aboutsummaryrefslogtreecommitdiff
path: root/sys/netinet6
Commit message (Collapse)AuthorAgeFilesLines
* Another step assimilating IPv[46] PCB code:Bjoern A. Zeeb2008-12-174-15/+15
| | | | | | | | | | | | normalize IN6P_* compat flags usage to their equialent INP_* counterpart. Discussed with: rwatson Reviewed by: rwatson MFC after: 4 weeks Notes: svn path=/head/; revision=186223
* Use inc_flags instead of the inc_isipv6 alias which so farBjoern A. Zeeb2008-12-172-2/+2
| | | | | | | | | | | | | | | | | had been the only flag with random usage patterns. Switch inc_flags to be used as a real bit field by using INC_ISIPV6 with bitops to check for the 'isipv6' condition. While here fix a place or two where in case of v4 inc_flags were not properly initialized before.[1] Found by: rwatson during review [1] Discussed with: rwatson Reviewed by: rwatson MFC after: 4 weeks Notes: svn path=/head/; revision=186222
* Remove the rt argument from nd6_storelladdr() becauseQing Li2008-12-171-2/+0
| | | | | | | rt is no longer accessed. Notes: svn path=/head/; revision=186217
* A couple of files were not meant to be committed.Qing Li2008-12-172-23/+0
| | | | Notes: svn path=/head/; revision=186216
* in6_clsroute() was applied to prefix routes causing someQing Li2008-12-175-39/+35
| | | | | | | | | of them to expire. in6_clsroute() was only applied to cloned routes that are no longer applicable after the arp-v2 commit. Notes: svn path=/head/; revision=186215
* * Compare pointer with NULLKip Macy2008-12-161-6/+5
| | | | | | | | | | * Remove trailing whitespace (added in r186162) * Reduce indentation by rephrasing test Submitted by: Christopher Mallon (christoph dot mallon at gmx dot de) Notes: svn path=/head/; revision=186198
* - Simplify handling of the deferring of mbuf transmit until after lle lock dropKip Macy2008-12-161-12/+28
| | | | | | | - add a couple of comments to clarify intent Notes: svn path=/head/; revision=186196
* check pointers against NULLKip Macy2008-12-161-3/+3
| | | | Notes: svn path=/head/; revision=186170
* convert more pointer validation checks to checking against NULLKip Macy2008-12-163-6/+6
| | | | Notes: svn path=/head/; revision=186163
* simplify locking in find_pfxlist_reachable_routerKip Macy2008-12-161-8/+9
| | | | Notes: svn path=/head/; revision=186162
* explicitly check return of lla_lookup against NULLKip Macy2008-12-162-8/+8
| | | | Notes: svn path=/head/; revision=186160
* advance tail pointer in nd6_output_lle and check lla_output return against NULLKip Macy2008-12-161-4/+8
| | | | Notes: svn path=/head/; revision=186159
* check return from lla_lookup against NULL not zeroKip Macy2008-12-162-2/+2
| | | | Notes: svn path=/head/; revision=186158
* make sure redirect doesn't return without dropping the lockKip Macy2008-12-161-6/+7
| | | | Notes: svn path=/head/; revision=186157
* need to check that lle is not null before unlock if the break condition is ↵Kip Macy2008-12-161-3/+4
| | | | | | | | | not met also fix the break condition to explicitly check against NULL Notes: svn path=/head/; revision=186156
* unlock the llentry after use in find_pfxlist_reachable_routerKip Macy2008-12-161-1/+2
| | | | Notes: svn path=/head/; revision=186155
* Initialize the variable "router", and apply "static_route" flagQing Li2008-12-161-4/+7
| | | | | | | across the entire nd6_cache_lladdr() function. Notes: svn path=/head/; revision=186153
* unlock and destroy an llentry's lock before freeingKip Macy2008-12-161-0/+2
| | | | | | | Found by: sam Notes: svn path=/head/; revision=186150
* unlock looked up llentrys in defrouter_selectKip Macy2008-12-161-0/+4
| | | | Notes: svn path=/head/; revision=186148
* fix two use after frees in nd6_cache_lladdr caused by last minute unlock ↵Kip Macy2008-12-161-2/+6
| | | | | | | shuffling Notes: svn path=/head/; revision=186147
* Another step assimilating IPv[46] PCB code - directly useBjoern A. Zeeb2008-12-157-68/+68
| | | | | | | | | | | | | | | | | the inpcb names rather than the following IPv6 compat macros: in6pcb,in6p_sp, in6p_ip6_nxt,in6p_flowinfo,in6p_vflag, in6p_flags,in6p_socket,in6p_lport,in6p_fport,in6p_ppcb and sotoin6pcb(). Apart from removing duplicate code in netipsec, this is a pure whitespace, not a functional change. Discussed with: rwatson Reviewed by: rwatson (version before review requested changes) MFC after: 4 weeks (set the timer and see then) Notes: svn path=/head/; revision=186141
* This main goals of this project are:Qing Li2008-12-1513-1000/+846
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. separating L2 tables (ARP, NDP) from the L3 routing tables 2. removing as much locking dependencies among these layers as possible to allow for some parallelism in the search operations 3. simplify the logic in the routing code, The most notable end result is the obsolescent of the route cloning (RTF_CLONING) concept, which translated into code reduction in both IPv4 ARP and IPv6 NDP related modules, and size reduction in struct rtentry{}. The change in design obsoletes the semantics of RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland applications such as "arp" and "ndp" have been modified to reflect those changes. The output from "netstat -r" shows only the routing entries. Quite a few developers have contributed to this project in the past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and Andre Oppermann. And most recently: - Kip Macy revised the locking code completely, thus completing the last piece of the puzzle, Kip has also been conducting active functional testing - Sam Leffler has helped me improving/refactoring the code, and provided valuable reviews - Julian Elischer setup the perforce tree for me and has helped me maintaining that branch before the svn conversion Notes: svn path=/head/; revision=186119
* in6_addroute is called through rnh_addadr which is always called with the ↵Kip Macy2008-12-131-2/+2
| | | | | | | | | radix node head lock held exclusively. Pass RTF_RNH_LOCKED to rtalloc so that rtalloc1_fib will not try to re-acquire the lock. Notes: svn path=/head/; revision=186051
* Second round of putting global variables, which were virtualizedBjoern A. Zeeb2008-12-134-9/+11
| | | | | | | | | | | | | | but formerly missed under VIMAGE_GLOBAL. Put the extern declarations of the virtualized globals under VIMAGE_GLOBAL as the globals themsevles are already. This will help by the time when we are going to remove the globals entirely. Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=186048
* RTF_RNH_LOCKED needs to be passed in the flags arg not report,Kip Macy2008-12-121-1/+1
| | | | | | | apologies to thompsa Notes: svn path=/head/; revision=185965
* Pass RTF_RNH_LOCKED to rtalloc1 sunce the node head is locked, this avoids aAndrew Thompson2008-12-121-1/+1
| | | | | | | | | recursive lock panic on inet6 detach. Reviewed by: kmacy Notes: svn path=/head/; revision=185964
* Put a global variables, which were virtualized but formerlyBjoern A. Zeeb2008-12-116-12/+15
| | | | | | | | | | | | | | | | missed under VIMAGE_GLOBAL. Start putting the extern declarations of the virtualized globals under VIMAGE_GLOBAL as the globals themsevles are already. This will help by the time when we are going to remove the globals entirely. While there garbage collect a few dead externs from ip6_var.h. Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=185937
* Conditionally compile out V_ globals while instantiating the appropriateMarko Zec2008-12-104-8/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | container structures, depending on VIMAGE_GLOBALS compile time option. Make VIMAGE_GLOBALS a new compile-time option, which by default will not be defined, resulting in instatiations of global variables selected for V_irtualization (enclosed in #ifdef VIMAGE_GLOBALS blocks) to be effectively compiled out. Instantiate new global container structures to hold V_irtualized variables: vnet_net_0, vnet_inet_0, vnet_inet6_0, vnet_ipsec_0, vnet_netgraph_0, and vnet_gif_0. Update the VSYM() macro so that depending on VIMAGE_GLOBALS the V_ macros resolve either to the original globals, or to fields inside container structures, i.e. effectively #ifdef VIMAGE_GLOBALS #define V_rt_tables rt_tables #else #define V_rt_tables vnet_net_0._rt_tables #endif Update SYSCTL_V_*() macros to operate either on globals or on fields inside container structs. Extend the internal kldsym() lookups with the ability to resolve selected fields inside the virtualization container structs. This applies only to the fields which are explicitly registered for kldsym() visibility via VNET_MOD_DECLARE() and vnet_mod_register(), currently this is done only in sys/net/if.c. Fix a few broken instances of MODULE_GLOBAL() macro use in SCTP code, and modify the MODULE_GLOBAL() macro to resolve to V_ macros, which in turn result in proper code being generated depending on VIMAGE_GLOBALS. De-virtualize local static variables in sys/contrib/pf/net/pf_subr.c which were prematurely V_irtualized by automated V_ prepending scripts during earlier merging steps. PF virtualization will be done separately, most probably after next PF import. Convert a few variable initializations at instantiation to initialization in init functions, most notably in ipfw. Also convert TUNABLE_INT() initializers for V_ variables to TUNABLE_FETCH_INT() in initializer functions. Discussed at: devsummit Strassburg Reviewed by: bz, julian Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation Notes: svn path=/head/; revision=185895
* Add missing include to sys/lock.h before sys/rwlock.hWarner Losh2008-12-082-0/+2
| | | | Notes: svn path=/head/; revision=185751
* - convert radix node head lock from mutex to rwlockKip Macy2008-12-072-0/+2
| | | | | | | | | | | - make radix node head lock not recursive - fix LOR in rtexpunge - fix LOR in rtredirect Reviewed by: sam Notes: svn path=/head/; revision=185747
* Code from the hack-session known as the IETF (and aRandall Stewart2008-12-061-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | bit of debugging afterwards): - Fix protection code for notification generation. - Decouple associd from vtag - Allow vtags to have less strigent requirements in non-uniqueness. o don't pre-hash them when you issue one in a cookie. o Allow duplicates and use addresses and ports to discriminate amongst the duplicates during lookup. - Add support for the NAT draft draft-ietf-behave-sctpnat-00, this is still experimental and needs more extensive testing with the Jason Butt ipfw changes. - Support for the SENDER_DRY event to get DTLS in OpenSSL working with a set of patches from Michael Tuexen (hopefully heading to OpenSSL soon). - Update the support of SCTP-AUTH by Peter Lei. - Use macros for refcounting. - Fix MTU for UDP encapsulation. - Fix reporting back of unsent data. - Update assoc send counter handling to be consistent with endpoint sent counter. - Fix a bug in PR-SCTP. - Fix so we only send another FWD-TSN when a SACK arrives IF and only if the adv-peer-ack point progressed. However we still make sure a timer is running if we do have an adv_peer_ack point. - Fix PR-SCTP bug where chunks were retransmitted if they are sent unreliable but not abandoned yet. With the help of: Michael Teuxen and Peter Lei :-) MFC after: 4 weeks Notes: svn path=/head/; revision=185694
* Rather than using hidden includes (with cicular dependencies),Bjoern A. Zeeb2008-12-0224-10/+60
| | | | | | | | | | | | | | directly include only the header files needed. This reduces the unneeded spamming of various headers into lots of files. For now, this leaves us with very few modules including vnet.h and thus needing to depend on opt_route.h. Reviewed by: brooks, gnn, des, zec, imp Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=185571
* MFp4:Bjoern A. Zeeb2008-11-294-23/+136
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bring in updated jail support from bz_jail branch. This enhances the current jail implementation to permit multiple addresses per jail. In addtion to IPv4, IPv6 is supported as well. Due to updated checks it is even possible to have jails without an IP address at all, which basically gives one a chroot with restricted process view, no networking,.. SCTP support was updated and supports IPv6 in jails as well. Cpuset support permits jails to be bound to specific processor sets after creation. Jails can have an unrestricted (no duplicate protection, etc.) name in addition to the hostname. The jail name cannot be changed from within a jail and is considered to be used for management purposes or as audit-token in the future. DDB 'show jails' command was added to aid debugging. Proper compat support permits 32bit jail binaries to be used on 64bit systems to manage jails. Also backward compatibility was preserved where possible: for jail v1 syscalls, as well as with user space management utilities. Both jail as well as prison version were updated for the new features. A gap was intentionally left as the intermediate versions had been used by various patches floating around the last years. Bump __FreeBSD_version for the afore mentioned and in kernel changes. Special thanks to: - Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches and Olivier Houchard (cognet) for initial single-IPv6 patches. - Jeff Roberson (jeff) and Randall Stewart (rrs) for their help, ideas and review on cpuset and SCTP support. - Robert Watson (rwatson) for lots and lots of help, discussions, suggestions and review of most of the patch at various stages. - John Baldwin (jhb) for his help. - Simon L. Nielsen (simon) as early adopter testing changes on cluster machines as well as all the testers and people who provided feedback the last months on freebsd-jail and other channels. - My employer, CK Software GmbH, for the support so I could work on this. Reviewed by: (see above) MFC after: 3 months (this is just so that I get the mail) X-MFC Before: 7.2-RELEASE if possible Notes: svn path=/head/; revision=185435
* Unhide declarations of network stack virtualization structs fromMarko Zec2008-11-282-5/+0
| | | | | | | | | | | | | | | | | | | | | underneath #ifdef VIMAGE blocks. This change introduces some churn in #include ordering and nesting throughout the network stack and drivers but is not expected to cause any additional issues. In the next step this will allow us to instantiate the virtualization container structures and switch from using global variables to their "containerized" counterparts. Reviewed by: bz, julian Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation Notes: svn path=/head/; revision=185419
* Merge in6_pcbfree() into in_pcbfree() which after the previousBjoern A. Zeeb2008-11-274-42/+2
| | | | | | | | | | | | | IPsec change in r185366 only differed in two additonal IPv6 lines. Rather than splattering conditional code everywhere add the v6 check centrally at this single place. Reviewed by: rwatson (as part of a larger changset) MFC after: 6 weeks (*) (*) possibly need to leave a stub wrapper in 7 to keep the symbol. Notes: svn path=/head/; revision=185370
* Unify ipsec[46]_delete_pcbpolicy in ipsec_delete_pcbpolicy.Bjoern A. Zeeb2008-11-271-1/+1
| | | | | | | | | | | | Ignoring different names because of macros (in6pcb, in6p_sp) and inp vs. in6p variable name both functions were entirely identical. Reviewed by: rwatson (as part of a larger changeset) MFC after: 6 weeks (*) (*) possibly need to leave a stub wrappers in 7 to keep the symbols. Notes: svn path=/head/; revision=185366
* Merge more of currently non-functional (i.e. resolving toMarko Zec2008-11-268-19/+17
| | | | | | | | | | | | | | | | | | | | whitespace) macros from p4/vimage branch. Do a better job at enclosing all instantiations of globals scheduled for virtualization in #ifdef VIMAGE_GLOBALS blocks. De-virtualize and mark as const saorder_state_alive and saorder_state_any arrays from ipsec code, given that they are never updated at runtime, so virtualizing them would be pointless. Reviewed by: bz, julian Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation Notes: svn path=/head/; revision=185348
* Remove in6_pcbdetach() as it is exactly the same functionBjoern A. Zeeb2008-11-264-13/+2
| | | | | | | | | | | as in_pcbdetach() and we don't need the code twice. Reviewed by: rwatson MFC after: 6 weeks (*) (*) possibly need to leave a stub wrapper in 7 to keep the symbol. Notes: svn path=/head/; revision=185344
* Unify the v4 and v6 versions of pcbdetach and pcbfree as goodBjoern A. Zeeb2008-11-261-3/+6
| | | | | | | | | | | | as possible so that they are easily diffable. No functional changes. Reviewed by: rwatson MFC after: 6 weeks Notes: svn path=/head/; revision=185333
* Plug a credential leak in case the inpcb is freed byBjoern A. Zeeb2008-11-261-0/+1
| | | | | | | | | | in6_pcbfree() instead of in_pcbfree(); missed in r183606. Reviewed by: rwatson MFC after: 3 days (instantly for 7.1-RC?) Notes: svn path=/head/; revision=185332
* Change the initialization methodology for global variables scheduledMarko Zec2008-11-1916-112/+256
| | | | | | | | | | | | | | | | | | | | | | | | | | | for virtualization. Instead of initializing the affected global variables at instatiation, assign initial values to them in initializer functions. As a rule, initialization at instatiation for such variables should never be introduced again from now on. Furthermore, enclose all instantiations of such global variables in #ifdef VIMAGE_GLOBALS blocks. Essentialy, this change should have zero functional impact. In the next phase of merging network stack virtualization infrastructure from p4/vimage branch, the new initialization methology will allow us to switch between using global variables and their counterparts residing in virtualization containers with minimum code churn, and in the long run allow us to intialize multiple instances of such container structures. Discussed at: devsummit Strassburg Reviewed by: bz, julian Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation Notes: svn path=/head/; revision=185088
* Add a MAC label, MAC Framework, and MAC policy entry points for IPv6Robert Watson2008-10-262-2/+31
| | | | | | | | | | | | | | fragment reassembly queues. This allows policies to label reassembly queues, perform access control checks when matching fragments to a queue, update a queue label when fragments are matched, and label the resulting reassembled datagram. Obtained from: TrustedBSD Project Notes: svn path=/head/; revision=184307
* Fix a number of style issues in the MALLOC / FREE commit. I've tried toDag-Erling Smørgrav2008-10-231-1/+1
| | | | | | | | be careful not to fix anything that was already broken; the NFSv4 code is particularly bad in this respect. Notes: svn path=/head/; revision=184214
* Retire the MALLOC and FREE macros. They are an abomination unto style(9).Dag-Erling Smørgrav2008-10-234-10/+9
| | | | | | | MFC after: 3 months Notes: svn path=/head/; revision=184205
* Bring over the change switching from using sequential to randomBjoern A. Zeeb2008-10-201-47/+52
| | | | | | | | | | | | | | ephemeral port allocation as implemented in netinet/in_pcb.c rev. 1.143 (initially from OpenBSD) and follow-up commits during the last four and a half years including rev. 1.157, 1.162 and 1.199. This now is relying on the same infrastructure as has been implemented in in_pcb.c since rev. 1.199. Reviewed by: silby, rpaulo, mlaier MFC after: 2 months Notes: svn path=/head/; revision=184096
* Check that the mbuf len is positive (like we do in the v4 case).Bjoern A. Zeeb2008-10-151-1/+1
| | | | | | | | | | | | | | | | | Read the other way round this means that even with the checks the m_len turned negative in some cases which led to panics. The reason to my understanding seems to be that the checks are wrong (also for v4) ignoring possible padding when checking cmsg_len or padding after data when adjusting the mbuf. Doing proper cheks seems to break applications like named so further investigation and regression tests are needed. PR: kern/119123 Tested by: Ashish Shukla wahjava gmail.com MFC after: 3 days Notes: svn path=/head/; revision=183923
* When disconnecting a UDPv6 socket, acquire the socket lock around theRobert Watson2008-10-121-1/+2
| | | | | | | | | | changing of the so_state field, as is done in UDPv4. Remove XXX locking comment. MFC after: 3 days Notes: svn path=/head/; revision=183807
* Style changes: compare pointer to NULL and move a }.Bjoern A. Zeeb2008-10-041-3/+2
| | | | | | | MFC after: 6 weeks Notes: svn path=/head/; revision=183611
* Cache so_cred as inp_cred in the inpcb.Bjoern A. Zeeb2008-10-042-7/+7
| | | | | | | | | | | | | | | This means that inp_cred is always there, even after the socket has gone away. It also means that it is constant for the lifetime of the inp. Both facts lead to simpler code and possibly less locking. Suggested by: rwatson Reviewed by: rwatson MFC after: 6 weeks X-MFC Note: use a inp_pspare for inp_cred Notes: svn path=/head/; revision=183606
* Step 1.5 of importing the network stack virtualization infrastructureMarko Zec2008-10-0224-106/+591
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | from the vimage project, as per plan established at devsummit 08/08: http://wiki.freebsd.org/Image/Notes200808DevSummit Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator macros, and CURVNET_SET() context setting macros, all currently resolving to NOPs. Prepare for virtualization of selected SYSCTL objects by introducing a family of SYSCTL_V_*() macros, currently resolving to their global counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT(). Move selected #defines from sys/sys/vimage.h to newly introduced header files specific to virtualized subsystems (sys/net/vnet.h, sys/netinet/vinet.h etc.). All the changes are verified to have zero functional impact at this point in time by doing MD5 comparision between pre- and post-change object files(*). (*) netipsec/keysock.c did not validate depending on compile time options. Implemented by: julian, bz, brooks, zec Reviewed by: julian, bz, brooks, kris, rwatson, ... Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation Notes: svn path=/head/; revision=183550