| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
IPv4-compatible IPv6 addresses are deprecated by RFC 4291.
No functional change intended.
Reviewed by: glebius, emaste
Differential Revision: https://reviews.freebsd.org/D55387
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Multiple delayed NAs on the same ifa can occur simultaneously.
Therefore:
* Differentiate between GRAND and solicited replies.
* Cancel previous pending GRAND NA for same ifa.
* Reuse ndq memory for GRAND.
* Free non-GRAND replies immediately.
* Don't limit non-GRAND NAs.
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D55905
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Update ECN tunneling functions from obsolete RFC 3168 to
newer RFC 6040.
Also, add ECN_COMPLETE to support dangerous packet reporting
without causing extra costs to existing caller functions.
Finally, return values are specified as macro to reduce
confusion, considering extra return values for ECN_WARN
and ECN_ALARM were added.
Reviewed By: glebius, tuexen
Differential Revision: https://reviews.freebsd.org/D53516
|
| |
|
|
|
|
|
|
| |
During link-layer address change event, don't send unsolicited
NA for multicast addresses.
Reviewed by: adrian, zlei
Differential Revision: https://reviews.freebsd.org/D55885
|
| | |
|
| |
|
|
|
|
| |
Reviewed by: glebius
Fixes: 7f3b46fe54f1 ("ndp: Add support for Gratuitous...")
Differential Revision: https://reviews.freebsd.org/D55844
|
| |
|
|
|
| |
PR: 293777
Fixes: f37fbe30f559 ("ndp: implement delayed ...")
|
| |
|
|
|
| |
Reviewed by: bms
Differential Revision: https://reviews.freebsd.org/D55141
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RFC4291 section 2.5.2:
The unspecified address must not be used as the destination address
of IPv6 packets or in IPv6 Routing headers. An IPv6 packet with a
source address of unspecified must never be forwarded by an IPv6
router.
We disallowed connections to IN6ADDR_ANY by default, as of commit
627e126dbb07 ("netinet6: Disallow connections to IN6ADDR_ANY"). As this
is actually disallowed by the RFC, just remove the support.
Reported by: bz (in D54306)
Reviewed by: bz, glebius
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54942
|
| |
|
|
|
|
|
|
| |
`nd6_ra_input()` is simplied to make it easier to add
additional options.
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D55267
|
| |
|
|
|
|
|
|
|
|
| |
Implement RFC 4861 Section 7.2.6 and RFC 9131, which is also
address one of the IPv6 deployment issues in RFC 9898 Section 3.9.
GRAND should be triggered by a change in link-layer address of interface
or by configuration of a new global ipv6 address after DAD completes.
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D55015
|
| |
|
|
|
|
|
|
|
| |
release the refcount of link-local prefix information to ensure
it gets freed when the address is deleted.
Reviewed By: zlei, ivy
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D55593
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When icmp6 sends an ICMPv6 message, it reuses the mbuf of the packet
that triggered the ICMPv6 message and prepends an IPv6 and ICMPv6
header. For a locally generated packet with checksum offloading, the
mbuf still has csum_flags set indicating that a SCTP/TCP/UDP checksum
has to be computed and inserted. Since this not the case anymore,
csum_flags need to be cleared.
PR: 293227
Reviewed by: kp, zlei, tuexen
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D55367
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is a non-functional change; it just returns the correct errno value
where IPv6 multicast socket options were passed non-AF_INET6 arguments,
in preparation for handling PR 193246 with a side-call into netinet as
xnu currently does.
Reviewed by: glebius
Approved by: glebius
PR: 193246 (with refinements)
Differential revision: https://reviews.freebsd.org/D55233
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I have some patches which make ip_mroute and ip6_mroute multi-FIB-aware.
This enables running per-FIB routing daemons, each of which has a
separate routing socket.
Several places in the network stack check whether multicast routing is
configured by checking whether the multicast routing socket is non-NULL.
This doesn't directly translate in my proposed scheme, as each FIB would
have its own socket. I'd like to modify the ip(6)_mroute code to store
all state, including the socket, in a per-FIB structure. So, take a
step towards that and 1) hide the socket, 2) add a boolean flag which
indicates whether a multicast router is registered.
Reviewed by: pouria, zlei, glebius, adrian
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55236
|
| |
|
|
|
| |
MFC after: 1 week
Reported by: Ian FREISLICH <ianfreislich@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Deal with the mifi >= nummifs case early so that we can de-indent the
rest of the code. This also ensures that the debug log (compiled out by
default) doesn't perform an out-of-bounds access.
Remove a bogus NULL test in an inner loop while here.
No functional change intended.
Reviewed by: glebius
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55059
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ip_mroute and ip6_mroute modules hook into the network stack via
several function pointers. Declarations for these pointers are
scattered around several headers. Put them all in the same place,
ip(6)_mroute.h.
No functional change intended.
Reviewed by: glebius
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55058
|
| |
|
|
|
|
|
|
|
|
|
| |
This change switches to using RFC 7217 algorithm as the default to
generate SLAAC addresses for IPv6 interfaces configured with
accept_rtadv.
Reviewed by: pouria, glebius, zlei
Approved by: zlei
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D55138
|
| |
|
|
|
|
|
|
| |
Reported by: pouria
Reviewed by: pouria, ziaee, glebius
Approved by: glebius
Fixes: 31ec8b6407fdd5a87d70265762457c67ce618283
Differential Revision: https://reviews.freebsd.org/D55136
|
| |
|
|
|
|
|
|
|
|
| |
ifnets already track if_allmulti() calls in the if_amcount field. That
field is older than the comment, so I'm not exactly sure what the intent
was; let's just remove it.
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
|
| |
|
|
|
|
|
|
| |
No functional change intended.
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
|
| |
|
|
|
|
| |
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
|
| |
|
|
|
|
|
|
|
|
|
| |
This is more natural and corresponds more closely to the v4 multicast
routing code. No functional change intended.
Reviewed by: glebius
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54983
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- The v6 socket option and ioctl handlers had no privilege checks at
all. The socket options, I believe, can only be reached via a raw
socket, but a jailed root user with a raw socket shouldn't be able to
configure multicast routing in a non-VNET jail. The ioctls can only
be used to fetch stats.
- Delete a bogus comment in X_mrt_ioctl(), one can issue multicast
routing ioctls against any socket. Note that the call path is
soo_ioctl()->rtioctl_fib()->mrt_ioctl().
I think all of the mroute privilege checks should be done within the
ip(6)_mroute code, but let's first make the v4 and v6 modules
consistent.
Reviewed by: glebius
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54982
|
| |
|
|
|
|
|
|
| |
No functional change intended.
MFC after: 1 week
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
|
| |
|
|
|
|
|
|
| |
No functional change intended.
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously connect() or sendto() to INADDR_ANY or IN6ADDR_ANY reached
some socket bound to some host interface address. Although this was
intentional it was an artifact of a different era, and is not desirable
now.
In 417b35a97b76 markj added support to disallow connect() to INADDR_ANY
and IN6ADDR_ANY. Connections to INADDR_ANY were disabled by default in
cd240957d7ba. Follow suit with IN6ADDR_ANY.
Reviewed by: glebius, markj, zlei
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54306
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Jumbo Payload option was intended to allow the deployment of IPv6 on
networks with a link MTU in excess of 65,735 octets.
Speaking to one of the authors of RFC2675 the networks which motivated
the Jumbo Payload option no longer exist.
FreeBSD does not currently support any links with this capacity and
discussion when this change was first proposed suggested that the loop
back interface had to be patched to test implementation.
As there are no known devices that can carry Jumbo Payloads remove
support.
Reviewed by: glebius, teuxen, kp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D19960
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is expected to fix the old in6_selecthlim() panics. The nature of
the panic is that a packet sending thread will obtain the struct ifnet
pointer locklessly and then pick the if_inet6 pointer from it and
dereference it. While the struct ifnet is freed via epoch_call(9), the
struct in6_ifextra until this change was not. For the forwarded packets,
or locally originated non-TCP packets we were probably safe due to the old
if_dead trick. But locally originated TCP packets may dereference
in6_ifextra via direct call into in6_selecthlim() from the tcp_output(),
before ip6_output().
NB: hypothetically a similar problem also applies to IPv4's if_inet pointer,
but there are no known panics, yet.
PR: 279653
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D54728
|
| |
|
|
|
|
|
| |
In mld_domifdetach() don't search the global list.
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D54727
|
| |
|
|
|
| |
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D54726
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stop using struct nd_ifinfo for that, because it is an API struct for
SIOCGIFINFO_IN6. The functional changes are isolated to the protocol
attach and detach: in6_ifarrival(), nd6_ifattach(), in6_ifdeparture(),
nd6_ifdetach(), as well as to the nd6_ioctl(), nd6_ra_input(),
nd6_slowtimo() and in6_ifmtu().
The dad_failures member was just renamed to match the rest. The M_IP6NDP
malloc(9) type declaration moved to files that actually use it.
The rest of the changes are mechanical substitution of double pointer
dereference via ND_IFINFO() to a single pointer dereference. This was
achieved with a sed(1) script:
s/ND_IFINFO\(([a-z0-9>_.-]+)\)->(flags|linkmtu|basereachable|reachable|retrans|chlim)/\1->if_inet6->nd_\2/g
s/nd_chlim/nd_curhoplimit/g
Reviewed by: tuexen, madpilot
Differential Revision: https://reviews.freebsd.org/D54725
|
| |
|
|
|
|
|
|
|
| |
There should be no functional change. If there are any performance
concerns with a function call, with the future changes, that would move
ND6 bits into in6_ifextra, this function would be easily inline-able.
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D54724
|
| |
|
|
|
| |
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D54723
|
| |
|
|
|
|
|
|
|
|
|
|
| |
There is no functional change here, but we'd like to emphasize that the
nd_ifinfo structure is not a actually a kernel ND6 software context,
despite being actively used like this way, but an API/ABI structure for
ioctl(2). This should prevent from a ABI breakages like in 31ec8b6407fd.
This also is a step towards stopping using it as a kernel software
context.
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D54722
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a jumbo payload option is added, the length of the mbuf chain is
increased by 8 but the actual hop-by-hop extension header with the
jumbo playload option is only inserted in the packet if there are
other options. Therefore, adjust optlen to reflect the actual size
of IPv6 extension headers including the hop-by-hop extension header
containing the jumbo payload option.
Reported by: syzbot+73fe316271df473230eb@syzkaller.appspotmail.com
Reviewed by: markj, Timo Voelker
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D54394
|
| |
|
|
|
|
| |
This ioctl has been marked as "old" starting with the original KAME export
over 20 years ago and has been hidden under #ifdef _KERNEL since. There
is no software that uses it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When one uses SIOCAIFADDR_IN6 to add a v6 address, it's possible to set
the preferred and valid lifetimes of the address. If the address
already exists, this ioctl will recalculate and update the expiry times
based on the provided timestamps.
When adding a new address, the lifetimes are inherited by the prefix as
well, but only if we create a new prefix. If the prefix already exists,
as it will in the case where an address is being updated rather than
being added, we do not touch the prefix lifetimes at all. This means
that the original address lifetime still applies to the route associated
with that prefix, so when the prefix expires, the route goes away.
This behaviour doesn't make a lot of sense: if the admin updates an
address lifetime, we should ensure that the prefix lifetime is updated
too. Make that change, ensuring that we do not shorten the prefix
lifetime, as the prefix might be shared among multiple interface
addresses.
Add a regression test.
Co-authored by: Franco Fichtner <franco@opnsense.org>
Reviewed by: pouria, zlei, ae
MFC after: 2 weeks
Sponsored by: OPNsense
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54562
|
| |
|
|
|
|
|
|
|
|
|
| |
Tidy up a bunch of places that have the same duplicated logic. Simplify
callers of in6_init_prefix_ltimes(). No functional change intended.
Reviewed by: pouria, zlei, tuexen, glebius
MFC after: 2 weeks
Sponsored by: OPNsense
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54561
|
| |
|
|
|
|
|
|
| |
LINT-NOVIMAGE fails to build due to a missing eventhandler.h include
which in hte VIMAGE case is likely leaked through some other header.
Add the #include to unbreak the build.
Fixes: 0d469d23715d6 (net: attach IPv4 and IPv6 stacks to an ...)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change retires two historic relics: the if_afdata[] array and the
dom_ifattach/dom_ifdetach methods.
The if_afdata[] array is a relic of the era, when there was expectation
that many transport protocols will coexist with IP, e.g. IPX or NetAtalk.
The array hasn't had any members except AF_INET and AF_INET6 for over a
decade already. This change removes the array and just leaves two pointer
fields: if_inet and if_inet6.
The dom_ifattach/dom_ifdetach predates the EVENTHANDLER(9) framework and
was a good enough method to initialize protocol contexts back then. Today
there is no good reason to treat IPv4 and IPv6 stacks differently to other
protocols/features that attach and detach from an interface.
The locking of if_afdata[] is a relic of SMPng times, when the system
startup and the interface attach was even more convoluted than before this
change, and we also had unloadable protocols that used a field in
if_afdata[]. Note that IPv4 and IPv6 are not unloadable.
Note that this change removes NET_EPOCH_WAIT() from the interface detach
sequence. This may surface several new races associated with interface
removal. I failed to hit any with consecutive test suite runs, though.
The expected general race scenario is that while struct ifnet is freed
with proper epoch_call(9) itself, some structures hanging off ifnet are
freed with direct free(9). The proper fix is either make if_foo point at
some static "dead" structure providing SMP visibility of this store, or
free those structure with epoch_call(9). All of these cases are planned
to be found and resolved during 16.0-CURRENT lifetime.
Reviewed by: zlei, gallatin, melifaro
Differential Revision: https://reviews.freebsd.org/D54089
|
| |
|
|
| |
Differential Revision: https://reviews.freebsd.org/D54063
|
| |
|
|
|
|
|
|
|
| |
Add struct mtx to struct lltable and stop using IF_AFDATA_LOCK, that
was created for a completely different purpose. No functional change
intended.
Reviewed by: zlei, melifaro
Differential Revision: https://reviews.freebsd.org/D54086
|
| |
|
|
|
|
|
| |
It is not clear what exactly this function is locking against. Seems
like just use some generic interface lock. The IF_AFDATA_LOCK goes
away soon together with if_afdata[], so put at least something in its
place. Note that this code is dead anyway (#ifdef EXPERIMENTAL).
|
| |
|
|
|
|
|
| |
It is not clear what exactly this function is locking against. Seems
like just use some generic interface lock. The IF_AFDATA_LOCK goes
away soon together with if_afdata[], so put at least something in its
place.
|
| |
|
|
|
|
| |
It is a remnant of a network stack design that was supposed to support
multiple network protocols. Today it is clear that we are left with IPv4
and IPv6 only. Only IPv6 may have an MTU different to the interface MTU.
|
| | |
|
| |
|
|
|
|
|
|
| |
These were for $FreeBSD$ that was removed a while ago, but these
includes didn't get swept up in that. Remove them all now.
Sponsored by: Netflix
MFC After: 2 weeks
|
