| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Thanks to Peter Kasting from Google for drawing
my attention to it.
MFC after: 3 days
Notes:
svn path=/head/; revision=271643
|
| | |
| |
| |
| |
| |
| |
| | |
Suggested by: glebius
Notes:
svn path=/head/; revision=271628
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
net.inet.ip.process_options vnet-aware. Revert changes in r271545.
Suggested by: bz
Notes:
svn path=/head/; revision=271610
|
| | |
| |
| |
| |
| |
| |
| | |
Suggested by: adrian @
Notes:
svn path=/head/; revision=271551
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The current TSO limitation feature only takes the total number of
bytes in an mbuf chain into account and does not limit by the number
of mbufs in a chain. Some kinds of hardware is limited by two
factors. One is the fragment length and the second is the fragment
count. Both of these limits need to be taken into account when doing
TSO. Else some kinds of hardware might have to drop completely valid
mbuf chains because they cannot loaded into the given hardware's DMA
engine. The new way of doing TSO limitation has been made backwards
compatible as input from other FreeBSD developers and will use
defaults for values not set.
MFC after: 1 week
Sponsored by: Mellanox Technologies
Notes:
svn path=/head/; revision=271504
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
ifa_ifwithdstaddr. For the sake of backwards compatibility, the new
arguments were added to new functions named ifa_ifwithnet_fib and
ifa_ifwithdstaddr_fib, while the old functions became wrappers around the
new ones that passed RT_ALL_FIBS for the fib argument. However, the
backwards compatibility is not desired for FreeBSD 11, because there are
numerous other incompatible changes to the ifnet(9) API. We therefore
decided to remove it from head but leave it in place for stable/9 and
stable/10. In addition, this commit adds the fib argument to
ifa_ifwithbroadaddr for consistency's sake.
sys/sys/param.h
Increment __FreeBSD_version
sys/net/if.c
sys/net/if_var.h
sys/net/route.c
Add fibnum argument to ifa_ifwithbroadaddr, and remove the _fib
versions of ifa_ifwithdstaddr, ifa_ifwithnet, and ifa_ifwithroute.
sys/net/route.c
sys/net/rtsock.c
sys/netinet/in_pcb.c
sys/netinet/ip_options.c
sys/netinet/ip_output.c
sys/netinet6/nd6.c
Fixup calls of modified functions.
share/man/man9/ifnet.9
Document changed API.
CR: https://reviews.freebsd.org/D458
MFC after: Never
Sponsored by: Spectra Logic
Notes:
svn path=/head/; revision=271438
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A non-global IPv6 address can be used in more than one zone of the same
scope. This zone index is used to identify to which zone a non-global
address belongs.
Also we can have many foreign hosts with equal non-global addresses,
but from different zones. So, they can have different metrics in the
host cache.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
Notes:
svn path=/head/; revision=271400
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
Notes:
svn path=/head/; revision=271391
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
IPv6 address as hash key in all places.
Obtained from: Yandex LLC
Notes:
svn path=/head/; revision=271386
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Differential Revision: https://reviews.freebsd.org/D527
Reviewed by: grehan
Notes:
svn path=/head/; revision=271301
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
with no RSS hash.
When doing RSS:
* Create a new IPv4 netisr which expects the frames to have been verified;
it just directly dispatches to the IPv4 input path.
* Once IPv4 reassembly is done, re-calculate the RSS hash with the new
IP and L3 header; then reinject it as appropriate.
* Update the IPv4 netisr to be a CPU affinity netisr with the RSS hash
function (rss_soft_m2cpuid) - this will do a software hash if the
hardware doesn't provide one.
NICs that don't implement hardware RSS hashing will now benefit from RSS
distribution - it'll inject into the correct destination netisr.
Note: the netisr distribution doesn't work out of the box - netisr doesn't
query RSS for how many CPUs and the affinity setup. Yes, netisr likely
shouldn't really be doing CPU stuff anymore and should be "some kind of
'thing' that is a workqueue that may or may not have any CPU affinity";
that's for a later commit.
Differential Revision: https://reviews.freebsd.org/D527
Reviewed by: grehan
Notes:
svn path=/head/; revision=271300
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
and egress.
* rss_mbuf_software_hash_v4 - look at the IPv4 mbuf to fetch the IPv4 details
+ direction to calculate a hash.
* rss_proto_software_hash_v4 - hash the given source/destination IPv4 address,
port and direction.
* rss_soft_m2cpuid - map the given mbuf to an RSS CPU ("bucket" for now)
These functions are intended to be used by the stack to support
the following:
* Not all NICs do RSS hashing, so we should support some way of doing
a hash in software;
* The NIC / driver may not hash frames the way we want (eg UDP 4-tuple
hashing when the stack is only doing 2-tuple hashing for UDP); so we
may need to re-hash frames;
* .. same with IPv4 fragments - they will need to be re-hashed after
reassembly;
* .. and same with things like IP tunneling and such;
* The transmit path for things like UDP, RAW and ICMP don't currently
have any RSS information attached to them - so they'll need an
RSS calculation performed before transmit.
TODO:
* Counters! Everywhere!
* Add a debug mode that software hashes received frames and compares them
to the hardware hash provided by the hardware to ensure they match.
The IPv6 part of this is missing - I'm going to do some re-juggling of
where various parts of the RSS framework live before I add the IPv6
code (read: the IPv6 code is going to go into netinet6/in6_rss.[ch],
rather than living here.)
Note: This API is still fluid. Please keep that in mind.
Differential Revision: https://reviews.freebsd.org/D527
Reviewed by: grehan
Notes:
svn path=/head/; revision=271297
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
information as part of recvmsg().
This is primarily used for debugging/verification of the various
processing paths in the IP, PCB and driver layers.
Unfortunately the current implementation of the control message path
results in a ~10% or so drop in UDP frame throughput when it's used.
Differential Revision: https://reviews.freebsd.org/D527
Reviewed by: grehan
Notes:
svn path=/head/; revision=271293
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
overriding an existing flowid/flowtype field in the outbound mbuf with
the inp_flowid/inp_flowtype details.
The upcoming RSS UDP support calculates a valid RSS value for outbound
mbufs and since it may change per send, it doesn't cache it in the inpcb.
So overriding it here would be wrong.
Differential Revision: https://reviews.freebsd.org/D527
Reviewed by: grehan
Notes:
svn path=/head/; revision=271291
|
| | |
| |
| |
| |
| |
| |
| | |
MFC after: 1 week
Notes:
svn path=/head/; revision=271230
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
in userspace. While there, improve consistency.
MFC after: 1 week
Notes:
svn path=/head/; revision=271228
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
eliminiates some warnings when building in userland.
Thanks to Patrick Laimbock for reporting this issue.
Remove also some unnecessary casts.
There should be no functional change.
MFC after: 1 week
Notes:
svn path=/head/; revision=271221
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Suggested by: glebius@
MFC after: 1 week
Notes:
svn path=/head/; revision=271219
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
and the stack is torn down.
Thanks to Peter Bostroem and Jiayang Liu from Google for reporting the
issue.
MFC after: 1 week
Notes:
svn path=/head/; revision=271209
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
While there do some cleanup of the code.
MFC after: 1 week
Notes:
svn path=/head/; revision=271204
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Kernel changes:
* Split kernel/userland nat structures eliminating IPFW_INTERNAL hack.
* Add IP_FW_NAT44_* codes resemblin old ones.
* Assume that instances can be named (no kernel support currently).
* Use both UH+WLOCK locks for all configuration changes.
* Provide full ABI support for old sockopts.
Userland changes:
* Use IP_FW_NAT44_* codes for nat operations.
* Remove undocumented ability to show ranges of nat "log" entries.
Notes:
svn path=/projects/ipfw/; revision=271231
|
| |\|
| |
| |
| | |
Notes:
svn path=/projects/ipfw/; revision=271164
|
| | |
| |
| |
| |
| |
| |
| | |
Sponsored by: Nginx, Inc.
Notes:
svn path=/head/; revision=271123
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
packets targeting a listening socket. Permit to reduce TCP input
processing starvation in context of high SYN load (e.g. short-lived TCP
connections or SYN flood).
Submitted by: Julien Charbon <jcharbon@verisign.com>
Reviewed by: adrian, hiren, jhb, Mike Bentkofsky
Notes:
svn path=/head/; revision=271119
|
| | |
| |
| |
| | |
Notes:
svn path=/head/; revision=271107
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
try to collapse adjacent pieces using m_catpkt(). In best case
scenario it copies data and frees mbufs, making mbuf exhaustion
attack harder.
Suggested by: Jonathan Looney <jonlooney gmail.com>
Security: Hardens against remote mbuf exhaustion attack.
Sponsored by: Netflix
Sponsored by: Nginx, Inc.
Notes:
svn path=/head/; revision=271089
|
| | |
| |
| |
| |
| |
| |
| | |
Sponsored by: Nginx, Inc.
Notes:
svn path=/head/; revision=271006
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
packets at all. Swapping byte order on SOCK_RAW was actually a bug, an
artifact from the BSD network stack, that used to convert a packet to
native byte order once it is received by kernel.
Other operating systems didn't follow this, and later other BSD
descendants fixed this, leaving us alone with the bug. Now it is
clear that we should fix the bug.
In collaboration with: Olivier Cochard-Labbé <olivier cochard.me>
See also: https://wiki.freebsd.org/SOCK_RAW
Sponsored by: Nginx, Inc.
Notes:
svn path=/head/; revision=270929
|
| | |
| |
| |
| |
| |
| |
| | |
Sponsored by: Nginx, Inc.
Notes:
svn path=/head/; revision=270869
|
| | |
| |
| |
| |
| |
| |
| | |
MFC after: 3 days
Notes:
svn path=/head/; revision=270673
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is the last major change in given branch.
Kernel changes:
* Use 64-bytes structures to hold multi-value variables.
* Use shared array to hold values from all tables (assume
each table algo is capable of holding 32-byte variables).
* Add some placeholders to support per-table value arrays in future.
* Use simple eventhandler-style API to ease the process of adding new
table items. Currently table addition may required multiple UH drops/
acquires which is quite tricky due to atomic table modificatio/swap
support, shared array resize, etc. Deal with it by calling special
notifier capable of rolling back state before actually performing
swap/resize operations. Original operation then restarts itself after
acquiring UH lock.
* Bump all objhash users default values to at least 64
* Fix custom hashing inside objhash.
Userland changes:
* Add support for dumping shared value array via "vlist" internal cmd.
* Some small print/fill_flags dixes to support u32 values.
* valtype is now bitmask of
<skipto|pipe|fib|nat|dscp|tag|divert|netgraph|limit|ipv4|ipv6>.
New values can hold distinct values for each of this types.
* Provide special "legacy" type which assumes all values are the same.
* More helpers/docs following..
Some examples:
3:41 [1] zfscurr0# ipfw table mimimi create valtype skipto,limit,ipv4,ipv6
3:41 [1] zfscurr0# ipfw table mimimi info
+++ table(mimimi), set(0) +++
kindex: 2, type: addr
references: 0, valtype: skipto,limit,ipv4,ipv6
algorithm: addr:radix
items: 0, size: 296
3:42 [1] zfscurr0# ipfw table mimimi add 10.0.0.5 3000,10,10.0.0.1,2a02:978:2::1
added: 10.0.0.5/32 3000,10,10.0.0.1,2a02:978:2::1
3:42 [1] zfscurr0# ipfw table mimimi list
+++ table(mimimi), set(0) +++
10.0.0.5/32 3000,0,10.0.0.1,2a02:978:2::1
Notes:
svn path=/projects/ipfw/; revision=270906
|
| |\|
| |
| |
| | |
Notes:
svn path=/projects/ipfw/; revision=270410
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
is found, the first usable address is returned for legacy ioctls like
SIOCGIFBRDADDR, SIOCGIFDSTADDR, SIOCGIFNETMASK and SIOCGIFADDR.
While there also fix a subtle issue that a caller from a jail asking for
INADDR_ANY may get the first IP of the host that do not belong to the jail.
Submitted by: glebius
Differential Revision: https://reviews.freebsd.org/D667
Notes:
svn path=/head/; revision=270347
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
panic easily triggered by running "sysctl -a" after unload.
Reported and tested by: Grenville Armitage <garmitage@swin.edu.au>
MFC after: 1 week
Notes:
svn path=/head/; revision=270160
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is a follow up to r269699.
Phabric: D564
Reviewed by: jhb
Notes:
svn path=/head/; revision=270008
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
socket options. This includes managing the correspoing stat counters.
Add the SCTP_DETAILED_STR_STATS kernel option to control per policy
counters on every stream. The default is off and only an aggregated
counter is available. This is sufficient for the RTCWeb usecase.
MFC after: 1 week
Notes:
svn path=/head/; revision=269945
|
| | |
| |
| |
| | |
Notes:
svn path=/projects/ipfw/; revision=270021
|
| | |
| |
| |
| |
| |
| |
| | |
Suggested by: luigi
Notes:
svn path=/projects/ipfw/; revision=270003
|
| | |
| |
| |
| |
| |
| |
| | |
* Clean up some comments.
Notes:
svn path=/projects/ipfw/; revision=269965
|
| |\|
| |
| |
| | |
Notes:
svn path=/projects/ipfw/; revision=269947
|
| | |
| |
| |
| |
| |
| |
| | |
consistent with other similar sysctl variable used in SCTP.
Notes:
svn path=/head/; revision=269874
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
socket options. Add also a sysctl to control the support of ASCONF.
MFC after: 1 week
Notes:
svn path=/head/; revision=269858
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
the complete string is returned by the function and not just only one
byte.
PR: 192544
MFC after: 2 weeks
Notes:
svn path=/head/; revision=269777
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
buffer.
Reviewed by: jmg
Notes:
svn path=/head/; revision=269766
|
| | |
| |
| |
| |
| |
| |
| | |
code between declariations.
Notes:
svn path=/head/; revision=269753
|
| | |
| |
| |
| | |
Notes:
svn path=/head/; revision=269726
|
| | |
| |
| |
| | |
Notes:
svn path=/head/; revision=269705
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
only one protocol switch structure that is shared between ipv4 and ipv6.
Phabric: D476
Reviewed by: jhb
Notes:
svn path=/head/; revision=269699
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
sysctl controlling the negotiation of the RE-CONFIG extension.
MFC after: 3 days
Notes:
svn path=/head/; revision=269527
|
| | |
| |
| |
| | |
Notes:
svn path=/head/; revision=269526
|
