aboutsummaryrefslogtreecommitdiff
path: root/sys/net/if_bridge.c
Commit message (Collapse)AuthorAgeFilesLines
* bridge_delete_member is called via the event handler from if_detachAndrew Thompson2009-02-131-5/+9
| | | | | | | | | | | after the LLADDR is reclaimed which causes a null pointer deref with inherit_mac enabled. Record the ifnet pointer of the interface and then compare that to find when to re-assign the bridge address. Submitted by: sam Notes: svn path=/head/; revision=188594
* Conditionally compile out V_ globals while instantiating the appropriateMarko Zec2008-12-101-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | container structures, depending on VIMAGE_GLOBALS compile time option. Make VIMAGE_GLOBALS a new compile-time option, which by default will not be defined, resulting in instatiations of global variables selected for V_irtualization (enclosed in #ifdef VIMAGE_GLOBALS blocks) to be effectively compiled out. Instantiate new global container structures to hold V_irtualized variables: vnet_net_0, vnet_inet_0, vnet_inet6_0, vnet_ipsec_0, vnet_netgraph_0, and vnet_gif_0. Update the VSYM() macro so that depending on VIMAGE_GLOBALS the V_ macros resolve either to the original globals, or to fields inside container structures, i.e. effectively #ifdef VIMAGE_GLOBALS #define V_rt_tables rt_tables #else #define V_rt_tables vnet_net_0._rt_tables #endif Update SYSCTL_V_*() macros to operate either on globals or on fields inside container structs. Extend the internal kldsym() lookups with the ability to resolve selected fields inside the virtualization container structs. This applies only to the fields which are explicitly registered for kldsym() visibility via VNET_MOD_DECLARE() and vnet_mod_register(), currently this is done only in sys/net/if.c. Fix a few broken instances of MODULE_GLOBAL() macro use in SCTP code, and modify the MODULE_GLOBAL() macro to resolve to V_ macros, which in turn result in proper code being generated depending on VIMAGE_GLOBALS. De-virtualize local static variables in sys/contrib/pf/net/pf_subr.c which were prematurely V_irtualized by automated V_ prepending scripts during earlier merging steps. PF virtualization will be done separately, most probably after next PF import. Convert a few variable initializations at instantiation to initialization in init functions, most notably in ipfw. Also convert TUNABLE_INT() initializers for V_ variables to TUNABLE_FETCH_INT() in initializer functions. Discussed at: devsummit Strassburg Reviewed by: bz, julian Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation Notes: svn path=/head/; revision=185895
* Rather than using hidden includes (with cicular dependencies),Bjoern A. Zeeb2008-12-021-0/+2
| | | | | | | | | | | | | | directly include only the header files needed. This reduces the unneeded spamming of various headers into lots of files. For now, this leaves us with very few modules including vnet.h and thus needing to depend on opt_route.h. Reviewed by: brooks, gnn, des, zec, imp Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=185571
* Step 1.5 of importing the network stack virtualization infrastructureMarko Zec2008-10-021-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | from the vimage project, as per plan established at devsummit 08/08: http://wiki.freebsd.org/Image/Notes200808DevSummit Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator macros, and CURVNET_SET() context setting macros, all currently resolving to NOPs. Prepare for virtualization of selected SYSCTL objects by introducing a family of SYSCTL_V_*() macros, currently resolving to their global counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT(). Move selected #defines from sys/sys/vimage.h to newly introduced header files specific to virtualized subsystems (sys/net/vnet.h, sys/netinet/vinet.h etc.). All the changes are verified to have zero functional impact at this point in time by doing MD5 comparision between pre- and post-change object files(*). (*) netipsec/keysock.c did not validate depending on compile time options. Implemented by: julian, bz, brooks, zec Reviewed by: julian, bz, brooks, kris, rwatson, ... Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation Notes: svn path=/head/; revision=183550
* Put the bridge mac inheritance behind a sysctl with the default off as thisAndrew Thompson2008-09-081-2/+7
| | | | | | | | | still needs all the edge cases fixed. Submitted by: Eygene Ryabinkin Notes: svn path=/head/; revision=182862
* Commit step 1 of the vimage project, (network stack)Bjoern A. Zeeb2008-08-171-13/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | virtualization work done by Marko Zec (zec@). This is the first in a series of commits over the course of the next few weeks. Mark all uses of global variables to be virtualized with a V_ prefix. Use macros to map them back to their global names for now, so this is a NOP change only. We hope to have caught at least 85-90% of what is needed so we do not invalidate a lot of outstanding patches again. Obtained from: //depot/projects/vimage-commit2/... Reviewed by: brooks, des, ed, mav, julian, jamie, kris, rwatson, zec, ... (various people I forgot, different versions) md5 (with a bit of help) Sponsored by: NLnet Foundation, The FreeBSD Foundation X-MFC after: never V_Commit_Message_Reviewed_By: more people than the patch Notes: svn path=/head/; revision=181803
* LRO combined packets can actually be bridged as long as all the interfaces alsoAndrew Thompson2008-08-161-5/+6
| | | | | | | | | support TSO, this can always be disabled manually if undesirable. Pointed out by: gallatin Notes: svn path=/head/; revision=181795
* Be smarter about disabling interface capabilities. TOE/TSO/TXCSUM will only beAndrew Thompson2008-07-031-23/+51
| | | | | | | | | | disabled if one (or more) of the member interfaces does not support it. Always turn off LRO since we can not bridge a combined frame. Tested by: Stefan Lambrev Notes: svn path=/head/; revision=180220
* Set bridge MAC addresses to the MAC address of their first interface unlessPhilip Paeps2008-07-011-6/+33
| | | | | | | | | | | | locally configured. This is more in line with the behaviour of other popular bridging implementations and makes bridges more predictable after reboots for example. Reviewed by: thompsa MFC after: 1 week Notes: svn path=/head/; revision=180140
* Remove a chunk of duplicated code, test the destination address against theAndrew Thompson2008-01-181-56/+27
| | | | | | | bridge the same way we check member interfaces. Notes: svn path=/head/; revision=175432
* IEEE 802.1D-2004 states, frames containing any of the group MAC AddressesAndrew Thompson2008-01-181-1/+14
| | | | | | | | | | specified in Table 7-10 in their destination address field shall not be relayed by the Bridge. Add a check in bridge_forward() to adhere to this. PR: kern/119744 Notes: svn path=/head/; revision=175419
* Sync from OpenBSD r1.118, nuke clause 3 & 4.Andrew Thompson2008-01-171-5/+0
| | | | Notes: svn path=/head/; revision=175396
* Simplify the error handling and use the dereferenced sc->sc_ifp pointer.Andrew Thompson2007-12-181-44/+26
| | | | Notes: svn path=/head/; revision=174749
* When the bridge has an address and a packet comes in for it then drop it if theAndrew Thompson2007-12-181-0/+7
| | | | | | | | | | | | | link has been marked discarding by Spanning Tree. This would cause the bridge to see duplicate packets to itself even if STP has correctly calculated the topology and blocked redundant links. Reported by: trasz Tested by: trasz MFC after: 3 days Notes: svn path=/head/; revision=174746
* 1) dummynet_io() declaration has changed.Oleg Bulyzhin2007-11-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 2) Alter packet flow inside dummynet: allow certain packets to bypass dummynet scheduler. Benefits are: - lower latency: if packet flow does not exceed pipe bandwidth, packets will not be (up to tick) delayed (due to dummynet's scheduler granularity). - lower overhead: if packet avoids dummynet scheduler it shouldn't reenter ip stack later. Such packets can be fastforwarded. - recursion (which can lead to kernel stack exhaution) eliminated. This fix long existed panic, which can be triggered this way: kldload dummynet sysctl net.inet.ip.fw.one_pass=0 ipfw pipe 1 config bw 0 for i in `jot 30`; do ipfw add 1 pipe 1 icmp from any to any; done ping -c 1 localhost 3) Three new sysctl nodes are added: net.inet.ip.dummynet.io_pkt - packets passed to dummynet net.inet.ip.dummynet.io_pkt_fast - packets avoided dummynet scheduler net.inet.ip.dummynet.io_pkt_drop - packets dropped by dummynet P.S. Above comments are true only for layer 3 packets. Layer 2 packet flow is not changed yet. MFC after: 3 month Notes: svn path=/head/; revision=173399
* Add an option to limit the number of source MACs that can be behind a bridgeAndrew Thompson2007-11-041-23/+86
| | | | | | | | | | | interface. Once the limit is reached packets with unknown source addresses are dropped until an existing host cache entry expires or is removed. Useful to use with the STICKY cache option. Sponsored by: miniSuperHappyDevHouse NZ Notes: svn path=/head/; revision=173320
* Use ETHER_BPF_MTAP so that the vlan tags are visible to bpf(4) when bridging aAndrew Thompson2007-10-201-4/+4
| | | | | | | | | | vlan trunk. Discussed with: csjp MFC after: 3 days Notes: svn path=/head/; revision=172824
* The bridging output function puts the mbuf directly on the interfaces sendAndrew Thompson2007-10-181-1/+17
| | | | | | | | | | | | | | | | | | | queue so the output network card must support the same tagging mechanism as how the frame was input (prepended Ethernet header tag or stripped HW mflag). Now the vlan Ethernet header is _always_ stripped in ether_input and the mbuf flagged, only only network cards with VLAN_HWTAGGING enabled would properly re-tag any outgoing vlan frames. If the outgoing interface does not support hardware tagging then readd the vlan header to the front of the frame. Move the common vlan encapsulation in to ether_vlanencap(). Reported by: Erik Osterholm, Jon Otterholm MFC after: 1 week Notes: svn path=/head/; revision=172770
* Allow additional packet filtering on the physical interface for locallyAndrew Thompson2007-09-161-0/+20
| | | | | | | | | | | | destined packets, disabled by default. PR: kern/116051 Submitted by: Eygene Ryabinkin Approved by: re (bmah) MFC after: 2 weeks Notes: svn path=/head/; revision=172201
* Add a bridge interface flag called PRIVATE where any private port can notAndrew Thompson2007-08-011-33/+37
| | | | | | | | | | | | | | | | | | communicate with another private port. All unicast/broadcast/multicast layer2 traffic is blocked so it works much the same way as using firewall rules but scales better and is generally easier as firewall packages usually do not allow ARP blocking. An example usage would be having a number of customers on separate vlans bridged with a server network. All the vlans are marked private, they can all communicate with the server network unhindered, but can not exchange any traffic whatsoever with each other. Approved by: re (rwatson) Notes: svn path=/head/; revision=171678
* Avoid holding the softc lock when using copyout().Andrew Thompson2007-07-261-29/+57
| | | | | | | | Reported by: dfr Approved by: re (rwatson) Notes: svn path=/head/; revision=171603
* Add the vlan tag to the bridge route table. This allows a vlan trunk to beAndrew Thompson2007-06-131-26/+53
| | | | | | | | | | bridged, previously legitimate traffic was not passed as the bridge could not tell that it was on a different Ethernet segment. All non-tagged traffic is treated as vlan1 as per IEEE 802.1Q-2003 Notes: svn path=/head/; revision=170681
* Remove a KASSERT intended to help the developer, the condition is no longerAndrew Thompson2007-05-301-0/+2
| | | | | | | | | | valid since the span code was added. PR: kern/113170 MFC after: 1 week Notes: svn path=/head/; revision=170139
* etherbroadcastaddr is now unused.Andrew Thompson2007-03-191-3/+0
| | | | Notes: svn path=/head/; revision=167725
* M_BCAST & M_MCAST are now set by ether_input before passing to the bridge.Andrew Thompson2007-03-191-7/+1
| | | | Notes: svn path=/head/; revision=167722
* Give a chance for packet to appear with a correct input interfacesRoman Kurakin2007-03-181-30/+50
| | | | | | | | | | | | | | in case of multiple interfaces with the same MAC in the same bridge. This commit do not solve the entire problem. Only case where packet arrived from such interface. PR: kern/109815 MFC after: 7 days Submitted by: Eygene Ryabinkin and rik@ Discussed with: bms@, thompsa@, yar@ Notes: svn path=/head/; revision=167683
* Properly move the setting of bstp_linkstate_p to the bridgestp module.Andrew Thompson2007-03-141-2/+0
| | | | Notes: svn path=/head/; revision=167575
* Change the passing of callbacks to a struct in case this needs to be ↵Andrew Thompson2007-03-091-1/+6
| | | | | | | extended in the future. Notes: svn path=/head/; revision=167379
* Move the lock init until after if_alloc in case the allocation fails and weAndrew Thompson2007-02-231-1/+1
| | | | | | | | | free the softc and return. MFC after: 3 days Notes: svn path=/head/; revision=166916
* These days P2P means peer-2-peer (also well known from serveral filesharingAndrew Thompson2006-12-111-6/+6
| | | | | | | | | | protocols) while PointToPoint has been PtP links. Change the variables accordingly while the code is still fresh and undocumented. Requested by: bz Notes: svn path=/head/; revision=165105
* Add two new flags to if_bridge(4) indicating whether the edge flagShteryana Shopova2006-12-041-0/+4
| | | | | | | | | | | | | | | | | of the bridge port and path cost have been administratively set or calculated automatically by RSTP. Make sure to transition from non-edge to edge when the port goes down and the edge flag was manually set before. This is needed to comply with the condition ((!portEnabled && AdminEdge) || ....) in the Bridge Detection State Machine (IEE802.1D-2004, p. 171). Reviewed by: thompsa Approved by: bz (mentor) Notes: svn path=/head/; revision=164880
* Fix SIOCGDRVSPEC/BRDGGIFSSTP ioctl: make it copyin() the userShteryana Shopova2006-12-031-1/+1
| | | | | | | | | | | provided buffer length before trying to use it. Reviewed by: thompsa Approved by: bz (mentor) MFC after: 3 days Notes: svn path=/head/; revision=164861
* Sync with the OpenBSD port of RSTPAndrew Thompson2006-11-271-51/+26
| | | | | | | | | | | | - use flags rather than sperate ioctls for edge, p2p - implement p2p and autop2p flags - define large pathcost constant as ULL - show bridgeid and rootid in ifconfig Obtained from: Reyk Floeter <reyk@openbsd.org> Notes: svn path=/head/; revision=164653
* use two stage creation of stp ports, this means that the stp variables can beAndrew Thompson2006-11-261-5/+5
| | | | | | | set before the port is marked STP and they will no longer be overwrittten Notes: svn path=/head/; revision=164626
* Add a new address cache type called sticky. On an interface marked sticky anyAndrew Thompson2006-11-091-17/+23
| | | | | | | | | | | address learned by the bridge is made permanent, the address will not age out and most importantly will not migrate to another interface. This can be used to stop mac address poisoning or clients roaming in much the same way as static entries without the hassle of preloading the table. Notes: svn path=/head/; revision=164112
* Sweep kernel replacing suser(9) calls with priv(9) calls, assigningRobert Watson2006-11-061-1/+2
| | | | | | | | | | | | | | | | specific privilege names to a broad range of privileges. These may require some future tweaking. Sponsored by: nCircle Network Security, Inc. Obtained from: TrustedBSD Project Discussed on: arch@ Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri, Alex Lyashkov <umka at sevcity dot net>, Skip Ford <skip dot ford at verizon dot net>, Antoine Brodin <antoine dot brodin at laposte dot net> Notes: svn path=/head/; revision=164033
* Fix possible leak when bridge is in monitor mode. Use m_freem() which willChristian S.J. Peron2006-11-051-1/+1
| | | | | | | | | | | free the entire chain, instead of using m_free() which will free just the mbuf that was passed. Discussed with: thompsa MFC after: 3 days Notes: svn path=/head/; revision=164002
* When the packet is for the bridge then note which interface to send the replyAndrew Thompson2006-11-041-0/+5
| | | | | | | | | | | | | | to, previously it was always broadcast to all interfaces (a bug). This is useful when the bridge is the default gateway and vlans are used to isolate each client, the reply is now kept private to the vlan which the client resides. Reported by: Jon Otterholm Tested by: Jon Otterholm MFC after: 3 days Notes: svn path=/head/; revision=163984
* Bring in support for the Rapid Spanning Tree Protocol (802.1w).Andrew Thompson2006-11-011-122/+169
| | | | | | | | | | | | | RSTP provides faster spanning tree convergence, the protocol will exchange information with neighboring switches to quickly transition to forwarding without creating loops. The code will default to RSTP mode but will downgrade any port connected to a legacy STP network so is fully backward compatible. Reviewed by: syrinx Tested by: syrinx Notes: svn path=/head/; revision=163863
* Use LIST_FOREACH_SAFE instead of a hand rolled version.Andrew Thompson2006-10-091-8/+4
| | | | Notes: svn path=/head/; revision=163142
* Revert r1.80 as the ethernet header was inadvertently stripped from ARPAndrew Thompson2006-09-221-14/+36
| | | | | | | | | | packets. Reimplement this correctly and use a sysctl that defaults to off so the user doesnt get any suprises if ipfw blocks the ARP packet. MFC after: 3 days Notes: svn path=/head/; revision=162561
* Rearrange things so that ARP packets can be filtered or rate limited with IPFW.Andrew Thompson2006-09-171-30/+14
| | | | | | | | Requested by: Jon Otterholm Tested by: Jon Otterholm Notes: svn path=/head/; revision=162368
* The bridge cant hear its own transmissions so set IFF_SIMPLEX.Andrew Thompson2006-08-251-1/+1
| | | | | | | | | PR: kern/102361 Tested by: Radim Kolar <hsn@netmag.cz> MFC after: 3 days Notes: svn path=/head/; revision=161625
* Remove unneeded asserts from bridge_ioctl_* since these are justAndrew Thompson2006-08-171-64/+0
| | | | | | | extensions of bridge_ioctl() which has the correct locking. Notes: svn path=/head/; revision=161407
* Remove two lock asserts that are unneeded due to subsequent unlocks.Andrew Thompson2006-08-171-2/+0
| | | | Notes: svn path=/head/; revision=161403
* Call bridge_span before dropping the lock.Andrew Thompson2006-08-171-2/+2
| | | | | | | MFC after: 5 days Notes: svn path=/head/; revision=161401
* - Use the new bridgestp callback to once again flush our bridge routes when anAndrew Thompson2006-08-021-2/+38
| | | | | | | | interface is disabled. - Log port changes to syslog, defaulting to off Notes: svn path=/head/; revision=160902
* Tell bridgestp that we are about to free the memory so it can cleanup.Andrew Thompson2006-08-021-0/+3
| | | | Notes: svn path=/head/; revision=160901
* Add some statistics that are needed to support RFC4188 as part of the SoC2006Andrew Thompson2006-07-311-1/+106
| | | | | | | | | work on a bridge monitoring module for BSNMP. Submitted by: shteryana (SoC 2006) Notes: svn path=/head/; revision=160867
* Remove the dependency of bridgestp.h on if_bridgevar.h by moving a couple ofAndrew Thompson2006-07-271-2/+50
| | | | | | | private structures to if_bridge.c. Notes: svn path=/head/; revision=160769
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-21 01:24:24 +0000