| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
PR: 202667
MFC after: 1 week
Notes:
svn path=/head/; revision=290116
|
|
|
|
|
|
|
|
|
|
|
| |
While fixing the PF_ANEQ() macro I messed up the parentheses, leading to
compliation warnings with gcc.
Spotted by: ian
Pointy Hat: kp
Notes:
svn path=/head/; revision=289940
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IPv4 packets (when it should return FALSE). It happens because PF_ANEQ() doesn't
stop if first 32 bits of IPv4 packets are equal and starts to check next 3*32
bits (like for IPv6 packet). Those bits containt some garbage and in result
PF_ANEQ() wrongly returns TRUE.
Fix: Check if packet is of AF_INET type and if it is then compare only first 32
bits of data.
PR: 204005
Submitted by: MiĆosz Kaniewski
Notes:
svn path=/head/; revision=289932
|
|
|
|
|
|
|
| |
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=289718
|
|
|
|
| |
Notes:
svn path=/head/; revision=289461
|
|
|
|
|
|
|
| |
Differential Revision: https://reviews.freebsd.org/D3883
Notes:
svn path=/head/; revision=289400
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In certain configurations (mostly but not exclusively as a VM on Xen) pf
produced packets with an invalid TCP checksum.
The problem was that pf could only handle packets with a full checksum. The
FreeBSD IP stack produces TCP packets with a pseudo-header checksum (only
addresses, length and protocol).
Certain network interfaces expect to see the pseudo-header checksum, so they
end up producing packets with invalid checksums.
To fix this stop calculating the full checksum and teach pf to only update TCP
checksums if TSO is disabled or the change affects the pseudo-header checksum.
PR: 154428, 193579, 198868
Reviewed by: sbruno
MFC after: 1 week
Relnotes: yes
Sponsored by: RootBSD
Differential Revision: https://reviews.freebsd.org/D3779
Notes:
svn path=/head/; revision=289316
|
|
|
|
|
|
|
|
|
|
| |
the lagg interface when removing the primary port.
PR: 201916
Differential Revision: https://reviews.freebsd.org/D3301
Notes:
svn path=/head/; revision=288980
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The remove began with revision r271733.
NOTE: This patch must never be merge to 10-Stable
Reviewed by: glebius
Approved by: bapt (mentor)
Relnotes: Yes
Sponsored by: EuroBSDCon Sweden.
Differential Revision: D3786
Notes:
svn path=/head/; revision=288654
|
|
|
|
| |
Notes:
svn path=/head/; revision=288575
|
|
|
|
|
|
|
|
| |
Reported by: hrs
MFC after: 1 week
Notes:
svn path=/head/; revision=288529
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Initially function was introduced in r53541 (KAME initial commit) to
"provide hints from upper layer protocols that indicate a connection
is making "forward progress"" (quote from RFC 2461 7.3.1 Reachability
Confirmation).
However, it was converted to do nothing (e.g. just return) in r122922
(tcp_hostcache implementation) back in 2003. Some defines were moved
to tcp_var.h in r169541. Then, it was broken (for non-corner cases)
by r186119 (L2<>L3 split) in 2008 (NULL ifp in nd6_lookup). So,
right now this code is broken and has no "real" base users.
Differential Revision: https://reviews.freebsd.org/D3699
Notes:
svn path=/head/; revision=288301
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Problem description:
How do we currently perform layer 2 resolution and header imposition:
For IPv4 we have the following chain:
ip_output() -> (ether|atm|whatever)_output() -> arpresolve()
Lookup is done in proper place (link-layer output routine) and it is possible
to provide cached lle data.
For IPv6 situation is more complex:
ip6_output() -> nd6_output() -> nd6_output_ifp() -> (whatever)_output() ->
nd6_storelladdr()
We have ip6_ouput() which calls nd6_output() instead of link output routine.
nd6_output() does the following:
* checks if lle exists, creates it if needed (similar to arpresolve())
* performes lle state transitions (similar to arpresolve())
* calls nd6_output_ifp() which pushes packets to link output routine along
with running SeND/MAC hooks regardless of lle state
(e.g. works as run-hooks placeholder).
After that, iface output routine like ether_output() calls nd6_storelladdr()
which performs lle lookup once again.
As a result, we perform lookup twice for each outgoing packet for most types
of interfaces. We also need to maintain runtime-checked table of 'nd6-free'
interfaces (see nd6_need_cache()).
Fix this behavior by eliminating first ND lookup. To be more specific:
* make all nd6_output() consumers use nd6_output_ifp() instead
* rename nd6_output[_slow]() to nd6_resolve_[slow]()
* convert nd6_resolve() and nd6_resolve_slow() to arpresolve() semantics,
e.g. copy L2 address to buffer instead of pushing packet towards lower
layers
* Make all nd6_storelladdr() users use nd6_resolve()
* eliminate nd6_storelladdr()
The resulting callchain is the following:
ip6_output() -> nd6_output_ifp() -> (whatever)_output() -> nd6_resolve()
Error handling:
Currently sending packet to non-existing la results in ip6_<output|forward>
-> nd6_output() -> nd6_output _lle() which returns 0.
In new scenario packet is propagated to <ether|whatever>_output() ->
nd6_resolve() which will return EWOULDBLOCK, and that result
will be converted to 0.
(And EWOULDBLOCK is actually used by IB/TOE code).
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D1469
Notes:
svn path=/head/; revision=287861
|
|
|
|
|
|
|
| |
Discussed with: melifaro, glebius
Notes:
svn path=/head/; revision=287859
|
|
|
|
|
|
|
| |
MFC after: 1 month
Notes:
svn path=/head/; revision=287856
|
|
|
|
|
|
|
|
|
|
|
|
| |
* prepare gateway before insertion
* use RTM_CHANGE instead of explicit find/change route
* Remove fib argument from ifa_switch_loopback_route added in r264887:
if old ifp fib differes from new one, that the caller
is doing something wrong
* Make ifa_*_loopback_route call single ifa_maintain_loopback_route().
Notes:
svn path=/head/; revision=287851
|
|
|
|
|
|
|
|
|
| |
This one slightly decreases time of holding afdata wlock.
* While here, make nd6_free() return void. No one has used its return value
since r186119.
Notes:
svn path=/head/; revision=287813
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On receipt of a redirect message, install an interface route for the
redirected destination. On removal of the corresponding Neighbor Cache
entry, remove the interface route.
This requires changes in rtredirect_fib() to cope with an AF_LINK
address for the gateway and with the absence of RTF_GATEWAY.
This fixes the "Redirected On-Link" test cases in the Tahi IPv6 Ready Logo
Phase 2 test suite.
Unrelated to the above, fix a recursion on the radix node head lock
triggered by the Tahi Redirected to Alternate Router test cases.
When I first wrote this patch in October 2012, all Section 2
(Neighbor Discovery) test cases passed on 10-CURRENT, 9-STABLE,
and 8-STABLE. cem@ recently rebased the 10.x patch onto head and reported
that it passes Tahi. (Thanks!)
These other test cases also passed in 2012:
* the RTF_MODIFIED case, with IPv4 and IPv6 (using a
RTF_HOST|RTF_GATEWAY route for the destination)
* the redirected-to-self case, with IPv4 and IPv6
* a valid IPv4 redirect
All testing in 2012 was done with WITNESS and INVARIANTS.
Tested by: EMC / Isilon Storage Division via Conrad Meyer (cem) in 2015,
Mark Kelley <mark_kelley@dell.com> in 2012,
TC Telkamp <terence_telkamp@dell.com> in 2012
PR: 152791
Reviewed by: melifaro (current rev), bz (earlier rev)
Approved by: kib (mentor)
MFC after: 1 month
Relnotes: yes
Sponsored by: Dell Inc.
Differential Revision: https://reviews.freebsd.org/D3602
Notes:
svn path=/head/; revision=287798
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
without holding afdata wlock
* convert per-af delete_address callback to global lltable_delete_entry() and
more low-level "delete this lle" per-af callback
* fix some bugs/inconsistencies in IPv4/IPv6 ifscrub procedures
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D3573
Notes:
svn path=/head/; revision=287789
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To make driver programming easier the TSO limits are changed to
reflect the values used in the BUSDMA tag a network adapter driver is
using. The TCP/IP network stack will subtract space for all linklevel
and protocol level headers and ensure that the full mbuf chain passed
to the network adapter fits within the given limits.
Implementation notes:
If a network adapter driver needs to fixup the first mbuf in order to
support VLAN tag insertion, the size of the VLAN tag should be
subtracted from the TSO limit. Else not.
Network adapters which typically inline the complete header mbuf could
technically transmit one more segment. This patch does not implement a
mechanism to recover the last segment for data transmission. It is
believed when sufficiently large mbuf clusters are used, the segment
limit will not be reached and recovering the last segment will not
have any effect.
The current TSO algorithm tries to send MTU-sized packets, where the
MTU typically is 1500 bytes, which gives 1448 bytes of TCP data
payload per packet for IPv4. That means if the TSO length limitiation
is set to 65536 bytes, there will be a data payload remainder of
(65536 - 1500) mod 1448 bytes which is equal to 324 bytes. Trying to
recover total TSO length due to inlining mbuf header data will not
have any effect, because adding or removing the ETH/IP/TCP headers
to or from 324 bytes will not cause more or less TCP payload to be
TSO'ed.
Existing network adapter limits will be updated separately.
Differential Revision: https://reviews.freebsd.org/D3458
Reviewed by: rmacklem
MFC after: 2 weeks
Notes:
svn path=/head/; revision=287775
|
|
|
|
|
|
|
|
|
| |
- Simplify EADDRNOTAVAIL and EAFNOSUPPORT conditions.
MFC after: 3 days
Notes:
svn path=/head/; revision=287607
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some places in our network stack already have const
arguments (like if_output() routines and LLE functions).
Code using ifa_ifwith (and similar functins) along with
LLE/_output functions is currently bound to use tricks
like __DECONST(). Provide a cleaner way by making sockaddr
lookup key really constant.
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D3464
Notes:
svn path=/head/; revision=287476
|
|
|
|
|
|
|
|
|
|
| |
"ifconfig epair0 create && ifconfig epair0a destroy".
This was caused by an uninitialized function pointer in
softc->media.
Notes:
svn path=/head/; revision=287402
|
|
|
|
|
|
|
| |
alloc handler, based on flags.
Notes:
svn path=/head/; revision=287318
|
|
|
|
| |
Notes:
svn path=/head/; revision=287270
|
|
|
|
|
|
|
|
| |
Submitted by: Tiwei Bie <btw@mail.ustc.edu.cn>
Differential Revision: https://reviews.freebsd.org/D3471
Notes:
svn path=/head/; revision=287245
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The crop/drop-ovl fragment scrub modes are not very useful and likely to confuse
users into making poor choices.
It's also a fairly large amount of complex code, so just remove the support
altogether.
Users who have 'scrub fragment crop|drop-ovl' in their pf configuration will be
implicitly converted to 'scrub fragment reassemble'.
Reviewed by: gnn, eri
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D3466
Notes:
svn path=/head/; revision=287222
|
|
|
|
|
|
|
|
| |
Pointy hat to: loos
MFC with: r287009
Notes:
svn path=/head/; revision=287120
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CoDel is a parameterless queue discipline that handles variable bandwidth
and RTT.
It can be used as the single queue discipline on an interface or as a sub
discipline of existing queue disciplines such as PRIQ, CBQ, HFSC, FAIRQ.
Differential Revision: https://reviews.freebsd.org/D3272
Reviewd by: rpaulo, gnn (previous version)
Obtained from: pfSense
Sponsored by: Rubicon Communications (Netgate)
Notes:
svn path=/head/; revision=287009
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before that, the logic besides lle_create() was the following:
return existing if found, create if not. This behaviour was error-prone
since we had to deal with 'sudden' static<>dynamic lle changes.
This commit fixes bunch of different issues like:
- refcount leak when lle is converted to static.
Simple check case:
console 1:
while true;
do for i in `arp -an|awk '$4~/incomp/{print$2}'|tr -d '()'`;
do arp -s $i 00:22:44:66:88:00 ; arp -d $i;
done;
done
console 2:
ping -f any-dead-host-in-L2
console 3:
# watch for memory consumption:
vmstat -m | awk '$1~/lltable/{print$2}'
- possible problems in arptimer() / nd6_timer() when dropping/reacquiring
lock.
New logic explicitly handles use-or-create cases in every lla_create
user. Basically, most of the changes are purely mechanical. However,
we explicitly avoid using existing lle's for interface/static LLE records.
* While here, call lle_event handlers on all real table lle change.
* Create lltable_free_entry() calling existing per-lltable
lle_free_t callback for entry deletion
Notes:
svn path=/head/; revision=286955
|
|
|
|
|
|
|
|
|
|
|
| |
Differential Revision: D3300
Submitted by: LN Sundararajan <lakshmi.n at msystechnologies>
Reviewed by: wblock, smh, gnn, hiren, rpokala at panasas
MFC after: 2 weeks
Sponsored by: Panasas
Notes:
svn path=/head/; revision=286700
|
|
|
|
|
|
|
| |
two different names of the same timer.
Notes:
svn path=/head/; revision=286629
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This permits us having all (not fully true yet) all the info
needed in lookup process in first 64 bytes of 'struct llentry'.
struct llentry layout:
BEFORE:
[rwlock .. state .. state .. MAC ] (lle+1) [sockaddr_in[6]]
AFTER
[ in[6]_addr MAC .. state .. rwlock ]
Currently, address part of struct llentry has only 16 bytes for the key.
However, lltable does not restrict any custom lltable consumers with long
keys use the previous approach (store key at (lle+1)).
Sponsored by: Yandex LLC
Notes:
svn path=/head/; revision=286624
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Split lltable_init() into lltable_allocate_htbl() (alloc
hash table with default callbacks) and lltable_link() (
links any lltable to the list).
* Switch from LLTBL_HASHTBL_SIZE to per-lltable hash size field.
* Move lltable setup to separate functions in in[6]_domifattach.
Notes:
svn path=/head/; revision=286616
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Make llt_hash() callback more flexible
* Default hash size and hashing method is now per-af
* Move lltable allocation to separate function
Notes:
svn path=/projects/routing/; revision=276712
|
| |
| |
| |
| |
| |
| |
| | |
* Remove now unused llt_delete_addr callback.
Notes:
svn path=/projects/routing/; revision=276631
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Make most of lltable_* methods 'normal' functions instead of inline
* Add lltable_get_<af|ifp>() functions to access given lltable fields
* Temporarily resurrect nd6_lookup() function
Notes:
svn path=/projects/routing/; revision=276624
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
use llt_fill_sa_entry() llt method to store lle address in sa.
* Eliminate L3_ADDR macro and either reference IPv4/IPv6 address
directly from lle or use newly-created llt_fill_sa_entry().
* Do not store sockaddr inside arp/ndp lle anymore.
Notes:
svn path=/projects/routing/; revision=275628
|
| |
| |
| |
| | |
Notes:
svn path=/projects/routing/; revision=275625
|
| |
| |
| |
| | |
Notes:
svn path=/projects/routing/; revision=275587
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
and explicit calls to RTENTRY_FREE_LOCKED()
* Use lltable_prefix_free() in arp_ifscrub to be consistent with nd6.
* Rename <lltable_|llt>_delete function to _delete_addr() to note that
this function is used to external callers. Make this function maintain
its own locking.
* Use lookup/unlink/clear call chain from internal callers instead of
delete_addr.
* Fix LLE_DELETED flag handling
Notes:
svn path=/projects/routing/; revision=275586
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* move lltable allocation to per-domain callbacks.
* make llentry_link/unlink functions overridable llt methods.
* make hash table traversal another overridable llt method.
Notes:
svn path=/projects/routing/; revision=275578
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
cleanup including unlinking/freeing
* Relax locking in lltable_prefix_free_af/lltable_free
* Do not pass @llt to lle free callback: it is always NULL now.
* Unify arptimer/nd6_llinfo_timer: explicitly unlock lle avoiding
unlock/lock sequinces
* Do not pass unlocked lle to nd6_ns_output(): add nd6_llinfo_get_holdsrc()
to retrieve preferred source address from lle hold queue and pass it
instead of lle.
* Finally, make nd6_create() create and return unlocked lle
* Separate defrtr handling code from nd6_free():
use nd6_check_del_defrtr() to check if we need to keep entry instead of
performing GC,
use nd6_check_recalc_defrtr() to perform actual recalc on lle removal.
* Move isRouter handling from nd6_cache_lladdr() to separate
nd6_check_router()
* Add initial code to maintain lle runtime flags in sync.
Notes:
svn path=/projects/routing/; revision=275577
|
| |
| |
| |
| |
| |
| |
| |
| | |
* Rename lla_XXX -> lltable_XXX_lle to reduce number of name prefixes
used by lltable code.
Notes:
svn path=/projects/routing/; revision=275334
|
| |
| |
| |
| | |
Notes:
svn path=/projects/routing/; revision=275263
|
| |
| |
| |
| |
| |
| |
| | |
* Temporarily move ifa_switch_loopback_route() implementation to route.c
Notes:
svn path=/projects/routing/; revision=275243
|
| |
| |
| |
| | |
Notes:
svn path=/projects/routing/; revision=274921
|
| |
| |
| |
| |
| |
| |
| | |
This is not a proper fix, proper one is on the way.
Notes:
svn path=/projects/routing/; revision=274920
|
| |
| |
| |
| |
| |
| |
| | |
as we can.
Notes:
svn path=/projects/routing/; revision=274917
|
| |
| |
| |
| |
| |
| |
| | |
* Move lltable items insertions/deletions to generic llt code.
Notes:
svn path=/projects/routing/; revision=274916
|