| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Commit a223d6c489c7 made most of the ip6_mroute state per-VNET, but
failed to do this for a couple of counter structures. Make them
per-VNET too.
Reported by: zlei
Reviewed by: pouria, zlei
Fixes: a223d6c489c7 ("ip6_mroute: Start putting global variables into a structure")
Differential Revision: https://reviews.freebsd.org/D56253
|
| |
|
|
|
|
|
|
|
| |
The recent FIBify commits deref struct thread without including
sys/proc.h, which can result in a compiler error. This becomes
apparent when building with LINT-NOVIMAGE, as net/vnet.h includes
sys/proc.h. Fix this by directly including sys/proc.h
Fixes: 4c486fe40267 ("ip_mroute: FIBify"), 0bb9c2b665d9 ("ip6_mroute: FIBify")
|
| |
|
|
|
|
|
|
|
|
| |
Delayed proxy addresses need special handling, since
they can use link-local ifa as their source address and
have different link-layer data in their response.
Fixes: f37fbe30f559
Reviewed by: glebius, markj
Differential Revision: https://reviews.freebsd.org/D55850
|
| |
|
|
|
|
|
| |
No functional change since apparently it's fine to compute the size of
a pointer type when the base type is undefined.
Fixes: 0bb9c2b665d9 ("ip6_mroute: FIBify")
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When an interface goes away we need to make sure the v6 multicast
routing tables don't carry any dangling references to the ifnet. The v4
code handles this already. Copy the approach there and use an
eventhandler to purge the corresponding MIF, if one exists, and further
go through all routes in the FIB and remove references to the interface.
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55246
|
| |
|
|
|
|
|
|
|
|
| |
There's no need to pass a pointer to the interface number. No
functional change intended.
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55245
|
| |
|
|
|
|
|
| |
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55243
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Modify the control plane (ioctl and socket option handlers) to use the
routing socket FIB to index into the mfctable array. Modify the
forwarding plane to use the mbuf's FIB to determine which routing table
to use.
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55242
|
| |
|
|
|
|
|
|
|
|
| |
Use the new rtnumfibs_change event to expand the mfctable array when the
number of FIBs increases.
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55240
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
As in the IPv4 version of this change, I added a struct mf6ctable
structure which holds all global routing table state, soon to become
per-FIB state.
Note that much of the v6 multicast routing code was not VNETified; this
change fixes that too.
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55238
|
| |
|
|
|
|
|
|
|
|
|
| |
The ROUTE_MPATH compile option was introduced to
test the new multipath implementation.
Since compiling it has no overhead and it's enabled
by default, remove it.
Reviewed by: melifaro, markj
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D55884
|
| |
|
|
|
|
|
| |
This patch reduces the number of witness warnings during ifmcstat(8) calls.
Reviewed by: glebius, zlei
Differential Revision: https://reviews.freebsd.org/D56052
|
| |
|
|
|
|
|
|
| |
IPv4-compatible IPv6 addresses are deprecated by RFC 4291.
No functional change intended.
Reviewed by: glebius, emaste
Differential Revision: https://reviews.freebsd.org/D55387
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Multiple delayed NAs on the same ifa can occur simultaneously.
Therefore:
* Differentiate between GRAND and solicited replies.
* Cancel previous pending GRAND NA for same ifa.
* Reuse ndq memory for GRAND.
* Free non-GRAND replies immediately.
* Don't limit non-GRAND NAs.
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D55905
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Update ECN tunneling functions from obsolete RFC 3168 to
newer RFC 6040.
Also, add ECN_COMPLETE to support dangerous packet reporting
without causing extra costs to existing caller functions.
Finally, return values are specified as macro to reduce
confusion, considering extra return values for ECN_WARN
and ECN_ALARM were added.
Reviewed By: glebius, tuexen
Differential Revision: https://reviews.freebsd.org/D53516
|
| |
|
|
|
|
|
|
| |
During link-layer address change event, don't send unsolicited
NA for multicast addresses.
Reviewed by: adrian, zlei
Differential Revision: https://reviews.freebsd.org/D55885
|
| | |
|
| |
|
|
|
|
| |
Reviewed by: glebius
Fixes: 7f3b46fe54f1 ("ndp: Add support for Gratuitous...")
Differential Revision: https://reviews.freebsd.org/D55844
|
| |
|
|
|
| |
PR: 293777
Fixes: f37fbe30f559 ("ndp: implement delayed ...")
|
| |
|
|
|
| |
Reviewed by: bms
Differential Revision: https://reviews.freebsd.org/D55141
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RFC4291 section 2.5.2:
The unspecified address must not be used as the destination address
of IPv6 packets or in IPv6 Routing headers. An IPv6 packet with a
source address of unspecified must never be forwarded by an IPv6
router.
We disallowed connections to IN6ADDR_ANY by default, as of commit
627e126dbb07 ("netinet6: Disallow connections to IN6ADDR_ANY"). As this
is actually disallowed by the RFC, just remove the support.
Reported by: bz (in D54306)
Reviewed by: bz, glebius
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54942
|
| |
|
|
|
|
|
|
| |
`nd6_ra_input()` is simplied to make it easier to add
additional options.
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D55267
|
| |
|
|
|
|
|
|
|
|
| |
Implement RFC 4861 Section 7.2.6 and RFC 9131, which is also
address one of the IPv6 deployment issues in RFC 9898 Section 3.9.
GRAND should be triggered by a change in link-layer address of interface
or by configuration of a new global ipv6 address after DAD completes.
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D55015
|
| |
|
|
|
|
|
|
|
| |
release the refcount of link-local prefix information to ensure
it gets freed when the address is deleted.
Reviewed By: zlei, ivy
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D55593
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When icmp6 sends an ICMPv6 message, it reuses the mbuf of the packet
that triggered the ICMPv6 message and prepends an IPv6 and ICMPv6
header. For a locally generated packet with checksum offloading, the
mbuf still has csum_flags set indicating that a SCTP/TCP/UDP checksum
has to be computed and inserted. Since this not the case anymore,
csum_flags need to be cleared.
PR: 293227
Reviewed by: kp, zlei, tuexen
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D55367
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is a non-functional change; it just returns the correct errno value
where IPv6 multicast socket options were passed non-AF_INET6 arguments,
in preparation for handling PR 193246 with a side-call into netinet as
xnu currently does.
Reviewed by: glebius
Approved by: glebius
PR: 193246 (with refinements)
Differential revision: https://reviews.freebsd.org/D55233
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I have some patches which make ip_mroute and ip6_mroute multi-FIB-aware.
This enables running per-FIB routing daemons, each of which has a
separate routing socket.
Several places in the network stack check whether multicast routing is
configured by checking whether the multicast routing socket is non-NULL.
This doesn't directly translate in my proposed scheme, as each FIB would
have its own socket. I'd like to modify the ip(6)_mroute code to store
all state, including the socket, in a per-FIB structure. So, take a
step towards that and 1) hide the socket, 2) add a boolean flag which
indicates whether a multicast router is registered.
Reviewed by: pouria, zlei, glebius, adrian
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55236
|
| |
|
|
|
| |
MFC after: 1 week
Reported by: Ian FREISLICH <ianfreislich@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Deal with the mifi >= nummifs case early so that we can de-indent the
rest of the code. This also ensures that the debug log (compiled out by
default) doesn't perform an out-of-bounds access.
Remove a bogus NULL test in an inner loop while here.
No functional change intended.
Reviewed by: glebius
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55059
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ip_mroute and ip6_mroute modules hook into the network stack via
several function pointers. Declarations for these pointers are
scattered around several headers. Put them all in the same place,
ip(6)_mroute.h.
No functional change intended.
Reviewed by: glebius
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55058
|
| |
|
|
|
|
|
|
|
|
|
| |
This change switches to using RFC 7217 algorithm as the default to
generate SLAAC addresses for IPv6 interfaces configured with
accept_rtadv.
Reviewed by: pouria, glebius, zlei
Approved by: zlei
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D55138
|
| |
|
|
|
|
|
|
| |
Reported by: pouria
Reviewed by: pouria, ziaee, glebius
Approved by: glebius
Fixes: 31ec8b6407fdd5a87d70265762457c67ce618283
Differential Revision: https://reviews.freebsd.org/D55136
|
| |
|
|
|
|
|
|
|
|
| |
ifnets already track if_allmulti() calls in the if_amcount field. That
field is older than the comment, so I'm not exactly sure what the intent
was; let's just remove it.
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
|
| |
|
|
|
|
|
|
| |
No functional change intended.
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
|
| |
|
|
|
|
| |
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
|
| |
|
|
|
|
|
|
|
|
|
| |
This is more natural and corresponds more closely to the v4 multicast
routing code. No functional change intended.
Reviewed by: glebius
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54983
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- The v6 socket option and ioctl handlers had no privilege checks at
all. The socket options, I believe, can only be reached via a raw
socket, but a jailed root user with a raw socket shouldn't be able to
configure multicast routing in a non-VNET jail. The ioctls can only
be used to fetch stats.
- Delete a bogus comment in X_mrt_ioctl(), one can issue multicast
routing ioctls against any socket. Note that the call path is
soo_ioctl()->rtioctl_fib()->mrt_ioctl().
I think all of the mroute privilege checks should be done within the
ip(6)_mroute code, but let's first make the v4 and v6 modules
consistent.
Reviewed by: glebius
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54982
|
| |
|
|
|
|
|
|
| |
No functional change intended.
MFC after: 1 week
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
|
| |
|
|
|
|
|
|
| |
No functional change intended.
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously connect() or sendto() to INADDR_ANY or IN6ADDR_ANY reached
some socket bound to some host interface address. Although this was
intentional it was an artifact of a different era, and is not desirable
now.
In 417b35a97b76 markj added support to disallow connect() to INADDR_ANY
and IN6ADDR_ANY. Connections to INADDR_ANY were disabled by default in
cd240957d7ba. Follow suit with IN6ADDR_ANY.
Reviewed by: glebius, markj, zlei
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54306
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Jumbo Payload option was intended to allow the deployment of IPv6 on
networks with a link MTU in excess of 65,735 octets.
Speaking to one of the authors of RFC2675 the networks which motivated
the Jumbo Payload option no longer exist.
FreeBSD does not currently support any links with this capacity and
discussion when this change was first proposed suggested that the loop
back interface had to be patched to test implementation.
As there are no known devices that can carry Jumbo Payloads remove
support.
Reviewed by: glebius, teuxen, kp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D19960
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is expected to fix the old in6_selecthlim() panics. The nature of
the panic is that a packet sending thread will obtain the struct ifnet
pointer locklessly and then pick the if_inet6 pointer from it and
dereference it. While the struct ifnet is freed via epoch_call(9), the
struct in6_ifextra until this change was not. For the forwarded packets,
or locally originated non-TCP packets we were probably safe due to the old
if_dead trick. But locally originated TCP packets may dereference
in6_ifextra via direct call into in6_selecthlim() from the tcp_output(),
before ip6_output().
NB: hypothetically a similar problem also applies to IPv4's if_inet pointer,
but there are no known panics, yet.
PR: 279653
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D54728
|
| |
|
|
|
|
|
| |
In mld_domifdetach() don't search the global list.
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D54727
|
| |
|
|
|
| |
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D54726
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stop using struct nd_ifinfo for that, because it is an API struct for
SIOCGIFINFO_IN6. The functional changes are isolated to the protocol
attach and detach: in6_ifarrival(), nd6_ifattach(), in6_ifdeparture(),
nd6_ifdetach(), as well as to the nd6_ioctl(), nd6_ra_input(),
nd6_slowtimo() and in6_ifmtu().
The dad_failures member was just renamed to match the rest. The M_IP6NDP
malloc(9) type declaration moved to files that actually use it.
The rest of the changes are mechanical substitution of double pointer
dereference via ND_IFINFO() to a single pointer dereference. This was
achieved with a sed(1) script:
s/ND_IFINFO\(([a-z0-9>_.-]+)\)->(flags|linkmtu|basereachable|reachable|retrans|chlim)/\1->if_inet6->nd_\2/g
s/nd_chlim/nd_curhoplimit/g
Reviewed by: tuexen, madpilot
Differential Revision: https://reviews.freebsd.org/D54725
|
| |
|
|
|
|
|
|
|
| |
There should be no functional change. If there are any performance
concerns with a function call, with the future changes, that would move
ND6 bits into in6_ifextra, this function would be easily inline-able.
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D54724
|
| |
|
|
|
| |
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D54723
|
| |
|
|
|
|
|
|
|
|
|
|
| |
There is no functional change here, but we'd like to emphasize that the
nd_ifinfo structure is not a actually a kernel ND6 software context,
despite being actively used like this way, but an API/ABI structure for
ioctl(2). This should prevent from a ABI breakages like in 31ec8b6407fd.
This also is a step towards stopping using it as a kernel software
context.
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D54722
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a jumbo payload option is added, the length of the mbuf chain is
increased by 8 but the actual hop-by-hop extension header with the
jumbo playload option is only inserted in the packet if there are
other options. Therefore, adjust optlen to reflect the actual size
of IPv6 extension headers including the hop-by-hop extension header
containing the jumbo payload option.
Reported by: syzbot+73fe316271df473230eb@syzkaller.appspotmail.com
Reviewed by: markj, Timo Voelker
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D54394
|
