upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-19 21:49:14 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/netinet
History
Eugene Grosbein 8132e95909 libalias: fix subtle racy problem in outside-inside forwarding 
sys/netinet/libalias/alias_db.c has internal static function UseLink()
that passes a link to CleanupLink() to verify if the link has expired.
If so, UseLink() may return NULL.

_FindLinkIn()'s usage of UseLink() is not quite correct.

Assume there is "redirect_port udp" configured to forward incoming
traffic for specific port to some internal address.
Such a rule creates partially specified permanent link.

After first such packet libalias creates new fully specifiled
temporary LINK_UDP with default timeout 60 seconds.
Also, in case of low traffic libalias may assign "timestamp"
for this new temporary link way in the past because
LibAliasTime is updated seldom and can keep old value
for tens of seconds, and it will be used for the temporary link.

It may happen that next incoming packet for redirected port
passed to _FindLinkIn() results in a call to UseLink()
that returns NULL due to detected expiration.
Immediate return of NULL results in broken translation:
either a packet is dropped (deny_incoming mode) or delivered to
original destination address instead of internal one.

Fix it with additional check for NULL to proceed with a search
for original partially specified link. In case of UDP,
it also recreates temporary fully specified link
with a call to ReLink().

Practical examples are "redirect_port udp" rules for unidirectional
SYSLOG protocol (port 514) or some low volume VPN encapsulated in UDP.

Thanks to Peter Much for initial analysis and first version of a patch.

Reported by:	Peter Much <pmc@citylink.dinoex.sub.org>
PR:		269770
MFC after:	1 week
2024-08-19 10:34:37 +07:00
..
cc tcp cc: clean up some un-used cc_var flags 2024-08-15 09:33:04 -04:00
khelp sys: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:00 -07:00
libalias libalias: fix subtle racy problem in outside-inside forwarding 2024-08-19 10:34:37 +07:00
netdump netdump: Check the return value of ifunit_ref() 2023-10-02 08:09:26 -04:00
tcp_stacks Non-tested experimental code removal. 2024-08-09 09:01:57 -04:00
accf_data.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
accf_dns.c sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
accf_http.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
accf_tls.c accf_tls: accept filter that waits for TLS handshake header 2024-04-24 17:53:10 -07:00
dccp.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
icmp6.h sys/netinet/icmp6.h: Fix build 2024-05-23 14:03:55 -07:00
icmp_var.h netinet: add a probe point for IP, IP6, ICMP, ICMP6, UDP and TCP stats counters 2024-04-08 17:29:59 +02:00
if_ether.c Support ARP for 802 networks 2024-04-23 12:30:53 -04:00
if_ether.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
igmp.c netinet: Remove stale references to Giant from comments 2024-01-27 13:51:13 -05:00
igmp.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
igmp_var.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
in.c netinet: correct SIOCDIFADDR{,_IN6} calls to use {,in6_}ifreq 2024-07-22 14:17:21 +00:00
in.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
in_cksum.c sys: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:00 -07:00
in_debug.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
in_fib.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
in_fib.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
in_fib_algo.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
in_fib_dxr.c fib_dxr: code hygiene, prune old code, no functional changes 2024-05-17 18:57:25 +02:00
in_gif.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
in_jail.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
in_kdtrace.c tcp: improve SEG.ACK validation 2024-07-21 11:37:35 +02:00
in_kdtrace.h tcp: improve SEG.ACK validation 2024-07-21 11:37:35 +02:00
in_mcast.c netinet: Remove stale references to Giant from comments 2024-01-27 13:51:13 -05:00
in_pcb.c in_pcb: don't leak credential refcounts on error 2024-05-01 08:41:26 +02:00
in_pcb.h inpcb: fully retire inp_ppcb pointer 2024-03-29 12:18:32 -07:00
in_pcb_var.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
in_prot.c Fix 'security.bsd.see_jail_proc' by using cr_bsd_visible() 2023-09-28 11:59:08 -03:00
in_proto.c sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
in_rmx.c sys: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:00 -07:00
in_rss.c sys: Remove $FreeBSD$: two-line .c pattern 2023-08-16 11:54:30 -06:00
in_rss.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
in_systm.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
in_var.h pf: simplify pf_addrcpy() and pf_match_addr() 2024-06-06 15:45:31 +02:00
ip.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
ip6.h netinet: Define IPv6 ECN mask 2024-01-03 12:56:28 -05:00
ip_carp.c carp: isolate VRRP from CARP 2024-05-08 13:19:04 +02:00
ip_carp.h carp: support VRRPv3 2024-05-08 13:19:03 +02:00
ip_carp_nl.h carp: support VRRPv3 2024-05-08 13:19:03 +02:00
ip_divert.c divert: just return EOPNOTSUPP on shutdown(2) 2024-01-12 02:04:04 -08:00
ip_divert.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
ip_dummynet.h dummynet: add simple gilbert-elliott channel model 2023-12-17 13:20:45 +01:00
ip_ecn.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
ip_ecn.h sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
ip_encap.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
ip_encap.h sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
ip_fastfwd.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
ip_fw.h ipfw: Fix a typo in a source code comment 2024-05-12 10:53:40 +02:00
ip_gre.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
ip_icmp.c icmp: correct the assertion that checks limit + jitter 2024-04-08 16:54:19 -07:00
ip_icmp.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
ip_id.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
ip_input.c pfil: PFIL_PASS never frees the mbuf 2024-01-29 14:10:19 +01:00
ip_mroute.c ip_mroute: Use NET_EPOCH_WAIT() macro 2024-06-24 17:57:14 +08:00
ip_mroute.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
ip_options.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
ip_options.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
ip_output.c ipsec_output(): add mtu argument 2024-07-12 06:29:31 +03:00
ip_reass.c vnet: (read) lock the vnet list while iterating it 2023-12-07 13:34:47 +01:00
ip_var.h netinet: add a probe point for IP, IP6, ICMP, ICMP6, UDP and TCP stats counters 2024-04-08 17:29:59 +02:00
pim.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
pim_var.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
raw_ip.c Revert "sockets: retire sorflush()" 2024-02-03 13:08:41 -08:00
sctp.h sys: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:00 -07:00
sctp_asconf.c sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_asconf.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_auth.c sctp: cleanup locking for notifications 2023-09-08 16:20:51 +02:00
sctp_auth.h sctp: cleanup SCTP AUTH related notification 2023-09-08 13:13:43 +02:00
sctp_bsd_addr.c sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_bsd_addr.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_cc_functions.c sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_constants.h sctp: make sure all SCTP RESET notifications use sctp_ulp_notify() 2023-09-08 14:19:56 +02:00
sctp_crc32.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
sctp_crc32.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_header.h sctp: store heartbeat creation time as time_t 2024-05-10 20:40:15 +02:00
sctp_indata.c sctp: improve input validation for data chunks 2024-08-03 13:27:18 +02:00
sctp_indata.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_input.c sctp: store cookie secret change time as time_t 2024-05-10 20:14:16 +02:00
sctp_input.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_kdtrace.c sys: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:00 -07:00
sctp_kdtrace.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_lock_bsd.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_module.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
sctp_os.h sockets: don't malloc/free sockaddr memory on getpeername/getsockname 2023-11-30 08:31:10 -08:00
sctp_os_bsd.h sockets: don't malloc/free sockaddr memory on getpeername/getsockname 2023-11-30 08:31:10 -08:00
sctp_output.c sctp: store heartbeat creation time as time_t 2024-05-10 20:40:15 +02:00
sctp_output.h sctp: improve sending of packets containing an INIT ACK chunk 2024-02-24 19:16:36 +01:00
sctp_pcb.c sctp: store vtag expire time as time_t 2024-05-10 20:28:38 +02:00
sctp_pcb.h sctp: store vtag expire time as time_t 2024-05-10 20:28:38 +02:00
sctp_peeloff.c sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_peeloff.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_ss_functions.c sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_structs.h sctp: cleanup handling of graceful shutdown of the peer 2023-08-19 12:35:49 +02:00
sctp_syscalls.c ktrace: log genio events on failed write 2024-03-04 23:44:09 -06:00
sctp_sysctl.c sctp: minor clean 2023-11-06 11:04:15 +01:00
sctp_sysctl.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_timer.c sys: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:00 -07:00
sctp_timer.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_uio.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_usrreq.c sctp: allow stcb == NULL in sctp_shutdown() 2024-05-09 00:43:28 +02:00
sctp_var.h sockets: make pr_shutdown fully protocol specific method 2024-01-16 10:30:37 -08:00
sctputil.c sctp: improve heartbeat timer computation 2024-05-10 21:02:56 +02:00
sctputil.h sctp: make sure all SCTP RESET notifications use sctp_ulp_notify() 2023-09-08 14:19:56 +02:00
siftr.c siftr: remove the shutdown_pre_sync event handler on unload 2024-07-19 08:09:58 +02:00
tcp.h Non-tested experimental code removal. 2024-08-09 09:01:57 -04:00
tcp_accounting.h Move access to tcp's t_logstate into inline functions and provide new tracepoint and bbpoint capabilities. 2023-03-16 11:43:16 -04:00
tcp_ecn.c tcp: commonize check for more data to send, style changes 2024-01-26 01:20:35 +01:00
tcp_ecn.h tcp: AccECN access ACE field by shifting bits 2024-01-26 00:16:22 +01:00
tcp_fastopen.c tcp_fastopen: Fix a typo in a source code comment 2024-01-22 21:49:47 +01:00
tcp_fastopen.h sockets: remove unused KPIs to manipulate sockets 2024-03-18 08:50:30 -07:00
tcp_fsm.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
tcp_hostcache.c tcp_hostcache: remove unnecessary socketvar.h 2024-05-07 14:15:49 -07:00
tcp_hpts.c tcp hpts: initialize variable 2024-04-05 17:30:31 +02:00
tcp_hpts.h HTPS has actually three states not two so the macro needs to account for that. 2024-03-01 15:21:15 -05:00
tcp_input.c tcp: implement challenge ACK throttling for the base stack 2024-07-25 13:54:52 +02:00
tcp_log_buf.c tcp bblog: use correct length 2024-03-27 14:31:48 +01:00
tcp_log_buf.h Non-tested experimental code removal. 2024-08-09 09:01:57 -04:00
tcp_lro.c kern/subr_trap.c: repair the HPTS performance hack in userret() 2023-12-04 10:19:46 -08:00
tcp_lro.h hpts/lro: make tcp_lro_flush_tcphpts() and tcp_run_hpts() pointers 2023-12-04 10:19:46 -08:00
tcp_lro_hpts.c TCP LRO: add dtrace probe points 2024-03-08 10:21:09 +01:00
tcp_offload.c tcp_fill_info(): Change lock assertion on INPCB to locked only 2023-08-22 20:33:49 +02:00
tcp_offload.h sockets: remove unused KPIs to manipulate sockets 2024-03-18 08:50:30 -07:00
tcp_output.c ipsec_offload: handle TSO if supported 2024-07-12 06:29:32 +03:00
tcp_pcap.c sys: Style fix for M_EXT | M_EXTPG 2023-12-28 11:17:59 -08:00
tcp_pcap.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
tcp_ratelimit.c tcp_ratelimit: provide an api for drivers to release ratesets at detach 2024-08-05 12:51:35 -04:00
tcp_ratelimit.h tcp_ratelimit: provide an api for drivers to release ratesets at detach 2024-08-05 12:51:35 -04:00
tcp_reass.c sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
tcp_sack.c tcp: add sysctl to allow/disallow TSO during SACK loss recovery 2024-05-08 14:33:20 +02:00
tcp_seq.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
tcp_stats.c sys: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:00 -07:00
tcp_subr.c tcp: initialize V_ts_offset_secret for all vnets 2024-08-09 16:12:22 +02:00
tcp_syncache.c tcp: retire sysctl variable functions_inherit_listen_socket_stack 2024-08-03 22:52:17 +02:00
tcp_syncache.h tcp: minor cleanup 2024-08-07 19:43:07 +02:00
tcp_timer.c TCP can be subject to Sack Attacks lets fix this issue. 2024-05-05 09:08:47 -04:00
tcp_timer.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
tcp_timewait.c tcp: improve consistency 2024-04-06 10:02:06 +02:00
tcp_usrreq.c ddb: update printing of t_flags and tflags2 2024-08-05 11:17:30 +02:00
tcp_var.h tcp: fix t_flags2 collision 2024-08-03 21:49:18 +02:00
tcpip.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
toecore.c tcp_fill_info(): Change lock assertion on INPCB to locked only 2023-08-22 20:33:49 +02:00
toecore.h inpcb: remove unused KPIs to manipulate inpcbs 2024-03-18 08:49:39 -07:00
udp.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
udp_usrreq.c Revert "udp: improve handling of cached route" 2024-07-30 11:46:27 +02:00
udp_var.h udp_var: correct intoudpcb macro unintended identifier dependency 2024-06-14 17:28:28 +02:00
udplite.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00