Commit Graph

1935 Commits

Author SHA1 Message Date
Robert Watson
a359443290 Since bpf_allocbufs() uses malloc() with M_WAITOK, don't check return
values for NULL or return an error state.  Assert that all three bpf
buffer pointers are NULL before starting.

MFC after:	1 week
2006-08-09 16:30:26 +00:00
Robert Watson
ae476dd78f Add kqueue support to if_tun. Loosely based on if_tap changes.
Two almost identical patches based on the if_tap work were submitted
via GNATS; I started out with the patch in 100796 from David Gilbert,
but could have easily started with the patch from Vilmos Nebehaj which
I found only later.

MFC after:	1 week
PR:		93976, 100796
2006-08-08 19:22:25 +00:00
Brooks Davis
43bc7a9c62 With exception of the if_name() macro, all definitions in net_osdep.h
were unused or already in if_var.h so add if_name() to if_var.h and
remove net_osdep.h along with all references to it.

Longer term we may want to kill off if_name() entierly since all modern
BSDs have if_xname variables rendering it unnecessicary.
2006-08-04 21:27:40 +00:00
Yaroslav Tykhiy
60c6061882 Should vlan_input() ever be called with ifp pointing to a non-Ethernet
interface, do not just assign -1 to tag because it breaks the logic of
the code to follow.  The better way is to handle this case as an unsupported
protocol and return unless INVARIANTS is in effect and we can panic.
Panic is good there because the scenario can happen only because of a
coding error elsewhere.

We also should show the interface name in the panic message for easier
debugging of the problem, should it ever emerge.

Submitted by:	qingli (initially)
2006-08-03 09:59:08 +00:00
Yaroslav Tykhiy
db8b5973e7 Back out rev. 1.107 because it introduced as many problems
as it tried to solve:

- it smuggled hidden 802.1q details into otherwise protocol-neutral code;
- it put an important code consistency check under DEBUG, which was never
  defined by anyone but a developer hacking this file for the moment;
- lastly, the former bcopy() call had been correct as long as the "dead"
  code was there.

(A new version of the fix for tag of -1 to come in the next commit.)

Agreed by:	qingli
2006-08-03 09:50:15 +00:00
Andrew Thompson
73d480ae4c - Use the new bridgestp callback to once again flush our bridge routes when an
interface is disabled.
- Log port changes to syslog, defaulting to off
2006-08-02 03:54:28 +00:00
Andrew Thompson
fc5b6202ab Tell bridgestp that we are about to free the memory so it can cleanup. 2006-08-02 02:59:24 +00:00
Andrew Thompson
516b37d308 Fix style in the last commit, the variable declaration goes at the top of the
function.
2006-08-02 02:51:42 +00:00
Andrew Thompson
6f2abce0b3 Add a callback so we can notify the parent bridge that a port state change has
occured, we need to do this from a taskqueue to avoid a LOR with the if_bridge
mutex.
2006-08-02 02:47:27 +00:00
Andrew Thompson
df6e8892dc Be sure to disable the port when removing it from STP. 2006-08-02 01:36:40 +00:00
Qing Li
0d024885b9 In vlan_input(), if the network interface does not perform h/w based
vlan tag processing, the code will use bcopy() to remove the vlan
tag field but the code copies 2 bytes too many, which essentially
overwrites the protocol type field.

Also, a tag value of -1 is generated for unrecognized interface type,
which would cause an invalid memory access in the vlans[] array.

In addition, removed a line of dead code and its associated comments.

Reviewed by:	sam
2006-08-01 17:28:10 +00:00
Andrew Thompson
51383c37cd Add some statistics that are needed to support RFC4188 as part of the SoC2006
work on a bridge monitoring module for BSNMP.

Submitted by:	shteryana (SoC 2006)
2006-07-31 20:24:46 +00:00
Andrew Thompson
9674cf0e27 Remove the dependency of bridgestp.h on if_bridgevar.h by moving a couple of
private structures to if_bridge.c.
2006-07-27 21:01:48 +00:00
Tai-hwa Liang
da87ff8633 Fixing compilation bustage: net/if_bridgevar.h depends on net/bridgestp.h. 2006-07-27 03:50:38 +00:00
Andrew Thompson
a4eb85b6ac bridgestp is now a seperate module. 2006-07-26 22:15:15 +00:00
Andrew Thompson
7d4a207cba Remove stp variables that are already initialised in bstp_attach(). 2006-07-26 20:56:02 +00:00
Andrew Thompson
96e47153ea /tmp/cvsuusTrc 2006-07-26 10:43:02 +00:00
Andrew Thompson
e61a82f3e3 Remove variables that are overridden by ether_ifattach(). This clears up any
confusion especially as *if_output was pointed to a different function.
2006-07-26 09:41:04 +00:00
Sam Leffler
246b546762 add support for 802.11 packet injection via bpf
Together with:	Andrea Bittau <a.bittau@cs.ucl.ac.uk>
Reviewed by:	arch@
MFC after:	1 month
2006-07-26 03:15:16 +00:00
David Malone
91433904b5 Rather than calling mircotime() in catchpacket(), make catchpacket()
take a timeval indicating when the packet was captured. Move
microtime() to the calling functions and grab the timestamp as soon
as we know that we're going to call catchpacket at least once.

This means that we call microtime() once per matched packet, as
opposed to once per matched packet per bpf listener. It also means
that we return the same timestamp to all bpf listeners, rather than
slightly different ones.

It would be more accurate to call microtime() even earlier for all
packets, as you have to grab (1+#listener) locks before you can
determine if the packet will be logged. You could always grab a
timestamp before the locks, but microtime() can be costly, so this
didn't seem like a good idea.

(I guess most ethernet interfaces will have a bpf listener these
days because of dhclient. That means that we could be doing two bpf
locks on most packets going through the interface.)

PR:		71711
2006-07-24 15:42:04 +00:00
Robert Watson
a152f8a361 Change semantics of socket close and detach. Add a new protocol switch
function, pru_close, to notify protocols that the file descriptor or
other consumer of a socket is closing the socket.  pru_abort is now a
notification of close also, and no longer detaches.  pru_detach is no
longer used to notify of close, and will be called during socket
tear-down by sofree() when all references to a socket evaporate after
an earlier call to abort or close the socket.  This means detach is now
an unconditional teardown of a socket, whereas previously sockets could
persist after detach of the protocol retained a reference.

This faciliates sharing mutexes between layers of the network stack as
the mutex is required during the checking and removal of references at
the head of sofree().  With this change, pru_detach can now assume that
the mutex will no longer be required by the socket layer after
completion, whereas before this was not necessarily true.

Reviewed by:	gnn
2006-07-21 17:11:15 +00:00
Brooks Davis
8d832bb5a0 Use TAILQ_FOREACH instead of poking around in the guts of the list
macros.
2006-07-15 02:49:35 +00:00
Brooks Davis
6a51be11da Drop a pointless cast of ifp->if_softc to (struct tap_softc *). 2006-07-15 02:13:05 +00:00
Andrew Thompson
07ed9a88c6 Catch up with the revised network interface cloning which takes an optional
opaque parameter that can specify configuration parameters.
2006-07-10 05:24:06 +00:00
Sam Leffler
6b7330e2d4 Revise network interface cloning to take an optional opaque
parameter that can specify configuration parameters:
o rev cloner api's to add optional parameter block
o add SIOCCREATE2 that accepts parameter data
o rev vlan support to use new api (maintain old code)

Reviewed by:	arch@
2006-07-09 06:04:01 +00:00
Oleg Bulyzhin
e27c3f48fb Adjust rt_(set|get)metrics() to do kernel <-> userland timebase conversion.
We need it since kernel timebase has changed (time_second -> time_uptime).

Approved by:	glebius (mentor)
2006-07-06 00:24:36 +00:00
Andrew Thompson
bac89dcef2 Fix a braino in the last revision, enc_clone_destroy needs return void instead
of int. The clone system will ensure that our first interface is not destroyed
so we dont need the extra checking anyway.

Tested by:	Scott Ullrich
2006-07-04 23:09:11 +00:00
Christian S.J. Peron
4b19419ee7 Adjust descriptor locking to tell the kqueue subsystem that our descriptor is
already locked. The reason to do this is to avoid two lock+unlock operations
in a row. We need the lock here to serialize access to bd_pid for stats
collection purposes.

Drop the locks all together on detach, as they will be picked up by
knlist_remove.

This should fix a failed locking assertion when kqueue is being used with bpf
descriptors.

Discussed with:	jmg
2006-07-03 20:02:06 +00:00
Yaroslav Tykhiy
4b97d7affd There is a consensus that ifaddr.ifa_addr should never be NULL,
except in places dealing with ifaddr creation or destruction; and
in such special places incomplete ifaddrs should never be linked
to system-wide data structures.  Therefore we can eliminate all the
superfluous checks for "ifa->ifa_addr != NULL" and get ready
to the system crashing honestly instead of masking possible bugs.

Suggested by:	glebius, jhb, ru
2006-06-29 19:22:05 +00:00
Yaroslav Tykhiy
e54e7d6dae Use TAILQ_FOREACH in the __FreeBSD__ case, too.
Funnily enough, rev. 1.15 changed the __Net and __Open cases only.
2006-06-29 17:56:21 +00:00
Yaroslav Tykhiy
06dc090fe0 Use TAILQ_FOREACH. 2006-06-29 17:31:43 +00:00
Yaroslav Tykhiy
5aa288f461 Use the nifty TAILQ_FOREACH. 2006-06-29 17:16:13 +00:00
Yaroslav Tykhiy
249f4297db Detach the interface first, do vlan_unconfig() then.
Previously, another thread could get a pointer to the
interface by scanning the system-wide list and sleep
on the global vlan mutex held by vlan_unconfig().
The interface was gone by the time the other thread
woke up.

In order to be able to call vlan_unconfig() on a detached
interface, remove the purely cosmetic bzero'ing of IF_LLADDR
from the function because a detached interface has no addresses.

Noticed by:	a stress-testing script by maxim
Reviewed by:	glebius
2006-06-29 07:52:30 +00:00
Yaroslav Tykhiy
114c608c71 Remove a few unused things.
Fix some style and consistency points.
2006-06-29 07:30:39 +00:00
Yaroslav Tykhiy
185225ff52 Reduce unneeded code duplication. 2006-06-29 07:23:49 +00:00
Andrew Thompson
ae4748ad15 A small race existed where the lock was dropped between when encif was
tested and then set. [1]

Reorganise things to eliminate this, we now ensure that enc0 can not be
destroyed which as the benefit of no longer needing to lock in
ipsec_filter and ipsec_bpf. The cloner will create one interface during the
init so we can guarantee that encif will be valid before any SPD entries are
added to ipsec.

Spotted by:	glebius [1]
2006-06-28 21:57:35 +00:00
Andrew Thompson
f0ac1eedd5 Simplify ipsec_bpf by using bpf_mtap2(). 2006-06-27 01:53:12 +00:00
Andrew Thompson
bdea400f3b Add a pseudo interface for packet filtering IPSec connections before or after
encryption. There are two functions, a bpf tap which has a basic header with
the SPI number which our current tcpdump knows how to display, and handoff to
pfil(9) for packet filtering.

Obtained from:	OpenBSD
Based on:	kern/94829
No objections:	arch, net
MFC after:	1 month
2006-06-26 22:30:08 +00:00
Yaroslav Tykhiy
15ed2fa1f1 Fix the VLAN_ARRAY case, mostly regarding improper use of atomic(9)
in place of conventional rw locking.  Alas, atomic(9) can't buy us
lockless operation so easily.
2006-06-21 13:48:34 +00:00
Yaroslav Tykhiy
5cb8c31af1 Track interface department events and detach vlans from
departing trunk so that we don't get into trouble later
by dereferencing a stale pointer to dead trunk's things.

Prodded by:	oleg
Sponsored by:	RiNet (Cronyx Plus LLC)
MFC after:	1 week
2006-06-21 07:29:44 +00:00
Gleb Smirnoff
457f48e65c - First initialize ifnet, and then insert it into global
list.
- First remove from global list, then start destroying.

PR:		kern/97679
Submitted by:	Alex Lyashkov <shadow itt.net.ru>
Reviewed by:	rwatson, brooks
2006-06-21 06:02:35 +00:00
Andrew Thompson
690d79381a Allow gif interfaces to be added as span ports, the user may want to send a
copy of all packets to the other side of the world.
2006-06-20 21:28:18 +00:00
Max Laier
0dad3f0e15 Import interface groups from OpenBSD. This allows to group interfaces in
order to - for example - apply firewall rules to a whole group of
interfaces.  This is required for importing pf from OpenBSD 3.9

Obtained from:	OpenBSD (with changes)
Discussed on:	-net (back in April)
2006-06-19 22:20:45 +00:00
Andrew Thompson
615fccc52b Fix spelling mistake in comment. 2006-06-19 02:25:11 +00:00
Christian S.J. Peron
19ba8395e1 Since we are doing some bpf(4) clean up, change a couple of function prototypes
to be consistent. Also, ANSI'fy function definitions. There is no functional
change here.
2006-06-15 15:39:12 +00:00
Christian S.J. Peron
7eae78a419 If bpf(4) has not been compiled into the kernel, initialize the bpf interface
pointer to a zeroed, statically allocated bpf_if structure. This way the
LIST_EMPTY() macro will always return true. This allows us to remove the
additional unconditional memory reference for each packet in the fast path.

Discussed with:	sam
2006-06-14 02:23:28 +00:00
Andrew Thompson
80829fccd7 Use bit operations to get a locally administered address rather than using a
hardcoded OUI code.
2006-06-12 22:43:37 +00:00
Max Khon
affcaf7871 Fix KASSERT conditions in if_deregister_com_alloc(). 2006-06-11 22:09:28 +00:00
Andrew Thompson
b3a1f9373a Allow bridge and carp to play nicely together by returning the packet if its
destined for a carp interface.

Obtained from:	OpenBSD
MFC after:	2 weeks
2006-06-08 23:40:16 +00:00
Qing Li
1a41f91052 Assuming the interface has an address of x.x.x.195, a mask of
255.255.255.0, and a default route with gateway x.x.x.1. Now if
the address mask is changed to something more specific, e.g.,
255.255.255.128, then after the mask change the default gateway
is no longer reachable.

Since the default route is still present in the routing table,
when the output code tries to resolve the address of the default
gateway in function rt_check(), again, the default route will be
returned by rtalloc1(). Because the lock is currently held on the
rtentry structure, one more attempt to hold the lock will trigger
a crash due to "lock recursed on non-recursive mutex ..."

This is a general problem. The fix checks for the above condition
so that an existing route entry is not mistaken for a new cloned
route. Approriately, an ENETUNREACH error is returned back to the
caller

Approved by:	andre
2006-06-05 21:20:21 +00:00