| Age | Commit message (Collapse) | Author |
|---|
|
Introduce bridge_ourether() and move carp(4)-specific SRPL code inside
carp_ourether().
ok bluhm@
|
|
|
|
allows arp (and rarp) requests and replies to be matched, including matching
based on the source and target host and protocol adresses, and thus control
over arp traffic and learning.
written for medical x-ray machines, but useful in many spread out L2 networks
ok claudio benno
|
|
currently carp uses a struct carp_if to hold an srp list head, which
is accessed by both if_carp in struct ifnet, and via the if input
handlers list.
this gets rid of some indirection by making if_carp itself the list
head, rather than a pointer to the list head via a struct carp_if.
it also makes accessing the list consistent by only using if_carp
to get to it.
ok mpi@
|
|
memory shortage. As it is invoked from a system call, it should
not fail and wait instead.
OK visa@ mpi@
|
|
a DOWN interface.
ok visa@
|
|
When short packets are sent to the bridge with IPsec enabled,
an incorrect error path can be taken which leads to a lookup
of an SPD entry using an uninitialized SPI. Most of the time
this will fail, however there's a chance that an existing SPD
entry corresponds to the provided SPI which leads to use of
another uninitialized variable used to offset the IP or IPv6
header in order to get to the security protocol header.
ESP performs packet length checks and will fail when such
packets will reach it, but AH and IPComp don't have similar
checks and are affected the most.
CID 1452946, 1452957; Severity: Major
OK millert, visa, bluhm
|
|
ok visa@
|
|
All interface ioctl()s are executed with the NET_LOCK() held, which
protects all soft states of the network stack. IPL_NET is only needed
in drivers dealing with hardware and by extension the wireless stack.
|
|
Remove an if condition that cannot happen.
OK mikeb@
|
|
Try to follow the existing examples. Some notes:
- don't implement counters_dec() yet, which could be used in two
similar chunks of code. Let's see if there are more users first.
- stop incrementing IPv6-specific mbuf stats, IPv4 has no equivalent.
Input from mpi@, ok bluhm@ mpi@
|
|
rectification.
|
|
only once per packet.
Fix a regression introduced when if_input() started to be called by
every pseudo-driver.
ok claudio@, dlg@
|
|
serialize access to bridge(4) data structures.
ok mikeb@
|
|
recursively.
ok bluhm@
|
|
make "addlocal" an alias to "add" on bridge. addlocal is handled
differently on switch(4).
OK yasuoka@
|
|
each counter is identified by an enum value which correspond to the
original members of the ipstat struct.
ipstat_inc(ips_foo) replaces ipstat.ips_foo++ for the actual updates.
ipstat_inc is a thin wrapper around counters_inc.
counters are still returned to userland via the ipstat struct for now.
ok mpi@ mikeb@
|
|
ok mpi@
|
|
code to if.c.
ok mpi@
|
|
confusion about the tunnel endpoints when responding to the peer.
OK yasuoka@
|
|
mode, vxlan(4) must be configured to accept any virtual network
identifier with "vnetid any" and added to a bridge(4) or switch(4).
This way the driver will dynamically learn the tunnel endpoints and
their vnetids for the responses and can be used to dynamically bridge
between VXLANs. It is also being used in combination with switch(4)
and the OpenFlow tunnel classifiers.
With input from yasuoka@ goda@
OK deraadt@ dlg@
|
|
ok deraadt@ yasuoka@ reyk@ henning@
|
|
switch(4) currently supports OpenFlow 1.3.5.
Currently, it's disabled by the kernel config.
With help from yasuoka@ reyk@ jsg@.
ok deraadt@ yasuoka@ reyk@ henning@
|
|
ok sthen@, deraadt@, dlg@
|
|
no need to loop another copy on the receiving interface.
Reported by and ok uebayasi@
|
|
the packet has been feed to the pseudo-interfaces input handlers.
To fix that without introducing a layer violation we should be able to
disable HW-vlan on parent when in use with different pseudo-interfaces.
In the case of bridge(4) for example it makes no sense to let the interface
remove the VLAN header if the kernel has to add it back for every packet.
Fix issues reported by sebastia@ and markus@
From dlg@, ok claudio@
|
|
it should not be used to output packets but we have to respect the ifp
driver API to some extend.
Prevent a panic found the hardway by espie@.
ok claudio@, mikeb@, jsg@, krw@
|
|
less code for the same effect, which is ETHER_ALIGNed packets.
ok mpi@
|
|
(makes KASSERT() in pf_test() to go away)
Thanks to Mark and Mattieu for quick testing
OK mpi@
|
|
|
|
bridge_output() is used by the stack to duplicate a packet coming from a
bridge member to its other ports.
Confusion pointed by Momtchil Momtchev on misc@
ok reyk@
|
|
|
|
Splitting functions in if_bridge.c into if_bridge.c for the forwarding part
and bridgectl.c for the control part. It shouldn't have any functional change.
ok reyk@ mpi@ yasuoka@
|
|
ok reyk@ mpi@ yasuoka@
|
|
This allows more flexible configurations with vlan(4) and bridge(4) on
top of the same physical interface. In particular it allows to not feed
VLAN tagget packets into a bridge(4).
Fix regression reported by Armin Wolfermann on bugs@, ok dlg@
|
|
if_enqueue(). As pointed by dlg@, IF_QFULL on works in the priq
case.
Prompted by a diff from uebayasi@ to export ifi_oqdrops, ok dlg@
|
|
if_input() and to have a counterpart for bridge_ifenqueue() that helps
to understand the traffic/code flow in bridge better. The bridge
currently only puts a single packet on the input mbuf list, and
changing will need to undo part of this commit, but it still makes
sense to have a well-defined call for the ports receive path.
No functional change.
OK mpi@
|
|
(Especially adding IF_DROP() after IFQ_ENQUEUE() was completely wrong because
IFQ_ENQUEUE() already does it. Oops.)
After this revert, the situation becomes:
- if_snd.ifq_drops is incremented in either IFQ_ENQUEUE() or IF_DROP(), but
it is not shown to userland, and
- if_data.ifi_oqdrops is shown to userland, but it is not incremented by
anyone.
|
|
mpi@ plans to clean-up IF_DROP()'s, but fix consistent use of it for now.
OK dlg@
|
|
ok mpi
|
|
to pass additional context or transient data with the similar life
time.
ok mpi, suggestions, hand holding and ok from dlg
|
|
ok claudio@, dlg@
|
|
instead of having every driver that manipulates the ifih list
understand SRPLs, this moves that processing into if_ih_insert and
if_ih_remove functions.
we rely on the kernel lock to serialise the modifications to the
list.
tested by mpi@
ok mpi@ claudio@ mikeb@
|
|
We do not export those per-ifp statistics and they will soon all die.
"We're putting inet6 on a diet" claudio@
ok dlg@, mikeb@, claudio@
|
|
in bridge_localbroadcast() too.
This should fix another alignment issue kettenis@ is seeing.
ok dlg@
|
|
This fixes a crash during ifconfig bridge0 destroy.
OK mpi@
|
|
to defer the work currently done in bridge_input() and requiring the
KERNEL_LOCK to bridgeintr().
Tested by sthen@
ok rzalamena@, dlg@, bluhm@
|
|
if_input() has been designed to be able to safely handle a batch of
packets from physical drivers to the network stack. Most of these
drivers have an interrupt routine executed at IPL_NET and the check
made sense during the conversion. However we also want to re-enqueue
packets with if_input() from the network stack currently running at
IPL_SOFTNET.
ok claudio@
|
|
ok mpi@, claudio@.
|
|
The way gif(4) and bridge(4) are plugged together is disgusting but at
least this makes the layer violation obvious.
Fix a regression introduced by the M_PROTO1 loop prevention cleaning
because gif(4) was abusing this flag to figure out if the packet was
coming from a bridge(4).
Thanks to goda@ for finding this!
ok goda@, claudio@
|
