Make divert-packet / divert(4) properly rdomain aware.
divert(4) only partially handled rtables / rdomains. While it was used
outbound, inbound packets did not check the rdomain. This is confusing
and incorrect.
Now inbound packets need to match the rdomain of the listening socket
so one needs to listen on the rdomain the packets come in.
If packets from multiple rdomains match the rule then userland
needs to listen on each rdomain. If not the packet will be dropped.
Report by Y Yang, et al from Tsinghua University
With and OK bluhm@ OK sashan@ mvs@
sndiod: Refactor and simplify the hello message handling
Use proper enums for the resource type (audio device, midithru port,
etc) in place of magic numbers and factor duplicated code.
No behavior change.
CCVS: ----------------------------------------------------------------------
Extend multicast router counter.
ip_mforward() contained a static variable that poorly implements a
rate limited log message. Replace the log with a counter, which
is MP-safe.
Also count drops due to time-to-live and hop-limit. As the default
ttl is 1, this is the most common pitfall when configuring a multicast
router. This counter helps debugging.
OK claudio@ deraadt@
For IPC_STAT (and KERN_SYSVIPC_SHM_INFO) the three fields
__shm_atimensec/__shm_dtimensec/_shm_ctimensec fields leak kernel memory
contents because we never initialize them, they should clearly be zero
until such time as we add more precision. The Tsinghua University group
suggested clearing these at export time, but the real problem is the
memory is being allocated without PR_ZERO.
ok kettenis mvs
Add a backoff retry mechanism for non-functional CAs
Many non-functional CAs never recover once they become non-functional
causing inefficiency in the operation of relying party instances.
The existing detection mechanism for non-functional CAs is changed into
a stateful backoff retry mechanism, eventually settling on retrying
broken CAs only once per day. Backoff helps reduce load on both the
RP and publication point sides of the house, reduces log clutter, and
improves RP run duration.
The sync schedule is reset if a given non-functional CA is discovered to
be in working order again (i.e., backoff is not applied to healthy CAs).
A few new statistics are exposed in the json & metrics outputs.
An interesting side-effect of this mechanism is that it appears to
obviate some of the need for a manually curated (and therefore, easily
outdated) skiplist.
OK claudio@ tb@
Switch to imsg_recv_ctl_peer and switch all consumers of struct peer over
to struct ctl_peer.
bgpd no longer dumps the full struct peer over imsg, so adjust here.
OK tb@
Implement imsg_send_ctl_peer() and imsg_recv_ctl_peer and struct ctl_peer
to export peer data to bgpctl.
IMSG_CTL_SHOW_NEIGHBOR exported struct peer with a lot of internal data
which leaks important information and works against our priv-sep model.
The new struct ctl_peer only includes data that is needed by bgpctl.
Triggered by a report from 7ASecurity
OK tb@
