aboutsummaryrefslogtreecommitdiff
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* inpcb: Restore some NULL checks of credential pointersMark Johnston2024-02-091-2/+4
| | | | | | | | | | | | | | | At least one out-of-tree port (net-mgmt/ng_ipacct) depends on being able to call in_pcblookup_local() with cred == NULL, so the MFC of commit ac1750dd143e ("inpcb: Remove NULL checks of credential references") broke compatibility. Restore a subset of the NULL checks to avoid breaking the module in the 13.3 release. This is a direct commit to stable/13. PR: 276868 Approved by: re (cperciva) (cherry picked from commit fe8df7ed1aae444a09361c080d52bfcb6aaae64f)
* tcp_fastopen: Fix a typo in a source code commentGordon Bergling2024-01-251-1/+1
| | | | | | - s/posession/possession/ (cherry picked from commit 9b035689f15fc4aec96f9c18c6c86bd615faed2f)
* tcp_hpts: Fix a typo of a function name in a commentGordon Bergling2024-01-231-1/+1
| | | | | | - s/tcp_ouput/tcp_output/ (cherry picked from commit ef0ac0a1ad6750291b881203030384b7f7241efb)
* inpcb: Allow SO_REUSEPORT_LB to be used in jailsMark Johnston2024-01-222-54/+75
| | | | | | | | | | | | | | | | | | | | | | | Currently SO_REUSEPORT_LB silently does nothing when set by a jailed process. It is trivial to support this option in VNET jails, but it's also useful in traditional jails. This patch enables LB groups in jails with the following semantics: - all PCBs in a group must belong to the same jail, - PCB lookup prefers jailed groups to non-jailed groups This is a straightforward extension of the semantics used for individual listening sockets. One pre-existing quirk of the lbgroup implementation is that non-jailed lbgroups are searched before jailed listening sockets; that is preserved with this change. Discussed with: glebius MFC after: 1 month Sponsored by: Modirum MDPay Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D37029 (cherry picked from commit d93ec8cb1324d04d7cae19fb7fa98ade2ff33c80)
* inpcb: Remove a PCB from its LB group upon a subsequent errorMark Johnston2024-01-221-9/+8
| | | | | | | | | | | | | | If a memory allocation failure causes bind to fail, we should take the inpcb back out of its LB group since it's not prepared to handle connections. Reviewed by: glebius MFC after: 2 weeks Sponsored by: Modirum MDPay Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D37027 (cherry picked from commit a152dd863418638c3eb08b5c101b10b82f8072f5)
* inpcb: Remove NULL checks of credential referencesMark Johnston2024-01-221-15/+12
| | | | | | | | | | | | | | | Some auditing of the code shows that "cred" is never non-NULL in these functions, either because all callers pass a non-NULL reference or because they unconditionally dereference "cred". So, let's simplify the code a bit and remove NULL checks. No functional change intended. Reviewed by: glebius MFC after: 1 week Sponsored by: Modirum MDPay Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D37025 (cherry picked from commit ac1750dd143e53225c518bc1ca0462c3fffe10f6)
* sys: Use mbufq_empty instead of comparing mbufq_len against 0John Baldwin2024-01-181-1/+1
| | | | | | | | Reviewed by: bz, emaste Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D43338 (cherry picked from commit 8cb9b68f5821e45c63ee08d8ee3029ca523ac174)
* sys: Style fix for M_EXT | M_EXTPGJohn Baldwin2024-01-183-3/+3
| | | | | | | | | | | Add a space around the | operator in places testing for either M_EXT or M_EXTPG. Reviewed by: imp, glebius Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D43216 (cherry picked from commit f7d5900aa063c6e9d19e6372ba981fc76aa326a2)
* tcp: prevent spurious empty segments and fix uncommon panicRichard Scheffenegger2024-01-151-1/+9
| | | | | | | | | | | | | | | | | | Only try sending more data on pure ACKs when there is more data available in the send buffer. In the case of a retransmitted SYN not being sent due to an internal error, the snd_una/snd_nxt accounting could be off, leading to a panic. Pulling snd_nxt up to snd_una prevents this from happening. Reported by: fengdreamer@126.com Reviewed by: cc, tuexen, #transport MFC after: 1 week Sponsored by: NetApp, Inc. Differential Revision: https://reviews.freebsd.org/D43343 (cherry picked from commit f4574e2dc5a4719379496338257526aba484751b)
* sctp: minor cleanMichael Tuexen2024-01-121-72/+73
| | | | | | No functional change intended. (cherry picked from commit 3bbbfc8dcd3622b49907e359c8e9682def0bae25)
* udplite: make socketoption available on IPv6 socketsMichael Tuexen2024-01-121-0/+8
| | | | | | | | | | | | This patch allows the IPPROTO_UDPLITE-level socket options UDPLITE_SEND_CSCOV and UDPLITE_RECV_CSCOV to be used on AF_INET6 sockets in addition to AF_INET sockets. Reviewed by: ae, rscheff MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D42430 (cherry picked from commit 03c3a70abe5e9fa259b954de78ae69229fa9c99f)
* udplite: fix checksum computation on the sender sideMichael Tuexen2024-01-121-14/+15
| | | | | | | | | | Don't fill the fields of the UDP/IP header not used for the checksum computation before performing the checksum computation. Reviewed by: glebius Differential Revision: https://reviews.freebsd.org/D42275 (cherry picked from commit aa64a8f5c35c13b1c325f1a4597c987a37bec5da)
* netinet: Define IPv6 ECN maskJose Luis Duran2024-01-111-0/+2
| | | | | | | | | | | | | | | | | | | | | Define a mask for the code point used for ECN in the Traffic Class field (2 bits) of an IPv6 header. BE: 0 0 3 0 0 0 0 0 Bit: 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| Traffic Class | Flow Label | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... | For BE (Big Endian), or network-byte order, this corresponds to 0x00300000. For Little Endian, it corresponds to 0x00003000. Reviewed by: imp, markj MFC after: 1 week Pull Request: https://github.com/freebsd/freebsd-src/pull/879 (cherry picked from commit b0e13f785b336670bdf39b83a78435b00d00f43c)
* sctp: further improve shutting down the read side of a socketMichael Tuexen2024-01-111-6/+6
| | | | | | | | Deal with the case that the association is already gone. Reported by: syzbot+e256d42e9b390564530a@syzkaller.appspotmail.com (cherry picked from commit bb56b36d7188e004840294d0bd5dfdf7f3392a05)
* sctp: improve shutting down the read side of a socketMichael Tuexen2024-01-111-33/+57
| | | | | | | | | | When shutdown(..., SHUT_RD) or shutdown(..., SHUT_RDWR) is called, really clean up the read queue and issue an ungraceful shutdown if user messages are affected. Reported by: syzbot+d4e1d30d578891245f59@syzkaller.appspotmail.com (cherry picked from commit 81c5f0fac91dfae64205a6c4f9b2a469d1187372)
* sctp: don't call sctp_ulp_notify() recursivelyMichael Tuexen2024-01-111-2/+2
| | | | | | This does not work with the new locking scheme. (cherry picked from commit 1e81a4e7e89bb1870bec84e42284ad10505e957c)
* sctp: cleanup locking for notificationsMichael Tuexen2024-01-112-57/+87
| | | | | | | | | | All notifications are now queued via sctp_ulp_notify(). Do the locking of the inp read lock there and validate this in all functions being used. This is one step in avoiding race conditions when closing the read end of an SCTP socket. (cherry picked from commit f9425b3a85e9e211b61e11ce8115bf73674bdf49)
* sctp: make sure all SCTP RESET notifications use sctp_ulp_notify()Michael Tuexen2024-01-114-95/+86
| | | | | | | While there, improve consistency of the notification related code. No functional change intended. (cherry picked from commit 3ac7664774ad038b208cbb31eb52d1608efbd451)
* sctp: cleanup SCTP AUTH related notificationMichael Tuexen2024-01-113-26/+23
| | | | | | | | | This makes consistent use of the parameters and ensures that all SCTP AUTH related notifications are using sctp_ulp_notify(). No functional change intended. (cherry picked from commit cd3770c5feb038f3904fdb4aa04e09da122f74e3)
* sctp: cleanupMichael Tuexen2024-01-111-33/+27
| | | | | | | In particular, don't use a socket level flag, use the inp level one. After adding appropriate locking, this will close a race condition. (cherry picked from commit e40d16ad6ee952f315356ef091fa282f28fac0d5)
* sctp: cleanupMichael Tuexen2024-01-111-6/+4
| | | | | | | No functional change intended. Just asserting the conditions when being called. (cherry picked from commit f0c8e8118dbcc9251b11154ee7e4680f79901af1)
* sctp: improve handling of socket shutdown for readingMichael Tuexen2024-01-111-7/+11
| | | | | | | | | | | If a socket is marked as cannot read anymore, drop chunks which should be added to a control element in the receive queue. This is consistent with dropping control elements instead of adding them in the same situation. Reported by: syzbot+291f6581cecb77097b16@syzkaller.appspotmail.com (cherry picked from commit 847fa61fad5ef118dc0591d876bf9449200aa818)
* sctp: improve handling of SHUTDOWN and SHUTDOWN ACK chunksMichael Tuexen2024-01-111-12/+42
| | | | | | | | | When handling a SHUTDOWN or SHUTDOWN ACK chunk detect if the peer is violating the protocol by not having made sure all user messages are reveived by the peer. If this situation is detected, abort the association. (cherry picked from commit d18c845f99cbd2d3c0e70b3b9b09d80c655b6fb6)
* sctp: fix a warningMichael Tuexen2024-01-111-10/+5
| | | | | | | | Fix an unused-but-set-variable warning for builds without INVARIANTS. Reported by: O. Hartmann (cherry picked from commit 1095da75032b439d893c0947eda2f3738ecfe494)
* sctp: cleanup handling of graceful shutdown of the peerMichael Tuexen2024-01-113-67/+16
| | | | | | | | | | | Don't handle a graceful shutdown of the peer as an implicit signal that all partial messages are complete. First, this is not implemented correctly and second this should not be done by the peer. It is more appropriate to handle this as a protocol violation. Remove the incorrect code and leave detecting the protocol violation and its handling in a followup commit. (cherry picked from commit 4f14d4b6b7f0ca49b14379e48117121af3ed2669)
* sctp: cleanup cdefs.h includeMichael Tuexen2024-01-1136-39/+4
| | | | (cherry picked from commit c3179e6660e1365111b89cb6c05c3a4c47375e73)
* sctp: cleanupMichael Tuexen2024-01-113-32/+15
| | | | | | | Do not put a variable in the stcb for passing it to a function. Just use a parameter of the function. No functional change intended. (cherry picked from commit 749a7fb588c4a872a4f1ce3ee92be86bab1b1f17)
* sctp: add an assertMichael Tuexen2024-01-111-1/+2
| | | | | | This enforces a condition mentioned in a comment. (cherry picked from commit e8eb0b713426fe9edbf56719351850fa9469286a)
* sctp: use consistent names for locking macrosMichael Tuexen2024-01-112-4/+9
| | | | | | | While there, add also a macro for an assert. Will be used shortly. No functional change intended. (cherry picked from commit 6cb8b3b5cde18ac5465f1cf1df3fbac359cb09e9)
* sctp: another cleanupMichael Tuexen2024-01-111-118/+104
| | | | | | No functional change intended. (cherry picked from commit 85e5480df95e6bca38910f44f6e9b4d7773904ed)
* sctp: remove duplicate codeMichael Tuexen2024-01-112-2/+3
| | | | | | No functional change intended. (cherry picked from commit 9ade2745db8be213e9da2225795cafb8e7575e29)
* sctp: improve consistencyMichael Tuexen2024-01-111-1/+1
| | | | (cherry picked from commit 10b2b30670d7c389b26533aa43e8d0c3aef55ff3)
* sctp: remove redundant checkMichael Tuexen2024-01-111-3/+0
| | | | | | This is already checked by the caller. (cherry picked from commit e3771cc03419b69c8ee851c1ffa85230d0fde1d5)
* sctp: improve consistency of acc and ccc handling in snd bufferMichael Tuexen2024-01-111-1/+0
| | | | | | | | | | | Don't clear the counters for the socket snd buffer when shutdown(..., SHUT_WR) or shutdown(..., SHUT_RDWR) is called. This was causing the system to panic() when SCTP pf tests were running. Reported by: dchagin, kp (cherry picked from commit efb04fb404b240a99c618e49174cd6260217edaa)
* sctp: keep sb_acc and sb_ccc in syncMichael Tuexen2024-01-116-14/+20
| | | | | | PR: 260116 (cherry picked from commit c620788150d274c09a070ab486602c98407d73b0)
* sctp: improve consistencyMichael Tuexen2024-01-112-11/+3
| | | | | | | | This is simplifying a patch to address PR 260116. PR: 260116 (cherry picked from commit b279e84a47ddb59e55b5a3cec31c51cd41bf0dc3)
* siftr: provide dtrace with the correct pointer to dataMichael Tuexen2024-01-111-1/+1
| | | | | | | | | | | This fixes a bug which was introduced in the commit https://svnweb.freebsd.org/changeset/base/282276 Reviewed by: cc, rscheff Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D40806 (cherry picked from commit dc2d26df43cb69c9c4d8802220af2da929bc1dce)
* tcp: clean PRR state after ECN congestion recovery.Richard Scheffenegger2024-01-112-0/+3
| | | | | | | | | | | | PRR state was not properly reset on subsequent ECN CE events. Clean up after local transmission failures too. Reviewed by: tuexen, cc, #transport MFC after: 3 days Sponsored by: NetApp, Inc. Differential Revision: https://reviews.freebsd.org/D43170 (cherry picked from commit 429f14f83ae1f6357a9455d4f075522420b01b03)
* tcp: Undo the consumption of sequence space by FIN in case of a transient error.Richard Scheffenegger2024-01-111-1/+6
| | | | | | | | | | | | If an error occurs while processing a TCP segment with some data and the FIN flag, the back out of the sequence number advance does not take into account the increase by 1 due to the FIN flag. Reviewed By: jch, gnn, #transport, tuexen Sponsored by: NetApp, Inc. Differential Revision: https://reviews.freebsd.org/D2970 (cherry picked from commit 66605ff791b12a2c3bb4570379db0e14d29fca4c)
* IPv6: fix problem with duplicate port assignment with v4-mapped addrsMike Karels2024-01-101-2/+9
| | | | | | | | | | | | | | | | | In in_pcb_lport_dest(), if an IPv6 socket does not match any other IPv6 socket using in6_pcblookup_local(), and if the socket can also connect to IPv4 (the INP_IPV4 vflag is set), check for IPv4 matches as well. Otherwise, we can allocate a port that is used by an IPv4 socket (possibly one created from IPv6 via the same procedure), and then connect() can fail with EADDRINUSE, when it could have succeeded if the bound port was not in use. PR: 265064 Submitted by: firk at cantconnect.ru (with modifications) Reviewed by: bz, melifaro Differential Revision: https://reviews.freebsd.org/D36012 (cherry picked from commit 637f317c6d9c0c689677f499fc78ac545b192071)
* tcp_stacks: Fix two typos in a source code commentsGordon Bergling2024-01-072-2/+2
| | | | | | - s/recieved/received/ (cherry picked from commit 7b0b448ba9fd53fb4db81a2309dedfdc47533cfb)
* tcp_info: Add and export more FreeBSD-specific fieldsMarius Strobl2024-01-062-1/+15
| | | | | | | | | | | | | | | | | | | | | This change adds struct tcp_info fields corresponding to the following struct tcpcb ones: - snd_una - snd_max - rcv_numsacks - rcv_adv - dupacks Note that while both tcp_fill_info() and fill_tcp_info_from_tcb() are extended accordingly, no counterpart of rcv_numsacks is available in the cxgbe(4) TOE PCB, though. Sponsored by: NetApp, Inc. (originally) (cherry picked from commit dc485b968ddeb070d23354f55164a8c336acf081) Conflicts (due tue missing 945f9a7c): sys/netinet/tcp.h
* tcp: reserve tcp_info counters for AccECNRichard Scheffenegger2024-01-051-1/+11
| | | | | | | | | | | | Marking all new fields unused (__xxx). No functional change. Reviewed By: tuexen, rrs, #transport Sponsored by: NetApp, Inc. Differential Revision: https://reviews.freebsd.org/D37016 (cherry picked from commit 3708c3d370f26af0841cd3e97bf569d39c42953b)
* tcp_fill_info(): Change lock assertion on INPCB to locked onlyMarius Strobl2024-01-055-9/+9
| | | | | | | | | | | | | | This function actually only ever reads from the TCP PCB. Consequently, also make the pointer to its TCP PCB parameter const. Sponsored by: NetApp, Inc. (originally) (cherry picked from commit 8c6104c48ea3f0ffaabeb9784b0f2327db04e7af) Conflicts (due tue missing 9eb0e832): sys/dev/cxgbe/tom/t4_tom.c sys/netinet/tcp_offload.c sys/netinet/tcp_usrreq.c
* tcp: always set tcp_tun_port to a correct valueGleb Smirnoff2024-01-021-0/+1
| | | | | | | | | | | | | | | | | | | | | The tcp_tun_port field that is used to pass port value between UDP and TCP in case of tunneling is a generic field that used to pass data between network layers. It can be contaminated on entry, e.g. by a VLAN tag set by a NIC driver. Explicily set it, so that it is zeroed out in a normal not-tunneled TCP. If it contains garbage, tcp_twcheck() later can enter wrong block of code and treat the packet as incorrectly tunneled one. On main and stable/14 that will end up with sending incorrect responses, but on stable/13 with ipfw(8) and pcb-matching rules it may end up in a panic. This is a minimal conservative patch to be merged to stable branches. Later we may redesign this. PR: 275169 Reviewed by: tuexen Differential Revision: https://reviews.freebsd.org/D43065 (cherry picked from commit 513f2e2e7180202167ca2963d815d2a4c3ac0af9)
* Fix 'security.bsd.see_jail_proc' by using cr_bsd_visible()Olivier Certner2023-12-211-3/+1
| | | | | | | | | | | | | | | | | | As implemented, this security policy would only prevent seeing processes in sub-jails, but would not prevent sending signals to, changing priority of or debugging processes in these, enabling attacks where unprivileged users could tamper with random processes in sub-jails in particular circumstances (conflated UIDs) despite the policy being enforced. PR: 272092 Reviewed by: mhorne Sponsored by: Kumacom SAS Differential Revision: https://reviews.freebsd.org/D40628 (cherry picked from commit 5817169bc4a06a35aa5ef7f5ed18f6cb35037e18) Approved by: markj (mentor)
* sctp: Various fixes for loader tunablesZhenlei Huang2023-10-162-6/+26
| | | | | | | | | | | | | | | | | | | | | | | The following sysctl variables are actually loader tunables. Add sysctl flag CTLFLAG_TUN to them so that `sysctl -T` will report them correctly. 1. net.inet.sctp.tcbhashsize 2. net.inet.sctp.pcbhashsize 3. net.inet.sctp.chunkscale The loader tunable 'net.inet.sctp.tcbhashsize' and 'net.inet.sctp.chunkscale' are only used during vnet initializing, thus it make no senses to make them writable tunable. Validate the values of loader tunables on vnet initialize, reset them to theirs defaults if invalid to prevent potential kernel panics. Reviewed by: tuexen, #transport, #network MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D42007 (cherry picked from commit dac91eb7660324677d8a2f71bd6f192422355ba1) (cherry picked from commit fd9de12a71109d1e3bb4b20e7d040fc9a1784dc2)
* tcp: Simplify the initialization of loader tunable 'net.inet.tcp.tcbhashsize'Zhenlei Huang2023-10-161-18/+13
| | | | | | | | | | | No functional change intended. Reviewed by: cc, rscheff, #transport MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D41998 (cherry picked from commit 38ecc80b2a4e5e11ece83ca4df63632f0b6fa394) (cherry picked from commit 3a97686fc11ae51ceb4004c07702a8a20f71410d)
* netdump: Check the return value of ifunit_ref()Mark Johnston2023-10-091-0/+2
| | | | | | | | | | | We may fail to match if the specific interface doesn't exist or was renamed. PR: 273715 Reported by: grembo MFC after: 1 week (cherry picked from commit d94d07d58141dcff48f01c6b3e5a31de9d7a7938)
* ip_mroute: Fix sysctl knobsZhenlei Huang2023-10-021-9/+5
| | | | | | | | | | | | | | | | | The loader tunable `net.inet.ip.mfchashsize` does not have corresponding sysctl MIB entry. Just add it. While here, the sysctl variable `net.inet.pim.squelch_wholepkt` is actually a loader tunable. Add sysctl flag CTLFLAG_TUN to it so that `sysctl -T` will report it correctly. Reviewed by: kp Fixes: 443fc3176dee Introduce a number of changes to the MROUTING code MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D41997 (cherry picked from commit f549e22901b3a391c76659bee55802b1214112fd) (cherry picked from commit b0f026435a150933ecb6f2d1359fd1b4898657f1)
generated by cgit v1.3 (git 2.53.0) at 2026-05-30 16:58:46 +0000