vlan pads a frame with zeros up to 68 bytes
(ETHER_MIN_LEN + ETHER_VLAN_ENCAP_LEN). It expects
that even if the frame is untagged, it keeps 64 bytes
at least. However, it lacks concern about CRC
(4 bytes). So a sending frame can be 72 (68 + 4) bytes.
PR 49788
they are created on the fly. This makes it clear what the route is for
and allows an optimisation in ip_output() by avoiding a call to
in_broadcast() because most of the time we do talk to a host.
It also avoids a needless allocation for the storage of llinfo_arp and
thus vanishes from arp(8) - it showed as incomplete anyway so this
is a nice side effect.
Guard against this and routes marked with RTF_BLACKHOLE in
ip_fastforward().
While here, guard against routes marked with RTF_BLACKHOLE in
ip6_fastforward().
RTF_BROADCAST is IPv4 only, so don't bother checking that here.
Add functions rt_ifa_addlocal() and rt_ifa_remlocal() to add and remove
local routes for the address and announce the new address and route
to the routing socket.
Add in_ifaddlocal() and in_ifremlocal() to use these functions.
Rename in6_if{add,rem}loop() to in6_if{add,rem}local() and use these
functions.
rtinit() no longer announces the address, just the network route for the
address. As such, calls to rt_newaddrmsg() have been removed from
in_addprefix() and in_scrubprefix().
This solves the problem of potentially more than one announcement, or no
announcement at all for the address in certain situations.
connection when it is still referenced by another thread.
- npf_conn_destroy: remove the backwards entry using the saved key, PR/49488.
- Sprinkle some asserts.
This change enables lockless accesses to bridge rtable lists.
See locking notes in a comment to know how pserialize and
mutexes are used. Some functions are rearranged to use
pserialize. A workqueue is introduced to use pserialize in
bridge_rtage via bridge_timer callout.
As usual, pserialize and mutexes are used only when NET_MPSAFE
on. On the other hand, the newly added workqueue is used
regardless of NET_MPSAFE on or off.
The expire time of a cache in a bridge MAC address table was never reset
once it is initialized regardless of traffic for the cache. The behavior
isn't supposed and active caches are unnecessarily expired and removed.
PR kern/49507
This change enables lockless accesses to bridge member lists.
See locking notes in a comment to know how pserialize and
mutexes are used.
This change also provides support for softint-based interrupt
handling; pserialize readers can run in both HW interrupt and
softint contexts.
As usual, pserialize is used only when NET_MPSAFE on.
When NET_MPSAFE on, a bridge tries to pass up a packet to Layer 3
(or call m_freem) with holding a lock or referencing unnecessary
objects. That causes random lock ups. The change fixes the issue.
if_attach initializes an ifnet object and registers it to the system
(e.g., ifnet_list), however, if_attach doesn't complete the
initialization and the rest of it will be done by if_alloc_sadl
that is normally directly called by device drivers or called via
functions like ether_ifattach. So there is a race between
if_attach and if_alloc_sadl (A half-baked ifnet object may be
accessed, for example, via ioctl between them).
The aim of this fix is to register an initializing ifnet object
after completing its initializations. To this end, this fix
separates if_attach into an initialization part (if_initialize)
and a registration part (if_register) and call the latter after
if_alloc_sadl (ether_ifattach). So a typical usage of the two
new APIs is like this:
if_initialize(ifp); // was if_attach
ether_ifattach(ifp, enaddr);
if_register(ifp);
Nonetheless, changing every drivers to do so at once isn't
feasible. So we keep if_attach working as it used to be and
will change only some drivers that we need at this point.
Once we know the fix really works well, we'll change all
the others.
Some more information of the fix can be found here:
http://mail-index.netbsd.org/tech-kern/2014/12/10/msg018242.html
No objection on tech-kern and tech-net.
The tweak makes the code intention clear and further changes easy.
No functional change.
The first trial broke SIOCGIFCONF (PR 49437). So as not to repeat the mistake,
t_ifconf was added. It should warn if something goes wrong on ifconf.
The commit broke dlopen()'d rumpnet on platforms where ld.so does not
override weak aliases (e.g. musl, Solaris, potentially OS X, ...).
Requested by pooka@.
NAT policy take over or or portmap sharing - just replace them all.
- npf_config_fini: flush with the empty connection database.
- npf_nat_import: fix the stat counter.
