#
364651 |
|
24-Aug-2020 |
tuexen |
MFC r364268: Improve the handling of concurrent send() calls for SCTP sockets, especially when having the explicit EOR mode enabled. Manually resolved merge conflicts.
MFC r364270: Remove a line which is needed and was added in https://svnweb.freebsd.org/changeset/base/364268
|
#
361471 |
|
25-May-2020 |
tuexen |
MFC r360878, r360942: Improve SCTP timer handling
Ensure that we have a path when starting the T3 RXT timer.
|
#
360770 |
|
07-May-2020 |
tuexen |
MFC r360193, r360209: Improve input validation ofor AUTH chunks
Improve input validation when processing AUTH chunks.
Thanks to Natalie Silvanovich from Google for finding and reporting the issue found by her in the SCTP userland stack.
|
#
360748 |
|
07-May-2020 |
tuexen |
MFC r355135: Plug memory leaks
Plug two mbuf leaks during INIT-ACK handling. One leak happens when there is not enough memory to allocate the the resources for streams. The other leak happens if the are unknown parameters in the received INIT-ACK chunk which require reporting and the INIT-ACK requires sending an ABORT due to illegal parameter combinations. Hopefully this fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19083
|
#
360743 |
|
07-May-2020 |
tuexen |
MFC r353122: Plump memory leak
Plumb an mbuf leak found by Mark Wodrich from Google by fuzz testing the userland stack and reporting it in: https://github.com/sctplab/usrsctp/issues/396
|
#
360736 |
|
07-May-2020 |
tuexen |
MFC r352594: Improve SCTP locking
Don't hold the info lock when calling sctp_select_a_tag().
This avoids a double lock bug in the NAT colliding state processing of SCTP. Thanks to Felix Weinrank for finding and reporting this issue in https://github.com/sctplab/usrsctp/issues/374 He found this bug using fuzz testing.
|
#
360735 |
|
07-May-2020 |
tuexen |
MFC r352592:
Cleanup the RTO calculation and perform some consistency checks before computing the RTO. This should fix an overflow issue reported by Felix Weinrank in https://github.com/sctplab/usrsctp/issues/375 for the userland stack and found by running a fuzz tester.
|
#
360731 |
|
07-May-2020 |
tuexen |
MFC r351654: Improve handling of cookie parameters in INIT-ACK chunks
Improve the handling of state cookie parameters in INIT-ACK chunks. This fixes problem with parameters indicating a zero length or partial parameters after an unknown parameter indicating to stop processing. It also fixes a problem with state cookie parameters after unknown parametes indicating to stop porcessing. Thanks to Mark Wodrich from Google for finding two of these issues by fuzz testing the userland stack and reporting them in https://github.com/sctplab/usrsctp/issues/355 and https://github.com/sctplab/usrsctp/issues/352
|
#
352057 |
|
09-Sep-2019 |
tuexen |
MFC r349986:
When calling sctp_initialize_auth_params(), the inp must have at least a read lock. To avoid more complex locking dances, just call it in sctp_aloc_assoc() when the write lock is still held.
|
#
347166 |
|
05-May-2019 |
tuexen |
MFC r337737: Remove a set but not used warning showing up in usrsctp.
|
#
347165 |
|
05-May-2019 |
tuexen |
MFC r337708:
Use the stcb instead of the asoc in state macros. This is not a functional change. Just a preparation for upcoming dtrace state change provider support.
|
#
347163 |
|
05-May-2019 |
tuexen |
MFC r337706: Use consistently the macors to modify the assoc state. No functional change.
|
#
347154 |
|
05-May-2019 |
tuexen |
MFC r336511: Whitespace changes due to changes in ident.
|
#
341506 |
|
04-Dec-2018 |
tuexen |
MFC r339042:
Mitigate providing a timing signal if the COOKIE or AUTH validation fails. Thanks to jmg@ for reporting the issue, which was discussed in https://admbugs.freebsd.org/show_bug.cgi?id=878
|
#
334801 |
|
07-Jun-2018 |
tuexen |
MFC r334725:
Improve compliance with RFC 4895 and RFC 6458.
Silently dicard SCTP chunks which have been requested to be authenticated but are received unauthenticated no matter if support for SCTP authentication has been negotiated. This improves compliance with RFC 4895.
When the application uses the SCTP_AUTH_CHUNK socket option to request a chunk to be received in an authenticated way, enable the SCTP authentication extension for the end-point. This improves compliance with RFC 6458.
Discussed with: Peter Lei Approved by: re (gjb, early MFC)
|
#
332634 |
|
16-Apr-2018 |
tuexen |
MFC r332269:
Fix a signed/unsigned warning showing up for the userland stack on some platforms. Thanks to Felix Weinrank for reporting the issue.
|
#
332228 |
|
07-Apr-2018 |
tuexen |
MFC r326829:
Cleaup, no functional change.
|
#
332227 |
|
07-Apr-2018 |
tuexen |
MFC r326672:
Retire SCTP_WITH_NO_CSUM option.
This option was used in the early days to allow performance measurements extrapolating the use of SCTP checksum offloading. Since this feature is now available, get rid of this option. This also un-breaks the LINT kernel. Thanks to markj@ for making me aware of the problem.
|
#
332226 |
|
07-Apr-2018 |
tuexen |
MFC r325864:
Fix the handling of ERROR chunks which a lot of error causes. While there, clean up the code. Thanks to Felix Weinrank who found the bug by using fuzz-testing the SCTP userland stack.
|
#
332225 |
|
07-Apr-2018 |
tuexen |
MFC r325788:
Simply the code and use the full buffer for contigous chunk representation.
|
#
332224 |
|
07-Apr-2018 |
tuexen |
MFC r325746:
Cleanup the handling of control chunks. While there fix some minor bug related to clearing the assoc retransmit counter and the dup TSN handling of NR-SACK chunks.
|
#
332217 |
|
07-Apr-2018 |
tuexen |
MFC r324958:
Fix a bug in handling special ABORT chunks. Thanks to Felix Weinrank for finding this issue using libfuzzer with the userland stack.
|
#
332216 |
|
07-Apr-2018 |
tuexen |
MFC r324954:
Fix a locking issue found by running AFL on the userland stack. Thanks to Felix Weinrank for reporting the issue.
|
#
332213 |
|
07-Apr-2018 |
tuexen |
MFC r324638:
Fix the handling of parital and too short chunks.
Ensure that the current behaviour is consistent: stop processing of the chunk, but finish the processing of the previous chunks.
This behaviour might be changed in a later commit to ABORT the assoication due to a protocol violation, but changing this is a separate issue.
MFC r324725
Fix a bug introduced in r324638. Thanks to Felix Weinrank for making me aware of this.
MFC r324726:
Revert change which got in accidently.
|
#
332212 |
|
07-Apr-2018 |
tuexen |
MFC r324615:
Code cleanup, not functional change.
This avoids taking a pointer of a packed structure which allows simpler compilation of the userland stack.
|
#
332211 |
|
07-Apr-2018 |
tuexen |
MFC r324317:
Ensure that the accept ABORT chunks with the T-bit set only the a non-zero matching peer tag is provided.
|
#
332203 |
|
07-Apr-2018 |
tuexen |
MFC r323904:
Add missing locking. Found by Coverity while scanning the usrsctp library.
|
#
332201 |
|
07-Apr-2018 |
tuexen |
MFC r323861:
Code cleanup, no functional change.
|
#
332193 |
|
07-Apr-2018 |
tuexen |
MFC r323776:
Fix a warning.
|
#
332192 |
|
07-Apr-2018 |
tuexen |
MFC r323774:
Avoid an overflow when computing the staleness. This issue was found by running libfuzz on the userland stack.
|
#
332183 |
|
07-Apr-2018 |
tuexen |
MFC r323372:
Savely remove a chunk from the control queue. This bug was found by Coverity scanning the usrsctp library.
|
#
332168 |
|
07-Apr-2018 |
tuexen |
MFC r320653: Move to open state after plausibility checks.
When doing this too early, the MIB counters go wrong.
|
#
332167 |
|
07-Apr-2018 |
tuexen |
MFC r320650:
Don't hold a refcount on an stcb when it is not needed. This improves the consistency with other parts of the code.
|
#
331722 |
|
29-Mar-2018 |
eadler |
Revert r330897:
This was intended to be a non-functional change. It wasn't. The commit message was thus wrong. In addition it broke arm, and merged crypto related code.
Revert with prejudice.
This revert skips files touched in r316370 since that commit was since MFCed. This revert also skips files that require $FreeBSD$ property changes.
Thank you to those who helped me get out of this mess including but not limited to gonzo, kevans, rgrimes.
Requested by: gjb (re)
|
#
330897 |
|
14-Mar-2018 |
eadler |
Partial merge of the SPDX changes
These changes are incomplete but are making it difficult to determine what other changes can/should be merged.
No objections from: pfg
|
#
320457 |
|
28-Jun-2017 |
tuexen |
MFC r320263: Use a longer buffer for messages in ERROR chunks.
MFC r320264: Check the length of a COOKIE chunk before accessing fields in it.
MFC r320300: Handle sctp_get_next_param() in a consistent way.
Approved by: re (marius@)
|
#
315514 |
|
18-Mar-2017 |
ae |
MFC r304572 (by bz): Remove the kernel optoion for IPSEC_FILTERTUNNEL, which was deprecated more than 7 years ago in favour of a sysctl in r192648.
MFC r305122: Remove redundant sanity checks from ipsec[46]_common_input_cb().
This check already has been done in the each protocol callback.
MFC r309144,309174,309201 (by fabient): IPsec RFC6479 support for replay window sizes up to 2^32 - 32 packets.
Since the previous algorithm, based on bit shifting, does not scale with large replay windows, the algorithm used here is based on RFC 6479: IPsec Anti-Replay Algorithm without Bit Shifting. The replay window will be fast to be updated, but will cost as many bits in RAM as its size.
The previous implementation did not provide a lock on the replay window, which may lead to replay issues.
Obtained from: emeric.poupon@stormshield.eu Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D8468
MFC r309143,309146 (by fabient): In a dual processor system (2*6 cores) during IPSec throughput tests, we see a lot of contention on the arc4 lock, used to generate the IV of the ESP output packets.
The idea of this patch is to split this mutex in order to reduce the contention on this lock.
Update r309143 to prevent false sharing.
Reviewed by: delphij, markm, ache Approved by: so Obtained from: emeric.poupon@stormshield.eu Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D8130
MFC r313330: Merge projects/ipsec into head/.
Small summary -------------
o Almost all IPsec releated code was moved into sys/netipsec. o New kernel modules added: ipsec.ko and tcpmd5.ko. New kernel option IPSEC_SUPPORT added. It enables support for loading and unloading of ipsec.ko and tcpmd5.ko kernel modules. o IPSEC_NAT_T option was removed. Now NAT-T support is enabled by default. The UDP_ENCAP_ESPINUDP_NON_IKE encapsulation type support was removed. Added TCP/UDP checksum handling for inbound packets that were decapsulated by transport mode SAs. setkey(8) modified to show run-time NAT-T configuration of SA. o New network pseudo interface if_ipsec(4) added. For now it is build as part of ipsec.ko module (or with IPSEC kernel). It implements IPsec virtual tunnels to create route-based VPNs. o The network stack now invokes IPsec functions using special methods. The only one header file <netipsec/ipsec_support.h> should be included to declare all the needed things to work with IPsec. o All IPsec protocols handlers (ESP/AH/IPCOMP protosw) were removed. Now these protocols are handled directly via IPsec methods. o TCP_SIGNATURE support was reworked to be more close to RFC. o PF_KEY SADB was reworked: - now all security associations stored in the single SPI namespace, and all SAs MUST have unique SPI. - several hash tables added to speed up lookups in SADB. - SADB now uses rmlock to protect access, and concurrent threads can do SA lookups in the same time. - many PF_KEY message handlers were reworked to reflect changes in SADB. - SADB_UPDATE message was extended to support new PF_KEY headers: SADB_X_EXT_NEW_ADDRESS_SRC and SADB_X_EXT_NEW_ADDRESS_DST. They can be used by IKE daemon to change SA addresses. o ipsecrequest and secpolicy structures were cardinally changed to avoid locking protection for ipsecrequest. Now we support only limited number (4) of bundled SAs, but they are supported for both INET and INET6. o INPCB security policy cache was introduced. Each PCB now caches used security policies to avoid SP lookup for each packet. o For inbound security policies added the mode, when the kernel does check for full history of applied IPsec transforms. o References counting rules for security policies and security associations were changed. The proper SA locking added into xform code. o xform code was also changed. Now it is possible to unregister xforms. tdb_xxx structures were changed and renamed to reflect changes in SADB/SPDB, and changed rules for locking and refcounting.
Obtained from: Yandex LLC Relnotes: yes Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D9352
MFC r313331: Add removed headers into the ObsoleteFiles.inc.
MFC r313561 (by glebius): Move tcp_fields_to_net() static inline into tcp_var.h, just below its friend tcp_fields_to_host(). There is third party code that also uses this inline.
MFC r313697: Remove IPsec related PCB code from SCTP.
The inpcb structure has inp_sp pointer that is initialized by ipsec_init_pcbpolicy() function. This pointer keeps strorage for IPsec security policies associated with a specific socket. An application can use IP_IPSEC_POLICY and IPV6_IPSEC_POLICY socket options to configure these security policies. Then ip[6]_output() uses inpcb pointer to specify that an outgoing packet is associated with some socket. And IPSEC_OUTPUT() method can use a security policy stored in the inp_sp. For inbound packet the protocol-specific input routine uses IPSEC_CHECK_POLICY() method to check that a packet conforms to inbound security policy configured in the inpcb.
SCTP protocol doesn't specify inpcb for ip[6]_output() when it sends packets. Thus IPSEC_OUTPUT() method does not consider such packets as associated with some socket and can not apply security policies from inpcb, even if they are configured. Since IPSEC_CHECK_POLICY() method is called from protocol-specific input routine, it can specify inpcb pointer and associated with socket inbound policy will be checked. But there are two problems: 1. Such check is asymmetric, becasue we can not apply security policy from inpcb for outgoing packet. 2. IPSEC_CHECK_POLICY() expects that caller holds INPCB lock and access to inp_sp is protected. But for SCTP this is not correct, becasue SCTP uses own locks to protect inpcb.
To fix these problems remove IPsec related PCB code from SCTP. This imply that IP_IPSEC_POLICY and IPV6_IPSEC_POLICY socket options will be not applicable to SCTP sockets. To be able correctly check inbound security policies for SCTP, mark its protocol header with the PR_LASTHDR flag.
Differential Revision: https://reviews.freebsd.org/D9538
MFC r313746: Add missing check to fix the build with IPSEC_SUPPORT and without MAC.
MFC r313805: Fix LINT build for powerpc.
Build kernel modules support only when both IPSEC and TCP_SIGNATURE are not defined.
MFC r313922: For translated packets do not adjust UDP checksum if it is zero.
In case when decrypted and decapsulated packet is an UDP datagram, check that its checksum is not zero before doing incremental checksum adjustment.
MFC r314339: Document that the size of AH ICV for HMAC-SHA2-NNN should be half of NNN bits as described in RFC4868.
PR: 215978
MFC r314812: Introduce the concept of IPsec security policies scope.
Currently are defined three scopes: global, ifnet, and pcb. Generic security policies that IKE daemon can add via PF_KEY interface or an administrator creates with setkey(8) utility have GLOBAL scope. Such policies can be applied by the kernel to outgoing packets and checked agains inbound packets after IPsec processing. Security policies created by if_ipsec(4) interfaces have IFNET scope. Such policies are applied to packets that are passed through if_ipsec(4) interface. And security policies created by application using setsockopt() IP_IPSEC_POLICY option have PCB scope. Such policies are applied to packets related to specific socket. Currently there is no way to list PCB policies via setkey(8) utility.
Modify setkey(8) and libipsec(3) to be able distinguish the scope of security policies in the `setkey -DP` listing. Add two optional flags: '-t' to list only policies related to virtual *tunneling* interfaces, i.e. policies with IFNET scope, and '-g' to list only policies with GLOBAL scope. By default policies from all scopes are listed.
To implement this PF_KEY's sadb_x_policy structure was modified. sadb_x_policy_reserved field is used to pass the policy scope from the kernel to userland. SADB_SPDDUMP message extended to support filtering by scope: sadb_msg_satype field is used to specify bit mask of requested scopes.
For IFNET policies the sadb_x_policy_priority field of struct sadb_x_policy is used to pass if_ipsec's interface if_index to the userland. For GLOBAL policies sadb_x_policy_priority is used only to manage order of security policies in the SPDB. For IFNET policies it is not used, so it can be used to keep if_index.
After this change the output of `setkey -DP` now looks like: # setkey -DPt 0.0.0.0/0[any] 0.0.0.0/0[any] any in ipsec esp/tunnel/87.250.242.144-87.250.242.145/unique:145 spid=7 seq=3 pid=58025 scope=ifnet ifname=ipsec0 refcnt=1 # setkey -DPg ::/0 ::/0 icmp6 135,0 out none spid=5 seq=1 pid=872 scope=global refcnt=1
Obtained from: Yandex LLC Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D9805
PR: 212018 Relnotes: yes Sponsored by: Yandex LLC
|
#
310773 |
|
29-Dec-2016 |
tuexen |
MFC r310590:
Whitespace changes.
The toolchain for processing the sources has been updated. No functional change.
|
#
310219 |
|
18-Dec-2016 |
tuexen |
MFC r309682:
Cleanup the names of SSN, SID, TSN, FSN, PPID and MID.
This made a couple of bugs visible in handling SSN wrap-arounds when using DATA chunks. Now bulk transfer seems to work fine... This fixes the issue reported in https://github.com/sctplab/usrsctp/issues/111
|
#
310218 |
|
18-Dec-2016 |
tuexen |
MFC r309607:
Whitespace changes.
The tools using to generate the sources has been updated and produces different whitespaces. Commit this seperately to avoid intermixing these with real code changes.
|
#
305080 |
|
30-Aug-2016 |
tuexen |
MFC r304736: When aborting an association, send the ABORT before notifying the upper layer. For the kernel this doesn't matter, for the userland stack, it does. While there, silence a clang warning when compiling it in userland.
MFC r304837: Fix a bug, where no SACK is sent when receiving a FORWARD-TSN or I-FORWARD-TSN chunk before any DATA or I-DATA chunk.
Thanks to Julian Cordes for finding this problem and prividing packetdrill scripts to reporduce the issue.
|
#
303956 |
|
11-Aug-2016 |
tuexen |
MFC r303792: Fix various bugs in relation to the I-DATA chunk support This is joint work with rrs.
MFC r303793: Mark an unused parameter as such.
MFC r303798: Don't modify a structure without holding a reference count on it.
MFC r303813: Remove stream queue entry consistently from wheel. While there, improve the handling of drain.
MFC r303819: Consistently check for unsent data on the stream queues.
MFC r303831: Fix a locking issue found by stress testing with tsctp. The inp read lock neeeds to be held when considering control->do_not_ref_stcb.
MFC r303834: Fix the sending of FORWARD-TSN and I-FORWARD-TSN chunks. The last SID/SSN pair wasn't filled in. Thanks to Julian Cordes for providing a packetdrill script triggering the issue and making me aware of the bug.
Approved by: re (kib)
|