DragonFly BSD

CVS log for src/sys/net/ipfw/ip_fw2.c

[BACK] Up to [DragonFly] / src / sys / net / ipfw

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.100: download - view: text, markup, annotated - select for diffs
Sat Nov 22 11:03:35 2008 UTC (5 years, 9 months ago) by sephe
Branches: MAIN
CVS tags: HEAD
Diff to: previous 1.99: preferred, unified
Changes since revision 1.99: +1 -2 lines
Remove MSGF_PRIORITY support.  The flag testing and message queue selection
on the hot code path introduce noticeable performance regression during ip
forwarding (from 667Kpps to 655Kpps w/ 64bytes packet and fastforwarding
enabled on Phenom 9550).

Revision 1.99: download - view: text, markup, annotated - select for diffs
Tue Nov 11 12:59:11 2008 UTC (5 years, 9 months ago) by sephe
Branches: MAIN
Diff to: previous 1.98: preferred, unified
Changes since revision 1.98: +15 -10 lines
- Use priority message to carry out ipfw callout.
- Mark the callout message with DROPABLE flag, so we don't need to
  do additional netmsg_service_sync() in module event function and
  the callout function itself could much straightforward.

Revision 1.98: download - view: text, markup, annotated - select for diffs
Fri Sep 26 12:12:36 2008 UTC (5 years, 11 months ago) by sephe
Branches: MAIN
Diff to: previous 1.97: preferred, unified
Changes since revision 1.97: +50 -8 lines
Schedule ipfw_tick() to IPFW_CFGPORT to run, this function is too time
consuming and complex to run in callout thread.

Use MPSAFE callout after above change.

Revision 1.97: download - view: text, markup, annotated - select for diffs
Wed Sep 24 15:06:45 2008 UTC (5 years, 11 months ago) by sephe
Branches: MAIN
Diff to: previous 1.96: preferred, unified
Changes since revision 1.96: +14 -3 lines
If the current thread is not a network thread then rejecting the packet back
into netisrX when it becomes eligible.  Add comment about possible situation
that the current thread is not a network thread.

Revision 1.96: download - view: text, markup, annotated - select for diffs
Sat Sep 20 06:08:13 2008 UTC (5 years, 11 months ago) by sephe
Branches: MAIN
Diff to: previous 1.95: preferred, unified
Changes since revision 1.95: +2 -2 lines
Add PFIL_MPSAFE flag to give hint to pfil(9) that the underlying firewall
code is MPSAFE.  Set this flag for ipfw(4).

Revision 1.95: download - view: text, markup, annotated - select for diffs
Sat Sep 20 04:36:51 2008 UTC (5 years, 11 months ago) by sephe
Branches: MAIN
Diff to: previous 1.94: preferred, unified
Changes since revision 1.94: +5 -1 lines
Instead of rejecting the eligible packet back into the correct cpu,
dummynet(4) now reinjects the eligible packet back into correct
network thread.

Revision 1.94: download - view: text, markup, annotated - select for diffs
Fri Sep 19 12:23:56 2008 UTC (5 years, 11 months ago) by sephe
Branches: MAIN
Diff to: previous 1.93: preferred, unified
Changes since revision 1.93: +7 -10 lines
Update comment

Revision 1.93: download - view: text, markup, annotated - select for diffs
Fri Sep 19 12:04:09 2008 UTC (5 years, 11 months ago) by sephe
Branches: MAIN
Diff to: previous 1.92: preferred, unified
Changes since revision 1.92: +17 -4 lines
Check ipfw static rules generation after get the BGL

Revision 1.92: download - view: text, markup, annotated - select for diffs
Wed Sep 17 03:08:27 2008 UTC (5 years, 11 months ago) by sephe
Branches: MAIN
Diff to: previous 1.91: preferred, unified
Changes since revision 1.91: +0 -28 lines
- Remove unnecessary crit sections
- Remove no longer applied comment

Revision 1.91: download - view: text, markup, annotated - select for diffs
Wed Sep 17 02:53:51 2008 UTC (5 years, 11 months ago) by sephe
Branches: MAIN
Diff to: previous 1.90: preferred, unified
Changes since revision 1.90: +62 -38 lines
Factor out ipfw_match_uid(), put it under BGL explicitly

Revision 1.90: download - view: text, markup, annotated - select for diffs
Tue Sep 16 13:36:12 2008 UTC (5 years, 11 months ago) by sephe
Branches: MAIN
Diff to: previous 1.89: preferred, unified
Changes since revision 1.89: +8 -8 lines
Fix stack variable names inheritted from ip_{input,output}()

Revision 1.89: download - view: text, markup, annotated - select for diffs
Tue Sep 16 12:16:08 2008 UTC (5 years, 11 months ago) by sephe
Branches: MAIN
Diff to: previous 1.88: preferred, unified
Changes since revision 1.88: +28 -22 lines
- Rework ipfw(4) debug print macro
- Add IPFIREWALL_DEBUG option

Revision 1.88: download - view: text, markup, annotated - select for diffs
Tue Sep 16 11:40:38 2008 UTC (5 years, 11 months ago) by sephe
Branches: MAIN
Diff to: previous 1.87: preferred, unified
Changes since revision 1.87: +3 -3 lines
Header inclusion

Revision 1.87: download - view: text, markup, annotated - select for diffs
Tue Sep 16 11:32:02 2008 UTC (5 years, 11 months ago) by sephe
Branches: MAIN
Diff to: previous 1.86: preferred, unified
Changes since revision 1.86: +2 -2 lines
mycpu->gd_cpuid -> mycpuid

Revision 1.86: download - view: text, markup, annotated - select for diffs
Tue Sep 16 11:28:31 2008 UTC (5 years, 11 months ago) by sephe
Branches: MAIN
Diff to: previous 1.85: preferred, unified
Changes since revision 1.85: +0 -3 lines
SYSCTL_NODE is always defined

Revision 1.85: download - view: text, markup, annotated - select for diffs
Tue Sep 16 11:24:57 2008 UTC (5 years, 11 months ago) by sephe
Branches: MAIN
Diff to: previous 1.84: preferred, unified
Changes since revision 1.84: +8 -2 lines
Bump ipfw static rules generation when set/clear IPFW_FULE_F_STATE to avoid
possible races if network thread slept on dyn_lock (e.g. to install state)

Revision 1.84: download - view: text, markup, annotated - select for diffs
Mon Sep 15 05:11:02 2008 UTC (5 years, 11 months ago) by sephe
Branches: MAIN
Diff to: previous 1.83: preferred, unified
Changes since revision 1.83: +4 -4 lines
We always wait during pfil hook's adding and removing; we could not afford
to fail upon these operations.

Revision 1.83: download - view: text, markup, annotated - select for diffs
Sat Sep 13 12:57:07 2008 UTC (5 years, 11 months ago) by sephe
Branches: MAIN
Diff to: previous 1.82: preferred, unified
Changes since revision 1.82: +183 -1 lines
Move ipfw(4) code for ip_{input,output}() into ip_fw2.c to create in/out
pfil hooks for AF_INET pfil head.

During ipfw(4) module loading, ipfw(4) pfil hooks will be added to AF_INET
pfil head, only if fw_enable is 1.  ipfw(4) pfil hooks could be added and
deleted from AF_INET pfil head dynamicly by setting net.inet.ip.fw.enable
(1 to add, 0 to delete)

Revision 1.82: download - view: text, markup, annotated - select for diffs
Sat Sep 13 10:47:23 2008 UTC (5 years, 11 months ago) by sephe
Branches: MAIN
Diff to: previous 1.81: preferred, unified
Changes since revision 1.81: +34 -2 lines
Add a place holder sysctl function to enable and disable ipfw(4)

Revision 1.81: download - view: text, markup, annotated - select for diffs
Sat Sep 13 05:49:08 2008 UTC (5 years, 11 months ago) by sephe
Branches: MAIN
Diff to: previous 1.80: preferred, unified
Changes since revision 1.80: +0 -19 lines
- Let caller of ip_fw_dn_io_ptr call ip_dn_queue(), so that callers have the
  chance to save additional information to dummynet tag (e.g. ip_output)
- In ip_{input,output}(), call ip_dn_queue() outside of ipfw(4) processing
  code block
- Move saving dst, ro and flags from ipfw_dummynet_io() to ip_output()
- Remove unused fields in ip_fw_args
- Update comment

Revision 1.80: download - view: text, markup, annotated - select for diffs
Tue Sep 9 11:37:08 2008 UTC (5 years, 11 months ago) by sephe
Branches: MAIN
Diff to: previous 1.79: preferred, unified
Changes since revision 1.79: +1 -11 lines
- ipfw(4) does not need opt_ipdn.h and opt_ipdivert.h
- Use BUILDING_WITH_KERNEL in module Makefile
- Make ipfw(4) building depends on opt_inet.h and opt_ipfw.h

Revision 1.79: download - view: text, markup, annotated - select for diffs
Sun Sep 7 10:03:45 2008 UTC (5 years, 11 months ago) by sephe
Branches: MAIN
Diff to: previous 1.78: preferred, unified
Changes since revision 1.78: +28 -25 lines
Let ipfw_chk() return IP_FW_{PASS,DENY,DUMMYNET,TEE,DIVERT} and the caller
proceeds according to the return value in well strutured switch block.  The
additional information related to the return value (e.g. pipe/queue number
of IP_FW_DUMMYNET) is saved in ip_fw_args.cookie.

Idea-from: FreeBSD

Revision 1.78: download - view: text, markup, annotated - select for diffs
Wed Aug 27 14:00:45 2008 UTC (6 years ago) by sephe
Branches: MAIN
Diff to: previous 1.77: preferred, unified
Changes since revision 1.77: +14 -5 lines
Prepare to make IPDIVERT transparent to ip reassemble code:
Include more information in divert mbuf tag

Revision 1.77: download - view: text, markup, annotated - select for diffs
Tue Aug 26 11:42:40 2008 UTC (6 years ago) by sephe
Branches: MAIN
Diff to: previous 1.76: preferred, unified
Changes since revision 1.76: +11 -6 lines
Grrr, forward address is in network byte order

Revision 1.76: download - view: text, markup, annotated - select for diffs
Tue Aug 26 11:26:26 2008 UTC (6 years ago) by sephe
Branches: MAIN
Diff to: previous 1.75: preferred, unified
Changes since revision 1.75: +6 -0 lines
Don't allow multicast address to be used as the target address of a transparent
forwarding rule.

Revision 1.75: download - view: text, markup, annotated - select for diffs
Fri Aug 22 09:14:16 2008 UTC (6 years ago) by sephe
Branches: MAIN
Diff to: previous 1.74: preferred, unified
Changes since revision 1.74: +16 -3 lines
Save 'ipfw forward' information in mtag, use m_pkthdr.fw_flags to indicate
that this mtag exists (mainly to avoid unnecessary mtag locating).  This
actually eliminates the last reference to MT_TAG mbuf; nuke it completely.

Revision 1.74: download - view: text, markup, annotated - select for diffs
Thu Aug 21 12:11:34 2008 UTC (6 years ago) by sephe
Branches: MAIN
Diff to: previous 1.73: preferred, unified
Changes since revision 1.73: +8 -9 lines
- Correct 'forward' support
- Move comment to the proper place

Revision 1.73: download - view: text, markup, annotated - select for diffs
Sun Aug 17 05:45:56 2008 UTC (6 years ago) by sephe
Branches: MAIN
Diff to: previous 1.72: preferred, unified
Changes since revision 1.72: +27 -27 lines
- Rename ifa_{domsg,forwardmsg}() to ifnet_{domsg,forwardmsg}()
- Inline ifa_{domsg,forwardmsg}(); let them call ifnet_{domsg,forwardmsg}()
- Use ifnet_{domsg,forwardmsg}() in ipfw(4)

Revision 1.72: download - view: text, markup, annotated - select for diffs
Sun Aug 17 05:20:09 2008 UTC (6 years ago) by sephe
Branches: MAIN
Diff to: previous 1.71: preferred, unified
Changes since revision 1.71: +14 -14 lines
Pass cpuid to ifa_domsg()

Revision 1.71: download - view: text, markup, annotated - select for diffs
Sat Aug 16 09:05:59 2008 UTC (6 years ago) by sephe
Branches: MAIN
Diff to: previous 1.70: preferred, unified
Changes since revision 1.70: +1118 -229 lines
ipfw(4) parallelize stage 1, step 2/2: per-CPU static rule lists

See the comment at the beginning of net/ipfw/ip_fw2.c for detailed description.

Revision 1.70: download - view: text, markup, annotated - select for diffs
Sat Aug 9 09:41:54 2008 UTC (6 years ago) by sephe
Branches: MAIN
Diff to: previous 1.69: preferred, unified
Changes since revision 1.69: +8 -5 lines
- Group together the declaration of static rule related global variables
- Add comment

Revision 1.69: download - view: text, markup, annotated - select for diffs
Sat Aug 9 07:08:20 2008 UTC (6 years ago) by sephe
Branches: MAIN
Diff to: previous 1.68: preferred, unified
Changes since revision 1.68: +11 -0 lines
Though following code sequence is safe currently (even w/o BGL):
  if (ipfw_dyn_v != NULL) {
    lockmgr(&dyn_lock, LK_...);
    /* accessing ipfw_dyn_v */
    lockmgr(&dyn_lock, LK_RELEASE)
  }

it will be better for us to guard against future code changes by using:
  if (ipfw_dyn_v != NULL) {
    lockmgr(&dyn_lock, LK_...);
    if (ipfw_dyn_v != NULL) {
      /* accessing ipfw_dyn_v */
    }
    lockmgr(&dyn_lock, LK_RELEASE)
  }

Revision 1.68: download - view: text, markup, annotated - select for diffs
Sat Aug 9 06:29:45 2008 UTC (6 years ago) by sephe
Branches: MAIN
Diff to: previous 1.67: preferred, unified
Changes since revision 1.67: +1 -1 lines
Don't allow set 1 or 0 to dyn_buckets

Revision 1.67: download - view: text, markup, annotated - select for diffs
Sat Aug 9 06:09:18 2008 UTC (6 years ago) by sephe
Branches: MAIN
Diff to: previous 1.66: preferred, unified
Changes since revision 1.66: +263 -94 lines
ipfw(4) parallelize stage 1, step 1/2: lock dynamic rule table
- Looking up dynamic rule is protected by shared lockmgr lock, add comment in
  the dynamic rule description comment section.  Following related changes are
  made:
  o  In lookup_dyn_rule(), don't try to delete expired states or move the
     state to the head of hash bucket.
  o  Expired states will be reaped in ipfw_tick().  Exclusive lockmgr lock is
     held when iterating dynamic rules in ipfw_tick().
- Installing and deleting dynamic rules are protected by exclusive lockmgr lock.
- Add lookup_rule(), which returns static rule ptr saved in dynamic rule.  This
  function is added mainly because accessing dynamic rule outside of lockmgr
  lock is unsafe.
- Add static ruleset generation, so that we could check whether static ruleset
  was changed or not after blocking operation (e.g. try to hold lockmgr lock)
  during static ruleset iteration.  If static ruleset was changed, the static
  rulset iteration would be terminated and the packet being checked would be
  denied/dropped without further static rule accessing (e.g. stats updating).
- Add sysctl functions to make sure that user supplied values are in sane state.

Revision 1.66: download - view: text, markup, annotated - select for diffs
Tue Aug 5 11:57:40 2008 UTC (6 years ago) by sephe
Branches: MAIN
Diff to: previous 1.65: preferred, unified
Changes since revision 1.65: +14 -10 lines
- Use sysctl_int_range() for autoinc_step
- Assert instead snaphot of autoinc_step is within range, instead of adjust it.

Revision 1.65: download - view: text, markup, annotated - select for diffs
Sun Aug 3 03:26:22 2008 UTC (6 years, 1 month ago) by sephe
Branches: MAIN
Diff to: previous 1.64: preferred, unified
Changes since revision 1.64: +1 -1 lines
White space

Revision 1.64: download - view: text, markup, annotated - select for diffs
Sat Aug 2 11:39:00 2008 UTC (6 years, 1 month ago) by sephe
Branches: MAIN
Diff to: previous 1.63: preferred, unified
Changes since revision 1.63: +49 -5 lines
Introduce dynamic rule hash array generation, so that after possible blocking
packet sending we could know that the dynamic rule hash array was changed and
reiterate.  This is *necessary* even if BGL is still used.

Revision 1.63: download - view: text, markup, annotated - select for diffs
Sat Aug 2 07:05:48 2008 UTC (6 years, 1 month ago) by sephe
Branches: MAIN
Diff to: previous 1.62: preferred, unified
Changes since revision 1.62: +2 -2 lines
- Use NULL
- White space

Revision 1.62: download - view: text, markup, annotated - select for diffs
Sat Aug 2 06:35:20 2008 UTC (6 years, 1 month ago) by sephe
Branches: MAIN
Diff to: previous 1.61: preferred, unified
Changes since revision 1.61: +40 -13 lines
- Make dynamic rule allocation non-blocking
- Make dynamic rule hash array allocaion non-blocking
  Old behaviour of the hash array allocation is changed in following aspects:
  o  Old hash array is freed only if new hash array allocation succeed
  o  Old hash array is reused, if the allocation makes the hash array size
     less than the old one

After this change, the static rules iteration is non-blocking, so we will not
have trouble to duplicate static rules (using netmsg forwarding) on all CPUs.

# send_reject() called in the rule iteration may block, but it is the last step
# in the rule iteration, so we don't need to worry about it.

Revision 1.61: download - view: text, markup, annotated - select for diffs
Sat Aug 2 03:32:38 2008 UTC (6 years, 1 month ago) by sephe
Branches: MAIN
Diff to: previous 1.60: preferred, unified
Changes since revision 1.60: +5 -8 lines
- Add macro for cpu_portfn(0), on which all ipfw configuration should happen
- Add assertion macro to make sure a msgport is IPFW_CFGPORT

Revision 1.60: download - view: text, markup, annotated - select for diffs
Sat Aug 2 03:03:06 2008 UTC (6 years, 1 month ago) by sephe
Branches: MAIN
Diff to: previous 1.59: preferred, unified
Changes since revision 1.59: +33 -19 lines
- ipfw_add_rule will never fail
- Make sure that ipfw_add_rule happens on CPU0
- Save a snapshot of autoinc_step, so sysctl will not interfering rule number
  assignment
- Add comment

Revision 1.59: download - view: text, markup, annotated - select for diffs
Thu Jul 31 14:39:36 2008 UTC (6 years, 1 month ago) by sephe
Branches: MAIN
Diff to: previous 1.58: preferred, unified
Changes since revision 1.58: +6 -0 lines
Assert that static rules' count is only updated on CPU0

Revision 1.58: download - view: text, markup, annotated - select for diffs
Thu Jul 31 12:42:40 2008 UTC (6 years, 1 month ago) by sephe
Branches: MAIN
Diff to: previous 1.57: preferred, unified
Changes since revision 1.57: +12 -8 lines
White space and style changes

Revision 1.57: download - view: text, markup, annotated - select for diffs
Thu Jul 31 12:35:15 2008 UTC (6 years, 1 month ago) by sephe
Branches: MAIN
Diff to: previous 1.56: preferred, unified
Changes since revision 1.56: +92 -76 lines
White space and style changes

Revision 1.56: download - view: text, markup, annotated - select for diffs
Thu Jul 31 12:09:00 2008 UTC (6 years, 1 month ago) by sephe
Branches: MAIN
Diff to: previous 1.55: preferred, unified
Changes since revision 1.55: +9 -5 lines
- Undefine temporary macro
- White space changes
- Use "do {} while (0)" in macro

Revision 1.55: download - view: text, markup, annotated - select for diffs
Thu Jul 31 11:58:42 2008 UTC (6 years, 1 month ago) by sephe
Branches: MAIN
Diff to: previous 1.54: preferred, unified
Changes since revision 1.54: +68 -54 lines
White space and style changes

Revision 1.54: download - view: text, markup, annotated - select for diffs
Thu Jul 31 11:46:51 2008 UTC (6 years, 1 month ago) by sephe
Branches: MAIN
Diff to: previous 1.53: preferred, unified
Changes since revision 1.53: +28 -19 lines
White space and style changes

Revision 1.53: download - view: text, markup, annotated - select for diffs
Thu Jul 31 11:36:38 2008 UTC (6 years, 1 month ago) by sephe
Branches: MAIN
Diff to: previous 1.52: preferred, unified
Changes since revision 1.52: +2 -1 lines
Remove unused macro; undefine temporary macro

Revision 1.52: download - view: text, markup, annotated - select for diffs
Wed Jul 30 15:33:08 2008 UTC (6 years, 1 month ago) by sephe
Branches: MAIN
Diff to: previous 1.51: preferred, unified
Changes since revision 1.51: +60 -53 lines
Minor white space and style changes

Revision 1.51: download - view: text, markup, annotated - select for diffs
Wed Jul 30 12:57:59 2008 UTC (6 years, 1 month ago) by sephe
Branches: MAIN
Diff to: previous 1.50: preferred, unified
Changes since revision 1.50: +14 -9 lines
Minor white space and style changes

Revision 1.50: download - view: text, markup, annotated - select for diffs
Wed Jul 30 12:31:51 2008 UTC (6 years, 1 month ago) by sephe
Branches: MAIN
Diff to: previous 1.49: preferred, unified
Changes since revision 1.49: +24 -20 lines
Minor white space and style changes

Revision 1.49: download - view: text, markup, annotated - select for diffs
Tue Jul 29 11:17:49 2008 UTC (6 years, 1 month ago) by sephe
Branches: MAIN
Diff to: previous 1.48: preferred, unified
Changes since revision 1.48: +13 -9 lines
Unbreak kernel building.

Dragonfly-bug: <http://bugs.dragonflybsd.org/issue1097>

Revision 1.48: download - view: text, markup, annotated - select for diffs
Mon Jul 28 15:07:28 2008 UTC (6 years, 1 month ago) by sephe
Branches: MAIN
Diff to: previous 1.47: preferred, unified
Changes since revision 1.47: +0 -10 lines
Dispatch ipfw control to netisr0.  To avoid possible dangling netmsg handler,
create ip_fw2_glue.c, which will be built if inet is built.  IPFW_LOADED is
checked again after netmsg's handler is running, since ipfw unload netmsg may
be processed before this ipfw control netmsg.

Revision 1.47: download - view: text, markup, annotated - select for diffs
Mon Jul 28 13:45:43 2008 UTC (6 years, 1 month ago) by sephe
Branches: MAIN
Diff to: previous 1.46: preferred, unified
Changes since revision 1.46: +6 -0 lines
Use seperate variable to indicate whether ipfw has been loaded or not, so
that following way could be used to protect various ipfw function pointers:
    ip_fw_loaded = 0;
    netmsg_service_sync();
    /* clear all ipfw function pointers */

Revision 1.46: download - view: text, markup, annotated - select for diffs
Mon Jul 28 12:35:41 2008 UTC (6 years, 1 month ago) by sephe
Branches: MAIN
Diff to: previous 1.45: preferred, unified
Changes since revision 1.45: +66 -27 lines
- Dispatch ipfw loading/unloading to netisr0
- Minor style changes

Revision 1.45: download - view: text, markup, annotated - select for diffs
Mon Jul 28 12:00:32 2008 UTC (6 years, 1 month ago) by sephe
Branches: MAIN
Diff to: previous 1.44: preferred, unified
Changes since revision 1.44: +1 -8 lines
- Staticize ip_fw_default_rule
- Remove old comment about ip_fw_default_rule; it no longer apples.
  ip_fw_default_rule has only served bookkeeping purpose for a long time.

Revision 1.44: download - view: text, markup, annotated - select for diffs
Sat Jun 21 06:47:29 2008 UTC (6 years, 2 months ago) by sephe
Branches: MAIN
CVS tags: DragonFly_RELEASE_2_0_Slip, DragonFly_RELEASE_2_0, DragonFly_Preview
Diff to: previous 1.43: preferred, unified
Changes since revision 1.43: +4 -0 lines
Since either hardware or ether input code will strip packet's vlan tag,
before the packet could reach ether level ipfw filtering, we will have
to change the packet's ether type to VLAN, if the packet was vlan tagged,
so ipfw could see the correct packet mac-type.

Revision 1.43: download - view: text, markup, annotated - select for diffs
Tue Jun 17 20:50:11 2008 UTC (6 years, 2 months ago) by aggelos
Branches: MAIN
Diff to: previous 1.42: preferred, unified
Changes since revision 1.42: +30 -31 lines
do early copyin / delayed copyout for socket options

Revision 1.42: download - view: text, markup, annotated - select for diffs
Mon Jun 9 11:24:24 2008 UTC (6 years, 2 months ago) by sephe
Branches: MAIN
Diff to: previous 1.41: preferred, unified
Changes since revision 1.41: +2 -2 lines
Parallelize in_ifaddrhashtbl

Revision 1.41: download - view: text, markup, annotated - select for diffs
Fri Mar 7 11:34:20 2008 UTC (6 years, 5 months ago) by sephe
Branches: MAIN
Diff to: previous 1.40: preferred, unified
Changes since revision 1.40: +4 -2 lines
Parallelize ifnet.if_addrhead accessing by duplicating the list itself
on each CPU, each list element points to ifaddr:
- Add SI_SUB_PRE_DRIVERS before SI_SUB_DRIVERS, so action could be taken
  before drivers' initialization (mainly before NIC driver's if_attach())
- Move netisr_init() to the FIRST of SI_SUB_PRE_DRIVERS, so that
  netmsg_service_port_init() could be called in earlier stage of system
  initialization.
- Create one thread on each CPU to propagate changes to ifnet.if_addrhead.
  Their thread ports are registered with netmsg_service_port_init() for
  port syncing operation.
- Change to ifnet.if_addrhead begins in netisr0, i.e. serial of changes
  to ifnet.if_addrhead are serialized by netisr0
- ifaddr's refcnt is moved to its list elements, i.e. per-CPU refcnt.
  They are initialized to 1 instead of 0.
- A magic field is added to ifaddr list element to make sure that IFAREF
  and IFAFREE are called on valid ifaddr list element.  This field is
  initialized to a magic value and is wiped out once the list element's
  refcnt drops to 0
- To close the gap between testing and freeing, once the ifaddr list
  element's refcnt drops to 0, ifa_portfn(0) (a thread's port on CPU0) is
  poked to check whether ifaddr is referenced on other CPUs, if not, then
  ifaddr is freed on ifa_portfn(0)

Reviewed-by: dillon@ (earlier version)

Revision 1.40: download - view: text, markup, annotated - select for diffs
Wed Dec 19 12:13:17 2007 UTC (6 years, 8 months ago) by sephe
Branches: MAIN
CVS tags: DragonFly_RELEASE_1_12_Slip, DragonFly_RELEASE_1_12
Diff to: previous 1.39: preferred, unified
Changes since revision 1.39: +2 -2 lines
Generalize PF_MBUF_GENERATED mbuf firewall flag

Revision 1.39: download - view: text, markup, annotated - select for diffs
Sat Nov 17 08:05:43 2007 UTC (6 years, 9 months ago) by sephe
Branches: MAIN
Diff to: previous 1.38: preferred, unified
Changes since revision 1.38: +2 -0 lines
Make sure that the mbuf contains pkthdr.

Revision 1.38: download - view: text, markup, annotated - select for diffs
Fri Nov 16 02:45:45 2007 UTC (6 years, 9 months ago) by sephe
Branches: MAIN
Diff to: previous 1.37: preferred, unified
Changes since revision 1.37: +127 -7 lines
CPU localize dummynet(4) step 1/2

       CPU ip_dn_cpu                             CPU n1
+--------------------------+            +---------------------+
|          netisr          |            |                     |
|            |             |            |                     |
|            +<---------------dn_descX----[ip_fw_dn_io_ptr()] |
|            |             |            |                     |
| [ip_dn_io_ptr(dn_descX)] |            |                     |
|            |             |            |                     |
|            |             |            |                     |
|            |             |            |                     |
| [transmit_event() begin  |            |                     |
|            +----------------dn_descY------>[ip_output()]    |
|            :             |            |                     |
|            :             |            |                     |
|            :             |            +---------------------+
|            :             |
|            :             |
|            :             |                     CPU n2
|            :             |            +---------------------+
|            :             |            |                     |
|            +----------------dn_descZ------>[ip_input()]     |
|            :             |            |                     |
|  transmit_event() end]   |            +---------------------+
|            |             |
+--------------------------+

NOTE: transmit_event() is triggered by dummynet systimer on CPU ip_dn_cpu


- Add flow id field, which is packet filter independent, in dummynet
  descriptor, so that we can record the flow id realted information on the
  originator's stack.  In this way, dummynet descriptor and its associated
  mbuf could be dispatched to different thread for further processing.
- Add packet filter private data and private data unreference function
  pointer in dummynet descriptor.
- All of the dummynet descriptor is allocated and filled by packet filter
  (only ipfw(4) currently), so things like route entry reference is updated
  on the CPU to which it belongs.
- All packets are dispatched to netisr on CPU ip_dn_cpu to be queued on the
  target flow queue.  Netisr on CPU ip_dn_cpu is also where various dummynet
  events got processed.
- DUMMYNET_LOADED is not checked before dispatching a packet; it is checked
  in netisr before the packet is handed to dummynet.  This paves the way for
  step 2/2.
- ip_{output,input}/ether_{demux,output_frame} is no longer called directly
  in dummynet, they are called after packet dispatched back to the originator
  CPU, so that ip_input() will be called on the same CPU (as determined by
  ip_mport()) and things like route entry reference will be updated on the
  CPU to which it belongs.
- If the packet is to be dispatched back to ip_output(), the recorded route
  entry is checked to make sure that it is still up.
- Dummynet discriptor and its associated mbuf is freed on their originator CPU.
- Reference count the ipfw(4) rule if it is going to be associated with a
  dummynet descriptor, so we would not have a dangling rule pointer if the
  rule was deleted when the dummynet descriptor was in transit state.
  Suggested-by: dillon@
- If ipfw(4) is compiled and loaded as module, reference count the ipfw(4)
  module usage, if a rule is associated with a dummynet descriptor.
- Add net/dummynet/ip_dummynet_glue.c, which contains various netisr dispatch
  function.  This file will be compiled into kernel if 'options INET' is set,
  so that we will not have a dangling function pointer in transitting dummynet
  descriptor.
- Add DUMMYNET_MBUF_TAGGED mbuf fw_flag, which may be used later.
- Nuke dummynet's dependency on ipfw(4).

Revision 1.37: download - view: text, markup, annotated - select for diffs
Tue Nov 6 14:42:51 2007 UTC (6 years, 9 months ago) by sephe
Branches: MAIN
Diff to: previous 1.36: preferred, unified
Changes since revision 1.36: +0 -20 lines
- Use hash table for pipes and flow set, which accelerates flow set looking up
  in dummynet_io().  This should be fast enough so that we don't need to cache
  the searching result in ipfw(4) pipe/queue rule's pipe_ptr field.  This also
  further decouples dummynet(4) and ipfw(4).
- Nuke flush_pipe_ptrs() after above change.
- Use queue(3) for linked list.

Revision 1.36: download - view: text, markup, annotated - select for diffs
Mon Nov 5 13:11:16 2007 UTC (6 years, 9 months ago) by sephe
Branches: MAIN
Diff to: previous 1.35: preferred, unified
Changes since revision 1.35: +49 -49 lines
Use POSIX int type

Revision 1.35: download - view: text, markup, annotated - select for diffs
Mon Nov 5 09:25:44 2007 UTC (6 years, 9 months ago) by sephe
Branches: MAIN
Diff to: previous 1.34: preferred, unified
Changes since revision 1.34: +12 -2 lines
In free_chain() if we are asked to "kill default":
- Set default rule pointer to NULL
- Free dynamic rules(states) hash table.  This avoids memory leakage when
  unloading ipfw(4) module, if dynamic rules(states) are created.

Revision 1.34: download - view: text, markup, annotated - select for diffs
Mon Nov 5 08:58:35 2007 UTC (6 years, 9 months ago) by sephe
Branches: MAIN
Diff to: previous 1.33: preferred, unified
Changes since revision 1.33: +217 -126 lines
- Create user land ipfw(4) rule/state/flow_id structures, so that we could
  change kernel land structures without interfering user land programs
  (mainly ipfw(8))
  Approved-by: dillon@
- Add assertion to make sure that static rules size/count and dynamic rules
  count are correct

Revision 1.33: download - view: text, markup, annotated - select for diffs
Sun Nov 4 06:57:46 2007 UTC (6 years, 9 months ago) by sephe
Branches: MAIN
Diff to: previous 1.32: preferred, unified
Changes since revision 1.32: +13 -3 lines
Factor out ipfw_dec_static_count(); add assertion in it to make sure
that static_{count,len} are correct.

Revision 1.32: download - view: text, markup, annotated - select for diffs
Sun Nov 4 04:28:52 2007 UTC (6 years, 9 months ago) by sephe
Branches: MAIN
Diff to: previous 1.31: preferred, unified
Changes since revision 1.31: +39 -28 lines
- Add ipfw_init_default_rule() to perform default rule initialization
- In add_rule(), nuke special handling for default rule
- Factor out ipfw_inc_static_count()

These could ease upcoming user/kernel land ipfw structures splitting

Revision 1.31: download - view: text, markup, annotated - select for diffs
Mon Oct 29 12:23:57 2007 UTC (6 years, 10 months ago) by sephe
Branches: MAIN
Diff to: previous 1.30: preferred, unified
Changes since revision 1.30: +2 -2 lines
realloc_dynamic_table() and add_dyn_rule() may be called from interrupt thread
and TCP/UDP thread, so instead of M_WAITOK, (M_INTWAIT | M_NULLOK) should be
used.

Revision 1.30: download - view: text, markup, annotated - select for diffs
Mon Oct 29 02:59:03 2007 UTC (6 years, 10 months ago) by sephe
Branches: MAIN
Diff to: previous 1.29: preferred, unified
Changes since revision 1.29: +1 -3 lines
- M_WAITOK will never return NULL
- White space

Revision 1.29: download - view: text, markup, annotated - select for diffs
Tue Oct 23 15:01:15 2007 UTC (6 years, 10 months ago) by sephe
Branches: MAIN
Diff to: previous 1.28: preferred, unified
Changes since revision 1.28: +1 -1 lines
Move ipfw/dummynet from SI_SUB_PSEUDO to SI_SUB_PROTO_END, so they
could use services provided by netisr.

Submitted-by: Nicolas Thery <nthery@gmail.com>

Revision 1.28: download - view: text, markup, annotated - select for diffs
Sat Oct 20 10:28:44 2007 UTC (6 years, 10 months ago) by sephe
Branches: MAIN
Diff to: previous 1.27: preferred, unified
Changes since revision 1.27: +1 -1 lines
- m_tag_get() expects MB_DONTWAIT not M_NOWAIT
- Utilize MBTOM() in m_tag_alloc()

Revision 1.27: download - view: text, markup, annotated - select for diffs
Sun Sep 2 13:27:23 2007 UTC (7 years ago) by sephe
Branches: MAIN
Diff to: previous 1.26: preferred, unified
Changes since revision 1.26: +0 -2 lines
Switch ipfw from ipfw1 to ipfw2.

Approved-by: dillon@
Submitted-by: Gary Allan <dragonfly@gallan.plus.com> (w/ modification)

Revision 1.26: download - view: text, markup, annotated - select for diffs
Fri Dec 22 23:44:57 2006 UTC (7 years, 8 months ago) by swildner
Branches: MAIN
CVS tags: DragonFly_RELEASE_1_8_Slip, DragonFly_RELEASE_1_8, DragonFly_RELEASE_1_10_Slip, DragonFly_RELEASE_1_10
Diff to: previous 1.25: preferred, unified
Changes since revision 1.25: +35 -35 lines
Rename printf -> kprintf in sys/ and add some defines where necessary
(files which are used in userland, too).

Revision 1.25: download - view: text, markup, annotated - select for diffs
Wed Dec 20 18:14:42 2006 UTC (7 years, 8 months ago) by dillon
Branches: MAIN
Diff to: previous 1.24: preferred, unified
Changes since revision 1.24: +22 -22 lines
Rename sprintf  -> ksprintf
Rename snprintf -> knsprintf

Make allowances for source files that are compiled for both userland and
the kernel.

Revision 1.24: download - view: text, markup, annotated - select for diffs
Wed Dec 13 21:58:52 2006 UTC (7 years, 8 months ago) by dillon
Branches: MAIN
Diff to: previous 1.23: preferred, unified
Changes since revision 1.23: +1 -1 lines
rename sscanf -> ksscanf
rename vsscanf -> kvsscanf
rename fnmatch -> kfnmatch
rename qsort -> kqsort

Revision 1.23: download - view: text, markup, annotated - select for diffs
Sat Sep 30 20:23:05 2006 UTC (7 years, 11 months ago) by swildner
Branches: MAIN
Diff to: previous 1.22: preferred, unified
Changes since revision 1.22: +4 -3 lines
Avoid casts as lvalues.

Taken-from: FreeBSD

Revision 1.22: download - view: text, markup, annotated - select for diffs
Tue Sep 5 03:48:12 2006 UTC (7 years, 11 months ago) by dillon
Branches: MAIN
Diff to: previous 1.21: preferred, unified
Changes since revision 1.21: +1 -1 lines
Rename malloc->kmalloc, free->kfree, and realloc->krealloc.  Pass 2

Revision 1.21: download - view: text, markup, annotated - select for diffs
Tue Sep 5 00:55:47 2006 UTC (7 years, 11 months ago) by dillon
Branches: MAIN
Diff to: previous 1.20: preferred, unified
Changes since revision 1.20: +7 -7 lines
Rename malloc->kmalloc, free->kfree, and realloc->krealloc.  Pass 1

Revision 1.20: download - view: text, markup, annotated - select for diffs
Sun Sep 3 18:52:29 2006 UTC (8 years ago) by dillon
Branches: MAIN
Diff to: previous 1.19: preferred, unified
Changes since revision 1.19: +2 -1 lines
Rename functions to avoid conflicts with libc.

Revision 1.19: download - view: text, markup, annotated - select for diffs
Sun Jun 25 11:02:39 2006 UTC (8 years, 2 months ago) by corecode
Branches: MAIN
CVS tags: DragonFly_RELEASE_1_6_Slip, DragonFly_RELEASE_1_6
Diff to: previous 1.18: preferred, unified
Changes since revision 1.18: +1 -1 lines
Remove OLDBRIDGE

Revision 1.17.2.1: download - view: text, markup, annotated - select for diffs
Tue Jun 20 13:28:47 2006 UTC (8 years, 2 months ago) by y0netan1
Branches: DragonFly_RELEASE_1_4
CVS tags: DragonFly_RELEASE_1_4_Slip
Diff to: previous 1.17: preferred, unified; next MAIN 1.18: preferred, unified
Changes since revision 1.17: +2 -10 lines
MFC: Add a new flag in pkthdr.fw_flag for ipfw2 so as not to abuse mbuf flag.

Revision 1.18: download - view: text, markup, annotated - select for diffs
Wed Jun 14 04:39:05 2006 UTC (8 years, 2 months ago) by y0netan1
Branches: MAIN
Diff to: previous 1.17: preferred, unified
Changes since revision 1.17: +2 -10 lines
Add a new flag in pkthdr.fw_flag for ipfw2 so as not to abuse mbuf flag.
We use bit14 of mbuf flag as M_EXT_CLUSTER, which is not supposed to be set
without M_EXT, so abusing this bit resulted in a panic in m_free().

Suggested-by: joerg@
Ok: dillon@

Revision 1.17: download - view: text, markup, annotated - select for diffs
Fri Jun 17 19:12:19 2005 UTC (9 years, 2 months ago) by dillon
Branches: MAIN
Branch point for: DragonFly_RELEASE_1_4
Diff to: previous 1.16: preferred, unified
Changes since revision 1.16: +3 -3 lines
Abstract out the location of an m_tag's data by adding a m_tag_data() inline.
Replace all instances of 'mtag + 1' with the new inline.

Fix numerous bugs, mainly in ipfw/ipfw2, where the m_tag data was being stored
in the wrong place and corrupting the m_tag, resulting in a panic.  This
primarily occured with the use of divert rules.

Reported-by: Ben Woolley <tautolog@gmail.com>

Revision 1.16: download - view: text, markup, annotated - select for diffs
Wed Jun 15 18:46:54 2005 UTC (9 years, 2 months ago) by joerg
Branches: MAIN
Diff to: previous 1.15: preferred, unified
Changes since revision 1.15: +29 -33 lines
Convert to critical sections.

Revision 1.15: download - view: text, markup, annotated - select for diffs
Mon Apr 18 14:26:57 2005 UTC (9 years, 4 months ago) by joerg
Branches: MAIN
CVS tags: DragonFly_Stable
Diff to: previous 1.14: preferred, unified
Changes since revision 1.14: +19 -6 lines
Switch IP divert from mbuf based tagging to mbuf tags.
This patch is meant to keep the old semantic, the divert
handling can be pushed down in most places later.

Revision 1.14: download - view: text, markup, annotated - select for diffs
Fri Sep 17 08:25:30 2004 UTC (9 years, 11 months ago) by dillon
Branches: MAIN
CVS tags: DragonFly_Snap29Sep2004, DragonFly_RELEASE_1_2_Slip, DragonFly_RELEASE_1_2
Diff to: previous 1.13: preferred, unified
Changes since revision 1.13: +0 -1 lines
Remove a superfluous (and incorrect due to the recent callout changes) bzero()
call.

Revision 1.13: download - view: text, markup, annotated - select for diffs
Thu Sep 16 23:19:34 2004 UTC (9 years, 11 months ago) by joerg
Branches: MAIN
Diff to: previous 1.12: preferred, unified
Changes since revision 1.12: +6 -4 lines
timeout/untimeout ==> callout_*

Revision 1.12: download - view: text, markup, annotated - select for diffs
Wed Jun 2 14:42:58 2004 UTC (10 years, 3 months ago) by eirikn
Branches: MAIN
CVS tags: DragonFly_Snap13Sep2004, DragonFly_1_0_REL, DragonFly_1_0_RC1, DragonFly_1_0A_REL
Diff to: previous 1.11: preferred, unified
Changes since revision 1.11: +1 -1 lines
Change mbug allocation flags from M_ to MB_ to avoid confusion with malloc
flags.

Requested by: Jeffrey Hsu

Revision 1.11: download - view: text, markup, annotated - select for diffs
Thu Apr 22 04:22:02 2004 UTC (10 years, 4 months ago) by dillon
Branches: MAIN
Diff to: previous 1.10: preferred, unified
Changes since revision 1.10: +1 -6 lines
M_NOWAIT -> M_WAITOK or M_INTWAIT conversions.  There is a whole lot of net
code that is improperly using M_NOWAIT.  Also remove now unneeded NULL checks
since malloc will panic rather then return NULL when M_NULLOK is not set.

Use M_INTWAIT|M_NULLOK in some cases (such as route table allocation) in
order to allow malloc to return NULL when the limit for the malloc type
is reached.

Revision 1.10: download - view: text, markup, annotated - select for diffs
Fri Mar 19 18:22:00 2004 UTC (10 years, 5 months ago) by hmp
Branches: MAIN
Diff to: previous 1.9: preferred, unified
Changes since revision 1.9: +1 -1 lines
Merge: FreeBSD (RELENG_4) ip_fw2.c rev. 1.6.2.19

	IN_MULTICAST wants an address in host byte order.

Revision 1.9: download - view: text, markup, annotated - select for diffs
Thu Mar 11 17:22:52 2004 UTC (10 years, 5 months ago) by joerg
Branches: MAIN
Diff to: previous 1.8: preferred, unified
Changes since revision 1.8: +1 -1 lines
Use local cpu tcbinfo

Revision 1.8: download - view: text, markup, annotated - select for diffs
Tue Mar 9 15:00:06 2004 UTC (10 years, 5 months ago) by hmp
Branches: MAIN
Diff to: previous 1.7: preferred, unified
Changes since revision 1.7: +4 -4 lines
Adjust IPFW to use M_WAITOK instead of M_NOWAIT.  The M_NOWAIT flag on
DragonFly is very explicit about its behavior, which can result in a
panic.

Only spl protected calls are using M_NOWAIT.

Submitted by:	Craig Dooley <craig@xlnx-x.net>

Revision 1.7: download - view: text, markup, annotated - select for diffs
Sat Feb 14 21:12:38 2004 UTC (10 years, 6 months ago) by dillon
Branches: MAIN
Diff to: previous 1.6: preferred, unified
Changes since revision 1.6: +1 -2 lines
Move <machine/in_cksum.h> to <sys/in_cksum.h>.  This file is now platform
independant.  If we want to add extreme machine specialization later on
then sys/in_cksum.h will #include machine/in_cksum.h.

Move i386/i386/in_cksum.c to netinet/in_cksum.c.  Note that netinet/in_cksum.c
already existed but was not used by the build system at all.  The move
overwrites it.  The new in_cksum.c is a portable, complete rewrite which
references core assembly (procedure call) to do 32-bit-aligned work.  See
also i386/i386/in_cksum2.s.

Revision 1.6: download - view: text, markup, annotated - select for diffs
Fri Feb 13 17:45:51 2004 UTC (10 years, 6 months ago) by joerg
Branches: MAIN
Diff to: previous 1.5: preferred, unified
Changes since revision 1.5: +2 -2 lines
Add __DragonFly__

Revision 1.5: download - view: text, markup, annotated - select for diffs
Tue Jan 6 03:17:26 2004 UTC (10 years, 7 months ago) by dillon
Branches: MAIN
Diff to: previous 1.4: preferred, unified
Changes since revision 1.4: +9 -8 lines
if_xname support Part 2/2: Convert remaining netif devices and implement full
support for if_xname.  Restructure struct ifnet in net/if_var.h, pulling in
a few minor additional changes from current including making if_dunit an int,
and making if_flags an int.

Submitted-by: Max Laier <max@love2party.net>

Revision 1.4: download - view: text, markup, annotated - select for diffs
Sat Sep 20 15:17:45 2003 UTC (10 years, 11 months ago) by hmp
Branches: MAIN
Diff to: previous 1.3: preferred, unified
Changes since revision 1.3: +1 -1 lines
Fix IPFW2 build.

Submitted by:	qhwt@myrealbox.com

Revision 1.3: download - view: text, markup, annotated - select for diffs
Thu Aug 7 21:17:29 2003 UTC (11 years ago) by dillon
Branches: MAIN
Diff to: previous 1.2: preferred, unified
Changes since revision 1.2: +2 -2 lines
kernel tree reorganization stage 1: Major cvs repository work (not logged as
commits) plus a major reworking of the #include's to accomodate the
relocations.

    * CVS repository files manually moved.  Old directories left intact
      and empty (temporary).

    * Reorganize all filesystems into vfs/, most devices into dev/,
      sub-divide devices by function.

    * Begin to move device-specific architecture files to the device
      subdirs rather then throwing them all into, e.g. i386/include

    * Reorganize files related to system busses, placing the related code
      in a new bus/ directory.  Also move cam to bus/cam though this may
      not have been the best idea in retrospect.

    * Reorganize emulation code and place it in a new emulation/ directory.

    * Remove the -I- compiler option in order to allow #include file
      localization, rename all config generated X.h files to use_X.h to
      clean up the conflicts.

    * Remove /usr/src/include (or /usr/include) dependancies during the
      kernel build, beyond what is normally needed to compile helper
      programs.

    * Make config create 'machine' softlinks for architecture specific
      directories outside of the standard <arch>/include.

    * Bump the config rev.

    WARNING! after this commit /usr/include and /usr/src/sys/compile/*
    should be regenerated from scratch.

Revision 1.2: download - view: text, markup, annotated - select for diffs
Tue Jun 17 04:28:51 2003 UTC (11 years, 2 months ago) by dillon
Branches: MAIN
CVS tags: PRE_MP
Diff to: previous 1.1: preferred, unified
Changes since revision 1.1: +1 -0 lines
Add the DragonFly cvs id and perform general cleanups on cvs/rcs/sccs ids.  Most
ids have been removed from !lint sections and moved into comment sections.

Revision 1.1: download - view: text, markup, annotated - select for diffs
Tue Jun 17 02:55:34 2003 UTC (11 years, 2 months ago) by dillon
Branches: MAIN
CVS tags: FREEBSD_4_FORK
import from FreeBSD RELENG_4 1.6.2.12

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options