Commit Graph

1123 Commits

Author SHA1 Message Date
Andrey V. Elsukov
c57e67d04e Sync ng_nat with recent (r222806) ipfw_nat changes:
Make a behaviour of the libalias based in-kernel NAT a bit closer to
  how natd(8) does work. natd(8) drops packets only when libalias returns
  PKT_ALIAS_IGNORED and "deny_incoming" option is set, but ipfw_nat
  always did drop packets that were not aliased, even if they should
  not be aliased and just are going through.

Also add SCTP support: mark response packets to skip firewall processing.

MFC after:	1 month
2011-06-07 06:48:42 +00:00
Marko Zec
2956ec9bc7 Assume the link to be dead if bit error rate (BER) parameter is set to 1.
When a transition from link alive to link dead configuration or vice
versa occurs, notify any upstream and / or downstream peers using
NGM_FLOW messagges.

Link state notification using NGM_FLOW messages is modelled around
around already existing code in ng_ether.c.

MFC after:	3 days
2011-05-24 14:36:32 +00:00
Marko Zec
7d5ddd30cd Provide fake link status information in an attempt to let ng_eiface(4)
virtual ifnets more realistically mimic physical ethernet interfaces.
The main motivation behind this change is to allow for ng_eiface(4)
interfaces to participate in STP if_bridge(4) configurations.

When announcing link status changes, switch to the vnet to which the
ifnet belongs, since it is possible for ng_eiface ifnets to be assigned
to a vnet different from the one in which its netgraph node resides.

MFC after:	3 days
2011-05-24 14:10:33 +00:00
Andriy Gapon
a5db8fd19e usb: fix a missed use of use_generic in r222051
Submitted by:	gcooper
Pointyhat to:	avg
MFC after:	1 month
X-MFC with:	r222051
2011-05-18 11:38:36 +00:00
Gleb Smirnoff
ca47294ddf LibAliasInit() should allocate memory with M_WAITOK flag. Modify it
and its callers.
2011-04-18 20:07:08 +00:00
Gleb Smirnoff
e0c7bc79c4 Finish last change.
Pointy hat to: glebius
2011-04-18 14:07:01 +00:00
Gleb Smirnoff
c1d21557c5 Further cleanup of node creation path from M_NOWAIT usage. 2011-04-18 14:05:26 +00:00
Gleb Smirnoff
b6770143c4 ng_netflow_cache_init() can be void. 2011-04-18 09:14:23 +00:00
Gleb Smirnoff
674d86bf91 Node constructor methods are supposed to be called in syscall
context always. Convert nodes to consistently use M_WAITOK flag
for memory allocation.

Reviewed by:	julian
2011-04-18 09:12:27 +00:00
Andrey V. Elsukov
ffbfc0aacb Use M_WAITOK flag instead M_WAIT for malloc.
Suggested by:	glebius
MFC after:	1 week
2011-04-18 09:10:27 +00:00
Gleb Smirnoff
5633ca7116 Fix error where error variable was assigned result of comparison,
instead of function return value.

Submitted by:	Przemyslaw Frasunek <przemyslaw frasunek.com>
MFC after:	4 days
2011-04-17 16:31:21 +00:00
Marko Zec
fae147aab3 Properly unref ng_hub nodes on shutdown, so that we don't leak them.
MFC after:	3 days
2011-04-07 11:40:10 +00:00
Gleb Smirnoff
a7da736a64 Improve locking of creating and dropping links in the graph, acquiring
the topology mutex in the following functions, that manipulate pointers
to peer nodes:

- ng_bypass()
- ng_path2noderef() when switching to the next node in sequence.
  Rewrite the function a bit.
- ng_address_hook()
- ng_address_path()

This patch improves stability of large mpd5 installations.
2011-03-21 14:18:40 +00:00
Gleb Smirnoff
ce4b2e2c63 Remove spl(9) remnants. 2011-03-19 19:37:53 +00:00
Bjoern A. Zeeb
3090c02041 Unbreak the build for no options INET6.
PR:		kern/155227
Submitted by:	Dmitry Afanasiev (KOT MATPOCKuH.Ru)
2011-03-03 16:16:49 +00:00
Gleb Smirnoff
5dcd9c1061 Add support for NetFlow version 9 into ng_netflow(4) node.
Submitted by:	Alexander V. Chernikov <melifaro ipfw.ru>
2011-03-02 16:15:11 +00:00
Andrey V. Elsukov
633c5bdac8 Add XMIT_FAILOVER transmit algorithm to ng_one2many node. Packets are
delivered out the first active "many" hook.

PR:		kern/137775
Submitted by:	Maxim Ignatenko
MFC after:	2 weeks
2011-03-01 13:10:56 +00:00
Rebecca Cran
6bccea7c2b Fix typos - remove duplicate "the".
PR:	bin/154928
Submitted by:	Eitan Adler <lists at eitanadler.com>
MFC after: 	3 days
2011-02-21 09:01:34 +00:00
Bjoern A. Zeeb
1fb51a12f2 Mfp4 CH=177274,177280,177284-177285,177297,177324-177325
VNET socket push back:
  try to minimize the number of places where we have to switch vnets
  and narrow down the time we stay switched.  Add assertions to the
  socket code to catch possibly unset vnets as seen in r204147.

  While this reduces the number of vnet recursion in some places like
  NFS, POSIX local sockets and some netgraph, .. recursions are
  impossible to fix.

  The current expectations are documented at the beginning of
  uipc_socket.c along with the other information there.

  Sponsored by: The FreeBSD Foundation
  Sponsored by: CK Software GmbH
  Reviewed by:  jhb
  Tested by:    zec

Tested by:	Mikolaj Golub (to.my.trociny gmail.com)
MFC after:	2 weeks
2011-02-16 21:29:13 +00:00
Matthew D Fleming
f29fc08590 sysctl(9) cleanup checkpoint: amd64 GENERIC builds cleanly.
Commit the netgraph piece.
2011-01-12 19:53:39 +00:00
John Baldwin
58ccf5b41c Remove unneeded includes of <sys/linker_set.h>. Other headers that use
it internally contain nested includes.

Reviewed by:	bde
2011-01-11 13:59:06 +00:00
Marko Zec
57ce8ebf8c Simplify ng_pipe locking model by relying on the netgraph framework
to provide serialization of calls into the node, which is accomplished
by markng the node as single-threaded (NGF_FORCE_WRITER).

The price we pay is that each ng_pipe instance now has its own callout
handler which polls for queued frames on each clock tick, as long as
the pipe has any frames in its internal queues.  OTOH, we got rid of
the global ng_pipe mutex, so from now on multiple ng_pipe instances
can operate in parallel.  This change also fixes counting of forwarded
frames when an ng_pipe node is not enforcing any packet impairments.

While here, attempt to improve adherance to style(9) throughout
otherwise mostly unreadable code.

MFC after:	3 days
2010-11-24 16:02:58 +00:00
Dimitry Andric
3e288e6238 After some off-list discussion, revert a number of changes to the
DPCPU_DEFINE and VNET_DEFINE macros, as these cause problems for various
people working on the affected files.  A better long-term solution is
still being considered.  This reversal may give some modules empty
set_pcpu or set_vnet sections, but these are harmless.

Changes reverted:

------------------------------------------------------------------------
r215318 | dim | 2010-11-14 21:40:55 +0100 (Sun, 14 Nov 2010) | 4 lines

Instead of unconditionally emitting .globl's for the __start_set_xxx and
__stop_set_xxx symbols, only emit them when the set_vnet or set_pcpu
sections are actually defined.

------------------------------------------------------------------------
r215317 | dim | 2010-11-14 21:38:11 +0100 (Sun, 14 Nov 2010) | 3 lines

Apply the STATIC_VNET_DEFINE and STATIC_DPCPU_DEFINE macros throughout
the tree.

------------------------------------------------------------------------
r215316 | dim | 2010-11-14 21:23:02 +0100 (Sun, 14 Nov 2010) | 2 lines

Add macros to define static instances of VNET_DEFINE and DPCPU_DEFINE.
2010-11-22 19:32:54 +00:00
Marko Zec
abe80e1272 Allow for MTU sizes of up to ETHER_MAX_LEN_JUMBO (i.e. 9018) bytes to be
configured on ng_eiface ifnets.  The default MTU remains unchanged at
1500 bytes.

Mark ng_eiface ifnets as IFCAP_VLAN_MTU capable, so that the associated
vlan(4) ifnets may use full-sized Ethernet MTUs (1500 bytes).

MFC after:	3 days
2010-11-22 12:32:19 +00:00
Dimitry Andric
31c6a0037e Apply the STATIC_VNET_DEFINE and STATIC_DPCPU_DEFINE macros throughout
the tree.
2010-11-14 20:38:11 +00:00
Rui Paulo
d28843a449 When calling panic(), always pass a format string. 2010-10-13 17:21:21 +00:00
Maksim Yevmenkin
fae1602944 Fix typo
PR:	kern/140590
MFC after:	3 days
2010-08-02 22:26:08 +00:00
Gleb Smirnoff
b9bff254af Fix operation of "netgraph" action in conjunction with the
net.inet.ip.fw.one_pass sysctl.

The "ngtee" action is still broken.

PR:		kern/148885
Submitted by:	Nickolay Dudorov <nnd mail.nsk.ru>
2010-07-27 14:26:34 +00:00
Gleb Smirnoff
9da8211828 Zero padding fields of netflow records. This helps to reduce
size of compressed export logs.

Requested by:	Alexey Illarionov <littlesavage orionet.ru>
2010-07-26 13:48:35 +00:00
Ed Maste
67d187beb1 Remove defunct email address from header as well. 2010-07-06 16:55:39 +00:00
Ed Maste
d11f4f5dea Remove email address that no longer exists. 2010-07-06 16:42:11 +00:00
Marko Zec
c9840b23d5 Fix a double-free bug which can occur if both bit error rate and packet
duplication probability are configured on a ng_pipe node.

Submitted by:	Jeffrey Ahrenholtz
MFC after:	3 days
2010-07-06 12:13:15 +00:00
Gleb Smirnoff
7418c6e1a9 Avoid double-free. In error cases ipfw(4) frees the mbuf(4), we don't
need to.

PR:		kern/145462
2010-07-06 10:45:38 +00:00
Gleb Smirnoff
956000b838 The struct ipfw_rule_ref follows the struct m_tag. Deal with this
correctly. This fixes breakage of ng_ipfw(4) in r201527.

Submitted by:	Alexander Zagrebin <alexz visp.ru>
2010-07-01 17:46:12 +00:00
Andrey V. Elsukov
cac2fe695e * Include sys/systm.h for KASSERT()
* Remove unneeded includes and comment
* Replace home made OFFSETOF() macro with standard offsetof()

Pointed out by:	bde
Approved by:	kib (mentor)
2010-06-15 08:53:13 +00:00
Andrey V. Elsukov
6c0a2eb136 Style(9) fixes:
* Sort includes
* Replace #define<SPACE> to #define<TAB>
* Split declarations and initializations
* Split long lines

Requested by:	kib
Approved by:	kib (mentor)
MFC after:	1 month
2010-06-10 16:45:30 +00:00
Andrey V. Elsukov
d359a62d44 New netgraph node ng_patch(4). It performs data modification of packets
passing through. Modifications are restricted to a subset of C language
operations on unsigned integers of 8, 16, 32 or 64 bit size.
These are: set to new value (=), addition (+=), subtraction (-=),
multiplication (*=), division (/=), negation (= -), bitwise AND (&=),
bitwise OR (|=), bitwise eXclusive OR (^=), shift left (<<=),
shift right (>>=). Several operations are all applied to a packet
sequentially in order they were specified by user.

Submitted by:	Maxim Ignatenko <gelraen.ua at gmail.com>
		Vadim Goncharov <vadimnuclight at tpu.ru>
Discussed with:	net@
Approved by:	mav (mentor)
MFC after:	1 month
2010-06-09 12:25:57 +00:00
Alexander Motin
5a73d193c4 Remove some dead and incorrect code.
Found with:   Coverity Prevent(tm)
CID:          4562
2010-06-05 10:16:23 +00:00
Attilio Rao
b1b11ad27e Fix a race between ngs_rcvmsg() and soclose() which closes the control
socket while it is still in use.
priv->ctlsock is checked at the top of the function but without any
lock held, which means the control socket state may certainly change.
Add a similar protection to ngs_shutdown() even if a race is unlikely
to be experienced there.

Sponsored by:	Sandvine Incorporated
Obtained from:	Nima Misaghian @ Sandvine Incorporated
		<nmisaghian at sandvine dot com>
MFC after:	10 days
2010-05-19 15:06:09 +00:00
Marko Zec
98a5a343e3 Increase the target buffer for performing NGM_ASCII2BINARY conversion
from 2000 bytes to 20 Kbytes, which now matches the buffer size used for
NGM_BINARY2ASCII conversions.

The aim of this change is to allow for bigger binary structures to be
managed via netgraph ASCII messages, until we come up with an API
improvement which would get rid of such arbitrary hardcoded limits.

MFC after:	3 days
2010-05-13 16:48:28 +00:00
Fabien Thomas
f9e4dd7122 Fix an invalid parameter detected by INVARIANT and confirmed by r193272. 2010-05-06 20:58:23 +00:00
Marko Zec
f8aab721b2 Add an optional "persistent" flag to ng_hub and ng_bridge, which if set,
disables automatic node shutdown when the last hook gets disconnected.

Reviewed by:	julian
2010-05-05 22:06:05 +00:00
Marko Zec
a3f93b7269 When destroying a vnet, shut down all netgraph nodes tied to that vnet
before proceeding with dismantling other protocol domains.

This change only affects options VIMAGE builds.

Reviewed by:	julian, bz
MFC after:	3 days
2010-05-03 16:08:24 +00:00
Maxim Sobolev
e50d35e6c6 Add new tunable 'net.link.ifqmaxlen' to set default send interface
queue length. The default value for this parameter is 50, which is
quite low for many of today's uses and the only way to modify this
parameter right now is to edit if_var.h file. Also add read-only
sysctl with the same name, so that it's possible to retrieve the
current value.

MFC after:	1 month
2010-05-03 07:32:50 +00:00
Edward Tomasz Napierala
8016863c91 Avoid undefined behaviour.
Reviewed by:	zec@
2010-04-30 07:09:13 +00:00
Joel Dahl
c0587701ad Start copyright notice with /*- 2010-04-07 16:29:10 +00:00
Alexander Motin
38f2d636ca Remove alignment constraints. 2010-04-01 16:20:36 +00:00
Alexander Motin
b652a5fa66 Remove alignment constraints. 2010-04-01 16:18:16 +00:00
Alexander Motin
7937d24b12 Remove alignment constraints. 2010-04-01 10:41:01 +00:00
Alexander Motin
39228864fd Remove some more alignment constraints. 2010-03-31 22:47:55 +00:00