summaryrefslogtreecommitdiffstats
path: root/sys/net/if_ethersubr.c
Commit message (Collapse)AuthorAgeFilesLines
* Add the "Monitor" interface flag.phk2002-09-271-0/+7
| | | | | | | | | | Setting this flag on an ethernet interface blocks transmission of packets and discards incoming packets after BPF processing. This is useful if you want to monitor network trafic but not interact with the network in question. Sponsored by: http://www.babeltech.dk
* Be a bit more technical:phk2002-09-261-1/+1
| | | | Technically junk may have low entropy.
* Optimize the way we call BPF a tiny bit: If we chop the ether-header offphk2002-09-181-8/+7
| | | | | | | ourselves, call bpf before we do so, rather than re-construct the entire thing afterwards. Sponsored: http://www.babeltech.dk/
* Fix the GENERIC build. Don't refer to the non-existant fw_one_pass.obrien2002-09-121-1/+1
|
* Make bridging and layer2-ipfw obey net.inet.ip.fw.one_pass.luigi2002-09-121-2/+2
| | | | | | | | | | | | I should have committed this ages ago. The MFC for if_ethersubr.c could be done in the usual few days (only ipfw2 uses it), the one for bridge.c should probably wait until after 4.7 because it changes an existing though mostly undocumented behaviour (on which i hope nobody relies). All in all, i'll wait for both things unless there is demand. MFC after: 35 days
* Fix a silly typo in user-setable promisc mode code.sobomax2002-08-301-1/+1
| | | | | Pointed out by: Yann Berthier <yb@sainte-barbe.org> MFC after: 1 day
* Implement user-setable promiscuous mode (a new `promisc' flag for ifconfig(8)).sobomax2002-08-191-2/+2
| | | | | | | | | Also, for all interfaces in this mode pass all ethernet frames to upper layer, even those not addressed to our own MAC, which allows packets encapsulated in those frames be processed with packet filters (ipfw(8) et al). Emphatically requested by: Anton Turygin <pa3op@ukr-link.net> Valuable suggestions by: fenner
* Extend the interface to ether_input(): a NULL eh pointer means thatluigi2002-08-041-12/+26
| | | | | | | | | | | | | | | | | | | | the mbuf contains the ethernet header (eh) as well, which ether_input() will strip off as needed. This permits the removal (in a backward compatible way) of the header removal code which right now is replicated in all drivers, sometimes in an inconsistent way. Also, because many functions called after ether_input() require the eh in the mbuf, eventually we can propagate the interface and handle outdated drivers just in ether_input(). Individual driver changes to use the new interface will follow as we have a chance to touch them. NOTE THAT THIS CHANGE IS FULLY BACKWARD COMPATIBLE AND DOES NOT BREAK BINARY COMPATIBILITY FOR DRIVERS. MFC after: 3 days
* Introduce support for Mandatory Access Control and extensiblerwatson2002-07-311-0/+12
| | | | | | | | | | | | | | kernel access control. Label mbufs received via ethernet-based interfaces by invoking appropriate MAC framework entry points. Perform access control checks on out-going mbufs delivered via ethernet-based interfaces by invoking appropriate MAC entry points. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
* Remove one useless variable.luigi2002-06-301-3/+1
|
* fix indentation, whitespace and a few comments.luigi2002-06-231-31/+28
|
* Remove (almost all) global variables that were used to holdluigi2002-06-221-29/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | packet forwarding state ("annotations") during ip processing. The code is considerably cleaner now. The variables removed by this change are: ip_divert_cookie used by divert sockets ip_fw_fwd_addr used for transparent ip redirection last_pkt used by dynamic pipes in dummynet Removal of the first two has been done by carrying the annotations into volatile structs prepended to the mbuf chains, and adding appropriate code to add/remove annotations in the routines which make use of them, i.e. ip_input(), ip_output(), tcp_input(), bdg_forward(), ether_demux(), ether_output_frame(), div_output(). On passing, remove a bug in divert handling of fragmented packet. Now it is the fragment at offset 0 which sets the divert status of the whole packet, whereas formerly it was the last incoming fragment to decide. Removal of last_pkt required a change in the interface of ip_fw_chk() and dummynet_io(). On passing, use the same mechanism for dummynet annotations and for divert/forward annotations. option IPFIREWALL_FORWARD is effectively useless, the code to implement it is very small and is now in by default to avoid the obfuscation of conditionally compiled code. NOTES: * there is at least one global variable left, sro_fwd, in ip_output(). I am not sure if/how this can be removed. * I have deliberately avoided gratuitous style changes in this commit to avoid cluttering the diffs. Minor stule cleanup will likely be necessary * this commit only focused on the IP layer. I am sure there is a number of global variables used in the TCP and maybe UDP stack. * despite the number of files touched, there are absolutely no API's or data structures changed by this commit (except the interfaces of ip_fw_chk() and dummynet_io(), which are internal anyways), so an MFC is quite safe and unintrusive (and desirable, given the improved readability of the code). MFC after: 10 days
* Add ipfw hooks to ether_demux() and ether_output_frame().luigi2002-05-131-0/+146
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ipfw processing of frames at layer 2 can be enabled by the sysctl variable net.link.ether.ipfw=1 Consider this feature experimental, because right now, the firewall is invoked in the places indicated below, and controlled by the sysctl variables listed on the right. As a consequence, a packet can be filtered from 1 to 4 times depending on the path it follows, which might make a ruleset a bit hard to follow. I will add an ipfw option to tell if we want a given rule to apply to ether_demux() and ether_output_frame(), but we have run out of flags in the struct ip_fw so i need to think a bit on how to implement this. to upper layers | | +----------->-----------+ ^ V [ip_input] [ip_output] net.inet.ip.fw.enable=1 | | ^ V [ether_demux] [ether_output_frame] net.link.ether.ipfw=1 | | +->- [bdg_forward]-->---+ net.link.ether.bridge_ipfw=1 ^ V | | to devices
* Fix a couple of incorrect m_free() vs. m_freem() usages and related issues.luigi2002-04-041-1/+8
| | | | Reviewed-by: brooks
* Fixed some style bugs in the removal of __P(()). The main ones werebde2002-03-241-1/+1
| | | | | | not removing tabs before "__P((", and not outdenting continuation lines to preserve non-KNF lining up of code with parentheses. Switch to KNF formatting and/or rewrap the whole prototype in some cases.
* Remove __P.alfred2002-03-191-2/+2
|
* Remove useless initialization to 0 of a couple of global variables.luigi2002-02-151-2/+2
|
* It turns out that when a broadcast packet is looped back, the checksumsjesper2002-01-111-0/+13
| | | | | | | | | | | | are checked on the way in even if they were not calculated on the way out. This fixes rwhod PR: 31954 Submitted by: fenner Approved by: fenner MFC after: 1 week
* minor style fix.jlemon2001-12-141-0/+1
|
* Moved the updating of if_ibytes from ether_demux() to ether_input() to fixdg2001-12-141-1/+2
| | | | | | | a bug where the interface input bytes count wasn't updated when bridging is enabled. MFC after: 3 days
* Update to C99, s/__FUNCTION__/__func__/,obrien2001-12-101-1/+1
| | | | also don't use ANSI string concatenation.
* Don't pass an interface pointer to VLAN_INPUT{,_TAG}. Get it from thebrooks2001-12-031-1/+1
| | | | | | mbuf instead. Suggested by: fenner
* MFS: sync the ipfw/dummynet/bridge code with the one recently mergedluigi2001-11-041-7/+7
| | | | into stable (mostly , but not only, formatting and comments changes).
* bring in ARP support for variable length link level addressesfjoe2001-10-141-2/+3
| | | | | | | Reviewed by: jdp Approved by: jdp Obtained from: NetBSD MFC after: 6 weeks
* Set if_type and if_addrlen before calling if_attach(), so the values arejlemon2001-10-111-1/+1
| | | | available for the routine to use.
* Make it so dummynet and bridge can be loaded as modules.ps2001-10-051-24/+18
| | | | Submitted by: billf
* Remove/comment tokens after #endif (#endif NETATALK)peter2001-09-101-2/+2
|
* Wrap array accesses in macros, which also happen to be lvalues:jlemon2001-09-061-1/+1
| | | | | | | ifnet_addrs[i - 1] -> ifaddr_byindex(i) ifindex2ifnet[i] -> ifnet_byindex(i) This is intended to ease the conversion to SMPng.
* Make vlan(4) loadable, unloadable, and clonable. As a side effect,brooks2001-09-051-13/+7
| | | | | | | interfaces must now always enable VLAN support. Reviewed by: jlemon MFC after: 3 weeks
* Do not perform arp send/resolve on an interface marked NOARP.jlemon2001-06-151-0/+5
| | | | | PR: 25006 MFC after: 2 weeks
* Get IP multicast working on VLAN devices:fenner2001-05-021-6/+2
| | | | | | | | | | | - Allocate zeroed memory in ether_resolvemulti() to prevent equal() from comparing garbage and determining that two otherwise-equal sockaddr_dls are different. - Fill in all required fields of the sockaddr_dl - Actually copy the multicast address into the sockaddr_dl when calling if_addmulti() - Don't claim that we don't have a way to resolve layer 3 addresses into layer 2 addresses; use the ethernet way.
* Plug several mbuf leaks in error cases (in nd6)bmilekic2001-03-111-2/+1
| | | | Submitted by: jhay
* Insert entropy harvesting calls for network traffic. Bymarkm2001-02-181-0/+4
| | | | default, no entropy will be harvested.
* Sync with the bridge/dummynet/ipfw code already tested in stable.luigi2001-02-101-6/+1
| | | | | In ip_fw.[ch] change a couple of variable and field names to avoid having types, variables and fields with the same name.
* When we receive an incoming Ethernet frame that was unicast to aarchie2001-02-081-10/+14
| | | | | | | | | different hardware address, we should drop it (this should only happen in promiscuous mode). Relocate the code for this check from before ng_ether(4) processing to after ng_ether(4) processing. Also fix a compiler warning. PR: kern/24465
* MFS: bridge/ipfw/dummynet fixes (bridge.c will be committed separately)luigi2001-02-021-10/+23
|
* Comment the interface to ether_input() and the way is normallyluigi2001-01-251-0/+9
| | | | used by most ethernet drivers.
* * Rename M_WAIT mbuf subsystem flag to M_TRYWAIT.bmilekic2000-12-211-2/+2
| | | | | | | | | | | | | | | | | | This is because calls with M_WAIT (now M_TRYWAIT) may not wait forever when nothing is available for allocation, and may end up returning NULL. Hopefully we now communicate more of the right thing to developers and make it very clear that it's necessary to check whether calls with M_(TRY)WAIT also resulted in a failed allocation. M_TRYWAIT basically means "try harder, block if necessary, but don't necessarily wait forever." The time spent blocking is tunable with the kern.ipc.mbuf_wait sysctl. M_WAIT is now deprecated but still defined for the next little while. * Fix a typo in a comment in mbuf.h * Fix some code that was actually passing the mbuf subsystem's M_WAIT to malloc(). Made it pass M_WAITOK instead. If we were ever to redefine the value of the M_WAIT flag, this could have became a big problem.
* Remove unused variable, spl() manipulation isn't done for the ifq now.jlemon2000-11-251-1/+0
|
* Lock down the network interface queues. The queue mutex must be obtainedjlemon2000-11-251-31/+7
| | | | | | | | | | | | | | before adding/removing packets from the queue. Also, the if_obytes and if_omcasts fields should only be manipulated under protection of the mutex. IF_ENQUEUE, IF_PREPEND, and IF_DEQUEUE perform all necessary locking on the queue. An IF_LOCK macro is provided, as well as the old (mutex-less) versions of the macros in the form _IF_ENQUEUE, _IF_QFULL, for code which needs them, but their use is discouraged. Two new macros are introduced: IF_DRAIN() to drain a queue, and IF_HANDOFF, which takes care of locking/enqueue, and also statistics updating/start if necessary.
* Properly setup link level header length for 802.2 and SNAP frames.bp2000-09-301-2/+2
|
* Get rid of a panic that occurs in ether_demux() by dereferencing a NULL mbufbmilekic2000-09-241-1/+9
| | | | | | | | | pointer, when bridging and bridge_ipfw are enabled, and when bdg_forward() happens to free the packet and make our pointer NULL. There may be more similar problems like this one with calls to bdg_forward(). PR: Related to kern/19551 Reviewed by: jlemon
* Make the bridge_refresh operation automatic when ethernet interfacesnsayer2000-07-291-0/+6
| | | | are attached or detached.
* Make all Ethernet drivers attach using ether_ifattach() and detach usingarchie2000-07-131-5/+21
| | | | | | | | | ether_ifdetach(). The former consolidates the operations of if_attach(), ng_ether_attach(), and bpfattach(). The latter consolidates the corresponding detach operations. Reviewed by: julian, freebsd-net
* repair IPV6_JOIN_GROUP to IPv6 all multi.itojun2000-07-091-0/+10
| | | | From: ume
* sync with kame tree as of july00. tons of bug fixes/improvements.itojun2000-07-041-4/+0
| | | | | | | API changes: - additional IPv6 ioctls - IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8). (also syntax change)
* Fix kernel build breakage when 'device ether' was not included.archie2000-06-291-11/+0
|
* Make the ng_ether(4) node type dynamically loadable like the rest.archie2000-06-261-422/+96
| | | | | | | | | | | | | This means 'options NETGRAPH' is no longer necessary in order to get netgraph-enabled Ethernet interfaces. This supports loading/unloading the ng_ether.ko and attaching/detaching the Ethernet interface in any order. Add two new hooks 'upper' and 'lower' to allow access to the protocol demux engine and the raw device, respectively. This enables bridging to be defined as a netgraph node, if so desired. Reviewed by: freebsd-net@freebsd.org
* Do not perform any opeartion with mbuf after it placed intobp2000-06-141-5/+5
| | | | | | interface queue. Tested by: Bosko Milekic <bmilekic@dsuper.net>
* Just need to pass the address family to if_simloop(), not the whole sockaddr.archie2000-05-241-2/+2
|
OpenPOWER on IntegriCloud