Sonnenberger . @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: in4_cksum.c,v 1.19 2013/03/12 21:54:36 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: in4_cksum.c,v 1.19.12.1 2014/12/01 13:08:14 martin Exp $"); #include #include @@ -58,9 +58,6 @@ in4_cksum(struct mbuf *m, u_int8_t nxt, uint32_t sum; uint16_t *w; - if (__predict_false(off < sizeof(struct ip))) - PANIC("%s: offset %d too short for IP header %zu", __func__, - off, sizeof(struct ip)); if (__predict_false(m->m_len < sizeof(struct ip))) PANIC("%s: mbuf %d too short for IP header %zu", __func__, m->m_len, sizeof(struct ip)); @@ -68,6 +65,10 @@ in4_cksum(struct mbuf *m, u_int8_t nxt, if (nxt == 0) return cpu_in_cksum(m, len, off, 0); + if (__predict_false(off < sizeof(struct ip))) + PANIC("%s: offset %d too short for IP header %zu", __func__, + off, sizeof(struct ip)); + /* * Compute the equivalent of: * struct ipovly ip;
CVS commit: [netbsd-7] src/sys/netinet
Module Name:src Committed By: martin Date: Mon Dec 1 10:35:37 UTC 2014 Modified Files: src/sys/netinet [netbsd-7]: ip_output.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #277): sys/netinet/ip_output.c: revision 1.233 Call looutput with holding KERNEL_LOCK This fixes diagnostic assertion "KERNEL_LOCKED_P()" in if_loop.c. PR kern/49410 To generate a diff of this commit: cvs rdiff -u -r1.230 -r1.230.2.1 src/sys/netinet/ip_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_output.c diff -u src/sys/netinet/ip_output.c:1.230 src/sys/netinet/ip_output.c:1.230.2.1 --- src/sys/netinet/ip_output.c:1.230 Fri Jun 6 00:11:19 2014 +++ src/sys/netinet/ip_output.c Mon Dec 1 10:35:37 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_output.c,v 1.230 2014/06/06 00:11:19 rmind Exp $ */ +/* $NetBSD: ip_output.c,v 1.230.2.1 2014/12/01 10:35:37 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.230 2014/06/06 00:11:19 rmind Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.230.2.1 2014/12/01 10:35:37 martin Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" @@ -1683,5 +1683,7 @@ ip_mloopback(struct ifnet *ifp, struct m ip->ip_sum = 0; ip->ip_sum = in_cksum(copym, ip->ip_hl << 2); + KERNEL_LOCK(1, NULL); (void)looutput(ifp, copym, sintocsa(dst), NULL); + KERNEL_UNLOCK_ONE(NULL); }
CVS commit: [netbsd-7] src/sys/netinet
Module Name:src Committed By: martin Date: Sun Oct 26 09:48:18 UTC 2014 Modified Files: src/sys/netinet [netbsd-7]: tcp_output.c Log Message: Pull up following revision(s) (requested by christos in ticket #157): sys/netinet/tcp_output.c: revision 1.178 Avoid stack overflow when SACK and TCP_SIGNATURE are both present. Thanks to Jonathan Looney for pointing this out. To generate a diff of this commit: cvs rdiff -u -r1.176.2.1 -r1.176.2.2 src/sys/netinet/tcp_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_output.c diff -u src/sys/netinet/tcp_output.c:1.176.2.1 src/sys/netinet/tcp_output.c:1.176.2.2 --- src/sys/netinet/tcp_output.c:1.176.2.1 Fri Oct 24 07:28:14 2014 +++ src/sys/netinet/tcp_output.c Sun Oct 26 09:48:18 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_output.c,v 1.176.2.1 2014/10/24 07:28:14 martin Exp $ */ +/* $NetBSD: tcp_output.c,v 1.176.2.2 2014/10/26 09:48:18 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -135,7 +135,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.176.2.1 2014/10/24 07:28:14 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.176.2.2 2014/10/26 09:48:18 martin Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" @@ -557,6 +557,7 @@ tcp_output(struct tcpcb *tp) #endif struct tcphdr *th; u_char opt[MAX_TCPOPTLEN]; +#define OPT_FITS(more) ((optlen + (more)) < sizeof(opt)) unsigned optlen, hdrlen, packetlen; unsigned int sack_numblks; int idle, sendalot, txsegsize, rxsegsize; @@ -1123,7 +1124,7 @@ send: tp->snd_nxt = tp->iss; tp->t_ourmss = tcp_mss_to_advertise(synrt != NULL ? synrt->rt_ifp : NULL, af); - if ((tp->t_flags & TF_NOOPT) == 0) { + if ((tp->t_flags & TF_NOOPT) == 0 && OPT_FITS(4)) { opt[0] = TCPOPT_MAXSEG; opt[1] = 4; opt[2] = (tp->t_ourmss >> 8) & 0xff; @@ -1132,7 +1133,8 @@ send: if ((tp->t_flags & TF_REQ_SCALE) && ((flags & TH_ACK) == 0 || - (tp->t_flags & TF_RCVD_SCALE))) { + (tp->t_flags & TF_RCVD_SCALE)) && + OPT_FITS(4)) { *((u_int32_t *) (opt + optlen)) = htonl( TCPOPT_NOP << 24 | TCPOPT_WINDOW << 16 | @@ -1140,7 +1142,7 @@ send: tp->request_r_scale); optlen += 4; } - if (tcp_do_sack) { + if (tcp_do_sack && OPT_FITS(4)) { u_int8_t *cp = (u_int8_t *)(opt + optlen); cp[0] = TCPOPT_SACK_PERMITTED; @@ -1160,7 +1162,7 @@ send: if ((tp->t_flags & (TF_REQ_TSTMP|TF_NOOPT)) == TF_REQ_TSTMP && (flags & TH_RST) == 0 && ((flags & (TH_SYN|TH_ACK)) == TH_SYN || - (tp->t_flags & TF_RCVD_TSTMP))) { + (tp->t_flags & TF_RCVD_TSTMP)) && OPT_FITS(TCPOLEN_TSTAMP_APPA)) { u_int32_t *lp = (u_int32_t *)(opt + optlen); /* Form timestamp option as shown in appendix A of RFC 1323. */ @@ -1184,30 +1186,33 @@ send: struct ipqent *tiqe; sack_len = sack_numblks * 8 + 2; - bp[0] = TCPOPT_NOP; - bp[1] = TCPOPT_NOP; - bp[2] = TCPOPT_SACK; - bp[3] = sack_len; - if ((tp->rcv_sack_flags & TCPSACK_HAVED) != 0) { - sack_numblks--; - *lp++ = htonl(tp->rcv_dsack_block.left); - *lp++ = htonl(tp->rcv_dsack_block.right); - tp->rcv_sack_flags &= ~TCPSACK_HAVED; - } - for (tiqe = TAILQ_FIRST(&tp->timeq); - sack_numblks > 0; tiqe = TAILQ_NEXT(tiqe, ipqe_timeq)) { - KASSERT(tiqe != NULL); - sack_numblks--; - *lp++ = htonl(tiqe->ipqe_seq); - *lp++ = htonl(tiqe->ipqe_seq + tiqe->ipqe_len + - ((tiqe->ipqe_flags & TH_FIN) != 0 ? 1 : 0)); + if (OPT_FITS(sack_len + 2)) { + bp[0] = TCPOPT_NOP; + bp[1] = TCPOPT_NOP; + bp[2] = TCPOPT_SACK; + bp[3] = sack_len; + if ((tp->rcv_sack_flags & TCPSACK_HAVED) != 0) { +sack_numblks--; +*lp++ = htonl(tp->rcv_dsack_block.left); +*lp++ = htonl(tp->rcv_dsack_block.right); +tp->rcv_sack_flags &= ~TCPSACK_HAVED; + } + for (tiqe = TAILQ_FIRST(&tp->timeq); + sack_numblks > 0; + tiqe = TAILQ_NEXT(tiqe, ipqe_timeq)) { +KASSERT(tiqe != NULL); +sack_numblks--; +*lp++ = htonl(tiqe->ipqe_seq); +*lp++ = htonl(tiqe->ipqe_seq + tiqe->ipqe_len + +((tiqe->ipqe_flags & TH_FIN) != 0 ? 1 : 0)); + } + optlen += sack_len + 2; } - optlen += sack_len + 2; } TCP_REASS_UNLOCK(tp); #ifdef TCP_SIGNATURE - if (tp->t_flags & TF_SIGNATURE) { + if ((tp->t_flags & TF_SIGNATURE) && OPT_FITS(TCPOLEN_SIGNATURE + 2)) { u_char *bp; /* * Initialize TCP-MD5 option (RFC2385)
CVS commit: [netbsd-7] src/sys/netinet
Module Name:src Committed By: martin Date: Fri Oct 24 07:28:14 UTC 2014 Modified Files: src/sys/netinet [netbsd-7]: tcp_output.c Log Message: Pull up following revision(s) (requested by hikaru in ticket #154): sys/netinet/tcp_output.c: revision 1.177 Fix wrong condition checking TSO capability. ipsec_used is not necessary condition. IPsec outbound policy will not be checked when ipsec_used is false. To generate a diff of this commit: cvs rdiff -u -r1.176 -r1.176.2.1 src/sys/netinet/tcp_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_output.c diff -u src/sys/netinet/tcp_output.c:1.176 src/sys/netinet/tcp_output.c:1.176.2.1 --- src/sys/netinet/tcp_output.c:1.176 Fri May 30 01:39:03 2014 +++ src/sys/netinet/tcp_output.c Fri Oct 24 07:28:14 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_output.c,v 1.176 2014/05/30 01:39:03 christos Exp $ */ +/* $NetBSD: tcp_output.c,v 1.176.2.1 2014/10/24 07:28:14 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -135,7 +135,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.176 2014/05/30 01:39:03 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.176.2.1 2014/10/24 07:28:14 martin Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" @@ -630,8 +630,8 @@ tcp_output(struct tcpcb *tp) #if defined(INET) has_tso4 = tp->t_inpcb != NULL && #if defined(IPSEC) - ipsec_used && IPSEC_PCB_SKIP_IPSEC(tp->t_inpcb->inp_sp, - IPSEC_DIR_OUTBOUND) && + (!ipsec_used || IPSEC_PCB_SKIP_IPSEC(tp->t_inpcb->inp_sp, + IPSEC_DIR_OUTBOUND)) && #endif (rt = rtcache_validate(&tp->t_inpcb->inp_route)) != NULL && (rt->rt_ifp->if_capenable & IFCAP_TSOv4) != 0; @@ -639,8 +639,8 @@ tcp_output(struct tcpcb *tp) #if defined(INET6) has_tso6 = tp->t_in6pcb != NULL && #if defined(IPSEC) - ipsec_used && IPSEC_PCB_SKIP_IPSEC(tp->t_in6pcb->in6p_sp, - IPSEC_DIR_OUTBOUND) && + (!ipsec_used || IPSEC_PCB_SKIP_IPSEC(tp->t_in6pcb->in6p_sp, + IPSEC_DIR_OUTBOUND)) && #endif (rt = rtcache_validate(&tp->t_in6pcb->in6p_route)) != NULL && (rt->rt_ifp->if_capenable & IFCAP_TSOv6) != 0;