inpcb: in in_pcbbind() use bool for anonport

inpcb: use correct label name in a comment

netinet: Remove left-over sys/cdefs.h

These were for $FreeBSD$ that was removed a while ago, but these
includes didn't get swept up in that. Remove them all now.

Sponsored by: Netflix
MFC After:

netinet: Remove left-over sys/cdefs.h

These were for $FreeBSD$ that was removed a while ago, but these
includes didn't get swept up in that. Remove them all now.

Sponsored by: Netflix
MFC After: 2 weeks

show more ...

ddb: provide inp_flags2 when printing inpcbs

Reviewed by: markj, Peter Lei
MFC after: 3 days
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D53542

ddb: improve printing of inpcbs

* shuffle around the inp_label to give inp_flags more space since it
can become long.
* fix the indentation of in6p_icmp6filt, in6p_cksum, and in6p_hops.

Reviewed

ddb: improve printing of inpcbs

* shuffle around the inp_label to give inp_flags more space since it
can become long.
* fix the indentation of in6p_icmp6filt, in6p_cksum, and in6p_hops.

Reviewed by: Peter Lei
MFC after: 3 days
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D53541

show more ...

ddb: use %b when showing flags for an inp

This is much more compact. Thanks to markj@ for suggesting the change.

Reviewed by: markj
MFC after: 3 days
Sponsored by: Netflix, Inc.
Differential Rev

ddb: use %b when showing flags for an inp

This is much more compact. Thanks to markj@ for suggesting the change.

Reviewed by: markj
MFC after: 3 days
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D53507

show more ...

ddb: fix compilation

Fixes: 9aa5a79e2af9 ("ddb: optionally print inp when printing tcpcb")
Sponsored by: Netflix, Inc.

ddb: optionally print inp when printing tcpcb

Add /i option to the ddb commands show tcpcb and show all tcpcbs,
which enables the printing of the t_inpcb.

Reviewed by: markj
MFC after: 3 days
Spo

ddb: optionally print inp when printing tcpcb

Add /i option to the ddb commands show tcpcb and show all tcpcbs,
which enables the printing of the t_inpcb.

Reviewed by: markj
MFC after: 3 days
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D53497

show more ...

ddb: whitespace change

No functional change intended.

MFC after: 3 days
Sponsored by: Netflix, Inc.

ddb: improve printing of inp_flags

Add four missing flags (INP_BINDANY, INP_INHASHLIST, INP_RESERVED_0,
INP_BOUNDFIB) used in inp_flags and remove one flag (INP_ORIGDSTADDR),
which is actually a fla

ddb: improve printing of inp_flags

Add four missing flags (INP_BINDANY, INP_INHASHLIST, INP_RESERVED_0,
INP_BOUNDFIB) used in inp_flags and remove one flag (INP_ORIGDSTADDR),
which is actually a flag used in inp_flags2 and not in inp_flags.

Reviewed by: markj
MFC after: 3 days
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D53498

show more ...

inpcb: Ignore SO_REUSEPORT_LB on connected sockets

While TCP disallows connect()ing a socket with SO_REUSEPORT_LB, UDP does
not. As a result, a connected UDP socket can be placed in the lbgroup
has

inpcb: Ignore SO_REUSEPORT_LB on connected sockets

While TCP disallows connect()ing a socket with SO_REUSEPORT_LB, UDP does
not. As a result, a connected UDP socket can be placed in the lbgroup
hash and thus receive datagrams from sources other than the connected
host.

Reported by: Amit Klein <amit.klein@mail.huji.ac.il>
Reported by: Omer Ben Simhon <omer.bensimhon@mail.huji.ac.il>
Reviewed by: glebius
Approved by: so
Security: FreeBSD-SA-25:09.netinet
Security: CVE-2025-24934

show more ...

in_pcb: add in_pcbrele_rlock()

The helper that derefs and rlocks the provided inp. Returns false if inp
is still usable.

Reviewed by: glebius, markj
Sponsored by: Nvidia networking
Differential re

in_pcb: add in_pcbrele_rlock()

The helper that derefs and rlocks the provided inp. Returns false if inp
is still usable.

Reviewed by: glebius, markj
Sponsored by: Nvidia networking
Differential revision: https://reviews.freebsd.org/D51143

show more ...

netinet: Disallow connections to INADDR_ANY

Previously connect() or sendto() to INADDR_ANY reached some socket bound
to some host interface address. Although this was intentional it was an
artifact

netinet: Disallow connections to INADDR_ANY

Previously connect() or sendto() to INADDR_ANY reached some socket bound
to some host interface address. Although this was intentional it was an
artifact of a different era, and is not desirable now.

In 417b35a97b76 markj added support to disallow connect() to INADDR_ANY.
Take the next logical step and disable it by default.

PR: 280705
Reviewed by: markj, jhb, zlei
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47740

show more ...

inpcb: push multicast case local address selection logic into in_pcbladdr()

When destination is multicast and inpcb has multicast options configured,
we use completely different logic than in a norm

inpcb: push multicast case local address selection logic into in_pcbladdr()

When destination is multicast and inpcb has multicast options configured,
we use completely different logic than in a normal case. Before this
change, in in_pcbconnect() we would run in_pcbladdr() and then just ignore
its results and run the multicast case block, that would override any
earlier selection or failure. Let's embed the case in in_pcbladdr() and
also check it earlier.

Also, 69c05f428714 switched UDP unconnected sendto(2) to use in_pcbladdr()
instead of in_pcbconnect_setup() and due to that lost the multicast case.

Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D49435
Fixes: 69c05f42871406b4b2b2dac00a268d1da0cacd3e

show more ...

inpcb: make sure we don't pass uninitialized faddr to in_pcbladdr()

This very theoretical edge case was discovered by Coverity, not sure if
it was introduced by 2af953b132ee or was there before.

CI

inpcb: make sure we don't pass uninitialized faddr to in_pcbladdr()

This very theoretical edge case was discovered by Coverity, not sure if
it was introduced by 2af953b132ee or was there before.

CID: 1593695
Fixes: 2af953b132ee8d2eb4d8d7bb15fc38bf04dde348

show more ...

inpcb: in_pcb_lport_dest() doesn't use lportp as input argument

This assignment just created false positive analyzer report.

CID: 1593692

inpcb: return ENOMEM if bind(2) fails to allocate lbgroup

The SO_REUSEPORT_LB isn't a standard option, neither ENOMEM is a specified
return code from bind(2), but it definitely is more appropriate t

inpcb: return ENOMEM if bind(2) fails to allocate lbgroup

The SO_REUSEPORT_LB isn't a standard option, neither ENOMEM is a specified
return code from bind(2), but it definitely is more appropriate than
EAGAIN or the masked ENOBUFS.

Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D49153

show more ...

inpcb: in_pcbinshash() now can't fail on connect(2)

Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D49152

inpcb: retire two-level port hash database

This structure originates from the pre-FreeBSD times when system RAM was
measured in single digits of MB and Internet speeds were measured in Kb.
At first

inpcb: retire two-level port hash database

This structure originates from the pre-FreeBSD times when system RAM was
measured in single digits of MB and Internet speeds were measured in Kb.
At first level the database hashes the port value only to calculate index
into array of pointers to lazily allocated headers that hold lists of
inpcbs with the same local port. This design apparently was made to
preserve kernel memory.

In the modern kernel size of the first level of the hash is derived from
maxsockets, which is derived from maxfiles, which in its turn is derived
from amount of physical memory. Then the size of the hash is capped by
IPPORT_MAX, cause it doesn't make any sense to have hash table larger then
the set of possible values. In practice this cap works even on my laptop.
I haven't done precise calculation or experiments, but my guess is that
any system with > 8 Gb of RAM will be autotuned to IPPORT_MAX sized hash.
Apparently, this hash is a degenerate one: it never has more than one
entries in any slot. You can check this with kgdb:

set $i = 0
while ($i <= tcbinfo->ipi_porthashmask)
set $p = tcbinfo->ipi_porthashbase[$i].clh_first
set $c = 0
while ($p != 0)
set $c = $c + 1
set $p = $p->phd_hash.cle_next
end
if ($c > 1)
printf "Slot %u count %u", $i, $c
end
set $i = $i + 1
end

Retiring the two level hash we remove a lot of complexity at the cost of
only one comparison 'inp->inp_lport != lport' in the lookup cycle, which
is going to be always false on most machines anyway. This comparison
definitely shall be cheaper than extra pointer traversal.

Another positive change to be singled out is that now we no longer need to
allocate memory in non-sleepable context in in_pcbinshash(), so a
potential ENOMEM on connect(2) is removed.

Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D49151

show more ...

inpcb: inline in_pcbconnect_setup() into in_pcbconnect()

The separation had been done back in 5200e00e7266 for the purposes of
removing a true temporary connect of an unconnected UDP socket that doe

inpcb: inline in_pcbconnect_setup() into in_pcbconnect()

The separation had been done back in 5200e00e7266 for the purposes of
removing a true temporary connect of an unconnected UDP socket that does
sendto(2) in 90162a4e87f0. Now, with 69c05f428714 in place, the
separation is no longer needed. There should be no functional change.

Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D49142

show more ...

inpcb: Fix reuseport lbgroup array resizing

in_pcblisten() moves an inpcb from the per-group list into the array, at
which point it becomes visible to inpcb lookups in the datapath. It
assumes that

inpcb: Fix reuseport lbgroup array resizing

in_pcblisten() moves an inpcb from the per-group list into the array, at
which point it becomes visible to inpcb lookups in the datapath. It
assumes that there is space in the array for this, but that's not
guaranteed, since in_pcbinslbgrouphash() doesn't reserve space in the
array if the inpcb isn't associated with a listening socket.

We could resize the array in in_pcblisten(), but that would introduce a
failure case where there currently is none. Instead, keep track of the
number of pending inpcbs as well, and modify in_pcbinslbgrouphash() to
reserve space for each pending (i.e., not-yet-listening) inpcb.

Add a regression test.

Reviewed by: glebius
Reported by: netchild
Fixes: 7cbb6b6e28db ("inpcb: Close some SO_REUSEPORT_LB races, part 2")
Differential Revision: https://reviews.freebsd.org/D49100

show more ...

inpcb: add const qualifiers on functions that select address/port

There are several functions that keep database locked and do address
and port selection before a caller commits the changes to the i

inpcb: add const qualifiers on functions that select address/port

There are several functions that keep database locked and do address
and port selection before a caller commits the changes to the inpcb.
Mark the inpcb argument with a good documenting const.

show more ...

inpcb: update inpcb multipath routing information only on success

The in_pcbconnect_setup() function is not supposed to modify inpcb.
It may be entered with read-only lock via UDP path. Also at thi

inpcb: update inpcb multipath routing information only on success

The in_pcbconnect_setup() function is not supposed to modify inpcb.
It may be entered with read-only lock via UDP path. Also at this
point we aren't yet sure that the binding is going to be successful.
Thus, update the multipath routing information only at the end of a
succesful in_pcbconnect().

Fixes: 0c325f53f16731f608919a4489f96fbbe28d2344

show more ...

inpcb: Add FIB-aware inpcb lookup

Allow protocol layers to look up an inpcb belonging to a particular FIB.
This is indicated by setting INPLOOKUP_FIB; if it is set, the FIB to be
used is obtained fr

inpcb: Add FIB-aware inpcb lookup

Allow protocol layers to look up an inpcb belonging to a particular FIB.
This is indicated by setting INPLOOKUP_FIB; if it is set, the FIB to be
used is obtained from the specificed mbuf or ifnet.

No functional change intended.

Reviewed by: glebius, melifaro
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D48662

show more ...

inpcb: Add a flags parameter to in_pcbbind()

Add a flag, INPBIND_FIB, which means that the inpcb is local to its FIB
number. When this flag is specified, duplicate bindings are permitted,
so long a

inpcb: Add a flags parameter to in_pcbbind()

Add a flag, INPBIND_FIB, which means that the inpcb is local to its FIB
number. When this flag is specified, duplicate bindings are permitted,
so long as each FIB contains at most one inpcb bound to the same
address/port. If an inpcb is bound with this flag, it'll have the
INP_BOUNDFIB flag set.

No functional change intended.

Reviewed by: glebius
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D48661

show more ...