Commit Graph

1155 Commits

Author SHA1 Message Date
bz
dcdb23291f Merge multi-FIB IPv6 support from projects/multi-fibv6/head/:
Extend the so far IPv4-only support for multiple routing tables (FIBs)
introduced in r178888 to IPv6 providing feature parity.

This includes an extended rtalloc(9) KPI for IPv6, the necessary
adjustments to the network stack, and user land support as in netstat.

Sponsored by:	Cisco Systems, Inc.
Reviewed by:	melifaro (basically)
MFC after:	10 days
2012-02-17 02:39:58 +00:00
jkim
a561c762ba Merge ACPICA 20120215. 2012-02-16 22:59:29 +00:00
glebius
7d3312f434 Allocate our mbuf with m_get2(). 2012-01-17 12:14:26 +00:00
uqs
a89d0770d6 Remove spurious 8bit chars, turning files into plain ASCII. 2012-01-15 13:23:54 +00:00
csjp
1ea7d0d666 Revert to the old behavior of allocating table/table entries using
M_NOWAIT.  Currently, the code allows for sleeping in the ioctl path
to guarantee allocation.  However code also handles ENOMEM gracefully, so
propagate this error back to user-space, rather than sleeping while
holding the global pf mutex.

Reviewed by:	glebius
Discussed with:	bz
2012-01-14 22:51:34 +00:00
gonzo
27c1807154 - Do not enumerate PCIe bus on CN56XX Pass 1 devices to avoid hard hang.
There is known issue with this hardware.

Submitted by:	Andrew Duane <aduane@juniper.net>
2012-01-13 02:33:55 +00:00
jkim
bc4ff20324 Merge ACPICA 20120111. 2012-01-11 23:06:37 +00:00
glebius
88e003f185 Redo r226660:
- Define schednetisr() to swi_sched.
 - In the swi handler check if there is some data prepared,
   and if true, then call pfsync_sendout(), however tell it
   not to schedule swi again.
 - Since now we don't obtain the pfsync lock in the swi handler,
   don't use ifqueue mutex to synchronize queue access.
2012-01-11 18:34:57 +00:00
glebius
9ecb48ad84 Fix some spacing in code under __FreeBSD__. 2012-01-11 14:24:03 +00:00
glebius
22ec5af8bf Add necessary locking in pfsync_in_ureq(). 2012-01-11 14:19:04 +00:00
glebius
a3888be1ad Move PF_LOCK_ASSERT() under __FreeBSD__. 2012-01-11 14:13:42 +00:00
glebius
aaab1733be Merge from OpenBSD:
revision 1.128
  date: 2009/08/16 13:01:57;  author: jsg;  state: Exp;  lines: +1 -5
  remove prototypes of a bunch of functions that had their implementations
  removed in pfsync v5.
2012-01-11 14:11:10 +00:00
glebius
54f65f85af When running with INVARIANTS the mutex(9) code does all necessary
asserts for non-recursive mutexes.
2012-01-11 13:57:48 +00:00
glebius
5b2011f996 Can't pass MSIZE to m_cljget(), an mbuf can't be attached as external storage
to another mbuf.
2012-01-09 14:35:05 +00:00
glebius
85dc349244 Backout of backout: we need SI_SUB_PROTO_DOMAIN for pfsync, since
it needs existing inetdomain on startup.
2012-01-09 12:06:02 +00:00
glebius
a7b30fcc86 Revert sub argument of MODULE_DECLARE back to r226532.
Noticed by:	bz
2012-01-09 09:19:00 +00:00
glebius
a159343727 In FreeBSD we determine presence of pfsync(4) at run-time, not
at compile time, so define NPFSYNC to 1 always. While here, remove
unused defines.
2012-01-09 08:55:23 +00:00
glebius
7b863fa87e Bunch of fixes to pfsync(4) module load/unload:
o Make the pfsync.ko actually usable. Before this change loading it
  didn't register protosw, so was a nop. However, a module /boot/kernel
  did confused users.
o Rewrite the way we are joining multicast group:
  - Move multicast initialization/destruction to separate functions.
  - Don't allocate memory if we aren't going to join a multicast group.
  - Use modern API for joining/leaving multicast group.
  - Now the utterly wrong pfsync_ifdetach() isn't needed.
o Move module initialization from SYSINIT(9) to moduledata_t method.
o Refuse to unload module, unless asked forcibly.
o Improve a bit some FreeBSD porting code:
  - Use separate malloc type.
  - Simplify swi sheduling.

This change is probably wrong from VIMAGE viewpoint, however pfsync
wasn't VIMAGE-correct before this change, too.

Glanced at by:	bz
2012-01-09 08:50:22 +00:00
glebius
5c6255ab30 o Fix panic on module unload, that happened due to mutex being
destroyed prior to pfsync_uninit(). To do this, move all the
  initialization to the module_t method, instead of SYSINIT(9).
o Fix another panic after module unload, due to not clearing the
  m_addr_chg_pf_p pointer.
o Refuse to unload module, unless being unloaded forcibly.
o Revert the sub argument to MODULE_DECLARE, to the stable/8 value.

This change probably isn't correct from viewpoint of VIMAGE, but
the module wasn't VIMAGE-correct before the change, as well.

Glanced at by:	bz
2012-01-09 08:36:12 +00:00
glebius
2c7e333641 Merge from OpenBSD:
revision 1.170
  date: 2011/10/30 23:04:38;  author: mikeb;  state: Exp;  lines: +6 -7
  Allow setting big MTU values on the pfsync interface but not larger
  than the syncdev MTU.  Prompted by the discussion with and tested
  by Maxim Bourmistrov;  ok dlg, mpf

Consistently use sc_ifp->if_mtu in the MTU check throughout the
module. This backs out r228813.
2012-01-07 14:39:45 +00:00
glebius
086053000f Fix indentation. 2012-01-07 12:40:45 +00:00
dim
0c739e2b56 In sys/contrib/rdma/ib_addr.h, bump MAX_ADDR_LEN to 20 bytes (the same
value used in sys/ofed/include/linux/netdevice.h), so there will be no
buffer overruns in the rest of the inline functions in this file.

Reviewed by:	kmacy
MFC after:	1 week
2012-01-07 00:47:27 +00:00
ray
66d79e810b Update contrib/xz-embedded to build with new GEOM_UNCOMPRESS module.
Approved by:	adrian (mentor)
2012-01-04 23:26:22 +00:00
adrian
40498371e8 Initial copy of xz-embedded to sys/contrib/.
The upcoming geom_compress module (a read-only gzip/ulzma translation layer,
similar to what geom_uzip does) will leverage parts of this.
2012-01-01 21:32:25 +00:00
gonzo
9f57ade316 - Properly clean state structure in cvmx_usb_initialize 2011-12-31 05:25:42 +00:00
gonzo
46d20b90bd - CAPK-0100 board's USB timer is 12MHz 2011-12-31 05:24:21 +00:00
pluknet
2425a92fa5 Fix LINT-VIMAGE build after r228814: use virtualized pf_pool_limits. 2011-12-24 00:23:27 +00:00
glebius
54cf1c7548 Merge from OpenBSD:
revision 1.122
  date: 2009/05/13 01:01:34;  author: dlg;  state: Exp;  lines: +6 -4
  only keep track of the number of updates on tcp connections. state sync on
  all the other protocols is simply pushing the timeouts along which has a
  resolution of 1 second, so it isnt going to be hurt by pfsync taking up
  to a second to send it over.

  keep track of updates on tcp still though, their windows need constant
  attention.
2011-12-22 19:09:55 +00:00
glebius
b188eb5a80 Merge from OpenBSD:
revision 1.120
  date: 2009/04/04 13:09:29;  author: dlg;  state: Exp;  lines: +5 -5
  use time_uptime instead of time_second internally. time_uptime isnt
  affected by adjusting the clock.

  revision 1.175
  date: 2011/11/25 12:52:10;  author: dlg;  state: Exp;  lines: +3 -3
  use time_uptime to set state creation values as time_second can be
  skewed at runtime by things like date(1) and ntpd. time_uptime is
  monotonic and therefore more useful to compare against.
2011-12-22 19:05:58 +00:00
glebius
715e44e26d Merge couple more fixes from OpenBSD to bulk processing:
revision 1.118
  date: 2009/03/23 06:19:59;  author: dlg;  state: Exp;  lines: +8 -6
  wait an appropriate amount of time before giving up on a bulk update,
  rather than giving up after a hardcoded 5 seconds (which is generally much
  too short an interval for a bulk update).
  pointed out by david@, eyeballed by mcbride@

  revision 1.171
  date: 2011/10/31 22:02:52;  author: mikeb;  state: Exp;  lines: +2 -1
  Don't forget to cancel bulk update failure timeout when destroying an
  interface.  Problem report and fix from Erik Lax, thanks!

Start a brief note of revisions merged from OpenBSD.
2011-12-22 18:56:27 +00:00
glebius
a2fe6080f4 We really mean MTU of the real interface here, not of our pseudo. 2011-12-22 18:51:35 +00:00
glebius
47a08cdd76 In FreeBSD we always have bpf(4) API, either real or stub. No need
in detecting presense of 'device bpf'.
2011-12-22 18:31:47 +00:00
glebius
8c74bad9f3 Restore a feature that was present in 5.x and 6.x, and was cleared in
7.x, 8.x and 9.x with pf(4) imports: pfsync(4) should suppress CARP
preemption, while it is running its bulk update.

However, reimplement the feature in more elegant manner, that is
partially inspired by newer OpenBSD:

- Rename term "suppression" to "demotion", to match with OpenBSD.
- Keep a global demotion factor, that can be raised by several
  conditions, for now these are:
  - interface goes down
  - carp(4) has problems with ip_output() or ip6_output()
  - pfsync performs bulk update
- Unlike in OpenBSD the demotion factor isn't a counter, but
  is actual value added to advskew. The adjustment values for
  particular error conditions are also configurable, and their
  defaults are maximum advskew value, so a single failure bumps
  demotion to maximum. This is for POLA compatibility, and should
  satisfy most users.
- Demotion factor is a writable sysctl, so user can do
  foot shooting, if he desires to.
2011-12-20 13:53:31 +00:00
glebius
160dea21a5 - Cover pfsync callouts deletion with PF_LOCK().
- Cover setting up interface between pf and pfsync with PF_LOCK().
2011-12-20 12:34:16 +00:00
dim
50b202c372 In sys/contrib/ngatm/netnatm/msg/uni_ie.c, use a more appropriate way to
tell the compiler some parameters are purposefully unused.

MFC after:	1 week
2011-12-15 23:47:36 +00:00
glebius
980901bba2 Return value should be conditional on return value of pfsync_defer_ptr()
PR:		kern/162947
Submitted by:	Matthieu Kraus <matthieu.kraus s2008.tu-chemnitz.de>
2011-11-30 08:47:17 +00:00
jkim
1bdf3ee8a8 Merge ACPICA 20111123. 2011-11-28 23:36:48 +00:00
rmh
922d7543f7 Adjust a few old checks to use __FreeBSD_version macro to
determine which version of FreeBSD kernel we're compiling.

Approved by:	kib (mentor)
2011-11-24 21:23:58 +00:00
kevlo
7120d23af8 Add missing PF_UNLOCK in pf_test
Reviewed by:	bz
2011-10-30 14:55:00 +00:00
glebius
198f18300e Utilize new IF_DEQUEUE_ALL(ifq, m) macro in pfsyncintr() to reduce
contention on ifqueue lock.
2011-10-27 09:47:00 +00:00
glebius
846e388f82 Merge several fixes to bulk update processing from OpenBSD. Merged
revisions: 1.148, 1.149, 1.150. This makes number of states on
master/slave to be of a sane value.
2011-10-23 15:15:17 +00:00
glebius
df3649a331 Fix indentation, no code changed. 2011-10-23 15:10:15 +00:00
glebius
7df2cbe8bc - Fix a bad typo (FreeBSD specific) in pfsync_bulk_update(). Instead
of scheduling next run pfsync_bulk_update(), pfsync_bulk_fail()
  was scheduled.
  This lead to instant 100% state leak after first bulk update
  request.
- After above fix, it appeared that pfsync_bulk_update() lacks
  locking. To fix this, sc_bulk_tmo callout was converted to an
  mtx one. Eventually, all pf/pfsync callouts should be converted
  to mtx version, since it isn't possible to stop or drain a
  non-mtx callout without risk of race.
- Add comment that callout_stop() in pfsync_clone_destroy() lacks
  locking. Since pfsync0 can't be destroyed (yet), let it be here.
2011-10-23 15:08:18 +00:00
glebius
aaf1597b1d Fix from r226623 is not sufficient to close all races in pfsync(4).
The root of problem is re-locking at the end of pfsync_sendout().
Several functions are calling pfsync_sendout() holding pointers
to pf data on stack, and these functions expect this data to be
consistent.

To fix this, the following approach was taken:

- The pfsync_sendout() doesn't call ip_output() directly, but
  enqueues the mbuf on sc->sc_ifp's interfaces queue, that
  is currently unused. Then pfsync netisr is scheduled. PF_LOCK
  isn't dropped in pfsync_sendout().
- The netisr runs through queue and ip_output()s packets
  on it.

Apart from fixing race, this also decouples stack, fixing
potential issues, that may happen, when sending pfsync(4)
packets on input path.

Reviewed by:	eri (a quick review)
2011-10-23 14:59:54 +00:00
glebius
a1471140d1 Absense of M_WAITOK in malloc flags for UMA doesn't
equals presense of M_NOWAIT. Specify M_NOWAIT explicitly.

This fixes sleeping with PF_LOCK().
2011-10-23 10:13:20 +00:00
glebius
0b986dc6d5 Correct flag for uma_zalloc() is M_WAITOK. M_WAIT is an old and
deprecated flag from historical mbuf(9) allocator.

This is style only change.
2011-10-23 10:05:25 +00:00
glebius
904eece235 Fix a race: we should update sc_len before dropping the pf lock, otherwise a
number of packets can be queued on sc, while we are in ip_output(), and then
we wipe the accumulated sc_len. On next pfsync_sendout() that would lead to
writing beyond our mbuf cluster.
2011-10-21 22:28:15 +00:00
glebius
0391c17cc2 In FreeBSD ip_output() expects ip_len and ip_off in host byte order
PR:		kern/159029
2011-10-21 11:11:18 +00:00
bz
5203b21813 Fix recursive pf locking leading to panics. Splatter PF_LOCK_ASSERT()s
to document where we are expecting to be called with a lock held to
more easily catch unnoticed code paths.
This does not neccessarily improve locking in pfsync, it just tries
to avoid the panics reported.

PR:		kern/159390, kern/158873
Submitted by:	pluknet (at least something that partly resembles
		my patch ignoring other cleanup, which I only saw
		too late on the 2nd PR)
MFC After:	3 days
2011-10-19 13:13:56 +00:00
bz
5f647b5434 De-virtualize the pf_task_mtx lock. At the current state of pf locking
and virtualization it is not helpful but complicates things.

Current state of art is to not virtualize these kinds of locks -
inp_group/hash/info/.. are all not virtualized either.

MFC after:	3 days
2011-10-19 11:04:49 +00:00