CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Wed Apr 15 14:52:29 UTC 2020 Modified Files: src/sys/netinet6 [netbsd-7]: nd6_rtr.c Log Message: Pull up following revision(s) (requested by kim in ticket #1727): sys/netinet6/nd6_rtr.c: revision 1.148 (via patch) Fix default route selection The primary issue was that in revision 1.79 a check was added in the nd6_defrouter_select() search loop to ignore the entry if RA processing is enabled on its interface. In practice this results in all entries being ignored. This fix reverses the condition, so that an entry is ignored when RA processing is NOT enabled on its interface. Further, the entry is only ignored for being selected as the default router. The currently installed router must be identified regardless of the (current) status of its interface, so that we can delete the route before installing a new one. I also added error logging when adding or deleting a route fails. This should help the administrator (or kernel developer) in noticing possible problems. Finally, if deleting a route fails, the corresponding default route entry no longer has its "installed" flag cleared, so that deletion will be retried. At a minimum, this will cause repeated messages about the failed deletion as opposed to only getting repeated messages about the installation of a new default route failing. Fixes PR kern/55091 and also PR bin/54997 as far as the behaviour observed with ndp(8). To generate a diff of this commit: cvs rdiff -u -r1.93.2.3 -r1.93.2.4 src/sys/netinet6/nd6_rtr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/nd6_rtr.c diff -u src/sys/netinet6/nd6_rtr.c:1.93.2.3 src/sys/netinet6/nd6_rtr.c:1.93.2.4 --- src/sys/netinet6/nd6_rtr.c:1.93.2.3 Sat May 2 18:23:25 2015 +++ src/sys/netinet6/nd6_rtr.c Wed Apr 15 14:52:28 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: nd6_rtr.c,v 1.93.2.3 2015/05/02 18:23:25 martin Exp $ */ +/* $NetBSD: nd6_rtr.c,v 1.93.2.4 2020/04/15 14:52:28 martin Exp $ */ /* $KAME: nd6_rtr.c,v 1.95 2001/02/07 08:09:47 itojun Exp $ */ /* @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: nd6_rtr.c,v 1.93.2.3 2015/05/02 18:23:25 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: nd6_rtr.c,v 1.93.2.4 2020/04/15 14:52:28 martin Exp $"); #include #include @@ -472,6 +472,10 @@ defrouter_addreq(struct nd_defrouter *ne } if (error == 0) new->installed = 1; + else + log(LOG_ERR, "defrouter_addreq: " + "error %d adding default router %s on %s\n", + error, ip6_sprintf(>rtaddr), new->ifp->if_xname); splx(s); return; } @@ -559,6 +563,7 @@ defrouter_delreq(struct nd_defrouter *dr struct sockaddr sa; } def, mask, gw; struct rtentry *oldrt = NULL; + int error; #ifdef DIAGNOSTIC if (dr == NULL) @@ -577,7 +582,7 @@ defrouter_delreq(struct nd_defrouter *dr gw.sin6.sin6_scope_id = 0; /* XXX */ #endif - rtrequest(RTM_DELETE, , , , RTF_GATEWAY, ); + error = rtrequest(RTM_DELETE, , , , RTF_GATEWAY, ); if (oldrt) { nd6_rtmsg(RTM_DELETE, oldrt); if (oldrt->rt_refcnt <= 0) { @@ -591,7 +596,12 @@ defrouter_delreq(struct nd_defrouter *dr } } - dr->installed = 0; + if (error == 0) + dr->installed = 0; + else + log(LOG_ERR, "defrouter_delreq: " + "error %d deleting default router %s on %s\n", + error, ip6_sprintf(>rtaddr), dr->ifp->if_xname); } /* @@ -672,8 +682,16 @@ defrouter_select(void) */ for (dr = TAILQ_FIRST(_defrouter); dr; dr = TAILQ_NEXT(dr, dr_entry)) { + if (dr->installed && !installed_dr) + installed_dr = dr; + else if (dr->installed && installed_dr) { + /* this should not happen. warn for diagnosis. */ + log(LOG_ERR, "defrouter_select: more than one router" + " is installed\n"); + } + ndi = ND_IFINFO(dr->ifp); - if (nd6_accepts_rtadv(ndi)) + if (!nd6_accepts_rtadv(ndi)) continue; if (selected_dr == NULL && @@ -682,14 +700,6 @@ defrouter_select(void) ND6_IS_LLINFO_PROBREACH(ln)) { selected_dr = dr; } - - if (dr->installed && !installed_dr) - installed_dr = dr; - else if (dr->installed && installed_dr) { - /* this should not happen. warn for diagnosis. */ - log(LOG_ERR, "defrouter_select: more than one router" - " is installed\n"); - } } /* * If none of the default routers was found to be reachable,
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Tue Aug 14 14:34:42 UTC 2018 Modified Files: src/sys/netinet6 [netbsd-7]: frag6.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1630): sys/netinet6/frag6.c: revision 1.64 Kick zero-sized fragments. We can't allow them to enter; two fragments could be put at the same offset. To generate a diff of this commit: cvs rdiff -u -r1.55.4.2 -r1.55.4.3 src/sys/netinet6/frag6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/frag6.c diff -u src/sys/netinet6/frag6.c:1.55.4.2 src/sys/netinet6/frag6.c:1.55.4.3 --- src/sys/netinet6/frag6.c:1.55.4.2 Thu Apr 5 11:48:13 2018 +++ src/sys/netinet6/frag6.c Tue Aug 14 14:34:42 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: frag6.c,v 1.55.4.2 2018/04/05 11:48:13 martin Exp $ */ +/* $NetBSD: frag6.c,v 1.55.4.3 2018/08/14 14:34:42 martin Exp $ */ /* $KAME: frag6.c,v 1.40 2002/05/27 21:40:31 itojun Exp $ */ /* @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: frag6.c,v 1.55.4.2 2018/04/05 11:48:13 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: frag6.c,v 1.55.4.3 2018/08/14 14:34:42 martin Exp $"); #include #include @@ -152,13 +152,14 @@ frag6_input(struct mbuf **mp, int *offp, } /* - * check whether fragment packet's fragment length is + * Check whether fragment packet's fragment length is non-zero and * multiple of 8 octets. * sizeof(struct ip6_frag) == 8 * sizeof(struct ip6_hdr) = 40 */ if ((ip6f->ip6f_offlg & IP6F_MORE_FRAG) && - (((ntohs(ip6->ip6_plen) - offset) & 0x7) != 0)) { + (((ntohs(ip6->ip6_plen) - offset) == 0) || + ((ntohs(ip6->ip6_plen) - offset) & 0x7) != 0)) { icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_HEADER, offsetof(struct ip6_hdr, ip6_plen)); in6_ifstat_inc(dstifp, ifs6_reass_fail);
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Sun Apr 1 09:12:43 UTC 2018 Modified Files: src/sys/netinet6 [netbsd-7]: raw_ip6.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1591): sys/netinet6/raw_ip6.c: revision 1.161 Fix use-after-free, the first m_copyback_cow may have freed the mbuf, so it is wrong to read ip6->ip6_nxt. To generate a diff of this commit: cvs rdiff -u -r1.136.2.2 -r1.136.2.3 src/sys/netinet6/raw_ip6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/raw_ip6.c diff -u src/sys/netinet6/raw_ip6.c:1.136.2.2 src/sys/netinet6/raw_ip6.c:1.136.2.3 --- src/sys/netinet6/raw_ip6.c:1.136.2.2 Tue Jan 30 18:28:45 2018 +++ src/sys/netinet6/raw_ip6.c Sun Apr 1 09:12:42 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: raw_ip6.c,v 1.136.2.2 2018/01/30 18:28:45 martin Exp $ */ +/* $NetBSD: raw_ip6.c,v 1.136.2.3 2018/04/01 09:12:42 martin Exp $ */ /* $KAME: raw_ip6.c,v 1.82 2001/07/23 18:57:56 jinmei Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.136.2.2 2018/01/30 18:28:45 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.136.2.3 2018/04/01 09:12:42 martin Exp $"); #include "opt_ipsec.h" @@ -476,6 +476,7 @@ rip6_output(struct mbuf *m, struct socke if (so->so_proto->pr_protocol == IPPROTO_ICMPV6 || in6p->in6p_cksum != -1) { + const uint8_t nxt = ip6->ip6_nxt; int off; u_int16_t sum; @@ -497,7 +498,7 @@ rip6_output(struct mbuf *m, struct socke error = ENOBUFS; goto bad; } - sum = in6_cksum(m, ip6->ip6_nxt, sizeof(*ip6), plen); + sum = in6_cksum(m, nxt, sizeof(*ip6), plen); m = m_copyback_cow(m, off, sizeof(sum), (void *), M_DONTWAIT); if (m == NULL) {
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Sun Apr 1 09:09:04 UTC 2018 Modified Files: src/sys/netinet6 [netbsd-7]: ip6_forward.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1590): sys/netinet6/ip6_forward.c: revision 1.91 (via patch) Fix two pretty bad mistakes. If ipsec6_check_policy fails m is not freed, and a 'goto out' is missing after ipsec6_process_packet. To generate a diff of this commit: cvs rdiff -u -r1.73.2.2 -r1.73.2.3 src/sys/netinet6/ip6_forward.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/ip6_forward.c diff -u src/sys/netinet6/ip6_forward.c:1.73.2.2 src/sys/netinet6/ip6_forward.c:1.73.2.3 --- src/sys/netinet6/ip6_forward.c:1.73.2.2 Mon Feb 12 18:37:51 2018 +++ src/sys/netinet6/ip6_forward.c Sun Apr 1 09:09:04 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_forward.c,v 1.73.2.2 2018/02/12 18:37:51 snj Exp $ */ +/* $NetBSD: ip6_forward.c,v 1.73.2.3 2018/04/01 09:09:04 martin Exp $ */ /* $KAME: ip6_forward.c,v 1.109 2002/09/11 08:10:17 sakane Exp $ */ /* @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.73.2.2 2018/02/12 18:37:51 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.73.2.3 2018/04/01 09:09:04 martin Exp $"); #include "opt_gateway.h" #include "opt_ipsec.h" @@ -166,6 +166,7 @@ ip6_forward(struct mbuf *m, int srcrt) */ if (error == -EINVAL) error = 0; + m_freem(m); goto freecopy; } } @@ -264,8 +265,10 @@ ip6_forward(struct mbuf *m, int srcrt) int s = splsoftnet(); error = ipsec6_process_packet(m, sp->req); splx(s); + /* m is freed */ if (mcopy) goto freecopy; + return; } #endif
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: snj Date: Sun Feb 25 23:17:47 UTC 2018 Modified Files: src/sys/netinet6 [netbsd-7]: ip6_input.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1572): sys/netinet6/ip6_input.c: 1.188 via patch Kick nested fragments. To generate a diff of this commit: cvs rdiff -u -r1.149.2.2 -r1.149.2.3 src/sys/netinet6/ip6_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/ip6_input.c diff -u src/sys/netinet6/ip6_input.c:1.149.2.2 src/sys/netinet6/ip6_input.c:1.149.2.3 --- src/sys/netinet6/ip6_input.c:1.149.2.2 Tue Jan 30 18:28:45 2018 +++ src/sys/netinet6/ip6_input.c Sun Feb 25 23:17:47 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_input.c,v 1.149.2.2 2018/01/30 18:28:45 martin Exp $ */ +/* $NetBSD: ip6_input.c,v 1.149.2.3 2018/02/25 23:17:47 snj Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.149.2.2 2018/01/30 18:28:45 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.149.2.3 2018/02/25 23:17:47 snj Exp $"); #include "opt_gateway.h" #include "opt_inet.h" @@ -249,7 +249,7 @@ ip6_input(struct mbuf *m) int hit, off = sizeof(struct ip6_hdr), nest; u_int32_t plen; u_int32_t rtalert = ~0; - int nxt, ours = 0, rh_present = 0; + int nxt, ours = 0, rh_present = 0, frg_present; struct ifnet *deliverifp = NULL; int srcrt = 0; const struct rtentry *rt; @@ -720,6 +720,7 @@ ip6_input(struct mbuf *m) nest = 0; rh_present = 0; + frg_present = 0; while (nxt != IPPROTO_DONE) { if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) { IP6_STATINC(IP6_STAT_TOOMANYHDR); @@ -744,6 +745,13 @@ ip6_input(struct mbuf *m) IP6_STATINC(IP6_STAT_BADOPTIONS); goto bad; } + } else if (nxt == IPPROTO_FRAGMENT) { + if (frg_present++) { +in6_ifstat_inc(m->m_pkthdr.rcvif, +ifs6_in_hdrerr); +IP6_STATINC(IP6_STAT_BADOPTIONS); +goto bad; + } } #ifdef IPSEC
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: snj Date: Mon Feb 12 18:37:51 UTC 2018 Modified Files: src/sys/netinet6 [netbsd-7]: ip6_forward.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1551): sys/netinet6/ip6_forward.c: 1.89-1.90 via patch Fix use-after-free of mbuf by ip6flow_create This fixes recent failures of some ATF tests such as t_ipsec_tunnel_odd. -- Fix use-after-free of mbuf by ip6flow_create (one more) To generate a diff of this commit: cvs rdiff -u -r1.73.2.1 -r1.73.2.2 src/sys/netinet6/ip6_forward.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/ip6_forward.c diff -u src/sys/netinet6/ip6_forward.c:1.73.2.1 src/sys/netinet6/ip6_forward.c:1.73.2.2 --- src/sys/netinet6/ip6_forward.c:1.73.2.1 Sat Jan 17 12:10:54 2015 +++ src/sys/netinet6/ip6_forward.c Mon Feb 12 18:37:51 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_forward.c,v 1.73.2.1 2015/01/17 12:10:54 martin Exp $ */ +/* $NetBSD: ip6_forward.c,v 1.73.2.2 2018/02/12 18:37:51 snj Exp $ */ /* $KAME: ip6_forward.c,v 1.109 2002/09/11 08:10:17 sakane Exp $ */ /* @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.73.2.1 2015/01/17 12:10:54 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.73.2.2 2018/02/12 18:37:51 snj Exp $"); #include "opt_gateway.h" #include "opt_ipsec.h" @@ -406,8 +406,8 @@ ip6_forward(struct mbuf *m, int srcrt) IP6_STATINC(IP6_STAT_REDIRECTSENT); else { #ifdef GATEWAY - if (m->m_flags & M_CANFASTFWD) -ip6flow_create(_forward_rt, m); + if (mcopy->m_flags & M_CANFASTFWD) +ip6flow_create(_forward_rt, mcopy); #endif if (mcopy) goto freecopy;
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Fri Feb 2 13:03:05 UTC 2018 Modified Files: src/sys/netinet6 [netbsd-7]: nd6_nbr.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1562): sys/netinet6/nd6_nbr.c: revision 1.145 Fix memory leak. Contrary to what the XXX indicates, this place is 100% reachable remotely. To generate a diff of this commit: cvs rdiff -u -r1.100.2.2 -r1.100.2.3 src/sys/netinet6/nd6_nbr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/nd6_nbr.c diff -u src/sys/netinet6/nd6_nbr.c:1.100.2.2 src/sys/netinet6/nd6_nbr.c:1.100.2.3 --- src/sys/netinet6/nd6_nbr.c:1.100.2.2 Mon Apr 6 01:32:33 2015 +++ src/sys/netinet6/nd6_nbr.c Fri Feb 2 13:03:05 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: nd6_nbr.c,v 1.100.2.2 2015/04/06 01:32:33 snj Exp $ */ +/* $NetBSD: nd6_nbr.c,v 1.100.2.3 2018/02/02 13:03:05 martin Exp $ */ /* $KAME: nd6_nbr.c,v 1.61 2001/02/10 16:06:14 jinmei Exp $ */ /* @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.100.2.2 2015/04/06 01:32:33 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.100.2.3 2018/02/02 13:03:05 martin Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" @@ -590,7 +590,7 @@ nd6_na_input(struct mbuf *m, int off, in taddr6 = nd_na->nd_na_target; if (in6_setscope(, ifp, NULL)) - return; /* XXX: impossible */ + goto bad; if (IN6_IS_ADDR_MULTICAST()) { nd6log((LOG_ERR,
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Fri Feb 2 10:58:44 UTC 2018 Modified Files: src/sys/netinet6 [netbsd-7]: ip6_mroute.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1561): sys/netinet6/ip6_mroute.c: revision 1.120 Fix a pretty simple, yet pretty tragic typo: we should return IPPROTO_DONE, not IPPROTO_NONE. With IPPROTO_NONE we will keep parsing the header chain on an mbuf that was already freed. To generate a diff of this commit: cvs rdiff -u -r1.107 -r1.107.2.1 src/sys/netinet6/ip6_mroute.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/ip6_mroute.c diff -u src/sys/netinet6/ip6_mroute.c:1.107 src/sys/netinet6/ip6_mroute.c:1.107.2.1 --- src/sys/netinet6/ip6_mroute.c:1.107 Sat May 17 21:26:20 2014 +++ src/sys/netinet6/ip6_mroute.c Fri Feb 2 10:58:44 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_mroute.c,v 1.107 2014/05/17 21:26:20 rmind Exp $ */ +/* $NetBSD: ip6_mroute.c,v 1.107.2.1 2018/02/02 10:58:44 martin Exp $ */ /* $KAME: ip6_mroute.c,v 1.49 2001/07/25 09:21:18 jinmei Exp $ */ /* @@ -117,7 +117,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip6_mroute.c,v 1.107 2014/05/17 21:26:20 rmind Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_mroute.c,v 1.107.2.1 2018/02/02 10:58:44 martin Exp $"); #include "opt_inet.h" #include "opt_mrouting.h" @@ -1861,7 +1861,7 @@ pim6_input(struct mbuf **mp, int *offp, (eip6->ip6_vfc & IPV6_VERSION)); #endif m_freem(m); - return (IPPROTO_NONE); + return (IPPROTO_DONE); } /* verify the inner packet is destined to a mcast group */
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Tue Jan 30 18:28:46 UTC 2018 Modified Files: src/sys/netinet6 [netbsd-7]: frag6.c ip6_input.c ip6_var.h raw_ip6.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1560): sys/netinet6/frag6.c: revision 1.65 sys/netinet6/ip6_input.c: revision 1.187 sys/netinet6/ip6_var.h: revision 1.78 sys/netinet6/raw_ip6.c: revision 1.160 (patch) Fix a buffer overflow in ip6_get_prevhdr. Doing mtod(m, char *) + len is wrong, an option is allowed to be located in another mbuf of the chain. If the offset of an option within the chain is bigger than the length of the first mbuf in that chain, we are reading/writing one byte of packet- controlled data beyond the end of the first mbuf. The length of this first mbuf depends on the layout the network driver chose. In the most difficult case, it will allocate a 2KB cluster, which is bigger than the Ethernet MTU. But there is at least one way of exploiting this case: by sending a special combination of nested IPv6 fragments, the packet can control a good bunch of 'len'. By luck, the memory pool containing clusters does not embed the pool header in front of the items, so it is not straightforward to predict what is located at 'mtod(m, char *) + len'. However, by sending offending fragments in a loop, it is possible to crash the kernel - at some point we will hit important data structures. As far as I can tell, PF protects against this difficult case, because it kicks nested fragments. NPF does not protect against this. IPF I don't know. Then there are the more easy cases, if the MTU is bigger than a cluster, or if the network driver did not allocate a cluster, or perhaps if the fragments are received via a tunnel; I haven't investigated these cases. Change ip6_get_prevhdr so that it returns an offset in the chain, and always use IP6_EXTHDR_GET to get a writable pointer. IP6_EXTHDR_GET leaves M_PKTHDR untouched. This place is still fragile. To generate a diff of this commit: cvs rdiff -u -r1.55 -r1.55.4.1 src/sys/netinet6/frag6.c cvs rdiff -u -r1.149.2.1 -r1.149.2.2 src/sys/netinet6/ip6_input.c cvs rdiff -u -r1.62.2.1 -r1.62.2.2 src/sys/netinet6/ip6_var.h cvs rdiff -u -r1.136.2.1 -r1.136.2.2 src/sys/netinet6/raw_ip6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/frag6.c diff -u src/sys/netinet6/frag6.c:1.55 src/sys/netinet6/frag6.c:1.55.4.1 --- src/sys/netinet6/frag6.c:1.55 Fri Aug 30 07:42:08 2013 +++ src/sys/netinet6/frag6.c Tue Jan 30 18:28:45 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: frag6.c,v 1.55 2013/08/30 07:42:08 christos Exp $ */ +/* $NetBSD: frag6.c,v 1.55.4.1 2018/01/30 18:28:45 martin Exp $ */ /* $KAME: frag6.c,v 1.40 2002/05/27 21:40:31 itojun Exp $ */ /* @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: frag6.c,v 1.55 2013/08/30 07:42:08 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: frag6.c,v 1.55.4.1 2018/01/30 18:28:45 martin Exp $"); #include #include @@ -441,14 +441,6 @@ insert: m_cat(m, t); } - /* - * Store NXT to the original. - */ - { - u_int8_t *prvnxtp = ip6_get_prevhdr(m, offset); /* XXX */ - *prvnxtp = nxt; - } - frag6_remque(q6); frag6_nfrags -= q6->ip6q_nfrag; kmem_intr_free(q6, sizeof(struct ip6q)); @@ -456,11 +448,30 @@ insert: if (m->m_flags & M_PKTHDR) { /* Isn't it always true? */ int plen = 0; - for (t = m; t; t = t->m_next) + for (t = m; t; t = t->m_next) { + /* + * XXX XXX Why don't we remove M_PKTHDR? + */ plen += t->m_len; + } m->m_pkthdr.len = plen; } + /* + * Restore NXT to the original. + */ + { + const int prvnxt = ip6_get_prevhdr(m, offset); + uint8_t *prvnxtp; + + IP6_EXTHDR_GET(prvnxtp, uint8_t *, m, prvnxt, + sizeof(*prvnxtp)); + if (prvnxtp == NULL) { + goto dropfrag; + } + *prvnxtp = nxt; + } + IP6_STATINC(IP6_STAT_REASSEMBLED); in6_ifstat_inc(dstifp, ifs6_reass_ok); Index: src/sys/netinet6/ip6_input.c diff -u src/sys/netinet6/ip6_input.c:1.149.2.1 src/sys/netinet6/ip6_input.c:1.149.2.2 --- src/sys/netinet6/ip6_input.c:1.149.2.1 Fri Jan 23 09:27:15 2015 +++ src/sys/netinet6/ip6_input.c Tue Jan 30 18:28:45 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_input.c,v 1.149.2.1 2015/01/23 09:27:15 martin Exp $ */ +/* $NetBSD: ip6_input.c,v 1.149.2.2 2018/01/30 18:28:45 martin Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.149.2.1 2015/01/23 09:27:15 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.149.2.2 2018/01/30 18:28:45 martin Exp $"); #include "opt_gateway.h" #include "opt_inet.h" @@ -1384,50 +1384,44 @@ ip6_pullexthdr(struct mbuf *m, size_t of } /* - * Get pointer to the previous header followed by the header + * Get offset to the previous header followed by the header * currently
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: bouyer Date: Wed Sep 28 20:24:06 UTC 2016 Modified Files: src/sys/netinet6 [netbsd-7]: in6_pcb.c raw_ip6.c Log Message: Pull up following revision(s) (requested by roy in ticket #1243): sys/netinet6/raw_ip6.c: revision 1.150 via patch sys/netinet6/in6_pcb.c: revision 1.149 via patch Allow explicit binding to detached addresss. Fixes PR kern/51435. To generate a diff of this commit: cvs rdiff -u -r1.128.2.2 -r1.128.2.3 src/sys/netinet6/in6_pcb.c cvs rdiff -u -r1.136 -r1.136.2.1 src/sys/netinet6/raw_ip6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/in6_pcb.c diff -u src/sys/netinet6/in6_pcb.c:1.128.2.2 src/sys/netinet6/in6_pcb.c:1.128.2.3 --- src/sys/netinet6/in6_pcb.c:1.128.2.2 Sat Jan 17 12:10:54 2015 +++ src/sys/netinet6/in6_pcb.c Wed Sep 28 20:24:06 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: in6_pcb.c,v 1.128.2.2 2015/01/17 12:10:54 martin Exp $ */ +/* $NetBSD: in6_pcb.c,v 1.128.2.3 2016/09/28 20:24:06 bouyer Exp $ */ /* $KAME: in6_pcb.c,v 1.84 2001/02/08 18:02:08 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v 1.128.2.2 2015/01/17 12:10:54 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v 1.128.2.3 2016/09/28 20:24:06 bouyer Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" @@ -253,7 +253,7 @@ in6_pcbbind_addr(struct in6pcb *in6p, st */ if (ia && ((struct in6_ifaddr *)ia)->ia6_flags & - (IN6_IFF_ANYCAST|IN6_IFF_NOTREADY|IN6_IFF_DETACHED)) + (IN6_IFF_ANYCAST|IN6_IFF_NOTREADY)) return (EADDRNOTAVAIL); } Index: src/sys/netinet6/raw_ip6.c diff -u src/sys/netinet6/raw_ip6.c:1.136 src/sys/netinet6/raw_ip6.c:1.136.2.1 --- src/sys/netinet6/raw_ip6.c:1.136 Sat Aug 9 05:33:01 2014 +++ src/sys/netinet6/raw_ip6.c Wed Sep 28 20:24:06 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: raw_ip6.c,v 1.136 2014/08/09 05:33:01 rtr Exp $ */ +/* $NetBSD: raw_ip6.c,v 1.136.2.1 2016/09/28 20:24:06 bouyer Exp $ */ /* $KAME: raw_ip6.c,v 1.82 2001/07/23 18:57:56 jinmei Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.136 2014/08/09 05:33:01 rtr Exp $"); +__KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.136.2.1 2016/09/28 20:24:06 bouyer Exp $"); #include "opt_ipsec.h" @@ -683,8 +683,7 @@ rip6_bind(struct socket *so, struct mbuf (ia = ifa_ifwithaddr((struct sockaddr *)addr)) == 0) return EADDRNOTAVAIL; if (ia && ((struct in6_ifaddr *)ia)->ia6_flags & - (IN6_IFF_ANYCAST|IN6_IFF_NOTREADY| - IN6_IFF_DETACHED|IN6_IFF_DEPRECATED)) + (IN6_IFF_ANYCAST|IN6_IFF_NOTREADY)) return EADDRNOTAVAIL; in6p->in6p_laddr = addr->sin6_addr; return 0;
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: msaitoh Date: Wed Nov 18 08:33:08 UTC 2015 Modified Files: src/sys/netinet6 [netbsd-7]: mld6.c Log Message: Pull up following revision(s) (requested by joerg in ticket #1035): sys/netinet6/mld6.c: revision 1.64 Ensure that the callout of the multicast address is valid before hooking it up. To generate a diff of this commit: cvs rdiff -u -r1.59.2.2 -r1.59.2.3 src/sys/netinet6/mld6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/mld6.c diff -u src/sys/netinet6/mld6.c:1.59.2.2 src/sys/netinet6/mld6.c:1.59.2.3 --- src/sys/netinet6/mld6.c:1.59.2.2 Fri Jan 23 09:27:15 2015 +++ src/sys/netinet6/mld6.c Wed Nov 18 08:33:08 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: mld6.c,v 1.59.2.2 2015/01/23 09:27:15 martin Exp $ */ +/* $NetBSD: mld6.c,v 1.59.2.3 2015/11/18 08:33:08 msaitoh Exp $ */ /* $KAME: mld6.c,v 1.25 2001/01/16 14:14:18 itojun Exp $ */ /* @@ -102,7 +102,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: mld6.c,v 1.59.2.2 2015/01/23 09:27:15 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: mld6.c,v 1.59.2.3 2015/11/18 08:33:08 msaitoh Exp $"); #include "opt_inet.h" @@ -656,8 +656,12 @@ in6_addmulti(struct in6_addr *maddr6, st in6m->in6m_ifp = ifp; in6m->in6m_refcount = 1; in6m->in6m_timer = IN6M_TIMER_UNDEF; + callout_init(>in6m_timer_ch, CALLOUT_MPSAFE); + callout_setfunc(>in6m_timer_ch, mld_timeo, in6m); + IFP_TO_IA6(ifp, ia); if (ia == NULL) { + callout_destroy(>in6m_timer_ch); free(in6m, M_IPMADDR); splx(s); *errorp = EADDRNOTAVAIL; /* appropriate? */ @@ -674,6 +678,7 @@ in6_addmulti(struct in6_addr *maddr6, st sockaddr_in6_init(, maddr6, 0, 0, 0); *errorp = if_mcast_op(ifp, SIOCADDMULTI, sin6tosa()); if (*errorp) { + callout_destroy(>in6m_timer_ch); LIST_REMOVE(in6m, in6m_entry); free(in6m, M_IPMADDR); IFAFREE(>ia_ifa); @@ -681,8 +686,6 @@ in6_addmulti(struct in6_addr *maddr6, st return (NULL); } - callout_init(>in6m_timer_ch, CALLOUT_MPSAFE); - callout_setfunc(>in6m_timer_ch, mld_timeo, in6m); in6m->in6m_timer = timer; if (in6m->in6m_timer > 0) { in6m->in6m_state = MLD_REPORTPENDING;
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: riz Date: Thu Nov 5 20:36:03 UTC 2015 Modified Files: src/sys/netinet6 [netbsd-7]: icmp6.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #982): sys/netinet6/icmp6.c: revision 1.177 Update icmp6_redirect_timeout_q when changing net.inet6.icmp6.redirtimeout We have to update icmp6_redirect_timeout_q as well as icmp6_redirtimeout when changing net.inet6.icmp6.redirtimeout via sysctl. The updating logic is copied from sysctl_net_inet_icmp_redirtimeout. This change is from s-yamaguchi@IIJ (with KNF by ozaki-r) and fixes PR kern/50240. To generate a diff of this commit: cvs rdiff -u -r1.169 -r1.169.2.1 src/sys/netinet6/icmp6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/icmp6.c diff -u src/sys/netinet6/icmp6.c:1.169 src/sys/netinet6/icmp6.c:1.169.2.1 --- src/sys/netinet6/icmp6.c:1.169 Fri Jun 6 01:02:47 2014 +++ src/sys/netinet6/icmp6.c Thu Nov 5 20:36:03 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: icmp6.c,v 1.169 2014/06/06 01:02:47 rmind Exp $ */ +/* $NetBSD: icmp6.c,v 1.169.2.1 2015/11/05 20:36:03 riz Exp $ */ /* $KAME: icmp6.c,v 1.217 2001/06/20 15:03:29 jinmei Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.169 2014/06/06 01:02:47 rmind Exp $"); +__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.169.2.1 2015/11/05 20:36:03 riz Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" @@ -2756,6 +2756,38 @@ sysctl_net_inet6_icmp6_stats(SYSCTLFN_AR return (NETSTAT_SYSCTL(icmp6stat_percpu, ICMP6_NSTATS)); } +static int +sysctl_net_inet6_icmp6_redirtimeout(SYSCTLFN_ARGS) +{ + int error, tmp; + struct sysctlnode node; + + node = *rnode; + node.sysctl_data = + tmp = icmp6_redirtimeout; + error = sysctl_lookup(SYSCTLFN_CALL()); + if (error || newp == NULL) + return error; + if (tmp < 0) + return EINVAL; + icmp6_redirtimeout = tmp; + + if (icmp6_redirect_timeout_q != NULL) { + if (icmp6_redirtimeout == 0) { + rt_timer_queue_destroy(icmp6_redirect_timeout_q, + true); + } else { + rt_timer_queue_change(icmp6_redirect_timeout_q, + icmp6_redirtimeout); + } + } else if (icmp6_redirtimeout > 0) { + icmp6_redirect_timeout_q = + rt_timer_queue_create(icmp6_redirtimeout); + } + + return 0; +} + static void sysctl_net_inet6_icmp6_setup(struct sysctllog **clog) { @@ -2791,7 +2823,8 @@ sysctl_net_inet6_icmp6_setup(struct sysc CTLFLAG_PERMANENT|CTLFLAG_READWRITE, CTLTYPE_INT, "redirtimeout", SYSCTL_DESCR("Redirect generated route lifetime"), - NULL, 0, _redirtimeout, 0, + sysctl_net_inet6_icmp6_redirtimeout, 0, + _redirtimeout, 0, CTL_NET, PF_INET6, IPPROTO_ICMPV6, ICMPV6CTL_REDIRTIMEOUT, CTL_EOL); #if 0 /* obsoleted */
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: snj Date: Fri May 15 03:58:06 UTC 2015 Modified Files: src/sys/netinet6 [netbsd-7]: scope6.c Log Message: Pull up following revision(s) (requested by joerg in ticket #770): sys/netinet6/scope6.c: revision 1.10 Drop impossible check. To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.9.2.1 src/sys/netinet6/scope6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/scope6.c diff -u src/sys/netinet6/scope6.c:1.9 src/sys/netinet6/scope6.c:1.9.2.1 --- src/sys/netinet6/scope6.c:1.9 Sat May 17 21:26:20 2014 +++ src/sys/netinet6/scope6.c Fri May 15 03:58:06 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: scope6.c,v 1.9 2014/05/17 21:26:20 rmind Exp $ */ +/* $NetBSD: scope6.c,v 1.9.2.1 2015/05/15 03:58:06 snj Exp $ */ /* $KAME$ */ /*- @@ -31,7 +31,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: scope6.c,v 1.9 2014/05/17 21:26:20 rmind Exp $); +__KERNEL_RCSID(0, $NetBSD: scope6.c,v 1.9.2.1 2015/05/15 03:58:06 snj Exp $); #include sys/param.h #include sys/malloc.h @@ -411,9 +411,6 @@ in6_setscope(struct in6_addr *in6, const scope = in6_addrscope(in6); - if (!sid-s6id_list) - return 0; - switch (scope) { case IPV6_ADDR_SCOPE_INTFACELOCAL: /* should be interface index */ zoneid = sid-s6id_list[IPV6_ADDR_SCOPE_INTFACELOCAL];
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Sat May 2 18:23:26 UTC 2015 Modified Files: src/sys/netinet6 [netbsd-7]: nd6_rtr.c Log Message: Pull up following revision(s) (requested by roy in ticket #731): sys/netinet6/nd6_rtr.c: revision 1.99 Mitigate Local Denial of Service with IPv6 Router Advertisements and log attack attempts. Fixes CVE-2015-2923, taken from FreeBSD. To generate a diff of this commit: cvs rdiff -u -r1.93.2.2 -r1.93.2.3 src/sys/netinet6/nd6_rtr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/nd6_rtr.c diff -u src/sys/netinet6/nd6_rtr.c:1.93.2.2 src/sys/netinet6/nd6_rtr.c:1.93.2.3 --- src/sys/netinet6/nd6_rtr.c:1.93.2.2 Mon Apr 6 01:32:33 2015 +++ src/sys/netinet6/nd6_rtr.c Sat May 2 18:23:25 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: nd6_rtr.c,v 1.93.2.2 2015/04/06 01:32:33 snj Exp $ */ +/* $NetBSD: nd6_rtr.c,v 1.93.2.3 2015/05/02 18:23:25 martin Exp $ */ /* $KAME: nd6_rtr.c,v 1.95 2001/02/07 08:09:47 itojun Exp $ */ /* @@ -31,7 +31,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: nd6_rtr.c,v 1.93.2.2 2015/04/06 01:32:33 snj Exp $); +__KERNEL_RCSID(0, $NetBSD: nd6_rtr.c,v 1.93.2.3 2015/05/02 18:23:25 martin Exp $); #include sys/param.h #include sys/systm.h @@ -272,8 +272,15 @@ nd6_ra_input(struct mbuf *m, int off, in } if (nd_ra-nd_ra_retransmit) ndi-retrans = ntohl(nd_ra-nd_ra_retransmit); - if (nd_ra-nd_ra_curhoplimit) - ndi-chlim = nd_ra-nd_ra_curhoplimit; + if (nd_ra-nd_ra_curhoplimit) { + if (ndi-chlim nd_ra-nd_ra_curhoplimit) + ndi-chlim = nd_ra-nd_ra_curhoplimit; + else if (ndi-chlim != nd_ra-nd_ra_curhoplimit) + log(LOG_ERR, nd_ra_input: lower CurHopLimit sent from + %s on %s (current=%d, received=%d), ignored\n, + ip6_sprintf(ip6-ip6_src), + if_name(ifp), ndi-chlim, nd_ra-nd_ra_curhoplimit); + } dr = defrtrlist_update(drtr); }
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: snj Date: Mon Apr 6 01:32:33 UTC 2015 Modified Files: src/sys/netinet6 [netbsd-7]: in6.c in6_ifattach.c nd6.c nd6.h nd6_nbr.c nd6_rtr.c Log Message: Pull up following revision(s) (requested by martin in ticket #655): sys/netinet6/in6.c: revision 1.182 via patch sys/netinet6/in6_ifattach.c: revision 1.95 via patch sys/netinet6/nd6.c: revision 1.158 via patch sys/netinet6/nd6.h: revision 1.62 via patch sys/netinet6/nd6_nbr.c: revision 1.104 via patch sys/netinet6/nd6_rtr.c: revision 1.96 via patch Rearange interface detachement slightly: before we free the INET6 specific per-interface data, make sure to call nd6_purge() with it to remove routing entries pointing to the going interface. When we should happen to call this function again later, with the data already gone, just return. Fixes PR kern/49682, ok: christos. To generate a diff of this commit: cvs rdiff -u -r1.174.2.1 -r1.174.2.2 src/sys/netinet6/in6.c cvs rdiff -u -r1.91.2.1 -r1.91.2.2 src/sys/netinet6/in6_ifattach.c cvs rdiff -u -r1.152.2.2 -r1.152.2.3 src/sys/netinet6/nd6.c cvs rdiff -u -r1.59.2.1 -r1.59.2.2 src/sys/netinet6/nd6.h cvs rdiff -u -r1.100.2.1 -r1.100.2.2 src/sys/netinet6/nd6_nbr.c cvs rdiff -u -r1.93.2.1 -r1.93.2.2 src/sys/netinet6/nd6_rtr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/in6.c diff -u src/sys/netinet6/in6.c:1.174.2.1 src/sys/netinet6/in6.c:1.174.2.2 --- src/sys/netinet6/in6.c:1.174.2.1 Mon Oct 27 13:42:37 2014 +++ src/sys/netinet6/in6.c Mon Apr 6 01:32:33 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: in6.c,v 1.174.2.1 2014/10/27 13:42:37 martin Exp $ */ +/* $NetBSD: in6.c,v 1.174.2.2 2015/04/06 01:32:33 snj Exp $ */ /* $KAME: in6.c,v 1.198 2001/07/18 09:12:38 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: in6.c,v 1.174.2.1 2014/10/27 13:42:37 martin Exp $); +__KERNEL_RCSID(0, $NetBSD: in6.c,v 1.174.2.2 2015/04/06 01:32:33 snj Exp $); #include opt_inet.h #include opt_compat_netbsd.h @@ -2358,7 +2358,7 @@ in6_domifdetach(struct ifnet *ifp, void { struct in6_ifextra *ext = (struct in6_ifextra *)aux; - nd6_ifdetach(ext-nd_ifinfo); + nd6_ifdetach(ifp, ext); free(ext-in6_ifstat, M_IFADDR); free(ext-icmp6_ifstat, M_IFADDR); scope6_ifdetach(ext-scope6_id); Index: src/sys/netinet6/in6_ifattach.c diff -u src/sys/netinet6/in6_ifattach.c:1.91.2.1 src/sys/netinet6/in6_ifattach.c:1.91.2.2 --- src/sys/netinet6/in6_ifattach.c:1.91.2.1 Sat Jan 17 12:10:54 2015 +++ src/sys/netinet6/in6_ifattach.c Mon Apr 6 01:32:33 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: in6_ifattach.c,v 1.91.2.1 2015/01/17 12:10:54 martin Exp $ */ +/* $NetBSD: in6_ifattach.c,v 1.91.2.2 2015/04/06 01:32:33 snj Exp $ */ /* $KAME: in6_ifattach.c,v 1.124 2001/07/18 08:32:51 jinmei Exp $ */ /* @@ -31,7 +31,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: in6_ifattach.c,v 1.91.2.1 2015/01/17 12:10:54 martin Exp $); +__KERNEL_RCSID(0, $NetBSD: in6_ifattach.c,v 1.91.2.2 2015/04/06 01:32:33 snj Exp $); #include sys/param.h #include sys/systm.h @@ -848,7 +848,7 @@ in6_ifdetach(struct ifnet *ifp) ip6_mrouter_detach(ifp); /* remove neighbor management table */ - nd6_purge(ifp); + nd6_purge(ifp, NULL); /* XXX this code is duplicated in in6_purgeif() --dyoung */ /* nuke any of IPv6 addresses we have */ @@ -919,7 +919,7 @@ in6_ifdetach(struct ifnet *ifp) * prefixes after removing all addresses above. * (Or can we just delay calling nd6_purge until at this point?) */ - nd6_purge(ifp); + nd6_purge(ifp, NULL); } int Index: src/sys/netinet6/nd6.c diff -u src/sys/netinet6/nd6.c:1.152.2.2 src/sys/netinet6/nd6.c:1.152.2.3 --- src/sys/netinet6/nd6.c:1.152.2.2 Wed Dec 17 18:43:47 2014 +++ src/sys/netinet6/nd6.c Mon Apr 6 01:32:33 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: nd6.c,v 1.152.2.2 2014/12/17 18:43:47 martin Exp $ */ +/* $NetBSD: nd6.c,v 1.152.2.3 2015/04/06 01:32:33 snj Exp $ */ /* $KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $ */ /* @@ -31,7 +31,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: nd6.c,v 1.152.2.2 2014/12/17 18:43:47 martin Exp $); +__KERNEL_RCSID(0, $NetBSD: nd6.c,v 1.152.2.3 2015/04/06 01:32:33 snj Exp $); #include bridge.h #include carp.h @@ -205,10 +205,11 @@ nd6_ifattach(struct ifnet *ifp) } void -nd6_ifdetach(struct nd_ifinfo *nd) +nd6_ifdetach(struct ifnet *ifp, struct in6_ifextra *ext) { - free(nd, M_IP6NDP); + nd6_purge(ifp, ext); + free(ext-nd_ifinfo, M_IP6NDP); } void @@ -556,7 +557,7 @@ nd6_timer(void *ignored_arg) TAILQ_FOREACH_SAFE(dr, nd_defrouter, dr_entry, next_dr) { if (dr-expire dr-expire time_second) { - defrtrlist_del(dr); + defrtrlist_del(dr, NULL); } } @@ -746,13 +747,23 @@ nd6_accepts_rtadv(const struct nd_ifinfo * ifp goes away. */ void -nd6_purge(struct ifnet *ifp)
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: snj Date: Sat Feb 14 07:14:23 UTC 2015 Modified Files: src/sys/netinet6 [netbsd-7]: ip6_output.c Log Message: Pull up following revision(s) (requested by roy in ticket #509): sys/netinet6/ip6_output.c: revision 1.163 CID/1267860: Missing break in switch To generate a diff of this commit: cvs rdiff -u -r1.157.2.2 -r1.157.2.3 src/sys/netinet6/ip6_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/ip6_output.c diff -u src/sys/netinet6/ip6_output.c:1.157.2.2 src/sys/netinet6/ip6_output.c:1.157.2.3 --- src/sys/netinet6/ip6_output.c:1.157.2.2 Fri Jan 23 09:27:15 2015 +++ src/sys/netinet6/ip6_output.c Sat Feb 14 07:14:23 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_output.c,v 1.157.2.2 2015/01/23 09:27:15 martin Exp $ */ +/* $NetBSD: ip6_output.c,v 1.157.2.3 2015/02/14 07:14:23 snj Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: ip6_output.c,v 1.157.2.2 2015/01/23 09:27:15 martin Exp $); +__KERNEL_RCSID(0, $NetBSD: ip6_output.c,v 1.157.2.3 2015/02/14 07:14:23 snj Exp $); #include opt_inet.h #include opt_inet6.h @@ -2120,6 +2120,7 @@ ip6_getpcbopt(struct ip6_pktopts *pktopt else optdata = (void *)defpreftemp; optdatalen = sizeof(int); + break; default: /* should not happen */ #ifdef DIAGNOSTIC panic(ip6_getpcbopt: unexpected option\n);
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Fri Jan 23 09:27:15 UTC 2015 Modified Files: src/sys/netinet6 [netbsd-7]: in6.h in6_src.c ip6_input.c ip6_output.c ip6_var.h mld6.c Log Message: Pull up following revision(s) (requested by pettai in ticket #441): sys/netinet6/ip6_var.h: revision 1.64 sys/netinet6/in6.h: revision 1.82 sys/netinet6/in6_src.c: revision 1.56 sys/netinet6/mld6.c: revision 1.62 sys/netinet6/ip6_input.c: revision 1.150 sys/netinet6/ip6_output.c: revision 1.161 Add net.inet6.ip6.prefer_tempaddr sysctl knob so that we can prefer IPv6 temporary addresses as the source address. Fixes PR kern/47100 based on a patch by Dieter Roelants. To generate a diff of this commit: cvs rdiff -u -r1.78 -r1.78.2.1 src/sys/netinet6/in6.h cvs rdiff -u -r1.54 -r1.54.2.1 src/sys/netinet6/in6_src.c cvs rdiff -u -r1.149 -r1.149.2.1 src/sys/netinet6/ip6_input.c cvs rdiff -u -r1.157.2.1 -r1.157.2.2 src/sys/netinet6/ip6_output.c cvs rdiff -u -r1.62 -r1.62.2.1 src/sys/netinet6/ip6_var.h cvs rdiff -u -r1.59.2.1 -r1.59.2.2 src/sys/netinet6/mld6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/in6.h diff -u src/sys/netinet6/in6.h:1.78 src/sys/netinet6/in6.h:1.78.2.1 --- src/sys/netinet6/in6.h:1.78 Thu Jun 5 23:48:16 2014 +++ src/sys/netinet6/in6.h Fri Jan 23 09:27:15 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: in6.h,v 1.78 2014/06/05 23:48:16 rmind Exp $ */ +/* $NetBSD: in6.h,v 1.78.2.1 2015/01/23 09:27:15 martin Exp $ */ /* $KAME: in6.h,v 1.83 2001/03/29 02:55:07 jinmei Exp $ */ /* @@ -437,6 +437,8 @@ extern const struct in6_addr in6addr_lin #define IPV6_TCLASS 61 /* int; send traffic class value */ #define IPV6_DONTFRAG 62 /* bool; disable IPv6 fragmentation */ +#define IPV6_PREFER_TEMPADDR 63 /* int; prefer temporary address as +* the sorce address */ /* to define items, should talk with KAME guys first, for *BSD compatibility */ #define IPV6_RTHDR_LOOSE 0 /* this hop need not be a neighbor. XXX old spec */ Index: src/sys/netinet6/in6_src.c diff -u src/sys/netinet6/in6_src.c:1.54 src/sys/netinet6/in6_src.c:1.54.2.1 --- src/sys/netinet6/in6_src.c:1.54 Sat May 17 21:26:20 2014 +++ src/sys/netinet6/in6_src.c Fri Jan 23 09:27:15 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: in6_src.c,v 1.54 2014/05/17 21:26:20 rmind Exp $ */ +/* $NetBSD: in6_src.c,v 1.54.2.1 2015/01/23 09:27:15 martin Exp $ */ /* $KAME: in6_src.c,v 1.159 2005/10/19 01:40:32 t-momose Exp $ */ /* @@ -66,7 +66,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: in6_src.c,v 1.54 2014/05/17 21:26:20 rmind Exp $); +__KERNEL_RCSID(0, $NetBSD: in6_src.c,v 1.54.2.1 2015/01/23 09:27:15 martin Exp $); #include opt_inet.h @@ -118,9 +118,7 @@ __KERNEL_RCSID(0, $NetBSD: in6_src.c,v #define ADDR_LABEL_NOTAPP (-1) struct in6_addrpolicy defaultaddrpolicy; -#ifdef notyet /* until introducing ND extensions and address selection */ int ip6_prefer_tempaddr = 0; -#endif static int selectroute(struct sockaddr_in6 *, struct ip6_pktopts *, struct ip6_moptions *, struct route *, struct ifnet **, @@ -184,9 +182,7 @@ in6_selectsrc(struct sockaddr_in6 *dstso struct in6_addrpolicy *dst_policy = NULL, *best_policy = NULL; u_int32_t odstzone; int error; -#ifdef notyet /* until introducing ND extensions and address selection */ int prefer_tempaddr; -#endif #if defined(MIP6) NMIP 0 u_int8_t ip6po_usecoa = 0; #endif /* MIP6 NMIP 0 */ @@ -458,7 +454,6 @@ in6_selectsrc(struct sockaddr_in6 *dstso * a sysctl variable, so that privacy conscious users can * always prefer temporary addresses. */ -#ifdef notyet /* until introducing ND extensions and address selection */ if (opts == NULL || opts-ip6po_prefer_tempaddr == IP6PO_TEMPADDR_SYSTEM) { prefer_tempaddr = ip6_prefer_tempaddr; @@ -481,7 +476,6 @@ in6_selectsrc(struct sockaddr_in6 *dstso else REPLACE(7); } -#endif /* * Rule 8: prefer addresses on alive interfaces. Index: src/sys/netinet6/ip6_input.c diff -u src/sys/netinet6/ip6_input.c:1.149 src/sys/netinet6/ip6_input.c:1.149.2.1 --- src/sys/netinet6/ip6_input.c:1.149 Mon Jun 16 00:33:39 2014 +++ src/sys/netinet6/ip6_input.c Fri Jan 23 09:27:15 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_input.c,v 1.149 2014/06/16 00:33:39 ozaki-r Exp $ */ +/* $NetBSD: ip6_input.c,v 1.149.2.1 2015/01/23 09:27:15 martin Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: ip6_input.c,v 1.149 2014/06/16 00:33:39 ozaki-r Exp $); +__KERNEL_RCSID(0, $NetBSD: ip6_input.c,v 1.149.2.1 2015/01/23 09:27:15 martin Exp $); #include opt_gateway.h #include opt_inet.h @@ -1902,6 +1902,14 @@ sysctl_net_inet6_ip6_setup(struct sysctl CTL_CREATE, CTL_EOL); sysctl_createv(clog, 0, NULL, NULL,
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Mon Dec 29 17:33:49 UTC 2014 Modified Files: src/sys/netinet6 [netbsd-7]: mld6.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #360): sys/netinet6/mld6.c: revision 1.61 Ensure callout isn't running and pending before callout_destroy Call callout_halt before callout_destroy. And also let callout (mld_timeo) not call callout_schedule when we already called callout_halt. This fixes PR 47881. To generate a diff of this commit: cvs rdiff -u -r1.59 -r1.59.2.1 src/sys/netinet6/mld6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/mld6.c diff -u src/sys/netinet6/mld6.c:1.59 src/sys/netinet6/mld6.c:1.59.2.1 --- src/sys/netinet6/mld6.c:1.59 Sat Jul 26 22:21:16 2014 +++ src/sys/netinet6/mld6.c Mon Dec 29 17:33:49 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: mld6.c,v 1.59 2014/07/26 22:21:16 joerg Exp $ */ +/* $NetBSD: mld6.c,v 1.59.2.1 2014/12/29 17:33:49 martin Exp $ */ /* $KAME: mld6.c,v 1.25 2001/01/16 14:14:18 itojun Exp $ */ /* @@ -102,7 +102,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: mld6.c,v 1.59 2014/07/26 22:21:16 joerg Exp $); +__KERNEL_RCSID(0, $NetBSD: mld6.c,v 1.59.2.1 2014/12/29 17:33:49 martin Exp $); #include opt_inet.h @@ -195,6 +195,8 @@ mld_starttimer(struct in6_multi *in6m) { struct timeval now; + KASSERT(in6m-in6m_timer != IN6M_TIMER_UNDEF); + microtime(now); in6m-in6m_timer_expire.tv_sec = now.tv_sec + in6m-in6m_timer / hz; in6m-in6m_timer_expire.tv_usec = now.tv_usec + @@ -227,6 +229,9 @@ mld_timeo(void *arg) mutex_enter(softnet_lock); KERNEL_LOCK(1, NULL); + if (in6m-in6m_timer == IN6M_TIMER_UNDEF) + goto out; + in6m-in6m_timer = IN6M_TIMER_UNDEF; switch (in6m-in6m_state) { @@ -238,6 +243,7 @@ mld_timeo(void *arg) break; } +out: KERNEL_UNLOCK_ONE(NULL); mutex_exit(softnet_lock); } @@ -741,7 +747,12 @@ in6_delmulti(struct in6_multi *in6m) */ sockaddr_in6_init(sin6, in6m-in6m_addr, 0, 0, 0); if_mcast_op(in6m-in6m_ifp, SIOCDELMULTI, sin6tosa(sin6)); + + /* Tell mld_timeo we're halting the timer */ + in6m-in6m_timer = IN6M_TIMER_UNDEF; + callout_halt(in6m-in6m_timer_ch, softnet_lock); callout_destroy(in6m-in6m_timer_ch); + free(in6m, M_IPMADDR); } splx(s);
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Wed Dec 17 18:43:48 UTC 2014 Modified Files: src/sys/netinet6 [netbsd-7]: nd6.c nd6.h nd6_nbr.c nd6_rtr.c Log Message: Pull up following revision(s) (requested by roy in ticket #332): sys/netinet6/nd6_nbr.c: revision 1.103 sys/netinet6/nd6_rtr.c: revision 1.95 sys/netinet6/nd6.h: revision 1.61 sys/netinet6/nd6.c: revision 1.156 Report route additions/changes/deletions for cached neighbours to userland. To generate a diff of this commit: cvs rdiff -u -r1.152.2.1 -r1.152.2.2 src/sys/netinet6/nd6.c cvs rdiff -u -r1.59 -r1.59.2.1 src/sys/netinet6/nd6.h cvs rdiff -u -r1.100 -r1.100.2.1 src/sys/netinet6/nd6_nbr.c cvs rdiff -u -r1.93 -r1.93.2.1 src/sys/netinet6/nd6_rtr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/nd6.c diff -u src/sys/netinet6/nd6.c:1.152.2.1 src/sys/netinet6/nd6.c:1.152.2.2 --- src/sys/netinet6/nd6.c:1.152.2.1 Mon Oct 27 13:39:11 2014 +++ src/sys/netinet6/nd6.c Wed Dec 17 18:43:47 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: nd6.c,v 1.152.2.1 2014/10/27 13:39:11 martin Exp $ */ +/* $NetBSD: nd6.c,v 1.152.2.2 2014/12/17 18:43:47 martin Exp $ */ /* $KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $ */ /* @@ -31,7 +31,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: nd6.c,v 1.152.2.1 2014/10/27 13:39:11 martin Exp $); +__KERNEL_RCSID(0, $NetBSD: nd6.c,v 1.152.2.2 2014/12/17 18:43:47 martin Exp $); #include bridge.h #include carp.h @@ -1037,6 +1037,7 @@ nd6_free(struct rtentry *rt, int gc) struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt-rt_llinfo, *next; struct in6_addr in6 = satocsin6(rt_getkey(rt))-sin6_addr; struct nd_defrouter *dr; + struct rtentry *oldrt; /* * we used to have pfctlinput(PRC_HOSTDEAD) here. @@ -1129,7 +1130,15 @@ nd6_free(struct rtentry *rt, int gc) * caches, and disable the route entry not to be used in already * cached routes. */ - rtrequest(RTM_DELETE, rt_getkey(rt), NULL, rt_mask(rt), 0, NULL); + oldrt = NULL; + rtrequest(RTM_DELETE, rt_getkey(rt), NULL, rt_mask(rt), 0, oldrt); + if (oldrt) { + nd6_rtmsg(RTM_DELETE, oldrt); /* tell user process */ + if (oldrt-rt_refcnt = 0) { + oldrt-rt_refcnt++; + rtfree(oldrt); + } + } return next; } @@ -2059,6 +2068,9 @@ fail: break; } + if (do_update) + nd6_rtmsg(RTM_CHANGE, rt); /* tell user process */ + /* * When the link-layer address of a router changes, select the * best router again. In particular, when the neighbor entry is newly Index: src/sys/netinet6/nd6.h diff -u src/sys/netinet6/nd6.h:1.59 src/sys/netinet6/nd6.h:1.59.2.1 --- src/sys/netinet6/nd6.h:1.59 Thu Jun 5 16:06:49 2014 +++ src/sys/netinet6/nd6.h Wed Dec 17 18:43:47 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: nd6.h,v 1.59 2014/06/05 16:06:49 roy Exp $ */ +/* $NetBSD: nd6.h,v 1.59.2.1 2014/12/17 18:43:47 martin Exp $ */ /* $KAME: nd6.h,v 1.95 2002/06/08 11:31:06 itojun Exp $ */ /* @@ -408,6 +408,7 @@ void nd6_option_init(void *, int, union struct nd_opt_hdr *nd6_option(union nd_opts *); int nd6_options(union nd_opts *); struct rtentry *nd6_lookup(const struct in6_addr *, int, struct ifnet *); +void nd6_rtmsg(int, struct rtentry *); void nd6_setmtu(struct ifnet *); void nd6_llinfo_settimer(struct llinfo_nd6 *, long); void nd6_timer(void *); Index: src/sys/netinet6/nd6_nbr.c diff -u src/sys/netinet6/nd6_nbr.c:1.100 src/sys/netinet6/nd6_nbr.c:1.100.2.1 --- src/sys/netinet6/nd6_nbr.c:1.100 Tue Jul 1 07:51:29 2014 +++ src/sys/netinet6/nd6_nbr.c Wed Dec 17 18:43:47 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: nd6_nbr.c,v 1.100 2014/07/01 07:51:29 ozaki-r Exp $ */ +/* $NetBSD: nd6_nbr.c,v 1.100.2.1 2014/12/17 18:43:47 martin Exp $ */ /* $KAME: nd6_nbr.c,v 1.61 2001/02/10 16:06:14 jinmei Exp $ */ /* @@ -31,7 +31,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: nd6_nbr.c,v 1.100 2014/07/01 07:51:29 ozaki-r Exp $); +__KERNEL_RCSID(0, $NetBSD: nd6_nbr.c,v 1.100.2.1 2014/12/17 18:43:47 martin Exp $); #include opt_inet.h #include opt_ipsec.h @@ -567,6 +567,7 @@ nd6_na_input(struct mbuf *m, int off, in struct sockaddr_dl *sdl; union nd_opts ndopts; struct sockaddr_in6 ssin6; + int rt_announce; if (ip6-ip6_hlim != 255) { nd6log((LOG_ERR, @@ -669,6 +670,7 @@ nd6_na_input(struct mbuf *m, int off, in ((sdl = satosdl(rt-rt_gateway)) == NULL)) goto freeit; + rt_announce = 0; if (ln-ln_state == ND6_LLINFO_INCOMPLETE) { /* * If the link-layer has address, and no lladdr option came, @@ -682,6 +684,7 @@ nd6_na_input(struct mbuf *m, int off, in */ (void)sockaddr_dl_setaddr(sdl, sdl-sdl_len, lladdr, ifp-if_addrlen); + rt_announce = 1; if (is_solicited) { ln-ln_state = ND6_LLINFO_REACHABLE; ln-ln_byhint = 0; @@ -712,11 +715,11 @@ nd6_na_input(struct mbuf *m, int off, in else { if (sdl-sdl_alen) { if (memcmp(lladdr, CLLADDR(sdl),
CVS commit: [netbsd-7] src/sys/netinet6
Module Name:src Committed By: martin Date: Mon Oct 27 13:39:11 UTC 2014 Modified Files: src/sys/netinet6 [netbsd-7]: nd6.c Log Message: Pull up following revision(s) (requested by roy in ticket #159): sys/netinet6/nd6.c: revision 1.153 Tests for neighbour now work correctly on bridge(4) and carp(4) interfaces. To generate a diff of this commit: cvs rdiff -u -r1.152 -r1.152.2.1 src/sys/netinet6/nd6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/nd6.c diff -u src/sys/netinet6/nd6.c:1.152 src/sys/netinet6/nd6.c:1.152.2.1 --- src/sys/netinet6/nd6.c:1.152 Fri Jun 6 01:02:47 2014 +++ src/sys/netinet6/nd6.c Mon Oct 27 13:39:11 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: nd6.c,v 1.152 2014/06/06 01:02:47 rmind Exp $ */ +/* $NetBSD: nd6.c,v 1.152.2.1 2014/10/27 13:39:11 martin Exp $ */ /* $KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $ */ /* @@ -31,8 +31,10 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: nd6.c,v 1.152 2014/06/06 01:02:47 rmind Exp $); +__KERNEL_RCSID(0, $NetBSD: nd6.c,v 1.152.2.1 2014/10/27 13:39:11 martin Exp $); +#include bridge.h +#include carp.h #include opt_ipsec.h #include sys/param.h @@ -906,7 +908,7 @@ nd6_lookup1(const struct in6_addr *addr6 rt-rt_flags (RTF_CLONING | RTF_CLONED) (rt-rt_ifp == ifp #if NBRIDGE 0 - || SAME_BRIDGE(rt-rt_ifp-if_bridgeport, ifp-if_bridgeport) + || rt-rt_ifp-if_bridge == ifp-if_bridge #endif #if NCARP 0 || (ifp-if_type == IFT_CARP rt-rt_ifp == ifp-if_carpdev) ||