#
b925d719 |
|
07-May-2024 |
Gleb Smirnoff <glebius@FreeBSD.org> |
sockets: garbage collect PRCOREQUESTS and stale comment The code deleted predates FreeBSD history. The comment deleted is 99% outdated. Why KAME decided to use these constants instead of normal ones also lost in centuries.
|
#
f7c4d12b |
|
08-Apr-2024 |
Gleb Smirnoff <glebius@FreeBSD.org> |
icmp: correct the assertion that checks limit + jitter Fixes: 4399e055ea610cdefa1470ad1ee614dd81ba5e56
|
#
60d8dbbe |
|
18-Jan-2024 |
Kristof Provost <kp@FreeBSD.org> |
netinet: add a probe point for IP, IP6, ICMP, ICMP6, UDP and TCP stats counters When debugging network issues one common clue is an unexpectedly incrementing error counter. This is helpful, in that it gives us an idea of what might be going wrong, but often these counters may be incremented in different functions. Add a static probe point for them so that we can use dtrace to get futher information (e.g. a stack trace). For example: dtrace -n 'mib:ip:count: { printf("%d", arg0); stack(); }' This can be disabled by setting the following kernel option: options KDTRACE_NO_MIB_SDT Reviewed by: gallatin, tuexen (previous version), gnn (previous version) Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D43504
|
#
4399e055 |
|
24-Mar-2024 |
Gleb Smirnoff <glebius@FreeBSD.org> |
icmp: allow zero value for ICMP limits Zero means limit is disabled, so the value doesn't need to be checked against jitter value. Fixes: ac44739fd834f51cacb26485a4140fd482e20150 Fixes: a03aff88a14448c3084a0384082ec996d7213897
|
#
a03aff88 |
|
24-Mar-2024 |
Gleb Smirnoff <glebius@FreeBSD.org> |
icmp6: bring rate limiting on a par with IPv4 Use counter_ratecheck() instead of racy and slow ppsratecheck. Use a separate counter for every currently known type of ICMPv6. Provide logging of ratelimit events. Provide jitter to counter open UDP port detection. Reviewed by: tuexen, zlei Differential Revision: https://reviews.freebsd.org/D44482
|
#
4f96be33 |
|
24-Mar-2024 |
Gleb Smirnoff <glebius@FreeBSD.org> |
icmp6: move ICMPv6 related tunables to the files where they are used Most of them can be declared as static after the move out of in6_proto.c. Keeping sysctl(9) declarations with their text descriptions next to the variable declaration create self-documenting code. There should be no functional changes. Differential Revision: https://reviews.freebsd.org/D44481
|
#
32aeee8c |
|
24-Mar-2024 |
Gleb Smirnoff <glebius@FreeBSD.org> |
icmp6: rate limit our echo replies The generation of ICMP6_ECHO_REPLY bypasses icmp6_error(), thus rate limit was not applied. Reviewed by: tuexen, zlei Differential Revision: https://reviews.freebsd.org/D44480
|
#
c6c96aab |
|
24-Mar-2024 |
Gleb Smirnoff <glebius@FreeBSD.org> |
icmp6: make icmp6_ratelimit() responsible to update the stats counter Reviewed by: tuexen Differential Revision: https://reviews.freebsd.org/D44479
|
#
29363fb4 |
|
23-Nov-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Remove ancient SCCS tags. Remove ancient SCCS tags from the tree, automated scripting, with two minor fixup to keep things compiling. All the common forms in the tree were removed with a perl script. Sponsored by: Netflix
|
#
685dc743 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Remove $FreeBSD$: one-line .c pattern Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
#
aa71d6b4 |
|
13-Mar-2023 |
Mark Johnston <markj@FreeBSD.org> |
netinet: Disallow unspecified addresses in ICMP-embedded packets Reported by: glebius Reported by: syzbot+981c528ccb5c5534dffc@syzkaller.appspotmail.com Reviewed by: tuexen, glebius MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D38936
|
#
3d0d5b21 |
|
23-Jan-2023 |
Justin Hibbits <jhibbits@FreeBSD.org> |
IfAPI: Explicitly include <net/if_private.h> in netstack Summary: In preparation of making if_t completely opaque outside of the netstack, explicitly include the header. <net/if_var.h> will stop including the header in the future. Sponsored by: Juniper Networks, Inc. Reviewed by: glebius, melifaro Differential Revision: https://reviews.freebsd.org/D38200
|
#
a974702e |
|
07-Oct-2022 |
Kristof Provost <kp@FreeBSD.org> |
pf: apply the network stack's ICMP rate limiting to ICMP errors sent by pf PR: 266477 Event: Aberdeen Hackathon 2022 Differential Revision: https://reviews.freebsd.org/D36903
|
#
fcb3f813 |
|
03-Oct-2022 |
Gleb Smirnoff <glebius@FreeBSD.org> |
netinet*: remove PRC_ constants and streamline ICMP processing In the original design of the network stack from the protocol control input method pr_ctlinput was used notify the protocols about two very different kinds of events: internal system events and receival of an ICMP messages from outside. These events were coded with PRC_ codes. Today these methods are removed from the protosw(9) and are isolated to IPv4 and IPv6 stacks and are called only from icmp*_input(). The PRC_ codes now just create a shim layer between ICMP codes and errors or actions taken by protocols. - Change ipproto_ctlinput_t to pass just pointer to ICMP header. This allows protocols to not deduct it from the internal IP header. - Change ip6proto_ctlinput_t to pass just struct ip6ctlparam pointer. It has all the information needed to the protocols. In the structure, change ip6c_finaldst fields to sockaddr_in6. The reason is that icmp6_input() already has this address wrapped in sockaddr, and the protocols want this address as sockaddr. - For UDP tunneling control input, as well as for IPSEC control input, change the prototypes to accept a transparent union of either ICMP header pointer or struct ip6ctlparam pointer. - In icmp_input() and icmp6_input() do only validation of ICMP header and count bad packets. The translation of ICMP codes to errors/actions is done by protocols. - Provide icmp_errmap() and icmp6_errmap() as substitute to inetctlerrmap, inet6ctlerrmap arrays. - In protocol ctlinput methods either trust what icmp_errmap() recommend, or do our own logic based on the ICMP header. Differential revision: https://reviews.freebsd.org/D36731
|
#
43d39ca7 |
|
03-Oct-2022 |
Gleb Smirnoff <glebius@FreeBSD.org> |
netinet*: de-void control input IP protocol methods After decoupling of protosw(9) and IP wire protocols in 78b1fc05b205 for IPv4 we got vector ip_ctlprotox[] that is executed only and only from icmp_input() and respectively for IPv6 we got ip6_ctlprotox[] executed only and only from icmp6_input(). This allows to use protocol specific argument types in these methods instead of struct sockaddr and void. Reviewed by: melifaro Differential revision: https://reviews.freebsd.org/D36727
|
#
46ddeb6b |
|
03-Oct-2022 |
Gleb Smirnoff <glebius@FreeBSD.org> |
netinet6: retire ip6protosw.h The netinet/ipprotosw.h and netinet6/ip6protosw.h were KAME relics, with the former removed in f0ffb944d25 in 2001 and the latter survived until today. It has been reduced down to only one useful declaration that moves to ip6_var.h Reviewed by: melifaro Differential revision: https://reviews.freebsd.org/D36726
|
#
b730de8b |
|
17-Aug-2022 |
Gleb Smirnoff <glebius@FreeBSD.org> |
mld6: use callout(9) directly instead of pr_slowtimo, pr_fasttimo While here remove recursive network epoch entry in mld_fasttimo_vnet(), as this function is already in epoch. Reviewed by: melifaro Differential revision: https://reviews.freebsd.org/D36161
|
#
78b1fc05 |
|
17-Aug-2022 |
Gleb Smirnoff <glebius@FreeBSD.org> |
protosw: separate pr_input and pr_ctlinput out of protosw The protosw KPI historically has implemented two quite orthogonal things: protocols that implement a certain kind of socket, and protocols that are IPv4/IPv6 protocol. These two things do not make one-to-one correspondence. The pr_input and pr_ctlinput methods were utilized only in IP protocols. This strange duality required IP protocols that doesn't have a socket to declare protosw, e.g. carp(4). On the other hand developers of socket protocols thought that they need to define pr_input/pr_ctlinput always, which lead to strange dead code, e.g. div_input() or sdp_ctlinput(). With this change pr_input and pr_ctlinput as part of protosw disappear and IPv4/IPv6 get their private single level protocol switch table ip_protox[] and ip6_protox[] respectively, pointing at array of ipproto_input_t functions. The pr_ctlinput that was used for control input coming from the network (ICMP, ICMPv6) is now represented by ip_ctlprotox[] and ip6_ctlprotox[]. ipproto_register() becomes the only official way to register in the table. Those protocols that were always static and unlikely anybody is interested in making them loadable, are now registered by ip_init(), ip6_init(). An IP protocol that considers itself unloadable shall register itself within its own private SYSINIT(). Reviewed by: tuexen, melifaro Differential revision: https://reviews.freebsd.org/D36157
|
#
948f31d7 |
|
12-Aug-2022 |
Gleb Smirnoff <glebius@FreeBSD.org> |
netinet: do not broadcast PRC_REDIRECT_HOST on ICMP redirect This is expensive and useless call. It has been useless since Alexander melifaro@ moved the forwarding table to nexthops with passive invalidation. What happens now is that cached route in a inpcb would get invalidated on next ip_output(). These were the last users of pfctlinput(), so garbage collect it. Reviewed by: melifaro Differential revision: https://reviews.freebsd.org/D36156
|
#
82042465 |
|
20-Jul-2022 |
Kornel Dulęba <kd@FreeBSD.org> |
icmp6: Improve validation of PMTU Currently we accept any pmtu between IPV6_MMTU(1280B) and the link mtu. In some network topologies could allow a bad actor to perform a DOS attack. Contrary to IPv4 in IPv6 oversized packets are dropped, and a ICMP PACKET_TOO_BIG message is sent back to the sender. After receiving an ICMPv6 packet with pmtu bigger than the current one the victim will start sending frames that will be dropped a router with reduced MTU. Although it will eventually receive another message with correct pmtu, an attacker can still just inject their spoofed packets frequently enough to overwrite the correct value. This issue is described in detail in RFC8201, section 6. Fix this by checking the current pmtu, and accepting the new one only if it's smaller. Approved by: mw(mentor) Reviewed by: tuexen MFC after: 1 week Sponsored by: Stormshield Obtained from: Semihalf Differential Revision: https://reviews.freebsd.org/D35871
|
#
db0ac6de |
|
02-Dec-2021 |
Cy Schubert <cy@FreeBSD.org> |
Revert "wpa: Import wpa_supplicant/hostapd commit 14ab4a816" This reverts commit 266f97b5e9a7958e365e78288616a459b40d924a, reversing changes made to a10253cffea84c0c980a36ba6776b00ed96c3e3b. A mismerge of a merge to catch up to main resulted in files being committed which should not have been.
|
#
de2d4784 |
|
02-Dec-2021 |
Gleb Smirnoff <glebius@FreeBSD.org> |
SMR protection for inpcbs With introduction of epoch(9) synchronization to network stack the inpcb database became protected by the network epoch together with static network data (interfaces, addresses, etc). However, inpcb aren't static in nature, they are created and destroyed all the time, which creates some traffic on the epoch(9) garbage collector. Fairly new feature of uma(9) - Safe Memory Reclamation allows to safely free memory in page-sized batches, with virtually zero overhead compared to uma_zfree(). However, unlike epoch(9), it puts stricter requirement on the access to the protected memory, needing the critical(9) section to access it. Details: - The database is already build on CK lists, thanks to epoch(9). - For write access nothing is changed. - For a lookup in the database SMR section is now required. Once the desired inpcb is found we need to transition from SMR section to r/w lock on the inpcb itself, with a check that inpcb isn't yet freed. This requires some compexity, since SMR section itself is a critical(9) section. The complexity is hidden from KPI users in inp_smr_lock(). - For a inpcb list traversal (a pcblist sysctl, or broadcast notification) also a new KPI is provided, that hides internals of the database - inp_next(struct inp_iterator *). Reviewed by: rrs Differential revision: https://reviews.freebsd.org/D33022
|
#
c541bd36 |
|
21-Aug-2021 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
lltable: Add support for "child" LLEs holding encap for IPv4oIPv6 entries. Currently we use pre-calculated headers inside LLE entries as prepend data for `if_output` functions. Using these headers allows saving some CPU cycles/memory accesses on the fast path. However, this approach makes adding L2 header for IPv4 traffic with IPv6 nexthops more complex, as it is not possible to store multiple pre-calculated headers inside lle. Additionally, the solution space is limited by the fact that PCB caching saves LLEs in addition to the nexthop. Thus, add support for creating special "child" LLEs for the purpose of holding custom family encaps and store mbufs pending resolution. To simplify handling of those LLEs, store them in a linked-list inside a "parent" (e.g. normal) LLE. Such LLEs are not visible when iterating LLE table. Their lifecycle is bound to the "parent" LLE - it is not possible to delete "child" when parent is alive. Furthermore, "child" LLEs are static (RTF_STATIC), avoding complex state machine used by the standard LLEs. nd6_lookup() and nd6_resolve() now accepts an additional argument, family, allowing to return such child LLEs. This change uses `LLE_SF()` macro which packs family and flags in a single int field. This is done to simplify merging back to stable/. Once this code lands, most of the cases will be converted to use a dedicated `family` parameter. Differential Revision: https://reviews.freebsd.org/D31379 MFC after: 2 weeks
|
#
7045b160 |
|
28-Jul-2021 |
Roy Marples <roy@marples.name> |
socket: Implement SO_RERROR SO_RERROR indicates that receive buffer overflows should be handled as errors. Historically receive buffer overflows have been ignored and programs could not tell if they missed messages or messages had been truncated because of overflows. Since programs historically do not expect to get receive overflow errors, this behavior is not the default. This is really really important for programs that use route(4) to keep in sync with the system. If we loose a message then we need to reload the full system state, otherwise the behaviour from that point is undefined and can lead to chasing bogus bug reports. Reviewed by: philip (network), kbowling (transport), gbe (manpages) MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D26652
|
#
8268d82c |
|
15-Feb-2021 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Remove per-packet ifa refcounting from IPv6 fast path. Currently ip6_input() calls in6ifa_ifwithaddr() for every local packet, in order to check if the target ip belongs to the local ifa in proper state and increase its counters. in6ifa_ifwithaddr() references found ifa. With epoch changes, both `ip6_input()` and all other current callers of `in6ifa_ifwithaddr()` do not need this reference anymore, as epoch provides stability guarantee. Given that, update `in6ifa_ifwithaddr()` to allow it to return ifa without referencing it, while preserving option for getting referenced ifa if so desired. MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D28648
|
#
605284b8 |
|
13-Feb-2021 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Enforce net epoch in in6_selectsrc(). in6_selectsrc() may call fib6_lookup() in some cases, which requires epoch. Wrap in6_selectsrc* calls into epoch inside its users. Mark it as requiring epoch by adding NET_EPOCH_ASSERT(). MFC after: 1 weeek Differential Revision: https://reviews.freebsd.org/D28647
|
#
924d1c9a |
|
08-Feb-2021 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Revert "SO_RERROR indicates that receive buffer overflows should be handled as errors." Wrong version of the change was pushed inadvertenly. This reverts commit 4a01b854ca5c2e5124958363b3326708b913af71.
|
#
4a01b854 |
|
07-Feb-2021 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
SO_RERROR indicates that receive buffer overflows should be handled as errors. Historically receive buffer overflows have been ignored and programs could not tell if they missed messages or messages had been truncated because of overflows. Since programs historically do not expect to get receive overflow errors, this behavior is not the default. This is really really important for programs that use route(4) to keep in sync with the system. If we loose a message then we need to reload the full system state, otherwise the behaviour from that point is undefined and can lead to chasing bogus bug reports.
|
#
d9999ae9 |
|
28-Oct-2020 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Fix use-after-free in icmp6_notify_error(). Reported by: Maxime Villard <max at m00nbsd.net> Reviewed by: markj MFC after: 3 days
|
#
4caea9b1 |
|
19-Oct-2020 |
Mark Johnston <markj@FreeBSD.org> |
icmp6: Count packets dropped due to an invalid hop limit Pad the icmp6stat structure so that we can add more counters in the future without breaking compatibility again, last done in r358620. Annotate the rarely executed error paths with __predict_false while here. Reviewed by: bz, melifaro Sponsored by: NetApp, Inc. Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D26578
|
#
eddfb2e8 |
|
03-Jul-2020 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Fix IPv6 regression introduced by r362900. PR: kern/247729
|
#
6ad7446c |
|
02-Jul-2020 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Complete conversions from fib<4|6>_lookup_nh_<basic|ext> to fib<4|6>_lookup(). fib[46]_lookup_nh_ represents pre-epoch generation of fib api, providing less guarantees over pointer validness and requiring on-stack data copying. With no callers remaining, remove fib[46]_lookup_nh_ functions. Submitted by: Neel Chauhan <neel AT neelc DOT org> Differential Revision: https://reviews.freebsd.org/D25445
|
#
da187ddb |
|
01-Jun-2020 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
* Add rib_<add|del|change>_route() functions to manipulate the routing table. The main driver for the change is the need to improve notification mechanism. Currently callers guess the operation data based on the rtentry structure returned in case of successful operation result. There are two problems with this appoach. First is that it doesn't provide enough information for the upcoming multipath changes, where rtentry refers to a new nexthop group, and there is no way of guessing which paths were added during the change. Second is that some rtentry fields can change during notification and protecting from it by requiring customers to unlock rtentry is not desired. Additionally, as the consumers such as rtsock do know which operation they request in advance, making explicit add/change/del versions of the functions makes sense, especially given the functions don't share a lot of code. With that in mind, introduce rib_cmd_info notification structure and rib_<add|del|change>_route() functions, with mandatory rib_cmd_info pointer. It will be used in upcoming generalized notifications. * Move definitions of the new functions and some other functions/structures used for the routing table manipulation to a separate header file, net/route/route_ctl.h. net/route.h is a frequently used file included in ~140 places in kernel, and 90% of the users don't need these definitions. Reviewed by: ae Differential Revision: https://reviews.freebsd.org/D25067
|
#
e7403d02 |
|
01-Jun-2020 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Revert r361704, it accidentally committed merged D25067 and D25070.
|
#
79674562 |
|
01-Jun-2020 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
* Add rib_<add|del|change>_route() functions to manipulate the routing table. The main driver for the change is the need to improve notification mechanism. Currently callers guess the operation data based on the rtentry structure returned in case of successful operation result. There are two problems with this appoach. First is that it doesn't provide enough information for the upcoming multipath changes, where rtentry refers to a new nexthop group, and there is no way of guessing which paths were added during the change. Second is that some rtentry fields can change during notification and protecting from it by requiring customers to unlock rtentry is not desired. Additionally, as the consumers such as rtsock do know which operation they request in advance, making explicit add/change/del versions of the functions makes sense, especially given the functions don't share a lot of code. With that in mind, introduce rib_cmd_info notification structure and rib_<add|del|change>_route() functions, with mandatory rib_cmd_info pointer. It will be used in upcoming generalized notifications. * Move definitions of the new functions and some other functions/structures used for the routing table manipulation to a separate header file, net/route/route_ctl.h. net/route.h is a frequently used file included in ~140 places in kernel, and 90% of the users don't need these definitions. Reviewed by: ae Differential Revision: https://reviews.freebsd.org/D25067
|
#
a37a5246 |
|
28-May-2020 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Use fib[46]_lookup() in mtu calculations. fib[46]_lookup_nh_ represents pre-epoch generation of fib api, providing less guarantees over pointer validness and requiring on-stack data copying. Conversion is straight-forwarded, as the only 2 differences are requirement of running in network epoch and the need to handle RTF_GATEWAY case in the caller code. Differential Revision: https://reviews.freebsd.org/D24974
|
#
9ac7c6cf |
|
14-Apr-2020 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Convert IP/IPv6 forwarding, ICMP processing and IP PCB laddr selection to the new routing KPI. Reviewed by: ae Differential Revision: https://reviews.freebsd.org/D24245
|
#
34a5582c |
|
22-Jan-2020 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Bring back redirect route expiration. Redirect (and temporal) route expiration was broken a while ago. This change brings route expiration back, with unified IPv4/IPv6 handling code. It introduces net.inet.icmp.redirtimeout sysctl, allowing to set an expiration time for redirected routes. It defaults to 10 minutes, analogues with net.inet6.icmp6.redirtimeout. Implementation uses separate file, route_temporal.c, as route.c is already bloated with tons of different functions. Internally, expiration is implemented as an per-rnh callout scheduled when route with non-zero rt_expire time is added or rt_expire is changed. It does not add any overhead when no temporal routes are present. Callout traverses entire routing tree under wlock, scheduling expired routes for deletion and calculating the next time it needs to be run. The rationale for such implemention is the following: typically workloads requiring large amount of routes have redirects turned off already, while the systems with small amount of routes will not inhibit large overhead during tree traversal. This changes also fixes netstat -rn display of route expiration time, which has been broken since the conversion from kread() to sysctl. Reviewed by: bz MFC after: 3 weeks Differential Revision: https://reviews.freebsd.org/D23075
|
#
0700d2c3 |
|
03-Dec-2019 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Make icmp6_reflect() static. icmp6_reflect() is not used anywhere outside icmp6.c, no reason to export it. Sponsored by: Netflix
|
#
a4adf6cc |
|
30-Nov-2019 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Fix m_pullup() problem after removing PULLDOWN_TESTs and KAME EXT_*macros. r354748-354750 replaced the KAME macros with m_pulldown() calls. Contrary to the rest of the network stack m_len checks before m_pulldown() were not put in placed (see r354748). Put these m_len checks in place for now (to go along with the style of the network stack since the initial commits). These are not put in for performance but to avoid an error scenario (even though it also will help performance at the moment as it avoid allocating an extra mbuf; not because of the unconditional function call). The observed error case went like this: (1) an mbuf with M_EXT arrives and we call m_pullup() unconditionally on it. (2) m_pullup() will call m_get() unless the requested length is larger than MHLEN (in which case it'll m_freem() the perfectly fine mbuf) and migrate the requested length of data and pkthdr into the new mbuf. (3) If m_get() succeeds, a further m_pullup() call going over MHLEN will fail. This was observed with failing auto-configuration as an RA packet of 200 bytes exceeded MHLEN and the m_pullup() called from nd6_ra_input() dropped the mbuf. (Re-)adding the m_len checks before m_pullup() calls avoids this problems with mbufs using external storage for now. MFC after: 3 weeks Sponsored by: Netflix
|
#
32af08ec |
|
18-Nov-2019 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
icmpv6: Fix mbuf change in mld After r354748 mld_input() can change the mbuf. The new pointer is never returned to icmp6_input() and when passed to icmp6_rip6_input() the mbuf may no longer valid leading to a panic. Pass a pointer to the mbuf to mld_input() so we can return an updated version in the non-error case. Add a test sending an MLD packet case which will trigger this bug. Pointyhat to: bz Reported by: gallatin, thj MFC After: 2 weeks X-MFC with: r354748 Sponsored by: Netflix
|
#
a61b5cfb |
|
15-Nov-2019 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
netinet6: Remove PULLDOWN_TESTs. Remove the KAME introduced PULLDOWN_TESTs which did not even have a compile-time option in sys/conf to turn them on for a custom kernel build. They made the code a lot harder to read or more complicated in a few cases. Convert the IP6_EXTHDR_CHECK() calls into FreeBSD looking code. Rather than throwing the packet away if it would not fit the KAME mbuf expectations, convert the macros to m_pullup() calls. Do not do any extra manual conditional checks upfront as to whether the m_len would suffice (*), simply let m_pullup() do its work (incl. an early check). Remove extra m_pullup() calls where earlier in the function or the only caller has already done the pullup. Discussed with: rwatson (*) Reviewed by: ae MFC after: 8 weeks Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D22334
|
#
a8fe77d8 |
|
12-Nov-2019 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
netinet*: update *mp to pass the proper value back In ip6_[direct_]input() we are looping over the extension headers to deal with the next header. We pass a pointer to an mbuf pointer to the handling functions. In certain cases the mbuf can be updated there and we need to pass the new one back. That missing in dest6_input() and route6_input(). In tcp6_input() we should also update it before we call tcp_input(). In addition to that mark the mbuf NULL all the times when we return that we are done with handling the packet and no next header should be checked (IPPROTO_DONE). This will eventually allow us to assert proper behaviour and catch the above kind of errors more easily, expecting *mp to always be set. This change is extracted from a larger patch and not an exhaustive change across the entire stack yet. PR: 240135 Reported by: prabhakar.lakhera gmail.com MFC after: 3 weeks Sponsored by: Netflix
|
#
cf377af6 |
|
07-Nov-2019 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Remove unnecessary recursive epoch enter via INP_INFO_RLOCK macro in icmp6_rip6_input(). It shall always run in the network epoch.
|
#
503f4e47 |
|
07-Nov-2019 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
netinet*: variable cleanup In preparation for another change factor out various variable cleanups. These mainly include: (1) do not assign values to variables during declaration: this makes the code more readable and does allow for better grouping of variable declarations, (2) do not assign values to variables before need; e.g., if a variable is only used in the 2nd half of a function and we have multiple return paths before that, then do not set it before it is needed, and (3) try to avoid assigning the same value multiple times. MFC after: 3 weeks Sponsored by: Netflix
|
#
b8a6e03f |
|
07-Oct-2019 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Widen NET_EPOCH coverage. When epoch(9) was introduced to network stack, it was basically dropped in place of existing locking, which was mutexes and rwlocks. For the sake of performance mutex covered areas were as small as possible, so became epoch covered areas. However, epoch doesn't introduce any contention, it just delays memory reclaim. So, there is no point to minimise epoch covered areas in sense of performance. Meanwhile entering/exiting epoch also has non-zero CPU usage, so doing this less often is a win. Not the least is also code maintainability. In the new paradigm we can assume that at any stage of processing a packet, we are inside network epoch. This makes coding both input and output path way easier. On output path we already enter epoch quite early - in the ip_output(), in the ip6_output(). This patch does the same for the input path. All ISR processing, network related callouts, other ways of packet injection to the network stack shall be performed in net_epoch. Any leaf function that walks network configuration now asserts epoch. Tricky part is configuration code paths - ioctls, sysctls. They also call into leaf functions, so some need to be changed. This patch would introduce more epoch recursions (see EPOCH_TRACE) than we had before. They will be cleaned up separately, as several of them aren't trivial. Note, that unlike a lock recursion the epoch recursion is safe and just wastes a bit of resources. Reviewed by: gallatin, hselasky, cy, adrian, kristof Differential Revision: https://reviews.freebsd.org/D19111
|
#
0ecd976e |
|
02-Aug-2019 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
IPv6 cleanup: kernel Finish what was started a few years ago and harmonize IPv6 and IPv4 kernel names. We are down to very few places now that it is feasible to do the change for everything remaining with causing too much disturbance. Remove "aliases" for IPv6 names which confusingly could indicate that we are talking about a different data structure or field or have two fields, one for each address family. Try to follow common conventions used in FreeBSD. * Rename sin6p to sin6 as that is how it is spelt in most places. * Remove "aliases" (#defines) for: - in6pcb which really is an inpcb and nothing separate - sotoin6pcb which is sotoinpcb (as per above) - in6p_sp which is inp_sp - in6p_flowinfo which is inp_flow * Try to use ia6 for in6_addr rather than in6p. * With all these gone also rename the in6p variables to inp as that is what we call it in most of the network stack including parts of netinet6. The reasons behind this cleanup are that we try to further unify netinet and netinet6 code where possible and that people will less ignore one or the other protocol family when doing code changes as they may not have spotted places due to different names for the same thing. No functional changes. Discussed with: tuexen (SCTP changes) MFC after: 3 months Sponsored by: Netflix
|
#
7460ef5d |
|
16-May-2019 |
Hiroki Sato <hrs@FreeBSD.org> |
Fix hostname to be returned in an ICMPv6 NI Reply message defined in RFC 4620, ICMPv6 Node Information Queries. A vnet jail with an IPv6 address sent a hostname of the host environment, not the jail, even if another hostname was set to the jail. This change can be tested by the following commands: # ifconfig epair0 create # jail -c -n j1 vnet host.hostname=vnetjail path=/ persist # ifconfig epair0b vnet j1 # ifconfig epair0a inet6 -ifdisabled auto_linklocal up # jexec j1 ifconfig epair0b inet6 -ifdisabled auto_linklocal up # ping6 -w ff02::1%epair0a Differential Revision: https://reviews.freebsd.org/D20207 MFC after: 1 week
|
#
a68cc388 |
|
08-Jan-2019 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Mechanical cleanup of epoch(9) usage in network stack. - Remove macros that covertly create epoch_tracker on thread stack. Such macros a quite unsafe, e.g. will produce a buggy code if same macro is used in embedded scopes. Explicitly declare epoch_tracker always. - Unmask interface list IFNET_RLOCK_NOSLEEP(), interface address list IF_ADDR_RLOCK() and interface AF specific data IF_AFDATA_RLOCK() read locking macros to what they actually are - the net_epoch. Keeping them as is is very misleading. They all are named FOO_RLOCK(), while they no longer have lock semantics. Now they allow recursion and what's more important they now no longer guarantee protection against their companion WLOCK macros. Note: INP_HASH_RLOCK() has same problems, but not touched by this commit. This is non functional mechanical change. The only functionally changed functions are ni6_addrs() and ni6_store_addrs(), where we no longer enter epoch recursively. Discussed with: jtl, gallatin
|
#
6675bee8 |
|
20-Sep-2018 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
In icmp6_rip6_input(), once we have a lock, make sure the inp is not freed. This can happen since the list traversal and locking was converted to epoch(9). If the inp is marked "freed", skip it. This prevents a NULL pointer deref panic in ip6_savecontrol_v4() trying to access the socket hanging off the inp, which was gone by the time we got there. Reported by: andrew Tested by: andrew Approved by: re (gjb)
|
#
5f901c92 |
|
24-Jul-2018 |
Andrew Turner <andrew@FreeBSD.org> |
Use the new VNET_DEFINE_STATIC macro when we are defining static VNET variables. Reviewed by: bz Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D16147
|
#
6573d758 |
|
03-Jul-2018 |
Matt Macy <mmacy@FreeBSD.org> |
epoch(9): allow preemptible epochs to compose - Add tracker argument to preemptible epochs - Inline epoch read path in kernel and tied modules - Change in_epoch to take an epoch as argument - Simplify tfb_tcp_do_segment to not take a ti_locked argument, there's no longer any benefit to dropping the pcbinfo lock and trying to do so just adds an error prone branchfest to these functions - Remove cases of same function recursion on the epoch as recursing is no longer free. - Remove the the TAILQ_ENTRY and epoch_section from struct thread as the tracker field is now stack or heap allocated as appropriate. Tested by: pho and Limelight Networks Reviewed by: kbowling at llnw dot com Sponsored by: Limelight Networks Differential Revision: https://reviews.freebsd.org/D16066
|
#
b872626d |
|
12-Jun-2018 |
Matt Macy <mmacy@FreeBSD.org> |
mechanical CK macro conversion of inpcbinfo lists This is a dependency for converting the inpcbinfo hash and info rlocks to epoch.
|
#
4f6c66cc |
|
23-May-2018 |
Matt Macy <mmacy@FreeBSD.org> |
UDP: further performance improvements on tx Cumulative throughput while running 64 netperf -H $DUT -t UDP_STREAM -- -m 1 on a 2x8x2 SKL went from 1.1Mpps to 2.5Mpps Single stream throughput increases from 910kpps to 1.18Mpps Baseline: https://people.freebsd.org/~mmacy/2018.05.11/udpsender2.svg - Protect read access to global ifnet list with epoch https://people.freebsd.org/~mmacy/2018.05.11/udpsender3.svg - Protect short lived ifaddr references with epoch https://people.freebsd.org/~mmacy/2018.05.11/udpsender4.svg - Convert if_afdata read lock path to epoch https://people.freebsd.org/~mmacy/2018.05.11/udpsender5.svg A fix for the inpcbhash contention is pending sufficient time on a canary at LLNW. Reviewed by: gallatin Sponsored by: Limelight Networks Differential Revision: https://reviews.freebsd.org/D15409
|
#
d7c5a620 |
|
18-May-2018 |
Matt Macy <mmacy@FreeBSD.org> |
ifnet: Replace if_addr_lock rwlock with epoch + mutex Run on LLNW canaries and tested by pho@ gallatin: Using a 14-core, 28-HTT single socket E5-2697 v3 with a 40GbE MLX5 based ConnectX 4-LX NIC, I see an almost 12% improvement in received packet rate, and a larger improvement in bytes delivered all the way to userspace. When the host receiving 64 streams of netperf -H $DUT -t UDP_STREAM -- -m 1, I see, using nstat -I mce0 1 before the patch: InMpps OMpps InGbs OGbs err TCP Est %CPU syscalls csw irq GBfree 4.98 0.00 4.42 0.00 4235592 33 83.80 4720653 2149771 1235 247.32 4.73 0.00 4.20 0.00 4025260 33 82.99 4724900 2139833 1204 247.32 4.72 0.00 4.20 0.00 4035252 33 82.14 4719162 2132023 1264 247.32 4.71 0.00 4.21 0.00 4073206 33 83.68 4744973 2123317 1347 247.32 4.72 0.00 4.21 0.00 4061118 33 80.82 4713615 2188091 1490 247.32 4.72 0.00 4.21 0.00 4051675 33 85.29 4727399 2109011 1205 247.32 4.73 0.00 4.21 0.00 4039056 33 84.65 4724735 2102603 1053 247.32 After the patch InMpps OMpps InGbs OGbs err TCP Est %CPU syscalls csw irq GBfree 5.43 0.00 4.20 0.00 3313143 33 84.96 5434214 1900162 2656 245.51 5.43 0.00 4.20 0.00 3308527 33 85.24 5439695 1809382 2521 245.51 5.42 0.00 4.19 0.00 3316778 33 87.54 5416028 1805835 2256 245.51 5.42 0.00 4.19 0.00 3317673 33 90.44 5426044 1763056 2332 245.51 5.42 0.00 4.19 0.00 3314839 33 88.11 5435732 1792218 2499 245.52 5.44 0.00 4.19 0.00 3293228 33 91.84 5426301 1668597 2121 245.52 Similarly, netperf reports 230Mb/s before the patch, and 270Mb/s after the patch Reviewed by: gallatin Sponsored by: Limelight Networks Differential Revision: https://reviews.freebsd.org/D15366
|
#
849eeaa5 |
|
22-Apr-2018 |
Andrey V. Elsukov <ae@FreeBSD.org> |
icmp6_reflect() sends ICMPv6 message with new IPv6 header. So, it is considered as originated by our host packet. And thus rcvif should be NULL, since it is used by ipfw(4) to determine that packet was originated from this host. Some of icmp6_reflect() consumers reuse mbuf and m_pkthdr without resetting rcvif pointer. To avoid this always reset m_pkthdr.rcvif pointer to NULL in icmp6_reflect(). Also remove such line and comment describing this from icmp6_error(), since it does not longer matters. PR: 227674 Reported by: eugen MFC after: 1 week
|
#
c187c034 |
|
23-Mar-2018 |
Jonathan T. Looney <jtl@FreeBSD.org> |
Remove some unneccessary variable sets in IPv6 code, as detected by clang's static analyzer. Reviewed by: bz MFC after: 2 weeks Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D10940
|
#
43105e58 |
|
08-Feb-2018 |
Eric van Gyzen <vangyzen@FreeBSD.org> |
Fix ICMPv6 redirects icmp6_redirect_input() validates that a redirect packet came from the current gateway for the respective destination. To do this, it compares the source address, which has an embedded scope zone id, to the next-hop address, which does not. If the address is link-local, which should be the case, the comparison fails and the redirect is ignored. Insert the scope zone id into the next-hop address so the comparison is accurate. Unsurprisingly, this fixes 35 UNH IPv6 conformance test cases. Submitted by: Farrell Woods <Farrell_Woods@Dell.com> (initial revision) Reviewed by: ae melifaro dab MFC after: 1 week Relnotes: yes Sponsored by: Dell EMC Differential Revision: https://reviews.freebsd.org/D14254
|
#
a4061289 |
|
14-Dec-2017 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Follow the RFC6980 and silently ignore following IPv6 NDP messages that had the IPv6 fragmentation header: o Neighbor Solicitation o Neighbor Advertisement o Router Solicitation o Router Advertisement o Redirect Introduce M_FRAGMENTED mbuf flag, and set it after IPv6 fragment reassembly is completed. Then check the presence of this flag in correspondig ND6 handling routines. PR: 224247 MFC after: 2 weeks
|
#
51369649 |
|
20-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
sys: further adoption of SPDX licensing ID tags. Mainly focus on files that use BSD 3-Clause license. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. Special thanks to Wind River for providing access to "The Duke of Highlander" tool: an older (2014) run over FreeBSD tree was useful as a starting point.
|
#
fb043945 |
|
30-May-2017 |
Jonathan T. Looney <jtl@FreeBSD.org> |
Fix two places in the ICMP6 code where we could dereference a NULL pointer in the icmp6_input() function. When processing an ICMP6_ECHO_REQUEST, if IP6_EXTHDR_GET fails, it will set nicmp6 and n to NULL. Therefore, we should condition our modification to nicmp6 on n being not NULL. And, when processing an ICMP6_WRUREQUEST in the (mode != FQDN) case, if m_dup_pkthdr() fails, the code will set n to NULL. However, the very next line dereferences n. Therefore, when m_dup_pkthdr() fails, we should discontinue further processing and follow the same path as when m_gethdr() fails. Reported by: clang static analyzer Reviewed by: ae MFC after: 2 weeks Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D10941
|
#
559b4296 |
|
17-Mar-2017 |
Alan Somers <asomers@FreeBSD.org> |
Constrain IPv6 routes to single FIBs when net.add_addr_allfibs=0 sys/netinet6/icmp6.c Use the interface's FIB for source address selection in ICMPv6 error responses. sys/netinet6/in6.c In in6_newaddrmsg, announce arrival of local addresses on the interface's FIB only. In in6_lltable_rtcheck, use a per-fib ND6 cache instead of a single cache. sys/netinet6/in6_src.c In in6_selectsrc, use the caller's fib instead of the default fib. In in6_selectsrc_socket, remove a superfluous check. sys/netinet6/nd6.c In nd6_lle_event, use the interface's fib for routing socket messages. In nd6_is_new_addr_neighbor, check all FIBs when trying to determine whether an address is a neighbor. Also, simplify the code for point to point interfaces. sys/netinet6/nd6.h sys/netinet6/nd6.c sys/netinet6/nd6_rtr.c Make defrouter_select fib-aware, and make all of its callers pass in the interface fib. sys/netinet6/nd6_nbr.c When inputting a Neighbor Solicitation packet, consider the interface fib instead of the default fib for DAD. Output NS and Neighbor Advertisement packets on the correct fib. sys/netinet6/nd6_rtr.c Allow installing the same host route on different interfaces in different FIBs. If rt_add_addr_allfibs=0, only install or delete the prefix route on the interface fib. tests/sys/netinet/fibs_test.sh Clear some expected failures, but add a skip for the newly revealed BUG217871. PR: 196361 Submitted by: Erick Turnquist <jhujhiti@adjectivism.org> Reported by: Jason Healy <jhealy@logn.net> Reviewed by: asomers MFC after: 3 weeks Sponsored by: Spectra Logic Corp Differential Revision: https://reviews.freebsd.org/D9451
|
#
fbbd9655 |
|
28-Feb-2017 |
Warner Losh <imp@FreeBSD.org> |
Renumber copyright clause 4 Renumber cluase 4 to 3, per what everybody else did when BSD granted them permission to remove clause 3. My insistance on keeping the same numbering for legal reasons is too pedantic, so give up on that point. Submitted by: Jan Schaumann <jschauma@stevens.edu> Pull Request: https://github.com/freebsd/freebsd/pull/96
|
#
3e146575 |
|
21-Oct-2016 |
Michael Tuexen <tuexen@FreeBSD.org> |
Make ICMPv6 hard error handling for TCP consistent with the ICMPv4 handling. Ensure that: * Protocol unreachable errors are handled by indicating ECONNREFUSED to the TCP user for both IPv4 and IPv6. These were ignored for IPv6. * Communication prohibited errors are handled by indicating ECONNREFUSED to the TCP user for both IPv4 and IPv6. These were ignored for IPv6. * Hop Limited exceeded errors are handled by indicating EHOSTUNREACH to the TCP user for both IPv4 and IPv6. For IPv6 the TCP connected was dropped but errno wasn't set. Reviewed by: gallatin, rrs MFC after: 1 month Sponsored by: Netflix Differential Revision: 7904
|
#
5a03e781 |
|
29-Sep-2016 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Fix bug introduced in r274300. In icmp6_reflect() use original source address of erroneous packet as destination address for source selection algorithm when original destination address is not one of our own. Reported by: Mark Kamichoff <prox at prolixium com> Tested by: Mark Kamichoff <prox at prolixium com> MFC after: 1 week
|
#
2d12d25c |
|
20-Sep-2016 |
Mark Johnston <markj@FreeBSD.org> |
Reduce code duplication around NDP message handlers in icmp6_input(). No functional change intended. MFC after: 2 weeks
|
#
c3bef61e |
|
15-Sep-2016 |
Kevin Lo <kevlo@FreeBSD.org> |
Remove the 4.3BSD compatible macro m_copy(), use m_copym() instead. Reviewed by: gnn Differential Revision: https://reviews.freebsd.org/D7878
|
#
d4c22202 |
|
01-Aug-2016 |
Andrew Gallatin <gallatin@FreeBSD.org> |
Rework IPV6 TCP path MTU discovery to match IPv4 - Re-write tcp_ctlinput6() to closely mimic the IPv4 tcp_ctlinput() - Now that tcp_ctlinput6() updates t_maxseg, we can allow ip6_output() to send TCP packets without looking at the tcp host cache for every single transmit. - Make the icmp6 code mimic the IPv4 code & avoid returning PRC_HOSTDEAD because it is so expensive. Without these changes in place, every TCP6 pmtu discovery or host unreachable ICMP resulted in a call to in6_pcbnotify() which walks the tcbinfo table with the write lock held. Because the tcbinfo table is shared between IPv4 and IPv6, this causes huge scalabilty issues on servers with lots of (~100K) TCP connections, to the point where even a small percent of IPv6 traffic had a disproportionate impact on overall throughput. Reviewed by: bz, rrs, ae (all earlier versions), lstewart (in Netflix's tree) Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D7272
|
#
c81c183d |
|
14-May-2016 |
Mark Johnston <markj@FreeBSD.org> |
Use Node Information flag names instead of hard-coding their values. MFC after: 1 week
|
#
601c0b8b |
|
10-Jan-2016 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Split in6_selectsrc() into in6_selectsrc_addr() and in6_selectsrc_socket(). in6_selectsrc() has 2 class of users: socket-based one (raw/udp/pcb/etc) and socket-less (ND code). The main reason for that change is inability to specify non-default FIB for callers w/o socket since (internally) inpcb is used to determine fib. As as result, add 2 wrappers for in6_selectsrc() (making in6_selectsrc() static): 1) in6_selectsrc_socket() for the former class. Embed scope_ambiguous check along with returning hop limit when needed. 2) in6_selectsrc_addr() for the latter case. Add 'fibnum' argument and pass IPv6 address w/ explicitly specified scope as separate argument. Reviewed by: ae (previous version)
|
#
ab861e6c |
|
10-Jan-2016 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Do not hold ifaddr reference for the whole icmp6_reflect() exec time. Copy source address, calculate hlim and release refcount instead.
|
#
357ce739 |
|
03-Jan-2016 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Remove 'struct route_int6' argument from in6_selectsrc() and in6_selectif(). The main task of in6_selectsrc() is to return IPv6 SAS (along with output interface used for scope checks). No data-path code uses route argument for caching. The only users are icmp6 (reflect code), ND6 ns/na generation code. All this fucntions are control-plane, so there is no reason to try to 'optimize' something by passing cached route into to ip6_output(). Given that, simplify code by eliminating in6_selectsrc() 'struct route_in6' argument. Since in6_selectif() is used only by in6_selectsrc(), eliminate its 'struct route_in6' argument, too. While here, reshape rte-related code inside in6_selectif() to free lookup result immediately after saving all the needed fields.
|
#
4fb3a820 |
|
30-Dec-2015 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Implement interface link header precomputation API. Add if_requestencap() interface method which is capable of calculating various link headers for given interface. Right now there is support for INET/INET6/ARP llheader calculation (IFENCAP_LL type request). Other types are planned to support more complex calculation (L2 multipath lagg nexthops, tunnel encap nexthops, etc..). Reshape 'struct route' to be able to pass additional data (with is length) to prepend to mbuf. These two changes permits routing code to pass pre-calculated nexthop data (like L2 header for route w/gateway) down to the stack eliminating the need for other lookups. It also brings us closer to more complex scenarios like transparently handling MPLS nexthops and tunnel interfaces. Last, but not least, it removes layering violation introduced by flowtable code (ro_lle) and simplifies handling of existing if_output consumers. ARP/ND changes: Make arp/ndp stack pre-calculate link header upon installing/updating lle record. Interface link address change are handled by re-calculating headers for all lles based on if_lladdr event. After these changes, arpresolve()/nd6_resolve() returns full pre-calculated header for supported interfaces thus simplifying if_output(). Move these lookups to separate ether_resolve_addr() function which ether returs error or fully-prepared link header. Add <arp|nd6_>resolve_addr() compat versions to return link addresses instead of pre-calculated data. BPF changes: Raw bpf writes occupied _two_ cases: AF_UNSPEC and pseudo_AF_HDRCMPLT. Despite the naming, both of there have ther header "complete". The only difference is that interface source mac has to be filled by OS for AF_UNSPEC (controlled via BIOCGHDRCMPLT). This logic has to stay inside BPF and not pollute if_output() routines. Convert BPF to pass prepend data via new 'struct route' mechanism. Note that it does not change non-optimized if_output(): ro_prepend handling is purely optional. Side note: hackish pseudo_AF_HDRCMPLT is supported for ethernet and FDDI. It is not needed for ethernet anymore. The only remaining FDDI user is dev/pdq mostly untouched since 2007. FDDI support was eliminated from OpenBSD in 2013 (sys/net/if_fddisubr.c rev 1.65). Flowtable changes: Flowtable violates layering by saving (and not correctly managing) rtes/lles. Instead of passing lle pointer, pass pointer to pre-calculated header data from that lle. Differential Revision: https://reviews.freebsd.org/D4102
|
#
9977be4a |
|
09-Dec-2015 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Make in_arpinput(), inp_lookup_mcast_ifp(), icmp_reflect(), ip_dooptions(), icmp6_redirect_input(), in6_lltable_rtcheck(), in6p_lookup_mcast_ifp() and in6_selecthlim() use new routing api. Eliminate now-unused ip_rtaddr(). Fix lookup key fib6_lookup_nh_basic() which was lost diring merge. Make fib6_lookup_nh_basic() and fib6_lookup_nh_extended() always return IPv6 destination address with embedded scope. Currently rw_gateway has it scope embedded, do the same for non-gatewayed destinations. Sponsored by: Yandex LLC
|
#
17a03656 |
|
14-Sep-2015 |
Eric van Gyzen <vangyzen@FreeBSD.org> |
Fix the handling of IPv6 On-Link Redirects. On receipt of a redirect message, install an interface route for the redirected destination. On removal of the corresponding Neighbor Cache entry, remove the interface route. This requires changes in rtredirect_fib() to cope with an AF_LINK address for the gateway and with the absence of RTF_GATEWAY. This fixes the "Redirected On-Link" test cases in the Tahi IPv6 Ready Logo Phase 2 test suite. Unrelated to the above, fix a recursion on the radix node head lock triggered by the Tahi Redirected to Alternate Router test cases. When I first wrote this patch in October 2012, all Section 2 (Neighbor Discovery) test cases passed on 10-CURRENT, 9-STABLE, and 8-STABLE. cem@ recently rebased the 10.x patch onto head and reported that it passes Tahi. (Thanks!) These other test cases also passed in 2012: * the RTF_MODIFIED case, with IPv4 and IPv6 (using a RTF_HOST|RTF_GATEWAY route for the destination) * the redirected-to-self case, with IPv4 and IPv6 * a valid IPv4 redirect All testing in 2012 was done with WITNESS and INVARIANTS. Tested by: EMC / Isilon Storage Division via Conrad Meyer (cem) in 2015, Mark Kelley <mark_kelley@dell.com> in 2012, TC Telkamp <terence_telkamp@dell.com> in 2012 PR: 152791 Reviewed by: melifaro (current rev), bz (earlier rev) Approved by: kib (mentor) MFC after: 1 month Relnotes: yes Sponsored by: Dell Inc. Differential Revision: https://reviews.freebsd.org/D3602
|
#
bfbc08b8 |
|
03-Jul-2015 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Move comment to the right position. PR: 152791 Submitted by: vangyzen (as part of the functional change) MFC after: 3 days
|
#
2dfcd0ae |
|
01-Dec-2014 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Remove unneded check. No need to do m_pullup to the size that we prepended. MFC after: 1 week Sponsored by: Yandex LLC
|
#
2d957916 |
|
01-Dec-2014 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Remove route chaching support from ipsec code. It isn't used for some time. * remove sa_route_union declaration and route_cache member from struct secashead; * remove key_sa_routechange() call from ICMP and ICMPv6 code; * simplify ip_ipsec_mtu(); * remove #include <net/route.h>; Sponsored by: Yandex LLC
|
#
27688dfe |
|
22-Nov-2014 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Temporarily revert r274774.
|
#
9883e41b |
|
20-Nov-2014 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Switch IF_AFDATA lock to rmlock
|
#
f9723c77 |
|
20-Nov-2014 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Simplify API: use new NHOP_LOOKUP_AIFP flag to select what ifp we need to return. Rename fib[64]_lookup_nh_basic to fib[64]_lookup_nh, add flags fields for all relevant functions.
|
#
e6abaf91 |
|
10-Nov-2014 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Consistently use if_link. Reviewed by: ae, melifaro
|
#
603eaf79 |
|
09-Nov-2014 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Renove faith(4) and faithd(8) from base. It looks like industry have chosen different (and more traditional) stateless/statuful NAT64 as translation mechanism. Last non-trivial commits to both faith(4) and faithd(8) happened more than 12 years ago, so I assume it is time to drop RFC3142 in FreeBSD. No objections from: net@
|
#
3e88eb90 |
|
08-Nov-2014 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Remove ip6_getdstifaddr() and all functions to work with auxiliary data. It isn't safe to keep unreferenced ifaddrs. Use in6ifa_ifwithaddr() to determine ifaddr corresponding to destination address. Since currently we keep addresses with embedded scope zone, in6ifa_ifwithaddr is called with zero zoneid and marked with XXX. Also remove route and lle lookups from ip6_input. Use in6ifa_ifwithaddr() instead. Sponsored by: Yandex LLC
|
#
8c3cfe0b |
|
04-Nov-2014 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Hide 'struct rtentry' and all its macro inside new header: net/route_internal.h The goal is to make its opaque for all code except route/rtsock and proto domain _rmx.
|
#
257480b8 |
|
04-Nov-2014 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Convert netinet6/ to use new routing API. * Remove &ifpp from ip6_output() in favor of ri->ri_nh_info * Provide different wrappers to in6_selectsrc: Currently it is used by 2 differenct type of customers: - socket-based one, which all are unsure about provided address scope and - in-kernel ones (ND code mostly), which don't have any sockets, options, crededentials, etc. So, we provide two different wrappers to in6_selectsrc() returning select source. * Make different versions of selectroute(): Currenly selectroute() is used in two scenarios: - SAS, via in6_selecsrc() -> in6_selectif() -> selectroute() - output, via in6_output -> wrapper -> selectroute() Provide different versions for each customer: - fib6_lookup_nh_basic()-based in6_selectif() which is capable of returning interface only, without MTU/NHOP/L2 calculations - full-blown fib6_selectroute() with cached route/multipath/ MTU/L2 * Stop using routing table for link-local address lookups * Add in6_ifawithifp_lla() to make for-us check faster for link-local * Add in6_splitscope / in6_setllascope for faster embed/deembed scopes
|
#
30514718 |
|
25-Oct-2014 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Convert several places inside netinet6/ to new api.
|
#
f0cace5d |
|
12-Oct-2014 |
Robert Watson <rwatson@FreeBSD.org> |
When deciding whether to call m_pullup() even though there is adequate data in an mbuf, use M_WRITABLE() instead of a direct test of M_EXT; the latter both unnecessarily exposes mbuf-allocator internals in the protocol stack and is also insufficient to catch all cases of non-writability. (NB: m_pullup() does not actually guarantee that a writable mbuf is returned, so further refinement of all of these code paths continues to be required.) Reviewed by: bz MFC after: 3 days Sponsored by: EMC / Isilon Storage Division Differential Revision: https://reviews.freebsd.org/D900
|
#
76039bc8 |
|
26-Oct-2013 |
Gleb Smirnoff <glebius@FreeBSD.org> |
The r48589 promised to remove implicit inclusion of if_var.h soon. Prepare to this event, adding if_var.h to files that do need it. Also, include all includes that now are included due to implicit pollution via if_var.h Sponsored by: Netflix Sponsored by: Nginx, Inc.
|
#
baa09f18 |
|
24-Oct-2013 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Initialize inc_fibnum for properly handling ICMP6_PACKET_TOO_BIG errors in multifib environment. PR: 183265 MFC after: 1 week
|
#
7d26db17 |
|
05-Aug-2013 |
Hiroki Sato <hrs@FreeBSD.org> |
- Use time_uptime instead of time_second in data structures for PF_INET6 in kernel. This fixes various malfunction when the wall time clock is changed. Bump __FreeBSD_version to 1000041. - Use clock_gettime(CLOCK_MONOTONIC_FAST) in userland utilities. MFC after: 1 month
|
#
a786f679 |
|
09-Jul-2013 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Migrate structs ip6stat, icmp6stat and rip6stat to PCPU counters.
|
#
49dc650c |
|
19-Jun-2013 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Use ICMP6STAT_INC() macro for ICMPv6 errors accounting. MFC after: 2 weeks
|
#
10e5acc3 |
|
15-Mar-2013 |
Gleb Smirnoff <glebius@FreeBSD.org> |
- Use m_getcl() instead of hand allocating. - Do not calculate constant length values at run time, CTASSERT() their sanity. - Remove superfluous cleaning of mbuf fields after allocation. - Replace compat macros with function calls. Sponsored by: Nginx, Inc.
|
#
7b07d1be |
|
14-Mar-2013 |
Gleb Smirnoff <glebius@FreeBSD.org> |
- Use m_getcl() instead of hand allocating. - Use m_get()/m_gethdr() instead of macros. - Remove superfluous cleaning of mbuf fields after allocation. Sponsored by: Nginx, Inc.
|
#
eb1b1807 |
|
05-Dec-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Mechanically substitute flags from historic mbuf allocator with malloc(9) flags within sys. Exceptions: - sys/contrib not touched - sys/mbuf.h edited manually
|
#
73cb2f38 |
|
15-Nov-2012 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Reduce the overhead of locking, use IF_AFDATA_RLOCK() when we are doing simple lookups. Sponsored by: Yandex LLC MFC after: 1 week
|
#
6f56329a |
|
22-Oct-2012 |
Xin LI <delphij@FreeBSD.org> |
Remove __P. Submitted by: kevlo Reviewed by: md5(1) MFC after: 2 months
|
#
d6d3f01e |
|
08-Sep-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Merge the projects/pf/head branch, that was worked on for last six months, into head. The most significant achievements in the new code: o Fine grained locking, thus much better performance. o Fixes to many problems in pf, that were specific to FreeBSD port. New code doesn't have that many ifdefs and much less OpenBSDisms, thus is more attractive to our developers. Those interested in details, can browse through SVN log of the projects/pf/head branch. And for reference, here is exact list of revisions merged: r232043, r232044, r232062, r232148, r232149, r232150, r232298, r232330, r232332, r232340, r232386, r232390, r232391, r232605, r232655, r232656, r232661, r232662, r232663, r232664, r232673, r232691, r233309, r233782, r233829, r233830, r233834, r233835, r233836, r233865, r233866, r233868, r233873, r234056, r234096, r234100, r234108, r234175, r234187, r234223, r234271, r234272, r234282, r234307, r234309, r234382, r234384, r234456, r234486, r234606, r234640, r234641, r234642, r234644, r234651, r235505, r235506, r235535, r235605, r235606, r235826, r235991, r235993, r236168, r236173, r236179, r236180, r236181, r236186, r236223, r236227, r236230, r236252, r236254, r236298, r236299, r236300, r236301, r236397, r236398, r236399, r236499, r236512, r236513, r236525, r236526, r236545, r236548, r236553, r236554, r236556, r236557, r236561, r236570, r236630, r236672, r236673, r236679, r236706, r236710, r236718, r237154, r237155, r237169, r237314, r237363, r237364, r237368, r237369, r237376, r237440, r237442, r237751, r237783, r237784, r237785, r237788, r237791, r238421, r238522, r238523, r238524, r238525, r239173, r239186, r239644, r239652, r239661, r239773, r240125, r240130, r240131, r240136, r240186, r240196, r240212. I'd like to thank people who participated in early testing: Tested by: Florian Smeets <flo freebsd.org> Tested by: Chekaluk Vitaly <artemrts ukr.net> Tested by: Ben Wilber <ben desync.com> Tested by: Ian FREISLICH <ianf cloudseed.co.za>
|
#
7f63ba51 |
|
04-Jun-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Remove completely the m_addr_changed() hack, and support of reverse pointer in pf_state_ket, that ware 'if 0' since beginning of SMP-friendly pf project. In the new locking scheme we can't reference state keys from mbuf tags, nor a key can reference another key.
|
#
2cf62998 |
|
24-May-2012 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
MFp4 bz_ipv6_fast: No need to hold the (expensive) rt lock over (expensive) logging. Sponsored by: The FreeBSD Foundation Sponsored by: iXsystems Reviewed by: gnn (as part of the whole) MFC After: 3 days
|
#
81d5d46b |
|
03-Feb-2012 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Add multi-FIB IPv6 support to the core network stack supplementing the original IPv4 implementation from r178888: - Use RT_DEFAULT_FIB in the IPv4 implementation where noticed. - Use rt*fib() KPI with explicit RT_DEFAULT_FIB where applicable in the NFS code. - Use the new in6_rt* KPI in TCP, gif(4), and the IPv6 network stack where applicable. - Split in6_rtqtimo() and in6_mtutimo() as done in IPv4 and equally prevent multiple initializations of callouts in in6_inithead(). - Use wrapper functions where needed to preserve the current KPI to ease MFCs. Use BURN_BRIDGES to indicate expected future cleanup. - Fix (related) comments (both technical or style). - Convert to rtinit() where applicable and only use custom loops where currently not possible otherwise. - Multicast group, most neighbor discovery address actions and faith(4) are locked to the default FIB. Individual IPv6 addresses will only appear in the default FIB, however redirect information and prefixes of connected subnets are automatically propagated to all FIBs by default (mimicking IPv4 behavior as closely as possible). Sponsored by: Cisco Systems, Inc.
|
#
137f91e8 |
|
05-Jan-2012 |
John Baldwin <jhb@FreeBSD.org> |
Convert all users of IF_ADDR_LOCK to use new locking macros that specify either a read lock or write lock. Reviewed by: bz MFC after: 2 weeks
|
#
3b0b2840 |
|
29-Dec-2011 |
John Baldwin <jhb@FreeBSD.org> |
Use queue(3) macros instead of home-rolled versions in several places in the INET6 code. This includes retiring the 'ndpr_next' and 'pfr_next' macros. Submitted by: pluknet (earlier version) Reviewed by: pluknet
|
#
94e83133 |
|
24-Dec-2011 |
John Baldwin <jhb@FreeBSD.org> |
Fix a bug where TAILQ_FIRST(&V_ifnet) was accessed without holding the proper lock. Reviewed by: bz MFC after: 1 week
|
#
37c1ff48 |
|
07-Nov-2011 |
Gleb Smirnoff <glebius@FreeBSD.org> |
In icmp6_redirect_input: - Assert that we got a valid mbuf with rcvif pointer. [1] - Use __func__ in logging. Submitted by: prabhakar lakhera <prabhakar.lakhera gmail.com> [1] Submitted by: Kristof Provost <kristof sigsegv.be> [1]
|
#
6ba404ca |
|
03-Nov-2011 |
Sergey Kandaurov <pluknet@FreeBSD.org> |
Remove a couple of write-only variables.
|
#
e74eb12c |
|
16-Oct-2011 |
Qing Li <qingli@FreeBSD.org> |
The IPv6 code was influx at the time of r196865 due to the L2/L3 separation rewrite changes. r196865 was committed to fix a scope violation problem in the following test scenario: box-1# ifconfig em0 inet6 2001:db8:1:: prefixlen 64 anycast box-1# ifconfig em1 inet6 2001:db8:2::1 prefixlen 64 box-2# ifconfig re0 inet6 2001:db8:1::6 prefixlen 64 em0 and re0 are on the same link. box-2# ping6 2001:db8:1:: PING6(56=40+8+8 bytes) 2001:db8:1::6 --> 2001:db8:1:: the ICMPv6 response should have a source address of em1, which is 2001:db8:2::1, not the link-local address of em0. That code is no longer necessary and breaks the IPv6-Ready logo testing, so revert it now. Reviewed by: hrs MFC after: 3 days
|
#
3e288e62 |
|
22-Nov-2010 |
Dimitry Andric <dim@FreeBSD.org> |
After some off-list discussion, revert a number of changes to the DPCPU_DEFINE and VNET_DEFINE macros, as these cause problems for various people working on the affected files. A better long-term solution is still being considered. This reversal may give some modules empty set_pcpu or set_vnet sections, but these are harmless. Changes reverted: ------------------------------------------------------------------------ r215318 | dim | 2010-11-14 21:40:55 +0100 (Sun, 14 Nov 2010) | 4 lines Instead of unconditionally emitting .globl's for the __start_set_xxx and __stop_set_xxx symbols, only emit them when the set_vnet or set_pcpu sections are actually defined. ------------------------------------------------------------------------ r215317 | dim | 2010-11-14 21:38:11 +0100 (Sun, 14 Nov 2010) | 3 lines Apply the STATIC_VNET_DEFINE and STATIC_DPCPU_DEFINE macros throughout the tree. ------------------------------------------------------------------------ r215316 | dim | 2010-11-14 21:23:02 +0100 (Sun, 14 Nov 2010) | 2 lines Add macros to define static instances of VNET_DEFINE and DPCPU_DEFINE.
|
#
31c6a003 |
|
14-Nov-2010 |
Dimitry Andric <dim@FreeBSD.org> |
Apply the STATIC_VNET_DEFINE and STATIC_DPCPU_DEFINE macros throughout the tree.
|
#
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done by /etc/rc.d/jail.
|
#
e7a6db74 |
|
19-Aug-2010 |
Ana Kukec <anchie@FreeBSD.org> |
Fix mbuf leakages and remove unneccessary duplicate mbuf frees. Use the right copy of an mbuf for the IP6_EXTHDR_CHECK. Reported by: zec, hrs Approved by: bz (mentor)
|
#
1db8d1f8 |
|
19-Aug-2010 |
Ana Kukec <anchie@FreeBSD.org> |
MFp4: anchie_soc2009 branch: Add kernel side support for Secure Neighbor Discovery (SeND), RFC 3971. The implementation consists of a kernel module that gets packets from the nd6 code, sends them to user space on a dedicated socket and reinjects them back for further processing. Hooks are used from nd6 code paths to divert relevant packets to the send implementation for processing in user space. The hooks are only triggered if the send module is loaded. In case no user space application is connected to the send socket, processing continues normaly as if the module would not be loaded. Unloading the module is not possible at this time due to missing nd6 locking. The native SeND socket is similar to a raw IPv6 socket but with its own, internal pseudo-protocol. Approved by: bz (mentor)
|
#
480d7c6c |
|
06-May-2010 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
MFC r207369: MFP4: @176978-176982, 176984, 176990-176994, 177441 "Whitspace" churn after the VIMAGE/VNET whirls. Remove the need for some "init" functions within the network stack, like pim6_init(), icmp_init() or significantly shorten others like ip6_init() and nd6_init(), using static initialization again where possible and formerly missed. Move (most) variables back to the place they used to be before the container structs and VIMAGE_GLOABLS (before r185088) and try to reduce the diff to stable/7 and earlier as good as possible, to help out-of-tree consumers to update from 6.x or 7.x to 8 or 9. This also removes some header file pollution for putatively static global variables. Revert VIMAGE specific changes in ipfilter::ip_auth.c, that are no longer needed. Reviewed by: jhb Discussed with: rwatson Sponsored by: The FreeBSD Foundation Sponsored by: CK Software GmbH
|
#
82cea7e6 |
|
29-Apr-2010 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
MFP4: @176978-176982, 176984, 176990-176994, 177441 "Whitspace" churn after the VIMAGE/VNET whirls. Remove the need for some "init" functions within the network stack, like pim6_init(), icmp_init() or significantly shorten others like ip6_init() and nd6_init(), using static initialization again where possible and formerly missed. Move (most) variables back to the place they used to be before the container structs and VIMAGE_GLOABLS (before r185088) and try to reduce the diff to stable/7 and earlier as good as possible, to help out-of-tree consumers to update from 6.x or 7.x to 8 or 9. This also removes some header file pollution for putatively static global variables. Revert VIMAGE specific changes in ipfilter::ip_auth.c, that are no longer needed. Reviewed by: jhb Discussed with: rwatson Sponsored by: The FreeBSD Foundation Sponsored by: CK Software GmbH MFC after: 6 days
|
#
06f86319 |
|
17-Jan-2010 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
MFC r201688: Correct a typo. Submitted by: sn_ (sn_ gmx.net) on hackers@
|
#
1767c520 |
|
06-Jan-2010 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Correct a typo. Submitted by: sn_ (sn_ gmx.net) on hackers@ MFC after: 3 days
|
#
4fe9cf96 |
|
05-Dec-2009 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
MFC r198076: Explicitly compare to a return code. Discussed with: philip (after we both misread the logic there the 1st time)
|
#
14c129fc |
|
13-Oct-2009 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Explicitly compare to a return code. Discussed with: philip (after we both misread the logic there the 1st time) MFC after: 6 weeks
|
#
02642a57 |
|
05-Sep-2009 |
Qing Li <qingli@FreeBSD.org> |
MFC r196865 This patch fixes an address scope violation. Considering the scenario where an anycast address is assigned on one interface, and a global address with the same scope is assigned on another interface. In other words, the interface owns the anycast address has only the link-local address as one other address. Without this patch, "ping6" the anycast address from another station will observe the source address of the returned ICMP6 echo reply has the link-local address, not the global address that exists on the other interface in the same node. Reviewed by: bz Approved by: re
|
#
7dcdecb1 |
|
05-Sep-2009 |
Qing Li <qingli@FreeBSD.org> |
This patch fixes an address scope violation. Considering the scenario where an anycast address is assigned on one interface, and a global address with the same scope is assigned on another interface. In other words, the interface owns the anycast address has only the link-local address as one other address. Without this patch, "ping6" the anycast address from another station will observe the source address of the returned ICMP6 echo reply has the link-local address, not the global address that exists on the other interface in the same node. Reviewed by: bz MFC after: immediately
|
#
3ef94f2b |
|
28-Aug-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Merge r196481 from head to stable/8: Rework global locks for interface list and index management, correcting several critical bugs, including race conditions and lock order issues: Replace the single rwlock, ifnet_lock, with two locks, an rwlock and an sxlock. Either can be held to stablize the lists and indexes, but both are required to write. This allows the list to be held stable in both network interrupt contexts and sleepable user threads across sleeping memory allocations or device driver interactions. As before, writes to the interface list must occur from sleepable contexts. Reviewed by: bz, julian Approved by: re (kib)
|
#
77dfcdc4 |
|
23-Aug-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Rework global locks for interface list and index management, correcting several critical bugs, including race conditions and lock order issues: Replace the single rwlock, ifnet_lock, with two locks, an rwlock and an sxlock. Either can be held to stablize the lists and indexes, but both are required to write. This allows the list to be held stable in both network interrupt contexts and sleepable user threads across sleeping memory allocations or device driver interactions. As before, writes to the interface list must occur from sleepable contexts. Reviewed by: bz, julian MFC after: 3 days
|
#
315e3e38 |
|
02-Aug-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Many network stack subsystems use a single global data structure to hold all pertinent statatistics for the subsystem. These structures are sometimes "borrowed" by kernel modules that require a place to store statistics for similar events. Add KPI accessor functions for statistics structures referenced by kernel modules so that they no longer encode certain specifics of how the data structures are named and stored. This change is intended to make it easier to move to per-CPU network stats following 8.0-RELEASE. The following modules are affected by this change: if_bridge if_cxgb if_gif ip_mroute ipdivert pf In practice, most of these statistics consumers should, in fact, maintain their own statistics data structures rather than borrowing structures from the base network stack. However, that change is too agressive for this point in the release cycle. Reviewed by: bz Approved by: re (kib)
|
#
530c0060 |
|
01-Aug-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Merge the remainder of kern_vimage.c and vimage.h into vnet.c and vnet.h, we now use jails (rather than vimages) as the abstraction for virtualization management, and what remained was specific to virtual network stacks. Minor cleanups are done in the process, and comments updated to reflect these changes. Reviewed by: bz Approved by: re (vimage blanket)
|
#
1e77c105 |
|
16-Jul-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Remove unused VNET_SET() and related macros; only VNET_GET() is ever actually used. Rename VNET_GET() to VNET() to shorten variable references. Discussed with: bz, julian Reviewed by: bz Approved by: re (kensmith, kib)
|
#
eddfbb76 |
|
14-Jul-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Build on Jeff Roberson's linker-set based dynamic per-CPU allocator (DPCPU), as suggested by Peter Wemm, and implement a new per-virtual network stack memory allocator. Modify vnet to use the allocator instead of monolithic global container structures (vinet, ...). This change solves many binary compatibility problems associated with VIMAGE, and restores ELF symbols for virtualized global variables. Each virtualized global variable exists as a "reference copy", and also once per virtual network stack. Virtualized global variables are tagged at compile-time, placing the in a special linker set, which is loaded into a contiguous region of kernel memory. Virtualized global variables in the base kernel are linked as normal, but those in modules are copied and relocated to a reserved portion of the kernel's vnet region with the help of a the kernel linker. Virtualized global variables exist in per-vnet memory set up when the network stack instance is created, and are initialized statically from the reference copy. Run-time access occurs via an accessor macro, which converts from the current vnet and requested symbol to a per-vnet address. When "options VIMAGE" is not compiled into the kernel, normal global ELF symbols will be used instead and indirection is avoided. This change restores static initialization for network stack global variables, restores support for non-global symbols and types, eliminates the need for many subsystem constructors, eliminates large per-subsystem structures that caused many binary compatibility issues both for monitoring applications (netstat) and kernel modules, removes the per-function INIT_VNET_*() macros throughout the stack, eliminates the need for vnet_symmap ksym(2) munging, and eliminates duplicate definitions of virtualized globals under VIMAGE_GLOBALS. Bump __FreeBSD_version and update UPDATING. Portions submitted by: bz Reviewed by: bz, zec Discussed with: gnn, jamie, jeff, jhb, julian, sam Suggested by: peter Approved by: re (kensmith)
|
#
88d166bf |
|
23-Jun-2009 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Make callers to in6_selectsrc() and in6_pcbladdr() pass in memory to save the selected source address rather than returning an unreferenced copy to a pointer that might long be gone by the time we use the pointer for anything meaningful. Asked for by: rwatson Reviewed by: rwatson
|
#
8c0fec80 |
|
23-Jun-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Modify most routines returning 'struct ifaddr *' to return references rather than pointers, requiring callers to properly dispose of those references. The following routines now return references: ifaddr_byindex ifa_ifwithaddr ifa_ifwithbroadaddr ifa_ifwithdstaddr ifa_ifwithnet ifaof_ifpforaddr ifa_ifwithroute ifa_ifwithroute_fib rt_getifa rt_getifa_fib IFP_TO_IA ip_rtaddr in6_ifawithifp in6ifa_ifpforlinklocal in6ifa_ifpwithaddr in6_ifadd carp_iamatch6 ip6_getdstifaddr Remove unused macro which didn't have required referencing: IFP_TO_IA6 This closes many small races in which changes to interface or address lists while an ifaddr was in use could lead to use of freed memory (etc). In a few cases, add missing if_addr_list locking required to safely acquire references. Because of a lack of deep copying support, we accept a race in which an in6_ifaddr pointed to by mbuf tags and extracted with ip6_getdstifaddr() doesn't hold a reference while in transmit. Once we have mbuf tag deep copy support, this can be fixed. Reviewed by: bz Obtained from: Apple, Inc. (portions) MFC after: 6 weeks (portions)
|
#
c1f19219 |
|
13-Jun-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Rename the host-related prison fields to be the same as the host.* parameters they represent, and the variables they replaced, instead of abbreviated versions of them. Approved by: bz (mentor)
|
#
8d8bc018 |
|
08-Jun-2009 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
After r193232 rt_tables in vnet.h are no longer indirectly dependent on the ROUTETABLES kernel option thus there is no need to include opt_route.h anymore in all consumers of vnet.h and no longer depend on it for module builds. Remove the hidden include in flowtable.h as well and leave the two explicit #includes in ip_input.c and ip_output.c.
|
#
76ca6f88 |
|
29-May-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Place hostnames and similar information fully under the prison system. The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible. The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed. Approved by: bz (mentor)
|
#
29dc7bc6 |
|
27-May-2009 |
Bruce M Simpson <bms@FreeBSD.org> |
Merge final round of MLD changes from p4: ip6_input.c, in6.h: * Add netinet6-specific mbuf flag M_RTALERT_MLD, shadowing M_PROTO6. * Always set this flag if HBH Router Alert option is present for MLD, even when not forwarding. icmp6.c: * In icmp6_input(), spell m->m_pkthdr.rcvif as ifp to be consistent. * Use scope ID for verifying input. Do not apply SSM filters here, no inpcb. * Check for M_RTALERT_MLD when validating MLD traffic, as we can't see IPv6 hop options outside of ip6_input(). in6_mcast.c: * Use KAME scope/zone ID in in6_multi. * Update net.inet6.ip6.mcast.filters implementation to use scope IDs for comparisons. * Fix scope ID treatment in multicast socket option processing. Scope IDs passed in from userland will be ignored as other less ambiguous APIs exist for specifying the link. * Tighten userland input checks in IPv6 SSM delta and full-state ops. * Source filter embedded scope IDs need to be revisited, for now just clear them and ignore them on input. * Adapt KAME behaviour of looking up the scope ID in the default zone for multicast leaves, when the interface is ambiguous. mld6.c: * Tighten origin checks on MLD traffic as per RFC3810 Section 6.2: * ip6_src MAY be the unspecified address for MLDv1 reports. * ip6_src MAY have link-local address scope for MLDv1 reports, MLDv1 queries, and MLDv2 queries. * Perform address field validation *before* accepting queries. * Use KAME scope/zone ID in query/report processing. * Break const correctness for mld_v1_input_report(), mld_v1_input_query() as we temporarily modify the input mbuf chain. * Clear the scope ID before handoff to userland MLD daemon. * Fix MLDv1 old querier present timer processing. With the protocol defaults, hosts should revert to MLDv2 after 260s. * Add net.inet6.mld.v1enable sysctl, default to on. ifmcstat.c: * Use sysctl by default; -K requests kvm(3) if so compiled. mld.4: * Connect man page to build. Tested using PCS.
|
#
33cde130 |
|
29-Apr-2009 |
Bruce M Simpson <bms@FreeBSD.org> |
Bite the bullet, and make the IPv6 SSM and MLDv2 mega-commit: import from p4 bms_netdev. Summary of changes: * Connect netinet6/in6_mcast.c to build. The legacy KAME KPIs are mostly preserved. * Eliminate now dead code from ip6_output.c. Don't do mbuf bingo, we are not going to do RFC 2292 style CMSG tricks for multicast options as they are not required by any current IPv6 normative reference. * Refactor transports (UDP, raw_ip6) to do own mcast filtering. SCTP, TCP unaffected by this change. * Add ip6_msource, in6_msource structs to in6_var.h. * Hookup mld_ifinfo state to in6_ifextra, allocate from domifattach path. * Eliminate IN6_LOOKUP_MULTI(), it is no longer referenced. Kernel consumers which need this should use in6m_lookup(). * Refactor IPv6 socket group memberships to use a vector (like IPv4). * Update ifmcstat(8) for IPv6 SSM. * Add witness lock order for IN6_MULTI_LOCK. * Move IN6_MULTI_LOCK out of lower ip6_output()/ip6_input() paths. * Introduce IP6STAT_ADD/SUB/INC/DEC as per rwatson's IPv4 cleanup. * Update carp(4) for new IPv6 SSM KPIs. * Virtualize ip6_mrouter socket. Changes mostly localized to IPv6 MROUTING. * Don't do a local group lookup in MROUTING. * Kill unused KAME prototypes in6_purgemkludge(), in6_restoremkludge(). * Preserve KAME DAD timer jitter behaviour in MLDv1 compatibility mode. * Bump __FreeBSD_version to 800084. * Update UPDATING. NOTE WELL: * This code hasn't been tested against real MLDv2 queriers (yet), although the on-wire protocol has been verified in Wireshark. * There are a few unresolved issues in the socket layer APIs to do with scope ID propagation. * There is a LOR present in ip6_output()'s use of in6_setscope() which needs to be resolved. See comments in mld6.c. This is believed to be benign and can't be avoided for the moment without re-introducing an indirect netisr. This work was mostly derived from the IGMPv3 implementation, and has been sponsored by a third party.
|
#
c4dd3fe1 |
|
20-Apr-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Prefer structure fields (ifa_link) to macro aliases for them (ifa_list). MFC after: 2 weeks
|
#
f68ffa03 |
|
20-Apr-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Use TAILQ_FOREACH() and TAILQ_FOREACH_SAFE() rather than manually accessing queue(9) structure fields for if_addrhead. Prefer FreeBSD field name if_addrhead to compatibility macro if_addrlist. MFC after: 2 weeks
|
#
1e1d603e |
|
20-Apr-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Lock interface address lists before iterating over them in nd6. MFC after: 2 weeks
|
#
e27b0c87 |
|
12-Apr-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Update stats in struct icmpstat and icmp6stat using four new macros: ICMPSTAT_ADD(), ICMPSTAT_INC(), ICMP6STAT_ADD(), and ICMP6STAT_INC(), rather than directly manipulating the fields of these structures across the kernel. This will make it easier to change the implementation of these statistics, such as using per-CPU versions of the data structures. In on case, icmp6stat members are manipulated indirectly, by icmp6_errcount(), and this will require further work to fix for per-CPU stats. MFC after: 3 days
|
#
33553d6e |
|
27-Feb-2009 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
For all files including net/vnet.h directly include opt_route.h and net/route.h. Remove the hidden include of opt_route.h and net/route.h from net/vnet.h. We need to make sure that both opt_route.h and net/route.h are included before net/vnet.h because of the way MRT figures out the number of FIBs from the kernel option. If we do not, we end up with the default number of 1 when including net/vnet.h and array sizes are wrong. This does not change the list of files which depend on opt_route.h but we can identify them now more easily.
|
#
97590249 |
|
17-Dec-2008 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Another step assimilating IPv[46] PCB code: normalize IN6P_* compat flags usage to their equialent INP_* counterpart. Discussed with: rwatson Reviewed by: rwatson MFC after: 4 weeks
|
#
dcdb4371 |
|
16-Dec-2008 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Use inc_flags instead of the inc_isipv6 alias which so far had been the only flag with random usage patterns. Switch inc_flags to be used as a real bit field by using INC_ISIPV6 with bitops to check for the 'isipv6' condition. While here fix a place or two where in case of v4 inc_flags were not properly initialized before.[1] Found by: rwatson during review [1] Discussed with: rwatson Reviewed by: rwatson MFC after: 4 weeks
|
#
aba53ef0 |
|
15-Dec-2008 |
Kip Macy <kmacy@FreeBSD.org> |
convert more pointer validation checks to checking against NULL
|
#
56c423b0 |
|
15-Dec-2008 |
Kip Macy <kmacy@FreeBSD.org> |
make sure redirect doesn't return without dropping the lock
|
#
fc384fa5 |
|
15-Dec-2008 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Another step assimilating IPv[46] PCB code - directly use the inpcb names rather than the following IPv6 compat macros: in6pcb,in6p_sp, in6p_ip6_nxt,in6p_flowinfo,in6p_vflag, in6p_flags,in6p_socket,in6p_lport,in6p_fport,in6p_ppcb and sotoin6pcb(). Apart from removing duplicate code in netipsec, this is a pure whitespace, not a functional change. Discussed with: rwatson Reviewed by: rwatson (version before review requested changes) MFC after: 4 weeks (set the timer and see then)
|
#
6e6b3f7c |
|
14-Dec-2008 |
Qing Li <qingli@FreeBSD.org> |
This main goals of this project are: 1. separating L2 tables (ARP, NDP) from the L3 routing tables 2. removing as much locking dependencies among these layers as possible to allow for some parallelism in the search operations 3. simplify the logic in the routing code, The most notable end result is the obsolescent of the route cloning (RTF_CLONING) concept, which translated into code reduction in both IPv4 ARP and IPv6 NDP related modules, and size reduction in struct rtentry{}. The change in design obsoletes the semantics of RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland applications such as "arp" and "ndp" have been modified to reflect those changes. The output from "netstat -r" shows only the routing entries. Quite a few developers have contributed to this project in the past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and Andre Oppermann. And most recently: - Kip Macy revised the locking code completely, thus completing the last piece of the puzzle, Kip has also been conducting active functional testing - Sam Leffler has helped me improving/refactoring the code, and provided valuable reviews - Julian Elischer setup the perforce tree for me and has helped me maintaining that branch before the svn conversion
|
#
4b79449e |
|
02-Dec-2008 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Rather than using hidden includes (with cicular dependencies), directly include only the header files needed. This reduces the unneeded spamming of various headers into lots of files. For now, this leaves us with very few modules including vnet.h and thus needing to depend on opt_route.h. Reviewed by: brooks, gnn, des, zec, imp Sponsored by: The FreeBSD Foundation
|
#
97021c24 |
|
26-Nov-2008 |
Marko Zec <zec@FreeBSD.org> |
Merge more of currently non-functional (i.e. resolving to whitespace) macros from p4/vimage branch. Do a better job at enclosing all instantiations of globals scheduled for virtualization in #ifdef VIMAGE_GLOBALS blocks. De-virtualize and mark as const saorder_state_alive and saorder_state_any arrays from ipsec code, given that they are never updated at runtime, so virtualizing them would be pointless. Reviewed by: bz, julian Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation
|
#
44e33a07 |
|
19-Nov-2008 |
Marko Zec <zec@FreeBSD.org> |
Change the initialization methodology for global variables scheduled for virtualization. Instead of initializing the affected global variables at instatiation, assign initial values to them in initializer functions. As a rule, initialization at instatiation for such variables should never be introduced again from now on. Furthermore, enclose all instantiations of such global variables in #ifdef VIMAGE_GLOBALS blocks. Essentialy, this change should have zero functional impact. In the next phase of merging network stack virtualization infrastructure from p4/vimage branch, the new initialization methology will allow us to switch between using global variables and their counterparts residing in virtualization containers with minimum code churn, and in the long run allow us to intialize multiple instances of such container structures. Discussed at: devsummit Strassburg Reviewed by: bz, julian Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation
|
#
d7f03759 |
|
19-Oct-2008 |
Ulf Lilleengen <lulf@FreeBSD.org> |
- Import the HEAD csup code which is the basis for the cvsmode work.
|
#
8b615593 |
|
02-Oct-2008 |
Marko Zec <zec@FreeBSD.org> |
Step 1.5 of importing the network stack virtualization infrastructure from the vimage project, as per plan established at devsummit 08/08: http://wiki.freebsd.org/Image/Notes200808DevSummit Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator macros, and CURVNET_SET() context setting macros, all currently resolving to NOPs. Prepare for virtualization of selected SYSCTL objects by introducing a family of SYSCTL_V_*() macros, currently resolving to their global counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT(). Move selected #defines from sys/sys/vimage.h to newly introduced header files specific to virtualized subsystems (sys/net/vnet.h, sys/netinet/vinet.h etc.). All the changes are verified to have zero functional impact at this point in time by doing MD5 comparision between pre- and post-change object files(*). (*) netipsec/keysock.c did not validate depending on compile time options. Implemented by: julian, bz, brooks, zec Reviewed by: julian, bz, brooks, kris, rwatson, ... Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation
|
#
59ca51ad |
|
03-Sep-2008 |
Simon L. B. Nielsen <simon@FreeBSD.org> |
- Fix amd64 local privilege escalation. [08:07] - Fix nmount(2) local privilege escalation. [08:08] - Fix IPv6 remote kernel panics. [08:09] Fix for [08:07] is merge of r181823. Submitted by: kib [08:07], csjp [08:08], bz [08:09] Reviewed by: peter [08:07], jhb [08:07] Reviewed by: jinmei [08:09], rwatson [08:09] Approved by: re (SA blanket) Approved by: so (simon) Security: FreeBSD-SA-08:07.amd64 Security: FreeBSD-SA-08:08.nmount Security: FreeBSD-SA-08:09.icmp6
|
#
603724d3 |
|
17-Aug-2008 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Commit step 1 of the vimage project, (network stack) virtualization work done by Marko Zec (zec@). This is the first in a series of commits over the course of the next few weeks. Mark all uses of global variables to be virtualized with a V_ prefix. Use macros to map them back to their global names for now, so this is a NOP change only. We hope to have caught at least 85-90% of what is needed so we do not invalidate a lot of outstanding patches again. Obtained from: //depot/projects/vimage-commit2/... Reviewed by: brooks, des, ed, mav, julian, jamie, kris, rwatson, zec, ... (various people I forgot, different versions) md5 (with a bit of help) Sponsored by: NLnet Foundation, The FreeBSD Foundation X-MFC after: never V_Commit_Message_Reviewed_By: more people than the patch
|
#
ae89d5a3 |
|
29-Jul-2008 |
Robert Watson <rwatson@FreeBSD.org> |
When copying in and out current ICMPv6 filters on a raw IPv6 socket, lock the inpcb and use a local stack variable to copy to/from userspace so that sooptcopyin()/sooptcopyout() aren't called while holding an rwlock. While here, fix a bug in which a failed sooptcopyin() might lead to partially consistent ICMPv6 filters on the socket by not ignoring the error returned by sooptcopyin(). MFC after: 2 weeks
|
#
2f1ff0cd |
|
29-Jul-2008 |
Robert Watson <rwatson@FreeBSD.org> |
Since we fail IPv6 raw socket allocation if inp->in6p_icmp6filt can't be allocated, there's no need to conditionize use and freeing of it later. MFC after: 1 week
|
#
6c5bbf5c |
|
28-Jul-2008 |
Alexander Motin <mav@FreeBSD.org> |
Move inpcb lock higher to protect some nonbinding fields reading. It fixes nothing at this time, but decided to be more correct.
|
#
b11e21ae |
|
27-Jul-2008 |
Alexander Motin <mav@FreeBSD.org> |
According to in_pcb.h protocol binding information has double locking. It allows access it while list travercing holding only global pcbinfo lock.
|
#
4f7d1876 |
|
05-Jul-2008 |
Robert Watson <rwatson@FreeBSD.org> |
Introduce a new lock, hostname_mtx, and use it to synchronize access to global hostname and domainname variables. Where necessary, copy to or from a stack-local buffer before performing copyin() or copyout(). A few uses, such as in cd9660 and daemon_saver, remain under-synchronized and will require further updates. Correct a bug in which a failed copyin() of domainname would leave domainname potentially corrupted. MFC after: 3 weeks
|
#
bb145f60 |
|
20-Apr-2008 |
Robert Watson <rwatson@FreeBSD.org> |
In ICMPv6, read lock rather than write lock the inpcb on receive. MFC after: 3 months
|
#
8501a69c |
|
17-Apr-2008 |
Robert Watson <rwatson@FreeBSD.org> |
Convert pcbinfo and inpcb mutexes to rwlocks, and modify macros to explicitly select write locking for all use of the inpcb mutex. Update some pcbinfo lock assertions to assert locked rather than write-locked, although in practice almost all uses of the pcbinfo rwlock main exclusive, and all instances of inpcb lock acquisition are exclusive. This change should introduce (ideally) little functional change. However, it lays the groundwork for significantly increased parallelism in the TCP/IP code. MFC after: 3 months Tested by: kris (superset of committered patch)
|
#
9233d8f3 |
|
08-Jan-2008 |
David E. O'Brien <obrien@FreeBSD.org> |
un-__P()
|
#
b48287a3 |
|
10-Dec-2007 |
David E. O'Brien <obrien@FreeBSD.org> |
Clean up VCS Ids.
|
#
2a463222 |
|
05-Jul-2007 |
Xin LI <delphij@FreeBSD.org> |
Space cleanup Approved by: re (rwatson)
|
#
1272577e |
|
05-Jul-2007 |
Xin LI <delphij@FreeBSD.org> |
ANSIfy[1] plus some style cleanup nearby. Discussed with: gnn, rwatson Submitted by: Karl Sj?dahl - dunceor <dunceor gmail com> [1] Approved by: re (rwatson)
|
#
b2630c29 |
|
02-Jul-2007 |
George V. Neville-Neil <gnn@FreeBSD.org> |
Commit the change from FAST_IPSEC to IPSEC. The FAST_IPSEC option is now deprecated, as well as the KAME IPsec code. What was FAST_IPSEC is now IPSEC. Approved by: re Sponsored by: Secure Computing
|
#
2cb64cb2 |
|
01-Jul-2007 |
George V. Neville-Neil <gnn@FreeBSD.org> |
Commit IPv6 support for FAST_IPSEC to the tree. This commit includes only the kernel files, the rest of the files will follow in a second commit. Reviewed by: bz Approved by: re Supported by: Secure Computing
|
#
18706985 |
|
17-May-2007 |
JINMEI Tatuya <jinmei@FreeBSD.org> |
- Disabled responding to NI queries from a global address by default as specified in RFC4620. A new flag for icmp6_nodeinfo was added to enable the feature. - Also cleaned up the code so that the semantics of the icmp6_nodeinfo flags is clearer (i.e., defined specific macro names instead of using hard-coded values). Approved by: gnn (mentor) MFC after: 1 week
|
#
31a94603 |
|
09-Feb-2007 |
Bruce M Simpson <bms@FreeBSD.org> |
In the ICMP6 path to handle FQDN 'who-are-you' queries, check that the packet header mbuf is non-NULL before trying to create a duplicate of it. PR: 95957 Reviewed by: ume MFC after: 3 days
|
#
6a550ab3 |
|
16-Jan-2007 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
Avoid infinite loop if nicmp6 and nip6 are not on the same mbuf. NetBSD PR 34994+35333 MFC after: 3 days
|
#
1d54aa3b |
|
11-Dec-2006 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
MFp4: 92972, 98913 + one more change In ip6_sprintf no longer use and return one of eight static buffers for printing/logging ipv6 addresses. The caller now has to hand in a sufficiently large buffer as first argument.
|
#
233dcce1 |
|
06-Sep-2006 |
Andre Oppermann <andre@FreeBSD.org> |
First step of TSO (TCP segmentation offload) support in our network stack. o add IFCAP_TSO[46] for drivers to announce this capability for IPv4 and IPv6 o add CSUM_TSO flag to mbuf pkthdr csum_flags field o add tso_segsz field to mbuf pkthdr o enhance ip_output() packet length check to allow for large TSO packets o extend tcp_maxmtu[46]() with a flag pointer to pass interface capabilities o adjust all callers of tcp_maxmtu[46]() accordingly Discussed on: -current, -net Sponsored by: TCP/IP Optimization Fundraise 2005
|
#
43bc7a9c |
|
04-Aug-2006 |
Brooks Davis <brooks@FreeBSD.org> |
With exception of the if_name() macro, all definitions in net_osdep.h were unused or already in if_var.h so add if_name() to if_var.h and remove net_osdep.h along with all references to it. Longer term we may want to kill off if_name() entierly since all modern BSDs have if_xname variables rendering it unnecessicary.
|
#
c9db0fad |
|
22-Jul-2006 |
Robert Watson <rwatson@FreeBSD.org> |
Align IPv6 socket locking with IPv4 locking: lock socket buffer explicitly and use _locked variants to avoid extra lock and unlock operations. Reviewed by: gnn MFC after: 1 week
|
#
743eee66 |
|
21-Oct-2005 |
SUZUKI Shinsuke <suz@FreeBSD.org> |
sync with KAME regarding NDP - introduced fine-grain-timer to manage ND-caches and IPv6 Multicast-Listeners - supports Router-Preference <draft-ietf-ipv6-router-selection-07.txt> - better prefix lifetime management - more spec-comformant DAD advertisement - updated RFC/internet-draft revisions Obtained from: KAME Reviewed by: ume, gnn MFC after: 2 month
|
#
a22adbc6 |
|
19-Oct-2005 |
SUZUKI Shinsuke <suz@FreeBSD.org> |
sync with KAME (don't respond to NI_QTYPE_IPV4ADDR) Obtained from: KAME Reviewed by: ume, gnn
|
#
2ce62dce |
|
19-Oct-2005 |
SUZUKI Shinsuke <suz@FreeBSD.org> |
sync with KAME in the following points: - fixed typos - improved some comment descriptions - use NULL, instead of 0, to denote a NULL pointer - avoid embedding a magic number in the code - use nd6log() instead of log() to record NDP-specific logs - nuked an unnecessay white space Obtained from: KAME MFC after: 1 day
|
#
cd0fdcf7 |
|
12-Aug-2005 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
- fix typo in comment. - nuke unused code. Submitted by: suz Obtained from: KAME
|
#
31c8e3fb |
|
10-Aug-2005 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
removed RFC1885-related code. it was obsoleted by RFC2463, and the code was #ifdef'ed out for a long time. Submitted by: suz Obtained from: KAME
|
#
c66b5fea |
|
08-Aug-2005 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
corrected the fourth argument to ni6_addrs().
|
#
a1f7e5f8 |
|
24-Jul-2005 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
scope cleanup. with this change - most of the kernel code will not care about the actual encoding of scope zone IDs and won't touch "s6_addr16[1]" directly. - similarly, most of the kernel code will not care about link-local scoped addresses as a special case. - scope boundary check will be stricter. For example, the current *BSD code allows a packet with src=::1 and dst=(some global IPv6 address) to be sent outside of the node, if the application do: s = socket(AF_INET6); bind(s, "::1"); sendto(s, some_global_IPv6_addr); This is clearly wrong, since ::1 is only meaningful within a single node, but the current implementation of the *BSD kernel cannot reject this attempt. Submitted by: JINMEI Tatuya <jinmei__at__isl.rdc.toshiba.co.jp> Obtained from: KAME
|
#
403cbcf5 |
|
14-May-2005 |
George V. Neville-Neil <gnn@FreeBSD.org> |
Fixes for various nits found by the Coverity tool. In particular 2 missed return values and an inappropriate bcopy from a possibly NULL pointer. Reviewed by: jake Approved by: rwatson MFC after: 1 week
|
#
c543ec4e |
|
14-Apr-2005 |
George V. Neville-Neil <gnn@FreeBSD.org> |
Remove dead code which would never execute. i.e. checking to see if a cluster was every less than 48 bytes, a rather unlikely case. Check return value of m_dup_pkthdr() calls. Found by: Coverity Reviewed by: rwatson (mentor), Keiichi Shima (for Kame) Approved by: rwatson (mentor)
|
#
da57b1ca |
|
01-Mar-2005 |
SUZUKI Shinsuke <suz@FreeBSD.org> |
ignores ICMPv6 code field in case of ICMPv6 Packet-Too-Big (as specified in RFC2463 and draft-ietf-ipngwg-icmp-v3-06.txt) Obtained from: KAME MFC after: 1 day
|
#
9c0fda72 |
|
27-Feb-2005 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
icmp6_notify_error uses IP6_EXTHDR_CHECK, which in turn calls m_pullup. icmp6_notify_error continued to use the old pointer, which after the m_pullup is not suitable as a packet header any longer (see m_move_pkthdr). and this is what causes the kernel panic in sbappendaddr later on. PR: kern/77934 Submitted by: Gerd Rausch <gerd@juniper.net> MFC after: 2 days
|
#
bee48028 |
|
27-Feb-2005 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
fix typo. MFC after: 2 days
|
#
da2ecc1a |
|
08-Feb-2005 |
Robert Watson <rwatson@FreeBSD.org> |
Add missed merge of ripcbinfo extern. Given how widely used ripcbinfo is, we should probably add it to an include file. Spotted by: mux
|
#
62a2c817 |
|
08-Feb-2005 |
Robert Watson <rwatson@FreeBSD.org> |
Lock raw IP socket pcb list and PCBs when processing input via icmp6_rip6_input(). Reviewed by: gnn MFC after: 1 week
|
#
5b8c5ac4 |
|
21-Jan-2005 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
we don't need to make fake sockaddr_in6 to compare subject address. MFC after: 1 week
|
#
caf43b02 |
|
06-Jan-2005 |
Warner Losh <imp@FreeBSD.org> |
/* -> /*- for license, minor formatting changes, separate for KAME
|
#
f36cfd49 |
|
07-Apr-2004 |
Warner Losh <imp@FreeBSD.org> |
Remove advertising clause from University of California Regent's license, per letter dated July 22, 1999 and email from Peter Wemm, Alan Cox and Robert Watson. Approved by: core, peter, alc, rwatson
|
#
aaff9927 |
|
24-Feb-2004 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
in icmp6_mtudisc_update(), use ND link mtu to detect if the path MTU should be updated. Helped by: andre
|
#
f073c60f |
|
03-Feb-2004 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
pass pcb rather than so. it is expected that per socket policy works again.
|
#
97d8d152 |
|
20-Nov-2003 |
Andre Oppermann <andre@FreeBSD.org> |
Introduce tcp_hostcache and remove the tcp specific metrics from the routing table. Move all usage and references in the tcp stack from the routing table metrics to the tcp hostcache. It caches measured parameters of past tcp sessions to provide better initial start values for following connections from or to the same source or destination. Depending on the network parameters to/from the remote host this can lead to significant speedups for new tcp connections after the first one because they inherit and shortcut the learning curve. tcp_hostcache is designed for multiple concurrent access in SMP environments with high contention and is hash indexed by remote ip address. It removes significant locking requirements from the tcp stack with regard to the routing table. Reviewed by: sam (mentor), bms Reviewed by: -net, -current, core@kame.net (IPv6 parts) Approved by: re (scottl)
|
#
26d02ca7 |
|
20-Nov-2003 |
Andre Oppermann <andre@FreeBSD.org> |
Remove RTF_PRCLONING from routing table and adjust users of it accordingly. The define is left intact for ABI compatibility with userland. This is a pre-step for the introduction of tcp_hostcache. The network stack remains fully useable with this change. Reviewed by: sam (mentor), bms Reviewed by: -net, -current, core@kame.net (IPv6 parts) Approved by: re (scottl)
|
#
0f9ade71 |
|
04-Nov-2003 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
- cleanup SP refcnt issue. - share policy-on-socket for listening socket. - don't copy policy-on-socket at all. secpolicy no longer contain spidx, which saves a lot of memory. - deep-copy pcb policy if it is an ipsec policy. assign ID field to all SPD entries. make it possible for racoon to grab SPD entry on pcb. - fixed the order of searching SA table for packets. - fixed to get a security association header. a mode is always needed to compare them. - fixed that the incorrect time was set to sadb_comb_{hard|soft}_usetime. - disallow port spec for tunnel mode policy (as we don't reassemble). - an user can define a policy-id. - clear enc/auth key before freeing. - fixed that the kernel crashed when key_spdacquire() was called because key_spdacquire() had been implemented imcopletely. - preparation for 64bit sequence number. - maintain ordered list of SA, based on SA id. - cleanup secasvar management; refcnt is key.c responsibility; alloc/free is keydb.c responsibility. - cleanup, avoid double-loop. - use hash for spi-based lookup. - mark persistent SP "persistent". XXX in theory refcnt should do the right thing, however, we have "spdflush" which would touch all SPs. another solution would be to de-register persistent SPs from sptree. - u_short -> u_int16_t - reduce kernel stack usage by auto variable secasindex. - clarify function name confusion. ipsec_*_policy -> ipsec_*_pcbpolicy. - avoid variable name confusion. (struct inpcbpolicy *)pcb_sp, spp (struct secpolicy **), sp (struct secpolicy *) - count number of ipsec encapsulations on ipsec4_output, so that we can tell ip_output() how to handle the packet further. - When the value of the ul_proto is ICMP or ICMPV6, the port field in "src" of the spidx specifies ICMP type, and the port field in "dst" of the spidx specifies ICMP code. - avoid from applying IPsec transport mode to the packets when the kernel forwards the packets. Tested by: nork Obtained from: KAME
|
#
657db3c8 |
|
31-Oct-2003 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
(icmp6_rip6_input) if the received data is small enough but in an mbuf cluster, copy the data to a separate mbuf that do not use a cluster. this change will reduce the possiblity of packet loss in the socket layer. Obtained from: KAME
|
#
11de19f4 |
|
28-Oct-2003 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
ip6_savecontrol() argument is redundant
|
#
2a5aafce |
|
28-Oct-2003 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
cleanup use of m_tag. Obtained from: KAME
|
#
f95d4633 |
|
24-Oct-2003 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
Switch Advanced Sockets API for IPv6 from RFC2292 to RFC3542 (aka RFC2292bis). Though I believe this commit doesn't break backward compatibility againt existing binaries, it breaks backward compatibility of API. Now, the applications which use Advanced Sockets API such as telnet, ping6, mld6query and traceroute6 use RFC3542 API. Obtained from: KAME
|
#
86b51224 |
|
22-Oct-2003 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
we have ppsratecheck().
|
#
66bb118e |
|
22-Oct-2003 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
drop the code of HAVE_NRL_INPCB part. our system doesn't use NRL style INPCB.
|
#
9a4f9608 |
|
21-Oct-2003 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
- change scope to zone. - change node-local to interface-local. - better error handling of address-to-scope mapping. - use in6_clearscope(). Obtained from: KAME
|
#
31b1bfe1 |
|
17-Oct-2003 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
- add dom_if{attach,detach} framework. - transition to use ifp->if_afdata. Obtained from: KAME
|
#
953ad2fb |
|
10-Oct-2003 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
nuke SCOPEDROUTING. Though it was there for a long time, it was never enabled.
|
#
aa15ec91 |
|
07-Oct-2003 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
indent
|
#
0527d333 |
|
07-Oct-2003 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
style and indent. no functional change. Obtained from: KAME
|
#
06cd0a3f |
|
07-Oct-2003 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
- fix typo in comment. - style. Obtained from: KAME
|
#
40e39bbb |
|
06-Oct-2003 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
return(code) -> return (code) (reduce diffs against KAME)
|
#
d1dd20be |
|
03-Oct-2003 |
Sam Leffler <sam@FreeBSD.org> |
Locking for updates to routing table entries. Each rtentry gets a mutex that covers updates to the contents. Note this is separate from holding a reference and/or locking the routing table itself. Other/related changes: o rtredirect loses the final parameter by which an rtentry reference may be returned; this was never used and added unwarranted complexity for locking. o minor style cleanups to routing code (e.g. ansi-fy function decls) o remove the logic to bump the refcnt on the parent of cloned routes, we assume the parent will remain as long as the clone; doing this avoids a circularity in locking during delete o convert some timeouts to MPSAFE callouts Notes: 1. rt_mtx in struct rtentry is guarded by #ifdef _KERNEL as user-level applications cannot/do-no know about mutex's. Doing this requires that the mutex be the last element in the structure. A better solution is to introduce an externalized version of struct rtentry but this is a major task because of the intertwining of rtentry and other data structures that are visible to user applications. 2. There are known LOR's that are expected to go away with forthcoming work to eliminate many held references. If not these will be resolved prior to release. 3. ATM changes are untested. Sponsored by: FreeBSD Foundation Obtained from: BSD/OS (partly)
|
#
77d43dae |
|
29-Apr-2003 |
SUZUKI Shinsuke <suz@FreeBSD.org> |
panic() doesn't need \n Obtained from: KAME MFC after: 2 days
|
#
152385d1 |
|
21-Apr-2003 |
David E. O'Brien <obrien@FreeBSD.org> |
Explicitly declare 'int' parameters.
|
#
db06e8a0 |
|
29-Mar-2003 |
SUZUKI Shinsuke <suz@FreeBSD.org> |
fixed a mbuf leak when an IP packet from ESP tunnel is redirected obtained from: KAME
|
#
a163d034 |
|
18-Feb-2003 |
Warner Losh <imp@FreeBSD.org> |
Back out M_* changes, per decision of the TRB. Approved by: trb
|
#
5c47350d |
|
17-Feb-2003 |
Sam Leffler <sam@FreeBSD.org> |
M_MOVE_PKTHDR must happen before any cluster is attached Submitted by: Harti Brandt <brandt@fokus.fraunhofer.de> MFC after: 1 day
|
#
44956c98 |
|
21-Jan-2003 |
Alfred Perlstein <alfred@FreeBSD.org> |
Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0. Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
|
#
2268ca47 |
|
05-Jan-2003 |
Sam Leffler <sam@FreeBSD.org> |
correct pkthdr length calculation for ipv6 echo packets; after moving a packet header with M_MOVE_PKTHDR one should not reference the packet header in the original packet; in this case the code was assuming that m_adj would alter m_pkthdr.len which stopped happening because M_MOVE_PKTHDR removes the M_PKTHDR bit from m_flags Submitted by: Bill Fenner <fenner@research.att.com>
|
#
9967cafc |
|
30-Dec-2002 |
Sam Leffler <sam@FreeBSD.org> |
Correct mbuf packet header propagation. Previously, packet headers were sometimes propagated using M_COPY_PKTHDR which actually did something between a "move" and a "copy" operation. This is replaced by M_MOVE_PKTHDR (which copies the pkthdr contents and "removes" it from the source mbuf) and m_dup_pkthdr which copies the packet header contents including any m_tag chain. This corrects numerous problems whereby mbuf tags could be lost during packet manipulations. These changes also introduce arguments to m_tag_copy and m_tag_copy_chain to specify if the tag copy work should potentially block. This introduces an incompatibility with openbsd which we may want to revisit. Note that move/dup of packet headers does not handle target mbufs that have a cluster bound to them. We may want to support this; for now we watch for it with an assert. Finally, M_COPYFLAGS was updated to include M_FIRSTFRAG|M_LASTFRAG. Supported by: Vernier Networks Reviewed by: Robert Watson <rwatson@FreeBSD.org>
|
#
b30a244c |
|
21-Dec-2002 |
Jeffrey Hsu <hsu@FreeBSD.org> |
SMP locking for ifnet list.
|
#
69f05a07 |
|
20-Dec-2002 |
Sam Leffler <sam@FreeBSD.org> |
define HAVE_PPSRATECHECK now that we have this stuff in the kernel (probably belongs elsewhere; add it this way for now so the system will build)
|
#
b9234faf |
|
15-Oct-2002 |
Sam Leffler <sam@FreeBSD.org> |
Tie new "Fast IPsec" code into the build. This involves the usual configuration stuff as well as conditional code in the IPv4 and IPv6 areas. Everything is conditional on FAST_IPSEC which is mutually exclusive with IPSEC (KAME IPsec implmentation). As noted previously, don't use FAST_IPSEC with INET6 at the moment. Reviewed by: KAME, rwatson Approved by: silence Supported by: Vernier Networks
|
#
5d846453 |
|
15-Oct-2002 |
Sam Leffler <sam@FreeBSD.org> |
Replace aux mbufs with packet tags: o instead of a list of mbufs use a list of m_tag structures a la openbsd o for netgraph et. al. extend the stock openbsd m_tag to include a 32-bit ABI/module number cookie o for openbsd compatibility define a well-known cookie MTAG_ABI_COMPAT and use this in defining openbsd-compatible m_tag_find and m_tag_get routines o rewrite KAME use of aux mbufs in terms of packet tags o eliminate the most heavily used aux mbufs by adding an additional struct inpcb parameter to ip_output and ip6_output to allow the IPsec code to locate the security policy to apply to outbound packets o bump __FreeBSD_version so code can be conditionalized o fixup ipfilter's call to ip_output based on __FreeBSD_version Reviewed by: julian, luigi (silent), -arch, -net, darren Approved by: julian, silence from everyone else Obtained from: openbsd (mostly) MFC after: 1 month
|
#
4cc20ab1 |
|
31-May-2002 |
Seigo Tanimura <tanimura@FreeBSD.org> |
Back out my lats commit of locking down a socket, it conflicts with hsu's work. Requested by: hsu
|
#
243917fe |
|
19-May-2002 |
Seigo Tanimura <tanimura@FreeBSD.org> |
Lock down a socket, milestone 1. o Add a mutex (sb_mtx) to struct sockbuf. This protects the data in a socket buffer. The mutex in the receive buffer also protects the data in struct socket. o Determine the lock strategy for each members in struct socket. o Lock down the following members: - so_count - so_options - so_linger - so_state o Remove *_locked() socket APIs. Make the following socket APIs touching the members above now require a locked socket: - sodisconnect() - soisconnected() - soisconnecting() - soisdisconnected() - soisdisconnecting() - sofree() - soref() - sorele() - sorwakeup() - sotryfree() - sowakeup() - sowwakeup() Reviewed by: alfred
|
#
81170631 |
|
06-May-2002 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
Revised MLD-related definitions - Used mld_xxx and MLD_xxx instead of mld6_xxx and MLD6_xxx according to the official defintions in rfc2292bis (macro definitions for backward compatibility were provided) - Changed the first member of mld_hdr{} from mld_hdr to mld_icmp6_hdr to avoid name space conflict in C++ This change makes ports/net/pchar compilable again under -CURRENT. Obtained from: KAME
|
#
960ed29c |
|
29-Apr-2002 |
Seigo Tanimura <tanimura@FreeBSD.org> |
Revert the change of #includes in sys/filedesc.h and sys/socketvar.h. Requested by: bde Since locking sigio_lock is usually followed by calling pgsigio(), move the declaration of sigio_lock and the definitions of SIGIO_*() to sys/signalvar.h. While I am here, sort include files alphabetically, where possible.
|
#
88ff5695 |
|
18-Apr-2002 |
SUZUKI Shinsuke <suz@FreeBSD.org> |
just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. (based on freebsd4-snap-20020128) Reviewed by: ume MFC after: 1 week
|
#
72b1d826 |
|
19-Mar-2002 |
Alfred Perlstein <alfred@FreeBSD.org> |
Remove duplicate extern declarations to silence warnings.
|
#
9494d596 |
|
25-Sep-2001 |
Brooks Davis <brooks@FreeBSD.org> |
Make faith loadable, unloadable, and clonable.
|
#
67defad7 |
|
03-Jul-2001 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
use TAILQ_FOREACH() in searching address list Obtained from: KAME MFC after: 1 week
|
#
610be6ce |
|
24-Jun-2001 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
on icmp6 node information query (FQDN), do not return hostnames with two dots (like "foo..bar"). 0-length labels are not distinguishable with multiple name replies. Obtained from: KAME MFC after: 10 days
|
#
33841545 |
|
10-Jun-2001 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
Sync with recent KAME. This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge. TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT. Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks
|
#
46aa3347 |
|
27-Oct-2000 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Convert all users of fldoff() to offsetof(). fldoff() is bad because it only takes a struct tag which makes it impossible to use unions, typedefs etc. Define __offsetof() in <machine/ansi.h> Define offsetof() in terms of __offsetof() in <stddef.h> and <sys/types.h> Remove myriad of local offsetof() definitions. Remove includes of <stddef.h> in kernel code. NB: Kernelcode should *never* include from /usr/include ! Make <sys/queue.h> include <machine/ansi.h> to avoid polluting the API. Deprecate <struct.h> with a warning. The warning turns into an error on 01-12-2000 and the file gets removed entirely on 01-01-2001. Paritials reviews by: various. Significant brucifications by: bde
|
#
deebc913 |
|
15-Sep-2000 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
examined the gateway (from the routing table) only when the address family of the gateway is AF_INET6. Submitted by: JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp>
|
#
686cdd19 |
|
04-Jul-2000 |
Jun-ichiro itojun Hagino <itojun@FreeBSD.org> |
sync with kame tree as of july00. tons of bug fixes/improvements. API changes: - additional IPv6 ioctls - IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8). (also syntax change)
|
#
3389ae93 |
|
19-Apr-2000 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Remove ~25 unneeded #include <sys/conf.h> Remove ~60 unneeded #include <sys/malloc.h>
|
#
690a43db |
|
09-Mar-2000 |
Yoshinobu Inoue <shin@FreeBSD.org> |
Update icmp node info query message bit order of query types, according to draft-ietf-ipngwg-icmp-name-lookups-04 to 05 change. This is necessary before 4.0, because, -This change is non backword compatible -Other KAME derived platforms applied 05 -Author of the draft said he never do backword imcompatible changes again. Approved by: jkh Obtained from: KAME project
|
#
6a800098 |
|
22-Dec-1999 |
Yoshinobu Inoue <shin@FreeBSD.org> |
IPSEC support in the kernel. pr_input() routines prototype is also changed to support IPSEC and IPV6 chained protocol headers. Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project
|
#
369dc8ce |
|
21-Dec-1999 |
Eivind Eklund <eivind@FreeBSD.org> |
Change incorrect NULLs to 0s
|
#
cfa1ca9d |
|
07-Dec-1999 |
Yoshinobu Inoue <shin@FreeBSD.org> |
udp IPv6 support, IPv6/IPv4 tunneling support in kernel, packet divert at kernel for IPv6/IPv4 translater daemon This includes queue related patch submitted by jburkhol@home.com. Submitted by: queue related patch from jburkhol@home.com Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project
|
#
e1da8747 |
|
22-Nov-1999 |
Yoshinobu Inoue <shin@FreeBSD.org> |
Removed IPSEC and IPV6FIREWALL because they are not ready yet.
|
#
82cd038d |
|
21-Nov-1999 |
Yoshinobu Inoue <shin@FreeBSD.org> |
KAME netinet6 basic part(no IPsec,no V6 Multicast Forwarding, no UDP/TCP for IPv6 yet) With this patch, you can assigne IPv6 addr automatically, and can reply to IPv6 ping. Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project
|