CVS commit: [netbsd-7] src/sys/netinet6

2018-04-01 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Sun Apr  1 09:12:43 UTC 2018

Modified Files:
src/sys/netinet6 [netbsd-7]: raw_ip6.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1591):

sys/netinet6/raw_ip6.c: revision 1.161

Fix use-after-free, the first m_copyback_cow may have freed the mbuf, so
it is wrong to read ip6->ip6_nxt.


To generate a diff of this commit:
cvs rdiff -u -r1.136.2.2 -r1.136.2.3 src/sys/netinet6/raw_ip6.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7] src/sys/netinet6

2018-04-01 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Sun Apr  1 09:12:43 UTC 2018

Modified Files:
src/sys/netinet6 [netbsd-7]: raw_ip6.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1591):

sys/netinet6/raw_ip6.c: revision 1.161

Fix use-after-free, the first m_copyback_cow may have freed the mbuf, so
it is wrong to read ip6->ip6_nxt.


To generate a diff of this commit:
cvs rdiff -u -r1.136.2.2 -r1.136.2.3 src/sys/netinet6/raw_ip6.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet6/raw_ip6.c
diff -u src/sys/netinet6/raw_ip6.c:1.136.2.2 src/sys/netinet6/raw_ip6.c:1.136.2.3
--- src/sys/netinet6/raw_ip6.c:1.136.2.2	Tue Jan 30 18:28:45 2018
+++ src/sys/netinet6/raw_ip6.c	Sun Apr  1 09:12:42 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: raw_ip6.c,v 1.136.2.2 2018/01/30 18:28:45 martin Exp $	*/
+/*	$NetBSD: raw_ip6.c,v 1.136.2.3 2018/04/01 09:12:42 martin Exp $	*/
 /*	$KAME: raw_ip6.c,v 1.82 2001/07/23 18:57:56 jinmei Exp $	*/
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.136.2.2 2018/01/30 18:28:45 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.136.2.3 2018/04/01 09:12:42 martin Exp $");
 
 #include "opt_ipsec.h"
 
@@ -476,6 +476,7 @@ rip6_output(struct mbuf *m, struct socke
 
 	if (so->so_proto->pr_protocol == IPPROTO_ICMPV6 ||
 	in6p->in6p_cksum != -1) {
+		const uint8_t nxt = ip6->ip6_nxt;
 		int off;
 		u_int16_t sum;
 
@@ -497,7 +498,7 @@ rip6_output(struct mbuf *m, struct socke
 			error = ENOBUFS;
 			goto bad;
 		}
-		sum = in6_cksum(m, ip6->ip6_nxt, sizeof(*ip6), plen);
+		sum = in6_cksum(m, nxt, sizeof(*ip6), plen);
 		m = m_copyback_cow(m, off, sizeof(sum), (void *),
 		M_DONTWAIT);
 		if (m == NULL) {



CVS commit: [netbsd-7] src/sys/netinet6

2018-04-01 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Sun Apr  1 09:09:04 UTC 2018

Modified Files:
src/sys/netinet6 [netbsd-7]: ip6_forward.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1590):

sys/netinet6/ip6_forward.c: revision 1.91 (via patch)

Fix two pretty bad mistakes. If ipsec6_check_policy fails m is not freed,
and a 'goto out' is missing after ipsec6_process_packet.


To generate a diff of this commit:
cvs rdiff -u -r1.73.2.2 -r1.73.2.3 src/sys/netinet6/ip6_forward.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7] src/sys/netinet6

2018-04-01 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Sun Apr  1 09:09:04 UTC 2018

Modified Files:
src/sys/netinet6 [netbsd-7]: ip6_forward.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1590):

sys/netinet6/ip6_forward.c: revision 1.91 (via patch)

Fix two pretty bad mistakes. If ipsec6_check_policy fails m is not freed,
and a 'goto out' is missing after ipsec6_process_packet.


To generate a diff of this commit:
cvs rdiff -u -r1.73.2.2 -r1.73.2.3 src/sys/netinet6/ip6_forward.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet6/ip6_forward.c
diff -u src/sys/netinet6/ip6_forward.c:1.73.2.2 src/sys/netinet6/ip6_forward.c:1.73.2.3
--- src/sys/netinet6/ip6_forward.c:1.73.2.2	Mon Feb 12 18:37:51 2018
+++ src/sys/netinet6/ip6_forward.c	Sun Apr  1 09:09:04 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_forward.c,v 1.73.2.2 2018/02/12 18:37:51 snj Exp $	*/
+/*	$NetBSD: ip6_forward.c,v 1.73.2.3 2018/04/01 09:09:04 martin Exp $	*/
 /*	$KAME: ip6_forward.c,v 1.109 2002/09/11 08:10:17 sakane Exp $	*/
 
 /*
@@ -31,7 +31,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.73.2.2 2018/02/12 18:37:51 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.73.2.3 2018/04/01 09:09:04 martin Exp $");
 
 #include "opt_gateway.h"
 #include "opt_ipsec.h"
@@ -166,6 +166,7 @@ ip6_forward(struct mbuf *m, int srcrt)
 			 */
 			if (error == -EINVAL)
 error = 0;
+			m_freem(m);
 			goto freecopy;
 		}
 	}
@@ -264,8 +265,10 @@ ip6_forward(struct mbuf *m, int srcrt)
 		int s = splsoftnet();
 		error = ipsec6_process_packet(m, sp->req);
 		splx(s);
+		/* m is freed */
 		if (mcopy)
 			goto freecopy;
+		return;
 	}
 #endif   
 



CVS commit: [netbsd-7] src/sys/netinet6

2018-02-25 Thread Soren Jacobsen
Module Name:src
Committed By:   snj
Date:   Sun Feb 25 23:17:47 UTC 2018

Modified Files:
src/sys/netinet6 [netbsd-7]: ip6_input.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1572):
sys/netinet6/ip6_input.c: 1.188 via patch
Kick nested fragments.


To generate a diff of this commit:
cvs rdiff -u -r1.149.2.2 -r1.149.2.3 src/sys/netinet6/ip6_input.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet6/ip6_input.c
diff -u src/sys/netinet6/ip6_input.c:1.149.2.2 src/sys/netinet6/ip6_input.c:1.149.2.3
--- src/sys/netinet6/ip6_input.c:1.149.2.2	Tue Jan 30 18:28:45 2018
+++ src/sys/netinet6/ip6_input.c	Sun Feb 25 23:17:47 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_input.c,v 1.149.2.2 2018/01/30 18:28:45 martin Exp $	*/
+/*	$NetBSD: ip6_input.c,v 1.149.2.3 2018/02/25 23:17:47 snj Exp $	*/
 /*	$KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $	*/
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.149.2.2 2018/01/30 18:28:45 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.149.2.3 2018/02/25 23:17:47 snj Exp $");
 
 #include "opt_gateway.h"
 #include "opt_inet.h"
@@ -249,7 +249,7 @@ ip6_input(struct mbuf *m)
 	int hit, off = sizeof(struct ip6_hdr), nest;
 	u_int32_t plen;
 	u_int32_t rtalert = ~0;
-	int nxt, ours = 0, rh_present = 0;
+	int nxt, ours = 0, rh_present = 0, frg_present;
 	struct ifnet *deliverifp = NULL;
 	int srcrt = 0;
 	const struct rtentry *rt;
@@ -720,6 +720,7 @@ ip6_input(struct mbuf *m)
 	nest = 0;
 
 	rh_present = 0;
+	frg_present = 0;
 	while (nxt != IPPROTO_DONE) {
 		if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) {
 			IP6_STATINC(IP6_STAT_TOOMANYHDR);
@@ -744,6 +745,13 @@ ip6_input(struct mbuf *m)
 IP6_STATINC(IP6_STAT_BADOPTIONS);
 goto bad;
 			}
+		} else if (nxt == IPPROTO_FRAGMENT) {
+			if (frg_present++) {
+in6_ifstat_inc(m->m_pkthdr.rcvif,
+ifs6_in_hdrerr);
+IP6_STATINC(IP6_STAT_BADOPTIONS);
+goto bad;
+			}
 		}
 
 #ifdef IPSEC



CVS commit: [netbsd-7] src/sys/netinet6

2018-02-25 Thread Soren Jacobsen
Module Name:src
Committed By:   snj
Date:   Sun Feb 25 23:17:47 UTC 2018

Modified Files:
src/sys/netinet6 [netbsd-7]: ip6_input.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1572):
sys/netinet6/ip6_input.c: 1.188 via patch
Kick nested fragments.


To generate a diff of this commit:
cvs rdiff -u -r1.149.2.2 -r1.149.2.3 src/sys/netinet6/ip6_input.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7] src/sys/netinet6

2018-02-12 Thread Soren Jacobsen
Module Name:src
Committed By:   snj
Date:   Mon Feb 12 18:37:51 UTC 2018

Modified Files:
src/sys/netinet6 [netbsd-7]: ip6_forward.c

Log Message:
Pull up following revision(s) (requested by ozaki-r in ticket #1551):
sys/netinet6/ip6_forward.c: 1.89-1.90 via patch
Fix use-after-free of mbuf by ip6flow_create
This fixes recent failures of some ATF tests such as t_ipsec_tunnel_odd.
--
Fix use-after-free of mbuf by ip6flow_create (one more)


To generate a diff of this commit:
cvs rdiff -u -r1.73.2.1 -r1.73.2.2 src/sys/netinet6/ip6_forward.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet6/ip6_forward.c
diff -u src/sys/netinet6/ip6_forward.c:1.73.2.1 src/sys/netinet6/ip6_forward.c:1.73.2.2
--- src/sys/netinet6/ip6_forward.c:1.73.2.1	Sat Jan 17 12:10:54 2015
+++ src/sys/netinet6/ip6_forward.c	Mon Feb 12 18:37:51 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_forward.c,v 1.73.2.1 2015/01/17 12:10:54 martin Exp $	*/
+/*	$NetBSD: ip6_forward.c,v 1.73.2.2 2018/02/12 18:37:51 snj Exp $	*/
 /*	$KAME: ip6_forward.c,v 1.109 2002/09/11 08:10:17 sakane Exp $	*/
 
 /*
@@ -31,7 +31,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.73.2.1 2015/01/17 12:10:54 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.73.2.2 2018/02/12 18:37:51 snj Exp $");
 
 #include "opt_gateway.h"
 #include "opt_ipsec.h"
@@ -406,8 +406,8 @@ ip6_forward(struct mbuf *m, int srcrt)
 			IP6_STATINC(IP6_STAT_REDIRECTSENT);
 		else {
 #ifdef GATEWAY
-			if (m->m_flags & M_CANFASTFWD)
-ip6flow_create(_forward_rt, m);
+			if (mcopy->m_flags & M_CANFASTFWD)
+ip6flow_create(_forward_rt, mcopy);
 #endif
 			if (mcopy)
 goto freecopy;



CVS commit: [netbsd-7] src/sys/netinet6

2018-02-12 Thread Soren Jacobsen
Module Name:src
Committed By:   snj
Date:   Mon Feb 12 18:37:51 UTC 2018

Modified Files:
src/sys/netinet6 [netbsd-7]: ip6_forward.c

Log Message:
Pull up following revision(s) (requested by ozaki-r in ticket #1551):
sys/netinet6/ip6_forward.c: 1.89-1.90 via patch
Fix use-after-free of mbuf by ip6flow_create
This fixes recent failures of some ATF tests such as t_ipsec_tunnel_odd.
--
Fix use-after-free of mbuf by ip6flow_create (one more)


To generate a diff of this commit:
cvs rdiff -u -r1.73.2.1 -r1.73.2.2 src/sys/netinet6/ip6_forward.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7] src/sys/netinet6

2018-02-02 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Fri Feb  2 13:03:05 UTC 2018

Modified Files:
src/sys/netinet6 [netbsd-7]: nd6_nbr.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1562):
sys/netinet6/nd6_nbr.c: revision 1.145
Fix memory leak. Contrary to what the XXX indicates, this place is 100%
reachable remotely.


To generate a diff of this commit:
cvs rdiff -u -r1.100.2.2 -r1.100.2.3 src/sys/netinet6/nd6_nbr.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet6/nd6_nbr.c
diff -u src/sys/netinet6/nd6_nbr.c:1.100.2.2 src/sys/netinet6/nd6_nbr.c:1.100.2.3
--- src/sys/netinet6/nd6_nbr.c:1.100.2.2	Mon Apr  6 01:32:33 2015
+++ src/sys/netinet6/nd6_nbr.c	Fri Feb  2 13:03:05 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: nd6_nbr.c,v 1.100.2.2 2015/04/06 01:32:33 snj Exp $	*/
+/*	$NetBSD: nd6_nbr.c,v 1.100.2.3 2018/02/02 13:03:05 martin Exp $	*/
 /*	$KAME: nd6_nbr.c,v 1.61 2001/02/10 16:06:14 jinmei Exp $	*/
 
 /*
@@ -31,7 +31,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.100.2.2 2015/04/06 01:32:33 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.100.2.3 2018/02/02 13:03:05 martin Exp $");
 
 #include "opt_inet.h"
 #include "opt_ipsec.h"
@@ -590,7 +590,7 @@ nd6_na_input(struct mbuf *m, int off, in
 
 	taddr6 = nd_na->nd_na_target;
 	if (in6_setscope(, ifp, NULL))
-		return;		/* XXX: impossible */
+		goto bad;
 
 	if (IN6_IS_ADDR_MULTICAST()) {
 		nd6log((LOG_ERR,



CVS commit: [netbsd-7] src/sys/netinet6

2018-02-02 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Fri Feb  2 13:03:05 UTC 2018

Modified Files:
src/sys/netinet6 [netbsd-7]: nd6_nbr.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1562):
sys/netinet6/nd6_nbr.c: revision 1.145
Fix memory leak. Contrary to what the XXX indicates, this place is 100%
reachable remotely.


To generate a diff of this commit:
cvs rdiff -u -r1.100.2.2 -r1.100.2.3 src/sys/netinet6/nd6_nbr.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7] src/sys/netinet6

2018-02-02 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Fri Feb  2 10:58:44 UTC 2018

Modified Files:
src/sys/netinet6 [netbsd-7]: ip6_mroute.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1561):
sys/netinet6/ip6_mroute.c: revision 1.120
Fix a pretty simple, yet pretty tragic typo: we should return IPPROTO_DONE,
not IPPROTO_NONE. With IPPROTO_NONE we will keep parsing the header chain
on an mbuf that was already freed.


To generate a diff of this commit:
cvs rdiff -u -r1.107 -r1.107.2.1 src/sys/netinet6/ip6_mroute.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7] src/sys/netinet6

2018-02-02 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Fri Feb  2 10:58:44 UTC 2018

Modified Files:
src/sys/netinet6 [netbsd-7]: ip6_mroute.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1561):
sys/netinet6/ip6_mroute.c: revision 1.120
Fix a pretty simple, yet pretty tragic typo: we should return IPPROTO_DONE,
not IPPROTO_NONE. With IPPROTO_NONE we will keep parsing the header chain
on an mbuf that was already freed.


To generate a diff of this commit:
cvs rdiff -u -r1.107 -r1.107.2.1 src/sys/netinet6/ip6_mroute.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet6/ip6_mroute.c
diff -u src/sys/netinet6/ip6_mroute.c:1.107 src/sys/netinet6/ip6_mroute.c:1.107.2.1
--- src/sys/netinet6/ip6_mroute.c:1.107	Sat May 17 21:26:20 2014
+++ src/sys/netinet6/ip6_mroute.c	Fri Feb  2 10:58:44 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_mroute.c,v 1.107 2014/05/17 21:26:20 rmind Exp $	*/
+/*	$NetBSD: ip6_mroute.c,v 1.107.2.1 2018/02/02 10:58:44 martin Exp $	*/
 /*	$KAME: ip6_mroute.c,v 1.49 2001/07/25 09:21:18 jinmei Exp $	*/
 
 /*
@@ -117,7 +117,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ip6_mroute.c,v 1.107 2014/05/17 21:26:20 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_mroute.c,v 1.107.2.1 2018/02/02 10:58:44 martin Exp $");
 
 #include "opt_inet.h"
 #include "opt_mrouting.h"
@@ -1861,7 +1861,7 @@ pim6_input(struct mbuf **mp, int *offp, 
 			(eip6->ip6_vfc & IPV6_VERSION));
 #endif
 			m_freem(m);
-			return (IPPROTO_NONE);
+			return (IPPROTO_DONE);
 		}
 
 		/* verify the inner packet is destined to a mcast group */



CVS commit: [netbsd-7] src/sys/netinet6

2018-01-30 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Tue Jan 30 18:28:46 UTC 2018

Modified Files:
src/sys/netinet6 [netbsd-7]: frag6.c ip6_input.c ip6_var.h raw_ip6.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1560):
sys/netinet6/frag6.c: revision 1.65
sys/netinet6/ip6_input.c: revision 1.187
sys/netinet6/ip6_var.h: revision 1.78
sys/netinet6/raw_ip6.c: revision 1.160 (patch)
Fix a buffer overflow in ip6_get_prevhdr. Doing
mtod(m, char *) + len
is wrong, an option is allowed to be located in another mbuf of the chain.
If the offset of an option within the chain is bigger than the length of
the first mbuf in that chain, we are reading/writing one byte of packet-
controlled data beyond the end of the first mbuf.
The length of this first mbuf depends on the layout the network driver
chose. In the most difficult case, it will allocate a 2KB cluster, which
is bigger than the Ethernet MTU.
But there is at least one way of exploiting this case: by sending a
special combination of nested IPv6 fragments, the packet can control a
good bunch of 'len'. By luck, the memory pool containing clusters does not
embed the pool header in front of the items, so it is not straightforward
to predict what is located at 'mtod(m, char *) + len'.
However, by sending offending fragments in a loop, it is possible to
crash the kernel - at some point we will hit important data structures.
As far as I can tell, PF protects against this difficult case, because
it kicks nested fragments. NPF does not protect against this. IPF I don't
know.
Then there are the more easy cases, if the MTU is bigger than a cluster,
or if the network driver did not allocate a cluster, or perhaps if the
fragments are received via a tunnel; I haven't investigated these cases.
Change ip6_get_prevhdr so that it returns an offset in the chain, and
always use IP6_EXTHDR_GET to get a writable pointer. IP6_EXTHDR_GET
leaves M_PKTHDR untouched.
This place is still fragile.


To generate a diff of this commit:
cvs rdiff -u -r1.55 -r1.55.4.1 src/sys/netinet6/frag6.c
cvs rdiff -u -r1.149.2.1 -r1.149.2.2 src/sys/netinet6/ip6_input.c
cvs rdiff -u -r1.62.2.1 -r1.62.2.2 src/sys/netinet6/ip6_var.h
cvs rdiff -u -r1.136.2.1 -r1.136.2.2 src/sys/netinet6/raw_ip6.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7] src/sys/netinet6

2018-01-30 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Tue Jan 30 18:28:46 UTC 2018

Modified Files:
src/sys/netinet6 [netbsd-7]: frag6.c ip6_input.c ip6_var.h raw_ip6.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1560):
sys/netinet6/frag6.c: revision 1.65
sys/netinet6/ip6_input.c: revision 1.187
sys/netinet6/ip6_var.h: revision 1.78
sys/netinet6/raw_ip6.c: revision 1.160 (patch)
Fix a buffer overflow in ip6_get_prevhdr. Doing
mtod(m, char *) + len
is wrong, an option is allowed to be located in another mbuf of the chain.
If the offset of an option within the chain is bigger than the length of
the first mbuf in that chain, we are reading/writing one byte of packet-
controlled data beyond the end of the first mbuf.
The length of this first mbuf depends on the layout the network driver
chose. In the most difficult case, it will allocate a 2KB cluster, which
is bigger than the Ethernet MTU.
But there is at least one way of exploiting this case: by sending a
special combination of nested IPv6 fragments, the packet can control a
good bunch of 'len'. By luck, the memory pool containing clusters does not
embed the pool header in front of the items, so it is not straightforward
to predict what is located at 'mtod(m, char *) + len'.
However, by sending offending fragments in a loop, it is possible to
crash the kernel - at some point we will hit important data structures.
As far as I can tell, PF protects against this difficult case, because
it kicks nested fragments. NPF does not protect against this. IPF I don't
know.
Then there are the more easy cases, if the MTU is bigger than a cluster,
or if the network driver did not allocate a cluster, or perhaps if the
fragments are received via a tunnel; I haven't investigated these cases.
Change ip6_get_prevhdr so that it returns an offset in the chain, and
always use IP6_EXTHDR_GET to get a writable pointer. IP6_EXTHDR_GET
leaves M_PKTHDR untouched.
This place is still fragile.


To generate a diff of this commit:
cvs rdiff -u -r1.55 -r1.55.4.1 src/sys/netinet6/frag6.c
cvs rdiff -u -r1.149.2.1 -r1.149.2.2 src/sys/netinet6/ip6_input.c
cvs rdiff -u -r1.62.2.1 -r1.62.2.2 src/sys/netinet6/ip6_var.h
cvs rdiff -u -r1.136.2.1 -r1.136.2.2 src/sys/netinet6/raw_ip6.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet6/frag6.c
diff -u src/sys/netinet6/frag6.c:1.55 src/sys/netinet6/frag6.c:1.55.4.1
--- src/sys/netinet6/frag6.c:1.55	Fri Aug 30 07:42:08 2013
+++ src/sys/netinet6/frag6.c	Tue Jan 30 18:28:45 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: frag6.c,v 1.55 2013/08/30 07:42:08 christos Exp $	*/
+/*	$NetBSD: frag6.c,v 1.55.4.1 2018/01/30 18:28:45 martin Exp $	*/
 /*	$KAME: frag6.c,v 1.40 2002/05/27 21:40:31 itojun Exp $	*/
 
 /*
@@ -31,7 +31,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: frag6.c,v 1.55 2013/08/30 07:42:08 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: frag6.c,v 1.55.4.1 2018/01/30 18:28:45 martin Exp $");
 
 #include 
 #include 
@@ -441,14 +441,6 @@ insert:
 		m_cat(m, t);
 	}
 
-	/*
-	 * Store NXT to the original.
-	 */
-	{
-		u_int8_t *prvnxtp = ip6_get_prevhdr(m, offset); /* XXX */
-		*prvnxtp = nxt;
-	}
-
 	frag6_remque(q6);
 	frag6_nfrags -= q6->ip6q_nfrag;
 	kmem_intr_free(q6, sizeof(struct ip6q));
@@ -456,11 +448,30 @@ insert:
 
 	if (m->m_flags & M_PKTHDR) { /* Isn't it always true? */
 		int plen = 0;
-		for (t = m; t; t = t->m_next)
+		for (t = m; t; t = t->m_next) {
+			/*
+			 * XXX XXX Why don't we remove M_PKTHDR?
+			 */
 			plen += t->m_len;
+		}
 		m->m_pkthdr.len = plen;
 	}
 
+	/*
+	 * Restore NXT to the original.
+	 */
+	{
+		const int prvnxt = ip6_get_prevhdr(m, offset);
+		uint8_t *prvnxtp;
+
+		IP6_EXTHDR_GET(prvnxtp, uint8_t *, m, prvnxt,
+		sizeof(*prvnxtp));
+		if (prvnxtp == NULL) {
+			goto dropfrag;
+		}
+		*prvnxtp = nxt;
+	}
+
 	IP6_STATINC(IP6_STAT_REASSEMBLED);
 	in6_ifstat_inc(dstifp, ifs6_reass_ok);
 

Index: src/sys/netinet6/ip6_input.c
diff -u src/sys/netinet6/ip6_input.c:1.149.2.1 src/sys/netinet6/ip6_input.c:1.149.2.2
--- src/sys/netinet6/ip6_input.c:1.149.2.1	Fri Jan 23 09:27:15 2015
+++ src/sys/netinet6/ip6_input.c	Tue Jan 30 18:28:45 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_input.c,v 1.149.2.1 2015/01/23 09:27:15 martin Exp $	*/
+/*	$NetBSD: ip6_input.c,v 1.149.2.2 2018/01/30 18:28:45 martin Exp $	*/
 /*	$KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $	*/
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.149.2.1 2015/01/23 09:27:15 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.149.2.2 2018/01/30 18:28:45 martin Exp $");
 
 #include "opt_gateway.h"
 #include "opt_inet.h"
@@ -1384,50 +1384,44 @@ ip6_pullexthdr(struct mbuf *m, size_t of
 }
 
 /*
- * Get pointer to the previous header followed by the header
+ * Get offset to the previous header followed by the header
  * currently 

CVS commit: [netbsd-7] src/sys/netinet6

2016-09-28 Thread Manuel Bouyer
Module Name:src
Committed By:   bouyer
Date:   Wed Sep 28 20:24:06 UTC 2016

Modified Files:
src/sys/netinet6 [netbsd-7]: in6_pcb.c raw_ip6.c

Log Message:
Pull up following revision(s) (requested by roy in ticket #1243):
sys/netinet6/raw_ip6.c: revision 1.150 via patch
sys/netinet6/in6_pcb.c: revision 1.149 via patch
Allow explicit binding to detached addresss.
Fixes PR kern/51435.


To generate a diff of this commit:
cvs rdiff -u -r1.128.2.2 -r1.128.2.3 src/sys/netinet6/in6_pcb.c
cvs rdiff -u -r1.136 -r1.136.2.1 src/sys/netinet6/raw_ip6.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7] src/sys/netinet6

2016-09-28 Thread Manuel Bouyer
Module Name:src
Committed By:   bouyer
Date:   Wed Sep 28 20:24:06 UTC 2016

Modified Files:
src/sys/netinet6 [netbsd-7]: in6_pcb.c raw_ip6.c

Log Message:
Pull up following revision(s) (requested by roy in ticket #1243):
sys/netinet6/raw_ip6.c: revision 1.150 via patch
sys/netinet6/in6_pcb.c: revision 1.149 via patch
Allow explicit binding to detached addresss.
Fixes PR kern/51435.


To generate a diff of this commit:
cvs rdiff -u -r1.128.2.2 -r1.128.2.3 src/sys/netinet6/in6_pcb.c
cvs rdiff -u -r1.136 -r1.136.2.1 src/sys/netinet6/raw_ip6.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet6/in6_pcb.c
diff -u src/sys/netinet6/in6_pcb.c:1.128.2.2 src/sys/netinet6/in6_pcb.c:1.128.2.3
--- src/sys/netinet6/in6_pcb.c:1.128.2.2	Sat Jan 17 12:10:54 2015
+++ src/sys/netinet6/in6_pcb.c	Wed Sep 28 20:24:06 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: in6_pcb.c,v 1.128.2.2 2015/01/17 12:10:54 martin Exp $	*/
+/*	$NetBSD: in6_pcb.c,v 1.128.2.3 2016/09/28 20:24:06 bouyer Exp $	*/
 /*	$KAME: in6_pcb.c,v 1.84 2001/02/08 18:02:08 itojun Exp $	*/
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v 1.128.2.2 2015/01/17 12:10:54 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v 1.128.2.3 2016/09/28 20:24:06 bouyer Exp $");
 
 #include "opt_inet.h"
 #include "opt_ipsec.h"
@@ -253,7 +253,7 @@ in6_pcbbind_addr(struct in6pcb *in6p, st
 		 */
 		if (ia &&
 		((struct in6_ifaddr *)ia)->ia6_flags &
-		(IN6_IFF_ANYCAST|IN6_IFF_NOTREADY|IN6_IFF_DETACHED))
+		(IN6_IFF_ANYCAST|IN6_IFF_NOTREADY))
 			return (EADDRNOTAVAIL);
 	}
 

Index: src/sys/netinet6/raw_ip6.c
diff -u src/sys/netinet6/raw_ip6.c:1.136 src/sys/netinet6/raw_ip6.c:1.136.2.1
--- src/sys/netinet6/raw_ip6.c:1.136	Sat Aug  9 05:33:01 2014
+++ src/sys/netinet6/raw_ip6.c	Wed Sep 28 20:24:06 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: raw_ip6.c,v 1.136 2014/08/09 05:33:01 rtr Exp $	*/
+/*	$NetBSD: raw_ip6.c,v 1.136.2.1 2016/09/28 20:24:06 bouyer Exp $	*/
 /*	$KAME: raw_ip6.c,v 1.82 2001/07/23 18:57:56 jinmei Exp $	*/
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.136 2014/08/09 05:33:01 rtr Exp $");
+__KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.136.2.1 2016/09/28 20:24:06 bouyer Exp $");
 
 #include "opt_ipsec.h"
 
@@ -683,8 +683,7 @@ rip6_bind(struct socket *so, struct mbuf
 	(ia = ifa_ifwithaddr((struct sockaddr *)addr)) == 0)
 		return EADDRNOTAVAIL;
 	if (ia && ((struct in6_ifaddr *)ia)->ia6_flags &
-	(IN6_IFF_ANYCAST|IN6_IFF_NOTREADY|
-	 IN6_IFF_DETACHED|IN6_IFF_DEPRECATED))
+	(IN6_IFF_ANYCAST|IN6_IFF_NOTREADY))
 		return EADDRNOTAVAIL;
 	in6p->in6p_laddr = addr->sin6_addr;
 	return 0;



CVS commit: [netbsd-7] src/sys/netinet6

2015-11-18 Thread SAITOH Masanobu
Module Name:src
Committed By:   msaitoh
Date:   Wed Nov 18 08:33:08 UTC 2015

Modified Files:
src/sys/netinet6 [netbsd-7]: mld6.c

Log Message:
Pull up following revision(s) (requested by joerg in ticket #1035):
sys/netinet6/mld6.c: revision 1.64
Ensure that the callout of the multicast address is valid before
hooking it up.


To generate a diff of this commit:
cvs rdiff -u -r1.59.2.2 -r1.59.2.3 src/sys/netinet6/mld6.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet6/mld6.c
diff -u src/sys/netinet6/mld6.c:1.59.2.2 src/sys/netinet6/mld6.c:1.59.2.3
--- src/sys/netinet6/mld6.c:1.59.2.2	Fri Jan 23 09:27:15 2015
+++ src/sys/netinet6/mld6.c	Wed Nov 18 08:33:08 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: mld6.c,v 1.59.2.2 2015/01/23 09:27:15 martin Exp $	*/
+/*	$NetBSD: mld6.c,v 1.59.2.3 2015/11/18 08:33:08 msaitoh Exp $	*/
 /*	$KAME: mld6.c,v 1.25 2001/01/16 14:14:18 itojun Exp $	*/
 
 /*
@@ -102,7 +102,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: mld6.c,v 1.59.2.2 2015/01/23 09:27:15 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: mld6.c,v 1.59.2.3 2015/11/18 08:33:08 msaitoh Exp $");
 
 #include "opt_inet.h"
 
@@ -656,8 +656,12 @@ in6_addmulti(struct in6_addr *maddr6, st
 		in6m->in6m_ifp = ifp;
 		in6m->in6m_refcount = 1;
 		in6m->in6m_timer = IN6M_TIMER_UNDEF;
+		callout_init(>in6m_timer_ch, CALLOUT_MPSAFE);
+		callout_setfunc(>in6m_timer_ch, mld_timeo, in6m);
+
 		IFP_TO_IA6(ifp, ia);
 		if (ia == NULL) {
+			callout_destroy(>in6m_timer_ch);
 			free(in6m, M_IPMADDR);
 			splx(s);
 			*errorp = EADDRNOTAVAIL; /* appropriate? */
@@ -674,6 +678,7 @@ in6_addmulti(struct in6_addr *maddr6, st
 		sockaddr_in6_init(, maddr6, 0, 0, 0);
 		*errorp = if_mcast_op(ifp, SIOCADDMULTI, sin6tosa());
 		if (*errorp) {
+			callout_destroy(>in6m_timer_ch);
 			LIST_REMOVE(in6m, in6m_entry);
 			free(in6m, M_IPMADDR);
 			IFAFREE(>ia_ifa);
@@ -681,8 +686,6 @@ in6_addmulti(struct in6_addr *maddr6, st
 			return (NULL);
 		}
 
-		callout_init(>in6m_timer_ch, CALLOUT_MPSAFE);
-		callout_setfunc(>in6m_timer_ch, mld_timeo, in6m);
 		in6m->in6m_timer = timer;
 		if (in6m->in6m_timer > 0) {
 			in6m->in6m_state = MLD_REPORTPENDING;



CVS commit: [netbsd-7] src/sys/netinet6

2015-11-18 Thread SAITOH Masanobu
Module Name:src
Committed By:   msaitoh
Date:   Wed Nov 18 08:33:08 UTC 2015

Modified Files:
src/sys/netinet6 [netbsd-7]: mld6.c

Log Message:
Pull up following revision(s) (requested by joerg in ticket #1035):
sys/netinet6/mld6.c: revision 1.64
Ensure that the callout of the multicast address is valid before
hooking it up.


To generate a diff of this commit:
cvs rdiff -u -r1.59.2.2 -r1.59.2.3 src/sys/netinet6/mld6.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7] src/sys/netinet6

2015-11-05 Thread Jeff Rizzo
Module Name:src
Committed By:   riz
Date:   Thu Nov  5 20:36:03 UTC 2015

Modified Files:
src/sys/netinet6 [netbsd-7]: icmp6.c

Log Message:
Pull up following revision(s) (requested by ozaki-r in ticket #982):
sys/netinet6/icmp6.c: revision 1.177
Update icmp6_redirect_timeout_q when changing net.inet6.icmp6.redirtimeout
We have to update icmp6_redirect_timeout_q as well as icmp6_redirtimeout
when changing net.inet6.icmp6.redirtimeout via sysctl. The updating logic
is copied from sysctl_net_inet_icmp_redirtimeout.
This change is from s-yamaguchi@IIJ (with KNF by ozaki-r) and fixes
PR kern/50240.


To generate a diff of this commit:
cvs rdiff -u -r1.169 -r1.169.2.1 src/sys/netinet6/icmp6.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet6/icmp6.c
diff -u src/sys/netinet6/icmp6.c:1.169 src/sys/netinet6/icmp6.c:1.169.2.1
--- src/sys/netinet6/icmp6.c:1.169	Fri Jun  6 01:02:47 2014
+++ src/sys/netinet6/icmp6.c	Thu Nov  5 20:36:03 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: icmp6.c,v 1.169 2014/06/06 01:02:47 rmind Exp $	*/
+/*	$NetBSD: icmp6.c,v 1.169.2.1 2015/11/05 20:36:03 riz Exp $	*/
 /*	$KAME: icmp6.c,v 1.217 2001/06/20 15:03:29 jinmei Exp $	*/
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.169 2014/06/06 01:02:47 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.169.2.1 2015/11/05 20:36:03 riz Exp $");
 
 #include "opt_inet.h"
 #include "opt_ipsec.h"
@@ -2756,6 +2756,38 @@ sysctl_net_inet6_icmp6_stats(SYSCTLFN_AR
 	return (NETSTAT_SYSCTL(icmp6stat_percpu, ICMP6_NSTATS));
 }
 
+static int
+sysctl_net_inet6_icmp6_redirtimeout(SYSCTLFN_ARGS)
+{
+	int error, tmp;
+	struct sysctlnode node;
+
+	node = *rnode;
+	node.sysctl_data = 
+	tmp = icmp6_redirtimeout;
+	error = sysctl_lookup(SYSCTLFN_CALL());
+	if (error || newp == NULL)
+		return error;
+	if (tmp < 0)
+		return EINVAL;
+	icmp6_redirtimeout = tmp;
+
+	if (icmp6_redirect_timeout_q != NULL) {
+		if (icmp6_redirtimeout == 0) {
+			rt_timer_queue_destroy(icmp6_redirect_timeout_q,
+			true);
+		} else {
+			rt_timer_queue_change(icmp6_redirect_timeout_q,
+			icmp6_redirtimeout);
+		}
+	} else if (icmp6_redirtimeout > 0) {
+		icmp6_redirect_timeout_q =
+		rt_timer_queue_create(icmp6_redirtimeout);
+	}
+
+	return 0;
+}
+
 static void
 sysctl_net_inet6_icmp6_setup(struct sysctllog **clog)
 {
@@ -2791,7 +2823,8 @@ sysctl_net_inet6_icmp6_setup(struct sysc
 		   CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 		   CTLTYPE_INT, "redirtimeout",
 		   SYSCTL_DESCR("Redirect generated route lifetime"),
-		   NULL, 0, _redirtimeout, 0,
+		   sysctl_net_inet6_icmp6_redirtimeout, 0,
+		   _redirtimeout, 0,
 		   CTL_NET, PF_INET6, IPPROTO_ICMPV6,
 		   ICMPV6CTL_REDIRTIMEOUT, CTL_EOL);
 #if 0 /* obsoleted */



CVS commit: [netbsd-7] src/sys/netinet6

2015-11-05 Thread Jeff Rizzo
Module Name:src
Committed By:   riz
Date:   Thu Nov  5 20:36:03 UTC 2015

Modified Files:
src/sys/netinet6 [netbsd-7]: icmp6.c

Log Message:
Pull up following revision(s) (requested by ozaki-r in ticket #982):
sys/netinet6/icmp6.c: revision 1.177
Update icmp6_redirect_timeout_q when changing net.inet6.icmp6.redirtimeout
We have to update icmp6_redirect_timeout_q as well as icmp6_redirtimeout
when changing net.inet6.icmp6.redirtimeout via sysctl. The updating logic
is copied from sysctl_net_inet_icmp_redirtimeout.
This change is from s-yamaguchi@IIJ (with KNF by ozaki-r) and fixes
PR kern/50240.


To generate a diff of this commit:
cvs rdiff -u -r1.169 -r1.169.2.1 src/sys/netinet6/icmp6.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7] src/sys/netinet6

2015-05-14 Thread Soren Jacobsen
Module Name:src
Committed By:   snj
Date:   Fri May 15 03:58:06 UTC 2015

Modified Files:
src/sys/netinet6 [netbsd-7]: scope6.c

Log Message:
Pull up following revision(s) (requested by joerg in ticket #770):
sys/netinet6/scope6.c: revision 1.10
Drop impossible check.


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.9.2.1 src/sys/netinet6/scope6.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet6/scope6.c
diff -u src/sys/netinet6/scope6.c:1.9 src/sys/netinet6/scope6.c:1.9.2.1
--- src/sys/netinet6/scope6.c:1.9	Sat May 17 21:26:20 2014
+++ src/sys/netinet6/scope6.c	Fri May 15 03:58:06 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: scope6.c,v 1.9 2014/05/17 21:26:20 rmind Exp $	*/
+/*	$NetBSD: scope6.c,v 1.9.2.1 2015/05/15 03:58:06 snj Exp $	*/
 /*	$KAME$	*/
 
 /*-
@@ -31,7 +31,7 @@
  */
 
 #include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: scope6.c,v 1.9 2014/05/17 21:26:20 rmind Exp $);
+__KERNEL_RCSID(0, $NetBSD: scope6.c,v 1.9.2.1 2015/05/15 03:58:06 snj Exp $);
 
 #include sys/param.h
 #include sys/malloc.h
@@ -411,9 +411,6 @@ in6_setscope(struct in6_addr *in6, const
 
 	scope = in6_addrscope(in6);
 
-	if (!sid-s6id_list)
-		return 0;
-
 	switch (scope) {
 	case IPV6_ADDR_SCOPE_INTFACELOCAL: /* should be interface index */
 		zoneid = sid-s6id_list[IPV6_ADDR_SCOPE_INTFACELOCAL];



CVS commit: [netbsd-7] src/sys/netinet6

2015-05-14 Thread Soren Jacobsen
Module Name:src
Committed By:   snj
Date:   Fri May 15 03:58:06 UTC 2015

Modified Files:
src/sys/netinet6 [netbsd-7]: scope6.c

Log Message:
Pull up following revision(s) (requested by joerg in ticket #770):
sys/netinet6/scope6.c: revision 1.10
Drop impossible check.


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.9.2.1 src/sys/netinet6/scope6.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7] src/sys/netinet6

2015-05-02 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Sat May  2 18:23:26 UTC 2015

Modified Files:
src/sys/netinet6 [netbsd-7]: nd6_rtr.c

Log Message:
Pull up following revision(s) (requested by roy in ticket #731):
sys/netinet6/nd6_rtr.c: revision 1.99
Mitigate Local Denial of Service with IPv6 Router Advertisements and
log attack attempts.
Fixes CVE-2015-2923, taken from FreeBSD.


To generate a diff of this commit:
cvs rdiff -u -r1.93.2.2 -r1.93.2.3 src/sys/netinet6/nd6_rtr.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet6/nd6_rtr.c
diff -u src/sys/netinet6/nd6_rtr.c:1.93.2.2 src/sys/netinet6/nd6_rtr.c:1.93.2.3
--- src/sys/netinet6/nd6_rtr.c:1.93.2.2	Mon Apr  6 01:32:33 2015
+++ src/sys/netinet6/nd6_rtr.c	Sat May  2 18:23:25 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: nd6_rtr.c,v 1.93.2.2 2015/04/06 01:32:33 snj Exp $	*/
+/*	$NetBSD: nd6_rtr.c,v 1.93.2.3 2015/05/02 18:23:25 martin Exp $	*/
 /*	$KAME: nd6_rtr.c,v 1.95 2001/02/07 08:09:47 itojun Exp $	*/
 
 /*
@@ -31,7 +31,7 @@
  */
 
 #include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: nd6_rtr.c,v 1.93.2.2 2015/04/06 01:32:33 snj Exp $);
+__KERNEL_RCSID(0, $NetBSD: nd6_rtr.c,v 1.93.2.3 2015/05/02 18:23:25 martin Exp $);
 
 #include sys/param.h
 #include sys/systm.h
@@ -272,8 +272,15 @@ nd6_ra_input(struct mbuf *m, int off, in
 	}
 	if (nd_ra-nd_ra_retransmit)
 		ndi-retrans = ntohl(nd_ra-nd_ra_retransmit);
-	if (nd_ra-nd_ra_curhoplimit)
-		ndi-chlim = nd_ra-nd_ra_curhoplimit;
+	if (nd_ra-nd_ra_curhoplimit) {
+		if (ndi-chlim  nd_ra-nd_ra_curhoplimit)
+			ndi-chlim = nd_ra-nd_ra_curhoplimit;
+		else if (ndi-chlim != nd_ra-nd_ra_curhoplimit)
+			log(LOG_ERR, nd_ra_input: lower CurHopLimit sent from 
+			   %s on %s (current=%d, received=%d), ignored\n,
+			   ip6_sprintf(ip6-ip6_src),
+			   if_name(ifp), ndi-chlim, nd_ra-nd_ra_curhoplimit);
+	}
 	dr = defrtrlist_update(drtr);
 }
 



CVS commit: [netbsd-7] src/sys/netinet6

2015-04-05 Thread Soren Jacobsen
Module Name:src
Committed By:   snj
Date:   Mon Apr  6 01:32:33 UTC 2015

Modified Files:
src/sys/netinet6 [netbsd-7]: in6.c in6_ifattach.c nd6.c nd6.h nd6_nbr.c
nd6_rtr.c

Log Message:
Pull up following revision(s) (requested by martin in ticket #655):
sys/netinet6/in6.c: revision 1.182 via patch
sys/netinet6/in6_ifattach.c: revision 1.95 via patch
sys/netinet6/nd6.c: revision 1.158 via patch
sys/netinet6/nd6.h: revision 1.62 via patch
sys/netinet6/nd6_nbr.c: revision 1.104 via patch
sys/netinet6/nd6_rtr.c: revision 1.96 via patch
Rearange interface detachement slightly: before we free the INET6 specific
per-interface data, make sure to call nd6_purge() with it to remove
routing entries pointing to the going interface.
When we should happen to call this function again later, with the data
already gone, just return.
Fixes PR kern/49682, ok: christos.


To generate a diff of this commit:
cvs rdiff -u -r1.174.2.1 -r1.174.2.2 src/sys/netinet6/in6.c
cvs rdiff -u -r1.91.2.1 -r1.91.2.2 src/sys/netinet6/in6_ifattach.c
cvs rdiff -u -r1.152.2.2 -r1.152.2.3 src/sys/netinet6/nd6.c
cvs rdiff -u -r1.59.2.1 -r1.59.2.2 src/sys/netinet6/nd6.h
cvs rdiff -u -r1.100.2.1 -r1.100.2.2 src/sys/netinet6/nd6_nbr.c
cvs rdiff -u -r1.93.2.1 -r1.93.2.2 src/sys/netinet6/nd6_rtr.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet6/in6.c
diff -u src/sys/netinet6/in6.c:1.174.2.1 src/sys/netinet6/in6.c:1.174.2.2
--- src/sys/netinet6/in6.c:1.174.2.1	Mon Oct 27 13:42:37 2014
+++ src/sys/netinet6/in6.c	Mon Apr  6 01:32:33 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: in6.c,v 1.174.2.1 2014/10/27 13:42:37 martin Exp $	*/
+/*	$NetBSD: in6.c,v 1.174.2.2 2015/04/06 01:32:33 snj Exp $	*/
 /*	$KAME: in6.c,v 1.198 2001/07/18 09:12:38 itojun Exp $	*/
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: in6.c,v 1.174.2.1 2014/10/27 13:42:37 martin Exp $);
+__KERNEL_RCSID(0, $NetBSD: in6.c,v 1.174.2.2 2015/04/06 01:32:33 snj Exp $);
 
 #include opt_inet.h
 #include opt_compat_netbsd.h
@@ -2358,7 +2358,7 @@ in6_domifdetach(struct ifnet *ifp, void 
 {
 	struct in6_ifextra *ext = (struct in6_ifextra *)aux;
 
-	nd6_ifdetach(ext-nd_ifinfo);
+	nd6_ifdetach(ifp, ext);
 	free(ext-in6_ifstat, M_IFADDR);
 	free(ext-icmp6_ifstat, M_IFADDR);
 	scope6_ifdetach(ext-scope6_id);

Index: src/sys/netinet6/in6_ifattach.c
diff -u src/sys/netinet6/in6_ifattach.c:1.91.2.1 src/sys/netinet6/in6_ifattach.c:1.91.2.2
--- src/sys/netinet6/in6_ifattach.c:1.91.2.1	Sat Jan 17 12:10:54 2015
+++ src/sys/netinet6/in6_ifattach.c	Mon Apr  6 01:32:33 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: in6_ifattach.c,v 1.91.2.1 2015/01/17 12:10:54 martin Exp $	*/
+/*	$NetBSD: in6_ifattach.c,v 1.91.2.2 2015/04/06 01:32:33 snj Exp $	*/
 /*	$KAME: in6_ifattach.c,v 1.124 2001/07/18 08:32:51 jinmei Exp $	*/
 
 /*
@@ -31,7 +31,7 @@
  */
 
 #include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: in6_ifattach.c,v 1.91.2.1 2015/01/17 12:10:54 martin Exp $);
+__KERNEL_RCSID(0, $NetBSD: in6_ifattach.c,v 1.91.2.2 2015/04/06 01:32:33 snj Exp $);
 
 #include sys/param.h
 #include sys/systm.h
@@ -848,7 +848,7 @@ in6_ifdetach(struct ifnet *ifp)
 	ip6_mrouter_detach(ifp);
 
 	/* remove neighbor management table */
-	nd6_purge(ifp);
+	nd6_purge(ifp, NULL);
 
 	/* XXX this code is duplicated in in6_purgeif() --dyoung */
 	/* nuke any of IPv6 addresses we have */
@@ -919,7 +919,7 @@ in6_ifdetach(struct ifnet *ifp)
 	 * prefixes after removing all addresses above.
 	 * (Or can we just delay calling nd6_purge until at this point?)
 	 */
-	nd6_purge(ifp);
+	nd6_purge(ifp, NULL);
 }
 
 int

Index: src/sys/netinet6/nd6.c
diff -u src/sys/netinet6/nd6.c:1.152.2.2 src/sys/netinet6/nd6.c:1.152.2.3
--- src/sys/netinet6/nd6.c:1.152.2.2	Wed Dec 17 18:43:47 2014
+++ src/sys/netinet6/nd6.c	Mon Apr  6 01:32:33 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: nd6.c,v 1.152.2.2 2014/12/17 18:43:47 martin Exp $	*/
+/*	$NetBSD: nd6.c,v 1.152.2.3 2015/04/06 01:32:33 snj Exp $	*/
 /*	$KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $	*/
 
 /*
@@ -31,7 +31,7 @@
  */
 
 #include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: nd6.c,v 1.152.2.2 2014/12/17 18:43:47 martin Exp $);
+__KERNEL_RCSID(0, $NetBSD: nd6.c,v 1.152.2.3 2015/04/06 01:32:33 snj Exp $);
 
 #include bridge.h
 #include carp.h
@@ -205,10 +205,11 @@ nd6_ifattach(struct ifnet *ifp)
 }
 
 void
-nd6_ifdetach(struct nd_ifinfo *nd)
+nd6_ifdetach(struct ifnet *ifp, struct in6_ifextra *ext)
 {
 
-	free(nd, M_IP6NDP);
+	nd6_purge(ifp, ext);
+	free(ext-nd_ifinfo, M_IP6NDP);
 }
 
 void
@@ -556,7 +557,7 @@ nd6_timer(void *ignored_arg)
 	
 	TAILQ_FOREACH_SAFE(dr, nd_defrouter, dr_entry, next_dr) {
 		if (dr-expire  dr-expire  time_second) {
-			defrtrlist_del(dr);
+			defrtrlist_del(dr, NULL);
 		}
 	}
 
@@ -746,13 +747,23 @@ nd6_accepts_rtadv(const struct nd_ifinfo
  * ifp goes away.
  */
 void
-nd6_purge(struct ifnet *ifp)

CVS commit: [netbsd-7] src/sys/netinet6

2015-04-05 Thread Soren Jacobsen
Module Name:src
Committed By:   snj
Date:   Mon Apr  6 01:32:33 UTC 2015

Modified Files:
src/sys/netinet6 [netbsd-7]: in6.c in6_ifattach.c nd6.c nd6.h nd6_nbr.c
nd6_rtr.c

Log Message:
Pull up following revision(s) (requested by martin in ticket #655):
sys/netinet6/in6.c: revision 1.182 via patch
sys/netinet6/in6_ifattach.c: revision 1.95 via patch
sys/netinet6/nd6.c: revision 1.158 via patch
sys/netinet6/nd6.h: revision 1.62 via patch
sys/netinet6/nd6_nbr.c: revision 1.104 via patch
sys/netinet6/nd6_rtr.c: revision 1.96 via patch
Rearange interface detachement slightly: before we free the INET6 specific
per-interface data, make sure to call nd6_purge() with it to remove
routing entries pointing to the going interface.
When we should happen to call this function again later, with the data
already gone, just return.
Fixes PR kern/49682, ok: christos.


To generate a diff of this commit:
cvs rdiff -u -r1.174.2.1 -r1.174.2.2 src/sys/netinet6/in6.c
cvs rdiff -u -r1.91.2.1 -r1.91.2.2 src/sys/netinet6/in6_ifattach.c
cvs rdiff -u -r1.152.2.2 -r1.152.2.3 src/sys/netinet6/nd6.c
cvs rdiff -u -r1.59.2.1 -r1.59.2.2 src/sys/netinet6/nd6.h
cvs rdiff -u -r1.100.2.1 -r1.100.2.2 src/sys/netinet6/nd6_nbr.c
cvs rdiff -u -r1.93.2.1 -r1.93.2.2 src/sys/netinet6/nd6_rtr.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7] src/sys/netinet6

2015-02-13 Thread Soren Jacobsen
Module Name:src
Committed By:   snj
Date:   Sat Feb 14 07:14:23 UTC 2015

Modified Files:
src/sys/netinet6 [netbsd-7]: ip6_output.c

Log Message:
Pull up following revision(s) (requested by roy in ticket #509):
sys/netinet6/ip6_output.c: revision 1.163
CID/1267860: Missing break in switch


To generate a diff of this commit:
cvs rdiff -u -r1.157.2.2 -r1.157.2.3 src/sys/netinet6/ip6_output.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet6/ip6_output.c
diff -u src/sys/netinet6/ip6_output.c:1.157.2.2 src/sys/netinet6/ip6_output.c:1.157.2.3
--- src/sys/netinet6/ip6_output.c:1.157.2.2	Fri Jan 23 09:27:15 2015
+++ src/sys/netinet6/ip6_output.c	Sat Feb 14 07:14:23 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_output.c,v 1.157.2.2 2015/01/23 09:27:15 martin Exp $	*/
+/*	$NetBSD: ip6_output.c,v 1.157.2.3 2015/02/14 07:14:23 snj Exp $	*/
 /*	$KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $	*/
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: ip6_output.c,v 1.157.2.2 2015/01/23 09:27:15 martin Exp $);
+__KERNEL_RCSID(0, $NetBSD: ip6_output.c,v 1.157.2.3 2015/02/14 07:14:23 snj Exp $);
 
 #include opt_inet.h
 #include opt_inet6.h
@@ -2120,6 +2120,7 @@ ip6_getpcbopt(struct ip6_pktopts *pktopt
 		else
 			optdata = (void *)defpreftemp;
 		optdatalen = sizeof(int);
+		break;
 	default:		/* should not happen */
 #ifdef DIAGNOSTIC
 		panic(ip6_getpcbopt: unexpected option\n);



CVS commit: [netbsd-7] src/sys/netinet6

2015-02-13 Thread Soren Jacobsen
Module Name:src
Committed By:   snj
Date:   Sat Feb 14 07:14:23 UTC 2015

Modified Files:
src/sys/netinet6 [netbsd-7]: ip6_output.c

Log Message:
Pull up following revision(s) (requested by roy in ticket #509):
sys/netinet6/ip6_output.c: revision 1.163
CID/1267860: Missing break in switch


To generate a diff of this commit:
cvs rdiff -u -r1.157.2.2 -r1.157.2.3 src/sys/netinet6/ip6_output.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7] src/sys/netinet6

2015-01-23 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Fri Jan 23 09:27:15 UTC 2015

Modified Files:
src/sys/netinet6 [netbsd-7]: in6.h in6_src.c ip6_input.c ip6_output.c
ip6_var.h mld6.c

Log Message:
Pull up following revision(s) (requested by pettai in ticket #441):
sys/netinet6/ip6_var.h: revision 1.64
sys/netinet6/in6.h: revision 1.82
sys/netinet6/in6_src.c: revision 1.56
sys/netinet6/mld6.c: revision 1.62
sys/netinet6/ip6_input.c: revision 1.150
sys/netinet6/ip6_output.c: revision 1.161
Add net.inet6.ip6.prefer_tempaddr sysctl knob so that we can prefer
IPv6 temporary addresses as the source address.
Fixes PR kern/47100 based on a patch by Dieter Roelants.


To generate a diff of this commit:
cvs rdiff -u -r1.78 -r1.78.2.1 src/sys/netinet6/in6.h
cvs rdiff -u -r1.54 -r1.54.2.1 src/sys/netinet6/in6_src.c
cvs rdiff -u -r1.149 -r1.149.2.1 src/sys/netinet6/ip6_input.c
cvs rdiff -u -r1.157.2.1 -r1.157.2.2 src/sys/netinet6/ip6_output.c
cvs rdiff -u -r1.62 -r1.62.2.1 src/sys/netinet6/ip6_var.h
cvs rdiff -u -r1.59.2.1 -r1.59.2.2 src/sys/netinet6/mld6.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7] src/sys/netinet6

2015-01-23 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Fri Jan 23 09:27:15 UTC 2015

Modified Files:
src/sys/netinet6 [netbsd-7]: in6.h in6_src.c ip6_input.c ip6_output.c
ip6_var.h mld6.c

Log Message:
Pull up following revision(s) (requested by pettai in ticket #441):
sys/netinet6/ip6_var.h: revision 1.64
sys/netinet6/in6.h: revision 1.82
sys/netinet6/in6_src.c: revision 1.56
sys/netinet6/mld6.c: revision 1.62
sys/netinet6/ip6_input.c: revision 1.150
sys/netinet6/ip6_output.c: revision 1.161
Add net.inet6.ip6.prefer_tempaddr sysctl knob so that we can prefer
IPv6 temporary addresses as the source address.
Fixes PR kern/47100 based on a patch by Dieter Roelants.


To generate a diff of this commit:
cvs rdiff -u -r1.78 -r1.78.2.1 src/sys/netinet6/in6.h
cvs rdiff -u -r1.54 -r1.54.2.1 src/sys/netinet6/in6_src.c
cvs rdiff -u -r1.149 -r1.149.2.1 src/sys/netinet6/ip6_input.c
cvs rdiff -u -r1.157.2.1 -r1.157.2.2 src/sys/netinet6/ip6_output.c
cvs rdiff -u -r1.62 -r1.62.2.1 src/sys/netinet6/ip6_var.h
cvs rdiff -u -r1.59.2.1 -r1.59.2.2 src/sys/netinet6/mld6.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet6/in6.h
diff -u src/sys/netinet6/in6.h:1.78 src/sys/netinet6/in6.h:1.78.2.1
--- src/sys/netinet6/in6.h:1.78	Thu Jun  5 23:48:16 2014
+++ src/sys/netinet6/in6.h	Fri Jan 23 09:27:15 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: in6.h,v 1.78 2014/06/05 23:48:16 rmind Exp $	*/
+/*	$NetBSD: in6.h,v 1.78.2.1 2015/01/23 09:27:15 martin Exp $	*/
 /*	$KAME: in6.h,v 1.83 2001/03/29 02:55:07 jinmei Exp $	*/
 
 /*
@@ -437,6 +437,8 @@ extern const struct in6_addr in6addr_lin
 
 #define IPV6_TCLASS		61 /* int; send traffic class value */
 #define IPV6_DONTFRAG		62 /* bool; disable IPv6 fragmentation */
+#define IPV6_PREFER_TEMPADDR	63 /* int; prefer temporary address as
+* the sorce address */
 /* to define items, should talk with KAME guys first, for *BSD compatibility */
 
 #define IPV6_RTHDR_LOOSE 0 /* this hop need not be a neighbor. XXX old spec */

Index: src/sys/netinet6/in6_src.c
diff -u src/sys/netinet6/in6_src.c:1.54 src/sys/netinet6/in6_src.c:1.54.2.1
--- src/sys/netinet6/in6_src.c:1.54	Sat May 17 21:26:20 2014
+++ src/sys/netinet6/in6_src.c	Fri Jan 23 09:27:15 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: in6_src.c,v 1.54 2014/05/17 21:26:20 rmind Exp $	*/
+/*	$NetBSD: in6_src.c,v 1.54.2.1 2015/01/23 09:27:15 martin Exp $	*/
 /*	$KAME: in6_src.c,v 1.159 2005/10/19 01:40:32 t-momose Exp $	*/
 
 /*
@@ -66,7 +66,7 @@
  */
 
 #include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: in6_src.c,v 1.54 2014/05/17 21:26:20 rmind Exp $);
+__KERNEL_RCSID(0, $NetBSD: in6_src.c,v 1.54.2.1 2015/01/23 09:27:15 martin Exp $);
 
 #include opt_inet.h
 
@@ -118,9 +118,7 @@ __KERNEL_RCSID(0, $NetBSD: in6_src.c,v 
 #define ADDR_LABEL_NOTAPP (-1)
 struct in6_addrpolicy defaultaddrpolicy;
 
-#ifdef notyet /* until introducing ND extensions and address selection */
 int ip6_prefer_tempaddr = 0;
-#endif
 
 static int selectroute(struct sockaddr_in6 *, struct ip6_pktopts *,
 	struct ip6_moptions *, struct route *, struct ifnet **,
@@ -184,9 +182,7 @@ in6_selectsrc(struct sockaddr_in6 *dstso
 	struct in6_addrpolicy *dst_policy = NULL, *best_policy = NULL;
 	u_int32_t odstzone;
 	int error;
-#ifdef notyet /* until introducing ND extensions and address selection */
 	int prefer_tempaddr;
-#endif
 #if defined(MIP6)  NMIP  0
 	u_int8_t ip6po_usecoa = 0;
 #endif /* MIP6  NMIP  0 */
@@ -458,7 +454,6 @@ in6_selectsrc(struct sockaddr_in6 *dstso
 		 * a sysctl variable, so that privacy conscious users can
 		 * always prefer temporary addresses.
 		 */
-#ifdef notyet /* until introducing ND extensions and address selection */
 		if (opts == NULL ||
 		opts-ip6po_prefer_tempaddr == IP6PO_TEMPADDR_SYSTEM) {
 			prefer_tempaddr = ip6_prefer_tempaddr;
@@ -481,7 +476,6 @@ in6_selectsrc(struct sockaddr_in6 *dstso
 			else
 REPLACE(7);
 		}
-#endif
 
 		/*
 		 * Rule 8: prefer addresses on alive interfaces.

Index: src/sys/netinet6/ip6_input.c
diff -u src/sys/netinet6/ip6_input.c:1.149 src/sys/netinet6/ip6_input.c:1.149.2.1
--- src/sys/netinet6/ip6_input.c:1.149	Mon Jun 16 00:33:39 2014
+++ src/sys/netinet6/ip6_input.c	Fri Jan 23 09:27:15 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_input.c,v 1.149 2014/06/16 00:33:39 ozaki-r Exp $	*/
+/*	$NetBSD: ip6_input.c,v 1.149.2.1 2015/01/23 09:27:15 martin Exp $	*/
 /*	$KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $	*/
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: ip6_input.c,v 1.149 2014/06/16 00:33:39 ozaki-r Exp $);
+__KERNEL_RCSID(0, $NetBSD: ip6_input.c,v 1.149.2.1 2015/01/23 09:27:15 martin Exp $);
 
 #include opt_gateway.h
 #include opt_inet.h
@@ -1902,6 +1902,14 @@ sysctl_net_inet6_ip6_setup(struct sysctl
 		   CTL_CREATE, CTL_EOL);
 	sysctl_createv(clog, 0, NULL, NULL,
 		   

CVS commit: [netbsd-7] src/sys/netinet6

2014-12-29 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Mon Dec 29 17:33:49 UTC 2014

Modified Files:
src/sys/netinet6 [netbsd-7]: mld6.c

Log Message:
Pull up following revision(s) (requested by ozaki-r in ticket #360):
sys/netinet6/mld6.c: revision 1.61
Ensure callout isn't running and pending before callout_destroy
Call callout_halt before callout_destroy. And also let callout (mld_timeo)
not call callout_schedule when we already called callout_halt.
This fixes PR 47881.


To generate a diff of this commit:
cvs rdiff -u -r1.59 -r1.59.2.1 src/sys/netinet6/mld6.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet6/mld6.c
diff -u src/sys/netinet6/mld6.c:1.59 src/sys/netinet6/mld6.c:1.59.2.1
--- src/sys/netinet6/mld6.c:1.59	Sat Jul 26 22:21:16 2014
+++ src/sys/netinet6/mld6.c	Mon Dec 29 17:33:49 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: mld6.c,v 1.59 2014/07/26 22:21:16 joerg Exp $	*/
+/*	$NetBSD: mld6.c,v 1.59.2.1 2014/12/29 17:33:49 martin Exp $	*/
 /*	$KAME: mld6.c,v 1.25 2001/01/16 14:14:18 itojun Exp $	*/
 
 /*
@@ -102,7 +102,7 @@
  */
 
 #include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: mld6.c,v 1.59 2014/07/26 22:21:16 joerg Exp $);
+__KERNEL_RCSID(0, $NetBSD: mld6.c,v 1.59.2.1 2014/12/29 17:33:49 martin Exp $);
 
 #include opt_inet.h
 
@@ -195,6 +195,8 @@ mld_starttimer(struct in6_multi *in6m)
 {
 	struct timeval now;
 
+	KASSERT(in6m-in6m_timer != IN6M_TIMER_UNDEF);
+
 	microtime(now);
 	in6m-in6m_timer_expire.tv_sec = now.tv_sec + in6m-in6m_timer / hz;
 	in6m-in6m_timer_expire.tv_usec = now.tv_usec +
@@ -227,6 +229,9 @@ mld_timeo(void *arg)
 	mutex_enter(softnet_lock);
 	KERNEL_LOCK(1, NULL);
 
+	if (in6m-in6m_timer == IN6M_TIMER_UNDEF)
+		goto out;
+
 	in6m-in6m_timer = IN6M_TIMER_UNDEF;
 
 	switch (in6m-in6m_state) {
@@ -238,6 +243,7 @@ mld_timeo(void *arg)
 		break;
 	}
 
+out:
 	KERNEL_UNLOCK_ONE(NULL);
 	mutex_exit(softnet_lock);
 }
@@ -741,7 +747,12 @@ in6_delmulti(struct in6_multi *in6m)
 		 */
 		sockaddr_in6_init(sin6, in6m-in6m_addr, 0, 0, 0);
 		if_mcast_op(in6m-in6m_ifp, SIOCDELMULTI, sin6tosa(sin6));
+
+		/* Tell mld_timeo we're halting the timer */
+		in6m-in6m_timer = IN6M_TIMER_UNDEF;
+		callout_halt(in6m-in6m_timer_ch, softnet_lock);
 		callout_destroy(in6m-in6m_timer_ch);
+
 		free(in6m, M_IPMADDR);
 	}
 	splx(s);



CVS commit: [netbsd-7] src/sys/netinet6

2014-12-29 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Mon Dec 29 17:33:49 UTC 2014

Modified Files:
src/sys/netinet6 [netbsd-7]: mld6.c

Log Message:
Pull up following revision(s) (requested by ozaki-r in ticket #360):
sys/netinet6/mld6.c: revision 1.61
Ensure callout isn't running and pending before callout_destroy
Call callout_halt before callout_destroy. And also let callout (mld_timeo)
not call callout_schedule when we already called callout_halt.
This fixes PR 47881.


To generate a diff of this commit:
cvs rdiff -u -r1.59 -r1.59.2.1 src/sys/netinet6/mld6.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7] src/sys/netinet6

2014-12-17 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Wed Dec 17 18:43:48 UTC 2014

Modified Files:
src/sys/netinet6 [netbsd-7]: nd6.c nd6.h nd6_nbr.c nd6_rtr.c

Log Message:
Pull up following revision(s) (requested by roy in ticket #332):
sys/netinet6/nd6_nbr.c: revision 1.103
sys/netinet6/nd6_rtr.c: revision 1.95
sys/netinet6/nd6.h: revision 1.61
sys/netinet6/nd6.c: revision 1.156
Report route additions/changes/deletions for cached neighbours to userland.


To generate a diff of this commit:
cvs rdiff -u -r1.152.2.1 -r1.152.2.2 src/sys/netinet6/nd6.c
cvs rdiff -u -r1.59 -r1.59.2.1 src/sys/netinet6/nd6.h
cvs rdiff -u -r1.100 -r1.100.2.1 src/sys/netinet6/nd6_nbr.c
cvs rdiff -u -r1.93 -r1.93.2.1 src/sys/netinet6/nd6_rtr.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet6/nd6.c
diff -u src/sys/netinet6/nd6.c:1.152.2.1 src/sys/netinet6/nd6.c:1.152.2.2
--- src/sys/netinet6/nd6.c:1.152.2.1	Mon Oct 27 13:39:11 2014
+++ src/sys/netinet6/nd6.c	Wed Dec 17 18:43:47 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: nd6.c,v 1.152.2.1 2014/10/27 13:39:11 martin Exp $	*/
+/*	$NetBSD: nd6.c,v 1.152.2.2 2014/12/17 18:43:47 martin Exp $	*/
 /*	$KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $	*/
 
 /*
@@ -31,7 +31,7 @@
  */
 
 #include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: nd6.c,v 1.152.2.1 2014/10/27 13:39:11 martin Exp $);
+__KERNEL_RCSID(0, $NetBSD: nd6.c,v 1.152.2.2 2014/12/17 18:43:47 martin Exp $);
 
 #include bridge.h
 #include carp.h
@@ -1037,6 +1037,7 @@ nd6_free(struct rtentry *rt, int gc)
 	struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt-rt_llinfo, *next;
 	struct in6_addr in6 = satocsin6(rt_getkey(rt))-sin6_addr;
 	struct nd_defrouter *dr;
+	struct rtentry *oldrt;
 
 	/*
 	 * we used to have pfctlinput(PRC_HOSTDEAD) here.
@@ -1129,7 +1130,15 @@ nd6_free(struct rtentry *rt, int gc)
 	 * caches, and disable the route entry not to be used in already
 	 * cached routes.
 	 */
-	rtrequest(RTM_DELETE, rt_getkey(rt), NULL, rt_mask(rt), 0, NULL);
+	oldrt = NULL;
+	rtrequest(RTM_DELETE, rt_getkey(rt), NULL, rt_mask(rt), 0, oldrt);
+	if (oldrt) {
+		nd6_rtmsg(RTM_DELETE, oldrt); /* tell user process */
+		if (oldrt-rt_refcnt = 0) {
+			oldrt-rt_refcnt++;
+			rtfree(oldrt);
+		}
+	}
 
 	return next;
 }
@@ -2059,6 +2068,9 @@ fail:
 		break;
 	}
 
+	if (do_update)
+		nd6_rtmsg(RTM_CHANGE, rt);  /* tell user process */
+
 	/*
 	 * When the link-layer address of a router changes, select the
 	 * best router again.  In particular, when the neighbor entry is newly

Index: src/sys/netinet6/nd6.h
diff -u src/sys/netinet6/nd6.h:1.59 src/sys/netinet6/nd6.h:1.59.2.1
--- src/sys/netinet6/nd6.h:1.59	Thu Jun  5 16:06:49 2014
+++ src/sys/netinet6/nd6.h	Wed Dec 17 18:43:47 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: nd6.h,v 1.59 2014/06/05 16:06:49 roy Exp $	*/
+/*	$NetBSD: nd6.h,v 1.59.2.1 2014/12/17 18:43:47 martin Exp $	*/
 /*	$KAME: nd6.h,v 1.95 2002/06/08 11:31:06 itojun Exp $	*/
 
 /*
@@ -408,6 +408,7 @@ void nd6_option_init(void *, int, union 
 struct nd_opt_hdr *nd6_option(union nd_opts *);
 int nd6_options(union nd_opts *);
 struct	rtentry *nd6_lookup(const struct in6_addr *, int, struct ifnet *);
+void nd6_rtmsg(int, struct rtentry *);
 void nd6_setmtu(struct ifnet *);
 void nd6_llinfo_settimer(struct llinfo_nd6 *, long);
 void nd6_timer(void *);

Index: src/sys/netinet6/nd6_nbr.c
diff -u src/sys/netinet6/nd6_nbr.c:1.100 src/sys/netinet6/nd6_nbr.c:1.100.2.1
--- src/sys/netinet6/nd6_nbr.c:1.100	Tue Jul  1 07:51:29 2014
+++ src/sys/netinet6/nd6_nbr.c	Wed Dec 17 18:43:47 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: nd6_nbr.c,v 1.100 2014/07/01 07:51:29 ozaki-r Exp $	*/
+/*	$NetBSD: nd6_nbr.c,v 1.100.2.1 2014/12/17 18:43:47 martin Exp $	*/
 /*	$KAME: nd6_nbr.c,v 1.61 2001/02/10 16:06:14 jinmei Exp $	*/
 
 /*
@@ -31,7 +31,7 @@
  */
 
 #include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: nd6_nbr.c,v 1.100 2014/07/01 07:51:29 ozaki-r Exp $);
+__KERNEL_RCSID(0, $NetBSD: nd6_nbr.c,v 1.100.2.1 2014/12/17 18:43:47 martin Exp $);
 
 #include opt_inet.h
 #include opt_ipsec.h
@@ -567,6 +567,7 @@ nd6_na_input(struct mbuf *m, int off, in
 	struct sockaddr_dl *sdl;
 	union nd_opts ndopts;
 	struct sockaddr_in6 ssin6;
+	int rt_announce;
 
 	if (ip6-ip6_hlim != 255) {
 		nd6log((LOG_ERR,
@@ -669,6 +670,7 @@ nd6_na_input(struct mbuf *m, int off, in
 	   ((sdl = satosdl(rt-rt_gateway)) == NULL))
 		goto freeit;
 
+	rt_announce = 0;
 	if (ln-ln_state == ND6_LLINFO_INCOMPLETE) {
 		/*
 		 * If the link-layer has address, and no lladdr option came,
@@ -682,6 +684,7 @@ nd6_na_input(struct mbuf *m, int off, in
 		 */
 		(void)sockaddr_dl_setaddr(sdl, sdl-sdl_len, lladdr,
 		ifp-if_addrlen);
+		rt_announce = 1;
 		if (is_solicited) {
 			ln-ln_state = ND6_LLINFO_REACHABLE;
 			ln-ln_byhint = 0;
@@ -712,11 +715,11 @@ nd6_na_input(struct mbuf *m, int off, in
 		else {
 			if (sdl-sdl_alen) {
 if (memcmp(lladdr, CLLADDR(sdl), 

CVS commit: [netbsd-7] src/sys/netinet6

2014-12-17 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Wed Dec 17 18:43:48 UTC 2014

Modified Files:
src/sys/netinet6 [netbsd-7]: nd6.c nd6.h nd6_nbr.c nd6_rtr.c

Log Message:
Pull up following revision(s) (requested by roy in ticket #332):
sys/netinet6/nd6_nbr.c: revision 1.103
sys/netinet6/nd6_rtr.c: revision 1.95
sys/netinet6/nd6.h: revision 1.61
sys/netinet6/nd6.c: revision 1.156
Report route additions/changes/deletions for cached neighbours to userland.


To generate a diff of this commit:
cvs rdiff -u -r1.152.2.1 -r1.152.2.2 src/sys/netinet6/nd6.c
cvs rdiff -u -r1.59 -r1.59.2.1 src/sys/netinet6/nd6.h
cvs rdiff -u -r1.100 -r1.100.2.1 src/sys/netinet6/nd6_nbr.c
cvs rdiff -u -r1.93 -r1.93.2.1 src/sys/netinet6/nd6_rtr.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



CVS commit: [netbsd-7] src/sys/netinet6

2014-10-27 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Mon Oct 27 13:39:11 UTC 2014

Modified Files:
src/sys/netinet6 [netbsd-7]: nd6.c

Log Message:
Pull up following revision(s) (requested by roy in ticket #159):
sys/netinet6/nd6.c: revision 1.153
Tests for neighbour now work correctly on bridge(4) and carp(4) interfaces.


To generate a diff of this commit:
cvs rdiff -u -r1.152 -r1.152.2.1 src/sys/netinet6/nd6.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet6/nd6.c
diff -u src/sys/netinet6/nd6.c:1.152 src/sys/netinet6/nd6.c:1.152.2.1
--- src/sys/netinet6/nd6.c:1.152	Fri Jun  6 01:02:47 2014
+++ src/sys/netinet6/nd6.c	Mon Oct 27 13:39:11 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: nd6.c,v 1.152 2014/06/06 01:02:47 rmind Exp $	*/
+/*	$NetBSD: nd6.c,v 1.152.2.1 2014/10/27 13:39:11 martin Exp $	*/
 /*	$KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $	*/
 
 /*
@@ -31,8 +31,10 @@
  */
 
 #include sys/cdefs.h
-__KERNEL_RCSID(0, $NetBSD: nd6.c,v 1.152 2014/06/06 01:02:47 rmind Exp $);
+__KERNEL_RCSID(0, $NetBSD: nd6.c,v 1.152.2.1 2014/10/27 13:39:11 martin Exp $);
 
+#include bridge.h
+#include carp.h
 #include opt_ipsec.h
 
 #include sys/param.h
@@ -906,7 +908,7 @@ nd6_lookup1(const struct in6_addr *addr6
 	rt-rt_flags  (RTF_CLONING | RTF_CLONED) 
 	(rt-rt_ifp == ifp
 #if NBRIDGE  0
-	|| SAME_BRIDGE(rt-rt_ifp-if_bridgeport, ifp-if_bridgeport)
+	|| rt-rt_ifp-if_bridge == ifp-if_bridge
 #endif
 #if NCARP  0
 	|| (ifp-if_type == IFT_CARP  rt-rt_ifp == ifp-if_carpdev) ||



CVS commit: [netbsd-7] src/sys/netinet6

2014-10-27 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Mon Oct 27 13:39:11 UTC 2014

Modified Files:
src/sys/netinet6 [netbsd-7]: nd6.c

Log Message:
Pull up following revision(s) (requested by roy in ticket #159):
sys/netinet6/nd6.c: revision 1.153
Tests for neighbour now work correctly on bridge(4) and carp(4) interfaces.


To generate a diff of this commit:
cvs rdiff -u -r1.152 -r1.152.2.1 src/sys/netinet6/nd6.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.