Add a new feature for optimizining ipfw rulesets - substitution of the
action argument with the value obtained from table lookup. The feature
is now applicable only to "pipe", "queue", "divert", "tee", "netgraph"
and "ngtee" rules.
Optimize parallel processing of ipfw(4) rulesets eliminating the locking
of the radix lookup tables. Since several rnh_lookup() can run in
parallel on the same table, we can piggyback on the shared locking
provided by ipfw(4).
However, the single entry cache in the ip_fw_table can't be used lockless,
so it is removed. This pessimizes two cases: processing of bursts of similar
packets and matching one packet against the same table several times during
one ipfw_chk() lookup. To optimize the processing of similar packet bursts
administrator should use stateful firewall. To optimize the second problem
a solution will be provided soon.
Details:
o Since we piggyback on the ipfw(4) locking, and the latter is per-chain,
the tables are moved from the global declaration to the
struct ip_fw_chain.
o The struct ip_fw_table is shrunk to one entry and thus vanished.
o All table manipulating functions are extended to accept the struct
ip_fw_chain * argument.
o All table modifing functions use IPFW_WLOCK_ASSERT().
First step in removing welding between ipfw(4) and dummynet.
o Do not use ipfw_insn_pipe->pipe_ptr in locate_flowset(). The
_ipfw_insn_pipe isn't touched by this commit to preserve ABI
compatibility.
o To optimize the lookup of the pipe/flowset in locate_flowset()
introduce hashes for pipes and queues:
- To preserve ABI compatibility utilize the place of global list
pointer for SLIST_ENTRY.
- Introduce locate_flowset(queue nr) and locate_pipe(pipe nr).
o Rework all the dummynet code to deal with the hashes, not global
lists. Also did some style(9) changes in the code blocks that were
touched by this sweep:
- Be conservative about flowset and pipe variable names on stack,
use "fs" and "pipe" everywhere.
- Cleanup whitespaces.
- Sort variables.
- Give variables more meaningful names.
- Uppercase and dots in comments.
- ENOMEM when malloc(9) failed.
date: 2005/12/16 18:32:39; author: delphij; state: Exp; lines: +2 -0
In pipe_write(): when uiomove() fails, do not spin on it forever.
Submitted by: Kostik Belousov <kostikbel at gmail.com> on -current@
Message-ID: <20051216151016.GE84442@deviant.zoral.local>
Security: Local DoS
Add some cards:
- several TerraTec TValue [1]
- PixelView PlayTV Pro REV-4C [2]
In case you have the PixelView card, please tell us the "pciconf -v -l"
output on multimedia@FreeBSD.org if it works. There are revisions out there
which may not work and we need to know which ones work.
PR: 53383 [1], 76002 [2]
Submitted by: Tanja Wittke <tawi@gruft.de> [1], barner [1],
Dan Angelescu <mrhsaacdoh@yahoo.com> [2]
The minimum / maximum speed was way too low / high!
minspeed = 2000 - is this for real ?
maxspeed = 767999 - is this for real ?????
Wrap everything into 8000 - 48000 boundary, just to be safe.
- Use VLAN_TAG_VALUE() not only to read a dot1q tag
value from an m_tag, but also to set it. This reduces
complex code duplication and improves its readability.
- Fix VLAN_INPUT_TAG() macro, so that it doesn't touch mtag in
case if memory allocation failed.
- Remove fourth argument from VLAN_INPUT_TAG(), that was used
incorrectly in almost all drivers. Indicate failure with
mbuf value of NULL.
Prevent module unloading if there are active connections.
PR: kern/89085
Submitted by: Rostislav Krasny
Requested by: Rostislav Krasny <rosti dot bsd at gmail dot com>
- MPSAFE
- Fix / reorganize attach routine. Device specific initialization must
be done after generic bus / DMA setup. At last, Virtual Channels
(vchan) works as expected.
Tested by: barner
Instead of dragging the entire ICH4/82801DB into this mess, select
only few boards based on pci subdevice / subvendor.
Tested by: Daisuke Orikasa <luxury-acura-3.5rl at nifty.com>
src/sys/dev/atkbdc/psm.c; revision 1.88
date: 2006/01/05 19:24:01; author: dumbbell; state: Exp; lines: +2 -1
Fix a bug in Synaptics Touchapd support where psm(4) will enter an infinite
loop if it receives an out of sync packet.
Reviewed by: mux (mentor)
date: 2005/12/13 15:32:52; author: delphij; state: Exp; lines: +5 -5
In Linux, kernel parameters passed to ioctl are by value, while in FreeBSD
they are passed by reference. Handle the difference within the
linux_ioctl_termio on the LINUX_TCFLSH path.
Submitted by: Jaroslav Drzik <jaro_AT_coop-voz_dot_sk>
Reminded by: glebius
When returning EIO from DEVFSIO_RADD ioctl, drop the exclusive rule
lock. Otherwise the system comes to a rather sudden and grinding
halt.
As the underlying devfs locking changes that lead to this bug have not
been merged to RELENG_5, this fix to those locking changes does not
need to be merged.
Correct insecure temporary file usage in ee. [06:02]
Correct a race condition when setting file permissions, sanitize file
names by default, and fix a buffer overflow when handling files
larger than 4GB in cpio. [06:03]
Fix an error in the handling of IP fragments in ipfw which can cause
a kernel panic. [06:04]
Security: FreeBSD-SA-06:01.texindex
Security: FreeBSD-SA-06:02.ee
Security: FreeBSD-SA-06:03.cpio
Security: FreeBSD-SA-06:04.ipfw
info/show.c:1.40 lib/plist.c:1.51
date: 2006/01/07 22:10:57; author: krion; state: Exp; lines: +10 -3
When using @cwd %%FOO%%, we must ensure to return in the original
prefix later, but doing so with @cwd %%OLDPREFIX%% (having
PLIST_SUB+="OLDPREFIX=${PREFIX}") hardcodes the value in the packing
list. That's not really a problem when dealing with ports but that's
a problem with packages since pkg_add -p option only overrides the
first @cwd occurrence.
This patch allow us to use @cwd without any argument. If no
directory argument is given, it will set current working directory
to the first prefix given by the @cwd command.
PR: bin/77212
Submitted by: flz
