| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
tested on amd64 and sparc64.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the first cut of this diff was made with coccinelle using this spatch:
@rule@
type caddr_t;
expression m, off, len, cp;
@@
-m_copydata(m, off, len, (caddr_t)cp)
+m_copydata(m, off, len, cp)
i had fix it's opinionated idea of formatting by hand though, so
i'm not sure it was worth it.
ok deraadt@ bluhm@
|
| |
|
|
|
|
|
|
|
| |
switch_clone_destroy(). This fixes netlock assertion within underlay
ifpromisc(). The problem was reported by hrvoje@ [1].
"why not" by deraadt@
1. https://marc.info/?l=openbsd-bugs&m=161338077403538&w=2
|
| |
|
|
| |
ok dlg@
|
| |
|
|
|
|
| |
if_detach() will do this.
ok kn@
|
| |
|
|
| |
ok deraadt@
|
| |
|
|
|
|
|
| |
Replace this pointer by interface index. This allow us to avoid some use
after free issues caused by ifioctl() races.
ok sashan@
|
| |
|
|
| |
ok mpi@
|
| |
|
|
|
|
| |
In accordance to bridge(4) which behaves correctly as per the manual.
OK dlg
|
| |
|
|
| |
ok yasuoka@
|
| |
|
|
|
|
|
|
| |
this is a step toward making all types of bridges coordinate their
use of port interfaces, and is a step toward deprecating the interface
input handler lists.
this has been in snaps as part of a larger diff for over a week.
|
| |
|
|
|
|
|
| |
the packet parsing code expects Ethernet packets, so only allow
Ethernet interfaces to be added.
ok sthen@
|
| |
|
|
|
|
| |
"new" API.
ok dlg@ tobhe@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the main semantic change is that things registering detach hooks
have to allocate and set a task structure that then gets added to
the list. this means if the task is allocated up front (eg, as part
of carps softc or bridges port structure), it avoids the possibility
that adding a hook can fail. a lot of drivers weren't checking for
failure, and unwinding state in the event of failure in other parts
was error prone.
while doing this i discovered that the list operations have to be
in a particular order, but drivers weren't doing that consistently
either. this diff wraps the list ops up so you have to seriously
go out of your way to screw them up.
ive also sprinkled some NET_ASSERT_LOCKED around the list operations
so we can make sure there's no potential for the list to be corrupted,
especially while it's being run.
hrvoje popovski has tested this a bit, and some issues he discovered
have been fixed.
ok sashan@
|
| |
|
|
|
|
|
|
| |
it was previously (ab)used by pflog, which has since been fixed.
apart from that nothing else used it, so we can trim the cruft.
ok kn@ claudio@ visa@
visa@ also made sure i fixed ipw(4) so i386 won't break.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
bridge(4), where the SIOCBRDGSIFPROT ioctl can be used to add a port to up
to 31 protected domains. This allows configuration by specifying a list of
IDs to the 'protected' option in ifconfig(8):
# ifconfig switch0 protected pair1 1,2,..
Domain membership is checked for unicast, flooded (broadcast), and
local (host-network-bound, e.g. trunk) traffic.
OK benno@
|
| |
|
|
|
|
|
|
| |
This redefines the ifp <-> bridge relationship. No lock can be
currently used across the multiples contexts where the bridge has
tentacles to protect a pointer, use an interface index.
Tested by various, ok dlg@, visa@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
syzkaller as pool corruption panic. It is unclear which bug caused
what, but it should be better now.
- Check M_PKTHDR with assertion before accessing m_pkthdr.
- Do not access oh_length without m_pullup().
- After checking if there is space at the end of the mbuf, don't
overwrite the data at the beginning. Append the new content.
- Do not set m_len and m_pkthdr.len when it is unclear whether
the ofp_error header fits at all. Use m_makespace() to adjust
the mbuf.
Reported-by: syzbot+6efc0a9d5b700b54392e@syzkaller.appspotmail.com
test akoshibe@; OK claudio@
|
| |
|
|
|
|
| |
enough.
ok sthen@, visa@
|
| |
|
|
|
|
|
| |
The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
| |
|
|
|
|
| |
memory shortage. As it is invoked from a system call, it should
not fail and wait instead.
OK visa@ mpi@
|
| |
|
|
|
|
| |
a DOWN interface.
ok visa@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IPv4 & IPv6 dispatch functions outside the KERNEL_LOCK().
We currently rely on the NET_LOCK() serializing access to most global
data structures for that. IP input queues are no longer used in the
forwarding case. They still exist as boundary between the network and
transport layers because TCP/UDP & friends still need the KERNEL_LOCK().
Since we do not want to grab the NET_LOCK() for every packet, the
softnet thread will do it once before processing a batch. That means
the L2 processing path, which is currently running without lock, will
now run with the NET_LOCK().
IPsec isn't ready to run without KERNEL_LOCK(), so the softnet thread
will grab the KERNEL_LOCK() as soon as ``ipsec_in_use'' is set.
Tested by Hrvoje Popovski.
ok visa@, bluhm@, henning@
|
| |
|
|
|
|
| |
Sprinkle some #ifdef INET6 and do not use in6addr_any from the
netinet6 code.
test and OK rzalamena@
|
| |
|
|
|
|
| |
and unused functions.
ok reyk@
|
| |
|
|
|
|
|
| |
make sure to not accept anything else outside of the header size
boundaries.
ok reyk@
|
| |
|
|
|
|
| |
dedicated number. Both changes for consistency.
OK rzalamena@
|
| |
|
|
| |
ok reyk@
|
| |
|
|
| |
OK rzalamena@
|
| |
|
|
|
|
|
|
| |
eg. tcpdump -y openflow -i switch0
Includes a minor bump for libpcap.
Feedback and OK rzalamena@
|
| |
|
|
|
|
|
| |
write() to write one packet. With this we also get support for writing
multiple ofp packets with a single write.
ok mikeb@
|
| |
|
|
|
|
| |
function.
ok reyk@
|
| |
|
|
|
|
|
| |
might want to use it. For buffered packets we probably need to save that
somehow else, but we don't support it now.
ok reyk@
|
| |
|
|
| |
ok mikeb@
|
| |
|
|
|
|
| |
adding code to if.c.
ok mpi@
|
| |
|
|
|
|
| |
confusion about the tunnel endpoints when responding to the peer.
OK yasuoka@
|
| |
|
|
|
|
| |
the switch(4) without prior removal.
ok reyk@, goda@
|
| | |
|
| |
|
|
| |
ok yasuoka@ reyk@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
mode, vxlan(4) must be configured to accept any virtual network
identifier with "vnetid any" and added to a bridge(4) or switch(4).
This way the driver will dynamically learn the tunnel endpoints and
their vnetids for the responses and can be used to dynamically bridge
between VXLANs. It is also being used in combination with switch(4)
and the OpenFlow tunnel classifiers.
With input from yasuoka@ goda@
OK deraadt@ dlg@
|
| |
|
|
| |
ok deraadt@ yasuoka@ reyk@ henning@
|
|
|
switch(4) currently supports OpenFlow 1.3.5.
Currently, it's disabled by the kernel config.
With help from yasuoka@ reyk@ jsg@.
ok deraadt@ yasuoka@ reyk@ henning@
|
dlg
mvs
kn
patrick
akoshibe
mpi
bluhm
rzalamena
reyk
goda