ipfw: migrate ipfw to 32-bit size rule numbers

This changes ABI due to the changed opcodes and includes the
following:
* rule numbers and named object indexes converted to 32-bits
* all hardcoded

ipfw: migrate ipfw to 32-bit size rule numbers

This changes ABI due to the changed opcodes and includes the
following:
* rule numbers and named object indexes converted to 32-bits
* all hardcoded maximum rule number was replaced with
IPFW_DEFAULT_RULE macro
* now it is possible to grow maximum numbers or rules in
build time
* several opcodes converted to ipfw_insn_u32 to keep rulenum:
O_CALL, O_SKIPTO
* call stack modified to keep u32 rulenum. The behaviour of
O_CALL opcode was changed to avoid possible packets looping.
Now when call stack is overflowed or mbuf tag allocation
failed, a packet will be dropped instead of skipping to next
rule.
* 'return' action now have two modes to specify return point:
'next-rulenum' and 'next-rule'
* new lookup key added for O_IP_DST_LOOKUP opcode 'lookup rulenum'
* several opcodes converted to keep u32 named object indexes
in special structure ipfw_insn_kidx
* tables related opcodes modified to use two structures:
ipfw_insn_kidx and ipfw_insn_table
* added ability for table value matching for specific value type
in 'table(name,valtype=value)' opcode
* dynamic states and eaction code converted to use u32 rulenum
and named objects indexes
* added insntod() and insntoc() macros to cast to specific
ipfw instruction type
* default sockopt version was changed to IP_FW3_OPVER=1
* FreeBSD 7-11 rule format support was removed
* added ability to generate special rtsock messages via log opcode
* added IP_FW_SKIPTO_CACHE sockopt to enable/disable skipto cache.
It helps to reduce overhead when many rules are modified in batch.
* added ability to keep NAT64LSN states during sets swapping

Obtained from: Yandex LLC
Relnotes: yes
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D46183

show more ...

route: avoid overlapping strcpy

Passing overlapping buffers to strcpy yields an undefined result, so
let's avoid it. The copy doesn't really need to happen anyways, we can
just point to the domain p

route: avoid overlapping strcpy

Passing overlapping buffers to strcpy yields an undefined result, so
let's avoid it. The copy doesn't really need to happen anyways, we can
just point to the domain part of the hostname.

This was discovered with _FORTIFY_SOURCE.

Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Reviewed by: allanjude, emaste, imp, melifaro (all previous version)
Differential Revision: https://reviews.freebsd.org/D32615

show more ...

route: error on IPv4 network routes with incorrect destination

Route destinations like 10/8 are most likely intended as a shorthand
for 10.0.0.0/8, but instead it means 0.0.0.10/8, which includes
on

route: error on IPv4 network routes with incorrect destination

Route destinations like 10/8 are most likely intended as a shorthand
for 10.0.0.0/8, but instead it means 0.0.0.10/8, which includes
only bits in the host part of the mask, and hence adds a route to
0.0.0.0/8. In 12.x, there was code to "do what I mean", which was
removed as part of a cleanup of old network class remnants. Given
that we have gone this long without that code, do not restore that
behavior. Instead, detect the issue and produce an error.
Specifically, if there are no dots in a numeric IPv4 address, the
mask is specified with CIDR notation (using a slash), and there are
bits set in the host part, produce an error like this for 10/8:

route: malformed address, bits set after mask; 10 means 0.0.0.10

PR: 258874
MFC after: 1 week
Reviewed by: melifaro, emaste
Differential Revision: https://reviews.freebsd.org/D43384

show more ...

Remove copyright strings ifdef'd out

We've ifdef'd out the copyright strings for some time now. Go ahead and
remove the ifdefs. Plus whatever other detritis was left over from other
recent removals.

Remove copyright strings ifdef'd out

We've ifdef'd out the copyright strings for some time now. Go ahead and
remove the ifdefs. Plus whatever other detritis was left over from other
recent removals. These copyright strings are present in the comments and
are largely from CSRG's attempt at adding their copyright to every
binary file (which modern interpretations of the license doesn't
require).

Sponsored by: Netflix

show more ...

sbin: Remove ancient SCCS tags.

Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl

sbin: Remove ancient SCCS tags.

Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl script.

Sponsored by: Netflix

show more ...

Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

route(8): teach route to attach to jails

Add -j <jail> flag to route(8) to allow route to perform actions in
a Jail.

Differential Revision: https://reviews.freebsd.org/D40377
MFC after: 2 weeks

route: fix route get netlink translation.

route.c uses newroute() to handle the "route get" command. The logic
inside newroute() adds RTF_GATEWAY flag if "-interface" flag is not
specified. That r

route: fix route get netlink translation.

route.c uses newroute() to handle the "route get" command. The logic
inside newroute() adds RTF_GATEWAY flag if "-interface" flag is not
specified. That results in the inconsistent RTM_GET message with
RTF_GATEWAY set but no RTAX_GATEWAY provided. Address this in the
translation code by checking if the gateway is actually provided.

show more ...

route(8): convert to netlink

This change converts all kernel rtsock interactions in route(8)
to Netlink.

Based on the WITHOUT_NETLINK_SUPPORT src.conf(5) variable, route(8)
now fully operates eit

route(8): convert to netlink

This change converts all kernel rtsock interactions in route(8)
to Netlink.

Based on the WITHOUT_NETLINK_SUPPORT src.conf(5) variable, route(8)
now fully operates either via Netlink or via rtsock/sysctl.
The default (compile-time) is Netlink.

The output for route delete/add/get/flush is targeted to be exactly
the same (apart from some error handling cases).
The output for the route monitor has been changed to improve
readability and support netlink models.

Other behaviour changes:
* exact prefix lookup (route -n get a.b.c.d/e) is not yet supported.
* route monitor does not show the change originator yet.

Differential Revision: https://reviews.freebsd.org/D39007

show more ...

route: remove write-only struct hostent from getaddr()

Under some INET/INET6 src.conf configurations sbin/route previously
failed to build due to an unused variable warning. It was functionally
wri

route: remove write-only struct hostent from getaddr()

Under some INET/INET6 src.conf configurations sbin/route previously
failed to build due to an unused variable warning. It was functionally
write-only anyway, so just remove it.

Reported by: melifaro
Reviewed by: melifaro
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33717

show more ...

route: use NULL for null ptr in getaddr call, not 0

Style(9) prefers NULL.

Sponsored by: The FreeBSD Foundation

socket: Implement SO_RERROR

SO_RERROR indicates that receive buffer overflows should be handled as
errors. Historically receive buffer overflows have been ignored and
programs could not tell if they

socket: Implement SO_RERROR

SO_RERROR indicates that receive buffer overflows should be handled as
errors. Historically receive buffer overflows have been ignored and
programs could not tell if they missed messages or messages had been
truncated because of overflows. Since programs historically do not
expect to get receive overflow errors, this behavior is not the
default.

This is really really important for programs that use route(4) to keep
in sync with the system. If we loose a message then we need to reload
the full system state, otherwise the behaviour from that point is
undefined and can lead to chasing bogus bug reports.

Reviewed by: philip (network), kbowling (transport), gbe (manpages)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D26652

show more ...

Revert "SO_RERROR indicates that receive buffer overflows should be handled as errors."
Wrong version of the change was pushed inadvertenly.

This reverts commit 4a01b854ca5c2e5124958363b3326708b913a

Revert "SO_RERROR indicates that receive buffer overflows should be handled as errors."
Wrong version of the change was pushed inadvertenly.

This reverts commit 4a01b854ca5c2e5124958363b3326708b913af71.

show more ...

SO_RERROR indicates that receive buffer overflows should be handled as errors.
Historically receive buffer overflows have been ignored and programs
could not tell if they missed messages or messages

SO_RERROR indicates that receive buffer overflows should be handled as errors.
Historically receive buffer overflows have been ignored and programs
could not tell if they missed messages or messages had been truncated
because of overflows. Since programs historically do not expect to get
receive overflow errors, this behavior is not the default.

This is really really important for programs that use route(4) to keep in sync
with the system. If we loose a message then we need to reload the full system
state, otherwise the behaviour from that point is undefined and can lead
to chasing bogus bug reports.

show more ...

Remove remnants of classful behavior in route(8).

Curently route(8) treats some addresses as network addresses:

RTA_DST: inet 10.0.0.0; RTA_NETMASK: inet 255.0.0.0; RTA_IFP: link ;
RTM_GET: Repor

Remove remnants of classful behavior in route(8).

Curently route(8) treats some addresses as network addresses:

RTA_DST: inet 10.0.0.0; RTA_NETMASK: inet 255.0.0.0; RTA_IFP: link ;
RTM_GET: Report Metrics: len 240, pid: 0, seq 1, errno 0, flags:<UP,GATEWAY,STATIC>
locks: inits:
sockaddrs: <DST,NETMASK,IFP>
10.0.0.0 255.0.0.0 link#0

Note added `RTA_NETMASK` in the request.

Host address from the same network is ok:

route -nv get 10.0.0.1
RTA_DST: inet 10.0.0.1
RTA_IFP: link
RTM_GET: Report Metrics: len 224, pid: 0, seq 1, errno 0, flags:<UP,GATEWAY,HOST,STATIC>
...
route to: 10.0.0.1
destination: 10.0.0.0
mask: 255.255.255.0

This change eliminates network auto-guessing part AND reading network from /etc/networks.

Reviewed By: rgrimes

Differential Revision: https://reviews.freebsd.org/D24401

show more ...

Merge ^/head r339670 through r339812.

route(8): correctly return exit status when "-q" flag is used.

Previously, route returned 1 in case of error properly signalling failure
but "route -q" it returned 0 for same case. Fix it.

PR: 18

route(8): correctly return exit status when "-q" flag is used.

Previously, route returned 1 in case of error properly signalling failure
but "route -q" it returned 0 for same case. Fix it.

PR: 186333
MFC after: 1 month

show more ...

Fix memory leaks in route(8).

Submitted by: Tom Rix (trix_juniper.net)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D9676

route(8): make it possible to manually delete pinned route

Reported by: Andreas Longwitz <longwitz@incore.de>
Approved by: avg (mentor)
MFC after: 1 week

Merge ^/head r325999 through r326131.

General further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier f

General further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.

show more ...

Merge ^/head r316992 through r317215.

Fix userland tools that don't check the format of routing socket
messages before accessing message fields that may not be present,
removing dead/duplicate/misleading code along the way.

Document the

Fix userland tools that don't check the format of routing socket
messages before accessing message fields that may not be present,
removing dead/duplicate/misleading code along the way.

Document the message format for each routing socket message in
route.h.

Fix a bug in usr.bin/netstat introduced in r287351 that resulted in
pointer computation with essentially random 16-bit offsets and
dereferencing of the results.

Reviewed by: ae
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D10330

show more ...

Delete trailing whitespace (no functional change)

MFC after: 3 days
Sponsored by: Dell EMC Isilon

Merge ^/head r314420 through r314481.