CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Mar 22 18:07:38 UTC 2021 Modified Files: src/sys/net [netbsd-8]: if_l2tp.h Log Message: Pull up following revision(s) (requested by knakahara in ticket #1665): sys/net/if_l2tp.h: revision 1.10 Fix l2tp(4) ioctl type. Pointed out by yamaguchi@n.o, thanks. XXX pullup-[89] To generate a diff of this commit: cvs rdiff -u -r1.2.2.4 -r1.2.2.5 src/sys/net/if_l2tp.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Feb 13 19:37:39 UTC 2020 Modified Files: src/sys/net [netbsd-8]: if_pppoe.c Log Message: Pull up following revision(s) (requested by mlelstv in ticket #1505): sys/net/if_pppoe.c: revision 1.149 safely extract character sequences from packet for printing. To generate a diff of this commit: cvs rdiff -u -r1.125.6.9 -r1.125.6.10 src/sys/net/if_pppoe.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Apr 22 09:06:49 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_gif.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #1241): sys/net/if_gif.c: revision 1.146 fix a potential bug of gif(4) check for tunnel duplicate. This problem has not actualized thanks to check for duplicate in encap_attach(). To generate a diff of this commit: cvs rdiff -u -r1.126.2.13 -r1.126.2.14 src/sys/net/if_gif.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Fri Mar 15 14:47:22 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_ipsec.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #1216): sys/net/if_ipsec.c: revision 1.21 Fix ipsecif(4) memory leak in some ioctl cases. To generate a diff of this commit: cvs rdiff -u -r1.3.2.10 -r1.3.2.11 src/sys/net/if_ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Fri Mar 15 14:44:05 UTC 2019 Modified Files: src/sys/net [netbsd-8]: route.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1215): sys/net/route.c: revision 1.217 Add missing ifa_release on error paths To generate a diff of this commit: cvs rdiff -u -r1.194.6.12 -r1.194.6.13 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Mar 7 16:59:10 UTC 2019 Modified Files: src/sys/net [netbsd-8]: rtsock.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1203): sys/net/rtsock.c: revision 1.247 Protect sysctl_rtable with KERNEL_LOCK and softnet_lock In the function the routing table could be accessed without any locks, which was unsafe. Actually, on netbsd-7, a kernel panic happened(*). The situation of locking hasn't changed since netbsd-7 so we still need to hold the big locks on -current (and netbsd-8) too. Note that if NET_MPSAFE is enabled, the routing table is protected by its own lock and we don't need the locks. Reported and tested on netbsd-7 by sborrill@ (*) http://mail-index.netbsd.org/tech-net/2018/11/08/msg007153.html To generate a diff of this commit: cvs rdiff -u -r1.213.2.11 -r1.213.2.12 src/sys/net/rtsock.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Fri Jan 11 15:55:02 UTC 2019 Modified Files: src/sys/net [netbsd-8]: if_ppp.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #1162): sys/net/if_ppp.c: revision 1.162 sys/net/if_ppp.c: revision 1.163 Fix missing mutex_exit in ppp_create(). Fix missing splx in ppp_inproc(). To generate a diff of this commit: cvs rdiff -u -r1.158.8.1 -r1.158.8.2 src/sys/net/if_ppp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Nov 21 12:01:11 UTC 2018 Modified Files: src/sys/net [netbsd-8]: rtsock.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1101): sys/net/rtsock.c: revision 1.244 Fix kernel info leak. There are 2 bytes of padding in struct if_msghdr. [ 944.607323] kleak: Possible leak in copyout: [len=176, leaked=2] [ 944.617335] #0 0x80b7c44a in kleak_note [ 944.627332] #1 0x80b7c4ca in kleak_copyout [ 944.627332] #2 0x80c91698 in sysctl_iflist_if [ 944.637336] #3 0x80c91d3c in sysctl_iflist [ 944.647343] #4 0x80c93855 in sysctl_rtable [ 944.647343] #5 0x80b5b328 in sysctl_dispatch [ 944.657346] #6 0x80b5b62e in sys___sysctl [ 944.667354] #7 0x8025ab3c in sy_call [ 944.667354] #8 0x8025ad6e in sy_invoke [ 944.677365] #9 0x8025adf4 in syscall To generate a diff of this commit: cvs rdiff -u -r1.213.2.10 -r1.213.2.11 src/sys/net/rtsock.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Nov 12 08:50:18 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_gif.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #1087): sys/net/if_gif.c: revision 1.145 Fix ALTQ on gif(4). Reported and tested by Anthony Mallet, advised by Greg Troxel, thanks. l2tp(4) and ipsecif(4) don't support ALTQ yet. So, they don't require this fix. XXX pullup-8 To generate a diff of this commit: cvs rdiff -u -r1.126.2.12 -r1.126.2.13 src/sys/net/if_gif.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Oct 22 07:41:12 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_vlan.c Log Message: Additionally pull up r1.131 for ticket #1066 (requested by knakahara): Use a different psz for a different lock. Patch from riastradh, reviewed by ozaki-r. To generate a diff of this commit: cvs rdiff -u -r1.97.2.15 -r1.97.2.16 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Sun Oct 21 11:55:54 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_gif.c if_gif.h if_ipsec.c if_ipsec.h if_l2tp.c if_l2tp.h if_vlan.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #1066): sys/net/if_vlan.c: revision 1.133 sys/net/if_gif.h: revision 1.32 sys/net/if_ipsec.c: revision 1.18 sys/net/if_ipsec.h: revision 1.4 sys/net/if_gif.c: revision 1.144 sys/net/if_l2tp.h: revision 1.6 sys/net/if_l2tp.c: revision 1.30 Fix panic when doing ioctl to multiple pseudo interfaces. Pointed out by k-goda@IIJ. XXX pullup-8 To generate a diff of this commit: cvs rdiff -u -r1.126.2.11 -r1.126.2.12 src/sys/net/if_gif.c cvs rdiff -u -r1.25.8.3 -r1.25.8.4 src/sys/net/if_gif.h cvs rdiff -u -r1.3.2.9 -r1.3.2.10 src/sys/net/if_ipsec.c cvs rdiff -u -r1.1.2.3 -r1.1.2.4 src/sys/net/if_ipsec.h cvs rdiff -u -r1.11.2.9 -r1.11.2.10 src/sys/net/if_l2tp.c cvs rdiff -u -r1.2.2.2 -r1.2.2.3 src/sys/net/if_l2tp.h cvs rdiff -u -r1.97.2.14 -r1.97.2.15 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Oct 3 17:57:39 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_bridge.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #1046): sys/net/if_bridge.c: revision 1.157 sys/net/if_bridge.c: revision 1.158 sys/net/if_bridge.c: revision 1.159 Fix a bug that bridge_enqueue() incorrectly cleared outgoing packet's offload flags. bridge_enqueue() is called from bridge_output() when a packet is spontaneous. Clear csum_flags before calling brige_enqueue() in bridge_forward() or bridge_broadcast() instead of in the beginning of bridge_enqueue(). Note that this change doesn't fix a problem on the following configuration: A bridge has two or more interfaces. An address is assigned to an bridge member interface and some offload flags are set. Another interface has no address and has no any offload flag. XXX pullup-[78] - Fix bridge_enqueue() which was broken by last commit. Use correct mbuf pointer. - Modify comment. Micro optimization. m_copym(M_COPYALL) -> m_copypacket(). To generate a diff of this commit: cvs rdiff -u -r1.134.6.11 -r1.134.6.12 src/sys/net/if_bridge.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Fri Sep 7 12:31:30 UTC 2018 Modified Files: src/sys/net [netbsd-8]: route.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #1012): sys/net/route.c: revision 1.212 sys/net/route.c: revision 1.213 route: don't take an extra reference of a rtentry for the delayed free mechanism Because a reference is already taken at that point. - route: avoid overwriting rt_free_global.enqueued unexpectedly rt_free_global.enqueued can be set to true by rt_free during rt_free_work because rt_free_work releases rt_free_global.lock. So rt_free_work must update it once and not update after releasing the lock. To generate a diff of this commit: cvs rdiff -u -r1.194.6.10 -r1.194.6.11 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Aug 27 07:49:11 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #991): sys/net/if.c: revision 1.434 Restore splx removed accidentally at v1.406 Pointed out by k-goda@IIJ To generate a diff of this commit: cvs rdiff -u -r1.394.2.13 -r1.394.2.14 src/sys/net/if.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Aug 15 12:07:30 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_tun.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #974): sys/net/if_tun.c: revision 1.145 sys/net/if_tun.c: revision 1.146 tun: fix locking against myself filt_tunread is called with tun_lock held from tun_output (via tun_output => selnotify => knote), so we must not take tun_lock in filt_tunread. The bug is triggered only if a tun is used through kqueue. Found by k-goda@IIJ Fix tun(4) kevent locking filt_tunread gets called in two contexts: - by calls to selnotify in if_tun.c (or knote, as the case may be, but not here), in which case tp->tun_lock is held; and - by internal logic in kevent, in which tp->tun_lock is not held. The standard convention to discriminate between these two cases is by setting the kernel-only NOTE_SUBMIT bit in the hint to selnotify or knote; then in filt_*: if (hint & NOTE_SUBMIT) KASSERT(mutex_owned(&tp->tun_lock)); else mutex_enter(&tp->tun_lock); ... if (hint & NOTE_SUBMIT) KASSERT(mutex_owned(&tp->tun_lock)); else mutex_exit(&tp->tun_lock); Pointed out by and patch from riastradh@ Tested by ozaki-r@ (only the former path) To generate a diff of this commit: cvs rdiff -u -r1.139.2.3 -r1.139.2.4 src/sys/net/if_tun.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Fri Jul 13 16:01:12 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #915): sys/net/if.c: revision 1.424 Print "NET_MPSAFE enabled" if it's enabled. To generate a diff of this commit: cvs rdiff -u -r1.394.2.12 -r1.394.2.13 src/sys/net/if.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Jul 12 15:11:56 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_pppoe.c Log Message: Pull up following revision(s) (requested by yamaguchi in ticket #890): sys/net/if_pppoe.c: revision 1.137 sys/net/if_pppoe.c: revision 1.139 sys/net/if_pppoe.c: revision 1.140 Drop early if there's no PPPoE interface. Otherwise it is easy for someone to flood dmesg over the local subnet. Fix not to use PPPOE_UNLOCK before acccess to pppoe_softc to avoid a race condition According to the locking order of pppoe(4), the access to pppoe_softc has to follow 5 steps as below. 1. aquire pppoe_softc_list_lock 2. aquire pppoe_softc lock 3. release pppoe_softc_list_lock 4. access to pppoe_softc 5. release pppoe_softc lock However, pppoe_dispatch_disc_pkt() releases the lock of pppoe_softc temporarily, and then re-aquires it before step 4 of the adove. So, it is possible for other contexts to destroy a pppoe_softc in the interim. To fix this condition, avoid PPPOE_UNLOCK with the problem. ok by knakahara@n.o Fix to aquire pppoe_softc_list_lock before read and write the list ok by knakahara@n.o To generate a diff of this commit: cvs rdiff -u -r1.125.6.8 -r1.125.6.9 src/sys/net/if_pppoe.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Jul 11 16:50:46 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_llatbl.c Log Message: Additionally pullup src/sys/net/if_llatbl.c r1.30 to fix build fallout from previous, requested by both ozaki-r (ticket #918) and kre (ticket #920): Update previous so that there is no unused (but assigned) variable left when there is no ARP. Thanks gcc! To generate a diff of this commit: cvs rdiff -u -r1.18.6.6 -r1.18.6.7 src/sys/net/if_llatbl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Tue Jul 10 15:31:33 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_llatbl.c Log Message: Additionally pull up the following, requested by ozaki-r in ticket #918: src/sys/net/if_llatbl.c 1.29 Avoid attempting to call arp related functions if there is no arp in the kernel. To generate a diff of this commit: cvs rdiff -u -r1.18.6.5 -r1.18.6.6 src/sys/net/if_llatbl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net/npf
Module Name:src Committed By: martin Date: Tue Jul 10 14:44:05 UTC 2018 Modified Files: src/sys/net/npf [netbsd-8]: npf_handler.c Log Message: Pull up following revision(s) (requested by maxv in ticket #919): sys/net/npf/npf_handler.c: revision 1.41 Update the pointer when fast-kicking, because it may have been freed. Before my changes the nonsensical pointer ininitialization held, but when I started introducing sanity checks the whole thing collapsed. Need pullup-8. To generate a diff of this commit: cvs rdiff -u -r1.37.6.1 -r1.37.6.2 src/sys/net/npf/npf_handler.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Tue Jul 10 14:41:31 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_llatbl.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #918): sys/net/if_llatbl.c: revision 1.28 Don't overwrite an existing llentry on RTM_ADD to avoid race conditions Reported and tested by christos@ To generate a diff of this commit: cvs rdiff -u -r1.18.6.4 -r1.18.6.5 src/sys/net/if_llatbl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Sat Jun 9 14:44:33 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_llatbl.c Log Message: Pull up following revision(s) (requested by nonaka in ticket #862): sys/net/if_llatbl.c: revision 1.27 It is necessary to set wall time instead of monotonic time to rmx_expire. To generate a diff of this commit: cvs rdiff -u -r1.18.6.3 -r1.18.6.4 src/sys/net/if_llatbl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Jun 7 17:50:54 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #844): sys/net/if.c: revision 1.425 Relax a lock check in if_mcast_op unless NET_MPSAFE It seems that there remain some paths that don't satisfy the constraint that is required only if NET_MPSAFE. So don't check it by default. One known path is nd6_rtrequest => in6_addmulti => if_mcast_op, which is not easy to address. To generate a diff of this commit: cvs rdiff -u -r1.394.2.10 -r1.394.2.11 src/sys/net/if.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Jun 7 16:22:43 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_ipsec.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #840): sys/net/if_ipsec.c: revision 1.15,1.16 Fix panic when ipsecif(4) adds discard policy. Pointed out by ohishi@IIJ, thanks. Reviewd by ohishi@IIJ. Sorry, I jumped the gun and committed. Fix the following two issues. - remove extra padding of sizeof(xisr) when adding ipsec policy - add padding for xpl when adding discard policy To generate a diff of this commit: cvs rdiff -u -r1.3.2.8 -r1.3.2.9 src/sys/net/if_ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Jun 7 16:19:47 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_ipsec.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #839): sys/net/if_ipsec.c: revision 1.14 ipsecif(4) must not set port number to spidx even if NAT-T. Pointed out by ohishi@IIJ, thanks. To generate a diff of this commit: cvs rdiff -u -r1.3.2.7 -r1.3.2.8 src/sys/net/if_ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu May 17 14:02:31 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_ipsec.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #828): sys/net/if_ipsec.c: revision 1.12 Fix "how" argument of MGET(). Pointed out by maxv@n.o, thanks. MGET() does not have M_ZERO flag, so add memset when it is required. To generate a diff of this commit: cvs rdiff -u -r1.3.2.5 -r1.3.2.6 src/sys/net/if_ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Tue May 15 13:48:37 UTC 2018 Modified Files: src/sys/net [netbsd-8]: bpf.c if.c if_bridge.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #826): sys/net/if_bridge.c: revision 1.155 sys/net/if.c: revision 1.421 sys/net/bpf.c: revision 1.224 sys/net/if.c: revision 1.422 sys/net/if.c: revision 1.423 Use if_is_mpsafe (NFC) Protect packet input routines with KERNEL_LOCK and splsoftnet if_input, i.e, ether_input and friends, now runs in softint without any protections. It's ok for ether_input itself because it's already MP-safe, however, subsequent routines called from it such as carp_input and agr_input aren't safe because they're not MP-safe. Protect if_input with KERNEL_LOCK. if_input can be called from a normal LWP context. In that case we need to prevent interrupts (softint) from running by splsoftnet to protect non-MP-safe codes (e.g., carp_input and agr_input). Pointed out by mlelstv@ Protect if_deferred_start_softint with KERNEL_LOCK if the interface isn't MP-safe To generate a diff of this commit: cvs rdiff -u -r1.216.6.5 -r1.216.6.6 src/sys/net/bpf.c cvs rdiff -u -r1.394.2.9 -r1.394.2.10 src/sys/net/if.c cvs rdiff -u -r1.134.6.9 -r1.134.6.10 src/sys/net/if_bridge.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net/npf
Module Name:src Committed By: martin Date: Mon May 14 19:22:30 UTC 2018 Modified Files: src/sys/net/npf [netbsd-8]: npf_alg_icmp.c npf_inet.c npf_sendpkt.c Log Message: Pull up following revision(s) (requested by maxv in ticket #823): sys/net/npf/npf_inet.c: revision 1.45-1.47 sys/net/npf/npf_alg_icmp.c: revision 1.27-1.30 sys/net/npf/npf_sendpkt.c: revision 1.19 Fix use-after-free. The nbuf can be reallocated as a result of caching 'enpc', so it is necessary to recache 'npc', otherwise it contains pointers to the freed mbuf - pointers which are then used in the ruleset machinery. We recache 'npc' when we are sure we won't use 'enpc' anymore, because 'enpc' can be clobbered as a result of caching 'npc' (in other words, only one of the two can be cached at the same time). Also, we recache 'npc' unconditionally, because there is no way to know whether the nbuf got clobbered relatively to it. We can't use the NBUF_DATAREF_RESET flag, because it is stored in the nbuf and not in the cache. Discussed with rmind@. Change npf_cache_all so that it ensures the potential ICMP Query Id is in the nbuf. In such a way that we don't need to ensure that later. Change npfa_icmp4_inspect and npfa_icmp6_inspect so that they touch neither the nbuf nor npc. Adapt their callers accordingly. In the end, if a packet has a Query Id, we set NPC_ICMP_ID in npc and leave right away, without recaching npc (not needed since we didn't touch the nbuf). This fixes the handling of Query Id packets (that I broke in my previous commit), and also fixes another possible use-after-free. Retrieve the complete IPv4 header right away, and make sure we did retrieve the IPv6 option header we were iterating on. Ah, fix compilation. I tested my previous change by loading the kernel module from the filesystem, but the Makefile didn't have DIAGNOSTIC enabled, and the two KASSERTs I added did not compile properly. If we fail to advance inside TCP/UDP/ICMPv4/ICMPv6, stop pretending L4 is unknown, and error out right away. This prevents bugs in machinery, if a place looks for L4 in 'npc_proto' without checking the cache too. I've seen a ~similar problem already. In addition to checking L4 in the cache, here we also need to check the protocol. The NPF entry point does not ensure that ICMPv6 can be set only in IPv6 ICMPv4 can be set only in IPv4 So we could have ICMPv6 in IPv4. apply some INET6 so this compiles in INET6-less kernels again. To generate a diff of this commit: cvs rdiff -u -r1.24.8.1 -r1.24.8.2 src/sys/net/npf/npf_alg_icmp.c cvs rdiff -u -r1.37.6.1 -r1.37.6.2 src/sys/net/npf/npf_inet.c cvs rdiff -u -r1.16.8.1 -r1.16.8.2 src/sys/net/npf/npf_sendpkt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net/npf
Module Name:src Committed By: martin Date: Wed May 9 15:35:37 UTC 2018 Modified Files: src/sys/net/npf [netbsd-8]: npf.h npf_alg_icmp.c npf_handler.c npf_inet.c npf_sendpkt.c Log Message: Pull up following revision(s) (requested by maxv in ticket #817): sys/net/npf/npf_inet.c: revision 1.38-1.44 sys/net/npf/npf_handler.c: revision 1.38-1.39 sys/net/npf/npf_alg_icmp.c: revision 1.26 sys/net/npf/npf.h: revision 1.56 sys/net/npf/npf_sendpkt.c: revision 1.17-1.18 Declare NPC_FMTERR, and use it to kick malformed packets. Several sanity checks are added in IPv6; after we see the first IPPROTO_FRAGMENT header, we are allowed to fail to advance, otherwise we kick the packet. Sent on tech-net@ a few days ago, no response, but I'm committing it now anyway. Switch nptr to uint8_t, and use nbuf_ensure_contig. Makes us use fewer magic values. Remove dead branches, 'npc' can't be NULL (and it is dereferenced earlier). Fix two consecutive mistakes. The first mistake was npf_inet.c rev1.37: "Don't reassemble ipv6 fragments, instead treat the first fragment as a regular packet (subject to filtering rules), and pass subsequent fragments in the same group unconditionally." Doing this was entirely wrong, because then a packet just had to push the L4 payload in a secondary fragment, and NPF wouldn't apply rules on it - meaning any IPv6 packet could bypass >=L4 filtering. This mistake was supposed to be a fix for the second mistake. The second mistake was that ip6_reass_packet (in npf_reassembly) was getting called with npc->npc_hlen. But npc_hlen pointed to the last encountered header in the IPv6 chain, which was not necessarily the fragment header. So ip6_reass_packet was given garbage, and would fail, resulting in the packet getting kicked. So basically IPv6 was broken by NPF. The first mistake is reverted, and the second one is fixed by doing: - hlen = sizeof(struct ip6_frag); + hlen = 0; Now the iteration stops on the fragment header, and the call to ip6_reass_packet is valid. My npf_inet.c rev1.38 is partially reverted: we don't need to worry about failing properly to advance; once the packet is reassembled npf_cache_ip gets called again, and this time the whole chain should be there. Tested with a simple UDPv6 server - send a 3000-byte-sized buffer, the packet gets correctly reassembled by NPF now. Mmh, put back the RFC6946 check (about dummy fragments), otherwise NPF is not happy in npf_reassembly, because NPC_IPFRAG is again returned after the packet was reassembled. I'm wondering whether it would not be better to just remove the fragment header in frag6_input directly. Fix the "return-rst" rule on IPv6 packets. The scopes needed to be set on the addresses before invoking ip6_output, because ip6_output needs them. The reason they are not here already is because pfil_run_hooks (in ip6_input) is called _before_ the kernel initializes the scopes. Until now ip6_output was always failing, and the IPv6-TCP-RST packet was never actually sent. Perhaps it would be better to have the kernel initialize the scopes before invoking pfil_run_hooks, but several things will need to be fixed in several places. Tested with a simple TCPv6 server. Until now the client would block waiting for an answer that never came; now it receives an RST right away and closes the connection, as expected. I believe that the same problem exists in the "return-icmp" rules, but I can't investigate this right now (some problems with wireshark). Fix the IPv6 payload computation in npf_tcpsaw. It was incorrect, and this caused the "return-rst" rules to send back an RST with the wrong ACK when the received SYN had an IPv6 option. Set the scopes before calling icmp6_error(). This fixes a bug similar to the one I fixed in rev1.17: since the scopes were not set the packet was never actually sent. Tested with wireshark, now the ICMPv6 reply is correctly sent, as expected. Don't read the L4 payload after IPPROTO_AH when handling IPv6 packets. AH must be considered as the payload, otherwise a block all pass in proto ah from any pass out proto ah from any configuration will actually block everything, because NPF checks the protocol against the one found after AH, and not AH itself. In addition it may have been a problem for stateful connections; an AH packet sent by an attacker with an incorrect authentication and a correct TCP/UDP/whatever payload from an active connection could manage to change NPF's FSM state, which would perhaps have altered the legitimate connection with the authenticated remote IPsec host. Note that IPv4 already doesn't go beyond AH, which is the correct behavior. Add XXX (we don't handle IPv6 Jumbograms), and whitespace. To generate a diff of this commit: cvs rdiff -u -r1.54.6.1 -r1.54.6.2 src/sys/net/npf/npf.h cvs rdiff -u -r1.24 -r1.24.8.1 src/sy
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Sun May 6 13:09:06 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_vlan.c Log Message: Pull up following revision(s) (requested by spz in ticket #813): sys/net/if_vlan.c: revision 1.122 If cnt == 0, don't kmem_alloc(0). Found by Mootja. Looking at the code, I also find it suspicious that we read ifv->ifv_mib->ifvm_p directly without making sure ifv_mib != NULL. To generate a diff of this commit: cvs rdiff -u -r1.97.2.12 -r1.97.2.13 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net/npf
Module Name:src Committed By: martin Date: Sat May 5 19:15:55 UTC 2018 Modified Files: src/sys/net/npf [netbsd-8]: npf_nat.c Log Message: Pull up following revision(s) (requested by prlw1 in ticket #795): sys/net/npf/npf_nat.c: revision 1.42 PR/53207: David Binderman: Use logical and To generate a diff of this commit: cvs rdiff -u -r1.41 -r1.41.8.1 src/sys/net/npf/npf_nat.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Sat May 5 19:07:52 UTC 2018 Modified Files: src/sys/net [netbsd-8]: rtsock.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #788): sys/net/rtsock.c: revision 1.241 Fix a deadlock (rt_free vs. route_intr on rt_so_mtx) It occurs only if NET_MPSAFE is enabled. To generate a diff of this commit: cvs rdiff -u -r1.213.2.9 -r1.213.2.10 src/sys/net/rtsock.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Apr 18 14:16:57 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_pppoe.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #779): sys/net/if_pppoe.c: revision 1.135,1.136 net.pppoe.term_unknown can be written safely now. Fix sending PADT to unexpected hosts when net.pppoe.term_unknown is enabled. To generate a diff of this commit: cvs rdiff -u -r1.125.6.6 -r1.125.6.7 src/sys/net/if_pppoe.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Sat Apr 14 10:38:59 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_vlan.c Log Message: Pull up following revision(s) (requested by ryo in ticket #752): sys/net/if_vlan.c: revision 1.125 Fix the handling of the state returned from pfil_run_hooks(). pfil_run_hooks() invokes any registered packet filters on the packet being handled. It may return a (non-zero) errno, indicating that a filter has decided that the packet should be discarded, and has freed the mbuf. While a non-error (0) return usually means that the packet should be processed normally, a filter may still free the mbuf if the packet is a fragment, and the filter is holding it for reassembly and future evaluation. Therefore, there must be separate tests for the return value and for a possible discarded packet. (See pfil(9).) OK: christos, martin To generate a diff of this commit: cvs rdiff -u -r1.97.2.11 -r1.97.2.12 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Sat Apr 14 10:16:19 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if.h route.c route.h rtsock.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #749): sys/net/if.h: revision 1.259 sys/net/route.c: revision 1.209 sys/net/route.h: revision 1.118 sys/net/rtsock.c: revision 1.240 Resolve tangled lock dependencies in route.c This change sweeps remaining lock decisions based on if locked or not by moving utility functions of rtentry updates from rtsock.c and ensuring holding the rt_lock. It also improves the atomicity of a update of a rtentry. To generate a diff of this commit: cvs rdiff -u -r1.239.2.4 -r1.239.2.5 src/sys/net/if.h cvs rdiff -u -r1.194.6.8 -r1.194.6.9 src/sys/net/route.c cvs rdiff -u -r1.112.4.3 -r1.112.4.4 src/sys/net/route.h cvs rdiff -u -r1.213.2.8 -r1.213.2.9 src/sys/net/rtsock.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Apr 11 14:15:45 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_l2tp.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #730): sys/net/if_l2tp.c: revision 1.22 sys/net/if_l2tp.c: revision 1.23 Improve comment. Pointed out by maxv@n.o, thanks. Fix previous my mistake and odd unaligned case. Pointed out by maxv@n.o, thanks. It must be rare case to be required this copy routine... To generate a diff of this commit: cvs rdiff -u -r1.11.2.6 -r1.11.2.7 src/sys/net/if_l2tp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: bouyer Date: Mon Apr 9 13:40:21 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_l2tp.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #725): sys/net/if_l2tp.c: revision 1.21 Fix l2tp(4) alignment check. Pointed out and reviewed by k-goda@IIJ. The alignment check should be done for the address of m_data instead of the value of m_data. XXX pullup-8 To generate a diff of this commit: cvs rdiff -u -r1.11.2.5 -r1.11.2.6 src/sys/net/if_l2tp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Apr 5 14:41:07 UTC 2018 Modified Files: src/sys/net [netbsd-8]: route.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #697): sys/net/route.c: revision 1.208 Kill remaining rt->rt_refcnt++ To generate a diff of this commit: cvs rdiff -u -r1.194.6.7 -r1.194.6.8 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net/npf
Module Name:src Committed By: martin Date: Wed Apr 4 16:40:42 UTC 2018 Modified Files: src/sys/net/npf [netbsd-8]: npf.h Log Message: Pull up following revision(s) (requested by maxv in ticket #693): sys/net/npf/npf.h: revision 1.55 Fix a vulnerability in NPF, that allows whatever incoming IPv6 packet to bypass a certain number of filtering rules. Basically there is an integer overflow in npf_cache_ip: npc_hlen is a 8bit unsigned int, and can wrap to zero if the IPv6 packet being processed has large extensions. As a result of an overflow, (mbuf + npc_hlen) won't point at the real protocol header, but instead at some garbage within the packet. That garbage, is what NPF applies its rules on. If these filtering rules allow the packet to enter, that packet is given to the main IPv6 entry point. This entry point, however, is not subject to an integer overflow, so it will actually parse the correct protocol header. The result is: NPF read a wrong header, allowed the packet to enter, the kernel read the correct header, and delivered the packet depending on this correct header. So the offending packet was supposed to be kicked, but still went through the firewall. Simple example, a packet with: packet + 0 = IP6 Header packet + 40 = IP6 Routing header (ip6r_len = 31) packet + 48 = Crafted UDP header (uh_dport = ) packet + 296 = IP6 Dest header (ip6e_len = 0) packet + 304 = Real UDP header (uh_dport = ) Will bypass a rule of the kind "block port ". Here NPF reads the crafted UDP header, sees , lets the packet in; later the kernel reads the real UDP header, and delivers it on port . Fix this by using uint32_t. While here, it seems to me there is also a memory overflow: still in npf_cache_ip, npc_hlen may be incremented with a value that goes beyond the mbuf. To generate a diff of this commit: cvs rdiff -u -r1.54 -r1.54.6.1 src/sys/net/npf/npf.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Sat Mar 17 11:26:44 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_tun.c Log Message: Pull up following revision(s) (requested by tih in ticket #638): sys/net/if_tun.c: revision 1.143 Add packet filtering to tun(4) interfaces. Calls to pfil_run_hooks() were missing in if_tun.c. This meant that filtering configuration could be added to e.g. /etc/npf.conf, but would be ignored, because the filter never saw the packets. This change adds the required calls. While here, correct the return value from tun_output(): it's been returning 0 regardless of any error condition present, but will now correctly propagate such information upward. Thanks to maxv for guidance! OK: christos, martin To generate a diff of this commit: cvs rdiff -u -r1.139.2.2 -r1.139.2.3 src/sys/net/if_tun.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Tue Mar 13 15:40:25 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #628): sys/net/if_ethersubr.c: revision 1.250 sys/net/if_ethersubr.c: revision 1.251 sys/net/if_ethersubr.c: revision 1.252 sys/net/if_ethersubr.c: revision 1.248 Use kmem_alloc instead of kmem_intr_alloc in ether_addmulti ether_addmulti is now not called in softint thanks to wqinput that pulled input routines of ICMP out of softint. style Fix the net.ether.multicast sysctl. If there is no multicast address don't kmem_alloc(0) (which panics the kernel), and if the number of multicast addresses has decreased don't copyout uninitialized kernel data. Several fixes: - Style and typos - Use kmem_zalloc, in case there is a padding between the fields of the structures - Use ETHER_ADDR_LEN instead of a hard-coded '6' - kmem_alloc(KM_SLEEP) can't fail - Simplify ether_aton_r - Use mutex_obj_free, not to leak memory To generate a diff of this commit: cvs rdiff -u -r1.242.6.4 -r1.242.6.5 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Mar 8 14:37:58 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #618): sys/net/if_ethersubr.c: revision 1.245 sys/net/if_ethersubr.c: revision 1.247 Use macro(ETHER_LOCK() and ETHER_UNLOCK()). No functional change. - Modify ether_ioctl() for readability. No functional change. - KNF To generate a diff of this commit: cvs rdiff -u -r1.242.6.3 -r1.242.6.4 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Mar 8 13:22:26 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_gif.c if_pppoe.c if_spppsubr.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #613): sys/net/if_pppoe.c: revision 1.130,1.134 sys/net/if_spppsubr.c: revision 1.172,1.175,1.179 sys/net/if_gif.c: revision 1.138,1.139 Mark callouts of pppoe(4) CALLOUT_MPSAFE. Suggested by ozaki-r@n.o. fix non-diagnostic compilation Fix spl leak. ifconfig gif0 create ifconfig gif0 destroy WARNING: SPL NOT LOWERED ON ... Fix breaking character limit. Pointed out by ozaki-r@n.o, thanks. Use m_freem instead of m_free. Otherwise we're leaking the next mbufs in the chain. To generate a diff of this commit: cvs rdiff -u -r1.126.2.8 -r1.126.2.9 src/sys/net/if_gif.c cvs rdiff -u -r1.125.6.5 -r1.125.6.6 src/sys/net/if_pppoe.c cvs rdiff -u -r1.169.6.4 -r1.169.6.5 src/sys/net/if_spppsubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Feb 28 18:54:43 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if.c rtsock.c Log Message: Pull up following revision(s) (requested by mrg in ticket #595): sys/net/if.c: revision 1.398 sys/net/rtsock.c: revision 1.231 remove useless cast, initialize family. Avoid using a zero family mask. To generate a diff of this commit: cvs rdiff -u -r1.394.2.8 -r1.394.2.9 src/sys/net/if.c cvs rdiff -u -r1.213.2.6 -r1.213.2.7 src/sys/net/rtsock.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Feb 5 14:18:00 UTC 2018 Modified Files: src/sys/net [netbsd-8]: bpf.c bpfdesc.h Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #526): sys/net/bpfdesc.h: revision 1.45 sys/net/bpf.c: revision 1.223 Abandon unnecessary softint The softint was introduced to defer fownsignal that was called in bpf_wakeup to softint at v1.139, but now bpf_wakeup always runs in softint so we don't need the softint anymore. To generate a diff of this commit: cvs rdiff -u -r1.216.6.4 -r1.216.6.5 src/sys/net/bpf.c cvs rdiff -u -r1.44 -r1.44.6.1 src/sys/net/bpfdesc.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: snj Date: Sat Jan 13 22:10:55 UTC 2018 Modified Files: src/sys/net [netbsd-8]: route.c route.h Log Message: Pull up following revision(s) (requested by christos in ticket #496): sys/net/route.c: revision 1.202-1.203 sys/net/route.h: revision 1.117 Use a queue of deferred entries to delete routes instead of a fixed stack of 10. Otherwise we can overflow in route deletions from the rexmit timer. -- Don't stomp past the end of the array! need __arraycount not sizeof() Found by chuq, while debugging the sdf.org crashes Restructure a bit for readability. To generate a diff of this commit: cvs rdiff -u -r1.194.6.3 -r1.194.6.4 src/sys/net/route.c cvs rdiff -u -r1.112.4.2 -r1.112.4.3 src/sys/net/route.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: snj Date: Sat Jan 13 05:43:44 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #487): sys/net/if.c: revision 1.417 Suppress the assertion of IFNET_LOCK in if_mcast_op if MROUTING MROUTING doesn't deal with IFNET_LOCK yet. Reported by kardel@ To generate a diff of this commit: cvs rdiff -u -r1.394.2.5 -r1.394.2.6 src/sys/net/if.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: snj Date: Sat Jan 13 05:41:39 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #486): sys/net/if.c: revision 1.418 Check MP-safety in ifa_insert and ifa_remove only for IFEF_MPSAFE drivers Eventually the assertions should pass for all drivers, however, at this point it's too eager. Fix PR kern/52895 To generate a diff of this commit: cvs rdiff -u -r1.394.2.4 -r1.394.2.5 src/sys/net/if.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: snj Date: Tue Jan 9 19:23:04 UTC 2018 Modified Files: src/sys/net [netbsd-8]: if_ethersubr.c Log Message: Pull up following revision(s) (requested by maxv in ticket #480): sys/net/if_ethersubr.c: revision 1.249 Make sure we have an llc structure in the packet, and don't read past the end of the mbuf if we don't. I'm wondering whether we should not pull up instead, but whatever. To generate a diff of this commit: cvs rdiff -u -r1.242.6.2 -r1.242.6.3 src/sys/net/if_ethersubr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: snj Date: Tue Jan 2 10:30:10 UTC 2018 Modified Files: src/sys/net [netbsd-8]: rtsock.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #457): sys/net/rtsock.c: revision 1.233-1.234, 1.236 Protect ifp returned from route_output_get_ifa surely An ifp returned from route_output_get_ifa was supposed to be protected by a returned ifa; if the ifa belongs to ifp, holding the ifa prevents the ifp from being freed. However route_output_get_ifa can return an ifp to which a returned ifa doesn't belong. So we need to take a reference to a returning ifp separately. -- Fix a bug that tries to psref_acquire ifa with a psref used before This fixes ATF tests that started to fail by a recent change to psref. -- Fix compile error (may be used uninitialized) Hmm, __noinline had hidden this error. To generate a diff of this commit: cvs rdiff -u -r1.213.2.4 -r1.213.2.5 src/sys/net/rtsock.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: snj Date: Thu Dec 21 21:51:37 UTC 2017 Modified Files: src/sys/net [netbsd-8]: bpf.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #454): sys/net/bpf.c: revision 1.222 Make softint and callout MP-safe To generate a diff of this commit: cvs rdiff -u -r1.216.6.2 -r1.216.6.3 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: snj Date: Thu Dec 21 21:38:23 UTC 2017 Modified Files: src/sys/net [netbsd-8]: bpf.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #446): sys/net/bpf.c: revision 1.221 Fix panic in callout_halt (fix typo) Reported by wiz@ To generate a diff of this commit: cvs rdiff -u -r1.216.6.1 -r1.216.6.2 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: msaitoh Date: Fri Dec 8 06:12:35 UTC 2017 Modified Files: src/sys/net [netbsd-8]: if_pppoe.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #431): sys/net/if_pppoe.c: revision 1.133 Remove wrong assertions rw_lock_held() returns true when any context holds the lock. However, in if_pppoe.c, the function was used wrongly as it returns true only if the lock is held in the same context. >From s-yamaguchi@IIJ To generate a diff of this commit: cvs rdiff -u -r1.125.6.2 -r1.125.6.3 src/sys/net/if_pppoe.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Nov 27 14:11:17 UTC 2017 Modified Files: src/sys/net [netbsd-8]: if_vlan.c Log Message: Pull up following revision(s) (requested by jmcneill in ticket #398): sys/net/if_vlan.c: revision 1.113 kern/52765: npf cannot do port forwarding on vlan interfaces Add pfil hooks support to vlan(4), from christos@ To generate a diff of this commit: cvs rdiff -u -r1.97.2.8 -r1.97.2.9 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Thu Nov 23 13:34:24 UTC 2017 Modified Files: src/sys/net [netbsd-8]: if_bridge.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #386): sys/net/if_bridge.c: revision 1.141 Add missing IFEF_NO_LINK_STATE_CHANGE to bridge To generate a diff of this commit: cvs rdiff -u -r1.134.6.2 -r1.134.6.3 src/sys/net/if_bridge.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: snj Date: Thu Nov 23 02:13:31 UTC 2017 Modified Files: src/sys/net [netbsd-8]: if_bridge.c if_loop.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #382): sys/net/if_bridge.c: revision 1.139 sys/net/if_loop.c: revision 1.97 Don't take KERNEL_LOCK in looutput if NET_MPSAFE We can perhaps get rid of KERNEL_LOCK from looutput, but for now keep it for safe. -- Mark callouts of bridge CALLOUT_MPSAFE To generate a diff of this commit: cvs rdiff -u -r1.134.6.1 -r1.134.6.2 src/sys/net/if_bridge.c cvs rdiff -u -r1.94.6.1 -r1.94.6.2 src/sys/net/if_loop.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Nov 22 14:36:55 UTC 2017 Modified Files: src/sys/net [netbsd-8]: if_media.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #370): sys/net/if_media.c: revision 1.33 sys/net/if_media.c: revision 1.34 No functional change: - Simplify ifmedia_removeall using with ifmedia_delete_instance(IFM_INST_ANY). - KNF. Clear ifm_cur and ifm_media after removing all ifmedia entries(IFM_INST_ANY) in ifmedia_delete_instance() like if_media.c rev. 1.32. Now if_media_delete_instance(IFM_INST_ANY) is the same as ifmedia_removeall(). To generate a diff of this commit: cvs rdiff -u -r1.32 -r1.32.6.1 src/sys/net/if_media.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Wed Nov 22 14:30:24 UTC 2017 Modified Files: src/sys/net [netbsd-8]: if_vlan.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #368): sys/net/if_vlan.c: revision 1.101 sys/net/if_vlan.c: revision 1.102 Check if VLAN ID isn't duplicated on a same parent interface and return EEXIST if it failed. Remove accidentally added code (for VLAN hardware filter). To generate a diff of this commit: cvs rdiff -u -r1.97.2.6 -r1.97.2.7 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Tue Nov 21 15:06:28 UTC 2017 Modified Files: src/sys/net [netbsd-8]: if_media.h Log Message: Pull up following revision(s) (requested by msaitoh in ticket #366): sys/net/if_media.h: revision 1.60 sys/net/if_media.h: revision 1.61 All Ethernet media more than 1000Mbps don't support half duplex. For the convinience, ifconfig without "mediaopt fullduplex" sets IFM_FDX automatically for those medias. Without this change, "ifconfig xxN mediaopt 10Gbase-T" (without "mediaopt fullduplex") returns EINVAL if a driver doesn't call ifmedia_add() without IFM_FDX because ifmedia_match() returns NULL. Add 2.5GBASE-T and 5GBASE-T. To generate a diff of this commit: cvs rdiff -u -r1.57.8.1 -r1.57.8.2 src/sys/net/if_media.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: snj Date: Wed Nov 8 22:20:59 UTC 2017 Modified Files: src/sys/net [netbsd-8]: if_l2tp.c if_tap.c if_tun.c if_vlan.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #349): sys/net/if_l2tp.c: revision 1.14 sys/net/if_tap.c: revision 1.101 sys/net/if_tun.c: revision 1.141 sys/net/if_vlan.c: revision 1.106 Set IFEF_NO_LINK_STATE_CHANGE flag to pseudo devices that don't use if_link_state_change To generate a diff of this commit: cvs rdiff -u -r1.11.2.1 -r1.11.2.2 src/sys/net/if_l2tp.c cvs rdiff -u -r1.99 -r1.99.6.1 src/sys/net/if_tap.c cvs rdiff -u -r1.139 -r1.139.2.1 src/sys/net/if_tun.c cvs rdiff -u -r1.97.2.5 -r1.97.2.6 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: snj Date: Mon Nov 6 09:59:01 UTC 2017 Modified Files: src/sys/net [netbsd-8]: if_l2tp.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #341): sys/net/if_l2tp.c: revision 1.12 fix l2tp panic when l2tp session id is changed (same as if_vlan.c:r1.104) E.g. the following operation causes this panic. # ifconfig l2tp0 create # ifconfig l2tp0 session 140 140 # ifconfig l2tp1 create # ifconfig l2tp1 session 200 200 # ifconfig l2tp1 session 300 300 panic: kernel diagnostic assertion "new->ple_next == NULL" failed: file "/disk4/home/k-nakahara/repos/netbsd-src/sys/sys/pslist.h", line 118 Pointed out by s-yamaguchi@IIJ, thanks. To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.11.2.1 src/sys/net/if_l2tp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: snj Date: Mon Nov 6 09:57:39 UTC 2017 Modified Files: src/sys/net [netbsd-8]: if_vlan.c Log Message: Pull up following revision(s) (requested by knahakara in ticket #340): sys/net/if_vlan.c: revision 1.104 fix vlan panic when vlan is re-configured without destroy. E.g. the following operation causes this panic. # ifconfig vlan0 create # ifconfig vlan0 vlan 1 vlanif ixg3 # ifconfig vlan1 create # ifconfig vlan1 vlan 1 vlanif ixg2 # ifconfig vlan1 -vlanif # ifconfig vlan1 vlan 1 vlanif ixg2 panic: kernel diagnostic assertion "new->ple_next == NULL" failed: file "/git/netbsd-src/sys/sys/pslist.h", line 118 Pointed out and tested by msaitoh@n.o, fixed by s-yamaguchi@IIJ, thanks. To generate a diff of this commit: cvs rdiff -u -r1.97.2.4 -r1.97.2.5 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: snj Date: Thu Nov 2 20:28:24 UTC 2017 Modified Files: src/sys/net [netbsd-8]: if_pppoe.c if_pppoe.h if_spppsubr.c if_spppvar.h Log Message: Pull up following revision(s) (requested by knakahara in ticket #332): sys/net/if_pppoe.c: 1.127-1.128 sys/net/if_pppoe.h: 1.15 sys/net/if_spppsubr.c: 1.170-1.171 sys/net/if_spppvar.h: 1.21-1.22 Integrate two locks used to protect PPPoE softc. Contributed by s-yamaguchi@IIJ. PPPOE_SESSION_LOCK protects variables used in PPP packet processing, on the other hand PPPOE_PARAM_LOCK protects the other variables used to establish a PPPoE session id. Those locks isn't acquired in the same time because the PPP packet processing doesn't work without PPPoE session id. By the reason, the locks can be integrated into PPPOE_LOCK. Add locking notes later. -- sppp_lock is changed from mutex to rwlock now. Contributed by s-yamaguchi@IIJ. Add locking notes later. -- Add a locking notes for if_pppoe -- Add a locking notes for if_spppsubr -- fix no INET6 build. To generate a diff of this commit: cvs rdiff -u -r1.125.6.1 -r1.125.6.2 src/sys/net/if_pppoe.c cvs rdiff -u -r1.14 -r1.14.2.1 src/sys/net/if_pppoe.h cvs rdiff -u -r1.169 -r1.169.6.1 src/sys/net/if_spppsubr.c cvs rdiff -u -r1.20 -r1.20.8.1 src/sys/net/if_spppvar.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: snj Date: Wed Oct 25 07:14:10 UTC 2017 Modified Files: src/sys/net [netbsd-8]: bpf.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #329): sys/net/bpf.c: revision 1.217 Turn on D_MPSAFE flag of bpf_cdevsw that is already MP-safe Pointed out by k-goda@IIJ To generate a diff of this commit: cvs rdiff -u -r1.216 -r1.216.6.1 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: snj Date: Wed Oct 25 07:12:33 UTC 2017 Modified Files: src/sys/net [netbsd-8]: if_vlan.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #328): sys/net/if_vlan.c: revision 1.103 Set IFEF_START_MPSAFE by default Because vlan_start is already MP-safe, there is no reason to not do so. Acked by s-yamaguchi@IIJ To generate a diff of this commit: cvs rdiff -u -r1.97.2.3 -r1.97.2.4 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: snj Date: Tue Oct 24 08:50:44 UTC 2017 Modified Files: src/sys/net [netbsd-8]: if_loop.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #304): sys/net/if_loop.c: revision 1.95 loop_clone_create() must be called after ncpu is counted up for all CPUs. loop_clone_create() uses ncpu in the following call-path. - loop_clone_create() - if_attach() - if_percpuq_create() - softint_establish() // use ncpu - percpu_foreach() // use ncpu However, loopinit() of built-in module is called from module_init_class(MODULE_CLASS_DRIVER) which is called before ncpu is counted up in some architectures. So, It is too fast. On the other hand, it is too late for rump netinet component to call loop_clone_create() in config_finalize(). As the result, loop_clone_create() shuld be called in loopattach() for built-in module, and in loopinit() for dynamic module. To generate a diff of this commit: cvs rdiff -u -r1.94 -r1.94.6.1 src/sys/net/if_loop.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Mon Oct 2 13:33:41 UTC 2017 Modified Files: src/sys/net [netbsd-8]: if_bridge.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #297): sys/net/if_bridge.c: revision 1.135 Add curlwp_bind to bridge_input for psref It can be called in a thread context via tap (tap_dev_write). Fix PR kern/52587 To generate a diff of this commit: cvs rdiff -u -r1.134 -r1.134.6.1 src/sys/net/if_bridge.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: snj Date: Mon Aug 14 23:39:24 UTC 2017 Modified Files: src/sys/net [netbsd-8]: if_vlan.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #205): sys/net/if_vlan.c: revision 1.99 Fix vlan(4) obytes counter. Implemented by s-yamaguchi@IIJ, thanks. To generate a diff of this commit: cvs rdiff -u -r1.97.2.1 -r1.97.2.2 src/sys/net/if_vlan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: snj Date: Wed Aug 9 05:51:50 UTC 2017 Modified Files: src/sys/net [netbsd-8]: if_gif.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #201): sys/net/if_gif.c: revision 1.128 fix leak when encap_attach() fails twice. To generate a diff of this commit: cvs rdiff -u -r1.126.2.1 -r1.126.2.2 src/sys/net/if_gif.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net/npf
Module Name:src Committed By: snj Date: Tue Jul 25 02:17:16 UTC 2017 Modified Files: src/sys/net/npf [netbsd-8]: npf_os.c Log Message: Pull up following revision(s) (requested by pgoyette in ticket #155): sys/net/npf/npf_os.c: revision 1.7 The npf module depends on some stuff from the bpf module, so set the required modules list accordingly. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.6.8.1 src/sys/net/npf/npf_os.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: snj Date: Tue Jul 25 02:07:12 UTC 2017 Modified Files: src/sys/net [netbsd-8]: if_pppoe.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #149): sys/net/if_pppoe.c: revision 1.126 fix panic when PPPOE_DEBUG enabled. implemented by s-yamaguchi@IIJ, thanks. To generate a diff of this commit: cvs rdiff -u -r1.125 -r1.125.6.1 src/sys/net/if_pppoe.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: martin Date: Tue Jul 4 16:13:58 UTC 2017 Modified Files: src/sys/net [netbsd-8]: if_media.h Log Message: Pull up following revision(s) (requested by msaitoh in ticket #82): sys/net/if_media.h: revision 1.58 sys/net/if_media.h: revision 1.59 No functional change: - Relocate definitions in the following order to be easy to understand. 0) IFM_*MASK 1) macros to extract various bits of information from the media word. 2) Media type. 3) Shared media sub-type. 4) Status bits. 5) Shared (global) options 6) Media dependent definitions. 7) kernel function declarations. 7) userland function declarations. - Add comments. This change makes me realize that: 0) RFU bit have never used. 1) bit 1..0 are shared between Shared media sub-type and Status bits. It's little dangerous. 2) No. 5 of Media type is not used (hole). 3) Only IEEE80211 uses IFM_MMASK(IFM_MODE()) bits. 4) IFM_TOKEN's OMASK bits doesn't start from 0x0100 but starts from 0x0200. Is this for BSD/OS compatibility? - Add some missing baudrate entries - Add 1000BASE-KX and 2500BASE-KX To generate a diff of this commit: cvs rdiff -u -r1.57 -r1.57.8.1 src/sys/net/if_media.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: snj Date: Fri Jun 30 06:17:51 UTC 2017 Modified Files: src/sys/net [netbsd-8]: if_gif.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #58): sys/net/if_gif.c: revision 1.127 I have forgotten to commit this gif(4) MP-ify patch for a long time, sorry. To generate a diff of this commit: cvs rdiff -u -r1.126 -r1.126.2.1 src/sys/net/if_gif.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: snj Date: Sun Jun 25 06:31:58 UTC 2017 Modified Files: src/sys/net [netbsd-8]: route.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #57): sys/net/route.c: revision 1.195 Fix locking in rtalloc1 (affected only if NET_MPSAFE) To generate a diff of this commit: cvs rdiff -u -r1.194 -r1.194.6.1 src/sys/net/route.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/net
Module Name:src Committed By: snj Date: Wed Jun 21 17:39:24 UTC 2017 Modified Files: src/sys/net [netbsd-8]: if_vlan.c if_vlanvar.h Log Message: Pull up following revision(s) (requested by knakahara in ticket #41): sys/net/if_vlan.c: revision 1.98 sys/net/if_vlanvar.h: revision 1.10 vlan(4) MP-ify. contributed by s-yamaguchi@IIJ, thanks. To generate a diff of this commit: cvs rdiff -u -r1.97 -r1.97.2.1 src/sys/net/if_vlan.c cvs rdiff -u -r1.9 -r1.9.80.1 src/sys/net/if_vlanvar.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.