#
272461 |
|
02-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
265717 |
|
08-May-2014 |
melifaro |
Merge 260488, r260508.
r260488: Split rt_newaddrmsg_fib() into two different functions. Adding/deleting interface addresses involves access to 3 different subsystems, int different parts of code. Each call can fail, so reporting successful operation by rtsock in the middle of the process error-prone.
Further split routing notification API and actual rtsock calls via creating public-available rt_addrmsg() / rt_routemsg() functions with "private" rtsock_* backend.
r260508: Simplify inet alias handling code: if we're adding/removing alias which has the same prefix as some other alias on the same interface, use newly-added rt_addrmsg() instead of hand-rolled in_addralias_rtmsg().
This eliminates the following rtsock messages:
Pinned RTM_ADD for prefix (for alias addition). Pinned RTM_DELETE for prefix (for alias withdrawal).
Example (got 10.0.0.1/24 on vlan4, playing with 10.0.0.2/24):
before commit, addition:
got message of size 116 on Fri Jan 10 14:13:15 2014 RTM_NEWADDR: address being added to iface: len 116, metric 0, flags: sockaddrs: <NETMASK,IFP,IFA,BRD> 255.255.255.0 vlan4:8.0.27.c5.29.d4 10.0.0.2 10.0.0.255
got message of size 192 on Fri Jan 10 14:13:15 2014 RTM_ADD: Add Route: len 192, pid: 0, seq 0, errno 0, flags:<UP,PINNED> locks: inits: sockaddrs: <DST,GATEWAY,NETMASK> 10.0.0.0 10.0.0.2 (255) ffff ffff ff
after commit, addition:
got message of size 116 on Fri Jan 10 13:56:26 2014 RTM_NEWADDR: address being added to iface: len 116, metric 0, flags: sockaddrs: <NETMASK,IFP,IFA,BRD> 255.255.255.0 vlan4:8.0.27.c5.29.d4 14.0.0.2 14.0.0.255
before commit, wihdrawal:
got message of size 192 on Fri Jan 10 13:58:59 2014 RTM_DELETE: Delete Route: len 192, pid: 0, seq 0, errno 0, flags:<UP,PINNED> locks: inits: sockaddrs: <DST,GATEWAY,NETMASK> 10.0.0.0 10.0.0.2 (255) ffff ffff ff
got message of size 116 on Fri Jan 10 13:58:59 2014 RTM_DELADDR: address being removed from iface: len 116, metric 0, flags: sockaddrs: <NETMASK,IFP,IFA,BRD> 255.255.255.0 vlan4:8.0.27.c5.29.d4 10.0.0.2 10.0.0.255
adter commit, withdrawal:
got message of size 116 on Fri Jan 10 14:14:11 2014 RTM_DELADDR: address being removed from iface: len 116, metric 0, flags: sockaddrs: <NETMASK,IFP,IFA,BRD> 255.255.255.0 vlan4:8.0.27.c5.29.d4 10.0.0.2 10.0.0.255
Sending both RTM_ADD/RTM_DELETE messages to rtsock is completely wrong (and requires some hacks to keep prefix in route table on RTM_DELETE).
I've tested this change with quagga (no change) and bird (*).
bird alias handling is already broken in *BSD sysdep code, so nothing changes here, too.
I'm going to MFC this change if there will be no complains about behavior change.
While here, fix some style(9) bugs introduced by r260488 (pointed by glebius and bde).
|
#
265711 |
|
08-May-2014 |
melifaro |
Merge r260379, r260460.
r260379: Partially fix IPv4 interface routes deletion in RADIX_MPATH.
Noticed by: Nikolay Denev <ndenev at gmail.com>
r260460: Constanly use RT_ALL_FIBS everywhere instead of -1.
|
#
265708 |
|
08-May-2014 |
melifaro |
Merge r259528, r259528, r260295.
r259528: Simplify contiguous mask checking.
Suggested by: glebius
r260228: Remove useless register variable modifiers. Do some more style(9).
r260295: Change semantics for rnh_lookup() function: now it performs exact match search, regardless of netmask existance. This simplifies most of rnh_lookup() consumers.
Fix panic triggered by deleting non-existent host route.
PR: kern/185092 Submitted by: Nikolay Denev <ndenev at gmail.com>
|
#
264076 |
|
03-Apr-2014 |
glebius |
o Provide a compatibility shim for netstat(1) to obtain output queue drops via NET_RT_IFLISTL sysctl. The sysctl handler appends oqdrops at the end of struct if_msghdrl, and netstat(1) sees that as an additional field of struct if_data. This allows us to fetch the data keeping ABI and API compatibility. This is direct commit to stable/10.
o Merge r263331 from head, to restore printing of queue drops.
Sponsored by: Nginx, Inc. Sponsored by: Netflix
|
#
263478 |
|
21-Mar-2014 |
glebius |
Merge r262763, r262767, r262771, r262806 from head: - Remove rt_metrics_lite and simply put its members into rtentry. - Use counter(9) for rt_pksent (former rt_rmx.rmx_pksent). This removes another cache trashing ++ from packet forwarding path. - Create zini/fini methods for the rtentry UMA zone. Via initialize mutex and counter in them. - Fix reporting of rmx_pksent to routing socket. - Fix netstat(1) to report "Use" both in kvm(3) and sysctl(3) mode.
|
#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
254569 |
|
20-Aug-2013 |
bz |
After r241616 properly export ifi_baudrate_pf in the 32bit compat case.
MFC after: 3 days
|
#
253753 |
|
28-Jul-2013 |
hrs |
sin6 should be assigned before the loop.
|
#
253262 |
|
12-Jul-2013 |
hrs |
Add a leaf node CTL_NET.PF_ROUTE.0.AF.NET_RT_DUMP.0.FIB. This returns routing table with the specified FIB number, not td->td_proc->p_fibnum.
|
#
252184 |
|
24-Jun-2013 |
qingli |
Due to the routing related networking kernel redesign work in FBSD 8.0, interface routes have been returened to the applications without the RTF_GATEWAY bit. This incompatibility has caused some issues with Zebra, Qugga and the like. This patch provides the RTF_GATEWAY flag bit in returned interface routes so to behave similarly to pre 8.0 systems.
Reviewed by: hrs Verified by: mackn at opendns dot com
|
#
248322 |
|
15-Mar-2013 |
glebius |
- Use m_getcl() instead of hand allocating. - Convert panic() to KASSERT. - Remove superfluous cleaning of mbuf fields after allocation. - Add comment on possible use of m_get2() here.
Sponsored by: Nginx, Inc.
|
#
243903 |
|
05-Dec-2012 |
hrs |
- Move definition of V_deembed_scopeid to scope6_var.h. - Deembed scope id in L3 address in in6_lltable_dump(). - Simplify scope id recovery in rtsock routines. - Remove embedded scope id handling in ndp(8) and route(8) completely.
|
#
243882 |
|
05-Dec-2012 |
glebius |
Mechanically substitute flags from historic mbuf allocator with malloc(9) flags within sys.
Exceptions:
- sys/contrib not touched - sys/mbuf.h edited manually
|
#
243866 |
|
04-Dec-2012 |
hrs |
- Fix LOR in sa6_recoverscope() in rt_msg2()[1]. - Check V_deembed_scopeid before checking if sa_family == AF_INET6. - Fix scope id handing in route(8)[2] and ifconfig(8).
Reported by: rpaulo[1], Mateusz Guzik[1], peter[2]
|
#
243208 |
|
18-Nov-2012 |
adrian |
Fix up a compile time warning if INET6 isn't defined.
|
#
243187 |
|
17-Nov-2012 |
hrs |
Fill sin6_scope_id in sockaddr_in6 before passing it from the kernel to userland via routing socket or sysctl. This eliminates the following KAME-specific sin6_scope_id handling routine from each userland utility:
sin6.sin6_scope_id = ntohs(*(u_int16_t *)&sin6.sin6_addr.s6_addr[2]);
This behavior can be controlled by net.inet6.ip6.deembed_scopeid. This is set to 1 by default (sin6_scope_id will be filled in the kernel).
Reviewed by: bz
|
#
241686 |
|
18-Oct-2012 |
andre |
Mechanically remove the last stray remains of spl* calls from net*/*. They have been Noop's for a long time now.
|
#
234572 |
|
22-Apr-2012 |
melifaro |
Do not require radix write lock to be held while dumping route table via sysctl(4) interface. This permits router not to stop forwarding packets while route table is being written to user-supplied buffer.
Reported by: Pawel Tyll <ptyll@nitronet.pl> Approved by: kib(mentor)
MFC after: 1 week
|
#
231505 |
|
11-Feb-2012 |
bz |
Introduce a new NET_RT_IFLISTL API to query the address list. It works on extended and extensible structs if_msghdrl and ifa_msghdrl. This will allow us to extend both the msghdrl structs and eventually if_data in the future without breaking the ABI.
Bump __FreeBSD_version to allow ports to more easily detect the new API.
Reviewed by: glebius, brooks MFC after: 3 days
|
#
231504 |
|
11-Feb-2012 |
bz |
Backout changes from r228571. Remove if_data from struct ifa_msghdr again. While this breaks carp on HEAD temporary, it restores the upgrade path from stable, and head before 20111215.
Reviewed by: glebius, brooks
|
#
229814 |
|
08-Jan-2012 |
glebius |
Copy ifa->if_data to ifam->ifam_data. This was forgotten in r228571.
Submitted by: bz
|
#
229621 |
|
05-Jan-2012 |
jhb |
Convert all users of IF_ADDR_LOCK to use new locking macros that specify either a read lock or write lock.
Reviewed by: bz MFC after: 2 weeks
|
#
228571 |
|
16-Dec-2011 |
glebius |
A major overhaul of the CARP implementation. The ip_carp.c was started from scratch, copying needed functionality from the old implemenation on demand, with a thorough review of all code. The main change is that interface layer has been removed from the CARP. Now redundant addresses are configured exactly on the interfaces, they run on.
The CARP configuration itself is, as before, configured and read via SIOCSVH/SIOCGVH ioctls. A new prefix created with SIOCAIFADDR or SIOCAIFADDR_IN6 may now be configured to a particular virtual host id, which makes the prefix redundant.
ifconfig(8) semantics has been changed too: now one doesn't need to clone carpXX interface, he/she should directly configure a vhid on a Ethernet interface.
To supply vhid data from the kernel to an application the getifaddrs(8) function had been changed to pass ifam_data with each address. [1]
The new implementation definitely closes all PRs related to carp(4) being an interface, and may close several others. It also allows to run a single redundant IP per interface.
Big thanks to Bjoern Zeeb for his help with inet6 part of patch, for idea on using ifam_data and for several rounds of reviewing!
PR: kern/117000, kern/126945, kern/126714, kern/120130, kern/117448 Reviewed by: bz Submitted by: bz [1]
|
#
227309 |
|
07-Nov-2011 |
ed |
Mark all SYSCTL_NODEs static that have no corresponding SYSCTL_DECLs.
The SYSCTL_NODE macro defines a list that stores all child-elements of that node. If there's no SYSCTL_DECL macro anywhere else, there's no reason why it shouldn't be static.
|
#
227061 |
|
03-Nov-2011 |
mlaier |
Fix a use-after-free/redzone issue in the routing code.
Reported by (repeatedly): Mike Tancsa Prodded by (repeatedly): bz Forgotten by (repeatedly): mlaier MFC after: 2 weeks
|
#
225837 |
|
28-Sep-2011 |
bz |
Pass the fibnum where we need filtering of the message on the rtsock allowing routing daemons to filter routing updates on an rtsock per FIB.
Adjust raw_input() and split it into wrapper and a new function taking an optional callback argument even though we only have one consumer [1] to keep the hackish flags local to rtsock.c.
PR: kern/134931 Submitted by: multiple (see PR) Suggested by: rwatson [1] Reviewed by: rwatson MFC after: 3 days
|
#
218503 |
|
09-Feb-2011 |
mlaier |
As info.rti_info[RTAX_DST] can point inside of rtm we must not free the rtm until rt_dispatch is done with the sockaddr.
Found by: memguard MFC after: 3 days
|
#
213930 |
|
16-Oct-2010 |
bz |
Close a race acquiring the IF_ADDR_LOCK() for each entry while iterating over all interfaces to make sure the address will neither change nor be freed while we are working on it.
PR: kern/146250 Submitted by: Mikolaj Golub (to.my.trociny gmail.com) MFC after: 1 week
|
#
210805 |
|
03-Aug-2010 |
kib |
Properly set ifi_datalen for compat32 struct if_data32.
PR: kern/149240 Submitted by: Stef Walter <stef memberwebs com> MFC after: 1 weeks
|
#
208553 |
|
25-May-2010 |
qingli |
This patch fixes the problem where proxy ARP entries cannot be added over the if_ng interface.
MFC after: 3 days
|
#
207194 |
|
25-Apr-2010 |
kib |
Provide 32bit compat shims for sysctl net.route NET_RT_IFLIST. This allows getifaddrs(3) to work for compat32 binaries.
Submitted by: jhb (6.x version) Reviewed by: emaste Tested by: emaste and <pluknet gmail com> MFC after: 2 weeks
|
#
201282 |
|
30-Dec-2009 |
qingli |
The proxy arp entries could not be added into the system over the IFF_POINTOPOINT link types. The reason was due to the routing entry returned from the kernel covering the remote end is of an interface type that does not support ARP. This patch fixes this problem by providing a hint to the kernel routing code, which indicates the prefix route instead of the PPP host route should be returned to the caller. Since a host route to the local end point is also added into the routing table, and there could be multiple such instantiations due to multiple PPP links can be created with the same local end IP address, this patch also fixes the loopback route installation failure problem observed prior to this patch. The reference count of loopback route to local end would be either incremented or decremented. The first instantiation would create the entry and the last removal would delete the route entry.
MFC after: 5 days
|
#
200473 |
|
13-Dec-2009 |
bz |
Throughout the network stack we have a few places of if (jailed(cred)) left. If you are running with a vnet (virtual network stack) those will return true and defer you to classic IP-jails handling and thus things will be "denied" or returned with an error.
Work around this problem by introducing another "jailed()" function, jailed_without_vnet(), that also takes vnets into account, and permits the calls, should the jail from the given cred have its own virtual network stack.
We cannot change the classic jailed() call to do that, as it is used outside the network stack as well.
Discussed with: julian, zec, jamie, rwatson (back in Sept) MFC after: 5 days
|
#
196678 |
|
30-Aug-2009 |
qingli |
As part of r196609, a call to "rtalloc" did not take the fib into account. So call the appropriate "rtalloc_ign_fib()" instead of calling "rtalloc_ign()".
Reviewed by:i pointed out by bz MFC after: immediately
|
#
196609 |
|
28-Aug-2009 |
qingli |
In ip_output(), the flow-table module must not try to cache L2/L3 information for interface of IFF_POINTOPOINT or IFF_LOOPBACK type. Since the L2 information (rt_lle) is invalid for these interface types, accidental caching attempt will trigger panic when the invalid rt_lle reference is accessed.
When installing a new route, or when updating an existing route, the user supplied gateway address may be an interface address (this is particularly true for point-to-point interface related modules such as ppp, if_tun, if_gif). Currently the routing command handler always set the RTF_GATEWAY flag if the gateway address is given as part of the command paramters. Therefore the gateway address must be verified against interface addresses or else the route would be treated as an indirect route, thus making that route unusable.
Reviewed by: kmacy, julia, rwatson Verified by: marcus MFC after: 3 days
|
#
196174 |
|
13-Aug-2009 |
bz |
Put multiple instructions into a block when iterating; unbreaks NET_RT_DUMP, which otherwise only returned information of AF_MAX. This was broken in r193232 (save your time - my bug, my fix).
PR: kern/137700 Reported by: Larry Baird (lab gta.com) Tested by: Larry Baird (lab gta.com) Reviewed by: zec, lstewart, qing Approved by: re (kib)
|
#
196019 |
|
01-Aug-2009 |
rwatson |
Merge the remainder of kern_vimage.c and vimage.h into vnet.c and vnet.h, we now use jails (rather than vimages) as the abstraction for virtualization management, and what remained was specific to virtual network stacks. Minor cleanups are done in the process, and comments updated to reflect these changes.
Reviewed by: bz Approved by: re (vimage blanket)
|
#
195837 |
|
23-Jul-2009 |
rwatson |
Introduce and use a sysinit-based initialization scheme for virtual network stacks, VNET_SYSINIT:
- Add VNET_SYSINIT and VNET_SYSUNINIT macros to declare events that will occur each time a network stack is instantiated and destroyed. In the !VIMAGE case, these are simply mapped into regular SYSINIT/SYSUNINIT. For the VIMAGE case, we instead use SYSINIT's to track their order and properties on registration, using them for each vnet when created/ destroyed, or immediately on module load for already-started vnets. - Remove vnet_modinfo mechanism that existed to serve this purpose previously, as well as its dependency scheme: we now just use the SYSINIT ordering scheme. - Implement VNET_DOMAIN_SET() to allow protocol domains to declare that they want init functions to be called for each virtual network stack rather than just once at boot, compiling down to DOMAIN_SET() in the non-VIMAGE case. - Walk all virtualized kernel subsystems and make use of these instead of modinfo or DOMAIN_SET() for init/uninit events. In some cases, convert modular components from using modevent to using sysinit (where appropriate). In some cases, do minor rejuggling of SYSINIT ordering to make room for or better manage events.
Portions submitted by: jhb (VNET_SYSINIT), bz (cleanup) Discussed with: jhb, bz, julian, zec Reviewed by: bz Approved by: re (VIMAGE blanket)
|
#
195699 |
|
14-Jul-2009 |
rwatson |
Build on Jeff Roberson's linker-set based dynamic per-CPU allocator (DPCPU), as suggested by Peter Wemm, and implement a new per-virtual network stack memory allocator. Modify vnet to use the allocator instead of monolithic global container structures (vinet, ...). This change solves many binary compatibility problems associated with VIMAGE, and restores ELF symbols for virtualized global variables.
Each virtualized global variable exists as a "reference copy", and also once per virtual network stack. Virtualized global variables are tagged at compile-time, placing the in a special linker set, which is loaded into a contiguous region of kernel memory. Virtualized global variables in the base kernel are linked as normal, but those in modules are copied and relocated to a reserved portion of the kernel's vnet region with the help of a the kernel linker.
Virtualized global variables exist in per-vnet memory set up when the network stack instance is created, and are initialized statically from the reference copy. Run-time access occurs via an accessor macro, which converts from the current vnet and requested symbol to a per-vnet address. When "options VIMAGE" is not compiled into the kernel, normal global ELF symbols will be used instead and indirection is avoided.
This change restores static initialization for network stack global variables, restores support for non-global symbols and types, eliminates the need for many subsystem constructors, eliminates large per-subsystem structures that caused many binary compatibility issues both for monitoring applications (netstat) and kernel modules, removes the per-function INIT_VNET_*() macros throughout the stack, eliminates the need for vnet_symmap ksym(2) munging, and eliminates duplicate definitions of virtualized globals under VIMAGE_GLOBALS.
Bump __FreeBSD_version and update UPDATING.
Portions submitted by: bz Reviewed by: bz, zec Discussed with: gnn, jamie, jeff, jhb, julian, sam Suggested by: peter Approved by: re (kensmith)
|
#
194760 |
|
23-Jun-2009 |
rwatson |
Modify most routines returning 'struct ifaddr *' to return references rather than pointers, requiring callers to properly dispose of those references. The following routines now return references:
ifaddr_byindex ifa_ifwithaddr ifa_ifwithbroadaddr ifa_ifwithdstaddr ifa_ifwithnet ifaof_ifpforaddr ifa_ifwithroute ifa_ifwithroute_fib rt_getifa rt_getifa_fib IFP_TO_IA ip_rtaddr in6_ifawithifp in6ifa_ifpforlinklocal in6ifa_ifpwithaddr in6_ifadd carp_iamatch6 ip6_getdstifaddr
Remove unused macro which didn't have required referencing:
IFP_TO_IA6
This closes many small races in which changes to interface or address lists while an ifaddr was in use could lead to use of freed memory (etc). In a few cases, add missing if_addr_list locking required to safely acquire references.
Because of a lack of deep copying support, we accept a race in which an in6_ifaddr pointed to by mbuf tags and extracted with ip6_getdstifaddr() doesn't hold a reference while in transmit. Once we have mbuf tag deep copy support, this can be fixed.
Reviewed by: bz Obtained from: Apple, Inc. (portions) MFC after: 6 weeks (portions)
|
#
194602 |
|
21-Jun-2009 |
rwatson |
Clean up common ifaddr management:
- Unify reference count and lock initialization in a single function, ifa_init(). - Move tear-down from a macro (IFAFREE) to a function ifa_free(). - Move reference count bump from a macro (IFAREF) to a function ifa_ref(). - Instead of using a u_int protected by a mutex to refcount(9) for reference count management.
The ifa_mtx is now used for exactly one ioctl, and possibly should be removed.
MFC after: 3 weeks
|
#
193926 |
|
10-Jun-2009 |
bz |
SCTP needs either IPv4 or IPv6 as lower layer[1]. So properly hide the already #ifdef SCTP code with #if defined(INET) || defined(INET6) as well to get us closer to a non-INET/INET6 kernel.
Discussed with: tuexen [1]
|
#
193744 |
|
08-Jun-2009 |
bz |
After r193232 rt_tables in vnet.h are no longer indirectly dependent on the ROUTETABLES kernel option thus there is no need to include opt_route.h anymore in all consumers of vnet.h and no longer depend on it for module builds.
Remove the hidden include in flowtable.h as well and leave the two explicit #includes in ip_input.c and ip_output.c.
|
#
193232 |
|
01-Jun-2009 |
bz |
Convert the two dimensional array to be malloced and introduce an accessor function to get the correct rnh pointer back.
Update netstat to get the correct pointer using kvm_read() as well.
This not only fixes the ABI problem depending on the kernel option but also permits the tunable to overwrite the kernel option at boot time up to MAXFIBS, enlarging the number of FIBs without having to recompile. So people could just use GENERIC now.
Reviewed by: julian, rwatson, zec X-MFC: not possible
|
#
193219 |
|
01-Jun-2009 |
rwatson |
Reimplement the netisr framework in order to support parallel netisr threads:
- Support up to one netisr thread per CPU, each processings its own workstream, or set of per-protocol queues. Threads may be bound to specific CPUs, or allowed to migrate, based on a global policy.
In the future it would be desirable to support topology-centric policies, such as "one netisr per package".
- Allow each protocol to advertise an ordering policy, which can currently be one of:
NETISR_POLICY_SOURCE: packets must maintain ordering with respect to an implicit or explicit source (such as an interface or socket).
NETISR_POLICY_FLOW: make use of mbuf flow identifiers to place work, as well as allowing protocols to provide a flow generation function for mbufs without flow identifers (m2flow). Falls back on NETISR_POLICY_SOURCE if now flow ID is available.
NETISR_POLICY_CPU: allow protocols to inspect and assign a CPU for each packet handled by netisr (m2cpuid).
- Provide utility functions for querying the number of workstreams being used, as well as a mapping function from workstream to CPU ID, which protocols may use in work placement decisions.
- Add explicit interfaces to get and set per-protocol queue limits, and get and clear drop counters, which query data or apply changes across all workstreams.
- Add a more extensible netisr registration interface, in which protocols declare 'struct netisr_handler' structures for each registered NETISR_ type. These include name, handler function, optional mbuf to flow ID function, optional mbuf to CPU ID function, queue limit, and ordering policy. Padding is present to allow these to be expanded in the future. If no queue limit is declared, then a default is used.
- Queue limits are now per-workstream, and raised from the previous IFQ_MAXLEN default of 50 to 256.
- All protocols are updated to use the new registration interface, and with the exception of netnatm, default queue limits. Most protocols register as NETISR_POLICY_SOURCE, except IPv4 and IPv6, which use NETISR_POLICY_FLOW, and will therefore take advantage of driver- generated flow IDs if present.
- Formalize a non-packet based interface between interface polling and the netisr, rather than having polling pretend to be two protocols. Provide two explicit hooks in the netisr worker for start and end events for runs: netisr_poll() and netisr_pollmore(), as well as a function, netisr_sched_poll(), to allow the polling code to schedule netisr execution. DEVICE_POLLING still embeds single-netisr assumptions in its implementation, so for now if it is compiled into the kernel, a single and un-bound netisr thread is enforced regardless of tunable configuration.
In the default configuration, the new netisr implementation maintains the same basic assumptions as the previous implementation: a single, un-bound worker thread processes all deferred work, and direct dispatch is enabled by default wherever possible.
Performance measurement shows a marginal performance improvement over the old implementation due to the use of batched dequeue.
An rmlock is used to synchronize use and registration/unregistration using the framework; currently, synchronized use is disabled (replicating current netisr policy) due to a measurable 3%-6% hit in ping-pong micro-benchmarking. It will be enabled once further rmlock optimization has taken place. However, in practice, netisrs are rarely registered or unregistered at runtime.
A new man page for netisr will follow, but since one doesn't currently exist, it hasn't been updated.
This change is not appropriate for MFC, although the polling shutdown handler should be merged to 7-STABLE.
Bump __FreeBSD_version.
Reviewed by: bz
|
#
192895 |
|
27-May-2009 |
jamie |
Add hierarchical jails. A jail may further virtualize its environment by creating a child jail, which is visible to that jail and to any parent jails. Child jails may be restricted more than their parents, but never less. Jail names reflect this hierarchy, being MIB-style dot-separated strings.
Every thread now points to a jail, the default being prison0, which contains information about the physical system. Prison0's root directory is the same as rootvnode; its hostname is the same as the global hostname, and its securelevel replaces the global securelevel. Note that the variable "securelevel" has actually gone away, which should not cause any problems for code that properly uses securelevel_gt() and securelevel_ge().
Some jail-related permissions that were kept in global variables and set via sysctls are now per-jail settings. The sysctls still exist for backward compatibility, used only by the now-deprecated jail(2) system call.
Approved by: bz (mentor)
|
#
191816 |
|
05-May-2009 |
zec |
Change the curvnet variable from a global const struct vnet *, previously always pointing to the default vnet context, to a dynamically changing thread-local one. The currvnet context should be set on entry to networking code via CURVNET_SET() macros, and reverted to previous state via CURVNET_RESTORE(). Recursions on curvnet are permitted, though strongly discuouraged.
This change should have no functional impact on nooptions VIMAGE kernel builds, where CURVNET_* macros expand to whitespace.
The curthread->td_vnet (aka curvnet) variable's purpose is to be an indicator of the vnet context in which the current network-related operation takes place, in case we cannot deduce the current vnet context from any other source, such as by looking at mbuf's m->m_pkthdr.rcvif->if_vnet, sockets's so->so_vnet etc. Moreover, so far curvnet has turned out to be an invaluable consistency checking aid: it helps to catch cases when sockets, ifnets or any other vnet-aware structures may have leaked from one vnet to another.
The exact placement of the CURVNET_SET() / CURVNET_RESTORE() macros was a result of an empirical iterative process, whith an aim to reduce recursions on CURVNET_SET() to a minimum, while still reducing the scope of CURVNET_SET() to networking only operations - the alternative would be calling CURVNET_SET() on each system call entry. In general, curvnet has to be set in three typicall cases: when processing socket-related requests from userspace or from within the kernel; when processing inbound traffic flowing from device drivers to upper layers of the networking stack, and when executing timer-driven networking functions.
This change also introduces a DDB subcommand to show the list of all vnet instances.
Approved by: julian (mentor)
|
#
191548 |
|
26-Apr-2009 |
zec |
In preparation for turning on options VIMAGE in next commits, rearrange / replace / adjust several INIT_VNET_* initializer macros, all of which currently resolve to whitespace.
Reviewed by: bz (an older version of the patch) Approved by: julian (mentor)
|
#
191342 |
|
20-Apr-2009 |
rwatson |
Acquire address list lock before walking an interface's address list to identify possible jail addresses on it for IPv4 and IPv6.
MFC after: 2 weeks
|
#
191080 |
|
14-Apr-2009 |
kmacy |
Extend route command: - add show as alias for get - add weights to allow mpath to do more than equal cost - add sticky / nostick to disable / re-enable per-connection load balancing
This adds a field to rt_metrics_lite so network bits of world will need to be re-built.
Reviewed by: jeli & qingli
|
#
188149 |
|
05-Feb-2009 |
jamie |
Call prison_if from rtm_get_jailed, instead of splitting it out into prison_check_ip4 and prison_check_ip6. As prison_if includes a jailed() check, remove that check before calling rtm_get_jailed.
Approved by: bz (mentor)
|
#
188144 |
|
05-Feb-2009 |
jamie |
Standardize the various prison_foo_ip[46] functions and prison_if to return zero on success and an error code otherwise. The possible errors are EADDRNOTAVAIL if an address being checked for doesn't match the prison, and EAFNOSUPPORT if the prison doesn't have any addresses in that address family. For most callers of these functions, use the returned error code instead of e.g. a hard-coded EADDRNOTAVAIL or EINVAL.
Always include a jailed() check in these functions, where a non-jailed cred always returns success (and makes no changes). Remove the explicit jailed() checks that preceded many of the function calls.
Approved by: bz (mentor)
|
#
187684 |
|
25-Jan-2009 |
bz |
For consistency with prison_{local,remote,check}_ipN rename prison_getipN to prison_get_ipN.
Submitted by: jamie (as part of a larger patch) MFC after: 1 week
|
#
187328 |
|
16-Jan-2009 |
qingli |
The RTF_LLINFO was revived unconditionally, but within the kernel the check on the sysctl argument value being RTF_LLINFO is conditioned on the COMPAT_ROUTE_FLAGS kernel option. This mismatch caused the L2 table retrieval failure, and the arp/ndp -an command displays empty L2 tables.
Reviewed by: pjd
|
#
187094 |
|
12-Jan-2009 |
qingli |
Revive the RTF_LLINFO flag in route.h. The kernel code is guarded by the new kernel option COMPAT_ROUTE_FLAGS for binary backward compatibility. The RTF_LLDATA flag maps to the same value as RTF_LLINFO. RTF_LLDATA is used by the arp and ndp utilities. The RTF_LLDATA flag is always returned to the userland regardless whether the COMPAT_ROUTE_FLAGS is defined.
|
#
186986 |
|
09-Jan-2009 |
bz |
Rather than using the cred from curthread, take it from the thread referenced in the sysctl req argument.
Reviewed by: rwatson MFC after: 2 weeks
|
#
186980 |
|
09-Jan-2009 |
bz |
Restrict arp, ndp and theoretically the FIB listing (if not read with libkvm) to the addresses of a prison, when inside a jail. [1] As the patch from the PR was pre-'new-arp', add checks to the llt_dump handlers as well.
While touching RTM_GET in route_output(), consistently use curthread credentials rather than the creds from the socket there. [2]
PR: kern/68189 Submitted by: Mark Delany <sxcg2-fuwxj@qmda.emu.st> [1] Discussed with: rwatson [2] Reviewed by: rwatson MFC after: 4 weeks
|
#
186956 |
|
09-Jan-2009 |
bz |
Take the cred from curthread rather than curproc as curproc would need locking but the credential from curthread (usually) never changes.
Discussed with: jhb MFC after: 2 weeks
|
#
186500 |
|
26-Dec-2008 |
qingli |
This checkin addresses a couple of issues: 1. The "route" command allows route insertion through the interface-direct option "-iface". During if_attach(), an sockaddr_dl{} entry is created for the interface and is part of the interface address list. This sockaddr_dl{} entry describes the interface in detail. The "route" command selects this entry as the "gateway" object when the "-iface" option is present. The "arp" and "ndp" commands also interact with the kernel through the routing socket when adding and removing static L2 entries. The static L2 information is also provided through the "gateway" object with an AF_LINK family type, similar to what is provided by the "route" command. In order to differentiate between these two types of operations, a RTF_LLDATA flag is introduced. This flag is set by the "arp" and "ndp" commands when issuing the add and delete commands. This flag is also set in each L2 entry returned by the kernel. The "arp" and "ndp" command follows a convention where a RTM_GET is issued first followed by a RTM_ADD/DELETE. This RTM_GET request fills in the fields for a "rtm" object, which is reinjected into the kernel by a subsequent RTM_ADD/DELETE command. The entry returend from RTM_GET is a prefix route, so the RTF_LLDATA flag must be specified when issuing the RTM_ADD/DELETE messages.
2. Enforce the convention that NET_RT_FLAGS with a 0 w_arg is the specification for retrieving L2 information. Also optimized the code logic.
Reviewed by: julian
|
#
186119 |
|
15-Dec-2008 |
qingli |
This main goals of this project are: 1. separating L2 tables (ARP, NDP) from the L3 routing tables 2. removing as much locking dependencies among these layers as possible to allow for some parallelism in the search operations 3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route cloning (RTF_CLONING) concept, which translated into code reduction in both IPv4 ARP and IPv6 NDP related modules, and size reduction in struct rtentry{}. The change in design obsoletes the semantics of RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland applications such as "arp" and "ndp" have been modified to reflect those changes. The output from "netstat -r" shows only the routing entries.
Quite a few developers have contributed to this project in the past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing the last piece of the puzzle, Kip has also been conducting active functional testing - Sam Leffler has helped me improving/refactoring the code, and provided valuable reviews - Julian Elischer setup the perforce tree for me and has helped me maintaining that branch before the svn conversion
|
#
186061 |
|
13-Dec-2008 |
thompsa |
Dont leak the rnh lock on error.
|
#
185849 |
|
10-Dec-2008 |
kmacy |
fix a reported panic when adding a route and one hit here when deleting a route
- pass RTF_RNH_LOCKED to rtalloc1_fib in 2 cases where the lock is held - make sure the rnh lock is held across rt_setgate and rt_getifa_fib
|
#
185751 |
|
07-Dec-2008 |
imp |
Add missing include to sys/lock.h before sys/rwlock.h
|
#
185747 |
|
07-Dec-2008 |
kmacy |
- convert radix node head lock from mutex to rwlock - make radix node head lock not recursive - fix LOR in rtexpunge - fix LOR in rtredirect
Reviewed by: sam
|
#
185571 |
|
02-Dec-2008 |
bz |
Rather than using hidden includes (with cicular dependencies), directly include only the header files needed. This reduces the unneeded spamming of various headers into lots of files.
For now, this leaves us with very few modules including vnet.h and thus needing to depend on opt_route.h.
Reviewed by: brooks, gnn, des, zec, imp Sponsored by: The FreeBSD Foundation
|
#
185435 |
|
29-Nov-2008 |
bz |
MFp4: Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple addresses per jail. In addtion to IPv4, IPv6 is supported as well. Due to updated checks it is even possible to have jails without an IP address at all, which basically gives one a chroot with restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name in addition to the hostname. The jail name cannot be changed from within a jail and is considered to be used for management purposes or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit systems to manage jails. Also backward compatibility was preserved where possible: for jail v1 syscalls, as well as with user space management utilities.
Both jail as well as prison version were updated for the new features. A gap was intentionally left as the intermediate versions had been used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to: - Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches and Olivier Houchard (cognet) for initial single-IPv6 patches. - Jeff Roberson (jeff) and Randall Stewart (rrs) for their help, ideas and review on cpuset and SCTP support. - Robert Watson (rwatson) for lots and lots of help, discussions, suggestions and review of most of the patch at various stages. - John Baldwin (jhb) for his help. - Simon L. Nielsen (simon) as early adopter testing changes on cluster machines as well as all the testers and people who provided feedback the last months on freebsd-jail and other channels. - My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above) MFC after: 3 months (this is just so that I get the mail) X-MFC Before: 7.2-RELEASE if possible
|
#
184205 |
|
23-Oct-2008 |
des |
Retire the MALLOC and FREE macros. They are an abomination unto style(9).
MFC after: 3 months
|
#
183550 |
|
02-Oct-2008 |
zec |
Step 1.5 of importing the network stack virtualization infrastructure from the vimage project, as per plan established at devsummit 08/08: http://wiki.freebsd.org/Image/Notes200808DevSummit
Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator macros, and CURVNET_SET() context setting macros, all currently resolving to NOPs.
Prepare for virtualization of selected SYSCTL objects by introducing a family of SYSCTL_V_*() macros, currently resolving to their global counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT().
Move selected #defines from sys/sys/vimage.h to newly introduced header files specific to virtualized subsystems (sys/net/vnet.h, sys/netinet/vinet.h etc.).
All the changes are verified to have zero functional impact at this point in time by doing MD5 comparision between pre- and post-change object files(*).
(*) netipsec/keysock.c did not validate depending on compile time options.
Implemented by: julian, bz, brooks, zec Reviewed by: julian, bz, brooks, kris, rwatson, ... Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation
|
#
181803 |
|
17-Aug-2008 |
bz |
Commit step 1 of the vimage project, (network stack) virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course of the next few weeks.
Mark all uses of global variables to be virtualized with a V_ prefix. Use macros to map them back to their global names for now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/... Reviewed by: brooks, des, ed, mav, julian, jamie, kris, rwatson, zec, ... (various people I forgot, different versions) md5 (with a bit of help) Sponsored by: NLnet Foundation, The FreeBSD Foundation X-MFC after: never V_Commit_Message_Reviewed_By: more people than the patch
|
#
180385 |
|
09-Jul-2008 |
rwatson |
Remove unused support for local and foreign addresses in generic raw socket support. These utility routines are used only for routing and pfkey sockets, neither of which have a notion of address, so were required to mock up fake socket addresses to avoid connection requirements for applications that did not specify their own fake addresses (most of them).
Quite a bit of the removed code is #ifdef notdef, since raw sockets don't support bind() or connect() in practice. Removing this simplifies the raw socket implementation, and removes two (commented out) uses of dtom(9).
Fake addresses passed to sendto(2) by applications are ignored for compatibility reasons, but this is now done in a more consistent way (and with a comment). Possibly, EINVAL could be returned here in the future if it is determined that no applications depend on the semantic inconsistency of specifying a destination address for a protocol without address support, but this will require some amount of careful surveying.
NB: This does not affect netinet, netinet6, or other wire protocol raw sockets, which provide their own independent infrastructure with control block address support specific to the protocol.
MFC after: 3 weeks Reviewed by: bz
|
#
180239 |
|
03-Jul-2008 |
rwatson |
Remove NETISR_MPSAFE, which allows specific netisr handlers to be directly dispatched without Giant, and add NETISR_FORCEQUEUE, which allows specific netisr handlers to always be dispatched via a queue (deferred). Mark the usb and if_ppp netisr handlers as NETISR_FORCEQUEUE, and explicitly acquire Giant in those handlers.
Previously, any netisr handler not marked NETISR_MPSAFE would necessarily run deferred and with Giant acquired. This change removes Giant scaffolding from the netisr infrastructure, but NETISR_FORCEQUEUE allows non-MPSAFE handlers to continue to force deferred dispatch so as to avoid lock order reversals between their acqusition of Giant and any calling context.
It is likely we will be able to remove NETISR_FORCEQUEUE once IFF_NEEDSGIANT is removed, as non-MPSAFE usb and if_ppp drivers will no longer be supported.
Reviewed by: bz MFC after: 1 month X-MFC note: We can't remove NETISR_MPSAFE from stable/7 for KPI reasons, but the rest can go back.
|
#
178888 |
|
09-May-2008 |
julian |
Add code to allow the system to handle multiple routing tables. This particular implementation is designed to be fully backwards compatible and to be MFC-able to 7.x (and 6.x)
Currently the only protocol that can make use of the multiple tables is IPv4 Similar functionality exists in OpenBSD and Linux.
From my notes:
-----
One thing where FreeBSD has been falling behind, and which by chance I have some time to work on is "policy based routing", which allows different packet streams to be routed by more than just the destination address.
Constraints: ------------
I want to make some form of this available in the 6.x tree (and by extension 7.x) , but FreeBSD in general needs it so I might as well do it in -current and back port the portions I need.
One of the ways that this can be done is to have the ability to instantiate multiple kernel routing tables (which I will now refer to as "Forwarding Information Bases" or "FIBs" for political correctness reasons). Which FIB a particular packet uses to make the next hop decision can be decided by a number of mechanisms. The policies these mechanisms implement are the "Policies" referred to in "Policy based routing".
One of the constraints I have if I try to back port this work to 6.x is that it must be implemented as a EXTENSION to the existing ABIs in 6.x so that third party applications do not need to be recompiled in timespan of the branch.
This first version will not have some of the bells and whistles that will come with later versions. It will, for example, be limited to 16 tables in the first commit. Implementation method, Compatible version. (part 1) ------------------------------- For this reason I have implemented a "sufficient subset" of a multiple routing table solution in Perforce, and back-ported it to 6.x. (also in Perforce though not always caught up with what I have done in -current/P4). The subset allows a number of FIBs to be defined at compile time (8 is sufficient for my purposes in 6.x) and implements the changes needed to allow IPV4 to use them. I have not done the changes for ipv6 simply because I do not need it, and I do not have enough knowledge of ipv6 (e.g. neighbor discovery) needed to do it.
Other protocol families are left untouched and should there be users with proprietary protocol families, they should continue to work and be oblivious to the existence of the extra FIBs.
To understand how this is done, one must know that the current FIB code starts everything off with a single dimensional array of pointers to FIB head structures (One per protocol family), each of which in turn points to the trie of routes available to that family.
The basic change in the ABI compatible version of the change is to extent that array to be a 2 dimensional array, so that instead of protocol family X looking at rt_tables[X] for the table it needs, it looks at rt_tables[Y][X] when for all protocol families except ipv4 Y is always 0. Code that is unaware of the change always just sees the first row of the table, which of course looks just like the one dimensional array that existed before.
The entry points rtrequest(), rtalloc(), rtalloc1(), rtalloc_ign() are all maintained, but refer only to the first row of the array, so that existing callers in proprietary protocols can continue to do the "right thing". Some new entry points are added, for the exclusive use of ipv4 code called in_rtrequest(), in_rtalloc(), in_rtalloc1() and in_rtalloc_ign(), which have an extra argument which refers the code to the correct row.
In addition, there are some new entry points (currently called rtalloc_fib() and friends) that check the Address family being looked up and call either rtalloc() (and friends) if the protocol is not IPv4 forcing the action to row 0 or to the appropriate row if it IS IPv4 (and that info is available). These are for calling from code that is not specific to any particular protocol. The way these are implemented would change in the non ABI preserving code to be added later.
One feature of the first version of the code is that for ipv4, the interface routes show up automatically on all the FIBs, so that no matter what FIB you select you always have the basic direct attached hosts available to you. (rtinit() does this automatically).
You CAN delete an interface route from one FIB should you want to but by default it's there. ARP information is also available in each FIB. It's assumed that the same machine would have the same MAC address, regardless of which FIB you are using to get to it.
This brings us as to how the correct FIB is selected for an outgoing IPV4 packet.
Firstly, all packets have a FIB associated with them. if nothing has been done to change it, it will be FIB 0. The FIB is changed in the following ways.
Packets fall into one of a number of classes.
1/ locally generated packets, coming from a socket/PCB. Such packets select a FIB from a number associated with the socket/PCB. This in turn is inherited from the process, but can be changed by a socket option. The process in turn inherits it on fork. I have written a utility call setfib that acts a bit like nice..
setfib -3 ping target.example.com # will use fib 3 for ping.
It is an obvious extension to make it a property of a jail but I have not done so. It can be achieved by combining the setfib and jail commands.
2/ packets received on an interface for forwarding. By default these packets would use table 0, (or possibly a number settable in a sysctl(not yet)). but prior to routing the firewall can inspect them (see below). (possibly in the future you may be able to associate a FIB with packets received on an interface.. An ifconfig arg, but not yet.)
3/ packets inspected by a packet classifier, which can arbitrarily associate a fib with it on a packet by packet basis. A fib assigned to a packet by a packet classifier (such as ipfw) would over-ride a fib associated by a more default source. (such as cases 1 or 2).
4/ a tcp listen socket associated with a fib will generate accept sockets that are associated with that same fib.
5/ Packets generated in response to some other packet (e.g. reset or icmp packets). These should use the FIB associated with the packet being reponded to.
6/ Packets generated during encapsulation. gif, tun and other tunnel interfaces will encapsulate using the FIB that was in effect withthe proces that set up the tunnel. thus setfib 1 ifconfig gif0 [tunnel instructions] will set the fib for the tunnel to use to be fib 1.
Routing messages would be associated with their process, and thus select one FIB or another. messages from the kernel would be associated with the fib they refer to and would only be received by a routing socket associated with that fib. (not yet implemented)
In addition Netstat has been edited to be able to cope with the fact that the array is now 2 dimensional. (It looks in system memory using libkvm (!)). Old versions of netstat see only the first FIB.
In addition two sysctls are added to give: a) the number of FIBs compiled in (active) b) the default FIB of the calling process.
Early testing experience: -------------------------
Basically our (IronPort's) appliance does this functionality already using ipfw fwd but that method has some drawbacks.
For example, It can't fully simulate a routing table because it can't influence the socket's choice of local address when a connect() is done.
Testing during the generating of these changes has been remarkably smooth so far. Multiple tables have co-existed with no notable side effects, and packets have been routes accordingly.
ipfw has grown 2 new keywords:
setfib N ip from anay to any count ip from any to any fib N
In pf there seems to be a requirement to be able to give symbolic names to the fibs but I do not have that capacity. I am not sure if it is required.
SCTP has interestingly enough built in support for this, called VRFs in Cisco parlance. it will be interesting to see how that handles it when it suddenly actually does something.
Where to next: --------------------
After committing the ABI compatible version and MFCing it, I'd like to proceed in a forward direction in -current. this will result in some roto-tilling in the routing code.
Firstly: the current code's idea of having a separate tree per protocol family, all of the same format, and pointed to by the 1 dimensional array is a bit silly. Especially when one considers that there is code that makes assumptions about every protocol having the same internal structures there. Some protocols don't WANT that sort of structure. (for example the whole idea of a netmask is foreign to appletalk). This needs to be made opaque to the external code.
My suggested first change is to add routing method pointers to the 'domain' structure, along with information pointing the data. instead of having an array of pointers to uniform structures, there would be an array pointing to the 'domain' structures for each protocol address domain (protocol family), and the methods this reached would be called. The methods would have an argument that gives FIB number, but the protocol would be free to ignore it.
When the ABI can be changed it raises the possibilty of the addition of a fib entry into the "struct route". Currently, the structure contains the sockaddr of the desination, and the resulting fib entry. To make this work fully, one could add a fib number so that given an address and a fib, one can find the third element, the fib entry.
Interaction with the ARP layer/ LL layer would need to be revisited as well. Qing Li has been working on this already.
This work was sponsored by Ironport Systems/Cisco
Reviewed by: several including rwatson, bz and mlair (parts each) Obtained from: Ironport systems/Cisco
|
#
178167 |
|
13-Apr-2008 |
qingli |
This patch provides the back end support for equal-cost multi-path (ECMP) for both IPv4 and IPv6. Previously, multipath route insertion is disallowed. For example,
route add -net 192.103.54.0/24 10.9.44.1 route add -net 192.103.54.0/24 10.9.44.2
The second route insertion will trigger an error message of "add net 192.103.54.0/24: gateway 10.2.5.2: route already in table"
Multiple default routes can also be inserted. Here is the netstat output:
default 10.2.5.1 UGS 0 3074 bge0 => default 10.2.5.2 UGS 0 0 bge0
When multipath routes exist, the "route delete" command requires a specific gateway to be specified or else an error message would be displayed. For example,
route delete default
would fail and trigger the following error message:
"route: writing to routing socket: No such process" "delete net default: not in table"
On the other hand,
route delete default 10.2.5.2
would be successful: "delete net default: gateway 10.2.5.2"
One does not have to specify a gateway if there is only a single route for a particular destination.
I need to perform more testings on address aliases and multiple interfaces that have the same IP prefixes. This patch as it stands today is not yet ready for prime time. Therefore, the ECMP code fragments are fully guarded by the RADIX_MPATH macro. Include the "options RADIX_MPATH" in the kernel configuration to enable this feature.
Reviewed by: robert, sam, gnn, julian, kmacy
|
#
177253 |
|
16-Mar-2008 |
rwatson |
In keeping with style(9)'s recommendations on macros, use a ';' after each SYSINIT() macro invocation. This makes a number of lightweight C parsers much happier with the FreeBSD kernel source, including cflow's prcc and lxr.
MFC after: 1 month Discussed with: imp, rink
|
#
172092 |
|
08-Sep-2007 |
cognet |
Do not set the RTF_GATEWAY flag if RTF_LLINFO is set, it doesn't make much sense in that context, and leads to unusable routes. This should unbreak bootpd.
Discussed with: glebius Submitted by: bms Approved by: re (bmah)
|
#
167949 |
|
27-Mar-2007 |
glebius |
Fix regression in rev. 1.140.
Reported by: Yuriy Tsibizov <Yuriy.Tsibizov gfk.ru>, bsam
|
#
167943 |
|
27-Mar-2007 |
bms |
Fix a case where hardware removal of an interface caused an attempt to announce an ll_ifma which has gone away. Add a KASSERT to catch regressions.
Bug found by: Tom Uffner
|
#
167797 |
|
22-Mar-2007 |
glebius |
When working on an RTM_CHANGE do the route editing in the following sequence. First, if rt_ifa is going to be changed, then call ifa_rtrequest(RTM_DELETE). Second, if gateway is going to be changed, then call rt_setgate(). Third, change rt_ifa.
With this change we are able to change a link level route to a gateway one, that wasn't possible before:
# ifconfig em0 192.168.22.1/24 # arp -s 192.168.22.99 00:11:22:33:44:55 # route change 192.168.22.99 192.168.22.199 # ping 192.168.22.99 db>
Reported by: avatar
|
#
164033 |
|
06-Nov-2006 |
rwatson |
Sweep kernel replacing suser(9) calls with priv(9) calls, assigning specific privilege names to a broad range of privileges. These may require some future tweaking.
Sponsored by: nCircle Network Security, Inc. Obtained from: TrustedBSD Project Discussed on: arch@ Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri, Alex Lyashkov <umka at sevcity dot net>, Skip Ford <skip dot ford at verizon dot net>, Antoine Brodin <antoine dot brodin at laposte dot net>
|
#
163953 |
|
03-Nov-2006 |
rrs |
Ok, here it is, we finally add SCTP to current. Note that this work is not just mine, but it is also the works of Peter Lei and Michael Tuexen. They both are my two key other developers working on the project.. and they need ata-boy's too: **** peterlei@cisco.com tuexen@fh-muenster.de **** I did do a make sysent which updated the syscall's and sysproto.. I hope that is correct... without it you don't build since we have new syscalls for SCTP :-0
So go out and look at the NOTES, add option SCTP (make sure inet and inet6 are present too) and play with SCTP.
I will see about comitting some test tools I have after I figure out where I should place them. I also have a lib (libsctp.a) that adds some of the missing socketapi functions that I need to put into lib's.. I will talk to George about this :-)
There may still be some 64 bit issues in here, none of us have a 64 bit processor to test with yet.. Michael may have a MAC but thats another beast too..
If you have a mac and want to use SCTP contact Michael he maintains a web site with a loadable module with this code :-)
Reviewed by: gnn Approved by: gnn
|
#
160549 |
|
21-Jul-2006 |
rwatson |
Change semantics of socket close and detach. Add a new protocol switch function, pru_close, to notify protocols that the file descriptor or other consumer of a socket is closing the socket. pru_abort is now a notification of close also, and no longer detaches. pru_detach is no longer used to notify of close, and will be called during socket tear-down by sofree() when all references to a socket evaporate after an earlier call to abort or close the socket. This means detach is now an unconditional teardown of a socket, whereas previously sockets could persist after detach of the protocol retained a reference.
This faciliates sharing mutexes between layers of the network stack as the mutex is required during the checking and removal of references at the head of sofree(). With this change, pru_detach can now assume that the mutex will no longer be required by the socket layer after completion, whereas before this was not necessarily true.
Reviewed by: gnn
|
#
160124 |
|
05-Jul-2006 |
oleg |
Adjust rt_(set|get)metrics() to do kernel <-> userland timebase conversion. We need it since kernel timebase has changed (time_second -> time_uptime).
Approved by: glebius (mentor)
|
#
157370 |
|
01-Apr-2006 |
rwatson |
Chance protocol switch method pru_detach() so that it returns void rather than an error. Detaches do not "fail", they other occur or the protocol flags SS_PROTOREF to take ownership of the socket.
soclose() no longer looks at so_pcb to see if it's NULL, relying entirely on the protocol to decide whether it's time to free the socket or not using SS_PROTOREF. so_pcb is now entirely owned and managed by the protocol code. Likewise, no longer test so_pcb in other socket functions, such as soreceive(), which have no business digging into protocol internals.
Protocol detach routines no longer try to free the socket on detach, this is performed in the socket code if the protocol permits it.
In rts_detach(), no longer test for rp != NULL in detach, and likewise in other protocols that don't permit a NULL so_pcb, reduce the incidence of testing for it during detach.
netinet and netinet6 are not fully updated to this change, which will be in an upcoming commit. In their current state they may leak memory or panic.
MFC after: 3 months
|
#
157366 |
|
01-Apr-2006 |
rwatson |
Change protocol switch pru_abort() API so that it returns void rather than an int, as an error here is not meaningful. Modify soabort() to unconditionally free the socket on the return of pru_abort(), and modify most protocols to no longer conditionally free the socket, since the caller will do this.
This commit likely leaves parts of netinet and netinet6 in a situation where they may panic or leak memory, as they have not are not fully updated by this commit. This will be corrected shortly in followup commits to these components.
MFC after: 3 months
|
#
156750 |
|
15-Mar-2006 |
andre |
- Fill in the correct rtm_index for RTM_ADD and RTM_CHANGE messages.
- Allow RTM_CHANGE to change a number of route flags as specified by RTF_FMASK.
- The unused rtm_use field in struct rt_msghdr is redesignated as rtm_fmask field to communicate route flag changes in RTM_CHANGE messages from userland. The use count of a route was moved to rtm_rmx a long time ago. For source code compatibility reasons a define of rtm_use to rtm_fmask is provided.
These changes faciliate running of multiple cooperating routing daemons at the same time without causing undesired interference. Open[BGP|OSPF]D make use of these features to have IGP routes override EGP ones.
Obtained from: OpenBSD (claudio@) MFC after: 3 days
|
#
152315 |
|
11-Nov-2005 |
ru |
- Store pointer to the link-level address right in "struct ifnet" rather than in ifindex_table[]; all (except one) accesses are through ifp anyway. IF_LLADDR() works faster, and all (except one) ifaddr_byindex() users were converted to use ifp->if_addr.
- Stop storing a (pointer to) Ethernet address in "struct arpcom", and drop the IFP2ENADDR() macro; all users have been converted to use IF_LLADDR() instead.
|
#
152242 |
|
09-Nov-2005 |
ru |
Use sparse initializers for "struct domain" and "struct protosw", so they are easier to follow for the human being.
|
#
150331 |
|
19-Sep-2005 |
glebius |
Drop current rtentry lock before calling rt_getifa(). This fixes a LOR and a possible recursive use of rtentry mutex.
PR: kern/69356 Reviewed by: sam
|
#
149943 |
|
10-Sep-2005 |
csjp |
Protect interface and address lists using the appropriate mutex. These locks were not aquired because the user buffers were not wired, thus it was possible that that SYSCTL_OUT could sleep, causing a number of different problems such as lock ordering issues and dead locks.
-Wire user supplied buffer to ensure SYSCTL_OUT will not sleep. -Pickup ifnet locks to protect the list. -Where applicable pickup address locks. -Pickup radix node head locks. -Remove splnet stubs -Remove various comments about locking here, because they are no longer needed.
It is the hope that these changes will make sysctl_rtsock MP safe.
MFC after: 3 weeks
|
#
149848 |
|
07-Sep-2005 |
obrien |
Forward declaring static variables as extern is invalid ISO-C. Now that GCC can properly handle forward static declarations, do this properly.
|
#
149452 |
|
25-Aug-2005 |
rwatson |
De-spl parts of the routing socket code now generally protected through locking; leave some spl references around code where there are open questions about global variable references. Also, add an XXX regarding locking in sysctl.
MFC after: 3 days
|
#
148956 |
|
11-Aug-2005 |
glebius |
o To prevent a race between RTM_DELETE message and arptimer() deleting stale entry, we need to lock rtentry before unlocking radix head.
Reviewed by: sam
|
#
148886 |
|
09-Aug-2005 |
rwatson |
Rename IFF_RUNNING to IFF_DRV_RUNNING, IFF_OACTIVE to IFF_DRV_OACTIVE, and move both flags from ifnet.if_flags to ifnet.if_drv_flags, making and documenting the locking of these flags the responsibility of the device driver, not the network stack. The flags for these two fields will be mutually exclusive so that they can be exposed to user space as though they were stored in the same variable.
Provide #defines to provide the old names #ifndef _KERNEL, so that user applications (such as ifconfig) can use the old flag names. Using the old names in a device driver will result in a compile error in order to help device driver writers adopt the new model.
When exposing the interface flags to user space, via interface ioctls or routing sockets, or the two fields together. Since the driver flags cannot currently be set for user space, no new logic is currently required to handle this case.
Add some assertions that general purpose network stack routines, such as if_setflags(), are not improperly used on driver-owned flags.
With this change, a large number of very minor network stack races are closed, subject to correct device driver locking. Most were likely never triggered.
Driver sweep to follow; many thanks to pjd and bz for the line-by-line review they gave this patch.
Reviewed by: pjd, bz MFC after: 7 days
|
#
148037 |
|
15-Jul-2005 |
gnn |
Fix for PR 82974. We were not checking that the route looked up in the case of an RTM_CHANGE was specific, i.e. that it matched completely. This led to a route change of a non-existent route changing the default route as the radix code would simply back track to that point and hand that route back to the routing socket code.
PR: 82974 Reviewed by: Tai-hwa Liang <avatar@mmlab.cse.yzu.edu.tw> Ben Kaduk <minimarmot@gmail.com> Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net> Obtained from: OpenBSD with modifications. MFC after: 2 weeks
|
#
147165 |
|
09-Jun-2005 |
harti |
When returing an RTM_GET message through the routing socket fill in the rtm_index field whenever we have an interface pointer. This is consistent with the RTM_GET messages returned by sysctl().
|
#
144160 |
|
26-Mar-2005 |
sam |
rt_newaddrmsg will blow up if given something other than RTM_ADD or RTM_DELETE; add an assertion, may want to do something more heavyhanded in the future
Noticed by: Coverity Prevent analysis tool Reviewed by: mdodd
|
#
142335 |
|
23-Feb-2005 |
sam |
eliminate dead code and collapse the remainder
Noticed by: Coverity Prevent analysis tool Reviewed by: rwatson
|
#
139823 |
|
06-Jan-2005 |
imp |
/* -> /*- for license, minor formatting changes
|
#
137386 |
|
08-Nov-2004 |
phk |
Initialize struct pr_userreqs in new/sparse style and fill in common default elements in net_init_domain().
This makes it possible to grep these structures and see any bogosities.
|
#
136155 |
|
05-Oct-2004 |
sam |
Add 802.11-specific events that are dispatched through the routing socket. This really doesn't belong here but is preferred (for the moment) over adding yet another mechanism for sending msgs from the kernel to user apps.
Reviewed by: imp
|
#
134391 |
|
27-Aug-2004 |
andre |
Apply error and success logic consistently to the function netisr_queue() and its users.
netisr_queue() now returns (0) on success and ERRNO on failure. At the moment ENXIO (netisr queue not functional) and ENOBUFS (netisr queue full) are supported.
Previously it would return (1) on success but the return value of IF_HANDOFF() was interpreted wrongly and (0) was actually returned on success. Due to this schednetisr() was never called to kick the scheduling of the isr. However this was masked by other normal packets coming through netisr_dispatch() causing the dequeueing of waiting packets.
PR: kern/70988 Found by: MOROHOSHI Akihiko <moro@remus.dti.ne.jp> MFC after: 3 days
|
#
134241 |
|
24-Aug-2004 |
roam |
Fix a typo (attacked -> attached).
Approved by: sam
|
#
134138 |
|
21-Aug-2004 |
rwatson |
If a tunable for the routing socket netisr queue max is defined, allow it to override the default value, rather than the default value overriding the tunable.
|
#
134137 |
|
21-Aug-2004 |
rwatson |
Allow the size of the routing socket netisr queue to be configured using the tunable or sysctl 'net.route.netisr_maxqlen'. Default the maximum depth to 256 rather than IFQ_MAXLEN due to the downsides of dropping routing messages.
MT5 candidate.
Discussed with: mdodd, mlaier, Vincent Jardin <jardin at 6wind.com>
|
#
133671 |
|
13-Aug-2004 |
rwatson |
Use IFQ_SET_MAXLEN() to set the maximum queue depth of the routing socket netisr queue.
Pointed out by: winter
|
#
131674 |
|
06-Jul-2004 |
bms |
Be consistent and use bzero() instead of memset().
|
#
130256 |
|
09-Jun-2004 |
rwatson |
Introduce a netisr to deliver kernel-generated routing, avoiding recursive entering of the socket code from the routing code:
- Modify rt_dispatch() to bundle up the sockaddr family, if any, associated with a pending mbuf to dispatch to routing sockets, in an m_tag on the mbuf.
- Allocate NETISR_ROUTE for use by routing sockets.
- Introduce rtsintrq, an ifqueue to be used by the netisr, and introduce rts_input(), a function to unbundle the tagged sockaddr and inject the mbuf and address into raw_input(), which previously occurred in rt_dispatch().
- Introduce rts_init() to initialize rtsintrq, its mutex, and register the netisr. Perform this at the same point in system initialization as setup of the domains.
This change introduces asynchrony between the generation of a pending routing socket message and delivery to sockets for use by userspace. It avoids socket->routing->rtsock->socket use and helps to avoid lock order reversals between the routing code and socket code (in particular, raw socket control blocks), as route locks are held over calls to rt_dispatch().
Reviewed by: "George V.Neville-Neil" <gnn@neville-neil.com> Conceptual head nod by: sam
|
#
129089 |
|
10-May-2004 |
csjp |
Zero the un-used portions of the struct sockaddr data before sending it back to userspace, so it does not break bind(2) on raw sockets in jails.
Currently some processes, like traceroute(8) construct a routing request to determine its source address based on the destination. This sockaddr data is fed directly to bind(2). When bind calls ifa_ifwithaddr(9) to make sure the address exists on the interface, the comparison will fail causing bind(2) to return EADDRNOTAVAIL if the data wasnt zero'ed before initialization.
Approved by: bmilekic (mentor)
|
#
128880 |
|
03-May-2004 |
maxim |
o Fix misindentation in the previous commit.
|
#
128664 |
|
26-Apr-2004 |
bmilekic |
Give jail(8) the feature to allow raw sockets from within a jail, which is less restrictive but allows for more flexible jail usage (for those who are willing to make the sacrifice). The default is off, but allowing raw sockets within jails can now be accomplished by tuning security.jail.allow_raw_sockets to 1.
Turning this on will allow you to use things like ping(8) or traceroute(8) from within a jail.
The patch being committed is not identical to the patch in the PR. The committed version is more friendly to APIs which pjd is working on, so it should integrate into his work quite nicely. This change has also been presented and addressed on the freebsd-hackers mailing list.
Submitted by: Christian S.J. Peron <maneo@bsdpro.com> PR: kern/65800
|
#
128420 |
|
19-Apr-2004 |
ru |
More style and deobfuscation fixes.
Submitted by: bde
|
#
128409 |
|
18-Apr-2004 |
ru |
Style and code unobfuscation.
|
#
128408 |
|
18-Apr-2004 |
ru |
Fixed a bug from rev. 1.42: cast to a correct type.
Submitted by: luigi
|
#
128400 |
|
18-Apr-2004 |
luigi |
+ replace Bcmp/Bzero with 'the real thing' as in the rest of the file. + remember to check and fix or explain a strange cast in route_output()
|
#
128373 |
|
17-Apr-2004 |
luigi |
Minor changes to improve code readability (no actual code changes): + replace 0 with NULL where appropriate (not complete) + remove register declaration while there + add argument names to function prototypes to have a better idea of what they are used for + add 'const' qualifiers in 3 places
|
#
128356 |
|
17-Apr-2004 |
luigi |
misc cleanup in sysctl_ifmalist(): + remove a partly incorrect comment that i introduced in the last commit; + deal with the correct part of the above comment by cleaning up the updates of 'info' -- rti_addrs needd not to be updated, rti_info[RTAX_IFP] can be set once outside the loop. While at it, correct a few misspelling of NULL as 0, but there are way too many in this file, and i did not want to clutter the important part of this commit.
|
#
128311 |
|
16-Apr-2004 |
luigi |
Consistently use ifaddr_byindex() to access the link-level address of an interface. No functional change.
On passing, comment a likely bug in net/rtsock.c:sysctl_ifmalist() which, if confirmed, would deserve to be fixed and MFC'ed
|
#
128185 |
|
13-Apr-2004 |
luigi |
route.h: introduce a macro, SA_SIZE(struct sockaddr *) which returns the space occupied by a struct sockaddr when passed through a routing socket. Use it to replace the macro ROUNDUP(int), that does the same but is redefined by every file which uses it, courtesy of the School of Cut'n'Paste Programming(TM).
(partial) userland changes to follow.
|
#
128168 |
|
12-Apr-2004 |
luigi |
remove an almost-duplicate piece of code by setting the loop limits appropriately.
|
#
128019 |
|
07-Apr-2004 |
imp |
Remove advertising clause from University of California Regent's license, per letter dated July 22, 1999 and email from Peter Wemm, Alan Cox and Robert Watson.
Approved by: core, peter, alc, rwatson
|
#
122922 |
|
20-Nov-2003 |
andre |
Introduce tcp_hostcache and remove the tcp specific metrics from the routing table. Move all usage and references in the tcp stack from the routing table metrics to the tcp hostcache.
It caches measured parameters of past tcp sessions to provide better initial start values for following connections from or to the same source or destination. Depending on the network parameters to/from the remote host this can lead to significant speedups for new tcp connections after the first one because they inherit and shortcut the learning curve.
tcp_hostcache is designed for multiple concurrent access in SMP environments with high contention and is hash indexed by remote ip address.
It removes significant locking requirements from the tcp stack with regard to the routing table.
Reviewed by: sam (mentor), bms Reviewed by: -net, -current, core@kame.net (IPv6 parts) Approved by: re (scottl)
|
#
122875 |
|
17-Nov-2003 |
rwatson |
Introduce a MAC label reference in 'struct inpcb', which caches the MAC label referenced from 'struct socket' in the IPv4 and IPv6-based protocols. This permits MAC labels to be checked during network delivery operations without dereferencing inp->inp_socket to get to so->so_label, which will eventually avoid our having to grab the socket lock during delivery at the network layer.
This change introduces 'struct inpcb' as a labeled object to the MAC Framework, along with the normal circus of entry points: initialization, creation from socket, destruction, as well as a delivery access control check.
For most policies, the inpcb label will simply be a cache of the socket label, so a new protocol switch method is introduced, pr_sosetlabel() to notify protocols that the socket layer label has been updated so that the cache can be updated while holding appropriate locks. Most protocols implement this using pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use the the worker function in_pcbsosetlabel(), which calls into the MAC Framework to perform a cache update.
Biba, LOMAC, and MLS implement these entry points, as do the stub policy, and test policy.
Reviewed by: sam, bms Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
#
122685 |
|
14-Nov-2003 |
bms |
Add a sysctl MIB, NET_RT_IFMALIST, to retrieve multicast group memberships in a protocol-independent way.
Submitted by: harti
|
#
122334 |
|
08-Nov-2003 |
sam |
replace explicit changes to rt_refcnt by RT_ADDREF and RT_REMREF macros that expand to include assertions when the system is built with INVARIANTS
Supported by: FreeBSD Foundation
|
#
121816 |
|
31-Oct-2003 |
brooks |
Replace the if_name and if_unit members of struct ifnet with new members if_xname, if_dname, and if_dunit. if_xname is the name of the interface and if_dname/unit are the driver name and instance.
This change paves the way for interface renaming and enhanced pseudo device creation and configuration symantics.
Approved By: re (in principle) Reviewed By: njl, imp Tested On: i386, amd64, sparc64 Obtained From: NetBSD (if_xname)
|
#
120727 |
|
04-Oct-2003 |
sam |
Locking for updates to routing table entries. Each rtentry gets a mutex that covers updates to the contents. Note this is separate from holding a reference and/or locking the routing table itself.
Other/related changes:
o rtredirect loses the final parameter by which an rtentry reference may be returned; this was never used and added unwarranted complexity for locking. o minor style cleanups to routing code (e.g. ansi-fy function decls) o remove the logic to bump the refcnt on the parent of cloned routes, we assume the parent will remain as long as the clone; doing this avoids a circularity in locking during delete o convert some timeouts to MPSAFE callouts
Notes:
1. rt_mtx in struct rtentry is guarded by #ifdef _KERNEL as user-level applications cannot/do-no know about mutex's. Doing this requires that the mutex be the last element in the structure. A better solution is to introduce an externalized version of struct rtentry but this is a major task because of the intertwining of rtentry and other data structures that are visible to user applications. 2. There are known LOR's that are expected to go away with forthcoming work to eliminate many held references. If not these will be resolved prior to release. 3. ATM changes are untested.
Sponsored by: FreeBSD Foundation Obtained from: BSD/OS (partly)
|
#
120703 |
|
03-Oct-2003 |
sam |
trivial locking rtsock_cb
Sponsored by: FreeBSD Foundation
|
#
120701 |
|
03-Oct-2003 |
sam |
cleanups prior to adding locking (and in some cases to eliminate locking):
o move route_cb to be private to rtsock.c o replace global static route_proto by locals o eliminate global #define shorthands for info references o remove some register decls o ansi-fy function decls o move items to be close in scope to their usage o add rt_dispatch function for dispatching the actual message o cleanup tangled logic for doing all-but-me msg send
Support by: FreeBSD Foundation
|
#
111926 |
|
05-Mar-2003 |
peter |
Finish driving a stake through the heart of netns and the associated ifdefs scattered around the place - its dead Jim!
The SMB stuff had stolen AF_NS, make it official.
|
#
111119 |
|
19-Feb-2003 |
imp |
Back out M_* changes, per decision of the TRB.
Approved by: trb
|
#
109623 |
|
21-Jan-2003 |
alfred |
Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0. Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
|
#
108277 |
|
26-Dec-2002 |
hsu |
Disable radix node locking for sysctl until we fix the sysctl infrastructure to not sleep.
|
#
108271 |
|
25-Dec-2002 |
hsu |
Range-check the address family parameter passed in to the sysctl handler.
Submitted by: ru
|
#
108269 |
|
25-Dec-2002 |
ru |
If the caller of rtrequest*(RTM_DELETE, ...) asked for a copy of the entry being removed (ret_nrt != NULL), increment the entry's rt_refcnt like we do it for RTM_ADD and RTM_RESOLVE, rather than messing around with 1->0 transitions for rtfree() all over.
|
#
108250 |
|
24-Dec-2002 |
hsu |
SMP locking for radix nodes.
|
#
108172 |
|
22-Dec-2002 |
hsu |
SMP locking for ifnet list.
|
#
108124 |
|
20-Dec-2002 |
hsu |
Swap the order of a free and a use of an ifaddr structure.
|
#
108033 |
|
18-Dec-2002 |
hsu |
Lock up ifaddr reference counts.
|
#
104302 |
|
01-Oct-2002 |
phk |
Fix some harmless mis-indents.
Spotted by: FlexeLint
|
#
104094 |
|
28-Sep-2002 |
phk |
Be consistent about "static" functions: if the function is marked static in its prototype, mark it static at the definition too.
Inspired by: FlexeLint warning #512
|
#
102412 |
|
25-Aug-2002 |
charnier |
Replace various spelling with FALLTHROUGH which is lint()able
|
#
102052 |
|
18-Aug-2002 |
sobomax |
Increase size of ifnet.if_flags from 16 bits (short) to 32 bits (int). To avoid breaking application ABI use unused ifreq.ifru_flags[1] for upper 16 bits in SIOCSIFFLAGS and SIOCGIFFLAGS ioctl's.
Reviewed by: -hackers, -net
|
#
98385 |
|
18-Jun-2002 |
tanimura |
Remove so*_locked(), which were backed out by mistake.
|
#
97658 |
|
31-May-2002 |
tanimura |
Back out my lats commit of locking down a socket, it conflicts with hsu's work.
Requested by: hsu
|
#
96972 |
|
20-May-2002 |
tanimura |
Lock down a socket, milestone 1.
o Add a mutex (sb_mtx) to struct sockbuf. This protects the data in a socket buffer. The mutex in the receive buffer also protects the data in struct socket.
o Determine the lock strategy for each members in struct socket.
o Lock down the following members:
- so_count - so_options - so_linger - so_state
o Remove *_locked() socket APIs. Make the following socket APIs touching the members above now require a locked socket:
- sodisconnect() - soisconnected() - soisconnecting() - soisdisconnected() - soisdisconnecting() - sofree() - soref() - sorele() - sorwakeup() - sotryfree() - sowakeup() - sowwakeup()
Reviewed by: alfred
|
#
95883 |
|
01-May-2002 |
alfred |
Redo the sigio locking.
Turn the sigio sx into a mutex.
Sigio lock is really only needed to protect interrupts from dereferencing the sigio pointer in an object when the sigio itself is being destroyed.
In order to do this in the most unintrusive manner change pgsigio's sigio * argument into a **, that way we can lock internally to the function.
|
#
95759 |
|
29-Apr-2002 |
tanimura |
Revert the change of #includes in sys/filedesc.h and sys/socketvar.h.
Requested by: bde
Since locking sigio_lock is usually followed by calling pgsigio(), move the declaration of sigio_lock and the definitions of SIGIO_*() to sys/signalvar.h.
While I am here, sort include files alphabetically, where possible.
|
#
95552 |
|
27-Apr-2002 |
tanimura |
Add a global sx sigio_lock to protect the pointer to the sigio object of a socket. This avoids lock order reversal caused by locking a process in pgsigio().
sowakeup() and the callers of it (sowwakeup, soisconnected, etc.) now require sigio_lock to be locked. Provide sowwakeup_locked(), soisconnected_locked(), and so on in case where we have to modify a socket and wake up a process atomically.
|
#
93593 |
|
01-Apr-2002 |
jhb |
Change the suser() API to take advantage of td_ucred as well as do a general cleanup of the API. The entire API now consists of two functions similar to the pre-KSE API. The suser() function takes a thread pointer as its only argument. The td_ucred member of this thread must be valid so the only valid thread pointers are curthread and a few kernel threads such as thread0. The suser_cred() function takes a pointer to a struct ucred as its first argument and an integer flag as its second argument. The flag is currently only used for the PRISON_ROOT flag.
Discussed on: smp@
|
#
92725 |
|
19-Mar-2002 |
alfred |
Remove __P.
|
#
91406 |
|
27-Feb-2002 |
jhb |
Simple p_ucred -> td_ucred changes to start using the per-thread ucred reference.
|
#
89883 |
|
27-Jan-2002 |
gallatin |
Prevent the kernel from generating an unaligned sysctl data buffer on 64-bit platforms. The unaligned access is caused by struct ifa_msghdr not being a multiple of 8-bytes in size. If an interface has an odd number of addresses, this causes the next interface to generate an unaligned access in the user-level app walking the interfaces (ifconfig).
Submitted by: Bernd Walter <ticso@cicely8.cicely.de>
|
#
89768 |
|
24-Jan-2002 |
cjc |
Have sysctl() return the correct errno(2) as documented in the sysctl(3) manpage.
Submitted by: ru Obtained from: BSD/OS
|
#
89498 |
|
18-Jan-2002 |
ru |
Introduce an interface announcement message for the routing socket so that routing daemons and other interested parties know when an interface is attached/detached.
PR: kern/33747 Obtained from: NetBSD MFC after: 2 weeks
|
#
88198 |
|
19-Dec-2001 |
brian |
It's no longer necessary to ensure that ``gate'' is set when RTF_GATEWAY is passed, as subsequent code does that check now anyway.
Submitted by: ru
|
#
88196 |
|
19-Dec-2001 |
brian |
Only call rt_getifa() if we've either been passed a gateway or if we've been given an RTA_IFP or changed RTA_IFA sockaddr.
This fixes the following bug: >/dev/tun100 >/dev/tun101 ifconfig tun100 1.2.3.4 5.6.7.8 ifconfig tun101 1.2.3.4 6.7.8.9 route change 6.7.8.9 -ifa 1.2.3.4 -iface -mtu 500 which erroneously changed tun101's host route to have an ifp of tun100 (rt_getifa() sets the ifp after calling ifa_ifwithnet(1.2.3.4))
This incarnation submitted by: ru
|
#
85074 |
|
17-Oct-2001 |
ru |
Pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2.
Have sys/net/route.c:rtrequest1(), which takes ``rt_addrinfo *'' as the argument. Pass rt_addrinfo all the way down to rtrequest1 and ifa->ifa_rtrequest. 3rd argument of ifa->ifa_rtrequest is now ``rt_addrinfo *'' instead of ``sockaddr *'' (almost noone is using it anyways).
Benefit: the following command now works. Previously we needed two route(8) invocations, "add" then "change". # route add -inet6 default ::1 -ifp gif0
Remove unsafe typecast in rtrequest(), from ``rtentry *'' to ``sockaddr *''. It was introduced by 4.3BSD-Reno and never corrected.
Obtained from: BSD/OS, NetBSD MFC after: 1 month PR: kern/28360
|
#
85053 |
|
17-Oct-2001 |
ru |
Bring in latest CSRG revisions to this file:
- Report destination address of a P2P link when servicing routing socket messages.
- Report interface name, address, and destination address of a P2P link when servicing NET_RT_{DUMP,FLAGS} sysctls.
Part of CSRG revision 8.6 coresponds to revision 1.12. CSRG revision 8.7 corresponds to revision 1.15.
|
#
84105 |
|
29-Sep-2001 |
jlemon |
Change sysctl_iflist() so it has a single point of return. This will assist any future locking efforts.
|
#
83711 |
|
20-Sep-2001 |
ru |
Use the current process's credentials rather than socket's cached. If the process drops its super-user privileges, we certainly don't want to allow it to modify routing tables.
Discussed with: rwatson
|
#
83366 |
|
12-Sep-2001 |
julian |
KSE Milestone 2 Note ALL MODULES MUST BE RECOMPILED make the kernel aware that there are smaller units of scheduling than the process. (but only allow one thread per process at this time). This is functionally equivalent to teh previousl -current except that there is a thread associated with each process.
Sorry john! (your next MFC will be a doosie!)
Reviewed by: peter@freebsd.org, dillon@freebsd.org
X-MFC after: ha ha ha ha
|
#
82651 |
|
31-Aug-2001 |
ru |
Synch with NetBSD and OpenBSD.
Allow non-superuser to open, listen to, and send safe commands on the routing socket. Superuser priviledge is required for all commands but RTM_GET.
Lose `setuid root' bit of route(8).
Reviewed by: wollman, dd
|
#
81065 |
|
02-Aug-2001 |
jon |
fix memory leak when error during opening of routing socket
PR: kern/29336 Submitted by: Richard Andrades <richard@xebeo.com> MFC after: 1 month
|
#
79198 |
|
04-Jul-2001 |
ume |
adjust mbuf length right in route_output().
Obtained from: KAME MFC after: 1 week
|
#
78083 |
|
11-Jun-2001 |
ume |
This is force commit to mention about previous commit.
- allow oversized routing messages.
|
#
78064 |
|
11-Jun-2001 |
ume |
Sync with recent KAME. This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge.
TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT.
Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks
|
#
72786 |
|
21-Feb-2001 |
rwatson |
o Move per-process jail pointer (p->pr_prison) to inside of the subject credential structure, ucred (cr->cr_prison). o Allow jail inheritence to be a function of credential inheritence. o Abstract prison structure reference counting behind pr_hold() and pr_free(), invoked by the similarly named credential reference management functions, removing this code from per-ABI fork/exit code. o Modify various jail() functions to use struct ucred arguments instead of struct proc arguments. o Introduce jailed() function to determine if a credential is jailed, rather than directly checking pointers all over the place. o Convert PRISON_CHECK() macro to prison_check() function. o Move jail() function prototypes to jail.h. o Emulate the P_JAILED flag in fill_kinfo_proc() and no longer set the flag in the process flags field itself. o Eliminate that "const" qualifier from suser/p_can/etc to reflect mutex use.
Notes:
o Some further cleanup of the linux/jail code is still required. o It's now possible to consider resolving some of the process vs credential based permission checking confusion in the socket code. o Mutex protection of struct prison is still not present, and is required to protect the reference count plus some fields in the structure.
Reviewed by: freebsd-arch Obtained from: TrustedBSD Project
|
#
71999 |
|
04-Feb-2001 |
phk |
Mechanical change to use <sys/queue.h> macro API instead of fondling implementation details.
Created with: sed(1) Reviewed by: md5(1)
|
#
71959 |
|
03-Feb-2001 |
phk |
Use <sys/queue.h> macro api rather than fondle its implementation detals.
Created with: /usr/bin/sed Reviewed by: /sbin/md5
|
#
69781 |
|
08-Dec-2000 |
dwmalone |
Convert more malloc+bzero to malloc+M_ZERO.
Submitted by: josh@zipperup.org Submitted by: Robert Drehmel <robd@gmx.net>
|
#
63841 |
|
25-Jul-2000 |
ume |
Workaround to avoid panic during detach pccard nic.
|
#
62573 |
|
04-Jul-2000 |
phk |
Previous commit changing SYSCTL_HANDLER_ARGS violated KNF.
Pointed out by: bde
|
#
62454 |
|
03-Jul-2000 |
phk |
Style police catches up with rev 1.26 of src/sys/sys/sysctl.h:
Sanitize SYSCTL_HANDLER_ARGS so that simplistic tools can grog our sources:
-sysctl_vm_zone SYSCTL_HANDLER_ARGS +sysctl_vm_zone (SYSCTL_HANDLER_ARGS)
|
#
57178 |
|
13-Feb-2000 |
peter |
Clean up some loose ends in the network code, including the X.25 and ISO #ifdefs. Clean out unused netisr's and leftover netisr linker set gunk. Tested on x86 and alpha, including world.
Approved by: jkh
|
#
56761 |
|
28-Jan-2000 |
shin |
Count AF_INET6 attachement to routing socket.
Obtained from: KAME project
|
#
55178 |
|
28-Dec-1999 |
ru |
Make cloning mask sockaddr (genmask) possible.
PR: kern/3061 Reviewed by: wollman
|
#
50477 |
|
27-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
#
46161 |
|
29-Apr-1999 |
luoqi |
Postpone route_init() until all domains are attached.
|
#
46155 |
|
28-Apr-1999 |
phk |
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname.
Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
|
#
43305 |
|
27-Jan-1999 |
dillon |
Fix warnings in preparation for adding -Wall -Wcast-qual to the kernel compile
|
#
30868 |
|
31-Oct-1997 |
dg |
Fixed bug in RTM_ADD where rmx_locks weren't being set on the new route, preventing "route add default 1.2.3.4 -lock -mtu 1500" from working as expected (which is, BTW, to disable Path MTU Discovery).
|
#
30813 |
|
28-Oct-1997 |
bde |
Removed unused #includes.
|
#
30354 |
|
12-Oct-1997 |
phk |
Last major round (Unless Bruce thinks of somthing :-) of malloc changes.
Distribute all but the most fundamental malloc types. This time I also remembered the trick to making things static: Put "static" in front of them.
A couple of finer points by: bde
|
#
29366 |
|
14-Sep-1997 |
peter |
Update network code to use poll support.
|
#
29024 |
|
01-Sep-1997 |
bde |
Added used #include - don't depend on <sys/mbuf.h> including <sys/malloc.h> (unless we only use the bogusly shared M*WAIT flags).
|
#
28270 |
|
16-Aug-1997 |
wollman |
Fix all areas of the system (or at least all those in LINT) to avoid storing socket addresses in mbufs. (Socket buffers are the one exception.) A number of kernel APIs needed to get fixed in order to make this happen. Also, fix three protocol families which kept PCBs in mbufs to not malloc them instead. Delete some old compatibility cruft while we're at it, and add some new routines in the in_cksum family.
|
#
27504 |
|
18-Jul-1997 |
julian |
An actual fix for the routing default crashes that 1/ is compatible with the old route(1) in case needed. 2/ actually fixes the problem while vetting bad user input. note: I have already fixed route(1) so the problem shouldn't occur. if it does. use 0.0.0.0/0 instead of the word 'default' :)
|
#
27476 |
|
17-Jul-1997 |
msmith |
Fix Julian's fixed fix. Routing is weird.
We need to accept at least one sockaddr with zero length, in order to be able to set the default route.
Suggested by: Phone conversation with Julian (sleep well!)
|
#
27458 |
|
16-Jul-1997 |
julian |
Bungled cut/paste leaves kernel with page faults.. (read all about it!)
|
#
27431 |
|
15-Jul-1997 |
julian |
Finally track down the reason for some of my occasional kernel crashes. Route(1) has a bug that sends a bad message to the kernel. The kernel trusts it and crashes. Add some sanity checks so that we don't trust the user quite as much any more. (also add a comment in if_ethersubr.c)
|
#
25201 |
|
27-Apr-1997 |
wollman |
The long-awaited mega-massive-network-code- cleanup. Part I.
This commit includes the following changes: 1) Old-style (pr_usrreq()) protocols are no longer supported, the compatibility glue for them is deleted, and the kernel will panic on boot if any are compiled in.
2) Certain protocol entry points are modified to take a process structure, so they they can easily tell whether or not it is possible to sleep, and also to access credentials.
3) SS_PRIV is no more, and with it goes the SO_PRIVSTATE setsockopt() call. Protocols should use the process pointer they are now passed.
4) The PF_LOCAL and PF_ROUTE families have been updated to use the new style, as has the `raw' skeleton family.
5) PF_LOCAL sockets now obey the process's umask when creating a socket in the filesystem.
As a result, LINT is now broken. I'm hoping that some enterprising hacker with a bit more time will either make the broken bits work (should be easy for netipx) or dike them out.
|
#
22975 |
|
22-Feb-1997 |
peter |
Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not ready for it yet.
|
#
22250 |
|
04-Feb-1997 |
fenner |
Make sure we have arguments to pass before calling ifaof_ifpforaddr and ifa_ifwithroute.
This eliminates the panic seen in kern/2647, although it doesn't address the fact that RTM_CHANGE can't change flags.
|
#
21673 |
|
14-Jan-1997 |
jkh |
Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
|
#
21666 |
|
13-Jan-1997 |
wollman |
Use the new if_multiaddrs list for multicast addresses rather than the previous hackery involving struct in_ifaddr and arpcom. Get rid of the abominable multi_kludge. Update all network interfaces to use the new machanism. Distressingly few Ethernet drivers program the multicast filter properly (assuming the hardware has one, which it usually does).
|
#
20407 |
|
13-Dec-1996 |
wollman |
Convert the interface address and IP interface address structures to TAILQs. Fix places which referenced these for no good reason that I can see (the references remain, but were fixed to compile again; they are still questionable).
|
#
20337 |
|
11-Dec-1996 |
wollman |
Use queue macros for the list of interfaces. Next stop: ifaddrs!
|
#
17052 |
|
09-Jul-1996 |
fenner |
Disallow host routes that point to themselves. These routes serve no purpose, other than to get in the way of the ARP table and cause "can't allocate llinfo" errors.
This change may cause gated or routed to start complaining when adding such routes. If so, these programs will need to be fixed to not try to add these routes.
Reviewed by: wollman
|
#
15680 |
|
08-May-1996 |
gpalmer |
Clean up various compiler warnings. Most (if not all) were benign
Reviewed by: bde
|
#
14546 |
|
11-Mar-1996 |
dg |
Move or add #include <queue.h> in preparation for upcoming struct socket changes.
|
#
12340 |
|
16-Nov-1995 |
phk |
All net.* sysctl converted now.
|
#
11819 |
|
26-Oct-1995 |
julian |
Reviewed by: julian and jhay@mikom.csir.co.za Submitted by: Mike Mitchell, supervisor@alb.asctmd.com
This is a bulk mport of Mike's IPX/SPX protocol stacks and all the related gunf that goes with it.. it is not guaranteed to work 100% correctly at this time but as we had several people trying to work on it I figured it would be better to get it checked in so they could all get teh same thing to work on..
Mikes been using it for a year or so but on 2.0
more changes and stuff will be merged in from other developers now that this is in.
Mike Mitchell, Network Engineer AMTECH Systems Corporation, Technology and Manufacturing 8600 Jefferson Street, Albuquerque, New Mexico 87113 (505) 856-8000 supervisor@alb.asctmd.com
|
#
11459 |
|
13-Oct-1995 |
wollman |
Protect against routing socket messages with way-too-big address families.
Submitted by: Keith Sklower by way of Paul Traina
|
#
11341 |
|
09-Oct-1995 |
bde |
Fix types of sysctl functions. Add prototypes. Cosmetic.
|
#
8876 |
|
30-May-1995 |
rgrimes |
Remove trailing whitespace.
|
#
8544 |
|
15-May-1995 |
dg |
Fixed route reference count bug that squirmed in during the the routing-socket code upgrade from Berkeley..
Submitted by: Garrett Wollman via Peter Wemm via Cornell
|
#
8426 |
|
10-May-1995 |
wollman |
Make networking domains drop-ins, through the magic of GNU ld. (Some day, there may even be LKMs.) Also, change the internal name of `unixdomain' to `localdomain' since AF_LOCAL is now the preferred name of this family. Declare netisr correctly and in the right place.
|
#
8412 |
|
10-May-1995 |
wollman |
Updated routing-socket code from Berkeley
Obtained from: Keith Bostic by way of Paul Traina
|
#
7090 |
|
16-Mar-1995 |
bde |
Add and move declarations to fix all of the warnings from `gcc -Wimplicit' (except in netccitt, netiso and netns) and most of the warnings from `gcc -Wnested-externs'. Fix all the bugs found. There were no serious ones.
|
#
5099 |
|
13-Dec-1994 |
wollman |
Add support for two separate cloning flags, one set by the lower layers, and one set by the protocol family. Also add another parameter to rtalloc1() to allow for any interface flags to be ignored; currently this is only useful for RTF_PRCLONING. Get rid of rt_prflags and re-unite with rt_flags. Add T/TCP ``route metrics''.
NB: YOU MUST RECOMPILE `route' AND OTHER RELATED PROGRAMS AS A RESULT OF THIS CHANGE.
This also adds a new interface parameter, `ifi_physical', which will eventually replace IFF_ALTPHYS as the mechanism for specifying the particular physical connection desired on a multiple-connection card.
NB: YOU MUST RECOMPILE `ifconfig' AND OTHER RELATED PROGRAMS AS A RESULT OF THIS CHANGE.
|
#
3514 |
|
11-Oct-1994 |
wollman |
Fix a bug which caused panics when attempting to change just the flags of a route. (This still doesn't work, but it doesn't panic now.) It looks like there may be a number of incipient bugs in this code.
Also, get ready for the time when all IP gateway routes are cloning, which is necessary to keep proper TCP statistics.
|
#
3443 |
|
08-Oct-1994 |
phk |
Cosmetics: to silence gcc -wall.
|
#
3377 |
|
05-Oct-1994 |
wollman |
A number of bug-fixes inspired by Mark Treacy: - Allow PPP to run multicasts natively. - Deal properly with lots of similarly-named interfaces. - Don't sign-extend if_flags.
NB: the last fix (to rtsock.c) must be reversed when we expand if_flags to a reasonable size.
Submitted by: Mark Treacy
|
#
3352 |
|
04-Oct-1994 |
phk |
Moved m_copyback into uipc_mbuf.c
|
#
1817 |
|
02-Aug-1994 |
dg |
Added $Id$
|
#
1549 |
|
25-May-1994 |
rgrimes |
The big 4.4BSD Lite to FreeBSD 2.0.0 (Development) patch.
Reviewed by: Rodney W. Grimes Submitted by: John Dyson and David Greenman
|
#
1542 |
|
24-May-1994 |
rgrimes |
This commit was generated by cvs2svn to compensate for changes in r1541, which included commits to RCS files with non-trunk default branches.
|
#
1541 |
|
24-May-1994 |
rgrimes |
BSD 4.4 Lite Kernel Sources
|