src/sys/netinet, branch release/10.1.0

MFC10 r273275 (r273168 in head):

2014-10-20T05:17:16Z

Fix the reported streams in a SCTP_STREAM_RESET_EVENT, if a sent incoming stream reset request was responded with failed or denied. Thanks to Peter Bostroem from Google for reporting the issue. Approved by: re (hrs) Sponsored 2y:

MFS r272855, 266846:

2014-10-16T22:00:24Z

- Do not override sin6_scope_id in LLA when it is already set to non-zero. This fixes destination list in output of netstat -r. - Plug a memory leak. - Add RTM_VERSION check. - Fix a bug which can make sysctl() fail when -F is specified. - Increase WID_IF_DEFAULT() from 6 to 8 (the default for AF_INET6) because we have interfaces with longer names than 6 chars like epairN{a,b}. - Style fixes. MFS r272847: - Add rwlock to struct dadq. A panic could occur when a large number of addresses performed DAD at the same time. MFS r272850: - Replace Sun RPC license in TI-RPC library with a 3-clause BSD license, with the explicit permission of Sun Microsystems in 2009. - Replace Sun Industry Standards Source License for Sun RPC code with a 3-clause BSD license as specified by Oracle America, Inc. in 2010. This license change was approved by Wim Coekaerts, Senior Vice President, Linux and Virtualization at Oracle Corporation. - Replace Sun RPC license with a 3-clause BSD license. This license change was approved in 2010 by Wim Coekaerts, Senior Vice President, Linux and Virtualization at Oracle Corporation. - Replace Sun RPC license for TI-RPC library with a 3-clause BSD license, with the explicit permission of Sun Microsystems in 2009. The code in question in this file was copied from lib/libc/rpc/pmap_getport.c. MFS r272852,r272853: - Add relative specification in expiration time. - Add proto3 option for RTF_PROTO3. - Use %lu for members of struct rt_metrics. - Use long explicitly for the time difference. MFS r272854: - Return 0 if: 1. "-u N" specified, no -f, and mdN found, 2. no -u, "-f /pathname" specified, and mdN associated with /pathname found, 3. "-u N" specified, "-f /pathname" specified, and both of them found, 4. "-l" specified and no -f, 5. "-l" specified, "-f /pathname" specified, and /pathname found. otherwise return -1. MFS r272856: - Move configuration of IPv6 NDP flags to a point before handling ifconfig_IF. This fixes a race that a non-IPv4 interface can get an EUI64 LLA even if it has IFDISABLED nd6 flag at boot time. MFS r272857: - Cancel DAD for an ifa when the ifp has ND6_IFF_IFDISABLED as early as possible and do not clear IN6_IFF_TENTATIVE. If IFDISABLED was accidentally set after a DAD started, TENTATIVE could be cleared because no NA was received due to IFDISABLED, and as a result it could prevent DAD when manually clearing IFDISABLED after that. MFS r272858: - Fix an issue in range specification handling when a "-foo" is specified in ifconfig_IF_aliasN. MFS r272859: - Fix EtherIP. TOS field must be initialized when the inner protocol is PF_LINK, and multicast/broadcast flag should always be dropped because the outer protocol uses unicast even when the inner address is not for unicast. It had been broken since r236951 when gif_output() started to use IFQ_HANDOFF(). MFS r272860: - Recover sin6_scope_id of gateway addresses in riprecv() by using the if_index where a RIP packet was received. This fixes a bug which prevented gateway addresses in fe80::/64 from being added. MFS r272861: - Fix rc.d/gssd script to define the default values in a standard way. - Use a parameter argument in jls(8) instead of doing grep. MFS r272862, r272870: - Restructure rc.d scripts for kerberos5 daemons. MFS r272863: - Return false status only when adding a route is failed. It could erroneously return false due to an afexists() check loop in routing_start(). MFS r272864: - Use ipv6_prefer when at least one ifconfig_IF_ipv6 is configured. MFS r272865: - Fix a bug which prevented mount.fstab parameter from being converted when jail_JID_devfs_enable=NO. MFS r272866: - Fix header output when -P is specified and (ncpus - 1) != maxid. MFS r272867: - Fix a bug which could break extended attributes in a dump output. This occurred when a file was >892kB long and had a large data (>1kB) in the extended attributes. MFS r272868, r272869: - Make net.inet.ip.sourceroute, net.inet.ip.accept_sourceroute, and net.inet.ip.process_options vnet-aware. MFS r272871: - Revert changes in r269180. It could cause -c N option to enter an infinite loop if no reply packet is received. MFS r272874: - Resurrect set_rcvar() as a function to define a rc.conf variable. It defines a variable and its default value in load_rc_config() just after rc.conf is loaded. "rcvar" command shows the current and the default values. MFS r272960: - Do not add late flag when file= is specified because it has a bad side-effect. The specified file should exist before the fstab line. Approved by: re (gjb)

MF10 r273000 (r272750 in head)

2014-10-14T19:38:31Z

Ensure that the number of stream reported in srs_number_streams is consistent with the amount of data provided in the SCTP_RESET_STREAMS socket option. Thanks to Peter Bostroem from Google for drawing my attention to this part of the code. MF10 r273001 (r272751 in head): Ensure that the list of streams sent in a stream reset parameter fits in an mbuf-cluster. Thanks to Peter Bostroem for drawing my attention to this part of the code. MF10 r273002 (r272841 in head): Ensure that the flags field of sctp_tmit_chunks is initialized. Thanks to Peter Bostroem from Google for reporting the issue. Approved by: re (marius)

MFC r272627:

2014-10-12T17:07:15Z

Checksum coverage values larger than 65535 for UDPLite are invalid. Check for this when the user calls setsockopt using UDPLITE_{SEND,RECV}CSCOV. MFC r272628: When plen != ulen, it should only be checked when this is UDP. MFC r272645: If the checksum coverage field in the UDPLITE header is the length of the complete UDPLITE packet, the packet has full checksum coverage. So fix the condition. MFC r272660: UDPLite requires a checksum. Therefore, discard a received packet if the checksum is 0. MFC r272661: The default for UDPLITE_RECV_CSCOV is zero. RFC 3828 recommend that this means full checksum coverage for received packets. If an application is willing to accept packets with partial coverage, it is expected to use the socket option and provide the minimum coverage it accepts. MFC r272662: Fix the checksum computation for UDPLite/IPv6. This requires the usage of a function computing the checksum only over a part of the function. Therefore introduce in6_cksum_partial() and implement in6_cksum() based on that. While there, ensure that the UDPLite packet contains at least enough bytes to contain the header. MFC r272663: Check for UDP/IPv6 packets that the length in the UDP header is at least the minimum. Make the check similar to the one for UDPLite/IPv6. MFC r272664: UDP/IPv6 and UDPLite/IPv6 require a checksum. So check for it. MFC r272754: Fix a bug introduced in https://svnweb.freebsd.org/base?view=revision&revision=272347 Approved by: re (gjb)

MFC r271643:

2014-09-18T09:49:49Z

Chunk IDs are 8 bit entities, not 16 bit. Thanks to Peter Kasting from Google for drawing my attention to it. MFC r271665: The MTU is handled as a 32-bit entity within the SCTP stack. This was reported by Peter Kasting from Google. MFC r271670: Make a type conversion explicit. When compiling this code on Windows as part of the SCTP userland stack, this fixes a warning reported by Peter Kasting from Google. MFC r271672: Small cleanup which addresses a warning regaring the truncation of a 64-bit entity to a 32-bit entity. This issue was reported by Peter Kasting from Google. MFC r271673: Use a consistent type for the number of HMAC algorithms. This fixes a bug which resulted in a warning on the userland stack, when compiled on Windows. Thanks to Peter Kasting from Google for reporting the issue and provinding a potential fix. MFC r271674: Add a explict cast to silence a warning when building the userland stack on Windows. This issue was reported by Peter Kasting from Google. Approved by: re (kib)

MFC r270673:

2014-09-18T08:58:22Z

Announce SCTP support in the kern.features sysctl variables. MFC r270859: Enable SCTP support. It runs perfectly fine on a Wandboard quad. MFC r271204 with manual intervention: Fix the handling of sysctl variables when used with VIMAGE. While there do some cleanup of the code. MFC r271209: Fix a leak of an address, if the address is scheduled for removal and the stack is torn down. Thanks to Peter Bostroem and Jiayang Liu from Google for reporting the issue. MFC r271219: Use SYSCTL_PROC instead of SYSCTL_VNET_PROC. Suggested by: glebius@ MFC r271221: Use union sctp_sockstore instead of struct sockaddr_storage. This eliminates some warnings when building in userland. Thanks to Patrick Laimbock for reporting this issue. Remove also some unnecessary casts. There should be no functional change. MFC r271228: Address another warnings reported by Patrick Laimbock when compiling in userspace. While there, improve consistency. MFC r271230: Address warnings generated by the clang analyzer. Approved by: re (kib)

MFC r270160:

2014-09-16T21:26:24Z

Destroy the "qdiffsample_zone" UMA zone on unload to avoid a use-after-unload panic easily triggered by running "sysctl -a" after unload. Reported and tested by: Grenville Armitage Approved by: re(gjb)

Fix Denial of Service in TCP packet processing.

2014-09-16T09:48:35Z

Security: FreeBSD-SA-14:19.tcp Approved by: re (implicit, security advisory)

MFC r269777:

2014-08-27T14:07:24Z

Fix string length argument passed to "sysctl_handle_string()" so that the complete string is returned by the function and not just only one byte. PR: 192544

Remove debug output which was comitted by accident.

2014-08-22T20:36:45Z

This is a direct commit to stable/10.