CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Apr 12 07:45:29 UTC 2018 Modified Files: src/sys/netinet: raw_ip.c Log Message: Make 'opts' local to rip_sbappendaddr(). To generate a diff of this commit: cvs rdiff -u -r1.174 -r1.175 src/sys/netinet/raw_ip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/raw_ip.c diff -u src/sys/netinet/raw_ip.c:1.174 src/sys/netinet/raw_ip.c:1.175 --- src/sys/netinet/raw_ip.c:1.174 Thu Apr 12 07:28:10 2018 +++ src/sys/netinet/raw_ip.c Thu Apr 12 07:45:29 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: raw_ip.c,v 1.174 2018/04/12 07:28:10 maxv Exp $ */ +/* $NetBSD: raw_ip.c,v 1.175 2018/04/12 07:45:29 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -65,7 +65,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.174 2018/04/12 07:28:10 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.175 2018/04/12 07:45:29 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -138,20 +138,23 @@ rip_init(void) static void rip_sbappendaddr(struct inpcb *last, struct ip *ip, const struct sockaddr *sa, -int hlen, struct mbuf *opts, struct mbuf *n) +int hlen, struct mbuf *n) { + struct mbuf *opts = NULL; + if (last->inp_flags & INP_NOHEADER) m_adj(n, hlen); - if (last->inp_flags & INP_CONTROLOPTS - || SOOPT_TIMESTAMP(last->inp_socket->so_options)) + if (last->inp_flags & INP_CONTROLOPTS || + SOOPT_TIMESTAMP(last->inp_socket->so_options)) ip_savecontrol(last, &opts, ip, n); if (sbappendaddr(&last->inp_socket->so_rcv, sa, n, opts) == 0) { soroverflow(last->inp_socket); m_freem(n); if (opts) m_freem(opts); - } else + } else { sorwakeup(last->inp_socket); + } } /* @@ -167,7 +170,7 @@ rip_input(struct mbuf *m, ...) struct inpcb_hdr *inph; struct inpcb *inp; struct inpcb *last = NULL; - struct mbuf *n, *opts = NULL; + struct mbuf *n; struct sockaddr_in ripsrc; va_list ap; @@ -209,9 +212,7 @@ rip_input(struct mbuf *m, ...) } #endif else if ((n = m_copypacket(m, M_DONTWAIT)) != NULL) { - rip_sbappendaddr(last, ip, sintosa(&ripsrc), hlen, opts, - n); - opts = NULL; + rip_sbappendaddr(last, ip, sintosa(&ripsrc), hlen, n); } last = inp; @@ -225,7 +226,7 @@ rip_input(struct mbuf *m, ...) } else #endif if (last != NULL) { - rip_sbappendaddr(last, ip, sintosa(&ripsrc), hlen, opts, m); + rip_sbappendaddr(last, ip, sintosa(&ripsrc), hlen, m); } else if (inetsw[ip_protox[ip->ip_p]].pr_input == rip_input) { uint64_t *ips;
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Wed Apr 11 08:29:19 UTC 2018 Modified Files: src/sys/netinet: ip_flow.c Log Message: Remove whitespaces/tabs, and one non-ASCII character. To generate a diff of this commit: cvs rdiff -u -r1.81 -r1.82 src/sys/netinet/ip_flow.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_flow.c diff -u src/sys/netinet/ip_flow.c:1.81 src/sys/netinet/ip_flow.c:1.82 --- src/sys/netinet/ip_flow.c:1.81 Fri Nov 17 07:37:12 2017 +++ src/sys/netinet/ip_flow.c Wed Apr 11 08:29:19 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_flow.c,v 1.81 2017/11/17 07:37:12 ozaki-r Exp $ */ +/* $NetBSD: ip_flow.c,v 1.82 2018/04/11 08:29:19 maxv Exp $ */ /*- * Copyright (c) 1998 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_flow.c,v 1.81 2017/11/17 07:37:12 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_flow.c,v 1.82 2018/04/11 08:29:19 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_net_mpsafe.h" @@ -64,7 +64,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip_flow.c,v /* * Similar code is very well commented in netinet6/ip6_flow.c - */ + */ #define IPFLOW_HASHBITS 6 /* should not be a multiple of 8 */ @@ -113,7 +113,7 @@ static void ipflow_slowtimo_work(struct static struct workqueue *ipflow_slowtimo_wq; static struct work ipflow_slowtimo_wk; -static size_t +static size_t ipflow_hash(const struct ip *ip) { size_t hash = ip->ip_tos; @@ -364,7 +364,7 @@ out: mutex_exit(&ipflow_lock); return ret; } - + static void ipflow_addstats(struct ipflow *ipf) { @@ -376,7 +376,7 @@ ipflow_addstats(struct ipflow *ipf) rt->rt_use += ipf->ipf_uses; rtcache_unref(rt, &ipf->ipf_ro); } - + ips = IP_STAT_GETREF(); ips[IP_STAT_CANTFORWARD] += ipf->ipf_errors + ipf->ipf_dropped; ips[IP_STAT_TOTAL] += ipf->ipf_uses; @@ -646,7 +646,7 @@ sysctl_net_inet_ip_hashsize(SYSCTLFN_ARG } else { /* * EINVAL if not a power of 2 - */ + */ error = EINVAL; }
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Wed Apr 11 08:11:20 UTC 2018 Modified Files: src/sys/netinet: ip_input.c Log Message: Don't pass IP_ALLOWBROADCAST in ipsec4_input. The flag lands in ipsec_getpolicybyaddr, and only IP_FORWARDING is taken. In fact it would be good to change the 'flags' argument of ipsec4_input to be a boolean, same for ipsec_getpolicybyaddr. It would be less misleading. To generate a diff of this commit: cvs rdiff -u -r1.378 -r1.379 src/sys/netinet/ip_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_input.c diff -u src/sys/netinet/ip_input.c:1.378 src/sys/netinet/ip_input.c:1.379 --- src/sys/netinet/ip_input.c:1.378 Wed Apr 11 07:55:19 2018 +++ src/sys/netinet/ip_input.c Wed Apr 11 08:11:20 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.378 2018/04/11 07:55:19 maxv Exp $ */ +/* $NetBSD: ip_input.c,v 1.379 2018/04/11 08:11:20 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.378 2018/04/11 07:55:19 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.379 2018/04/11 08:11:20 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -729,8 +729,7 @@ ip_input(struct mbuf *m) #ifdef IPSEC /* Check the security policy (SP) for the packet */ if (ipsec_used) { - if (ipsec4_input(m, IP_FORWARDING | - (ip_directedbcast ? IP_ALLOWBROADCAST : 0)) != 0) { + if (ipsec4_input(m, IP_FORWARDING) != 0) { goto out; } }
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Wed Apr 11 07:52:26 UTC 2018 Modified Files: src/sys/netinet: ip_input.c Log Message: Small changes in ip_dooptions: replace bcopy by memcpy, the areas can't overlap. To generate a diff of this commit: cvs rdiff -u -r1.376 -r1.377 src/sys/netinet/ip_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_input.c diff -u src/sys/netinet/ip_input.c:1.376 src/sys/netinet/ip_input.c:1.377 --- src/sys/netinet/ip_input.c:1.376 Sat Feb 24 07:37:09 2018 +++ src/sys/netinet/ip_input.c Wed Apr 11 07:52:25 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.376 2018/02/24 07:37:09 ozaki-r Exp $ */ +/* $NetBSD: ip_input.c,v 1.377 2018/04/11 07:52:25 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.376 2018/02/24 07:37:09 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.377 2018/04/11 07:52:25 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -965,8 +965,8 @@ ip_dooptions(struct mbuf *m) goto bad; } ip->ip_dst = ipaddr.sin_addr; - bcopy((void *)&ia->ia_addr.sin_addr, - (void *)(cp + off), sizeof(struct in_addr)); + memcpy(cp + off, &ia->ia_addr.sin_addr, + sizeof(struct in_addr)); ia4_release(ia, &psref); cp[IPOPT_OFFSET] += sizeof(struct in_addr); /* @@ -1001,7 +1001,7 @@ ip_dooptions(struct mbuf *m) off--; /* 0 origin */ if ((off + sizeof(struct in_addr)) > optlen) break; - memcpy((void *)&ipaddr.sin_addr, (void *)(&ip->ip_dst), + memcpy((void *)&ipaddr.sin_addr, (void *)&ip->ip_dst, sizeof(ipaddr.sin_addr)); /* * locate outgoing interface; if we're the destination, @@ -1018,8 +1018,8 @@ ip_dooptions(struct mbuf *m) } else { ia = ifatoia(ifa); } - bcopy((void *)&ia->ia_addr.sin_addr, - (void *)(cp + off), sizeof(struct in_addr)); + memcpy(cp + off, &ia->ia_addr.sin_addr, + sizeof(struct in_addr)); ia4_release(ia, &psref); cp[IPOPT_OFFSET] += sizeof(struct in_addr); break; @@ -1081,8 +1081,8 @@ ip_dooptions(struct mbuf *m) break; } ia = ifatoia(ifa); -bcopy(&ia->ia_addr.sin_addr, -cp0, sizeof(struct in_addr)); +memcpy(cp0, &ia->ia_addr.sin_addr, +sizeof(struct in_addr)); pserialize_read_exit(_ss); ipt->ipt_ptr += sizeof(struct in_addr); break;
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Wed Apr 11 07:15:12 UTC 2018 Modified Files: src/sys/netinet: ip_reass.c Log Message: Add 'static', like the prototype. To generate a diff of this commit: cvs rdiff -u -r1.14 -r1.15 src/sys/netinet/ip_reass.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_reass.c diff -u src/sys/netinet/ip_reass.c:1.14 src/sys/netinet/ip_reass.c:1.15 --- src/sys/netinet/ip_reass.c:1.14 Fri Mar 9 11:57:38 2018 +++ src/sys/netinet/ip_reass.c Wed Apr 11 07:15:12 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_reass.c,v 1.14 2018/03/09 11:57:38 maxv Exp $ */ +/* $NetBSD: ip_reass.c,v 1.15 2018/04/11 07:15:12 maxv Exp $ */ /* * Copyright (c) 1982, 1986, 1988, 1993 @@ -46,7 +46,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_reass.c,v 1.14 2018/03/09 11:57:38 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_reass.c,v 1.15 2018/04/11 07:15:12 maxv Exp $"); #include #include @@ -211,7 +211,7 @@ ip_nmbclusters_changed(void) * datagram. If a chain for reassembly of this datagram already exists, * then it is given as 'fp'; otherwise have to make a chain. */ -struct mbuf * +static struct mbuf * ip_reass(ipfr_qent_t *ipqe, ipfr_queue_t *fp, const u_int hash) { struct ip *ip = ipqe->ipqe_ip, *qip;
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Wed Apr 11 06:26:00 UTC 2018 Modified Files: src/sys/netinet: ip_mroute.c Log Message: Add XXX. To generate a diff of this commit: cvs rdiff -u -r1.156 -r1.157 src/sys/netinet/ip_mroute.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_mroute.c diff -u src/sys/netinet/ip_mroute.c:1.156 src/sys/netinet/ip_mroute.c:1.157 --- src/sys/netinet/ip_mroute.c:1.156 Wed Apr 11 05:59:42 2018 +++ src/sys/netinet/ip_mroute.c Wed Apr 11 06:26:00 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_mroute.c,v 1.156 2018/04/11 05:59:42 maxv Exp $ */ +/* $NetBSD: ip_mroute.c,v 1.157 2018/04/11 06:26:00 maxv Exp $ */ /* * Copyright (c) 1992, 1993 @@ -93,7 +93,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.156 2018/04/11 05:59:42 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.157 2018/04/11 06:26:00 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -2073,6 +2073,11 @@ priority(struct vif *vifp, struct ip *ip /* temporary hack; may add general packet classifier some day */ /* + * XXX XXX: We're reading the UDP header, but we didn't ensure + * it was present in the packet. + */ + + /* * The UDP port space is divided up into four priority ranges: * [0, 16384) : unclassified - lowest priority * [16384, 32768) : audio - highest priority
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Wed Apr 11 05:59:43 UTC 2018 Modified Files: src/sys/netinet: ip_mroute.c Log Message: Add XXX. To generate a diff of this commit: cvs rdiff -u -r1.155 -r1.156 src/sys/netinet/ip_mroute.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_mroute.c diff -u src/sys/netinet/ip_mroute.c:1.155 src/sys/netinet/ip_mroute.c:1.156 --- src/sys/netinet/ip_mroute.c:1.155 Wed Mar 21 14:23:54 2018 +++ src/sys/netinet/ip_mroute.c Wed Apr 11 05:59:42 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_mroute.c,v 1.155 2018/03/21 14:23:54 roy Exp $ */ +/* $NetBSD: ip_mroute.c,v 1.156 2018/04/11 05:59:42 maxv Exp $ */ /* * Copyright (c) 1992, 1993 @@ -93,7 +93,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.155 2018/03/21 14:23:54 roy Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.156 2018/04/11 05:59:42 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1279,6 +1279,12 @@ ip_mforward(struct mbuf *m, struct ifnet log(LOG_DEBUG, "ip_mforward: src %x, dst %x, ifp %p\n", ntohl(ip->ip_src.s_addr), ntohl(ip->ip_dst.s_addr), ifp); + /* + * XXX XXX: Why do we check [1] against IPOPT_LSRR? Because we + * expect [0] to be IPOPT_NOP, maybe? In all cases that doesn't + * make a lot of sense, a forged packet can just put two IPOPT_NOPs + * followed by one IPOPT_LSRR, and bypass the check. + */ if (ip->ip_hl < (IP_HDR_LEN + TUNNEL_LEN) >> 2 || ((u_char *)(ip + 1))[1] != IPOPT_LSRR) { /*
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Wed Apr 11 05:38:47 UTC 2018 Modified Files: src/sys/netinet: if_arp.c Log Message: Add XXX. To generate a diff of this commit: cvs rdiff -u -r1.272 -r1.273 src/sys/netinet/if_arp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/if_arp.c diff -u src/sys/netinet/if_arp.c:1.272 src/sys/netinet/if_arp.c:1.273 --- src/sys/netinet/if_arp.c:1.272 Tue Apr 10 08:41:14 2018 +++ src/sys/netinet/if_arp.c Wed Apr 11 05:38:47 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_arp.c,v 1.272 2018/04/10 08:41:14 maxv Exp $ */ +/* $NetBSD: if_arp.c,v 1.273 2018/04/11 05:38:47 maxv Exp $ */ /* * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc. @@ -68,7 +68,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.272 2018/04/10 08:41:14 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.273 2018/04/11 05:38:47 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_ddb.h" @@ -1358,6 +1358,15 @@ reply: } ia4_release(ia, &psref_ia); + /* + * XXX XXX: Here we're recycling the mbuf. But the mbuf could have + * other mbufs in its chain, and just overwriting m->m_pkthdr.len + * would be wrong in this case (the length becomes smaller than the + * real chain size). + * + * This can theoretically cause bugs in the lower layers (drivers, + * and L2encap), in some corner cases. + */ memcpy(ar_tpa(ah), ar_spa(ah), ah->ar_pln); memcpy(ar_spa(ah), &itaddr, ah->ar_pln); ah->ar_op = htons(ARPOP_REPLY);
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Tue Apr 10 08:41:14 UTC 2018 Modified Files: src/sys/netinet: if_arp.c Log Message: Remove unused mbuf argument from arpcreate() and arplookup(). To generate a diff of this commit: cvs rdiff -u -r1.271 -r1.272 src/sys/netinet/if_arp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/if_arp.c diff -u src/sys/netinet/if_arp.c:1.271 src/sys/netinet/if_arp.c:1.272 --- src/sys/netinet/if_arp.c:1.271 Thu Mar 8 06:48:23 2018 +++ src/sys/netinet/if_arp.c Tue Apr 10 08:41:14 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_arp.c,v 1.271 2018/03/08 06:48:23 ozaki-r Exp $ */ +/* $NetBSD: if_arp.c,v 1.272 2018/04/10 08:41:14 maxv Exp $ */ /* * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc. @@ -68,7 +68,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.271 2018/03/08 06:48:23 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.272 2018/04/10 08:41:14 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_ddb.h" @@ -163,9 +163,9 @@ static struct sockaddr *arp_setgate(stru const struct sockaddr *); static void arptimer(void *); static void arp_settimer(struct llentry *, int); -static struct llentry *arplookup(struct ifnet *, struct mbuf *, +static struct llentry *arplookup(struct ifnet *, const struct in_addr *, const struct sockaddr *, int); -static struct llentry *arpcreate(struct ifnet *, struct mbuf *, +static struct llentry *arpcreate(struct ifnet *, const struct in_addr *, const struct sockaddr *, int); static void in_arpinput(struct mbuf *); static void in_revarpinput(struct mbuf *); @@ -733,7 +733,7 @@ arpresolve(struct ifnet *ifp, const stru KASSERT(m != NULL); - la = arplookup(ifp, m, NULL, dst, 0); + la = arplookup(ifp, NULL, dst, 0); if (la == NULL) goto notfound; @@ -1193,9 +1193,9 @@ in_arpinput(struct mbuf *m) goto reply; if (in_hosteq(itaddr, myaddr)) - la = arpcreate(ifp, m, &isaddr, NULL, 1); + la = arpcreate(ifp, &isaddr, NULL, 1); else - la = arplookup(ifp, m, &isaddr, NULL, 1); + la = arplookup(ifp, &isaddr, NULL, 1); if (la == NULL) goto reply; @@ -1400,14 +1400,13 @@ out: * Lookup or a new address in arptab. */ static struct llentry * -arplookup(struct ifnet *ifp, struct mbuf *m, const struct in_addr *addr, +arplookup(struct ifnet *ifp, const struct in_addr *addr, const struct sockaddr *sa, int wlock) { struct sockaddr_in sin; struct llentry *la; int flags = wlock ? LLE_EXCLUSIVE : 0; - if (sa == NULL) { KASSERT(addr != NULL); sockaddr_in_init(&sin, addr, 0); @@ -1422,7 +1421,7 @@ arplookup(struct ifnet *ifp, struct mbuf } static struct llentry * -arpcreate(struct ifnet *ifp, struct mbuf *m, const struct in_addr *addr, +arpcreate(struct ifnet *ifp, const struct in_addr *addr, const struct sockaddr *sa, int wlock) { struct sockaddr_in sin; @@ -1435,7 +1434,7 @@ arpcreate(struct ifnet *ifp, struct mbuf sa = sintocsa(&sin); } - la = arplookup(ifp, m, addr, sa, wlock); + la = arplookup(ifp, addr, sa, wlock); if (la == NULL) { struct rtentry *rt;
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Tue Apr 10 08:22:35 UTC 2018 Modified Files: src/sys/netinet: igmp.c Log Message: Replace comment by KASSERT. To generate a diff of this commit: cvs rdiff -u -r1.66 -r1.67 src/sys/netinet/igmp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/igmp.c diff -u src/sys/netinet/igmp.c:1.66 src/sys/netinet/igmp.c:1.67 --- src/sys/netinet/igmp.c:1.66 Wed Feb 7 11:42:58 2018 +++ src/sys/netinet/igmp.c Tue Apr 10 08:22:35 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: igmp.c,v 1.66 2018/02/07 11:42:58 maxv Exp $ */ +/* $NetBSD: igmp.c,v 1.67 2018/04/10 08:22:35 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -40,7 +40,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: igmp.c,v 1.66 2018/02/07 11:42:58 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: igmp.c,v 1.67 2018/04/10 08:22:35 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_mrouting.h" @@ -602,11 +602,8 @@ igmp_sendpkt(struct in_multi *inm, int t MGETHDR(m, M_DONTWAIT, MT_HEADER); if (m == NULL) return; + KASSERT(max_linkhdr + sizeof(struct ip) + IGMP_MINLEN <= MHLEN); - /* - * Assume max_linkhdr + sizeof(struct ip) + IGMP_MINLEN - * is smaller than mbuf size returned by MGETHDR. - */ m->m_data += max_linkhdr; m->m_len = sizeof(struct ip) + IGMP_MINLEN; m->m_pkthdr.len = sizeof(struct ip) + IGMP_MINLEN;
CVS commit: src/sys/netinet
Module Name:src Committed By: christos Date: Sun Apr 8 13:52:22 UTC 2018 Modified Files: src/sys/netinet: in.c Log Message: Protect ip_dad_count with if NARP > 0 to fix compilation To generate a diff of this commit: cvs rdiff -u -r1.227 -r1.228 src/sys/netinet/in.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/in.c diff -u src/sys/netinet/in.c:1.227 src/sys/netinet/in.c:1.228 --- src/sys/netinet/in.c:1.227 Fri Apr 6 12:03:16 2018 +++ src/sys/netinet/in.c Sun Apr 8 09:52:22 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: in.c,v 1.227 2018/04/06 16:03:16 ozaki-r Exp $ */ +/* $NetBSD: in.c,v 1.228 2018/04/08 13:52:22 christos Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: in.c,v 1.227 2018/04/06 16:03:16 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: in.c,v 1.228 2018/04/08 13:52:22 christos Exp $"); #include "arp.h" @@ -1150,7 +1150,11 @@ in_ifinit(struct ifnet *ifp, struct in_i if (ifp->if_link_state == LINK_STATE_DOWN) { ia->ia4_flags |= IN_IFF_DETACHED; ia->ia4_flags &= ~IN_IFF_TENTATIVE; - } else if (hostIsNew && if_do_dad(ifp) && ip_dad_count > 0) + } else if (hostIsNew && if_do_dad(ifp) +#if NARP > 0 + && ip_dad_count > 0 +#endif + ) ia->ia4_flags |= IN_IFF_TRYTENTATIVE; /*
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Sun Apr 8 12:18:06 UTC 2018 Modified Files: src/sys/netinet: ip_var.h tcp_input.c Log Message: Remove the ipre_mlast field and the TRAVERSE macro. The goal was to store in ipre_mlast the last mbuf of the chain, so that m_cat could be called on it. But it's not needed, since m_cat already does the equivalent of TRAVERSE itself. If it were needed, there would be a bug, since we don't call TRAVERSE on ipre_mlast when creating a new reassembly entry. To generate a diff of this commit: cvs rdiff -u -r1.124 -r1.125 src/sys/netinet/ip_var.h cvs rdiff -u -r1.404 -r1.405 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_var.h diff -u src/sys/netinet/ip_var.h:1.124 src/sys/netinet/ip_var.h:1.125 --- src/sys/netinet/ip_var.h:1.124 Sun Apr 8 11:50:46 2018 +++ src/sys/netinet/ip_var.h Sun Apr 8 12:18:06 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_var.h,v 1.124 2018/04/08 11:50:46 maxv Exp $ */ +/* $NetBSD: ip_var.h,v 1.125 2018/04/08 12:18:06 maxv Exp $ */ /* * Copyright (c) 1982, 1986, 1993 @@ -72,8 +72,7 @@ struct ipflow { TAILQ_HEAD(ipqehead, ipqent); struct ipqent { TAILQ_ENTRY(ipqent) ipqe_q; - struct mbuf *ipqe_m; /* point to first mbuf */ - struct mbuf *ipre_mlast; /* point to last mbuf */ + struct mbuf *ipqe_m; TAILQ_ENTRY(ipqent) ipqe_timeq; u_int32_t ipqe_seq; u_int32_t ipqe_len; Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.404 src/sys/netinet/tcp_input.c:1.405 --- src/sys/netinet/tcp_input.c:1.404 Tue Apr 3 09:03:59 2018 +++ src/sys/netinet/tcp_input.c Sun Apr 8 12:18:06 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.404 2018/04/03 09:03:59 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.405 2018/04/08 12:18:06 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.404 2018/04/03 09:03:59 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.405 2018/04/08 12:18:06 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -405,8 +405,6 @@ static void tcp4_log_refused(const struc static void tcp6_log_refused(const struct ip6_hdr *, const struct tcphdr *); #endif -#define TRAVERSE(x) while ((x)->m_next) (x) = (x)->m_next - #if defined(MBUFTRACE) struct mowner tcp_reass_mowner = MOWNER_INIT("tcp", "reass"); #endif /* defined(MBUFTRACE) */ @@ -501,8 +499,7 @@ tcp_reass(struct tcpcb *tp, const struct if (pkt_seq == p->ipqe_seq + p->ipqe_len) { p->ipqe_len += pkt_len; p->ipqe_flags |= pkt_flags; - m_cat(p->ipre_mlast, m); - TRAVERSE(p->ipre_mlast); + m_cat(p->ipqe_m, m); m = NULL; tiqe = p; TAILQ_REMOVE(&tp->timeq, p, ipqe_timeq); @@ -533,8 +530,6 @@ tcp_reass(struct tcpcb *tp, const struct q->ipqe_flags |= pkt_flags; m_cat(m, q->ipqe_m); q->ipqe_m = m; - q->ipre_mlast = m; /* last mbuf may have changed */ - TRAVERSE(q->ipre_mlast); tiqe = q; TAILQ_REMOVE(&tp->timeq, q, ipqe_timeq); TCP_REASS_COUNTER_INCR(&tcp_reass_prependfirst); @@ -562,8 +557,7 @@ tcp_reass(struct tcpcb *tp, const struct pkt_len += q->ipqe_len; pkt_flags |= q->ipqe_flags; pkt_seq = q->ipqe_seq; - m_cat(q->ipre_mlast, m); - TRAVERSE(q->ipre_mlast); + m_cat(q->ipqe_m, m); m = q->ipqe_m; TCP_REASS_COUNTER_INCR(&tcp_reass_append); goto free_ipqe; @@ -629,8 +623,7 @@ tcp_reass(struct tcpcb *tp, const struct int overlap = q->ipqe_seq + q->ipqe_len - pkt_seq; m_adj(m, overlap); rcvpartdupbyte += overlap; - m_cat(q->ipre_mlast, m); - TRAVERSE(q->ipre_mlast); + m_cat(q->ipqe_m, m); m = q->ipqe_m; pkt_seq = q->ipqe_seq; pkt_len += q->ipqe_len - overlap; @@ -750,7 +743,6 @@ insert_it: * Insert the new fragment queue entry into both queues. */ tiqe->ipqe_m = m; - tiqe->ipre_mlast = m; tiqe->ipqe_seq = pkt_seq; tiqe->ipqe_len = pkt_len; tiqe->ipqe_flags = pkt_flags;
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Sun Apr 8 11:50:46 UTC 2018 Modified Files: src/sys/netinet: ip_var.h Log Message: Remove unused field, and sync comment with reality. To generate a diff of this commit: cvs rdiff -u -r1.123 -r1.124 src/sys/netinet/ip_var.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_var.h diff -u src/sys/netinet/ip_var.h:1.123 src/sys/netinet/ip_var.h:1.124 --- src/sys/netinet/ip_var.h:1.123 Tue Apr 3 08:46:01 2018 +++ src/sys/netinet/ip_var.h Sun Apr 8 11:50:46 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_var.h,v 1.123 2018/04/03 08:46:01 maxv Exp $ */ +/* $NetBSD: ip_var.h,v 1.124 2018/04/08 11:50:46 maxv Exp $ */ /* * Copyright (c) 1982, 1986, 1993 @@ -67,17 +67,13 @@ struct ipflow { }; /* - * IP sequence queue structure. + * TCP sequence queue structure. */ TAILQ_HEAD(ipqehead, ipqent); struct ipqent { TAILQ_ENTRY(ipqent) ipqe_q; struct mbuf *ipqe_m; /* point to first mbuf */ struct mbuf *ipre_mlast; /* point to last mbuf */ - u_int8_t ipqe_mff; /* for IP fragmentation */ - /* - * The following are used in TCP reassembly - */ TAILQ_ENTRY(ipqent) ipqe_timeq; u_int32_t ipqe_seq; u_int32_t ipqe_len;
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Sat Apr 7 13:48:50 UTC 2018 Modified Files: src/sys/netinet: tcp_fsm.h tcp_usrreq.c Log Message: Remove dead code. To generate a diff of this commit: cvs rdiff -u -r1.15 -r1.16 src/sys/netinet/tcp_fsm.h cvs rdiff -u -r1.217 -r1.218 src/sys/netinet/tcp_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_fsm.h diff -u src/sys/netinet/tcp_fsm.h:1.15 src/sys/netinet/tcp_fsm.h:1.16 --- src/sys/netinet/tcp_fsm.h:1.15 Sat Dec 10 23:36:23 2005 +++ src/sys/netinet/tcp_fsm.h Sat Apr 7 13:48:50 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_fsm.h,v 1.15 2005/12/10 23:36:23 elad Exp $ */ +/* $NetBSD: tcp_fsm.h,v 1.16 2018/04/07 13:48:50 maxv Exp $ */ /* * Copyright (c) 1982, 1986, 1993 @@ -83,10 +83,6 @@ const u_char tcp_outflags[TCP_NSTATES] = }; #endif -#ifdef KPROF -int tcp_acounts[TCP_NSTATES][PRU_NREQ]; -#endif - #ifdef TCPSTATES const char * const tcpstates[] = { "CLOSED", "LISTEN", "SYN_SENT", "SYN_RCVD", Index: src/sys/netinet/tcp_usrreq.c diff -u src/sys/netinet/tcp_usrreq.c:1.217 src/sys/netinet/tcp_usrreq.c:1.218 --- src/sys/netinet/tcp_usrreq.c:1.217 Thu Mar 29 07:46:43 2018 +++ src/sys/netinet/tcp_usrreq.c Sat Apr 7 13:48:50 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_usrreq.c,v 1.217 2018/03/29 07:46:43 maxv Exp $ */ +/* $NetBSD: tcp_usrreq.c,v 1.218 2018/04/07 13:48:50 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -99,7 +99,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_usrreq.c,v 1.217 2018/03/29 07:46:43 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_usrreq.c,v 1.218 2018/04/07 13:48:50 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -156,9 +156,6 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_usrreq.c static int tcp_debug_capture(struct tcpcb *tp, int req) { -#ifdef KPROF - tcp_acounts[tp->t_state][req]++; -#endif #ifdef TCP_DEBUG return tp->t_state; #endif
CVS commit: src/sys/netinet
Module Name:src Committed By: ozaki-r Date: Fri Apr 6 16:01:16 UTC 2018 Modified Files: src/sys/netinet: in.c Log Message: Revert the previous two commits as per roy@'s request It broke the ip_dad_count > 0 case unexpectedly. To generate a diff of this commit: cvs rdiff -u -r1.225 -r1.226 src/sys/netinet/in.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/in.c diff -u src/sys/netinet/in.c:1.225 src/sys/netinet/in.c:1.226 --- src/sys/netinet/in.c:1.225 Fri Apr 6 09:20:29 2018 +++ src/sys/netinet/in.c Fri Apr 6 16:01:16 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: in.c,v 1.225 2018/04/06 09:20:29 ozaki-r Exp $ */ +/* $NetBSD: in.c,v 1.226 2018/04/06 16:01:16 ozaki-r Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: in.c,v 1.225 2018/04/06 09:20:29 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: in.c,v 1.226 2018/04/06 16:01:16 ozaki-r Exp $"); #include "arp.h" @@ -1143,15 +1143,15 @@ in_ifinit(struct ifnet *ifp, struct in_i * We need to do this early because they maybe adjusted * by if_addr_init depending on the address. */ - if (ia->ia4_flags & IN_IFF_DUPLICATED) + if (ia->ia4_flags & IN_IFF_DUPLICATED) { + ia->ia4_flags &= ~IN_IFF_DUPLICATED; hostIsNew = 1; - ia->ia4_flags = 0; - if (ip_dad_count > 0) { - if (ifp->if_link_state == LINK_STATE_DOWN) - ia->ia4_flags |= IN_IFF_DETACHED; - else if (hostIsNew && if_do_dad(ifp)) - ia->ia4_flags |= IN_IFF_TRYTENTATIVE; } + if (ifp->if_link_state == LINK_STATE_DOWN) { + ia->ia4_flags |= IN_IFF_DETACHED; + ia->ia4_flags &= ~IN_IFF_TENTATIVE; + } else if (hostIsNew && if_do_dad(ifp)) + ia->ia4_flags |= IN_IFF_TRYTENTATIVE; /* * Give the interface a chance to initialize
CVS commit: src/sys/netinet
Module Name:src Committed By: ozaki-r Date: Fri Apr 6 09:20:29 UTC 2018 Modified Files: src/sys/netinet: in.c Log Message: Don't set IN_IFF_* flags to ia4_flags if DAD is disabled This fix allows that a GARP packet is sent when adding an IP address to an interface with IFF_UP on a kernel with IPv4 DAD is disabled (net.inet.ip.dad_count=0), which is the same behavior of NetBSD 7, i.e., before introducing the IPv4 DAD. To generate a diff of this commit: cvs rdiff -u -r1.224 -r1.225 src/sys/netinet/in.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/in.c diff -u src/sys/netinet/in.c:1.224 src/sys/netinet/in.c:1.225 --- src/sys/netinet/in.c:1.224 Fri Apr 6 09:19:16 2018 +++ src/sys/netinet/in.c Fri Apr 6 09:20:29 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: in.c,v 1.224 2018/04/06 09:19:16 ozaki-r Exp $ */ +/* $NetBSD: in.c,v 1.225 2018/04/06 09:20:29 ozaki-r Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: in.c,v 1.224 2018/04/06 09:19:16 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: in.c,v 1.225 2018/04/06 09:20:29 ozaki-r Exp $"); #include "arp.h" @@ -1146,10 +1146,12 @@ in_ifinit(struct ifnet *ifp, struct in_i if (ia->ia4_flags & IN_IFF_DUPLICATED) hostIsNew = 1; ia->ia4_flags = 0; - if (ifp->if_link_state == LINK_STATE_DOWN) - ia->ia4_flags |= IN_IFF_DETACHED; - else if (hostIsNew && if_do_dad(ifp)) - ia->ia4_flags |= IN_IFF_TRYTENTATIVE; + if (ip_dad_count > 0) { + if (ifp->if_link_state == LINK_STATE_DOWN) + ia->ia4_flags |= IN_IFF_DETACHED; + else if (hostIsNew && if_do_dad(ifp)) + ia->ia4_flags |= IN_IFF_TRYTENTATIVE; + } /* * Give the interface a chance to initialize
CVS commit: src/sys/netinet
Module Name:src Committed By: ozaki-r Date: Fri Apr 6 09:19:16 UTC 2018 Modified Files: src/sys/netinet: in.c Log Message: Simplify; clear then set flags to ia4_flags (NFCI) To generate a diff of this commit: cvs rdiff -u -r1.223 -r1.224 src/sys/netinet/in.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/in.c diff -u src/sys/netinet/in.c:1.223 src/sys/netinet/in.c:1.224 --- src/sys/netinet/in.c:1.223 Tue Mar 6 07:27:55 2018 +++ src/sys/netinet/in.c Fri Apr 6 09:19:16 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: in.c,v 1.223 2018/03/06 07:27:55 ozaki-r Exp $ */ +/* $NetBSD: in.c,v 1.224 2018/04/06 09:19:16 ozaki-r Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: in.c,v 1.223 2018/03/06 07:27:55 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: in.c,v 1.224 2018/04/06 09:19:16 ozaki-r Exp $"); #include "arp.h" @@ -1143,14 +1143,12 @@ in_ifinit(struct ifnet *ifp, struct in_i * We need to do this early because they maybe adjusted * by if_addr_init depending on the address. */ - if (ia->ia4_flags & IN_IFF_DUPLICATED) { - ia->ia4_flags &= ~IN_IFF_DUPLICATED; + if (ia->ia4_flags & IN_IFF_DUPLICATED) hostIsNew = 1; - } - if (ifp->if_link_state == LINK_STATE_DOWN) { + ia->ia4_flags = 0; + if (ifp->if_link_state == LINK_STATE_DOWN) ia->ia4_flags |= IN_IFF_DETACHED; - ia->ia4_flags &= ~IN_IFF_TENTATIVE; - } else if (hostIsNew && if_do_dad(ifp)) + else if (hostIsNew && if_do_dad(ifp)) ia->ia4_flags |= IN_IFF_TRYTENTATIVE; /*
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Tue Apr 3 08:46:01 UTC 2018 Modified Files: src/sys/netinet: ip_var.h Log Message: Remove unused fields and outdated comment. To generate a diff of this commit: cvs rdiff -u -r1.122 -r1.123 src/sys/netinet/ip_var.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_var.h diff -u src/sys/netinet/ip_var.h:1.122 src/sys/netinet/ip_var.h:1.123 --- src/sys/netinet/ip_var.h:1.122 Wed Jan 10 10:56:30 2018 +++ src/sys/netinet/ip_var.h Tue Apr 3 08:46:01 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_var.h,v 1.122 2018/01/10 10:56:30 knakahara Exp $ */ +/* $NetBSD: ip_var.h,v 1.123 2018/04/03 08:46:01 maxv Exp $ */ /* * Copyright (c) 1982, 1986, 1993 @@ -68,22 +68,10 @@ struct ipflow { /* * IP sequence queue structure. - * - * XXX -- The following explains why the ipqe_m field is here, for TCP's use: - * We want to avoid doing m_pullup on incoming packets but that - * means avoiding dtom on the tcp reassembly code. That in turn means - * keeping an mbuf pointer in the reassembly queue (since we might - * have a cluster). As a quick hack, the source & destination - * port numbers (which are no longer needed once we've located the - * tcpcb) are overlayed with an mbuf pointer. */ TAILQ_HEAD(ipqehead, ipqent); struct ipqent { TAILQ_ENTRY(ipqent) ipqe_q; - union { - struct ip *_ip; - struct tcpiphdr *_tcp; - } _ipqe_u1; struct mbuf *ipqe_m; /* point to first mbuf */ struct mbuf *ipre_mlast; /* point to last mbuf */ u_int8_t ipqe_mff; /* for IP fragmentation */ @@ -95,7 +83,6 @@ struct ipqent { u_int32_t ipqe_len; u_int32_t ipqe_flags; }; -#define ipqe_tcp _ipqe_u1._tcp /* * Structure stored in mbuf in inpcb.ip_options
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Tue Apr 3 08:02:34 UTC 2018 Modified Files: src/sys/netinet: tcp_output.c Log Message: bcopy -> memcpy, it's obvious the areas don't overlap. To generate a diff of this commit: cvs rdiff -u -r1.204 -r1.205 src/sys/netinet/tcp_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_output.c diff -u src/sys/netinet/tcp_output.c:1.204 src/sys/netinet/tcp_output.c:1.205 --- src/sys/netinet/tcp_output.c:1.204 Sun Apr 1 12:58:47 2018 +++ src/sys/netinet/tcp_output.c Tue Apr 3 08:02:34 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_output.c,v 1.204 2018/04/01 12:58:47 maxv Exp $ */ +/* $NetBSD: tcp_output.c,v 1.205 2018/04/03 08:02:34 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -135,7 +135,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.204 2018/04/01 12:58:47 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.205 2018/04/03 08:02:34 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -299,7 +299,7 @@ tcp_segsize(struct tcpcb *tp, int *txseg if (IN6_IS_ADDR_V4MAPPED(&in6p->in6p_faddr)) { /* mapped addr case */ struct in_addr d; - bcopy(&in6p->in6p_faddr.s6_addr32[3], &d, sizeof(d)); + memcpy(&d, &in6p->in6p_faddr.s6_addr32[3], sizeof(d)); if (tp->t_mtudisc || in_localaddr(d)) size = ifp->if_mtu - hdrlen; } else { @@ -1400,7 +1400,7 @@ reset: TCP_REASS_UNLOCK(tp); } th->th_ack = htonl(tp->rcv_nxt); if (optlen) { - bcopy((void *)opt, (void *)(th + 1), optlen); + memcpy(th + 1, opt, optlen); th->th_off = (sizeof (struct tcphdr) + optlen) >> 2; } th->th_flags = flags;
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Sun Apr 1 12:58:47 UTC 2018 Modified Files: src/sys/netinet: tcp_output.c Log Message: Change the check to be <= instead of <. This fixes one occurrence of an apparently widespread division-by-zero bug in our TCP code: if a user adds huge IPv6 options with setsockopt, and if the total size of the options happens to be equal to the available space calculated for the TCP payload, t_segsz gets set to zero, and given that we then divide several things by it, the kernel crashes. To generate a diff of this commit: cvs rdiff -u -r1.203 -r1.204 src/sys/netinet/tcp_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_output.c diff -u src/sys/netinet/tcp_output.c:1.203 src/sys/netinet/tcp_output.c:1.204 --- src/sys/netinet/tcp_output.c:1.203 Sun Apr 1 12:46:50 2018 +++ src/sys/netinet/tcp_output.c Sun Apr 1 12:58:47 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_output.c,v 1.203 2018/04/01 12:46:50 maxv Exp $ */ +/* $NetBSD: tcp_output.c,v 1.204 2018/04/01 12:58:47 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -135,7 +135,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.203 2018/04/01 12:46:50 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.204 2018/04/01 12:58:47 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -358,9 +358,13 @@ tcp_segsize(struct tcpcb *tp, int *txseg #endif size -= optlen; - /* there may not be any room for data if mtu is too small */ - if (size < 0) + /* + * There may not be any room for data if mtu is too small. This + * includes zero-sized. + */ + if (size <= 0) { return EMSGSIZE; + } /* * *rxsegsizep holds *estimated* inbound segment size (estimation
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Sun Apr 1 12:46:50 UTC 2018 Modified Files: src/sys/netinet: tcp_output.c Log Message: Reorder and style, for clarity. To generate a diff of this commit: cvs rdiff -u -r1.202 -r1.203 src/sys/netinet/tcp_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_output.c diff -u src/sys/netinet/tcp_output.c:1.202 src/sys/netinet/tcp_output.c:1.203 --- src/sys/netinet/tcp_output.c:1.202 Fri Mar 30 08:57:32 2018 +++ src/sys/netinet/tcp_output.c Sun Apr 1 12:46:50 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_output.c,v 1.202 2018/03/30 08:57:32 maxv Exp $ */ +/* $NetBSD: tcp_output.c,v 1.203 2018/04/01 12:46:50 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -135,7 +135,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.202 2018/03/30 08:57:32 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.203 2018/04/01 12:46:50 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -239,6 +239,7 @@ tcp_segsize(struct tcpcb *tp, int *txseg int optlen; *alwaysfragp = false; + size = tcp_mssdflt; KASSERT(!(tp->t_inpcb && tp->t_in6pcb)); @@ -252,7 +253,6 @@ tcp_segsize(struct tcpcb *tp, int *txseg break; #endif default: - size = tcp_mssdflt; goto out; } @@ -268,13 +268,11 @@ tcp_segsize(struct tcpcb *tp, int *txseg } #endif if (rt == NULL) { - size = tcp_mssdflt; goto out; } ifp = rt->rt_ifp; - size = tcp_mssdflt; if (tp->t_mtudisc && rt->rt_rmx.rmx_mtu != 0) { #ifdef INET6 if (in6p && rt->rt_rmx.rmx_mtu < IPV6_MMTU) { @@ -373,15 +371,17 @@ tcp_segsize(struct tcpcb *tp, int *txseg * I'm not quite sure about this (could someone comment). */ *txsegsizep = min(tp->t_peermss - optlen, size); + *rxsegsizep = min(tp->t_ourmss - optlen, size); + /* * Never send more than half a buffer full. This insures that we can * always keep 2 packets on the wire, no matter what SO_SNDBUF is, and * therefore acks will never be delayed unless we run out of data to * transmit. */ - if (so) + if (so) { *txsegsizep = min(so->so_snd.sb_hiwat >> 1, *txsegsizep); - *rxsegsizep = min(tp->t_ourmss - optlen, size); + } if (*txsegsizep != tp->t_segsz) { /* @@ -395,9 +395,9 @@ tcp_segsize(struct tcpcb *tp, int *txseg */ if (*txsegsizep < tp->t_segsz) { tp->snd_cwnd = max((tp->snd_cwnd / tp->t_segsz) - * *txsegsizep, *txsegsizep); + * *txsegsizep, *txsegsizep); tp->snd_ssthresh = max((tp->snd_ssthresh / tp->t_segsz) - * *txsegsizep, *txsegsizep); + * *txsegsizep, *txsegsizep); } tp->t_segsz = *txsegsizep; }
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Fri Mar 30 08:57:32 UTC 2018 Modified Files: src/sys/netinet: tcp_output.c Log Message: Remove dead code. It was introduced in rev1 (25 years ago), and is irrelevant today. To generate a diff of this commit: cvs rdiff -u -r1.201 -r1.202 src/sys/netinet/tcp_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_output.c diff -u src/sys/netinet/tcp_output.c:1.201 src/sys/netinet/tcp_output.c:1.202 --- src/sys/netinet/tcp_output.c:1.201 Fri Mar 30 08:53:51 2018 +++ src/sys/netinet/tcp_output.c Fri Mar 30 08:57:32 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_output.c,v 1.201 2018/03/30 08:53:51 maxv Exp $ */ +/* $NetBSD: tcp_output.c,v 1.202 2018/03/30 08:57:32 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -135,7 +135,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.201 2018/03/30 08:53:51 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.202 2018/03/30 08:57:32 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -194,10 +194,6 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_output.c #include #include -#ifdef notyet -extern struct mbuf *m_copypack(); -#endif - /* * Knob to enable Congestion Window Monitoring, and control * the burst size it allows. Default burst is 4 packets, per @@ -428,16 +424,7 @@ tcp_build_datapkt(struct tcpcb *tp, stru tcps[TCP_STAT_SNDBYTE] += len; } TCP_STAT_PUTREF(); -#ifdef notyet - if ((m = m_copypack(so->so_snd.sb_mb, off, - (int)len, max_linkhdr + hdrlen)) == 0) - return ENOBUFS; - /* - * m_copypack left space for our hdr; use it. - */ - m->m_len += hdrlen; - m->m_data -= hdrlen; -#else + MGETHDR(m, M_DONTWAIT, MT_HEADER); if (__predict_false(m == NULL)) return ENOBUFS; @@ -514,7 +501,6 @@ tcp_build_datapkt(struct tcpcb *tp, stru TCP_OUTPUT_COUNTER_INCR(&tcp_output_copybig); #endif } -#endif *mp = m; return 0;
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Fri Mar 30 08:53:51 UTC 2018 Modified Files: src/sys/netinet: tcp_output.c Log Message: Style, use NULL for pointers, use KASSERT, and don't inline huge functions, we want to debug them with DDB (and not just with GPROF). To generate a diff of this commit: cvs rdiff -u -r1.200 -r1.201 src/sys/netinet/tcp_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_output.c diff -u src/sys/netinet/tcp_output.c:1.200 src/sys/netinet/tcp_output.c:1.201 --- src/sys/netinet/tcp_output.c:1.200 Thu Mar 29 07:46:43 2018 +++ src/sys/netinet/tcp_output.c Fri Mar 30 08:53:51 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_output.c,v 1.200 2018/03/29 07:46:43 maxv Exp $ */ +/* $NetBSD: tcp_output.c,v 1.201 2018/03/30 08:53:51 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -135,7 +135,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.200 2018/03/29 07:46:43 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.201 2018/03/30 08:53:51 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -227,11 +227,7 @@ extern struct evcnt tcp_output_refbig; #endif /* TCP_OUTPUT_COUNTERS */ -static -#ifndef GPROF -inline -#endif -int +static int tcp_segsize(struct tcpcb *tp, int *txsegsizep, int *rxsegsizep, bool *alwaysfragp) { @@ -248,10 +244,8 @@ tcp_segsize(struct tcpcb *tp, int *txseg *alwaysfragp = false; -#ifdef DIAGNOSTIC - if (tp->t_inpcb && tp->t_in6pcb) - panic("tcp_segsize: both t_inpcb and t_in6pcb are set"); -#endif + KASSERT(!(tp->t_inpcb && tp->t_in6pcb)); + switch (tp->t_family) { case AF_INET: hdrlen = sizeof(struct ip) + sizeof(struct tcphdr); @@ -372,7 +366,7 @@ tcp_segsize(struct tcpcb *tp, int *txseg /* there may not be any room for data if mtu is too small */ if (size < 0) - return (EMSGSIZE); + return EMSGSIZE; /* * *rxsegsizep holds *estimated* inbound segment size (estimation @@ -412,14 +406,10 @@ tcp_segsize(struct tcpcb *tp, int *txseg tp->t_segsz = *txsegsizep; } - return (0); + return 0; } -static -#ifndef GPROF -inline -#endif -int +static int tcp_build_datapkt(struct tcpcb *tp, struct socket *so, int off, long len, int hdrlen, struct mbuf **mp) { @@ -441,7 +431,7 @@ tcp_build_datapkt(struct tcpcb *tp, stru #ifdef notyet if ((m = m_copypack(so->so_snd.sb_mb, off, (int)len, max_linkhdr + hdrlen)) == 0) - return (ENOBUFS); + return ENOBUFS; /* * m_copypack left space for our hdr; use it. */ @@ -450,7 +440,7 @@ tcp_build_datapkt(struct tcpcb *tp, stru #else MGETHDR(m, M_DONTWAIT, MT_HEADER); if (__predict_false(m == NULL)) - return (ENOBUFS); + return ENOBUFS; MCLAIM(m, &tcp_tx_mowner); /* @@ -464,7 +454,7 @@ tcp_build_datapkt(struct tcpcb *tp, stru MCLGET(m, M_DONTWAIT); if ((m->m_flags & M_EXT) == 0) { m_freem(m); - return (ENOBUFS); + return ENOBUFS; } } @@ -508,26 +498,26 @@ tcp_build_datapkt(struct tcpcb *tp, stru off = tp->t_inoff; if (len <= M_TRAILINGSPACE(m)) { - m_copydata(m0, off, (int) len, mtod(m, char *) + hdrlen); + m_copydata(m0, off, (int)len, mtod(m, char *) + hdrlen); m->m_len += len; TCP_OUTPUT_COUNTER_INCR(&tcp_output_copysmall); } else { - m->m_next = m_copym(m0, off, (int) len, M_DONTWAIT); + m->m_next = m_copym(m0, off, (int)len, M_DONTWAIT); if (m->m_next == NULL) { m_freem(m); - return (ENOBUFS); + return ENOBUFS; } #ifdef TCP_OUTPUT_COUNTERS if (m->m_next->m_flags & M_EXT) TCP_OUTPUT_COUNTER_INCR(&tcp_output_refbig); else TCP_OUTPUT_COUNTER_INCR(&tcp_output_copybig); -#endif /* TCP_OUTPUT_COUNTERS */ +#endif } #endif *mp = m; - return (0); + return 0; } /* @@ -568,10 +558,8 @@ tcp_output(struct tcpcb *tp) #endif uint64_t *tcps; -#ifdef DIAGNOSTIC - if (tp->t_inpcb && tp->t_in6pcb) - panic("tcp_output: both t_inpcb and t_in6pcb are set"); -#endif + KASSERT(!(tp->t_inpcb && tp->t_in6pcb)); + so = NULL; ro = NULL; if (tp->t_inpcb) { @@ -594,19 +582,19 @@ tcp_output(struct tcpcb *tp) if (tp->t_in6pcb) break; #endif - return (EINVAL); + return EINVAL; #ifdef INET6 case AF_INET6: if (tp->t_in6pcb) break; - return (EINVAL); + return EINVAL; #endif default: - return (EAFNOSUPPORT); + return EAFNOSUPPORT; } if (tcp_segsize(tp, &txsegsize, &rxsegsize, &alwaysfrag)) - return (EMSGSIZE); + return EMSGSIZE; idle = (tp->snd_max == tp->snd_una); @@ -739,7 +727,7 @@ again: * now, and we previously incremented snd_cwnd in tcp_input(). */ /* - * Still in sack recovery , reset rxmit flag to zero. + * Still in sack recovery, reset rxmit flag to zero. */ sack_rxmit = 0; sack_bytes_rxmt = 0; @@ -749,12 +737,12 @@ again: long cwin; if (!TCP_SACK_ENABLED(tp)) break; - if (tp->t_partialacks < 0) + if (tp->t_partialacks < 0) br
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Fri Mar 30 08:25:06 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Fix the log. mtod never returns NULL, so 'ip' is always non-NULL, and the 'ip6' branch is never taken. As a result we log garbage on IPv6 packets. Use ip_v instead. To generate a diff of this commit: cvs rdiff -u -r1.402 -r1.403 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.402 src/sys/netinet/tcp_input.c:1.403 --- src/sys/netinet/tcp_input.c:1.402 Fri Mar 30 07:11:40 2018 +++ src/sys/netinet/tcp_input.c Fri Mar 30 08:25:06 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.402 2018/03/30 07:11:40 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.403 2018/03/30 08:25:06 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.402 2018/03/30 07:11:40 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.403 2018/03/30 08:25:06 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -3176,16 +3176,23 @@ tcp_dooptions(struct tcpcb *tp, const u_ #ifdef INET6 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); #endif -if (ip) + +switch (ip->ip_v) { +case 4: in_print(buf, sizeof(buf), &ip->ip_src); + break; #ifdef INET6 -else if (ip6) +case 6: in6_print(buf, sizeof(buf), &ip6->ip6_src); + break; #endif -else +default: strlcpy(buf, "(unknown)", sizeof(buf)); + break; +} + log(LOG_ERR, "TCP: invalid wscale %d from %s, " "assuming %d\n", tp->requested_s_scale, buf,
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Fri Mar 30 07:11:40 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Use consttime_memequal instead of memcmp, to prevent side channels. This functions returns 1 when the buffers are equal, contrary to memcmp, hence the !. To generate a diff of this commit: cvs rdiff -u -r1.401 -r1.402 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.401 src/sys/netinet/tcp_input.c:1.402 --- src/sys/netinet/tcp_input.c:1.401 Thu Mar 29 21:40:53 2018 +++ src/sys/netinet/tcp_input.c Fri Mar 30 07:11:40 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.401 2018/03/29 21:40:53 rmind Exp $ */ +/* $NetBSD: tcp_input.c,v 1.402 2018/03/30 07:11:40 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.401 2018/03/29 21:40:53 rmind Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.402 2018/03/30 07:11:40 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -3236,7 +3236,8 @@ tcp_dooptions(struct tcpcb *tp, const u_ case TCPOPT_SIGNATURE: if (optlen != TCPOLEN_SIGNATURE) continue; - if (sigp && memcmp(sigp, cp + 2, TCP_SIGLEN)) + if (sigp && + !consttime_memequal(sigp, cp + 2, TCP_SIGLEN)) return (-1); sigp = sigbuf; @@ -3269,7 +3270,7 @@ tcp_dooptions(struct tcpcb *tp, const u_ } tcp_fields_to_host(th); - if (memcmp(sig, sigp, TCP_SIGLEN)) { + if (!consttime_memequal(sig, sigp, TCP_SIGLEN)) { TCP_STATINC(TCP_STAT_BADSIG); goto out; } else
CVS commit: src/sys/netinet
Module Name:src Committed By: rmind Date: Thu Mar 29 21:40:53 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: tcp_urp_drop: fix a bug introduced in 1.390 rev (hi maxv@). To generate a diff of this commit: cvs rdiff -u -r1.400 -r1.401 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.400 src/sys/netinet/tcp_input.c:1.401 --- src/sys/netinet/tcp_input.c:1.400 Thu Mar 29 18:54:48 2018 +++ src/sys/netinet/tcp_input.c Thu Mar 29 21:40:53 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.400 2018/03/29 18:54:48 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.401 2018/03/29 21:40:53 rmind Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.400 2018/03/29 18:54:48 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.401 2018/03/29 21:40:53 rmind Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -340,7 +340,7 @@ tcp_fields_to_net(struct tcphdr *th) static void tcp_urp_drop(struct tcphdr *th, int todrop, int *tiflags) { - if (th->th_urp > 1) { + if (th->th_urp > todrop) { th->th_urp -= todrop; } else { *tiflags &= ~TH_URG;
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Mar 29 17:46:17 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Reorder/Fix comments to clarify. To generate a diff of this commit: cvs rdiff -u -r1.398 -r1.399 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.398 src/sys/netinet/tcp_input.c:1.399 --- src/sys/netinet/tcp_input.c:1.398 Thu Mar 29 17:12:36 2018 +++ src/sys/netinet/tcp_input.c Thu Mar 29 17:46:17 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.398 2018/03/29 17:12:36 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.399 2018/03/29 17:46:17 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.398 2018/03/29 17:12:36 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.399 2018/03/29 17:46:17 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -444,6 +444,11 @@ tcpipqent_free(struct ipqent *ipqe) splx(s); } +/* + * Insert segment ti into reassembly queue of tcp with + * control block tp. Return TH_FIN if reassembly now includes + * a segment with FIN. + */ static int tcp_reass(struct tcpcb *tp, const struct tcphdr *th, struct mbuf *m, int tlen) { @@ -479,8 +484,8 @@ tcp_reass(struct tcpcb *tp, const struct rcvoobyte = tlen; /* - * Copy these to local variables because the tcpiphdr - * gets munged while we are collapsing mbufs. + * Copy these to local variables because the TCP header gets munged + * while we are collapsing mbufs. */ pkt_seq = th->th_seq; pkt_len = tlen; @@ -547,6 +552,7 @@ tcp_reass(struct tcpcb *tp, const struct #ifdef TCP_REASS_COUNTERS count++; #endif + /* * If the received segment is just right after this * fragment, merge the two together and then check @@ -567,14 +573,16 @@ tcp_reass(struct tcpcb *tp, const struct TCP_REASS_COUNTER_INCR(&tcp_reass_append); goto free_ipqe; } + /* * If the received segment is completely past this - * fragment, we need to go the next fragment. + * fragment, we need to go to the next fragment. */ if (SEQ_LT(q->ipqe_seq + q->ipqe_len, pkt_seq)) { p = q; continue; } + /* * If the fragment is past the received segment, * it (or any following) can't be concatenated. @@ -586,7 +594,7 @@ tcp_reass(struct tcpcb *tp, const struct /* * We've received all the data in this segment before. - * mark it as a duplicate and return. + * Mark it as a duplicate and return. */ if (SEQ_LEQ(q->ipqe_seq, pkt_seq) && SEQ_GEQ(q->ipqe_seq + q->ipqe_len, pkt_seq + pkt_len)) { @@ -602,6 +610,7 @@ tcp_reass(struct tcpcb *tp, const struct TCP_REASS_COUNTER_INCR(&tcp_reass_segdup); goto out; } + /* * Received segment completely overlaps this fragment * so we drop the fragment (this keeps the temporal @@ -614,11 +623,11 @@ tcp_reass(struct tcpcb *tp, const struct TCP_REASS_COUNTER_INCR(&tcp_reass_fragdup); goto free_ipqe; } + /* - * RX'ed segment extends past the end of the - * fragment. Drop the overlapping bytes. Then - * merge the fragment and segment then treat as - * a longer received packet. + * Received segment extends past the end of the fragment. + * Drop the overlapping bytes, merge the fragment and + * segment, and treat as a longer received packet. */ if (SEQ_LT(q->ipqe_seq, pkt_seq) && SEQ_GT(q->ipqe_seq + q->ipqe_len, pkt_seq)) { @@ -639,11 +648,12 @@ tcp_reass(struct tcpcb *tp, const struct TCP_REASS_COUNTER_INCR(&tcp_reass_overlaptail); goto free_ipqe; } + /* - * RX'ed segment extends past the front of the - * fragment. Drop the overlapping bytes on the - * received packet. The packet will then be - * contatentated with this fragment a bit later. + * Received segment extends past the front of the fragment. + * Drop the overlapping bytes on the received packet. The + * packet will then be concatenated with this fragment a + * bit later. */ if (SEQ_GT(q->ipqe_seq, pkt_seq) && SEQ_LT(q->ipqe_seq, pkt_seq + pkt_len)) { @@ -659,8 +669,9 @@ tcp_reass(struct tcpcb *tp, const struct TCP_REASS_COUNTER_INCR(&tcp_reass_overlapfront); rcvoobyte -= overlap; } + /* - * If the received segment immediates precedes this + * If the received segment immediately precedes this * fragment then tack the fragment onto this segment * and reinsert the data. */ @@ -688,11 +699,12 @@ tcp_reass(struct tcpcb *tp, const struct TCP_REASS_COUNTER_INCR(&tcp_reass_prepend); break; } + /* * If the fragment is before the segment, remember it. * When this loop is terminated, p will contain the - * pointer to fragment that is right before the received - * segment. + * pointe
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Mar 29 17:12:36 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Remove two more 'else' branches. To generate a diff of this commit: cvs rdiff -u -r1.397 -r1.398 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.397 src/sys/netinet/tcp_input.c:1.398 --- src/sys/netinet/tcp_input.c:1.397 Thu Mar 29 17:09:00 2018 +++ src/sys/netinet/tcp_input.c Thu Mar 29 17:12:36 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.397 2018/03/29 17:09:00 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.398 2018/03/29 17:12:36 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.397 2018/03/29 17:09:00 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.398 2018/03/29 17:12:36 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1142,8 +1142,7 @@ static void tcp_vtw_input(struct tcphdr if ((tiflags & TH_ACK) == 0) { if (t_flags & TF_ACKNOW) goto dropafterack; - else - goto drop; + goto drop; } /* @@ -2539,8 +2538,8 @@ after_listen: if (tp->t_congctl->fast_retransmit(tp, th)) { /* False fast retransmit */ break; - } else - goto drop; + } + goto drop; } else if (tp->t_dupacks > tcprexmtthresh) { tp->snd_cwnd += tp->t_segsz; KERNEL_LOCK(1, NULL);
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Mar 29 17:09:00 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Fix memory leak, we may reallocate 'tcp_saveti' after 'findpcb'. It's not a tragic bug, because it happens only on sockets with debug enabled. To generate a diff of this commit: cvs rdiff -u -r1.396 -r1.397 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.396 src/sys/netinet/tcp_input.c:1.397 --- src/sys/netinet/tcp_input.c:1.396 Thu Mar 29 17:01:46 2018 +++ src/sys/netinet/tcp_input.c Thu Mar 29 17:09:00 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.396 2018/03/29 17:01:46 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.397 2018/03/29 17:09:00 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.396 2018/03/29 17:01:46 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.397 2018/03/29 17:09:00 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -2348,6 +2348,8 @@ after_listen: SEQ_GT(th->th_seq, tp->rcv_nxt)) { tp = tcp_close(tp); tcp_fields_to_net(th); +m_freem(tcp_saveti); +tcp_saveti = NULL; goto findpcb; }
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Mar 29 17:01:46 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Remove 'else', makes it clearer that we leave. To generate a diff of this commit: cvs rdiff -u -r1.395 -r1.396 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.395 src/sys/netinet/tcp_input.c:1.396 --- src/sys/netinet/tcp_input.c:1.395 Thu Mar 29 16:59:38 2018 +++ src/sys/netinet/tcp_input.c Thu Mar 29 17:01:46 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.395 2018/03/29 16:59:38 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.396 2018/03/29 17:01:46 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.395 2018/03/29 16:59:38 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.396 2018/03/29 17:01:46 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -2463,8 +2463,7 @@ after_listen: if ((tiflags & TH_ACK) == 0) { if (tp->t_flags & TF_ACKNOW) goto dropafterack; - else - goto drop; + goto drop; } /*
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Mar 29 16:59:38 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Clarify with KASSERT. To generate a diff of this commit: cvs rdiff -u -r1.394 -r1.395 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.394 src/sys/netinet/tcp_input.c:1.395 --- src/sys/netinet/tcp_input.c:1.394 Thu Mar 29 16:54:59 2018 +++ src/sys/netinet/tcp_input.c Thu Mar 29 16:59:38 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.394 2018/03/29 16:54:59 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.395 2018/03/29 16:59:38 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.394 2018/03/29 16:54:59 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.395 2018/03/29 16:59:38 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -2359,6 +2359,7 @@ after_listen: * and (if not RST) ack. */ if (tp->rcv_wnd == 0 && th->th_seq == tp->rcv_nxt) { +KASSERT(todrop == tlen); tp->t_flags |= TF_ACKNOW; TCP_STATINC(TCP_STAT_RCVWINPROBE); } else {
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Mar 29 16:54:59 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Simplify the computation: m->m_pkthdr.len - sizeof(struct tcphdr) - optlen - hlen = m->m_pkthdr.len - (sizeof(struct tcphdr) + optlen + hlen) = m->m_pkthdr.len - [tcp_len] = toff To generate a diff of this commit: cvs rdiff -u -r1.393 -r1.394 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.393 src/sys/netinet/tcp_input.c:1.394 --- src/sys/netinet/tcp_input.c:1.393 Wed Mar 28 14:43:55 2018 +++ src/sys/netinet/tcp_input.c Thu Mar 29 16:54:59 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.393 2018/03/28 14:43:55 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.394 2018/03/29 16:54:59 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.393 2018/03/28 14:43:55 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.394 2018/03/29 16:54:59 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1774,7 +1774,7 @@ nosave:; * state for it. */ if (so->so_qlen <= so->so_qlimit && - syn_cache_add(&src.sa, &dst.sa, th, tlen, + syn_cache_add(&src.sa, &dst.sa, th, toff, so, m, optp, optlen, &opti)) m = NULL; } @@ -4159,7 +4159,7 @@ syn_cache_unreach(const struct sockaddr */ int syn_cache_add(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, -unsigned int hlen, struct socket *so, struct mbuf *m, u_char *optp, +unsigned int toff, struct socket *so, struct mbuf *m, u_char *optp, int optlen, struct tcp_opt_info *oi) { struct tcpcb tb, *tp; @@ -4189,8 +4189,7 @@ syn_cache_add(struct sockaddr *src, stru tb.t_flags |= (tp->t_flags & TF_SIGNATURE); #endif tb.t_state = TCPS_LISTEN; - if (tcp_dooptions(&tb, optp, optlen, th, m, m->m_pkthdr.len - - sizeof(struct tcphdr) - optlen - hlen, oi) < 0) + if (tcp_dooptions(&tb, optp, optlen, th, m, toff, oi) < 0) return 0; } else tb.t_flags = 0;
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Mar 29 08:11:41 UTC 2018 Modified Files: src/sys/netinet: tcp_subr.c Log Message: Misc changes; no real functional change. To generate a diff of this commit: cvs rdiff -u -r1.274 -r1.275 src/sys/netinet/tcp_subr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_subr.c diff -u src/sys/netinet/tcp_subr.c:1.274 src/sys/netinet/tcp_subr.c:1.275 --- src/sys/netinet/tcp_subr.c:1.274 Thu Mar 29 07:46:43 2018 +++ src/sys/netinet/tcp_subr.c Thu Mar 29 08:11:41 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_subr.c,v 1.274 2018/03/29 07:46:43 maxv Exp $ */ +/* $NetBSD: tcp_subr.c,v 1.275 2018/03/29 08:11:41 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -29,7 +29,7 @@ * SUCH DAMAGE. */ -/*- +/* * Copyright (c) 1997, 1998, 2000, 2001, 2008 The NetBSD Foundation, Inc. * All rights reserved. * @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.274 2018/03/29 07:46:43 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.275 2018/03/29 08:11:41 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -210,7 +210,7 @@ int tcp_msl_enable = 1; /* enable TIME_ int tcp_msl_loop = PR_SLOWHZ; /* MSL for loopback */ int tcp_msl_local = 5 * PR_SLOWHZ; /* MSL for 'local' */ int tcp_msl_remote = TCPTV_MSL; /* MSL otherwise */ -int tcp_msl_remote_threshold = TCPTV_SRTTDFLT; /* RTT threshold */ +int tcp_msl_remote_threshold = TCPTV_SRTTDFLT; /* RTT threshold */ int tcp_rttlocal = 0; /* Use RTT to decide who's 'local' */ int tcp4_vtw_enable = 0; /* 1 to enable */ @@ -488,17 +488,15 @@ tcp_template(struct tcpcb *tp) return NULL; /*EINVAL*/ #endif default: - hlen = 0; /*pacify gcc*/ return NULL; /*EAFNOSUPPORT*/ } -#ifdef DIAGNOSTIC - if (hlen + sizeof(struct tcphdr) > MCLBYTES) - panic("mclbytes too small for t_template"); -#endif + + KASSERT(hlen + sizeof(struct tcphdr) <= MCLBYTES); + m = tp->t_template; - if (m && m->m_len == hlen + sizeof(struct tcphdr)) + if (m && m->m_len == hlen + sizeof(struct tcphdr)) { ; - else { + } else { if (m) m_freem(m); m = tp->t_template = NULL; @@ -542,6 +540,7 @@ tcp_template(struct tcpcb *tp) sizeof(ipov->ih_dst)); } #endif + /* * Compute the pseudo-header portion of the checksum * now. We incrementally add in the TCP option and @@ -587,6 +586,7 @@ tcp_template(struct tcpcb *tp) } #endif } + if (inp) { n->th_sport = inp->inp_lport; n->th_dport = inp->inp_fport; @@ -597,6 +597,7 @@ tcp_template(struct tcpcb *tp) n->th_dport = in6p->in6p_fport; } #endif + n->th_seq = 0; n->th_ack = 0; n->th_x2 = 0; @@ -604,7 +605,7 @@ tcp_template(struct tcpcb *tp) n->th_flags = 0; n->th_win = 0; n->th_urp = 0; - return (m); + return m; } /* @@ -635,10 +636,8 @@ tcp_respond(struct tcpcb *tp, struct mbu struct tcphdr *th; if (tp != NULL && (flags & TH_RST) == 0) { -#ifdef DIAGNOSTIC - if (tp->t_inpcb && tp->t_in6pcb) - panic("tcp_respond: both t_inpcb and t_in6pcb are set"); -#endif + KASSERT(!(tp->t_inpcb && tp->t_in6pcb)); + if (tp->t_inpcb) win = sbspace(&tp->t_inpcb->inp_socket->so_rcv); #ifdef INET6 @@ -652,7 +651,7 @@ tcp_respond(struct tcpcb *tp, struct mbu #ifdef INET6 ip6 = NULL; #endif - if (m == 0) { + if (m == NULL) { if (!mtemplate) return EINVAL; @@ -682,7 +681,7 @@ tcp_respond(struct tcpcb *tp, struct mbu } } if (m == NULL) - return (ENOBUFS); + return ENOBUFS; tlen = 0; @@ -700,27 +699,14 @@ tcp_respond(struct tcpcb *tp, struct mbu th = (struct tcphdr *)(ip6 + 1); break; #endif -#if 0 - default: - /* noone will visit here */ - m_freem(m); - return EAFNOSUPPORT; -#endif } flags = TH_ACK; } else { - if ((m->m_flags & M_PKTHDR) == 0) { -#if 0 - printf("non PKTHDR to tcp_respond\n"); -#endif m_freem(m); return EINVAL; } -#ifdef DIAGNOSTIC - if (!th0) - panic("th0 == NULL in tcp_respond"); -#endif + KASSERT(th0 != NULL); /* get family information from m */ switch (mtod(m, struct ip *)->ip_v) { @@ -756,12 +742,8 @@ tcp_respond(struct tcpcb *tp, struct mbu } else { struct mbuf *n; -#ifdef DIAGNOSTIC - if (max_linkhdr + hlen + tlen > MCLBYTES) { -m_freem(m); -return EMSGSIZE; - } -#endif + KASSERT(max_linkhdr + hlen + tlen <= MCLBYTES); + MGETHDR(n, M_DONTWAIT, MT_HEADER); if (n && max_linkhdr + hlen + tlen > MHLEN) { MCLGET(n, M_DONTWAIT); @@ -804,12 +786,6 @@ tcp_respond(struct tcpcb *tp, struct mbu ip6->ip6_nxt = IPPROTO_TCP; break; #endif -#if 0 - default: - /* noone will visit here */ - m_freem(m); - return EAFNOSUPPORT; -#endif } xchg(th->th_dport, th->th_sport, u_int16_t); #undef xchg @@ -826,8 +802,9 @@ tcp_respond(struct tcpcb *tp, struct mbu th->th_win = htons((u_int16_t)win); th
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Mar 29 07:46:43 UTC 2018 Modified Files: src/sys/netinet: tcp_congctl.c tcp_debug.c tcp_output.c tcp_sack.c tcp_subr.c tcp_timer.c tcp_usrreq.c Log Message: Remove #ifdef INET. Same as tcp_input.c. Makes the code easier to understand. Also make tcp6_mtudisc() static in tcp_subr.c. To generate a diff of this commit: cvs rdiff -u -r1.23 -r1.24 src/sys/netinet/tcp_congctl.c cvs rdiff -u -r1.30 -r1.31 src/sys/netinet/tcp_debug.c cvs rdiff -u -r1.199 -r1.200 src/sys/netinet/tcp_output.c cvs rdiff -u -r1.33 -r1.34 src/sys/netinet/tcp_sack.c cvs rdiff -u -r1.273 -r1.274 src/sys/netinet/tcp_subr.c cvs rdiff -u -r1.93 -r1.94 src/sys/netinet/tcp_timer.c cvs rdiff -u -r1.216 -r1.217 src/sys/netinet/tcp_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_congctl.c diff -u src/sys/netinet/tcp_congctl.c:1.23 src/sys/netinet/tcp_congctl.c:1.24 --- src/sys/netinet/tcp_congctl.c:1.23 Mon Jan 2 09:29:38 2017 +++ src/sys/netinet/tcp_congctl.c Thu Mar 29 07:46:43 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_congctl.c,v 1.23 2017/01/02 09:29:38 skrll Exp $ */ +/* $NetBSD: tcp_congctl.c,v 1.24 2018/03/29 07:46:43 maxv Exp $ */ /*- * Copyright (c) 1997, 1998, 1999, 2001, 2005, 2006 The NetBSD Foundation, Inc. @@ -135,7 +135,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_congctl.c,v 1.23 2017/01/02 09:29:38 skrll Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_congctl.c,v 1.24 2018/03/29 07:46:43 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -167,9 +167,6 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_congctl. #include #ifdef INET6 -#ifndef INET -#include -#endif #include #include #include Index: src/sys/netinet/tcp_debug.c diff -u src/sys/netinet/tcp_debug.c:1.30 src/sys/netinet/tcp_debug.c:1.31 --- src/sys/netinet/tcp_debug.c:1.30 Tue Apr 26 08:44:44 2016 +++ src/sys/netinet/tcp_debug.c Thu Mar 29 07:46:43 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_debug.c,v 1.30 2016/04/26 08:44:44 ozaki-r Exp $ */ +/* $NetBSD: tcp_debug.c,v 1.31 2018/03/29 07:46:43 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -61,7 +61,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_debug.c,v 1.30 2016/04/26 08:44:44 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_debug.c,v 1.31 2018/03/29 07:46:43 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -91,9 +91,6 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_debug.c, #include #ifdef INET6 -#ifndef INET -#include -#endif #include #endif Index: src/sys/netinet/tcp_output.c diff -u src/sys/netinet/tcp_output.c:1.199 src/sys/netinet/tcp_output.c:1.200 --- src/sys/netinet/tcp_output.c:1.199 Sat Mar 10 23:28:13 2018 +++ src/sys/netinet/tcp_output.c Thu Mar 29 07:46:43 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_output.c,v 1.199 2018/03/10 23:28:13 khorben Exp $ */ +/* $NetBSD: tcp_output.c,v 1.200 2018/03/29 07:46:43 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -135,7 +135,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.199 2018/03/10 23:28:13 khorben Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.200 2018/03/29 07:46:43 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -166,9 +166,6 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_output.c #include #ifdef INET6 -#ifndef INET -#include -#endif #include #include #include @@ -182,7 +179,7 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_output.c #ifdef INET6 #include #endif -#endif /* IPSEC*/ +#endif #include #define TCPOUTFLAGS @@ -238,9 +235,7 @@ int tcp_segsize(struct tcpcb *tp, int *txsegsizep, int *rxsegsizep, bool *alwaysfragp) { -#ifdef INET struct inpcb *inp = tp->t_inpcb; -#endif #ifdef INET6 struct in6pcb *in6p = tp->t_in6pcb; #endif @@ -258,11 +253,9 @@ tcp_segsize(struct tcpcb *tp, int *txseg panic("tcp_segsize: both t_inpcb and t_in6pcb are set"); #endif switch (tp->t_family) { -#ifdef INET case AF_INET: hdrlen = sizeof(struct ip) + sizeof(struct tcphdr); break; -#endif #ifdef INET6 case AF_INET6: hdrlen = sizeof(struct ip6_hdr) + sizeof(struct tcphdr); @@ -274,12 +267,10 @@ tcp_segsize(struct tcpcb *tp, int *txseg } rt = NULL; -#ifdef INET if (inp) { rt = in_pcbrtentry(inp); so = inp->inp_socket; } -#endif #ifdef INET6 if (in6p) { rt = in6_pcbrtentry(in6p); @@ -311,24 +302,19 @@ tcp_segsize(struct tcpcb *tp, int *txseg #endif } else if (ifp->if_flags & IFF_LOOPBACK) size = ifp->if_mtu - hdrlen; -#ifdef INET else if (inp && tp->t_mtudisc) size = ifp->if_mtu - hdrlen; else if (inp && in_localaddr(inp->inp_faddr)) size = ifp->if_mtu - hdrlen; -#endif #ifdef INET6 else if (in6p) { -#ifdef INET if (IN6_IS_ADDR_V4MAPPED(&in6p->in6p_faddr)) { /* mapped addr case */ struct in_addr d; bcopy(&in6p->in6p_faddr.s6_addr32[3], &d, sizeof(d)); if (
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Wed Mar 28 14:43:55 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Several changes in syn_cache_respond: * Replace idiotic diagnostic check by KASSERT. max_linkhdr+tlen<=MCLBYTES is a widespread assumption. * Improve initialization of 'tp'. * Put panics in dead branches. * Merge two switches. To generate a diff of this commit: cvs rdiff -u -r1.392 -r1.393 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.392 src/sys/netinet/tcp_input.c:1.393 --- src/sys/netinet/tcp_input.c:1.392 Wed Mar 28 14:30:42 2018 +++ src/sys/netinet/tcp_input.c Wed Mar 28 14:43:55 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.392 2018/03/28 14:30:42 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.393 2018/03/28 14:43:55 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.392 2018/03/28 14:30:42 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.393 2018/03/28 14:43:55 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -4370,7 +4370,7 @@ syn_cache_respond(struct syn_cache *sc) #ifdef INET6 struct ip6_hdr *ip6 = NULL; #endif - struct tcpcb *tp = NULL; + struct tcpcb *tp; struct tcphdr *th; struct mbuf *m; u_int hlen; @@ -4393,17 +4393,13 @@ syn_cache_respond(struct syn_cache *sc) return EAFNOSUPPORT; } - /* worst case scanario, since we don't know the option size yet */ + /* Worst case scanario, since we don't know the option size yet. */ tlen = hlen + sizeof(struct tcphdr) + MAX_TCPOPTLEN; + KASSERT(max_linkhdr + tlen <= MCLBYTES); /* * Create the IP+TCP header from scratch. */ -#ifdef DIAGNOSTIC - if (max_linkhdr + tlen > MCLBYTES) - return ENOBUFS; -#endif - MGETHDR(m, M_DONTWAIT, MT_DATA); if (m && (max_linkhdr + tlen) > MHLEN) { MCLGET(m, M_DONTWAIT); @@ -4416,12 +4412,12 @@ syn_cache_respond(struct syn_cache *sc) return ENOBUFS; MCLAIM(m, &tcp_tx_mowner); + tp = sc->sc_tp; + /* Fixup the mbuf. */ m->m_data += max_linkhdr; - if (sc->sc_tp) - tp = sc->sc_tp; m_reset_rcvif(m); - memset(mtod(m, u_char *), 0, tlen); + memset(mtod(m, void *), 0, tlen); switch (sc->sc_src.sa.sa_family) { case AF_INET: @@ -4448,7 +,7 @@ syn_cache_respond(struct syn_cache *sc) break; #endif default: - return ENOBUFS; + panic("%s: impossible (1)", __func__); } th->th_seq = htonl(sc->sc_iss); @@ -4590,34 +4586,26 @@ syn_cache_respond(struct syn_cache *sc) } - /* Compute the packet's checksum. */ - switch (sc->sc_src.sa.sa_family) { - case AF_INET: - ip->ip_len = htons(tlen - hlen); - th->th_sum = 0; - th->th_sum = in4_cksum(m, IPPROTO_TCP, hlen, tlen - hlen); - break; -#ifdef INET6 - case AF_INET6: - ip6->ip6_plen = htons(tlen - hlen); - th->th_sum = 0; - th->th_sum = in6_cksum(m, IPPROTO_TCP, hlen, tlen - hlen); - break; -#endif - } - /* + * Compute the packet's checksum. + * * Fill in some straggling IP bits. Note the stack expects * ip_len to be in host order, for convenience. */ switch (sc->sc_src.sa.sa_family) { case AF_INET: + ip->ip_len = htons(tlen - hlen); + th->th_sum = 0; + th->th_sum = in4_cksum(m, IPPROTO_TCP, hlen, tlen - hlen); ip->ip_len = htons(tlen); ip->ip_ttl = ip_defttl; /* XXX tos? */ break; #ifdef INET6 case AF_INET6: + ip6->ip6_plen = htons(tlen - hlen); + th->th_sum = 0; + th->th_sum = in6_cksum(m, IPPROTO_TCP, hlen, tlen - hlen); ip6->ip6_vfc &= ~IPV6_VERSION_MASK; ip6->ip6_vfc |= IPV6_VERSION; ip6->ip6_plen = htons(tlen - hlen); @@ -4647,8 +4635,7 @@ syn_cache_respond(struct syn_cache *sc) break; #endif default: - error = EAFNOSUPPORT; - break; + panic("%s: impossible (2)", __func__); } return error;
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Wed Mar 28 14:30:42 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Remove unused variable. To generate a diff of this commit: cvs rdiff -u -r1.391 -r1.392 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.391 src/sys/netinet/tcp_input.c:1.392 --- src/sys/netinet/tcp_input.c:1.391 Wed Mar 28 14:22:16 2018 +++ src/sys/netinet/tcp_input.c Wed Mar 28 14:30:42 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.391 2018/03/28 14:22:16 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.392 2018/03/28 14:30:42 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.391 2018/03/28 14:22:16 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.392 2018/03/28 14:30:42 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -4167,13 +4167,10 @@ syn_cache_add(struct sockaddr *src, stru struct syn_cache *sc; struct syn_cache_head *scp; struct mbuf *ipopts; - struct tcp_opt_info opti; int s; tp = sototcpcb(so); - memset(&opti, 0, sizeof(opti)); - /* * Initialize some local state. */
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Wed Mar 28 14:22:16 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c tcp_var.h Log Message: Remove two unused args from syn_cache_get(). To generate a diff of this commit: cvs rdiff -u -r1.390 -r1.391 src/sys/netinet/tcp_input.c cvs rdiff -u -r1.184 -r1.185 src/sys/netinet/tcp_var.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.390 src/sys/netinet/tcp_input.c:1.391 --- src/sys/netinet/tcp_input.c:1.390 Wed Mar 28 14:16:59 2018 +++ src/sys/netinet/tcp_input.c Wed Mar 28 14:22:16 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.390 2018/03/28 14:16:59 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.391 2018/03/28 14:22:16 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.390 2018/03/28 14:16:59 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.391 2018/03/28 14:22:16 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1635,8 +1635,7 @@ nosave:; */ goto badsyn; } else if (tiflags & TH_ACK) { -so = syn_cache_get(&src.sa, &dst.sa, -th, toff, tlen, so, m); +so = syn_cache_get(&src.sa, &dst.sa, th, so, m); if (so == NULL) { /* * We don't have a SYN for this ACK; @@ -3788,8 +3787,7 @@ syn_cache_lookup(const struct sockaddr * */ struct socket * syn_cache_get(struct sockaddr *src, struct sockaddr *dst, -struct tcphdr *th, unsigned int hlen, unsigned int tlen, -struct socket *so, struct mbuf *m) +struct tcphdr *th, struct socket *so, struct mbuf *m) { struct syn_cache *sc; struct syn_cache_head *scp; Index: src/sys/netinet/tcp_var.h diff -u src/sys/netinet/tcp_var.h:1.184 src/sys/netinet/tcp_var.h:1.185 --- src/sys/netinet/tcp_var.h:1.184 Mon Feb 12 08:22:26 2018 +++ src/sys/netinet/tcp_var.h Wed Mar 28 14:22:16 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_var.h,v 1.184 2018/02/12 08:22:26 maxv Exp $ */ +/* $NetBSD: tcp_var.h,v 1.185 2018/03/28 14:22:16 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -960,8 +960,7 @@ int syn_cache_add(struct sockaddr *, st void syn_cache_unreach(const struct sockaddr *, const struct sockaddr *, struct tcphdr *); struct socket *syn_cache_get(struct sockaddr *, struct sockaddr *, - struct tcphdr *, unsigned int, unsigned int, - struct socket *so, struct mbuf *); + struct tcphdr *, struct socket *so, struct mbuf *); void syn_cache_init(void); void syn_cache_insert(struct syn_cache *, struct tcpcb *); struct syn_cache *syn_cache_lookup(const struct sockaddr *, const struct sockaddr *,
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Wed Mar 28 14:16:59 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Dedup: introduce tcp_urp_drop() and use it. To generate a diff of this commit: cvs rdiff -u -r1.389 -r1.390 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.389 src/sys/netinet/tcp_input.c:1.390 --- src/sys/netinet/tcp_input.c:1.389 Wed Mar 28 13:50:14 2018 +++ src/sys/netinet/tcp_input.c Wed Mar 28 14:16:59 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.389 2018/03/28 13:50:14 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.390 2018/03/28 14:16:59 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.389 2018/03/28 13:50:14 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.390 2018/03/28 14:16:59 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -337,6 +337,17 @@ tcp_fields_to_net(struct tcphdr *th) HTONS(th->th_urp); } +static void +tcp_urp_drop(struct tcphdr *th, int todrop, int *tiflags) +{ + if (th->th_urp > 1) { + th->th_urp -= todrop; + } else { + *tiflags &= ~TH_URG; + th->th_urp = 0; + } +} + #ifdef TCP_CSUM_COUNTERS #include @@ -1008,14 +1019,9 @@ static void tcp_vtw_input(struct tcphdr if (todrop > 0) { if (tiflags & TH_SYN) { tiflags &= ~TH_SYN; - ++th->th_seq; - if (th->th_urp > 1) ---th->th_urp; - else { -tiflags &= ~TH_URG; -th->th_urp = 0; - } - --todrop; + th->th_seq++; + tcp_urp_drop(th, 1, &tiflags); + todrop--; } if (todrop > tlen || (todrop == tlen && (tiflags & TH_FIN) == 0)) { @@ -1057,13 +1063,7 @@ static void tcp_vtw_input(struct tcphdr th->th_seq += todrop; tlen -= todrop; - - if (th->th_urp > todrop) - th->th_urp -= todrop; - else { - tiflags &= ~TH_URG; - th->th_urp = 0; - } + tcp_urp_drop(th, todrop, &tiflags); } /* @@ -2264,12 +2264,7 @@ after_listen: if (tiflags & TH_SYN) { tiflags &= ~TH_SYN; th->th_seq++; - if (th->th_urp > 1) -th->th_urp--; - else { -tiflags &= ~TH_URG; -th->th_urp = 0; - } + tcp_urp_drop(th, 1, &tiflags); todrop--; } if (todrop > tlen || @@ -2310,12 +2305,7 @@ after_listen: hdroptlen += todrop; /* drop from head afterwards */ th->th_seq += todrop; tlen -= todrop; - if (th->th_urp > todrop) - th->th_urp -= todrop; - else { - tiflags &= ~TH_URG; - th->th_urp = 0; - } + tcp_urp_drop(th, todrop, &tiflags); } /*
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Wed Mar 28 13:50:14 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Minor changes: style, improve comments (and put them at the correct place), use NULL for pointers, and add {}s to prevent confusion. To generate a diff of this commit: cvs rdiff -u -r1.388 -r1.389 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.388 src/sys/netinet/tcp_input.c:1.389 --- src/sys/netinet/tcp_input.c:1.388 Fri Mar 23 09:30:55 2018 +++ src/sys/netinet/tcp_input.c Wed Mar 28 13:50:14 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.388 2018/03/23 09:30:55 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.389 2018/03/28 13:50:14 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.388 2018/03/23 09:30:55 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.389 2018/03/28 13:50:14 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -458,10 +458,10 @@ tcp_reass(struct tcpcb *tp, const struct TCP_REASS_LOCK_CHECK(tp); /* - * Call with th==0 after become established to + * Call with th==NULL after become established to * force pre-ESTABLISHED data up to user socket. */ - if (th == 0) + if (th == NULL) goto present; m_claimm(m, &tcp_reass_mowner); @@ -847,8 +847,7 @@ tcp4_log_refused(const struct ip *ip, co if (ip) { in_print(src, sizeof(src), &ip->ip_src); in_print(dst, sizeof(dst), &ip->ip_dst); - } - else { + } else { strlcpy(src, "(unknown)", sizeof(src)); strlcpy(dst, "(unknown)", sizeof(dst)); } @@ -868,8 +867,7 @@ tcp6_log_refused(const struct ip6_hdr *i if (ip6) { in6_print(src, sizeof(src), &ip6->ip6_src); in6_print(dst, sizeof(dst), &ip6->ip6_dst); - } - else { + } else { strlcpy(src, "(unknown v6)", sizeof(src)); strlcpy(dst, "(unknown v6)", sizeof(dst)); } @@ -990,16 +988,19 @@ badcsum: return -1; } -/* When a packet arrives addressed to a vestigial tcpbp, we +/* + * When a packet arrives addressed to a vestigial tcpbp, we * nevertheless have to respond to it per the spec. + * + * This code is duplicated from the one in tcp_input(). */ static void tcp_vtw_input(struct tcphdr *th, vestigial_inpcb_t *vp, struct mbuf *m, int tlen) { - int tiflags; - int todrop; - uint32_t t_flags = 0; - uint64_t *tcps; + int tiflags; + int todrop; + uint32_t t_flags = 0; + uint64_t *tcps; tiflags = th->th_flags; todrop = vp->rcv_nxt - th->th_seq; @@ -1026,6 +1027,7 @@ static void tcp_vtw_input(struct tcphdr if (tiflags & TH_RST) goto drop; tiflags &= ~(TH_FIN|TH_RST); + /* * Send an ACK to resynchronize and drop any data. * But keep on processing for RST or ACK. @@ -1036,8 +1038,8 @@ static void tcp_vtw_input(struct tcphdr tcps[TCP_STAT_RCVDUPPACK] += 1; tcps[TCP_STAT_RCVDUPBYTE] += todrop; TCP_STAT_PUTREF(); - } else if ((tiflags & TH_RST) - && th->th_seq != vp->rcv_nxt) { + } else if ((tiflags & TH_RST) && + th->th_seq != vp->rcv_nxt) { /* * Test for reset before adjusting the sequence * number for overlapping data. @@ -1077,7 +1079,7 @@ static void tcp_vtw_input(struct tcphdr * If segment ends after window, drop trailing data * (and PUSH and FIN); if nothing left, just ACK. */ - todrop = (th->th_seq + tlen) - (vp->rcv_nxt+vp->rcv_wnd); + todrop = (th->th_seq + tlen) - (vp->rcv_nxt + vp->rcv_wnd); if (todrop > 0) { TCP_STATINC(TCP_STAT_RCVPACKAFTERWIN); @@ -1089,19 +1091,22 @@ static void tcp_vtw_input(struct tcphdr * th->th_seq >= vp->rcv_nxt + vp->rcv_wnd */ TCP_STATADD(TCP_STAT_RCVBYTEAFTERWIN, tlen); + /* * If a new connection request is received * while in TIME_WAIT, drop the old connection * and start over if the sequence numbers * are above the previous ones. */ - if ((tiflags & TH_SYN) - && SEQ_GT(th->th_seq, vp->rcv_nxt)) { -/* We only support this in the !NOFDREF case, which + if ((tiflags & TH_SYN) && + SEQ_GT(th->th_seq, vp->rcv_nxt)) { +/* + * We only support this in the !NOFDREF case, which * is to say: not here. */ goto dropwithreset; } + /* * If window is closed can only take segments at * window edge, and have to drop data and PUSH from @@ -1112,10 +1117,12 @@ static void tcp_vtw_input(struct tcphdr if (vp->rcv_wnd == 0 && th->th_seq == vp->rcv_nxt) { t_flags |= TF_ACKNOW; TCP_STATINC(TCP_STAT_RCVWINPROBE); - } else + } else { goto dropafterack; - } else + } + } else { TCP_STATADD(TCP_STAT_RCVBYTEAFTERWIN, todrop); + } m_adj(m, -todrop); tlen -= todrop; tiflags &= ~(TH_PUSH|TH_FIN); @@ -1161,15 +1168,14 @@ dropafterack_ratelim: * We
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Fri Mar 23 09:30:55 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Remove #ifdef INET. Nobody is doing that in the kernel, and there are even IPv4 places that are not covered here. To generate a diff of this commit: cvs rdiff -u -r1.387 -r1.388 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.387 src/sys/netinet/tcp_input.c:1.388 --- src/sys/netinet/tcp_input.c:1.387 Fri Mar 23 08:57:40 2018 +++ src/sys/netinet/tcp_input.c Fri Mar 23 09:30:55 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.387 2018/03/23 08:57:40 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.388 2018/03/23 09:30:55 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.387 2018/03/23 08:57:40 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.388 2018/03/23 09:30:55 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -187,9 +187,6 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_input.c, #include #ifdef INET6 -#ifndef INET -#include -#endif #include #include #include @@ -222,7 +219,7 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_input.c, #if defined(NFAITH) && NFAITH > 0 #include #endif -#endif /* INET6 */ +#endif #ifdef IPSEC #include @@ -343,12 +340,10 @@ tcp_fields_to_net(struct tcphdr *th) #ifdef TCP_CSUM_COUNTERS #include -#if defined(INET) extern struct evcnt tcp_hwcsum_ok; extern struct evcnt tcp_hwcsum_bad; extern struct evcnt tcp_hwcsum_data; extern struct evcnt tcp_swcsum; -#endif /* defined(INET) */ #if defined(INET6) extern struct evcnt tcp6_hwcsum_ok; extern struct evcnt tcp6_hwcsum_bad; @@ -394,9 +389,7 @@ static int tcp_reass(struct tcpcb *, con static int tcp_dooptions(struct tcpcb *, const u_char *, int, struct tcphdr *, struct mbuf *, int, struct tcp_opt_info *); -#ifdef INET static void tcp4_log_refused(const struct ip *, const struct tcphdr *); -#endif #ifdef INET6 static void tcp6_log_refused(const struct ip6_hdr *, const struct tcphdr *); #endif @@ -845,7 +838,6 @@ tcp6_input(struct mbuf **mp, int *offp, } #endif -#ifdef INET static void tcp4_log_refused(const struct ip *ip, const struct tcphdr *th) { @@ -865,7 +857,6 @@ tcp4_log_refused(const struct ip *ip, co dst, ntohs(th->th_dport), src, ntohs(th->th_sport)); } -#endif #ifdef INET6 static void @@ -909,7 +900,6 @@ tcp_input_checksum(int af, struct mbuf * goto badcsum; /* XXX */ switch (af) { -#ifdef INET case AF_INET: switch (m->m_pkthdr.csum_flags & ((rcvif->if_csum_flags_rx & M_CSUM_TCPv4) | @@ -955,7 +945,6 @@ tcp_input_checksum(int af, struct mbuf * break; } break; -#endif /* INET4 */ #ifdef INET6 case AF_INET6: @@ -1285,7 +1274,6 @@ tcp_input(struct mbuf *m, ...) */ ip = mtod(m, struct ip *); switch (ip->ip_v) { -#ifdef INET case 4: #ifdef INET6 ip6 = NULL; @@ -1302,7 +1290,6 @@ tcp_input(struct mbuf *m, ...) tlen = len - toff; iptos = ip->ip_tos; break; -#endif #ifdef INET6 case 6: ip = NULL; @@ -1418,7 +1405,6 @@ findpcb: in6p = NULL; #endif switch (af) { -#ifdef INET case AF_INET: inp = in_pcblookup_connect(&tcbtable, ip->ip_src, th->th_sport, ip->ip_dst, th->th_dport, &vestige); @@ -1470,7 +1456,6 @@ findpcb: } #endif /*IPSEC*/ break; -#endif /*INET*/ #ifdef INET6 case AF_INET6: { @@ -1607,7 +1592,6 @@ nosave:; memset(&src, 0, sizeof(src)); memset(&dst, 0, sizeof(dst)); switch (af) { -#ifdef INET case AF_INET: src.sin.sin_len = sizeof(struct sockaddr_in); src.sin.sin_family = AF_INET; @@ -1619,7 +1603,6 @@ nosave:; dst.sin.sin_addr = ip->ip_dst; dst.sin.sin_port = th->th_dport; break; -#endif #ifdef INET6 case AF_INET6: src.sin6.sin6_len = sizeof(struct sockaddr_in6); @@ -1675,12 +1658,10 @@ nosave:; in6p = NULL; #endif switch (so->so_proto->pr_domain->dom_family) { -#ifdef INET case AF_INET: inp = sotoinpcb(so); tp = intotcpcb(inp); break; -#endif #ifdef INET6 case AF_INET6: in6p = sotoin6pcb(so); @@ -1767,11 +1748,9 @@ nosave:; int eq = 0; switch (af) { -#ifdef INET case AF_INET: eq = in_hosteq(ip->ip_src, ip->ip_dst); break; -#endif #ifdef INET6 case AF_INET6: eq = IN6_ARE_ADDR_EQUAL(&ip6->ip6_src, @@ -2155,10 +2134,8 @@ after_listen: tp->snd_cwnd = tp->t_peermss; else { int ss = tcp_init_win; -#ifdef INET if (inp != NULL && in_localaddr(inp->inp_faddr)) ss = tcp_init_win_local; -#endif #ifdef INET6 if (in6p != NULL && in6_localaddr(&in6p->in6p_faddr)) ss = tcp_init_win_local; @@ -3103,7 +3080,7 @@ tcp_signature(struct mbuf *m, struct tcp #ifdef INET6 struct ip6_hdr
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Fri Mar 23 08:57:40 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Improve a bit here and there. Replace bcopy by memcpy/memmove. To generate a diff of this commit: cvs rdiff -u -r1.386 -r1.387 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.386 src/sys/netinet/tcp_input.c:1.387 --- src/sys/netinet/tcp_input.c:1.386 Thu Mar 22 21:19:28 2018 +++ src/sys/netinet/tcp_input.c Fri Mar 23 08:57:40 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.386 2018/03/22 21:19:28 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.387 2018/03/23 08:57:40 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.386 2018/03/22 21:19:28 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.387 2018/03/23 08:57:40 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1381,18 +1381,20 @@ tcp_input(struct mbuf *m, ...) KASSERT(TCP_HDR_ALIGNED_P(th)); optlen = off - sizeof(struct tcphdr); optp = ((u_int8_t *)th) + sizeof(struct tcphdr); + /* - * Do quick retrieval of timestamp options ("options - * prediction?"). If timestamp is the only option and it's - * formatted as recommended in RFC 1323 appendix A, we - * quickly get the values now and not bother calling - * tcp_dooptions(), etc. + * Do quick retrieval of timestamp options. + * + * If timestamp is the only option and it's formatted as + * recommended in RFC 1323 appendix A, we quickly get the + * values now and don't bother calling tcp_dooptions(), + * etc. */ if ((optlen == TCPOLEN_TSTAMP_APPA || (optlen > TCPOLEN_TSTAMP_APPA && - optp[TCPOLEN_TSTAMP_APPA] == TCPOPT_EOL)) && - *(u_int32_t *)optp == htonl(TCPOPT_TSTAMP_HDR) && - (th->th_flags & TH_SYN) == 0) { + optp[TCPOLEN_TSTAMP_APPA] == TCPOPT_EOL)) && + *(u_int32_t *)optp == htonl(TCPOPT_TSTAMP_HDR) && + (th->th_flags & TH_SYN) == 0) { opti.ts_present = 1; opti.ts_val = ntohl(*(u_int32_t *)(optp + 4)); opti.ts_ecr = ntohl(*(u_int32_t *)(optp + 8)); @@ -2343,7 +2345,7 @@ after_listen: * If segment ends after window, drop trailing data * (and PUSH and FIN); if nothing left, just ACK. */ - todrop = (th->th_seq + tlen) - (tp->rcv_nxt+tp->rcv_wnd); + todrop = (th->th_seq + tlen) - (tp->rcv_nxt + tp->rcv_wnd); if (todrop > 0) { TCP_STATINC(TCP_STAT_RCVPACKAFTERWIN); if (todrop >= tlen) { @@ -2354,26 +2356,28 @@ after_listen: * th->th_seq >= tp->rcv_nxt + tp->rcv_wnd */ TCP_STATADD(TCP_STAT_RCVBYTEAFTERWIN, tlen); + /* - * If a new connection request is received - * while in TIME_WAIT, drop the old connection - * and start over if the sequence numbers - * are above the previous ones. + * If a new connection request is received while in + * TIME_WAIT, drop the old connection and start over + * if the sequence numbers are above the previous + * ones. + * + * NOTE: We need to put the header fields back into + * network order. * - * NOTE: We will checksum the packet again, and - * so we need to put the header fields back into - * network order! * XXX This kind of sucks, but we don't expect * XXX this to happen very often, so maybe it * XXX doesn't matter so much. */ - if (tiflags & TH_SYN && + if ((tiflags & TH_SYN) && tp->t_state == TCPS_TIME_WAIT && SEQ_GT(th->th_seq, tp->rcv_nxt)) { tp = tcp_close(tp); tcp_fields_to_net(th); goto findpcb; } + /* * If window is closed can only take segments at * window edge, and have to drop data and PUSH from @@ -2384,10 +2388,12 @@ after_listen: if (tp->rcv_wnd == 0 && th->th_seq == tp->rcv_nxt) { tp->t_flags |= TF_ACKNOW; TCP_STATINC(TCP_STAT_RCVWINPROBE); - } else + } else { goto dropafterack; - } else + } + } else { TCP_STATADD(TCP_STAT_RCVBYTEAFTERWIN, todrop); + } m_adj(m, -todrop); tlen -= todrop; tiflags &= ~(TH_PUSH|TH_FIN); @@ -3199,7 +3205,7 @@ tcp_dooptions(struct tcpcb *tp, const u_ continue; if (TCPS_HAVERCVDSYN(tp->t_state)) continue; - bcopy(cp + 2, &mss, sizeof(mss)); + memcpy(&mss, cp + 2, sizeof(mss)); oi->maxseg = ntohs(mss); break; @@ -3240,9 +3246,9 @@ tcp_dooptions(struct tcpcb *tp, const u_ if (optlen != TCPOLEN_TIMESTAMP) continue; oi->ts_present = 1; - bcopy(cp + 2, &oi->ts_val, sizeof(oi->ts_val)); + memcpy(&oi->ts_val, cp + 2, sizeof(oi->ts_val)); NTOHL(oi->ts_val); - bcopy(cp + 6, &oi->ts_ecr, sizeof(oi->ts_ecr)); + memcpy(&oi->ts_ecr, cp + 6, sizeof(oi->ts_ecr)); NTOHL(oi->ts_ecr); if (!(th->th_flags & TH_SYN)) @@ -3347,13 +3353,13 @@ tcp_pul
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Mar 22 21:19:28 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Don't pass a pointer to tcp_reass, otherwise it looks like it can modify tlen while it doesn't. To generate a diff of this commit: cvs rdiff -u -r1.385 -r1.386 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.385 src/sys/netinet/tcp_input.c:1.386 --- src/sys/netinet/tcp_input.c:1.385 Thu Mar 22 21:10:17 2018 +++ src/sys/netinet/tcp_input.c Thu Mar 22 21:19:28 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.385 2018/03/22 21:10:17 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.386 2018/03/22 21:19:28 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.385 2018/03/22 21:10:17 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.386 2018/03/22 21:19:28 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -390,7 +390,7 @@ extern struct evcnt tcp_reass_fragdup; #endif /* TCP_REASS_COUNTERS */ static int tcp_reass(struct tcpcb *, const struct tcphdr *, struct mbuf *, -int *); +int); static int tcp_dooptions(struct tcpcb *, const u_char *, int, struct tcphdr *, struct mbuf *, int, struct tcp_opt_info *); @@ -441,7 +441,7 @@ tcpipqent_free(struct ipqent *ipqe) } static int -tcp_reass(struct tcpcb *tp, const struct tcphdr *th, struct mbuf *m, int *tlen) +tcp_reass(struct tcpcb *tp, const struct tcphdr *th, struct mbuf *m, int tlen) { struct ipqent *p, *q, *nq, *tiqe = NULL; struct socket *so = NULL; @@ -473,13 +473,13 @@ tcp_reass(struct tcpcb *tp, const struct m_claimm(m, &tcp_reass_mowner); - rcvoobyte = *tlen; + rcvoobyte = tlen; /* * Copy these to local variables because the tcpiphdr * gets munged while we are collapsing mbufs. */ pkt_seq = th->th_seq; - pkt_len = *tlen; + pkt_len = tlen; pkt_flags = th->th_flags; TCP_REASS_COUNTER_INCR(&tcp_reass_); @@ -2183,7 +2183,7 @@ after_listen: tp->rcv_scale = tp->request_r_scale; } TCP_REASS_LOCK(tp); - (void) tcp_reass(tp, NULL, NULL, &tlen); + (void)tcp_reass(tp, NULL, NULL, tlen); /* * if we didn't have to retransmit the SYN, * use its rtt as our initial srtt & rtt var. @@ -2511,7 +2511,7 @@ after_listen: tp->rcv_scale = tp->request_r_scale; } TCP_REASS_LOCK(tp); - (void) tcp_reass(tp, NULL, NULL, &tlen); + (void)tcp_reass(tp, NULL, NULL, tlen); tp->snd_wl1 = th->th_seq - 1; /* fall into ... */ @@ -2847,7 +2847,7 @@ dodata: /* XXX */ sorwakeup(so); } else { m_adj(m, hdroptlen); - tiflags = tcp_reass(tp, th, m, &tlen); + tiflags = tcp_reass(tp, th, m, tlen); tp->t_flags |= TF_ACKNOW; }
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Mar 22 21:10:17 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Rearrange a bit. No real functional change. To generate a diff of this commit: cvs rdiff -u -r1.384 -r1.385 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.384 src/sys/netinet/tcp_input.c:1.385 --- src/sys/netinet/tcp_input.c:1.384 Thu Mar 22 20:48:38 2018 +++ src/sys/netinet/tcp_input.c Thu Mar 22 21:10:17 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.384 2018/03/22 20:48:38 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.385 2018/03/22 21:10:17 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.384 2018/03/22 20:48:38 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.385 2018/03/22 21:10:17 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1499,7 +1499,7 @@ findpcb: if (ipsec_used && in6p && ipsec_in_reject(m, in6p)) { goto drop; } -#endif /*IPSEC*/ +#endif break; } #endif @@ -1630,7 +1630,7 @@ nosave:; dst.sin6.sin6_addr = ip6->ip6_dst; dst.sin6.sin6_port = th->th_dport; break; -#endif /* INET6 */ +#endif } if ((tiflags & (TH_RST|TH_ACK|TH_SYN)) != TH_SYN) { @@ -1798,8 +1798,7 @@ nosave:; after_listen: /* - * Should not happen now that all embryonic connections - * are handled with compressed state. + * From here on, we're dealing with !LISTEN. */ KASSERT(tp->t_state != TCPS_LISTEN); @@ -2083,17 +2082,16 @@ after_listen: hdroptlen = toff + off; /* - * Calculate amount of space in receive window, - * and then do TCP input processing. - * Receive window is amount of space in rcv queue, - * but not less than advertised window. + * Calculate amount of space in receive window. Receive window is + * amount of space in rcv queue, but not less than advertised + * window. */ - { int win; - - win = sbspace(&so->so_rcv); - if (win < 0) - win = 0; - tp->rcv_wnd = imax(win, (int)(tp->rcv_adv - tp->rcv_nxt)); + { + int win; + win = sbspace(&so->so_rcv); + if (win < 0) + win = 0; + tp->rcv_wnd = imax(win, (int)(tp->rcv_adv - tp->rcv_nxt)); } /* Reset receive buffer auto scaling when not in bulk receive mode. */ @@ -2229,7 +2227,12 @@ after_listen: } /* - * States other than LISTEN or SYN_SENT. + * From here on, we're dealing with !LISTEN and !SYN_SENT. + */ + KASSERT(tp->t_state != TCPS_LISTEN && + tp->t_state != TCPS_SYN_SENT); + + /* * First check timestamp, if present. * Then check that at least some bytes of segment are within * receive window. If segment begins before rcv_nxt, @@ -2240,7 +2243,6 @@ after_listen: */ if (opti.ts_present && (tiflags & TH_RST) == 0 && tp->ts_recent && TSTMP_LT(opti.ts_val, tp->ts_recent)) { - /* Check to see if ts_recent is over 24 days old. */ if (tcp_now - tp->ts_recent_age > TCP_PAWS_IDLE) { /* @@ -2419,13 +2421,13 @@ after_listen: /* * If the RST bit is set examine the state: - *SYN_RECEIVED STATE: - * If passive open, return to LISTEN state. - * If active open, inform user that connection was refused. - *ESTABLISHED, FIN_WAIT_1, FIN_WAIT2, CLOSE_WAIT STATES: - * Inform user that connection was reset, and close tcb. - *CLOSING, LAST_ACK, TIME_WAIT STATES - * Close the tcb. + *RECEIVED state: + *If passive open, return to LISTEN state. + *If active open, inform user that connection was refused. + *ESTABLISHED, FIN_WAIT_1, FIN_WAIT2, CLOSE_WAIT states: + *Inform user that connection was reset, and close tcb. + *CLOSING, LAST_ACK, TIME_WAIT states: + *Close the tcb. */ if (tiflags & TH_RST) { if (th->th_seq != tp->rcv_nxt) @@ -2787,11 +2789,8 @@ step6: * but if two URG's are pending at once, some out-of-band * data may creep in... ick. */ - if (th->th_urp <= (u_int16_t) tlen -#ifdef SO_OOBINLINE - && (so->so_options & SO_OOBINLINE) == 0 -#endif - ) + if (th->th_urp <= (u_int16_t)tlen && + (so->so_options & SO_OOBINLINE) == 0) tcp_pulloutofband(so, th, m, hdroptlen); } else /*
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Mar 22 20:48:38 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Don't call tcp_input_checksum again, it was already called earlier, no need to checksum twice. Then call tcp_fields_to_host a bit earlier, so that we don't need to call it in each branch. To generate a diff of this commit: cvs rdiff -u -r1.383 -r1.384 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.383 src/sys/netinet/tcp_input.c:1.384 --- src/sys/netinet/tcp_input.c:1.383 Thu Mar 1 06:08:43 2018 +++ src/sys/netinet/tcp_input.c Thu Mar 22 20:48:38 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.383 2018/03/01 06:08:43 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.384 2018/03/22 20:48:38 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.383 2018/03/01 06:08:43 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.384 2018/03/22 20:48:38 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1505,6 +1505,8 @@ findpcb: #endif } + tcp_fields_to_host(th); + /* * If the state is CLOSED (i.e., TCB does not exist) then * all data in the incoming segment is discarded. @@ -1529,27 +1531,19 @@ findpcb: #endif else if (vestige.valid) { /* We do not support the resurrection of vtw tcpcps. */ - if (tcp_input_checksum(af, m, th, toff, off, tlen)) - goto badcsum; - - tcp_fields_to_host(th); tcp_vtw_input(th, &vestige, m, tlen); m = NULL; goto drop; } - if (tp == NULL) { - tcp_fields_to_host(th); + if (tp == NULL) goto dropwithreset_ratelim; - } if (tp->t_state == TCPS_CLOSED) goto drop; KASSERT(so->so_lock == softnet_lock); KASSERT(solocked(so)); - tcp_fields_to_host(th); - /* Unscale the window into a 32-bit value. */ if ((tiflags & TH_SYN) == 0) tiwin = th->th_win << tp->snd_scale;
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Wed Mar 21 15:33:25 UTC 2018 Modified Files: src/sys/netinet: ip_carp.c Log Message: Fix an untriggerable memory leak. carp_prepare_ad does not fail, so switch it to void. To generate a diff of this commit: cvs rdiff -u -r1.94 -r1.95 src/sys/netinet/ip_carp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_carp.c diff -u src/sys/netinet/ip_carp.c:1.94 src/sys/netinet/ip_carp.c:1.95 --- src/sys/netinet/ip_carp.c:1.94 Wed Dec 6 09:54:47 2017 +++ src/sys/netinet/ip_carp.c Wed Mar 21 15:33:25 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_carp.c,v 1.94 2017/12/06 09:54:47 ozaki-r Exp $ */ +/* $NetBSD: ip_carp.c,v 1.95 2018/03/21 15:33:25 maxv Exp $ */ /* $OpenBSD: ip_carp.c,v 1.113 2005/11/04 08:11:54 mcbride Exp $ */ /* @@ -33,7 +33,7 @@ #endif #include -__KERNEL_RCSID(0, "$NetBSD: ip_carp.c,v 1.94 2017/12/06 09:54:47 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_carp.c,v 1.95 2018/03/21 15:33:25 maxv Exp $"); /* * TODO: @@ -201,7 +201,7 @@ static void carp_setroute(struct carp_so static void carp_proto_input_c(struct mbuf *, struct carp_header *, sa_family_t); static void carpdetach(struct carp_softc *); -static int carp_prepare_ad(struct mbuf *, struct carp_softc *, +static void carp_prepare_ad(struct mbuf *, struct carp_softc *, struct carp_header *); static void carp_send_ad_all(void); static void carp_send_ad(void *); @@ -969,7 +969,7 @@ carp_ifdetach(struct ifnet *ifp) } } -static int +static void carp_prepare_ad(struct mbuf *m, struct carp_softc *sc, struct carp_header *ch) { @@ -983,8 +983,6 @@ carp_prepare_ad(struct mbuf *m, struct c ch->carp_counter[1] = htonl(sc->sc_counter&0x); carp_hmac_generate(sc, ch->carp_counter, ch->carp_md); - - return (0); } static void @@ -1110,8 +1108,7 @@ carp_send_ad(void *v) ch_ptr = (struct carp_header *)(&ip[1]); memcpy(ch_ptr, &ch, sizeof(ch)); - if (carp_prepare_ad(m, sc, ch_ptr)) - goto retry_later; + carp_prepare_ad(m, sc, ch_ptr); m->m_data += sizeof(*ip); ch_ptr->carp_cksum = carp_cksum(m, len - sizeof(*ip)); @@ -1200,8 +1197,7 @@ carp_send_ad(void *v) ch_ptr = (struct carp_header *)(&ip6[1]); memcpy(ch_ptr, &ch, sizeof(ch)); - if (carp_prepare_ad(m, sc, ch_ptr)) - goto retry_later; + carp_prepare_ad(m, sc, ch_ptr); ch_ptr->carp_cksum = carp6_cksum(m, sizeof(*ip6), len - sizeof(*ip6));
CVS commit: src/sys/netinet
Module Name:src Committed By: khorben Date: Sat Mar 10 23:28:13 UTC 2018 Modified Files: src/sys/netinet: tcp_output.c Log Message: Fix spello in a comment To generate a diff of this commit: cvs rdiff -u -r1.198 -r1.199 src/sys/netinet/tcp_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_output.c diff -u src/sys/netinet/tcp_output.c:1.198 src/sys/netinet/tcp_output.c:1.199 --- src/sys/netinet/tcp_output.c:1.198 Mon Feb 12 08:22:26 2018 +++ src/sys/netinet/tcp_output.c Sat Mar 10 23:28:13 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_output.c,v 1.198 2018/02/12 08:22:26 maxv Exp $ */ +/* $NetBSD: tcp_output.c,v 1.199 2018/03/10 23:28:13 khorben Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -135,7 +135,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.198 2018/02/12 08:22:26 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.199 2018/03/10 23:28:13 khorben Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1720,7 +1720,7 @@ out: error = 0; } - /* Back out the seqence number advance. */ + /* Back out the sequence number advance. */ if (sack_rxmit) p->rxmit -= len;
CVS commit: src/sys/netinet
Module Name:src Committed By: ozaki-r Date: Tue Mar 6 07:19:03 UTC 2018 Modified Files: src/sys/netinet: if_arp.c Log Message: Tweak sanity checks Scheduling a timer of static entries is wrong. To generate a diff of this commit: cvs rdiff -u -r1.268 -r1.269 src/sys/netinet/if_arp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/if_arp.c diff -u src/sys/netinet/if_arp.c:1.268 src/sys/netinet/if_arp.c:1.269 --- src/sys/netinet/if_arp.c:1.268 Thu Mar 1 14:40:57 2018 +++ src/sys/netinet/if_arp.c Tue Mar 6 07:19:03 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_arp.c,v 1.268 2018/03/01 14:40:57 roy Exp $ */ +/* $NetBSD: if_arp.c,v 1.269 2018/03/06 07:19:03 ozaki-r Exp $ */ /* * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc. @@ -68,7 +68,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.268 2018/03/01 14:40:57 roy Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.269 2018/03/06 07:19:03 ozaki-r Exp $"); #ifdef _KERNEL_OPT #include "opt_ddb.h" @@ -315,11 +315,7 @@ arptimer(void *arg) struct llentry *lle = arg; struct ifnet *ifp; - if (lle == NULL) - return; - - if (lle->la_flags & LLE_STATIC) - return; + KASSERT((lle->la_flags & LLE_STATIC) == 0); LLE_WLOCK(lle); if (callout_pending(&lle->la_timer)) { @@ -371,6 +367,8 @@ arp_settimer(struct llentry *la, int sec { LLE_WLOCK_ASSERT(la); + KASSERT((la->la_flags & LLE_STATIC) == 0); + LLE_ADDREF(la); callout_reset(&la->la_timer, hz * sec, arptimer, la); }
CVS commit: src/sys/netinet
Module Name:src Committed By: roy Date: Thu Mar 1 14:40:57 UTC 2018 Modified Files: src/sys/netinet: if_arp.c Log Message: Sprinkle some const. To generate a diff of this commit: cvs rdiff -u -r1.267 -r1.268 src/sys/netinet/if_arp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/if_arp.c diff -u src/sys/netinet/if_arp.c:1.267 src/sys/netinet/if_arp.c:1.268 --- src/sys/netinet/if_arp.c:1.267 Sat Feb 24 07:53:15 2018 +++ src/sys/netinet/if_arp.c Thu Mar 1 14:40:57 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_arp.c,v 1.267 2018/02/24 07:53:15 ozaki-r Exp $ */ +/* $NetBSD: if_arp.c,v 1.268 2018/03/01 14:40:57 roy Exp $ */ /* * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc. @@ -68,7 +68,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.267 2018/02/24 07:53:15 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.268 2018/03/01 14:40:57 roy Exp $"); #ifdef _KERNEL_OPT #include "opt_ddb.h" @@ -222,10 +222,10 @@ static int log_unknown_network = 1; #define LLA_ADDRSTRLEN (16 * 3) static char * -lla_snprintf(char *, uint8_t *, int); +lla_snprintf(char *, const u_int8_t *, int); static char * -lla_snprintf(char *dst, uint8_t *adrp, int len) +lla_snprintf(char *dst, const u_int8_t *adrp, int len) { int i; char *p;
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Mar 1 06:08:44 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Revert rev1.183 (2003). It was intended as an optimization, but it increases the attack surface: the IPsec policy is not enforced on RST packets when the socket is in the LISTEN state, and an (unauthenticated) attacker could jam the connection between two IPsec hosts by sending RST packets between the client's SYN and ACK packets. Discussed with ozaki-r@. To generate a diff of this commit: cvs rdiff -u -r1.382 -r1.383 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.382 src/sys/netinet/tcp_input.c:1.383 --- src/sys/netinet/tcp_input.c:1.382 Wed Feb 28 11:23:24 2018 +++ src/sys/netinet/tcp_input.c Thu Mar 1 06:08:43 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.382 2018/02/28 11:23:24 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.383 2018/03/01 06:08:43 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.382 2018/02/28 11:23:24 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.383 2018/03/01 06:08:43 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1457,15 +1457,11 @@ findpcb: } #if defined(IPSEC) if (ipsec_used) { - if (inp && - (inp->inp_socket->so_options & SO_ACCEPTCONN) == 0 - && ipsec_in_reject(m, inp)) { + if (inp && ipsec_in_reject(m, inp)) { goto drop; } #ifdef INET6 - else if (in6p && - (in6p->in6p_socket->so_options & SO_ACCEPTCONN) == 0 - && ipsec_in_reject(m, in6p)) { + else if (in6p && ipsec_in_reject(m, in6p)) { goto drop; } #endif @@ -1500,9 +1496,7 @@ findpcb: goto dropwithreset_ratelim; } #if defined(IPSEC) - if (ipsec_used && in6p && - (in6p->in6p_socket->so_options & SO_ACCEPTCONN) == 0 && - ipsec_in_reject(m, in6p)) { + if (ipsec_used && in6p && ipsec_in_reject(m, in6p)) { goto drop; } #endif /*IPSEC*/ @@ -1769,35 +1763,6 @@ nosave:; } #endif -#if defined(IPSEC) - if (ipsec_used) { -switch (af) { -#ifdef INET -case AF_INET: - /* - * inp can be NULL when receiving an - * IPv4 packet on an IPv4-mapped IPv6 - * address. - */ - KASSERT(inp == NULL || - sotoinpcb(so) == inp); - if (!ipsec_in_reject(m, inp)) - break; - tp = NULL; - goto dropwithreset; -#endif -#ifdef INET6 -case AF_INET6: - KASSERT(sotoin6pcb(so) == in6p); - if (!ipsec_in_reject(m, in6p)) - break; - tp = NULL; - goto dropwithreset; -#endif /*INET6*/ -} - } -#endif /*IPSEC*/ - /* * LISTEN socket received a SYN from itself? This * can't possibly be valid; drop the packet.
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Wed Feb 28 11:10:22 UTC 2018 Modified Files: src/sys/netinet: raw_ip.c Log Message: (just forgot to commit this file, the message was) Remove duplicate IPSEC_STATINC(IPSEC_STAT_IN_POLVIO), ipsec_in_reject already increases it. IPSEC6_STATINC is now unused, so remove it too. To generate a diff of this commit: cvs rdiff -u -r1.169 -r1.170 src/sys/netinet/raw_ip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/raw_ip.c diff -u src/sys/netinet/raw_ip.c:1.169 src/sys/netinet/raw_ip.c:1.170 --- src/sys/netinet/raw_ip.c:1.169 Mon Feb 26 09:04:29 2018 +++ src/sys/netinet/raw_ip.c Wed Feb 28 11:10:22 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: raw_ip.c,v 1.169 2018/02/26 09:04:29 maxv Exp $ */ +/* $NetBSD: raw_ip.c,v 1.170 2018/02/28 11:10:22 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -65,7 +65,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.169 2018/02/26 09:04:29 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.170 2018/02/28 11:10:22 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -205,7 +205,6 @@ rip_input(struct mbuf *m, ...) #if defined(IPSEC) /* check AH/ESP integrity. */ else if (ipsec_used && ipsec_in_reject(m, last)) { - IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); /* do not inject data to pcb */ } #endif /*IPSEC*/ @@ -220,7 +219,6 @@ rip_input(struct mbuf *m, ...) /* check AH/ESP integrity. */ if (ipsec_used && last != NULL && ipsec_in_reject(m, last)) { m_freem(m); - IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); IP_STATDEC(IP_STAT_DELIVERED); /* do not inject data to pcb */ } else
CVS commit: src/sys/netinet
Module Name:src Committed By: christos Date: Wed Feb 14 16:45:24 UTC 2018 Modified Files: src/sys/netinet: raw_ip.c Log Message: join lines where they fit. To generate a diff of this commit: cvs rdiff -u -r1.167 -r1.168 src/sys/netinet/raw_ip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/raw_ip.c diff -u src/sys/netinet/raw_ip.c:1.167 src/sys/netinet/raw_ip.c:1.168 --- src/sys/netinet/raw_ip.c:1.167 Mon Dec 11 00:47:18 2017 +++ src/sys/netinet/raw_ip.c Wed Feb 14 11:45:24 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: raw_ip.c,v 1.167 2017/12/11 05:47:18 ryo Exp $ */ +/* $NetBSD: raw_ip.c,v 1.168 2018/02/14 16:45:24 christos Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -65,7 +65,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.167 2017/12/11 05:47:18 ryo Exp $"); +__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.168 2018/02/14 16:45:24 christos Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -204,8 +204,7 @@ rip_input(struct mbuf *m, ...) ; #if defined(IPSEC) /* check AH/ESP integrity. */ - else if (ipsec_used && - ipsec4_in_reject(m, last)) { + else if (ipsec_used && ipsec4_in_reject(m, last)) { IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); /* do not inject data to pcb */ } @@ -219,8 +218,7 @@ rip_input(struct mbuf *m, ...) } #if defined(IPSEC) /* check AH/ESP integrity. */ - if (ipsec_used && last != NULL - && ipsec4_in_reject(m, last)) { + if (ipsec_used && last != NULL && ipsec4_in_reject(m, last)) { m_freem(m); IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); IP_STATDEC(IP_STAT_DELIVERED);
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Wed Feb 14 05:24:44 UTC 2018 Modified Files: src/sys/netinet: udp_usrreq.c Log Message: Revert my two last changes in this file. They are apparently causing problems with racoon, I'll investigate this later. To generate a diff of this commit: cvs rdiff -u -r1.241 -r1.242 src/sys/netinet/udp_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/udp_usrreq.c diff -u src/sys/netinet/udp_usrreq.c:1.241 src/sys/netinet/udp_usrreq.c:1.242 --- src/sys/netinet/udp_usrreq.c:1.241 Mon Feb 12 09:31:06 2018 +++ src/sys/netinet/udp_usrreq.c Wed Feb 14 05:24:44 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: udp_usrreq.c,v 1.241 2018/02/12 09:31:06 maxv Exp $ */ +/* $NetBSD: udp_usrreq.c,v 1.242 2018/02/14 05:24:44 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -66,7 +66,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.241 2018/02/12 09:31:06 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.242 2018/02/14 05:24:44 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -139,7 +139,7 @@ percpu_t *udpstat_percpu; #ifdef INET #ifdef IPSEC -static void udp4_espinudp(struct mbuf *, int, struct sockaddr *, +static int udp4_espinudp(struct mbuf **, int, struct sockaddr *, struct socket *); #endif static void udp4_sendup(struct mbuf *, int, struct sockaddr *, @@ -405,6 +405,14 @@ udp_input(struct mbuf *m, ...) return; } + ip = mtod(m, struct ip *); + IP6_EXTHDR_GET(uh, struct udphdr *, m, iphlen, sizeof(struct udphdr)); + if (uh == NULL) { + UDP_STATINC(UDP_STAT_HDROPS); + return; + } + /* XXX Re-enforce alignment? */ + #ifdef INET6 if (IN_MULTICAST(ip->ip_dst.s_addr) || n == 0) { struct sockaddr_in6 src6, dst6; @@ -598,9 +606,25 @@ udp4_realinput(struct sockaddr_in *src, /* Handle ESP over UDP */ if (inp->inp_flags & INP_ESPINUDP_ALL) { struct sockaddr *sa = (struct sockaddr *)src; - udp4_espinudp(m, off, sa, inp->inp_socket); - *mp = NULL; - goto bad; + + switch (udp4_espinudp(mp, off, sa, inp->inp_socket)) { + case -1: /* Error, m was freed */ +rcvcnt = -1; +goto bad; + + case 1: /* ESP over UDP */ +rcvcnt++; +goto bad; + + case 0: /* plain UDP */ + default: /* Unexpected */ +/* + * Normal UDP processing will take place, + * m may have changed. + */ +m = *mp; +break; + } } #endif @@ -1222,10 +1246,13 @@ udp_statinc(u_int stat) #if defined(INET) && defined(IPSEC) /* - * This function always frees the mbuf. + * Returns: + * 1 if the packet was processed + * 0 if normal UDP processing should take place + *-1 if an error occurred and m was freed */ -static void -udp4_espinudp(struct mbuf *m, int off, struct sockaddr *src, +static int +udp4_espinudp(struct mbuf **mp, int off, struct sockaddr *src, struct socket *so) { size_t len; @@ -1238,6 +1265,7 @@ udp4_espinudp(struct mbuf *m, int off, s struct m_tag *tag; struct udphdr *udphdr; u_int16_t sport, dport; + struct mbuf *m = *mp; /* * Collapse the mbuf chain if the first mbuf is too short @@ -1248,9 +1276,10 @@ udp4_espinudp(struct mbuf *m, int off, s minlen = m->m_pkthdr.len; if (m->m_len < minlen) { - if ((m = m_pullup(m, minlen)) == NULL) { - return; + if ((*mp = m_pullup(m, minlen)) == NULL) { + return -1; } + m = *mp; } len = m->m_len - off; @@ -1259,7 +1288,9 @@ udp4_espinudp(struct mbuf *m, int off, s /* Ignore keepalive packets */ if ((len == 1) && (*(unsigned char *)data == 0xff)) { - goto out; + m_freem(m); + *mp = NULL; /* avoid any further processing by caller ... */ + return 1; } /* @@ -1270,9 +1301,8 @@ udp4_espinudp(struct mbuf *m, int off, s if (inp->inp_flags & INP_ESPINUDP) { u_int32_t *st = (u_int32_t *)data; - if ((len <= sizeof(struct esp)) || (*st == 0)) { - goto out; - } + if ((len <= sizeof(struct esp)) || (*st == 0)) + return 0; /* Normal UDP processing */ skip = sizeof(struct udphdr); } @@ -1281,9 +1311,8 @@ udp4_espinudp(struct mbuf *m, int off, s u_int32_t *st = (u_int32_t *)data; if ((len <= sizeof(u_int64_t) + sizeof(struct esp)) || - ((st[0] | st[1]) != 0)) { - goto out; - } + ((st[0] | st[1]) != 0)) + return 0; /* Normal UDP processing */ skip = sizeof(struct udphdr) + sizeof(u_int64_t); } @@ -1330,7 +1359,8 @@ udp4_espinudp(struct mbuf *m, int off, s */ if ((tag = m_tag_get(PACKET_TAG_IPSEC_NAT_T_PORTS, sizeof(sport) + sizeof(dport), M_DONTWAIT)) == NULL) { - goto out; + m_freem(m); + return -1; } ((u_int16_t *)(tag + 1))[0] = sport; ((u_int16_t *)(tag + 1))[1] = dport; @@ -1341,11 +1371,9 @@ udp4_espinudp(struct mbuf *m, int off, s else m_freem(m); - return; - -out: - m_freem(m); - return; + /* We handled it, it shouldn't be handled by UDP */ + *mp = NULL; /* avoi
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Tue Feb 13 14:50:28 UTC 2018 Modified Files: src/sys/netinet: if_arp.c Log Message: Mmh. Add a missing check: if ARP was disabled on the interface, don't process ARP packets. Otherwise the kernel will add ARP entries even if ifconfig wm0 -arp was entered. To generate a diff of this commit: cvs rdiff -u -r1.264 -r1.265 src/sys/netinet/if_arp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/if_arp.c diff -u src/sys/netinet/if_arp.c:1.264 src/sys/netinet/if_arp.c:1.265 --- src/sys/netinet/if_arp.c:1.264 Tue Feb 13 10:47:41 2018 +++ src/sys/netinet/if_arp.c Tue Feb 13 14:50:28 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_arp.c,v 1.264 2018/02/13 10:47:41 maxv Exp $ */ +/* $NetBSD: if_arp.c,v 1.265 2018/02/13 14:50:28 maxv Exp $ */ /* * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc. @@ -68,7 +68,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.264 2018/02/13 10:47:41 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.265 2018/02/13 14:50:28 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_ddb.h" @@ -324,7 +324,7 @@ arptimer(void *arg) LLE_WLOCK(lle); if (callout_pending(&lle->la_timer)) { /* - * Here we are a bit odd here in the treatment of + * Here we are a bit odd in the treatment of * active/pending. If the pending bit is set, it got * rescheduled before I ran. The active * bit we ignore, since if it was stopped @@ -725,6 +725,7 @@ arpresolve(struct ifnet *ifp, const stru bool renew; int error; struct ifnet *origifp = ifp; + #if NCARP > 0 if (rt != NULL && rt->rt_ifp->if_type == IFT_CARP) ifp = rt->rt_ifp; @@ -1058,6 +1059,8 @@ in_arpinput(struct mbuf *m) rcvif = ifp = m_get_rcvif_psref(m, &psref); if (__predict_false(rcvif == NULL)) goto out; + if (rcvif->if_flags & IFF_NOARP) + goto out; memcpy(&isaddr, ar_spa(ah), sizeof(isaddr)); memcpy(&itaddr, ar_tpa(ah), sizeof(itaddr)); @@ -1882,6 +1885,9 @@ in_revarpinput(struct mbuf *m) rcvif = m_get_rcvif(m, &s); if (__predict_false(rcvif == NULL)) goto out; + if (rcvif->if_flags & IFF_NOARP) + goto out; + switch (rcvif->if_type) { case IFT_IEEE1394: /* ARP without target hardware address is not supported */
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Tue Feb 13 10:47:41 UTC 2018 Modified Files: src/sys/netinet: if_arp.c Log Message: Be tougher: * In arpintr(), don't allow IEEE1394 packets on non-IEEE1394 interfaces. * In revarpinput(), kick IEEE1394 packets right away. They are not supported. To generate a diff of this commit: cvs rdiff -u -r1.263 -r1.264 src/sys/netinet/if_arp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/if_arp.c diff -u src/sys/netinet/if_arp.c:1.263 src/sys/netinet/if_arp.c:1.264 --- src/sys/netinet/if_arp.c:1.263 Tue Feb 13 10:31:01 2018 +++ src/sys/netinet/if_arp.c Tue Feb 13 10:47:41 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_arp.c,v 1.263 2018/02/13 10:31:01 maxv Exp $ */ +/* $NetBSD: if_arp.c,v 1.264 2018/02/13 10:47:41 maxv Exp $ */ /* * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc. @@ -68,7 +68,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.263 2018/02/13 10:31:01 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.264 2018/02/13 10:47:41 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_ddb.h" @@ -948,12 +948,12 @@ arpintr(void) goto free; } + /* + * We don't want non-IEEE1394 ARP packets on IEEE1394 + * interfaces, and vice versa. Our life depends on that. + */ switch (rcvif->if_type) { case IFT_IEEE1394: - /* - * We don't want non-IEEE1394 ARP packets on IEEE1394 - * interfaces. Our life depends on that. - */ if (ntohs(ar->ar_hrd) != ARPHRD_IEEE1394) { m_put_rcvif(rcvif, &s); ARP_STATINC(ARP_STAT_RCVBADPROTO); @@ -964,6 +964,12 @@ arpintr(void) ar->ar_hln + 2 * ar->ar_pln; break; default: + if (ntohs(ar->ar_hrd) == ARPHRD_IEEE1394) { +m_put_rcvif(rcvif, &s); +ARP_STATINC(ARP_STAT_RCVBADPROTO); +goto free; + } + arplen = sizeof(struct arphdr) + 2 * ar->ar_hln + 2 * ar->ar_pln; break; @@ -1827,6 +1833,10 @@ revarpinput(struct mbuf *m) return; ar = mtod(m, struct arphdr *); + if (ntohs(ar->ar_hrd) == ARPHRD_IEEE1394) { + goto out; + } + arplen = sizeof(struct arphdr) + 2 * (ar->ar_hln + ar->ar_pln); if (m->m_len < arplen && (m = m_pullup(m, arplen)) == NULL) return; @@ -1842,6 +1852,7 @@ revarpinput(struct mbuf *m) break; } +out: m_freem(m); }
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Tue Feb 13 10:31:01 UTC 2018 Modified Files: src/sys/netinet: if_arp.c Log Message: Same change as rev1.258, but this time in revarpinput: use m_pullup. To generate a diff of this commit: cvs rdiff -u -r1.262 -r1.263 src/sys/netinet/if_arp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/if_arp.c diff -u src/sys/netinet/if_arp.c:1.262 src/sys/netinet/if_arp.c:1.263 --- src/sys/netinet/if_arp.c:1.262 Tue Feb 13 10:20:50 2018 +++ src/sys/netinet/if_arp.c Tue Feb 13 10:31:01 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_arp.c,v 1.262 2018/02/13 10:20:50 maxv Exp $ */ +/* $NetBSD: if_arp.c,v 1.263 2018/02/13 10:31:01 maxv Exp $ */ /* * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc. @@ -68,7 +68,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.262 2018/02/13 10:20:50 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.263 2018/02/13 10:31:01 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_ddb.h" @@ -1820,16 +1820,18 @@ void revarpinput(struct mbuf *m) { struct arphdr *ar; + int arplen; - if (m->m_len < sizeof(struct arphdr)) - goto out; + arplen = sizeof(struct arphdr); + if (m->m_len < arplen && (m = m_pullup(m, arplen)) == NULL) + return; ar = mtod(m, struct arphdr *); -#if 0 /* XXX I don't think we need this... and it will prevent other LL */ - if (ntohs(ar->ar_hrd) != ARPHRD_ETHER) - goto out; -#endif - if (m->m_len < sizeof(struct arphdr) + 2 * (ar->ar_hln + ar->ar_pln)) - goto out; + + arplen = sizeof(struct arphdr) + 2 * (ar->ar_hln + ar->ar_pln); + if (m->m_len < arplen && (m = m_pullup(m, arplen)) == NULL) + return; + ar = mtod(m, struct arphdr *); + switch (ntohs(ar->ar_pro)) { case ETHERTYPE_IP: case ETHERTYPE_IPTRAILERS: @@ -1839,7 +1841,7 @@ revarpinput(struct mbuf *m) default: break; } -out: + m_freem(m); }
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Tue Feb 13 10:20:50 UTC 2018 Modified Files: src/sys/netinet: if_arp.c Log Message: Minor stylistic changes, and use C99 types. To generate a diff of this commit: cvs rdiff -u -r1.261 -r1.262 src/sys/netinet/if_arp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/if_arp.c diff -u src/sys/netinet/if_arp.c:1.261 src/sys/netinet/if_arp.c:1.262 --- src/sys/netinet/if_arp.c:1.261 Tue Feb 13 10:05:05 2018 +++ src/sys/netinet/if_arp.c Tue Feb 13 10:20:50 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_arp.c,v 1.261 2018/02/13 10:05:05 maxv Exp $ */ +/* $NetBSD: if_arp.c,v 1.262 2018/02/13 10:20:50 maxv Exp $ */ /* * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc. @@ -68,7 +68,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.261 2018/02/13 10:05:05 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.262 2018/02/13 10:20:50 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_ddb.h" @@ -157,7 +157,7 @@ static void arp_init(void); static void arprequest(struct ifnet *, const struct in_addr *, const struct in_addr *, -const u_int8_t *); +const uint8_t *); static void arpannounce1(struct ifaddr *); static struct sockaddr *arp_setgate(struct rtentry *, struct sockaddr *, const struct sockaddr *); @@ -222,10 +222,10 @@ static int log_unknown_network = 1; #define LLA_ADDRSTRLEN (16 * 3) static char * -lla_snprintf(char *, u_int8_t *, int); +lla_snprintf(char *, uint8_t *, int); static char * -lla_snprintf(char *dst, u_int8_t *adrp, int len) +lla_snprintf(char *dst, uint8_t *adrp, int len) { int i; char *p; @@ -631,7 +631,7 @@ arp_rtrequest(int req, struct rtentry *r static void arprequest(struct ifnet *ifp, const struct in_addr *sip, const struct in_addr *tip, -const u_int8_t *enaddr) +const uint8_t *enaddr) { struct mbuf *m; struct arphdr *ah; @@ -814,8 +814,7 @@ notfound: LLE_WUNLOCK(la); if (renew) { - const u_int8_t *enaddr = - CLLADDR(ifp->if_sadl); + const uint8_t *enaddr = CLLADDR(ifp->if_sadl); arprequest(origifp, &satocsin(rt->rt_ifa->ifa_addr)->sin_addr, &satocsin(dst)->sin_addr, enaddr); @@ -875,8 +874,7 @@ notfound: EHOSTUNREACH : EHOSTDOWN; if (renew) { - const u_int8_t *enaddr = - CLLADDR(ifp->if_sadl); + const uint8_t *enaddr = CLLADDR(ifp->if_sadl); la->la_expire = time_uptime; arp_settimer(la, arpt_down); la->la_asked++; @@ -1022,7 +1020,7 @@ in_arpinput(struct mbuf *m) struct in_ifaddr *bridge_ia = NULL; #endif #if NCARP > 0 - u_int32_t count = 0, index = 0; + uint32_t count = 0, index = 0; #endif struct sockaddr sa; struct in_addr isaddr, itaddr, myaddr; @@ -1100,7 +1098,7 @@ in_arpinput(struct mbuf *m) if (rcvif->if_bridge != NULL && rcvif->if_bridge == ia->ia_ifp->if_bridge) bridge_ia = ia; -#endif /* NBRIDGE > 0 */ +#endif } #if NBRIDGE > 0 @@ -1260,7 +1258,7 @@ in_arpinput(struct mbuf *m) } } } -#endif /* NTOKEN > 0 */ +#endif KASSERT(sizeof(la->ll_addr) >= ifp->if_addrlen); memcpy(&la->ll_addr, ar_sha(ah), ifp->if_addrlen); @@ -1322,6 +1320,7 @@ reply: /* Proxy ARP */ struct llentry *lle = NULL; struct sockaddr_in sin; + #if NCARP > 0 if (ifp->if_type == IFT_CARP) { struct ifnet *_rcvif = m_get_rcvif(m, &s); @@ -1361,9 +1360,7 @@ reply: ah->ar_pro = htons(ETHERTYPE_IP); /* let's be sure! */ switch (ifp->if_type) { case IFT_IEEE1394: - /* - * ieee1394 arp reply is broadcast - */ + /* ieee1394 arp reply is broadcast */ m->m_flags &= ~M_MCAST; m->m_flags |= M_BCAST; m->m_len = sizeof(*ah) + (2 * ah->ar_pln) + ah->ar_hln;
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Tue Feb 13 10:05:05 UTC 2018 Modified Files: src/sys/netinet: if_arp.c Log Message: Replace dead code by KASSERT. To generate a diff of this commit: cvs rdiff -u -r1.260 -r1.261 src/sys/netinet/if_arp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/if_arp.c diff -u src/sys/netinet/if_arp.c:1.260 src/sys/netinet/if_arp.c:1.261 --- src/sys/netinet/if_arp.c:1.260 Tue Feb 13 08:51:37 2018 +++ src/sys/netinet/if_arp.c Tue Feb 13 10:05:05 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_arp.c,v 1.260 2018/02/13 08:51:37 maxv Exp $ */ +/* $NetBSD: if_arp.c,v 1.261 2018/02/13 10:05:05 maxv Exp $ */ /* * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc. @@ -68,7 +68,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.260 2018/02/13 08:51:37 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.261 2018/02/13 10:05:05 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_ddb.h" @@ -1232,20 +1232,7 @@ in_arpinput(struct mbuf *m) } } - /* XXX llentry should have addrlen? */ -#if 0 - /* - * sanity check for the address length. - * XXX this does not work for protocols with variable address - * length. -is - */ - if (sdl->sdl_alen && sdl->sdl_alen != ah->ar_hln) { - ARP_STATINC(ARP_STAT_RCVLENCHG); - log(LOG_WARNING, - "arp from %s: new addr len %d, was %d\n", - IN_PRINT(ipbuf, &isaddr), ah->ar_hln, sdl->sdl_alen); - } -#endif + KASSERT(ifp->if_sadl->sdl_alen == ifp->if_addrlen); #if NTOKEN > 0 /*
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Tue Feb 13 08:51:38 UTC 2018 Modified Files: src/sys/netinet: if_arp.c Log Message: Don't force ARPHRD_IEEE1394 on IEEE1394 interfaces. If it's not there, then kick the packet. And do this earlier. To generate a diff of this commit: cvs rdiff -u -r1.259 -r1.260 src/sys/netinet/if_arp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/if_arp.c diff -u src/sys/netinet/if_arp.c:1.259 src/sys/netinet/if_arp.c:1.260 --- src/sys/netinet/if_arp.c:1.259 Tue Feb 13 08:20:12 2018 +++ src/sys/netinet/if_arp.c Tue Feb 13 08:51:37 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_arp.c,v 1.259 2018/02/13 08:20:12 maxv Exp $ */ +/* $NetBSD: if_arp.c,v 1.260 2018/02/13 08:51:37 maxv Exp $ */ /* * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc. @@ -68,7 +68,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.259 2018/02/13 08:20:12 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.260 2018/02/13 08:51:37 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_ddb.h" @@ -949,8 +949,19 @@ arpintr(void) ARP_STATINC(ARP_STAT_RCVNOINT); goto free; } + switch (rcvif->if_type) { case IFT_IEEE1394: + /* + * We don't want non-IEEE1394 ARP packets on IEEE1394 + * interfaces. Our life depends on that. + */ + if (ntohs(ar->ar_hrd) != ARPHRD_IEEE1394) { +m_put_rcvif(rcvif, &s); +ARP_STATINC(ARP_STAT_RCVBADPROTO); +goto free; + } + arplen = sizeof(struct arphdr) + ar->ar_hln + 2 * ar->ar_pln; break; @@ -959,6 +970,7 @@ arpintr(void) 2 * ar->ar_hln + 2 * ar->ar_pln; break; } + m_put_rcvif(rcvif, &s); if (m->m_len < arplen && (m = m_pullup(m, arplen)) == NULL) @@ -1043,23 +1055,6 @@ in_arpinput(struct mbuf *m) if (__predict_false(rcvif == NULL)) goto out; - /* - * Fix up ah->ar_hrd if necessary, before using ar_tha() or ar_tpa(). - * XXX check ar_hrd more strictly? - */ - switch (ifp->if_type) { - case IFT_IEEE1394: - if (ntohs(ah->ar_hrd) == ARPHRD_IEEE1394) - ; - else { - /* XXX this is to make sure we compute ar_tha right */ - ah->ar_hrd = htons(ARPHRD_IEEE1394); - } - break; - default: - break; - } - memcpy(&isaddr, ar_spa(ah), sizeof(isaddr)); memcpy(&itaddr, ar_tpa(ah), sizeof(itaddr));
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Tue Feb 13 08:20:12 UTC 2018 Modified Files: src/sys/netinet: if_arp.c Log Message: Use only one label, clearer. To generate a diff of this commit: cvs rdiff -u -r1.258 -r1.259 src/sys/netinet/if_arp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/if_arp.c diff -u src/sys/netinet/if_arp.c:1.258 src/sys/netinet/if_arp.c:1.259 --- src/sys/netinet/if_arp.c:1.258 Tue Feb 13 07:51:24 2018 +++ src/sys/netinet/if_arp.c Tue Feb 13 08:20:12 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_arp.c,v 1.258 2018/02/13 07:51:24 maxv Exp $ */ +/* $NetBSD: if_arp.c,v 1.259 2018/02/13 08:20:12 maxv Exp $ */ /* * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc. @@ -68,7 +68,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.258 2018/02/13 07:51:24 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.259 2018/02/13 08:20:12 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_ddb.h" @@ -1033,14 +1033,15 @@ in_arpinput(struct mbuf *m) ifp = if_get_bylla(ar_sha(ah), ah->ar_hln, &psref); if (ifp) { + /* it's from me, ignore it. */ if_put(ifp, &psref); ARP_STATINC(ARP_STAT_RCVLOCALSHA); - goto out; /* it's from me, ignore it. */ + goto out; } rcvif = ifp = m_get_rcvif_psref(m, &psref); if (__predict_false(rcvif == NULL)) - goto drop; + goto out; /* * Fix up ah->ar_hrd if necessary, before using ar_tha() or ar_tpa(). @@ -1367,7 +1368,7 @@ reply: } else { if (lle != NULL) LLE_RUNLOCK(lle); - goto drop; + goto out; } } ia4_release(ia, &psref_ia); @@ -1405,7 +1406,6 @@ reply: out: if (la != NULL) LLE_WUNLOCK(la); -drop: if (ia != NULL) ia4_release(ia, &psref_ia); if (rcvif != NULL)
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Tue Feb 13 07:51:24 UTC 2018 Modified Files: src/sys/netinet: if_arp.c Log Message: Fix three things in arpintr(): * mtod can't return NULL. * It is wrong to kick the packet if m->m_len < arplen. While this check always returns false for native Ethernet interfaces, it may not if the frame is encapsulated in EtherIP/L2TP. Use m_pullup instead. * Remove XXX, it is fine. Reduce the indentation level afterwards. To generate a diff of this commit: cvs rdiff -u -r1.257 -r1.258 src/sys/netinet/if_arp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/if_arp.c diff -u src/sys/netinet/if_arp.c:1.257 src/sys/netinet/if_arp.c:1.258 --- src/sys/netinet/if_arp.c:1.257 Tue Feb 13 07:44:25 2018 +++ src/sys/netinet/if_arp.c Tue Feb 13 07:51:24 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_arp.c,v 1.257 2018/02/13 07:44:25 maxv Exp $ */ +/* $NetBSD: if_arp.c,v 1.258 2018/02/13 07:51:24 maxv Exp $ */ /* * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc. @@ -68,7 +68,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.257 2018/02/13 07:44:25 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.258 2018/02/13 07:51:24 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_ddb.h" @@ -939,12 +939,10 @@ arpintr(void) MCLAIM(m, &arpdomain.dom_mowner); ARP_STATINC(ARP_STAT_RCVTOTAL); - /* - * First, make sure we have at least struct arphdr. - */ - if (m->m_len < sizeof(struct arphdr) || - (ar = mtod(m, struct arphdr *)) == NULL) + arplen = sizeof(struct arphdr); + if (m->m_len < arplen && (m = m_pullup(m, arplen)) == NULL) goto badlen; + ar = mtod(m, struct arphdr *); rcvif = m_get_rcvif(m, &s); if (__predict_false(rcvif == NULL)) { @@ -963,23 +961,26 @@ arpintr(void) } m_put_rcvif(rcvif, &s); - if (/* XXX ntohs(ar->ar_hrd) == ARPHRD_ETHER && */ - m->m_len >= arplen) - switch (ntohs(ar->ar_pro)) { - case ETHERTYPE_IP: - case ETHERTYPE_IPTRAILERS: -in_arpinput(m); -continue; - default: -ARP_STATINC(ARP_STAT_RCVBADPROTO); - } - else { -badlen: - ARP_STATINC(ARP_STAT_RCVBADLEN); + if (m->m_len < arplen && (m = m_pullup(m, arplen)) == NULL) + goto badlen; + ar = mtod(m, struct arphdr *); + + switch (ntohs(ar->ar_pro)) { + case ETHERTYPE_IP: + case ETHERTYPE_IPTRAILERS: + in_arpinput(m); + continue; + default: + ARP_STATINC(ARP_STAT_RCVBADPROTO); + goto free; } + +badlen: + ARP_STATINC(ARP_STAT_RCVBADLEN); free: m_freem(m); } + out: SOFTNET_KERNEL_UNLOCK_UNLESS_NET_MPSAFE(); return; /* XXX gcc */
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Tue Feb 13 07:44:25 UTC 2018 Modified Files: src/sys/netinet: if_arp.c Log Message: Style, no functional change. To generate a diff of this commit: cvs rdiff -u -r1.256 -r1.257 src/sys/netinet/if_arp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/if_arp.c diff -u src/sys/netinet/if_arp.c:1.256 src/sys/netinet/if_arp.c:1.257 --- src/sys/netinet/if_arp.c:1.256 Tue Jan 16 08:13:47 2018 +++ src/sys/netinet/if_arp.c Tue Feb 13 07:44:25 2018 @@ -1,6 +1,6 @@ -/* $NetBSD: if_arp.c,v 1.256 2018/01/16 08:13:47 ozaki-r Exp $ */ +/* $NetBSD: if_arp.c,v 1.257 2018/02/13 07:44:25 maxv Exp $ */ -/*- +/* * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc. * All rights reserved. * @@ -68,7 +68,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.256 2018/01/16 08:13:47 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.257 2018/02/13 07:44:25 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_ddb.h" @@ -140,38 +140,38 @@ __KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1 #define ETHERTYPE_IPTRAILERS ETHERTYPE_TRAIL /* timer values */ -static int arpt_keep = (20*60); /* once resolved, good for 20 more minutes */ -static int arpt_down = 20; /* once declared down, don't send for 20 secs */ -static int arp_maxhold = 1; /* number of packets to hold per ARP entry */ +static int arpt_keep = (20*60); /* once resolved, good for 20 more minutes */ +static int arpt_down = 20; /* once declared down, don't send for 20 secs */ +static int arp_maxhold = 1; /* number of packets to hold per ARP entry */ #define rt_expire rt_rmx.rmx_expire #define rt_pksent rt_rmx.rmx_pksent -int ip_dad_count = PROBE_NUM; +int ip_dad_count = PROBE_NUM; #ifdef ARP_DEBUG -int arp_debug = 1; +int arp_debug = 1; #else -int arp_debug = 0; +int arp_debug = 0; #endif -static void arp_init(void); +static void arp_init(void); -static void arprequest(struct ifnet *, +static void arprequest(struct ifnet *, const struct in_addr *, const struct in_addr *, const u_int8_t *); -static void arpannounce1(struct ifaddr *); -static struct sockaddr *arp_setgate(struct rtentry *, struct sockaddr *, - const struct sockaddr *); -static void arptimer(void *); -static void arp_settimer(struct llentry *, int); -static struct llentry *arplookup(struct ifnet *, struct mbuf *, - const struct in_addr *, const struct sockaddr *, int); -static struct llentry *arpcreate(struct ifnet *, struct mbuf *, - const struct in_addr *, const struct sockaddr *, int); -static void in_arpinput(struct mbuf *); -static void in_revarpinput(struct mbuf *); -static void revarprequest(struct ifnet *); +static void arpannounce1(struct ifaddr *); +static struct sockaddr *arp_setgate(struct rtentry *, struct sockaddr *, +const struct sockaddr *); +static void arptimer(void *); +static void arp_settimer(struct llentry *, int); +static struct llentry *arplookup(struct ifnet *, struct mbuf *, +const struct in_addr *, const struct sockaddr *, int); +static struct llentry *arpcreate(struct ifnet *, struct mbuf *, +const struct in_addr *, const struct sockaddr *, int); +static void in_arpinput(struct mbuf *); +static void in_revarpinput(struct mbuf *); +static void revarprequest(struct ifnet *); -static void arp_drainstub(void); +static void arp_drainstub(void); struct dadq; static void arp_dad_timer(struct dadq *); @@ -184,15 +184,15 @@ static void arp_init_llentry(struct ifne static void arp_free_llentry_tokenring(struct llentry *); #endif -struct ifqueue arpintrq = { +struct ifqueue arpintrq = { .ifq_head = NULL, .ifq_tail = NULL, .ifq_len = 0, .ifq_maxlen = 50, .ifq_drops = 0, }; -static int arp_maxtries = 5; -static int useloopback = 1; /* use loopback interface for local traffic */ +static int arp_maxtries = 5; +static int useloopback = 1; /* use loopback interface for local traffic */ static percpu_t *arpstat_percpu; @@ -203,10 +203,10 @@ static percpu_t *arpstat_percpu; #define ARP_STATADD(x, v) _NET_STATADD(arpstat_percpu, x, v) /* revarp state */ -static struct in_addr myip, srv_ip; -static int myip_initialized = 0; -static int revarp_in_progress = 0; -static struct ifnet *myip_ifp = NULL; +static struct in_addr myip, srv_ip; +static int myip_initialized = 0; +static int revarp_in_progress = 0; +static struct ifnet *myip_ifp = NULL; static int arp_drainwanted; @@ -257,18 +257,19 @@ arp_fasttimo(void) } const struct protosw arpsw[] = { - { .pr_type = 0, - .pr_domain = &arpdomain, - .pr_protocol = 0, - .pr_flags = 0, - .pr_input = 0, - .pr_ctlinput = 0, - .pr_ctloutput = 0, - .pr_usrreqs = 0, - .pr_init = arp_init, - .pr_fasttimo = arp_fasttimo, - .pr_slowtimo = 0, - .pr_drain = arp_drainstub, + { + .pr_type = 0, + .pr_domain = &arpdomain, + .pr_protocol = 0, + .pr_flags = 0, + .pr_input = 0,
CVS commit: src/sys/netinet
Module Name:src Committed By: christos Date: Mon Feb 12 18:19:12 UTC 2018 Modified Files: src/sys/netinet: ip_output.c Log Message: Keep a pointer to the interface of the multicast membership, because the multicast element itself might go away in in_delmulti (but the interface can't because we hold the lock). From ozaki-r@ To generate a diff of this commit: cvs rdiff -u -r1.294 -r1.295 src/sys/netinet/ip_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_output.c diff -u src/sys/netinet/ip_output.c:1.294 src/sys/netinet/ip_output.c:1.295 --- src/sys/netinet/ip_output.c:1.294 Wed Feb 7 01:21:23 2018 +++ src/sys/netinet/ip_output.c Mon Feb 12 13:19:12 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_output.c,v 1.294 2018/02/07 06:21:23 mrg Exp $ */ +/* $NetBSD: ip_output.c,v 1.295 2018/02/12 18:19:12 christos Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.294 2018/02/07 06:21:23 mrg Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.295 2018/02/12 18:19:12 christos Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1927,9 +1927,10 @@ ip_drop_membership(struct ip_moptions *i * Give up the multicast address record to which the * membership points. */ - IFNET_LOCK(imo->imo_membership[i]->inm_ifp); + struct ifnet *inm_ifp = imo->imo_membership[i]->inm_ifp; + IFNET_LOCK(inm_ifp); in_delmulti(imo->imo_membership[i]); - IFNET_UNLOCK(imo->imo_membership[i]->inm_ifp); + IFNET_UNLOCK(inm_ifp); /* * Remove the gap in the membership array.
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Mon Feb 12 09:31:06 UTC 2018 Modified Files: src/sys/netinet: udp_usrreq.c Log Message: Don't rebase the pointers. 'm' is only allowed to become NULL (which means 'processed'). To generate a diff of this commit: cvs rdiff -u -r1.240 -r1.241 src/sys/netinet/udp_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/udp_usrreq.c diff -u src/sys/netinet/udp_usrreq.c:1.240 src/sys/netinet/udp_usrreq.c:1.241 --- src/sys/netinet/udp_usrreq.c:1.240 Sat Feb 10 08:17:00 2018 +++ src/sys/netinet/udp_usrreq.c Mon Feb 12 09:31:06 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: udp_usrreq.c,v 1.240 2018/02/10 08:17:00 maxv Exp $ */ +/* $NetBSD: udp_usrreq.c,v 1.241 2018/02/12 09:31:06 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -66,7 +66,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.240 2018/02/10 08:17:00 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.241 2018/02/12 09:31:06 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -405,14 +405,6 @@ udp_input(struct mbuf *m, ...) return; } - ip = mtod(m, struct ip *); - IP6_EXTHDR_GET(uh, struct udphdr *, m, iphlen, sizeof(struct udphdr)); - if (uh == NULL) { - UDP_STATINC(UDP_STAT_HDROPS); - return; - } - /* XXX Re-enforce alignment? */ - #ifdef INET6 if (IN_MULTICAST(ip->ip_dst.s_addr) || n == 0) { struct sockaddr_in6 src6, dst6;
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Mon Feb 12 08:22:27 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c tcp_output.c tcp_var.h Log Message: Remove unused argument from tcp_signature_getsav. To generate a diff of this commit: cvs rdiff -u -r1.378 -r1.379 src/sys/netinet/tcp_input.c cvs rdiff -u -r1.197 -r1.198 src/sys/netinet/tcp_output.c cvs rdiff -u -r1.183 -r1.184 src/sys/netinet/tcp_var.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.378 src/sys/netinet/tcp_input.c:1.379 --- src/sys/netinet/tcp_input.c:1.378 Mon Feb 12 08:13:08 2018 +++ src/sys/netinet/tcp_input.c Mon Feb 12 08:22:26 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.378 2018/02/12 08:13:08 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.379 2018/02/12 08:22:26 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.378 2018/02/12 08:13:08 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.379 2018/02/12 08:22:26 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -3092,7 +3092,7 @@ tcp_signature_apply(void *fstate, void * } struct secasvar * -tcp_signature_getsav(struct mbuf *m, struct tcphdr *th) +tcp_signature_getsav(struct mbuf *m) { struct ip *ip; struct ip6_hdr *ip6; @@ -3341,9 +3341,7 @@ tcp_dooptions(struct tcpcb *tp, const u_ return 0; #else if (tp->t_flags & TF_SIGNATURE) { - - sav = tcp_signature_getsav(m, th); - + sav = tcp_signature_getsav(m); if (sav == NULL && tp->t_state == TCPS_LISTEN) return (-1); } @@ -4584,9 +4582,7 @@ syn_cache_respond(struct syn_cache *sc) #ifdef TCP_SIGNATURE if (sc->sc_flags & SCF_SIGNATURE) { - - sav = tcp_signature_getsav(m, th); - + sav = tcp_signature_getsav(m); if (sav == NULL) { if (m) m_freem(m); Index: src/sys/netinet/tcp_output.c diff -u src/sys/netinet/tcp_output.c:1.197 src/sys/netinet/tcp_output.c:1.198 --- src/sys/netinet/tcp_output.c:1.197 Thu Aug 3 06:32:51 2017 +++ src/sys/netinet/tcp_output.c Mon Feb 12 08:22:26 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_output.c,v 1.197 2017/08/03 06:32:51 ozaki-r Exp $ */ +/* $NetBSD: tcp_output.c,v 1.198 2018/02/12 08:22:26 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -135,7 +135,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.197 2017/08/03 06:32:51 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.198 2018/02/12 08:22:26 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1492,8 +1492,7 @@ reset: TCP_REASS_UNLOCK(tp); struct secasvar *sav; u_int8_t *sigp; - sav = tcp_signature_getsav(m, th); - + sav = tcp_signature_getsav(m); if (sav == NULL) { if (m) m_freem(m); Index: src/sys/netinet/tcp_var.h diff -u src/sys/netinet/tcp_var.h:1.183 src/sys/netinet/tcp_var.h:1.184 --- src/sys/netinet/tcp_var.h:1.183 Mon Feb 12 08:08:28 2018 +++ src/sys/netinet/tcp_var.h Mon Feb 12 08:22:26 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_var.h,v 1.183 2018/02/12 08:08:28 maxv Exp $ */ +/* $NetBSD: tcp_var.h,v 1.184 2018/02/12 08:22:26 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -880,7 +880,7 @@ struct tcpcb * tcp_drop(struct tcpcb *, int); #ifdef TCP_SIGNATURE int tcp_signature_apply(void *, void *, u_int); -struct secasvar *tcp_signature_getsav(struct mbuf *, struct tcphdr *); +struct secasvar *tcp_signature_getsav(struct mbuf *); int tcp_signature(struct mbuf *, struct tcphdr *, int, struct secasvar *, char *); #endif
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Mon Feb 12 08:13:08 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Add a KASSERT. To generate a diff of this commit: cvs rdiff -u -r1.377 -r1.378 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.377 src/sys/netinet/tcp_input.c:1.378 --- src/sys/netinet/tcp_input.c:1.377 Mon Feb 12 08:08:28 2018 +++ src/sys/netinet/tcp_input.c Mon Feb 12 08:13:08 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.377 2018/02/12 08:08:28 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.378 2018/02/12 08:13:08 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.377 2018/02/12 08:08:28 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.378 2018/02/12 08:13:08 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1616,6 +1616,8 @@ nosave:; union syn_cache_sa src; union syn_cache_sa dst; + KASSERT(tp->t_state == TCPS_LISTEN); + memset(&src, 0, sizeof(src)); memset(&dst, 0, sizeof(dst)); switch (af) {
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Mon Feb 12 08:08:28 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c tcp_var.h Log Message: Remove the 'm' argument from syn_cache_respond(); all it does with it is freeing it, so free in the caller instead. To generate a diff of this commit: cvs rdiff -u -r1.376 -r1.377 src/sys/netinet/tcp_input.c cvs rdiff -u -r1.182 -r1.183 src/sys/netinet/tcp_var.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.376 src/sys/netinet/tcp_input.c:1.377 --- src/sys/netinet/tcp_input.c:1.376 Mon Feb 12 08:03:42 2018 +++ src/sys/netinet/tcp_input.c Mon Feb 12 08:08:28 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.376 2018/02/12 08:03:42 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.377 2018/02/12 08:08:28 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.376 2018/02/12 08:03:42 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.377 2018/02/12 08:08:28 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -3749,7 +3749,7 @@ syn_cache_timer(void *arg) goto dropit; TCP_STATINC(TCP_STAT_SC_RETRANSMITTED); - (void) syn_cache_respond(sc, NULL); + (void)syn_cache_respond(sc); /* Advance the timer back-off. */ sc->sc_rxtshift++; @@ -3884,7 +3884,8 @@ syn_cache_get(struct sockaddr *src, stru if ((th->th_ack != sc->sc_iss + 1) || SEQ_LEQ(th->th_seq, sc->sc_irs) || SEQ_GT(th->th_seq, sc->sc_irs + 1 + sc->sc_win)) { - (void) syn_cache_respond(sc, m); + m_freem(m); + (void)syn_cache_respond(sc); splx(s); return ((struct socket *)(-1)); } @@ -4302,7 +4303,8 @@ syn_cache_add(struct sockaddr *src, stru sc->sc_ipopts = ipopts; } sc->sc_timestamp = tb.ts_recent; - if (syn_cache_respond(sc, m) == 0) { + m_freem(m); + if (syn_cache_respond(sc) == 0) { uint64_t *tcps = TCP_STAT_GETREF(); tcps[TCP_STAT_SNDACKS]++; tcps[TCP_STAT_SNDTOTAL]++; @@ -4411,7 +4413,8 @@ syn_cache_add(struct sockaddr *src, stru sc->sc_flags |= SCF_SIGNATURE; #endif sc->sc_tp = tp; - if (syn_cache_respond(sc, m) == 0) { + m_freem(m); + if (syn_cache_respond(sc) == 0) { uint64_t *tcps = TCP_STAT_GETREF(); tcps[TCP_STAT_SNDACKS]++; tcps[TCP_STAT_SNDTOTAL]++; @@ -4438,7 +4441,7 @@ syn_cache_add(struct sockaddr *src, stru */ int -syn_cache_respond(struct syn_cache *sc, struct mbuf *m) +syn_cache_respond(struct syn_cache *sc) { #ifdef INET6 struct rtentry *rt = NULL; @@ -4453,6 +4456,7 @@ syn_cache_respond(struct syn_cache *sc, #endif struct tcpcb *tp = NULL; struct tcphdr *th; + struct mbuf *m; u_int hlen; #ifdef TCP_SIGNATURE struct secasvar *sav = NULL; @@ -4470,8 +4474,6 @@ syn_cache_respond(struct syn_cache *sc, break; #endif default: - if (m) - m_freem(m); return (EAFNOSUPPORT); } @@ -4481,8 +4483,6 @@ syn_cache_respond(struct syn_cache *sc, /* * Create the IP+TCP header from scratch. */ - if (m) - m_freem(m); #ifdef DIAGNOSTIC if (max_linkhdr + tlen > MCLBYTES) return ENOBUFS; Index: src/sys/netinet/tcp_var.h diff -u src/sys/netinet/tcp_var.h:1.182 src/sys/netinet/tcp_var.h:1.183 --- src/sys/netinet/tcp_var.h:1.182 Fri Jan 19 07:53:01 2018 +++ src/sys/netinet/tcp_var.h Mon Feb 12 08:08:28 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_var.h,v 1.182 2018/01/19 07:53:01 ozaki-r Exp $ */ +/* $NetBSD: tcp_var.h,v 1.183 2018/02/12 08:08:28 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -968,7 +968,7 @@ struct syn_cache *syn_cache_lookup(const struct syn_cache_head **); void syn_cache_reset(struct sockaddr *, struct sockaddr *, struct tcphdr *); -int syn_cache_respond(struct syn_cache *, struct mbuf *); +int syn_cache_respond(struct syn_cache *); void syn_cache_cleanup(struct tcpcb *); int tcp_input_checksum(int, struct mbuf *, const struct tcphdr *, int, int,
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Mon Feb 12 08:03:42 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Remove this multicast check. Multicast packets are already dropped at the beginning of the function. To generate a diff of this commit: cvs rdiff -u -r1.375 -r1.376 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.375 src/sys/netinet/tcp_input.c:1.376 --- src/sys/netinet/tcp_input.c:1.375 Fri Feb 9 14:06:17 2018 +++ src/sys/netinet/tcp_input.c Mon Feb 12 08:03:42 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.375 2018/02/09 14:06:17 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.376 2018/02/12 08:03:42 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.375 2018/02/09 14:06:17 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.376 2018/02/12 08:03:42 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -3043,24 +3043,9 @@ dropwithreset: */ if (tiflags & TH_RST) goto drop; - - switch (af) { -#ifdef INET6 - case AF_INET6: - /* For following calls to tcp_respond */ - if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) - goto drop; - break; -#endif /* INET6 */ - case AF_INET: - if (IN_MULTICAST(ip->ip_dst.s_addr) || - in_broadcast(ip->ip_dst, m_get_rcvif_NOMPSAFE(m))) - goto drop; - } - - if (tiflags & TH_ACK) + if (tiflags & TH_ACK) { (void)tcp_respond(tp, m, m, th, (tcp_seq)0, th->th_ack, TH_RST); - else { + } else { if (tiflags & TH_SYN) tlen++; (void)tcp_respond(tp, m, m, th, th->th_seq + tlen, (tcp_seq)0,
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Sat Feb 10 08:17:00 UTC 2018 Modified Files: src/sys/netinet: udp_usrreq.c Log Message: If the socket wants a ESP-over-UDP packet, and the packet is incorrect, stop processing it instead of giving it to udp4_sendup. It just doesn't make any sense not to drop it. I was already telling myself this the other day when I visited this place, but I just saw PR/36782 (11 years old) that suggests the exact same thing, so fix it. Now, udp4_espinudp always frees the mbuf, and is made void. The packet is not processed any further afterwards. To generate a diff of this commit: cvs rdiff -u -r1.239 -r1.240 src/sys/netinet/udp_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/udp_usrreq.c diff -u src/sys/netinet/udp_usrreq.c:1.239 src/sys/netinet/udp_usrreq.c:1.240 --- src/sys/netinet/udp_usrreq.c:1.239 Thu Feb 8 10:24:46 2018 +++ src/sys/netinet/udp_usrreq.c Sat Feb 10 08:17:00 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: udp_usrreq.c,v 1.239 2018/02/08 10:24:46 maxv Exp $ */ +/* $NetBSD: udp_usrreq.c,v 1.240 2018/02/10 08:17:00 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -66,7 +66,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.239 2018/02/08 10:24:46 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.240 2018/02/10 08:17:00 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -139,7 +139,7 @@ percpu_t *udpstat_percpu; #ifdef INET #ifdef IPSEC -static int udp4_espinudp(struct mbuf **, int, struct sockaddr *, +static void udp4_espinudp(struct mbuf *, int, struct sockaddr *, struct socket *); #endif static void udp4_sendup(struct mbuf *, int, struct sockaddr *, @@ -606,25 +606,9 @@ udp4_realinput(struct sockaddr_in *src, /* Handle ESP over UDP */ if (inp->inp_flags & INP_ESPINUDP_ALL) { struct sockaddr *sa = (struct sockaddr *)src; - - switch (udp4_espinudp(mp, off, sa, inp->inp_socket)) { - case -1: /* Error, m was freed */ -rcvcnt = -1; -goto bad; - - case 1: /* ESP over UDP */ -rcvcnt++; -goto bad; - - case 0: /* plain UDP */ - default: /* Unexpected */ -/* - * Normal UDP processing will take place, - * m may have changed. - */ -m = *mp; -break; - } + udp4_espinudp(m, off, sa, inp->inp_socket); + *mp = NULL; + goto bad; } #endif @@ -1246,13 +1230,10 @@ udp_statinc(u_int stat) #if defined(INET) && defined(IPSEC) /* - * Returns: - * 1 if the packet was processed - * 0 if normal UDP processing should take place - *-1 if an error occurred and m was freed + * This function always frees the mbuf. */ -static int -udp4_espinudp(struct mbuf **mp, int off, struct sockaddr *src, +static void +udp4_espinudp(struct mbuf *m, int off, struct sockaddr *src, struct socket *so) { size_t len; @@ -1265,7 +1246,6 @@ udp4_espinudp(struct mbuf **mp, int off, struct m_tag *tag; struct udphdr *udphdr; u_int16_t sport, dport; - struct mbuf *m = *mp; /* * Collapse the mbuf chain if the first mbuf is too short @@ -1276,10 +1256,9 @@ udp4_espinudp(struct mbuf **mp, int off, minlen = m->m_pkthdr.len; if (m->m_len < minlen) { - if ((*mp = m_pullup(m, minlen)) == NULL) { - return -1; + if ((m = m_pullup(m, minlen)) == NULL) { + return; } - m = *mp; } len = m->m_len - off; @@ -1288,9 +1267,7 @@ udp4_espinudp(struct mbuf **mp, int off, /* Ignore keepalive packets */ if ((len == 1) && (*(unsigned char *)data == 0xff)) { - m_freem(m); - *mp = NULL; /* avoid any further processing by caller ... */ - return 1; + goto out; } /* @@ -1301,8 +1278,9 @@ udp4_espinudp(struct mbuf **mp, int off, if (inp->inp_flags & INP_ESPINUDP) { u_int32_t *st = (u_int32_t *)data; - if ((len <= sizeof(struct esp)) || (*st == 0)) - return 0; /* Normal UDP processing */ + if ((len <= sizeof(struct esp)) || (*st == 0)) { + goto out; + } skip = sizeof(struct udphdr); } @@ -1311,8 +1289,9 @@ udp4_espinudp(struct mbuf **mp, int off, u_int32_t *st = (u_int32_t *)data; if ((len <= sizeof(u_int64_t) + sizeof(struct esp)) || - ((st[0] | st[1]) != 0)) - return 0; /* Normal UDP processing */ + ((st[0] | st[1]) != 0)) { + goto out; + } skip = sizeof(struct udphdr) + sizeof(u_int64_t); } @@ -1359,8 +1338,7 @@ udp4_espinudp(struct mbuf **mp, int off, */ if ((tag = m_tag_get(PACKET_TAG_IPSEC_NAT_T_PORTS, sizeof(sport) + sizeof(dport), M_DONTWAIT)) == NULL) { - m_freem(m); - return -1; + goto out; } ((u_int16_t *)(tag + 1))[0] = sport; ((u_int16_t *)(tag + 1))[1] = dport; @@ -1371,9 +1349,11 @@ udp4_espinudp(struct mbuf **mp, int off, else m_freem(m); - /* We handled it, it shouldn't be handled by UDP */ - *mp = NULL; /* avoid free by caller ... */ - return 1; + return; + +out: + m_freem(m); + return; } #endi
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Fri Feb 9 14:06:18 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Style, and move the 'ip_srcroute' call after 'tcp_dooptions', otherwise we're leaking 'ipopts'. (Harmless, since TCP_SIGNATURE is disabled.) To generate a diff of this commit: cvs rdiff -u -r1.374 -r1.375 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.374 src/sys/netinet/tcp_input.c:1.375 --- src/sys/netinet/tcp_input.c:1.374 Thu Feb 8 20:50:00 2018 +++ src/sys/netinet/tcp_input.c Fri Feb 9 14:06:17 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.374 2018/02/08 20:50:00 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.375 2018/02/09 14:06:17 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.374 2018/02/08 20:50:00 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.375 2018/02/09 14:06:17 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -3224,8 +3224,7 @@ tcp_signature(struct mbuf *m, struct tcp */ static int -tcp_dooptions(struct tcpcb *tp, const u_char *cp, int cnt, -struct tcphdr *th, +tcp_dooptions(struct tcpcb *tp, const u_char *cp, int cnt, struct tcphdr *th, struct mbuf *m, int toff, struct tcp_opt_info *oi) { u_int16_t mss; @@ -4247,7 +4246,6 @@ syn_cache_unreach(const struct sockaddr * consume all available buffer space if it were ACKed. By not ACKing * the data, we avoid this DoS scenario. */ - int syn_cache_add(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, unsigned int hlen, struct socket *so, struct mbuf *m, u_char *optp, @@ -4266,31 +4264,12 @@ syn_cache_add(struct sockaddr *src, stru memset(&opti, 0, sizeof(opti)); /* - * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN - * - * Note this check is performed in tcp_input() very early on. - */ - - /* * Initialize some local state. */ win = sbspace(&so->so_rcv); if (win > TCP_MAXWIN) win = TCP_MAXWIN; - switch (src->sa_family) { -#ifdef INET - case AF_INET: - /* - * Remember the IP options, if any. - */ - ipopts = ip_srcroute(m); - break; -#endif - default: - ipopts = NULL; - } - #ifdef TCP_SIGNATURE if (optp || (tp->t_flags & TF_SIGNATURE)) #else @@ -4304,10 +4283,23 @@ syn_cache_add(struct sockaddr *src, stru tb.t_state = TCPS_LISTEN; if (tcp_dooptions(&tb, optp, optlen, th, m, m->m_pkthdr.len - sizeof(struct tcphdr) - optlen - hlen, oi) < 0) - return (0); + return 0; } else tb.t_flags = 0; + switch (src->sa_family) { +#ifdef INET + case AF_INET: + /* + * Remember the IP options, if any. + */ + ipopts = ip_srcroute(m); + break; +#endif + default: + ipopts = NULL; + } + /* * See if we already have an entry for this connection. * If we do, resend the SYN,ACK. We do not count this @@ -4321,7 +4313,7 @@ syn_cache_add(struct sockaddr *src, stru * forget it and use the new one we've been given. */ if (sc->sc_ipopts) -(void) m_free(sc->sc_ipopts); +(void)m_free(sc->sc_ipopts); sc->sc_ipopts = ipopts; } sc->sc_timestamp = tb.ts_recent; @@ -4331,7 +4323,7 @@ syn_cache_add(struct sockaddr *src, stru tcps[TCP_STAT_SNDTOTAL]++; TCP_STAT_PUTREF(); } - return (1); + return 1; } s = splsoftnet(); @@ -4339,8 +4331,8 @@ syn_cache_add(struct sockaddr *src, stru splx(s); if (sc == NULL) { if (ipopts) - (void) m_free(ipopts); - return (0); + (void)m_free(ipopts); + return 0; } /* @@ -4358,8 +4350,8 @@ syn_cache_add(struct sockaddr *src, stru #ifdef INET case AF_INET: { - struct sockaddr_in *srcin = (void *) src; - struct sockaddr_in *dstin = (void *) dst; + struct sockaddr_in *srcin = (void *)src; + struct sockaddr_in *dstin = (void *)dst; sc->sc_iss = tcp_new_iss1(&dstin->sin_addr, &srcin->sin_addr, dstin->sin_port, @@ -4370,8 +4362,8 @@ syn_cache_add(struct sockaddr *src, stru #ifdef INET6 case AF_INET6: { - struct sockaddr_in6 *srcin6 = (void *) src; - struct sockaddr_in6 *dstin6 = (void *) dst; + struct sockaddr_in6 *srcin6 = (void *)src; + struct sockaddr_in6 *dstin6 = (void *)dst; sc->sc_iss = tcp_new_iss1(&dstin6->sin6_addr, &srcin6->sin6_addr, dstin6->sin6_port, @@ -4382,8 +4374,7 @@ syn_cache_add(struct sockaddr *src, stru } sc->sc_peermaxseg = oi->maxseg; sc->sc_ourmaxseg = tcp_mss_to_advertise(m->m_flags & M_PKTHDR ? - m_get_rcvif_NOMPSAFE(m) : NULL, - sc->sc_src.sa.sa_family); + m_get_rcvif_NOMPSAFE(m) : NULL, sc->sc_src.sa.sa_family); sc->sc_win = win; sc->sc_timebase = tcp_now - 1; /* see tcp_newtcpcb() */ sc->sc_timestamp = tb.ts_recent; @@ -4452,7 +4443,7 @@ syn_cache_add(struct sockaddr *src, stru splx(s); TCP_S
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Fri Feb 9 08:03:33 UTC 2018 Modified Files: src/sys/netinet: ip_mroute.c Log Message: Style (realign everything correctly), and fix a typo. To generate a diff of this commit: cvs rdiff -u -r1.153 -r1.154 src/sys/netinet/ip_mroute.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_mroute.c diff -u src/sys/netinet/ip_mroute.c:1.153 src/sys/netinet/ip_mroute.c:1.154 --- src/sys/netinet/ip_mroute.c:1.153 Wed Feb 7 13:22:41 2018 +++ src/sys/netinet/ip_mroute.c Fri Feb 9 08:03:33 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_mroute.c,v 1.153 2018/02/07 13:22:41 maxv Exp $ */ +/* $NetBSD: ip_mroute.c,v 1.154 2018/02/09 08:03:33 maxv Exp $ */ /* * Copyright (c) 1992, 1993 @@ -93,7 +93,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.153 2018/02/07 13:22:41 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.154 2018/02/09 08:03:33 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -2559,88 +2559,88 @@ unschedule_bw_meter(struct bw_meter *x) static void bw_meter_process(void) { -int s; -static uint32_t last_tv_sec; /* last time we processed this */ + int s; + static uint32_t last_tv_sec; /* last time we processed this */ + + uint32_t loops; + int i; + struct timeval now, process_endtime; + + microtime(&now); + if (last_tv_sec == now.tv_sec) + return; /* nothing to do */ + + loops = now.tv_sec - last_tv_sec; + last_tv_sec = now.tv_sec; + if (loops > BW_METER_BUCKETS) + loops = BW_METER_BUCKETS; + + s = splsoftnet(); + /* + * Process all bins of bw_meter entries from the one after the last + * processed to the current one. On entry, i points to the last bucket + * visited, so we need to increment i at the beginning of the loop. + */ + for (i = (now.tv_sec - loops) % BW_METER_BUCKETS; loops > 0; loops--) { + struct bw_meter *x, *tmp_list; + + if (++i >= BW_METER_BUCKETS) + i = 0; + + /* Disconnect the list of bw_meter entries from the bin */ + tmp_list = bw_meter_timers[i]; + bw_meter_timers[i] = NULL; + + /* Process the list of bw_meter entries */ + while (tmp_list != NULL) { + x = tmp_list; + tmp_list = tmp_list->bm_time_next; + + /* Test if the time interval is over */ + process_endtime = x->bm_start_time; + BW_TIMEVALADD(&process_endtime, &x->bm_threshold.b_time); + if (BW_TIMEVALCMP(&process_endtime, &now, >)) { +/* Not yet: reschedule, but don't reset */ +int time_hash; + +BW_METER_TIMEHASH(x, time_hash); +if (time_hash == i && process_endtime.tv_sec == now.tv_sec) { + /* + * XXX: somehow the bin processing is a bit ahead of time. + * Put the entry in the next bin. + */ + if (++time_hash >= BW_METER_BUCKETS) + time_hash = 0; +} +x->bm_time_next = bw_meter_timers[time_hash]; +bw_meter_timers[time_hash] = x; +x->bm_time_hash = time_hash; + +continue; + } -uint32_t loops; -int i; -struct timeval now, process_endtime; - -microtime(&now); -if (last_tv_sec == now.tv_sec) - return; /* nothing to do */ - -loops = now.tv_sec - last_tv_sec; -last_tv_sec = now.tv_sec; -if (loops > BW_METER_BUCKETS) - loops = BW_METER_BUCKETS; - -s = splsoftnet(); -/* - * Process all bins of bw_meter entries from the one after the last - * processed to the current one. On entry, i points to the last bucket - * visited, so we need to increment i at the beginning of the loop. - */ -for (i = (now.tv_sec - loops) % BW_METER_BUCKETS; loops > 0; loops--) { - struct bw_meter *x, *tmp_list; - - if (++i >= BW_METER_BUCKETS) - i = 0; - - /* Disconnect the list of bw_meter entries from the bin */ - tmp_list = bw_meter_timers[i]; - bw_meter_timers[i] = NULL; - - /* Process the list of bw_meter entries */ - while (tmp_list != NULL) { - x = tmp_list; - tmp_list = tmp_list->bm_time_next; - - /* Test if the time interval is over */ - process_endtime = x->bm_start_time; - BW_TIMEVALADD(&process_endtime, &x->bm_threshold.b_time); - if (BW_TIMEVALCMP(&process_endtime, &now, >)) { - /* Not yet: reschedule, but don't reset */ - int time_hash; - - BW_METER_TIMEHASH(x, time_hash); - if (time_hash == i && process_endtime.tv_sec == now.tv_sec) { - /* - * XXX: somehow the bin processing is a bit ahead of time. - * Put the entry in the next bin. - */ - if (++time_hash >= BW_METER_BUCKETS) - time_hash = 0; - } - x->bm_time_next = bw_meter_timers[time_hash]; - bw_meter_timers[time_hash] = x; - x->bm_time_hash = time_hash; - - continue; - } - - /* - * Test if we should deliver an upcall - */ - if (((x->bm_flags & BW_METER_UNIT_PACKETS) && - (x->bm_measured.b_packets <= x->bm_threshold.b_packets)) || - ((x->bm_flags & BW_METER_UNIT_BYTES) && - (x->bm_measured.b_bytes <= x->bm_threshold.b_bytes))) { - /* P
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Feb 8 20:50:00 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Style, rename a variable, and remove an unreachable case. To generate a diff of this commit: cvs rdiff -u -r1.373 -r1.374 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.373 src/sys/netinet/tcp_input.c:1.374 --- src/sys/netinet/tcp_input.c:1.373 Thu Feb 8 20:41:36 2018 +++ src/sys/netinet/tcp_input.c Thu Feb 8 20:50:00 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.373 2018/02/08 20:41:36 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.374 2018/02/08 20:50:00 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.373 2018/02/08 20:41:36 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.374 2018/02/08 20:50:00 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1380,7 +1380,7 @@ tcp_input(struct mbuf *m, ...) return; } KASSERT(TCP_HDR_ALIGNED_P(th)); - optlen = off - sizeof (struct tcphdr); + optlen = off - sizeof(struct tcphdr); optp = ((u_int8_t *)th) + sizeof(struct tcphdr); /* * Do quick retrieval of timestamp options ("options @@ -1421,13 +1421,13 @@ findpcb: case AF_INET: inp = in_pcblookup_connect(&tcbtable, ip->ip_src, th->th_sport, ip->ip_dst, th->th_dport, &vestige); - if (inp == 0 && !vestige.valid) { + if (inp == NULL && !vestige.valid) { TCP_STATINC(TCP_STAT_PCBHASHMISS); inp = in_pcblookup_bind(&tcbtable, ip->ip_dst, th->th_dport); } #ifdef INET6 - if (inp == 0 && !vestige.valid) { + if (inp == NULL && !vestige.valid) { struct in6_addr s, d; /* mapped addr case */ @@ -1443,9 +1443,9 @@ findpcb: } #endif #ifndef INET6 - if (inp == 0 && !vestige.valid) + if (inp == NULL && !vestige.valid) #else - if (inp == 0 && in6p == 0 && !vestige.valid) + if (inp == NULL && in6p == NULL && !vestige.valid) #endif { TCP_STATINC(TCP_STAT_NOPORT); @@ -1503,9 +1503,9 @@ findpcb: goto dropwithreset_ratelim; } #if defined(IPSEC) - if (ipsec_used && in6p - && (in6p->in6p_socket->so_options & SO_ACCEPTCONN) == 0 - && ipsec6_in_reject(m, in6p)) { + if (ipsec_used && in6p && + (in6p->in6p_socket->so_options & SO_ACCEPTCONN) == 0 && + ipsec6_in_reject(m, in6p)) { IPSEC6_STATINC(IPSEC_STAT_IN_POLVIO); goto drop; } @@ -1571,7 +1571,7 @@ findpcb: if (in6p && (in6p->in6p_flags & IN6P_CONTROLOPTS)) { if (in6p->in6p_options) { m_freem(in6p->in6p_options); - in6p->in6p_options = 0; + in6p->in6p_options = NULL; } KASSERT(ip6 != NULL); ip6_savecontrol(in6p, &in6p->in6p_options, ip6, m); @@ -1589,11 +1589,11 @@ findpcb: if (m->m_len > iphlen && (m->m_flags & M_EXT) == 0) { tcp_saveti = m_copym(m, 0, iphlen, M_DONTWAIT); - if (!tcp_saveti) + if (tcp_saveti == NULL) goto nosave; } else { MGETHDR(tcp_saveti, M_DONTWAIT, MT_HEADER); - if (!tcp_saveti) + if (tcp_saveti == NULL) goto nosave; MCLAIM(m, &tcp_mowner); tcp_saveti->m_len = iphlen; @@ -1653,9 +1653,8 @@ nosave:; } else if ((tiflags & (TH_ACK|TH_SYN)) == (TH_ACK|TH_SYN)) { /* - * Received a SYN,ACK. This should - * never happen while we are in - * LISTEN. Send an RST. + * Received a SYN,ACK. This should never + * happen while we are in LISTEN. Send an RST. */ goto badsyn; } else if (tiflags & TH_ACK) { @@ -1808,24 +1807,22 @@ nosave:; * can't possibly be valid; drop the packet. */ if (th->th_sport == th->th_dport) { -int i; +int eq = 0; switch (af) { #ifdef INET case AF_INET: - i = in_hosteq(ip->ip_src, ip->ip_dst); + eq = in_hosteq(ip->ip_src, ip->ip_dst); break; #endif #ifdef INET6 case AF_INET6: - i = IN6_ARE_ADDR_EQUAL(&ip6->ip6_src, + eq = IN6_ARE_ADDR_EQUAL(&ip6->ip6_src, &ip6->ip6_dst); break; #endif -default: - i = 1; } -if (i) { +if (eq) { TCP_STATINC(TCP_STAT_BADSYN); goto drop; }
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Feb 8 20:41:36 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Move the IPv4 multicast check earlier; we want to kick multicast packets all the time, and not just when they are SYNs. The IPv6 multicast check is already done earlier, so this block of code can be removed. To generate a diff of this commit: cvs rdiff -u -r1.372 -r1.373 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.372 src/sys/netinet/tcp_input.c:1.373 --- src/sys/netinet/tcp_input.c:1.372 Thu Feb 8 20:19:30 2018 +++ src/sys/netinet/tcp_input.c Thu Feb 8 20:41:36 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.372 2018/02/08 20:19:30 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.373 2018/02/08 20:41:36 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.372 2018/02/08 20:19:30 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.373 2018/02/08 20:41:36 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1294,6 +1294,10 @@ tcp_input(struct mbuf *m, ...) af = AF_INET; iphlen = sizeof(struct ip); + if (IN_MULTICAST(ip->ip_dst.s_addr) || + in_broadcast(ip->ip_dst, m_get_rcvif_NOMPSAFE(m))) + goto drop; + /* We do the checksum after PCB lookup... */ len = ntohs(ip->ip_len); tlen = len - toff; @@ -1715,21 +1719,6 @@ nosave:; * Received a SYN. */ - switch (af) { -#ifdef INET6 - case AF_INET6: -if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) - goto drop; -break; -#endif /* INET6 */ - case AF_INET: -if (IN_MULTICAST(ip->ip_dst.s_addr) || -in_broadcast(ip->ip_dst, - m_get_rcvif_NOMPSAFE(m))) - goto drop; -break; - } - #ifdef INET6 /* * If deprecated address is forbidden, we do
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Feb 8 20:19:30 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Remove the unused 'multicast' argument from tcp_vtw_input, and remove the now-unused multicast detection code. It couldn't have been correct on IPv6, since multicast packets are kicked at the beginning of the function. To generate a diff of this commit: cvs rdiff -u -r1.371 -r1.372 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.371 src/sys/netinet/tcp_input.c:1.372 --- src/sys/netinet/tcp_input.c:1.371 Thu Feb 8 20:10:55 2018 +++ src/sys/netinet/tcp_input.c Thu Feb 8 20:19:30 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.371 2018/02/08 20:10:55 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.372 2018/02/08 20:19:30 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.371 2018/02/08 20:10:55 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.372 2018/02/08 20:19:30 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1006,7 +1006,7 @@ badcsum: * nevertheless have to respond to it per the spec. */ static void tcp_vtw_input(struct tcphdr *th, vestigial_inpcb_t *vp, - struct mbuf *m, int tlen, int multicast) +struct mbuf *m, int tlen) { int tiflags; int todrop; @@ -1534,27 +1534,12 @@ findpcb: } #endif else if (vestige.valid) { - int mc = 0; - /* We do not support the resurrection of vtw tcpcps. */ if (tcp_input_checksum(af, m, th, toff, off, tlen)) goto badcsum; - switch (af) { -#ifdef INET6 - case AF_INET6: - mc = IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst); - break; -#endif - - case AF_INET: - mc = (IN_MULTICAST(ip->ip_dst.s_addr) || - in_broadcast(ip->ip_dst, m_get_rcvif_NOMPSAFE(m))); - break; - } - tcp_fields_to_host(th); - tcp_vtw_input(th, &vestige, m, tlen, mc); + tcp_vtw_input(th, &vestige, m, tlen); m = NULL; goto drop; }
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Feb 8 20:10:56 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Remove the default case, the beginning of the function already ensures af == AF_INET || af == AF_INET6. To generate a diff of this commit: cvs rdiff -u -r1.370 -r1.371 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.370 src/sys/netinet/tcp_input.c:1.371 --- src/sys/netinet/tcp_input.c:1.370 Thu Feb 8 20:06:21 2018 +++ src/sys/netinet/tcp_input.c Thu Feb 8 20:10:55 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.370 2018/02/08 20:06:21 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.371 2018/02/08 20:10:55 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.370 2018/02/08 20:06:21 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.371 2018/02/08 20:10:55 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1656,8 +1656,6 @@ nosave:; dst.sin6.sin6_port = th->th_dport; break; #endif /* INET6 */ - default: - goto badsyn; /*sanity*/ } if ((tiflags & (TH_RST|TH_ACK|TH_SYN)) != TH_SYN) {
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Feb 8 20:06:21 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Dedup code. To generate a diff of this commit: cvs rdiff -u -r1.369 -r1.370 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.369 src/sys/netinet/tcp_input.c:1.370 --- src/sys/netinet/tcp_input.c:1.369 Thu Feb 8 19:58:05 2018 +++ src/sys/netinet/tcp_input.c Thu Feb 8 20:06:21 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.369 2018/02/08 19:58:05 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.370 2018/02/08 20:06:21 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.369 2018/02/08 19:58:05 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.370 2018/02/08 20:06:21 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1274,6 +1274,12 @@ tcp_input(struct mbuf *m, ...) } #endif + IP6_EXTHDR_GET(th, struct tcphdr *, m, toff, sizeof(struct tcphdr)); + if (th == NULL) { + TCP_STATINC(TCP_STAT_RCVSHORT); + return; + } + /* * Get IP and TCP header. * Note: IP leaves IP header in first mbuf. @@ -1287,12 +1293,7 @@ tcp_input(struct mbuf *m, ...) #endif af = AF_INET; iphlen = sizeof(struct ip); - IP6_EXTHDR_GET(th, struct tcphdr *, m, toff, - sizeof(struct tcphdr)); - if (th == NULL) { - TCP_STATINC(TCP_STAT_RCVSHORT); - return; - } + /* We do the checksum after PCB lookup... */ len = ntohs(ip->ip_len); tlen = len - toff; @@ -1305,12 +1306,6 @@ tcp_input(struct mbuf *m, ...) iphlen = sizeof(struct ip6_hdr); af = AF_INET6; ip6 = mtod(m, struct ip6_hdr *); - IP6_EXTHDR_GET(th, struct tcphdr *, m, toff, - sizeof(struct tcphdr)); - if (th == NULL) { - TCP_STATINC(TCP_STAT_RCVSHORT); - return; - } /* * Be proactive about unspecified IPv6 address in source.
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Feb 8 19:38:21 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Style, and remove outdated comments. To generate a diff of this commit: cvs rdiff -u -r1.367 -r1.368 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.367 src/sys/netinet/tcp_input.c:1.368 --- src/sys/netinet/tcp_input.c:1.367 Thu Feb 8 19:25:48 2018 +++ src/sys/netinet/tcp_input.c Thu Feb 8 19:38:21 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.367 2018/02/08 19:25:48 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.368 2018/02/08 19:38:21 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.367 2018/02/08 19:25:48 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.368 2018/02/08 19:38:21 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1221,7 +1221,7 @@ tcp_input(struct mbuf *m, ...) u_int8_t *optp = NULL; int optlen = 0; int len, tlen, toff, hdroptlen = 0; - struct tcpcb *tp = 0; + struct tcpcb *tp = NULL; int tiflags; struct socket *so = NULL; int todrop, acked, ourfinisacked, needoutput = 0; @@ -1288,7 +1288,7 @@ tcp_input(struct mbuf *m, ...) af = AF_INET; iphlen = sizeof(struct ip); IP6_EXTHDR_GET(th, struct tcphdr *, m, toff, - sizeof(struct tcphdr)); + sizeof(struct tcphdr)); if (th == NULL) { TCP_STATINC(TCP_STAT_RCVSHORT); return; @@ -1306,7 +1306,7 @@ tcp_input(struct mbuf *m, ...) af = AF_INET6; ip6 = mtod(m, struct ip6_hdr *); IP6_EXTHDR_GET(th, struct tcphdr *, m, toff, - sizeof(struct tcphdr)); + sizeof(struct tcphdr)); if (th == NULL) { TCP_STATINC(TCP_STAT_RCVSHORT); return; @@ -1351,8 +1351,9 @@ tcp_input(struct mbuf *m, ...) m_freem(m); return; } + /* - * Enforce alignment requirements that are violated in + * Enforce alignment requirements that are violated in * some cases, see kern/50766 for details. */ if (TCP_HDR_ALIGNED_P(th) == 0) { @@ -1370,33 +1371,22 @@ tcp_input(struct mbuf *m, ...) KASSERT(TCP_HDR_ALIGNED_P(th)); /* - * Check that TCP offset makes sense, - * pull out TCP options and adjust length. XXX + * Check that TCP offset makes sense, pull out TCP options and + * adjust length. */ off = th->th_off << 2; - if (off < sizeof (struct tcphdr) || off > tlen) { + if (off < sizeof(struct tcphdr) || off > tlen) { TCP_STATINC(TCP_STAT_RCVBADOFF); goto drop; } tlen -= off; - /* - * tcp_input() has been modified to use tlen to mean the TCP data - * length throughout the function. Other functions can use - * m->m_pkthdr.len as the basis for calculating the TCP data length. - * rja - */ - - if (off > sizeof (struct tcphdr)) { + if (off > sizeof(struct tcphdr)) { IP6_EXTHDR_GET(th, struct tcphdr *, m, toff, off); if (th == NULL) { TCP_STATINC(TCP_STAT_RCVSHORT); return; } - /* - * NOTE: ip/ip6 will not be affected by m_pulldown() - * (as they're before toff) and we don't need to update those. - */ KASSERT(TCP_HDR_ALIGNED_P(th)); optlen = off - sizeof (struct tcphdr); optp = ((u_int8_t *)th) + sizeof(struct tcphdr); @@ -1438,11 +1428,11 @@ findpcb: #ifdef INET case AF_INET: inp = in_pcblookup_connect(&tcbtable, ip->ip_src, th->th_sport, - ip->ip_dst, th->th_dport, - &vestige); + ip->ip_dst, th->th_dport, &vestige); if (inp == 0 && !vestige.valid) { TCP_STATINC(TCP_STAT_PCBHASHMISS); - inp = in_pcblookup_bind(&tcbtable, ip->ip_dst, th->th_dport); + inp = in_pcblookup_bind(&tcbtable, ip->ip_dst, + th->th_dport); } #ifdef INET6 if (inp == 0 && !vestige.valid) { @@ -1452,8 +1442,7 @@ findpcb: in6_in_2_v4mapin6(&ip->ip_src, &s); in6_in_2_v4mapin6(&ip->ip_dst, &d); in6p = in6_pcblookup_connect(&tcbtable, &s, - th->th_sport, &d, th->th_dport, - 0, &vestige); + th->th_sport, &d, th->th_dport, 0, &vestige); if (in6p == 0 && !vestige.valid) { TCP_STATINC(TCP_STAT_PCBHASHMISS); in6p = in6_pcblookup_bind(&tcbtable, &d, @@ -1506,11 +1495,11 @@ findpcb: faith = 0; #endif in6p = in6_pcblookup_connect(&tcbtable, &ip6->ip6_src, - th->th_sport, &ip6->ip6_dst, th->th_dport, faith, &vestige); + th->th_sport, &ip6->ip6_dst, th->th_dport, faith, &vestige); if (!in6p && !vestige.valid) { TCP_STATINC(TCP_STAT_PCBHASHMISS); in6p = in6_pcblookup_bind(&tcbtable, &ip6->ip6_dst, -th->th_dport, faith); + th->th_dport, faith); } if (!in6p && !vestige.valid) { TCP_STATINC(TCP_STAT_NOPORT); @@ -1559,8 +1548,7 @@ findpcb: else if (vestige.valid) { int mc = 0; - /* We do not support the resurrection of vtw tcpcps. - */ + /* We do not support th
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Feb 8 19:25:48 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Remove this check, it is already done at the beginning of the function. To generate a diff of this commit: cvs rdiff -u -r1.366 -r1.367 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.366 src/sys/netinet/tcp_input.c:1.367 --- src/sys/netinet/tcp_input.c:1.366 Thu Feb 8 18:58:59 2018 +++ src/sys/netinet/tcp_input.c Thu Feb 8 19:25:48 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.366 2018/02/08 18:58:59 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.367 2018/02/08 19:25:48 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.366 2018/02/08 18:58:59 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.367 2018/02/08 19:25:48 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1758,11 +1758,7 @@ nosave:; } else { /* * Received a SYN. - * - * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN */ - if (m->m_flags & (M_BCAST|M_MCAST)) -goto drop; switch (af) { #ifdef INET6
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Feb 8 18:59:00 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Reduce the indentation level of this huge block (without realigning yet, for proofreadability). No functional change. To generate a diff of this commit: cvs rdiff -u -r1.365 -r1.366 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.365 src/sys/netinet/tcp_input.c:1.366 --- src/sys/netinet/tcp_input.c:1.365 Thu Feb 8 18:55:11 2018 +++ src/sys/netinet/tcp_input.c Thu Feb 8 18:58:59 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.365 2018/02/08 18:55:11 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.366 2018/02/08 18:58:59 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.365 2018/02/08 18:55:11 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.366 2018/02/08 18:58:59 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1685,226 +1685,225 @@ nosave:; goto badsyn; /*sanity*/ } - if (so->so_options & SO_ACCEPTCONN) { - if ((tiflags & (TH_RST|TH_ACK|TH_SYN)) != TH_SYN) { -if (tiflags & TH_RST) { - syn_cache_reset(&src.sa, &dst.sa, th); -} else if ((tiflags & (TH_ACK|TH_SYN)) == -(TH_ACK|TH_SYN)) { + if ((tiflags & (TH_RST|TH_ACK|TH_SYN)) != TH_SYN) { + if (tiflags & TH_RST) { +syn_cache_reset(&src.sa, &dst.sa, th); + } else if ((tiflags & (TH_ACK|TH_SYN)) == + (TH_ACK|TH_SYN)) { +/* + * Received a SYN,ACK. This should + * never happen while we are in + * LISTEN. Send an RST. + */ +goto badsyn; + } else if (tiflags & TH_ACK) { +so = syn_cache_get(&src.sa, &dst.sa, + th, toff, tlen, so, m); +if (so == NULL) { /* - * Received a SYN,ACK. This should - * never happen while we are in - * LISTEN. Send an RST. + * We don't have a SYN for + * this ACK; send an RST. */ goto badsyn; -} else if (tiflags & TH_ACK) { - so = syn_cache_get(&src.sa, &dst.sa, - th, toff, tlen, so, m); - if (so == NULL) { - /* - * We don't have a SYN for - * this ACK; send an RST. - */ - goto badsyn; - } else if (so == - (struct socket *)(-1)) { - /* - * We were unable to create - * the connection. If the - * 3-way handshake was - * completed, and RST has - * been sent to the peer. - * Since the mbuf might be - * in use for the reply, - * do not free it. - */ - m = NULL; - } else { - /* - * We have created a - * full-blown connection. - */ - tp = NULL; - inp = NULL; +} else if (so == +(struct socket *)(-1)) { + /* + * We were unable to create + * the connection. If the + * 3-way handshake was + * completed, and RST has + * been sent to the peer. + * Since the mbuf might be + * in use for the reply, + * do not free it. + */ + m = NULL; +} else { + /* + * We have created a + * full-blown connection. + */ + tp = NULL; + inp = NULL; #ifdef INET6 - in6p = NULL; + in6p = NULL; #endif - switch (so->so_proto->pr_domain->dom_family) { + switch (so->so_proto->pr_domain->dom_family) { #ifdef INET - case AF_INET: - inp = sotoinpcb(so); - tp = intotcpcb(inp); - break; -#endif -#ifdef INET6 - case AF_INET6: - in6p = sotoin6pcb(so); - tp = in6totcpcb(in6p); - break; -#endif - } - if (tp == NULL) - goto badsyn; /*XXX*/ - tiwin <<= tp->snd_scale; - goto after_listen; + case AF_INET: + inp = sotoinpcb(so); + tp = intotcpcb(inp); + break; +#endif +#ifdef INET6 + case AF_INET6: + in6p = sotoin6pcb(so); + tp = in6totcpcb(in6p); + break; +#endif } -} else { - /* - * None of RST, SYN or ACK was set. - * This is an invalid packet for a - * TCB in LISTEN state. Send a RST. - */ - goto badsyn; + if (tp == NULL) + goto badsyn; /*XXX*/ + tiwin <<= tp->snd_scale; + goto after_listen; } } else { /* - * Received a SYN. - * - * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN + * None of RST, SYN or ACK was set. + * This is an invalid packet for a + * TCB in LISTEN state. Send a RST. */ -if (m->m_flags & (M_BCAST|M_MCAST)) - goto drop; +goto badsyn; + } + } else { + /* + * Received a SYN. + * + * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN + */ + if (m->m_flags & (M_BCAST|M_MCAST)) +goto drop; -switch (af) { + switch (af) { #ifdef INET6 -case AF_INET6: -
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Feb 8 18:55:11 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Move the SO_DEBUG block earlier, to reduce the indentation level. To generate a diff of this commit: cvs rdiff -u -r1.364 -r1.365 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.364 src/sys/netinet/tcp_input.c:1.365 --- src/sys/netinet/tcp_input.c:1.364 Thu Feb 8 09:05:20 2018 +++ src/sys/netinet/tcp_input.c Thu Feb 8 18:55:11 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.364 2018/02/08 09:05:20 dholland Exp $ */ +/* $NetBSD: tcp_input.c,v 1.365 2018/02/08 18:55:11 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.364 2018/02/08 09:05:20 dholland Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.365 2018/02/08 18:55:11 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1614,7 +1614,41 @@ findpcb: } #endif - if (so->so_options & (SO_DEBUG|SO_ACCEPTCONN)) { + if (so->so_options & SO_DEBUG) { +#ifdef TCP_DEBUG + ostate = tp->t_state; +#endif + + tcp_saveti = NULL; + if (iphlen + sizeof(struct tcphdr) > MHLEN) + goto nosave; + + if (m->m_len > iphlen && (m->m_flags & M_EXT) == 0) { + tcp_saveti = m_copym(m, 0, iphlen, M_DONTWAIT); + if (!tcp_saveti) +goto nosave; + } else { + MGETHDR(tcp_saveti, M_DONTWAIT, MT_HEADER); + if (!tcp_saveti) +goto nosave; + MCLAIM(m, &tcp_mowner); + tcp_saveti->m_len = iphlen; + m_copydata(m, 0, iphlen, + mtod(tcp_saveti, void *)); + } + + if (M_TRAILINGSPACE(tcp_saveti) < sizeof(struct tcphdr)) { + m_freem(tcp_saveti); + tcp_saveti = NULL; + } else { + tcp_saveti->m_len += sizeof(struct tcphdr); + memcpy(mtod(tcp_saveti, char *) + iphlen, th, + sizeof(struct tcphdr)); + } +nosave:; + } + + if (so->so_options & SO_ACCEPTCONN) { union syn_cache_sa src; union syn_cache_sa dst; @@ -1651,39 +1685,6 @@ findpcb: goto badsyn; /*sanity*/ } - if (so->so_options & SO_DEBUG) { -#ifdef TCP_DEBUG - ostate = tp->t_state; -#endif - - tcp_saveti = NULL; - if (iphlen + sizeof(struct tcphdr) > MHLEN) -goto nosave; - - if (m->m_len > iphlen && (m->m_flags & M_EXT) == 0) { -tcp_saveti = m_copym(m, 0, iphlen, M_DONTWAIT); -if (!tcp_saveti) - goto nosave; - } else { -MGETHDR(tcp_saveti, M_DONTWAIT, MT_HEADER); -if (!tcp_saveti) - goto nosave; -MCLAIM(m, &tcp_mowner); -tcp_saveti->m_len = iphlen; -m_copydata(m, 0, iphlen, -mtod(tcp_saveti, void *)); - } - - if (M_TRAILINGSPACE(tcp_saveti) < sizeof(struct tcphdr)) { -m_freem(tcp_saveti); -tcp_saveti = NULL; - } else { -tcp_saveti->m_len += sizeof(struct tcphdr); -memcpy(mtod(tcp_saveti, char *) + iphlen, th, -sizeof(struct tcphdr)); - } - nosave:; - } if (so->so_options & SO_ACCEPTCONN) { if ((tiflags & (TH_RST|TH_ACK|TH_SYN)) != TH_SYN) { if (tiflags & TH_RST) {
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Feb 8 10:42:12 UTC 2018 Modified Files: src/sys/netinet: ip_icmp.h Log Message: Use C99 types - in particular, stop using n_time and n_short -, style, and remove prototype of icmp_sysctl (does not exist). No functional change. To generate a diff of this commit: cvs rdiff -u -r1.38 -r1.39 src/sys/netinet/ip_icmp.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_icmp.h diff -u src/sys/netinet/ip_icmp.h:1.38 src/sys/netinet/ip_icmp.h:1.39 --- src/sys/netinet/ip_icmp.h:1.38 Tue Jan 23 07:15:04 2018 +++ src/sys/netinet/ip_icmp.h Thu Feb 8 10:42:12 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_icmp.h,v 1.38 2018/01/23 07:15:04 maxv Exp $ */ +/* $NetBSD: ip_icmp.h,v 1.39 2018/02/08 10:42:12 maxv Exp $ */ /* * Copyright (c) 1982, 1986, 1993 @@ -34,7 +34,6 @@ #ifndef _NETINET_IP_ICMP_H_ #define _NETINET_IP_ICMP_H_ - /* * Interface Control Message Protocol Definitions. * Per RFC 792, September 1981. @@ -44,51 +43,51 @@ * Internal of an ICMP Router Advertisement */ struct icmp_ra_addr { - u_int32_t ira_addr; - u_int32_t ira_preference; + uint32_t ira_addr; + uint32_t ira_preference; } __packed; /* * Structure of an icmp header. */ struct icmp { - u_int8_t icmp_type; /* type of message, see below */ - u_int8_t icmp_code; /* type sub code */ - u_int16_t icmp_cksum; /* ones complement cksum of struct */ + uint8_t icmp_type; /* type of message, see below */ + uint8_t icmp_code; /* type sub code */ + uint16_t icmp_cksum; /* ones complement cksum of struct */ union { int32_t ih_void; /* Extended Header (RFC4884) */ struct ih_exthdr { - u_int8_t iex_void1; - u_int8_t iex_length; - u_int16_t iex_void2; + uint8_t iex_void1; + uint8_t iex_length; + uint16_t iex_void2; } ih_exthdr __packed; /* ICMP_PARAMPROB */ - u_int8_t ih_pptr; + uint8_t ih_pptr; /* ICMP_REDIRECT */ struct in_addr ih_gwaddr; /* ICMP_ECHO and friends */ struct ih_idseq { - n_short icd_id; - n_short icd_seq; + uint16_t icd_id; + uint16_t icd_seq; } ih_idseq __packed; /* ICMP_UNREACH_NEEDFRAG (Path MTU Discovery, RFC1191) */ struct ih_pmtu { - n_short ipm_void; - n_short ipm_nextmtu; + uint16_t ipm_void; + uint16_t ipm_nextmtu; } ih_pmtu __packed; /* ICMP_ROUTERADVERT */ struct ih_rtradv { - u_int8_t irt_num_addrs; - u_int8_t irt_wpa; - u_int16_t irt_lifetime; + uint8_t irt_num_addrs; + uint8_t irt_wpa; + uint16_t irt_lifetime; } ih_rtradv __packed; } icmp_hun /* XXX __packed ??? */; @@ -106,9 +105,9 @@ struct icmp { union { /* ICMP_TSTAMP and friends */ struct id_ts { - n_time its_otime; - n_time its_rtime; - n_time its_ttime; + uint32_t its_otime; + uint32_t its_rtime; + uint32_t its_ttime; } id_ts __packed; struct id_ip { @@ -120,7 +119,7 @@ struct icmp { struct icmp_ra_addr id_radv; /* ICMP_MASKREQ and friends */ - u_int32_t id_mask; + uint32_t id_mask; int8_t id_data[1]; } icmp_dun /* XXX __packed ??? */; @@ -142,23 +141,23 @@ struct icmp { */ struct icmp_ext_hdr { #if BYTE_ORDER == BIG_ENDIAN - u_int8_t version:4; - u_int8_t rsvd1:4; + uint8_t version:4; + uint8_t rsvd1:4; #else - u_int8_t rsvd1:4; - u_int8_t version:4; + uint8_t rsvd1:4; + uint8_t version:4; #endif - u_int8_t rsvd2; - u_int16_t checksum; + uint8_t rsvd2; + uint16_t checksum; } __packed; /* * ICMP Extension Object Header (RFC4884). */ struct icmp_ext_obj_hdr { - u_int16_t length; - u_int8_t class_num; - u_int8_t c_type; + uint16_t length; + uint8_t class_num; + uint8_t c_type; } __packed; /* @@ -170,9 +169,9 @@ struct icmp_ext_obj_hdr { * ip header length. */ #define ICMP_MINLEN 8/* abs minimum */ -#define ICMP_TSLEN (8 + 3 * sizeof (n_time)) /* timestamp */ +#define ICMP_TSLEN (8 + 3 * sizeof(uint32_t)) /* timestamp */ #define ICMP_MASKLEN 12/* address mask */ -#define ICMP_ADVLENMIN (8 + sizeof (struct ip) + 8) /* min */ +#define ICMP_ADVLENMIN (8 + sizeof(struct ip) + 8) /* min */ #define ICMP_ADVLEN(p) (8 + ((p)->icmp_ip.ip_hl << 2) + 8) /* N.B.: must separately check that ip_hl >= 5 */ @@ -291,18 +290,16 @@ static const char *icmp_code_photuris[] (type) == ICMP_MASKREQ || (type) == ICMP_MASKREPLY) #ifdef _KERNEL -void icmp_error(struct mbuf *, int, int, n_long, int); -void icmp_mtudisc(struct icmp *, struct in_addr); -void icmp_input(struct mbuf *, ...); -void icmp_init(void); -void icmp_reflect(struct mbuf *); -int icmp_sysctl(int *, u_int, void *, size_t *, void *, size_t); - -void icmp_mtudisc_callback_register(void (*)(struct in_addr)); -int icmp_ratelimit(const struct in_addr *, const int, const int); -void icmp_mtudisc_lock(void); -void icmp_mtudisc_unlock(void); +void icmp_error(struct mbuf *, int, int, n_long, int); +void icmp_mtudisc(struct icmp *, struct in_addr); +void
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Feb 8 10:30:30 UTC 2018 Modified Files: src/sys/netinet: udp_var.h Log Message: Style, and remove prototype of udp_sysctl (does not exist). To generate a diff of this commit: cvs rdiff -u -r1.42 -r1.43 src/sys/netinet/udp_var.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/udp_var.h diff -u src/sys/netinet/udp_var.h:1.42 src/sys/netinet/udp_var.h:1.43 --- src/sys/netinet/udp_var.h:1.42 Thu Aug 10 04:31:58 2017 +++ src/sys/netinet/udp_var.h Thu Feb 8 10:30:30 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: udp_var.h,v 1.42 2017/08/10 04:31:58 ryo Exp $ */ +/* $NetBSD: udp_var.h,v 1.43 2018/02/08 10:30:30 maxv Exp $ */ /* * Copyright (c) 1982, 1986, 1989, 1993 @@ -88,20 +88,17 @@ struct udpiphdr { #ifdef _KERNEL -extern struct inpcbtable udbtable; +extern struct inpcbtable udbtable; extern const struct pr_usrreqs udp_usrreqs; -void *udp_ctlinput(int, const struct sockaddr *, void *); -int udp_ctloutput(int, struct socket *, struct sockopt *); -void udp_init(void); -void udp_init_common(void); -void udp_input(struct mbuf *, ...); -int udp_output(struct mbuf *, struct inpcb *, struct mbuf *, struct lwp *); -int udp_sysctl(int *, u_int, void *, size_t *, void *, size_t); - -int udp_input_checksum(int af, struct mbuf *, const struct udphdr *, int, - int); -void udp_statinc(u_int); +void *udp_ctlinput(int, const struct sockaddr *, void *); +int udp_ctloutput(int, struct socket *, struct sockopt *); +void udp_init(void); +void udp_init_common(void); +void udp_input(struct mbuf *, ...); +int udp_output(struct mbuf *, struct inpcb *, struct mbuf *, struct lwp *); +int udp_input_checksum(int af, struct mbuf *, const struct udphdr *, int, int); +void udp_statinc(u_int); #endif /* _KERNEL */ #endif /* !_NETINET_UDP_VAR_H_ */
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Feb 8 10:24:46 UTC 2018 Modified Files: src/sys/netinet: udp_usrreq.c Log Message: More style, no functional change. To generate a diff of this commit: cvs rdiff -u -r1.238 -r1.239 src/sys/netinet/udp_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/udp_usrreq.c diff -u src/sys/netinet/udp_usrreq.c:1.238 src/sys/netinet/udp_usrreq.c:1.239 --- src/sys/netinet/udp_usrreq.c:1.238 Thu Feb 8 07:11:20 2018 +++ src/sys/netinet/udp_usrreq.c Thu Feb 8 10:24:46 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: udp_usrreq.c,v 1.238 2018/02/08 07:11:20 maxv Exp $ */ +/* $NetBSD: udp_usrreq.c,v 1.239 2018/02/08 10:24:46 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -66,7 +66,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.238 2018/02/08 07:11:20 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.239 2018/02/08 10:24:46 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -139,12 +139,12 @@ percpu_t *udpstat_percpu; #ifdef INET #ifdef IPSEC -static int udp4_espinudp (struct mbuf **, int, struct sockaddr *, +static int udp4_espinudp(struct mbuf **, int, struct sockaddr *, struct socket *); #endif -static void udp4_sendup (struct mbuf *, int, struct sockaddr *, +static void udp4_sendup(struct mbuf *, int, struct sockaddr *, struct socket *); -static int udp4_realinput (struct sockaddr_in *, struct sockaddr_in *, +static int udp4_realinput(struct sockaddr_in *, struct sockaddr_in *, struct mbuf **, int); static int udp4_input_checksum(struct mbuf *, const struct udphdr *, int, int); #endif @@ -669,22 +669,27 @@ udp_ctlinput(int cmd, const struct socka return NULL; if ((unsigned)cmd >= PRC_NCMDS) return NULL; + errno = inetctlerrmap[cmd]; - if (PRC_IS_REDIRECT(cmd)) - notify = in_rtchange, ip = 0; - else if (cmd == PRC_HOSTDEAD) - ip = 0; - else if (errno == 0) + if (PRC_IS_REDIRECT(cmd)) { + notify = in_rtchange; + ip = NULL; + } else if (cmd == PRC_HOSTDEAD) { + ip = NULL; + } else if (errno == 0) { return NULL; + } + if (ip) { uh = (struct udphdr *)((char *)ip + (ip->ip_hl << 2)); in_pcbnotify(&udbtable, satocsin(sa)->sin_addr, uh->uh_dport, ip->ip_src, uh->uh_sport, errno, notify); - /* XXX mapped address case */ - } else + } else { in_pcbnotifyall(&udbtable, satocsin(sa)->sin_addr, errno, notify); + } + return NULL; } @@ -787,7 +792,7 @@ udp_output(struct mbuf *m, struct inpcb * for UDP and IP headers. */ M_PREPEND(m, sizeof(struct udpiphdr), M_DONTWAIT); - if (m == 0) { + if (m == NULL) { error = ENOBUFS; goto release; } @@ -846,7 +851,8 @@ udp_output(struct mbuf *m, struct inpcb m->m_pkthdr.csum_data = offsetof(struct udphdr, uh_sum); } else ui->ui_sum = 0; - ((struct ip *)ui)->ip_len = htons(sizeof (struct udpiphdr) + len); + + ((struct ip *)ui)->ip_len = htons(sizeof(struct udpiphdr) + len); ((struct ip *)ui)->ip_ttl = inp->inp_ip.ip_ttl; /* XXX */ ((struct ip *)ui)->ip_tos = inp->inp_ip.ip_tos; /* XXX */ UDP_STATINC(UDP_STAT_OPACKETS);
CVS commit: src/sys/netinet
Module Name:src Committed By: ozaki-r Date: Thu Feb 8 10:11:38 UTC 2018 Modified Files: src/sys/netinet: in.c Log Message: Don't call lltable_purge_entries from in_if_down if ARP isn't enabled Reported by bouyer@ To generate a diff of this commit: cvs rdiff -u -r1.216 -r1.217 src/sys/netinet/in.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/in.c diff -u src/sys/netinet/in.c:1.216 src/sys/netinet/in.c:1.217 --- src/sys/netinet/in.c:1.216 Fri Jan 19 08:01:05 2018 +++ src/sys/netinet/in.c Thu Feb 8 10:11:38 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: in.c,v 1.216 2018/01/19 08:01:05 ozaki-r Exp $ */ +/* $NetBSD: in.c,v 1.217 2018/02/08 10:11:38 ozaki-r Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: in.c,v 1.216 2018/01/19 08:01:05 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: in.c,v 1.217 2018/02/08 10:11:38 ozaki-r Exp $"); #include "arp.h" @@ -1539,7 +1539,9 @@ in_if_down(struct ifnet *ifp) { in_if_link_down(ifp); +#if NARP > 0 lltable_purge_entries(LLTABLE(ifp)); +#endif } void
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Feb 8 10:03:52 UTC 2018 Modified Files: src/sys/netinet: ip_reass.c Log Message: Change the error stat from IP_STAT_BADFRAGS to IP_STAT_TOOLONG. The ping_of_death ATF test expects this counter to get increased. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/sys/netinet/ip_reass.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_reass.c diff -u src/sys/netinet/ip_reass.c:1.12 src/sys/netinet/ip_reass.c:1.13 --- src/sys/netinet/ip_reass.c:1.12 Tue Feb 6 15:48:02 2018 +++ src/sys/netinet/ip_reass.c Thu Feb 8 10:03:52 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_reass.c,v 1.12 2018/02/06 15:48:02 maxv Exp $ */ +/* $NetBSD: ip_reass.c,v 1.13 2018/02/08 10:03:52 maxv Exp $ */ /* * Copyright (c) 1982, 1986, 1988, 1993 @@ -46,7 +46,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_reass.c,v 1.12 2018/02/06 15:48:02 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_reass.c,v 1.13 2018/02/08 10:03:52 maxv Exp $"); #include #include @@ -630,7 +630,7 @@ ip_reass_packet(struct mbuf **m0, struct } if (off + len > IP_MAXPACKET) { - IP_STATINC(IP_STAT_BADFRAGS); + IP_STATINC(IP_STAT_TOOLONG); return EINVAL; }
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Feb 8 09:32:02 UTC 2018 Modified Files: src/sys/netinet: ip_icmp.c Log Message: Fix a possible buffer overflow in the IPv4 _ctlinput functions. In _icmp_input we are guaranteeing that the ICMP_ADVLENMIN-byte area starting from 'icp' is contiguous. ICMP_ADVLENMIN = 8 + sizeof(struct ip) + 8 = 36 But the _ctlinput functions (eg udp_ctlinput) expect the area to be larger. These functions read at: (uint8_t *)icp + 8 + (icp->icmp_ip.ip_hl << 2) which can be crafted to be: (uint8_t *)icp + 68 So we end up reading 'icp+68' while the valid area ended at 'icp+36'. Having said that, it seems pretty complicated to trigger this bug; it would have to be a fragmented packet with half of the ICMP header in the first fragment, and we would need to have a driver that did not allocate a cluster for the first mbuf of the chain. The check of icmplen against ICMP_ADVLEN(icp) was not sufficient: while it did guarantee that the ICMP header fit the chain, it did not guarantee that it fit 'm'. Fix this bug by pulling up to hlen+ICMP_ADVLEN(icp). No need to log an error. Rebase the pointers afterwards. To generate a diff of this commit: cvs rdiff -u -r1.167 -r1.168 src/sys/netinet/ip_icmp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_icmp.c diff -u src/sys/netinet/ip_icmp.c:1.167 src/sys/netinet/ip_icmp.c:1.168 --- src/sys/netinet/ip_icmp.c:1.167 Mon Feb 5 08:38:06 2018 +++ src/sys/netinet/ip_icmp.c Thu Feb 8 09:32:02 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_icmp.c,v 1.167 2018/02/05 08:38:06 maxv Exp $ */ +/* $NetBSD: ip_icmp.c,v 1.168 2018/02/08 09:32:02 maxv Exp $ */ /* * Copyright (c) 1998, 2000 The NetBSD Foundation, Inc. @@ -94,7 +94,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v 1.167 2018/02/05 08:38:06 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v 1.168 2018/02/08 09:32:02 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_ipsec.h" @@ -546,6 +546,14 @@ _icmp_input(struct mbuf *m, int hlen, in ICMP_STATINC(ICMP_STAT_BADLEN); goto freeit; } + if (m->m_len < hlen + ICMP_ADVLEN(icp)) { + m = m_pullup(m, hlen + ICMP_ADVLEN(icp)); + if (m == NULL) +goto freeit; + } + ip = mtod(m, struct ip *); + icp = (struct icmp *)(mtod(m, uint8_t *) + hlen); + if (IN_MULTICAST(icp->icmp_ip.ip_dst.s_addr)) goto badcode; #ifdef ICMPPRINTFS
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Feb 8 07:11:20 UTC 2018 Modified Files: src/sys/netinet: udp_usrreq.c Log Message: Style, and remove printfs. To generate a diff of this commit: cvs rdiff -u -r1.237 -r1.238 src/sys/netinet/udp_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/udp_usrreq.c diff -u src/sys/netinet/udp_usrreq.c:1.237 src/sys/netinet/udp_usrreq.c:1.238 --- src/sys/netinet/udp_usrreq.c:1.237 Thu Feb 8 06:50:38 2018 +++ src/sys/netinet/udp_usrreq.c Thu Feb 8 07:11:20 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: udp_usrreq.c,v 1.237 2018/02/08 06:50:38 maxv Exp $ */ +/* $NetBSD: udp_usrreq.c,v 1.238 2018/02/08 07:11:20 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -66,7 +66,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.237 2018/02/08 06:50:38 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.238 2018/02/08 07:11:20 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -124,44 +124,44 @@ __KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c #ifdef INET6 #include #endif -#endif /* IPSEC */ +#endif #ifdef IPKDB #include #endif -int udpcksum = 1; -int udp_do_loopback_cksum = 0; +int udpcksum = 1; +int udp_do_loopback_cksum = 0; -struct inpcbtable udbtable; +struct inpcbtable udbtable; percpu_t *udpstat_percpu; #ifdef INET #ifdef IPSEC static int udp4_espinudp (struct mbuf **, int, struct sockaddr *, - struct socket *); +struct socket *); #endif static void udp4_sendup (struct mbuf *, int, struct sockaddr *, - struct socket *); +struct socket *); static int udp4_realinput (struct sockaddr_in *, struct sockaddr_in *, - struct mbuf **, int); +struct mbuf **, int); static int udp4_input_checksum(struct mbuf *, const struct udphdr *, int, int); #endif #ifdef INET -static void udp_notify (struct inpcb *, int); +static void udp_notify (struct inpcb *, int); #endif #ifndef UDBHASHSIZE #define UDBHASHSIZE 128 #endif -int udbhashsize = UDBHASHSIZE; +int udbhashsize = UDBHASHSIZE; /* * For send - really max datagram size; for receive - 40 1K datagrams. */ -static int udp_sendspace = 9216; -static int udp_recvspace = 40 * (1024 + sizeof(struct sockaddr_in)); +static int udp_sendspace = 9216; +static int udp_recvspace = 40 * (1024 + sizeof(struct sockaddr_in)); #ifdef MBUFTRACE struct mowner udp_mowner = MOWNER_INIT("udp", ""); @@ -229,7 +229,6 @@ udp_init(void) /* * Checksum extended UDP header and data. */ - int udp_input_checksum(int af, struct mbuf *m, const struct udphdr *uh, int iphlen, int len) @@ -257,7 +256,6 @@ udp_input_checksum(int af, struct mbuf * /* * Checksum extended UDP header and data. */ - static int udp4_input_checksum(struct mbuf *m, const struct udphdr *uh, int iphlen, int len) @@ -351,6 +349,7 @@ udp_input(struct mbuf *m, ...) UDP_STATINC(UDP_STAT_HDROPS); return; } + /* * Enforce alignment requirements that are violated in * some cases, see kern/50766 for details. @@ -441,8 +440,8 @@ udp_input(struct mbuf *m, ...) UDP_STATINC(UDP_STAT_NOPORT); #ifdef IPKDB if (checkipkdb(&ip->ip_src, uh->uh_sport, uh->uh_dport, -m, iphlen + sizeof(struct udphdr), -m->m_pkthdr.len - iphlen - sizeof(struct udphdr))) { + m, iphlen + sizeof(struct udphdr), + m->m_pkthdr.len - iphlen - sizeof(struct udphdr))) { /* * It was a debugger connect packet, * just drop it now @@ -467,7 +466,7 @@ badcsum: #ifdef INET static void udp4_sendup(struct mbuf *m, int off /* offset of data portion */, - struct sockaddr *src, struct socket *so) +struct sockaddr *src, struct socket *so) { struct mbuf *opts = NULL; struct mbuf *n; @@ -487,18 +486,17 @@ udp4_sendup(struct mbuf *m, int off /* o 0, 0); return; } -#endif /*IPSEC*/ +#endif if ((n = m_copypacket(m, M_DONTWAIT)) != NULL) { - if (inp->inp_flags & INP_CONTROLOPTS - || SOOPT_TIMESTAMP(so->so_options)) { + if (inp->inp_flags & INP_CONTROLOPTS || + SOOPT_TIMESTAMP(so->so_options)) { struct ip *ip = mtod(n, struct ip *); ip_savecontrol(inp, &opts, ip, n); } m_adj(n, off); - if (sbappendaddr(&so->so_rcv, src, n, -opts) == 0) { + if (sbappendaddr(&so->so_rcv, src, n, opts) == 0) { m_freem(n); if (opts) m_freem(opts); @@ -513,7 +511,7 @@ udp4_sendup(struct mbuf *m, int off /* o #ifdef INET static int udp4_realinput(struct sockaddr_in *src, struct sockaddr_in *dst, - struct mbuf **mp, int off /* offset of udphdr */) +struct mbuf **mp, int off /* offset of udphdr */) { u_int16_t *sport, *dport; int rcvcnt; @@ -576,7 +574,7 @@ udp4_realinput(struct sockaddr_in *src, } udp4_sendup(m, off, (struct sockaddr *)src, -inp->inp_socket); + inp->inp_socket); rcvcnt++; /* @@ -609,21 +607,19 @@ udp4_realinput(struct sockaddr_in *src,
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Thu Feb 8 06:50:38 UTC 2018 Modified Files: src/sys/netinet: udp_usrreq.c Log Message: Fix three pretty bad mistakes in NAT-T: * If we got a keepalive packet, we need to call m_freem, not m_free. Here the next mbufs in the chain are not freed. Seems easy to remotely DoS the system by sending fragmented keepalives in a loop. * If !ipsec_used, free the mbuf. * In udp_input, we need to update 'uh', because udp4_realinput may have modified the chain. Perhaps we also need to re-enforce alignment, so add an XXX. To generate a diff of this commit: cvs rdiff -u -r1.236 -r1.237 src/sys/netinet/udp_usrreq.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/udp_usrreq.c diff -u src/sys/netinet/udp_usrreq.c:1.236 src/sys/netinet/udp_usrreq.c:1.237 --- src/sys/netinet/udp_usrreq.c:1.236 Mon Dec 11 05:47:18 2017 +++ src/sys/netinet/udp_usrreq.c Thu Feb 8 06:50:38 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: udp_usrreq.c,v 1.236 2017/12/11 05:47:18 ryo Exp $ */ +/* $NetBSD: udp_usrreq.c,v 1.237 2018/02/08 06:50:38 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -66,7 +66,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.236 2017/12/11 05:47:18 ryo Exp $"); +__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.237 2018/02/08 06:50:38 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -405,7 +405,15 @@ udp_input(struct mbuf *m, ...) */ return; } + ip = mtod(m, struct ip *); + IP6_EXTHDR_GET(uh, struct udphdr *, m, iphlen, sizeof(struct udphdr)); + if (uh == NULL) { + UDP_STATINC(UDP_STAT_HDROPS); + return; + } + /* XXX Re-enforce alignment? */ + #ifdef INET6 if (IN_MULTICAST(ip->ip_dst.s_addr) || n == 0) { struct sockaddr_in6 src6, dst6; @@ -1279,7 +1287,7 @@ udp4_espinudp(struct mbuf **mp, int off, /* Ignore keepalive packets */ if ((len == 1) && (*(unsigned char *)data == 0xff)) { - m_free(m); + m_freem(m); *mp = NULL; /* avoid any further processiong by caller ... */ return 1; } @@ -1360,7 +1368,8 @@ udp4_espinudp(struct mbuf **mp, int off, if (ipsec_used) ipsec4_common_input(m, iphdrlen, IPPROTO_ESP); - /* XXX: else */ + else + m_freem(m); /* We handled it, it shouldn't be handled by UDP */ *mp = NULL; /* avoid free by caller ... */
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Wed Feb 7 13:22:42 UTC 2018 Modified Files: src/sys/netinet: ip_mroute.c Log Message: Style and constify. To generate a diff of this commit: cvs rdiff -u -r1.152 -r1.153 src/sys/netinet/ip_mroute.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_mroute.c diff -u src/sys/netinet/ip_mroute.c:1.152 src/sys/netinet/ip_mroute.c:1.153 --- src/sys/netinet/ip_mroute.c:1.152 Wed Feb 7 12:15:32 2018 +++ src/sys/netinet/ip_mroute.c Wed Feb 7 13:22:41 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_mroute.c,v 1.152 2018/02/07 12:15:32 maxv Exp $ */ +/* $NetBSD: ip_mroute.c,v 1.153 2018/02/07 13:22:41 maxv Exp $ */ /* * Copyright (c) 1992, 1993 @@ -93,7 +93,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.152 2018/02/07 12:15:32 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.153 2018/02/07 13:22:41 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -254,7 +254,7 @@ static struct mbuf *pim_register_prepare #define ENCAP_PROTO IPPROTO_IPIP /* prototype IP hdr for encapsulated packets */ -struct ip multicast_encap_iphdr = { +static const struct ip multicast_encap_iphdr = { .ip_hl = sizeof(struct ip) >> 2, .ip_v = IPVERSION, .ip_len = sizeof(struct ip), @@ -777,7 +777,7 @@ add_vif(struct vifctl *vifcp) * local interface (e.g. it could be 127.0.0.2), we don't * check its address. */ - ifp = NULL; + ifp = NULL; } else #endif { @@ -1137,8 +1137,7 @@ add_mfc(struct sockopt *sopt) } } if (rt == NULL) { /* no upcall, so make a new entry */ - rt = (struct mfc *)malloc(sizeof(*rt), M_MRTABLE, - M_NOWAIT); + rt = malloc(sizeof(*rt), M_MRTABLE, M_NOWAIT); if (rt == NULL) { splx(s); return ENOBUFS; @@ -1294,8 +1293,7 @@ ip_mforward(struct mbuf *m, struct ifnet log(LOG_ERR, "ip_mforward: received source-routed packet from %x\n", ntohl(ip->ip_src.s_addr)); - - return 1; + return EOPNOTSUPP; } /* @@ -1323,19 +1321,18 @@ ip_mforward(struct mbuf *m, struct ifnet return ip_mdq(m, ifp, rt); } else { /* - * If we don't have a route for packet's origin, - * Make a copy of the packet & send message to routing daemon + * If we don't have a route for packet's origin, make a copy + * of the packet and send message to routing daemon. */ struct mbuf *mb0; struct rtdetq *rte; u_int32_t hash; - int hlen = ip->ip_hl << 2; + const int hlen = ip->ip_hl << 2; #ifdef UPCALL_TIMING struct timeval tp; - microtime(&tp); -#endif /* UPCALL_TIMING */ +#endif ++mrtstat.mrts_mfc_misses; @@ -1350,8 +1347,7 @@ ip_mforward(struct mbuf *m, struct ifnet * just going to fail anyway. Make sure to pullup the header so * that other people can't step on it. */ - rte = (struct rtdetq *)malloc(sizeof(*rte), M_MRTABLE, - M_NOWAIT); + rte = malloc(sizeof(*rte), M_MRTABLE, M_NOWAIT); if (rte == NULL) { splx(s); return ENOBUFS; @@ -1389,8 +1385,7 @@ ip_mforward(struct mbuf *m, struct ifnet goto non_fatal; /* no upcall, so make a new entry */ - rt = (struct mfc *)malloc(sizeof(*rt), M_MRTABLE, - M_NOWAIT); + rt = malloc(sizeof(*rt), M_MRTABLE, M_NOWAIT); if (rt == NULL) goto fail; @@ -1481,7 +1476,7 @@ ip_mforward(struct mbuf *m, struct ifnet rte->ifp = ifp; #ifdef UPCALL_TIMING rte->t = tp; -#endif /* UPCALL_TIMING */ +#endif splx(s); @@ -1489,7 +1484,6 @@ ip_mforward(struct mbuf *m, struct ifnet } } - /*ARGSUSED*/ static void expire_upcalls(void *v) @@ -1542,28 +1536,26 @@ expire_upcalls(void *v) } /* + * Macro to send packet on vif. + */ +#define MC_SEND(ip, vifp, m) do { \ + if ((vifp)->v_flags & VIFF_TUNNEL)\ + encap_send((ip), (vifp), (m));\ + else\ + phyint_send((ip), (vifp), (m));\ +} while (/*CONSTCOND*/ 0) + +/* * Packet forwarding routine once entry in the cache is made */ static int ip_mdq(struct mbuf *m, struct ifnet *ifp, struct mfc *rt) { - struct ip *ip = mtod(m, struct ip *); + struct ip *ip = mtod(m, struct ip *); vifi_t vifi; struct vif *vifp; struct sockaddr_in sin; - int plen = ntohs(ip->ip_len) - (ip->ip_hl << 2); - -/* - * Macro to send packet on vif. Since RSVP packets don't get counted on - * input, they shouldn't get counted on output, so statistics keeping is - * separate. - */ -#define MC_SEND(ip, vifp, m) do { \ - if ((vifp)->v_flags & VIFF_TUNNEL)\ - encap_send((ip), (vifp), (m));\ - else\ - phyint_send((ip), (vifp), (m));\ -} while (/*CONSTCOND*/ 0) + const int plen = ntohs(ip->ip_len) - (ip->ip_hl << 2); /* * Don't forward if it didn't arrive from the parent vif for its origin. @@ -1577,6 +1569,7 @@ ip_mdq(struct mbuf *m, struct ifnet *ifp vifi >= numvifs ? 0 : viftable[vifi].v_ifp); ++mrtstat.mrts_wrong_if; ++rt->mfc
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Wed Feb 7 12:15:32 UTC 2018 Modified Files: src/sys/netinet: ip_mroute.c Log Message: More style. No functional change. To generate a diff of this commit: cvs rdiff -u -r1.151 -r1.152 src/sys/netinet/ip_mroute.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_mroute.c diff -u src/sys/netinet/ip_mroute.c:1.151 src/sys/netinet/ip_mroute.c:1.152 --- src/sys/netinet/ip_mroute.c:1.151 Wed Feb 7 12:09:55 2018 +++ src/sys/netinet/ip_mroute.c Wed Feb 7 12:15:32 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_mroute.c,v 1.151 2018/02/07 12:09:55 maxv Exp $ */ +/* $NetBSD: ip_mroute.c,v 1.152 2018/02/07 12:15:32 maxv Exp $ */ /* * Copyright (c) 1992, 1993 @@ -93,7 +93,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.151 2018/02/07 12:09:55 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.152 2018/02/07 12:15:32 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -2428,49 +2428,51 @@ bw_meter_prepare_upcall(struct bw_meter static void bw_upcalls_send(void) { -struct mbuf *m; -int len = bw_upcalls_n * sizeof(bw_upcalls[0]); -struct sockaddr_in k_igmpsrc = { - .sin_len = sizeof(k_igmpsrc), - .sin_family = AF_INET, -}; -static struct igmpmsg igmpmsg = { 0, /* unused1 */ - 0, /* unused2 */ - IGMPMSG_BW_UPCALL,/* im_msgtype */ - 0, /* im_mbz */ - 0, /* im_vif */ - 0, /* unused3 */ - { 0 }, /* im_src */ - { 0 } }; /* im_dst */ + struct mbuf *m; + int len = bw_upcalls_n * sizeof(bw_upcalls[0]); + struct sockaddr_in k_igmpsrc = { + .sin_len = sizeof(k_igmpsrc), + .sin_family = AF_INET, + }; + static struct igmpmsg igmpmsg = { + 0, /* unused1 */ + 0, /* unused2 */ + IGMPMSG_BW_UPCALL,/* im_msgtype */ + 0, /* im_mbz */ + 0, /* im_vif */ + 0, /* unused3 */ + { 0 }, /* im_src */ + { 0 } /* im_dst */ + }; -if (bw_upcalls_n == 0) - return; /* No pending upcalls */ + if (bw_upcalls_n == 0) + return; /* No pending upcalls */ -bw_upcalls_n = 0; + bw_upcalls_n = 0; -/* - * Allocate a new mbuf, initialize it with the header and - * the payload for the pending calls. - */ -MGETHDR(m, M_DONTWAIT, MT_HEADER); -if (m == NULL) { - log(LOG_WARNING, "bw_upcalls_send: cannot allocate mbuf\n"); - return; -} + /* + * Allocate a new mbuf, initialize it with the header and + * the payload for the pending calls. + */ + MGETHDR(m, M_DONTWAIT, MT_HEADER); + if (m == NULL) { + log(LOG_WARNING, "bw_upcalls_send: cannot allocate mbuf\n"); + return; + } -m->m_len = m->m_pkthdr.len = 0; -m_copyback(m, 0, sizeof(struct igmpmsg), (void *)&igmpmsg); -m_copyback(m, sizeof(struct igmpmsg), len, (void *)&bw_upcalls[0]); + m->m_len = m->m_pkthdr.len = 0; + m_copyback(m, 0, sizeof(struct igmpmsg), (void *)&igmpmsg); + m_copyback(m, sizeof(struct igmpmsg), len, (void *)&bw_upcalls[0]); -/* - * Send the upcalls - * XXX do we need to set the address in k_igmpsrc ? - */ -mrtstat.mrts_upcalls++; -if (socket_send(ip_mrouter, m, &k_igmpsrc) < 0) { - log(LOG_WARNING, "bw_upcalls_send: ip_mrouter socket queue full\n"); - ++mrtstat.mrts_upq_sockfull; -} + /* + * Send the upcalls + * XXX do we need to set the address in k_igmpsrc ? + */ + mrtstat.mrts_upcalls++; + if (socket_send(ip_mrouter, m, &k_igmpsrc) < 0) { + log(LOG_WARNING, "bw_upcalls_send: ip_mrouter socket queue full\n"); + ++mrtstat.mrts_upq_sockfull; + } } /* @@ -2479,11 +2481,10 @@ bw_upcalls_send(void) #define BW_METER_TIMEHASH(bw_meter, hash)\ do {\ struct timeval next_timeval = (bw_meter)->bm_start_time; \ - \ - BW_TIMEVALADD(&next_timeval, &(bw_meter)->bm_threshold.b_time); \ + BW_TIMEVALADD(&next_timeval, &(bw_meter)->bm_threshold.b_time); \ (hash) = next_timeval.tv_sec; \ if (next_timeval.tv_usec) \ - (hash)++; /* XXX: make sure we don't timeout early */ \ + (hash)++; /* XXX: make sure we don't timeout early */ \ (hash) %= BW_METER_BUCKETS; \ } while (/*CONSTCOND*/ 0) @@ -2494,26 +2495,26 @@ bw_upcalls_send(void) static void schedule_bw_meter(struct bw_meter *x, struct timeval *nowp) { -int time_hash; + int time_hash; -if (!(x->bm_flags & BW_METER_LEQ)) - return; /* XXX: we schedule timers only for "<=" entries */ + if (!(x->bm_flags & BW_METER_LEQ)) + return; /* XXX: we schedule timers only for "<=" entries */ -/* - * Reset the bw_meter entry - */ -x->bm_start_time = *nowp; -x->bm_measured.b_packets = 0; -x->bm_measured.b_bytes = 0; -x->bm_flags &= ~BW_METER_UPCALL_DELIVERED; + /* + * Reset the bw_meter entry + */ + x->bm_start_time = *nowp; + x->bm_measured.b_packets = 0; + x->bm_measured.b_bytes = 0; + x->bm_flags &= ~BW_METER_UPCALL_DELIVERED; -/* - * Co
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Wed Feb 7 12:09:55 UTC 2018 Modified Files: src/sys/netinet: ip_mroute.c Log Message: Remove parentheses in return statements. No functional change. To generate a diff of this commit: cvs rdiff -u -r1.150 -r1.151 src/sys/netinet/ip_mroute.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_mroute.c diff -u src/sys/netinet/ip_mroute.c:1.150 src/sys/netinet/ip_mroute.c:1.151 --- src/sys/netinet/ip_mroute.c:1.150 Wed Feb 7 12:04:50 2018 +++ src/sys/netinet/ip_mroute.c Wed Feb 7 12:09:55 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_mroute.c,v 1.150 2018/02/07 12:04:50 maxv Exp $ */ +/* $NetBSD: ip_mroute.c,v 1.151 2018/02/07 12:09:55 maxv Exp $ */ /* * Copyright (c) 1992, 1993 @@ -93,7 +93,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.150 2018/02/07 12:04:50 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.151 2018/02/07 12:09:55 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -678,7 +678,7 @@ ip_mrouter_done(void) if (mrtdebug) log(LOG_DEBUG, "ip_mrouter_done\n"); - return (0); + return 0; } void @@ -714,7 +714,7 @@ static int set_assert(int i) { pim_assert = !!i; - return (0); + return 0; } /* @@ -735,18 +735,18 @@ set_api_config(struct sockopt *sopt) */ error = sockopt_get(sopt, &apival, sizeof(apival)); if (error) - return (error); + return error; if (numvifs > 0) - return (EPERM); + return EPERM; if (pim_assert) - return (EPERM); + return EPERM; for (i = 0; i < MFCTBLSIZ; i++) { if (LIST_FIRST(&mfchashtbl[i]) != NULL) - return (EPERM); + return EPERM; } mrt_api_config = apival & mrt_api_support; - return (0); + return 0; } /* @@ -761,13 +761,13 @@ add_vif(struct vifctl *vifcp) struct sockaddr_in sin; if (vifcp->vifc_vifi >= MAXVIFS) - return (EINVAL); + return EINVAL; if (in_nullhost(vifcp->vifc_lcl_addr)) - return (EADDRNOTAVAIL); + return EADDRNOTAVAIL; vifp = &viftable[vifcp->vifc_vifi]; if (!in_nullhost(vifp->v_lcl_addr)) - return (EADDRINUSE); + return EADDRINUSE; /* Find the interface with an address in AF_INET family. */ #ifdef PIM @@ -798,7 +798,7 @@ add_vif(struct vifctl *vifcp) if (vifcp->vifc_flags & VIFF_TUNNEL) { if (vifcp->vifc_flags & VIFF_SRCRT) { log(LOG_ERR, "source routed tunnels not supported\n"); - return (EOPNOTSUPP); + return EOPNOTSUPP; } /* attach this vif to decapsulator dispatch table */ @@ -816,7 +816,7 @@ add_vif(struct vifctl *vifcp) vif_encapcheck, &vif_encapsw, vifp); encap_lock_exit(); if (!vifp->v_encap_cookie) - return (EINVAL); + return EINVAL; /* Create a fake encapsulation interface. */ ifp = malloc(sizeof(*ifp), M_MRTABLE, M_WAITOK|M_ZERO); @@ -843,13 +843,13 @@ add_vif(struct vifctl *vifcp) } else { /* Make sure the interface supports multicast. */ if ((ifp->if_flags & IFF_MULTICAST) == 0) - return (EOPNOTSUPP); + return EOPNOTSUPP; /* Enable promiscuous reception of all IP multicasts. */ sockaddr_in_init(&sin, &zeroin_addr, 0); error = if_mcast_op(ifp, SIOCADDMULTI, sintosa(&sin)); if (error) - return (error); + return error; } s = splsoftnet(); @@ -892,7 +892,7 @@ add_vif(struct vifctl *vifcp) vifcp->vifc_threshold, vifcp->vifc_rate_limit); - return (0); + return 0; } void @@ -943,11 +943,11 @@ del_vif(vifi_t *vifip) int s; if (*vifip >= numvifs) - return (EINVAL); + return EINVAL; vifp = &viftable[*vifip]; if (in_nullhost(vifp->v_lcl_addr)) - return (EADDRNOTAVAIL); + return EADDRNOTAVAIL; s = splsoftnet(); @@ -964,7 +964,7 @@ del_vif(vifi_t *vifip) if (mrtdebug) log(LOG_DEBUG, "del_vif %d, numvifs %d\n", *vifip, numvifs); - return (0); + return 0; } /* @@ -1050,7 +1050,7 @@ add_mfc(struct sockopt *sopt) error = sockopt_get(sopt, mfccp, sizeof(struct mfcctl)); if (error) - return (error); + return error; s = splsoftnet(); rt = mfc_find(&mfccp->mfcc_origin, &mfccp->mfcc_mcastgrp); @@ -1066,7 +1066,7 @@ add_mfc(struct sockopt *sopt) update_mfc_params(rt, mfccp); splx(s); - return (0); + return 0; } /* @@ -1141,7 +1141,7 @@ add_mfc(struct sockopt *sopt) M_NOWAIT); if (rt == NULL) { splx(s); -return (ENOBUFS); +return ENOBUFS; } init_mfc_params(rt, mfccp); @@ -1155,7 +1155,7 @@ add_mfc(struct sockopt *sopt) } splx(s); - return (0); + return 0; } #ifdef UPCALL_TIMING @@ -1208,7 +1208,7 @@ del_mfc(struct sockopt *sopt) /* Try with the size of mfcctl2. */ error = sockopt_get(sopt, mfccp, sizeof(struct mfcctl2)); if (error) - return (error); + return error; } if (mrtdebug & DEBUG_MFC) @@ -1221,7 +1221,7 @@ del_mfc(struct sockopt *sopt) rt = mfc_find(&mfccp->mfcc_origin, &mfccp->mfcc_mcastgrp); if (rt == NULL) { splx(s); - return (EADDRNOTAVA
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Wed Feb 7 12:04:50 UTC 2018 Modified Files: src/sys/netinet: ip_mroute.c Log Message: Style and remove unused macros. More to come. To generate a diff of this commit: cvs rdiff -u -r1.149 -r1.150 src/sys/netinet/ip_mroute.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_mroute.c diff -u src/sys/netinet/ip_mroute.c:1.149 src/sys/netinet/ip_mroute.c:1.150 --- src/sys/netinet/ip_mroute.c:1.149 Wed Feb 7 11:42:57 2018 +++ src/sys/netinet/ip_mroute.c Wed Feb 7 12:04:50 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_mroute.c,v 1.149 2018/02/07 11:42:57 maxv Exp $ */ +/* $NetBSD: ip_mroute.c,v 1.150 2018/02/07 12:04:50 maxv Exp $ */ /* * Copyright (c) 1992, 1993 @@ -93,7 +93,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.149 2018/02/07 11:42:57 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.150 2018/02/07 12:04:50 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -156,9 +156,6 @@ __KERNEL_RCSID(0, "$NetBSD: ip_mroute.c, struct socket *ip_mrouter = NULL; int ip_mrtproto = IGMP_DVMRP;/* for netstat only */ -#define NO_RTE_FOUND 0x1 -#define RTE_FOUND 0x2 - #define MFCHASH(a, g) \ a).s_addr >> 20) ^ ((a).s_addr >> 10) ^ (a).s_addr ^ \ ((g).s_addr >> 20) ^ ((g).s_addr >> 10) ^ (g).s_addr) & mfchash) @@ -168,7 +165,7 @@ u_long mfchash; u_char nexpire[MFCTBLSIZ]; struct vif viftable[MAXVIFS]; struct mrtstat mrtstat; -u_int mrtdebug = 0; /* debug level */ +u_int mrtdebug = 0; /* debug level */ #define DEBUG_MFC 0x02 #define DEBUG_FORWARD 0x04 #define DEBUG_EXPIRE 0x08 @@ -177,7 +174,7 @@ u_int mrtdebug = 0; /* debug level * #define VIFI_INVALID ((vifi_t) -1) -u_int tbfdebug = 0; /* tbf debug level */ +u_int tbfdebug = 0; /* tbf debug level */ /* vif attachment using sys/netinet/ip_encap.c */ static void vif_input(struct mbuf *, int, int, void *); @@ -245,28 +242,16 @@ static void expire_bw_meter_process(void #ifdef PIM static int pim_register_send(struct ip *, struct vif *, - struct mbuf *, struct mfc *); +struct mbuf *, struct mfc *); static int pim_register_send_rp(struct ip *, struct vif *, - struct mbuf *, struct mfc *); +struct mbuf *, struct mfc *); static int pim_register_send_upcall(struct ip *, struct vif *, - struct mbuf *, struct mfc *); +struct mbuf *, struct mfc *); static struct mbuf *pim_register_prepare(struct ip *, struct mbuf *); #endif -/* - * 'Interfaces' associated with decapsulator (so we can tell - * packets that went through it from ones that get reflected - * by a broken gateway). These interfaces are never linked into - * the system ifnet list & no routes point to them. I.e., packets - * can't be sent this way. They only exist as a placeholder for - * multicast source verification. - */ -#if 0 -struct ifnet multicast_decap_if[MAXVIFS]; -#endif - #define ENCAP_TTL 64 -#define ENCAP_PROTO IPPROTO_IPIP /* 4 */ +#define ENCAP_PROTO IPPROTO_IPIP /* prototype IP hdr for encapsulated packets */ struct ip multicast_encap_iphdr = { @@ -307,10 +292,9 @@ struct pimstat pimstat; * data packet: * * struct pim_encap_hdr { - *struct ip ip; - *struct pim_encap_pimhdr pim; + * struct ip ip; + * struct pim_encap_pimhdr pim; * } - * */ struct pim_encap_pimhdr { @@ -385,7 +369,7 @@ mfc_find(struct in_addr *o, struct in_ad break; } - return (rt); + return rt; } /* @@ -485,7 +469,7 @@ ip_mrouter_set(struct socket *so, struct break; } } - return (error); + return error; } /* @@ -519,7 +503,7 @@ ip_mrouter_get(struct socket *so, struct break; } } - return (error); + return error; } /* @@ -545,7 +529,7 @@ mrt_ioctl(struct socket *so, u_long cmd, break; } - return (error); + return error; } /* @@ -562,14 +546,14 @@ get_sg_cnt(struct sioc_sg_req *req) if (rt == NULL) { splx(s); req->pktcnt = req->bytecnt = req->wrong_if = 0x; - return (EADDRNOTAVAIL); + return EADDRNOTAVAIL; } req->pktcnt = rt->mfc_pkt_cnt; req->bytecnt = rt->mfc_byte_cnt; req->wrong_if = rt->mfc_wrong_if; splx(s); - return (0); + return 0; } /* @@ -581,14 +565,14 @@ get_vif_cnt(struct sioc_vif_req *req) vifi_t vifi = req->vifi; if (vifi >= numvifs) - return (EINVAL); + return EINVAL; req->icount = viftable[vifi].v_pkt_in; req->ocount = viftable[vifi].v_pkt_out; req->ibytes = viftable[vifi].v_bytes_in; req->obytes = viftable[vifi].v_bytes_out; - return (0); + return 0; } /* @@ -604,13 +588,13 @@ ip_mrouter_init(struct socket *so, int v if (so->so_type != SOCK_RAW || so->so_proto->pr_protocol != IPPROTO_IGMP) - return (EOPNOTSUPP); + return EOPNOTSUPP; if (v != 1) - return (EINVAL); + return EINVAL; if (ip_mrouter != NULL) - return (EADDRINUSE); + return EADDRINUSE; ip_mro
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Wed Feb 7 11:42:58 UTC 2018 Modified Files: src/sys/netinet: igmp.c ip_mroute.c ip_mroute.h Log Message: Remove RSVP_ISI, that's mostly dead code. FreeBSD and OpenBSD too removed it; FreeBSD kept some pieces but they are mostly no-opts. Sent on tech-net@, no comment. To generate a diff of this commit: cvs rdiff -u -r1.65 -r1.66 src/sys/netinet/igmp.c cvs rdiff -u -r1.148 -r1.149 src/sys/netinet/ip_mroute.c cvs rdiff -u -r1.31 -r1.32 src/sys/netinet/ip_mroute.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/igmp.c diff -u src/sys/netinet/igmp.c:1.65 src/sys/netinet/igmp.c:1.66 --- src/sys/netinet/igmp.c:1.65 Fri Nov 17 07:37:12 2017 +++ src/sys/netinet/igmp.c Wed Feb 7 11:42:58 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: igmp.c,v 1.65 2017/11/17 07:37:12 ozaki-r Exp $ */ +/* $NetBSD: igmp.c,v 1.66 2018/02/07 11:42:58 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -40,7 +40,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: igmp.c,v 1.65 2017/11/17 07:37:12 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: igmp.c,v 1.66 2018/02/07 11:42:58 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_mrouting.h" @@ -632,9 +632,7 @@ igmp_sendpkt(struct in_multi *inm, int t imo.imo_multicast_if_index = if_get_index(inm->inm_ifp); imo.imo_multicast_ttl = 1; -#ifdef RSVP_ISI - imo.imo_multicast_vif = -1; -#endif + /* * Request loopback of the report if we are acting as a multicast * router, so that the process-level routing demon can hear it. Index: src/sys/netinet/ip_mroute.c diff -u src/sys/netinet/ip_mroute.c:1.148 src/sys/netinet/ip_mroute.c:1.149 --- src/sys/netinet/ip_mroute.c:1.148 Wed Nov 15 10:42:41 2017 +++ src/sys/netinet/ip_mroute.c Wed Feb 7 11:42:57 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_mroute.c,v 1.148 2017/11/15 10:42:41 knakahara Exp $ */ +/* $NetBSD: ip_mroute.c,v 1.149 2018/02/07 11:42:57 maxv Exp $ */ /* * Copyright (c) 1992, 1993 @@ -93,7 +93,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.148 2017/11/15 10:42:41 knakahara Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.149 2018/02/07 11:42:57 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -178,14 +178,6 @@ u_int mrtdebug = 0; /* debug level * #define VIFI_INVALID ((vifi_t) -1) u_int tbfdebug = 0; /* tbf debug level */ -#ifdef RSVP_ISI -u_int rsvpdebug = 0; /* rsvp debug level */ -#define RSVP_DPRINTF(a) do if (rsvpdebug) printf a; while (/*CONSTCOND*/0) -extern struct socket *ip_rsvpd; -extern int rsvp_on; -#else -#define RSVP_DPRINTF(a) do {} while (/*CONSTCOND*/0) -#endif /* RSVP_ISI */ /* vif attachment using sys/netinet/ip_encap.c */ static void vif_input(struct mbuf *, int, int, void *); @@ -224,11 +216,7 @@ static int del_mfc(struct sockopt *); static int set_api_config(struct sockopt *); /* chose API capabilities */ static int socket_send(struct socket *, struct mbuf *, struct sockaddr_in *); static void expire_upcalls(void *); -#ifdef RSVP_ISI -static int ip_mdq(struct mbuf *, struct ifnet *, struct mfc *, vifi_t); -#else static int ip_mdq(struct mbuf *, struct ifnet *, struct mfc *); -#endif static void phyint_send(struct ip *, struct vif *, struct mbuf *); static void encap_send(struct ip *, struct vif *, struct mbuf *); static void tbf_control(struct vif *, struct mbuf *, struct ip *, u_int32_t); @@ -905,11 +893,6 @@ add_vif(struct vifctl *vifcp) callout_init(&vifp->v_repq_ch, 0); -#ifdef RSVP_ISI - vifp->v_rsvp_on = 0; - vifp->v_rsvpd = NULL; -#endif /* RSVP_ISI */ - splx(s); /* Adjust numvifs up if the vifi is higher than numvifs. */ @@ -1135,11 +1118,7 @@ add_mfc(struct sockopt *sopt) for (; rte != NULL; rte = nrte) { nrte = rte->next; if (rte->ifp) { -#ifdef RSVP_ISI - ip_mdq(rte->m, rte->ifp, rt, -1); -#else ip_mdq(rte->m, rte->ifp, rt); -#endif /* RSVP_ISI */ } m_freem(rte->m); #ifdef UPCALL_TIMING @@ -1302,11 +1281,7 @@ socket_send(struct socket *s, struct mbu #define TUNNEL_LEN 12 /* # bytes of IP option for tunnel encapsulation */ int -#ifdef RSVP_ISI -ip_mforward(struct mbuf *m, struct ifnet *ifp, struct ip_moptions *imo) -#else ip_mforward(struct mbuf *m, struct ifnet *ifp) -#endif /* RSVP_ISI */ { struct ip *ip = mtod(m, struct ip *); struct mfc *rt; @@ -1344,27 +1319,6 @@ ip_mforward(struct mbuf *m, struct ifnet */ m->m_pkthdr.csum_flags = 0; -#ifdef RSVP_ISI - if (imo && ((vifi = imo->imo_multicast_vif) < numvifs)) { - if (ip->ip_ttl < MAXTTL) - ip->ip_ttl++; /* compensate for -1 in *_send routines */ - if (ip->ip_p == IPPROTO_RSVP) { - struct vif *vifp = viftable + vifi; - RSVP_DPRINTF(("%s: Sending IPPROTO_RSVP from %x to %x" - " on vif %d (%s%s)\n", __func__, - ntohl(ip->ip_src), ntohl(ip->ip_dst), vifi, - (vifp->v_flags & VIFF_TUNNEL) ? "t
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Wed Feb 7 08:12:25 UTC 2018 Modified Files: src/sys/netinet: ip_input.c Log Message: Remove null check on ip, it can't be null. (Confuses code scanners.) To generate a diff of this commit: cvs rdiff -u -r1.373 -r1.374 src/sys/netinet/ip_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_input.c diff -u src/sys/netinet/ip_input.c:1.373 src/sys/netinet/ip_input.c:1.374 --- src/sys/netinet/ip_input.c:1.373 Tue Feb 6 06:36:40 2018 +++ src/sys/netinet/ip_input.c Wed Feb 7 08:12:25 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.373 2018/02/06 06:36:40 maxv Exp $ */ +/* $NetBSD: ip_input.c,v 1.374 2018/02/07 08:12:25 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.373 2018/02/06 06:36:40 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.374 2018/02/07 08:12:25 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -782,7 +782,7 @@ ours: * Switch out to protocol's input routine. */ #if IFA_STATS - if (ia && ip) { + if (ia) { struct in_ifaddr *_ia; /* * Keep a reference from ip_match_our_address with psref
CVS commit: src/sys/netinet
Module Name:src Committed By: mrg Date: Wed Feb 7 06:21:23 UTC 2018 Modified Files: src/sys/netinet: ip_output.c Log Message: ip_add_membership() has an missing {} issue, but solve it by dropping the "goto out" that would have happened immediately next anyway, ie, should be NFC. To generate a diff of this commit: cvs rdiff -u -r1.293 -r1.294 src/sys/netinet/ip_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_output.c diff -u src/sys/netinet/ip_output.c:1.293 src/sys/netinet/ip_output.c:1.294 --- src/sys/netinet/ip_output.c:1.293 Tue Feb 6 17:08:18 2018 +++ src/sys/netinet/ip_output.c Wed Feb 7 06:21:23 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_output.c,v 1.293 2018/02/06 17:08:18 maxv Exp $ */ +/* $NetBSD: ip_output.c,v 1.294 2018/02/07 06:21:23 mrg Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.293 2018/02/06 17:08:18 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.294 2018/02/07 06:21:23 mrg Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1827,7 +1827,6 @@ ip_add_membership(struct ip_moptions *im error = ip6_get_membership(sopt, &ifp, &psref, &ia, sizeof(ia)); #else error = EINVAL; - goto out; #endif if (error)
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Tue Feb 6 17:08:19 UTC 2018 Modified Files: src/sys/netinet: ip_output.c Log Message: Several changes, mostly cosmetic: * Add a KASSERT in ip_output(), we expect (at least) the IP header to be here. * In ip_fragment(), declare two variables instead of recomputing the values each time. Add an XXX for ipoff, it seems to me we should also remove IP_RF. * Rename the arguments of ip_optcopy(). * Style: use NULL for pointers, remove ()s for return statements, and add whitespaces for clarity. No real functional change. To generate a diff of this commit: cvs rdiff -u -r1.292 -r1.293 src/sys/netinet/ip_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_output.c diff -u src/sys/netinet/ip_output.c:1.292 src/sys/netinet/ip_output.c:1.293 --- src/sys/netinet/ip_output.c:1.292 Wed Jan 10 18:51:31 2018 +++ src/sys/netinet/ip_output.c Tue Feb 6 17:08:18 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_output.c,v 1.292 2018/01/10 18:51:31 christos Exp $ */ +/* $NetBSD: ip_output.c,v 1.293 2018/02/06 17:08:18 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -29,7 +29,7 @@ * SUCH DAMAGE. */ -/*- +/* * Copyright (c) 1998 The NetBSD Foundation, Inc. * All rights reserved. * @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.292 2018/01/10 18:51:31 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.293 2018/02/06 17:08:18 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -156,7 +156,7 @@ static int ip_ifaddrvalid(const struct i extern pfil_head_t *inet_pfil_hook; /* XXX */ -int ip_do_loopback_cksum = 0; +int ip_do_loopback_cksum = 0; static int ip_mark_mpls(struct ifnet * const ifp, struct mbuf * const m, @@ -232,8 +232,7 @@ ip_output(struct mbuf *m0, struct mbuf * struct ip *ip; struct ifnet *ifp, *mifp = NULL; struct mbuf *m = m0; - int hlen = sizeof (struct ip); - int len, error = 0; + int len, hlen, error = 0; struct route iproute; const struct sockaddr_in *dst; struct in_ifaddr *ia = NULL; @@ -262,11 +261,12 @@ ip_output(struct mbuf *m0, struct mbuf * KASSERT((m->m_pkthdr.csum_flags & (M_CSUM_TCPv6|M_CSUM_UDPv6)) == 0); KASSERT((m->m_pkthdr.csum_flags & (M_CSUM_TCPv4|M_CSUM_UDPv4)) != (M_CSUM_TCPv4|M_CSUM_UDPv4)); + KASSERT(m->m_len >= sizeof(struct ip)); + hlen = sizeof(struct ip); if (opt) { m = ip_insertoptions(m, opt, &len); - if (len >= sizeof(struct ip)) - hlen = len; + hlen = len; } ip = mtod(m, struct ip *); @@ -538,8 +538,8 @@ ip_output(struct mbuf *m0, struct mbuf * } /* - * packets with Class-D address as source are not valid per - * RFC 1112 + * Packets with Class-D address as source are not valid per + * RFC1112. */ if (IN_MULTICAST(ip->ip_src.s_addr)) { IP_STATINC(IP_STAT_ODROPPED); @@ -576,7 +576,6 @@ sendit: } else if ((m->m_pkthdr.csum_flags & M_CSUM_TSOv4) == 0) { ip->ip_id = ip_newid(ia); } else { - /* * TSO capable interfaces (typically?) increment * ip_id for each segment. @@ -673,6 +672,7 @@ sendit: m->m_pkthdr.csum_flags |= M_CSUM_IPv4; } sw_csum = m->m_pkthdr.csum_flags & ~ifp->if_csum_flags_tx; + /* * If small enough for mtu of path, or if using TCP segmentation * offload, can just send directly. @@ -726,8 +726,7 @@ sendit: } /* - * We can't use HW checksumming if we're about to - * fragment the packet. + * We can't use HW checksumming if we're about to fragment the packet. * * XXX Some hardware can do this. */ @@ -791,6 +790,7 @@ sendit: if (error == 0) { IP_STATINC(IP_STAT_FRAGMENTED); } + done: ia4_release(ia, &psref_ia); rtcache_unref(rt, ro); @@ -803,6 +803,7 @@ done: if (bind_need_restore) curlwp_bindx(bound); return error; + bad: m_freem(m); goto done; @@ -819,16 +820,24 @@ ip_fragment(struct mbuf *m, struct ifnet int sw_csum = m->m_pkthdr.csum_flags; int fragments = 0; int error = 0; + int ipoff; + bool mff; ip = mtod(m, struct ip *); hlen = ip->ip_hl << 2; + + /* XXX: Why don't we remove IP_RF? */ + ipoff = ntohs(ip->ip_off) & ~IP_MF; + + mff = (ip->ip_off & htons(IP_MF)) != 0; + if (ifp != NULL) sw_csum &= ~ifp->if_csum_flags_tx; len = (mtu - hlen) &~ 7; if (len < 8) { m_freem(m); - return (EMSGSIZE); + return EMSGSIZE; } firstlen = len; @@ -839,45 +848,52 @@ ip_fragment(struct mbuf *m, struct ifnet * make new header and copy data of each part and link onto chain. */ m0 = m; - mhlen = sizeof (struct ip); + mhlen = sizeof(struct ip); for (off = hlen + len; off < ntohs(ip->ip_len); off += len) { MGETHDR(m, M_DONTWAIT, MT_HEADER); - if (m == 0) { + if (m == NULL) { error = ENOBUFS; IP_STATINC(IP_STAT_ODROPPED); goto sendorfree; } MCLAIM(m, m0->m_owner); + *mnext = m; mnext = &m->m_next
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Tue Feb 6 15:48:02 UTC 2018 Modified Files: src/sys/netinet: ip_reass.c Log Message: Add one more check in ip_reass_packet(): make sure that the end of each fragment does not exceed IP_MAXPACKET. In ip_reass(), we only check the final length of the reassembled packet against IP_MAXPACKET. But there is an integer overflow that can happen a little earlier. We are doing: i = ntohs(p->ipqe_ip->ip_off) + ntohs(p->ipqe_ip->ip_len) - ntohs(ip->ip_off); [...] ip->ip_off = htons(ntohs(ip->ip_off) + i); It is possible that ntohs(p->ipqe_ip->ip_off) + ntohs(p->ipqe_ip->ip_len) > 65535 so the computation of ip_off wraps to zero. This breaks an assumption in the reassembler - it expects the list of fragments to be ordered by offset, and here it's not ordered anymore. (Un)Fortunately I couldn't turn this into anything exploitable. With the new check, it is guaranteed that ip_off+ip_len<=65535. To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 src/sys/netinet/ip_reass.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_reass.c diff -u src/sys/netinet/ip_reass.c:1.11 src/sys/netinet/ip_reass.c:1.12 --- src/sys/netinet/ip_reass.c:1.11 Wed Jan 11 13:08:29 2017 +++ src/sys/netinet/ip_reass.c Tue Feb 6 15:48:02 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_reass.c,v 1.11 2017/01/11 13:08:29 ozaki-r Exp $ */ +/* $NetBSD: ip_reass.c,v 1.12 2018/02/06 15:48:02 maxv Exp $ */ /* * Copyright (c) 1982, 1986, 1988, 1993 @@ -46,7 +46,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_reass.c,v 1.11 2017/01/11 13:08:29 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_reass.c,v 1.12 2018/02/06 15:48:02 maxv Exp $"); #include #include @@ -629,6 +629,11 @@ ip_reass_packet(struct mbuf **m0, struct return EINVAL; } + if (off + len > IP_MAXPACKET) { + IP_STATINC(IP_STAT_BADFRAGS); + return EINVAL; + } + /* * Fragment length and MF flag. Make sure that fragments have * a data length which is non-zero and multiple of 8 bytes.
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Tue Feb 6 06:36:40 UTC 2018 Modified Files: src/sys/netinet: ip_input.c Log Message: Typos and style a bit, no functional change. To generate a diff of this commit: cvs rdiff -u -r1.372 -r1.373 src/sys/netinet/ip_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_input.c diff -u src/sys/netinet/ip_input.c:1.372 src/sys/netinet/ip_input.c:1.373 --- src/sys/netinet/ip_input.c:1.372 Mon Feb 5 15:23:14 2018 +++ src/sys/netinet/ip_input.c Tue Feb 6 06:36:40 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.372 2018/02/05 15:23:14 maxv Exp $ */ +/* $NetBSD: ip_input.c,v 1.373 2018/02/06 06:36:40 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.372 2018/02/05 15:23:14 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.373 2018/02/06 06:36:40 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -305,7 +305,7 @@ ip_init(void) #ifdef MBUFTRACE MOWNER_ATTACH(&ip_tx_mowner); MOWNER_ATTACH(&ip_rx_mowner); -#endif /* MBUFTRACE */ +#endif ipstat_percpu = percpu_alloc(sizeof(uint64_t) * IP_NSTATS); ipforward_rt_percpu = percpu_alloc(sizeof(struct route)); @@ -592,7 +592,7 @@ ip_input(struct mbuf *m) * from generating ICMP redirects for packets that have * been redirected by a hook back out on to the same LAN that * they came from and is not an indication that the packet - * is being inffluenced by source routing options. This + * is being influenced by source routing options. This * allows things like * "rdr tlp0 0/0 port 80 -> 1.1.1.200 3128 tcp" * where tlp0 is both on the 1.1.1.0/24 network and is the @@ -1473,7 +1473,7 @@ error: /* * Do not generate ICMP_SOURCEQUENCH as required in RFC 1812, * Requirements for IP Version 4 Routers. Source quench can - * big problem under DoS attacks or if the underlying + * be a big problem under DoS attacks or if the underlying * interface is rate-limited. */ if (mcopy)
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Mon Feb 5 15:23:14 UTC 2018 Modified Files: src/sys/netinet: ip_input.c Log Message: Exterminate IPSENDREDIRECTS and IPMTUDISCTIMEOUT, neither is documented. To generate a diff of this commit: cvs rdiff -u -r1.371 -r1.372 src/sys/netinet/ip_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_input.c diff -u src/sys/netinet/ip_input.c:1.371 src/sys/netinet/ip_input.c:1.372 --- src/sys/netinet/ip_input.c:1.371 Mon Feb 5 15:18:10 2018 +++ src/sys/netinet/ip_input.c Mon Feb 5 15:23:14 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.371 2018/02/05 15:18:10 maxv Exp $ */ +/* $NetBSD: ip_input.c,v 1.372 2018/02/05 15:23:14 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.371 2018/02/05 15:18:10 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.372 2018/02/05 15:23:14 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -158,16 +158,10 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v #endif #endif -#ifndef IPSENDREDIRECTS -#define IPSENDREDIRECTS 1 -#endif - -#ifndef IPMTUDISCTIMEOUT #define IPMTUDISCTIMEOUT (10 * 60) /* as per RFC 1191 */ -#endif int ipforwarding = IPFORWARDING; -int ipsendredirects = IPSENDREDIRECTS; +int ipsendredirects = 1; int ip_defttl = IPDEFTTL; int ip_forwsrcrt = 0; int ip_directedbcast = 0;
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Mon Feb 5 14:52:42 UTC 2018 Modified Files: src/sys/netinet: ip_input.c Log Message: Clean up this mess. This is typically the kind of places where we need to seriously cut the bullshit. These things are unreadable, undocumented, and all they bought us was not figuring out we had IPv4 forwarding enabled by default for 20+ years. To generate a diff of this commit: cvs rdiff -u -r1.369 -r1.370 src/sys/netinet/ip_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_input.c diff -u src/sys/netinet/ip_input.c:1.369 src/sys/netinet/ip_input.c:1.370 --- src/sys/netinet/ip_input.c:1.369 Mon Feb 5 14:23:38 2018 +++ src/sys/netinet/ip_input.c Mon Feb 5 14:52:42 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.369 2018/02/05 14:23:38 maxv Exp $ */ +/* $NetBSD: ip_input.c,v 1.370 2018/02/05 14:52:42 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.369 2018/02/05 14:23:38 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.370 2018/02/05 14:52:42 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -153,47 +153,34 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v #ifndef IPFORWARDING #ifdef GATEWAY #define IPFORWARDING 1 /* forward IP packets not for us */ -#else /* GATEWAY */ +#else #define IPFORWARDING 0 /* don't forward IP packets not for us */ -#endif /* GATEWAY */ -#endif /* IPFORWARDING */ -#ifndef IPSENDREDIRECTS -#define IPSENDREDIRECTS 1 #endif -#ifndef IPFORWSRCRT -#define IPFORWSRCRT 0 /* forward source-routed packets */ #endif -#ifndef IPALLOWSRCRT -#define IPALLOWSRCRT 0 /* allow source-routed packets */ -#endif -#ifndef IPMTUDISC -#define IPMTUDISC 1 + +#ifndef IPSENDREDIRECTS +#define IPSENDREDIRECTS 1 #endif + #ifndef IPMTUDISCTIMEOUT #define IPMTUDISCTIMEOUT (10 * 60) /* as per RFC 1191 */ #endif -/* - * Note: DIRECTED_BROADCAST is handled this way so that previous - * configuration using this option will Just Work. - */ -#ifndef IPDIRECTEDBCAST #ifdef DIRECTED_BROADCAST #define IPDIRECTEDBCAST 1 #else #define IPDIRECTEDBCAST 0 -#endif /* DIRECTED_BROADCAST */ -#endif /* IPDIRECTEDBCAST */ -int ipforwarding = IPFORWARDING; -int ipsendredirects = IPSENDREDIRECTS; -int ip_defttl = IPDEFTTL; -int ip_forwsrcrt = IPFORWSRCRT; -int ip_directedbcast = IPDIRECTEDBCAST; -int ip_allowsrcrt = IPALLOWSRCRT; -int ip_mtudisc = IPMTUDISC; -int ip_mtudisc_timeout = IPMTUDISCTIMEOUT; +#endif -int ip_do_randomid = 0; +int ipforwarding = IPFORWARDING; +int ipsendredirects = IPSENDREDIRECTS; +int ip_defttl = IPDEFTTL; +int ip_forwsrcrt = 0; +int ip_directedbcast = IPDIRECTEDBCAST; +int ip_allowsrcrt = 0; +int ip_mtudisc = 1; +int ip_mtudisc_timeout = IPMTUDISCTIMEOUT; +int ip_do_randomid = 0; /* * XXX - Setting ip_checkinterface mostly implements the receive side of
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Mon Feb 5 14:23:38 UTC 2018 Modified Files: src/sys/netinet: ip_input.c Log Message: Be tougher, and don't allow LSRR+SSRR (RFC7126). To generate a diff of this commit: cvs rdiff -u -r1.368 -r1.369 src/sys/netinet/ip_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_input.c diff -u src/sys/netinet/ip_input.c:1.368 src/sys/netinet/ip_input.c:1.369 --- src/sys/netinet/ip_input.c:1.368 Mon Feb 5 13:52:39 2018 +++ src/sys/netinet/ip_input.c Mon Feb 5 14:23:38 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.368 2018/02/05 13:52:39 maxv Exp $ */ +/* $NetBSD: ip_input.c,v 1.369 2018/02/05 14:23:38 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.368 2018/02/05 13:52:39 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.369 2018/02/05 14:23:38 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -873,14 +873,13 @@ ip_dooptions(struct mbuf *m) struct ip_timestamp *ipt; struct in_ifaddr *ia; int opt, optlen, cnt, off, code, type = ICMP_PARAMPROB, forward = 0; - int lsrr_present, ssrr_present, rr_present, ts_present; + int srr_present, rr_present, ts_present; struct in_addr dst; n_time ntime; struct ifaddr *ifa = NULL; int s; - lsrr_present = 0; - ssrr_present = 0; + srr_present = 0; rr_present = 0; ts_present = 0; @@ -931,16 +930,9 @@ ip_dooptions(struct mbuf *m) code = ICMP_UNREACH_NET_PROHIB; goto bad; } - if (opt == IPOPT_LSRR) { -if (lsrr_present++) { - code = &cp[IPOPT_OPTVAL] - (u_char *)ip; - goto bad; -} - } else { -if (ssrr_present++) { - code = &cp[IPOPT_OPTVAL] - (u_char *)ip; - goto bad; -} + if (srr_present++) { +code = &cp[IPOPT_OPTVAL] - (u_char *)ip; +goto bad; } if (optlen < IPOPT_OFFSET + sizeof(*cp)) { code = &cp[IPOPT_OLEN] - (u_char *)ip;