Commit Graph

1625 Commits

Author SHA1 Message Date
Ruslan Ermilov
6ee20ab521 Allocate the M_VLANTAG m_pkthdr flag, and use it to indicate that
a packet has VLAN mbuf tag attached.  This is faster to check than
m_tag_locate(), and allows us to use the tags in non-vlan(4) VLAN
producers.

The first argument to VLAN_OUTPUT_TAG() is now unused but retained
for backward compatibility.

While here, embellish a fix in rev. 1.174 of if_ethersubr.c -- it
now checks for packets with VLAN (mbuf) tags, and it should now
be possible to bridge(4) on vlan(4)'s whose parent interfaces
support VLAN decapsulation in hardware.

Reviewed by:	sam
2005-02-18 22:31:19 +00:00
Gleb Smirnoff
eb46c866bb Check for non-NULL ac_netgraph field in interface arpcom, instead of
checking global presence of ng_ether(4).

Reviewed by:	ru
2005-02-14 11:58:54 +00:00
Ruslan Ermilov
6c23e6cc5a If no vlan(4) interfaces are configured for the interface, and the
driver did VLAN decapsulation in hardware, we were passing a frame
as if it came for the parent (non-VLAN) interface.  Stop this from
happening.

Reminded by:	glebius
Security:	This could pose a security risk in some setups
2005-02-14 08:29:42 +00:00
Xin LI
b0b4b28bf1 Validate ifc->ifc_len before submitting its incarnation to sbuf_new,
which will finally lead to kernel panic.

Security:	This prevents a local (root-launched) DoS
Submitted by:	Wojciech A. Koszek [dunstan at freebsd czest pl]
PR:		77421
MFC After:	1 week
2005-02-12 17:51:12 +00:00
Poul-Henning Kamp
c711aea6ca Make a bunch of malloc types static.
Found by:	src/tools/tools/kernxref
2005-02-10 12:02:37 +00:00
Gleb Smirnoff
8b02df2485 Log changes of link state.
Reviewed by:	rwatson
2005-01-30 12:57:47 +00:00
Robert Watson
31c436a2a9 Acquire the raw_cb mutex around LIST_REMOVE() of a raw socket control
block from the global raw socket list.

Submitted by:	Roselyn Lee <rosel at verniernetworks dot com>
MFC after:	1 week
2005-01-24 22:56:09 +00:00
Yaroslav Tykhiy
cab574d841 Fix spelling in a comment. 2005-01-24 15:48:00 +00:00
Yaroslav Tykhiy
c6e6ca3e7b Reduce the global name space pollution.
The cloner structure isn't referenced by name outside this file.
2005-01-23 23:10:33 +00:00
Gleb Smirnoff
28935658c4 - Reduce number of arguments passed to dummynet_io(), we already have cookie
in struct ip_fw_args itself.
- Remove redundant &= 0xffff from dummynet_io().
2005-01-16 11:13:18 +00:00
Gleb Smirnoff
c31d24c37c Remove ip_fw.h and ip_dummynet.h from includes. 2005-01-15 22:04:17 +00:00
Gleb Smirnoff
6c69a7c30b o Clean up interface between ip_fw_chk() and its callers:
- ip_fw_chk() returns action as function return value. Field retval is
  removed from args structure. Action is not flag any more. It is one
  of integer constants.
- Any action-specific cookies are returned either in new "cookie" field
  in args structure (dummynet, future netgraph glue), or in mbuf tag
  attached to packet (divert, tee, some future action).

o Convert parsing of return value from ip_fw_chk() in ipfw_check_{in,out}()
  to a switch structure, so that the functions are more readable, and a future
  actions can be added with less modifications.

Approved by:	andre
MFC after:	2 months
2005-01-14 09:00:46 +00:00
Giorgos Keramidas
2ccfeeaef4 Fix a typo in a comment that may be confusing if one doesn't really
check what the code does.  Separators are spaces, commas or tabs;
not '*' characters (as one may assume by reading the old comment).
2005-01-11 10:47:51 +00:00
Hajimu UMEMOTO
529ed56f83 don't see NBPFILTER. 2005-01-11 07:17:33 +00:00
Hajimu UMEMOTO
2d106a00c9 remove HAVE_OLD_BPF part. 2005-01-11 07:14:37 +00:00
Hajimu UMEMOTO
4b9a5e9f07 we are not OLD_BPF system. 2005-01-11 07:08:15 +00:00
Hajimu UMEMOTO
9b1a707635 fix typo. 2005-01-11 07:05:56 +00:00
Gleb Smirnoff
1c7899c74e This change adds reliability for Ethernet trunks built with ng_one2many:
- Introduce another ng_ether(4) callback ng_ether_link_state_p, which
  is called from if_link_state_change(), every time link is changed.
- In ng_ether_link_state() send netgraph control message notifying
  of link state change to a node connected to "lower" hook.

Reviewed by:	sam
MFC after:	2 weeks
2005-01-08 12:42:03 +00:00
Warner Losh
c398230b64 /* -> /*- for license, minor formatting changes 2005-01-07 01:45:51 +00:00
Roman Kurakin
d676cb6fad Add FR support to sppp (MFCronyx).
Silence on: net@, current@, hackers@.
No objections: joerg

Requested by: by many (mostly Cronyx) users for a long long time.
MFC after:	10 days

PR:		kern/21771, kern/66348
2004-12-28 00:07:57 +00:00
Pawel Jakub Dawidek
77fc70c1ef Fix mbuf leak.
Submitted by:	Johnny Eriksson <bygg@cafax.se>
MFC after:	5 days
2004-12-27 15:53:44 +00:00
Poul-Henning Kamp
f62f3a1121 Include fcntl.h
Include selinfo.h (don't rely on vnode.h to do so)
Check O_NONBLOCK instead of IO_NELAY
Don't include vnode.h
2004-12-22 17:39:21 +00:00
Poul-Henning Kamp
9eaed5e66e Don't include filedesc.h
Include fcntl.h
Include selinfo.h (don't rely on vnode.h to do so)
Check O_NONBLOCK instead of IO_NDELAY
Don't include vnode.h
2004-12-22 17:38:43 +00:00
Poul-Henning Kamp
e76eee5562 Include fcntl.h
Check O_NONBLOCK instead of IO_NDELAY
Include uio.h
Don't include vnode.h
Don't include filedesc.h
2004-12-22 17:37:57 +00:00
Poul-Henning Kamp
27d7317dda Check O_NONBLOCK instead of IO_NDELAY.
Don't include <sys/vnode.h>
2004-12-22 17:32:53 +00:00
John-Mark Gurney
86c9a45388 don't try to recurse on the bpf lock.. kqueue already locks the bpf lock
now...

Submitted by:	Ed Maste of Sandvine Inc.
MFC after:	1 week
2004-12-17 03:21:46 +00:00
Roman Kurakin
1fd90fb4a0 Kill double inclusion for <netinet/in.h> and <netinet/in_systm.h>. 2004-12-14 18:18:54 +00:00
Roman Kurakin
e42ddbdf64 Make sppp MPSAFE.
MPSAFE could be turned off by IFF_NEEDSGIANT.

Silence on: net@, current@, hackers@.
No objections: joerg
2004-12-12 14:54:15 +00:00
Sam Leffler
94f5c9cfc0 Cleanup link state change notification:
o add new if_link_state_change routine that deals with link state changes
o change mii to use if_link_state_change
2004-12-08 05:45:59 +00:00
Sam Leffler
3518d22073 Don't require a device to be marked up when issuing BIOCSETIF. 2004-12-08 05:40:02 +00:00
Max Laier
69fb23b73d Implement the check I was talking about in the previous message already.
Introduce domain_init_status to keep track of the init status of the domains
list (surprise). 0 = uninitialized, 1 = initialized/unpopulated, 2 =
initialized/done. Higher values can be used to support late addition of
domains which right now "works", but is potential dangerous. I choose to
only give a warning when doing so.

Use domain_init_status with if_attachdomain[1]() to ensure that we have a
complete domains list when we init the if_afdata array. Store the current
value of domain_init_status in if_afdata_initialized. This way we can update
if_afdata after a new protocol has been added (once that is allowed).

Submitted by:	se (with changes)
Reviewed by:	julian, glebius, se
PR:		kern/73321	(partly)
2004-11-30 22:38:37 +00:00
Robert Watson
6237419d5c Assign if_broadcastaddr to NULL not 0 in if_attach().
Printf() a warning if if_attachdomain() is called more than once on an
  interface to generate some noise on mailing lists when this occurs.

Fix up style in if_start(), where spaces crept in instead of tabs at
some point.

MFC after:	1 week
MFC note:	Not the printf().
2004-11-23 23:31:33 +00:00
John-Mark Gurney
1f48dc25d7 sync comment on IFF_OACTIVE with reality.. IFF_OACTIVE is set when the
hardware cannot take anymore packets, and so will supress the calling of
the device's if_start method...

Submitted by:	bde
2004-11-17 18:32:44 +00:00
Max Laier
0b39ef4db1 Remove the #if 0 wrapping around !ALTQ stuff that can't be used due to ABI
stability anyway.
2004-11-09 21:29:28 +00:00
Poul-Henning Kamp
756d52a195 Initialize struct pr_userreqs in new/sparse style and fill in common
default elements in net_init_domain().

This makes it possible to grep these structures and see any bogosities.
2004-11-08 14:44:54 +00:00
Olivier Houchard
943efa1bd1 Don't abuse tp->t_sc in sl(4) either. 2004-11-07 14:36:47 +00:00
Olivier Houchard
7358f4bb52 Don't abuse tp->t_sc, as it is now used by tty drivers.
This fixes the panic that occurs when using ppp(4)

Reported and tested by:	Yann Berthier (yb at sainte-barbe dot org)
2004-11-07 14:35:53 +00:00
Gleb Smirnoff
411f23b06e Utilize m_uiotombuf() in device write method, instead of home-grown
implementation. This also gives a performance improvement, because
m_uiotombuf() utilizes clusters.

Approved by:	julian (mentor)
MFC after:	1 month
2004-10-31 17:39:46 +00:00
Robert Watson
0b762445b9 Move if_handoff() from an inline in if_var.h to a function to if.c
in orden to harden the ABI for 5.x; this will permit us to modify
the locking in the ifnet packet dispatch without requiring drivers
to be recompiled.

MFC after:	3 days
Discussed at:	EuroBSDCon Developer's Summit
2004-10-30 09:39:13 +00:00
Robert Watson
b4d4574a55 Add additional "spare" fields to 'struct ifnet' in order to improve
the resistance of the network driver ABI to changes that will be
required as we optimize locking.

MFC after:	3 days
Discussed at:	Developer Summit
2004-10-30 08:45:13 +00:00
John-Mark Gurney
2f27e1512c use NULL instead of 0 when casting/comparing w/ a pointer... 2004-10-25 17:04:40 +00:00
Robert Watson
31302ebf9d Define IFF_LOCKGIANT() and IFF_UNLOCKGIANT() macros, which conditionally
acquire Giant if the passed interface has IFF_NEEDSGIANT set on it.
Modify calls into (ifp)->if_ioctl() in if.c to use these macros in order
to ensure that Giant is held.

MFC after:	3 days
Bumped into by:	jmg
2004-10-19 18:11:55 +00:00
Robert Watson
81158452be Push acquisition of the accept mutex out of sofree() into the caller
(sorele()/sotryfree()):

- This permits the caller to acquire the accept mutex before the socket
  mutex, avoiding sofree() having to drop the socket mutex and re-order,
  which could lead to races permitting more than one thread to enter
  sofree() after a socket is ready to be free'd.

- This also covers clearing of the so_pcb weak socket reference from
  the protocol to the socket, preventing races in clearing and
  evaluation of the reference such that sofree() might be called more
  than once on the same socket.

This appears to close a race I was able to easily trigger by repeatedly
opening and resetting TCP connections to a host, in which the
tcp_close() code called as a result of the RST raced with the close()
of the accepted socket in the user process resulting in simultaneous
attempts to de-allocate the same socket.  The new locking increases
the overhead for operations that may potentially free the socket, so we
will want to revise the synchronization strategy here as we normalize
the reference counting model for sockets.  The use of the accept mutex
in freeing of sockets that are not listen sockets is primarily
motivated by the potential need to remove the socket from the
incomplete connection queue on its parent (listen) socket, so cleaning
up the reference model here may allow us to substantially weaken the
synchronization requirements.

RELENG_5_3 candidate.

MFC after:	3 days
Reviewed by:	dwhite
Discussed with:	gnn, dwhite, green
Reported by:	Marc UBM Bocklet <ubm at u-boot-man dot de>
Reported by:	Vlad <marchenko at gmail dot com>
2004-10-18 22:19:43 +00:00
Gleb Smirnoff
a176c2aeaf Fix packet flow when both ng_ether(4) and bridge(4) are in use:
- push all bridge logic from if_ethersubr.c into bridge.c
  make bridge_in() return mbuf pointer (or NULL).
- call only bridge_in() from ether_input(), after ng_ether_input()
  was optinally called.
- call bridge_in() from ng_ether_rcv_upper().

Long description:	http://lists.freebsd.org/mailman/htdig/freebsd-net/2004-May/003881.html
Reported by:		Jian-Wei Wang <jwwang at FreeBSD.csie.NCTU.edu.tw>
Tested by:		myself, Sergey Lyubka
Reviewed by:		sam
Approved by:		julian (mentor)
MFC after:		2 months
2004-10-12 10:33:42 +00:00
Andre Oppermann
de10fe70e1 Correctly unregister a netisr by clearing the ni->ni_queue field to NULL as
well.  This field is actually used by various netisr functions to determine
the availablility of the specified netisr.  This uncomplete unregister leads
directly to a crash when the KLD unregistering the netisr is unloaded.

Submitted by:	Sam <sah@softcardsystems.com>
MFC after:	3 days
2004-10-11 20:01:43 +00:00
Robert Watson
acf032f516 When harvesting entropy from an ethernet mbuf, do so before freeing the
mbuf.

RELENG_5 candidate.
2004-10-11 10:21:34 +00:00
Gleb Smirnoff
570343bfec Assign pointer NULL, not 0.
Approved by:	julian (mentor)
2004-10-11 07:28:36 +00:00
Max Laier
85bba4455a Change pfil starvation prevention from fail-open to fail-close.
We return ENOBUF to indicate the problem, which is an errno that should be
handled well everywhere.

Requested & Submitted by:	green
Silently okay'ed by:		The rest of the firewall gang
MFC after:			3 days
2004-10-08 12:07:20 +00:00
Brooks Davis
ab67442f0c Since net/net_osdep.c contained only one function that could be
trivially implemented as a macro, do that and remove it.  NetBSD did
this quite a while ago.
2004-10-08 00:24:30 +00:00
Brian Feldman
93daabdd83 Don't recurse the BPF descriptor lock during the BIOCSDLT operation
(and panic).  To try to finish making BPF safe, at the very least,
the BPF descriptor lock really needs to change into a reader/writer
lock that controls access to "settings," and a mutex that controls
access to the selinfo/knote/callout.  Also, use of callout_drain()
instead of callout_stop() (which is really a much more widespread
issue).
2004-10-06 04:25:37 +00:00