| Age | Commit message (Collapse) | Author |
|---|
|
ok sha256
|
|
compiler that source and destination are not overlapping, allowing for more
aggressive optimization, leading to a significant performance improvement
on busy firewalls. Reworking of a diff by dlg@, who did the hard work of
benchmarking this.
ok deraadt@, mikeb@, henning@, mcbride@, tedu@, matthew@
|
|
.h files to pull it in, if needed
ok tedu
|
|
ok claudio mpi
|
|
Method (checking for PACKET_TAG_DLT) suggested by claudio, ok mpf
|
|
of to the bridge itself. This is ok, since an interface can only be part
of one bridge, and the parent bridge is easy to find from the bridgeport.
This way we can get rid of a lot of list walks, improving performance
and shortening the code.
ok henning stsp sthen reyk
|
|
|
|
`net.pipex.enable' to enable PIPEX. By default, pipex is disabled
and it will not process packets from wire. Update man pages and
update HOWTO_PIPEX_NPPPD.txt for testers.
discussed with dlg@, ok deraadt@ mcbride@ claudio@
|
|
OK dlg@ henning@
|
|
a possible memory leak with bpf's BIOCSFILDROP option which is currently
used by dhcpd and dhclient.
Found by gollo@
|
|
|
|
1) one statement per line
2) label gets its own line, and doesn't share it with a statement
no functional change
"Let the turd shine." claudio@
|
|
IFF_PROMISC check that ensures that only local packets make it into the
network stack. Check both the original ifp and the new ifp for IFF_PROMISC.
Problem identified by Patrick Coleman.
OK mcbride@, henning@
|
|
QinQ-compliant svlan (service VLAN) interfaces are implemented as
a new cloner type, use Ethernet type 0x88a8, and have a dedicated
VLAN tag hash to avoid ID conflicts. vlan(4) interfaces can be
stacked on top of svlan(4).
Originally from reyk@, input from claudio@ and deraadt@
ok claudio@
|
|
ether_output() and later on other L2 output functions use a trick and over-
load the ifp->if_output() function pointer on MPLS enabled interfaces to
go through mpls_output() which will then call the link level output function.
By setting IFXF_MPLS on an interface the output pointers are switched.
This now allows to cleanup the MPLS input and output pathes and fix mpe(4)
so that the MPLS code now actually works for both P and PE systems.
Tested by myself and michele
(A custom kernel with MPLS and mpe enabled is still needed).
|
|
accept flags for report and nocloning. Move the rtableid into struct route
(with a minor twist for now) and make a few more codepathes rdomain aware.
Appart from the pf.c and route.c bits the diff is mostly mechanical.
More to come...
OK michele, henning
|
|
The ones found in gnu/ left out by intention.
ok jmc
|
|
|
|
ok mcbride@
|
|
is safe for both hardware devices and virtual devices
ok mpf, kettenis, moaning and groaning and slow acceptance from mcbride
XXX should loop checking for uniqueness after new henning diff goes in
|
|
acceleration for PPP access concentrator.
ok mcbride@ dlg@ deraadt@ reyk@.
|
|
tables on top of a rdomain) but until now our code was a crazy mix so that
it was impossible to correctly use rtables in that case. Additionally pf(4)
only knows about rtables and not about rdomains. This is especially bad when
tracking (possibly conflicting) states in various domains.
This diff fixes all or most of these issues. It adds a lookup function to
get the rdomain id based on a rtable id. Makes pf understand rdomains and
allows pf to move packets between rdomains (it is similar to NAT).
Because pf states now track the rdomain id as well it is necessary to modify
the pfsync wire format. So old and new systems will not sync up.
A lot of help by dlg@, tested by sthen@, jsg@ and probably more
OK dlg@, mpf@, deraadt@
|
|
running out of mbufs for rx rings.
if the system low watermark is lower than a rx rings low watermark,
we'll never send a packet up the stack, we'll always recycle it.
found by thib@ on a bge
sadface
|
|
to free some for use on the rx rings on network cards.
this modifies m_cluncount to advise callers when we're in such a
situation, and makes them responsible for freeing up the cluster
for allocation by MCLGETI later.
fixes an awesome lockup with sis(4) henning has been experiencing.
this is not the best fix, but it is better than the current situation.
yep deraadt@ tested by henning@
|
|
alternate routing table and separate them from other interfaces in distinct
routing tables. The same network can now be used in any doamin at the same
time without causing conflicts.
This diff is mostly mechanical and adds the necessary rdomain checks accross
net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6.
input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@
|
|
MPLS enabled kernels.
ok claudio@
|
|
We can now act as edge node and allow ipv4 packets to
enter a Label Switched Path and not just forwarding
MPLS packets.
OK claudio@
|
|
but don't do that in m_free() as that will cause a double loop behaviour when
called via m_freem().
OK dlg@, deraadt@
|
|
of. currently limited to MCLBYTES (2048 bytes) and 4096 bytes until pools
can allocate objects of sizes greater than PAGESIZE.
this allows drivers to ask for "jumbo" packets to fill rx rings with.
the second half of this change is per interface mbuf cluster allocator
statistics. drivers can use the new interface (MCLGETI), which will use
these stats to selectively fail allocations based on demand for mbufs. if
the driver isnt rapidly consuming rx mbufs, we dont allow it to allocate
many to put on its rx ring.
drivers require modifications to take advantage of both the new allocation
semantic and large clusters.
this was written and developed with deraadt@ over the last two days
ok deraadt@ claudio@
|
|
part of a server. there's no configuration yet, and several other drawbacks,
but it can be hammered into shape. i haven't moved the code forward in a year,
and marco wants it in the tree to hack on.
|
|
where the tag is stored in the mbuf header.
* Make bridge(4) handle interfaces with and without hardware tag
support and forward packets inbetween.
Help and ok claudio@
|
|
|
|
Move calling ether_ioctl() from the top of the ioctl function, which
at the moment does absolutely nothing, to the default switch case.
Thus allowing drivers to define their own ioctl handlers and then
falling back on ether_ioctl(). The only functional change this results
in at the moment is having all Ethernet drivers returning the proper
errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown
ioctl's.
Shrinks the i386 kernels by..
RAMDISK - 1024 bytes
RAMDISKB - 1120 bytes
RAMDISKC - 832 bytes
Tested by martin@/jsing@/todd@/brad@
Build tested on almost all archs by todd@/brad@
ok jsing@
|
|
ok canacar@
|
|
do not count address family field twice in tun's if_obytes stats.
ok henning@ reyk@ deraadt@ for the ethernet bits.
ok deraadt@ for the tun bits.
|
|
from ether_input() into trunk_input() where it can be handled in a smarter way.
OK claudio@ and reyk@ on an earlier version.
|
|
|
|
No need to preload the arp table anymore. hai norby@
|
|
Also move the sampling into ether_input() where it can happen
at the interrupt and not within splnet() processing, which might
be less random. Discussed with mickey.
OK markus@, mcbride@
|
|
MPLS support partly based on the (abandoned?) AYAME project.
Basic LSR (Label Switch Router) functionality is present, but not fully
functional yet.
It is currently possible to insert entries in the LIB (Label Information Base)
with route(8), but setting the operation type is not supported yet.
Imported to allow more people to work on this in the coming weeks.
ok claudio@ laurent@ dlg@
|
|
crc in addition to the existing "oneshot" mode and use them to replace
ieee80211_crc_update() with the new ether_crc32_le_update(). Saves 1k
kernel bss + some code.
Mark the new ether_crc32_[lb]e_update functions as __pure for a
~25x speedup (on my i386 at least).
feedback and ok damien@
|
|
decent drivers prefer to have a lot of packets on the send queue so they
can queue a lot of them up on the tx ring and then post them all in one
big chunk. unfortunately our stack queues one packet onto the send queue
and then calls the start handler immediately.
this mitigates against that queue, send, queue, send behaviour by trying to
call the start routine only once per softnet. now its queue, queue, queue,
send.
this is the result of a lot of discussion with claudio@
tested by many.
|
|
trunk(4).
PR 5248
ok reyk@
|
|
Instead of using the same IP on multiple interfaces, carp has to be
configured with the new "carpnodes" and "balancing" options.
# ifconfig carp0 carpnodes 1:0,2:100,3:100 balancing ip carpdev sis0 192.168.5.50
Please note, that this is a flag day for anyone using carp balancing.
You'll need to adjust your configuration accordingly.
Addititionally this diff adds IPv6 NDP balancing support.
Tested and OK mcbride@, reyk@.
Manpage help by jmc@.
|
|
packet have to be protected by the same splnet. Otherwise on
architectures where soft interrupts are executed immediately, the
interrupt is processed before the packet is in the queue.
On real hardware interfaces this was not a problem as ether_input()
is called at splnet anyway. But when sending to a tun interface
the packet got delayed.
ok beck@ miod@ henning@ mpf@ markus@
|
|
that is kept in a list per carp interface. This is the huge first
step necessary to make carp load balancing nice and easy. One carp
interface can now contain up to 32 virtual host instances.
This doesn't do anything useful yet, but here is how an ifconfig
for multiple entries now looks like:
# ifconfig carp2 carpnodes 5:0,6:100 192.168.5.88
carp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:05
carp: carpdev sis0 advbase 1
state MASTER vhid 5 advskew 0
state BACKUP vhid 6 advskew 100
groups: carp
inet 192.168.5.88 netmask 0xffffff00 broadcast 192.168.5.255
OK mcbride@
|
|
-remove useless casts
-MALLOC/FREE -> malloc/free
-use M_ZERO where appropriate instead of seperate bzero
feedback & ok krw, hshoexer
|
|
|
|
#if NPF > 0
to prevent feeding back the mbuf do looutput if we are on simplex
interfaces and the packet has been routed by pf, whch can lead to a loop
in weird corner cases.
apparently nobody triggered these cases in ages, since pf.h was not included
and thus NPF not defined and thus this code not compiled.
ok theo
|
|
OK claudio@ jason@
|
