Age | Commit message (Collapse) | Author |
|
many years and wide spread demand for support never materialized.
time to pack it in.
|
|
after discussions with beck deraadt kettenis.
|
|
via if_rxring things. this effectively deprecates the third argument
for MCLGETI and m_clget and makes the mbuf layer no longer care about
interfaces and simplifies the allocation paths.
the timeout used to measure livelock has been moved to net/if.c.
ok mpi@
|
|
ok gcc & md5 (aka no binary change)
|
|
on al already ass embed ethernet frame, which meant:
-copy (most of) the existing ethernet header into a ether_vlan_header
on the stack
-fill the extra fields in ether_vlan_header
-set the ether type
-m_adj() to make room for the extra space ether_vlan_header needs
-m_copyback the ether_vlan_header into the mbuf
that involves moving data around, which isn't all that cheap.
cleaner & easier to have ether_output prepend the ether_vlan_header instead
of the regular ethernet header, which makes the vlan tagging essentially
free in most cases.
help & ok reyk, naddy; waste of time bikeshedding tech@
|
|
the pseudo_AF_HDRCMPLT case, ok claudio reyk
|
|
|
|
ok claudio reyk
|
|
carp_rewrite_lladdr to overwrite the src lladdr, get the intended src
lladdr before assembling the ethernet header.
carp_rewrite_lladdr -> carp_get_srclladdr
ok reyk claudio
|
|
src lladdr just to copy it from the esrc buffer into the ethernet header
a few lines later, use an esrc pointer to figure out where to copy the
src lladdr from. ok claudio reyk
|
|
Avoid the confusion by using an appropriate name for the variable.
Note that since routing domain IDs are a subset of the set of routing
table IDs, the following idiom is correct:
rtableid = rdomain
But to get the routing domain ID corresponding to a given routing table
ID, you must call rtable_l2(9).
claudio@ likes it, ok mikeb@
|
|
|
|
such case loouput() is called not ether_output().
ok claudio@, mikeb@
|
|
ok pelikan@, tedu@
|
|
reading it from the packet header. While here makes carp_input()
take the same arguments as ether_input().
ok bluhm@, mikeb@
|
|
member directly.
ok mikeb@
|
|
ok tedu
|
|
global variables to in.h.
ok mikeb@, deraadt@
|
|
ok sha256
|
|
compiler that source and destination are not overlapping, allowing for more
aggressive optimization, leading to a significant performance improvement
on busy firewalls. Reworking of a diff by dlg@, who did the hard work of
benchmarking this.
ok deraadt@, mikeb@, henning@, mcbride@, tedu@, matthew@
|
|
.h files to pull it in, if needed
ok tedu
|
|
ok claudio mpi
|
|
Method (checking for PACKET_TAG_DLT) suggested by claudio, ok mpf
|
|
of to the bridge itself. This is ok, since an interface can only be part
of one bridge, and the parent bridge is easy to find from the bridgeport.
This way we can get rid of a lot of list walks, improving performance
and shortening the code.
ok henning stsp sthen reyk
|
|
|
|
`net.pipex.enable' to enable PIPEX. By default, pipex is disabled
and it will not process packets from wire. Update man pages and
update HOWTO_PIPEX_NPPPD.txt for testers.
discussed with dlg@, ok deraadt@ mcbride@ claudio@
|
|
OK dlg@ henning@
|
|
a possible memory leak with bpf's BIOCSFILDROP option which is currently
used by dhcpd and dhclient.
Found by gollo@
|
|
|
|
1) one statement per line
2) label gets its own line, and doesn't share it with a statement
no functional change
"Let the turd shine." claudio@
|
|
IFF_PROMISC check that ensures that only local packets make it into the
network stack. Check both the original ifp and the new ifp for IFF_PROMISC.
Problem identified by Patrick Coleman.
OK mcbride@, henning@
|
|
QinQ-compliant svlan (service VLAN) interfaces are implemented as
a new cloner type, use Ethernet type 0x88a8, and have a dedicated
VLAN tag hash to avoid ID conflicts. vlan(4) interfaces can be
stacked on top of svlan(4).
Originally from reyk@, input from claudio@ and deraadt@
ok claudio@
|
|
ether_output() and later on other L2 output functions use a trick and over-
load the ifp->if_output() function pointer on MPLS enabled interfaces to
go through mpls_output() which will then call the link level output function.
By setting IFXF_MPLS on an interface the output pointers are switched.
This now allows to cleanup the MPLS input and output pathes and fix mpe(4)
so that the MPLS code now actually works for both P and PE systems.
Tested by myself and michele
(A custom kernel with MPLS and mpe enabled is still needed).
|
|
accept flags for report and nocloning. Move the rtableid into struct route
(with a minor twist for now) and make a few more codepathes rdomain aware.
Appart from the pf.c and route.c bits the diff is mostly mechanical.
More to come...
OK michele, henning
|
|
The ones found in gnu/ left out by intention.
ok jmc
|
|
|
|
ok mcbride@
|
|
is safe for both hardware devices and virtual devices
ok mpf, kettenis, moaning and groaning and slow acceptance from mcbride
XXX should loop checking for uniqueness after new henning diff goes in
|
|
acceleration for PPP access concentrator.
ok mcbride@ dlg@ deraadt@ reyk@.
|
|
tables on top of a rdomain) but until now our code was a crazy mix so that
it was impossible to correctly use rtables in that case. Additionally pf(4)
only knows about rtables and not about rdomains. This is especially bad when
tracking (possibly conflicting) states in various domains.
This diff fixes all or most of these issues. It adds a lookup function to
get the rdomain id based on a rtable id. Makes pf understand rdomains and
allows pf to move packets between rdomains (it is similar to NAT).
Because pf states now track the rdomain id as well it is necessary to modify
the pfsync wire format. So old and new systems will not sync up.
A lot of help by dlg@, tested by sthen@, jsg@ and probably more
OK dlg@, mpf@, deraadt@
|
|
running out of mbufs for rx rings.
if the system low watermark is lower than a rx rings low watermark,
we'll never send a packet up the stack, we'll always recycle it.
found by thib@ on a bge
sadface
|
|
to free some for use on the rx rings on network cards.
this modifies m_cluncount to advise callers when we're in such a
situation, and makes them responsible for freeing up the cluster
for allocation by MCLGETI later.
fixes an awesome lockup with sis(4) henning has been experiencing.
this is not the best fix, but it is better than the current situation.
yep deraadt@ tested by henning@
|
|
alternate routing table and separate them from other interfaces in distinct
routing tables. The same network can now be used in any doamin at the same
time without causing conflicts.
This diff is mostly mechanical and adds the necessary rdomain checks accross
net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6.
input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@
|
|
MPLS enabled kernels.
ok claudio@
|
|
We can now act as edge node and allow ipv4 packets to
enter a Label Switched Path and not just forwarding
MPLS packets.
OK claudio@
|
|
but don't do that in m_free() as that will cause a double loop behaviour when
called via m_freem().
OK dlg@, deraadt@
|
|
of. currently limited to MCLBYTES (2048 bytes) and 4096 bytes until pools
can allocate objects of sizes greater than PAGESIZE.
this allows drivers to ask for "jumbo" packets to fill rx rings with.
the second half of this change is per interface mbuf cluster allocator
statistics. drivers can use the new interface (MCLGETI), which will use
these stats to selectively fail allocations based on demand for mbufs. if
the driver isnt rapidly consuming rx mbufs, we dont allow it to allocate
many to put on its rx ring.
drivers require modifications to take advantage of both the new allocation
semantic and large clusters.
this was written and developed with deraadt@ over the last two days
ok deraadt@ claudio@
|
|
part of a server. there's no configuration yet, and several other drawbacks,
but it can be hammered into shape. i haven't moved the code forward in a year,
and marco wants it in the tree to hack on.
|
|
where the tag is stored in the mbuf header.
* Make bridge(4) handle interfaces with and without hardware tag
support and forward packets inbetween.
Help and ok claudio@
|
|
|