Also move num initialization for clarity.
We still need to check num in ng_unparse_composite (reported by des@ in
D52151) but this is another incremental improvement in netgraph input
validation.
Reviewed by: des
PR: 267334
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52151
Fix potential crash in the ng_nat module when attaching directly
to the layer 2 (ethernet) while calculating TCP checksum.
The issue is due to in_delayed_cksum() expecting to access IP
header at the offset 0 from the mbuf start, while if we are
attached to the L2 directly, the IP header at going to be at the
certain offset.
Reviewed by: markj, tuexen
Approved by: tuexen
Sponsored by: Sippy Software, Inc.
Differential Revision: https://reviews.freebsd.org/D49677
MFC After: 2 weeks
Replace priorities specified by a base priority and some hardcoded
offset value by symbolic constants. Hardcoded offsets prevent changing
the difference between priorities without changing their relative
ordering, and is generally a dangerous practice since the resulting
priority may inadvertently belong to a different selection policy's
range.
Since RQ_PPQ is 4, differences of less than 4 are insignificant, so just
remove them. These small differences have not been changed for years,
so it is likely they have no real meaning (besides having no practical
effect). One can still consult the changes history to recover them if
ever needed.
No functional change (intended).
MFC after: 1 month
Event: Kitchener-Waterloo Hackathon 202506
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45390
That is unnecessary since change [1], as if_alloc(IFT_PROPVIRTUAL) has
set if_type already.
[1] fc74a9f93a Stop embedding struct ifnet at the top of driver softcs
No functional change intended.
MFC after: 1 week
Switch to using sys/stdarg.h for va_list type and va_* builtins.
Make an attempt to insert the include in a sensible place. Where
style(9) was followed this is easy, where it was ignored, aim for the
first block of sys/*.h headers and don't get too fussy or try to fix
other style bugs.
Reviewed by: imp
Exp-run by: antoine (PR 286274)
Pull Request: https://github.com/freebsd/freebsd-src/pull/1595
When struct pr_usrreq was folded into struct protosw and the function
pointers it contained were renamed from pru_* to pr_* in 2022, a
number of references to the old names in comments and error messages
were missed. Chase them down and fix them.
Sponsored by: Klara, Inc.
Sponsored by: NetApp, Inc.
Reviewed by: kevans, glebius
Differential Revision: https://reviews.freebsd.org/D50190
Formally, there are 12 bits for TCP header flags.
Use the accessor functions in more (kernel) places.
No functional change.
Reviewed By: cc, #transport, cy, glebius, #iflib, kbowling
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D47063
This is an interim robustness improvement; further improvements as
described in the PR and/or Phabricator review are still needed.
PR: 267334
Reported by: Robert Morris <rtm@lcs.mit.edu>
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37229
In general, in the direct dispatch case netgraph only enters the net
epoch to send data messages, but this was inconsistent with the netgraph
thread, which also entered the net epoch to send fn and fn2 messages to
nodes. Some handlers, e.g., ng_bridge_newhook(), may sleep, and so
cannot be called in epoch context; the netgraph tests occasionally panic
due to this problem.
Make ngthread() consistent with the direct dispatch path.
Discussed with: afedorov (in D44615)
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Attempt to initialize FreeBSD bluetooth stack while such a device is in
bootloader mode locks the adapter hardly so it requires power on/off
cycle to restore.
This change blocks ng_ubt attachment unless operational firmware is
loaded thus preventing the lock up.
Sponsored by: Future Crew LLC
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D46738
If Intel firmware is already in operational mode at boot that takes
place at warm boot, BT adaptor can generate extra HCI events which
interferes with firmware mode detection logic. Ignore them.
Sponsored by: Future Crew LLC
MFC after: 1 month
Reviewed by: bz
Differential Revision: https://reviews.freebsd.org/D46736
The function ng_ipfw_input() used to enjoy implicit
32->16 bits truncation of its second argument.
Make it explicit to recover from the breakage.
PR: 281082
Reported by: Ruben van Staveren <ruben@verweg.com>
Tested by: Ruben van Staveren <ruben@verweg.com>
MFC after: 3 days
Fixes: 20e1f207cc
gcc -Wmemset-elt-size diagnosed this. The code was only initializing
the first 1/sizeof(long) bytes. On 64-bit systems, this would mean only
events up to 0x20 were initialized.
This effectively reverses the security policy for some events with
higher ids, now permitting them on unprivileged sockets. Two that are
defined are NG_HCI_EVENT_LE (0x3e) and NG_HCI_EVENT_BT_LOGO (0xfe).
PR: 280039
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D45707
Change 4787572d05 made if_alloc_domain() never fail, then also do the
wrappers if_alloc(), if_alloc_dev(), and if_gethandle().
No functional change intended.
Reviewed by: kp, imp, glebius, stevek
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D45740
This is the behavior described in the man page.
Signed-off-by: Martin Vahlensieck <git@academicsolutions.ch>
Discussed with: glebius
Reviewed by: markj
MFC after: 2 weeks
Pull Request: https://github.com/freebsd/freebsd-src/pull/1181
ng_btsocket_hci_raw_send() wasn't verifying that the destination address
specified by sendto() is large enough to fill a struct sockaddr_hci.
Thus, when copying the socket address into an mbuf,
ng_btsocket_hci_raw_send() may read past the end of the input sockaddr
while copying.
In practice this is effectively harmless since
ng_btsocket_hci_raw_output() only uses the address to identify a
netgraph node.
Reported by: Oliver Sieber <oliver@secfault-security.com>
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
The pseudo_AF_HDRCMPLT check is already being done in if_loop and
just needed to be ported over to if_ic, if_wg, if_disc, if_gif,
if_gre, if_me, if_tuntap and ng_iface. This is needed in order to
allow these interfaces to work properly with e.g., tcpreplay.
PR: 256587
Reviewed by: markj
MFC after: 2 weeks
Pull Request: https://github.com/freebsd/freebsd-src/pull/876
EEXIST is possible in a race condition.
Inspired by: ffc72591b1 (Don't worry if a module is already loaded ...)
Reviewed by: glebius
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D44633
This will allow a userland machinery that orchestrates a bridge (e.g. a
jail or vm manager) to not double the number allocation logic. See bug
278130 for longer description and examples.
Reviewed by: glebius, afedorov
Differential Revision: https://reviews.freebsd.org/D44615
PR: 278130
Update all remaining references to the struct tcphdr th_x2 field.
This completes the compatibilty of various aspects with AccECN
(TH_AE), after the internal ipfw "re-checksum required" was moved
to use the TH_RES1 flag.
No functional change.
Reviewed By: tuexen, #transport, glebius
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D43172
Just like it was done for accept(2) in cfb1e92912, use same approach
for two simplier syscalls that return socket addresses. Although,
these two syscalls aren't performance critical, this change generalizes
some code between 3 syscalls trimming code size.
Following example of accept(2), provide VNET-aware and INVARIANT-checking
wrappers sopeeraddr() and sosockaddr() around protosw methods.
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D42694
Let the accept functions provide stack memory for protocols to fill it in.
Generic code should provide sockaddr_storage, specialized code may provide
smaller structure.
While rewriting accept(2) make 'addrlen' a true in/out parameter, reporting
required length in case if provided length was insufficient. Our manual
page accept(2) and POSIX don't explicitly require that, but one can read
the text as they do. Linux also does that. Update tests accordingly.
Reviewed by: rscheff, tuexen, zlei, dchagin
Differential Revision: https://reviews.freebsd.org/D42635
The ng_socket(4) node already writes more than declared size of the
struct at least in the in ng_getsockaddr(). Make size match size of
a node name. The value is pasted instead of including ng_message.h
into ng_socket.h. This is external API and we want to keep it stable
even if NG_NODESIZ is redefined in a kernel build.
Reviewed by: afedorov
Differential Revision: https://reviews.freebsd.org/D42690
Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.
Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/
Sponsored by: Netflix
- Provide listen upcall and set it on NGM_KSOCKET_LISTEN
- Mask EWOULDBLOCK on NGM_KSOCKET_ACCEPT
Reviewed by: afedorov
Differential Revision: https://reviews.freebsd.org/D42637
PR: 272319
PR: 275106
Fixes: 779f106aa1
Note: imho, the proper solution would be to guarantee that upcalls
won't ever be called after soclose(), but this isn't the case, yet.
This change at least makes the node work the way it always worked.
Reviewed by: afedorov
Differential Revision: https://reviews.freebsd.org/D42636
PR: 272319
PR: 275106
Fixes: 779f106aa1
A ng_eiface instance may be on lease to a different vnet while
remaining tied to its parent vnet. In such circumstances, before
injecting mbufs into netgraph, curvnet must be set to that of the
ng_eiface's netgraph node. Mark the vnet transition as QUIET,
since otherwise it would be recorded as a curvnet recursion when
ng_eiface's ifnet resides in the same (parent) vnet as its
netgraph node.
PR: 274028
Reported by: Dancho Penev <dpslavov@hotmail.com>
MFC after: 1 week
