| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement RFC 4191 by handling received Router Adverisement (RA)
packets with route information option.
For default routes, use the route information's lifetime and
preference to overwrite the RA's lifetime/preference.
Also install and update more-specific route prefixes with the
option's lifetime and expire them when their lifetime elapses.
PR: 263982
Reviewed by: markj
Tested by: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D55449
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a FIB does not have a router configured, X_ip_mforward() would leak a
lock. Plug the leak.
The IPv6 counterpart did not have such a check. It wouldn't send an
upcall to a non-existent router anyway due to the router_ver check, but
we should verify that a router is present anyway.
Add regression test cases to exercise these code paths.
Reported by: Claude Opus 4.6
Fixes: 0bb9c2b665d9 ("ip6_mroute: FIBify")
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
|
| |
|
|
|
|
| |
Allow to be passed with already unconnected inpcb.
Fixes: 4fadf2466468dd6dcb6cf9e3739ed696a18c1bb4
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
`ip_tryforward()` and `ip6_tryforward()` checks whether the destination
address is local or not without considering if it belongs to the current FIB.
If the destination is local but not in our FIB, forward it instead
of returning it to ip_input().
PR: 292319
Reviewed by: zlei
MFC after: 1 week
MFC to: stable/15
Differential Revision: https://reviews.freebsd.org/D56353
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The logic of clearing local address at the protocol level makes sense. It
is feature of UDP, not of any protocol, that local address is cleared on
disconnect. This code can be tracked down to pre-FreeBSD times.
For example, for TCP we want a disconnected socket to return previously
used local address with getsockname(2). The TCP has successfully evaded
that by not calling in_pcbdisconnect() and calling in_pcbdetach() in the
very old code and in_pcbdrop() later. After D55661 TCP again has this
potential bug masked. Better make it right than rely on such
unintentional evasions.
The raw IP sockets don't use in_pcbdisconnect(), but they are going to in
the near future. If in_pcbdisconnect() clears local address for them,
that would be a larger bug than just getsockname(). A raw socket may be
bound with bind(2) and then connect(2)ed, and then disconnected, e.g.
connect(INADDR_ANY). And when we run raw IP socket through
in_pcbdisconnect() we don't want to lose local address.
This reverts D38362.
This reverts commit 2589ec0f365777faacf36bd1eb24706538836b17.
Reviewed by: rrs, markj
Differential Revision: https://reviews.freebsd.org/D56170
|
| |
|
|
|
| |
Reviewed by: pouria, rrs, markj
Differential Revision: https://reviews.freebsd.org/D55972
|
| |
|
|
|
| |
Reviewed by: pouria, rrs, markj
Differential Revision: https://reviews.freebsd.org/D55971
|
| |
|
|
|
| |
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D55970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The inpcb flag INP_DROPPED served two purposes.
It was used by TCP and subsystems running on top of TCP as a flag that
marks a connection that is now in TCPS_CLOSED, but was in some other state
before (not a new-born connection). Create a new TCP flag TF_DISCONNECTED
for this purpose.
The in_pcbdrop() was a TCP's version of in_pcbdisconnect() that also sets
INP_DROPPED. Use in_pcbdisconnect() instead.
Second purpose of INP_DROPPED was a negative lookup mask in
inp_smr_lock(), as SMR-protected lookup may see inpcbs that had been
removed from the hash. We already have had INP_INHASHLIST that marks
inpcb that is in hash. Convert it into INP_UNCONNECTED with the opposite
meaning. This allows to combine it with INP_FREED for the negative lookup
mask.
The Chelsio/ToE and kTLS changes are done with some style refactoring,
like moving inp/tp assignments up and using macros for that. However, no
deep thinking was taken to check if those checks are really needed, it
could be that some are not.
Reviewed by: rrs
Differential Revision: https://reviews.freebsd.org/D56186
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The INP_DROPPED is going to become an internal flag for inpcb. As of now
it means a TCP pcb that is in TCPS_CLOSED. There is nothing wrong with
calling setsockopt(2) on such socket, although has no practical use.
This deletes a piece of code from 56713d16a06c5 / D16201. There is no
description of the panic fixed, but I will speculate that the panic was
about in6p->in6p_outputopts being NULL as the inpcb already went through
in_pcbfree_deferred(). This also can be related to compressed TIME-WAIT,
that is also gone now.
With current locking this shouldn't be possible. An inpcb goes through
in_pcbfree() only with pr_detach method, which is called from sofree(),
and the latter is called on losing the very last socket reference. So, at
the point when in_pcbfree() is called, the socket has lost its file
descriptor reference and there can not be any running setsockopt() on it.
Leave the call to ip6_pcbopt() still embraced with INP_WLOCK(), since we
are modifying inpcb contents.
NB: the IPv6 setsockopt(2) definitely has room for improvement. Several
memory allocations should be moved out of lock and made M_WAITOK.
Covering large piece of setsockopt(2) code with epoch(9) just because
ip6_setpktopts() calls ifnet_byindex() isn't correct either.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56169
|
| |
|
|
|
|
|
| |
Should be no functional change.
Reviewed by: pouria, markj
Differential Revision: https://reviews.freebsd.org/D55968
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The iteration over all pcbs is possible without the global list. The
newborn inpcbs are put on a global list of unconnected inpcbs, then after
connect(2) or bind(2) they move to respective hash slot list.
This adds a bit of complexity to inp_next(), but the storage scheme is
actually simplified.
One potential problem before this change was that a couple of pcbs fall
into the same hash slot and are linked A->B there, but they also sit next
to each other in the global list, linked as B->A. This can deadlock of
course. The problem was never observed in the wild, but I was able to
instrument it with lots of effort: just few pcbs in the system, hash size
reduced down to 2 and a lot of repetitive calls into two kinds of
iterators.
However the main motivation is not the above problem, but make a step
towards splitting the big hash lock into per-slot locks.
Differential Revision: https://reviews.freebsd.org/D55967
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The protocols marked with PR_CONNREQUIRED can never go through pr_connect
after being disconnected. This is a tiny improvement of fdb987bebddf0.
While here push clearing of the addresses under the same condition.
Although this clearing originates from pre-FreeBSD times, it actually
makes sense only for protocols that can reconnect.
Reviewed by: pouria, markj
Differential Revision: https://reviews.freebsd.org/D55661
|
| |
|
|
|
|
|
|
|
| |
Functional change is that on destruction INVARIANTS checks will run. Also
the mask is no longer hardcoded, so makes it easier to make hash size a
tunable.
Reviewed by: ae
Differential Revision: https://reviews.freebsd.org/D56176
|
| |
|
|
|
|
|
| |
While here remove ipi_lbgrouphashmask, as it is always has the same value
as ipi_porthashmask.
Differential Revision: https://reviews.freebsd.org/D56174
|
| |
|
|
|
|
|
|
|
|
|
| |
The draft-ietf-6man-ipv6only-flag has been obsoleted by RFC 8925.
Remove the EXPERIMENTAL compile option from the kernel and remove
DRAFT_IETF_6MAN_IPV6ONLY_FLAG from userland.
This compile option was not enabled by default.
Also regenerate src.conf.5.
Reviewed by: bz
Differential Revision: https://reviews.freebsd.org/D56228
|
| |
|
|
|
|
|
|
|
|
|
| |
Commit a223d6c489c7 made most of the ip6_mroute state per-VNET, but
failed to do this for a couple of counter structures. Make them
per-VNET too.
Reported by: zlei
Reviewed by: pouria, zlei
Fixes: a223d6c489c7 ("ip6_mroute: Start putting global variables into a structure")
Differential Revision: https://reviews.freebsd.org/D56253
|
| |
|
|
|
|
|
|
|
| |
The recent FIBify commits deref struct thread without including
sys/proc.h, which can result in a compiler error. This becomes
apparent when building with LINT-NOVIMAGE, as net/vnet.h includes
sys/proc.h. Fix this by directly including sys/proc.h
Fixes: 4c486fe40267 ("ip_mroute: FIBify"), 0bb9c2b665d9 ("ip6_mroute: FIBify")
|
| |
|
|
|
|
|
|
|
|
| |
Delayed proxy addresses need special handling, since
they can use link-local ifa as their source address and
have different link-layer data in their response.
Fixes: f37fbe30f559
Reviewed by: glebius, markj
Differential Revision: https://reviews.freebsd.org/D55850
|
| |
|
|
|
|
|
| |
No functional change since apparently it's fine to compute the size of
a pointer type when the base type is undefined.
Fixes: 0bb9c2b665d9 ("ip6_mroute: FIBify")
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When an interface goes away we need to make sure the v6 multicast
routing tables don't carry any dangling references to the ifnet. The v4
code handles this already. Copy the approach there and use an
eventhandler to purge the corresponding MIF, if one exists, and further
go through all routes in the FIB and remove references to the interface.
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55246
|
| |
|
|
|
|
|
|
|
|
| |
There's no need to pass a pointer to the interface number. No
functional change intended.
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55245
|
| |
|
|
|
|
|
| |
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55243
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Modify the control plane (ioctl and socket option handlers) to use the
routing socket FIB to index into the mfctable array. Modify the
forwarding plane to use the mbuf's FIB to determine which routing table
to use.
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55242
|
| |
|
|
|
|
|
|
|
|
| |
Use the new rtnumfibs_change event to expand the mfctable array when the
number of FIBs increases.
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55240
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
As in the IPv4 version of this change, I added a struct mf6ctable
structure which holds all global routing table state, soon to become
per-FIB state.
Note that much of the v6 multicast routing code was not VNETified; this
change fixes that too.
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55238
|
| |
|
|
|
|
|
|
|
|
|
| |
The ROUTE_MPATH compile option was introduced to
test the new multipath implementation.
Since compiling it has no overhead and it's enabled
by default, remove it.
Reviewed by: melifaro, markj
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D55884
|
| |
|
|
|
|
|
| |
This patch reduces the number of witness warnings during ifmcstat(8) calls.
Reviewed by: glebius, zlei
Differential Revision: https://reviews.freebsd.org/D56052
|
| |
|
|
|
|
|
|
| |
IPv4-compatible IPv6 addresses are deprecated by RFC 4291.
No functional change intended.
Reviewed by: glebius, emaste
Differential Revision: https://reviews.freebsd.org/D55387
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Multiple delayed NAs on the same ifa can occur simultaneously.
Therefore:
* Differentiate between GRAND and solicited replies.
* Cancel previous pending GRAND NA for same ifa.
* Reuse ndq memory for GRAND.
* Free non-GRAND replies immediately.
* Don't limit non-GRAND NAs.
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D55905
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Update ECN tunneling functions from obsolete RFC 3168 to
newer RFC 6040.
Also, add ECN_COMPLETE to support dangerous packet reporting
without causing extra costs to existing caller functions.
Finally, return values are specified as macro to reduce
confusion, considering extra return values for ECN_WARN
and ECN_ALARM were added.
Reviewed By: glebius, tuexen
Differential Revision: https://reviews.freebsd.org/D53516
|
| |
|
|
|
|
|
|
| |
During link-layer address change event, don't send unsolicited
NA for multicast addresses.
Reviewed by: adrian, zlei
Differential Revision: https://reviews.freebsd.org/D55885
|
| | |
|
| |
|
|
|
|
| |
Reviewed by: glebius
Fixes: 7f3b46fe54f1 ("ndp: Add support for Gratuitous...")
Differential Revision: https://reviews.freebsd.org/D55844
|
| |
|
|
|
| |
PR: 293777
Fixes: f37fbe30f559 ("ndp: implement delayed ...")
|
| |
|
|
|
| |
Reviewed by: bms
Differential Revision: https://reviews.freebsd.org/D55141
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RFC4291 section 2.5.2:
The unspecified address must not be used as the destination address
of IPv6 packets or in IPv6 Routing headers. An IPv6 packet with a
source address of unspecified must never be forwarded by an IPv6
router.
We disallowed connections to IN6ADDR_ANY by default, as of commit
627e126dbb07 ("netinet6: Disallow connections to IN6ADDR_ANY"). As this
is actually disallowed by the RFC, just remove the support.
Reported by: bz (in D54306)
Reviewed by: bz, glebius
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54942
|
| |
|
|
|
|
|
|
| |
`nd6_ra_input()` is simplied to make it easier to add
additional options.
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D55267
|
| |
|
|
|
|
|
|
|
|
| |
Implement RFC 4861 Section 7.2.6 and RFC 9131, which is also
address one of the IPv6 deployment issues in RFC 9898 Section 3.9.
GRAND should be triggered by a change in link-layer address of interface
or by configuration of a new global ipv6 address after DAD completes.
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D55015
|
| |
|
|
|
|
|
|
|
| |
release the refcount of link-local prefix information to ensure
it gets freed when the address is deleted.
Reviewed By: zlei, ivy
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D55593
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When icmp6 sends an ICMPv6 message, it reuses the mbuf of the packet
that triggered the ICMPv6 message and prepends an IPv6 and ICMPv6
header. For a locally generated packet with checksum offloading, the
mbuf still has csum_flags set indicating that a SCTP/TCP/UDP checksum
has to be computed and inserted. Since this not the case anymore,
csum_flags need to be cleared.
PR: 293227
Reviewed by: kp, zlei, tuexen
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D55367
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is a non-functional change; it just returns the correct errno value
where IPv6 multicast socket options were passed non-AF_INET6 arguments,
in preparation for handling PR 193246 with a side-call into netinet as
xnu currently does.
Reviewed by: glebius
Approved by: glebius
PR: 193246 (with refinements)
Differential revision: https://reviews.freebsd.org/D55233
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I have some patches which make ip_mroute and ip6_mroute multi-FIB-aware.
This enables running per-FIB routing daemons, each of which has a
separate routing socket.
Several places in the network stack check whether multicast routing is
configured by checking whether the multicast routing socket is non-NULL.
This doesn't directly translate in my proposed scheme, as each FIB would
have its own socket. I'd like to modify the ip(6)_mroute code to store
all state, including the socket, in a per-FIB structure. So, take a
step towards that and 1) hide the socket, 2) add a boolean flag which
indicates whether a multicast router is registered.
Reviewed by: pouria, zlei, glebius, adrian
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55236
|
| |
|
|
|
| |
MFC after: 1 week
Reported by: Ian FREISLICH <ianfreislich@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Deal with the mifi >= nummifs case early so that we can de-indent the
rest of the code. This also ensures that the debug log (compiled out by
default) doesn't perform an out-of-bounds access.
Remove a bogus NULL test in an inner loop while here.
No functional change intended.
Reviewed by: glebius
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55059
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ip_mroute and ip6_mroute modules hook into the network stack via
several function pointers. Declarations for these pointers are
scattered around several headers. Put them all in the same place,
ip(6)_mroute.h.
No functional change intended.
Reviewed by: glebius
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55058
|
| |
|
|
|
|
|
|
|
|
|
| |
This change switches to using RFC 7217 algorithm as the default to
generate SLAAC addresses for IPv6 interfaces configured with
accept_rtadv.
Reviewed by: pouria, glebius, zlei
Approved by: zlei
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D55138
|
| |
|
|
|
|
|
|
| |
Reported by: pouria
Reviewed by: pouria, ziaee, glebius
Approved by: glebius
Fixes: 31ec8b6407fdd5a87d70265762457c67ce618283
Differential Revision: https://reviews.freebsd.org/D55136
|
| |
|
|
|
|
|
|
|
|
| |
ifnets already track if_allmulti() calls in the if_amcount field. That
field is older than the comment, so I'm not exactly sure what the intent
was; let's just remove it.
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
|
