#
360299 |
|
25-Apr-2020 |
kp |
MFC r360068:
ethersubr: Make the mac address generation more robust
If we create two (vnet) jails and create a bridge interface in each we end up with the same mac address on both bridge interfaces. These very often conflicts, resulting in same mac address in both jails.
Mitigate this problem by including the jail name in the mac address.
|
#
346783 |
|
27-Apr-2019 |
kevans |
MFC r345139, r345151, r346324, r346328: ether_gen_addr KPI
if_bridge and if_vxlan conversion to this deterministic MAC address KPI has been MFC as well. This is potentially error prone as the generated address range for these has decreased, but I've deemed this acceptable for stable branches due to collisions for thees interfaces being easily remedied.
I have no intention of switching anything else to this KPI in any stable branches.
r345139: ether: centralize fake hwaddr generation
We currently have two places with identical fake hwaddr generation -- if_vxlan and if_bridge. Lift it into if_ethersubr for reuse in other interfaces that may also need a fake addr.
r345151: ether_fakeaddr: Use 'b' 's' 'd' for the prefix
This has the advantage of being obvious to sniff out the designated prefix by eye and it has all the right bits set. Comment stolen from ffec.
I've removed bryanv@'s pending question of using the FreeBSD OUI range -- no one has followed up on this with a definitive action, and there's no particular reason to shoot for it and the administrative overhead that comes with deciding exactly how to use it.
r346324: net: adjust randomized address bits
Give devices that need a MAC a 16-bit allocation out of the FreeBSD Foundation OUI range. Change the name ether_fakeaddr to ether_gen_addr now that we're dealing real MAC addresses with a real OUI rather than random locally-administered addresses.
r346328: Compile sha1.c when ether support is included
sha1 is used by ether_gen_addr after r346324. Perhaps in an ideal world we could detect that the kernel's been compiled without sha1_* bits included and silently fallback to arc4random instead because these platforms/kernel configs are far and few between. It's fairly lightweight, though, so just include it for now.
|
#
338937 |
|
25-Sep-2018 |
jpaetzel |
MFC r303811:
Extract out the various local definitions of ETHER_IS_BROADCAST() and turn them into a shared definition.
Set M_MCAST/M_BCAST appropriately upon packet reception in net80211, just before they are delivered up to the ethernet stack.
Submitted by: rstone
|
#
337462 |
|
08-Aug-2018 |
ae |
MFC r331098 (by melifaro): Fix outgoing TCP/UDP packet drop on arp/ndp entry expiration.
Current arp/nd code relies on the feedback from the datapath indicating that the entry is still used. This mechanism is incorporated into the arpresolve()/nd6_resolve() routines. After the inpcb route cache introduction, the packet path for the locally-originated packets changed, passing cached lle pointer to the ether_output() directly. This resulted in the arp/ndp entry expire each time exactly after the configured max_age interval. During the small window between the ARP/NDP request and reply from the router, most of the packets got lost.
Fix this behaviour by plugging datapath notification code to the packet path used by route cache. Unify the notification code by using single inlined function with the per-AF callbacks.
|
#
333101 |
|
30-Apr-2018 |
hselasky |
MFC r333015: Add network device event for priority code point, PCP, changes.
When the PCP is changed for either a VLAN network interface or when prio tagging is enabled for a regular ethernet network interface, broadcast the IFNET_EVENT_PCP event so applications like ibcore can update its GID tables accordingly.
Reviewed by: ae, kib Differential Revision: https://reviews.freebsd.org/D15040 Sponsored by: Mellanox Technologies
|
#
332991 |
|
25-Apr-2018 |
kib |
MFC r331622: Allow to specify PCP on packets not belonging to any VLAN.
Sponsored by: Mellanox Technologies
|
#
332513 |
|
15-Apr-2018 |
kp |
MFC r331436:
netpfil: Introduce PFIL_FWD flag
Forwarded packets passed through PFIL_OUT, which made it difficult for firewalls to figure out if they were forwarding or producing packets. This in turn is an issue for pf for IPv6 fragment handling: it needs to call ip6_output() or ip6_forward() to handle the fragments. Figuring out which was difficult (and until now, incorrect). Having pfil distinguish the two removes an ugly piece of code from pf.
Introduce a new variant of the netpfil callbacks with a flags variable, which has PFIL_FWD set for forwarded packets. This allows pf to reliably work out if a packet is forwarded.
|
#
332159 |
|
06-Apr-2018 |
brooks |
MFC r331648:
Improve copy-and-pasted versions of SIOCGIFADDR.
The original implementation used a reference to ifr_data and a cast to do the equivalent of accessing ifr_addr. This was copied multiple times since 1996.
Approved by: kib Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D14873
|
#
331722 |
|
29-Mar-2018 |
eadler |
Revert r330897:
This was intended to be a non-functional change. It wasn't. The commit message was thus wrong. In addition it broke arm, and merged crypto related code.
Revert with prejudice.
This revert skips files touched in r316370 since that commit was since MFCed. This revert also skips files that require $FreeBSD$ property changes.
Thank you to those who helped me get out of this mess including but not limited to gonzo, kevans, rgrimes.
Requested by: gjb (re)
|
#
330897 |
|
14-Mar-2018 |
eadler |
Partial merge of the SPDX changes
These changes are incomplete but are making it difficult to determine what other changes can/should be merged.
No objections from: pfg
|
#
321747 |
|
31-Jul-2017 |
sephe |
MFC 321406
ethernet: Add ethernet interface attached event and devctl notification.
ifnet_arrival_event may not be adequate under certain situation; e.g. when the LLADDR is needed. So the ethernet ifattach event is announced after all necessary bits are setup.
Sponsored by: Microsoft Differential Revision: https://reviews.freebsd.org/D11617
|
#
318397 |
|
17-May-2017 |
rpokala |
MFC r318160, 318176: Persistently store NIC's hardware MAC address, and add a way to retrive it
The MAC address reported by `ifconfig ${nic} ether' does not always match the address in the hardware, as reported by the driver during attach. In particular, NICs which are components of a lagg(4) interface all report the same MAC.
When attaching, the NIC driver passes the MAC address it read from the hardware as an argument to ether_ifattach(). Keep a second copy of it, and create ioctl(SIOCGHWADDR) to return it. Teach `ifconfig' to report it along with the active MAC address.
PR: 194386
|
#
302408 |
|
07-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
301498 |
|
06-Jun-2016 |
bz |
Make the KASSERT message more helpful by also printing the ifp information which we are asserting.
Obtained from: projects/vnet MFC after: 2 weeks Sponsored by: The FreeBSD Foundation
|
#
301270 |
|
03-Jun-2016 |
bz |
Introduce a per-VNET flag to enable/disable netisr prcessing on that VNET. Add accessor functions to toggle the state per VNET. The base system (vnet0) will always enable itself with the normal registration. We will share the registered protocol handlers in all VNETs minimising duplication and management. Upon disabling netisr processing for a VNET drain the netisr queue from packets for that VNET.
Update netisr consumers to (de)register on a per-VNET start/teardown using VNET_SYS(UN)INIT functionality.
The change should be transparent for non-VIMAGE kernels.
Reviewed by: gnn (, hiren) Obtained from: projects/vnet MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D6691
|
#
301217 |
|
02-Jun-2016 |
gnn |
This change re-adds L2 caching for TCP and UDP, as originally added in D4306 but removed due to other changes in the system. Restore the llentry pointer to the "struct route", and use it to cache the L2 lookup (ARP or ND6) as appropriate.
Submitted by: Mike Karels Differential Revision: https://reviews.freebsd.org/D6262
|
#
298985 |
|
03-May-2016 |
bz |
Remove the most useful INET || INET6 check leftover from whenever, doing nothing.
MFC after: 1 week Sponsored by: The FreeBSD Foundation
|
#
298075 |
|
15-Apr-2016 |
pfg |
sys/net* : for pointers replace 0 with NULL.
Mostly cosmetical, no functional change.
Found with devel/coccinelle.
|
#
293544 |
|
09-Jan-2016 |
melifaro |
Finish r275196: do not dereference rtentry in if_output() routines.
The only piece of information that is required is rt_flags subset.
In particular, if_loop() requires RTF_REJECT and RTF_BLACKHOLE flags to check if this particular mbuf needs to be dropped (and what error should be returned). Note that if_loop() will always return EHOSTUNREACH for "reject" routes regardless of RTF_HOST flag existence. This is due to upcoming routing changes where RTF_HOST value won't be available as lookup result.
All other functions require RTF_GATEWAY flag to check if they need to return EHOSTUNREACH instead of EHOSTDOWN error.
There are 11 places where non-zero 'struct route' is passed to if_output(). For most of the callers (forwarding, bpf, arp) does not care about exact error value. In fact, the only place where this result is propagated is ip_output(). (ip6_output() passes NULL route to nd6_output_ifp()).
Given that, add 3 new 'struct route' flags (RT_REJECT, RT_BLACKHOLE and RT_IS_GW) and inline function (rt_update_ro_flags()) to copy necessary rte flags to ro_flags. Call this function in ip_output() after looking up/ verifying rte.
Reviewed by: ae
|
#
293035 |
|
01-Jan-2016 |
melifaro |
Remove second EVENTHANDLER_REGISTER slipped in r292978. Describe the reason of doing unconditional M_PREPEND in ether_output().
|
#
292978 |
|
31-Dec-2015 |
melifaro |
Implement interface link header precomputation API.
Add if_requestencap() interface method which is capable of calculating various link headers for given interface. Right now there is support for INET/INET6/ARP llheader calculation (IFENCAP_LL type request). Other types are planned to support more complex calculation (L2 multipath lagg nexthops, tunnel encap nexthops, etc..).
Reshape 'struct route' to be able to pass additional data (with is length) to prepend to mbuf.
These two changes permits routing code to pass pre-calculated nexthop data (like L2 header for route w/gateway) down to the stack eliminating the need for other lookups. It also brings us closer to more complex scenarios like transparently handling MPLS nexthops and tunnel interfaces. Last, but not least, it removes layering violation introduced by flowtable code (ro_lle) and simplifies handling of existing if_output consumers.
ARP/ND changes: Make arp/ndp stack pre-calculate link header upon installing/updating lle record. Interface link address change are handled by re-calculating headers for all lles based on if_lladdr event. After these changes, arpresolve()/nd6_resolve() returns full pre-calculated header for supported interfaces thus simplifying if_output(). Move these lookups to separate ether_resolve_addr() function which ether returs error or fully-prepared link header. Add <arp|nd6_>resolve_addr() compat versions to return link addresses instead of pre-calculated data.
BPF changes: Raw bpf writes occupied _two_ cases: AF_UNSPEC and pseudo_AF_HDRCMPLT. Despite the naming, both of there have ther header "complete". The only difference is that interface source mac has to be filled by OS for AF_UNSPEC (controlled via BIOCGHDRCMPLT). This logic has to stay inside BPF and not pollute if_output() routines. Convert BPF to pass prepend data via new 'struct route' mechanism. Note that it does not change non-optimized if_output(): ro_prepend handling is purely optional. Side note: hackish pseudo_AF_HDRCMPLT is supported for ethernet and FDDI. It is not needed for ethernet anymore. The only remaining FDDI user is dev/pdq mostly untouched since 2007. FDDI support was eliminated from OpenBSD in 2013 (sys/net/if_fddisubr.c rev 1.65).
Flowtable changes: Flowtable violates layering by saving (and not correctly managing) rtes/lles. Instead of passing lle pointer, pass pointer to pre-calculated header data from that lle.
Differential Revision: https://reviews.freebsd.org/D4102
|
#
290383 |
|
05-Nov-2015 |
gnn |
Replace the fastforward path with tryforward which does not require a sysctl and will always be on. The former split between default and fast forwarding is removed by this commit while preserving the ability to use all network stack features.
Differential Revision: https://reviews.freebsd.org/D4042 Reviewed by: ae, melifaro, olivier, rwatson MFC after: 1 month Sponsored by: Rubicon Communications (Netgate)
|
#
287861 |
|
16-Sep-2015 |
melifaro |
Simplify the way of attaching IPv6 link-layer header.
Problem description: How do we currently perform layer 2 resolution and header imposition:
For IPv4 we have the following chain: ip_output() -> (ether|atm|whatever)_output() -> arpresolve()
Lookup is done in proper place (link-layer output routine) and it is possible to provide cached lle data.
For IPv6 situation is more complex: ip6_output() -> nd6_output() -> nd6_output_ifp() -> (whatever)_output() -> nd6_storelladdr()
We have ip6_ouput() which calls nd6_output() instead of link output routine. nd6_output() does the following: * checks if lle exists, creates it if needed (similar to arpresolve()) * performes lle state transitions (similar to arpresolve()) * calls nd6_output_ifp() which pushes packets to link output routine along with running SeND/MAC hooks regardless of lle state (e.g. works as run-hooks placeholder).
After that, iface output routine like ether_output() calls nd6_storelladdr() which performs lle lookup once again.
As a result, we perform lookup twice for each outgoing packet for most types of interfaces. We also need to maintain runtime-checked table of 'nd6-free' interfaces (see nd6_need_cache()).
Fix this behavior by eliminating first ND lookup. To be more specific: * make all nd6_output() consumers use nd6_output_ifp() instead * rename nd6_output[_slow]() to nd6_resolve_[slow]() * convert nd6_resolve() and nd6_resolve_slow() to arpresolve() semantics, e.g. copy L2 address to buffer instead of pushing packet towards lower layers * Make all nd6_storelladdr() users use nd6_resolve() * eliminate nd6_storelladdr()
The resulting callchain is the following: ip6_output() -> nd6_output_ifp() -> (whatever)_output() -> nd6_resolve()
Error handling: Currently sending packet to non-existing la results in ip6_<output|forward> -> nd6_output() -> nd6_output _lle() which returns 0. In new scenario packet is propagated to <ether|whatever>_output() -> nd6_resolve() which will return EWOULDBLOCK, and that result will be converted to 0.
(And EWOULDBLOCK is actually used by IB/TOE code).
Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D1469
|
#
287859 |
|
16-Sep-2015 |
ae |
Use KASSERT for some checks, that are late to do.
Discussed with: melifaro, glebius
|
#
287856 |
|
16-Sep-2015 |
oleg |
Remove superfluous m_freem().
MFC after: 1 month
|
#
284959 |
|
30-Jun-2015 |
markm |
Huge cleanup of random(4) code.
* GENERAL - Update copyright. - Make kernel options for RANDOM_YARROW and RANDOM_DUMMY. Set neither to ON, which means we want Fortuna - If there is no 'device random' in the kernel, there will be NO random(4) device in the kernel, and the KERN_ARND sysctl will return nothing. With RANDOM_DUMMY there will be a random(4) that always blocks. - Repair kern.arandom (KERN_ARND sysctl). The old version went through arc4random(9) and was a bit weird. - Adjust arc4random stirring a bit - the existing code looks a little suspect. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Redo read_random(9) so as to duplicate random(4)'s read internals. This makes it a first-class citizen rather than a hack. - Move stuff out of locked regions when it does not need to be there. - Trim RANDOM_DEBUG printfs. Some are excess to requirement, some behind boot verbose. - Use SYSINIT to sequence the startup. - Fix init/deinit sysctl stuff. - Make relevant sysctls also tunables. - Add different harvesting "styles" to allow for different requirements (direct, queue, fast). - Add harvesting of FFS atime events. This needs to be checked for weighing down the FS code. - Add harvesting of slab allocator events. This needs to be checked for weighing down the allocator code. - Fix the random(9) manpage. - Loadable modules are not present for now. These will be re-engineered when the dust settles. - Use macros for locks. - Fix comments.
* src/share/man/... - Update the man pages.
* src/etc/... - The startup/shutdown work is done in D2924.
* src/UPDATING - Add UPDATING announcement.
* src/sys/dev/random/build.sh - Add copyright. - Add libz for unit tests.
* src/sys/dev/random/dummy.c - Remove; no longer needed. Functionality incorporated into randomdev.*.
* live_entropy_sources.c live_entropy_sources.h - Remove; content moved. - move content to randomdev.[ch] and optimise.
* src/sys/dev/random/random_adaptors.c src/sys/dev/random/random_adaptors.h - Remove; plugability is no longer used. Compile-time algorithm selection is the way to go.
* src/sys/dev/random/random_harvestq.c src/sys/dev/random/random_harvestq.h - Add early (re)boot-time randomness caching.
* src/sys/dev/random/randomdev_soft.c src/sys/dev/random/randomdev_soft.h - Remove; no longer needed.
* src/sys/dev/random/uint128.h - Provide a fake uint128_t; if a real one ever arrived, we can use that instead. All that is needed here is N=0, N++, N==0, and some localised trickery is used to manufacture a 128-bit 0ULLL.
* src/sys/dev/random/unit_test.c src/sys/dev/random/unit_test.h - Improve unit tests; previously the testing human needed clairvoyance; now the test will do a basic check of compressibility. Clairvoyant talent is still a good idea. - This is still a long way off a proper unit test.
* src/sys/dev/random/fortuna.c src/sys/dev/random/fortuna.h - Improve messy union to just uint128_t. - Remove unneeded 'static struct fortuna_start_cache'. - Tighten up up arithmetic. - Provide a method to allow eternal junk to be introduced; harden it against blatant by compress/hashing. - Assert that locks are held correctly. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Turn into self-sufficient module (no longer requires randomdev_soft.[ch])
* src/sys/dev/random/yarrow.c src/sys/dev/random/yarrow.h - Improve messy union to just uint128_t. - Remove unneeded 'staic struct start_cache'. - Tighten up up arithmetic. - Provide a method to allow eternal junk to be introduced; harden it against blatant by compress/hashing. - Assert that locks are held correctly. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Turn into self-sufficient module (no longer requires randomdev_soft.[ch]) - Fix some magic numbers elsewhere used as FAST and SLOW.
Differential Revision: https://reviews.freebsd.org/D2025 Reviewed by: vsevolod,delphij,rwatson,trasz,jmg Approved by: so (delphij)
|
#
277331 |
|
18-Jan-2015 |
adrian |
Refactor / restructure the RSS code into generic, IPv4 and IPv6 specific bits.
The motivation here is to eventually teach netisr and potentially other networking subsystems a bit more about how RSS work queues / buckets are configured so things have a hope of auto-configuring in the future.
* net/rss_config.[ch] takes care of the generic bits for doing configuration, hash function selection, etc; * topelitz.[ch] is now in net/ rather than netinet/; * (and would be in libkern if it didn't directly include RSS_KEYSIZE; that's a later thing to fix up.) * netinet/in_rss.[ch] now just contains the IPv4 specific methods; * and netinet/in6_rss.[ch] now just contains the IPv6 specific methods.
This should have no functional impact on anyone currently using the RSS support.
Differential Revision: D1383 Reviewed by: gnn, jfv (intel driver bits)
|
#
275197 |
|
27-Nov-2014 |
melifaro |
Fix build broken by r275195.
|
#
275196 |
|
27-Nov-2014 |
melifaro |
Do not return unlocked/unreferenced lle in arpresolve/nd6_storelladdr - return lle flags IFF needed. Do not pass rte to arpresolve - pass is_gateway flag instead.
|
#
275195 |
|
27-Nov-2014 |
melifaro |
Do not try to copy header to @dst and than back to ethernet in case of pseudo_AF_HDRCMPLT:
we copy media header from mbuf to 'struct sockaddr' @dst in bpf_movein, so mbuf already contains valid info.
|
#
274307 |
|
09-Nov-2014 |
glebius |
Remove remnants of if_ef(4).
|
#
274231 |
|
07-Nov-2014 |
glebius |
Remove struct arpcom. It is unused by most interface types, that allocate it, except Ethernet, where it carried ng_ether(4) pointer. For now carry the pointer in if_l2com directly.
Sponsored by: Netflix Sponsored by: Nginx, Inc.
|
#
273872 |
|
30-Oct-2014 |
markm |
This is the much-discussed major upgrade to the random(4) device, known to you all as /dev/random.
This code has had an extensive rewrite and a good series of reviews, both by the author and other parties. This means a lot of code has been simplified. Pluggable structures for high-rate entropy generators are available, and it is most definitely not the case that /dev/random can be driven by only a hardware souce any more. This has been designed out of the device. Hardware sources are stirred into the CSPRNG (Yarrow, Fortuna) like any other entropy source. Pluggable modules may be written by third parties for additional sources.
The harvesting structures and consequently the locking have been simplified. Entropy harvesting is done in a more general way (the documentation for this will follow). There is some GREAT entropy to be had in the UMA allocator, but it is disabled for now as messing with that is likely to annoy many people.
The venerable (but effective) Yarrow algorithm, which is no longer supported by its authors now has an alternative, Fortuna. For now, Yarrow is retained as the default algorithm, but this may be changed using a kernel option. It is intended to make Fortuna the default algorithm for 11.0. Interested parties are encouraged to read ISBN 978-0-470-47424-2 "Cryptography Engineering" By Ferguson, Schneier and Kohno for Fortuna's gory details. Heck, read it anyway.
Many thanks to Arthur Mesh who did early grunt work, and who got caught in the crossfire rather more than he deserved to.
My thanks also to folks who helped me thresh this out on whiteboards and in the odd "Hallway track", or otherwise.
My Nomex pants are on. Let the feedback commence!
Reviewed by: trasz,des(partial),imp(partial?),rwatson(partial?) Approved by: so(des)
|
#
271867 |
|
19-Sep-2014 |
glebius |
Mechanically convert to if_inc_counter().
|
#
263198 |
|
14-Mar-2014 |
rwatson |
Several years after initial development, merge prototype support for linking NIC Receive Side Scaling (RSS) to the network stack's connection-group implementation. This prototype (and derived patches) are in use at Juniper and several other FreeBSD-using companies, so despite some reservations about its maturity, merge the patch to the base tree so that it can be iteratively refined in collaboration rather than maintained as a set of gradually diverging patch sets.
(1) Merge a software implementation of the Toeplitz hash specified in RSS implemented by David Malone. This is used to allow suitable pcbgroup placement of connections before the first packet is received from the NIC. Software hashing is generally avoided, however, due to high cost of the hash on general-purpose CPUs.
(2) In in_rss.c, maintain authoritative versions of RSS state intended to be pushed to each NIC, including keying material, hash algorithm/ configuration, and buckets. Provide software-facing interfaces to hash 2- and 4-tuples for IPv4 and IPv6 using both the RSS standardised Toeplitz and a 'naive' variation with a hash efficient in software but with poor distribution properties. Implement rss_m2cpuid()to be used by netisr and other load balancing code to look up the CPU on which an mbuf should be processed.
(3) In the Ethernet link layer, allow netisr distribution using RSS as a source of policy as an alternative to source ordering; continue to default to direct dispatch (i.e., don't try and requeue packets for processing on the 'right' CPU if they arrive in a directly dispatchable context).
(4) Allow RSS to control tuning of connection groups in order to align groups with RSS buckets. If a packet arrives on a protocol using connection groups, and contains a suitable hardware-generated hash, use that hash value to select the connection group for pcb lookup for both IPv4 and IPv6. If no hardware-generated Toeplitz hash is available, we fall back on regular PCB lookup risking contention rather than pay the cost of Toeplitz in software -- this is a less scalable but, at my last measurement, faster approach. As core counts go up, we may want to revise this strategy despite CPU overhead.
Where device drivers suitably configure NICs, and connection groups / RSS are enabled, this should avoid both lock and line contention during connection lookup for TCP. This commit does not modify any device drivers to tune device RSS configuration to the global RSS configuration; patches are in circulation to do this for at least Chelsio T3 and Intel 1G/10G drivers. Currently, the KPI for device drivers is not particularly robust, nor aware of more advanced features such as runtime reconfiguration/rebalancing. This will hopefully prove a useful starting point for refinement.
No MFC is scheduled as we will first want to nail down a more mature and maintainable KPI/KBI for device drivers.
Sponsored by: Juniper Networks (original work) Sponsored by: EMC/Isilon (patch update and merge)
|
#
263152 |
|
14-Mar-2014 |
glebius |
Remove AppleTalk support.
AppleTalk was a network transport protocol for Apple Macintosh devices in 80s and then 90s. Starting with Mac OS X in 2000 the AppleTalk was a legacy protocol and primary networking protocol is TCP/IP. The last Mac OS X release to support AppleTalk happened in 2009. The same year routing equipment vendors (namely Cisco) end their support.
Thus, AppleTalk won't be supported in FreeBSD 11.0-RELEASE.
|
#
263140 |
|
14-Mar-2014 |
glebius |
Remove IPX support.
IPX was a network transport protocol in Novell's NetWare network operating system from late 80s and then 90s. The NetWare itself switched to TCP/IP as default transport in 1998. Later, in this century the Novell Open Enterprise Server became successor of Novell NetWare. The last release that claimed to still support IPX was OES 2 in 2007. Routing equipment vendors (e.g. Cisco) discontinued support for IPX in 2011.
Thus, IPX won't be supported in FreeBSD 11.0-RELEASE.
|
#
260870 |
|
18-Jan-2014 |
melifaro |
Simplify filling sockaddr_dl structure for if_resolvemulti() callback providers. link_init_sdl() function can be used to fill most of the parameters. Use caller stack instead of allocation / freing memory for each request. Do not drop support for extra-long (probably non-existing) link-layer protocols by introducing link_alloc_sdl() (used by if_resolvemulti() callback) and link_free_sdl() (used by caller). Since this change breaks KBI, MFC requires slightly different approach (link_init_sdl() auto-allocating buffer if necessary to handle cases with unmodified if_resolvemulti() callers).
MFC after: 2 weeks
|
#
258328 |
|
18-Nov-2013 |
gnn |
Allow ethernet drivers to pass in packets connected via the nextpkt pointer. Handling packets in this way allows drivers to amortize work during packet reception.
Submitted by: Vijay Singh Sponsored by: NetApp
|
#
257548 |
|
02-Nov-2013 |
adrian |
Restore the entropy gathering from the m_data pointer value, not the m_data payload.
After talking with markm/bde, this is what markm actually intended.
|
#
257525 |
|
01-Nov-2013 |
adrian |
Convert the random entropy harvesting code to use a const void * pointer rather than just void *.
Then, as part of this, convert a couple of mbuf m->m_data accesses to mtod(m, const void *).
Reviewed by: markm Approved by: security-officer (delphij) Sponsored by: Netflix, Inc.
|
#
257215 |
|
27-Oct-2013 |
glebius |
Move new pf includes to the pf directory. The pfvar.h remain in net, to avoid compatibility breakage for no sake.
The future plan is to split most of non-kernel parts of pfvar.h into pf.h, and then make pfvar.h a kernel only include breaking compatibility.
Discussed with: bz
|
#
257176 |
|
26-Oct-2013 |
glebius |
The r48589 promised to remove implicit inclusion of if_var.h soon. Prepare to this event, adding if_var.h to files that do need it. Also, include all includes that now are included due to implicit pollution via if_var.h
Sponsored by: Netflix Sponsored by: Nginx, Inc.
|
#
256377 |
|
12-Oct-2013 |
markm |
Merge from project branch. Uninteresting commits are trimmed.
Refactor of /dev/random device. Main points include:
* Userland seeding is no longer used. This auto-seeds at boot time on PC/Desktop setups; this may need some tweeking and intelligence from those folks setting up embedded boxes, but the work is believed to be minimal.
* An entropy cache is written to /entropy (even during installation) and the kernel uses this at next boot.
* An entropy file written to /boot/entropy can be loaded by loader(8)
* Hardware sources such as rdrand are fed into Yarrow, and are no longer available raw.
------------------------------------------------------------------------ r256240 | des | 2013-10-09 21:14:16 +0100 (Wed, 09 Oct 2013) | 4 lines
Add a RANDOM_RWFILE option and hide the entropy cache code behind it. Rename YARROW_RNG and FORTUNA_RNG to RANDOM_YARROW and RANDOM_FORTUNA. Add the RANDOM_* options to LINT.
------------------------------------------------------------------------ r256239 | des | 2013-10-09 21:12:59 +0100 (Wed, 09 Oct 2013) | 2 lines
Define RANDOM_PURE_RNDTEST for rndtest(4).
------------------------------------------------------------------------ r256204 | des | 2013-10-09 18:51:38 +0100 (Wed, 09 Oct 2013) | 2 lines
staticize struct random_hardware_source
------------------------------------------------------------------------ r256203 | markm | 2013-10-09 18:50:36 +0100 (Wed, 09 Oct 2013) | 2 lines
Wrap some policy-rich code in 'if NOTYET' until we can thresh out what it really needs to do.
------------------------------------------------------------------------ r256184 | des | 2013-10-09 10:13:12 +0100 (Wed, 09 Oct 2013) | 2 lines
Re-add /dev/urandom for compatibility purposes.
------------------------------------------------------------------------ r256182 | des | 2013-10-09 10:11:14 +0100 (Wed, 09 Oct 2013) | 3 lines
Add missing include guards and move the existing ones out of the implementation namespace.
------------------------------------------------------------------------ r256168 | markm | 2013-10-08 23:14:07 +0100 (Tue, 08 Oct 2013) | 10 lines
Fix some just-noticed problems:
o Allow this to work with "nodevice random" by fixing where the MALLOC pool is defined.
o Fix the explicit reseed code. This was correct as submitted, but in the project branch doesn't need to set the "seeded" bit as this is done correctly in the "unblock" function.
o Remove some debug ifdeffing.
o Adjust comments.
------------------------------------------------------------------------ r256159 | markm | 2013-10-08 19:48:11 +0100 (Tue, 08 Oct 2013) | 6 lines
Time to eat crow for me.
I replaced the sx_* locks that Arthur used with regular mutexes; this turned out the be the wrong thing to do as the locks need to be sleepable. Revert this folly.
# Submitted by: Arthur Mesh <arthurmesh@gmail.com> (In original diff)
------------------------------------------------------------------------ r256138 | des | 2013-10-08 12:05:26 +0100 (Tue, 08 Oct 2013) | 10 lines
Add YARROW_RNG and FORTUNA_RNG to sys/conf/options.
Add a SYSINIT that forces a reseed during proc0 setup, which happens fairly late in the boot process.
Add a RANDOM_DEBUG option which enables some debugging printf()s.
Add a new RANDOM_ATTACH entropy source which harvests entropy from the get_cyclecount() delta across each call to a device attach method.
------------------------------------------------------------------------ r256135 | markm | 2013-10-08 07:54:52 +0100 (Tue, 08 Oct 2013) | 8 lines
Debugging. My attempt at EVENTHANDLER(multiuser) was a failure; use EVENTHANDLER(mountroot) instead.
This means we can't count on /var being present, so something will need to be done about harvesting /var/db/entropy/... .
Some policy now needs to be sorted out, and a pre-sync cache needs to be written, but apart from that we are now ready to go.
Over to review.
------------------------------------------------------------------------ r256094 | markm | 2013-10-06 23:45:02 +0100 (Sun, 06 Oct 2013) | 8 lines
Snapshot.
Looking pretty good; this mostly works now. New code includes:
* Read cached entropy at startup, both from files and from loader(8) preloaded entropy. Failures are soft, but announced. Untested.
* Use EVENTHANDLER to do above just before we go multiuser. Untested.
------------------------------------------------------------------------ r256088 | markm | 2013-10-06 14:01:42 +0100 (Sun, 06 Oct 2013) | 2 lines
Fix up the man page for random(4). This mainly removes no-longer-relevant details about HW RNGs, reseeding explicitly and user-supplied entropy.
------------------------------------------------------------------------ r256087 | markm | 2013-10-06 13:43:42 +0100 (Sun, 06 Oct 2013) | 6 lines
As userland writing to /dev/random is no more, remove the "better than nothing" bootstrap mode.
Add SWI harvesting to the mix.
My box seeds Yarrow by itself in a few seconds! YMMV; more to follow.
------------------------------------------------------------------------ r256086 | markm | 2013-10-06 13:40:32 +0100 (Sun, 06 Oct 2013) | 11 lines
Debug run. This now works, except that the "live" sources haven't been tested. With all sources turned on, this unlocks itself in a couple of seconds! That is no my box, and there is no guarantee that this will be the case everywhere.
* Cut debug prints.
* Use the same locks/mutexes all the way through.
* Be a tad more conservative about entropy estimates.
------------------------------------------------------------------------ r256084 | markm | 2013-10-06 13:35:29 +0100 (Sun, 06 Oct 2013) | 5 lines
Don't use the "real" assembler mnemonics; older compilers may not understand them (like when building CURRENT on 9.x).
# Submitted by: Konstantin Belousov <kostikbel@gmail.com>
------------------------------------------------------------------------ r256081 | markm | 2013-10-06 10:55:28 +0100 (Sun, 06 Oct 2013) | 12 lines
SNAPSHOT.
Simplify the malloc pools; We only need one for this device.
Simplify the harvest queue.
Marginally improve the entropy pool hashing, making it a bit faster in the process.
Connect up the hardware "live" source harvesting. This is simplistic for now, and will need to be made rate-adaptive.
All of the above passes a compile test but needs to be debugged.
------------------------------------------------------------------------ r256042 | markm | 2013-10-04 07:55:06 +0100 (Fri, 04 Oct 2013) | 25 lines
Snapshot. This passes the build test, but has not yet been finished or debugged.
Contains:
* Refactor the hardware RNG CPU instruction sources to feed into the software mixer. This is unfinished. The actual harvesting needs to be sorted out. Modified by me (see below).
* Remove 'frac' parameter from random_harvest(). This was never used and adds extra code for no good reason.
* Remove device write entropy harvesting. This provided a weak attack vector, was not very good at bootstrapping the device. To follow will be a replacement explicit reseed knob.
* Separate out all the RANDOM_PURE sources into separate harvest entities. This adds some secuity in the case where more than one is present.
* Review all the code and fix anything obviously messy or inconsistent. Address som review concerns while I'm here, like rename the pseudo-rng to 'dummy'.
# Submitted by: Arthur Mesh <arthurmesh@gmail.com> (the first item)
------------------------------------------------------------------------ r255319 | markm | 2013-09-06 18:51:52 +0100 (Fri, 06 Sep 2013) | 4 lines
Yarrow wants entropy estimations to be conservative; the usual idea is that if you are certain you have N bits of entropy, you declare N/2.
------------------------------------------------------------------------ r255075 | markm | 2013-08-30 18:47:53 +0100 (Fri, 30 Aug 2013) | 4 lines
Remove short-lived idea; thread to harvest (eg) RDRAND enropy into the usual harvest queues. It was a nifty idea, but too heavyweight.
# Submitted by: Arthur Mesh <arthurmesh@gmail.com>
------------------------------------------------------------------------ r255071 | markm | 2013-08-30 12:42:57 +0100 (Fri, 30 Aug 2013) | 4 lines
Separate out the Software RNG entropy harvesting queue and thread into its own files.
# Submitted by: Arthur Mesh <arthurmesh@gmail.com>
------------------------------------------------------------------------ r254934 | markm | 2013-08-26 20:07:03 +0100 (Mon, 26 Aug 2013) | 2 lines
Remove the short-lived namei experiment.
------------------------------------------------------------------------ r254928 | markm | 2013-08-26 19:35:21 +0100 (Mon, 26 Aug 2013) | 2 lines
Snapshot; Do some running repairs on entropy harvesting. More needs to follow.
------------------------------------------------------------------------ r254927 | markm | 2013-08-26 19:29:51 +0100 (Mon, 26 Aug 2013) | 15 lines
Snapshot of current work;
1) Clean up namespace; only use "Yarrow" where it is Yarrow-specific or close enough to the Yarrow algorithm. For the rest use a neutral name.
2) Tidy up headers; put private stuff in private places. More could be done here.
3) Streamline the hashing/encryption; no need for a 256-bit counter; 128 bits will last for long enough.
There are bits of debug code lying around; these will be removed at a later stage.
------------------------------------------------------------------------ r254784 | markm | 2013-08-24 14:54:56 +0100 (Sat, 24 Aug 2013) | 39 lines
1) example (partially humorous random_adaptor, that I call "EXAMPLE") * It's not meant to be used in a real system, it's there to show how the basics of how to create interfaces for random_adaptors. Perhaps it should belong in a manual page
2) Move probe.c's functionality in to random_adaptors.c * rename random_ident_hardware() to random_adaptor_choose()
3) Introduce a new way to choose (or select) random_adaptors via tunable "rngs_want" It's a list of comma separated names of adaptors, ordered by preferences. I.e.: rngs_want="yarrow,rdrand"
Such setting would cause yarrow to be preferred to rdrand. If neither of them are available (or registered), then system will default to something reasonable (currently yarrow). If yarrow is not present, then we fall back to the adaptor that's first on the list of registered adaptors.
4) Introduce a way where RNGs can play a role of entropy source. This is mostly useful for HW rngs.
The way I envision this is that every HW RNG will use this functionality by default. Functionality to disable this is also present. I have an example of how to use this in random_adaptor_example.c (see modload event, and init function)
5) fix kern.random.adaptors from kern.random.adaptors: yarrowpanicblock to kern.random.adaptors: yarrow,panic,block
6) add kern.random.active_adaptor to indicate currently selected adaptor: root@freebsd04:~ # sysctl kern.random.active_adaptor kern.random.active_adaptor: yarrow
# Submitted by: Arthur Mesh <arthurmesh@gmail.com>
Submitted by: Dag-Erling Smørgrav <des@FreeBSD.org>, Arthur Mesh <arthurmesh@gmail.com> Reviewed by: des@FreeBSD.org Approved by: re (delphij) Approved by: secteam (des,delphij)
|
#
256218 |
|
09-Oct-2013 |
glebius |
There are some high performance NICs that count statistics in hardware, and there are ifnets, that do that via counter(9). Provide a flag that would skip cache line trashing '+=' operation in ether_input().
Sponsored by: Netflix Sponsored by: Nginx, Inc. Reviewed by: melifaro, adrian Approved by: re (marius)
|
#
255362 |
|
07-Sep-2013 |
markm |
Bring in some behind-the-scenes development, mainly By Arthur Mesh, the rest by me.
o Namespace cleanup; the Yarrow name is now restricted to where it really applies; this is in anticipation of being augmented or replaced by Fortuna in the future. Fortuna is mentioned, but behind #if logic, and is ignorable for now.
o The harvest queue is pulled out into its own modules.
o Entropy harvesting is emproved, both by being made more conservative, and by separating (a bit!) the sources. Available entropy crumbs are marginally improved.
o Selection of sources is made clearer. With recent revelations, this will receive more work in the weeks and months to come.
Submitted by: Arthur Mesh (partly) <arthurmesh@gmail.com>
|
#
254523 |
|
19-Aug-2013 |
andre |
Add m_clrprotoflags() to clear protocol specific mbuf flags at up and downwards layer crossings.
Consistently use it within IP, IPv6 and ethernet protocols.
Discussed with: trociny, glebius
|
#
253590 |
|
24-Jul-2013 |
marcel |
Decouple the UUID generator from network interfaces by having MAC addresses added to the UUID generator using uuid_ether_add(). The UUID generator keeps an arbitrary number of MAC addresses, under the assumption that they are rarely removed (= uuid_ether_del()). This achieves the following: 1. It brings up closer to having the network stack as a loadable module. 2. It allows the UUID generator to filter MAC addresses for best results (= highest chance of uniqeness). 3. MAC addresses can come from anywhere, irrespactive of whether it's used for an interface or not.
A side-effect of the change is that when no MAC addresses have been added, a random multicast MAC address is created once and re-used if needed. Previusly, when a random MAC address was needed, it was created for every call. Thus, a change in behaviour is introduced for when no MAC addresses exist.
Obtained from: Juniper Networks, Inc.
|
#
250766 |
|
18-May-2013 |
melifaro |
Use separate function to update mbuf checksum flags instead of duplicating the same code in different places.
MFC after: 2 weeks
|
#
249925 |
|
26-Apr-2013 |
glebius |
Add const qualifier to the dst parameter of the ifnet if_output method.
|
#
243882 |
|
05-Dec-2012 |
glebius |
Mechanically substitute flags from historic mbuf allocator with malloc(9) flags within sys.
Exceptions:
- sys/contrib not touched - sys/mbuf.h edited manually
|
#
243601 |
|
27-Nov-2012 |
glebius |
Better safe than sorry: reinitialize eh after ng_ether(4) and if_bridge(4) processing, since mbuf may be modified there.
Submitted by: youngari
|
#
243569 |
|
26-Nov-2012 |
glebius |
Re-initialize eh pointer after m_adj()
Submitted by: Kohji Okuno <okuno.kohji jp.panasonic.com> Reviewed by: yongari
|
#
241394 |
|
10-Oct-2012 |
kevlo |
Revert previous commit...
Pointyhat to: kevlo (myself)
|
#
241370 |
|
09-Oct-2012 |
kevlo |
Prefer NULL over 0 for pointers
|
#
240099 |
|
04-Sep-2012 |
melifaro |
Introduce new link-layer PFIL hook V_link_pfil_hook. Merge ether_ipfw_chk() and part of bridge_pfil() into unified ipfw_check_frame() function called by PFIL. This change was suggested by rwatson? @ DevSummit.
Remove ipfw headers from ether/bridge code since they are unneeded now.
Note this thange introduce some (temporary) performance penalty since PFIL read lock has to be acquired for every link-level packet.
MFC after: 3 weeks
|
#
234946 |
|
03-May-2012 |
melifaro |
Revert r234834 per luigi@ request.
Cleaner solution (e.g. adding another header) should be done here.
Original log: Move several enums and structures required for L2 filtering from ip_fw_private.h to ip_fw.h. Remove ipfw/ip_fw_private.h header from non-ipfw code.
Requested by: luigi Approved by: kib(mentor)
|
#
234834 |
|
30-Apr-2012 |
melifaro |
Move several enums and structures required for L2 filtering from ip_fw_private.h to ip_fw.h. Remove ipfw/ip_fw_private.h header from non-ipfw code.
Approved by: ae(mentor) MFC after: 2 weeks
|
#
232487 |
|
04-Mar-2012 |
zec |
Properly restore curvnet context when returning early from ether_input_internal().
This change only affects options VIMAGE kernel builds.
PR: kern/165643 Submitted by: Vijay Singh MFC after: 3 days
|
#
228571 |
|
16-Dec-2011 |
glebius |
A major overhaul of the CARP implementation. The ip_carp.c was started from scratch, copying needed functionality from the old implemenation on demand, with a thorough review of all code. The main change is that interface layer has been removed from the CARP. Now redundant addresses are configured exactly on the interfaces, they run on.
The CARP configuration itself is, as before, configured and read via SIOCSVH/SIOCGVH ioctls. A new prefix created with SIOCAIFADDR or SIOCAIFADDR_IN6 may now be configured to a particular virtual host id, which makes the prefix redundant.
ifconfig(8) semantics has been changed too: now one doesn't need to clone carpXX interface, he/she should directly configure a vhid on a Ethernet interface.
To supply vhid data from the kernel to an application the getifaddrs(8) function had been changed to pass ifam_data with each address. [1]
The new implementation definitely closes all PRs related to carp(4) being an interface, and may close several others. It also allows to run a single redundant IP per interface.
Big thanks to Bjoern Zeeb for his help with inet6 part of patch, for idea on using ifam_data and for several rounds of reviewing!
PR: kern/117000, kern/126945, kern/126714, kern/120130, kern/117448 Reviewed by: bz Submitted by: bz [1]
|
#
227293 |
|
07-Nov-2011 |
ed |
Mark MALLOC_DEFINEs static that have no corresponding MALLOC_DECLAREs.
This means that their use is restricted to a single C file.
|
#
225209 |
|
27-Aug-2011 |
bz |
When adding IPv6 fwd support to ipfw in r225044 these two files were not committed. Initialize next_hop6 to align with the IPv4 code.
PR: bin/117214 MFC after: 3 weeks X-MFC with: r225044 Approved by: re (kib)
|
#
223741 |
|
03-Jul-2011 |
bz |
Tag mbufs of all incoming frames or packets with the interface's FIB setting (either default or if supported as set by SIOCSIFFIB, e.g. from ifconfig).
Submitted by: Alexander V. Chernikov (melifaro ipfw.ru) Reviewed by: julian MFC after: 2 weeks
|
#
222583 |
|
01-Jun-2011 |
rwatson |
Add an optional netisr dispatch point at ether_input(), but set the default dispatch method to NETISR_DISPATCH_DIRECT in order to force direct dispatch. This adds a fairly negligble overhead without changing default behavior, but in the future will allow deferred or hybrid dispatch to other worker threads before link layer processing has taken place.
For example, this could allow redistribution using RSS hashes without ethernet header cache line hits, if the NIC was unable to adequately implement load balancing to too small a number of input queues -- perhaps due to hard queueset counts of 1, 3, or 8, but in a modern system with 16-128 threads. This can happen on highly threaded systems, where you want want an ithread per core, redistributing work to other queues, but also on virtualised systems where hardware hashing is (or is not) available, but only a single queue has been directed to one VCPU on a VM.
Note: this adds a previously non-present assertion about the equivalence of the ifnet from which the packet is received, and the ifnet stamped in the mbuf header. I believe this assertion to generally be true, but we'll find out soon -- if it's not, we might have to add additional overhead in some cases to add an m_tag with the originating ifnet pointer stored in it.
Reviewed by: bz MFC after: 3 weeks Sponsored by: Juniper Networks, Inc.
|
#
215701 |
|
22-Nov-2010 |
dim |
After some off-list discussion, revert a number of changes to the DPCPU_DEFINE and VNET_DEFINE macros, as these cause problems for various people working on the affected files. A better long-term solution is still being considered. This reversal may give some modules empty set_pcpu or set_vnet sections, but these are harmless.
Changes reverted:
------------------------------------------------------------------------ r215318 | dim | 2010-11-14 21:40:55 +0100 (Sun, 14 Nov 2010) | 4 lines
Instead of unconditionally emitting .globl's for the __start_set_xxx and __stop_set_xxx symbols, only emit them when the set_vnet or set_pcpu sections are actually defined.
------------------------------------------------------------------------ r215317 | dim | 2010-11-14 21:38:11 +0100 (Sun, 14 Nov 2010) | 3 lines
Apply the STATIC_VNET_DEFINE and STATIC_DPCPU_DEFINE macros throughout the tree.
------------------------------------------------------------------------ r215316 | dim | 2010-11-14 21:23:02 +0100 (Sun, 14 Nov 2010) | 2 lines
Add macros to define static instances of VNET_DEFINE and DPCPU_DEFINE.
|
#
215317 |
|
14-Nov-2010 |
dim |
Apply the STATIC_VNET_DEFINE and STATIC_DPCPU_DEFINE macros throughout the tree.
|
#
211283 |
|
13-Aug-2010 |
zec |
When moving an ethernet ifnet from one vnet to another, destroy the associated ng_ether netgraph node in the current vnet, and create a new one in the target vnet.
Reviewed by: julian MFC after: 3 days
|
#
211193 |
|
11-Aug-2010 |
will |
Unbreak LINT by moving all carp hooks to net/if.c / netinet/ip_carp.h, with the appropriate ifdefs.
Reviewed by: bz Approved by: ken (mentor)
|
#
211157 |
|
10-Aug-2010 |
will |
Allow carp(4) to be loaded as a kernel module. Follow precedent set by bridge(4), lagg(4) etc. and make use of function pointers and pf_proto_register() to hook carp into the network stack.
Currently, because of the uncertainty about whether the unload path is free of race condition panics, unloads are disallowed by default. Compiling with CARPMOD_CAN_UNLOAD in CFLAGS removes this anti foot shooting measure.
This commit requires IP6PROTOSPACER, introduced in r211115.
Reviewed by: bz, simon Approved by: ken (mentor) MFC after: 2 weeks
|
#
204591 |
|
02-Mar-2010 |
luigi |
Bring in the most recent version of ipfw and dummynet, developed and tested over the past two months in the ipfw3-head branch. This also happens to be the same code available in the Linux and Windows ports of ipfw and dummynet.
The major enhancement is a completely restructured version of dummynet, with support for different packet scheduling algorithms (loadable at runtime), faster queue/pipe lookup, and a much cleaner internal architecture and kernel/userland ABI which simplifies future extensions.
In addition to the existing schedulers (FIFO and WF2Q+), we include a Deficit Round Robin (DRR or RR for brevity) scheduler, and a new, very fast version of WF2Q+ called QFQ.
Some test code is also present (in sys/netinet/ipfw/test) that lets you build and test schedulers in userland.
Also, we have added a compatibility layer that understands requests from the RELENG_7 and RELENG_8 versions of the /sbin/ipfw binaries, and replies correctly (at least, it does its best; sometimes you just cannot tell who sent the request and how to answer). The compatibility layer should make it possible to MFC this code in a relatively short time.
Some minor glitches (e.g. handling of ipfw set enable/disable, and a workaround for a bug in RELENG_7's /sbin/ipfw) will be fixed with separate commits.
CREDITS: This work has been partly supported by the ONELAB2 project, and mostly developed by Riccardo Panicucci and myself. The code for the qfq scheduler is mostly from Fabio Checconi, and Marta Carbone and Francesco Magno have helped with testing, debugging and some bug fixes.
|
#
201734 |
|
07-Jan-2010 |
luigi |
put ip_var before ip_fw_private.h as this will be needed in the near future
|
#
201527 |
|
04-Jan-2010 |
luigi |
Various cleanup done in ipfw3-head branch including: - use a uniform mtag format for all packets that exit and re-enter the firewall in the middle of a rulechain. On reentry, all tags containing reinject info are renamed to MTAG_IPFW_RULE so the processing is simpler.
- make ipfw and dummynet use ip_len and ip_off in network format everywhere. Conversion is done only once instead of tracking the format in every place.
- use a macro FREE_PKT to dispose of mbufs. This eases portability.
On passing i also removed a few typos, staticise or localise variables, remove useless declarations and other minor things.
Overall the code shrinks a bit and is hopefully more readable.
I have tested functionality for all but ng_ipfw and if_bridge/if_ethersubr. For ng_ipfw i am actually waiting for feedback from glebius@ because we might have some small changes to make. For if_bridge and if_ethersubr feedback would be welcome (there are still some redundant parts in these two modules that I would like to remove, but first i need to check functionality).
|
#
201122 |
|
28-Dec-2009 |
luigi |
bring in several cleanups tested in ipfw3-head branch, namely:
r201011 - move most of ng_ipfw.h into ip_fw_private.h, as this code is ipfw-specific. This removes a dependency on ng_ipfw.h from some files.
- move many equivalent definitions of direction (IN, OUT) for reinjected packets into ip_fw_private.h
- document the structure of the packet tags used for dummynet and netgraph;
r201049 - merge some common code to attach/detach hooks into a single function.
r201055 - remove some duplicated code in ip_fw_pfil. The input and output processing uses almost exactly the same code so there is no need to use two separate hooks. ip_fw_pfil.o goes from 2096 to 1382 bytes of .text
r201057 (see the svn log for full details) - macros to make the conversion of ip_len and ip_off between host and network format more explicit
r201113 (the remaining parts) - readability fixes -- put braces around some large for() blocks, localize variables so the compiler does not think they are uninitialized, do not insist on precise allocation size if we have more than we need.
r201119 - when doing a lookup, keys must be in big endian format because this is what the radix code expects (this fixes a bug in the recently-introduced 'lookup' option)
No ABI changes in this commit.
MFC after: 1 week
|
#
200855 |
|
22-Dec-2009 |
luigi |
merge code from ipfw3-head to reduce contention on the ipfw lock and remove all O(N) sequences from kernel critical sections in ipfw.
In detail:
1. introduce a IPFW_UH_LOCK to arbitrate requests from the upper half of the kernel. Some things, such as 'ipfw show', can be done holding this lock in read mode, whereas insert and delete require IPFW_UH_WLOCK.
2. introduce a mapping structure to keep rules together. This replaces the 'next' chain currently used in ipfw rules. At the moment the map is a simple array (sorted by rule number and then rule_id), so we can find a rule quickly instead of having to scan the list. This reduces many expensive lookups from O(N) to O(log N).
3. when an expensive operation (such as insert or delete) is done by userland, we grab IPFW_UH_WLOCK, create a new copy of the map without blocking the bottom half of the kernel, then acquire IPFW_WLOCK and quickly update pointers to the map and related info. After dropping IPFW_LOCK we can then continue the cleanup protected by IPFW_UH_LOCK. So userland still costs O(N) but the kernel side is only blocked for O(1).
4. do not pass pointers to rules through dummynet, netgraph, divert etc, but rather pass a <slot, chain_id, rulenum, rule_id> tuple. We validate the slot index (in the array of #2) with chain_id, and if successful do a O(1) dereference; otherwise, we can find the rule in O(log N) through <rulenum, rule_id>
All the above does not change the userland/kernel ABI, though there are some disgusting casts between pointers and uint32_t
Operation costs now are as follows:
Function Old Now Planned ------------------------------------------------------------------- + skipto X, non cached O(N) O(log N) + skipto X, cached O(1) O(1) XXX dynamic rule lookup O(1) O(log N) O(1) + skipto tablearg O(N) O(1) + reinject, non cached O(N) O(log N) + reinject, cached O(1) O(1) + kernel blocked during setsockopt() O(N) O(1) -------------------------------------------------------------------
The only (very small) regression is on dynamic rule lookup and this will be fixed in a day or two, without changing the userland/kernel ABI
Supported by: Valeria Paoli MFC after: 1 month
|
#
200580 |
|
15-Dec-2009 |
luigi |
Start splitting ip_fw2.c and ip_fw.h into smaller components. At this time we pull out from ip_fw2.c the logging functions, and support for dynamic rules, and move kernel-only stuff into netinet/ipfw/ip_fw_private.h
No ABI change involved in this commit, unless I made some mistake. ip_fw.h has changed, though not in the userland-visible part.
Files touched by this commit:
conf/files now references the two new source files
netinet/ip_fw.h remove kernel-only definitions gone into netinet/ipfw/ip_fw_private.h.
netinet/ipfw/ip_fw_private.h new file with kernel-specific ipfw definitions
netinet/ipfw/ip_fw_log.c ipfw_log and related functions
netinet/ipfw/ip_fw_dynamic.c code related to dynamic rules
netinet/ipfw/ip_fw2.c removed the pieces that goes in the new files
netinet/ipfw/ip_fw_nat.c minor rearrangement to remove LOOKUP_NAT from the main headers. This require a new function pointer.
A bunch of other kernel files that included netinet/ip_fw.h now require netinet/ipfw/ip_fw_private.h as well. Not 100% sure i caught all of them.
MFC after: 1 month
|
#
197952 |
|
11-Oct-2009 |
julian |
Virtualize the pfil hooks so that different jails may chose different packet filters. ALso allows ipfw to be enabled on on ejail and disabled on another. In 8.0 it's a global setting.
Sitting aroung in tree waiting to commit for: 2 months MFC after: 2 months
|
#
196019 |
|
01-Aug-2009 |
rwatson |
Merge the remainder of kern_vimage.c and vimage.h into vnet.c and vnet.h, we now use jails (rather than vimages) as the abstraction for virtualization management, and what remained was specific to virtual network stacks. Minor cleanups are done in the process, and comments updated to reflect these changes.
Reviewed by: bz Approved by: re (vimage blanket)
|
#
195921 |
|
28-Jul-2009 |
qingli |
The new flow table caches both the routing table entry as well as the L2 information. For an indirect route the cached L2 entry contains the MAC address of the gateway. Typically the default route is used to transmit multicast packets when explicit multicast routes are not available. The ether_output() function bypasses L2 resolution function if it verifies the L2 cache is valid, because the cached L2 address (a unicast MAC address) is copied into the packets as the destination MAC address. This validation, however, does not apply to broadcast and multicast packets because the destination MAC address is mapped according to a standard method instead.
Submitted by: Xin Li Reviewed by: bz Approved by: re
|
#
195727 |
|
16-Jul-2009 |
rwatson |
Remove unused VNET_SET() and related macros; only VNET_GET() is ever actually used. Rename VNET_GET() to VNET() to shorten variable references.
Discussed with: bz, julian Reviewed by: bz Approved by: re (kensmith, kib)
|
#
195699 |
|
14-Jul-2009 |
rwatson |
Build on Jeff Roberson's linker-set based dynamic per-CPU allocator (DPCPU), as suggested by Peter Wemm, and implement a new per-virtual network stack memory allocator. Modify vnet to use the allocator instead of monolithic global container structures (vinet, ...). This change solves many binary compatibility problems associated with VIMAGE, and restores ELF symbols for virtualized global variables.
Each virtualized global variable exists as a "reference copy", and also once per virtual network stack. Virtualized global variables are tagged at compile-time, placing the in a special linker set, which is loaded into a contiguous region of kernel memory. Virtualized global variables in the base kernel are linked as normal, but those in modules are copied and relocated to a reserved portion of the kernel's vnet region with the help of a the kernel linker.
Virtualized global variables exist in per-vnet memory set up when the network stack instance is created, and are initialized statically from the reference copy. Run-time access occurs via an accessor macro, which converts from the current vnet and requested symbol to a per-vnet address. When "options VIMAGE" is not compiled into the kernel, normal global ELF symbols will be used instead and indirection is avoided.
This change restores static initialization for network stack global variables, restores support for non-global symbols and types, eliminates the need for many subsystem constructors, eliminates large per-subsystem structures that caused many binary compatibility issues both for monitoring applications (netstat) and kernel modules, removes the per-function INIT_VNET_*() macros throughout the stack, eliminates the need for vnet_symmap ksym(2) munging, and eliminates duplicate definitions of virtualized globals under VIMAGE_GLOBALS.
Bump __FreeBSD_version and update UPDATING.
Portions submitted by: bz Reviewed by: bz, zec Discussed with: gnn, jamie, jeff, jhb, julian, sam Suggested by: peter Approved by: re (kensmith)
|
#
194819 |
|
24-Jun-2009 |
rwatson |
Break at_ifawithnet() into two variants:
- at_ifawithnet(), which acquires an locks it needs and returns an at_ifaddr reference. - at_ifawithnet_locked(), which relies on the caller locking at_ifaddr_list, and returns a pointer rather than a reference.
Update various consumers to prefer one or the other, including ether and fddi output, to properly release at_ifaddr references.
Rework at_control() to manage locking and references in a manner identical to in_control().
MFC after: 6 weeks
|
#
193983 |
|
11-Jun-2009 |
bz |
carp(4) allows people to share a set of IP addresses and can only use IPv4/v6 for inter-node communication (according to my reading).
Properly wrap the carp callouts in INET || INET6 and refelect this in sys/conf/files as well. While in theory this should be ok, it might be a bit optimistic to think that carp could build with inet6 only[1].
Discussed with: mlaier [1]
|
#
193859 |
|
09-Jun-2009 |
oleg |
Close long existed race with net.inet.ip.fw.one_pass = 0: If packet leaves ipfw to other kernel subsystem (dummynet, netgraph, etc) it carries pointer to matching ipfw rule. If this packet then reinjected back to ipfw, ruleset processing starts from that rule. If rule was deleted meanwhile, due to existed race condition panic was possible (as well as other odd effects like parsing rules in 'reap list').
P.S. this commit changes ABI so userland ipfw related binaries should be recompiled.
MFC after: 1 month Tested by: Mikolaj Golub
|
#
193744 |
|
08-Jun-2009 |
bz |
After r193232 rt_tables in vnet.h are no longer indirectly dependent on the ROUTETABLES kernel option thus there is no need to include opt_route.h anymore in all consumers of vnet.h and no longer depend on it for module builds.
Remove the hidden include in flowtable.h as well and leave the two explicit #includes in ip_input.c and ip_output.c.
|
#
193511 |
|
05-Jun-2009 |
rwatson |
Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC and used in a large number of files, but also because an increasing number of incorrect uses of MAC calls were sneaking in due to copy-and-paste of MAC-aware code without the associated opt_mac.h include.
Discussed with: pjd
|
#
193502 |
|
05-Jun-2009 |
luigi |
More cleanup in preparation of ipfw relocation (no actual code change):
+ move ipfw and dummynet hooks declarations to raw_ip.c (definitions in ip_var.h) same as for most other global variables. This removes some dependencies from ip_input.c;
+ remove the IPFW_LOADED macro, just test ip_fw_chk_ptr directly;
+ remove the DUMMYNET_LOADED macro, just test ip_dn_io_ptr directly;
+ move ip_dn_ruledel_ptr to ip_fw2.c which is the only file using it;
To be merged together with rev 193497
MFC after: 5 days
|
#
191816 |
|
05-May-2009 |
zec |
Change the curvnet variable from a global const struct vnet *, previously always pointing to the default vnet context, to a dynamically changing thread-local one. The currvnet context should be set on entry to networking code via CURVNET_SET() macros, and reverted to previous state via CURVNET_RESTORE(). Recursions on curvnet are permitted, though strongly discuouraged.
This change should have no functional impact on nooptions VIMAGE kernel builds, where CURVNET_* macros expand to whitespace.
The curthread->td_vnet (aka curvnet) variable's purpose is to be an indicator of the vnet context in which the current network-related operation takes place, in case we cannot deduce the current vnet context from any other source, such as by looking at mbuf's m->m_pkthdr.rcvif->if_vnet, sockets's so->so_vnet etc. Moreover, so far curvnet has turned out to be an invaluable consistency checking aid: it helps to catch cases when sockets, ifnets or any other vnet-aware structures may have leaked from one vnet to another.
The exact placement of the CURVNET_SET() / CURVNET_RESTORE() macros was a result of an empirical iterative process, whith an aim to reduce recursions on CURVNET_SET() to a minimum, while still reducing the scope of CURVNET_SET() to networking only operations - the alternative would be calling CURVNET_SET() on each system call entry. In general, curvnet has to be set in three typicall cases: when processing socket-related requests from userspace or from within the kernel; when processing inbound traffic flowing from device drivers to upper layers of the networking stack, and when executing timer-driven networking functions.
This change also introduces a DDB subcommand to show the list of all vnet instances.
Approved by: julian (mentor)
|
#
191148 |
|
16-Apr-2009 |
kmacy |
Change if_output to take a struct route as its fourth argument in order to allow passing a cached struct llentry * down to L2
Reviewed by: rwatson
|
#
189106 |
|
27-Feb-2009 |
bz |
For all files including net/vnet.h directly include opt_route.h and net/route.h.
Remove the hidden include of opt_route.h and net/route.h from net/vnet.h.
We need to make sure that both opt_route.h and net/route.h are included before net/vnet.h because of the way MRT figures out the number of FIBs from the kernel option. If we do not, we end up with the default number of 1 when including net/vnet.h and array sizes are wrong.
This does not change the list of files which depend on opt_route.h but we can identify them now more easily.
|
#
188066 |
|
03-Feb-2009 |
rrs |
Adds support for SCTP checksum offload. This means we, like TCP and UDP, move the checksum calculation into the IP routines when there is no hardware support we call into the normal SCTP checksum routine.
The next round of SCTP updates will use this functionality. Of course the IGB driver needs a few updates to support the new intel controller set that actually does SCTP csum offload too.
Reviewed by: gnn, rwatson, kmacy
|
#
186217 |
|
17-Dec-2008 |
qingli |
Remove the rt argument from nd6_storelladdr() because rt is no longer accessed.
|
#
186119 |
|
15-Dec-2008 |
qingli |
This main goals of this project are: 1. separating L2 tables (ARP, NDP) from the L3 routing tables 2. removing as much locking dependencies among these layers as possible to allow for some parallelism in the search operations 3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route cloning (RTF_CLONING) concept, which translated into code reduction in both IPv4 ARP and IPv6 NDP related modules, and size reduction in struct rtentry{}. The change in design obsoletes the semantics of RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland applications such as "arp" and "ndp" have been modified to reflect those changes. The output from "netstat -r" shows only the routing entries.
Quite a few developers have contributed to this project in the past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing the last piece of the puzzle, Kip has also been conducting active functional testing - Sam Leffler has helped me improving/refactoring the code, and provided valuable reviews - Julian Elischer setup the perforce tree for me and has helped me maintaining that branch before the svn conversion
|
#
185895 |
|
10-Dec-2008 |
zec |
Conditionally compile out V_ globals while instantiating the appropriate container structures, depending on VIMAGE_GLOBALS compile time option.
Make VIMAGE_GLOBALS a new compile-time option, which by default will not be defined, resulting in instatiations of global variables selected for V_irtualization (enclosed in #ifdef VIMAGE_GLOBALS blocks) to be effectively compiled out. Instantiate new global container structures to hold V_irtualized variables: vnet_net_0, vnet_inet_0, vnet_inet6_0, vnet_ipsec_0, vnet_netgraph_0, and vnet_gif_0.
Update the VSYM() macro so that depending on VIMAGE_GLOBALS the V_ macros resolve either to the original globals, or to fields inside container structures, i.e. effectively
#ifdef VIMAGE_GLOBALS #define V_rt_tables rt_tables #else #define V_rt_tables vnet_net_0._rt_tables #endif
Update SYSCTL_V_*() macros to operate either on globals or on fields inside container structs.
Extend the internal kldsym() lookups with the ability to resolve selected fields inside the virtualization container structs. This applies only to the fields which are explicitly registered for kldsym() visibility via VNET_MOD_DECLARE() and vnet_mod_register(), currently this is done only in sys/net/if.c.
Fix a few broken instances of MODULE_GLOBAL() macro use in SCTP code, and modify the MODULE_GLOBAL() macro to resolve to V_ macros, which in turn result in proper code being generated depending on VIMAGE_GLOBALS.
De-virtualize local static variables in sys/contrib/pf/net/pf_subr.c which were prematurely V_irtualized by automated V_ prepending scripts during earlier merging steps. PF virtualization will be done separately, most probably after next PF import.
Convert a few variable initializations at instantiation to initialization in init functions, most notably in ipfw. Also convert TUNABLE_INT() initializers for V_ variables to TUNABLE_FETCH_INT() in initializer functions.
Discussed at: devsummit Strassburg Reviewed by: bz, julian Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation
|
#
185571 |
|
02-Dec-2008 |
bz |
Rather than using hidden includes (with cicular dependencies), directly include only the header files needed. This reduces the unneeded spamming of various headers into lots of files.
For now, this leaves us with very few modules including vnet.h and thus needing to depend on opt_route.h.
Reviewed by: brooks, gnn, des, zec, imp Sponsored by: The FreeBSD Foundation
|
#
185164 |
|
22-Nov-2008 |
kmacy |
convert calls to IFQ_HANDOFF to if_transmit
|
#
185088 |
|
19-Nov-2008 |
zec |
Change the initialization methodology for global variables scheduled for virtualization.
Instead of initializing the affected global variables at instatiation, assign initial values to them in initializer functions. As a rule, initialization at instatiation for such variables should never be introduced again from now on. Furthermore, enclose all instantiations of such global variables in #ifdef VIMAGE_GLOBALS blocks.
Essentialy, this change should have zero functional impact. In the next phase of merging network stack virtualization infrastructure from p4/vimage branch, the new initialization methology will allow us to switch between using global variables and their counterparts residing in virtualization containers with minimum code churn, and in the long run allow us to intialize multiple instances of such container structures.
Discussed at: devsummit Strassburg Reviewed by: bz, julian Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation
|
#
184205 |
|
23-Oct-2008 |
des |
Retire the MALLOC and FREE macros. They are an abomination unto style(9).
MFC after: 3 months
|
#
183550 |
|
02-Oct-2008 |
zec |
Step 1.5 of importing the network stack virtualization infrastructure from the vimage project, as per plan established at devsummit 08/08: http://wiki.freebsd.org/Image/Notes200808DevSummit
Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator macros, and CURVNET_SET() context setting macros, all currently resolving to NOPs.
Prepare for virtualization of selected SYSCTL objects by introducing a family of SYSCTL_V_*() macros, currently resolving to their global counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT().
Move selected #defines from sys/sys/vimage.h to newly introduced header files specific to virtualized subsystems (sys/net/vnet.h, sys/netinet/vinet.h etc.).
All the changes are verified to have zero functional impact at this point in time by doing MD5 comparision between pre- and post-change object files(*).
(*) netipsec/keysock.c did not validate depending on compile time options.
Implemented by: julian, bz, brooks, zec Reviewed by: julian, bz, brooks, kris, rwatson, ... Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation
|
#
182285 |
|
27-Aug-2008 |
emaste |
Move CTASSERT of ether header sizes out of the header file and into if_ethersubr.c. CTASSERT is implemented using a dummy typedef, which if used in a header file may conflict with another CTASSERT in a source file using that header.
I'll make a note of this in CTASSERT's man page.
Approved by: imp
|
#
181803 |
|
17-Aug-2008 |
bz |
Commit step 1 of the vimage project, (network stack) virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course of the next few weeks.
Mark all uses of global variables to be virtualized with a V_ prefix. Use macros to map them back to their global names for now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/... Reviewed by: brooks, des, ed, mav, julian, jamie, kris, rwatson, zec, ... (various people I forgot, different versions) md5 (with a bit of help) Sponsored by: NLnet Foundation, The FreeBSD Foundation X-MFC after: never V_Commit_Message_Reviewed_By: more people than the patch
|
#
178920 |
|
10-May-2008 |
antoine |
Add missing braces in #if 0ed code.
Approved by: rwatson (mentor) MFC after: 1 month
|
#
178674 |
|
29-Apr-2008 |
julian |
Add an option (compiled out by default) to profile outoing packets for a number of mbuf chain related parameters e.g. number of mbufs, wasted space. probably will do with further work later.
Reviewed by: various
|
#
177436 |
|
20-Mar-2008 |
kmacy |
back out last change as Sam believes that it breaks multicast - need to revisit after following up with pyun
|
#
177434 |
|
20-Mar-2008 |
kmacy |
forced commit to add that the fix in the previous commit was submitted by Devon H. O'Dell
|
#
177433 |
|
20-Mar-2008 |
kmacy |
Don't re-initialize the interface if it is already running.
This one line change makes the following code found in many ethernet device drivers (at least em, igb, ixgbe, and cxgb) gratuitous
case SIOCSIFADDR: if (ifa->ifa_addr->sa_family == AF_INET) { /* * XXX * Since resetting hardware takes a very long time * and results in link renegotiation we only * initialize the hardware only when it is absolutely * required. */ ifp->if_flags |= IFF_UP; if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) { EM_CORE_LOCK(adapter); em_init_locked(adapter); EM_CORE_UNLOCK(adapter); } arp_ifinit(ifp, ifa); } else error = ether_ioctl(ifp, command, data); break;
|
#
176906 |
|
07-Mar-2008 |
rwatson |
Move IFF_NEEDSGIANT warning from if_ethersubr.c to if.c so it is displayed for all network interfaces, not just ethernet-like ones.
Upgrade it to a louder WARNING and be explicit that the flag is obsolete. Support for IFF_NEEDSGIANT will be removed in a few months (see arch@ for details) and will not appear in 8.0.
Upgrade if_watchdog to a WARNING.
|
#
173399 |
|
06-Nov-2007 |
oleg |
1) dummynet_io() declaration has changed. 2) Alter packet flow inside dummynet: allow certain packets to bypass dummynet scheduler. Benefits are:
- lower latency: if packet flow does not exceed pipe bandwidth, packets will not be (up to tick) delayed (due to dummynet's scheduler granularity). - lower overhead: if packet avoids dummynet scheduler it shouldn't reenter ip stack later. Such packets can be fastforwarded. - recursion (which can lead to kernel stack exhaution) eliminated. This fix long existed panic, which can be triggered this way: kldload dummynet sysctl net.inet.ip.fw.one_pass=0 ipfw pipe 1 config bw 0 for i in `jot 30`; do ipfw add 1 pipe 1 icmp from any to any; done ping -c 1 localhost
3) Three new sysctl nodes are added: net.inet.ip.dummynet.io_pkt - packets passed to dummynet net.inet.ip.dummynet.io_pkt_fast - packets avoided dummynet scheduler net.inet.ip.dummynet.io_pkt_drop - packets dropped by dummynet
P.S. Above comments are true only for layer 3 packets. Layer 2 packet flow is not changed yet.
MFC after: 3 month
|
#
172930 |
|
24-Oct-2007 |
rwatson |
Merge first in a series of TrustedBSD MAC Framework KPI changes from Mac OS X Leopard--rationalize naming for entry points to the following general forms:
mac_<object>_<method/action> mac_<object>_check_<method/action>
The previous naming scheme was inconsistent and mostly reversed from the new scheme. Also, make object types more consistent and remove spaces from object types that contain multiple parts ("posix_sem" -> "posixsem") to make mechanical parsing easier. Introduce a new "netinet" object type for certain IPv4/IPv6-related methods. Also simplify, slightly, some entry point names.
All MAC policy modules will need to be recompiled, and modules not updates as part of this commit will need to be modified to conform to the new KPI.
Sponsored by: SPARTA (original patches against Mac OS X) Obtained from: TrustedBSD Project, Apple Computer
|
#
172777 |
|
18-Oct-2007 |
thompsa |
Use a uint16_t type for the vlan tag rather an int.
|
#
172770 |
|
18-Oct-2007 |
thompsa |
The bridging output function puts the mbuf directly on the interfaces send queue so the output network card must support the same tagging mechanism as how the frame was input (prepended Ethernet header tag or stripped HW mflag).
Now the vlan Ethernet header is _always_ stripped in ether_input and the mbuf flagged, only only network cards with VLAN_HWTAGGING enabled would properly re-tag any outgoing vlan frames.
If the outgoing interface does not support hardware tagging then readd the vlan header to the front of the frame. Move the common vlan encapsulation in to ether_vlanencap().
Reported by: Erik Osterholm, Jon Otterholm MFC after: 1 week
|
#
172170 |
|
14-Sep-2007 |
julian |
Remove DIAG code that discards oversized packets. There has been general consensus that this was a bad idea/
Approved by: re (bmah)
|
#
171613 |
|
27-Jul-2007 |
rwatson |
First in a series of changes to remove the now-unused Giant compatibility framework for non-MPSAFE network protocols:
- Remove debug_mpsafenet variable, sysctl, and tunable. - Remove NET_NEEDS_GIANT() and associate SYSINITSs used by it to force debug.mpsafenet=0 if non-MPSAFE protocols are compiled into the kernel. - Remove logic to automatically flag interrupt handlers as non-MPSAFE if debug.mpsafenet is set for an INTR_TYPE_NET handler. - Remove logic to automatically flag netisr handlers as non-MPSAFE if debug.mpsafenet is set. - Remove references in a few subsystems, including NFS and Cronyx drivers, which keyed off debug_mpsafenet to determine various aspects of their own locking behavior. - Convert NET_LOCK_GIANT(), NET_UNLOCK_GIANT(), and NET_ASSERT_GIANT into no-op's, as their entire behavior was determined by the value in debug_mpsafenet. - Alias NET_CALLOUT_MPSAFE to CALLOUT_MPSAFE.
Many remaining references to NET_.*_GIANT() and NET_CALLOUT_MPSAFE are still present in subsystems, and will be removed in followup commits.
Reviewed by: bz, jhb Approved by: re (kensmith)
|
#
171173 |
|
03-Jul-2007 |
mlaier |
Link pf 4.1 to the build: - move ftp-proxy from libexec to usr.sbin - add tftp-proxy - new altq mtag link
Approved by: re (kensmith)
|
#
170632 |
|
12-Jun-2007 |
gallatin |
Use if_capenable to allow LRO enabled drivers to bypass the MTU check in ether_input().
|
#
170567 |
|
11-Jun-2007 |
gallatin |
Move the oversize ethernet frame size check into DIAGNOSTIC, as was proposed when it was originally added. This allows LRO to work on non-DIAGNOSTIC kernels without consuming any mbuf flags.
Discussed with: sam
|
#
170565 |
|
11-Jun-2007 |
gallatin |
Back out the previous commit which added an M_LRO mbuf flag to defeat the mtu check in ether_input. Mbuf flags are too scarce. Discussed with: sam
|
#
170560 |
|
11-Jun-2007 |
gallatin |
Allow drivers, such as cxgb and mxge, which support LRO to bypass the MTU check in ether_input() on LRO merged frames.
Discussed with: kmacy
|
#
170097 |
|
29-May-2007 |
yar |
Sync ether_ioctl() with ioctl(2) and ifnet.if_ioctl as to the type of the command argument: int -> u_long. These types have different widths in the 64-bit world.
Add a note to UPDATING because the change breaks KBI on 64-bit platforms.
Discussed on: -net, -current Reviewed by: bms, ru
|
#
168793 |
|
16-Apr-2007 |
thompsa |
Rename the trunk(4) driver to lagg(4) as it is too similar to vlan trunking.
The name trunk is misused as the networking term trunk means carrying multiple VLANs over a single connection. The IEEE standard for link aggregation (802.3 section 3) does not talk about 'trunk' at all while it is used throughout IEEE 802.1Q in describing vlans.
The lagg(4) driver provides link aggregation, failover and fault tolerance.
Discussed on: current@
|
#
168561 |
|
09-Apr-2007 |
thompsa |
Add the trunk(4) driver for providing link aggregation, failover and fault tolerance. This driver allows aggregation of multiple network interfaces as one virtual interface using a number of different protocols/algorithms.
failover - Sends traffic through the secondary port if the master becomes inactive. fec - Supports Cisco Fast EtherChannel. lacp - Supports the IEEE 802.3ad Link Aggregation Control Protocol (LACP) and the Marker Protocol. loadbalance - Static loadbalancing using an outgoing hash. roundrobin - Distributes outgoing traffic using a round-robin scheduler through all active ports.
This code was obtained from OpenBSD and this also includes 802.3ad LACP support from agr(4) in NetBSD.
|
#
167816 |
|
22-Mar-2007 |
bms |
Fix a typo, and update a comment.
Submitted by: yar
|
#
167740 |
|
20-Mar-2007 |
bms |
Make the m_pullup() diagnostic message compile-time conditional on DIAGNOSTIC.
Requested by: glebius
|
#
167716 |
|
19-Mar-2007 |
bms |
Clean up the ether_input() path by using the M_PROMISC flag.
Main points of this change: * Drop frames immediately if the interface is not marked IFF_UP. * Always trim off the frame checksum if present. * Always use M_VLANTAG in preference to passing 802.1Q frames to consumers. * Use __func__ consistently for KASSERT(). * Use the M_PROMISC flag to detect situations where ether_input() may reenter itself on the same call graph with the same mbuf which was promiscuously received on behalf of subsystems such as netgraph, carp, and vlan. * 802.1P frames (that is, VLAN frames with an ID of 0) will now be passed to layer 3 input paths. * Deal with the special case for CARP in a sane way.
This is a significant rewrite of code on the critical path. Please report any issues to me if they arise. Frames will now only pass through dummynet if M_PROMISC is cleared, to avoid problems with re-entry.
The handling of CARP needs to be revisited architecturally. The M_PROMISC flag may potentially be demoted to a link-layer flag only as it is in NetBSD, where the idea originated.
Discussed on: net Idea from: NetBSD Reviewed by: yar MFC after: 1 month
|
#
166888 |
|
22-Feb-2007 |
csjp |
Use ETHER_BPF_MTAP() instead of BPF_MTAP() here. It's possible incoming packets have had their 802.1Q tags processed by the hardware, resulting in them being stripped from the packets, and placed on the mbuf. This fixes the processing of 802.1Q tags when hardware offload of 802.1Q tags is enabled.
|
#
165522 |
|
24-Dec-2006 |
yar |
Note that rev. 1.221 introduced a local workaround for a general problem. Add a pointer to the relevant PR for future reference. The whole comment will be OK to remove as soon as the general solution is applied.
PR: kern/105943
|
#
165008 |
|
08-Dec-2006 |
luigi |
Fix an oscure bug triggered by a recent change in kern_socket.c. The symptoms were that outgoing DHCP requests for diskless kernels had the IP header corrupt. After long investigations, the source of the problem was found in ether_output() - for SIMPLEX interfaces and broadcast traffic, a copy of the packet is passed back to the kernel through if_simloop(). However if_simloop() modifies the mbuf, while the copy obtained through m_copym() is a readonly one.
The bug has been there forever, but it has been triggered only recently by a change in sosend_dgram() which passed down mbufs with sufficient space to prepend the header.
This fix is trivial - use m_dup() instead of m_copy() to create the copy. As an alternative, we could try and modify if_simloop() to play safely with readonly mbufs, but i don't think it is worthwhile because 1) this is a relatively infrequent code path so we do not need to worry too much about performance, and 2) the cost of doing an extra m_pullup in if_simloop() is probably the same as doing the copy of the cluster, anyways.
MFC after: 1 week
|
#
164396 |
|
18-Nov-2006 |
csjp |
Currently, drivers that support hardware offload of VLAN tag processing are forced to toggle this functionality when the card is put in and out of promiscuous mode. The main reason for this is because the hardware strips the VLAN tag, making it impossible for the tag information to show up in network diagnostic tools like tcpdump(1).
This change introduces ether_vlan_mtap(), which is called if the mbuf has M_VLANTAG set. VLAN information is extracted from the mbuf and inserted into a stack allocated ether vlan header which is then inserted through the bpf machinery via bpf_mtap2(). The original mbuf's data pointer and lengths are temporarily adjusted to eliminate the original Ethernet header for the duration of the tap operation. This should have no long term effects on the mbuf.
Also, define a new macro, ETHER_BPF_MTAP which should be used by drivers which support hardware offload of VLAN tag processing.
The fixes for the relevant drivers will follow shortly.
Discussed with: rwatson, andre, jhb (and others) Much feedback from: sam, ru MFC after: 1 month [1]
[1] The version that is eventually MFCed will be somewhat different then this, as there has been significant work done to the VLAN code in HEAD.
|
#
163606 |
|
22-Oct-2006 |
rwatson |
Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.h begun with a repo-copy of mac.h to mac_framework.h. sys/mac.h now contains the userspace and user<->kernel API and definitions, with all in-kernel interfaces moved to mac_framework.h, which is now included across most of the kernel instead.
This change is the first step in a larger cleanup and sweep of MAC Framework interfaces in the kernel, and will not be MFC'd.
Obtained from: TrustedBSD Project Sponsored by: SPARTA
|
#
161626 |
|
25-Aug-2006 |
thompsa |
Move the bridge hook after the loopback check so that IFF_SIMPLEX is honoured on member interfaces. This makes us the same as OpenBSD/NetBSD.
MFC after: 3 days
|
#
160769 |
|
27-Jul-2006 |
thompsa |
Remove the dependency of bridgestp.h on if_bridgevar.h by moving a couple of private structures to if_bridge.c.
|
#
160735 |
|
27-Jul-2006 |
avatar |
Fixing compilation bustage: net/if_bridgevar.h depends on net/bridgestp.h.
|
#
156246 |
|
03-Mar-2006 |
csjp |
Unbreak byte counters when network interfaces are in monitor mode by re-organizing the monitor return logic. We perform interface monitoring checks after we have determined if the CRC is still on the packet, if it is, m_adj() is called which will adjust the packet length. This ensures that we are not including CRC lengths in the byte counters for each packet.
Discussed with: andre, glebius
|
#
155268 |
|
03-Feb-2006 |
oleg |
Properly initialize args structure before passing it to ipfw_chk(): having uninitialized args.inp is unhealthy for uid/gid/jail ipfw rules.
PR: kern/92589 Approved by: glebius (mentor) MFC after: 1 week
|
#
155051 |
|
30-Jan-2006 |
glebius |
Merge the //depot/user/yar/vlan branch into CVS. It contains some collective work by yar, thompsa and myself. The checksum offloading part also involves work done by Mihail Balikov.
The most important changes:
o Instead of global linked list of all vlan softc use a per-trunk hash. The size of hash is dynamically adjusted, depending on number of entries. This changes struct ifnet, replacing counter of vlans with a pointer to trunk structure. This change is an improvement for setups with big number of VLANs, several interfaces and several CPUs. It is a small regression for a setup with a single VLAN interface. An alternative to dynamic hash is a per-trunk static array with 4096 entries, which is a compile time option - VLAN_ARRAY. In my experiments the array is not an improvement, probably because such a big trunk structure doesn't fit into CPU cache. o Introduce an UMA zone for VLAN tags. Since drivers depend on it, the zone is declared in kern_mbuf.c, not in optional vlan(4) driver. This change is a big improvement for any setup utilizing vlan(4). o Use rwlock(9) instead of mutex(9) for locking. We are the first ones to do this! :) o Some drivers can do hardware VLAN tagging + hardware checksum offloading. Add an infrastructure for this. Whenever vlan(4) is attached to a parent or parent configuration is changed, the flags on vlan(4) interface are updated.
In collaboration with: yar, thompsa In collaboration with: Mihail Balikov <mihail.balikov interbgc.com>
|
#
154518 |
|
18-Jan-2006 |
andre |
Return mbuf pointer or NULL from ip_fastforward() as the mbuf pointer may have changed by m_pullup() during fastforward processing.
While this is a bug it is actually never triggered in real world situations and it is not remotely exploitable.
Found by: Coverity Prevent(tm) Coverity ID: CID780 Sponsored by: TCP/IP Optimization Fundraise 2005
|
#
153640 |
|
22-Dec-2005 |
oleg |
1) remove useless check of loop_copy - corresponding code was removed in rev. 1.70 five years ago. 2) convert loop_copy to "non-negative" flag
Approved by: glebius (mentor) MFC after: 2 weeks
|
#
153494 |
|
17-Dec-2005 |
thompsa |
Change from a callback in if_ethersubr to using EVENTHANDLER in order to detach span ports when they disappear. The span port does not have a pointer to the softc so revert r1.31 and bring back the softc linked-list.
MFC after: 2 weeks
|
#
152583 |
|
18-Nov-2005 |
andre |
Purge layer specific mbuf flags on layer crossings to avoid confusing upper or lower layers.
Sponsored by: TCP/IP Optimization Fundraise 2005
|
#
152315 |
|
11-Nov-2005 |
ru |
- Store pointer to the link-level address right in "struct ifnet" rather than in ifindex_table[]; all (except one) accesses are through ifp anyway. IF_LLADDR() works faster, and all (except one) ifaddr_byindex() users were converted to use ifp->if_addr.
- Stop storing a (pointer to) Ethernet address in "struct arpcom", and drop the IFP2ENADDR() macro; all users have been converted to use IF_LLADDR() instead.
|
#
152296 |
|
11-Nov-2005 |
ru |
- Make IFP2ENADDR() a pointer to IF_LLADDR() rather than another copy of Ethernet address.
- Change iso88025_ifattach() and fddi_ifattach() to accept MAC address as an argument, similar to ether_ifattach(), to make this work.
|
#
151305 |
|
14-Oct-2005 |
thompsa |
Further clean up the bridge hooks in if_ethersubr.c and ng_ether.c
- move the function pointer definitions to if_bridgevar.h - move most of the logic to the new BRIDGE_INPUT and BRIDGE_OUTPUT macros - remove unneeded functions from if_bridgevar.h and sort a little.
|
#
151301 |
|
13-Oct-2005 |
thompsa |
From 101 ways to panic your kernel.
Use bridge_ifdetach() to notify the bridge that a member has been detached. The bridge can then remove it from its interface list and not try to send out via a dead pointer.
|
#
151298 |
|
13-Oct-2005 |
julian |
Consolidate two adjacent conditional blocks I actually believe the code in question should be elsewhere (in the preceding function).
MFC after: 1 week
|
#
151288 |
|
13-Oct-2005 |
ru |
Remove a stale comment.
|
#
151282 |
|
13-Oct-2005 |
thompsa |
Clean up the if_bridge hooks a bit in if_ethersubr.c and ng_ether.c, move the broadcast/multicast test to bridge_input().
Requested by: glebius
|
#
151063 |
|
07-Oct-2005 |
glebius |
A deja vu of:
http://lists.freebsd.org/pipermail/cvs-src/2004-October/033496.html
The same problem applies to if_bridge(4), too.
- Copy-and-paste the if_bridge(4) related block from if_ethersubr.c to ng_ether.c - Add XXXs, so that copy-and-paste would be noticed by any future editors of this code. - Also add XXXs near if_bridge(4) declarations.
Silence from: thompsa
|
#
150987 |
|
05-Oct-2005 |
thompsa |
Fix KASSERT function name in ether_output, use __func__ while I am here.
|
#
150636 |
|
27-Sep-2005 |
mlaier |
Remove bridge(4) from the tree. if_bridge(4) is a full functional replacement and has additional features which make it superior.
Discussed on: -arch Reviewed by: thompsa X-MFC-after: never (RELENG_6 as transition period)
|
#
149829 |
|
06-Sep-2005 |
thompsa |
Add support for multicast to the bridge and allow inet6 addresses to be assigned to the interface.
IPv6 auto-configuration is disabled. An IPv6 link-local address has a link-local scope within one link, the spec is unclear for the bridge case and it may cause scope violation.
An address can be assigned in the usual way; ifconfig bridge0 inet6 xxxx:...
Tested by: bmah Reviewed by: ume (netinet6) Approved by: mlaier (mentor) MFC after: 1 week
|
#
149389 |
|
23-Aug-2005 |
mlaier |
Don't loop back packets that have been routed by pf. This fixes an endless loop where the same packet is sent over and over again.
Obtained from: OpenBSD Reported by: Sergey Lapin Tested by: Sergey Lapin MFC after: 7 days
|
#
148887 |
|
09-Aug-2005 |
rwatson |
Propagate rename of IFF_OACTIVE and IFF_RUNNING to IFF_DRV_OACTIVE and IFF_DRV_RUNNING, as well as the move from ifnet.if_flags to ifnet.if_drv_flags. Device drivers are now responsible for synchronizing access to these flags, as they are in if_drv_flags. This helps prevent races between the network stack and device driver in maintaining the interface flags field.
Many __FreeBSD__ and __FreeBSD_version checks maintained and continued; some less so.
Reviewed by: pjd, bz MFC after: 7 days
|
#
148641 |
|
02-Aug-2005 |
rwatson |
When allocating link layer ifnet address list entries in ifp->if_resolvemulti(), do so with M_NOWAIT rather than M_WAITOK, so that a mutex can be held over the call. In the FDDI code, add a missing M_ZERO. Consumers are already aware that if_resolvemulti() can fail.
MFC after: 1 week
|
#
148228 |
|
21-Jul-2005 |
phk |
Add some KASSERTS to catch null pointers.
|
#
147256 |
|
10-Jun-2005 |
brooks |
Stop embedding struct ifnet at the top of driver softcs. Instead the struct ifnet or the layer 2 common structure it was embedded in have been replaced with a struct ifnet pointer to be filled by a call to the new function, if_alloc(). The layer 2 common structure is also allocated via if_alloc() based on the interface type. It is hung off the new struct ifnet member, if_l2com.
This change removes the size of these structures from the kernel ABI and will allow us to better manage them as interfaces come and go.
Other changes of note: - Struct arpcom is no longer referenced in normal interface code. Instead the Ethernet address is accessed via the IFP2ENADDR() macro. To enforce this ac_enaddr has been renamed to _ac_enaddr. - The second argument to ether_ifattach is now always the mac address from driver private storage rather than sometimes being ac_enaddr.
Reviewed by: sobomax, sam
|
#
147205 |
|
09-Jun-2005 |
thompsa |
Add dummynet(4) support to if_bridge, this code is largely based on bridge.c.
This is the final piece to match bridge.c in functionality, we can now be a drop-in replacement.
Approved by: mlaier (mentor)
|
#
146990 |
|
05-Jun-2005 |
thompsa |
Fix indentation of two comment blocks from the last commit.
Approved by: mlaier (mentor)
|
#
146986 |
|
05-Jun-2005 |
thompsa |
Add hooks into the networking layer to support if_bridge. This changes struct ifnet so a buildworld is necessary.
Approved by: mlaier (mentor) Obtained from: NetBSD
|
#
143195 |
|
06-Mar-2005 |
sobomax |
Fix ef(4) driver when kernel compiled w/o IPX.
MFC after: 3 days
|
#
142374 |
|
24-Feb-2005 |
glebius |
Fix long lines in comment introduced in previous commit.
|
#
142237 |
|
22-Feb-2005 |
rwatson |
When prepending an LCC SNAP header to an atalk outgoing ethernet packet, allocate the additional mbuf (if needed) using a non-sleeping memory allocation.
MFC after: 7 days
|
#
142215 |
|
22-Feb-2005 |
glebius |
Add CARP (Common Address Redundancy Protocol), which allows multiple hosts to share an IP address, providing high availability and load balancing.
Original work on CARP done by Michael Shalayeff, with many additions by Marco Pfatschbacher and Ryan McBride.
FreeBSD port done solely by Max Laier.
Patch by: mlaier Obtained from: OpenBSD (mickey, mcbride)
|
#
142069 |
|
18-Feb-2005 |
ru |
Allocate the M_VLANTAG m_pkthdr flag, and use it to indicate that a packet has VLAN mbuf tag attached. This is faster to check than m_tag_locate(), and allows us to use the tags in non-vlan(4) VLAN producers.
The first argument to VLAN_OUTPUT_TAG() is now unused but retained for backward compatibility.
While here, embellish a fix in rev. 1.174 of if_ethersubr.c -- it now checks for packets with VLAN (mbuf) tags, and it should now be possible to bridge(4) on vlan(4)'s whose parent interfaces support VLAN decapsulation in hardware.
Reviewed by: sam
|
#
141909 |
|
14-Feb-2005 |
glebius |
Check for non-NULL ac_netgraph field in interface arpcom, instead of checking global presence of ng_ether(4).
Reviewed by: ru
|
#
141891 |
|
14-Feb-2005 |
ru |
If no vlan(4) interfaces are configured for the interface, and the driver did VLAN decapsulation in hardware, we were passing a frame as if it came for the parent (non-VLAN) interface. Stop this from happening.
Reminded by: glebius Security: This could pose a security risk in some setups
|
#
140345 |
|
16-Jan-2005 |
glebius |
- Reduce number of arguments passed to dummynet_io(), we already have cookie in struct ip_fw_args itself. - Remove redundant &= 0xffff from dummynet_io().
|
#
140224 |
|
14-Jan-2005 |
glebius |
o Clean up interface between ip_fw_chk() and its callers:
- ip_fw_chk() returns action as function return value. Field retval is removed from args structure. Action is not flag any more. It is one of integer constants. - Any action-specific cookies are returned either in new "cookie" field in args structure (dummynet, future netgraph glue), or in mbuf tag attached to packet (divert, tee, some future action).
o Convert parsing of return value from ip_fw_chk() in ipfw_check_{in,out}() to a switch structure, so that the functions are more readable, and a future actions can be added with less modifications.
Approved by: andre MFC after: 2 months
|
#
139823 |
|
06-Jan-2005 |
imp |
/* -> /*- for license, minor formatting changes
|
#
136428 |
|
12-Oct-2004 |
glebius |
Fix packet flow when both ng_ether(4) and bridge(4) are in use:
- push all bridge logic from if_ethersubr.c into bridge.c make bridge_in() return mbuf pointer (or NULL). - call only bridge_in() from ether_input(), after ng_ether_input() was optinally called. - call bridge_in() from ng_ether_rcv_upper().
Long description: http://lists.freebsd.org/mailman/htdig/freebsd-net/2004-May/003881.html Reported by: Jian-Wei Wang <jwwang at FreeBSD.csie.NCTU.edu.tw> Tested by: myself, Sergey Lyubka Reviewed by: sam Approved by: julian (mentor) MFC after: 2 months
|
#
136376 |
|
11-Oct-2004 |
rwatson |
When harvesting entropy from an ethernet mbuf, do so before freeing the mbuf.
RELENG_5 candidate.
|
#
132712 |
|
27-Jul-2004 |
rwatson |
Add a new network interface flag, IFF_NEEDSGIANT, which will allow device drivers to declare that the ifp->if_start() method implemented by the driver requires Giant in order to operate correctly.
Add a 'struct task' to 'struct ifnet' that can be used to execute a deferred ifp->if_start() in the event that if_start needs to be called in a Giant-free environment. To do this, introduce if_start(), a wrapper function for ifp->if_start(). If the interface can run MPSAFE, it directly dispatches into the interface start routine. If it can't run MPSAFE, we're running with debug.mpsafenet != 0, and Giant isn't currently held, the task is queued to execute in a swi holding Giant via if_start_deferred().
Modify if_handoff() to use if_start() instead of direct dispatch. Modify 802.11 to use if_start() instead of direct dispatch.
This is intended to provide increased compatibility for non-MPSAFE network device drivers in the presence of Giant-free operation via asynchronous dispatch. However, this commit does not mark any network interfaces as IFF_NEEDSGIANT.
|
#
131856 |
|
09-Jul-2004 |
bms |
Use ETHER_IS_MULTICAST() consistently in ether_resolvemulti().
Reviewed by: jmallett
|
#
131477 |
|
02-Jul-2004 |
brooks |
Don't announce the ethernet address when it's 00:00:00:00:00:00. It's not of any interest. This primairly happens when vlan(4) interfaces are created.
|
#
131049 |
|
24-Jun-2004 |
joerg |
When considering an ethernet frame that is not destined for us, do not only allow this to be further processed when bridging is active on that interface, but also if the current packet has a VLAN tag and VLANs are active on our interface. This gives the VLAN layers a chance to also consider the packet (and perhaps drop it instead of the main dispatcher).
This fixes a situation where bridging was only active on VLAN interfaces but ether_demux() called on behalf of the main interface had already thrown the packet away.
MFC after: 4 weeks
|
#
131048 |
|
24-Jun-2004 |
des |
Make dependencies on the TCP/IP stack conditional on INET / INET6. This makes it possible to build a kernel with NIC drivers but no TCP/IP stack.
Sponsored by: Teleplan AS
|
#
130549 |
|
15-Jun-2004 |
mlaier |
Replace IF_HANDOFF with new IFQ_HANDOFF to enqueue with ALTQ once enabled on the respective drivers.
|
#
130015 |
|
02-Jun-2004 |
naddy |
Add helper functions to calculate the standard ethernet CRC in little/big endian fashion, so that network drivers can just reference the standard implementation and don't have to bring their own.
As discussed on arch@.
Obtained from: NetBSD
|
#
129876 |
|
30-May-2004 |
phk |
Add some missing <sys/module.h> includes which are masked by the one on death-row in <sys/kernel.h>
|
#
128636 |
|
25-Apr-2004 |
luigi |
This commit does two things:
1. rt_check() cleanup: rt_check() is only necessary for some address families to gain access to the corresponding arp entry, so call it only in/near the *resolve() routines where it is actually used -- at the moment this is arpresolve(), nd6_storelladdr() (the call is embedded here), and atmresolve() (the call is just before atmresolve to reduce the number of changes). This change will make it a lot easier to decouple the arp table from the routing table.
There is an extra call to rt_check() in if_iso88025subr.c to determine the routing info length. I have left it alone for the time being.
The interface of arpresolve() and nd6_storelladdr() now changes slightly: + the 'rtentry' parameter (really a hint from the upper level layer) is now passed unchanged from *_output(), so it becomes the route to the final destination and not to the gateway. + the routines will return 0 if resolution is possible, non-zero otherwise. + arpresolve() returns EWOULDBLOCK in case the mbuf is being held waiting for an arp reply -- in this case the error code is masked in the caller so the upper layer protocol will not see a failure.
2. arpcom untangling Where possible, use 'struct ifnet' instead of 'struct arpcom' variables, and use the IFP2AC macro to access arpcom fields. This mostly affects the netatalk code.
=== Detailed changes: === net/if_arcsubr.c rt_check() cleanup, remove a useless variable
net/if_atmsubr.c rt_check() cleanup
net/if_ethersubr.c rt_check() cleanup, arpcom untangling
net/if_fddisubr.c rt_check() cleanup, arpcom untangling
net/if_iso88025subr.c rt_check() cleanup
netatalk/aarp.c arpcom untangling, remove a block of duplicated code
netatalk/at_extern.h arpcom untangling
netinet/if_ether.c rt_check() cleanup (change arpresolve)
netinet6/nd6.c rt_check() cleanup (change nd6_storelladdr)
|
#
128615 |
|
24-Apr-2004 |
luigi |
arpcom untangling: - use ifp instead if &ac->ac_if in a couple of nd6* calls; this removes a useless dependency.
- use IFP2AC(ifp) instead of an extra variable to point to the struct arpcom; this does not remove the nesting dependency between arpcom and ifnet but makes it more evident.
|
#
128396 |
|
18-Apr-2004 |
luigi |
replace Bcmp() with the same bcmp() used in the rest of the file.
|
#
128376 |
|
17-Apr-2004 |
luigi |
+ rename and document an unused field in struct arpcom (field is still there so there are no ABI changes); + replace 5 redefinitions of the IPF2AC macro with one in if_arp.h
Eventually (but before freezing the ABI) we need to get rid of struct arpcom (initially with the help of some smart #defines to avoid having to touch each and every driver, see below).
Apart from the struct ifnet, struct arpcom now only stores a copy of the MAC address (ac_enaddr, but we already have another copy in the struct ifnet -- if_addrhead), and a netgraph-specific field which is _always_ accessed through the ifp, so it might well go into the struct ifnet too (where, besides, there is already an entry for AF_NETGRAPH data...)
Too bad ac_enaddr is widely referenced by all drivers. But this can be fixed as follows:
#define ac_enaddr ac_if.the_original_ac_enaddr_in_struct_ifnet
(note that the right hand side would likely be a pointer rather than the base address of an array.)
|
#
128019 |
|
07-Apr-2004 |
imp |
Remove advertising clause from University of California Regent's license, per letter dated July 22, 1999 and email from Peter Wemm, Alan Cox and Robert Watson.
Approved by: core, peter, alc, rwatson
|
#
127828 |
|
04-Apr-2004 |
luigi |
+ arpresolve(): remove an unused argument + struct ifnet: remove unused fields, move ipv6-related field close to each other, add a pointer to l3<->l2 translation tables (arp,nd6, etc.) for future use.
+ struct route: remove an unused field, move close to each other some fields that might likely go away in the future
|
#
126966 |
|
14-Mar-2004 |
mdodd |
Announce ethernet MAC addresss in ether_ifattach().
|
#
126951 |
|
14-Mar-2004 |
mdodd |
Handle AF_ARP in *_output()
Obtained from: NetBSD
|
#
126788 |
|
09-Mar-2004 |
rwatson |
Const-poison ethernet and FDDI broadcast address constants, as they are accessed read-only.
|
#
126486 |
|
02-Mar-2004 |
mlaier |
Two minor follow-ups on the MT_TAG removal: ifp is now passed explicitly to ether_demux; no need to look it up again. Make mtag a global var in ip_input.
Noticed by: rwatson Approved by: bms(mentor)
|
#
126239 |
|
25-Feb-2004 |
mlaier |
Re-remove MT_TAGs. The problems with dummynet have been fixed now.
Tested by: -current, bms(mentor), me Approved by: bms(mentor), sam
|
#
125952 |
|
17-Feb-2004 |
mlaier |
Backout MT_TAG removal (i.e. bring back MT_TAGs) for now, as dummynet is not working properly with the patch in place.
Approved by: bms(mentor)
|
#
125853 |
|
15-Feb-2004 |
dwmalone |
Return EACCES rather than ENOBUFS if ipfw blocks a packet on the way out at layer 2.
PR: 62385 Submitted by: Oleg Bulyzhin <oleg@rinet.ru> Approved by: luigi MFC after: 1 week
|
#
125784 |
|
13-Feb-2004 |
mlaier |
This set of changes eliminates the use of MT_TAG "pseudo mbufs", replacing them mostly with packet tags (one case is handled by using an mbuf flag since the linkage between "caller" and "callee" is direct and there's no need to incur the overhead of a packet tag).
This is (mostly) work from: sam
Silence from: -arch Approved by: bms(mentor), sam, rwatson
|
#
122702 |
|
14-Nov-2003 |
andre |
Introduce ip_fastforward and remove ip_flow.
Short description of ip_fastforward:
o adds full direct process-to-completion IPv4 forwarding code o handles ip fragmentation incl. hw support (ip_flow did not) o sends icmp needfrag to source if DF is set (ip_flow did not) o supports ipfw and ipfilter (ip_flow did not) o supports divert, ipfw fwd and ipfilter nat (ip_flow did not) o returns anything it can't handle back to normal ip_input
Enable with sysctl -w net.inet.ip.fastforwarding=1
Reviewed by: sam (mentor)
|
#
121816 |
|
31-Oct-2003 |
brooks |
Replace the if_name and if_unit members of struct ifnet with new members if_xname, if_dname, and if_dunit. if_xname is the name of the interface and if_dname/unit are the driver name and instance.
This change paves the way for interface renaming and enhanced pseudo device creation and configuration symantics.
Approved By: re (in principle) Reviewed By: njl, imp Tested On: i386, amd64, sparc64 Obtained From: NetBSD (if_xname)
|
#
121428 |
|
23-Oct-2003 |
imp |
Merge from p4 (noticed these changes with DES' if_ethersubr.c changes caused a minor conflict): o Use ETHER_ADDR_LEN in preference to '6'. o Remove two unnecessary (caddr_t) casts. One of them causes problems in my tree where etherbroadcastaddr is const, and (caddr_t) casts the const away.
|
#
121422 |
|
23-Oct-2003 |
des |
Clean up whitespace, remove "register" keyword, ANSIfy. No functional changes.
|
#
121048 |
|
12-Oct-2003 |
rwatson |
Comment spelling fix.
|
#
119560 |
|
29-Aug-2003 |
rwatson |
Introduce error checking for calls to M_PREPEND():
ether_output() when prepending netatalk AFA_PHASE2 llc headers (TRYWAIT). ether_output() when prepending ethernet header to a frame (DONTWAIT).
|
#
119131 |
|
19-Aug-2003 |
sam |
use ETHER_IS_MULTICAST instead of explicit check
|
#
117518 |
|
13-Jul-2003 |
rwatson |
Move the MAC entry point to label ethernet-sourced mbufs with a MAC label from the network interface earlier in ether_input(). At some point (no fingers pointed), things were restructured and the labeling operation moved later. This wasn't a problem as BPF_MTAP() relies on the ifnet label not the mbuf label, but there might have been other problems.
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
#
114723 |
|
05-May-2003 |
obrien |
Back out rev 1.146 -- it broke the LINT build. We are about to enter the 5.1 code freeze and things must be buildable.
|
#
114293 |
|
30-Apr-2003 |
markm |
Fix some easy, global, lint warnings. In most cases, this means making some local variables static. In a couple of cases, this means removing an unused variable.
|
#
113950 |
|
23-Apr-2003 |
archie |
Tweak to previous commit: increment ifp->if_iqdrops if the m_copy() fails.
Suggested by: Neelkanth Natu <neelnatu@yahoo.com>
|
#
113919 |
|
23-Apr-2003 |
archie |
Fix a case where the return value from m_copy() was not being checked for NULL before proceeding, causing a crash if mbufs were exhausted.
MFC after: 3 days Reported by: Mark Gooderum <mark@verniernetworks.com>
|
#
112469 |
|
21-Mar-2003 |
mdodd |
- Use if_broadcastaddr from struct ifnet rather than relying on extern 'etherbroadcastaddr'. - Make 'etherbroadcastaddr' static.
Reviewed by: imp
|
#
112279 |
|
15-Mar-2003 |
mdodd |
Reduce code differences.
|
#
112269 |
|
15-Mar-2003 |
mdodd |
Add module data and version.
|
#
111926 |
|
05-Mar-2003 |
peter |
Finish driving a stake through the heart of netns and the associated ifdefs scattered around the place - its dead Jim!
The SMB stuff had stolen AF_NS, make it official.
|
#
111888 |
|
04-Mar-2003 |
jlemon |
Update netisr handling; Each SWI now registers its queue, and all queue drain routines are done by swi_net, which allows for better queue control at some future point. Packets may also be directly dispatched to a netisr instead of queued, this may be of interest at some installations, but currently defaults to off.
Reviewed by: hsu, silby, jayanth, sam Sponsored by: DARPA, NAI Labs
|
#
111790 |
|
03-Mar-2003 |
mdodd |
sizeof(struct llc) -> LLC_SNAPFRAMELEN sizeof(struct ether_header) -> ETHER_HDR_LEN sizeof(struct fddi_header) -> FDDI_HDR_LEN
|
#
111774 |
|
02-Mar-2003 |
mdodd |
De-register.
|
#
111767 |
|
02-Mar-2003 |
mdodd |
Reduce code duplication. This adds the function rt_check() to route.c.
Approved by: sam (in principle)
|
#
111119 |
|
19-Feb-2003 |
imp |
Back out M_* changes, per decision of the TRB.
Approved by: trb
|
#
111071 |
|
18-Feb-2003 |
sam |
remove stray debugging printf
Noted by: Kasper Steensgaard <steensgaard@person.dk>
|
#
109623 |
|
21-Jan-2003 |
alfred |
Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0. Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
|
#
108107 |
|
19-Dec-2002 |
bmilekic |
o Untangle the confusion with the malloc flags {M_WAITOK, M_NOWAIT} and the mbuf allocator flags {M_TRYWAIT, M_DONTWAIT}. o Fix a bpf_compat issue where malloc() was defined to just call bpf_alloc() and pass the 'canwait' flag(s) along. It's been changed to call bpf_alloc() but pass the corresponding M_TRYWAIT or M_DONTWAIT flag (and only one of those two).
Submitted by: Hiten Pandya <hiten@unixdaemons.com> (hiten->commit_count++)
|
#
107114 |
|
20-Nov-2002 |
luigi |
Move fw_one_pass from ip_fw2.c to ip_input.c so that neither bridge.c nor if_ethersubr.c depend on IPFIREWALL. Restore the use of fw_one_pass in if_ethersubr.c
ipfw.8 will be updated with a separate commit.
Approved by: re
|
#
106930 |
|
14-Nov-2002 |
sam |
o change input packet handling to eliminate the pointer to the struct ether_header; instead drivers are to leave the Ethernet header at the front of the packet o add declarations for netgraph and vlan hooks that were removed from ethernet.h o change various in-file calling conventions to track change in input API o fixup bridge support to handle Ethernet header no longer being stripped o add consistency checks to ether_input to catch problems with the change in the API; some of these may want to be moved to #ifdef DIAGNOSTIC at a later time (though they are not too expensive to leave as is) o change ether_demux to eliminate the passing of the Ethernet header; it is now expected at the front of the packet a la ether_input o add ether_sprintf compatibility shim o change ether_ifattach API to remove "bpf supported param" and add a pointer to the MAC address to be installed for the LL address (this is for future changes to divest struct arpcom from struct ifnet) o change ether_ifdetach API to remove "bpf support param"
Reviewed by: many Approved by: re
|
#
105598 |
|
21-Oct-2002 |
brooks |
Use if_printf(ifp, "blah") instead of printf("%s%d: blah", ifp->if_name, ifp->if_xname).
|
#
105217 |
|
16-Oct-2002 |
phk |
FIx misindentation.
Spotted by: FlexeLint.
|
#
105078 |
|
14-Oct-2002 |
cjc |
Unconditionally restore the pointer to the saved Ethernet header after going to bridge.c:bdg_forward(). The header can be munged even if the mbuf does not /appear/ to change.
PR: kern/42465 MFC after: 4 days
|
#
104302 |
|
01-Oct-2002 |
phk |
Fix some harmless mis-indents.
Spotted by: FlexeLint
|
#
104094 |
|
28-Sep-2002 |
phk |
Be consistent about "static" functions: if the function is marked static in its prototype, mark it static at the definition too.
Inspired by: FlexeLint warning #512
|
#
104044 |
|
27-Sep-2002 |
phk |
Add the "Monitor" interface flag.
Setting this flag on an ethernet interface blocks transmission of packets and discards incoming packets after BPF processing.
This is useful if you want to monitor network trafic but not interact with the network in question.
Sponsored by: http://www.babeltech.dk
|
#
104002 |
|
26-Sep-2002 |
phk |
Be a bit more technical: Technically junk may have low entropy.
|
#
103556 |
|
18-Sep-2002 |
phk |
Optimize the way we call BPF a tiny bit: If we chop the ether-header off ourselves, call bpf before we do so, rather than re-construct the entire thing afterwards.
Sponsored: http://www.babeltech.dk/
|
#
103256 |
|
12-Sep-2002 |
obrien |
Fix the GENERIC build. Don't refer to the non-existant fw_one_pass.
|
#
103242 |
|
11-Sep-2002 |
luigi |
Make bridging and layer2-ipfw obey net.inet.ip.fw.one_pass. I should have committed this ages ago.
The MFC for if_ethersubr.c could be done in the usual few days (only ipfw2 uses it), the one for bridge.c should probably wait until after 4.7 because it changes an existing though mostly undocumented behaviour (on which i hope nobody relies). All in all, i'll wait for both things unless there is demand.
MFC after: 35 days
|
#
102618 |
|
30-Aug-2002 |
sobomax |
Fix a silly typo in user-setable promisc mode code.
Pointed out by: Yann Berthier <yb@sainte-barbe.org> MFC after: 1 day
|
#
102100 |
|
19-Aug-2002 |
sobomax |
Previous deltas (promisc mode) were a subject of:
MFC after: 1 week
|
#
102099 |
|
19-Aug-2002 |
sobomax |
Implement user-setable promiscuous mode (a new `promisc' flag for ifconfig(8)). Also, for all interfaces in this mode pass all ethernet frames to upper layer, even those not addressed to our own MAC, which allows packets encapsulated in those frames be processed with packet filters (ipfw(8) et al).
Emphatically requested by: Anton Turygin <pa3op@ukr-link.net> Valuable suggestions by: fenner
|
#
101345 |
|
04-Aug-2002 |
luigi |
Extend the interface to ether_input(): a NULL eh pointer means that the mbuf contains the ethernet header (eh) as well, which ether_input() will strip off as needed.
This permits the removal (in a backward compatible way) of the header removal code which right now is replicated in all drivers, sometimes in an inconsistent way. Also, because many functions called after ether_input() require the eh in the mbuf, eventually we can propagate the interface and handle outdated drivers just in ether_input().
Individual driver changes to use the new interface will follow as we have a chance to touch them.
NOTE THAT THIS CHANGE IS FULLY BACKWARD COMPATIBLE AND DOES NOT BREAK BINARY COMPATIBILITY FOR DRIVERS.
MFC after: 3 days
|
#
101081 |
|
31-Jul-2002 |
rwatson |
Introduce support for Mandatory Access Control and extensible kernel access control.
Label mbufs received via ethernet-based interfaces by invoking appropriate MAC framework entry points.
Perform access control checks on out-going mbufs delivered via ethernet-based interfaces by invoking appropriate MAC entry points.
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
#
99126 |
|
30-Jun-2002 |
luigi |
Remove one useless variable.
|
#
98669 |
|
23-Jun-2002 |
luigi |
fix indentation, whitespace and a few comments.
|
#
98613 |
|
22-Jun-2002 |
luigi |
Remove (almost all) global variables that were used to hold packet forwarding state ("annotations") during ip processing. The code is considerably cleaner now.
The variables removed by this change are:
ip_divert_cookie used by divert sockets ip_fw_fwd_addr used for transparent ip redirection last_pkt used by dynamic pipes in dummynet
Removal of the first two has been done by carrying the annotations into volatile structs prepended to the mbuf chains, and adding appropriate code to add/remove annotations in the routines which make use of them, i.e. ip_input(), ip_output(), tcp_input(), bdg_forward(), ether_demux(), ether_output_frame(), div_output().
On passing, remove a bug in divert handling of fragmented packet. Now it is the fragment at offset 0 which sets the divert status of the whole packet, whereas formerly it was the last incoming fragment to decide.
Removal of last_pkt required a change in the interface of ip_fw_chk() and dummynet_io(). On passing, use the same mechanism for dummynet annotations and for divert/forward annotations.
option IPFIREWALL_FORWARD is effectively useless, the code to implement it is very small and is now in by default to avoid the obfuscation of conditionally compiled code.
NOTES: * there is at least one global variable left, sro_fwd, in ip_output(). I am not sure if/how this can be removed.
* I have deliberately avoided gratuitous style changes in this commit to avoid cluttering the diffs. Minor stule cleanup will likely be necessary
* this commit only focused on the IP layer. I am sure there is a number of global variables used in the TCP and maybe UDP stack.
* despite the number of files touched, there are absolutely no API's or data structures changed by this commit (except the interfaces of ip_fw_chk() and dummynet_io(), which are internal anyways), so an MFC is quite safe and unintrusive (and desirable, given the improved readability of the code).
MFC after: 10 days
|
#
96511 |
|
13-May-2002 |
luigi |
Add ipfw hooks to ether_demux() and ether_output_frame(). Ipfw processing of frames at layer 2 can be enabled by the sysctl variable
net.link.ether.ipfw=1
Consider this feature experimental, because right now, the firewall is invoked in the places indicated below, and controlled by the sysctl variables listed on the right. As a consequence, a packet can be filtered from 1 to 4 times depending on the path it follows, which might make a ruleset a bit hard to follow.
I will add an ipfw option to tell if we want a given rule to apply to ether_demux() and ether_output_frame(), but we have run out of flags in the struct ip_fw so i need to think a bit on how to implement this.
to upper layers | | +----------->-----------+ ^ V [ip_input] [ip_output] net.inet.ip.fw.enable=1 | | ^ V [ether_demux] [ether_output_frame] net.link.ether.ipfw=1 | | +->- [bdg_forward]-->---+ net.link.ether.bridge_ipfw=1 ^ V | | to devices
|
#
93748 |
|
04-Apr-2002 |
luigi |
Fix a couple of incorrect m_free() vs. m_freem() usages and related issues.
Reviewed-by: brooks
|
#
93084 |
|
24-Mar-2002 |
bde |
Fixed some style bugs in the removal of __P(()). The main ones were not removing tabs before "__P((", and not outdenting continuation lines to preserve non-KNF lining up of code with parentheses. Switch to KNF formatting and/or rewrap the whole prototype in some cases.
|
#
92725 |
|
19-Mar-2002 |
alfred |
Remove __P.
|
#
90677 |
|
15-Feb-2002 |
luigi |
Remove useless initialization to 0 of a couple of global variables.
|
#
89263 |
|
11-Jan-2002 |
jesper |
It turns out that when a broadcast packet is looped back, the checksums are checked on the way in even if they were not calculated on the way out.
This fixes rwhod
PR: 31954 Submitted by: fenner Approved by: fenner MFC after: 1 week
|
#
87912 |
|
14-Dec-2001 |
jlemon |
minor style fix.
|
#
87843 |
|
14-Dec-2001 |
dg |
Moved the updating of if_ibytes from ether_demux() to ether_input() to fix a bug where the interface input bytes count wasn't updated when bridging is enabled.
MFC after: 3 days
|
#
87599 |
|
10-Dec-2001 |
obrien |
Update to C99, s/__FUNCTION__/__func__/, also don't use ANSI string concatenation.
|
#
87276 |
|
03-Dec-2001 |
brooks |
Don't pass an interface pointer to VLAN_INPUT{,_TAG}. Get it from the mbuf instead.
Suggested by: fenner
|
#
86047 |
|
04-Nov-2001 |
luigi |
MFS: sync the ipfw/dummynet/bridge code with the one recently merged into stable (mostly , but not only, formatting and comments changes).
|
#
84931 |
|
14-Oct-2001 |
fjoe |
bring in ARP support for variable length link level addresses
Reviewed by: jdp Approved by: jdp Obtained from: NetBSD MFC after: 6 weeks
|
#
84785 |
|
11-Oct-2001 |
jlemon |
Set if_type and if_addrlen before calling if_attach(), so the values are available for the routine to use.
|
#
84516 |
|
05-Oct-2001 |
ps |
Make it so dummynet and bridge can be loaded as modules.
Submitted by: billf
|
#
83268 |
|
09-Sep-2001 |
peter |
Remove/comment tokens after #endif (#endif NETATALK)
|
#
83130 |
|
06-Sep-2001 |
jlemon |
Wrap array accesses in macros, which also happen to be lvalues:
ifnet_addrs[i - 1] -> ifaddr_byindex(i) ifindex2ifnet[i] -> ifnet_byindex(i)
This is intended to ease the conversion to SMPng.
|
#
83115 |
|
05-Sep-2001 |
brooks |
Make vlan(4) loadable, unloadable, and clonable. As a side effect, interfaces must now always enable VLAN support.
Reviewed by: jlemon MFC after: 3 weeks
|
#
78295 |
|
15-Jun-2001 |
jlemon |
Do not perform arp send/resolve on an interface marked NOARP.
PR: 25006 MFC after: 2 weeks
|
#
76213 |
|
02-May-2001 |
fenner |
Get IP multicast working on VLAN devices:
- Allocate zeroed memory in ether_resolvemulti() to prevent equal() from comparing garbage and determining that two otherwise-equal sockaddr_dls are different. - Fill in all required fields of the sockaddr_dl - Actually copy the multicast address into the sockaddr_dl when calling if_addmulti() - Don't claim that we don't have a way to resolve layer 3 addresses into layer 2 addresses; use the ethernet way.
|
#
74093 |
|
11-Mar-2001 |
bmilekic |
Plug several mbuf leaks in error cases (in nd6)
Submitted by: jhay
|
#
72669 |
|
18-Feb-2001 |
markm |
Insert entropy harvesting calls for network traffic. By default, no entropy will be harvested.
|
#
72270 |
|
09-Feb-2001 |
luigi |
Sync with the bridge/dummynet/ipfw code already tested in stable.
In ip_fw.[ch] change a couple of variable and field names to avoid having types, variables and fields with the same name.
|
#
72175 |
|
08-Feb-2001 |
archie |
When we receive an incoming Ethernet frame that was unicast to a different hardware address, we should drop it (this should only happen in promiscuous mode). Relocate the code for this check from before ng_ether(4) processing to after ng_ether(4) processing. Also fix a compiler warning.
PR: kern/24465
|
#
71909 |
|
01-Feb-2001 |
luigi |
MFS: bridge/ipfw/dummynet fixes (bridge.c will be committed separately)
|
#
71655 |
|
25-Jan-2001 |
luigi |
Comment the interface to ether_input() and the way is normally used by most ethernet drivers.
|
#
70254 |
|
21-Dec-2000 |
bmilekic |
* Rename M_WAIT mbuf subsystem flag to M_TRYWAIT. This is because calls with M_WAIT (now M_TRYWAIT) may not wait forever when nothing is available for allocation, and may end up returning NULL. Hopefully we now communicate more of the right thing to developers and make it very clear that it's necessary to check whether calls with M_(TRY)WAIT also resulted in a failed allocation. M_TRYWAIT basically means "try harder, block if necessary, but don't necessarily wait forever." The time spent blocking is tunable with the kern.ipc.mbuf_wait sysctl. M_WAIT is now deprecated but still defined for the next little while.
* Fix a typo in a comment in mbuf.h
* Fix some code that was actually passing the mbuf subsystem's M_WAIT to malloc(). Made it pass M_WAITOK instead. If we were ever to redefine the value of the M_WAIT flag, this could have became a big problem.
|
#
69153 |
|
25-Nov-2000 |
jlemon |
Remove unused variable, spl() manipulation isn't done for the ifq now.
|
#
69152 |
|
25-Nov-2000 |
jlemon |
Lock down the network interface queues. The queue mutex must be obtained before adding/removing packets from the queue. Also, the if_obytes and if_omcasts fields should only be manipulated under protection of the mutex.
IF_ENQUEUE, IF_PREPEND, and IF_DEQUEUE perform all necessary locking on the queue. An IF_LOCK macro is provided, as well as the old (mutex-less) versions of the macros in the form _IF_ENQUEUE, _IF_QFULL, for code which needs them, but their use is discouraged.
Two new macros are introduced: IF_DRAIN() to drain a queue, and IF_HANDOFF, which takes care of locking/enqueue, and also statistics updating/start if necessary.
|
#
66479 |
|
30-Sep-2000 |
bp |
Properly setup link level header length for 802.2 and SNAP frames.
|
#
66316 |
|
24-Sep-2000 |
bmilekic |
Get rid of a panic that occurs in ether_demux() by dereferencing a NULL mbuf pointer, when bridging and bridge_ipfw are enabled, and when bdg_forward() happens to free the packet and make our pointer NULL. There may be more similar problems like this one with calls to bdg_forward().
PR: Related to kern/19551 Reviewed by: jlemon
|
#
63992 |
|
29-Jul-2000 |
nsayer |
Make the bridge_refresh operation automatic when ethernet interfaces are attached or detached.
|
#
63090 |
|
13-Jul-2000 |
archie |
Make all Ethernet drivers attach using ether_ifattach() and detach using ether_ifdetach().
The former consolidates the operations of if_attach(), ng_ether_attach(), and bpfattach(). The latter consolidates the corresponding detach operations.
Reviewed by: julian, freebsd-net
|
#
62838 |
|
09-Jul-2000 |
itojun |
repair IPV6_JOIN_GROUP to IPv6 all multi. From: ume
|
#
62587 |
|
04-Jul-2000 |
itojun |
sync with kame tree as of july00. tons of bug fixes/improvements.
API changes: - additional IPv6 ioctls - IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8). (also syntax change)
|
#
62264 |
|
29-Jun-2000 |
archie |
Fix kernel build breakage when 'device ether' was not included.
|
#
62143 |
|
26-Jun-2000 |
archie |
Make the ng_ether(4) node type dynamically loadable like the rest. This means 'options NETGRAPH' is no longer necessary in order to get netgraph-enabled Ethernet interfaces. This supports loading/unloading the ng_ether.ko and attaching/detaching the Ethernet interface in any order.
Add two new hooks 'upper' and 'lower' to allow access to the protocol demux engine and the raw device, respectively. This enables bridging to be defined as a netgraph node, if so desired.
Reviewed by: freebsd-net@freebsd.org
|
#
61648 |
|
14-Jun-2000 |
bp |
Do not perform any opeartion with mbuf after it placed into interface queue.
Tested by: Bosko Milekic <bmilekic@dsuper.net>
|
#
60889 |
|
24-May-2000 |
archie |
Just need to pass the address family to if_simloop(), not the whole sockaddr.
|
#
60536 |
|
14-May-2000 |
archie |
Move code to handle BPF and bridging for incoming Ethernet packets out of the individual drivers and into the common routine ether_input(). Also, remove the (incomplete) hack for matching ethernet headers in the ip_fw code.
The good news: net result of 1016 lines removed, and this should make bridging now work with *all* Ethernet drivers.
The bad news: it's nearly impossible to test every driver, especially for bridging, and I was unable to get much testing help on the mailing lists.
Reviewed by: freebsd-net
|
#
59731 |
|
28-Apr-2000 |
julian |
OOps forgot to check in this one... API chage for netgraph.
|
#
59681 |
|
27-Apr-2000 |
bp |
Fix support for 802.2 and SNAP frames. Bug was introduced during initial import.
Tested by: Jorge P Vasquez <jorge@acron.ind.br>
|
#
57178 |
|
13-Feb-2000 |
peter |
Clean up some loose ends in the network code, including the X.25 and ISO #ifdefs. Clean out unused netisr's and leftover netisr linker set gunk. Tested on x86 and alpha, including world.
Approved by: jkh
|
#
54799 |
|
18-Dec-1999 |
green |
M_PREPEND-related cleanups (unregisterifying struct mbuf *s).
|
#
54558 |
|
13-Dec-1999 |
bp |
Bring up an if_ef driver which allows support for four ethernet frame types. Currently it supports only IPX protocol and doesn't affect existing functionality when not loaded.
Reviewed by: Ollivier Robert <roberto@keltia.freenix.fr>
|
#
54263 |
|
07-Dec-1999 |
shin |
udp IPv6 support, IPv6/IPv4 tunneling support in kernel, packet divert at kernel for IPv6/IPv4 translater daemon
This includes queue related patch submitted by jburkhol@home.com.
Submitted by: queue related patch from jburkhol@home.com Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project
|
#
53913 |
|
30-Nov-1999 |
archie |
Add two new generic control messages, NGM_ASCII2BINARY and NGM_BINARY2ASCII, which convert control messages to ASCII and back. This allows control messages to be sent and received in ASCII form using ngctl(8), which makes ngctl a lot more useful.
This also allows all the type-specific debugging code in libnetgraph to go away -- instead, we just ask the node itself to do the ASCII translation for us.
Currently, all generic control messages are supported, as well as messages associated with the following node types: async, cisco, ksocket, and ppp.
See /usr/share/examples/netgraph/ngctl for an example of using this.
Also give ngctl(8) the ability to print out incoming data and control messages at any time. Eventually nghook(8) may be subsumed.
Several other misc. bug fixes.
Reviewed by: julian
|
#
53541 |
|
22-Nov-1999 |
shin |
KAME netinet6 basic part(no IPsec,no V6 Multicast Forwarding, no UDP/TCP for IPv6 yet)
With this patch, you can assigne IPv6 addr automatically, and can reply to IPv6 ping.
Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project
|
#
53171 |
|
15-Nov-1999 |
julian |
YUCK! m_prepend doesn't fix m_pkthdr.len, use M_PREPEND instead, which does.. (Netgraph only)
|
#
53144 |
|
14-Nov-1999 |
julian |
Fix screwup on synthesising incoming ethernet header in Netgraph mode.
Submitted by: brian@freebsd.org
|
#
53099 |
|
11-Nov-1999 |
julian |
Oops forgot to put the source MAC address on outgoing packets!
|
#
52754 |
|
01-Nov-1999 |
julian |
Use typedefs for node methods.
|
#
52525 |
|
26-Oct-1999 |
julian |
Minor hack in the netgraph interface to ethernets.
|
#
52419 |
|
21-Oct-1999 |
julian |
Whistle's Netgraph link-layer (sometimes more) networking infrastructure. Been in production for 3 years now. Gives Instant Frame relay to if_sr and if_ar drivers, and PPPOE support soon. See: ftp://ftp.whistle.com/pub/archie/netgraph/index.html for on-line manual pages.
Reviewed by: Doug Rabson (dfr@freebsd.org) Obtained from: Whistle CVS tree
|
#
52248 |
|
15-Oct-1999 |
msmith |
Implement pseudo_AF_HDRCMPLT, which controls the state of the 'header completion' flag. If set, the interface output routine will assume that the packet already has a valid link-level source address. This defaults to off (the address is overwritten)
PR: kern/10680 Submitted by: "Christopher N . Harrell" <cnh@mindspring.net> Obtained from: NetBSD
|
#
50477 |
|
27-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
#
44078 |
|
16-Feb-1999 |
dfr |
* Change sysctl from using linker_set to construct its tree using SLISTs. This makes it possible to change the sysctl tree at runtime.
* Change KLD to find and register any sysctl nodes contained in the loaded file and to unregister them when the file is unloaded.
Reviewed by: Archie Cobbs <archie@whistle.com>, Peter Wemm <peter@netplex.com.au> (well they looked at it anyway)
|
#
43457 |
|
31-Jan-1999 |
julian |
Slight cleanups. There were 2 ways of getting the arpcom from the ifp. Both equally bogus. Make it a macro so that we can pretend it's not bogus and maybe make it less so some time in the future.
|
#
42570 |
|
12-Jan-1999 |
eivind |
Remove unused variable & clean up a couple of style issues.
|
#
41792 |
|
14-Dec-1998 |
luigi |
Bridging support. Wait for LINT to be updated before trying it.
|
#
38114 |
|
04-Aug-1998 |
julian |
fix broken loopback code for ddp (again) Submitted by: Stefan Bethke <stb@hanse.de>
|
#
36992 |
|
14-Jun-1998 |
julian |
Try narrow down the culprit sending undefined packet types through the loopback
|
#
36940 |
|
13-Jun-1998 |
julian |
Allow a protocol to specify that it does NOT want to be looped back even if it looks like it should (backwards compatibility with old broken code) should get rid of some annoying messags.
|
#
36908 |
|
12-Jun-1998 |
julian |
Go through the loopback code with a broom.. Remove lots'o'hacks. looutput is now static.
Other callers who want to use loopback to allow shortcutting should call the special entrypoint for this, if_simloop(), which is specifically designed for this purpose. Using looutput for this purpose was problematic, particularly with bpf and trying to keep track of whether one should be using the charateristics of the loopback interface or the interface (e.g. if_ethersubr.c) that was requesting the loopback. There was a whole class of errors due to this mis-use each of which had hacks to cover them up.
Consists largly of hack removal :-)
|
#
36192 |
|
19-May-1998 |
dg |
Added fast IP forwarding code by Matt Thomas <matt@3am-software.com> via NetBSD, ported to FreeBSD by Pierre Beyssac <pb@fasterix.freenix.org> and minorly tweaked by me. This is a standard part of FreeBSD, but must be enabled with: "sysctl -w net.inet.ip.fastforwarding=1" ...and of course forwarding must also be enabled. This should probably be modified to use the zone allocator for speed and space efficiency. The current algorithm also appears to lose if the number of active paths exceeds IPFLOW_MAX (256), in which case it wastes lots of time trying to figure out which cache entry to drop.
|
#
34961 |
|
30-Mar-1998 |
phk |
Eradicate the variable "time" from the kernel, using various measures. "time" wasn't a atomic variable, so splfoo() protection were needed around any access to it, unless you just wanted the seconds part.
Most uses of time.tv_sec now uses the new variable time_second instead.
gettime() changed to getmicrotime(0.
Remove a couple of unneeded splfoo() protections, the new getmicrotime() is atomic, (until Bruce sets a breakpoint in it).
A couple of places needed random data, so use read_random() instead of mucking about with time which isn't random.
Add a new nfs_curusec() function.
Mark a couple of bogosities involving the now disappeard time variable.
Update ffs_update() to avoid the weird "== &time" checks, by fixing the one remaining call that passwd &time as args.
Change profiling in ncr.c to use ticks instead of time. Resolution is the same.
Add new function "tvtohz()" to avoid the bogus "splfoo(), add time, call hzto() which subtracts time" sequences.
Reviewed by: bde
|
#
34649 |
|
17-Mar-1998 |
wollman |
Add preliminary support for IEEE 802.1Q VLAN tagging. It doesn't actually work reliably yet (I've had panics), but it does seem to occasionally be able to transmit and receive syntactically-correct packets. Also fixes one of if_ethersubr.c's legion style bugs, and removes the hostcache code from standard kernels---the code that depends on it is not going to happen any time soon, I'm afraid.
|
#
33676 |
|
20-Feb-1998 |
bde |
Removed unused #includes.
|
#
32929 |
|
31-Jan-1998 |
eivind |
Make the debug options new-style.
This also zaps a DPT option from lint; it wasn't referenced from anywhere.
|
#
32356 |
|
08-Jan-1998 |
eivind |
NETATALK -> opt_atalk.h
|
#
32350 |
|
08-Jan-1998 |
eivind |
Make INET a proper option.
This will not make any of object files that LINT create change; there might be differences with INET disabled, but hardly anything compiled before without INET anyway. Now the 'obvious' things will give a proper error if compiled without inet - ipx_ip, ipfw, tcp_debug. The only thing that _should_ work (but can't be made to compile reasonably easily) is sppp :-(
This commit move struct arpcom from <netinet/if_ether.h> to <net/if_arp.h>.
|
#
31884 |
|
19-Dec-1997 |
bde |
Fixed gratuitous ANSIisms.
|
#
31742 |
|
15-Dec-1997 |
eivind |
Throw options IPX, IPXIP and IPTUNNEL into opt_ipx.h.
The #ifdef IPXIP in netipx/ipx_if.h is OK (used from ipx_usrreq.c and ifconfig.c only).
I also fixed a typo IPXTUNNEL -> IPTUNNEL (and #ifdef'ed out the code inside, as it never could have compiled - doh.)
|
#
31016 |
|
07-Nov-1997 |
phk |
Remove a bunch of variables which were unused both in GENERIC and LINT.
Found by: -Wunused
|
#
30822 |
|
28-Oct-1997 |
julian |
Fix various problems with netatalk kernel support. Some of these changes are a bit rough and will become more polished later. the changes to if_ethersubr should largely be moved to within the appletalk code, but that will happen later. A few of these were related to network-byteorder problems, and more were related to loopback failures.
|
#
30813 |
|
28-Oct-1997 |
bde |
Removed unused #includes.
|
#
27431 |
|
15-Jul-1997 |
julian |
Finally track down the reason for some of my occasional kernel crashes. Route(1) has a bug that sends a bad message to the kernel. The kernel trusts it and crashes. Add some sanity checks so that we don't trust the user quite as much any more. (also add a comment in if_ethersubr.c)
|
#
25653 |
|
10-May-1997 |
jhay |
Use the MAC address of an interface for the host part of an IPX address and not the MAC address of the first interface for every IPX address. This is more inline with the way others like Novell do it. Originally Submitted by: "Serge A. Babkin" <babkin@hq.icb.chel.su>
|
#
24204 |
|
24-Mar-1997 |
bde |
Don't include <sys/ioctl.h> in the kernel. Stage 2: include <sys/sockio.h> instead of <sys/ioctl.h> in network files.
|
#
22975 |
|
22-Feb-1997 |
peter |
Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not ready for it yet.
|
#
21673 |
|
14-Jan-1997 |
jkh |
Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
|
#
21666 |
|
13-Jan-1997 |
wollman |
Use the new if_multiaddrs list for multicast addresses rather than the previous hackery involving struct in_ifaddr and arpcom. Get rid of the abominable multi_kludge. Update all network interfaces to use the new machanism. Distressingly few Ethernet drivers program the multicast filter properly (assuming the hardware has one, which it usually does).
|
#
21404 |
|
07-Jan-1997 |
wollman |
Checkpoint the beginnings of the new kernel interface for multicast group memberships. This is not actually operative at the moment (a lot of other code still needs to be changed), but this seemed like a useful reference point to check in so that others (i.e. Bill Fenner) have fair warning of where we are going.
|
#
20407 |
|
13-Dec-1996 |
wollman |
Convert the interface address and IP interface address structures to TAILQs. Fix places which referenced these for no good reason that I can see (the references remain, but were fixed to compile again; they are still questionable).
|
#
20276 |
|
10-Dec-1996 |
dg |
1) Implement SIOCSIFMTU in ether_ioctl(), and change ether_ioctl's return type to be int so that errors can be returned. 2) Use the new SIOCSIFMTU ether_ioctl support in the few drivers that are using ether_ioctl(). 3) In if_fxp.c: treat if_bpf as a token, not as a pointer. Don't bother testing for FXP_NTXSEG being reached in fxp_start()...just check for non-NULL 'm'. Change fxp_ioctl() to use ether_ioctl().
|
#
19846 |
|
18-Nov-1996 |
dg |
Fixed broken SIOCGIFADDR. It was copying out garbage as the ethernet address.
|
#
19016 |
|
18-Oct-1996 |
jkh |
ns_nettype should be declared, not externed.
|
#
18991 |
|
17-Oct-1996 |
jkh |
Netcon's changes for their extended NS support. This only effects people compiling with NS, so the effects on everyone else are nil.
|
#
17444 |
|
05-Aug-1996 |
phk |
use <net/ethernet.h>
|
#
17418 |
|
04-Aug-1996 |
phk |
Make the NS and IPX cases compile again.
|
#
17415 |
|
04-Aug-1996 |
phk |
Add a callback pointer to the interfaces "init" routine. Add ether_ioctl() which can take care of the SIOC[SG]IFADDR cases for most (ethernet) drivers.
|
#
16498 |
|
18-Jun-1996 |
julian |
Submitted by: archie@whistle.com
gary went a little overboard on commenting out unused variables. Variables needed for ISO, LLC and NETATALK were only enabled for ISO & LLC.. so NETATALK bombed.
|
#
16341 |
|
13-Jun-1996 |
dg |
Keep ether_type in network order for BPF to be consistent with other systems.
Submitted by: Ted Lemon, Matt Thomas, and others. Retrofitted for -current by me.
|
#
16322 |
|
12-Jun-1996 |
gpalmer |
Clean up -Wunused warnings.
Reviewed by: bde
|
#
16287 |
|
10-Jun-1996 |
gpalmer |
Change the use if ifnet.if_lastchange to be more in line with SNMP requirements. Update description of ifnet.if_lastchange in if.h to indicate this.
|
#
16063 |
|
01-Jun-1996 |
gpalmer |
Set ifnet.baudrate for ethernet / FDDI interfaces too. Makes SNMP slightly more informative
Reviewed by: Garrett Wollman
|
#
15885 |
|
23-May-1996 |
julian |
Obtained from: netatalk distribution netatalk@itd.umich.edu
Kernel Appletalk protocol support both CAP and netatalk can make use of this.. still needs some owrk but it seemd the right tiime to commit it so other can experiment.
|
#
15117 |
|
07-Apr-1996 |
bde |
Removed never-used #includes of <machine/cpu.h>. Many were apparently copied from bad examples.
|
#
13619 |
|
24-Jan-1996 |
phk |
Use new printf features rather than local kludges.
|
#
12942 |
|
20-Dec-1995 |
wollman |
in_proto.c: spell ``Internet'' right and put whitespace after commas.
others: start to populate the link-layer branch of the net mib, by moving ARP to its proper place. (ARP is not a protocol family, it's an interface layer between a medium-access layer and a protocol family.) sysctl(8) needs to be taught about the structure of this branch, unless Poul-Henning implements dynamic MIB exploration soon.
|
#
12706 |
|
09-Dec-1995 |
phk |
Staticize, clean lint.
|
#
11921 |
|
29-Oct-1995 |
phk |
Second batch of cleanup changes. This time mostly making a lot of things static and some unused variables here and there.
|
#
11819 |
|
26-Oct-1995 |
julian |
Reviewed by: julian and jhay@mikom.csir.co.za Submitted by: Mike Mitchell, supervisor@alb.asctmd.com
This is a bulk mport of Mike's IPX/SPX protocol stacks and all the related gunf that goes with it.. it is not guaranteed to work 100% correctly at this time but as we had several people trying to work on it I figured it would be better to get it checked in so they could all get teh same thing to work on..
Mikes been using it for a year or so but on 2.0
more changes and stuff will be merged in from other developers now that this is in.
Mike Mitchell, Network Engineer AMTECH Systems Corporation, Technology and Manufacturing 8600 Jefferson Street, Albuquerque, New Mexico 87113 (505) 856-8000 supervisor@alb.asctmd.com
|
#
9202 |
|
11-Jun-1995 |
rgrimes |
Merge RELENG_2_0_5 into HEAD
|
#
8876 |
|
30-May-1995 |
rgrimes |
Remove trailing whitespace.
|
#
8384 |
|
09-May-1995 |
dg |
Replaced some bcopy()'s with memcpy()'s so that gcc while inline/optimize.
|
#
7090 |
|
16-Mar-1995 |
bde |
Add and move declarations to fix all of the warnings from `gcc -Wimplicit' (except in netccitt, netiso and netns) and most of the warnings from `gcc -Wnested-externs'. Fix all the bugs found. There were no serious ones.
|
#
5099 |
|
13-Dec-1994 |
wollman |
Add support for two separate cloning flags, one set by the lower layers, and one set by the protocol family. Also add another parameter to rtalloc1() to allow for any interface flags to be ignored; currently this is only useful for RTF_PRCLONING. Get rid of rt_prflags and re-unite with rt_flags. Add T/TCP ``route metrics''.
NB: YOU MUST RECOMPILE `route' AND OTHER RELATED PROGRAMS AS A RESULT OF THIS CHANGE.
This also adds a new interface parameter, `ifi_physical', which will eventually replace IFF_ALTPHYS as the mechanism for specifying the particular physical connection desired on a multiple-connection card.
NB: YOU MUST RECOMPILE `ifconfig' AND OTHER RELATED PROGRAMS AS A RESULT OF THIS CHANGE.
|
#
4796 |
|
24-Nov-1994 |
dg |
Moved conversion of ether_type to host byte order out of ethernet drivers and into ether_input(). It was silly to have bpf want this one way and ether_input want it another way. Ripped out trailer support from the few remaining drivers that still had it.
|
#
3514 |
|
11-Oct-1994 |
wollman |
Fix a bug which caused panics when attempting to change just the flags of a route. (This still doesn't work, but it doesn't panic now.) It looks like there may be a number of incipient bugs in this code.
Also, get ready for the time when all IP gateway routes are cloning, which is necessary to keep proper TCP statistics.
|
#
1817 |
|
02-Aug-1994 |
dg |
Added $Id$
|
#
1542 |
|
24-May-1994 |
rgrimes |
This commit was generated by cvs2svn to compensate for changes in r1541, which included commits to RCS files with non-trunk default branches.
|
#
1541 |
|
24-May-1994 |
rgrimes |
BSD 4.4 Lite Kernel Sources
|