#
272461 |
|
02-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
254777 |
|
24-Aug-2013 |
andre |
Whitespace, style cleanups, and improved comments.
|
#
254774 |
|
24-Aug-2013 |
andre |
ename PFIL_LIST_[UN]LOCK() to PFIL_HEADLIST_[UN]LOCK() to avoid confusion with the pfil_head chain locking macros.
|
#
254773 |
|
24-Aug-2013 |
andre |
Resolve the confusion between the head_list and the hook list.
The linked list of pfil hooks is changed to "chain" and this term is applied consistently. The head_list remains with "list" term.
Add KASSERT to vnet_pfil_uninit().
Update and extend comments.
Reviewed by: eri (previous version)
|
#
254771 |
|
24-Aug-2013 |
andre |
Internalize pfil_hook_get(). There are no outside consumers of this API, it is only safe for internal use and even the pfil(9) man page says so in the BUGS section.
Reviewed by: eri
|
#
254769 |
|
24-Aug-2013 |
andre |
Introduce typedef for pfil hook callback function and replace all spelled out occurrences with it.
Reviewed by: eri
|
#
248490 |
|
19-Mar-2013 |
ae |
Fix style and comments.
|
#
242463 |
|
01-Nov-2012 |
ae |
Remove the recently added sysctl variable net.pfil.forward. Instead, add protocol specific mbuf flags M_IP_NEXTHOP and M_IP6_NEXTHOP. Use them to indicate that the mbuf's chain contains the PACKET_TAG_IPFORWARD tag. And do a tag lookup only when this flag is set.
Suggested by: andre
|
#
242079 |
|
25-Oct-2012 |
ae |
Remove the IPFIREWALL_FORWARD kernel option and make possible to turn on the related functionality in the runtime via the sysctl variable net.pfil.forward. It is turned off by default.
Sponsored by: Yandex LLC Discussed with: net@ MFC after: 2 weeks
|
#
241888 |
|
22-Oct-2012 |
melifaro |
Make PFIL use per-VNET lock instead of per-AF lock. Since most used packet filters (ipfw and PF) use the same ruleset with the same lock for both AF_INET and AF_INET6 there is no need in more fine-grade locking. However, it is possible to request personal lock by specifying PFIL_FLAG_PRIVATE_LOCK flag in pfil_head structure (see pfil.9 for more details).
Export PFIL lock via rw_lock(9)/rm_lock(9)-like API permitting pfil consumers to use this lock instead of own lock. This help reducing locks on main traffic path.
pfil_assert() is currently not implemented due to absense of rm_assert(). Waiting for some kind of r234648 to be merged in HEAD.
This change is part of bigger patch reducing routing locking.
Sponsored by: Yandex LLC Reviewed by: glebius, ae OK'd by: silence on net@ MFC after: 3 weeks
|
#
210121 |
|
15-Jul-2010 |
luigi |
small portability fix to build on linux/windows
|
#
198219 |
|
18-Oct-2009 |
rwatson |
Remove unused pfil_flags field in packet_filter_hook.
MFC after: 3 days
|
#
198218 |
|
18-Oct-2009 |
rwatson |
Sort function prototypes in pfil.h, clean up white space, and better align fields for printing.
MFC after: 3 days
|
#
193030 |
|
29-May-2009 |
rwatson |
Make the rmlock(9) interface a bit more like the rwlock(9) interface:
- Add rm_init_flags() and accept extended options only for that variation. - Add a flags space specifically for rm_init_flags(), rather than borrowing the lock_init() flag space. - Define flag RM_RECURSE to use instead of LO_RECURSABLE. - Define flag RM_NOWITNESS to allow an rmlock to be exempt from WITNESS checking; this wasn't possible previously as rm_init() always passed LO_WITNESS when initializing an rmlock's struct lock. - Add RM_SYSINIT_FLAGS(). - Rename embedded mutex in rmlocks to make it more obvious what it is. - Update consumers. - Update man page.
|
#
186036 |
|
13-Dec-2008 |
rwatson |
Line wrap very long line in struct packet_filter_hook definition.
MFC after: pretty soon
|
#
173904 |
|
25-Nov-2007 |
mlaier |
pfil(9) locking take 3: Switch to rmlock(9) This has the benefit that rmlocks have proper support for reader recursion (in contrast to rwlock(9) which could potential lead to writer stravation). It also means a significant performance gain, eventhough only visible in microbenchmarks at the moment.
Discussed on: -arch, -net
|
#
170432 |
|
08-Jun-2007 |
gallatin |
Correct the definition of PFIL_HOOKED() so that it compares the value of ph_nhooks to zero, not the address. This removes extranious calls to pfil_run_hooks (and an rw lock) from the network stack's critical path when no pfil hooks are active.
Reviewed by: csjp Sponsored by: Myricom Inc.
|
#
155226 |
|
02-Feb-2006 |
csjp |
define lock.h before rwlock.h for DEBUG_LOCKS
|
#
155201 |
|
02-Feb-2006 |
csjp |
Somewhat re-factor the read/write locking mechanism associated with the packet filtering mechanisms to use the new rwlock(9) locking API:
- Drop the variables stored in the phil_head structure which were specific to conditions and the home rolled read/write locking mechanism. - Drop some includes which were used for condition variables - Drop the inline functions, and convert them to macros. Also, move these macros into pfil.h - Move pfil list locking macros intp phil.h as well - Rename ph_busy_count to ph_nhooks. This variable will represent the number of IN/OUT hooks registered with the pfil head structure - Define PFIL_HOOKED macro which evaluates to true if there are any hooks to be ran by pfil_run_hooks - In the IP/IP6 stacks, change the ph_busy_count comparison to use the new PFIL_HOOKED macro. - Drop optimization in pfil_run_hooks which checks to see if there are any hooks to be ran, and returns if not. This check is already performed by the IP stacks when they call:
if (!PFIL_HOOKED(ph)) goto skip_hooks;
- Drop in assertion which makes sure that the number of hooks never drops below 0 for good measure. This in theory should never happen, and if it does than there are problems somewhere - Drop special logic around PFIL_WAITOK because rw_wlock(9) does not sleep - Drop variables which support home rolled read/write locking mechanism from the IPFW firewall chain structure. - Swap out the read/write firewall chain lock internal to use the rwlock(9) API instead of our home rolled version - Convert the inlined functions to macros
Reviewed by: mlaier, andre, glebius Thanks to: jhb for the new locking API
|
#
139823 |
|
06-Jan-2005 |
imp |
/* -> /*- for license, minor formatting changes
|
#
135920 |
|
29-Sep-2004 |
mlaier |
Add an additional struct inpcb * argument to pfil(9) in order to enable passing along socket information. This is required to work around a LOR with the socket code which results in an easy reproducible hard lockup with debug.mpsafenet=1. This commit does *not* fix the LOR, but enables us to do so later. The missing piece is to turn the filter locking into a leaf lock and will follow in a seperate (later) commit.
This will hopefully be MT5'ed in order to fix the problem for RELENG_5 in forseeable future.
Suggested by: rwatson A lot of work by: csjp (he'd be even more helpful w/o mentor-reviews ;) Reviewed by: rwatson, csjp Tested by: -pf, -ipfw, LINT, csjp and myself MFC after: 3 days
LOR IDs: 14 - 17 (not fixed yet)
|
#
130731 |
|
19-Jun-2004 |
bde |
Include <sys/_lock.h>'s prerequisite <sys/queue.h> before including the former, not after.
Don't hide this bug by including <sys/queue.h> in <sys/_lock.h>.
|
#
120386 |
|
23-Sep-2003 |
sam |
o update PFIL_HOOKS support to current API used by netbsd o revamp IPv4+IPv6+bridge usage to match API changes o remove pfil_head instances from protosw entries (no longer used) o add locking o bump FreeBSD version for 3rd party modules
Heavy lifting by: "Max Laier" <max@love2party.net> Supported by: FreeBSD Foundation Obtained from: NetBSD (bits of pfil.h and pfil.c)
|
#
93084 |
|
24-Mar-2002 |
bde |
Fixed some style bugs in the removal of __P(()). The main ones were not removing tabs before "__P((", and not outdenting continuation lines to preserve non-KNF lining up of code with parentheses. Switch to KNF formatting and/or rewrap the whole prototype in some cases.
|
#
92725 |
|
19-Mar-2002 |
alfred |
Remove __P.
|
#
85305 |
|
22-Oct-2001 |
ru |
Remove extra memory region kept by "struct pfil_head pfil_head_t;".
Seems to be a typo for typedef, but we don't want this non-style(9) typedef anyway.
PR: kern/31356
|
#
64081 |
|
31-Jul-2000 |
ache |
Replace nonexistent !defined(_LKM) by !defined(KLD_MODULE)
|
#
64080 |
|
31-Jul-2000 |
ache |
Check IPFILTER (options IPFILTER generates) instead of NIPFILTER
|
#
64073 |
|
31-Jul-2000 |
ache |
Nonexistent "ipfilter.h" -> "opt_ipfilter.h" Kernel 'make depend' fails otherwise
|
#
60938 |
|
26-May-2000 |
jake |
Back out the previous change to the queue(3) interface. It was not discussed and should probably not happen.
Requested by: msmith and others
|
#
60833 |
|
23-May-2000 |
jake |
Change the way that the queue(3) structures are declared; don't assume that the type argument to *_HEAD and *_ENTRY is a struct.
Suggested by: phk Reviewed by: phk Approved by: mdodd
|
#
60317 |
|
10-May-2000 |
darrenr |
Add pfil(9) subroutines and manpage from NetBSD.
|