CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Sun Apr 28 10:14:18 UTC 2024 Modified Files: src/sys/netinet6 [netbsd-9]: frag6.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1836): sys/netinet6/frag6.c: revision 1.78 frag6: fix calculation of fragment length Because of the miscalculation, 32 bytes fragmented IPv6 packets have been wrongly dropped. See https://mail-index.netbsd.org/tech-net/2024/04/14/msg008741.html for more details. Patch from Yasuyuki KOZAKAI (with minor tweaks) To generate a diff of this commit: cvs rdiff -u -r1.74.6.1 -r1.74.6.2 src/sys/netinet6/frag6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/frag6.c diff -u src/sys/netinet6/frag6.c:1.74.6.1 src/sys/netinet6/frag6.c:1.74.6.2 --- src/sys/netinet6/frag6.c:1.74.6.1 Thu Oct 27 16:06:24 2022 +++ src/sys/netinet6/frag6.c Sun Apr 28 10:14:18 2024 @@ -1,4 +1,4 @@ -/* $NetBSD: frag6.c,v 1.74.6.1 2022/10/27 16:06:24 martin Exp $ */ +/* $NetBSD: frag6.c,v 1.74.6.2 2024/04/28 10:14:18 martin Exp $ */ /* $KAME: frag6.c,v 1.40 2002/05/27 21:40:31 itojun Exp $ */ /* @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: frag6.c,v 1.74.6.1 2022/10/27 16:06:24 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: frag6.c,v 1.74.6.2 2024/04/28 10:14:18 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_net_mpsafe.h" @@ -197,9 +197,10 @@ frag6_input(struct mbuf **mp, int *offp, * sizeof(struct ip6_frag) == 8 * sizeof(struct ip6_hdr) = 40 */ - if ((ip6f->ip6f_offlg & IP6F_MORE_FRAG) && - (((ntohs(ip6->ip6_plen) - offset) == 0) || - ((ntohs(ip6->ip6_plen) - offset) & 0x7) != 0)) { + frgpartlen = sizeof(struct ip6_hdr) + ntohs(ip6->ip6_plen) - offset + - sizeof(struct ip6_frag); + if ((frgpartlen == 0) || + ((ip6f->ip6f_offlg & IP6F_MORE_FRAG) && (frgpartlen & 0x7) != 0)) { icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_HEADER, offsetof(struct ip6_hdr, ip6_plen)); in6_ifstat_inc(dstifp, ifs6_reass_fail); @@ -307,7 +308,6 @@ frag6_input(struct mbuf **mp, int *offp, * in size. If it would exceed, discard the fragment and return an * ICMP error. */ - frgpartlen = sizeof(struct ip6_hdr) + ntohs(ip6->ip6_plen) - offset; if (q6->ip6q_unfrglen >= 0) { /* The 1st fragment has already arrived. */ if (q6->ip6q_unfrglen + fragoff + frgpartlen > IPV6_MAXPACKET) {
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Sun Apr 28 10:14:18 UTC 2024 Modified Files: src/sys/netinet6 [netbsd-9]: frag6.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1836): sys/netinet6/frag6.c: revision 1.78 frag6: fix calculation of fragment length Because of the miscalculation, 32 bytes fragmented IPv6 packets have been wrongly dropped. See https://mail-index.netbsd.org/tech-net/2024/04/14/msg008741.html for more details. Patch from Yasuyuki KOZAKAI (with minor tweaks) To generate a diff of this commit: cvs rdiff -u -r1.74.6.1 -r1.74.6.2 src/sys/netinet6/frag6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Sun Mar 10 19:12:05 UTC 2024 Modified Files: src/sys/netinet6 [netbsd-9]: in6.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1812): sys/netinet6/in6.c: revision 1.292 netinet6: Avoid NPD on `ifconfig ifN inet6 ... pltime 0 vltime 0'. PR kern/53922 To generate a diff of this commit: cvs rdiff -u -r1.275.2.2 -r1.275.2.3 src/sys/netinet6/in6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/in6.c diff -u src/sys/netinet6/in6.c:1.275.2.2 src/sys/netinet6/in6.c:1.275.2.3 --- src/sys/netinet6/in6.c:1.275.2.2 Fri Aug 4 14:29:44 2023 +++ src/sys/netinet6/in6.c Sun Mar 10 19:12:05 2024 @@ -1,4 +1,4 @@ -/* $NetBSD: in6.c,v 1.275.2.2 2023/08/04 14:29:44 martin Exp $ */ +/* $NetBSD: in6.c,v 1.275.2.3 2024/03/10 19:12:05 martin Exp $ */ /* $KAME: in6.c,v 1.198 2001/07/18 09:12:38 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: in6.c,v 1.275.2.2 2023/08/04 14:29:44 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: in6.c,v 1.275.2.3 2024/03/10 19:12:05 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -707,7 +707,14 @@ in6_control1(struct socket *so, u_long c int s = splsoftnet(); error = in6_update_ifa1(ifp, ifra, &ia, &psref, 0); splx(s); - if (error) + /* + * in6_update_ifa1 doesn't create the address if its + * valid lifetime (vltime) is zero, since we would just + * delete the address immediately in that case anyway. + * So it may succeed but return null ia. In that case, + * nothing left to do. + */ + if (error || ia == NULL) break; pfil_run_addrhooks(if_pfil, cmd, &ia->ia_ifa); break;
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Sun Mar 10 19:12:05 UTC 2024 Modified Files: src/sys/netinet6 [netbsd-9]: in6.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1812): sys/netinet6/in6.c: revision 1.292 netinet6: Avoid NPD on `ifconfig ifN inet6 ... pltime 0 vltime 0'. PR kern/53922 To generate a diff of this commit: cvs rdiff -u -r1.275.2.2 -r1.275.2.3 src/sys/netinet6/in6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Sun Mar 10 18:54:41 UTC 2024 Modified Files: src/sys/netinet6 [netbsd-9]: icmp6.c raw_ip6.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1809): sys/netinet6/raw_ip6.c: revision 1.184 (patch) sys/netinet6/icmp6.c: revision 1.256 (patch) Deliver timestamps also to raw sockets. Fixes PR 57955 To generate a diff of this commit: cvs rdiff -u -r1.242 -r1.242.4.1 src/sys/netinet6/icmp6.c cvs rdiff -u -r1.175.4.1 -r1.175.4.2 src/sys/netinet6/raw_ip6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Sun Mar 10 18:54:41 UTC 2024 Modified Files: src/sys/netinet6 [netbsd-9]: icmp6.c raw_ip6.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1809): sys/netinet6/raw_ip6.c: revision 1.184 (patch) sys/netinet6/icmp6.c: revision 1.256 (patch) Deliver timestamps also to raw sockets. Fixes PR 57955 To generate a diff of this commit: cvs rdiff -u -r1.242 -r1.242.4.1 src/sys/netinet6/icmp6.c cvs rdiff -u -r1.175.4.1 -r1.175.4.2 src/sys/netinet6/raw_ip6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/icmp6.c diff -u src/sys/netinet6/icmp6.c:1.242 src/sys/netinet6/icmp6.c:1.242.4.1 --- src/sys/netinet6/icmp6.c:1.242 Sat Dec 22 14:07:54 2018 +++ src/sys/netinet6/icmp6.c Sun Mar 10 18:54:41 2024 @@ -1,4 +1,4 @@ -/* $NetBSD: icmp6.c,v 1.242 2018/12/22 14:07:54 maxv Exp $ */ +/* $NetBSD: icmp6.c,v 1.242.4.1 2024/03/10 18:54:41 martin Exp $ */ /* $KAME: icmp6.c,v 1.217 2001/06/20 15:03:29 jinmei Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.242 2018/12/22 14:07:54 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.242.4.1 2024/03/10 18:54:41 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1965,7 +1965,8 @@ icmp6_rip6_input(struct mbuf **mp, int o } #endif else if ((n = m_copypacket(m, M_DONTWAIT)) != NULL) { - if (last->in6p_flags & IN6P_CONTROLOPTS) + if (last->in6p_flags & IN6P_CONTROLOPTS || + SOOPT_TIMESTAMP(last->in6p_socket->so_options)) ip6_savecontrol(last, &opts, ip6, n); /* strip intermediate headers */ m_adj(n, off); @@ -1992,7 +1993,8 @@ icmp6_rip6_input(struct mbuf **mp, int o } else #endif if (last) { - if (last->in6p_flags & IN6P_CONTROLOPTS) + if (last->in6p_flags & IN6P_CONTROLOPTS || + SOOPT_TIMESTAMP(last->in6p_socket->so_options)) ip6_savecontrol(last, &opts, ip6, m); /* strip intermediate headers */ m_adj(m, off); Index: src/sys/netinet6/raw_ip6.c diff -u src/sys/netinet6/raw_ip6.c:1.175.4.1 src/sys/netinet6/raw_ip6.c:1.175.4.2 --- src/sys/netinet6/raw_ip6.c:1.175.4.1 Thu Mar 23 12:06:49 2023 +++ src/sys/netinet6/raw_ip6.c Sun Mar 10 18:54:41 2024 @@ -1,4 +1,4 @@ -/* $NetBSD: raw_ip6.c,v 1.175.4.1 2023/03/23 12:06:49 martin Exp $ */ +/* $NetBSD: raw_ip6.c,v 1.175.4.2 2024/03/10 18:54:41 martin Exp $ */ /* $KAME: raw_ip6.c,v 1.82 2001/07/23 18:57:56 jinmei Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.175.4.1 2023/03/23 12:06:49 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.175.4.2 2024/03/10 18:54:41 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_ipsec.h" @@ -140,7 +140,8 @@ rip6_sbappendaddr(struct in6pcb *last, s { struct mbuf *opts = NULL; - if (last->in6p_flags & IN6P_CONTROLOPTS) + if (last->in6p_flags & IN6P_CONTROLOPTS || + SOOPT_TIMESTAMP(last->in6p_socket->so_options)) ip6_savecontrol(last, &opts, ip6, n); m_adj(n, hlen);
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Fri Aug 4 14:29:44 UTC 2023 Modified Files: src/sys/netinet6 [netbsd-9]: in6.c ip6_output.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1707): sys/netinet6/in6.c: revision 1.289 sys/netinet6/ip6_output.c: revision 1.234 in6: clear ND6_IFF_IFDISABLED to allow DAD again on link-up in6: don't send any IPv6 packets over a disabled interface To generate a diff of this commit: cvs rdiff -u -r1.275.2.1 -r1.275.2.2 src/sys/netinet6/in6.c cvs rdiff -u -r1.220.2.1 -r1.220.2.2 src/sys/netinet6/ip6_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/in6.c diff -u src/sys/netinet6/in6.c:1.275.2.1 src/sys/netinet6/in6.c:1.275.2.2 --- src/sys/netinet6/in6.c:1.275.2.1 Thu Oct 8 18:04:59 2020 +++ src/sys/netinet6/in6.c Fri Aug 4 14:29:44 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: in6.c,v 1.275.2.1 2020/10/08 18:04:59 martin Exp $ */ +/* $NetBSD: in6.c,v 1.275.2.2 2023/08/04 14:29:44 martin Exp $ */ /* $KAME: in6.c,v 1.198 2001/07/18 09:12:38 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: in6.c,v 1.275.2.1 2020/10/08 18:04:59 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: in6.c,v 1.275.2.2 2023/08/04 14:29:44 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -2310,6 +2310,10 @@ in6_if_link_down(struct ifnet *ifp) } pserialize_read_exit(s); curlwp_bindx(bound); + + /* Clear ND6_IFF_IFDISABLED to allow DAD again on link-up. */ + if (ifp->if_afdata[AF_INET6] != NULL) + ND_IFINFO(ifp)->flags &= ~ND6_IFF_IFDISABLED; } void Index: src/sys/netinet6/ip6_output.c diff -u src/sys/netinet6/ip6_output.c:1.220.2.1 src/sys/netinet6/ip6_output.c:1.220.2.2 --- src/sys/netinet6/ip6_output.c:1.220.2.1 Thu Mar 23 12:06:49 2023 +++ src/sys/netinet6/ip6_output.c Fri Aug 4 14:29:44 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_output.c,v 1.220.2.1 2023/03/23 12:06:49 martin Exp $ */ +/* $NetBSD: ip6_output.c,v 1.220.2.2 2023/08/04 14:29:44 martin Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.220.2.1 2023/03/23 12:06:49 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.220.2.2 2023/08/04 14:29:44 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -170,6 +170,12 @@ ip6_if_output(struct ifnet * const ifp, } } + /* discard the packet if IPv6 operation is disabled on the interface */ + if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)) { + m_freem(m); + return ENETDOWN; /* better error? */ + } + if ((ifp->if_flags & IFF_LOOPBACK) != 0) error = if_output_lock(ifp, origifp, m, sin6tocsa(dst), rt); else
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Fri Aug 4 14:29:44 UTC 2023 Modified Files: src/sys/netinet6 [netbsd-9]: in6.c ip6_output.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1707): sys/netinet6/in6.c: revision 1.289 sys/netinet6/ip6_output.c: revision 1.234 in6: clear ND6_IFF_IFDISABLED to allow DAD again on link-up in6: don't send any IPv6 packets over a disabled interface To generate a diff of this commit: cvs rdiff -u -r1.275.2.1 -r1.275.2.2 src/sys/netinet6/in6.c cvs rdiff -u -r1.220.2.1 -r1.220.2.2 src/sys/netinet6/ip6_output.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Fri Aug 4 14:23:02 UTC 2023 Modified Files: src/sys/netinet6 [netbsd-9]: in6_src.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1706): sys/netinet6/in6_src.c: revision 1.92 in6: add missing rtcache_unref to in6_selectroute By default, this issue is harmless. However, if NET_MPSAFE is enabled, it could eventually lead to a kernel panic. To generate a diff of this commit: cvs rdiff -u -r1.85.6.1 -r1.85.6.2 src/sys/netinet6/in6_src.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/in6_src.c diff -u src/sys/netinet6/in6_src.c:1.85.6.1 src/sys/netinet6/in6_src.c:1.85.6.2 --- src/sys/netinet6/in6_src.c:1.85.6.1 Wed Aug 11 17:22:17 2021 +++ src/sys/netinet6/in6_src.c Fri Aug 4 14:23:02 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: in6_src.c,v 1.85.6.1 2021/08/11 17:22:17 martin Exp $ */ +/* $NetBSD: in6_src.c,v 1.85.6.2 2023/08/04 14:23:02 martin Exp $ */ /* $KAME: in6_src.c,v 1.159 2005/10/19 01:40:32 t-momose Exp $ */ /* @@ -66,7 +66,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: in6_src.c,v 1.85.6.1 2021/08/11 17:22:17 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: in6_src.c,v 1.85.6.2 2023/08/04 14:23:02 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -708,6 +708,7 @@ in6_selectroute(struct sockaddr_in6 *dst if (count_discard) in6_ifstat_inc(rt->rt_ifp, ifs6_out_discard); error = EHOSTUNREACH; + rtcache_unref(rt, *ro); rt = NULL; } }
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Fri Aug 4 14:23:02 UTC 2023 Modified Files: src/sys/netinet6 [netbsd-9]: in6_src.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1706): sys/netinet6/in6_src.c: revision 1.92 in6: add missing rtcache_unref to in6_selectroute By default, this issue is harmless. However, if NET_MPSAFE is enabled, it could eventually lead to a kernel panic. To generate a diff of this commit: cvs rdiff -u -r1.85.6.1 -r1.85.6.2 src/sys/netinet6/in6_src.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Thu Mar 23 12:06:49 UTC 2023 Modified Files: src/sys/netinet6 [netbsd-9]: ip6_output.c raw_ip6.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1615): sys/netinet6/raw_ip6.c: revision 1.183 (via patch) sys/netinet6/ip6_output.c: revision 1.233 in6: reject setting negative values but -1 via setsockopt(IPV6_CHECKSUM) Same as OpenBSD. in6: make sure a user-specified checksum field is within a packet >From OpenBSD To generate a diff of this commit: cvs rdiff -u -r1.220 -r1.220.2.1 src/sys/netinet6/ip6_output.c cvs rdiff -u -r1.175 -r1.175.4.1 src/sys/netinet6/raw_ip6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/ip6_output.c diff -u src/sys/netinet6/ip6_output.c:1.220 src/sys/netinet6/ip6_output.c:1.220.2.1 --- src/sys/netinet6/ip6_output.c:1.220 Wed May 15 02:59:18 2019 +++ src/sys/netinet6/ip6_output.c Thu Mar 23 12:06:49 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_output.c,v 1.220 2019/05/15 02:59:18 ozaki-r Exp $ */ +/* $NetBSD: ip6_output.c,v 1.220.2.1 2023/03/23 12:06:49 martin Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.220 2019/05/15 02:59:18 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.220.2.1 2023/03/23 12:06:49 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1957,8 +1957,12 @@ ip6_raw_ctloutput(int op, struct socket error = sockopt_getint(sopt, &optval); if (error) break; - if ((optval % 2) != 0) { -/* the API assumes even offset values */ + if (optval < -1 || + (optval > 0 && (optval % 2) != 0)) { +/* + * The API assumes non-negative even offset + * values or -1 as a special value. + */ error = EINVAL; } else if (so->so_proto->pr_protocol == IPPROTO_ICMPV6) { Index: src/sys/netinet6/raw_ip6.c diff -u src/sys/netinet6/raw_ip6.c:1.175 src/sys/netinet6/raw_ip6.c:1.175.4.1 --- src/sys/netinet6/raw_ip6.c:1.175 Mon Feb 25 06:49:44 2019 +++ src/sys/netinet6/raw_ip6.c Thu Mar 23 12:06:49 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: raw_ip6.c,v 1.175 2019/02/25 06:49:44 maxv Exp $ */ +/* $NetBSD: raw_ip6.c,v 1.175.4.1 2023/03/23 12:06:49 martin Exp $ */ /* $KAME: raw_ip6.c,v 1.82 2001/07/23 18:57:56 jinmei Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.175 2019/02/25 06:49:44 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.175.4.1 2023/03/23 12:06:49 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_ipsec.h" @@ -204,7 +204,16 @@ rip6_input(struct mbuf **mp, int *offp, continue; if (in6p->in6p_cksum != -1) { RIP6_STATINC(RIP6_STAT_ISUM); - if (in6_cksum(m, proto, *offp, + /* + * Although in6_cksum() does not need the position of + * the checksum field for verification, enforce that it + * is located within the packet. Userland has given + * a checksum offset, a packet too short for that is + * invalid. Avoid overflow with user supplied offset. + */ + if (m->m_pkthdr.len < *offp + 2 || + m->m_pkthdr.len - *offp - 2 < in6p->in6p_cksum || + in6_cksum(m, proto, *offp, m->m_pkthdr.len - *offp)) { RIP6_STATINC(RIP6_STAT_BADSUM); continue; @@ -472,7 +481,7 @@ rip6_output(struct mbuf *m, struct socke off = offsetof(struct icmp6_hdr, icmp6_cksum); else off = in6p->in6p_cksum; - if (plen < off + 1) { + if (plen < 2 || plen - 2 < off) { error = EINVAL; goto bad; }
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Thu Mar 23 12:06:49 UTC 2023 Modified Files: src/sys/netinet6 [netbsd-9]: ip6_output.c raw_ip6.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1615): sys/netinet6/raw_ip6.c: revision 1.183 (via patch) sys/netinet6/ip6_output.c: revision 1.233 in6: reject setting negative values but -1 via setsockopt(IPV6_CHECKSUM) Same as OpenBSD. in6: make sure a user-specified checksum field is within a packet >From OpenBSD To generate a diff of this commit: cvs rdiff -u -r1.220 -r1.220.2.1 src/sys/netinet6/ip6_output.c cvs rdiff -u -r1.175 -r1.175.4.1 src/sys/netinet6/raw_ip6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Thu Oct 27 16:06:24 UTC 2022 Modified Files: src/sys/netinet6 [netbsd-9]: frag6.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1548): sys/netinet6/frag6.c: revision 1.76 frag6: don't use spin mutex for frag6_lock frag6_lock is held during sending a packet (icmp6_error), so we must not use a spin mutex because we can acquire sleep locks on sending a packet. Also we don't need to use spin mutex for frag6_lock anymore because frag6_lock is now not used from hardware interrupt context. To generate a diff of this commit: cvs rdiff -u -r1.74 -r1.74.6.1 src/sys/netinet6/frag6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/frag6.c diff -u src/sys/netinet6/frag6.c:1.74 src/sys/netinet6/frag6.c:1.74.6.1 --- src/sys/netinet6/frag6.c:1.74 Tue May 15 19:16:38 2018 +++ src/sys/netinet6/frag6.c Thu Oct 27 16:06:24 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: frag6.c,v 1.74 2018/05/15 19:16:38 maxv Exp $ */ +/* $NetBSD: frag6.c,v 1.74.6.1 2022/10/27 16:06:24 martin Exp $ */ /* $KAME: frag6.c,v 1.40 2002/05/27 21:40:31 itojun Exp $ */ /* @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: frag6.c,v 1.74 2018/05/15 19:16:38 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: frag6.c,v 1.74.6.1 2022/10/27 16:06:24 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_net_mpsafe.h" @@ -117,7 +117,7 @@ frag6_init(void) { ip6q.ip6q_next = ip6q.ip6q_prev = &ip6q; - mutex_init(&frag6_lock, MUTEX_DEFAULT, IPL_NET); + mutex_init(&frag6_lock, MUTEX_DEFAULT, IPL_NONE); } /*
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Thu Oct 27 16:06:24 UTC 2022 Modified Files: src/sys/netinet6 [netbsd-9]: frag6.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1548): sys/netinet6/frag6.c: revision 1.76 frag6: don't use spin mutex for frag6_lock frag6_lock is held during sending a packet (icmp6_error), so we must not use a spin mutex because we can acquire sleep locks on sending a packet. Also we don't need to use spin mutex for frag6_lock anymore because frag6_lock is now not used from hardware interrupt context. To generate a diff of this commit: cvs rdiff -u -r1.74 -r1.74.6.1 src/sys/netinet6/frag6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Mon Aug 8 17:09:21 UTC 2022 Modified Files: src/sys/netinet6 [netbsd-9]: nd6.c Log Message: Apply patch, requested by kim in ticket #1497: sys/netinet6/nd6.c (apply patch) PR 55680: avoid duplicate free of link layer entries (code in HEAD is different) To generate a diff of this commit: cvs rdiff -u -r1.256.2.8 -r1.256.2.9 src/sys/netinet6/nd6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/nd6.c diff -u src/sys/netinet6/nd6.c:1.256.2.8 src/sys/netinet6/nd6.c:1.256.2.9 --- src/sys/netinet6/nd6.c:1.256.2.8 Fri Aug 20 19:32:49 2021 +++ src/sys/netinet6/nd6.c Mon Aug 8 17:09:20 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: nd6.c,v 1.256.2.8 2021/08/20 19:32:49 martin Exp $ */ +/* $NetBSD: nd6.c,v 1.256.2.9 2022/08/08 17:09:20 martin Exp $ */ /* $KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $ */ /* @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.256.2.8 2021/08/20 19:32:49 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.256.2.9 2022/08/08 17:09:20 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_net_mpsafe.h" @@ -483,7 +483,6 @@ nd6_llinfo_timer(void *arg) switch (ln->ln_state) { case ND6_LLINFO_WAITDELETE: - LLE_REMREF(ln); nd6_free(ln, 0); ln = NULL; break; @@ -537,7 +536,6 @@ nd6_llinfo_timer(void *arg) case ND6_LLINFO_STALE: /* Garbage Collection(RFC 2461 5.3) */ if (!ND6_LLINFO_PERMANENT(ln)) { - LLE_REMREF(ln); nd6_free(ln, 1); ln = NULL; } @@ -561,7 +559,6 @@ nd6_llinfo_timer(void *arg) daddr6 = &ln->r_l3addr.addr6; send_ns = true; } else { - LLE_REMREF(ln); nd6_free(ln, 0); ln = NULL; } @@ -1240,6 +1237,7 @@ nd6_free(struct llentry *ln, int gc) (ln->ln_expire - time_uptime) * hz); else nd6_llinfo_settimer(ln, nd6_gctimer * hz); + LLE_REMREF(ln); LLE_WUNLOCK(ln); return; } @@ -1317,6 +1315,7 @@ nd6_free(struct llentry *ln, int gc) IF_AFDATA_LOCK(ifp); LLE_WLOCK(ln); + LLE_REMREF(ln); lltable_free_entry(LLTABLE6(ifp), ln); IF_AFDATA_UNLOCK(ifp);
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Mon Aug 8 17:09:21 UTC 2022 Modified Files: src/sys/netinet6 [netbsd-9]: nd6.c Log Message: Apply patch, requested by kim in ticket #1497: sys/netinet6/nd6.c (apply patch) PR 55680: avoid duplicate free of link layer entries (code in HEAD is different) To generate a diff of this commit: cvs rdiff -u -r1.256.2.8 -r1.256.2.9 src/sys/netinet6/nd6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Fri Aug 20 19:32:49 UTC 2021 Modified Files: src/sys/netinet6 [netbsd-9]: nd6.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1338): sys/netinet6/nd6.c: revision 1.277 nd6: prevent ln from being freed while releasing held packets To generate a diff of this commit: cvs rdiff -u -r1.256.2.7 -r1.256.2.8 src/sys/netinet6/nd6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/nd6.c diff -u src/sys/netinet6/nd6.c:1.256.2.7 src/sys/netinet6/nd6.c:1.256.2.8 --- src/sys/netinet6/nd6.c:1.256.2.7 Mon Sep 30 15:55:40 2019 +++ src/sys/netinet6/nd6.c Fri Aug 20 19:32:49 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: nd6.c,v 1.256.2.7 2019/09/30 15:55:40 martin Exp $ */ +/* $NetBSD: nd6.c,v 1.256.2.8 2021/08/20 19:32:49 martin Exp $ */ /* $KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $ */ /* @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.256.2.7 2019/09/30 15:55:40 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.256.2.8 2021/08/20 19:32:49 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_net_mpsafe.h" @@ -2036,6 +2036,7 @@ nd6_llinfo_release_pkts(struct llentry * m_hold = ln->la_hold, ln->la_hold = NULL, ln->la_numheld = 0; + LLE_ADDREF(ln); LLE_WUNLOCK(ln); for (; m_hold != NULL; m_hold = m_hold_next) { m_hold_next = m_hold->m_nextpkt; @@ -2049,6 +2050,7 @@ nd6_llinfo_release_pkts(struct llentry * ip6_if_output(ifp, ifp, m_hold, &sin6, NULL); } LLE_WLOCK(ln); + LLE_REMREF(ln); } /*
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Fri Aug 20 19:32:49 UTC 2021 Modified Files: src/sys/netinet6 [netbsd-9]: nd6.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1338): sys/netinet6/nd6.c: revision 1.277 nd6: prevent ln from being freed while releasing held packets To generate a diff of this commit: cvs rdiff -u -r1.256.2.7 -r1.256.2.8 src/sys/netinet6/nd6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Sat Nov 16 17:01:45 UTC 2019 Modified Files: src/sys/netinet6 [netbsd-9]: ip6_input.c Log Message: Pull up following revision(s) (requested by maxv in ticket #432): sys/netinet6/ip6_input.c: revision 1.215 Add more checks in ip6_pullexthdr, to prevent a panic in m_copydata. The Rip6 entry point could see a garbage Hop6 option. Not a big issue, since it's a clean panic only triggerable if the socket has the IN6P_DSTOPTS/IN6P_RTHDR option. To generate a diff of this commit: cvs rdiff -u -r1.208.2.3 -r1.208.2.4 src/sys/netinet6/ip6_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Sat Nov 16 17:01:45 UTC 2019 Modified Files: src/sys/netinet6 [netbsd-9]: ip6_input.c Log Message: Pull up following revision(s) (requested by maxv in ticket #432): sys/netinet6/ip6_input.c: revision 1.215 Add more checks in ip6_pullexthdr, to prevent a panic in m_copydata. The Rip6 entry point could see a garbage Hop6 option. Not a big issue, since it's a clean panic only triggerable if the socket has the IN6P_DSTOPTS/IN6P_RTHDR option. To generate a diff of this commit: cvs rdiff -u -r1.208.2.3 -r1.208.2.4 src/sys/netinet6/ip6_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/ip6_input.c diff -u src/sys/netinet6/ip6_input.c:1.208.2.3 src/sys/netinet6/ip6_input.c:1.208.2.4 --- src/sys/netinet6/ip6_input.c:1.208.2.3 Wed Oct 23 19:33:07 2019 +++ src/sys/netinet6/ip6_input.c Sat Nov 16 17:01:45 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_input.c,v 1.208.2.3 2019/10/23 19:33:07 martin Exp $ */ +/* $NetBSD: ip6_input.c,v 1.208.2.4 2019/11/16 17:01:45 martin Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.208.2.3 2019/10/23 19:33:07 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.208.2.4 2019/11/16 17:01:45 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_gateway.h" @@ -1056,6 +1056,8 @@ ip6_savecontrol(struct in6pcb *in6p, str #define IS2292(x, y) (y) #endif + KASSERT(m->m_flags & M_PKTHDR); + if (SOOPT_TIMESTAMP(so->so_options)) mp = sbsavetimestamp(so->so_options, mp); @@ -1297,12 +1299,18 @@ ip6_pullexthdr(struct mbuf *m, size_t of size_t elen; struct mbuf *n; + if (off + sizeof(ip6e) > m->m_pkthdr.len) + return NULL; + m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); if (nxt == IPPROTO_AH) elen = (ip6e.ip6e_len + 2) << 2; else elen = (ip6e.ip6e_len + 1) << 3; + if (off + elen > m->m_pkthdr.len) + return NULL; + MGET(n, M_DONTWAIT, MT_DATA); if (n && elen >= MLEN) { MCLGET(n, M_DONTWAIT);
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Sun Sep 22 10:24:09 UTC 2019 Modified Files: src/sys/netinet6 [netbsd-9]: nd6_nbr.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #212): sys/netinet6/nd6_nbr.c: revision 1.173 nd6: remove extra pserialize_read_exit To generate a diff of this commit: cvs rdiff -u -r1.166.2.2 -r1.166.2.3 src/sys/netinet6/nd6_nbr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/nd6_nbr.c diff -u src/sys/netinet6/nd6_nbr.c:1.166.2.2 src/sys/netinet6/nd6_nbr.c:1.166.2.3 --- src/sys/netinet6/nd6_nbr.c:1.166.2.2 Thu Sep 5 08:28:06 2019 +++ src/sys/netinet6/nd6_nbr.c Sun Sep 22 10:24:09 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: nd6_nbr.c,v 1.166.2.2 2019/09/05 08:28:06 martin Exp $ */ +/* $NetBSD: nd6_nbr.c,v 1.166.2.3 2019/09/22 10:24:09 martin Exp $ */ /* $KAME: nd6_nbr.c,v 1.61 2001/02/10 16:06:14 jinmei Exp $ */ /* @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.166.2.2 2019/09/05 08:28:06 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.166.2.3 2019/09/22 10:24:09 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -494,7 +494,6 @@ nd6_ns_output(struct ifnet *ifp, const s "determined: dst=%s, error=%d\n", IN6_PRINT(ip6buf, &dst_sa.sin6_addr), error); -pserialize_read_exit(s); goto bad; } src = &src_in;
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Sun Sep 22 10:24:09 UTC 2019 Modified Files: src/sys/netinet6 [netbsd-9]: nd6_nbr.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #212): sys/netinet6/nd6_nbr.c: revision 1.173 nd6: remove extra pserialize_read_exit To generate a diff of this commit: cvs rdiff -u -r1.166.2.2 -r1.166.2.3 src/sys/netinet6/nd6_nbr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Fri Sep 6 19:43:00 UTC 2019 Modified Files: src/sys/netinet6 [netbsd-9]: in6.h Log Message: Pull up following revision(s) (requested by kamil in ticket #183): sys/netinet6/in6.h: revision 1.96 Revert regression introduced in in6.h r. 1.95 revision 1.95 date: 2019-05-28 05:56:46 +0200; author: kamil; state: Exp; lines: +2 -2; commitid: YrUzDYl5zfcjiVoB; Decorate struct in6_addr with the __packed attribute This avoids undefined behavior when accessing misaligned pointers. Detected by kUBSan. Patch by Akul Pillai. This change caused regression in at least qemu and addresses potential binary ABI breakage. Fixes PR/54523 by To generate a diff of this commit: cvs rdiff -u -r1.95 -r1.95.2.1 src/sys/netinet6/in6.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/in6.h diff -u src/sys/netinet6/in6.h:1.95 src/sys/netinet6/in6.h:1.95.2.1 --- src/sys/netinet6/in6.h:1.95 Tue May 28 03:56:46 2019 +++ src/sys/netinet6/in6.h Fri Sep 6 19:43:00 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: in6.h,v 1.95 2019/05/28 03:56:46 kamil Exp $ */ +/* $NetBSD: in6.h,v 1.95.2.1 2019/09/06 19:43:00 martin Exp $ */ /* $KAME: in6.h,v 1.83 2001/03/29 02:55:07 jinmei Exp $ */ /* @@ -126,7 +126,7 @@ struct in6_addr { __uint16_t __u6_addr16[8]; uint32_t __u6_addr32[4]; } __u6_addr; /* 128-bit IP6 address */ -} __packed; +}; #define s6_addr __u6_addr.__u6_addr8 #ifdef _KERNEL /* XXX nonstandard */
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Fri Sep 6 19:43:00 UTC 2019 Modified Files: src/sys/netinet6 [netbsd-9]: in6.h Log Message: Pull up following revision(s) (requested by kamil in ticket #183): sys/netinet6/in6.h: revision 1.96 Revert regression introduced in in6.h r. 1.95 revision 1.95 date: 2019-05-28 05:56:46 +0200; author: kamil; state: Exp; lines: +2 -2; commitid: YrUzDYl5zfcjiVoB; Decorate struct in6_addr with the __packed attribute This avoids undefined behavior when accessing misaligned pointers. Detected by kUBSan. Patch by Akul Pillai. This change caused regression in at least qemu and addresses potential binary ABI breakage. Fixes PR/54523 by To generate a diff of this commit: cvs rdiff -u -r1.95 -r1.95.2.1 src/sys/netinet6/in6.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Thu Sep 5 08:32:34 UTC 2019 Modified Files: src/sys/netinet6 [netbsd-9]: nd6.c nd6.h Log Message: Pull up following revision(s) (requested by roy in ticket #169): sys/netinet6/nd6.h: revision 1.87 sys/netinet6/nd6.c: revision 1.263 inet6: Re-introduce ND6_LLINFO_WAITDELETE so we can return EHOSTDOWN Once we've sent nd6_mmaxtries NS messages, send RTM_MISS and move to the ND6_LLINFO_WAITDELETE state rather than freeing the llentry right away. Wait for a probe cycle and then free the llentry. If a connection attempts to re-use the llentry during ND6_LLINFO_WAITDELETE, return EHOSTDOWN (or EHOSTUNREACH if a gateway) to match inet behaviour. Continue to ND6_LLINFO_INCOMPLETE and send another NS probe in hope of a reply. Rinse and repeat. This reverts part of nd6.c r1.14 - an 18 year old commit! To generate a diff of this commit: cvs rdiff -u -r1.256.2.5 -r1.256.2.6 src/sys/netinet6/nd6.c cvs rdiff -u -r1.86 -r1.86.6.1 src/sys/netinet6/nd6.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/nd6.c diff -u src/sys/netinet6/nd6.c:1.256.2.5 src/sys/netinet6/nd6.c:1.256.2.6 --- src/sys/netinet6/nd6.c:1.256.2.5 Thu Sep 5 08:28:06 2019 +++ src/sys/netinet6/nd6.c Thu Sep 5 08:32:34 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: nd6.c,v 1.256.2.5 2019/09/05 08:28:06 martin Exp $ */ +/* $NetBSD: nd6.c,v 1.256.2.6 2019/09/05 08:32:34 martin Exp $ */ /* $KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $ */ /* @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.256.2.5 2019/09/05 08:28:06 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.256.2.6 2019/09/05 08:32:34 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_net_mpsafe.h" @@ -480,9 +480,14 @@ nd6_llinfo_timer(void *arg) ndi = ND_IFINFO(ifp); switch (ln->ln_state) { + case ND6_LLINFO_WAITDELETE: + LLE_REMREF(ln); + nd6_free(ln, 0); + ln = NULL; + break; + case ND6_LLINFO_INCOMPLETE: - if (ln->ln_asked < nd6_mmaxtries) { - ln->ln_asked++; + if (ln->ln_asked++ < nd6_mmaxtries) { send_ns = true; break; } @@ -506,9 +511,17 @@ nd6_llinfo_timer(void *arg) sockaddr_in6_init(&sin6, taddr6, 0, 0, 0); rt_clonedmsg(RTM_MISS, sin6tosa(&sin6), NULL, ifp); - LLE_REMREF(ln); - nd6_free(ln, 0); - ln = NULL; + /* + * Move to the ND6_LLINFO_WAITDELETE state for another + * interval at which point the llentry will be freed + * unless it's attempted to be used again and we'll + * resend NS again, rinse and repeat. + */ + ln->ln_state = ND6_LLINFO_WAITDELETE; + if (ln->ln_asked == nd6_mmaxtries) + nd6_llinfo_settimer(ln, ndi->retrans * hz / 1000); + else + send_ns = true; break; case ND6_LLINFO_REACHABLE: @@ -2312,6 +2325,7 @@ nd6_resolve(struct ifnet *ifp, const str struct llentry *ln = NULL; bool created = false; const struct sockaddr_in6 *dst = satocsin6(_dst); + int error; /* discard the packet if IPv6 operation is disabled on the interface */ if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)) { @@ -2406,7 +2420,8 @@ nd6_resolve(struct ifnet *ifp, const str * does not exceed nd6_maxqueuelen. When it exceeds nd6_maxqueuelen, * the oldest packet in the queue will be removed. */ - if (ln->ln_state == ND6_LLINFO_NOSTATE) + if (ln->ln_state == ND6_LLINFO_NOSTATE || + ln->ln_state == ND6_LLINFO_WAITDELETE) ln->ln_state = ND6_LLINFO_INCOMPLETE; if (ln->ln_hold) { struct mbuf *m_hold; @@ -2430,6 +2445,12 @@ nd6_resolve(struct ifnet *ifp, const str ln->ln_hold = m; } + if (ln->ln_asked >= nd6_mmaxtries) + error = (rt != NULL && rt->rt_flags & RTF_GATEWAY) ? + EHOSTUNREACH : EHOSTDOWN; + else + error = EWOULDBLOCK; + /* * If there has been no NS for the neighbor after entering the * INCOMPLETE state, send the first solicitation. @@ -2448,7 +2469,7 @@ nd6_resolve(struct ifnet *ifp, const str if (created) nd6_gc_neighbors(LLTABLE6(ifp), &dst->sin6_addr); - return EWOULDBLOCK; + return error; } int Index: src/sys/netinet6/nd6.h diff -u src/sys/netinet6/nd6.h:1.86 src/sys/netinet6/nd6.h:1.86.6.1 --- src/sys/netinet6/nd6.h:1.86 Tue Mar 6 10:57:00 2018 +++ src/sys/netinet6/nd6.h Thu Sep 5 08:32:34 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: nd6.h,v 1.86 2018/03/06 10:57:00 roy Exp $ */ +/* $NetBSD: nd6.h,v 1.86.6.1 2019/09/05 08:32:34 martin Exp $ */ /* $KAME: nd6.h,v 1.95 2002/06/08 11:31:06 itojun Exp $ */ /* @@ -38,14 +38,7 @@ #define ND6_LLINFO_PURGE -3 #define ND6_LLINFO_NOSTATE -2 -/* - * We don't need the WAITDELETE state any more, but we keep the definition - * in a comment line instead of removing it. This is necessary to avoid - * unintentionally reusing the value for another purpose, which might - * affect backward compatibility with old applications. - * (2711 jin...@kame.net) - */ -/* #define ND6_LLINFO_WAITDELETE -1 */ +#define ND6_LLI
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Thu Sep 5 08:32:34 UTC 2019 Modified Files: src/sys/netinet6 [netbsd-9]: nd6.c nd6.h Log Message: Pull up following revision(s) (requested by roy in ticket #169): sys/netinet6/nd6.h: revision 1.87 sys/netinet6/nd6.c: revision 1.263 inet6: Re-introduce ND6_LLINFO_WAITDELETE so we can return EHOSTDOWN Once we've sent nd6_mmaxtries NS messages, send RTM_MISS and move to the ND6_LLINFO_WAITDELETE state rather than freeing the llentry right away. Wait for a probe cycle and then free the llentry. If a connection attempts to re-use the llentry during ND6_LLINFO_WAITDELETE, return EHOSTDOWN (or EHOSTUNREACH if a gateway) to match inet behaviour. Continue to ND6_LLINFO_INCOMPLETE and send another NS probe in hope of a reply. Rinse and repeat. This reverts part of nd6.c r1.14 - an 18 year old commit! To generate a diff of this commit: cvs rdiff -u -r1.256.2.5 -r1.256.2.6 src/sys/netinet6/nd6.c cvs rdiff -u -r1.86 -r1.86.6.1 src/sys/netinet6/nd6.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Sun Sep 1 14:06:22 UTC 2019 Modified Files: src/sys/netinet6 [netbsd-9]: nd6.c Log Message: Pull up following revision(s) (requested by roy in ticket #148): sys/netinet6/nd6.c: revision 1.261 inet6: don't set an invalid lladdr in nd6_free() We don't want to announce that we've deleted a hwaddr of all zeros. To generate a diff of this commit: cvs rdiff -u -r1.256.2.3 -r1.256.2.4 src/sys/netinet6/nd6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/nd6.c diff -u src/sys/netinet6/nd6.c:1.256.2.3 src/sys/netinet6/nd6.c:1.256.2.4 --- src/sys/netinet6/nd6.c:1.256.2.3 Sun Sep 1 11:00:31 2019 +++ src/sys/netinet6/nd6.c Sun Sep 1 14:06:22 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: nd6.c,v 1.256.2.3 2019/09/01 11:00:31 martin Exp $ */ +/* $NetBSD: nd6.c,v 1.256.2.4 2019/09/01 14:06:22 martin Exp $ */ /* $KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $ */ /* @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.256.2.3 2019/09/01 11:00:31 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.256.2.4 2019/09/01 14:06:22 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_net_mpsafe.h" @@ -1192,6 +1192,7 @@ nd6_free(struct llentry *ln, int gc) struct ifnet *ifp; struct in6_addr *in6; struct sockaddr_in6 sin6; + const char *lladdr; KASSERT(ln != NULL); LLE_WLOCK_ASSERT(ln); @@ -1282,8 +1283,8 @@ nd6_free(struct llentry *ln, int gc) } sockaddr_in6_init(&sin6, in6, 0, 0, 0); - rt_clonedmsg(RTM_DELETE, sin6tosa(&sin6), - (const uint8_t *)&ln->ll_addr, ifp); + lladdr = ln->la_flags & LLE_VALID ? (const char *)&ln->ll_addr : NULL; + rt_clonedmsg(RTM_DELETE, sin6tosa(&sin6), lladdr, ifp); /* * Save to unlock. We still hold an extra reference and will not
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Sun Sep 1 14:06:22 UTC 2019 Modified Files: src/sys/netinet6 [netbsd-9]: nd6.c Log Message: Pull up following revision(s) (requested by roy in ticket #148): sys/netinet6/nd6.c: revision 1.261 inet6: don't set an invalid lladdr in nd6_free() We don't want to announce that we've deleted a hwaddr of all zeros. To generate a diff of this commit: cvs rdiff -u -r1.256.2.3 -r1.256.2.4 src/sys/netinet6/nd6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Sun Sep 1 11:00:31 UTC 2019 Modified Files: src/sys/netinet6 [netbsd-9]: nd6.c Log Message: Pull up following revision(s) (requested by roy in ticket #131): sys/netinet6/nd6.c: revision 1.260 inet6: nd6_free assumes all routers are processed by kernel RA This hasn't been the case for a long time if you're a dhcpcd user with a default config. As such, it's possible for the default IPv6 router as set by dhcpcd could be erroneously gc'ed by nd6_free. This reduces the scope of the ND6_WLOCK taken as well as fixing an issue where we write to ln->ln_state without a lock being held. To generate a diff of this commit: cvs rdiff -u -r1.256.2.2 -r1.256.2.3 src/sys/netinet6/nd6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Sun Sep 1 11:00:31 UTC 2019 Modified Files: src/sys/netinet6 [netbsd-9]: nd6.c Log Message: Pull up following revision(s) (requested by roy in ticket #131): sys/netinet6/nd6.c: revision 1.260 inet6: nd6_free assumes all routers are processed by kernel RA This hasn't been the case for a long time if you're a dhcpcd user with a default config. As such, it's possible for the default IPv6 router as set by dhcpcd could be erroneously gc'ed by nd6_free. This reduces the scope of the ND6_WLOCK taken as well as fixing an issue where we write to ln->ln_state without a lock being held. To generate a diff of this commit: cvs rdiff -u -r1.256.2.2 -r1.256.2.3 src/sys/netinet6/nd6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/nd6.c diff -u src/sys/netinet6/nd6.c:1.256.2.2 src/sys/netinet6/nd6.c:1.256.2.3 --- src/sys/netinet6/nd6.c:1.256.2.2 Mon Aug 26 13:42:36 2019 +++ src/sys/netinet6/nd6.c Sun Sep 1 11:00:31 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: nd6.c,v 1.256.2.2 2019/08/26 13:42:36 martin Exp $ */ +/* $NetBSD: nd6.c,v 1.256.2.3 2019/09/01 11:00:31 martin Exp $ */ /* $KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $ */ /* @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.256.2.2 2019/08/26 13:42:36 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.256.2.3 2019/09/01 11:00:31 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_net_mpsafe.h" @@ -1189,7 +1189,6 @@ nd6_is_addr_neighbor(const struct sockad static void nd6_free(struct llentry *ln, int gc) { - struct nd_defrouter *dr; struct ifnet *ifp; struct in6_addr *in6; struct sockaddr_in6 sin6; @@ -1204,81 +1203,70 @@ nd6_free(struct llentry *ln, int gc) * even though it is not harmful, it was not really necessary. */ - if (!ip6_forwarding) { - ND6_WLOCK(); - dr = nd6_defrouter_lookup(in6, ifp); - - if (dr != NULL && dr->expire && - ln->ln_state == ND6_LLINFO_STALE && gc) { + if (!ip6_forwarding && ln->ln_router) { + if (ln->ln_state == ND6_LLINFO_STALE && gc) { /* * If the reason for the deletion is just garbage - * collection, and the neighbor is an active default + * collection, and the neighbor is an active * router, do not delete it. Instead, reset the GC * timer using the router's lifetime. - * Simply deleting the entry would affect default + * Simply deleting the entry may affect default * router selection, which is not necessarily a good * thing, especially when we're using router preference * values. * XXX: the check for ln_state would be redundant, * but we intentionally keep it just in case. */ - if (dr->expire > time_uptime) + if (ln->ln_expire > time_uptime) nd6_llinfo_settimer(ln, -(dr->expire - time_uptime) * hz); +(ln->ln_expire - time_uptime) * hz); else nd6_llinfo_settimer(ln, nd6_gctimer * hz); - ND6_UNLOCK(); LLE_WUNLOCK(ln); return; } - if (ln->ln_router || dr) { - /* - * We need to unlock to avoid a LOR with nd6_rt_flush() - * with the rnh and for the calls to - * nd6_pfxlist_onlink_check() and nd6_defrouter_select() in the - * block further down for calls into nd6_lookup(). - * We still hold a ref. - */ - LLE_WUNLOCK(ln); - - /* - * nd6_rt_flush must be called whether or not the neighbor - * is in the Default Router List. - * See a corresponding comment in nd6_na_input(). - */ - nd6_rt_flush(in6, ifp); - } + ND6_WLOCK(); - if (dr) { - /* - * Unreachablity of a router might affect the default - * router selection and on-link detection of advertised - * prefixes. - */ + /* + * We need to unlock to avoid a LOR with nd6_rt_flush() + * with the rnh and for the calls to + * nd6_pfxlist_onlink_check() and nd6_defrouter_select() in the + * block further down for calls into nd6_lookup(). + * We still hold a ref. + * + * Temporarily fake the state to choose a new default + * router and to perform on-link determination of + * prefixes correctly. + * Below the state will be set correctly, + * or the entry itself will be deleted. + */ + ln->ln_state = ND6_LLINFO_INCOMPLETE; + LLE_WUNLOCK(ln); - /* - * Temporarily fake the state to choose a new default - * router and to perform on-link determination of - * prefixes correctly. - * Below the state will be set correctly, - * or the entry itself will be deleted. - */ - ln->ln_state = ND6_LLINFO_INCOMPLETE; + /* + * nd6_rt_flush must be called whether or not the neighbor + * is in the Default Router List. + * See a corresponding comment in nd6_na_input(). + */ + nd6_rt_flush(in6, ifp); - /* - * Since nd6_defrouter_select() does not affect the - * on-link determination and MIP6 needs the check - * before the default route
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Mon Aug 19 16:08:19 UTC 2019 Modified Files: src/sys/netinet6 [netbsd-9]: nd6.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #97): sys/netinet6/nd6.c: revision 1.257 Add missing IFNET_LOCK for regen_tmpaddr Reported by ryo@ To generate a diff of this commit: cvs rdiff -u -r1.256 -r1.256.2.1 src/sys/netinet6/nd6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet6/nd6.c diff -u src/sys/netinet6/nd6.c:1.256 src/sys/netinet6/nd6.c:1.256.2.1 --- src/sys/netinet6/nd6.c:1.256 Fri Jul 26 10:18:42 2019 +++ src/sys/netinet6/nd6.c Mon Aug 19 16:08:19 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: nd6.c,v 1.256 2019/07/26 10:18:42 christos Exp $ */ +/* $NetBSD: nd6.c,v 1.256.2.1 2019/08/19 16:08:19 martin Exp $ */ /* $KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $ */ /* @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.256 2019/07/26 10:18:42 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.256.2.1 2019/08/19 16:08:19 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_net_mpsafe.h" @@ -666,8 +666,12 @@ nd6_timer_work(struct work *wk, void *ar if (ip6_use_tempaddr && (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0 && (oldflags & IN6_IFF_DEPRECATED) == 0) { +int ret; -if (regen_tmpaddr(ia6) == 0) { +IFNET_LOCK(ia6->ia_ifa.ifa_ifp); +ret = regen_tmpaddr(ia6); +IFNET_UNLOCK(ia6->ia_ifa.ifa_ifp); +if (ret == 0) { /* * A new temporary address is * generated.
CVS commit: [netbsd-9] src/sys/netinet6
Module Name:src Committed By: martin Date: Mon Aug 19 16:08:19 UTC 2019 Modified Files: src/sys/netinet6 [netbsd-9]: nd6.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #97): sys/netinet6/nd6.c: revision 1.257 Add missing IFNET_LOCK for regen_tmpaddr Reported by ryo@ To generate a diff of this commit: cvs rdiff -u -r1.256 -r1.256.2.1 src/sys/netinet6/nd6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.