Commit Graph

1268 Commits

Author SHA1 Message Date
Jung-uk Kim
fd90e2ed54 CALLOUT_MPSAFE has lost its meaning since r141428, i.e., for more than ten
years for head.  However, it is continuously misused as the mpsafe argument
for callout_init(9).  Deprecate the flag and clean up callout_init() calls
to make them more consistent.

Differential Revision:	https://reviews.freebsd.org/D2613
Reviewed by:	jhb
MFC after:	2 weeks
2015-05-22 17:05:21 +00:00
Craig Rodrigues
d9db52256e Move zlib.c from net to libkern.
It is not network-specific code and would
be better as part of libkern instead.
Move zlib.h and zutil.h from net/ to sys/
Update includes to use sys/zlib.h and sys/zutil.h instead of net/

Submitted by:		Steve Kiernan stevek@juniper.net
Obtained from:		Juniper Networks, Inc.
GitHub Pull Request:	https://github.com/freebsd/freebsd/pull/28
Relnotes:		yes
2015-04-22 14:38:58 +00:00
Takanori Watanabe
d87b1182c6 Forgot to add default event mask definition. 2015-04-18 06:16:33 +00:00
Takanori Watanabe
fbc48c2bfb Initial Bluetooth LE support.
Note that sockaddr_l2cap structure is changed , check socket address
to initialize new structure member and define L2CAP_SOCKET_CHECKED
before including ng_btsocket.h

Differential Revision:        https://reviews.freebsd.org/D2021
Reviewed by:emax
2015-04-07 10:22:56 +00:00
Randall Stewart
15b1eb142c Change the callout to supply -1 to indicate we are not changing
CPU, also add protection against invalid CPU's as well as
split c_flags and c_iflags so that if a user plays with the active
flag (the one expected to be played with by callers in MPSAFE) without
a lock, it won't adversely affect the callout system by causing a corrupt
list. This also means that all callers need to use the macros and *not*
play with the falgs directly (like netgraph used to).

Differential Revision: htts://reviews.freebsd.org/D1894
Reviewed by: .. timed out but looked at by jhb, imp, adrian hselasky
             tested by hiren and netflix.
Sponsored by:	Netflix Inc.
2015-03-28 12:50:24 +00:00
Gleb Smirnoff
8d8e595eb0 Revise default limit for maximum of netgraph data items.
With modern internet speeds the limit can be reached even
on a single L2TP link.
2015-02-12 22:20:34 +00:00
Dimitry Andric
1bb25a82ab Fix a bunch of -Wcast-qual warnings in netgraph's ng_parse.c, by using
__DECONST.  No functional change.

MFC after:	3 days
2015-01-30 21:59:53 +00:00
Gleb Smirnoff
06143100da When the node receives NGM_FLOW_COOKIE update the if_link_state, instead
of playing with almost dead IFF_DRV_RUNNING flag.

Sponsored by:	Nginx, Inc.
2015-01-12 09:50:42 +00:00
Gleb Smirnoff
42c3b709c2 Remove the support for NGM_CISCO_GET_IPADDR message from ng_iface(4). The
legitimacy of removal is proved by the fact that implementation contained
a critical bug: the response allocated was sizeof(pointer), while should
had been 2*sizeof(struct ng_cisco_ipaddr).  The reason for ng_iface(4) to
support ng_cisco(4) message isn't explained anywhere, and code comes from
original Whistle import.

Sponsored by:	Nginx, Inc.
2015-01-12 09:48:45 +00:00
Robert Watson
2a8c860fe3 In order to reduce use of M_EXT outside of the mbuf allocator and
socket-buffer implementations, introduce a return value for MCLGET()
(and m_cljget() that underlies it) to allow the caller to avoid testing
M_EXT itself.  Update all callers to use the return value.

With this change, very few network device drivers remain aware of
M_EXT; the primary exceptions lie in mbuf-chain pretty printers for
debugging, and in a few cases, custom mbuf and cluster allocation
implementations.

NB: This is a difficult-to-test change as it touches many drivers for
which I don't have physical devices.  Instead we've gone for intensive
review, but further post-commit review would definitely be appreciated
to spot errors where changes could not easily be made mechanically,
but were largely mechanical in nature.

Differential Revision:	https://reviews.freebsd.org/D1440
Reviewed by:	adrian, bz, gnn
Sponsored by:	EMC / Isilon Storage Division
2015-01-06 12:59:37 +00:00
Gleb Smirnoff
cfa6009e36 In preparation of merging projects/sendfile, transform bare access to
sb_cc member of struct sockbuf to a couple of inline functions:

sbavail() and sbused()

Right now they are equal, but once notion of "not ready socket buffer data",
will be checked in, they are going to be different.

Sponsored by:	Netflix
Sponsored by:	Nginx, Inc.
2014-11-12 09:57:15 +00:00
Gleb Smirnoff
833e8dc5ab Remove struct arpcom. It is unused by most interface types, that allocate
it, except Ethernet, where it carried ng_ether(4) pointer.
For now carry the pointer in if_l2com directly.

Sponsored by:	Netflix
Sponsored by:	Nginx, Inc.
2014-11-07 15:14:10 +00:00
Gleb Smirnoff
dd10c1e27b NG_NODE_NAME(node) is always not NULL. Use correct macro.
Submitted by:	Dmitry Luhtionov <dmitryluhtionov gmail.com>
2014-11-02 05:51:31 +00:00
Gleb Smirnoff
3a4c61c2fd Use macro ERROUT() to make code more laconic and follow style of other
netgraph code.

Submitted by:	Dmitry Luhtionov <dmitryluhtionov gmail.com>
2014-10-31 16:00:45 +00:00
Mark Murray
10cb24248a This is the much-discussed major upgrade to the random(4) device, known to you all as /dev/random.
This code has had an extensive rewrite and a good series of reviews, both by the author and other parties. This means a lot of code has been simplified. Pluggable structures for high-rate entropy generators are available, and it is most definitely not the case that /dev/random can be driven by only a hardware souce any more. This has been designed out of the device. Hardware sources are stirred into the CSPRNG (Yarrow, Fortuna) like any other entropy source. Pluggable modules may be written by third parties for additional sources.

The harvesting structures and consequently the locking have been simplified. Entropy harvesting is done in a more general way (the documentation for this will follow). There is some GREAT entropy to be had in the UMA allocator, but it is disabled for now as messing with that is likely to annoy many people.

The venerable (but effective) Yarrow algorithm, which is no longer supported by its authors now has an alternative, Fortuna. For now, Yarrow is retained as the default algorithm, but this may be changed using a kernel option. It is intended to make Fortuna the default algorithm for 11.0. Interested parties are encouraged to read ISBN 978-0-470-47424-2 "Cryptography Engineering" By Ferguson, Schneier and Kohno for Fortuna's gory details. Heck, read it anyway.

Many thanks to Arthur Mesh who did early grunt work, and who got caught in the crossfire rather more than he deserved to.

My thanks also to folks who helped me thresh this out on whiteboards and in the odd "Hallway track", or otherwise.

My Nomex pants are on. Let the feedback commence!

Reviewed by:	trasz,des(partial),imp(partial?),rwatson(partial?)
Approved by:	so(des)
2014-10-30 21:21:53 +00:00
Hans Petter Selasky
f0188618f2 Fix multiple incorrect SYSCTL arguments in the kernel:
- Wrong integer type was specified.

- Wrong or missing "access" specifier. The "access" specifier
sometimes included the SYSCTL type, which it should not, except for
procedural SYSCTL nodes.

- Logical OR where binary OR was expected.

- Properly assert the "access" argument passed to all SYSCTL macros,
using the CTASSERT macro. This applies to both static- and dynamically
created SYSCTLs.

- Properly assert the the data type for both static and dynamic
SYSCTLs. In the case of static SYSCTLs we only assert that the data
pointed to by the SYSCTL data pointer has the correct size, hence
there is no easy way to assert types in the C language outside a
C-function.

- Rewrote some code which doesn't pass a constant "access" specifier
when creating dynamic SYSCTL nodes, which is now a requirement.

- Updated "EXAMPLES" section in SYSCTL manual page.

MFC after:	3 days
Sponsored by:	Mellanox Technologies
2014-10-21 07:31:21 +00:00
Alexander V. Chernikov
f9ab623bf2 Bump ipfw module version. 2014-10-09 16:12:01 +00:00
John Baldwin
3d1592ef32 Use callout(9) instead of timeout(9).
Reviewed by:	emax
2014-09-20 16:43:14 +00:00
Gleb Smirnoff
56b61ca27a Remove ifq_drops from struct ifqueue. Now queue drops are accounted in
struct ifnet if_oqdrops.

Some netgraph modules used ifqueue w/o ifnet. Accounting of queue drops
is simply removed from them. There were no API to read this statistic.

Sponsored by:	Netflix
Sponsored by:	Nginx, Inc.
2014-09-19 09:01:19 +00:00
Gleb Smirnoff
94b52d99da Mechanically convert to if_inc_counter(). 2014-09-19 05:03:11 +00:00
Gleb Smirnoff
b369bd548c Accidentially, ng_ppp changes leaked out with r271770. The proper
commit message should have been:

In case if ng_ppp(4) runs only IPv4, with one link, w/o any
encryption and compression, set faster rcvhook method.

Submitted by:	Dmitry Luhtionov <dmitryluhtionov gmail.com>
2014-09-18 14:43:23 +00:00
Gleb Smirnoff
35853c2c60 Add a function to set if_get_counter method for an ifnet. To be used
in the drivers that are already converted to "Juniper drvapi". This
can be revisited in future.
2014-09-18 14:38:28 +00:00
Marko Zec
58d8fd049f Remove any stale mbuf tags from packets being injected into a netgraph
graph.  In particular, this solves some issues with (probably leaked)
IPSec-related tags being looped back through netgraph to the inbound
path which then misinterpreted the stale tags.

MFC after:	7 days
2014-07-01 07:54:12 +00:00
Hans Petter Selasky
af3b2549c4 Pull in r267961 and r267973 again. Fix for issues reported will follow. 2014-06-28 03:56:17 +00:00
Glen Barber
37a107a407 Revert r267961, r267973:
These changes prevent sysctl(8) from returning proper output,
such as:

 1) no output from sysctl(8)
 2) erroneously returning ENOMEM with tools like truss(1)
    or uname(1)
 truss: can not get etype: Cannot allocate memory
2014-06-27 22:05:21 +00:00
Hans Petter Selasky
3da1cf1e88 Extend the meaning of the CTLFLAG_TUN flag to automatically check if
there is an environment variable which shall initialize the SYSCTL
during early boot. This works for all SYSCTL types both statically and
dynamically created ones, except for the SYSCTL NODE type and SYSCTLs
which belong to VNETs. A new flag, CTLFLAG_NOFETCH, has been added to
be used in the case a tunable sysctl has a custom initialisation
function allowing the sysctl to still be marked as a tunable. The
kernel SYSCTL API is mostly the same, with a few exceptions for some
special operations like iterating childrens of a static/extern SYSCTL
node. This operation should probably be made into a factored out
common macro, hence some device drivers use this. The reason for
changing the SYSCTL API was the need for a SYSCTL parent OID pointer
and not only the SYSCTL parent OID list pointer in order to quickly
generate the sysctl path. The motivation behind this patch is to avoid
parameter loading cludges inside the OFED driver subsystem. Instead of
adding special code to the OFED driver subsystem to post-load tunables
into dynamically created sysctls, we generalize this in the kernel.

Other changes:
- Corrected a possibly incorrect sysctl name from "hw.cbb.intr_mask"
to "hw.pcic.intr_mask".
- Removed redundant TUNABLE statements throughout the kernel.
- Some minor code rewrites in connection to removing not needed
TUNABLE statements.
- Added a missing SYSCTL_DECL().
- Wrapped two very long lines.
- Avoid malloc()/free() inside sysctl string handling, in case it is
called to initialize a sysctl from a tunable, hence malloc()/free() is
not ready when sysctls from the sysctl dataset are registered.
- Bumped FreeBSD version to indicate SYSCTL API change.

MFC after:	2 weeks
Sponsored by:	Mellanox Technologies
2014-06-27 16:33:43 +00:00
Mikolaj Golub
4a8e4eb55b PF_BLUETOOTH protocols: skip initialization of non-virtualized globals
for non-default VNET instances.

This fixes panic on a vnet initialization when ng_btsocket is loaded.

MFC after:	1 week
2014-06-10 18:21:37 +00:00
Gleb Smirnoff
563790a28e Use M_WAITOK for the NGM_PIPE_SET_CFG control message. We expect it to
arrive from userland only.

Submitted by:	Dmitry Luhtionov <dmitryluhtionov gmail.com>
2014-05-28 13:15:14 +00:00
Alexander Motin
ee652839f6 Make ng_mppc to not disable the node in case of multiple packet loss.
Quite often it can be just packet reorder, and killing link in such case
is inconvenient.  Add few sysctl's to control that behavior.

PR:		kern/182212
Submitted by:	Eugene Grosbein <egrosbein@rdtc.ru>
MFC after:	2 weeks
2014-05-22 07:27:04 +00:00
Alexander Motin
3786381688 Use NG_WAITOK as ng_package_msg() argument instead of M_WAITOK.
Submitted by:	Dmitry Luhtionov <dmitryluhtionov@gmail.com>
2014-05-22 06:40:07 +00:00
Gleb Smirnoff
45c203fce2 Remove AppleTalk support.
AppleTalk was a network transport protocol for Apple Macintosh devices
in 80s and then 90s. Starting with Mac OS X in 2000 the AppleTalk was
a legacy protocol and primary networking protocol is TCP/IP. The last
Mac OS X release to support AppleTalk happened in 2009. The same year
routing equipment vendors (namely Cisco) end their support.

Thus, AppleTalk won't be supported in FreeBSD 11.0-RELEASE.
2014-03-14 06:29:43 +00:00
Gleb Smirnoff
2c284d9395 Remove IPX support.
IPX was a network transport protocol in Novell's NetWare network operating
system from late 80s and then 90s. The NetWare itself switched to TCP/IP
as default transport in 1998. Later, in this century the Novell Open
Enterprise Server became successor of Novell NetWare. The last release
that claimed to still support IPX was OES 2 in 2007. Routing equipment
vendors (e.g. Cisco) discontinued support for IPX in 2011.

Thus, IPX won't be supported in FreeBSD 11.0-RELEASE.
2014-03-14 02:58:48 +00:00
Adrian Chadd
0818ec92ee Be much more specific (and correct) about the device id matching.
These device IDs have an AR3012 bluetooth device that shows up with
bcdDevice=1 when it doesn't have the firmware loaded, and bcdDevice=2
when it's ready to speak full HCI.

Tested:

* AR5B225 PCIe - AR9485 + AR3012
2014-01-09 15:31:44 +00:00
Gleb Smirnoff
e5d72e64d9 Fix circular math macro.
Submitted by:		Lutz Donnerhacke via Dmitry Luhtionov
German lesson at:	http://lutz.donnerhacke.de/Blog/Der-Fluch-der-Stabilitaet
PR:			146082
2014-01-03 12:06:54 +00:00
Xin LI
ccee6fd2e5 Fix !INET6 build for various platforms. 2014-01-02 08:39:47 +00:00
Gleb Smirnoff
7ee35ac9f3 - Use counter(9) for node stats updated at a high rate.
- Use simple ++ for rare events.
- Use uma_zone_get_cur() to get knowledge about space left in cache.
- Convert many fields of struct ng_netflow_info to 64 bit.

Tested by:	Viktor Velichkin <avisom yandex.ru>
Sponsored by:	Nginx, Inc.
2014-01-01 21:48:04 +00:00
Dimitry Andric
01f6c1ea07 In sys/netgraph/netflow, use __FBSDID() instead of old-style rcs_id[].
MFC after:	3 days
2013-12-29 18:53:45 +00:00
Gleb Smirnoff
5caf0d560d Fix the parse type for NGM_LISTTYPES.
Actually, text versions of generic commands are not used, since ngctl(8)
uses binary messages for them. And to request a text command one needs
a working ngctl(8). That's why the bug was never discovered. I'm pondering
on removing the text support for generic commands.

Found by:	dim with clang 3.4
2013-12-29 18:34:29 +00:00
Gleb Smirnoff
9165bf6297 In r248885 I have reduced size of fake uio resid that ng_ksocket(4) passes
to the soreceive(). This exposed a bug. When reading from a raw socket,
when our fake limit is depleted, we receive a truncated mbuf chain, with
m->m_pkthdr.len > m_length(m). The first problem is that MSG_TRUNC was not
handled. The second one is that we didn't reinit uio_resid in our endless
loop (neither flags), and if socket buffer contained several records, then
we quickly deplete our fake limit. The third bug, actually introduced in
r248885, is that MJUMPAGESIZE isn't enough to handle maximum packet that
ng_ksocket(4) can theoretically receive.

Changes:
- Reinit uio_resid and flags before every call to soreceive().
- Set maximum acceptable size of packet to IP_MAXPACKET. As for now the
  module doesn't support INET6.
- Properly handle MSG_TRUNC return from soreceive().

PR:			184601
Submitted & tested by:	Viktor Velichkin <avisom yandex.ru>
Sponsored by:		Nginx, Inc.
2013-12-21 14:41:32 +00:00
Marko Zec
27dbe10a8b Eliminate duplicated & dead code.
MFC after:	3 days
2013-11-08 22:40:33 +00:00
Adrian Chadd
dd50b3107e Restore the entropy gathering from the m_data pointer value, not the
m_data payload.

After talking with markm/bde, this is what markm actually intended.
2013-11-02 15:13:02 +00:00
Adrian Chadd
1f43ebd2b9 Teach the netgraph code to use a const char * pointer too.
Pointy hat to: adrian
2013-11-02 00:11:38 +00:00
Gleb Smirnoff
506658cc1e Axe ng_fec(4). It has never been a real netgraph(4) module, since
it had no hooks. It has abused ifnet's if_afdata slot and actually
abused every subsystem it touched.

lagg(4) is a proper trunking solution at ifnet(9) layer.

ng_one2many(4) is a proper trunking solution in netgraph(4).
2013-10-28 12:47:05 +00:00
Gleb Smirnoff
c3322cb91c Include necessary headers that now are available due to pollution
via if_var.h.

Sponsored by:	Netflix
Sponsored by:	Nginx, Inc.
2013-10-28 07:29:16 +00:00
Gleb Smirnoff
76039bc84f The r48589 promised to remove implicit inclusion of if_var.h soon. Prepare
to this event, adding if_var.h to files that do need it. Also, include
all includes that now are included due to implicit pollution via if_var.h

Sponsored by:	Netflix
Sponsored by:	Nginx, Inc.
2013-10-26 17:58:36 +00:00
Gleb Smirnoff
1d65bb9bd1 Remove unsigned < 0 comparison. 2013-10-26 17:43:18 +00:00
Alexander V. Chernikov
d2fd078832 Improve locking model used to protect netgraph topology:
use rwlocks instead of mutexes on node traversal.

Reviewed by:	glebius
Tested by:	Eugene Grosbein <egrosbein@rdtc.ru>
MFC after:	2 weeks
Sponsored by:	Yandex LLC
2013-10-15 17:44:35 +00:00
Mark Murray
ad1f331196 Debug run. This now works, except that the "live" sources haven't
been tested. With all sources turned on, this unlocks itself in
a couple of seconds! That is no my box, and there is no guarantee
that this will be the case everywhere.

* Cut debug prints.

* Use the same locks/mutexes all the way through.

* Be a tad more conservative about entropy estimates.
2013-10-06 12:40:32 +00:00
Mark Murray
f02e47dc1e Snapshot. This passes the build test, but has not yet been finished or debugged.
Contains:

* Refactor the hardware RNG CPU instruction sources to feed into
the software mixer. This is unfinished. The actual harvesting needs
to be sorted out. Modified by me (see below).

* Remove 'frac' parameter from random_harvest(). This was never
used and adds extra code for no good reason.

* Remove device write entropy harvesting. This provided a weak
attack vector, was not very good at bootstrapping the device. To
follow will be a replacement explicit reseed knob.

* Separate out all the RANDOM_PURE sources into separate harvest
entities. This adds some secuity in the case where more than one
is present.

* Review all the code and fix anything obviously messy or inconsistent.
Address som review concerns while I'm here, like rename the pseudo-rng
to 'dummy'.

Submitted by:	Arthur Mesh <arthurmesh@gmail.com> (the first item)
2013-10-04 06:55:06 +00:00
Mark Murray
0fbf163e60 MFC 2013-09-06 17:42:12 +00:00