| Age | Commit message (Collapse) | Author |
|---|
|
create enc0 by default, but it is possible to add additional enc
interfaces. This will be used later to allow alternative encs per
policy or to have an enc per rdomain when IPsec becomes rdomain-aware.
manpage bits ok jmc@
input from henning@ deraadt@ toby@ naddy@
ok henning@ claudio@
|
|
ether_output() and later on other L2 output functions use a trick and over-
load the ifp->if_output() function pointer on MPLS enabled interfaces to
go through mpls_output() which will then call the link level output function.
By setting IFXF_MPLS on an interface the output pointers are switched.
This now allows to cleanup the MPLS input and output pathes and fix mpe(4)
so that the MPLS code now actually works for both P and PE systems.
Tested by myself and michele
(A custom kernel with MPLS and mpe enabled is still needed).
|
|
call the interface-specific ioctl handler as well in case the driver
needs to do something special. E.g. if_trunk expects this in order to
update MAC addresses of its trunk ports.
If you now see "Inappropriate ioctl for device" errors after running
"ifconfig $if lladdr random" please let me know. Most likely the ioctl
handler of the driver needs fixing.
ok claudio@, "I only count half an ok for networking" tedu@
|
|
removed. Extend carp demote logging to also show the reason for
the demote. Return EINVAL instead of ERANGE if a carpdemote request
is out range. Requested from otto.
OK mcbride, henning.
|
|
accordingly if one is configured and we're not a router.
Else IPv6 will leak the old MAC address after "ifconfig $if lladdr random".
Based on an initial diff and idea from Theo.
OK deraadt, "makes sense" and help by naddy, silent agreement by claudio
|
|
ok stsp
|
|
|
|
|
|
get used at all. turns out this needs more work - after release.
|
|
balancing issue from wrong order of operations (change after insert is
illegal with RB). and apparently there are cases left. to be revisited
after release
|
|
the list of all interfaces and traversing the list of all addresses on each
interface.
if bugs show up with addressing this is the #1 backout candidate, something
i missed might fuck with ifaddrs behind our back, although i looked &
tested hard. 10x to naddy for inet6 testing.
ok theo ryan dlg
|
|
includes AF_LINK addresses (aka mac addresses in the ethernet case). for
inet this also includes the broadcast addresses.
depends on ifinit() called earlier so we have a chance to pool_init before
autoconf assigns the AF_LINK addresses, the v6 fix, and the ifa_add/del
abstraction i just committed.
this is a change in semantics, it is now illegal to change the actual
address in an ifaddr struct because then the RB tree becomes unbalanced.
nothing using this tree yet.
ok theo ryan dlg
|
|
many places create a proper API (ifa_add / ifa_del) and use it.
ok theo ryan dlg
|
|
ok henning
|
|
interface is marked down, and wrap interface detach/attach in splnet().
ok henning@ todd@, "I like the idea" deraadt@
|
|
ok claudio@
|
|
different rdomain than the default one. This allows to do MPLS VPNs
without the MPLS madness. OK deraadt@, henning@
|
|
tables on top of a rdomain) but until now our code was a crazy mix so that
it was impossible to correctly use rtables in that case. Additionally pf(4)
only knows about rtables and not about rdomains. This is especially bad when
tracking (possibly conflicting) states in various domains.
This diff fixes all or most of these issues. It adds a lookup function to
get the rdomain id based on a rtable id. Makes pf understand rdomains and
allows pf to move packets between rdomains (it is similar to NAT).
Because pf states now track the rdomain id as well it is necessary to modify
the pfsync wire format. So old and new systems will not sync up.
A lot of help by dlg@, tested by sthen@, jsg@ and probably more
OK dlg@, mpf@, deraadt@
|
|
which does pay out, performance wise. one of the conditions to call the
interfaces' if_start routine immediately was "send queue is full".
on a very busy (hammered) machine this will itroduce too much latency
since we spend almost all cpu time in interrupt handlers and softnet,
so the softint actually doing the if_start gets called to seldom and
the queue full check is what triggers the actual transmit.
change the logic to call if's if_start routing immediately when there are
at least 8 packets (or in case if maxlen being smaller than 8, maxlen)
8 chose because it shows best performance in my test setup here.
ok dlg
|
|
functions are called, which will turn off DMA. Receiving packets into
your memory after a system reboot is pretty nasty. This will also mean
that the shutdown hooks can go; this solution is smaller.
ok henning miod dlg kettenis
|
|
ok claudio@, henning@
|
|
ok henning@
|
|
Makes non-IPv6 kernels build again
blame and ok henning@
|
|
alternate routing table and separate them from other interfaces in distinct
routing tables. The same network can now be used in any doamin at the same
time without causing conflicts.
This diff is mostly mechanical and adds the necessary rdomain checks accross
net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6.
input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@
|
|
ifconfig em0 -inet6
deletes all v6 addresses including link-local and prevents new ones from
being added.
ifconfig em0 inet6 <addr>
re-enables v6, brings the link local back and adds optional <addr>
ok theo reyk
|
|
No binary change.
|
|
to save some space in the kernel. Although there are deeper issues with
interface attachment, this diff was not meant to address those, just to
shave some space ;)
ok henning@, claudio@
|
|
the rtfree panic seen by some people.
|
|
levels. This will allow for platforms where soft interrupt levels do not
map to real hardware interrupt levels to have soft ipl values overlapping
hard ipl values without breaking spl asserts.
|
|
and I'm currently unable to find the cause of this. Time is running out so
workaround it for now. OK deraadt.
|
|
As a bonus it eliminates casting from pointer to int.
ok miod@ tedu@ millert@
|
|
|
|
added without an expilict priority. This allows to specify less prefered
interfaces that will only take over if the primary interface loses link.
OK deraadt@
|
|
inside if_data, so that netstat(1) and systat(1) can see them
ok dlg
|
|
Use a 1 tick timeout() to determine if the kernel even manages to get
below softclock (from an old diff by mpf). If our timeout comes late,
reduce the high water marks (to half) for all network interfaces, thus
starving them of future packet allocations for their RX rings. For a
few ticks longer, also block the high water marks from rising even if
RX ring empty conditions would prod us to do so.
Cards may start dropping some packets off the end of their smaller RX
rings, but we were not able to do the work required in any case. With
less interrupt time and mbuf movement, the system finds time to make
progress at the network queues. Userland even gets to run.
A x40 tuned to 600MHz shows no real reduction in performance. But a
soekris has a working console now.
ok dlg claudio, and art liked it too
|
|
watermark for mbuf cluster allocations.
this is necessary for things like bge which cannot cope with less than a
certain number of pkts on the ring.
ok deraadt@
|
|
the per ifp cluster allocator. should prevent the hwm being raised
innapropriately when a driver fills its rx ring for the first time.
|
|
allocators again.
|
|
ok dlg
|
|
but don't do that in m_free() as that will cause a double loop behaviour when
called via m_freem().
OK dlg@, deraadt@
|
|
of. currently limited to MCLBYTES (2048 bytes) and 4096 bytes until pools
can allocate objects of sizes greater than PAGESIZE.
this allows drivers to ask for "jumbo" packets to fill rx rings with.
the second half of this change is per interface mbuf cluster allocator
statistics. drivers can use the new interface (MCLGETI), which will use
these stats to selectively fail allocations based on demand for mbufs. if
the driver isnt rapidly consuming rx mbufs, we dont allow it to allocate
many to put on its rx ring.
drivers require modifications to take advantage of both the new allocation
semantic and large clusters.
this was written and developed with deraadt@ over the last two days
ok deraadt@ claudio@
|
|
which are considered down will no be marked ~RTF_UP and so multipath routing
will start to work as expected and not pump 50% of the traffic to nirvana.
Most of the magic happens in rn_mpath_reprio() which fiddles with the
routing table internals. The rest is more straight forward.
get it in deraadt@
|
|
not only over routes of the same prio. This makes it possible to modify
rt_mpath_matchgate() so that if only gateway is specified without a specific
priority it will scan the full list and not only the first routes.
This is also needed for upcoming link state tracking.
|
|
addressing in IPv6 likes to do ifp = ifindex2ifnet[ifindex] without properly
checking if the ifindex is valid. As a side-effect this solves parts of
PR 5981. Debugged by jsing@. OK jsing@, deraadt@
|
|
network mask. For some reasons some parts set sa->sa_len to 0 to specify
a /0 netmask so check fot that too. tested by david@ OK henning@
|
|
OK henning@
|
|
get hung in nfs_reconnect() because they do not have the proper
privilages to bind to a socket, by adding a struct proc * argument
to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind)
and do the sobind() with proc0 in nfs_connect.
OK markus@, blambert@.
"go ahead" deraadt@.
Fixes an issue reported by bernd@ (Tested by bernd@).
Fixes PR5135 too.
|
|
Also move the sampling into ether_input() where it can happen
at the interrupt and not within splnet() processing, which might
be less random. Discussed with mickey.
OK markus@, mcbride@
|
|
decent drivers prefer to have a lot of packets on the send queue so they
can queue a lot of them up on the tx ring and then post them all in one
big chunk. unfortunately our stack queues one packet onto the send queue
and then calls the start handler immediately.
this mitigates against that queue, send, queue, send behaviour by trying to
call the start routine only once per softnet. now its queue, queue, queue,
send.
this is the result of a lot of discussion with claudio@
tested by many.
|
|
all the original ones did, the recently added ones for labels per interface
didn't. no cookie for reyk ;(
ok deraadt
|
