Commit Graph

1129 Commits

Author SHA1 Message Date
Kevin Lo
9823d52705 Revert previous commit...
Pointyhat to:	kevlo (myself)
2012-10-10 08:36:38 +00:00
Kevin Lo
a10cee30c9 Prefer NULL over 0 for pointers 2012-10-09 08:27:40 +00:00
Gleb Smirnoff
21d172a3f1 A step in resolving mess with byte ordering for AF_INET. After this change:
- All packets in NETISR_IP queue are in net byte order.
  - ip_input() is entered in net byte order and converts packet
    to host byte order right _after_ processing pfil(9) hooks.
  - ip_output() is entered in host byte order and converts packet
    to net byte order right _before_ processing pfil(9) hooks.
  - ip_fragment() accepts and emits packet in net byte order.
  - ip_forward(), ip_mloopback() use host byte order (untouched actually).
  - ip_fastforward() no longer modifies packet at all (except ip_ttl).
  - Swapping of byte order there and back removed from the following modules:
    pf(4), ipfw(4), enc(4), if_bridge(4).
  - Swapping of byte order added to ipfilter(4), based on __FreeBSD_version
  - __FreeBSD_version bumped.
  - pfil(9) manual page updated.

Reviewed by:	ray, luigi, eri, melifaro
Tested by:	glebius (LE), ray (BE)
2012-10-06 10:02:11 +00:00
Max Khon
617643aaa6 Fix pseudo checksum calculation.
This fixes ipfilter w/ network controllers that implement only
partial rx csum offloading.

PR:			106438
Obtained from:		upstream
MFC after:		1 week
2012-09-27 18:15:01 +00:00
Gleb Smirnoff
486e090204 Fix panic introduced by me in r240835, when zero weight
was passed to wtab_alloc().

Reported by:	Kim Culhan <w8hdkim gmail.com>
2012-09-25 12:45:41 +00:00
Gleb Smirnoff
e9e4cb7345 Use M_NOWAIT in wtab_alloc(), too. Convert panic() to
a soft failure here. wtab_alloc() is used by red_alloc(),
which can fail.

Reported by:	Kim Culhan <w8hdkim gmail.com>
2012-09-22 18:47:14 +00:00
Pawel Jakub Dawidek
a6512306ce Fix an obvious typo. 2012-09-22 17:41:56 +00:00
Gleb Smirnoff
03fb709e1f Convert more M_WAITOK malloc() to M_NOWAIT.
Reported by:	Kim Culhan <w8hdkim gmail.com>
2012-09-22 12:49:36 +00:00
Rui Paulo
b0bf1a1836 Remove #ident macro. 2012-09-21 19:18:39 +00:00
Kevin Lo
b7e1113e8f Fix typo: s/pakcet/packet 2012-09-20 03:29:43 +00:00
Jung-uk Kim
042ff955b5 Merge ACPICA 20120913. 2012-09-19 23:25:24 +00:00
Gleb Smirnoff
32726fe911 Do more than r236298 did in the projects/pf branch: use M_NOWAIT in
altq_add() and its descendants. Currently altq(4) in FreeBSD is configured
via pf(4) ioctls, which can't configure altq(4) w/o holding locks.
Fortunately, altq(4) code in spife of using M_WAITOK is ready to receive
NULL from malloc(9), so change is mostly mechanical. While here, utilize
M_ZERO instead of bzero().

A large redesign needed to achieve M_WAITOK usage when configuring altq(4).
Or an alternative (not pf(4)) configuration interface should be implemented.

Reported by:	pluknet
2012-09-18 12:34:35 +00:00
Gleb Smirnoff
3b3a8eb937 o Create directory sys/netpfil, where all packet filters should
reside, and move there ipfw(4) and pf(4).

o Move most modified parts of pf out of contrib.

Actual movements:

sys/contrib/pf/net/*.c		-> sys/netpfil/pf/
sys/contrib/pf/net/*.h		-> sys/net/
contrib/pf/pfctl/*.c		-> sbin/pfctl
contrib/pf/pfctl/*.h		-> sbin/pfctl
contrib/pf/pfctl/pfctl.8	-> sbin/pfctl
contrib/pf/pfctl/*.4		-> share/man/man4
contrib/pf/pfctl/*.5		-> share/man/man5

sys/netinet/ipfw		-> sys/netpfil/ipfw

The arguable movement is pf/net/*.h -> sys/net. There are
future plans to refactor pf includes, so I decided not to
break things twice.

Not modified bits of pf left in contrib: authpf, ftp-proxy,
tftp-proxy, pflogd.

The ipfw(4) movement is planned to be merged to stable/9,
to make head and stable match.

Discussed with:		bz, luigi
2012-09-14 11:51:49 +00:00
Gleb Smirnoff
d6d3f01e0a Merge the projects/pf/head branch, that was worked on for last six months,
into head. The most significant achievements in the new code:

 o Fine grained locking, thus much better performance.
 o Fixes to many problems in pf, that were specific to FreeBSD port.

New code doesn't have that many ifdefs and much less OpenBSDisms, thus
is more attractive to our developers.

  Those interested in details, can browse through SVN log of the
projects/pf/head branch. And for reference, here is exact list of
revisions merged:

r232043, r232044, r232062, r232148, r232149, r232150, r232298, r232330,
r232332, r232340, r232386, r232390, r232391, r232605, r232655, r232656,
r232661, r232662, r232663, r232664, r232673, r232691, r233309, r233782,
r233829, r233830, r233834, r233835, r233836, r233865, r233866, r233868,
r233873, r234056, r234096, r234100, r234108, r234175, r234187, r234223,
r234271, r234272, r234282, r234307, r234309, r234382, r234384, r234456,
r234486, r234606, r234640, r234641, r234642, r234644, r234651, r235505,
r235506, r235535, r235605, r235606, r235826, r235991, r235993, r236168,
r236173, r236179, r236180, r236181, r236186, r236223, r236227, r236230,
r236252, r236254, r236298, r236299, r236300, r236301, r236397, r236398,
r236399, r236499, r236512, r236513, r236525, r236526, r236545, r236548,
r236553, r236554, r236556, r236557, r236561, r236570, r236630, r236672,
r236673, r236679, r236706, r236710, r236718, r237154, r237155, r237169,
r237314, r237363, r237364, r237368, r237369, r237376, r237440, r237442,
r237751, r237783, r237784, r237785, r237788, r237791, r238421, r238522,
r238523, r238524, r238525, r239173, r239186, r239644, r239652, r239661,
r239773, r240125, r240130, r240131, r240136, r240186, r240196, r240212.

I'd like to thank people who participated in early testing:

Tested by:	Florian Smeets <flo freebsd.org>
Tested by:	Chekaluk Vitaly <artemrts ukr.net>
Tested by:	Ben Wilber <ben desync.com>
Tested by:	Ian FREISLICH <ianf cloudseed.co.za>
2012-09-08 06:41:54 +00:00
Jung-uk Kim
1df130f1d4 Merge ACPICA 20120816. 2012-08-16 20:54:52 +00:00
Warner Losh
52baf267be Update to latest git version of dtc to get new dtsv2 support,
including the include directive.

Fix minor build issue corrected by converting yypush_buffer_state and
yypop_buffer_state to yy_set_buffer_state and a hard-coded 100-deep
stack.  It was easier to fix it here than to import that support into
our flex.

The new tools and test hardness remain unsupported at the moment.
2012-07-24 16:29:33 +00:00
Gleb Smirnoff
6aef0416fb Use M_NOWAIT while holding the pf giant lock. 2012-07-15 19:10:00 +00:00
Jung-uk Kim
e8241eabbb Merge ACPICA 20120711. 2012-07-11 23:18:35 +00:00
Jung-uk Kim
3e2c973410 MFV: r237650
Do not malloc(9) while holding a spin lock, to avoid panic.

Reported by:	kib (and many others)
Tested by:	kib (and many others)
2012-06-27 16:15:13 +00:00
Bernhard Schmidt
2289f9b47e Add new firmware for the g2a (6205) and g2b (623x) devices.
MFC after:	3 days
2012-06-27 16:14:28 +00:00
Jung-uk Kim
f38b0f210c Merge ACPICA 20120620. 2012-06-22 00:40:44 +00:00
Navdeep Parhar
09fe63205c - Updated TOE support in the kernel.
- Stateful TCP offload drivers for Terminator 3 and 4 (T3 and T4) ASICs.
  These are available as t3_tom and t4_tom modules that augment cxgb(4)
  and cxgbe(4) respectively.  The cxgb/cxgbe drivers continue to work as
  usual with or without these extra features.

- iWARP driver for Terminator 3 ASIC (kernel verbs).  T4 iWARP in the
  works and will follow soon.

Build-tested with make universe.

30s overview
============
What interfaces support TCP offload?  Look for TOE4 and/or TOE6 in the
capabilities of an interface:
# ifconfig -m | grep TOE

Enable/disable TCP offload on an interface (just like any other ifnet
capability):
# ifconfig cxgbe0 toe
# ifconfig cxgbe0 -toe

Which connections are offloaded?  Look for toe4 and/or toe6 in the
output of netstat and sockstat:
# netstat -np tcp | grep toe
# sockstat -46c | grep toe

Reviewed by:	bz, gnn
Sponsored by:	Chelsio communications.
MFC after:	~3 months (after 9.1, and after ensuring MFC is feasible)
2012-06-19 07:34:13 +00:00
Gleb Smirnoff
40874f18de Merge revision 1.715 from OpenBSD:
date: 2010/12/24 20:12:56;  author: henning;  state: Exp;  lines: +3 -3
  in pf_src_connlimit, the indices to sk->addr were swapped.
  tracked down and diff sent by Robert B Mills <rbmills at sdf.lonestar.org>
  thanks, very good work! ok claudio

Impact is that the "flush" keyword didn't work.

Obtained from:	OpenBSD
MFC after:	1 week
2012-06-06 09:36:52 +00:00
Ermal Luçi
0ad5ef9c8f Correct table counter functionality to not panic.
This was caused by not proper initialization of necessary parameters.

PR: 168200
Reviewed by:	bz@, glebius@
MFC after:	1 week
2012-05-31 20:10:05 +00:00
Jung-uk Kim
a7a3b383f2 Merge ACPICA 20120518. 2012-05-24 23:12:30 +00:00
Alexander V. Chernikov
bdf942c3f0 Revert r234834 per luigi@ request.
Cleaner solution (e.g. adding another header) should be done here.

Original log:
  Move several enums and structures required for L2 filtering from ip_fw_private.h to ip_fw.h.
  Remove ipfw/ip_fw_private.h header from non-ipfw code.

Requested by:      luigi
Approved by:       kib(mentor)
2012-05-03 08:56:43 +00:00
Alexander V. Chernikov
7bd5e9b143 Move several enums and structures required for L2 filtering from ip_fw_private.h to ip_fw.h.
Remove ipfw/ip_fw_private.h header from non-ipfw code.

Approved by:        ae(mentor)
MFC after:          2 weeks
2012-04-30 10:22:23 +00:00
Jung-uk Kim
eef1b955be Merge ACPICA 20120420. 2012-04-23 23:05:14 +00:00
Dimitry Andric
a511762672 Fix the following compilation warnings in sys/contrib/rdma/rdma_cma.c:
sys/contrib/rdma/rdma_cma.c:1259:8: error: case value not in enumerated type 'enum iw_cm_event_status' [-Werror,-Wswitch]
	      case ECONNRESET:
		   ^
  @/sys/errno.h:118:20: note: expanded from macro 'ECONNRESET'
  #define ECONNRESET      54              /* Connection reset by peer */
		      ^
  sys/contrib/rdma/rdma_cma.c:1263:8: error: case value not in enumerated type 'enum iw_cm_event_status' [-Werror,-Wswitch]
	      case ETIMEDOUT:
		   ^
  @/sys/errno.h:124:19: note: expanded from macro 'ETIMEDOUT'
  #define ETIMEDOUT       60              /* Operation timed out */
		      ^
  sys/contrib/rdma/rdma_cma.c:1260:8: error: case value not in enumerated type 'enum iw_cm_event_status' [-Werror,-Wswitch]
	      case ECONNREFUSED:
		   ^
  @/sys/errno.h:125:22: note: expanded from macro 'ECONNREFUSED'
  #define ECONNREFUSED    61              /* Connection refused */
		      ^

This is because the switch uses iw_cm_event::status, which is an enum
iw_cm_event_status, while ECONNRESET, ETIMEDOUT and ECONNREFUSED are
just plain defines from errno.h.

It looks like there is only one use of any of the enumeration values of
iw_cm_event_status, in:

  sys/contrib/rdma/rdma_iwcm.c: 	if (iw_event->status == IW_CM_EVENT_STATUS_ACCEPTED) {

So messing around with the enum definitions to fix the warning seems too
disruptive; the simplest fix is to cast the argument of the switch to
int.

Reviewed by:	kmacy
MFC after:	1 week
2012-04-20 21:52:57 +00:00
Andrey V. Elsukov
59894e4a44 Fix VIMAGE build. 2012-04-05 04:41:06 +00:00
Gleb Smirnoff
07b6b55dce Merge from OpenBSD:
revision 1.173
  date: 2011/11/09 12:36:03;  author: camield;  state: Exp;  lines: +11 -12
  State expire time is a baseline time ("last active") for expiry
  calculations, and does _not_ denote the time when to expire.  So
  it should never be added to (set into the future).

  Try to reconstruct it with an educated guess on state import and
  just set it to the current time on state updates.

  This fixes a problem on pfsync listeners where the expiry time
  could be double the expected value and cause a lot more states
  to linger.
2012-04-04 14:47:59 +00:00
Gleb Smirnoff
64484cf630 Since pf 4.5 import pf(4) has a mechanism to defer
forwarding a packet, that creates state, until
pfsync(4) peer acks state addition (or 10 msec
timeout passes).

This is needed for active-active CARP configurations,
which are poorly supported in FreeBSD and arguably
a good idea at all.

Unfortunately by the time of import this feature in
OpenBSD was turned on, and did not have a switch to
turn it off. This leaked to FreeBSD.

This change make it possible to turn this feature
off via ioctl() and turns it off by default.

Obtained from:	OpenBSD
2012-04-03 18:09:20 +00:00
Jung-uk Kim
3f8d720f87 MFV: r233615
Revert r233555 and apply a fix for the reference counting regressions.

Tested by:	andreast, lme, nwhitehorn,
		Sevan / Venture37 (venture37 at gmail dot com)
Submitted by:	Robert Moore (robert dot moore at intel dot com)
2012-03-28 17:21:59 +00:00
Jung-uk Kim
c708f80e7d MFV: r233551
Fix two possible memory leaks in error path.

Obtained from:	ACPICA
2012-03-27 15:27:20 +00:00
Jung-uk Kim
f19ebc89a3 MFV: r233550
Temporarily revert an upstream commit.  This change caused regressions for
too many laptop users.  Especially, automatic repair for broken _BIF caused
strange reference counting issues and kernal panics.  This reverts:

c995fed15a
2012-03-27 15:15:30 +00:00
Bernhard Schmidt
74ebfba7ca Update the firmware to version 0.236
Submitted by:	PseudoCylon
MFC after:	2 weeks
2012-03-21 19:09:52 +00:00
Jung-uk Kim
4c52cad2f9 Merge ACPICA 20120320. 2012-03-20 21:37:52 +00:00
Bernhard Schmidt
fd5c6edb78 Import the latest microcode.h which was used to generate the current
firmware files and adjust the Makefile.

Obtained from:	OpenBSD
2012-03-14 08:00:33 +00:00
Bernhard Schmidt
b1866dfea3 Update the rt2860's firmware and add a Makefile for the module. While
here remove the ucode header file which was used to generate the fw files
but by now is outdated.

Reviewed by:	ray
Obtained from:	OpenBSD
2012-03-13 21:25:25 +00:00
Juli Mallett
964fdce070 Remove some files not used by the FreeBSD kernel which have been adding quite
a bit of bloat to the kernel source tree's size.
2012-03-13 06:48:26 +00:00
Juli Mallett
b5acc0d618 Disable the Simple Executive's error decoding/reporting code. 2012-03-11 06:55:17 +00:00
Juli Mallett
9261550cf3 Do not try to use libfdt in FreeBSD. 2012-03-11 06:49:31 +00:00
Juli Mallett
57a8a8ff31 Remove files not needed by FreeBSD. 2012-03-11 06:18:38 +00:00
Juli Mallett
dc4ee6ca91 Merge the Cavium Octeon SDK 2.3.0 Simple Executive code and update FreeBSD to
make use of it where possible.

This primarily brings in support for newer hardware, and FreeBSD is not yet
able to support the abundance of IRQs on new hardware and many features in the
Ethernet driver.

Because of the changes to IRQs in the Simple Executive, we have to maintain our
own list of Octeon IRQs now, which probably can be pared-down and be specific
to the CIU interrupt unit soon, and when other interrupt mechanisms are added
they can maintain their own definitions.

Remove unmasking of interrupts from within the UART device now that the
function used is no longer present in the Simple Executive.  The unmasking
seems to have been gratuitous as this is more properly handled by the buses
above the UART device, and seems to work on that basis.
2012-03-11 06:17:49 +00:00
Gleb Smirnoff
0e2fe5f990 Merge from OpenBSD:
revision 1.146
  date: 2010/05/12 08:11:11;  author: claudio;  state: Exp;  lines: +2 -3
  bzero() the full compressed update struct before setting the values.
  This is needed because pf_state_peer_hton() skips some fields in certain
  situations which could result in garbage beeing sent to the other peer.
  This seems to fix the pfsync storms seen by stephan@ and so dlg owes me
  a whiskey.

I didn't see any storms, but this definitely fixes a useless memory
allocation on the receiving side, due to non zero scrub_flags field
in a pfsync_state_peer structure.
2012-03-08 09:20:00 +00:00
Bjoern A. Zeeb
9dba179d5e IFC @231845
Sponsored by:	Cisco Systems, Inc.
2012-02-17 00:27:48 +00:00
Jung-uk Kim
a159c266a9 Merge ACPICA 20120215. 2012-02-16 22:59:29 +00:00
Bjoern A. Zeeb
0e2181f578 Extend IPv6 routing lookups in pf(4) to use the new multi-FIB KPI.
Try to make the "rtable" handling work but the current version of
pf(4) does not fully support it yet as especially callers of
PF_MISMATCHAW() are not fully FIB-aware.  OpenBSD seems to have
fixed this in a later version.  Prepare as much as possible.

Sponsored by:	Cisco Systems, Inc.
2012-02-03 13:20:48 +00:00
Gleb Smirnoff
3a8c7fa008 Allocate our mbuf with m_get2(). 2012-01-17 12:14:26 +00:00
Ulrich Spörlein
1eb6fc2b27 Remove spurious 8bit chars, turning files into plain ASCII. 2012-01-15 13:23:54 +00:00