summaryrefslogtreecommitdiff
path: root/sys/net
AgeCommit message (Collapse)Author
2018-09-27Coherently name "struct bridge_iflist" variables `bif'.Martin Pieuchot
ok visa@
2018-09-27Make sure the L2 entry is cloned before dereferencing its parent.Martin Pieuchot
RTF_LOCAL entries or static ARP entries don't have parents, so the logic was incorrect. Note that it might be possible to extend the logic to work with non-cloned L2 entries but the few use cases do not justify the complexity (yet). Problem reported & fix tested by Elie Bouttier. ok bluhm@, visa@, claudio@
2018-09-26Move bridge input/output paths outside of the KERNEL_LOCK().Martin Pieuchot
Tested by Hrvoje Popovski who measured a 30% improvement of forwarded packets in the best case. ok visa@
2018-09-19Always call bridge_iflist `bif'.Martin Pieuchot
ok bluhm@, visa@
2018-09-13Add reference counting for inet pcb, this will be needed when weAlexander Bluhm
start locking the socket. An inp can be referenced by the PCB queue and hashes, by a pf mbuf header, or by a pf state key. OK visa@
2018-09-12Stop exporting TDB counters to userland, this change introduced aMartin Pieuchot
regression with iked(8). Reported by Mark Patruck.
2018-09-12Fix obvious cut&pasto in comment (ifa_msghdr -> if_announcemsghdr).Kenneth R Westerback
ok claudio@
2018-09-11Nuke some trailing spaces that wandered into theKenneth R Westerback
crosshairs.
2018-09-11- moving state look up outside of PF_LOCK()Alexandr Nedvedicky
this change adds a pf_state_lock rw-lock, which protects consistency of state table in PF. The code delivered in this change is guarded by 'WITH_PF_LOCK', which is still undefined. People, who are willing to experiment and want to run it must do two things: - compile kernel with -DWITH_PF_LOCK - bump NET_TASKQ from 1 to ... sky is the limit, (just select some sensible value for number of tasks your system is able to handle) OK bluhm@
2018-09-10- if_cloners list populated at boot time only then becomes immutable,Alexandr Nedvedicky
so we can let go if_cloners_lock. OK tb@, claudio@, bluhm@, kn@, henning@
2018-09-10Instead of calculating the mbuf packet header length here and there,Alexander Bluhm
put the algorithm into a new function m_calchdrlen(). Also set an uninitialized m_len to 0 in NFS code. OK claudio@
2018-09-10if_setrdomain could potentially call if_clone_create recursively in the createHenning Brauer
rdomain case leading to locking issues and lots of headscratching. turns out the only case where if_setrdomain could actually create an rdomain and thus end up with that pattern is the ioctl path. make if_setrdomain never create an rdomain, return error if it doesn't exist already, introduce if_createrdomain, and adjust the ioctl path to use it. ok sashan bluhm claudio
2018-09-10in pf_syncookie_validate, return early if we don't have syncookies inHenning Brauer
flight that can possibly match. there is a tiny but existing chance that a sequence number matches w/ our hash and we'd end up dropping traffic. unclear whether that has actually happened since the report chain is long :) report via haesbert via bluhm; ok bluhm
2018-09-10During fragment reassembly, mbuf chains with packet headers wereAlexander Bluhm
created. Add a new function m_removehdr() do convert packet header mbufs within the chain to regular mbufs. Assert that the mbuf at the beginning of the chain has a packet header. found by Maxime Villard in NetBSD; from markus@; OK claudio@
2018-09-10Limit the fragment entry queue length to 64 per bucket. So we haveAlexander Bluhm
a global limit of 1024 fragments, but it is fine grained to the region of the packet. Smaller packets may have less fragments. This costs another 16 bytes of memory per reassembly and devides the worst case for searching by 8. requestd by claudio@; OK sashan@ claudio@
2018-09-09allow the automatically created loopback interfaces in rdomains to beHenning Brauer
deleted if the rdomain doesn't contain any other interface. turn the rdomain back into an ordinary, empty rtable in that case. with this and the previous commits one can get rid of rdomains again without rebooting, which wasn't possible any more for some time ok bluhm, input mpi
2018-09-09if_setrdomain: allow empty rtables to be turned into rdomains, not justHenning Brauer
nonexistant ones as before. nasty error handling with bluhm, feedback mpi as well. ok bluhm
2018-09-09provide rtable_empty(), returns 1 if the rtable doesn't contain any routesHenning Brauer
ok bluhm
2018-09-08Split the pf(4) fragment reassembly queue into smaller parts.Alexander Bluhm
Remember 16 entry points based on the fragment offset. Instead of a worst case of 8196 list traversals we now check a maximum of 512 list entries or 16 array elements. discussed with claudio@ and sashan@; OK sashan@
2018-09-08Don't cause an error when setting the same rdomain.YASUOKA Masahiko
Found by asou at soum.co.jp. ok claudio mpi akoshibe benno
2018-09-04Forgot to rename pf_frent_holes() prototype in previous commit.Alexander Bluhm
2018-09-04Avoid traversing the list of fragment entris to check whether theAlexander Bluhm
pf(4) reassembly is complete. Instead count the holes that are created when inserting a fragment. If there are no holes left, the fragments are continuous. idea from claudio@; OK claudio@ sashan@
2018-08-31Cadd a TDB `tdb' instead of `sa'.Martin Pieuchot
No functionnal change. ok deraadt@, bluhm@, visa@
2018-08-28Add per-TDB counters and a new SADB extension to export them toMartin Pieuchot
userland. Inputs from markus@, ok sthen@
2018-08-24- cosmetic tweak to if_pfsync.cAlexandr Nedvedicky
OK bluhm@, OK mpi@, henning@, jca@
2018-08-21Fix alignment fault in switchd(8) on sparc64. Use memcpy to set oxm_value,akoshibe
which isn't aligned to 64 bits. Based on pointers from Ori Bernstein Reported by Ryan Keating ok yasuoka@ deraadt@
2018-08-17the stack already counts bytes and packets, so don't do it again here.David Gwynne
makes output stats look plausible. reported by jason tubnor ok deraadt@
2018-08-12Add administrative options to LACP trunk implementation.ccardenas
The trunk driver now has a new ioctl (SIOCxTRUNKOPTS), which for now only has options for LACP: * Mode - Active or Passive (default Active) * Timeout - Fast or Slow (default Slow) * System Priority - 1(high) to 65535(low) (default 32768/0x8000) * Port Priority - 1(high) to 65535(low) (default 32768/0x8000) * IFQ Priority - 0 to NUM_QUEUES (default 6) At the moment, ifconfig only has options for lacpmode and lacptimeout plumbed as those are the immediate need. The approach taken for the options was to make them on a "trunk" vs a "port" as what's typically seen on various NOSes (JunOS, NXOS, etc...) as it's uncommon for a host to have one link "Passive" and the other "Active" in a given trunk. Just like on a NOS, when applying lacpmode or lacptimeout, the settings are immediately applied to all existing ports in the trunk and to all future ports brought into the trunk. Tested by many on a plethora of NIC drivers and switches. Ok remi@
2018-08-09Currently, attempting to move an immovable lo(4) to a new rdomain will failakoshibe
with an EPERM, but the target rdomain will still be created. Move the check for an lo(4)'s if_index/if_rdomain to before the creation of a nonexisting target routing table. ok benno@ claudio@ mpi@
2018-07-30Use FNONBLOCK instead of SS_NBIO to check/indicate that the I/O modeMartin Pieuchot
for sockets is non-blocking. This allows us to G/C SS_NBIO. Having to keep the two flags in sync in a mp-safe way is complicated. This change introduce a behavior change in sosplice(), it can now always block. However this should not matter much due to the socket lock being taken beforhand. ok bluhm@, benno@, visa@
2018-07-24When a GRE packet goes to "decline", the mbuf pointer was not updatedYASUOKA Masahiko
properly. This had caused an panic when the mbuf pointer is updated. Found by IIJ. ok dlg
2018-07-22Fix arguments of pf_purge_expired_{src_nodes,rules}()Stefan Fritsch
Due to the missing "void", this extern void pf_purge_expired_src_nodes(); is no prototype but a declaration. It is enough to suppress the 'implicit declaration' warning but it does not allow the compiler to check the arguments passed to the calls of the function. Fix the prototypes and don't pass the waslocked argument anymore. It has been removed a year ago. ok sashan henning
2018-07-16use 'switch' rathan than an if-else construct to match on the netflow ↵Jasper Lievisse Adriaanse
version to in pflow_get_mbuf(), to match the rest of the file ok benno@ florian@
2018-07-13Some USB network interfaces like rum(4) report ENXIO from theirAlexander Bluhm
ioctl function after the device has been pulled out. Also accept this error code in bpf_detachd() to prevent a kernel panic. tcpdump(8) may run while the interface is detached. from Moritz Buhl; OK stsp@
2018-07-12Introduce RTM_CHGADDRATTR to inform userland on the route socket whenFlorian Obser
an attribute of an address is changed. For now it's used when IPv6 duplicate address detection finishes. With this slaacd(8) can find out if a configured address is not duplicated without the need to poll. OK phessler, benno, claudio
2018-07-12trade few 'goto unlock: for 'break' in pf_test()Alexandr Nedvedicky
OK mpi@, OK henning@, OK jca@
2018-07-11Disambiguate the source of panics in sys/net* by adding __func__Nayden Markatchev
magic constant to panic() calls. ok benno@ henning@ tb@
2018-07-11superfluous newlineHenning Brauer
2018-07-11Fix comment about VLAN encapsulation and checksum offloadStefan Fritsch
Document that some chips actually could do hardware checksum offload for encapsulated packets, though that would need special handling in those drivers. discussions and ok naddy@
2018-07-11the STATE_LOOKUP macro made sense ages ago. It stopped making senseHenning Brauer
when we moved most of the functionality into a function. g/c the macro and just call the function. ok mpi jca
2018-07-11in if_addgroup(), call the new pfi_group_addmember() instead ofHenning Brauer
pf_group_change() - the latter is called by _addmemeber now to update dynaddr. before this, "set skip on lo", ifconfig lo1 create -> no skip on lo1 until pf rueset got reloaded. Now lo1 gets the skip flag as intended. This has caused much confusion with i. e. gif interfaces in the past. ok benno, very excited ok phessler
2018-07-11provide pfi_group_addmember(), which makes the new member interface inheritHenning Brauer
set flags from the group. ok phessler benno
2018-07-10Remove raw_usrreq and raw_cb, nothing is using them anymore.Claudio Jeker
OK mpi@
2018-07-10Remove net/raw_cb.h from includes and replace the RAWSNDQ, RAWRCVQ withClaudio Jeker
protocol specific ones. OK mpi@
2018-07-10The year is 2018.Henning Brauer
Mercury, Bowie, Cash, Motorola and DEC all left us. Just pf still has a default state table limit of 10000. Had! Now it's a tiny little bit more, 100k. lead guitar: me ok chorus: phessler theo claudio benno background school girl laughing: bob
2018-07-10in pf_set_protostate(), only decrement the half-open states counter whenHenning Brauer
the state was created on this host, i. e. not for those pfsync-imported. whether pfsync-imported states should be accounted is a seperate discussion, but as things are, we only increment the counter in pf_create_state(), and imported states don't excercise that path. probably fixes the half-open states accounting underflow-wraparounds that some people have been seeing. ok sashan
2018-07-10After removing raw_usrreq() from route and pfkey, the global sockaddrAlexander Bluhm
variables can be delared constant. OK claudio@ mpi@
2018-07-10if_enqueue: call pf_delay_pkt() if m_pkthdr.pf.delay is setHenning Brauer
ok benno sashan
2018-07-10provide a generic packet delay functionality. packets to be delayed are markedHenning Brauer
by pf in the packet header. pf_delay_pkt reads the delay value from the packet header, schedules a timeout and re-queues the packet when the timeout fires. ok benno sashan
2018-07-09Inline the raw_usrreq() function into pfkeyv2_usrreq(). Similar to theClaudio Jeker
change to rtsock.c. This simplifies the pfkey code since there is no special wrapping needed and in general the PRU cases get easier. OK bluhm@ henning@ mpi@