#
e7102929 |
|
08-Apr-2024 |
Zhenlei Huang <zlei@FreeBSD.org> |
ethernet: Fix logging of frame length Both the mbuf length and the total packet length are signed. While here, update a stall comment to reflect the current practice. Reviewed by: kp MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D42390
|
#
ffeab76b |
|
26-Jan-2024 |
Kristof Provost <kp@FreeBSD.org> |
pfil: PFIL_PASS never frees the mbuf pfil hooks (i.e. firewalls) may pass, modify or free the mbuf passed to them. (E.g. when rejecting a packet, or when gathering up packets for reassembly). If the hook returns PFIL_PASS the mbuf must still be present. Assert this in pfil_mem_common() and ensure that ipfilter follows this convention. pf and ipfw already did. Similarly, if the hook returns PFIL_DROPPED or PFIL_CONSUMED the mbuf must have been freed (or now be owned by the firewall for further processing, like packet scheduling or reassembly). This allows us to remove a few extraneous NULL checks. Suggested by: tuexen Reviewed by: tuexen, zlei Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D43617
|
#
3878bbf1 |
|
04-Nov-2023 |
Ronald Klop <ronald@FreeBSD.org> |
Teach if_smsc to get MAC from bootargs. Some Raspberry Pi pass smsc95xx.macaddr=XX:XX:XX:XX:XX:XX as bootargs. Use this if no ethernet address is found in an EEPROM. As last resort fall back to ether_gen_addr() instead of random MAC. PR: 274092 Reported by: Patrick M. Hausen (via ML) Reviewed by: imp, karels, zlei Tested by: Patrick M. Hausen Approved by: karels MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D42463
|
#
29363fb4 |
|
23-Nov-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Remove ancient SCCS tags. Remove ancient SCCS tags from the tree, automated scripting, with two minor fixup to keep things compiling. All the common forms in the tree were removed with a perl script. Sponsored by: Netflix
|
#
49d6743d |
|
06-Sep-2023 |
Zhenlei Huang <zlei@FreeBSD.org> |
net: Check per-flow priority code point for untagged traffic Commit 868aabb4708d introduced per-flow priority. There's a defect in the logic for untagged traffic, it does not check M_VLANTAG set in the mbuf packet header or MTAG_8021Q/MTAG_8021Q_PCP_OUT tag set by firewall, then can result missing desired priority in the outbound packets. For mbuf packet with M_VLANTAG in header, some interfaces happen to work due to bug in the drivers mentioned in D39499. As modern interfaces have VLAN hardware offloading, the defect is barely noticeable unless the feature per-flow priority is widely tested. As a side effect of this defect, the soft padding to work around buggy bridges is bypassed. That may result in regression if soft padding is requested. PR: 273431 Discussed with: kib Fixes: 868aabb4708d Add IP(V6)_VLAN_PCP to set 802.1 priority per-flow MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D39536
|
#
b22aae41 |
|
30-Aug-2023 |
Zhenlei Huang <zlei@FreeBSD.org> |
net: Remove vlan metadata on pcp / vlan encapsulation For oubound traffic, the flag M_VLANTAG is set in mbuf packet header to indicate the underlaying interface do hardware VLAN tag insertion if capable, otherwise the net stack will do 802.1Q encapsulation instead. Commit 868aabb4708d introduced per-flow priority which set the priority ID in the mbuf packet header. There's a corner case that when the driver is disabled to do hardware VLAN tag insertion, and the net stack do 802.1Q encapsulation, then it will result double tagged packets if the driver do not check the enabled capability (hardware VLAN tag insertion). Unfortunately some drivers, currently known cxgbe(4) re(4) ure(4) igc(4) and vmx(4), have this issue. From a quick review for other interface drivers I believe a lot more drivers have the same issue. It makes more sense to fix in net stack than to try to change every single driver. PR: 270736 Reviewed by: kp Fixes: 868aabb4708d Add IP(V6)_VLAN_PCP to set 802.1 priority per-flow MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D39499
|
#
838c8c47 |
|
23-Aug-2023 |
Zhenlei Huang <zlei@FreeBSD.org> |
net: Do not overwrite if_vlan's PCP In commit c7cffd65c5d8 the function ether_8021q_frame() was slightly refactored to use pointer of struct ether_8021q_tag as parameter qtag to include the new option proto. It is wrong to write to qtag->pcp as it will effectively change the memory that qtag points to. Unfortunately the transmit routine of if_vlan parses pointer of the member ifv_qtag of its softc which stores vlan interface's PCP internally, when transmitting mbufs that contains PCP the vlan interface's PCP will get overwritten. Fix by operating on a local copy of qtag->pcp. Also mark 'struct ether_8021q_tag' as const so that compilers can pick up such kind of bug. PR: 273304 Reviewed by: kp Fixes: c7cffd65c5d85 Add support for stacked VLANs (IEEE 802.1ad, AKA Q-in-Q) MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D39505
|
#
2ff63af9 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Remove $FreeBSD$: one-line .h pattern Remove /^\s*\*+\s*\$FreeBSD\$.*$\n/
|
#
a6b55ee6 |
|
17-Apr-2023 |
Gleb Smirnoff <glebius@FreeBSD.org> |
net: replace IFF_KNOWSEPOCH with IFF_NEEDSEPOCH Expect that drivers call into the network stack with the net epoch entered. This has already been the fact since early 2020. The net interrupts, that are marked with INTR_TYPE_NET, were entering epoch since 511d1afb6bf. For the taskqueues there is NET_TASK_INIT() and all drivers that were known back in 2020 we marked with it in 6c3e93cb5a4. However in e87c4940156 we took conservative approach and preferred to opt-in rather than opt-out for the epoch. This change not only reverts e87c4940156 but adds a safety belt to avoid panicing with INVARIANTS if there is a missed driver. With INVARIANTS we will run in_epoch() check, print a warning and enter the net epoch. A driver that prints can be quickly fixed with the IFF_NEEDSEPOCH flag, but better be augmented to properly enter the epoch itself. Note on TCP LRO: it is a backdoor to enter the TCP stack bypassing some layers of net stack, ignoring either old IFF_KNOWSEPOCH or the new IFF_NEEDSEPOCH. But the tcp_lro_flush_all() asserts the presence of network epoch. Indeed, all NIC drivers that support LRO already provide the epoch, either with help of INTR_TYPE_NET or just running NET_EPOCH_ENTER() in their code. Reviewed by: zlei, gallatin, erj Differential Revision: https://reviews.freebsd.org/D39510
|
#
d862b165 |
|
10-Apr-2023 |
Mark Johnston <markj@FreeBSD.org> |
bridge: Add support for emulated netmap mode if_bridge receives packets via a special interface, if_bridge_input, rather than by if_input. Thus, netmap's usual hooking of ifnet routines does not work as expected. Instead, modify bridge_input() to pass packets directly to netmap when it is enabled. This applies to both locally delivered packets and forwarded packets. When a netmap application transmits a packet by writing it to the host TX ring, the mbuf chain is passed to if_input, which ordinarily points to ether_input(). However, when transmitting via if_bridge, bridge_input() needs to see the packet again in order to decide whether to deliver or forward. Thus, introduce a new protocol flag, M_BRIDGE_INJECT, which 1) causes the packet to be passed to bridge_input() again after Ethernet processing, and 2) avoids passing the packet back to netmap. The source MAC address of the packet is used to determine the original "receiving" interface. Reviewed by: vmaffione MFC after: 2 months Sponsored by: Zenarmor Sponsored by: OPNsense Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D38066
|
#
a2256150 |
|
14-Feb-2023 |
Gleb Smirnoff <glebius@FreeBSD.org> |
net: use pfil_mbuf_{in,out} where we always have an mbuf This finalizes what has been started in 0b70e3e78b0. Reviewed by: kp, mjg Differential revision: https://reviews.freebsd.org/D37976
|
#
950cc1f4 |
|
12-Jan-2023 |
Justin Hibbits <jhibbits@FreeBSD.org> |
bpf: Add "_if" tap APIs Summary: Hide more netstack by making the BPF_TAP macros real functions in the netstack. "struct ifnet" is used in the header instead of "if_t" to keep header pollution down. Sponsored by: Juniper Networks, Inc. Differential Revision: https://reviews.freebsd.org/D38103
|
#
2c2b37ad |
|
13-Jan-2023 |
Justin Hibbits <jhibbits@FreeBSD.org> |
ifnet/API: Move struct ifnet definition to a <net/if_private.h> Hide the ifnet structure definition, no user serviceable parts inside, it's a netstack implementation detail. Include it temporarily in <net/if_var.h> until all drivers are updated to use the accessors exclusively. Reviewed by: glebius Sponsored by: Juniper Networks, Inc. Differential Revision: https://reviews.freebsd.org/D38046
|
#
79b67994 |
|
30-Nov-2022 |
John Baldwin <jhb@FreeBSD.org> |
ether_demux: Defer stripping the Ethernet header. This avoids having to undo it before invoking NetGraph's orphan input hook. Reviewed by: ae, melifaro Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D37510
|
#
d9898158 |
|
13-Apr-2022 |
John Baldwin <jhb@FreeBSD.org> |
ether_resolve_addr: eh is only used for INET or INET6.
|
#
78bc3d5e |
|
14-Feb-2022 |
Kristof Provost <kp@FreeBSD.org> |
vlan: allow net.link.vlan.mtag_pcp to be set per vnet The primary reason for this change is to facilitate testing. MFC after: 1 week
|
#
62e1a437 |
|
22-Aug-2021 |
Zhenlei Huang <zlei.huang@gmail.com> |
routing: Allow using IPv6 next-hops for IPv4 routes (RFC 5549). Implement kernel support for RFC 5549/8950. * Relax control plane restrictions and allow specifying IPv6 gateways for IPv4 routes. This behavior is controlled by the net.route.rib_route_ipv6_nexthop sysctl (on by default). * Always pass final destination in ro->ro_dst in ip_forward(). * Use ro->ro_dst to exract packet family inside if_output() routines. Consistently use RO_GET_FAMILY() macro to handle ro=NULL case. * Pass extracted family to nd6_resolve() to get the LLE with proper encap. It leverages recent lltable changes committed in c541bd368f86. Presence of the functionality can be checked using ipv4_rfc5549_support feature(3). Example usage: route add -net 192.0.0.0/24 -inet6 fe80::5054:ff:fe14:e319%vtnet0 Differential Revision: https://reviews.freebsd.org/D30398 MFC after: 2 weeks
|
#
c541bd36 |
|
21-Aug-2021 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
lltable: Add support for "child" LLEs holding encap for IPv4oIPv6 entries. Currently we use pre-calculated headers inside LLE entries as prepend data for `if_output` functions. Using these headers allows saving some CPU cycles/memory accesses on the fast path. However, this approach makes adding L2 header for IPv4 traffic with IPv6 nexthops more complex, as it is not possible to store multiple pre-calculated headers inside lle. Additionally, the solution space is limited by the fact that PCB caching saves LLEs in addition to the nexthop. Thus, add support for creating special "child" LLEs for the purpose of holding custom family encaps and store mbufs pending resolution. To simplify handling of those LLEs, store them in a linked-list inside a "parent" (e.g. normal) LLE. Such LLEs are not visible when iterating LLE table. Their lifecycle is bound to the "parent" LLE - it is not possible to delete "child" when parent is alive. Furthermore, "child" LLEs are static (RTF_STATIC), avoding complex state machine used by the standard LLEs. nd6_lookup() and nd6_resolve() now accepts an additional argument, family, allowing to return such child LLEs. This change uses `LLE_SF()` macro which packs family and flags in a single int field. This is done to simplify merging back to stable/. Once this code lands, most of the cases will be converted to use a dedicated `family` parameter. Differential Revision: https://reviews.freebsd.org/D31379 MFC after: 2 weeks
|
#
24fe4612 |
|
11-Aug-2021 |
Mark Johnston <markj@FreeBSD.org> |
ether: Add a KMSAN check for transmitted frames This helps ensure that outbound packet data is initialized per KMSAN. Sponsored by: The FreeBSD Foundation
|
#
f3a3b061 |
|
02-Aug-2021 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
[lltable] Unify datapath feedback mechamism. Use newly-create llentry_request_feedback(), llentry_mark_used() and llentry_get_hittime() to request datapatch usage check and fetch the results in the same fashion both in IPv4 and IPv6. While here, simplify llentry_provide_feedback() wrapper by eliminating 1 condition check. MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D31390
|
#
2d741f33 |
|
15-Apr-2021 |
Kyle Evans <kevans@FreeBSD.org> |
kern: ether_gen_addr: randomize on default hostuuid, too Currently, this will still hash the default (all zero) hostuuid and potentially arrive at a MAC address that has a high chance of collision if another interface of the same name appears in the same broadcast domain on another host without a hostuuid, e.g., some virtual machine setups. Instead of using the default hostuuid, just treat it as a failure and generate a random LA unicast MAC address. Reviewed by: bz, gbe, imp, kbowling, kp MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D29788
|
#
38c09513 |
|
21-Feb-2021 |
Kristof Provost <kp@FreeBSD.org> |
bridge: Remove members when assigned to a new vnet When the bridge is moved to a different vnet we must remove all of its member interfaces (and span interfaces), because we don't know if those will be moved along with it. We don't want to hold references to interfaces not in our vnet. Reviewed by: donner@ MFC after: 1 week Sponsored by: Orange Business Services Differential Revision: https://reviews.freebsd.org/D28859
|
#
ddce63fc |
|
23-Dec-2020 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Remove not needed variable initialization. And switch from int to bool while at it. Reviewed by: melifaro@ Differential Revision: https://reviews.freebsd.org/D27725 MFC after: 1 week Sponsored by: Mellanox Technologies // NVIDIA Networking
|
#
a92c4bb6 |
|
22-Oct-2020 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Add support for IP over infiniband, IPoIB, to lagg(4). Currently only the failover protocol is supported due to limitations in the IPoIB architecture. Refer to the lagg(4) manual page for how to configure and use this new feature. A new network interface type, IFT_INFINIBANDLAG, has been added, similar to the existing IFT_IEEE8023ADLAG . ifconfig(8) has been updated to accept a new laggtype argument when creating lagg(4) network interfaces. This new argument is used to distinguish between ethernet and infiniband type of lagg(4) network interface. The laggtype argument is optional and defaults to ethernet. The lagg(4) command line syntax is backwards compatible. Differential Revision: https://reviews.freebsd.org/D26254 Reviewed by: melifaro@ MFC after: 1 week Sponsored by: Mellanox Technologies // NVIDIA Networking
|
#
c7cffd65 |
|
21-Oct-2020 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Add support for stacked VLANs (IEEE 802.1ad, AKA Q-in-Q). 802.1ad interfaces are created with ifconfig using the "vlanproto" parameter. Eg., the following creates a 802.1Q VLAN (id #42) over a 802.1ad S-VLAN (id #5) over a physical Ethernet interface (em0). ifconfig vlan5 create vlandev em0 vlan 5 vlanproto 802.1ad up ifconfig vlan42 create vlandev vlan5 vlan 42 inet 10.5.42.1/24 VLAN_MTU, VLAN_HWCSUM and VLAN_TSO capabilities should be properly supported. VLAN_HWTAGGING is only partially supported, as there is currently no IFCAP_VLAN_* denoting the possibility to set the VLAN EtherType to anything else than 0x8100 (802.1ad uses 0x88A8). Submitted by: Olivier Piras Sponsored by: RG Nets Differential Revision: https://reviews.freebsd.org/D26436
|
#
868aabb4 |
|
08-Oct-2020 |
Richard Scheffenegger <rscheff@FreeBSD.org> |
Add IP(V6)_VLAN_PCP to set 802.1 priority per-flow. This adds a new IP_PROTO / IPV6_PROTO setsockopt (getsockopt) option IP(V6)_VLAN_PCP, which can be set to -1 (interface default), or explicitly to any priority between 0 and 7. Note that for untagged traffic, explicitly adding a priority will insert a special 801.1Q vlan header with vlan ID = 0 to carry the priority setting Reviewed by: gallatin, rrs MFC after: 2 weeks Sponsored by: NetApp, Inc. Differential Revision: https://reviews.freebsd.org/D26409
|
#
662c1305 |
|
01-Sep-2020 |
Mateusz Guzik <mjg@FreeBSD.org> |
net: clean up empty lines in .c and .h files
|
#
773e541e |
|
20-Aug-2020 |
Warner Losh <imp@FreeBSD.org> |
Use devctl.h instead of bus.h to reduce newbus pollution. There's no need for these parts of the kernel to know about newbus, so narrow what is included to devctl.h for device_notify_*. Suggested by: kib@
|
#
fa2ab81e |
|
16-Jul-2020 |
Kyle Evans <kevans@FreeBSD.org> |
ether_ifattach: set mtu before calling if_attach() if_attach() -> if_attach_internal() will call if_attachdomain1(ifp) any time an ethernet interface is setup *after* SI_SUB_PROTO_IFATTACHDOMAIN/SI_ORDER_FIRST. This eventually leads to nd6_ifattach() -> nd6_setmtu0() stashing off ifp->if_mtu in ndi->maxmtu *before* ifp->if_mtu has been properly set in some scenarios, e.g., USB ethernet adapter plugged in later on. For interfaces that are created in early boot, we don't have this issue as domains aren't constructed enough for them to attach and thus it gets deferred to domainifattach at SI_SUB_PROTO_IFATTACHDOMAIN/SI_ORDER_SECOND *after* the mtu has been set earlier in ether_ifattach(). PR: 248005 Submitted by: Mathew <mjanelle blackberry com> MFC after: 1 week
|
#
3f8bc99c |
|
18-Apr-2020 |
Kristof Provost <kp@FreeBSD.org> |
ethersubr: Make the mac address generation more robust If we create two (vnet) jails and create a bridge interface in each we end up with the same mac address on both bridge interfaces. These very often conflicts, resulting in same mac address in both jails. Mitigate this problem by including the jail name in the mac address. Reviewed by: kevans, melifaro MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D24383
|
#
7029da5c |
|
26-Feb-2020 |
Pawel Biernacki <kaktus@FreeBSD.org> |
Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) r357614 added CTLFLAG_NEEDGIANT to make it easier to find nodes that are still not MPSAFE (or already are but aren’t properly marked). Use it in preparation for a general review of all nodes. This is non-functional change that adds annotations to SYSCTL_NODE and SYSCTL_PROC nodes using one of the soon-to-be-required flags. Mark all obvious cases as MPSAFE. All entries that haven't been marked as MPSAFE before are by default marked as NEEDGIANT Approved by: kib (mentor, blanket) Commented by: kib, gallatin, melifaro Differential Revision: https://reviews.freebsd.org/D23718
|
#
e87c4940 |
|
24-Feb-2020 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Although most of the NIC drivers are epoch ready, due to peer pressure switch over to opt-in instead of opt-out for epoch. Instead of IFF_NEEDSEPOCH, provide IFF_KNOWSEPOCH. If driver marks itself with IFF_KNOWSEPOCH, then ether_input() would not enter epoch when processing its packets. Now this will create recursive entrance in epoch in >90% network drivers, but will guarantee safeness of the transition. Mark several tested drivers as IFF_KNOWSEPOCH. Reviewed by: hselasky, jeff, bz, gallatin Differential Revision: https://reviews.freebsd.org/D23674
|
#
5b64c645 |
|
22-Jan-2020 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Stop entering the network epoch in ether_input(), unless driver is marked with IFF_NEEDSEPOCH.
|
#
b8a6e03f |
|
07-Oct-2019 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Widen NET_EPOCH coverage. When epoch(9) was introduced to network stack, it was basically dropped in place of existing locking, which was mutexes and rwlocks. For the sake of performance mutex covered areas were as small as possible, so became epoch covered areas. However, epoch doesn't introduce any contention, it just delays memory reclaim. So, there is no point to minimise epoch covered areas in sense of performance. Meanwhile entering/exiting epoch also has non-zero CPU usage, so doing this less often is a win. Not the least is also code maintainability. In the new paradigm we can assume that at any stage of processing a packet, we are inside network epoch. This makes coding both input and output path way easier. On output path we already enter epoch quite early - in the ip_output(), in the ip6_output(). This patch does the same for the input path. All ISR processing, network related callouts, other ways of packet injection to the network stack shall be performed in net_epoch. Any leaf function that walks network configuration now asserts epoch. Tricky part is configuration code paths - ioctls, sysctls. They also call into leaf functions, so some need to be changed. This patch would introduce more epoch recursions (see EPOCH_TRACE) than we had before. They will be cleaned up separately, as several of them aren't trivial. Note, that unlike a lock recursion the epoch recursion is safe and just wastes a bit of resources. Reviewed by: gallatin, hselasky, cy, adrian, kristof Differential Revision: https://reviews.freebsd.org/D19111
|
#
bf7700e4 |
|
25-Sep-2019 |
Gleb Smirnoff <glebius@FreeBSD.org> |
style(9): remove extraneous empty lines
|
#
fb3bc596 |
|
24-May-2019 |
John Baldwin <jhb@FreeBSD.org> |
Restructure mbuf send tags to provide stronger guarantees. - Perform ifp mismatch checks (to determine if a send tag is allocated for a different ifp than the one the packet is being output on), in ip_output() and ip6_output(). This avoids sending packets with send tags to ifnet drivers that don't support send tags. Since we are now checking for ifp mismatches before invoking if_output, we can now try to allocate a new tag before invoking if_output sending the original packet on the new tag if allocation succeeds. To avoid code duplication for the fragment and unfragmented cases, add ip_output_send() and ip6_output_send() as wrappers around if_output and nd6_output_ifp, respectively. All of the logic for setting send tags and dealing with send tag-related errors is done in these wrapper functions. For pseudo interfaces that wrap other network interfaces (vlan and lagg), wrapper send tags are now allocated so that ip*_output see the wrapper ifp as the ifp in the send tag. The if_transmit routines rewrite the send tags after performing an ifp mismatch check. If an ifp mismatch is detected, the transmit routines fail with EAGAIN. - To provide clearer life cycle management of send tags, especially in the presence of vlan and lagg wrapper tags, add a reference count to send tags managed via m_snd_tag_ref() and m_snd_tag_rele(). Provide a helper function (m_snd_tag_init()) for use by drivers supporting send tags. m_snd_tag_init() takes care of the if_ref on the ifp meaning that code alloating send tags via if_snd_tag_alloc no longer has to manage that manually. Similarly, m_snd_tag_rele drops the refcount on the ifp after invoking if_snd_tag_free when the last reference to a send tag is dropped. This also closes use after free races if there are pending packets in driver tx rings after the socket is closed (e.g. from tcpdrop). In order for m_free to work reliably, add a new CSUM_SND_TAG flag in csum_flags to indicate 'snd_tag' is set (rather than 'rcvif'). Drivers now also check this flag instead of checking snd_tag against NULL. This avoids false positive matches when a forwarded packet has a non-NULL rcvif that was treated as a send tag. - cxgbe was relying on snd_tag_free being called when the inp was detached so that it could kick the firmware to flush any pending work on the flow. This is because the driver doesn't require ACK messages from the firmware for every request, but instead does a kind of manual interrupt coalescing by only setting a flag to request a completion on a subset of requests. If all of the in-flight requests don't have the flag when the tag is detached from the inp, the flow might never return the credits. The current snd_tag_free command issues a flush command to force the credits to return. However, the credit return is what also frees the mbufs, and since those mbufs now hold references on the tag, this meant that snd_tag_free would never be called. To fix, explicitly drop the mbuf's reference on the snd tag when the mbuf is queued in the firmware work queue. This means that once the inp's reference on the tag goes away and all in-flight mbufs have been queued to the firmware, tag's refcount will drop to zero and snd_tag_free will kick in and send the flush request. Note that we need to avoid doing this in the middle of ethofld_tx(), so the driver grabs a temporary reference on the tag around that loop to defer the free to the end of the function in case it sends the last mbuf to the queue after the inp has dropped its reference on the tag. - mlx5 preallocates send tags and was using the ifp pointer even when the send tag wasn't in use. Explicitly use the ifp from other data structures instead. - Sprinkle some assertions in various places to assert that received packets don't have a send tag, and that other places that overwrite rcvif (e.g. 802.11 transmit) don't clobber a send tag pointer. Reviewed by: gallatin, hselasky, rgrimes, ae Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D20117
|
#
3c3aa8c1 |
|
17-Apr-2019 |
Kyle Evans <kevans@FreeBSD.org> |
net: adjust randomized address bits Give devices that need a MAC a 16-bit allocation out of the FreeBSD Foundation OUI range. Change the name ether_fakeaddr to ether_gen_addr now that we're dealing real MAC addresses with a real OUI rather than random locally-administered addresses. Reviewed by: bz, rgrimes Differential Revision: https://reviews.freebsd.org/D19587
|
#
521b05ea |
|
14-Mar-2019 |
Kyle Evans <kevans@FreeBSD.org> |
ether_fakeaddr: Use 'b' 's' 'd' for the prefix This has the advantage of being obvious to sniff out the designated prefix by eye and it has all the right bits set. Comment stolen from ffec. I've removed bryanv@'s pending question of using the FreeBSD OUI range -- no one has followed up on this with a definitive action, and there's no particular reason to shoot for it and the administrative overhead that comes with deciding exactly how to use it.
|
#
6b7e0c1c |
|
14-Mar-2019 |
Kyle Evans <kevans@FreeBSD.org> |
ether: centralize fake hwaddr generation We currently have two places with identical fake hwaddr generation -- if_vxlan and if_bridge. Lift it into if_ethersubr for reuse in other interfaces that may also need a fake addr. Reviewed by: bryanv, kp, philip Differential Revision: https://reviews.freebsd.org/D19573
|
#
21231a7a |
|
06-Mar-2019 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Update for IETF draft-ietf-6man-ipv6only-flag. All changes are hidden behind the EXPERIMENTAL option and are not compiled in by default. Add ND6_IFF_IPV6_ONLY_MANUAL to be able to set the interface into no-IPv4-mode manually without router advertisement options. This will allow developers to test software for the appropriate behaviour even on dual-stack networks or IPv6-Only networks without the option being set in RA messages. Update ifconfig to allow setting and displaying the flag. Update the checks for the filters to check for either the automatic or the manual flag to be set. Add REVARP to the list of filtered IPv4-related protocols and add an input filter similar to the output filter. Add a check, when receiving the IPv6-Only RA flag to see if the receiving interface has any IPv4 configured. If it does, ignore the IPv6-Only flag. Add a per-VNET global sysctl, which is on by default, to not process the automatic RA IPv6-Only flag. This way an administrator (if this is compiled in) has control over the behaviour in case the node still relies on IPv4.
|
#
b252313f |
|
31-Jan-2019 |
Gleb Smirnoff <glebius@FreeBSD.org> |
New pfil(9) KPI together with newborn pfil API and control utility. The KPI have been reviewed and cleansed of features that were planned back 20 years ago and never implemented. The pfil(9) internals have been made opaque to protocols with only returned types and function declarations exposed. The KPI is made more strict, but at the same time more extensible, as kernel uses same command structures that userland ioctl uses. In nutshell [KA]PI is about declaring filtering points, declaring filters and linking and unlinking them together. New [KA]PI makes it possible to reconfigure pfil(9) configuration: change order of hooks, rehook filter from one filtering point to a different one, disconnect a hook on output leaving it on input only, prepend/append a filter to existing list of filters. Now it possible for a single packet filter to provide multiple rulesets that may be linked to different points. Think of per-interface ACLs in Cisco or Juniper. None of existing packet filters yet support that, however limited usage is already possible, e.g. default ruleset can be moved to single interface, as soon as interface would pride their filtering points. Another future feature is possiblity to create pfil heads, that provide not an mbuf pointer but just a memory pointer with length. That would allow filtering at very early stages of a packet lifecycle, e.g. when packet has just been received by a NIC and no mbuf was yet allocated. Differential Revision: https://reviews.freebsd.org/D18951
|
#
201100c5 |
|
30-Oct-2018 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Initial implementation of draft-ietf-6man-ipv6only-flag. This change defines the RA "6" (IPv6-Only) flag which routers may advertise, kernel logic to check if all routers on a link have the flag set and accordingly update a per-interface flag. If all routers agree that it is an IPv6-only link, ether_output_frame(), based on the interface flag, will filter out all ETHERTYPE_IP/ARP frames, drop them, and return EAFNOSUPPORT to upper layers. The change also updates ndp to show the "6" flag, ifconfig to display the IPV6_ONLY nd6 flag if set, and rtadvd to allow announcing the flag. Further changes to tcpdump (contrib code) are availble and will be upstreamed. Tested the code (slightly earlier version) with 2 FreeBSD IPv6 routers, a FreeBSD laptop on ethernet as well as wifi, and with Win10 and OSX clients (which did not fall over with the "6" flag set but not understood). We may also want to (a) implement and RX filter, and (b) over time enahnce user space to, say, stop dhclient from running when the interface flag is set. Also we might want to start IPv6 before IPv4 in the future. All the code is hidden under the EXPERIMENTAL option and not compiled by default as the draft is a work-in-progress and we cannot rely on the fact that IANA will assign the bits as requested by the draft and hence they may change. Dear 6man, you have running code. Discussed with: Bob Hinden, Brian E Carpenter
|
#
19fa89e9 |
|
25-Aug-2018 |
Mark Murray <markm@FreeBSD.org> |
Remove the Yarrow PRNG algorithm option in accordance with due notice given in random(4). This includes updating of the relevant man pages, and no-longer-used harvesting parameters. Ensure that the pseudo-unit-test still does something useful, now also with the "other" algorithm instead of Yarrow. PR: 230870 Reviewed by: cem Approved by: so(delphij,gtetlow) Approved by: re(marius) Differential Revision: https://reviews.freebsd.org/D16898
|
#
47c39432 |
|
24-Aug-2018 |
Navdeep Parhar <np@FreeBSD.org> |
Unbreak VLANs after r337943. ether_set_pcp should not be called from ether_output_frame for VLAN interfaces -- the vid + pcp will be inserted during vlan_transmit in that case. r337943 sets the VLAN's ifnet's if_pcp to a proper PCP value and this led to double encapsulation (once with vid 0 and second time with vid+pcp). PR: 230794 Reviewed by: kib@ Approved by: re@ (gjb@) Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D16887
|
#
5f901c92 |
|
24-Jul-2018 |
Andrew Turner <andrew@FreeBSD.org> |
Use the new VNET_DEFINE_STATIC macro when we are defining static VNET variables. Reviewed by: bz Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D16147
|
#
a6bc59f2 |
|
31-May-2018 |
Matt Macy <mmacy@FreeBSD.org> |
Reduce overhead of entropy collection - move harvest mask check inline - move harvest mask to frequently_read out of actively modified cache line - disable ether_input collection and describe its limitations in NOTES Typically entropy collection in ether_input was stirring zero in to the entropy pool while at the same time greatly reducing max pps. This indicates that perhaps we should more closely scrutinize how much entropy we're getting from a given source as well as what our actual entropy collection needs are for seeding Yarrow. Reviewed by: cem, gallatin, delphij Approved by: secteam Differential Revision: https://reviews.freebsd.org/D15526
|
#
5c30b378 |
|
10-May-2018 |
Matt Macy <mmacy@FreeBSD.org> |
Allow different bridge types to coexist if_bridge has a lot of limitations that make it scale poorly to higher data rates. In my projects/VPC branch I leverage the bridge interface between layers for my high speed soft switch as well as for purposes of stacking in general. Reviewed by: sbruno@ Approved by: sbruno@ Differential Revision: https://reviews.freebsd.org/D15344
|
#
4a381a9e |
|
26-Apr-2018 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Add network device event for priority code point, PCP, changes. When the PCP is changed for either a VLAN network interface or when prio tagging is enabled for a regular ethernet network interface, broadcast the IFNET_EVENT_PCP event so applications like ibcore can update its GID tables accordingly. MFC after: 3 days Reviewed by: ae, kib Differential Revision: https://reviews.freebsd.org/D15040 Sponsored by: Mellanox Technologies
|
#
38d958a6 |
|
27-Mar-2018 |
Brooks Davis <brooks@FreeBSD.org> |
Improve copy-and-pasted versions of SIOCGIFADDR. The original implementation used a reference to ifr_data and a cast to do the equivalent of accessing ifr_addr. This was copied multiple times since 1996. Approved by: kib MFC after: 1 week Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D14873
|
#
f1379734 |
|
27-Mar-2018 |
Konstantin Belousov <kib@FreeBSD.org> |
Allow to specify PCP on packets not belonging to any VLAN. According to 802.1Q-2014, VLAN tagged packets with VLAN id 0 should be considered as untagged, and only PCP and DEI values from the VLAN tag are meaningful. See for instance https://www.cisco.com/c/en/us/td/docs/switches/connectedgrid/cg-switch-sw-master/software/configuration/guide/vlan0/b_vlan_0.html. Make it possible to specify PCP value for outgoing packets on an ethernet interface. When PCP is supplied, the tag is appended, VLAN id set to 0, and PCP is filled by the supplied value. The code to do VLAN tag encapsulation is refactored from the if_vlan.c and moved into if_ethersubr.c. Drivers might have issues with filtering VID 0 packets on receive. This bug should be fixed for each driver. Reviewed by: ae (previous version), hselasky, melifaro Sponsored by: Mellanox Technologies MFC after: 2 weeks Differential revision: https://reviews.freebsd.org/D14702
|
#
effaab88 |
|
23-Mar-2018 |
Kristof Provost <kp@FreeBSD.org> |
netpfil: Introduce PFIL_FWD flag Forwarded packets passed through PFIL_OUT, which made it difficult for firewalls to figure out if they were forwarding or producing packets. This in turn is an issue for pf for IPv6 fragment handling: it needs to call ip6_output() or ip6_forward() to handle the fragments. Figuring out which was difficult (and until now, incorrect). Having pfil distinguish the two removes an ugly piece of code from pf. Introduce a new variant of the netpfil callbacks with a flags variable, which has PFIL_FWD set for forwarded packets. This allows pf to reliably work out if a packet is forwarded. Reviewed by: ae, kevans Differential Revision: https://reviews.freebsd.org/D13715
|
#
1435dcd9 |
|
17-Mar-2018 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Fix outgoing TCP/UDP packet drop on arp/ndp entry expiration. Current arp/nd code relies on the feedback from the datapath indicating that the entry is still used. This mechanism is incorporated into the arpresolve()/nd6_resolve() routines. After the inpcb route cache introduction, the packet path for the locally-originated packets changed, passing cached lle pointer to the ether_output() directly. This resulted in the arp/ndp entry expire each time exactly after the configured max_age interval. During the small window between the ARP/NDP request and reply from the router, most of the packets got lost. Fix this behaviour by plugging datapath notification code to the packet path used by route cache. Unify the notification code by using single inlined function with the per-AF callbacks. Reported by: sthaug at nethelp.no Reviewed by: ae MFC after: 2 weeks
|
#
151ba793 |
|
24-Dec-2017 |
Alexander Kabaev <kan@FreeBSD.org> |
Do pass removing some write-only variables from the kernel. This reduces noise when kernel is compiled by newer GCC versions, such as one used by external toolchain ports. Reviewed by: kib, andrew(sys/arm and sys/arm64), emaste(partial), erj(partial) Reviewed by: jhb (sys/dev/pci/* sys/kern/vfs_aio.c and sys/kern/kern_synch.c) Differential Revision: https://reviews.freebsd.org/D10385
|
#
51369649 |
|
20-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
sys: further adoption of SPDX licensing ID tags. Mainly focus on files that use BSD 3-Clause license. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. Special thanks to Wind River for providing access to "The Duke of Highlander" tool: an older (2014) run over FreeBSD tree was useful as a starting point.
|
#
8819ad85 |
|
23-Jul-2017 |
Sepherosa Ziehau <sephe@FreeBSD.org> |
ethernet: Add ethernet interface attached event and devctl notification. ifnet_arrival_event may not be adequate under certain situation; e.g. when the LLADDR is needed. So the ethernet ifattach event is announced after all necessary bits are setup. MFC after: 3 days Sponsored by: Microsoft Differential Revision: https://reviews.freebsd.org/D11617
|
#
5b1a5e45 |
|
11-May-2017 |
Ravi Pokala <rpokala@FreeBSD.org> |
Persistently store NIC's hardware MAC address, and add a way to retrive it An earlier version of r318160 allocated if_hw_addr unconditionally; when it became conditional, I forgot to check for NULL in ether_ifattach(). Reviewed by: kp MFC after: 1 week MFC with: r318160 Sponsored by: Panasas Differential Revision: https://reviews.freebsd.org/D10678 Pointy-hat to: rpokala
|
#
ddae5750 |
|
10-May-2017 |
Ravi Pokala <rpokala@FreeBSD.org> |
Persistently store NIC's hardware MAC address, and add a way to retrive it The MAC address reported by `ifconfig ${nic} ether' does not always match the address in the hardware, as reported by the driver during attach. In particular, NICs which are components of a lagg(4) interface all report the same MAC. When attaching, the NIC driver passes the MAC address it read from the hardware as an argument to ether_ifattach(). Keep a second copy of it, and create ioctl(SIOCGHWADDR) to return it. Teach `ifconfig' to report it along with the active MAC address. PR: 194386 Reviewed by: glebius MFC after: 1 week Sponsored by: Panasas Differential Revision: https://reviews.freebsd.org/D10609
|
#
fbbd9655 |
|
28-Feb-2017 |
Warner Losh <imp@FreeBSD.org> |
Renumber copyright clause 4 Renumber cluase 4 to 3, per what everybody else did when BSD granted them permission to remove clause 3. My insistance on keeping the same numbering for legal reasons is too pedantic, so give up on that point. Submitted by: Jan Schaumann <jschauma@stevens.edu> Pull Request: https://github.com/freebsd/freebsd/pull/96
|
#
eb81dc79 |
|
06-Aug-2016 |
Adrian Chadd <adrian@FreeBSD.org> |
Extract out the various local definitions of ETHER_IS_BROADCAST() and turn them into a shared definition. Set M_MCAST/M_BCAST appropriately upon packet reception in net80211, just before they are delivered up to the ethernet stack. Submitted by: rstone
|
#
e84ef07f |
|
06-Jun-2016 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Make the KASSERT message more helpful by also printing the ifp information which we are asserting. Obtained from: projects/vnet MFC after: 2 weeks Sponsored by: The FreeBSD Foundation
|
#
484149de |
|
03-Jun-2016 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Introduce a per-VNET flag to enable/disable netisr prcessing on that VNET. Add accessor functions to toggle the state per VNET. The base system (vnet0) will always enable itself with the normal registration. We will share the registered protocol handlers in all VNETs minimising duplication and management. Upon disabling netisr processing for a VNET drain the netisr queue from packets for that VNET. Update netisr consumers to (de)register on a per-VNET start/teardown using VNET_SYS(UN)INIT functionality. The change should be transparent for non-VIMAGE kernels. Reviewed by: gnn (, hiren) Obtained from: projects/vnet MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D6691
|
#
6d768226 |
|
02-Jun-2016 |
George V. Neville-Neil <gnn@FreeBSD.org> |
This change re-adds L2 caching for TCP and UDP, as originally added in D4306 but removed due to other changes in the system. Restore the llentry pointer to the "struct route", and use it to cache the L2 lookup (ARP or ND6) as appropriate. Submitted by: Mike Karels Differential Revision: https://reviews.freebsd.org/D6262
|
#
46b0539c |
|
03-May-2016 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Remove the most useful INET || INET6 check leftover from whenever, doing nothing. MFC after: 1 week Sponsored by: The FreeBSD Foundation
|
#
155d72c4 |
|
15-Apr-2016 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
sys/net* : for pointers replace 0 with NULL. Mostly cosmetical, no functional change. Found with devel/coccinelle.
|
#
36402a68 |
|
09-Jan-2016 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Finish r275196: do not dereference rtentry in if_output() routines. The only piece of information that is required is rt_flags subset. In particular, if_loop() requires RTF_REJECT and RTF_BLACKHOLE flags to check if this particular mbuf needs to be dropped (and what error should be returned). Note that if_loop() will always return EHOSTUNREACH for "reject" routes regardless of RTF_HOST flag existence. This is due to upcoming routing changes where RTF_HOST value won't be available as lookup result. All other functions require RTF_GATEWAY flag to check if they need to return EHOSTUNREACH instead of EHOSTDOWN error. There are 11 places where non-zero 'struct route' is passed to if_output(). For most of the callers (forwarding, bpf, arp) does not care about exact error value. In fact, the only place where this result is propagated is ip_output(). (ip6_output() passes NULL route to nd6_output_ifp()). Given that, add 3 new 'struct route' flags (RT_REJECT, RT_BLACKHOLE and RT_IS_GW) and inline function (rt_update_ro_flags()) to copy necessary rte flags to ro_flags. Call this function in ip_output() after looking up/ verifying rte. Reviewed by: ae
|
#
6cdb1854 |
|
01-Jan-2016 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Remove second EVENTHANDLER_REGISTER slipped in r292978. Describe the reason of doing unconditional M_PREPEND in ether_output().
|
#
4fb3a820 |
|
30-Dec-2015 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Implement interface link header precomputation API. Add if_requestencap() interface method which is capable of calculating various link headers for given interface. Right now there is support for INET/INET6/ARP llheader calculation (IFENCAP_LL type request). Other types are planned to support more complex calculation (L2 multipath lagg nexthops, tunnel encap nexthops, etc..). Reshape 'struct route' to be able to pass additional data (with is length) to prepend to mbuf. These two changes permits routing code to pass pre-calculated nexthop data (like L2 header for route w/gateway) down to the stack eliminating the need for other lookups. It also brings us closer to more complex scenarios like transparently handling MPLS nexthops and tunnel interfaces. Last, but not least, it removes layering violation introduced by flowtable code (ro_lle) and simplifies handling of existing if_output consumers. ARP/ND changes: Make arp/ndp stack pre-calculate link header upon installing/updating lle record. Interface link address change are handled by re-calculating headers for all lles based on if_lladdr event. After these changes, arpresolve()/nd6_resolve() returns full pre-calculated header for supported interfaces thus simplifying if_output(). Move these lookups to separate ether_resolve_addr() function which ether returs error or fully-prepared link header. Add <arp|nd6_>resolve_addr() compat versions to return link addresses instead of pre-calculated data. BPF changes: Raw bpf writes occupied _two_ cases: AF_UNSPEC and pseudo_AF_HDRCMPLT. Despite the naming, both of there have ther header "complete". The only difference is that interface source mac has to be filled by OS for AF_UNSPEC (controlled via BIOCGHDRCMPLT). This logic has to stay inside BPF and not pollute if_output() routines. Convert BPF to pass prepend data via new 'struct route' mechanism. Note that it does not change non-optimized if_output(): ro_prepend handling is purely optional. Side note: hackish pseudo_AF_HDRCMPLT is supported for ethernet and FDDI. It is not needed for ethernet anymore. The only remaining FDDI user is dev/pdq mostly untouched since 2007. FDDI support was eliminated from OpenBSD in 2013 (sys/net/if_fddisubr.c rev 1.65). Flowtable changes: Flowtable violates layering by saving (and not correctly managing) rtes/lles. Instead of passing lle pointer, pass pointer to pre-calculated header data from that lle. Differential Revision: https://reviews.freebsd.org/D4102
|
#
33872124 |
|
05-Nov-2015 |
George V. Neville-Neil <gnn@FreeBSD.org> |
Replace the fastforward path with tryforward which does not require a sysctl and will always be on. The former split between default and fast forwarding is removed by this commit while preserving the ability to use all network stack features. Differential Revision: https://reviews.freebsd.org/D4042 Reviewed by: ae, melifaro, olivier, rwatson MFC after: 1 month Sponsored by: Rubicon Communications (Netgate)
|
#
1fe201c3 |
|
16-Sep-2015 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Simplify the way of attaching IPv6 link-layer header. Problem description: How do we currently perform layer 2 resolution and header imposition: For IPv4 we have the following chain: ip_output() -> (ether|atm|whatever)_output() -> arpresolve() Lookup is done in proper place (link-layer output routine) and it is possible to provide cached lle data. For IPv6 situation is more complex: ip6_output() -> nd6_output() -> nd6_output_ifp() -> (whatever)_output() -> nd6_storelladdr() We have ip6_ouput() which calls nd6_output() instead of link output routine. nd6_output() does the following: * checks if lle exists, creates it if needed (similar to arpresolve()) * performes lle state transitions (similar to arpresolve()) * calls nd6_output_ifp() which pushes packets to link output routine along with running SeND/MAC hooks regardless of lle state (e.g. works as run-hooks placeholder). After that, iface output routine like ether_output() calls nd6_storelladdr() which performs lle lookup once again. As a result, we perform lookup twice for each outgoing packet for most types of interfaces. We also need to maintain runtime-checked table of 'nd6-free' interfaces (see nd6_need_cache()). Fix this behavior by eliminating first ND lookup. To be more specific: * make all nd6_output() consumers use nd6_output_ifp() instead * rename nd6_output[_slow]() to nd6_resolve_[slow]() * convert nd6_resolve() and nd6_resolve_slow() to arpresolve() semantics, e.g. copy L2 address to buffer instead of pushing packet towards lower layers * Make all nd6_storelladdr() users use nd6_resolve() * eliminate nd6_storelladdr() The resulting callchain is the following: ip6_output() -> nd6_output_ifp() -> (whatever)_output() -> nd6_resolve() Error handling: Currently sending packet to non-existing la results in ip6_<output|forward> -> nd6_output() -> nd6_output _lle() which returns 0. In new scenario packet is propagated to <ether|whatever>_output() -> nd6_resolve() which will return EWOULDBLOCK, and that result will be converted to 0. (And EWOULDBLOCK is actually used by IB/TOE code). Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D1469
|
#
b71bed24 |
|
16-Sep-2015 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Use KASSERT for some checks, that are late to do. Discussed with: melifaro, glebius
|
#
3f70ebbf |
|
16-Sep-2015 |
Oleg Bulyzhin <oleg@FreeBSD.org> |
Remove superfluous m_freem(). MFC after: 1 month
|
#
d1b06863 |
|
30-Jun-2015 |
Mark Murray <markm@FreeBSD.org> |
Huge cleanup of random(4) code. * GENERAL - Update copyright. - Make kernel options for RANDOM_YARROW and RANDOM_DUMMY. Set neither to ON, which means we want Fortuna - If there is no 'device random' in the kernel, there will be NO random(4) device in the kernel, and the KERN_ARND sysctl will return nothing. With RANDOM_DUMMY there will be a random(4) that always blocks. - Repair kern.arandom (KERN_ARND sysctl). The old version went through arc4random(9) and was a bit weird. - Adjust arc4random stirring a bit - the existing code looks a little suspect. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Redo read_random(9) so as to duplicate random(4)'s read internals. This makes it a first-class citizen rather than a hack. - Move stuff out of locked regions when it does not need to be there. - Trim RANDOM_DEBUG printfs. Some are excess to requirement, some behind boot verbose. - Use SYSINIT to sequence the startup. - Fix init/deinit sysctl stuff. - Make relevant sysctls also tunables. - Add different harvesting "styles" to allow for different requirements (direct, queue, fast). - Add harvesting of FFS atime events. This needs to be checked for weighing down the FS code. - Add harvesting of slab allocator events. This needs to be checked for weighing down the allocator code. - Fix the random(9) manpage. - Loadable modules are not present for now. These will be re-engineered when the dust settles. - Use macros for locks. - Fix comments. * src/share/man/... - Update the man pages. * src/etc/... - The startup/shutdown work is done in D2924. * src/UPDATING - Add UPDATING announcement. * src/sys/dev/random/build.sh - Add copyright. - Add libz for unit tests. * src/sys/dev/random/dummy.c - Remove; no longer needed. Functionality incorporated into randomdev.*. * live_entropy_sources.c live_entropy_sources.h - Remove; content moved. - move content to randomdev.[ch] and optimise. * src/sys/dev/random/random_adaptors.c src/sys/dev/random/random_adaptors.h - Remove; plugability is no longer used. Compile-time algorithm selection is the way to go. * src/sys/dev/random/random_harvestq.c src/sys/dev/random/random_harvestq.h - Add early (re)boot-time randomness caching. * src/sys/dev/random/randomdev_soft.c src/sys/dev/random/randomdev_soft.h - Remove; no longer needed. * src/sys/dev/random/uint128.h - Provide a fake uint128_t; if a real one ever arrived, we can use that instead. All that is needed here is N=0, N++, N==0, and some localised trickery is used to manufacture a 128-bit 0ULLL. * src/sys/dev/random/unit_test.c src/sys/dev/random/unit_test.h - Improve unit tests; previously the testing human needed clairvoyance; now the test will do a basic check of compressibility. Clairvoyant talent is still a good idea. - This is still a long way off a proper unit test. * src/sys/dev/random/fortuna.c src/sys/dev/random/fortuna.h - Improve messy union to just uint128_t. - Remove unneeded 'static struct fortuna_start_cache'. - Tighten up up arithmetic. - Provide a method to allow eternal junk to be introduced; harden it against blatant by compress/hashing. - Assert that locks are held correctly. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Turn into self-sufficient module (no longer requires randomdev_soft.[ch]) * src/sys/dev/random/yarrow.c src/sys/dev/random/yarrow.h - Improve messy union to just uint128_t. - Remove unneeded 'staic struct start_cache'. - Tighten up up arithmetic. - Provide a method to allow eternal junk to be introduced; harden it against blatant by compress/hashing. - Assert that locks are held correctly. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Turn into self-sufficient module (no longer requires randomdev_soft.[ch]) - Fix some magic numbers elsewhere used as FAST and SLOW. Differential Revision: https://reviews.freebsd.org/D2025 Reviewed by: vsevolod,delphij,rwatson,trasz,jmg Approved by: so (delphij)
|
#
b2bdc62a |
|
18-Jan-2015 |
Adrian Chadd <adrian@FreeBSD.org> |
Refactor / restructure the RSS code into generic, IPv4 and IPv6 specific bits. The motivation here is to eventually teach netisr and potentially other networking subsystems a bit more about how RSS work queues / buckets are configured so things have a hope of auto-configuring in the future. * net/rss_config.[ch] takes care of the generic bits for doing configuration, hash function selection, etc; * topelitz.[ch] is now in net/ rather than netinet/; * (and would be in libkern if it didn't directly include RSS_KEYSIZE; that's a later thing to fix up.) * netinet/in_rss.[ch] now just contains the IPv4 specific methods; * and netinet/in6_rss.[ch] now just contains the IPv6 specific methods. This should have no functional impact on anyone currently using the RSS support. Differential Revision: D1383 Reviewed by: gnn, jfv (intel driver bits)
|
#
1a3a2b67 |
|
27-Nov-2014 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Fix build broken by r275195.
|
#
74860d4f |
|
27-Nov-2014 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Do not return unlocked/unreferenced lle in arpresolve/nd6_storelladdr - return lle flags IFF needed. Do not pass rte to arpresolve - pass is_gateway flag instead.
|
#
c69aeaad |
|
27-Nov-2014 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Do not try to copy header to @dst and than back to ethernet in case of pseudo_AF_HDRCMPLT: we copy media header from mbuf to 'struct sockaddr' @dst in bpf_movein, so mbuf already contains valid info.
|
#
033074c4 |
|
09-Nov-2014 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Replace 'struct route *' if_output() argument with 'struct nhop_info *'. Leave 'struct route' as is for legacy routing api users. Remove most of rtalloc_ign*-derived functions.
|
#
12419372 |
|
09-Nov-2014 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Remove remnants of if_ef(4).
|
#
833e8dc5 |
|
07-Nov-2014 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Remove struct arpcom. It is unused by most interface types, that allocate it, except Ethernet, where it carried ng_ether(4) pointer. For now carry the pointer in if_l2com directly. Sponsored by: Netflix Sponsored by: Nginx, Inc.
|
#
10cb2424 |
|
30-Oct-2014 |
Mark Murray <markm@FreeBSD.org> |
This is the much-discussed major upgrade to the random(4) device, known to you all as /dev/random. This code has had an extensive rewrite and a good series of reviews, both by the author and other parties. This means a lot of code has been simplified. Pluggable structures for high-rate entropy generators are available, and it is most definitely not the case that /dev/random can be driven by only a hardware souce any more. This has been designed out of the device. Hardware sources are stirred into the CSPRNG (Yarrow, Fortuna) like any other entropy source. Pluggable modules may be written by third parties for additional sources. The harvesting structures and consequently the locking have been simplified. Entropy harvesting is done in a more general way (the documentation for this will follow). There is some GREAT entropy to be had in the UMA allocator, but it is disabled for now as messing with that is likely to annoy many people. The venerable (but effective) Yarrow algorithm, which is no longer supported by its authors now has an alternative, Fortuna. For now, Yarrow is retained as the default algorithm, but this may be changed using a kernel option. It is intended to make Fortuna the default algorithm for 11.0. Interested parties are encouraged to read ISBN 978-0-470-47424-2 "Cryptography Engineering" By Ferguson, Schneier and Kohno for Fortuna's gory details. Heck, read it anyway. Many thanks to Arthur Mesh who did early grunt work, and who got caught in the crossfire rather more than he deserved to. My thanks also to folks who helped me thresh this out on whiteboards and in the odd "Hallway track", or otherwise. My Nomex pants are on. Let the feedback commence! Reviewed by: trasz,des(partial),imp(partial?),rwatson(partial?) Approved by: so(des)
|
#
9f65116c |
|
25-Oct-2014 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
* Increase nh_flags to be u16 thus reducing nhop payload to be 48 bytes * Use NHF_ namespace for all nhop flags * Rename nhop_data -> nhop_prepend * Rename fib4_lookup_nh_extended -> fib4_lookup_nh_ext * Add "flags" argument to fib4_lookup_nh_ext() to specify whether we want returned nh_ext structure to be refcounted or not.
|
#
b4e8f808 |
|
19-Oct-2014 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Switch IPv4 output path to use new routing api. The goals of the new API is to provide consumers with minimal needed information, but as fast as possible. So we provide full nexthop info copied into alighed on-cache structure instead of rte/ia pointers, their refcounts and locks. This does not provide solution for protecting from egress ifp destruction, but does not make it any worse. Current changes: nhops: Add fib4_lookup_prepend() function which stores either full L2+L3 prepend info (e.g. MAC header in case of plain IPv4) or L3 info with NH_FLAGS_L2_INCOMPLETE flag indicating that no valid L2 info exists and we have to take "slow" path. ip_output: Currently ip[ 46]_output consumers use 'struct route' for the following purposes: 1) double lookup avoidance(route caching) 2) plain route caching 3) get path MTU to be able to notify source. The former pattern is mostly used by various tunnels (gif, gre, stf). (Actually, gre is the only remaining, others were already converted. Their locking model did not scale good enogh to benefit from such caching, so we have (temporarily) removed it without any performance loss). Plain route caching used by SCTP is simply wrong and should be removed. Temporary break it for now just to be able to compile. Optimize path mtu reporting by providing it in new 'route_info' stucture. Minimize games with @ia locking/refcounting for route lookup: add special nhop[46]_extended structure to store more route attributes. Pointer to given structure can be passed to fib4_lookup_prepend() to indicate we want this info (we actually needs it for UDP and raw IP). ether_output: Provide light-weight ether_output2() call to deal with transmitting L2 frame (e.g. properly handle broadcast/simloop/bridge/ other L2 hooks before actually transmitting frame by if_transmit()). Add a hack based on new RT_NHOP ro_flag to distinguish which version should we call. Better way is probably to add a new "if_output_frame" driver callbacks. Next steps: * Convert ip_fastfwd part * Implement auto-growing array for per-radix nexthops * Implement LLE tracking for nexthop calculations to be able to immediately provide all necessary info in single route lookup for gateway routes * Switch radix locking scheme to runtime/cfg lock * Implement multipath support for rtsock * Implement "tracked nexthops" for tunnels (e.g. _proper_ nexthop caching) * Add IPv6 support for remaining parts (postponed not to interfere with user/ae/inet6 branch) * Consider adding "if_output_frame" driver call to ease logical frame pushing.
|
#
3751dddb |
|
19-Sep-2014 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Mechanically convert to if_inc_counter().
|
#
7527624e |
|
14-Mar-2014 |
Robert Watson <rwatson@FreeBSD.org> |
Several years after initial development, merge prototype support for linking NIC Receive Side Scaling (RSS) to the network stack's connection-group implementation. This prototype (and derived patches) are in use at Juniper and several other FreeBSD-using companies, so despite some reservations about its maturity, merge the patch to the base tree so that it can be iteratively refined in collaboration rather than maintained as a set of gradually diverging patch sets. (1) Merge a software implementation of the Toeplitz hash specified in RSS implemented by David Malone. This is used to allow suitable pcbgroup placement of connections before the first packet is received from the NIC. Software hashing is generally avoided, however, due to high cost of the hash on general-purpose CPUs. (2) In in_rss.c, maintain authoritative versions of RSS state intended to be pushed to each NIC, including keying material, hash algorithm/ configuration, and buckets. Provide software-facing interfaces to hash 2- and 4-tuples for IPv4 and IPv6 using both the RSS standardised Toeplitz and a 'naive' variation with a hash efficient in software but with poor distribution properties. Implement rss_m2cpuid()to be used by netisr and other load balancing code to look up the CPU on which an mbuf should be processed. (3) In the Ethernet link layer, allow netisr distribution using RSS as a source of policy as an alternative to source ordering; continue to default to direct dispatch (i.e., don't try and requeue packets for processing on the 'right' CPU if they arrive in a directly dispatchable context). (4) Allow RSS to control tuning of connection groups in order to align groups with RSS buckets. If a packet arrives on a protocol using connection groups, and contains a suitable hardware-generated hash, use that hash value to select the connection group for pcb lookup for both IPv4 and IPv6. If no hardware-generated Toeplitz hash is available, we fall back on regular PCB lookup risking contention rather than pay the cost of Toeplitz in software -- this is a less scalable but, at my last measurement, faster approach. As core counts go up, we may want to revise this strategy despite CPU overhead. Where device drivers suitably configure NICs, and connection groups / RSS are enabled, this should avoid both lock and line contention during connection lookup for TCP. This commit does not modify any device drivers to tune device RSS configuration to the global RSS configuration; patches are in circulation to do this for at least Chelsio T3 and Intel 1G/10G drivers. Currently, the KPI for device drivers is not particularly robust, nor aware of more advanced features such as runtime reconfiguration/rebalancing. This will hopefully prove a useful starting point for refinement. No MFC is scheduled as we will first want to nail down a more mature and maintainable KPI/KBI for device drivers. Sponsored by: Juniper Networks (original work) Sponsored by: EMC/Isilon (patch update and merge)
|
#
45c203fc |
|
14-Mar-2014 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Remove AppleTalk support. AppleTalk was a network transport protocol for Apple Macintosh devices in 80s and then 90s. Starting with Mac OS X in 2000 the AppleTalk was a legacy protocol and primary networking protocol is TCP/IP. The last Mac OS X release to support AppleTalk happened in 2009. The same year routing equipment vendors (namely Cisco) end their support. Thus, AppleTalk won't be supported in FreeBSD 11.0-RELEASE.
|
#
2c284d93 |
|
13-Mar-2014 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Remove IPX support. IPX was a network transport protocol in Novell's NetWare network operating system from late 80s and then 90s. The NetWare itself switched to TCP/IP as default transport in 1998. Later, in this century the Novell Open Enterprise Server became successor of Novell NetWare. The last release that claimed to still support IPX was OES 2 in 2007. Routing equipment vendors (e.g. Cisco) discontinued support for IPX in 2011. Thus, IPX won't be supported in FreeBSD 11.0-RELEASE.
|
#
95fbe4d0 |
|
18-Jan-2014 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Simplify filling sockaddr_dl structure for if_resolvemulti() callback providers. link_init_sdl() function can be used to fill most of the parameters. Use caller stack instead of allocation / freing memory for each request. Do not drop support for extra-long (probably non-existing) link-layer protocols by introducing link_alloc_sdl() (used by if_resolvemulti() callback) and link_free_sdl() (used by caller). Since this change breaks KBI, MFC requires slightly different approach (link_init_sdl() auto-allocating buffer if necessary to handle cases with unmodified if_resolvemulti() callers). MFC after: 2 weeks
|
#
4857f5fb |
|
18-Nov-2013 |
George V. Neville-Neil <gnn@FreeBSD.org> |
Allow ethernet drivers to pass in packets connected via the nextpkt pointer. Handling packets in this way allows drivers to amortize work during packet reception. Submitted by: Vijay Singh Sponsored by: NetApp
|
#
dd50b310 |
|
02-Nov-2013 |
Adrian Chadd <adrian@FreeBSD.org> |
Restore the entropy gathering from the m_data pointer value, not the m_data payload. After talking with markm/bde, this is what markm actually intended.
|
#
a09968c4 |
|
01-Nov-2013 |
Adrian Chadd <adrian@FreeBSD.org> |
Convert the random entropy harvesting code to use a const void * pointer rather than just void *. Then, as part of this, convert a couple of mbuf m->m_data accesses to mtod(m, const void *). Reviewed by: markm Approved by: security-officer (delphij) Sponsored by: Netflix, Inc.
|
#
75bf2db3 |
|
27-Oct-2013 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Move new pf includes to the pf directory. The pfvar.h remain in net, to avoid compatibility breakage for no sake. The future plan is to split most of non-kernel parts of pfvar.h into pf.h, and then make pfvar.h a kernel only include breaking compatibility. Discussed with: bz
|
#
76039bc8 |
|
26-Oct-2013 |
Gleb Smirnoff <glebius@FreeBSD.org> |
The r48589 promised to remove implicit inclusion of if_var.h soon. Prepare to this event, adding if_var.h to files that do need it. Also, include all includes that now are included due to implicit pollution via if_var.h Sponsored by: Netflix Sponsored by: Nginx, Inc.
|
#
4cdc1f54 |
|
09-Oct-2013 |
Gleb Smirnoff <glebius@FreeBSD.org> |
There are some high performance NICs that count statistics in hardware, and there are ifnets, that do that via counter(9). Provide a flag that would skip cache line trashing '+=' operation in ether_input(). Sponsored by: Netflix Sponsored by: Nginx, Inc. Reviewed by: melifaro, adrian Approved by: re (marius)
|
#
ad1f3311 |
|
05-Oct-2013 |
Mark Murray <markm@FreeBSD.org> |
Debug run. This now works, except that the "live" sources haven't been tested. With all sources turned on, this unlocks itself in a couple of seconds! That is no my box, and there is no guarantee that this will be the case everywhere. * Cut debug prints. * Use the same locks/mutexes all the way through. * Be a tad more conservative about entropy estimates.
|
#
f02e47dc |
|
04-Oct-2013 |
Mark Murray <markm@FreeBSD.org> |
Snapshot. This passes the build test, but has not yet been finished or debugged. Contains: * Refactor the hardware RNG CPU instruction sources to feed into the software mixer. This is unfinished. The actual harvesting needs to be sorted out. Modified by me (see below). * Remove 'frac' parameter from random_harvest(). This was never used and adds extra code for no good reason. * Remove device write entropy harvesting. This provided a weak attack vector, was not very good at bootstrapping the device. To follow will be a replacement explicit reseed knob. * Separate out all the RANDOM_PURE sources into separate harvest entities. This adds some secuity in the case where more than one is present. * Review all the code and fix anything obviously messy or inconsistent. Address som review concerns while I'm here, like rename the pseudo-rng to 'dummy'. Submitted by: Arthur Mesh <arthurmesh@gmail.com> (the first item)
|
#
c495c935 |
|
26-Aug-2013 |
Mark Murray <markm@FreeBSD.org> |
Snapshot; Do some running repairs on entropy harvesting. More needs to follow.
|
#
86bd0491 |
|
19-Aug-2013 |
Andre Oppermann <andre@FreeBSD.org> |
Add m_clrprotoflags() to clear protocol specific mbuf flags at up and downwards layer crossings. Consistently use it within IP, IPv6 and ethernet protocols. Discussed with: trociny, glebius
|
#
ef1f9169 |
|
23-Jul-2013 |
Marcel Moolenaar <marcel@FreeBSD.org> |
Decouple the UUID generator from network interfaces by having MAC addresses added to the UUID generator using uuid_ether_add(). The UUID generator keeps an arbitrary number of MAC addresses, under the assumption that they are rarely removed (= uuid_ether_del()). This achieves the following: 1. It brings up closer to having the network stack as a loadable module. 2. It allows the UUID generator to filter MAC addresses for best results (= highest chance of uniqeness). 3. MAC addresses can come from anywhere, irrespactive of whether it's used for an interface or not. A side-effect of the change is that when no MAC addresses have been added, a random multicast MAC address is created once and re-used if needed. Previusly, when a random MAC address was needed, it was created for every call. Thus, a change in behaviour is introduced for when no MAC addresses exist. Obtained from: Juniper Networks, Inc.
|
#
22f8ce43 |
|
18-May-2013 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Use separate function to update mbuf checksum flags instead of duplicating the same code in different places. MFC after: 2 weeks
|
#
47e8d432 |
|
25-Apr-2013 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Add const qualifier to the dst parameter of the ifnet if_output method.
|
#
eb1b1807 |
|
05-Dec-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Mechanically substitute flags from historic mbuf allocator with malloc(9) flags within sys. Exceptions: - sys/contrib not touched - sys/mbuf.h edited manually
|
#
5e9a5429 |
|
26-Nov-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Better safe than sorry: reinitialize eh after ng_ether(4) and if_bridge(4) processing, since mbuf may be modified there. Submitted by: youngari
|
#
97cce87f |
|
26-Nov-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Re-initialize eh pointer after m_adj() Submitted by: Kohji Okuno <okuno.kohji jp.panasonic.com> Reviewed by: yongari
|
#
9823d527 |
|
10-Oct-2012 |
Kevin Lo <kevlo@FreeBSD.org> |
Revert previous commit... Pointyhat to: kevlo (myself)
|
#
a10cee30 |
|
09-Oct-2012 |
Kevin Lo <kevlo@FreeBSD.org> |
Prefer NULL over 0 for pointers
|
#
7d4317bd |
|
04-Sep-2012 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Introduce new link-layer PFIL hook V_link_pfil_hook. Merge ether_ipfw_chk() and part of bridge_pfil() into unified ipfw_check_frame() function called by PFIL. This change was suggested by rwatson? @ DevSummit. Remove ipfw headers from ether/bridge code since they are unneeded now. Note this thange introduce some (temporary) performance penalty since PFIL read lock has to be acquired for every link-level packet. MFC after: 3 weeks
|
#
bdf942c3 |
|
03-May-2012 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Revert r234834 per luigi@ request. Cleaner solution (e.g. adding another header) should be done here. Original log: Move several enums and structures required for L2 filtering from ip_fw_private.h to ip_fw.h. Remove ipfw/ip_fw_private.h header from non-ipfw code. Requested by: luigi Approved by: kib(mentor)
|
#
7bd5e9b1 |
|
30-Apr-2012 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Move several enums and structures required for L2 filtering from ip_fw_private.h to ip_fw.h. Remove ipfw/ip_fw_private.h header from non-ipfw code. Approved by: ae(mentor) MFC after: 2 weeks
|
#
2db13e75 |
|
04-Mar-2012 |
Marko Zec <zec@FreeBSD.org> |
Properly restore curvnet context when returning early from ether_input_internal(). This change only affects options VIMAGE kernel builds. PR: kern/165643 Submitted by: Vijay Singh MFC after: 3 days
|
#
08b68b0e |
|
15-Dec-2011 |
Gleb Smirnoff <glebius@FreeBSD.org> |
A major overhaul of the CARP implementation. The ip_carp.c was started from scratch, copying needed functionality from the old implemenation on demand, with a thorough review of all code. The main change is that interface layer has been removed from the CARP. Now redundant addresses are configured exactly on the interfaces, they run on. The CARP configuration itself is, as before, configured and read via SIOCSVH/SIOCGVH ioctls. A new prefix created with SIOCAIFADDR or SIOCAIFADDR_IN6 may now be configured to a particular virtual host id, which makes the prefix redundant. ifconfig(8) semantics has been changed too: now one doesn't need to clone carpXX interface, he/she should directly configure a vhid on a Ethernet interface. To supply vhid data from the kernel to an application the getifaddrs(8) function had been changed to pass ifam_data with each address. [1] The new implementation definitely closes all PRs related to carp(4) being an interface, and may close several others. It also allows to run a single redundant IP per interface. Big thanks to Bjoern Zeeb for his help with inet6 part of patch, for idea on using ifam_data and for several rounds of reviewing! PR: kern/117000, kern/126945, kern/126714, kern/120130, kern/117448 Reviewed by: bz Submitted by: bz [1]
|
#
d745c852 |
|
06-Nov-2011 |
Ed Schouten <ed@FreeBSD.org> |
Mark MALLOC_DEFINEs static that have no corresponding MALLOC_DECLAREs. This means that their use is restricted to a single C file.
|
#
3d07127c |
|
27-Aug-2011 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
When adding IPv6 fwd support to ipfw in r225044 these two files were not committed. Initialize next_hop6 to align with the IPv4 code. PR: bin/117214 MFC after: 3 weeks X-MFC with: r225044 Approved by: re (kib)
|
#
a34c6aeb |
|
03-Jul-2011 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Tag mbufs of all incoming frames or packets with the interface's FIB setting (either default or if supported as set by SIOCSIFFIB, e.g. from ifconfig). Submitted by: Alexander V. Chernikov (melifaro ipfw.ru) Reviewed by: julian MFC after: 2 weeks
|
#
6cb52192 |
|
01-Jun-2011 |
Robert Watson <rwatson@FreeBSD.org> |
Add an optional netisr dispatch point at ether_input(), but set the default dispatch method to NETISR_DISPATCH_DIRECT in order to force direct dispatch. This adds a fairly negligble overhead without changing default behavior, but in the future will allow deferred or hybrid dispatch to other worker threads before link layer processing has taken place. For example, this could allow redistribution using RSS hashes without ethernet header cache line hits, if the NIC was unable to adequately implement load balancing to too small a number of input queues -- perhaps due to hard queueset counts of 1, 3, or 8, but in a modern system with 16-128 threads. This can happen on highly threaded systems, where you want want an ithread per core, redistributing work to other queues, but also on virtualised systems where hardware hashing is (or is not) available, but only a single queue has been directed to one VCPU on a VM. Note: this adds a previously non-present assertion about the equivalence of the ifnet from which the packet is received, and the ifnet stamped in the mbuf header. I believe this assertion to generally be true, but we'll find out soon -- if it's not, we might have to add additional overhead in some cases to add an m_tag with the originating ifnet pointer stored in it. Reviewed by: bz MFC after: 3 weeks Sponsored by: Juniper Networks, Inc.
|
#
3e288e62 |
|
22-Nov-2010 |
Dimitry Andric <dim@FreeBSD.org> |
After some off-list discussion, revert a number of changes to the DPCPU_DEFINE and VNET_DEFINE macros, as these cause problems for various people working on the affected files. A better long-term solution is still being considered. This reversal may give some modules empty set_pcpu or set_vnet sections, but these are harmless. Changes reverted: ------------------------------------------------------------------------ r215318 | dim | 2010-11-14 21:40:55 +0100 (Sun, 14 Nov 2010) | 4 lines Instead of unconditionally emitting .globl's for the __start_set_xxx and __stop_set_xxx symbols, only emit them when the set_vnet or set_pcpu sections are actually defined. ------------------------------------------------------------------------ r215317 | dim | 2010-11-14 21:38:11 +0100 (Sun, 14 Nov 2010) | 3 lines Apply the STATIC_VNET_DEFINE and STATIC_DPCPU_DEFINE macros throughout the tree. ------------------------------------------------------------------------ r215316 | dim | 2010-11-14 21:23:02 +0100 (Sun, 14 Nov 2010) | 2 lines Add macros to define static instances of VNET_DEFINE and DPCPU_DEFINE.
|
#
31c6a003 |
|
14-Nov-2010 |
Dimitry Andric <dim@FreeBSD.org> |
Apply the STATIC_VNET_DEFINE and STATIC_DPCPU_DEFINE macros throughout the tree.
|
#
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done by /etc/rc.d/jail.
|
#
d3c351c5 |
|
13-Aug-2010 |
Marko Zec <zec@FreeBSD.org> |
When moving an ethernet ifnet from one vnet to another, destroy the associated ng_ether netgraph node in the current vnet, and create a new one in the target vnet. Reviewed by: julian MFC after: 3 days
|
#
9963e8a5 |
|
11-Aug-2010 |
Will Andrews <will@FreeBSD.org> |
Unbreak LINT by moving all carp hooks to net/if.c / netinet/ip_carp.h, with the appropriate ifdefs. Reviewed by: bz Approved by: ken (mentor)
|
#
54bfbd51 |
|
10-Aug-2010 |
Will Andrews <will@FreeBSD.org> |
Allow carp(4) to be loaded as a kernel module. Follow precedent set by bridge(4), lagg(4) etc. and make use of function pointers and pf_proto_register() to hook carp into the network stack. Currently, because of the uncertainty about whether the unload path is free of race condition panics, unloads are disallowed by default. Compiling with CARPMOD_CAN_UNLOAD in CFLAGS removes this anti foot shooting measure. This commit requires IP6PROTOSPACER, introduced in r211115. Reviewed by: bz, simon Approved by: ken (mentor) MFC after: 2 weeks
|
#
8018e843 |
|
23-Mar-2010 |
Luigi Rizzo <luigi@FreeBSD.org> |
MFC of a large number of ipfw and dummynet fixes and enhancements done in CURRENT over the last 4 months. HEAD and RELENG_8 are almost in sync now for ipfw, dummynet the pfil hooks and related components. Among the most noticeable changes: - r200855 more efficient lookup of skipto rules, and remove O(N) blocks from critical sections in the kernel; - r204591 large restructuring of the dummynet module, with support for multiple scheduling algorithms (4 available so far) See the original commit logs for details. Changes in the kernel/userland ABI should be harmless because the kernel is able to understand previous requests from RELENG_8 and RELENG_7. For this reason, this changeset would be applicable to RELENG_7 as well, but i am not sure if it is worthwhile.
|
#
cc4d3c30 |
|
02-Mar-2010 |
Luigi Rizzo <luigi@FreeBSD.org> |
Bring in the most recent version of ipfw and dummynet, developed and tested over the past two months in the ipfw3-head branch. This also happens to be the same code available in the Linux and Windows ports of ipfw and dummynet. The major enhancement is a completely restructured version of dummynet, with support for different packet scheduling algorithms (loadable at runtime), faster queue/pipe lookup, and a much cleaner internal architecture and kernel/userland ABI which simplifies future extensions. In addition to the existing schedulers (FIFO and WF2Q+), we include a Deficit Round Robin (DRR or RR for brevity) scheduler, and a new, very fast version of WF2Q+ called QFQ. Some test code is also present (in sys/netinet/ipfw/test) that lets you build and test schedulers in userland. Also, we have added a compatibility layer that understands requests from the RELENG_7 and RELENG_8 versions of the /sbin/ipfw binaries, and replies correctly (at least, it does its best; sometimes you just cannot tell who sent the request and how to answer). The compatibility layer should make it possible to MFC this code in a relatively short time. Some minor glitches (e.g. handling of ipfw set enable/disable, and a workaround for a bug in RELENG_7's /sbin/ipfw) will be fixed with separate commits. CREDITS: This work has been partly supported by the ONELAB2 project, and mostly developed by Riccardo Panicucci and myself. The code for the qfq scheduler is mostly from Fabio Checconi, and Marta Carbone and Francesco Magno have helped with testing, debugging and some bug fixes.
|
#
2ae7ec29 |
|
07-Feb-2010 |
Julian Elischer <julian@FreeBSD.org> |
MFC of 197952 and 198075 Virtualize the pfil hooks so that different jails may chose different packet filters. ALso allows ipfw to be enabled on on ejail and disabled on another. In 8.0 it's a global setting. and Unbreak the VIMAGE build with IPSEC, broken with r197952 by virtualizing the pfil hooks. For consistency add the V_ to virtualize the pfil hooks in here as well.
|
#
0bcfa8e4 |
|
07-Jan-2010 |
Luigi Rizzo <luigi@FreeBSD.org> |
put ip_var before ip_fw_private.h as this will be needed in the near future
|
#
7173b6e5 |
|
04-Jan-2010 |
Luigi Rizzo <luigi@FreeBSD.org> |
Various cleanup done in ipfw3-head branch including: - use a uniform mtag format for all packets that exit and re-enter the firewall in the middle of a rulechain. On reentry, all tags containing reinject info are renamed to MTAG_IPFW_RULE so the processing is simpler. - make ipfw and dummynet use ip_len and ip_off in network format everywhere. Conversion is done only once instead of tracking the format in every place. - use a macro FREE_PKT to dispose of mbufs. This eases portability. On passing i also removed a few typos, staticise or localise variables, remove useless declarations and other minor things. Overall the code shrinks a bit and is hopefully more readable. I have tested functionality for all but ng_ipfw and if_bridge/if_ethersubr. For ng_ipfw i am actually waiting for feedback from glebius@ because we might have some small changes to make. For if_bridge and if_ethersubr feedback would be welcome (there are still some redundant parts in these two modules that I would like to remove, but first i need to check functionality).
|
#
830c6e2b |
|
28-Dec-2009 |
Luigi Rizzo <luigi@FreeBSD.org> |
bring in several cleanups tested in ipfw3-head branch, namely: r201011 - move most of ng_ipfw.h into ip_fw_private.h, as this code is ipfw-specific. This removes a dependency on ng_ipfw.h from some files. - move many equivalent definitions of direction (IN, OUT) for reinjected packets into ip_fw_private.h - document the structure of the packet tags used for dummynet and netgraph; r201049 - merge some common code to attach/detach hooks into a single function. r201055 - remove some duplicated code in ip_fw_pfil. The input and output processing uses almost exactly the same code so there is no need to use two separate hooks. ip_fw_pfil.o goes from 2096 to 1382 bytes of .text r201057 (see the svn log for full details) - macros to make the conversion of ip_len and ip_off between host and network format more explicit r201113 (the remaining parts) - readability fixes -- put braces around some large for() blocks, localize variables so the compiler does not think they are uninitialized, do not insist on precise allocation size if we have more than we need. r201119 - when doing a lookup, keys must be in big endian format because this is what the radix code expects (this fixes a bug in the recently-introduced 'lookup' option) No ABI changes in this commit. MFC after: 1 week
|
#
de240d10 |
|
22-Dec-2009 |
Luigi Rizzo <luigi@FreeBSD.org> |
merge code from ipfw3-head to reduce contention on the ipfw lock and remove all O(N) sequences from kernel critical sections in ipfw. In detail: 1. introduce a IPFW_UH_LOCK to arbitrate requests from the upper half of the kernel. Some things, such as 'ipfw show', can be done holding this lock in read mode, whereas insert and delete require IPFW_UH_WLOCK. 2. introduce a mapping structure to keep rules together. This replaces the 'next' chain currently used in ipfw rules. At the moment the map is a simple array (sorted by rule number and then rule_id), so we can find a rule quickly instead of having to scan the list. This reduces many expensive lookups from O(N) to O(log N). 3. when an expensive operation (such as insert or delete) is done by userland, we grab IPFW_UH_WLOCK, create a new copy of the map without blocking the bottom half of the kernel, then acquire IPFW_WLOCK and quickly update pointers to the map and related info. After dropping IPFW_LOCK we can then continue the cleanup protected by IPFW_UH_LOCK. So userland still costs O(N) but the kernel side is only blocked for O(1). 4. do not pass pointers to rules through dummynet, netgraph, divert etc, but rather pass a <slot, chain_id, rulenum, rule_id> tuple. We validate the slot index (in the array of #2) with chain_id, and if successful do a O(1) dereference; otherwise, we can find the rule in O(log N) through <rulenum, rule_id> All the above does not change the userland/kernel ABI, though there are some disgusting casts between pointers and uint32_t Operation costs now are as follows: Function Old Now Planned ------------------------------------------------------------------- + skipto X, non cached O(N) O(log N) + skipto X, cached O(1) O(1) XXX dynamic rule lookup O(1) O(log N) O(1) + skipto tablearg O(N) O(1) + reinject, non cached O(N) O(log N) + reinject, cached O(1) O(1) + kernel blocked during setsockopt() O(N) O(1) ------------------------------------------------------------------- The only (very small) regression is on dynamic rule lookup and this will be fixed in a day or two, without changing the userland/kernel ABI Supported by: Valeria Paoli MFC after: 1 month
|
#
70228fb3 |
|
15-Dec-2009 |
Luigi Rizzo <luigi@FreeBSD.org> |
Start splitting ip_fw2.c and ip_fw.h into smaller components. At this time we pull out from ip_fw2.c the logging functions, and support for dynamic rules, and move kernel-only stuff into netinet/ipfw/ip_fw_private.h No ABI change involved in this commit, unless I made some mistake. ip_fw.h has changed, though not in the userland-visible part. Files touched by this commit: conf/files now references the two new source files netinet/ip_fw.h remove kernel-only definitions gone into netinet/ipfw/ip_fw_private.h. netinet/ipfw/ip_fw_private.h new file with kernel-specific ipfw definitions netinet/ipfw/ip_fw_log.c ipfw_log and related functions netinet/ipfw/ip_fw_dynamic.c code related to dynamic rules netinet/ipfw/ip_fw2.c removed the pieces that goes in the new files netinet/ipfw/ip_fw_nat.c minor rearrangement to remove LOOKUP_NAT from the main headers. This require a new function pointer. A bunch of other kernel files that included netinet/ip_fw.h now require netinet/ipfw/ip_fw_private.h as well. Not 100% sure i caught all of them. MFC after: 1 month
|
#
0b4b0b0f |
|
10-Oct-2009 |
Julian Elischer <julian@FreeBSD.org> |
Virtualize the pfil hooks so that different jails may chose different packet filters. ALso allows ipfw to be enabled on on ejail and disabled on another. In 8.0 it's a global setting. Sitting aroung in tree waiting to commit for: 2 months MFC after: 2 months
|
#
530c0060 |
|
01-Aug-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Merge the remainder of kern_vimage.c and vimage.h into vnet.c and vnet.h, we now use jails (rather than vimages) as the abstraction for virtualization management, and what remained was specific to virtual network stacks. Minor cleanups are done in the process, and comments updated to reflect these changes. Reviewed by: bz Approved by: re (vimage blanket)
|
#
9fca4f79 |
|
28-Jul-2009 |
Qing Li <qingli@FreeBSD.org> |
The new flow table caches both the routing table entry as well as the L2 information. For an indirect route the cached L2 entry contains the MAC address of the gateway. Typically the default route is used to transmit multicast packets when explicit multicast routes are not available. The ether_output() function bypasses L2 resolution function if it verifies the L2 cache is valid, because the cached L2 address (a unicast MAC address) is copied into the packets as the destination MAC address. This validation, however, does not apply to broadcast and multicast packets because the destination MAC address is mapped according to a standard method instead. Submitted by: Xin Li Reviewed by: bz Approved by: re
|
#
1e77c105 |
|
16-Jul-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Remove unused VNET_SET() and related macros; only VNET_GET() is ever actually used. Rename VNET_GET() to VNET() to shorten variable references. Discussed with: bz, julian Reviewed by: bz Approved by: re (kensmith, kib)
|
#
eddfbb76 |
|
14-Jul-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Build on Jeff Roberson's linker-set based dynamic per-CPU allocator (DPCPU), as suggested by Peter Wemm, and implement a new per-virtual network stack memory allocator. Modify vnet to use the allocator instead of monolithic global container structures (vinet, ...). This change solves many binary compatibility problems associated with VIMAGE, and restores ELF symbols for virtualized global variables. Each virtualized global variable exists as a "reference copy", and also once per virtual network stack. Virtualized global variables are tagged at compile-time, placing the in a special linker set, which is loaded into a contiguous region of kernel memory. Virtualized global variables in the base kernel are linked as normal, but those in modules are copied and relocated to a reserved portion of the kernel's vnet region with the help of a the kernel linker. Virtualized global variables exist in per-vnet memory set up when the network stack instance is created, and are initialized statically from the reference copy. Run-time access occurs via an accessor macro, which converts from the current vnet and requested symbol to a per-vnet address. When "options VIMAGE" is not compiled into the kernel, normal global ELF symbols will be used instead and indirection is avoided. This change restores static initialization for network stack global variables, restores support for non-global symbols and types, eliminates the need for many subsystem constructors, eliminates large per-subsystem structures that caused many binary compatibility issues both for monitoring applications (netstat) and kernel modules, removes the per-function INIT_VNET_*() macros throughout the stack, eliminates the need for vnet_symmap ksym(2) munging, and eliminates duplicate definitions of virtualized globals under VIMAGE_GLOBALS. Bump __FreeBSD_version and update UPDATING. Portions submitted by: bz Reviewed by: bz, zec Discussed with: gnn, jamie, jeff, jhb, julian, sam Suggested by: peter Approved by: re (kensmith)
|
#
6c7ffe93 |
|
24-Jun-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Break at_ifawithnet() into two variants: - at_ifawithnet(), which acquires an locks it needs and returns an at_ifaddr reference. - at_ifawithnet_locked(), which relies on the caller locking at_ifaddr_list, and returns a pointer rather than a reference. Update various consumers to prefer one or the other, including ether and fddi output, to properly release at_ifaddr references. Rework at_control() to manage locking and references in a manner identical to in_control(). MFC after: 6 weeks
|
#
259d2d54 |
|
11-Jun-2009 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
carp(4) allows people to share a set of IP addresses and can only use IPv4/v6 for inter-node communication (according to my reading). Properly wrap the carp callouts in INET || INET6 and refelect this in sys/conf/files as well. While in theory this should be ok, it might be a bit optimistic to think that carp could build with inet6 only[1]. Discussed with: mlaier [1]
|
#
dda10d62 |
|
09-Jun-2009 |
Oleg Bulyzhin <oleg@FreeBSD.org> |
Close long existed race with net.inet.ip.fw.one_pass = 0: If packet leaves ipfw to other kernel subsystem (dummynet, netgraph, etc) it carries pointer to matching ipfw rule. If this packet then reinjected back to ipfw, ruleset processing starts from that rule. If rule was deleted meanwhile, due to existed race condition panic was possible (as well as other odd effects like parsing rules in 'reap list'). P.S. this commit changes ABI so userland ipfw related binaries should be recompiled. MFC after: 1 month Tested by: Mikolaj Golub
|
#
8d8bc018 |
|
08-Jun-2009 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
After r193232 rt_tables in vnet.h are no longer indirectly dependent on the ROUTETABLES kernel option thus there is no need to include opt_route.h anymore in all consumers of vnet.h and no longer depend on it for module builds. Remove the hidden include in flowtable.h as well and leave the two explicit #includes in ip_input.c and ip_output.c.
|
#
bcf11e8d |
|
05-Jun-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC and used in a large number of files, but also because an increasing number of incorrect uses of MAC calls were sneaking in due to copy-and-paste of MAC-aware code without the associated opt_mac.h include. Discussed with: pjd
|
#
115a40c7 |
|
05-Jun-2009 |
Luigi Rizzo <luigi@FreeBSD.org> |
More cleanup in preparation of ipfw relocation (no actual code change): + move ipfw and dummynet hooks declarations to raw_ip.c (definitions in ip_var.h) same as for most other global variables. This removes some dependencies from ip_input.c; + remove the IPFW_LOADED macro, just test ip_fw_chk_ptr directly; + remove the DUMMYNET_LOADED macro, just test ip_dn_io_ptr directly; + move ip_dn_ruledel_ptr to ip_fw2.c which is the only file using it; To be merged together with rev 193497 MFC after: 5 days
|
#
21ca7b57 |
|
05-May-2009 |
Marko Zec <zec@FreeBSD.org> |
Change the curvnet variable from a global const struct vnet *, previously always pointing to the default vnet context, to a dynamically changing thread-local one. The currvnet context should be set on entry to networking code via CURVNET_SET() macros, and reverted to previous state via CURVNET_RESTORE(). Recursions on curvnet are permitted, though strongly discuouraged. This change should have no functional impact on nooptions VIMAGE kernel builds, where CURVNET_* macros expand to whitespace. The curthread->td_vnet (aka curvnet) variable's purpose is to be an indicator of the vnet context in which the current network-related operation takes place, in case we cannot deduce the current vnet context from any other source, such as by looking at mbuf's m->m_pkthdr.rcvif->if_vnet, sockets's so->so_vnet etc. Moreover, so far curvnet has turned out to be an invaluable consistency checking aid: it helps to catch cases when sockets, ifnets or any other vnet-aware structures may have leaked from one vnet to another. The exact placement of the CURVNET_SET() / CURVNET_RESTORE() macros was a result of an empirical iterative process, whith an aim to reduce recursions on CURVNET_SET() to a minimum, while still reducing the scope of CURVNET_SET() to networking only operations - the alternative would be calling CURVNET_SET() on each system call entry. In general, curvnet has to be set in three typicall cases: when processing socket-related requests from userspace or from within the kernel; when processing inbound traffic flowing from device drivers to upper layers of the networking stack, and when executing timer-driven networking functions. This change also introduces a DDB subcommand to show the list of all vnet instances. Approved by: julian (mentor)
|
#
279aa3d4 |
|
16-Apr-2009 |
Kip Macy <kmacy@FreeBSD.org> |
Change if_output to take a struct route as its fourth argument in order to allow passing a cached struct llentry * down to L2 Reviewed by: rwatson
|
#
33553d6e |
|
27-Feb-2009 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
For all files including net/vnet.h directly include opt_route.h and net/route.h. Remove the hidden include of opt_route.h and net/route.h from net/vnet.h. We need to make sure that both opt_route.h and net/route.h are included before net/vnet.h because of the way MRT figures out the number of FIBs from the kernel option. If we do not, we end up with the default number of 1 when including net/vnet.h and array sizes are wrong. This does not change the list of files which depend on opt_route.h but we can identify them now more easily.
|
#
2f4afd21 |
|
03-Feb-2009 |
Randall Stewart <rrs@FreeBSD.org> |
Adds support for SCTP checksum offload. This means we, like TCP and UDP, move the checksum calculation into the IP routines when there is no hardware support we call into the normal SCTP checksum routine. The next round of SCTP updates will use this functionality. Of course the IGB driver needs a few updates to support the new intel controller set that actually does SCTP csum offload too. Reviewed by: gnn, rwatson, kmacy
|
#
9928dafb |
|
17-Dec-2008 |
Qing Li <qingli@FreeBSD.org> |
Remove the rt argument from nd6_storelladdr() because rt is no longer accessed.
|
#
6e6b3f7c |
|
14-Dec-2008 |
Qing Li <qingli@FreeBSD.org> |
This main goals of this project are: 1. separating L2 tables (ARP, NDP) from the L3 routing tables 2. removing as much locking dependencies among these layers as possible to allow for some parallelism in the search operations 3. simplify the logic in the routing code, The most notable end result is the obsolescent of the route cloning (RTF_CLONING) concept, which translated into code reduction in both IPv4 ARP and IPv6 NDP related modules, and size reduction in struct rtentry{}. The change in design obsoletes the semantics of RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland applications such as "arp" and "ndp" have been modified to reflect those changes. The output from "netstat -r" shows only the routing entries. Quite a few developers have contributed to this project in the past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and Andre Oppermann. And most recently: - Kip Macy revised the locking code completely, thus completing the last piece of the puzzle, Kip has also been conducting active functional testing - Sam Leffler has helped me improving/refactoring the code, and provided valuable reviews - Julian Elischer setup the perforce tree for me and has helped me maintaining that branch before the svn conversion
|
#
385195c0 |
|
10-Dec-2008 |
Marko Zec <zec@FreeBSD.org> |
Conditionally compile out V_ globals while instantiating the appropriate container structures, depending on VIMAGE_GLOBALS compile time option. Make VIMAGE_GLOBALS a new compile-time option, which by default will not be defined, resulting in instatiations of global variables selected for V_irtualization (enclosed in #ifdef VIMAGE_GLOBALS blocks) to be effectively compiled out. Instantiate new global container structures to hold V_irtualized variables: vnet_net_0, vnet_inet_0, vnet_inet6_0, vnet_ipsec_0, vnet_netgraph_0, and vnet_gif_0. Update the VSYM() macro so that depending on VIMAGE_GLOBALS the V_ macros resolve either to the original globals, or to fields inside container structures, i.e. effectively #ifdef VIMAGE_GLOBALS #define V_rt_tables rt_tables #else #define V_rt_tables vnet_net_0._rt_tables #endif Update SYSCTL_V_*() macros to operate either on globals or on fields inside container structs. Extend the internal kldsym() lookups with the ability to resolve selected fields inside the virtualization container structs. This applies only to the fields which are explicitly registered for kldsym() visibility via VNET_MOD_DECLARE() and vnet_mod_register(), currently this is done only in sys/net/if.c. Fix a few broken instances of MODULE_GLOBAL() macro use in SCTP code, and modify the MODULE_GLOBAL() macro to resolve to V_ macros, which in turn result in proper code being generated depending on VIMAGE_GLOBALS. De-virtualize local static variables in sys/contrib/pf/net/pf_subr.c which were prematurely V_irtualized by automated V_ prepending scripts during earlier merging steps. PF virtualization will be done separately, most probably after next PF import. Convert a few variable initializations at instantiation to initialization in init functions, most notably in ipfw. Also convert TUNABLE_INT() initializers for V_ variables to TUNABLE_FETCH_INT() in initializer functions. Discussed at: devsummit Strassburg Reviewed by: bz, julian Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation
|
#
4b79449e |
|
02-Dec-2008 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Rather than using hidden includes (with cicular dependencies), directly include only the header files needed. This reduces the unneeded spamming of various headers into lots of files. For now, this leaves us with very few modules including vnet.h and thus needing to depend on opt_route.h. Reviewed by: brooks, gnn, des, zec, imp Sponsored by: The FreeBSD Foundation
|
#
aea78d20 |
|
22-Nov-2008 |
Kip Macy <kmacy@FreeBSD.org> |
convert calls to IFQ_HANDOFF to if_transmit
|
#
44e33a07 |
|
19-Nov-2008 |
Marko Zec <zec@FreeBSD.org> |
Change the initialization methodology for global variables scheduled for virtualization. Instead of initializing the affected global variables at instatiation, assign initial values to them in initializer functions. As a rule, initialization at instatiation for such variables should never be introduced again from now on. Furthermore, enclose all instantiations of such global variables in #ifdef VIMAGE_GLOBALS blocks. Essentialy, this change should have zero functional impact. In the next phase of merging network stack virtualization infrastructure from p4/vimage branch, the new initialization methology will allow us to switch between using global variables and their counterparts residing in virtualization containers with minimum code churn, and in the long run allow us to intialize multiple instances of such container structures. Discussed at: devsummit Strassburg Reviewed by: bz, julian Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation
|
#
1ede983c |
|
23-Oct-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Retire the MALLOC and FREE macros. They are an abomination unto style(9). MFC after: 3 months
|
#
d7f03759 |
|
19-Oct-2008 |
Ulf Lilleengen <lulf@FreeBSD.org> |
- Import the HEAD csup code which is the basis for the cvsmode work.
|
#
8b615593 |
|
02-Oct-2008 |
Marko Zec <zec@FreeBSD.org> |
Step 1.5 of importing the network stack virtualization infrastructure from the vimage project, as per plan established at devsummit 08/08: http://wiki.freebsd.org/Image/Notes200808DevSummit Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator macros, and CURVNET_SET() context setting macros, all currently resolving to NOPs. Prepare for virtualization of selected SYSCTL objects by introducing a family of SYSCTL_V_*() macros, currently resolving to their global counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT(). Move selected #defines from sys/sys/vimage.h to newly introduced header files specific to virtualized subsystems (sys/net/vnet.h, sys/netinet/vinet.h etc.). All the changes are verified to have zero functional impact at this point in time by doing MD5 comparision between pre- and post-change object files(*). (*) netipsec/keysock.c did not validate depending on compile time options. Implemented by: julian, bz, brooks, zec Reviewed by: julian, bz, brooks, kris, rwatson, ... Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation
|
#
d54d93ac |
|
27-Aug-2008 |
Ed Maste <emaste@FreeBSD.org> |
Move CTASSERT of ether header sizes out of the header file and into if_ethersubr.c. CTASSERT is implemented using a dummy typedef, which if used in a header file may conflict with another CTASSERT in a source file using that header. I'll make a note of this in CTASSERT's man page. Approved by: imp
|
#
603724d3 |
|
17-Aug-2008 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Commit step 1 of the vimage project, (network stack) virtualization work done by Marko Zec (zec@). This is the first in a series of commits over the course of the next few weeks. Mark all uses of global variables to be virtualized with a V_ prefix. Use macros to map them back to their global names for now, so this is a NOP change only. We hope to have caught at least 85-90% of what is needed so we do not invalidate a lot of outstanding patches again. Obtained from: //depot/projects/vimage-commit2/... Reviewed by: brooks, des, ed, mav, julian, jamie, kris, rwatson, zec, ... (various people I forgot, different versions) md5 (with a bit of help) Sponsored by: NLnet Foundation, The FreeBSD Foundation X-MFC after: never V_Commit_Message_Reviewed_By: more people than the patch
|
#
933dad75 |
|
10-May-2008 |
Antoine Brodin <antoine@FreeBSD.org> |
Add missing braces in #if 0ed code. Approved by: rwatson (mentor) MFC after: 1 month
|
#
6eeac1d9 |
|
29-Apr-2008 |
Julian Elischer <julian@FreeBSD.org> |
Add an option (compiled out by default) to profile outoing packets for a number of mbuf chain related parameters e.g. number of mbufs, wasted space. probably will do with further work later. Reviewed by: various
|
#
879773c1 |
|
20-Mar-2008 |
Kip Macy <kmacy@FreeBSD.org> |
back out last change as Sam believes that it breaks multicast - need to revisit after following up with pyun
|
#
83631568 |
|
19-Mar-2008 |
Kip Macy <kmacy@FreeBSD.org> |
Don't re-initialize the interface if it is already running. This one line change makes the following code found in many ethernet device drivers (at least em, igb, ixgbe, and cxgb) gratuitous case SIOCSIFADDR: if (ifa->ifa_addr->sa_family == AF_INET) { /* * XXX * Since resetting hardware takes a very long time * and results in link renegotiation we only * initialize the hardware only when it is absolutely * required. */ ifp->if_flags |= IFF_UP; if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) { EM_CORE_LOCK(adapter); em_init_locked(adapter); EM_CORE_UNLOCK(adapter); } arp_ifinit(ifp, ifa); } else error = ether_ioctl(ifp, command, data); break;
|
#
b9175c45 |
|
07-Mar-2008 |
Robert Watson <rwatson@FreeBSD.org> |
Move IFF_NEEDSGIANT warning from if_ethersubr.c to if.c so it is displayed for all network interfaces, not just ethernet-like ones. Upgrade it to a louder WARNING and be explicit that the flag is obsolete. Support for IFF_NEEDSGIANT will be removed in a few months (see arch@ for details) and will not appear in 8.0. Upgrade if_watchdog to a WARNING.
|
#
897c0f57 |
|
06-Nov-2007 |
Oleg Bulyzhin <oleg@FreeBSD.org> |
1) dummynet_io() declaration has changed. 2) Alter packet flow inside dummynet: allow certain packets to bypass dummynet scheduler. Benefits are: - lower latency: if packet flow does not exceed pipe bandwidth, packets will not be (up to tick) delayed (due to dummynet's scheduler granularity). - lower overhead: if packet avoids dummynet scheduler it shouldn't reenter ip stack later. Such packets can be fastforwarded. - recursion (which can lead to kernel stack exhaution) eliminated. This fix long existed panic, which can be triggered this way: kldload dummynet sysctl net.inet.ip.fw.one_pass=0 ipfw pipe 1 config bw 0 for i in `jot 30`; do ipfw add 1 pipe 1 icmp from any to any; done ping -c 1 localhost 3) Three new sysctl nodes are added: net.inet.ip.dummynet.io_pkt - packets passed to dummynet net.inet.ip.dummynet.io_pkt_fast - packets avoided dummynet scheduler net.inet.ip.dummynet.io_pkt_drop - packets dropped by dummynet P.S. Above comments are true only for layer 3 packets. Layer 2 packet flow is not changed yet. MFC after: 3 month
|
#
30d239bc |
|
24-Oct-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Merge first in a series of TrustedBSD MAC Framework KPI changes from Mac OS X Leopard--rationalize naming for entry points to the following general forms: mac_<object>_<method/action> mac_<object>_check_<method/action> The previous naming scheme was inconsistent and mostly reversed from the new scheme. Also, make object types more consistent and remove spaces from object types that contain multiple parts ("posix_sem" -> "posixsem") to make mechanical parsing easier. Introduce a new "netinet" object type for certain IPv4/IPv6-related methods. Also simplify, slightly, some entry point names. All MAC policy modules will need to be recompiled, and modules not updates as part of this commit will need to be modified to conform to the new KPI. Sponsored by: SPARTA (original patches against Mac OS X) Obtained from: TrustedBSD Project, Apple Computer
|
#
a0cf8186 |
|
18-Oct-2007 |
Andrew Thompson <thompsa@FreeBSD.org> |
Use a uint16_t type for the vlan tag rather an int.
|
#
60e87ca8 |
|
18-Oct-2007 |
Andrew Thompson <thompsa@FreeBSD.org> |
The bridging output function puts the mbuf directly on the interfaces send queue so the output network card must support the same tagging mechanism as how the frame was input (prepended Ethernet header tag or stripped HW mflag). Now the vlan Ethernet header is _always_ stripped in ether_input and the mbuf flagged, only only network cards with VLAN_HWTAGGING enabled would properly re-tag any outgoing vlan frames. If the outgoing interface does not support hardware tagging then readd the vlan header to the front of the frame. Move the common vlan encapsulation in to ether_vlanencap(). Reported by: Erik Osterholm, Jon Otterholm MFC after: 1 week
|
#
d3a31a95 |
|
14-Sep-2007 |
Julian Elischer <julian@FreeBSD.org> |
Remove DIAG code that discards oversized packets. There has been general consensus that this was a bad idea/ Approved by: re (bmah)
|
#
33d2bb9c |
|
27-Jul-2007 |
Robert Watson <rwatson@FreeBSD.org> |
First in a series of changes to remove the now-unused Giant compatibility framework for non-MPSAFE network protocols: - Remove debug_mpsafenet variable, sysctl, and tunable. - Remove NET_NEEDS_GIANT() and associate SYSINITSs used by it to force debug.mpsafenet=0 if non-MPSAFE protocols are compiled into the kernel. - Remove logic to automatically flag interrupt handlers as non-MPSAFE if debug.mpsafenet is set for an INTR_TYPE_NET handler. - Remove logic to automatically flag netisr handlers as non-MPSAFE if debug.mpsafenet is set. - Remove references in a few subsystems, including NFS and Cronyx drivers, which keyed off debug_mpsafenet to determine various aspects of their own locking behavior. - Convert NET_LOCK_GIANT(), NET_UNLOCK_GIANT(), and NET_ASSERT_GIANT into no-op's, as their entire behavior was determined by the value in debug_mpsafenet. - Alias NET_CALLOUT_MPSAFE to CALLOUT_MPSAFE. Many remaining references to NET_.*_GIANT() and NET_CALLOUT_MPSAFE are still present in subsystems, and will be removed in followup commits. Reviewed by: bz, jhb Approved by: re (kensmith)
|
#
60ee3847 |
|
02-Jul-2007 |
Max Laier <mlaier@FreeBSD.org> |
Link pf 4.1 to the build: - move ftp-proxy from libexec to usr.sbin - add tftp-proxy - new altq mtag link Approved by: re (kensmith)
|
#
ead7661d |
|
12-Jun-2007 |
Andrew Gallatin <gallatin@FreeBSD.org> |
Use if_capenable to allow LRO enabled drivers to bypass the MTU check in ether_input().
|
#
2144e288 |
|
11-Jun-2007 |
Andrew Gallatin <gallatin@FreeBSD.org> |
Move the oversize ethernet frame size check into DIAGNOSTIC, as was proposed when it was originally added. This allows LRO to work on non-DIAGNOSTIC kernels without consuming any mbuf flags. Discussed with: sam
|
#
56b8f0b0 |
|
11-Jun-2007 |
Andrew Gallatin <gallatin@FreeBSD.org> |
Back out the previous commit which added an M_LRO mbuf flag to defeat the mtu check in ether_input. Mbuf flags are too scarce. Discussed with: sam
|
#
b6af0abd |
|
11-Jun-2007 |
Andrew Gallatin <gallatin@FreeBSD.org> |
Allow drivers, such as cxgb and mxge, which support LRO to bypass the MTU check in ether_input() on LRO merged frames. Discussed with: kmacy
|
#
995c7fd1 |
|
28-May-2007 |
Yaroslav Tykhiy <ytykhiy@gmail.com> |
Sync ether_ioctl() with ioctl(2) and ifnet.if_ioctl as to the type of the command argument: int -> u_long. These types have different widths in the 64-bit world. Add a note to UPDATING because the change breaks KBI on 64-bit platforms. Discussed on: -net, -current Reviewed by: bms, ru
|
#
18242d3b |
|
16-Apr-2007 |
Andrew Thompson <thompsa@FreeBSD.org> |
Rename the trunk(4) driver to lagg(4) as it is too similar to vlan trunking. The name trunk is misused as the networking term trunk means carrying multiple VLANs over a single connection. The IEEE standard for link aggregation (802.3 section 3) does not talk about 'trunk' at all while it is used throughout IEEE 802.1Q in describing vlans. The lagg(4) driver provides link aggregation, failover and fault tolerance. Discussed on: current@
|
#
b47888ce |
|
09-Apr-2007 |
Andrew Thompson <thompsa@FreeBSD.org> |
Add the trunk(4) driver for providing link aggregation, failover and fault tolerance. This driver allows aggregation of multiple network interfaces as one virtual interface using a number of different protocols/algorithms. failover - Sends traffic through the secondary port if the master becomes inactive. fec - Supports Cisco Fast EtherChannel. lacp - Supports the IEEE 802.3ad Link Aggregation Control Protocol (LACP) and the Marker Protocol. loadbalance - Static loadbalancing using an outgoing hash. roundrobin - Distributes outgoing traffic using a round-robin scheduler through all active ports. This code was obtained from OpenBSD and this also includes 802.3ad LACP support from agr(4) in NetBSD.
|
#
e7f8c833 |
|
22-Mar-2007 |
Bruce M Simpson <bms@FreeBSD.org> |
Fix a typo, and update a comment. Submitted by: yar
|
#
402d5e27 |
|
20-Mar-2007 |
Bruce M Simpson <bms@FreeBSD.org> |
Make the m_pullup() diagnostic message compile-time conditional on DIAGNOSTIC. Requested by: glebius
|
#
69462a82 |
|
19-Mar-2007 |
Bruce M Simpson <bms@FreeBSD.org> |
Clean up the ether_input() path by using the M_PROMISC flag. Main points of this change: * Drop frames immediately if the interface is not marked IFF_UP. * Always trim off the frame checksum if present. * Always use M_VLANTAG in preference to passing 802.1Q frames to consumers. * Use __func__ consistently for KASSERT(). * Use the M_PROMISC flag to detect situations where ether_input() may reenter itself on the same call graph with the same mbuf which was promiscuously received on behalf of subsystems such as netgraph, carp, and vlan. * 802.1P frames (that is, VLAN frames with an ID of 0) will now be passed to layer 3 input paths. * Deal with the special case for CARP in a sane way. This is a significant rewrite of code on the critical path. Please report any issues to me if they arise. Frames will now only pass through dummynet if M_PROMISC is cleared, to avoid problems with re-entry. The handling of CARP needs to be revisited architecturally. The M_PROMISC flag may potentially be demoted to a link-layer flag only as it is in NetBSD, where the idea originated. Discussed on: net Idea from: NetBSD Reviewed by: yar MFC after: 1 month
|
#
d05d4616 |
|
22-Feb-2007 |
Christian S.J. Peron <csjp@FreeBSD.org> |
Use ETHER_BPF_MTAP() instead of BPF_MTAP() here. It's possible incoming packets have had their 802.1Q tags processed by the hardware, resulting in them being stripped from the packets, and placed on the mbuf. This fixes the processing of 802.1Q tags when hardware offload of 802.1Q tags is enabled.
|
#
9983b3c0 |
|
24-Dec-2006 |
Yaroslav Tykhiy <ytykhiy@gmail.com> |
Note that rev. 1.221 introduced a local workaround for a general problem. Add a pointer to the relevant PR for future reference. The whole comment will be OK to remove as soon as the general solution is applied. PR: kern/105943
|
#
294dd290 |
|
08-Dec-2006 |
Luigi Rizzo <luigi@FreeBSD.org> |
Fix an oscure bug triggered by a recent change in kern_socket.c. The symptoms were that outgoing DHCP requests for diskless kernels had the IP header corrupt. After long investigations, the source of the problem was found in ether_output() - for SIMPLEX interfaces and broadcast traffic, a copy of the packet is passed back to the kernel through if_simloop(). However if_simloop() modifies the mbuf, while the copy obtained through m_copym() is a readonly one. The bug has been there forever, but it has been triggered only recently by a change in sosend_dgram() which passed down mbufs with sufficient space to prepend the header. This fix is trivial - use m_dup() instead of m_copy() to create the copy. As an alternative, we could try and modify if_simloop() to play safely with readonly mbufs, but i don't think it is worthwhile because 1) this is a relatively infrequent code path so we do not need to worry too much about performance, and 2) the cost of doing an extra m_pullup in if_simloop() is probably the same as doing the copy of the cluster, anyways. MFC after: 1 week
|
#
52f1277e |
|
18-Nov-2006 |
Christian S.J. Peron <csjp@FreeBSD.org> |
Currently, drivers that support hardware offload of VLAN tag processing are forced to toggle this functionality when the card is put in and out of promiscuous mode. The main reason for this is because the hardware strips the VLAN tag, making it impossible for the tag information to show up in network diagnostic tools like tcpdump(1). This change introduces ether_vlan_mtap(), which is called if the mbuf has M_VLANTAG set. VLAN information is extracted from the mbuf and inserted into a stack allocated ether vlan header which is then inserted through the bpf machinery via bpf_mtap2(). The original mbuf's data pointer and lengths are temporarily adjusted to eliminate the original Ethernet header for the duration of the tap operation. This should have no long term effects on the mbuf. Also, define a new macro, ETHER_BPF_MTAP which should be used by drivers which support hardware offload of VLAN tag processing. The fixes for the relevant drivers will follow shortly. Discussed with: rwatson, andre, jhb (and others) Much feedback from: sam, ru MFC after: 1 month [1] [1] The version that is eventually MFCed will be somewhat different then this, as there has been significant work done to the VLAN code in HEAD.
|
#
aed55708 |
|
22-Oct-2006 |
Robert Watson <rwatson@FreeBSD.org> |
Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.h begun with a repo-copy of mac.h to mac_framework.h. sys/mac.h now contains the userspace and user<->kernel API and definitions, with all in-kernel interfaces moved to mac_framework.h, which is now included across most of the kernel instead. This change is the first step in a larger cleanup and sweep of MAC Framework interfaces in the kernel, and will not be MFC'd. Obtained from: TrustedBSD Project Sponsored by: SPARTA
|
#
3f7d1396 |
|
25-Aug-2006 |
Andrew Thompson <thompsa@FreeBSD.org> |
Move the bridge hook after the loopback check so that IFF_SIMPLEX is honoured on member interfaces. This makes us the same as OpenBSD/NetBSD. MFC after: 3 days
|
#
9674cf0e |
|
27-Jul-2006 |
Andrew Thompson <thompsa@FreeBSD.org> |
Remove the dependency of bridgestp.h on if_bridgevar.h by moving a couple of private structures to if_bridge.c.
|
#
da87ff86 |
|
26-Jul-2006 |
Tai-hwa Liang <avatar@FreeBSD.org> |
Fixing compilation bustage: net/if_bridgevar.h depends on net/bridgestp.h.
|
#
de572b37 |
|
03-Mar-2006 |
Christian S.J. Peron <csjp@FreeBSD.org> |
Unbreak byte counters when network interfaces are in monitor mode by re-organizing the monitor return logic. We perform interface monitoring checks after we have determined if the CRC is still on the packet, if it is, m_adj() is called which will adjust the packet length. This ensures that we are not including CRC lengths in the byte counters for each packet. Discussed with: andre, glebius
|
#
3ecf1851 |
|
03-Feb-2006 |
Oleg Bulyzhin <oleg@FreeBSD.org> |
Properly initialize args structure before passing it to ipfw_chk(): having uninitialized args.inp is unhealthy for uid/gid/jail ipfw rules. PR: kern/92589 Approved by: glebius (mentor) MFC after: 1 week
|
#
75ee267c |
|
30-Jan-2006 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Merge the //depot/user/yar/vlan branch into CVS. It contains some collective work by yar, thompsa and myself. The checksum offloading part also involves work done by Mihail Balikov. The most important changes: o Instead of global linked list of all vlan softc use a per-trunk hash. The size of hash is dynamically adjusted, depending on number of entries. This changes struct ifnet, replacing counter of vlans with a pointer to trunk structure. This change is an improvement for setups with big number of VLANs, several interfaces and several CPUs. It is a small regression for a setup with a single VLAN interface. An alternative to dynamic hash is a per-trunk static array with 4096 entries, which is a compile time option - VLAN_ARRAY. In my experiments the array is not an improvement, probably because such a big trunk structure doesn't fit into CPU cache. o Introduce an UMA zone for VLAN tags. Since drivers depend on it, the zone is declared in kern_mbuf.c, not in optional vlan(4) driver. This change is a big improvement for any setup utilizing vlan(4). o Use rwlock(9) instead of mutex(9) for locking. We are the first ones to do this! :) o Some drivers can do hardware VLAN tagging + hardware checksum offloading. Add an infrastructure for this. Whenever vlan(4) is attached to a parent or parent configuration is changed, the flags on vlan(4) interface are updated. In collaboration with: yar, thompsa In collaboration with: Mihail Balikov <mihail.balikov interbgc.com>
|
#
5d691e6d |
|
18-Jan-2006 |
Andre Oppermann <andre@FreeBSD.org> |
Return mbuf pointer or NULL from ip_fastforward() as the mbuf pointer may have changed by m_pullup() during fastforward processing. While this is a bug it is actually never triggered in real world situations and it is not remotely exploitable. Found by: Coverity Prevent(tm) Coverity ID: CID780 Sponsored by: TCP/IP Optimization Fundraise 2005
|
#
c54c76cc |
|
21-Dec-2005 |
Oleg Bulyzhin <oleg@FreeBSD.org> |
1) remove useless check of loop_copy - corresponding code was removed in rev. 1.70 five years ago. 2) convert loop_copy to "non-negative" flag Approved by: glebius (mentor) MFC after: 2 weeks
|
#
e0a87e8a |
|
16-Dec-2005 |
Andrew Thompson <thompsa@FreeBSD.org> |
Change from a callback in if_ethersubr to using EVENTHANDLER in order to detach span ports when they disappear. The span port does not have a pointer to the softc so revert r1.31 and bring back the softc linked-list. MFC after: 2 weeks
|
#
147f74d1 |
|
18-Nov-2005 |
Andre Oppermann <andre@FreeBSD.org> |
Purge layer specific mbuf flags on layer crossings to avoid confusing upper or lower layers. Sponsored by: TCP/IP Optimization Fundraise 2005
|
#
4a0d6638 |
|
11-Nov-2005 |
Ruslan Ermilov <ru@FreeBSD.org> |
- Store pointer to the link-level address right in "struct ifnet" rather than in ifindex_table[]; all (except one) accesses are through ifp anyway. IF_LLADDR() works faster, and all (except one) ifaddr_byindex() users were converted to use ifp->if_addr. - Stop storing a (pointer to) Ethernet address in "struct arpcom", and drop the IFP2ENADDR() macro; all users have been converted to use IF_LLADDR() instead.
|
#
d09ed26f |
|
11-Nov-2005 |
Ruslan Ermilov <ru@FreeBSD.org> |
- Make IFP2ENADDR() a pointer to IF_LLADDR() rather than another copy of Ethernet address. - Change iso88025_ifattach() and fddi_ifattach() to accept MAC address as an argument, similar to ether_ifattach(), to make this work.
|
#
fd6238a6 |
|
13-Oct-2005 |
Andrew Thompson <thompsa@FreeBSD.org> |
Further clean up the bridge hooks in if_ethersubr.c and ng_ether.c - move the function pointer definitions to if_bridgevar.h - move most of the logic to the new BRIDGE_INPUT and BRIDGE_OUTPUT macros - remove unneeded functions from if_bridgevar.h and sort a little.
|
#
20a65f37 |
|
13-Oct-2005 |
Andrew Thompson <thompsa@FreeBSD.org> |
From 101 ways to panic your kernel. Use bridge_ifdetach() to notify the bridge that a member has been detached. The bridge can then remove it from its interface list and not try to send out via a dead pointer.
|
#
d0a2acd4 |
|
13-Oct-2005 |
Julian Elischer <julian@FreeBSD.org> |
Consolidate two adjacent conditional blocks I actually believe the code in question should be elsewhere (in the preceding function). MFC after: 1 week
|
#
199474fd |
|
13-Oct-2005 |
Ruslan Ermilov <ru@FreeBSD.org> |
Remove a stale comment.
|
#
9cff52f7 |
|
13-Oct-2005 |
Andrew Thompson <thompsa@FreeBSD.org> |
Clean up the if_bridge hooks a bit in if_ethersubr.c and ng_ether.c, move the broadcast/multicast test to bridge_input(). Requested by: glebius
|
#
6512768b |
|
07-Oct-2005 |
Gleb Smirnoff <glebius@FreeBSD.org> |
A deja vu of: http://lists.freebsd.org/pipermail/cvs-src/2004-October/033496.html The same problem applies to if_bridge(4), too. - Copy-and-paste the if_bridge(4) related block from if_ethersubr.c to ng_ether.c - Add XXXs, so that copy-and-paste would be noticed by any future editors of this code. - Also add XXXs near if_bridge(4) declarations. Silence from: thompsa
|
#
64465c6b |
|
05-Oct-2005 |
Andrew Thompson <thompsa@FreeBSD.org> |
Fix KASSERT function name in ether_output, use __func__ while I am here.
|
#
b6de9e91 |
|
27-Sep-2005 |
Max Laier <mlaier@FreeBSD.org> |
Remove bridge(4) from the tree. if_bridge(4) is a full functional replacement and has additional features which make it superior. Discussed on: -arch Reviewed by: thompsa X-MFC-after: never (RELENG_6 as transition period)
|
#
59280079 |
|
06-Sep-2005 |
Andrew Thompson <thompsa@FreeBSD.org> |
Add support for multicast to the bridge and allow inet6 addresses to be assigned to the interface. IPv6 auto-configuration is disabled. An IPv6 link-local address has a link-local scope within one link, the spec is unclear for the bridge case and it may cause scope violation. An address can be assigned in the usual way; ifconfig bridge0 inet6 xxxx:... Tested by: bmah Reviewed by: ume (netinet6) Approved by: mlaier (mentor) MFC after: 1 week
|
#
0bdf5171 |
|
23-Aug-2005 |
Max Laier <mlaier@FreeBSD.org> |
Don't loop back packets that have been routed by pf. This fixes an endless loop where the same packet is sent over and over again. Obtained from: OpenBSD Reported by: Sergey Lapin Tested by: Sergey Lapin MFC after: 7 days
|
#
13f4c340 |
|
09-Aug-2005 |
Robert Watson <rwatson@FreeBSD.org> |
Propagate rename of IFF_OACTIVE and IFF_RUNNING to IFF_DRV_OACTIVE and IFF_DRV_RUNNING, as well as the move from ifnet.if_flags to ifnet.if_drv_flags. Device drivers are now responsible for synchronizing access to these flags, as they are in if_drv_flags. This helps prevent races between the network stack and device driver in maintaining the interface flags field. Many __FreeBSD__ and __FreeBSD_version checks maintained and continued; some less so. Reviewed by: pjd, bz MFC after: 7 days
|
#
09df718e |
|
02-Aug-2005 |
Robert Watson <rwatson@FreeBSD.org> |
When allocating link layer ifnet address list entries in ifp->if_resolvemulti(), do so with M_NOWAIT rather than M_WAITOK, so that a mutex can be held over the call. In the FDDI code, add a missing M_ZERO. Consumers are already aware that if_resolvemulti() can fail. MFC after: 1 week
|
#
514bcb89 |
|
21-Jul-2005 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Add some KASSERTS to catch null pointers.
|
#
fc74a9f9 |
|
10-Jun-2005 |
Brooks Davis <brooks@FreeBSD.org> |
Stop embedding struct ifnet at the top of driver softcs. Instead the struct ifnet or the layer 2 common structure it was embedded in have been replaced with a struct ifnet pointer to be filled by a call to the new function, if_alloc(). The layer 2 common structure is also allocated via if_alloc() based on the interface type. It is hung off the new struct ifnet member, if_l2com. This change removes the size of these structures from the kernel ABI and will allow us to better manage them as interfaces come and go. Other changes of note: - Struct arpcom is no longer referenced in normal interface code. Instead the Ethernet address is accessed via the IFP2ENADDR() macro. To enforce this ac_enaddr has been renamed to _ac_enaddr. - The second argument to ether_ifattach is now always the mac address from driver private storage rather than sometimes being ac_enaddr. Reviewed by: sobomax, sam
|
#
c8b01292 |
|
09-Jun-2005 |
Andrew Thompson <thompsa@FreeBSD.org> |
Add dummynet(4) support to if_bridge, this code is largely based on bridge.c. This is the final piece to match bridge.c in functionality, we can now be a drop-in replacement. Approved by: mlaier (mentor)
|
#
5a6530a3 |
|
04-Jun-2005 |
Andrew Thompson <thompsa@FreeBSD.org> |
Fix indentation of two comment blocks from the last commit. Approved by: mlaier (mentor)
|
#
8f867517 |
|
04-Jun-2005 |
Andrew Thompson <thompsa@FreeBSD.org> |
Add hooks into the networking layer to support if_bridge. This changes struct ifnet so a buildworld is necessary. Approved by: mlaier (mentor) Obtained from: NetBSD
|
#
a1026028 |
|
06-Mar-2005 |
Maxim Sobolev <sobomax@FreeBSD.org> |
Fix ef(4) driver when kernel compiled w/o IPX. MFC after: 3 days
|
#
58996b13 |
|
24-Feb-2005 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Fix long lines in comment introduced in previous commit.
|
#
7e2041e0 |
|
22-Feb-2005 |
Robert Watson <rwatson@FreeBSD.org> |
When prepending an LCC SNAP header to an atalk outgoing ethernet packet, allocate the additional mbuf (if needed) using a non-sleeping memory allocation. MFC after: 7 days
|
#
a9771948 |
|
22-Feb-2005 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Add CARP (Common Address Redundancy Protocol), which allows multiple hosts to share an IP address, providing high availability and load balancing. Original work on CARP done by Michael Shalayeff, with many additions by Marco Pfatschbacher and Ryan McBride. FreeBSD port done solely by Max Laier. Patch by: mlaier Obtained from: OpenBSD (mickey, mcbride)
|
#
6ee20ab5 |
|
18-Feb-2005 |
Ruslan Ermilov <ru@FreeBSD.org> |
Allocate the M_VLANTAG m_pkthdr flag, and use it to indicate that a packet has VLAN mbuf tag attached. This is faster to check than m_tag_locate(), and allows us to use the tags in non-vlan(4) VLAN producers. The first argument to VLAN_OUTPUT_TAG() is now unused but retained for backward compatibility. While here, embellish a fix in rev. 1.174 of if_ethersubr.c -- it now checks for packets with VLAN (mbuf) tags, and it should now be possible to bridge(4) on vlan(4)'s whose parent interfaces support VLAN decapsulation in hardware. Reviewed by: sam
|
#
eb46c866 |
|
14-Feb-2005 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Check for non-NULL ac_netgraph field in interface arpcom, instead of checking global presence of ng_ether(4). Reviewed by: ru
|
#
6c23e6cc |
|
14-Feb-2005 |
Ruslan Ermilov <ru@FreeBSD.org> |
If no vlan(4) interfaces are configured for the interface, and the driver did VLAN decapsulation in hardware, we were passing a frame as if it came for the parent (non-VLAN) interface. Stop this from happening. Reminded by: glebius Security: This could pose a security risk in some setups
|
#
28935658 |
|
16-Jan-2005 |
Gleb Smirnoff <glebius@FreeBSD.org> |
- Reduce number of arguments passed to dummynet_io(), we already have cookie in struct ip_fw_args itself. - Remove redundant &= 0xffff from dummynet_io().
|
#
6c69a7c3 |
|
14-Jan-2005 |
Gleb Smirnoff <glebius@FreeBSD.org> |
o Clean up interface between ip_fw_chk() and its callers: - ip_fw_chk() returns action as function return value. Field retval is removed from args structure. Action is not flag any more. It is one of integer constants. - Any action-specific cookies are returned either in new "cookie" field in args structure (dummynet, future netgraph glue), or in mbuf tag attached to packet (divert, tee, some future action). o Convert parsing of return value from ip_fw_chk() in ipfw_check_{in,out}() to a switch structure, so that the functions are more readable, and a future actions can be added with less modifications. Approved by: andre MFC after: 2 months
|
#
c398230b |
|
06-Jan-2005 |
Warner Losh <imp@FreeBSD.org> |
/* -> /*- for license, minor formatting changes
|
#
a176c2ae |
|
12-Oct-2004 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Fix packet flow when both ng_ether(4) and bridge(4) are in use: - push all bridge logic from if_ethersubr.c into bridge.c make bridge_in() return mbuf pointer (or NULL). - call only bridge_in() from ether_input(), after ng_ether_input() was optinally called. - call bridge_in() from ng_ether_rcv_upper(). Long description: http://lists.freebsd.org/mailman/htdig/freebsd-net/2004-May/003881.html Reported by: Jian-Wei Wang <jwwang at FreeBSD.csie.NCTU.edu.tw> Tested by: myself, Sergey Lyubka Reviewed by: sam Approved by: julian (mentor) MFC after: 2 months
|
#
acf032f5 |
|
11-Oct-2004 |
Robert Watson <rwatson@FreeBSD.org> |
When harvesting entropy from an ethernet mbuf, do so before freeing the mbuf. RELENG_5 candidate.
|
#
af5e59bf |
|
27-Jul-2004 |
Robert Watson <rwatson@FreeBSD.org> |
Add a new network interface flag, IFF_NEEDSGIANT, which will allow device drivers to declare that the ifp->if_start() method implemented by the driver requires Giant in order to operate correctly. Add a 'struct task' to 'struct ifnet' that can be used to execute a deferred ifp->if_start() in the event that if_start needs to be called in a Giant-free environment. To do this, introduce if_start(), a wrapper function for ifp->if_start(). If the interface can run MPSAFE, it directly dispatches into the interface start routine. If it can't run MPSAFE, we're running with debug.mpsafenet != 0, and Giant isn't currently held, the task is queued to execute in a swi holding Giant via if_start_deferred(). Modify if_handoff() to use if_start() instead of direct dispatch. Modify 802.11 to use if_start() instead of direct dispatch. This is intended to provide increased compatibility for non-MPSAFE network device drivers in the presence of Giant-free operation via asynchronous dispatch. However, this commit does not mark any network interfaces as IFF_NEEDSGIANT.
|
#
086e98c4 |
|
08-Jul-2004 |
Bruce M Simpson <bms@FreeBSD.org> |
Use ETHER_IS_MULTICAST() consistently in ether_resolvemulti(). Reviewed by: jmallett
|
#
f93dfa28 |
|
02-Jul-2004 |
Brooks Davis <brooks@FreeBSD.org> |
Don't announce the ethernet address when it's 00:00:00:00:00:00. It's not of any interest. This primairly happens when vlan(4) interfaces are created.
|
#
cd0cd014 |
|
23-Jun-2004 |
Joerg Wunsch <joerg@FreeBSD.org> |
When considering an ethernet frame that is not destined for us, do not only allow this to be further processed when bridging is active on that interface, but also if the current packet has a VLAN tag and VLANs are active on our interface. This gives the VLAN layers a chance to also consider the packet (and perhaps drop it instead of the main dispatcher). This fixes a situation where bridging was only active on VLAN interfaces but ether_demux() called on behalf of the main interface had already thrown the packet away. MFC after: 4 weeks
|
#
d7647d96 |
|
24-Jun-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Make dependencies on the TCP/IP stack conditional on INET / INET6. This makes it possible to build a kernel with NIC drivers but no TCP/IP stack. Sponsored by: Teleplan AS
|
#
affc907d |
|
15-Jun-2004 |
Max Laier <mlaier@FreeBSD.org> |
Replace IF_HANDOFF with new IFQ_HANDOFF to enqueue with ALTQ once enabled on the respective drivers.
|
#
16b4a343 |
|
02-Jun-2004 |
Christian Weisgerber <naddy@FreeBSD.org> |
Add helper functions to calculate the standard ethernet CRC in little/big endian fashion, so that network drivers can just reference the standard implementation and don't have to bring their own. As discussed on arch@. Obtained from: NetBSD
|
#
41ee9f1c |
|
30-May-2004 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Add some missing <sys/module.h> includes which are masked by the one on death-row in <sys/kernel.h>
|
#
cd46a114 |
|
25-Apr-2004 |
Luigi Rizzo <luigi@FreeBSD.org> |
This commit does two things: 1. rt_check() cleanup: rt_check() is only necessary for some address families to gain access to the corresponding arp entry, so call it only in/near the *resolve() routines where it is actually used -- at the moment this is arpresolve(), nd6_storelladdr() (the call is embedded here), and atmresolve() (the call is just before atmresolve to reduce the number of changes). This change will make it a lot easier to decouple the arp table from the routing table. There is an extra call to rt_check() in if_iso88025subr.c to determine the routing info length. I have left it alone for the time being. The interface of arpresolve() and nd6_storelladdr() now changes slightly: + the 'rtentry' parameter (really a hint from the upper level layer) is now passed unchanged from *_output(), so it becomes the route to the final destination and not to the gateway. + the routines will return 0 if resolution is possible, non-zero otherwise. + arpresolve() returns EWOULDBLOCK in case the mbuf is being held waiting for an arp reply -- in this case the error code is masked in the caller so the upper layer protocol will not see a failure. 2. arpcom untangling Where possible, use 'struct ifnet' instead of 'struct arpcom' variables, and use the IFP2AC macro to access arpcom fields. This mostly affects the netatalk code. === Detailed changes: === net/if_arcsubr.c rt_check() cleanup, remove a useless variable net/if_atmsubr.c rt_check() cleanup net/if_ethersubr.c rt_check() cleanup, arpcom untangling net/if_fddisubr.c rt_check() cleanup, arpcom untangling net/if_iso88025subr.c rt_check() cleanup netatalk/aarp.c arpcom untangling, remove a block of duplicated code netatalk/at_extern.h arpcom untangling netinet/if_ether.c rt_check() cleanup (change arpresolve) netinet6/nd6.c rt_check() cleanup (change nd6_storelladdr)
|
#
49572c5b |
|
24-Apr-2004 |
Luigi Rizzo <luigi@FreeBSD.org> |
arpcom untangling: - use ifp instead if &ac->ac_if in a couple of nd6* calls; this removes a useless dependency. - use IFP2AC(ifp) instead of an extra variable to point to the struct arpcom; this does not remove the nesting dependency between arpcom and ifnet but makes it more evident.
|
#
4158372f |
|
18-Apr-2004 |
Luigi Rizzo <luigi@FreeBSD.org> |
replace Bcmp() with the same bcmp() used in the rest of the file.
|
#
212b6d52 |
|
17-Apr-2004 |
Luigi Rizzo <luigi@FreeBSD.org> |
+ rename and document an unused field in struct arpcom (field is still there so there are no ABI changes); + replace 5 redefinitions of the IPF2AC macro with one in if_arp.h Eventually (but before freezing the ABI) we need to get rid of struct arpcom (initially with the help of some smart #defines to avoid having to touch each and every driver, see below). Apart from the struct ifnet, struct arpcom now only stores a copy of the MAC address (ac_enaddr, but we already have another copy in the struct ifnet -- if_addrhead), and a netgraph-specific field which is _always_ accessed through the ifp, so it might well go into the struct ifnet too (where, besides, there is already an entry for AF_NETGRAPH data...) Too bad ac_enaddr is widely referenced by all drivers. But this can be fixed as follows: #define ac_enaddr ac_if.the_original_ac_enaddr_in_struct_ifnet (note that the right hand side would likely be a pointer rather than the base address of an array.)
|
#
f36cfd49 |
|
07-Apr-2004 |
Warner Losh <imp@FreeBSD.org> |
Remove advertising clause from University of California Regent's license, per letter dated July 22, 1999 and email from Peter Wemm, Alan Cox and Robert Watson. Approved by: core, peter, alc, rwatson
|
#
f7c5baa1 |
|
03-Apr-2004 |
Luigi Rizzo <luigi@FreeBSD.org> |
+ arpresolve(): remove an unused argument + struct ifnet: remove unused fields, move ipv6-related field close to each other, add a pointer to l3<->l2 translation tables (arp,nd6, etc.) for future use. + struct route: remove an unused field, move close to each other some fields that might likely go away in the future
|
#
e3bbbec2 |
|
14-Mar-2004 |
Matthew N. Dodd <mdodd@FreeBSD.org> |
Announce ethernet MAC addresss in ether_ifattach().
|
#
43a6c75a |
|
13-Mar-2004 |
Matthew N. Dodd <mdodd@FreeBSD.org> |
Handle AF_ARP in *_output() Obtained from: NetBSD
|
#
e589108d |
|
09-Mar-2004 |
Robert Watson <rwatson@FreeBSD.org> |
Const-poison ethernet and FDDI broadcast address constants, as they are accessed read-only.
|
#
4672d819 |
|
02-Mar-2004 |
Max Laier <mlaier@FreeBSD.org> |
Two minor follow-ups on the MT_TAG removal: ifp is now passed explicitly to ether_demux; no need to look it up again. Make mtag a global var in ip_input. Noticed by: rwatson Approved by: bms(mentor)
|
#
ac9d7e26 |
|
25-Feb-2004 |
Max Laier <mlaier@FreeBSD.org> |
Re-remove MT_TAGs. The problems with dummynet have been fixed now. Tested by: -current, bms(mentor), me Approved by: bms(mentor), sam
|
#
36e8826f |
|
17-Feb-2004 |
Max Laier <mlaier@FreeBSD.org> |
Backout MT_TAG removal (i.e. bring back MT_TAGs) for now, as dummynet is not working properly with the patch in place. Approved by: bms(mentor)
|
#
e7909401 |
|
15-Feb-2004 |
David Malone <dwmalone@FreeBSD.org> |
Return EACCES rather than ENOBUFS if ipfw blocks a packet on the way out at layer 2. PR: 62385 Submitted by: Oleg Bulyzhin <oleg@rinet.ru> Approved by: luigi MFC after: 1 week
|
#
1094bdca |
|
13-Feb-2004 |
Max Laier <mlaier@FreeBSD.org> |
This set of changes eliminates the use of MT_TAG "pseudo mbufs", replacing them mostly with packet tags (one case is handled by using an mbuf flag since the linkage between "caller" and "callee" is direct and there's no need to incur the overhead of a packet tag). This is (mostly) work from: sam Silence from: -arch Approved by: bms(mentor), sam, rwatson
|
#
9188b4a1 |
|
14-Nov-2003 |
Andre Oppermann <andre@FreeBSD.org> |
Introduce ip_fastforward and remove ip_flow. Short description of ip_fastforward: o adds full direct process-to-completion IPv4 forwarding code o handles ip fragmentation incl. hw support (ip_flow did not) o sends icmp needfrag to source if DF is set (ip_flow did not) o supports ipfw and ipfilter (ip_flow did not) o supports divert, ipfw fwd and ipfilter nat (ip_flow did not) o returns anything it can't handle back to normal ip_input Enable with sysctl -w net.inet.ip.fastforwarding=1 Reviewed by: sam (mentor)
|
#
9bf40ede |
|
31-Oct-2003 |
Brooks Davis <brooks@FreeBSD.org> |
Replace the if_name and if_unit members of struct ifnet with new members if_xname, if_dname, and if_dunit. if_xname is the name of the interface and if_dname/unit are the driver name and instance. This change paves the way for interface renaming and enhanced pseudo device creation and configuration symantics. Approved By: re (in principle) Reviewed By: njl, imp Tested On: i386, amd64, sparc64 Obtained From: NetBSD (if_xname)
|
#
64760eb0 |
|
23-Oct-2003 |
Warner Losh <imp@FreeBSD.org> |
Merge from p4 (noticed these changes with DES' if_ethersubr.c changes caused a minor conflict): o Use ETHER_ADDR_LEN in preference to '6'. o Remove two unnecessary (caddr_t) casts. One of them causes problems in my tree where etherbroadcastaddr is const, and (caddr_t) casts the const away.
|
#
72fd1b6a |
|
23-Oct-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Clean up whitespace, remove "register" keyword, ANSIfy. No functional changes.
|
#
d32864c3 |
|
12-Oct-2003 |
Robert Watson <rwatson@FreeBSD.org> |
Comment spelling fix.
|
#
2166ffe8 |
|
29-Aug-2003 |
Robert Watson <rwatson@FreeBSD.org> |
Introduce error checking for calls to M_PREPEND(): ether_output() when prepending netatalk AFA_PHASE2 llc headers (TRYWAIT). ether_output() when prepending ethernet header to a frame (DONTWAIT).
|
#
588523fa |
|
19-Aug-2003 |
Sam Leffler <sam@FreeBSD.org> |
use ETHER_IS_MULTICAST instead of explicit check
|
#
533d8562 |
|
13-Jul-2003 |
Robert Watson <rwatson@FreeBSD.org> |
Move the MAC entry point to label ethernet-sourced mbufs with a MAC label from the network interface earlier in ether_input(). At some point (no fingers pointed), things were restructured and the labeling operation moved later. This wasn't a problem as BPF_MTAP() relies on the ifnet label not the mbuf label, but there might have been other problems. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
#
824eb9dc |
|
05-May-2003 |
David E. O'Brien <obrien@FreeBSD.org> |
Back out rev 1.146 -- it broke the LINT build. We are about to enter the 5.1 code freeze and things must be buildable.
|
#
51da11a2 |
|
29-Apr-2003 |
Mark Murray <markm@FreeBSD.org> |
Fix some easy, global, lint warnings. In most cases, this means making some local variables static. In a couple of cases, this means removing an unused variable.
|
#
c1404dc0 |
|
23-Apr-2003 |
Archie Cobbs <archie@FreeBSD.org> |
Tweak to previous commit: increment ifp->if_iqdrops if the m_copy() fails. Suggested by: Neelkanth Natu <neelnatu@yahoo.com>
|
#
79db6ff3 |
|
23-Apr-2003 |
Archie Cobbs <archie@FreeBSD.org> |
Fix a case where the return value from m_copy() was not being checked for NULL before proceeding, causing a crash if mbufs were exhausted. MFC after: 3 days Reported by: Mark Gooderum <mark@verniernetworks.com>
|
#
868d8b62 |
|
21-Mar-2003 |
Matthew N. Dodd <mdodd@FreeBSD.org> |
- Use if_broadcastaddr from struct ifnet rather than relying on extern 'etherbroadcastaddr'. - Make 'etherbroadcastaddr' static. Reviewed by: imp
|
#
06f684b0 |
|
15-Mar-2003 |
Matthew N. Dodd <mdodd@FreeBSD.org> |
Reduce code differences.
|
#
40811c14 |
|
15-Mar-2003 |
Matthew N. Dodd <mdodd@FreeBSD.org> |
Add module data and version.
|
#
3c6b084e |
|
05-Mar-2003 |
Peter Wemm <peter@FreeBSD.org> |
Finish driving a stake through the heart of netns and the associated ifdefs scattered around the place - its dead Jim! The SMB stuff had stolen AF_NS, make it official.
|
#
1cafed39 |
|
04-Mar-2003 |
Jonathan Lemon <jlemon@FreeBSD.org> |
Update netisr handling; Each SWI now registers its queue, and all queue drain routines are done by swi_net, which allows for better queue control at some future point. Packets may also be directly dispatched to a netisr instead of queued, this may be of interest at some installations, but currently defaults to off. Reviewed by: hsu, silby, jayanth, sam Sponsored by: DARPA, NAI Labs
|
#
797f247b |
|
02-Mar-2003 |
Matthew N. Dodd <mdodd@FreeBSD.org> |
sizeof(struct llc) -> LLC_SNAPFRAMELEN sizeof(struct ether_header) -> ETHER_HDR_LEN sizeof(struct fddi_header) -> FDDI_HDR_LEN
|
#
098a8c3b |
|
02-Mar-2003 |
Matthew N. Dodd <mdodd@FreeBSD.org> |
De-register.
|
#
7f760c48 |
|
02-Mar-2003 |
Matthew N. Dodd <mdodd@FreeBSD.org> |
Reduce code duplication. This adds the function rt_check() to route.c. Approved by: sam (in principle)
|
#
a163d034 |
|
18-Feb-2003 |
Warner Losh <imp@FreeBSD.org> |
Back out M_* changes, per decision of the TRB. Approved by: trb
|
#
0bbd84e2 |
|
17-Feb-2003 |
Sam Leffler <sam@FreeBSD.org> |
remove stray debugging printf Noted by: Kasper Steensgaard <steensgaard@person.dk>
|
#
44956c98 |
|
21-Jan-2003 |
Alfred Perlstein <alfred@FreeBSD.org> |
Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0. Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
|
#
86fea6be |
|
19-Dec-2002 |
Bosko Milekic <bmilekic@FreeBSD.org> |
o Untangle the confusion with the malloc flags {M_WAITOK, M_NOWAIT} and the mbuf allocator flags {M_TRYWAIT, M_DONTWAIT}. o Fix a bpf_compat issue where malloc() was defined to just call bpf_alloc() and pass the 'canwait' flag(s) along. It's been changed to call bpf_alloc() but pass the corresponding M_TRYWAIT or M_DONTWAIT flag (and only one of those two). Submitted by: Hiten Pandya <hiten@unixdaemons.com> (hiten->commit_count++)
|
#
97850a5d |
|
20-Nov-2002 |
Luigi Rizzo <luigi@FreeBSD.org> |
Move fw_one_pass from ip_fw2.c to ip_input.c so that neither bridge.c nor if_ethersubr.c depend on IPFIREWALL. Restore the use of fw_one_pass in if_ethersubr.c ipfw.8 will be updated with a separate commit. Approved by: re
|
#
c1d93b05 |
|
14-Nov-2002 |
Sam Leffler <sam@FreeBSD.org> |
o change input packet handling to eliminate the pointer to the struct ether_header; instead drivers are to leave the Ethernet header at the front of the packet o add declarations for netgraph and vlan hooks that were removed from ethernet.h o change various in-file calling conventions to track change in input API o fixup bridge support to handle Ethernet header no longer being stripped o add consistency checks to ether_input to catch problems with the change in the API; some of these may want to be moved to #ifdef DIAGNOSTIC at a later time (though they are not too expensive to leave as is) o change ether_demux to eliminate the passing of the Ethernet header; it is now expected at the front of the packet a la ether_input o add ether_sprintf compatibility shim o change ether_ifattach API to remove "bpf supported param" and add a pointer to the MAC address to be installed for the LL address (this is for future changes to divest struct arpcom from struct ifnet) o change ether_ifdetach API to remove "bpf support param" Reviewed by: many Approved by: re
|
#
29e1b85f |
|
20-Oct-2002 |
Brooks Davis <brooks@FreeBSD.org> |
Use if_printf(ifp, "blah") instead of printf("%s%d: blah", ifp->if_name, ifp->if_xname).
|
#
c6943100 |
|
16-Oct-2002 |
Poul-Henning Kamp <phk@FreeBSD.org> |
FIx misindentation. Spotted by: FlexeLint.
|
#
232a8802 |
|
13-Oct-2002 |
Crist J. Clark <cjc@FreeBSD.org> |
Unconditionally restore the pointer to the saved Ethernet header after going to bridge.c:bdg_forward(). The header can be munged even if the mbuf does not /appear/ to change. PR: kern/42465 MFC after: 4 days
|
#
8d3574c7 |
|
01-Oct-2002 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Fix some harmless mis-indents. Spotted by: FlexeLint
|
#
37c84183 |
|
28-Sep-2002 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Be consistent about "static" functions: if the function is marked static in its prototype, mark it static at the definition too. Inspired by: FlexeLint warning #512
|
#
afbe3a0f |
|
27-Sep-2002 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Add the "Monitor" interface flag. Setting this flag on an ethernet interface blocks transmission of packets and discards incoming packets after BPF processing. This is useful if you want to monitor network trafic but not interact with the network in question. Sponsored by: http://www.babeltech.dk
|
#
a6ddbff0 |
|
26-Sep-2002 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Be a bit more technical: Technically junk may have low entropy.
|
#
2201e1b0 |
|
18-Sep-2002 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Optimize the way we call BPF a tiny bit: If we chop the ether-header off ourselves, call bpf before we do so, rather than re-construct the entire thing afterwards. Sponsored: http://www.babeltech.dk/
|
#
59083544 |
|
12-Sep-2002 |
David E. O'Brien <obrien@FreeBSD.org> |
Fix the GENERIC build. Don't refer to the non-existant fw_one_pass.
|
#
015d72e0 |
|
11-Sep-2002 |
Luigi Rizzo <luigi@FreeBSD.org> |
Make bridging and layer2-ipfw obey net.inet.ip.fw.one_pass. I should have committed this ages ago. The MFC for if_ethersubr.c could be done in the usual few days (only ipfw2 uses it), the one for bridge.c should probably wait until after 4.7 because it changes an existing though mostly undocumented behaviour (on which i hope nobody relies). All in all, i'll wait for both things unless there is demand. MFC after: 35 days
|
#
25faf49d |
|
30-Aug-2002 |
Maxim Sobolev <sobomax@FreeBSD.org> |
Fix a silly typo in user-setable promisc mode code. Pointed out by: Yann Berthier <yb@sainte-barbe.org> MFC after: 1 day
|
#
ffb079be |
|
19-Aug-2002 |
Maxim Sobolev <sobomax@FreeBSD.org> |
Implement user-setable promiscuous mode (a new `promisc' flag for ifconfig(8)). Also, for all interfaces in this mode pass all ethernet frames to upper layer, even those not addressed to our own MAC, which allows packets encapsulated in those frames be processed with packet filters (ipfw(8) et al). Emphatically requested by: Anton Turygin <pa3op@ukr-link.net> Valuable suggestions by: fenner
|
#
c939f1ae |
|
04-Aug-2002 |
Luigi Rizzo <luigi@FreeBSD.org> |
Extend the interface to ether_input(): a NULL eh pointer means that the mbuf contains the ethernet header (eh) as well, which ether_input() will strip off as needed. This permits the removal (in a backward compatible way) of the header removal code which right now is replicated in all drivers, sometimes in an inconsistent way. Also, because many functions called after ether_input() require the eh in the mbuf, eventually we can propagate the interface and handle outdated drivers just in ether_input(). Individual driver changes to use the new interface will follow as we have a chance to touch them. NOTE THAT THIS CHANGE IS FULLY BACKWARD COMPATIBLE AND DOES NOT BREAK BINARY COMPATIBILITY FOR DRIVERS. MFC after: 3 days
|
#
43b29369 |
|
31-Jul-2002 |
Robert Watson <rwatson@FreeBSD.org> |
Introduce support for Mandatory Access Control and extensible kernel access control. Label mbufs received via ethernet-based interfaces by invoking appropriate MAC framework entry points. Perform access control checks on out-going mbufs delivered via ethernet-based interfaces by invoking appropriate MAC entry points. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
#
9961e27d |
|
30-Jun-2002 |
Luigi Rizzo <luigi@FreeBSD.org> |
Remove one useless variable.
|
#
2f8ebbf4 |
|
23-Jun-2002 |
Luigi Rizzo <luigi@FreeBSD.org> |
fix indentation, whitespace and a few comments.
|
#
2b25acc1 |
|
22-Jun-2002 |
Luigi Rizzo <luigi@FreeBSD.org> |
Remove (almost all) global variables that were used to hold packet forwarding state ("annotations") during ip processing. The code is considerably cleaner now. The variables removed by this change are: ip_divert_cookie used by divert sockets ip_fw_fwd_addr used for transparent ip redirection last_pkt used by dynamic pipes in dummynet Removal of the first two has been done by carrying the annotations into volatile structs prepended to the mbuf chains, and adding appropriate code to add/remove annotations in the routines which make use of them, i.e. ip_input(), ip_output(), tcp_input(), bdg_forward(), ether_demux(), ether_output_frame(), div_output(). On passing, remove a bug in divert handling of fragmented packet. Now it is the fragment at offset 0 which sets the divert status of the whole packet, whereas formerly it was the last incoming fragment to decide. Removal of last_pkt required a change in the interface of ip_fw_chk() and dummynet_io(). On passing, use the same mechanism for dummynet annotations and for divert/forward annotations. option IPFIREWALL_FORWARD is effectively useless, the code to implement it is very small and is now in by default to avoid the obfuscation of conditionally compiled code. NOTES: * there is at least one global variable left, sro_fwd, in ip_output(). I am not sure if/how this can be removed. * I have deliberately avoided gratuitous style changes in this commit to avoid cluttering the diffs. Minor stule cleanup will likely be necessary * this commit only focused on the IP layer. I am sure there is a number of global variables used in the TCP and maybe UDP stack. * despite the number of files touched, there are absolutely no API's or data structures changed by this commit (except the interfaces of ip_fw_chk() and dummynet_io(), which are internal anyways), so an MFC is quite safe and unintrusive (and desirable, given the improved readability of the code). MFC after: 10 days
|
#
4b984093 |
|
13-May-2002 |
Luigi Rizzo <luigi@FreeBSD.org> |
Add ipfw hooks to ether_demux() and ether_output_frame(). Ipfw processing of frames at layer 2 can be enabled by the sysctl variable net.link.ether.ipfw=1 Consider this feature experimental, because right now, the firewall is invoked in the places indicated below, and controlled by the sysctl variables listed on the right. As a consequence, a packet can be filtered from 1 to 4 times depending on the path it follows, which might make a ruleset a bit hard to follow. I will add an ipfw option to tell if we want a given rule to apply to ether_demux() and ether_output_frame(), but we have run out of flags in the struct ip_fw so i need to think a bit on how to implement this. to upper layers | | +----------->-----------+ ^ V [ip_input] [ip_output] net.inet.ip.fw.enable=1 | | ^ V [ether_demux] [ether_output_frame] net.link.ether.ipfw=1 | | +->- [bdg_forward]-->---+ net.link.ether.bridge_ipfw=1 ^ V | | to devices
|
#
7d3e4c6e |
|
03-Apr-2002 |
Luigi Rizzo <luigi@FreeBSD.org> |
Fix a couple of incorrect m_free() vs. m_freem() usages and related issues. Reviewed-by: brooks
|
#
34fe62c7 |
|
24-Mar-2002 |
Bruce Evans <bde@FreeBSD.org> |
Fixed some style bugs in the removal of __P(()). The main ones were not removing tabs before "__P((", and not outdenting continuation lines to preserve non-KNF lining up of code with parentheses. Switch to KNF formatting and/or rewrap the whole prototype in some cases.
|
#
929ddbbb |
|
19-Mar-2002 |
Alfred Perlstein <alfred@FreeBSD.org> |
Remove __P.
|
#
cad15830 |
|
14-Feb-2002 |
Luigi Rizzo <luigi@FreeBSD.org> |
Remove useless initialization to 0 of a couple of global variables.
|
#
3cd67511 |
|
11-Jan-2002 |
Jesper Skriver <jesper@FreeBSD.org> |
It turns out that when a broadcast packet is looped back, the checksums are checked on the way in even if they were not calculated on the way out. This fixes rwhod PR: 31954 Submitted by: fenner Approved by: fenner MFC after: 1 week
|
#
64b15424 |
|
14-Dec-2001 |
Jonathan Lemon <jlemon@FreeBSD.org> |
minor style fix.
|
#
05463bb5 |
|
13-Dec-2001 |
David Greenman <dg@FreeBSD.org> |
Moved the updating of if_ibytes from ether_demux() to ether_input() to fix a bug where the interface input bytes count wasn't updated when bridging is enabled. MFC after: 3 days
|
#
6e551fb6 |
|
10-Dec-2001 |
David E. O'Brien <obrien@FreeBSD.org> |
Update to C99, s/__FUNCTION__/__func__/, also don't use ANSI string concatenation.
|
#
437e48e9 |
|
03-Dec-2001 |
Brooks Davis <brooks@FreeBSD.org> |
Don't pass an interface pointer to VLAN_INPUT{,_TAG}. Get it from the mbuf instead. Suggested by: fenner
|
#
7b109fa4 |
|
04-Nov-2001 |
Luigi Rizzo <luigi@FreeBSD.org> |
MFS: sync the ipfw/dummynet/bridge code with the one recently merged into stable (mostly , but not only, formatting and comments changes).
|
#
322dcb8d |
|
14-Oct-2001 |
Max Khon <fjoe@FreeBSD.org> |
bring in ARP support for variable length link level addresses Reviewed by: jdp Approved by: jdp Obtained from: NetBSD MFC after: 6 weeks
|
#
cfeff1b6 |
|
10-Oct-2001 |
Jonathan Lemon <jlemon@FreeBSD.org> |
Set if_type and if_addrlen before calling if_attach(), so the values are available for the routine to use.
|
#
db69a05d |
|
04-Oct-2001 |
Paul Saab <ps@FreeBSD.org> |
Make it so dummynet and bridge can be loaded as modules. Submitted by: billf
|
#
8cdfefbd |
|
09-Sep-2001 |
Peter Wemm <peter@FreeBSD.org> |
Remove/comment tokens after #endif (#endif NETATALK)
|
#
f9132ceb |
|
05-Sep-2001 |
Jonathan Lemon <jlemon@FreeBSD.org> |
Wrap array accesses in macros, which also happen to be lvalues: ifnet_addrs[i - 1] -> ifaddr_byindex(i) ifindex2ifnet[i] -> ifnet_byindex(i) This is intended to ease the conversion to SMPng.
|
#
9d4fe4b2 |
|
05-Sep-2001 |
Brooks Davis <brooks@FreeBSD.org> |
Make vlan(4) loadable, unloadable, and clonable. As a side effect, interfaces must now always enable VLAN support. Reviewed by: jlemon MFC after: 3 weeks
|
#
08aadfbb |
|
15-Jun-2001 |
Jonathan Lemon <jlemon@FreeBSD.org> |
Do not perform arp send/resolve on an interface marked NOARP. PR: 25006 MFC after: 2 weeks
|
#
26e30963 |
|
02-May-2001 |
Bill Fenner <fenner@FreeBSD.org> |
Get IP multicast working on VLAN devices: - Allocate zeroed memory in ether_resolvemulti() to prevent equal() from comparing garbage and determining that two otherwise-equal sockaddr_dls are different. - Fill in all required fields of the sockaddr_dl - Actually copy the multicast address into the sockaddr_dl when calling if_addmulti() - Don't claim that we don't have a way to resolve layer 3 addresses into layer 2 addresses; use the ethernet way.
|
#
fef5fd23 |
|
10-Mar-2001 |
Bosko Milekic <bmilekic@FreeBSD.org> |
Plug several mbuf leaks in error cases (in nd6) Submitted by: jhay
|
#
10b1fde0 |
|
18-Feb-2001 |
Mark Murray <markm@FreeBSD.org> |
Insert entropy harvesting calls for network traffic. By default, no entropy will be harvested.
|
#
7e1cd0d2 |
|
09-Feb-2001 |
Luigi Rizzo <luigi@FreeBSD.org> |
Sync with the bridge/dummynet/ipfw code already tested in stable. In ip_fw.[ch] change a couple of variable and field names to avoid having types, variables and fields with the same name.
|
#
cb24f323 |
|
08-Feb-2001 |
Archie Cobbs <archie@FreeBSD.org> |
When we receive an incoming Ethernet frame that was unicast to a different hardware address, we should drop it (this should only happen in promiscuous mode). Relocate the code for this check from before ng_ether(4) processing to after ng_ether(4) processing. Also fix a compiler warning. PR: kern/24465
|
#
507b4b54 |
|
01-Feb-2001 |
Luigi Rizzo <luigi@FreeBSD.org> |
MFS: bridge/ipfw/dummynet fixes (bridge.c will be committed separately)
|
#
02a282ac |
|
25-Jan-2001 |
Luigi Rizzo <luigi@FreeBSD.org> |
Comment the interface to ether_input() and the way is normally used by most ethernet drivers.
|
#
2a0c503e |
|
21-Dec-2000 |
Bosko Milekic <bmilekic@FreeBSD.org> |
* Rename M_WAIT mbuf subsystem flag to M_TRYWAIT. This is because calls with M_WAIT (now M_TRYWAIT) may not wait forever when nothing is available for allocation, and may end up returning NULL. Hopefully we now communicate more of the right thing to developers and make it very clear that it's necessary to check whether calls with M_(TRY)WAIT also resulted in a failed allocation. M_TRYWAIT basically means "try harder, block if necessary, but don't necessarily wait forever." The time spent blocking is tunable with the kern.ipc.mbuf_wait sysctl. M_WAIT is now deprecated but still defined for the next little while. * Fix a typo in a comment in mbuf.h * Fix some code that was actually passing the mbuf subsystem's M_WAIT to malloc(). Made it pass M_WAITOK instead. If we were ever to redefine the value of the M_WAIT flag, this could have became a big problem.
|
#
4851f97c |
|
25-Nov-2000 |
Jonathan Lemon <jlemon@FreeBSD.org> |
Remove unused variable, spl() manipulation isn't done for the ifq now.
|
#
df5e1987 |
|
25-Nov-2000 |
Jonathan Lemon <jlemon@FreeBSD.org> |
Lock down the network interface queues. The queue mutex must be obtained before adding/removing packets from the queue. Also, the if_obytes and if_omcasts fields should only be manipulated under protection of the mutex. IF_ENQUEUE, IF_PREPEND, and IF_DEQUEUE perform all necessary locking on the queue. An IF_LOCK macro is provided, as well as the old (mutex-less) versions of the macros in the form _IF_ENQUEUE, _IF_QFULL, for code which needs them, but their use is discouraged. Two new macros are introduced: IF_DRAIN() to drain a queue, and IF_HANDOFF, which takes care of locking/enqueue, and also statistics updating/start if necessary.
|
#
2a7e8ece |
|
30-Sep-2000 |
Boris Popov <bp@FreeBSD.org> |
Properly setup link level header length for 802.2 and SNAP frames.
|
#
ddacb30f |
|
23-Sep-2000 |
Bosko Milekic <bmilekic@FreeBSD.org> |
Get rid of a panic that occurs in ether_demux() by dereferencing a NULL mbuf pointer, when bridging and bridge_ipfw are enabled, and when bdg_forward() happens to free the packet and make our pointer NULL. There may be more similar problems like this one with calls to bdg_forward(). PR: Related to kern/19551 Reviewed by: jlemon
|
#
82902fa3 |
|
28-Jul-2000 |
Nick Sayer <nsayer@FreeBSD.org> |
Make the bridge_refresh operation automatic when ethernet interfaces are attached or detached.
|
#
21b8ebd9 |
|
13-Jul-2000 |
Archie Cobbs <archie@FreeBSD.org> |
Make all Ethernet drivers attach using ether_ifattach() and detach using ether_ifdetach(). The former consolidates the operations of if_attach(), ng_ether_attach(), and bpfattach(). The latter consolidates the corresponding detach operations. Reviewed by: julian, freebsd-net
|
#
595b8a1c |
|
09-Jul-2000 |
Jun-ichiro itojun Hagino <itojun@FreeBSD.org> |
repair IPV6_JOIN_GROUP to IPv6 all multi. From: ume
|
#
686cdd19 |
|
04-Jul-2000 |
Jun-ichiro itojun Hagino <itojun@FreeBSD.org> |
sync with kame tree as of july00. tons of bug fixes/improvements. API changes: - additional IPv6 ioctls - IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8). (also syntax change)
|
#
6ec86086 |
|
29-Jun-2000 |
Archie Cobbs <archie@FreeBSD.org> |
Fix kernel build breakage when 'device ether' was not included.
|
#
e1e1452d |
|
26-Jun-2000 |
Archie Cobbs <archie@FreeBSD.org> |
Make the ng_ether(4) node type dynamically loadable like the rest. This means 'options NETGRAPH' is no longer necessary in order to get netgraph-enabled Ethernet interfaces. This supports loading/unloading the ng_ether.ko and attaching/detaching the Ethernet interface in any order. Add two new hooks 'upper' and 'lower' to allow access to the protocol demux engine and the raw device, respectively. This enables bridging to be defined as a netgraph node, if so desired. Reviewed by: freebsd-net@freebsd.org
|
#
425f741b |
|
13-Jun-2000 |
Boris Popov <bp@FreeBSD.org> |
Do not perform any opeartion with mbuf after it placed into interface queue. Tested by: Bosko Milekic <bmilekic@dsuper.net>
|
#
06a429a3 |
|
24-May-2000 |
Archie Cobbs <archie@FreeBSD.org> |
Just need to pass the address family to if_simloop(), not the whole sockaddr.
|
#
2e2de7f2 |
|
13-May-2000 |
Archie Cobbs <archie@FreeBSD.org> |
Move code to handle BPF and bridging for incoming Ethernet packets out of the individual drivers and into the common routine ether_input(). Also, remove the (incomplete) hack for matching ethernet headers in the ip_fw code. The good news: net result of 1016 lines removed, and this should make bridging now work with *all* Ethernet drivers. The bad news: it's nearly impossible to test every driver, especially for bridging, and I was unable to get much testing help on the mailing lists. Reviewed by: freebsd-net
|
#
0beebe3a |
|
28-Apr-2000 |
Julian Elischer <julian@FreeBSD.org> |
OOps forgot to check in this one... API chage for netgraph.
|
#
5accfb8c |
|
27-Apr-2000 |
Boris Popov <bp@FreeBSD.org> |
Fix support for 802.2 and SNAP frames. Bug was introduced during initial import. Tested by: Jorge P Vasquez <jorge@acron.ind.br>
|
#
242c5536 |
|
12-Feb-2000 |
Peter Wemm <peter@FreeBSD.org> |
Clean up some loose ends in the network code, including the X.25 and ISO #ifdefs. Clean out unused netisr's and leftover netisr linker set gunk. Tested on x86 and alpha, including world. Approved by: jkh
|
#
d25f3712 |
|
18-Dec-1999 |
Brian Feldman <green@FreeBSD.org> |
M_PREPEND-related cleanups (unregisterifying struct mbuf *s).
|
#
4f93599f |
|
13-Dec-1999 |
Boris Popov <bp@FreeBSD.org> |
Bring up an if_ef driver which allows support for four ethernet frame types. Currently it supports only IPX protocol and doesn't affect existing functionality when not loaded. Reviewed by: Ollivier Robert <roberto@keltia.freenix.fr>
|
#
cfa1ca9d |
|
07-Dec-1999 |
Yoshinobu Inoue <shin@FreeBSD.org> |
udp IPv6 support, IPv6/IPv4 tunneling support in kernel, packet divert at kernel for IPv6/IPv4 translater daemon This includes queue related patch submitted by jburkhol@home.com. Submitted by: queue related patch from jburkhol@home.com Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project
|
#
f8307e12 |
|
29-Nov-1999 |
Archie Cobbs <archie@FreeBSD.org> |
Add two new generic control messages, NGM_ASCII2BINARY and NGM_BINARY2ASCII, which convert control messages to ASCII and back. This allows control messages to be sent and received in ASCII form using ngctl(8), which makes ngctl a lot more useful. This also allows all the type-specific debugging code in libnetgraph to go away -- instead, we just ask the node itself to do the ASCII translation for us. Currently, all generic control messages are supported, as well as messages associated with the following node types: async, cisco, ksocket, and ppp. See /usr/share/examples/netgraph/ngctl for an example of using this. Also give ngctl(8) the ability to print out incoming data and control messages at any time. Eventually nghook(8) may be subsumed. Several other misc. bug fixes. Reviewed by: julian
|
#
82cd038d |
|
21-Nov-1999 |
Yoshinobu Inoue <shin@FreeBSD.org> |
KAME netinet6 basic part(no IPsec,no V6 Multicast Forwarding, no UDP/TCP for IPv6 yet) With this patch, you can assigne IPv6 addr automatically, and can reply to IPv6 ping. Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project
|
#
ecf33d87 |
|
14-Nov-1999 |
Julian Elischer <julian@FreeBSD.org> |
YUCK! m_prepend doesn't fix m_pkthdr.len, use M_PREPEND instead, which does.. (Netgraph only)
|
#
2b75f795 |
|
14-Nov-1999 |
Julian Elischer <julian@FreeBSD.org> |
Fix screwup on synthesising incoming ethernet header in Netgraph mode. Submitted by: brian@freebsd.org
|
#
e03b02a3 |
|
11-Nov-1999 |
Julian Elischer <julian@FreeBSD.org> |
Oops forgot to put the source MAC address on outgoing packets!
|
#
ae5a83bc |
|
01-Nov-1999 |
Julian Elischer <julian@FreeBSD.org> |
Use typedefs for node methods.
|
#
021823c3 |
|
26-Oct-1999 |
Julian Elischer <julian@FreeBSD.org> |
Minor hack in the netgraph interface to ethernets.
|
#
4cf49a43 |
|
21-Oct-1999 |
Julian Elischer <julian@FreeBSD.org> |
Whistle's Netgraph link-layer (sometimes more) networking infrastructure. Been in production for 3 years now. Gives Instant Frame relay to if_sr and if_ar drivers, and PPPOE support soon. See: ftp://ftp.whistle.com/pub/archie/netgraph/index.html for on-line manual pages. Reviewed by: Doug Rabson (dfr@freebsd.org) Obtained from: Whistle CVS tree
|
#
114ae644 |
|
14-Oct-1999 |
Mike Smith <msmith@FreeBSD.org> |
Implement pseudo_AF_HDRCMPLT, which controls the state of the 'header completion' flag. If set, the interface output routine will assume that the packet already has a valid link-level source address. This defaults to off (the address is overwritten) PR: kern/10680 Submitted by: "Christopher N . Harrell" <cnh@mindspring.net> Obtained from: NetBSD
|
#
c3aac50f |
|
27-Aug-1999 |
Peter Wemm <peter@FreeBSD.org> |
$Id$ -> $FreeBSD$
|
#
ce02431f |
|
16-Feb-1999 |
Doug Rabson <dfr@FreeBSD.org> |
* Change sysctl from using linker_set to construct its tree using SLISTs. This makes it possible to change the sysctl tree at runtime. * Change KLD to find and register any sysctl nodes contained in the loaded file and to unregister them when the file is unloaded. Reviewed by: Archie Cobbs <archie@whistle.com>, Peter Wemm <peter@netplex.com.au> (well they looked at it anyway)
|
#
4c8e8c05 |
|
31-Jan-1999 |
Julian Elischer <julian@FreeBSD.org> |
Slight cleanups. There were 2 ways of getting the arpcom from the ifp. Both equally bogus. Make it a macro so that we can pretend it's not bogus and maybe make it less so some time in the future.
|
#
1db59ce6 |
|
11-Jan-1999 |
Eivind Eklund <eivind@FreeBSD.org> |
Remove unused variable & clean up a couple of style issues.
|
#
fb5fbe46 |
|
14-Dec-1998 |
Luigi Rizzo <luigi@FreeBSD.org> |
Bridging support. Wait for LINT to be updated before trying it.
|
#
84dd0fd0 |
|
04-Aug-1998 |
Julian Elischer <julian@FreeBSD.org> |
fix broken loopback code for ddp (again) Submitted by: Stefan Bethke <stb@hanse.de>
|
#
201c2527 |
|
14-Jun-1998 |
Julian Elischer <julian@FreeBSD.org> |
Try narrow down the culprit sending undefined packet types through the loopback
|
#
9d3f194d |
|
12-Jun-1998 |
Julian Elischer <julian@FreeBSD.org> |
Allow a protocol to specify that it does NOT want to be looped back even if it looks like it should (backwards compatibility with old broken code) should get rid of some annoying messags.
|
#
ed7509ac |
|
11-Jun-1998 |
Julian Elischer <julian@FreeBSD.org> |
Go through the loopback code with a broom.. Remove lots'o'hacks. looutput is now static. Other callers who want to use loopback to allow shortcutting should call the special entrypoint for this, if_simloop(), which is specifically designed for this purpose. Using looutput for this purpose was problematic, particularly with bpf and trying to keep track of whether one should be using the charateristics of the loopback interface or the interface (e.g. if_ethersubr.c) that was requesting the loopback. There was a whole class of errors due to this mis-use each of which had hacks to cover them up. Consists largly of hack removal :-)
|
#
1f91d8c5 |
|
19-May-1998 |
David Greenman <dg@FreeBSD.org> |
Added fast IP forwarding code by Matt Thomas <matt@3am-software.com> via NetBSD, ported to FreeBSD by Pierre Beyssac <pb@fasterix.freenix.org> and minorly tweaked by me. This is a standard part of FreeBSD, but must be enabled with: "sysctl -w net.inet.ip.fastforwarding=1" ...and of course forwarding must also be enabled. This should probably be modified to use the zone allocator for speed and space efficiency. The current algorithm also appears to lose if the number of active paths exceeds IPFLOW_MAX (256), in which case it wastes lots of time trying to figure out which cache entry to drop.
|
#
227ee8a1 |
|
30-Mar-1998 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Eradicate the variable "time" from the kernel, using various measures. "time" wasn't a atomic variable, so splfoo() protection were needed around any access to it, unless you just wanted the seconds part. Most uses of time.tv_sec now uses the new variable time_second instead. gettime() changed to getmicrotime(0. Remove a couple of unneeded splfoo() protections, the new getmicrotime() is atomic, (until Bruce sets a breakpoint in it). A couple of places needed random data, so use read_random() instead of mucking about with time which isn't random. Add a new nfs_curusec() function. Mark a couple of bogosities involving the now disappeard time variable. Update ffs_update() to avoid the weird "== &time" checks, by fixing the one remaining call that passwd &time as args. Change profiling in ncr.c to use ticks instead of time. Resolution is the same. Add new function "tvtohz()" to avoid the bogus "splfoo(), add time, call hzto() which subtracts time" sequences. Reviewed by: bde
|
#
2cc2df49 |
|
17-Mar-1998 |
Garrett Wollman <wollman@FreeBSD.org> |
Add preliminary support for IEEE 802.1Q VLAN tagging. It doesn't actually work reliably yet (I've had panics), but it does seem to occasionally be able to transmit and receive syntactically-correct packets. Also fixes one of if_ethersubr.c's legion style bugs, and removes the hostcache code from standard kernels---the code that depends on it is not going to happen any time soon, I'm afraid.
|
#
39e4376b |
|
20-Feb-1998 |
Bruce Evans <bde@FreeBSD.org> |
Removed unused #includes.
|
#
3f2076da |
|
31-Jan-1998 |
Eivind Eklund <eivind@FreeBSD.org> |
Make the debug options new-style. This also zaps a DPT option from lint; it wasn't referenced from anywhere.
|
#
7262d3e4 |
|
08-Jan-1998 |
Eivind Eklund <eivind@FreeBSD.org> |
NETATALK -> opt_atalk.h
|
#
1d5e9e22 |
|
08-Jan-1998 |
Eivind Eklund <eivind@FreeBSD.org> |
Make INET a proper option. This will not make any of object files that LINT create change; there might be differences with INET disabled, but hardly anything compiled before without INET anyway. Now the 'obvious' things will give a proper error if compiled without inet - ipx_ip, ipfw, tcp_debug. The only thing that _should_ work (but can't be made to compile reasonably easily) is sppp :-( This commit move struct arpcom from <netinet/if_ether.h> to <net/if_arp.h>.
|
#
c5a1016b |
|
19-Dec-1997 |
Bruce Evans <bde@FreeBSD.org> |
Fixed gratuitous ANSIisms.
|
#
430df5f4 |
|
15-Dec-1997 |
Eivind Eklund <eivind@FreeBSD.org> |
Throw options IPX, IPXIP and IPTUNNEL into opt_ipx.h. The #ifdef IPXIP in netipx/ipx_if.h is OK (used from ipx_usrreq.c and ifconfig.c only). I also fixed a typo IPXTUNNEL -> IPTUNNEL (and #ifdef'ed out the code inside, as it never could have compiled - doh.)
|
#
4a11ca4e |
|
07-Nov-1997 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Remove a bunch of variables which were unused both in GENERIC and LINT. Found by: -Wunused
|
#
1d0eab59 |
|
28-Oct-1997 |
Julian Elischer <julian@FreeBSD.org> |
Fix various problems with netatalk kernel support. Some of these changes are a bit rough and will become more polished later. the changes to if_ethersubr should largely be moved to within the appletalk code, but that will happen later. A few of these were related to network-byteorder problems, and more were related to loopback failures.
|
#
55b211e3 |
|
28-Oct-1997 |
Bruce Evans <bde@FreeBSD.org> |
Removed unused #includes.
|
#
7f33a738 |
|
15-Jul-1997 |
Julian Elischer <julian@FreeBSD.org> |
Finally track down the reason for some of my occasional kernel crashes. Route(1) has a bug that sends a bad message to the kernel. The kernel trusts it and crashes. Add some sanity checks so that we don't trust the user quite as much any more. (also add a comment in if_ethersubr.c)
|
#
b1c9d77e |
|
10-May-1997 |
John Hay <jhay@FreeBSD.org> |
Use the MAC address of an interface for the host part of an IPX address and not the MAC address of the first interface for every IPX address. This is more inline with the way others like Novell do it. Originally Submitted by: "Serge A. Babkin" <babkin@hq.icb.chel.su>
|
#
51a53488 |
|
24-Mar-1997 |
Bruce Evans <bde@FreeBSD.org> |
Don't include <sys/ioctl.h> in the kernel. Stage 2: include <sys/sockio.h> instead of <sys/ioctl.h> in network files.
|
#
6875d254 |
|
22-Feb-1997 |
Peter Wemm <peter@FreeBSD.org> |
Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not ready for it yet.
|
#
1130b656 |
|
14-Jan-1997 |
Jordan K. Hubbard <jkh@FreeBSD.org> |
Make the long-awaited change from $Id$ to $FreeBSD$ This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
|
#
477180fb |
|
13-Jan-1997 |
Garrett Wollman <wollman@FreeBSD.org> |
Use the new if_multiaddrs list for multicast addresses rather than the previous hackery involving struct in_ifaddr and arpcom. Get rid of the abominable multi_kludge. Update all network interfaces to use the new machanism. Distressingly few Ethernet drivers program the multicast filter properly (assuming the hardware has one, which it usually does).
|
#
1158dfb7 |
|
07-Jan-1997 |
Garrett Wollman <wollman@FreeBSD.org> |
Checkpoint the beginnings of the new kernel interface for multicast group memberships. This is not actually operative at the moment (a lot of other code still needs to be changed), but this seemed like a useful reference point to check in so that others (i.e. Bill Fenner) have fair warning of where we are going.
|
#
59562606 |
|
13-Dec-1996 |
Garrett Wollman <wollman@FreeBSD.org> |
Convert the interface address and IP interface address structures to TAILQs. Fix places which referenced these for no good reason that I can see (the references remain, but were fixed to compile again; they are still questionable).
|
#
fb583156 |
|
10-Dec-1996 |
David Greenman <dg@FreeBSD.org> |
1) Implement SIOCSIFMTU in ether_ioctl(), and change ether_ioctl's return type to be int so that errors can be returned. 2) Use the new SIOCSIFMTU ether_ioctl support in the few drivers that are using ether_ioctl(). 3) In if_fxp.c: treat if_bpf as a token, not as a pointer. Don't bother testing for FXP_NTXSEG being reached in fxp_start()...just check for non-NULL 'm'. Change fxp_ioctl() to use ether_ioctl().
|
#
5b73c186 |
|
17-Nov-1996 |
David Greenman <dg@FreeBSD.org> |
Fixed broken SIOCGIFADDR. It was copying out garbage as the ethernet address.
|
#
d0ec898d |
|
18-Oct-1996 |
Jordan K. Hubbard <jkh@FreeBSD.org> |
ns_nettype should be declared, not externed.
|
#
88e038fe |
|
17-Oct-1996 |
Jordan K. Hubbard <jkh@FreeBSD.org> |
Netcon's changes for their extended NS support. This only effects people compiling with NS, so the effects on everyone else are nil.
|
#
88e1602b |
|
05-Aug-1996 |
Poul-Henning Kamp <phk@FreeBSD.org> |
use <net/ethernet.h>
|
#
86101139 |
|
04-Aug-1996 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Make the NS and IPX cases compile again.
|
#
30106f6a |
|
04-Aug-1996 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Add a callback pointer to the interfaces "init" routine. Add ether_ioctl() which can take care of the SIOC[SG]IFADDR cases for most (ethernet) drivers.
|
#
8e3bda06 |
|
18-Jun-1996 |
Julian Elischer <julian@FreeBSD.org> |
Submitted by: archie@whistle.com gary went a little overboard on commenting out unused variables. Variables needed for ISO, LLC and NETATALK were only enabled for ISO & LLC.. so NETATALK bombed.
|
#
34bed8b0 |
|
12-Jun-1996 |
David Greenman <dg@FreeBSD.org> |
Keep ether_type in network order for BPF to be consistent with other systems. Submitted by: Ted Lemon, Matt Thomas, and others. Retrofitted for -current by me.
|
#
c23670e2 |
|
11-Jun-1996 |
Gary Palmer <gpalmer@FreeBSD.org> |
Clean up -Wunused warnings. Reviewed by: bde
|
#
e39a0280 |
|
10-Jun-1996 |
Gary Palmer <gpalmer@FreeBSD.org> |
Change the use if ifnet.if_lastchange to be more in line with SNMP requirements. Update description of ifnet.if_lastchange in if.h to indicate this.
|
#
a330e1f1 |
|
01-Jun-1996 |
Gary Palmer <gpalmer@FreeBSD.org> |
Set ifnet.baudrate for ethernet / FDDI interfaces too. Makes SNMP slightly more informative Reviewed by: Garrett Wollman
|
#
655929bf |
|
23-May-1996 |
Julian Elischer <julian@FreeBSD.org> |
Obtained from: netatalk distribution netatalk@itd.umich.edu Kernel Appletalk protocol support both CAP and netatalk can make use of this.. still needs some owrk but it seemd the right tiime to commit it so other can experiment.
|
#
6ffde942 |
|
07-Apr-1996 |
Bruce Evans <bde@FreeBSD.org> |
Removed never-used #includes of <machine/cpu.h>. Many were apparently copied from bad examples.
|
#
1ce9bf88 |
|
24-Jan-1996 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Use new printf features rather than local kludges.
|
#
602d513c |
|
20-Dec-1995 |
Garrett Wollman <wollman@FreeBSD.org> |
in_proto.c: spell ``Internet'' right and put whitespace after commas. others: start to populate the link-layer branch of the net mib, by moving ARP to its proper place. (ARP is not a protocol family, it's an interface layer between a medium-access layer and a protocol family.) sysctl(8) needs to be taught about the structure of this branch, unless Poul-Henning implements dynamic MIB exploration soon.
|
#
3bda9f9b |
|
09-Dec-1995 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Staticize, clean lint.
|
#
a98ca469 |
|
29-Oct-1995 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Second batch of cleanup changes. This time mostly making a lot of things static and some unused variables here and there.
|
#
cc6a66f2 |
|
26-Oct-1995 |
Julian Elischer <julian@FreeBSD.org> |
Reviewed by: julian and jhay@mikom.csir.co.za Submitted by: Mike Mitchell, supervisor@alb.asctmd.com This is a bulk mport of Mike's IPX/SPX protocol stacks and all the related gunf that goes with it.. it is not guaranteed to work 100% correctly at this time but as we had several people trying to work on it I figured it would be better to get it checked in so they could all get teh same thing to work on.. Mikes been using it for a year or so but on 2.0 more changes and stuff will be merged in from other developers now that this is in. Mike Mitchell, Network Engineer AMTECH Systems Corporation, Technology and Manufacturing 8600 Jefferson Street, Albuquerque, New Mexico 87113 (505) 856-8000 supervisor@alb.asctmd.com
|
#
d3628763 |
|
11-Jun-1995 |
Rodney W. Grimes <rgrimes@FreeBSD.org> |
Merge RELENG_2_0_5 into HEAD
|
#
9b2e5354 |
|
30-May-1995 |
Rodney W. Grimes <rgrimes@FreeBSD.org> |
Remove trailing whitespace.
|
#
94a5d9b6 |
|
09-May-1995 |
David Greenman <dg@FreeBSD.org> |
Replaced some bcopy()'s with memcpy()'s so that gcc while inline/optimize.
|
#
b5e8ce9f |
|
16-Mar-1995 |
Bruce Evans <bde@FreeBSD.org> |
Add and move declarations to fix all of the warnings from `gcc -Wimplicit' (except in netccitt, netiso and netns) and most of the warnings from `gcc -Wnested-externs'. Fix all the bugs found. There were no serious ones.
|
#
995add1a |
|
13-Dec-1994 |
Garrett Wollman <wollman@FreeBSD.org> |
Add support for two separate cloning flags, one set by the lower layers, and one set by the protocol family. Also add another parameter to rtalloc1() to allow for any interface flags to be ignored; currently this is only useful for RTF_PRCLONING. Get rid of rt_prflags and re-unite with rt_flags. Add T/TCP ``route metrics''. NB: YOU MUST RECOMPILE `route' AND OTHER RELATED PROGRAMS AS A RESULT OF THIS CHANGE. This also adds a new interface parameter, `ifi_physical', which will eventually replace IFF_ALTPHYS as the mechanism for specifying the particular physical connection desired on a multiple-connection card. NB: YOU MUST RECOMPILE `ifconfig' AND OTHER RELATED PROGRAMS AS A RESULT OF THIS CHANGE.
|
#
307d80be |
|
24-Nov-1994 |
David Greenman <dg@FreeBSD.org> |
Moved conversion of ether_type to host byte order out of ethernet drivers and into ether_input(). It was silly to have bpf want this one way and ether_input want it another way. Ripped out trailer support from the few remaining drivers that still had it.
|
#
5df72964 |
|
11-Oct-1994 |
Garrett Wollman <wollman@FreeBSD.org> |
Fix a bug which caused panics when attempting to change just the flags of a route. (This still doesn't work, but it doesn't panic now.) It looks like there may be a number of incipient bugs in this code. Also, get ready for the time when all IP gateway routes are cloning, which is necessary to keep proper TCP statistics.
|
#
3c4dd356 |
|
02-Aug-1994 |
David Greenman <dg@FreeBSD.org> |
Added $Id$
|
#
df8bae1d |
|
24-May-1994 |
Rodney W. Grimes <rgrimes@FreeBSD.org> |
BSD 4.4 Lite Kernel Sources
|