| Age | Commit message (Collapse) | Author |
|---|
|
resolution is required.
This will allow us to enforce that no route entry is inserted in
the routing table after ether_output().
This is now possible because if_output() is no longer called with
a NULL route argument.
Tested by Hrvoje Popovski, ok visa@, bluhm@
|
|
becomes DOWN.
This follows the same reasonning as for L2 (cloned) entries.
Hopefully enough to fix tedu@'s stale RTF_DYNAMIC routes when switching
WiFi network during suspend/resume.
ok sthen@
|
|
ok sthen@, bluhm@
|
|
Help to track the leak from Hrvoje Popovski, ok bluhm@
|
|
priority. This is translated into an 802.1p priority tag when
sent over a vlan interface, reducing the risk of them being
crowded out by data packets on a busy link.
Some users have problems with ISPs that place specific
requirements on vlan priority (typically the packet header
value must be '0', relating to priority 1). This diff
doesn't fix that yet, but gives a single place to patch
to change tags on control packets without affecting
normal vlan priority operation on other interfaces.
ok mikeb.
|
|
the packet has been feed to the pseudo-interfaces input handlers.
To fix that without introducing a layer violation we should be able to
disable HW-vlan on parent when in use with different pseudo-interfaces.
In the case of bridge(4) for example it makes no sense to let the interface
remove the VLAN header if the kernel has to add it back for every packet.
Fix issues reported by sebastia@ and markus@
From dlg@, ok claudio@
|
|
pf_test calls pf_refragment6 with dst=NULL, which is passed down to
rtable_match which attempts to dereference it.
|
|
ok bluhm@
|
|
via unions, and we don't want to make it easy to control the target.
instead an integer index into an array of acceptable functions is used.
drivers using custom functions must register them to receive an index.
ok deraadt
|
|
This refactoring aims to reduce the number of places where a route entry is
inserted in the routing table.
ok bluhm@
|
|
routines are call directly by ether_input().
ok visa@, dlg@
|
|
the srp_ref struct is used to track the location of the callers
hazard pointer so later calls to srp_follow and srp_enter already
know what to clear. this in turn means most of the caveats around
using srps go away. specifically, you can now:
- switch cpus while holding an srp ref
- ie, you can sleep while holding an srp ref
- you can take and release srp refs in any order
the original intent was to simplify use of the api when dealing
with complicated data structures. the caller now no longer has to
track the location of the srp a value was fetched from, the srp_ref
effectively does that for you.
srp lists have been refactored to use srp_refs instead of srpl_iter
structs.
this is in preparation of using srps inside the ART code. ART is a
complicated data structure, and lookups require overlapping holds
of srp references.
ok mpi@ jmatthew@
|
|
this makes it more obvious that the bpf code should only read
packets, never modify them.
now possible because the paths that care about M_FILDROP set it
after calling bpf_mtap.
ok mpi@ visa@ deraadt@
|
|
ok mpi@
|
|
hint.
ok kettenis@, deraadt@
|
|
Use a new task that runs holding the KERNEL_LOCK to execute mp-unsafe
code. Our current goal is to progressively move input functions to the
unlocked task.
This gives a small performance boost confirmed by Hrvoje Popovski's
IPv4 forwarding measurement:
before: after:
send receive send receive
400kpps 400kpps 400kpps 400kpps
500kpps 500kpps 500kpps 500kpps
600kpps 600kpps 600kpps 600kpps
650kpps 650kpps 650kpps 640kpps
700kpps 700kpps 700kpps 700kpps
720kpps 640kpps 720kpps 710kpps
800kpps 640kpps 800kpps 650kpps
1.4Mpps 570kpps 1.4Mpps 590kpps
14Mpps 570kpps 14Mpps 590kpps
ok kettenis@, bluhm@, dlg@
|
|
Apparently nobody can hit this condition anymore or people do not
report bugs if their kernel do not panic.
ok dlg@, sashan@
|
|
callbacks return EAGAIN if they modify the routing table. While we're here,
simplify life for rtable_walk callers by moving the loop that restarts the
walk on EAGAIN into rtable_walk itself.
Flushing cloned routes on interface state changes becomes a bit more
inefficient, but this can be improved later.
ok mpi@ dlg@
|
|
bug introduced in r1.138.
Reported at https://twitter.com/DarkSoul4242/status/722365165262405633
(twitter is *NOT* the place to report bugs!) and in
https://marc.info/?l=openbsd-bugs&m=145988918010707&w=2,
pointed out by tb@
|
|
and pretending the output succeeded. Packets are still dropped!
Idea from jsg@ following same change to bridge(4). ok mpi@
|
|
Since the rtalloc(9) rewrite no route lookup is done in this function so
there's no need for a destination or a rtable ID.
|
|
no functional change
|
|
the recent vlan code sets the vlan interfaces mac address to the
parent interfaces mac address when it is brought up, and resets it
when the vlan interface is brought down.
now, if you set a mac address manually (eg, ifconfig vlanX lladdr
f0:0b:a7:ba:2b:00), vlan(4) ignores the parents mac address and
never resets its own.
to make this work, setting a custom lladdr on a vlan interface makes
the parent interface promisc so the packets wont be filtered by the
hardware interface.
setting the mac address to 00:00:00:00:00:00 resets this behavior
and makes the interface inherit the parents mac again.
issue reported by and fix tested by paul de weerd
|
|
The EBUSY hack imposes an order on the ifconfig commands issued
against the pppoe interface used to configure the sppp layer below.
To counter this we use the ENETRESET trick that other drivers use
to tell the pppoe layer that sppp has requested a stop/init reset
sequence to proceed which we oblige with in case pppoe is UP and
RUNNING.
Tested by semarie@ and Jan Schreiber <jes@posteo.de>, thanks!
|
|
theyre currently unused, so no functional change.
|
|
this makes it more clear to the casual reader that it refers to the
parent interface, which is consistently referred to as ifp0 in the
rest of the vlan (and carp) code.
this is a good idea from mpi@
|
|
configuration of the vlan parent interface and the vlan id should
come via the IFPARENT and VNETID ioctls now. the vlan specific
ioctls are still available via a compat layer, but that will go
away a bit further into this release cycle.
the parent interface may only be configured while the vlan is down.
the vnetid may be changed at runtime, but will generate link state
changes across that event.
the vlan is implicitily brought up when an address is assigned,
which brings it in line with all our other network drivers. the
legacy vlan ioctl still imply bringing the interface up because
that's what it used to do.
the code that brings vlans up and down is now simplified because
it no longer supports changing the parent at run time. most of that
code now adds state to the parent when bringing the vlan up, and
bringing the interface down just removes it in reverse.
these simplifications in turn make it possible for us to transmit
packets on vlan interfaces without holding the big lock, so its now
marked as MPSAFE.
ok jmatthew@ sthen@ mpi@
|
|
note that this uses max_linkhdr as the adjustment arg. this follows
what the ip stack does when generating packets as it provides space
for link headers (like ethernet headers) to be prepended on the new
packet.
ok henning@
|
|
node in /dev, that services all bpf consumers (up to 1024). Also,
disallow the usage of all but the first minor device, so accidental use
of another minor device will attract attention.
Cloning bpf offers some advantages:
- Users with high bpf usage won't have to clutter their /dev with device
nodes.
- A lot of programs in base use a pattern like this to acces bpf:
int fd, n = 0;
do {
(void)snprintf(device, sizeof device, "/dev/bpf%d", n++);
fd = open(device, mode);
} while (fd < 0 && errno == EBUSY);
Those can now be replaced by a simple open(), without loop.
ok mikeb
"right time in the cycle to try" deraadt
|
|
|
|
ok jmatthew@
|
|
Reported by and ok jmatthew@
|
|
it should not be used to output packets but we have to respect the ifp
driver API to some extend.
Prevent a panic found the hardway by espie@.
ok claudio@, mikeb@, jsg@, krw@
|
|
content and unlink the statekey.
This should allow us to find the reminding corner cases of packets
looped back in the stack.
ok dlg@
|
|
removal from mbuf.h. ok mpi@
|
|
|
|
ok guenther@
|
|
Static is a nop in _KERNEL, but is static in userland and therefore libpcap
|
|
other projects have already done this, and there's software (eg,
gopacket) which now expects it.
based on a discussion with jasper@ and canacar@
ok jasper@
|
|
the code was confusing around how it dealt with packets in mbufs
vs plain memory buffers with a lenght.
this renames bpf_filter to _bpf_filter, and changes it so the packet
memory is referred to by an opaque pointer, and callers have to
provide a set of operations to extra values from that opaque pointer.
bpf_filter is now provided as a wrapper around _bpf_filter. it
provides a set of operators that work on a straight buffer with a
lenght.
this also adds a bpf_mfilter function which takes an mbuf instead
of a buffer, and it provides explicit operations for extracting
values from mbufs.
if we want to use bpf filters against other data structures (usb
or scsi packets maybe?) we are able to provide functions for
extracting payloads from them and use _bpf_filter as is.
ok canacar@
|
|
eleven years, remove it.
Despite what the wildly outdated time(9) claims, there is no longer
globally visible "struct timeval mono_time" or "struct timeval time".
ok mpi@ sthen@ mikeb@
|
|
|
|
nothing uses them, and the implementation make incorrect assumptions
about mbufs within bpf processing that could lead to some weird
failures.
ok sthen@ deraadt@ mpi@
|
|
less code for the same effect, which is ETHER_ALIGNed packets.
ok mpi@
|
|
Since mpath is not enabled in RAMDISK, proxy ARP won't work there either.
ok bluhm@
|
|
ok mpi@ claudio@
|
|
ok mpi@
|
|
this is the second attempt to get it in, the first
attempt got backed out on Jan 31 2016
the change also contains fixes contributed by Stefan Kempf
in earlier iteration.
OK srhen@
|
|
|
|
ok mpi@ jmatthew@
|
