Commit Graph

1347 Commits

Author SHA1 Message Date
Mark Johnston
66351f5126 ng_nat: Pass IPv6 packets through.
ng_nat implements NAT for IPv4 traffic only.  When connected to an
ng_ether node it erroneously handled IPv6 packets as well.

This change is not sufficient: ng_nat does not do any validation of IP
packets in this mode, even though they have not yet passed through
ip_input().

PR:		243096
Reported by:	Robert James Hernandez <rob@sarcasticadmin.com>
Reviewed by:	julian
Differential Revision:	https://reviews.freebsd.org/D23080
2020-01-23 16:45:48 +00:00
Kirill Ponomarev
bc6e80ddc1 Generate MAC address from the FreeBSD OUI range.
Submitted by:	aleksandr.fedorov_vstack_com
Approved by:	kevans
Differential Revision:	https://reviews.freebsd.org/D23168
2020-01-16 20:12:15 +00:00
Gleb Smirnoff
35e67a79fb Netgraph queue processing thread must process all its items
in the network epoch.

Reported by:	Michael Zhilin <mizhka@ >
2020-01-15 03:35:57 +00:00
Bjoern A. Zeeb
aeaef7d597 netgraph/ng_bridge: Reestablish old ABI
In order to be able to merge r353026 bring back support for the old
cookie API for a transition period in 12.x releases (and possibly 13)
before the old API can be removed again entirely.

Suggested by:	julian
Submitted by:	Lutz Donnerhacke (lutz donnerhacke.de)
PR:		240787
Reviewed by:	julian
MFC after:	2 weeks
X-MFC with:	r353026
Differential Revision:	https://reviews.freebsd.org/D21961
2020-01-05 19:14:16 +00:00
John Baldwin
4b28d96e5d Remove the deprecated timeout(9) interface.
All in-tree consumers have been converted to callout(9).

Reviewed by:	kib, markj
Differential Revision:	https://reviews.freebsd.org/D22602
2019-12-13 21:03:12 +00:00
John Baldwin
5773ac113c Use callout_func_t instead of the deprecated timeout_t.
Reviewed by:	kib, imp
Differential Revision:	https://reviews.freebsd.org/D22752
2019-12-10 22:06:53 +00:00
Gleb Smirnoff
abc4b11cea Fix regression from r353026. Pointer was increased instead of value
pointed to.

PR:		241646
Submitted by:	Aleksandr Fedorov <aleksandr.fedorov itglobal.com>
2019-11-02 03:09:17 +00:00
Gleb Smirnoff
ebded7d547 Don't use if_maddr_rlock() in ng_eiface(4), use epoch(9) directly instead. 2019-10-10 23:49:19 +00:00
Gleb Smirnoff
57985d11b4 Don't use if_maddr_rlock() in ng_ether(4), use epoch(9) directly instead. 2019-10-10 23:47:14 +00:00
Gleb Smirnoff
b8a6e03fac Widen NET_EPOCH coverage.
When epoch(9) was introduced to network stack, it was basically
dropped in place of existing locking, which was mutexes and
rwlocks. For the sake of performance mutex covered areas were
as small as possible, so became epoch covered areas.

However, epoch doesn't introduce any contention, it just delays
memory reclaim. So, there is no point to minimise epoch covered
areas in sense of performance. Meanwhile entering/exiting epoch
also has non-zero CPU usage, so doing this less often is a win.

Not the least is also code maintainability. In the new paradigm
we can assume that at any stage of processing a packet, we are
inside network epoch. This makes coding both input and output
path way easier.

On output path we already enter epoch quite early - in the
ip_output(), in the ip6_output().

This patch does the same for the input path. All ISR processing,
network related callouts, other ways of packet injection to the
network stack shall be performed in net_epoch. Any leaf function
that walks network configuration now asserts epoch.

Tricky part is configuration code paths - ioctls, sysctls. They
also call into leaf functions, so some need to be changed.

This patch would introduce more epoch recursions (see EPOCH_TRACE)
than we had before. They will be cleaned up separately, as several
of them aren't trivial. Note, that unlike a lock recursion the
epoch recursion is safe and just wastes a bit of resources.

Reviewed by:	gallatin, hselasky, cy, adrian, kristof
Differential Revision:	https://reviews.freebsd.org/D19111
2019-10-07 22:40:05 +00:00
Gleb Smirnoff
0b951c55a1 Fix build failure from r353026. Somehow module build allowed this.
Pointy hat to:	glebius
2019-10-03 04:41:57 +00:00
Gleb Smirnoff
30b7addf5a Protect access to seq->xwin[] with the seq mutex.
MFC after:	5 weeks
2019-10-03 02:34:51 +00:00
Gleb Smirnoff
631cabba47 - Remove the compile time limit for number of links a ng_bridge node
can handle.  Instead using an array on node private data, use per-hook
  private data.
- Use NG_NODE_FOREACH_HOOK() to traverse through hooks instead of array.

PR:		240787
Submitted by:	Lutz Donnerhacke <lutz donnerhacke.de>
Differential Revision:	  https://reviews.freebsd.org/D21803
2019-10-03 02:32:55 +00:00
Maksim Yevmenkin
444e5d09b5 avoid holding PCB mutex during copyin/copyout()
Reported by:	imp, mms dot vanbreukelingen at gmail dot com
Reviewed by:	imp
2019-08-30 16:35:31 +00:00
Xin LI
34ff55b662 Convert ng_deflate to use new zlib.
This removes the last consumer of the modified zlib originally
bundled with Paul's PPP implementation, which will be removed
in a follow up commit.

PR:			229763
Differential Revision:	https://reviews.freebsd.org/D21186
2019-08-23 07:24:36 +00:00
Xin LI
443127c517 Use MTX_NEW instead of bzero().
Submitted by:	cem
2019-08-21 08:15:30 +00:00
Xin LI
ee318606ce Fix a panic in ubt_do_hci_request.
The 'mtx' is on stack and can contain garbages that would cause mtx_init
(and in turn lock_init) to think that the mutex was already initialized.
2019-08-21 07:45:39 +00:00
Vladimir Kondratyev
3544d43bb1 ng_ubt(4): do not attach Intel Wireless 8260/8265 in bootloader mode.
Add helper function for synchronous execution of HCI commands at probe
stage and use this function to check firmware state of Intel Wireless
8260/8265 bluetooth devices found in many post 2016 year laptops.

Attempt to initialize FreeBSD bluetooth stack while such a device is in
bootloader mode locks the adapter hardly so it requires power on/off
cycle to restore.

This change blocks ng_ubt attachment unless operational firmware is
loaded thus preventing the lock up.

PR:			237083
Reviewed by:		hps, emax
MFC after:		2 weeks
Differential Revision:	https://reviews.freebsd.org/D21071
2019-08-18 22:11:42 +00:00
Gleb Smirnoff
cef9f220cd Remove 'dir' argument in ng_ipfw_input, since ip_fw_args now has this info.
While here make 'tee' boolean.
2019-03-14 22:30:05 +00:00
Gleb Smirnoff
7d3df83cfa Remove remnants of byte order manipulation, back when FreeBSD stack
stored packets in host byte order.
2019-02-09 03:00:00 +00:00
Gleb Smirnoff
938864b71b Allow some nesting of ng_iface(4) interfaces and add a configuration knob.
PR:		235500
MFC after:	1 week
2019-02-08 06:19:28 +00:00
Maxim Sobolev
b7841ae650 Allow ng_nat to be attached to a ethernet interface directly via ng_ether(4)
or the likes. Add new control message types: setdlt and getdlt to switch
from default DLT_RAW (no encapsulation) to DLT_EN10MB (ethernet).

Approved by:	glebius
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D18535
2018-12-17 16:00:35 +00:00
Eugene Grosbein
f8edc37316 ng_source(4): correction after the change r340617
tv_usec has "long" type for all architecture in FreeBSD
and follows __LP64__. However, this is not true for tv_sec
that has "time_t" type.

Since r320347 that changed time_t from 32 to 64 bit integer
for 32 bit version of powerpc architecture, we have only single
i386 architecture having 32 bit time_t type.

Submitted by:	jhb
MFC after:	1 week.
2018-11-27 04:05:38 +00:00
Eugene Grosbein
d642b94209 Unbreak ng_source(4) for 64-bit platforms including amd64. 2018-11-19 07:27:50 +00:00
Eugene Grosbein
a594f9453b Make ng_pptpgre(8) netgraph node be able to restore order for packets
reordered in transit instead of dropping them altogether.
It uses sequence numbers of PPtPGRE packets.

A set of new sysctl(8) added to control this ability or disable it:

net.graph.pptpgre.reorder_max (1) defines maximum length of node's
private reorder queue used to keep data waiting for late packets.
Zero value disables reordering. Default value 1 allows the node to restore
the order for two packets swapped in transit. Greater values allow the node
to deliver packets being late after more packets in sequence
at cost of increased kernel memory usage.

net.graph.pptpgre.reorder_timeout (1) defines time value in miliseconds
used to wait for late packets. It may be useful to increase this
if reordering spot is distant.

MFC after:	1 month
2018-11-04 19:10:44 +00:00
Mark Murray
19fa89e938 Remove the Yarrow PRNG algorithm option in accordance with due notice
given in random(4).

This includes updating of the relevant man pages, and no-longer-used
harvesting parameters.

Ensure that the pseudo-unit-test still does something useful, now also
with the "other" algorithm instead of Yarrow.

PR:		230870
Reviewed by:	cem
Approved by:	so(delphij,gtetlow)
Approved by:	re(marius)
Differential Revision:	https://reviews.freebsd.org/D16898
2018-08-26 12:51:46 +00:00
Alexander Motin
8805f3d7be Remove extra M_ZERO from NG_MKRESPONSE() argument.
NG_MKRESPONSE() sets M_ZERO by itself.

Submitted by:	Dmitry Luhtionov <dmitryluhtionov@gmail.com>
MFC after:	1 week
2018-08-20 14:35:54 +00:00
Luiz Otavio O Souza
02fd7b50a0 The interface name must be sanitized before the search to match the existing
netgraph node.

Fixes the search (and use) of VLANs with dot notation.

Obtained from:	pfSense
Sponsored by:	Rubicon Communications, LLC (Netgate)
2018-08-15 13:42:22 +00:00
Gleb Smirnoff
86b4ad7dd5 Use if_tunnel_check_nesting() for ng_iface(4). 2018-08-03 22:55:58 +00:00
Andrew Turner
5f901c92a8 Use the new VNET_DEFINE_STATIC macro when we are defining static VNET
variables.

Reviewed by:	bz
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D16147
2018-07-24 16:35:52 +00:00
John Baldwin
4560b78de2 Catch up two more places to the V_ifnet change to a CK_STAILQ. 2018-05-24 00:06:55 +00:00
Matt Macy
d7c5a620e2 ifnet: Replace if_addr_lock rwlock with epoch + mutex
Run on LLNW canaries and tested by pho@

gallatin:
Using a 14-core, 28-HTT single socket E5-2697 v3 with a 40GbE MLX5
based ConnectX 4-LX NIC, I see an almost 12% improvement in received
packet rate, and a larger improvement in bytes delivered all the way
to userspace.

When the host receiving 64 streams of netperf -H $DUT -t UDP_STREAM -- -m 1,
I see, using nstat -I mce0 1 before the patch:

InMpps OMpps  InGbs  OGbs err TCP Est %CPU syscalls csw     irq GBfree
4.98   0.00   4.42   0.00 4235592     33   83.80 4720653 2149771   1235 247.32
4.73   0.00   4.20   0.00 4025260     33   82.99 4724900 2139833   1204 247.32
4.72   0.00   4.20   0.00 4035252     33   82.14 4719162 2132023   1264 247.32
4.71   0.00   4.21   0.00 4073206     33   83.68 4744973 2123317   1347 247.32
4.72   0.00   4.21   0.00 4061118     33   80.82 4713615 2188091   1490 247.32
4.72   0.00   4.21   0.00 4051675     33   85.29 4727399 2109011   1205 247.32
4.73   0.00   4.21   0.00 4039056     33   84.65 4724735 2102603   1053 247.32

After the patch

InMpps OMpps  InGbs  OGbs err TCP Est %CPU syscalls csw     irq GBfree
5.43   0.00   4.20   0.00 3313143     33   84.96 5434214 1900162   2656 245.51
5.43   0.00   4.20   0.00 3308527     33   85.24 5439695 1809382   2521 245.51
5.42   0.00   4.19   0.00 3316778     33   87.54 5416028 1805835   2256 245.51
5.42   0.00   4.19   0.00 3317673     33   90.44 5426044 1763056   2332 245.51
5.42   0.00   4.19   0.00 3314839     33   88.11 5435732 1792218   2499 245.52
5.44   0.00   4.19   0.00 3293228     33   91.84 5426301 1668597   2121 245.52

Similarly, netperf reports 230Mb/s before the patch, and 270Mb/s after the patch

Reviewed by:	gallatin
Sponsored by:	Limelight Networks
Differential Revision:	https://reviews.freebsd.org/D15366
2018-05-18 20:13:34 +00:00
Ed Maste
315fbaeca2 Correct pseudo misspelling in sys/ comments
contrib code and #define in intel_ata.h unchanged.
2018-02-23 18:15:50 +00:00
Eugene Grosbein
8be8c75688 ng_pppoe(8): add support for user-supplied Host-Uniq tag.
A few ISP filter PADI requests based on such tag,
to force the use of their own routers.
The custom Host-Uniq tag is passed in the NGM_PPPOE_CONNECT
control message, so it can be used with FreeBSD ppp(8)
and mpd without any other change.

Add support to send and receive PADM messages,
HURL and MOTM, often used by service providers to provide
ACS information and other configuration settings
to the user CPE.

Submitted by:	ale
Approved by:	mav (mentor)
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D9270
2018-02-14 21:17:44 +00:00
Pedro F. Giffuni
ac2fffa4b7 Revert r327828, r327949, r327953, r328016-r328026, r328041:
Uses of mallocarray(9).

The use of mallocarray(9) has rocketed the required swap to build FreeBSD.
This is likely caused by the allocation size attributes which put extra pressure
on the compiler.

Given that most of these checks are superfluous we have to choose better
where to use mallocarray(9). We still have more uses of mallocarray(9) but
hopefully this is enough to bring swap usage to a reasonable level.

Reported by:	wosch
PR:		225197
2018-01-21 15:42:36 +00:00
Pedro F. Giffuni
3b0a4e40a0 netgraph: make some use of mallocarray(9).
Focus on code where we are doing multiplications within malloc(9). None of
these ire likely to overflow, however the change is still useful as some
static checkers can benefit from the allocation attributes we use for
mallocarray.

This initial sweep only covers malloc(9) calls with M_NOWAIT. No good
reason but I started doing the changes before r327796 and at that time it
was convenient to make sure the sorrounding code could handle NULL values.

X-Differential revision: https://reviews.freebsd.org/D13837
2018-01-15 21:19:21 +00:00
Pedro F. Giffuni
fe267a5590 sys: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.
2017-11-27 15:23:17 +00:00
Eugene Grosbein
ab070eb18b Correction after r323873: #include <sys/lock.h> in addition to <sys/rmlock.h>
PR:		220076
Approved by:	mav (mentor)
MFC after:	3 days
2017-09-28 11:26:37 +00:00
Eugene Grosbein
10633c7e5a Unprotected modification of ng_iface(4) private data leads to kernel panic.
Fix a race with per-node read-mostly lock and refcounting for a hook.

PR:			220076
Tested by:		peixoto.cassiano
Approved by:		avg (mentor), mav (mentor)
MFC after:		1 week
Relnotes:		yes
Differential Revision:	https://reviews.freebsd.org/D12435
2017-09-21 20:16:10 +00:00
Gleb Smirnoff
7737de9515 Check return value from soaccept().
Coverity:	1376209
2017-06-14 16:13:20 +00:00
Gleb Smirnoff
779f106aa1 Listening sockets improvements.
o Separate fields of struct socket that belong to listening from
  fields that belong to normal dataflow, and unionize them.  This
  shrinks the structure a bit.
  - Take out selinfo's from the socket buffers into the socket. The
    first reason is to support braindamaged scenario when a socket is
    added to kevent(2) and then listen(2) is cast on it. The second
    reason is that there is future plan to make socket buffers pluggable,
    so that for a dataflow socket a socket buffer can be changed, and
    in this case we also want to keep same selinfos through the lifetime
    of a socket.
  - Remove struct struct so_accf. Since now listening stuff no longer
    affects struct socket size, just move its fields into listening part
    of the union.
  - Provide sol_upcall field and enforce that so_upcall_set() may be called
    only on a dataflow socket, which has buffers, and for listening sockets
    provide solisten_upcall_set().

o Remove ACCEPT_LOCK() global.
  - Add a mutex to socket, to be used instead of socket buffer lock to lock
    fields of struct socket that don't belong to a socket buffer.
  - Allow to acquire two socket locks, but the first one must belong to a
    listening socket.
  - Make soref()/sorele() to use atomic(9).  This allows in some situations
    to do soref() without owning socket lock.  There is place for improvement
    here, it is possible to make sorele() also to lock optionally.
  - Most protocols aren't touched by this change, except UNIX local sockets.
    See below for more information.

o Reduce copy-and-paste in kernel modules that accept connections from
  listening sockets: provide function solisten_dequeue(), and use it in
  the following modules: ctl(4), iscsi(4), ng_btsocket(4), ng_ksocket(4),
  infiniband, rpc.

o UNIX local sockets.
  - Removal of ACCEPT_LOCK() global uncovered several races in the UNIX
    local sockets.  Most races exist around spawning a new socket, when we
    are connecting to a local listening socket.  To cover them, we need to
    hold locks on both PCBs when spawning a third one.  This means holding
    them across sonewconn().  This creates a LOR between pcb locks and
    unp_list_lock.
  - To fix the new LOR, abandon the global unp_list_lock in favor of global
    unp_link_lock.  Indeed, separating these two locks didn't provide us any
    extra parralelism in the UNIX sockets.
  - Now call into uipc_attach() may happen with unp_link_lock hold if, we
    are accepting, or without unp_link_lock in case if we are just creating
    a socket.
  - Another problem in UNIX sockets is that uipc_close() basicly did nothing
    for a listening socket.  The vnode remained opened for connections.  This
    is fixed by removing vnode in uipc_close().  Maybe the right way would be
    to do it for all sockets (not only listening), simply move the vnode
    teardown from uipc_detach() to uipc_close()?

Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D9770
2017-06-08 21:30:34 +00:00
Takanori Watanabe
4aa92fe2f3 Make cached Bluetooth LE host advertise information visible from userland.
Differential Revision:	https://reviews.freebsd.org/D10362
2017-04-27 15:03:24 +00:00
Brooks Davis
a7dc31283a Remove the NATM framework including the en(4), fatm(4), hatm(4), and
patm(4) devices.

Maintaining an address family and framework has real costs when we make
infrastructure improvements.  In the case of NATM we support no devices
manufactured in the last 20 years and some will not even work in modern
motherboards (some newer devices that patm(4) could be updated to
support apparently exist, but we do not currently have support).

With this change, support remains for some netgraph modules that don't
require NATM support code. It is unclear if all these should remain,
though ng_atmllc certainly stands alone.

Note well: FreeBSD 11 supports NATM and will continue to do so until at
least September 30, 2021.  Improvements to the code in FreeBSD 11 are
certainly welcome.

Reviewed by:	philip
Approved by:	harti
2017-04-24 21:21:49 +00:00
Pedro F. Giffuni
ec5753e0eb mppc - Finish pluging NETGRAPH_MPPC_COMPRESSION.
There were several places where reference to compression were left
unfinished. Furthermore, KASSERTs contained references to MPPC_INVALID
which is not defined in the tree and therefore were sure to break with
INVARIANTS: comment them out.

Reported by:	Eugene Grosbein
PR:		216265
MFC after:	3 days
2017-01-20 00:02:11 +00:00
Julian Elischer
426b3d047a Changes to allow the patching of packets with an offset (and other changes.. see man page)
PR:	206185
Submitted by:	Dmitry Vagin <daemon-hammer@ya.ru>
MFC after:	 1 week
Relnotes:	yes (also ng_checksum node)
2016-12-02 10:47:10 +00:00
Hans Petter Selasky
0e493ed3a5 Fix return value from ng_uncallout().
callout_stop() recently started returning -1 when the callout is already
stopped, which is not handled by the netgraph code. Properly filter
the return value. Netgraph callers only want to know if the callout
was cancelled and not draining or already stopped.

Discussed with:		julian, glebius
MFC after:		2 weeks
2016-12-02 09:29:22 +00:00
Bjoern A. Zeeb
310dc5a403 Writing out the L2TP control packet requires 12 bytes of
contiguous memory but in one path we did not always guarantee this,
thus do a m_pullup() there.

PR:			214385
Submitted by:		Joe Jones (joeknockando googlemail.com)
MFC after:		3 days
2016-11-17 14:03:44 +00:00
Bryan Drewery
28323add09 Fix improper use of "its".
Sponsored by:	Dell EMC Isilon
2016-11-08 23:59:41 +00:00
Sean Bruno
2f632dbb0b Avoid panic from ng_uncallout when unpluggin ethernet cable with active
PPTP VPN connection.

Submitted by:	Michael Zhilin <mizhka@gmail.com>
Reviewed by:	ngie
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D7209
2016-08-08 19:31:01 +00:00
Julian Elischer
d7373c820e netgraph module for reconstructing checksums
PR:		206108
Submitted by:	Dmitry Vagin  daemon.hammer@ya.ru
MFC after:	1 month
2016-08-01 12:09:04 +00:00