| Age | Commit message (Collapse) | Author |
|---|
|
trees. ipsp_ids_lookup() returns `ids' with bumped reference
counter. original diff from mvs
ok mvs
|
|
dirty hacks, it is better to protect IPsec input and output with
kernel lock. Not much is lost as crypto needs the kernel lock
anyway. From here we can refine the lock later.
Note that there is no kernel lock in the SPD lockup path. Goal is
to keep that lock free to allow fast forwarding with non IPsec
traffic.
tested by Hrvoje Popovski; OK tobhe@
|
|
pointer is passed to the function, it will return a refcounted TDB.
The ref happens when ipsp_spd_inp() copies the pointer from
ipo->ipo_tdb. The caller of ipsp_spd_lookup() has to unref after
using it.
tested by Hrvoje Popovski; OK mvs@ tobhe@
|
|
is not always needed, but the error value is necessary for the
caller. As TDB should be refcounted, it makes not sense to always
return it. Pass an output pointer for the TDB which can be NULL.
OK mvs@ tobhe@
|
|
covered yet, more ref counts to come. The timeouts are protected,
so the racy tdb_reaper() gets retired. The tdb_policy_head, onext
and inext lists are protected. All gettdb...() functions return a
tdb that is ref counted and has to be unrefed later. A flag ensures
that tdb_delete() is called only once.
Tested by Hrvoje Popovski; OK sthen@ mvs@ tobhe@
|
|
crypto task anymore, it is possible to return the next protocol.
Then ip_deliver() will walk the header chain in its loop.
IPsec bridge(4) tested by jan@
OK mvs@ tobhe@ jan@
|
|
the mbuf, the callers must be careful. Although there is no bug,
use the common pattern to handle this. Pass down an mbuf pointer
mp and let m_pullup() update the pointer in all callers.
It looks like the tcp signature functions should not be called.
Avoid an mbuf leak and return an error.
OK mvs@
|
|
because smr_read sections don't play well with sleeping locks in pf(4).
OK bluhm@
|
|
this removes the duplication of the check code, and lets the v6
code in particular pick up a lot more sanity checks around valid
addresses on the wire.
ok bluhm@ sashan@
|
|
tested on amd64 and sparc64.
|
|
simplify the handling of the fragment list. Now the functions
ip_fragment() and ip6_fragment() always consume the mbuf. They
free the mbuf and mbuf list in case of an error and take care about
the counter. Adjust the code a bit to make v4 and v6 look similar.
Fixes a potential mbuf leak when pf_route6() called pf_refragment6()
and it failed. Now the mbuf is always freed by ip6_fragment().
OK dlg@ mvs@
|
|
the first cut of this diff was made with coccinelle using this spatch:
@rule@
type caddr_t;
expression m, off, len, cp;
@@
-m_copydata(m, off, len, (caddr_t)cp)
+m_copydata(m, off, len, cp)
i had fix it's opinionated idea of formatting by hand though, so
i'm not sure it was worth it.
ok deraadt@ bluhm@
|
|
|
|
using the ipv6 next protocol header probably doesnt work. it also
probably doesnt matter cos i'm not sure anyone uses this feature in
bridge. or maybe there isn't anyone who uses ipv6. both are plausible
options.
hahaha^Wok patrick@
|
|
ok bluhm@ sashan@
|
|
ifs = ifunit(req->ifbr_ifsname);
if (ifs == NULL) {
error = ENOENT;
break;
}
if (ifs->if_bridgeidx != ifp->if_index) {
error = ESRCH;
break;
}
bif = bridge_getbif(ifs);
This sequence repeats 8 times. Also we don't check value returned by
bridge_getbig() before use. Newly introduced bridge_getbig() function
replaces this sequence. This not only reduces duplicated code but also
makes `bif' dereference safe.
ok bluhm@
|
|
bridge(4) drops packets coming from somewhere else that have a
source MAC address that's owned by one of the interfaces that's a
member of the bridge. because this check was done with bridge_ourether,
it included the addresses of active carp interfaces hanging off
these member interfaces. this meant if the local machine is the
carp master while another machine is trying to preempt it by sending
hellos, the packets from the other machine were dropped because the
local one is already the master.
carp roles are supposed to move around a l2 network, so another
host sending a packet with a carp mac address is actually normal
and necessary.
found by and fix tested by stsp@
ok stsp@ claudio@
|
|
if_detach() will do this.
ok kn@
|
|
joint work markus@ patrick@ bluhm@
|
|
Replace this pointer by interface index. This allow us to avoid some use
after free issues caused by ifioctl() races.
ok sashan@
|
|
ok yasuoka@
|
|
this is a step toward making all types of bridges coordinate their
use of port interfaces, and is a step toward deprecating the interface
input handler lists.
bridge(4), switch(4), and tpmr(4) now coordinate their access so
only one of them can own a port at a time.
this has been in snaps as part of a larger diff for over a week.
|
|
this was annoying if i made a typo like "ifconfig bridge0 add gre0"
instead of "ifconfig bridge0 add egre0" because it would create gre0
and then get upset cos it's not an Ethernet interface. also, it
left gre0 lying around.
this used to be useful when configuring a bridge on boot because
interfaces used to be created when they were configured, and bridges
could be configured before some virtual interfaces. however, netstart
now creates all necessary interfaces before configuring any of them,
so bridge being helpful isn't necessary anymore.
ok kn@
|
|
time_second(9) and time_uptime(9) are widely used in the kernel to
quickly get the system UTC or system uptime as a time_t. However,
time_t is 64-bit everywhere, so it is not generally safe to use them
on 32-bit platforms: you have a split-read problem if your hardware
cannot perform atomic 64-bit reads.
This patch replaces time_second(9) with gettime(9), a safer successor
interface, throughout the kernel. Similarly, time_uptime(9) is replaced
with getuptime(9).
There is a performance cost on 32-bit platforms in exchange for
eliminating the split-read problem: instead of two register reads you
now have a lockless read loop to pull the values from the timehands.
This is really not *too* bad in the grand scheme of things, but
compared to what we were doing before it is several times slower.
There is no performance cost on 64-bit (__LP64__) platforms.
With input from visa@, dlg@, and tedu@.
Several bugs squashed by visa@.
ok kettenis@
|
|
promiscuous mode from bridge(4). This fixes a regression of r1.332
of sys/net/if_bridge.c.
splassert with bridge(4) and vlan(4) reported by David Hill
OK mpi@, dlg@
|
|
the main semantic change is that things registering detach hooks
have to allocate and set a task structure that then gets added to
the list. this means if the task is allocated up front (eg, as part
of carps softc or bridges port structure), it avoids the possibility
that adding a hook can fail. a lot of drivers weren't checking for
failure, and unwinding state in the event of failure in other parts
was error prone.
while doing this i discovered that the list operations have to be
in a particular order, but drivers weren't doing that consistently
either. this diff wraps the list ops up so you have to seriously
go out of your way to screw them up.
ive also sprinkled some NET_ASSERT_LOCKED around the list operations
so we can make sure there's no potential for the list to be corrupted,
especially while it's being run.
hrvoje popovski has tested this a bit, and some issues he discovered
have been fixed.
ok sashan@
|
|
Fix an issue reported by Eygene Ryabinkin where packet where dropped by
pf(4) because a vlan(4) interface was picked instead of its underlying
em(4).
While here do some refactoring to avoid code duplication.
Based on a submission from Eygene Ryabinkin <rea at codelabs dot ru>.
ok bluhm@, kn@
|
|
ok dlg@, sthen@, millert@
|
|
|
|
From Eygene Ryabinkin.
|
|
Since `bif' are removed from the interface list before calling smr_barrier()
and the hash queue is cleaned up afterward, it is possible to find an ifidx
with bridge_rtlookup() that won't match to any `bif'.
Fix a panic reported by Hrvoje Popovski, ok visa@
|
|
This removes the KERNEL_LOCK() around the list iteration in bridge_enqueue().
Since the NET_LOCK() isn't protecting any data structure, release it early
in all the code paths coming from the Network Stack to prevent possible
deadlock situations with smr_barrier().
bridge_input() is still KERNEL_LOCK()ed as well as bridge_filterrule().
ok visa@
|
|
OK mpi@
|
|
when multiple interfaces do MAC filtering.
Memory leak reported by Daniel Levai
With and OK mpi@
|
|
caused a hanging "ifconfig bridge0 destroy" and a subsequent uvm
fault.
reported and tested by Hrvoje Popovski; OK visa@
|
|
This redefines the ifp <-> bridge relationship. No lock can be
currently used across the multiples contexts where the bridge has
tentacles to protect a pointer, use an interface index.
Tested by various, ok dlg@, visa@
|
|
conditional timeout_barrier(9).
OK kn@ dlg@
|
|
ok visa@
|
|
|
|
ok visa@
|
|
This will help for future (un)locking.
ok visa@
|
|
inputs & ok visa@
|
|
the timeout handler if the interface is running.
ok claudio@
|
|
|
|
- Do checks that do not access shared data structures first, they don't
need locking and save us some dances.
- Use the common !ETHER_IS_MULTICAST() idiom and move some code that won't
be executed if the bridge(4) is down.
ok bluhm@, visa@
|
|
ok kn@, claudio@, visa@
|
|
ok claudio@, kn@, visa@
|
|
grained locking.
ok visa@, florian@
|
|
- Unify the two hooks by passing the same argument
- Check for nullity before dereferencing `if_bridgeport', this will
matter when we go MP
- Use the same pattern to find a member in the ioctl path
ok bluhm@, visa@
|
|
enough.
ok sthen@, visa@
|
