| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
This pseudo-option is a hack to support return-rst on bridge(4). It
passes Ethernet information via a "struct route" through ip_output().
"struct route" is slowly dying...
ok claudio@, benno@
|
| |
|
|
| |
ok stsp mpi
|
| | |
|
| |
|
|
|
|
|
|
|
| |
ifp in order to access its ifih handlers.
So get rid of if_get() in the various ifih handlers we know the ifp is
live at this point.
ok dlg@
|
| |
|
|
|
|
| |
talking about (*ifp->if_output)().
ok claudio@, dlg@
|
| |
|
|
|
|
|
|
| |
after the Ethernet header in its own function and use it in bridge_input().
This should fix alignment issues kettenis@ is seeing.
ok bluhm@, claudio@
|
| |
|
|
|
|
|
|
|
|
| |
In bridge(4) speak, broadcast-like packets are Ethernet Multicast
frames or Unicast for which the destination is unknown.
It makes sense to not retransmit broadcast-like packets on the interface
they were received but they still must be delivered to the network stack.
Problem reported by and ok jasper@
|
| |
|
|
|
|
|
|
|
|
|
| |
This fix some weird bridge(4) configurations involving pseudo-drivers
stacked on top of interfaces in a bridge.
Also simplifies the loop prevention logic to match bridge's input path.
Instead of using a tag per port/bridge simply flag output mbufs to make
sure only one copy per bridge go through bridge_output().
ok bluhm@, claudio@
|
| |
|
|
|
|
|
| |
Note that pseudo-drivers not using if_input() are not affected by this
conversion.
ok mikeb@, kettenis@, claudio@, dlg@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Move bridge_input() outside of ether_input() in order to duplicate packets
flowing through a bridge port before applying any transformation on mbufs.
This saves a various m_adj(9)/M_PREPEND(9) dances and remove the bridge(4)
hack from vlan(4).
Tested by mxb <mxb AT alumni DOT chalmers DOT se> and kettenis@
ok bluhm@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
receiving interface in the packet header of every mbuf.
The interface pointer should now be retrieved when necessary with
if_get(). If a NULL pointer is returned by if_get(), the interface
has probably been destroy/removed and the mbuf should be freed.
Such mechanism will simplify garbage collection of mbufs and limit
problems with dangling ifp pointers.
Tested by jmatthew@ and krw@, discussed with many.
ok mikeb@, bluhm@, dlg@
|
| |
|
|
| |
ok lteo@
|
| | |
|
| |
|
|
|
|
| |
vlan_start().
ok sthen@, phessler@
|
| |
|
|
| |
ok jasper@, bluhm@
|
| |
|
|
|
|
|
|
| |
the handlers on the new interface won't be executed.
Tested by < mxb AT alumni.chalmers DOT se>
ok dlg@
|
| |
|
|
|
|
|
|
| |
a packet on the sending queue of an interface.
Tested by many, thanks a lot!
ok dlg@, claudio@
|
| |
|
|
| |
ok miod@
|
| |
|
|
|
|
|
|
|
| |
m_adj(9) to keep bridge(4) working while other pseudo-drivers are
converted to if_input().
Tested by mxb <mxb AT alumni DOT chalmers DOT se>, thanks!
ok henning@
|
| |
|
|
| |
No objection from reyk@, OK markus, hshoexer
|
| |
|
|
|
|
|
|
|
|
|
|
| |
to of vlan(4) from ether_input() to bridge_input().
One of the goal of the if_input() plumbing is to stop doing all possible
pseudo-drivers checks on every packets. There's no reason that even if
you're not running a bridge(4) you've to run this code.
This change also will also makes it easier to convert vlan(4) to if_input().
Reviewed by Rafael Zalamena and mikeb@, ok markus@
|
| |
|
|
|
|
| |
might be overwritten by pseudo-drivers.
ok dlg@, henning@
|
| |
|
|
|
|
| |
prio from the vlan header to our pf priority levels. This fixes the
mapping in the bridge code.
ok henning
|
| | |
|
| |
|
|
|
| |
long live the one true internet.
ok henning mikeb
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Since bridge_output/bridge_ifenqueue replace ether_output that does
VLAN tagging and call into if_start directly we need to make sure
that tag has been set by the bridge.
XXX This abuses "if_output == vlan_output" check, but hopefully
XXX vlan(4) will use a distinct if_type someday and this code
XXX will be improved.
Discussed with henning and Rafael Zalamena, ok henning
|
| |
|
|
| |
to include that than rdnvar.h. ok deraadt dlg
|
| |
|
|
| |
ok miod@ mpi@
|
| | |
|
| |
|
|
| |
after discussions with beck deraadt kettenis.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the various bpf_mtap_* are very similiar, they differ in what (and to some
extent how) they prepend something, and what copy function they pass to
bpf_catchpacket.
use an internal _bpf_mtap as "backend" for bpf_mtap and friends.
extend bpf_mtap_hdr so that it covers all common cases:
if dlen is 0, nothing gets prepended.
copy function can be given, if NULL the default bpf_mcopy is used.
adjust the existing bpf_mtap_hdr users to pass a NULL ptr for the copy fn.
re-implement bpf_mtap_af as simple wrapper for bpf_mtap_hdr.
re-implement bpf_mtap_ether using bpf_map_hdr
re-implement bpf_mtap_pflog as trivial bpf_mtap_hdr wrapper
ok bluhm benno
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Avoid the confusion by using an appropriate name for the variable.
Note that since routing domain IDs are a subset of the set of routing
table IDs, the following idiom is correct:
rtableid = rdomain
But to get the routing domain ID corresponding to a given routing table
ID, you must call rtable_l2(9).
claudio@ likes it, ok mikeb@
|
| |
|
|
| |
statistics sideeffects before. ok lteo naddy
|
| |
|
|
|
|
|
|
|
|
| |
are are lie, since the software engine emulates hardware offloading
and that is later indistinguishable. so kill the hw cksummed counters.
introduce software checksummed packet counters instead.
tcp/udp handles ip & ipvshit, ip cksum covered, 6 has no ip layer cksum.
as before we still have a miscounting bug for inbound with pf on, to be
fixed in the next step.
found by, prodding & ok naddy
|
| |
|
|
|
|
| |
a configured IPv4 address but iterates on its private list instead.
ok deraadt@
|
| |
|
|
|
|
|
| |
created a bunch of useless dependencies. Remove this implicit
inclusion and do an explicit #include <netinet6/in6_var.h> when it
is needed.
OK mpi@ henning@
|
| |
|
|
|
| |
bridge_tunnelupdate to a more generic name bridge_copyaddr.
No functional change.
|
| |
|
|
|
|
|
|
|
| |
interface. VXLAN is a UDP-based tunnelling protocol for overlaying
virtualized layer 2 networks over layer 3 networks. The implementation
is based on draft-mahalingam-dutt-dcops-vxlan-04 and has been tested
with other implementations in the wild.
put it in deraadt@
|
| |
|
|
|
| |
behaves like before and creates the mapping if needed. if 0, lookup only.
looked over by many, ok phessler sthen
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
of the IPL_NET. pf_test should be no longer called under IPL_NET as
well. The problem became evident after the related issue was brought
up by David Hill <dhill at mindcry ! org>.
With input from and OK mpi. Tested by David and me.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
under some circumstances repair broken checksums on the way.
ok ryan naddy mikeb
.
redo most of the protocol (tcp/udp/...) checksum handling
-assume we have hardware checksum offloading. stop mucking with the
checksum in most of the stack
-stop checksum mucking in pf, just set a "needs checksumming" flag if needed
-in all output pathes, very late, if we figure out the outbound interface
doesn't have hw cksum offloading, do the cksum in software. this especially
makes the bridge path behave like a regular output path
-little special casing for bridge still required until the broadcast path
loses its disgusting shortcut hacks, but at least it's in one place now
and not all over the stack
in6_proto_cksum_out mostly written by krw@
started at k2k11 in iceland more than 1.5 years ago - yes it took that
long, this stuff is everything but easy.
this happens to fix the infamous pf rdr bug that made us turn off proto
cksum offloading on almost all interface drivers.
|
| |
|
|
|
| |
slipped by on i386, but the zaurus doesn't automagically pick it up.
spotted by patrick
|
| |
|
|
|
| |
.h files to pull it in, if needed
ok tedu
|
| | |
|
| |
|
|
| |
ok beck@, mikeb@
|
| |
|
|
| |
ok claudio mpi
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This way the configuration order is preserved. Order matters
because MAC address are not unique: vlan interfaces can have
the same MAC as their parent.
Frames destined for the bridge itself are now delivered to
the first-configured interface that matches the MAC instead
of the last-configured. This means that the bridge behavior
does not suddenly change anymore when adding a vlan interface.
ok henning reyk (a while ago)
|
mpi
deraadt
mikeb
jsg
benno
tedu
henning
bluhm
reyk
camield