| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ifs = ifunit(req->ifbr_ifsname);
if (ifs == NULL) {
error = ENOENT;
break;
}
if (ifs->if_bridgeidx != ifp->if_index) {
error = ESRCH;
break;
}
bif = bridge_getbif(ifs);
This sequence repeats 8 times. Also we don't check value returned by
bridge_getbig() before use. Newly introduced bridge_getbig() function
replaces this sequence. This not only reduces duplicated code but also
makes `bif' dereference safe.
ok bluhm@
|
| |
|
|
|
|
|
| |
Replace this pointer by interface index. This allow us to avoid some use
after free issues caused by ifioctl() races.
ok sashan@
|
| |
|
|
|
|
| |
as signed. u_int used within pipex(4) for consistency with other code.
ok dlg@ mpi@
|
| |
|
|
| |
ok yasuoka@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this is largely mechanical, except for carp. this moves the addition
of the carp link state hook after we're committed to using the new
interface as a carpdev. because the add can't fail, we avoid a
complicated unwind dance. also, this tweaks the carp linkstate hook
so it only updates the relevant carp interface, not all of the
carpdevs on the parent.
hrvoje popovski has tested an early version of this diff and it's
generally ok, but there's some splasserts that this diff fires that
i'll fix in an upcoming diff.
ok claudio@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the main semantic change is that things registering detach hooks
have to allocate and set a task structure that then gets added to
the list. this means if the task is allocated up front (eg, as part
of carps softc or bridges port structure), it avoids the possibility
that adding a hook can fail. a lot of drivers weren't checking for
failure, and unwinding state in the event of failure in other parts
was error prone.
while doing this i discovered that the list operations have to be
in a particular order, but drivers weren't doing that consistently
either. this diff wraps the list ops up so you have to seriously
go out of your way to screw them up.
ive also sprinkled some NET_ASSERT_LOCKED around the list operations
so we can make sure there's no potential for the list to be corrupted,
especially while it's being run.
hrvoje popovski has tested this a bit, and some issues he discovered
have been fixed.
ok sashan@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This removes the KERNEL_LOCK() around the list iteration in bridge_enqueue().
Since the NET_LOCK() isn't protecting any data structure, release it early
in all the code paths coming from the Network Stack to prevent possible
deadlock situations with smr_barrier().
bridge_input() is still KERNEL_LOCK()ed as well as bridge_filterrule().
ok visa@
|
| |
|
|
|
|
|
|
| |
This redefines the ifp <-> bridge relationship. No lock can be
currently used across the multiples contexts where the bridge has
tentacles to protect a pointer, use an interface index.
Tested by various, ok dlg@, visa@
|
| |
|
|
|
|
| |
This will help for future (un)locking.
ok visa@
|
| |
|
|
| |
inputs & ok visa@
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
- Do checks that do not access shared data structures first, they don't
need locking and save us some dances.
- Use the common !ETHER_IS_MULTICAST() idiom and move some code that won't
be executed if the bridge(4) is down.
ok bluhm@, visa@
|
| |
|
|
|
|
| |
grained locking.
ok visa@, florian@
|
| |
|
|
|
|
| |
enough.
ok sthen@, visa@
|
| |
|
|
|
|
|
|
|
|
|
| |
Bridge members that are part of the same protected domain, refered by
a number between 1 and 31, cannot talk to each others. This is useful
to isolate VMs or untrusted networks at layer 2.
Members can be part of multiple protected domain making it possible to
create complex protected setups.
ok ccardenas@, claudio@, dlg@, henning@
|
| |
|
|
|
|
|
|
| |
allows arp (and rarp) requests and replies to be matched, including matching
based on the source and target host and protocol adresses, and thus control
over arp traffic and learning.
written for medical x-ray machines, but useful in many spread out L2 networks
ok claudio benno
|
| |
|
|
|
|
| |
inside pf later on. pfsync can use the one from ip_ipsp.h and bridge can
have its own version for now.
OK mpi@ phessler@
|
| |
|
|
|
|
| |
serialize access to bridge(4) data structures.
ok mikeb@
|
| |
|
|
|
|
| |
code to if.c.
ok mpi@
|
| |
|
|
|
|
| |
confusion about the tunnel endpoints when responding to the peer.
OK yasuoka@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
mode, vxlan(4) must be configured to accept any virtual network
identifier with "vnetid any" and added to a bridge(4) or switch(4).
This way the driver will dynamically learn the tunnel endpoints and
their vnetids for the responses and can be used to dynamically bridge
between VXLANs. It is also being used in combination with switch(4)
and the OpenFlow tunnel classifiers.
With input from yasuoka@ goda@
OK deraadt@ dlg@
|
| |
|
|
| |
ok deraadt@ yasuoka@ reyk@ henning@
|
| |
|
|
|
|
|
|
|
| |
switch(4) currently supports OpenFlow 1.3.5.
Currently, it's disabled by the kernel config.
With help from yasuoka@ reyk@ jsg@.
ok deraadt@ yasuoka@ reyk@ henning@
|
| |
|
|
|
|
|
| |
Splitting functions in if_bridge.c into if_bridge.c for the forwarding part
and bridgectl.c for the control part. It shouldn't have any functional change.
ok reyk@ mpi@ yasuoka@
|
| |
|
|
| |
ok reyk mpi
|
| |
|
|
|
|
|
|
| |
This allows more flexible configurations with vlan(4) and bridge(4) on
top of the same physical interface. In particular it allows to not feed
VLAN tagget packets into a bridge(4).
Fix regression reported by Armin Wolfermann on bugs@, ok dlg@
|
| |
|
|
|
| |
This fixes a crash during ifconfig bridge0 destroy.
OK mpi@
|
| |
|
|
|
|
|
|
|
| |
ifp in order to access its ifih handlers.
So get rid of if_get() in the various ifih handlers we know the ifp is
live at this point.
ok dlg@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Move bridge_input() outside of ether_input() in order to duplicate packets
flowing through a bridge port before applying any transformation on mbufs.
This saves a various m_adj(9)/M_PREPEND(9) dances and remove the bridge(4)
hack from vlan(4).
Tested by mxb <mxb AT alumni DOT chalmers DOT se> and kettenis@
ok bluhm@
|
| | |
|
| |
|
|
|
|
| |
before <net/pfvar.h> or <net/if_pflog.h>. The kernel files can be
cleaned up next. Some sockaddr_union steps make it into here as well.
ok naddy
|
| | |
|
| |
|
|
|
| |
bridge_tunnelupdate to a more generic name bridge_copyaddr.
No functional change.
|
| |
|
|
|
|
|
|
|
| |
interface. VXLAN is a UDP-based tunnelling protocol for overlaying
virtualized layer 2 networks over layer 3 networks. The implementation
is based on draft-mahalingam-dutt-dcops-vxlan-04 and has been tested
with other implementations in the wild.
put it in deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This way the configuration order is preserved. Order matters
because MAC address are not unique: vlan interfaces can have
the same MAC as their parent.
Frames destined for the bridge itself are now delivered to
the first-configured interface that matches the MAC instead
of the last-configured. This means that the bridge behavior
does not suddenly change anymore when adding a vlan interface.
ok henning reyk (a while ago)
|
| |
|
|
|
|
|
|
|
|
| |
of to the bridge itself. This is ok, since an interface can only be part
of one bridge, and the parent bridge is easy to find from the bridgeport.
This way we can get rid of a lot of list walks, improving performance
and shortening the code.
ok henning stsp sthen reyk
|
| |
|
|
|
|
| |
Even though this violates IEEE 802.1D, we'd rather avoid bridging loops
by not getting in the way of STP.
OK henning, camield, reyk
|
| |
|
|
| |
ok from the m guild: mikeb@ miod@ mpf@
|
| |
|
|
| |
OK blambert, claudio.
|
| |
|
|
|
| |
bstp_input() always consumes the packet so remove the mbuf handling
dance around it.
|
| |
|
|
|
|
|
|
|
|
|
| |
P2P is commonly used in relation to peer to peer networks, PTP is used
in various protocols for layer 2 point to point links (ie., full
duplex ethernet links).
note that the newly added brconfig commands [-]p2p and [-]autop2p will
change to [-]ptp and [-]autoptp.
suggested by Andrew Thompson (thompsa@freebsd.org)
|
| |
|
|
|
|
|
|
|
|
| |
by Andrew Thompson (thompsa@freebsd.org). The local changes include
adoption to our bridge code, reduced stack usage and many other bits.
If stp is enabled, RSTP will now be used by default.
Thanks for help from Andrew.
This code has been in snaps for while now, commit encouraged by deraadt@
|
| | |
|
| |
|
|
|
|
|
| |
address dynamically on this interface after successful association.
this could speed wireless roaming to openbsd accesspoints.
ok jason@, jsg@ can't see anything obectionable
|
| |
|
|
| |
ok mickey@ henning@, "looks good" markus@ jason@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
on bridge rule load translate tagnames to pf tags using pf_tagname2tag etc
if packets match a bridge filter rule tag them using pf_tag_packet() with
the given tag
help dhartmei@
ok deraadt@ jason@ dhartmei@
|
| | |
|
| | |
|
mvs
dlg
mpi
henning
claudio
rzalamena
reyk
goda
yasuoka
bluhm
deraadt
tedu
camield
mpf
fgsch
markus
jason