Use inpcb table mutex to set addresses.

Protect all remaining write access to inp_faddr and inp_laddr with
inpcb table mutex. Document inpcb locking for foreign and local
address and port and routi

Use inpcb table mutex to set addresses.

Protect all remaining write access to inp_faddr and inp_laddr with
inpcb table mutex. Document inpcb locking for foreign and local
address and port and routing table id. Reading will be made MP
safe by adding per socket rw-locks in a next step.

OK sashan@ mvs@

show more ...

Do not reload `inp' in gre_send(). The pointer to PCB of raw socket is
immutable, we don't need to reload it again.

ok bluhm@

Change pru_abort() return type to the type of void and make pru_abort()
optional.

We have no interest on pru_abort() return value. We call it only from
soabort() which is dummy pru_abort() wrapper a

Change pru_abort() return type to the type of void and make pru_abort()
optional.

We have no interest on pru_abort() return value. We call it only from
soabort() which is dummy pru_abort() wrapper and has no return value.

Only the connection oriented sockets need to implement (*pru_abort)()
handler. Such sockets are tcp(4) and unix(4) sockets, so remove existing
code for all others, it doesn't called.

ok guenther@

show more ...

Move PRU_PEERADDR request to (*pru_peeraddr)().

Introduce in{,6}_peeraddr() and use them for inet and inet6 sockets,
except tcp(4) case.

Also remove *_usrreq() handlers.

ok bluhm@

Move PRU_SOCKADDR request to (*pru_sockaddr)()

Introduce in{,6}_sockaddr() functions, and use them for all except tcp(4)
inet sockets. For tcp(4) sockets use tcp_sockaddr() to keep debug ability.

T

Move PRU_SOCKADDR request to (*pru_sockaddr)()

Introduce in{,6}_sockaddr() functions, and use them for all except tcp(4)
inet sockets. For tcp(4) sockets use tcp_sockaddr() to keep debug ability.

The key management and route domain sockets returns EINVAL error for
PRU_SOCKADDR request, so keep this behaviour for a while instead of make
pru_sockaddr handler optional and return EOPNOTSUPP.

ok bluhm@

show more ...

Move PRU_CONTROL request to (*pru_control)().

The 'proc *' arg is not used for PRU_CONTROL request, so remove it from
pru_control() wrapper.

Split out {tcp,udp}6_usrreqs from {tcp,udp}_usrreqs and

Move PRU_CONTROL request to (*pru_control)().

The 'proc *' arg is not used for PRU_CONTROL request, so remove it from
pru_control() wrapper.

Split out {tcp,udp}6_usrreqs from {tcp,udp}_usrreqs and use them for
inet6 case.

ok guenther@ bluhm@

show more ...

Move PRU_ABORT request to (*pru_abort)().

We abort only the sockets which are linked to `so_q' or `so_q0' queues of
listening socket. Such sockets have no corresponding file descriptor and
are not a

Move PRU_ABORT request to (*pru_abort)().

We abort only the sockets which are linked to `so_q' or `so_q0' queues of
listening socket. Such sockets have no corresponding file descriptor and
are not accessed from userland, so PRU_ABORT used to destroy them on
listening socket destruction.

Currently all our sockets support PRU_ABORT request, but actually it
required only for tcp(4) and unix(4) sockets, so i should be optional.
However, they will be removed with separate diff, and this time PRU_ABORT
requests were converted as is.

Also, the socket should be destroyed on PRU_ABORT request, but route and
key management sockets leave it alive. This was also converted as is,
because this wrong code never called.

ok bluhm@

show more ...

Move PRU_SEND request to (*pru_send)().

The former PRU_SEND error path of gre_usrreq() had `control' mbuf(9)
leak. It was fixed in new gre_send().

The former pfkeyv2_send() was renamed to pfkeyv2_d

Move PRU_SEND request to (*pru_send)().

The former PRU_SEND error path of gre_usrreq() had `control' mbuf(9)
leak. It was fixed in new gre_send().

The former pfkeyv2_send() was renamed to pfkeyv2_dosend().

ok bluhm@

show more ...

Move PRU_SHUTDOWN request to (*pru_shutdown)().

ok bluhm@

Move PRU_DISCONNECT request to (*pru_disconnect).

ok bluhm@

Move PRU_CONNECT request to (*pru_connect)() handler.

ok bluhm@

Move PRU_BIND request to (*pru_bind)() handler.

For the protocols which don't support request, leave handler NULL. Do the
NULL check within corresponding pru_() wrapper and return EOPNOTSUPP in
such

Move PRU_BIND request to (*pru_bind)() handler.

For the protocols which don't support request, leave handler NULL. Do the
NULL check within corresponding pru_() wrapper and return EOPNOTSUPP in
such case. This will be done for all upcoming user request handlers.

ok bluhm@ guenther@

show more ...

Introduce 'pr_usrreqs' structure and move existing user-protocol
handlers into it. We want to split existing (*pr_usrreq)() to multiple
short handlers for each PRU_ request as it was already done for

Introduce 'pr_usrreqs' structure and move existing user-protocol
handlers into it. We want to split existing (*pr_usrreq)() to multiple
short handlers for each PRU_ request as it was already done for
PRU_ATTACH and PRU_DETACH. This is the preparation step, (*pr_usrreq)()
split will be done with the following diffs.

Based on reverted diff from guenther@.

ok bluhm@

show more ...

The "ifq_set_maxlen(..., 1);" hack we use to enforce pipex(4) related
(*if_qstart)() be always called with netlock held doesn't work anymore
with PPPOE sessions.

Introduce `pipex_list_mtx' mutex(9)

The "ifq_set_maxlen(..., 1);" hack we use to enforce pipex(4) related
(*if_qstart)() be always called with netlock held doesn't work anymore
with PPPOE sessions.

Introduce `pipex_list_mtx' mutex(9) and use it to protect global pipex(4)
lists and radix trees.

Protect pipex(4) `session' dereference with reference counters, because we
could sleep when accessing pipex(4) from ioctl(2) path, and this is not
possible with mutex(9) held.

ok bluhm@

show more ...

Reported-by: syzbot+1b5b209ce506db4d411d@syzkaller.appspotmail.com
Revert the pr_usrreqs move: syzkaller found a NULL pointer deref
and I won't be available to monitor for followup issues for a bit

Move pr_attach and pr_detach to a new structure pr_usrreqs that can
then be shared among protosw structures, following the same basic
direction as NetBSD and FreeBSD for this.

Split PRU_CONTROL out

Move pr_attach and pr_detach to a new structure pr_usrreqs that can
then be shared among protosw structures, following the same basic
direction as NetBSD and FreeBSD for this.

Split PRU_CONTROL out of pr_usrreq into pru_control, giving it the
proper prototype to eliminate the previously necessary casts.

ok mvs@ bluhm@

show more ...

update the gre driver.

the main new feature is gre keys, supported by the vnetid ioctls.
this also adds support for gre over ipv6, the use of hfsc, and
allows tx mitigation in the future.

this diff

update the gre driver.

the main new feature is gre keys, supported by the vnetid ioctls.
this also adds support for gre over ipv6, the use of hfsc, and
allows tx mitigation in the future.

this diff removes keepalive support, but i promised claudio@ and
patrick@ i would put it back after this goes in.

ok claudio@

show more ...

split mobileip(4) out from the gre(4) driver.

having mobileip in gre makes it hard to cut gre up. the current mobileip
code is also broken, so this is def and improvement. it also makes it
easy to d

split mobileip(4) out from the gre(4) driver.

having mobileip in gre makes it hard to cut gre up. the current mobileip
code is also broken, so this is def and improvement. it also makes it
easy to disable and remove mobileip in the future.

ok claudio@ henning@

show more ...

make mpls_input take a struct ifnet *ifp argument.

this makes it like all our other protocol family input functions.

mpls_input always looks up the interface the mbuf was received on,
but it's alwa

make mpls_input take a struct ifnet *ifp argument.

this makes it like all our other protocol family input functions.

mpls_input always looks up the interface the mbuf was received on,
but it's always called by code that already has a reference to that
interface anyway. the result of this is a few less if_get/if_put
calls.

ok mpi@ bluhm@ visa@ claudio@

show more ...

Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare running
pr_input handlers without KERNEL_LOCK().

ok visa@

Reduces the scope of the NET_LOCK() in sysctl(2) path.

Exposes per-CPU counters to real parrallelism.

ok visa@, bluhm@, jca@

Convert hand rolled sockaddr checks to the nam2sin functions.
Especially in tcp_usrreq() connect detect the correct address family
based on the inp_flags instead of the sa_family user input.
OK mpi@

Introduce ipv{4,6}_input(), two wrappers around IP queues.

This will help transitionning to an un-KERNEL_LOCK()ed IP
forwarding path.

Disucssed with bluhm@, ok claudio@

If m is not a continuous mbuf cluster, m_pullup() in pr_input may
change the pointer. Then *mp keeps the invalid pointer and it might
be used. Fix the potential use after free and also reset *mp in

If m is not a continuous mbuf cluster, m_pullup() in pr_input may
change the pointer. Then *mp keeps the invalid pointer and it might
be used. Fix the potential use after free and also reset *mp in
other places to have less dangling pointers to freed mbufs.
OK mpi@ mikeb@

show more ...

Pass down the address family through the pr_input calls. This
allows to simplify code used for both IPv4 and IPv6.
OK mikeb@ deraadt@