746 Commits

Author SHA1 Message Date
Gleb Smirnoff
9818b82ff3 Add a possibility to bypass unmodified accounted data to special
hook(s). Data received on these hook(s) is sent back to ifaceX hook(s).
2005-03-22 15:49:22 +00:00
Gleb Smirnoff
2b38b68736 Refactor node so that it does not modify mbuf contents. Next step would
be pass-thru mode, when traffic is not copied by ng_tee, but passed thru
ng_netflow.

Changes made:

- In ng_netflow_rcvdata() do all necessary pulluping: Ethernet header,
  IP header, and TCP/UDP header.
- Pass only pointer to struct ip to ng_netflow_flow_add(). Any TCP/UDP
  headers are guaranteed to by after it.
- Merge make_flow_rec() function into ng_netflow_flow_add().
2005-03-21 15:40:25 +00:00
Gleb Smirnoff
1d03bd1684 Refactor node so that it does not modify mbuf contents. Next step would
be pass-thru mode, when traffic is not copied by ng_tee, but passed thru
ng_netflow.

Changes made:

- In ng_netflow_rcvdata() do all necessary pulluping: Ethernet header,
  IP header, and TCP/UDP header.
- Pass only pointer to struct ip to ng_netflow_flow_add(). Any TCP/UDP
  headers are guaranteed to by after it.
- Merge make_flow_rec() function into ng_netflow_flow_add().
2005-03-21 15:34:03 +00:00
Gleb Smirnoff
0e406d0f63 Plug item leak, which occured when m_pullup() failed. 2005-03-21 11:48:54 +00:00
Gleb Smirnoff
c1249c6338 - Don't lose TCP flags of the first packet in a flow.
- Don't account length of the first packet in a flow twice.
2005-03-20 21:03:43 +00:00
Gleb Smirnoff
30afbe338b Remove ng_connect_t where it is unused. Probably it remained from ng_source.c. 2005-03-14 20:49:48 +00:00
Gleb Smirnoff
8633e59c17 Use subr_unit allocator instead of own functions. 2005-03-14 20:11:29 +00:00
Gleb Smirnoff
933fedbacc Use subr_unit allocator instead of own functions. 2005-03-14 19:25:24 +00:00
Gleb Smirnoff
5cdd064d8a o Use subr_unit allocator. This simplifies code much:
- Remove get_free_unit().
  - Remove SLIST of nodes.
  - Remove global mutex.

o Increase NGD_MAX to 999.
o Move ngd_mod_event() up to netgraph methods.
2005-03-14 16:02:53 +00:00
Gleb Smirnoff
43eca7506e Fix getting stats from many links with index > 0.
Submitted by:	Richard Kojedzinszky
MFC after:	3 days
2005-03-11 10:29:38 +00:00
Bosko Milekic
2b0ffc0216 Make some basic grammar and style fixes to ng_source.c and ng_source.h.
The latter was particularly violated by someone's editor in the past, due
to an effect I like to call "premature linewrapping."
2005-03-10 21:50:50 +00:00
Gleb Smirnoff
1436fff881 Plug item leak in macro NG_RESPOND_MSG. Item was leaked when destination
node couldn't be addressed.

Submitted by:	Roselyn Lee
2005-03-10 19:34:20 +00:00
Gleb Smirnoff
8bb55179ad Plug item leak in case when NGI_FN is applied to invalid node.
Submitted by:	Roselyn Lee
MFC after:	3 days
2005-03-10 19:27:08 +00:00
Gleb Smirnoff
5fac4ee9ab Cisco uses milliseconds for uptime. This is stupid. Nobody cares of such
precision when IP packet may travel through internet for several seconds.
Also uptime measured in milliseconds overflows every 48+ days.
But we have to do same to keep compatibility with Cisco and flow-tools.

Make a macro MILLIUPTIME, which does overflowable multiplication to 1000.

Requested by:	Sergey Ryabin, Oleg Bulyzhin
MFC after:	1 week
2005-03-03 11:01:05 +00:00
Ruslan Ermilov
a9a03de54d Pull up to ETHER_HDR_LEN before passing an mbuf to ether_input().
The bug was found by running ng_dummy(4) node configured with a
delay, in front of the ng_eiface(4) node.
2005-03-01 19:39:57 +00:00
Gleb Smirnoff
f627a37920 Replace NG_PARSE_APPEND() macro with ng_parse_append() function. Check
its return value and free resources if function returns error. Plug
several memory leaks with this change.

Submitted by:	archie
Found by:	Coverity Prevent analysis tool
2005-03-01 11:31:06 +00:00
Sam Leffler
81c95c5292 move ptr use down to after null check
Noticed by:	Coverity Prevent analysis tool
Reviewed by:	emax
2005-02-26 02:31:34 +00:00
Robert Watson
0daccb9c94 In the current world order, solisten() implements the state transition of
a socket from a regular socket to a listening socket able to accept new
connections.  As part of this state transition, solisten() calls into the
protocol to update protocol-layer state.  There were several bugs in this
implementation that could result in a race wherein a TCP SYN received
in the interval between the protocol state transition and the shortly
following socket layer transition would result in a panic in the TCP code,
as the socket would be in the TCPS_LISTEN state, but the socket would not
have the SO_ACCEPTCONN flag set.

This change does the following:

- Pushes the socket state transition from the socket layer solisten() to
  to socket "library" routines called from the protocol.  This permits
  the socket routines to be called while holding the protocol mutexes,
  preventing a race exposing the incomplete socket state transition to TCP
  after the TCP state transition has completed.  The check for a socket
  layer state transition is performed by solisten_proto_check(), and the
  actual transition is performed by solisten_proto().

- Holds the socket lock for the duration of the socket state test and set,
  and over the protocol layer state transition, which is now possible as
  the socket lock is acquired by the protocol layer, rather than vice
  versa.  This prevents additional state related races in the socket
  layer.

This permits the dual transition of socket layer and protocol layer state
to occur while holding locks for both layers, making the two changes
atomic with respect to one another.  Similar changes are likely require
elsewhere in the socket/protocol code.

Reported by:		Peter Holm <peter@holm.cc>
Review and fixes from:	emax, Antoine Brodin <antoine.brodin@laposte.net>
Philosophical head nod:	gnn
2005-02-21 21:58:17 +00:00
Gleb Smirnoff
f1c6a420b1 Reimplement recursion protection, checking whether current thread holds
sockbuf mutex.

Reviewed by:	rwatson
2005-02-19 14:41:49 +00:00
Gleb Smirnoff
848a25c773 Remove a recursion protection, which we inherited from splnet() netgraph times.
Now several threads may write data to ng_ksocket. Locking of socket is done in
sosend().

Reviewed by:	archie, julian, rwatson
MFC after:	2 weeks
2005-02-16 16:00:35 +00:00
Gleb Smirnoff
843cfd5ae0 Make WITNESS happier:
- refactor ngd_constructor, so that make_dev() is called without
  any locks held, since it mallocs memory with M_WAITOK flag.
- rename global mtx, to have name different to per-node mtx

MFC after:	2 weeks
2005-02-14 13:47:06 +00:00
Gleb Smirnoff
cefddd662e Add new netgraph control message NGM_ETHER_DETACH, which actually
removes netgraph node and unwraps Ethernet interface.

This gives us ability to unload ng_ether.ko, when all interfaces
are detached, making ng_ether(4) developers happy.

Reviewed by:	ru
2005-02-14 12:01:09 +00:00
Archie Cobbs
cd22454e8b Bump cookie value to reflect change in NGM_IFACE_GET_IFNAME semantics. 2005-02-13 16:36:41 +00:00
Ruslan Ermilov
48f4d9918c Drop mythical module dependency on ng_ether. 2005-02-13 00:50:18 +00:00
Gleb Smirnoff
b5fe181661 Restore previous cookie. Old programs will work with new node OK,
new programs with old node wil receive EINVAL trying to access new
messages.

Submitted by:	ru
2005-02-12 19:23:20 +00:00
Gleb Smirnoff
ba20540e3d - bzero sockaddr_dl
- use constant instead of number

Suggested by:	ru
2005-02-12 19:19:29 +00:00
Ruslan Ermilov
3667c04da9 Fix typo in a comment. 2005-02-12 18:10:26 +00:00
Ruslan Ermilov
0572dfac4b Fallout from the ALTQ import. 2005-02-12 17:03:01 +00:00
Gleb Smirnoff
d96bd8d144 Allocate enough space for new tag.
Pointy hat to:	glebius
2005-02-12 16:26:36 +00:00
Gleb Smirnoff
b07785ef50 When netgraph(4) was converted to use mbuf_tags(9) instead of meta-data
a definite setup was broken: two ng_ksockets are connected to each other,
connect()ed to different remote hosts, and bind()ed to different local
interfaces. In this case one ng_ksocket is fooled with tag from the other
one.

Put node id into tag. In rcvdata method utilize tag only if it has our
own id inside or id equals zero. The latter case is added to support
packets send by some third, not ng_ksocket node.

MFC after:	1 week
2005-02-12 14:54:19 +00:00
Gleb Smirnoff
810d5e89f4 Add two new netgraph messages NGM_ETHER_ADD_MULTI and NGM_ETHER_DEL_MULTI,
to join and leave Ethernet multicast membership, respectively. Messages
take MAC address as argument.

Sponsored by:	Rinet ISP
2005-02-12 11:41:32 +00:00
Ruslan Ermilov
953a8b2e6d Removed redundant MODULE_VERSION(). 2005-02-12 11:14:25 +00:00
Gleb Smirnoff
687809752d Make netgraph ISR and callout MPSAFE.
Reviewed by:	rwatson, ru
2005-02-12 09:52:36 +00:00
Gleb Smirnoff
06a411d34c style: fix indentation and spacing.
Submitted by:	ru
2005-02-11 23:17:50 +00:00
Gleb Smirnoff
8c6f962996 Do not trust ipfw: check m_len always, not only after m_dup.
Submitted by:	ru
2005-02-11 23:07:22 +00:00
Gleb Smirnoff
aa4e078a04 - do m_pullup() after m_dup()
- clean style in previous commit

Suggested by:	ru
2005-02-11 22:28:58 +00:00
Gleb Smirnoff
0a1a279e93 pullup to sizeof struct ip before sending to ip_output.
Suggested by:	ru
2005-02-11 21:26:39 +00:00
Gleb Smirnoff
19b5577638 Packets from ipfw come with IP header in host byte order. Netgraph works
with net byte order. Change byte order to net in ng_ipfw_input(), change
byte order to host before ip_output(), do not change before ip_input().

In collaboration with:	ru
2005-02-11 20:53:41 +00:00
Poul-Henning Kamp
b1cb412630 Make M_NETGRAPH_ETF static 2005-02-10 12:26:57 +00:00
Archie Cobbs
25b67768f0 Fix incorrect comment.
Submitted by:	James Bowman <jamesb@acelere.net>
2005-02-10 02:43:26 +00:00
Ruslan Ermilov
195cf61776 In revision 1.29 timeout() was converted to ng_callout().
The difference is that the callout function installed via the
ng_callout() method is guaranteed to NOT fire after the shutdown
method was run (when a node is marked NGF_INVALID).  Also, the
shutdown method and the callout function are guaranteed to NOT
run at the same time, as both require the writer lock.  Thus
we can safely ignore a zero return value from ng_uncallout()
(callout_stop()) in shutdown methods, and go on with freeing
the node.

The said revision broke the node shutdown -- ng_bridge_timeout()
is no longer fired after ng_bridge_shutdown() was run, resulting
in a memory leak, dead nodes, and inability to unload the module.
Fix this by cancelling the callout on shutdown, and moving part
responsible for freeing a node resources from ng_bridge_timer()
to ng_bridge_shutdown().

Noticed by:	ru
Submitted by:	glebius, ru
2005-02-09 15:14:44 +00:00
Ruslan Ermilov
a921fb33b6 bzero() -> M_ZERO. 2005-02-08 10:31:55 +00:00
Gleb Smirnoff
ad1376cc73 Improve parsing of hook name.
Submitted by:	ru
2005-02-07 11:16:07 +00:00
Gleb Smirnoff
2c42caf7f0 Whitespace. 2005-02-06 19:24:59 +00:00
Gleb Smirnoff
50633c3a9f Remove comment which left after removal of ng_rcvdataq_t.
MFC after:	1 week
2005-02-06 19:20:16 +00:00
Gleb Smirnoff
4feaf224b8 Increase size of arglen to uint32_t, since uint16_t proved to be
not enough (e.g. listing 911 nodes). Bump NG_VERSION.

Reviewed by:	julian, archie, ru
2005-02-05 23:23:14 +00:00
Gleb Smirnoff
670742a102 Add a ng_ipfw node, implementing a quick and simple interface between
ipfw(4) and netgraph(4) facilities.

Reviewed by:	andre, brooks, julian
2005-02-05 12:06:33 +00:00
Gleb Smirnoff
d1240630b3 Expire aged flows in normal expiry thread. This fixes the problem, when
a node disconnected from all sources of traffic never purges its cache.
2005-02-05 10:00:04 +00:00
Gleb Smirnoff
020d3f61d8 Break long lines in code and comments. 2005-02-05 09:08:33 +00:00
Ruslan Ermilov
30aabc9afd Create a per-module mutex on MOD_LOAD, and destroy it on MOD_UNLOAD.
(This fixes witness_destroy() panic after module unload.)

OK'ed by:	rwatson, julian
2005-02-05 08:28:36 +00:00