summaryrefslogtreecommitdiff
path: root/sys/net/if_vxlan.c
AgeCommit message (Collapse)Author
2017-11-20Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare runningMartin Pieuchot
pr_input handlers without KERNEL_LOCK(). ok visa@
2017-10-25Remove Multicast and Broadcast flags from the encapsulated packet inMartin Pieuchot
vxlan(4) like it is done by other tunnelling pseudo-interfaces. While here sync the comment between multiple interfaces. Bug report and original diff from Pierre LALET.
2017-08-11Remove NET_LOCK()'s argument.Martin Pieuchot
Tested by Hrvoje Popovski, ok bluhm@
2017-08-10A missing break in vxlan_sockaddr_cmp() could eventually trick anReyk Floeter
vxlan interface into accepting packets for the wrong destination (if the sockaddr_in6 checks somehow match on sockaddr_in addresses). Coverity CID 1452902; Severity: Moderate OK mikeb@
2017-05-04Introduce sstosa() for converting sockaddr_storage with a type safeAlexander Bluhm
inline function instead of casting it to sockaddr. While there, use inline instead of __inline for all these conversions. Some struct sockaddr casts can be avoided completely. OK dhill@ mpi@
2017-04-11Partially revert previous mallocarray conversions that containDavid Hill
constants. The consensus is that if both operands are constant, we don't need mallocarray. Reminded by tedu@ ok deraadt@
2017-04-09Use mallocarray to allocate multicast group memberships.David Hill
ok deraadt@
2017-01-22move counting if_opackets next to counting if_obytes in if_enqueue.David Gwynne
this means packets are consistently counted in one place, unlike the many and various ways that drivers thought they should do it. ok mpi@ deraadt@
2017-01-04As noticed by bluhm@ the netlock is required for the multicast cleanupMike Belopuhov
While here, remove unnecessary splnet's. ok mpi
2017-01-03Don't try to reconfigure the multicast group in the detach handler ofReyk Floeter
the multicast interface - simply clear the VXLAN configuration when the associated multicast interface disappears. This fixes some locking and recursion problems. OK mpi@ mikeb@
2016-12-13make v6 tunnel address handling consider ipv6 scope.David Gwynne
an earlier version of this diff was ok mpi@
2016-12-02Rremoves 'struct route_in6 *' argument from in6_selectsrc().Martin Pieuchot
Move the corresponding code in in6_pcbselsrc(). This reduces differences with IPv4 and will help us to get rid of 'struct route*'. ok vgross@
2016-11-29For virtual Ethernet drivers that don't have a technical limit of theReyk Floeter
hardmtu, pick a value of 65435 that leaves space for some encapsulation and almost a complete max-IP packet. After some discussion we picked this arbitrary value. OK dlg@
2016-10-25Make kernel without INET6 compile again.Alexander Bluhm
OK mikeb@
2016-10-14Fulfil our contractual obligations with ether_inputMike Belopuhov
Since ether_input expects the m_data to point directly at the Ethernet header and most upper layer protocols immediately following Ethernet expect their headers to be aligned to the 4 byte boundary, we need to ensure that the decapsulated VXLAN packet payload satisfies these requirements. prompted by a diff by vgross@, with input from dlg@, ok yasuoka
2016-10-07Fix vxlan_lookup() to comply the assumption of ether_input(). Put theYASUOKA Masahiko
entire ethernet header on first mbuf and align 32bit at the payload. Also fix the vxlan_output() not to cause an alignment fault. Use a new mbuf for VXLAN header instead of M_PREPEND to make sure that the mbuf is aligned 32bit. This is required to align 32 bit at the outer IP header. input vgross mikeb ok dlg
2016-09-30Accept a packet smaller than ETHERMIN.YASUOKA Masahiko
ok reyk
2016-09-29Rename brtag_src/brtag_dst to brtag_peer/brtag_local to avoidReyk Floeter
confusion about the tunnel endpoints when responding to the peer. OK yasuoka@
2016-09-28Fix vxlan to use the destination address correctly.YASUOKA Masahiko
Use the dst of the bridge_tunneltag for src on vxlan output and vice versa. ok reyk
2016-09-28Fix the way of checking the length of vxlan packet and made it strict.YASUOKA Masahiko
ok reyk
2016-09-04Remove the IFF_LINK0 option to send the response back to the peer'sReyk Floeter
UDP src port - the VXLAN RFC clearly says that packet should be send to the configured VXLAN port (4789). OK mpi@
2016-09-03Add support for a multipoint-to-multipoint mode in vxlan(4). In thisReyk Floeter
mode, vxlan(4) must be configured to accept any virtual network identifier with "vnetid any" and added to a bridge(4) or switch(4). This way the driver will dynamically learn the tunnel endpoints and their vnetids for the responses and can be used to dynamically bridge between VXLANs. It is also being used in combination with switch(4) and the OpenFlow tunnel classifiers. With input from yasuoka@ goda@ OK deraadt@ dlg@
2016-08-07whitespaceReyk Floeter
2016-08-07Define VXLAN_VNI_UNSET and VXLAN_VNI_MAX instead of using magic numbers.Reyk Floeter
No functional change.
2016-08-06Add support for IPv6 tunnel endpoints. This currently only works forReyk Floeter
unicast mode, multicast is not yet supported. ifconfig vxlan0 tunnel fd00::1 fd00::2 Roughly based on an earlier diff by goda@ OK yasuoka@
2016-08-06Fix multicast mode (destination is a multicast IP): the BCAST andReyk Floeter
MCAST flags have to be cleared from the mbuf after decapsulating packets. This fixes tunneled broadcast packets, eg. ARP. It used to work before the input path was changed the flags got cleared later in the stack. OK yasuoka@
2016-04-13We're always ready! So send IFQ_SET_READY() to the bitbucket.Martin Pieuchot
2016-01-22Drop packets whose VNI flag is not set and VNI is not zeroKazuya Goda
ok reyk@ yasuoka@
2016-01-14No need for a splnet() dance around IFQ_DEQUEUE() anymore.Martin Pieuchot
From David Hill, ok dlg@
2015-12-05remove old lint annotationsTed Unangst
2015-11-27Keep "struct vxlan_softc" private to prevent pulling more headers whenMartin Pieuchot
<net/if_vxlan.h> is included.
2015-10-25arp_ifinit() is no longer required.Martin Pieuchot
2015-10-23tweak the vnetid so it can be optional and therefore cleared/deleted.David Gwynne
the abstract vnetid is promoted to a uin32_t, and adds a SIOCDVNETID ioctl so it can be cleared. this is all because i set an assignment on implementing a virtual network interface and the students got confused when vnetid 0 didnt show up in ifconfig output. the vnetid in the vxlan(4) protocol is optional, but the current code confuses 0 with no vnetid being set. this makes it clear. ok reyk@ who also simplified my diff
2015-10-15Fix previous. The port number is not included in sc_src and it isYASUOKA Masahiko
checked already at beginning of the loop. ok reyk
2015-10-12dont need to do suser checks in ioctl paths cos if.c does them for us.David Gwynne
ok mikeb@ mpi@
2015-10-03When multiple vxlan interfaces are configured with same VNI, select theYASUOKA Masahiko
interface whose tunnel destination corresponded to the incoming packets' source address. ok reyk
2015-09-09if_put after the if_get.David Gwynne
ok mpi@ claudio@
2015-07-20Remove splassert(IPL_NET) from if_input().Martin Pieuchot
if_input() has been designed to be able to safely handle a batch of packets from physical drivers to the network stack. Most of these drivers have an interrupt routine executed at IPL_NET and the check made sense during the conversion. However we also want to re-enqueue packets with if_input() from the network stack currently running at IPL_SOFTNET. ok claudio@
2015-07-18Raise SPL to SPL_NET before calling if_input() in vxlan_lookup().Kazuya Goda
ok reyk@ mpi@
2015-06-24Increment if_ipackets in if_input().Martin Pieuchot
Note that pseudo-drivers not using if_input() are not affected by this conversion. ok mikeb@, kettenis@, claudio@, dlg@
2015-04-13ether_input() should not longer be called directly so convert toMartin Pieuchot
if_input(). Needed for the upcoming pseudo-driver integration work. ok dlg@
2015-04-07Do not pass an `ifp' argument to interface input handlers since itMartin Pieuchot
might be overwritten by pseudo-drivers. ok dlg@, henning@
2015-03-14Remove some includes include-what-you-use claims don'tJonathan Gray
have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels. ok tedu@ deraadt@
2015-01-24Userland (base & ports) was adapted to always include <netinet/in.h>Theo de Raadt
before <net/pfvar.h> or <net/if_pflog.h>. The kernel files can be cleaned up next. Some sockaddr_union steps make it into here as well. ok naddy
2014-12-19unifdef INET in net code as a precursor to removing the pretend option.Ted Unangst
long live the one true internet. ok henning mikeb
2014-12-17Remove the "multicast_" prefix from the fields a multicast-only struct.Martin Pieuchot
Prodded by claudio@ and mikeb@
2014-12-17Use an interface index instead of a pointer for multicast options.Martin Pieuchot
Output interface (port) selection for multicast traffic is not done via route lookups. Instead the output ifp is registred when setsockopt(2) is called with the IP{V6,}_MULTICAST_IF option. But since there is no mechanism to invalidate such pointer stored in a pcb when an interface is destroyed/removed, it might lead your kernel to fault. Prevent a fault upon resume reported by frantisek holop, thanks! ok mikeb@, claudio@
2014-12-05Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.Martin Pieuchot
ok mikeb@, krw@, bluhm@, tedu@
2014-11-23length argument for some free() calls; ok dougTheo de Raadt
2014-07-22Fewer <netinet/in_systm.h> !Martin Pieuchot