| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
tested on amd64 and sparc64.
|
| |
|
|
|
|
|
|
|
|
| |
simplify the handling of the fragment list. Now the functions
ip_fragment() and ip6_fragment() always consume the mbuf. They
free the mbuf and mbuf list in case of an error and take care about
the counter. Adjust the code a bit to make v4 and v6 look similar.
Fixes a potential mbuf leak when pf_route6() called pf_refragment6()
and it failed. Now the mbuf is always freed by ip6_fragment().
OK dlg@ mvs@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the first cut of this diff was made with coccinelle using this spatch:
@rule@
type caddr_t;
expression m, off, len, cp;
@@
-m_copydata(m, off, len, (caddr_t)cp)
+m_copydata(m, off, len, cp)
i had fix it's opinionated idea of formatting by hand though, so
i'm not sure it was worth it.
ok deraadt@ bluhm@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
using the ipv6 next protocol header probably doesnt work. it also
probably doesnt matter cos i'm not sure anyone uses this feature in
bridge. or maybe there isn't anyone who uses ipv6. both are plausible
options.
hahaha^Wok patrick@
|
| |
|
|
| |
ok bluhm@ sashan@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ifs = ifunit(req->ifbr_ifsname);
if (ifs == NULL) {
error = ENOENT;
break;
}
if (ifs->if_bridgeidx != ifp->if_index) {
error = ESRCH;
break;
}
bif = bridge_getbif(ifs);
This sequence repeats 8 times. Also we don't check value returned by
bridge_getbig() before use. Newly introduced bridge_getbig() function
replaces this sequence. This not only reduces duplicated code but also
makes `bif' dereference safe.
ok bluhm@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bridge(4) drops packets coming from somewhere else that have a
source MAC address that's owned by one of the interfaces that's a
member of the bridge. because this check was done with bridge_ourether,
it included the addresses of active carp interfaces hanging off
these member interfaces. this meant if the local machine is the
carp master while another machine is trying to preempt it by sending
hellos, the packets from the other machine were dropped because the
local one is already the master.
carp roles are supposed to move around a l2 network, so another
host sending a packet with a carp mac address is actually normal
and necessary.
found by and fix tested by stsp@
ok stsp@ claudio@
|
| |
|
|
|
|
| |
if_detach() will do this.
ok kn@
|
| |
|
|
| |
joint work markus@ patrick@ bluhm@
|
| |
|
|
|
|
|
| |
Replace this pointer by interface index. This allow us to avoid some use
after free issues caused by ifioctl() races.
ok sashan@
|
| |
|
|
| |
ok yasuoka@
|
| |
|
|
|
|
|
|
|
|
|
| |
this is a step toward making all types of bridges coordinate their
use of port interfaces, and is a step toward deprecating the interface
input handler lists.
bridge(4), switch(4), and tpmr(4) now coordinate their access so
only one of them can own a port at a time.
this has been in snaps as part of a larger diff for over a week.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this was annoying if i made a typo like "ifconfig bridge0 add gre0"
instead of "ifconfig bridge0 add egre0" because it would create gre0
and then get upset cos it's not an Ethernet interface. also, it
left gre0 lying around.
this used to be useful when configuring a bridge on boot because
interfaces used to be created when they were configured, and bridges
could be configured before some virtual interfaces. however, netstart
now creates all necessary interfaces before configuring any of them,
so bridge being helpful isn't necessary anymore.
ok kn@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
time_second(9) and time_uptime(9) are widely used in the kernel to
quickly get the system UTC or system uptime as a time_t. However,
time_t is 64-bit everywhere, so it is not generally safe to use them
on 32-bit platforms: you have a split-read problem if your hardware
cannot perform atomic 64-bit reads.
This patch replaces time_second(9) with gettime(9), a safer successor
interface, throughout the kernel. Similarly, time_uptime(9) is replaced
with getuptime(9).
There is a performance cost on 32-bit platforms in exchange for
eliminating the split-read problem: instead of two register reads you
now have a lockless read loop to pull the values from the timehands.
This is really not *too* bad in the grand scheme of things, but
compared to what we were doing before it is several times slower.
There is no performance cost on 64-bit (__LP64__) platforms.
With input from visa@, dlg@, and tedu@.
Several bugs squashed by visa@.
ok kettenis@
|
| |
|
|
|
|
|
|
|
| |
promiscuous mode from bridge(4). This fixes a regression of r1.332
of sys/net/if_bridge.c.
splassert with bridge(4) and vlan(4) reported by David Hill
OK mpi@, dlg@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the main semantic change is that things registering detach hooks
have to allocate and set a task structure that then gets added to
the list. this means if the task is allocated up front (eg, as part
of carps softc or bridges port structure), it avoids the possibility
that adding a hook can fail. a lot of drivers weren't checking for
failure, and unwinding state in the event of failure in other parts
was error prone.
while doing this i discovered that the list operations have to be
in a particular order, but drivers weren't doing that consistently
either. this diff wraps the list ops up so you have to seriously
go out of your way to screw them up.
ive also sprinkled some NET_ASSERT_LOCKED around the list operations
so we can make sure there's no potential for the list to be corrupted,
especially while it's being run.
hrvoje popovski has tested this a bit, and some issues he discovered
have been fixed.
ok sashan@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix an issue reported by Eygene Ryabinkin where packet where dropped by
pf(4) because a vlan(4) interface was picked instead of its underlying
em(4).
While here do some refactoring to avoid code duplication.
Based on a submission from Eygene Ryabinkin <rea at codelabs dot ru>.
ok bluhm@, kn@
|
| |
|
|
| |
ok dlg@, sthen@, millert@
|
| | |
|
| |
|
|
| |
From Eygene Ryabinkin.
|
| |
|
|
|
|
|
|
| |
Since `bif' are removed from the interface list before calling smr_barrier()
and the hash queue is cleaned up afterward, it is possible to find an ifidx
with bridge_rtlookup() that won't match to any `bif'.
Fix a panic reported by Hrvoje Popovski, ok visa@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This removes the KERNEL_LOCK() around the list iteration in bridge_enqueue().
Since the NET_LOCK() isn't protecting any data structure, release it early
in all the code paths coming from the Network Stack to prevent possible
deadlock situations with smr_barrier().
bridge_input() is still KERNEL_LOCK()ed as well as bridge_filterrule().
ok visa@
|
| |
|
|
| |
OK mpi@
|
| |
|
|
|
|
| |
when multiple interfaces do MAC filtering.
Memory leak reported by Daniel Levai
With and OK mpi@
|
| |
|
|
|
|
| |
caused a hanging "ifconfig bridge0 destroy" and a subsequent uvm
fault.
reported and tested by Hrvoje Popovski; OK visa@
|
| |
|
|
|
|
|
|
| |
This redefines the ifp <-> bridge relationship. No lock can be
currently used across the multiples contexts where the bridge has
tentacles to protect a pointer, use an interface index.
Tested by various, ok dlg@, visa@
|
| |
|
|
|
|
| |
conditional timeout_barrier(9).
OK kn@ dlg@
|
| |
|
|
| |
ok visa@
|
| | |
|
| |
|
|
| |
ok visa@
|
| |
|
|
|
|
| |
This will help for future (un)locking.
ok visa@
|
| |
|
|
| |
inputs & ok visa@
|
| |
|
|
|
|
| |
the timeout handler if the interface is running.
ok claudio@
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
- Do checks that do not access shared data structures first, they don't
need locking and save us some dances.
- Use the common !ETHER_IS_MULTICAST() idiom and move some code that won't
be executed if the bridge(4) is down.
ok bluhm@, visa@
|
| |
|
|
| |
ok kn@, claudio@, visa@
|
| |
|
|
| |
ok claudio@, kn@, visa@
|
| |
|
|
|
|
| |
grained locking.
ok visa@, florian@
|
| |
|
|
|
|
|
|
|
|
| |
- Unify the two hooks by passing the same argument
- Check for nullity before dereferencing `if_bridgeport', this will
matter when we go MP
- Use the same pattern to find a member in the ioctl path
ok bluhm@, visa@
|
| |
|
|
|
|
| |
enough.
ok sthen@, visa@
|
| |
|
|
| |
Tested by Hrvoje Popovski, inputs and ok visa@
|
| |
|
|
|
|
|
| |
Wireless drivers call if_enqueue() out of the NET_LOCK() so it cannot
be used to serialize bridge(4) states.
Found by stsp@, ok visa@
|
| |
|
|
| |
ok visa@
|
| |
|
|
|
|
|
| |
Tested by Hrvoje Popovski who measured a 30% improvement of forwarded
packets in the best case.
ok visa@
|
| |
|
|
| |
ok bluhm@, visa@
|
| |
|
|
|
|
|
|
|
| |
this is the same check that's done when adding normal members to
the bridge. it prevents things like gif(4) being added to the bridge,
which in turn prevents panics when shoving ethernet packets down a
layer 3 interface.
reported and tested by jasper@
|
| |
|
|
|
|
|
| |
The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
| |
|
|
|
| |
triggered by djm's dhclient on vether on bridge setup
ok djm benno claudio
|
| |
|
|
|
|
|
|
|
|
|
| |
Bridge members that are part of the same protected domain, refered by
a number between 1 and 31, cannot talk to each others. This is useful
to isolate VMs or untrusted networks at layer 2.
Members can be part of multiple protected domain making it possible to
create complex protected setups.
ok ccardenas@, claudio@, dlg@, henning@
|
dlg
bluhm
mvs
cheloha
visa
mpi
sashan
claudio
henning