#
652f3531 |
| 08-May-2024 |
bluhm <bluhm@openbsd.org> |
Fix route leak in ip input.
In previous commit when refactoring the route cache, a rtfree() has been forgotten. For each forwarded packet the reference counter of the route entry was increased. Th
Fix route leak in ip input.
In previous commit when refactoring the route cache, a rtfree() has been forgotten. For each forwarded packet the reference counter of the route entry was increased. This eventually leads to an integer overflow and triggers kassert.
reported by and OK jan@
show more ...
|
#
00dd3069 |
| 16-Apr-2024 |
bluhm <bluhm@openbsd.org> |
Use route cache function in IP input.
Instaed of passing a struct rtentry from ip_input() to ip_forward() and then embed it into a struct route for ip_output(), start with struct route and pass it a
Use route cache function in IP input.
Instaed of passing a struct rtentry from ip_input() to ip_forward() and then embed it into a struct route for ip_output(), start with struct route and pass it along. Then the route cache is used consistently. Also the route cache hit and missed counters should reflect reality after this commit.
There is a small difference in the code. in_ouraddr() checks for NULL and not rtisvalid(). Previous discussion showed that the route RTF_UP flag should only be considered for multipath routing. Otherwise it does not mean anything. Especially the local and broadcast check in in_ouraddr() should not be affected by interface link status.
When doing cache lookups, route must be valid, but after rtalloc_mpath() lookup, use any route that route_mpath() returns.
OK claudio@
show more ...
|
#
7019ae97 |
| 14-Apr-2024 |
bluhm <bluhm@openbsd.org> |
Run raw IP input in parallel.
Running raw IPv4 input with shared net lock in parallel is less complex than UDP. Especially there is no socket splicing.
New ip_deliver() may run with shared or excl
Run raw IP input in parallel.
Running raw IPv4 input with shared net lock in parallel is less complex than UDP. Especially there is no socket splicing.
New ip_deliver() may run with shared or exclusive net lock. The last parameter indicates the mode. If is is running with shared netlock and encounters a protocol that needs exclusive lock, the packet is queued. Old ip_ours() always queued the packet. Now it calls ip_deliver() with shared net lock, and if that cannot handle the packet completely, the packet is queued and later processed with exclusive net lock.
In case of an IPv6 header chain, that switches from shared to exclusive processing, the next protocol and mbuf offset are stored in a mbuf tag.
OK mvs@
show more ...
|
#
2136a888 |
| 28-Feb-2024 |
bluhm <bluhm@openbsd.org> |
Cleanup IP input, forward, output.
Before changing the routing code, get IPv4 and IPv6 input, forward, and output in a similar shape. Remove inconsistencies.
OK claudio@
|
#
caa7f414 |
| 22-Feb-2024 |
bluhm <bluhm@openbsd.org> |
Make the route cache aware of multipath routing.
Pass source address to route_cache() and store it in struct route. Cached multipath routes are only valid if source address matches. If sysctl multip
Make the route cache aware of multipath routing.
Pass source address to route_cache() and store it in struct route. Cached multipath routes are only valid if source address matches. If sysctl multipath changes, increase route generation number.
OK claudio@
show more ...
|
#
921ffa12 |
| 03-Dec-2023 |
bluhm <bluhm@openbsd.org> |
Rename all in6p local variables to inp.
There exists no struct in6pcb in OpenBSD, this was an old kame idea. Calling the local variable in6p does not make sense, it is actually a struct inpcb. Also
Rename all in6p local variables to inp.
There exists no struct in6pcb in OpenBSD, this was an old kame idea. Calling the local variable in6p does not make sense, it is actually a struct inpcb. Also in6p is not used consistently in inet6 code. Having the same convention for IPv4 and IPv6 is less confusing.
OK sashan@ mvs@
show more ...
|
#
bf0d449c |
| 16-Sep-2023 |
mpi <mpi@openbsd.org> |
Allow counters_read(9) to take an optional scratch buffer.
Using a scratch buffer makes it possible to take a consistent snapshot of per-CPU counters without having to allocate memory.
Makes ddb(4)
Allow counters_read(9) to take an optional scratch buffer.
Using a scratch buffer makes it possible to take a consistent snapshot of per-CPU counters without having to allocate memory.
Makes ddb(4) show uvmexp command work in OOM situations.
ok kn@, mvs@, cheloha@
show more ...
|
#
fe6e30d1 |
| 06-Sep-2023 |
bluhm <bluhm@openbsd.org> |
Use shared net lock for ip_send() and ip6_send().
When called with NULL options, ip_output() and ip6_output() are MP safe. Convert exclusive to shared net lock in send dispatch.
OK mpi@
|
#
cfa8497d |
| 21-Aug-2022 |
bluhm <bluhm@openbsd.org> |
Remove ip_local() and ip6_local(). After moving the IPv4 fragment reassembly and IPv6 hob-by-hob header chain processing out of ip_local() and ip6_local(), they are almost empty stubs. The check fo
Remove ip_local() and ip6_local(). After moving the IPv4 fragment reassembly and IPv6 hob-by-hob header chain processing out of ip_local() and ip6_local(), they are almost empty stubs. The check for local deliver loop in ip_ours() and ip6_ours() is sufficient. Recover mbuf offset and next protocol directly in ipintr() and ip6intr(). OK mvs@
show more ...
|
#
0b448d84 |
| 15-Aug-2022 |
bluhm <bluhm@openbsd.org> |
Run IPv6 hop-by-hop options processing in parallel. The ip6_hbhchcheck() code is MP safe and moves from ip6_local() to ip6_ours(). If there are any options, store the chain offset and next protocol
Run IPv6 hop-by-hop options processing in parallel. The ip6_hbhchcheck() code is MP safe and moves from ip6_local() to ip6_ours(). If there are any options, store the chain offset and next protocol in a mbuf tag. When dequeuing without tag, it is a regular IPv6 header. As mbuf tags degrade performance, use them only if a hop-by-hop header is present. Such packets are rare and pf drops them by default. OK mvs@
show more ...
|
#
0b5e72a3 |
| 12-Aug-2022 |
bluhm <bluhm@openbsd.org> |
There are some places in ip and ip6 input where operations fail due to out of memory. Use a generic idropped counter for those. OK mvs@
|
#
f42e2e0a |
| 12-Aug-2022 |
bluhm <bluhm@openbsd.org> |
At successful return ip6_check_rh0hdr() keeps *offp unmodified. The IPv6 routing header type 0 check should modify *offp only in case of an error, so that the generated icmp6 packet has the correct p
At successful return ip6_check_rh0hdr() keeps *offp unmodified. The IPv6 routing header type 0 check should modify *offp only in case of an error, so that the generated icmp6 packet has the correct pointer. OK sashan@
show more ...
|
#
6a1c2aef |
| 06-Aug-2022 |
bluhm <bluhm@openbsd.org> |
Clean up the netlock macros. Merge NET_RLOCK_IN_SOFTNET and NET_RLOCK_IN_IOCTL, which have the same implementation. The R and W are hard to see, call the new macro NET_LOCK_SHARED. Rename the oppo
Clean up the netlock macros. Merge NET_RLOCK_IN_SOFTNET and NET_RLOCK_IN_IOCTL, which have the same implementation. The R and W are hard to see, call the new macro NET_LOCK_SHARED. Rename the opposite assertion from NET_ASSERT_WLOCKED to NET_ASSERT_LOCKED_EXCLUSIVE. Update some outdated comments about net locking. OK mpi@ mvs@
show more ...
|
#
f96d279d |
| 24-Jul-2022 |
bluhm <bluhm@openbsd.org> |
Fix assertion for write netlock in rip6_input(). ip6_input() has shared net lock. ip_deliver() needs exclusive net lock. Instead of calling ip_deliver() directly, use ip6_ours() to queue the packe
Fix assertion for write netlock in rip6_input(). ip6_input() has shared net lock. ip_deliver() needs exclusive net lock. Instead of calling ip_deliver() directly, use ip6_ours() to queue the packet. Move the write lock assertion into ip_deliver() to catch such bugs earlier. The assertion was only triggered with IPv6 multicast forwarding or router alert hop by hop option. Found by regress test. OK kn@ mvs@
show more ...
|
#
80467c39 |
| 29-Jun-2022 |
bluhm <bluhm@openbsd.org> |
Pass a pointer to mbuf pointer further down into ip6_process_hopopts() and ip6_unknown_opt(). Instead of having dangling pointer in caller, use m_freemp() to set mbuf to NULL. OK sashan@
|
#
bb8a5d95 |
| 29-Jun-2022 |
bluhm <bluhm@openbsd.org> |
Pass down the pointer to mbuf pointer into ip6_hbhchcheck(). This allows to set the mbuf to NULL and keep it consistent in the caller, instead of having dangling pointer after free. OK sashan@
|
#
5b1db52d |
| 28-Jun-2022 |
bluhm <bluhm@openbsd.org> |
The ip6_hbhchcheck() function never reads the nxtp parameter, it only sets its value. It is more obvious to return the next protocol or IPPROTO_DONE to signal error. All IP protocol functions do th
The ip6_hbhchcheck() function never reads the nxtp parameter, it only sets its value. It is more obvious to return the next protocol or IPPROTO_DONE to signal error. All IP protocol functions do that. OK sashan@ florian@
show more ...
|
#
2028c273 |
| 05-May-2022 |
claudio <claudio@openbsd.org> |
Use static objects for struct rttimer_queue instead of dynamically allocate them.
Currently there are 6 rttimer_queues and not many more will follow. So change rt_timer_queue_create() to rt_timer_qu
Use static objects for struct rttimer_queue instead of dynamically allocate them.
Currently there are 6 rttimer_queues and not many more will follow. So change rt_timer_queue_create() to rt_timer_queue_init() which now takes a struct rttimer_queue * as argument which will be initialized. Since this changes the gloabl vars from pointer to struct adjust other callers as well. OK bluhm@
show more ...
|
#
38f7d33d |
| 04-May-2022 |
claudio <claudio@openbsd.org> |
Move rttimer callback function from the rttimer itself to rttimer_queue. All users use the same callback per queue so that makes sense. Also replace rt_timer_queue_destroy() with rt_timer_queue_flush
Move rttimer callback function from the rttimer itself to rttimer_queue. All users use the same callback per queue so that makes sense. Also replace rt_timer_queue_destroy() with rt_timer_queue_flush(). OK bluhm@
show more ...
|
#
ef8e83db |
| 28-Apr-2022 |
claudio <claudio@openbsd.org> |
In the multicast router code don't allocate a rt timer queue for each rdomain. The rttimer API is rtable/rdomain aware and so there is no need to have so many queues. Also init the two queues (one fo
In the multicast router code don't allocate a rt timer queue for each rdomain. The rttimer API is rtable/rdomain aware and so there is no need to have so many queues. Also init the two queues (one for IPv4 and one for IPv6) early on. This will allow the rttable code to become simpler. OK bluhm@
show more ...
|
#
55159bee |
| 28-Apr-2022 |
bluhm <bluhm@openbsd.org> |
Decouple IP input and forwarding from protocol input. This allows to have parallel IP processing while the upper layers are still not MP safe. Introduce ip_ours() that enqueues the packets and ipin
Decouple IP input and forwarding from protocol input. This allows to have parallel IP processing while the upper layers are still not MP safe. Introduce ip_ours() that enqueues the packets and ipintr() that dequeues and processes them with an exclusive netlock. Note that we still have only one softnet task. Running IP processing on multiple CPU will be the next step. lots of testing Hrvoje Popovski; OK sashan@
show more ...
|
#
aae40be1 |
| 20-Apr-2022 |
bluhm <bluhm@openbsd.org> |
Route timeout was a mixture of int, u_int and long. Use type int for timeout, add sysctl bounds checking between 0 and max int, and use time_t for absolute times.
Some code assumes that the route t
Route timeout was a mixture of int, u_int and long. Use type int for timeout, add sysctl bounds checking between 0 and max int, and use time_t for absolute times.
Some code assumes that the route timeout queue can be NULL and at some places this was checked. Better make sure that all queues always exist. The pool_get for struct rttimer_queue is only called from initialization and from syscall, so PR_WAITOK is possible.
Keep the special hack when ip_mtudisc is set to 0. Destroy the queue and generate an empty one.
If redirect timeout is 0, it should not time out. Check the value in IPv6 to make the behavior like IPv4.
Sysctl net.inet6.icmp6.redirtimeout had no effect as the queue timeout was not modified. Make icmp6_sysctl() look like icmp_sysctl().
OK claudio@
show more ...
|
#
3ca2e802 |
| 22-Feb-2022 |
guenther <guenther@openbsd.org> |
Delete unnecessary #includes of <netinet6/ip6protosw.h>: some never needed it and some no longer need it after moving the externs from there to <sys/protosw.h>
ok jsg@
|
#
df8d9afd |
| 02-Jan-2022 |
jsg <jsg@openbsd.org> |
spelling ok jmc@ reads ok tb@
|
#
98e6f338 |
| 25-Dec-2021 |
bluhm <bluhm@openbsd.org> |
For a long time ip_ours() and ip6_ours() are calling ip_deliver() without kernel lock. Unlock the two callers in ip6_input_if() that have been forgotten. OK mvs@ kn@
|