Date: Sun, 24 Jul 2016 14:50:17 +0000 (UTC) From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r303267 - in stable/11: sys/netinet usr.bin/netstat Message-ID: <201607241450.u6OEoH0W018514@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tuexen Date: Sun Jul 24 14:50:16 2016 New Revision: 303267 URL: https://svnweb.freebsd.org/changeset/base/303267 Log: MFC r302904: Fix a bug which results in a core dump when running netstat with the -W option and having a listening SCTP socket. The bug was introduced in r279122 when adding support for libxo. MFC r302907: When calling netstat -Laptcp the local address values are not aligned with the corresponding entry in the table header. r295136 increased the value width from 14 to 32 without the corresponding change to the table header. This commit adds the change to the table header width. MFC r302917: Ensure that the -a, -W, -L options for SCTP behave similar as for TCP. MFC r302928: Address a potential memory leak found a the clang static code analyzer running on the userland stack. MFC r302930: Don't free a data chunk twice. Found by the clang static code analyzer running for the userland stack. MFC r302935: Deal with a portential memory allocation failure, which was reported by the clang static code analyzer. Joint work with rrs@. MFC r302942: Add missing sctps_reasmusrmsgs counter. Joint work with rrs@. MFC r302945: Don't duplicate code for SCTP, just use the ones used for UDP and TCP. This fixes a bug with link local addresses. This will require and upcoming change in the kernel to bring SCTP to the same behaviour as UDP and TCP. MFC r302949: Fix the PR-SCTP behaviour. This is done by rrs@. MFC r302950: Add a constant required by RFC 7496. MFC r303024: netstat and sockstat expect the IPv6 link local addresses to have an embedded scope. So don't recover. MFC r303025: Use correct order of conditions to avoid NULL deref. MFC r303073: Fix a bug in deferred stream reset processing which results in using a length field before it is set. Thanks to Taylor Brandstetter for reporting the issue and providing a fix. Approved by: re (kib) Modified: stable/11/sys/netinet/sctp_auth.c stable/11/sys/netinet/sctp_constants.h stable/11/sys/netinet/sctp_header.h stable/11/sys/netinet/sctp_indata.c stable/11/sys/netinet/sctp_output.c stable/11/sys/netinet/sctp_sysctl.c stable/11/sys/netinet/sctp_uio.h stable/11/usr.bin/netstat/inet.c stable/11/usr.bin/netstat/sctp.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_auth.c ============================================================================== --- stable/11/sys/netinet/sctp_auth.c Sun Jul 24 14:42:11 2016 (r303266) +++ stable/11/sys/netinet/sctp_auth.c Sun Jul 24 14:50:16 2016 (r303267) @@ -542,7 +542,7 @@ sctp_insert_sharedkey(struct sctp_keyhea } } /* shouldn't reach here */ - return (0); + return (EINVAL); } void @@ -622,8 +622,11 @@ sctp_copy_skeylist(const struct sctp_key LIST_FOREACH(skey, src, next) { new_skey = sctp_copy_sharedkey(skey); if (new_skey != NULL) { - (void)sctp_insert_sharedkey(dest, new_skey); - count++; + if (sctp_insert_sharedkey(dest, new_skey)) { + sctp_free_sharedkey(new_skey); + } else { + count++; + } } } return (count); Modified: stable/11/sys/netinet/sctp_constants.h ============================================================================== --- stable/11/sys/netinet/sctp_constants.h Sun Jul 24 14:42:11 2016 (r303266) +++ stable/11/sys/netinet/sctp_constants.h Sun Jul 24 14:50:16 2016 (r303267) @@ -345,6 +345,7 @@ __FBSDID("$FreeBSD$"); #define SCTP_RTT_FROM_NON_DATA 0 #define SCTP_RTT_FROM_DATA 1 +#define PR_SCTP_UNORDERED_FLAG 0x0001 /* IP hdr (20/40) + 12+2+2 (enet) + sctp common 12 */ #define SCTP_FIRST_MBUF_RESV 68 Modified: stable/11/sys/netinet/sctp_header.h ============================================================================== --- stable/11/sys/netinet/sctp_header.h Sun Jul 24 14:42:11 2016 (r303266) +++ stable/11/sys/netinet/sctp_header.h Sun Jul 24 14:50:16 2016 (r303267) @@ -397,7 +397,7 @@ struct sctp_strseq { struct sctp_strseq_mid { uint16_t stream; - uint16_t reserved; + uint16_t flags; uint32_t msg_id; }; Modified: stable/11/sys/netinet/sctp_indata.c ============================================================================== --- stable/11/sys/netinet/sctp_indata.c Sun Jul 24 14:42:11 2016 (r303266) +++ stable/11/sys/netinet/sctp_indata.c Sun Jul 24 14:50:16 2016 (r303267) @@ -753,7 +753,7 @@ sctp_handle_old_data(struct sctp_tcb *st */ struct sctp_tmit_chunk *chk, *lchk, *tchk; uint32_t fsn; - struct sctp_queued_to_read *nc = NULL; + struct sctp_queued_to_read *nc; int cnt_added; if (control->first_frag_seen == 0) { @@ -768,6 +768,11 @@ restart: TAILQ_FOREACH_SAFE(chk, &control->reasm, sctp_next, lchk) { if (chk->rec.data.fsn_num == fsn) { /* Ok lets add it */ + sctp_alloc_a_readq(stcb, nc); + if (nc == NULL) { + break; + } + memset(nc, 0, sizeof(struct sctp_queued_to_read)); TAILQ_REMOVE(&control->reasm, chk, sctp_next); sctp_add_chk_to_control(control, strm, stcb, asoc, chk); fsn++; @@ -781,7 +786,6 @@ restart: * on the control queue to a new * control. */ - sctp_alloc_a_readq(stcb, nc); sctp_build_readq_entry_from_ctl(nc, control); tchk = TAILQ_FIRST(&control->reasm); if (tchk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) { @@ -819,6 +823,7 @@ restart: if (control->on_strm_q) { TAILQ_REMOVE(&strm->uno_inqueue, control, next_instrm); control->on_strm_q = 0; + SCTP_STAT_INCR_COUNTER64(sctps_reasmusrmsgs); } if (control->on_read_q == 0) { sctp_add_to_readq(stcb->sctp_ep, stcb, control, @@ -826,16 +831,19 @@ restart: SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); } sctp_wakeup_the_read_socket(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED); - if ((nc) && (nc->first_frag_seen)) { + if ((nc->first_frag_seen) && !TAILQ_EMPTY(&nc->reasm)) { /* * Switch to the new guy and * continue */ control = nc; - nc = NULL; goto restart; + } else { + sctp_free_a_readq(stcb, nc); } return (1); + } else { + sctp_free_a_readq(stcb, nc); } } else { /* Can't add more */ @@ -961,11 +969,6 @@ place_chunk: * should not happen since the FSN is a TSN and it * should have been dropped earlier. */ - if (chk->data) { - sctp_m_freem(chk->data); - chk->data = NULL; - } - sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); sctp_abort_in_reasm(stcb, control, chk, abort_flag, SCTP_FROM_SCTP_INDATA + SCTP_LOC_5); @@ -1026,6 +1029,7 @@ sctp_deliver_reasm_check(struct sctp_tcb control, control->on_strm_q); } #endif + SCTP_STAT_INCR_COUNTER64(sctps_reasmusrmsgs); TAILQ_REMOVE(&strm->uno_inqueue, control, next_instrm); control->on_strm_q = 0; } @@ -1080,6 +1084,7 @@ done_un: control, control->on_strm_q); } #endif + SCTP_STAT_INCR_COUNTER64(sctps_reasmusrmsgs); TAILQ_REMOVE(&strm->inqueue, control, next_instrm); control->on_strm_q = 0; } @@ -1125,6 +1130,7 @@ deliver_more: control, control->on_strm_q); } #endif + SCTP_STAT_INCR_COUNTER64(sctps_reasmusrmsgs); TAILQ_REMOVE(&strm->inqueue, control, next_instrm); control->on_strm_q = 0; } @@ -5277,10 +5283,11 @@ sctp_kick_prsctp_reorder_queue(struct sc } } + static void sctp_flush_reassm_for_str_seq(struct sctp_tcb *stcb, struct sctp_association *asoc, - uint16_t stream, uint32_t seq) + uint16_t stream, uint32_t seq, int ordered, int old) { struct sctp_queued_to_read *control; struct sctp_stream_in *strm; @@ -5295,7 +5302,7 @@ sctp_flush_reassm_for_str_seq(struct sct * queue. */ strm = &asoc->strmin[stream]; - control = find_reasm_entry(strm, (uint32_t) seq, 0, 0); + control = find_reasm_entry(strm, (uint32_t) seq, ordered, old); if (control == NULL) { /* Not found */ return; @@ -5427,6 +5434,7 @@ sctp_handle_forward_tsn(struct sctp_tcb unsigned int num_str; uint32_t sequence; uint16_t stream; + uint16_t ordered, flags; int old; struct sctp_strseq *stseq, strseqbuf; struct sctp_strseq_mid *stseq_m, strseqbuf_m; @@ -5452,6 +5460,12 @@ sctp_handle_forward_tsn(struct sctp_tcb } stream = ntohs(stseq_m->stream); sequence = ntohl(stseq_m->msg_id); + flags = ntohs(stseq_m->flags); + if (flags & PR_SCTP_UNORDERED_FLAG) { + ordered = 0; + } else { + ordered = 1; + } } else { stseq = (struct sctp_strseq *)sctp_m_getptr(m, offset, sizeof(struct sctp_strseq), @@ -5462,6 +5476,7 @@ sctp_handle_forward_tsn(struct sctp_tcb } stream = ntohs(stseq->stream); sequence = (uint32_t) ntohs(stseq->sequence); + ordered = 1; } /* Convert */ @@ -5487,7 +5502,7 @@ sctp_handle_forward_tsn(struct sctp_tcb asoc->fragmented_delivery_inprogress = 0; } strm = &asoc->strmin[stream]; - sctp_flush_reassm_for_str_seq(stcb, asoc, stream, sequence); + sctp_flush_reassm_for_str_seq(stcb, asoc, stream, sequence, ordered, old); TAILQ_FOREACH(ctl, &stcb->sctp_ep->read_queue, next) { if ((ctl->sinfo_stream == stream) && (ctl->sinfo_ssn == sequence)) { Modified: stable/11/sys/netinet/sctp_output.c ============================================================================== --- stable/11/sys/netinet/sctp_output.c Sun Jul 24 14:42:11 2016 (r303266) +++ stable/11/sys/netinet/sctp_output.c Sun Jul 24 14:50:16 2016 (r303267) @@ -10383,7 +10383,7 @@ sctp_fill_in_rest: /* no more to look at */ break; } - if (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED) { + if ((at->rec.data.rcv_flags & SCTP_DATA_UNORDERED) && old) { /* We don't report these */ continue; } @@ -10504,7 +10504,7 @@ sctp_fill_in_rest: tp1 = TAILQ_NEXT(at, sctp_next); if (tp1 == NULL) break; - if (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED) { + if (old && (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED)) { /* We don't report these */ i--; at = tp1; @@ -10519,8 +10519,11 @@ sctp_fill_in_rest: strseq++; } else { strseq_m->stream = ntohs(at->rec.data.stream_number); - strseq_m->reserved = ntohs(0); strseq_m->msg_id = ntohl(at->rec.data.stream_seq); + if (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED) + strseq_m->flags = ntohs(PR_SCTP_UNORDERED_FLAG); + else + strseq_m->flags = 0; strseq_m++; } at = tp1; @@ -11937,7 +11940,6 @@ sctp_send_deferred_reset_response(struct return; } SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); - sctp_add_stream_reset_result(chk, ent->seq, response); /* setup chunk parameters */ chk->sent = SCTP_DATAGRAM_UNSENT; chk->snd_count = 0; @@ -11952,6 +11954,7 @@ sctp_send_deferred_reset_response(struct ch->chunk_length = htons(chk->book_size); atomic_add_int(&chk->whoTo->ref_count, 1); SCTP_BUF_LEN(chk->data) = chk->send_size; + sctp_add_stream_reset_result(chk, ent->seq, response); /* insert the chunk for sending */ TAILQ_INSERT_TAIL(&asoc->control_send_queue, chk, Modified: stable/11/sys/netinet/sctp_sysctl.c ============================================================================== --- stable/11/sys/netinet/sctp_sysctl.c Sun Jul 24 14:42:11 2016 (r303266) +++ stable/11/sys/netinet/sctp_sysctl.c Sun Jul 24 14:50:16 2016 (r303267) @@ -279,15 +279,6 @@ sctp_sysctl_copy_out_local_addresses(str if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { if (local_scope == 0) continue; - if (sin6->sin6_scope_id == 0) { - /* - * bad link - * local - * address - */ - if (sa6_recoverscope(sin6) != 0) - continue; - } } if ((site_scope == 0) && (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) continue; Modified: stable/11/sys/netinet/sctp_uio.h ============================================================================== --- stable/11/sys/netinet/sctp_uio.h Sun Jul 24 14:42:11 2016 (r303266) +++ stable/11/sys/netinet/sctp_uio.h Sun Jul 24 14:50:16 2016 (r303267) @@ -259,7 +259,8 @@ struct sctp_snd_all_completes { /* The lower four bits is an enumeration of PR-SCTP policies */ #define SCTP_PR_SCTP_NONE 0x0000/* Reliable transfer */ #define SCTP_PR_SCTP_TTL 0x0001/* Time based PR-SCTP */ -#define SCTP_PR_SCTP_BUF 0x0002/* Buffer based PR-SCTP */ +#define SCTP_PR_SCTP_PRIO 0x0002/* Buffer based PR-SCTP */ +#define SCTP_PR_SCTP_BUF SCTP_PR_SCTP_PRIO /* For backwards compatibility */ #define SCTP_PR_SCTP_RTX 0x0003/* Number of retransmissions based PR-SCTP */ #define SCTP_PR_SCTP_MAX SCTP_PR_SCTP_RTX #define SCTP_PR_SCTP_ALL 0x000f/* Used for aggregated stats */ Modified: stable/11/usr.bin/netstat/inet.c ============================================================================== --- stable/11/usr.bin/netstat/inet.c Sun Jul 24 14:42:11 2016 (r303266) +++ stable/11/usr.bin/netstat/inet.c Sun Jul 24 14:50:16 2016 (r303267) @@ -418,10 +418,10 @@ protopr(u_long off, const char *name, in "Tcpcb"); if (Lflag) xo_emit((Aflag && !Wflag) ? - "{T:/%-5.5s} {T:/%-14.14s} {T:/%-18.18s}" : + "{T:/%-5.5s} {T:/%-32.32s} {T:/%-18.18s}" : ((!Wflag || af1 == AF_INET) ? - "{T:/%-5.5s} {T:/%-14.14s} {T:/%-22.22s}" : - "{T:/%-5.5s} {T:/%-14.14s} {T:/%-45.45s}"), + "{T:/%-5.5s} {T:/%-32.32s} {T:/%-22.22s}" : + "{T:/%-5.5s} {T:/%-32.32s} {T:/%-45.45s}"), "Proto", "Listen", "Local Address"); else if (Tflag) xo_emit((Aflag && !Wflag) ? Modified: stable/11/usr.bin/netstat/sctp.c ============================================================================== --- stable/11/usr.bin/netstat/sctp.c Sun Jul 24 14:42:11 2016 (r303266) +++ stable/11/usr.bin/netstat/sctp.c Sun Jul 24 14:50:16 2016 (r303267) @@ -104,93 +104,14 @@ struct xraddr_entry { LIST_ENTRY(xraddr_entry) xraddr_entries; }; -/* - * Construct an Internet address representation. - * If numeric_addr has been supplied, give - * numeric value, otherwise try for symbolic name. - */ #ifdef INET -static char * -inetname(struct in_addr *inp) -{ - char *cp; - static char line[MAXHOSTNAMELEN]; - struct hostent *hp; - struct netent *np; - - cp = 0; - if (!numeric_addr && inp->s_addr != INADDR_ANY) { - int net = inet_netof(*inp); - int lna = inet_lnaof(*inp); - - if (lna == INADDR_ANY) { - np = getnetbyaddr(net, AF_INET); - if (np) - cp = np->n_name; - } - if (cp == NULL) { - hp = gethostbyaddr((char *)inp, sizeof (*inp), AF_INET); - if (hp) { - cp = hp->h_name; - trimdomain(cp, strlen(cp)); - } - } - } - if (inp->s_addr == INADDR_ANY) - strcpy(line, "*"); - else if (cp) { - strlcpy(line, cp, sizeof(line)); - } else { - inp->s_addr = ntohl(inp->s_addr); -#define C(x) ((u_int)((x) & 0xff)) - sprintf(line, "%u.%u.%u.%u", C(inp->s_addr >> 24), - C(inp->s_addr >> 16), C(inp->s_addr >> 8), C(inp->s_addr)); - inp->s_addr = htonl(inp->s_addr); - } - return (line); -} +char * +inetname(struct in_addr *inp); #endif #ifdef INET6 -static char ntop_buf[INET6_ADDRSTRLEN]; - -static char * -inet6name(struct in6_addr *in6p) -{ - char *cp; - static char line[50]; - struct hostent *hp; - static char domain[MAXHOSTNAMELEN]; - static int first = 1; - - if (first && !numeric_addr) { - first = 0; - if (gethostname(domain, MAXHOSTNAMELEN) == 0 && - (cp = strchr(domain, '.'))) - (void) strcpy(domain, cp + 1); - else - domain[0] = 0; - } - cp = 0; - if (!numeric_addr && !IN6_IS_ADDR_UNSPECIFIED(in6p)) { - hp = gethostbyaddr((char *)in6p, sizeof(*in6p), AF_INET6); - if (hp) { - if ((cp = strchr(hp->h_name, '.')) && - !strcmp(cp + 1, domain)) - *cp = 0; - cp = hp->h_name; - } - } - if (IN6_IS_ADDR_UNSPECIFIED(in6p)) - strcpy(line, "*"); - else if (cp) - strcpy(line, cp); - else - sprintf(line, "%s", - inet_ntop(AF_INET6, (void *)in6p, ntop_buf, - sizeof(ntop_buf))); - return (line); -} +char * +inet6name(struct in6_addr *in6p); #endif static void @@ -447,7 +368,8 @@ sctp_process_inpcb(struct xsctp_inpcb *x first = 0; } xladdr = (struct xsctp_laddr *)(buf + *offset); - if (Lflag && !is_listening) { + if ((!aflag && is_listening) || + (Lflag && !is_listening)) { sctp_skip_xinpcb_ifneed(buf, buflen, offset); return; } @@ -513,8 +435,10 @@ retry: xo_open_instance("local-address"); if (xladdr_total == 0) { - xo_emit("{:protocol/%-6.6s/%s} {:type/%-5.5s/%s} ", - pname, tname); + if (!Lflag) { + xo_emit("{:protocol/%-6.6s/%s} " + "{:type/%-5.5s/%s} ", pname, tname); + } } else { xo_emit("\n"); xo_emit(Lflag ? "{P:/%-21.21s} " : "{P:/%-12.12s} ", @@ -529,7 +453,7 @@ retry: "{:state/CLOSED}", " "); } else { xo_emit("{P:/%-45.45s} " - "{:state:LISTEN}", " "); + "{:state/LISTEN}", " "); } } else { if (process_closed) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201607241450.u6OEoH0W018514>