| History log of /src/sys/netipsec/ipsec_mbuf.c |
| Revision | | Date | Author | Comments |
| 1.30 |
| 22-Dec-2018 |
maxv | Replace: M_MOVE_PKTHDR -> m_move_pkthdr. No functional change, since the
former is a macro to the latter.
|
| 1.29 |
| 03-Sep-2018 |
riastradh | Rename min/max -> uimin/uimax for better honesty.
These functions are defined on unsigned int. The generic name
min/max should not silently truncate to 32 bits on 64-bit systems.
This is purely a name change -- no functional change intended.
HOWEVER! Some subsystems have
#define min(a, b) ((a) < (b) ? (a) : (b))
#define max(a, b) ((a) > (b) ? (a) : (b))
even though our standard name for that is MIN/MAX. Although these
may invite multiple evaluation bugs, these do _not_ cause integer
truncation.
To avoid `fixing' these cases, I first changed the name in libkern,
and then compile-tested every file where min/max occurred in order to
confirm that it failed -- and thus confirm that nothing shadowed
min/max -- before changing it.
I have left a handful of bootloaders that are too annoying to
compile-test, and some dead code:
cobalt ews4800mips hp300 hppa ia64 luna68k vax
acorn32/if_ie.c (not included in any kernels)
macppc/if_gm.c (superseded by gem(4))
It should be easy to fix the fallout once identified -- this way of
doing things fails safe, and the goal here, after all, is to _avoid_
silent integer truncations, not introduce them.
Maybe one day we can reintroduce min/max as type-generic things that
never silently truncate. But we should avoid doing that for a while,
so that existing code has a chance to be detected by the compiler for
conversion to uimin/uimax without changing the semantics until we can
properly audit it all. (Who knows, maybe in some cases integer
truncation is actually intended!)
|
| 1.28 |
| 31-May-2018 |
maxv | branches: 1.28.2;
Clarify, remove superfluous things.
|
| 1.27 |
| 28-Apr-2018 |
maxv | Inline M_EXT_WRITABLE directly, and remove the XXX, there's nothing wrong
in the use of !M_READONLY.
|
| 1.26 |
| 19-Apr-2018 |
maxv | Remove extra long file paths from the headers.
|
| 1.25 |
| 18-Apr-2018 |
maxv | Remove unused includes, remove misleading comments, and style.
|
| 1.24 |
| 17-Apr-2018 |
maxv | Fix a pretty bad mistake, that has always been there.
m_adj(m1, -(m1->m_len - roff));
if (m1 != m)
m->m_pkthdr.len -= (m1->m_len - roff);
This is wrong: m_adj will modify m1->m_len, so we're using a wrong value
when manually adjusting m->m_pkthdr.len.
Because of that, it is possible to exploit the attack I described in
uipc_mbuf.c::rev1.182. The exploit is more complicated, but works 100%
reliably.
|
| 1.23 |
| 17-Apr-2018 |
maxv | Don't assume M_PKTHDR is set only on the first mbuf of the chain. It
should, but it looks like there are several places that can put M_PKTHDR
on secondary mbufs (PR/53189), so drop this assumption right now to
prevent further bugs.
The check is replaced by (m1 != m), which is equivalent to the previous
code: we want to modify m->m_pkthdr.len only when 'm' was not passed in
m_adj().
|
| 1.22 |
| 10-Mar-2018 |
maxv | Add KASSERTs.
|
| 1.21 |
| 05-Mar-2018 |
maxv | branches: 1.21.2;
Improve stupid check, style, and fix leak (m, not m0).
|
| 1.20 |
| 26-Feb-2018 |
maxv | Merge some minor (mostly stylistic) changes from last week.
|
| 1.19 |
| 14-Feb-2018 |
maxv | Remove m_checkalignment(), unused. This eliminates a reference to
m_getptr().
|
| 1.18 |
| 08-Feb-2018 |
maxv | Remove unused net_osdep.h include.
|
| 1.17 |
| 01-Feb-2018 |
maxv | Replace ovbcopy -> memmove, same.
|
| 1.16 |
| 19-May-2017 |
ozaki-r | branches: 1.16.2;
Introduce IPSECLOG and replace ipseclog and DPRINTF with it
|
| 1.15 |
| 19-Apr-2017 |
ozaki-r | Retire ipsec_osdep.h
We don't need to care other OSes (FreeBSD) anymore.
Some macros are alive in ipsec_private.h.
|
| 1.14 |
| 18-Apr-2017 |
ozaki-r | Convert IPSEC_ASSERT to KASSERT or KASSERTMSG
IPSEC_ASSERT just discarded specified message...
|
| 1.13 |
| 18-Apr-2017 |
ozaki-r | Remove __FreeBSD__ and __NetBSD__ switches
No functional changes (except for a debug printf).
Note that there remain some __FreeBSD__ for sysctl knobs which counerparts
to NetBSD don't exist. And ipsec_osdep.h isn't touched yet; tidying it up
requires actual code changes.
|
| 1.12 |
| 16-May-2011 |
drochner | branches: 1.12.10; 1.12.14; 1.12.16; 1.12.24; 1.12.30; 1.12.32; 1.12.34; 1.12.36; 1.12.40; 1.12.42;
remove redundant declaration
|
| 1.11 |
| 23-Apr-2008 |
thorpej | branches: 1.11.24; 1.11.30;
Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and
netstat_sysctl().
|
| 1.10 |
| 14-Dec-2007 |
seanb | branches: 1.10.6; 1.10.8;
- Remove remain <= MHLEN restriction in m_makespace()
PR:30124
|
| 1.9 |
| 04-Mar-2007 |
degroote | branches: 1.9.16; 1.9.24; 1.9.28;
Fix fallout from caddr_t changes
|
| 1.8 |
| 04-Mar-2007 |
christos | Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
|
| 1.7 |
| 11-Dec-2005 |
christos | branches: 1.7.24; 1.7.26; 1.7.30; 1.7.34;
merge ktrace-lwp.
|
| 1.6 |
| 26-Feb-2005 |
perry | branches: 1.6.4;
nuke trailing whitespace
|
| 1.5 |
| 07-May-2004 |
jonathan | branches: 1.5.2; 1.5.6; 1.5.8;
Redo net.inet.* sysctl subtree for fast-ipsec from scratch.
Attach FAST-IPSEC statistics with 64-bit counters to new sysctl MIB.
Rework netstat to show FAST_IPSEC statistics, via sysctl, for
netstat -p ipsec.
New kernel files:
sys/netipsec/Makefile (new file; install *_var.h includes)
sys/netipsec/ipsec_var.h (new 64-bit mib counter struct)
Changed kernel files:
sys/Makefile (recurse into sys/netipsec/)
sys/netinet/in.h (fake IP_PROTO name for fast_ipsec
sysctl subtree.)
sys/netipsec/ipsec.h (minimal userspace inclusion)
sys/netipsec/ipsec_osdep.h (minimal userspace inclusion)
sys/netipsec/ipsec_netbsd.c (redo sysctl subtree from scratch)
sys/netipsec/key*.c (fix broken net.key subtree)
sys/netipsec/ah_var.h (increase all counters to 64 bits)
sys/netipsec/esp_var.h (increase all counters to 64 bits)
sys/netipsec/ipip_var.h (increase all counters to 64 bits)
sys/netipsec/ipcomp_var.h (increase all counters to 64 bits)
sys/netipsec/ipsec.c (add #include netipsec/ipsec_var.h)
sys/netipsec/ipsec_mbuf.c (add #include netipsec/ipsec_var.h)
sys/netipsec/ipsec_output.c (add #include netipsec/ipsec_var.h)
sys/netinet/raw_ip.c (add #include netipsec/ipsec_var.h)
sys/netinet/tcp_input.c (add #include netipsec/ipsec_var.h)
sys/netinet/udp_usrreq.c (add #include netipsec/ipsec_var.h)
Changes to usr.bin/netstat to print the new fast-ipsec sysctl tree
for "netstat -s -p ipsec":
New file:
usr.bin/netstat/fast_ipsec.c (print fast-ipsec counters)
Changed files:
usr.bin/netstat/Makefile (add fast_ipsec.c)
usr.bin/netstat/netstat.h (declarations for fast_ipsec.c)
usr.bin/netstat/main.c (call KAME-vs-fast-ipsec dispatcher)
|
| 1.4 |
| 01-Mar-2004 |
thorpej | branches: 1.4.2;
Add missing copyright notice (FreeBSD rev. 1.5.2.2).
|
| 1.3 |
| 20-Aug-2003 |
jonathan | opt_inet6.h is FreeBSD-specific, so wrap it with #ifdef __FreeBSD__/#endif.
|
| 1.2 |
| 13-Aug-2003 |
jonathan | Make sure one (potentially) overlapping copy is safe.
|
| 1.1 |
| 13-Aug-2003 |
jonathan | Initial import of Sam Leffler's `Fast-IPsec' from FreeBSD 4.
Fast-IPsec is a rework of the OpenBSD and KAME IPsec code, using the
OpenCryptoFramework (and thus hardware crypto accelerators) and
numerous detailed performance improvements.
This import is (aside from SPL-level names) the FreeBSD source,
imported ``as-is'' as a historical snapshot, for future maintenance
and comparison against the FreeBSD source. For now, several minor
kernel-API differences are hidden by macros a shim file, ipsec_osdep.h,
which (aside from SPL names) can be targeted at either NetBSD or FreeBSD.
|
| 1.4.2.1 |
| 10-May-2004 |
tron | Pull up revision 1.5 (requested by jonathan in ticket #280):
Redo net.inet.* sysctl subtree for fast-ipsec from scratch.
Attach FAST-IPSEC statistics with 64-bit counters to new sysctl MIB.
Rework netstat to show FAST_IPSEC statistics, via sysctl, for
netstat -p ipsec.
New kernel files:
sys/netipsec/Makefile (new file; install *_var.h includes)
sys/netipsec/ipsec_var.h (new 64-bit mib counter struct)
Changed kernel files:
sys/Makefile (recurse into sys/netipsec/)
sys/netinet/in.h (fake IP_PROTO name for fast_ipsec
sysctl subtree.)
sys/netipsec/ipsec.h (minimal userspace inclusion)
sys/netipsec/ipsec_osdep.h (minimal userspace inclusion)
sys/netipsec/ipsec_netbsd.c (redo sysctl subtree from scratch)
sys/netipsec/key*.c (fix broken net.key subtree)
sys/netipsec/ah_var.h (increase all counters to 64 bits)
sys/netipsec/esp_var.h (increase all counters to 64 bits)
sys/netipsec/ipip_var.h (increase all counters to 64 bits)
sys/netipsec/ipcomp_var.h (increase all counters to 64 bits)
sys/netipsec/ipsec.c (add #include netipsec/ipsec_var.h)
sys/netipsec/ipsec_mbuf.c (add #include netipsec/ipsec_var.h)
sys/netipsec/ipsec_output.c (add #include netipsec/ipsec_var.h)
sys/netinet/raw_ip.c (add #include netipsec/ipsec_var.h)
sys/netinet/tcp_input.c (add #include netipsec/ipsec_var.h)
sys/netinet/udp_usrreq.c (add #include netipsec/ipsec_var.h)
Changes to usr.bin/netstat to print the new fast-ipsec sysctl tree
for "netstat -s -p ipsec":
New file:
usr.bin/netstat/fast_ipsec.c (print fast-ipsec counters)
Changed files:
usr.bin/netstat/Makefile (add fast_ipsec.c)
usr.bin/netstat/netstat.h (declarations for fast_ipsec.c)
usr.bin/netstat/main.c (call KAME-vs-fast-ipsec dispatcher)
|
| 1.5.8.1 |
| 19-Mar-2005 |
yamt | sync with head. xen and whitespace. xen part is not finished.
|
| 1.5.6.1 |
| 29-Apr-2005 |
kent | sync with -current
|
| 1.5.2.5 |
| 04-Mar-2005 |
skrll | Sync with HEAD.
Hi Perry!
|
| 1.5.2.4 |
| 21-Sep-2004 |
skrll | Fix the sync with head I botched.
|
| 1.5.2.3 |
| 18-Sep-2004 |
skrll | Sync with HEAD.
|
| 1.5.2.2 |
| 03-Aug-2004 |
skrll | Sync with HEAD
|
| 1.5.2.1 |
| 07-May-2004 |
skrll | file ipsec_mbuf.c was added on branch ktrace-lwp on 2004-08-03 10:55:29 +0000
|
| 1.6.4.2 |
| 21-Jan-2008 |
yamt | sync with head
|
| 1.6.4.1 |
| 03-Sep-2007 |
yamt | sync with head.
|
| 1.7.34.1 |
| 04-Feb-2008 |
riz | Pull up following revision(s) (requested by seanb in ticket #1015):
sys/netipsec/ipsec_mbuf.c: revision 1.10 via patch
- Remove remain <= MHLEN restriction in m_makespace()
PR:30124
|
| 1.7.30.1 |
| 03-Jun-2008 |
skrll | Sync with netbsd-4.
|
| 1.7.26.1 |
| 12-Mar-2007 |
rmind | Sync with HEAD.
|
| 1.7.24.1 |
| 04-Feb-2008 |
riz | Pull up following revision(s) (requested by seanb in ticket #1015):
sys/netipsec/ipsec_mbuf.c: revision 1.10 via patch
- Remove remain <= MHLEN restriction in m_makespace()
PR:30124
|
| 1.9.28.1 |
| 02-Jan-2008 |
bouyer | Sync with HEAD
|
| 1.9.24.1 |
| 26-Dec-2007 |
ad | Sync with head.
|
| 1.9.16.1 |
| 09-Jan-2008 |
matt | sync with HEAD
|
| 1.10.8.1 |
| 18-May-2008 |
yamt | sync with head.
|
| 1.10.6.1 |
| 02-Jun-2008 |
mjf | Sync with HEAD.
|
| 1.11.30.1 |
| 06-Jun-2011 |
jruoho | Sync with HEAD.
|
| 1.11.24.1 |
| 31-May-2011 |
rmind | sync with head
|
| 1.12.42.1 |
| 17-Apr-2018 |
martin | Pull up following revision(s) (requested by maxv in ticket #1599):
sys/netipsec/ipsec_mbuf.c: revision 1.23,1.24 (via patch)
Don't assume M_PKTHDR is set only on the first mbuf of the chain. It
should, but it looks like there are several places that can put M_PKTHDR
on secondary mbufs (PR/53189), so drop this assumption right now to
prevent further bugs.
The check is replaced by (m1 != m), which is equivalent to the previous
code: we want to modify m->m_pkthdr.len only when 'm' was not passed in
m_adj().
Fix a pretty bad mistake, that has always been there.
m_adj(m1, -(m1->m_len - roff));
if (m1 != m)
m->m_pkthdr.len -= (m1->m_len - roff);
This is wrong: m_adj will modify m1->m_len, so we're using a wrong value
when manually adjusting m->m_pkthdr.len.
Because of that, it is possible to exploit the attack I described in
uipc_mbuf.c::rev1.182. The exploit is more complicated, but works 100%
reliably.
|
| 1.12.40.1 |
| 21-Apr-2017 |
bouyer | Sync with HEAD
|
| 1.12.36.1 |
| 26-Apr-2017 |
pgoyette | Sync with HEAD
|
| 1.12.34.1 |
| 17-Apr-2018 |
martin | Pull up following revision(s) (requested by maxv in ticket #1599):
sys/netipsec/ipsec_mbuf.c: revision 1.23,1.24 (via patch)
Don't assume M_PKTHDR is set only on the first mbuf of the chain. It
should, but it looks like there are several places that can put M_PKTHDR
on secondary mbufs (PR/53189), so drop this assumption right now to
prevent further bugs.
The check is replaced by (m1 != m), which is equivalent to the previous
code: we want to modify m->m_pkthdr.len only when 'm' was not passed in
m_adj().
Fix a pretty bad mistake, that has always been there.
m_adj(m1, -(m1->m_len - roff));
if (m1 != m)
m->m_pkthdr.len -= (m1->m_len - roff);
This is wrong: m_adj will modify m1->m_len, so we're using a wrong value
when manually adjusting m->m_pkthdr.len.
Because of that, it is possible to exploit the attack I described in
uipc_mbuf.c::rev1.182. The exploit is more complicated, but works 100%
reliably.
|
| 1.12.32.1 |
| 28-Aug-2017 |
skrll | Sync with HEAD
|
| 1.12.30.1 |
| 17-Apr-2018 |
martin | Pull up following revision(s) (requested by maxv in ticket #1599):
sys/netipsec/ipsec_mbuf.c: revision 1.23,1.24 (via patch)
Don't assume M_PKTHDR is set only on the first mbuf of the chain. It
should, but it looks like there are several places that can put M_PKTHDR
on secondary mbufs (PR/53189), so drop this assumption right now to
prevent further bugs.
The check is replaced by (m1 != m), which is equivalent to the previous
code: we want to modify m->m_pkthdr.len only when 'm' was not passed in
m_adj().
Fix a pretty bad mistake, that has always been there.
m_adj(m1, -(m1->m_len - roff));
if (m1 != m)
m->m_pkthdr.len -= (m1->m_len - roff);
This is wrong: m_adj will modify m1->m_len, so we're using a wrong value
when manually adjusting m->m_pkthdr.len.
Because of that, it is possible to exploit the attack I described in
uipc_mbuf.c::rev1.182. The exploit is more complicated, but works 100%
reliably.
|
| 1.12.24.1 |
| 18-Apr-2018 |
msaitoh | Pull up following revision(s) (requested by maxv in ticket #1545):
sys/netipsec/ipsec_mbuf.c: revision 1.23
sys/netipsec/ipsec_mbuf.c: revision 1.24
Don't assume M_PKTHDR is set only on the first mbuf of the chain. It
should, but it looks like there are several places that can put M_PKTHDR
on secondary mbufs (PR/53189), so drop this assumption right now to
prevent further bugs.
The check is replaced by (m1 != m), which is equivalent to the previous
code: we want to modify m->m_pkthdr.len only when 'm' was not passed in
m_adj().
Fix a pretty bad mistake, that has always been there.
m_adj(m1, -(m1->m_len - roff));
if (m1 != m)
m->m_pkthdr.len -= (m1->m_len - roff);
This is wrong: m_adj will modify m1->m_len, so we're using a wrong value
when manually adjusting m->m_pkthdr.len.
Because of that, it is possible to exploit the attack I described in
uipc_mbuf.c::rev1.182. The exploit is more complicated, but works 100%
reliably.
|
| 1.12.16.1 |
| 18-Apr-2018 |
msaitoh | Pull up following revision(s) (requested by maxv in ticket #1545):
sys/netipsec/ipsec_mbuf.c: revision 1.23
sys/netipsec/ipsec_mbuf.c: revision 1.24
Don't assume M_PKTHDR is set only on the first mbuf of the chain. It
should, but it looks like there are several places that can put M_PKTHDR
on secondary mbufs (PR/53189), so drop this assumption right now to
prevent further bugs.
The check is replaced by (m1 != m), which is equivalent to the previous
code: we want to modify m->m_pkthdr.len only when 'm' was not passed in
m_adj().
Fix a pretty bad mistake, that has always been there.
m_adj(m1, -(m1->m_len - roff));
if (m1 != m)
m->m_pkthdr.len -= (m1->m_len - roff);
This is wrong: m_adj will modify m1->m_len, so we're using a wrong value
when manually adjusting m->m_pkthdr.len.
Because of that, it is possible to exploit the attack I described in
uipc_mbuf.c::rev1.182. The exploit is more complicated, but works 100%
reliably.
|
| 1.12.14.1 |
| 03-Dec-2017 |
jdolecek | update from HEAD
|
| 1.12.10.1 |
| 18-Apr-2018 |
msaitoh | Pull up following revision(s) (requested by maxv in ticket #1545):
sys/netipsec/ipsec_mbuf.c: revision 1.23
sys/netipsec/ipsec_mbuf.c: revision 1.24
Don't assume M_PKTHDR is set only on the first mbuf of the chain. It
should, but it looks like there are several places that can put M_PKTHDR
on secondary mbufs (PR/53189), so drop this assumption right now to
prevent further bugs.
The check is replaced by (m1 != m), which is equivalent to the previous
code: we want to modify m->m_pkthdr.len only when 'm' was not passed in
m_adj().
Fix a pretty bad mistake, that has always been there.
m_adj(m1, -(m1->m_len - roff));
if (m1 != m)
m->m_pkthdr.len -= (m1->m_len - roff);
This is wrong: m_adj will modify m1->m_len, so we're using a wrong value
when manually adjusting m->m_pkthdr.len.
Because of that, it is possible to exploit the attack I described in
uipc_mbuf.c::rev1.182. The exploit is more complicated, but works 100%
reliably.
|
| 1.16.2.1 |
| 17-Apr-2018 |
martin | Pull up following revision(s) (requested by maxv in ticket #773):
sys/netipsec/ipsec_mbuf.c: revision 1.23,1.24
Don't assume M_PKTHDR is set only on the first mbuf of the chain. It
should, but it looks like there are several places that can put M_PKTHDR
on secondary mbufs (PR/53189), so drop this assumption right now to
prevent further bugs.
The check is replaced by (m1 != m), which is equivalent to the previous
code: we want to modify m->m_pkthdr.len only when 'm' was not passed in
m_adj().
Fix a pretty bad mistake, that has always been there.
m_adj(m1, -(m1->m_len - roff));
if (m1 != m)
m->m_pkthdr.len -= (m1->m_len - roff);
This is wrong: m_adj will modify m1->m_len, so we're using a wrong value
when manually adjusting m->m_pkthdr.len.
Because of that, it is possible to exploit the attack I described in
uipc_mbuf.c::rev1.182. The exploit is more complicated, but works 100%
reliably.
|
| 1.21.2.6 |
| 26-Dec-2018 |
pgoyette | Sync with HEAD, resolve a few conflicts
|
| 1.21.2.5 |
| 06-Sep-2018 |
pgoyette | Sync with HEAD
Resolve a couple of conflicts (result of the uimin/uimax changes)
|
| 1.21.2.4 |
| 25-Jun-2018 |
pgoyette | Sync with HEAD
|
| 1.21.2.3 |
| 02-May-2018 |
pgoyette | Synch with HEAD
|
| 1.21.2.2 |
| 22-Apr-2018 |
pgoyette | Sync with HEAD
|
| 1.21.2.1 |
| 15-Mar-2018 |
pgoyette | Synch with HEAD
|
| 1.28.2.1 |
| 10-Jun-2019 |
christos | Sync with HEAD
|
