Age | Commit message (Collapse) | Author |
|
|
|
|
|
parent that doesnt offload the tag insertion, we need to chop the
vlan subheader out before the filter is run, not after.
this moves the mbuf surgery out from the bpf layer into the vlan
layer.
ok henning@ jmatthew@
|
|
get multiple processes in the kernel these sets cant race and allow people
to set the default greater than the max.
|
|
in it cos its only called on new systems, when it actually does.
we dont care about old or new systems, just ours. the code is called, the
fact that it exists is enough to demonstrate that.
|
|
we refcount the bpf_d memory correctly so it cant go away. possibly worse
is the bpf minor id could be reused between the kq calls, so this seems
safer to me. also avoids a list walk on each op cos the ptr is just there.
|
|
large cluster pools and MCLGETI.
we could chain mbufs if we want to go even bigger.
with a fix from Mathieu- <naabed at poolp dot org>
|
|
end up waiting until the ring is full cos the timeout doesnt get set up
when the knote is registered.
|
|
the failure path which leaks all the stuff the previous code in
bpf_movein allocates.
since it's only called from bpfwrite, use M_WAIT instead to make
it reliable and just get rid of the bogus failure code.
ok miod@
|
|
after discussions with beck deraadt kettenis.
|
|
spotted by Kent R. Spillner <kspillner acm org>
|
|
|
|
|
|
|
|
ether_vlan_header to make it a regular ether_header while copying into
the bpf buffer.
add bpf_mtap_stripvlan, which is a 1-line wrapper around _bpf_mtap passing
this copy function in.
ok benno
|
|
ok guenther
|
|
here any more
|
|
now that it is a trivial wrapper around the extended bpf_mtap_hdr, we can
use bpf_mtap_hdr directly. added benefit: pflog_bpfcopy doesn't need to
be exported any more and can stay private to if_pflog.c
ok benno bluhm reyk
|
|
the various bpf_mtap_* are very similiar, they differ in what (and to some
extent how) they prepend something, and what copy function they pass to
bpf_catchpacket.
use an internal _bpf_mtap as "backend" for bpf_mtap and friends.
extend bpf_mtap_hdr so that it covers all common cases:
if dlen is 0, nothing gets prepended.
copy function can be given, if NULL the default bpf_mcopy is used.
adjust the existing bpf_mtap_hdr users to pass a NULL ptr for the copy fn.
re-implement bpf_mtap_af as simple wrapper for bpf_mtap_hdr.
re-implement bpf_mtap_ether using bpf_map_hdr
re-implement bpf_mtap_pflog as trivial bpf_mtap_hdr wrapper
ok bluhm benno
|
|
tree. ok henning@
|
|
Avoid the confusion by using an appropriate name for the variable.
Note that since routing domain IDs are a subset of the set of routing
table IDs, the following idiom is correct:
rtableid = rdomain
But to get the routing domain ID corresponding to a given routing table
ID, you must call rtable_l2(9).
claudio@ likes it, ok mikeb@
|
|
struct ucred; struct process then directly links to the ucred
Based on a discussion at c2k10 or so before noting that FreeBSD and
NetBSD did this too.
ok matthew@
|
|
fixes negative timeout panics. tested by sthen.
|
|
|
|
|
|
more like the original conditional.
if this doesnt fix rd thrushs panic, then this should be reverted to
r1.85.
|
|
cheers to sthen@ and krw@ for properly dealing with the fallout of my
first commit.
|
|
< 0" seen by RD Thrush, http://article.gmane.org/gmane.os.openbsd.bugs/20113
where he has a long-running process using bpf which is active at the time of
panic. krw@ agrees with reverting for now.
|
|
with "ticks - start > interval" because the latter copes with the ticks
value wrapping.
pointed out by guenther@
ok krw@
|
|
|
|
on a packet, make bpf_catchpacket take a timeval indicating when the
packet was captured. Move microtime to the calling functions and grab
the timestamp as soon as we know that we're going to call catchpacket
at least once.
From NetBSD, ok deraadt, claudio, sthen
|
|
waiting for memory to become available
obtained from netbsd with tweaks, with input from deraadt and
blambert, ok deraadt, claudio
|
|
Byte order adjustment for bpf was hidden behind bpf_mtap_af() and
sizeof(u_int32_t) is used for length of the bpf header.
tested by sebastia and mxb at alumni.chalmers.se.
ok claudio
|
|
so always show as writable to poll()/select().
Behavior pointed out by Fernando Gont. ok deraadt@
|
|
the obvious cases to return EINVAL and ENXIO.
ok tedu deraadt
|
|
size_t to int truncation
ok claudio
|
|
pflog was logging the "wrong" as in not yet rewritten (nat/rdr) addresses.
to address this without making an extra copy of the mbuf chain:
-introduce bpf_mtap_pflog, which is a 1:1 copy of bpf_mtap_hdr, except that
it supplies bpf_catchpacket with pflog_bpfcopy as copy function instead of
plain bcopy
-said new shiny pflog_bpfcopy knows what a pflog packet looks like, copies
everything into bpf's buffer, contructs a fake mbuf (which is allocated once
at attach time and reused over and over) which points to the bpf buffer
as data storage
-call pf_setup_pdesc on said fake mbuf
-then call pf_translate to rewrite the addresses as needed right in the
bpf buffer
this changes the pflog header as we have to pass the new addresses/ports
around. relies on canacar's awesome work in libpcap to work olrite with the
new, longer pflog header as well as with the old, shorter one.
almost completely written at c2k10 in canada, finished here at j2k10 in
japan. ok ryan dlg
|
|
supported it doesn't do any harm), so put the KNOTE() in selwakeup() itself and
remove it from any occurences where both are used, except one for kqueue itself
and one in sys_pipe.c (where the selwakeup is under a PIPE_SEL flag).
Based on a diff from tedu.
ok deraadt
|
|
like dhcpd/dhclinet can send packets out of interfaces in other rdomains
without hitting the check in ether_output().
With and ok phessler@
|
|
Reported and fix tested by weerd@, ok claudio@
|
|
ok canacar
|
|
it is very confusing like this.
ok deraadt@ canacar@
|
|
creates the VLAN encapsulation from the tag stored in the mbuf
header. Idea from FreeBSD, input from claudio@ and canacar@.
Switch all hardware VLAN enabled drivers to the new function.
ok claudio@
|
|
fix potential use of uninitialized value in trunk_port_ioctl() function.
Found by LLVM/Clang Static Analyzer.
ok mpf@ henning@
|
|
while UP and holding an open bpf handler by checking bpfilter_lookup()
for returning NULL in bpfpoll(). Added an XXX comment which reminds us
to recheck why this race condition happens in conjunction with the USB
stack.
Commented by miod@ and thib@ (would prefer to directly fix race condition,
if this is possible at all).
lot of help and OK claudio@
|
|
-remove useless casts
-MALLOC/FREE -> malloc/free
-use M_ZERO where appropriate instead of seperate bzero
feedback & ok krw, hshoexer
|
|
bug in the code, but as soon as I try to fix it, it seems to trigger
some other bugs. Instead of trying to figure out what's going on
while everyone suffers, it's better to back out and figure out
the bugs outside the tree.
|
|
Instead, keep the proc pointer in it and put the selinfo on a list
in struct proc in selrecord. Then clean up the list when leaving
sys_select and sys_poll.
miod@ ok, testing by many, including Bobs spamd boxes.
|
|
Previously the descriptor was locked only after
an interface is set, leading to a race condition.
Reported by Jon Steel < jon.steel at esentire com >
tested by otto@, looks correct deraadt@
|
|
code. however, it is still cluttering up the kernel namespace a bit. it is
better gone.
ok claudio@
|