netinet: allow per protocol random IP id control, single out IPSEC

A globally enabled random IP id generation maybe useful in most IP
contexts, but it may be unnecessary in the case of IPsec encapsu

netinet: allow per protocol random IP id control, single out IPSEC

A globally enabled random IP id generation maybe useful in most IP
contexts, but it may be unnecessary in the case of IPsec encapsulated
packets because IPsec can be configured to use anti-replay windows.

This commit adds a new net.inet.ipsec.random_id sysctl to control whether
or not IPsec packets should use random IP id generation.

Rest of the protocols/modules are still controlled by the global
net.inet.ip.random_id, but can be easily augmented with a knob.

Reviewed by: glebius
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D49164

show more ...

netinet: use in_broadcast() inline

There should be no functional change.

Reviewed by: rrs, markj
Differential Revision: https://reviews.freebsd.org/D49088

sctp: improve debug output

MFC after: 3 days

sctp: store heartbeat creation time as time_t
Reported by: Coverity Scan
CID: 1493087
MFC after: 3 days

sctp: fix sctp_sendall() when an mbuf chain is provided

In this case uio is NULL, which needs to be checked and m must
be copied into the sctp_copy_all structure.
Reported by: Coverity Scan
CID: 14

sctp: fix sctp_sendall() when an mbuf chain is provided

In this case uio is NULL, which needs to be checked and m must
be copied into the sctp_copy_all structure.
Reported by: Coverity Scan
CID: 1400449
MFC after: 3 days

show more ...

sctp: add missing check

If memory allocation fails, m is NULL. Since this is possible,
check for it.
Reported by: Coverity Scan
CID: 1086866
MFC after: 3 days

sctp: improve sending of packets containing an INIT ACK chunk

If the peer announced support of zero checksums, do so when sending
packets containing an INIT ACK chunk.

MFC after: 1 week

sctp: improve consistency

MFC after: 1 week

sctp: cleanup cdefs.h include

sys: Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

sctp: keep sb_acc and sb_ccc in sync

PR: 260116
MFC after: 1 week

sctp: update zero checksum support

Implement support for the error detection method identifier.
MFC after: 2 weeks

Update various sys/netinet source files to conform with the style(9)
guide on how to label FALLTHOUGH in switch statements.

No functional chance.

Reviewed By: tuexen, cc, #transport
Sponsored by:

Update various sys/netinet source files to conform with the style(9)
guide on how to label FALLTHOUGH in switch statements.

No functional chance.

Reviewed By: tuexen, cc, #transport
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D40622

show more ...

sctp: only start shutdown guard timer when sending SHUTDOWN chunk

The intention is to protect a malicious peer not following the
shutdown procedures.

MFC after: 1 week

sctp: fix typo in assignment

sctp: improve negotiation of zero checksum feature

Enforce consistency between announcing 0-cksum support and actually
using it in the association. The value from the inp when the
INIT ACK is sent m

sctp: improve negotiation of zero checksum feature

Enforce consistency between announcing 0-cksum support and actually
using it in the association. The value from the inp when the
INIT ACK is sent must be used, not the one from the inp when the
cookie is received.

show more ...

sctp: initial implementation of draft-tuexen-tsvwg-sctp-zero-checksum

sctp: improve handling of send() calls with no user data`

In particular, don't report EAGAIN on send() calls with no user
data, which might trigger a KASSERT in asyc IO.

Reported by: syzbot+3b4dc5d

sctp: improve handling of send() calls with no user data`

In particular, don't report EAGAIN on send() calls with no user
data, which might trigger a KASSERT in asyc IO.

Reported by: syzbot+3b4dc5d1d63e9bd01eda@syzkaller.appspotmail.com
MFC after: 1 week

show more ...

Fix unused variable warning in sctp_output.c

With clang 15, the following -Werror warning is produced:

sys/netinet/sctp_output.c:9367:33: error: variable 'cnt_thru' set but not used [-Werror,-W

Fix unused variable warning in sctp_output.c

With clang 15, the following -Werror warning is produced:

sys/netinet/sctp_output.c:9367:33: error: variable 'cnt_thru' set but not used [-Werror,-Wunused-but-set-variable]
int no_fragmentflg, bundle_at, cnt_thru;
^

The 'cnt_thru' variable was in sctp_output.c when it was first added,
but appears to have been a debugging aid that has never been used, so
remove it.

MFC after: 3 days

show more ...

sctp: remove book keeping not needed anymore

MFC after: 3 days

sctp: cleanup, no functional change

MFC after: 3 days

sctp: use a consistent view of the send parameters

Reported by: syzbot+e26628a755f78bacff16@syzkaller.appspotmail.com
MFC after: 3 days

sctp: ignore SCTP_SENDALL flag on 1-to-1 style sockets

MFC after: 3 days

sctp: improve handling of send() when association is shutdown

Accept send() calls only when the association is not being
shut down or the expicit message EOR mode is used and the
application provide

sctp: improve handling of send() when association is shutdown

Accept send() calls only when the association is not being
shut down or the expicit message EOR mode is used and the
application provides follow-up data.

Reported by: syzbot+341e9ebd9d24ca7dc62a@syzkaller.appspotmail.com
MFC after: 3 days

show more ...

sctp: cleanup of error paths

MFC after: 3 days