#
051669e8 |
| 25-Jan-2020 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r356931 through r357118.
|
#
a3b0db5b |
| 22-Jan-2020 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Plug possible calls into ip6?_output() without network epoch from SCTP bluntly adding epoch entrance into the macro that SCTP uses to call ip6?_output(). This definitely will introduce several epoch
Plug possible calls into ip6?_output() without network epoch from SCTP bluntly adding epoch entrance into the macro that SCTP uses to call ip6?_output(). This definitely will introduce several epoch recursions.
Reported by: https://syzkaller.appspot.com/bug?id=79f03f574594a5be464997310896765c458ed80a Reported by: https://syzkaller.appspot.com/bug?id=07c6f52106cddbe356cc2b2f3664a1c51cc0dadf
show more ...
|
Revision tags: release/12.1.0 |
|
#
94962f6b |
| 05-Aug-2019 |
Michael Tuexen <tuexen@FreeBSD.org> |
Improve consistency. No functional change.
MFC after: 3 days
|
#
0ecd976e |
| 02-Aug-2019 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
IPv6 cleanup: kernel
Finish what was started a few years ago and harmonize IPv6 and IPv4 kernel names. We are down to very few places now that it is feasible to do the change for everything remaini
IPv6 cleanup: kernel
Finish what was started a few years ago and harmonize IPv6 and IPv4 kernel names. We are down to very few places now that it is feasible to do the change for everything remaining with causing too much disturbance.
Remove "aliases" for IPv6 names which confusingly could indicate that we are talking about a different data structure or field or have two fields, one for each address family. Try to follow common conventions used in FreeBSD.
* Rename sin6p to sin6 as that is how it is spelt in most places. * Remove "aliases" (#defines) for: - in6pcb which really is an inpcb and nothing separate - sotoin6pcb which is sotoinpcb (as per above) - in6p_sp which is inp_sp - in6p_flowinfo which is inp_flow * Try to use ia6 for in6_addr rather than in6p. * With all these gone also rename the in6p variables to inp as that is what we call it in most of the network stack including parts of netinet6.
The reasons behind this cleanup are that we try to further unify netinet and netinet6 code where possible and that people will less ignore one or the other protocol family when doing code changes as they may not have spotted places due to different names for the same thing.
No functional changes.
Discussed with: tuexen (SCTP changes) MFC after: 3 months Sponsored by: Netflix
show more ...
|
Revision tags: release/11.3.0, release/12.0.0 |
|
#
7847e041 |
| 24-Aug-2018 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r338026 through r338297, and resolve conflicts.
|
#
90ab3571 |
| 23-Aug-2018 |
Michael Tuexen <tuexen@FreeBSD.org> |
Use arc4rand() instead of read_random() in the SCTP and TCP code.
This was suggested by jmg@.
Reviewed by: delphij@, jmg@, jtl@ MFC after: 1 month Sponsored by: Netflix, Inc. Differential Revisi
Use arc4rand() instead of read_random() in the SCTP and TCP code.
This was suggested by jmg@.
Reviewed by: delphij@, jmg@, jtl@ MFC after: 1 month Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D16860
show more ...
|
Revision tags: release/11.2.0 |
|
#
6469bdcd |
| 06-Apr-2018 |
Brooks Davis <brooks@FreeBSD.org> |
Move most of the contents of opt_compat.h to opt_global.h.
opt_compat.h is mentioned in nearly 180 files. In-progress network driver compabibility improvements may add over 100 more so this is close
Move most of the contents of opt_compat.h to opt_global.h.
opt_compat.h is mentioned in nearly 180 files. In-progress network driver compabibility improvements may add over 100 more so this is closer to "just about everywhere" than "only some files" per the guidance in sys/conf/options.
Keep COMPAT_LINUX32 in opt_compat.h as it is confined to a subset of sys/compat/linux/*.c. A fake _COMPAT_LINUX option ensure opt_compat.h is created on all architectures.
Move COMPAT_LINUXKPI to opt_dontuse.h as it is only used to control the set of compiled files.
Reviewed by: kib, cem, jhb, jtl Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D14941
show more ...
|
#
82725ba9 |
| 23-Nov-2017 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Merge ^/head r325999 through r326131.
|
#
51369649 |
| 20-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
sys: further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification to make it easier for
sys: further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of Highlander" tool: an older (2014) run over FreeBSD tree was useful as a starting point.
show more ...
|
#
c2c014f2 |
| 07-Nov-2017 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Merge ^/head r323559 through r325504.
|
Revision tags: release/10.4.0 |
|
#
e5d34ca9 |
| 23-Sep-2017 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead@r320180
|
#
fe40f49b |
| 16-Sep-2017 |
Michael Tuexen <tuexen@FreeBSD.org> |
Remove code not used on any platform currently supported.
MFC after: 1 week
|
#
531c2d7a |
| 24-Jul-2017 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead@r320180
|
#
bca9d05f |
| 23-Jul-2017 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Merge ^/head r319973 through 321382.
|
Revision tags: release/11.1.0 |
|
#
7a0f2789 |
| 20-Jul-2017 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r321239 through r321306.
|
#
9dd6ca96 |
| 20-Jul-2017 |
Michael Tuexen <tuexen@FreeBSD.org> |
Deal with listening socket correctly.
|
#
d02c951f |
| 26-May-2017 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r318658 through r318963.
|
#
5d08768a |
| 26-May-2017 |
Michael Tuexen <tuexen@FreeBSD.org> |
Use the SCTP_PCB_FLAGS_ACCEPTING flags to check for listeners.
While there, use a macro for checking the listen state to allow for easier changes if required.
This done to help glebius@ with his li
Use the SCTP_PCB_FLAGS_ACCEPTING flags to check for listeners.
While there, use a macro for checking the listen state to allow for easier changes if required.
This done to help glebius@ with his listen changes.
show more ...
|
#
a3906ca5 |
| 17-Feb-2017 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r313644 through r313895.
|
#
627c036f |
| 13-Feb-2017 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Remove IPsec related PCB code from SCTP.
The inpcb structure has inp_sp pointer that is initialized by ipsec_init_pcbpolicy() function. This pointer keeps strorage for IPsec security policies associ
Remove IPsec related PCB code from SCTP.
The inpcb structure has inp_sp pointer that is initialized by ipsec_init_pcbpolicy() function. This pointer keeps strorage for IPsec security policies associated with a specific socket. An application can use IP_IPSEC_POLICY and IPV6_IPSEC_POLICY socket options to configure these security policies. Then ip[6]_output() uses inpcb pointer to specify that an outgoing packet is associated with some socket. And IPSEC_OUTPUT() method can use a security policy stored in the inp_sp. For inbound packet the protocol-specific input routine uses IPSEC_CHECK_POLICY() method to check that a packet conforms to inbound security policy configured in the inpcb.
SCTP protocol doesn't specify inpcb for ip[6]_output() when it sends packets. Thus IPSEC_OUTPUT() method does not consider such packets as associated with some socket and can not apply security policies from inpcb, even if they are configured. Since IPSEC_CHECK_POLICY() method is called from protocol-specific input routine, it can specify inpcb pointer and associated with socket inbound policy will be checked. But there are two problems: 1. Such check is asymmetric, becasue we can not apply security policy from inpcb for outgoing packet. 2. IPSEC_CHECK_POLICY() expects that caller holds INPCB lock and access to inp_sp is protected. But for SCTP this is not correct, becasue SCTP uses own locks to protect inpcb.
To fix these problems remove IPsec related PCB code from SCTP. This imply that IP_IPSEC_POLICY and IPV6_IPSEC_POLICY socket options will be not applicable to SCTP sockets. To be able correctly check inbound security policies for SCTP, mark its protocol header with the PR_LASTHDR flag.
Reported by: tuexen Reviewed by: tuexen Differential Revision: https://reviews.freebsd.org/D9538
show more ...
|
#
1a36faad |
| 11-Feb-2017 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r313301 through r313643.
|
#
15df32b4 |
| 07-Feb-2017 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead@r313360
|
#
fcf59617 |
| 06-Feb-2017 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Merge projects/ipsec into head/.
Small summary -------------
o Almost all IPsec releated code was moved into sys/netipsec. o New kernel modules added: ipsec.ko and tcpmd5.ko. New kernel option
Merge projects/ipsec into head/.
Small summary -------------
o Almost all IPsec releated code was moved into sys/netipsec. o New kernel modules added: ipsec.ko and tcpmd5.ko. New kernel option IPSEC_SUPPORT added. It enables support for loading and unloading of ipsec.ko and tcpmd5.ko kernel modules. o IPSEC_NAT_T option was removed. Now NAT-T support is enabled by default. The UDP_ENCAP_ESPINUDP_NON_IKE encapsulation type support was removed. Added TCP/UDP checksum handling for inbound packets that were decapsulated by transport mode SAs. setkey(8) modified to show run-time NAT-T configuration of SA. o New network pseudo interface if_ipsec(4) added. For now it is build as part of ipsec.ko module (or with IPSEC kernel). It implements IPsec virtual tunnels to create route-based VPNs. o The network stack now invokes IPsec functions using special methods. The only one header file <netipsec/ipsec_support.h> should be included to declare all the needed things to work with IPsec. o All IPsec protocols handlers (ESP/AH/IPCOMP protosw) were removed. Now these protocols are handled directly via IPsec methods. o TCP_SIGNATURE support was reworked to be more close to RFC. o PF_KEY SADB was reworked: - now all security associations stored in the single SPI namespace, and all SAs MUST have unique SPI. - several hash tables added to speed up lookups in SADB. - SADB now uses rmlock to protect access, and concurrent threads can do SA lookups in the same time. - many PF_KEY message handlers were reworked to reflect changes in SADB. - SADB_UPDATE message was extended to support new PF_KEY headers: SADB_X_EXT_NEW_ADDRESS_SRC and SADB_X_EXT_NEW_ADDRESS_DST. They can be used by IKE daemon to change SA addresses. o ipsecrequest and secpolicy structures were cardinally changed to avoid locking protection for ipsecrequest. Now we support only limited number (4) of bundled SAs, but they are supported for both INET and INET6. o INPCB security policy cache was introduced. Each PCB now caches used security policies to avoid SP lookup for each packet. o For inbound security policies added the mode, when the kernel does check for full history of applied IPsec transforms. o References counting rules for security policies and security associations were changed. The proper SA locking added into xform code. o xform code was also changed. Now it is possible to unregister xforms. tdb_xxx structures were changed and renamed to reflect changes in SADB/SPDB, and changed rules for locking and refcounting.
Reviewed by: gnn, wblock Obtained from: Yandex LLC Relnotes: yes Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D9352
show more ...
|
#
1bde3b70 |
| 09-Dec-2016 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r309519 through r309757.
|
#
5b495f17 |
| 06-Dec-2016 |
Michael Tuexen <tuexen@FreeBSD.org> |
Whitespace changes.
The tools using to generate the sources has been updated and produces different whitespaces. Commit this seperately to avoid intermixing these with real code changes.
MFC after:
Whitespace changes.
The tools using to generate the sources has been updated and produces different whitespaces. Commit this seperately to avoid intermixing these with real code changes.
MFC after: 3 days
show more ...
|