New sysctl allows to mark transmitted PPPoE LCP Control
ethernet frames with needed 3-bit Priority Code Point (PCP) value.
Confirming driver like if_vlan(4) uses the value to fill
IEEE 802.1p class of service field.
This is similar to Cisco IOS "control-packets vlan cos priority"
command.
It helps to avoid premature disconnection of user sessions
due to control frame drops (LCP Echo etc.)
if network infrastructure has a botteleck at a switch
or the xdsl DSLAM.
See also:
https://sourceforge.net/p/mpd/discussion/44692/thread/c7abe70e3a/
Tested by: Klaus Fokuhl at SourceForge
(cherry picked from commit 2e547442ab)
(cherry picked from commit 28903f396a)
This parameter was set to the hook that terminated the iteration
early. However, none of the remaining callers used this argument and
it was always set to an otherwise-unused variable.
(cherry picked from commit 6d5f002ed1)
disconnection function.
Disconnecting hooks are called outside of NET_EPOCH, but
ng_pppoe_disconnect() calls NG_SEND_DATA_ONLY() which should be called
in NET_EPOCH.
PR: 257067
Reported by: niels=freebsd@bakker.net
Reviewed by: vmaffione (mentor), glebius, donner
Approved by: vmaffione (mentor), glebius, donner
Sponsored by: vstack.com
Differential Revision: https://reviews.freebsd.org/D34185
(cherry picked from commit b27e6e91d0)
This adds a new ng_device command, NGM_DEVICE_ETHERALIGN, which has no
associated args. After the command arrives, the device begins adjusting all
packets sent out its hook to have ETHER_ALIGN bytes of padding at the
beginning of the packet. The ETHER_ALIGN padding is added only when
running on an architecture that requires strict alignment of IP headers
(based on the __NO_STRICT_ALIGNMENT macro, which is only #define'd on
x86 as of this writing).
This also adds ascii <-> binary command translation to ng_device, both for
the existing NGM_DEVICE_GET_DEVNAME and the new ETHERALIGN command.
This also gives a name to every ng_device node when it is constructed, using
the cdev device name (ngd0, ngd1, etc). This makes it easier to address
command msgs to the device using ngctl(8).
Reviewed by: donner, ray, adrian
Differential Revision: https://reviews.freebsd.org/D32905
MFC after: 1 week
(cherry picked from commit 44aae623ab)
isochronous transfers.
If users want to disable isochronous transfers, which cause high
frequency periodic interrupts from the USB host controller, then
net.bluetooth.usb_isoc_enable can be set to zero, either as a
sysctl(8) or as a loader.conf(5) tunable.
Differential Revision: https://reviews.freebsd.org/D33282
Submitted by: naito.yuichiro@gmail.com
PR: 238235
Sponsored by: NVIDIA Networking
(cherry picked from commit 67cbbf1959)
(cherry picked from commit 03f0393477)
(cherry picked from commit 8fa952937b)
Like other Intel controllers, these require firmware to be loaded, and
generic ng_ubt attach causes them to lock up until a power cycle.
However, their firmware interface for querying version info and loading
operational firmware is different from that implemented by ng_ubt_intel
and iwmbtfw, so they are not usable yet. Just disable attach for now to
avoid stalls during USB device enumeration.
PR: 260161
Sponsored by: The FreeBSD Foundation
(cherry picked from commit b25ba58adc)
This definition enables callers to estimate remaining space on the
kstack, and take action on it. Notably, it enables optimizations in the
GEOM and netgraph subsystems to directly dispatch work items when there
is sufficient stack space, rather than queuing them for a worker thread.
Implement it for riscv, arm, and mips. Remove the #ifdefs, so it will
not go unimplemented elsewhere.
PR: 259157
Reviewed by: mav, kib, markj (previous version)
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32580
(cherry picked from commit 0d2224733e)
Create netgraph nodes for bridge interfaces when the ng_ether module
is loaded. If a bridge interface is created after loading the ng_ether
module, a netgraph node is created via ether_ifattach().
(cherry picked from commit d653b188e8)
Implement kernel support for RFC 5549/8950.
* Relax control plane restrictions and allow specifying IPv6 gateways
for IPv4 routes. This behavior is controlled by the
net.route.rib_route_ipv6_nexthop sysctl (on by default).
* Always pass final destination in ro->ro_dst in ip_forward().
* Use ro->ro_dst to exract packet family inside if_output() routines.
Consistently use RO_GET_FAMILY() macro to handle ro=NULL case.
* Pass extracted family to nd6_resolve() to get the LLE with proper encap.
It leverages recent lltable changes committed in c541bd368f.
Presence of the functionality can be checked using ipv4_rfc5549_support feature(3).
Example usage:
route add -net 192.0.0.0/24 -inet6 fe80::5054:ff:fe14:e319%vtnet0
Differential Revision: https://reviews.freebsd.org/D30398
(cherry picked from commit 62e1a437f3)
newhook can be invoked by ngthread, which runs in a network epoch
section and is thus not permitted to perform M_WAITOK allocations.
Reported by: Jenkins
Reviewed by: donner, afedorov
Sponsored by: The FreeBSD Foundation
(cherry picked from commit e0e3ded78a)
SO_RERROR indicates that receive buffer overflows should be handled as
errors. Historically receive buffer overflows have been ignored and
programs could not tell if they missed messages or messages had been
truncated because of overflows. Since programs historically do not
expect to get receive overflow errors, this behavior is not the
default.
This is really really important for programs that use route(4) to keep
in sync with the system. If we loose a message then we need to reload
the full system state, otherwise the behaviour from that point is
undefined and can lead to chasing bogus bug reports.
Reviewed by: philip (network), kbowling (transport), gbe (manpages)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D26652
(cherry picked from commit 7045b1603b)
Some code was using it already, but in many places we were testing
SO_ACCEPTCONN directly. As a small step towards fixing some bugs
involving synchronization with listen(2), make the kernel consistently
use SOLISTENING(). No functional change intended.
Sponsored by: The FreeBSD Foundation
(cherry picked from commit f4bb1869dd)
During tests an assert was triggered and pointed to missing flags in
the newlink function of ng_bridge(4).
Reported by: markj
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D30759
(cherry picked from commit 4c3280e587)
Once the final component of the IP address has been parsed, the offset
on the input must not be advanced, as this would remove an unparsed
character from the input.
Submitted by: Markus Stoff
Reviewed by: donner
Differential Revision: https://reviews.freebsd.org/D26489
(cherry picked from commit 63b6a08ce2)
Each packet is counted as 128 bytes by the code, not 125. Not sure
what I was thinking about here 14 years ago. May be just a typo.
Reported by: Dmitry Luhtionov <dmitryluhtionov@gmail.com>
MFC after: 2 weeks
(cherry picked from commit 4a6830761c)
Hint the compiler, that this update is needed at most once per second.
Only in this case the memory line needs to be written. This will
reduce the amount of cache trashing during forward of most frames.
Suggested by: zec
Approved by: zec
Differential Revision: https://reviews.freebsd.org/D28601
(cherry picked from commit 4dfe70fdbd)
The node ng_bridge underwent a lot of changes in the last few months.
All those steps were necessary to distinguish between structure
modifying and read-only data transport paths. Now it's done, the node
can perform frame forwarding on multiple cores in parallel.
Differential Revision: https://reviews.freebsd.org/D28123
(cherry picked from commit 9674c2e68c)
Use the new control message to move ethernet addresses from a link to
a new link in ng_bridge(4). Send this message instead of doing the
work directly requires to move the loop detection into the control
message processing. This will delay the loop detection by a few
frames.
This decouples the read-only activity from the modification under a
more strict writer lock.
Reviewed by: manpages (gbe)
Differential Revision: https://reviews.freebsd.org/D28559
(cherry picked from commit f6e0c47169)
Add a new control message to move ethernet addresses to a given link
in ng_bridge(4). Send this message instead of doing the work directly.
This decouples the read-only activity from the modification under a
more strict writer lock.
Decoupling the work is a prerequisite for multithreaded operation.
Approved by: manpages (bcr), kp (earlier version)
Differential Revision: https://reviews.freebsd.org/D28516
(cherry picked from commit b1bd44732d)
m_pullup(9) frees the mbuf(9) chain in the case of an allocation error.
The mbuf chain must not be freed again in this case.
PR: 255874
Submitted by: <lylgood@foxmail.com>
Approved by: markj
Differential Revision: https://reviews.freebsd.org/D30273
(cherry picked from commit 687e510e5c)
If sending out a packet fails during the loop over all links, the
allocated memory is leaked and not all links receive a copy. This
patch fixes those problems, clarifies a premature abort of the loop,
and fixes a minory style(9) bug.
PR: 255430
Submitted by: Dancho Penev
Tested by: Dancho Penev
Differential Revision: https://reviews.freebsd.org/D30008
(cherry picked from commit a56e5ad690)
Several protocol methods take a sockaddr as input. In some cases the
sockaddr lengths were not being validated, or were validated after some
out-of-bounds accesses could occur. Add requisite checking to various
protocol entry points, and convert some existing checks to assertions
where appropriate.
Reported by: syzkaller+KASAN
Reviewed by: tuexen, melifaro
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29519
(cherry picked from commit f161d294b9)
Allocate the necessary memory for the conversion dynamically starting
with a value which is sufficient for almost all normal cases.
PR: 187835
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D23840
(cherry picked from commit 45d75e3ac3)
As this controller requires firmware patch downloading to operate.
"Intel Wireless 7265" support in iwmbtfw(8) is yet to be done.
Tested by: arrowd et al
PR: 228787
Unconditional execution of "clear feature" request at SETUP stage was
workaround for probe failures on ng_ubt.ko re-kldloading which is
unnecessary now.
Reviewed by: hselasky
Differential revision: https://reviews.freebsd.org/D29775
Chained policing should be able to reuse the classification of
traffic. A new mbuf_tag type is defined to handle gereral QoS
marking. A new subtype is defined to track the color marking.
Reviewed by: manpages (bcr), melifaro, kp
Sponsored by: IKS Service GmbH
Differential Revision: https://reviews.freebsd.org/D22110
(cherry picked from commit d0d2e523ba)
This extends upon the RFC 6598 support to libalias/ipfw in r357092.
Reviewed By: manpages (bcr), donner, adrian, kp
Differential Revision: https://reviews.freebsd.org/D23461
(cherry picked from commit 5fe433a6e4)
This node is part of an A10-NSP (L2-BSA) development.
Carrier networks tend to stack three or more tags for internal
purposes and therefore hiding the service tags deep inside of the
stack. When decomposing such an access network frame, the processing
order is typically reversed: First distinguish by service, than by
other means.
This new netgragh node allows to bring the relevant VLAN in front (to
the out-most position). This way other netgraph nodes (like ng_vlan)
can operate on this specific type.
Reviewed by: manpages (gbe), brueffer (manpages), kp
Relnotes: yes
Sponsored by: IKS Service GmbH
Differential Revision: https://reviews.freebsd.org/D22076
(cherry picked from commit cfd6422a52)
For broadcast, multicast and unknown unicast, the replication loop
sends a copy of the packet to each link, beside the first one. This
special path is handled later, but the counters are not updated.
Factor out the common send and count actions as a function.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D28537
(cherry picked from commit 3c958f5fdf)
In the data path of ng_bridge(4), the only value of the host struct,
which needs to be modified, is the staleness, which is reset every
time a frame is received. It's save to leave the code as it is.
This patch is part of a series to make ng_bridge(4) multithreaded.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D28546
(cherry picked from commit 011b7317db)
In a earlier version of ng_bridge(4) the exernal visible host entry
structure was a strict subset of the internal one. So internal view
was a direct annotation of the external structure. This strict
inheritance was lost many versions ago. There is no need to
encapsulate a part of the internal represntation as a separate
structure.
This patch is a preparation to make the internal structure read only
in the data path in order to make ng_bridge(4) multithreaded.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D28545
(cherry picked from commit ccf4cd2e78)
The data path in netgraph is designed to work on an read only state of
the whole netgraph network. Currently this is achived by convention,
there is no technical enforcment. In the case of NETGRAPH_DEBUG all
nodes can be annotated for debugging purposes, so the strict
enforcment needs to be lifted for this purpose.
This patch is part of a series to make ng_bridge multithreaded, which
is done by rewrite the data path to operate on const.
Reviewed By: kp
Differential Revision: https://reviews.freebsd.org/D28141
(cherry picked from commit 6117aa58fa)
This is the first patch of a series of necessary steps
to make ng_bridge(4) multithreaded.
Reviewed by: melifaro (network), afedorov
Differential Revision: https://reviews.freebsd.org/D28125
(cherry picked from commit 66c72859f6)
Handling of unknown MACs on an bridge with incomplete learning
capabilites (aka uplink ports) can be defined in different ways.
The classical approach is to broadcast unicast frames send to an
unknown MAC, because the unknown devices can be everywhere. This mode
is default for ng_bridge(4).
In the case of dedicated uplink ports, which prohibit learning of MAC
addresses in order to save memory and CPU cycles, the broadcast
approach is dangerous. All traffic to the uplink port is broadcasted
to every downlink port, too. In this case, it's better to restrict the
distribution of frames to unknown MAC to the uplink ports only.
In order to keep the chance small and the handling as natural as
possible, the first attached link is used to determine the behaviour
of the bridge: If it is an "uplink" port, then the bridge switch from
classical mode to restricted mode.
Reviewed By: kp
Differential Revision: https://reviews.freebsd.org/D28487
(cherry picked from commit c869d905ba)
The ng_bridge(4) node is designed to work in moderately small
environments. Connecting such a node to a larger network rapidly fills
the MAC table for no reason. It even become complicated to obtain data
from the gettable message, because the result is too large to
transmit.
This patch introduces, two new functionality bits on the hooks:
- Allow or disallow MAC address learning for incoming patckets.
- Allow or disallow sending unknown MACs through this hook.
Uplinks are characterized by denied learing while sending out
unknowns. Normal links are charaterized by allowed learning and
sending out unknowns.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D23963
(cherry picked from commit f961caf218)
