CVS commit: src

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src
From: David Young <dyoung%netbsd.org@localhost>
Date: Sat, 9 Dec 2006 05:33:10 +0000 (UTC)

Module Name:    src
Committed By:   dyoung
Date:           Sat Dec  9 05:33:10 UTC 2006

Modified Files:
        src/distrib/sets/lists/comp: mi
        src/sys/dist/ipf/netinet: ip_fil_netbsd.c
        src/sys/dist/pf/net: pf.c
        src/sys/net: if_gif.h if_stf.c route.c route.h
        src/sys/netatalk: at_proto.c
        src/sys/netbt: bt_proto.c
        src/sys/netinet: Makefile files.netinet in_gif.c in_pcb.c in_proto.c
            ip_flow.c ip_icmp.c ip_input.c ip_output.c tcp_input.c
        src/sys/netinet6: frag6.c icmp6.c in6_gif.c in6_pcb.c in6_proto.c
            in6_src.c ip6_forward.c ip6_input.c ip6_output.c ipsec.c nd6_nbr.c
        src/sys/netipsec: ipsec_output.c key.c
        src/sys/netiso: clnp_er.c clnp_raw.c clnp_subr.c if_eon.c iso_pcb.c
            iso_proto.c tp_iso.c
        src/sys/netkey: key.c
        src/sys/sys: domain.h
Added Files:
        src/sys/netinet: in_route.c in_route.h

Log Message:
Here are various changes designed to protect against bad IPv4
routing caused by stale route caches (struct route).  Route caches
are sprinkled throughout PCBs, the IP fast-forwarding table, and
IP tunnel interfaces (gre, gif, stf).

Stale IPv6 and ISO route caches will be treated by separate patches.

Thank you to Christoph Badura for suggesting the general approach
to invalidating route caches that I take here.

Here are the details:

Add hooks to struct domain for tracking and for invalidating each
domain's route caches: dom_rtcache, dom_rtflush, and dom_rtflushall.

Introduce helper subroutines, rtflush(ro) for invalidating a route
cache, rtflushall(family) for invalidating all route caches in a
routing domain, and rtcache(ro) for notifying the domain of a new
cached route.

Chain together all IPv4 route caches where ro_rt != NULL.  Provide
in_rtcache() for adding a route to the chain.  Provide in_rtflush()
and in_rtflushall() for invalidating IPv4 route caches.  In
in_rtflush(), set ro_rt to NULL, and remove the route from the
chain.  In in_rtflushall(), walk the chain and remove every route
cache.

In rtrequest1(), call rtflushall() to invalidate route caches when
a route is added.

In gif(4), discard the workaround for stale caches that involves
expiring them every so often.

Replace the pattern 'RTFREE(ro->ro_rt); ro->ro_rt = NULL;' with a
call to rtflush(ro).

Update ipflow_fastforward() and all other users of route caches so
that they expect a cached route, ro->ro_rt, to turn to NULL.

Take care when moving a 'struct route' to rtflush() the source and
to rtcache() the destination.

In domain initializers, use .dom_xxx tags.

KNF here and there.


To generate a diff of this commit:
cvs rdiff -r1.981 -r1.982 src/distrib/sets/lists/comp/mi
cvs rdiff -r1.28 -r1.29 src/sys/dist/ipf/netinet/ip_fil_netbsd.c
cvs rdiff -r1.31 -r1.32 src/sys/dist/pf/net/pf.c
cvs rdiff -r1.13 -r1.14 src/sys/net/if_gif.h
cvs rdiff -r1.54 -r1.55 src/sys/net/if_stf.c
cvs rdiff -r1.81 -r1.82 src/sys/net/route.c
cvs rdiff -r1.47 -r1.48 src/sys/net/route.h
cvs rdiff -r1.10 -r1.11 src/sys/netatalk/at_proto.c
cvs rdiff -r1.5 -r1.6 src/sys/netbt/bt_proto.c
cvs rdiff -r1.16 -r1.17 src/sys/netinet/Makefile \
    src/sys/netinet/files.netinet
cvs rdiff -r1.51 -r1.52 src/sys/netinet/in_gif.c
cvs rdiff -r1.110 -r1.111 src/sys/netinet/in_pcb.c
cvs rdiff -r1.79 -r1.80 src/sys/netinet/in_proto.c
cvs rdiff -r0 -r1.1 src/sys/netinet/in_route.c src/sys/netinet/in_route.h
cvs rdiff -r1.36 -r1.37 src/sys/netinet/ip_flow.c
cvs rdiff -r1.105 -r1.106 src/sys/netinet/ip_icmp.c
cvs rdiff -r1.238 -r1.239 src/sys/netinet/ip_input.c
cvs rdiff -r1.169 -r1.170 src/sys/netinet/ip_output.c
cvs rdiff -r1.257 -r1.258 src/sys/netinet/tcp_input.c
cvs rdiff -r1.31 -r1.32 src/sys/netinet6/frag6.c src/sys/netinet6/in6_src.c
cvs rdiff -r1.123 -r1.124 src/sys/netinet6/icmp6.c
cvs rdiff -r1.45 -r1.46 src/sys/netinet6/in6_gif.c
cvs rdiff -r1.78 -r1.79 src/sys/netinet6/in6_pcb.c
cvs rdiff -r1.68 -r1.69 src/sys/netinet6/in6_proto.c
cvs rdiff -r1.50 -r1.51 src/sys/netinet6/ip6_forward.c
cvs rdiff -r1.91 -r1.92 src/sys/netinet6/ip6_input.c
cvs rdiff -r1.107 -r1.108 src/sys/netinet6/ip6_output.c
cvs rdiff -r1.111 -r1.112 src/sys/netinet6/ipsec.c
cvs rdiff -r1.66 -r1.67 src/sys/netinet6/nd6_nbr.c
cvs rdiff -r1.17 -r1.18 src/sys/netipsec/ipsec_output.c
cvs rdiff -r1.30 -r1.31 src/sys/netipsec/key.c
cvs rdiff -r1.18 -r1.19 src/sys/netiso/clnp_er.c
cvs rdiff -r1.24 -r1.25 src/sys/netiso/clnp_raw.c
cvs rdiff -r1.22 -r1.23 src/sys/netiso/clnp_subr.c
cvs rdiff -r1.52 -r1.53 src/sys/netiso/if_eon.c
cvs rdiff -r1.33 -r1.34 src/sys/netiso/iso_pcb.c
cvs rdiff -r1.21 -r1.22 src/sys/netiso/iso_proto.c
cvs rdiff -r1.25 -r1.26 src/sys/netiso/tp_iso.c
cvs rdiff -r1.146 -r1.147 src/sys/netkey/key.c
cvs rdiff -r1.23 -r1.24 src/sys/sys/domain.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/sys/arch/alpha/conf
Next by Date: CVS commit: src/crypto/dist/ipsec-tools
Previous by Thread: CVS commit: src/sys/arch/alpha/conf
Next by Thread: CVS commit: src/crypto/dist/ipsec-tools
Indexes:

Home | Main Index | Thread Index | Old Index