Revert one line from r248885, which uncovered several bugs in processing
interaction between ksocket_incoming2() and soreceive().

This is direct commit to releng/10.0. A conservative solution for releng
branch. Proper fix in head is r259681.

PR: 184601
Sponsored by: Nginx, Inc.
Approved by: re (gjb)

- Copy stable/10 (r259064) to releng/10.0 as part of the
10.0-RELEASE cycle.
- Update __FreeBSD_version [1]
- Set branch name to -RC1

[1] 10.0-CURRENT __FreeBSD_version value ended at '55', so
start releng/10.0 at '100' so the branch is started with
a value ending in zero.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Merge from project branch via main. Uninteresting commits are trimmed.

Refactor of /dev/random device. Main points include:

* Userland seeding is no longer used. This auto-seeds at boot time
on PC/Desktop setups; this may need some tweeking and intelligence
from those folks setting up embedded boxes, but the work is believed
to be minimal.

* An entropy cache is written to /entropy (even during installation)
and the kernel uses this at next boot.

* An entropy file written to /boot/entropy can be loaded by loader(8)

* Hardware sources such as rdrand are fed into Yarrow, and are no
longer available raw.

------------------------------------------------------------------------
r256240 | des | 2013-10-09 21:14:16 +0100 (Wed, 09 Oct 2013) | 4 lines

Add a RANDOM_RWFILE option and hide the entropy cache code behind it.
Rename YARROW_RNG and FORTUNA_RNG to RANDOM_YARROW and RANDOM_FORTUNA.
Add the RANDOM_* options to LINT.

------------------------------------------------------------------------
r256239 | des | 2013-10-09 21:12:59 +0100 (Wed, 09 Oct 2013) | 2 lines

Define RANDOM_PURE_RNDTEST for rndtest(4).

------------------------------------------------------------------------
r256204 | des | 2013-10-09 18:51:38 +0100 (Wed, 09 Oct 2013) | 2 lines

staticize struct random_hardware_source

------------------------------------------------------------------------
r256203 | markm | 2013-10-09 18:50:36 +0100 (Wed, 09 Oct 2013) | 2 lines

Wrap some policy-rich code in 'if NOTYET' until we can thresh out
what it really needs to do.

------------------------------------------------------------------------
r256184 | des | 2013-10-09 10:13:12 +0100 (Wed, 09 Oct 2013) | 2 lines

Re-add /dev/urandom for compatibility purposes.

------------------------------------------------------------------------
r256182 | des | 2013-10-09 10:11:14 +0100 (Wed, 09 Oct 2013) | 3 lines

Add missing include guards and move the existing ones out of the
implementation namespace.

------------------------------------------------------------------------
r256168 | markm | 2013-10-08 23:14:07 +0100 (Tue, 08 Oct 2013) | 10 lines

Fix some just-noticed problems:

o Allow this to work with "nodevice random" by fixing where the
MALLOC pool is defined.

o Fix the explicit reseed code. This was correct as submitted, but
in the project branch doesn't need to set the "seeded" bit as this
is done correctly in the "unblock" function.

o Remove some debug ifdeffing.

o Adjust comments.

------------------------------------------------------------------------
r256159 | markm | 2013-10-08 19:48:11 +0100 (Tue, 08 Oct 2013) | 6 lines

Time to eat crow for me.

I replaced the sx_* locks that Arthur used with regular mutexes;
this turned out the be the wrong thing to do as the locks need to
be sleepable. Revert this folly.

# Submitted by: Arthur Mesh <arthurmesh@gmail.com> (In original diff)

------------------------------------------------------------------------
r256138 | des | 2013-10-08 12:05:26 +0100 (Tue, 08 Oct 2013) | 10 lines

Add YARROW_RNG and FORTUNA_RNG to sys/conf/options.

Add a SYSINIT that forces a reseed during proc0 setup, which happens
fairly late in the boot process.

Add a RANDOM_DEBUG option which enables some debugging printf()s.

Add a new RANDOM_ATTACH entropy source which harvests entropy from the
get_cyclecount() delta across each call to a device attach method.

------------------------------------------------------------------------
r256135 | markm | 2013-10-08 07:54:52 +0100 (Tue, 08 Oct 2013) | 8 lines

Debugging. My attempt at EVENTHANDLER(multiuser) was a failure; use
EVENTHANDLER(mountroot) instead.

This means we can't count on /var being present, so something will
need to be done about harvesting /var/db/entropy/... .

Some policy now needs to be sorted out, and a pre-sync cache needs
to be written, but apart from that we are now ready to go.

Over to review.

------------------------------------------------------------------------
r256094 | markm | 2013-10-06 23:45:02 +0100 (Sun, 06 Oct 2013) | 8 lines

Snapshot.

Looking pretty good; this mostly works now. New code includes:

* Read cached entropy at startup, both from files and from loader(8)
preloaded entropy. Failures are soft, but announced. Untested.

* Use EVENTHANDLER to do above just before we go multiuser. Untested.

------------------------------------------------------------------------
r256088 | markm | 2013-10-06 14:01:42 +0100 (Sun, 06 Oct 2013) | 2 lines

Fix up the man page for random(4). This mainly removes no-longer-relevant
details about HW RNGs, reseeding explicitly and user-supplied
entropy.

------------------------------------------------------------------------
r256087 | markm | 2013-10-06 13:43:42 +0100 (Sun, 06 Oct 2013) | 6 lines

As userland writing to /dev/random is no more, remove the "better
than nothing" bootstrap mode.

Add SWI harvesting to the mix.

My box seeds Yarrow by itself in a few seconds! YMMV; more to follow.

------------------------------------------------------------------------
r256086 | markm | 2013-10-06 13:40:32 +0100 (Sun, 06 Oct 2013) | 11 lines

Debug run. This now works, except that the "live" sources haven't
been tested. With all sources turned on, this unlocks itself in
a couple of seconds! That is no my box, and there is no guarantee
that this will be the case everywhere.

* Cut debug prints.

* Use the same locks/mutexes all the way through.

* Be a tad more conservative about entropy estimates.

------------------------------------------------------------------------
r256084 | markm | 2013-10-06 13:35:29 +0100 (Sun, 06 Oct 2013) | 5 lines

Don't use the "real" assembler mnemonics; older compilers may not
understand them (like when building CURRENT on 9.x).

# Submitted by: Konstantin Belousov <kostikbel@gmail.com>

------------------------------------------------------------------------
r256081 | markm | 2013-10-06 10:55:28 +0100 (Sun, 06 Oct 2013) | 12 lines

SNAPSHOT.

Simplify the malloc pools; We only need one for this device.

Simplify the harvest queue.

Marginally improve the entropy pool hashing, making it a bit faster
in the process.

Connect up the hardware "live" source harvesting. This is simplistic
for now, and will need to be made rate-adaptive.

All of the above passes a compile test but needs to be debugged.

------------------------------------------------------------------------
r256042 | markm | 2013-10-04 07:55:06 +0100 (Fri, 04 Oct 2013) | 25 lines

Snapshot. This passes the build test, but has not yet been finished or debugged.

Contains:

* Refactor the hardware RNG CPU instruction sources to feed into
the software mixer. This is unfinished. The actual harvesting needs
to be sorted out. Modified by me (see below).

* Remove 'frac' parameter from random_harvest(). This was never
used and adds extra code for no good reason.

* Remove device write entropy harvesting. This provided a weak
attack vector, was not very good at bootstrapping the device. To
follow will be a replacement explicit reseed knob.

* Separate out all the RANDOM_PURE sources into separate harvest
entities. This adds some secuity in the case where more than one
is present.

* Review all the code and fix anything obviously messy or inconsistent.
Address som review concerns while I'm here, like rename the pseudo-rng
to 'dummy'.

# Submitted by: Arthur Mesh <arthurmesh@gmail.com> (the first item)

------------------------------------------------------------------------
r255319 | markm | 2013-09-06 18:51:52 +0100 (Fri, 06 Sep 2013) | 4 lines

Yarrow wants entropy estimations to be conservative; the usual idea
is that if you are certain you have N bits of entropy, you declare
N/2.

------------------------------------------------------------------------
r255075 | markm | 2013-08-30 18:47:53 +0100 (Fri, 30 Aug 2013) | 4 lines

Remove short-lived idea; thread to harvest (eg) RDRAND enropy into the
usual harvest queues. It was a nifty idea, but too heavyweight.

# Submitted by: Arthur Mesh <arthurmesh@gmail.com>

------------------------------------------------------------------------
r255071 | markm | 2013-08-30 12:42:57 +0100 (Fri, 30 Aug 2013) | 4 lines

Separate out the Software RNG entropy harvesting queue and thread
into its own files.

# Submitted by: Arthur Mesh <arthurmesh@gmail.com>

------------------------------------------------------------------------
r254934 | markm | 2013-08-26 20:07:03 +0100 (Mon, 26 Aug 2013) | 2 lines

Remove the short-lived namei experiment.

------------------------------------------------------------------------
r254928 | markm | 2013-08-26 19:35:21 +0100 (Mon, 26 Aug 2013) | 2 lines

Snapshot; Do some running repairs on entropy harvesting. More needs
to follow.

------------------------------------------------------------------------
r254927 | markm | 2013-08-26 19:29:51 +0100 (Mon, 26 Aug 2013) | 15 lines

Snapshot of current work;

1) Clean up namespace; only use "Yarrow" where it is Yarrow-specific
or close enough to the Yarrow algorithm. For the rest use a neutral
name.

2) Tidy up headers; put private stuff in private places. More could
be done here.

3) Streamline the hashing/encryption; no need for a 256-bit counter;
128 bits will last for long enough.

There are bits of debug code lying around; these will be removed
at a later stage.

------------------------------------------------------------------------
r254784 | markm | 2013-08-24 14:54:56 +0100 (Sat, 24 Aug 2013) | 39 lines

1) example (partially humorous random_adaptor, that I call "EXAMPLE")
* It's not meant to be used in a real system, it's there to show how
the basics of how to create interfaces for random_adaptors. Perhaps
it should belong in a manual page

2) Move probe.c's functionality in to random_adaptors.c
* rename random_ident_hardware() to random_adaptor_choose()

3) Introduce a new way to choose (or select) random_adaptors via tunable
"rngs_want" It's a list of comma separated names of adaptors, ordered
by preferences. I.e.:
rngs_want="yarrow,rdrand"

Such setting would cause yarrow to be preferred to rdrand. If neither of
them are available (or registered), then system will default to
something reasonable (currently yarrow). If yarrow is not present, then
we fall back to the adaptor that's first on the list of registered
adaptors.

4) Introduce a way where RNGs can play a role of entropy source. This is
mostly useful for HW rngs.

The way I envision this is that every HW RNG will use this
functionality by default. Functionality to disable this is also present.
I have an example of how to use this in random_adaptor_example.c (see
modload event, and init function)

5) fix kern.random.adaptors from
kern.random.adaptors: yarrowpanicblock
to
kern.random.adaptors: yarrow,panic,block

6) add kern.random.active_adaptor to indicate currently selected
adaptor:
root@freebsd04:~ # sysctl kern.random.active_adaptor
kern.random.active_adaptor: yarrow

# Submitted by: Arthur Mesh <arthurmesh@gmail.com>

Submitted by: Dag-Erling Smørgrav <des@FreeBSD.org>, Arthur Mesh <arthurmesh@gmail.com>
Reviewed by: des@FreeBSD.org
Approved by: re (delphij)
Approved by: secteam (des,delphij)

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Bring in some behind-the-scenes development, mainly By Arthur Mesh,
the rest by me.

o Namespace cleanup; the Yarrow name is now restricted to where it
really applies; this is in anticipation of being augmented or
replaced by Fortuna in the future. Fortuna is mentioned, but behind
#if logic, and is ignorable for now.

o The harvest queue is pulled out into its own modules.

o Entropy harvesting is emproved, both by being made more conservative,
and by separating (a bit!) the sources. Available entropy crumbs are
marginally improved.

o Selection of sources is made clearer. With recent revelations,
this will receive more work in the weeks and months to come.

Submitted by: Arthur Mesh (partly) <arthurmesh@gmail.com>

Make default cache size more modern.

Requested by: Slawa Olhovchenkov <slw zxy.spb.ru>

Add support for the BCM20702A0 chipset, ASUS USB-BT400.

PR: kern/181728
Submitted by: rakuco

Sync USB bluetooth product list with Linux.

MFC after: 1 week

Add constant for PPP-Max-PayLoad tag.

Submitted by: Dmitry Luhtionov <dmitryluhtionov gmail.com>

PR: kern/168520

Revert GRN 253255. It is not needed now that GRN 253346 is committed.

PR: 168520 170096
Submitted by: adrian, zec

Fix multiple kernel panics when VIMAGE is enabled in the kernel.
These fixes are based on patches submitted by Adrian Chadd and Marko Zec.

(1) Set curthread->td_vnet to vnet0 in device_probe_and_attach() just before calling
device_attach(). This fixes multiple VIMAGE related kernel panics
when trying to attach Bluetooth or USB Ethernet devices because
curthread->td_vnet is NULL.

(2) Set curthread->td_vnet in if_detach(). This fixes kernel panics when detaching networking
interfaces, especially USB Ethernet devices.

(3) Use VNET_DOMAIN_SET() in ng_btsocket.c

(4) In ng_unref_node() set curthread->td_vnet. This fixes kernel panics
when detaching Netgraph nodes.

PR: kern/168520
Submitted by: "YAMAMOTO, Shigeru" <shigeru@iij.ad.jp>
Reviewed by: adrian

In PC-BSD 9.1, VIMAGE is enabled in the kernel config.
For laptops with Bluetooth capability, such as the HP Elitebook 8460p,
the kernel will panic upon bootup, because curthread->td_vnet
is not initialized.

Properly initialize curthread->td_vnet when initializing the Bluetooth stack.

This allows laptops such as the HP Elitebook 8460p laptop
to properly boot with VIMAGE kernels.

Fix several typos

PR: kern/176054
Submitted by: Christoph Mallon <christoph.mallon@gmx.de>
MFC after: 3 days

Fxi a bunch of typos.

PR: misc/174625
Submitted by: Jeremy Chadwick <jdc@koitsu.org>

Add const qualifier to the dst parameter of the ifnet if_output method.

- Correct mispellings of the word necessary

Submitted by: Christoph Mallon <christoph.mallon@gmx.de> (via private mail)

Attempt to clean up spacing and long lines.

Add blacklist entries for Atheros bluetooth device IDs that are known to
need firmware before they will re-attach as correctly functioning bluetooth
devices.

Reviewed by: maksim
Obtained from: Linux ath3k device driver

Revamp mbuf handling in ng_ksocket_incoming2():

- Clear code that workarounded a bug in FreeBSD 3,
and even predated import of netgraph(4).
- Clear workaround for m_nextpkt pointing into
next record in buffer (fixed in r248884).
Assert that m_nextpkt is clear.
- Do not rely on SOCK_STREAM sockets containing
M_PKTHDR mbufs. Create a header ourselves and
attach chain to it. This is correct fix for
kern/154676.

PR: kern/154676
Sponsored by: Nginx, Inc

Whitespace.

Non-functional cleanup of ng_ksocket_incoming2().

Return ENOMEM if malloc() fails.

Cleanup: wrap long lines, cleanup comments, etc.

Add NGM_NAT_LIBALIAS_INFO command, that reports internal stats
of libalias instance. To be used in the mpd5 daemon.

Submitted by: Dmitry Luhtionov <dmitryluhtionov gmail.com>

Fix compilation warning.

Sponsored by: Nginx, Inc

ng_ether_ifnet_arrival_event: check interface type before using IFP2NG

The check is copied from vnet_ng_ether_init.
Not sure if it covers all the types that we want to support with
ng_ether.

Reported by: markj
Discussed with: zec
MFC after: 10 days
X-MFC with: r246245

ng_ether: track interface renaming

Also sanitize interface names that can potentially contain characters
that are prohibited in netgraph names.

PR: kern/154850 (sanitizing of names)
Discussed with: eri, melifaro
Submitted by: Nikolay Denev <ndenev@gmail.com> (sanitizing code)
Reviewed by: eri, glebius
MFC after: 17 days

Use DEVMETHOD_END, as suggested by hselasky@.

Approved by: glebius

Use the correct USB interface macros instead of USB_IF_CSI.

As pointed out by hselasky@, USB_IF_CSI is the wrong macro here since we want
to declare the device's interface class, subclass and protocol, not class,
subclass and driver info.

Follow-up to r244704.

PR: kern/174707
Approved by: glebius
MFC after: 1 week

Add vendor IDs for Broadcom USB dongles (BCM20702).

PR: kern/174707
Submitted by: rakuco

Mechanically substitute flags from historic mbuf allocator with
malloc(9) flags within sys.

Exceptions:

- sys/contrib not touched
- sys/mbuf.h edited manually

Switch the entire IPv4 stack to keep the IP packet header
in network byte order. Any host byte order processing is
done in local variables and host byte order values are
never[1] written to a packet.

After this change a packet processed by the stack isn't
modified at all[2] except for TTL.

After this change a network stack hacker doesn't need to
scratch his head trying to figure out what is the byte order
at the given place in the stack.

[1] One exception still remains. The raw sockets convert host
byte order before pass a packet to an application. Probably
this would remain for ages for compatibility.

[2] The ip_input() still subtructs header len from ip->ip_len,
but this is planned to be fixed soon.

Reviewed by: luigi, Maxim Dounin <mdounin mdounin.ru>
Tested by: ray, Olivier Cochard-Labbe <olivier cochard.me>

Mechanically remove the last stray remains of spl* calls from net*/*.
They have been Noop's for a long time now.

Add NG_NETFLOW_V9INFO_TYPE command to be able to request netflowv9-specific
data.

Submitted by: Dmitry Luhtionov <dmitryluhtionov at gmail.com>
MFC after: 2 weeks

Revert previous commit...

Pointyhat to: kevlo (myself)

Prefer NULL over 0 for pointers

Fix typo: s/unknow/unknown

After r241245 it appeared that in_delayed_cksum(), which still expects
host byte order, was sometimes called with net byte order. Since we are
moving towards net byte order throughout the stack, the function was
converted to expect net byte order, and its consumers fixed appropriately:
- ip_output(), ipfilter(4) not changed, since already call
in_delayed_cksum() with header in net byte order.
- divert(4), ng_nat(4), ipfw_nat(4) now don't need to swap byte order
there and back.
- mrouting code and IPv6 ipsec now need to switch byte order there and
back, but I hope, this is temporary solution.
- In ipsec(4) shifted switch to net byte order prior to in_delayed_cksum().
- pf_route() catches up on r241245 changes to ip_output().

The USB Bluetooth driver should only grab its own interfaces. This allows the
USB bluetooth driver to co-exist with other USB device classes and drivers.

Reported by: Geoffrey Levand
MFC after: 1 week

Ensure that all cases that enqueue a netgraph item for delivery by a
ngthread properly set the item's depth to 1. In particular, prior to this
change if ng_snd_item failed to acquire a lock on a node, the item's depth
would not be set at all. This fix ensures that the error code from rcvmsg/
rcvdata is properly passed back to the apply callback. For example, this
fixes a bug where an error from rcvmsg/rcvdata would not previously
propagate back to a libnetgraph consumer when the message was queued.

Reviewed by: mav
MFC after: 1 month
Sponsored by: Sandvine Incorporated

o Create directory sys/netpfil, where all packet filters should
reside, and move there ipfw(4) and pf(4).

o Move most modified parts of pf out of contrib.

Actual movements:

sys/contrib/pf/net/*.c -> sys/netpfil/pf/
sys/contrib/pf/net/*.h -> sys/net/
contrib/pf/pfctl/*.c -> sbin/pfctl
contrib/pf/pfctl/*.h -> sbin/pfctl
contrib/pf/pfctl/pfctl.8 -> sbin/pfctl
contrib/pf/pfctl/*.4 -> share/man/man4
contrib/pf/pfctl/*.5 -> share/man/man5

sys/netinet/ipfw -> sys/netpfil/ipfw

The arguable movement is pf/net/*.h -> sys/net. There are
future plans to refactor pf includes, so I decided not to
break things twice.

Not modified bits of pf left in contrib: authpf, ftp-proxy,
tftp-proxy, pflogd.

The ipfw(4) movement is planned to be merged to stable/9,
to make head and stable match.

Discussed with: bz, luigi

Remove duplicate check.

Submitted by: Dmitry Luhtionov <dmitryluhtionov@gmail.com>

Add version so others can depend on this module

Make radix lookup on src and dst flow addresses optional
and configurable on per-interface basis.
Remove __inline__ for several functions being called once per
flow (e.g once per 10-20 packets on common traffic flows).
Update manual page to simplify search for BPF data link types.

Sponsored by Yandex LLC

Reviewed by: glebius
Approved by: ae(mentor)
MFC after: 2 weeks

Simplify IP pointer recovery in case of mbuf reallocation.

Reviewed by: glebius (previous version)
Approved by: ae(mentor)
MFC after: 2 weeks

Use time_uptime instead of getnanotime for accouting integer number of seconds.

Reviewed by: glebius
Approved by: ae(mentor)
MFC after: 1 week

Set netflow v9 observation domain value to fib number instead of node id.
This fixes multi-fib netflow v9 export.

Reviewed by: glebius
Approved by: kib(mentor)
MFC after: 1 week

Fix improper L4 header handling for IPv6 packets passed via DLT_RAW.

Reported by: Emil Muratov <gpm@hotplug.ru>
Reviewed by: glebius
Approved by: ae(mentor)
MFC after: 1 week

Revert my local not yet properly tested changes, that leaked in
with r235923.

Revert r220768 for ng_ksocket. This node is special and
when it is cloning, its constructor method may be called
in a context that isn't allowed to sleep.

Noticed by: Vadim Goncharov

Fix panic in ng_patch(4) caused by checksum flags being added to mbuf flags.

Tested by: Maxim Ignatenko <gelraen.ua@gmail.com>
Approved by: kib(mentor)

MFC after: 3 days

#include <net/vnet.h> is no longer needed here.

Spotted by: Ed Maste
MFC after: 3 days.

Fix compiler warnings, mostly signed issues,
when USB modules are compiled with WARNS=9.

MFC after: 1 weeks

Use rt_numfibs variable instead of compile-time RT_NUMFIBS.

Reviewed by: glebius (previous version)
Approved by: kib(mentor), ae(mentor)

Upgrade the netgraph vlan node to support 802.1q, encapsulation type,
PCP and CFI fields.

* Ethernet_type for VLAN encapsulation is tunable, default is 0x8100;
* PCP (Priority code point) and CFI (canonical format indicator) is
tunable per VID;
* Tunable encapsulation to support 802.1q
* Encapsulation/Decapsulation code improvements

New messages have been added for this netgraph node to support the
new features.

However, the legacy "vlan" id is still supported and compiled in by
default. It can be disabled in a future release.

TODO:

* Documentation
* Examples

PR: kern/161908
Submitted by: Ivan <rozhuk.im@gmail.com>

Revert r231829, that was my braino.

Refactor the name hash and the ID hash, that are used to address nodes:

- Make hash sizes growable, to satisfy users running large mpd
installations, having thousands of nodes.
- NG_NAMEHASH() proved to give a very bad distribution in real life
name sets, while generic hash32_str(name, HASHINIT) proved to give
an even one, so you the latter for name hash.
- Do not store unnamed nodes in slot 0 of name hash, no reason for that.
- Use the ID hash in cases when we need to run through all nodes: the
NGM_LISTNODES command and in the vnet_netgraph_uninit().
- Implement NGM_LISTNODES and NGM_LISTNAMES as separate code, the former
iterates through the ID hash, and the latter through the name hash.
- Keep count of all nodes and of named nodes, so that we don't need
to count nodes in NGM_LISTNODES and NGM_LISTNAMES. The counters are
also used to estimate whether we need to grow hashes.
- Close a race between two threads running ng_name_node() assigning same
name to different nodes.

Specify correct loading order for core of netgraph(4).

Supply correct "how" argument to the uma_zcreate().

In ng_getsockaddr() allocate memory prior to obtaining lock.

Reported & tested by: Mykola Dzham <i levsha.me>

Fix includes list.

Submitted by: bde

Trim double empty lines.

Remove testing stuff, reducing kernel memory footprint by 1 Kb.

Anyway, when we are building a LINT kernel, all these macros
are tested via nodes.

In ng_bypass() add more protection against potential race
with ng_rmnode() and its followers.

style(9): sort includes.

No need to optimise for a node with no hooks, my braino.

- Use fixed-width integer types.
- Prefer to use C99 stdint types.

This fixes ng_cisco on 64-bit architectures.

MFC after: 1 week

Remove direct access to si_name.

Code should just use the devtoname() function to obtain the name of a
character device. Also add const keywords to pieces of code that need it
to build properly.

MFC after: 2 weeks

Provide a findhook method for ng_socket(4). The node stores a
hash with names of its hooks. It starts with size of 16, and
grows when number of hooks reaches twice the current size. A
failure to grow (memory is allocated with M_NOWAIT) isn't
fatal, however.

I used standard hash(9) function for the hash. With 25000
hooks named in the mpd (ports/net/mpd5) manner of "b%u", the
distributions is the following: 72.1% entries consist of one
element, 22.1% consist of two, 5.2% consist of three and
0.6% of four.

Speedup in a synthetic test that creates 25000 hooks and then
runs through a long cyclce dereferencing them in a random order
is over 25 times.

In ng_socket(4) expose less kernel internals to userland. This commit
breaks ABI, but makes probability of ABI breakage in future less.

Convert locks that protect name hash, ID hash and typelist from
mutex(9) to rwlock(9) based locks.

While here remove dropping lock when processing NGM_LISTNODES,
and NGM_LISTTYPES generic commands. We don't need to drop it
since memory allocation is done with M_NOWAIT.

The newhook method can be called in ISR context at
certain circumstances, so better use M_NOWAIT in it.

Add missing static.

Remove some disabled NOTYET code. Probability of enabling it is low,
if anyone wants, he/she can take it from svn.

Use strchr() and strrchr().

It seems strchr() and strrchr() are used more often than index() and
rindex(). Therefore, simply migrate all kernel code to use it.

For the XFS code, remove an empty line to make the code identical to
the code in the Linux kernel.

style(9), whitespace and spelling nits.

In r191367 the need for if_free_type() was removed and a new member
if_alloctype was used to store the origional interface type. Take
advantage of this change by removing all existing uses of if_free_type()
in favor of if_free().

MFC after: 1 Month

Mark all SYSCTL_NODEs static that have no corresponding SYSCTL_DECLs.

The SYSCTL_NODE macro defines a list that stores all child-elements of
that node. If there's no SYSCTL_DECL macro anywhere else, there's no
reason why it shouldn't be static.

Mark MALLOC_DEFINEs static that have no corresponding MALLOC_DECLAREs.

This means that their use is restricted to a single C file.

- Fix potential double mbuf free: M_PREPEND may free mbuf chain and return
NULL but item will still have the reference ot the mbuf chain and will free
it upon destruction.
- Fix memory leak (unfree'd item on error path).

Fix potential double mbuf free: M_PREPEND may free mbuf chain and return
NULL but item will still have the reference ot the mbuf chain and will free
it upon destruction.

Constify "address" argument of ng_address_path().

- If KDB & NETGRAPH_DEBUG are on, print traces on discovered failed
invariants.
- Reduce tautology in NETGRAPH_DEBUG output.

Free mbuf in case when protocol in unknown in ng_ipfw_rcvdata().
This change fixes (theoretically) possible mbuf leak introduced in
r225586. Reorder code a bit and change return codes to be more specific

Reviewed by: glebius
Approved by: kib (mentor)

Add IPv6 support to the ng_ipfw(4) [1]. Also add ifdefs to be able
build it with and without INET/INET6 support.

Submitted by: Alexander V. Chernikov <melifaro at yandex-team.ru> [1]
Tested by: Alexander V. Chernikov <melifaro at yandex-team.ru> [1]
Approved by: re (bz)
MFC after: 2 weeks

Second-to-last commit implementing Capsicum capabilities in the FreeBSD
kernel for FreeBSD 9.0:

Add a new capability mask argument to fget(9) and friends, allowing system
call code to declare what capabilities are required when an integer file
descriptor is converted into an in-kernel struct file *. With options
CAPABILITIES compiled into the kernel, this enforces capability
protection; without, this change is effectively a no-op.

Some cases require special handling, such as mmap(2), which must preserve
information about the maximum rights at the time of mapping in the memory
map so that they can later be enforced in mprotect(2) -- this is done by
narrowing the rights in the existing max_protection field used for similar
purposes with file permissions.

In namei(9), we assert that the code is not reached from within capability
mode, as we're not yet ready to enforce namespace capabilities there.
This will follow in a later commit.

Update two capability names: CAP_EVENT and CAP_KEVENT become
CAP_POST_KEVENT and CAP_POLL_KEVENT to more accurately indicate what they
represent.

Approved by: re (bz)
Submitted by: jonathan
Sponsored by: Google Inc

remove RESTARTABLE_PANICS option

This is done per request/suggestion from John Baldwin
who introduced the option. Trying to resume normal
system operation after a panic is very unpredictable
and dangerous. It will become even more dangerous
when we allow a thread in panic(9) to penetrate all
lock contexts.
I understand that the only purpose of this option was
for testing scenarios potentially resulting in panic.

Suggested by: jhb
Reviewed by: attilio, jhb
X-MFC-After: never
Approved by: re (kib)

Clear pending ifnet events, in an attempt at preventing
ng_ether_link_state() from being dispatched after we have
cleared our IFP2NG(ifp).

MFC after: 3 days

In ng_attach_cntl() first allocate things that may fail, and then
do the rest of initialization. This simplifies code and fixes
a double free in failure scenario.

Reviewed by: bz

Add missing unlocks.

o Eliminate flow6_hash_entry in favor of flow_hash_entry. We don't need
a separate struct to start a slist of semi-opaque structs. This
makes some code more compact.
o Rewrite ng_netflow_flow_show() and its API/ABI:
- Support for IPv6 is added.
- Request and response now use same struct. Structure specifies
version (6 or 4), index of last retrieved hash, and also index
of last retrieved entry in the hash entry.

Fix build with NETGRAPH_DEBUG.

Fix build with NETGRAPH_DEBUG.

- Use refcount(9) API to manage node and hook refcounting.
- Make ng_unref_node() void, since caller shouldn't be
interested in whether node is valid after call or not,
since it can't be guaranteed to be valid. [1]

Ok from: julian [1]

Tag mbufs of all incoming frames or packets with the interface's FIB
setting (either default or if supported as set by SIOCSIFFIB, e.g.
from ifconfig).

Submitted by: Alexander V. Chernikov (melifaro ipfw.ru)
Reviewed by: julian
MFC after: 2 weeks

Fix double free.

Submitted by: Alexander V. Chernikov <melifaro ipfw.ru>

- Move all USB device ID arrays into so-called sections,
sorted according to the mode which they support:
host, device or dual mode
- Add generic tool to extract these data:
tools/bus_autoconf

Discussed with: imp
Suggested by: Robert Millan <rmh@debian.org>
PR: misc/157903
MFC after: 14 days

Be consistent with r160968: keep autoSrcAddr flag untouched when
node receives NGM_SHUTDOWN.

Submitted by: pluknet

Sync ng_nat with recent (r222806) ipfw_nat changes:

Make a behaviour of the libalias based in-kernel NAT a bit closer to
how natd(8) does work. natd(8) drops packets only when libalias returns
PKT_ALIAS_IGNORED and "deny_incoming" option is set, but ipfw_nat
always did drop packets that were not aliased, even if they should
not be aliased and just are going through.

Also add SCTP support: mark response packets to skip firewall processing.

MFC after: 1 month

Assume the link to be dead if bit error rate (BER) parameter is set to 1.
When a transition from link alive to link dead configuration or vice
versa occurs, notify any upstream and / or downstream peers using
NGM_FLOW messagges.

Link state notification using NGM_FLOW messages is modelled around
around already existing code in ng_ether.c.

MFC after: 3 days

Provide fake link status information in an attempt to let ng_eiface(4)
virtual ifnets more realistically mimic physical ethernet interfaces.
The main motivation behind this change is to allow for ng_eiface(4)
interfaces to participate in STP if_bridge(4) configurations.

When announcing link status changes, switch to the vnet to which the
ifnet belongs, since it is possible for ng_eiface ifnets to be assigned
to a vnet different from the one in which its netgraph node resides.

MFC after: 3 days

usb: fix a missed use of use_generic in r222051

Submitted by: gcooper
Pointyhat to: avg
MFC after: 1 month
X-MFC with: r222051

LibAliasInit() should allocate memory with M_WAITOK flag. Modify it
and its callers.

Finish last change.

Pointy hat to: glebius

Further cleanup of node creation path from M_NOWAIT usage.

ng_netflow_cache_init() can be void.

Node constructor methods are supposed to be called in syscall
context always. Convert nodes to consistently use M_WAITOK flag
for memory allocation.

Reviewed by: julian

Use M_WAITOK flag instead M_WAIT for malloc.

Suggested by: glebius
MFC after: 1 week

Fix error where error variable was assigned result of comparison,
instead of function return value.

Submitted by: Przemyslaw Frasunek <przemyslaw frasunek.com>
MFC after: 4 days

Properly unref ng_hub nodes on shutdown, so that we don't leak them.

MFC after: 3 days

Improve locking of creating and dropping links in the graph, acquiring
the topology mutex in the following functions, that manipulate pointers
to peer nodes:

- ng_bypass()
- ng_path2noderef() when switching to the next node in sequence.
Rewrite the function a bit.
- ng_address_hook()
- ng_address_path()

This patch improves stability of large mpd5 installations.

Remove spl(9) remnants.

Unbreak the build for no options INET6.

PR: kern/155227
Submitted by: Dmitry Afanasiev (KOT MATPOCKuH.Ru)

Add support for NetFlow version 9 into ng_netflow(4) node.

Submitted by: Alexander V. Chernikov <melifaro ipfw.ru>

Add XMIT_FAILOVER transmit algorithm to ng_one2many node. Packets are
delivered out the first active "many" hook.

PR: kern/137775
Submitted by: Maxim Ignatenko
MFC after: 2 weeks

Fix typos - remove duplicate "the".

PR: bin/154928
Submitted by: Eitan Adler <lists at eitanadler.com>
MFC after: 3 days

Mfp4 CH=177274,177280,177284-177285,177297,177324-177325

VNET socket push back:
try to minimize the number of places where we have to switch vnets
and narrow down the time we stay switched. Add assertions to the
socket code to catch possibly unset vnets as seen in r204147.

While this reduces the number of vnet recursion in some places like
NFS, POSIX local sockets and some netgraph, .. recursions are
impossible to fix.

The current expectations are documented at the beginning of
uipc_socket.c along with the other information there.

Sponsored by: The FreeBSD Foundation
Sponsored by: CK Software GmbH
Reviewed by: jhb
Tested by: zec

Tested by: Mikolaj Golub (to.my.trociny gmail.com)
MFC after: 2 weeks

sysctl(9) cleanup checkpoint: amd64 GENERIC builds cleanly.

Commit the netgraph piece.

Remove unneeded includes of <sys/linker_set.h>. Other headers that use
it internally contain nested includes.

Reviewed by: bde

Simplify ng_pipe locking model by relying on the netgraph framework
to provide serialization of calls into the node, which is accomplished
by markng the node as single-threaded (NGF_FORCE_WRITER).

The price we pay is that each ng_pipe instance now has its own callout
handler which polls for queued frames on each clock tick, as long as
the pipe has any frames in its internal queues. OTOH, we got rid of
the global ng_pipe mutex, so from now on multiple ng_pipe instances
can operate in parallel. This change also fixes counting of forwarded
frames when an ng_pipe node is not enforcing any packet impairments.

While here, attempt to improve adherance to style(9) throughout
otherwise mostly unreadable code.

MFC after: 3 days

After some off-list discussion, revert a number of changes to the
DPCPU_DEFINE and VNET_DEFINE macros, as these cause problems for various
people working on the affected files. A better long-term solution is
still being considered. This reversal may give some modules empty
set_pcpu or set_vnet sections, but these are harmless.

Changes reverted:

------------------------------------------------------------------------
r215318 | dim | 2010-11-14 21:40:55 +0100 (Sun, 14 Nov 2010) | 4 lines

Instead of unconditionally emitting .globl's for the __start_set_xxx and
__stop_set_xxx symbols, only emit them when the set_vnet or set_pcpu
sections are actually defined.

------------------------------------------------------------------------
r215317 | dim | 2010-11-14 21:38:11 +0100 (Sun, 14 Nov 2010) | 3 lines

Apply the STATIC_VNET_DEFINE and STATIC_DPCPU_DEFINE macros throughout
the tree.

------------------------------------------------------------------------
r215316 | dim | 2010-11-14 21:23:02 +0100 (Sun, 14 Nov 2010) | 2 lines

Add macros to define static instances of VNET_DEFINE and DPCPU_DEFINE.

Allow for MTU sizes of up to ETHER_MAX_LEN_JUMBO (i.e. 9018) bytes to be
configured on ng_eiface ifnets. The default MTU remains unchanged at
1500 bytes.

Mark ng_eiface ifnets as IFCAP_VLAN_MTU capable, so that the associated
vlan(4) ifnets may use full-sized Ethernet MTUs (1500 bytes).

MFC after: 3 days

Apply the STATIC_VNET_DEFINE and STATIC_DPCPU_DEFINE macros throughout
the tree.

When calling panic(), always pass a format string.

Fix typo

PR: kern/140590
MFC after: 3 days

Fix operation of "netgraph" action in conjunction with the
net.inet.ip.fw.one_pass sysctl.

The "ngtee" action is still broken.

PR: kern/148885
Submitted by: Nickolay Dudorov <nnd mail.nsk.ru>

Zero padding fields of netflow records. This helps to reduce
size of compressed export logs.

Requested by: Alexey Illarionov <littlesavage orionet.ru>

Remove defunct email address from header as well.

Remove email address that no longer exists.

Fix a double-free bug which can occur if both bit error rate and packet
duplication probability are configured on a ng_pipe node.

Submitted by: Jeffrey Ahrenholtz
MFC after: 3 days

Avoid double-free. In error cases ipfw(4) frees the mbuf(4), we don't
need to.

PR: kern/145462

The struct ipfw_rule_ref follows the struct m_tag. Deal with this
correctly. This fixes breakage of ng_ipfw(4) in r201527.

Submitted by: Alexander Zagrebin <alexz visp.ru>

* Include sys/systm.h for KASSERT()
* Remove unneeded includes and comment
* Replace home made OFFSETOF() macro with standard offsetof()

Pointed out by: bde
Approved by: kib (mentor)

Style(9) fixes:
* Sort includes
* Replace #define<SPACE> to #define<TAB>
* Split declarations and initializations
* Split long lines

Requested by: kib
Approved by: kib (mentor)
MFC after: 1 month

New netgraph node ng_patch(4). It performs data modification of packets
passing through. Modifications are restricted to a subset of C language
operations on unsigned integers of 8, 16, 32 or 64 bit size.
These are: set to new value (=), addition (+=), subtraction (-=),
multiplication (*=), division (/=), negation (= -), bitwise AND (&=),
bitwise OR (|=), bitwise eXclusive OR (^=), shift left (<<=),
shift right (>>=). Several operations are all applied to a packet
sequentially in order they were specified by user.

Submitted by: Maxim Ignatenko <gelraen.ua at gmail.com>
Vadim Goncharov <vadimnuclight at tpu.ru>
Discussed with: net@
Approved by: mav (mentor)
MFC after: 1 month

Remove some dead and incorrect code.

Found with: Coverity Prevent(tm)
CID: 4562

Fix a race between ngs_rcvmsg() and soclose() which closes the control
socket while it is still in use.
priv->ctlsock is checked at the top of the function but without any
lock held, which means the control socket state may certainly change.
Add a similar protection to ngs_shutdown() even if a race is unlikely
to be experienced there.

Sponsored by: Sandvine Incorporated
Obtained from: Nima Misaghian @ Sandvine Incorporated
<nmisaghian at sandvine dot com>
MFC after: 10 days

Increase the target buffer for performing NGM_ASCII2BINARY conversion
from 2000 bytes to 20 Kbytes, which now matches the buffer size used for
NGM_BINARY2ASCII conversions.

The aim of this change is to allow for bigger binary structures to be
managed via netgraph ASCII messages, until we come up with an API
improvement which would get rid of such arbitrary hardcoded limits.

MFC after: 3 days

Fix an invalid parameter detected by INVARIANT and confirmed by r193272.

Add an optional "persistent" flag to ng_hub and ng_bridge, which if set,
disables automatic node shutdown when the last hook gets disconnected.

Reviewed by: julian

When destroying a vnet, shut down all netgraph nodes tied to that vnet
before proceeding with dismantling other protocol domains.

This change only affects options VIMAGE builds.

Reviewed by: julian, bz
MFC after: 3 days

Add new tunable 'net.link.ifqmaxlen' to set default send interface
queue length. The default value for this parameter is 50, which is
quite low for many of today's uses and the only way to modify this
parameter right now is to edit if_var.h file. Also add read-only
sysctl with the same name, so that it's possible to retrieve the
current value.

MFC after: 1 month

Avoid undefined behaviour.

Reviewed by: zec@

Start copyright notice with /*-

Remove alignment constraints.

Remove alignment constraints.

Remove alignment constraints.

Remove some more alignment constraints.

Make ng_ksocket fulfill lower protocol stack layers alignment requirements
on platforms with strict alignment constraints.
This fixes kernel panics on arm and probably other architectures.

PR: sparc64/80410

Make ng_l2tp irrelevant to data alignment.

Make ng_ppp fulfill upper protocol stack layers alignment requirements
on platforms with strict alignment constraints.
This fixes kernel panics on arm and probably other architectures.

PR: sparc64/80410

Remove disabled code. In 99% cases exports are send to ng_ksocket(4), which
already forces queued mode, so what was suggested in disabled code is already
done.

Now fix functionality of 'netstat -f netgraph' that hasn't worked
starting from netgraph import in 1999.

netstat(8) used pointer to node as node address, oops. That didn't
work, we need the node ID in brackets to successfully address a node.
We can't look into ng_node, due to inability to include netgraph/netgraph.h
in userland code. So let the node make a hint for a userland, storing
the node ID in its private data.

MFC after: 2 weeks

Fix 'netstat -f netgraph', which I had broken in r163463 ling time
ago in 2006. This linked list is actually needed for userland.

PR: kern/140446
Submitted by: Adrian Steinmann <ast marabu.ch>

Declare a new EVENTHANDLER called iflladdr_event which signals that the L2
address on an interface has changed. This lets stacked interfaces such as
vlan(4) detect that their lower interface has changed and adjust things in
order to keep working. Previously this situation broke at least vlan(4) and
lagg(4) configurations.

The EVENTHANDLER_INVOKE call was not placed within if_setlladdr() due to the
risk of a loop.

PR: kern/142927
Submitted by: Nikolay Denev

Send link state change control messages to "orphans" hook as well.

MFC after: 1 week

ip_var.h now needs to be before ip_fw_private.h

Various cleanup done in ipfw3-head branch including:
- use a uniform mtag format for all packets that exit and re-enter
the firewall in the middle of a rulechain. On reentry, all tags
containing reinject info are renamed to MTAG_IPFW_RULE so the
processing is simpler.

- make ipfw and dummynet use ip_len and ip_off in network format
everywhere. Conversion is done only once instead of tracking
the format in every place.

- use a macro FREE_PKT to dispose of mbufs. This eases portability.

On passing i also removed a few typos, staticise or localise variables,
remove useless declarations and other minor things.

Overall the code shrinks a bit and is hopefully more readable.

I have tested functionality for all but ng_ipfw and if_bridge/if_ethersubr.
For ng_ipfw i am actually waiting for feedback from glebius@ because
we might have some small changes to make.
For if_bridge and if_ethersubr feedback would be welcome
(there are still some redundant parts in these two modules that
I would like to remove, but first i need to check functionality).

(S)LIST_HEAD_INITIALIZER takes a (S)LIST_HEAD as an argument.
Fix some wrong usages.
Note: this does not affect generated binaries as this argument is not used.

PR: 137213
Submitted by: Eygene Ryabinkin (initial version)
MFC after: 1 month

bring the NGM_IPFW_COOKIE back into ng_ipfw.h, libnetgraph expects
to find it there. Unfortunately this reintroduces the dependency
on ip_fw_pfil.c

bring in several cleanups tested in ipfw3-head branch, namely:

r201011
- move most of ng_ipfw.h into ip_fw_private.h, as this code is
ipfw-specific. This removes a dependency on ng_ipfw.h from some files.

- move many equivalent definitions of direction (IN, OUT) for
reinjected packets into ip_fw_private.h

- document the structure of the packet tags used for dummynet
and netgraph;

r201049
- merge some common code to attach/detach hooks into
a single function.

r201055
- remove some duplicated code in ip_fw_pfil. The input
and output processing uses almost exactly the same code so
there is no need to use two separate hooks.
ip_fw_pfil.o goes from 2096 to 1382 bytes of .text

r201057 (see the svn log for full details)
- macros to make the conversion of ip_len and ip_off
between host and network format more explicit

r201113 (the remaining parts)
- readability fixes -- put braces around some large for() blocks,
localize variables so the compiler does not think they are uninitialized,
do not insist on precise allocation size if we have more than we need.

r201119
- when doing a lookup, keys must be in big endian format because
this is what the radix code expects (this fixes a bug in the
recently-introduced 'lookup' option)

No ABI changes in this commit.

MFC after: 1 week

merge code from ipfw3-head to reduce contention on the ipfw lock
and remove all O(N) sequences from kernel critical sections in ipfw.

In detail:

1. introduce a IPFW_UH_LOCK to arbitrate requests from
the upper half of the kernel. Some things, such as 'ipfw show',
can be done holding this lock in read mode, whereas insert and
delete require IPFW_UH_WLOCK.

2. introduce a mapping structure to keep rules together. This replaces
the 'next' chain currently used in ipfw rules. At the moment
the map is a simple array (sorted by rule number and then rule_id),
so we can find a rule quickly instead of having to scan the list.
This reduces many expensive lookups from O(N) to O(log N).

3. when an expensive operation (such as insert or delete) is done
by userland, we grab IPFW_UH_WLOCK, create a new copy of the map
without blocking the bottom half of the kernel, then acquire
IPFW_WLOCK and quickly update pointers to the map and related info.
After dropping IPFW_LOCK we can then continue the cleanup protected
by IPFW_UH_LOCK. So userland still costs O(N) but the kernel side
is only blocked for O(1).

4. do not pass pointers to rules through dummynet, netgraph, divert etc,
but rather pass a <slot, chain_id, rulenum, rule_id> tuple.
We validate the slot index (in the array of #2) with chain_id,
and if successful do a O(1) dereference; otherwise, we can find
the rule in O(log N) through <rulenum, rule_id>

All the above does not change the userland/kernel ABI, though there
are some disgusting casts between pointers and uint32_t

Operation costs now are as follows:

Function Old Now Planned
-------------------------------------------------------------------
+ skipto X, non cached O(N) O(log N)
+ skipto X, cached O(1) O(1)
XXX dynamic rule lookup O(1) O(log N) O(1)
+ skipto tablearg O(N) O(1)
+ reinject, non cached O(N) O(log N)
+ reinject, cached O(1) O(1)
+ kernel blocked during setsockopt() O(N) O(1)
-------------------------------------------------------------------

The only (very small) regression is on dynamic rule lookup and this will
be fixed in a day or two, without changing the userland/kernel ABI

Supported by: Valeria Paoli
MFC after: 1 month

add ip_fw_private.h to ng_ipfw.c, forgotten in previous commit;
comment out remove ip_fw.h from ng_bridge.c, as it seems unused.

MFC after: 1 month

Take a step towards removing if_watchdog/if_timer. Don't explicitly set
if_watchdog/if_timer to NULL/0 when initializing an ifnet. if_alloc()
sets those members to NULL/0 already.

Spell DIAGNOSTIC correctly.

Virtualize the pfil hooks so that different jails may chose different
packet filters. ALso allows ipfw to be enabled on on ejail and disabled
on another. In 8.0 it's a global setting.

Sitting aroung in tree waiting to commit for: 2 months
MFC after: 2 months

Get those pesky RFCOMM RPM data bits right. This is likely a noop.

MFC after: 1 month

Rework global locks for interface list and index management, correcting
several critical bugs, including race conditions and lock order issues:

Replace the single rwlock, ifnet_lock, with two locks, an rwlock and an
sxlock. Either can be held to stablize the lists and indexes, but both
are required to write. This allows the list to be held stable in both
network interrupt contexts and sleepable user threads across sleeping
memory allocations or device driver interactions. As before, writes to
the interface list must occur from sleepable contexts.

Reviewed by: bz, julian
MFC after: 3 days

Purge mergeinfo from files that were temporarily renamed while USB2 was
imported into the tree alongside USB.

Approved by: re (mergeinfo blanket)

Merge the remainder of kern_vimage.c and vimage.h into vnet.c and
vnet.h, we now use jails (rather than vimages) as the abstraction
for virtualization management, and what remained was specific to
virtual network stacks. Minor cleanups are done in the process,
and comments updated to reflect these changes.

Reviewed by: bz
Approved by: re (vimage blanket)

Introduce and use a sysinit-based initialization scheme for virtual
network stacks, VNET_SYSINIT:

- Add VNET_SYSINIT and VNET_SYSUNINIT macros to declare events that will
occur each time a network stack is instantiated and destroyed. In the
!VIMAGE case, these are simply mapped into regular SYSINIT/SYSUNINIT.
For the VIMAGE case, we instead use SYSINIT's to track their order and
properties on registration, using them for each vnet when created/
destroyed, or immediately on module load for already-started vnets.
- Remove vnet_modinfo mechanism that existed to serve this purpose
previously, as well as its dependency scheme: we now just use the
SYSINIT ordering scheme.
- Implement VNET_DOMAIN_SET() to allow protocol domains to declare that
they want init functions to be called for each virtual network stack
rather than just once at boot, compiling down to DOMAIN_SET() in the
non-VIMAGE case.
- Walk all virtualized kernel subsystems and make use of these instead
of modinfo or DOMAIN_SET() for init/uninit events. In some cases,
convert modular components from using modevent to using sysinit (where
appropriate). In some cases, do minor rejuggling of SYSINIT ordering
to make room for or better manage events.

Portions submitted by: jhb (VNET_SYSINIT), bz (cleanup)
Discussed with: jhb, bz, julian, zec
Reviewed by: bz
Approved by: re (VIMAGE blanket)

Reimplement and/or implement vnet list locking by replacing a mostly
unused custom mutex/condvar-based sleep locks with two locks: an
rwlock (for non-sleeping use) and sxlock (for sleeping use). Either
acquired for read is sufficient to stabilize the vnet list, but both
must be acquired for write to modify the list.

Replace previous no-op read locking macros, used in various places
in the stack, with actual locking to prevent race conditions. Callers
must declare when they may perform unbounded sleeps or not when
selecting how to lock.

Refactor vnet sysinits so that the vnet list and locks are initialized
before kernel modules are linked, as the kernel linker will use them
for modules loaded by the boot loader.

Update various consumers of these KPIs based on whether they may sleep
or not.

Reviewed by: bz
Approved by: re (kib)

Remove unused VNET_SET() and related macros; only VNET_GET() is
ever actually used. Rename VNET_GET() to VNET() to shorten
variable references.

Discussed with: bz, julian
Reviewed by: bz
Approved by: re (kensmith, kib)

Build on Jeff Roberson's linker-set based dynamic per-CPU allocator
(DPCPU), as suggested by Peter Wemm, and implement a new per-virtual
network stack memory allocator. Modify vnet to use the allocator
instead of monolithic global container structures (vinet, ...). This
change solves many binary compatibility problems associated with
VIMAGE, and restores ELF symbols for virtualized global variables.

Each virtualized global variable exists as a "reference copy", and also
once per virtual network stack. Virtualized global variables are
tagged at compile-time, placing the in a special linker set, which is
loaded into a contiguous region of kernel memory. Virtualized global
variables in the base kernel are linked as normal, but those in modules
are copied and relocated to a reserved portion of the kernel's vnet
region with the help of a the kernel linker.

Virtualized global variables exist in per-vnet memory set up when the
network stack instance is created, and are initialized statically from
the reference copy. Run-time access occurs via an accessor macro, which
converts from the current vnet and requested symbol to a per-vnet
address. When "options VIMAGE" is not compiled into the kernel, normal
global ELF symbols will be used instead and indirection is avoided.

This change restores static initialization for network stack global
variables, restores support for non-global symbols and types, eliminates
the need for many subsystem constructors, eliminates large per-subsystem
structures that caused many binary compatibility issues both for
monitoring applications (netstat) and kernel modules, removes the
per-function INIT_VNET_*() macros throughout the stack, eliminates the
need for vnet_symmap ksym(2) munging, and eliminates duplicate
definitions of virtualized globals under VIMAGE_GLOBALS.

Bump __FreeBSD_version and update UPDATING.

Portions submitted by: bz
Reviewed by: bz, zec
Discussed with: gnn, jamie, jeff, jhb, julian, sam
Suggested by: peter
Approved by: re (kensmith)

Fix infinite loop in ng_iface, that happens when packet passes out via
two different ng interfaces sequentially due to tunnelling.

PR: kern/134557
Submitted by: Mikolaj Golub
Approved by: re (kensmith)
MFC after: 3 days

- Turn the third (islocked) argument of the knote call into flags parameter.
Introduce the new flag KNF_NOKQLOCK to allow event callers to be called
without KQ_LOCK mtx held.
- Modify VFS knote calls to always use KNF_NOKQLOCK flag. This is required
for ZFS as its getattr implementation may sleep.

Approved by: re (rwatson)
Reviewed by: kib
MFC after: 2 weeks

Use if_maddr_rlock()/if_maddr_runlock() rather than IF_ADDR_LOCK()/
IF_ADDR_UNLOCK() across network device drivers when accessing the
per-interface multicast address list, if_multiaddrs. This will
allow us to change the locking strategy without affecting our driver
programming interface or binary interface.

For two wireless drivers, remove unnecessary locking, since they
don't actually access the multicast address list.

Approved by: re (kib)
MFC after: 6 weeks

Update Netgraph nodes to use if_addr_rlock()/if_addr_runlock() instead
of IF_ADDR_LOCK()/IF_ADDR_UNLOCK() when iterating ifp->if_addrhead.

MFC after: 6 weeks

Use proper form of gnu designated initalizers. This lets
clang compile this files.

Approved by: ed (mentor)
Silence from: harti (maintainer?)

After cleaning up rt_tables from vnet.h and cleaning up opt_route.h
a lot of files no longer need route.h either. Garbage collect them.
While here remove now unneeded vnet.h #includes as well.

Mark ng_ether node hooks as HI_STACK. It is usually the last point when
netgraph may unroll the call stack, and I have found that in some cases 2K
guarantied there for i386 may be not enough for NIC driver and BPF.

Fix a typeo in the frame len function to unbreak the build, make it shorter
while I am here.

- Make struct usb_xfer opaque so that drivers can not access the internals
- Reduce the number of headers needed for a usb driver, the common case is just usb.h and usbdi.h

s/usb2_/usb_|usbd_/ on all function names for the USB stack.

Assign ng_eiface nodes a netgraph name on instantiation, in a way which
is consistent with the current behavior of ng_iface, i.e. borrow the
same naming code from ng_iface.c.

Approved by: julian (mentor)

Introduce a mechanism for detecting calls from outbound path of the
network stack when reentering the inbound path from netgraph, and
force queueing of mbufs at the outbound netgraph node.

The mechanism relies on two components. First, in netgraph nodes
where outbound path of the network stack calls into netgraph, the
current thread has to be appropriately marked using the new
NG_OUTBOUND_THREAD_REF() macro before proceeding to call further
into the netgraph topology, and unmarked using the
NG_OUTBOUND_THREAD_UNREF() macro before returning to the caller.
Second, netgraph nodes which can potentially reenter the network
stack in the inbound path have to mark their inbound hooks using
NG_HOOK_SET_TO_INBOUND() macro. The netgraph framework will then
detect when there is a danger of a call graph looping back from
outbound to inbound path via netgraph, and defer handing off the
mbufs to the "inbound" node to a worker thread with a clean stack.

In this first pass only the most obvious netgraph nodes have been
updated to ensure no outbound to inbound calls can occur. Nodes
such as ng_ipfw, ng_gif etc. should be further examined whether a
potential for outbound to inbound call looping exists.

This commit changes the layout of struct thread, but due to
__FreeBSD_version number shortage a version bump has been omitted
at this time, nevertheless kernel and modules have to be rebuilt.

Reviewed by: julian, rwatson, bz
Approved by: julian (mentor)

Close long existed race with net.inet.ip.fw.one_pass = 0:
If packet leaves ipfw to other kernel subsystem (dummynet, netgraph, etc)
it carries pointer to matching ipfw rule. If this packet then reinjected back
to ipfw, ruleset processing starts from that rule. If rule was deleted
meanwhile, due to existed race condition panic was possible (as well as
other odd effects like parsing rules in 'reap list').

P.S. this commit changes ABI so userland ipfw related binaries should be
recompiled.

MFC after: 1 month
Tested by: Mikolaj Golub

World now builds without these defines, so eliminate them.

Approved by: julian@

After r193232 rt_tables in vnet.h are no longer indirectly dependent on
the ROUTETABLES kernel option thus there is no need to include opt_route.h
anymore in all consumers of vnet.h and no longer depend on it for module
builds.

Remove the hidden include in flowtable.h as well and leave the two
explicit #includes in ip_input.c and ip_output.c.

Introduce an infrastructure for dismantling vnet instances.

Vnet modules and protocol domains may now register destructor
functions to clean up and release per-module state. The destructor
mechanisms can be triggered by invoking "vimage -d", or a future
equivalent command which will be provided via the new jail framework.

While this patch introduces numerous placeholder destructor functions,
many of those are currently incomplete, thus leaking memory or (even
worse) failing to stop all running timers. Many of such issues are
already known and will be incrementaly fixed over the next weeks in
smaller incremental commits.

Apart from introducing new fields in structs ifnet, domain, protosw
and vnet_net, which requires the kernel and modules to be rebuilt, this
change should have no impact on nooptions VIMAGE builds, since vnet
destructors can only be called in VIMAGE kernels. Moreover,
destructor functions should be in general compiled in only in
options VIMAGE builds, except for kernel modules which can be safely
kldunloaded at run time.

Bump __FreeBSD_version to 800097.
Reviewed by: bz, julian
Approved by: rwatson, kib (re), julian (mentor)

Rework socket upcalls to close some races with setup/teardown of upcalls.
- Each socket upcall is now invoked with the appropriate socket buffer
locked. It is not permissible to call soisconnected() with this lock
held; however, so socket upcalls now return an integer value. The two
possible values are SU_OK and SU_ISCONNECTED. If an upcall returns
SU_ISCONNECTED, then the soisconnected() will be invoked on the
socket after the socket buffer lock is dropped.
- A new API is provided for setting and clearing socket upcalls. The
API consists of soupcall_set() and soupcall_clear().
- To simplify locking, each socket buffer now has a separate upcall.
- When a socket upcall returns SU_ISCONNECTED, the upcall is cleared from
the receive socket buffer automatically. Note that a SO_SND upcall
should never return SU_ISCONNECTED.
- All this means that accept filters should now return SU_ISCONNECTED
instead of calling soisconnected() directly. They also no longer need
to explicitly clear the upcall on the new socket.
- The HTTP accept filter still uses soupcall_set() to manage its internal
state machine, but other accept filters no longer have any explicit
knowlege of socket upcall internals aside from their return value.
- The various RPC client upcalls currently drop the socket buffer lock
while invoking soreceive() as a temporary band-aid. The plan for
the future is to add a new flag to allow soreceive() to be called with
the socket buffer locked.
- The AIO callback for socket I/O is now also invoked with the socket
buffer locked. Previously sowakeup() would drop the socket buffer
lock only to call aio_swake() which immediately re-acquired the socket
buffer lock for the duration of the function call.

Discussed with: rwatson, rmacklem

s/usb2_/usb_/ on all typedefs for the USB stack.

s/usb2_/usb_/ on all C structs for the USB stack.

Hook ubt and ubtbcmfw back up to the build.

move ng_ubt_var.h back to its original place

move ng_ubt.c back to its original place

move ubtbcmfw.c back to its original place

Delete the bluetooth drivers for the old usb stack.

Fix copy-paste bug in NGM_NETFLOW_SETCONFIG argument size verification.

PR: kern/134220
Submitted by: Eugene Mychlo
MFC after: 1 week

Unbreak LINT build, caused by a change in struct ng_node layout introduced
with r191816, which become uncovered only with NETGRAPH_DEBUG defined.

NOT approved by mentor (julian) due to emergency.

Change the curvnet variable from a global const struct vnet *,
previously always pointing to the default vnet context, to a
dynamically changing thread-local one. The currvnet context
should be set on entry to networking code via CURVNET_SET() macros,
and reverted to previous state via CURVNET_RESTORE(). Recursions
on curvnet are permitted, though strongly discuouraged.

This change should have no functional impact on nooptions VIMAGE
kernel builds, where CURVNET_* macros expand to whitespace.

The curthread->td_vnet (aka curvnet) variable's purpose is to be an
indicator of the vnet context in which the current network-related
operation takes place, in case we cannot deduce the current vnet
context from any other source, such as by looking at mbuf's
m->m_pkthdr.rcvif->if_vnet, sockets's so->so_vnet etc. Moreover, so
far curvnet has turned out to be an invaluable consistency checking
aid: it helps to catch cases when sockets, ifnets or any other
vnet-aware structures may have leaked from one vnet to another.

The exact placement of the CURVNET_SET() / CURVNET_RESTORE() macros
was a result of an empirical iterative process, whith an aim to
reduce recursions on CURVNET_SET() to a minimum, while still reducing
the scope of CURVNET_SET() to networking only operations - the
alternative would be calling CURVNET_SET() on each system call entry.
In general, curvnet has to be set in three typicall cases: when
processing socket-related requests from userspace or from within the
kernel; when processing inbound traffic flowing from device drivers
to upper layers of the networking stack, and when executing
timer-driven networking functions.

This change also introduces a DDB subcommand to show the list of all
vnet instances.

Approved by: julian (mentor)

In preparation to make options VIMAGE operational, where needed,
initialize / release netgraph related state in iattach() / idetach()
functions called via the vnet module registration / initialization
framework, instead of initialization / cleanups being done in
mod_event handlers.

While here, introduce a crude hack aimed at preventing ng_ether to
autoattach to ng_eiface ifnets, which are also netgraph nodes already.

Reviewed by: bz
Approved by: julian (mentor)

Lock the interface address list while building replies to
NGM_CISCO_COOKIE messages in ng_iface.

MFC after: 2 weeks

Lock interface address list when building a reply to NGM_EIFACE_GET_IFADDRS
messages in ng_eiface.

MFC after: 2 weeks

Switch ubtbcmfw(4) to use si_drv1 instead of storing the unit number.

The unit number is still used to store the type of the device node.

Approved by: emax

Change if_output to take a struct route as its fourth argument in order
to allow passing a cached struct llentry * down to L2

Reviewed by: rwatson

Make Netgraph compile with Clang.

Clang disallows structs with variable length arrays to be nested inside
other structs, because this is in violation with ISO C99. Even though we
can keep bugging the LLVM folks about this issue, we'd better just fix
our code to not do this. This code seems to be the only code in the
entire source tree that does this.

I haven't tested this patch by using the kernel modules in question, but
Diane Bruce and I have compared disassembled versions of these kernel
modules. We would have expected them to be exactly the same, but due to
randomness in the register allocator and reordering of instructions,
there were some minor differences.

Approved by: julian

Add memmove() to the kernel, making the kernel compile with Clang.

When copying big structures, LLVM generates calls to memmove(), because
it may not be able to figure out whether structures overlap. This caused
linker errors to occur. memmove() is now implemented using bcopy().
Ideally it would be the other way around, but that can be solved in the
future. On ARM we don't do add anything, because it already has
memmove().

Discussed on: arch@
Reviewed by: rdivacky

For all files including net/vnet.h directly include opt_route.h and
net/route.h.

Remove the hidden include of opt_route.h and net/route.h from net/vnet.h.

We need to make sure that both opt_route.h and net/route.h are included
before net/vnet.h because of the way MRT figures out the number of FIBs
from the kernel option. If we do not, we end up with the default number
of 1 when including net/vnet.h and array sizes are wrong.

This does not change the list of files which depend on opt_route.h
but we can identify them now more easily.

Update comment. soalloc() is no longer performing M_WAITOK memory allocations.

Submitted by: ru
MFC after: 3 days

Allow unprivileged users to run l2ping(8).

MFC after: 1 month

Check for infinite recursion possible on some broken PPTP/L2TP/... VPN setups.
Mark packets with mbuf_tag on first interface passage and drop on second.

PR: ports/129625, ports/125303,
MFC after: 2 weeks

Properly return error code to the caller. This should fix the following
panic in ng_l2cap(4).

panic: ng_l2cap_l2ca_con_req: ubt0l2cap - could not find connection!

While i'm here get rid of few goto's.

MFC after: 1 week

If source mbuf chain consists of only one mbuf, use it directly as source
buffer to avoid extra copying.

Use m_unshare()+m_copyback() instead of m_freem()+m_devget() to keep
original mbuf chain headers. It can be less efficient in some cases, but it
looks better then mess of copying headers into the nonempty chain.

Remove strict limitation on minimal multilink MRRU. RFC claims that MRRU
of 1500 must be supported, but allows smaller values to be negotiated.
Enforce specified MRRU for outgoing frames.

MFC after: 2 weeks

Mark ng_vjc node as FORCE_WRITER to protect slcompress state.
I think it can be the reason of livelock in netgraph reported by some
mpd users.

MFC after: 3 days

shave about 7% off the overhead of ng_ether by using per-hook
receive data methods.

Add a trivial node to reflect ethernet frames to whence they came.

MFC after: 1 month

Change message severity level from WARN to INFO. This should reduce
amount of messages sent to syslog

MFC after: 1 week

Unroll two loops of SHA1Update(). 60 bytes of static memory is not a price.

This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,

The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.

Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:

- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion

To avoid one doubtless netgraph SMP scalability limitation point, switch
node queues processing from single swi:net thread to several specialized
threads.

Reviewed by: julian
Tested with: Netperf Cluster

Revert rev. 183277:

Remove ng_rmnode_flags() function.
ng_rmnode_self() was made to be called only while having node locked.
When node is properly locked, any function call sent to it will always be
queued. So turning ng_rmnode_self() into the ng_rmnode_flags() is not just
meaningless, but incorrent, as it violates node locking when called outside.

No objections: julian, thompsa

Remove node shutdown on tty close. This could be easily done by user-level
while it's present implementation with ng_rmnode_flags() is at least
incorrect.

Change ttyhook_register() second argument from thread to process pointer.
Thread was not really needed there, while previous ng_tty implementation
that used thread pointer had locking issues (using sx while holding mutex).

Conditionally compile out V_ globals while instantiating the appropriate
container structures, depending on VIMAGE_GLOBALS compile time option.

Make VIMAGE_GLOBALS a new compile-time option, which by default will not
be defined, resulting in instatiations of global variables selected for
V_irtualization (enclosed in #ifdef VIMAGE_GLOBALS blocks) to be
effectively compiled out. Instantiate new global container structures
to hold V_irtualized variables: vnet_net_0, vnet_inet_0, vnet_inet6_0,
vnet_ipsec_0, vnet_netgraph_0, and vnet_gif_0.

Update the VSYM() macro so that depending on VIMAGE_GLOBALS the V_
macros resolve either to the original globals, or to fields inside
container structures, i.e. effectively

#ifdef VIMAGE_GLOBALS
#define V_rt_tables rt_tables
#else
#define V_rt_tables vnet_net_0._rt_tables
#endif

Update SYSCTL_V_*() macros to operate either on globals or on fields
inside container structs.

Extend the internal kldsym() lookups with the ability to resolve
selected fields inside the virtualization container structs. This
applies only to the fields which are explicitly registered for kldsym()
visibility via VNET_MOD_DECLARE() and vnet_mod_register(), currently
this is done only in sys/net/if.c.

Fix a few broken instances of MODULE_GLOBAL() macro use in SCTP code,
and modify the MODULE_GLOBAL() macro to resolve to V_ macros, which in
turn result in proper code being generated depending on VIMAGE_GLOBALS.

De-virtualize local static variables in sys/contrib/pf/net/pf_subr.c
which were prematurely V_irtualized by automated V_ prepending scripts
during earlier merging steps. PF virtualization will be done
separately, most probably after next PF import.

Convert a few variable initializations at instantiation to
initialization in init functions, most notably in ipfw. Also convert
TUNABLE_INT() initializers for V_ variables to TUNABLE_FETCH_INT() in
initializer functions.

Discussed at: devsummit Strassburg
Reviewed by: bz, julian
Approved by: julian (mentor)
Obtained from: //depot/projects/vimage-commit2/...
X-MFC after: never
Sponsored by: NLnet Foundation, The FreeBSD Foundation

Carefully handle memory errors to keep peers compression/encryption state
consistent. There are some cases reported where peers fatally getting out
of sync without any visible reason. I hope this solve the problem.

Rather than using hidden includes (with cicular dependencies),
directly include only the header files needed. This reduces the
unneeded spamming of various headers into lots of files.

For now, this leaves us with very few modules including vnet.h
and thus needing to depend on opt_route.h.

Reviewed by: brooks, gnn, des, zec, imp
Sponsored by: The FreeBSD Foundation

Unhide declarations of network stack virtualization structs from
underneath #ifdef VIMAGE blocks.

This change introduces some churn in #include ordering and nesting
throughout the network stack and drivers but is not expected to cause
any additional issues.

In the next step this will allow us to instantiate the virtualization
container structures and switch from using global variables to their
"containerized" counterparts.

Reviewed by: bz, julian
Approved by: julian (mentor)
Obtained from: //depot/projects/vimage-commit2/...
X-MFC after: never
Sponsored by: NLnet Foundation, The FreeBSD Foundation

Remove unused variable.

Found with: Coverity Prevent(tm)
CID: 3682

Fix typo. Clear session stats instead of config and part of stats.

Found with: Coverity Prevent(tm)
CID: 2472

Remove unneeded NULL check. At first msg can't be null here and and at second
NG_FREE_MSG() also checks it.

Found with: Coverity Prevent(tm)

convert calls to IFQ_HANDOFF to if_transmit

Don't use curthread to resolve file descriptor. Request may be queued, so
thread will be different. Instead require sender to send process ID
together with file descriptor.

Assign new cookie to the node to reflect API change.
All applications will have to be adapted and rebuilt.

Don't assign completely meaningless name to the node on creation.
As soon as node is created from the netgraph side now, it can be found
without using this. Allow application to assign whatever name it want later.

Fix a number of style issues in the MALLOC / FREE commit. I've tried to
be careful not to fix anything that was already broken; the NFSv4 code is
particularly bad in this respect.

Retire the MALLOC and FREE macros. They are an abomination unto style(9).

MFC after: 3 months

Add ability to generate egress netflow instead or in addition to ingress.
Use mbuf tagging for accounted packets to not account packets twice when
both ingress and egress netflow enabled.
To keep compatibility new "setconfig" message added to control new
functionality. By default node works as before, doing only ingress
accounting without using mbuf tags.

Reviewed by: glebius

Abort transfers on all pipes before closing them. This fixes the crash
when Bluetooth USB device is pulled out without stopping the stack first.

Submitted by: Vladimir Grebenschikov vova at fbsd dot ru
MFC after: 1 week

Update ng_tty for MPSAFE TTY.

This changes from a line discipline to the tty_hooks mechanism. Data will come
in directly via rint_bypass and sent to the peer node in a single mbuf.

As line disciplines are no longer used a new netgraph command called
NGM_TTY_SET_TTY is used to attach the tty. This takes a pointer to to the open
file descriptor of the tty and registers the tty hooks. When the tty disappears
the node will shutdown.

Thanks to: ed
Sponsored by: Hobnob, Inc

Step 1.5 of importing the network stack virtualization infrastructure
from the vimage project, as per plan established at devsummit 08/08:
http://wiki.freebsd.org/Image/Notes200808DevSummit

Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator
macros, and CURVNET_SET() context setting macros, all currently
resolving to NOPs.

Prepare for virtualization of selected SYSCTL objects by introducing a
family of SYSCTL_V_*() macros, currently resolving to their global
counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT().

Move selected #defines from sys/sys/vimage.h to newly introduced header
files specific to virtualized subsystems (sys/net/vnet.h,
sys/netinet/vinet.h etc.).

All the changes are verified to have zero functional impact at this
point in time by doing MD5 comparision between pre- and post-change
object files(*).

(*) netipsec/keysock.c did not validate depending on compile time options.

Implemented by: julian, bz, brooks, zec
Reviewed by: julian, bz, brooks, kris, rwatson, ...
Approved by: julian (mentor)
Obtained from: //depot/projects/vimage-commit2/...
X-MFC after: never
Sponsored by: NLnet Foundation, The FreeBSD Foundation

Replace all calls to minor() with dev2unit().

After I removed all the unit2minor()/minor2unit() calls from the kernel
yesterday, I realised calling minor() everywhere is quite confusing.
Character devices now only have the ability to store a unit number, not
a minor number. Remove the confusion by using dev2unit() everywhere.

This commit could also be considered as a bug fix. A lot of drivers call
minor(), while they should actually be calling dev2unit(). In -CURRENT
this isn't a problem, but it turns out we never had any problem reports
related to that issue in the past. I suspect not many people connect
more than 256 pieces of the same hardware.

Reviewed by: kib

Remove unit2minor() use from kernel code.

When I changed kern_conf.c three months ago I made device unit numbers
equal to (unneeded) device minor numbers. We used to require
bitshifting, because there were eight bits in the middle that were
reserved for a device major number. Not very long after I turned
dev2unit(), minor(), unit2minor() and minor2unit() into macro's.
The unit2minor() and minor2unit() macro's were no-ops.

We'd better not remove these four macro's from the kernel, because there
is a lot of (external) code that may still depend on them. For now it's
harmless to remove all invocations of unit2minor() and minor2unit().

Reviewed by: kib

Add ng_rmnode_flags() so the caller can pass NG_QUEUE and have the node
destroyed asynchronously due to locking or other constraints.

Reviewed by: julian

Fix error message content.

Approved by: julian (mentor)
MFC after: 3 days

We can't implicitly trust the hook on NGQF_FN/NGQF_FN2 processing in
ng_apply_item(). There are possible (and I have got one) use-after-free
class panics because of it.

If hook is specified, require it to be valid at the apply time. The only
exceptions are the internal ng_con_part2(), ng_con_part3() and
ng_rmhook_part2() functions which are specially made to work with invalid
hooks.

Add Marko's pipe node.
This allows one to do flow modulation similar to dummynet
between arbitrary nodes.

Make sure BPF program is not bigger than set maximum (net.bpf.maxinsns).

A bunch of formatting fixes brough to light by, or created by the Vimage commit
a few days ago.

Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).

This is the first in a series of commits over the course
of the next few weeks.

Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.

We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.

Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch

Implement ratelimiting for debug messages. For now, allow at most
one message per second. In the future might add a sysctl knob for
each socket family to fine tune this.

MFC after: 1 week

Increase maximum input queue size limit for raw Bluetooth HCI sockets.

MFC after: 3 days

Fix locking bug, i.e. lock "wildcard" matched pcb before return.

Introduce support for Bluetooth SCO sockets. This is based on older
code that was revisted.

MFC after: 3 months

Simplify ubt_isoc_in_complete2(). Also should fix off by 1 bug.

MFC after: 3 months

Don't use memcpy() to copy several bytes.
Store IDs is host order. It is not so important to bloat code for it.
Combine m_adj() and M_PREPEND() into single M_PREPEND().

Fill in the string portion of the bluetooth stack version sysctl.

Approved by: emax

Dust off old code for support of USB isochronous transfers.
USB isochronous transfer support is required for Bluetooth SCO.
While i'm here change u_int to uint and update TODO.
This should produce no visible changes unless the device is
broken (or really old).

MFC after: 3 months

Get in some basic infrastructure for Bluetooth SCO support.

MFC after: 3 months

Back out r180370. It was not discussed with subsystem maintainers.

Queue decapsulated packed instead of performing direct dispatch. Some
execution pathes might hit stack limit under certain circumstances
(e.g. ng_mppc).

PR: kern/125314
Reported by: Illya Klymov <ilia dot klimov at gmail dot com>

Remove NETISR_MPSAFE, which allows specific netisr handlers to be directly
dispatched without Giant, and add NETISR_FORCEQUEUE, which allows specific
netisr handlers to always be dispatched via a queue (deferred). Mark the
usb and if_ppp netisr handlers as NETISR_FORCEQUEUE, and explicitly
acquire Giant in those handlers.

Previously, any netisr handler not marked NETISR_MPSAFE would necessarily
run deferred and with Giant acquired. This change removes Giant
scaffolding from the netisr infrastructure, but NETISR_FORCEQUEUE allows
non-MPSAFE handlers to continue to force deferred dispatch so as to avoid
lock order reversals between their acqusition of Giant and any calling
context.

It is likely we will be able to remove NETISR_FORCEQUEUE once
IFF_NEEDSGIANT is removed, as non-MPSAFE usb and if_ppp drivers will no
longer be supported.

Reviewed by: bz
MFC after: 1 month
X-MFC note: We can't remove NETISR_MPSAFE from stable/7 for KPI reasons,
but the rest can go back.

Make it simpler to build netgraph modules outside of the kernel source
tree. This change follows similar ones in the device tree.

MFC after: 2 weeks

Pass really available buffer size to libalias instead of MCLBYTES constant.
MCLBYTES constant were used with believe that m_megapullup() always moves
date into a fresh cluster that may become not so.

Remove netatm from HEAD as it is not MPSAFE and relies on the now removed
NET_NEEDS_GIANT. netatm has been disconnected from the build for ten
months in HEAD/RELENG_7. Specifics:

- netatm include files
- netatm command line management tools
- libatm
- ATM parts in rescue and sysinstall
- sample configuration files and documents
- kernel support as a module or in NOTES
- netgraph wrapper nodes for netatm
- ctags data for netatm.
- netatm-specific device drivers.

MFC after: 3 weeks
Reviewed by: bz
Discussed with: bms, bz, harti

Add code to allow the system to handle multiple routing tables.
This particular implementation is designed to be fully backwards compatible
and to be MFC-able to 7.x (and 6.x)

Currently the only protocol that can make use of the multiple tables is IPv4
Similar functionality exists in OpenBSD and Linux.

From my notes:

-----

One thing where FreeBSD has been falling behind, and which by chance I
have some time to work on is "policy based routing", which allows
different
packet streams to be routed by more than just the destination address.

Constraints:
------------

I want to make some form of this available in the 6.x tree
(and by extension 7.x) , but FreeBSD in general needs it so I might as
well do it in -current and back port the portions I need.

One of the ways that this can be done is to have the ability to
instantiate multiple kernel routing tables (which I will now
refer to as "Forwarding Information Bases" or "FIBs" for political
correctness reasons). Which FIB a particular packet uses to make
the next hop decision can be decided by a number of mechanisms.
The policies these mechanisms implement are the "Policies" referred
to in "Policy based routing".

One of the constraints I have if I try to back port this work to
6.x is that it must be implemented as a EXTENSION to the existing
ABIs in 6.x so that third party applications do not need to be
recompiled in timespan of the branch.

This first version will not have some of the bells and whistles that
will come with later versions. It will, for example, be limited to 16
tables in the first commit.
Implementation method, Compatible version. (part 1)
-------------------------------
For this reason I have implemented a "sufficient subset" of a
multiple routing table solution in Perforce, and back-ported it
to 6.x. (also in Perforce though not always caught up with what I
have done in -current/P4). The subset allows a number of FIBs
to be defined at compile time (8 is sufficient for my purposes in 6.x)
and implements the changes needed to allow IPV4 to use them. I have not
done the changes for ipv6 simply because I do not need it, and I do not
have enough knowledge of ipv6 (e.g. neighbor discovery) needed to do it.

Other protocol families are left untouched and should there be
users with proprietary protocol families, they should continue to work
and be oblivious to the existence of the extra FIBs.

To understand how this is done, one must know that the current FIB
code starts everything off with a single dimensional array of
pointers to FIB head structures (One per protocol family), each of
which in turn points to the trie of routes available to that family.

The basic change in the ABI compatible version of the change is to
extent that array to be a 2 dimensional array, so that
instead of protocol family X looking at rt_tables[X] for the
table it needs, it looks at rt_tables[Y][X] when for all
protocol families except ipv4 Y is always 0.
Code that is unaware of the change always just sees the first row
of the table, which of course looks just like the one dimensional
array that existed before.

The entry points rtrequest(), rtalloc(), rtalloc1(), rtalloc_ign()
are all maintained, but refer only to the first row of the array,
so that existing callers in proprietary protocols can continue to
do the "right thing".
Some new entry points are added, for the exclusive use of ipv4 code
called in_rtrequest(), in_rtalloc(), in_rtalloc1() and in_rtalloc_ign(),
which have an extra argument which refers the code to the correct row.

In addition, there are some new entry points (currently called
rtalloc_fib() and friends) that check the Address family being
looked up and call either rtalloc() (and friends) if the protocol
is not IPv4 forcing the action to row 0 or to the appropriate row
if it IS IPv4 (and that info is available). These are for calling
from code that is not specific to any particular protocol. The way
these are implemented would change in the non ABI preserving code
to be added later.

One feature of the first version of the code is that for ipv4,
the interface routes show up automatically on all the FIBs, so
that no matter what FIB you select you always have the basic
direct attached hosts available to you. (rtinit() does this
automatically).

You CAN delete an interface route from one FIB should you want
to but by default it's there. ARP information is also available
in each FIB. It's assumed that the same machine would have the
same MAC address, regardless of which FIB you are using to get
to it.

This brings us as to how the correct FIB is selected for an outgoing
IPV4 packet.

Firstly, all packets have a FIB associated with them. if nothing
has been done to change it, it will be FIB 0. The FIB is changed
in the following ways.

Packets fall into one of a number of classes.

1/ locally generated packets, coming from a socket/PCB.
Such packets select a FIB from a number associated with the
socket/PCB. This in turn is inherited from the process,
but can be changed by a socket option. The process in turn
inherits it on fork. I have written a utility call setfib
that acts a bit like nice..

setfib -3 ping target.example.com # will use fib 3 for ping.

It is an obvious extension to make it a property of a jail
but I have not done so. It can be achieved by combining the setfib and
jail commands.

2/ packets received on an interface for forwarding.
By default these packets would use table 0,
(or possibly a number settable in a sysctl(not yet)).
but prior to routing the firewall can inspect them (see below).
(possibly in the future you may be able to associate a FIB
with packets received on an interface.. An ifconfig arg, but not yet.)

3/ packets inspected by a packet classifier, which can arbitrarily
associate a fib with it on a packet by packet basis.
A fib assigned to a packet by a packet classifier
(such as ipfw) would over-ride a fib associated by
a more default source. (such as cases 1 or 2).

4/ a tcp listen socket associated with a fib will generate
accept sockets that are associated with that same fib.

5/ Packets generated in response to some other packet (e.g. reset
or icmp packets). These should use the FIB associated with the
packet being reponded to.

6/ Packets generated during encapsulation.
gif, tun and other tunnel interfaces will encapsulate using the FIB
that was in effect withthe proces that set up the tunnel.
thus setfib 1 ifconfig gif0 [tunnel instructions]
will set the fib for the tunnel to use to be fib 1.

Routing messages would be associated with their
process, and thus select one FIB or another.
messages from the kernel would be associated with the fib they
refer to and would only be received by a routing socket associated
with that fib. (not yet implemented)

In addition Netstat has been edited to be able to cope with the
fact that the array is now 2 dimensional. (It looks in system
memory using libkvm (!)). Old versions of netstat see only the first FIB.

In addition two sysctls are added to give:
a) the number of FIBs compiled in (active)
b) the default FIB of the calling process.

Early testing experience:
-------------------------

Basically our (IronPort's) appliance does this functionality already
using ipfw fwd but that method has some drawbacks.

For example,
It can't fully simulate a routing table because it can't influence the
socket's choice of local address when a connect() is done.

Testing during the generating of these changes has been
remarkably smooth so far. Multiple tables have co-existed
with no notable side effects, and packets have been routes
accordingly.

ipfw has grown 2 new keywords:

setfib N ip from anay to any
count ip from any to any fib N

In pf there seems to be a requirement to be able to give symbolic names to the
fibs but I do not have that capacity. I am not sure if it is required.

SCTP has interestingly enough built in support for this, called VRFs
in Cisco parlance. it will be interesting to see how that handles it
when it suddenly actually does something.

Where to next:
--------------------

After committing the ABI compatible version and MFCing it, I'd
like to proceed in a forward direction in -current. this will
result in some roto-tilling in the routing code.

Firstly: the current code's idea of having a separate tree per
protocol family, all of the same format, and pointed to by the
1 dimensional array is a bit silly. Especially when one considers that
there is code that makes assumptions about every protocol having the
same internal structures there. Some protocols don't WANT that
sort of structure. (for example the whole idea of a netmask is foreign
to appletalk). This needs to be made opaque to the external code.

My suggested first change is to add routing method pointers to the
'domain' structure, along with information pointing the data.
instead of having an array of pointers to uniform structures,
there would be an array pointing to the 'domain' structures
for each protocol address domain (protocol family),
and the methods this reached would be called. The methods would have
an argument that gives FIB number, but the protocol would be free
to ignore it.

When the ABI can be changed it raises the possibilty of the
addition of a fib entry into the "struct route". Currently,
the structure contains the sockaddr of the desination, and the resulting
fib entry. To make this work fully, one could add a fib number
so that given an address and a fib, one can find the third element, the
fib entry.

Interaction with the ARP layer/ LL layer would need to be
revisited as well. Qing Li has been working on this already.

This work was sponsored by Ironport Systems/Cisco

Reviewed by: several including rwatson, bz and mlair (parts each)
Obtained from: Ironport systems/Cisco

ng_address_hook() microoptimization. Use local variables as they should be.
It helps compiller to avoid some extra memory accesses.

Use separate UMA zone for data items allocation. It is a partial
rev. 1.149 rework.
It allows to save several percents of CPU time on SMP by using UMA's
internal per-CPU allocation limits instead of own global variable
each time updated with atomics.

Tested with: Netperf cluster

Replace callout_init(..., 1) with callout_init(..., CALLOUT_MPSAFE) for
better grep-compliance and to standardize with the rest of the kernel.

Reviewed by: jhb
MFC after: 1 week

Several changes breaking netgraph module ABI collected together:
- reorder structures fields (XX_refs) a bit to group fields modified
same time together. According to my tests it gives up to 10%
SMP performance benefit on real workload due to reduced inter-CPU
cache trashing.
- change q_flags from long to int as long is not really needed there and
it's usage with atomics is argued by some people.
- move NGF_WORKQ flag into the separate field q_flags2 as it protected by
queue mutex instead of node writer protection used by the rest of flags.
- move nd_work queue entry to ng_queue structure to which it is more
related and make it STAILQ instead of TAILQ as now it is a classic FIFO.
- remove q_node pointer from ng_queue structure as it is not really needed.
- reimplement item queue using STAILQ instead of own equal implementation.
As soon as BT subsystem has own item queues using ng_item.el_next update
it also.
- change depth field in ng_item from uintptr_t to u_int. It was made
uintptr_t to keep ABI compatibility.

Reviewed by: julian, emax
Tested with: Netperf cluster

Add memory barriers to the node locking operations.
Add some comments.

Rewrite node's r/w/q-lock semantics using only atomics instead of mutex
and atomics combination. Mutex is now used only for queue protection.
Also avoid unneded extra swi scheduling calls.

- Account all node stats at the shape mode.
- Do not check destination hook presence, it will be done by netgraph.
- Use u_int instead of int in some places to simplify type conversions.
- Use NG_SEND_DATA_ONLY() macro instead of selfmade equivalent.

Use new atomic_fetchadd() primitive instead of looping atomic_cmpset().

There is no need to erase hook->hk_node before freing hook.

Remove ng_setisr() call from ng_dequeue(). It is useless as we any way
will never exit ngintr(), while there is some ready requests on the queue.
It was made years ago with hope of parallel queue processing by several
net threads. But even if we have several threads sometimes, we have no
rights to process queue in parallel as it will break original requests
serialization that is critically important for some setups.

Switch from timeval to bintime, to use 1/(2^20) of seconds instead of
microseconds. It allows to use bit shifts instead of some heavy 64bit
mul/div math operations.

Some minor code and math optimizations.

Rewrite node to support multiple hooks, alike to ng_l2tp, to use one pair
of pptpgre and ksocket nodes for all calls between two peers. This patch
modifies node's API by adding new "session_%04x" hook names support, while
keeping backward compatibility.

Together with appropriate user-level support (by latest mpd5) it gives
huge performance benefits for case of multiple active calls between
two peers because of avoiding data duplication and extra socket processing.
On my benchmarks I have got more then 10 times speedup for the 200
simultaneous PPTP calls between two peers.
In conclusion, it allows now to build effective "clients <=> PAC <=> PNS"
setups.

Remove impossible (hk_peer == NULL) check from ng_address_hook().
Valid hook can't have NULL peer. Even invalid one can't, as it is resets to
deadhook, but not NULL.

Add session ID hashing to speedup incoming packets dispatch in case
of many connections working via the same tunnel. For example, in case
of full "client <-> LAC <-> LNS" setup.

Improve apply callback error reporting:
Before this patch callback returned result of the last finished call chain.
Now it returns last nonzero result from all call chain results in this request.

As soon as this improvement gives reliable error reporting, it is now possible
to remove dirty workaround in ng_socket, made to return ENOBUFS error statuses
of request-response operations. That workaround was responsible for returning
ENOBUFS errors to completely unrelated requests working at the same time
on socket.

Addition to the previous commit. Release inproc in case of memory error.

To avoid control data losses do not acknowledge recieving of control packet
if netgraph reported error while delivering to destination.
Reset 'next send' counter to the last requested by peer on ack timeout
to resend all subsequest packets after lost one again without additional hints.

Send only one incoming notification at a time to reduce queue
trashing and improve performance.
Remove waitflag argument from ng_ksocket_incoming2(), it means nothing
as function call was queued by netgraph.
Remove node validity check, as node validity guarantied by netgraph.
Update comments.

Increase default queue items allocation limit from 512 to 4096 items
to avoid terrible unpredicted effects for netgraph operation of their
exhaustion while allocating control messages.
Add separate configurable 512 items limit for data items allocation
for DoS/overload protection.

Discussed with: julian

Implement 128 items node name hash for faster name search.
Increase node ID hash size from 32 to 128 items.

Fix incorrect field name.

Use more compact LIST instead of TAILQ for session hash.
Add all listening hooks into LIST to simplify searches.
Use ng_findhook() instead of own equal implementation.

Make session ID generator to use session ID hash.
Make session ID generator thread-safe.

Add support for the libalias redirect functionality.

Submitted by: Vadim Goncharov <vadim_nuclight@mail.ru>

Fix incorrect constant used in rev. 1.146 that broke node writer locking.

Fix shutdown bug made by previous commit.

Use rtalloc1() instead of rtalloc_ign(). It returns a locked
rtentry. We quickly copy the fields of interest, and then
RTFREE_LOCKED(). This should be faster then lock & unlock the
rtentry twice.

Do not use bcmp() to compare two bytes with constants.

Cleanup and tune ng_snd_item() function as it is one of the
most busy netgraph functions.
Tune stack protection constants to avoid division operation.

Prepare hooks direct pointers on setup to avoid heavy ng_findhook() calls
during operarion.

Move all possible node logic out of the rcvdata() function
to the newhook()/disconnect().
Unify function names with other nodes.

Revert previous commit.
glebius@ noticed that it was not a bug, but undocumented feature.

Fix one more grammo.

Noticed by: ru

Reword recent comment a bit.

Add comments about stack protection mechanism.

Tune the message for better informativity.
Print the hook pointer as other functions do.

Band-aid recent commit by mav by replacing a variable in a CTR statement with
the variable that appears as if it should've been there.

Pointy hat to: mav
Not tested either by: benno

Implement Session-ID hashing to improve receive performance scalability
for big number of concurrent sessions.

Some code reformat.

Implement stack protection based on GET_STACK_USAGE() macro.
This fixes system panics possible with complicated netgraph setups
and allows to avoid unneded extra queueing for stack unwrapping.

Avoid data copying when it is possible.
bpf_filter() is able to work directly on mbuf chain.

Run expire even without export hook connected.

PR: kern/119839

Fix memory leak when export hook is not connected.

Remove one very strange unneded if.

Slightly simplify code.

Improve multilink receive performance by netgraph item reuse.

Improve multilink xmit performance by netgraph item reuse.

Improve multilink receive performance with fragment headers preallocation.

Fix bundle xmit octets stats for packet-split operation mode.

Remove explicit locking of struct file.
- Introduce a finit() which is used to initailize the fields of struct file
in such a way that the ops vector is only valid after the data, type,
and flags are valid.
- Protect f_flag and f_count with atomic operations.
- Remove the global list of all files and associated accounting.
- Rewrite the unp garbage collection such that it no longer requires
the global list of all files and instead uses a list of all unp sockets.
- Mark sockets in the accept queue so we don't incorrectly gc them.

Tested by: kris, pho

Add support for optional "AC-Name\Service-Name" syntax at NGM_PPPOE_CONNECT
argument. It allows ppp, mpd or any other node consumer to request
connection to specified access concentrator.

Proposed by: Alexander A. Burylov <burylov@mail.ru>

Fix incorrectly placed bracket in pppoe_find_svc().

Remove some prehistoric never used defines.

Add a new 'why' argument to kdb_enter(), and a set of constants to use
for that argument. This will allow DDB to detect the broad category of
reason why the debugger has been entered, which it can use for the
purposes of deciding which DDB script to run.

Assign approximate why values to all current consumers of the
kdb_enter() interface.

Add option to set packets per second limits instead of default
bits per second ones.

Increase control channel xmit queue to 128 packets.
Previous value 16 was too small for real LAC as temporal activity
spike cound easily overflow queue demanding tunnel disconnection due
to possible state inconsistency.

Add ipv6 to ng_cisco node. ipv6 wasn't a reality when I wrote it..

Submitted by: Marko Zec

- Merge all the ng_send_fn2* functions into one - ng_send_fn2(),
removing some copy&pasted code.
- Reduce copy and paste in ng_apply_item().
- Resurrect ng_send_fn() as a valid symbol, not a define.

Reviewed by: mav, julian

Fix locking issue in ng_btsocket_l2cap_ctloutput()

Submitted by: Heiko Wundram (Beenic) < wundram at beenic dot net >
MFC after: 3 days

Allow RFCOMM servers to bind to a ''wildcard'' RFCOMM channel
zero (0). Actual RFCOMM channel will be assigned after listen(2)
call is done on a RFCOMM socket bound to a ''wildcard'' RFCOMM
channel zero (0).

Address locking issues in ng_btsocket_rfcomm_bind()

Submitted by: Heiko Wundram (Beenic) < wundram at beenic dot net >
MFC after: 1 week

Minor debug message fix.

Fix build with NETGRAPH_DEBUG.

Implement new apply callback mechanism to handle item forwarding.
When item forwarded refence counter is incremented, when item
processed, counter decremented. When counter reaches zero,
apply handler is getting called.
Now it allows to report right connect() call status from user-level
at the right time.

Split ng_pppoe_rcvdata() function into three hook-specific ones
to simplify code and reduce stack usage.

Remove ng_pppoe_sendpacket() function to simplify code as it is called
as much times as it has cases inside of it.

Protect struct seq with mutex.

Approved by: glebius (mentor)

Remove one unneded assertion. It is also checked in
ng_l2tp_seq_check().

Approved by: glebius (mentor)

Replace single rcvdata with 3 distinct to simplify code and
reduce stack usage.

Approved by: mentor (glebius)

Remove duplicate variables.

Dead code removal.

Approved by: re (kensmith), glebius (mentor)

This is optimization of ether and debug hooks determination. It
simplifies code and should speedup pppoe_findsession() function which is
called for every incoming packet.

Approved by: re (kensmith), glebius (mentor)

This patch fixes thread unsafe usage of global pkt_hdr
variable. Second part is not so important, but IMO is also good.

Approved by: re (kensmith), glebius (mentor)

Fix typo which brokes VJ decompression
when VJC negotiated in only one direction.

Approved by: re (bmah), glebius (mentor)

Return EADDRNOTAVAIL instead of EDESTADDRREQ error when
listen(2) is called on improperly bound socket.

Suggested by: Iain Hibbert
Approved by: re (kensmith)
MFC after: 3 days

Add ng_send_fn() error handeling inside ng_con_nodes().
Without it some errors may left unnoticed and unhandeled
that will lead to hooks left in half-connected state.

Reviewed by: julian@
Approved by: re (kensmith), glebius (mentor)

Make ng_h4(4) MPSAFE. Use similar to ng_tty(4) locking strategy.
Reconnect ng_h(4) back to the build.

Reviewed by: kensmith
Approved by: re (kensmith)
MFC after: 1 month

Remove the now-unused NET_{LOCK,UNLOCK,ASSERT}_GIANT() macros, which
previously conditionally acquired Giant based on debug.mpsafenet. As that
has now been removed, they are no longer required. Removing them
significantly simplifies error-handling in the socket layer, eliminated
quite a bit of unwinding of locking in error cases.

While here clean up the now unneeded opt_net.h, which previously was used
for the NET_WITH_GIANT kernel option. Clean up some related gotos for
consistency.

Reviewed by: bz, csjp
Tested by: kris
Approved by: re (kensmith)

Add 64bit statistic counters to the ng_ppp node.
64bit counters are needed to simplify traffic accounting and
reduce system load at the big PPP concentrators.

Approved by: re (rwatson), glebius (mentor)

This patch improves fine-grained locking for the ng_ppp node.
Till now node's transmit path was completely unprotected
and so wasn't thread safe in multilink mode. It's receive path was
declared as WRITER as the simpliest protection method but it
reduces performance when compression or encryption enabled.

Approved by: re (rwatson), glebius (mentor)

Replace references to NET_CALLOUT_MPSAFE with CALLOUT_MPSAFE, and remove
definition of NET_CALLOUT_MPSAFE, which is no longer required now that
debug.mpsafenet has been removed.

The once over: bz
Approved by: re (kensmith)

Reduce stack usage by 256 bytes per call. It helps to avoid kernel
stack overflow in complicated traffic filtering setups.

There can be minor performance degradation for the MHLEN < len <= 256 case
due to additional buffer allocation, but it is a rare case.

Approved by: re (rwatson), glebius (mentor)
MFC after: 1 week

Honor the IFF_MONITOR flag.

PR: kern/99500
Submitted by: Craig Leres <leres ee.lbl.gov>
Approved by: re (kensmith)

Mark ng_h4(4) as not MPSAFE and disconnect it from the build for now.

Approved by: re (rwatson)

These modules depend on usb, make that explicit

Approved by: re@

Fix various compilation warnings for gcc-4.2.

Approved by: re (bruce)

Replace sosend() with direct call to .pru_send method on the
L2CAP socket. This is to avoid LOR with sx(9) lock in sblock()
called from sosend_generic().

Approved by: re (kensmith)
MFC after: 1 week

Fix build problem caused by a set of typos.

Reported by: tinderbox
Approved by: re (mux)

Finish removing usb_port.h compat macros.

Remove two more instances of the USBDEV() macro.

Add missing ng_uncallout() on node shutdown.

Approved by: glebius (mentor)

Catch up with USB cleanups and fix the world

Eliminate usb_thread_t.

Expand USB_ATTACH_{ERROR,SUCCESS}_RETURN inline and eliminate from
usb_port.h. They aren't needed, and are a legacy of this code's past.

Silence a gcc warning in a more canonical way (evl = NULL rather than &evl).
I saw warnings here at one point on the arm build.

Expand USB_ATTACH_SETUP inline.
Kill devinfo stuff.

Despite several examples in the kernel, the third argument of
sysctl_handle_int is not sizeof the int type you want to export.
The type must always be an int or an unsigned int.

Remove the instances where a sizeof(variable) is passed to stop
people accidently cut and pasting these examples.

In a few places this was sysctl_handle_int was being used on 64 bit
types, which would truncate the value to be exported. In these
cases use sysctl_handle_quad to export them and change the format
to Q so that sysctl(1) can still print them.

No need to update link queue stats when round-robin algorithm enabled.

Approved by: glebius (mentor)

Partially back out rev. 1.127, to restore broken functionality. This
should be redesigned, but better enter RELENG_7 with a working ngctl(8).

Agreed by: julian

Universally adopt most conventional spelling of acquire.

Add support for setmode and settarget messages.

Approved by: glebius (mentor)

Allow node to bypass traffic while no alias address defined.

Approved by: glebius (mentor)

Fix build with NETGRAPH_MPPC_COMPRESSION but without NETGRAPH_MPPC_ENCRYPTION.

Approved by: glebius (mentor)

Help ng_fec deal with multicast addresses.

While ng_fec called the ioctl to let interfaces in the bundle know
the list of multicast addresses had changed, it never actually
updated that list on the interfaces in the bundle. Consequently,
the multicast filters could be programmed incorrectly.

if_lagg does this correctly, by maintaining a list of addresses
that it has added to interfaces in the bundle. This commit basically
takes the if_lagg code and adds it to ng_fec.

A version of this patch for RELENG_6 has fixed some problems with
IPv6 ND over ng_fec. This is probably the problem in PR 107523.

PR: 107523
Tested by: Rob Gallagher <robert.gallagher@heanet.ie>
Obtained from: if_lagg
MFC after: 3 weeks

Fix small copy/paste mistake.

Style cleanup.

Approved by: glebius (mentor)

A node that implements various traffic shaping and rate limiting algorithms.

Approved by: glebius (mentor)

Performance optimization of the "encryption without compression" case by
avoiding memory allocation and data copying.
Encrypting directly at the original mbuf chain.

Approved by: glebius (mentor)

Reduce network stack oddness: implement .pru_sockaddr and .pru_peeraddr
protocol entry points using functions named proto_getsockaddr and
proto_getpeeraddr rather than proto_setsockaddr and proto_setpeeraddr.
While it's true that sockaddrs are allocated and set, the net effect is
to retrieve (get) the socket address or peer address from a socket, not
set it, so align names to that intent.

Avoid extra rc4_init() when ng_mppc_updatekey() going to do it anyway.

Approved by: glebius (mentor)

Compact code a bit

Approved by: glebius (mentor)

Make coherency counter 12bit as it should

Approved by: glebius (mentor)

Fix small mistake (sizeof(pad2) instead of sizeof(pad1))

Approved by: glebius (mentor)

Remove unneded bzero().
SHA1Final() does not require clean buffer.

Approved by: glebius (mentor)

Avoid false assertion on transmit and delayed ack timeout with enabled invariants.
Replace callout_pending() by callout_active() to remove race window.

Reviewed by: archie
Approved by: glebius (mentor)

Global xmit stats calculation fix.

Approved by: glebius (mentor)

Added m_tag_copy_chain() call to copy original outgoing packet tags to all of
it's fragments.

Reviewed by: archie
Approved by: glebius (mentor)

Optimized packet distribution plan for the equal links case. Do not
split packet on fragments smaller then MP_MIN_FRAG_LEN to reduce total
overhead.

Reviewed by: archie
Approved by: glebius (mentor)

- Changed sequence numbers processing to avoid incorrect timeout waiting
when one of links is inactive and have stale sequence number. To avoid
this sequence numbers of all links are getting updated on every
successful packet reassembling.
- ng_ppp_bump_mseq function created to simplify code.
- ng_ppp_frag_drop function separated from ng_ppp_frag_process to
simplify code.

Reviewed by: archie
Approved by: glebius (mentor)

- Fixed mistakes in latency and xmitBytes calculation math
which lead to ineffective multilink packet distribution plans.
- Changed bytesInQueue calculation math to have more precise information
about links utilization.
- Taken rough account of the link overhead. Better way to do it could be to
get exact overhead from user-level, but I have not done it to keep
binary compatibility.

Reviewed by: archie
Approved by: glebius (mentor)

We don't need spinning locks here. Change them to the adaptive mutexes. This
change should bring no performance decrease, as it did not in my tests.

Reviewed by: julian, glebius
Approved by: cognet (mentor)

Instead of direct manipulation on queue and worklist mutexes, bring macros
for doing this job. This change will make it easy to migrate from using
spinning locks to adaptive ones.

Reviewed by: glebius, julian
Approved by: cognet (mentor)

Try to silence Coverity by adding (void) in front of function call.
Also add a comment, explaining why return value is not being checked.

Requested by: netchild
MFC after: 1 week

Bump maximum number of interface hooks to the maximum possible value.
This will increase the memory consumption for more than 1 Mb, but this
is required for operation on multiinterface access concentrators running
mpd.

Requested by: Alexander Motin

o Update a comment: sonewconn() lives in uipc_socket.c now.

Implement reference counting for ifmultiaddr, in_multi, and in6_multi
structures. Detect when ifnet instances are detached from the network
stack and perform appropriate cleanup to prevent memory leaks.

This has been implemented in such a way as to be backwards ABI compatible.
Kernel consumers are changed to use if_delmulti_ifma(); in_delmulti()
is unable to detect interface removal by design, as it performs searches
on structures which are removed with the interface.

With this architectural change, the panics FreeBSD users have experienced
with carp and pfsync should be resolved.

Obtained from: p4 branch bms_netdev
Reviewed by: andre
Sponsored by: Garance A Drosehn
Idea from: NetBSD
MFC after: 1 month

Prefer more traditional spellings of some words in comments.

oops committed the wrong patch.
try this one..

ng_apply_item should be void. It is called from the interrupt source or
from whoever has dequeued the item from the queue. Generally they have
no interest in the result, and even if it is called by the queuer, it
should still pretend that it was queued. The queuer should be assuming
that the call was queued and giving them the false confidence that they
are getting status leads to hard to find bugs.

Make it a void and remove all the code that tried to return status through it.

ng_send_fn() can return with an error, the function of interest
will never be called and OACTIVE will never be reset. Fix this.

Submitted by: Vsevolod Lobko
MFC after: 3 days

Ensure message passed to "settimestamp" and "setcounter" is the right
length. Use NULL instead of 0.

Submitted by: glebius, ru

Add "setcounter" and "getcounter" messages, providing the the ability
to embed up to four counters in outgoing packets. The message specifies
the offset at which the counter should be inserted as well as the
parameters of the counter.

Example usage:

ngctl msg src0: setcounter \
'{ index=0 offset=0x40 flags=1 width=4 increment=1 max_val=12345 }'

Sponsored by: Sandvine Incorporated

Add "settimestamp" and "gettimestamp" messages, providing the the ability
to embed a timestamp (struct timeval) in outgoing packets. The message
specifies the offset at which the timestamp should be inserted.

NG_SOURCE(4) gives an example usage that queues an ICMP packet. Using that
example, the following command will insert a timestamp in the ICMP's data
payload:

ngctl msg src0: settimestamp '{ offset=0x2a flags=1 }'

Sponsored by: Sandvine Incorporated

o break newbus api: add a new argument of type driver_filter_t to
bus_setup_intr()

o add an int return code to all fast handlers

o retire INTR_FAST/IH_FAST

For more info: http://docs.freebsd.org/cgi/getmsg.cgi?fetch=465712+0+current/freebsd-current

Reviewed by: many
Approved by: re@

In the output path, mask off M_BCAST|M_MCAST so as to prevent incorrect
addressing if a packet is later re-encapsulated and sent to a
non-broadcast, non-multicast destination after being received on the
ng_ksocket input hook.

PR: 106999
Submitted by: Kevin Lahey
MFC after: 4 weeks

Quoting Alexander:
Formulas described in RFC require high precision of floating point.
Formulas of integer math implemented in ng_pptpgre give mistake in range
of +0-7ms on RTT and +0-3ms on deviation. This leads to significant
underestimation of real packet RTT.

I have made a very simple patch to reduce mistake to +4-3ms on RTT and
+2-1ms on deviation. Mistake in RTT is not good, but gets covered by
deviation. To cover worst possible negative mistake in deviation I have
added 2ms to it. Also this 2 ms cover the case when measured deviation
is so small (about zero) that it can interfere with process scheduling
delays or weather on Mars.

My tests show decreasing of packet losses on 20ms RTT link from 2.5% to
0.3% while speed increased un 1/3.

Reviewed by: archie

- Create ng_ppp_bypass() function, that prepares a packet
with bypass header, to send it out to userland.
- Use ng_ppp_bypass() in ng_ppp_proto_recv().
- Use ng_ppp_bypass() in ng_ppp_comp_recv() and in
ng_ppp_crypt_recv() if compression or encryption is
disabled, respectively.
- Any LCP packet goes directly to ng_ppp_bypass(), instead
of passing through PPP stack.
- Any non-LCP packet on disabled link is discarded. This
is behavior defined in RFC.

Submitted by: Alexander Motin <mav alkar.net>

A less draconian fix to the build.

Temporarily comment out the KASSERT that broke the kernel build.

Revise the ng_ppp(4) node, so that code flow is more clear. All non-link
hooks get their per hook rcvdata methods, and all functions are organized
corresponding to protocol stack model.

Submitted by: Alexander Motin <mav alkar.net>
Reviewed by: archie, julian

Whitespace cleanup.

Checked with: cvs diff -b

Update ip and tcp pointers after m_pullup().

Submitted by: Alexander Motin <mav alkar.net>

Fix accounting of incoming octets.

Submitted by: Alexander Motin <mav alkar.net>

Various bpf(4) related fixes to catch places up to the new bpf(4)
semantics.
- Stop testing bpf pointers for NULL. In some cases use
bpf_peers_present() and then call the function directly inside the
conditional block instead of the macro.
- For places where the entire conditional block is the macro, remove the
test and make the macro unconditional.
- Use BPF_MTAP() in if_pfsync on FreeBSD instead of an expanded version of
the old semantics.

Reviewed by: csjp (older version)

A node that implements Predictor-1 compression for PPP.

Submitted by: Alexander Motin <mav alkar.net>

A node that implements the Deflate sub-protocols of the Compression Control
Protocol (CCP).

Submitted by: Alexander Motin <mav alkar.net>

Before this commit, if the compression is enabled the, ng_ppp(4)
node would send every outgoing frame to the "compress" hook.
Packets received on the "compress" hook were expected to be
compressed and PROT_COMPD tag was put on them unconditionally.

After this commit an alternative compression mode can be set.
In this mode the node doesn't put the PROT_COMPD, the compressor
should put it itself. This is important for such kind of
compressors, that can submit uncompressed frames.

Before this commit, if the decompression is enabled, the ng_ppp(4)
node would send and incoming frame to the "decompress" hook
only if it has the PROT_COMPD proto tag on it.

After this commit an alternative decompression mode can be set.
In this mode the node sends all the incoming packets to the
decompression hook. This is important for such kind of compressors
that need uncompressed packets too, to keep their library in sync.

These new features will be used in new version of mpd4, and in new
compressor nodes.

Submitted by: Alexander Motin <mav alkar.net>

Return value PKT_ALIAS_FOUND_HEADER_FRAGMENT isn't an error case. The
packet shouldn't be dropped.

Submitted by: Alexander Motin <mav alkar.net>

Correctly calculate length of IP header.

Submitted by: Eugene Hartmann <eugene tpsb.com.ru>

Remove m_megapullup from ng_nat and put it under libalias.

Approved by: gleb

Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
specific privilege names to a broad range of privileges. These may
require some future tweaking.

Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>

Rename m_getm() to m_getm2() and rewrite it to allocate up to page sized
mbuf clusters. Add a flags parameter to accept M_PKTHDR and M_EOR mbuf
chain flags. Provide compatibility macro for m_getm() calling m_getm2()
with M_PKTHDR set.

Rewrite m_uiotombuf() to use m_getm2() for mbuf allocation and do the
uiomove() in a tight loop over the mbuf chain. Add a flags parameter to
accept mbuf flags to be passed to m_getm2(). Adjust all callers for the
extra parameter.

Sponsored by: TCP/IP Optimization Fundraise 2005
MFC after: 3 month

Check pointer before dereferencing.

Reported by: Coverity
CID: 1556

Some clenaup of ngs_rcvmsg():
- Inline ship_msg() into ngs_rcvmsg().
- Plug memory leak in case if no control socket present.
- Remove malloc() and allocate the sockaddr on stack.
- style(9).

Some cleanup and small changes:
- Use malloc() and free() instead of MALLOC() and FREE() macros.
- Do not check malloc results if M_WAITOK was used.
- Remove linked list of all netgraph sockets. It isn't needed.
- Use ng_findhook() instead of searching the list ourselves.
- Use NG_WAITOK in syscalls.
- Remove unneeded includes.
- style(9)

Make the sg_len and sg_family members of the sockaddr_ng the same type
as the corresponding values in sockaddr are.

Make ng_ID_t fixed size, so that its maximum value is platform independent.
This will be important in future.

- ng_address_ID() has already freed the message, don't do double free.
- Get error from ng_address_ID().

Reported by: Coverity via pjd

Fix result of some mechanical change that I did some time ago, when
writing this node.

Recognize 802.1q frames in Ethernet input and process them.

PR: kern/101162
Submitted by: CoolDavid (Tseng Guo-Fu) <cooldavid cdpa.nsysu.edu.tw>

Do not leak hooks in ng_bypass().

Submitted by: Alexander Motin <mav alkar.net>

Make it buildable.

Unbreak a short one.

Submitted by: maxim

Break long line.

Use hash functions with better distribution. Tested on live traffic.

Submitted by: Alexander Motin <mav alkar.net>

Use bitcount32() from sys/systm.h instead of my own.

Don't use data after free.

Found by: Coverity Prevent
CID: 536
Submitted by: harti (via vs)

Move ethernet VLAN tags from mtags to its own mbuf packet header field
m_pkthdr.ether_vlan. The presence of the M_VLANTAG flag on the mbuf
signifies the presence and validity of its content.

Drivers that support hardware VLAN tag stripping fill in the received
VLAN tag (containing both vlan and priority information) into the
ether_vtag mbuf packet header field:

m->m_pkthdr.ether_vtag = vlan_id; /* ntohs()? */
m->m_flags |= M_VLANTAG;

to mark the packet m with the specified VLAN tag.

On output the driver should check the mbuf for the M_VLANTAG flag to
see if a VLAN tag is present and valid:

if (m->m_flags & M_VLANTAG) {
... = m->m_pkthdr.ether_vtag; /* htons()? */
... pass tag to hardware ...
}

VLAN tags are stored in host byte order. Byte swapping may be necessary.

(Note: This driver conversion was mechanic and did not add or remove any
byte swapping in the drivers.)

Remove zone_mtag_vlan UMA zone and MTAG_VLAN definition. No more tag
memory allocation have to be done.

Reviewed by: thompsa, yar
Sponsored by: TCP/IP Optimization Fundraise 2005

Fix input byte counting. Now the sum of the ipackets/ibytes counters
of individual interfaces should match the ipackets/ibytes counter of
the aggregate (FEC) interface.

PR: kern/82189
Submitted by: Stikheev Andrew <sand AT zunet DOT ru>
MFC after: 3 days

Make it possible to set a larger MTU by attempting to set MTUs on all
trunk ports first. If that succeeds, and we're inside our own bounds,
so be it.

Still not ideal -- adding a port after changing an MTU doesn't change
port's MTU, but a step in the right direction.

PR: kern/95417
Submitted by: Vladimir Ivanov <wawa AT yandex-team DOT ru>
MFC after: 3 days

I've slightly edited a patch to make the conditional logic positive
and remove (what I think was) a redundant ng_fec_init() call.

SIOCSIFFLAGS doesn't require an argument in kernel land; instead, flags
are supposed to be set directly in ifnet already. This change fixes a
panic when ng_eiface node is attached to ng_fec node and the latter is
shut down (ng_fec sets flags and then calls SIOCSIFFLAGS with a NULL
argument).

MFC after: 3 days

s/USBDEVNAME/device_get_nameunit/g
s/USBBASEDEVICE/device_t/g

more usb fallout changes

- Catch up with ongoing rwatson's socket work;

- Fix a couple of LORs and panics;

- Temporarily remove the code that tries to cleanup sockets that stuck
on accepting queues (both complete and incomplete). I'm taking an ostrich
approach here until I find a better way to deal with sockets that were
disconnected before accepting (i.e. while socket was on complete or
incomplete accept queue).

Fix another fallout from the IF_LLADDR() type change.

Spotted by: mwlucas

Define mtu as u_int16_t not as int. This should fix problem with rfcomm
on sparc64.

Reported by: Andrew Belashov <bel at orel dot ru>
Tested by: Andrew Belashov <bel at orel dot ru>
MFC after: 3 days

Some perfectionizm against last revision.

Submitted by: ru

Fix ng_pppoe(4) after turning off "autosrc feature" on ng_ether(4).

- Store the Ethernet header in node softc.
- Initialize header with dst addr and ethertype in node
constructor method.
- In node connect method send NGM_ETHER_GET_ENADDR message
downwards.
- If received reply from ng_ether(4) store the src addr
in softc.
- Add NGM_PPPOE_SETENDADDR message that allows user to
override the address with whatever he/she wants.

- Use log(9) instead of printf(9).
- Print node ID, where possible.
- Prepend log messages with function name, or at least with "ng_pppoe".

Reviewed by: julian
Tested by: Joao Barros <joao.barros gmail.com>

Turn off by default "feature" that overwrites MAC address
on output frames.

Many people were confused with not working CARP, ng_bridge(4)
and other subsystems, because ng_ether(4) overwritten source
MAC address.

Remove the dependency of bridgestp.h on if_bridgevar.h by moving a couple of
private structures to if_bridge.c.

Fixing compilation bustage: net/if_bridgevar.h depends on net/bridgestp.h.

soreceive_generic(), and sopoll_generic(). Add new functions sosend(),
soreceive(), and sopoll(), which are wrappers for pru_sosend,
pru_soreceive, and pru_sopoll, and are now used univerally by socket
consumers rather than either directly invoking the old so*() functions
or directly invoking the protocol switch method (about an even split
prior to this commit).

This completes an architectural change that was begun in 1996 to permit
protocols to provide substitute implementations, as now used by UDP.
Consumers now uniformly invoke sosend(), soreceive(), and sopoll() to
perform these operations on sockets -- in particular, distributed file
systems and socket system calls.

Architectural head nod: sam, gnn, wollman

Change semantics of socket close and detach. Add a new protocol switch
function, pru_close, to notify protocols that the file descriptor or
other consumer of a socket is closing the socket. pru_abort is now a
notification of close also, and no longer detaches. pru_detach is no
longer used to notify of close, and will be called during socket
tear-down by sofree() when all references to a socket evaporate after
an earlier call to abort or close the socket. This means detach is now
an unconditional teardown of a socket, whereas previously sockets could
persist after detach of the protocol retained a reference.

This faciliates sharing mutexes between layers of the network stack as
the mutex is required during the checking and removal of references at
the head of sofree(). With this change, pru_detach can now assume that
the mutex will no longer be required by the socket layer after
completion, whereas before this was not necessarily true.

Reviewed by: gnn

Replace inb() and outb() with bus_space_read_1() and bus_space_write_1()

Submitted by: marius
MFC after: 1 week

A netgraph node that can do different manipulations with
mbuf_tags(9) on packets.

Submitted by: Vadim Goncharov <vadimnuclight tpu.ru>
mdoc(7) reviewed by: ru

Use kern_kldload() and kern_kldunload() to load and unload modules when
we intend for the user to be able to unload them later via kldunload(2)
instead of calling linker_load_module() and then directly adjusting the
ref count on the linker file structure. This makes the resulting
consumer code simpler and cleaner and better hides the linker internals
making it possible to sanely lock the linker.

When counting nodes second time, use the same criteria as for
the first time.

PR: kern/98529
Submitted by: Michael Heyman

Use NET_CALLOUT_MPSAFE for netgraph callout initializer.

add missed calls to bpf_peers_present

Conditionally acquire Giant in netgraph callouts to honor mpsafenet=0.

Reported by: sekes <gexlie at gmail dot com>
MFC after: 1 week

Replace the array initialization using the gcc-specific format
[constant] value
with the C99 format
[constant] = value

Add new SIOC_HCI_RAW_NODE_LIST_NAMES ioctl. User-space applications can
use this ioctl to obtain the list of HCI nodes. User-space application
is expected to preallocate 'ng_btsocket_hci_raw_node_list_names' structure
and set limit in 'num_nodes' field. The 'nodes' field should be allocated
as well and it should have space for at least 'num_nodes' elements.

The SIOC_HCI_RAW_NODE_LIST_NAMES should be issued on bound raw HCI socket.
It does not really really matter what HCI name the socket is bound to, as
long as it is not empty.

MFC after: 1 week

Remove unneeded check.

Coverity ID: 445

Do not leak kernel memory in case if userland has been compiled
against older NG_VERSION.

Coverity ID: 1131

o Replace disappeared URLs to Cisco docs by new ones, style.
No functional changes.

o Set to zero engine_type, engine_id and pad (cisco calls it
sampling_interval) fields in netflow v5 header. We do not use
them but some netflow tools show garbage.

PR: kern/96296
Submitted by: David Duchscher
Approved by: glebius
MFC after: 1 week

Correct assertion in ng_detach().

Submitted by: tegge
MFC after: 3 months

Chance protocol switch method pru_detach() so that it returns void
rather than an error. Detaches do not "fail", they other occur or
the protocol flags SS_PROTOREF to take ownership of the socket.

soclose() no longer looks at so_pcb to see if it's NULL, relying
entirely on the protocol to decide whether it's time to free the
socket or not using SS_PROTOREF. so_pcb is now entirely owned and
managed by the protocol code. Likewise, no longer test so_pcb in
other socket functions, such as soreceive(), which have no business
digging into protocol internals.

Protocol detach routines no longer try to free the socket on detach,
this is performed in the socket code if the protocol permits it.

In rts_detach(), no longer test for rp != NULL in detach, and
likewise in other protocols that don't permit a NULL so_pcb, reduce
the incidence of testing for it during detach.

netinet and netinet6 are not fully updated to this change, which
will be in an upcoming commit. In their current state they may leak
memory or panic.

MFC after: 3 months

Change protocol switch pru_abort() API so that it returns void rather
than an int, as an error here is not meaningful. Modify soabort() to
unconditionally free the socket on the return of pru_abort(), and
modify most protocols to no longer conditionally free the socket,
since the caller will do this.

This commit likely leaves parts of netinet and netinet6 in a situation
where they may panic or leak memory, as they have not are not fully
updated by this commit. This will be corrected shortly in followup
commits to these components.

MFC after: 3 months

Free private data when deleting hook.

PR: kern/93952
Submitted by: Antoine Brodin <antoine.brodin laposte.net>

Clear csum_flags after reading data from socket buffer. Otherwise,
if ksocket is connected to an interface-type node somewhere later
in the graph (e.g., ng_eiface or ng_iface), the csum_data may be
applied to a wrong packet (if we encapsulate Ethernet or IP).

MFC after: 3 days

Remove unused now field.

Unbreak this.

Don't count output bytes twice (the byte accouting is done
in if.c). Count output errors.

MFC after: 3 days

- Increase maximum number of interfaces to 2048.
- Regroup softc so that frequently used elements are
grouped in the beginning, while the interfaces
array is at the end.

Two fixes:

- Run send queue down to completion, not just one packet.
It has been observed to cause a stall queue otherwise.

- Prevent queueing multiple function calls to a node.

MFC after: 3 days

Fix module from panic.
Pointy hat: brooks
MFC after: 3 days

o Introduce D-Link compat mode, that is default to off and can be set
by NGM_PPPOE_SETMODE message. When D-Link compat mode is on, we will
broadcast PADI with empty Service-Name to all listening hooks.
o Rewrite the compatibility options. Before we had two modes - standard
and non-standard (aka 3Com). Now we have standard mode and two compat
flags, that can be combined.
o Be consistent and do s/STUPID/3COM/g. I don't say that 3Com mode isn't
stupid, just want to make code easier to read.

From the RFC2516 it is not clear, what is the correct behavior for a
PPPoE AC, servicing a specific Service-Name, when client sends a PADI
with an empty Service-Name. Should it reply with all available service
names or should it be silent? Our implementation had chosen the latter,
while some other had chosen the former (they say Linux and Cisco). Now
some PPPoE clients appear, that rely on the assumption that AC will
send all names in a PADO reply to a PADI with wildcard Service-Name.
These clients can't connect to FreeBSD AC.

I have requested comments from authors of RFC2516 via email, but
received no reply.

This change makes FreeBSD AC compatible with D-Link DI-614+ and
D-Link DI-624+ SOHO routers, and probably others.

Big thanks to D-Link's Russian office, namely Victor Platov, for
assistance and support in investigation and testing of this change.

Details:
o Split pppoe_match_svc() into three different functions serving
different purposes:
- pppoe_match_svc() - match non-empty Service-Name tag from PADI
against all available hooks in listening state.
- pppoe_find_svc() - check that given Service-Name is not yet
registered.
- pppoe_broadcast_padi() - send a copy of PADI packet with empty
Service-Name tag to all listening hooks.
o For NGM_PPPOE_LISTEN message use pppoe_find_svc().
o In ng_pppoe_rcvdata() in a PADI case use pppoe_match_svc() for
a non-empty Service-Name tag, and pppoe_broadcast_padi() in
either case.

A side effect from the above changes is that now pppoed(8) and mpd
will reply to a empty Service-Name PADI sending a PADO with two
Service-Name tags - an empty one and correct one. This is not fatal,
and will be corrected in pppoed(8) and mpd later. No need to update
node interface version.

Supported by: D-Link

Simplify ng_source_send() removing temporary queue and merging two
cycles into one.

- Remove debugging printfs.
- Add some ktr(4) debugging.
- Whitespaces at eols.
- Tidy up comments.
- u_intXX -> uintXX

Fix two accesses to uninitialized variables that a revision 1.27
has introduced.

Found with: Coverity Prevent(tm)

Initialize variable.

Found with: Coverity Prevent(tm)

Make code simplier fixing memory leak.

Found with: Coverity Prevent(tm)

Remove dead code.

Found with: Coverity Prevent(tm)

Correct off-by-one errors.

Found with: Coverity Prevent(tm)

Fix two memory leakages.

Found with: Coverity Prevent(tm)

When sending export datagram from interrupt thread, use NG_QUEUE
in flags. When sending export datagram from expiry thread, then
use default zero flags. This removes unpleasant contention of the
interrupt thread on mutexes (usually ng_ksocket's socket buffer
mutex).

Provide additional macros for sending netgraph items, which allow
to use non-default flags for netgraph functions. Implement current
macros via new ones.

- Print also node ID in ktr(9) messages. [1]
- Use fixed length for function name, making ktrdump(8) output
easier to read.

Suggested by: julian [1]

Do not force queueing on peer hooks. This was important only for
5.0-CURRENT. And it looks like this didn't work before Julian's
revamp of netgraph queue code.

Reviewed by: julian

Remove old debugging leftover.

Reviewed by: julian

Mark appropriate commands with NGM_READONLY and NGM_HASREPLY and
bump type cookie.

In the splnet(9) times netgraph(4) was synchronous and if a message
had been replied, the reply was always delivered to the originator
synchronously.

With introduction of netgraph item callbacks and a wait channel with
mutex in ng_socket(4), we have fixed the problem with ngctl(8) returning
earlier than the command has been proceeded by target node. But still
ngctl(8) can return prior to the reply has arrived to its node.

To fix this:
- Introduce a new flag for netgraph(4) messages - NGM_HASREPLY.
This flag is or'ed with message like NGM_READONLY.
- In netgraph userland library if we have sent a message with
NGM_HASREPLY flag, then select(2) until reply comes.
- Mark appropriate generic commands with NGM_HASREPLY flag,
gathering them into one enum {}. Bump generic cookie.

Fix wording in last commit.

Submitted by: julian

Add ktr(9) hooks to easier tracing of the netgraph item flow through
netgraph.

In ng_netflow_disconnect() check whether we are working with "iface"
or with "out" hook, and clear the right pointer.

Reported by: Vitaliy Ovsyannikov <V.Ovsyannikov kr.ru>

Implement an upper limit for packets per second sent by node.