1999-10-21 09:06:11 +00:00
|
|
|
/*
|
|
|
|
* ng_iface.c
|
2005-01-07 01:45:51 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
/*-
|
1999-10-21 09:06:11 +00:00
|
|
|
* Copyright (c) 1996-1999 Whistle Communications, Inc.
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Subject to the following obligations and disclaimer of warranty, use and
|
|
|
|
* redistribution of this software, in source or object code forms, with or
|
|
|
|
* without modifications are expressly permitted by Whistle Communications;
|
|
|
|
* provided, however, that:
|
|
|
|
* 1. Any and all reproductions of the source or object code must include the
|
|
|
|
* copyright notice above and the following disclaimer of warranties; and
|
|
|
|
* 2. No rights are granted, in any manner or form, to use Whistle
|
|
|
|
* Communications, Inc. trademarks, including the mark "WHISTLE
|
|
|
|
* COMMUNICATIONS" on advertising, endorsements, or otherwise except as
|
|
|
|
* such appears in the above copyright notice or in the software.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS BEING PROVIDED BY WHISTLE COMMUNICATIONS "AS IS", AND
|
|
|
|
* TO THE MAXIMUM EXTENT PERMITTED BY LAW, WHISTLE COMMUNICATIONS MAKES NO
|
|
|
|
* REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING THIS SOFTWARE,
|
|
|
|
* INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED WARRANTIES OF
|
|
|
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
|
|
|
|
* WHISTLE COMMUNICATIONS DOES NOT WARRANT, GUARANTEE, OR MAKE ANY
|
|
|
|
* REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS OF THE USE OF THIS
|
|
|
|
* SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY, RELIABILITY OR OTHERWISE.
|
|
|
|
* IN NO EVENT SHALL WHISTLE COMMUNICATIONS BE LIABLE FOR ANY DAMAGES
|
|
|
|
* RESULTING FROM OR ARISING OUT OF ANY USE OF THIS SOFTWARE, INCLUDING
|
|
|
|
* WITHOUT LIMITATION, ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
|
|
|
|
* PUNITIVE, OR CONSEQUENTIAL DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
|
|
* SERVICES, LOSS OF USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY
|
|
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
|
|
* THIS SOFTWARE, EVEN IF WHISTLE COMMUNICATIONS IS ADVISED OF THE POSSIBILITY
|
|
|
|
* OF SUCH DAMAGE.
|
|
|
|
*
|
2000-10-24 17:32:45 +00:00
|
|
|
* Author: Archie Cobbs <archie@freebsd.org>
|
1999-10-21 09:06:11 +00:00
|
|
|
*
|
|
|
|
* $FreeBSD$
|
1999-11-01 10:00:40 +00:00
|
|
|
* $Whistle: ng_iface.c,v 1.33 1999/11/01 09:24:51 julian Exp $
|
1999-10-21 09:06:11 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This node is also a system networking interface. It has
|
2014-03-14 02:58:48 +00:00
|
|
|
* a hook for each protocol (IP, AppleTalk, etc). Packets
|
1999-10-21 09:06:11 +00:00
|
|
|
* are simply relayed between the interface and the hooks.
|
|
|
|
*
|
2000-03-13 19:18:10 +00:00
|
|
|
* Interfaces are named ng0, ng1, etc. New nodes take the
|
|
|
|
* first available interface name.
|
1999-10-21 09:06:11 +00:00
|
|
|
*
|
|
|
|
* This node also includes Berkeley packet filter support.
|
|
|
|
*/
|
|
|
|
|
2003-03-08 16:25:27 +00:00
|
|
|
#include "opt_inet.h"
|
|
|
|
#include "opt_inet6.h"
|
|
|
|
|
1999-10-21 09:06:11 +00:00
|
|
|
#include <sys/param.h>
|
|
|
|
#include <sys/systm.h>
|
|
|
|
#include <sys/errno.h>
|
|
|
|
#include <sys/kernel.h>
|
2017-09-28 11:26:37 +00:00
|
|
|
#include <sys/lock.h>
|
1999-10-21 09:06:11 +00:00
|
|
|
#include <sys/malloc.h>
|
|
|
|
#include <sys/mbuf.h>
|
|
|
|
#include <sys/errno.h>
|
2009-08-01 19:26:27 +00:00
|
|
|
#include <sys/proc.h>
|
2003-03-04 23:19:55 +00:00
|
|
|
#include <sys/random.h>
|
2017-09-21 20:16:10 +00:00
|
|
|
#include <sys/rmlock.h>
|
1999-10-21 09:06:11 +00:00
|
|
|
#include <sys/sockio.h>
|
|
|
|
#include <sys/socket.h>
|
2019-02-08 06:19:28 +00:00
|
|
|
#include <sys/sysctl.h>
|
1999-10-21 09:06:11 +00:00
|
|
|
#include <sys/syslog.h>
|
2000-03-13 19:18:10 +00:00
|
|
|
#include <sys/libkern.h>
|
1999-10-21 09:06:11 +00:00
|
|
|
|
|
|
|
#include <net/if.h>
|
2013-10-26 17:58:36 +00:00
|
|
|
#include <net/if_var.h>
|
1999-10-21 09:06:11 +00:00
|
|
|
#include <net/if_types.h>
|
2000-03-13 19:18:10 +00:00
|
|
|
#include <net/bpf.h>
|
2003-03-04 23:19:55 +00:00
|
|
|
#include <net/netisr.h>
|
2009-04-16 20:30:28 +00:00
|
|
|
#include <net/route.h>
|
Introduce and use a sysinit-based initialization scheme for virtual
network stacks, VNET_SYSINIT:
- Add VNET_SYSINIT and VNET_SYSUNINIT macros to declare events that will
occur each time a network stack is instantiated and destroyed. In the
!VIMAGE case, these are simply mapped into regular SYSINIT/SYSUNINIT.
For the VIMAGE case, we instead use SYSINIT's to track their order and
properties on registration, using them for each vnet when created/
destroyed, or immediately on module load for already-started vnets.
- Remove vnet_modinfo mechanism that existed to serve this purpose
previously, as well as its dependency scheme: we now just use the
SYSINIT ordering scheme.
- Implement VNET_DOMAIN_SET() to allow protocol domains to declare that
they want init functions to be called for each virtual network stack
rather than just once at boot, compiling down to DOMAIN_SET() in the
non-VIMAGE case.
- Walk all virtualized kernel subsystems and make use of these instead
of modinfo or DOMAIN_SET() for init/uninit events. In some cases,
convert modular components from using modevent to using sysinit (where
appropriate). In some cases, do minor rejuggling of SYSINIT ordering
to make room for or better manage events.
Portions submitted by: jhb (VNET_SYSINIT), bz (cleanup)
Discussed with: jhb, bz, julian, zec
Reviewed by: bz
Approved by: re (VIMAGE blanket)
2009-07-23 20:46:49 +00:00
|
|
|
#include <net/vnet.h>
|
1999-10-21 09:06:11 +00:00
|
|
|
|
1999-11-30 02:45:32 +00:00
|
|
|
#include <netinet/in.h>
|
|
|
|
|
1999-10-21 09:06:11 +00:00
|
|
|
#include <netgraph/ng_message.h>
|
|
|
|
#include <netgraph/netgraph.h>
|
2000-03-13 19:18:10 +00:00
|
|
|
#include <netgraph/ng_parse.h>
|
1999-10-21 09:06:11 +00:00
|
|
|
#include <netgraph/ng_iface.h>
|
|
|
|
|
2001-01-10 07:13:58 +00:00
|
|
|
#ifdef NG_SEPARATE_MALLOC
|
2011-11-07 06:44:47 +00:00
|
|
|
static MALLOC_DEFINE(M_NETGRAPH_IFACE, "netgraph_iface", "netgraph iface node");
|
2001-01-10 07:13:58 +00:00
|
|
|
#else
|
|
|
|
#define M_NETGRAPH_IFACE M_NETGRAPH
|
|
|
|
#endif
|
|
|
|
|
2019-02-08 06:19:28 +00:00
|
|
|
static SYSCTL_NODE(_net_graph, OID_AUTO, iface, CTLFLAG_RW, 0,
|
|
|
|
"Point to point netgraph interface");
|
|
|
|
VNET_DEFINE_STATIC(int, ng_iface_max_nest) = 2;
|
|
|
|
#define V_ng_iface_max_nest VNET(ng_iface_max_nest)
|
|
|
|
SYSCTL_INT(_net_graph_iface, OID_AUTO, max_nesting, CTLFLAG_VNET | CTLFLAG_RW,
|
|
|
|
&VNET_NAME(ng_iface_max_nest), 0, "Max nested tunnels");
|
|
|
|
|
1999-10-21 09:06:11 +00:00
|
|
|
/* This struct describes one address family */
|
|
|
|
struct iffam {
|
2000-03-13 19:18:10 +00:00
|
|
|
sa_family_t family; /* Address family */
|
|
|
|
const char *hookname; /* Name for hook */
|
1999-10-21 09:06:11 +00:00
|
|
|
};
|
|
|
|
typedef const struct iffam *iffam_p;
|
|
|
|
|
2000-03-13 19:18:10 +00:00
|
|
|
/* List of address families supported by our interface */
|
1999-10-21 09:06:11 +00:00
|
|
|
const static struct iffam gFamilies[] = {
|
2000-03-13 19:18:10 +00:00
|
|
|
{ AF_INET, NG_IFACE_HOOK_INET },
|
|
|
|
{ AF_INET6, NG_IFACE_HOOK_INET6 },
|
|
|
|
{ AF_ATM, NG_IFACE_HOOK_ATM },
|
|
|
|
{ AF_NATM, NG_IFACE_HOOK_NATM },
|
1999-10-21 09:06:11 +00:00
|
|
|
};
|
2016-04-21 19:40:10 +00:00
|
|
|
#define NUM_FAMILIES nitems(gFamilies)
|
1999-10-21 09:06:11 +00:00
|
|
|
|
|
|
|
/* Node private data */
|
1999-11-19 04:25:39 +00:00
|
|
|
struct ng_iface_private {
|
2000-03-13 19:18:10 +00:00
|
|
|
struct ifnet *ifp; /* Our interface */
|
|
|
|
int unit; /* Interface unit number */
|
1999-10-21 09:06:11 +00:00
|
|
|
node_p node; /* Our netgraph node */
|
|
|
|
hook_p hooks[NUM_FAMILIES]; /* Hook for each address family */
|
2017-09-21 20:16:10 +00:00
|
|
|
struct rmlock lock; /* Protect private data changes */
|
1999-10-21 09:06:11 +00:00
|
|
|
};
|
1999-11-19 04:25:39 +00:00
|
|
|
typedef struct ng_iface_private *priv_p;
|
1999-10-21 09:06:11 +00:00
|
|
|
|
2017-09-21 20:16:10 +00:00
|
|
|
#define PRIV_RLOCK(priv, t) rm_rlock(&priv->lock, t)
|
|
|
|
#define PRIV_RUNLOCK(priv, t) rm_runlock(&priv->lock, t)
|
|
|
|
#define PRIV_WLOCK(priv) rm_wlock(&priv->lock)
|
|
|
|
#define PRIV_WUNLOCK(priv) rm_wunlock(&priv->lock)
|
|
|
|
|
1999-10-21 09:06:11 +00:00
|
|
|
/* Interface methods */
|
|
|
|
static void ng_iface_start(struct ifnet *ifp);
|
|
|
|
static int ng_iface_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data);
|
|
|
|
static int ng_iface_output(struct ifnet *ifp, struct mbuf *m0,
|
2013-04-26 12:50:32 +00:00
|
|
|
const struct sockaddr *dst, struct route *ro);
|
2000-03-13 19:18:10 +00:00
|
|
|
static void ng_iface_bpftap(struct ifnet *ifp,
|
|
|
|
struct mbuf *m, sa_family_t family);
|
2005-10-10 15:12:59 +00:00
|
|
|
static int ng_iface_send(struct ifnet *ifp, struct mbuf *m,
|
|
|
|
sa_family_t sa);
|
1999-10-21 09:06:11 +00:00
|
|
|
#ifdef DEBUG
|
|
|
|
static void ng_iface_print_ioctl(struct ifnet *ifp, int cmd, caddr_t data);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* Netgraph methods */
|
2005-02-05 08:28:36 +00:00
|
|
|
static int ng_iface_mod_event(module_t, int, void *);
|
1999-11-01 10:00:40 +00:00
|
|
|
static ng_constructor_t ng_iface_constructor;
|
|
|
|
static ng_rcvmsg_t ng_iface_rcvmsg;
|
2001-01-06 00:46:47 +00:00
|
|
|
static ng_shutdown_t ng_iface_shutdown;
|
1999-11-01 10:00:40 +00:00
|
|
|
static ng_newhook_t ng_iface_newhook;
|
|
|
|
static ng_rcvdata_t ng_iface_rcvdata;
|
|
|
|
static ng_disconnect_t ng_iface_disconnect;
|
1999-10-21 09:06:11 +00:00
|
|
|
|
|
|
|
/* Helper stuff */
|
2000-03-13 19:18:10 +00:00
|
|
|
static iffam_p get_iffam_from_af(sa_family_t family);
|
1999-10-21 09:06:11 +00:00
|
|
|
static iffam_p get_iffam_from_hook(priv_p priv, hook_p hook);
|
|
|
|
static iffam_p get_iffam_from_name(const char *name);
|
|
|
|
static hook_p *get_hook_from_iffam(priv_p priv, iffam_p iffam);
|
|
|
|
|
2000-03-13 19:18:10 +00:00
|
|
|
/* List of commands and how to convert arguments to/from ASCII */
|
|
|
|
static const struct ng_cmdlist ng_iface_cmds[] = {
|
|
|
|
{
|
|
|
|
NGM_IFACE_COOKIE,
|
|
|
|
NGM_IFACE_GET_IFNAME,
|
|
|
|
"getifname",
|
|
|
|
NULL,
|
2005-02-03 13:03:31 +00:00
|
|
|
&ng_parse_string_type
|
2000-03-13 19:18:10 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
NGM_IFACE_COOKIE,
|
|
|
|
NGM_IFACE_POINT2POINT,
|
|
|
|
"point2point",
|
|
|
|
NULL,
|
|
|
|
NULL
|
|
|
|
},
|
|
|
|
{
|
|
|
|
NGM_IFACE_COOKIE,
|
|
|
|
NGM_IFACE_BROADCAST,
|
|
|
|
"broadcast",
|
|
|
|
NULL,
|
|
|
|
NULL
|
|
|
|
},
|
2004-03-07 23:00:44 +00:00
|
|
|
{
|
|
|
|
NGM_IFACE_COOKIE,
|
|
|
|
NGM_IFACE_GET_IFINDEX,
|
|
|
|
"getifindex",
|
|
|
|
NULL,
|
|
|
|
&ng_parse_uint32_type
|
|
|
|
},
|
2000-03-13 19:18:10 +00:00
|
|
|
{ 0 }
|
|
|
|
};
|
|
|
|
|
1999-10-21 09:06:11 +00:00
|
|
|
/* Node type descriptor */
|
|
|
|
static struct ng_type typestruct = {
|
2004-05-29 00:51:19 +00:00
|
|
|
.version = NG_ABI_VERSION,
|
|
|
|
.name = NG_IFACE_NODE_TYPE,
|
2005-02-05 08:28:36 +00:00
|
|
|
.mod_event = ng_iface_mod_event,
|
2004-05-29 00:51:19 +00:00
|
|
|
.constructor = ng_iface_constructor,
|
|
|
|
.rcvmsg = ng_iface_rcvmsg,
|
|
|
|
.shutdown = ng_iface_shutdown,
|
|
|
|
.newhook = ng_iface_newhook,
|
|
|
|
.rcvdata = ng_iface_rcvdata,
|
|
|
|
.disconnect = ng_iface_disconnect,
|
|
|
|
.cmdlist = ng_iface_cmds,
|
1999-10-21 09:06:11 +00:00
|
|
|
};
|
|
|
|
NETGRAPH_INIT(iface, &typestruct);
|
|
|
|
|
2018-07-24 16:35:52 +00:00
|
|
|
VNET_DEFINE_STATIC(struct unrhdr *, ng_iface_unit);
|
2009-07-16 21:13:04 +00:00
|
|
|
#define V_ng_iface_unit VNET(ng_iface_unit)
|
2004-07-14 20:24:21 +00:00
|
|
|
|
1999-10-21 09:06:11 +00:00
|
|
|
/************************************************************************
|
|
|
|
HELPER STUFF
|
|
|
|
************************************************************************/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get the family descriptor from the family ID
|
|
|
|
*/
|
2004-07-04 16:11:03 +00:00
|
|
|
static __inline iffam_p
|
2000-03-13 19:18:10 +00:00
|
|
|
get_iffam_from_af(sa_family_t family)
|
1999-10-21 09:06:11 +00:00
|
|
|
{
|
|
|
|
iffam_p iffam;
|
|
|
|
int k;
|
|
|
|
|
|
|
|
for (k = 0; k < NUM_FAMILIES; k++) {
|
|
|
|
iffam = &gFamilies[k];
|
2000-03-13 19:18:10 +00:00
|
|
|
if (iffam->family == family)
|
1999-10-21 09:06:11 +00:00
|
|
|
return (iffam);
|
|
|
|
}
|
|
|
|
return (NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get the family descriptor from the hook
|
|
|
|
*/
|
2004-07-04 16:11:03 +00:00
|
|
|
static __inline iffam_p
|
1999-10-21 09:06:11 +00:00
|
|
|
get_iffam_from_hook(priv_p priv, hook_p hook)
|
|
|
|
{
|
|
|
|
int k;
|
|
|
|
|
|
|
|
for (k = 0; k < NUM_FAMILIES; k++)
|
|
|
|
if (priv->hooks[k] == hook)
|
|
|
|
return (&gFamilies[k]);
|
|
|
|
return (NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get the hook from the iffam descriptor
|
|
|
|
*/
|
|
|
|
|
2004-07-04 16:11:03 +00:00
|
|
|
static __inline hook_p *
|
1999-10-21 09:06:11 +00:00
|
|
|
get_hook_from_iffam(priv_p priv, iffam_p iffam)
|
|
|
|
{
|
|
|
|
return (&priv->hooks[iffam - gFamilies]);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get the iffam descriptor from the name
|
|
|
|
*/
|
2004-07-04 16:11:03 +00:00
|
|
|
static __inline iffam_p
|
1999-10-21 09:06:11 +00:00
|
|
|
get_iffam_from_name(const char *name)
|
|
|
|
{
|
|
|
|
iffam_p iffam;
|
|
|
|
int k;
|
|
|
|
|
|
|
|
for (k = 0; k < NUM_FAMILIES; k++) {
|
|
|
|
iffam = &gFamilies[k];
|
|
|
|
if (!strcmp(iffam->hookname, name))
|
|
|
|
return (iffam);
|
|
|
|
}
|
|
|
|
return (NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
/************************************************************************
|
|
|
|
INTERFACE STUFF
|
|
|
|
************************************************************************/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Process an ioctl for the virtual interface
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
ng_iface_ioctl(struct ifnet *ifp, u_long command, caddr_t data)
|
|
|
|
{
|
|
|
|
struct ifreq *const ifr = (struct ifreq *) data;
|
2011-03-19 19:37:53 +00:00
|
|
|
int error = 0;
|
1999-10-21 09:06:11 +00:00
|
|
|
|
|
|
|
#ifdef DEBUG
|
|
|
|
ng_iface_print_ioctl(ifp, command, data);
|
|
|
|
#endif
|
|
|
|
switch (command) {
|
|
|
|
|
|
|
|
/* These two are mostly handled at a higher layer */
|
|
|
|
case SIOCSIFADDR:
|
2005-08-09 10:20:02 +00:00
|
|
|
ifp->if_flags |= IFF_UP;
|
|
|
|
ifp->if_drv_flags |= IFF_DRV_RUNNING;
|
|
|
|
ifp->if_drv_flags &= ~(IFF_DRV_OACTIVE);
|
1999-10-21 09:06:11 +00:00
|
|
|
break;
|
|
|
|
case SIOCGIFADDR:
|
|
|
|
break;
|
|
|
|
|
|
|
|
/* Set flags */
|
|
|
|
case SIOCSIFFLAGS:
|
|
|
|
/*
|
|
|
|
* If the interface is marked up and stopped, then start it.
|
|
|
|
* If it is marked down and running, then stop it.
|
|
|
|
*/
|
|
|
|
if (ifr->ifr_flags & IFF_UP) {
|
2005-08-09 10:20:02 +00:00
|
|
|
if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
|
|
|
|
ifp->if_drv_flags &= ~(IFF_DRV_OACTIVE);
|
|
|
|
ifp->if_drv_flags |= IFF_DRV_RUNNING;
|
1999-10-21 09:06:11 +00:00
|
|
|
}
|
|
|
|
} else {
|
2005-08-09 10:20:02 +00:00
|
|
|
if (ifp->if_drv_flags & IFF_DRV_RUNNING)
|
|
|
|
ifp->if_drv_flags &= ~(IFF_DRV_RUNNING |
|
|
|
|
IFF_DRV_OACTIVE);
|
1999-10-21 09:06:11 +00:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
/* Set the interface MTU */
|
|
|
|
case SIOCSIFMTU:
|
|
|
|
if (ifr->ifr_mtu > NG_IFACE_MTU_MAX
|
|
|
|
|| ifr->ifr_mtu < NG_IFACE_MTU_MIN)
|
|
|
|
error = EINVAL;
|
|
|
|
else
|
|
|
|
ifp->if_mtu = ifr->ifr_mtu;
|
|
|
|
break;
|
|
|
|
|
|
|
|
/* Stuff that's not supported */
|
|
|
|
case SIOCADDMULTI:
|
|
|
|
case SIOCDELMULTI:
|
1999-11-08 03:08:59 +00:00
|
|
|
error = 0;
|
|
|
|
break;
|
1999-10-21 09:06:11 +00:00
|
|
|
case SIOCSIFPHYS:
|
|
|
|
error = EOPNOTSUPP;
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
error = EINVAL;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This routine is called to deliver a packet out the interface.
|
|
|
|
* We simply look at the address family and relay the packet to
|
|
|
|
* the corresponding hook, if it exists and is connected.
|
|
|
|
*/
|
|
|
|
|
|
|
|
static int
|
|
|
|
ng_iface_output(struct ifnet *ifp, struct mbuf *m,
|
2013-04-26 12:50:32 +00:00
|
|
|
const struct sockaddr *dst, struct route *ro)
|
1999-10-21 09:06:11 +00:00
|
|
|
{
|
2005-10-10 15:12:59 +00:00
|
|
|
uint32_t af;
|
2005-10-11 09:11:57 +00:00
|
|
|
int error;
|
1999-10-21 09:06:11 +00:00
|
|
|
|
|
|
|
/* Check interface flags */
|
2005-08-09 10:20:02 +00:00
|
|
|
if (!((ifp->if_flags & IFF_UP) &&
|
|
|
|
(ifp->if_drv_flags & IFF_DRV_RUNNING))) {
|
1999-10-21 09:06:11 +00:00
|
|
|
m_freem(m);
|
|
|
|
return (ENETDOWN);
|
|
|
|
}
|
|
|
|
|
2009-01-20 22:26:09 +00:00
|
|
|
/* Protect from deadly infinite recursion. */
|
2019-02-08 06:19:28 +00:00
|
|
|
error = if_tunnel_check_nesting(ifp, m, NGM_IFACE_COOKIE,
|
|
|
|
V_ng_iface_max_nest);
|
2018-08-03 22:55:58 +00:00
|
|
|
if (error) {
|
2009-01-20 22:26:09 +00:00
|
|
|
m_freem(m);
|
2018-08-03 22:55:58 +00:00
|
|
|
return (error);
|
2009-01-20 22:26:09 +00:00
|
|
|
}
|
|
|
|
|
2005-06-26 18:11:11 +00:00
|
|
|
/* BPF writes need to be handled specially. */
|
2013-04-26 12:50:32 +00:00
|
|
|
if (dst->sa_family == AF_UNSPEC)
|
2005-06-26 18:11:11 +00:00
|
|
|
bcopy(dst->sa_data, &af, sizeof(af));
|
2013-04-26 12:50:32 +00:00
|
|
|
else
|
|
|
|
af = dst->sa_family;
|
2000-03-13 19:18:10 +00:00
|
|
|
|
1999-10-21 09:06:11 +00:00
|
|
|
/* Berkeley packet filter */
|
2013-04-26 12:50:32 +00:00
|
|
|
ng_iface_bpftap(ifp, m, af);
|
1999-10-21 09:06:11 +00:00
|
|
|
|
2005-10-10 15:12:59 +00:00
|
|
|
if (ALTQ_IS_ENABLED(&ifp->if_snd)) {
|
2012-12-05 08:04:20 +00:00
|
|
|
M_PREPEND(m, sizeof(sa_family_t), M_NOWAIT);
|
2005-10-10 15:12:59 +00:00
|
|
|
if (m == NULL) {
|
2014-09-19 09:01:19 +00:00
|
|
|
if_inc_counter(ifp, IFCOUNTER_OQDROPS, 1);
|
2005-10-10 15:12:59 +00:00
|
|
|
return (ENOBUFS);
|
|
|
|
}
|
2013-04-26 12:50:32 +00:00
|
|
|
*(sa_family_t *)m->m_data = af;
|
2008-11-22 07:35:45 +00:00
|
|
|
error = (ifp->if_transmit)(ifp, m);
|
2005-10-10 15:12:59 +00:00
|
|
|
} else
|
2013-04-26 12:50:32 +00:00
|
|
|
error = ng_iface_send(ifp, m, af);
|
1999-10-21 09:06:11 +00:00
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2005-10-11 09:11:57 +00:00
|
|
|
* Start method is used only when ALTQ is enabled.
|
1999-10-21 09:06:11 +00:00
|
|
|
*/
|
|
|
|
static void
|
|
|
|
ng_iface_start(struct ifnet *ifp)
|
|
|
|
{
|
2005-10-10 15:12:59 +00:00
|
|
|
struct mbuf *m;
|
|
|
|
sa_family_t sa;
|
|
|
|
|
2005-10-11 09:11:57 +00:00
|
|
|
KASSERT(ALTQ_IS_ENABLED(&ifp->if_snd), ("%s without ALTQ", __func__));
|
2005-10-10 15:12:59 +00:00
|
|
|
|
2005-10-11 09:11:57 +00:00
|
|
|
for(;;) {
|
2005-10-10 15:12:59 +00:00
|
|
|
IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
|
|
|
|
if (m == NULL)
|
|
|
|
break;
|
|
|
|
sa = *mtod(m, sa_family_t *);
|
|
|
|
m_adj(m, sizeof(sa_family_t));
|
|
|
|
ng_iface_send(ifp, m, sa);
|
|
|
|
}
|
1999-10-21 09:06:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Flash a packet by the BPF (requires prepending 4 byte AF header)
|
|
|
|
* Note the phoney mbuf; this is OK because BPF treats it read-only.
|
|
|
|
*/
|
|
|
|
static void
|
2000-03-13 19:18:10 +00:00
|
|
|
ng_iface_bpftap(struct ifnet *ifp, struct mbuf *m, sa_family_t family)
|
1999-10-21 09:06:11 +00:00
|
|
|
{
|
2001-12-10 08:09:49 +00:00
|
|
|
KASSERT(family != AF_UNSPEC, ("%s: family=AF_UNSPEC", __func__));
|
2006-06-02 23:14:40 +00:00
|
|
|
if (bpf_peers_present(ifp->if_bpf)) {
|
2003-12-28 03:56:00 +00:00
|
|
|
int32_t family4 = (int32_t)family;
|
|
|
|
bpf_mtap2(ifp->if_bpf, &family4, sizeof(family4), m);
|
1999-10-21 09:06:11 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2005-10-10 15:12:59 +00:00
|
|
|
/*
|
|
|
|
* This routine does actual delivery of the packet into the
|
|
|
|
* netgraph(4). It is called from ng_iface_start() and
|
2005-10-11 09:11:57 +00:00
|
|
|
* ng_iface_output().
|
2005-10-10 15:12:59 +00:00
|
|
|
*/
|
|
|
|
static int
|
|
|
|
ng_iface_send(struct ifnet *ifp, struct mbuf *m, sa_family_t sa)
|
|
|
|
{
|
2017-09-21 20:16:10 +00:00
|
|
|
struct rm_priotracker priv_tracker;
|
2005-10-10 15:12:59 +00:00
|
|
|
const priv_p priv = (priv_p) ifp->if_softc;
|
|
|
|
const iffam_p iffam = get_iffam_from_af(sa);
|
2017-09-21 20:16:10 +00:00
|
|
|
hook_p hook;
|
2005-10-11 09:11:57 +00:00
|
|
|
int error;
|
2005-10-10 15:12:59 +00:00
|
|
|
int len;
|
|
|
|
|
|
|
|
/* Check address family to determine hook (if known) */
|
|
|
|
if (iffam == NULL) {
|
|
|
|
m_freem(m);
|
|
|
|
log(LOG_WARNING, "%s: can't handle af%d\n", ifp->if_xname, sa);
|
|
|
|
return (EAFNOSUPPORT);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Copy length before the mbuf gets invalidated. */
|
|
|
|
len = m->m_pkthdr.len;
|
|
|
|
|
2017-09-21 20:16:10 +00:00
|
|
|
PRIV_RLOCK(priv, &priv_tracker);
|
|
|
|
hook = *get_hook_from_iffam(priv, iffam);
|
|
|
|
if (hook == NULL) {
|
|
|
|
NG_FREE_M(m);
|
|
|
|
PRIV_RUNLOCK(priv, &priv_tracker);
|
|
|
|
return ENETDOWN;
|
|
|
|
}
|
|
|
|
NG_HOOK_REF(hook);
|
|
|
|
PRIV_RUNLOCK(priv, &priv_tracker);
|
|
|
|
|
Introduce a mechanism for detecting calls from outbound path of the
network stack when reentering the inbound path from netgraph, and
force queueing of mbufs at the outbound netgraph node.
The mechanism relies on two components. First, in netgraph nodes
where outbound path of the network stack calls into netgraph, the
current thread has to be appropriately marked using the new
NG_OUTBOUND_THREAD_REF() macro before proceeding to call further
into the netgraph topology, and unmarked using the
NG_OUTBOUND_THREAD_UNREF() macro before returning to the caller.
Second, netgraph nodes which can potentially reenter the network
stack in the inbound path have to mark their inbound hooks using
NG_HOOK_SET_TO_INBOUND() macro. The netgraph framework will then
detect when there is a danger of a call graph looping back from
outbound to inbound path via netgraph, and defer handing off the
mbufs to the "inbound" node to a worker thread with a clean stack.
In this first pass only the most obvious netgraph nodes have been
updated to ensure no outbound to inbound calls can occur. Nodes
such as ng_ipfw, ng_gif etc. should be further examined whether a
potential for outbound to inbound call looping exists.
This commit changes the layout of struct thread, but due to
__FreeBSD_version number shortage a version bump has been omitted
at this time, nevertheless kernel and modules have to be rebuilt.
Reviewed by: julian, rwatson, bz
Approved by: julian (mentor)
2009-06-11 16:50:49 +00:00
|
|
|
NG_OUTBOUND_THREAD_REF();
|
2017-09-21 20:16:10 +00:00
|
|
|
NG_SEND_DATA_ONLY(error, hook, m);
|
Introduce a mechanism for detecting calls from outbound path of the
network stack when reentering the inbound path from netgraph, and
force queueing of mbufs at the outbound netgraph node.
The mechanism relies on two components. First, in netgraph nodes
where outbound path of the network stack calls into netgraph, the
current thread has to be appropriately marked using the new
NG_OUTBOUND_THREAD_REF() macro before proceeding to call further
into the netgraph topology, and unmarked using the
NG_OUTBOUND_THREAD_UNREF() macro before returning to the caller.
Second, netgraph nodes which can potentially reenter the network
stack in the inbound path have to mark their inbound hooks using
NG_HOOK_SET_TO_INBOUND() macro. The netgraph framework will then
detect when there is a danger of a call graph looping back from
outbound to inbound path via netgraph, and defer handing off the
mbufs to the "inbound" node to a worker thread with a clean stack.
In this first pass only the most obvious netgraph nodes have been
updated to ensure no outbound to inbound calls can occur. Nodes
such as ng_ipfw, ng_gif etc. should be further examined whether a
potential for outbound to inbound call looping exists.
This commit changes the layout of struct thread, but due to
__FreeBSD_version number shortage a version bump has been omitted
at this time, nevertheless kernel and modules have to be rebuilt.
Reviewed by: julian, rwatson, bz
Approved by: julian (mentor)
2009-06-11 16:50:49 +00:00
|
|
|
NG_OUTBOUND_THREAD_UNREF();
|
2017-09-21 20:16:10 +00:00
|
|
|
NG_HOOK_UNREF(hook);
|
2005-10-10 15:12:59 +00:00
|
|
|
|
|
|
|
/* Update stats. */
|
|
|
|
if (error == 0) {
|
2014-09-19 05:03:11 +00:00
|
|
|
if_inc_counter(ifp, IFCOUNTER_OBYTES, len);
|
|
|
|
if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1);
|
2005-10-10 15:12:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
1999-10-21 09:06:11 +00:00
|
|
|
#ifdef DEBUG
|
|
|
|
/*
|
|
|
|
* Display an ioctl to the virtual interface
|
|
|
|
*/
|
|
|
|
|
|
|
|
static void
|
|
|
|
ng_iface_print_ioctl(struct ifnet *ifp, int command, caddr_t data)
|
|
|
|
{
|
|
|
|
char *str;
|
|
|
|
|
|
|
|
switch (command & IOC_DIRMASK) {
|
|
|
|
case IOC_VOID:
|
|
|
|
str = "IO";
|
|
|
|
break;
|
|
|
|
case IOC_OUT:
|
|
|
|
str = "IOR";
|
|
|
|
break;
|
|
|
|
case IOC_IN:
|
|
|
|
str = "IOW";
|
|
|
|
break;
|
|
|
|
case IOC_INOUT:
|
|
|
|
str = "IORW";
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
str = "IO??";
|
|
|
|
}
|
2003-10-31 18:32:15 +00:00
|
|
|
log(LOG_DEBUG, "%s: %s('%c', %d, char[%d])\n",
|
|
|
|
ifp->if_xname,
|
1999-10-21 09:06:11 +00:00
|
|
|
str,
|
|
|
|
IOCGROUP(command),
|
|
|
|
command & 0xff,
|
|
|
|
IOCPARM_LEN(command));
|
|
|
|
}
|
|
|
|
#endif /* DEBUG */
|
|
|
|
|
|
|
|
/************************************************************************
|
|
|
|
NETGRAPH NODE STUFF
|
|
|
|
************************************************************************/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Constructor for a node
|
|
|
|
*/
|
|
|
|
static int
|
2001-01-06 00:46:47 +00:00
|
|
|
ng_iface_constructor(node_p node)
|
1999-10-21 09:06:11 +00:00
|
|
|
{
|
|
|
|
struct ifnet *ifp;
|
|
|
|
priv_p priv;
|
|
|
|
|
|
|
|
/* Allocate node and interface private structures */
|
2011-04-18 09:12:27 +00:00
|
|
|
priv = malloc(sizeof(*priv), M_NETGRAPH_IFACE, M_WAITOK | M_ZERO);
|
2005-06-10 16:49:24 +00:00
|
|
|
ifp = if_alloc(IFT_PROPVIRTUAL);
|
1999-10-21 09:06:11 +00:00
|
|
|
if (ifp == NULL) {
|
2008-10-23 15:53:51 +00:00
|
|
|
free(priv, M_NETGRAPH_IFACE);
|
1999-10-21 09:06:11 +00:00
|
|
|
return (ENOMEM);
|
|
|
|
}
|
|
|
|
|
2017-09-21 20:16:10 +00:00
|
|
|
rm_init(&priv->lock, "ng_iface private rmlock");
|
|
|
|
|
1999-10-21 09:06:11 +00:00
|
|
|
/* Link them together */
|
|
|
|
ifp->if_softc = priv;
|
|
|
|
priv->ifp = ifp;
|
|
|
|
|
2000-03-13 19:18:10 +00:00
|
|
|
/* Get an interface unit number */
|
Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course
of the next few weeks.
Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
2008-08-17 23:27:27 +00:00
|
|
|
priv->unit = alloc_unr(V_ng_iface_unit);
|
2000-03-13 19:18:10 +00:00
|
|
|
|
1999-10-21 09:06:11 +00:00
|
|
|
/* Link together node and private info */
|
2001-01-08 05:34:06 +00:00
|
|
|
NG_NODE_SET_PRIVATE(node, priv);
|
1999-10-21 09:06:11 +00:00
|
|
|
priv->node = node;
|
|
|
|
|
|
|
|
/* Initialize interface structure */
|
2003-10-31 18:32:15 +00:00
|
|
|
if_initname(ifp, NG_IFACE_IFACE_NAME, priv->unit);
|
1999-10-21 09:06:11 +00:00
|
|
|
ifp->if_output = ng_iface_output;
|
|
|
|
ifp->if_start = ng_iface_start;
|
|
|
|
ifp->if_ioctl = ng_iface_ioctl;
|
|
|
|
ifp->if_mtu = NG_IFACE_MTU_DEFAULT;
|
2000-03-13 19:18:10 +00:00
|
|
|
ifp->if_flags = (IFF_SIMPLEX|IFF_POINTOPOINT|IFF_NOARP|IFF_MULTICAST);
|
1999-10-21 09:06:11 +00:00
|
|
|
ifp->if_type = IFT_PROPVIRTUAL; /* XXX */
|
|
|
|
ifp->if_addrlen = 0; /* XXX */
|
|
|
|
ifp->if_hdrlen = 0; /* XXX */
|
|
|
|
ifp->if_baudrate = 64000; /* XXX */
|
2010-05-03 07:32:50 +00:00
|
|
|
IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
|
|
|
|
ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
|
2005-10-10 15:12:59 +00:00
|
|
|
IFQ_SET_READY(&ifp->if_snd);
|
1999-10-21 09:06:11 +00:00
|
|
|
|
|
|
|
/* Give this node the same name as the interface (if possible) */
|
2005-02-03 13:03:31 +00:00
|
|
|
if (ng_name_node(node, ifp->if_xname) != 0)
|
|
|
|
log(LOG_WARNING, "%s: can't acquire netgraph name\n",
|
|
|
|
ifp->if_xname);
|
1999-10-21 09:06:11 +00:00
|
|
|
|
|
|
|
/* Attach the interface */
|
|
|
|
if_attach(ifp);
|
2005-06-26 18:11:11 +00:00
|
|
|
bpfattach(ifp, DLT_NULL, sizeof(u_int32_t));
|
1999-10-21 09:06:11 +00:00
|
|
|
|
|
|
|
/* Done */
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Give our ok for a hook to be added
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
ng_iface_newhook(node_p node, hook_p hook, const char *name)
|
|
|
|
{
|
|
|
|
const iffam_p iffam = get_iffam_from_name(name);
|
2017-09-21 20:16:10 +00:00
|
|
|
const priv_p priv = NG_NODE_PRIVATE(node);
|
1999-10-21 09:06:11 +00:00
|
|
|
hook_p *hookptr;
|
|
|
|
|
|
|
|
if (iffam == NULL)
|
|
|
|
return (EPFNOSUPPORT);
|
2017-09-21 20:16:10 +00:00
|
|
|
PRIV_WLOCK(priv);
|
|
|
|
hookptr = get_hook_from_iffam(priv, iffam);
|
|
|
|
if (*hookptr != NULL) {
|
|
|
|
PRIV_WUNLOCK(priv);
|
1999-10-21 09:06:11 +00:00
|
|
|
return (EISCONN);
|
2017-09-21 20:16:10 +00:00
|
|
|
}
|
1999-10-21 09:06:11 +00:00
|
|
|
*hookptr = hook;
|
2008-01-31 08:51:48 +00:00
|
|
|
NG_HOOK_HI_STACK(hook);
|
Introduce a mechanism for detecting calls from outbound path of the
network stack when reentering the inbound path from netgraph, and
force queueing of mbufs at the outbound netgraph node.
The mechanism relies on two components. First, in netgraph nodes
where outbound path of the network stack calls into netgraph, the
current thread has to be appropriately marked using the new
NG_OUTBOUND_THREAD_REF() macro before proceeding to call further
into the netgraph topology, and unmarked using the
NG_OUTBOUND_THREAD_UNREF() macro before returning to the caller.
Second, netgraph nodes which can potentially reenter the network
stack in the inbound path have to mark their inbound hooks using
NG_HOOK_SET_TO_INBOUND() macro. The netgraph framework will then
detect when there is a danger of a call graph looping back from
outbound to inbound path via netgraph, and defer handing off the
mbufs to the "inbound" node to a worker thread with a clean stack.
In this first pass only the most obvious netgraph nodes have been
updated to ensure no outbound to inbound calls can occur. Nodes
such as ng_ipfw, ng_gif etc. should be further examined whether a
potential for outbound to inbound call looping exists.
This commit changes the layout of struct thread, but due to
__FreeBSD_version number shortage a version bump has been omitted
at this time, nevertheless kernel and modules have to be rebuilt.
Reviewed by: julian, rwatson, bz
Approved by: julian (mentor)
2009-06-11 16:50:49 +00:00
|
|
|
NG_HOOK_SET_TO_INBOUND(hook);
|
2017-09-21 20:16:10 +00:00
|
|
|
PRIV_WUNLOCK(priv);
|
1999-10-21 09:06:11 +00:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Receive a control message
|
|
|
|
*/
|
|
|
|
static int
|
2001-01-06 00:46:47 +00:00
|
|
|
ng_iface_rcvmsg(node_p node, item_p item, hook_p lasthook)
|
1999-10-21 09:06:11 +00:00
|
|
|
{
|
2001-01-08 05:34:06 +00:00
|
|
|
const priv_p priv = NG_NODE_PRIVATE(node);
|
1999-10-21 09:06:11 +00:00
|
|
|
struct ifnet *const ifp = priv->ifp;
|
|
|
|
struct ng_mesg *resp = NULL;
|
|
|
|
int error = 0;
|
2001-01-06 00:46:47 +00:00
|
|
|
struct ng_mesg *msg;
|
1999-10-21 09:06:11 +00:00
|
|
|
|
2001-01-06 00:46:47 +00:00
|
|
|
NGI_GET_MSG(item, msg);
|
1999-10-21 09:06:11 +00:00
|
|
|
switch (msg->header.typecookie) {
|
|
|
|
case NGM_IFACE_COOKIE:
|
|
|
|
switch (msg->header.cmd) {
|
|
|
|
case NGM_IFACE_GET_IFNAME:
|
2005-02-03 13:03:31 +00:00
|
|
|
NG_MKRESPONSE(resp, msg, IFNAMSIZ, M_NOWAIT);
|
1999-10-21 09:06:11 +00:00
|
|
|
if (resp == NULL) {
|
|
|
|
error = ENOMEM;
|
|
|
|
break;
|
|
|
|
}
|
2005-02-03 13:03:31 +00:00
|
|
|
strlcpy(resp->data, ifp->if_xname, IFNAMSIZ);
|
1999-10-21 09:06:11 +00:00
|
|
|
break;
|
|
|
|
|
2000-03-13 19:18:10 +00:00
|
|
|
case NGM_IFACE_POINT2POINT:
|
|
|
|
case NGM_IFACE_BROADCAST:
|
1999-10-21 09:06:11 +00:00
|
|
|
{
|
|
|
|
|
2000-03-13 19:18:10 +00:00
|
|
|
/* Deny request if interface is UP */
|
|
|
|
if ((ifp->if_flags & IFF_UP) != 0)
|
|
|
|
return (EBUSY);
|
1999-10-21 09:06:11 +00:00
|
|
|
|
2000-03-13 19:18:10 +00:00
|
|
|
/* Change flags */
|
|
|
|
switch (msg->header.cmd) {
|
|
|
|
case NGM_IFACE_POINT2POINT:
|
|
|
|
ifp->if_flags |= IFF_POINTOPOINT;
|
|
|
|
ifp->if_flags &= ~IFF_BROADCAST;
|
|
|
|
break;
|
|
|
|
case NGM_IFACE_BROADCAST:
|
|
|
|
ifp->if_flags &= ~IFF_POINTOPOINT;
|
|
|
|
ifp->if_flags |= IFF_BROADCAST;
|
1999-10-21 09:06:11 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2004-03-07 23:00:44 +00:00
|
|
|
case NGM_IFACE_GET_IFINDEX:
|
|
|
|
NG_MKRESPONSE(resp, msg, sizeof(uint32_t), M_NOWAIT);
|
|
|
|
if (resp == NULL) {
|
|
|
|
error = ENOMEM;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
*((uint32_t *)resp->data) = priv->ifp->if_index;
|
|
|
|
break;
|
|
|
|
|
1999-10-21 09:06:11 +00:00
|
|
|
default:
|
|
|
|
error = EINVAL;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
break;
|
2004-11-23 09:48:13 +00:00
|
|
|
case NGM_FLOW_COOKIE:
|
|
|
|
switch (msg->header.cmd) {
|
|
|
|
case NGM_LINK_IS_UP:
|
2015-01-12 09:50:42 +00:00
|
|
|
if_link_state_change(ifp, LINK_STATE_UP);
|
2004-11-23 09:48:13 +00:00
|
|
|
break;
|
|
|
|
case NGM_LINK_IS_DOWN:
|
2015-01-12 09:50:42 +00:00
|
|
|
if_link_state_change(ifp, LINK_STATE_DOWN);
|
2004-11-23 09:48:13 +00:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
break;
|
1999-10-21 09:06:11 +00:00
|
|
|
default:
|
|
|
|
error = EINVAL;
|
|
|
|
break;
|
|
|
|
}
|
2001-01-06 00:46:47 +00:00
|
|
|
NG_RESPOND_MSG(error, node, item, resp);
|
|
|
|
NG_FREE_MSG(msg);
|
1999-10-21 09:06:11 +00:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Recive data from a hook. Pass the packet to the correct input routine.
|
|
|
|
*/
|
|
|
|
static int
|
2001-01-06 00:46:47 +00:00
|
|
|
ng_iface_rcvdata(hook_p hook, item_p item)
|
1999-10-21 09:06:11 +00:00
|
|
|
{
|
2001-01-08 05:34:06 +00:00
|
|
|
const priv_p priv = NG_NODE_PRIVATE(NG_HOOK_NODE(hook));
|
1999-10-21 09:06:11 +00:00
|
|
|
const iffam_p iffam = get_iffam_from_hook(priv, hook);
|
|
|
|
struct ifnet *const ifp = priv->ifp;
|
Widen NET_EPOCH coverage.
When epoch(9) was introduced to network stack, it was basically
dropped in place of existing locking, which was mutexes and
rwlocks. For the sake of performance mutex covered areas were
as small as possible, so became epoch covered areas.
However, epoch doesn't introduce any contention, it just delays
memory reclaim. So, there is no point to minimise epoch covered
areas in sense of performance. Meanwhile entering/exiting epoch
also has non-zero CPU usage, so doing this less often is a win.
Not the least is also code maintainability. In the new paradigm
we can assume that at any stage of processing a packet, we are
inside network epoch. This makes coding both input and output
path way easier.
On output path we already enter epoch quite early - in the
ip_output(), in the ip6_output().
This patch does the same for the input path. All ISR processing,
network related callouts, other ways of packet injection to the
network stack shall be performed in net_epoch. Any leaf function
that walks network configuration now asserts epoch.
Tricky part is configuration code paths - ioctls, sysctls. They
also call into leaf functions, so some need to be changed.
This patch would introduce more epoch recursions (see EPOCH_TRACE)
than we had before. They will be cleaned up separately, as several
of them aren't trivial. Note, that unlike a lock recursion the
epoch recursion is safe and just wastes a bit of resources.
Reviewed by: gallatin, hselasky, cy, adrian, kristof
Differential Revision: https://reviews.freebsd.org/D19111
2019-10-07 22:40:05 +00:00
|
|
|
struct epoch_tracker et;
|
2001-01-06 00:46:47 +00:00
|
|
|
struct mbuf *m;
|
2003-03-04 23:19:55 +00:00
|
|
|
int isr;
|
1999-10-21 09:06:11 +00:00
|
|
|
|
2001-01-06 00:46:47 +00:00
|
|
|
NGI_GET_M(item, m);
|
|
|
|
NG_FREE_ITEM(item);
|
1999-10-21 09:06:11 +00:00
|
|
|
/* Sanity checks */
|
2001-12-10 08:09:49 +00:00
|
|
|
KASSERT(iffam != NULL, ("%s: iffam", __func__));
|
2003-04-08 14:25:47 +00:00
|
|
|
M_ASSERTPKTHDR(m);
|
1999-10-21 09:06:11 +00:00
|
|
|
if ((ifp->if_flags & IFF_UP) == 0) {
|
2001-01-06 00:46:47 +00:00
|
|
|
NG_FREE_M(m);
|
1999-10-21 09:06:11 +00:00
|
|
|
return (ENETDOWN);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Update interface stats */
|
2014-09-19 05:03:11 +00:00
|
|
|
if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1);
|
|
|
|
if_inc_counter(ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len);
|
1999-10-21 09:06:11 +00:00
|
|
|
|
|
|
|
/* Note receiving interface */
|
|
|
|
m->m_pkthdr.rcvif = ifp;
|
|
|
|
|
|
|
|
/* Berkeley packet filter */
|
2000-03-13 19:18:10 +00:00
|
|
|
ng_iface_bpftap(ifp, m, iffam->family);
|
1999-10-21 09:06:11 +00:00
|
|
|
|
2000-03-13 19:18:10 +00:00
|
|
|
/* Send packet */
|
2003-03-04 23:19:55 +00:00
|
|
|
switch (iffam->family) {
|
|
|
|
#ifdef INET
|
|
|
|
case AF_INET:
|
|
|
|
isr = NETISR_IP;
|
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
|
|
|
case AF_INET6:
|
|
|
|
isr = NETISR_IPV6;
|
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
default:
|
|
|
|
m_freem(m);
|
|
|
|
return (EAFNOSUPPORT);
|
|
|
|
}
|
2018-08-26 12:51:46 +00:00
|
|
|
random_harvest_queue(m, sizeof(*m), RANDOM_NET_NG);
|
2011-07-03 16:08:38 +00:00
|
|
|
M_SETFIB(m, ifp->if_fib);
|
Widen NET_EPOCH coverage.
When epoch(9) was introduced to network stack, it was basically
dropped in place of existing locking, which was mutexes and
rwlocks. For the sake of performance mutex covered areas were
as small as possible, so became epoch covered areas.
However, epoch doesn't introduce any contention, it just delays
memory reclaim. So, there is no point to minimise epoch covered
areas in sense of performance. Meanwhile entering/exiting epoch
also has non-zero CPU usage, so doing this less often is a win.
Not the least is also code maintainability. In the new paradigm
we can assume that at any stage of processing a packet, we are
inside network epoch. This makes coding both input and output
path way easier.
On output path we already enter epoch quite early - in the
ip_output(), in the ip6_output().
This patch does the same for the input path. All ISR processing,
network related callouts, other ways of packet injection to the
network stack shall be performed in net_epoch. Any leaf function
that walks network configuration now asserts epoch.
Tricky part is configuration code paths - ioctls, sysctls. They
also call into leaf functions, so some need to be changed.
This patch would introduce more epoch recursions (see EPOCH_TRACE)
than we had before. They will be cleaned up separately, as several
of them aren't trivial. Note, that unlike a lock recursion the
epoch recursion is safe and just wastes a bit of resources.
Reviewed by: gallatin, hselasky, cy, adrian, kristof
Differential Revision: https://reviews.freebsd.org/D19111
2019-10-07 22:40:05 +00:00
|
|
|
NET_EPOCH_ENTER(et);
|
2008-07-08 20:19:43 +00:00
|
|
|
netisr_dispatch(isr, m);
|
Widen NET_EPOCH coverage.
When epoch(9) was introduced to network stack, it was basically
dropped in place of existing locking, which was mutexes and
rwlocks. For the sake of performance mutex covered areas were
as small as possible, so became epoch covered areas.
However, epoch doesn't introduce any contention, it just delays
memory reclaim. So, there is no point to minimise epoch covered
areas in sense of performance. Meanwhile entering/exiting epoch
also has non-zero CPU usage, so doing this less often is a win.
Not the least is also code maintainability. In the new paradigm
we can assume that at any stage of processing a packet, we are
inside network epoch. This makes coding both input and output
path way easier.
On output path we already enter epoch quite early - in the
ip_output(), in the ip6_output().
This patch does the same for the input path. All ISR processing,
network related callouts, other ways of packet injection to the
network stack shall be performed in net_epoch. Any leaf function
that walks network configuration now asserts epoch.
Tricky part is configuration code paths - ioctls, sysctls. They
also call into leaf functions, so some need to be changed.
This patch would introduce more epoch recursions (see EPOCH_TRACE)
than we had before. They will be cleaned up separately, as several
of them aren't trivial. Note, that unlike a lock recursion the
epoch recursion is safe and just wastes a bit of resources.
Reviewed by: gallatin, hselasky, cy, adrian, kristof
Differential Revision: https://reviews.freebsd.org/D19111
2019-10-07 22:40:05 +00:00
|
|
|
NET_EPOCH_EXIT(et);
|
2003-03-04 23:19:55 +00:00
|
|
|
return (0);
|
1999-10-21 09:06:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2000-03-13 19:18:10 +00:00
|
|
|
* Shutdown and remove the node and its associated interface.
|
1999-10-21 09:06:11 +00:00
|
|
|
*/
|
|
|
|
static int
|
2001-01-06 00:46:47 +00:00
|
|
|
ng_iface_shutdown(node_p node)
|
1999-10-21 09:06:11 +00:00
|
|
|
{
|
2001-01-08 05:34:06 +00:00
|
|
|
const priv_p priv = NG_NODE_PRIVATE(node);
|
1999-10-21 09:06:11 +00:00
|
|
|
|
Step 1.5 of importing the network stack virtualization infrastructure
from the vimage project, as per plan established at devsummit 08/08:
http://wiki.freebsd.org/Image/Notes200808DevSummit
Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator
macros, and CURVNET_SET() context setting macros, all currently
resolving to NOPs.
Prepare for virtualization of selected SYSCTL objects by introducing a
family of SYSCTL_V_*() macros, currently resolving to their global
counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT().
Move selected #defines from sys/sys/vimage.h to newly introduced header
files specific to virtualized subsystems (sys/net/vnet.h,
sys/netinet/vinet.h etc.).
All the changes are verified to have zero functional impact at this
point in time by doing MD5 comparision between pre- and post-change
object files(*).
(*) netipsec/keysock.c did not validate depending on compile time options.
Implemented by: julian, bz, brooks, zec
Reviewed by: julian, bz, brooks, kris, rwatson, ...
Approved by: julian (mentor)
Obtained from: //depot/projects/vimage-commit2/...
X-MFC after: never
Sponsored by: NLnet Foundation, The FreeBSD Foundation
2008-10-02 15:37:58 +00:00
|
|
|
/*
|
|
|
|
* The ifnet may be in a different vnet than the netgraph node,
|
|
|
|
* hence we have to change the current vnet context here.
|
|
|
|
*/
|
|
|
|
CURVNET_SET_QUIET(priv->ifp->if_vnet);
|
2000-03-21 01:42:56 +00:00
|
|
|
bpfdetach(priv->ifp);
|
2000-03-13 19:18:10 +00:00
|
|
|
if_detach(priv->ifp);
|
2005-06-10 16:49:24 +00:00
|
|
|
if_free(priv->ifp);
|
Step 1.5 of importing the network stack virtualization infrastructure
from the vimage project, as per plan established at devsummit 08/08:
http://wiki.freebsd.org/Image/Notes200808DevSummit
Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator
macros, and CURVNET_SET() context setting macros, all currently
resolving to NOPs.
Prepare for virtualization of selected SYSCTL objects by introducing a
family of SYSCTL_V_*() macros, currently resolving to their global
counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT().
Move selected #defines from sys/sys/vimage.h to newly introduced header
files specific to virtualized subsystems (sys/net/vnet.h,
sys/netinet/vinet.h etc.).
All the changes are verified to have zero functional impact at this
point in time by doing MD5 comparision between pre- and post-change
object files(*).
(*) netipsec/keysock.c did not validate depending on compile time options.
Implemented by: julian, bz, brooks, zec
Reviewed by: julian, bz, brooks, kris, rwatson, ...
Approved by: julian (mentor)
Obtained from: //depot/projects/vimage-commit2/...
X-MFC after: never
Sponsored by: NLnet Foundation, The FreeBSD Foundation
2008-10-02 15:37:58 +00:00
|
|
|
CURVNET_RESTORE();
|
2000-03-13 19:18:10 +00:00
|
|
|
priv->ifp = NULL;
|
Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course
of the next few weeks.
Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
2008-08-17 23:27:27 +00:00
|
|
|
free_unr(V_ng_iface_unit, priv->unit);
|
2017-09-21 20:16:10 +00:00
|
|
|
rm_destroy(&priv->lock);
|
2008-10-23 15:53:51 +00:00
|
|
|
free(priv, M_NETGRAPH_IFACE);
|
2001-01-08 05:34:06 +00:00
|
|
|
NG_NODE_SET_PRIVATE(node, NULL);
|
|
|
|
NG_NODE_UNREF(node);
|
1999-10-21 09:06:11 +00:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2000-03-13 19:18:10 +00:00
|
|
|
* Hook disconnection. Note that we do *not* shutdown when all
|
|
|
|
* hooks have been disconnected.
|
1999-10-21 09:06:11 +00:00
|
|
|
*/
|
|
|
|
static int
|
|
|
|
ng_iface_disconnect(hook_p hook)
|
|
|
|
{
|
2001-01-08 05:34:06 +00:00
|
|
|
const priv_p priv = NG_NODE_PRIVATE(NG_HOOK_NODE(hook));
|
1999-10-21 09:06:11 +00:00
|
|
|
const iffam_p iffam = get_iffam_from_hook(priv, hook);
|
|
|
|
|
|
|
|
if (iffam == NULL)
|
2010-10-13 17:21:21 +00:00
|
|
|
panic("%s", __func__);
|
2017-09-21 20:16:10 +00:00
|
|
|
PRIV_WLOCK(priv);
|
1999-10-21 09:06:11 +00:00
|
|
|
*get_hook_from_iffam(priv, iffam) = NULL;
|
2017-09-21 20:16:10 +00:00
|
|
|
PRIV_WUNLOCK(priv);
|
1999-10-21 09:06:11 +00:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
2005-02-05 08:28:36 +00:00
|
|
|
/*
|
|
|
|
* Handle loading and unloading for this node type.
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
ng_iface_mod_event(module_t mod, int event, void *data)
|
|
|
|
{
|
|
|
|
int error = 0;
|
|
|
|
|
|
|
|
switch (event) {
|
|
|
|
case MOD_LOAD:
|
|
|
|
case MOD_UNLOAD:
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
error = EOPNOTSUPP;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
return (error);
|
|
|
|
}
|
2009-04-26 07:14:50 +00:00
|
|
|
|
Introduce and use a sysinit-based initialization scheme for virtual
network stacks, VNET_SYSINIT:
- Add VNET_SYSINIT and VNET_SYSUNINIT macros to declare events that will
occur each time a network stack is instantiated and destroyed. In the
!VIMAGE case, these are simply mapped into regular SYSINIT/SYSUNINIT.
For the VIMAGE case, we instead use SYSINIT's to track their order and
properties on registration, using them for each vnet when created/
destroyed, or immediately on module load for already-started vnets.
- Remove vnet_modinfo mechanism that existed to serve this purpose
previously, as well as its dependency scheme: we now just use the
SYSINIT ordering scheme.
- Implement VNET_DOMAIN_SET() to allow protocol domains to declare that
they want init functions to be called for each virtual network stack
rather than just once at boot, compiling down to DOMAIN_SET() in the
non-VIMAGE case.
- Walk all virtualized kernel subsystems and make use of these instead
of modinfo or DOMAIN_SET() for init/uninit events. In some cases,
convert modular components from using modevent to using sysinit (where
appropriate). In some cases, do minor rejuggling of SYSINIT ordering
to make room for or better manage events.
Portions submitted by: jhb (VNET_SYSINIT), bz (cleanup)
Discussed with: jhb, bz, julian, zec
Reviewed by: bz
Approved by: re (VIMAGE blanket)
2009-07-23 20:46:49 +00:00
|
|
|
static void
|
|
|
|
vnet_ng_iface_init(const void *unused)
|
2009-04-26 07:14:50 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
V_ng_iface_unit = new_unrhdr(0, 0xffff, NULL);
|
|
|
|
}
|
Introduce and use a sysinit-based initialization scheme for virtual
network stacks, VNET_SYSINIT:
- Add VNET_SYSINIT and VNET_SYSUNINIT macros to declare events that will
occur each time a network stack is instantiated and destroyed. In the
!VIMAGE case, these are simply mapped into regular SYSINIT/SYSUNINIT.
For the VIMAGE case, we instead use SYSINIT's to track their order and
properties on registration, using them for each vnet when created/
destroyed, or immediately on module load for already-started vnets.
- Remove vnet_modinfo mechanism that existed to serve this purpose
previously, as well as its dependency scheme: we now just use the
SYSINIT ordering scheme.
- Implement VNET_DOMAIN_SET() to allow protocol domains to declare that
they want init functions to be called for each virtual network stack
rather than just once at boot, compiling down to DOMAIN_SET() in the
non-VIMAGE case.
- Walk all virtualized kernel subsystems and make use of these instead
of modinfo or DOMAIN_SET() for init/uninit events. In some cases,
convert modular components from using modevent to using sysinit (where
appropriate). In some cases, do minor rejuggling of SYSINIT ordering
to make room for or better manage events.
Portions submitted by: jhb (VNET_SYSINIT), bz (cleanup)
Discussed with: jhb, bz, julian, zec
Reviewed by: bz
Approved by: re (VIMAGE blanket)
2009-07-23 20:46:49 +00:00
|
|
|
VNET_SYSINIT(vnet_ng_iface_init, SI_SUB_PSEUDO, SI_ORDER_ANY,
|
|
|
|
vnet_ng_iface_init, NULL);
|
2009-04-26 07:14:50 +00:00
|
|
|
|
Introduce and use a sysinit-based initialization scheme for virtual
network stacks, VNET_SYSINIT:
- Add VNET_SYSINIT and VNET_SYSUNINIT macros to declare events that will
occur each time a network stack is instantiated and destroyed. In the
!VIMAGE case, these are simply mapped into regular SYSINIT/SYSUNINIT.
For the VIMAGE case, we instead use SYSINIT's to track their order and
properties on registration, using them for each vnet when created/
destroyed, or immediately on module load for already-started vnets.
- Remove vnet_modinfo mechanism that existed to serve this purpose
previously, as well as its dependency scheme: we now just use the
SYSINIT ordering scheme.
- Implement VNET_DOMAIN_SET() to allow protocol domains to declare that
they want init functions to be called for each virtual network stack
rather than just once at boot, compiling down to DOMAIN_SET() in the
non-VIMAGE case.
- Walk all virtualized kernel subsystems and make use of these instead
of modinfo or DOMAIN_SET() for init/uninit events. In some cases,
convert modular components from using modevent to using sysinit (where
appropriate). In some cases, do minor rejuggling of SYSINIT ordering
to make room for or better manage events.
Portions submitted by: jhb (VNET_SYSINIT), bz (cleanup)
Discussed with: jhb, bz, julian, zec
Reviewed by: bz
Approved by: re (VIMAGE blanket)
2009-07-23 20:46:49 +00:00
|
|
|
static void
|
|
|
|
vnet_ng_iface_uninit(const void *unused)
|
2009-04-26 07:14:50 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
delete_unrhdr(V_ng_iface_unit);
|
|
|
|
}
|
Get closer to a VIMAGE network stack teardown from top to bottom rather
than removing the network interfaces first. This change is rather larger
and convoluted as the ordering requirements cannot be separated.
Move the pfil(9) framework to SI_SUB_PROTO_PFIL, move Firewalls and
related modules to their own SI_SUB_PROTO_FIREWALL.
Move initialization of "physical" interfaces to SI_SUB_DRIVERS,
move virtual (cloned) interfaces to SI_SUB_PSEUDO.
Move Multicast to SI_SUB_PROTO_MC.
Re-work parts of multicast initialisation and teardown, not taking the
huge amount of memory into account if used as a module yet.
For interface teardown we try to do as many of them as we can on
SI_SUB_INIT_IF, but for some this makes no sense, e.g., when tunnelling
over a higher layer protocol such as IP. In that case the interface
has to go along (or before) the higher layer protocol is shutdown.
Kernel hhooks need to go last on teardown as they may be used at various
higher layers and we cannot remove them before we cleaned up the higher
layers.
For interface teardown there are multiple paths:
(a) a cloned interface is destroyed (inside a VIMAGE or in the base system),
(b) any interface is moved from a virtual network stack to a different
network stack ("vmove"), or (c) a virtual network stack is being shut down.
All code paths go through if_detach_internal() where we, depending on the
vmove flag or the vnet state, make a decision on how much to shut down;
in case we are destroying a VNET the individual protocol layers will
cleanup their own parts thus we cannot do so again for each interface as
we end up with, e.g., double-frees, destroying locks twice or acquiring
already destroyed locks.
When calling into protocol cleanups we equally have to tell them
whether they need to detach upper layer protocols ("ulp") or not
(e.g., in6_ifdetach()).
Provide or enahnce helper functions to do proper cleanup at a protocol
rather than at an interface level.
Approved by: re (hrs)
Obtained from: projects/vnet
Reviewed by: gnn, jhb
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D6747
2016-06-21 13:48:49 +00:00
|
|
|
VNET_SYSUNINIT(vnet_ng_iface_uninit, SI_SUB_INIT_IF, SI_ORDER_ANY,
|
Introduce and use a sysinit-based initialization scheme for virtual
network stacks, VNET_SYSINIT:
- Add VNET_SYSINIT and VNET_SYSUNINIT macros to declare events that will
occur each time a network stack is instantiated and destroyed. In the
!VIMAGE case, these are simply mapped into regular SYSINIT/SYSUNINIT.
For the VIMAGE case, we instead use SYSINIT's to track their order and
properties on registration, using them for each vnet when created/
destroyed, or immediately on module load for already-started vnets.
- Remove vnet_modinfo mechanism that existed to serve this purpose
previously, as well as its dependency scheme: we now just use the
SYSINIT ordering scheme.
- Implement VNET_DOMAIN_SET() to allow protocol domains to declare that
they want init functions to be called for each virtual network stack
rather than just once at boot, compiling down to DOMAIN_SET() in the
non-VIMAGE case.
- Walk all virtualized kernel subsystems and make use of these instead
of modinfo or DOMAIN_SET() for init/uninit events. In some cases,
convert modular components from using modevent to using sysinit (where
appropriate). In some cases, do minor rejuggling of SYSINIT ordering
to make room for or better manage events.
Portions submitted by: jhb (VNET_SYSINIT), bz (cleanup)
Discussed with: jhb, bz, julian, zec
Reviewed by: bz
Approved by: re (VIMAGE blanket)
2009-07-23 20:46:49 +00:00
|
|
|
vnet_ng_iface_uninit, NULL);
|