Commit Graph

1384 Commits

Author SHA1 Message Date
Alexander V. Chernikov
4e19e0d92a Use light-weight versions of routing lookup functions in ng_netflow.
Use recently-added combination of `fib[46]_lookup_rt()` which
 returns rtentry & raw nexthop with `rt_get_inet[6]_plen()` which
 returns address/prefix length of prefix inside `rt`.

Add `nhop_select_func()` wrapper around inlined `nhop_select()` to
 allow callers external to the routing subsystem select the proper
 nexthop from the multipath group without including internal headers.

New calls does not require reference counting objects and reduce
 the amount of copied/processed rtentry data.

Differential Revision: https://reviews.freebsd.org/D27675
2020-12-26 11:27:38 +00:00
Mark Johnston
cd698c5179 netgraph: Fix ng_ether's shutdown handing
When tearing down a VNET, netgraph sends shutdown messages to all of the
nodes before detaching interfaces (SI_SUB_NETGRAPH comes before
SI_SUB_INIT_IF in teardown order).  ng_ether nodes handle this by
destroying themselves without detaching from the parent ifnet.  Then,
when ifnets go away they detach their ng_ether nodes again, triggering a
use-after-free.

Handle this by modifying ng_ether_shutdown() to detach from the ifnet.
If the shutdown was triggered by an ifnet being destroyed, we will clear
priv->ifp in the ng_ether detach callback, so priv->ifp may be NULL.

Also get rid of the printf in vnet_netgraph_uninit().  It can be
triggered trivially by ng_ether since ng_ether_shutdown() persists the
node unless NG_REALLY_DIE is set.

PR:		233622
Reviewed by:	afedorov, kp, Lutz Donnerhacke
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D27662
2020-12-23 00:12:16 -05:00
Aleksandr Fedorov
3326f7e9bb [ng_socket] Don't take the SOCKBUF_LOCK() twice in the RX data path.
This is just a minor optimization, but it's sensitive. This gives an improvement of 30-50 kpps.

Reviewed by:	kp, markj, glebius, lutz_donnerhacke.de
Approved by:	vmaffione (mentor)
Sponsored by:	vstack.com
Differential Revision:	https://reviews.freebsd.org/D27382
2020-12-17 18:15:07 +00:00
Kyle Evans
02354beae7 netgraph: macfilter: small fixes
Two issues:
- The DEBUG macro defined is in direct conflict with the DEBUG kernel
  option, which broke the -LINT build[0]
- Building with NG_MACFILTER_DEBUG did not compile on LP64 systems due to
  using %d for sizeof().

Reported by:	Jenkins[0]
2020-12-09 15:28:56 +00:00
Nick Hibma
e8db04c389 New Netgraph module ng_macfilter:
Macfilter to route packets through different hooks based on sender MAC address.

Based on ng_macfilter written by Pekka Nikander

Sponsered by Retina b.v.

Reviewed by:	afedorov
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D27268
2020-12-08 15:09:42 +00:00
Eugene Grosbein
3ff4b31749 ng_nat: unbreak ABI
The revision r342168 broke ABI of ng_nat needlessly and
the change was merged to stable branches breaking ABI there, too.
Unbreak it.

PR:		250722
MFC after:	1 week
2020-11-10 02:26:44 +00:00
Mark Johnston
e62e4b8594 ng_l2tp: Fix callout synchronization in the rexmit timeout handler
A received control packet may cause the transmit queue to be flushed, in
which case ng_l2tp_seq_recv_nr() cancels the transmit timeout handler.
The handler checks to see if it was cancelled before doing anything, but
did so before acquiring the node lock, so a small race window could
cause ng_l2tp_seq_rack_timeout() to attempt to flush an empty queue,
ultimately causing a null pointer dereference.

PR:		241133
Reviewed by:	bz, glebius, Lutz Donnerhacke
MFC after:	3 days
Sponsored by:	Rubicon Communications, LLC (Netgate)
Differential Revision:	https://reviews.freebsd.org/D26548
2020-09-25 18:55:50 +00:00
Kristof Provost
51e805c43c ng_ether: Enter NET_EPOCH where required
We must enter NET_EPOCH before calling ether_output_frame(). Several of the
functions it calls (pfil_run_hooks, if_transmit) expect to be running in the
NET_EPOCH.

While here remove an unneeded EPOCH entry (which wasn't wide enough to cover
BRIDGE_INPUT).

PR:		248958
Reviewed by:	glebius, bz (previous version), melifaro (previous version)
Tested by:	manu
Differential Revision:	https://reviews.freebsd.org/D26226
2020-09-02 11:49:22 +00:00
Mateusz Guzik
662c13053f net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
Mark Johnston
3a3992fb86 ng_ubt: Add a device ID.
PR:		248838
Submitted by:	Andrey Zholos <aaz@q-fu.com>
MFC after:	1 week
2020-08-23 19:30:06 +00:00
Warner Losh
e0d14216c1 Tag pccard drivers with gone in 13.
MFC After: 3 days
Reviewed by: emaste, brooks, adrian (on twitter)
Differential Revision: https://reviews.freebsd.org/D26095
2020-08-20 17:19:40 +00:00
Marko Zec
eeed0c98a1 Increase BER to PER lookup table size in an attempt to mitigate panics
with LRO and TSO.

Reported by:    rstone
2020-08-18 22:46:46 +00:00
Mark Johnston
370b7cc904 ng_iface(4): Remove unsupported protocols.
Update the ng_iface documentation and hooks to reflect the fact that the
node currently only supports IPv4 and v6 packets.

Reviewed by:	Lutz Donnerhacke
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D25862
2020-07-31 14:08:54 +00:00
Mark Johnston
460a9f9d45 ng_iface(4): Set the current VNET before calling netisr_dispatch().
This is normally handled by a netgraph thread, but netgraph messages may
be dispatched directly to a node, in which case no VNET is set before
ng_iface calls into the network stack.  Netgraph could probably handle
this more generally, but for now just be sure to set the current VNET in
ng_iface.

PR:		242406
Tested by:	Michael Muenz <m.muenz@gmail.com>
Reviewed by:	Lutz Donnerhacke
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D25788
2020-07-31 14:08:32 +00:00
Takanori Watanabe
b8c46d561e Fix L2CAP ACL packet PB(Packet Boundary) flag for LE PDU.
ACL packet boundary flag should be 0 instead of 2 for LE PDU.
Some HCI will drop LE packet with PB flag is 2, and if sent,
some target may reject the packet.

PR:	248024
Reported by:	Greg V
Reviewed by:	Greg V, emax
Differential Revision:	https://reviews.freebsd.org/D25704
2020-07-17 15:50:03 +00:00
Takanori Watanabe
de402d6322 Add support for [read|write] supported data length commands.
Fix ng_hci_le_long_term_key_request_negative_reply_cp struct
while here.

PR:	247809
Submitted by:	Marc Veldman
2020-07-08 06:33:07 +00:00
Takanori Watanabe
263a104f43 Allow some Bluetooth LE related HCI request to non-root user.
PR:	247588
Reported by:	Greg V (greg@unrelenting.technology)
Reviewed by:	emax
Differential Revision:	https://reviews.freebsd.org/D25516
2020-07-01 04:00:54 +00:00
Takanori Watanabe
ccb9fc3218 Update event masks constant to Bluetooth core spec V5.2
and add LE Events.

PR: 247257
Submitted by:	Marc Veldman
2020-06-15 14:58:40 +00:00
Takanori Watanabe
7a33c92b43 Add LE events:
READ_REMOTE_FEATURES_COMPL
LONG_TERM_KEY_REQUEST
REMOTE_CONN_PARAM_REQUEST
DATA_LENGTH_CHANGE
READ_LOCAL_P256_PK_COMPL
GEN_DHKEY_COMPL
ENH_CONN_COMPL

PR: 247050
Submitted by:	Marc Veldman marc at bumblingdork.com
2020-06-10 04:54:02 +00:00
Hans Petter Selasky
4ac6682cab Fix check for wMaxPacketSize in USB bluetooth driver,
in case device is not FULL speed.

MFC after:	3 days
Sponsored by:	Mellanox Technologies
2020-05-28 08:41:18 +00:00
Takanori Watanabe
022f27959e Fix Typo in ng_hci_le_connection_complete_ep struct.
PR:	246538
Submitted by:	Marc Veldman
2020-05-19 13:58:52 +00:00
Takanori Watanabe
75afc548cb Add space for RSSI in data member.
RSSI is put just after actual data.

Submitted by: Marc Veldman
PR: 245920
2020-05-09 14:15:44 +00:00
Takanori Watanabe
1f5d883dd7 Add le_read_buffer_size command and manpage.
It supports both v1 and v2 command.

PR:245964
Submitted by:	Marc Veldman <marc@bumblingdork.com>
2020-04-28 16:00:34 +00:00
Aleksandr Fedorov
cade08387c ng_eiface: fix kernel panic due to the racecondition in ng_eiface shutdown.
PR:		244247
Reported by:	Vladislav V. Prodan <admin@support.od.ua>
Reviewed by:	vmaffione, lutz_donnerhacke.de
Approved by:	vmaffione (mentor)
Sponsored by:	vstack.com
Differential Revision:	https://reviews.freebsd.org/D24557
2020-04-27 10:00:46 +00:00
Hans Petter Selasky
21eefd310a Substitute le_read_supported_status with le_read_supported_states.
Refer to bluetooth core v5.2 specifications Vol4. Part E. 7.8.27.

PR:		245763
Submitted by:	Marc Veldman <marc@bumblingdork.com>
MFC after:	1 week
Sponsored by:	Mellanox Technologies
2020-04-20 13:44:14 +00:00
Hans Petter Selasky
3bc36313e4 Bring HCI error messages up-to-date.
See Bluetooth v5.6 core specification Vol.1 Part F: Controller error codes.

Submitted by:	Marc Veldman <marc@bumblingdork.com>
PR:		245737
MFC after:	1 week
Sponsored by:	Mellanox Technologies
2020-04-19 10:24:15 +00:00
Kyle Evans
23d5326823 tty: convert tty_lock_assert to tty_assert_locked to hide lock type
A later change, currently being iterated on in D24459, will in-fact change
the lock type to an sx so that TTY drivers can sleep on it if they need to.
Committing this ahead of time to make the review in question a little more
palatable.

tty_lock_assert() is unfortunately still needed for now in two places to
make sure that the tty lock has not been recursed upon, for those scenarios
where it's supplied by the TTY driver and possibly a mutex that is allowed
to recurse.

Suggested by:	markj
2020-04-17 18:34:49 +00:00
Gleb Smirnoff
2ffded5e53 Don't initialize m->m_data to m->m_pktdat, this is already done by the
mbuf allocator.  That was the last remnant of such code in the kernel.
2020-04-17 05:59:38 +00:00
Takanori Watanabe
3cba89e6f8 Fix mbuf handling in le advertize packet processing.
Submitted by: Marc Veldman <marc at bumblingdork.com>
2020-04-02 09:15:31 +00:00
Gleb Smirnoff
def4e701e5 Fix spelling of "dropped".
Submitted by:	Lutz Donnerhacke
Differential Revision:	https://reviews.freebsd.org/D23954
2020-03-04 22:32:40 +00:00
Pawel Biernacki
7029da5c36 Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many)
r357614 added CTLFLAG_NEEDGIANT to make it easier to find nodes that are
still not MPSAFE (or already are but aren’t properly marked).
Use it in preparation for a general review of all nodes.

This is non-functional change that adds annotations to SYSCTL_NODE and
SYSCTL_PROC nodes using one of the soon-to-be-required flags.

Mark all obvious cases as MPSAFE.  All entries that haven't been marked
as MPSAFE before are by default marked as NEEDGIANT

Approved by:	kib (mentor, blanket)
Commented by:	kib, gallatin, melifaro
Differential Revision:	https://reviews.freebsd.org/D23718
2020-02-26 14:26:36 +00:00
Gleb Smirnoff
039eb22c0a Rework second part of r357558. Unroll the macro and allocate memory in
sleepable manner before entering the epoch for the send.
2020-02-21 04:18:15 +00:00
Gleb Smirnoff
be3d57e69b Revert one half of previous change r357558. Don't enter the epoch on
sends to control socket.  Control socket messages can run constructors
of nodes and other stuff that is allowed to M_WAITOK.

PR:		244241
2020-02-21 04:10:41 +00:00
Eugene Grosbein
49f384cb47 ng_nat: avoid panic if attached directly to ng_ether and got short packet
From the beginning, ng_nat safely assumed cleansed traffic
because of limited ways it could be attached to NETGRAPH:
ng_ipfw or ng_ppp only.

Now as it may be attached with ng_ether too, the assumption proven wrong.
Add needed check to the ng_nat. Thanks for markj for debugging this.

PR:		243096
Submitted by:	Lutz Donnerhacke <lutz@donnerhacke.de>
Reported by:	Robert James Hernandez <rob@sarcasticadmin.com>
Reviewed by:	markj and others
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D23091
2020-02-12 00:31:00 +00:00
Gleb Smirnoff
f71291a65e I doubt anybody in the world uses ng_device, but its write method should
also enter the network epoch when sending data from user level to netgraph.
2020-02-05 03:07:20 +00:00
Gleb Smirnoff
940508a5be Enter the network epoch when ng_socket sends data or control from user
land to the netgraph and potentially further down the network stack.
2020-02-05 03:06:29 +00:00
Gleb Smirnoff
4c02c20c32 netgraph(4) callouts need to be executed in the network epoch. 2020-02-05 02:53:40 +00:00
Mark Johnston
66351f5126 ng_nat: Pass IPv6 packets through.
ng_nat implements NAT for IPv4 traffic only.  When connected to an
ng_ether node it erroneously handled IPv6 packets as well.

This change is not sufficient: ng_nat does not do any validation of IP
packets in this mode, even though they have not yet passed through
ip_input().

PR:		243096
Reported by:	Robert James Hernandez <rob@sarcasticadmin.com>
Reviewed by:	julian
Differential Revision:	https://reviews.freebsd.org/D23080
2020-01-23 16:45:48 +00:00
Kirill Ponomarev
bc6e80ddc1 Generate MAC address from the FreeBSD OUI range.
Submitted by:	aleksandr.fedorov_vstack_com
Approved by:	kevans
Differential Revision:	https://reviews.freebsd.org/D23168
2020-01-16 20:12:15 +00:00
Gleb Smirnoff
35e67a79fb Netgraph queue processing thread must process all its items
in the network epoch.

Reported by:	Michael Zhilin <mizhka@ >
2020-01-15 03:35:57 +00:00
Bjoern A. Zeeb
aeaef7d597 netgraph/ng_bridge: Reestablish old ABI
In order to be able to merge r353026 bring back support for the old
cookie API for a transition period in 12.x releases (and possibly 13)
before the old API can be removed again entirely.

Suggested by:	julian
Submitted by:	Lutz Donnerhacke (lutz donnerhacke.de)
PR:		240787
Reviewed by:	julian
MFC after:	2 weeks
X-MFC with:	r353026
Differential Revision:	https://reviews.freebsd.org/D21961
2020-01-05 19:14:16 +00:00
John Baldwin
4b28d96e5d Remove the deprecated timeout(9) interface.
All in-tree consumers have been converted to callout(9).

Reviewed by:	kib, markj
Differential Revision:	https://reviews.freebsd.org/D22602
2019-12-13 21:03:12 +00:00
John Baldwin
5773ac113c Use callout_func_t instead of the deprecated timeout_t.
Reviewed by:	kib, imp
Differential Revision:	https://reviews.freebsd.org/D22752
2019-12-10 22:06:53 +00:00
Gleb Smirnoff
abc4b11cea Fix regression from r353026. Pointer was increased instead of value
pointed to.

PR:		241646
Submitted by:	Aleksandr Fedorov <aleksandr.fedorov itglobal.com>
2019-11-02 03:09:17 +00:00
Gleb Smirnoff
ebded7d547 Don't use if_maddr_rlock() in ng_eiface(4), use epoch(9) directly instead. 2019-10-10 23:49:19 +00:00
Gleb Smirnoff
57985d11b4 Don't use if_maddr_rlock() in ng_ether(4), use epoch(9) directly instead. 2019-10-10 23:47:14 +00:00
Gleb Smirnoff
b8a6e03fac Widen NET_EPOCH coverage.
When epoch(9) was introduced to network stack, it was basically
dropped in place of existing locking, which was mutexes and
rwlocks. For the sake of performance mutex covered areas were
as small as possible, so became epoch covered areas.

However, epoch doesn't introduce any contention, it just delays
memory reclaim. So, there is no point to minimise epoch covered
areas in sense of performance. Meanwhile entering/exiting epoch
also has non-zero CPU usage, so doing this less often is a win.

Not the least is also code maintainability. In the new paradigm
we can assume that at any stage of processing a packet, we are
inside network epoch. This makes coding both input and output
path way easier.

On output path we already enter epoch quite early - in the
ip_output(), in the ip6_output().

This patch does the same for the input path. All ISR processing,
network related callouts, other ways of packet injection to the
network stack shall be performed in net_epoch. Any leaf function
that walks network configuration now asserts epoch.

Tricky part is configuration code paths - ioctls, sysctls. They
also call into leaf functions, so some need to be changed.

This patch would introduce more epoch recursions (see EPOCH_TRACE)
than we had before. They will be cleaned up separately, as several
of them aren't trivial. Note, that unlike a lock recursion the
epoch recursion is safe and just wastes a bit of resources.

Reviewed by:	gallatin, hselasky, cy, adrian, kristof
Differential Revision:	https://reviews.freebsd.org/D19111
2019-10-07 22:40:05 +00:00
Gleb Smirnoff
0b951c55a1 Fix build failure from r353026. Somehow module build allowed this.
Pointy hat to:	glebius
2019-10-03 04:41:57 +00:00
Gleb Smirnoff
30b7addf5a Protect access to seq->xwin[] with the seq mutex.
MFC after:	5 weeks
2019-10-03 02:34:51 +00:00
Gleb Smirnoff
631cabba47 - Remove the compile time limit for number of links a ng_bridge node
can handle.  Instead using an array on node private data, use per-hook
  private data.
- Use NG_NODE_FOREACH_HOOK() to traverse through hooks instead of array.

PR:		240787
Submitted by:	Lutz Donnerhacke <lutz donnerhacke.de>
Differential Revision:	  https://reviews.freebsd.org/D21803
2019-10-03 02:32:55 +00:00