pf: explicitly NULL state key pointers
After the pf_state_insert() call we may not use these pointers again.
Explicitly NULL them to ensure we don't.
Also NULL them out if we free the keys directly.
Reviewed by: glebius, markj
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D49553
(cherry picked from commit 592418343348bcf4355c249f53cff89ed90ea1f5)
pf: fix panic in pf_return()
We (correctly) NULL out sk and nk before calling pf_return(), but that
function still tried to use them to undo NAT transformations.
Store the old port numbers and use those rather than sk/nk.
This is a partial import of e11dacbf8484adc7bbb61b20fee3ab8385745925
(osport/odport), and the missing parts of
bdea9cbcf2decafeb4da5a0280313efccc09e1b3.
Direct commit to stable/14.
PR: 287254
pf: don't use state keys after pf_state_insert()
pf_state_insert() may free the state keys, it's not safe to access these
pointers after the call.
Introduce osrc/odst (similar to osport/odport) to store the original source and
destination addresses. This allows us to undo NAT transformations without having
to access the state keys.
Reviewed by: glebius, markj
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D49551
(cherry picked from commit bdea9cbcf2decafeb4da5a0280313efccc09e1b3)
netinet6: Do not forward or send ICMPv6 messages to the unspec address
As in f7174eb2b4c4 ("netinet: Do not forward or ICMP response to
INADDR_ANY"), the IPv6 stack should avoid sending packets to the
unspecified address. In particular:
- Make sure that we do not forward received packets to the unspecified
address; the check in ip6_input() catches this in the common case, but
after commit 40faf87894ff it's possible for a pfil hook to bypass this
check and pass the packet to ip6_forward() using the
PACKET_TAG_IPFORWARD tag.
- Make sure that we do not reflect packets back to the unspecified
address; RFC 4443 section 2.4 states that we must not generate error
messages in response to packets from the unspecified address.
Reviewed by: zlei, glebius
Reported by: Franco Fichtner <franco at opnsense.org>
MFC after: 1 month
Sponsored by: Klara, Inc.
Sponsored by: OPNsense
[3 lines not shown]
ifnet: Integrate if_unroute() into if_down()
if_unroute() is static since 2004 and is not used anywhere except for
if_down().
This also makes it easier to grep by the pattern `if_flags &= ~IFF_UP`.
No functional change intended.
Reviewed by: glebius
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D49356
(cherry picked from commit 0693c3f7cb3d9e5389863a0c131ddef799c77091)
sctp: compute address flags only for IPv6 addresses
Only call sctp_gather_internal_ifa_flags() for IPv6 addresses and
also compile this code only, when IPv6 is supported.
This fixes the compilation of IPv4 only kernels.
Reported by: bz@
Fixes: 6ab4b0c0df57 ("sctp: initilize local address flags correctly")
(cherry picked from commit 99c58ad021b2f7dc0496e16d313c5e28a552f0d0)
sctp: clear the SCTP_ADDR_VALID flag when removing an address
This flag is currently not read, therefore the bug had no
consequences.
(cherry picked from commit 2013c4e0dc73a7c7b05f48726af1a4931686ccef)
sctp: initilize local address flags correctly
Use the same routine for initilizing as for updating.
(cherry picked from commit 6ab4b0c0df57775fd6c288a0b7d0f5d2cad73481)
sctp: don't report unusable addresses via sysctl interface
When reporting the local addresses of an endpoint (inp without
stcb), ignore unusable addresses.
(cherry picked from commit 8f5f6680efa28135bf37f3def2aa71f35bd30333)
sctp: report address unavailability consistently
When binding to an address, which is not available, use
consistently EADDRNOTAVAIL.
(cherry picked from commit 79952cd7649b63fa312ecafcffb719f5060929d4)
sctp: fix mapping of interface address flags
Do not clear the SCTP_ADDR_IFA_UNUSEABLE flag, if it was set due
to the address being deprecated. Also don't declare tentative
addresses as unusable.
While there, cleanup the code.
PR: 230242
(cherry picked from commit 9639de2a6f7eec8b2158782fbfab3419d507fdc5)
in6_control_ioctl: correctly report errors from SIOCAIFADDR_IN6
we have to use 'goto out' here rather than 'break' because otherwise
error is set to 0, which means the error is not propagated back to the
caller.
Reviewed by: kp
(cherry picked from commit 1408670c90ae38fd51ea6aaabe46757bc880608e)
net/if_dl.h: add param names in prototypes
previously these _KERNEL functions were inconsistent, with some having
parameter names and some not. fix this by giving them all names, per
style(9).
Reviewed by: thj, des
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D50219
(cherry picked from commit 8c7d193e3cbe3d1c9a7f7869f1748bebefabaccf)
sys/net: add a new ether_vlanid_t type
ether_vlanid_t is a type to represent a VLAN ID, for example inside a
.1q tag. since this is specific to Ethernet, put it in net/ethernet.h.
change bridge to use the new type instead of uint{16,32}_t.
Reviewed by: adrian, kp
Differential Revision: https://reviews.freebsd.org/D49836
(cherry picked from commit 96f830456fd449c4cb5a7df8a2f6c3c96993b43e)
LinuxKPI: extend struct and enum for leds
An updated rtw88 driver requires minimal changes to leds.h. On
the positive side we can now remove the __DUMMY from the enum as we
actually have a valid field name.
Sponsored by: The FreeBSD Foundation
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D50002
(cherry picked from commit 69880fede78fc769ad417e5a984fb9fee7815d8b)
LinuxKPI: 802.11: introduce mlo field to sta
Driver updates introduce a new field "mlo" to the sta.
Add the field to the struct and initialize it in the 802.11 compat
code along with a IMPROVE so once we get to 11be we can deal with it.
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 71034267d861c183297bb209770004751f0e30c5)
bsdinstall: Use a login shell for final configuration.
If the user accepts our offer of a shell to perform final configuration
tasks before rebooting, start a login shell. This ensures it will have
the correct PATH and be able to install packages without issues.
PR: 286722
MFC after: 3 days
Reviewed by: jrtc27, allanjude, emaste
Differential Revision: https://reviews.freebsd.org/D50297
(cherry picked from commit 5870d6a1ef4ec5d6fc91d0f1635bca59e09a040d)
