Home | History | Annotate | Download | only in netinet
History log of /src/sys/external/bsd/ipf/netinet/ip_fil_netbsd.c
RevisionDateAuthorComments
 1.39  09-Jun-2024  mrg ipfilter(4): mark as MPSAFE.

my testing seems to work fine, and this version was known to work
on solaris with no global locking available.
 1.38  24-Jun-2023  msaitoh Fix typo in comment.
 1.37  28-Mar-2022  riastradh driver(9): devsw_detach never fails. Make it return void.

Prune a whole lotta dead branches as a result of this. (Some logic
calling this is also wrong for other reasons; devsw_detach is final
-- you should never have any reason to decide to roll it back. To be
cleaned up in subsequent commits...)

XXX kernel ABI change to devsw_detach signature requires bump
 1.36  08-Mar-2021  christos Adjust for fewer args in calling functions
 1.35  12-Jun-2020  roy branches: 1.35.2;
ipfilter: Prepare for life without in kernel RA
 1.34  21-Feb-2020  joerg Explicitly cast pointers to uintptr_t before casting to enums. They are
not necessarily the same size. Don't cast pointers to bool, check for
NULL instead.
 1.33  30-Sep-2019  bouyer branches: 1.33.2;
fix double space in comment
 1.32  30-Sep-2019  bouyer Fix 2 bugs, reported by Edgar Fu� on tech-net@
- pfil_run_hooks() can be called recursively, so we have to
#define FASTROUTE_RECURSION in fil.c
- ip6_if_output()/nd6_output() will free the mbuf on error, to make sure
to set *mpp to NULL so the caller won't try to free it again.
 1.31  10-Aug-2018  maxv branches: 1.31.4;
Fix compilation of PF/IPF...
 1.30  10-Aug-2018  maxv Rename

ip6_undefer_csum -> in6_undefer_cksum
in6_delayed_cksum -> in6_undefer_cksum_tcpudp

The two previous names were inconsistent and misleading.

Put the two functions into in6_offload.c. Add comments to explain what
we're doing.

Same as IPv4.
 1.29  11-Jul-2018  maxv Rename

ip_undefer_csum -> in_undefer_cksum
in_delayed_cksum -> in_undefer_cksum_tcpudp

The two previous names were inconsistent and misleading.

Put the two functions into in_offload.c. Add comments to explain what
we're doing.

The same could be done for IPv6.
 1.28  03-May-2018  maxv branches: 1.28.2;
Remove now unused tcpip.h includes. Some were already unused before.
 1.27  03-May-2018  maxv Remove m_copy completely.
 1.26  23-Jul-2017  christos branches: 1.26.2;
use the scoping functions (JINMEI, Tatuya)
 1.25  23-Jul-2017  christos From Edgar Fuss:
ipf's return-icmp doesn't work when the packet matched by the rule is
directed at a link local address. The problem is that
ipf_send_icmp_err() calls ipf_ifpaddr() to find an address of the
interface in question, but that routine discards link local addresses.
I guess the best fix is to simply use the destination address instead if
it is link local, i.e. treat the rule as if return-icmp-as-dest was
given in this case.
 1.24  20-Jul-2017  christos Fix ipf failing to sent TCP RST's on link-local interfaces by stuffing
the scope KAME style before calling the routing routines instead of after.
From Edgar Fuss.
 1.23  12-May-2017  christos branches: 1.23.2;
Call the right filter function for hook removal found by Stephen Borrill.
 1.22  14-Feb-2017  ozaki-r branches: 1.22.4;
Do ND in L2_output in the same manner as arpresolve

The benefits of this change are:
- The flow is consistent with IPv4 (and FreeBSD and OpenBSD)
- old: ip6_output => nd6_output (do ND if needed) => L2_output (lookup a stored cache)
- new: ip6_output => L2_output (lookup a cache. Do ND if cache not found)
- We can remove some workarounds in nd6_output
- We can move L2 specific operations to their own place
- The performance slightly improves because one cache lookup is reduced
 1.21  28-Dec-2016  christos branches: 1.21.2;
use the proper hook function
 1.20  26-Dec-2016  christos pfil(9) improvements to handle address changes:

Add:
PFIL_IFADDR call on interface reconfig (mbuf is ioctl #)
PFIL_IFNET call on interface attach/detach (mbuf is PFIL_IFNET_*)

from rmind@
 1.19  08-Dec-2016  ozaki-r Add rtcache_unref to release points of rtentry stemming from rtcache

In the MP-safe world, a rtentry stemming from a rtcache can be freed at any
points. So we need to protect rtentries somehow say by reference couting or
passive references. Regardless of the method, we need to call some release
function of a rtentry after using it.

The change adds a new function rtcache_unref to release a rtentry. At this
point, this function does nothing because for now we don't add a reference
to a rtentry when we get one from a rtcache. We will add something useful
in a further commit.

This change is a part of changes for MP-safe routing table. It is separated
to avoid one big change that makes difficult to debug by bisecting.
 1.18  18-Jul-2016  pgoyette Rearrange code to avoid testing an error value that has not been set.

Also, for the built-in case, rather than re-inserting our devsw and
then ignoring the EEXIST error, don't bother re-inserting.

CID 1364140
 1.17  17-Jul-2016  pgoyette Another case of not calling devsw_attach() for built-in device modules
 1.16  07-Jul-2016  ozaki-r branches: 1.16.2;
Switch the address list of intefaces to pslist(9)

As usual, we leave the old list to avoid breaking kvm(3) users.
 1.15  20-Jun-2016  knakahara apply if_output_lock() to L3 callers which call ifp->if_output() of L2(or L3 tunneling).
 1.14  10-Jun-2016  ozaki-r Introduce m_set_rcvif and m_reset_rcvif

The API is used to set (or reset) a received interface of a mbuf.
They are counterpart of m_get_rcvif, which will come in another
commit, hide internal of rcvif operation, and reduce the diff of
the upcoming change.

No functional change.
 1.13  09-Jun-2016  pgoyette Enable building of ipfilter code as a separately-loaded module.
 1.12  20-Jan-2016  riastradh Pass the requisite number of arguments to ip_output from ipf.

Fortunately the last argument, struct socket *so, is used only when
flags includes IP_DF (0x4000), which is not the case here -- we pass
IP_FORWARDING (0x0001).
 1.11  25-Jul-2014  dholland branches: 1.11.4;
Add d_discard to all struct cdevsw instances I could find.

All have been set to "nodiscard"; some should get a real implementation.
 1.10  05-Jun-2014  rmind - Implement pktqueue interface for lockless IP input queue.
- Replace ipintrq and ip6intrq with the pktqueue mechanism.
- Eliminate kernel-lock from ipintr() and ip6intr().
- Some preparation work to push softnet_lock out of ipintr().

Discussed on tech-net.
 1.9  13-May-2014  bouyer Make sure *(if_output)() is called with KERNEL_LOCK held.
Add some KASSERT for this.
See http://mail-index.netbsd.org/tech-net/2014/04/09/msg004511.html
for details.
 1.8  16-Mar-2014  dholland branches: 1.8.2;
Change (mostly mechanically) every cdevsw/bdevsw I can find to use
designated initializers.

I have not built every extant kernel so I have probably broken at
least one build; however I've also found and fixed some wrong
cdevsw/bdevsw entries so even if so I think we come out ahead.
 1.7  01-Nov-2013  mrg move variable definition/set inside the same #ifdef of the usage.
 1.6  14-Sep-2013  martin Remove unused variable and ifdef another like their use
 1.5  29-Jun-2013  rmind - Rewrite parts of pfil(9): use array to store hooks and thus be more cache
friendly (there are only few hooks in the system). Make the structures
opaque and the interface more strict.
- Remove PFIL_HOOKS option by making pfil(9) mandatory.
 1.4  15-Jan-2013  msaitoh branches: 1.4.2;
Fix off-by-one read error.
 1.3  22-Jul-2012  darrenr branches: 1.3.2;
Merge IPFilter 5.1.2 into HEAD
 1.2  23-Mar-2012  christos branches: 1.2.2; 1.2.4;
apply our changes.
- prototypes
- ip_h323_pxy.c is missing from the distribution
- original tar distribution is missing <$>Id values in most files
 1.1  23-Mar-2012  christos branches: 1.1.1;
Initial revision
 1.1.1.2  22-Jul-2012  darrenr Import IPFilter 5.1.2
 1.1.1.1  23-Mar-2012  christos import kernel portion of ipfilter 5.1.1
 1.2.4.5  22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.2.4.4  23-Jan-2013  yamt sync with head
 1.2.4.3  30-Oct-2012  yamt sync with head
 1.2.4.2  17-Apr-2012  yamt sync with head
 1.2.4.1  23-Mar-2012  yamt file ip_fil_netbsd.c was added on branch yamt-pagecache on 2012-04-17 00:08:15 +0000
 1.2.2.2  17-Apr-2012  joerg Re-add new ipf on the jmcneill-usbmp branch.
 1.2.2.1  23-Mar-2012  joerg file ip_fil_netbsd.c was added on branch jmcneill-usbmp on 2012-04-17 19:25:18 +0000
 1.3.2.3  03-Dec-2017  jdolecek update from HEAD
 1.3.2.2  20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.3.2.1  25-Feb-2013  tls resync with head
 1.4.2.2  18-May-2014  rmind sync with head
 1.4.2.1  28-Aug-2013  rmind sync with head
 1.8.2.1  10-Aug-2014  tls Rebase.
 1.11.4.5  28-Aug-2017  skrll Sync with HEAD
 1.11.4.4  05-Feb-2017  skrll Sync with HEAD
 1.11.4.3  05-Oct-2016  skrll Sync with HEAD
 1.11.4.2  09-Jul-2016  skrll Sync with HEAD
 1.11.4.1  19-Mar-2016  skrll Sync with HEAD
 1.16.2.6  20-Mar-2017  pgoyette Sync with HEAD
 1.16.2.5  07-Jan-2017  pgoyette Sync with HEAD. (Note that most of these changes are simply $NetBSD$
tag issues.)
 1.16.2.4  26-Jul-2016  pgoyette Rename LOCALCOUNT_INITIALIZER to DEVSW_MODULE_INIT. This better describes
what we're doing, and why.
 1.16.2.3  26-Jul-2016  pgoyette Sync with HEAD
 1.16.2.2  19-Jul-2016  pgoyette Instead of repeatedly typing the conditional initialization of the
.d_localcount members in the various {b,c}devsw, define an initializer
macro and use it. This also removes the need for defining new symbols
for each 'struct localcount'.

As suggested by riastradh@
 1.16.2.1  17-Jul-2016  pgoyette Adapt some modular drivers to the localcount(9) world. We're still
not actually using the localcount stuff, but we need to differentiate
between built-in vs loaded drivers and allocate a "struct localcount"
only for loaded drivers.
 1.21.2.1  21-Apr-2017  bouyer Sync with HEAD
 1.22.4.6  19-May-2017  pgoyette Resolve conflicts from previous merge (all resulting from $NetBSD
keywork expansion)
 1.22.4.5  02-May-2017  pgoyette Keep NetBSD version in sync with sys/params.h

XXX When localcount is finally committed to HEAD, it will need a version
XXX bump, so we'll need to make the bump here, too
 1.22.4.4  29-Apr-2017  pgoyette Remove more unnecessary #include for sys/localcount.h
 1.22.4.3  29-Apr-2017  pgoyette Revise previous. Rather than explicitly including <sys/localcount.h>
in all the places where {b,c}devsw is initialized, just include it
from <sys/conf.h>. This avoids an include-sequence dependancy.
 1.22.4.2  29-Apr-2017  pgoyette Add DEVSW_MODULE_INIT to existing device-driver modules, so that they
willl have a localcount defined and thus be permitted to load. Without
a localcount, loading the module will return EINVAL.

XXX the dtrace and drm stuff might need to be fed back upstream?
 1.22.4.1  27-Apr-2017  pgoyette Restore all work from the former pgoyette-localcount branch (which is
now abandoned doe to cvs merge botch).

The branch now builds, and installs via anita. There are still some
problems (cgd is non-functional and all atf tests time-out) but they
will get resolved soon.
 1.23.2.2  04-Oct-2019  martin Pull up following revision(s) (requested by bouyer in ticket #1399):

sys/external/bsd/ipf/netinet/fil.c: revision 1.31
sys/external/bsd/ipf/netinet/ip_fil_netbsd.c: revision 1.32
sys/external/bsd/ipf/netinet/ip_fil_netbsd.c: revision 1.33

Fix 2 bugs, reported by Edgar Fuss on tech-net@
- pfil_run_hooks() can be called recursively, so we have to
#define FASTROUTE_RECURSION in fil.c
- ip6_if_output()/nd6_output() will free the mbuf on error, to make sure
to set *mpp to NULL so the caller won't try to free it again.

fix double space in comment
 1.23.2.1  14-Aug-2017  snj Pull up following revision(s) (requested by christos in ticket #206):
sys/external/bsd/ipf/netinet/ip_fil_netbsd.c: 1.24-1.26
Fix ipf failing to sent TCP RST's on link-local interfaces by stuffing
the scope KAME style before calling the routing routines instead of after.
From Edgar Fuss.
--
From Edgar Fuss:
ipf's return-icmp doesn't work when the packet matched by the rule is
directed at a link local address. The problem is that
ipf_send_icmp_err() calls ipf_ifpaddr() to find an address of the
interface in question, but that routine discards link local addresses.
I guess the best fix is to simply use the destination address instead if
it is link local, i.e. treat the rule as if return-icmp-as-dest was
given in this case.
--
use the scoping functions (JINMEI, Tatuya)
 1.26.2.3  06-Sep-2018  pgoyette Sync with HEAD

Resolve a couple of conflicts (result of the uimin/uimax changes)
 1.26.2.2  28-Jul-2018  pgoyette Sync with HEAD
 1.26.2.1  21-May-2018  pgoyette Sync with HEAD
 1.28.2.3  13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.28.2.2  08-Apr-2020  martin Merge changes from current as of 20200406
 1.28.2.1  10-Jun-2019  christos Sync with HEAD
 1.31.4.1  03-Oct-2019  martin Pull up following revision(s) (requested by bouyer in ticket #274):

sys/external/bsd/ipf/netinet/fil.c: revision 1.31
sys/external/bsd/ipf/netinet/ip_fil_netbsd.c: revision 1.32
sys/external/bsd/ipf/netinet/ip_fil_netbsd.c: revision 1.33

Fix 2 bugs, reported by Edgar Fuss on tech-net@
- pfil_run_hooks() can be called recursively, so we have to
#define FASTROUTE_RECURSION in fil.c
- ip6_if_output()/nd6_output() will free the mbuf on error, to make sure
to set *mpp to NULL so the caller won't try to free it again.

fix double space in comment
 1.33.2.1  29-Feb-2020  ad Sync with head.
 1.35.2.1  03-Apr-2021  thorpej Sync with HEAD.

RSS XML Feed