Commit Graph

1171 Commits

Author SHA1 Message Date
Alexander V. Chernikov
3a0cd8db78 Fix panic in ng_patch(4) caused by checksum flags being added to mbuf flags.
Tested by:        Maxim Ignatenko <gelraen.ua@gmail.com>
Approved by:      kib(mentor)

MFC after:        3 days
2012-04-22 17:00:52 +00:00
Marko Zec
5bc2249ff8 #include <net/vnet.h> is no longer needed here.
Spotted by:	Ed Maste
MFC after:	3 days.
2012-04-16 13:41:46 +00:00
Hans Petter Selasky
6d917491f5 Fix compiler warnings, mostly signed issues,
when USB modules are compiled with WARNS=9.

MFC after:	1 weeks
2012-04-02 10:50:42 +00:00
Alexander V. Chernikov
147972555f Use rt_numfibs variable instead of compile-time RT_NUMFIBS.
Reviewed by:    glebius (previous version)
Approved by:    kib(mentor), ae(mentor)
2012-03-13 11:08:40 +00:00
Adrian Chadd
bbf53c35ea Upgrade the netgraph vlan node to support 802.1q, encapsulation type,
PCP and CFI fields.

* Ethernet_type for VLAN encapsulation is tunable, default is 0x8100;
* PCP (Priority code point) and CFI (canonical format indicator) is
  tunable per VID;
* Tunable encapsulation to support 802.1q
* Encapsulation/Decapsulation code improvements

New messages have been added for this netgraph node to support the
new features.

However, the legacy "vlan" id is still supported and compiled in by
default.  It can be disabled in a future release.

TODO:

* Documentation
* Examples

PR:		kern/161908
Submitted by:	Ivan <rozhuk.im@gmail.com>
2012-03-11 19:08:56 +00:00
Gleb Smirnoff
77a117ca28 Revert r231829, that was my braino. 2012-02-22 09:08:51 +00:00
Gleb Smirnoff
687adb703d Refactor the name hash and the ID hash, that are used to address nodes:
- Make hash sizes growable, to satisfy users running large mpd
  installations, having thousands of nodes.
- NG_NAMEHASH() proved to give a very bad distribution in real life
  name sets, while generic hash32_str(name, HASHINIT) proved to give
  an even one, so you the latter for name hash.
- Do not store unnamed nodes in slot 0 of name hash, no reason for that.
- Use the ID hash in cases when we need to run through all nodes: the
  NGM_LISTNODES command and in the vnet_netgraph_uninit().
- Implement NGM_LISTNODES and NGM_LISTNAMES as separate code, the former
  iterates through the ID hash, and the latter through the name hash.
- Keep count of all nodes and of named nodes, so that we don't need
  to count nodes in NGM_LISTNODES and NGM_LISTNAMES. The counters are
  also used to estimate whether we need to grow hashes.
- Close a race between two threads running ng_name_node() assigning same
  name to different nodes.
2012-02-16 19:10:01 +00:00
Gleb Smirnoff
320d00eee8 Specify correct loading order for core of netgraph(4). 2012-02-16 18:54:44 +00:00
Gleb Smirnoff
04fdc6c689 Supply correct "how" argument to the uma_zcreate(). 2012-02-16 18:51:12 +00:00
Gleb Smirnoff
8338a34a82 In ng_getsockaddr() allocate memory prior to obtaining lock.
Reported & tested by:	Mykola Dzham <i levsha.me>
2012-02-16 14:44:52 +00:00
Gleb Smirnoff
b99a737923 Fix includes list.
Submitted by:	bde
2012-02-15 15:54:57 +00:00
Gleb Smirnoff
923d1d7814 Trim double empty lines. 2012-02-15 15:06:03 +00:00
Gleb Smirnoff
3eb05c287a Remove testing stuff, reducing kernel memory footprint by 1 Kb.
Anyway, when we are building a LINT kernel, all these macros
are tested via nodes.
2012-02-15 14:56:18 +00:00
Gleb Smirnoff
c3189b3fb4 In ng_bypass() add more protection against potential race
with ng_rmnode() and its followers.
2012-02-15 14:29:23 +00:00
Gleb Smirnoff
19afcd9829 style(9): sort includes. 2012-02-15 14:26:50 +00:00
Gleb Smirnoff
dea55037d0 No need to optimise for a node with no hooks, my braino. 2012-02-13 13:07:56 +00:00
Max Khon
36fb423e4f - Use fixed-width integer types.
- Prefer to use C99 stdint types.

This fixes ng_cisco on 64-bit architectures.

MFC after:	1 week
2012-02-12 05:14:12 +00:00
Ed Schouten
7870adb640 Remove direct access to si_name.
Code should just use the devtoname() function to obtain the name of a
character device. Also add const keywords to pieces of code that need it
to build properly.

MFC after:	2 weeks
2012-02-10 12:35:57 +00:00
Gleb Smirnoff
48a47609bc Provide a findhook method for ng_socket(4). The node stores a
hash with names of its hooks. It starts with size of 16, and
grows when number of hooks reaches twice the current size. A
failure to grow (memory is allocated with M_NOWAIT) isn't
fatal, however.

I used standard hash(9) function for the hash. With 25000
hooks named in the mpd (ports/net/mpd5) manner of "b%u", the
distributions is the following: 72.1% entries consist of one
element, 22.1% consist of two, 5.2% consist of three and
0.6% of four.

Speedup in a synthetic test that creates 25000 hooks and then
runs through a long cyclce dereferencing them in a random order
is over 25 times.
2012-01-23 16:43:13 +00:00
Gleb Smirnoff
4b2b8a370c In ng_socket(4) expose less kernel internals to userland. This commit
breaks ABI, but makes probability of ABI breakage in future less.
2012-01-23 15:39:45 +00:00
Gleb Smirnoff
c4282b741b Convert locks that protect name hash, ID hash and typelist from
mutex(9) to rwlock(9) based locks.

While here remove dropping lock when processing NGM_LISTNODES,
and NGM_LISTTYPES generic commands. We don't need to drop it
since memory allocation is done with M_NOWAIT.
2012-01-23 15:17:14 +00:00
Gleb Smirnoff
bdc99a491d The newhook method can be called in ISR context at
certain circumstances, so better use M_NOWAIT in it.
2012-01-17 18:10:25 +00:00
Gleb Smirnoff
fe4ead276d Add missing static. 2012-01-16 12:33:55 +00:00
Gleb Smirnoff
abe5a2ce52 Remove some disabled NOTYET code. Probability of enabling it is low,
if anyone wants, he/she can take it from svn.
2012-01-16 12:31:33 +00:00
Ed Schouten
dc15eac046 Use strchr() and strrchr().
It seems strchr() and strrchr() are used more often than index() and
rindex(). Therefore, simply migrate all kernel code to use it.

For the XFS code, remove an empty line to make the code identical to
the code in the Linux kernel.
2012-01-02 12:12:10 +00:00
Gleb Smirnoff
4bd1b55756 style(9), whitespace and spelling nits. 2011-12-30 15:41:28 +00:00
Brooks Davis
4b22573a89 In r191367 the need for if_free_type() was removed and a new member
if_alloctype was used to store the origional interface type.  Take
advantage of this change by removing all existing uses of if_free_type()
in favor of if_free().

MFC after:	1 Month
2011-11-11 22:57:52 +00:00
Ed Schouten
6472ac3d8a Mark all SYSCTL_NODEs static that have no corresponding SYSCTL_DECLs.
The SYSCTL_NODE macro defines a list that stores all child-elements of
that node. If there's no SYSCTL_DECL macro anywhere else, there's no
reason why it shouldn't be static.
2011-11-07 15:43:11 +00:00
Ed Schouten
d745c852be Mark MALLOC_DEFINEs static that have no corresponding MALLOC_DECLAREs.
This means that their use is restricted to a single C file.
2011-11-07 06:44:47 +00:00
Max Khon
4cf39b5da4 - Fix potential double mbuf free: M_PREPEND may free mbuf chain and return
NULL but item will still have the reference ot the mbuf chain and will free
it upon destruction.
- Fix memory leak (unfree'd item on error path).
2011-11-06 05:24:54 +00:00
Max Khon
6812e78328 Fix potential double mbuf free: M_PREPEND may free mbuf chain and return
NULL but item will still have the reference ot the mbuf chain and will free
it upon destruction.
2011-11-06 05:23:42 +00:00
Max Khon
707d205808 Constify "address" argument of ng_address_path(). 2011-11-06 05:20:27 +00:00
Gleb Smirnoff
e5fe87b387 - If KDB & NETGRAPH_DEBUG are on, print traces on discovered failed
invariants.
- Reduce tautology in NETGRAPH_DEBUG output.
2011-10-27 09:43:25 +00:00
Alexander V. Chernikov
7aabe9d9e0 Free mbuf in case when protocol in unknown in ng_ipfw_rcvdata().
This change fixes (theoretically) possible mbuf leak introduced in
r225586. Reorder code a bit and change return codes to be more specific

Reviewed by:	glebius
Approved by:    kib (mentor)
2011-10-10 09:33:07 +00:00
Andrey V. Elsukov
f2a66f8e17 Add IPv6 support to the ng_ipfw(4) [1]. Also add ifdefs to be able
build it with and without INET/INET6 support.

Submitted by:	Alexander V. Chernikov <melifaro at yandex-team.ru> [1]
Tested by:	Alexander V. Chernikov <melifaro at yandex-team.ru> [1]
Approved by:	re (bz)
MFC after:	2 weeks
2011-09-15 12:28:17 +00:00
Robert Watson
a9d2f8d84f Second-to-last commit implementing Capsicum capabilities in the FreeBSD
kernel for FreeBSD 9.0:

Add a new capability mask argument to fget(9) and friends, allowing system
call code to declare what capabilities are required when an integer file
descriptor is converted into an in-kernel struct file *.  With options
CAPABILITIES compiled into the kernel, this enforces capability
protection; without, this change is effectively a no-op.

Some cases require special handling, such as mmap(2), which must preserve
information about the maximum rights at the time of mapping in the memory
map so that they can later be enforced in mprotect(2) -- this is done by
narrowing the rights in the existing max_protection field used for similar
purposes with file permissions.

In namei(9), we assert that the code is not reached from within capability
mode, as we're not yet ready to enforce namespace capabilities there.
This will follow in a later commit.

Update two capability names: CAP_EVENT and CAP_KEVENT become
CAP_POST_KEVENT and CAP_POLL_KEVENT to more accurately indicate what they
represent.

Approved by:	re (bz)
Submitted by:	jonathan
Sponsored by:	Google Inc
2011-08-11 12:30:23 +00:00
Andriy Gapon
7a0b13ed28 remove RESTARTABLE_PANICS option
This is done per request/suggestion from John Baldwin
who introduced the option.  Trying to resume normal
system operation after a panic is very unpredictable
and dangerous.  It will become even more dangerous
when we allow a thread in panic(9) to penetrate all
lock contexts.
I understand that the only purpose of this option was
for testing scenarios potentially resulting in panic.

Suggested by:	jhb
Reviewed by:	attilio, jhb
X-MFC-After:	never
Approved by:	re (kib)
2011-07-25 09:12:48 +00:00
Marko Zec
2cdf8c49a6 Clear pending ifnet events, in an attempt at preventing
ng_ether_link_state() from being dispatched after we have
cleared our IFP2NG(ifp).

MFC after:	3 days
2011-07-16 19:11:45 +00:00
Gleb Smirnoff
0a7d45d349 In ng_attach_cntl() first allocate things that may fail, and then
do the rest of initialization. This simplifies code and fixes
a double free in failure scenario.

Reviewed by:	bz
2011-07-14 18:38:10 +00:00
Gleb Smirnoff
acfc07098c Add missing unlocks. 2011-07-06 09:43:25 +00:00
Gleb Smirnoff
ea7e163882 o Eliminate flow6_hash_entry in favor of flow_hash_entry. We don't need
a separate struct to start a slist of semi-opaque structs. This
  makes some code more compact.
o Rewrite ng_netflow_flow_show() and its API/ABI:
  - Support for IPv6 is added.
  - Request and response now use same struct. Structure specifies
    version (6 or 4), index of last retrieved hash, and also index
    of last retrieved entry in the hash entry.
2011-07-05 14:48:39 +00:00
Gleb Smirnoff
d33dc2fa5c Fix build with NETGRAPH_DEBUG. 2011-07-04 20:50:09 +00:00
Gleb Smirnoff
f8dd68c912 Fix build with NETGRAPH_DEBUG. 2011-07-04 13:55:55 +00:00
Gleb Smirnoff
3fbdf77459 - Use refcount(9) API to manage node and hook refcounting.
- Make ng_unref_node() void, since caller shouldn't be
  interested in whether node is valid after call or not,
  since it can't be guaranteed to be valid. [1]

Ok from:	julian [1]
2011-07-04 07:03:44 +00:00
Bjoern A. Zeeb
a34c6aeb85 Tag mbufs of all incoming frames or packets with the interface's FIB
setting (either default or if supported as set by SIOCSIFFIB, e.g.
from ifconfig).

Submitted by:	Alexander V. Chernikov (melifaro ipfw.ru)
Reviewed by:	julian
MFC after:	2 weeks
2011-07-03 16:08:38 +00:00
Gleb Smirnoff
9b2139a27e Fix double free.
Submitted by:	Alexander V. Chernikov <melifaro ipfw.ru>
2011-07-01 08:27:03 +00:00
Hans Petter Selasky
f1a16106b6 - Move all USB device ID arrays into so-called sections,
sorted according to the mode which they support:
	host, device or dual mode
- Add generic tool to extract these data:
	tools/bus_autoconf

Discussed with:	imp
Suggested by:	Robert Millan <rmh@debian.org>
PR:		misc/157903
MFC after:	14 days
2011-06-24 02:30:02 +00:00
Gleb Smirnoff
cd5bdbcb4d Be consistent with r160968: keep autoSrcAddr flag untouched when
node receives NGM_SHUTDOWN.

Submitted by:	pluknet
2011-06-23 09:42:41 +00:00
Andrey V. Elsukov
c57e67d04e Sync ng_nat with recent (r222806) ipfw_nat changes:
Make a behaviour of the libalias based in-kernel NAT a bit closer to
  how natd(8) does work. natd(8) drops packets only when libalias returns
  PKT_ALIAS_IGNORED and "deny_incoming" option is set, but ipfw_nat
  always did drop packets that were not aliased, even if they should
  not be aliased and just are going through.

Also add SCTP support: mark response packets to skip firewall processing.

MFC after:	1 month
2011-06-07 06:48:42 +00:00
Marko Zec
2956ec9bc7 Assume the link to be dead if bit error rate (BER) parameter is set to 1.
When a transition from link alive to link dead configuration or vice
versa occurs, notify any upstream and / or downstream peers using
NGM_FLOW messagges.

Link state notification using NGM_FLOW messages is modelled around
around already existing code in ng_ether.c.

MFC after:	3 days
2011-05-24 14:36:32 +00:00