FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=release%2F13.2.0 2023-02-02T00:01:43Z 2023-02-02T00:01:43Z Michael Tuexen tuexen@FreeBSD.org 2022-11-15T20:05:02Z urn:sha1:39844782bf1e648fa85eec40484af4d221d45fa8 In case of a paritial chunk only pretend the result is OK if the packet is not the last fragment and there is a valid association. PR: 267476 (cherry picked from commit 9a714376212ec1685fdc4cf254f2136a07ae6d2c) 2022-11-09T22:17:35Z Richard Scheffenegger rscheff@FreeBSD.org 2022-11-09T09:54:34Z urn:sha1:02751c6321ad351c52db191f57ff496653e6399e The NAT module use of the tcphdr.th_x2 field now collides with the use of this TCP header flag as AccECN (AE) bit. Use the topmost bit instead to allow negotiation of AccECN across a NAT device. Event: IETF 115 Hackathon Reviewed By: #transport, tuexen MFC after: 3 days Approved by: re (gjb, early-MFC) Sponsored by: NetApp, Inc. Differential Revision: https://reviews.freebsd.org/D37300 (cherry picked from commit 0b00b801493aa1d4996b0891ea58fbef343f85df) 2022-04-14T06:04:17Z Gordon Bergling gbe@FreeBSD.org 2022-04-09T06:54:56Z urn:sha1:d2c483caa3757752c391039eb5f9fcf5b89911f0 - s/modfied/modified/ (cherry picked from commit 1cfd924f4e7ca3dc742905aaf5d828a21ad88191) 2022-01-09T22:04:56Z Maxim Sobolev sobomax@FreeBSD.org 2021-10-07T20:41:40Z urn:sha1:ec746e61957840dd26adec945581e66c1b007e99 Consider IP_MF flag when checking length of the UDP packet to match the declared value. Sponsored by: Sippy Software, Inc. Differential Revision: https://reviews.freebsd.org/D32363 MFC after: 2 weeks (cherry picked from commit 461e6f23db3b9794e6af88b381b066a2c0463d1c) 2021-07-14T11:49:21Z Stefan Eßer se@FreeBSD.org 2021-07-10T11:00:56Z urn:sha1:791035c8da5e8a693b3b954db67ff50b4f8695cb The packet_limit can fall to 0, leading to a divide by zero abort in the "packets % packet_limit". An possible solution would be to apply a lower limit of 1 after the calculation of packet_limit, but since any number modulo 1 gives 0, the more efficient solution is to skip the modulo operation for packet_limit <= 1. Reported by: Karl Denninger <karl@denninger.net> (cherry picked from commit 58080fbca09fda6d5f011d37059edbca8ceb4c58) 2021-07-06T06:55:53Z Lutz Donnerhacke donner@FreeBSD.org 2021-05-27T21:42:54Z urn:sha1:3a96a25da8614d27f717ba8d29d32bafb04a70e8 Current data structure is using a hash of unordered lists. Those unordered lists are quite efficient, because the least recently inserted entries are most likely to be used again. In order to avoid long search times in other cases, the lists are hashed into many buckets. Unfortunatly a search for a miss needs an exhaustive inspection and a careful definition of the hash. Splay trees offer a similar feature - almost O(1) for access of the least recently used entries), and amortized O(ln(n) - for almost all other cases. Get rid of the hash. Now the data structure should able to quickly react to external packets without eating CPU cycles for breakfast, preventing a DoS. PR: 192888 Discussed with: Dimitry Luhtionov Differential Revision: https://reviews.freebsd.org/D30516 Differential Revision: https://reviews.freebsd.org/D30536 Differential Revision: https://reviews.freebsd.org/D30844 (cherry picked from commit 935fc93af157dee352eb4b6c83f8a2a9e7fd9a4e) (cherry picked from commit d261e57deacb0d00d9e827447f235df83dda3e3a) (cherry picked from commit f70c98a2f5d993dc518efd606aa341eda99400ef) (cherry picked from commit 25392fac9488bcae5c451500df2e2945430484a6) (cherry picked from commit 2f4d91f9cb22fc65eb65407e8118b433a5d71976) (cherry picked from commit 4060e77f49d1b9fd2254f3f4da94fd64fce83f72) 2021-07-06T06:55:53Z Lutz Donnerhacke donner@FreeBSD.org 2021-05-25T13:03:34Z urn:sha1:78d515b2225ea33aed2d2dc5976ccf4f44cc6a3c Clean up the database handling in order to switch to more efficient data structures. The development of this patch was artificially split in to many small steps to ease reviewing. - Common search terms - Separate fully qualified search - Separate table for partial links - Cleanup _FindLinkIn - Factor out the outgoing search function - Factor out a common idiom to return found links - Reorder incoming links by grouping of common search terms - Remove LSNAT from outgoing search - Group internal structure semantically - Separate table for PPTP - Use AliasRange instead of PORT_BASE - Remove temporary state deleteAllLinks from global struct - Avoid uninitialized expiration Discussed with: Dimitry Luhtionov Differential Revision: https://reviews.freebsd.org/D30568 Differential Revision: https://reviews.freebsd.org/D30569 Differential Revision: https://reviews.freebsd.org/D30570 Differential Revision: https://reviews.freebsd.org/D30571 Differential Revision: https://reviews.freebsd.org/D30572 Differential Revision: https://reviews.freebsd.org/D30573 Differential Revision: https://reviews.freebsd.org/D30574 Differential Revision: https://reviews.freebsd.org/D30575 Differential Revision: https://reviews.freebsd.org/D30580 Differential Revision: https://reviews.freebsd.org/D30581 Differential Revision: https://reviews.freebsd.org/D30604 Differential Revision: https://reviews.freebsd.org/D30582 (cherry picked from commit d41044ddfdbc2a026570cae11d5fc2e18f5e4b92) (cherry picked from commit 32f9c2ceb3ec8266e48ec0f6d1556fd98ef12db6) (cherry picked from commit cac129e6030095c33e95c5ce1cdcb9c5c21efce9) (cherry picked from commit 19dcc4f2250b3850991366e3058ca8a64b2f135d) (cherry picked from commit d5419034381d0e8e8c99f0f678118b197144bfff) (cherry picked from commit d4ab07d2aeb13b1aae9ad5d73e5fe77131f2350c) (cherry picked from commit 492d3b7109b45ff30fd199b7eeed797447746e42) (cherry picked from commit 7b44ff4c52ce9e7a89e772566a249e5481fe0ac4) (cherry picked from commit 1178dda53d10b096e0b99e356d15b7c24390e099) (cherry picked from commit 9efcad61d8309ecad3c15392b277fd329a1e45e4) (cherry picked from commit fe83900f9fa931e3d0942ec9c0709896b887c3d7) (cherry picked from commit d989935b5bcd880353f0de89eda958c45e7e3342) (cherry picked from commit b50a4dce185481bebf8096c27588ae04a4a2fd7c) (cherry picked from commit f28455344483310cfd1aa5c0bdd4d014810c0e32) 2021-07-06T06:55:53Z Lutz Donnerhacke donner@FreeBSD.org 2021-05-25T07:07:21Z urn:sha1:390866d47effe8f5a11f3f852ae891f14dd4d15c Summary: - Use LibAliasTime as a real global variable for central timekeeping. - Reduce number of syscalls in user space considerably. - Dynamically adjust the packet counters to match the second resolution. - Only check the first few packets after a time increase for expiry. Discussed with: hselasky Differential Revision: https://reviews.freebsd.org/D30566 (cherry picked from commit ef828d39be8e4b6d922db080ed41611702dec56d) 2021-07-06T06:55:52Z Lutz Donnerhacke donner@FreeBSD.org 2021-05-31T22:08:24Z urn:sha1:69965155a5c24c7794e61fc5a91ca3ba23468f50 Stats counters are used as unsigned valued (i.e. printf("%u")) but are defined as signed int. This causes trouble later, so fix it early. Differential Revision: https://reviews.freebsd.org/D30587 (cherry picked from commit 3fd20a79e7b55d135bbc5fa197980fe0e9ee0f14) 2021-07-06T06:55:52Z Lutz Donnerhacke donner@FreeBSD.org 2021-05-15T15:35:36Z urn:sha1:3423d44cd152da8e55763f5c6a8b88070316f8e4 Replace current expensive, but sparsly called housekeeping by a single, repetive action. This is part of a larger restructure of libalias in order to switch to more efficient data structures. The whole restructure process is split into 15 reviews to ease reviewing. All those steps will be squashed into a single commit for MFC in order to hide the intermediate states from production systems. Reviewed by: hselasky Differential Revision: https://reviews.freebsd.org/D30277 (cherry picked from commit 294799c6b081faece556a5010a4f51552e131c2f)