Allow some nesting of ng_iface(4) interfaces and add a configuration knob.

PR: 235500 MFC after: 1 week
2019-02-08 06:19:28 +00:00 · 2019-02-08 06:19:28 +00:00 · b0eb264052
commit b0eb264052
parent fe9ffad6ed
2 changed files with 23 additions and 2 deletions
--- a/share/man/man4/ng_iface.4
+++ b/share/man/man4/ng_iface.4
@ -35,7 +35,7 @@
 .\" $FreeBSD$
 .\" $Whistle: ng_iface.8,v 1.5 1999/01/25 23:46:26 archie Exp $
 .\"
-.Dd January 12, 2015
+.Dd February 6, 2019
 .Dt NG_IFACE 4
 .Os
 .Sh NAME
@ -144,6 +144,17 @@ In case when your graph ends up with some kind of serial line, either
 synchronous or modem, the
 .Nm
 is the right place to turn ALTQ on.
+.Sh Nesting
+.Nm
+supports nesting, a configuration when traffic of one
+.Nm
+interface flows through the other.
+The default maximum allowed nesting level is 2.
+It can be changed at runtime setting
+.Xr sysctl 8
+variable
+.Va net.graph.iface.max_nesting
+to the desired level of nesting.
 .Sh SEE ALSO
 .Xr altq 4 ,
 .Xr bpf 4 ,
@ -151,6 +162,7 @@ is the right place to turn ALTQ on.
 .Xr ng_cisco 4 ,
 .Xr ifconfig 8 ,
 .Xr ngctl 8
+.Xr sysctl
 .Sh HISTORY
 The
 .Nm iface
--- a/sys/netgraph/ng_iface.c
+++ b/sys/netgraph/ng_iface.c
@ -68,6 +68,7 @@
 #include <sys/rmlock.h>
 #include <sys/sockio.h>
 #include <sys/socket.h>
+#include <sys/sysctl.h>
 #include <sys/syslog.h>
 #include <sys/libkern.h>

@ -92,6 +93,13 @@ static MALLOC_DEFINE(M_NETGRAPH_IFACE, "netgraph_iface", "netgraph iface node");
 #define M_NETGRAPH_IFACE M_NETGRAPH
 #endif

+static SYSCTL_NODE(_net_graph, OID_AUTO, iface, CTLFLAG_RW, 0,
+    "Point to point netgraph interface");
+VNET_DEFINE_STATIC(int, ng_iface_max_nest) = 2;
+#define	V_ng_iface_max_nest	VNET(ng_iface_max_nest)
+SYSCTL_INT(_net_graph_iface, OID_AUTO, max_nesting, CTLFLAG_VNET | CTLFLAG_RW,
+    &VNET_NAME(ng_iface_max_nest), 0, "Max nested tunnels");
+
 /* This struct describes one address family */
 struct iffam {
 	sa_family_t	family;		/* Address family */
@ -355,7 +363,8 @@ ng_iface_output(struct ifnet *ifp, struct mbuf *m,
 	}

 	/* Protect from deadly infinite recursion. */
-	error = if_tunnel_check_nesting(ifp, m, NGM_IFACE_COOKIE, 1);
+	error = if_tunnel_check_nesting(ifp, m, NGM_IFACE_COOKIE,
+	    V_ng_iface_max_nest);
 	if (error) {
 		m_freem(m);
 		return (error);