machine/stdarg.h -> sys/stdarg.h

Switch to using sys/stdarg.h for va_list type and va_* builtins.

Make an attempt to insert the include in a sensible place. Where
style(9) was followed this is eas

machine/stdarg.h -> sys/stdarg.h

Switch to using sys/stdarg.h for va_list type and va_* builtins.

Make an attempt to insert the include in a sensible place. Where
style(9) was followed this is easy, where it was ignored, aim for the
first block of sys/*.h headers and don't get too fussy or try to fix
other style bugs.

Reviewed by: imp
Exp-run by: antoine (PR 286274)
Pull Request: https://github.com/freebsd/freebsd-src/pull/1595

show more ...

libalias: Handle GetNewPort() errors properly

AddLink() fails when memory allocation fails or no free port is
available; both are error conditions. However, functions such as
FindUdpTcpIn() were co

libalias: Handle GetNewPort() errors properly

AddLink() fails when memory allocation fails or no free port is
available; both are error conditions. However, functions such as
FindUdpTcpIn() were converting such failures to PKT_ALIAS_IGNORED, which
effectively means, "pass the packet without translation," which isn't
what we want.

Fix the problem by making sure that AddLink() errors are converted to
PKT_ALIAS_ERROR where appropriate. The diff is a bit large but is
mostly mechanical: functions like TcpAliasOut() are converted to return
a result code, and an additional out-parameter is added to return the
alias_link pointer.

Reported by: Yuxiang Yang <yangyx22@mails.tsinghua.edu.cn>
Tested by: Yuxiang Yang <yangyx22@mails.tsinghua.edu.cn>
MFC after: 2 months
Differential Revision: https://reviews.freebsd.org/D47778

show more ...

libalias: Add support for EIM NAT

Add support for endpoint-independent mapping ("full cone NAT") in
Libalias's UDP NAT.

This conforms to RFC 4787 requirements 1 and 3. All UDP packets sent out from

libalias: Add support for EIM NAT

Add support for endpoint-independent mapping ("full cone NAT") in
Libalias's UDP NAT.

This conforms to RFC 4787 requirements 1 and 3. All UDP packets sent out from a
particular internal address:port leave via the same NAT address:port,
regardless of their destination.

Add some libalias tests and supporting defines.

Reviewed by: igoro, thj
Differential Revision: https://reviews.freebsd.org/D46689D

show more ...

libalias: add another check to previous change

If UseLink() returns NULL, it is possible that Deletelink()
has already freed "grp", so check it out carefully.

PR: 269770
Reported by: Peter Much
X-

libalias: add another check to previous change

If UseLink() returns NULL, it is possible that Deletelink()
has already freed "grp", so check it out carefully.

PR: 269770
Reported by: Peter Much
X-MFC-With: 8132e959099f0c533f698d8fbc17386f9144432f

show more ...

libalias: fix subtle racy problem in outside-inside forwarding

sys/netinet/libalias/alias_db.c has internal static function UseLink()
that passes a link to CleanupLink() to verify if the link has ex

libalias: fix subtle racy problem in outside-inside forwarding

sys/netinet/libalias/alias_db.c has internal static function UseLink()
that passes a link to CleanupLink() to verify if the link has expired.
If so, UseLink() may return NULL.

_FindLinkIn()'s usage of UseLink() is not quite correct.

Assume there is "redirect_port udp" configured to forward incoming
traffic for specific port to some internal address.
Such a rule creates partially specified permanent link.

After first such packet libalias creates new fully specifiled
temporary LINK_UDP with default timeout 60 seconds.
Also, in case of low traffic libalias may assign "timestamp"
for this new temporary link way in the past because
LibAliasTime is updated seldom and can keep old value
for tens of seconds, and it will be used for the temporary link.

It may happen that next incoming packet for redirected port
passed to _FindLinkIn() results in a call to UseLink()
that returns NULL due to detected expiration.
Immediate return of NULL results in broken translation:
either a packet is dropped (deny_incoming mode) or delivered to
original destination address instead of internal one.

Fix it with additional check for NULL to proceed with a search
for original partially specified link. In case of UDP,
it also recreates temporary fully specified link
with a call to ReLink().

Practical examples are "redirect_port udp" rules for unidirectional
SYSLOG protocol (port 514) or some low volume VPN encapsulated in UDP.

Thanks to Peter Much for initial analysis and first version of a patch.

Reported by: Peter Much <pmc@citylink.dinoex.sub.org>
PR: 269770
MFC after: 1 week

show more ...

sys: Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix

show more ...

libalias: fix divide by zero causing panic

The packet_limit can fall to 0, leading to a divide by zero abort in
the "packets % packet_limit".

An possible solution would be to apply a lower limit of

libalias: fix divide by zero causing panic

The packet_limit can fall to 0, leading to a divide by zero abort in
the "packets % packet_limit".

An possible solution would be to apply a lower limit of 1 after the
calculation of packet_limit, but since any number modulo 1 gives 0,
the more efficient solution is to skip the modulo operation for
packet_limit <= 1.

Since this is a fix for a panic observed in stable/12, merging this
fix to stable/12 and stable/13 before expiry of the 3 day waiting
period might be justified, if it works for the reporter of the issue.

Reported by: Karl Denninger <karl@denninger.net>
MFC after: 3 days

show more ...

libalias: Remove a stray directive

Removal of a preprocessor line was missed during development.
Do it now and MFC it together with the other patches.

MFC after: 2 days

libalias: Fix API bug on initialization

The kernel part of ipfw(8) does initialize LibAlias uncondistionally
with an zeroized port range (allowed ports from 0 to 0). During
restucturing of libalias

libalias: Fix API bug on initialization

The kernel part of ipfw(8) does initialize LibAlias uncondistionally
with an zeroized port range (allowed ports from 0 to 0). During
restucturing of libalias, port ranges are used everytime and are
therefor initialized with different values than zero. The secondary
initialization from ipfw (and probably others) overrides the new
default values and leave the instance in an unfunctional state. The
obvious solution is to detect such reinitializations and use the new
default value instead.

MFC after: 3 days

show more ...

libalias: Avoid uninitialized expiration

The expiration time of direct address mappings is explicitly
uninitialized. Expire times are always compared during housekeeping.
Despite the uninitialized

libalias: Avoid uninitialized expiration

The expiration time of direct address mappings is explicitly
uninitialized. Expire times are always compared during housekeeping.
Despite the uninitialized value does not harm, it's simpler to just
set it to a reasonable default. This was detected during valgrinding
the test suite.

MFC after: 3 days

show more ...

libalias: Fix compile time warning about unused functions

Compiling libalias results in warnings about unused functions.
Those warnings are caused by clang's heuristic to consider an inline
function

libalias: Fix compile time warning about unused functions

Compiling libalias results in warnings about unused functions.
Those warnings are caused by clang's heuristic to consider an inline
function as in use, iff the declaration is in a *.c file.
Declarations in *.h files do not emit those warnings.

Hence the declarations must be moved to an extra *.h file.

MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D30844

show more ...

libalias: Switch to efficient data structure for incoming traffic

Current data structure is using a hash of unordered lists. Those
unordered lists are quite efficient, because the least recently
in

libalias: Switch to efficient data structure for incoming traffic

Current data structure is using a hash of unordered lists. Those
unordered lists are quite efficient, because the least recently
inserted entries are most likely to be used again. In order to avoid
long search times in other cases, the lists are hashed into many
buckets. Unfortunatly a search for a miss needs an exhaustive
inspection and a careful definition of the hash.

Splay trees offer a similar feature: Almost O(1) for access of the
least recently used entries, and amortized O(ln(n)) for almost all
other cases. Get rid of the hash.

Now the data structure should able to quickly react to external
packets without eating CPU cycles for breakfast, preventing a DoS.

PR: 192888
Discussed with: Dimitry Luhtionov
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30536

show more ...

libalias: Switch to efficient data structure for outgoing traffic

Current data structure is using a hash of unordered lists. Those
unordered lists are quite efficient, because the least recently
in

libalias: Switch to efficient data structure for outgoing traffic

Current data structure is using a hash of unordered lists. Those
unordered lists are quite efficient, because the least recently
inserted entries are most likely to be used again. In order to avoid
long search times in other cases, the lists are hashed into many
buckets. Unfortunatly a search for a miss needs an exhaustive
inspection and a careful definition of the hash.

Splay trees offer a similar feature - almost O(1) for access of the
least recently used entries), and amortized O(ln(n) - for almost all
other cases. Get rid of the hash.

Discussed with: Dimitry Luhtionov
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30516

show more ...

libalias: Restructure - Remove temporary state deleteAllLinks from global struct

The entry deleteAllLinks in the struct libalias is only used to signal
a state between internal calls. It's not used

libalias: Restructure - Remove temporary state deleteAllLinks from global struct

The entry deleteAllLinks in the struct libalias is only used to signal
a state between internal calls. It's not used between API calls.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30604

show more ...

libalias: Restructure - Use AliasRange instead of PORT_BASE

Get rid of PORT_BASE, replace by AliasRange. Simplify code.
Factor out the search for a new port. Improves the perfomance a bit.

Discusse

libalias: Restructure - Use AliasRange instead of PORT_BASE

Get rid of PORT_BASE, replace by AliasRange. Simplify code.
Factor out the search for a new port. Improves the perfomance a bit.

Discussed with: Dimitry Luhtionov
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30581

show more ...

libalias: Restructure - Table for PPTP

Let PPTP use its own data structure.
Regroup and rename other lists, which are not PPTP.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/

libalias: Restructure - Table for PPTP

Let PPTP use its own data structure.
Regroup and rename other lists, which are not PPTP.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30580

show more ...

libalias: Restructure - Group expire handling entries

Reorder the internal structure semantically.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30575

libalias: Restructure - Group incoming links

Reorder incoming links by grouping of common search terms.
Significant performance improvement for incoming (missing) flows.

Remove LSNAT from outgoing

libalias: Restructure - Group incoming links

Reorder incoming links by grouping of common search terms.
Significant performance improvement for incoming (missing) flows.

Remove LSNAT from outgoing search.
Slight speedup due to less comparsions in the loop.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30574

show more ...

libalias: Restructure - Cleanup and Use for links

Factor out a common idiom to return found links.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30573

libalias: Restructure - Outgoing search

Factor out the outgoing search function.
Preparation for a new data structure.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30572

libalias: Restructure - Cleanup _FindLinkIn

Simplify program flow in function _FindLinkIn.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30571

libalias: Restructure - Table for partially links

Separate the partially specified links into a separate data structure.

This would causes a major parformance impact, if there are many of
them. Us

libalias: Restructure - Table for partially links

Separate the partially specified links into a separate data structure.

This would causes a major parformance impact, if there are many of
them. Use a (smaller) hash table to speed up the partially link
access.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30570

show more ...

libalias: Restructure - Separate fully qualified search

Search fully specified links first. Some performance loss due to need
to revisit the db twice, if not found.

MFC after: 1 week
Differential

libalias: Restructure - Separate fully qualified search

Search fully specified links first. Some performance loss due to need
to revisit the db twice, if not found.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30569

show more ...

libalias: Restructure - Common search terms

Factor out the common Out and In filter
Slightly better performance due to eager skip of search loop

MFC after: 1 week
Differential Revision: https://rev

libalias: Restructure - Common search terms

Factor out the common Out and In filter
Slightly better performance due to eager skip of search loop

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30568

show more ...