| Age | Commit message (Collapse) | Author |
|---|
|
hfsc schedules a timeout to keep traffic moving if somethings has been
delayed an no other tx activity has occurred. that timeout was calling
(*ifp->if_qstart)(ifq) rather than ifq_start. the latter prevents
concurrent calls to if_qstart.
without this change bjorn ketelaars on misc@ was experiencing weird
pauses in traffic and lockups because the tx ring was corrupted
because re_start was run concurrently, once from the stack and once
from hfsc.
thanks to bjorn ketelaars for debugging, and mikeb@ for most of the
legwork in diagnosing the problem.
ok mikeb@
|
|
reported and patch tested by Hrvoje Popovski
O.K. bluhm@
|
|
try to remove a route from the table if it is and invalid cache.
This is a step towards decoupling code dealing with userland and kernel
inserted routes.
ok bluhm@
|
|
aren't protected by the NET_LOCK().
While here change lock assertions in rt_{set,put}gwroute(), the NET_LOCK()
is enough.
Tested by Hrvoje Popovski.
ok jmatthew@, claudio@
|
|
|
|
Fix build without PF, PIPEX nor IPSEC.
|
|
|
|
to enable PF_LOCK(), you must add 'option WITH_PF_LOCK' to your kernel
configuration. The code does not do much currently it's just the very
small step towards MP.
O.K. henning@, mikeb@, mpi@
|
|
Found by jmc@
|
|
instead of assuming start routines only run inside the ifq serialiser,
only rely on the serialisation provided by the ifq mtx which is
explicitly used during ifq_deq ops.
ie, free the mbufs in ifq_free at the end of ifq_deq ops instead
of in the ifq_serialiser loop. ifq deq ops arent necessarily called
within the serialiser.
this should fix panics caused by fq codel on top of bce (which calls
bce_start from it's tx completion path instead of ifq_restart).
ok mikeb@
|
|
time_second. Since time_second changes depending on the wall-
clock time, time_second is not a reliable source for the status.
We can even end up with a negative time delta. Thus, use the
monotonically growing time_uptime and export it to userland.
ok bluhm@ mikeb@
|
|
Input from mpi@, jmatthew@; OK mpi@, henning@, benno@
|
|
destination options header. Such packets can be passed by adding
"allow-opts" to the rule. So IPv6 options are handled like their
counterpart in IPv4 now.
tested by benno@; OK henning@
|
|
IPv4 & IPv6 dispatch functions outside the KERNEL_LOCK().
We currently rely on the NET_LOCK() serializing access to most global
data structures for that. IP input queues are no longer used in the
forwarding case. They still exist as boundary between the network and
transport layers because TCP/UDP & friends still need the KERNEL_LOCK().
Since we do not want to grab the NET_LOCK() for every packet, the
softnet thread will do it once before processing a batch. That means
the L2 processing path, which is currently running without lock, will
now run with the NET_LOCK().
IPsec isn't ready to run without KERNEL_LOCK(), so the softnet thread
will grab the KERNEL_LOCK() as soon as ``ipsec_in_use'' is set.
Tested by Hrvoje Popovski.
ok visa@, bluhm@, henning@
|
|
krw@ has been having issues with dhclient on vlan interfaces because
i made them only configure the lladdr when they were brought up.
dhclient likes to read the mac address and then bring them up.
this makes vlan copy the parents lladdr onto the vlan interface
when the parent is configured. this probably helps with v6 addresses
on vlan interfaces too.
the new code still supports configuring a custom lladdr on a vlan
interface. this can be done both before and after a parent is
configured, and if a parent is removed.
while here, if the parent is reconfigured while the vlan is up, dont
error if the new parent is the same as the current one. this should
make running netstart again less noisy.
ok krw@
|
|
ok florian@
|
|
ok henning
|
|
very little value in these comments at all, but the XXX is just wrong and
in the way when looking for real XXXs. phessler agrees
|
|
kinda deprecated for a decade now, nothing in base uses it, nothing in
ports uses it (thanks sthen)
ok phessler sashan
|
|
|
|
|
|
This will help transitionning to an un-KERNEL_LOCK()ed IP
forwarding path.
Disucssed with bluhm@, ok claudio@
|
|
remaining ifp references are released *without* the NET_LOCK().
It's safe to do so because the KERNEL_LOCK() serializes accesses
to ``if_map''.
More importantly this fix possible deadlocks between if_get() and
the NET_LOCK(). It is now possible to call them in whatever order.
ok visa@, dlg@
|
|
|
|
to pfkeyv2.c. These structs are nowhere else needed.
OK gcc
|
|
release it beforehand.
ok henning@, benno@
|
|
abstraction. First step of making PF_KEY a bit more like PF_ROUTE.
OK mpi@
|
|
ok krw@, dlg@
|
|
Fix a deadlock with a thread trying to detach the corresponding interface.
ok sashan@, bluhm@
|
|
ok deraadt
|
|
already, for PPPoE case as first step.
ok mpi
|
|
packets. This fixes the problem when pipex connects with pppoe(4)
through pair(4).
|
|
|
|
|
|
authentication headers in the IPv4 case. This prevents spending
excessive cpu time on crafted packets.
OK henning@
|
|
|
|
Spotted by sashan@
|
|
headers. pf_walk_header6() steps over it and detects the real
protocol. So to implement a minimal header walking function
pf_walk_header() for IPv4. It does the header checks and jumps
over AH. Then pf does not understand AH as a protocol, it is just
an extension that authenticates the packet. Move some header and
option checks to pf_walk_header() for consistency with IPv6. This
also improves the header check for IPv4 packets in ICMP payload.
OK henning@
|
|
It brings the interface down and restore the original lladdr.
Found by Hrvoje Popovski
|
|
them by NET_LOCK/NET_UNLOCK. Also make the timeout for pipex_timer
run with a thread context and replace pipex softintr by NETISR_PIPEX.
ok mpi
|
|
Grab the lock before calling carpdetach().
ok bluhm@
|
|
Data structures modified in the ioctl path are protected by the NET_LOCK().
ok sashan@
|
|
ok sashan@
|
|
|
|
collection by a mbuf queue. with help from mpi@
ok florian@
|
|
Only pfkeyv2_send() needs the NET_LOCK() so grab it at the start and release
at the end. This should allow to push the locks down in other places.
OK mpi@, bluhm@
|
|
ok sashan@
|
|
While here remove superfluous splnet()/splx() in the ioctl routine.
ok sashan@
|
|
pfsyncioctl() is executed with the NET_LOCK() held which is enough.
ok sashan@
|
|
doesn't trigger rn_initmask() and first session had caused panics.
Reported by VOblezov at mtsbank.ru.
|
