header is now in two parts: bsdxml.h and bsdxml_external.h, representing
the expat.h and expat_external.h headers. Updated the info on the man
page as well. Also, fixed a type-error in a printf in
sbin/ifconfig/regdomain.c that would cause a compiler warning.
Approved by: sam, phk
Note this includes changes to all drivers and moves some device firmware
loading to use firmware(9) and a separate module (e.g. ral). Also there
no longer are separate wlan_scan* modules; this functionality is now
bundled into the wlan module.
Supported by: Hobnob and Marvell
Reviewed by: many
Obtained from: Atheros (some bits)
o mark cmds/parameters to indicate they are potential arguments to a clone
operation (e.g. vlantag)
o when handling a create/clone operation do the callback on seeing the first
non-clone cmd line argument so the new device is created and can be used;
and re-setup operating state to reflect the newly created device
Reviewed by: Eugene Grosbein
MFC after: 2 weeks
interface. Once the limit is reached packets with unknown source addresses are
dropped until an existing host cache entry expires or is removed. Useful to
use with the STICKY cache option.
Sponsored by: miniSuperHappyDevHouse NZ
it would return true on a partial match where it would think the edsc module
was already present by having a positive match on 'ed'. This changes it so
that it compares the full string including the nul terminators.
This also fixes a buffer overflow in the ifkind variable where the length of
the interface name in *argv wasnt checked for size.
Reviewed by: brooks
Approved by: re (gnn)
communicate with another private port.
All unicast/broadcast/multicast layer2 traffic is blocked so it works much the
same way as using firewall rules but scales better and is generally easier as
firewall packages usually do not allow ARP blocking.
An example usage would be having a number of customers on separate vlans
bridged with a server network. All the vlans are marked private, they can all
communicate with the server network unhindered, but can not exchange any
traffic whatsoever with each other.
Approved by: re (rwatson)
bridged, previously legitimate traffic was not passed as the bridge could not
tell that it was on a different Ethernet segment.
All non-tagged traffic is treated as vlan1 as per IEEE 802.1Q-2003
previous commit:
Remove IPX over IP tunneling support, which allows IPX routing over IP
tunnels, and was not MPSAFE. The code can be easily restored in the
event that someone with an IPX over IP tunnel configuration can work
with me to test patches.
This removes one of five remaining consumers of NET_NEEDS_GIANT.
Approved by: re (kensmith)
Spotted by: Artem Naluzhny <tutat nhamon dot com dot ua>
o revised channel handling support; ifconfig now queries the kernel to
find the list of available channels and handles channel promotion;
channel attributes can be specified as part of the channel; e.g. 36:a
for channel 36 in 11a (as opposed to turbo A or HT A)
o use channel list to map between freq and IEEE channel #; this eliminates
all knowledge of how the mapping is done and fixes handling of cases
where channels overlap in the IEEE channel # space but are distinct in
the frequency+attributes space (e.g. PSB)
o add new knobs: bgscan, ff (Atheors fast frames), dturbo (Atheros
Dynamic Turbo mode), bgscanidle, bgscanintvl, scanvalid, roam:rssi11a,
roam:rssi11b, roam:rssi11g, roam:rate11a, roam:rate11b, roam:rate11g
(roaming parameters), burst, doth (forthcoming 11h support)
o print contents of WME, ATH, WPA, RSN, information elements with -v option
o print signal strength in dBm
o print noise floor in dBm
o add list txpow to print tx power caps/channel
o change default channel display in status to be more informative
The name trunk is misused as the networking term trunk means carrying multiple
VLANs over a single connection. The IEEE standard for link aggregation (802.3
section 3) does not talk about 'trunk' at all while it is used throughout IEEE
802.1Q in describing vlans.
The lagg(4) driver provides link aggregation, failover and fault tolerance.
Discussed on: current@
tolerance. This driver allows aggregation of multiple network interfaces as
one virtual interface using a number of different protocols/algorithms.
failover - Sends traffic through the secondary port if the master becomes
inactive.
fec - Supports Cisco Fast EtherChannel.
lacp - Supports the IEEE 802.3ad Link Aggregation Control Protocol
(LACP) and the Marker Protocol.
loadbalance - Static loadbalancing using an outgoing hash.
roundrobin - Distributes outgoing traffic using a round-robin scheduler
through all active ports.
This code was obtained from OpenBSD and this also includes 802.3ad LACP support
from agr(4) in NetBSD.
hardware drivers. Unlike pseudo-device drivers, which just attach
to the cloning framework and wait for "ifconfig create", h/w drivers
create interfaces for installed cards as soon as loaded. The issue
of devd(8) involuntarily reloading modules should be dealt with in a
different way.
new interface. In other cases loading the module is unwanted and
can lead to ill side effects. One such effect found is as follows:
"kldunload if_foo" tells the module to kill all its interfaces,
which results in messages sent to devd; the module unloads. Then
devd starts processing the messages, which ends up in a etc script
running ifconfig fooX, which reloads the module.
'-alias', and that 'add' and 'delete are in fact synonyms for these
in the ifconfig(8) grammar.
Use network prefixes explicitly specified in IETF RFCs for
documentation purposes. (bz)
PR: 102701
MFC after: 1 day
See also: RFC 3330, RFC 3849
Submitted by: bz
one. This is based on NetBSD but unlike NetBSD this implementation prints
the instance number for all media instances and doesn't skip it for the
first one as I don't see a reason to suppress it except for the vague
reason to preserve the output for single-instance configurations.
- Fix some whitespace nits.
o add hack/nonstandard channel mapping for public safety band channels to
mirror kernel (temporary until we have proper 802.11 state)
o change ieee80211_mhz2ieee to take channel flags (unused right now)
While here do some minor fixups like using IEEE80211_IS_CHAN_ANYG.
- use flags rather than sperate ioctls for edge, p2p
- implement p2p and autop2p flags
- define large pathcost constant as ULL
- show bridgeid and rootid in ifconfig
Obtained from: Reyk Floeter <reyk@openbsd.org>
address learned by the bridge is made permanent, the address will not age out
and most importantly will not migrate to another interface.
This can be used to stop mac address poisoning or clients roaming in much the
same way as static entries without the hassle of preloading the table.
RSTP provides faster spanning tree convergence, the protocol will exchange
information with neighboring switches to quickly transition to forwarding
without creating loops. The code will default to RSTP mode but will downgrade
any port connected to a legacy STP network so is fully backward compatible.
Reviewed by: syrinx
Tested by: syrinx
'ifconfig em0 tso' and 'ifconfig em0 -tso'. TSO for IPv4 and IPv6 is always
enabled or disabled together. The driver may enable only one if it doesn't
support both.
Document 'tso' and '-tso' in the ifconfig(8) man pages.
Sponsored by: TCP/IP Optimization Fundraise 2005
mechanism
o change vlan cloning to use callback and pass all vlan parameters
on create using the new SIOCREATE2 ioctl
o update vlan set logic to match existing practice
order to - for example - apply firewall rules to a whole group of
interfaces. This is required for importing pf from OpenBSD 3.9
Obtained from: OpenBSD (with changes)
Discussed on: -net (back in April)
- <netipx> headers [1]
- IPX library (libipx)
- IPX support in ifconfig(8)
- IPXrouted(8)
- new MK_NCP option
New MK_NCP build option controls:
- <netncp> and <fs/nwfs> headers
- NCP library (libncp)
- ncplist(1) and ncplogin(1)
- mount_nwfs(8)
- ncp and nwfs kernel modules
User knobs: WITHOUT_IPX, WITHOUT_IPX_SUPPORT, WITHOUT_NCP.
[1] <netsmb/netbios.h> unconditionally uses <netipx> headers
so they are still installed. This needs to be dealt with.
as both have been read from the command line. Still use the callback,
but this time only to verify that both vlan and vlandev have been
found on the command line.
This should allow for control over the relative order of processing
parameters, which is needed to satisfy some caveats of the if_vlan
driver. E.g., MTU cannot be changed on a vlan interface until it's
attached to its parent.
PR: bin/94028
Reviewed by: ru
MFC after: 3 days
Presently, ifconfig callbacks are used for L2 configuration, media
and vlan, so actions associated with address assignment, like sending
out a gratuitous ARP, should go when L2 is running already.
This also should fix the problem with setting up vlan interfaces
from rc.conf, when both IP and vlan+vlandev parameters are passed
to ifconfig at once.
Future work: Consider introducing several ifconfig callback lists
to invoke callbacks orderly.
MFC after: 1 week
length and bail immediatly if the returned length is wrong rather than
attempting to set an correct value.
This commit differs from the patch in the PR in the use of exit instead
of return and the use of a defined value for the array.
Submitted by: Daan Vreeken [PA4DAN] <Danovitsch at Vitsch dot net>
PR: bin/74509
and "vlandev" commands can be specified in any order.
This makes the code more compact and clear as well.
Improve error check on vlan argument.
MFC after: 2 weeks
introduce "-tunnel" as an alias for "deletetunnel".
The latter is overly long and prone to typos, but
keep it for POLA since it costs nothing.
MFC after: 5 days
(not in mdoc(7) sense yet) in ifconfig(8) manpage, create such
subsections for gif(4) and vlan(4) so that their specific
options are not mixed up with general options.
print potentially sensitive keying material to stdout. With the new
802.11 support, ifconfig(8) is now capable of printing 802.11 keys,
and did by default for the root user, which is undesirable in some
environments. Now it will not print keying material unless requested
(and available to the user).
MFC after: 1 week
spanning tree support.
Based on Jason Wright's bridge driver from OpenBSD, and modified by Jason R.
Thorpe in NetBSD.
Reviewed by: mlaier, bms, green
Silence from: -net
Approved by: mlaier (mentor)
Obtained from: NetBSD
.depends other then the commant line.
Also remove -g from CFLAGS. The user should add it to CFLAGS if they
desire debug support.
Reviewed by: ru (in concept)
MFC After: 7 days
hosts to share an IP address, providing high availability and load
balancing.
Original work on CARP done by Michael Shalayeff, with many
additions by Marco Pfatschbacher and Ryan McBride.
FreeBSD port done solely by Max Laier.
Patch by: mlaier
Obtained from: OpenBSD (mickey, mcbride)
its value once per ifconfig run. Use Sam's new callback
operation to set it when everything is done.
The purpose for this is that if you did something like
ifconfig bge0 media 100baseTX mediaopt full-duplex
multiple times it would end up causing the PHY to re-sync
since it would send the IOCTLs:
ifconfig bge0 media 100baseTX -mediaopt full-duplex
ifconfig bge0 media 100baseTX mediaopt full-duplex
This would cause the PHY to be updated twice even though
there really wasn't any change since the check in
sys/net/if_media.c would always fail.
Caveat is that this doesn't fix the case of:
ifconfig bge0 media autoselect
etc. since in sys/net/if_media.c it forces an autoselect to go through
the entire process in ifmedia_ioctl :-( :
/*
* If no change, we're done.
* XXX Automedia may invole software intervention.
* Keep going in case the the connected media changed.
* Similarly, if best match changed (kernel debugger?).
*/
if ((IFM_SUBTYPE(newmedia) != IFM_AUTO) &&
(newmedia == ifm->ifm_media) &&
(match == ifm->ifm_cur))
return 0;
Briefly looked at by: sam
special-purpose code to display status for an interface for
state that was not address-oriented. This status reporting
was merged in to the address-oriented status reporting but
did not work for link address reporting (as discovered with
fwip interfaces). Correct this mis-merge and eliminate the
bogus kludge that was used for link-level address reporting.
o add an af_other_status method for an address family for
reporting status of things like media, vlan, etc.
o call the af_other_status methods after reporting address
status for an interface
o special-case link address status; when reporting all
status for an interface invoke it specially prior to
reporting af_other_status methods (since it requires the
sockaddr_dl that is passed in to status separately from
the rtmsg address state)
o correct the calling convention for link address status;
don't cast types, construct the proper parameter
This fixes ifconfig on fwip interfaces.
o break per-address family support out into separate files
o modularize per-address family and functional operations using
a registration mechanism; this permits configuration according
to which files you include (but beware that order of the files
is important to insure backwards compatibility)
o many cleanups to eliminate incestuous behaviour, global variables,
and poor coding practices (still much more to fix)
The original motivation of this work was to support dynamic addition
of functionality based on the interface so we can eliminate the various
little control programs and so that vendors can distribute ifconfig
plugins that support their in-kernel code. That work is still to be
completed.
o Update 802.11 support for all the new net80211 functionality; some
of these operations (e.g. list *) may be better suited in a different
program
increasing it. Add code to ifconfig to use this size to find the
sockaddr_dl after the struct if_data in the routing message. This
allows struct if_data to grow (up to 255 bytes) without breaking
ifconfig.
Submitted by: peter
the bug exists in little-endian machine, it was not triggered due
to the difference of memory ordering between little/big endian
machines. Instead of relying on possibly modified value during
function invokcations, use saved copy of ifr.ifr_addr.sa_family.
Also add a comment at the top of ifconfig.c clarifying the issue
so the bug won't re-appear.
Approved by: jake
Reviewed by: yar
prior sysctl due to the structure growing between calls try again.
Also try again for deleting routes if things fail. We've seen
route -f fail this way which does not actually flush all routes.
This fixes it. It will whine but it will do the work.
PR: 56732
Obtained from: IronPort
like tun are naming their modules using the 'if_; prefix and previous version of
the code failed to detect their presence in the kernel, resulting in the same
module being loaded twice.
the corresponding manpage has been committed.
The rest of "vlan" words, which are refering
to the technology itself, should be capitalized.
MFC after: 1 week
reorganize the printing of the interface name when using wildcard
cloning so it is not printed if it we either immediately rename or
destroy the interface.
Reviewed by: ru
from the sdl because strlcpy requires that the source string be
NUL-terminated unlike strncpy.
Submitted by: Peter Jeremy <PeterJeremy at optushome dot com dot au>
name.
Prevent the kernel from potentially overflowing the interface name
variable. The size argument of strlcpy is complex because the name is
not null-terminated in sdl_data.
and to make sure that we catch oversized arguments rather than silently
truncate them. I dont know if sscanf will reject an integer if it will
not fit in the short return variable or not, but this way it should be
detected.
be changed, it is very convenient to be able to toggle SDH/Sonet,
idle/unassigned cells and scrambled mode and to see the carrier
state.
Reviewed by: -arch (if_media.h definitions)
regarding 802.1 MAC and Mandatory Access Control (MAC). Some
potential for confusion remains further in other areas of the
system regarding Message Authentication Codes (MAC).
Requested by: wollman
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
interfaces using the 'mac' argument. Without MAC support in the
kernel, this does not change the behavior of ifconfig.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
