upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-27 03:33:51 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/net
History
Kristof Provost 650607380c pf: protect the rpool from races 
The roundrobin pool stores its state in the rule, which could
potentially lead to invalid addresses being returned.

For example, thread A just executed PF_AINC(&rpool->counter) and
immediately afterwards thread B executes PF_ACPY(naddr, &rpool->counter)
(i.e. after the pf_match_addr() check of rpool->counter).

Lock the rpool with its own mutex to prevent these races. The
performance impact of this is expected to be low, as each rule has its
own lock, and the lock is also only relevant when state is being created
(so only for the initial packets of a connection, not for all traffic).

See also:	https://redmine.pfsense.org/issues/12660
Reviewed by:	glebius
MFC after:	3 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D33874

(cherry picked from commit 5f5e32f1b3)
2022-02-04 11:37:14 +01:00
..
altq altq: Fix panics on rmc_restart() 2021-08-30 10:02:14 +02:00
route routing: Use the same index space for both nexthop and nexthop groups. 2021-12-04 19:03:05 +00:00
bpf.c vlan: deduplicate bpf_setpcp() and pf_ieee8021q_setpcp() 2021-08-02 16:50:32 +02:00
bpf.h bpf: Add an ioctl to set the VLAN Priority on packets sent by bpf 2021-08-02 16:50:32 +02:00
bpf_buffer.c Add an external mbuf buffer type that holds multiple unmapped pages. 2019-06-29 00:48:33 +00:00
bpf_buffer.h
bpf_filter.c
bpf_jitter.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
bpf_jitter.h Make UMA and malloc(9) return non-executable memory in most cases. 2018-06-13 17:04:41 +00:00
bpf_zerocopy.c Change synchonization rules for vm_page reference counting. 2019-09-09 21:32:42 +00:00
bpf_zerocopy.h
bpfdesc.h bpf: Add an ioctl to set the VLAN Priority on packets sent by bpf 2021-08-02 16:50:32 +02:00
bridgestp.c bridgestp: validate timer values in config BPDU 2021-05-18 12:00:38 +02:00
bridgestp.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
debugnet.c debugnet: Include some required headers 2021-09-21 09:37:42 -04:00
debugnet.h Implement NetGDB(4) 2019-10-17 21:33:01 +00:00
debugnet_inet.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
debugnet_int.h Implement NetGDB(4) 2019-10-17 21:33:01 +00:00
dlt.h MFV r353141 (by phillip): 2019-12-21 21:01:03 +00:00
ethernet.h ifconfig: Minor documentation fix 2021-05-10 03:48:05 +03:00
firewire.h
ieee8023ad_lacp.c LACP: When suppressing distributing, return ENOBUFS 2020-11-18 14:55:49 +00:00
ieee8023ad_lacp.h LACP: When suppressing distributing, return ENOBUFS 2020-11-18 14:55:49 +00:00
ieee_oui.h Fix a typo in r349969 2019-07-14 03:49:48 +00:00
if.c net: Enter a net epoch around protocol if_up/down notifications 2021-09-17 09:13:09 -04:00
if.h Widen ifnet_detach_sxlock coverage 2021-02-17 14:12:54 +01:00
if_arp.h Improve ARP logging. 2019-03-09 01:12:59 +00:00
if_bridge.c if_bridge: add ALTQ support 2021-09-01 15:27:01 +02:00
if_bridgevar.h bridge: fix STP roles and protos strings 2021-02-04 15:22:45 +01:00
if_clone.c MFC 53729367d3: Fix subinterface vlan creation. 2021-02-04 22:21:00 +00:00
if_clone.h epair: Do not abuse params to register the second interface 2020-01-28 22:44:24 +00:00
if_dead.c This adds the third step in getting BBR into the tree. BBR and 2019-08-01 14:17:31 +00:00
if_debug.c
if_disc.c routing: Allow using IPv6 next-hops for IPv4 routes (RFC 5549). 2021-09-07 21:25:06 +00:00
if_dl.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
if_edsc.c if_edsc: generate an arbitrary MAC address 2020-03-02 02:45:57 +00:00
if_enc.c Consistently include opt_ipsec.h for consumers of <netipsec/ipsec.h>. 2020-05-29 19:22:40 +00:00
if_enc.h
if_epair.c if_epair: Also mark the flag of pair b with IFF_KNOWSEPOCH 2021-12-11 10:38:17 +01:00
if_ethersubr.c routing: Allow using IPv6 next-hops for IPv4 routes (RFC 5549). 2021-09-07 21:25:06 +00:00
if_fwsubr.c routing: Allow using IPv6 next-hops for IPv4 routes (RFC 5549). 2021-09-07 21:25:06 +00:00
if_gif.c if_gif: fix vnet shutdown panic 2021-11-29 15:44:39 +01:00
if_gif.h gif_transmit() must always be called in the network epoch. 2020-01-15 06:18:32 +00:00
if_gre.c routing: Allow using IPv6 next-hops for IPv4 routes (RFC 5549). 2021-09-07 21:25:06 +00:00
if_gre.h Add GRE-in-UDP encapsulation support as defined in RFC8086. 2019-04-24 09:05:45 +00:00
if_infiniband.c routing: Allow using IPv6 next-hops for IPv4 routes (RFC 5549). 2021-09-07 21:25:06 +00:00
if_ipsec.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
if_ipsec.h
if_lagg.c lagg: fix unused-but-set-variable 2021-11-26 04:40:56 +01:00
if_lagg.h Fix for IPoIB over lagg(4). 2020-12-29 17:35:06 +01:00
if_llatbl.c lltable: Add support for "child" LLEs holding encap for IPv4oIPv6 entries. 2021-09-07 21:02:58 +00:00
if_llatbl.h lltable: Add support for "child" LLEs holding encap for IPv4oIPv6 entries. 2021-09-07 21:02:58 +00:00
if_llc.h
if_loop.c routing: Allow using IPv6 next-hops for IPv4 routes (RFC 5549). 2021-09-07 21:25:06 +00:00
if_me.c routing: Allow using IPv6 next-hops for IPv4 routes (RFC 5549). 2021-09-07 21:25:06 +00:00
if_media.c if_media.c SIOCGMEDIAX handler: improve loop 2020-11-03 14:33:04 +00:00
if_media.h if_media: definitions for 40GE LM4 ethernet media type 2020-09-16 14:45:16 +00:00
if_mib.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
if_mib.h
if_pflog.h if_pflog: fix packet length 2021-12-11 10:38:50 +01:00
if_pfsync.h pfsync: Expose PFSYNCF_OK flag to userspace 2021-05-10 21:45:57 +02:00
if_sppp.h
if_spppfr.c
if_spppsubr.c routing: Allow using IPv6 next-hops for IPv4 routes (RFC 5549). 2021-09-07 21:25:06 +00:00
if_stf.c if_stf: style(9) pass 2021-12-01 16:53:19 +01:00
if_tap.h tap: add support for virtio-net offloads 2019-10-18 21:53:27 +00:00
if_tun.h if_tuntap(4): Add TUNGIFNAME 2019-07-25 22:23:34 +00:00
if_tuntap.c routing: Allow using IPv6 next-hops for IPv4 routes (RFC 5549). 2021-09-07 21:25:06 +00:00
if_types.h Add support for IP over infiniband, IPoIB, to lagg(4). Currently only 2020-10-22 09:47:12 +00:00
if_var.h Enforce check for using the return result for ifa?_try_ref(). 2021-09-07 21:01:31 +00:00
if_vlan.c Retore the vnet before returning an error. 2021-09-05 18:25:44 -04:00
if_vlan_var.h vlan: deduplicate bpf_setpcp() and pf_ieee8021q_setpcp() 2021-08-02 16:50:32 +02:00
if_vxlan.c mbuf: add a way to mark flowid as calculated from the internal headers 2021-04-07 06:32:39 +03:00
if_vxlan.h if_vxlan(4): add support for hardware assisted checksumming, TSO, and RSS. 2020-09-18 02:37:57 +00:00
ifdi_if.m iflib: Stop interface before (un)registering VLAN 2020-04-27 22:02:44 +00:00
iflib.c Make CPU_SET macros compliant with other implementations 2022-01-14 18:17:30 +02:00
iflib.h iflib: Make if_shared_ctx_t a pointer to const 2021-03-22 11:42:18 -04:00
iflib_clone.c iflib: Fix detach of pseudo interfaces 2021-02-24 10:20:55 -05:00
iflib_private.h - Replace unused and only ever written to members of public iflib(9) 2019-06-15 11:07:41 +00:00
ifq.h Make net/ifq.h C++ friendly 2020-11-20 14:45:45 +00:00
infiniband.h Factor out generic IP over infiniband, IPoIB, definitions and code 2020-10-22 09:09:53 +00:00
mp_ring.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
mp_ring.h mp_ring: avoid items offset difference between iflib and mp_ring 2019-01-03 23:06:05 +00:00
mppc.h
mppcc.c kernel: provide panicky version of __unreachable 2020-05-13 18:07:37 +00:00
mppcd.c
netisr.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
netisr.h
netisr_internal.h
netmap.h netmap: monitor: add a flag to distinguish packet direction 2021-09-26 14:00:04 +00:00
netmap_legacy.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
netmap_user.h netmap: fix constness warnings generated by "-Wcast-qual" 2020-10-03 09:33:29 +00:00
netmap_virt.h netmap: disable passthrough with no hypervisor support 2020-01-13 21:47:23 +00:00
paravirt.h
pfil.c Since now drivers that support pfil run their interrupts in the network 2020-01-23 01:49:22 +00:00
pfil.h Most Ethernet drivers that potentially can run a pfil(9) hook with 2019-03-10 17:20:09 +00:00
pfkeyv2.h Add SADB_SAFLAGS_ESN flag 2020-10-16 11:22:29 +00:00
pfvar.h pf: protect the rpool from races 2022-02-04 11:37:14 +01:00
ppp_defs.h
radix.c routing: Fix crashes with dpdk_lpm[46] algo. 2021-09-07 21:02:58 +00:00
radix.h routing: Fix crashes with dpdk_lpm[46] algo. 2021-09-07 21:02:58 +00:00
raw_cb.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
raw_cb.h
raw_usrreq.c socket: Implement SO_RERROR 2021-08-10 18:54:00 -07:00
rndis.h Hyper-V: hn: Enable vSwitch RSC support in hn netvsc driver 2021-03-29 03:20:03 -07:00
route.c routing: fix source address selection rules for IPv4 over IPv6. 2021-12-04 19:02:52 +00:00
route.h routing: Allow using IPv6 next-hops for IPv4 routes (RFC 5549). 2021-09-07 21:25:06 +00:00
rss_config.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
rss_config.h
rtsock.c Add required sysctl name length checks to various handlers 2021-07-29 20:32:58 -04:00
sff8436.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
sff8472.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
slcompress.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
slcompress.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
toeplitz.c
toeplitz.h
vnet.c Widen ifnet_detach_sxlock coverage 2021-02-17 14:12:54 +01:00
vnet.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00