Commit Graph

129 Commits

Author SHA1 Message Date
glebius
d0fcd4e3a1 Use size_t for sopt_valsize.
Submitted by:	Brandon Gooch <jamesbrandongooch gmail.com>
2011-04-21 08:18:55 +00:00
bz
d10762bec7 MFp4 CH=191466:
Move fw_one_pass to where it belongs: it is a property of ipfw,
not of ip_input.

Reviewed by:	gnn
Sponsored by:	The FreeBSD Foundation
Sponsored by:	iXsystems
MFC after:	3 days
2011-04-20 07:55:33 +00:00
glebius
94dea9059f - Rewrite functions that copyin/out NAT configuration, so that they
calculate required memory size dynamically.
- Fix races on chain re-lock.
- Introduce new field to ip_fw_chain - generation count. Now utilized
  only in the NAT configuration, but can be utilized wider in ipfw.
- Get rid of NAT_BUF_LEN in ip_fw.h

PR:		kern/143653
2011-04-19 15:06:33 +00:00
ae
60d19e6c25 Add sysctl handlers for net.inet.ip.dummynet.hash_size, .pipe_byte_limit
and .pipe_slot_limit oids to prevent to set incorrect values.

MFC after:	2 weeks
2011-04-19 11:33:39 +00:00
ae
db0a98ce0a ipdn_bound_var() functions is designed to bound a variable between
specified minimum and maximum. In case when specified default value
is out of bounds it does not work as expected and does not limit
variable. Check that default value is in range and limit it if needed.
Also bump max_hash_size value to 65536 to correspond with manual page.

PR:		kern/152887
MFC after:	2 weeks
2011-04-19 11:29:09 +00:00
ae
349e4f52c1 Use M_WAITOK instead M_WAIT for malloc. Remove unneded checks.
MFC after:	1 week
2011-04-19 05:59:37 +00:00
glebius
53a0fd8ac3 LibAliasInit() should allocate memory with M_WAITOK flag. Modify it
and its callers.
2011-04-18 20:07:08 +00:00
glebius
ccf3bc8914 Pullup up to TCP header length before matching against 'tcpopts'.
PR:		kern/156180
Reviewed by:	luigi
2011-04-18 18:22:10 +00:00
ae
9500525271 Restore previous behaviour - always match rule when we doing tagging,
even when tag is already exists.

Reported by:	Vadim Goncharov
MFC after:	1 week
2011-04-12 15:20:34 +00:00
ae
fb3f0c3e38 Fill up src_port and dst_port variables for SCTP over IPv4.
PR:		kern/153415
MFC after:	1 week
2011-03-31 16:30:14 +00:00
ae
2bf6daa9c4 Fix malloc types.
MFC after:	1 week
2011-03-31 15:11:12 +00:00
ae
eabdaff85a Fix a memory leak. Memory that is allocated for schedulers hash table
was not freed.

PR:		kern/156083
MFC after:	1 week
2011-03-31 15:10:41 +00:00
brucec
6d9b42b486 Fix typos - remove duplicate "the".
PR:	bin/154928
Submitted by:	Eitan Adler <lists at eitanadler.com>
MFC after: 	3 days
2011-02-21 09:01:34 +00:00
pluknet
3e66152cbf Bump dummynet module version to meet dummynet schedulers' requirements,
and thus unbreak loading dummynet.ko via /boot/loader.conf.

Reported by:	rihad <rihad att mail.ru> on freebsd-net
Approved by:	kib (mentor)
2011-02-16 15:43:35 +00:00
luigi
383285e43a correct the 'output_time' of packets generated by dummynet.
In the dec.2009 rewrite I introduced a bug, using for the
computation the arrival time instead of the time the packet
has exited from the queue.
The bandwidth computation was still correct because it is
computed elsewhere, but traffic was sent out in bursts.

The bug is also present in RELENG_8 after dec.2009

Thanks to Daikichi Osuga for investingating, finding and fixing the
bug with detailed graphs of the behaviour before and after the fix.

Submitted by:	Daikichi Osuga
MFC after:	2 weeks
2011-02-05 23:32:17 +00:00
jhb
9e010db002 Use a blocking malloc() to initialize the dummynet taskq.
Reviewed by:	luigi
2011-01-13 17:02:39 +00:00
mdf
5e41205b16 sysctl(9) cleanup checkpoint: amd64 GENERIC builds cleanly.
Commit the net* piece.
2011-01-12 19:53:50 +00:00
jhb
05673f05f2 Use a regular taskqueue for dummynet rather than a "fast" taskqueue.
Reviewed by:	luigi
2011-01-07 16:47:20 +00:00
dim
fb307d7d1d After some off-list discussion, revert a number of changes to the
DPCPU_DEFINE and VNET_DEFINE macros, as these cause problems for various
people working on the affected files.  A better long-term solution is
still being considered.  This reversal may give some modules empty
set_pcpu or set_vnet sections, but these are harmless.

Changes reverted:

------------------------------------------------------------------------
r215318 | dim | 2010-11-14 21:40:55 +0100 (Sun, 14 Nov 2010) | 4 lines

Instead of unconditionally emitting .globl's for the __start_set_xxx and
__stop_set_xxx symbols, only emit them when the set_vnet or set_pcpu
sections are actually defined.

------------------------------------------------------------------------
r215317 | dim | 2010-11-14 21:38:11 +0100 (Sun, 14 Nov 2010) | 3 lines

Apply the STATIC_VNET_DEFINE and STATIC_DPCPU_DEFINE macros throughout
the tree.

------------------------------------------------------------------------
r215316 | dim | 2010-11-14 21:23:02 +0100 (Sun, 14 Nov 2010) | 2 lines

Add macros to define static instances of VNET_DEFINE and DPCPU_DEFINE.
2010-11-22 19:32:54 +00:00
dim
fda4020a88 Apply the STATIC_VNET_DEFINE and STATIC_DPCPU_DEFINE macros throughout
the tree.
2010-11-14 20:38:11 +00:00
luigi
e7ccc85b8f The first customer of the SO_USER_COOKIE option:
the "sockarg" ipfw option matches packets associated to
a local socket and with a non-zero so_user_cookie value.
The value is made available as tablearg, so it can be used
as a skipto target or pipe number in ipfw/dummynet rules.

Code by Paul Joe, manpage by me.

Submitted by:	Paul Joe
MFC after:	1 week
2010-11-12 13:05:17 +00:00
luigi
c271001bfa put back the assigment to sched_time. It was correct, and
it was necessary.

Submitted by:	Riccardo Panicucci
2010-10-01 15:38:35 +00:00
luigi
a41992e8ea remove an unnecessary (and wrong) assignment.
It was meant to reset idle_time (and it was not needed),
but i even used the wrong field.

Obtained from:	Oleg
MFC after:	3 days
2010-09-29 21:02:31 +00:00
luigi
db4f2cdbdf whitespace changes in preparation for future commits 2010-09-29 09:40:20 +00:00
luigi
27b07fc731 fix handling of initial credit for an idle pipe.
This fixes the bug where setting bw > 1 MTU/tick resulted in
infinite bandwidth if io_fast=1

PR:		147245 148429
Obtained from:	Riccardo Panicucci
MFC after:	3 days
2010-09-29 09:22:12 +00:00
luigi
c0dff81a76 fix breakage in in-kernel NAT: the code did not honor
net.inet.ip.fw.one_pass and always moved to the next rule
in case of a successful nat.

This should fix several related PR (waiting for feedback
before closing them)

PR:		145167 149572 150141
MFC after:	3 days
2010-09-28 23:23:23 +00:00
luigi
9c86b371d6 Whitespace changes to reduce diffs wrt the most recent ipfw/dummynet code:
+ remove an unused macro,
+ adjust the constants in an enum
+ small whitespace changes

MFC after:	3 days
2010-09-28 22:46:13 +00:00
glebius
d14214d82c in_delayed_cksum() requires host byte order.
Reported by:	Alexander Levin <amindomao googlemail.com>
MFC after:	1 week
2010-09-06 13:17:01 +00:00
maxim
5420fffab0 o Some programs could send broadcast/multicast traffic to ipfw
pseudo-interface.  This leads to a panic due to uninitialized
if_broadcastaddr address.  Initialize it and implement ip_output()
method to prevent mbuf leak later.

ipfw pseudo-interface should never send anything therefore call
panic(9) in if_start() method.

PR:		kern/149807
Submitted by:	Dmitrij Tejblum
MFC after:	2 weeks
2010-08-30 09:29:51 +00:00
glebius
e3569a1c39 Fix operation of "netgraph" action in conjunction with the
net.inet.ip.fw.one_pass sysctl.

The "ngtee" action is still broken.

PR:		kern/148885
Submitted by:	Nickolay Dudorov <nnd mail.nsk.ru>
2010-07-27 14:26:34 +00:00
luigi
d4cce5f67b remove some conditional #ifdefs (no-op on FreeBSD);
run the timer routine on cpu 0.
2010-07-15 14:43:12 +00:00
luigi
a5495755be whitespace fixes 2010-07-15 14:37:59 +00:00
luigi
ac58b5a902 fix a comment and final empty line 2010-07-15 14:37:02 +00:00
glebius
f8bdee95a4 Improve last commit: use bpf_mtap2() to avoiding stack usage.
Prodded by:	julian
2010-07-09 11:27:33 +00:00
glebius
1794f86429 Since r209216 bpf(4) searches for mbuf_tags(9) and thus will not work with
a stub m_hdr instead of a full mbuf.

PR:		kern/148050
2010-07-08 13:07:40 +00:00
glebius
828edb743f After processing the O_SKIPTO opcode our cmd points to the next rule, and
"match" processing at the end of inner loop would look ahead into the next
rule, which is incorrect. Particularly, in the case when the next rule
started with F_NOT opcode it was skipped blindly.

To fix this, exit the inner loop with the continue operator forcibly and
explicitly.

PR:		kern/147798
2010-06-29 16:57:30 +00:00
luigi
6758ecb23d whitespace fixes (trailing whitespace, bad indentation
after a merge, etc.)
2010-04-19 16:17:30 +00:00
bz
1f5c413779 Try to help with a virtualized dummynet after r206428.
This adds the explicit include (so far probably included through one of the
few "hidden" includes in other header files) for vnet.h and adds a cast
to unbreak LINT-VIMAGE.
2010-04-10 22:11:01 +00:00
luigi
ed181b3acb This commit enables partial operation of dummynet with kernels
compiled with "options VIMAGE".
As it is now, there is still a single instance of the pipes,
and it is only usable from vnet0 (the main instance).
Trying to use a pipe from a different vimage does not crash
the system as it did before, but the traffic coming out from
the pipe goes to the wrong place, and i still need to
figure out where.

Support for per-vimage pipes is almost there (just a matter of
uncommenting the VNET_* definitions for dn_cfg, plus putting into
the structure the remaining static variables), however i need
first to figure out how init/uninit work, and also to understand
where packets are ending up on exit from a pipe.

In summary: vimage support for dummynet is not complete yet,
but we are getting there.
2010-04-09 18:02:19 +00:00
luigi
0881f9be0f no need to pass an argument to dn_compat_calc_size()
MFC after:	3 days
2010-04-09 16:06:53 +00:00
luigi
e00fa2c8d4 Hopefully fix the recent breakage in rule deletion.
A few  more tests and this will also go into -stable where
the problem is more critical.
2010-04-07 08:23:58 +00:00
luigi
f0058daed2 fix bug in previous commit related to rule deletion
(stable/8 just fixed moments ago)
2010-03-31 02:20:22 +00:00
luigi
8e0cabacd0 remove a leftover debugging message 2010-03-29 12:27:49 +00:00
luigi
564e0558f0 Fix handling of set manipulations.
This patch has two fixes for potential kernel panics (one wrong
index, one access to the wrong lock) and two fixes to wrong logic
in a conditional. The potential panics are also on stable/8,
so I am going to MFC the fix quickly.
2010-03-29 12:19:23 +00:00
luigi
9cd70e5323 Honor ip.fw.one_pass when a packet comes out of a pipe without being delayed.
I forgot to handle this case when i did the mtag cleanup three months ago.

PR:		145004
2010-03-24 15:16:59 +00:00
luigi
5bd32ef7a5 Add a priority-based packet scheduler.
Sponsored by:	The ONELAB2 Project
Submitted by:	Riccardo Panicucci
2010-03-21 16:30:32 +00:00
luigi
2122ae15e7 no need for ipfw_flush_tables(), we just need ipfw_destroy_tables() 2010-03-21 15:54:07 +00:00
luigi
8cf7b4ad59 revise documentation 2010-03-21 15:52:55 +00:00
luigi
3ada53d651 small fixes to estimate the buffer size when requesting all pipes/flows. 2010-03-15 18:09:21 +00:00
luigi
3c242d0b3e + implement (two lines) the kernel side of 'lookup dscp N' to use the
dscp as a search key in table lookups;

+ (re)implement a sysctl variable to control the expire frequency of
  pipes and queues when they become empty;

+ add 'queue number' as optional part of the flow_id. This can be
  enabled with the command

        queue X config mask queue ...

  and makes it possible to support priority-based schedulers, where
  packets should be grouped according to the priority and not some
  fields in the 5-tuple.
  This is implemented as follows:
  - redefine a field in the ipfw_flow_id (in sys/netinet/ip_fw.h) but
    without changing the size or shape of the structure, so there are
    no ABI changes. On passing, also document how other fields are
    used, and remove some useless assignments in ip_fw2.c

  - implement small changes in the userland code to set/read the field;

  - revise the functions in ip_dummynet.c to manipulate masks so they
    also handle the additional field;

There are no ABI changes in this commit.
2010-03-15 17:14:27 +00:00