d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
914bffb6ab
freebsd-dev/sys/netinet
History
Alexander V. Chernikov 914bffb6ab * Add new "flow" table type to support N=1..5-tuple lookups 
* Add "flow:hash" algorithm

Kernel changes:
* Add O_IP_FLOW_LOOKUP opcode to support "flow" lookups
* Add IPFW_TABLE_FLOW table type
* Add "struct tflow_entry" as strage for 6-tuple flows
* Add "flow:hash" algorithm. Basically it is auto-growing chained hash table.
  Additionally, we store mask of fields we need to compare in each instance/

* Increase ipfw_obj_tentry size by adding struct tflow_entry
* Add per-algorithm stat (ifpw_ta_tinfo) to ipfw_xtable_info
* Increase algoname length: 32 -> 64 (algo options passed there as string)
* Assume every table type can be customized by flags, use u8 to store "tflags" field.
* Simplify ipfw_find_table_entry() by providing @tentry directly to algo callback.
* Fix bug in cidr:chash resize procedure.

Userland changes:
* add "flow table(NAME)" syntax to support n-tuple checking tables.
* make fill_flags() separate function to ease working with _s_x arrays
* change "table info" output to reflect longer "type" fields

Syntax:
ipfw table fl2 create type flow:[src-ip][,proto][,src-port][,dst-ip][dst-port] [algo flow:hash]

Examples:

0:02 [2] zfscurr0# ipfw table fl2 create type flow:src-ip,proto,dst-port algo flow:hash
0:02 [2] zfscurr0# ipfw table fl2 info
+++ table(fl2), set(0) +++
 kindex: 0, type: flow:src-ip,proto,dst-port
 valtype: number, references: 0
 algorithm: flow:hash
 items: 0, size: 280
0:02 [2] zfscurr0# ipfw table fl2 add 2a02:6b8::333,tcp,443 45000
0:02 [2] zfscurr0# ipfw table fl2 add 10.0.0.92,tcp,80 22000
0:02 [2] zfscurr0# ipfw table fl2 list
+++ table(fl2), set(0) +++
2a02:6b8::333,6,443 45000
10.0.0.92,6,80 22000
0:02 [2] zfscurr0# ipfw add 200 count tcp from me to 78.46.89.105 80 flow 'table(fl2)'
00200 count tcp from me to 78.46.89.105 dst-port 80 flow table(fl2)
0:03 [2] zfscurr0# ipfw show
00200   0     0 count tcp from me to 78.46.89.105 dst-port 80 flow table(fl2)
65535 617 59416 allow ip from any to any
0:03 [2] zfscurr0# telnet -s 10.0.0.92 78.46.89.105 80
Trying 78.46.89.105...
..
0:04 [2] zfscurr0# ipfw show
00200   5   272 count tcp from me to 78.46.89.105 dst-port 80 flow table(fl2)
65535 682 66733 allow ip from any to any
2014-07-31 20:08:19 +00:00
..
cc Fixup for r261590 (vnet sysctl handlers cleanup). 2014-02-09 08:13:17 +00:00
khelp
libalias It'll be okay to use LibAliasDetachHandlers() here, relying 2013-12-25 09:43:51 +00:00
accf_data.c
accf_dns.c
accf_http.c
cc.h
icmp6.h
icmp_var.h Remove more constants related to static sysctl nodes. The MAXID constants 2014-02-25 18:44:33 +00:00
if_atm.c
if_atm.h
if_ether.c Correct ARP update handling when the routes for network interfaces are 2014-03-26 22:46:03 +00:00
if_ether.h
igmp_var.h Remove more constants related to static sysctl nodes. The MAXID constants 2014-02-25 18:44:33 +00:00
igmp.c
igmp.h
in_cksum.c
in_debug.c
in_gif.c
in_gif.h
in_kdtrace.c dtrace sdt: remove the ugly sname parameter of SDT_PROBE_DEFINE 2013-11-26 08:46:27 +00:00
in_kdtrace.h dtrace sdt: remove the ugly sname parameter of SDT_PROBE_DEFINE 2013-11-26 08:46:27 +00:00
in_mcast.c Fix various places where we don't properly release a lock 2014-01-16 22:14:54 +00:00
in_pcb.c Fix unintended KBI change from r264905. Add _fib versions of 2014-05-29 21:03:49 +00:00
in_pcb.h Add the flowtype to the inpcb. 2014-05-18 22:30:12 +00:00
in_pcbgroup.c Several years after initial development, merge prototype support for 2014-03-15 00:57:50 +00:00
in_proto.c Add support for UDP-Lite protocol (RFC 3828) to IPv4 and IPv6 stacks. 2014-04-07 01:53:03 +00:00
in_rmx.c Fix panic on IPv4 address removal introduced in r265279. 2014-05-03 20:22:13 +00:00
in_rss.c The users of RSS shouldn't be directly concerned about hash -> CPU ID 2014-05-27 08:06:20 +00:00
in_rss.h The users of RSS shouldn't be directly concerned about hash -> CPU ID 2014-05-27 08:06:20 +00:00
in_systm.h
in_var.h
in.c Fix a panic when removing an IP address from an interface, if the same address 2014-04-29 14:46:45 +00:00
in.h netinet/in.h: Expose htonl(), htons(), ntohl() and ntohs() in strict POSIX 2014-05-29 15:23:37 +00:00
ip6.h
ip_carp.c Improve logging of send errors, reporting error code and interface. 2014-02-22 19:20:40 +00:00
ip_carp.h
ip_divert.c
ip_divert.h
ip_dummynet.h ECN marking implenetation for dummynet. 2014-06-01 07:28:24 +00:00
ip_ecn.c
ip_ecn.h
ip_encap.c
ip_encap.h
ip_fastfwd.c - Remove rt_metrics_lite and simply put its members into rtentry. 2014-03-05 01:17:47 +00:00
ip_fw.h * Add new "flow" table type to support N=1..5-tuple lookups 2014-07-31 20:08:19 +00:00
ip_gre.c Remove AppleTalk support. 2014-03-14 06:29:43 +00:00
ip_gre.h
ip_icmp.c Don't copy the MF flag from original IP header to ICMP error message. 2014-03-31 13:00:49 +00:00
ip_icmp.h
ip_id.c
ip_input.c Fix checksum computation. Previously it didn't include carry. 2014-05-13 05:07:03 +00:00
ip_ipsec.c - Remove rt_metrics_lite and simply put its members into rtentry. 2014-03-05 01:17:47 +00:00
ip_ipsec.h
ip_mroute.c Fix fallout from r241923. Calculate length of payload in 2014-01-22 10:57:42 +00:00
ip_mroute.h
ip_options.c Fix unintended KBI change from r264905. Add _fib versions of 2014-05-29 21:03:49 +00:00
ip_options.h
ip_output.c Fix unintended KBI change from r264905. Add _fib versions of 2014-05-29 21:03:49 +00:00
ip_var.h Since both netinet/ and netinet6/ call into netipsec/ and netpfil/, 2014-03-12 14:29:08 +00:00
ip.h
pim_var.h Remove more constants related to static sysctl nodes. The MAXID constants 2014-02-25 18:44:33 +00:00
pim.h
raw_ip.c Fix jailed raw sockets not setting the correct source address by 2014-04-24 12:52:31 +00:00
sctp_asconf.c Make sure that we don't try to build an ASCONF-ACK chunk 2013-11-07 17:08:09 +00:00
sctp_asconf.h
sctp_auth.c Get rid of the artification limitation enforced by 2013-11-07 18:50:11 +00:00
sctp_auth.h Get rid of the artification limitation enforced by 2013-11-07 18:50:11 +00:00
sctp_bsd_addr.c In 2013-11-30 12:51:19 +00:00
sctp_bsd_addr.h
sctp_cc_functions.c
sctp_constants.h Use SCTP_OVER_UDP_TUNNELING_PORT more consistently. 2014-03-29 20:21:36 +00:00
sctp_crc32.c
sctp_crc32.h
sctp_dtrace_declare.h - For kernel compiled only with KDTRACE_HOOKS and not any lock debugging 2013-11-25 07:38:45 +00:00
sctp_dtrace_define.h dtrace sdt: remove the ugly sname parameter of SDT_PROBE_DEFINE 2013-11-26 08:46:27 +00:00
sctp_header.h
sctp_indata.c Don't free an mbuf twice. This only happens in very rare error 2014-04-23 21:20:55 +00:00
sctp_indata.h
sctp_input.c * Provide information in error causes in ASCII instead of 2014-03-16 12:32:16 +00:00
sctp_input.h
sctp_lock_bsd.h
sctp_os_bsd.h - Remove rt_metrics_lite and simply put its members into rtentry. 2014-03-05 01:17:47 +00:00
sctp_os.h
sctp_output.c Use ENOBUFS instead of ENOMEM in error situations related to m_uiotombuf(). 2014-06-05 12:51:12 +00:00
sctp_output.h
sctp_pcb.c Remove unused code. This is triggered by the bugreport of Sylvestre Ledru 2014-05-06 16:51:07 +00:00
sctp_pcb.h
sctp_peeloff.c
sctp_peeloff.h
sctp_ss_functions.c
sctp_structs.h
sctp_sysctl.c * Provide information in error causes in ASCII instead of 2014-03-16 12:32:16 +00:00
sctp_sysctl.h Use SCTP_OVER_UDP_TUNNELING_PORT more consistently. 2014-03-29 20:21:36 +00:00
sctp_timer.c * Provide information in error causes in ASCII instead of 2014-03-16 12:32:16 +00:00
sctp_timer.h
sctp_uio.h
sctp_usrreq.c * Provide information in error causes in ASCII instead of 2014-03-16 12:32:16 +00:00
sctp_var.h
sctp.h Send the correct error cause, when a DATA chunk with no user data 2014-04-19 19:21:06 +00:00
sctputil.c Send also a packet containing an ABORT chunk in response to an OOTB packet 2014-04-20 18:15:23 +00:00
sctputil.h Send the correct error cause, when a DATA chunk with no user data 2014-04-19 19:21:06 +00:00
siftr.c
tcp_debug.c
tcp_debug.h
tcp_fsm.h
tcp_hostcache.c
tcp_hostcache.h
tcp_input.c Remove the prototpye for the static inline function 2014-05-24 15:31:40 +00:00
tcp_lro.c
tcp_lro.h
tcp_offload.c
tcp_offload.h
tcp_output.c - Remove rt_metrics_lite and simply put its members into rtentry. 2014-03-05 01:17:47 +00:00
tcp_reass.c - Remove net.inet.tcp.reass.overflows sysctl. It counts exactly 2014-05-06 00:00:07 +00:00
tcp_sack.c
tcp_seq.h
tcp_subr.c The FreeBSD-SA-14:08.tcp was a lesson on not doing acrobatics with 2014-05-04 23:25:32 +00:00
tcp_syncache.c syncache_lookup() is a file local function. Make it static and 2014-05-24 15:03:36 +00:00
tcp_syncache.h
tcp_timer.c When RSS is enabled and per cpu TCP timers are enabled, do an RSS 2014-05-18 22:39:01 +00:00
tcp_timer.h Currently, the TCP slow timer can starve TCP input processing while it 2014-04-10 18:15:35 +00:00
tcp_timewait.c While PAWS is disabled, there are no consumers for the tcp options 2014-05-30 22:34:06 +00:00
tcp_usrreq.c The FreeBSD-SA-14:08.tcp was a lesson on not doing acrobatics with 2014-05-04 23:25:32 +00:00
tcp_var.h Make tcp_twrespond() file local private; this removes it from the 2014-05-24 14:01:18 +00:00
tcp.h
tcpip.h
toecore.c
toecore.h
toeplitz.c Several years after initial development, merge prototype support for 2014-03-15 00:57:50 +00:00
toeplitz.h Several years after initial development, merge prototype support for 2014-03-15 00:57:50 +00:00
udp_usrreq.c Disable TX checksum offload for UDP-Lite completely. It wasn't used for 2014-05-12 09:46:48 +00:00
udp_var.h Fix build UDP-Lite with VIMAGE enabled when building with gcc. 2014-06-03 01:30:32 +00:00
udp.h
udplite.h Add support for UDP-Lite protocol (RFC 3828) to IPv4 and IPv6 stacks. 2014-04-07 01:53:03 +00:00