| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
hooks for each outgoing interface but also run pfil hooks _N times_ on the
bridge interface. This is changed so pfil hooks are run once for the bridge
interface (bridge0) and then only on the outgoing interfaces in the broadcast
loop.
- Simplify bridge_enqueue() by moving bridge_pfil() to the callers.
- Check (inet6_pfil_hook.ph_busy_count >= 0), it may be possible to have a
packet filter hooked for only ipv6 but we were only checking if ipv4 hooks
were busy.
- Minor optimisation for null mbuf check after bridge_pfil(), move it into the
if-block as it couldnt possibly be null outside.
Prodded by: mlaier
Approved by: re (scottl), mlaier (mentor)
|
| |
|
|
|
|
|
|
|
|
|
| |
redundant with respect to existing mbuf copy label routines. Expose
a new mac_copy_mbuf() routine at the top end of the Framework and
use that; use the existing mpo_copy_mbuf_label() routine on the
bottom end.
Obtained from: TrustedBSD Project
Sponsored by: SPARTA, SPAWAR
Approved by: re (scottl)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
packet filter. This would cause a panic on architectures that require strict
alignment such as sparc64, ia64 and ppc.
This uses the code block from if_bridge and the newly added macro
IP_HDR_ALIGNED_P().
This /might/ be a temporary messure before all NIC drivers are educated
to align the header themself.
PR: ia64/81284
Obtained from: NetBSD (if_bridge)
Approved by: re (dwhite), mlaier (mentor)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
packet filter. This would cause a panic on architectures that require strict
alignment such as sparc64 (tier1) and ia64/ppc (tier2).
This adds two new macros that check the alignment, these are compile time
dependent on __NO_STRICT_ALIGNMENT which is set for i386 and amd64 where
alignment isn't need so the cost is avoided.
IP_HDR_ALIGNED_P()
IP6_HDR_ALIGNED_P()
Move bridge_ip_checkbasic()/bridge_ip6_checkbasic() up so that the alignment
is checked for ipfw and dummynet too.
PR: ia64/81284
Obtained from: NetBSD
Approved by: re (dwhite), mlaier (mentor)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Introducing the possibility of using locks different than mutexes
for the knlist locking. In order to do this, we add three arguments to
knlist_init() to specify the functions to use to lock, unlock and
check if the lock is owned. If these arguments are NULL, we assume
mtx_lock, mtx_unlock and mtx_owned, respectively.
- Using the vnode lock for the knlist locking, when doing kqueue operations
on a vnode. This way, we don't have to lock the vnode while holding a
mutex, in filt_vfsread.
Reviewed by: jmg
Approved by: re (scottl), scottl (mentor override)
Pointyhat to: ssouhlal
Will be happy: everyone
|
| |
|
|
|
|
|
|
|
|
| |
a cosmetic change. m_uiotombuf() produces a packet header mbuf, while
original implementation did not. When kernel is compiled with MAC
support, headerless mbuf will cause panic.
Reported by: Alexander Nikiforenko <asn rambler-co.ru>
Approved by: re (scottl)
MFC After: 2 weeks
|
| |
|
|
|
|
|
|
| |
Rename conflicting variables when handling SNAP Ethernet frames.
Obtained from: NetBSD
Approved by: mlaier (mentor)
Approved by: re (blanket)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
route itself.
It fixes a bug where an IPv4 route for example has an IPv6 gateway
specified:
route add 10.1.1.1 -inet6 fe80::1%fxp0
Destination Gateway Flags Refs Use Netif Expire
10.1.1.1 fe80::1%fxp0 UGHS 0 0 fxp0
The fix rejects these illegal combinations:
route: writing to routing socket: Invalid argument
add host 10.1.1.1: gateway fe80::1%fxp0: Invalid argument
Reviewed by: KAME jinmei@isl.rdc.toshiba.co.jp
Reviewed by: andre (mentor)
Approved by: re
MFC after: 5
|
| |
|
|
|
|
|
| |
pointer now and needs to be allocated before using.
Reviewed by: gnn
Approved by: re (scottl), rwatson (mentor)
|
| |
|
|
|
|
|
|
| |
pointer to a softc which is no longer valid since the ifnet struct was split
out from the softc.
Approved by: mlaier (mentor)
Approved by: re (blanket)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a DLT_NULL interface. In particular:
1) Consistently use type u_int32_t for the header of a
DLT_NULL device - it continues to represent the address
family as always.
2) In the DLT_NULL case get bpf_movein to store the u_int32_t
in a sockaddr rather than in the mbuf, to be consistent
with all the DLT types.
3) Consequently fix a bug in bpf_movein/bpfwrite which
only permitted packets up to 4 bytes less than the MTU
to be written.
4) Fix all DLT_NULL devices to have the code required to
allow writing to their bpf devices.
5) Move the code to allow writing to if_lo from if_simloop
to looutput, because it only applies to DLT_NULL devices
but was being applied to other devices that use if_simloop
possibly incorrectly.
PR: 82157
Submitted by: Matthew Luckie <mjl@luckie.org.nz>
Approved by: re (scottl)
|
| |
|
|
|
| |
Reported by: Hans Petter Selasky <hselasky at c2i dot net>
Approved by: re (ifnet blanked)
|
| |
|
|
| |
Submitted by: ume
|
| |
|
|
|
|
|
|
|
|
| |
fails.
Move detaching the ifnet from the ifindex_table into if_free so we can
both keep the sanity checks and actually delete the ifnets. [0]
Reported by: gallatin [0]
Approved by: re (blanket)
|
| |
|
|
|
| |
Reviewed by: brooks
Approved by: mlaier (mentor)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
struct ifnet or the layer 2 common structure it was embedded in have
been replaced with a struct ifnet pointer to be filled by a call to the
new function, if_alloc(). The layer 2 common structure is also allocated
via if_alloc() based on the interface type. It is hung off the new
struct ifnet member, if_l2com.
This change removes the size of these structures from the kernel ABI and
will allow us to better manage them as interfaces come and go.
Other changes of note:
- Struct arpcom is no longer referenced in normal interface code.
Instead the Ethernet address is accessed via the IFP2ENADDR() macro.
To enforce this ac_enaddr has been renamed to _ac_enaddr.
- The second argument to ether_ifattach is now always the mac address
from driver private storage rather than sometimes being ac_enaddr.
Reviewed by: sobomax, sam
|
| | |
|
| |
|
|
|
|
|
| |
This is the final piece to match bridge.c in functionality, we can now be a
drop-in replacement.
Approved by: mlaier (mentor)
|
| |
|
|
|
| |
in the rtm_index field whenever we have an interface pointer. This
is consistent with the RTM_GET messages returned by sysctl().
|
| |
|
|
|
|
|
|
|
| |
using the layer2, mac and mac-type keywords.
This is one of the last features that bridge.c has over if_bridge and gets us
very close to a full functional replacement.
Approved by: mlaier (mentor)
|
| |
|
|
|
|
|
|
|
| |
coded at 512 (BPF_MAXINSNS) to being tunable. This is useful for users
who wish to use complex or large bpf programs when filtering traffic.
For now we will default it to BPF_MAXINSNS. I have tested bpf programs
with well over 21,000 instructions without any problems.
Discussed with: phk
|
| |
|
|
| |
start the OpenBSD dhclient when links come up.
|
| |
|
|
|
|
| |
pfil_bridge to determine which interfaces to filter on.
Approved by: mlaier (mentor)
|
| |
|
|
| |
Approved by: mlaier (mentor)
|
| |
|
|
|
|
|
| |
ifnet so a buildworld is necessary.
Approved by: mlaier (mentor)
Obtained from: NetBSD
|
| |
|
|
|
|
|
|
|
|
|
|
| |
spanning tree support.
Based on Jason Wright's bridge driver from OpenBSD, and modified by Jason R.
Thorpe in NetBSD.
Reviewed by: mlaier, bms, green
Silence from: -net
Approved by: mlaier (mentor)
Obtained from: NetBSD
|
| |
|
|
| |
Reviewed by: bms
|
| |
|
|
| |
instead of a dead location on ftp.isi.edu.
|
| |
|
|
|
|
|
| |
from if_ethersubr.c:1.178. While here adjust formatting, to make code more
readable.
Reported by: Alexey Kamyshev, rwatson
|
| |
|
|
|
|
|
|
|
| |
so if_tap doesn't need to rely on locally-rolled code to do same.
The observable symptom of if_tap's bzero'ing the address details
was a crash in "ifconfig tap0" after an if_tap device was closed.
Reported By: Matti Saarinen (mjsaarin at cc dot helsinki dot fi)
|
| |
|
|
|
|
| |
PR: kern/81128
Submitted by: Joost Bekkers
MFC-after: 2 weeks
|
| |
|
|
|
|
|
|
|
|
| |
1. Copy a NULL-terminated string into a fixed-length buffer, and
2. copyout that buffer to userland,
we really ought to
0. Zero the entire buffer
first.
Security: FreeBSD-SA-05:08.kmem
|
| |
|
|
|
|
|
|
|
|
| |
to the mbuf. Offset cannot exceed MHLEN bytes. This is currently used to
fix Ethernet header alignment problem on alpha and sparc64. Also change all
users of m_uiotombuf to pass proper offset.
Reviewed by: jmg, sam
Tested by: Sten Spans "sten AT blinkenlights DOT nl"
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
| |
debug.bpf_bufsize is now net.bpf.bufsize
debug.bpf_maxbufsize is now net.bpf.maxbufsize
-move function prototypes for bpf_drvinit and bpf_clone up to the
top of the file with the others
-assert bpfd lock in catchpacket() and bpf_wakeup()
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
| |
on parent.
- Remove route.h include.
- Fix comment about MII.
Sponsored by: Rambler
Reviewed by: yar
|
| |
|
|
|
|
|
|
|
|
| |
a taskqueue(9) task. This fixes LORs and adds possibility
to serve such events pseudorecursively, when link state
change of interface causes subsequent change on other
interfaces.
Sponsored by: Rambler
Reviewed by: sam, brooks, mux
|
| |
|
|
|
|
| |
accidental disclosure of kernel memory to userland.
Security: FreeBSD-SA-05:04.ifconf
|
| | |
|
| |
|
|
|
|
|
| |
acces to tap(4) device nodes based on file system permission.
Duplicate the 'debug.if_tap_debug' sysctl under the
'net.link.tap' hierarchy.
|
| |
|
|
|
| |
closes the race where the cdev was reclaimed before it ever made it
back to devfs lookup.
|
| |
|
|
|
|
|
| |
td->td_sel will get trashed and crash the system. Fix BPF's mistake
in this area.
MFC after: 1 day
|
| |
|
|
|
|
|
|
| |
or RTM_DELETE; add an assertion, may want to do something more
heavyhanded in the future
Noticed by: Coverity Prevent analysis tool
Reviewed by: mdodd
|
| |
|
|
|
|
|
|
|
|
| |
results in connectivty to MacOSX hosts via fwip.
Thanks to Apple's Arulchandran Paramasivam <arulchandranp@apple.com> for
letting us know what we were doing wrong.
Reviewed by: dfr
MFC After: 7 days
|
| |
|
|
| |
- Default returns an error.
|
| | |
|
| |
|
|
|
|
| |
suppress logging of interface link state changes.
Requested by: sam, kan
|
| |
|
|
|
|
|
|
|
|
| |
them all, otherwise the driver will be useless and will only confuse user
as manual page says nothing about the need to enable one of those frame
types explicitly in the kernel config.
PR: kern/47152
Submitted by: Andriy Gapon <avg@icyb.net.ua>
MFC after: 3 days
|
| |
|
|
| |
MFC after: 3 days
|
| |
|
|
|
|
|
| |
was causing kqueue not to see the correct state and not wake up a process
that is waiting...
Submitted by: nCircle Network Security, Inc.
|
| | |
|
