Commit Graph

1324 Commits

Author SHA1 Message Date
glebius
47a08cdd76 In FreeBSD we always have bpf(4) API, either real or stub. No need
in detecting presense of 'device bpf'.
2011-12-22 18:31:47 +00:00
glebius
8c74bad9f3 Restore a feature that was present in 5.x and 6.x, and was cleared in
7.x, 8.x and 9.x with pf(4) imports: pfsync(4) should suppress CARP
preemption, while it is running its bulk update.

However, reimplement the feature in more elegant manner, that is
partially inspired by newer OpenBSD:

- Rename term "suppression" to "demotion", to match with OpenBSD.
- Keep a global demotion factor, that can be raised by several
  conditions, for now these are:
  - interface goes down
  - carp(4) has problems with ip_output() or ip6_output()
  - pfsync performs bulk update
- Unlike in OpenBSD the demotion factor isn't a counter, but
  is actual value added to advskew. The adjustment values for
  particular error conditions are also configurable, and their
  defaults are maximum advskew value, so a single failure bumps
  demotion to maximum. This is for POLA compatibility, and should
  satisfy most users.
- Demotion factor is a writable sysctl, so user can do
  foot shooting, if he desires to.
2011-12-20 13:53:31 +00:00
glebius
160dea21a5 - Cover pfsync callouts deletion with PF_LOCK().
- Cover setting up interface between pf and pfsync with PF_LOCK().
2011-12-20 12:34:16 +00:00
dim
50b202c372 In sys/contrib/ngatm/netnatm/msg/uni_ie.c, use a more appropriate way to
tell the compiler some parameters are purposefully unused.

MFC after:	1 week
2011-12-15 23:47:36 +00:00
glebius
980901bba2 Return value should be conditional on return value of pfsync_defer_ptr()
PR:		kern/162947
Submitted by:	Matthieu Kraus <matthieu.kraus s2008.tu-chemnitz.de>
2011-11-30 08:47:17 +00:00
jkim
1bdf3ee8a8 Merge ACPICA 20111123. 2011-11-28 23:36:48 +00:00
rmh
922d7543f7 Adjust a few old checks to use __FreeBSD_version macro to
determine which version of FreeBSD kernel we're compiling.

Approved by:	kib (mentor)
2011-11-24 21:23:58 +00:00
kevlo
7120d23af8 Add missing PF_UNLOCK in pf_test
Reviewed by:	bz
2011-10-30 14:55:00 +00:00
glebius
198f18300e Utilize new IF_DEQUEUE_ALL(ifq, m) macro in pfsyncintr() to reduce
contention on ifqueue lock.
2011-10-27 09:47:00 +00:00
glebius
846e388f82 Merge several fixes to bulk update processing from OpenBSD. Merged
revisions: 1.148, 1.149, 1.150. This makes number of states on
master/slave to be of a sane value.
2011-10-23 15:15:17 +00:00
glebius
df3649a331 Fix indentation, no code changed. 2011-10-23 15:10:15 +00:00
glebius
7df2cbe8bc - Fix a bad typo (FreeBSD specific) in pfsync_bulk_update(). Instead
of scheduling next run pfsync_bulk_update(), pfsync_bulk_fail()
  was scheduled.
  This lead to instant 100% state leak after first bulk update
  request.
- After above fix, it appeared that pfsync_bulk_update() lacks
  locking. To fix this, sc_bulk_tmo callout was converted to an
  mtx one. Eventually, all pf/pfsync callouts should be converted
  to mtx version, since it isn't possible to stop or drain a
  non-mtx callout without risk of race.
- Add comment that callout_stop() in pfsync_clone_destroy() lacks
  locking. Since pfsync0 can't be destroyed (yet), let it be here.
2011-10-23 15:08:18 +00:00
glebius
aaf1597b1d Fix from r226623 is not sufficient to close all races in pfsync(4).
The root of problem is re-locking at the end of pfsync_sendout().
Several functions are calling pfsync_sendout() holding pointers
to pf data on stack, and these functions expect this data to be
consistent.

To fix this, the following approach was taken:

- The pfsync_sendout() doesn't call ip_output() directly, but
  enqueues the mbuf on sc->sc_ifp's interfaces queue, that
  is currently unused. Then pfsync netisr is scheduled. PF_LOCK
  isn't dropped in pfsync_sendout().
- The netisr runs through queue and ip_output()s packets
  on it.

Apart from fixing race, this also decouples stack, fixing
potential issues, that may happen, when sending pfsync(4)
packets on input path.

Reviewed by:	eri (a quick review)
2011-10-23 14:59:54 +00:00
glebius
a1471140d1 Absense of M_WAITOK in malloc flags for UMA doesn't
equals presense of M_NOWAIT. Specify M_NOWAIT explicitly.

This fixes sleeping with PF_LOCK().
2011-10-23 10:13:20 +00:00
glebius
0b986dc6d5 Correct flag for uma_zalloc() is M_WAITOK. M_WAIT is an old and
deprecated flag from historical mbuf(9) allocator.

This is style only change.
2011-10-23 10:05:25 +00:00
glebius
904eece235 Fix a race: we should update sc_len before dropping the pf lock, otherwise a
number of packets can be queued on sc, while we are in ip_output(), and then
we wipe the accumulated sc_len. On next pfsync_sendout() that would lead to
writing beyond our mbuf cluster.
2011-10-21 22:28:15 +00:00
glebius
0391c17cc2 In FreeBSD ip_output() expects ip_len and ip_off in host byte order
PR:		kern/159029
2011-10-21 11:11:18 +00:00
bz
5203b21813 Fix recursive pf locking leading to panics. Splatter PF_LOCK_ASSERT()s
to document where we are expecting to be called with a lock held to
more easily catch unnoticed code paths.
This does not neccessarily improve locking in pfsync, it just tries
to avoid the panics reported.

PR:		kern/159390, kern/158873
Submitted by:	pluknet (at least something that partly resembles
		my patch ignoring other cleanup, which I only saw
		too late on the 2nd PR)
MFC After:	3 days
2011-10-19 13:13:56 +00:00
bz
5f647b5434 De-virtualize the pf_task_mtx lock. At the current state of pf locking
and virtualization it is not helpful but complicates things.

Current state of art is to not virtualize these kinds of locks -
inp_group/hash/info/.. are all not virtualized either.

MFC after:	3 days
2011-10-19 11:04:49 +00:00
bz
dd787aecc7 Adjust the PF_ASSERT() macro to what we usually use in the network stack:
PF_LOCK_ASSERT() and PF_UNLOCK_ASSERT().

MFC after:	3 days
2011-10-19 10:16:42 +00:00
bz
5be0c466b9 In the non-FreeBSD case we do not expect PF_LOCK and friends to do anything.
MFC after:	3 days
2011-10-19 10:08:58 +00:00
bz
c9c086db96 Pseudo interfaces should go at SI_SUB_PSEUDO. However at least
pfsync also depends on pf to be initialized already so pf goes at
FIRST and the interfaces go at ANY.
Then the (VNET_)SYSINIT startups for pf stays at SI_SUB_PROTO_BEGIN
and for pfsync we move to the later SI_SUB_PROTO_IF.

This is not ideal either but at least an order that should work for
the moment and can be re-fined with the VIMAGE merge, once this will
actually work with more than one network stack.

MFC after:	3 days
2011-10-19 10:04:24 +00:00
bz
677cad9768 Fix an obvious locking bug where we would lock again rather than unlock.
MFC after:	3 days
2011-10-19 09:34:40 +00:00
bz
21d5547b98 Fix a bug when NPFSYNC > 0 that on FreeBSD we would always return
and never remove state.

This fixes the problem some people are seeing that state is removed when pf
is loaded as a module but not in situations when compiled into the kernel.

Reported by:	many on freebsd-pf
Tested by:	flo
MFC after:	3 days
2011-10-19 08:57:17 +00:00
bz
d8751c7f52 Fix indentation in a loop and a tiny maze of #ifdefs for just the
__FreeBSD__ parts that had it wrong.

MFC after:	3 days
2011-10-19 08:37:48 +00:00
bz
e414ca1893 Use the correct byte order for the ip_divert(4) mbuf tag port meta
information in pf(4).

Submitted by:	Yaocl (chunlinyao gmail.com), forum post 145106
Approved by:	re (kib)
2011-08-25 09:38:33 +00:00
pluknet
28d7c80803 Fix build failure without BPF.
Reported by:	deeptech71 at gmail dot com
Approved by:	re (kib)
2011-08-17 13:02:50 +00:00
bz
e15f804c7b Update packet filter (pf) code to OpenBSD 4.5.
You need to update userland (world and ports) tools
to be in sync with the kernel.

Submitted by:	mlaier
Submitted by:	eri
2011-06-28 11:57:25 +00:00
rwatson
e9eb5d3b9c Add _mbuf() variants of various inpcb-related interfaces, including lookup,
hash install, etc.  For now, these are arguments are unused, but as we add
RSS support, we will want to use hashes extracted from mbufs, rather than
manually calculated hashes of header fields, due to the expensive of the
software version of Toeplitz (and similar hashes).

Add notes that it would be nice to be able to pass mbufs into lookup
routines in pf(4), optimising firewall lookup in the same way, but the
code structure there doesn't facilitate that currently.

(In principle there is no reason this couldn't be MFCed -- the change
extends rather than modifies the KBI.  However, it won't be useful without
other previous possibly less MFCable changes.)

Reviewed by:    bz
Sponsored by:   Juniper Networks, Inc.
2011-06-04 16:33:06 +00:00
jkim
dad6aab353 Merge ACPICA 20110527. 2011-05-31 19:45:58 +00:00
bz
90dbe667c5 Remove some further INET related symbols from pf to allow the module
to not only compile bu load as well for testing with IPv6-only kernels.
For the moment we ignore the csum change in pf_ioctl.c given the
pending update to pf45.

Reported by:	dru
Sponsored by:	The FreeBSD Foundation
Sponsored by:	iXsystems
MFC after:	20 days
2011-05-31 15:05:29 +00:00
rwatson
fdfdadb612 Decompose the current single inpcbinfo lock into two locks:
- The existing ipi_lock continues to protect the global inpcb list and
  inpcb counter.  This lock is now relegated to a small number of
  allocation and free operations, and occasional operations that walk
  all connections (including, awkwardly, certain UDP multicast receive
  operations -- something to revisit).

- A new ipi_hash_lock protects the two inpcbinfo hash tables for
  looking up connections and bound sockets, manipulated using new
  INP_HASH_*() macros.  This lock, combined with inpcb locks, protects
  the 4-tuple address space.

Unlike the current ipi_lock, ipi_hash_lock follows the individual inpcb
connection locks, so may be acquired while manipulating a connection on
which a lock is already held, avoiding the need to acquire the inpcbinfo
lock preemptively when a binding change might later be required.  As a
result, however, lookup operations necessarily go through a reference
acquire while holding the lookup lock, later acquiring an inpcb lock --
if required.

A new function in_pcblookup() looks up connections, and accepts flags
indicating how to return the inpcb.  Due to lock order changes, callers
no longer need acquire locks before performing a lookup: the lookup
routine will acquire the ipi_hash_lock as needed.  In the future, it will
also be able to use alternative lookup and locking strategies
transparently to callers, such as pcbgroup lookup.  New lookup flags are,
supplementing the existing INPLOOKUP_WILDCARD flag:

  INPLOOKUP_RLOCKPCB - Acquire a read lock on the returned inpcb
  INPLOOKUP_WLOCKPCB - Acquire a write lock on the returned inpcb

Callers must pass exactly one of these flags (for the time being).

Some notes:

- All protocols are updated to work within the new regime; especially,
  TCP, UDPv4, and UDPv6.  pcbinfo ipi_lock acquisitions are largely
  eliminated, and global hash lock hold times are dramatically reduced
  compared to previous locking.
- The TCP syncache still relies on the pcbinfo lock, something that we
  may want to revisit.
- Support for reverting to the FreeBSD 7.x locking strategy in TCP input
  is no longer available -- hash lookup locks are now held only very
  briefly during inpcb lookup, rather than for potentially extended
  periods.  However, the pcbinfo ipi_lock will still be acquired if a
  connection state might change such that a connection is added or
  removed.
- Raw IP sockets continue to use the pcbinfo ipi_lock for protection,
  due to maintaining their own hash tables.
- The interface in6_pcblookup_hash_locked() is maintained, which allows
  callers to acquire hash locks and perform one or more lookups atomically
  with 4-tuple allocation: this is required only for TCPv6, as there is no
  in6_pcbconnect_setup(), which there should be.
- UDPv6 locking remains significantly more conservative than UDPv4
  locking, which relates to source address selection.  This needs
  attention, as it likely significantly reduces parallelism in this code
  for multithreaded socket use (such as in BIND).
- In the UDPv4 and UDPv6 multicast cases, we need to revisit locking
  somewhat, as they relied on ipi_lock to stablise 4-tuple matches, which
  is no longer sufficient.  A second check once the inpcb lock is held
  should do the trick, keeping the general case from requiring the inpcb
  lock for every inpcb visited.
- This work reminds us that we need to revisit locking of the v4/v6 flags,
  which may be accessed lock-free both before and after this change.
- Right now, a single lock name is used for the pcbhash lock -- this is
  undesirable, and probably another argument is required to take care of
  this (or a char array name field in the pcbinfo?).

This is not an MFC candidate for 8.x due to its impact on lookup and
locking semantics.  It's possible some of these issues could be worked
around with compatibility wrappers, if necessary.

Reviewed by:    bz
Sponsored by:   Juniper Networks, Inc.
2011-05-30 09:43:55 +00:00
bz
26a10f2195 Make pf compile without INET support by adding #ifdef INETs and
correcting few #includes.

Reviewed by:	gnn
Sponsored by:	The FreeBSD Foundation
Sponsored by:	iXsystems
MFC after:	4 days
2011-04-27 19:34:01 +00:00
bschmidt
d7f68b4e5b Add firmware images for the 6000 series g2a and g2b adapters. 2011-04-20 17:34:09 +00:00
bschmidt
448cc648b5 Update iwn(4) firmware blobs:
- bump iwn1000fw to 39.31.5.1
- bump iwn5000fw to 8.83.5.1
- bump iwn6050fw to 41.28.5.1
2011-04-20 17:32:20 +00:00
jkim
f96a264127 Re-merge with ACPICA vendor source. 2011-04-15 21:38:24 +00:00
jkim
11c809baa1 Merge ACPICA 20110413. 2011-04-15 18:34:27 +00:00
jkim
95c723445e Use atomic load & store for TSC frequency. It may be overkill for amd64 but
safer for i386 because it can be easily over 4 GHz now.  More worse, it can
be easily changed by user with 'machdep.tsc_freq' tunable (directly) or
cpufreq(4) (indirectly).  Note it is intentionally not used in performance
critical paths to avoid performance regression (but we should, in theory).
Alternatively, we may add "virtual TSC" with lower frequency if maximum
frequency overflows 32 bits (and ignore possible incoherency as we do now).
2011-04-07 23:28:28 +00:00
jkim
69fd3173b8 Merge ACPICA 20110316. 2011-03-17 00:29:53 +00:00
jmallett
bcf30d2812 o) Clean up FPA pools on module unload.
o) Allocate output buffer pool based on available output queues.

Submitted by:	Bhanu Prakash (with modifications)
2011-03-16 08:51:36 +00:00
jkim
ad8ef5e4c7 Deprecate tsc_present as the last of its real consumers finally disappeared. 2011-03-15 17:19:52 +00:00
jkim
7df55dcdeb Add a tunable "machdep.disable_tsc" to turn off TSC. Specifically, it turns
off boot-time CPU frequency calibration, DELAY(9) with TSC, and using TSC as
a CPU ticker.  Note tsc_present does not change by this tunable.
2011-03-11 00:44:32 +00:00
jkim
98d68ca741 Deprecate rarely used tsc_is_broken. Instead, we zero out tsc_freq because
it is almost always used with tsc_freq any way.
2011-03-10 20:02:58 +00:00
jkim
e18a22e828 Remove alpha reminiscence from altq. 2011-03-10 19:04:18 +00:00
jkim
aeb17da5dc Consistently add TSC support for amd64. 2011-03-10 18:58:40 +00:00
jkim
d695e38057 Remove support for FreeBSD 4.x and below. 2011-03-10 18:49:15 +00:00
jkim
f74b693166 Merge ACPICA 20110211. 2011-02-12 01:03:15 +00:00
csjp
4f835d8864 Correct bogus initialization. It should be noted that this change
has been corrected in the vendor branch, but for now, silence clang
warnings.

Found by:	clang
Discussed with:	mlaier
MFC after:	1 week
2011-01-14 04:24:53 +00:00
jkim
68475bc13c Merge ACPICA 20110112. Switch to BSD/GPLv2 dual license[1].
Discussed with:	core [1]
2011-01-13 17:32:32 +00:00
jmallett
d46c373873 o) Expand the CIU driver to be aware of newly-allocated parts of the IRQ range.
o) Add 'octm', a trivial driver for the 10/100 management ports found on some
   Octeon systems.
o) Make the Simple Executive's management port helper routines compile on
   FreeBSD (namely by not doing math on void pointers.)
o) Add a cvmx_mgmt_port_sendm routine to the Simple Executive to send an mbuf
   so there is only one copy in the transmit path, rather than having to first
   copy the mbuf to an intermediate buffer and then copy that to the Simple
   Executive's transmit ring.
o) Properly work out MII addresses of management ports on the Lanner MR-730.
   XXX The MR-730 also needs some patches to the MII read/write routines, but
       this is sufficient for now.  Media detection will be fixed in the future
       when I can spend more time reading the vendor-supplied patches.
2011-01-10 03:48:41 +00:00
bschmidt
0c41bc7599 Update firmware for wpi(4) from version 2.14.4 to 15.32.2.9.
PR:		kern/142907
Submitted by:	Craig Butler <craig001 at lerwick.hopto.org>
MFC after:	2 weeks
2010-12-19 11:37:44 +00:00
jmallett
465b528052 o) Add support for the Lanner MR-321X/MR-325, which is just a modified MR-320.
o) On the Lanner MR-730, disable PCIe lane swap, per vendor.
2010-12-16 07:20:38 +00:00
jkim
2fc3b5748a Merge ACPICA 20101209. 2010-12-15 23:48:45 +00:00
jmallett
cdfefa0ba0 Merge Cavium Octeon SDK 2.0 Simple Executive; this brings some fixes and new
facilities as well as support for the Octeon 2 family of SoCs.

XXX Note that with our antediluvian assembler, we can't support some Octeon 2
    instructions and fall back to using the old ones instead.
2010-11-28 08:18:16 +00:00
jmallett
4969d1f4dd o) Recognize the Lanner MR-730.
o) Fix enumeration of PHY addresses on the MR-955.
o) Parse link state for the MR-730 using the Broadcom PHY support in the SDK.
   It's not clear that this is entirely-correct, but it seems to work.  Since
   this board uses a BCM5482S, this may mean that we work correctly for copper
   but not SFI, which is untested.
2010-11-08 21:22:55 +00:00
jkim
03fb652c81 Merge ACPICA 20101013. 2010-10-13 21:37:02 +00:00
rpaulo
c652fa1474 Ignore the return value of ADDCARRY(). 2010-10-13 17:16:08 +00:00
rpaulo
a25e20e54a Properly tell the compiler that we want to ignore the return value of
certain macros.
2010-10-13 17:09:53 +00:00
rpaulo
0d77104f9e Fix several cases were a conditional operator was used instead of a
bitwise operator.

Found with:	clang
2010-10-13 17:09:16 +00:00
rpaulo
ed92bd409f Pass a format string to make_dev().
Found by:	clang
2010-10-13 14:57:13 +00:00
jmallett
2d1121be27 o) Allow devices to override the MDIO read and write functions presented to
the miibus attached to octe interfaces.
o) Add an SMI/MDIO interface to the MV88E61XX and use it for the switch PHY on
   the Lanner MR-320.  An actual driver for the switch PHY will come later.
   Note that for now it intercepts and fakes MII_BMSR reads to prevent the
   miibus from talking to anything but the switch itself.
2010-10-02 05:43:17 +00:00
jmallett
7de71dad72 Add preliminary support for the Lanner MR-955. It boots multi-user but there
seem to be problems both with the on-board Ethernet interfaces and the em(4)
interfaces on PCI under FreeBSD.

Thanks to Lanner for providing access to hardware.
2010-09-19 09:19:38 +00:00
jkim
ddeb148f3e Merge ACPICA 20100915. 2010-09-16 20:08:00 +00:00
bz
b27a644a18 When using pf routing options, properly handle IP fragmentation
for interfaces with TSO enabled, otherwise one would see an extra
ICMP unreach, frag needed pre matching packet on lo0.
This syncs pf code to ip_output.c r162084.

PR:		kern/144311
Submitted by:	yongari via mlaier
Reviewed by:	eri
Tested by:	kib
MFC after:	8 days
2010-09-10 00:00:06 +00:00
jkim
68285361e2 Merge ACPICA 20100806. 2010-08-06 23:11:19 +00:00
jmallett
3dc9275fe3 Update the port of FreeBSD to Cavium Octeon to use the Cavium Simple Executive
library:
o) Increase inline unit / large function growth limits for MIPS to accommodate
   the needs of the Simple Executive, which uses a shocking amount of inlining.
o) Remove TARGET_OCTEON and use CPU_CNMIPS to do things required by cnMIPS and
   the Octeon SoC.
o) Add OCTEON_VENDOR_LANNER to use Lanner's allocation of vendor-specific
   board numbers, specifically to support the MR320.
o) Add OCTEON_BOARD_CAPK_0100ND to hard-wire configuration for the CAPK-0100nd,
   which improperly uses an evaluation board's board number and breaks board
   detection at runtime.  This board is sold by Portwell as the CAM-0100.
o) Add support for the RTC available on some Octeon boards.
o) Add support for the Octeon PCI bus.  Note that rman_[sg]et_virtual for IO
   ports can not work unless building for n64.
o) Clean up the CompactFlash driver to use Simple Executive macros and
   structures where possible (it would be advisable to use the Simple Executive
   API to set the PIO mode, too, but that is not done presently.)  Also use
   structures from FreeBSD's ATA layer rather than structures copied from
   Linux.
o) Print available Octeon SoC features on boot.
o) Add support for the Octeon timecounter.
o) Use the Simple Executive's routines rather than local copies for doing reads
   and writes to 64-bit addresses and use its macros for various device
   addresses rather than using local copies.
o) Rename octeon_board_real to octeon_is_simulation to reduce differences with
   Cavium-provided code originally written for Linux.  Also make it use the
   same simplified test that the Simple Executive and Linux both use rather
   than our complex one.
o) Add support for the Octeon CIU, which is the main interrupt unit, as a bus
   to use normal interrupt allocation and setup routines.
o) Use the Simple Executive's bootmem facility to allocate physical memory for
   the kernel, rather than assuming we know which addresses we can steal.
   NB: This may reduce the amount of RAM the kernel reports you as having if
       you are leaving large temporary allocations made by U-Boot allocated
       when starting FreeBSD.
o) Add a port of the Cavium-provided Ethernet driver for Linux.  This changes
   Ethernet interface naming from rgmxN to octeN.  The new driver has vast
   improvements over the old one, both in performance and functionality, but
   does still have some features which have not been ported entirely and there
   may be unimplemented code that can be hit in everyday use.  I will make
   every effort to correct those as they are reported.
o) Support loading the kernel on non-contiguous cores.
o) Add very conservative support for harvesting randomness from the Octeon
   random number device.
o) Turn SMP on by default.
o) Clean up the style of the Octeon kernel configurations a little and make
   them compile with -march=octeon.
o) Add support for the Lanner MR320 and the CAPK-0100nd to the Simple
   Executive.
o) Modify the Simple Executive to build on FreeBSD and to build without
   executive-config.h or cvmx-config.h.  In the future we may want to
   revert part of these changes and supply executive-config.h and
   cvmx-config.h and access to the options contained in those files via
   kernel configuration files.
o) Modify the Simple Executive USB routines to support getting and setting
   of the USB PID.
2010-07-20 19:25:11 +00:00
jmallett
4948f4b8d5 Import the Cavium Simple Executive from the Cavium Octeon SDK. The Simple
Executive is a library that can be used by standalone applications and kernels
to abstract access to Octeon SoC and board-specific hardware and facilities.
The FreeBSD port to Octeon will be updated to use this where possible.
2010-07-20 07:19:43 +00:00
bschmidt
6ac2f4bf60 - Update 6000 firmware to 9.221.4.1
- Add 6050 firmware

MFC after:	2 weeks
2010-07-15 11:26:07 +00:00
jkim
ee32cc3784 Merge ACPICA 20100702. 2010-07-06 20:57:28 +00:00
raj
425b04623b Provide kernel level headers for the libfdt code.
Reviewed by:	imp
Sponsored by:	The FreeBSD Foundation
2010-06-02 17:24:41 +00:00
thompsa
c260948bc7 Sync run(4) driver from author's site.
Submitted by:	Akinori Furukoshi
Obtained from:	git://gitorious.org/run/run.git
2010-05-13 00:19:03 +00:00
bz
0a90ef1728 MFP4: @176978-176982, 176984, 176990-176994, 177441
"Whitspace" churn after the VIMAGE/VNET whirls.

Remove the need for some "init" functions within the network
stack, like pim6_init(), icmp_init() or significantly shorten
others like ip6_init() and nd6_init(), using static initialization
again where possible and formerly missed.

Move (most) variables back to the place they used to be before the
container structs and VIMAGE_GLOABLS (before r185088) and try to
reduce the diff to stable/7 and earlier as good as possible,
to help out-of-tree consumers to update from 6.x or 7.x to 8 or 9.

This also removes some header file pollution for putatively
static global variables.

Revert VIMAGE specific changes in ipfilter::ip_auth.c, that are
no longer needed.

Reviewed by:	jhb
Discussed with:	rwatson
Sponsored by:	The FreeBSD Foundation
Sponsored by:	CK Software GmbH
MFC after:	6 days
2010-04-29 11:52:42 +00:00
jkim
4c85155383 Merge ACPICA 20100428. 2010-04-28 22:25:27 +00:00
imp
54a80d8785 We don't need the definition for in_cksum repeated here since we get
it from machine/in_cksum.h.  This definition prevents us from using
hand-tuned assembler versions of in_cksum.

# this fixes the modules build on arm for ipfilter.
2010-04-14 20:50:07 +00:00
bschmidt
0f7a19c760 Update firmware for the 6000 series Intel cards to version 9.193.4.1.
Approved by:	rpaulo (mentor)
MFC after:	2 weeks
2010-04-10 07:07:08 +00:00
jkim
c22943d966 Merge ACPICA 20100331 (and four additional upstream patches). 2010-04-02 23:04:31 +00:00
delphij
2c005036bc Integrate OpenBSD rev 1.5 of x86emu.c. 2010-03-09 22:42:24 +00:00
jkim
f113de4c54 Since the interpreter slack mode is a tunable now, enable a local hack only
when it is set.  Note the default behaviour does not change by this change.
2010-03-09 19:39:52 +00:00
jkim
a2ef6b3007 Merge ACPICA 20100304. 2010-03-05 21:39:16 +00:00
raj
661abc4ccd Merge DTC-d75b33af.
This is a split merge because of non-uniform licensing of the DTC package
contents and the way these components will be used in the FreeBSD environment.

The original DTC package is composed of the following two major pieces:

1. sys/contrib/libfdt (BSD [dual] license)
2. contrib/dtc (GPLv2)

The libfdt component is going to be shared in all aspects of the environment:
- /boot/loader
- kernel
- dtc (the device tree compiler proper, userspace tool)
2010-02-28 21:57:35 +00:00
thompsa
362fc6636d Uuencode the rt2870 firmware into ascii like the other firmware blobs. 2010-01-29 03:35:01 +00:00
thompsa
47c70728c0 Add run(4), a driver for Ralink RT2700U/RT2800U/RT3000U USB 802.11agn devices.
This driver was written for OpenBSD by Damien Bergamini and ported over by
Akinori Furukoshi.
2010-01-28 22:24:54 +00:00
jkim
1b1ea6376f Fix a new header inclusion. 2010-01-21 21:31:39 +00:00
jkim
fa5d03cca6 Merge ACPICA 20100121. 2010-01-21 21:14:28 +00:00
weongyo
f18ad8db6f Fixes a firmware bug that in some devices (e.g. Netgear WG111T or
TRENDnet TEW-504UB/EU) idProduct didn't be decreased after loading the
firmware.

Pointed by:	Steven Friedrich <freebsd at insightbb.com>
Reviewed by:	sam
2010-01-19 01:04:44 +00:00
trasz
9dd38d6c41 Fix array overflow.
Reviewed by:	philip
2010-01-08 19:56:37 +00:00
rpaulo
1ec05ea1e0 Delete old firmware. 2009-12-29 20:15:52 +00:00
rpaulo
91f3d0f751 iwn(4) update. Notable changes:
* new firmware
* untested support for 1000 and 6000 series
* bgscan support
* remove unnecessary RXON changes
* allow setting of country/regdomain by enforcing channel flags read
  from the EEPROM
* suspend/resume fixes
* RF kill switch fixes
* LED adjustments
* several bus_dma*() related fixes
* addressed some LORs
* many other bug fixes

Submitted by:	Bernhard Schmidt <bschmidt at techwires.net>
Obtained from:	Brandon Gooch <jamesbrandongooch at gmail dot com> (LED
		related changes), Benjamin Kaduk <kaduk at mit dot edu>
		(LOR fixes), OpenBSD
2009-12-29 19:47:34 +00:00
delphij
40c18ac3ff Adapt OpenBSD pf's "sloopy" TCP state machine which is useful for Direct
Server Return mode, where not all packets would be visible to the load
balancer or gateway.

This commit should be reverted when we merge future pf versions.  The
benefit it would provide is that this version does not break any existing
public interface and thus won't be a problem if we want to MFC it to
earlier FreeBSD releases.

Discussed with:	mlaier
Obtained from:	OpenBSD
Sponsored by:	iXsystems, Inc.
MFC after:	1 month
2009-12-24 00:43:44 +00:00
jkim
ef51d3ef19 Merge ACPICA 20091214. 2009-12-14 22:24:04 +00:00
jkim
e91f3d64cb Merge ACPICA 20091112. 2009-11-16 21:47:12 +00:00
attilio
d3a4a74154 Remove the explicit definition of inet_aton() as it was introduced as a
general function in r199208.

Reported by:	np
Sponsored by:	Sandvine Incorporated
MFC:		1 week
2009-11-12 14:22:12 +00:00
brueffer
acdf1c7b90 Fix two memory leaks in error cases.
PR:		138378
Submitted by:	Patroklos Argyroudis <argp@census-labs.com>
Approved by:	mlaier
MFC after:	1 week
2009-11-05 16:30:16 +00:00
rpaulo
15ae93bc67 Updated iwn(4) driver supporting the newer series, 5000, 5150 and 5300.
Submitted by:	Bernhard Schmidt <bschmidt at techwires.net>
2009-10-23 22:04:18 +00:00
jkim
99279734b8 Rewrite x86bios and update its dependent drivers.
- Do not map entire real mode memory (1MB).  Instead, we map IVT/BDA and
ROM area separately.  Most notably, ROM area is mapped as device memory
(uncacheable) as it should be.  User memory is dynamically allocated and
free'ed with contigmalloc(9) and contigfree(9).  Remove now redundant and
potentially dangerous x86bios_alloc.c.  If this emulator ever grows to
support non-PC hardware, we may implement it with rman(9) later.
- Move all host-specific initializations from x86emu_util.c to x86bios.c and
remove now unnecessary x86emu_util.c.  Currently, non-PC hardware is not
supported.  We may use bus_space(9) later when the KPI is fixed.
- Replace all bzero() calls for emulated registers with more obviously named
x86bios_init_regs().  This function also initializes DS and SS properly.
- Add x86bios_get_intr().  This function checks if the interrupt vector is
available for the platform.  It is not necessary for PC-compatible hardware
but it may be needed later. ;-)
- Do not try turning off monitor if DPMS does not support the state.
- Allocate stable memory for VESA OEM strings instead of just holding
pointers to them.  They may or may not be accessible always.  Fix a memory
leak of video mode table while I am here.
- Add (experimental) BIOS POST call for vesa(4).  This function calls VGA
BIOS POST code from the current VGA option ROM.  Some video controllers
cannot save and restore the state properly even if it is claimed to be
supported.  Usually the symptom is blank display after resuming from suspend
state.  If the video mode does not match the previous mode after restoring,
we try BIOS POST and force the known good initial state.  Some magic was
taken from NetBSD (and it was taken from vbetool, I believe.)
- Add a loader tunable for vgapci(4) to give a hint to dpms(4) and vesa(4)
to identify who owns the VESA BIOS.  This is very useful for multi-display
adapter setup.  By default, the POST video controller is automatically
probed and the tunable "hw.pci.default_vgapci_unit" is set to corresponding
vgapci unit number.  You may override it from loader but it is very unlikely
to be necessary.  Unfortunately only AGP/PCI/PCI-E controllers can be
matched because ISA controller does not have necessary device IDs.
- Fix a long standing bug in state save/restore function.  The state buffer
pointer should be ES:BX, not ES:DI according to VBE 3.0.  If it ever worked,
that's because BX was always zero. :-)
- Clean up register initializations more clearer per VBE 3.0.
- Fix a lot of style issues with vesa(4).
2009-10-19 20:58:10 +00:00
jkim
fca91fda32 Merge ACPICA 20091013. 2009-10-19 16:12:58 +00:00
delphij
94909d6fc5 Use __FBSDID to embed RCS ID. 2009-09-21 08:37:57 +00:00
delphij
fc497a4fc2 Collapase interrupt supporting functions to a new module, and switch from
x86emu to this new module.

This changeset also brings a fix for bugs introduced with the initial
x86emu commit, which prevents the user from using some display mode or
cause instant reboots during mode switch.

Submitted by:	paradox <ddkprog yahoo com>
2009-09-21 08:17:57 +00:00
jkim
bff622b122 Canonify include paths for newly added files. 2009-09-11 22:56:08 +00:00
jkim
1d3fa3e25b MFV: r196804
Import ACPICA 20090903
2009-09-11 22:48:53 +00:00
delphij
f44ea64745 - Port x86emu to FreeBSD.
- Connect x86emu to build.

Tested with:	make universe
Submitted by:	swell.k at gmail com
2009-09-09 05:53:26 +00:00
delphij
520175fd3f Import x86emu from OpenBSD as of OPENBSD_4_6. 2009-09-09 01:19:26 +00:00
phk
5297261651 Revert previous commit and add myself to the list of people who should
know better than to commit with a cat in the area.
2009-09-08 13:19:05 +00:00
phk
2314521104 Add necessary include. 2009-09-08 13:16:55 +00:00
mlaier
1142208531 Fix argument ordering to memcpy as well as the size of the copy in the
(theoretical) case that pfi_buffer_cnt should be greater than ~_max.

Submitted by:	pjd
Reviewed by:	{krw,sthen,markus}@openbsd.org
MFC after:	3 days
2009-08-25 19:30:32 +00:00
rwatson
ef8d755d4d Rework global locks for interface list and index management, correcting
several critical bugs, including race conditions and lock order issues:

Replace the single rwlock, ifnet_lock, with two locks, an rwlock and an
sxlock.  Either can be held to stablize the lists and indexes, but both
are required to write.  This allows the list to be held stable in both
network interrupt contexts and sleepable user threads across sleeping
memory allocations or device driver interactions.  As before, writes to
the interface list must occur from sleepable contexts.

Reviewed by:	bz, julian
MFC after:	3 days
2009-08-23 20:40:19 +00:00
mlaier
abdec3b9b7 If we cannot immediately get the pf_consistency_lock in the purge thread,
restart the scan after acquiring the lock the hard way.  Otherwise we might
end up with a dead reference.

Reported by:		pfsense
Reviewed by:		eri
Initial patch by:	eri
Tested by:		pfsense
Approved by:		re (kib)
2009-08-19 00:10:10 +00:00
rwatson
5c6699ad3d Many network stack subsystems use a single global data structure to hold
all pertinent statatistics for the subsystem.  These structures are
sometimes "borrowed" by kernel modules that require a place to store
statistics for similar events.

Add KPI accessor functions for statistics structures referenced by kernel
modules so that they no longer encode certain specifics of how the data
structures are named and stored.  This change is intended to make it
easier to move to per-CPU network stats following 8.0-RELEASE.

The following modules are affected by this change:

      if_bridge
      if_cxgb
      if_gif
      ip_mroute
      ipdivert
      pf

In practice, most of these statistics consumers should, in fact, maintain
their own statistics data structures rather than borrowing structures
from the base network stack.  However, that change is too agressive for
this point in the release cycle.

Reviewed by:	bz
Approved by:	re (kib)
2009-08-02 19:43:32 +00:00
rwatson
fb9ffed650 Merge the remainder of kern_vimage.c and vimage.h into vnet.c and
vnet.h, we now use jails (rather than vimages) as the abstraction
for virtualization management, and what remained was specific to
virtual network stacks.  Minor cleanups are done in the process,
and comments updated to reflect these changes.

Reviewed by:	bz
Approved by:	re (vimage blanket)
2009-08-01 19:26:27 +00:00
rwatson
57ca4583e7 Build on Jeff Roberson's linker-set based dynamic per-CPU allocator
(DPCPU), as suggested by Peter Wemm, and implement a new per-virtual
network stack memory allocator.  Modify vnet to use the allocator
instead of monolithic global container structures (vinet, ...).  This
change solves many binary compatibility problems associated with
VIMAGE, and restores ELF symbols for virtualized global variables.

Each virtualized global variable exists as a "reference copy", and also
once per virtual network stack.  Virtualized global variables are
tagged at compile-time, placing the in a special linker set, which is
loaded into a contiguous region of kernel memory.  Virtualized global
variables in the base kernel are linked as normal, but those in modules
are copied and relocated to a reserved portion of the kernel's vnet
region with the help of a the kernel linker.

Virtualized global variables exist in per-vnet memory set up when the
network stack instance is created, and are initialized statically from
the reference copy.  Run-time access occurs via an accessor macro, which
converts from the current vnet and requested symbol to a per-vnet
address.  When "options VIMAGE" is not compiled into the kernel, normal
global ELF symbols will be used instead and indirection is avoided.

This change restores static initialization for network stack global
variables, restores support for non-global symbols and types, eliminates
the need for many subsystem constructors, eliminates large per-subsystem
structures that caused many binary compatibility issues both for
monitoring applications (netstat) and kernel modules, removes the
per-function INIT_VNET_*() macros throughout the stack, eliminates the
need for vnet_symmap ksym(2) munging, and eliminates duplicate
definitions of virtualized globals under VIMAGE_GLOBALS.

Bump __FreeBSD_version and update UPDATING.

Portions submitted by:  bz
Reviewed by:            bz, zec
Discussed with:         gnn, jamie, jeff, jhb, julian, sam
Suggested by:           peter
Approved by:            re (kensmith)
2009-07-14 22:48:30 +00:00
cperciva
45e5ee4e4a Remove build timestamps from the following files:
/boot/kernel/hptrr.ko
/etc/mail/*.cf
/lib/libcrypto.so.5
/usr/bin/ntpq
/usr/sbin/amd
/usr/sbin/iasl
/usr/sbin/ntpd
/usr/sbin/ntpdate
/usr/sbin/ntpdc

There does not appear to be any purpose to having these timestamps, and
they have the irritating consequence that the aforementioned files will
be different every time they are rebuilt.

After this commit, the only remaining build timestamps are in the kernel,
the boot loaders, /usr/include/osreldate.h (the year in the copyright
notice), and lib*.a (the timestamps on all of the included .o files).

Reviewed by:	scottl (hptrr), gshapiro (sendmail), simon (openssl),
		roberto (ntp), jkim (acpica)
Approved by:	re (kib)
2009-07-11 22:30:37 +00:00
sam
49f1934625 Update to 3.6.2.2 firmware (latest w/o host-based power save support):
o new tx ack queue (not used right now)
o proxy-sta related changes (no proxy sta in driver)
o explicit dwds ena/dis (needed only with proxy sta)
o cleanup BA policy handling
o new ampdu aggressive mode support
o CFEnd use now controllable

Approved by:	re (kensmith)
2009-06-29 18:42:54 +00:00
rdivacky
841360d91c Use proper form of gnu designated initalizers. This lets
clang compile this files.

Approved by: ed (mentor)
Silence from: harti (maintainer?)
2009-06-24 12:01:10 +00:00
rwatson
c9ef486fe1 Modify most routines returning 'struct ifaddr *' to return references
rather than pointers, requiring callers to properly dispose of those
references.  The following routines now return references:

  ifaddr_byindex
  ifa_ifwithaddr
  ifa_ifwithbroadaddr
  ifa_ifwithdstaddr
  ifa_ifwithnet
  ifaof_ifpforaddr
  ifa_ifwithroute
  ifa_ifwithroute_fib
  rt_getifa
  rt_getifa_fib
  IFP_TO_IA
  ip_rtaddr
  in6_ifawithifp
  in6ifa_ifpforlinklocal
  in6ifa_ifpwithaddr
  in6_ifadd
  carp_iamatch6
  ip6_getdstifaddr

Remove unused macro which didn't have required referencing:

  IFP_TO_IA6

This closes many small races in which changes to interface
or address lists while an ifaddr was in use could lead to use of freed
memory (etc).  In a few cases, add missing if_addr_list locking
required to safely acquire references.

Because of a lack of deep copying support, we accept a race in which
an in6_ifaddr pointed to by mbuf tags and extracted with
ip6_getdstifaddr() doesn't hold a reference while in transmit.  Once
we have mbuf tag deep copy support, this can be fixed.

Reviewed by:	bz
Obtained from:	Apple, Inc. (portions)
MFC after:	6 weeks (portions)
2009-06-23 20:19:09 +00:00
bz
0808d0b1a6 After cleaning up rt_tables from vnet.h and cleaning up opt_route.h
a lot of files no longer need route.h either. Garbage collect them.
While here remove now unneeded vnet.h #includes as well.
2009-06-23 17:03:45 +00:00
bz
5ca915a0f9 All consumers of in_cksum.h have been properly #ifdefed already,
so do not include the file either as it would give as an extra
dependency on INET.
2009-06-10 11:19:34 +00:00
jkim
8ede8714ca Rewrite OsdSynch.c to reflect the latest ACPICA more closely:
- Implement ACPI semaphore (ACPI_SEMAPHORE) with condvar(9) and mutex(9).
- Implement ACPI mutex (ACPI_MUTEX) with mutex(9).
- Implement ACPI lock (ACPI_SPINLOCK) with spin mutex(9).
2009-06-08 20:07:16 +00:00
bz
b7ff2bdc20 After r193232 rt_tables in vnet.h are no longer indirectly dependent on
the ROUTETABLES kernel option thus there is no need to include opt_route.h
anymore in all consumers of vnet.h and no longer depend on it for module
builds.

Remove the hidden include in flowtable.h as well and leave the two
explicit #includes in ip_input.c and ip_output.c.
2009-06-08 19:57:35 +00:00
jkim
76b38c556a Clean up FreeBSD-specific header file:
- Define ACPI_USE_DO_WHILE_0 to add do while(0) around return_*() macros.
- Define __cdecl only for user land.  It will never be used in kernel.
- Remove __cli() and __sti().  They were deprecated long ago.
2009-06-08 17:11:47 +00:00
jkim
40089f58a4 Import ACPICA 20090521. 2009-06-05 18:43:13 +00:00
rwatson
f4934662e5 Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC
and used in a large number of files, but also because an increasing number
of incorrect uses of MAC calls were sneaking in due to copy-and-paste of
MAC-aware code without the associated opt_mac.h include.

Discussed with:	pjd
2009-06-05 14:55:22 +00:00
jkim
419d50d00d Do not install SSDT when DSDT is overriden by user. 2009-06-04 20:48:31 +00:00
jkim
feac47ed6a Trim unnecessary files from the import. 2009-06-03 21:47:13 +00:00
jkim
f3d116f1ff Remove function redeclaration. It was upstreamed but lost somehow. 2009-06-02 20:44:21 +00:00
jkim
5ad900033b Canonify include paths again. 2009-06-02 20:02:58 +00:00
jkim
57d988f09e Fix include path fixup for contrib/dev/acpica/include/platform/*.h. 2009-06-02 20:00:32 +00:00
jkim
73af4710a0 MFV: ACPICA 20090521 2009-06-02 18:53:21 +00:00
zec
904747c9f9 V_loif is not an array but a pure pointer, so treat it as such.
Reviewed by:	bz
Approved by:	julian (mentor)
2009-06-01 21:29:54 +00:00
sam
f0cca176f4 driver for Marvell 88W8363 Wireless LAN controller 2009-06-01 18:07:01 +00:00
jamie
a013e0afcb Add hierarchical jails. A jail may further virtualize its environment
by creating a child jail, which is visible to that jail and to any
parent jails.  Child jails may be restricted more than their parents,
but never less.  Jail names reflect this hierarchy, being MIB-style
dot-separated strings.

Every thread now points to a jail, the default being prison0, which
contains information about the physical system.  Prison0's root
directory is the same as rootvnode; its hostname is the same as the
global hostname, and its securelevel replaces the global securelevel.
Note that the variable "securelevel" has actually gone away, which
should not cause any problems for code that properly uses
securelevel_gt() and securelevel_ge().

Some jail-related permissions that were kept in global variables and
set via sysctls are now per-jail settings.  The sysctls still exist for
backward compatibility, used only by the now-deprecated jail(2) system
call.

Approved by:	bz (mentor)
2009-05-27 14:11:23 +00:00
avg
446155c1b9 flatten acpica vendor area
do it for current ('dist') and previous versions;
disable keywords expansion at the same time

Reviewed by:	attilio
Approved by:	rpaulo
2009-05-19 14:46:41 +00:00
bz
b0401160b1 tbr_timeout() is a timer driven function[1]. While the previous commit
made LINT happy this does the proper looping over all vnets as we are
only called `globally' and not once per vnet instance.

Reported by:	zec [1]
Missed by:	bz  [1] in r192264
Reviewed by:	zec
2009-05-18 01:05:09 +00:00
bz
68731e73fd Add a missing INIT_VNET_NET() to get VIMAGE closer to full LINT again. 2009-05-17 20:59:09 +00:00
sam
0287045d29 Makefile to record the technique by which the .uu files are generated
from the Intel-distributed .fw files
2009-05-09 18:54:18 +00:00
sam
ec7cffd9f3 update to v3.1 2009-05-09 18:53:07 +00:00
zec
8d976eab5c In preparation for turning on options VIMAGE in next commits,
rearrange / replace / adjust several INIT_VNET_* initializer
macros, all of which currently resolve to whitespace.

Reviewed by:	bz (an older version of the patch)
Approved by:	julian (mentor)
2009-04-26 22:06:42 +00:00
kmacy
24b38efdce Change if_output to take a struct route as its fourth argument in order
to allow passing a cached struct llentry * down to L2

Reviewed by:	rwatson
2009-04-16 20:30:28 +00:00
rwatson
4801e9aee9 Update stats in struct icmpstat and icmp6stat using four new
macros: ICMPSTAT_ADD(), ICMPSTAT_INC(), ICMP6STAT_ADD(), and
ICMP6STAT_INC(), rather than directly manipulating the fields
of these structures across the kernel.  This will make it
easier to change the implementation of these statistics,
such as using per-CPU versions of the data structures.

In on case, icmp6stat members are manipulated indirectly, by
icmp6_errcount(), and this will require further work to fix
for per-CPU stats.

MFC after:	3 days
2009-04-12 13:22:33 +00:00
rwatson
5dc0256f14 Update stats in struct udpstat using two new macros, UDPSTAT_ADD()
and UDPSTAT_INC(), rather than directly manipulating the fields
across the kernel.  This will make it easier to change the
implementation of these statistics, such as using per-CPU versions
of the data structures.

MFC after:	3 days
2009-04-12 11:42:40 +00:00
rwatson
692f8aa2fa Update stats in struct ipstat using four new macros, IPSTAT_ADD(),
IPSTAT_INC(), IPSTAT_SUB(), and IPSTAT_DEC(), rather than directly
manipulating the fields across the kernel.  This will make it easier
to change the implementation of these statistics, such as using
per-CPU versions of the data structures.

MFC after:	3 days
2009-04-11 23:35:20 +00:00
rwatson
b79ff9a30d Update stats in struct tcpstat using two new macros, TCPSTAT_ADD() and
TCPSTAT_INC(), rather than directly manipulating the fields across the
kernel.  This will make it easier to change the implementation of
these statistics, such as using per-CPU versions of the data structures.

MFC after:	3 days
2009-04-11 22:07:19 +00:00
weongyo
3503cf99e3 Add uath(4) wireless USB driver for Atheros AR5005UG and AR5005UX
chipsets.

Reviewed by:	sam
2009-04-04 11:23:00 +00:00
bz
df2be82cec For all files including net/vnet.h directly include opt_route.h and
net/route.h.

Remove the hidden include of opt_route.h and net/route.h from net/vnet.h.

We need to make sure that both opt_route.h and net/route.h are included
before net/vnet.h because of the way MRT figures out the number of FIBs
from the kernel option. If we do not, we end up with the default number
of 1 when including net/vnet.h and array sizes are wrong.

This does not change the list of files which depend on opt_route.h
but we can identify them now more easily.
2009-02-27 14:12:05 +00:00
bz
5e1ae496af Move the include of vinet.h further up before the ipfilter includes. 2009-02-27 13:29:18 +00:00
bz
710220924b Shuffle the vimage.h includes or add where missing. 2009-02-27 13:22:26 +00:00
rdivacky
e5bfcba080 Change the functions to ANSI in those cases where it breaks promotion
to int rule. See ISO C Standard: SS6.7.5.3:15.

Approved by:	kib (mentor)
Reviewed by:	warner
Tested by:	silence on -current
2009-02-24 18:09:31 +00:00
ed
ba4371ba78 Revert my previous two changes.
Even though the code seems to be FreeBSD kernel code, it isn't compiled
on FreeBSD. I could have known this, because I was a little amazed that
I couldn't find a prototype of pfopen()/pfclose() somewhere else,
because it isn't marked as static.

Apart from that, removing these functions wouldn't have been harmful
anyway, because there are some other strange things about them (the
implementation isn't consistent with the prototype at the top). Still,
it's better to leave it, because it makes merging code back to older
branches a little harder.

Requested by:	mlaier
2009-01-25 16:52:41 +00:00
ed
6b2f4a1972 Remove pfopen() and pfclose() entirely.
It turns out I was patching functions that weren't used by pf(4) anyway.
They still seem to use `struct proc *' instead of `struct thread *'.
They weren't listed in pf_cdevsw.
2009-01-25 14:39:15 +00:00
ed
4a0deaef86 Remove unneeded checking for invalid minor numbers from pf(4).
Because it is not possible to access the pf(4) character device through
any other device node as the one in devfs, there is no need to check for
unknown device minor numbers.

Approved by:	mlaier
2009-01-25 14:00:00 +00:00
jkim
c297463802 Change __FreeBSD_version to prepare for merging r184102. 2009-01-21 20:44:42 +00:00
bz
29f34ef6c1 Check for ipprotosw.h more precisely.
It hasn't been needed for more than 5 years, since r120386.

MFC after:	4 weeks
2008-12-23 16:49:07 +00:00
sam
c3f1faeb23 MFH @ 186335 2008-12-20 01:29:19 +00:00
qingli
ec826ad5c7 This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
   possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,

The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.

Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:

- Kip Macy revised the locking code completely, thus completing
  the last piece of the puzzle, Kip has also been conducting
  active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
  provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
  me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
bz
74c06b7ee1 Like for tcp_subr.c in r186057 make the MD5 context a function local
variable in this copy of the code[1].

While here prefix the variables with 'pf_' to avoid file static global
variables with colliding names that are or will be virtualized.

Discussed with:	rwatson, silby [1]
2008-12-13 22:04:52 +00:00
bz
98e7fe0e6a Second round of putting global variables, which were virtualized
but formerly missed under VIMAGE_GLOBAL.

Put the extern declarations of the  virtualized globals
under VIMAGE_GLOBAL as the globals themsevles are already.
This will help by the time when we are going to remove the globals
entirely.

Sponsored by:	The FreeBSD Foundation
2008-12-13 19:13:03 +00:00
sam
9c1fcf4ecd Merge WIP from p4:
o recognize ixp435 cpu
o change memory layout for for ixp4xx to not assume memory is aliases
  to 0x10000000 (Cambria/ixp435 memory starts at zero)
o handle 64 irqs for ixp435
o dual EHCI USB 2.0 controller integral to ixp435
o overhaul NPE code for ixp435 and better MAC+MII naming
o updated NPE firmware (including NPE-A image for ixp435/ixp465)
o Gateworks Cambria board support:
  - IDE compact flash
  - MCU
  - front panel LED on i2c bus
  - Octal LED latch

Sanity-tested with NFS-root on Avila and Cambria boards.  Requires
pending boot2 mods for CF-boot on Cambria.
2008-12-13 01:21:37 +00:00
zec
7b573d1496 Conditionally compile out V_ globals while instantiating the appropriate
container structures, depending on VIMAGE_GLOBALS compile time option.

Make VIMAGE_GLOBALS a new compile-time option, which by default will not
be defined, resulting in instatiations of global variables selected for
V_irtualization (enclosed in #ifdef VIMAGE_GLOBALS blocks) to be
effectively compiled out.  Instantiate new global container structures
to hold V_irtualized variables: vnet_net_0, vnet_inet_0, vnet_inet6_0,
vnet_ipsec_0, vnet_netgraph_0, and vnet_gif_0.

Update the VSYM() macro so that depending on VIMAGE_GLOBALS the V_
macros resolve either to the original globals, or to fields inside
container structures, i.e. effectively

#ifdef VIMAGE_GLOBALS
#define V_rt_tables rt_tables
#else
#define V_rt_tables vnet_net_0._rt_tables
#endif

Update SYSCTL_V_*() macros to operate either on globals or on fields
inside container structs.

Extend the internal kldsym() lookups with the ability to resolve
selected fields inside the virtualization container structs.  This
applies only to the fields which are explicitly registered for kldsym()
visibility via VNET_MOD_DECLARE() and vnet_mod_register(), currently
this is done only in sys/net/if.c.

Fix a few broken instances of MODULE_GLOBAL() macro use in SCTP code,
and modify the MODULE_GLOBAL() macro to resolve to V_ macros, which in
turn result in proper code being generated depending on VIMAGE_GLOBALS.

De-virtualize local static variables in sys/contrib/pf/net/pf_subr.c
which were prematurely V_irtualized by automated V_ prepending scripts
during earlier merging steps.  PF virtualization will be done
separately, most probably after next PF import.

Convert a few variable initializations at instantiation to
initialization in init functions, most notably in ipfw.  Also convert
TUNABLE_INT() initializers for V_ variables to TUNABLE_FETCH_INT() in
initializer functions.

Discussed at:	devsummit Strassburg
Reviewed by:	bz, julian
Approved by:	julian (mentor)
Obtained from:	//depot/projects/vimage-commit2/...
X-MFC after:	never
Sponsored by:	NLnet Foundation, The FreeBSD Foundation
2008-12-10 23:12:39 +00:00
kmacy
598b522b42 - convert radix node head lock from mutex to rwlock
- make radix node head lock not recursive
 - fix LOR in rtexpunge
 - fix LOR in rtredirect

Reviewed by:	sam
2008-12-07 21:15:43 +00:00
bz
604d89458a Rather than using hidden includes (with cicular dependencies),
directly include only the header files needed. This reduces the
unneeded spamming of various headers into lots of files.

For now, this leaves us with very few modules including vnet.h
and thus needing to depend on opt_route.h.

Reviewed by:	brooks, gnn, des, zec, imp
Sponsored by:	The FreeBSD Foundation
2008-12-02 21:37:28 +00:00
sam
3693ee3c32 Switch to ath hal source code. Note this removes the ath_hal
module; the ath module now brings in the hal support.  Kernel
config files are almost backwards compatible; supplying

device ath_hal

gives you the same chip support that the binary hal did but you
must also include

options AH_SUPPORT_AR5416

to enable the extended format descriptors used by 11n parts.
It is now possible to control the chip support included in a
build by specifying exactly which chips are to be supported
in the config file; consult ath_hal(4) for information.
2008-12-01 16:53:01 +00:00
zec
7ecd715d48 Unhide declarations of network stack virtualization structs from
underneath #ifdef VIMAGE blocks.

This change introduces some churn in #include ordering and nesting
throughout the network stack and drivers but is not expected to cause
any additional issues.

In the next step this will allow us to instantiate the virtualization
container structures and switch from using global variables to their
"containerized" counterparts.

Reviewed by:	bz, julian
Approved by:	julian (mentor)
Obtained from:	//depot/projects/vimage-commit2/...
X-MFC after:	never
Sponsored by:	NLnet Foundation, The FreeBSD Foundation
2008-11-28 23:30:51 +00:00
des
a1e1ad22e0 Fix a number of style issues in the MALLOC / FREE commit. I've tried to
be careful not to fix anything that was already broken; the NFSv4 code is
particularly bad in this respect.
2008-10-23 20:26:15 +00:00
des
66f807ed8b Retire the MALLOC and FREE macros. They are an abomination unto style(9).
MFC after:	3 months
2008-10-23 15:53:51 +00:00
jkim
0b6f0646df Turn off CPU frequency change notifiers when the TSC is P-state invariant
or it is forced by setting 'kern.timecounter.invariant_tsc' tunable
to non-zero.
2008-10-21 00:38:00 +00:00
bz
77f80e0672 Cache so_cred as inp_cred in the inpcb.
This means that inp_cred is always there, even after the socket
has gone away. It also means that it is constant for the lifetime
of the inp.
Both facts lead to simpler code and possibly less locking.

Suggested by:	rwatson
Reviewed by:	rwatson
MFC after:	6 weeks
X-MFC Note:	use a inp_pspare for inp_cred
2008-10-04 15:06:34 +00:00
zec
8797d4caec Step 1.5 of importing the network stack virtualization infrastructure
from the vimage project, as per plan established at devsummit 08/08:
http://wiki.freebsd.org/Image/Notes200808DevSummit

Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator
macros, and CURVNET_SET() context setting macros, all currently
resolving to NOPs.

Prepare for virtualization of selected SYSCTL objects by introducing a
family of SYSCTL_V_*() macros, currently resolving to their global
counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT().

Move selected #defines from sys/sys/vimage.h to newly introduced header
files specific to virtualized subsystems (sys/net/vnet.h,
sys/netinet/vinet.h etc.).

All the changes are verified to have zero functional impact at this
point in time by doing MD5 comparision between pre- and post-change
object files(*).

(*) netipsec/keysock.c did not validate depending on compile time options.

Implemented by:	julian, bz, brooks, zec
Reviewed by:	julian, bz, brooks, kris, rwatson, ...
Approved by:	julian (mentor)
Obtained from:	//depot/projects/vimage-commit2/...
X-MFC after:	never
Sponsored by:	NLnet Foundation, The FreeBSD Foundation
2008-10-02 15:37:58 +00:00
ed
4efdef565f Replace all calls to minor() with dev2unit().
After I removed all the unit2minor()/minor2unit() calls from the kernel
yesterday, I realised calling minor() everywhere is quite confusing.
Character devices now only have the ability to store a unit number, not
a minor number. Remove the confusion by using dev2unit() everywhere.

This commit could also be considered as a bug fix. A lot of drivers call
minor(), while they should actually be calling dev2unit(). In -CURRENT
this isn't a problem, but it turns out we never had any problem reports
related to that issue in the past. I suspect not many people connect
more than 256 pieces of the same hardware.

Reviewed by:	kib
2008-09-27 08:51:18 +00:00
rpaulo
5c95f8503b Merge ath again (addition of wisoc files). 2008-09-05 22:24:31 +00:00
rpaulo
83e55bfe81 Merge fix for P4 expansion from vendor branch. 2008-09-05 13:18:06 +00:00
rpaulo
04258bac6c Merge ath_hal 0.10.5.10 to head.
Approved by:	sam
2008-08-28 00:22:59 +00:00
rpaulo
3a69ca14c2 Flatten the vendor-sys/ath tree for future imports. 2008-08-27 19:52:48 +00:00
rpaulo
07578273b4 Workaround the detect-merge-conflicts.sh script and 's/^======$/&='. 2008-08-27 19:47:48 +00:00
julian
9ddf84d97e I think we can remove the conditionals for freebsd 2.0 now 2008-08-25 07:33:17 +00:00
bz
1021d43b56 Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).

This is the first in a series of commits over the course
of the next few weeks.

Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.

We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.

Obtained from:	//depot/projects/vimage-commit2/...
Reviewed by:	brooks, des, ed, mav, julian,
		jamie, kris, rwatson, zec, ...
		(various people I forgot, different versions)
		md5 (with a bit of help)
Sponsored by:	NLnet Foundation, The FreeBSD Foundation
X-MFC after:	never
V_Commit_Message_Reviewed_By:	more people than the patch
2008-08-17 23:27:27 +00:00
mlaier
f262e1ff14 Merge state reuse for tcp.
PR:		kern/125261
Obtained from:	OpenBSD
MFC after:	1 week
2008-08-04 14:42:09 +00:00
darrenr
c85943e33b 2020447 IPFilter's NAT can undo name server random port selection
(fix output port range, was a random number in [0,max-min]
	 (byteswapped on litle endian), instead of [min,max])

Submitted by:	darrenr
2008-07-26 19:46:00 +00:00
julian
5c90c0c784 Fix spelling error in comment 2008-07-24 19:05:58 +00:00
darrenr
49ad2adb91 2020447 IPFilter's NAT can undo name server random port selection
Approved by:	darrenr
MFC after:	1 week
Security:	CERT VU#521769
2008-07-24 12:35:05 +00:00
jhb
026267261c Remove the oltr(4) driver. No one responded to calls for testing on
current@ and stable@ for the locking patches.  The driver can always be
revived if someone tests it.

This driver also sleeps in its if_init routine, so it likely doesn't really
work at all anyway in modern releases.
2008-07-04 18:58:53 +00:00
jhb
6ebfda5b30 Make oltr(4) MPSAFE:
- Add a mutex to the softc and use it to protect the softc and device
  hardware.
- Setup interrupt handler after interface attach.
- Retire 'unit' from softc and use if_printf() instead.
- Don't frob IFF_UP in the driver.
- Use callout_() rather than timeout() and untimeout().
2008-07-04 18:27:14 +00:00
mlaier
282a9aef65 Fix range check for rtable id. 2008-06-05 19:30:20 +00:00
julian
1dfc5c98a4 Add code to allow the system to handle multiple routing tables.
This particular implementation is designed to be fully backwards compatible
and to be MFC-able to 7.x (and 6.x)

Currently the only protocol that can make use of the multiple tables is IPv4
Similar functionality exists in OpenBSD and Linux.

From my notes:

-----

  One thing where FreeBSD has been falling behind, and which by chance I
  have some time to work on is "policy based routing", which allows
  different
  packet streams to be routed by more than just the destination address.

  Constraints:
  ------------

  I want to make some form of this available in the 6.x tree
  (and by extension 7.x) , but FreeBSD in general needs it so I might as
  well do it in -current and back port the portions I need.

  One of the ways that this can be done is to have the ability to
  instantiate multiple kernel routing tables (which I will now
  refer to as "Forwarding Information Bases" or "FIBs" for political
  correctness reasons). Which FIB a particular packet uses to make
  the next hop decision can be decided by a number of mechanisms.
  The policies these mechanisms implement are the "Policies" referred
  to in "Policy based routing".

  One of the constraints I have if I try to back port this work to
  6.x is that it must be implemented as a EXTENSION to the existing
  ABIs in 6.x so that third party applications do not need to be
  recompiled in timespan of the branch.

  This first version will not have some of the bells and whistles that
  will come with later versions. It will, for example, be limited to 16
  tables in the first commit.
  Implementation method, Compatible version. (part 1)
  -------------------------------
  For this reason I have implemented a "sufficient subset" of a
  multiple routing table solution in Perforce, and back-ported it
  to 6.x. (also in Perforce though not  always caught up with what I
  have done in -current/P4). The subset allows a number of FIBs
  to be defined at compile time (8 is sufficient for my purposes in 6.x)
  and implements the changes needed to allow IPV4 to use them. I have not
  done the changes for ipv6 simply because I do not need it, and I do not
  have enough knowledge of ipv6 (e.g. neighbor discovery) needed to do it.

  Other protocol families are left untouched and should there be
  users with proprietary protocol families, they should continue to work
  and be oblivious to the existence of the extra FIBs.

  To understand how this is done, one must know that the current FIB
  code starts everything off with a single dimensional array of
  pointers to FIB head structures (One per protocol family), each of
  which in turn points to the trie of routes available to that family.

  The basic change in the ABI compatible version of the change is to
  extent that array to be a 2 dimensional array, so that
  instead of protocol family X looking at rt_tables[X] for the
  table it needs, it looks at rt_tables[Y][X] when for all
  protocol families except ipv4 Y is always 0.
  Code that is unaware of the change always just sees the first row
  of the table, which of course looks just like the one dimensional
  array that existed before.

  The entry points rtrequest(), rtalloc(), rtalloc1(), rtalloc_ign()
  are all maintained, but refer only to the first row of the array,
  so that existing callers in proprietary protocols can continue to
  do the "right thing".
  Some new entry points are added, for the exclusive use of ipv4 code
  called in_rtrequest(), in_rtalloc(), in_rtalloc1() and in_rtalloc_ign(),
  which have an extra argument which refers the code to the correct row.

  In addition, there are some new entry points (currently called
  rtalloc_fib() and friends) that check the Address family being
  looked up and call either rtalloc() (and friends) if the protocol
  is not IPv4 forcing the action to row 0 or to the appropriate row
  if it IS IPv4 (and that info is available). These are for calling
  from code that is not specific to any particular protocol. The way
  these are implemented would change in the non ABI preserving code
  to be added later.

  One feature of the first version of the code is that for ipv4,
  the interface routes show up automatically on all the FIBs, so
  that no matter what FIB you select you always have the basic
  direct attached hosts available to you. (rtinit() does this
  automatically).

  You CAN delete an interface route from one FIB should you want
  to but by default it's there. ARP information is also available
  in each FIB. It's assumed that the same machine would have the
  same MAC address, regardless of which FIB you are using to get
  to it.

  This brings us as to how the correct FIB is selected for an outgoing
  IPV4 packet.

  Firstly, all packets have a FIB associated with them. if nothing
  has been done to change it, it will be FIB 0. The FIB is changed
  in the following ways.

  Packets fall into one of a number of classes.

  1/ locally generated packets, coming from a socket/PCB.
     Such packets select a FIB from a number associated with the
     socket/PCB. This in turn is inherited from the process,
     but can be changed by a socket option. The process in turn
     inherits it on fork. I have written a utility call setfib
     that acts a bit like nice..

         setfib -3 ping target.example.com # will use fib 3 for ping.

     It is an obvious extension to make it a property of a jail
     but I have not done so. It can be achieved by combining the setfib and
     jail commands.

  2/ packets received on an interface for forwarding.
     By default these packets would use table 0,
     (or possibly a number settable in a sysctl(not yet)).
     but prior to routing the firewall can inspect them (see below).
     (possibly in the future you may be able to associate a FIB
     with packets received on an interface..  An ifconfig arg, but not yet.)

  3/ packets inspected by a packet classifier, which can arbitrarily
     associate a fib with it on a packet by packet basis.
     A fib assigned to a packet by a packet classifier
     (such as ipfw) would over-ride a fib associated by
     a more default source. (such as cases 1 or 2).

  4/ a tcp listen socket associated with a fib will generate
     accept sockets that are associated with that same fib.

  5/ Packets generated in response to some other packet (e.g. reset
     or icmp packets). These should use the FIB associated with the
     packet being reponded to.

  6/ Packets generated during encapsulation.
     gif, tun and other tunnel interfaces will encapsulate using the FIB
     that was in effect withthe proces that set up the tunnel.
     thus setfib 1 ifconfig gif0 [tunnel instructions]
     will set the fib for the tunnel to use to be fib 1.

  Routing messages would be associated with their
  process, and thus select one FIB or another.
  messages from the kernel would be associated with the fib they
  refer to and would only be received by a routing socket associated
  with that fib. (not yet implemented)

  In addition Netstat has been edited to be able to cope with the
  fact that the array is now 2 dimensional. (It looks in system
  memory using libkvm (!)). Old versions of netstat see only the first FIB.

  In addition two sysctls are added to give:
  a) the number of FIBs compiled in (active)
  b) the default FIB of the calling process.

  Early testing experience:
  -------------------------

  Basically our (IronPort's) appliance does this functionality already
  using ipfw fwd but that method has some drawbacks.

  For example,
  It can't fully simulate a routing table because it can't influence the
  socket's choice of local address when a connect() is done.

  Testing during the generating of these changes has been
  remarkably smooth so far. Multiple tables have co-existed
  with no notable side effects, and packets have been routes
  accordingly.

  ipfw has grown 2 new keywords:

  setfib N ip from anay to any
  count ip from any to any fib N

  In pf there seems to be a requirement to be able to give symbolic names to the
  fibs but I do not have that capacity. I am not sure if it is required.

  SCTP has interestingly enough built in support for this, called VRFs
  in Cisco parlance. it will be interesting to see how that handles it
  when it suddenly actually does something.

  Where to next:
  --------------------

  After committing the ABI compatible version and MFCing it, I'd
  like to proceed in a forward direction in -current. this will
  result in some roto-tilling in the routing code.

  Firstly: the current code's idea of having a separate tree per
  protocol family, all of the same format, and pointed to by the
  1 dimensional array is a bit silly. Especially when one considers that
  there is code that makes assumptions about every protocol having the
  same internal structures there. Some protocols don't WANT that
  sort of structure. (for example the whole idea of a netmask is foreign
  to appletalk). This needs to be made opaque to the external code.

  My suggested first change is to add routing method pointers to the
  'domain' structure, along with information pointing the data.
  instead of having an array of pointers to uniform structures,
  there would be an array pointing to the 'domain' structures
  for each protocol address domain (protocol family),
  and the methods this reached would be called. The methods would have
  an argument that gives FIB number, but the protocol would be free
  to ignore it.

  When the ABI can be changed it raises the possibilty of the
  addition of a fib entry into the "struct route". Currently,
  the structure contains the sockaddr of the desination, and the resulting
  fib entry. To make this work fully, one could add a fib number
  so that given an address and a fib, one can find the third element, the
  fib entry.

  Interaction with the ARP layer/ LL layer would need to be
  revisited as well. Qing Li has been working on this already.

  This work was sponsored by Ironport Systems/Cisco

Reviewed by:    several including rwatson, bz and mlair (parts each)
Obtained from:  Ironport systems/Cisco
2008-05-09 23:03:00 +00:00
kmacy
1f11c1549b fix build 2008-05-06 17:45:54 +00:00
kmacy
9dc66be796 conditionally define PANIC_IF 2008-05-05 19:39:20 +00:00
kmacy
3655ca8c3d Import basic common and iwarp kernel RDMA infrastructure.
Supported by: Chelsio Inc.
2008-05-05 18:35:55 +00:00
sam
8bf6f34fe9 Intel 4965 wireless driver (derived from openbsd driver of the same name) 2008-04-29 21:36:17 +00:00
sam
3569e353ca Multi-bss (aka vap) support for 802.11 devices.
Note this includes changes to all drivers and moves some device firmware
loading to use firmware(9) and a separate module (e.g. ral).  Also there
no longer are separate wlan_scan* modules; this functionality is now
bundled into the wlan module.

Supported by:	Hobnob and Marvell
Reviewed by:	many
Obtained from:	Atheros (some bits)
2008-04-20 20:35:46 +00:00
rwatson
475838228b Teach pf and ipfw to use read locks in inpcbs write than write locks
when reading credential data from sockets.

Teach pf to unlock the pcbinfo more quickly once it has acquired an
inpcb lock, as the inpcb lock is sufficient to protect the reference.

Assert locks, rather than read locks or write locks, on inpcbs in
subroutines--this is necessary as the inpcb may be passed down with a
write lock from the protocol, or may be passed down with a read lock
from the firewall lookup routine, and either is sufficient.

MFC after:	3 months
2008-04-20 00:21:54 +00:00
rwatson
ca47fccd6b Convert pcbinfo and inpcb mutexes to rwlocks, and modify macros to
explicitly select write locking for all use of the inpcb mutex.
Update some pcbinfo lock assertions to assert locked rather than
write-locked, although in practice almost all uses of the pcbinfo
rwlock main exclusive, and all instances of inpcb lock acquisition
are exclusive.

This change should introduce (ideally) little functional change.
However, it lays the groundwork for significantly increased
parallelism in the TCP/IP code.

MFC after:	3 months
Tested by:	kris (superset of committered patch)
2008-04-17 21:38:18 +00:00
mlaier
5cb64aae63 Make ALTQ cope with disappearing interfaces (particularly common with mpd
and netgraph in gernal).  This also allows to add queues for an interface
that is not yet existing (you have to provide the bandwidth for the
interface, however).

PR:		kern/106400, kern/117827
MFC after:	2 weeks
2008-03-29 00:24:36 +00:00
jb
cee2462540 Remove the last 3 files I missed. These have been repo copied to the new
location under a cddl part of the tree following the core@ license review.
2008-03-28 00:28:45 +00:00
jb
291b24b755 Remove files that have been repo copied to their new location
in cddl-specific parts of the source tree.
2008-03-28 00:08:47 +00:00
dfr
79d2dfdaa6 Add the new kernel-mode NFS Lock Manager. To use it instead of the
user-mode lock manager, build a kernel with the NFSLOCKD option and
add '-k' to 'rpc_lockd_flags' in rc.conf.

Highlights include:

* Thread-safe kernel RPC client - many threads can use the same RPC
  client handle safely with replies being de-multiplexed at the socket
  upcall (typically driven directly by the NIC interrupt) and handed
  off to whichever thread matches the reply. For UDP sockets, many RPC
  clients can share the same socket. This allows the use of a single
  privileged UDP port number to talk to an arbitrary number of remote
  hosts.

* Single-threaded kernel RPC server. Adding support for multi-threaded
  server would be relatively straightforward and would follow
  approximately the Solaris KPI. A single thread should be sufficient
  for the NLM since it should rarely block in normal operation.

* Kernel mode NLM server supporting cancel requests and granted
  callbacks. I've tested the NLM server reasonably extensively - it
  passes both my own tests and the NFS Connectathon locking tests
  running on Solaris, Mac OS X and Ubuntu Linux.

* Userland NLM client supported. While the NLM server doesn't have
  support for the local NFS client's locking needs, it does have to
  field async replies and granted callbacks from remote NLMs that the
  local client has contacted. We relay these replies to the userland
  rpc.lockd over a local domain RPC socket.

* Robust deadlock detection for the local lock manager. In particular
  it will detect deadlocks caused by a lock request that covers more
  than one blocking request. As required by the NLM protocol, all
  deadlock detection happens synchronously - a user is guaranteed that
  if a lock request isn't rejected immediately, the lock will
  eventually be granted. The old system allowed for a 'deferred
  deadlock' condition where a blocked lock request could wake up and
  find that some other deadlock-causing lock owner had beaten them to
  the lock.

* Since both local and remote locks are managed by the same kernel
  locking code, local and remote processes can safely use file locks
  for mutual exclusion. Local processes have no fairness advantage
  compared to remote processes when contending to lock a region that
  has just been unlocked - the local lock manager enforces a strict
  first-come first-served model for both local and remote lockers.

Sponsored by:	Isilon Systems
PR:		95247 107555 115524 116679
MFC after:	2 weeks
2008-03-26 15:23:12 +00:00
rwatson
877d7c65ba In keeping with style(9)'s recommendations on macros, use a ';'
after each SYSINIT() macro invocation.  This makes a number of
lightweight C parsers much happier with the FreeBSD kernel
source, including cflow's prcc and lxr.

MFC after:	1 month
Discussed with:	imp, rink
2008-03-16 10:58:09 +00:00
pjd
f924bfc1c5 Fix mmap(2) on ZFS after some changes in VM subsystem.
Submitted by:	alc
Reported by:	kris (originally) and many others
Tested with:	fsx
MFC after:	1 week
2008-03-15 23:23:04 +00:00
attilio
4014b55830 Axe the 'thread' argument from VOP_ISLOCKED() and lockstatus() as it is
always curthread.

As KPI gets broken by this patch, manpages and __FreeBSD_version will be
updated by further commits.

Tested by:	Andrea Barberio <insomniac at slackware dot it>
2008-02-25 18:45:57 +00:00
attilio
0d54671a48 Introduce some functions in the vnode locks namespace and in the ffs
namespace in order to handle lockmgr fields in a controlled way instead
than spreading all around bogus stubs:
- VN_LOCK_AREC() allows lock recursion for a specified vnode
- VN_LOCK_ASHARE() allows lock sharing for a specified vnode

In FFS land:
- BUF_AREC() allows lock recursion for a specified buffer lock
- BUF_NOREC() disallows recursion for a specified buffer lock

Side note: union_subr.c::unionfs_node_update() is the only other function
directly handling lockmgr fields. As this is not simple to fix, it has
been left behind as "sole" exception.
2008-02-24 16:38:58 +00:00
pjd
fbc761a694 - Reduce how much ZFS caches by default. This is another change to mitigate
'kmem_map too small panics'.
- Print two warnings if there is not enough memory and not enough address
  space.
- Improve comment.
2008-01-24 11:24:16 +00:00
attilio
71b7824213 VOP_LOCK1() (and so VOP_LOCK()) and VOP_UNLOCK() are only used in
conjuction with 'thread' argument passing which is always curthread.
Remove the unuseful extra-argument and pass explicitly curthread to lower
layer functions, when necessary.

KPI results broken by this change, which should affect several ports, so
version bumping and manpage update will be further committed.

Tested by: kris, pho, Diego Sardina <siarodx at gmail dot com>
2008-01-13 14:44:15 +00:00
njl
cec3f46f5f Fix GPE livelock that occurs on HP/Compaq laptops, mostly in the thermal
zone code.  The GPE handler method (i.e. _L00) generates various Notify
events that need to be run to completion before the GPE is re-enabled.
In ACPI-CA, we queue an asynch callback at the same priority as a Notify
so that it will only run after all Notify handlers have completed.  The
callback re-enables the GPE afterwards.  We also changed the priority of
Notifies to be the same as GPEs, given the possibility that another GPE
could arrive before the Notifies have completed and we don't want it to
get queued ahead of the rest.

The ACPI-CA change was submitted by Alexey Starikovskiy (SUSE) and will
appear in a later release.  Special thanks to him for helping track this
bug down.

MFC after:	1 week
Tested by:	jhb, Yousif Hassan <yousif / alumni.jmu.edu>
2008-01-12 22:13:12 +00:00
njl
5c93ec4f5c This commit was generated by cvs2svn to compensate for changes in r175256,
which included commits to RCS files with non-trunk default branches.
2008-01-12 22:13:12 +00:00
attilio
18d0a0dd51 vn_lock() is currently only used with the 'curthread' passed as argument.
Remove this argument and pass curthread directly to underlying
VOP_LOCK1() VFS method. This modify makes the code cleaner and in
particular remove an annoying dependence helping next lockmgr() cleanup.
KPI results, obviously, changed.

Manpage and FreeBSD_version will be updated through further commits.

As a side note, would be valuable to say that next commits will address
a similar cleanup about VFS methods, in particular vop_lock1 and
vop_unlock.

Tested by:	Diego Sardina <siarodx at gmail dot com>,
		Andrea Di Pasquale <whyx dot it at gmail dot com>
2008-01-10 01:10:58 +00:00
jb
22ebcc078a * Check endianness the FreeBSD way.
* Use LBOLT rather than lbolt to avoid a clash with a FreeBSD global
  variable.
2007-11-28 22:16:00 +00:00
jb
22720aa033 Fix a prototype definition. 2007-11-28 22:13:28 +00:00
jb
7d2b629940 Check endianness the FreeBSD way. 2007-11-28 22:12:21 +00:00
jb
ef879fff8b Include an extra header to get this to compile cleanly. 2007-11-28 22:11:39 +00:00
darrenr
6e334a7949 Fix 3 issues relating to the use of "auth" rules in IPFilter, from sourceforge:
1837014 Kernel panics after authentication of an outgoing packet
1836992 Potential bugs in packet auth code (w/patches)
1836967 Kernel panic when using auth rule with keep state
and another reported only to FreeBSD by Andiry (see PR)

PR:		kern/118251
Submitted by:	Andriy Syrovenko <andriys@gmail.com>
Reviewed by:	darrenr
MFC after:	5 days
2007-11-26 08:18:19 +00:00
mlaier
a944d25e86 Bring back pf_if.c revs 1.8 and 1.6 also lost during last import:
- Use correct time for tzero when compiled in
 - Don't use bogus interface addresses on ptp-interfaces with :0

MFC after:	3 days
2007-11-21 16:08:06 +00:00
mlaier
e7409e54d4 Cleanup pf interface mangement - esp. remove EVENTHANDLER before unloading
the coresponding code.  This was lost during 4.1 import.

Reported by:	ru
MFC after:	3 days
2007-11-21 14:18:14 +00:00
mlaier
1f6cdb5c23 Reloop OpenBSD rev. 1.563:
In pf_test_fragment(), ignore protocol-specific criteria for packets of
  different protocols.

Reported by:	des
Obtained from:	OpenBSD
MFC after:	3 days
2007-11-21 10:12:52 +00:00
pjd
2e4e429921 Warn if kmem_map size is set to less than 512MB. Previous warning was a bit
pointless, because default is set to something around 300MB and also
insufficient.

MFC after:	3 days
2007-11-07 14:44:31 +00:00
pjd
7b3d6c34b9 Remove unused header.
MFC after:	3 days
2007-11-05 22:18:34 +00:00
pjd
20124c11eb If setting a state to anything but open state, close access to vdev.
This fixes replacing drive in place, eg. zpool replace tank da1 da1.
Before it complained that device is already open.

MFC after:	1 week
2007-11-05 21:30:48 +00:00
benjsc
b43c03d668 Initial Import of wpi driver based on p4 changeset 128641.
This import includes:
   o wpi Wireless driver for the Intel 3945 Wireless Lan Controller (802.11abg) (sys/dev/wpi)
   o Intel firmware revision 2.14.4 & associated LICENSE (sys/dev/contrib/wpi, sys/contrib/dev/wpi/LICENSE)
   o wpifw Firmware driver (sys/modules/wpifw)

Approved by: mlaier, sam (co-mentors)
2007-11-05 11:47:19 +00:00
lulf
f39a9d39ee - Add sysctl for sizeof(znode_t), which will be used by fstat(1).
Approved by:	pjd (mentor)
2007-11-02 00:35:05 +00:00
pjd
12ba547cb4 Call zil_commit() (if ZIL is not disabled) after every non-read request
(BIO_WRITE and BIO_FLUSH) as it is done is Solaris. The difference is
that Solaris calls it only for sync requests, but we can't say in GEOM
is the request is sync or async, so we do it for every request.

MFC after:	1 week
2007-11-01 11:04:21 +00:00
darrenr
e94bd5ada2 Apply a few changes from ipfilter-current:
* Do not hold any locks over calls to copyin/copyout.
* Clean up some #ifdefs
* fix a possible mbuf leak when NAT fails on policy routed packets

PR:		117216
2007-10-30 15:23:27 +00:00
rwatson
369fd04f48 Continue to move from generic network entry points in the TrustedBSD MAC
Framework by moving from mac_mbuf_create_netlayer() to more specific
entry points for specific network services:

- mac_netinet_firewall_reply() to be used when replying to in-bound TCP
  segments in pf and ipfw (etc).

- Rename mac_netinet_icmp_reply() to mac_netinet_icmp_replyinplace() and
  add mac_netinet_icmp_reply(), reflecting that in some cases we overwrite
  a label in place, but in others we apply the label to a new mbuf.

Obtained from:	TrustedBSD Project
2007-10-28 17:12:48 +00:00
rwatson
a3b8fc4866 Rename 'mac_mbuf_create_from_firewall' to 'mac_netinet_firewall_send' as
we move towards netinet as a pseudo-object for the MAC Framework.

Rename 'mac_create_mbuf_linklayer' to 'mac_mbuf_create_linklayer' to
reflect general object-first ordering preference.

Sponsored by:	SPARTA (original patches against Mac OS X)
Obtained from:	TrustedBSD Project, Apple Computer
2007-10-26 13:18:38 +00:00
mlaier
77d2172c99 Properly drop the pf mutex around all copyout (consistency still protected
by the sx) and avoid a WITNESS panic.  Overlooked during last import.

Reported and tested by:	Max N. Boyarov
MFC after:		3 days
2007-10-24 20:57:17 +00:00
rwatson
60570a92bf Merge first in a series of TrustedBSD MAC Framework KPI changes
from Mac OS X Leopard--rationalize naming for entry points to
the following general forms:

  mac_<object>_<method/action>
  mac_<object>_check_<method/action>

The previous naming scheme was inconsistent and mostly
reversed from the new scheme.  Also, make object types more
consistent and remove spaces from object types that contain
multiple parts ("posix_sem" -> "posixsem") to make mechanical
parsing easier.  Introduce a new "netinet" object type for
certain IPv4/IPv6-related methods.  Also simplify, slightly,
some entry point names.

All MAC policy modules will need to be recompiled, and modules
not updates as part of this commit will need to be modified to
conform to the new KPI.

Sponsored by:	SPARTA (original patches against Mac OS X)
Obtained from:	TrustedBSD Project, Apple Computer
2007-10-24 19:04:04 +00:00
julian
51d643caa6 Rename the kthread_xxx (e.g. kthread_create()) calls
to kproc_xxx as they actually make whole processes.
Thos makes way for us to add REAL kthread_create() and friends
that actually make theads. it turns out that most of these
calls actually end up being moved back to the thread version
when it's added. but we need to make this cosmetic change first.

I'd LOVE to do this rename in 7.0  so that we can eventually MFC the
new kthread_xxx() calls.
2007-10-20 23:23:23 +00:00
darrenr
fd172ed327 Pullup IPFilter 4.1.28 from the vendor branch into HEAD.
MFC after:	7 days
2007-10-18 21:52:14 +00:00
darrenr
8e202f8079 Import IPFilter 4.1.28 2007-10-18 21:42:51 +00:00
darrenr
3345281d0a This commit was generated by cvs2svn to compensate for changes in r172771,
which included commits to RCS files with non-trunk default branches.
2007-10-18 21:42:51 +00:00
thompsa
d99df3dd9e ZFS_LOG adds a newline by itself.
Pointed out by:	pjd
2007-10-14 16:14:32 +00:00
thompsa
0a03699452 Print the ZFS ereport to the console if vfs.zfs.debug is set to help diagnose
problems with zfs-on-root since devd isnt running yet.

Reviewed by:	pjd
2007-10-14 07:58:50 +00:00
pjd
1958f24dc2 Fix lock leak leading to the 'System call <name> returning with 1 locks held'
panic.

Reported by:	kris
Approved by:	re (kensmith)
2007-10-04 17:51:59 +00:00
cognet
63a24fc32d Ok I hope I got it right this time.
After discussion with Sam, switch back to use firmware(9) instead of
having the firmware in hex format.
Put the binary firmware uuencoded into sys/contrib/dev/npe, and slap a
LICENSE file, as found on the Intel website.

Approved by:	re (blanket), mux (mentor)
MFC After:	1 week
2007-09-27 22:39:49 +00:00
jkim
f7e7ed217a Fix global lock recursion bug.
This patch was part of ACPI-CA 20070508 release and the
following is excerpt from its change log:

Fixed a problem where the Global Lock handle was not properly
updated if a thread that acquired the Global Lock via executing
AML code then attempted to acquire the lock via the
AcpiAcquireGlobalLock interface. Reported by Joe Liu.

Approved by:	re (kensmith)
Tested by:	ambrisko
Obtained from:	Intel
2007-09-24 17:12:36 +00:00
jkim
18e70fea3e This commit was generated by cvs2svn to compensate for changes in r172314,
which included commits to RCS files with non-trunk default branches.
2007-09-24 17:12:36 +00:00
pjd
a4c30a2063 Now that we have CDDLed code in the tree, add CDDL license.
Discussed with:	core
Approved by:	re (kensmith)
2007-09-23 07:04:50 +00:00
pjd
a9891a0fce Reduce the limit of vnodes on i386 when ZFS is loaded to 3/4 of the original
value, so we don't run out of KVA. The default vnodes limit fits better for
UFS, but ZFS allocated more file system specific memory for a vnode than UFS.

Don't touch vnodes limit if we detect it was tuned by system administrator
and restore original value when ZFS is unloaded.

This isn't final fix, but before we implement something better, this will
help to stabilize ZFS under heavy load on i386.

Approved by:	re (bmah)
2007-09-10 19:58:14 +00:00
pjd
e924beddcf After dfr@ vnode leak fix, we can allow ARC to consume more memory.
Tested by:	kris
Approved by:	re (bmah)
2007-09-10 18:12:27 +00:00
pjd
3ee1ed30a1 Use CTLFLAG_RDTUN for tunable sysctls.
Approved by:	re (bmah)
2007-09-01 06:23:42 +00:00
dhartmei
6853d1aa5a When checking the sequence number of a TCP header embedded in an
ICMP error message, do not access th_flags. The field is beyond
the first eight bytes of the header that are required to be present
and were pulled up in the mbuf.

A random value of th_flags can have TH_SYN set, which made the
sequence number comparison not apply the window scaling factor,
which led to legitimate ICMP(v6) packets getting blocked with
"BAD ICMP" debug log messages (if enabled with pfctl -xm), thus
breaking PMTU discovery.

Triggering the bug requires TCP window scaling to be enabled
(sysctl net.inet.tcp.rfc1323, enabled by default) on both end-
points of the TCP connection. Large scaling factors increase
the probability of triggering the bug.

PR:		kern/115413: [ipv6] ipv6 pmtu not working
Tested by:	Jacek Zapala
Reviewed by:	mlaier
Approved by:	re (kensmith)
2007-08-23 09:30:58 +00:00
rwatson
a62dbe240a Replace references to NET_CALLOUT_MPSAFE with CALLOUT_MPSAFE, and remove
definition of NET_CALLOUT_MPSAFE, which is no longer required now that
debug.mpsafenet has been removed.

The once over:	bz
Approved by:	re (kensmith)
2007-07-28 07:31:30 +00:00
pjd
67705357ae Update assertion after revision 1.23.
Reviewed by:	dfr
Approved by:	re (rwatson)
2007-07-24 15:00:43 +00:00
njl
441582040c Fix a bug where the callout might not be initialized before being used.
Rev 1.9 introduced another path where machclk_freq would be initialized
before the rest of setup was done (i.e. initializing the callout).  Make
the one-time initialization a separate function and make init_machclk()
able to be called multiple times, any time.  We depend on tsc_freq first
being updated from the highest priority eventhandler, thus we run last
and call init_machclk() to set machclk_freq.  Also, don't initialize
static variables to 0.

Tested by:	Eygene Ryabinkin
Approved by:	re
2007-07-12 17:00:51 +00:00
harti
5bd0ea9607 This commit was generated by cvs2svn to compensate for changes in r171364,
which included commits to RCS files with non-trunk default branches.
2007-07-11 14:41:54 +00:00
harti
5d37f9d01f Vendor patch to remove some __inline qualifiers on non-static functions
because they seem to cause warnings in gcc-4.2.

Submitted by:	mjacob
Approved by:	re
2007-07-11 14:41:54 +00:00
dfr
4cd173a329 Correct a reference-counting mistake in the ZFS code which led to abnormal
memory usage and pessimal cache performance.

Reviewed by: pjd
Approved by: re (rwatson)
2007-07-09 09:03:49 +00:00
mlaier
eb24a0114a Remove unused variable from pf_subr.c to make it -Werror buildable.
Approved by:	re (kensmith)
2007-07-05 15:28:59 +00:00
mlaier
c5cadf910f Add two place holders in struct pf_rule for future netgraph integration.
Submitted by:	Ermal Luçi
Approved by:	re (kensmith)
2007-07-03 12:58:33 +00:00
mlaier
83807ec50d Link pf 4.1 to the build:
- move ftp-proxy from libexec to usr.sbin
 - add tftp-proxy
 - new altq mtag link

Approved by:	re (kensmith)
2007-07-03 12:46:08 +00:00
mlaier
fcd62f6e39 Commit resolved import of OpenBSD 4.1 pf from perforce.
Approved by:	re (kensmith)
2007-07-03 12:16:07 +00:00
mlaier
d5177fc84e This commit was generated by cvs2svn to compensate for changes in r171164,
which included commits to RCS files with non-trunk default branches.
2007-07-03 12:06:01 +00:00
mlaier
dc6ae5fc92 Import pf from OpenBSD 4.1 2007-07-03 12:06:01 +00:00
mlaier
a8f964c8c6 Fix hardware checksum verification on fragments.
MFC after:		7 days
Reported/tested by: 	Hugo Koji Kobayashi, Vadym Chepkov
Reviewed/help by:	yongari
Approved by:		re (kensmith)
2007-07-03 11:50:02 +00:00
dfr
636717a46f In zfs_vget, if we fail to translate an inode number to the corresponding
vnode, make sure we return an error code to the caller.

Reviewed by: pjd
Approved by: re
2007-06-27 12:00:24 +00:00