HardenedBSD / src

HardenedBSD/src 94acddd — sys/netinet tcp_log_buf.c

18 hours ago by Michael Tuexen (tuexen) on ⎇

freebsd/current/main

tcp: improve initializing the fields in tcp_log_buffer

Initialize the fields in the tcp_log_buffer in the sequence they
appear in the structure and add the initialization of tlb_flex1,
tlb_flex2, and _pad[].

Reviewed by:            rrs, Peter Lei
MFC after:              3 days
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D49652

Delta		File
+8	-3	sys/netinet/tcp_log_buf.c
+8	-3	1 files

HardenedBSD/src 6e76489 — sys/netinet tcp_pcap.c tcp_pcap.h

3 days ago by Michael Tuexen (tuexen) on ⎇

freebsd/current/main

tcp: remove support for TCPPCAP

This feature could be used to store the last sent and received TCP
packets for a TCP endpoint. There was no utility to get these packets
from a live system or core.
This functionality is now provided by TCP Black Box Logging, which also
stores additional events. There are tools to get these traces from a
live system or a core.
Therefore remove TCPPCAP to avoid maintaining it, when it is not
used anymore.

Reviewed by:            rrs, rscheff, Peter Lei, glebiu
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D49589

Delta		File
+0	-452	sys/netinet/tcp_pcap.c
+0	-39	sys/netinet/tcp_pcap.h
+0	-33	sys/netinet/tcp_usrreq.c
+0	-24	sys/netinet/tcp_subr.c
+0	-12	sys/netinet/tcp_output.c
+0	-7	sys/netinet/tcp_input.c
+0	-567	8 files not shown
+5	-583	14 files

HardenedBSD/src f6deb9e — sys/netinet/tcp_stacks rack.c tcp_rack.h

4 days ago by Michael Tuexen (tuexen) on ⎇

freebsd/current/main

tcp rack: cleanup storing values for beta and beta_ecn

beta and beta_ecn were stored using a variable of type struct newreno
in struct rack_control. Later, struct newreno was extended and now
contains several more fields.
This results in a memory inefficiency and also in copying around
uninitialized memory.
This patch fixes this by storing beta and beta_ecn individually in
struct rack_control.
Please note that the newreno_flags field was only stored and never
used. Therefore, this is not stored anymore in struct rack_control.
No functional change intended.

CID:                    1523796
Reviewed by:            rrs
MFC after:              1 week
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D49578

Delta		File
+20	-25	sys/netinet/tcp_stacks/rack.c
+4	-3	sys/netinet/tcp_stacks/tcp_rack.h
+24	-28	2 files

HardenedBSD/src e862383 — sys/netinet sctp_pcb.c

4 days ago by Michael Tuexen (tuexen) on ⎇

freebsd/current/main

sctp: fix double unlock in case adding a remote address fails

Thanks to glebius@ for pointing to the problem.

Reported by:    syzbot+1d5c164f1c10de84ad8a at syzkaller.appspotmail.com
Fixes:          2d5c48eccd9f ("sctp: Tighten up locking around sctp_aloc_assoc()"
MFC after:      3 days

Delta		File
+0	-1	sys/netinet/sctp_pcb.c
+0	-1	1 files

HardenedBSD/src fbcf3b7 — sys/netinet tcp_input.c

14 days ago by Michael Tuexen (tuexen) on ⎇

freebsd/current/main

tcp: fix detection of bad RTOs

If timestamps are enabled, the actions performed by a retransmission
timeout were rolled back, when they should not.
It is needed to make sure the incoming segment advances SND.UNA.
To do this, remove the incorrect upfront check and extend the check in
the fast path to handle also the case of timestamps.

PR:                     282605
Reviewed by:            cc, rscheff, Peter Lei
MFC after:              3 days
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D49414

Delta		File
+7	-10	sys/netinet/tcp_input.c
+7	-10	1 files

HardenedBSD/src 6f27541 — sys/netinet/tcp_stacks rack.c

Feb 25 by Peter Lei via Michael Tuexen (tuexen) on ⎇

freebsd/current/main

tcp rack: cleanup accounting conditional checks

No functional change intended.

Reviewed by:    tuexen
MFC after:      1 week
Sponsored by:   Netflix, Inc.

Delta		File
+0	-30	sys/netinet/tcp_stacks/rack.c
+0	-30	1 files

HardenedBSD/src 0e58542 — sys/netinet tcp_var.h

Feb 25 by Peter Lei via Michael Tuexen (tuexen) on ⎇

freebsd/current/main

tcp: remove unused field from struct tcpcb

Reviewed by:    tuexen
Sponsored by:   Netflix, Inc.

Delta		File
+0	-1	sys/netinet/tcp_var.h
+0	-1	1 files

HardenedBSD/src 163c30c — sys/netinet/tcp_stacks tcp_rack.h rack.c

Feb 25 by Peter Lei via Michael Tuexen (tuexen) on ⎇

freebsd/current/main

tcp rack: remove dead code

Reviewed by:    tuexen
MFC after:      1 week
Sponsored by:   Netflix, Inc.

Delta		File
+0	-32	sys/netinet/tcp_stacks/tcp_rack.h
+1	-24	sys/netinet/tcp_stacks/rack.c
+1	-56	2 files

HardenedBSD/src ccd9c1e — sys/netinet ip_icmp.c, sys/netinet6 icmp6.c

Feb 12 by Michael Tuexen (tuexen) on ⎇

freebsd/14-stable/main

icmp: use per rate limit randomized jitter

Using the same random jitter for multiple rate limits allows an
attacker to use one rate limiter to figure out the current jitter
and then use this knowledge to de-randomize the other rate limiters.
This can be mitigated by using a separate randomized jitter for each
rate limiter.
This issue was reported as issue number 10 in Keyu Man et al.:
SCAD: Towards a Universal and Automated Network Side-Channel
Vulnerability Detection

Reviewed by:            rrs, Peter Lei, glebius
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D48804

(cherry picked from commit 923c223f27e792e51ca13c476428adbbf6887551)

Delta		File
+27	-23	sys/netinet6/icmp6.c
+12	-8	sys/netinet/ip_icmp.c
+39	-31	2 files

HardenedBSD/src 923c223 — sys/netinet ip_icmp.c, sys/netinet6 icmp6.c

Feb 10 by Michael Tuexen (tuexen) on ⎇

freebsd/current/main

icmp: use per rate limit randomized jitter

Using the same random jitter for multiple rate limits allows an
attacker to use one rate limiter to figure out the current jitter
and then use this knowledge to de-randomize the other rate limiters.
This can be mitigated by using a separate randomized jitter for each
rate limiter.
This issue was reported as issue number 10 in Keyu Man et al.:
SCAD: Towards a Universal and Automated Network Side-Channel
Vulnerability Detection

Reviewed by:            rrs, Peter Lei, glebius
MFC after:              3 days
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D48804

Delta		File
+27	-23	sys/netinet6/icmp6.c
+12	-8	sys/netinet/ip_icmp.c
+39	-31	2 files

HardenedBSD/src f284154 — sys/netinet/tcp_stacks bbr.c

Feb 5 by Michael Tuexen (tuexen) on ⎇

freebsd/14-stable/main

TCP BBR: remove dead code

No functional change intended.

Reviewed by:            Peter Lei, rrs (earlier version)
CID:                    1523802
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D48341

(cherry picked from commit e7fbf52a3e38c4bc4249e6541fe7e42ecc119656)

Delta		File
+0	-4	sys/netinet/tcp_stacks/bbr.c
+0	-4	1 files

HardenedBSD/src 0cc48e6 — sys/netinet/tcp_stacks rack.c

Feb 5 by Michael Tuexen (tuexen) on ⎇

freebsd/14-stable/main

TCP RACK: don't log an uninitialized value

reduce is uninitialized, if the code path for logging is reached via
goto old_method;.

Reviewed by:            rrs, Peter Lei
CID:                    1557359
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D48346

(cherry picked from commit 4c89d59e0cdac4d83fb5841aefae9214545b2273)

Delta		File
+3	-2	sys/netinet/tcp_stacks/rack.c
+3	-2	1 files

HardenedBSD/src 992f676 — sys/netinet/tcp_stacks rack.c

Feb 5 by Michael Tuexen (tuexen) on ⎇

freebsd/14-stable/main

TCP RACK: fix TCP_RACK_PACING_BETA socket option

Bring back the code, which was accidentally removed. While there,
indent a comment correctly.

Reviewed by:            rrs
CID:                    1540026
Fixes:                  e18b97bd63a8 ("Update to bring the rack stack with all its fixes in.")
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D48340

(cherry picked from commit e8ec28047df5185582a95c5211ed75682fad5ec5)

Delta		File
+7	-8	sys/netinet/tcp_stacks/rack.c
+7	-8	1 files

HardenedBSD/src c6f745a — sys/netinet/tcp_stacks bbr.c

Feb 5 by Michael Tuexen (tuexen) on ⎇

freebsd/14-stable/main

TCP BBR: remove dead code

No functional change intended.

Reviewed by:            rrs
CID:                    1523808
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D48338

(cherry picked from commit 061727efe1e355fb2fde1b05e92718543d05bfe7)

Delta		File
+0	-8	sys/netinet/tcp_stacks/bbr.c
+0	-8	1 files

HardenedBSD/src 2a704e9 — sys/netinet/tcp_stacks bbr.c

Feb 5 by Michael Tuexen (tuexen) on ⎇

freebsd/14-stable/main

TCP BBR: remove dead code

bw is unsigned and not zero. So it cannot be smaller than 1.
No functional change intended.

Reviewed by:            rrs, cc
CID:                    1523791
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D48323

(cherry picked from commit c28fefe1dc44b69743dd18d038440da38a2867a7)

Delta		File
+0	-3	sys/netinet/tcp_stacks/bbr.c
+0	-3	1 files

HardenedBSD/src 86ec7e5 — sys/netinet/tcp_stacks rack.c

Feb 5 by Michael Tuexen (tuexen) on ⎇

freebsd/14-stable/main

TCP RACK: fix TCP fast open

Do not jump to a place in the code, which requires several variables
to be set (segsize, minseg, idle, len, sb_offset), which is not true.
To avoid using these variables, start the HPTS timer explicitly.
This fix only applies to the client side using TCP fast open.

Approved by:            rrs
CID:                    1523766
CID:                    1523770
CID:                    1523786
CID:                    1523801
CID:                    1523809
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D48322

(cherry picked from commit bb9525f30214e8b6c53c6cccd9e8f02e8f8e8c42)

Delta		File
+5	-4	sys/netinet/tcp_stacks/rack.c
+5	-4	1 files

HardenedBSD/src 1d8bbe5 — sys/netinet/tcp_stacks rack.c

Feb 5 by Michael Tuexen (tuexen) on ⎇

freebsd/14-stable/main

TCP RACK: remove variable with is only initialized and not changed

minslot is initialized to 0 and never changed. It is not clear to me
under which condition minslot should be set to which value.
Therefore, remove it and the code checking that it is not zero.
No functional change intended.

Reviewed by:            rrs
CID:                    1523812
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D48321

(cherry picked from commit 84e894ce1309b426aa5d1a20ec194401f35dc478)

Delta		File
+0	-6	sys/netinet/tcp_stacks/rack.c
+0	-6	1 files

HardenedBSD/src 6ab740b — sys/netinet/tcp_stacks bbr.c

Feb 5 by Michael Tuexen (tuexen) on ⎇

freebsd/14-stable/main

TCP BBR: remove code which is not needed

rc_bbr_substate is a 3-bit unsigned int, so it can't be larger than
or equal to 8. The wrap around already happens.
No functional change intended.

Reviewed by:            rrs
CID:                    1523795
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D48320

(cherry picked from commit 4bce1a19fcfac0c9f22c11278daa510546ccd3f2)

Delta		File
+0	-4	sys/netinet/tcp_stacks/bbr.c
+0	-4	1 files

HardenedBSD/src 2632e53 — sys/netinet/tcp_stacks bbr.c

Feb 5 by Michael Tuexen (tuexen) on ⎇

freebsd/14-stable/main

TCP BBR: simplify expression

There is no need to check partially for bbr->r_ctl.crte being NULL,
since this can't be true in this path.
No functional change intended.

Reviewed by:            rrs
CID:                    1523810
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D48312

(cherry picked from commit 305c40dc552f9c150eacce95c181798031368cd9)

Delta		File
+1	-1	sys/netinet/tcp_stacks/bbr.c
+1	-1	1 files

HardenedBSD/src 221ac9e — sys/netinet/tcp_stacks rack.c

Feb 5 by Michael Tuexen (tuexen) on ⎇

freebsd/14-stable/main

TCP RACK: remove code that cannot be reached

No functional change intended.

Reviewed by:            rrs
CID:                    1523797
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D48301

(cherry picked from commit 41af5eeefc2c11d0e301f9f4476ba50214a8a584)

Delta		File
+0	-6	sys/netinet/tcp_stacks/rack.c
+0	-6	1 files

HardenedBSD/src c178bc1 — sys/netinet/tcp_stacks bbr.c

Feb 5 by Michael Tuexen (tuexen) on ⎇

freebsd/14-stable/main

TCP BBR: fix integer overflow

Use 64-bit arithmetic.

Reviewed by:            rrs
CID:                    1523806
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D48302

(cherry picked from commit 88766e7af52bbde32b14ad48fb76798a3ba4650c)

Delta		File
+1	-1	sys/netinet/tcp_stacks/bbr.c
+1	-1	1 files

HardenedBSD/src c3322bb — sys/netinet/tcp_stacks bbr.c

Feb 5 by Michael Tuexen (tuexen) on ⎇

freebsd/14-stable/main

TCP BBR: simplify expression

rsm cannot be NULL, when calling bbr_update_bbr_info().
So no need to check partially for it. No functional change intended.

Reviewed by:            rrs
CID:                    1523803
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D48293

(cherry picked from commit 4173a3a009a42c47f1ec2d1cbfb99347aaf195da)

Delta		File
+1	-1	sys/netinet/tcp_stacks/bbr.c
+1	-1	1 files

HardenedBSD/src 53da007 — sys/netinet/tcp_stacks rack.c

Feb 5 by Michael Tuexen (tuexen) on ⎇

freebsd/14-stable/main

TCP RACK: remove un-needed assignment

No functional change intended.

Reviewed by:            rrs
CID:                    1523768
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D48292

(cherry picked from commit deb4252e9e7c8d2eca9be6333caa434061f3f594)

Delta		File
+0	-1	sys/netinet/tcp_stacks/rack.c
+0	-1	1 files

HardenedBSD/src 6aa2c8e — sys/netinet/tcp_stacks rack.c

Feb 5 by Michael Tuexen (tuexen) on ⎇

freebsd/14-stable/main

TCP RACK: simplify condition

It is already known that rsm != NULL, so no need to check for it.

Reviewed by:            rrs
CID:                    1523815
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D48282

(cherry picked from commit 8471791eb6eeedaedd4d70e1076cfd143bf12fca)

Delta		File
+1	-1	sys/netinet/tcp_stacks/rack.c
+1	-1	1 files

HardenedBSD/src 3f45a8f — sys/netinet/tcp_stacks bbr.c

Feb 5 by Michael Tuexen (tuexen) on ⎇

freebsd/14-stable/main

TCP BBR: do not log an uninitialized value

Reviewed by:            rrs
CID:                    1523789
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D48281

(cherry picked from commit c7e81cc04369dd7bdd00519109efe9d75f53375c)

Delta		File
+1	-1	sys/netinet/tcp_stacks/bbr.c
+1	-1	1 files

HardenedBSD/src 080caa0 — sys/netinet/tcp_stacks rack.c

Feb 5 by Michael Tuexen (tuexen) on ⎇

freebsd/14-stable/main

TCP RACK: avoid using uninitialized tot_idle variable

Reviewed by:            rrs
CID:                    1540027
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D48277

(cherry picked from commit 3b9da3dcd11f3d73281383c4ba383a4fcc4b9bbe)

Delta		File
+2	-1	sys/netinet/tcp_stacks/rack.c
+2	-1	1 files

HardenedBSD/src 8a246ce — sys/netinet/tcp_stacks bbr.c

Feb 5 by Michael Tuexen (tuexen) on ⎇

freebsd/14-stable/main

TCP BBR: remove code which is never executed

USEC_2_TICKS() returns at least 1.

Reviewed by:            rrs
CID:                    1523775
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D4827

(cherry picked from commit 1781324db2bc22a971a33c5a063036b2775055c6)

Delta		File
+0	-2	sys/netinet/tcp_stacks/bbr.c
+0	-2	1 files

HardenedBSD/src 8ef4a2c — sys/netinet/tcp_stacks bbr.c

Feb 5 by Michael Tuexen (tuexen) on ⎇

freebsd/14-stable/main

TCP BBR: fix condition when sending a tail loss probe

Reviewed by:            rrs
CID:                    1523793
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D48274

(cherry picked from commit 5ec914e06c96ff40bf0e6567359c0de039b59ed2)

Delta		File
+1	-1	sys/netinet/tcp_stacks/bbr.c
+1	-1	1 files

HardenedBSD/src 3520068 — sys/netinet/tcp_stacks rack.c

Feb 5 by Michael Tuexen (tuexen) on ⎇

freebsd/14-stable/main

TCP RACK: add comment

Indicate that the missing of the break is intentionally.

Reviewed by:            rrs
CID:                    1523782
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D48273

(cherry picked from commit 0ce13b1d580f05f96e3d85afb0824f672cb0c7a2)

Delta		File
+1	-0	sys/netinet/tcp_stacks/rack.c
+1	-0	1 files

HardenedBSD/src b638491 — sys/netinet/tcp_stacks bbr.c

Feb 5 by Michael Tuexen (tuexen) on ⎇

freebsd/14-stable/main

TCP BBR: fix getsockopt() for TCP_BBR_USEDEL_RATE

Actually implement the IPPROTO_TCP-level socket option
TCP_BBR_USEDEL_RATE.

Reviewed by:            rrs
CID:                    1523813
CID:                    1523814
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D48261

(cherry picked from commit b47dcb4b1ff16e6af2e07798f6fe06580b4eddf0)

Delta		File
+6	-2	sys/netinet/tcp_stacks/bbr.c
+6	-2	1 files