aboutsummaryrefslogtreecommitdiff
path: root/sys/netgraph
Commit message (Collapse)AuthorAgeFilesLines
* Make radix lookup on src and dst flow addresses optionalAlexander V. Chernikov2012-06-183-92/+113
| | | | | | | | | | | | | | | | and configurable on per-interface basis. Remove __inline__ for several functions being called once per flow (e.g once per 10-20 packets on common traffic flows). Update manual page to simplify search for BPF data link types. Sponsored by Yandex LLC Reviewed by: glebius Approved by: ae(mentor) MFC after: 2 weeks Notes: svn path=/head/; revision=237227
* Simplify IP pointer recovery in case of mbuf reallocation.Alexander V. Chernikov2012-06-181-53/+15
| | | | | | | | | Reviewed by: glebius (previous version) Approved by: ae(mentor) MFC after: 2 weeks Notes: svn path=/head/; revision=237226
* Use time_uptime instead of getnanotime for accouting integer number of seconds.Alexander V. Chernikov2012-06-161-6/+4
| | | | | | | | | Reviewed by: glebius Approved by: ae(mentor) MFC after: 1 week Notes: svn path=/head/; revision=237164
* Set netflow v9 observation domain value to fib number instead of node id.Alexander V. Chernikov2012-06-161-1/+1
| | | | | | | | | | | This fixes multi-fib netflow v9 export. Reviewed by: glebius Approved by: kib(mentor) MFC after: 1 week Notes: svn path=/head/; revision=237163
* Fix improper L4 header handling for IPv6 packets passed via DLT_RAW.Alexander V. Chernikov2012-06-161-1/+1
| | | | | | | | | | Reported by: Emil Muratov <gpm@hotplug.ru> Reviewed by: glebius Approved by: ae(mentor) MFC after: 1 week Notes: svn path=/head/; revision=237162
* Revert my local not yet properly tested changes, that leaked inGleb Smirnoff2012-05-251-16/+23
| | | | | | | with r235923. Notes: svn path=/head/; revision=235979
* Revert r220768 for ng_ksocket. This node is special andGleb Smirnoff2012-05-242-24/+19
| | | | | | | | | | when it is cloning, its constructor method may be called in a context that isn't allowed to sleep. Noticed by: Vadim Goncharov Notes: svn path=/head/; revision=235923
* Fix panic in ng_patch(4) caused by checksum flags being added to mbuf flags.Alexander V. Chernikov2012-04-221-1/+1
| | | | | | | | | | Tested by: Maxim Ignatenko <gelraen.ua@gmail.com> Approved by: kib(mentor) MFC after: 3 days Notes: svn path=/head/; revision=234574
* #include <net/vnet.h> is no longer needed here.Marko Zec2012-04-161-1/+0
| | | | | | | | Spotted by: Ed Maste MFC after: 3 days. Notes: svn path=/head/; revision=234341
* Fix compiler warnings, mostly signed issues,Hans Petter Selasky2012-04-021-6/+6
| | | | | | | | | when USB modules are compiled with WARNS=9. MFC after: 1 weeks Notes: svn path=/head/; revision=233774
* Use rt_numfibs variable instead of compile-time RT_NUMFIBS.Alexander V. Chernikov2012-03-133-4/+13
| | | | | | | | Reviewed by: glebius (previous version) Approved by: kib(mentor), ae(mentor) Notes: svn path=/head/; revision=232921
* Upgrade the netgraph vlan node to support 802.1q, encapsulation type,Adrian Chadd2012-03-112-150/+427
| | | | | | | | | | | | | | | | | | | | | | | | | | | PCP and CFI fields. * Ethernet_type for VLAN encapsulation is tunable, default is 0x8100; * PCP (Priority code point) and CFI (canonical format indicator) is tunable per VID; * Tunable encapsulation to support 802.1q * Encapsulation/Decapsulation code improvements New messages have been added for this netgraph node to support the new features. However, the legacy "vlan" id is still supported and compiled in by default. It can be disabled in a future release. TODO: * Documentation * Examples PR: kern/161908 Submitted by: Ivan <rozhuk.im@gmail.com> Notes: svn path=/head/; revision=232825
* Revert r231829, that was my braino.Gleb Smirnoff2012-02-221-2/+2
| | | | Notes: svn path=/head/; revision=231997
* Refactor the name hash and the ID hash, that are used to address nodes:Gleb Smirnoff2012-02-162-71/+178
| | | | | | | | | | | | | | | | | | | | | - Make hash sizes growable, to satisfy users running large mpd installations, having thousands of nodes. - NG_NAMEHASH() proved to give a very bad distribution in real life name sets, while generic hash32_str(name, HASHINIT) proved to give an even one, so you the latter for name hash. - Do not store unnamed nodes in slot 0 of name hash, no reason for that. - Use the ID hash in cases when we need to run through all nodes: the NGM_LISTNODES command and in the vnet_netgraph_uninit(). - Implement NGM_LISTNODES and NGM_LISTNAMES as separate code, the former iterates through the ID hash, and the latter through the name hash. - Keep count of all nodes and of named nodes, so that we don't need to count nodes in NGM_LISTNODES and NGM_LISTNAMES. The counters are also used to estimate whether we need to grow hashes. - Close a race between two threads running ng_name_node() assigning same name to different nodes. Notes: svn path=/head/; revision=231831
* Specify correct loading order for core of netgraph(4).Gleb Smirnoff2012-02-161-2/+2
| | | | Notes: svn path=/head/; revision=231830
* Supply correct "how" argument to the uma_zcreate().Gleb Smirnoff2012-02-161-2/+2
| | | | Notes: svn path=/head/; revision=231829
* In ng_getsockaddr() allocate memory prior to obtaining lock.Gleb Smirnoff2012-02-161-11/+8
| | | | | | | Reported & tested by: Mykola Dzham <i levsha.me> Notes: svn path=/head/; revision=231823
* Fix includes list.Gleb Smirnoff2012-02-151-2/+1
| | | | | | | Submitted by: bde Notes: svn path=/head/; revision=231766
* Trim double empty lines.Gleb Smirnoff2012-02-151-8/+0
| | | | Notes: svn path=/head/; revision=231765
* Remove testing stuff, reducing kernel memory footprint by 1 Kb.Gleb Smirnoff2012-02-151-29/+0
| | | | | | | | Anyway, when we are building a LINT kernel, all these macros are tested via nodes. Notes: svn path=/head/; revision=231764
* In ng_bypass() add more protection against potential raceGleb Smirnoff2012-02-151-0/+4
| | | | | | | with ng_rmnode() and its followers. Notes: svn path=/head/; revision=231761
* style(9): sort includes.Gleb Smirnoff2012-02-151-6/+6
| | | | Notes: svn path=/head/; revision=231760
* No need to optimise for a node with no hooks, my braino.Gleb Smirnoff2012-02-131-5/+2
| | | | Notes: svn path=/head/; revision=231585
* - Use fixed-width integer types.Max Khon2012-02-122-21/+21
| | | | | | | | | | | - Prefer to use C99 stdint types. This fixes ng_cisco on 64-bit architectures. MFC after: 1 week Notes: svn path=/head/; revision=231543
* Remove direct access to si_name.Ed Schouten2012-02-101-2/+3
| | | | | | | | | | | Code should just use the devtoname() function to obtain the name of a character device. Also add const keywords to pieces of code that need it to build properly. MFC after: 2 weeks Notes: svn path=/head/; revision=231378
* Provide a findhook method for ng_socket(4). The node stores aGleb Smirnoff2012-01-231-2/+101
| | | | | | | | | | | | | | | | | | | | hash with names of its hooks. It starts with size of 16, and grows when number of hooks reaches twice the current size. A failure to grow (memory is allocated with M_NOWAIT) isn't fatal, however. I used standard hash(9) function for the hash. With 25000 hooks named in the mpd (ports/net/mpd5) manner of "b%u", the distributions is the following: 72.1% entries consist of one element, 22.1% consist of two, 5.2% consist of three and 0.6% of four. Speedup in a synthetic test that creates 25000 hooks and then runs through a long cyclce dereferencing them in a random order is over 25 times. Notes: svn path=/head/; revision=230487
* In ng_socket(4) expose less kernel internals to userland. This commitGleb Smirnoff2012-01-232-17/+16
| | | | | | | breaks ABI, but makes probability of ABI breakage in future less. Notes: svn path=/head/; revision=230481
* Convert locks that protect name hash, ID hash and typelist fromGleb Smirnoff2012-01-231-60/+61
| | | | | | | | | | | mutex(9) to rwlock(9) based locks. While here remove dropping lock when processing NGM_LISTNODES, and NGM_LISTTYPES generic commands. We don't need to drop it since memory allocation is done with M_NOWAIT. Notes: svn path=/head/; revision=230480
* The newhook method can be called in ISR context atGleb Smirnoff2012-01-171-2/+3
| | | | | | | certain circumstances, so better use M_NOWAIT in it. Notes: svn path=/head/; revision=230272
* Add missing static.Gleb Smirnoff2012-01-161-1/+1
| | | | Notes: svn path=/head/; revision=230214
* Remove some disabled NOTYET code. Probability of enabling it is low,Gleb Smirnoff2012-01-161-78/+0
| | | | | | | if anyone wants, he/she can take it from svn. Notes: svn path=/head/; revision=230213
* Use strchr() and strrchr().Ed Schouten2012-01-021-3/+3
| | | | | | | | | | | It seems strchr() and strrchr() are used more often than index() and rindex(). Therefore, simply migrate all kernel code to use it. For the XFS code, remove an empty line to make the code identical to the code in the Linux kernel. Notes: svn path=/head/; revision=229272
* style(9), whitespace and spelling nits.Gleb Smirnoff2011-12-301-104/+78
| | | | Notes: svn path=/head/; revision=229003
* In r191367 the need for if_free_type() was removed and a new memberBrooks Davis2011-11-111-1/+1
| | | | | | | | | | | if_alloctype was used to store the origional interface type. Take advantage of this change by removing all existing uses of if_free_type() in favor of if_free(). MFC after: 1 Month Notes: svn path=/head/; revision=227459
* Mark all SYSCTL_NODEs static that have no corresponding SYSCTL_DECLs.Ed Schouten2011-11-077-8/+9
| | | | | | | | | The SYSCTL_NODE macro defines a list that stores all child-elements of that node. If there's no SYSCTL_DECL macro anywhere else, there's no reason why it shouldn't be static. Notes: svn path=/head/; revision=227309
* Mark MALLOC_DEFINEs static that have no corresponding MALLOC_DECLAREs.Ed Schouten2011-11-0726-32/+38
| | | | | | | This means that their use is restricted to a single C file. Notes: svn path=/head/; revision=227293
* - Fix potential double mbuf free: M_PREPEND may free mbuf chain and returnMax Khon2011-11-061-1/+3
| | | | | | | | | NULL but item will still have the reference ot the mbuf chain and will free it upon destruction. - Fix memory leak (unfree'd item on error path). Notes: svn path=/head/; revision=227132
* Fix potential double mbuf free: M_PREPEND may free mbuf chain and returnMax Khon2011-11-061-1/+2
| | | | | | | | NULL but item will still have the reference ot the mbuf chain and will free it upon destruction. Notes: svn path=/head/; revision=227131
* Constify "address" argument of ng_address_path().Max Khon2011-11-062-2/+2
| | | | Notes: svn path=/head/; revision=227130
* - If KDB & NETGRAPH_DEBUG are on, print traces on discovered failedGleb Smirnoff2011-10-272-2/+9
| | | | | | | | invariants. - Reduce tautology in NETGRAPH_DEBUG output. Notes: svn path=/head/; revision=226829
* Free mbuf in case when protocol in unknown in ng_ipfw_rcvdata().Alexander V. Chernikov2011-10-101-9/+7
| | | | | | | | | | | This change fixes (theoretically) possible mbuf leak introduced in r225586. Reorder code a bit and change return codes to be more specific Reviewed by: glebius Approved by: kib (mentor) Notes: svn path=/head/; revision=226186
* Add IPv6 support to the ng_ipfw(4) [1]. Also add ifdefs to be ableAndrey V. Elsukov2011-09-151-12/+42
| | | | | | | | | | | | build it with and without INET/INET6 support. Submitted by: Alexander V. Chernikov <melifaro at yandex-team.ru> [1] Tested by: Alexander V. Chernikov <melifaro at yandex-team.ru> [1] Approved by: re (bz) MFC after: 2 weeks Notes: svn path=/head/; revision=225586
* Second-to-last commit implementing Capsicum capabilities in the FreeBSDRobert Watson2011-08-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | kernel for FreeBSD 9.0: Add a new capability mask argument to fget(9) and friends, allowing system call code to declare what capabilities are required when an integer file descriptor is converted into an in-kernel struct file *. With options CAPABILITIES compiled into the kernel, this enforces capability protection; without, this change is effectively a no-op. Some cases require special handling, such as mmap(2), which must preserve information about the maximum rights at the time of mapping in the memory map so that they can later be enforced in mprotect(2) -- this is done by narrowing the rights in the existing max_protection field used for similar purposes with file permissions. In namei(9), we assert that the code is not reached from within capability mode, as we're not yet ready to enforce namespace capabilities there. This will follow in a later commit. Update two capability names: CAP_EVENT and CAP_KEVENT become CAP_POST_KEVENT and CAP_POLL_KEVENT to more accurately indicate what they represent. Approved by: re (bz) Submitted by: jonathan Sponsored by: Google Inc Notes: svn path=/head/; revision=224778
* remove RESTARTABLE_PANICS optionAndriy Gapon2011-07-253-18/+0
| | | | | | | | | | | | | | | | | | | This is done per request/suggestion from John Baldwin who introduced the option. Trying to resume normal system operation after a panic is very unpredictable and dangerous. It will become even more dangerous when we allow a thread in panic(9) to penetrate all lock contexts. I understand that the only purpose of this option was for testing scenarios potentially resulting in panic. Suggested by: jhb Reviewed by: attilio, jhb X-MFC-After: never Approved by: re (kib) Notes: svn path=/head/; revision=224307
* Clear pending ifnet events, in an attempt at preventingMarko Zec2011-07-161-0/+2
| | | | | | | | | | ng_ether_link_state() from being dispatched after we have cleared our IFP2NG(ifp). MFC after: 3 days Notes: svn path=/head/; revision=224107
* In ng_attach_cntl() first allocate things that may fail, and thenGleb Smirnoff2011-07-141-16/+15
| | | | | | | | | | do the rest of initialization. This simplifies code and fixes a double free in failure scenario. Reviewed by: bz Notes: svn path=/head/; revision=224031
* Add missing unlocks.Gleb Smirnoff2011-07-061-0/+2
| | | | Notes: svn path=/head/; revision=223822
* o Eliminate flow6_hash_entry in favor of flow_hash_entry. We don't needGleb Smirnoff2011-07-053-107/+152
| | | | | | | | | | | | | a separate struct to start a slist of semi-opaque structs. This makes some code more compact. o Rewrite ng_netflow_flow_show() and its API/ABI: - Support for IPv6 is added. - Request and response now use same struct. Structure specifies version (6 or 4), index of last retrieved hash, and also index of last retrieved entry in the hash entry. Notes: svn path=/head/; revision=223787
* Fix build with NETGRAPH_DEBUG.Gleb Smirnoff2011-07-041-1/+1
| | | | Notes: svn path=/head/; revision=223768
* Fix build with NETGRAPH_DEBUG.Gleb Smirnoff2011-07-041-2/+2
| | | | Notes: svn path=/head/; revision=223761
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-15 00:43:40 +0000