aboutsummaryrefslogtreecommitdiff
path: root/sys/netgraph
Commit message (Collapse)AuthorAgeFilesLines
* netgraph: Fix ng_ether's shutdown handingMark Johnston2020-12-232-10/+7
| | | | | | | | | | | | | | | | | | | | | | | When tearing down a VNET, netgraph sends shutdown messages to all of the nodes before detaching interfaces (SI_SUB_NETGRAPH comes before SI_SUB_INIT_IF in teardown order). ng_ether nodes handle this by destroying themselves without detaching from the parent ifnet. Then, when ifnets go away they detach their ng_ether nodes again, triggering a use-after-free. Handle this by modifying ng_ether_shutdown() to detach from the ifnet. If the shutdown was triggered by an ifnet being destroyed, we will clear priv->ifp in the ng_ether detach callback, so priv->ifp may be NULL. Also get rid of the printf in vnet_netgraph_uninit(). It can be triggered trivially by ng_ether since ng_ether_shutdown() persists the node unless NG_REALLY_DIE is set. PR: 233622 Reviewed by: afedorov, kp, Lutz Donnerhacke MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D27662
* [ng_socket] Don't take the SOCKBUF_LOCK() twice in the RX data path.Aleksandr Fedorov2020-12-171-2/+9
| | | | | | | | | | | | This is just a minor optimization, but it's sensitive. This gives an improvement of 30-50 kpps. Reviewed by: kp, markj, glebius, lutz_donnerhacke.de Approved by: vmaffione (mentor) Sponsored by: vstack.com Differential Revision: https://reviews.freebsd.org/D27382 Notes: svn path=/head/; revision=368727
* netgraph: macfilter: small fixesKyle Evans2020-12-091-19/+19
| | | | | | | | | | | | | Two issues: - The DEBUG macro defined is in direct conflict with the DEBUG kernel option, which broke the -LINT build[0] - Building with NG_MACFILTER_DEBUG did not compile on LP64 systems due to using %d for sizeof(). Reported by: Jenkins[0] Notes: svn path=/head/; revision=368487
* New Netgraph module ng_macfilter:Nick Hibma2020-12-082-0/+1010
| | | | | | | | | | | | | | | Macfilter to route packets through different hooks based on sender MAC address. Based on ng_macfilter written by Pekka Nikander Sponsered by Retina b.v. Reviewed by: afedorov MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D27268 Notes: svn path=/head/; revision=368443
* ng_nat: unbreak ABIEugene Grosbein2020-11-101-2/+2
| | | | | | | | | | | | The revision r342168 broke ABI of ng_nat needlessly and the change was merged to stable branches breaking ABI there, too. Unbreak it. PR: 250722 MFC after: 1 week Notes: svn path=/head/; revision=367545
* ng_l2tp: Fix callout synchronization in the rexmit timeout handlerMark Johnston2020-09-251-5/+7
| | | | | | | | | | | | | | | | | | A received control packet may cause the transmit queue to be flushed, in which case ng_l2tp_seq_recv_nr() cancels the transmit timeout handler. The handler checks to see if it was cancelled before doing anything, but did so before acquiring the node lock, so a small race window could cause ng_l2tp_seq_rack_timeout() to attempt to flush an empty queue, ultimately causing a null pointer dereference. PR: 241133 Reviewed by: bz, glebius, Lutz Donnerhacke MFC after: 3 days Sponsored by: Rubicon Communications, LLC (Netgate) Differential Revision: https://reviews.freebsd.org/D26548 Notes: svn path=/head/; revision=366167
* ng_ether: Enter NET_EPOCH where requiredKristof Provost2020-09-022-3/+8
| | | | | | | | | | | | | | | | | We must enter NET_EPOCH before calling ether_output_frame(). Several of the functions it calls (pfil_run_hooks, if_transmit) expect to be running in the NET_EPOCH. While here remove an unneeded EPOCH entry (which wasn't wide enough to cover BRIDGE_INPUT). PR: 248958 Reviewed by: glebius, bz (previous version), melifaro (previous version) Tested by: manu Differential Revision: https://reviews.freebsd.org/D26226 Notes: svn path=/head/; revision=365246
* net: clean up empty lines in .c and .h filesMateusz Guzik2020-09-01119-327/+115
| | | | Notes: svn path=/head/; revision=365071
* ng_ubt: Add a device ID.Mark Johnston2020-08-231-0/+1
| | | | | | | | | PR: 248838 Submitted by: Andrey Zholos <aaz@q-fu.com> MFC after: 1 week Notes: svn path=/head/; revision=364509
* Tag pccard drivers with gone in 13.Warner Losh2020-08-201-0/+2
| | | | | | | | | MFC After: 3 days Reviewed by: emaste, brooks, adrian (on twitter) Differential Revision: https://reviews.freebsd.org/D26095 Notes: svn path=/head/; revision=364430
* Increase BER to PER lookup table size in an attempt to mitigate panicsMarko Zec2020-08-181-1/+1
| | | | | | | | | with LRO and TSO. Reported by: rstone Notes: svn path=/head/; revision=364368
* ng_iface(4): Remove unsupported protocols.Mark Johnston2020-07-312-4/+0
| | | | | | | | | | | | Update the ng_iface documentation and hooks to reflect the fact that the node currently only supports IPv4 and v6 packets. Reviewed by: Lutz Donnerhacke MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D25862 Notes: svn path=/head/; revision=363736
* ng_iface(4): Set the current VNET before calling netisr_dispatch().Mark Johnston2020-07-311-0/+2
| | | | | | | | | | | | | | | | | | This is normally handled by a netgraph thread, but netgraph messages may be dispatched directly to a node, in which case no VNET is set before ng_iface calls into the network stack. Netgraph could probably handle this more generally, but for now just be sure to set the current VNET in ng_iface. PR: 242406 Tested by: Michael Muenz <m.muenz@gmail.com> Reviewed by: Lutz Donnerhacke MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D25788 Notes: svn path=/head/; revision=363735
* Fix L2CAP ACL packet PB(Packet Boundary) flag for LE PDU.Takanori Watanabe2020-07-172-4/+5
| | | | | | | | | | | | | | ACL packet boundary flag should be 0 instead of 2 for LE PDU. Some HCI will drop LE packet with PB flag is 2, and if sent, some target may reject the packet. PR: 248024 Reported by: Greg V Reviewed by: Greg V, emax Differential Revision: https://reviews.freebsd.org/D25704 Notes: svn path=/head/; revision=363276
* Add support for [read|write] supported data length commands.Takanori Watanabe2020-07-081-1/+16
| | | | | | | | | | | Fix ng_hci_le_long_term_key_request_negative_reply_cp struct while here. PR: 247809 Submitted by: Marc Veldman Notes: svn path=/head/; revision=363003
* Allow some Bluetooth LE related HCI request to non-root user.Takanori Watanabe2020-07-011-0/+6
| | | | | | | | | | PR: 247588 Reported by: Greg V (greg@unrelenting.technology) Reviewed by: emax Differential Revision: https://reviews.freebsd.org/D25516 Notes: svn path=/head/; revision=362825
* Update event masks constant to Bluetooth core spec V5.2Takanori Watanabe2020-06-151-2/+66
| | | | | | | | | | and add LE Events. PR: 247257 Submitted by: Marc Veldman Notes: svn path=/head/; revision=362199
* Add LE events:Takanori Watanabe2020-06-101-2/+56
| | | | | | | | | | | | | | | | READ_REMOTE_FEATURES_COMPL LONG_TERM_KEY_REQUEST REMOTE_CONN_PARAM_REQUEST DATA_LENGTH_CHANGE READ_LOCAL_P256_PK_COMPL GEN_DHKEY_COMPL ENH_CONN_COMPL PR: 247050 Submitted by: Marc Veldman marc at bumblingdork.com Notes: svn path=/head/; revision=362004
* Fix check for wMaxPacketSize in USB bluetooth driver,Hans Petter Selasky2020-05-281-3/+4
| | | | | | | | | | in case device is not FULL speed. MFC after: 3 days Sponsored by: Mellanox Technologies Notes: svn path=/head/; revision=361582
* Fix Typo in ng_hci_le_connection_complete_ep struct.Takanori Watanabe2020-05-191-1/+1
| | | | | | | | PR: 246538 Submitted by: Marc Veldman Notes: svn path=/head/; revision=361254
* Add space for RSSI in data member.Takanori Watanabe2020-05-091-1/+2
| | | | | | | | | | RSSI is put just after actual data. Submitted by: Marc Veldman PR: 245920 Notes: svn path=/head/; revision=360846
* Add le_read_buffer_size command and manpage.Takanori Watanabe2020-04-281-0/+9
| | | | | | | | | | It supports both v1 and v2 command. PR:245964 Submitted by: Marc Veldman <marc@bumblingdork.com> Notes: svn path=/head/; revision=360440
* ng_eiface: fix kernel panic due to the racecondition in ng_eiface shutdown.Aleksandr Fedorov2020-04-271-1/+1
| | | | | | | | | | | | PR: 244247 Reported by: Vladislav V. Prodan <admin@support.od.ua> Reviewed by: vmaffione, lutz_donnerhacke.de Approved by: vmaffione (mentor) Sponsored by: vstack.com Differential Revision: https://reviews.freebsd.org/D24557 Notes: svn path=/head/; revision=360372
* Substitute le_read_supported_status with le_read_supported_states.Hans Petter Selasky2020-04-202-5/+5
| | | | | | | | | | | | Refer to bluetooth core v5.2 specifications Vol4. Part E. 7.8.27. PR: 245763 Submitted by: Marc Veldman <marc@bumblingdork.com> MFC after: 1 week Sponsored by: Mellanox Technologies Notes: svn path=/head/; revision=360116
* Bring HCI error messages up-to-date.Hans Petter Selasky2020-04-191-1/+29
| | | | | | | | | | | | See Bluetooth v5.6 core specification Vol.1 Part F: Controller error codes. Submitted by: Marc Veldman <marc@bumblingdork.com> PR: 245737 MFC after: 1 week Sponsored by: Mellanox Technologies Notes: svn path=/head/; revision=360092
* tty: convert tty_lock_assert to tty_assert_locked to hide lock typeKyle Evans2020-04-171-2/+2
| | | | | | | | | | | | | | | | | A later change, currently being iterated on in D24459, will in-fact change the lock type to an sx so that TTY drivers can sleep on it if they need to. Committing this ahead of time to make the review in question a little more palatable. tty_lock_assert() is unfortunately still needed for now in two places to make sure that the tty lock has not been recursed upon, for those scenarios where it's supplied by the TTY driver and possibly a mutex that is allowed to recurse. Suggested by: markj Notes: svn path=/head/; revision=360051
* Don't initialize m->m_data to m->m_pktdat, this is already done by theGleb Smirnoff2020-04-171-2/+0
| | | | | | | mbuf allocator. That was the last remnant of such code in the kernel. Notes: svn path=/head/; revision=360034
* Fix mbuf handling in le advertize packet processing.Takanori Watanabe2020-04-021-3/+6
| | | | | | | Submitted by: Marc Veldman <marc at bumblingdork.com> Notes: svn path=/head/; revision=359560
* Fix spelling of "dropped".Gleb Smirnoff2020-03-042-4/+4
| | | | | | | | Submitted by: Lutz Donnerhacke Differential Revision: https://reviews.freebsd.org/D23954 Notes: svn path=/head/; revision=358657
* Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many)Pawel Biernacki2020-02-2612-40/+57
| | | | | | | | | | | | | | | | | | | r357614 added CTLFLAG_NEEDGIANT to make it easier to find nodes that are still not MPSAFE (or already are but aren’t properly marked). Use it in preparation for a general review of all nodes. This is non-functional change that adds annotations to SYSCTL_NODE and SYSCTL_PROC nodes using one of the soon-to-be-required flags. Mark all obvious cases as MPSAFE. All entries that haven't been marked as MPSAFE before are by default marked as NEEDGIANT Approved by: kib (mentor, blanket) Commented by: kib, gallatin, melifaro Differential Revision: https://reviews.freebsd.org/D23718 Notes: svn path=/head/; revision=358333
* Rework second part of r357558. Unroll the macro and allocate memory inGleb Smirnoff2020-02-211-1/+4
| | | | | | | sleepable manner before entering the epoch for the send. Notes: svn path=/head/; revision=358194
* Revert one half of previous change r357558. Don't enter the epoch onGleb Smirnoff2020-02-211-3/+0
| | | | | | | | | | sends to control socket. Control socket messages can run constructors of nodes and other stuff that is allowed to M_WAITOK. PR: 244241 Notes: svn path=/head/; revision=358193
* ng_nat: avoid panic if attached directly to ng_ether and got short packetEugene Grosbein2020-02-121-2/+7
| | | | | | | | | | | | | | | | | | | From the beginning, ng_nat safely assumed cleansed traffic because of limited ways it could be attached to NETGRAPH: ng_ipfw or ng_ppp only. Now as it may be attached with ng_ether too, the assumption proven wrong. Add needed check to the ng_nat. Thanks for markj for debugging this. PR: 243096 Submitted by: Lutz Donnerhacke <lutz@donnerhacke.de> Reported by: Robert James Hernandez <rob@sarcasticadmin.com> Reviewed by: markj and others MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D23091 Notes: svn path=/head/; revision=357786
* I doubt anybody in the world uses ng_device, but its write method shouldGleb Smirnoff2020-02-051-0/+5
| | | | | | | also enter the network epoch when sending data from user level to netgraph. Notes: svn path=/head/; revision=357559
* Enter the network epoch when ng_socket sends data or control from userGleb Smirnoff2020-02-051-0/+8
| | | | | | | land to the netgraph and potentially further down the network stack. Notes: svn path=/head/; revision=357558
* netgraph(4) callouts need to be executed in the network epoch.Gleb Smirnoff2020-02-051-0/+3
| | | | Notes: svn path=/head/; revision=357557
* ng_nat: Pass IPv6 packets through.Mark Johnston2020-01-231-1/+0
| | | | | | | | | | | | | | | | | ng_nat implements NAT for IPv4 traffic only. When connected to an ng_ether node it erroneously handled IPv6 packets as well. This change is not sufficient: ng_nat does not do any validation of IP packets in this mode, even though they have not yet passed through ip_input(). PR: 243096 Reported by: Robert James Hernandez <rob@sarcasticadmin.com> Reviewed by: julian Differential Revision: https://reviews.freebsd.org/D23080 Notes: svn path=/head/; revision=357053
* Generate MAC address from the FreeBSD OUI range.Kirill Ponomarev2020-01-161-2/+3
| | | | | | | | | Submitted by: aleksandr.fedorov_vstack_com Approved by: kevans Differential Revision: https://reviews.freebsd.org/D23168 Notes: svn path=/head/; revision=356801
* Netgraph queue processing thread must process all its itemsGleb Smirnoff2020-01-151-0/+4
| | | | | | | | | in the network epoch. Reported by: Michael Zhilin <mizhka@ > Notes: svn path=/head/; revision=356749
* netgraph/ng_bridge: Reestablish old ABIBjoern A. Zeeb2020-01-052-0/+109
| | | | | | | | | | | | | | | | | In order to be able to merge r353026 bring back support for the old cookie API for a transition period in 12.x releases (and possibly 13) before the old API can be removed again entirely. Suggested by: julian Submitted by: Lutz Donnerhacke (lutz donnerhacke.de) PR: 240787 Reviewed by: julian MFC after: 2 weeks X-MFC with: r353026 Differential Revision: https://reviews.freebsd.org/D21961 Notes: svn path=/head/; revision=356386
* Remove the deprecated timeout(9) interface.John Baldwin2019-12-131-1/+1
| | | | | | | | | | All in-tree consumers have been converted to callout(9). Reviewed by: kib, markj Differential Revision: https://reviews.freebsd.org/D22602 Notes: svn path=/head/; revision=355732
* Use callout_func_t instead of the deprecated timeout_t.John Baldwin2019-12-101-1/+1
| | | | | | | | Reviewed by: kib, imp Differential Revision: https://reviews.freebsd.org/D22752 Notes: svn path=/head/; revision=355601
* Fix regression from r353026. Pointer was increased instead of valueGleb Smirnoff2019-11-021-1/+1
| | | | | | | | | | pointed to. PR: 241646 Submitted by: Aleksandr Fedorov <aleksandr.fedorov itglobal.com> Notes: svn path=/head/; revision=354244
* Don't use if_maddr_rlock() in ng_eiface(4), use epoch(9) directly instead.Gleb Smirnoff2019-10-101-3/+4
| | | | Notes: svn path=/head/; revision=353423
* Don't use if_maddr_rlock() in ng_ether(4), use epoch(9) directly instead.Gleb Smirnoff2019-10-101-2/+3
| | | | Notes: svn path=/head/; revision=353421
* Widen NET_EPOCH coverage.Gleb Smirnoff2019-10-073-1/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When epoch(9) was introduced to network stack, it was basically dropped in place of existing locking, which was mutexes and rwlocks. For the sake of performance mutex covered areas were as small as possible, so became epoch covered areas. However, epoch doesn't introduce any contention, it just delays memory reclaim. So, there is no point to minimise epoch covered areas in sense of performance. Meanwhile entering/exiting epoch also has non-zero CPU usage, so doing this less often is a win. Not the least is also code maintainability. In the new paradigm we can assume that at any stage of processing a packet, we are inside network epoch. This makes coding both input and output path way easier. On output path we already enter epoch quite early - in the ip_output(), in the ip6_output(). This patch does the same for the input path. All ISR processing, network related callouts, other ways of packet injection to the network stack shall be performed in net_epoch. Any leaf function that walks network configuration now asserts epoch. Tricky part is configuration code paths - ioctls, sysctls. They also call into leaf functions, so some need to be changed. This patch would introduce more epoch recursions (see EPOCH_TRACE) than we had before. They will be cleaned up separately, as several of them aren't trivial. Note, that unlike a lock recursion the epoch recursion is safe and just wastes a bit of resources. Reviewed by: gallatin, hselasky, cy, adrian, kristof Differential Revision: https://reviews.freebsd.org/D19111 Notes: svn path=/head/; revision=353292
* Fix build failure from r353026. Somehow module build allowed this.Gleb Smirnoff2019-10-031-5/+9
| | | | | | | Pointy hat to: glebius Notes: svn path=/head/; revision=353030
* Protect access to seq->xwin[] with the seq mutex.Gleb Smirnoff2019-10-031-1/+4
| | | | | | | MFC after: 5 weeks Notes: svn path=/head/; revision=353027
* - Remove the compile time limit for number of links a ng_bridge nodeGleb Smirnoff2019-10-032-231/+219
| | | | | | | | | | | | | can handle. Instead using an array on node private data, use per-hook private data. - Use NG_NODE_FOREACH_HOOK() to traverse through hooks instead of array. PR: 240787 Submitted by: Lutz Donnerhacke <lutz donnerhacke.de> Differential Revision: https://reviews.freebsd.org/D21803 Notes: svn path=/head/; revision=353026
* avoid holding PCB mutex during copyin/copyout()Maksim Yevmenkin2019-08-302-89/+154
| | | | | | | | Reported by: imp, mms dot vanbreukelingen at gmail dot com Reviewed by: imp Notes: svn path=/head/; revision=351626
generated by cgit v1.3 (git 2.53.0) at 2026-04-09 12:26:46 +0000