svn commit: r228574 - in head: sbin/ifconfig sys/netinet
Author: glebius Date: Fri Dec 16 13:30:17 2011 New Revision: 228574 URL: http://svn.freebsd.org/changeset/base/228574 Log: Since size of struct in_aliasreq has just been changed in r228571, and thus ifconfig(8) needs recompile, it is a good chance to make parameter checks on SIOCAIFADDR arguments more strict. Modified: head/sbin/ifconfig/af_inet.c head/sys/netinet/in.c Modified: head/sbin/ifconfig/af_inet.c == --- head/sbin/ifconfig/af_inet.cFri Dec 16 12:53:15 2011 (r228573) +++ head/sbin/ifconfig/af_inet.cFri Dec 16 13:30:17 2011 (r228574) @@ -126,6 +126,7 @@ in_getaddr(const char *s, int which) *p = '/'; errx(1, %s: bad value (width %s), s, errstr); } + min-sin_family = AF_INET; min-sin_len = sizeof(*min); min-sin_addr.s_addr = htonl(~((1LL (32 - masklen)) - 1) 0x); Modified: head/sys/netinet/in.c == --- head/sys/netinet/in.c Fri Dec 16 12:53:15 2011(r228573) +++ head/sys/netinet/in.c Fri Dec 16 13:30:17 2011(r228574) @@ -253,16 +253,10 @@ in_control(struct socket *so, u_long cmd sizeof(struct sockaddr_in) || ifra-ifra_broadaddr.sin_family != AF_INET)) return (EINVAL); -#if 0 - /* -* ifconfig(8) historically doesn't set af_family for mask -* for unknown reason. -*/ if (ifra-ifra_mask.sin_len != 0 (ifra-ifra_mask.sin_len != sizeof(struct sockaddr_in) || ifra-ifra_mask.sin_family != AF_INET)) return (EINVAL); -#endif break; case SIOCSIFADDR: case SIOCSIFBRDADDR: ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r228576 - in head: . sys/boot/forth sys/modules sys/modules/carp sys/modules/if_carp
Author: glebius
Date: Fri Dec 16 14:28:34 2011
New Revision: 228576
URL: http://svn.freebsd.org/changeset/base/228576
Log:
- Rename if_carp.ko to carp.ko.
- carp.ko depends on sha1.c
Added:
head/sys/modules/carp/
- copied from r228573, head/sys/modules/if_carp/
Deleted:
head/sys/modules/if_carp/
Modified:
head/ObsoleteFiles.inc
head/sys/boot/forth/loader.conf
head/sys/modules/Makefile
head/sys/modules/carp/Makefile
Modified: head/ObsoleteFiles.inc
==
--- head/ObsoleteFiles.inc Fri Dec 16 14:19:46 2011(r228575)
+++ head/ObsoleteFiles.inc Fri Dec 16 14:28:34 2011(r228576)
@@ -38,6 +38,8 @@
# xargs -n1 | sort | uniq -d;
# done
+# 20111216: carp(4) module renamed
+OLD_FILES+=boot/kernel/if_carp.ko
# 20111214: eventtimers(7) moved to eventtimers(4)
OLD_FILES+=usr/share/man/man7/eventtimers.7.gz
# 2025: amd(4) removed
Modified: head/sys/boot/forth/loader.conf
==
--- head/sys/boot/forth/loader.conf Fri Dec 16 14:19:46 2011
(r228575)
+++ head/sys/boot/forth/loader.conf Fri Dec 16 14:28:34 2011
(r228576)
@@ -260,6 +260,7 @@ pf_load=NO# packet filter
bridgestp_load=NO# if_bridge(4) support
miibus_load=NO # miibus support, needed for some drivers
+carp_load=NO # carp(4) protocol
if_ae_load=NO# Attansic/Atheros L2 FastEthernet
if_age_load=NO # Attansic/Atheros L1 Gigabit Ethernet
if_alc_load=NO # Atheros AR8131/AR8132 Ethernet
@@ -275,7 +276,6 @@ if_bridge_load=NO # if_bridge(4) devi
if_bwi_load=NO # Broadcom BCM53xx IEEE 802.11b/g wireness NICs
if_bwn_load=NO # Broadcom BCM43xx IEEE 802.11 wireless NICs
if_bxe_load=NO # Broadcom NetXtreme II 10Gb Ethernet
-if_carp_load=NO # carp(4) devices
if_cas_load=NO # Sun Cassini/Cassini+ and NS DP83065 Saturn
if_cm_load=NO# SMC (90c26, 90c56, 90c66)
if_cs_load=NO# Crystal Semiconductor CS8920
Modified: head/sys/modules/Makefile
==
--- head/sys/modules/Makefile Fri Dec 16 14:19:46 2011(r228575)
+++ head/sys/modules/Makefile Fri Dec 16 14:28:34 2011(r228576)
@@ -50,6 +50,7 @@ SUBDIR= ${_3dfx} \
${_canbepm} \
${_canbus} \
${_cardbus} \
+ ${_carp} \
cas \
${_cbb} \
cc \
@@ -117,7 +118,6 @@ SUBDIR= ${_3dfx} \
${_ida} \
${_ie} \
if_bridge \
- ${_if_carp} \
if_disc \
if_edsc \
if_ef \
@@ -374,7 +374,7 @@ _if_gre=if_gre
.if (${MK_INET_SUPPORT} != no || ${MK_INET6_SUPPORT} != no) || \
defined(ALL_MODULES)
-_if_carp= if_carp
+_carp= carp
.endif
.if ${MK_IPFILTER} != no || defined(ALL_MODULES)
Modified: head/sys/modules/carp/Makefile
==
--- head/sys/modules/if_carp/Makefile Fri Dec 16 12:53:15 2011
(r228573)
+++ head/sys/modules/carp/Makefile Fri Dec 16 14:28:34 2011
(r228576)
@@ -1,12 +1,14 @@
# $FreeBSD$
.PATH: ${.CURDIR}/../../netinet
+.PATH: ${.CURDIR}/../../crypto
.include bsd.own.mk
-KMOD= if_carp
-SRCS= ip_carp.c
-SRCS+= opt_carp.h opt_bpf.h opt_inet.h opt_inet6.h vnode_if.h
+KMOD= carp
+SRCS= ip_carp.c sha1.c
+SRCS+= device_if.h bus_if.h vnode_if.h
+SRCS+= opt_carp.h opt_bpf.h opt_inet.h opt_inet6.h opt_ofed.h
.if !defined(KERNBUILDDIR)
.if ${MK_INET_SUPPORT} != no
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r228577 - head/sbin/ifconfig
Author: glebius
Date: Fri Dec 16 14:30:58 2011
New Revision: 228577
URL: http://svn.freebsd.org/changeset/base/228577
Log:
Rename ifcarp.c to carp.c
Added:
head/sbin/ifconfig/carp.c
- copied unchanged from r228576, head/sbin/ifconfig/ifcarp.c
Deleted:
head/sbin/ifconfig/ifcarp.c
Modified:
head/sbin/ifconfig/Makefile
Modified: head/sbin/ifconfig/Makefile
==
--- head/sbin/ifconfig/Makefile Fri Dec 16 14:28:34 2011(r228576)
+++ head/sbin/ifconfig/Makefile Fri Dec 16 14:30:58 2011(r228577)
@@ -38,7 +38,7 @@ SRCS+=ifieee80211.c regdomain.c # SIOC[
DPADD+=${LIBBSDXML} ${LIBJAIL} ${LIBSBUF}
LDADD+=-lbsdxml -ljail -lsbuf
-SRCS+= ifcarp.c# SIOC[GS]VH support
+SRCS+= carp.c # SIOC[GS]VH support
SRCS+= ifgroup.c # ...
SRCS+= ifpfsync.c # pfsync(4) support
Copied: head/sbin/ifconfig/carp.c (from r228576, head/sbin/ifconfig/ifcarp.c)
==
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/ifconfig/carp.c Fri Dec 16 14:30:58 2011(r228577, copy
of r228576, head/sbin/ifconfig/ifcarp.c)
@@ -0,0 +1,228 @@
+/* $FreeBSD$ */
+/* from $OpenBSD: ifconfig.c,v 1.82 2003/10/19 05:43:35 mcbride Exp $ */
+
+/*
+ * Copyright (c) 2002 Michael Shalayeff. All rights reserved.
+ * Copyright (c) 2003 Ryan McBride. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in the
+ *documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include sys/param.h
+#include sys/ioctl.h
+#include sys/socket.h
+#include sys/sockio.h
+
+#include stdlib.h
+#include unistd.h
+
+#include net/if.h
+#include net/if_var.h
+#include netinet/in.h
+#include netinet/in_var.h
+#include netinet/ip_carp.h
+
+#include ctype.h
+#include stdio.h
+#include string.h
+#include stdlib.h
+#include unistd.h
+#include err.h
+#include errno.h
+
+#include ifconfig.h
+
+static const char *carp_states[] = { CARP_STATES };
+
+static void carp_status(int s);
+static void setcarp_vhid(const char *, int, int, const struct afswtch *rafp);
+static void setcarp_callback(int, void *);
+static void setcarp_advbase(const char *,int, int, const struct afswtch *rafp);
+static void setcarp_advskew(const char *, int, int, const struct afswtch
*rafp);
+static void setcarp_passwd(const char *, int, int, const struct afswtch *rafp);
+
+static int carpr_vhid = -1;
+static int carpr_advskew = -1;
+static int carpr_advbase = -1;
+static int carpr_state = -1;
+static unsigned char const *carpr_key;
+
+static void
+carp_status(int s)
+{
+ struct carpreq carpr[CARP_MAXVHID];
+ int i;
+
+ bzero(carpr, sizeof(struct carpreq) * CARP_MAXVHID);
+ carpr[0].carpr_count = CARP_MAXVHID;
+ ifr.ifr_data = (caddr_t)carpr;
+
+ if (ioctl(s, SIOCGVH, (caddr_t)ifr) == -1)
+ return;
+
+ for (i = 0; i carpr[0].carpr_count; i++) {
+ printf(\tcarp: %s vhid %d advbase %d advskew %d,
+ carp_states[carpr[i].carpr_state], carpr[i].carpr_vhid,
+ carpr[i].carpr_advbase, carpr[i].carpr_advskew);
+ if (printkeys carpr[i].carpr_key[0] != '\0')
+ printf( key \%s\\n, carpr[i].carpr_key);
+ else
+ printf(\n);
+ }
+}
+
+static void
+setcarp_vhid(const char *val, int d, int s, const struct afswtch *afp)
+{
+
+ carpr_vhid = atoi(val);
+
+ if (carpr_vhid = 0 || carpr_vhid CARP_MAXVHID)
+ errx(1, vhid must be greater than 0 and less than %u,
+ CARP_MAXVHID);
+
+ switch (afp-af_af) {
+#ifdef INET
+
Re: svn commit: r228571 - in head: . lib/libc/net sbin/ifconfig share/man/man4 sys/net sys/netinet sys/netinet6 sys/sys
Ben, On Fri, Dec 16, 2011 at 12:08:17PM -0500, Ben Kaduk wrote: B Hi Gleb, B B Perhaps the man page portions that were commented out should just be B removed entirely? They may be resurrected if arpbalancing is implemented again. -- Totus tuus, Glebius. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r228703 - head
Author: glebius Date: Mon Dec 19 12:50:12 2011 New Revision: 228703 URL: http://svn.freebsd.org/changeset/base/228703 Log: Remove if_carp.ko. /boot/kernel should be upgraded atomically. Requested by: netchild, bz Modified: head/ObsoleteFiles.inc Modified: head/ObsoleteFiles.inc == --- head/ObsoleteFiles.inc Mon Dec 19 12:11:07 2011(r228702) +++ head/ObsoleteFiles.inc Mon Dec 19 12:50:12 2011(r228703) @@ -38,8 +38,6 @@ # xargs -n1 | sort | uniq -d; # done -# 20111216: carp(4) module renamed -OLD_FILES+=boot/kernel/if_carp.ko # 20111214: eventtimers(7) moved to eventtimers(4) OLD_FILES+=usr/share/man/man7/eventtimers.7.gz # 2025: amd(4) removed ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r228732 - head/sys/contrib/pf/net
Author: glebius Date: Tue Dec 20 12:34:16 2011 New Revision: 228732 URL: http://svn.freebsd.org/changeset/base/228732 Log: - Cover pfsync callouts deletion with PF_LOCK(). - Cover setting up interface between pf and pfsync with PF_LOCK(). Modified: head/sys/contrib/pf/net/if_pfsync.c Modified: head/sys/contrib/pf/net/if_pfsync.c == --- head/sys/contrib/pf/net/if_pfsync.c Tue Dec 20 11:40:22 2011 (r228731) +++ head/sys/contrib/pf/net/if_pfsync.c Tue Dec 20 12:34:16 2011 (r228732) @@ -539,9 +539,13 @@ pfsync_clone_destroy(struct ifnet *ifp) #ifdef __FreeBSD__ EVENTHANDLER_DEREGISTER(ifnet_departure_event, sc-sc_detachtag); + PF_LOCK(); #endif - timeout_del(sc-sc_bulk_tmo); /* XXX: need PF_LOCK() before */ + timeout_del(sc-sc_bulk_tmo); timeout_del(sc-sc_tmo); +#ifdef __FreeBSD__ + PF_UNLOCK(); +#endif #if NCARP 0 #ifdef notyet #ifdef __FreeBSD__ @@ -3392,6 +3396,7 @@ vnet_pfsync_init(const void *unused) if (error) panic(%s: swi_add %d, __func__, error); + PF_LOCK(); pfsync_state_import_ptr = pfsync_state_import; pfsync_up_ptr = pfsync_up; pfsync_insert_state_ptr = pfsync_insert_state; @@ -3400,6 +3405,7 @@ vnet_pfsync_init(const void *unused) pfsync_clear_states_ptr = pfsync_clear_states; pfsync_state_in_use_ptr = pfsync_state_in_use; pfsync_defer_ptr = pfsync_defer; + PF_UNLOCK(); return (0); } @@ -3410,6 +3416,7 @@ vnet_pfsync_uninit(const void *unused) swi_remove(pfsync_swi.pfsync_swi_cookie); + PF_LOCK(); pfsync_state_import_ptr = NULL; pfsync_up_ptr = NULL; pfsync_insert_state_ptr = NULL; @@ -3418,6 +3425,7 @@ vnet_pfsync_uninit(const void *unused) pfsync_clear_states_ptr = NULL; pfsync_state_in_use_ptr = NULL; pfsync_defer_ptr = NULL; + PF_UNLOCK(); if_clone_detach(pfsync_cloner); ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r228734 - head/contrib/pf/man
Author: glebius Date: Tue Dec 20 13:32:56 2011 New Revision: 228734 URL: http://svn.freebsd.org/changeset/base/228734 Log: - Fix examples to show new CARP style. - Remove OpenBSDisms, add FreeBSDisms. Modified: head/contrib/pf/man/pfsync.4 Modified: head/contrib/pf/man/pfsync.4 == --- head/contrib/pf/man/pfsync.4Tue Dec 20 12:34:17 2011 (r228733) +++ head/contrib/pf/man/pfsync.4Tue Dec 20 13:32:56 2011 (r228734) @@ -26,7 +26,7 @@ .\ .\ $FreeBSD$ .\ -.Dd February 17 2009 +.Dd December 20 2011 .Dt PFSYNC 4 .Os .Sh NAME @@ -141,12 +141,11 @@ Interfaces configuration in .Pa /etc/rc.conf : .Bd -literal -offset indent network_interfaces=lo0 sis0 sis1 sis2 -cloned_interfaces=carp0 carp1 ifconfig_sis0=10.0.0.254/24 +ifconfig_sis0_alias0=inet 10.0.0.1/24 vhid 1 pass foo ifconfig_sis1=192.168.0.254/24 +ifconfig_sis1_alias0=inet 192.168.0.1/24 vhid 2 pass bar ifconfig_sis2=192.168.254.254/24 -ifconfig_carp0=vhid 1 pass foo 10.0.0.1/24 -ifconfig_carp1=vhid 2 pass bar 192.168.0.1/24 pfsync_enable=YES pfsync_syncdev=sis2 .Ed @@ -169,13 +168,13 @@ therefore the .Ar advskew on the backup firewall's .Xr carp 4 -interfaces should be set to something higher than +vhids should be set to something higher than the primary's. For example, if firewall B is the backup, its carp1 configuration would look like this: would look like this: .Bd -literal -offset indent -ifconfig_carp1=vhid 2 pass bar advskew 100 192.168.0.1/24 +ifconfig_sis1_alias0=inet 192.168.0.1/24 vhid 2 pass bar advskew 100 .Ed .Pp The following must also be added to @@ -196,18 +195,18 @@ net.inet.carp.preempt=1 .Xr protocols 5 , .Xr rc.conf 5 , .Xr ifconfig 8 , -.Xr ifstated 8 , .Xr tcpdump 1 .Sh HISTORY The .Nm device first appeared in .Ox 3.3 . +It was first imported to +.Fx 5.3 . .Pp The .Nm -protocol and kernel implementation were significantly modified between -.Ox 4.4 -and -.Ox 4.5 . -The two protocols are incompatible and will not interoperate. +protocol and kernel implementation were significantly modified in +.Fx 9.0 . +The newer protocol is not compatible with older one and will not interoperate +with it. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r228736 - in head: contrib/pf/man share/man/man4 sys/contrib/pf/net sys/net sys/netinet
Author: glebius Date: Tue Dec 20 13:53:31 2011 New Revision: 228736 URL: http://svn.freebsd.org/changeset/base/228736 Log: Restore a feature that was present in 5.x and 6.x, and was cleared in 7.x, 8.x and 9.x with pf(4) imports: pfsync(4) should suppress CARP preemption, while it is running its bulk update. However, reimplement the feature in more elegant manner, that is partially inspired by newer OpenBSD: - Rename term suppression to demotion, to match with OpenBSD. - Keep a global demotion factor, that can be raised by several conditions, for now these are: - interface goes down - carp(4) has problems with ip_output() or ip6_output() - pfsync performs bulk update - Unlike in OpenBSD the demotion factor isn't a counter, but is actual value added to advskew. The adjustment values for particular error conditions are also configurable, and their defaults are maximum advskew value, so a single failure bumps demotion to maximum. This is for POLA compatibility, and should satisfy most users. - Demotion factor is a writable sysctl, so user can do foot shooting, if he desires to. Modified: head/contrib/pf/man/pfsync.4 head/share/man/man4/carp.4 head/sys/contrib/pf/net/if_pfsync.c head/sys/net/if.c head/sys/netinet/ip_carp.c head/sys/netinet/ip_carp.h Modified: head/contrib/pf/man/pfsync.4 == --- head/contrib/pf/man/pfsync.4Tue Dec 20 13:49:52 2011 (r228735) +++ head/contrib/pf/man/pfsync.4Tue Dec 20 13:53:31 2011 (r228736) @@ -114,6 +114,23 @@ Either run the pfsync protocol on a trus dedicated to pfsync messages such as a crossover cable between two firewalls, or specify a peer address and protect the traffic with .Xr ipsec 4 . +.Pp +.Nm +has the following +.Xr sysctl 8 +tunables: +.Bl -tag -width .Va net.pfsync +.It Va net.pfsync.carp_demotion_factor +Value added to +.Va net.inet.carp.demotion +while +.Nm +tries to perform its bulk update. +See +.Xr carp 4 +for more information. +Default value is 240. +.El .Sh EXAMPLES .Nm and Modified: head/share/man/man4/carp.4 == --- head/share/man/man4/carp.4 Tue Dec 20 13:49:52 2011(r228735) +++ head/share/man/man4/carp.4 Tue Dec 20 13:53:31 2011(r228736) @@ -26,7 +26,7 @@ .\ .\ $FreeBSD$ .\ -.Dd December 16, 2011 +.Dd December 20, 2011 .Dt CARP 4 .Os .Sh NAME @@ -121,15 +121,38 @@ Values above 1 enable logging of bad .Nm packets. Default value is 1. -.It Va net.inet.carp.suppress_preempt -A read only value showing the status of preemption suppression. -Preemption can be suppressed if link on an interface is down -or when +.It Va net.inet.carp.demotion +This value shows current level of CARP demotion. +The value is added to the actual advskew sent in announcements for +all vhids. +At normal system operation the demotion factor is zero. +However, problematic conditions raise its level: when +.Nm +experiences problem with sending announcements, when an interface +running a vhid goes down, or while the .Xr pfsync 4 interface is not synchronized. -Value of 0 means that preemption is not suppressed, since no -problems are detected. -Every problem increments suppression counter. +The demotion value is writable, so that user may alter it +depending on some external conditions, for example on status of some +daemon utility. +However, altering the value should be performed with care, do +not conflict with subsystems that adjust demotion factor +automatically: +.Nm +and +.Xr pfsync 4 . +.It Va net.inet.carp.ifdown_demotion_factor +Value added to +.Va net.inet.carp.demotion +when interface running a vhid goes down. +Default value is 240 (maximum advskew value). +.It Va net.inet.carp.senderr_demotion_factor +Value added to +.Va net.inet.carp.demotion +when +.Nm +experiences errors sending its announcements. +Default value is 240 (maximum advskew value). .El .\.Sh ARP level load balancing .\The Modified: head/sys/contrib/pf/net/if_pfsync.c == --- head/sys/contrib/pf/net/if_pfsync.c Tue Dec 20 13:49:52 2011 (r228735) +++ head/sys/contrib/pf/net/if_pfsync.c Tue Dec 20 13:53:31 2011 (r228736) @@ -62,12 +62,6 @@ __FBSDID($FreeBSD$); #else #defineNPFSYNC 0 #endif - -#ifdef DEV_CARP -#defineNCARP DEV_CARP -#else -#defineNCARP 0 -#endif #endif /* __FreeBSD__ */ #include sys/param.h @@ -127,12 +121,14 @@ __FBSDID($FreeBSD$); #include netinet6/nd6.h #endif /* INET6 */ -#ifndef __FreeBSD__ +#ifdef __FreeBSD__ +#include netinet/ip_carp.h +#else #include carp.h -#endif #if NCARP 0 #include netinet/ip_carp.h #endif +#endif #include net/pfvar.h #include net/if_pfsync.h @@ -308,11 +304,15 @@ static VNET_DEFINE(struct pfsync_softc*
svn commit: r228768 - in head/sys: net netinet netinet6 sys
Author: glebius
Date: Wed Dec 21 12:39:08 2011
New Revision: 228768
URL: http://svn.freebsd.org/changeset/base/228768
Log:
Provide ABI compatibility shim to enable configuring of addresses
with ifconfig(8) prior to r228571.
Requested by: brooks
Modified:
head/sys/net/if.h
head/sys/netinet/in.c
head/sys/netinet6/in6.c
head/sys/netinet6/in6_var.h
head/sys/sys/sockio.h
Modified: head/sys/net/if.h
==
--- head/sys/net/if.h Wed Dec 21 12:21:22 2011(r228767)
+++ head/sys/net/if.h Wed Dec 21 12:39:08 2011(r228768)
@@ -362,6 +362,14 @@ struct ifaliasreq {
int ifra_vhid;
};
+/* Compat with pre-10.x */
+struct oifaliasreq {
+ charifra_name[IFNAMSIZ];
+ struct sockaddr ifra_addr;
+ struct sockaddr ifra_broadaddr;
+ struct sockaddr ifra_mask;
+};
+
struct ifmediareq {
charifm_name[IFNAMSIZ]; /* if name, e.g. en0 */
int ifm_current;/* current media options */
Modified: head/sys/netinet/in.c
==
--- head/sys/netinet/in.c Wed Dec 21 12:21:22 2011(r228767)
+++ head/sys/netinet/in.c Wed Dec 21 12:39:08 2011(r228768)
@@ -223,6 +223,14 @@ in_control(struct socket *so, u_long cmd
struct sockaddr_in oldaddr;
int error, hostIsNew, iaIsNew, maskIsNew;
int iaIsFirst;
+ u_long ocmd = cmd;
+
+ /*
+* Pre-10.x compat: OSIOCAIFADDR passes a shorter
+* struct in_aliasreq, without ifra_vhid.
+*/
+ if (cmd == OSIOCAIFADDR)
+ cmd = SIOCAIFADDR;
ia = NULL;
iaIsFirst = 0;
@@ -253,10 +261,18 @@ in_control(struct socket *so, u_long cmd
sizeof(struct sockaddr_in) ||
ifra-ifra_broadaddr.sin_family != AF_INET))
return (EINVAL);
+#if 0
+ /*
+* ifconfig(8) in pre-10.x doesn't set sin_family for the
+* mask. The code is disabled for the 10.x timeline, to
+* make SIOCAIFADDR compatible with 9.x ifconfig(8).
+* The code should be enabled in 11.x
+*/
if (ifra-ifra_mask.sin_len != 0
(ifra-ifra_mask.sin_len != sizeof(struct sockaddr_in) ||
ifra-ifra_mask.sin_family != AF_INET))
return (EINVAL);
+#endif
break;
case SIOCSIFADDR:
case SIOCSIFBRDADDR:
@@ -564,7 +580,7 @@ in_control(struct socket *so, u_long cmd
}
if (hostIsNew || maskIsNew)
error = in_ifinit(ifp, ia, ifra-ifra_addr, 0,
- maskIsNew, ifra-ifra_vhid);
+ maskIsNew, (ocmd == cmd ? ifra-ifra_vhid : 0));
if (error != 0 iaIsNew)
break;
Modified: head/sys/netinet6/in6.c
==
--- head/sys/netinet6/in6.c Wed Dec 21 12:21:22 2011(r228767)
+++ head/sys/netinet6/in6.c Wed Dec 21 12:39:08 2011(r228768)
@@ -275,6 +275,13 @@ in6_control(struct socket *so, u_long cm
struct sockaddr_in6 *sa6;
int carp_attached = 0;
int error;
+ u_long ocmd = cmd;
+
+ /*
+* Compat to make pre-10.x ifconfig(8) operable.
+*/
+ if (cmd == OSIOCAIFADDR_IN6)
+ cmd = SIOCAIFADDR_IN6;
switch (cmd) {
case SIOCGETSGCNT_IN6:
@@ -654,7 +661,7 @@ in6_control(struct socket *so, u_long cm
break;
}
- if (ifra-ifra_vhid 0) {
+ if (cmd == ocmd ifra-ifra_vhid 0) {
if (carp_attach_p != NULL)
error = (*carp_attach_p)(ia-ia_ifa,
ifra-ifra_vhid);
Modified: head/sys/netinet6/in6_var.h
==
--- head/sys/netinet6/in6_var.h Wed Dec 21 12:21:22 2011(r228767)
+++ head/sys/netinet6/in6_var.h Wed Dec 21 12:39:08 2011(r228768)
@@ -290,6 +290,16 @@ struct in6_aliasreq {
int ifra_vhid;
};
+/* pre-10.x compat */
+struct oin6_aliasreq {
+ charifra_name[IFNAMSIZ];
+ struct sockaddr_in6 ifra_addr;
+ struct sockaddr_in6 ifra_dstaddr;
+ struct sockaddr_in6 ifra_prefixmask;
+ int ifra_flags;
+ struct in6_addrlifetime ifra_lifetime;
+};
+
/* prefix type macro */
#define IN6_PREFIX_ND 1
#define IN6_PREFIX_RR 2
@@ -410,7 +420,8 @@ struct in6_rrenumreq {
#define SIOCGIFNETMASK_IN6 _IOWR('i', 37, struct in6_ifreq)
#define SIOCDIFADDR_IN6 _IOW('i', 25, struct in6_ifreq)
-#define SIOCAIFADDR_IN6 _IOW('i', 26,
svn commit: r228811 - in head/sys: contrib/pf/net modules/pfsync
Author: glebius
Date: Thu Dec 22 18:31:47 2011
New Revision: 228811
URL: http://svn.freebsd.org/changeset/base/228811
Log:
In FreeBSD we always have bpf(4) API, either real or stub. No need
in detecting presense of 'device bpf'.
Modified:
head/sys/contrib/pf/net/if_pfsync.c
head/sys/modules/pfsync/Makefile
Modified: head/sys/contrib/pf/net/if_pfsync.c
==
--- head/sys/contrib/pf/net/if_pfsync.c Thu Dec 22 18:12:51 2011
(r228810)
+++ head/sys/contrib/pf/net/if_pfsync.c Thu Dec 22 18:31:47 2011
(r228811)
@@ -45,17 +45,12 @@
#ifdef __FreeBSD__
#include opt_inet.h
#include opt_inet6.h
-#include opt_bpf.h
#include opt_pf.h
#include sys/cdefs.h
__FBSDID($FreeBSD$);
-#ifdef DEV_BPF
-#defineNBPFILTER DEV_BPF
-#else
-#defineNBPFILTER 0
-#endif
+#defineNBPFILTER 1
#ifdef DEV_PFSYNC
#defineNPFSYNC DEV_PFSYNC
Modified: head/sys/modules/pfsync/Makefile
==
--- head/sys/modules/pfsync/MakefileThu Dec 22 18:12:51 2011
(r228810)
+++ head/sys/modules/pfsync/MakefileThu Dec 22 18:31:47 2011
(r228811)
@@ -6,7 +6,7 @@
KMOD= pfsync
SRCS= if_pfsync.c \
- opt_pf.h opt_inet.h opt_inet6.h opt_bpf.h
+ opt_pf.h opt_inet.h opt_inet6.h
CFLAGS+= -I${.CURDIR}/../../contrib/pf
SRCS+= bus_if.h device_if.h
@@ -24,9 +24,6 @@ opt_inet6.h:
echo #define INET6 1 ${.TARGET}
.endif
-opt_bpf.h:
- echo #define DEV_BPF 1 ${.TARGET}
-
.if defined(VIMAGE)
opt_global.h:
echo #define VIMAGE 1 ${.TARGET}
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r228814 - head/sys/contrib/pf/net
Author: glebius
Date: Thu Dec 22 18:56:27 2011
New Revision: 228814
URL: http://svn.freebsd.org/changeset/base/228814
Log:
Merge couple more fixes from OpenBSD to bulk processing:
revision 1.118
date: 2009/03/23 06:19:59; author: dlg; state: Exp; lines: +8 -6
wait an appropriate amount of time before giving up on a bulk update,
rather than giving up after a hardcoded 5 seconds (which is generally much
too short an interval for a bulk update).
pointed out by david@, eyeballed by mcbride@
revision 1.171
date: 2011/10/31 22:02:52; author: mikeb; state: Exp; lines: +2 -1
Don't forget to cancel bulk update failure timeout when destroying an
interface. Problem report and fix from Erik Lax, thanks!
Start a brief note of revisions merged from OpenBSD.
Modified:
head/sys/contrib/pf/net/if_pfsync.c
Modified: head/sys/contrib/pf/net/if_pfsync.c
==
--- head/sys/contrib/pf/net/if_pfsync.c Thu Dec 22 18:51:35 2011
(r228813)
+++ head/sys/contrib/pf/net/if_pfsync.c Thu Dec 22 18:56:27 2011
(r228814)
@@ -42,6 +42,11 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+/*
+ * Revisions picked from OpenBSD after revision 1.110 import:
+ * 1.118, 1.124, 1.148, 1.149, 1.151, 1.171 - fixes to bulk updates
+ */
+
#ifdef __FreeBSD__
#include opt_inet.h
#include opt_inet6.h
@@ -536,6 +541,7 @@ pfsync_clone_destroy(struct ifnet *ifp)
EVENTHANDLER_DEREGISTER(ifnet_departure_event, sc-sc_detachtag);
PF_LOCK();
#endif
+ timeout_del(sc-sc_bulkfail_tmo);
timeout_del(sc-sc_bulk_tmo);
timeout_del(sc-sc_tmo);
#ifdef __FreeBSD__
@@ -1604,14 +1610,16 @@ pfsync_in_bus(struct pfsync_pkt *pkt, st
switch (bus-status) {
case PFSYNC_BUS_START:
#ifdef __FreeBSD__
- callout_reset(sc-sc_bulkfail_tmo, 5 * hz, pfsync_bulk_fail,
- V_pfsyncif);
+ callout_reset(sc-sc_bulkfail_tmo, 4 * hz +
+ pf_pool_limits[PF_LIMIT_STATES].limit /
+ ((sc-sc_sync_if-if_mtu - PFSYNC_MINPKT) /
+ sizeof(struct pfsync_state)),
+ pfsync_bulk_fail, V_pfsyncif);
#else
- timeout_add_sec(sc-sc_bulkfail_tmo, 5); /* XXX magic */
-#endif
-#ifdef XXX
+ timeout_add(sc-sc_bulkfail_tmo, 4 * hz +
pf_pool_limits[PF_LIMIT_STATES].limit /
- (PFSYNC_BULKPACKETS * sc-sc_maxcount));
+ ((sc-sc_if.if_mtu - PFSYNC_MINPKT) /
+ sizeof(struct pfsync_state)));
#endif
#ifdef __FreeBSD__
if (V_pf_status.debug = PF_DEBUG_MISC)
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r228815 - head/sys/contrib/pf/net
Author: glebius
Date: Thu Dec 22 19:05:58 2011
New Revision: 228815
URL: http://svn.freebsd.org/changeset/base/228815
Log:
Merge from OpenBSD:
revision 1.120
date: 2009/04/04 13:09:29; author: dlg; state: Exp; lines: +5 -5
use time_uptime instead of time_second internally. time_uptime isnt
affected by adjusting the clock.
revision 1.175
date: 2011/11/25 12:52:10; author: dlg; state: Exp; lines: +3 -3
use time_uptime to set state creation values as time_second can be
skewed at runtime by things like date(1) and ntpd. time_uptime is
monotonic and therefore more useful to compare against.
Modified:
head/sys/contrib/pf/net/if_pfsync.c
Modified: head/sys/contrib/pf/net/if_pfsync.c
==
--- head/sys/contrib/pf/net/if_pfsync.c Thu Dec 22 18:56:27 2011
(r228814)
+++ head/sys/contrib/pf/net/if_pfsync.c Thu Dec 22 19:05:58 2011
(r228815)
@@ -45,6 +45,7 @@
/*
* Revisions picked from OpenBSD after revision 1.110 import:
* 1.118, 1.124, 1.148, 1.149, 1.151, 1.171 - fixes to bulk updates
+ * 1.120, 1.175 - use monotonic time_uptime
*/
#ifdef __FreeBSD__
@@ -664,7 +665,7 @@ pfsync_state_export(struct pfsync_state
/* copy from state */
strlcpy(sp-ifname, st-kif-pfik_name, sizeof(sp-ifname));
bcopy(st-rt_addr, sp-rt_addr, sizeof(sp-rt_addr));
- sp-creation = htonl(time_second - st-creation);
+ sp-creation = htonl(time_uptime - st-creation);
sp-expire = pf_state_expires(st);
if (sp-expire = time_second)
sp-expire = htonl(0);
@@ -815,7 +816,7 @@ pfsync_state_import(struct pfsync_state
/* copy to state */
bcopy(sp-rt_addr, st-rt_addr, sizeof(st-rt_addr));
- st-creation = time_second - ntohl(sp-creation);
+ st-creation = time_uptime - ntohl(sp-creation);
st-expire = time_second;
if (sp-expire) {
/* XXX No adaptive scaling. */
@@ -838,7 +839,7 @@ pfsync_state_import(struct pfsync_state
st-anchor.ptr = NULL;
st-rt_kif = NULL;
- st-pfsync_time = time_second;
+ st-pfsync_time = time_uptime;
st-sync_state = PFSYNC_S_NONE;
/* XXX when we have nat_rule/anchors, use STATE_INC_COUNTERS */
@@ -1330,7 +1331,7 @@ pfsync_in_upd(struct pfsync_pkt *pkt, st
pf_state_peer_ntoh(sp-dst, st-dst);
st-expire = ntohl(sp-expire) + time_second;
st-timeout = sp-timeout;
- st-pfsync_time = time_second;
+ st-pfsync_time = time_uptime;
}
#ifdef __FreeBSD__
PF_UNLOCK();
@@ -1440,7 +1441,7 @@ pfsync_in_upd_c(struct pfsync_pkt *pkt,
pf_state_peer_ntoh(up-dst, st-dst);
st-expire = ntohl(up-expire) + time_second;
st-timeout = up-timeout;
- st-pfsync_time = time_second;
+ st-pfsync_time = time_uptime;
}
#ifdef __FreeBSD__
PF_UNLOCK();
@@ -2621,7 +2622,7 @@ pfsync_update_state(struct pf_state *st)
st-sync_state);
}
- if (sync || (time_second - st-pfsync_time) 2) {
+ if (sync || (time_uptime - st-pfsync_time) 2) {
pfsync_upds++;
#ifdef __FreeBSD__
pfsync_sendout();
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r228959 - head/sys/netinet
Author: glebius
Date: Thu Dec 29 15:59:14 2011
New Revision: 228959
URL: http://svn.freebsd.org/changeset/base/228959
Log:
Don't fallback to a CARP address in BACKUP state.
Modified:
head/sys/netinet/if_ether.c
Modified: head/sys/netinet/if_ether.c
==
--- head/sys/netinet/if_ether.c Thu Dec 29 15:35:47 2011(r228958)
+++ head/sys/netinet/if_ether.c Thu Dec 29 15:59:14 2011(r228959)
@@ -610,7 +610,9 @@ in_arpinput(struct mbuf *m)
*/
IF_ADDR_LOCK(ifp);
TAILQ_FOREACH(ifa, ifp-if_addrhead, ifa_link)
- if (ifa-ifa_addr-sa_family == AF_INET) {
+ if (ifa-ifa_addr-sa_family == AF_INET
+ (ifa-ifa_carp == NULL ||
+ (*carp_iamatch_p)(ifa, enaddr))) {
ia = ifatoia(ifa);
ifa_ref(ifa);
IF_ADDR_UNLOCK(ifp);
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r229003 - head/sys/netgraph
Author: glebius
Date: Fri Dec 30 15:41:28 2011
New Revision: 229003
URL: http://svn.freebsd.org/changeset/base/229003
Log:
style(9), whitespace and spelling nits.
Modified:
head/sys/netgraph/ng_base.c
Modified: head/sys/netgraph/ng_base.c
==
--- head/sys/netgraph/ng_base.c Fri Dec 30 14:46:53 2011(r229002)
+++ head/sys/netgraph/ng_base.c Fri Dec 30 15:41:28 2011(r229003)
@@ -1,7 +1,3 @@
-/*
- * ng_base.c
- */
-
/*-
* Copyright (c) 1996-1999 Whistle Communications, Inc.
* All rights reserved.
@@ -333,18 +329,18 @@ ng_alloc_node(void)
#define NG_FREE_HOOK(hook) \
do {\
- mtx_lock(ng_nodelist_mtx); \
+ mtx_lock(ng_nodelist_mtx); \
LIST_INSERT_HEAD(ng_freehooks, hook, hk_hooks);\
hook-hk_magic = 0; \
- mtx_unlock(ng_nodelist_mtx); \
+ mtx_unlock(ng_nodelist_mtx); \
} while (0)
#define NG_FREE_NODE(node) \
do {\
- mtx_lock(ng_nodelist_mtx); \
+ mtx_lock(ng_nodelist_mtx); \
LIST_INSERT_HEAD(ng_freenodes, node, nd_nodes);\
node-nd_magic = 0; \
- mtx_unlock(ng_nodelist_mtx); \
+ mtx_unlock(ng_nodelist_mtx); \
} while (0)
#else /* NETGRAPH_DEBUG */ /*--*/
@@ -670,8 +666,8 @@ ng_make_node_common(struct ng_type *type
break;
}
}
- LIST_INSERT_HEAD(V_ng_ID_hash[NG_IDHASH_FN(node-nd_ID)],
- node, nd_idnodes);
+ LIST_INSERT_HEAD(V_ng_ID_hash[NG_IDHASH_FN(node-nd_ID)], node,
+ nd_idnodes);
mtx_unlock(ng_idhash_mtx);
/* Done */
@@ -824,7 +820,7 @@ ng_node2ID(node_p node)
/
/*
- * Assign a node a name. Once assigned, the name cannot be changed.
+ * Assign a node a name.
*/
int
ng_name_node(node_p node, const char *name)
@@ -921,27 +917,21 @@ ng_decodeidname(const char *name)
u_long val;
/* Check for proper length, brackets, no leading junk */
- if ((len 3)
- || (name[0] != '[')
- || (name[len - 1] != ']')
- || (!isxdigit(name[1]))) {
+ if ((len 3) || (name[0] != '[') || (name[len - 1] != ']') ||
+ (!isxdigit(name[1])))
return ((ng_ID_t)0);
- }
/* Decode number */
val = strtoul(name + 1, eptr, 16);
- if ((eptr - name != len - 1)
- || (val == ULONG_MAX)
- || (val == 0)) {
+ if ((eptr - name != len - 1) || (val == ULONG_MAX) || (val == 0))
return ((ng_ID_t)0);
- }
- return (ng_ID_t)val;
+
+ return ((ng_ID_t)val);
}
/*
* Remove a name from a node. This should only be called
* when shutting down and removing the node.
- * IF we allow name changing this may be more resurrected.
*/
void
ng_unname(node_p node)
@@ -1045,8 +1035,8 @@ ng_findhook(node_p node, const char *nam
if (node-nd_type-findhook != NULL)
return (*node-nd_type-findhook)(node, name);
LIST_FOREACH(hook, node-nd_hooks, hk_hooks) {
- if (NG_HOOK_IS_VALID(hook)
-(strcmp(NG_HOOK_NAME(hook), name) == 0))
+ if (NG_HOOK_IS_VALID(hook)
+ (strcmp(NG_HOOK_NAME(hook), name) == 0))
return (hook);
}
return (NULL);
@@ -1182,12 +1172,12 @@ ng_newtype(struct ng_type *tp)
const size_t namelen = strlen(tp-name);
/* Check version and type name fields */
- if ((tp-version != NG_ABI_VERSION)
- || (namelen == 0)
- || (namelen = NG_TYPESIZ)) {
+ if ((tp-version != NG_ABI_VERSION) || (namelen == 0) ||
+ (namelen = NG_TYPESIZ)) {
TRAP_ERROR();
if (tp-version != NG_ABI_VERSION) {
- printf(Netgraph: Node type rejected. ABI mismatch.
Suggest recompile\n);
+ printf(Netgraph: Node type rejected. ABI mismatch.
+ Suggest recompile\n);
}
return (EINVAL);
}
@@ -1635,8 +1625,8 @@ ng_path_parse(char *addr, char **nodep,
* return the destination node.
*/
int
-ng_path2noderef(node_p here, const char *address,
- node_p *destp,
Re: svn: head/sys/netinet
On Fri, Dec 30, 2011 at 11:23:45AM -0800, Maxim Sobolev wrote: M Won't this break whole lot of third-party software, which expects M FreeBSD to be slightly different in this regards? Just curious. Yes it does. And until FreeBSD 10.0-RELEASE there is time to fix this software (at least in ports). The MFC to stable/9 of r226105 was back out. M -Maxim M M On 10/7/2011 6:43 AM, Andre Oppermann wrote: M Author: andre M Date: Fri Oct 7 13:43:01 2011 M New Revision: 226105 M URL: http://svn.freebsd.org/changeset/base/226105 M M Log: M Add back the IP header length to the total packet length field on M raw IP sockets. It was deducted in ip_input() in preparation for M protocols interested only in the payload. M M On raw sockets the IP header should be delivered as it at came in M from the network except for the byte order swaps in some fields. M M This brings us in line with all other OS'es that provide raw M IP sockets. M M Reported by: Matthew Cini Sarreomcins1-at-gmail.com M MFC after: 3 days M M Modified: M head/sys/netinet/raw_ip.c M M Modified: head/sys/netinet/raw_ip.c M == M --- head/sys/netinet/raw_ip.c Fri Oct 7 13:16:21 2011 (r226104) M +++ head/sys/netinet/raw_ip.c Fri Oct 7 13:43:01 2011 (r226105) M @@ -289,6 +289,13 @@ rip_input(struct mbuf *m, int off) M last = NULL; M M ifp = m-m_pkthdr.rcvif; M + /* M + * Add back the IP header length which was M + * removed by ip_input(). Raw sockets do M + * not modify the packet except for some M + * byte order swaps. M + */ M + ip-ip_len += off; M M hash = INP_PCBHASH_RAW(proto, ip-ip_src.s_addr, M ip-ip_dst.s_addr, V_ripcbinfo.ipi_hashmask); M M -- Totus tuus, Glebius. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r229465 - head/sys/netinet6
Author: glebius
Date: Wed Jan 4 07:01:23 2012
New Revision: 229465
URL: http://svn.freebsd.org/changeset/base/229465
Log:
Use correct locking when traversing interface address list.
Reviewed by: bz
Modified:
head/sys/netinet6/in6.c
Modified: head/sys/netinet6/in6.c
==
--- head/sys/netinet6/in6.c Wed Jan 4 04:17:03 2012(r229464)
+++ head/sys/netinet6/in6.c Wed Jan 4 07:01:23 2012(r229465)
@@ -2244,9 +2244,7 @@ in6_ifawithifp(struct ifnet *ifp, struct
IF_ADDR_UNLOCK(ifp);
return (besta);
}
- IF_ADDR_UNLOCK(ifp);
- IN6_IFADDR_RLOCK();
TAILQ_FOREACH(ifa, ifp-if_addrhead, ifa_link) {
if (ifa-ifa_addr-sa_family != AF_INET6)
continue;
@@ -2264,10 +2262,10 @@ in6_ifawithifp(struct ifnet *ifp, struct
if (ifa != NULL)
ifa_ref(ifa);
- IN6_IFADDR_RUNLOCK();
+ IF_ADDR_UNLOCK(ifp);
return (struct in6_ifaddr *)ifa;
}
- IN6_IFADDR_RUNLOCK();
+ IF_ADDR_UNLOCK(ifp);
/* use the last-resort values, that are, deprecated addresses */
if (dep[0])
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r223185 - head/sbin/ipfw
Author: glebius
Date: Fri Jun 17 12:12:52 2011
New Revision: 223185
URL: http://svn.freebsd.org/changeset/base/223185
Log:
- Fix my braino in the 220835, when I used strtok(). It isn't
applicable here, since modifies the string. Switch to strchr().
- Restore support for undocumented optional parameters of
redir_port and redir_proto, that were disabled in 220835.
- While here, change !isalpha() checks on optinal parameters
for isdigit().
Submitted by: Alexander V. Chernikov melifaro ipfw.ru
PR: kern/143653
Modified:
head/sbin/ipfw/nat.c
Modified: head/sbin/ipfw/nat.c
==
--- head/sbin/ipfw/nat.cFri Jun 17 11:13:37 2011(r223184)
+++ head/sbin/ipfw/nat.cFri Jun 17 12:12:52 2011(r223185)
@@ -315,14 +315,19 @@ static int
estimate_redir_addr(int *ac, char ***av)
{
size_t space = sizeof(struct cfg_redir);
- char *sep;
+ char *sep = **av;
+ u_int c = 0;
- if ((sep = strtok(**av, ,)) != NULL) {
- space += sizeof(struct cfg_spool);
- while ((sep = strtok(NULL, ,)) != NULL)
- space += sizeof(struct cfg_spool);
+ while ((sep = strchr(sep, ',')) != NULL) {
+ c++;
+ sep++;
}
+ if (c 0)
+ c++;
+
+ space += c * sizeof(struct cfg_spool);
+
return (space);
}
@@ -370,14 +375,19 @@ static int
estimate_redir_port(int *ac, char ***av)
{
size_t space = sizeof(struct cfg_redir);
- char *sep;
+ char *sep = **av;
+ u_int c = 0;
- if ((sep = strtok(**av, ,)) != NULL) {
- space += sizeof(struct cfg_spool);
- while ((sep = strtok(NULL, ,)) != NULL)
- space += sizeof(struct cfg_spool);
+ while ((sep = strchr(sep, ',')) != NULL) {
+ c++;
+ sep++;
}
+ if (c 0)
+ c++;
+
+ space += c * sizeof(struct cfg_spool);
+
return (space);
}
@@ -465,10 +475,10 @@ setup_redir_port(char *buf, int *ac, cha
* Extract remote address and optionally port.
*/
/*
-* NB: isalpha(**av) = we've to check that next parameter is really an
+* NB: isdigit(**av) = we've to check that next parameter is really an
* option for this redirect entry, else stop here processing arg[cv].
*/
- if (*ac != 0 !isalpha(***av)) {
+ if (*ac != 0 isdigit(***av)) {
if ((sep = strchr(**av, ':')) != NULL) {
if (StrToAddrAndPortRange(**av, r-raddr, protoName,
portRange) != 0)
@@ -584,7 +594,7 @@ setup_redir_proto(char *buf, int *ac, ch
r-raddr.s_addr = INADDR_ANY;
} else {
/* see above in setup_redir_port() */
- if (!isalpha(***av)) {
+ if (isdigit(***av)) {
StrToAddr(**av, r-paddr);
(*av)++; (*ac)--;
@@ -592,7 +602,7 @@ setup_redir_proto(char *buf, int *ac, ch
* Extract optional remote address.
*/
/* see above in setup_redir_port() */
- if (*ac != 0 !isalpha(***av)) {
+ if (*ac != 0 isdigit(***av)) {
StrToAddr(**av, r-raddr);
(*av)++; (*ac)--;
}
@@ -774,6 +784,9 @@ ipfw_config_nat(int ac, char **av)
av1++; ac1--;
len += estimate_redir_port(ac1, av1);
av1 += 2; ac1 -= 2;
+ /* Skip optional remoteIP/port */
+ if (ac1 != 0 isdigit(**av1))
+ av1++; ac1--;
break;
case TOK_REDIR_PROTO:
if (ac1 2)
@@ -781,6 +794,11 @@ ipfw_config_nat(int ac, char **av)
not enough arguments);
len += sizeof(struct cfg_redir);
av1 += 2; ac1 -= 2;
+ /* Skip optional remoteIP/port */
+ if (ac1 != 0 isdigit(**av1))
+ av1++; ac1--;
+ if (ac1 != 0 isdigit(**av1))
+ av1++; ac1--;
break;
default:
errx(EX_DATAERR, unrecognised option ``%s'', av1[-1]);
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r223416 - head/sbin/ipfw
Author: glebius
Date: Wed Jun 22 08:20:01 2011
New Revision: 223416
URL: http://svn.freebsd.org/changeset/base/223416
Log:
One more braino from me.
Pointy hat to:glebius
Submitted by: Alexander V. Chernikov melifaro ipfw.ru
Modified:
head/sbin/ipfw/nat.c
Modified: head/sbin/ipfw/nat.c
==
--- head/sbin/ipfw/nat.cWed Jun 22 08:09:50 2011(r223415)
+++ head/sbin/ipfw/nat.cWed Jun 22 08:20:01 2011(r223416)
@@ -785,8 +785,9 @@ ipfw_config_nat(int ac, char **av)
len += estimate_redir_port(ac1, av1);
av1 += 2; ac1 -= 2;
/* Skip optional remoteIP/port */
- if (ac1 != 0 isdigit(**av1))
+ if (ac1 != 0 isdigit(**av1)) {
av1++; ac1--;
+ }
break;
case TOK_REDIR_PROTO:
if (ac1 2)
@@ -795,10 +796,12 @@ ipfw_config_nat(int ac, char **av)
len += sizeof(struct cfg_redir);
av1 += 2; ac1 -= 2;
/* Skip optional remoteIP/port */
- if (ac1 != 0 isdigit(**av1))
+ if (ac1 != 0 isdigit(**av1)) {
av1++; ac1--;
- if (ac1 != 0 isdigit(**av1))
+ }
+ if (ac1 != 0 isdigit(**av1)) {
av1++; ac1--;
+ }
break;
default:
errx(EX_DATAERR, unrecognised option ``%s'', av1[-1]);
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r223469 - head/sys/netgraph
Author: glebius Date: Thu Jun 23 09:42:41 2011 New Revision: 223469 URL: http://svn.freebsd.org/changeset/base/223469 Log: Be consistent with r160968: keep autoSrcAddr flag untouched when node receives NGM_SHUTDOWN. Submitted by: pluknet Modified: head/sys/netgraph/ng_ether.c Modified: head/sys/netgraph/ng_ether.c == --- head/sys/netgraph/ng_ether.cThu Jun 23 09:40:46 2011 (r223468) +++ head/sys/netgraph/ng_ether.cThu Jun 23 09:42:41 2011 (r223469) @@ -718,7 +718,6 @@ ng_ether_shutdown(node_p node) (void)ifpromisc(priv-ifp, 0); priv-promisc = 0; } - priv-autoSrcAddr = 1; /* reset auto-src-addr flag */ NG_NODE_REVIVE(node); /* Signal ng_rmnode we are persisant */ return (0); ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r223473 - head/share/man/man4
Author: glebius Date: Thu Jun 23 10:43:36 2011 New Revision: 223473 URL: http://svn.freebsd.org/changeset/base/223473 Log: Document that autoSrcAddr isn't re-enabled on NGM_SHUTDOWN. Submitted by: Vadim Goncharov vadim_nuclight mail.ru Modified: head/share/man/man4/ng_ether.4 Modified: head/share/man/man4/ng_ether.4 == --- head/share/man/man4/ng_ether.4 Thu Jun 23 10:35:45 2011 (r223472) +++ head/share/man/man4/ng_ether.4 Thu Jun 23 10:43:36 2011 (r223473) @@ -34,7 +34,7 @@ .\ .\ $FreeBSD$ .\ -.Dd August 4, 2006 +.Dd June 23, 2011 .Dt NG_ETHER 4 .Os .Sh NAME @@ -183,7 +183,6 @@ Detach from underlying Ethernet interfac Upon receipt of the .Dv NGM_SHUTDOWN control message, all hooks are disconnected, promiscuous mode is disabled, -and the source address override flag is re-enabled, but the node is not removed. Node can be shut down only using .Dv NGM_ETHER_DETACH ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r223499 - head/sbin/ipfw
Author: glebius
Date: Fri Jun 24 12:55:16 2011
New Revision: 223499
URL: http://svn.freebsd.org/changeset/base/223499
Log:
Actually, if code had followed style(9), there would be less stupid errors
like the one fixed in r223416.
Noticed by: julian
Modified:
head/sbin/ipfw/nat.c
Modified: head/sbin/ipfw/nat.c
==
--- head/sbin/ipfw/nat.cFri Jun 24 12:50:18 2011(r223498)
+++ head/sbin/ipfw/nat.cFri Jun 24 12:55:16 2011(r223499)
@@ -738,7 +738,8 @@ ipfw_config_nat(int ac, char **av)
char *id, *buf, **av1, *end;
size_t len;
- av++; ac--;
+ av++;
+ ac--;
/* Nat id. */
if (ac == 0)
errx(EX_DATAERR, missing nat id);
@@ -746,7 +747,8 @@ ipfw_config_nat(int ac, char **av)
i = (int)strtol(id, end, 0);
if (i = 0 || *end != '\0')
errx(EX_DATAERR, illegal nat id: %s, id);
- av++; ac--;
+ av++;
+ ac--;
if (ac == 0)
errx(EX_DATAERR, missing option);
@@ -755,11 +757,13 @@ ipfw_config_nat(int ac, char **av)
av1 = av;
while (ac1 0) {
tok = match_token(nat_params, *av1);
- ac1--; av1++;
+ ac1--;
+ av1++;
switch (tok) {
case TOK_IP:
case TOK_IF:
- ac1--; av1++;
+ ac1--;
+ av1++;
break;
case TOK_ALOG:
case TOK_DENY_INC:
@@ -775,18 +779,22 @@ ipfw_config_nat(int ac, char **av)
errx(EX_DATAERR, redirect_addr:
not enough arguments);
len += estimate_redir_addr(ac1, av1);
- av1 += 2; ac1 -= 2;
+ av1 += 2;
+ ac1 -= 2;
break;
case TOK_REDIR_PORT:
if (ac1 3)
errx(EX_DATAERR, redirect_port:
not enough arguments);
- av1++; ac1--;
+ av1++;
+ ac1--;
len += estimate_redir_port(ac1, av1);
- av1 += 2; ac1 -= 2;
+ av1 += 2;
+ ac1 -= 2;
/* Skip optional remoteIP/port */
if (ac1 != 0 isdigit(**av1)) {
- av1++; ac1--;
+ av1++;
+ ac1--;
}
break;
case TOK_REDIR_PROTO:
@@ -794,13 +802,16 @@ ipfw_config_nat(int ac, char **av)
errx(EX_DATAERR, redirect_proto:
not enough arguments);
len += sizeof(struct cfg_redir);
- av1 += 2; ac1 -= 2;
+ av1 += 2;
+ ac1 -= 2;
/* Skip optional remoteIP/port */
if (ac1 != 0 isdigit(**av1)) {
- av1++; ac1--;
+ av1++;
+ ac1--;
}
if (ac1 != 0 isdigit(**av1)) {
- av1++; ac1--;
+ av1++;
+ ac1--;
}
break;
default:
@@ -819,7 +830,8 @@ ipfw_config_nat(int ac, char **av)
while (ac 0) {
tok = match_token(nat_params, *av);
- ac--; av++;
+ ac--;
+ av++;
switch (tok) {
case TOK_IP:
if (ac == 0)
@@ -827,13 +839,15 @@ ipfw_config_nat(int ac, char **av)
if (!inet_aton(av[0], (n-ip)))
errx(EX_DATAERR, bad ip address ``%s'',
av[0]);
- ac--; av++;
+ ac--;
+ av++;
break;
case TOK_IF:
if (ac == 0)
errx(EX_DATAERR, missing option);
set_addr_dynamic(av[0], n);
- ac--; av++;
+ ac--;
+ av++;
break;
case TOK_ALOG:
n-mode |= PKT_ALIAS_LOG;
@@ -912,7 +926,8 @@ ipfw_show_nat(int ac, char **av)
data = NULL;
frule = 0;
lrule = IPFW_DEFAULT_RULE; /* max ipfw rule number */
- ac--; av++;
+ ac--;
+ av++;
if (co.test_only)
return;
svn commit: r223593 - in head/sys: modules/ipdivert netinet netinet/ipfw
Author: glebius
Date: Mon Jun 27 12:21:11 2011
New Revision: 223593
URL: http://svn.freebsd.org/changeset/base/223593
Log:
Add possibility to pass IPv6 packets to a divert(4) socket.
Submitted by: sem
Modified:
head/sys/modules/ipdivert/Makefile
head/sys/netinet/ip_divert.c
head/sys/netinet/ipfw/ip_fw_pfil.c
Modified: head/sys/modules/ipdivert/Makefile
==
--- head/sys/modules/ipdivert/Makefile Mon Jun 27 11:49:58 2011
(r223592)
+++ head/sys/modules/ipdivert/Makefile Mon Jun 27 12:21:11 2011
(r223593)
@@ -3,6 +3,11 @@
.PATH: ${.CURDIR}/../../netinet
KMOD= ipdivert
-SRCS= ip_divert.c
+SRCS= ip_divert.c opt_inet6.h
+
+.if !defined(KERNBUILDDIR)
+opt_inet6.h:
+ echo #define INET6 1 ${.TARGET}
+.endif
.include bsd.kmod.mk
Modified: head/sys/netinet/ip_divert.c
==
--- head/sys/netinet/ip_divert.cMon Jun 27 11:49:58 2011
(r223592)
+++ head/sys/netinet/ip_divert.cMon Jun 27 12:21:11 2011
(r223593)
@@ -37,6 +37,7 @@ __FBSDID($FreeBSD$);
#error IPDIVERT requires INET.
#endif
#endif
+#include opt_inet6.h
#include sys/param.h
#include sys/kernel.h
@@ -62,6 +63,10 @@ __FBSDID($FreeBSD$);
#include netinet/in_var.h
#include netinet/ip.h
#include netinet/ip_var.h
+#ifdef INET6
+#include netinet/ip6.h
+#include netinet6/ip6_var.h
+#endif
#ifdef SCTP
#include netinet/sctp_crc32.h
#endif
@@ -312,10 +317,10 @@ static int
div_output(struct socket *so, struct mbuf *m, struct sockaddr_in *sin,
struct mbuf *control)
{
+ struct ip *const ip = mtod(m, struct ip *);
struct m_tag *mtag;
struct ipfw_rule_ref *dt;
int error = 0;
- struct mbuf *options;
/*
* An mbuf may hasn't come from userland, but we pretend
@@ -367,71 +372,103 @@ div_output(struct socket *so, struct mbu
/* Reinject packet into the system as incoming or outgoing */
if (!sin || sin-sin_addr.s_addr == 0) {
- struct ip *const ip = mtod(m, struct ip *);
+ struct mbuf *options = NULL;
struct inpcb *inp;
dt-info |= IPFW_IS_DIVERT | IPFW_INFO_OUT;
inp = sotoinpcb(so);
INP_RLOCK(inp);
- /*
-* Don't allow both user specified and setsockopt options,
-* and don't allow packet length sizes that will crash
-*/
- if (((ip-ip_hl != (sizeof (*ip) 2)) inp-inp_options) ||
-((u_short)ntohs(ip-ip_len) m-m_pkthdr.len)) {
- error = EINVAL;
- INP_RUNLOCK(inp);
- m_freem(m);
- } else {
+ switch (ip-ip_v) {
+ case IPVERSION:
+ /*
+* Don't allow both user specified and setsockopt
+* options, and don't allow packet length sizes that
+* will crash.
+*/
+ if ip-ip_hl 2) != sizeof(struct ip))
+ inp-inp_options != NULL) ||
+ ((u_short)ntohs(ip-ip_len) m-m_pkthdr.len)) {
+ error = EINVAL;
+ INP_RUNLOCK(inp);
+ goto cantsend;
+ }
+
/* Convert fields to host order for ip_output() */
ip-ip_len = ntohs(ip-ip_len);
ip-ip_off = ntohs(ip-ip_off);
+ break;
+#ifdef INET6
+ case IPV6_VERSION 4:
+ {
+ struct ip6_hdr *const ip6 = mtod(m, struct ip6_hdr *);
+
+ /* Don't allow packet length sizes that will crash */
+ if (((u_short)ntohs(ip6-ip6_plen) m-m_pkthdr.len)) {
+ error = EINVAL;
+ INP_RUNLOCK(inp);
+ goto cantsend;
+ }
- /* Send packet to output processing */
- KMOD_IPSTAT_INC(ips_rawout);/* XXX */
+ ip6-ip6_plen = ntohs(ip6-ip6_plen);
+ }
+#endif
+ default:
+ error = EINVAL;
+ INP_RUNLOCK(inp);
+ goto cantsend;
+ }
+
+ /* Send packet to output processing */
+ KMOD_IPSTAT_INC(ips_rawout);/* XXX */
#ifdef MAC
- mac_inpcb_create_mbuf(inp, m);
+ mac_inpcb_create_mbuf(inp, m);
#endif
- /*
-* Get ready to inject the packet into ip_output().
-*
svn commit: r223706 - head/sys/netgraph/netflow
Author: glebius
Date: Fri Jul 1 08:27:03 2011
New Revision: 223706
URL: http://svn.freebsd.org/changeset/base/223706
Log:
Fix double free.
Submitted by: Alexander V. Chernikov melifaro ipfw.ru
Modified:
head/sys/netgraph/netflow/netflow_v9.c
Modified: head/sys/netgraph/netflow/netflow_v9.c
==
--- head/sys/netgraph/netflow/netflow_v9.c Fri Jul 1 03:29:49 2011
(r223705)
+++ head/sys/netgraph/netflow/netflow_v9.c Fri Jul 1 08:27:03 2011
(r223706)
@@ -398,7 +398,6 @@ get_export9_dgram(priv_p priv, fib_expor
item = ng_package_data(m, NG_NOFLAGS);
if (item == NULL) {
- m_free(m);
free(t, M_NETFLOW_GENERAL);
return (NULL);
}
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r223761 - head/sys/netgraph
Author: glebius
Date: Mon Jul 4 13:55:55 2011
New Revision: 223761
URL: http://svn.freebsd.org/changeset/base/223761
Log:
Fix build with NETGRAPH_DEBUG.
Modified:
head/sys/netgraph/netgraph.h
Modified: head/sys/netgraph/netgraph.h
==
--- head/sys/netgraph/netgraph.hMon Jul 4 12:19:09 2011
(r223760)
+++ head/sys/netgraph/netgraph.hMon Jul 4 13:55:55 2011
(r223761)
@@ -493,11 +493,11 @@ _ng_node_ref(node_p node, char *file, in
_NG_NODE_REF(node);
}
-static __inline int
+static __inline void
_ng_node_unref(node_p node, char *file, int line)
{
_chknode(node, file, line);
- return (_NG_NODE_UNREF(node));
+ _NG_NODE_UNREF(node);
}
static __inline void
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r223768 - head/sys/netgraph
Author: glebius Date: Mon Jul 4 20:50:09 2011 New Revision: 223768 URL: http://svn.freebsd.org/changeset/base/223768 Log: Fix build with NETGRAPH_DEBUG. Modified: head/sys/netgraph/netgraph.h Modified: head/sys/netgraph/netgraph.h == --- head/sys/netgraph/netgraph.hMon Jul 4 19:51:26 2011 (r223767) +++ head/sys/netgraph/netgraph.hMon Jul 4 20:50:09 2011 (r223768) @@ -442,7 +442,7 @@ static __inline char * _ng_node_name(nod static __inline int _ng_node_has_name(node_p node, char *file, int line); static __inline ng_ID_t _ng_node_id(node_p node, char *file, int line); static __inline void _ng_node_ref(node_p node, char *file, int line); -static __inline int _ng_node_unref(node_p node, char *file, int line); +static __inline void _ng_node_unref(node_p node, char *file, int line); static __inline void _ng_node_set_private(node_p node, void * val, char *file, int line); static __inline void * _ng_node_private(node_p node, char *file, int line); ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r223788 - head/usr.sbin/flowctl
Author: glebius
Date: Tue Jul 5 14:50:06 2011
New Revision: 223788
URL: http://svn.freebsd.org/changeset/base/223788
Log:
Rewrite the flowctl utility to add it support for displaying
both IPv4 and IPv4 flows.
Modified:
head/usr.sbin/flowctl/Makefile
head/usr.sbin/flowctl/flowctl.c
Modified: head/usr.sbin/flowctl/Makefile
==
--- head/usr.sbin/flowctl/Makefile Tue Jul 5 14:48:39 2011
(r223787)
+++ head/usr.sbin/flowctl/Makefile Tue Jul 5 14:50:06 2011
(r223788)
@@ -2,6 +2,8 @@
# $FreeBSD$
#
+.include bsd.own.mk
+
PROG= flowctl
MAN= flowctl.8
@@ -9,4 +11,10 @@ WARNS?= 2
DPADD= ${LIBNETGRAPH}
LDADD= -lnetgraph
+.if ${MK_INET6_SUPPORT} != no
+CFLAGS+= -DINET6
+.endif
+
+CFLAGS+= -I.
+
.include bsd.prog.mk
Modified: head/usr.sbin/flowctl/flowctl.c
==
--- head/usr.sbin/flowctl/flowctl.c Tue Jul 5 14:48:39 2011
(r223787)
+++ head/usr.sbin/flowctl/flowctl.c Tue Jul 5 14:50:06 2011
(r223788)
@@ -46,6 +46,7 @@ static const char rcs_id[] =
#include stdio.h
#include stdlib.h
#include string.h
+#include sysexits.h
#include unistd.h
#include netgraph.h
@@ -54,21 +55,32 @@ static const char rcs_id[] =
#defineCISCO_SH_FLOW_HEADERSrcIf SrcIPaddressDstIf
DstIPaddressPr SrcP DstP Pkts\n
#defineCISCO_SH_FLOW %-13s %-15s %-13s %-15s %2u %4.4x %4.4x %6lu\n
+#defineCISCO_SH_FLOW6_HEADER SrcIf SrcIPaddress
DstIf DstIPaddress Pr SrcP DstP Pkts\n
+#defineCISCO_SH_FLOW6 %-13s %-30s %-13s %-30s %2u %4.4x %4.4x %6lu\n
+
#defineCISCO_SH_VERB_FLOW_HEADER SrcIf SrcIPaddressDstIf
DstIPaddressPr TOS Flgs Pkts\n \
Port Msk ASPort Msk ASNextHop B/Pk
Active\n
#defineCISCO_SH_VERB_FLOW %-14s %-15s %-14s %-15s %2u %3x %4x %6lu\n
\
%4.4x /%-2u %-5u %4.4x /%-2u %-5u %-15s %9u %8u\n\n
-static int flow_cache_print(struct ngnf_flows *recs);
-static int flow_cache_print_verbose(struct ngnf_flows *recs);
-static int ctl_show(int, char **);
+#defineCISCO_SH_VERB_FLOW6_HEADER SrcIf SrcIPaddress
DstIf DstIPaddress Pr TOS Flgs Pkts\n \
+Port Msk ASPort Msk ASNextHop
B/Pk Active\n
+
+#defineCISCO_SH_VERB_FLOW6 %-14s %-30s %-14s %-30s %2u %3x %4x
%6lu\n \
+ %4.4x /%-2u %-5u %4.4x /%-2u %-5u %-30s %9u %8u\n\n
+static void flow_cache_print(struct ngnf_show_header *resp);
+static void flow_cache_print6(struct ngnf_show_header *resp);
+static void flow_cache_print_verbose(struct ngnf_show_header *resp);
+static void flow_cache_print6_verbose(struct ngnf_show_header *resp);
+static void ctl_show(int, char **);
+static void do_show(int, void (*func)(struct ngnf_show_header *));
static void help(void);
static void execute_command(int, char **);
struct ip_ctl_cmd {
char*cmd_name;
- int (*cmd_func)(int argc, char **argv);
+ void(*cmd_func)(int argc, char **argv);
};
struct ip_ctl_cmd cmds[] = {
@@ -77,7 +89,7 @@ struct ip_ctl_cmd cmds[] = {
};
intcs;
-char ng_nodename[NG_PATHSIZ];
+char *ng_path;
int
main(int argc, char **argv)
@@ -85,7 +97,6 @@ main(int argc, char **argv)
int c;
char sname[NG_NODESIZ];
int rcvbuf = SORCVBUF_SIZE;
- char*ng_name;
/* parse options */
while ((c = getopt(argc, argv, d:)) != -1) {
@@ -98,14 +109,12 @@ main(int argc, char **argv)
argc -= optind;
argv += optind;
- ng_name = argv[0];
- if (ng_name == NULL)
+ ng_path = argv[0];
+ if (ng_path == NULL || (strlen(ng_path) NG_PATHSIZ))
help();
argc--;
argv++;
- snprintf(ng_nodename, sizeof(ng_nodename), %s:, ng_name);
-
/* create control socket. */
snprintf(sname, sizeof(sname), flowctl%i, getpid());
@@ -145,74 +154,99 @@ execute_command(int argc, char **argv)
(*cmds[cindex].cmd_func)(argc, argv);
}
-static int
+static void
ctl_show(int argc, char **argv)
{
- struct ng_mesg *ng_mesg;
- struct ngnf_flows *data;
- char path[NG_PATHSIZ];
- int token, nread, last = 0;
- int verbose = 0;
+ int ipv4 = 1, ipv6 = 1, verbose = 0;
+
+ if (argc 0 !strncmp(argv[0], ipv4, 4)) {
+ ipv6 = 0;
+ argc--;
+ argv++;
+ }
+ if (argc 0 !strncmp(argv[0], ipv6, 4)) {
+ ipv4 = 0;
+ argc--;
+ argv++;
+ }
if (argc 0 !strncmp(argv[0], verbose, strlen(argv[0])))
verbose = 1;
+ if (ipv4) {
+
svn commit: r223787 - head/sys/netgraph/netflow
Author: glebius
Date: Tue Jul 5 14:48:39 2011
New Revision: 223787
URL: http://svn.freebsd.org/changeset/base/223787
Log:
o Eliminate flow6_hash_entry in favor of flow_hash_entry. We don't need
a separate struct to start a slist of semi-opaque structs. This
makes some code more compact.
o Rewrite ng_netflow_flow_show() and its API/ABI:
- Support for IPv6 is added.
- Request and response now use same struct. Structure specifies
version (6 or 4), index of last retrieved hash, and also index
of last retrieved entry in the hash entry.
Modified:
head/sys/netgraph/netflow/netflow.c
head/sys/netgraph/netflow/ng_netflow.c
head/sys/netgraph/netflow/ng_netflow.h
Modified: head/sys/netgraph/netflow/netflow.c
==
--- head/sys/netgraph/netflow/netflow.c Tue Jul 5 14:12:48 2011
(r223786)
+++ head/sys/netgraph/netflow/netflow.c Tue Jul 5 14:48:39 2011
(r223787)
@@ -100,7 +100,7 @@ static int export_send(priv_p, fib_expor
static int hash_insert(priv_p, struct flow_hash_entry *, struct flow_rec *,
int, uint8_t);
#ifdef INET6
-static int hash6_insert(priv_p, struct flow6_hash_entry *, struct flow6_rec *,
int, uint8_t);
+static int hash6_insert(priv_p, struct flow_hash_entry *, struct flow6_rec *,
int, uint8_t);
#endif
static __inline void expire_flow(priv_p, fib_export_p, struct flow_entry *,
int);
@@ -412,7 +412,7 @@ hash_insert(priv_p priv, struct flow_has
bitcount32((x).__u6_addr.__u6_addr32[3])
/* XXX: Do we need inline here ? */
static __inline int
-hash6_insert(priv_p priv, struct flow6_hash_entry *hsh6, struct flow6_rec *r,
+hash6_insert(priv_p priv, struct flow_hash_entry *hsh6, struct flow6_rec *r,
int plen, uint8_t tcp_flags)
{
struct flow6_entry *fle6;
@@ -491,7 +491,7 @@ hash6_insert(priv_p priv, struct flow6_h
}
/* Push new flow at the and of hash. */
- TAILQ_INSERT_TAIL(hsh6-head, fle6, fle6_hash);
+ TAILQ_INSERT_TAIL(hsh6-head, (struct flow_entry *)fle6, fle_hash);
return (0);
}
@@ -507,9 +507,6 @@ void
ng_netflow_cache_init(priv_p priv)
{
struct flow_hash_entry *hsh;
-#ifdef INET6
- struct flow6_hash_entry *hsh6;
-#endif
int i;
/* Initialize cache UMA zone. */
@@ -534,13 +531,13 @@ ng_netflow_cache_init(priv_p priv)
#ifdef INET6
/* Allocate hash. */
- priv-hash6 = malloc(NBUCKETS * sizeof(struct flow6_hash_entry),
+ priv-hash6 = malloc(NBUCKETS * sizeof(struct flow_hash_entry),
M_NETFLOW_HASH, M_WAITOK | M_ZERO);
/* Initialize hash. */
- for (i = 0, hsh6 = priv-hash6; i NBUCKETS; i++, hsh6++) {
- mtx_init(hsh6-mtx, hash mutex, NULL, MTX_DEF);
- TAILQ_INIT(hsh6-head);
+ for (i = 0, hsh = priv-hash6; i NBUCKETS; i++, hsh++) {
+ mtx_init(hsh-mtx, hash mutex, NULL, MTX_DEF);
+ TAILQ_INIT(hsh-head);
}
#endif
@@ -588,10 +585,6 @@ ng_netflow_cache_flush(priv_p priv)
{
struct flow_entry *fle, *fle1;
struct flow_hash_entry *hsh;
-#ifdef INET6
- struct flow6_entry *fle6, *fle61;
- struct flow6_hash_entry *hsh6;
-#endif
struct netflow_export_item exp;
fib_export_p fe;
int i;
@@ -610,11 +603,11 @@ ng_netflow_cache_flush(priv_p priv)
expire_flow(priv, fe, fle, NG_QUEUE);
}
#ifdef INET6
- for (hsh6 = priv-hash6, i = 0; i NBUCKETS; hsh6++, i++)
- TAILQ_FOREACH_SAFE(fle6, hsh6-head, fle6_hash, fle61) {
- TAILQ_REMOVE(hsh6-head, fle6, fle6_hash);
- fe = priv_to_fib(priv, fle6-f.r.fib);
- expire_flow(priv, fe, (struct flow_entry *)fle6,
NG_QUEUE);
+ for (hsh = priv-hash6, i = 0; i NBUCKETS; hsh++, i++)
+ TAILQ_FOREACH_SAFE(fle, hsh-head, fle_hash, fle1) {
+ TAILQ_REMOVE(hsh-head, fle, fle_hash);
+ fe = priv_to_fib(priv, fle-f.r.fib);
+ expire_flow(priv, fe, fle, NG_QUEUE);
}
#endif
@@ -629,8 +622,8 @@ ng_netflow_cache_flush(priv_p priv)
#ifdef INET6
uma_zdestroy(priv-zone6);
/* Destroy hash mutexes. */
- for (i = 0, hsh6 = priv-hash6; i NBUCKETS; i++, hsh6++)
- mtx_destroy(hsh6-mtx);
+ for (i = 0, hsh = priv-hash6; i NBUCKETS; i++, hsh++)
+ mtx_destroy(hsh-mtx);
/* Free hash memory. */
if (priv-hash6 != NULL)
@@ -790,8 +783,9 @@ int
ng_netflow_flow6_add(priv_p priv, fib_export_p fe, struct ip6_hdr *ip6,
caddr_t upper_ptr, uint8_t upper_proto,
uint8_t is_frag, unsigned int src_if_index)
{
- register struct flow6_entry *fle6 = NULL, *fle61;
- struct flow6_hash_entry *hsh6;
+ register struct flow_entry *fle =
svn commit: r223790 - head/usr.sbin/flowctl
Author: glebius Date: Tue Jul 5 14:55:17 2011 New Revision: 223790 URL: http://svn.freebsd.org/changeset/base/223790 Log: Update manual page. Mention IPv6 support, and notice that main argument isn't actually a node, but a netgraph path. Modified: head/usr.sbin/flowctl/flowctl.8 Modified: head/usr.sbin/flowctl/flowctl.8 == --- head/usr.sbin/flowctl/flowctl.8 Tue Jul 5 14:54:33 2011 (r223789) +++ head/usr.sbin/flowctl/flowctl.8 Tue Jul 5 14:55:17 2011 (r223790) @@ -24,7 +24,7 @@ .\ .\ $FreeBSD$ .\ -.Dd March 23, 2005 +.Dd July 5, 2011 .Dt FLOWCTL 8 .Os .Sh NAME @@ -35,7 +35,7 @@ control utility .Sh SYNOPSIS .Nm .Op Fl d Ar level -.Ar node command +.Ar path command .Sh DESCRIPTION The .Nm @@ -55,11 +55,16 @@ Currently, .Nm supports only one command. .Bl -tag -width .Cm show -.It Cm show +.It Cm show Op Cm ipv4|ipv6 This command is the analog of the .Dq show ip cache flow command of a Cisco router. It dumps the contents of the flow cache in Cisco-like format. +Specifing either +.Cm ipv4 +or +.Cm ipv6 +would extract only IPv4 or IPv6 flows respectively. It has optional parameter .Cm verbose , which is analog of the ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r223822 - head/sys/netgraph/netflow
Author: glebius
Date: Wed Jul 6 09:43:25 2011
New Revision: 223822
URL: http://svn.freebsd.org/changeset/base/223822
Log:
Add missing unlocks.
Modified:
head/sys/netgraph/netflow/netflow.c
Modified: head/sys/netgraph/netflow/netflow.c
==
--- head/sys/netgraph/netflow/netflow.c Wed Jul 6 07:13:28 2011
(r223821)
+++ head/sys/netgraph/netflow/netflow.c Wed Jul 6 09:43:25 2011
(r223822)
@@ -970,6 +970,7 @@ struct ngnf_show_header *resp)
if (hsh-mtx.mtx_lock MTX_CONTESTED) {
resp-hash_id = i;
resp-list_id = list_id;
+ mtx_unlock(hsh-mtx);
return (0);
}
@@ -1001,6 +1002,7 @@ struct ngnf_show_header *resp)
* we simply skip to next hash_id.
*/
resp-list_id = list_id + 1;
+ mtx_unlock(hsh-mtx);
return (0);
}
}
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r224031 - head/sys/netgraph
Author: glebius
Date: Thu Jul 14 18:38:10 2011
New Revision: 224031
URL: http://svn.freebsd.org/changeset/base/224031
Log:
In ng_attach_cntl() first allocate things that may fail, and then
do the rest of initialization. This simplifies code and fixes
a double free in failure scenario.
Reviewed by: bz
Modified:
head/sys/netgraph/ng_socket.c
Modified: head/sys/netgraph/ng_socket.c
==
--- head/sys/netgraph/ng_socket.c Thu Jul 14 18:37:10 2011
(r224030)
+++ head/sys/netgraph/ng_socket.c Thu Jul 14 18:38:10 2011
(r224031)
@@ -525,33 +525,32 @@ ng_attach_cntl(struct socket *so)
{
struct ngsock *priv;
struct ngpcb *pcbp;
+ node_p node;
int error;
- /* Allocate node private info */
- priv = malloc(sizeof(*priv), M_NETGRAPH_SOCK, M_WAITOK | M_ZERO);
-
/* Setup protocol control block */
- if ((error = ng_attach_common(so, NG_CONTROL)) != 0) {
- free(priv, M_NETGRAPH_SOCK);
+ if ((error = ng_attach_common(so, NG_CONTROL)) != 0)
return (error);
- }
pcbp = sotongpcb(so);
- /* Link the pcb the private data. */
- priv-ctlsock = pcbp;
- pcbp-sockdata = priv;
- priv-refs++;
-
- /* Initialize mutex. */
- mtx_init(priv-mtx, ng_socket, NULL, MTX_DEF);
-
/* Make the generic node components */
- if ((error = ng_make_node_common(typestruct, priv-node)) != 0) {
- free(priv, M_NETGRAPH_SOCK);
+ if ((error = ng_make_node_common(typestruct, node)) != 0) {
ng_detach_common(pcbp, NG_CONTROL);
return (error);
}
+ /* Allocate node private info */
+ priv = malloc(sizeof(*priv), M_NETGRAPH_SOCK, M_WAITOK | M_ZERO);
+
+ /* Initialize mutex. */
+ mtx_init(priv-mtx, ng_socket, NULL, MTX_DEF);
+
+ /* Link the pcb the private data. */
+ priv-ctlsock = pcbp;
+ pcbp-sockdata = priv;
+ priv-refs++;
+ priv-node = node;
+
/* Store a hint for netstat(1). */
priv-node_id = priv-node-nd_ID;
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r224546 - head/sys/kern
Author: glebius Date: Sun Jul 31 13:49:15 2011 New Revision: 224546 URL: http://svn.freebsd.org/changeset/base/224546 Log: Don't leak kld_sx lock in kldunloadf(). Approved by: re (kib) Modified: head/sys/kern/kern_linker.c Modified: head/sys/kern/kern_linker.c == --- head/sys/kern/kern_linker.c Sun Jul 31 13:35:25 2011(r224545) +++ head/sys/kern/kern_linker.c Sun Jul 31 13:49:15 2011(r224546) @@ -1116,8 +1116,9 @@ kern_kldunload(struct thread *td, int fi PMC_CALL_HOOK(td, PMC_FN_KLD_UNLOAD, (void *) pkm); KLD_UNLOCK_READ(); } else -#else KLD_UNLOCK(); +#else + KLD_UNLOCK(); #endif CURVNET_RESTORE(); return (error); ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r224575 - head/sys/netinet
Author: glebius Date: Mon Aug 1 13:41:38 2011 New Revision: 224575 URL: http://svn.freebsd.org/changeset/base/224575 Log: Add missing break; in r223593. Submitted by: sem Pointy hat to:glebius Approved by: re (kib) Modified: head/sys/netinet/ip_divert.c Modified: head/sys/netinet/ip_divert.c == --- head/sys/netinet/ip_divert.cMon Aug 1 13:40:48 2011 (r224574) +++ head/sys/netinet/ip_divert.cMon Aug 1 13:41:38 2011 (r224575) @@ -410,6 +410,7 @@ div_output(struct socket *so, struct mbu } ip6-ip6_plen = ntohs(ip6-ip6_plen); + break; } #endif default: ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r224879 - head/share/man/man4
Author: glebius
Date: Mon Aug 15 12:08:41 2011
New Revision: 224879
URL: http://svn.freebsd.org/changeset/base/224879
Log:
Describe how carp(4) status changes can be processed with
help of devd(8).
Submitted by: Alexander V. Chernikov melifaro ipfw.ru
Approved by: re (kib)
Modified:
head/share/man/man4/carp.4
Modified: head/share/man/man4/carp.4
==
--- head/share/man/man4/carp.4 Mon Aug 15 09:26:53 2011(r224878)
+++ head/share/man/man4/carp.4 Mon Aug 15 12:08:41 2011(r224879)
@@ -25,7 +25,7 @@
.\
.\ $FreeBSD$
.\
-.Dd January 5, 2010
+.Dd August 15, 2011
.Dt CARP 4
.Os
.Sh NAME
@@ -168,6 +168,25 @@ forwarded to its destination, and destin
than the state information is packed and synced with the second router.
If the reply would be load balanced to second router, it will be
dropped due to no state.
+.Sh STATE CHANGE NOTIFICATIONS
+Sometimes it is useful to get notified about
+.Nm
+status change events.
+This can be accomplished by using
+.Xr devd 8
+hooks.
+Master/slave events are signalled as
+.Nm
+interface
+.Dv LINK_UP
+or
+.Dv LINK_DOWN
+event.
+Please see
+.Xr devd.conf 5
+and
+.Sx EXAMPLES
+section for more information.
.Sh EXAMPLES
For firewalls and routers with multiple interfaces, it is desirable to
failover all of the
@@ -249,6 +268,25 @@ This way, locally connected systems will
subsequent IP traffic will be balanced among the hosts.
If one of the hosts fails, the other will take over the virtual MAC address,
and begin answering ARP requests on its behalf.
+.Pp
+Processing of
+.Nm
+status change events can be set up by using the following devd.conf rules:
+.Bd -literal -offset indent
+notify 0 {
+ match system IFNET;
+ match typeLINK_UP;
+ match subsystem carp*;
+ action /root/carpcontrol.sh $type $subsystem;
+};
+
+notify 0 {
+ match system IFNET;
+ match typeLINK_UP;
+ match subsystem carp*;
+ action /root/carpcontrol.sh $type $subsystem;
+};
+.Ed
.Sh SEE ALSO
.Xr inet 4 ,
.Xr pfsync 4 ,
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r224883 - head/share/man/man4
Author: glebius
Date: Mon Aug 15 13:33:28 2011
New Revision: 224883
URL: http://svn.freebsd.org/changeset/base/224883
Log:
Fix a couple of issues in last commit.
Submitted by: maxim
Approved by: re (kib)
Modified:
head/share/man/man4/carp.4
Modified: head/share/man/man4/carp.4
==
--- head/share/man/man4/carp.4 Mon Aug 15 13:33:14 2011(r224882)
+++ head/share/man/man4/carp.4 Mon Aug 15 13:33:28 2011(r224883)
@@ -282,7 +282,7 @@ notify 0 {
notify 0 {
match system IFNET;
- match typeLINK_UP;
+ match typeLINK_DOWN;
match subsystem carp*;
action /root/carpcontrol.sh $type $subsystem;
};
@@ -291,6 +291,7 @@ notify 0 {
.Xr inet 4 ,
.Xr pfsync 4 ,
.Xr rc.conf 5 ,
+.Xr devd.conf 5 ,
.Xr ifconfig 8 ,
.Xr sysctl 8
.Sh HISTORY
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r225586 - in head/sys: modules/netgraph/ipfw netgraph
On Sun, Oct 09, 2011 at 03:53:44PM +0400, Alexander V. Chernikov wrote:
A Understood. So can we use more descriptive ENOENT in code below?
A
A tag = m_tag_locate(m, MTAG_IPFW_RULE, 0, NULL);
A if (tag == NULL) {
A NG_FREE_M(m);
A return (EINVAL);/* XXX: find smth better */
A };
Let you decide that. However, you can first analyze other places in kernel,
where m_tag_locate() really should succeed but fails. After that you probably
would want to have the same error return value in all these places :)
A Please see an attached patch
Patch is ok from my view.
--
Totus tuus, Glebius.
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r225947 - head/sys/netinet
Qing,
[cced Bjoern as reviewer]
On Mon, Oct 03, 2011 at 07:51:19PM +, Qing Li wrote:
Q Author: qingli
Q Date: Mon Oct 3 19:51:18 2011
Q New Revision: 225947
Q URL: http://svn.freebsd.org/changeset/base/225947
Q
Q Log:
Q A system may have multiple physical interfaces, all of which are on the
Q same prefix. Since a single route entry is installed for the prefix
Q (without RADIX_MPATH), incoming packets on the interfaces that are not
Q associated with the prefix route may trigger an error message about
Q unable to allocation LLE entry, and fails L2. This patch makes sure a
Q valid route is present in the system, and allow the aforementioned
Q condition to exist and treats as valid.
Q
Q Reviewed by: bz
Q MFC after: 5 days
this commit together with r225946 makes the in_lltable_rtcheck()
quite difficult to understand.
What confuses me most, is that in lines 1435-1445 you are
assigning error to a positive value, BUT proceeding further
with function. Well, after third review it is clear, that
next if() case would definitely be true, and you would proceed
with return. But that is difficult to see from first glance.
I'd suggest to remove error variable, return immediately in
all error cases, and also the RTF_GATEWAY check can be shifted up,
since it is the most simple and the most usual to be true.
Also, in this commit you really do not need the __DECONST hacks.
Here is a snap, only compile-tested patch.
--
Totus tuus, Glebius.
Index: in.c
===
--- in.c (revision 226163)
+++ in.c (working copy)
@@ -1414,8 +1414,6 @@
in_lltable_rtcheck(struct ifnet *ifp, u_int flags, const struct sockaddr *l3addr)
{
struct rtentry *rt;
- struct ifnet *xifp;
- int error = 0;
KASSERT(l3addr-sa_family == AF_INET,
(sin_family %d, l3addr-sa_family));
@@ -1426,25 +1424,22 @@
if (rt == NULL)
return (EINVAL);
+ if (rt-rt_flags RTF_GATEWAY) {
+ RTFREE_LOCKED(rt);
+ return (EINVAL);
+ }
+
/*
* If the gateway for an existing host route matches the target L3
* address, which is a special route inserted by some implementation
* such as MANET, and the interface is of the correct type, then
* allow for ARP to proceed.
*/
- if (rt-rt_flags (RTF_GATEWAY | RTF_HOST)) {
- xifp = rt-rt_ifp;
-
- if (xifp (xifp-if_type != IFT_ETHER ||
- (xifp-if_flags (IFF_NOARP | IFF_STATICARP)) != 0))
- error = EINVAL;
-
- if (memcmp(rt-rt_gateway-sa_data, l3addr-sa_data,
- sizeof(in_addr_t)) != 0)
- error = EINVAL;
- }
-
- if (rt-rt_flags RTF_GATEWAY) {
+ if (rt-rt_flags RTF_HOST
+ ((rt-rt_ifp (rt-rt_ifp-if_type != IFT_ETHER ||
+ (rt-rt_ifp-if_flags (IFF_NOARP | IFF_STATICARP)) != 0)) ||
+ (memcmp(rt-rt_gateway-sa_data, l3addr-sa_data,
+ sizeof(in_addr_t)) != 0))) {
RTFREE_LOCKED(rt);
return (EINVAL);
}
@@ -1455,32 +1450,31 @@
* interfaces have the same prefix. An incoming packet arrives
* on one interface and the corresponding outgoing packet leaves
* another interface.
- *
*/
if (rt-rt_ifp != ifp) {
- char *sa, *mask, *addr, *lim;
+ const char *sa, *mask, *addr, *lim;
int len;
- sa = (char *)rt_key(rt);
- mask = (char *)rt_mask(rt);
- addr = (char *)__DECONST(struct sockaddr *, l3addr);
- len = ((struct sockaddr_in *)__DECONST(struct sockaddr *, l3addr))-sin_len;
+ sa = (const char *)rt_key(rt);
+ mask = (const char *)rt_mask(rt);
+ addr = (const char *)l3addr;
+ len = ((const struct sockaddr_in *)l3addr)-sin_len;
lim = addr + len;
for ( ; addr lim; sa++, mask++, addr++) {
if ((*sa ^ *addr) *mask) {
-error = EINVAL;
#ifdef DIAGNOSTIC
log(LOG_INFO, IPv4 address: \%s\ is not on the network\n,
inet_ntoa(((const struct sockaddr_in *)l3addr)-sin_addr));
#endif
-break;
+RTFREE_LOCKED(rt);
+return (EINVAL);
}
}
}
RTFREE_LOCKED(rt);
- return (error);
+ return (0);
}
/*
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r225947 - head/sys/netinet
On Sun, Oct 09, 2011 at 10:11:56PM -0700, Qing Li wrote: Q What confuses me most, is that in lines 1435-1445 you are Q assigning error to a positive value, BUT proceeding further Q with function. Q QThis is what was there before (meaning returning error immediately), Qbut I guess a couple of folks felt it looked a bit cluttered. QThis is mostly due to the fact the RTFREE_LOCKED() operation Qhas to be performed before returning. Well, we can assign error and then goto done label. Assigning error and continuing processing is confusing, isn't it? Q Well, after third review it is clear, that Q next if() case would definitely be true, and you would proceed Q with return. But that is difficult to see from first glance. Q QNot so, only for an indirect prefix route. Q Q I'd suggest to remove error variable, return immediately in Q all error cases, and also the RTF_GATEWAY check can be shifted up, Q since it is the most simple and the most usual to be true. Q Q Q No, the RTF_GATEWAY check cannot be shifted up because if we did Q that, the (indirect host route, with destination matching the gateway IP) Q would never be executed, if when that set of conditions are true, which is Q allowed and the reason for the patch in the first place. Can you elaborate on that please? As far as I see, any rtentry that has RTF_GATEWAY would return with EINVAL. The first if() clause doesn't do any actual processing, only checking flags and memcmp()ing. The third clause either. The error is never reset to 0. So, I don't see any difference in returning EINVAL for RTF_GATEWAY immediately or later after other checks. -- Totus tuus, Glebius. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r226224 - head/sys/netinet
Qing, On Mon, Oct 10, 2011 at 05:41:11PM +, Qing Li wrote: Q Author: qingli Q Date: Mon Oct 10 17:41:11 2011 Q New Revision: 226224 Q URL: http://svn.freebsd.org/changeset/base/226224 Q Q Log: Q All indirect routes will fail the rtcheck, except for a special host Q route where the destination IP and the gateway IP is the same. This Q special case handling is only meant for backward compatibility reason. Q The last commit introduced a bug in the route check logic, where a Q valid special case is treated as an error. This patch fixes that bug Q along with some code cleanup. Q Q Suggested by: gleb Q Reviewed by: kmacy, discussed with gleb Q MFC after: 1 day Looks like you have committed a slightly different patch to stable/8 in r226230. Is that okay? Also, you haven't awaited even one day, while our policy suggests at least 3 days before MFC, and 3 days is actually a delay for critical fixes. P.S. Now I am not the only Gleb at FreeBSD.org community. Recently Gleb Kurtsou joined us, and his login name is exactly gleb, while mine is glebius. So, your commit may be confusing to later reviewers of VCS history. -- Totus tuus, Glebius. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r226263 - head/share/man/man4
Author: glebius Date: Tue Oct 11 15:41:07 2011 New Revision: 226263 URL: http://svn.freebsd.org/changeset/base/226263 Log: Properly document default number of rx/tx descriptors for Intel cards. Modified: head/share/man/man4/em.4 head/share/man/man4/igb.4 Modified: head/share/man/man4/em.4 == --- head/share/man/man4/em.4Tue Oct 11 15:04:58 2011(r226262) +++ head/share/man/man4/em.4Tue Oct 11 15:41:07 2011(r226263) @@ -31,7 +31,7 @@ .\ .\ $FreeBSD$ .\ -.Dd May 14, 2010 +.Dd October 11, 2010 .Dt EM 4 .Os .Sh NAME @@ -199,12 +199,14 @@ prompt before booting the kernel or stor .Bl -tag -width indent .It Va hw.em.rxd Number of receive descriptors allocated by the driver. -The default value is 256. +The default value is 1024 for adapters newer than 82547, +and 256 for older ones. The 82542 and 82543-based adapters can handle up to 256 descriptors, while others can have up to 4096. .It Va hw.em.txd Number of transmit descriptors allocated by the driver. -The default value is 256. +The default value is 1024 for adapters newer than 82547, +and 256 for older ones. The 82542 and 82543-based adapters can handle up to 256 descriptors, while others can have up to 4096. .It Va hw.em.rx_int_delay Modified: head/share/man/man4/igb.4 == --- head/share/man/man4/igb.4 Tue Oct 11 15:04:58 2011(r226262) +++ head/share/man/man4/igb.4 Tue Oct 11 15:41:07 2011(r226263) @@ -31,7 +31,7 @@ .\ .\ $FreeBSD$ .\ -.Dd May 14, 2010 +.Dd October 11, 2011 .Dt IGB 4 .Os .Sh NAME @@ -151,11 +151,11 @@ prompt before booting the kernel or stor .Bl -tag -width indent .It Va hw.igb.rxd Number of receive descriptors allocated by the driver. -The default value is 256. +The default value is 1024. The minimum is 80, and the maximum is 4096. .It Va hw.igb.txd Number of transmit descriptors allocated by the driver. -The default value is 256. +The default value is 1024. The minimum is 80, and the maximum is 4096. .It Va hw.igb.enable_aim If set to 1, enable Adaptive Interrupt Moderation. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r226264 - head/share/man/man4
Author: glebius Date: Tue Oct 11 18:26:31 2011 New Revision: 226264 URL: http://svn.freebsd.org/changeset/base/226264 Log: Fix date in last commit. Noticed by: Larry Rosenman ler lerctr.org Modified: head/share/man/man4/em.4 Modified: head/share/man/man4/em.4 == --- head/share/man/man4/em.4Tue Oct 11 15:41:07 2011(r226263) +++ head/share/man/man4/em.4Tue Oct 11 18:26:31 2011(r226264) @@ -31,7 +31,7 @@ .\ .\ $FreeBSD$ .\ -.Dd October 11, 2010 +.Dd October 11, 2011 .Dt EM 4 .Os .Sh NAME ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r226313 - in head/sys: kern vm
Author: glebius
Date: Wed Oct 12 18:08:28 2011
New Revision: 226313
URL: http://svn.freebsd.org/changeset/base/226313
Log:
Make memguard(9) capable to guard uma(9) allocations.
Modified:
head/sys/kern/kern_malloc.c
head/sys/vm/memguard.c
head/sys/vm/memguard.h
head/sys/vm/uma.h
head/sys/vm/uma_core.c
Modified: head/sys/kern/kern_malloc.c
==
--- head/sys/kern/kern_malloc.c Wed Oct 12 17:57:57 2011(r226312)
+++ head/sys/kern/kern_malloc.c Wed Oct 12 18:08:28 2011(r226313)
@@ -458,7 +458,7 @@ malloc(unsigned long size, struct malloc
(malloc(M_WAITOK) in interrupt context));
#ifdef DEBUG_MEMGUARD
- if (memguard_cmp(mtp, size)) {
+ if (memguard_cmp_mtp(mtp, size)) {
va = memguard_alloc(size, flags);
if (va != NULL)
return (va);
Modified: head/sys/vm/memguard.c
==
--- head/sys/vm/memguard.c Wed Oct 12 17:57:57 2011(r226312)
+++ head/sys/vm/memguard.c Wed Oct 12 18:08:28 2011(r226313)
@@ -56,6 +56,7 @@ __FBSDID($FreeBSD$);
#include vm/vm_map.h
#include vm/vm_object.h
#include vm/vm_extern.h
+#include vm/uma_int.h
#include vm/memguard.h
SYSCTL_NODE(_vm, OID_AUTO, memguard, CTLFLAG_RW, NULL, MemGuard data);
@@ -125,15 +126,17 @@ SYSCTL_ULONG(_vm_memguard, OID_AUTO, fai
SYSCTL_ULONG(_vm_memguard, OID_AUTO, fail_pgs, CTLFLAG_RD,
memguard_fail_pgs, 0, MemGuard failures due to lack of pages);
-#define MG_GUARD 0x001
-#define MG_ALLLARGE0x002
-static int memguard_options = MG_GUARD;
+#define MG_GUARD_AROUND0x001
+#define MG_GUARD_ALLLARGE 0x002
+#define MG_GUARD_NOFREE0x004
+static int memguard_options = MG_GUARD_AROUND;
TUNABLE_INT(vm.memguard.options, memguard_options);
SYSCTL_INT(_vm_memguard, OID_AUTO, options, CTLFLAG_RW,
memguard_options, 0,
MemGuard options:\n
\t0x001 - add guard pages around each allocation\n
-\t0x002 - always use MemGuard for allocations over a page);
+\t0x002 - always use MemGuard for allocations over a page\n
+\t0x004 - guard uma(9) zones with UMA_ZONE_NOFREE flag);
static u_int memguard_minsize;
static u_long memguard_minsize_reject;
@@ -282,7 +285,7 @@ memguard_alloc(unsigned long req_size, i
* value.
*/
size_v = size_p;
- do_guard = (memguard_options MG_GUARD) != 0;
+ do_guard = (memguard_options MG_GUARD_AROUND) != 0;
if (do_guard)
size_v += 2 * PAGE_SIZE;
@@ -429,21 +432,32 @@ memguard_realloc(void *addr, unsigned lo
return (newaddr);
}
-int
-memguard_cmp(struct malloc_type *mtp, unsigned long size)
+static int
+memguard_cmp(unsigned long size)
{
if (size memguard_minsize) {
memguard_minsize_reject++;
return (0);
}
- if ((memguard_options MG_ALLLARGE) != 0 size = PAGE_SIZE)
+ if ((memguard_options MG_GUARD_ALLLARGE) != 0 size = PAGE_SIZE)
return (1);
if (memguard_frequency 0
(random() % 10) memguard_frequency) {
memguard_frequency_hits++;
return (1);
}
+
+ return (0);
+}
+
+int
+memguard_cmp_mtp(struct malloc_type *mtp, unsigned long size)
+{
+
+ if (memguard_cmp(size))
+ return(1);
+
#if 1
/*
* The safest way of comparsion is to always compare short description
@@ -467,3 +481,21 @@ memguard_cmp(struct malloc_type *mtp, un
return (0);
#endif
}
+
+int
+memguard_cmp_zone(uma_zone_t zone)
+{
+
+if ((memguard_options MG_GUARD_NOFREE) == 0
+ zone-uz_flags UMA_ZONE_NOFREE)
+ return (0);
+
+ if (memguard_cmp(zone-uz_size))
+ return (1);
+
+ /*
+* The safest way of comparsion is to always compare zone name,
+* but it is also the slowest way.
+*/
+ return (strcmp(zone-uz_name, vm_memguard_desc) == 0);
+}
Modified: head/sys/vm/memguard.h
==
--- head/sys/vm/memguard.h Wed Oct 12 17:57:57 2011(r226312)
+++ head/sys/vm/memguard.h Wed Oct 12 18:08:28 2011(r226313)
@@ -40,7 +40,8 @@ void memguard_init(struct vm_map *);
void *memguard_alloc(unsigned long, int);
void *memguard_realloc(void *, unsigned long, struct malloc_type *, int);
void memguard_free(void *);
-intmemguard_cmp(struct malloc_type *, unsigned long);
+intmemguard_cmp_mtp(struct malloc_type *, unsigned long);
+intmemguard_cmp_zone(uma_zone_t);
intis_memguard_addr(void *);
#else
#definememguard_fudge(size, xxx) (size)
@@ -48,7 +49,8 @@ int is_memguard_addr(void *);
#definememguard_alloc(size, flags) NULL
#define
svn commit: r226314 - head/share/man/man9
Author: glebius Date: Wed Oct 12 18:46:48 2011 New Revision: 226314 URL: http://svn.freebsd.org/changeset/base/226314 Log: Document that memguard(9) now can guard uma(9) allocations. Modified: head/share/man/man9/memguard.9 Modified: head/share/man/man9/memguard.9 == --- head/share/man/man9/memguard.9 Wed Oct 12 18:08:28 2011 (r226313) +++ head/share/man/man9/memguard.9 Wed Oct 12 18:46:48 2011 (r226314) @@ -24,7 +24,7 @@ .\ .\ $FreeBSD$ .\ -.Dd August 2, 2010 +.Dd October 12, 2011 .Dt MEMGUARD 9 .Os .Sh NAME @@ -39,7 +39,6 @@ to help detect tamper-after-free scenari These problems are more and more common and likely with multithreaded kernels where race conditions are more prevalent. .Pp -Currently, .Nm can take over .Fn malloc , @@ -47,8 +46,19 @@ can take over and .Fn free for a single malloc type. +Alternatively .Nm -can also guard all allocations larger than +can take over +.Fn uma_zalloc , +.Fn uma_zalloc_arg +and +.Fn uma_free +for a single +.Xr uma +zone. +Also +.Nm +can guard all allocations larger than .Dv PAGE_SIZE , and can guard a random fraction of all allocations. There is also a knob to prevent allocations smaller than a specified @@ -72,7 +82,10 @@ sysctl vm.memguard.desc=memory_type .Pp Where .Ar memory_type -is a short description of the memory type to monitor. +can be either a short description of the memory type to monitor, +either name of +.Xr uma 9 +zone. Only allocations from that .Ar memory_type made after @@ -86,13 +99,28 @@ will potentially be guarded once the .Xr sysctl 8 is set. Existing guarded allocations will still be properly released by -.Xr free 9 . +either +.Xr free 9 +or +.Xr uma_zfree 9 , +depending on what kind of allocation was taken over. .Pp -The short description of a +To determine short description of a .Xr malloc 9 -type is the second argument to -.Xr MALLOC_DEFINE 9 , -so one has to find it in the kernel source. +type one can either take it from the first column of +.Xr vmstat 8 Fl m +output, or to find it in the kernel source. +It is the second argument to +.Xr MALLOC_DEFINE 9 +macro. +To determine name of +.Xr uma 9 +zone one can either take it from the first column of +.Xr vmstat 8 Fl z +output, or to find it in the kernel source. +It is the first argument to the +.Xr uma_zcreate 9 +function. .Pp The .Va vm.memguard.divisor @@ -142,12 +170,24 @@ or larger if .Va vm.memguard.options has the 2 bit set. This option is off by default. +By default +.Nm +doesn't guard those +.Xr uma 9 +zones that have been initialized with the +.Dv UMA_ZONE_NOFREE +flag set, since it can produce false positives on them. +However, this safety measure can be turned off by setting bit 3 +of the +.Va vm.memguard.options +tunable. .Sh SEE ALSO .Xr sysctl 8 , .Xr vmstat 8 , .Xr contigmalloc 9 , .Xr malloc 9 , -.Xr redzone 9 +.Xr redzone 9 , +.Xr uma 9 .Sh HISTORY .Nm first appeared in @@ -161,8 +201,6 @@ This manual page was originally written .An Christian Brueffer Aq bruef...@freebsd.org . Additions have been made by .An Matthew Fleming Aq m...@freebsd.org +and +.An Gleb Smirnoff Aq gleb...@freebsd.org to both the implementation and the documentation. -.Sh BUGS -Currently, it is not possible to override UMA -.Xr zone 9 -allocations. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r226338 - head/sys/netinet6
Author: glebius
Date: Thu Oct 13 13:05:36 2011
New Revision: 226338
URL: http://svn.freebsd.org/changeset/base/226338
Log:
Restore functions in6_ifaddloop() and in6_ifremloop() that were
inlined by Qing Li in his big new-ARP commit. I am going to utilize
them in my newcarp work, and also these functions left declared
in in6_var.h for all the time they were absent.
Reviewed by: bz
Modified:
head/sys/netinet6/in6.c
Modified: head/sys/netinet6/in6.c
==
--- head/sys/netinet6/in6.c Thu Oct 13 09:21:49 2011(r226337)
+++ head/sys/netinet6/in6.c Thu Oct 13 13:05:36 2011(r226338)
@@ -136,7 +136,89 @@ static void in6_unlink_ifa(struct in6_if
int(*faithprefix_p)(struct in6_addr *);
+#define ifa2ia6(ifa) ((struct in6_ifaddr *)(ifa))
+#define ia62ifa(ia6) (((ia6)-ia_ifa))
+
+void
+in6_ifaddloop(struct ifaddr *ifa)
+{
+ struct sockaddr_dl gateway;
+ struct sockaddr_in6 mask, addr;
+ struct rtentry rt;
+ struct in6_ifaddr *ia;
+ struct ifnet *ifp;
+ struct llentry *ln;
+
+ ia = ifa2ia6(ifa);
+ ifp = ifa-ifa_ifp;
+ IF_AFDATA_LOCK(ifp);
+ ifa-ifa_rtrequest = NULL;
+
+ /* XXX QL
+* we need to report rt_newaddrmsg
+*/
+ ln = lla_lookup(LLTABLE6(ifp), (LLE_CREATE | LLE_IFADDR |
+ LLE_EXCLUSIVE), (struct sockaddr *)ia-ia_addr);
+ IF_AFDATA_UNLOCK(ifp);
+ if (ln != NULL) {
+ ln-la_expire = 0; /* for IPv6 this means permanent */
+ ln-ln_state = ND6_LLINFO_REACHABLE;
+ /*
+* initialize for rtmsg generation
+*/
+ bzero(gateway, sizeof(gateway));
+ gateway.sdl_len = sizeof(gateway);
+ gateway.sdl_family = AF_LINK;
+ gateway.sdl_nlen = 0;
+ gateway.sdl_alen = 6;
+ memcpy(gateway.sdl_data, ln-ll_addr.mac_aligned,
+ sizeof(ln-ll_addr));
+ LLE_WUNLOCK(ln);
+ }
+
+ bzero(rt, sizeof(rt));
+ rt.rt_gateway = (struct sockaddr *)gateway;
+ memcpy(mask, ia-ia_prefixmask, sizeof(ia-ia_prefixmask));
+ memcpy(addr, ia-ia_addr, sizeof(ia-ia_addr));
+ rt_mask(rt) = (struct sockaddr *)mask;
+ rt_key(rt) = (struct sockaddr *)addr;
+ rt.rt_flags = RTF_UP | RTF_HOST | RTF_STATIC;
+ rt_newaddrmsg(RTM_ADD, ifa, 0, rt);
+}
+
+void
+in6_ifremloop(struct ifaddr *ifa)
+{
+ struct sockaddr_dl gateway;
+ struct sockaddr_in6 mask, addr;
+ struct rtentry rt0;
+ struct in6_ifaddr *ia;
+ struct ifnet *ifp;
+ ia = ifa2ia6(ifa);
+ ifp = ifa-ifa_ifp;
+ IF_AFDATA_LOCK(ifp);
+ lla_lookup(LLTABLE6(ifp), (LLE_DELETE | LLE_IFADDR),
+ (struct sockaddr *)ia-ia_addr);
+ IF_AFDATA_UNLOCK(ifp);
+
+ /*
+* initialize for rtmsg generation
+*/
+ bzero(gateway, sizeof(gateway));
+ gateway.sdl_len = sizeof(gateway);
+ gateway.sdl_family = AF_LINK;
+ gateway.sdl_nlen = 0;
+ gateway.sdl_alen = ifp-if_addrlen;
+ bzero(rt0, sizeof(rt0));
+ rt0.rt_gateway = (struct sockaddr *)gateway;
+ memcpy(mask, ia-ia_prefixmask, sizeof(ia-ia_prefixmask));
+ memcpy(addr, ia-ia_addr, sizeof(ia-ia_addr));
+ rt_mask(rt0) = (struct sockaddr *)mask;
+ rt_key(rt0) = (struct sockaddr *)addr;
+ rt0.rt_flags = RTF_HOST | RTF_STATIC;
+ rt_newaddrmsg(RTM_DELETE, ifa, 0, rt0);
+}
int
in6_mask2len(struct in6_addr *mask, u_char *lim0)
@@ -174,9 +256,6 @@ in6_mask2len(struct in6_addr *mask, u_ch
return x * 8 + y;
}
-#define ifa2ia6(ifa) ((struct in6_ifaddr *)(ifa))
-#define ia62ifa(ia6) (((ia6)-ia_ifa))
-
#ifdef COMPAT_FREEBSD32
struct in6_ndifreq32 {
char ifname[IFNAMSIZ];
@@ -1218,9 +1297,6 @@ in6_purgeaddr(struct ifaddr *ifa)
struct in6_ifaddr *ia = (struct in6_ifaddr *) ifa;
struct in6_multi_mship *imm;
struct sockaddr_in6 mltaddr, mltmask;
- struct rtentry rt0;
- struct sockaddr_dl gateway;
- struct sockaddr_in6 mask, addr;
int plen, error;
struct rtentry *rt;
struct ifaddr *ifa0, *nifa;
@@ -1259,28 +1335,7 @@ in6_purgeaddr(struct ifaddr *ifa)
/* stop DAD processing */
nd6_dad_stop(ifa);
- IF_AFDATA_LOCK(ifp);
- lla_lookup(LLTABLE6(ifp), (LLE_DELETE | LLE_IFADDR),
- (struct sockaddr *)ia-ia_addr);
- IF_AFDATA_UNLOCK(ifp);
-
- /*
-* initialize for rtmsg generation
-*/
- bzero(gateway, sizeof(gateway));
- gateway.sdl_len = sizeof(gateway);
- gateway.sdl_family = AF_LINK;
- gateway.sdl_nlen = 0;
- gateway.sdl_alen = ifp-if_addrlen;
- /* */
- bzero(rt0, sizeof(rt0));
- rt0.rt_gateway = (struct sockaddr *)gateway;
- memcpy(mask, ia-ia_prefixmask,
svn commit: r226339 - head/sys/netinet
Author: glebius
Date: Thu Oct 13 13:30:41 2011
New Revision: 226339
URL: http://svn.freebsd.org/changeset/base/226339
Log:
De-spl(9).
Modified:
head/sys/netinet/in.c
Modified: head/sys/netinet/in.c
==
--- head/sys/netinet/in.c Thu Oct 13 13:05:36 2011(r226338)
+++ head/sys/netinet/in.c Thu Oct 13 13:30:41 2011(r226339)
@@ -845,7 +845,7 @@ in_ifinit(struct ifnet *ifp, struct in_i
{
register u_long i = ntohl(sin-sin_addr.s_addr);
struct sockaddr_in oldaddr;
- int s = splimp(), flags = RTF_UP, error = 0;
+ int flags = RTF_UP, error = 0;
oldaddr = ia-ia_addr;
if (oldaddr.sin_family == AF_INET)
@@ -865,7 +865,6 @@ in_ifinit(struct ifnet *ifp, struct in_i
if (ifp-if_ioctl != NULL) {
error = (*ifp-if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia);
if (error) {
- splx(s);
/* LIST_REMOVE(ia, ia_hash) is done in in_control */
ia-ia_addr = oldaddr;
IN_IFADDR_WLOCK();
@@ -884,7 +883,6 @@ in_ifinit(struct ifnet *ifp, struct in_i
return (error);
}
}
- splx(s);
if (scrub) {
ia-ia_ifa.ifa_addr = (struct sockaddr *)oldaddr;
in_ifscrub(ifp, ia, LLE_STATIC);
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r226340 - head/sys/netinet6
Author: glebius
Date: Thu Oct 13 13:33:23 2011
New Revision: 226340
URL: http://svn.freebsd.org/changeset/base/226340
Log:
Use TAILQ_FOREACH() in the nd6_dad_find() instead of hand-rolled
implementation.
Modified:
head/sys/netinet6/nd6_nbr.c
Modified: head/sys/netinet6/nd6_nbr.c
==
--- head/sys/netinet6/nd6_nbr.c Thu Oct 13 13:30:41 2011(r226339)
+++ head/sys/netinet6/nd6_nbr.c Thu Oct 13 13:33:23 2011(r226340)
@@ -1167,11 +1167,11 @@ nd6_dad_find(struct ifaddr *ifa)
{
struct dadq *dp;
- for (dp = V_dadq.tqh_first; dp; dp = dp-dad_list.tqe_next) {
+ TAILQ_FOREACH(dp, V_dadq, dad_list)
if (dp-dad_ifa == ifa)
- return dp;
- }
- return NULL;
+ return (dp);
+
+ return (NULL);
}
static void
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r226367 - head/sys/netinet
Author: glebius
Date: Fri Oct 14 19:05:26 2011
New Revision: 226367
URL: http://svn.freebsd.org/changeset/base/226367
Log:
Never switch directly from INIT to MASTER, since this produces
nasty status flaps.
PR: kern/161123
Submitted by: Damien Fleuriot dam my.gd
OpenBSD: ip_carp.c, rev. 1.115
Modified:
head/sys/netinet/ip_carp.c
Modified: head/sys/netinet/ip_carp.c
==
--- head/sys/netinet/ip_carp.c Fri Oct 14 11:48:32 2011(r226366)
+++ head/sys/netinet/ip_carp.c Fri Oct 14 19:05:26 2011(r226367)
@@ -1424,24 +1424,10 @@ carp_setrun(struct carp_softc *sc, sa_fa
switch (sc-sc_state) {
case INIT:
- if (carp_opts[CARPCTL_PREEMPT] !carp_suppress_preempt) {
- carp_send_ad_locked(sc);
-#ifdef INET
- carp_send_arp(sc);
-#endif
-#ifdef INET6
- carp_send_na(sc);
-#endif /* INET6 */
- CARP_LOG(%s: INIT - MASTER (preempting)\n,
- SC2IFP(sc)-if_xname);
- carp_set_state(sc, MASTER);
- carp_setroute(sc, RTM_ADD);
- } else {
- CARP_LOG(%s: INIT - BACKUP\n, SC2IFP(sc)-if_xname);
- carp_set_state(sc, BACKUP);
- carp_setroute(sc, RTM_DELETE);
- carp_setrun(sc, 0);
- }
+ CARP_LOG(%s: INIT - BACKUP\n, SC2IFP(sc)-if_xname);
+ carp_set_state(sc, BACKUP);
+ carp_setroute(sc, RTM_DELETE);
+ carp_setrun(sc, 0);
break;
case BACKUP:
callout_stop(sc-sc_ad_tmo);
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r226401 - head/sys/netinet
Author: glebius
Date: Sat Oct 15 16:28:06 2011
New Revision: 226401
URL: http://svn.freebsd.org/changeset/base/226401
Log:
Remove last remnants of classful addressing:
- Remove ia_net, ia_netmask, ia_netbroadcast from struct in_ifaddr.
- Remove net.inet.ip.subnetsarelocal, I bet no one need it in 2011.
- fix bug when we were not forwarding to a host which matches classful
net address. For example router having 192.168.x.y/16 network attached,
would not forward traffic to 192.168.*.0, which are legal IPs in
CIDR world.
- For compatibility, leave autoguessing of mask based on class.
Reviewed by: andre, bz, rwatson
Modified:
head/sys/netinet/in.c
head/sys/netinet/in_debug.c
head/sys/netinet/in_var.h
head/sys/netinet/ip_input.c
Modified: head/sys/netinet/in.c
==
--- head/sys/netinet/in.c Sat Oct 15 16:18:35 2011(r226400)
+++ head/sys/netinet/in.c Sat Oct 15 16:28:06 2011(r226401)
@@ -76,11 +76,6 @@ static int in_ifinit(struct ifnet *,
struct in_ifaddr *, struct sockaddr_in *, int);
static voidin_purgemaddrs(struct ifnet *);
-static VNET_DEFINE(int, subnetsarelocal);
-#defineV_subnetsarelocal VNET(subnetsarelocal)
-SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, subnets_are_local, CTLFLAG_RW,
- VNET_NAME(subnetsarelocal), 0,
- Treat all subnets as directly connected);
static VNET_DEFINE(int, sameprefixcarponly);
#defineV_sameprefixcarponlyVNET(sameprefixcarponly)
SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, same_prefix_carp_only, CTLFLAG_RW,
@@ -95,9 +90,7 @@ VNET_DECLARE(struct arpstat, arpstat);
/*
* Return 1 if an internet address is for a ``local'' host
- * (one to which we have a connection). If subnetsarelocal
- * is true, this includes other subnets of the local net.
- * Otherwise, it includes only the directly-connected (sub)nets.
+ * (one to which we have a connection).
*/
int
in_localaddr(struct in_addr in)
@@ -106,19 +99,10 @@ in_localaddr(struct in_addr in)
register struct in_ifaddr *ia;
IN_IFADDR_RLOCK();
- if (V_subnetsarelocal) {
- TAILQ_FOREACH(ia, V_in_ifaddrhead, ia_link) {
- if ((i ia-ia_netmask) == ia-ia_net) {
- IN_IFADDR_RUNLOCK();
- return (1);
- }
- }
- } else {
- TAILQ_FOREACH(ia, V_in_ifaddrhead, ia_link) {
- if ((i ia-ia_subnetmask) == ia-ia_subnet) {
- IN_IFADDR_RUNLOCK();
- return (1);
- }
+ TAILQ_FOREACH(ia, V_in_ifaddrhead, ia_link) {
+ if ((i ia-ia_subnetmask) == ia-ia_subnet) {
+ IN_IFADDR_RUNLOCK();
+ return (1);
}
}
IN_IFADDR_RUNLOCK();
@@ -888,23 +872,19 @@ in_ifinit(struct ifnet *ifp, struct in_i
in_ifscrub(ifp, ia, LLE_STATIC);
ia-ia_ifa.ifa_addr = (struct sockaddr *)ia-ia_addr;
}
- if (IN_CLASSA(i))
- ia-ia_netmask = IN_CLASSA_NET;
- else if (IN_CLASSB(i))
- ia-ia_netmask = IN_CLASSB_NET;
- else
- ia-ia_netmask = IN_CLASSC_NET;
/*
-* The subnet mask usually includes at least the standard network part,
-* but may may be smaller in the case of supernetting.
-* If it is set, we believe it.
+* Be compatible with network classes, if netmask isn't supplied,
+* guess it based on classes.
*/
if (ia-ia_subnetmask == 0) {
- ia-ia_subnetmask = ia-ia_netmask;
+ if (IN_CLASSA(i))
+ ia-ia_subnetmask = IN_CLASSA_NET;
+ else if (IN_CLASSB(i))
+ ia-ia_subnetmask = IN_CLASSB_NET;
+ else
+ ia-ia_subnetmask = IN_CLASSC_NET;
ia-ia_sockmask.sin_addr.s_addr = htonl(ia-ia_subnetmask);
- } else
- ia-ia_netmask = ia-ia_subnetmask;
- ia-ia_net = i ia-ia_netmask;
+ }
ia-ia_subnet = i ia-ia_subnetmask;
in_socktrim(ia-ia_sockmask);
/*
@@ -919,8 +899,6 @@ in_ifinit(struct ifnet *ifp, struct in_i
if (ifp-if_flags IFF_BROADCAST) {
ia-ia_broadaddr.sin_addr.s_addr =
htonl(ia-ia_subnet | ~ia-ia_subnetmask);
- ia-ia_netbroadcast.s_addr =
- htonl(ia-ia_net | ~ ia-ia_netmask);
} else if (ifp-if_flags IFF_LOOPBACK) {
ia-ia_dstaddr = ia-ia_addr;
flags |= RTF_HOST;
@@ -1251,11 +1229,10 @@ in_broadcast(struct in_addr in, struct i
TAILQ_FOREACH(ifa, ifp-if_addrhead, ifa_link)
if (ifa-ifa_addr-sa_family == AF_INET
svn commit: r226402 - head/sys/netinet
Author: glebius
Date: Sat Oct 15 18:41:25 2011
New Revision: 226402
URL: http://svn.freebsd.org/changeset/base/226402
Log:
Add support for IPv4 /31 prefixes, as described in RFC3021.
To run a /31 network, participating hosts MUST drop support
for directed broadcasts, and treat the first and last addresses
on subnet as unicast. The broadcast address for the prefix
should be the link local broadcast address, INADDR_BROADCAST.
Modified:
head/sys/netinet/in.c
head/sys/netinet/in.h
Modified: head/sys/netinet/in.c
==
--- head/sys/netinet/in.c Sat Oct 15 16:28:06 2011(r226401)
+++ head/sys/netinet/in.c Sat Oct 15 18:41:25 2011(r226402)
@@ -897,8 +897,11 @@ in_ifinit(struct ifnet *ifp, struct in_i
*/
ia-ia_ifa.ifa_metric = ifp-if_metric;
if (ifp-if_flags IFF_BROADCAST) {
- ia-ia_broadaddr.sin_addr.s_addr =
- htonl(ia-ia_subnet | ~ia-ia_subnetmask);
+ if (ia-ia_subnetmask == IN_RFC3021_MASK)
+ ia-ia_broadaddr.sin_addr.s_addr = INADDR_BROADCAST;
+ else
+ ia-ia_broadaddr.sin_addr.s_addr =
+ htonl(ia-ia_subnet | ~ia-ia_subnetmask);
} else if (ifp-if_flags IFF_LOOPBACK) {
ia-ia_dstaddr = ia-ia_addr;
flags |= RTF_HOST;
@@ -1230,9 +1233,11 @@ in_broadcast(struct in_addr in, struct i
if (ifa-ifa_addr-sa_family == AF_INET
(in.s_addr == ia-ia_broadaddr.sin_addr.s_addr ||
/*
- * Check for old-style (host 0) broadcast.
+ * Check for old-style (host 0) broadcast, but
+ * taking into account that RFC 3021 obsoletes it.
*/
-t == ia-ia_subnet)
+(ia-ia_subnetmask != IN_RFC3021_MASK
+t == ia-ia_subnet))
/*
* Check for an all one subnetmask. These
* only exist when an interface gets a secondary
Modified: head/sys/netinet/in.h
==
--- head/sys/netinet/in.h Sat Oct 15 16:28:06 2011(r226401)
+++ head/sys/netinet/in.h Sat Oct 15 18:41:25 2011(r226402)
@@ -392,6 +392,8 @@ __END_DECLS
#defineIN_LOOPBACKNET 127 /* official! */
+#defineIN_RFC3021_MASK (u_int32_t)0xfffe
+
/*
* Options for use with [gs]etsockopt at the IP level.
* First word of comment is data type; bool is stored in int.
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r226402 - head/sys/netinet
On Sat, Oct 15, 2011 at 11:51:21PM +0300, Nikolay Denev wrote: N Log: N Add support for IPv4 /31 prefixes, as described in RFC3021. N N To run a /31 network, participating hosts MUST drop support N for directed broadcasts, and treat the first and last addresses N on subnet as unicast. The broadcast address for the prefix N should be the link local broadcast address, INADDR_BROADCAST. ... N That's great! Thanks! N Any plans for MFC? Merged to stable/9. -- Totus tuus, Glebius. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r226609 - head/sys/contrib/pf/net
Author: glebius Date: Fri Oct 21 11:11:18 2011 New Revision: 226609 URL: http://svn.freebsd.org/changeset/base/226609 Log: In FreeBSD ip_output() expects ip_len and ip_off in host byte order PR: kern/159029 Modified: head/sys/contrib/pf/net/if_pfsync.c Modified: head/sys/contrib/pf/net/if_pfsync.c == --- head/sys/contrib/pf/net/if_pfsync.c Fri Oct 21 11:08:25 2011 (r226608) +++ head/sys/contrib/pf/net/if_pfsync.c Fri Oct 21 11:11:18 2011 (r226609) @@ -1959,7 +1959,11 @@ pfsyncioctl(struct ifnet *ifp, u_long cm ip-ip_hl = sizeof(sc-sc_template) 2; ip-ip_tos = IPTOS_LOWDELAY; /* len and id are set later */ +#ifdef __FreeBSD__ + ip-ip_off = IP_DF; +#else ip-ip_off = htons(IP_DF); +#endif ip-ip_ttl = PFSYNC_DFLTTL; ip-ip_p = IPPROTO_PFSYNC; ip-ip_src.s_addr = INADDR_ANY; @@ -2211,7 +2215,11 @@ pfsync_sendout(void) bcopy(sc-sc_template, ip, sizeof(*ip)); offset = sizeof(*ip); +#ifdef __FreeBSD__ + ip-ip_len = m-m_pkthdr.len; +#else ip-ip_len = htons(m-m_pkthdr.len); +#endif ip-ip_id = htons(ip_randomid()); /* build the pfsync header */ ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r226614 - head/share/man/man9
Author: glebius Date: Fri Oct 21 13:54:17 2011 New Revision: 226614 URL: http://svn.freebsd.org/changeset/base/226614 Log: Note that it is still not possible to guard special kind of allocations, those that have special relationships with uma(9). Currently only mbuf clusters. Modified: head/share/man/man9/memguard.9 Modified: head/share/man/man9/memguard.9 == --- head/share/man/man9/memguard.9 Fri Oct 21 13:53:06 2011 (r226613) +++ head/share/man/man9/memguard.9 Fri Oct 21 13:54:17 2011 (r226614) @@ -24,7 +24,7 @@ .\ .\ $FreeBSD$ .\ -.Dd October 12, 2011 +.Dd October 21, 2011 .Dt MEMGUARD 9 .Os .Sh NAME @@ -204,3 +204,17 @@ Additions have been made by and .An Gleb Smirnoff Aq gleb...@freebsd.org to both the implementation and the documentation. +.Sh BUGS +It is not possible to guard allocations that really expect theirselves to be +allocated from +.Xr uma 9 , +utilizing additional interfaces apart from +.Fn uma_zalloc +and +.Fn uma_free , +for example +.Fn uma_find_refcnt . +For the moment of writing only +.Xr mbuf 9 +cluster zones belong to that kind of allocations. +Attempt to guard them would lead to kernel panic. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r226619 - head/share/man/man9
Author: glebius Date: Fri Oct 21 20:23:40 2011 New Revision: 226619 URL: http://svn.freebsd.org/changeset/base/226619 Log: Spelling. Submitted by: dougb Modified: head/share/man/man9/memguard.9 Modified: head/share/man/man9/memguard.9 == --- head/share/man/man9/memguard.9 Fri Oct 21 14:23:59 2011 (r226618) +++ head/share/man/man9/memguard.9 Fri Oct 21 20:23:40 2011 (r226619) @@ -205,7 +205,7 @@ and .An Gleb Smirnoff Aq gleb...@freebsd.org to both the implementation and the documentation. .Sh BUGS -It is not possible to guard allocations that really expect theirselves to be +It is not possible to guard allocations that really expect themselves to be allocated from .Xr uma 9 , utilizing additional interfaces apart from ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r226623 - head/sys/contrib/pf/net
Author: glebius Date: Fri Oct 21 22:28:15 2011 New Revision: 226623 URL: http://svn.freebsd.org/changeset/base/226623 Log: Fix a race: we should update sc_len before dropping the pf lock, otherwise a number of packets can be queued on sc, while we are in ip_output(), and then we wipe the accumulated sc_len. On next pfsync_sendout() that would lead to writing beyond our mbuf cluster. Modified: head/sys/contrib/pf/net/if_pfsync.c Modified: head/sys/contrib/pf/net/if_pfsync.c == --- head/sys/contrib/pf/net/if_pfsync.c Fri Oct 21 22:12:24 2011 (r226622) +++ head/sys/contrib/pf/net/if_pfsync.c Fri Oct 21 22:28:15 2011 (r226623) @@ -2354,6 +2354,7 @@ pfsync_sendout(void) sc-sc_if.if_obytes += m-m_pkthdr.len; #endif + sc-sc_len = PFSYNC_MINPKT; #ifdef __FreeBSD__ PF_UNLOCK(); #endif @@ -2375,9 +2376,6 @@ pfsync_sendout(void) #ifdef __FreeBSD__ } #endif - - /* start again */ - sc-sc_len = PFSYNC_MINPKT; } void ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r226655 - head/sys/contrib/pf/net
Author: glebius
Date: Sun Oct 23 10:05:25 2011
New Revision: 226655
URL: http://svn.freebsd.org/changeset/base/226655
Log:
Correct flag for uma_zalloc() is M_WAITOK. M_WAIT is an old and
deprecated flag from historical mbuf(9) allocator.
This is style only change.
Modified:
head/sys/contrib/pf/net/pfvar.h
Modified: head/sys/contrib/pf/net/pfvar.h
==
--- head/sys/contrib/pf/net/pfvar.h Sun Oct 23 09:08:42 2011
(r226654)
+++ head/sys/contrib/pf/net/pfvar.h Sun Oct 23 10:05:25 2011
(r226655)
@@ -222,7 +222,7 @@ struct pfi_dynaddr {
#definePF_NAME pf
#definePR_NOWAIT M_NOWAIT
-#definePR_WAITOK M_WAIT
+#definePR_WAITOK M_WAITOK
#definePR_ZERO M_ZERO
#definepool_get(p, f) uma_zalloc(*(p), (f))
#definepool_put(p, o) uma_zfree(*(p), (o))
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r226656 - head/sys/contrib/pf/net
Author: glebius Date: Sun Oct 23 10:13:20 2011 New Revision: 226656 URL: http://svn.freebsd.org/changeset/base/226656 Log: Absense of M_WAITOK in malloc flags for UMA doesn't equals presense of M_NOWAIT. Specify M_NOWAIT explicitly. This fixes sleeping with PF_LOCK(). Modified: head/sys/contrib/pf/net/if_pfsync.c Modified: head/sys/contrib/pf/net/if_pfsync.c == --- head/sys/contrib/pf/net/if_pfsync.c Sun Oct 23 10:05:25 2011 (r226655) +++ head/sys/contrib/pf/net/if_pfsync.c Sun Oct 23 10:13:20 2011 (r226656) @@ -762,7 +762,7 @@ pfsync_state_import(struct pfsync_state if (flags PFSYNC_SI_IOCTL) pool_flags = PR_WAITOK | PR_ZERO; else - pool_flags = PR_ZERO; + pool_flags = PR_NOWAIT | PR_ZERO; if ((st = pool_get(V_pf_state_pl, pool_flags)) == NULL) goto cleanup; ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r226660 - head/sys/contrib/pf/net
Author: glebius
Date: Sun Oct 23 14:59:54 2011
New Revision: 226660
URL: http://svn.freebsd.org/changeset/base/226660
Log:
Fix from r226623 is not sufficient to close all races in pfsync(4).
The root of problem is re-locking at the end of pfsync_sendout().
Several functions are calling pfsync_sendout() holding pointers
to pf data on stack, and these functions expect this data to be
consistent.
To fix this, the following approach was taken:
- The pfsync_sendout() doesn't call ip_output() directly, but
enqueues the mbuf on sc-sc_ifp's interfaces queue, that
is currently unused. Then pfsync netisr is scheduled. PF_LOCK
isn't dropped in pfsync_sendout().
- The netisr runs through queue and ip_output()s packets
on it.
Apart from fixing race, this also decouples stack, fixing
potential issues, that may happen, when sending pfsync(4)
packets on input path.
Reviewed by: eri (a quick review)
Modified:
head/sys/contrib/pf/net/if_pfsync.c
Modified: head/sys/contrib/pf/net/if_pfsync.c
==
--- head/sys/contrib/pf/net/if_pfsync.c Sun Oct 23 13:33:10 2011
(r226659)
+++ head/sys/contrib/pf/net/if_pfsync.c Sun Oct 23 14:59:54 2011
(r226660)
@@ -856,7 +856,11 @@ pfsync_state_import(struct pfsync_state
CLR(st-state_flags, PFSTATE_NOSYNC);
if (ISSET(st-state_flags, PFSTATE_ACK)) {
pfsync_q_ins(st, PFSYNC_S_IACK);
+#ifdef __FreeBSD__
+ pfsync_sendout();
+#else
schednetisr(NETISR_PFSYNC);
+#endif
}
}
CLR(st-state_flags, PFSTATE_ACK);
@@ -1312,7 +1316,11 @@ pfsync_in_upd(struct pfsync_pkt *pkt, st
V_pfsyncstats.pfsyncs_stale++;
pfsync_update_state(st);
+#ifdef __FreeBSD__
+ pfsync_sendout();
+#else
schednetisr(NETISR_PFSYNC);
+#endif
continue;
}
pfsync_alloc_scrub_memory(sp-dst, st-dst);
@@ -1418,7 +1426,11 @@ pfsync_in_upd_c(struct pfsync_pkt *pkt,
V_pfsyncstats.pfsyncs_stale++;
pfsync_update_state(st);
+#ifdef __FreeBSD__
+ pfsync_sendout();
+#else
schednetisr(NETISR_PFSYNC);
+#endif
continue;
}
pfsync_alloc_scrub_memory(up-dst, st-dst);
@@ -2146,6 +2158,7 @@ pfsync_sendout(void)
#endif
#ifdef __FreeBSD__
size_t pktlen;
+ int dummy_error;
#endif
int offset;
int q, count = 0;
@@ -2349,32 +2362,21 @@ pfsync_sendout(void)
#ifdef __FreeBSD__
sc-sc_ifp-if_opackets++;
sc-sc_ifp-if_obytes += m-m_pkthdr.len;
+ sc-sc_len = PFSYNC_MINPKT;
+
+ IFQ_ENQUEUE(sc-sc_ifp-if_snd, m, dummy_error);
+ schednetisr(NETISR_PFSYNC);
#else
sc-sc_if.if_opackets++;
sc-sc_if.if_obytes += m-m_pkthdr.len;
-#endif
- sc-sc_len = PFSYNC_MINPKT;
-#ifdef __FreeBSD__
- PF_UNLOCK();
-#endif
if (ip_output(m, NULL, NULL, IP_RAWOUTPUT, sc-sc_imo, NULL) == 0)
-#ifdef __FreeBSD__
- {
- PF_LOCK();
-#endif
- V_pfsyncstats.pfsyncs_opackets++;
-#ifdef __FreeBSD__
- }
-#endif
+ pfsyncstats.pfsyncs_opackets++;
else
-#ifdef __FreeBSD__
- {
- PF_LOCK();
-#endif
- V_pfsyncstats.pfsyncs_oerrors++;
-#ifdef __FreeBSD__
- }
+ pfsyncstats.pfsyncs_oerrors++;
+
+ /* start again */
+ sc-sc_len = PFSYNC_MINPKT;
#endif
}
@@ -2422,7 +2424,11 @@ pfsync_insert_state(struct pf_state *st)
pfsync_q_ins(st, PFSYNC_S_INS);
if (ISSET(st-state_flags, PFSTATE_ACK))
+#ifdef __FreeBSD__
+ pfsync_sendout();
+#else
schednetisr(NETISR_PFSYNC);
+#endif
else
st-sync_updates = 0;
}
@@ -2619,7 +2625,11 @@ pfsync_update_state(struct pf_state *st)
if (sync || (time_second - st-pfsync_time) 2) {
pfsync_upds++;
+#ifdef __FreeBSD__
+ pfsync_sendout();
+#else
schednetisr(NETISR_PFSYNC);
+#endif
}
}
@@ -2670,7 +2680,11 @@ pfsync_request_update(u_int32_t creatori
TAILQ_INSERT_TAIL(sc-sc_upd_req_list, item, ur_entry);
sc-sc_len += nlen;
+#ifdef __FreeBSD__
+ pfsync_sendout();
+#else
schednetisr(NETISR_PFSYNC);
+#endif
}
void
@@ -2699,7 +2713,11 @@ pfsync_update_state_req(struct pf_state
pfsync_q_del(st);
case PFSYNC_S_NONE:
pfsync_q_ins(st, PFSYNC_S_UPD);
+#ifdef __FreeBSD__
+ pfsync_sendout();
+#else
schednetisr(NETISR_PFSYNC);
+#endif
return;
case PFSYNC_S_INS:
@@ -3253,37 +3271,38 @@ pfsync_timeout(void *arg)
void
#ifdef
svn commit: r226661 - head/sys/contrib/pf/net
Author: glebius Date: Sun Oct 23 15:08:18 2011 New Revision: 226661 URL: http://svn.freebsd.org/changeset/base/226661 Log: - Fix a bad typo (FreeBSD specific) in pfsync_bulk_update(). Instead of scheduling next run pfsync_bulk_update(), pfsync_bulk_fail() was scheduled. This lead to instant 100% state leak after first bulk update request. - After above fix, it appeared that pfsync_bulk_update() lacks locking. To fix this, sc_bulk_tmo callout was converted to an mtx one. Eventually, all pf/pfsync callouts should be converted to mtx version, since it isn't possible to stop or drain a non-mtx callout without risk of race. - Add comment that callout_stop() in pfsync_clone_destroy() lacks locking. Since pfsync0 can't be destroyed (yet), let it be here. Modified: head/sys/contrib/pf/net/if_pfsync.c Modified: head/sys/contrib/pf/net/if_pfsync.c == --- head/sys/contrib/pf/net/if_pfsync.c Sun Oct 23 14:59:54 2011 (r226660) +++ head/sys/contrib/pf/net/if_pfsync.c Sun Oct 23 15:08:18 2011 (r226661) @@ -493,7 +493,7 @@ pfsync_clone_create(struct if_clone *ifc ifp-if_mtu = 1500; /* XXX */ #ifdef __FreeBSD__ callout_init(sc-sc_tmo, CALLOUT_MPSAFE); - callout_init(sc-sc_bulk_tmo, CALLOUT_MPSAFE); + callout_init_mtx(sc-sc_bulk_tmo, pf_task_mtx, 0); callout_init(sc-sc_bulkfail_tmo, CALLOUT_MPSAFE); #else ifp-if_hardmtu = MCLBYTES; /* XXX */ @@ -540,7 +540,7 @@ pfsync_clone_destroy(struct ifnet *ifp) #ifdef __FreeBSD__ EVENTHANDLER_DEREGISTER(ifnet_departure_event, sc-sc_detachtag); #endif - timeout_del(sc-sc_bulk_tmo); + timeout_del(sc-sc_bulk_tmo); /* XXX: need PF_LOCK() before */ timeout_del(sc-sc_tmo); #if NCARP 0 #ifdef notyet @@ -3061,7 +3061,7 @@ pfsync_bulk_update(void *arg) sc-sc_bulk_next = st; #ifdef __FreeBSD__ callout_reset(sc-sc_bulk_tmo, 1, - pfsync_bulk_fail, sc); + pfsync_bulk_update, sc); #else timeout_add(sc-sc_bulk_tmo, 1); #endif ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r226662 - head/sys/contrib/pf/net
Author: glebius Date: Sun Oct 23 15:10:15 2011 New Revision: 226662 URL: http://svn.freebsd.org/changeset/base/226662 Log: Fix indentation, no code changed. Modified: head/sys/contrib/pf/net/if_pfsync.c Modified: head/sys/contrib/pf/net/if_pfsync.c == --- head/sys/contrib/pf/net/if_pfsync.c Sun Oct 23 15:08:18 2011 (r226661) +++ head/sys/contrib/pf/net/if_pfsync.c Sun Oct 23 15:10:15 2011 (r226662) @@ -2006,8 +2006,8 @@ pfsyncioctl(struct ifnet *ifp, u_long cm #endif printf(pfsync: requesting bulk update\n); #ifdef __FreeBSD__ - callout_reset(sc-sc_bulkfail_tmo, 5 * hz, - pfsync_bulk_fail, V_pfsyncif); + callout_reset(sc-sc_bulkfail_tmo, 5 * hz, + pfsync_bulk_fail, V_pfsyncif); #else timeout_add_sec(sc-sc_bulkfail_tmo, 5); #endif ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r226663 - head/sys/contrib/pf/net
Author: glebius
Date: Sun Oct 23 15:15:17 2011
New Revision: 226663
URL: http://svn.freebsd.org/changeset/base/226663
Log:
Merge several fixes to bulk update processing from OpenBSD. Merged
revisions: 1.148, 1.149, 1.150. This makes number of states on
master/slave to be of a sane value.
Modified:
head/sys/contrib/pf/net/if_pfsync.c
Modified: head/sys/contrib/pf/net/if_pfsync.c
==
--- head/sys/contrib/pf/net/if_pfsync.c Sun Oct 23 15:10:15 2011
(r226662)
+++ head/sys/contrib/pf/net/if_pfsync.c Sun Oct 23 15:15:17 2011
(r226663)
@@ -3004,16 +3004,6 @@ pfsync_bulk_start(void)
struct pfsync_softc *sc = pfsyncif;
#endif
- sc-sc_ureq_received = time_uptime;
-
- if (sc-sc_bulk_next == NULL)
-#ifdef __FreeBSD__
- sc-sc_bulk_next = TAILQ_FIRST(V_state_list);
-#else
- sc-sc_bulk_next = TAILQ_FIRST(state_list);
-#endif
- sc-sc_bulk_last = sc-sc_bulk_next;
-
#ifdef __FreeBSD__
if (V_pf_status.debug = PF_DEBUG_MISC)
#else
@@ -3021,10 +3011,30 @@ pfsync_bulk_start(void)
#endif
printf(pfsync: received bulk update request\n);
+#ifdef __FreeBSD__
PF_LOCK();
- pfsync_bulk_status(PFSYNC_BUS_START);
- pfsync_bulk_update(sc);
+ if (TAILQ_EMPTY(V_state_list))
+#else
+ if (TAILQ_EMPTY(state_list))
+#endif
+ pfsync_bulk_status(PFSYNC_BUS_END);
+ else {
+ sc-sc_ureq_received = time_uptime;
+ if (sc-sc_bulk_next == NULL)
+#ifdef __FreeBSD__
+ sc-sc_bulk_next = TAILQ_FIRST(V_state_list);
+#else
+ sc-sc_bulk_next = TAILQ_FIRST(state_list);
+#endif
+ sc-sc_bulk_last = sc-sc_bulk_next;
+
+ pfsync_bulk_status(PFSYNC_BUS_START);
+ callout_reset(sc-sc_bulk_tmo, 1,
+ pfsync_bulk_update, sc);
+ }
+#ifdef __FreeBSD__
PF_UNLOCK();
+#endif
}
void
@@ -3041,7 +3051,7 @@ pfsync_bulk_update(void *arg)
#ifdef __FreeBSD__
CURVNET_SET(sc-sc_ifp-if_vnet);
#endif
- do {
+ for (;;) {
if (st-sync_state == PFSYNC_S_NONE
st-timeout PFTM_MAX
st-pfsync_time = sc-sc_ureq_received) {
@@ -3057,7 +3067,21 @@ pfsync_bulk_update(void *arg)
st = TAILQ_FIRST(state_list);
#endif
- if (i 0 TAILQ_EMPTY(sc-sc_qs[PFSYNC_S_UPD])) {
+ if (st == sc-sc_bulk_last) {
+ /* we're done */
+ sc-sc_bulk_next = NULL;
+ sc-sc_bulk_last = NULL;
+ pfsync_bulk_status(PFSYNC_BUS_END);
+ break;
+ }
+
+#ifdef __FreeBSD__
+ if (i 1 (sc-sc_ifp-if_mtu - sc-sc_len)
+#else
+ if (i 1 (sc-sc_if.if_mtu - sc-sc_len)
+#endif
+ sizeof(struct pfsync_state)) {
+ /* we've filled a packet */
sc-sc_bulk_next = st;
#ifdef __FreeBSD__
callout_reset(sc-sc_bulk_tmo, 1,
@@ -3065,16 +3089,10 @@ pfsync_bulk_update(void *arg)
#else
timeout_add(sc-sc_bulk_tmo, 1);
#endif
- goto out;
+ break;
}
- } while (st != sc-sc_bulk_last);
-
- /* we're done */
- sc-sc_bulk_next = NULL;
- sc-sc_bulk_last = NULL;
- pfsync_bulk_status(PFSYNC_BUS_END);
+ }
-out:
#ifdef __FreeBSD__
CURVNET_RESTORE();
#endif
@@ -3226,13 +3244,12 @@ pfsync_state_in_use(struct pf_state *st)
if (sc == NULL)
return (0);
- if (st-sync_state != PFSYNC_S_NONE)
+ if (st-sync_state != PFSYNC_S_NONE ||
+ st == sc-sc_bulk_next ||
+ st == sc-sc_bulk_last)
return (1);
- if (sc-sc_bulk_next == NULL sc-sc_bulk_last == NULL)
- return (0);
-
- return (1);
+ return (0);
}
u_int pfsync_ints;
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r226690 - head/usr.sbin/ypbind
Author: glebius Date: Mon Oct 24 14:35:31 2011 New Revision: 226690 URL: http://svn.freebsd.org/changeset/base/226690 Log: Protect NIS client with madvise(2) since this daemon is required for succesful authentication of users. Modified: head/usr.sbin/ypbind/ypbind.c Modified: head/usr.sbin/ypbind/ypbind.c == --- head/usr.sbin/ypbind/ypbind.c Mon Oct 24 14:23:40 2011 (r226689) +++ head/usr.sbin/ypbind/ypbind.c Mon Oct 24 14:35:31 2011 (r226690) @@ -34,6 +34,7 @@ __FBSDID($FreeBSD$); #include sys/types.h #include sys/wait.h #include sys/ioctl.h +#include sys/mman.h #include sys/signal.h #include sys/socket.h #include sys/file.h @@ -465,6 +466,9 @@ main(int argc, char *argv[]) openlog(argv[0], LOG_PID, LOG_DAEMON); + if (madvise(NULL, 0, MADV_PROTECT) != 0) + syslog(LOG_WARNING, madvise(): %m); + /* Kick off the default domain */ broadcast(ypbindlist); ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r219059 - head/sys/modules/usb
Author: glebius
Date: Sat Feb 26 17:22:11 2011
New Revision: 219059
URL: http://svn.freebsd.org/changeset/base/219059
Log:
Connect uep.ko to build
PR: kern/155044
Submitted by: Carl k0802647 telus.net
MFC after:1 week
Modified:
head/sys/modules/usb/Makefile
Modified: head/sys/modules/usb/Makefile
==
--- head/sys/modules/usb/Makefile Sat Feb 26 15:44:03 2011
(r219058)
+++ head/sys/modules/usb/Makefile Sat Feb 26 17:22:11 2011
(r219059)
@@ -28,7 +28,7 @@
SUBDIR = usb
SUBDIR += ehci musb ohci uhci xhci uss820dci ${_at91dci} ${_atmegadci}
SUBDIR += rum run uath upgt ural zyd ${_urtw}
-SUBDIR += atp uhid ukbd ums udbp ufm
+SUBDIR += atp uhid ukbd ums udbp ufm uep
SUBDIR += ucom u3g uark ubsa ubser uchcom ucycom ufoma uftdi ugensa uipaq ulpt
\
umct umodem umoscom uplcom uslcom uvisor uvscom
SUBDIR += uether aue axe cdce cue kue mos rue udav uhso ipheth
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r219182 - in head/sys: conf modules/netgraph/netflow netgraph/netflow
Author: glebius
Date: Wed Mar 2 16:15:11 2011
New Revision: 219182
URL: http://svn.freebsd.org/changeset/base/219182
Log:
Add support for NetFlow version 9 into ng_netflow(4) node.
Submitted by: Alexander V. Chernikov melifaro ipfw.ru
Added:
head/sys/netgraph/netflow/netflow_v9.c (contents, props changed)
head/sys/netgraph/netflow/netflow_v9.h (contents, props changed)
Modified:
head/sys/conf/files
head/sys/modules/netgraph/netflow/Makefile
head/sys/netgraph/netflow/netflow.c
head/sys/netgraph/netflow/netflow.h
head/sys/netgraph/netflow/ng_netflow.c
head/sys/netgraph/netflow/ng_netflow.h
Modified: head/sys/conf/files
==
--- head/sys/conf/files Wed Mar 2 16:06:57 2011(r219181)
+++ head/sys/conf/files Wed Mar 2 16:15:11 2011(r219182)
@@ -2556,6 +2556,7 @@ netgraph/bluetooth/socket/ng_btsocket_l2
netgraph/bluetooth/socket/ng_btsocket_rfcomm.c optional
netgraph_bluetooth_socket
netgraph/bluetooth/socket/ng_btsocket_sco.c optional netgraph_bluetooth_socket
netgraph/netflow/netflow.c optional netgraph_netflow
+netgraph/netflow/netflow_v9.c optional netgraph_netflow
netgraph/netflow/ng_netflow.c optional netgraph_netflow
netgraph/ng_UI.c optional netgraph_UI
netgraph/ng_async.coptional netgraph_async
Modified: head/sys/modules/netgraph/netflow/Makefile
==
--- head/sys/modules/netgraph/netflow/Makefile Wed Mar 2 16:06:57 2011
(r219181)
+++ head/sys/modules/netgraph/netflow/Makefile Wed Mar 2 16:15:11 2011
(r219182)
@@ -3,9 +3,22 @@
# Author: Gleb Smirnoff gleb...@freebsd.org
#
+.include bsd.own.mk
+
.PATH: ${.CURDIR}/../../../netgraph/netflow
KMOD= ng_netflow
-SRCS= ng_netflow.c netflow.c
+SRCS= ng_netflow.c netflow.c netflow_v9.c opt_inet6.h opt_route.h
+
+.if !defined(KERNBUILDDIR)
+
+.if ${MK_INET6_SUPPORT} != no
+opt_inet6.h:
+ echo #define INET6 1 ${.TARGET}
+.endif
+
+opt_route.h:
+ echo #define ROUTETABLES RT_MAXFIBS ${.TARGET}
+.endif
.include bsd.kmod.mk
Modified: head/sys/netgraph/netflow/netflow.c
==
--- head/sys/netgraph/netflow/netflow.c Wed Mar 2 16:06:57 2011
(r219181)
+++ head/sys/netgraph/netflow/netflow.c Wed Mar 2 16:15:11 2011
(r219182)
@@ -1,4 +1,5 @@
/*-
+ * Copyright (c) 2010-2011 Alexander V. Chernikov melif...@ipfw.ru
* Copyright (c) 2004-2005 Gleb Smirnoff gleb...@freebsd.org
* Copyright (c) 2001-2003 Roman V. Palagin rom...@unshadow.net
* All rights reserved.
@@ -30,6 +31,8 @@
static const char rcs_id[] =
@(#) $FreeBSD$;
+#include opt_inet6.h
+#include opt_route.h
#include sys/param.h
#include sys/kernel.h
#include sys/limits.h
@@ -37,14 +40,18 @@ static const char rcs_id[] =
#include sys/syslog.h
#include sys/systm.h
#include sys/socket.h
+#include sys/endian.h
#include machine/atomic.h
+#include machine/stdarg.h
#include net/if.h
#include net/route.h
+#include net/ethernet.h
#include netinet/in.h
#include netinet/in_systm.h
#include netinet/ip.h
+#include netinet/ip6.h
#include netinet/tcp.h
#include netinet/udp.h
@@ -52,6 +59,7 @@ static const char rcs_id[] =
#include netgraph/netgraph.h
#include netgraph/netflow/netflow.h
+#include netgraph/netflow/netflow_v9.h
#include netgraph/netflow/ng_netflow.h
#defineNBUCKETS(65536) /* must be power of 2 */
@@ -83,25 +91,28 @@ static const char rcs_id[] =
*/
#defineSMALL(fle) (fle-f.packets = 4)
-/*
- * Cisco uses milliseconds for uptime. Bad idea, since it overflows
- * every 48+ days. But we will do same to keep compatibility. This macro
- * does overflowable multiplication to 1000.
- */
-#defineMILLIUPTIME(t) (((t) 9) + /* 512 */ \
-((t) 8) + /* 256 */ \
-((t) 7) + /* 128 */ \
-((t) 6) + /* 64 */ \
-((t) 5) + /* 32 */ \
-((t) 3))/* 8 */
MALLOC_DECLARE(M_NETFLOW_HASH);
MALLOC_DEFINE(M_NETFLOW_HASH, netflow_hash, NetFlow hash);
static int export_add(item_p, struct flow_entry *);
-static int export_send(priv_p, item_p, int flags);
+static int export_send(priv_p, fib_export_p, item_p, int);
+
+static int hash_insert(priv_p, struct flow_hash_entry *, struct flow_rec *,
int, uint8_t);
+static int hash6_insert(priv_p, struct flow6_hash_entry *, struct flow6_rec *,
int, uint8_t);
+
+static __inline void expire_flow(priv_p, fib_export_p, struct flow_entry *,
int);
-/* Generate hash for a given flow record. */
+/*
+ * Generate hash for a given flow record.
+ *
+ * FIB is not used here, because:
+ * most VRFS will carry public IPv4 addresses which are unique even
+ * without FIB private addresses
svn commit: r219183 - head/share/man/man4
Author: glebius
Date: Wed Mar 2 16:16:09 2011
New Revision: 219183
URL: http://svn.freebsd.org/changeset/base/219183
Log:
Update manual: node now supports NetFlow v9.
Submitted by: Alexander V. Chernikov melifaro ipfw.ru
Modified:
head/share/man/man4/ng_netflow.4
Modified: head/share/man/man4/ng_netflow.4
==
--- head/share/man/man4/ng_netflow.4Wed Mar 2 16:15:11 2011
(r219182)
+++ head/share/man/man4/ng_netflow.4Wed Mar 2 16:16:09 2011
(r219183)
@@ -24,7 +24,7 @@
.\
.\ $FreeBSD$
.\
-.Dd October 8, 2008
+.Dd March 2, 2011
.Dt NG_NETFLOW 4
.Os
.Sh NAME
@@ -44,7 +44,7 @@ The
node listens for incoming traffic and identifies unique flows in it.
Flows are distinguished by endpoint IP addresses, TCP/UDP port numbers,
ToS and input interface.
-Expired flows are exported out of the node in NetFlow version 5 UDP datagrams.
+Expired flows are exported out of the node in NetFlow version 5/9 UDP
datagrams.
Expiration reason can be one of the following:
.Bl -dash
.It
@@ -59,19 +59,24 @@ A flow was inactive for the specified pe
The default is 15 seconds.
.El
.Pp
-Export information is stored in NetFlow version 5 datagrams.
+Node supports IPv6 accounting (NetFlow v9 only) and is aware of multiple fibs.
+Different fibs are mapped to different domain_id in NetFlow V9 and different
engine_id in NetFlow V5.
+.Pp
.Sh HOOKS
This node type supports up to
.Dv NG_NETFLOW_MAXIFACES
-hooks named
+(default 65536) hooks named
.Va iface0 , iface1 ,
etc.,
and the same number of hooks named
.Va out0 , out1 ,
etc.,
-plus a single hook named
-.Va export .
-By default (ingress NetFlow enabled) node does NetFlow accounting of data
+plus two export hooks:
+.Va export
+(for NetFlow version 5) and
+.Va export9
+(for NetFlow version 9). Export can be done simultaneously for all supported
+export hooks. By default (ingress NetFlow enabled) node does NetFlow
accounting of data
received on
.Va iface*
hooks.
@@ -83,12 +88,12 @@ If data is received on
hook, it is bypassed to corresponding
.Va iface
hook without any processing (egress NetFlow disabled by default).
-When full export datagram is built it is sent to the
+When full export datagram for an export protocol is built it is sent to the
.Va export
+or
+.Va export9
hook.
-In normal operation, the
-.Va export
-hook is connected to the
+In normal operation, one (or more) export hook is connected to the
.Va inet/dgram/udp
hook of the
.Xr ng_ksocket 4
@@ -188,6 +193,33 @@ NG_NETFLOW_CONF_THISONCE defines that pa
if it several times passes via exactly this netflow node. Last two options are
important to avoid duplicate accounting when both ingress and egress NetFlow
are enabled.
+.It Dv NGM_NETFLOW_SETTEMPLATE
+Sets various timeouts to announce data flow templates
+(NetFlow v9-specific). This message requires
+.Vt struct ng_netflow_settemplate
+as an argument:
+.Bd -literal -offset 4n
+struct ng_netflow_settemplate {
+ uint16_t time;
+ uint16_t packets;
+};
+.Ed
+.Pp
+Value of time field represents time in seconds to re-announce data templates.
+Value of packets field represents maximum packets count between
+re-announcing data templates.
+.It Dv NGM_NETFLOW_SETMTU
+Sets export interface MTU to build packets of specified size (NetFlow
v9-specific).
+This message requires
+.Vt struct ng_netflow_setmtu
+as an argument:
+.Bd -literal -offset 4n
+struct ng_netflow_settemtu {
+ uint16_t mtu;
+};
+.Ed
+.Pp
+Default is 1500 bytes
.It Dv NGM_NETFLOW_SHOW
This control message asks a node to dump the entire contents of the flow cache.
It is called from
@@ -219,6 +251,10 @@ commands are:
.Qq Li settimeouts { inactive = %u active = %u }
.It Dv NGM_NETFLOW_SETCONFIG
.Qq Li setconfig { iface = %u conf = %u }
+.It Dv NGM_NETFLOW_SETTEMPLATE
+.Qq Li settemplate { time = %u packets = %u }
+.It Dv NGM_NETFLOW_SETMTU
+.Qq Li setmtu { mtu = %u }
.El
.Sh SHUTDOWN
This node shuts down upon receipt of a
@@ -272,21 +308,29 @@ SEQ
.Ed
.Sh SEE ALSO
.Xr netgraph 4 ,
+.Xr setfib 2 ,
.Xr ng_ether 4 ,
.Xr ng_iface 4 ,
.Xr ng_ksocket 4 ,
.Xr ng_tee 4 ,
.Xr flowctl 8 ,
.Xr ngctl 8
+.Rs
+.%A B. Claise, Ed
+.%T Cisco Systems NetFlow Services Export Version 9
+.%O RFC 3954
+.Re
.Pp
-.Pa
http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/netflsol/\:nfwhite.htm
+.Pa http://www.cisco.com/en/US/docs/ios/solutions_docs/netflow/nfwhite.html
.Sh AUTHORS
.An -nosplit
The
.Nm
node type was written by
.An Gleb Smirnoff Aq gleb...@freebsd.org ,
-based on
+.An Alexander Motin Aq m...@freebsd.org ,
+.An Alexander Chernikov Aq melif...@ipfw.ru .
+The initial code was based on
.Nm ng_ipacct
written by
.An Roman V. Palagin Aq rom...@unshadow.net .
@@ -294,6 +338,7 @@ written by
Cache snapshot obtained via
.Dv NGM_NETFLOW_SHOW
command may lack some percentage of entries under severe load.
+IPv6 flows are not shown.
.Pp
The
.Nm
svn commit: r219781 - head/sys/netgraph
Author: glebius
Date: Sat Mar 19 19:37:53 2011
New Revision: 219781
URL: http://svn.freebsd.org/changeset/base/219781
Log:
Remove spl(9) remnants.
Modified:
head/sys/netgraph/ng_iface.c
Modified: head/sys/netgraph/ng_iface.c
==
--- head/sys/netgraph/ng_iface.cSat Mar 19 19:30:49 2011
(r219780)
+++ head/sys/netgraph/ng_iface.cSat Mar 19 19:37:53 2011
(r219781)
@@ -286,12 +286,11 @@ static int
ng_iface_ioctl(struct ifnet *ifp, u_long command, caddr_t data)
{
struct ifreq *const ifr = (struct ifreq *) data;
- int s, error = 0;
+ int error = 0;
#ifdef DEBUG
ng_iface_print_ioctl(ifp, command, data);
#endif
- s = splimp();
switch (command) {
/* These two are mostly handled at a higher layer */
@@ -343,7 +342,6 @@ ng_iface_ioctl(struct ifnet *ifp, u_long
error = EINVAL;
break;
}
- (void) splx(s);
return (error);
}
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r219791 - head/sys/net
On Sun, Mar 20, 2011 at 08:35:00AM +, Dmitry Chagin wrote:
D Author: dchagin
D Date: Sun Mar 20 08:35:00 2011
D New Revision: 219791
D URL: http://svn.freebsd.org/changeset/base/219791
D
D Log:
D Remove dead code.
This wasn't a code, but defines. Removing them saves nothing, but
primitives deleted may be useful.
D MFC after: 1 Week
D
D Modified:
D head/sys/net/route.h
D
D Modified: head/sys/net/route.h
D
==
D --- head/sys/net/route.h Sun Mar 20 08:27:06 2011(r219790)
D +++ head/sys/net/route.h Sun Mar 20 08:35:00 2011(r219791)
D @@ -325,7 +325,6 @@ struct rt_addrinfo {
D #define RT_LOCK_INIT(_rt) \
D mtx_init((_rt)-rt_mtx, rtentry, NULL, MTX_DEF | MTX_DUPOK)
D #define RT_LOCK(_rt)mtx_lock((_rt)-rt_mtx)
D -#define RT_TRYLOCK(_rt) mtx_trylock((_rt)-rt_mtx)
D #define RT_UNLOCK(_rt) mtx_unlock((_rt)-rt_mtx)
D #define RT_LOCK_DESTROY(_rt)mtx_destroy((_rt)-rt_mtx)
D #define RT_LOCK_ASSERT(_rt) mtx_assert((_rt)-rt_mtx, MA_OWNED)
D @@ -360,22 +359,6 @@ struct rt_addrinfo {
D RTFREE_LOCKED(_rt); \
D } while (0)
D
D -#define RT_TEMP_UNLOCK(_rt) do {\
D -RT_ADDREF(_rt); \
D -RT_UNLOCK(_rt); \
D -} while (0)
D -
D -#define RT_RELOCK(_rt) do { \
D -RT_LOCK(_rt); \
D -if ((_rt)-rt_refcnt = 1) {\
D -rtfree(_rt);\
D -_rt = 0; /* signal that it went away */\
D -} else {\
D -RT_REMREF(_rt); \
D -/* note that _rt is still valid */ \
D -} \
D -} while (0)
D -
D struct radix_node_head *rt_tables_get_rnh(int, int);
D
D struct ifmultiaddr;
--
Totus tuus, Glebius.
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r219827 - head/sys/netgraph
Author: glebius
Date: Mon Mar 21 14:18:40 2011
New Revision: 219827
URL: http://svn.freebsd.org/changeset/base/219827
Log:
Improve locking of creating and dropping links in the graph, acquiring
the topology mutex in the following functions, that manipulate pointers
to peer nodes:
- ng_bypass()
- ng_path2noderef() when switching to the next node in sequence.
Rewrite the function a bit.
- ng_address_hook()
- ng_address_path()
This patch improves stability of large mpd5 installations.
Modified:
head/sys/netgraph/ng_base.c
Modified: head/sys/netgraph/ng_base.c
==
--- head/sys/netgraph/ng_base.c Mon Mar 21 14:11:37 2011(r219826)
+++ head/sys/netgraph/ng_base.c Mon Mar 21 14:18:40 2011(r219827)
@@ -1162,11 +1162,13 @@ ng_bypass(hook_p hook1, hook_p hook2)
TRAP_ERROR();
return (EINVAL);
}
+ mtx_lock(ng_topo_mtx);
hook1-hk_peer-hk_peer = hook2-hk_peer;
hook2-hk_peer-hk_peer = hook1-hk_peer;
hook1-hk_peer = ng_deadhook;
hook2-hk_peer = ng_deadhook;
+ mtx_unlock(ng_topo_mtx);
NG_HOOK_UNREF(hook1);
NG_HOOK_UNREF(hook2);
@@ -1643,10 +1645,8 @@ ng_path2noderef(node_p here, const char
node_p *destp, hook_p *lasthook)
{
charfullpath[NG_PATHSIZ];
- char *nodename, *path, pbuf[2];
+ char *nodename, *path;
node_p node, oldnode;
- char *cp;
- hook_p hook = NULL;
/* Initialize */
if (destp == NULL) {
@@ -1664,11 +1664,6 @@ ng_path2noderef(node_p here, const char
TRAP_ERROR();
return EINVAL;
}
- if (path == NULL) {
- pbuf[0] = '.'; /* Needs to be writable */
- pbuf[1] = '\0';
- path = pbuf;
- }
/*
* For an absolute address, jump to the starting node.
@@ -1690,41 +1685,41 @@ ng_path2noderef(node_p here, const char
NG_NODE_REF(node);
}
+ if (path == NULL) {
+ if (lasthook != NULL)
+ *lasthook = NULL;
+ *destp = node;
+ return (0);
+ }
+
/*
* Now follow the sequence of hooks
-* XXX
-* We actually cannot guarantee that the sequence
-* is not being demolished as we crawl along it
-* without extra-ordinary locking etc.
-* So this is a bit dodgy to say the least.
-* We can probably hold up some things by holding
-* the nodelist mutex for the time of this
-* crawl if we wanted.. At least that way we wouldn't have to
-* worry about the nodes disappearing, but the hooks would still
-* be a problem.
+*
+* XXXGL: The path may demolish as we go the sequence, but if
+* we hold the topology mutex at critical places, then, I hope,
+* we would always have valid pointers in hand, although the
+* path behind us may no longer exist.
*/
- for (cp = path; node != NULL *cp != '\0'; ) {
+ for (;;) {
+ hook_p hook;
char *segment;
/*
* Break out the next path segment. Replace the dot we just
-* found with a NUL; cp points to the next segment (or the
+* found with a NUL; path points to the next segment (or the
* NUL at the end).
*/
- for (segment = cp; *cp != '\0'; cp++) {
- if (*cp == '.') {
- *cp++ = '\0';
+ for (segment = path; *path != '\0'; path++) {
+ if (*path == '.') {
+ *path++ = '\0';
break;
}
}
- /* Empty segment */
- if (*segment == '\0')
- continue;
-
/* We have a segment, so look for a hook by that name */
hook = ng_findhook(node, segment);
+ mtx_lock(ng_topo_mtx);
/* Can't get there from here... */
if (hook == NULL
|| NG_HOOK_PEER(hook) == NULL
@@ -1732,15 +1727,7 @@ ng_path2noderef(node_p here, const char
|| NG_HOOK_NOT_VALID(NG_HOOK_PEER(hook))) {
TRAP_ERROR();
NG_NODE_UNREF(node);
-#if 0
- printf(hooknotvalid %s %s %d %d %d %d ,
- path,
- segment,
- hook == NULL,
- NG_HOOK_PEER(hook) == NULL,
- NG_HOOK_NOT_VALID(hook),
-
svn commit: r219858 - head/share/examples/cvsup
Author: glebius Date: Tue Mar 22 04:31:35 2011 New Revision: 219858 URL: http://svn.freebsd.org/changeset/base/219858 Log: Give better URL to the list of available CVSup mirrors. Modified: head/share/examples/cvsup/cvs-supfile head/share/examples/cvsup/doc-supfile head/share/examples/cvsup/gnats-supfile head/share/examples/cvsup/ports-supfile head/share/examples/cvsup/stable-supfile head/share/examples/cvsup/standard-supfile head/share/examples/cvsup/www-supfile Modified: head/share/examples/cvsup/cvs-supfile == --- head/share/examples/cvsup/cvs-supfile Tue Mar 22 01:21:51 2011 (r219857) +++ head/share/examples/cvsup/cvs-supfile Tue Mar 22 04:31:35 2011 (r219858) @@ -24,7 +24,7 @@ # This specifies the server host which will supply the # file updates. You must change it to one of the CVSup # mirror sites listed in the FreeBSD Handbook at -# http://www.freebsd.org/doc/handbook/mirrors.html. +# http://www.freebsd.org/doc/handbook/cvsup.html#CVSUP-MIRRORS. # You can override this setting on the command line # with cvsup's -h host option. # @@ -46,7 +46,7 @@ # Defaults that apply to all the collections # # IMPORTANT: Change the next line to use one of the CVSup mirror sites -# listed at http://www.freebsd.org/doc/handbook/mirrors.html. +# listed at http://www.freebsd.org/doc/handbook/cvsup.html#CVSUP-MIRRORS. *default host=CHANGE_THIS.FreeBSD.org *default base=/var/db *default prefix=/home/ncvs Modified: head/share/examples/cvsup/doc-supfile == --- head/share/examples/cvsup/doc-supfile Tue Mar 22 01:21:51 2011 (r219857) +++ head/share/examples/cvsup/doc-supfile Tue Mar 22 04:31:35 2011 (r219858) @@ -24,7 +24,7 @@ # This specifies the server host which will supply the # file updates. You must change it to one of the CVSup # mirror sites listed in the FreeBSD Handbook at -# http://www.freebsd.org/doc/handbook/mirrors.html. +# http://www.freebsd.org/doc/handbook/cvsup.html#CVSUP-MIRRORS. # You can override this setting on the command line # with cvsup's -h host option. # @@ -45,7 +45,7 @@ # Defaults that apply to all the collections # # IMPORTANT: Change the next line to use one of the CVSup mirror sites -# listed at http://www.freebsd.org/doc/handbook/mirrors.html. +# listed at http://www.freebsd.org/doc/handbook/cvsup.html#CVSUP-MIRRORS. *default host=CHANGE_THIS.FreeBSD.org *default base=/var/db *default prefix=/usr Modified: head/share/examples/cvsup/gnats-supfile == --- head/share/examples/cvsup/gnats-supfile Tue Mar 22 01:21:51 2011 (r219857) +++ head/share/examples/cvsup/gnats-supfile Tue Mar 22 04:31:35 2011 (r219858) @@ -24,7 +24,7 @@ # This specifies the server host which will supply the # file updates. You must change it to one of the CVSup # mirror sites listed in the FreeBSD Handbook at -# http://www.freebsd.org/doc/handbook/mirrors.html. +# http://www.freebsd.org/doc/handbook/cvsup.html#CVSUP-MIRRORS. # You can override this setting on the command line # with cvsup's -h host option. # @@ -45,7 +45,7 @@ # Defaults that apply to all the collections # # IMPORTANT: Change the next line to use one of the CVSup mirror sites -# listed at http://www.freebsd.org/doc/handbook/mirrors.html. +# listed at http://www.freebsd.org/doc/handbook/cvsup.html#CVSUP-MIRRORS. *default host=CHANGE_THIS.FreeBSD.org *default base=/var/db *default prefix=/usr Modified: head/share/examples/cvsup/ports-supfile == --- head/share/examples/cvsup/ports-supfile Tue Mar 22 01:21:51 2011 (r219857) +++ head/share/examples/cvsup/ports-supfile Tue Mar 22 04:31:35 2011 (r219858) @@ -24,7 +24,7 @@ # This specifies the server host which will supply the # file updates. You must change it to one of the CVSup # mirror sites listed in the FreeBSD Handbook at -# http://www.freebsd.org/doc/handbook/mirrors.html. +# http://www.freebsd.org/doc/handbook/cvsup.html#CVSUP-MIRRORS. # You can override this setting on the command line # with cvsup's -h host option. # @@ -45,7 +45,7 @@ # Defaults that apply to all the collections # # IMPORTANT: Change the next line to use one of the CVSup mirror sites -# listed at http://www.freebsd.org/doc/handbook/mirrors.html. +# listed at
svn commit: r219904 - head/sbin/mount_unionfs
Author: glebius Date: Wed Mar 23 13:44:09 2011 New Revision: 219904 URL: http://svn.freebsd.org/changeset/base/219904 Log: Fix SYNOPSIS. Modified: head/sbin/mount_unionfs/mount_unionfs.8 Modified: head/sbin/mount_unionfs/mount_unionfs.8 == --- head/sbin/mount_unionfs/mount_unionfs.8 Wed Mar 23 13:43:56 2011 (r219903) +++ head/sbin/mount_unionfs/mount_unionfs.8 Wed Mar 23 13:44:09 2011 (r219904) @@ -39,7 +39,7 @@ .Nd mount union file systems .Sh SYNOPSIS .Nm -.Op Fl br +.Op Fl b .Op Fl o Ar options .Ar directory .Ar uniondir ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r233045 - in head/sys: conf kern
On Mon, Mar 19, 2012 at 09:06:36PM +0100, Davide Italiano wrote: D These indented ifdefs look like a major violation of style used throughout D the FreeBSD kernel code. Can you please keep with common style? D D D Heh, D sorry, also Juli Mallet noticed this, I'm writing a fix for this and D after I'll have approval from my mentor I'll commit. Looks okay, apart from additional empty line in NOTES. Isn't single empty line enough? -- Totus tuus, Glebius. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r233045 - in head/sys: conf kern
On Tue, Mar 20, 2012 at 06:00:50PM +0100, Davide Italiano wrote: D 2012/3/20 Gleb Smirnoff gleb...@freebsd.org: D On Mon, Mar 19, 2012 at 09:06:36PM +0100, Davide Italiano wrote: D D These indented ifdefs look like a major violation of style used throughout D D the FreeBSD kernel code. Can you please keep with common style? D D D D D D Heh, D D sorry, also Juli Mallet noticed this, I'm writing a fix for this and D D after I'll have approval from my mentor I'll commit. D D Looks okay, apart from additional empty line in NOTES. Isn't single D empty line enough? D D -- D Totus tuus, Glebius. D D Well, I removed that in my previous commit. D It was a mistake. D But if you think it's ok to remove that line, I have no objections on this. Well, I'm not that style(9)-evident person :) I just personally dislike multiple empty lines, since less code fits on a terminal. So I won't insist on any choice here. I just noticed incorrect indentation of ifdefs, and that's all. -- Totus tuus, Glebius. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r233257 - head/usr.sbin/newsyslog
Author: glebius
Date: Wed Mar 21 06:51:45 2012
New Revision: 233257
URL: http://svn.freebsd.org/changeset/base/233257
Log:
Don't run through time checks when entry is definitely oversized. This
leads to newsyslog rotating on (size OR time) if both are specified.
PR: 100018, 160432
Modified:
head/usr.sbin/newsyslog/newsyslog.c
Modified: head/usr.sbin/newsyslog/newsyslog.c
==
--- head/usr.sbin/newsyslog/newsyslog.c Wed Mar 21 04:00:58 2012
(r233256)
+++ head/usr.sbin/newsyslog/newsyslog.c Wed Mar 21 06:51:45 2012
(r233257)
@@ -484,12 +484,14 @@ do_entry(struct conf_entry * ent)
fk_entry free_or_keep;
double diffsecs;
char temp_reason[REASON_MAX];
+ int oversized;
free_or_keep = FREE_ENT;
if (verbose)
printf(%s %d%s: , ent-log, ent-numlogs,
compress_type[ent-compress].flag);
ent-fsize = sizefile(ent-log);
+ oversized = ((ent-trsize 0) (ent-fsize = ent-trsize));
modtime = age_old_log(ent-log);
ent-rotate = 0;
ent-firstcreate = 0;
@@ -518,7 +520,8 @@ do_entry(struct conf_entry * ent)
printf(does not exist, skipped%s.\n, temp_reason);
}
} else {
- if (ent-flags CE_TRIMAT !force !rotatereq) {
+ if (ent-flags CE_TRIMAT !force !rotatereq
+ !oversized) {
diffsecs = ptimeget_diff(timenow, ent-trim_at);
if (diffsecs 0.0) {
/* trim_at is some time in the future. */
@@ -574,7 +577,7 @@ do_entry(struct conf_entry * ent)
} else if (force) {
ent-rotate = 1;
snprintf(temp_reason, REASON_MAX, due to -F request);
- } else if ((ent-trsize 0) (ent-fsize = ent-trsize)) {
+ } else if (oversized) {
ent-rotate = 1;
snprintf(temp_reason, REASON_MAX, due to size%dK,
ent-trsize);
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r233258 - head/usr.sbin/newsyslog
Author: glebius Date: Wed Mar 21 07:02:17 2012 New Revision: 233258 URL: http://svn.freebsd.org/changeset/base/233258 Log: Fix a sentence in a paragraph that describes time and interval based trimming. This sentence vaguely can be interpreted as if it was speaking about time and size interaction, while it wasn't about it. Modified: head/usr.sbin/newsyslog/newsyslog.conf.5 Modified: head/usr.sbin/newsyslog/newsyslog.conf.5 == --- head/usr.sbin/newsyslog/newsyslog.conf.5Wed Mar 21 06:51:45 2012 (r233257) +++ head/usr.sbin/newsyslog/newsyslog.conf.5Wed Mar 21 07:02:17 2012 (r233258) @@ -21,7 +21,7 @@ .\ the suitability of this software for any purpose. It is .\ provided as is without express or implied warranty. .\ -.Dd February 25, 2011 +.Dd March 21, 2012 .Dt NEWSYSLOG.CONF 5 .Os .Sh NAME @@ -130,7 +130,7 @@ Additionally, the format may also be con sign along with a rotation time specification of once a day, once a week, or once a month. .Pp -If a time is specified, the log file will only be trimmed if +Time based trimming happens only if .Xr newsyslog 8 is run within one hour of the specified time. If an interval is specified, the log file will be trimmed if that many ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r233269 - head/usr.bin/wall
Author: glebius
Date: Wed Mar 21 08:03:07 2012
New Revision: 233269
URL: http://svn.freebsd.org/changeset/base/233269
Log:
Add multibyte char support.
PR: 165429
Submitted by: amdmi3
Modified:
head/usr.bin/wall/wall.1
head/usr.bin/wall/wall.c
Modified: head/usr.bin/wall/wall.1
==
--- head/usr.bin/wall/wall.1Wed Mar 21 07:49:13 2012(r233268)
+++ head/usr.bin/wall/wall.1Wed Mar 21 08:03:07 2012(r233269)
@@ -28,7 +28,7 @@
.\ @(#)wall.1 8.1 (Berkeley) 6/6/93
.\ $FreeBSD$
.\
-.Dd July 17, 2004
+.Dd February 24, 2012
.Dt WALL 1
.Os
.Sh NAME
@@ -73,7 +73,3 @@ setting is used to determine which chara
terminal, not the receiver's (which
.Nm
has no way of knowing).
-.Pp
-The
-.Nm
-utility does not recognize multibyte characters.
Modified: head/usr.bin/wall/wall.c
==
--- head/usr.bin/wall/wall.cWed Mar 21 07:49:13 2012(r233268)
+++ head/usr.bin/wall/wall.cWed Mar 21 08:03:07 2012(r233269)
@@ -62,6 +62,8 @@ static const char sccsid[] = @(#)wall.c
#include time.h
#include unistd.h
#include utmpx.h
+#include wchar.h
+#include wctype.h
#include ttymsg.h
@@ -185,14 +187,15 @@ void
makemsg(char *fname)
{
int cnt;
- unsigned char ch;
+ wchar_t ch;
struct tm *lt;
struct passwd *pw;
struct stat sbuf;
time_t now;
FILE *fp;
int fd;
- char *p, hostname[MAXHOSTNAMELEN], lbuf[256], tmpname[64];
+ char hostname[MAXHOSTNAMELEN], tmpname[64];
+ wchar_t *p, *tmp, lbuf[256], codebuf[13];
const char *tty;
const char *whom;
gid_t egid;
@@ -220,78 +223,61 @@ makemsg(char *fname)
* Which means that we may leave a non-blank character
* in column 80, but that can't be helped.
*/
- (void)fprintf(fp, \r%79s\r\n, );
- (void)snprintf(lbuf, sizeof(lbuf),
- Broadcast Message from %s@%s,
+ (void)fwprintf(fp, L\r%79s\r\n, );
+ (void)swprintf(lbuf, sizeof(lbuf)/sizeof(wchar_t),
+ LBroadcast Message from %s@%s,
whom, hostname);
- (void)fprintf(fp, %-79.79s\007\007\r\n, lbuf);
- (void)snprintf(lbuf, sizeof(lbuf),
- (%s) at %d:%02d %s..., tty,
+ (void)fwprintf(fp, L%-79.79S\007\007\r\n, lbuf);
+ (void)swprintf(lbuf, sizeof(lbuf)/sizeof(wchar_t),
+ L(%s) at %d:%02d %s..., tty,
lt-tm_hour, lt-tm_min, lt-tm_zone);
- (void)fprintf(fp, %-79.79s\r\n, lbuf);
+ (void)fwprintf(fp, L%-79.79S\r\n, lbuf);
}
- (void)fprintf(fp, %79s\r\n, );
+ (void)fwprintf(fp, L%79s\r\n, );
if (fname) {
egid = getegid();
setegid(getgid());
- if (freopen(fname, r, stdin) == NULL)
+ if (freopen(fname, r, stdin) == NULL)
err(1, can't read %s, fname);
setegid(egid);
}
cnt = 0;
- while (fgets(lbuf, sizeof(lbuf), stdin)) {
- for (p = lbuf; (ch = *p) != '\0'; ++p, ++cnt) {
- if (ch == '\r') {
- putc('\r', fp);
+ while (fgetws(lbuf, sizeof(lbuf)/sizeof(wchar_t), stdin)) {
+ for (p = lbuf; (ch = *p) != L'\0'; ++p, ++cnt) {
+ if (ch == L'\r') {
+ putwc(L'\r', fp);
cnt = 0;
continue;
- } else if (ch == '\n') {
+ } else if (ch == L'\n') {
for (; cnt 79; ++cnt)
- putc(' ', fp);
- putc('\r', fp);
- putc('\n', fp);
+ putwc(L' ', fp);
+ putwc(L'\r', fp);
+ putwc(L'\n', fp);
break;
}
if (cnt == 79) {
- putc('\r', fp);
- putc('\n', fp);
+ putwc(L'\r', fp);
+ putwc(L'\n', fp);
cnt = 0;
}
- if (((ch 0x80) ch 0xA0) ||
- /* disable upper controls */
- (!isprint(ch) !isspace(ch)
- ch != '\a' ch != '\b')
- ) {
- if (ch 0x80) {
- ch = 0x7F;
svn commit: r233272 - head/sys/netinet6
Author: glebius
Date: Wed Mar 21 08:43:38 2012
New Revision: 233272
URL: http://svn.freebsd.org/changeset/base/233272
Log:
in6_pcblookup_local() still can return a pcb with NULL
inp_socket. To avoid panic, do not dereference inp_socket,
but obtain reuse port option from inp_flags2, like this
is done after next call to in_pcblookup_local() a few lines
down below.
Submitted by: rwatson
Modified:
head/sys/netinet6/in6_pcb.c
Modified: head/sys/netinet6/in6_pcb.c
==
--- head/sys/netinet6/in6_pcb.c Wed Mar 21 08:38:42 2012(r233271)
+++ head/sys/netinet6/in6_pcb.c Wed Mar 21 08:43:38 2012(r233272)
@@ -245,8 +245,8 @@ in6_pcbbind(register struct inpcb *inp,
if (tw == NULL ||
(reuseport tw-tw_so_options) == 0)
return (EADDRINUSE);
- } else if (t (reuseport t-inp_socket-so_options)
- == 0) {
+ } else if (t (reuseport == 0 ||
+ (t-inp_flags2 INP_REUSEPORT) == 0)) {
return (EADDRINUSE);
}
#ifdef INET
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r233745 - head/sys/netinet/ipfw
Author: glebius
Date: Sat Mar 31 11:20:48 2012
New Revision: 233745
URL: http://svn.freebsd.org/changeset/base/233745
Log:
Don't check malloc(M_WAITOK) results.
Modified:
head/sys/netinet/ipfw/ip_fw_sockopt.c
Modified: head/sys/netinet/ipfw/ip_fw_sockopt.c
==
--- head/sys/netinet/ipfw/ip_fw_sockopt.c Sat Mar 31 10:47:40 2012
(r233744)
+++ head/sys/netinet/ipfw/ip_fw_sockopt.c Sat Mar 31 11:20:48 2012
(r233745)
@@ -163,8 +163,6 @@ ipfw_add_rule(struct ip_fw_chain *chain,
l = RULESIZE(input_rule);
rule = malloc(l, M_IPFW, M_WAITOK | M_ZERO);
- if (rule == NULL)
- return (ENOSPC);
/* get_map returns with IPFW_UH_WLOCK if successful */
map = get_map(chain, 1, 0 /* not locked */);
if (map == NULL) {
@@ -1010,8 +1008,6 @@ ipfw_ctl(struct sockopt *sopt)
if (size = sopt-sopt_valsize)
break;
buf = malloc(size, M_TEMP, M_WAITOK);
- if (buf == NULL)
- break;
IPFW_UH_RLOCK(chain);
/* check again how much space we need */
want = chain-static_len + ipfw_dyn_len();
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r233773 - head/usr.sbin/arp
Author: glebius
Date: Mon Apr 2 10:44:25 2012
New Revision: 233773
URL: http://svn.freebsd.org/changeset/base/233773
Log:
Historically arp(8) did a route lookup for the entry it is
about to add, and failed if it exist and had invalid data
link type.
Later on, in r201282, this check morphed to other code, but
message proxy entry exists for non 802 device still left,
and now it is printed in a case if route prefix found is
equal to current address being added. In other words, when
we are trying to add ARP entry for a network address. The
message is absolutely unrelated and disappointing in this
case.
I don't see anything bad with setting ARP entries for
network addresses. While useless in usual network,
in a /31 RFC3021 it may be necessary. This, remove this code.
Modified:
head/usr.sbin/arp/arp.c
Modified: head/usr.sbin/arp/arp.c
==
--- head/usr.sbin/arp/arp.c Mon Apr 2 10:24:50 2012(r233772)
+++ head/usr.sbin/arp/arp.c Mon Apr 2 10:44:25 2012(r233773)
@@ -387,10 +387,6 @@ set(int argc, char **argv)
}
addr = (struct sockaddr_inarp *)(rtm + 1);
sdl = (struct sockaddr_dl *)(SA_SIZE(addr) + (char *)addr);
- if (addr-sin_addr.s_addr == dst-sin_addr.s_addr) {
- printf(set: proxy entry exists for non 802 device\n);
- return (1);
- }
if ((sdl-sdl_family != AF_LINK) ||
(rtm-rtm_flags RTF_GATEWAY) ||
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r233846 - head/sys/contrib/pf/net
Author: glebius
Date: Tue Apr 3 18:09:20 2012
New Revision: 233846
URL: http://svn.freebsd.org/changeset/base/233846
Log:
Since pf 4.5 import pf(4) has a mechanism to defer
forwarding a packet, that creates state, until
pfsync(4) peer acks state addition (or 10 msec
timeout passes).
This is needed for active-active CARP configurations,
which are poorly supported in FreeBSD and arguably
a good idea at all.
Unfortunately by the time of import this feature in
OpenBSD was turned on, and did not have a switch to
turn it off. This leaked to FreeBSD.
This change make it possible to turn this feature
off via ioctl() and turns it off by default.
Obtained from:OpenBSD
Modified:
head/sys/contrib/pf/net/if_pfsync.c
head/sys/contrib/pf/net/if_pfsync.h
Modified: head/sys/contrib/pf/net/if_pfsync.c
==
--- head/sys/contrib/pf/net/if_pfsync.c Tue Apr 3 17:48:42 2012
(r233845)
+++ head/sys/contrib/pf/net/if_pfsync.c Tue Apr 3 18:09:20 2012
(r233846)
@@ -50,6 +50,7 @@
* 1.128 - cleanups
* 1.146 - bzero() mbuf before sparsely filling it with data
* 1.170 - SIOCSIFMTU checks
+ * 1.126, 1.142 - deferred packets processing
*/
#ifdef __FreeBSD__
@@ -262,6 +263,7 @@ struct pfsync_softc {
struct pfsync_upd_reqs sc_upd_req_list;
+ int sc_defer;
struct pfsync_deferrals sc_deferrals;
u_intsc_deferred;
@@ -1805,6 +1807,7 @@ pfsyncioctl(struct ifnet *ifp, u_long cm
}
pfsyncr.pfsyncr_syncpeer = sc-sc_sync_peer;
pfsyncr.pfsyncr_maxupdates = sc-sc_maxupdates;
+ pfsyncr.pfsyncr_defer = sc-sc_defer;
return (copyout(pfsyncr, ifr-ifr_data, sizeof(pfsyncr)));
case SIOCSETPFSYNC:
@@ -1840,6 +1843,7 @@ pfsyncioctl(struct ifnet *ifp, u_long cm
}
#endif
sc-sc_maxupdates = pfsyncr.pfsyncr_maxupdates;
+ sc-sc_defer = pfsyncr.pfsyncr_defer;
if (pfsyncr.pfsyncr_syncdev[0] == 0) {
sc-sc_sync_if = NULL;
@@ -2378,10 +2382,7 @@ pfsync_insert_state(struct pf_state *st)
pfsync_q_ins(st, PFSYNC_S_INS);
- if (ISSET(st-state_flags, PFSTATE_ACK))
- schednetisr(NETISR_PFSYNC);
- else
- st-sync_updates = 0;
+ st-sync_updates = 0;
}
int defer = 10;
@@ -2402,6 +2403,9 @@ pfsync_defer(struct pf_state *st, struct
splassert(IPL_SOFTNET);
#endif
+ if (!sc-sc_defer || m-m_flags (M_BCAST|M_MCAST))
+ return (0);
+
if (sc-sc_deferred = 128)
pfsync_undefer(TAILQ_FIRST(sc-sc_deferrals), 0);
@@ -2430,6 +2434,8 @@ pfsync_defer(struct pf_state *st, struct
timeout_add(pd-pd_tmo, defer);
#endif
+ swi_sched(V_pfsync_swi_cookie, 0);
+
return (1);
}
Modified: head/sys/contrib/pf/net/if_pfsync.h
==
--- head/sys/contrib/pf/net/if_pfsync.h Tue Apr 3 17:48:42 2012
(r233845)
+++ head/sys/contrib/pf/net/if_pfsync.h Tue Apr 3 18:09:20 2012
(r233846)
@@ -265,7 +265,7 @@ struct pfsyncreq {
char pfsyncr_syncdev[IFNAMSIZ];
struct in_addr pfsyncr_syncpeer;
int pfsyncr_maxupdates;
- int pfsyncr_authlevel;
+ int pfsyncr_defer;
};
#ifdef __FreeBSD__
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r233847 - head/sbin/ifconfig
Author: glebius
Date: Tue Apr 3 18:10:48 2012
New Revision: 233847
URL: http://svn.freebsd.org/changeset/base/233847
Log:
Make it possible to switch pfsync(4) deferral mechanism on/off.
Obtained from:OpenBSD
Modified:
head/sbin/ifconfig/ifpfsync.c
Modified: head/sbin/ifconfig/ifpfsync.c
==
--- head/sbin/ifconfig/ifpfsync.c Tue Apr 3 18:09:20 2012
(r233846)
+++ head/sbin/ifconfig/ifpfsync.c Tue Apr 3 18:10:48 2012
(r233847)
@@ -52,6 +52,7 @@ void setpfsync_syncpeer(const char *, in
void unsetpfsync_syncpeer(const char *, int, int, const struct afswtch *);
void setpfsync_syncpeer(const char *, int, int, const struct afswtch *);
void setpfsync_maxupd(const char *, int, int, const struct afswtch *);
+void setpfsync_defer(const char *, int, int, const struct afswtch *);
void pfsync_status(int);
void
@@ -162,6 +163,23 @@ setpfsync_maxupd(const char *val, int d,
err(1, SIOCSETPFSYNC);
}
+/* ARGSUSED */
+void
+setpfsync_defer(const char *val, int d, int s, const struct afswtch *rafp)
+{
+ struct pfsyncreq preq;
+
+ memset((char *)preq, 0, sizeof(struct pfsyncreq));
+ ifr.ifr_data = (caddr_t)preq;
+
+ if (ioctl(s, SIOCGETPFSYNC, (caddr_t)ifr) == -1)
+ err(1, SIOCGETPFSYNC);
+
+ preq.pfsyncr_defer = d;
+ if (ioctl(s, SIOCSETPFSYNC, (caddr_t)ifr) == -1)
+ err(1, SIOCSETPFSYNC);
+}
+
void
pfsync_status(int s)
{
@@ -183,8 +201,10 @@ pfsync_status(int s)
printf(syncpeer: %s , inet_ntoa(preq.pfsyncr_syncpeer));
if (preq.pfsyncr_syncdev[0] != '\0' ||
- preq.pfsyncr_syncpeer.s_addr != INADDR_PFSYNC_GROUP)
- printf(maxupd: %d\n, preq.pfsyncr_maxupdates);
+ preq.pfsyncr_syncpeer.s_addr != INADDR_PFSYNC_GROUP) {
+ printf(maxupd: %d , preq.pfsyncr_maxupdates);
+ printf(defer: %s\n, preq.pfsyncr_defer ? on : off);
+ }
}
static struct cmd pfsync_cmds[] = {
@@ -194,7 +214,9 @@ static struct cmd pfsync_cmds[] = {
DEF_CMD(-syncif, 1, unsetpfsync_syncdev),
DEF_CMD_ARG(syncpeer, setpfsync_syncpeer),
DEF_CMD(-syncpeer,1, unsetpfsync_syncpeer),
- DEF_CMD_ARG(maxupd, setpfsync_maxupd)
+ DEF_CMD_ARG(maxupd, setpfsync_maxupd),
+ DEF_CMD(defer,1, setpfsync_defer),
+ DEF_CMD(-defer, 0, setpfsync_defer),
};
static struct afswtch af_pfsync = {
.af_name= af_pfsync,
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r233848 - head/sbin/ifconfig
Author: glebius Date: Tue Apr 3 18:11:30 2012 New Revision: 233848 URL: http://svn.freebsd.org/changeset/base/233848 Log: Document syncdev, syncpeer and defer keywords for pfsync(4) interfaces. Modified: head/sbin/ifconfig/ifconfig.8 Modified: head/sbin/ifconfig/ifconfig.8 == --- head/sbin/ifconfig/ifconfig.8 Tue Apr 3 18:10:48 2012 (r233847) +++ head/sbin/ifconfig/ifconfig.8 Tue Apr 3 18:11:30 2012 (r233848) @@ -28,7 +28,7 @@ .\ From: @(#)ifconfig.8 8.3 (Berkeley) 1/5/94 .\ $FreeBSD$ .\ -.Dd March 7, 2012 +.Dd April 3, 2012 .Dt IFCONFIG 8 .Os .Sh NAME @@ -2380,10 +2380,28 @@ The following parameters are specific to .Xr pfsync 4 interfaces: .Bl -tag -width indent +.It Cm syncdev Ar iface +Use the specified interface +to send and receive pfsync state synchronisation messages. +.It Fl syncdev +Stop sending pfsync state synchronisation messages over the network. +.It Cm syncpeer Ar peer_address +Make the pfsync link point-to-point rather than using +multicast to broadcast the state synchronisation messages. +The peer_address is the IP address of the other host taking part in +the pfsync cluster. +.It Fl syncpeer +Broadcast the packets using multicast. .It Cm maxupd Ar n Set the maximum number of updates for a single state which can be collapsed into one. This is an 8-bit number; the default value is 128. +.It Cm defer +Defer transmission of the first packet in a state until a peer has +acknowledged that the associated state has been inserted. +.It Fl defer +Do not defer the first packet in a state. +This is the default. .El .Pp The following parameters are specific to ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r233846 - head/sys/contrib/pf/net
On Tue, Apr 03, 2012 at 06:09:21PM +, Gleb Smirnoff wrote: T Author: glebius T Date: Tue Apr 3 18:09:20 2012 T New Revision: 233846 T URL: http://svn.freebsd.org/changeset/base/233846 T T Log: T Since pf 4.5 import pf(4) has a mechanism to defer T forwarding a packet, that creates state, until T pfsync(4) peer acks state addition (or 10 msec T timeout passes). T T This is needed for active-active CARP configurations, T which are poorly supported in FreeBSD and arguably T a good idea at all. T T Unfortunately by the time of import this feature in T OpenBSD was turned on, and did not have a switch to T turn it off. This leaked to FreeBSD. T T This change make it possible to turn this feature T off via ioctl() and turns it off by default. Fortunately, we got an unused field in struct pfsyncreq, so this commit doesn't break ioctl() ABI, and this is mergeable. -- Totus tuus, Glebius. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r233846 - head/sys/contrib/pf/net
Ermal, On Tue, Apr 03, 2012 at 08:30:41PM +0200, Ermal Lu?i wrote: E You are sure that the defer feature is linked only to active-active? I don't see any sane reason for deferring in normal master/backup configuration. -- Totus tuus, Glebius. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r233745 - head/sys/netinet/ipfw
Julian, On Tue, Apr 03, 2012 at 04:46:56PM -0700, Julian Elischer wrote: J Many years ago there was the possibility that malloc M_WAITOK could J return on shutdown or in some other rare error cases. J J Are we certain this is no longer true? At least it is documented so. -- Totus tuus, Glebius. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r233863 - head/usr.bin/netstat
Author: glebius
Date: Wed Apr 4 08:30:32 2012
New Revision: 233863
URL: http://svn.freebsd.org/changeset/base/233863
Log:
With pf 4.5 import the name of pfsync stats sysctl has changed, thus
'netstat -sp pfsync' got broken. Fix this.
Modified:
head/usr.bin/netstat/if.c
Modified: head/usr.bin/netstat/if.c
==
--- head/usr.bin/netstat/if.c Wed Apr 4 08:19:13 2012(r233862)
+++ head/usr.bin/netstat/if.c Wed Apr 4 08:30:32 2012(r233863)
@@ -93,10 +93,10 @@ pfsync_stats(u_long off, const char *nam
if (live) {
if (zflag)
memset(zerostat, 0, len);
- if (sysctlbyname(net.inet.pfsync.stats, pfsyncstat, len,
+ if (sysctlbyname(net.pfsync.stats, pfsyncstat, len,
zflag ? zerostat : NULL, zflag ? len : 0) 0) {
if (errno != ENOENT)
- warn(sysctl: net.inet.pfsync.stats);
+ warn(sysctl: net.pfsync.stats);
return;
}
} else
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r233874 - head/sys/contrib/pf/net
Author: glebius
Date: Wed Apr 4 14:47:59 2012
New Revision: 233874
URL: http://svn.freebsd.org/changeset/base/233874
Log:
Merge from OpenBSD:
revision 1.173
date: 2011/11/09 12:36:03; author: camield; state: Exp; lines: +11 -12
State expire time is a baseline time (last active) for expiry
calculations, and does _not_ denote the time when to expire. So
it should never be added to (set into the future).
Try to reconstruct it with an educated guess on state import and
just set it to the current time on state updates.
This fixes a problem on pfsync listeners where the expiry time
could be double the expected value and cause a lot more states
to linger.
Modified:
head/sys/contrib/pf/net/if_pfsync.c
Modified: head/sys/contrib/pf/net/if_pfsync.c
==
--- head/sys/contrib/pf/net/if_pfsync.c Wed Apr 4 14:31:48 2012
(r233873)
+++ head/sys/contrib/pf/net/if_pfsync.c Wed Apr 4 14:47:59 2012
(r233874)
@@ -51,6 +51,7 @@
* 1.146 - bzero() mbuf before sparsely filling it with data
* 1.170 - SIOCSIFMTU checks
* 1.126, 1.142 - deferred packets processing
+ * 1.173 - correct expire time processing
*/
#ifdef __FreeBSD__
@@ -789,11 +790,16 @@ pfsync_state_import(struct pfsync_state
st-creation = time_uptime - ntohl(sp-creation);
st-expire = time_second;
if (sp-expire) {
- /* XXX No adaptive scaling. */
- st-expire -= r-timeout[sp-timeout] - ntohl(sp-expire);
+ uint32_t timeout;
+
+ timeout = r-timeout[sp-timeout];
+ if (!timeout)
+ timeout = pf_default_rule.timeout[sp-timeout];
+
+ /* sp-expire may have been adaptively scaled by export. */
+ st-expire -= timeout - ntohl(sp-expire);
}
- st-expire = ntohl(sp-expire) + time_second;
st-direction = sp-direction;
st-log = sp-log;
st-timeout = sp-timeout;
@@ -1291,7 +1297,7 @@ pfsync_in_upd(struct pfsync_pkt *pkt, st
pfsync_alloc_scrub_memory(sp-dst, st-dst);
pf_state_peer_ntoh(sp-src, st-src);
pf_state_peer_ntoh(sp-dst, st-dst);
- st-expire = ntohl(sp-expire) + time_second;
+ st-expire = time_second;
st-timeout = sp-timeout;
st-pfsync_time = time_uptime;
}
@@ -1397,7 +1403,7 @@ pfsync_in_upd_c(struct pfsync_pkt *pkt,
pfsync_alloc_scrub_memory(up-dst, st-dst);
pf_state_peer_ntoh(up-src, st-src);
pf_state_peer_ntoh(up-dst, st-dst);
- st-expire = ntohl(up-expire) + time_second;
+ st-expire = time_second;
st-timeout = up-timeout;
st-pfsync_time = time_uptime;
}
@@ -2021,12 +2027,6 @@ pfsync_out_upd_c(struct pf_state *st, st
pf_state_peer_hton(st-src, up-src);
pf_state_peer_hton(st-dst, up-dst);
up-creatorid = st-creatorid;
-
- up-expire = pf_state_expires(st);
- if (up-expire = time_second)
- up-expire = htonl(0);
- else
- up-expire = htonl(up-expire - time_second);
up-timeout = st-timeout;
return (sizeof(*up));
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r233773 - head/usr.sbin/arp
Qing, On Sun, Apr 08, 2012 at 10:41:11AM -0700, Qing Li wrote: Q This is not the right way to support RFC3021. Q Q The code you removed is used for checking against attempt at adding Q duplicate entry. Q Both the message and the code apply in that context. I tried to state Q clearly and concisely Q what r201282 was intended in solving and was verified by actual users Q who ran into the Q described problems. How does the message apply? On a 10.0/9.0 prior to my commit: #ifconfig em0 em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=4219bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO ether f0:de:f1:6c:5b:fa inet x.x.x.111 netmask 0xffe0 broadcast x.x.x.127 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: Ethernet autoselect (100baseTX full-duplex) status: active # arp -an ? (x.x.x.97) at 00:00:5e:00:01:61 on em0 expires in 1198 seconds [ethernet] ? (x.x.x.101) at 00:e0:81:5a:22:49 on em0 expires in 618 seconds [ethernet] ? (x.x.x.111) at f0:de:f1:6c:5b:fa on em0 permanent [ethernet] ? (x.x.x.116) at 00:26:18:6a:ea:02 on em0 expires in 1128 seconds [ethernet] # # arp -s 81.19.64.96 0:0:0:0:0:0 set: proxy entry exists for non 802 device And how does this apply? Where is the proxy entry mentioned? Where is the non 802 device? Look at the code before r201282 and see that the message was for absolutely unrelated case. And here is behavior of 6.1-RELEASE, that is prior to your new ARP work: # ifconfig fxp0 fxp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=8VLAN_MTU inet x.x.x.134 netmask 0xfffc broadcast x.x.x.135 ether 00:20:ed:6e:9c:f9 media: Ethernet autoselect (10baseT/UTP) status: active # arp -s x.x.x.132 0:0:0:0:0:0 set: can only proxy for x.x.x.132 As you see, the error message was an other one. Q If we actually need to support RFC 3021, then better do it properly. What do you mean here under properly? RFC3021 says that network address in a /31 network is a common address. Thus it should be possible to have an ARP entry for it. Anyway this change isn't about RFC3021. A /31 network is just a case when we need to set ARP entry for network address. -- Totus tuus, Glebius. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r234084 - head/sys/netinet
Author: glebius
Date: Tue Apr 10 05:42:48 2012
New Revision: 234084
URL: http://svn.freebsd.org/changeset/base/234084
Log:
CARP should be capable to run on if_bridge(4). Unfortunately,
this commit is not enough to enable CARP operation on
if_bridge(4), because the latter doesn't handle or even
initialize its ifp-if_link_state.
Reported by: Alexander Lunev sol289 gmail.com
Modified:
head/sys/netinet/ip_carp.c
Modified: head/sys/netinet/ip_carp.c
==
--- head/sys/netinet/ip_carp.c Tue Apr 10 02:29:11 2012(r234083)
+++ head/sys/netinet/ip_carp.c Tue Apr 10 05:42:48 2012(r234084)
@@ -1384,6 +1384,7 @@ carp_output(struct ifnet *ifp, struct mb
/* Set the source MAC address to the Virtual Router MAC Address. */
switch (ifp-if_type) {
case IFT_ETHER:
+ case IFT_BRIDGE:
case IFT_L2VLAN: {
struct ether_header *eh;
@@ -1604,6 +1605,7 @@ carp_ioctl(struct ifreq *ifr, u_long cmd
switch (ifp-if_type) {
case IFT_ETHER:
case IFT_L2VLAN:
+ case IFT_BRIDGE:
case IFT_FDDI:
case IFT_ISO88025:
break;
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r233773 - head/usr.sbin/arp
Qing, On Mon, Apr 09, 2012 at 02:26:06PM -0700, Qing Li wrote: Q You missed my points. Q Q That if check as part of r201282 was meant to resolve a couple of Q issues related Q to PPP links, as noted in my commit message. In this PPP/proxy Q resolution context Q the error message applies, which is why I actually used the word context in my Q previous reply. Q Q Your removing of that code will break the fixes committed in r201282. Can you please provide example of PPP link configuration, that was broken by r233773. Q I can't quite decipher the example you described in this email. Okay, here it is more verbose: My list of interfaces: # ifconfig -l em0 wlan0 iwn0 lo0 My only configured interface: # ifconfig em0 em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=4219bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO ether f0:de:f1:6c:5b:fa inet x.x.x.111 netmask 0xffe0 broadcast x.x.x.127 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: Ethernet autoselect (100baseTX full-duplex) status: active My arp table: # arp -an ? (x.x.x.97) at 00:00:5e:00:01:61 on em0 expires in 1198 seconds [ethernet] ? (x.x.x.101) at 00:e0:81:5a:22:49 on em0 expires in 618 seconds [ethernet] ? (x.x.x.111) at f0:de:f1:6c:5b:fa on em0 permanent [ethernet] ? (x.x.x.116) at 00:26:18:6a:ea:02 on em0 expires in 1128 seconds [ethernet] Now I'm trying to set ARP entry for network address. And I get error: # arp -s 81.19.64.96 0:0:0:0:0:0 set: proxy entry exists for non 802 device Questions: where is the proxy entry mentioned in the above ARP table? I don't see one. Where is the non 802 device in the above list of my interfaces? Q Could you please give me a bit more information in a private email so I can have Q a better look at the issue, and possibly make a suggestion for an alternative Q patch ? I have mailed you 8 March 2012 with msg-id 20120308173642.gw13...@glebius.int.ru, and didn't got any reply since. That's why I proceeded with commit. P.S. And please, can you avoid top quoting when discussing on technical FreeBSD lists? This isn't my personal wish but explicitly documented etiquette: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/mailing-list-faq/etiquette.html#ETIQUETTE-REPLYING -- Totus tuus, Glebius. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r234086 - head/sys/dev/sfxge
Author: glebius
Date: Tue Apr 10 06:52:21 2012
New Revision: 234086
URL: http://svn.freebsd.org/changeset/base/234086
Log:
M_DONTWAIT is a flag from historical mbuf(9)
allocator, not malloc(9) or uma(9) flag.
Modified:
head/sys/dev/sfxge/sfxge_rx.c
Modified: head/sys/dev/sfxge/sfxge_rx.c
==
--- head/sys/dev/sfxge/sfxge_rx.c Tue Apr 10 06:25:11 2012
(r234085)
+++ head/sys/dev/sfxge/sfxge_rx.c Tue Apr 10 06:52:21 2012
(r234086)
@@ -176,10 +176,10 @@ static inline struct mbuf *sfxge_rx_allo
/* Allocate mbuf structure */
args.flags = M_PKTHDR;
args.type = MT_DATA;
- m = (struct mbuf *)uma_zalloc_arg(zone_mbuf, args, M_DONTWAIT);
+ m = (struct mbuf *)uma_zalloc_arg(zone_mbuf, args, M_NOWAIT);
/* Allocate (and attach) packet buffer */
- if (m !uma_zalloc_arg(sc-rx_buffer_zone, m, M_DONTWAIT)) {
+ if (m !uma_zalloc_arg(sc-rx_buffer_zone, m, M_NOWAIT)) {
uma_zfree(zone_mbuf, m);
m = NULL;
}
@@ -586,7 +586,7 @@ static void sfxge_lro_new_conn(struct sf
c = TAILQ_FIRST(st-free_conns);
TAILQ_REMOVE(st-free_conns, c, link);
} else {
- c = malloc(sizeof(*c), M_SFXGE, M_DONTWAIT);
+ c = malloc(sizeof(*c), M_SFXGE, M_NOWAIT);
if (c == NULL)
return;
c-mbuf = NULL;
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r234087 - head/sys/netinet
Author: glebius
Date: Tue Apr 10 06:52:39 2012
New Revision: 234087
URL: http://svn.freebsd.org/changeset/base/234087
Log:
M_DONTWAIT is a flag from historical mbuf(9)
allocator, not malloc(9) or uma(9) flag.
Modified:
head/sys/netinet/in.c
Modified: head/sys/netinet/in.c
==
--- head/sys/netinet/in.c Tue Apr 10 06:52:21 2012(r234086)
+++ head/sys/netinet/in.c Tue Apr 10 06:52:39 2012(r234087)
@@ -1279,7 +1279,7 @@ in_lltable_new(const struct sockaddr *l3
{
struct in_llentry *lle;
- lle = malloc(sizeof(struct in_llentry), M_LLTABLE, M_DONTWAIT | M_ZERO);
+ lle = malloc(sizeof(struct in_llentry), M_LLTABLE, M_NOWAIT | M_ZERO);
if (lle == NULL)/* NB: caller generates msg */
return NULL;
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r234130 - head/sys/netinet
Author: glebius
Date: Wed Apr 11 12:26:30 2012
New Revision: 234130
URL: http://svn.freebsd.org/changeset/base/234130
Log:
It is a logical error that in carp_multicast_cleanup()
we look at count of addresses on a particular vhid, we
should account number of addresses on cif.
To achieve this we need to run carp_attach() and
carp_detach() under appropriate cif lock.
Modified:
head/sys/netinet/ip_carp.c
Modified: head/sys/netinet/ip_carp.c
==
--- head/sys/netinet/ip_carp.c Wed Apr 11 09:25:20 2012(r234129)
+++ head/sys/netinet/ip_carp.c Wed Apr 11 12:26:30 2012(r234130)
@@ -223,6 +223,13 @@ SYSCTL_STRUCT(_net_inet_carp, OID_AUTO,
#defineCIF_LOCK_ASSERT(cif)mtx_assert((cif)-cif_mtx, MA_OWNED)
#defineCIF_LOCK(cif) mtx_lock((cif)-cif_mtx)
#defineCIF_UNLOCK(cif) mtx_unlock((cif)-cif_mtx)
+#defineCIF_FREE(cif) do {\
+ CIF_LOCK_ASSERT(cif); \
+ if (TAILQ_EMPTY((cif)-cif_vrs)) \
+ carp_free_if(cif); \
+ else\
+ CIF_UNLOCK(cif);\
+} while (0)
#defineCARP_LOG(...) do {\
if (carp_log 0) \
@@ -257,6 +264,7 @@ SYSCTL_STRUCT(_net_inet_carp, OID_AUTO,
static voidcarp_input_c(struct mbuf *, struct carp_header *, sa_family_t);
static struct carp_softc
*carp_alloc(struct ifnet *);
+static voidcarp_detach_locked(struct ifaddr *);
static voidcarp_destroy(struct carp_softc *);
static struct carp_if
*carp_alloc_if(struct ifnet *);
@@ -1214,12 +1222,13 @@ carp_setrun(struct carp_softc *sc, sa_fa
* Setup multicast structures.
*/
static int
-carp_multicast_setup(struct carp_softc *sc, sa_family_t sa)
+carp_multicast_setup(struct carp_if *cif, sa_family_t sa)
{
- struct ifnet *ifp = sc-sc_carpdev;
- struct carp_if *cif = ifp-if_carp;
+ struct ifnet *ifp = cif-cif_ifp;
int error = 0;
+ CIF_LOCK_ASSERT(cif);
+
switch (sa) {
#ifdef INET
case AF_INET:
@@ -1232,7 +1241,9 @@ carp_multicast_setup(struct carp_softc *
imo-imo_membership = (struct in_multi **)malloc(
(sizeof(struct in_multi *) * IP_MIN_MEMBERSHIPS), M_CARP,
- M_WAITOK);
+ M_NOWAIT);
+ if (imo-imo_membership == NULL)
+ return (ENOMEM);
imo-imo_mfilters = NULL;
imo-imo_max_memberships = IP_MIN_MEMBERSHIPS;
imo-imo_multicast_vif = -1;
@@ -1262,7 +1273,9 @@ carp_multicast_setup(struct carp_softc *
im6o-im6o_membership = (struct in6_multi **)malloc(
(sizeof(struct in6_multi *) * IPV6_MIN_MEMBERSHIPS), M_CARP,
- M_ZERO|M_WAITOK);
+ M_ZERO | M_NOWAIT);
+ if (im6o-im6o_membership == NULL)
+ return (ENOMEM);
im6o-im6o_mfilters = NULL;
im6o-im6o_max_memberships = IPV6_MIN_MEMBERSHIPS;
im6o-im6o_multicast_hlim = CARP_DFLTTL;
@@ -1316,15 +1329,14 @@ carp_multicast_setup(struct carp_softc *
* Free multicast structures.
*/
static void
-carp_multicast_cleanup(struct carp_softc *sc, sa_family_t sa)
+carp_multicast_cleanup(struct carp_if *cif, sa_family_t sa)
{
- struct ifnet *ifp = sc-sc_carpdev;
- struct carp_if *cif = ifp-if_carp;
+ CIF_LOCK_ASSERT(cif);
switch (sa) {
#ifdef INET
case AF_INET:
- if (sc-sc_naddrs == 0) {
+ if (cif-cif_naddrs == 0) {
struct ip_moptions *imo = cif-cif_imo;
in_leavegroup(imo-imo_membership[0], NULL);
@@ -1338,7 +1350,7 @@ carp_multicast_cleanup(struct carp_softc
#endif
#ifdef INET6
case AF_INET6:
- if (sc-sc_naddrs6 == 0) {
+ if (cif-cif_naddrs6 == 0) {
struct ip6_moptions *im6o = cif-cif_im6o;
in6_mc_leave(im6o-im6o_membership[0], NULL);
@@ -1496,12 +1508,9 @@ carp_destroy(struct carp_softc *sc)
struct ifnet *ifp = sc-sc_carpdev;
struct carp_if *cif = ifp-if_carp;
- CIF_LOCK(cif);
+ CIF_LOCK_ASSERT(cif);
+
TAILQ_REMOVE(cif-cif_vrs, sc, sc_list);
- if (TAILQ_EMPTY(cif-cif_vrs))
- carp_free_if(cif);
- else
- CIF_UNLOCK(cif);
mtx_lock(carp_mtx);
LIST_REMOVE(sc, sc_next);
@@ -1777,6 +1786,7 @@ int
carp_attach(struct ifaddr *ifa, int vhid)
{
struct ifnet *ifp = ifa-ifa_ifp;
+ struct carp_if *cif = ifp-if_carp;
struct carp_softc *sc;
int index, error;
@@ -1795,43 +1805,51
Re: svn commit: r234329 - head/lib/libc/net
On Sun, Apr 15, 2012 at 11:56:04PM +, Eitan Adler wrote:
E Author: eadler
E Date: Sun Apr 15 23:56:03 2012
E New Revision: 234329
E URL: http://svn.freebsd.org/changeset/base/234329
E
E Log:
E When searching for uninitialized memory usage add ensure that the entire
E struct is set to zero.
E
E PR:bin/166483
E Submitted by: Roy Marples r...@marples.name
E Reviewed by: delphij
E Approved by: cperciva
E MFC after: 3 days
E
E Modified:
E head/lib/libc/net/if_nametoindex.c
E
E Modified: head/lib/libc/net/if_nametoindex.c
E
==
E --- head/lib/libc/net/if_nametoindex.c Sun Apr 15 23:50:13 2012
(r234328)
E +++ head/lib/libc/net/if_nametoindex.c Sun Apr 15 23:56:03 2012
(r234329)
E @@ -70,6 +70,9 @@ if_nametoindex(const char *ifname)
E
E s = _socket(AF_INET, SOCK_DGRAM, 0);
E if (s != -1) {
E +#ifdef PURIFY
E +memset(ifr, 0, sizeof(ifr));
E +#endif
E strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
E if (_ioctl(s, SIOCGIFINDEX, ifr) != -1) {
E _close(s);
Is that PURIFY documented anywhere?
--
Totus tuus, Glebius.
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r234342 - head/sys/netinet
Author: glebius
Date: Mon Apr 16 13:49:03 2012
New Revision: 234342
URL: http://svn.freebsd.org/changeset/base/234342
Log:
When we receive an ICMP unreach need fragmentation datagram, we take
proposed MTU value from it and update the TCP host cache. Then
tcp_mss_update() is called on the corresponding tcpcb. It finds the
just allocated entry in the TCP host cache and updates MSS on the
tcpcb. And then we do a fast retransmit of what we have in the tcp
send buffer.
This sequence gets broken if the TCP host cache is exausted. In this
case allocation fails, and later called tcp_mss_update() finds nothing
in cache. The fast retransmit is done with not reduced MSS and is
immidiately replied by remote host with new ICMP datagrams and the
cycle repeats. This ping-pong can go up to wirespeed.
To fix this:
- tcp_mss_update() gets new parameter - mtuoffer, that is like
offer, but needs to have min_protoh subtracted.
- tcp_mtudisc() as notification method renamed to tcp_mtudisc_notify().
- tcp_mtudisc() now accepts not a useless error argument, but proposed
MTU value, that is passed to tcp_mss_update() as mtuoffer.
Reported by: az
Reported by: Andrey Zonov andrey zonov.org
Reviewed by: andre (previous version of patch)
Modified:
head/sys/netinet/tcp_input.c
head/sys/netinet/tcp_output.c
head/sys/netinet/tcp_subr.c
head/sys/netinet/tcp_var.h
Modified: head/sys/netinet/tcp_input.c
==
--- head/sys/netinet/tcp_input.cMon Apr 16 13:41:46 2012
(r234341)
+++ head/sys/netinet/tcp_input.cMon Apr 16 13:49:03 2012
(r234342)
@@ -3288,22 +3288,19 @@ tcp_xmit_timer(struct tcpcb *tp, int rtt
* are present. Store the upper limit of the length of options plus
* data in maxopd.
*
- * In case of T/TCP, we call this routine during implicit connection
- * setup as well (offer = -1), to initialize maxseg from the cached
- * MSS of our peer.
- *
* NOTE that this routine is only called when we process an incoming
- * segment. Outgoing SYN/ACK MSS settings are handled in tcp_mssopt().
+ * segment, or an ICMP need fragmentation datagram. Outgoing SYN/ACK MSS
+ * settings are handled in tcp_mssopt().
*/
void
-tcp_mss_update(struct tcpcb *tp, int offer,
+tcp_mss_update(struct tcpcb *tp, int offer, int mtuoffer,
struct hc_metrics_lite *metricptr, int *mtuflags)
{
int mss = 0;
u_long maxmtu = 0;
struct inpcb *inp = tp-t_inpcb;
struct hc_metrics_lite metrics;
- int origoffer = offer;
+ int origoffer;
#ifdef INET6
int isipv6 = ((inp-inp_vflag INP_IPV6) != 0) ? 1 : 0;
size_t min_protoh = isipv6 ?
@@ -3315,6 +3312,12 @@ tcp_mss_update(struct tcpcb *tp, int off
INP_WLOCK_ASSERT(tp-t_inpcb);
+ if (mtuoffer != -1) {
+ KASSERT(offer == -1, (%s: conflict, __func__));
+ offer = mtuoffer - min_protoh;
+ }
+ origoffer = offer;
+
/* Initialize. */
#ifdef INET6
if (isipv6) {
@@ -3473,7 +3476,7 @@ tcp_mss(struct tcpcb *tp, int offer)
KASSERT(tp != NULL, (%s: tp == NULL, __func__));
- tcp_mss_update(tp, offer, metrics, mtuflags);
+ tcp_mss_update(tp, offer, -1, metrics, mtuflags);
mss = tp-t_maxseg;
inp = tp-t_inpcb;
Modified: head/sys/netinet/tcp_output.c
==
--- head/sys/netinet/tcp_output.c Mon Apr 16 13:41:46 2012
(r234341)
+++ head/sys/netinet/tcp_output.c Mon Apr 16 13:49:03 2012
(r234342)
@@ -1293,7 +1293,7 @@ out:
*/
if (tso)
tp-t_flags = ~TF_TSO;
- tcp_mtudisc(tp-t_inpcb, 0);
+ tcp_mtudisc(tp-t_inpcb, -1);
return (0);
case EHOSTDOWN:
case EHOSTUNREACH:
Modified: head/sys/netinet/tcp_subr.c
==
--- head/sys/netinet/tcp_subr.c Mon Apr 16 13:41:46 2012(r234341)
+++ head/sys/netinet/tcp_subr.c Mon Apr 16 13:49:03 2012(r234342)
@@ -222,6 +222,7 @@ VNET_DEFINE(uma_zone_t, sack_hole_zone);
VNET_DEFINE(struct hhook_head *, tcp_hhh[HHOOK_TCP_LAST+1]);
static struct inpcb *tcp_notify(struct inpcb *, int);
+static struct inpcb *tcp_mtudisc_notify(struct inpcb *, int);
static char * tcp_log_addr(struct in_conninfo *inc, struct tcphdr *th,
void *ip4hdr, const void *ip6hdr);
@@ -1337,7 +1338,7 @@ tcp_ctlinput(int cmd, struct sockaddr *s
return;
if (cmd == PRC_MSGSIZE)
- notify = tcp_mtudisc;
+ notify = tcp_mtudisc_notify;
else if (V_icmp_may_rst (cmd == PRC_UNREACH_ADMIN_PROHIB ||
cmd == PRC_UNREACH_PORT || cmd ==
Re: svn commit: r234329 - head/lib/libc/net
On Mon, Apr 16, 2012 at 11:48:49AM -0400, Eitan Adler wrote: E 2012/4/16 Gleb Smirnoff gleb...@freebsd.org: E Is that PURIFY documented anywhere? E E I'm uncertain, but it isn't the only use in the source tree. Is there any build with it? (rhetoric question) I'm just afraid that committing fix under ifdef won't satisfy submitter of the patch. -- Totus tuus, Glebius. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r234834 - in head/sys: contrib/pf/net net netinet netinet/ipfw ofed/drivers/infiniband/ulp/ipoib
On Mon, Apr 30, 2012 at 01:48:36PM +0200, Luigi Rizzo wrote: L On Mon, Apr 30, 2012 at 10:22:23AM +, Alexander V. Chernikov wrote: L Author: melifaro L Date: Mon Apr 30 10:22:23 2012 L New Revision: 234834 L URL: http://svn.freebsd.org/changeset/base/234834 L L Log: LMove several enums and structures required for L2 filtering from ip_fw_private.h to ip_fw.h. L L I would be really grateful if you could revert this back and discuss L what you wanted to achieve with this change other than saving one L entry in the list of includes. L L As clearly mentioned in the commit logs L L http://svnweb.freebsd.org/base?view=revisionrevision=200580 L L when i did the last revision of the ipfw+dummynet code i tried L to put a strong separation between what is visible in userland L (ip_fw.h and ip_dummynet.h) and kernel specific stuff. L This way changes in the kernel code do not need to affect userland, L modify installed headers and so on. L L This is why kernel-specific definitions were put in private files. L We may discuss on the filename, ip_fw_kernel.h may be a better fit, L but merging back kernel and userland defs is a bad design decision. L L 20-30 years ago there were good reasons to use a single header L for all sorts of definitions: user-only, kernel-only, and kernel-userland API. L Machines were slow, disks were small, portability was not a big deal. L L These days none of these conditions apply and keeping things L separate helps maintainance and avoid accidental pollution of L definitions and their misuse. L L Besides, keep in mind that ipfw and dummynet are meant to work L on multiple platforms so this change is causing portability troubles. Can we split ip_fw_private.h to ip_fw_private.h, and ip_fw_var.h? The former is really private, and the latter is for other kernel modules. -- Totus tuus, Glebius. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r235923 - head/sys/netgraph
Author: glebius
Date: Thu May 24 18:22:57 2012
New Revision: 235923
URL: http://svn.freebsd.org/changeset/base/235923
Log:
Revert r220768 for ng_ksocket. This node is special and
when it is cloning, its constructor method may be called
in a context that isn't allowed to sleep.
Noticed by: Vadim Goncharov
Modified:
head/sys/netgraph/ng_ksocket.c
head/sys/netgraph/ng_mppc.c
Modified: head/sys/netgraph/ng_ksocket.c
==
--- head/sys/netgraph/ng_ksocket.c Thu May 24 18:19:23 2012
(r235922)
+++ head/sys/netgraph/ng_ksocket.c Thu May 24 18:22:57 2012
(r235923)
@@ -524,7 +524,9 @@ ng_ksocket_constructor(node_p node)
priv_p priv;
/* Allocate private structure */
- priv = malloc(sizeof(*priv), M_NETGRAPH_KSOCKET, M_WAITOK | M_ZERO);
+ priv = malloc(sizeof(*priv), M_NETGRAPH_KSOCKET, M_NOWAIT | M_ZERO);
+ if (priv == NULL)
+ return (ENOMEM);
LIST_INIT(priv-embryos);
/* cross link them */
Modified: head/sys/netgraph/ng_mppc.c
==
--- head/sys/netgraph/ng_mppc.c Thu May 24 18:19:23 2012(r235922)
+++ head/sys/netgraph/ng_mppc.c Thu May 24 18:22:57 2012(r235923)
@@ -98,15 +98,6 @@ static MALLOC_DEFINE(M_NETGRAPH_MPPC, n
/* Key length */
#define KEYLEN(b) (((b) MPPE_128) ? 16 : 8)
-/*
- * When packets are lost with MPPE, we may have to re-key arbitrarily
- * many times to 'catch up' to the new jumped-ahead sequence number.
- * Since this can be expensive, we pose a limit on how many re-keyings
- * we will do at one time to avoid a possible D.O.S. vulnerability.
- * This should instead be a configurable parameter.
- */
-#define MPPE_MAX_REKEY 1000
-
/* MPPC packet header bits */
#define MPPC_FLAG_FLUSHED 0x8000 /* xmitter reset state */
#define MPPC_FLAG_RESTART 0x4000 /* compress history restart */
@@ -641,20 +632,22 @@ ng_mppc_decompress(node_p node, struct m
#endif
#ifdef NETGRAPH_MPPC_ENCRYPTION
if ((d-cfg.bits MPPE_BITS) != 0) {
- u_int rekey;
-
- /* How many times are we going to have to re-key? */
- rekey = ((d-cfg.bits MPPE_STATELESS) != 0) ?
- numLost : (numLost / (MPPE_UPDATE_MASK + 1));
- if (rekey MPPE_MAX_REKEY) {
- log(LOG_ERR, %s: too many (%d) packets
-dropped, disabling node %p!,
- __func__, numLost, node);
- priv-recv.cfg.enable = 0;
- goto failed;
- }
-
- /* Re-key as necessary to catch up to peer */
+ u_int rekey;
+
+ /* How many times are we going to have to re-key? */
+ rekey = ((d-cfg.bits MPPE_STATELESS) != 0) ?
+ numLost : (numLost / (MPPE_UPDATE_MASK + 1));
+ if (rekey 1000)
+ log(LOG_ERR, %s: %d packets dropped,
+ node [%x]\n, __func__, numLost,
+ node-nd_ID);
+
+ /*
+* When packets are lost or re-ordered with MPPE,
+* we may have to re-key up to 0xfff times to 'catch
+* up' to the new jumped-ahead sequence number. Yep,
+* this is heavy, but what else can we do?
+*/
while (d-cc != cc) {
if ((d-cfg.bits MPPE_STATELESS) != 0
|| (d-cc MPPE_UPDATE_MASK)
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r235979 - head/sys/netgraph
Author: glebius
Date: Fri May 25 07:46:24 2012
New Revision: 235979
URL: http://svn.freebsd.org/changeset/base/235979
Log:
Revert my local not yet properly tested changes, that leaked in
with r235923.
Modified:
head/sys/netgraph/ng_mppc.c
Modified: head/sys/netgraph/ng_mppc.c
==
--- head/sys/netgraph/ng_mppc.c Fri May 25 07:32:26 2012(r235978)
+++ head/sys/netgraph/ng_mppc.c Fri May 25 07:46:24 2012(r235979)
@@ -98,6 +98,15 @@ static MALLOC_DEFINE(M_NETGRAPH_MPPC, n
/* Key length */
#define KEYLEN(b) (((b) MPPE_128) ? 16 : 8)
+/*
+ * When packets are lost with MPPE, we may have to re-key arbitrarily
+ * many times to 'catch up' to the new jumped-ahead sequence number.
+ * Since this can be expensive, we pose a limit on how many re-keyings
+ * we will do at one time to avoid a possible D.O.S. vulnerability.
+ * This should instead be a configurable parameter.
+ */
+#define MPPE_MAX_REKEY 1000
+
/* MPPC packet header bits */
#define MPPC_FLAG_FLUSHED 0x8000 /* xmitter reset state */
#define MPPC_FLAG_RESTART 0x4000 /* compress history restart */
@@ -632,22 +641,20 @@ ng_mppc_decompress(node_p node, struct m
#endif
#ifdef NETGRAPH_MPPC_ENCRYPTION
if ((d-cfg.bits MPPE_BITS) != 0) {
- u_int rekey;
-
- /* How many times are we going to have to re-key? */
- rekey = ((d-cfg.bits MPPE_STATELESS) != 0) ?
- numLost : (numLost / (MPPE_UPDATE_MASK + 1));
- if (rekey 1000)
- log(LOG_ERR, %s: %d packets dropped,
- node [%x]\n, __func__, numLost,
- node-nd_ID);
-
- /*
-* When packets are lost or re-ordered with MPPE,
-* we may have to re-key up to 0xfff times to 'catch
-* up' to the new jumped-ahead sequence number. Yep,
-* this is heavy, but what else can we do?
-*/
+ u_int rekey;
+
+ /* How many times are we going to have to re-key? */
+ rekey = ((d-cfg.bits MPPE_STATELESS) != 0) ?
+ numLost : (numLost / (MPPE_UPDATE_MASK + 1));
+ if (rekey MPPE_MAX_REKEY) {
+ log(LOG_ERR, %s: too many (%d) packets
+dropped, disabling node %p!,
+ __func__, numLost, node);
+ priv-recv.cfg.enable = 0;
+ goto failed;
+ }
+
+ /* Re-key as necessary to catch up to peer */
while (d-cc != cc) {
if ((d-cfg.bits MPPE_STATELESS) != 0
|| (d-cc MPPE_UPDATE_MASK)
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r236178 - in head: sbin/ifconfig sys/net
On Mon, May 28, 2012 at 12:13:05PM +, Eygene Ryabinkin wrote: E The real-world case is when I am bundling together my Ethernet and E WiFi interfaces and using multiple profiles for accessing network in E different places: system being booted up with one profile, but later E this profile being exchanged to another one, followed by 'service E netif restart' will not add WiFi interface back to the lagg: the E stop action from 'service netif restart' will shut down my main WiFi E interface, so wlan0 that exists in the lagg0 will be destroyed and E purged from lagg0; the start action will try to re-add both E interfaces, but since Ethernet one is already in lagg0, ifconfig will E refuse to add the wlan0 from WiFi interface. Although the lagg(4) change is definetely a needed fix, the way of network roaming via stacking WiFi and Ethernet into lagg(4) always looked like a huge crutch to me. Isn't the problem solvable via a some kind of smarter dhclient? How other UNIX-like OS-es solve this? -- Totus tuus, Glebius. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r205082 - head/sys/netgraph
Author: glebius
Date: Fri Mar 12 14:51:42 2010
New Revision: 205082
URL: http://svn.freebsd.org/changeset/base/205082
Log:
Fix 'netstat -f netgraph', which I had broken in r163463 ling time
ago in 2006. This linked list is actually needed for userland.
PR: kern/140446
Submitted by: Adrian Steinmann ast marabu.ch
Modified:
head/sys/netgraph/ng_socket.c
Modified: head/sys/netgraph/ng_socket.c
==
--- head/sys/netgraph/ng_socket.c Fri Mar 12 13:53:52 2010
(r205081)
+++ head/sys/netgraph/ng_socket.c Fri Mar 12 14:51:42 2010
(r205082)
@@ -156,6 +156,11 @@ static u_long ngpdg_recvspace = 20 * 102
SYSCTL_INT(_net_graph, OID_AUTO, recvspace, CTLFLAG_RW,
ngpdg_recvspace , 0, Maximum space for incoming Netgraph datagrams);
+/* List of all sockets (for netstat -f netgraph) */
+static LIST_HEAD(, ngpcb) ngsocklist;
+
+static struct mtx ngsocketlist_mtx;
+
#define sotongpcb(so) ((struct ngpcb *)(so)-so_pcb)
/* If getting unexplained errors returned, set this to kdb_enter(X); */
@@ -584,6 +589,10 @@ ng_attach_common(struct socket *so, int
so-so_pcb = (caddr_t)pcbp;
pcbp-ng_socket = so;
+ /* Add the socket to linked list */
+ mtx_lock(ngsocketlist_mtx);
+ LIST_INSERT_HEAD(ngsocklist, pcbp, socks);
+ mtx_unlock(ngsocketlist_mtx);
return (0);
}
@@ -617,6 +626,9 @@ ng_detach_common(struct ngpcb *pcbp, int
}
pcbp-ng_socket-so_pcb = NULL;
+ mtx_lock(ngsocketlist_mtx);
+ LIST_REMOVE(pcbp, socks);
+ mtx_unlock(ngsocketlist_mtx);
free(pcbp, M_PCB);
}
@@ -1115,8 +1127,14 @@ ngs_mod_event(module_t mod, int event, v
switch (event) {
case MOD_LOAD:
+ mtx_init(ngsocketlist_mtx, ng_socketlist, NULL, MTX_DEF);
break;
case MOD_UNLOAD:
+ /* Ensure there are no open netgraph sockets. */
+ if (!LIST_EMPTY(ngsocklist)) {
+ error = EBUSY;
+ break;
+ }
#ifdef NOTYET
/* Unregister protocol domain XXX can't do this yet.. */
#endif
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r205083 - in head: sys/netgraph usr.bin/netstat
Author: glebius
Date: Fri Mar 12 15:04:59 2010
New Revision: 205083
URL: http://svn.freebsd.org/changeset/base/205083
Log:
Now fix functionality of 'netstat -f netgraph' that hasn't worked
starting from netgraph import in 1999.
netstat(8) used pointer to node as node address, oops. That didn't
work, we need the node ID in brackets to successfully address a node.
We can't look into ng_node, due to inability to include netgraph/netgraph.h
in userland code. So let the node make a hint for a userland, storing
the node ID in its private data.
MFC after:2 weeks
Modified:
head/sys/netgraph/ng_socket.c
head/sys/netgraph/ng_socketvar.h
head/usr.bin/netstat/netgraph.c
Modified: head/sys/netgraph/ng_socket.c
==
--- head/sys/netgraph/ng_socket.c Fri Mar 12 14:51:42 2010
(r205082)
+++ head/sys/netgraph/ng_socket.c Fri Mar 12 15:04:59 2010
(r205083)
@@ -552,6 +552,9 @@ ng_attach_cntl(struct socket *so)
return (error);
}
+ /* Store a hint for netstat(1). */
+ priv-node_id = priv-node-nd_ID;
+
/* Link the node and the private data. */
NG_NODE_SET_PRIVATE(priv-node, priv);
NG_NODE_REF(priv-node);
Modified: head/sys/netgraph/ng_socketvar.h
==
--- head/sys/netgraph/ng_socketvar.hFri Mar 12 14:51:42 2010
(r205082)
+++ head/sys/netgraph/ng_socketvar.hFri Mar 12 15:04:59 2010
(r205083)
@@ -61,6 +61,7 @@ struct ngsock {
intrefs;
struct mtx mtx;/* mtx to wait on */
int error; /* place to store error */
+ ng_ID_t node_id;/* a hint for netstat(1) to find the
node */
};
#defineNGS_FLAG_NOLINGER 1 /* close with last hook */
Modified: head/usr.bin/netstat/netgraph.c
==
--- head/usr.bin/netstat/netgraph.c Fri Mar 12 14:51:42 2010
(r205082)
+++ head/usr.bin/netstat/netgraph.c Fri Mar 12 15:04:59 2010
(r205083)
@@ -166,14 +166,14 @@ netgraphprotopr(u_long off, const char *
name, sockb.so_rcv.sb_cc, sockb.so_snd.sb_cc);
/* Get ngsock structure */
- if (ngpcb.sockdata == 0)/* unconnected data socket */
+ if (ngpcb.sockdata == NULL) /* unconnected data socket */
goto finish;
kread((u_long)ngpcb.sockdata, (char *)info, sizeof(info));
/* Get info on associated node */
- if (info.node == 0 || csock == -1)
+ if (info.node_id == 0 || csock == -1)
goto finish;
- snprintf(path, sizeof(path), [%lx]:, (u_long) info.node);
+ snprintf(path, sizeof(path), [%x]:, info.node_id);
if (NgSendMsg(csock, path,
NGM_GENERIC_COOKIE, NGM_NODEINFO, NULL, 0) 0)
goto finish;
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r205636 - head/sys/netgraph/netflow
Author: glebius Date: Thu Mar 25 10:13:21 2010 New Revision: 205636 URL: http://svn.freebsd.org/changeset/base/205636 Log: Remove disabled code. In 99% cases exports are send to ng_ksocket(4), which already forces queued mode, so what was suggested in disabled code is already done. Modified: head/sys/netgraph/netflow/ng_netflow.c Modified: head/sys/netgraph/netflow/ng_netflow.c == --- head/sys/netgraph/netflow/ng_netflow.c Thu Mar 25 08:33:56 2010 (r205635) +++ head/sys/netgraph/netflow/ng_netflow.c Thu Mar 25 10:13:21 2010 (r205636) @@ -286,15 +286,6 @@ ng_netflow_newhook(node_p node, hook_p h priv-export = hook; -#if 0 /* TODO: profile test first */ - /* -* We send export dgrams in interrupt handlers and in -* callout threads. We'd better queue data for later -* netgraph ISR processing. -*/ - NG_HOOK_FORCE_QUEUE(NG_HOOK_PEER(hook)); -#endif - /* Exporter is ready. Let's schedule expiry. */ callout_reset(priv-exp_callout, (1*hz), ng_netflow_expire, (void *)priv); ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
