| Age | Commit message (Collapse) | Author |
|---|
|
|
|
1) demote by 32 on the first bulk update to prevent failovers w/o having
a full state table;
2) don't do any demotion adjustments on the link up event and undemote
when bulk update finishes (or times out) preventing a race between
nodes getting a link state update asynchronously.
With phessler; tested by phessler and Kapetanakis Giannis. Thanks!
Looked through by henning and dlg.
|
|
figured out by and ok guenther
|
|
|
|
moving the state export functionality from pfsync code into pf.
Based on the initial diff diff by guenther, ok henning.
|
|
pf to fix that.
- add #ifdef INET6 in obvious places
- af translation is only possible with both INET and INET6
- interleave #endif /* INET6 */ and closing brace correctly
- it is not necessary to #ifdef function prototypes
- do not compile af translate functions at all instead of empty stub,
then the linker will report inconsistencies
- pf_poolmask() actually takes an sa_family_t not an u_int8_t argument
No binary change for GENERIC compiled with -O2 and -UDIAGNOSTIC.
reported by Olivier Cochard-Labbe; ok mikeb@ henning@
|
|
this prevents backup to failover back to master immediately
after getting link back on carpdev interface if underlying
pfsync interface went down as well. instead pfsync will
request a bulk update to get new states from the master.
sthen and mpf like the idea, ok dlg
|
|
ok dlg claudio
|
|
with every other thing that stores the state id (including other pfsync
messages).
includes improvements to the systat code to consider the creatorid as well
as the state id in its cache to avoid collisions between states created on
different hosts.
tested by me in production and on amd64 talking to sparc64.
ok henning@
|
|
accidental race conditions. From Erik Lax, thanks! ok dlg
|
|
connection does not observe the route-to option.
ok dlg mikeb
|
|
skewed at runtime by things like date(1) and ntpd. time_uptime is
monotonic and therefore more useful to compare against.
ok deraadt@ mikeb@
|
|
only when we're going up, not when we set PROMISC or any other
flag. Fixes spontaneous CARP failovers when running tcpdump
on pfsync.
ok henning, mcbride, camield
|
|
calculations, and does _not_ denote the time when to expire. So
it should never be added to (set into the future).
Try to reconstruct it with an educated guess on state import and
just set it to the current time on state updates.
This fixes a problem on pfsync listeners where the expiry time
could be double the expected value and cause a lot more states
to linger.
Timeout code from mikeb.
Found and testing by Maxim Bourmistrov.
ok mikeb dlg
|
|
an icmp<->icmp6 state (nat64); ok henning, mcbride, dlg
|
|
interface. Problem report and fix from Erik Lax, thanks!
|
|
than the syncdev MTU. Prompted by the discussion with and tested
by Maxim Bourmistrov; ok dlg, mpf
|
|
mcbride agrees, ok mpf, dlg
|
|
"af-to" a generic IP version translator for pf(4).
Not everything perfect yet but lets fix these things in the tree.
Insane amount of work done by sperreault@, mikeb@ and reyk@.
Looked over by mcbride@ henning@ and myself at eurobsdcon.
OK mcbride@ and general put it in from deraadt@
|
|
without growing it in pfsync_state too.
to keep the wire format compat this uses some of the pad bytes to send
all the state flags on the wire as well as maintaining the old state_flags
field. after 5.0 we'll deprecate the original field and only use the new
one.
discussed with mcbride and deraadt and based on a diff from deraadt.
tested against an "old" pfsync locally.
ok mcbride@ henning@ deraadt@
|
|
Reject states with pfsync_state->af == 0 in pfsync_state_import(), in
preparation for states which specify an address family in each state key
instead (change will take place post-5.0).
ok dlg henning mikeb
|
|
|
|
no change in binary
"Sure" claudio@
|
|
actually removed it from the timeout wheel before releasing it. if
timeout_del returns 0 then you know the timeout is about to run or
is already running, meaning it will free itself so you dont have
to.
this handling is only done for the undefer paths at SOFTNET since
it is higher than SOFTCLOCK which timeouts run from. it is possible
for a timeout to start running at softclock and get interrupted by
softnet. the undefer in process context blocks both these interrupts
while it undefers, so it is impossible for the timeout to run and
cause the list to be in this inconsistent state.
|
|
|
|
blindly assuming everything is v4 to be sent with ip_output.
problem originally reported by Marco Fretz.
fix verified locally.
ok henning@ mcbride@
|
|
varies by arch). the 20ms is still up for discussion.
ok deraadt@
|
|
m_pullup.
not really a significant change since most rx bufs (which we read pfsync
packets from) are a single contig cluster coming off the network, so we
rarely hit the case m_pullup was called in.
|
|
pass to all the submessage handlers, but only the flags part of it was
ever used. just pass the flags directly instead.
|
|
since theyre only ever called from pfsync_input, which is only called
from ipintr, which is only called by softnet.
|
|
|
|
we can pass M_WAITOK to malloc(9) (which was already done a few lines
down, which set off my aesthetic alarm).
While here, include malloc.h, since we're calling malloc.
ok dlg@
|
|
without holding splsoftnet. this adds the necessary protection.
reported by patrick coleman
|
|
ok dlg@
|
|
This allows to run isakmpd/iked/ipsecctl in multiple rdomains
independently (with "route exec"); the kernel will pickup the rdomain
from the process context of the pfkey socket and load the flows and
SAs into the matching rdomain encap routing table. The network stack
also needs to pass the rdomain to the ipsec stack to lookup the
correct rdomain that belongs to an interface/mbuf/... You can now run
individual IPsec configs per rdomain or create IPsec VPNs between
multiple rdomains on the same machine ;). Note that a primary enc(4)
in addition to enc0 interface is required per rdomain, eg. enc1 rdomain 1.
Test by some people, mostly on existing "rdomain 0" setups. Was in
snaps for some days and people didn't complain.
ok claudio@ naddy@
|
|
sending a bulk update, only say we're using the states referenced
by the next and last pointers into the table. this means the pf
timeout thread can keep trimming states during a bulk update.
|
|
+#if defined(PFSYNC_DEBUG)
|
|
keeps on building them, which means that it floods the tx ring on
the pfsync interface rather than actually sending many packets.
this change correctly calculates when we've filled a bulk update
packet.
many thanks to david@ for making me go chase this. ive been wondering
why the state count on my firewalls has had such a discrepency for
a long time now.
|
|
pfsync_bulk_start sets up a bulk transfer by doing this:
sc->sc_bulk_next = TAILQ_FIRST(&state_list);
sc->sc_bulk_last = sc->sc_bulk_next;
and then calls pfsync_bulk_update which loops over state_list like
this:
st = sc->sc_bulk_next;
while (st != sc->sc_bulk_last) {
basically bulk updates never got sent.
this diff handles jjs problem by not attempting to send a bulk
update when the state table is empty and fixed the loop to break
at the right times.
reported by david@ who's initial tests are positive.
reviewed by mcbride@
tested in production at work.
|
|
afterwards
diff from gleydson soares
ok claudio@
|
|
This is needed because pf_state_peer_hton() skips some fields in certain
situations which could result in garbage beeing sent to the other peer.
This seems to fix the pfsync storms seen by stephan@ and so dlg owes me
a whiskey.
OK dlg@, stephan@
|
|
removed. Extend carp demote logging to also show the reason for
the demote. Return EINVAL instead of ERANGE if a carpdemote request
is out range. Requested from otto.
OK mcbride, henning.
|
|
Found out the hard way by Laurent ``bucky'' Lavaud and myself.
Input by claudio@, ok dlg@
|
|
also protect the flushing of the deferred packet queue in clone_destroy
with the right spls. noticed by claudio@
|
|
ok sthen@ henning@
|
|
definition of DPFPRINTF(), and log priorities from syslog.h. Old debug
levels will still work for now, but will eventually be phased out.
discussed with henning, ok dlg
|
|
that it knows how big the messages are.
rework the message handlers to use the pfsync_subheader.len value to
iterate over the message regions.
deprecate the EOF subheader since trying to pulldown a 0 byte buffer is
fail.
ok mcbride@ sperreault@
|
|
this makes sure there is enough of the message to try and parse it, and
allows implementations to skip past regions prefixed by unknown subheaders.
based on discussion with mcbride@ deraadt@ and simon perreault
|
|
bpfdetach() will be called in if_detach(). Diff by Gleydson Soares
|
|
|
