From 938864b71b040fd660b1e8c53221114dfb9bd6bb Mon Sep 17 00:00:00 2001 From: Gleb Smirnoff Date: Fri, 8 Feb 2019 06:19:28 +0000 Subject: [PATCH] Allow some nesting of ng_iface(4) interfaces and add a configuration knob. PR: 235500 MFC after: 1 week --- share/man/man4/ng_iface.4 | 14 +++++++++++++- sys/netgraph/ng_iface.c | 11 ++++++++++- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/share/man/man4/ng_iface.4 b/share/man/man4/ng_iface.4 index 67d67f8956a7..0b406cdd298f 100644 --- a/share/man/man4/ng_iface.4 +++ b/share/man/man4/ng_iface.4 @@ -35,7 +35,7 @@ .\" $FreeBSD$ .\" $Whistle: ng_iface.8,v 1.5 1999/01/25 23:46:26 archie Exp $ .\" -.Dd January 12, 2015 +.Dd February 6, 2019 .Dt NG_IFACE 4 .Os .Sh NAME @@ -144,6 +144,17 @@ In case when your graph ends up with some kind of serial line, either synchronous or modem, the .Nm is the right place to turn ALTQ on. +.Sh Nesting +.Nm +supports nesting, a configuration when traffic of one +.Nm +interface flows through the other. +The default maximum allowed nesting level is 2. +It can be changed at runtime setting +.Xr sysctl 8 +variable +.Va net.graph.iface.max_nesting +to the desired level of nesting. .Sh SEE ALSO .Xr altq 4 , .Xr bpf 4 , @@ -151,6 +162,7 @@ is the right place to turn ALTQ on. .Xr ng_cisco 4 , .Xr ifconfig 8 , .Xr ngctl 8 +.Xr sysctl .Sh HISTORY The .Nm iface diff --git a/sys/netgraph/ng_iface.c b/sys/netgraph/ng_iface.c index 7f3b8b16c0a4..f1ddce70c86d 100644 --- a/sys/netgraph/ng_iface.c +++ b/sys/netgraph/ng_iface.c @@ -68,6 +68,7 @@ #include #include #include +#include #include #include @@ -92,6 +93,13 @@ static MALLOC_DEFINE(M_NETGRAPH_IFACE, "netgraph_iface", "netgraph iface node"); #define M_NETGRAPH_IFACE M_NETGRAPH #endif +static SYSCTL_NODE(_net_graph, OID_AUTO, iface, CTLFLAG_RW, 0, + "Point to point netgraph interface"); +VNET_DEFINE_STATIC(int, ng_iface_max_nest) = 2; +#define V_ng_iface_max_nest VNET(ng_iface_max_nest) +SYSCTL_INT(_net_graph_iface, OID_AUTO, max_nesting, CTLFLAG_VNET | CTLFLAG_RW, + &VNET_NAME(ng_iface_max_nest), 0, "Max nested tunnels"); + /* This struct describes one address family */ struct iffam { sa_family_t family; /* Address family */ @@ -355,7 +363,8 @@ ng_iface_output(struct ifnet *ifp, struct mbuf *m, } /* Protect from deadly infinite recursion. */ - error = if_tunnel_check_nesting(ifp, m, NGM_IFACE_COOKIE, 1); + error = if_tunnel_check_nesting(ifp, m, NGM_IFACE_COOKIE, + V_ng_iface_max_nest); if (error) { m_freem(m); return (error);