summaryrefslogtreecommitdiffstats
path: root/sys/netgraph
Commit message (Collapse)AuthorAgeFilesLines
* In r191367 the need for if_free_type() was removed and a new memberbrooks2011-11-111-1/+1
| | | | | | | | if_alloctype was used to store the origional interface type. Take advantage of this change by removing all existing uses of if_free_type() in favor of if_free(). MFC after: 1 Month
* Mark all SYSCTL_NODEs static that have no corresponding SYSCTL_DECLs.ed2011-11-077-8/+9
| | | | | | The SYSCTL_NODE macro defines a list that stores all child-elements of that node. If there's no SYSCTL_DECL macro anywhere else, there's no reason why it shouldn't be static.
* Mark MALLOC_DEFINEs static that have no corresponding MALLOC_DECLAREs.ed2011-11-0726-32/+38
| | | | This means that their use is restricted to a single C file.
* - Fix potential double mbuf free: M_PREPEND may free mbuf chain and returnfjoe2011-11-061-1/+3
| | | | | | NULL but item will still have the reference ot the mbuf chain and will free it upon destruction. - Fix memory leak (unfree'd item on error path).
* Fix potential double mbuf free: M_PREPEND may free mbuf chain and returnfjoe2011-11-061-1/+2
| | | | | NULL but item will still have the reference ot the mbuf chain and will free it upon destruction.
* Constify "address" argument of ng_address_path().fjoe2011-11-062-2/+2
|
* - If KDB & NETGRAPH_DEBUG are on, print traces on discovered failedglebius2011-10-272-2/+9
| | | | | invariants. - Reduce tautology in NETGRAPH_DEBUG output.
* Free mbuf in case when protocol in unknown in ng_ipfw_rcvdata().melifaro2011-10-101-9/+7
| | | | | | | | This change fixes (theoretically) possible mbuf leak introduced in r225586. Reorder code a bit and change return codes to be more specific Reviewed by: glebius Approved by: kib (mentor)
* Add IPv6 support to the ng_ipfw(4) [1]. Also add ifdefs to be ableae2011-09-151-12/+42
| | | | | | | | | build it with and without INET/INET6 support. Submitted by: Alexander V. Chernikov <melifaro at yandex-team.ru> [1] Tested by: Alexander V. Chernikov <melifaro at yandex-team.ru> [1] Approved by: re (bz) MFC after: 2 weeks
* Second-to-last commit implementing Capsicum capabilities in the FreeBSDrwatson2011-08-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | kernel for FreeBSD 9.0: Add a new capability mask argument to fget(9) and friends, allowing system call code to declare what capabilities are required when an integer file descriptor is converted into an in-kernel struct file *. With options CAPABILITIES compiled into the kernel, this enforces capability protection; without, this change is effectively a no-op. Some cases require special handling, such as mmap(2), which must preserve information about the maximum rights at the time of mapping in the memory map so that they can later be enforced in mprotect(2) -- this is done by narrowing the rights in the existing max_protection field used for similar purposes with file permissions. In namei(9), we assert that the code is not reached from within capability mode, as we're not yet ready to enforce namespace capabilities there. This will follow in a later commit. Update two capability names: CAP_EVENT and CAP_KEVENT become CAP_POST_KEVENT and CAP_POLL_KEVENT to more accurately indicate what they represent. Approved by: re (bz) Submitted by: jonathan Sponsored by: Google Inc
* remove RESTARTABLE_PANICS optionavg2011-07-253-18/+0
| | | | | | | | | | | | | | | | This is done per request/suggestion from John Baldwin who introduced the option. Trying to resume normal system operation after a panic is very unpredictable and dangerous. It will become even more dangerous when we allow a thread in panic(9) to penetrate all lock contexts. I understand that the only purpose of this option was for testing scenarios potentially resulting in panic. Suggested by: jhb Reviewed by: attilio, jhb X-MFC-After: never Approved by: re (kib)
* Clear pending ifnet events, in an attempt at preventingzec2011-07-161-0/+2
| | | | | | | ng_ether_link_state() from being dispatched after we have cleared our IFP2NG(ifp). MFC after: 3 days
* In ng_attach_cntl() first allocate things that may fail, and thenglebius2011-07-141-16/+15
| | | | | | | do the rest of initialization. This simplifies code and fixes a double free in failure scenario. Reviewed by: bz
* Add missing unlocks.glebius2011-07-061-0/+2
|
* o Eliminate flow6_hash_entry in favor of flow_hash_entry. We don't needglebius2011-07-053-107/+152
| | | | | | | | | | a separate struct to start a slist of semi-opaque structs. This makes some code more compact. o Rewrite ng_netflow_flow_show() and its API/ABI: - Support for IPv6 is added. - Request and response now use same struct. Structure specifies version (6 or 4), index of last retrieved hash, and also index of last retrieved entry in the hash entry.
* Fix build with NETGRAPH_DEBUG.glebius2011-07-041-1/+1
|
* Fix build with NETGRAPH_DEBUG.glebius2011-07-041-2/+2
|
* - Use refcount(9) API to manage node and hook refcounting.glebius2011-07-042-18/+10
| | | | | | | | - Make ng_unref_node() void, since caller shouldn't be interested in whether node is valid after call or not, since it can't be guaranteed to be valid. [1] Ok from: julian [1]
* Tag mbufs of all incoming frames or packets with the interface's FIBbz2011-07-031-0/+1
| | | | | | | | | setting (either default or if supported as set by SIOCSIFFIB, e.g. from ifconfig). Submitted by: Alexander V. Chernikov (melifaro ipfw.ru) Reviewed by: julian MFC after: 2 weeks
* Fix double free.glebius2011-07-011-1/+0
| | | | Submitted by: Alexander V. Chernikov <melifaro ipfw.ru>
* - Move all USB device ID arrays into so-called sections,hselasky2011-06-242-3/+3
| | | | | | | | | | | | sorted according to the mode which they support: host, device or dual mode - Add generic tool to extract these data: tools/bus_autoconf Discussed with: imp Suggested by: Robert Millan <rmh@debian.org> PR: misc/157903 MFC after: 14 days
* Be consistent with r160968: keep autoSrcAddr flag untouched whenglebius2011-06-231-1/+0
| | | | | | node receives NGM_SHUTDOWN. Submitted by: pluknet
* Sync ng_nat with recent (r222806) ipfw_nat changes:ae2011-06-071-3/+17
| | | | | | | | | | | | Make a behaviour of the libalias based in-kernel NAT a bit closer to how natd(8) does work. natd(8) drops packets only when libalias returns PKT_ALIAS_IGNORED and "deny_incoming" option is set, but ipfw_nat always did drop packets that were not aliased, even if they should not be aliased and just are going through. Also add SCTP support: mark response packets to skip firewall processing. MFC after: 1 month
* Assume the link to be dead if bit error rate (BER) parameter is set to 1.zec2011-05-241-1/+30
| | | | | | | | | | | When a transition from link alive to link dead configuration or vice versa occurs, notify any upstream and / or downstream peers using NGM_FLOW messagges. Link state notification using NGM_FLOW messages is modelled around around already existing code in ng_ether.c. MFC after: 3 days
* Provide fake link status information in an attempt to let ng_eiface(4)zec2011-05-241-1/+70
| | | | | | | | | | | | virtual ifnets more realistically mimic physical ethernet interfaces. The main motivation behind this change is to allow for ng_eiface(4) interfaces to participate in STP if_bridge(4) configurations. When announcing link status changes, switch to the vnet to which the ifnet belongs, since it is possible for ng_eiface ifnets to be assigned to a vnet different from the one in which its netgraph node resides. MFC after: 3 days
* usb: fix a missed use of use_generic in r222051avg2011-05-181-4/+5
| | | | | | | Submitted by: gcooper Pointyhat to: avg MFC after: 1 month X-MFC with: r222051
* LibAliasInit() should allocate memory with M_WAITOK flag. Modify itglebius2011-04-181-4/+0
| | | | and its callers.
* Finish last change.glebius2011-04-181-1/+0
| | | | Pointy hat to: glebius
* Further cleanup of node creation path from M_NOWAIT usage.glebius2011-04-181-11/+3
|
* ng_netflow_cache_init() can be void.glebius2011-04-183-7/+4
|
* Node constructor methods are supposed to be called in syscallglebius2011-04-1840-144/+43
| | | | | | | context always. Convert nodes to consistently use M_WAITOK flag for memory allocation. Reviewed by: julian
* Use M_WAITOK flag instead M_WAIT for malloc.ae2011-04-181-5/+6
| | | | | Suggested by: glebius MFC after: 1 week
* Fix error where error variable was assigned result of comparison,glebius2011-04-171-1/+1
| | | | | | | instead of function return value. Submitted by: Przemyslaw Frasunek <przemyslaw frasunek.com> MFC after: 4 days
* Properly unref ng_hub nodes on shutdown, so that we don't leak them.zec2011-04-071-0/+2
| | | | MFC after: 3 days
* Improve locking of creating and dropping links in the graph, acquiringglebius2011-03-211-51/+46
| | | | | | | | | | | | | the topology mutex in the following functions, that manipulate pointers to peer nodes: - ng_bypass() - ng_path2noderef() when switching to the next node in sequence. Rewrite the function a bit. - ng_address_hook() - ng_address_path() This patch improves stability of large mpd5 installations.
* Remove spl(9) remnants.glebius2011-03-191-3/+1
|
* Unbreak the build for no options INET6.bz2011-03-032-0/+8
| | | | | PR: kern/155227 Submitted by: Dmitry Afanasiev (KOT MATPOCKuH.Ru)
* Add support for NetFlow version 9 into ng_netflow(4) node.glebius2011-03-026-132/+1739
| | | | Submitted by: Alexander V. Chernikov <melifaro ipfw.ru>
* Add XMIT_FAILOVER transmit algorithm to ng_one2many node. Packets areae2011-03-012-0/+6
| | | | | | | | delivered out the first active "many" hook. PR: kern/137775 Submitted by: Maxim Ignatenko MFC after: 2 weeks
* Fix typos - remove duplicate "the".brucec2011-02-212-2/+2
| | | | | | PR: bin/154928 Submitted by: Eitan Adler <lists at eitanadler.com> MFC after: 3 days
* Mfp4 CH=177274,177280,177284-177285,177297,177324-177325bz2011-02-163-3/+21
| | | | | | | | | | | | | | | | | | | | | | VNET socket push back: try to minimize the number of places where we have to switch vnets and narrow down the time we stay switched. Add assertions to the socket code to catch possibly unset vnets as seen in r204147. While this reduces the number of vnet recursion in some places like NFS, POSIX local sockets and some netgraph, .. recursions are impossible to fix. The current expectations are documented at the beginning of uipc_socket.c along with the other information there. Sponsored by: The FreeBSD Foundation Sponsored by: CK Software GmbH Reviewed by: jhb Tested by: zec Tested by: Mikolaj Golub (to.my.trociny gmail.com) MFC after: 2 weeks
* sysctl(9) cleanup checkpoint: amd64 GENERIC builds cleanly.mdf2011-01-127-23/+23
| | | | Commit the netgraph piece.
* Remove unneeded includes of <sys/linker_set.h>. Other headers that usejhb2011-01-112-2/+0
| | | | | | it internally contain nested includes. Reviewed by: bde
* Simplify ng_pipe locking model by relying on the netgraph frameworkzec2010-11-241-147/+85
| | | | | | | | | | | | | | | | | to provide serialization of calls into the node, which is accomplished by markng the node as single-threaded (NGF_FORCE_WRITER). The price we pay is that each ng_pipe instance now has its own callout handler which polls for queued frames on each clock tick, as long as the pipe has any frames in its internal queues. OTOH, we got rid of the global ng_pipe mutex, so from now on multiple ng_pipe instances can operate in parallel. This change also fixes counting of forwarded frames when an ng_pipe node is not enforcing any packet impairments. While here, attempt to improve adherance to style(9) throughout otherwise mostly unreadable code. MFC after: 3 days
* After some off-list discussion, revert a number of changes to thedim2010-11-223-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | DPCPU_DEFINE and VNET_DEFINE macros, as these cause problems for various people working on the affected files. A better long-term solution is still being considered. This reversal may give some modules empty set_pcpu or set_vnet sections, but these are harmless. Changes reverted: ------------------------------------------------------------------------ r215318 | dim | 2010-11-14 21:40:55 +0100 (Sun, 14 Nov 2010) | 4 lines Instead of unconditionally emitting .globl's for the __start_set_xxx and __stop_set_xxx symbols, only emit them when the set_vnet or set_pcpu sections are actually defined. ------------------------------------------------------------------------ r215317 | dim | 2010-11-14 21:38:11 +0100 (Sun, 14 Nov 2010) | 3 lines Apply the STATIC_VNET_DEFINE and STATIC_DPCPU_DEFINE macros throughout the tree. ------------------------------------------------------------------------ r215316 | dim | 2010-11-14 21:23:02 +0100 (Sun, 14 Nov 2010) | 2 lines Add macros to define static instances of VNET_DEFINE and DPCPU_DEFINE.
* Allow for MTU sizes of up to ETHER_MAX_LEN_JUMBO (i.e. 9018) bytes to bezec2010-11-222-1/+3
| | | | | | | | | | configured on ng_eiface ifnets. The default MTU remains unchanged at 1500 bytes. Mark ng_eiface ifnets as IFCAP_VLAN_MTU capable, so that the associated vlan(4) ifnets may use full-sized Ethernet MTUs (1500 bytes). MFC after: 3 days
* Apply the STATIC_VNET_DEFINE and STATIC_DPCPU_DEFINE macros throughoutdim2010-11-143-5/+5
| | | | the tree.
* When calling panic(), always pass a format string.rpaulo2010-10-138-12/+12
|
* Fix typoemax2010-08-021-1/+1
| | | | | PR: kern/140590 MFC after: 3 days
* Fix operation of "netgraph" action in conjunction with theglebius2010-07-271-1/+2
| | | | | | | | | net.inet.ip.fw.one_pass sysctl. The "ngtee" action is still broken. PR: kern/148885 Submitted by: Nickolay Dudorov <nnd mail.nsk.ru>
OpenPOWER on IntegriCloud