Commit Graph

579 Commits

Author SHA1 Message Date
Robert Watson
0daccb9c94 In the current world order, solisten() implements the state transition of
a socket from a regular socket to a listening socket able to accept new
connections.  As part of this state transition, solisten() calls into the
protocol to update protocol-layer state.  There were several bugs in this
implementation that could result in a race wherein a TCP SYN received
in the interval between the protocol state transition and the shortly
following socket layer transition would result in a panic in the TCP code,
as the socket would be in the TCPS_LISTEN state, but the socket would not
have the SO_ACCEPTCONN flag set.

This change does the following:

- Pushes the socket state transition from the socket layer solisten() to
  to socket "library" routines called from the protocol.  This permits
  the socket routines to be called while holding the protocol mutexes,
  preventing a race exposing the incomplete socket state transition to TCP
  after the TCP state transition has completed.  The check for a socket
  layer state transition is performed by solisten_proto_check(), and the
  actual transition is performed by solisten_proto().

- Holds the socket lock for the duration of the socket state test and set,
  and over the protocol layer state transition, which is now possible as
  the socket lock is acquired by the protocol layer, rather than vice
  versa.  This prevents additional state related races in the socket
  layer.

This permits the dual transition of socket layer and protocol layer state
to occur while holding locks for both layers, making the two changes
atomic with respect to one another.  Similar changes are likely require
elsewhere in the socket/protocol code.

Reported by:		Peter Holm <peter@holm.cc>
Review and fixes from:	emax, Antoine Brodin <antoine.brodin@laposte.net>
Philosophical head nod:	gnn
2005-02-21 21:58:17 +00:00
Gleb Smirnoff
f1c6a420b1 Reimplement recursion protection, checking whether current thread holds
sockbuf mutex.

Reviewed by:	rwatson
2005-02-19 14:41:49 +00:00
Gleb Smirnoff
848a25c773 Remove a recursion protection, which we inherited from splnet() netgraph times.
Now several threads may write data to ng_ksocket. Locking of socket is done in
sosend().

Reviewed by:	archie, julian, rwatson
MFC after:	2 weeks
2005-02-16 16:00:35 +00:00
Gleb Smirnoff
843cfd5ae0 Make WITNESS happier:
- refactor ngd_constructor, so that make_dev() is called without
  any locks held, since it mallocs memory with M_WAITOK flag.
- rename global mtx, to have name different to per-node mtx

MFC after:	2 weeks
2005-02-14 13:47:06 +00:00
Gleb Smirnoff
cefddd662e Add new netgraph control message NGM_ETHER_DETACH, which actually
removes netgraph node and unwraps Ethernet interface.

This gives us ability to unload ng_ether.ko, when all interfaces
are detached, making ng_ether(4) developers happy.

Reviewed by:	ru
2005-02-14 12:01:09 +00:00
Archie Cobbs
cd22454e8b Bump cookie value to reflect change in NGM_IFACE_GET_IFNAME semantics. 2005-02-13 16:36:41 +00:00
Ruslan Ermilov
48f4d9918c Drop mythical module dependency on ng_ether. 2005-02-13 00:50:18 +00:00
Gleb Smirnoff
b5fe181661 Restore previous cookie. Old programs will work with new node OK,
new programs with old node wil receive EINVAL trying to access new
messages.

Submitted by:	ru
2005-02-12 19:23:20 +00:00
Gleb Smirnoff
ba20540e3d - bzero sockaddr_dl
- use constant instead of number

Suggested by:	ru
2005-02-12 19:19:29 +00:00
Ruslan Ermilov
3667c04da9 Fix typo in a comment. 2005-02-12 18:10:26 +00:00
Ruslan Ermilov
0572dfac4b Fallout from the ALTQ import. 2005-02-12 17:03:01 +00:00
Gleb Smirnoff
d96bd8d144 Allocate enough space for new tag.
Pointy hat to:	glebius
2005-02-12 16:26:36 +00:00
Gleb Smirnoff
b07785ef50 When netgraph(4) was converted to use mbuf_tags(9) instead of meta-data
a definite setup was broken: two ng_ksockets are connected to each other,
connect()ed to different remote hosts, and bind()ed to different local
interfaces. In this case one ng_ksocket is fooled with tag from the other
one.

Put node id into tag. In rcvdata method utilize tag only if it has our
own id inside or id equals zero. The latter case is added to support
packets send by some third, not ng_ksocket node.

MFC after:	1 week
2005-02-12 14:54:19 +00:00
Gleb Smirnoff
810d5e89f4 Add two new netgraph messages NGM_ETHER_ADD_MULTI and NGM_ETHER_DEL_MULTI,
to join and leave Ethernet multicast membership, respectively. Messages
take MAC address as argument.

Sponsored by:	Rinet ISP
2005-02-12 11:41:32 +00:00
Ruslan Ermilov
953a8b2e6d Removed redundant MODULE_VERSION(). 2005-02-12 11:14:25 +00:00
Gleb Smirnoff
687809752d Make netgraph ISR and callout MPSAFE.
Reviewed by:	rwatson, ru
2005-02-12 09:52:36 +00:00
Gleb Smirnoff
06a411d34c style: fix indentation and spacing.
Submitted by:	ru
2005-02-11 23:17:50 +00:00
Gleb Smirnoff
8c6f962996 Do not trust ipfw: check m_len always, not only after m_dup.
Submitted by:	ru
2005-02-11 23:07:22 +00:00
Gleb Smirnoff
aa4e078a04 - do m_pullup() after m_dup()
- clean style in previous commit

Suggested by:	ru
2005-02-11 22:28:58 +00:00
Gleb Smirnoff
0a1a279e93 pullup to sizeof struct ip before sending to ip_output.
Suggested by:	ru
2005-02-11 21:26:39 +00:00
Gleb Smirnoff
19b5577638 Packets from ipfw come with IP header in host byte order. Netgraph works
with net byte order. Change byte order to net in ng_ipfw_input(), change
byte order to host before ip_output(), do not change before ip_input().

In collaboration with:	ru
2005-02-11 20:53:41 +00:00
Poul-Henning Kamp
b1cb412630 Make M_NETGRAPH_ETF static 2005-02-10 12:26:57 +00:00
Archie Cobbs
25b67768f0 Fix incorrect comment.
Submitted by:	James Bowman <jamesb@acelere.net>
2005-02-10 02:43:26 +00:00
Ruslan Ermilov
195cf61776 In revision 1.29 timeout() was converted to ng_callout().
The difference is that the callout function installed via the
ng_callout() method is guaranteed to NOT fire after the shutdown
method was run (when a node is marked NGF_INVALID).  Also, the
shutdown method and the callout function are guaranteed to NOT
run at the same time, as both require the writer lock.  Thus
we can safely ignore a zero return value from ng_uncallout()
(callout_stop()) in shutdown methods, and go on with freeing
the node.

The said revision broke the node shutdown -- ng_bridge_timeout()
is no longer fired after ng_bridge_shutdown() was run, resulting
in a memory leak, dead nodes, and inability to unload the module.
Fix this by cancelling the callout on shutdown, and moving part
responsible for freeing a node resources from ng_bridge_timer()
to ng_bridge_shutdown().

Noticed by:	ru
Submitted by:	glebius, ru
2005-02-09 15:14:44 +00:00
Ruslan Ermilov
a921fb33b6 bzero() -> M_ZERO. 2005-02-08 10:31:55 +00:00
Gleb Smirnoff
ad1376cc73 Improve parsing of hook name.
Submitted by:	ru
2005-02-07 11:16:07 +00:00
Gleb Smirnoff
2c42caf7f0 Whitespace. 2005-02-06 19:24:59 +00:00
Gleb Smirnoff
50633c3a9f Remove comment which left after removal of ng_rcvdataq_t.
MFC after:	1 week
2005-02-06 19:20:16 +00:00
Gleb Smirnoff
4feaf224b8 Increase size of arglen to uint32_t, since uint16_t proved to be
not enough (e.g. listing 911 nodes). Bump NG_VERSION.

Reviewed by:	julian, archie, ru
2005-02-05 23:23:14 +00:00
Gleb Smirnoff
670742a102 Add a ng_ipfw node, implementing a quick and simple interface between
ipfw(4) and netgraph(4) facilities.

Reviewed by:	andre, brooks, julian
2005-02-05 12:06:33 +00:00
Gleb Smirnoff
d1240630b3 Expire aged flows in normal expiry thread. This fixes the problem, when
a node disconnected from all sources of traffic never purges its cache.
2005-02-05 10:00:04 +00:00
Gleb Smirnoff
020d3f61d8 Break long lines in code and comments. 2005-02-05 09:08:33 +00:00
Ruslan Ermilov
30aabc9afd Create a per-module mutex on MOD_LOAD, and destroy it on MOD_UNLOAD.
(This fixes witness_destroy() panic after module unload.)

OK'ed by:	rwatson, julian
2005-02-05 08:28:36 +00:00
Gleb Smirnoff
a436589ae2 Do check that version of a message from userland matches ours.
MFC after:	3 days
2005-02-04 21:38:42 +00:00
Gleb Smirnoff
7a1725fc46 - Fix build with TRACE_MESSAGES defined
- Remove extra parenthesis
2005-02-04 16:08:20 +00:00
Ruslan Ermilov
72369c34ac Parse "getifname" using the standard parse string type.
Fixed an off-by-one error when dealing with interface name
(if_xname is NUL-terminated).

Don't waste time making a copy of if_xname in constructor.
2005-02-03 13:03:31 +00:00
Ruslan Ermilov
96f82336ba Fixed an off-by-one error when dealing with interface name
(if_xname is NUL-terminated).

Don't waste time making a copy of if_xname in attach().
2005-02-03 12:54:18 +00:00
Ruslan Ermilov
bbb75d7844 Fixed an off-by-one error when dealing with interface name
(if_xname is IFNAMSIZ-sized and NUL-terminated).
2005-02-03 12:50:10 +00:00
Ruslan Ermilov
c60878f0d2 Added ASCII version of the NGM_EIFACE_GET_IFNAME message, "getifname". 2005-02-03 11:52:42 +00:00
Ruslan Ermilov
c266fbc2aa Removed unused includes. 2005-02-03 11:28:53 +00:00
Ruslan Ermilov
fcee8ae2e5 Fix the comment. 2005-02-02 14:02:40 +00:00
Ruslan Ermilov
48039d2d1d Whitespace and "const" changes to reduce diffs to RELENG_4.
(Gives the same object when compiled without NETGRAPH_DEBUG.)
2005-02-02 13:27:03 +00:00
Gleb Smirnoff
6aa1da2917 In case of various tunneling protocols, mbuf may pass several interfaces
before entering ng_netflow. In this case it will have not NULL m_pkthdr.rcvif.
However, it will enter ng_iface soon with another index. So let in_ifIndex
value configured by user override m_pkthdr.rcvif.

Reported by:	Damir Bikmuhametov
MFC after:	1 week
2005-02-01 14:07:05 +00:00
Gleb Smirnoff
1fbb36ff80 Rename ng_callout_trapoline to ng_callout_trampoline.
Requested by:	ru
2005-01-26 09:01:50 +00:00
Gleb Smirnoff
7b26345646 With recent changes to _callout_stop_safe() we can remove a hack
in ng_uncallout().
2005-01-25 22:08:19 +00:00
Gleb Smirnoff
19724144d6 Fix an evil typo.
Submitted by:	Roselyn Lee
MFC after:	3 days
2005-01-24 13:32:19 +00:00
Gleb Smirnoff
18c54fe665 Use log() instead of printf(), to reduce flood on console.
MFC after:	1 week
2005-01-20 13:28:39 +00:00
Roman Kurakin
5e93f2e558 Ups, misprint, change and => add.
Submitted by: ru
2005-01-16 23:30:45 +00:00
Roman Kurakin
67fb03d261 Fix comment. Code 0x95 means locking shift to codeset 5 according to
T1.617 AnnexD.
Locking shift procedure is described in ANSI T1.607.

MFC after:	3 days
2005-01-16 19:22:09 +00:00
Roman Kurakin
d62d2396c3 Fix variable name in comment num=>alen. (Lost part of commit rev 1.2)
MFC after:	3 days
2005-01-16 19:12:27 +00:00