Commit Graph

2302 Commits

Author SHA1 Message Date
rmind
f04a92b1d6 - Rewrite parts of pfil(9): use array to store hooks and thus be more cache
friendly (there are only few hooks in the system).  Make the structures
  opaque and the interface more strict.
- Remove PFIL_HOOKS option by making pfil(9) mandatory.
2013-06-29 21:06:57 +00:00
roy
3643d6b4fe Move the detaching and making tentative addresses out if in6_if_up
and into in6_if_link_up.

This fixes a possible panic where link is up but not the interface.
Note that a better solution would be to listen to the routing socket
in the kernel, but I don't know how to do that.

Reachable Router tests for IFF_UP as well.
2013-06-20 13:56:29 +00:00
roy
49e60b0459 When an interface link state changes to down, mark all attached IPv6
addresses as detached.
Likewise, when the link state changes to up, mark all detached IPv6
as tentative and start DAD on them.

Advertised router reachability now checks that link state is not down.
This means that when an interface link state changes, the default IPv6
router may change as well.
2013-06-11 12:08:29 +00:00
christos
0e92ff1093 PR/44032: Proxy entries stopped working with pppd. The issue here is that
the route entry was added, but the RTF_LLINFO bit was not set, making arp -a
not showing the entry, but netstat -rn -f inet showing it with the missing
L bit. The order of resolution in ifa_ifwithroute() is that if a destination
address is found, then the interface chosen for the route is that of the
destination. This does not work for link-level addresses since the ppp
interface does not arp (uses link_rtrequest, not arp_rtrequest), so the
bit is never set. The easy solution here is to check that the gateway is
a link address, and use the interface which we chose for the link address
as opposed to the interface that routes to the destination. This restores
the previous behavior, but is it correct?
2013-06-08 02:42:56 +00:00
rmind
bdfcfdcad8 - NPF connection tracking: rework synchronisation on tracking disable/enable
points and document it.  Split the worker thread into a separate module
  with an interface, so it could be re-used for other tasks.
- Replace ALG list with arrays and thus hit fewer cache lines.
- Misc bug fixes.
2013-06-02 02:20:04 +00:00
rmind
ce38978248 - Add NPF table flushing functionality.
- Fix line numbering for npfctl debug command.
2013-05-19 20:45:34 +00:00
kardel
f4c260b7f0 recover DLT_HIPPY and DLT_HDLC from before for if_hippisubr.c and hd64570.c 2013-04-07 14:12:05 +00:00
christos
cefc406697 update from libpcap 2013-04-06 23:20:27 +00:00
christos
bc0f55de88 Make ALG's autoloadable by providing in the config file:
alg "algname"
2013-03-20 00:29:46 +00:00
rmind
4183ea5f53 Always use BPF JIT for NPF rules (using BPF code) if it is available. 2013-03-18 02:24:45 +00:00
rmind
9ef92dc6c0 npf_session_establish: fix previous. 2013-03-18 00:17:20 +00:00
rmind
3b8a2fcf9c Add npf_session_trackable_p() and npf_session_fillent() for the common code.
Simplify.  No functional change.
2013-03-18 00:14:57 +00:00
christos
ff7550039b add missing argument 2013-03-13 13:15:47 +00:00
christos
fbfb5d3d8e don't auto-unload 2013-03-13 02:34:37 +00:00
christos
2c132b3129 normali{s,z}e 2013-03-12 20:47:48 +00:00
christos
12e775eb94 use sizeof(req) to find if it was empty or not (from uwe) 2013-03-11 17:20:02 +00:00
christos
d89c031d8b *"" is not constant according to gcc. So we move the responsibility for adding
a , to the users of the macro.
2013-03-11 17:03:55 +00:00
christos
02ab91fbba - avoid trailing , in dependencies when there are none other the npf module
itself.
- remove if_npflog dependency from npf_ext_log.
2013-03-11 16:37:43 +00:00
christos
fea1d0b382 prevent the lookup function from autoloading recursively. 2013-03-11 01:56:37 +00:00
christos
7e25e6910f move the module loading in the correct place. 2013-03-11 01:43:50 +00:00
christos
1066afcd4f remove the detach that does not belong here anymore. 2013-03-11 01:42:12 +00:00
christos
45d28ff77c Split the npflog cloner and auto-load the extensions. 2013-03-10 20:51:44 +00:00
christos
a6e021428d allow cloners as modules. 2013-03-10 19:46:12 +00:00
joerg
e240adbd0b Retire OSI network stack. OK core@ 2013-03-01 18:25:13 +00:00
rmind
3ae8914252 nbuf_ensure_contig: fix assert (can be equal if there is zero-length mbuf).
Found by npftest on sparc64.
2013-02-19 23:57:37 +00:00
rmind
56910be779 - Convert NPF dynamic rule ID to just incremented 64-bit counter.
- Fix multiple bugs.  Also, update the man page.
2013-02-16 21:11:12 +00:00
rmind
50c5afcad4 - Fix NPF config reload with dynamic rules present.
- Implement list and flush commands on a dynamic ruleset.
2013-02-10 23:47:37 +00:00
rmind
0e21825481 NPF:
- Implement dynamic NPF rules.  Controlled through npf(3) library of via
  npfctl rule command.  A rule can be removed using a unique identifier,
  returned on addition, or using a key which is SHA1 hash of the rule.
  Adjust npftest and add a regression test.
- Improvements to rule inspection mechanism.
- Initial BPF support as an alternative to n-code.
- Minor fixes; bump the version.
2013-02-09 03:35:31 +00:00
joerg
6c3b61dddd Remove remnants of AF_IMPLINK. 2013-02-05 17:30:01 +00:00
yamt
aad8ef3224 use cprng_fast instead of getmicrouptime to generate "random" mac address
because the latter often produces the same addresses for subsequent tap
instances.
2013-01-28 15:05:03 +00:00
yamt
cc345863dc whitespace 2013-01-28 15:01:13 +00:00
rmind
3107fd1eb5 - nbuf_ensure_contig: rework to use m_ensure_contig(9), which will not free
the mbuf chain on failure.  Fixes some corner cases.  Improve regression
  test and sprinkle some asserts.
- npf_reassembly: clear nbuf on IPv6 reassembly failure path (partial fix).
  The problem was found and fix provided by Anthony Mallet.
2013-01-20 18:45:56 +00:00
degroote
2b85e5b800 PR kern/47419: Antony Mallet: ifconfig doesn't diplay MTU on gif(4)
There is no special treatment for SIOCGITMTU in gif(4), so just pass it to
ifioctl_common().
2013-01-19 16:18:32 +00:00
rmind
2be35e5206 Silence gcc in npf_recache(). 2012-12-24 23:11:25 +00:00
rmind
352f160615 - Rework NPF's nbuf interface: use advancing and ensuring as a main method.
Eliminate unnecessary copy and simplify.  Adapt regression tests.
- Simplify ICMP ALG a little.  While here, handle ICMP ECHO for traceroute.
- Minor fixes, misc cleanup.
2012-12-24 19:05:42 +00:00
rmind
57ff5416fd - Add NPF version check in proplist as well, not only ioctl. Bump the version.
- Fix a bug in table entry lookup.
- Updates/fixes to the man pages.  Misc.
2012-12-23 21:01:03 +00:00
rmind
f9e6e88c89 npf_rwrcksum: handle delayed checksums in the network stack; also fix
non-NPF_NAT_PORTS case and add some comments.  PR/47235.
2012-12-10 01:11:13 +00:00
rmind
333cdb0c5a Add NPF "rndblock" extension to randomly drop packets (using a random function
with a percentage or modulo operation).  This is a demo module, although it can
be used for packet loss simulation.  Example of a procedure in npf.conf:

procedure "somedrop" {
	# Drop 1.9% of the traffic
	rndblock: percentage 1.9
}
2012-12-10 00:32:23 +00:00
rmind
af7272417a npf_table_list: avoid triggering assert on diagnostic. 2012-12-04 19:28:16 +00:00
mbalmer
9d9e15ed7b Don't check mp for NULL twice. From Michael W. Bomardieri <mb@il.net>
via tech-net@NetBSD.org.  Thanks!
2012-11-25 09:06:43 +00:00
alnsn
85151d38ab Add RCSID and fix -Wsign-compare warnings. 2012-11-10 22:12:31 +00:00
msaitoh
c9d920062c Fix a bug that SIOCZIFDATA clears if_lastchage by zero.
Update if_lastchange with getnanotime().
2012-11-01 06:36:30 +00:00
msaitoh
bbc956a9be Add SIOCGETHERCAP ioctl.
There was no way to know the setting of ec_capabilities and ec_capenable
other than grepping the source.

See http://mail-index.netbsd.org/tech-kern/2010/07/28/msg008613.html
2012-10-31 10:17:34 +00:00
rmind
64647e51e4 Implement NPF table listing and preservation of entries on reload.
Bump the version.
2012-10-29 02:27:11 +00:00
alnsn
87a1a6c0f7 Comment bd_jitcode member. 2012-10-28 21:12:44 +00:00
alnsn
e8c0d6c662 Add bpfjit and enable it for amd64. 2012-10-27 22:36:11 +00:00
chs
cbab9cadce split device_t/softc for all remaining drivers.
replace "struct device *" with "device_t".
use device_xname(), device_unit(), etc.
2012-10-27 17:17:22 +00:00
msaitoh
a9ceb4700c Move the prototype definition of ether_input() from if.h to if_ether.h. 2012-10-25 11:53:14 +00:00
msaitoh
11dd166429 Add 1000baseT-FDX. 2012-10-25 10:59:43 +00:00
christos
202952fb98 PR/47058: Antti Kantee: If the ipv6 flow code modifies the mbuf, pass the
change up to the caller.
2012-10-11 20:05:50 +00:00