#
0bc82e4f |
|
12-Dec-2023 |
Kristof Provost <kp@FreeBSD.org> |
ip_mroute: allow MRT_DEL_MFC even if there are pending upcalls In del_mfc() we try to find the forwarding entry, but that fails to find the entry if mfc_stall_ring is not empty. We should find the entry anyway, and destroy it (and any pending messages) on delete. Reviewed by: glebius Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D43031
|
#
29363fb4 |
|
23-Nov-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Remove ancient SCCS tags. Remove ancient SCCS tags from the tree, automated scripting, with two minor fixup to keep things compiling. All the common forms in the tree were removed with a perl script. Sponsored by: Netflix
|
#
b01cad6d |
|
22-Nov-2023 |
Kristof Provost <kp@FreeBSD.org> |
ip_mroute: handle V_mfchashtbl allocation failure We allocate V_mfchashtbl with HASH_NOWAIT (which maps to M_NOWAIT), so this allocation may fail. As we didn't handle that failure we could end up dereferencing a NULL pointer later (e.g. during X_ip_mrouter_done()). Do the obvious thing and fail out if we cannot allocate the table. See also: https://redmine.pfsense.org/issues/14917 Sponsored by: Rubicon Communications, LLC ("Netgate")
|
#
f549e229 |
|
27-Sep-2023 |
Zhenlei Huang <zlei@FreeBSD.org> |
ip_mroute: Fix sysctl knobs The loader tunable `net.inet.ip.mfchashsize` does not have corresponding sysctl MIB entry. Just add it. While here, the sysctl variable `net.inet.pim.squelch_wholepkt` is actually a loader tunable. Add sysctl flag CTLFLAG_TUN to it so that `sysctl -T` will report it correctly. Reviewed by: kp Fixes: 443fc3176dee Introduce a number of changes to the MROUTING code MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D41997
|
#
685dc743 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Remove $FreeBSD$: one-line .c pattern Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
#
680ad06f |
|
27-Jul-2023 |
Kristof Provost <kp@FreeBSD.org> |
mroute: avoid calling if_allmulti with the lock held Avoid locking issues when if_allmulti() calls the driver's if_ioctl, because that may acquire sleepable locks (while we hold a non-sleepable rwlock). Fortunately there's no pressing need to hold the mroute lock while we do this, so we can postpone the call slightly, until after we've released the lock. This avoids the following WITNESS warning (with iflib drivers): lock order reversal: (sleepable after non-sleepable) 1st 0xffffffff82f64960 IPv4 multicast forwarding (IPv4 multicast forwarding, rw) @ /usr/src/sys/netinet/ip_mroute.c:1050 2nd 0xfffff8000480f180 iflib ctx lock (iflib ctx lock, sx) @ /usr/src/sys/net/iflib.c:4525 lock order IPv4 multicast forwarding -> iflib ctx lock attempted at: #0 0xffffffff80bbd6ce at witness_checkorder+0xbbe #1 0xffffffff80b56d10 at _sx_xlock+0x60 #2 0xffffffff80c9ce5c at iflib_if_ioctl+0x2dc #3 0xffffffff80c7c395 at if_setflag+0xe5 #4 0xffffffff82f60a0e at del_vif_locked+0x9e #5 0xffffffff82f5f0d5 at X_ip_mrouter_set+0x265 #6 0xffffffff80bfd402 at sosetopt+0xc2 #7 0xffffffff80c02105 at kern_setsockopt+0xa5 #8 0xffffffff80c02054 at sys_setsockopt+0x24 #9 0xffffffff81046be8 at amd64_syscall+0x138 #10 0xffffffff8101930b at fast_syscall_common+0xf8 See also: https://redmine.pfsense.org/issues/12079 Reviewed by: mjg Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D41209
|
#
b658c0fc |
|
22-Apr-2023 |
Zhenlei Huang <zlei@FreeBSD.org> |
ip_mroute: Delete unreachable code As the flag M_WAITOK is passed to ip_encap_attach(), then the function will never return NULL, and the following code within NULL check branch will be unreachable. No functional change intended. Reviewed by: kp Fixes: 6d8fdfa9d5e7d Rework IP encapsulation handling code MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D39746
|
#
3a01a97d |
|
16-Feb-2023 |
Mateusz Guzik <mjg@FreeBSD.org> |
mroute: partially sanitize the file There is rampant inconsistent formatting all around, make it mostly style(9)-conformant. While here: - drop malloc casts - rename a rw lock from mroute_mtx to mroute_lock - replace NOTREACHED comment with __assert_unreachable Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D38652
|
#
3d0d5b21 |
|
23-Jan-2023 |
Justin Hibbits <jhibbits@FreeBSD.org> |
IfAPI: Explicitly include <net/if_private.h> in netstack Summary: In preparation of making if_t completely opaque outside of the netstack, explicitly include the header. <net/if_var.h> will stop including the header in the future. Sponsored by: Juniper Networks, Inc. Reviewed by: glebius, melifaro Differential Revision: https://reviews.freebsd.org/D38200
|
#
74ed2e8a |
|
02-Sep-2022 |
Gleb Smirnoff <glebius@FreeBSD.org> |
raw ip: fix regression with multicast and RSVP With 61f7427f02a raw sockets protosw has wildcard pr_protocol. Protocol of a specific pcb is stored in inp_ip_p. Reviewed by: karels Reported by: karels Differential revision: https://reviews.freebsd.org/D36429 Fixes: 61f7427f02a307d28af674a12c45dd546e3898e4
|
#
6ca0ca7b |
|
08-Apr-2022 |
Mike Karels <karels@FreeBSD.org> |
IPv4 multicast: fix LOR in shutdown path X_ip_mrouter_done() was calling the interface ioctl routines via if_allmulti() while holding a write lock. However, some interface ioctl routines, including em/iflib and tap, use sxlocks, which are not permitted while holding a non-sleepable lock, and this elicits a warning from WITNESS. Fix the locking issue by recording the affected interface pointers in a malloc'ed array, and call if_allmulti() on each after dropping the rwlock. Reviewed by: bz Differential Revision: https://reviews.freebsd.org/D34845
|
#
04cd74b4 |
|
21-Mar-2022 |
Mike Karels <karels@FreeBSD.org> |
IPv4 multicast: fix netstat -g The vif structure includes fields at the end which are #ifdef KERNEL, causing a mismatch between the structure sizes between kernel and user level. netstat -g failed with an ENOMEM on the sysctl to fetch the vif table. Change the vif sysctl code in ip_mroute to copy out only the user-level-visible portion of each table entry. Reviewed by: bz, wma Differential Revision: https://reviews.freebsd.org/D34627
|
#
2cf1e120 |
|
21-Mar-2022 |
Mike Karels <karels@FreeBSD.org> |
Enter epoch when addding IPv4 multicast forwarding cache entry The code path from the IPv4 multicast setsockopt could call ip_output() without entering an epoch. Specifically, the MRT_ADD_MFC setbsocopt would call add_mfc(), which in turn called ip_mdq() to send queued packets. This resulted in an epoch assert failure in ip_output(). Enter an epoch in add_mfc(), and add some epoch asserts to check for similar failures. Reviewed by: kp, bz, wma, cy Differential Revision: https://reviews.freebsd.org/D34624
|
#
cd7306bb |
|
04-Feb-2022 |
Sylvian Meygret <sylvain.meygret.external@stormshield.eu> |
ip_mroute: split mrouter interface deactivation and if_free Move if_free outside MRW_LOCK. This will silence LOR message which might appere during deinitialization.
|
#
77223d98 |
|
25-Jan-2022 |
Wojciech Macek <wma@FreeBSD.org> |
ip_mroute: refactor epoch-basd locking Remove duplicated epoch_enter and epoch_exit in IP inp/outp routines. Remove unnecessary macros as well. Obtained from: Semihalf Spponsored by: Stormshield Reviewed by: glebius Differential revision: https://reviews.freebsd.org/D34030
|
#
0daa2805 |
|
22-Jan-2022 |
Wojciech Macek <wma@FreeBSD.org> |
ip_mroute: add unlock in early-exit Add missing unlock if V_ip_mrotue is not set Obtained from: Semihalf
|
#
9ce46cbc |
|
20-Jan-2022 |
Wojciech Macek <wma@FreeBSD.org> |
ip_mroute: move ip_mrouter_done outside lock X_ip_mrouter_done might sleep, which triggers INVARIANTS to print additional errors on the screen. Move it outside the lock, but provide some basic synchronization to avoid race condition during module uninit/unload. Obtained from: Semihalf Sponsored by: Stormshield
|
#
776c34f6 |
|
10-Jan-2022 |
Wojciech Macek <wma@FreeBSD.org> |
ip_mroute: remove unused variables Sponsored by: Stormshield Obtained from: Semihalf
|
#
68f28dd1 |
|
10-Jan-2022 |
Wojciech Macek <wma@FreeBSD.org> |
ip_mroute: do not sleep when lock is taken Kthread initialization calls uma_alloc which can sleep. Modify the code to use deferred work instead.
|
#
8a727c3d |
|
27-Oct-2021 |
Wojciech Macek <wma@FreeBSD.org> |
mroute: add missing WUNLOCK Add missing WNLOCK as in all other error cases. Reported by: Stormshield Obtained from: Semihalf
|
#
fb385484 |
|
27-Oct-2021 |
Wojciech Macek <wma@FreeBSD.org> |
mroute: fix memory leak Add MFC to linked list to store incoming packets before MCAST JOIN was captured. Sponsored by: Stormshield Obtained from: Semihalf MFC after: 2 weeks
|
#
f61cb12a |
|
11-Aug-2021 |
Wojciech Macek <wma@FreeBSD.org> |
mroute: fix locking issues In some cases the code may fall into deadlock. Avoid calling epoch_wait when W-lock is taken. Sponsored by: Stormshield Obtained from: Semihalf
|
#
7045b160 |
|
28-Jul-2021 |
Roy Marples <roy@marples.name> |
socket: Implement SO_RERROR SO_RERROR indicates that receive buffer overflows should be handled as errors. Historically receive buffer overflows have been ignored and programs could not tell if they missed messages or messages had been truncated because of overflows. Since programs historically do not expect to get receive overflow errors, this behavior is not the default. This is really really important for programs that use route(4) to keep in sync with the system. If we loose a message then we need to reload the full system state, otherwise the behaviour from that point is undefined and can lead to chasing bogus bug reports. Reviewed by: philip (network), kbowling (transport), gbe (manpages) MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D26652
|
#
17ac6d94 |
|
02-Jun-2021 |
Wojciech Macek <wma@FreeBSD.org> |
ip_mroute: initialize vif ifnet properly Use if_alloc to ensure all fields of ifnet are allocated properly Reported by: Damien Deville Sponsored by: Stormshield Obtained from: Semihalf Reviewed by: mw Differential revision: https://reviews.freebsd.org/D30608
|
#
d40cd26a |
|
16-May-2021 |
Wojciech Macek <wma@FreeBSD.org> |
ip_mroute: rework ip_mroute Approved by: mw Obtained from: Semihalf Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D30354 Changes: 1. add spinlock to bw_meter If two contexts read and modify bw_meter values it might happen that these are corrupted. Guard only code fragments which do read-and-modify. Context which only do "reads" are not done inside spinlock block. The only sideffect that can happen is an 1-p;acket outdated value reported back to userspace. 2. replace all locks with a single RWLOCK Multiple locks caused a performance issue in routing hot path, when two of them had to be taken. All locks were replaced with single RWLOCK which makes the hot path able to take only shared access to lock most of the times. All configuration routines have to take exclusive lock (as it was done before) but these operation are very rare compared to packet routing. 3. redesign MFC expire and UPCALL expire Use generic kthread and cv_wait/cv_signal for deferring work. Previously, upcalls could be sent from two contexts which complicated the design. All upcall sending is now done in a kthread which allows hot path to work more efficient in some rare cases. 4. replace mutex-guarded linked list with lock free buf_ring All message and data is now passed over lockless buf_ring. This allowed to remove some heavy locking when linked lists were used.
|
#
eedbbec3 |
|
21-May-2021 |
Wojciech Macek <wma@FreeBSD.org> |
ip_mroute: remove unused declarations fix build for non-x86 targets
|
#
741afc62 |
|
04-May-2021 |
Wojciech Macek <wma@FreeBSD.org> |
ip_mroute: refactor bw_meter API API should work as following: - periodicaly report Lower-or-EQual bandwidth (LEQ) connections over kernel socket, if user application registered for such per-flow notifications - report Grater-or-EQual (GEQ) bandwidth as soon as it reaches specified value in configured time window Custom implementation of callouts was removed. There is no point of doing calout-wheel here as generic callouts are doing exactly the same. The performance is not critical for such reporting, so the biggest concern should be to have a code which can be easily maintained. This is ia preparation for locking rework which is highly inefficient. Approved by: mw Sponsored by: Stormshield Obtained from: Semihalf Differential Revision: https://reviews.freebsd.org/D30210
|
#
787845c0 |
|
19-May-2021 |
Wojciech Macek <wma@FreeBSD.org> |
Revert "ip_mroute: refactor bw_meter API" This reverts commit d1cd99b147411b331a9bff659533780ef297ef58.
|
#
d1cd99b1 |
|
04-May-2021 |
Wojciech Macek <wma@FreeBSD.org> |
ip_mroute: refactor bw_meter API API should work as following: - periodicaly report Lower-or-EQual bandwidth (LEQ) connections over kernel socket, if user application registered for such per-flow notifications - report Grater-or-EQual (GEQ) bandwidth as soon as it reaches specified value in configured time window Custom implementation of callouts was removed. There is no point of doing calout-wheel here as generic callouts are doing exactly the same. The performance is not critical for such reporting, so the biggest concern should be to have a code which can be easily maintained. This is ia preparation for locking rework which is highly inefficient. Approved by: mw Sponsored by: Stormshield Obtained from: Semihalf Differential Revision: https://reviews.freebsd.org/D30210
|
#
0b103f72 |
|
23-Apr-2021 |
Wojciech Macek <wma@FreeBSD.org> |
mrouter: do not loopback packets unconditionally Looping back router multicast traffic signifficantly stresses network stack. Add possibility to disable or enable loopbacked based on sysctl value. Reported by: Daniel Deville Reviewed by: mw Differential Revision: https://reviews.freebsd.org/D29947
|
#
65634ae7 |
|
22-Apr-2021 |
Wojciech Macek <wma@FreeBSD.org> |
mroute: fix race condition during mrouter shutting down There is a race condition between V_ip_mrouter de-init and ip_mforward handling. It might happen that mrouted is cleaned up after V_ip_mrouter check and before processing packet in ip_mforward. Use epoch call aproach, similar to IPSec which also handles such case. Reported by: Damien Deville Obtained from: Stormshield Reviewed by: mw Differential Revision: https://reviews.freebsd.org/D29946
|
#
924d1c9a |
|
08-Feb-2021 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Revert "SO_RERROR indicates that receive buffer overflows should be handled as errors." Wrong version of the change was pushed inadvertenly. This reverts commit 4a01b854ca5c2e5124958363b3326708b913af71.
|
#
4a01b854 |
|
07-Feb-2021 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
SO_RERROR indicates that receive buffer overflows should be handled as errors. Historically receive buffer overflows have been ignored and programs could not tell if they missed messages or messages had been truncated because of overflows. Since programs historically do not expect to get receive overflow errors, this behavior is not the default. This is really really important for programs that use route(4) to keep in sync with the system. If we loose a message then we need to reload the full system state, otherwise the behaviour from that point is undefined and can lead to chasing bogus bug reports.
|
#
506512b1 |
|
10-Oct-2020 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
ip_mroute: fix the viftable export sysctl It seems that in r354857 I got more than one thing wrong. Convert the SYSCTL_OPAQUE to a SYSCTL_PROC to properly export the these days allocated and not longer static per-vnet viftable array. This fixes a problem with netstat -g which would show bogus information for the IPv4 Virtual Interface Table. PR: 246626 Reported by: Ozkan KIRIK (ozkan.kirik gmail.com) MFC after: 3 days
|
#
662c1305 |
|
01-Sep-2020 |
Mateusz Guzik <mjg@FreeBSD.org> |
net: clean up empty lines in .c and .h files
|
#
e387af1f |
|
21-Jun-2020 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Rather than zeroing MAXVIFS times size of pointer [r362289] (still better than sizeof pointer before [r354857]), we need to zero MAXVIFS times the size of the struct. All good things come in threes; I hope this is it on this one. PR: 246629, 206583 Reported by: kib MFC after: ASAP
|
#
ce19cceb |
|
17-Jun-2020 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
When converting the static arrays to mallocarray() in r356621 I missed one place where we now need to multiply the size of the struct with the number of entries. This lead to problems when restarting user space daemons, as the cleanup was never properly done, resulting in MRT_ADD_VIF EADDRINUSE. Properly zero all array elements to avoid this problem. PR: 246629, 206583 Reported by: (many) MFC after: 4 days Sponsored by: Rubicon Communications, LLC (d/b/a "Netgate")
|
#
b7b3d237 |
|
17-Jun-2020 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
The call into ifa_ifwithaddr() needs to be epoch protected; ortherwise we'll panic on an assertion. While here, leave a comment that the ifp was never protected and stable (as glebius pointed out) and this needs to be fixed properly. Discovered while working on: PR 246629 Reviewed by: glebius MFC after: 4 days Sponsored by: Rubicon Communications, LLC (d/b/a "Netgate")
|
#
7029da5c |
|
26-Feb-2020 |
Pawel Biernacki <kaktus@FreeBSD.org> |
Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) r357614 added CTLFLAG_NEEDGIANT to make it easier to find nodes that are still not MPSAFE (or already are but aren’t properly marked). Use it in preparation for a general review of all nodes. This is non-functional change that adds annotations to SYSCTL_NODE and SYSCTL_PROC nodes using one of the soon-to-be-required flags. Mark all obvious cases as MPSAFE. All entries that haven't been marked as MPSAFE before are by default marked as NEEDGIANT Approved by: kib (mentor, blanket) Commented by: kib, gallatin, melifaro Differential Revision: https://reviews.freebsd.org/D23718
|
#
481be5de |
|
12-Feb-2020 |
Randall Stewart <rrs@FreeBSD.org> |
White space cleanup -- remove trailing tab's or spaces from any line. Sponsored by: Netflix Inc.
|
#
1a117215 |
|
19-Nov-2019 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Reduce the vnet_set module size of ip_mroute to allow loading as a module. With VIMAGE kernels modules get special treatment as they need to also keep the original values and make copies for each instance. For that a few pages of vnet modspace are provided and the kernel-linker and the VNET framework know how to deal with things. When the modspace is (almost) full, other modules which would overflow the modspace cannot be loaded and kldload will fail. ip_mroute uses a lot of variable space, mostly be four big arrays: set_vnet 0000000000000510 vnet_entry_multicast_register_if set_vnet 0000000000000700 vnet_entry_viftable set_vnet 0000000000002000 vnet_entry_bw_meter_timers set_vnet 0000000000002800 vnet_entry_bw_upcalls Dynamically malloc the three big ones for each instance we need and free them again on vnet teardown (the 4th is an ifnet). That way they only need module space for a single pointer and allow a lot more modules using virtualized variables to be loaded on a VNET kernel. PR: 206583 Reviewed by: hselasky, kp MFC after: 3 weeks Differential Revision: https://reviews.freebsd.org/D22443
|
#
b8a6e03f |
|
07-Oct-2019 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Widen NET_EPOCH coverage. When epoch(9) was introduced to network stack, it was basically dropped in place of existing locking, which was mutexes and rwlocks. For the sake of performance mutex covered areas were as small as possible, so became epoch covered areas. However, epoch doesn't introduce any contention, it just delays memory reclaim. So, there is no point to minimise epoch covered areas in sense of performance. Meanwhile entering/exiting epoch also has non-zero CPU usage, so doing this less often is a win. Not the least is also code maintainability. In the new paradigm we can assume that at any stage of processing a packet, we are inside network epoch. This makes coding both input and output path way easier. On output path we already enter epoch quite early - in the ip_output(), in the ip6_output(). This patch does the same for the input path. All ISR processing, network related callouts, other ways of packet injection to the network stack shall be performed in net_epoch. Any leaf function that walks network configuration now asserts epoch. Tricky part is configuration code paths - ioctls, sysctls. They also call into leaf functions, so some need to be changed. This patch would introduce more epoch recursions (see EPOCH_TRACE) than we had before. They will be cleaned up separately, as several of them aren't trivial. Note, that unlike a lock recursion the epoch recursion is safe and just wastes a bit of resources. Reviewed by: gallatin, hselasky, cy, adrian, kristof Differential Revision: https://reviews.freebsd.org/D19111
|
#
59854ecf |
|
25-Jun-2019 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Convert all IPv4 and IPv6 multicast memberships into using a STAILQ instead of a linear array. The multicast memberships for the inpcb structure are protected by a non-sleepable lock, INP_WLOCK(), which needs to be dropped when calling the underlying possibly sleeping if_ioctl() method. When using a linear array to keep track of multicast memberships, the computed memory location of the multicast filter may suddenly change, due to concurrent insertion or removal of elements in the linear array. This in turn leads to various invalid memory access issues and kernel panics. To avoid this problem, put all multicast memberships on a STAILQ based list. Then the memory location of the IPv4 and IPv6 multicast filters become fixed during their lifetime and use after free and memory leak issues are easier to track, for example by: vmstat -m | grep multi All list manipulation has been factored into inline functions including some macros, to easily allow for a future hash-list implementation, if needed. This patch has been tested by pho@ . Differential Revision: https://reviews.freebsd.org/D20080 Reviewed by: markj @ MFC after: 1 week Sponsored by: Mellanox Technologies
|
#
a68cc388 |
|
08-Jan-2019 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Mechanical cleanup of epoch(9) usage in network stack. - Remove macros that covertly create epoch_tracker on thread stack. Such macros a quite unsafe, e.g. will produce a buggy code if same macro is used in embedded scopes. Explicitly declare epoch_tracker always. - Unmask interface list IFNET_RLOCK_NOSLEEP(), interface address list IF_ADDR_RLOCK() and interface AF specific data IF_AFDATA_RLOCK() read locking macros to what they actually are - the net_epoch. Keeping them as is is very misleading. They all are named FOO_RLOCK(), while they no longer have lock semantics. Now they allow recursion and what's more important they now no longer guarantee protection against their companion WLOCK macros. Note: INP_HASH_RLOCK() has same problems, but not touched by this commit. This is non functional mechanical change. The only functionally changed functions are ni6_addrs() and ni6_store_addrs(), where we no longer enter epoch recursively. Discussed with: jtl, gallatin
|
#
5f901c92 |
|
24-Jul-2018 |
Andrew Turner <andrew@FreeBSD.org> |
Use the new VNET_DEFINE_STATIC macro when we are defining static VNET variables. Reviewed by: bz Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D16147
|
#
6d8fdfa9 |
|
05-Jun-2018 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Rework IP encapsulation handling code. Currently it has several disadvantages: - it uses single mutex to protect internal structures. It is used by data- and control- path, thus there are no parallelism at all. - it uses single list to keep encap handlers for both INET and INET6 families. - struct encaptab keeps unneeded information (src, dst, masks, protosw), that isn't used by code in the source tree. - matches are prioritized and when many tunneling interfaces are registered, encapcheck handler of each interface is invoked for each packet. The search takes O(n) for n interfaces. All this work is done with exclusive lock held. What this patch includes: - the datapath is converted to be lockless using epoch(9) KPI. - struct encaptab now linked using CK_LIST. - all unused fields removed from struct encaptab. Several new fields addedr: min_length is the minimum packet length, that encapsulation handler expects to see; exact_match is maximum number of bits, that can return an encapsulation handler, when it wants to consume a packet. - IPv6 and IPv4 handlers are stored in separate lists; - added new "encap_lookup_t" method, that will be used later. It is targeted to speedup lookup of needed interface, when gif(4)/gre(4) have many interfaces. - the need to use protosw structure is eliminated. The only pr_input method was used from this structure, so I don't see the need to keep using it. - encap_input_t method changed to avoid using mbuf tags to store softc pointer. Now it is passed directly trough encap_input_t method. encap_getarg() funtions is removed. - all sockaddr structures and code that uses them removed. We don't have any code in the tree that uses them. All consumers use encap_attach_func() method, that relies on invoking of encapcheck() to determine the needed handler. - introduced struct encap_config, it contains parameters of encap handler that is going to be registered by encap_attach() function. - encap handlers are stored in lists ordered by exact_match value, thus handlers that need more bits to match will be checked first, and if encapcheck method returns exact_match value, the search will be stopped. - all current consumers changed to use new KPI. Reviewed by: mmacy Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D15617
|
#
4f6c66cc |
|
23-May-2018 |
Matt Macy <mmacy@FreeBSD.org> |
UDP: further performance improvements on tx Cumulative throughput while running 64 netperf -H $DUT -t UDP_STREAM -- -m 1 on a 2x8x2 SKL went from 1.1Mpps to 2.5Mpps Single stream throughput increases from 910kpps to 1.18Mpps Baseline: https://people.freebsd.org/~mmacy/2018.05.11/udpsender2.svg - Protect read access to global ifnet list with epoch https://people.freebsd.org/~mmacy/2018.05.11/udpsender3.svg - Protect short lived ifaddr references with epoch https://people.freebsd.org/~mmacy/2018.05.11/udpsender4.svg - Convert if_afdata read lock path to epoch https://people.freebsd.org/~mmacy/2018.05.11/udpsender5.svg A fix for the inpcbhash contention is pending sufficient time on a canary at LLNW. Reviewed by: gallatin Sponsored by: Limelight Networks Differential Revision: https://reviews.freebsd.org/D15409
|
#
f6960e20 |
|
18-May-2018 |
Matt Macy <mmacy@FreeBSD.org> |
netinet silence warnings
|
#
222daa42 |
|
25-Jan-2018 |
Conrad Meyer <cem@FreeBSD.org> |
style: Remove remaining deprecated MALLOC/FREE macros Mechanically replace uses of MALLOC/FREE with appropriate invocations of malloc(9) / free(9) (a series of sed expressions). Something like: * MALLOC(a, b, ... -> a = malloc(... * FREE( -> free( * free((caddr_t) -> free( No functional change. For now, punt on modifying contrib ipfilter code, leaving a definition of the macro in its KMALLOC(). Reported by: jhb Reviewed by: cy, imp, markj, rmacklem Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D14035
|
#
51369649 |
|
20-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
sys: further adoption of SPDX licensing ID tags. Mainly focus on files that use BSD 3-Clause license. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. Special thanks to Wind River for providing access to "The Duke of Highlander" tool: an older (2014) run over FreeBSD tree was useful as a starting point.
|
#
40769242 |
|
14-Mar-2017 |
Eric van Gyzen <vangyzen@FreeBSD.org> |
Add some ntohl() love to r315277 inet_ntoa() and inet_ntoa_r() take the address in network byte-order. When I removed those calls, I should have replaced them with ntohl() to make the hex addresses slightly less unreadable. Here they are. See r315277 regarding classic blunders. vangyzen: you're deep in "no good deed" territory, it seems --badger Reported by: ian MFC after: 3 days MFC when: I finally get it right Sponsored by: Dell EMC
|
#
47d803ea |
|
14-Mar-2017 |
Eric van Gyzen <vangyzen@FreeBSD.org> |
KTR: log IPv4 addresses in hex rather than dotted-quad When I made the changes in r313821, I fell victim to one of the classic blunders, the most famous of which is: never get involved in a land war in Asia. But only slightly less well known is this: Keep your brain turned on and engaged when making a tedious, sweeping, mechanical change. KTR can correctly log the immediate integral values passed to it, as well as constant strings, but not non-constant strings, since they might change by the time ktrdump retrieves them. Reported by: glebius MFC after: 3 days Sponsored by: Dell EMC
|
#
fbbd9655 |
|
28-Feb-2017 |
Warner Losh <imp@FreeBSD.org> |
Renumber copyright clause 4 Renumber cluase 4 to 3, per what everybody else did when BSD granted them permission to remove clause 3. My insistance on keeping the same numbering for legal reasons is too pedantic, so give up on that point. Submitted by: Jan Schaumann <jschauma@stevens.edu> Pull Request: https://github.com/freebsd/freebsd/pull/96
|
#
8144690a |
|
16-Feb-2017 |
Eric van Gyzen <vangyzen@FreeBSD.org> |
Use inet_ntoa_r() instead of inet_ntoa() throughout the kernel inet_ntoa() cannot be used safely in a multithreaded environment because it uses a static local buffer. Instead, use inet_ntoa_r() with a buffer on the caller's stack. Suggested by: glebius, emaste Reviewed by: gnn MFC after: 2 weeks Sponsored by: Dell EMC Differential Revision: https://reviews.freebsd.org/D9625
|
#
c3bef61e |
|
15-Sep-2016 |
Kevin Lo <kevlo@FreeBSD.org> |
Remove the 4.3BSD compatible macro m_copy(), use m_copym() instead. Reviewed by: gnn Differential Revision: https://reviews.freebsd.org/D7878
|
#
89856f7e |
|
21-Jun-2016 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Get closer to a VIMAGE network stack teardown from top to bottom rather than removing the network interfaces first. This change is rather larger and convoluted as the ordering requirements cannot be separated. Move the pfil(9) framework to SI_SUB_PROTO_PFIL, move Firewalls and related modules to their own SI_SUB_PROTO_FIREWALL. Move initialization of "physical" interfaces to SI_SUB_DRIVERS, move virtual (cloned) interfaces to SI_SUB_PSEUDO. Move Multicast to SI_SUB_PROTO_MC. Re-work parts of multicast initialisation and teardown, not taking the huge amount of memory into account if used as a module yet. For interface teardown we try to do as many of them as we can on SI_SUB_INIT_IF, but for some this makes no sense, e.g., when tunnelling over a higher layer protocol such as IP. In that case the interface has to go along (or before) the higher layer protocol is shutdown. Kernel hhooks need to go last on teardown as they may be used at various higher layers and we cannot remove them before we cleaned up the higher layers. For interface teardown there are multiple paths: (a) a cloned interface is destroyed (inside a VIMAGE or in the base system), (b) any interface is moved from a virtual network stack to a different network stack ("vmove"), or (c) a virtual network stack is being shut down. All code paths go through if_detach_internal() where we, depending on the vmove flag or the vnet state, make a decision on how much to shut down; in case we are destroying a VNET the individual protocol layers will cleanup their own parts thus we cannot do so again for each interface as we end up with, e.g., double-frees, destroying locks twice or acquiring already destroyed locks. When calling into protocol cleanups we equally have to tell them whether they need to detach upper layer protocols ("ulp") or not (e.g., in6_ifdetach()). Provide or enahnce helper functions to do proper cleanup at a protocol rather than at an interface level. Approved by: re (hrs) Obtained from: projects/vnet Reviewed by: gnn, jhb Sponsored by: The FreeBSD Foundation MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D6747
|
#
99d628d5 |
|
15-Apr-2016 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
netinet: for pointers replace 0 with NULL. These are mostly cosmetical, no functional change. Found with devel/coccinelle. Reviewed by: ae. tuexen
|
#
1f12da0e |
|
22-Jan-2016 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Just checkpoint the WIP in order to be able to make the tree update easier. Note: this is currently not in a usable state as certain teardown parts are not called and the DOMAIN rework is missing. More to come soon and find its way to head. Obtained from: P4 //depot/user/bz/vimage/... Sponsored by: The FreeBSD Foundation
|
#
10e0e235 |
|
14-Jan-2016 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Remove now-unused wrappers for various routing functions.
|
#
ea8d1492 |
|
09-Jan-2016 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Remove sys/eventhandler.h from net/route.h Reviewed by: ae
|
#
fd90e2ed |
|
22-May-2015 |
Jung-uk Kim <jkim@FreeBSD.org> |
CALLOUT_MPSAFE has lost its meaning since r141428, i.e., for more than ten years for head. However, it is continuously misused as the mpsafe argument for callout_init(9). Deprecate the flag and clean up callout_init() calls to make them more consistent. Differential Revision: https://reviews.freebsd.org/D2613 Reviewed by: jhb MFC after: 2 weeks
|
#
6d947416 |
|
01-Apr-2015 |
Gleb Smirnoff <glebius@FreeBSD.org> |
o Use new function ip_fillid() in all places throughout the kernel, where we want to create a new IP datagram. o Add support for RFC6864, which allows to set IP ID for atomic IP datagrams to any value, to improve performance. The behaviour is controlled by net.inet.ip.rfc6864 sysctl knob, which is enabled by default. o In case if we generate IP ID, use counter(9) to improve performance. o Gather all code related to IP ID into ip_id.c. Differential Revision: https://reviews.freebsd.org/D2177 Reviewed by: adrian, cy, rpaulo Tested by: Emeric POUPON <emeric.poupon stormshield.eu> Sponsored by: Netflix Sponsored by: Nginx, Inc. Relnotes: yes
|
#
6df8a710 |
|
07-Nov-2014 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed. Sponsored by: Nginx, Inc.
|
#
f0cace5d |
|
12-Oct-2014 |
Robert Watson <rwatson@FreeBSD.org> |
When deciding whether to call m_pullup() even though there is adequate data in an mbuf, use M_WRITABLE() instead of a direct test of M_EXT; the latter both unnecessarily exposes mbuf-allocator internals in the protocol stack and is also insufficient to catch all cases of non-writability. (NB: m_pullup() does not actually guarantee that a writable mbuf is returned, so further refinement of all of these code paths continues to be required.) Reviewed by: bz MFC after: 3 days Sponsored by: EMC / Isilon Storage Division Differential Revision: https://reviews.freebsd.org/D900
|
#
73d76e77 |
|
14-Aug-2014 |
Kevin Lo <kevlo@FreeBSD.org> |
Change pr_output's prototype to avoid the need for explicit casts. This is a follow up to r269699. Phabric: D564 Reviewed by: jhb
|
#
8f5a8818 |
|
07-Aug-2014 |
Kevin Lo <kevlo@FreeBSD.org> |
Merge 'struct ip6protosw' and 'struct protosw' into one. Now we have only one protocol switch structure that is shared between ipv4 and ipv6. Phabric: D476 Reviewed by: jhb
|
#
547246a3 |
|
22-Jan-2014 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Fix fallout from r241923. Calculate length of payload in pim_input() properly. While here, remove extra variable and incorrect condition before m_pullup(). Reported by: Olivier Cochard-Labbé <olivier cochard.me> Sponsored by: Nginx, Inc.
|
#
76039bc8 |
|
26-Oct-2013 |
Gleb Smirnoff <glebius@FreeBSD.org> |
The r48589 promised to remove implicit inclusion of if_var.h soon. Prepare to this event, adding if_var.h to files that do need it. Also, include all includes that now are included due to implicit pollution via if_var.h Sponsored by: Netflix Sponsored by: Nginx, Inc.
|
#
86d93a15 |
|
05-Sep-2013 |
John Baldwin <jhb@FreeBSD.org> |
Use LIST_FOREACH_SAFE() instead of doing it by hand.
|
#
fa302f20 |
|
05-Sep-2013 |
John Baldwin <jhb@FreeBSD.org> |
Use an unsigned long when indexing into mfchashtbl[] and mf6ctable[]. This matches the types used when computing hash indices and the type of the maximum size of mfchashtbl[]. PR: kern/181821 Submitted by: Sven-Thorsten Dietrich <sven@vyatta.com> (IPv4) MFC after: 1 week
|
#
d983befd |
|
05-Sep-2013 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Remove unused code and sort variables declarations. PR: kern/181822 MFC after: 1 week
|
#
5b7cb97c |
|
09-Jul-2013 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Migrate structs arpstat, icmpstat, mrtstat, pimstat and udpstat to PCPU counters.
|
#
f2297451 |
|
16-Apr-2013 |
Xin LI <delphij@FreeBSD.org> |
Fix incomplete printf. PR: kern/177889 Submitted by: Sven-Thorsten Dietrich <sven vyatta com> MFC after: 1 week
|
#
c1031303 |
|
16-Apr-2013 |
Xin LI <delphij@FreeBSD.org> |
Don't leak lock when returning. PR: kern/177888 Submitted by: Sven-Thorsten Dietrich <sven vyatta com> MFC after: 1 week
|
#
dc4ad05e |
|
14-Mar-2013 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Use m_get/m_gethdr instead of compat macros. Sponsored by: Nginx, Inc.
|
#
eb1b1807 |
|
05-Dec-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Mechanically substitute flags from historic mbuf allocator with malloc(9) flags within sys. Exceptions: - sys/contrib not touched - sys/mbuf.h edited manually
|
#
078468ed |
|
26-Oct-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
o Remove last argument to ip_fragment(), and obtain all needed information on checksums directly from mbuf flags. This simplifies code. o Clear CSUM_IP from the mbuf in ip_fragment() if we did checksums in hardware. Some driver may not announce CSUM_IP in theur if_hwassist, although try to do checksums if CSUM_IP set on mbuf. Example is em(4). o While here, consistently use CSUM_IP instead of its alias CSUM_DELAY_IP. After this change CSUM_DELAY_IP vanishes from the stack. Submitted by: Sebastian Kuzminsky <seb lineratesystems.com>
|
#
8f134647 |
|
22-Oct-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Switch the entire IPv4 stack to keep the IP packet header in network byte order. Any host byte order processing is done in local variables and host byte order values are never[1] written to a packet. After this change a packet processed by the stack isn't modified at all[2] except for TTL. After this change a network stack hacker doesn't need to scratch his head trying to figure out what is the byte order at the given place in the stack. [1] One exception still remains. The raw sockets convert host byte order before pass a packet to an application. Probably this would remain for ages for compatibility. [2] The ip_input() still subtructs header len from ip->ip_len, but this is planned to be fixed soon. Reviewed by: luigi, Maxim Dounin <mdounin mdounin.ru> Tested by: ray, Olivier Cochard-Labbe <olivier cochard.me>
|
#
9823d527 |
|
10-Oct-2012 |
Kevin Lo <kevlo@FreeBSD.org> |
Revert previous commit... Pointyhat to: kevlo (myself)
|
#
a10cee30 |
|
09-Oct-2012 |
Kevin Lo <kevlo@FreeBSD.org> |
Prefer NULL over 0 for pointers
|
#
23e9c6dc |
|
08-Oct-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
After r241245 it appeared that in_delayed_cksum(), which still expects host byte order, was sometimes called with net byte order. Since we are moving towards net byte order throughout the stack, the function was converted to expect net byte order, and its consumers fixed appropriately: - ip_output(), ipfilter(4) not changed, since already call in_delayed_cksum() with header in net byte order. - divert(4), ng_nat(4), ipfw_nat(4) now don't need to swap byte order there and back. - mrouting code and IPv6 ipsec now need to switch byte order there and back, but I hope, this is temporary solution. - In ipsec(4) shifted switch to net byte order prior to in_delayed_cksum(). - pf_route() catches up on r241245 changes to ip_output().
|
#
3df6468a |
|
02-Jul-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Remove route caching from IP multicast routing code. There is no reason to do that, and also, cached route never got unreferenced, which meant a reference leak. Reviewed by: bms
|
#
1c779295 |
|
04-Mar-2012 |
Marko Zec <zec@FreeBSD.org> |
Change SYSINIT priorities so that ip_mroute_modevent() is executed before vnet_mroute_init(), since vnet_mroute_init() depends on mfchashsize tunable to be set, and that is done in in ip_mroute_modevent(). Apparently I broke that ordering with r208744 almost 2 years ago... PR: kern/162201 Submitted by: Stevan Markovic (mcafee.com) MFC after: 3 days
|
#
6472ac3d |
|
07-Nov-2011 |
Ed Schouten <ed@FreeBSD.org> |
Mark all SYSCTL_NODEs static that have no corresponding SYSCTL_DECLs. The SYSCTL_NODE macro defines a list that stores all child-elements of that node. If there's no SYSCTL_DECL macro anywhere else, there's no reason why it shouldn't be static.
|
#
3e288e62 |
|
22-Nov-2010 |
Dimitry Andric <dim@FreeBSD.org> |
After some off-list discussion, revert a number of changes to the DPCPU_DEFINE and VNET_DEFINE macros, as these cause problems for various people working on the affected files. A better long-term solution is still being considered. This reversal may give some modules empty set_pcpu or set_vnet sections, but these are harmless. Changes reverted: ------------------------------------------------------------------------ r215318 | dim | 2010-11-14 21:40:55 +0100 (Sun, 14 Nov 2010) | 4 lines Instead of unconditionally emitting .globl's for the __start_set_xxx and __stop_set_xxx symbols, only emit them when the set_vnet or set_pcpu sections are actually defined. ------------------------------------------------------------------------ r215317 | dim | 2010-11-14 21:38:11 +0100 (Sun, 14 Nov 2010) | 3 lines Apply the STATIC_VNET_DEFINE and STATIC_DPCPU_DEFINE macros throughout the tree. ------------------------------------------------------------------------ r215316 | dim | 2010-11-14 21:23:02 +0100 (Sun, 14 Nov 2010) | 2 lines Add macros to define static instances of VNET_DEFINE and DPCPU_DEFINE.
|
#
31c6a003 |
|
14-Nov-2010 |
Dimitry Andric <dim@FreeBSD.org> |
Apply the STATIC_VNET_DEFINE and STATIC_DPCPU_DEFINE macros throughout the tree.
|
#
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done by /etc/rc.d/jail.
|
#
7c4b8137 |
|
02-Jun-2010 |
Marko Zec <zec@FreeBSD.org> |
Virtualize the IPv4 multicast routing code. Submitted by: iprebeg Reviewed by: bms, bz, Pavlin Radoslavov MFC after: 30 days
|
#
957d68dd |
|
18-Feb-2010 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
No need to include security/mac/mac_framework.h here.
|
#
aed7a0f8 |
|
04-Jan-2010 |
Shteryana Shopova <syrinx@FreeBSD.org> |
MFC r201254: Make sure the multicast forwarding cache entry's stall queue is properly initialized before trying to insert an entry into it. PR: kern/142052 Reviewed by: bms
|
#
7c90b025 |
|
30-Dec-2009 |
Shteryana Shopova <syrinx@FreeBSD.org> |
Make sure the multicast forwarding cache entry's stall queue is properly initialized before trying to insert an entry into it. PR: kern/142052 Reviewed by: bms MFC after: now
|
#
6cbbe26f |
|
12-Sep-2009 |
Bruce M Simpson <bms@FreeBSD.org> |
In expire_mfc(), add an assert on the multicast forwarding cache mutex. PR: 138666
|
#
530c0060 |
|
01-Aug-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Merge the remainder of kern_vimage.c and vimage.h into vnet.c and vnet.h, we now use jails (rather than vimages) as the abstraction for virtualization management, and what remained was specific to virtual network stacks. Minor cleanups are done in the process, and comments updated to reflect these changes. Reviewed by: bz Approved by: re (vimage blanket)
|
#
eddfbb76 |
|
14-Jul-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Build on Jeff Roberson's linker-set based dynamic per-CPU allocator (DPCPU), as suggested by Peter Wemm, and implement a new per-virtual network stack memory allocator. Modify vnet to use the allocator instead of monolithic global container structures (vinet, ...). This change solves many binary compatibility problems associated with VIMAGE, and restores ELF symbols for virtualized global variables. Each virtualized global variable exists as a "reference copy", and also once per virtual network stack. Virtualized global variables are tagged at compile-time, placing the in a special linker set, which is loaded into a contiguous region of kernel memory. Virtualized global variables in the base kernel are linked as normal, but those in modules are copied and relocated to a reserved portion of the kernel's vnet region with the help of a the kernel linker. Virtualized global variables exist in per-vnet memory set up when the network stack instance is created, and are initialized statically from the reference copy. Run-time access occurs via an accessor macro, which converts from the current vnet and requested symbol to a per-vnet address. When "options VIMAGE" is not compiled into the kernel, normal global ELF symbols will be used instead and indirection is avoided. This change restores static initialization for network stack global variables, restores support for non-global symbols and types, eliminates the need for many subsystem constructors, eliminates large per-subsystem structures that caused many binary compatibility issues both for monitoring applications (netstat) and kernel modules, removes the per-function INIT_VNET_*() macros throughout the stack, eliminates the need for vnet_symmap ksym(2) munging, and eliminates duplicate definitions of virtualized globals under VIMAGE_GLOBALS. Bump __FreeBSD_version and update UPDATING. Portions submitted by: bz Reviewed by: bz, zec Discussed with: gnn, jamie, jeff, jhb, julian, sam Suggested by: peter Approved by: re (kensmith)
|
#
8c0fec80 |
|
23-Jun-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Modify most routines returning 'struct ifaddr *' to return references rather than pointers, requiring callers to properly dispose of those references. The following routines now return references: ifaddr_byindex ifa_ifwithaddr ifa_ifwithbroadaddr ifa_ifwithdstaddr ifa_ifwithnet ifaof_ifpforaddr ifa_ifwithroute ifa_ifwithroute_fib rt_getifa rt_getifa_fib IFP_TO_IA ip_rtaddr in6_ifawithifp in6ifa_ifpforlinklocal in6ifa_ifpwithaddr in6_ifadd carp_iamatch6 ip6_getdstifaddr Remove unused macro which didn't have required referencing: IFP_TO_IA6 This closes many small races in which changes to interface or address lists while an ifaddr was in use could lead to use of freed memory (etc). In a few cases, add missing if_addr_list locking required to safely acquire references. Because of a lack of deep copying support, we accept a race in which an in6_ifaddr pointed to by mbuf tags and extracted with ip6_getdstifaddr() doesn't hold a reference while in transmit. Once we have mbuf tag deep copy support, this can be fixed. Reviewed by: bz Obtained from: Apple, Inc. (portions) MFC after: 6 weeks (portions)
|
#
e40bae9a |
|
21-Jun-2009 |
Roman Divacky <rdivacky@FreeBSD.org> |
Switch cmd argument to u_long. This matches what if_ethersubr.c does and allows the code to compile cleanly on amd64 with clang. Reviewed by: rwatson Approved by: ed (mentor)
|
#
bcf11e8d |
|
05-Jun-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC and used in a large number of files, but also because an increasing number of incorrect uses of MAC calls were sneaking in due to copy-and-paste of MAC-aware code without the associated opt_mac.h include. Discussed with: pjd
|
#
5cf93e5d |
|
29-Apr-2009 |
Bruce M Simpson <bms@FreeBSD.org> |
Use KTR_INET for MROUTING CTRs.
|
#
093f25f8 |
|
26-Apr-2009 |
Marko Zec <zec@FreeBSD.org> |
In preparation for turning on options VIMAGE in next commits, rearrange / replace / adjust several INIT_VNET_* initializer macros, all of which currently resolve to whitespace. Reviewed by: bz (an older version of the patch) Approved by: julian (mentor)
|
#
07cf7ab2 |
|
12-Apr-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Update stats in struct pimstat using two new macros: PIMSTAT_ADD() and PIMSTAT_INC(), rather than directly manipulating the fields of the structure. This will make it easier to change the implementation of these statistics, such as using per-CPU versions of the data structure. MFC after: 3 days
|
#
fb83a368 |
|
12-Apr-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Update stats in struct mrtstat using two new macros: MRTSTAT_ADD() and MRTSTAT_INC(), rather than directly manipulating the fields of the structure. This will make it easier to change the implementation of these statistics, such as using per-CPU versions of the data structure. MFC after: 3 days
|
#
545dff6f |
|
20-Mar-2009 |
Bruce M Simpson <bms@FreeBSD.org> |
Fix brainos introduced during mechanical KTR change. Pointy hat to: bms
|
#
98b59af7 |
|
19-Mar-2009 |
Bruce M Simpson <bms@FreeBSD.org> |
Cleanup: Nuke debug.mrtdebug, and replace it with KTR.
|
#
443fc317 |
|
18-Mar-2009 |
Bruce M Simpson <bms@FreeBSD.org> |
Introduce a number of changes to the MROUTING code. This is purely a forwarding plane cleanup; no control plane code is involved. Summary: * Split IPv4 and IPv6 MROUTING support. The static compile-time kernel option remains the same, however, the modules may now be built for IPv4 and IPv6 separately as ip_mroute_mod and ip6_mroute_mod. * Clean up the IPv4 multicast forwarding code to use BSD queue and hash table constructs. Don't build our own timer abstractions when ratecheck() and timevalclear() etc will do. * Expose the multicast forwarding cache (MFC) and virtual interface table (VIF) as sysctls, to reduce netstat's dependence on libkvm for this information for running kernels. * bandwidth meters however still require libkvm. * Make the MFC hash table size a boot/load-time tunable ULONG, net.inet.ip.mfchashsize (defaults to 256). * Remove unused members from struct vif and struct mfc. * Kill RSVP support, as no current RSVP implementation uses it. These stubs could be moved to raw_ip.c. * Don't share locks or initialization between IPv4 and IPv6. * Don't use a static struct route_in6 in ip6_mroute.c. The v6 code is still using a cached struct route_in6, this is moved to mif6 for the time being. * More cleanup remains to be merged from ip_mroute.c to ip6_mroute.c. v4 path tested using ports/net/mcast-tools. v6 changes are mostly mechanical locking and *have not* been tested. As these changes partially break some kernel ABIs, they will not be MFCed. There is a lot more work to be done here. Reviewed by: Pavlin Radoslavov
|
#
4b79449e |
|
02-Dec-2008 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Rather than using hidden includes (with cicular dependencies), directly include only the header files needed. This reduces the unneeded spamming of various headers into lots of files. For now, this leaves us with very few modules including vnet.h and thus needing to depend on opt_route.h. Reviewed by: brooks, gnn, des, zec, imp Sponsored by: The FreeBSD Foundation
|
#
d7f03759 |
|
19-Oct-2008 |
Ulf Lilleengen <lulf@FreeBSD.org> |
- Import the HEAD csup code which is the basis for the cvsmode work.
|
#
8b615593 |
|
02-Oct-2008 |
Marko Zec <zec@FreeBSD.org> |
Step 1.5 of importing the network stack virtualization infrastructure from the vimage project, as per plan established at devsummit 08/08: http://wiki.freebsd.org/Image/Notes200808DevSummit Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator macros, and CURVNET_SET() context setting macros, all currently resolving to NOPs. Prepare for virtualization of selected SYSCTL objects by introducing a family of SYSCTL_V_*() macros, currently resolving to their global counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT(). Move selected #defines from sys/sys/vimage.h to newly introduced header files specific to virtualized subsystems (sys/net/vnet.h, sys/netinet/vinet.h etc.). All the changes are verified to have zero functional impact at this point in time by doing MD5 comparision between pre- and post-change object files(*). (*) netipsec/keysock.c did not validate depending on compile time options. Implemented by: julian, bz, brooks, zec Reviewed by: julian, bz, brooks, kris, rwatson, ... Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation
|
#
ac957cd2 |
|
19-Aug-2008 |
Julian Elischer <julian@FreeBSD.org> |
A bunch of formatting fixes brough to light by, or created by the Vimage commit a few days ago.
|
#
603724d3 |
|
17-Aug-2008 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Commit step 1 of the vimage project, (network stack) virtualization work done by Marko Zec (zec@). This is the first in a series of commits over the course of the next few weeks. Mark all uses of global variables to be virtualized with a V_ prefix. Use macros to map them back to their global names for now, so this is a NOP change only. We hope to have caught at least 85-90% of what is needed so we do not invalidate a lot of outstanding patches again. Obtained from: //depot/projects/vimage-commit2/... Reviewed by: brooks, des, ed, mav, julian, jamie, kris, rwatson, zec, ... (various people I forgot, different versions) md5 (with a bit of help) Sponsored by: NLnet Foundation, The FreeBSD Foundation X-MFC after: never V_Commit_Message_Reviewed_By: more people than the patch
|
#
8b07e49a |
|
09-May-2008 |
Julian Elischer <julian@FreeBSD.org> |
Add code to allow the system to handle multiple routing tables. This particular implementation is designed to be fully backwards compatible and to be MFC-able to 7.x (and 6.x) Currently the only protocol that can make use of the multiple tables is IPv4 Similar functionality exists in OpenBSD and Linux. From my notes: ----- One thing where FreeBSD has been falling behind, and which by chance I have some time to work on is "policy based routing", which allows different packet streams to be routed by more than just the destination address. Constraints: ------------ I want to make some form of this available in the 6.x tree (and by extension 7.x) , but FreeBSD in general needs it so I might as well do it in -current and back port the portions I need. One of the ways that this can be done is to have the ability to instantiate multiple kernel routing tables (which I will now refer to as "Forwarding Information Bases" or "FIBs" for political correctness reasons). Which FIB a particular packet uses to make the next hop decision can be decided by a number of mechanisms. The policies these mechanisms implement are the "Policies" referred to in "Policy based routing". One of the constraints I have if I try to back port this work to 6.x is that it must be implemented as a EXTENSION to the existing ABIs in 6.x so that third party applications do not need to be recompiled in timespan of the branch. This first version will not have some of the bells and whistles that will come with later versions. It will, for example, be limited to 16 tables in the first commit. Implementation method, Compatible version. (part 1) ------------------------------- For this reason I have implemented a "sufficient subset" of a multiple routing table solution in Perforce, and back-ported it to 6.x. (also in Perforce though not always caught up with what I have done in -current/P4). The subset allows a number of FIBs to be defined at compile time (8 is sufficient for my purposes in 6.x) and implements the changes needed to allow IPV4 to use them. I have not done the changes for ipv6 simply because I do not need it, and I do not have enough knowledge of ipv6 (e.g. neighbor discovery) needed to do it. Other protocol families are left untouched and should there be users with proprietary protocol families, they should continue to work and be oblivious to the existence of the extra FIBs. To understand how this is done, one must know that the current FIB code starts everything off with a single dimensional array of pointers to FIB head structures (One per protocol family), each of which in turn points to the trie of routes available to that family. The basic change in the ABI compatible version of the change is to extent that array to be a 2 dimensional array, so that instead of protocol family X looking at rt_tables[X] for the table it needs, it looks at rt_tables[Y][X] when for all protocol families except ipv4 Y is always 0. Code that is unaware of the change always just sees the first row of the table, which of course looks just like the one dimensional array that existed before. The entry points rtrequest(), rtalloc(), rtalloc1(), rtalloc_ign() are all maintained, but refer only to the first row of the array, so that existing callers in proprietary protocols can continue to do the "right thing". Some new entry points are added, for the exclusive use of ipv4 code called in_rtrequest(), in_rtalloc(), in_rtalloc1() and in_rtalloc_ign(), which have an extra argument which refers the code to the correct row. In addition, there are some new entry points (currently called rtalloc_fib() and friends) that check the Address family being looked up and call either rtalloc() (and friends) if the protocol is not IPv4 forcing the action to row 0 or to the appropriate row if it IS IPv4 (and that info is available). These are for calling from code that is not specific to any particular protocol. The way these are implemented would change in the non ABI preserving code to be added later. One feature of the first version of the code is that for ipv4, the interface routes show up automatically on all the FIBs, so that no matter what FIB you select you always have the basic direct attached hosts available to you. (rtinit() does this automatically). You CAN delete an interface route from one FIB should you want to but by default it's there. ARP information is also available in each FIB. It's assumed that the same machine would have the same MAC address, regardless of which FIB you are using to get to it. This brings us as to how the correct FIB is selected for an outgoing IPV4 packet. Firstly, all packets have a FIB associated with them. if nothing has been done to change it, it will be FIB 0. The FIB is changed in the following ways. Packets fall into one of a number of classes. 1/ locally generated packets, coming from a socket/PCB. Such packets select a FIB from a number associated with the socket/PCB. This in turn is inherited from the process, but can be changed by a socket option. The process in turn inherits it on fork. I have written a utility call setfib that acts a bit like nice.. setfib -3 ping target.example.com # will use fib 3 for ping. It is an obvious extension to make it a property of a jail but I have not done so. It can be achieved by combining the setfib and jail commands. 2/ packets received on an interface for forwarding. By default these packets would use table 0, (or possibly a number settable in a sysctl(not yet)). but prior to routing the firewall can inspect them (see below). (possibly in the future you may be able to associate a FIB with packets received on an interface.. An ifconfig arg, but not yet.) 3/ packets inspected by a packet classifier, which can arbitrarily associate a fib with it on a packet by packet basis. A fib assigned to a packet by a packet classifier (such as ipfw) would over-ride a fib associated by a more default source. (such as cases 1 or 2). 4/ a tcp listen socket associated with a fib will generate accept sockets that are associated with that same fib. 5/ Packets generated in response to some other packet (e.g. reset or icmp packets). These should use the FIB associated with the packet being reponded to. 6/ Packets generated during encapsulation. gif, tun and other tunnel interfaces will encapsulate using the FIB that was in effect withthe proces that set up the tunnel. thus setfib 1 ifconfig gif0 [tunnel instructions] will set the fib for the tunnel to use to be fib 1. Routing messages would be associated with their process, and thus select one FIB or another. messages from the kernel would be associated with the fib they refer to and would only be received by a routing socket associated with that fib. (not yet implemented) In addition Netstat has been edited to be able to cope with the fact that the array is now 2 dimensional. (It looks in system memory using libkvm (!)). Old versions of netstat see only the first FIB. In addition two sysctls are added to give: a) the number of FIBs compiled in (active) b) the default FIB of the calling process. Early testing experience: ------------------------- Basically our (IronPort's) appliance does this functionality already using ipfw fwd but that method has some drawbacks. For example, It can't fully simulate a routing table because it can't influence the socket's choice of local address when a connect() is done. Testing during the generating of these changes has been remarkably smooth so far. Multiple tables have co-existed with no notable side effects, and packets have been routes accordingly. ipfw has grown 2 new keywords: setfib N ip from anay to any count ip from any to any fib N In pf there seems to be a requirement to be able to give symbolic names to the fibs but I do not have that capacity. I am not sure if it is required. SCTP has interestingly enough built in support for this, called VRFs in Cisco parlance. it will be interesting to see how that handles it when it suddenly actually does something. Where to next: -------------------- After committing the ABI compatible version and MFCing it, I'd like to proceed in a forward direction in -current. this will result in some roto-tilling in the routing code. Firstly: the current code's idea of having a separate tree per protocol family, all of the same format, and pointed to by the 1 dimensional array is a bit silly. Especially when one considers that there is code that makes assumptions about every protocol having the same internal structures there. Some protocols don't WANT that sort of structure. (for example the whole idea of a netmask is foreign to appletalk). This needs to be made opaque to the external code. My suggested first change is to add routing method pointers to the 'domain' structure, along with information pointing the data. instead of having an array of pointers to uniform structures, there would be an array pointing to the 'domain' structures for each protocol address domain (protocol family), and the methods this reached would be called. The methods would have an argument that gives FIB number, but the protocol would be free to ignore it. When the ABI can be changed it raises the possibilty of the addition of a fib entry into the "struct route". Currently, the structure contains the sockaddr of the desination, and the resulting fib entry. To make this work fully, one could add a fib number so that given an address and a fib, one can find the third element, the fib entry. Interaction with the ARP layer/ LL layer would need to be revisited as well. Qing Li has been working on this already. This work was sponsored by Ironport Systems/Cisco Reviewed by: several including rwatson, bz and mlair (parts each) Obtained from: Ironport systems/Cisco
|
#
4b421e2d |
|
07-Oct-2007 |
Mike Silbersack <silby@FreeBSD.org> |
Add FBSDID to all files in netinet so that people can more easily include file version information in bug reports. Approved by: re (kensmith)
|
#
0bf686c1 |
|
06-Aug-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Remove the now-unused NET_{LOCK,UNLOCK,ASSERT}_GIANT() macros, which previously conditionally acquired Giant based on debug.mpsafenet. As that has now been removed, they are no longer required. Removing them significantly simplifies error-handling in the socket layer, eliminated quite a bit of unwinding of locking in error cases. While here clean up the now unneeded opt_net.h, which previously was used for the NET_WITH_GIANT kernel option. Clean up some related gotos for consistency. Reviewed by: bz, csjp Tested by: kris Approved by: re (kensmith)
|
#
c6b28997 |
|
28-Jul-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Replace references to NET_CALLOUT_MPSAFE with CALLOUT_MPSAFE, and remove definition of NET_CALLOUT_MPSAFE, which is no longer required now that debug.mpsafenet has been removed. The once over: bz Approved by: re (kensmith)
|
#
f2565d68 |
|
10-May-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Move universally to ANSI C function declarations, with relatively consistent style(9)-ish layout.
|
#
5c51891e |
|
15-Mar-2007 |
Bruce M Simpson <bms@FreeBSD.org> |
Diff reduction with NetBSD; use IN_LOCAL_GROUP() to check if an address is within the locally scoped multicast range 224.0.0.0/24.
|
#
44c4d7b2 |
|
04-Mar-2007 |
Bruce M Simpson <bms@FreeBSD.org> |
Purge an out-of-date comment.
|
#
85e07934 |
|
28-Feb-2007 |
Bruce M Simpson <bms@FreeBSD.org> |
Style: Move declaration of subsystem mutex to where other mutexes are in this file, and use macros for dealing with it.
|
#
41005212 |
|
25-Feb-2007 |
Bruce M Simpson <bms@FreeBSD.org> |
Unlock a mutex which should be unlocked before returning. MFC after: 1 week
|
#
6be2e366 |
|
24-Feb-2007 |
Bruce M Simpson <bms@FreeBSD.org> |
Make IPv6 multicast forwarding dynamically loadable from a GENERIC kernel. It is built in the same module as IPv4 multicast forwarding, i.e. ip_mroute.ko, if and only if IPv6 support is enabled for loadable modules. Export IPv6 forwarding structs to userland netstat(1) via sysctl(9).
|
#
79760c6b |
|
10-Feb-2007 |
Bruce M Simpson <bms@FreeBSD.org> |
Use MAXTTL. Obtained from: NetBSD
|
#
7a90229b |
|
10-Feb-2007 |
Bruce M Simpson <bms@FreeBSD.org> |
If the rendezvous point for a group is not specified, do not send IGMPMSG_WHOLEPKT notifications to the userland PIM routing daemon, as an optimization to mitigate the effects of high multicast forwarding load. This is an experimental change, therefore it must be explicitly enabled by setting the sysctl/tunable net.inet.pim.squelch_wholepkt to a non-zero value. The tunable may be set from the loader or from within the kernel environment when loading ip_mroute.ko as a module. Submitted by: edrt <edrt at citiz.net> See also: http://mailman.icsi.berkeley.edu/pipermail/xorp-users/2005-June/000639.html
|
#
0948f0a2 |
|
10-Feb-2007 |
Bruce M Simpson <bms@FreeBSD.org> |
Build PIM by default as part of the IPv4 multicast forwarding path. Make PIM dynamically loadable by using encap_attach_func(). PIM may now be loaded into a GENERIC kernel. Tested with: ports/net/pimdd && tcpreplay && wireshark Reviewed by: Pavlin Radoslavov
|
#
f2bf119e |
|
08-Feb-2007 |
Bruce M Simpson <bms@FreeBSD.org> |
Store the cached route in vifp in the normal send_packet() case. The VIFF_TUNNEL case no longer exists, therefore this field is free to use, and its use eliminates a static data member.
|
#
162c78d4 |
|
08-Feb-2007 |
Bruce M Simpson <bms@FreeBSD.org> |
Nuke the token bucket filter code. Attempting to request rate limiting by the token bucket filter will result in EINVAL being returned. If you want to rate-limit traffic in future, use ALTQ or dummynet; this isn't a general purpose QoS engine. Preserve the now unused fields in struct vif so as to avoid having to recompile netstat(1) and other tools. Reviewed by: Pavlin Radslavov, Bill Fenner
|
#
aab7b273 |
|
07-Feb-2007 |
Bruce M Simpson <bms@FreeBSD.org> |
eliminate redundant macro MC_SEND()
|
#
78cb087e |
|
07-Feb-2007 |
Bruce M Simpson <bms@FreeBSD.org> |
Remove support for IPIP tunnels in IPv4 multicast forwarding. XORP has never used them; with mrouted, their functionality may be replaced by explicitly configuring gif(4) instances and specifying them with the 'phyint' keyword. Bump __FreeBSD_version to 700030, and update UPDATING. A doc update is forthcoming. Discussed on: net Reviewed by: fenner MFC after: 3 months
|
#
acd3428b |
|
06-Nov-2006 |
Robert Watson <rwatson@FreeBSD.org> |
Sweep kernel replacing suser(9) calls with priv(9) calls, assigning specific privilege names to a broad range of privileges. These may require some future tweaking. Sponsored by: nCircle Network Security, Inc. Obtained from: TrustedBSD Project Discussed on: arch@ Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri, Alex Lyashkov <umka at sevcity dot net>, Skip Ford <skip dot ford at verizon dot net>, Antoine Brodin <antoine dot brodin at laposte dot net>
|
#
aed55708 |
|
22-Oct-2006 |
Robert Watson <rwatson@FreeBSD.org> |
Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.h begun with a repo-copy of mac.h to mac_framework.h. sys/mac.h now contains the userspace and user<->kernel API and definitions, with all in-kernel interfaces moved to mac_framework.h, which is now included across most of the kernel instead. This change is the first step in a larger cleanup and sweep of MAC Framework interfaces in the kernel, and will not be MFC'd. Obtained from: TrustedBSD Project Sponsored by: SPARTA
|
#
2d20d323 |
|
29-Sep-2006 |
Bruce M Simpson <bms@FreeBSD.org> |
Push removal of mrouted down to the rest of the tree.
|
#
050596b4 |
|
27-Sep-2006 |
Bruce M Simpson <bms@FreeBSD.org> |
Fix the IPv4 multicast routing detach path. On interface detach whilst the MROUTER is running, the system would panic as described in the PR. The fix in the PR is a good start, however, the other state associated with the multicast forwarding cache has to be freed in order to avoid leaking memory and other possible panics. More care and attention is needed in this area. PR: kern/82882 MFC after: 1 week
|
#
8d7d8514 |
|
18-May-2006 |
Bruce M Simpson <bms@FreeBSD.org> |
Initialize the new members of struct ip_moptions as a defensive programming measure. Note that whilst these members are not used by the ip_output() path, we are passing an instance of struct ip_moptions here which is declared on the stack (which could be considered a bad thing). ip_output() does not consume struct ip_moptions, but in case it does in future, declare an in_multi vector on the stack too to behave more like ip_findmoptions() does.
|
#
1dec73a1 |
|
24-Jan-2006 |
Andre Oppermann <andre@FreeBSD.org> |
In ip_mdq() compute the TV_DELTA the correct way around. PR: kern/91851 Submitted by: SAKAI Hiroaki <sakai.hiroaki-at-jp.fujitsu.com> MFC after: 3 days
|
#
636a309a |
|
15-Dec-2005 |
John Baldwin <jhb@FreeBSD.org> |
Use %t (ptrdiff_t modifier) to print a couple of pointer differences rather than casting them to int.
|
#
ef39adf0 |
|
18-Nov-2005 |
Andre Oppermann <andre@FreeBSD.org> |
Consolidate all IP Options handling functions into ip_options.[ch] and include ip_options.h into all files making use of IP Options functions. From ip_input.c rev 1.306: ip_dooptions(struct mbuf *m, int pass) save_rte(m, option, dst) ip_srcroute(m0) ip_stripoptions(m, mopt) From ip_output.c rev 1.249: ip_insertoptions(m, opt, phlen) ip_optcopy(ip, jp) ip_pcbopts(struct inpcb *inp, int optname, struct mbuf *m) No functional changes in this commit. Discussed with: rwatson Sponsored by: TCP/IP Optimization Fundraise 2005
|
#
303989a2 |
|
09-Nov-2005 |
Ruslan Ermilov <ru@FreeBSD.org> |
Use sparse initializers for "struct domain" and "struct protosw", so they are easier to follow for the human being.
|
#
34333b16 |
|
02-Nov-2005 |
Andre Oppermann <andre@FreeBSD.org> |
Retire MT_HEADER mbuf type and change its users to use MT_DATA. Having an additional MT_HEADER mbuf type is superfluous and redundant as nothing depends on it. It only adds a layer of confusion. The distinction between header mbuf's and data mbuf's is solely done through the m->m_flags M_PKTHDR flag. Non-native code is not changed in this commit. For compatibility MT_HEADER is mapped to MT_DATA. Sponsored by: TCP/IP Optimization Fundraise 2005
|
#
e6b9152d |
|
19-Sep-2005 |
Andre Oppermann <andre@FreeBSD.org> |
Use monotonic 'time_uptime' instead of 'time_second' as timebase for timeouts.
|
#
d980b052 |
|
23-Jun-2005 |
Warner Losh <imp@FreeBSD.org> |
Add back missing copyright and license statement. This is identical to the statement in ip_mroute.h, as well as being the same as what OpenBSD has done with this file. It matches the copyright in NetBSD's 1.1 through 1.14 versions of the file as well, which they subsequently added back. It appears to have been lost in the 4.4-lite1 import for FreeBSD 2.0, but where and why I've not investigated further. OpenBSD had the same problem. NetBSD had a copyright notice until Multicast 3.5 was integrated verbatim back in 1995. This appears to be the version that made it into 4.4-lite1. Approved by: re (scottl) MFC after: 3 days
|
#
31199c84 |
|
28-Feb-2005 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Use NET_CALLOUT_MPSAFE macro.
|
#
fcf4e3a1 |
|
07-Oct-2004 |
Robert Watson <rwatson@FreeBSD.org> |
When running with debug.mpsafenet=0, initialize IP multicast routing callouts as non-CALLOUT_MPSAFE. Otherwise, they may trigger an assertion regarding Giant if they enter other parts of the stack from the callout. MFC after: 3 days Reported by: Dikshie < dikshie at ppk dot itb dot ac dot id >
|
#
3161f583 |
|
27-Aug-2004 |
Andre Oppermann <andre@FreeBSD.org> |
Apply error and success logic consistently to the function netisr_queue() and its users. netisr_queue() now returns (0) on success and ERRNO on failure. At the moment ENXIO (netisr queue not functional) and ENOBUFS (netisr queue full) are supported. Previously it would return (1) on success but the return value of IF_HANDOFF() was interpreted wrongly and (0) was actually returned on success. Due to this schednetisr() was never called to kick the scheduling of the isr. However this was masked by other normal packets coming through netisr_dispatch() causing the dequeueing of waiting packets. PR: kern/70988 Found by: MOROHOSHI Akihiko <moro@remus.dti.ne.jp> MFC after: 3 days
|
#
5090559b |
|
21-Aug-2004 |
Christian S.J. Peron <csjp@FreeBSD.org> |
When a prison is given the ability to create raw sockets (when the security.jail.allow_raw_sockets sysctl MIB is set to 1) where privileged access to jails is given out, it is possible for prison root to manipulate various network parameters which effect the host environment. This commit plugs a number of security holes associated with the use of raw sockets and prisons. This commit makes the following changes: - Add a comment to rtioctl warning developers that if they add any ioctl commands, they should use super-user checks where necessary, as it is possible for PRISON root to make it this far in execution. - Add super-user checks for the execution of the SIOCGETVIFCNT and SIOCGETSGCNT IP multicast ioctl commands. - Add a super-user check to rip_ctloutput(). If the calling cred is PRISON root, make sure the socket option name is IP_HDRINCL, otherwise deny the request. Although this patch corrects a number of security problems associated with raw sockets and prisons, the warning in jail(8) should still apply, and by default we should keep the default value of security.jail.allow_raw_sockets MIB to 0 (or disabled) until we are certain that we have tracked down all the problems. Looking forward, we will probably want to eliminate the references to curthread. This may be a MFC candidate for RELENG_5. Reviewed by: rwatson Approved by: bmilekic (mentor)
|
#
a4f757cd |
|
16-Aug-2004 |
Robert Watson <rwatson@FreeBSD.org> |
White space cleanup for netinet before branch: - Trailing tab/space cleanup - Remove spurious spaces between or before tabs This change avoids touching files that Andre likely has in his working set for PFIL hooks changes for IPFW/DUMMYNET. Approved by: re (scottl) Submitted by: Xin LI <delphij@frontfree.net>
|
#
1f44b0a1 |
|
14-Aug-2004 |
David Malone <dwmalone@FreeBSD.org> |
Get rid of the RANDOM_IP_ID option and make it a sysctl. NetBSD have already done this, so I have styled the patch on their work: 1) introduce a ip_newid() static inline function that checks the sysctl and then decides if it should return a sequential or random IP ID. 2) named the sysctl net.inet.ip.random_id 3) IPv6 flow IDs and fragment IDs are now always random. Flow IDs and frag IDs are significantly less common in the IPv6 world (ie. rarely generated per-packet), so there should be smaller performance concerns. The sysctl defaults to 0 (sequential IP IDs). Reviewed by: andre, silby, mlaier, ume Based on: NetBSD MFC after: 2 months
|
#
2ff39e15 |
|
02-Aug-2004 |
Jeffrey Hsu <hsu@FreeBSD.org> |
Fix bug with tracking the previous element in a list. Found by: edrt@citiz.net Submitted by: pavlin@icir.org
|
#
3e019dea |
|
15-Jul-2004 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Do a pass over all modules in the kernel and make them return EOPNOTSUPP for unknown events. A number of modules return EINVAL in this instance, and I have left those alone for now and instead taught MOD_QUIESCE to accept this as "didn't do anything".
|
#
1e4d7da7 |
|
26-Jun-2004 |
Robert Watson <rwatson@FreeBSD.org> |
Reduce the number of unnecessary unlock-relocks on socket buffer mutexes associated with performing a wakeup on the socket buffer: - When performing an sbappend*() followed by a so[rw]wakeup(), explicitly acquire the socket buffer lock and use the _locked() variants of both calls. Note that the _locked() sowakeup() versions unlock the mutex on return. This is done in uipc_send(), divert_packet(), mroute socket_send(), raw_append(), tcp_reass(), tcp_input(), and udp_append(). - When the socket buffer lock is dropped before a sowakeup(), remove the explicit unlock and use the _locked() sowakeup() variant. This is done in soisdisconnecting(), soisdisconnected() when setting the can't send/ receive flags and dropping data, and in uipc_rcvd() which adjusting back-pressure on the sockets. For UNIX domain sockets running mpsafe with a contention-intensive SMP mysql benchmark, this results in a 1.6% query rate improvement due to reduce mutex costs.
|
#
d67ec3dd |
|
23-Jun-2004 |
Robert Watson <rwatson@FreeBSD.org> |
When asserting non-Giant locks in the network stack, also assert Giant if debug.mpsafenet=0, as any points that require synchronization in the SMPng world also required it in the Giant-world: - inpcb locks (including IPv6) - inpcbinfo locks (including IPv6) - dummynet subsystem lock - ipfw2 subsystem lock
|
#
1b83216e |
|
20-Jun-2004 |
Robert Watson <rwatson@FreeBSD.org> |
IP multicast code no longer needs to acquire Giant before appending an mbuf onto a socket buffer. This is left over from debug.mpsafenet affecting the forwarding/bridging plane only.
|
#
5dba30f1 |
|
30-May-2004 |
Poul-Henning Kamp <phk@FreeBSD.org> |
add missing #include <sys/module.h>
|
#
a0620382 |
|
08-Mar-2004 |
Jeffrey Hsu <hsu@FreeBSD.org> |
To comply with the spec, do not copy the TOS from the outer IP header to the inner IP header of the PIM Register if this is a PIM Null-Register message. Submitted by: Pavlin Radoslavov <pavlin@icir.org>
|
#
ededbec1 |
|
20-Dec-2003 |
Sam Leffler <sam@FreeBSD.org> |
o move mutex init/destroy logic to the module load/unload hooks; otherwise they are initialized twice when the code is statically configured in the kernel because the module load method gets invoked before the user application calls ip_mrouter_init o add a mutex to synchronize the module init/done operations; this sort of was done using the value of ip_mroute but X_ip_mrouter_done sets it to NULL very early on which can lead to a race against ip_mrouter_init--using the additional mutex means this is safe now o don't call ip_mrouter_reset from ip_mrouter_init; this now happens once at module load and X_ip_mrouter_done does the appropriate cleanup work to insure the data structures are in a consistent state so that a subsequent init operation inherits good state Reviewed by: juli
|
#
1d78192b |
|
08-Nov-2003 |
Sam Leffler <sam@FreeBSD.org> |
the sbappendaddr call in socket_send must be protected by Giant because it can happen from an MPSAFE callout Supported by: FreeBSD Foundation
|
#
9bf40ede |
|
31-Oct-2003 |
Brooks Davis <brooks@FreeBSD.org> |
Replace the if_name and if_unit members of struct ifnet with new members if_xname, if_dname, and if_dunit. if_xname is the name of the interface and if_dname/unit are the driver name and instance. This change paves the way for interface renaming and enhanced pseudo device creation and configuration symantics. Approved By: re (in principle) Reviewed By: njl, imp Tested On: i386, amd64, sparc64 Obtained From: NetBSD (if_xname)
|
#
d0402f1b |
|
29-Oct-2003 |
Sam Leffler <sam@FreeBSD.org> |
Potential fix for races shutting down callouts when unloading the module. Previously we grabbed the mutex used by the callouts, then stopped the callout with callout_stop, but if the callout was already active and blocked by the mutex then it would continue later and reference the mutex after it was destroyed. Instead stop the callout first then lock. Supported by: FreeBSD Foundation
|
#
ac6b0748 |
|
23-Oct-2003 |
Sam Leffler <sam@FreeBSD.org> |
o restructure initialization code so data structures are setup when loaded as a module o cleanup data structures on module unload when no application has been started (i.e. kldload, kldunload w/o mrtd) o remove extraneous unlocks immediately prior to destroying them Supported by: FreeBSD Foundation
|
#
468cf6f6 |
|
05-Sep-2003 |
Sam Leffler <sam@FreeBSD.org> |
Add locking. Special thanks to Pavlin Radoslavov <pavlin@icir.org> for testing and fixing numerous problems. Sponsored by: FreeBSD Foundation Reviewed by: Pavlin Radoslavov <pavlin@icir.org>
|
#
578c5e12 |
|
24-Aug-2003 |
Jeffrey Hsu <hsu@FreeBSD.org> |
Remove redundant bzero. Submitted by: Pavlin Radoslavov <pavlin@icir.org>
|
#
9ba208b4 |
|
19-Aug-2003 |
Jeffrey Hsu <hsu@FreeBSD.org> |
* Bug fix in bw_meter_process(): the periodically processed bins of bw_meter entries were processed up to one second ahead. After an unappropriate rescheduling of some of the bw_meter entries, the upcalls weren't delivered. * pim_register_prepare() uses the appropriate sw_csum flag to call ip_fragment() so the IP checksum is computed properly. * Modify pim_register_prepare() to take care of IP packets that don't need fragmentation. * Add-back in_delayed_cksum() to encap_send(), because it seems it should be there. Submitted by: Pavlin Radoslavov <pavlin@icir.org>
|
#
1e78ac21 |
|
07-Aug-2003 |
Jeffrey Hsu <hsu@FreeBSD.org> |
1. Basic PIM kernel support Disabled by default. To enable it, the new "options PIM" must be added to the kernel configuration file (in addition to MROUTING): options MROUTING # Multicast routing options PIM # Protocol Independent Multicast 2. Add support for advanced multicast API setup/configuration and extensibility. 3. Add support for kernel-level PIM Register encapsulation. Disabled by default. Can be enabled by the advanced multicast API. 4. Implement a mechanism for "multicast bandwidth monitoring and upcalls". Submitted by: Pavlin Radoslavov <pavlin@icir.org>
|
#
1b6002ec |
|
05-Aug-2003 |
Jeffrey Hsu <hsu@FreeBSD.org> |
* makes mfc[MFCTBLSIZ] and vif[MAXVIFS] tables accessible via sysctl: - sysctlbyname("net.inet.ip.mfctable", ...) - sysctlbyname("net.inet.ip.viftable", ...) This change is needed so netstat can use sysctlbyname() to read the data from those tables. Otherwise, in some cases "netstat -g" may fail to report the multicast forwarding information (e.g., if we run a multicast router on PicoBSD). * Bug fix: when sending IGMPMSG_WRONGVIF upcall to the multicast routing daemon, set properly "im->im_vif" to the receiving incoming interface of the packet that triggered that upcall rather than to the expected incoming interface of that packet. * Bug fix: add missing increment of counter "mrtstat.mrts_upcalls" * Few formatting nits (e.g., replace extra spaces with TABs) Submitted by: Pavlin Radoslavov <pavlin@icir.org>
|
#
fe584538 |
|
08-Apr-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Introduce an M_ASSERTPKTHDR() macro which performs the very common task of asserting that an mbuf has a packet header. Use it instead of hand- rolled versions wherever applicable. Submitted by: Hiten Pandya <hiten@unixdaemons.com>
|
#
1cafed39 |
|
04-Mar-2003 |
Jonathan Lemon <jlemon@FreeBSD.org> |
Update netisr handling; Each SWI now registers its queue, and all queue drain routines are done by swi_net, which allows for better queue control at some future point. Packets may also be directly dispatched to a netisr instead of queued, this may be of interest at some installations, but currently defaults to off. Reviewed by: hsu, silby, jayanth, sam Sponsored by: DARPA, NAI Labs
|
#
a163d034 |
|
18-Feb-2003 |
Warner Losh <imp@FreeBSD.org> |
Back out M_* changes, per decision of the TRB. Approved by: trb
|
#
44956c98 |
|
21-Jan-2003 |
Alfred Perlstein <alfred@FreeBSD.org> |
Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0. Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
|
#
bbb4330b |
|
15-Nov-2002 |
Luigi Rizzo <luigi@FreeBSD.org> |
Massive cleanup of the ip_mroute code. No functional changes, but: + the mrouting module now should behave the same as the compiled-in version (it did not before, some of the rsvp code was not loaded properly); + netinet/ip_mroute.c is now truly optional; + removed some redundant/unused code; + changed many instances of '0' to NULL and INADDR_ANY as appropriate; + removed several static variables to make the code more SMP-friendly; + fixed some minor bugs in the mrouting code (mostly, incorrect return values from functions). This commit is also a prerequisite to the addition of support for PIM, which i would like to put in before DP2 (it does not change any of the existing APIs, anyways). Note, in the process we found out that some device drivers fail to properly handle changes in IFF_ALLMULTI, leading to interesting behaviour when a multicast router is started. This bug is not corrected by this commit, and will be fixed with a separate commit. Detailed changes: -------------------- netinet/ip_mroute.c all the above. conf/files make ip_mroute.c optional net/route.c fix mrt_ioctl hook netinet/ip_input.c fix ip_mforward hook, move rsvp_input() here together with other rsvp code, and a couple of indentation fixes. netinet/ip_output.c fix ip_mforward and ip_mcast_src hooks netinet/ip_var.h rsvp function hooks netinet/raw_ip.c hooks for mrouting and rsvp functions, plus interface cleanup. netinet/ip_mroute.h remove an unused and optional field from a struct Most of the code is from Pavlin Radoslavov and the XORP project Reviewed by: sam MFC after: 1 week
|
#
2d4e2652 |
|
08-Nov-2002 |
John Baldwin <jhb@FreeBSD.org> |
Cast a ptrdiff_t to an int to printf.
|
#
c7405098 |
|
20-Oct-2002 |
Robert Watson <rwatson@FreeBSD.org> |
When a packet is multicast encapsulated, give labeled policies the opportunity to preserve the label. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
#
5d846453 |
|
15-Oct-2002 |
Sam Leffler <sam@FreeBSD.org> |
Replace aux mbufs with packet tags: o instead of a list of mbufs use a list of m_tag structures a la openbsd o for netgraph et. al. extend the stock openbsd m_tag to include a 32-bit ABI/module number cookie o for openbsd compatibility define a well-known cookie MTAG_ABI_COMPAT and use this in defining openbsd-compatible m_tag_find and m_tag_get routines o rewrite KAME use of aux mbufs in terms of packet tags o eliminate the most heavily used aux mbufs by adding an additional struct inpcb parameter to ip_output and ip6_output to allow the IPsec code to locate the security policy to apply to outbound packets o bump __FreeBSD_version so code can be conditionalized o fixup ipfilter's call to ip_output based on __FreeBSD_version Reviewed by: julian, luigi (silent), -arch, -net, darren Approved by: julian, silence from everyone else Obtained from: openbsd (mostly) MFC after: 1 month
|
#
565bb857 |
|
09-Sep-2002 |
Maxim Sobolev <sobomax@FreeBSD.org> |
Since from now on encap_input() also catches IPPROTO_MOBILE and IPPROTO_GRE packets in addition to IPPROTO_IPV4 and IPPROTO_IPV6, explicitly specify IPPROTO_IPV4 or IPPROTO_IPV6 instead of -1 when calling encap_attach(). MFC after: 28 days (along with other if_gre changes)
|
#
93b0017f |
|
25-Aug-2002 |
Philippe Charnier <charnier@FreeBSD.org> |
Replace various spelling with FALLTHROUGH which is lint()able
|
#
713a6ea0 |
|
26-Jun-2002 |
Luigi Rizzo <luigi@FreeBSD.org> |
Just a comment on some additional consistency checks that could be added here.
|
#
4cc20ab1 |
|
31-May-2002 |
Seigo Tanimura <tanimura@FreeBSD.org> |
Back out my lats commit of locking down a socket, it conflicts with hsu's work. Requested by: hsu
|
#
243917fe |
|
19-May-2002 |
Seigo Tanimura <tanimura@FreeBSD.org> |
Lock down a socket, milestone 1. o Add a mutex (sb_mtx) to struct sockbuf. This protects the data in a socket buffer. The mutex in the receive buffer also protects the data in struct socket. o Determine the lock strategy for each members in struct socket. o Lock down the following members: - so_count - so_options - so_linger - so_state o Remove *_locked() socket APIs. Make the following socket APIs touching the members above now require a locked socket: - sodisconnect() - soisconnected() - soisconnecting() - soisdisconnected() - soisdisconnecting() - sofree() - soref() - sorele() - sorwakeup() - sotryfree() - sowakeup() - sowwakeup() Reviewed by: alfred
|
#
960ed29c |
|
29-Apr-2002 |
Seigo Tanimura <tanimura@FreeBSD.org> |
Revert the change of #includes in sys/filedesc.h and sys/socketvar.h. Requested by: bde Since locking sigio_lock is usually followed by calling pgsigio(), move the declaration of sigio_lock and the definitions of SIGIO_*() to sys/signalvar.h. While I am here, sort include files alphabetically, where possible.
|
#
c1cd65ba |
|
24-Mar-2002 |
Bruce Evans <bde@FreeBSD.org> |
Fixed some style bugs in the removal of __P(()). Continuation lines were not outdented to preserve non-KNF lining up of code with parentheses. Switch to KNF formatting.
|
#
e3f406b3 |
|
22-Mar-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Prevent icmp_reflect() from calling ip_output() with a NULL route pointer which will then result in the allocated route's reference count never being decremented. Just flood ping the localhost and watch refcnt of the 127.0.0.1 route with netstat(1). Submitted by: jayanth Back out ip_output.c,v 1.143 and ip_mroute.c,v 1.69 that allowed ip_output() to be called with a NULL route pointer. The previous paragraph shows why this was a bad idea in the first place. MFC after: 0 days
|
#
4d77a549 |
|
19-Mar-2002 |
Alfred Perlstein <alfred@FreeBSD.org> |
Remove __P.
|
#
fd8e4ebc |
|
18-Feb-2002 |
Mike Barcroft <mike@FreeBSD.org> |
o Move NTOHL() and associated macros into <sys/param.h>. These are deprecated in favor of the POSIX-defined lowercase variants. o Change all occurrences of NTOHL() and associated marcros in the source tree to use the lowercase function variants. o Add missing license bits to sparc64's <machine/endian.h>. Approved by: jake o Clean up <machine/endian.h> files. o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>. o Remove prototypes for non-existent bswapXX() functions. o Include <machine/endian.h> in <arpa/inet.h> to define the POSIX-required ntohl() family of functions. o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>, and <sys/param.h>. o Prepend underscores to the ntohl() family to help deal with complexities associated with having MD (asm and inline) versions, and having to prevent exposure of these functions in other headers that happen to make use of endian-specific defines. o Create weak aliases to the canonical function name to help deal with third-party software forgetting to include an appropriate header. o Remove some now unneeded pollution from <sys/types.h>. o Add missing <arpa/inet.h> includes in userland. Tested on: alpha, i386 Reviewed by: bde, jake, tmm
|
#
04d59553 |
|
01-Dec-2001 |
Ruslan Ermilov <ru@FreeBSD.org> |
Allow for ip_output() to be called with a NULL route pointer. This fixes a panic I introduced yesterday in ip_icmp.c,v 1.64.
|
#
2326da5d |
|
28-Oct-2001 |
Matthew Dillon <dillon@FreeBSD.org> |
fix int argument used in printf w/ %ld (cast to long)
|
#
862e52ea |
|
20-Sep-2001 |
Munechika SUMIKAWA <sumikawa@FreeBSD.org> |
Fixed comment: ipip_input -> mroute_encapcheck. Reported by: bde
|
#
33ae84b7 |
|
18-Sep-2001 |
Munechika SUMIKAWA <sumikawa@FreeBSD.org> |
Removed ipip_input(). No codes calls it anymore due to ip_encap.c's encapsulation support.
|
#
f0ffb944 |
|
03-Sep-2001 |
Julian Elischer <julian@FreeBSD.org> |
Patches from Keiichi SHIMA <keiichi@iij.ad.jp> to make ip use the standard protosw structure again. Obtained from: Well, KAME I guess.
|
#
3f2e902a |
|
25-Jul-2001 |
Bill Fenner <fenner@FreeBSD.org> |
Somewhat modernize ip_mroute.c: - Use sysctl to export stats - Use ip_encap.c's encapsulation support - Update lkm to kld (is 6 years a record for a broken module?) - Remove some unused cruft
|
#
64dddc18 |
|
01-Jun-2001 |
Kris Kennaway <kris@FreeBSD.org> |
Add ``options RANDOM_IP_ID'' which randomizes the ID field of IP packets. This closes a minor information leak which allows a remote observer to determine the rate at which the machine is generating packets, since the default behaviour is to increment a counter for each packet sent. Reviewed by: -net Obtained from: OpenBSD
|
#
1a6e52d0 |
|
06-Feb-2001 |
Jeroen Ruigrok van der Werven <asmodai@FreeBSD.org> |
Fix typo: seperate -> separate. Seperate does not exist in the english language.
|
#
df5e1987 |
|
25-Nov-2000 |
Jonathan Lemon <jlemon@FreeBSD.org> |
Lock down the network interface queues. The queue mutex must be obtained before adding/removing packets from the queue. Also, the if_obytes and if_omcasts fields should only be manipulated under protection of the mutex. IF_ENQUEUE, IF_PREPEND, and IF_DEQUEUE perform all necessary locking on the queue. An IF_LOCK macro is provided, as well as the old (mutex-less) versions of the macros in the form _IF_ENQUEUE, _IF_QFULL, for code which needs them, but their use is discouraged. Two new macros are introduced: IF_DRAIN() to drain a queue, and IF_HANDOFF, which takes care of locking/enqueue, and also statistics updating/start if necessary.
|
#
e645a1ca |
|
17-Sep-2000 |
Kenjiro Cho <kjc@FreeBSD.org> |
change the evaluation order of the rsvp socket in rsvp_input() in favor of the new-style per-vif socket. this does not affect the behavior of the ISI rsvpd but allows another rsvp implementation (e.g., KOM rsvp) to take advantage of the new style for particular sockets while using the old style for others. in the future, rsvp supporn should be replaced by more generic router-alert support. PR: kern/20984 Submitted by: Martin Karsten <Martin.Karsten@KOM.tu-darmstadt.de> Reviewed by: kjc
|
#
e30177e0 |
|
14-Sep-2000 |
Ruslan Ermilov <ru@FreeBSD.org> |
Follow BSD/OS and NetBSD, keep the ip_id field in network order all the time. Requested by: wollman
|
#
04287599 |
|
31-Aug-2000 |
Ruslan Ermilov <ru@FreeBSD.org> |
Fixed broken ICMP error generation, unified conversion of IP header fields between host and network byte order. The details: o icmp_error() now does not add IP header length. This fixes the problem when icmp_error() is called from ip_forward(). In this case the ip_len of the original IP datagram returned with ICMP error was wrong. o icmp_error() expects all three fields, ip_len, ip_id and ip_off in host byte order, so DTRT and convert these fields back to network byte order before sending a message. This fixes the problem described in PR 16240 and PR 20877 (ip_id field was returned in host byte order). o ip_ttl decrement operation in ip_forward() was moved down to make sure that it does not corrupt the copy of original IP datagram passed later to icmp_error(). o A copy of original IP datagram in ip_forward() was made a read-write, independent copy. This fixes the problem I first reported to Garrett Wollman and Bill Fenner and later put in audit trail of PR 16240: ip_output() (not always) converts fields of original datagram to network byte order, but because copy (mcopy) and its original (m) most likely share the same mbuf cluster, ip_output()'s manipulations on original also corrupted the copy. o ip_output() now expects all three fields, ip_len, ip_off and (what is significant) ip_id in host byte order. It was a headache for years that ip_id was handled differently. The only compatibility issue here is the raw IP socket interface with IP_HDRINCL socket option set and a non-zero ip_id field, but ip.4 manual page was unclear on whether in this case ip_id field should be in host or network byte order.
|
#
62771f86 |
|
08-May-2000 |
Kenneth D. Merry <ken@FreeBSD.org> |
Include machine/in_cksum.h to unbreak options MROUTING.
|
#
6a800098 |
|
22-Dec-1999 |
Yoshinobu Inoue <shin@FreeBSD.org> |
IPSEC support in the kernel. pr_input() routines prototype is also changed to support IPSEC and IPV6 chained protocol headers. Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project
|
#
c3aac50f |
|
27-Aug-1999 |
Peter Wemm <peter@FreeBSD.org> |
$Id$ -> $FreeBSD$
|
#
dfd5dee1 |
|
06-May-1999 |
Peter Wemm <peter@FreeBSD.org> |
Add sufficient braces to keep egcs happy about potentially ambiguous if/else nesting.
|
#
01b7c082 |
|
17-Jan-1999 |
Bill Fenner <fenner@FreeBSD.org> |
Use dynamic memory allocation instead of mbuf's for multicast routing state. Note: this requires a recompilation of netstat (but netstat has been broken since rev 1.52 of ip_mroute.c anyway) Obtained from: Significantly based on Steve McCanne's <mccanne@cs.berkeley.edu> work for BSD/OS
|
#
ab54eac7 |
|
11-Jan-1999 |
Eivind Eklund <eivind@FreeBSD.org> |
Remove unused statics.
|
#
0b6205fe |
|
16-Dec-1998 |
Bill Fenner <fenner@FreeBSD.org> |
Add missing "break"s to allow multicast routing to work. Submitted by: Amancio Hasty <hasty@rah.star-gate.com>
|
#
f1d19042 |
|
07-Dec-1998 |
Archie Cobbs <archie@FreeBSD.org> |
The "easy" fixes for compiling the kernel -Wunused: remove unreferenced static and local variables, goto labels, and functions declared but not defined.
|
#
cfe8b629 |
|
22-Aug-1998 |
Garrett Wollman <wollman@FreeBSD.org> |
Yow! Completely change the way socket options are handled, eliminating another specialized mbuf type in the process. Also clean up some of the cruft surrounding IPFW, multicast routing, RSVP, and other ill-explored corners.
|
#
162886e2 |
|
16-Aug-1998 |
Bruce Evans <bde@FreeBSD.org> |
Fixed printf format errors.
|
#
5fa7f62e |
|
30-Jun-1998 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Byte count statistics of multicast vifs are invalid. The problem is caused by a wrong endianess in the sum. PR: 7115 Submitted by: Joao Carlos Mendes Luis <jonny@jonny.eng.br>
|
#
dc733423 |
|
17-Apr-1998 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Seventy-odd "its" / "it's" typos in comments fixed as per kern/6108.
|
#
303b270b |
|
08-Feb-1998 |
Eivind Eklund <eivind@FreeBSD.org> |
Staticize.
|
#
0b08f5f7 |
|
05-Feb-1998 |
Eivind Eklund <eivind@FreeBSD.org> |
Back out DIAGNOSTIC changes.
|
#
47cfdb16 |
|
04-Feb-1998 |
Eivind Eklund <eivind@FreeBSD.org> |
Turn DIAGNOSTIC into a new-style option.
|
#
55b211e3 |
|
28-Oct-1997 |
Bruce Evans <bde@FreeBSD.org> |
Removed unused #includes.
|
#
6c951b44 |
|
21-Sep-1997 |
Justin T. Gibbs <gibbs@FreeBSD.org> |
Update for new callout interface.
|
#
407529c0 |
|
19-Jul-1997 |
Bill Fenner <fenner@FreeBSD.org> |
Remove crufty LBL ifdef that only applies to Suns. Submitted by: Craig Leres <leres@ee.lbl.gov>
|
#
51a53488 |
|
24-Mar-1997 |
Bruce Evans <bde@FreeBSD.org> |
Don't include <sys/ioctl.h> in the kernel. Stage 2: include <sys/sockio.h> instead of <sys/ioctl.h> in network files.
|
#
cf4dae10 |
|
21-Feb-1997 |
Garrett Wollman <wollman@FreeBSD.org> |
Properly notice error returns from if_allmulti().
|
#
1130b656 |
|
14-Jan-1997 |
Jordan K. Hubbard <jkh@FreeBSD.org> |
Make the long-awaited change from $Id$ to $FreeBSD$ This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
|
#
477180fb |
|
13-Jan-1997 |
Garrett Wollman <wollman@FreeBSD.org> |
Use the new if_multiaddrs list for multicast addresses rather than the previous hackery involving struct in_ifaddr and arpcom. Get rid of the abominable multi_kludge. Update all network interfaces to use the new machanism. Distressingly few Ethernet drivers program the multicast filter properly (assuming the hardware has one, which it usually does).
|
#
2f1a0ba8 |
|
23-Nov-1996 |
Bill Fenner <fenner@FreeBSD.org> |
Allocate a header mbuf for the start of the encapsulated packet. The rest of the code was treating it as a header mbuf, but it was allocated as a normal mbuf. This fixes the panic: ip_output no HDR when you have a multicast tunnel configured.
|
#
32bd8943 |
|
12-Jul-1996 |
Bill Fenner <fenner@FreeBSD.org> |
Fix braino in rev 1.30 fix; m_copy() the mbuf that has the header pulled up already. This bug can cause the first packet from a source to a group to be corrupted when it is delivered to a process listening on the mrouter.
|
#
6ab46d52 |
|
11-Jul-1996 |
Bruce Evans <bde@FreeBSD.org> |
Don't use NULL in non-pointer contexts.
|
#
2eba8818 |
|
18-Apr-1996 |
Garrett Wollman <wollman@FreeBSD.org> |
Always call ip_output() with a valid route pointer. For igmp, also get the multicast option structure off the stack rather than malloc.
|
#
e62b8c49 |
|
26-Mar-1996 |
Bill Fenner <fenner@FreeBSD.org> |
Make rip_input() take the header length Move ipip_input() and rsvp_input() prototypes to ip_var.h Remove unused prototype for rip_ip_input() from ip_var.h Remove unused variable *opts from rip_output()
|
#
a5a2f8ad |
|
11-Mar-1996 |
Bill Fenner <fenner@FreeBSD.org> |
Cleaned up uninitialized 'rt' warning properly Make a copy of the header of a packet that gets queued due to lack of forwarding cache entry, so that nobody else can step on it. Thanks to Mike Karels <karels@bsdi.com> for pointing this one out.
|
#
2ee45d7d |
|
11-Mar-1996 |
David Greenman <dg@FreeBSD.org> |
Move or add #include <queue.h> in preparation for upcoming struct socket changes.
|
#
4bd49128 |
|
02-Mar-1996 |
Peter Wemm <peter@FreeBSD.org> |
Add more options into the conf/options and i386/conf/options.i386 files and the #include hooks so that 'make depend' is more useful. This covers most of the options I regularly use (but not all) and some other easy ones.
|
#
f708ef1b |
|
14-Dec-1995 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Another mega commit to staticize things.
|
#
ce7609a4 |
|
02-Dec-1995 |
Bruce Evans <bde@FreeBSD.org> |
Completed function declarations and/or added prototypes.
|
#
0312fbe9 |
|
14-Nov-1995 |
Poul-Henning Kamp <phk@FreeBSD.org> |
New style sysctl & staticize alot of stuff.
|
#
a98ca469 |
|
29-Oct-1995 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Second batch of cleanup changes. This time mostly making a lot of things static and some unused variables here and there.
|
#
1cb55cbf |
|
06-Oct-1995 |
Garrett Wollman <wollman@FreeBSD.org> |
Put newline at end of log()ed messages so syslog can't fill up your /var quite as fast.
|
#
6adca7ad |
|
23-Aug-1995 |
Garrett Wollman <wollman@FreeBSD.org> |
Fix some problems with multicast forwarding: Garrett, Here are some patches for the rate limiting code. It should be faster, and in particular it doesn't leak malloc'd memory any more when rate_limit'ing a phyint. It now uses an mbuf chain at each vif, instead of the static queue array. This means that the MAXQSIZE is now variable per vif (although there is no interface to change it other than a debugger); this is an area for more experimentation. Bill Submitted by: Bill Fenner <fenner@parc.xerox.com>
|
#
b124e4f2 |
|
26-Jul-1995 |
Garrett Wollman <wollman@FreeBSD.org> |
Fix test for determining when RSVP is inactive in a router. (In this case, multicast options are not passed to ip_mforward().) The previous version had a wrong test, thus causing RSVP mrouters to forward RSVP messages in violation of the spec.
|
#
59929500 |
|
24-Jul-1995 |
Garrett Wollman <wollman@FreeBSD.org> |
Declare rsvp_input() to take the correct set of arguments and figure out the receipt interface in the correct way.
|
#
524743b0 |
|
26-Jun-1995 |
Garrett Wollman <wollman@FreeBSD.org> |
From Bill Fenner: > Also, I don't remember if I sent you this; it affects PIM assert processing. Submitted by: Bill Fenner <fenner@parc.xerox.com>
|
#
46501611 |
|
19-Jun-1995 |
Garrett Wollman <wollman@FreeBSD.org> |
Fix a resource allocation bug where multicast forwarding would leak mbufs in certain cases when allocation of another mbuf has already failed. Submitted by: Bill Fenner <fenner@parc.xerox.com>
|
#
1c5de19a |
|
13-Jun-1995 |
Garrett Wollman <wollman@FreeBSD.org> |
Kernel side of 3.5 multicast routing code, based on work by Bill Fenner and other work done here. The LKM support is probably broken, but it still compiles and will be fixed later.
|
#
9b2e5354 |
|
30-May-1995 |
Rodney W. Grimes <rgrimes@FreeBSD.org> |
Remove trailing whitespace.
|
#
15bd2b43 |
|
08-Apr-1995 |
David Greenman <dg@FreeBSD.org> |
Implemented PCB hashing. Includes new functions in_pcbinshash, in_pcbrehash, and in_pcblookuphash.
|
#
8c62f8d8 |
|
02-Apr-1995 |
Bruce Evans <bde@FreeBSD.org> |
Remove redundant declarations.
|
#
b5e8ce9f |
|
16-Mar-1995 |
Bruce Evans <bde@FreeBSD.org> |
Add and move declarations to fix all of the warnings from `gcc -Wimplicit' (except in netccitt, netiso and netns) and most of the warnings from `gcc -Wnested-externs'. Fix all the bugs found. There were no serious ones.
|
#
d99c7a23 |
|
16-Mar-1995 |
Garrett Wollman <wollman@FreeBSD.org> |
This set of patches enables IP multicasting to work under FreeBSD. I am submitting them as context diffs for the following files: sys/netinet/ip_mroute.c sys/netinet/ip_var.h sys/netinet/raw_ip.c usr.sbin/mrouted/igmp.c usr.sbin/mrouted/prune.c The routine rip_ip_input in raw_ip.c is suggested by Mark Tinguely (tinguely@plains.nodak.edu). I have been running mrouted with these patches for over a week and nothing has seemed seriously wrong. It is being run in two places on our network as a tunnel on one and a subnet querier on the other. The only problem I have run into is that mrouted on the tunnel must start up last or the pruning isn't done correctly and multicast packets flood your subnets. Submitted by: Soochon Radee <slr@mitre.org>
|
#
6f05a6e8 |
|
22-Feb-1995 |
Bruce Evans <bde@FreeBSD.org> |
Fix benign type mismatch.
|
#
38aa9fc3 |
|
20-Feb-1995 |
David Greenman <dg@FreeBSD.org> |
Added missing newlines to calls to log().
|
#
ccc99991 |
|
20-Oct-1994 |
Garrett Wollman <wollman@FreeBSD.org> |
Bug fixes from John Brezak.
|
#
e2637b6b |
|
13-Oct-1994 |
Garrett Wollman <wollman@FreeBSD.org> |
Fix some endianness and packet header bugs found in BSDi's port of this code. (From mbone mailing-list.)
|
#
623ae52e |
|
02-Oct-1994 |
Poul-Henning Kamp <phk@FreeBSD.org> |
GCC cleanup. Reviewed by: Submitted by: Obtained from:
|
#
dea246f5 |
|
14-Sep-1994 |
Garrett Wollman <wollman@FreeBSD.org> |
Add code to make multicast routing be an LKM.
|
#
5e9ae478 |
|
13-Sep-1994 |
Garrett Wollman <wollman@FreeBSD.org> |
Shuffle some functions and variables around to make it possible for multicast routing to be implemented as an LKM. (There's still a bit of work to do in this area.)
|
#
f0068c4a |
|
06-Sep-1994 |
Garrett Wollman <wollman@FreeBSD.org> |
Initial get-the-easy-case-working upgrade of the multicast code to something more recent than the ancient 1.2 release contained in 4.4. This code has the following advantages as compared to previous versions (culled from the README file for the SunOS release): - True multicast delivery - Configurable rate-limiting of forwarded multicast traffic on each physical interface or tunnel, using a token-bucket limiter. - Simplistic classification of packets for prioritized dropping. - Administrative scoping of multicast address ranges. - Faster detection of hosts leaving groups. - Support for multicast traceroute (code not yet available). - Support for RSVP, the Resource Reservation Protocol. What still needs to be done: - The multicast forwarder needs testing. - The multicast routing daemon needs to be ported. - Network interface drivers need to have the `#ifdef MULTICAST' goop ripped out of them. - The IGMP code should probably be bogon-tested. Some notes about the porting process: In some cases, the Berkeley people decided to incorporate functionality from later releases of the multicast code, but then had to do things differently. As a result, if you look at Deering's patches, and then look at our code, it is not always obvious whether the patch even applies. Let the reader beware. I ran ip_mroute.c through several passes of `unifdef' to get rid of useless grot, and to permanently enable the RSVP support, which we will include as standard. Ported by: Garrett Wollman Submitted by: Steve Deering and Ajit Thyagarajan (among others)
|
#
3c4dd356 |
|
02-Aug-1994 |
David Greenman <dg@FreeBSD.org> |
Added $Id$
|
#
26f9a767 |
|
25-May-1994 |
Rodney W. Grimes <rgrimes@FreeBSD.org> |
The big 4.4BSD Lite to FreeBSD 2.0.0 (Development) patch. Reviewed by: Rodney W. Grimes Submitted by: John Dyson and David Greenman
|
#
df8bae1d |
|
24-May-1994 |
Rodney W. Grimes <rgrimes@FreeBSD.org> |
BSD 4.4 Lite Kernel Sources
|