CVS commit: src
Module Name:src Committed By: mrg Date: Fri Feb 16 07:59:06 UTC 2018 Modified Files: src/distrib/sets/lists/comp: md.ia64 src/external/gpl3/gcc/dist/libsanitizer/sanitizer_common: sanitizer_linux.cc src/external/gpl3/gcc/dist/libsanitizer/ubsan: ubsan_platform.h Log Message: minimal basic support for ia64 and gcc6. i am not sure about the bp part of the GetPcSpBp() port, cherry please look :-) To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/distrib/sets/lists/comp/md.ia64 cvs rdiff -u -r1.15 -r1.16 \ src/external/gpl3/gcc/dist/libsanitizer/sanitizer_common/sanitizer_linux.cc cvs rdiff -u -r1.6 -r1.7 \ src/external/gpl3/gcc/dist/libsanitizer/ubsan/ubsan_platform.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/sets/lists/comp/md.ia64 diff -u src/distrib/sets/lists/comp/md.ia64:1.3 src/distrib/sets/lists/comp/md.ia64:1.4 --- src/distrib/sets/lists/comp/md.ia64:1.3 Thu Feb 23 02:04:11 2017 +++ src/distrib/sets/lists/comp/md.ia64 Fri Feb 16 07:59:05 2018 @@ -1,8 +1,10 @@ -# $NetBSD: md.ia64,v 1.3 2017/02/23 02:04:11 scole Exp $ +# $NetBSD: md.ia64,v 1.4 2018/02/16 07:59:05 mrg Exp $ ./usr/include/gcc-4.8/ia64intrin.h comp-obsolete obsolete ./usr/include/gcc-4.8/tgmath.h comp-obsolete obsolete -./usr/include/gcc-5/ia64intrin.h comp-c-include -./usr/include/gcc-5/tgmath.h comp-c-include +./usr/include/gcc-5/ia64intrin.h comp-c-include gcc=5 +./usr/include/gcc-5/tgmath.h comp-c-include gcc=5 +./usr/include/gcc-6/ia64intrin.h comp-c-include gcc=6 +./usr/include/gcc-6/tgmath.h comp-c-include gcc=6 ./usr/include/ia64 comp-c-include ./usr/include/ia64/_regset.h comp-c-include ./usr/include/ia64/acpi_machdep.h comp-c-include Index: src/external/gpl3/gcc/dist/libsanitizer/sanitizer_common/sanitizer_linux.cc diff -u src/external/gpl3/gcc/dist/libsanitizer/sanitizer_common/sanitizer_linux.cc:1.15 src/external/gpl3/gcc/dist/libsanitizer/sanitizer_common/sanitizer_linux.cc:1.16 --- src/external/gpl3/gcc/dist/libsanitizer/sanitizer_common/sanitizer_linux.cc:1.15 Wed Feb 7 02:32:01 2018 +++ src/external/gpl3/gcc/dist/libsanitizer/sanitizer_common/sanitizer_linux.cc Fri Feb 16 07:59:05 2018 @@ -1269,6 +1269,11 @@ void GetPcSpBp(void *context, uptr *pc, *pc = _UC_MACHINE_PC(ucontext); *sp = _UC_MACHINE_SP(ucontext); *bp = ucontext->uc_mcontext.__gregs[_REG_R14]; +#elif defined(__ia64__) && SANITIZER_NETBSD + ucontext_t *ucontext = (ucontext_t*)context; + *pc = _UC_MACHINE_PC(ucontext); + *sp = _UC_MACHINE_SP(ucontext); + *bp = ucontext->uc_mcontext.__gregs[1]; /* XXX */ #else # error "Unsupported arch" #endif Index: src/external/gpl3/gcc/dist/libsanitizer/ubsan/ubsan_platform.h diff -u src/external/gpl3/gcc/dist/libsanitizer/ubsan/ubsan_platform.h:1.6 src/external/gpl3/gcc/dist/libsanitizer/ubsan/ubsan_platform.h:1.7 --- src/external/gpl3/gcc/dist/libsanitizer/ubsan/ubsan_platform.h:1.6 Wed Feb 7 02:32:01 2018 +++ src/external/gpl3/gcc/dist/libsanitizer/ubsan/ubsan_platform.h Fri Feb 16 07:59:05 2018 @@ -19,7 +19,7 @@ defined(__aarch64__) || defined(__mips__) || defined(__powerpc__) || \ defined(__hppa__) || defined(__m68k__) || defined(__mc68010__) || \ defined(__powerpc64__) || defined(__sparc__) || defined(__alpha__) || \ - defined(__vax__) || defined(__sh3__)) + defined(__vax__) || defined(__sh3__) || defined(__ia64__)) # define CAN_SANITIZE_UB 1 #elif defined(_WIN32) # define CAN_SANITIZE_UB 1
CVS commit: src/sys/sys
Module Name:src
Committed By: ozaki-r
Date: Fri Feb 16 07:11:50 UTC 2018
Modified Files:
src/sys/sys: lwp.h
Log Message:
Add missing barriers to curlwp_bind and curlwp_bindx
The barriers prevent the instruction of setting/clearing the LP_BOUND flag
from reordering over where we want to prevent LWP migrations.
Note that the fix doesn't mean that there was a race condition. For now the API
is used only for psref and the combination use of them doesn't need the
barriers(*).
(*) https://mail-index.netbsd.org/tech-kern/2018/02/15/msg023101.html
Pointed out by Mateusz Guzik
To generate a diff of this commit:
cvs rdiff -u -r1.177 -r1.178 src/sys/sys/lwp.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/sys/lwp.h
diff -u src/sys/sys/lwp.h:1.177 src/sys/sys/lwp.h:1.178
--- src/sys/sys/lwp.h:1.177 Sun Jan 14 16:43:03 2018
+++ src/sys/sys/lwp.h Fri Feb 16 07:11:50 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: lwp.h,v 1.177 2018/01/14 16:43:03 maxv Exp $ */
+/* $NetBSD: lwp.h,v 1.178 2018/02/16 07:11:50 ozaki-r Exp $ */
/*
* Copyright (c) 2001, 2006, 2007, 2008, 2009, 2010
@@ -536,6 +536,7 @@ curlwp_bind(void)
bound = curlwp->l_pflag & LP_BOUND;
curlwp->l_pflag |= LP_BOUND;
+ __insn_barrier();
return bound;
}
@@ -545,6 +546,7 @@ curlwp_bindx(int bound)
{
KASSERT(curlwp->l_pflag & LP_BOUND);
+ __insn_barrier();
curlwp->l_pflag ^= bound ^ LP_BOUND;
}
CVS commit: src/sys/sys
Module Name:src Committed By: ozaki-r Date: Fri Feb 16 07:11:50 UTC 2018 Modified Files: src/sys/sys: lwp.h Log Message: Add missing barriers to curlwp_bind and curlwp_bindx The barriers prevent the instruction of setting/clearing the LP_BOUND flag from reordering over where we want to prevent LWP migrations. Note that the fix doesn't mean that there was a race condition. For now the API is used only for psref and the combination use of them doesn't need the barriers(*). (*) https://mail-index.netbsd.org/tech-kern/2018/02/15/msg023101.html Pointed out by Mateusz Guzik To generate a diff of this commit: cvs rdiff -u -r1.177 -r1.178 src/sys/sys/lwp.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/distrib/sets/lists/comp
Module Name:src Committed By: knakahara Date: Fri Feb 16 07:05:21 UTC 2018 Modified Files: src/distrib/sets/lists/comp: mi Log Message: Fix build failure, sorry. To generate a diff of this commit: cvs rdiff -u -r1.2181 -r1.2182 src/distrib/sets/lists/comp/mi Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/sets/lists/comp/mi diff -u src/distrib/sets/lists/comp/mi:1.2181 src/distrib/sets/lists/comp/mi:1.2182 --- src/distrib/sets/lists/comp/mi:1.2181 Tue Feb 13 10:02:12 2018 +++ src/distrib/sets/lists/comp/mi Fri Feb 16 07:05:21 2018 @@ -1,4 +1,4 @@ -# $NetBSD: mi,v 1.2181 2018/02/13 10:02:12 mrg Exp $ +# $NetBSD: mi,v 1.2182 2018/02/16 07:05:21 knakahara Exp $ # # Note: don't delete entries from here - mark them as "obsolete" instead. ./etc/mtree/set.compcomp-sys-root @@ -2333,6 +2333,7 @@ ./usr/include/net/radix.h comp-c-include ./usr/include/net/raw_cb.h comp-c-include ./usr/include/net/route.h comp-c-include +./usr/include/net/rss_config.h comp-c-include ./usr/include/net/slcompress.h comp-c-include ./usr/include/net/slip.h comp-c-include ./usr/include/net/zlib.h comp-c-include
CVS commit: src/sys/kern
Module Name:src
Committed By: ozaki-r
Date: Fri Feb 16 07:04:51 UTC 2018
Modified Files:
src/sys/kern: kern_synch.c
Log Message:
Avoid a race condition between an LWP migration and curlwp_bind
curlwp_bind sets the LP_BOUND flag to l_pflags of the current LWP, which
prevents it from migrating to another CPU until curlwp_bindx is called.
Meanwhile, there are several ways that an LWP is migrated to another CPU and in
any cases the scheduler postpones a migration if a target LWP is running. One
example of LWP migrations is a load balancing; the scheduler periodically
explores CPU-hogging LWPs and schedule them to migrate (see sched_lwp_stats).
At that point the scheduler checks the LP_BOUND flag and if it's set to a LWP,
the scheduler doesn't schedule the LWP. A scheduled LWP is tried to be migrated
when it is leaving a running CPU, i.e., mi_switch. And mi_switch does NOT check
the LP_BOUND flag. So if an LWP is scheduled first and then it sets the
LP_BOUND flag, the LWP can be migrated regardless of the flag. To avoid this
race condition, we need to check the flag in mi_switch too.
For more details see
https://mail-index.netbsd.org/tech-kern/2018/02/13/msg023079.html
To generate a diff of this commit:
cvs rdiff -u -r1.313 -r1.314 src/sys/kern/kern_synch.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_synch.c
diff -u src/sys/kern/kern_synch.c:1.313 src/sys/kern/kern_synch.c:1.314
--- src/sys/kern/kern_synch.c:1.313 Tue Jan 30 07:52:22 2018
+++ src/sys/kern/kern_synch.c Fri Feb 16 07:04:51 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_synch.c,v 1.313 2018/01/30 07:52:22 ozaki-r Exp $ */
+/* $NetBSD: kern_synch.c,v 1.314 2018/02/16 07:04:51 ozaki-r Exp $ */
/*-
* Copyright (c) 1999, 2000, 2004, 2006, 2007, 2008, 2009
@@ -69,7 +69,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: kern_synch.c,v 1.313 2018/01/30 07:52:22 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_synch.c,v 1.314 2018/02/16 07:04:51 ozaki-r Exp $");
#include "opt_kstack.h"
#include "opt_perfctrs.h"
@@ -589,7 +589,8 @@ mi_switch(lwp_t *l)
* be reset here, if interrupt/preemption happens
* early in idle LWP.
*/
- if (l->l_target_cpu != NULL) {
+ if (l->l_target_cpu != NULL &&
+ (l->l_pflag & LP_BOUND) == 0) {
KASSERT((l->l_pflag & LP_INTR) == 0);
spc->spc_migrating = l;
}
CVS commit: src/distrib/sets/lists/comp
Module Name:src Committed By: knakahara Date: Fri Feb 16 07:05:21 UTC 2018 Modified Files: src/distrib/sets/lists/comp: mi Log Message: Fix build failure, sorry. To generate a diff of this commit: cvs rdiff -u -r1.2181 -r1.2182 src/distrib/sets/lists/comp/mi Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/kern
Module Name:src Committed By: ozaki-r Date: Fri Feb 16 07:04:51 UTC 2018 Modified Files: src/sys/kern: kern_synch.c Log Message: Avoid a race condition between an LWP migration and curlwp_bind curlwp_bind sets the LP_BOUND flag to l_pflags of the current LWP, which prevents it from migrating to another CPU until curlwp_bindx is called. Meanwhile, there are several ways that an LWP is migrated to another CPU and in any cases the scheduler postpones a migration if a target LWP is running. One example of LWP migrations is a load balancing; the scheduler periodically explores CPU-hogging LWPs and schedule them to migrate (see sched_lwp_stats). At that point the scheduler checks the LP_BOUND flag and if it's set to a LWP, the scheduler doesn't schedule the LWP. A scheduled LWP is tried to be migrated when it is leaving a running CPU, i.e., mi_switch. And mi_switch does NOT check the LP_BOUND flag. So if an LWP is scheduled first and then it sets the LP_BOUND flag, the LWP can be migrated regardless of the flag. To avoid this race condition, we need to check the flag in mi_switch too. For more details see https://mail-index.netbsd.org/tech-kern/2018/02/13/msg023079.html To generate a diff of this commit: cvs rdiff -u -r1.313 -r1.314 src/sys/kern/kern_synch.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/dev/pci/ixgbe
Module Name:src
Committed By: knakahara
Date: Fri Feb 16 04:50:19 UTC 2018
Modified Files:
src/sys/dev/pci/ixgbe: ixgbe.c ixgbe_rss.h ixv.c
Log Message:
Apply RSS utility to ixg(4) and ixv(4).
ok by msaitoh@n.o.
To generate a diff of this commit:
cvs rdiff -u -r1.121 -r1.122 src/sys/dev/pci/ixgbe/ixgbe.c
cvs rdiff -u -r1.2 -r1.3 src/sys/dev/pci/ixgbe/ixgbe_rss.h
cvs rdiff -u -r1.77 -r1.78 src/sys/dev/pci/ixgbe/ixv.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/pci/ixgbe/ixgbe.c
diff -u src/sys/dev/pci/ixgbe/ixgbe.c:1.121 src/sys/dev/pci/ixgbe/ixgbe.c:1.122
--- src/sys/dev/pci/ixgbe/ixgbe.c:1.121 Wed Feb 14 10:38:28 2018
+++ src/sys/dev/pci/ixgbe/ixgbe.c Fri Feb 16 04:50:19 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: ixgbe.c,v 1.121 2018/02/14 10:38:28 msaitoh Exp $ */
+/* $NetBSD: ixgbe.c,v 1.122 2018/02/16 04:50:19 knakahara Exp $ */
/**
@@ -411,6 +411,10 @@ ixgbe_initialize_rss_mapping(struct adap
int i, j;
u32 rss_hash_config;
+ /* force use default RSS key. */
+#ifdef __NetBSD__
+ rss_getkey((uint8_t *) _key);
+#else
if (adapter->feat_en & IXGBE_FEATURE_RSS) {
/* Fetch the configured RSS key */
rss_getkey((uint8_t *) _key);
@@ -418,6 +422,7 @@ ixgbe_initialize_rss_mapping(struct adap
/* set up random bits */
cprng_fast(_key, sizeof(rss_key));
}
+#endif
/* Set multiplier for RETA setup and table size based on MAC */
index_mult = 0x1;
Index: src/sys/dev/pci/ixgbe/ixgbe_rss.h
diff -u src/sys/dev/pci/ixgbe/ixgbe_rss.h:1.2 src/sys/dev/pci/ixgbe/ixgbe_rss.h:1.3
--- src/sys/dev/pci/ixgbe/ixgbe_rss.h:1.2 Wed Dec 6 04:08:50 2017
+++ src/sys/dev/pci/ixgbe/ixgbe_rss.h Fri Feb 16 04:50:19 2018
@@ -35,6 +35,26 @@
#ifndef _IXGBE_RSS_H_
#define _IXGBE_RSS_H_
+#ifdef __NetBSD__
+#include
+
+#define RSS_HASHTYPE_RSS_IPV4 (1 << 1)
+#define RSS_HASHTYPE_RSS_TCP_IPV4 (1 << 2)
+#define RSS_HASHTYPE_RSS_IPV6 (1 << 3)
+#define RSS_HASHTYPE_RSS_TCP_IPV6 (1 << 4)
+#define RSS_HASHTYPE_RSS_IPV6_EX (1 << 5)
+#define RSS_HASHTYPE_RSS_TCP_IPV6_EX (1 << 6)
+#define RSS_HASHTYPE_RSS_UDP_IPV4 (1 << 7)
+#define RSS_HASHTYPE_RSS_UDP_IPV6 (1 << 9)
+#define RSS_HASHTYPE_RSS_UDP_IPV6_EX (1 << 10)
+
+#define rss_getcpu(_a) 0
+#define rss_getnumbuckets() 1
+#define rss_get_indirection_to_bucket(_a) 0
+#define rss_gethashconfig() 0x7E
+#define rss_hash2bucket(_a,_b,_c) -1
+
+#else
#ifdef RSS
#include
@@ -60,4 +80,5 @@
#define rss_hash2bucket(_a,_b,_c) -1
#endif
+#endif /* __NetBSD__ */
#endif /* _IXGBE_RSS_H_ */
Index: src/sys/dev/pci/ixgbe/ixv.c
diff -u src/sys/dev/pci/ixgbe/ixv.c:1.77 src/sys/dev/pci/ixgbe/ixv.c:1.78
--- src/sys/dev/pci/ixgbe/ixv.c:1.77 Thu Dec 21 06:49:26 2017
+++ src/sys/dev/pci/ixgbe/ixv.c Fri Feb 16 04:50:19 2018
@@ -1,4 +1,4 @@
-/*$NetBSD: ixv.c,v 1.77 2017/12/21 06:49:26 msaitoh Exp $*/
+/*$NetBSD: ixv.c,v 1.78 2018/02/16 04:50:19 knakahara Exp $*/
/**
@@ -1520,6 +1520,10 @@ ixv_initialize_rss_mapping(struct adapte
int i, j;
u32 rss_hash_config;
+ /* force use default RSS key. */
+#ifdef __NetBSD__
+ rss_getkey((uint8_t *) _key);
+#else
if (adapter->feat_en & IXGBE_FEATURE_RSS) {
/* Fetch the configured RSS key */
rss_getkey((uint8_t *)_key);
@@ -1527,6 +1531,7 @@ ixv_initialize_rss_mapping(struct adapte
/* set up random bits */
cprng_fast(_key, sizeof(rss_key));
}
+#endif
/* Now fill out hash function seeds */
for (i = 0; i < 10; i++)
CVS commit: src/sys/dev/pci/ixgbe
Module Name:src Committed By: knakahara Date: Fri Feb 16 04:50:19 UTC 2018 Modified Files: src/sys/dev/pci/ixgbe: ixgbe.c ixgbe_rss.h ixv.c Log Message: Apply RSS utility to ixg(4) and ixv(4). ok by msaitoh@n.o. To generate a diff of this commit: cvs rdiff -u -r1.121 -r1.122 src/sys/dev/pci/ixgbe/ixgbe.c cvs rdiff -u -r1.2 -r1.3 src/sys/dev/pci/ixgbe/ixgbe_rss.h cvs rdiff -u -r1.77 -r1.78 src/sys/dev/pci/ixgbe/ixv.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/dev/pci
Module Name:src Committed By: knakahara Date: Fri Feb 16 04:49:27 UTC 2018 Modified Files: src/sys/dev/pci: if_wm.c Log Message: Apply RSS utility to wm(4). ok by msaitoh@n.o. To generate a diff of this commit: cvs rdiff -u -r1.563 -r1.564 src/sys/dev/pci/if_wm.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/dev/pci
Module Name:src
Committed By: knakahara
Date: Fri Feb 16 04:49:27 UTC 2018
Modified Files:
src/sys/dev/pci: if_wm.c
Log Message:
Apply RSS utility to wm(4).
ok by msaitoh@n.o.
To generate a diff of this commit:
cvs rdiff -u -r1.563 -r1.564 src/sys/dev/pci/if_wm.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/pci/if_wm.c
diff -u src/sys/dev/pci/if_wm.c:1.563 src/sys/dev/pci/if_wm.c:1.564
--- src/sys/dev/pci/if_wm.c:1.563 Wed Feb 14 12:56:00 2018
+++ src/sys/dev/pci/if_wm.c Fri Feb 16 04:49:27 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: if_wm.c,v 1.563 2018/02/14 12:56:00 knakahara Exp $ */
+/* $NetBSD: if_wm.c,v 1.564 2018/02/16 04:49:27 knakahara Exp $ */
/*
* Copyright (c) 2001, 2002, 2003, 2004 Wasabi Systems, Inc.
@@ -83,7 +83,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: if_wm.c,v 1.563 2018/02/14 12:56:00 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_wm.c,v 1.564 2018/02/16 04:49:27 knakahara Exp $");
#ifdef _KERNEL_OPT
#include "opt_net_mpsafe.h"
@@ -116,6 +116,8 @@ __KERNEL_RCSID(0, "$NetBSD: if_wm.c,v 1.
#include
+#include
+
#include /* XXX for struct ip */
#include /* XXX for struct ip */
#include /* XXX for struct ip */
@@ -715,7 +717,6 @@ static void wm_flush_desc_rings(struct w
static void wm_reset(struct wm_softc *);
static int wm_add_rxbuf(struct wm_rxqueue *, int);
static void wm_rxdrain(struct wm_rxqueue *);
-static void wm_rss_getkey(uint8_t *);
static void wm_init_rss(struct wm_softc *);
static void wm_adjust_qnum(struct wm_softc *, int);
static inline bool wm_is_using_msix(struct wm_softc *);
@@ -4838,43 +4839,6 @@ wm_rxdrain(struct wm_rxqueue *rxq)
}
}
-
-/*
- * XXX copy from FreeBSD's sys/net/rss_config.c
- */
-/*
- * RSS secret key, intended to prevent attacks on load-balancing. Its
- * effectiveness may be limited by algorithm choice and available entropy
- * during the boot.
- *
- * XXXRW: And that we don't randomize it yet!
- *
- * This is the default Microsoft RSS specification key which is also
- * the Chelsio T5 firmware default key.
- */
-#define RSS_KEYSIZE 40
-static uint8_t wm_rss_key[RSS_KEYSIZE] = {
- 0x6d, 0x5a, 0x56, 0xda, 0x25, 0x5b, 0x0e, 0xc2,
- 0x41, 0x67, 0x25, 0x3d, 0x43, 0xa3, 0x8f, 0xb0,
- 0xd0, 0xca, 0x2b, 0xcb, 0xae, 0x7b, 0x30, 0xb4,
- 0x77, 0xcb, 0x2d, 0xa3, 0x80, 0x30, 0xf2, 0x0c,
- 0x6a, 0x42, 0xb7, 0x3b, 0xbe, 0xac, 0x01, 0xfa,
-};
-
-/*
- * Caller must pass an array of size sizeof(rss_key).
- *
- * XXX
- * As if_ixgbe may use this function, this function should not be
- * if_wm specific function.
- */
-static void
-wm_rss_getkey(uint8_t *key)
-{
-
- memcpy(key, wm_rss_key, sizeof(wm_rss_key));
-}
-
/*
* Setup registers for RSS.
*
@@ -4886,7 +4850,7 @@ wm_init_rss(struct wm_softc *sc)
uint32_t mrqc, reta_reg, rss_key[RSSRK_NUM_REGS];
int i;
- CTASSERT(sizeof(rss_key) == sizeof(wm_rss_key));
+ CTASSERT(sizeof(rss_key) == RSS_KEYSIZE);
for (i = 0; i < RETA_NUM_ENTRIES; i++) {
int qid, reta_ent;
@@ -4912,7 +4876,7 @@ wm_init_rss(struct wm_softc *sc)
CSR_WRITE(sc, WMREG_RETA_Q(i), reta_reg);
}
- wm_rss_getkey((uint8_t *)rss_key);
+ rss_getkey((uint8_t *)rss_key);
for (i = 0; i < RSSRK_NUM_REGS; i++)
CSR_WRITE(sc, WMREG_RSSRK(i), rss_key[i]);
CVS commit: src/sys/net
Module Name:src
Committed By: knakahara
Date: Fri Feb 16 04:48:33 UTC 2018
Modified Files:
src/sys/net: Makefile files.net
Added Files:
src/sys/net: rss_config.c rss_config.h
Log Message:
Introduce very simple Receive Side Scaling (RSS) utility.
ok by msaitoh@n.o.
To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/sys/net/Makefile
cvs rdiff -u -r1.14 -r1.15 src/sys/net/files.net
cvs rdiff -u -r0 -r1.1 src/sys/net/rss_config.c src/sys/net/rss_config.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/Makefile
diff -u src/sys/net/Makefile:1.34 src/sys/net/Makefile:1.35
--- src/sys/net/Makefile:1.34 Wed Jan 10 10:56:30 2018
+++ src/sys/net/Makefile Fri Feb 16 04:48:32 2018
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.34 2018/01/10 10:56:30 knakahara Exp $
+# $NetBSD: Makefile,v 1.35 2018/02/16 04:48:32 knakahara Exp $
INCSDIR= /usr/include/net
@@ -8,7 +8,7 @@ INCS= bpf.h bpfjit.h bpfdesc.h dlt.h eth
if_pflog.h if_ppp.h if_pppoe.h if_l2tp.h if_sppp.h if_srt.h if_stf.h \
if_tap.h if_token.h if_tun.h if_types.h if_vlanvar.h net_stats.h \
netisr.h pfil.h pfkeyv2.h pfvar.h ppp-comp.h ppp_defs.h radix.h \
- raw_cb.h route.h slcompress.h slip.h zlib.h
+ raw_cb.h route.h rss_config.h slcompress.h slip.h zlib.h
SUBDIR= agr npf
Index: src/sys/net/files.net
diff -u src/sys/net/files.net:1.14 src/sys/net/files.net:1.15
--- src/sys/net/files.net:1.14 Wed Jan 10 10:56:30 2018
+++ src/sys/net/files.net Fri Feb 16 04:48:32 2018
@@ -1,4 +1,4 @@
-# $NetBSD: files.net,v 1.14 2018/01/10 10:56:30 knakahara Exp $
+# $NetBSD: files.net,v 1.15 2018/02/16 04:48:32 knakahara Exp $
# XXX CLEANUP
define net
@@ -48,6 +48,7 @@ file net/radix.c net
file net/raw_cb.c net
file net/raw_usrreq.c net
file net/route.c net
+file net/rss_config.c net
file net/rtbl.c net
file net/rtsock.c net
file net/slcompress.c sl | ppp | strip | (irip & irip_vj)
Added files:
Index: src/sys/net/rss_config.c
diff -u /dev/null src/sys/net/rss_config.c:1.1
--- /dev/null Fri Feb 16 04:48:33 2018
+++ src/sys/net/rss_config.c Fri Feb 16 04:48:32 2018
@@ -0,0 +1,76 @@
+/* $NetBSD: rss_config.c,v 1.1 2018/02/16 04:48:32 knakahara Exp $ */
+
+/*
+ * Copyright (c) 2018 Internet Initiative Japan Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in the
+ *documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include
+__KERNEL_RCSID(0, "$NetBSD: rss_config.c,v 1.1 2018/02/16 04:48:32 knakahara Exp $");
+
+#include
+#include
+#include
+
+#include
+
+/*
+ * Same as FreeBSD.
+ *
+ * This rss key is assumed for verification suite in many intel Gigabit and
+ * 10 Gigabit Controller specifications.
+ */
+static uint8_t rss_default_key[RSS_KEYSIZE] = {
+ 0x6d, 0x5a, 0x56, 0xda, 0x25, 0x5b, 0x0e, 0xc2,
+ 0x41, 0x67, 0x25, 0x3d, 0x43, 0xa3, 0x8f, 0xb0,
+ 0xd0, 0xca, 0x2b, 0xcb, 0xae, 0x7b, 0x30, 0xb4,
+ 0x77, 0xcb, 0x2d, 0xa3, 0x80, 0x30, 0xf2, 0x0c,
+ 0x6a, 0x42, 0xb7, 0x3b, 0xbe, 0xac, 0x01, 0xfa,
+};
+
+#ifdef NOTYET
+/*
+ * Same as DragonFlyBSD.
+ *
+ * This rss key make rss hash value symmetric, that is, the hash value
+ * calculated by func("source address", "destination address") equals to
+ * the hash value calculated by func("destination address", "source address").
+ */
+static uint8_t rss_symmetric_key[RSS_KEYSIZE] = {
+ 0x6d, 0x5a, 0x6d, 0x5a, 0x6d, 0x5a, 0x6d, 0x5a,
+ 0x6d, 0x5a, 0x6d, 0x5a, 0x6d, 0x5a, 0x6d, 0x5a,
+ 0x6d, 0x5a, 0x6d, 0x5a, 0x6d, 0x5a, 0x6d, 0x5a,
+ 0x6d, 0x5a, 0x6d, 0x5a, 0x6d, 0x5a, 0x6d, 0x5a,
+};
+#endif
+
+/*
+ * sizeof(key) must be more than or equal to RSS_KEYSIZE.
+ */
+void
+rss_getkey(uint8_t *key)
+{
+
+ memcpy(key,
CVS commit: src/sys/net
Module Name:src Committed By: knakahara Date: Fri Feb 16 04:48:33 UTC 2018 Modified Files: src/sys/net: Makefile files.net Added Files: src/sys/net: rss_config.c rss_config.h Log Message: Introduce very simple Receive Side Scaling (RSS) utility. ok by msaitoh@n.o. To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 src/sys/net/Makefile cvs rdiff -u -r1.14 -r1.15 src/sys/net/files.net cvs rdiff -u -r0 -r1.1 src/sys/net/rss_config.c src/sys/net/rss_config.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/dev/pci
Module Name:src Committed By: sevan Date: Fri Feb 16 01:54:19 UTC 2018 Modified Files: src/sys/dev/pci: pcidevs.h pcidevs_data.h Log Message: regen To generate a diff of this commit: cvs rdiff -u -r1.1300 -r1.1301 src/sys/dev/pci/pcidevs.h cvs rdiff -u -r1.1299 -r1.1300 src/sys/dev/pci/pcidevs_data.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/dev/pci
Module Name:src Committed By: sevan Date: Fri Feb 16 01:38:24 UTC 2018 Modified Files: src/sys/dev/pci: pcidevs Log Message: Add Nvidia GeForce 9400M as found in the late 2009 13" MacBook (MacBook6,1) To generate a diff of this commit: cvs rdiff -u -r1.1307 -r1.1308 src/sys/dev/pci/pcidevs Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dev/pci/pcidevs diff -u src/sys/dev/pci/pcidevs:1.1307 src/sys/dev/pci/pcidevs:1.1308 --- src/sys/dev/pci/pcidevs:1.1307 Thu Jan 25 16:02:12 2018 +++ src/sys/dev/pci/pcidevs Fri Feb 16 01:38:24 2018 @@ -1,4 +1,4 @@ -$NetBSD: pcidevs,v 1.1307 2018/01/25 16:02:12 sborrill Exp $ +$NetBSD: pcidevs,v 1.1308 2018/02/16 01:38:24 sevan Exp $ /* * Copyright (c) 1995, 1996 Christopher G. Demetriou @@ -5745,6 +5745,7 @@ product NVIDIA MCP73_AHCI_11 0x07fa nFor product NVIDIA MCP73_AHCI_12 0x07fb nForce MCP73 AHCI Controller product NVIDIA MCP73_HDA_1 0x07fc nForce MCP73 High Definition Audio Controller product NVIDIA MCP73_HDA_2 0x07fd nForce MCP73 High Definition Audio Controller +product NVIDIA GEFORCE_9400M 0x0863 GeForce 9400M product NVIDIA GEFORCE_210 0x0a65 GeForce 210 product NVIDIA MCP79_SMB 0x0aa2 nForce MCP79 SMBus Controller product NVIDIA MCP79_LAN1 0x0ab0 nForce MCP79 Gigabit Ethernet Controller
CVS commit: src/sys/dev/pci
Module Name:src Committed By: sevan Date: Fri Feb 16 01:38:24 UTC 2018 Modified Files: src/sys/dev/pci: pcidevs Log Message: Add Nvidia GeForce 9400M as found in the late 2009 13" MacBook (MacBook6,1) To generate a diff of this commit: cvs rdiff -u -r1.1307 -r1.1308 src/sys/dev/pci/pcidevs Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/dev/pci
Module Name:src
Committed By: uwe
Date: Thu Feb 15 19:05:10 UTC 2018
Modified Files:
src/sys/dev/pci: virtio_pci.c
Log Message:
Explicitly enable PCI_COMMAND_MASTER_ENABLE and PCI_COMMAND_IO_ENABLE.
Recent versions of VirtualBox do not enable bus-mastering by default -
this will be fixed, but it doesn't hurt to do it ourselves too.
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/sys/dev/pci/virtio_pci.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/pci/virtio_pci.c
diff -u src/sys/dev/pci/virtio_pci.c:1.1 src/sys/dev/pci/virtio_pci.c:1.2
--- src/sys/dev/pci/virtio_pci.c:1.1 Wed Aug 2 08:39:14 2017
+++ src/sys/dev/pci/virtio_pci.c Thu Feb 15 19:05:10 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: virtio_pci.c,v 1.1 2017/08/02 08:39:14 cherry Exp $ */
+/* $NetBSD: virtio_pci.c,v 1.2 2018/02/15 19:05:10 uwe Exp $ */
/*
* Copyright (c) 2010 Minoura Makoto.
@@ -94,6 +94,7 @@ virtio_attach(device_t parent, device_t
pcitag_t tag = pa->pa_tag;
int revision;
pcireg_t id;
+ pcireg_t csr;
revision = PCI_REVISION(pa->pa_class);
if (revision != 0) {
@@ -111,6 +112,10 @@ virtio_attach(device_t parent, device_t
virtio_device_name[PCI_SUBSYS_ID(id)] : "Unknown"),
revision);
+ csr = pci_conf_read(pc, tag, PCI_COMMAND_STATUS_REG);
+ csr |= PCI_COMMAND_MASTER_ENABLE | PCI_COMMAND_IO_ENABLE;
+ pci_conf_write(pc, tag, PCI_COMMAND_STATUS_REG, csr);
+
sc->sc_dev = self;
sc->sc_pc = pc;
sc->sc_tag = tag;
CVS commit: src/sys/dev/pci
Module Name:src Committed By: uwe Date: Thu Feb 15 19:05:10 UTC 2018 Modified Files: src/sys/dev/pci: virtio_pci.c Log Message: Explicitly enable PCI_COMMAND_MASTER_ENABLE and PCI_COMMAND_IO_ENABLE. Recent versions of VirtualBox do not enable bus-mastering by default - this will be fixed, but it doesn't hurt to do it ourselves too. To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/sys/dev/pci/virtio_pci.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/gpl3/gcc.old/dist/libsanitizer/asan
Module Name:src
Committed By: christos
Date: Thu Feb 15 19:02:06 UTC 2018
Modified Files:
src/external/gpl3/gcc.old/dist/libsanitizer/asan: asan_linux.cc
Log Message:
we now has _UC_MACHINE_FP.
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 \
src/external/gpl3/gcc.old/dist/libsanitizer/asan/asan_linux.cc
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/gpl3/gcc.old/dist/libsanitizer/asan/asan_linux.cc
diff -u src/external/gpl3/gcc.old/dist/libsanitizer/asan/asan_linux.cc:1.3 src/external/gpl3/gcc.old/dist/libsanitizer/asan/asan_linux.cc:1.4
--- src/external/gpl3/gcc.old/dist/libsanitizer/asan/asan_linux.cc:1.3 Sat Jul 22 21:11:29 2017
+++ src/external/gpl3/gcc.old/dist/libsanitizer/asan/asan_linux.cc Thu Feb 15 14:02:06 2018
@@ -162,40 +162,42 @@ void AsanCheckIncompatibleRT() {
void GetPcSpBp(void *context, uptr *pc, uptr *sp, uptr *bp) {
#ifdef __NetBSD__
-# define __UC_MACHINE_FP(ucontext, r) \
+# ifndef _UC_MACHINE_FP
+# define __UC_MACHINE_FP(ucontext, r) \
(ucontext)->uc_mcontext.__gregs[(r)]
/*
* Unfortunately we don't have a portable frame pointer (yet)
*/
-# if defined(__alpha__)
-# define _UC_MACHINE_FP(ucontext) __UC_MACHINE_FP(ucontext, _REG_S6)
-# elif defined(__arm__)
-# define _UC_MACHINE_FP(ucontext) __UC_MACHINE_FP(ucontext, _REG_FP)
-# elif defined(__x86_64__)
-# define _UC_MACHINE_FP(ucontext) __UC_MACHINE_FP(ucontext, _REG_RBP)
-# elif defined(__i386__)
-# define _UC_MACHINE_FP(ucontext) __UC_MACHINE_FP(ucontext, _REG_EBP)
-# elif defined(__m68k__)
-# define _UC_MACHINE_FP(ucontext) __UC_MACHINE_FP(ucontext, _REG_A6)
-# elif defined(__mips__)
-# define _UC_MACHINE_FP(ucontext) __UC_MACHINE_FP(ucontext, _REG_S8)
-# elif defined(__powerpc__) || defined(__powerpc64__)
-# define _UC_MACHINE_FP(ucontext) __UC_MACHINE_FP(ucontext, _REG_R1)
-# elif defined(__riscv__)
-# define _UC_MACHINE_FP(ucontext) __UC_MACHINE_FP(ucontext, _REG_S0)
-# elif defined(__sparc__)
-# define _UC_MACHINE_FP(ucontext) sp[15]
-# elif defined(__sh3__)
-# define _UC_MACHINE_FP(ucontext) __UC_MACHINE_FP(ucontext, _REG_R14)
-# elif defined(__vax__)
-# define _UC_MACHINE_FP(ucontext) __UC_MACHINE_FP(ucontext, _REG_FP)
-# else
-# define _UC_MACHINE_FP(ucontext) 0
-# endif
+# if defined(__alpha__)
+# define _UC_MACHINE_FP(ucontext) __UC_MACHINE_FP(ucontext, _REG_S6)
+# elif defined(__arm__)
+# define _UC_MACHINE_FP(ucontext) __UC_MACHINE_FP(ucontext, _REG_FP)
+# elif defined(__x86_64__)
+# define _UC_MACHINE_FP(ucontext) __UC_MACHINE_FP(ucontext, _REG_RBP)
+# elif defined(__i386__)
+# define _UC_MACHINE_FP(ucontext) __UC_MACHINE_FP(ucontext, _REG_EBP)
+# elif defined(__m68k__)
+# define _UC_MACHINE_FP(ucontext) __UC_MACHINE_FP(ucontext, _REG_A6)
+# elif defined(__mips__)
+# define _UC_MACHINE_FP(ucontext) __UC_MACHINE_FP(ucontext, _REG_S8)
+# elif defined(__powerpc__) || defined(__powerpc64__)
+# define _UC_MACHINE_FP(ucontext) __UC_MACHINE_FP(ucontext, _REG_R1)
+# elif defined(__riscv__)
+# define _UC_MACHINE_FP(ucontext) __UC_MACHINE_FP(ucontext, _REG_S0)
+# elif defined(__sparc__)
+# define _UC_MACHINE_FP(ucontext) sp[15]
+# elif defined(__sh3__)
+# define _UC_MACHINE_FP(ucontext) __UC_MACHINE_FP(ucontext, _REG_R14)
+# elif defined(__vax__)
+# define _UC_MACHINE_FP(ucontext) __UC_MACHINE_FP(ucontext, _REG_FP)
+# else
+# define _UC_MACHINE_FP(ucontext) 0
+# endif
ucontext_t *ucontext = (ucontext_t*)context;
*pc = _UC_MACHINE_PC(ucontext);
*sp = _UC_MACHINE_SP(ucontext);
*bp = _UC_MACHINE_FP(ucontext);
+# endif
#elif ASAN_ANDROID
*pc = *sp = *bp = 0;
#elif defined(__arm__)
CVS commit: src/external/gpl3/gcc.old/dist/libsanitizer/asan
Module Name:src Committed By: christos Date: Thu Feb 15 19:02:06 UTC 2018 Modified Files: src/external/gpl3/gcc.old/dist/libsanitizer/asan: asan_linux.cc Log Message: we now has _UC_MACHINE_FP. To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 \ src/external/gpl3/gcc.old/dist/libsanitizer/asan/asan_linux.cc Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7-0] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 17:53:49 UTC 2018 Modified Files: src/doc [netbsd-7-0]: CHANGES-7.0.3 Log Message: Ticket #1569 To generate a diff of this commit: cvs rdiff -u -r1.1.2.82 -r1.1.2.83 src/doc/CHANGES-7.0.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.0.3 diff -u src/doc/CHANGES-7.0.3:1.1.2.82 src/doc/CHANGES-7.0.3:1.1.2.83 --- src/doc/CHANGES-7.0.3:1.1.2.82 Thu Feb 15 14:43:52 2018 +++ src/doc/CHANGES-7.0.3 Thu Feb 15 17:53:48 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.0.3,v 1.1.2.82 2018/02/15 14:43:52 martin Exp $ +# $NetBSD: CHANGES-7.0.3,v 1.1.2.83 2018/02/15 17:53:48 martin Exp $ A complete list of changes from the NetBSD 7.0.2 release to the NetBSD 7.0.3 release: @@ -5244,3 +5244,12 @@ sys/netipsec/xform_ipip.c 1.44 Fix IPv6-IPsec-AH tunnels. [maxv, ticket #1567] +sys/netipsec/xform_ah.c1.77,1.81 via patch +sys/netipsec/xform_esp.c 1.73 via patch +sys/netipsec/xform_ipip.c 1.56,1.57 via patch + + Several fixes in IPsec: strengthen sanity checks (AH/ESP), and fix + possible use-after-free (Tunnel). + [maxv, ticket #1569] + +
CVS commit: [netbsd-7-0] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 17:53:49 UTC 2018 Modified Files: src/doc [netbsd-7-0]: CHANGES-7.0.3 Log Message: Ticket #1569 To generate a diff of this commit: cvs rdiff -u -r1.1.2.82 -r1.1.2.83 src/doc/CHANGES-7.0.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7-0] src/sys/netipsec
Module Name:src Committed By: martin Date: Thu Feb 15 17:52:52 UTC 2018 Modified Files: src/sys/netipsec [netbsd-7-0]: xform_ah.c xform_esp.c xform_ipip.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1569): sys/netipsec/xform_ah.c: revision 1.77, 1.81 (via patch) sys/netipsec/xform_esp.c: revision 1.73 (via patch) sys/netipsec/xform_ipip.c: revision 1.56, 1.57 (via patch) Fix use-after-free. There is a path where the mbuf gets pulled up without a proper mtod afterwards: 218 ipo = mtod(m, struct ip *); 281 m = m_pullup(m, hlen); 232 ipo->ip_src.s_addr Found by Mootja. Meanwhile it seems to me that 'ipo' should be set to NULL if the inner packet is IPv6, but I'll revisit that later. Reinforce and clarify. Add missing NULL check. Normally that's not triggerable remotely, since we are guaranteed that 8 bytes are valid at mbuf+skip. As I said in my last commit in this file, ipo should be set to NULL; otherwise the 'local address spoofing' check below is always wrong on IPv6. Make sure the Authentication Header fits the mbuf chain, otherwise panic. To generate a diff of this commit: cvs rdiff -u -r1.42.8.2 -r1.42.8.3 src/sys/netipsec/xform_ah.c cvs rdiff -u -r1.45 -r1.45.8.1 src/sys/netipsec/xform_esp.c cvs rdiff -u -r1.31.6.1 -r1.31.6.2 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7-0] src/sys/netipsec
Module Name:src
Committed By: martin
Date: Thu Feb 15 17:52:52 UTC 2018
Modified Files:
src/sys/netipsec [netbsd-7-0]: xform_ah.c xform_esp.c xform_ipip.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1569):
sys/netipsec/xform_ah.c: revision 1.77, 1.81 (via patch)
sys/netipsec/xform_esp.c: revision 1.73 (via patch)
sys/netipsec/xform_ipip.c: revision 1.56, 1.57 (via patch)
Fix use-after-free. There is a path where the mbuf gets pulled up without
a proper mtod afterwards:
218 ipo = mtod(m, struct ip *);
281 m = m_pullup(m, hlen);
232 ipo->ip_src.s_addr
Found by Mootja.
Meanwhile it seems to me that 'ipo' should be set to NULL if the inner
packet is IPv6, but I'll revisit that later.
Reinforce and clarify.
Add missing NULL check. Normally that's not triggerable remotely, since we
are guaranteed that 8 bytes are valid at mbuf+skip.
As I said in my last commit in this file, ipo should be set to NULL;
otherwise the 'local address spoofing' check below is always wrong on
IPv6.
Make sure the Authentication Header fits the mbuf chain, otherwise panic.
To generate a diff of this commit:
cvs rdiff -u -r1.42.8.2 -r1.42.8.3 src/sys/netipsec/xform_ah.c
cvs rdiff -u -r1.45 -r1.45.8.1 src/sys/netipsec/xform_esp.c
cvs rdiff -u -r1.31.6.1 -r1.31.6.2 src/sys/netipsec/xform_ipip.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.42.8.2 src/sys/netipsec/xform_ah.c:1.42.8.3
--- src/sys/netipsec/xform_ah.c:1.42.8.2 Thu Feb 15 08:06:15 2018
+++ src/sys/netipsec/xform_ah.c Thu Feb 15 17:52:52 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.42.8.2 2018/02/15 08:06:15 martin Exp $ */
+/* $NetBSD: xform_ah.c,v 1.42.8.3 2018/02/15 17:52:52 martin Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.42.8.2 2018/02/15 08:06:15 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.42.8.3 2018/02/15 17:52:52 martin Exp $");
#include "opt_inet.h"
#ifdef __FreeBSD__
@@ -498,54 +498,45 @@ ah_massage_headers(struct mbuf **m0, int
nxt = ip6.ip6_nxt & 0xff; /* Next header type. */
- for (off = 0; off < skip - sizeof(struct ip6_hdr);)
+ for (off = 0; off < skip - sizeof(struct ip6_hdr);) {
+ int noff;
+
switch (nxt) {
case IPPROTO_HOPOPTS:
case IPPROTO_DSTOPTS:
-ip6e = (struct ip6_ext *) (ptr + off);
+ip6e = (struct ip6_ext *)(ptr + off);
+noff = off + ((ip6e->ip6e_len + 1) << 3);
+
+/* Sanity check. */
+if (noff > skip - sizeof(struct ip6_hdr)) {
+ goto error6;
+}
/*
- * Process the mutable/immutable
- * options -- borrows heavily from the
- * KAME code.
+ * Zero out mutable options.
*/
for (count = off + sizeof(struct ip6_ext);
- count < off + ((ip6e->ip6e_len + 1) << 3);) {
+ count < noff;) {
if (ptr[count] == IP6OPT_PAD1) {
count++;
- continue; /* Skip padding. */
- }
-
- /* Sanity check. */
- if (count > off +
- ((ip6e->ip6e_len + 1) << 3)) {
- m_freem(m);
-
- /* Free, if we allocated. */
- if (alloc)
- free(ptr, M_XDATA);
- return EINVAL;
+ continue;
}
ad = ptr[count + 1] + 2;
- /* If mutable option, zeroize. */
- if (ptr[count] & IP6OPT_MUTABLE)
- memcpy(ptr + count, ipseczeroes,
- ad);
+ if (count + ad > noff) {
+ goto error6;
+ }
+
+ if (ptr[count] & IP6OPT_MUTABLE) {
+ memset(ptr + count, 0, ad);
+ }
count += ad;
+}
- /* Sanity check. */
- if (count >
- skip - sizeof(struct ip6_hdr)) {
- m_freem(m);
-
- /* Free, if we allocated. */
- if (alloc)
- free(ptr, M_XDATA);
- return EINVAL;
- }
+if (count != noff) {
+ goto error6;
}
/* Advance. */
@@ -603,11 +594,13 @@ ah_massage_headers(struct mbuf **m0, int
default:
DPRINTF(("ah_massage_headers: unexpected "
"IPv6 header type %d", off));
+error6:
if (alloc)
free(ptr, M_XDATA);
m_freem(m);
return EINVAL;
}
+ }
/* Copyback and free, if we allocated. */
if (alloc) {
@@ -687,11 +680,10 @@ ah_input(struct mbuf *m, const struct se
return EACCES;
}
if (skip + authsize + rplen > m->m_pkthdr.len) {
- char buf[IPSEC_ADDRSTRLEN];
DPRINTF(("%s: bad mbuf length %u (expecting >= %lu)"
" for packet in SA %s/%08lx\n", __func__,
m->m_pkthdr.len, (u_long)(skip + authsize + rplen),
- ipsec_address(>sah->saidx.dst, buf, sizeof(buf)),
+ ipsec_address(>sah->saidx.dst),
(u_long) ntohl(sav->spi)));
AH_STATINC(AH_STAT_BADAUTHL);
m_freem(m);
Index: src/sys/netipsec/xform_esp.c
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 17:52:22 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.2 Log Message: Ticket #1569 To generate a diff of this commit: cvs rdiff -u -r1.1.2.12 -r1.1.2.13 src/doc/CHANGES-7.1.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.2 diff -u src/doc/CHANGES-7.1.2:1.1.2.12 src/doc/CHANGES-7.1.2:1.1.2.13 --- src/doc/CHANGES-7.1.2:1.1.2.12 Thu Feb 15 14:42:44 2018 +++ src/doc/CHANGES-7.1.2 Thu Feb 15 17:52:22 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.2,v 1.1.2.12 2018/02/15 14:42:44 martin Exp $ +# $NetBSD: CHANGES-7.1.2,v 1.1.2.13 2018/02/15 17:52:22 martin Exp $ A complete list of changes from the NetBSD 7.1.1 release to the NetBSD 7.1.2 release: @@ -132,3 +132,11 @@ sys/netipsec/xform_ipip.c 1.44 Fix IPv6-IPsec-AH tunnels. [maxv, ticket #1567] +sys/netipsec/xform_ah.c1.77,1.81 via patch +sys/netipsec/xform_esp.c 1.73 via patch +sys/netipsec/xform_ipip.c 1.56,1.57 via patch + + Several fixes in IPsec: strengthen sanity checks (AH/ESP), and fix + possible use-after-free (Tunnel). + [maxv, ticket #1569] +
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 17:52:22 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.2 Log Message: Ticket #1569 To generate a diff of this commit: cvs rdiff -u -r1.1.2.12 -r1.1.2.13 src/doc/CHANGES-7.1.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7-1] src/sys/netipsec
Module Name:src
Committed By: martin
Date: Thu Feb 15 17:51:38 UTC 2018
Modified Files:
src/sys/netipsec [netbsd-7-1]: xform_ah.c xform_esp.c xform_ipip.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1569):
sys/netipsec/xform_ah.c: revision 1.77, 1.81 (via patch)
sys/netipsec/xform_esp.c: revision 1.73 (via patch)
sys/netipsec/xform_ipip.c: revision 1.56, 1.57 (via patch)
Fix use-after-free. There is a path where the mbuf gets pulled up without
a proper mtod afterwards:
218 ipo = mtod(m, struct ip *);
281 m = m_pullup(m, hlen);
232 ipo->ip_src.s_addr
Found by Mootja.
Meanwhile it seems to me that 'ipo' should be set to NULL if the inner
packet is IPv6, but I'll revisit that later.
Reinforce and clarify.
Add missing NULL check. Normally that's not triggerable remotely, since we
are guaranteed that 8 bytes are valid at mbuf+skip.
As I said in my last commit in this file, ipo should be set to NULL;
otherwise the 'local address spoofing' check below is always wrong on
IPv6.
Make sure the Authentication Header fits the mbuf chain, otherwise panic.
To generate a diff of this commit:
cvs rdiff -u -r1.42.12.2 -r1.42.12.3 src/sys/netipsec/xform_ah.c
cvs rdiff -u -r1.45 -r1.45.12.1 src/sys/netipsec/xform_esp.c
cvs rdiff -u -r1.31.10.1 -r1.31.10.2 src/sys/netipsec/xform_ipip.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.42.12.2 src/sys/netipsec/xform_ah.c:1.42.12.3
--- src/sys/netipsec/xform_ah.c:1.42.12.2 Thu Feb 15 08:05:01 2018
+++ src/sys/netipsec/xform_ah.c Thu Feb 15 17:51:38 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.42.12.2 2018/02/15 08:05:01 martin Exp $ */
+/* $NetBSD: xform_ah.c,v 1.42.12.3 2018/02/15 17:51:38 martin Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.42.12.2 2018/02/15 08:05:01 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.42.12.3 2018/02/15 17:51:38 martin Exp $");
#include "opt_inet.h"
#ifdef __FreeBSD__
@@ -498,54 +498,45 @@ ah_massage_headers(struct mbuf **m0, int
nxt = ip6.ip6_nxt & 0xff; /* Next header type. */
- for (off = 0; off < skip - sizeof(struct ip6_hdr);)
+ for (off = 0; off < skip - sizeof(struct ip6_hdr);) {
+ int noff;
+
switch (nxt) {
case IPPROTO_HOPOPTS:
case IPPROTO_DSTOPTS:
-ip6e = (struct ip6_ext *) (ptr + off);
+ip6e = (struct ip6_ext *)(ptr + off);
+noff = off + ((ip6e->ip6e_len + 1) << 3);
+
+/* Sanity check. */
+if (noff > skip - sizeof(struct ip6_hdr)) {
+ goto error6;
+}
/*
- * Process the mutable/immutable
- * options -- borrows heavily from the
- * KAME code.
+ * Zero out mutable options.
*/
for (count = off + sizeof(struct ip6_ext);
- count < off + ((ip6e->ip6e_len + 1) << 3);) {
+ count < noff;) {
if (ptr[count] == IP6OPT_PAD1) {
count++;
- continue; /* Skip padding. */
- }
-
- /* Sanity check. */
- if (count > off +
- ((ip6e->ip6e_len + 1) << 3)) {
- m_freem(m);
-
- /* Free, if we allocated. */
- if (alloc)
- free(ptr, M_XDATA);
- return EINVAL;
+ continue;
}
ad = ptr[count + 1] + 2;
- /* If mutable option, zeroize. */
- if (ptr[count] & IP6OPT_MUTABLE)
- memcpy(ptr + count, ipseczeroes,
- ad);
+ if (count + ad > noff) {
+ goto error6;
+ }
+
+ if (ptr[count] & IP6OPT_MUTABLE) {
+ memset(ptr + count, 0, ad);
+ }
count += ad;
+}
- /* Sanity check. */
- if (count >
- skip - sizeof(struct ip6_hdr)) {
- m_freem(m);
-
- /* Free, if we allocated. */
- if (alloc)
- free(ptr, M_XDATA);
- return EINVAL;
- }
+if (count != noff) {
+ goto error6;
}
/* Advance. */
@@ -603,11 +594,13 @@ ah_massage_headers(struct mbuf **m0, int
default:
DPRINTF(("ah_massage_headers: unexpected "
"IPv6 header type %d", off));
+error6:
if (alloc)
free(ptr, M_XDATA);
m_freem(m);
return EINVAL;
}
+ }
/* Copyback and free, if we allocated. */
if (alloc) {
@@ -687,11 +680,10 @@ ah_input(struct mbuf *m, const struct se
return EACCES;
}
if (skip + authsize + rplen > m->m_pkthdr.len) {
- char buf[IPSEC_ADDRSTRLEN];
DPRINTF(("%s: bad mbuf length %u (expecting >= %lu)"
" for packet in SA %s/%08lx\n", __func__,
m->m_pkthdr.len, (u_long)(skip + authsize + rplen),
- ipsec_address(>sah->saidx.dst, buf, sizeof(buf)),
+ ipsec_address(>sah->saidx.dst),
(u_long) ntohl(sav->spi)));
AH_STATINC(AH_STAT_BADAUTHL);
m_freem(m);
Index:
CVS commit: [netbsd-7-1] src/sys/netipsec
Module Name:src Committed By: martin Date: Thu Feb 15 17:51:38 UTC 2018 Modified Files: src/sys/netipsec [netbsd-7-1]: xform_ah.c xform_esp.c xform_ipip.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1569): sys/netipsec/xform_ah.c: revision 1.77, 1.81 (via patch) sys/netipsec/xform_esp.c: revision 1.73 (via patch) sys/netipsec/xform_ipip.c: revision 1.56, 1.57 (via patch) Fix use-after-free. There is a path where the mbuf gets pulled up without a proper mtod afterwards: 218 ipo = mtod(m, struct ip *); 281 m = m_pullup(m, hlen); 232 ipo->ip_src.s_addr Found by Mootja. Meanwhile it seems to me that 'ipo' should be set to NULL if the inner packet is IPv6, but I'll revisit that later. Reinforce and clarify. Add missing NULL check. Normally that's not triggerable remotely, since we are guaranteed that 8 bytes are valid at mbuf+skip. As I said in my last commit in this file, ipo should be set to NULL; otherwise the 'local address spoofing' check below is always wrong on IPv6. Make sure the Authentication Header fits the mbuf chain, otherwise panic. To generate a diff of this commit: cvs rdiff -u -r1.42.12.2 -r1.42.12.3 src/sys/netipsec/xform_ah.c cvs rdiff -u -r1.45 -r1.45.12.1 src/sys/netipsec/xform_esp.c cvs rdiff -u -r1.31.10.1 -r1.31.10.2 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 17:02:16 UTC 2018 Modified Files: src/doc [netbsd-7]: CHANGES-7.2 Log Message: Ticket #1569 To generate a diff of this commit: cvs rdiff -u -r1.1.2.68 -r1.1.2.69 src/doc/CHANGES-7.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/netipsec
Module Name:src
Committed By: martin
Date: Thu Feb 15 17:01:42 UTC 2018
Modified Files:
src/sys/netipsec [netbsd-7]: xform_ah.c xform_esp.c xform_ipip.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1569):
sys/netipsec/xform_ah.c: revision 1.77, 1.81 (via patch)
sys/netipsec/xform_esp.c: revision 1.73 (via patch)
sys/netipsec/xform_ipip.c: revision 1.56, 1.57 (via patch)
Fix use-after-free. There is a path where the mbuf gets pulled up without
a proper mtod afterwards:
218 ipo = mtod(m, struct ip *);
281 m = m_pullup(m, hlen);
232 ipo->ip_src.s_addr
Found by Mootja.
Meanwhile it seems to me that 'ipo' should be set to NULL if the inner
packet is IPv6, but I'll revisit that later.
Reinforce and clarify.
Add missing NULL check. Normally that's not triggerable remotely, since we
are guaranteed that 8 bytes are valid at mbuf+skip.
As I said in my last commit in this file, ipo should be set to NULL;
otherwise the 'local address spoofing' check below is always wrong on
IPv6.
Make sure the Authentication Header fits the mbuf chain, otherwise panic.
To generate a diff of this commit:
cvs rdiff -u -r1.42.4.2 -r1.42.4.3 src/sys/netipsec/xform_ah.c
cvs rdiff -u -r1.45 -r1.45.4.1 src/sys/netipsec/xform_esp.c
cvs rdiff -u -r1.31.2.1 -r1.31.2.2 src/sys/netipsec/xform_ipip.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.42.4.2 src/sys/netipsec/xform_ah.c:1.42.4.3
--- src/sys/netipsec/xform_ah.c:1.42.4.2 Thu Feb 15 08:03:08 2018
+++ src/sys/netipsec/xform_ah.c Thu Feb 15 17:01:42 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.42.4.2 2018/02/15 08:03:08 martin Exp $ */
+/* $NetBSD: xform_ah.c,v 1.42.4.3 2018/02/15 17:01:42 martin Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.42.4.2 2018/02/15 08:03:08 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.42.4.3 2018/02/15 17:01:42 martin Exp $");
#include "opt_inet.h"
#ifdef __FreeBSD__
@@ -498,54 +498,45 @@ ah_massage_headers(struct mbuf **m0, int
nxt = ip6.ip6_nxt & 0xff; /* Next header type. */
- for (off = 0; off < skip - sizeof(struct ip6_hdr);)
+ for (off = 0; off < skip - sizeof(struct ip6_hdr);) {
+ int noff;
+
switch (nxt) {
case IPPROTO_HOPOPTS:
case IPPROTO_DSTOPTS:
-ip6e = (struct ip6_ext *) (ptr + off);
+ip6e = (struct ip6_ext *)(ptr + off);
+noff = off + ((ip6e->ip6e_len + 1) << 3);
+
+/* Sanity check. */
+if (noff > skip - sizeof(struct ip6_hdr)) {
+ goto error6;
+}
/*
- * Process the mutable/immutable
- * options -- borrows heavily from the
- * KAME code.
+ * Zero out mutable options.
*/
for (count = off + sizeof(struct ip6_ext);
- count < off + ((ip6e->ip6e_len + 1) << 3);) {
+ count < noff;) {
if (ptr[count] == IP6OPT_PAD1) {
count++;
- continue; /* Skip padding. */
- }
-
- /* Sanity check. */
- if (count > off +
- ((ip6e->ip6e_len + 1) << 3)) {
- m_freem(m);
-
- /* Free, if we allocated. */
- if (alloc)
- free(ptr, M_XDATA);
- return EINVAL;
+ continue;
}
ad = ptr[count + 1] + 2;
- /* If mutable option, zeroize. */
- if (ptr[count] & IP6OPT_MUTABLE)
- memcpy(ptr + count, ipseczeroes,
- ad);
+ if (count + ad > noff) {
+ goto error6;
+ }
+
+ if (ptr[count] & IP6OPT_MUTABLE) {
+ memset(ptr + count, 0, ad);
+ }
count += ad;
+}
- /* Sanity check. */
- if (count >
- skip - sizeof(struct ip6_hdr)) {
- m_freem(m);
-
- /* Free, if we allocated. */
- if (alloc)
- free(ptr, M_XDATA);
- return EINVAL;
- }
+if (count != noff) {
+ goto error6;
}
/* Advance. */
@@ -603,11 +594,13 @@ ah_massage_headers(struct mbuf **m0, int
default:
DPRINTF(("ah_massage_headers: unexpected "
"IPv6 header type %d", off));
+error6:
if (alloc)
free(ptr, M_XDATA);
m_freem(m);
return EINVAL;
}
+ }
/* Copyback and free, if we allocated. */
if (alloc) {
@@ -687,11 +680,10 @@ ah_input(struct mbuf *m, const struct se
return EACCES;
}
if (skip + authsize + rplen > m->m_pkthdr.len) {
- char buf[IPSEC_ADDRSTRLEN];
DPRINTF(("%s: bad mbuf length %u (expecting >= %lu)"
" for packet in SA %s/%08lx\n", __func__,
m->m_pkthdr.len, (u_long)(skip + authsize + rplen),
- ipsec_address(>sah->saidx.dst, buf, sizeof(buf)),
+ ipsec_address(>sah->saidx.dst),
(u_long) ntohl(sav->spi)));
AH_STATINC(AH_STAT_BADAUTHL);
m_freem(m);
Index: src/sys/netipsec/xform_esp.c
CVS commit: [netbsd-7] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 17:02:16 UTC 2018 Modified Files: src/doc [netbsd-7]: CHANGES-7.2 Log Message: Ticket #1569 To generate a diff of this commit: cvs rdiff -u -r1.1.2.68 -r1.1.2.69 src/doc/CHANGES-7.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.2 diff -u src/doc/CHANGES-7.2:1.1.2.68 src/doc/CHANGES-7.2:1.1.2.69 --- src/doc/CHANGES-7.2:1.1.2.68 Thu Feb 15 14:40:59 2018 +++ src/doc/CHANGES-7.2 Thu Feb 15 17:02:15 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.2,v 1.1.2.68 2018/02/15 14:40:59 martin Exp $ +# $NetBSD: CHANGES-7.2,v 1.1.2.69 2018/02/15 17:02:15 martin Exp $ A complete list of changes from the NetBSD 7.1 release to the NetBSD 7.2 release: @@ -5121,3 +5121,11 @@ sys/netipsec/xform_ipip.c 1.44 Fix IPv6-IPsec-AH tunnels. [maxv, ticket #1567] +sys/netipsec/xform_ah.c1.77,1.81 via patch +sys/netipsec/xform_esp.c 1.73 via patch +sys/netipsec/xform_ipip.c 1.56,1.57 via patch + + Several fixes in IPsec: strengthen sanity checks (AH/ESP), and fix + possible use-after-free (Tunnel). + [maxv, ticket #1569] +
CVS commit: [netbsd-7] src/sys/netipsec
Module Name:src Committed By: martin Date: Thu Feb 15 17:01:42 UTC 2018 Modified Files: src/sys/netipsec [netbsd-7]: xform_ah.c xform_esp.c xform_ipip.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1569): sys/netipsec/xform_ah.c: revision 1.77, 1.81 (via patch) sys/netipsec/xform_esp.c: revision 1.73 (via patch) sys/netipsec/xform_ipip.c: revision 1.56, 1.57 (via patch) Fix use-after-free. There is a path where the mbuf gets pulled up without a proper mtod afterwards: 218 ipo = mtod(m, struct ip *); 281 m = m_pullup(m, hlen); 232 ipo->ip_src.s_addr Found by Mootja. Meanwhile it seems to me that 'ipo' should be set to NULL if the inner packet is IPv6, but I'll revisit that later. Reinforce and clarify. Add missing NULL check. Normally that's not triggerable remotely, since we are guaranteed that 8 bytes are valid at mbuf+skip. As I said in my last commit in this file, ipo should be set to NULL; otherwise the 'local address spoofing' check below is always wrong on IPv6. Make sure the Authentication Header fits the mbuf chain, otherwise panic. To generate a diff of this commit: cvs rdiff -u -r1.42.4.2 -r1.42.4.3 src/sys/netipsec/xform_ah.c cvs rdiff -u -r1.45 -r1.45.4.1 src/sys/netipsec/xform_esp.c cvs rdiff -u -r1.31.2.1 -r1.31.2.2 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6-0] src/sys/netipsec
Module Name:src
Committed By: martin
Date: Thu Feb 15 16:50:01 UTC 2018
Modified Files:
src/sys/netipsec [netbsd-6-0]: xform_ah.c
Log Message:
Fix previous (Ticket #1530)
To generate a diff of this commit:
cvs rdiff -u -r1.37.6.2 -r1.37.6.3 src/sys/netipsec/xform_ah.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.37.6.2 src/sys/netipsec/xform_ah.c:1.37.6.3
--- src/sys/netipsec/xform_ah.c:1.37.6.2 Thu Feb 15 08:11:25 2018
+++ src/sys/netipsec/xform_ah.c Thu Feb 15 16:50:01 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.37.6.2 2018/02/15 08:11:25 martin Exp $ */
+/* $NetBSD: xform_ah.c,v 1.37.6.3 2018/02/15 16:50:01 martin Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.37.6.2 2018/02/15 08:11:25 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.37.6.3 2018/02/15 16:50:01 martin Exp $");
#include "opt_inet.h"
#ifdef __FreeBSD__
@@ -687,11 +687,10 @@ ah_input(struct mbuf *m, const struct se
return EACCES;
}
if (skip + authsize + rplen > m->m_pkthdr.len) {
- char buf[IPSEC_ADDRSTRLEN];
DPRINTF(("%s: bad mbuf length %u (expecting >= %lu)"
" for packet in SA %s/%08lx\n", __func__,
m->m_pkthdr.len, (u_long)(skip + authsize + rplen),
- ipsec_address(>sah->saidx.dst, buf, sizeof(buf)),
+ ipsec_address(>sah->saidx.dst),
(u_long) ntohl(sav->spi)));
AH_STATINC(AH_STAT_BADAUTHL);
m_freem(m);
CVS commit: [netbsd-6-0] src/sys/netipsec
Module Name:src Committed By: martin Date: Thu Feb 15 16:50:01 UTC 2018 Modified Files: src/sys/netipsec [netbsd-6-0]: xform_ah.c Log Message: Fix previous (Ticket #1530) To generate a diff of this commit: cvs rdiff -u -r1.37.6.2 -r1.37.6.3 src/sys/netipsec/xform_ah.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6-1] src/sys/netipsec
Module Name:src Committed By: martin Date: Thu Feb 15 16:49:35 UTC 2018 Modified Files: src/sys/netipsec [netbsd-6-1]: xform_ah.c Log Message: Fix previous (Ticket #1530) To generate a diff of this commit: cvs rdiff -u -r1.37.8.2 -r1.37.8.3 src/sys/netipsec/xform_ah.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6-1] src/sys/netipsec
Module Name:src
Committed By: martin
Date: Thu Feb 15 16:49:35 UTC 2018
Modified Files:
src/sys/netipsec [netbsd-6-1]: xform_ah.c
Log Message:
Fix previous (Ticket #1530)
To generate a diff of this commit:
cvs rdiff -u -r1.37.8.2 -r1.37.8.3 src/sys/netipsec/xform_ah.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.37.8.2 src/sys/netipsec/xform_ah.c:1.37.8.3
--- src/sys/netipsec/xform_ah.c:1.37.8.2 Thu Feb 15 08:09:30 2018
+++ src/sys/netipsec/xform_ah.c Thu Feb 15 16:49:35 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.37.8.2 2018/02/15 08:09:30 martin Exp $ */
+/* $NetBSD: xform_ah.c,v 1.37.8.3 2018/02/15 16:49:35 martin Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.37.8.2 2018/02/15 08:09:30 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.37.8.3 2018/02/15 16:49:35 martin Exp $");
#include "opt_inet.h"
#ifdef __FreeBSD__
@@ -687,11 +687,10 @@ ah_input(struct mbuf *m, const struct se
return EACCES;
}
if (skip + authsize + rplen > m->m_pkthdr.len) {
- char buf[IPSEC_ADDRSTRLEN];
DPRINTF(("%s: bad mbuf length %u (expecting >= %lu)"
" for packet in SA %s/%08lx\n", __func__,
m->m_pkthdr.len, (u_long)(skip + authsize + rplen),
- ipsec_address(>sah->saidx.dst, buf, sizeof(buf)),
+ ipsec_address(>sah->saidx.dst),
(u_long) ntohl(sav->spi)));
AH_STATINC(AH_STAT_BADAUTHL);
m_freem(m);
CVS commit: [netbsd-6] src/sys/netipsec
Module Name:src
Committed By: martin
Date: Thu Feb 15 16:49:05 UTC 2018
Modified Files:
src/sys/netipsec [netbsd-6]: xform_ah.c
Log Message:
Fix previous (Ticket #1530)
To generate a diff of this commit:
cvs rdiff -u -r1.37.2.2 -r1.37.2.3 src/sys/netipsec/xform_ah.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.37.2.2 src/sys/netipsec/xform_ah.c:1.37.2.3
--- src/sys/netipsec/xform_ah.c:1.37.2.2 Thu Feb 15 08:08:19 2018
+++ src/sys/netipsec/xform_ah.c Thu Feb 15 16:49:04 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.37.2.2 2018/02/15 08:08:19 martin Exp $ */
+/* $NetBSD: xform_ah.c,v 1.37.2.3 2018/02/15 16:49:04 martin Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.37.2.2 2018/02/15 08:08:19 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.37.2.3 2018/02/15 16:49:04 martin Exp $");
#include "opt_inet.h"
#ifdef __FreeBSD__
@@ -687,11 +687,10 @@ ah_input(struct mbuf *m, const struct se
return EACCES;
}
if (skip + authsize + rplen > m->m_pkthdr.len) {
- char buf[IPSEC_ADDRSTRLEN];
DPRINTF(("%s: bad mbuf length %u (expecting >= %lu)"
" for packet in SA %s/%08lx\n", __func__,
m->m_pkthdr.len, (u_long)(skip + authsize + rplen),
- ipsec_address(>sah->saidx.dst, buf, sizeof(buf)),
+ ipsec_address(>sah->saidx.dst),
(u_long) ntohl(sav->spi)));
AH_STATINC(AH_STAT_BADAUTHL);
m_freem(m);
CVS commit: [netbsd-6] src/sys/netipsec
Module Name:src Committed By: martin Date: Thu Feb 15 16:49:05 UTC 2018 Modified Files: src/sys/netipsec [netbsd-6]: xform_ah.c Log Message: Fix previous (Ticket #1530) To generate a diff of this commit: cvs rdiff -u -r1.37.2.2 -r1.37.2.3 src/sys/netipsec/xform_ah.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch
Module Name:src
Committed By: kamil
Date: Thu Feb 15 15:53:57 UTC 2018
Modified Files:
src/sys/arch/aarch64/include: mcontext.h
src/sys/arch/alpha/include: mcontext.h
src/sys/arch/amd64/include: mcontext.h
src/sys/arch/arm/include: mcontext.h
src/sys/arch/hppa/include: mcontext.h
src/sys/arch/i386/include: mcontext.h
src/sys/arch/ia64/include: mcontext.h
src/sys/arch/m68k/include: mcontext.h
src/sys/arch/mips/include: mcontext.h
src/sys/arch/or1k/include: mcontext.h
src/sys/arch/powerpc/include: mcontext.h
src/sys/arch/riscv/include: mcontext.h
src/sys/arch/sh3/include: mcontext.h
src/sys/arch/sparc/include: mcontext.h
src/sys/arch/vax/include: mcontext.h
Log Message:
Introduce _UC_MACHINE_FP() as a macro
_UC_MACHINE_FP() is a helper macro to extract from mcontext a frame pointer.
Don't rely on this interface as a compiler might strip frame pointer or
optimize it making this interface unreliable.
For hppa assume a small frame context, for larger frames FP might be located
in a different register (4 instead of 3).
For ia64 there is no strict frame pointer, and registers might rotate.
Reuse 79 following:
./gcc/config/ia64/ia64.h:#define HARD_FRAME_POINTER_REGNUM LOC_REG (79)
Once ia64 will mature, this should be revisited.
A macro can encapsulate a real function for extracting Frame Pointer on
more complex CPUs / ABIs.
For the remaining CPUs, reuse standard register as defined in appropriate ABI.
The direct users of this macro are LLVM and GCC with Sanitizers.
Proposed on tech-userlevel@.
Sponsored by
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/sys/arch/aarch64/include/mcontext.h
cvs rdiff -u -r1.8 -r1.9 src/sys/arch/alpha/include/mcontext.h
cvs rdiff -u -r1.18 -r1.19 src/sys/arch/amd64/include/mcontext.h
cvs rdiff -u -r1.18 -r1.19 src/sys/arch/arm/include/mcontext.h
cvs rdiff -u -r1.8 -r1.9 src/sys/arch/hppa/include/mcontext.h
cvs rdiff -u -r1.13 -r1.14 src/sys/arch/i386/include/mcontext.h
cvs rdiff -u -r1.5 -r1.6 src/sys/arch/ia64/include/mcontext.h
cvs rdiff -u -r1.9 -r1.10 src/sys/arch/m68k/include/mcontext.h
cvs rdiff -u -r1.21 -r1.22 src/sys/arch/mips/include/mcontext.h
cvs rdiff -u -r1.1 -r1.2 src/sys/arch/or1k/include/mcontext.h
cvs rdiff -u -r1.17 -r1.18 src/sys/arch/powerpc/include/mcontext.h
cvs rdiff -u -r1.4 -r1.5 src/sys/arch/riscv/include/mcontext.h
cvs rdiff -u -r1.10 -r1.11 src/sys/arch/sh3/include/mcontext.h
cvs rdiff -u -r1.13 -r1.14 src/sys/arch/sparc/include/mcontext.h
cvs rdiff -u -r1.8 -r1.9 src/sys/arch/vax/include/mcontext.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/aarch64/include/mcontext.h
diff -u src/sys/arch/aarch64/include/mcontext.h:1.1 src/sys/arch/aarch64/include/mcontext.h:1.2
--- src/sys/arch/aarch64/include/mcontext.h:1.1 Sun Aug 10 05:47:38 2014
+++ src/sys/arch/aarch64/include/mcontext.h Thu Feb 15 15:53:56 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: mcontext.h,v 1.1 2014/08/10 05:47:38 matt Exp $ */
+/* $NetBSD: mcontext.h,v 1.2 2018/02/15 15:53:56 kamil Exp $ */
/*-
* Copyright (c) 2014 The NetBSD Foundation, Inc.
@@ -106,6 +106,7 @@ typedef struct {
#define _UC_TLSBASE 0x0008 /* see */
#define _UC_MACHINE_SP(uc) ((uc)->uc_mcontext.__gregs[_REG_SP])
+#define _UC_MACHINE_FP(uc) ((uc)->uc_mcontext.__gregs[_REG_X29])
#define _UC_MACHINE_PC(uc) ((uc)->uc_mcontext.__gregs[_REG_PC])
#define _UC_MACHINE_INTRV(uc) ((uc)->uc_mcontext.__gregs[_REG_X0])
Index: src/sys/arch/alpha/include/mcontext.h
diff -u src/sys/arch/alpha/include/mcontext.h:1.8 src/sys/arch/alpha/include/mcontext.h:1.9
--- src/sys/arch/alpha/include/mcontext.h:1.8 Wed Sep 12 02:00:54 2012
+++ src/sys/arch/alpha/include/mcontext.h Thu Feb 15 15:53:56 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: mcontext.h,v 1.8 2012/09/12 02:00:54 manu Exp $ */
+/* $NetBSD: mcontext.h,v 1.9 2018/02/15 15:53:56 kamil Exp $ */
/*-
* Copyright (c) 2001 The NetBSD Foundation, Inc.
@@ -96,6 +96,7 @@ typedef struct {
#define _UC_TLSBASE 0x20 /* valid process-unique value in _REG_UNIQUE */
#define _UC_MACHINE_SP(uc) ((uc)->uc_mcontext.__gregs[_REG_SP])
+#define _UC_MACHINE_FP(uc) ((uc)->uc_mcontext.__gregs[_REG_S6])
#define _UC_MACHINE_PC(uc) ((uc)->uc_mcontext.__gregs[_REG_PC])
#define _UC_MACHINE_INTRV(uc) ((uc)->uc_mcontext.__gregs[_REG_V0])
Index: src/sys/arch/amd64/include/mcontext.h
diff -u src/sys/arch/amd64/include/mcontext.h:1.18 src/sys/arch/amd64/include/mcontext.h:1.19
--- src/sys/arch/amd64/include/mcontext.h:1.18 Mon May 12 22:50:03 2014
+++ src/sys/arch/amd64/include/mcontext.h Thu Feb 15 15:53:56 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: mcontext.h,v 1.18 2014/05/12 22:50:03 uebayasi Exp $ */
+/* $NetBSD: mcontext.h,v 1.19 2018/02/15 15:53:56 kamil Exp $ */
/*-
* Copyright (c) 1999 The NetBSD Foundation, Inc.
@@ -68,6 +68,7 @@
CVS commit: src/sys/arch
Module Name:src Committed By: kamil Date: Thu Feb 15 15:53:57 UTC 2018 Modified Files: src/sys/arch/aarch64/include: mcontext.h src/sys/arch/alpha/include: mcontext.h src/sys/arch/amd64/include: mcontext.h src/sys/arch/arm/include: mcontext.h src/sys/arch/hppa/include: mcontext.h src/sys/arch/i386/include: mcontext.h src/sys/arch/ia64/include: mcontext.h src/sys/arch/m68k/include: mcontext.h src/sys/arch/mips/include: mcontext.h src/sys/arch/or1k/include: mcontext.h src/sys/arch/powerpc/include: mcontext.h src/sys/arch/riscv/include: mcontext.h src/sys/arch/sh3/include: mcontext.h src/sys/arch/sparc/include: mcontext.h src/sys/arch/vax/include: mcontext.h Log Message: Introduce _UC_MACHINE_FP() as a macro _UC_MACHINE_FP() is a helper macro to extract from mcontext a frame pointer. Don't rely on this interface as a compiler might strip frame pointer or optimize it making this interface unreliable. For hppa assume a small frame context, for larger frames FP might be located in a different register (4 instead of 3). For ia64 there is no strict frame pointer, and registers might rotate. Reuse 79 following: ./gcc/config/ia64/ia64.h:#define HARD_FRAME_POINTER_REGNUM LOC_REG (79) Once ia64 will mature, this should be revisited. A macro can encapsulate a real function for extracting Frame Pointer on more complex CPUs / ABIs. For the remaining CPUs, reuse standard register as defined in appropriate ABI. The direct users of this macro are LLVM and GCC with Sanitizers. Proposed on tech-userlevel@. Sponsored by To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/sys/arch/aarch64/include/mcontext.h cvs rdiff -u -r1.8 -r1.9 src/sys/arch/alpha/include/mcontext.h cvs rdiff -u -r1.18 -r1.19 src/sys/arch/amd64/include/mcontext.h cvs rdiff -u -r1.18 -r1.19 src/sys/arch/arm/include/mcontext.h cvs rdiff -u -r1.8 -r1.9 src/sys/arch/hppa/include/mcontext.h cvs rdiff -u -r1.13 -r1.14 src/sys/arch/i386/include/mcontext.h cvs rdiff -u -r1.5 -r1.6 src/sys/arch/ia64/include/mcontext.h cvs rdiff -u -r1.9 -r1.10 src/sys/arch/m68k/include/mcontext.h cvs rdiff -u -r1.21 -r1.22 src/sys/arch/mips/include/mcontext.h cvs rdiff -u -r1.1 -r1.2 src/sys/arch/or1k/include/mcontext.h cvs rdiff -u -r1.17 -r1.18 src/sys/arch/powerpc/include/mcontext.h cvs rdiff -u -r1.4 -r1.5 src/sys/arch/riscv/include/mcontext.h cvs rdiff -u -r1.10 -r1.11 src/sys/arch/sh3/include/mcontext.h cvs rdiff -u -r1.13 -r1.14 src/sys/arch/sparc/include/mcontext.h cvs rdiff -u -r1.8 -r1.9 src/sys/arch/vax/include/mcontext.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6-0] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 14:52:41 UTC 2018 Modified Files: src/doc [netbsd-6-0]: CHANGES-6.0.7 Log Message: Ticket #1529 To generate a diff of this commit: cvs rdiff -u -r1.1.2.129 -r1.1.2.130 src/doc/CHANGES-6.0.7 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6-0] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 14:52:41 UTC 2018 Modified Files: src/doc [netbsd-6-0]: CHANGES-6.0.7 Log Message: Ticket #1529 To generate a diff of this commit: cvs rdiff -u -r1.1.2.129 -r1.1.2.130 src/doc/CHANGES-6.0.7 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.0.7 diff -u src/doc/CHANGES-6.0.7:1.1.2.129 src/doc/CHANGES-6.0.7:1.1.2.130 --- src/doc/CHANGES-6.0.7:1.1.2.129 Thu Feb 15 08:12:01 2018 +++ src/doc/CHANGES-6.0.7 Thu Feb 15 14:52:41 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.0.7,v 1.1.2.129 2018/02/15 08:12:01 martin Exp $ +# $NetBSD: CHANGES-6.0.7,v 1.1.2.130 2018/02/15 14:52:41 martin Exp $ A complete list of changes from the NetBSD 6.0.6 release to the NetBSD 6.0.7 release: @@ -15323,3 +15323,8 @@ sys/netipsec/xform_ah.c1.80-1.81 via Fix use-after-free and and add more consistency checks. [maxv, ticket #1530] +sys/netipsec/xform_ipip.c 1.44 via patch + + Fix IPv6-IPsec-AH tunnels. + [maxv, ticket #1529] +
CVS commit: [netbsd-6-0] src/sys/netipsec
Module Name:src Committed By: martin Date: Thu Feb 15 14:51:44 UTC 2018 Modified Files: src/sys/netipsec [netbsd-6-0]: xform_ipip.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1529): sys/netipsec/xform_ipip.c: revision 1.44 via patch PR/52161: Ryota Ozaki: Fix AH tunnel ipsec for ipv6. Compute plen right, don't forget to subtract the ipv6 header length. To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.28.14.1 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6-0] src/sys/netipsec
Module Name:src Committed By: martin Date: Thu Feb 15 14:51:44 UTC 2018 Modified Files: src/sys/netipsec [netbsd-6-0]: xform_ipip.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1529): sys/netipsec/xform_ipip.c: revision 1.44 via patch PR/52161: Ryota Ozaki: Fix AH tunnel ipsec for ipv6. Compute plen right, don't forget to subtract the ipv6 header length. To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.28.14.1 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netipsec/xform_ipip.c diff -u src/sys/netipsec/xform_ipip.c:1.28 src/sys/netipsec/xform_ipip.c:1.28.14.1 --- src/sys/netipsec/xform_ipip.c:1.28 Sun Jul 17 20:54:54 2011 +++ src/sys/netipsec/xform_ipip.c Thu Feb 15 14:51:44 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ipip.c,v 1.28 2011/07/17 20:54:54 joerg Exp $ */ +/* $NetBSD: xform_ipip.c,v 1.28.14.1 2018/02/15 14:51:44 martin Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */ @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.28 2011/07/17 20:54:54 joerg Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.28.14.1 2018/02/15 14:51:44 martin Exp $"); /* * IP-inside-IP processing @@ -566,7 +566,7 @@ ipip_output( ip6o->ip6_flow = 0; ip6o->ip6_vfc &= ~IPV6_VERSION_MASK; ip6o->ip6_vfc |= IPV6_VERSION; - ip6o->ip6_plen = htons(m->m_pkthdr.len); + ip6o->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6o)); ip6o->ip6_hlim = ip_defttl; ip6o->ip6_dst = saidx->dst.sin6.sin6_addr; ip6o->ip6_src = saidx->src.sin6.sin6_addr;
CVS commit: [netbsd-6-1] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 14:50:58 UTC 2018 Modified Files: src/doc [netbsd-6-1]: CHANGES-6.1.6 Log Message: Ticket #1529 To generate a diff of this commit: cvs rdiff -u -r1.1.2.126 -r1.1.2.127 src/doc/CHANGES-6.1.6 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6-1] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 14:50:58 UTC 2018 Modified Files: src/doc [netbsd-6-1]: CHANGES-6.1.6 Log Message: Ticket #1529 To generate a diff of this commit: cvs rdiff -u -r1.1.2.126 -r1.1.2.127 src/doc/CHANGES-6.1.6 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.1.6 diff -u src/doc/CHANGES-6.1.6:1.1.2.126 src/doc/CHANGES-6.1.6:1.1.2.127 --- src/doc/CHANGES-6.1.6:1.1.2.126 Thu Feb 15 08:10:07 2018 +++ src/doc/CHANGES-6.1.6 Thu Feb 15 14:50:57 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.1.6,v 1.1.2.126 2018/02/15 08:10:07 martin Exp $ +# $NetBSD: CHANGES-6.1.6,v 1.1.2.127 2018/02/15 14:50:57 martin Exp $ A complete list of changes from the NetBSD 6.1.5 release to the NetBSD 6.1.6 release: @@ -14996,3 +14996,8 @@ sys/netipsec/xform_ah.c1.80-1.81 via Fix use-after-free and and add more consistency checks. [maxv, ticket #1530] +sys/netipsec/xform_ipip.c 1.44 via patch + + Fix IPv6-IPsec-AH tunnels. + [maxv, ticket #1529] +
CVS commit: [netbsd-6-1] src/sys/netipsec
Module Name:src Committed By: martin Date: Thu Feb 15 14:50:17 UTC 2018 Modified Files: src/sys/netipsec [netbsd-6-1]: xform_ipip.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1529): sys/netipsec/xform_ipip.c: revision 1.44 via patch PR/52161: Ryota Ozaki: Fix AH tunnel ipsec for ipv6. Compute plen right, don't forget to subtract the ipv6 header length. To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.28.22.1 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netipsec/xform_ipip.c diff -u src/sys/netipsec/xform_ipip.c:1.28 src/sys/netipsec/xform_ipip.c:1.28.22.1 --- src/sys/netipsec/xform_ipip.c:1.28 Sun Jul 17 20:54:54 2011 +++ src/sys/netipsec/xform_ipip.c Thu Feb 15 14:50:17 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ipip.c,v 1.28 2011/07/17 20:54:54 joerg Exp $ */ +/* $NetBSD: xform_ipip.c,v 1.28.22.1 2018/02/15 14:50:17 martin Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */ @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.28 2011/07/17 20:54:54 joerg Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.28.22.1 2018/02/15 14:50:17 martin Exp $"); /* * IP-inside-IP processing @@ -566,7 +566,7 @@ ipip_output( ip6o->ip6_flow = 0; ip6o->ip6_vfc &= ~IPV6_VERSION_MASK; ip6o->ip6_vfc |= IPV6_VERSION; - ip6o->ip6_plen = htons(m->m_pkthdr.len); + ip6o->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6o)); ip6o->ip6_hlim = ip_defttl; ip6o->ip6_dst = saidx->dst.sin6.sin6_addr; ip6o->ip6_src = saidx->src.sin6.sin6_addr;
CVS commit: [netbsd-6-1] src/sys/netipsec
Module Name:src Committed By: martin Date: Thu Feb 15 14:50:17 UTC 2018 Modified Files: src/sys/netipsec [netbsd-6-1]: xform_ipip.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1529): sys/netipsec/xform_ipip.c: revision 1.44 via patch PR/52161: Ryota Ozaki: Fix AH tunnel ipsec for ipv6. Compute plen right, don't forget to subtract the ipv6 header length. To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.28.22.1 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 14:49:41 UTC 2018 Modified Files: src/doc [netbsd-6]: CHANGES-6.2 Log Message: Ticket #1529 To generate a diff of this commit: cvs rdiff -u -r1.1.2.322 -r1.1.2.323 src/doc/CHANGES-6.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.2 diff -u src/doc/CHANGES-6.2:1.1.2.322 src/doc/CHANGES-6.2:1.1.2.323 --- src/doc/CHANGES-6.2:1.1.2.322 Thu Feb 15 08:08:58 2018 +++ src/doc/CHANGES-6.2 Thu Feb 15 14:49:40 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.2,v 1.1.2.322 2018/02/15 08:08:58 martin Exp $ +# $NetBSD: CHANGES-6.2,v 1.1.2.323 2018/02/15 14:49:40 martin Exp $ A complete list of changes from the 6.1 release until the 6.2 release: @@ -21054,3 +21054,8 @@ sys/netipsec/xform_ah.c1.80-1.81 via Fix use-after-free and and add more consistency checks. [maxv, ticket #1530] +sys/netipsec/xform_ipip.c 1.44 via patch + + Fix IPv6-IPsec-AH tunnels. + [maxv, ticket #1529] +
CVS commit: [netbsd-6] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 14:49:41 UTC 2018 Modified Files: src/doc [netbsd-6]: CHANGES-6.2 Log Message: Ticket #1529 To generate a diff of this commit: cvs rdiff -u -r1.1.2.322 -r1.1.2.323 src/doc/CHANGES-6.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/netipsec
Module Name:src Committed By: martin Date: Thu Feb 15 14:49:00 UTC 2018 Modified Files: src/sys/netipsec [netbsd-6]: xform_ipip.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1529): sys/netipsec/xform_ipip.c: revision 1.44 via patch PR/52161: Ryota Ozaki: Fix AH tunnel ipsec for ipv6. Compute plen right, don't forget to subtract the ipv6 header length. To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.28.8.1 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netipsec/xform_ipip.c diff -u src/sys/netipsec/xform_ipip.c:1.28 src/sys/netipsec/xform_ipip.c:1.28.8.1 --- src/sys/netipsec/xform_ipip.c:1.28 Sun Jul 17 20:54:54 2011 +++ src/sys/netipsec/xform_ipip.c Thu Feb 15 14:49:00 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ipip.c,v 1.28 2011/07/17 20:54:54 joerg Exp $ */ +/* $NetBSD: xform_ipip.c,v 1.28.8.1 2018/02/15 14:49:00 martin Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */ @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.28 2011/07/17 20:54:54 joerg Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.28.8.1 2018/02/15 14:49:00 martin Exp $"); /* * IP-inside-IP processing @@ -566,7 +566,7 @@ ipip_output( ip6o->ip6_flow = 0; ip6o->ip6_vfc &= ~IPV6_VERSION_MASK; ip6o->ip6_vfc |= IPV6_VERSION; - ip6o->ip6_plen = htons(m->m_pkthdr.len); + ip6o->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6o)); ip6o->ip6_hlim = ip_defttl; ip6o->ip6_dst = saidx->dst.sin6.sin6_addr; ip6o->ip6_src = saidx->src.sin6.sin6_addr;
CVS commit: [netbsd-6] src/sys/netipsec
Module Name:src Committed By: martin Date: Thu Feb 15 14:49:00 UTC 2018 Modified Files: src/sys/netipsec [netbsd-6]: xform_ipip.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1529): sys/netipsec/xform_ipip.c: revision 1.44 via patch PR/52161: Ryota Ozaki: Fix AH tunnel ipsec for ipv6. Compute plen right, don't forget to subtract the ipv6 header length. To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.28.8.1 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7-0] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 14:43:52 UTC 2018 Modified Files: src/doc [netbsd-7-0]: CHANGES-7.0.3 Log Message: Ticket #1567 To generate a diff of this commit: cvs rdiff -u -r1.1.2.81 -r1.1.2.82 src/doc/CHANGES-7.0.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7-0] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 14:43:52 UTC 2018 Modified Files: src/doc [netbsd-7-0]: CHANGES-7.0.3 Log Message: Ticket #1567 To generate a diff of this commit: cvs rdiff -u -r1.1.2.81 -r1.1.2.82 src/doc/CHANGES-7.0.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.0.3 diff -u src/doc/CHANGES-7.0.3:1.1.2.81 src/doc/CHANGES-7.0.3:1.1.2.82 --- src/doc/CHANGES-7.0.3:1.1.2.81 Thu Feb 15 08:06:53 2018 +++ src/doc/CHANGES-7.0.3 Thu Feb 15 14:43:52 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.0.3,v 1.1.2.81 2018/02/15 08:06:53 martin Exp $ +# $NetBSD: CHANGES-7.0.3,v 1.1.2.82 2018/02/15 14:43:52 martin Exp $ A complete list of changes from the NetBSD 7.0.2 release to the NetBSD 7.0.3 release: @@ -5239,3 +5239,8 @@ sys/netipsec/xform_ah.c1.80-1.81 via Fix use-after-free and and add more consistency checks. [maxv, ticket #1568] +sys/netipsec/xform_ipip.c 1.44 + + Fix IPv6-IPsec-AH tunnels. + [maxv, ticket #1567] +
CVS commit: [netbsd-7-0] src/sys/netipsec
Module Name:src Committed By: martin Date: Thu Feb 15 14:43:12 UTC 2018 Modified Files: src/sys/netipsec [netbsd-7-0]: xform_ipip.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1567): sys/netipsec/xform_ipip.c: revision 1.44 PR/52161: Ryota Ozaki: Fix AH tunnel ipsec for ipv6. Compute plen right, don't forget to subtract the ipv6 header length. To generate a diff of this commit: cvs rdiff -u -r1.31 -r1.31.6.1 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netipsec/xform_ipip.c diff -u src/sys/netipsec/xform_ipip.c:1.31 src/sys/netipsec/xform_ipip.c:1.31.6.1 --- src/sys/netipsec/xform_ipip.c:1.31 Thu Jun 5 23:48:17 2014 +++ src/sys/netipsec/xform_ipip.c Thu Feb 15 14:43:12 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ipip.c,v 1.31 2014/06/05 23:48:17 rmind Exp $ */ +/* $NetBSD: xform_ipip.c,v 1.31.6.1 2018/02/15 14:43:12 martin Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */ @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.31 2014/06/05 23:48:17 rmind Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.31.6.1 2018/02/15 14:43:12 martin Exp $"); /* * IP-inside-IP processing @@ -562,7 +562,7 @@ ipip_output( ip6o->ip6_flow = 0; ip6o->ip6_vfc &= ~IPV6_VERSION_MASK; ip6o->ip6_vfc |= IPV6_VERSION; - ip6o->ip6_plen = htons(m->m_pkthdr.len); + ip6o->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6o)); ip6o->ip6_hlim = ip_defttl; ip6o->ip6_dst = saidx->dst.sin6.sin6_addr; ip6o->ip6_src = saidx->src.sin6.sin6_addr;
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 14:42:44 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.2 Log Message: Ticket #1567 To generate a diff of this commit: cvs rdiff -u -r1.1.2.11 -r1.1.2.12 src/doc/CHANGES-7.1.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.2 diff -u src/doc/CHANGES-7.1.2:1.1.2.11 src/doc/CHANGES-7.1.2:1.1.2.12 --- src/doc/CHANGES-7.1.2:1.1.2.11 Thu Feb 15 08:05:41 2018 +++ src/doc/CHANGES-7.1.2 Thu Feb 15 14:42:44 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.2,v 1.1.2.11 2018/02/15 08:05:41 martin Exp $ +# $NetBSD: CHANGES-7.1.2,v 1.1.2.12 2018/02/15 14:42:44 martin Exp $ A complete list of changes from the NetBSD 7.1.1 release to the NetBSD 7.1.2 release: @@ -127,3 +127,8 @@ sys/netipsec/xform_ah.c1.80-1.81 via Fix use-after-free and and add more consistency checks. [maxv, ticket #1568] +sys/netipsec/xform_ipip.c 1.44 + + Fix IPv6-IPsec-AH tunnels. + [maxv, ticket #1567] +
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 14:42:44 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.2 Log Message: Ticket #1567 To generate a diff of this commit: cvs rdiff -u -r1.1.2.11 -r1.1.2.12 src/doc/CHANGES-7.1.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7-0] src/sys/netipsec
Module Name:src Committed By: martin Date: Thu Feb 15 14:43:12 UTC 2018 Modified Files: src/sys/netipsec [netbsd-7-0]: xform_ipip.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1567): sys/netipsec/xform_ipip.c: revision 1.44 PR/52161: Ryota Ozaki: Fix AH tunnel ipsec for ipv6. Compute plen right, don't forget to subtract the ipv6 header length. To generate a diff of this commit: cvs rdiff -u -r1.31 -r1.31.6.1 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7-1] src/sys/netipsec
Module Name:src Committed By: martin Date: Thu Feb 15 14:41:57 UTC 2018 Modified Files: src/sys/netipsec [netbsd-7-1]: xform_ipip.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1567): sys/netipsec/xform_ipip.c: revision 1.44 PR/52161: Ryota Ozaki: Fix AH tunnel ipsec for ipv6. Compute plen right, don't forget to subtract the ipv6 header length. To generate a diff of this commit: cvs rdiff -u -r1.31 -r1.31.10.1 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netipsec/xform_ipip.c diff -u src/sys/netipsec/xform_ipip.c:1.31 src/sys/netipsec/xform_ipip.c:1.31.10.1 --- src/sys/netipsec/xform_ipip.c:1.31 Thu Jun 5 23:48:17 2014 +++ src/sys/netipsec/xform_ipip.c Thu Feb 15 14:41:57 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ipip.c,v 1.31 2014/06/05 23:48:17 rmind Exp $ */ +/* $NetBSD: xform_ipip.c,v 1.31.10.1 2018/02/15 14:41:57 martin Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */ @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.31 2014/06/05 23:48:17 rmind Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.31.10.1 2018/02/15 14:41:57 martin Exp $"); /* * IP-inside-IP processing @@ -562,7 +562,7 @@ ipip_output( ip6o->ip6_flow = 0; ip6o->ip6_vfc &= ~IPV6_VERSION_MASK; ip6o->ip6_vfc |= IPV6_VERSION; - ip6o->ip6_plen = htons(m->m_pkthdr.len); + ip6o->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6o)); ip6o->ip6_hlim = ip_defttl; ip6o->ip6_dst = saidx->dst.sin6.sin6_addr; ip6o->ip6_src = saidx->src.sin6.sin6_addr;
CVS commit: [netbsd-7-1] src/sys/netipsec
Module Name:src Committed By: martin Date: Thu Feb 15 14:41:57 UTC 2018 Modified Files: src/sys/netipsec [netbsd-7-1]: xform_ipip.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1567): sys/netipsec/xform_ipip.c: revision 1.44 PR/52161: Ryota Ozaki: Fix AH tunnel ipsec for ipv6. Compute plen right, don't forget to subtract the ipv6 header length. To generate a diff of this commit: cvs rdiff -u -r1.31 -r1.31.10.1 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 14:40:59 UTC 2018 Modified Files: src/doc [netbsd-7]: CHANGES-7.2 Log Message: Ticket #1567 To generate a diff of this commit: cvs rdiff -u -r1.1.2.67 -r1.1.2.68 src/doc/CHANGES-7.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.2 diff -u src/doc/CHANGES-7.2:1.1.2.67 src/doc/CHANGES-7.2:1.1.2.68 --- src/doc/CHANGES-7.2:1.1.2.67 Thu Feb 15 08:04:07 2018 +++ src/doc/CHANGES-7.2 Thu Feb 15 14:40:59 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.2,v 1.1.2.67 2018/02/15 08:04:07 martin Exp $ +# $NetBSD: CHANGES-7.2,v 1.1.2.68 2018/02/15 14:40:59 martin Exp $ A complete list of changes from the NetBSD 7.1 release to the NetBSD 7.2 release: @@ -5116,3 +5116,8 @@ sys/netipsec/xform_ah.c1.80-1.81 via Fix use-after-free and and add more consistency checks. [maxv, ticket #1568] +sys/netipsec/xform_ipip.c 1.44 + + Fix IPv6-IPsec-AH tunnels. + [maxv, ticket #1567] +
CVS commit: [netbsd-7] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 14:40:59 UTC 2018 Modified Files: src/doc [netbsd-7]: CHANGES-7.2 Log Message: Ticket #1567 To generate a diff of this commit: cvs rdiff -u -r1.1.2.67 -r1.1.2.68 src/doc/CHANGES-7.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/netipsec
Module Name:src Committed By: martin Date: Thu Feb 15 14:39:43 UTC 2018 Modified Files: src/sys/netipsec [netbsd-7]: xform_ipip.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1567): sys/netipsec/xform_ipip.c: revision 1.44 PR/52161: Ryota Ozaki: Fix AH tunnel ipsec for ipv6. Compute plen right, don't forget to subtract the ipv6 header length. To generate a diff of this commit: cvs rdiff -u -r1.31 -r1.31.2.1 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/netipsec
Module Name:src Committed By: martin Date: Thu Feb 15 14:39:43 UTC 2018 Modified Files: src/sys/netipsec [netbsd-7]: xform_ipip.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1567): sys/netipsec/xform_ipip.c: revision 1.44 PR/52161: Ryota Ozaki: Fix AH tunnel ipsec for ipv6. Compute plen right, don't forget to subtract the ipv6 header length. To generate a diff of this commit: cvs rdiff -u -r1.31 -r1.31.2.1 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netipsec/xform_ipip.c diff -u src/sys/netipsec/xform_ipip.c:1.31 src/sys/netipsec/xform_ipip.c:1.31.2.1 --- src/sys/netipsec/xform_ipip.c:1.31 Thu Jun 5 23:48:17 2014 +++ src/sys/netipsec/xform_ipip.c Thu Feb 15 14:39:43 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ipip.c,v 1.31 2014/06/05 23:48:17 rmind Exp $ */ +/* $NetBSD: xform_ipip.c,v 1.31.2.1 2018/02/15 14:39:43 martin Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */ @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.31 2014/06/05 23:48:17 rmind Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.31.2.1 2018/02/15 14:39:43 martin Exp $"); /* * IP-inside-IP processing @@ -562,7 +562,7 @@ ipip_output( ip6o->ip6_flow = 0; ip6o->ip6_vfc &= ~IPV6_VERSION_MASK; ip6o->ip6_vfc |= IPV6_VERSION; - ip6o->ip6_plen = htons(m->m_pkthdr.len); + ip6o->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6o)); ip6o->ip6_hlim = ip_defttl; ip6o->ip6_dst = saidx->dst.sin6.sin6_addr; ip6o->ip6_src = saidx->src.sin6.sin6_addr;
CVS commit: [netbsd-8] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 14:29:45 UTC 2018 Modified Files: src/doc [netbsd-8]: CHANGES-8.0 Log Message: Ticket #551 To generate a diff of this commit: cvs rdiff -u -r1.1.2.125 -r1.1.2.126 src/doc/CHANGES-8.0 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-8.0 diff -u src/doc/CHANGES-8.0:1.1.2.125 src/doc/CHANGES-8.0:1.1.2.126 --- src/doc/CHANGES-8.0:1.1.2.125 Thu Feb 15 08:27:24 2018 +++ src/doc/CHANGES-8.0 Thu Feb 15 14:29:45 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-8.0,v 1.1.2.125 2018/02/15 08:27:24 martin Exp $ +# $NetBSD: CHANGES-8.0,v 1.1.2.126 2018/02/15 14:29:45 martin Exp $ A complete list of changes from the initial NetBSD 8.0 branch on 2017-06-04 until the 8.0 release: @@ -9658,3 +9658,8 @@ sbin/fsck_ffs/pass1.c1.58 allocated and clear it as ffs_newvnode() tests for "blocks == 0". [hannken, ticket #550] +sys/netipsec/xform_ipip.c 1.56-1.63 + + Sync IPsec-Tunnel with NetBSD-current, fix several bugs. + [maxv, ticket #551] +
CVS commit: [netbsd-8] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 14:29:45 UTC 2018 Modified Files: src/doc [netbsd-8]: CHANGES-8.0 Log Message: Ticket #551 To generate a diff of this commit: cvs rdiff -u -r1.1.2.125 -r1.1.2.126 src/doc/CHANGES-8.0 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/netipsec
Module Name:src Committed By: martin Date: Thu Feb 15 14:28:38 UTC 2018 Modified Files: src/sys/netipsec [netbsd-8]: xform_ipip.c Log Message: Pull up following revision(s) (requested by maxv in ticket #551): sys/netipsec/xform_ipip.c: revision 1.56-1.63 Fix use-after-free. There is a path where the mbuf gets pulled up without a proper mtod afterwards: 218 ipo = mtod(m, struct ip *); 281 m = m_pullup(m, hlen); 232 ipo->ip_src.s_addr Found by Mootja. Meanwhile it seems to me that 'ipo' should be set to NULL if the inner packet is IPv6, but I'll revisit that later. As I said in my last commit in this file, ipo should be set to NULL; otherwise the 'local address spoofing' check below is always wrong on IPv6. Style and remove dead code. dedup Fix the IPIP_STAT_IBYTES stats; we did m_adj(m, iphlen) which substracted iphlen, so no need to re-substract it again. Remove broken MROUTING code, rename ipo->ip4, and simplify. To generate a diff of this commit: cvs rdiff -u -r1.49.2.2 -r1.49.2.3 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/netipsec
Module Name:src
Committed By: martin
Date: Thu Feb 15 14:28:38 UTC 2018
Modified Files:
src/sys/netipsec [netbsd-8]: xform_ipip.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #551):
sys/netipsec/xform_ipip.c: revision 1.56-1.63
Fix use-after-free. There is a path where the mbuf gets pulled up without
a proper mtod afterwards:
218 ipo = mtod(m, struct ip *);
281 m = m_pullup(m, hlen);
232 ipo->ip_src.s_addr
Found by Mootja.
Meanwhile it seems to me that 'ipo' should be set to NULL if the inner
packet is IPv6, but I'll revisit that later.
As I said in my last commit in this file, ipo should be set to NULL;
otherwise the 'local address spoofing' check below is always wrong on
IPv6.
Style and remove dead code.
dedup
Fix the IPIP_STAT_IBYTES stats; we did m_adj(m, iphlen) which substracted
iphlen, so no need to re-substract it again.
Remove broken MROUTING code, rename ipo->ip4, and simplify.
To generate a diff of this commit:
cvs rdiff -u -r1.49.2.2 -r1.49.2.3 src/sys/netipsec/xform_ipip.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_ipip.c
diff -u src/sys/netipsec/xform_ipip.c:1.49.2.2 src/sys/netipsec/xform_ipip.c:1.49.2.3
--- src/sys/netipsec/xform_ipip.c:1.49.2.2 Sun Dec 10 09:41:32 2017
+++ src/sys/netipsec/xform_ipip.c Thu Feb 15 14:28:38 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipip.c,v 1.49.2.2 2017/12/10 09:41:32 snj Exp $ */
+/* $NetBSD: xform_ipip.c,v 1.49.2.3 2018/02/15 14:28:38 martin Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */
@@ -39,7 +39,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.49.2.2 2017/12/10 09:41:32 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.49.2.3 2018/02/15 14:28:38 martin Exp $");
/*
* IP-inside-IP processing
@@ -74,10 +74,6 @@ __KERNEL_RCSID(0, "$NetBSD: xform_ipip.c
#include
-#ifdef MROUTING
-#include
-#endif
-
#ifdef INET6
#include
#include
@@ -88,84 +84,41 @@ __KERNEL_RCSID(0, "$NetBSD: xform_ipip.c
#include
#include
-typedef void pr_in_input_t (struct mbuf *m, ...);
+/* XXX IPCOMP */
+#define M_IPSEC (M_AUTHIPHDR|M_AUTHIPDGM|M_DECRYPTED)
-/*
- * We can control the acceptance of IP4 packets by altering the sysctl
- * net.inet.ipip.allow value. Zero means drop them, all else is acceptance.
- */
-int ipip_allow = 0;
+typedef void pr_in_input_t(struct mbuf *m, ...);
+int ipip_allow = 0;
percpu_t *ipipstat_percpu;
-#ifdef SYSCTL_DECL
-SYSCTL_DECL(_net_inet_ipip);
-
-SYSCTL_INT(_net_inet_ipip, OID_AUTO,
- ipip_allow, CTLFLAG_RW, _allow, 0, "");
-SYSCTL_STRUCT(_net_inet_ipip, IPSECCTL_STATS,
- stats, CTLFLAG_RD, , ipipstat, "");
-
-#endif
-
void ipe4_attach(void);
-
-/* XXX IPCOMP */
-#define M_IPSEC (M_AUTHIPHDR|M_AUTHIPDGM|M_DECRYPTED)
-
static void _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp);
#ifdef INET6
-/*
- * Really only a wrapper for ipip_input(), for use with IPv6.
- */
int
ip4_input6(struct mbuf **m, int *offp, int proto, void *eparg __unused)
{
-#if 0
- /* If we do not accept IP-in-IP explicitly, drop. */
- if (!ipip_allow && ((*m)->m_flags & M_IPSEC) == 0) {
- DPRINTF(("%s: dropped due to policy\n", __func__));
- IPIP_STATINC(IPIP_STAT_PDROPS);
- m_freem(*m);
- return IPPROTO_DONE;
- }
-#endif
_ipip_input(*m, *offp, NULL);
return IPPROTO_DONE;
}
-#endif /* INET6 */
+#endif
#ifdef INET
-/*
- * Really only a wrapper for ipip_input(), for use with IPv4.
- */
void
ip4_input(struct mbuf *m, int off, int proto, void *eparg __unused)
{
-
-#if 0
- /* If we do not accept IP-in-IP explicitly, drop. */
- if (!ipip_allow && (m->m_flags & M_IPSEC) == 0) {
- DPRINTF(("%s: dropped due to policy\n", __func__));
- IPIP_STATINC(IPIP_STAT_PDROPS);
- m_freem(m);
- return;
- }
-#endif
-
_ipip_input(m, off, NULL);
}
-#endif /* INET */
+#endif
/*
* ipip_input gets called when we receive an IP{46} encapsulated packet,
* either because we got it at a real interface, or because AH or ESP
* were being used in tunnel mode (in which case the rcvif element will
- * contain the address of the encX interface associated with the tunnel.
+ * contain the address of the encX interface associated with the tunnel).
*/
-
static void
_ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
{
@@ -173,7 +126,7 @@ _ipip_input(struct mbuf *m, int iphlen,
register struct ifnet *ifp;
register struct ifaddr *ifa;
pktqueue_t *pktq = NULL;
- struct ip *ipo;
+ struct ip *ip4 = NULL;
#ifdef INET6
register struct sockaddr_in6 *sin6;
struct ip6_hdr *ip6 = NULL;
@@ -189,21 +142,21 @@ _ipip_input(struct mbuf *m, int iphlen,
switch (v >> 4) {
#ifdef INET
-case 4:
+ case 4:
hlen = sizeof(struct ip);
break;
-#endif /* INET */
+#endif
#ifdef INET6
-
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Thu Feb 15 13:51:32 UTC 2018 Modified Files: src/sys/netipsec: xform_ipcomp.c Log Message: Style and simplify. To generate a diff of this commit: cvs rdiff -u -r1.56 -r1.57 src/sys/netipsec/xform_ipcomp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/netipsec
Module Name:src
Committed By: maxv
Date: Thu Feb 15 13:51:32 UTC 2018
Modified Files:
src/sys/netipsec: xform_ipcomp.c
Log Message:
Style and simplify.
To generate a diff of this commit:
cvs rdiff -u -r1.56 -r1.57 src/sys/netipsec/xform_ipcomp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_ipcomp.c
diff -u src/sys/netipsec/xform_ipcomp.c:1.56 src/sys/netipsec/xform_ipcomp.c:1.57
--- src/sys/netipsec/xform_ipcomp.c:1.56 Thu Feb 15 04:24:32 2018
+++ src/sys/netipsec/xform_ipcomp.c Thu Feb 15 13:51:32 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipcomp.c,v 1.56 2018/02/15 04:24:32 ozaki-r Exp $ */
+/* $NetBSD: xform_ipcomp.c,v 1.57 2018/02/15 13:51:32 maxv Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */
@@ -30,7 +30,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.56 2018/02/15 04:24:32 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.57 2018/02/15 13:51:32 maxv Exp $");
/* IP payload compression protocol (IPComp), see RFC 2393 */
#if defined(_KERNEL_OPT)
@@ -74,7 +74,7 @@ __KERNEL_RCSID(0, "$NetBSD: xform_ipcomp
percpu_t *ipcompstat_percpu;
-int ipcomp_enable = 1;
+int ipcomp_enable = 1;
#ifdef __FreeBSD__
SYSCTL_DECL(_net_inet_ipcomp);
@@ -258,7 +258,7 @@ ipcomp_input_cb(struct cryptop *crp)
struct secasindex *saidx __diagused;
int hlen = IPCOMP_HLENGTH, error, clen;
uint8_t nproto;
- void *addr;
+ struct ipcomp *ipc;
uint16_t dport;
uint16_t sport;
IPSEC_DECLARE_LOCK_VARIABLE;
@@ -303,27 +303,28 @@ ipcomp_input_cb(struct cryptop *crp)
/* Update the counters */
IPCOMP_STATADD(IPCOMP_STAT_IBYTES, m->m_pkthdr.len - skip - hlen);
-
- clen = crp->crp_olen; /* Length of data after processing */
+ /* Length of data after processing */
+ clen = crp->crp_olen;
/* Release the crypto descriptors */
pool_cache_put(ipcomp_tdb_crypto_pool_cache, tc);
tc = NULL;
- crypto_freereq(crp), crp = NULL;
+ crypto_freereq(crp);
+ crp = NULL;
/* In case it's not done already, adjust the size of the mbuf chain */
m->m_pkthdr.len = clen + hlen + skip;
if (m->m_len < skip + hlen && (m = m_pullup(m, skip + hlen)) == 0) {
- IPCOMP_STATINC(IPCOMP_STAT_HDROPS); /*XXX*/
+ IPCOMP_STATINC(IPCOMP_STAT_HDROPS);
DPRINTF(("%s: m_pullup failed\n", __func__));
- error = EINVAL;/*XXX*/
+ error = EINVAL;
goto bad;
}
/* Keep the next protocol field */
- addr = (uint8_t*) mtod(m, struct ip *) + skip;
- nproto = ((struct ipcomp *) addr)->comp_nxt;
+ ipc = (struct ipcomp *)(mtod(m, uint8_t *) + skip);
+ nproto = ipc->comp_nxt;
switch (nproto) {
case IPPROTO_IPCOMP:
case IPPROTO_AH:
@@ -349,13 +350,14 @@ ipcomp_input_cb(struct cryptop *crp)
}
/* Restore the Next Protocol field */
- m_copyback(m, protoff, sizeof(uint8_t), (uint8_t *) );
+ m_copyback(m, protoff, sizeof(uint8_t), (uint8_t *));
IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff);
KEY_SA_UNREF();
IPSEC_RELEASE_GLOBAL_LOCKS();
return error;
+
bad:
if (sav)
KEY_SA_UNREF();
@@ -373,14 +375,8 @@ bad:
* IPComp output routine, called by ipsec[46]_process_packet()
*/
static int
-ipcomp_output(
-struct mbuf *m,
-const struct ipsecrequest *isr,
-struct secasvar *sav,
-struct mbuf **mp,
-int skip,
-int protoff
-)
+ipcomp_output(struct mbuf *m, const struct ipsecrequest *isr,
+struct secasvar *sav, struct mbuf **mp, int skip, int protoff)
{
char buf[IPSEC_ADDRSTRLEN];
const struct comp_algo *ipcompx;
@@ -394,9 +390,10 @@ ipcomp_output(
KASSERT(sav->tdb_compalgxform != NULL);
ipcompx = sav->tdb_compalgxform;
- ralen = m->m_pkthdr.len - skip; /* Raw payload length before comp. */
-
-/* Don't process the packet if it is too short */
+ /* Raw payload length before comp. */
+ ralen = m->m_pkthdr.len - skip;
+
+ /* Don't process the packet if it is too short */
if (ralen < ipcompx->minlen) {
IPCOMP_STATINC(IPCOMP_STAT_MINLEN);
return ipsec_process_done(m, isr, sav);
@@ -410,14 +407,14 @@ ipcomp_output(
switch (sav->sah->saidx.dst.sa.sa_family) {
#ifdef INET
case AF_INET:
- maxpacketsize = IP_MAXPACKET;
+ maxpacketsize = IP_MAXPACKET;
break;
-#endif /* INET */
+#endif
#ifdef INET6
case AF_INET6:
- maxpacketsize = IPV6_MAXPACKET;
+ maxpacketsize = IPV6_MAXPACKET;
break;
-#endif /* INET6 */
+#endif
default:
IPCOMP_STATINC(IPCOMP_STAT_NOPF);
DPRINTF(("%s: unknown/unsupported protocol family %d"
@@ -522,10 +519,11 @@ ipcomp_output(
crp->crp_sid = sav->tdb_cryptoid;
return crypto_dispatch(crp);
+
bad:
if (m)
m_freem(m);
- return (error);
+ return error;
}
/*
@@ -594,18 +592,18 @@ ipcomp_output_cb(struct cryptop *crp)
#ifdef INET
case AF_INET:
ipcomp->comp_nxt = mtod(m, struct ip *)->ip_p;
- break;
-#endif /* INET */
+
CVS commit: src/sys/netipsec
Module Name:src
Committed By: maxv
Date: Thu Feb 15 12:40:12 UTC 2018
Modified Files:
src/sys/netipsec: xform_esp.c
Log Message:
Style a bit, and if we don't know the pad-filling policy use
SADB_X_EXT_PZERO by default.
There doesn't seem to be a sanity check in the keysock API to make sure
this place is never reached, and it's better to fill in with zeros than
not filling in at all (and leaking uninitialized mbuf data).
To generate a diff of this commit:
cvs rdiff -u -r1.76 -r1.77 src/sys/netipsec/xform_esp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_esp.c
diff -u src/sys/netipsec/xform_esp.c:1.76 src/sys/netipsec/xform_esp.c:1.77
--- src/sys/netipsec/xform_esp.c:1.76 Thu Feb 15 04:24:32 2018
+++ src/sys/netipsec/xform_esp.c Thu Feb 15 12:40:12 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_esp.c,v 1.76 2018/02/15 04:24:32 ozaki-r Exp $ */
+/* $NetBSD: xform_esp.c,v 1.77 2018/02/15 12:40:12 maxv Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
@@ -39,7 +39,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.76 2018/02/15 04:24:32 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.77 2018/02/15 12:40:12 maxv Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -87,7 +87,7 @@ __KERNEL_RCSID(0, "$NetBSD: xform_esp.c,
percpu_t *espstat_percpu;
-int esp_enable = 1;
+int esp_enable = 1;
#ifdef __FreeBSD__
SYSCTL_DECL(_net_inet_esp);
@@ -97,7 +97,7 @@ SYSCTL_STRUCT(_net_inet_esp, IPSECCTL_ST
stats, CTLFLAG_RD, , espstat, "");
#endif /* __FreeBSD__ */
-static int esp_max_ivlen; /* max iv length over all algorithms */
+static int esp_max_ivlen; /* max iv length over all algorithms */
static int esp_input_cb(struct cryptop *op);
static int esp_output_cb(struct cryptop *crp);
@@ -696,14 +696,8 @@ bad:
* ESP output routine, called by ipsec[46]_process_packet().
*/
static int
-esp_output(
-struct mbuf *m,
-const struct ipsecrequest *isr,
-struct secasvar *sav,
-struct mbuf **mp,
-int skip,
-int protoff
-)
+esp_output(struct mbuf *m, const struct ipsecrequest *isr, struct secasvar *sav,
+struct mbuf **mp, int skip, int protoff)
{
char buf[IPSEC_ADDRSTRLEN];
const struct enc_xform *espx;
@@ -754,12 +748,12 @@ esp_output(
case AF_INET:
maxpacketsize = IP_MAXPACKET;
break;
-#endif /* INET */
+#endif
#ifdef INET6
case AF_INET6:
maxpacketsize = IPV6_MAXPACKET;
break;
-#endif /* INET6 */
+#endif
default:
DPRINTF(("%s: unknown/unsupported protocol family %d, "
"SA %s/%08lx\n", __func__, saidx->dst.sa.sa_family,
@@ -800,7 +794,7 @@ esp_output(
"%s/%08lx\n", __func__, hlen,
ipsec_address(>dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi)));
- ESP_STATINC(ESP_STAT_HDROPS); /* XXX diffs from openbsd */
+ ESP_STATINC(ESP_STAT_HDROPS);
error = ENOBUFS;
goto bad;
}
@@ -837,19 +831,19 @@ esp_output(
/*
* Add padding: random, zero, or self-describing.
- * XXX catch unexpected setting
*/
switch (sav->flags & SADB_X_EXT_PMASK) {
+ case SADB_X_EXT_PSEQ:
+ for (i = 0; i < padding - 2; i++)
+ pad[i] = i+1;
+ break;
case SADB_X_EXT_PRAND:
- (void) cprng_fast(pad, padding - 2);
+ (void)cprng_fast(pad, padding - 2);
break;
case SADB_X_EXT_PZERO:
+ default:
memset(pad, 0, padding - 2);
break;
- case SADB_X_EXT_PSEQ:
- for (i = 0; i < padding - 2; i++)
- pad[i] = i+1;
- break;
}
/* Fix padding length and Next Protocol in padding itself. */
@@ -958,10 +952,11 @@ esp_output(
}
return crypto_dispatch(crp);
+
bad:
if (m)
m_freem(m);
- return (error);
+ return error;
}
/*
@@ -1035,6 +1030,7 @@ esp_output_cb(struct cryptop *crp)
KEY_SP_UNREF(>sp);
IPSEC_RELEASE_GLOBAL_LOCKS();
return err;
+
bad:
if (sav)
KEY_SA_UNREF();
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Thu Feb 15 12:40:12 UTC 2018 Modified Files: src/sys/netipsec: xform_esp.c Log Message: Style a bit, and if we don't know the pad-filling policy use SADB_X_EXT_PZERO by default. There doesn't seem to be a sanity check in the keysock API to make sure this place is never reached, and it's better to fill in with zeros than not filling in at all (and leaking uninitialized mbuf data). To generate a diff of this commit: cvs rdiff -u -r1.76 -r1.77 src/sys/netipsec/xform_esp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Thu Feb 15 10:41:51 UTC 2018 Modified Files: src/sys/netipsec: xform_ipip.c Log Message: Remove broken MROUTING code, rename ipo->ip4, and simplify. To generate a diff of this commit: cvs rdiff -u -r1.62 -r1.63 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/netipsec
Module Name:src
Committed By: maxv
Date: Thu Feb 15 10:41:51 UTC 2018
Modified Files:
src/sys/netipsec: xform_ipip.c
Log Message:
Remove broken MROUTING code, rename ipo->ip4, and simplify.
To generate a diff of this commit:
cvs rdiff -u -r1.62 -r1.63 src/sys/netipsec/xform_ipip.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_ipip.c
diff -u src/sys/netipsec/xform_ipip.c:1.62 src/sys/netipsec/xform_ipip.c:1.63
--- src/sys/netipsec/xform_ipip.c:1.62 Thu Feb 15 10:28:49 2018
+++ src/sys/netipsec/xform_ipip.c Thu Feb 15 10:41:51 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipip.c,v 1.62 2018/02/15 10:28:49 maxv Exp $ */
+/* $NetBSD: xform_ipip.c,v 1.63 2018/02/15 10:41:51 maxv Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */
@@ -39,7 +39,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.62 2018/02/15 10:28:49 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.63 2018/02/15 10:41:51 maxv Exp $");
/*
* IP-inside-IP processing
@@ -74,10 +74,6 @@ __KERNEL_RCSID(0, "$NetBSD: xform_ipip.c
#include
-#ifdef MROUTING
-#include
-#endif
-
#ifdef INET6
#include
#include
@@ -130,7 +126,7 @@ _ipip_input(struct mbuf *m, int iphlen,
register struct ifnet *ifp;
register struct ifaddr *ifa;
pktqueue_t *pktq = NULL;
- struct ip *ipo;
+ struct ip *ip4 = NULL;
#ifdef INET6
register struct sockaddr_in6 *sin6;
struct ip6_hdr *ip6 = NULL;
@@ -172,23 +168,11 @@ _ipip_input(struct mbuf *m, int iphlen,
}
}
- ipo = mtod(m, struct ip *);
-
-#ifdef MROUTING
- /* XXX: DEAD AND BROKEN! */
- if (ipo->ip_v == IPVERSION && ipo->ip_p == IPPROTO_IPV4) {
- if (IN_MULTICAST(((struct ip *)((char *)ipo + iphlen))->ip_dst.s_addr)) {
- ipip_mroute_input(m, iphlen);
- return;
- }
- }
-#endif
-
/* Keep outer ecn field. */
switch (v >> 4) {
#ifdef INET
case 4:
- otos = ipo->ip_tos;
+ otos = mtod(m, struct ip *)->ip_tos;
break;
#endif
#ifdef INET6
@@ -254,18 +238,17 @@ _ipip_input(struct mbuf *m, int iphlen,
switch (v >> 4) {
#ifdef INET
case 4:
- ipo = mtod(m, struct ip *);
- ip_ecn_egress(ip4_ipsec_ecn, , >ip_tos);
+ ip4 = mtod(m, struct ip *);
+ ip_ecn_egress(ip4_ipsec_ecn, , >ip_tos);
break;
#endif
#ifdef INET6
case 6:
- ipo = NULL;
ip6 = mtod(m, struct ip6_hdr *);
itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
ip_ecn_egress(ip6_ipsec_ecn, , );
ip6->ip6_flow &= ~htonl(0xff << 20);
- ip6->ip6_flow |= htonl((uint32_t) itos << 20);
+ ip6->ip6_flow |= htonl((uint32_t)itos << 20);
break;
#endif
default:
@@ -280,7 +263,7 @@ _ipip_input(struct mbuf *m, int iphlen,
IFNET_READER_FOREACH(ifp) {
IFADDR_READER_FOREACH(ifa, ifp) {
#ifdef INET
-if (ipo) {
+if (ip4) {
if (ifa->ifa_addr->sa_family !=
AF_INET)
continue;
@@ -288,7 +271,7 @@ _ipip_input(struct mbuf *m, int iphlen,
sin = (struct sockaddr_in *) ifa->ifa_addr;
if (sin->sin_addr.s_addr ==
- ipo->ip_src.s_addr) {
+ ip4->ip_src.s_addr) {
pserialize_read_exit(s);
IPIP_STATINC(IPIP_STAT_SPOOF);
m_freem(m);
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Thu Feb 15 10:28:50 UTC 2018 Modified Files: src/sys/netipsec: xform_ipip.c Log Message: Fix the IPIP_STAT_IBYTES stats; we did m_adj(m, iphlen) which substracted iphlen, so no need to re-substract it again. To generate a diff of this commit: cvs rdiff -u -r1.61 -r1.62 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netipsec/xform_ipip.c diff -u src/sys/netipsec/xform_ipip.c:1.61 src/sys/netipsec/xform_ipip.c:1.62 --- src/sys/netipsec/xform_ipip.c:1.61 Thu Feb 15 10:21:39 2018 +++ src/sys/netipsec/xform_ipip.c Thu Feb 15 10:28:49 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ipip.c,v 1.61 2018/02/15 10:21:39 maxv Exp $ */ +/* $NetBSD: xform_ipip.c,v 1.62 2018/02/15 10:28:49 maxv Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */ @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.61 2018/02/15 10:21:39 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.62 2018/02/15 10:28:49 maxv Exp $"); /* * IP-inside-IP processing @@ -319,8 +319,8 @@ _ipip_input(struct mbuf *m, int iphlen, pserialize_read_exit(s); } - /* Statistics */ - IPIP_STATADD(IPIP_STAT_IBYTES, m->m_pkthdr.len - iphlen); + /* Statistics: m->m_pkthdr.len is the length of the inner packet */ + IPIP_STATADD(IPIP_STAT_IBYTES, m->m_pkthdr.len); /* * Interface pointer stays the same; if no IPsec processing has
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Thu Feb 15 10:28:50 UTC 2018 Modified Files: src/sys/netipsec: xform_ipip.c Log Message: Fix the IPIP_STAT_IBYTES stats; we did m_adj(m, iphlen) which substracted iphlen, so no need to re-substract it again. To generate a diff of this commit: cvs rdiff -u -r1.61 -r1.62 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Thu Feb 15 10:21:39 UTC 2018 Modified Files: src/sys/netipsec: xform_ipip.c Log Message: dedup again To generate a diff of this commit: cvs rdiff -u -r1.60 -r1.61 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/netipsec
Module Name:src
Committed By: maxv
Date: Thu Feb 15 10:21:39 UTC 2018
Modified Files:
src/sys/netipsec: xform_ipip.c
Log Message:
dedup again
To generate a diff of this commit:
cvs rdiff -u -r1.60 -r1.61 src/sys/netipsec/xform_ipip.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_ipip.c
diff -u src/sys/netipsec/xform_ipip.c:1.60 src/sys/netipsec/xform_ipip.c:1.61
--- src/sys/netipsec/xform_ipip.c:1.60 Thu Feb 15 10:09:53 2018
+++ src/sys/netipsec/xform_ipip.c Thu Feb 15 10:21:39 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipip.c,v 1.60 2018/02/15 10:09:53 maxv Exp $ */
+/* $NetBSD: xform_ipip.c,v 1.61 2018/02/15 10:21:39 maxv Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */
@@ -39,7 +39,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.60 2018/02/15 10:09:53 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.61 2018/02/15 10:21:39 maxv Exp $");
/*
* IP-inside-IP processing
@@ -216,11 +216,13 @@ _ipip_input(struct mbuf *m, int iphlen,
#ifdef INET
case 4:
hlen = sizeof(struct ip);
+ pktq = ip_pktq;
break;
#endif
#ifdef INET6
case 6:
hlen = sizeof(struct ip6_hdr);
+ pktq = ip6_pktq;
break;
#endif
default:
@@ -328,21 +330,6 @@ _ipip_input(struct mbuf *m, int iphlen,
* untrusted packets.
*/
- switch (v >> 4) {
-#ifdef INET
- case 4:
- pktq = ip_pktq;
- break;
-#endif
-#ifdef INET6
- case 6:
- pktq = ip6_pktq;
- break;
-#endif
- default:
- panic("%s: should never reach here", __func__);
- }
-
int s = splnet();
if (__predict_false(!pktq_enqueue(pktq, m, 0))) {
IPIP_STATINC(IPIP_STAT_QFULL);
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Thu Feb 15 10:09:54 UTC 2018 Modified Files: src/sys/netipsec: xform_ipip.c Log Message: dedup To generate a diff of this commit: cvs rdiff -u -r1.59 -r1.60 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/netipsec
Module Name:src
Committed By: maxv
Date: Thu Feb 15 10:09:54 UTC 2018
Modified Files:
src/sys/netipsec: xform_ipip.c
Log Message:
dedup
To generate a diff of this commit:
cvs rdiff -u -r1.59 -r1.60 src/sys/netipsec/xform_ipip.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_ipip.c
diff -u src/sys/netipsec/xform_ipip.c:1.59 src/sys/netipsec/xform_ipip.c:1.60
--- src/sys/netipsec/xform_ipip.c:1.59 Thu Feb 15 10:04:43 2018
+++ src/sys/netipsec/xform_ipip.c Thu Feb 15 10:09:53 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipip.c,v 1.59 2018/02/15 10:04:43 maxv Exp $ */
+/* $NetBSD: xform_ipip.c,v 1.60 2018/02/15 10:09:53 maxv Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */
@@ -39,7 +39,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.59 2018/02/15 10:04:43 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.60 2018/02/15 10:09:53 maxv Exp $");
/*
* IP-inside-IP processing
@@ -358,7 +358,7 @@ ipip_output(struct mbuf *m, const struct
char buf[IPSEC_ADDRSTRLEN];
uint8_t tp, otos;
struct secasindex *saidx;
- int error;
+ int error, iphlen;
#ifdef INET
uint8_t itos;
struct ip *ipo;
@@ -399,8 +399,9 @@ ipip_output(struct mbuf *m, const struct
goto bad;
}
- ipo = mtod(m, struct ip *);
+ iphlen = sizeof(struct ip);
+ ipo = mtod(m, struct ip *);
ipo->ip_v = IPVERSION;
ipo->ip_hl = 5;
ipo->ip_len = htons(m->m_pkthdr.len);
@@ -482,6 +483,8 @@ ipip_output(struct mbuf *m, const struct
goto bad;
}
+ iphlen = sizeof(struct ip6_hdr);
+
/* Initialize IPv6 header */
ip6o = mtod(m, struct ip6_hdr *);
ip6o->ip6_flow = 0;
@@ -532,37 +535,18 @@ nofamily:
DPRINTF(("%s: unsupported protocol family %u\n", __func__,
saidx->dst.sa.sa_family));
IPIP_STATINC(IPIP_STAT_FAMILY);
- error = EAFNOSUPPORT; /* XXX diffs from openbsd */
+ error = EAFNOSUPPORT;
goto bad;
}
IPIP_STATINC(IPIP_STAT_OPACKETS);
- *mp = m;
-
-#ifdef INET
- if (saidx->dst.sa.sa_family == AF_INET) {
+ IPIP_STATADD(IPIP_STAT_OBYTES, m->m_pkthdr.len - iphlen);
#if 0
- if (sav->tdb_xform->xf_type == XF_IP4)
- tdb->tdb_cur_bytes +=
- m->m_pkthdr.len - sizeof(struct ip);
+ if (sav->tdb_xform->xf_type == XF_IP4)
+ tdb->tdb_cur_bytes += m->m_pkthdr.len - iphlen;
#endif
- IPIP_STATADD(IPIP_STAT_OBYTES,
- m->m_pkthdr.len - sizeof(struct ip));
- }
-#endif /* INET */
-
-#ifdef INET6
- if (saidx->dst.sa.sa_family == AF_INET6) {
-#if 0
- if (sav->tdb_xform->xf_type == XF_IP4)
- tdb->tdb_cur_bytes +=
- m->m_pkthdr.len - sizeof(struct ip6_hdr);
-#endif
- IPIP_STATADD(IPIP_STAT_OBYTES,
- m->m_pkthdr.len - sizeof(struct ip6_hdr));
- }
-#endif /* INET6 */
+ *mp = m;
return 0;
bad:
CVS commit: src/sys/netipsec
Module Name:src
Committed By: maxv
Date: Thu Feb 15 10:04:43 UTC 2018
Modified Files:
src/sys/netipsec: xform_ipip.c
Log Message:
Style and remove dead code.
To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.59 src/sys/netipsec/xform_ipip.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_ipip.c
diff -u src/sys/netipsec/xform_ipip.c:1.58 src/sys/netipsec/xform_ipip.c:1.59
--- src/sys/netipsec/xform_ipip.c:1.58 Wed Jan 24 14:39:14 2018
+++ src/sys/netipsec/xform_ipip.c Thu Feb 15 10:04:43 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipip.c,v 1.58 2018/01/24 14:39:14 maxv Exp $ */
+/* $NetBSD: xform_ipip.c,v 1.59 2018/02/15 10:04:43 maxv Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */
@@ -39,7 +39,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.58 2018/01/24 14:39:14 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.59 2018/02/15 10:04:43 maxv Exp $");
/*
* IP-inside-IP processing
@@ -88,84 +88,41 @@ __KERNEL_RCSID(0, "$NetBSD: xform_ipip.c
#include
#include
-typedef void pr_in_input_t (struct mbuf *m, ...);
+/* XXX IPCOMP */
+#define M_IPSEC (M_AUTHIPHDR|M_AUTHIPDGM|M_DECRYPTED)
-/*
- * We can control the acceptance of IP4 packets by altering the sysctl
- * net.inet.ipip.allow value. Zero means drop them, all else is acceptance.
- */
-int ipip_allow = 0;
+typedef void pr_in_input_t(struct mbuf *m, ...);
+int ipip_allow = 0;
percpu_t *ipipstat_percpu;
-#ifdef SYSCTL_DECL
-SYSCTL_DECL(_net_inet_ipip);
-
-SYSCTL_INT(_net_inet_ipip, OID_AUTO,
- ipip_allow, CTLFLAG_RW, _allow, 0, "");
-SYSCTL_STRUCT(_net_inet_ipip, IPSECCTL_STATS,
- stats, CTLFLAG_RD, , ipipstat, "");
-
-#endif
-
void ipe4_attach(void);
-
-/* XXX IPCOMP */
-#define M_IPSEC (M_AUTHIPHDR|M_AUTHIPDGM|M_DECRYPTED)
-
static void _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp);
#ifdef INET6
-/*
- * Really only a wrapper for ipip_input(), for use with IPv6.
- */
int
ip4_input6(struct mbuf **m, int *offp, int proto, void *eparg __unused)
{
-#if 0
- /* If we do not accept IP-in-IP explicitly, drop. */
- if (!ipip_allow && ((*m)->m_flags & M_IPSEC) == 0) {
- DPRINTF(("%s: dropped due to policy\n", __func__));
- IPIP_STATINC(IPIP_STAT_PDROPS);
- m_freem(*m);
- return IPPROTO_DONE;
- }
-#endif
_ipip_input(*m, *offp, NULL);
return IPPROTO_DONE;
}
-#endif /* INET6 */
+#endif
#ifdef INET
-/*
- * Really only a wrapper for ipip_input(), for use with IPv4.
- */
void
ip4_input(struct mbuf *m, int off, int proto, void *eparg __unused)
{
-
-#if 0
- /* If we do not accept IP-in-IP explicitly, drop. */
- if (!ipip_allow && (m->m_flags & M_IPSEC) == 0) {
- DPRINTF(("%s: dropped due to policy\n", __func__));
- IPIP_STATINC(IPIP_STAT_PDROPS);
- m_freem(m);
- return;
- }
-#endif
-
_ipip_input(m, off, NULL);
}
-#endif /* INET */
+#endif
/*
* ipip_input gets called when we receive an IP{46} encapsulated packet,
* either because we got it at a real interface, or because AH or ESP
* were being used in tunnel mode (in which case the rcvif element will
- * contain the address of the encX interface associated with the tunnel.
+ * contain the address of the encX interface associated with the tunnel).
*/
-
static void
_ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
{
@@ -192,7 +149,7 @@ _ipip_input(struct mbuf *m, int iphlen,
case 4:
hlen = sizeof(struct ip);
break;
-#endif /* INET */
+#endif
#ifdef INET6
case 6:
hlen = sizeof(struct ip6_hdr);
@@ -203,7 +160,7 @@ _ipip_input(struct mbuf *m, int iphlen,
"for outer header\n", __func__, v, v>>4));
IPIP_STATINC(IPIP_STAT_FAMILY);
m_freem(m);
- return /* EAFNOSUPPORT */;
+ return;
}
/* Bring the IP header in the first mbuf, if not there already */
@@ -218,13 +175,14 @@ _ipip_input(struct mbuf *m, int iphlen,
ipo = mtod(m, struct ip *);
#ifdef MROUTING
+ /* XXX: DEAD AND BROKEN! */
if (ipo->ip_v == IPVERSION && ipo->ip_p == IPPROTO_IPV4) {
- if (IN_MULTICAST(((struct ip *)((char *) ipo + iphlen))->ip_dst.s_addr)) {
- ipip_mroute_input (m, iphlen);
+ if (IN_MULTICAST(((struct ip *)((char *)ipo + iphlen))->ip_dst.s_addr)) {
+ ipip_mroute_input(m, iphlen);
return;
}
}
-#endif /* MROUTING */
+#endif
/* Keep outer ecn field. */
switch (v >> 4) {
@@ -232,7 +190,7 @@ _ipip_input(struct mbuf *m, int iphlen,
case 4:
otos = ipo->ip_tos;
break;
-#endif /* INET */
+#endif
#ifdef INET6
case 6:
otos = (ntohl(mtod(m, struct ip6_hdr *)->ip6_flow) >> 20) & 0xff;
@@ -259,8 +217,7 @@ _ipip_input(struct mbuf *m, int iphlen,
case 4:
hlen = sizeof(struct ip);
break;
-#endif /* INET */
-
+#endif
#ifdef INET6
case 6:
hlen = sizeof(struct ip6_hdr);
@@ -271,7 +228,7 @@ _ipip_input(struct
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Thu Feb 15 10:04:43 UTC 2018 Modified Files: src/sys/netipsec: xform_ipip.c Log Message: Style and remove dead code. To generate a diff of this commit: cvs rdiff -u -r1.58 -r1.59 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/netipsec
Module Name:src Committed By: ozaki-r Date: Thu Feb 15 09:23:47 UTC 2018 Modified Files: src/sys/netipsec: xform_ah.c Log Message: Fix buffer overflow on sending an IPv6 packet with large options If an IPv6 packet has large options, a necessary space for evacuation can exceed the expected size (ah_pool_item_size). Give up using the pool_cache if it happens. Pointed out by maxv@ To generate a diff of this commit: cvs rdiff -u -r1.83 -r1.84 src/sys/netipsec/xform_ah.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/netipsec
Module Name:src
Committed By: ozaki-r
Date: Thu Feb 15 09:23:47 UTC 2018
Modified Files:
src/sys/netipsec: xform_ah.c
Log Message:
Fix buffer overflow on sending an IPv6 packet with large options
If an IPv6 packet has large options, a necessary space for evacuation can
exceed the expected size (ah_pool_item_size). Give up using the pool_cache
if it happens.
Pointed out by maxv@
To generate a diff of this commit:
cvs rdiff -u -r1.83 -r1.84 src/sys/netipsec/xform_ah.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.83 src/sys/netipsec/xform_ah.c:1.84
--- src/sys/netipsec/xform_ah.c:1.83 Thu Feb 15 09:17:37 2018
+++ src/sys/netipsec/xform_ah.c Thu Feb 15 09:23:47 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.83 2018/02/15 09:17:37 ozaki-r Exp $ */
+/* $NetBSD: xform_ah.c,v 1.84 2018/02/15 09:23:47 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.83 2018/02/15 09:17:37 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.84 2018/02/15 09:23:47 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -1000,6 +1000,7 @@ ah_output(struct mbuf *m, const struct i
uint8_t prot;
struct newah *ah;
size_t ipoffs;
+ bool pool_used;
IPSEC_SPLASSERT_SOFTNET(__func__);
@@ -1130,7 +1131,16 @@ ah_output(struct mbuf *m, const struct i
crda->crd_klen = _KEYBITS(sav->key_auth);
/* Allocate IPsec-specific opaque crypto info. */
- tc = pool_cache_get(ah_tdb_crypto_pool_cache, PR_NOWAIT);
+ size_t size = sizeof(*tc) + skip;
+
+ if (__predict_true(size <= ah_pool_item_size)) {
+ tc = pool_cache_get(ah_tdb_crypto_pool_cache, PR_NOWAIT);
+ pool_used = true;
+ } else {
+ /* size can exceed on IPv6 packets with large options. */
+ tc = kmem_intr_zalloc(size, KM_NOSLEEP);
+ pool_used = false;
+ }
if (tc == NULL) {
DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
AH_STATINC(AH_STAT_CRYPTO);
@@ -1202,8 +1212,12 @@ ah_output(struct mbuf *m, const struct i
tc->tc_sav = sav;
return crypto_dispatch(crp);
+
bad_tc:
- pool_cache_put(ah_tdb_crypto_pool_cache, tc);
+ if (__predict_true(pool_used))
+ pool_cache_put(ah_tdb_crypto_pool_cache, tc);
+ else
+ kmem_intr_free(tc, size);
bad_crp:
crypto_freereq(crp);
bad:
@@ -1225,6 +1239,8 @@ ah_output_cb(struct cryptop *crp)
struct mbuf *m;
void *ptr;
int err;
+ size_t size;
+ bool pool_used;
IPSEC_DECLARE_LOCK_VARIABLE;
KASSERT(crp->crp_opaque != NULL);
@@ -1232,6 +1248,8 @@ ah_output_cb(struct cryptop *crp)
skip = tc->tc_skip;
ptr = (tc + 1);
m = crp->crp_buf;
+ size = sizeof(*tc) + skip;
+ pool_used = size <= ah_pool_item_size;
IPSEC_ACQUIRE_GLOBAL_LOCKS();
@@ -1263,7 +1281,10 @@ ah_output_cb(struct cryptop *crp)
m_copyback(m, 0, skip, ptr);
/* No longer needed. */
- pool_cache_put(ah_tdb_crypto_pool_cache, tc);
+ if (__predict_true(pool_used))
+ pool_cache_put(ah_tdb_crypto_pool_cache, tc);
+ else
+ kmem_intr_free(tc, size);
crypto_freereq(crp);
#ifdef IPSEC_DEBUG
@@ -1293,7 +1314,10 @@ bad:
IPSEC_RELEASE_GLOBAL_LOCKS();
if (m)
m_freem(m);
- pool_cache_put(ah_tdb_crypto_pool_cache, tc);
+ if (__predict_true(pool_used))
+ pool_cache_put(ah_tdb_crypto_pool_cache, tc);
+ else
+ kmem_intr_free(tc, size);
crypto_freereq(crp);
return error;
}
CVS commit: src/sys/netipsec
Module Name:src
Committed By: ozaki-r
Date: Thu Feb 15 09:17:37 UTC 2018
Modified Files:
src/sys/netipsec: xform_ah.c
Log Message:
Commonalize error paths (NFC)
To generate a diff of this commit:
cvs rdiff -u -r1.82 -r1.83 src/sys/netipsec/xform_ah.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.82 src/sys/netipsec/xform_ah.c:1.83
--- src/sys/netipsec/xform_ah.c:1.82 Thu Feb 15 08:38:00 2018
+++ src/sys/netipsec/xform_ah.c Thu Feb 15 09:17:37 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.82 2018/02/15 08:38:00 maxv Exp $ */
+/* $NetBSD: xform_ah.c,v 1.83 2018/02/15 09:17:37 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.82 2018/02/15 08:38:00 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.83 2018/02/15 09:17:37 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -1132,11 +1132,10 @@ ah_output(struct mbuf *m, const struct i
/* Allocate IPsec-specific opaque crypto info. */
tc = pool_cache_get(ah_tdb_crypto_pool_cache, PR_NOWAIT);
if (tc == NULL) {
- crypto_freereq(crp);
DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
AH_STATINC(AH_STAT_CRYPTO);
error = ENOBUFS;
- goto bad;
+ goto bad_crp;
}
uint8_t *pext = (char *)(tc + 1);
@@ -1164,9 +1163,7 @@ ah_output(struct mbuf *m, const struct i
skip, ahx->type, 1);
if (error != 0) {
m = NULL; /* mbuf was free'd by ah_massage_headers. */
- pool_cache_put(ah_tdb_crypto_pool_cache, tc);
- crypto_freereq(crp);
- goto bad;
+ goto bad_tc;
}
{
@@ -1178,11 +1175,9 @@ ah_output(struct mbuf *m, const struct i
if (__predict_false(isr->sp->state == IPSEC_SPSTATE_DEAD ||
sav->state == SADB_SASTATE_DEAD)) {
pserialize_read_exit(s);
- pool_cache_put(ah_tdb_crypto_pool_cache, tc);
- crypto_freereq(crp);
AH_STATINC(AH_STAT_NOTDB);
error = ENOENT;
- goto bad;
+ goto bad_tc;
}
KEY_SP_REF(isr->sp);
KEY_SA_REF(sav);
@@ -1207,6 +1202,10 @@ ah_output(struct mbuf *m, const struct i
tc->tc_sav = sav;
return crypto_dispatch(crp);
+bad_tc:
+ pool_cache_put(ah_tdb_crypto_pool_cache, tc);
+bad_crp:
+ crypto_freereq(crp);
bad:
if (m)
m_freem(m);
CVS commit: src/sys/netipsec
Module Name:src Committed By: ozaki-r Date: Thu Feb 15 09:17:37 UTC 2018 Modified Files: src/sys/netipsec: xform_ah.c Log Message: Commonalize error paths (NFC) To generate a diff of this commit: cvs rdiff -u -r1.82 -r1.83 src/sys/netipsec/xform_ah.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/netipsec
Module Name:src
Committed By: maxv
Date: Thu Feb 15 08:38:01 UTC 2018
Modified Files:
src/sys/netipsec: xform_ah.c
Log Message:
style
To generate a diff of this commit:
cvs rdiff -u -r1.81 -r1.82 src/sys/netipsec/xform_ah.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.81 src/sys/netipsec/xform_ah.c:1.82
--- src/sys/netipsec/xform_ah.c:1.81 Thu Feb 15 07:38:46 2018
+++ src/sys/netipsec/xform_ah.c Thu Feb 15 08:38:00 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.81 2018/02/15 07:38:46 maxv Exp $ */
+/* $NetBSD: xform_ah.c,v 1.82 2018/02/15 08:38:00 maxv Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.81 2018/02/15 07:38:46 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.82 2018/02/15 08:38:00 maxv Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -101,8 +101,8 @@ __KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v
percpu_t *ahstat_percpu;
-int ah_enable = 1; /* control flow of packets with AH */
-int ip4_ah_cleartos = 1; /* clear ip_tos when doing AH calc */
+int ah_enable = 1; /* control flow of packets with AH */
+int ip4_ah_cleartos = 1; /* clear ip_tos when doing AH calc */
#ifdef __FreeBSD__
SYSCTL_DECL(_net_inet_ah);
@@ -112,7 +112,6 @@ SYSCTL_INT(_net_inet_ah, OID_AUTO,
ah_cleartos, CTLFLAG_RW, _ah_cleartos, 0, "");
SYSCTL_STRUCT(_net_inet_ah, IPSECCTL_STATS,
stats, CTLFLAG_RD, , ahstat, "");
-
#endif /* __FreeBSD__ */
static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */
@@ -278,17 +277,15 @@ ah_massage_headers(struct mbuf **m0, int
struct mbuf *m = *m0;
unsigned char *ptr;
int off, count;
-
#ifdef INET
struct ip *ip;
-#endif /* INET */
-
+#endif
#ifdef INET6
struct ip6_ext *ip6e;
struct ip6_hdr ip6;
struct ip6_rthdr *rh;
int alloc, ad, nxt;
-#endif /* INET6 */
+#endif
switch (proto) {
#ifdef INET
@@ -429,7 +426,6 @@ ah_massage_headers(struct mbuf **m0, int
if (off > skip) {
DPRINTF(("%s: malformed IPv4 options header\n",
__func__));
-
m_freem(m);
return EINVAL;
}
@@ -945,7 +941,7 @@ ah_input_cb(struct cryptop *crp)
sizeof(seq), );
if (ipsec_updatereplay(ntohl(seq), sav)) {
AH_STATINC(AH_STAT_REPLAY);
- error = ENOBUFS; /*XXX as above*/
+ error = ENOBUFS; /* XXX as above */
goto bad;
}
}
@@ -968,6 +964,7 @@ ah_input_cb(struct cryptop *crp)
KEY_SA_UNREF();
IPSEC_RELEASE_GLOBAL_LOCKS();
return error;
+
bad:
if (sav)
KEY_SA_UNREF();
@@ -989,14 +986,8 @@ bad:
* AH output routine, called by ipsec[46]_process_packet().
*/
static int
-ah_output(
-struct mbuf *m,
-const struct ipsecrequest *isr,
-struct secasvar *sav,
-struct mbuf **mp,
-int skip,
-int protoff
-)
+ah_output(struct mbuf *m, const struct ipsecrequest *isr, struct secasvar *sav,
+struct mbuf **mp, int skip, int protoff)
{
char buf[IPSEC_ADDRSTRLEN];
const struct auth_hash *ahx;
@@ -1008,6 +999,7 @@ ah_output(
int error, rplen, authsize, maxpacketsize, roff;
uint8_t prot;
struct newah *ah;
+ size_t ipoffs;
IPSEC_SPLASSERT_SOFTNET(__func__);
@@ -1020,7 +1012,6 @@ ah_output(
/* Figure out header size. */
rplen = HDRSIZE(sav);
- size_t ipoffs;
/* Check for maximum packet size violations. */
switch (sav->sah->saidx.dst.sa.sa_family) {
#ifdef INET
@@ -1028,13 +1019,13 @@ ah_output(
maxpacketsize = IP_MAXPACKET;
ipoffs = offsetof(struct ip, ip_len);
break;
-#endif /* INET */
+#endif
#ifdef INET6
case AF_INET6:
maxpacketsize = IPV6_MAXPACKET;
ipoffs = offsetof(struct ip6_hdr, ip6_plen);
break;
-#endif /* INET6 */
+#endif
default:
DPRINTF(("%s: unknown/unsupported protocol "
"family %u, SA %s/%08lx\n", __func__,
@@ -1078,7 +1069,7 @@ ah_output(
rplen + authsize,
ipsec_address(>sah->saidx.dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi)));
- AH_STATINC(AH_STAT_HDROPS); /*XXX differs from openbsd */
+ AH_STATINC(AH_STAT_HDROPS);
error = ENOBUFS;
goto bad;
}
CVS commit: src/sys/netipsec
Module Name:src Committed By: maxv Date: Thu Feb 15 08:38:01 UTC 2018 Modified Files: src/sys/netipsec: xform_ah.c Log Message: style To generate a diff of this commit: cvs rdiff -u -r1.81 -r1.82 src/sys/netipsec/xform_ah.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 08:27:25 UTC 2018 Modified Files: src/doc [netbsd-8]: CHANGES-8.0 Log Message: Ticket #550 To generate a diff of this commit: cvs rdiff -u -r1.1.2.124 -r1.1.2.125 src/doc/CHANGES-8.0 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-8.0 diff -u src/doc/CHANGES-8.0:1.1.2.124 src/doc/CHANGES-8.0:1.1.2.125 --- src/doc/CHANGES-8.0:1.1.2.124 Thu Feb 15 07:59:23 2018 +++ src/doc/CHANGES-8.0 Thu Feb 15 08:27:24 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-8.0,v 1.1.2.124 2018/02/15 07:59:23 martin Exp $ +# $NetBSD: CHANGES-8.0,v 1.1.2.125 2018/02/15 08:27:24 martin Exp $ A complete list of changes from the initial NetBSD 8.0 branch on 2017-06-04 until the 8.0 release: @@ -9652,3 +9652,9 @@ sys/netipsec/xform_ah.c1.80-1.81 via Fix use-after-free and and add more consistency checks. [maxv, ticket #549] +sbin/fsck_ffs/pass1.c1.58 + + Treat an inode with "mode == 0" and "blocks != 0" as partially + allocated and clear it as ffs_newvnode() tests for "blocks == 0". + [hannken, ticket #550] +
CVS commit: [netbsd-8] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 08:27:25 UTC 2018 Modified Files: src/doc [netbsd-8]: CHANGES-8.0 Log Message: Ticket #550 To generate a diff of this commit: cvs rdiff -u -r1.1.2.124 -r1.1.2.125 src/doc/CHANGES-8.0 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sbin/fsck_ffs
Module Name:src
Committed By: martin
Date: Thu Feb 15 08:26:37 UTC 2018
Modified Files:
src/sbin/fsck_ffs [netbsd-8]: pass1.c
Log Message:
Pull up following revision(s) (requested by hannken in ticket #550):
sbin/fsck_ffs/pass1.c: revision 1.58
Treat an inode with "mode == 0" and "blocks != 0" as partially allocated
and clear it as ffs_newvnode() tests for "blocks == 0".
To generate a diff of this commit:
cvs rdiff -u -r1.57 -r1.57.4.1 src/sbin/fsck_ffs/pass1.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/fsck_ffs/pass1.c
diff -u src/sbin/fsck_ffs/pass1.c:1.57 src/sbin/fsck_ffs/pass1.c:1.57.4.1
--- src/sbin/fsck_ffs/pass1.c:1.57 Wed Feb 8 16:11:40 2017
+++ src/sbin/fsck_ffs/pass1.c Thu Feb 15 08:26:37 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: pass1.c,v 1.57 2017/02/08 16:11:40 rin Exp $ */
+/* $NetBSD: pass1.c,v 1.57.4.1 2018/02/15 08:26:37 martin Exp $ */
/*
* Copyright (c) 1980, 1986, 1993
@@ -34,7 +34,7 @@
#if 0
static char sccsid[] = "@(#)pass1.c 8.6 (Berkeley) 4/28/95";
#else
-__RCSID("$NetBSD: pass1.c,v 1.57 2017/02/08 16:11:40 rin Exp $");
+__RCSID("$NetBSD: pass1.c,v 1.57.4.1 2018/02/15 08:26:37 martin Exp $");
#endif
#endif /* not lint */
@@ -253,8 +253,9 @@ checkinode(ino_t inumber, struct inodesc
(memcmp(dp->dp1.di_db, ufs1_zino.di_db,
UFS_NDADDR * sizeof(int32_t)) ||
memcmp(dp->dp1.di_ib, ufs1_zino.di_ib,
- UFS_NIADDR * sizeof(int32_t ||
- mode || size) {
+ UFS_NIADDR * sizeof(int32_t
+ ||
+ mode || size || DIP(dp, blocks)) {
pfatal("PARTIALLY ALLOCATED INODE I=%llu",
(unsigned long long)inumber);
if (reply("CLEAR") == 1) {
CVS commit: [netbsd-8] src/sbin/fsck_ffs
Module Name:src Committed By: martin Date: Thu Feb 15 08:26:37 UTC 2018 Modified Files: src/sbin/fsck_ffs [netbsd-8]: pass1.c Log Message: Pull up following revision(s) (requested by hannken in ticket #550): sbin/fsck_ffs/pass1.c: revision 1.58 Treat an inode with "mode == 0" and "blocks != 0" as partially allocated and clear it as ffs_newvnode() tests for "blocks == 0". To generate a diff of this commit: cvs rdiff -u -r1.57 -r1.57.4.1 src/sbin/fsck_ffs/pass1.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6-0] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 08:12:02 UTC 2018 Modified Files: src/doc [netbsd-6-0]: CHANGES-6.0.7 Log Message: Ticket #1530 To generate a diff of this commit: cvs rdiff -u -r1.1.2.128 -r1.1.2.129 src/doc/CHANGES-6.0.7 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6-0] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 08:12:02 UTC 2018 Modified Files: src/doc [netbsd-6-0]: CHANGES-6.0.7 Log Message: Ticket #1530 To generate a diff of this commit: cvs rdiff -u -r1.1.2.128 -r1.1.2.129 src/doc/CHANGES-6.0.7 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.0.7 diff -u src/doc/CHANGES-6.0.7:1.1.2.128 src/doc/CHANGES-6.0.7:1.1.2.129 --- src/doc/CHANGES-6.0.7:1.1.2.128 Sat Feb 10 04:25:59 2018 +++ src/doc/CHANGES-6.0.7 Thu Feb 15 08:12:01 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.0.7,v 1.1.2.128 2018/02/10 04:25:59 snj Exp $ +# $NetBSD: CHANGES-6.0.7,v 1.1.2.129 2018/02/15 08:12:01 martin Exp $ A complete list of changes from the NetBSD 6.0.6 release to the NetBSD 6.0.7 release: @@ -15318,3 +15318,8 @@ sys/dist/pf/net/pf.c1.78 via patch Fix signedness bug in PF. PR/44059. [maxv, ticket #1527] +sys/netipsec/xform_ah.c1.80-1.81 via patch + + Fix use-after-free and and add more consistency checks. + [maxv, ticket #1530] +
CVS commit: [netbsd-6-0] src/sys/netipsec
Module Name:src Committed By: martin Date: Thu Feb 15 08:11:25 UTC 2018 Modified Files: src/sys/netipsec [netbsd-6-0]: xform_ah.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1530): sys/netipsec/xform_ah.c: revision 1.80-1.81 via patch Fix use-after-free, 'ah' may not be valid after m_makewritable and ah_massage_headers. Make sure the Authentication Header fits the mbuf chain, otherwise panic. To generate a diff of this commit: cvs rdiff -u -r1.37.6.1 -r1.37.6.2 src/sys/netipsec/xform_ah.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6-0] src/sys/netipsec
Module Name:src
Committed By: martin
Date: Thu Feb 15 08:11:25 UTC 2018
Modified Files:
src/sys/netipsec [netbsd-6-0]: xform_ah.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1530):
sys/netipsec/xform_ah.c: revision 1.80-1.81 via patch
Fix use-after-free, 'ah' may not be valid after m_makewritable and
ah_massage_headers.
Make sure the Authentication Header fits the mbuf chain, otherwise panic.
To generate a diff of this commit:
cvs rdiff -u -r1.37.6.1 -r1.37.6.2 src/sys/netipsec/xform_ah.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.37.6.1 src/sys/netipsec/xform_ah.c:1.37.6.2
--- src/sys/netipsec/xform_ah.c:1.37.6.1 Mon Jan 29 19:30:53 2018
+++ src/sys/netipsec/xform_ah.c Thu Feb 15 08:11:25 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.37.6.1 2018/01/29 19:30:53 martin Exp $ */
+/* $NetBSD: xform_ah.c,v 1.37.6.2 2018/02/15 08:11:25 martin Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.37.6.1 2018/01/29 19:30:53 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.37.6.2 2018/02/15 08:11:25 martin Exp $");
#include "opt_inet.h"
#ifdef __FreeBSD__
@@ -636,6 +636,7 @@ ah_input(struct mbuf *m, const struct se
struct m_tag *mtag;
struct newah *ah;
int hl, rplen, authsize, error;
+ uint8_t nxt;
struct cryptodesc *crda;
struct cryptop *crp;
@@ -660,6 +661,8 @@ ah_input(struct mbuf *m, const struct se
return ENOBUFS;
}
+ nxt = ah->ah_nxt;
+
/* Check replay window, if applicable. */
if (sav->replay && !ipsec_chkreplay(ntohl(ah->ah_seq), sav)) {
AH_STATINC(AH_STAT_REPLAY);
@@ -683,6 +686,18 @@ ah_input(struct mbuf *m, const struct se
m_freem(m);
return EACCES;
}
+ if (skip + authsize + rplen > m->m_pkthdr.len) {
+ char buf[IPSEC_ADDRSTRLEN];
+ DPRINTF(("%s: bad mbuf length %u (expecting >= %lu)"
+ " for packet in SA %s/%08lx\n", __func__,
+ m->m_pkthdr.len, (u_long)(skip + authsize + rplen),
+ ipsec_address(>sah->saidx.dst, buf, sizeof(buf)),
+ (u_long) ntohl(sav->spi)));
+ AH_STATINC(AH_STAT_BADAUTHL);
+ m_freem(m);
+ return EACCES;
+ }
+
AH_STATADD(AH_STAT_IBYTES, m->m_pkthdr.len - skip - hl);
/* Get crypto descriptors. */
@@ -780,7 +795,7 @@ ah_input(struct mbuf *m, const struct se
tc->tc_spi = sav->spi;
tc->tc_dst = sav->sah->saidx.dst;
tc->tc_proto = sav->sah->saidx.proto;
- tc->tc_nxt = ah->ah_nxt;
+ tc->tc_nxt = nxt;
tc->tc_protoff = protoff;
tc->tc_skip = skip;
tc->tc_ptr = mtag; /* Save the mtag we've identified. */
CVS commit: [netbsd-6-1] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 08:10:07 UTC 2018 Modified Files: src/doc [netbsd-6-1]: CHANGES-6.1.6 Log Message: Ticket #1530 To generate a diff of this commit: cvs rdiff -u -r1.1.2.125 -r1.1.2.126 src/doc/CHANGES-6.1.6 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6-1] src/doc
Module Name:src Committed By: martin Date: Thu Feb 15 08:10:07 UTC 2018 Modified Files: src/doc [netbsd-6-1]: CHANGES-6.1.6 Log Message: Ticket #1530 To generate a diff of this commit: cvs rdiff -u -r1.1.2.125 -r1.1.2.126 src/doc/CHANGES-6.1.6 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.1.6 diff -u src/doc/CHANGES-6.1.6:1.1.2.125 src/doc/CHANGES-6.1.6:1.1.2.126 --- src/doc/CHANGES-6.1.6:1.1.2.125 Sat Feb 10 04:26:15 2018 +++ src/doc/CHANGES-6.1.6 Thu Feb 15 08:10:07 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.1.6,v 1.1.2.125 2018/02/10 04:26:15 snj Exp $ +# $NetBSD: CHANGES-6.1.6,v 1.1.2.126 2018/02/15 08:10:07 martin Exp $ A complete list of changes from the NetBSD 6.1.5 release to the NetBSD 6.1.6 release: @@ -14991,3 +14991,8 @@ sys/dist/pf/net/pf.c1.78 via patch Fix signedness bug in PF. PR/44059. [maxv, ticket #1527] +sys/netipsec/xform_ah.c1.80-1.81 via patch + + Fix use-after-free and and add more consistency checks. + [maxv, ticket #1530] +
CVS commit: [netbsd-6-1] src/sys/netipsec
Module Name:src Committed By: martin Date: Thu Feb 15 08:09:30 UTC 2018 Modified Files: src/sys/netipsec [netbsd-6-1]: xform_ah.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1530): sys/netipsec/xform_ah.c: revision 1.80-1.81 via patch Fix use-after-free, 'ah' may not be valid after m_makewritable and ah_massage_headers. Make sure the Authentication Header fits the mbuf chain, otherwise panic. To generate a diff of this commit: cvs rdiff -u -r1.37.8.1 -r1.37.8.2 src/sys/netipsec/xform_ah.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6-1] src/sys/netipsec
Module Name:src
Committed By: martin
Date: Thu Feb 15 08:09:30 UTC 2018
Modified Files:
src/sys/netipsec [netbsd-6-1]: xform_ah.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1530):
sys/netipsec/xform_ah.c: revision 1.80-1.81 via patch
Fix use-after-free, 'ah' may not be valid after m_makewritable and
ah_massage_headers.
Make sure the Authentication Header fits the mbuf chain, otherwise panic.
To generate a diff of this commit:
cvs rdiff -u -r1.37.8.1 -r1.37.8.2 src/sys/netipsec/xform_ah.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.37.8.1 src/sys/netipsec/xform_ah.c:1.37.8.2
--- src/sys/netipsec/xform_ah.c:1.37.8.1 Mon Jan 29 19:29:00 2018
+++ src/sys/netipsec/xform_ah.c Thu Feb 15 08:09:30 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.37.8.1 2018/01/29 19:29:00 martin Exp $ */
+/* $NetBSD: xform_ah.c,v 1.37.8.2 2018/02/15 08:09:30 martin Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.37.8.1 2018/01/29 19:29:00 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.37.8.2 2018/02/15 08:09:30 martin Exp $");
#include "opt_inet.h"
#ifdef __FreeBSD__
@@ -636,6 +636,7 @@ ah_input(struct mbuf *m, const struct se
struct m_tag *mtag;
struct newah *ah;
int hl, rplen, authsize, error;
+ uint8_t nxt;
struct cryptodesc *crda;
struct cryptop *crp;
@@ -660,6 +661,8 @@ ah_input(struct mbuf *m, const struct se
return ENOBUFS;
}
+ nxt = ah->ah_nxt;
+
/* Check replay window, if applicable. */
if (sav->replay && !ipsec_chkreplay(ntohl(ah->ah_seq), sav)) {
AH_STATINC(AH_STAT_REPLAY);
@@ -683,6 +686,18 @@ ah_input(struct mbuf *m, const struct se
m_freem(m);
return EACCES;
}
+ if (skip + authsize + rplen > m->m_pkthdr.len) {
+ char buf[IPSEC_ADDRSTRLEN];
+ DPRINTF(("%s: bad mbuf length %u (expecting >= %lu)"
+ " for packet in SA %s/%08lx\n", __func__,
+ m->m_pkthdr.len, (u_long)(skip + authsize + rplen),
+ ipsec_address(>sah->saidx.dst, buf, sizeof(buf)),
+ (u_long) ntohl(sav->spi)));
+ AH_STATINC(AH_STAT_BADAUTHL);
+ m_freem(m);
+ return EACCES;
+ }
+
AH_STATADD(AH_STAT_IBYTES, m->m_pkthdr.len - skip - hl);
/* Get crypto descriptors. */
@@ -780,7 +795,7 @@ ah_input(struct mbuf *m, const struct se
tc->tc_spi = sav->spi;
tc->tc_dst = sav->sah->saidx.dst;
tc->tc_proto = sav->sah->saidx.proto;
- tc->tc_nxt = ah->ah_nxt;
+ tc->tc_nxt = nxt;
tc->tc_protoff = protoff;
tc->tc_skip = skip;
tc->tc_ptr = mtag; /* Save the mtag we've identified. */
