| Age | Commit message (Collapse) | Author |
|---|
|
this follows what's been done for detach and link state hooks, and
makes handling of hooks generally more robust.
address hooks are a bit different to detach/link state hooks in
that there's only a few things that register hooks (carp, pf, vxlan),
but a lot of places to run the hooks (lots of ipv4 and ipv6 address
configuration).
an address hook cookie was in struct pfi_kif, which is part of the
pf abi. rather than break pfctl -sI, this maintains the void * used
for the cookie and uses it to store a task, which is then used as
intended with the new api.
|
|
this is largely mechanical, except for carp. this moves the addition
of the carp link state hook after we're committed to using the new
interface as a carpdev. because the add can't fail, we avoid a
complicated unwind dance. also, this tweaks the carp linkstate hook
so it only updates the relevant carp interface, not all of the
carpdevs on the parent.
hrvoje popovski has tested an early version of this diff and it's
generally ok, but there's some splasserts that this diff fires that
i'll fix in an upcoming diff.
ok claudio@
|
|
the main semantic change is that things registering detach hooks
have to allocate and set a task structure that then gets added to
the list. this means if the task is allocated up front (eg, as part
of carps softc or bridges port structure), it avoids the possibility
that adding a hook can fail. a lot of drivers weren't checking for
failure, and unwinding state in the event of failure in other parts
was error prone.
while doing this i discovered that the list operations have to be
in a particular order, but drivers weren't doing that consistently
either. this diff wraps the list ops up so you have to seriously
go out of your way to screw them up.
ive also sprinkled some NET_ASSERT_LOCKED around the list operations
so we can make sure there's no potential for the list to be corrupted,
especially while it's being run.
hrvoje popovski has tested this a bit, and some issues he discovered
have been fixed.
ok sashan@
|
|
ok semarie@, visa@
|
|
This redefines the ifp <-> bridge relationship. No lock can be
currently used across the multiples contexts where the bridge has
tentacles to protect a pointer, use an interface index.
Tested by various, ok dlg@, visa@
|
|
this let's input processing bypass ifiqs. there's a performance
benefit from this, and it will let me tweak the backpressure detection
mechanism that ifiqs use without impacting on a stack of virtual
interfaces.
ive tested all of these except mpw, which i will end up testing
soon anyway.
|
|
calls to m_get/M_GET calls because M_MOVE_PKTHDR() is initialising
the pkthdr and so it is not needed when allocation the header.
OK bluhm@
|
|
|
|
makes output stats look plausible.
reported by jason tubnor
ok deraadt@
|
|
ok mpi@
|
|
ip_output() currently needs the NET_LOCK() which is not held when an
interface is added to a pf(4) queue.
Fix an issue reported by Jason Tubnor, ok dlg@
|
|
memory shortage. As it is invoked from a system call, it should
not fail and wait instead.
OK visa@ mpi@
|
|
pr_input handlers without KERNEL_LOCK().
ok visa@
|
|
vxlan(4) like it is done by other tunnelling pseudo-interfaces.
While here sync the comment between multiple interfaces.
Bug report and original diff from Pierre LALET.
|
|
Tested by Hrvoje Popovski, ok bluhm@
|
|
vxlan interface into accepting packets for the wrong destination (if
the sockaddr_in6 checks somehow match on sockaddr_in addresses).
Coverity CID 1452902; Severity: Moderate
OK mikeb@
|
|
inline function instead of casting it to sockaddr. While there,
use inline instead of __inline for all these conversions. Some
struct sockaddr casts can be avoided completely.
OK dhill@ mpi@
|
|
constants.
The consensus is that if both operands are constant, we don't need
mallocarray. Reminded by tedu@
ok deraadt@
|
|
ok deraadt@
|
|
this means packets are consistently counted in one place, unlike the
many and various ways that drivers thought they should do it.
ok mpi@ deraadt@
|
|
While here, remove unnecessary splnet's.
ok mpi
|
|
the multicast interface - simply clear the VXLAN configuration when
the associated multicast interface disappears. This fixes some
locking and recursion problems.
OK mpi@ mikeb@
|
|
an earlier version of this diff was ok mpi@
|
|
Move the corresponding code in in6_pcbselsrc(). This reduces
differences with IPv4 and will help us to get rid of 'struct route*'.
ok vgross@
|
|
hardmtu, pick a value of 65435 that leaves space for some
encapsulation and almost a complete max-IP packet. After some
discussion we picked this arbitrary value.
OK dlg@
|
|
OK mikeb@
|
|
Since ether_input expects the m_data to point directly at the Ethernet
header and most upper layer protocols immediately following Ethernet
expect their headers to be aligned to the 4 byte boundary, we need to
ensure that the decapsulated VXLAN packet payload satisfies these
requirements.
prompted by a diff by vgross@, with input from dlg@, ok yasuoka
|
|
entire ethernet header on first mbuf and align 32bit at the payload.
Also fix the vxlan_output() not to cause an alignment fault. Use a
new mbuf for VXLAN header instead of M_PREPEND to make sure that the
mbuf is aligned 32bit. This is required to align 32 bit at the outer
IP header.
input vgross mikeb
ok dlg
|
|
ok reyk
|
|
confusion about the tunnel endpoints when responding to the peer.
OK yasuoka@
|
|
Use the dst of the bridge_tunneltag for src on vxlan output and vice
versa.
ok reyk
|
|
ok reyk
|
|
UDP src port - the VXLAN RFC clearly says that packet should be send
to the configured VXLAN port (4789).
OK mpi@
|
|
mode, vxlan(4) must be configured to accept any virtual network
identifier with "vnetid any" and added to a bridge(4) or switch(4).
This way the driver will dynamically learn the tunnel endpoints and
their vnetids for the responses and can be used to dynamically bridge
between VXLANs. It is also being used in combination with switch(4)
and the OpenFlow tunnel classifiers.
With input from yasuoka@ goda@
OK deraadt@ dlg@
|
|
|
|
No functional change.
|
|
unicast mode, multicast is not yet supported.
ifconfig vxlan0 tunnel fd00::1 fd00::2
Roughly based on an earlier diff by goda@
OK yasuoka@
|
|
MCAST flags have to be cleared from the mbuf after decapsulating
packets. This fixes tunneled broadcast packets, eg. ARP. It used to
work before the input path was changed the flags got cleared later in
the stack.
OK yasuoka@
|
|
|
|
ok reyk@ yasuoka@
|
|
From David Hill, ok dlg@
|
|
|
|
<net/if_vxlan.h> is included.
|
|
|
|
the abstract vnetid is promoted to a uin32_t, and adds a SIOCDVNETID
ioctl so it can be cleared.
this is all because i set an assignment on implementing a virtual
network interface and the students got confused when vnetid 0 didnt
show up in ifconfig output.
the vnetid in the vxlan(4) protocol is optional, but the current
code confuses 0 with no vnetid being set. this makes it clear.
ok reyk@ who also simplified my diff
|
|
checked already at beginning of the loop.
ok reyk
|
|
ok mikeb@ mpi@
|
|
interface whose tunnel destination corresponded to the incoming packets'
source address.
ok reyk
|
|
ok mpi@ claudio@
|
|
if_input() has been designed to be able to safely handle a batch of
packets from physical drivers to the network stack. Most of these
drivers have an interrupt routine executed at IPL_NET and the check
made sense during the conversion. However we also want to re-enqueue
packets with if_input() from the network stack currently running at
IPL_SOFTNET.
ok claudio@
|
