Add route leak prevention (ASPA & RFC 9234) to the bgpd.conf example
The local node's own "role" (in relation to the other side) needs to be
specified to make ASPA work. Specifying the role also activates the very
convenient RFC 9234-based route leak prevention.
ASPA & RFC 9234 are complimentary mechanisms. ASPA uses the RPKI to help
identify implausible AS_PATHs. RFC 9234 uses an in-band signal (the OTC
attribute) to help form appropriate route propagation cones.
Just a handful of simple config lines make bgpd do carrier-grade filtering!
OK claudio@
sys_getlogin_r: Restore ERANGE behavior
Do not silently truncate the buffer, but let copyoutstr() enforce the
user-visible namelen size limit. That restores ERANGE.
ok mvs@
N_EXT is supposed to be a flag that indicates global/external symbols.
Also make sure that we add it to the type instead of overriding it.
This makes pstat -d work for static kernel variables.
ok deraadt@, jca@
Remove global variable from multicast routing.
Global variable struct sockaddr_in sin is used to pre-initialize
length and family. Changing sin_addr dynamically does not work in
a multiprocessor environment. Allocate and initialize sin on the
stack.
OK claudio@
Avoid C casts in multicast code by using correct type.
Instead of using caddr_t for if_mcast and if_mcast6 in struct ifnet,
use the correct pointer type for struct vif and mif6. This allows
to remove many casts in multicast routing code.
OK florian@
Silence gcc4 warning by setting nseg = 0. The dependency on newseg == 0,
which can only happen when nseg is also set, is to intranspatent for the
compiler to see through.
OK tb@
Avoid a bunch of useless checks, free(NULL) is valid.
While here, use a counter of type unsigned int, which is the same type
as rri_nrdatas in our termination condition. (In practice there can't
be more than 65k RRSets).
Andrew Griffiths pointed out that we'd leak memory if rri_rdatas or
rri_sigs are sparsely populated. In practice this will not happen but
it made me look.
OK deraadt
Remove IPv6 source routing from output path.
Routing header type 0 has been deprecated by RFC 5095 and we do not
support any other type. While OpenBSD blocks routing header in pf
and during the input path, IPv6 output still allowed the user to
generate them.
Remove the code to set IPV6_RTHDR with setsockopt(2) and return
"Protocol not available" error instead. Also delete the code in
ip6_output() to insert the routing header.
Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from
Tsinghua University using the GLM model from Z.ai.
reported that a regular user could attach deprecated routing header.
OK claudio@ florian@
Use ffs and slots &= slots - 1 to walk over the slots in a way to only
look at matches. Kills another branch in the hot path and reduces the
loop form 7 to the number of hits (which is close to 1).
On systems without native ffs instruction this can be a tiny bit slower
but modern systems have native ffs and there the speedup can be noticable.
Even systems without ffs benefit on lookup misses since the loop is skipped.
Based on a diff from Rango (kombucha at mm.st)
OK tb@
Allocate mbufs in high memory if only 64 bit DMA interfaces exist.
Mbufs on amd64 were allocated below 4 GB so that devices not capable
of 64 bit DMA can access the memory. Interface drivers use
BUS_DMA_64BIT to allow the DMA layer doing 64 bit transfers. Now
flag interfaces with IFXF_MBUF_64BIT that are capable of 64 bit DMA
on all their mbuf rings.
If only such interfaces exist in the system during amd64 boot,
allocate mbufs and mbuf clusters also in high memory. Other
architectures may be limited to 32 bit memory anyway or use an
IOMMU. On riscv64 or arm64 busses may exists that support less
than 64 bit, this will be handled later.
Hotplug devices that do not support 64 bit DMA will use bounce
buffering. By changing the flags in device drivers we can force
bounce buffering and find missing calls to bus_dmamap_sync().
OK kettenis@ deraadt@
isakmpd: Bound check ID-payload memcmp()
Make sure the ID supplied by the peer is the size anticipated from
the configuration. Only apply memcmp() if the size matches.
Otherwise, reject the ID right away.
ok markus@
isakmpd: Bound check decode_* in policy_callback() and attribute_unacceptable()
Before decoding 16-bit or 32-bit TLV values, verify that the provided
values have proper minimum size.
ok markus@
isakmpd: Bound check decode_16() in ipsec_decode_attribute()
Before decoding a 16 bit TLV value verify that the provided value
is at least 16 bit in size.
The LIFE_DURATION attributes will already be validated individually,
so just pass them on.
ok markus@
isakmpd: Bound check decode_16() in ipsec_is_attribute_incompatible()
Before decoding a 16 bit TLV value verify that the provided value
is at least 16 bit in size.
ok markus@
Implement ch_meta_locate() using some bit tricks to avoid branches and loops.
ch_haszero() first sets the high bit for every byte in lookup that is 0
and then uses a multiplaction plus shift to compact this bits into the
output.
Also use a multiplication with 0x0101010101010101 instead of the memset().
Modern compilers produce the same code but older ones produce a bit simpler
code this way.
Based on a diff from Rango (kombucha at mm.st)
OK tb@
isakmpd: Only call sa_isakmp_upgrade() when ISAKMP SAs actually exist
Informational and transactional exchanges do not have ISAKMP SAs.
Therefore only upgrade ISAKMP SAs when these actually exist.
ok markus@
