| Age | Commit message (Collapse) | Author |
|---|
|
running out of mbufs for rx rings.
if the system low watermark is lower than a rx rings low watermark,
we'll never send a packet up the stack, we'll always recycle it.
found by thib@ on a bge
sadface
|
|
which does pay out, performance wise. one of the conditions to call the
interfaces' if_start routine immediately was "send queue is full".
on a very busy (hammered) machine this will itroduce too much latency
since we spend almost all cpu time in interrupt handlers and softnet,
so the softint actually doing the if_start gets called to seldom and
the queue full check is what triggers the actual transmit.
change the logic to call if's if_start routing immediately when there are
at least 8 packets (or in case if maxlen being smaller than 8, maxlen)
8 chose because it shows best performance in my test setup here.
ok dlg
|
|
to free some for use on the rx rings on network cards.
this modifies m_cluncount to advise callers when we're in such a
situation, and makes them responsible for freeing up the cluster
for allocation by MCLGETI later.
fixes an awesome lockup with sis(4) henning has been experiencing.
this is not the best fix, but it is better than the current situation.
yep deraadt@ tested by henning@
|
|
functions are called, which will turn off DMA. Receiving packets into
your memory after a system reboot is pretty nasty. This will also mean
that the shutdown hooks can go; this solution is smaller.
ok henning miod dlg kettenis
|
|
done in ether_input() but L3 traffic needs to do it self.
|
|
between layer 2 and 3 tunneling mode.
OK claudio@, markus@
|
|
ok mpf@
|
|
even though adding an already existing routing table is not allowed.
Leak found by blambert@, fix by myself. OK blambert@
|
|
1) at least one match rule matched the packet and
2) we do not create state
found by me while fixing the pool_get problem, ok dlg
|
|
introduced by yours truly (no idea how that could happpen), problem
found by sthen the hard way, fix by me. ok dlg
|
|
ok claudio@
|
|
|
|
Change to void function.
Also, no need to have global tty stats pointer, so just return it
from clalloc, as the caller frees it immediately anyway.
ok miod@
|
|
Changes in those revision limited the send queue to one slot.
This breaks NFS over vlan(4) has discovered by sthen@.
"just plain back it out." deraadt@
|
|
Encapsulated pppoe packets are moved into the rdomain of the physical interface
because it is possible that a pppoe(4) interface is in a different rdomain
then the physical interface.
OK reyk@
|
|
IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen).
the first was deprecated by the use of IFQ_SET_MAXLEN.
|
|
interfaces down to the queue on the physical interface immediately.
this avoids having the tx mitigation code wasting cpu time dicking around
with simply shuffling packets off virtual interface queues and lets it
do its job of ammortising the cost of calling a real interfaces start
routine.
it also prevents an artificial inflation of the physical interfaces queue
length where packets could hide on the virtual interfaces queues during
softnet before being dumped en masse onto the hardware. this will smooth
out the rate at which packets are submitted to the hardware.
kjc@ says this has no impact on altq. ya henning@
|
|
ok claudio@, henning@
|
|
protocols as it is currently in if_ethersubr.c. OK reyk@
|
|
routing message. We can then rely on that flag to spot out
MPLS routes coming from routing socket.
ok claudio@
|
|
ok henning, jsing
|
|
of code between cases, so stop pretending otherwise, and move the
if() dance to a switch, as is done in every other pr_usrreq I'm aware of.
ok claudio@ michele@
|
|
"reassemble tcp" state option failed to work correctly. Increasing this
to u_int16_t fixes kernel/6178. ok deraadt@ henning@
|
|
ok henning@
|
|
malloc()ing it and calling that macro.
No functional change, just tightening things up a bit.
ok claudio@ michele@
|
|
ICMPv6 messages.
ok henning@
|
|
Suggested by Max Laier.
ok henning@
|
|
spotted by naddy@
ok henning@
|
|
While here, fix whitespace (spaces -> tabs) issue spotted by michele@
ok michele@, claudio@
|
|
OK: sthen@, henning@
|
|
windows than our peer.
this resolves the last of the pfsync traffic storm issues ive been able to
produce, and therefore makes it possible to do usable active-active
statuful firewalls with pf.
lots of testing locally on the production firewalls, also tested by sthen@
|
|
sync peers are able to get the states before the replies. previously there
was a race where the reply could hit a partner firewall before it had the
state for it, which caused the reply to get processed by the ruleset which
probably would drop it.
this behaviour is off by default because it does delay packets, which is
only wanted in active-active firewalls or when an upstream router is slow
to learn that you're moved the active member of the pfsync cluster. it also
uses memory keeping the packets in the kernel.
use "ifconfig pfsync0 defer" to enable it, "ifconfig pfsync0 -defer" to
disable.
tested by sthen@ who loves it. he's got manpage changes coming up for me.
|
|
and the conditions on which pfsync will notify its peers on a stale update.
each side (ie, the sending and receiving side) of the state update is
compared separately. any side that is further along than the local state
tree is merged. if any side is further along in the local state table, an
update is sent out telling the peers about it.
this has been flogged to death on my firewalls.
|
|
most obvious problem.
if the state table is empty, we'd deref a null pointer.
tested on my firewalls with big state tables, so existing use cases still
work.
|
|
but our local copy proto that we very carefully set beforehands. skw
being NULL is perfectly valid there.
|
|
found by sthen and fixed, all other callers of these macros checked by both
of us
|
|
steps found with the recent pfvar.h commit to check address families.
from & commit req by henning.
|
|
by backing out the macro fix. something must rely on the broken behaviour
|
|
was added in 2001. yes i got bitten by inet6 shit again.
in the ANEQ case, if af == AF_INET, (a)->addr32[0] != (b)->addr32[0]
is false when the adresses ARE equal. now it goes right in the
intended-for-v6 case and starts to compare the other addr32 fields -
in the v4 case I have garbage in them, so it reports all v4 as different
when they are in fact the same. fix by adding explicit af == INET6 test
before going on to compare the rest.
found the really hard way (many hours wasted, thought the bug was in my
new code) by me. ok sthen markus claudio
|
|
ok henning@
|
|
Makes non-IPv6 kernels build again
blame and ok henning@
|
|
alternate routing table and separate them from other interfaces in distinct
routing tables. The same network can now be used in any doamin at the same
time without causing conflicts.
This diff is mostly mechanical and adds the necessary rdomain checks accross
net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6.
input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@
|
|
ifconfig em0 -inet6
deletes all v6 addresses including link-local and prevents new ones from
being added.
ifconfig em0 inet6 <addr>
re-enables v6, brings the link local back and adds optional <addr>
ok theo reyk
|
|
opened and goes down when the device fd is closed. Makes working with qemu
a bit nicer when routing to tun(4) interfaces.
dlg@ "diff reads good"
|
|
priority 0. while we are in here make sure we add wi interfaces to group "wlan"
in the same way the net80211 stuff already is.
this makes dhcp multiple default routes useful on laptops.
ok claudio@
|
|
tested by Manuel Rodriguez Morales <marodriguez at grupogdt.com>
|
|
No binary change.
|
|
to save some space in the kernel. Although there are deeper issues with
interface attachment, this diff was not meant to address those, just to
shave some space ;)
ok henning@, claudio@
|
|
transactional. sanity checked claudio, requested by theo for some time
|
|
not smart enough to handle it in a sensible way. Make sure the kernel
selected routing priority is actually exported to userland or to help
daemons like bgpd to keep correctly track of the routes. This should fix
some of the rather strange errors seen by people having multipath routes
on their bgpd boxes. While there make the interface priority inheritance
on static routes work again.
OK henning@
|
