| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
| |
floating point constant to int64_t. This avoids the runtime
conversion of the the other operand in a set of comparisons from
int64_t to floating point and doing the comparisions in floating
point.
Suggested by: lidl
Submitted by: Rasool Al-Saadi <ralsaadi@swin.edu.au>
MFC after: 2 weeks (with r300779)
|
| |
|
|
| |
MFC after: 2 weeks (with r300779)
|
| |
|
|
|
|
|
|
| |
its expression to work on powerpc and sparc64 (gcc compatibility).
Correct a typo in a nearby comment.
MFC after: 2 weeks (with r300779)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Centre for Advanced Internet Architectures
Implementing AQM in FreeBSD
* Overview <http://caia.swin.edu.au/freebsd/aqm/index.html>
* Articles, Papers and Presentations
<http://caia.swin.edu.au/freebsd/aqm/papers.html>
* Patches and Tools <http://caia.swin.edu.au/freebsd/aqm/downloads.html>
Overview
Recent years have seen a resurgence of interest in better managing
the depth of bottleneck queues in routers, switches and other places
that get congested. Solutions include transport protocol enhancements
at the end-hosts (such as delay-based or hybrid congestion control
schemes) and active queue management (AQM) schemes applied within
bottleneck queues.
The notion of AQM has been around since at least the late 1990s
(e.g. RFC 2309). In recent years the proliferation of oversized
buffers in all sorts of network devices (aka bufferbloat) has
stimulated keen community interest in four new AQM schemes -- CoDel,
FQ-CoDel, PIE and FQ-PIE.
The IETF AQM working group is looking to document these schemes,
and independent implementations are a corner-stone of the IETF's
process for confirming the clarity of publicly available protocol
descriptions. While significant development work on all three schemes
has occured in the Linux kernel, there is very little in FreeBSD.
Project Goals
This project began in late 2015, and aims to design and implement
functionally-correct versions of CoDel, FQ-CoDel, PIE and FQ_PIE
in FreeBSD (with code BSD-licensed as much as practical). We have
chosen to do this as extensions to FreeBSD's ipfw/dummynet firewall
and traffic shaper. Implementation of these AQM schemes in FreeBSD
will:
* Demonstrate whether the publicly available documentation is
sufficient to enable independent, functionally equivalent implementations
* Provide a broader suite of AQM options for sections the networking
community that rely on FreeBSD platforms
Program Members:
* Rasool Al Saadi (developer)
* Grenville Armitage (project lead)
Acknowledgements:
This project has been made possible in part by a gift from the
Comcast Innovation Fund.
Submitted by: Rasool Al-Saadi <ralsaadi@swin.edu.au>
X-No objection: core
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D6388
|
| |
|
|
|
|
|
|
| |
In the default case fix the substitution of the destination address.
PR: 201519
Submitted by: Max <maximos@als.nnov.ru>
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
Fix ICMP source address rewriting in rdr scenarios.
PR: 201519
Submitted by: Max <maximos@als.nnov.ru>
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
We were inconsistent about the use of time_second vs. time_uptime.
Always use time_uptime so the value can be meaningfully compared.
Submitted by: "Max" <maximos@als.nnov.ru>
MFC after: 4 days
|
| |
|
|
|
| |
When we are creating new dynamic state use MATCH_FORWARD direction to
correctly initialize protocol's state.
|
| |
|
|
|
|
|
|
|
| |
into dyn_update_proto_state(). This allows eliminate the second state
lookup in the ipfw_install_state().
Also remove MATCH_* macros, they are defined in ip_fw_private.h as enum.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
objects with the same name in different sets.
Add optional manage_sets() callback to objects rewriting framework.
It is intended to implement handler for moving and swapping named
object's sets. Add ipfw_obj_manage_sets() function that implements
generic sets handler. Use new callback to implement sets support for
lookup tables.
External actions objects are global and they don't support sets.
Modify eaction_findbyname() to reflect this.
ipfw(8) now may fail to move rules or sets, because some named objects
in target set may have conflicting names.
Note that ipfw_obj_ntlv type was changed, but since lookup tables
actually didn't support sets, this change is harmless.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
|
| |
|
|
|
|
|
|
| |
Use free_rule() instead of free(), it will also release memory allocated
for rule counters.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
|
| |
|
|
|
|
|
| |
error code. Use it to interrupt the loop in ipfw_objhash_foreach().
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
|
| |
|
|
|
|
|
|
| |
global. Use it in ip_fw_table.c instead of find_name_tlv() to reduce
duplicated code.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
|
| |
|
|
| |
No functional change.
|
| |
|
|
|
|
|
| |
defined. Remove eaction_create_compat() and use designated initializers to
initialize eaction_opcodes structure.
Obtained from: Yandex LLC
|
| |
|
|
|
|
|
|
| |
These are mostly cosmetical, no functional change.
Found with devel/coccinelle.
Reviewed by: ae
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It allows implementing loadable kernel modules with new actions and
without needing to modify kernel headers and ipfw(8). The module
registers its action handler and keyword string, that will be used
as action name. Using generic syntax user can add rules with this
action. Also ipfw(8) can be easily modified to extend basic syntax
for external actions, that become a part base system.
Sample modules will coming soon.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
|
| |
|
|
|
|
|
| |
It should match with the type field in struct ipfw_obj_tlv.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the same opcode.
o Reduce number of times classifier callback is called. It is
redundant to call it just after find_op_rw(), since the last
does call it already and can have all results.
o Do immediately opcode rewrite in the ref_opcode_object().
This eliminates additional classifier lookup later on bulk update.
For unresolved opcodes the behavior still the same, we save information
from classifier callback in the obj_idx array, then perform automatic
objects creation, then perform rewriting for opcodes using indeces
from created objects.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
|
| |
|
|
|
|
| |
ip_fw_table.c into ip_fw_sockopt.c and make them static.
Obtained from: Yandex LLC
|
| |
|
|
| |
Found with devel/coccinelle.
|
| |
|
|
|
|
|
|
|
|
| |
When we guess the nature of the outbound packet (output vs. forwarding) we need
to take bridges into account. When bridging the input interface does not match
the output interface, but we're not forwarding. Similarly, it's possible for the
interface to actually be the bridge interface itself (and not a member interface).
PR: 202351
MFC after: 2 weeks
|
| |
|
|
|
| |
Obtained from: Yandex LLC
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
| |
taskqueue_enqueue() was changed to support both fast and non-fast
taskqueues 10 years ago in r154167. It has been a compat shim ever
since. It's time for the compat shim to go.
Submitted by: Howard Su <howard0su@gmail.com>
Reviewed by: sephe
Differential Revision: https://reviews.freebsd.org/D5131
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the DIOCRSETADDRS ioctl() handler we allocate a table for struct pfr_addrs,
which is processed in pfr_set_addrs(). At the users request we also provide
feedback on the deleted addresses, by storing them after the new list
('bcopy(&ad, addr + size + i, sizeof(ad));' in pfr_set_addrs()).
This means we write outside the bounds of the buffer we've just allocated.
We need to look at pfrio_size2 instead (i.e. the size the user reserved for our
feedback). That'd allow a malicious user to specify a smaller pfrio_size2 than
pfrio_size though, in which case we'd still read outside of the allocated
buffer. Instead we allocate the largest of the two values.
Reported By: Paul J Murphy <paul@inetstat.net>
PR: 207463
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D5426
|
| |
|
|
|
|
|
| |
Due to integer overflow CS4 token was handled as BE.
PR: 207459
MFC after: 1 week
|
| |
|
|
|
|
|
| |
local copy proto that we very carefully set beforehands. skw being NULL is
perfectly valid there.
Obtained from: OpenBSD (henning)
|
| |
|
|
| |
Found by: PVS-Studio
|
| |
|
|
| |
via sys/mbuf.h
|
| |
|
|
| |
for dummynet schedulers
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
is followed by another structure (rr_schk) whose size must be set
in the schk_datalen field of the descriptor.
Not allocating the memory may cause other memory to be overwritten
(though dn_schk is 192 bytes and rr_schk only 12 so we may be lucky
and end up in the padding after the dn_schk).
This is a merge candidate for stable and 10.3
MFC after: 3 days
|
| | |
|
| | |
|
| |
|
|
| |
Add checks for parameters overflowing 32 bit.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
in computing a shift index. The error was due to the use of mixed
fls() / __fls() functions in another implementation of qfq.
To avoid that the problem occurs again, properly document which
incarnation of the function we need.
Note that the bug only affects QFQ in FreeBSD head from last july, as
the patch was not merged to other versions.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are number of radix consumers in kernel land (pf,ipfw,nfs,route)
with different requirements. In fact, first 3 don't have _any_ requirements
and first 2 does not use radix locking. On the other hand, routing
structure do have these requirements (rnh_gen, multipath, custom
to-be-added control plane functions, different locking).
Additionally, radix should not known anything about its consumers internals.
So, radix code now uses tiny 'struct radix_head' structure along with
internal 'struct radix_mask_head' instead of 'struct radix_node_head'.
Existing consumers still uses the same 'struct radix_node_head' with
slight modifications: they need to pass pointer to (embedded)
'struct radix_head' to all radix callbacks.
Routing code now uses new 'struct rib_head' with different locking macro:
RADIX_NODE_HEAD prefix was renamed to RIB_ (which stands for routing
information base).
New net/route_var.h header was added to hold routing subsystem internal
data. 'struct rib_head' was placed there. 'struct rtentry' will also
be moved there soon.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
if more than 64 distinct values had been used.
Table value code uses internal objhash API which requires unique key
for each object. For value code, pointer to the actual value data
is used. The actual problem arises from the fact that 'actual' e.g.
runtime data is stored in array and that array is auto-growing. There is
special hook (update_tvalue() function) which is used to update the pointers
after the change. For some reason, object 'key' was not updated.
Fix this by adding update code to the update_tvalue().
Sponsored by: Yandex LLC
|
| | |
|
| |
|
|
|
|
| |
compiled into the kernel. Ideally lots more code would just not
be called (or compiled in) in that case but that requires a lot
more surgery. For now try to make IP-less kernels compile again.
|
| | |
|
| | |
|
| |
|
|
| |
Reviewed by: ae
|
| |
|
|
| |
Differential Revision: https://reviews.freebsd.org/D4763
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
panics when unloading the dummynet and IPFW modules:
- The callout drain function can sleep and should not be called having
a non-sleepable lock locked. Remove locks around "ipfw_dyn_uninit(0)".
- Add a new "dn_gone" variable to prevent asynchronous restart of
dummynet callouts when unloading the dummynet kernel module.
- Call "dn_reschedule()" locked so that "dn_gone" can be set and
checked atomically with regard to starting a new callout.
Reviewed by: hiren
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D3855
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Vast majority of rtalloc(9) users require only basic info from
route table (e.g. "does the rtentry interface match with the interface
I have?". "what is the MTU?", "Give me the IPv4 source address to use",
etc..).
Instead of hand-rolling lookups, checking if rtentry is up, valid,
dealing with IPv6 mtu, finding "address" ifp (almost never done right),
provide easy-to-use API hiding all the complexity and returning the
needed info into small on-stack structure.
This change also helps hiding route subsystem internals (locking, direct
rtentry accesses).
Additionaly, using this API improves lookup performance since rtentry is not
locked.
(This is safe, since all the rtentry changes happens under both radix WLOCK
and rtentry WLOCK).
Sponsored by: Yandex LLC
|
| |
|
|
|
|
|
|
| |
It is called when last reference to named object is going to be released
and allows to do additional cleanup for implementation of named objects.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
|
