Some drivers, e.g. if_enc(4), only allow one instance to be created, but
the KPI ifc_attach_cloner() treat zero value of maxunit as not limited,
aka IF_MAXUNIT.
Introduce a new flag IFC_F_LIMITUNIT to indicate that the requested
maxunit is limited and should be respected.
Consumers should use the new flag if there is an intended limit.
Reviewed by: glebius
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D45757
(cherry picked from commit a2cac544a668d2834ed41986aca32b44b9819c89)
In main [1] this warning message is suppressed but no plans to MFC the
change as the message may be still useful for users that upgrade from
older releases to 14.x or 13.x. Well emitting this warning message every
time increasing the fib number is confusing for users not for the feature
`net.add_addr_allfibs`, let's limit it to be printed only once.
1. a48f7a2eb90b fibs: Suppress the WARNING message for setups with multiple fibs
This is a direct commit to stable/14 and stable/13.
PR: 280097
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D46204
These variables are tunables, so in principle they never change at runtime.
That would mean they don't need to be tracked per-vnet.
However, they both can be decreased (back to their default values) if the
memory allocations for their respective tables fail, and these allocations are
per-vnet. That is, it's possible for a few vnets to be started and have the
tuned size for the hash and srchash tables only to have later vnets fail the
initial allocation and fall back to smaller allocations. That would confuse
the previously created vnets (because their actual table size and size/mask
variables would no longer match).
Avoid this by turning these into per-vnet variables.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 271f146955641857c93705b5b1916b8004e5623c)
This reverts commit 7c7ed2f7bf.
This is hardcoded in OpenVPN daemon to break without a proper
log message attached, which is beyond silly. I really wish
someone competent would have made the driver name match
the actual driver name and avoid hardcoding magic strings.
pfil hooks (i.e. firewalls) may pass, modify or free the mbuf passed
to them. (E.g. when rejecting a packet, or when gathering up packets
for reassembly).
If the hook returns PFIL_PASS the mbuf must still be present. Assert
this in pfil_mem_common() and ensure that ipfilter follows this
convention. pf and ipfw already did.
Similarly, if the hook returns PFIL_DROPPED or PFIL_CONSUMED the mbuf
must have been freed (or now be owned by the firewall for further
processing, like packet scheduling or reassembly).
This allows us to remove a few extraneous NULL checks.
Suggested by: tuexen
Reviewed by: tuexen, zlei
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D43617
When a lagg interface is destroyed, it destroys all of the lagg ports,
which triggers an asynchronous link state change handler. This in turn
may generate a netlink message, a portion of which requires netlink to
invoke the SIOCGIFMEDIA ioctl of the lagg interface, which involves
scanning the list of interface media. This list is not internally
locked, it requires the interface driver to provide some kind of
synchronization.
Shortly after the link state notification has been raised, the lagg
interface detaches itself from the network stack. As a part of this, it
blocks in order to wait for link state handlers to drain, but before
that it destroys the interface media list. Reverse this order of
operations so that the link state change handlers drain first, avoiding
a use-after-free that is very occasionally triggered by lagg stress
tests. This matches other ethernet drivers in the tree.
MFC after: 2 weeks
(cherry picked from commit 02cbf9ebf110c94ec9e60f0801716ff0a75e55e5)
Change 4787572d05 made if_alloc_domain() never fail, then also do the
wrappers if_alloc(), if_alloc_dev(), and if_gethandle().
No functional change intended.
Reviewed by: kp, imp, glebius, stevek
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D45740
(cherry picked from commit aa3860851b9f6a6002d135b1cac7736e0995eedc)
On clone creating, either failure from vxlan_set_user_config() or
ifc_copyin() will result in leaking previous allocated counters.
Since counter_u64_alloc(M_WAITOK) never fails, make vxlan_stats_alloc()
void and move the allocation for counters below checking ifd->params to
avoid memory leak.
Reviewed by: kp, glebius
Fixes: b092fd6c97 if_vxlan(4): add support for hardware assisted checksumming, TSO, and RSS
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D45822
(cherry picked from commit 087f5e08ab5f0384163f76f73b9a91c98a3ba450)
The encapsulated (original) frame does not count in FCS as per Section 5
of RFC 7348.
Reviewed by: afedorov, bryanv, #network
Fixes: b7592822d5 Allow set MTU more than 1500 bytes
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D45195
(cherry picked from commit d6963b9ed3287e91db3d1df153861591faff0007)
Since change [1], if_bpf will not be detached by the interface departure
eventhandler and will not be NULL. Then the logic to re-attach if_bpf
becomes dead and serves no purpose any more.
This partially reverts commit 05fc416403.
1. 9ce40d321d bpf: Fix incorrect cleanup
Reviewed by: kp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D45599
(cherry picked from commit 9738277b5c662a75347efa6a58daea485d30f895)
While here remove a pointless static local variable lo_cloner.
No functional change intended.
Reviewed by: kp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D45728
(cherry picked from commit 2cb7605a2415a1c0dd35374a88f815ef00e31de9)
This improves readability a little. As a side effect, a redundant
CURVNET_RESTORE is removed.
No functional change intended.
Reviewed by: glebius
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D45595
(cherry picked from commit ef4f4a44d9134ddadede0e2e6e658d0688c5ab3c)
This makes it easier to grep the usage.
Reviewed by: kp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D45715
(cherry picked from commit 71f8fbf9bda43e3ca2f26d0499b7a88d0f2f7352)
State keys are trivially const in lookup routines, so annotate them as
such. No functional change intended.
Reviewed by: kp
MFC after: 1 week
Sponsored by: Klara, Inc.
Sponsored by: Modirum
Differential Revision: https://reviews.freebsd.org/D45671
(cherry picked from commit 66b8cac8d837c0ca3fd38d0a66259ca932a1c430)
This function was introduced in commit [1] and is actually used as a
boolean function although it was not defined as so.
No functional change intended.
1. 16d878cc99 Fix the following bpf(4) race condition which can result in a panic
Reviewed by: markj, kp, #network
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D45509
(cherry picked from commit 0dfd11abc4bd0dcb96a6d287cc4e52e8f59b64c1)
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1159
(cherry picked from commit 65767e6126a7e92bc76561b4ffd005cf85ba525e)
if_bridge: Minor style fixes
And more comments on the #ifdef INET blocks to improve readability.
While here, revert the order of two prototypes to produce minimal diff
compared to stable branches.
(cherry picked from commit 73585176ffd84c13d68cad67c2ca81643f09075c)
The pseudo_AF_HDRCMPLT check is already being done in if_loop and
just needed to be ported over to if_ic, if_wg, if_disc, if_gif,
if_gre, if_me, if_tuntap and ng_iface. This is needed in order to
allow these interfaces to work properly with e.g., tcpreplay.
PR: 256587
Reviewed by: markj
MFC after: 2 weeks
Pull Request: https://github.com/freebsd/freebsd-src/pull/876
(cherry picked from commit 2cb0fce24d64039090dc9243cdf0715ee80c91b1)
User misconfiguration may lead to routing loops where we try to send the tunnel
packet into the tunnel. This eventually leads to stack overflows and panics.
Avoid this using if_tunnel_check_nesting(), which will drop the packet if we're
looping or we hit three layers of nested tunnels.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 59a6666ec91d71f97aaae5195bbfafd9d422db2e)
This commit also includes the original refactoring changes
This change allows the kernel to operate with the default netisr cpu-affinity settings while having RSS compiled in. Normally, RSS changes quite a bit of the behaviour of the kernel dispatch service - this change allows for reducing impact on incompatible hardware while preserving the option to boost throughput speeds based on packet flow CPU affinity.
Make sure to compile the following options in the kernel:
options RSS
As well as setting the following sysctls:
net.inet.rss.enabled: 1
net.isr.bindthreads: 1
net.isr.maxthreads: -1 (automatically sets it to the number of CPUs)
And optionally (to force a 1:1 mapping between CPUs and buckets):
net.inet.rss.bits: 3 (for 8 CPUs)
net.inet.rss.bits: 2 (for 4 CPUs)
etc.
Set pin_default_swi to 0 by default in the RSS case.
User misconfiguration, either tunnel loops, or a large number of
different nested tunnels, can overflow the kernel stack. Prevent that
by using if_tunnel_check_nesting().
PR: 278394
Diagnosed by: markj
Reviewed by: kp
Approved by: re (cperciva)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D45197
(cherry picked from commit 93fbfef0b50354b7a1620822454ef29cd415cb2d)
(cherry picked from commit 3ebd2b1c73)
There are situations where an struct ifnet has a NULL if_ioctl pointer.
For example, e6000sw creates such struct ifnets for each of its ports so it can
call into the MII code.
If there is then a link state event this calls do_link_state_change()
-> rtnl_handle_ifevent() -> dump_iface() -> get_operstate() ->
get_operstate_ether(). That wants to know if the link is up or down, so it tries
to ioctl(SIOCGIFMEDIA), which doesn't go well if if_ioctl is NULL.
Guard against this, and return EOPNOTSUPP.
PR: 275920
MFC ater: 3 days
Approved by: re (cperciva)
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 43387b4e574043b78a58c8bcb7575161b055fce1)
(cherry picked from commit 9a8a26aefb)
The if_bridge contains several instances of:
if (AF_INET code ...
#ifdef INET6
AF_INET6 code ...
#endif
) {
...
Clean this up by adding a couple of macros at the top of the file that
are conditionally defined based on whether INET and/or INET6 are enabled,
which makes the code more readable and easier to maintain.
No functional change intended.
Reviewed by: zlei, markj
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/1191
(cherry picked from commit ef84dd8f4926304306d5989ca9afdbf760c6d813)
This is used by 802.3 Ethernet. (Also be used by 802.4 Token Bus and
802.5 Token Ring, but we don't support those.)
This was accidentally removed along with FDDI support in commit
0437c8e3b1, presumably because comments implied it was used only by
FDDI or Token Ring.
Fixes: 0437c8e3b1 ("Remove support for FDDI networks.")
Reviewed-by: emaste
Signed-off-by: Denny Page <dennypage@me.com>
Pull-request: https://github.com/freebsd/freebsd-src/pull/1166
(cherry picked from commit fcdf9a19893b9b5beb7a21407de507f0ae4c500b)
The ice(4) driver will add the ability to create extra interfaces
that hang off of the base interface; to do that the driver requires
a method for the subinterface to request hardware interrupt resources
from the base interface.
Signed-off-by: Eric Joyner <erj@FreeBSD.org>
Sponsored by: Intel Corporation
Differential Revision: https://reviews.freebsd.org/D39930
(cherry picked from commit ed34a6b6eab9ea39759ccd3f12876a815d271929)
Intended to be used with upcoming feature to add sub-interfaces, since
those new interfaces will be dynamically created and will need to have
spare MSI-X interrupts already allocated for them on driver load.
This sysctl is marked as a tunable since it will need to be set before
the driver is loaded since MSI-X interrupt allocation and setup is
done during the attach process.
Signed-off-by: Eric Joyner <erj@FreeBSD.org>
Sponsored by: Intel Corporation
Differential Revision: https://reviews.freebsd.org/D41326
(cherry picked from commit 3c7da27a473e339392121404e06c506df040c16f)
Otherwise, with the default flm_debug_level of LOG_NOTICE, it's rather
easy to trigger debug messages such as:
[fib_algo] inet.0 (bsearch4#18) rebuild_fd_flm: switching algo to
radix4_lockless
Also, the "severity" of these events generally only justifies LOG_INFO
and not LOG_NOTICE.
Reviewed by: melifaro
(cherry picked from commit ed81a15517b8a8f587fd7282c3690513bb798242)
Both the mbuf length and the total packet length are signed.
While here, update a stall comment to reflect the current practice.
Reviewed by: kp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D42390
(cherry picked from commit e7102929bf4fea4bf22855d2d6031edf6c413608)
Replace incorrect constant 576 with IF_MINMTU to check for minumum MTU.
This unbreaks bridging tap interfaces with small mtu.
(cherry picked from commit 319a5d086b50f38618b62c78e83b12931f00b508)
Note: this removes one TUNDEBUG() for the sake of not having one more
ifdefed variable declaration and for the overall code brevity. The call
from tuntap into LRO can be so easily traced with dtrace(1) that an
80-ish printf(9)-based debugging can be omitted.
Fixes: 99c79cab422705f92f05a2924a29bdf823372ebf
(cherry picked from commit 5b0010b4678d778967a5a82fb38507e46a071e38)
This allows testing the LRO code with packetdrill in local mode.
Reviewed by: rscheff
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D42548
(cherry picked from commit 99c79cab422705f92f05a2924a29bdf823372ebf)
eh can't be NULL, so there is no need to check for it.
Reported by: zlei
Sponsored by: Netflix, Inc.
(cherry picked from commit 44669b76504991ef3ac10ef10bc0fa931ae79c45)
When enabled, pretend that the IPv4 and transport layer checksum
is correct for packets injected via the character device.
This is a prerequisite for adding support for LRO, which will
be added next. Then packetdrill can be used to test the LRO
code in local mode.
Reviewed by: rscheff, zlei
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D42477
(cherry picked from commit ff69d13a50d1d07601de0885fd94f6a09a7ba383)
The tun interface triggers the bpf hook when a packet is transmitted,
the tap interface triggers it when the packet is read from the
character device. This is inconsistent.
So fix the tap device such that it behaves like the tun device.
This is needed for adding support for the tap device to packetdrill.
Reviewed by: kevans, rscheff
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D42467
(cherry picked from commit 35af22ac986c4f3e8160c943a478492e748b6f23)
Some Raspberry Pi pass smsc95xx.macaddr=XX:XX:XX:XX:XX:XX as bootargs.
Use this if no ethernet address is found in an EEPROM.
As last resort fall back to ether_gen_addr() instead of random MAC.
(cherry picked from commit 3878bbf1bb9e68f8579b57cde7d4e5c77de93320)
if_smsc: fix build on armv6 & armv7
compile error was:
/usr/src/sys/dev/usb/net/if_smsc.c:1597:40: error: format specifies type 'unsigned long' but the argument has type 'ssize_t' (aka 'int') [-Werror,-Wformat]
"failed alloc for bootargs (%lu)", len);
~~~ ^~~
%zd
(cherry picked from commit 8a0ee306227a17a998bdc7af2275fd94b9164342)
PR: 274092
Reported by: Patrick M. Hausen (via ML)
Reviewed by: imp, karels, zlei
Tested by: Patrick M. Hausen
Approved by: karels
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D42463
Ensure that the vnet list cannot be modified while we're running through
it.
Reviewed by: mjg (previous version), zlei (previous version)
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42927
(cherry picked from commit bd7b2f95019e9715150c34736279805de0818d09)
When we create a new state for multihomed sctp connections (i.e.
based on INIT/INIT_ACK or ASCONF parameters) the new connection will
never see a COOKIE/COOKIE_ACK exchange. We should consider HEARTBEAT_ACK
to be a confirmation that the connection is established.
This ensures that such connections do not time out earlier than
expected.
MFC after: 1 week
Sponsored by: Orange Business Services
(cherry picked from commit 7093414c63b08864dd9348f63e67b39a70c8b1be)
The dead_bpf_if is not subjected to be written. Make it const so that
on destructive writing to it the kernel will panic instead of silent
memory corruption.
No functional change intended.
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D42189
(cherry picked from commit 7a974a649848e1222a49d0d49726d06bd5c1dbd9)
