History log of /freebsd-head/sys/netinet6/in6_gif.c
Revision Date Author Comments
4b5a6f42558d1453859ca441b688f9ec7cf99691 28-May-2020 melifaro <melifaro@FreeBSD.org> Switch gif(4) path verification to fib[46]_check_urfp().

fibX_lookup_nh_ represents pre-epoch generation of fib api,
providing less guarantees over pointer validness and requiring
on-stack data copying.
Use specialized fib[46]_check_urpf() from newer KPI instead,
to allow removal of older KPI.

Reviewed by: ae
Differential Revision: https://reviews.freebsd.org/D24978
044cd3b935f0e3e1ae6964c74d4f3cb54c562de0 15-Jan-2020 glebius <glebius@FreeBSD.org> Mechanically substitute assertion of in_epoch(net_epoch_preempt) to
NET_EPOCH_ASSERT(). NFC
91cf1d92ac87cb685dda656a599173ecf0e200e1 23-Oct-2018 ae <ae@FreeBSD.org> Add the check that current VNET is ready and access to srchash is allowed.

This change is similar to r339646. The callback that checks for appearing
and disappearing of tunnel ingress address can be called during VNET
teardown. To prevent access to already freed memory, add check to the
callback and epoch_wait() call to be sure that callback has finished its
work.

MFC after: 20 days
802ce6d2c85267b09f86ead9d4a8e92d25be859d 21-Oct-2018 ae <ae@FreeBSD.org> Add handling for appearing/disappearing of ingress addresses to if_gif(4).

* register handler for ingress address appearing/disappearing;
* add new srcaddr hash table for fast softc lookup by srcaddr;
* when srcaddr disappears, clear IFF_DRV_RUNNING flag from interface,
and set it otherwise;
* remove the note about ingress address from BUGS section.

MFC after: 1 month
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D17134
93218b657a0c5eb146cd53f174071860698bd144 16-Aug-2018 ae <ae@FreeBSD.org> Properly initialize IP version in IPv6 header. This was missed in r334673.

Reported by: Lars Schotte <lars at gustik dot eu>
a6605d2938cce3ab84122eb8f7e12469b7d3356f 24-Jul-2018 andrew <andrew@FreeBSD.org> Use the new VNET_DEFINE_STATIC macro when we are defining static VNET
variables.

Reviewed by: bz
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D16147
14de8a2820efdf121114eefd291e6427fa353690 04-Jul-2018 mmacy <mmacy@FreeBSD.org> epoch(9): allow preemptible epochs to compose

- Add tracker argument to preemptible epochs
- Inline epoch read path in kernel and tied modules
- Change in_epoch to take an epoch as argument
- Simplify tfb_tcp_do_segment to not take a ti_locked argument,
there's no longer any benefit to dropping the pcbinfo lock
and trying to do so just adds an error prone branchfest to
these functions
- Remove cases of same function recursion on the epoch as
recursing is no longer free.
- Remove the the TAILQ_ENTRY and epoch_section from struct
thread as the tracker field is now stack or heap allocated
as appropriate.

Tested by: pho and Limelight Networks
Reviewed by: kbowling at llnw dot com
Sponsored by: Limelight Networks
Differential Revision: https://reviews.freebsd.org/D16066
fd521100193505387e695ae7ae57366effe65a01 28-Jun-2018 ae <ae@FreeBSD.org> Add NULL pointer check.

encap_lookup_t method can be invoked by IP encap subsytem even if none
of gif/gre/me interfaces are exist. Hash tables are allocated on demand,
when first interface is created. So, make NULL pointer check before
doing access to hash table.

PR: 229378
d1ee857bcfed93b546537a014857026873662367 05-Jun-2018 ae <ae@FreeBSD.org> Rework if_gif(4) to use new encap_lookup_t method to speedup lookup
of needed interface when many gif interfaces are present.

Remove rmlock from gif_softc, use epoch(9) and CK_LIST instead.
Move more AF-related code into AF-related locations.
Use hash table to speedup lookup of needed softc. Interfaces
with GIF_IGNORE_SOURCE flag are stored in plain CK_LIST.
Sysctl net.link.gif.parallel_tunnels is removed. The removal was planed
16 years ago, and actually it could work only for outbound direction.
Each protocol, that can be handled by if_gif(4) interface is registered
by separate encap handler, this helps avoid invoking the handler
for unrelated protocols (GRE, PIM, etc.).

This change allows dramatically improve performance when many gif(4)
interfaces are used.

Sponsored by: Yandex LLC
dfbd18b5fe8a7d519e21118f1d5fbb8bfd8d3bad 05-Jun-2018 ae <ae@FreeBSD.org> Rework IP encapsulation handling code.

Currently it has several disadvantages:
- it uses single mutex to protect internal structures. It is used by
data- and control- path, thus there are no parallelism at all.
- it uses single list to keep encap handlers for both INET and INET6
families.
- struct encaptab keeps unneeded information (src, dst, masks, protosw),
that isn't used by code in the source tree.
- matches are prioritized and when many tunneling interfaces are
registered, encapcheck handler of each interface is invoked for each
packet. The search takes O(n) for n interfaces. All this work is done
with exclusive lock held.

What this patch includes:
- the datapath is converted to be lockless using epoch(9) KPI.
- struct encaptab now linked using CK_LIST.
- all unused fields removed from struct encaptab. Several new fields
addedr: min_length is the minimum packet length, that encapsulation
handler expects to see; exact_match is maximum number of bits, that
can return an encapsulation handler, when it wants to consume a packet.
- IPv6 and IPv4 handlers are stored in separate lists;
- added new "encap_lookup_t" method, that will be used later. It is
targeted to speedup lookup of needed interface, when gif(4)/gre(4) have
many interfaces.
- the need to use protosw structure is eliminated. The only pr_input
method was used from this structure, so I don't see the need to keep
using it.
- encap_input_t method changed to avoid using mbuf tags to store softc
pointer. Now it is passed directly trough encap_input_t method.
encap_getarg() funtions is removed.
- all sockaddr structures and code that uses them removed. We don't have
any code in the tree that uses them. All consumers use encap_attach_func()
method, that relies on invoking of encapcheck() to determine the needed
handler.
- introduced struct encap_config, it contains parameters of encap handler
that is going to be registered by encap_attach() function.
- encap handlers are stored in lists ordered by exact_match value, thus
handlers that need more bits to match will be checked first, and if
encapcheck method returns exact_match value, the search will be stopped.
- all current consumers changed to use new KPI.

Reviewed by: mmacy
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D15617
4736ccfd9c3411d50371d7f21f9450a47c19047e 20-Nov-2017 pfg <pfg@FreeBSD.org> sys: further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
00d578928eca75be320b36d37543a7e2a4f9fbdb 27-May-2016 grehan <grehan@FreeBSD.org> Create branch for bhyve graphics import.
c85e616e29482200cd0a47fa6c85165a98a4caaf 10-Dec-2015 ngie <ngie@FreeBSD.org> MFhead @ r292053
802824b70a984d0969a420af5f4efb864bf8f9b9 09-Dec-2015 melifaro <melifaro@FreeBSD.org> Use correct lookup key for gif route lookups.
This fixes r291993 change.
ca13483a3ceb41301eee9d9d194676056a9b304a 08-Dec-2015 melifaro <melifaro@FreeBSD.org> Merge helper fib* functions used for basic lookups.

Vast majority of rtalloc(9) users require only basic info from
route table (e.g. "does the rtentry interface match with the interface
I have?". "what is the MTU?", "Give me the IPv4 source address to use",
etc..).
Instead of hand-rolling lookups, checking if rtentry is up, valid,
dealing with IPv6 mtu, finding "address" ifp (almost never done right),
provide easy-to-use API hiding all the complexity and returning the
needed info into small on-stack structure.

This change also helps hiding route subsystem internals (locking, direct
rtentry accesses).
Additionaly, using this API improves lookup performance since rtentry is not
locked.
(This is safe, since all the rtentry changes happens under both radix WLOCK
and rtentry WLOCK).

Sponsored by: Yandex LLC
271b2043d8af19e20323fa28a7b38593637e69d2 29-Jul-2015 ae <ae@FreeBSD.org> Eliminate the use of m_copydata() in gif_encapcheck().

ip_encap already has inspected mbuf's data, at least an IP header.
And it is safe to use mtod() and do direct access to needed fields.
Add M_ASSERTPKTHDR() to gif_encapcheck(), since the code expects that
mbuf has a packet header.
Move the code from gif_validate[46] into in[6]_gif_encapcheck(), also
remove "martian filters" checks. According to RFC 4213 it is enough to
verify that the source address is the address of the encapsulator, as
configured on the decapsulator.

Reviewed by: melifaro
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
f1be259e6af9ac775f04f085d8c66353f768d5b4 06-Jun-2015 ae <ae@FreeBSD.org> MFC r276148:
Remove in_gif.h and in6_gif.h files. They only contain function
declarations used by gif(4). Instead declare these functions in C files.
Also make some variables static.

MFC r276215:
Extern declarations in C files loses compile-time checking that
the functions' calls match their definitions. Move them to header files.
8272d42d32e60c174d7f98100455a165072a5227 31-May-2015 ae <ae@FreeBSD.org> MFC r282965:
Add an ability accept encapsulated packets from different sources by one
gif(4) interface. Add new option "ignore_source" for gif(4) interface.
When it is enabled, gif's encapcheck function requires match only for
packet's destination address.

Differential Revision: https://reviews.freebsd.org/D2004
Sponsored by: Yandex LLC
cbc4e577f0ddbb186c12ec1d965fa320173bd33f 15-May-2015 ae <ae@FreeBSD.org> Add an ability accept encapsulated packets from different sources by one
gif(4) interface. Add new option "ignore_source" for gif(4) interface.
When it is enabled, gif's encapcheck function requires match only for
packet's destination address.

Differential Revision: https://reviews.freebsd.org/D2004
Obtained from: Yandex LLC
MFC after: 2 weeks
Sponsored by: Yandex LLC
a5140616afea75587f25d7fc244b3a894d028b26 25-Dec-2014 ae <ae@FreeBSD.org> Extern declarations in C files loses compile-time checking that
the functions' calls match their definitions. Move them to header files.

Reviewed by: jilles (previous version)
7a82e24551b11b26164c99f1cf257be33793fdb0 23-Dec-2014 ae <ae@FreeBSD.org> MFC r273087 (with modifications):
Overhaul if_gif(4):
o convert to if_transmit;
o use rmlock to protect access to gif_softc;
o use sx lock to protect from concurrent ioctls;
o remove a lot of unneeded and duplicated code;
o remove cached route support (it won't work with concurrent io);
o style fixes.

MFC r273090:
Move memset under ifdef INET6.

MFC r273091:
Add more ifdefs. SIOC*_IN6 are defined only with INET6.

MFC r273121:
Add inet/inet6 to the dependency list. Without them if_gif is useless.

MFC r273209 by bz:
After r273087,r273090,r273091,r273121 changes to gif(4) try to fix
NOIP builds for real.

MFC r273587:
Remove redundant check and m_pullup() call.
aec9c75c1b97a71da957141da6c0b40acd91998e 23-Dec-2014 ae <ae@FreeBSD.org> Remove in_gif.h and in6_gif.h files. They only contain function
declarations used by gif(4). Instead declare these functions in C files.
Also make some variables static.
99f4ec50e80b1d866aac04ceef8235524e0c274f 07-Nov-2014 glebius <glebius@FreeBSD.org> Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed.

Sponsored by: Nginx, Inc.
4a180510c8b6d562f270c58e469d8701a8795bd4 24-Oct-2014 ae <ae@FreeBSD.org> Remove redundant check and m_pullup() call.
88b7be7ff6be519bd6675ab6520d04dcd5c912d7 14-Oct-2014 ae <ae@FreeBSD.org> Overhaul if_gif(4):
o convert to if_transmit;
o use rmlock to protect access to gif_softc;
o use sx lock to protect from concurrent ioctls;
o remove a lot of unneeded and duplicated code;
o remove cached route support (it won't work with concurrent io);
o style fixes.

Reviewed by: melifaro
Obtained from: Yandex LLC
MFC after: 1 month
Sponsored by: Yandex LLC
fee8b9f9924d7ba5fcdfc364af079bc02ded5b20 09-Oct-2014 hrs <hrs@FreeBSD.org> MFC r269054:

Fix EtherIP. TOS field must be initialized when the inner protocol is
PF_LINK, and multicast/broadcast flag should always be dropped because
the outer protocol uses unicast even when the inner address is not for
unicast. It had been broken since r236951 when gif_output() started to
use IFQ_HANDOFF().
dd40fa7e626debcd82f3b28a34abe44e5ac3a103 15-Aug-2014 kevlo <kevlo@FreeBSD.org> Change pr_output's prototype to avoid the need for explicit casts.
This is a follow up to r269699.

Phabric: D564
Reviewed by: jhb
7727a3c21521a720a63dfae179944a2c6272e150 08-Aug-2014 kevlo <kevlo@FreeBSD.org> Merge 'struct ip6protosw' and 'struct protosw' into one. Now we have
only one protocol switch structure that is shared between ipv4 and ipv6.

Phabric: D476
Reviewed by: jhb
45044bb8e3af7094f5036d5559be6db94d636f8e 24-Jul-2014 hrs <hrs@FreeBSD.org> Fix EtherIP. TOS field must be initialized when the inner protocol is
PF_LINK, and multicast/broadcast flag should always be dropped because
the outer protocol uses unicast even when the inner address is not for
unicast. It had been broken since r236951 when gif_output() started to
use IFQ_HANDOFF().
eb1a5f8de9f7ea602c373a710f531abbf81141c4 21-Feb-2014 gjb <gjb@FreeBSD.org> Move ^/user/gjb/hacking/release-embedded up one directory, and remove
^/user/gjb/hacking since this is likely to be merged to head/ soon.

Sponsored by: The FreeBSD Foundation
6b01bbf146ab195243a8e7d43bb11f8835c76af8 27-Dec-2013 gjb <gjb@FreeBSD.org> Copy head@r259933 -> user/gjb/hacking/release-embedded for initial
inclusion of (at least) arm builds with the release.

Sponsored by: The FreeBSD Foundation
ff6e113f1b21a30485c28c63a1779c32b67b5840 26-Oct-2013 glebius <glebius@FreeBSD.org> The r48589 promised to remove implicit inclusion of if_var.h soon. Prepare
to this event, adding if_var.h to files that do need it. Also, include
all includes that now are included due to implicit pollution via if_var.h

Sponsored by: Netflix
Sponsored by: Nginx, Inc.
844d612b2ac90320a94987519d82dca04334da1e 09-Apr-2013 ae <ae@FreeBSD.org> Use IP6STAT_INC/IP6STAT_DEC macros to update ip6 stats.

MFC after: 1 week
8e20fa5ae93243e19700ca06c01524b90fe3b784 05-Dec-2012 glebius <glebius@FreeBSD.org> Mechanically substitute flags from historic mbuf allocator with
malloc(9) flags within sys.

Exceptions:

- sys/contrib not touched
- sys/mbuf.h edited manually
5190d38ee392f405f48ee4edd4912dbe48d19953 08-Sep-2012 glebius <glebius@FreeBSD.org> Merge the projects/pf/head branch, that was worked on for last six months,
into head. The most significant achievements in the new code:

o Fine grained locking, thus much better performance.
o Fixes to many problems in pf, that were specific to FreeBSD port.

New code doesn't have that many ifdefs and much less OpenBSDisms, thus
is more attractive to our developers.

Those interested in details, can browse through SVN log of the
projects/pf/head branch. And for reference, here is exact list of
revisions merged:

r232043, r232044, r232062, r232148, r232149, r232150, r232298, r232330,
r232332, r232340, r232386, r232390, r232391, r232605, r232655, r232656,
r232661, r232662, r232663, r232664, r232673, r232691, r233309, r233782,
r233829, r233830, r233834, r233835, r233836, r233865, r233866, r233868,
r233873, r234056, r234096, r234100, r234108, r234175, r234187, r234223,
r234271, r234272, r234282, r234307, r234309, r234382, r234384, r234456,
r234486, r234606, r234640, r234641, r234642, r234644, r234651, r235505,
r235506, r235535, r235605, r235606, r235826, r235991, r235993, r236168,
r236173, r236179, r236180, r236181, r236186, r236223, r236227, r236230,
r236252, r236254, r236298, r236299, r236300, r236301, r236397, r236398,
r236399, r236499, r236512, r236513, r236525, r236526, r236545, r236548,
r236553, r236554, r236556, r236557, r236561, r236570, r236630, r236672,
r236673, r236679, r236706, r236710, r236718, r237154, r237155, r237169,
r237314, r237363, r237364, r237368, r237369, r237376, r237440, r237442,
r237751, r237783, r237784, r237785, r237788, r237791, r238421, r238522,
r238523, r238524, r238525, r239173, r239186, r239644, r239652, r239661,
r239773, r240125, r240130, r240131, r240136, r240186, r240196, r240212.

I'd like to thank people who participated in early testing:

Tested by: Florian Smeets <flo freebsd.org>
Tested by: Chekaluk Vitaly <artemrts ukr.net>
Tested by: Ben Wilber <ben desync.com>
Tested by: Ian FREISLICH <ianf cloudseed.co.za>
dcdb23291fec1365e927195511d5dfb273901a5d 17-Feb-2012 bz <bz@FreeBSD.org> Merge multi-FIB IPv6 support from projects/multi-fibv6/head/:

Extend the so far IPv4-only support for multiple routing tables (FIBs)
introduced in r178888 to IPv6 providing feature parity.

This includes an extended rtalloc(9) KPI for IPv6, the necessary
adjustments to the network stack, and user land support as in netstat.

Sponsored by: Cisco Systems, Inc.
Reviewed by: melifaro (basically)
MFC after: 10 days
e15f804c7b67f7cac4a68d0f6b6d0418e9f7309a 28-Jun-2011 bz <bz@FreeBSD.org> Update packet filter (pf) code to OpenBSD 4.5.

You need to update userland (world and ports) tools
to be in sync with the kernel.

Submitted by: mlaier
Submitted by: eri
09f9c897d33c41618ada06fbbcf1a9b3812dee53 19-Oct-2010 jamie <jamie@FreeBSD.org> A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.
70e6f14e44387c54e20403484badf917d9b74589 06-May-2010 bz <bz@FreeBSD.org> MFC r207369:
MFP4: @176978-176982, 176984, 176990-176994, 177441

"Whitspace" churn after the VIMAGE/VNET whirls.

Remove the need for some "init" functions within the network
stack, like pim6_init(), icmp_init() or significantly shorten
others like ip6_init() and nd6_init(), using static initialization
again where possible and formerly missed.

Move (most) variables back to the place they used to be before the
container structs and VIMAGE_GLOABLS (before r185088) and try to
reduce the diff to stable/7 and earlier as good as possible,
to help out-of-tree consumers to update from 6.x or 7.x to 8 or 9.

This also removes some header file pollution for putatively
static global variables.

Revert VIMAGE specific changes in ipfilter::ip_auth.c, that are
no longer needed.

Reviewed by: jhb
Discussed with: rwatson
Sponsored by: The FreeBSD Foundation
Sponsored by: CK Software GmbH
0a90ef17283bc848eee90c3bdd5bec3fcc1bc879 29-Apr-2010 bz <bz@FreeBSD.org> MFP4: @176978-176982, 176984, 176990-176994, 177441

"Whitspace" churn after the VIMAGE/VNET whirls.

Remove the need for some "init" functions within the network
stack, like pim6_init(), icmp_init() or significantly shorten
others like ip6_init() and nd6_init(), using static initialization
again where possible and formerly missed.

Move (most) variables back to the place they used to be before the
container structs and VIMAGE_GLOABLS (before r185088) and try to
reduce the diff to stable/7 and earlier as good as possible,
to help out-of-tree consumers to update from 6.x or 7.x to 8 or 9.

This also removes some header file pollution for putatively
static global variables.

Revert VIMAGE specific changes in ipfilter::ip_auth.c, that are
no longer needed.

Reviewed by: jhb
Discussed with: rwatson
Sponsored by: The FreeBSD Foundation
Sponsored by: CK Software GmbH
MFC after: 6 days
f1216d1f0ade038907195fc114b7e630623b402c 19-Mar-2010 delphij <delphij@FreeBSD.org> Create a custom branch where I will be able to do the merge.
fb9ffed6504601ed9da2c6b9a620b133c838964c 01-Aug-2009 rwatson <rwatson@FreeBSD.org> Merge the remainder of kern_vimage.c and vimage.h into vnet.c and
vnet.h, we now use jails (rather than vimages) as the abstraction
for virtualization management, and what remained was specific to
virtual network stacks. Minor cleanups are done in the process,
and comments updated to reflect these changes.

Reviewed by: bz
Approved by: re (vimage blanket)
57ca4583e728cab422fba8f15de10bd0b637b3dd 14-Jul-2009 rwatson <rwatson@FreeBSD.org> Build on Jeff Roberson's linker-set based dynamic per-CPU allocator
(DPCPU), as suggested by Peter Wemm, and implement a new per-virtual
network stack memory allocator. Modify vnet to use the allocator
instead of monolithic global container structures (vinet, ...). This
change solves many binary compatibility problems associated with
VIMAGE, and restores ELF symbols for virtualized global variables.

Each virtualized global variable exists as a "reference copy", and also
once per virtual network stack. Virtualized global variables are
tagged at compile-time, placing the in a special linker set, which is
loaded into a contiguous region of kernel memory. Virtualized global
variables in the base kernel are linked as normal, but those in modules
are copied and relocated to a reserved portion of the kernel's vnet
region with the help of a the kernel linker.

Virtualized global variables exist in per-vnet memory set up when the
network stack instance is created, and are initialized statically from
the reference copy. Run-time access occurs via an accessor macro, which
converts from the current vnet and requested symbol to a per-vnet
address. When "options VIMAGE" is not compiled into the kernel, normal
global ELF symbols will be used instead and indirection is avoided.

This change restores static initialization for network stack global
variables, restores support for non-global symbols and types, eliminates
the need for many subsystem constructors, eliminates large per-subsystem
structures that caused many binary compatibility issues both for
monitoring applications (netstat) and kernel modules, removes the
per-function INIT_VNET_*() macros throughout the stack, eliminates the
need for vnet_symmap ksym(2) munging, and eliminates duplicate
definitions of virtualized globals under VIMAGE_GLOBALS.

Bump __FreeBSD_version and update UPDATING.

Portions submitted by: bz
Reviewed by: bz, zec
Discussed with: gnn, jamie, jeff, jhb, julian, sam
Suggested by: peter
Approved by: re (kensmith)
9bf362d0cc3f533a0c7e793fd354bfabfce44de6 07-Jun-2009 hrs <hrs@FreeBSD.org> Fix and add a workaround on an issue of EtherIP packet with reversed
version field sent via gif(4)+if_bridge(4). The EtherIP
implementation found on FreeBSD 6.1, 6.2, 6.3, 7.0, 7.1, and 7.2 had
an interoperability issue because it sent the incorrect EtherIP
packets and discarded the correct ones.

This change introduces the following two flags to gif(4):

accept_rev_ethip_ver: accepts both correct EtherIP packets and ones
with reversed version field, if enabled. If disabled, the gif
accepts the correct packets only. This flag is enabled by
default.

send_rev_ethip_ver: sends EtherIP packets with reversed version field
intentionally, if enabled. If disabled, the gif sends the correct
packets only. This flag is disabled by default.

These flags are stored in struct gif_softc and can be set by
ifconfig(8) on per-interface basis.

Note that this is an incompatible change of EtherIP with the older
FreeBSD releases. If you need to interoperate older FreeBSD boxes and
new versions after this commit, setting "send_rev_ethip_ver" is
needed.

Reviewed by: thompsa and rwatson
Spotted by: Shunsuke SHINOMIYA
PR: kern/125003
MFC after: 2 weeks
74f63d4ce14b7d970f6fe45d8d855faaaf5f7ed5 07-Mar-2009 marius <marius@FreeBSD.org> On architectures with strict alignment requirements compensate
the misalignment of the IP header that prepending the EtherIP
header might have caused.

PR: 131921
MFC after: 1 week
226b2a700eecfdf598bf77f229d3a378d11844b4 31-Jan-2009 bz <bz@FreeBSD.org> Like with r185713 make sure to not leak a lock as rtalloc1(9) returns
a locked route. Thus we have to use RTFREE_LOCKED(9) to get it unlocked
and rtfree(9)d rather than just rtfree(9)d.

Since the PR was filed, new places with the same problem were added
with new code. Also check that the rt is valid before freeing it
either way there.

PR: kern/129793
Submitted by: Dheeraj Reddy <dheeraj@ece.gatech.edu>
MFC after: 2 weeks
Committed from: Bugathon #6
086c4b5b79a4577363e19815ac979062ad79ce48 05-Jan-2009 bz <bz@FreeBSD.org> Switch the last protosw* structs to C99 initializers.

Reviewed by: ed, julian, Christoph Mallon <christoph.mallon@gmx.de>
MFC after: 2 weeks
e259848db546016e33236429a3137ec19b4f8caa 04-Jan-2009 rwatson <rwatson@FreeBSD.org> Unlike with struct protosw, several instances of struct ip6protosw
did not use C99-style sparse structure initialization, so remove
NULL assignments for now-removed pr_usrreq function pointers.

Reported by: Chris Ruiz <yr.retarded at gmail.com>
604d89458ab94ec81eaefa2d55ef219cba461e31 02-Dec-2008 bz <bz@FreeBSD.org> Rather than using hidden includes (with cicular dependencies),
directly include only the header files needed. This reduces the
unneeded spamming of various headers into lots of files.

For now, this leaves us with very few modules including vnet.h
and thus needing to depend on opt_route.h.

Reviewed by: brooks, gnn, des, zec, imp
Sponsored by: The FreeBSD Foundation
19b6af98ec71398e77874582eb84ec5310c7156f 22-Nov-2008 dfr <dfr@FreeBSD.org> Clone Kip's Xen on stable/6 tree so that I can work on improving FreeBSD/amd64
performance in Xen's HVM mode.
cf5320822f93810742e3d4a1ac8202db8482e633 19-Oct-2008 lulf <lulf@FreeBSD.org> - Import the HEAD csup code which is the basis for the cvsmode work.
8797d4caecd5881e312923ee1d07be3de68755dc 02-Oct-2008 zec <zec@FreeBSD.org> Step 1.5 of importing the network stack virtualization infrastructure
from the vimage project, as per plan established at devsummit 08/08:
http://wiki.freebsd.org/Image/Notes200808DevSummit

Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator
macros, and CURVNET_SET() context setting macros, all currently
resolving to NOPs.

Prepare for virtualization of selected SYSCTL objects by introducing a
family of SYSCTL_V_*() macros, currently resolving to their global
counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT().

Move selected #defines from sys/sys/vimage.h to newly introduced header
files specific to virtualized subsystems (sys/net/vnet.h,
sys/netinet/vinet.h etc.).

All the changes are verified to have zero functional impact at this
point in time by doing MD5 comparision between pre- and post-change
object files(*).

(*) netipsec/keysock.c did not validate depending on compile time options.

Implemented by: julian, bz, brooks, zec
Reviewed by: julian, bz, brooks, kris, rwatson, ...
Approved by: julian (mentor)
Obtained from: //depot/projects/vimage-commit2/...
X-MFC after: never
Sponsored by: NLnet Foundation, The FreeBSD Foundation
e50cf84d907eb995bd9c9178b99174a82bca91d5 01-Sep-2008 obrien <obrien@FreeBSD.org> MFC: r175162 & r174510: un-__P() & clean up VCS Ids.
514ed29cc16f2eec87fbe25719e68d40730c429d 01-Sep-2008 obrien <obrien@FreeBSD.org> MFC: r174510: Clean up VCS Ids.
0592958505e144fa8a1cdff63ecc2e605ac5e407 20-Aug-2008 julian <julian@FreeBSD.org> A bunch of formatting fixes brough to light by, or created by the Vimage commit
a few days ago.
1021d43b569bfc8d2c5544bde2f540fa432b011f 17-Aug-2008 bz <bz@FreeBSD.org> Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).

This is the first in a series of commits over the course
of the next few weeks.

Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.

We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.

Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
0d684d927bf42ec9c53b0f921e6aaa42e7236cd7 10-Dec-2007 obrien <obrien@FreeBSD.org> Clean up VCS Ids.
42fe5e7f836765d5e16a16ae1d90eb6a6e034549 05-Jul-2007 delphij <delphij@FreeBSD.org> Space cleanup

Approved by: re (rwatson)
e6f8b0995d59e493018009921005c7f50759dc53 05-Jul-2007 delphij <delphij@FreeBSD.org> ANSIfy[1] plus some style cleanup nearby.

Discussed with: gnn, rwatson
Submitted by: Karl Sj?dahl - dunceor <dunceor gmail com> [1]
Approved by: re (rwatson)
297206ec2ac5b34686aaf531476b1b737df9bbd7 12-Dec-2006 bz <bz@FreeBSD.org> MFp4: 92972, 98913 + one more change

In ip6_sprintf no longer use and return one of eight static buffers
for printing/logging ipv6 addresses.
The caller now has to hand in a sufficiently large buffer as first
argument.
bc6ab54808cf20a40cd7ba44043d40db1ec2e78e 04-Aug-2006 brooks <brooks@FreeBSD.org> With exception of the if_name() macro, all definitions in net_osdep.h
were unused or already in if_var.h so add if_name() to if_var.h and
remove net_osdep.h along with all references to it.

Longer term we may want to kill off if_name() entierly since all modern
BSDs have if_xname variables rendering it unnecessicary.
e1e7fa68bea591d4b2dc9b34099de7fcb1821e9a 05-Feb-2006 ume <ume@FreeBSD.org> shut up strict-aliasing rules warning.
c625a748346cd7e33dd8e74188155f45a1f83a02 31-Jan-2006 glebius <glebius@FreeBSD.org> MFC:
Add some initial locking to gif(4), that covers output path.
aecf4a6244730d904a75f88ec9ea7eba0be9dd34 30-Jan-2006 glebius <glebius@FreeBSD.org> Add some initial locking to gif(4). It doesn't covers the whole driver,
however IPv4-in-IPv4 tunnels are now stable on SMP. Details:

- Add per-softc mutex.
- Hold the mutex on output.

The main problem was the rtentry, placed in softc. It could be
freed by ip_output(). Meanwhile, another thread being in
in_gif_output() can read and write this rtentry.

Reported by: many
Tested by: Alexander Shiryaev <aixp mail.ru>
d2572297a09d374d27e885457b710e3616c8f15b 03-Jan-2006 thompsa <thompsa@FreeBSD.org> MFC: EtherIP support, adding gif interfaces to bridges.
42c9ecf9f57f7681e401bcf499946dbe2f2cd09f 21-Dec-2005 thompsa <thompsa@FreeBSD.org> Add RFC 3378 EtherIP support. This change makes it possible to add gif
interfaces to bridges, which will then send and receive IP protocol 97 packets.
Packets are Ethernet frames with an EtherIP header prepended.

Obtained from: NetBSD
MFC after: 2 weeks
38dbaac82ee687da9cfa55687d4f83e540718269 20-Jun-2005 ume <ume@FreeBSD.org> fix IP(v4) over IPv6 tunneling most likely broken with ifnet changes.

Submitted by: bz
Approved by: re (dwhite)
567ba9b00a248431e7c1147c4e079fd7a11b9ecf 10-Jun-2005 brooks <brooks@FreeBSD.org> Stop embedding struct ifnet at the top of driver softcs. Instead the
struct ifnet or the layer 2 common structure it was embedded in have
been replaced with a struct ifnet pointer to be filled by a call to the
new function, if_alloc(). The layer 2 common structure is also allocated
via if_alloc() based on the interface type. It is hung off the new
struct ifnet member, if_l2com.

This change removes the size of these structures from the kernel ABI and
will allow us to better manage them as interfaces come and go.

Other changes of note:
- Struct arpcom is no longer referenced in normal interface code.
Instead the Ethernet address is accessed via the IFP2ENADDR() macro.
To enforce this ac_enaddr has been renamed to _ac_enaddr.
- The second argument to ether_ifattach is now always the mac address
from driver private storage rather than sometimes being ac_enaddr.

Reviewed by: sobomax, sam
2b54eeafaedc0507e064739f8fb8e239948c373c 07-Jan-2005 imp <imp@FreeBSD.org> /* -> /*- for license, minor formatting changes, separate for KAME
16a5d8193f49035546afed8c166c4548d208f9ee 10-Dec-2004 glebius <glebius@FreeBSD.org> In certain cases ip_output() can free our route, so check
for its presence before RTFREE().

Noticed by: ru
272be69b395ba911a25b8374186dce1fd7d07ce5 09-Dec-2004 glebius <glebius@FreeBSD.org> style the last change
9fdc5dd01adfa47678c680af97ce19249f6240e1 09-Dec-2004 glebius <glebius@FreeBSD.org> MFinet4:

- Make route cacheing optional, configurable via IFF_LINK0 flag.
- Turn it off by default.

Reminded by: suz
b9fecc82d3e55cefb5fd427307272fed377b780a 29-Oct-2003 ume <ume@FreeBSD.org> add ECN support in layer-3.
- implement the tunnel egress rule in ip_ecn_egress() in ip_ecn.c.
make ip{,6}_ecn_egress() return integer to tell the caller that
this packet should be dropped.
- handle ECN at fragment reassembly in ip_input.c and frag6.c.

Obtained from: KAME
a72f1bdb767fa08d3ce42494c037364f31421fb8 10-Oct-2003 ume <ume@FreeBSD.org> nuke SCOPEDROUTING. Though it was there for a long time,
it was never enabled.
cb2c1545ab3b25d366aeb88623dd50ed9349e174 08-Oct-2003 ume <ume@FreeBSD.org> - fix typo in comments.
- style.
- NULL is not 0.
- some variables were renamed.
- nuke unused logic.
(there is no functional change.)

Obtained from: KAME
6c1377b9efb980f7722b089efd455c1362419b76 06-Oct-2003 ume <ume@FreeBSD.org> return(code) -> return (code)
(reduce diffs against KAME)
cf874b345d0f766fb64cf4737e1c85ccc78d2bee 19-Feb-2003 imp <imp@FreeBSD.org> Back out M_* changes, per decision of the TRB.

Approved by: trb
bf8e8a6e8f0bd9165109f0a258730dd242299815 21-Jan-2003 alfred <alfred@FreeBSD.org> Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.
Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
ad75b0681567cc6a0cf4d82f806cac9f020cdc1f 17-Oct-2002 ume <ume@FreeBSD.org> last arg of in6?_gif_output() is not used any more.

Obtained from: KAME
MFC after: 3 weeks
c3646a9ad481833a792b0aaae4605e7dbbf2e29b 16-Oct-2002 ume <ume@FreeBSD.org> use encapcheck.

Obtained from: KAME
MFC after: 3 weeks
2bb6ef9a3f703f5e4ce9650638cad001d0e9d3f8 16-Oct-2002 ume <ume@FreeBSD.org> - after gif_set_tunnel(), psrc/pdst may be null. set IFF_RUNNING accordingly.
- set IFF_UP on SIOCSIFADDR. be consistent with others.
- set if_addrlen explicitly (just in case)
- multi destination mode is long gone.
- missing break statement
- add gif_set_tunnel(), so that we can set tunnel address from within the
kernel at ease.
- encap_attach/detach dynamically on ioctls
- move encap_attach() to dedicated function in in*_gif.c

Obtained from: KAME
MFC after: 3 weeks
2a86be217a6aed33eda6628df2b175e49172cd9f 16-Oct-2002 sam <sam@FreeBSD.org> Replace aux mbufs with packet tags:

o instead of a list of mbufs use a list of m_tag structures a la openbsd
o for netgraph et. al. extend the stock openbsd m_tag to include a 32-bit
ABI/module number cookie
o for openbsd compatibility define a well-known cookie MTAG_ABI_COMPAT and
use this in defining openbsd-compatible m_tag_find and m_tag_get routines
o rewrite KAME use of aux mbufs in terms of packet tags
o eliminate the most heavily used aux mbufs by adding an additional struct
inpcb parameter to ip_output and ip6_output to allow the IPsec code to
locate the security policy to apply to outbound packets
o bump __FreeBSD_version so code can be conditionalized
o fixup ipfilter's call to ip_output based on __FreeBSD_version

Reviewed by: julian, luigi (silent), -arch, -net, darren
Approved by: julian, silence from everyone else
Obtained from: openbsd (mostly)
MFC after: 1 month
118717618343ff3fc9166354457e2ab28cb86fbe 26-Feb-2002 brooks <brooks@FreeBSD.org> Fix warnings in the gif(4) driver so it compiles with -Werror.
832f8d224926758a9ae0b23a6b45353e44fbc87a 11-Jun-2001 ume <ume@FreeBSD.org> Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

TODO:
- The definitions of SADB_* in sys/net/pfkeyv2.h are still different
from RFC2407/IANA assignment because of binary compatibility
issue. It should be fixed under 5-CURRENT.
- ip6po_m member of struct ip6_pktopts is no longer used. But, it
is still there because of binary compatibility issue. It should
be removed under 5-CURRENT.

Reviewed by: itojun
Obtained from: KAME
MFC after: 3 weeks
54ca48450cf20c453a092aa95d086cd5c5751fcf 27-Oct-2000 phk <phk@FreeBSD.org> Convert all users of fldoff() to offsetof(). fldoff() is bad
because it only takes a struct tag which makes it impossible to
use unions, typedefs etc.

Define __offsetof() in <machine/ansi.h>

Define offsetof() in terms of __offsetof() in <stddef.h> and <sys/types.h>

Remove myriad of local offsetof() definitions.

Remove includes of <stddef.h> in kernel code.

NB: Kernelcode should *never* include from /usr/include !

Make <sys/queue.h> include <machine/ansi.h> to avoid polluting the API.

Deprecate <struct.h> with a warning. The warning turns into an error on
01-12-2000 and the file gets removed entirely on 01-01-2001.

Paritials reviews by: various.
Significant brucifications by: bde
5f4e854de19331a53788d6100bbcd42845056bc1 04-Jul-2000 itojun <itojun@FreeBSD.org> sync with kame tree as of july00. tons of bug fixes/improvements.

API changes:
- additional IPv6 ioctls
- IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8).
(also syntax change)
b42951578188c5aab5c9f8cbcde4a743f8092cdc 02-Apr-2000 cvs2svn <cvs2svn@FreeBSD.org> This commit was manufactured by cvs2svn to create branch 'ALSA'.
50ba589c666f7d356304339b9cfc7fc9d173ad8d 22-Dec-1999 shin <shin@FreeBSD.org> IPSEC support in the kernel.
pr_input() routines prototype is also changed to support IPSEC and IPV6
chained protocol headers.

Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
70f0bdf6818a73c858bc47a23afc1e9d7c56d716 07-Dec-1999 shin <shin@FreeBSD.org> udp IPv6 support, IPv6/IPv4 tunneling support in kernel,
packet divert at kernel for IPv6/IPv4 translater daemon

This includes queue related patch submitted by jburkhol@home.com.

Submitted by: queue related patch from jburkhol@home.com
Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project