summaryrefslogtreecommitdiffstats
path: root/sys/netgraph
Commit message (Collapse)AuthorAgeFilesLines
* Clear pending ifnet events, in an attempt at preventingzec2011-07-161-0/+2
| | | | | | | ng_ether_link_state() from being dispatched after we have cleared our IFP2NG(ifp). MFC after: 3 days
* In ng_attach_cntl() first allocate things that may fail, and thenglebius2011-07-141-16/+15
| | | | | | | do the rest of initialization. This simplifies code and fixes a double free in failure scenario. Reviewed by: bz
* Add missing unlocks.glebius2011-07-061-0/+2
|
* o Eliminate flow6_hash_entry in favor of flow_hash_entry. We don't needglebius2011-07-053-107/+152
| | | | | | | | | | a separate struct to start a slist of semi-opaque structs. This makes some code more compact. o Rewrite ng_netflow_flow_show() and its API/ABI: - Support for IPv6 is added. - Request and response now use same struct. Structure specifies version (6 or 4), index of last retrieved hash, and also index of last retrieved entry in the hash entry.
* Fix build with NETGRAPH_DEBUG.glebius2011-07-041-1/+1
|
* Fix build with NETGRAPH_DEBUG.glebius2011-07-041-2/+2
|
* - Use refcount(9) API to manage node and hook refcounting.glebius2011-07-042-18/+10
| | | | | | | | - Make ng_unref_node() void, since caller shouldn't be interested in whether node is valid after call or not, since it can't be guaranteed to be valid. [1] Ok from: julian [1]
* Tag mbufs of all incoming frames or packets with the interface's FIBbz2011-07-031-0/+1
| | | | | | | | | setting (either default or if supported as set by SIOCSIFFIB, e.g. from ifconfig). Submitted by: Alexander V. Chernikov (melifaro ipfw.ru) Reviewed by: julian MFC after: 2 weeks
* Fix double free.glebius2011-07-011-1/+0
| | | | Submitted by: Alexander V. Chernikov <melifaro ipfw.ru>
* - Move all USB device ID arrays into so-called sections,hselasky2011-06-242-3/+3
| | | | | | | | | | | | sorted according to the mode which they support: host, device or dual mode - Add generic tool to extract these data: tools/bus_autoconf Discussed with: imp Suggested by: Robert Millan <rmh@debian.org> PR: misc/157903 MFC after: 14 days
* Be consistent with r160968: keep autoSrcAddr flag untouched whenglebius2011-06-231-1/+0
| | | | | | node receives NGM_SHUTDOWN. Submitted by: pluknet
* Sync ng_nat with recent (r222806) ipfw_nat changes:ae2011-06-071-3/+17
| | | | | | | | | | | | Make a behaviour of the libalias based in-kernel NAT a bit closer to how natd(8) does work. natd(8) drops packets only when libalias returns PKT_ALIAS_IGNORED and "deny_incoming" option is set, but ipfw_nat always did drop packets that were not aliased, even if they should not be aliased and just are going through. Also add SCTP support: mark response packets to skip firewall processing. MFC after: 1 month
* Assume the link to be dead if bit error rate (BER) parameter is set to 1.zec2011-05-241-1/+30
| | | | | | | | | | | When a transition from link alive to link dead configuration or vice versa occurs, notify any upstream and / or downstream peers using NGM_FLOW messagges. Link state notification using NGM_FLOW messages is modelled around around already existing code in ng_ether.c. MFC after: 3 days
* Provide fake link status information in an attempt to let ng_eiface(4)zec2011-05-241-1/+70
| | | | | | | | | | | | virtual ifnets more realistically mimic physical ethernet interfaces. The main motivation behind this change is to allow for ng_eiface(4) interfaces to participate in STP if_bridge(4) configurations. When announcing link status changes, switch to the vnet to which the ifnet belongs, since it is possible for ng_eiface ifnets to be assigned to a vnet different from the one in which its netgraph node resides. MFC after: 3 days
* usb: fix a missed use of use_generic in r222051avg2011-05-181-4/+5
| | | | | | | Submitted by: gcooper Pointyhat to: avg MFC after: 1 month X-MFC with: r222051
* LibAliasInit() should allocate memory with M_WAITOK flag. Modify itglebius2011-04-181-4/+0
| | | | and its callers.
* Finish last change.glebius2011-04-181-1/+0
| | | | Pointy hat to: glebius
* Further cleanup of node creation path from M_NOWAIT usage.glebius2011-04-181-11/+3
|
* ng_netflow_cache_init() can be void.glebius2011-04-183-7/+4
|
* Node constructor methods are supposed to be called in syscallglebius2011-04-1840-144/+43
| | | | | | | context always. Convert nodes to consistently use M_WAITOK flag for memory allocation. Reviewed by: julian
* Use M_WAITOK flag instead M_WAIT for malloc.ae2011-04-181-5/+6
| | | | | Suggested by: glebius MFC after: 1 week
* Fix error where error variable was assigned result of comparison,glebius2011-04-171-1/+1
| | | | | | | instead of function return value. Submitted by: Przemyslaw Frasunek <przemyslaw frasunek.com> MFC after: 4 days
* Properly unref ng_hub nodes on shutdown, so that we don't leak them.zec2011-04-071-0/+2
| | | | MFC after: 3 days
* Improve locking of creating and dropping links in the graph, acquiringglebius2011-03-211-51/+46
| | | | | | | | | | | | | the topology mutex in the following functions, that manipulate pointers to peer nodes: - ng_bypass() - ng_path2noderef() when switching to the next node in sequence. Rewrite the function a bit. - ng_address_hook() - ng_address_path() This patch improves stability of large mpd5 installations.
* Remove spl(9) remnants.glebius2011-03-191-3/+1
|
* Unbreak the build for no options INET6.bz2011-03-032-0/+8
| | | | | PR: kern/155227 Submitted by: Dmitry Afanasiev (KOT MATPOCKuH.Ru)
* Add support for NetFlow version 9 into ng_netflow(4) node.glebius2011-03-026-132/+1739
| | | | Submitted by: Alexander V. Chernikov <melifaro ipfw.ru>
* Add XMIT_FAILOVER transmit algorithm to ng_one2many node. Packets areae2011-03-012-0/+6
| | | | | | | | delivered out the first active "many" hook. PR: kern/137775 Submitted by: Maxim Ignatenko MFC after: 2 weeks
* Fix typos - remove duplicate "the".brucec2011-02-212-2/+2
| | | | | | PR: bin/154928 Submitted by: Eitan Adler <lists at eitanadler.com> MFC after: 3 days
* Mfp4 CH=177274,177280,177284-177285,177297,177324-177325bz2011-02-163-3/+21
| | | | | | | | | | | | | | | | | | | | | | VNET socket push back: try to minimize the number of places where we have to switch vnets and narrow down the time we stay switched. Add assertions to the socket code to catch possibly unset vnets as seen in r204147. While this reduces the number of vnet recursion in some places like NFS, POSIX local sockets and some netgraph, .. recursions are impossible to fix. The current expectations are documented at the beginning of uipc_socket.c along with the other information there. Sponsored by: The FreeBSD Foundation Sponsored by: CK Software GmbH Reviewed by: jhb Tested by: zec Tested by: Mikolaj Golub (to.my.trociny gmail.com) MFC after: 2 weeks
* sysctl(9) cleanup checkpoint: amd64 GENERIC builds cleanly.mdf2011-01-127-23/+23
| | | | Commit the netgraph piece.
* Remove unneeded includes of <sys/linker_set.h>. Other headers that usejhb2011-01-112-2/+0
| | | | | | it internally contain nested includes. Reviewed by: bde
* Simplify ng_pipe locking model by relying on the netgraph frameworkzec2010-11-241-147/+85
| | | | | | | | | | | | | | | | | to provide serialization of calls into the node, which is accomplished by markng the node as single-threaded (NGF_FORCE_WRITER). The price we pay is that each ng_pipe instance now has its own callout handler which polls for queued frames on each clock tick, as long as the pipe has any frames in its internal queues. OTOH, we got rid of the global ng_pipe mutex, so from now on multiple ng_pipe instances can operate in parallel. This change also fixes counting of forwarded frames when an ng_pipe node is not enforcing any packet impairments. While here, attempt to improve adherance to style(9) throughout otherwise mostly unreadable code. MFC after: 3 days
* After some off-list discussion, revert a number of changes to thedim2010-11-223-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | DPCPU_DEFINE and VNET_DEFINE macros, as these cause problems for various people working on the affected files. A better long-term solution is still being considered. This reversal may give some modules empty set_pcpu or set_vnet sections, but these are harmless. Changes reverted: ------------------------------------------------------------------------ r215318 | dim | 2010-11-14 21:40:55 +0100 (Sun, 14 Nov 2010) | 4 lines Instead of unconditionally emitting .globl's for the __start_set_xxx and __stop_set_xxx symbols, only emit them when the set_vnet or set_pcpu sections are actually defined. ------------------------------------------------------------------------ r215317 | dim | 2010-11-14 21:38:11 +0100 (Sun, 14 Nov 2010) | 3 lines Apply the STATIC_VNET_DEFINE and STATIC_DPCPU_DEFINE macros throughout the tree. ------------------------------------------------------------------------ r215316 | dim | 2010-11-14 21:23:02 +0100 (Sun, 14 Nov 2010) | 2 lines Add macros to define static instances of VNET_DEFINE and DPCPU_DEFINE.
* Allow for MTU sizes of up to ETHER_MAX_LEN_JUMBO (i.e. 9018) bytes to bezec2010-11-222-1/+3
| | | | | | | | | | configured on ng_eiface ifnets. The default MTU remains unchanged at 1500 bytes. Mark ng_eiface ifnets as IFCAP_VLAN_MTU capable, so that the associated vlan(4) ifnets may use full-sized Ethernet MTUs (1500 bytes). MFC after: 3 days
* Apply the STATIC_VNET_DEFINE and STATIC_DPCPU_DEFINE macros throughoutdim2010-11-143-5/+5
| | | | the tree.
* When calling panic(), always pass a format string.rpaulo2010-10-138-12/+12
|
* Fix typoemax2010-08-021-1/+1
| | | | | PR: kern/140590 MFC after: 3 days
* Fix operation of "netgraph" action in conjunction with theglebius2010-07-271-1/+2
| | | | | | | | | net.inet.ip.fw.one_pass sysctl. The "ngtee" action is still broken. PR: kern/148885 Submitted by: Nickolay Dudorov <nnd mail.nsk.ru>
* Zero padding fields of netflow records. This helps to reduceglebius2010-07-261-0/+3
| | | | | | size of compressed export logs. Requested by: Alexey Illarionov <littlesavage orionet.ru>
* Remove defunct email address from header as well.emaste2010-07-061-1/+1
|
* Remove email address that no longer exists.emaste2010-07-061-1/+1
|
* Fix a double-free bug which can occur if both bit error rate and packetzec2010-07-061-2/+3
| | | | | | | duplication probability are configured on a ng_pipe node. Submitted by: Jeffrey Ahrenholtz MFC after: 3 days
* Avoid double-free. In error cases ipfw(4) frees the mbuf(4), we don'tglebius2010-07-061-4/+1
| | | | | | need to. PR: kern/145462
* The struct ipfw_rule_ref follows the struct m_tag. Deal with thisglebius2010-07-011-4/+5
| | | | | | correctly. This fixes breakage of ng_ipfw(4) in r201527. Submitted by: Alexander Zagrebin <alexz visp.ru>
* * Include sys/systm.h for KASSERT()ae2010-06-151-6/+3
| | | | | | | | * Remove unneeded includes and comment * Replace home made OFFSETOF() macro with standard offsetof() Pointed out by: bde Approved by: kib (mentor)
* Style(9) fixes:ae2010-06-102-38/+50
| | | | | | | | | | | * Sort includes * Replace #define<SPACE> to #define<TAB> * Split declarations and initializations * Split long lines Requested by: kib Approved by: kib (mentor) MFC after: 1 month
* New netgraph node ng_patch(4). It performs data modification of packetsae2010-06-092-0/+673
| | | | | | | | | | | | | | | | passing through. Modifications are restricted to a subset of C language operations on unsigned integers of 8, 16, 32 or 64 bit size. These are: set to new value (=), addition (+=), subtraction (-=), multiplication (*=), division (/=), negation (= -), bitwise AND (&=), bitwise OR (|=), bitwise eXclusive OR (^=), shift left (<<=), shift right (>>=). Several operations are all applied to a packet sequentially in order they were specified by user. Submitted by: Maxim Ignatenko <gelraen.ua at gmail.com> Vadim Goncharov <vadimnuclight at tpu.ru> Discussed with: net@ Approved by: mav (mentor) MFC after: 1 month
* Remove some dead and incorrect code.mav2010-06-051-1/+1
| | | | | Found with: Coverity Prevent(tm) CID: 4562
* Fix a race between ngs_rcvmsg() and soclose() which closes the controlattilio2010-05-191-6/+26
| | | | | | | | | | | | | socket while it is still in use. priv->ctlsock is checked at the top of the function but without any lock held, which means the control socket state may certainly change. Add a similar protection to ngs_shutdown() even if a race is unlikely to be experienced there. Sponsored by: Sandvine Incorporated Obtained from: Nima Misaghian @ Sandvine Incorporated <nmisaghian at sandvine dot com> MFC after: 10 days
OpenPOWER on IntegriCloud