Home | History | Annotate | Download | only in net
History log of /src/sys/net/if_l2tp.c
RevisionDateAuthorComments
 1.49  02-Nov-2023  yamaguchi branches: 1.49.4;
l2tp(4): use ether_ifattach() to initialize ethercom
 1.48  03-Sep-2022  thorpej branches: 1.48.4;
Garbage-collect the remaining vestiges of netisr.
 1.47  16-Jun-2021  riastradh if_attach and if_initialize cannot fail, don't test return value

These were originally made failable back in 2017 when if_initialize
allocated a softint in every interface for link state changes, so
that it could fail gracefully instead of panicking:

https://mail-index.NetBSD.org/source-changes/2017/10/23/msg089053.html

However, this spawned many seldom- or never-tested error branches,
which are risky to have around. And that softint in every interface
has since been replaced by a single global workqueue, because link
state changes require thread context but not low latency or high
throughput:

https://mail-index.NetBSD.org/source-changes/2020/02/06/msg113759.html

So there is no longer any reason for if_initialize to fail. (The
subroutine if_stats_init can't fail because percpu_alloc can't fail
either.)

There is a snag: the softint_establish in if_percpuq_create could
fail, potentially leading to bad consequences later on trying to use
the softint. This change doesn't introduce any new bugs because of
the snag -- if_percpuq_attach was already broken. However, the snag
can be better addressed without spawning error branches, either by
using a single softint or making softints less scarce.

(Separate commit will change the signatures of if_attach and
if_initialize to return void, scheduled to ride whatever is the next
convenient kernel bump.)

Patch and testing on amd64 and evbmips64-eb by maya@; commit message
soliloquy, and compile-testing on evbppc/i386/earmv7hf, by me.
 1.46  25-Oct-2020  roy branches: 1.46.6;
l2tp: call if_link_state_change rather then directly setting it.

This allows protocols to do their thing.
 1.45  25-Oct-2020  roy l2tp: Revert prior

It proves I can't read comments and that if_initialize should not be used.
 1.44  15-Oct-2020  roy l2tp: Set the link state UP if we have a tunnel, otherwise DOWN.
 1.43  01-Feb-2020  riastradh Switch sys/net to percpu_create.
 1.42  01-Feb-2020  riastradh Switch if_l2tp to atomic_load/store_*.

Fix missing membar_datadep_consumer -- now atomic_load_consume -- in
l2tp_lookup_session_ref.
 1.41  29-Jan-2020  thorpej Adopt <net/if_stats.h>.
 1.40  16-Oct-2019  knakahara branches: 1.40.2;
Fix missing kpreempt_disable() before softint_schedule() like if_vmx.c:r1.51.
 1.39  19-Sep-2019  knakahara l2tp(4): avoid having struct ifqueue directly in a percpu storage.

percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users. If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.
A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Tx processing of l2tp(4) uses normally involves sleepable operations so we
must avoid dereferencing a percpu data (struct ifqueue) after executing Tx
processing. Address this situation by having just a pointer to the data in
a percpu storage instead.

Reviewed by ozaki-r@ and yamaguchi@
 1.38  19-Sep-2019  knakahara Avoid having a rtcache directly in a percpu storage for tunnel protocols.

percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users. If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.
A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Using rtcache, i.e., packet processing, typically involves sleepable operations
such as rwlock so we must avoid dereferencing a rtcache that is directly stored
in a percpu storage during packet processing. Address this situation by having
just a pointer to a rtcache in a percpu storage instead.

Reviewed by ozaki-r@ and yamaguchi@
 1.37  19-Sep-2019  knakahara Divide Tx context of l2tp(4) to improve performance.

It seems l2tp(4) call path is too long for instruction cache. So, dividing
l2tp(4) Tx context improves CPU use efficiency.

After this commit, l2tp(4) throughput gains 10% on my machine(Atom C3000).
 1.36  19-Aug-2019  ozaki-r l2tp: initialize mowner variables for MBUFTRACE
 1.35  25-Jun-2019  msaitoh branches: 1.35.2;
Simplify "LIST_HEAD();" to make the code more understandable.
No functional change.
 1.34  26-Apr-2019  pgoyette Some more empty-string --> NULL conversions for module dependencies
 1.33  27-Dec-2018  knakahara l2tp(4): fix output bytes counter. Pointed by k-goda@IIJ, thanks.
 1.32  22-Dec-2018  maxv Replace M_ALIGN and MH_ALIGN by m_align.
 1.31  22-Dec-2018  maxv Replace: M_MOVE_PKTHDR -> m_move_pkthdr. No functional change, since the
former is a macro to the latter.
 1.30  19-Oct-2018  knakahara Fix panic when doing ioctl to multiple pseudo interfaces. Pointed out by k-goda@IIJ.

XXX pullup-8
 1.29  26-Jun-2018  msaitoh branches: 1.29.2;
Implement the BPF direction filter (BIOC[GS]DIRECTION). It provides backward
compatibility with BIOC[GS]SEESENT ioctl. The userland interface is the same
as FreeBSD.

This change also fixes a bug that the direction is misunderstand on some
environment by passing the direction to bpf_mtap*() instead of checking
m->m_pkthdr.rcvif.
 1.28  25-Jun-2018  msaitoh Remove duplicated inclusion of net/bpf.h.
 1.27  08-May-2018  maxv Simplify: use M_MOVE_PKTHDR directly.

ok knakahara@
 1.26  07-May-2018  maxv Use m_remove_pkthdr.

ok knakahara@ (for L2TP)
 1.25  01-May-2018  maxv Remove now unused net_osdep.h includes, the other BSDs did the same.
 1.24  27-Apr-2018  knakahara Fix LOCKDEBUG kernel panic when many(about 200) tunnel interfaces is created.

The tunnel interfaces are gif(4), l2tp(4), and ipsecif(4). They use mutex
itself in percpu area. When percpu_cpu_enlarge() run, the address of the
mutex in percpu area becomes different from the address which lockdebug
saved. That can cause "already initialized" false detection.
 1.23  10-Apr-2018  knakahara Fix previous my mistake and odd unaligned case. Pointed out by maxv@n.o, thanks.

It must be rare case to be required this copy routine...
 1.22  09-Apr-2018  knakahara Improve comment. Pointed out by maxv@n.o, thanks.
 1.21  09-Apr-2018  knakahara Fix l2tp(4) alignment check. Pointed out and reviewed by k-goda@IIJ.

The alignment check should be done for the address of m_data instead of
the value of m_data.

XXX pullup-8
 1.20  26-Jan-2018  maxv branches: 1.20.2;
Use MH_ALIGN instead, ok knakahara@.
 1.19  26-Jan-2018  maxv Several fixes in L2TP:

* l2tp_input(): use m_copydata, and ensure there is enough space in the
chain. Otherwise overflow.

* l2tp_tcpmss_clamp(): ensure there is enough space in the chain.

* in_l2tp_output(): don't check 'sc' against NULL, it can't be NULL.

* in_l2tp_input(): no need to call m_pullup since we use m_copydata.
Just check the space in the chain.

* in_l2tp_input(): if there is a cookie, make sure the chain has enough
space.

* in6_l2tp_input(): same changes as in_l2tp_input().

Ok knakahara@
 1.18  25-Jan-2018  maxv style
 1.17  19-Dec-2017  ozaki-r Don't set IFEF_MPSAFE unless NET_MPSAFE at this point

Because recent investigations show that interfaces with IFEF_MPSAFE need to
follow additional restrictions to work with the flag safely. We should enable it
on an interface by default only if the interface surely satisfies the
restrictions, which are described in if.h.

Note that enabling IFEF_MPSAFE solely gains a few benefit on performance because
the network stack is still serialized by the big kernel locks by default.
 1.16  06-Dec-2017  knakahara unify processing to check nesting count for some tunnel protocols.
 1.15  16-Nov-2017  ozaki-r branches: 1.15.2;
Unify IFEF_*_MPSAFE into IFEF_MPSAFE

There are already two flags for if_output and if_start, however, it seems such
MPSAFE flags are eventually needed for all if_XXX operations. Having discrete
flags for each operation is wasteful of if_extflags bits. So let's unify
the flags into one: IFEF_MPSAFE.

Fortunately IFEF_*_MPSAFE flags have never been included in any releases, so
we can change them without breaking backward compatibility of the releases
(though the kernel version of -current should be bumped).

Note that if an interface have both MP-safe and non-MP-safe operations at a
time, we have to set the IFEF_MPSAFE flag and let callees of non-MP-safe
opeartions take the kernel lock.

Proposed on tech-kern@ and tech-net@
 1.14  30-Oct-2017  ozaki-r Set IFEF_NO_LINK_STATE_CHANGE flag to pseudo devices that don't use if_link_state_change
 1.13  30-Oct-2017  knakahara If if_attach() failed in the attach function, return. Add comments about if_initialize().

suggested by ozaki-r@n.o.
 1.12  19-Oct-2017  knakahara fix l2tp panic when l2tp session id is changed (same as if_vlan.c:r1.104)

E.g. the following operation causes this panic.
====================
# ifconfig l2tp0 create
# ifconfig l2tp0 session 140 140
# ifconfig l2tp1 create
# ifconfig l2tp1 session 200 200
# ifconfig l2tp1 session 300 300
panic: kernel diagnostic assertion "new->ple_next == NULL" failed: file "/disk4/home/k-nakahara/repos/netbsd-src/sys/sys/pslist.h", line 118
====================

Pointed out by s-yamaguchi@IIJ, thanks.

XXX need pullup-8
 1.11  01-Jun-2017  chs branches: 1.11.2; 1.11.6;
remove checks for failure after memory allocation calls that cannot fail:

kmem_alloc() with KM_SLEEP
kmem_zalloc() with KM_SLEEP
percpu_alloc()
pserialize_create()
psref_class_create()

all of these paths include an assertion that the allocation has not failed,
so callers should not assert that again.
 1.10  20-Apr-2017  knakahara branches: 1.10.2;
missing if_extflags of l2tp(4). l2tp(4) is already MP-safe.
 1.9  13-Apr-2017  knakahara l2tp(4) support when hashinit() cannot allocate requried hash size.

pointed out by s-yamaguchi@IIJ
 1.8  04-Apr-2017  knakahara fix module build
 1.7  04-Apr-2017  sevan Revert change to allow builds to continue until the missing vlan.h file is committed.
https://mail-index.netbsd.org/source-changes/2017/04/04/msg083283.html
 1.6  04-Apr-2017  knakahara remove unnecessary if_vlanvar.h. add missing include "vlan.h".

pointed out by s-yamaguchi@IIJ, thanks.
 1.5  04-Apr-2017  knakahara fix atf failed.
 1.4  03-Apr-2017  knakahara fix missing mutex_destroy when modunload.

pointed out by s-yamaguchi@IIJ, thanks.
 1.3  03-Apr-2017  knakahara fix potentially use after free between "ifconfig l2tpX destroy" and l2tp Tx.

It is protected by KERNEL_LOCK in soo_ioctl() between "ioctl destory" and
other ioctls. And, it is protected by encap_lock() between "ioctl destroy"
and Rx. However, it was not protected between "ioctl destroy" and Tx.
That is,
+ CPU#A
- do "ifconfig l2tpX destroy"
- call l2tp_clone_destroy()
- done l2tp_delete_tunnel()
+ CPU#B
- begin l2tp output processing
- call l2tp_transmit()
- done l2tp_getref_variant()
+ CPU#A
- done kmem_free(sc->l2tp_var, )
+ CPU#B
- access to sc->l2tp_var after free

pointed out by s-yamaguchi@IIJ, thanks.
 1.2  30-Mar-2017  knakahara KNF. pointed out by s-yamaguchi@IIJ
 1.1  16-Feb-2017  knakahara branches: 1.1.2;
add missing files.
 1.1.2.3  26-Apr-2017  pgoyette Sync with HEAD
 1.1.2.2  20-Mar-2017  pgoyette Sync with HEAD
 1.1.2.1  16-Feb-2017  pgoyette file if_l2tp.c was added on branch pgoyette-localcount on 2017-03-20 06:57:50 +0000
 1.10.2.2  21-Apr-2017  bouyer Sync with HEAD
 1.10.2.1  20-Apr-2017  bouyer file if_l2tp.c was added on branch bouyer-socketcan on 2017-04-21 16:54:05 +0000
 1.11.6.2  28-Aug-2017  skrll Sync with HEAD
 1.11.6.1  01-Jun-2017  skrll file if_l2tp.c was added on branch nick-nhusb on 2017-08-28 17:53:11 +0000
 1.11.2.11  24-Sep-2019  martin Pull up following revision(s) (requested by knakahara in ticket #1385):

sys/net/if.c 1.461
sys/net/if.h 1.277
sys/net/if_gif.c 1.149
sys/net/if_gif.h 1.33
sys/net/if_ipsec.c 1.19,1.20,1.24
sys/net/if_ipsec.h 1.5
sys/net/if_l2tp.c 1.33,1.36-1.39
sys/net/if_l2tp.h 1.7,1.8
sys/net/route.c 1.220,1.221
sys/net/route.h 1.125
sys/netinet/in_gif.c 1.95
sys/netinet/in_l2tp.c 1.17
sys/netinet/ip_input.c 1.391,1.392
sys/netinet/wqinput.c 1.6
sys/netinet6/in6_gif.c 1.94
sys/netinet6/in6_l2tp.c 1.18
sys/netinet6/ip6_forward.c 1.97
sys/netinet6/ip6_input.c 1.210,1.211
sys/netipsec/ipsec_output.c 1.82,1.83 (patched)
sys/netipsec/ipsecif.c 1.12,1.13,1.15,1.17 (patched)
sys/netipsec/key.c 1.259,1.260

ipsecif(4) support input drop packet counter.

ipsecif(4) should not increment drop counter by errors not related to if_snd. Pointed out by ozaki-r@n.o, thanks.
Remove unnecessary addresses in PF_KEY message.

MOBIKE Extensions for PF_KEY draft-schilcher-mobike-pfkey-extension-01.txt says
 1.11.2.10  21-Oct-2018  martin Pull up following revision(s) (requested by knakahara in ticket #1066):

sys/net/if_vlan.c: revision 1.133
sys/net/if_gif.h: revision 1.32
sys/net/if_ipsec.c: revision 1.18
sys/net/if_ipsec.h: revision 1.4
sys/net/if_gif.c: revision 1.144
sys/net/if_l2tp.h: revision 1.6
sys/net/if_l2tp.c: revision 1.30

Fix panic when doing ioctl to multiple pseudo interfaces. Pointed out by k-goda@IIJ.

XXX pullup-8
 1.11.2.9  26-Jul-2018  snj Pull up following revision(s) (requested by msaitoh in ticket #938):
sys/arch/acorn32/podulebus/if_ie.c: revision 1.41
sys/arch/amiga/dev/if_es.c: revision 1.58
sys/arch/amiga/dev/if_qn.c: revision 1.45
sys/arch/arm/at91/at91emac.c: revision 1.20
sys/arch/arm/ep93xx/epe.c: revision 1.37
sys/arch/emips/ebus/if_le_ebus.c: revision 1.14
sys/arch/emips/ebus/if_le_ebus.c: revision 1.15
sys/arch/mac68k/dev/if_mc.c: revision 1.46
sys/arch/macppc/dev/am79c950.c: revision 1.39
sys/arch/newsmips/apbus/if_sn.c: revision 1.40
sys/arch/next68k/dev/mb8795.c: revision 1.59
sys/arch/playstation2/dev/if_smap.c: revision 1.25
sys/arch/playstation2/dev/if_smap.c: revision 1.26
sys/arch/sun2/dev/if_ec.c: revision 1.28
sys/arch/sun3/dev/if_ie.c: revision 1.63
sys/arch/x68k/dev/if_ne_intio.c: revision 1.19
sys/arch/xen/xen/if_xennet_xenbus.c: revision 1.75
sys/arch/xen/xen/xennetback_xenbus.c: revision 1.63
sys/dev/bi/if_ni.c: revision 1.45
sys/dev/cadence/if_cemac.c: revision 1.12
sys/dev/ic/am7990.c: revision 1.78
sys/dev/ic/am79900.c: revision 1.27
sys/dev/ic/an.c: revision 1.67
sys/dev/ic/cs89x0.c: revision 1.40
sys/dev/ic/dm9000.c: revision 1.13
sys/dev/ic/dm9000.c: revision 1.14
sys/dev/ic/dp8390.c: revision 1.88
sys/dev/ic/elink3.c: revision 1.141
sys/dev/ic/elinkxl.c: revision 1.122
sys/dev/ic/hme.c: revision 1.98
sys/dev/ic/i82586.c: revision 1.77
sys/dev/ic/lance.c: revision 1.53
sys/dev/ic/mb86950.c: revision 1.27
sys/dev/ic/mb86960.c: revision 1.86
sys/dev/ic/mtd803.c: revision 1.34
sys/dev/ic/pdq_ifsubr.c: revision 1.59
sys/dev/ic/rrunner.c: revision 1.86
sys/dev/ic/seeq8005.c: revision 1.58
sys/dev/ic/sgec.c: revision 1.47
sys/dev/ic/smc90cx6.c: revision 1.72
sys/dev/ic/smc91cxx.c: revision 1.96
sys/dev/ic/tropic.c: revision 1.49
sys/dev/ic/wi.c: revision 1.245
sys/dev/isa/if_eg.c: revision 1.93
sys/dev/isa/if_el.c: revision 1.95
sys/dev/isa/if_iy.c: revision 1.101
sys/dev/ofw/ofnet.c: revision 1.58
sys/dev/pci/if_alc.c: revision 1.27
sys/dev/pci/if_de.c: revision 1.152
sys/dev/pci/if_fpa.c: revision 1.61
sys/dev/pci/if_jme.c: revision 1.34
sys/dev/pci/if_tl.c: revision 1.108
sys/dev/pci/if_vte.c: revision 1.19
sys/dev/pci/ixgbe/ixgbe.h: revision 1.50
sys/dev/pcmcia/if_cnw.c: revision 1.62
sys/dev/pcmcia/if_malo_pcmcia.c: revision 1.17
sys/dev/pcmcia/if_ray.c: revision 1.89
sys/dev/pcmcia/if_xi.c: revision 1.81
sys/dev/pcmcia/mhzc.c: revision 1.51
sys/dev/pcmcia/xirc.c: revision 1.34
sys/dev/qbus/if_de.c: revision 1.33
sys/dev/qbus/if_qe.c: revision 1.78
sys/dev/qbus/if_qt.c: revision 1.22
sys/dev/sbus/be.c: revision 1.87
sys/dev/sbus/qe.c: revision 1.68
sys/dev/scsipi/if_se.c: revision 1.96
sys/dev/usb/if_atu.c: revision 1.59
sys/net/if_l2tp.c: revision 1.28 via patch
sys/net/if_ppp.c: revision 1.160
It's not required to include net/bpfdesc.h. Remove it.
--
Simplify like other drivers. NULL check of ifp->if_bpf is done in
bpf_mtap(), so it's not required to do it here.
--
Remove duplicated inclusion of net/bpf.h.
--
Remove duplicated inclusion of net/bpf.h.
--
Simplify bpf_mtap() call. No functional change.
 1.11.2.8  17-May-2018  martin Pull up following revision(s) (requested by knakahara in ticket #829):

sys/net/if_l2tp.c: revision 1.24
sys/net/if_ipsec.c: revision 1.13
sys/net/if_gif.h: revision 1.31
sys/netipsec/ipsecif.c: revision 1.8
sys/net/if_gif.c: revision 1.140
sys/netinet6/in6_l2tp.c: revision 1.15
sys/net/if_ipsec.h: revision 1.3
sys/netinet6/in6_gif.c: revision 1.92
sys/net/if_l2tp.h: revision 1.5
sys/netinet/in_l2tp.c: revision 1.13
sys/netinet/in_gif.c: revision 1.93

Fix LOCKDEBUG kernel panic when many(about 200) tunnel interfaces is created.

The tunnel interfaces are gif(4), l2tp(4), and ipsecif(4). They use mutex
itself in percpu area. When percpu_cpu_enlarge() run, the address of the
mutex in percpu area becomes different from the address which lockdebug
saved. That can cause "already initialized" false detection.
 1.11.2.7  11-Apr-2018  martin Pull up following revision(s) (requested by knakahara in ticket #730):

sys/net/if_l2tp.c: revision 1.22
sys/net/if_l2tp.c: revision 1.23

Improve comment. Pointed out by maxv@n.o, thanks.

Fix previous my mistake and odd unaligned case. Pointed out by maxv@n.o, thanks.
It must be rare case to be required this copy routine...
 1.11.2.6  09-Apr-2018  bouyer Pull up following revision(s) (requested by knakahara in ticket #725):
sys/net/if_l2tp.c: revision 1.21
Fix l2tp(4) alignment check. Pointed out and reviewed by k-goda@IIJ.
The alignment check should be done for the address of m_data instead of
the value of m_data.
XXX pullup-8
 1.11.2.5  08-Mar-2018  martin Pull up following revision(s) (requested by knakahara in ticket #614):
sys/net/if_l2tp.c: revision 1.20
sys/netinet6/in6_l2tp.c: revision 1.13
sys/netinet6/in6_l2tp.c: revision 1.14
sys/net/if_l2tp.h: revision 1.3
sys/net/if_l2tp.c: revision 1.13
sys/netinet/in_l2tp.c: revision 1.10
sys/net/if_l2tp.c: revision 1.18
sys/netinet/in_l2tp.c: revision 1.11
sys/net/if_l2tp.c: revision 1.19
sys/netinet/in_l2tp.c: revision 1.12

If if_attach() failed in the attach function, return. Add comments about if_initialize().
suggested by ozaki-r@n.o.

Fix null deref, m could be NULL if M_PREPEND fails.

style

Style, reduce the indentation level when possible, and add a missing NULL
check after M_PREPEND.

Several fixes in L2TP:
* l2tp_input(): use m_copydata, and ensure there is enough space in the
chain. Otherwise overflow.
* l2tp_tcpmss_clamp(): ensure there is enough space in the chain.
* in_l2tp_output(): don't check 'sc' against NULL, it can't be NULL.
* in_l2tp_input(): no need to call m_pullup since we use m_copydata.
Just check the space in the chain.
* in_l2tp_input(): if there is a cookie, make sure the chain has enough
space.
* in6_l2tp_input(): same changes as in_l2tp_input().
Ok knakahara@

Use MH_ALIGN instead, ok knakahara@.
 1.11.2.4  11-Feb-2018  snj Pull up following revision(s) (requested by ozaki-r in ticket #536):
distrib/sets/lists/base/shl.mi: 1.825
distrib/sets/lists/comp/mi: 1.2168-1.2169
distrib/sets/lists/comp/shl.mi: 1.310
distrib/sets/lists/debug/mi: 1.234
distrib/sets/lists/debug/shl.mi: 1.188
distrib/sets/lists/man/mi: 1.1570
distrib/sets/lists/tests/mi: 1.772
etc/mtree/NetBSD.dist.tests: 1.150
share/man/man4/Makefile: 1.650
share/man/man4/ipsec.4: 1.42-1.43
share/man/man4/ipsecif.4: 1.1-1.5
sys/arch/amd64/conf/ALL: 1.77
sys/arch/amd64/conf/GENERIC: 1.480
sys/conf/files: 1.1191
sys/net/Makefile: 1.34
sys/net/files.net: 1.14
sys/net/if.c: 1.404
sys/net/if.h: 1.248
sys/net/if_gif.c: 1.135
sys/net/if_ipsec.c: 1.1-1.3
sys/net/if_ipsec.h: 1.1
sys/net/if_l2tp.c: 1.16
sys/net/if_types.h: 1.28
sys/netinet/in.c: 1.214
sys/netinet/in.h: 1.103
sys/netinet/in_gif.c: 1.92
sys/netinet/ip_var.h: 1.122
sys/netinet6/in6.c: 1.257
sys/netinet6/in6.h: 1.88
sys/netinet6/in6_gif.c: 1.90
sys/netinet6/ip6_var.h: 1.75
sys/netipsec/Makefile: 1.6
sys/netipsec/files.netipsec: 1.13
sys/netipsec/ipsec.h: 1.62
sys/netipsec/ipsecif.c: 1.1
sys/netipsec/ipsecif.h: 1.1
sys/netipsec/key.c: 1.246-1.247
sys/netipsec/key.h: 1.34
sys/rump/net/Makefile.rumpnetcomp: 1.20
sys/rump/net/lib/libipsec/IPSEC.ioconf: 1.1
sys/rump/net/lib/libipsec/Makefile: 1.1
sys/rump/net/lib/libipsec/ipsec_component.c: 1.1
tests/net/Makefile: 1.34
tests/net/if_ipsec/Makefile: 1.1
tests/net/if_ipsec/t_ipsec.sh: 1.1-1.2
Don't touch an SP without a reference to it
unify processing to check nesting count for some tunnel protocols.
add ipsec(4) interface, which is used for route-based VPN.
man and ATF are added later, please see man for details.
reviewed by christos@n.o, joerg@n.o and ozaki-r@n.o, thanks.
https://mail-index.netbsd.org/tech-net/2017/12/18/msg006557.html
ipsec(4) interface supports rump now.
add ipsec(4) interface ATF.
add ipsec(4) interface man as ipsecif.4.
add ipsec(4) interface to amd64/GENERIC and amd64/ALL configs.
apply in{,6}_tunnel_validate() to gif(4).
Spell IPsec that way. Simplify macro usage. Sort SEE ALSO. Bump
date for previous.
Improve wording and macro use.
Some parts are not clear to me, so someone with knowledge of ipsecif(4)
should improve this some more.
Improve ipsecif.4. Default port ipsec(4) NAT-T is tested now.
pointed out by wiz@n.o and suggested by ozaki-r@n.o, thanks.
Change the prefix of test names to ipsecif_ to distinguish from tests for ipsec(4)
New sentence, new line. Remove empty macro.
Fix PR kern/52920. Pointed out by David Binderman, thanks.
Improve wording, and put a new drawing, from me and Kengo Nakahara.
apply a little more #ifdef INET/INET6. fixes !INET6 builds.
 1.11.2.3  02-Jan-2018  snj Pull up following revision(s) (requested by ozaki-r in ticket #456):
sys/arch/arm/sunxi/sunxi_emac.c: 1.9
sys/dev/ic/dwc_gmac.c: 1.43-1.44
sys/dev/pci/if_iwm.c: 1.75
sys/dev/pci/if_wm.c: 1.543
sys/dev/pci/ixgbe/ixgbe.c: 1.112
sys/dev/pci/ixgbe/ixv.c: 1.74
sys/kern/sys_socket.c: 1.75
sys/net/agr/if_agr.c: 1.43
sys/net/bpf.c: 1.219
sys/net/if.c: 1.397, 1.399, 1.401-1.403, 1.406-1.410, 1.412-1.416
sys/net/if.h: 1.242-1.247, 1.250, 1.252-1.257
sys/net/if_bridge.c: 1.140 via patch, 1.142-1.146
sys/net/if_etherip.c: 1.40
sys/net/if_ethersubr.c: 1.243, 1.246
sys/net/if_faith.c: 1.57
sys/net/if_gif.c: 1.132
sys/net/if_l2tp.c: 1.15, 1.17
sys/net/if_loop.c: 1.98-1.101
sys/net/if_media.c: 1.35
sys/net/if_pppoe.c: 1.131-1.132
sys/net/if_spppsubr.c: 1.176-1.177
sys/net/if_tun.c: 1.142
sys/net/if_vlan.c: 1.107, 1.109, 1.114-1.121
sys/net/npf/npf_ifaddr.c: 1.3
sys/net/npf/npf_os.c: 1.8-1.9
sys/net/rtsock.c: 1.230
sys/netcan/if_canloop.c: 1.3-1.5
sys/netinet/if_arp.c: 1.255
sys/netinet/igmp.c: 1.65
sys/netinet/in.c: 1.210-1.211
sys/netinet/in_pcb.c: 1.180
sys/netinet/ip_carp.c: 1.92, 1.94
sys/netinet/ip_flow.c: 1.81
sys/netinet/ip_input.c: 1.362
sys/netinet/ip_mroute.c: 1.147
sys/netinet/ip_output.c: 1.283, 1.285, 1.287
sys/netinet6/frag6.c: 1.61
sys/netinet6/in6.c: 1.251, 1.255
sys/netinet6/in6_pcb.c: 1.162
sys/netinet6/ip6_flow.c: 1.35
sys/netinet6/ip6_input.c: 1.183
sys/netinet6/ip6_output.c: 1.196
sys/netinet6/mld6.c: 1.90
sys/netinet6/nd6.c: 1.239-1.240
sys/netinet6/nd6_nbr.c: 1.139
sys/netinet6/nd6_rtr.c: 1.136
sys/netipsec/ipsec_output.c: 1.65
sys/rump/net/lib/libnetinet/netinet_component.c: 1.9-1.10
kmem_intr_free kmem_intr_[z]alloced memory
the underlying pools are the same but api-wise those should match
Unify IFEF_*_MPSAFE into IFEF_MPSAFE
There are already two flags for if_output and if_start, however, it seems such
MPSAFE flags are eventually needed for all if_XXX operations. Having discrete
flags for each operation is wasteful of if_extflags bits. So let's unify
the flags into one: IFEF_MPSAFE.
Fortunately IFEF_*_MPSAFE flags have never been included in any releases, so
we can change them without breaking backward compatibility of the releases
(though the kernel version of -current should be bumped).
Note that if an interface have both MP-safe and non-MP-safe operations at a
time, we have to set the IFEF_MPSAFE flag and let callees of non-MP-safe
opeartions take the kernel lock.
Proposed on tech-kern@ and tech-net@
Provide macros for softnet_lock and KERNEL_LOCK hiding NET_MPSAFE switch
It reduces C&P codes such as "#ifndef NET_MPSAFE KERNEL_LOCK(1, NULL); ..."
scattered all over the source code and makes it easy to identify remaining
KERNEL_LOCK and/or softnet_lock that are held even if NET_MPSAFE.
No functional change
Hold KERNEL_LOCK on if_ioctl selectively based on IFEF_MPSAFE
If IFEF_MPSAFE is set, hold the lock and otherwise don't hold.
This change requires additions of KERNEL_LOCK to subsequence functions from
if_ioctl such as ifmedia_ioctl and ifioctl_common to protect non-MP-safe
components.
Proposed on tech-kern@ and tech-net@
Ensure to hold if_ioctl_lock when calling if_flags_set
Fix locking against myself on ifpromisc
vlan_unconfig_locked could be called with holding if_ioctl_lock.
Ensure to not turn on IFF_RUNNING of an interface until its initialization completes
And ensure to turn off it before destruction as per IFF_RUNNING's description
"resource allocated". (The description is a bit doubtful though, I believe the
change is still proper.)
Ensure to hold if_ioctl_lock on if_up and if_down
One exception for if_down is if_detach; in the case the lock isn't needed
because it's guaranteed that no other one can access ifp at that point.
Make if_link_queue MP-safe if IFEF_MPSAFE
if_link_queue is a queue to store events of link state changes, which is
used to pass events from (typically) an interrupt handler to
if_link_state_change softint. The queue was protected by KERNEL_LOCK so far,
but if IFEF_MPSAFE is enabled, it becomes unsafe because (perhaps) an interrupt
handler of an interface with IFEF_MPSAFE doesn't take KERNEL_LOCK. Protect it
by a spin mutex.
Additionally with this change KERNEL_LOCK of if_link_state_change softint is
omitted if NET_MPSAFE is enabled.
Note that the spin mutex is now ifp->if_snd.ifq_lock as well as the case of
if_timer (see the comment).
Use IFADDR_WRITER_FOREACH instead of IFADDR_READER_FOREACH
At that point no other one modifies the list so IFADDR_READER_FOREACH
is unnecessary. Use of IFADDR_READER_FOREACH is harmless in general though,
if we try to detect contract violations of pserialize, using it violates
the contract. So avoid using it makes life easy.
Ensure to call if_addr_init with holding if_ioctl_lock
Get rid of outdated comments
Fix build of kernels without ether
By throwing out if_enable_vlan_mtu and if_disable_vlan_mtu that
created a unnecessary dependency from if.c to if_ethersubr.c.
PR kern/52790
Rename IFNET_LOCK to IFNET_GLOBAL_LOCK
IFNET_LOCK will be used in another lock, if_ioctl_lock (might be renamed then).
Wrap if_ioctl_lock with IFNET_* macros (NFC)
Also if_ioctl_lock perhaps needs to be renamed to something because it's now
not just for ioctl...
Reorder some destruction routines in if_detach
- Destroy if_ioctl_lock at the end of the if_detach because it's used in various
destruction routines
- Move psref_target_destroy after pr_purgeif because we want to use psref in
pr_purgeif (otherwise destruction procedures can be tricky)
Ensure to call if_mcast_op with holding IFNET_LOCK
Note that CARP doesn't deal with IFNET_LOCK yet.
Remove IFNET_GLOBAL_LOCK where it's unnecessary because IFNET_LOCK is held
Describe which lock is used to protect each member variable of struct ifnet
Requested by skrll@
Write a guideline for converting an interface to IFEF_MPSAFE
Requested by skrll@
Note that IFNET_LOCK must not be held in softint
Don't set IFEF_MPSAFE unless NET_MPSAFE at this point
Because recent investigations show that interfaces with IFEF_MPSAFE need to
follow additional restrictions to work with the flag safely. We should enable it
on an interface by default only if the interface surely satisfies the
restrictions, which are described in if.h.
Note that enabling IFEF_MPSAFE solely gains a few benefit on performance because
the network stack is still serialized by the big kernel locks by default.
 1.11.2.2  08-Nov-2017  snj Pull up following revision(s) (requested by ozaki-r in ticket #349):
sys/net/if_l2tp.c: revision 1.14
sys/net/if_tap.c: revision 1.101
sys/net/if_tun.c: revision 1.141
sys/net/if_vlan.c: revision 1.106
Set IFEF_NO_LINK_STATE_CHANGE flag to pseudo devices that don't use
if_link_state_change
 1.11.2.1  06-Nov-2017  snj Pull up following revision(s) (requested by knakahara in ticket #341):
sys/net/if_l2tp.c: revision 1.12
fix l2tp panic when l2tp session id is changed (same as if_vlan.c:r1.104)
E.g. the following operation causes this panic.
====================
# ifconfig l2tp0 create
# ifconfig l2tp0 session 140 140
# ifconfig l2tp1 create
# ifconfig l2tp1 session 200 200
# ifconfig l2tp1 session 300 300
panic: kernel diagnostic assertion "new->ple_next == NULL" failed: file "/disk4/home/k-nakahara/repos/netbsd-src/sys/sys/pslist.h", line 118
====================
Pointed out by s-yamaguchi@IIJ, thanks.
 1.15.2.2  03-Dec-2017  jdolecek update from HEAD
 1.15.2.1  16-Nov-2017  jdolecek file if_l2tp.c was added on branch tls-maxphys on 2017-12-03 11:39:02 +0000
 1.20.2.8  18-Jan-2019  pgoyette Synch with HEAD
 1.20.2.7  26-Dec-2018  pgoyette Sync with HEAD, resolve a few conflicts
 1.20.2.6  20-Oct-2018  pgoyette Sync with head
 1.20.2.5  28-Jul-2018  pgoyette Sync with HEAD
 1.20.2.4  25-Jun-2018  pgoyette Sync with HEAD
 1.20.2.3  21-May-2018  pgoyette Sync with HEAD
 1.20.2.2  02-May-2018  pgoyette Synch with HEAD
 1.20.2.1  16-Apr-2018  pgoyette Sync with HEAD, resolve some conflicts
 1.29.2.2  13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.29.2.1  10-Jun-2019  christos Sync with HEAD
 1.35.2.2  01-Nov-2019  martin Pull up following revision(s) (requested by knakahara in ticket #387):

sys/net/if_gre.c: revision 1.176
sys/net/if_l2tp.c: revision 1.40
sys/dev/pci/ixgbe/ix_txrx.c: revision 1.56
sys/net/if_tap.c: revision 1.114

Fix missing kpreempt_disable() before softint_schedule() like if_vmx.c:r1.51.
 1.35.2.1  24-Sep-2019  martin Pull up following revision(s) (requested by ozaki-r in ticket #238):

sys/netipsec/ipsec_output.c: revision 1.83
sys/net/route.h: revision 1.125
sys/netinet6/ip6_input.c: revision 1.210
sys/netinet6/ip6_input.c: revision 1.211
sys/net/if.c: revision 1.461
sys/net/if_gif.h: revision 1.33
sys/net/route.c: revision 1.220
sys/net/route.c: revision 1.221
sys/net/if.h: revision 1.277
sys/netinet6/ip6_forward.c: revision 1.97
sys/netinet/wqinput.c: revision 1.6
sys/net/if_ipsec.h: revision 1.5
sys/netinet6/in6_l2tp.c: revision 1.18
sys/netinet6/in6_gif.c: revision 1.94
sys/net/if_l2tp.h: revision 1.7
sys/net/if_gif.c: revision 1.149
sys/net/if_l2tp.h: revision 1.8
sys/netinet/in_gif.c: revision 1.95
sys/netinet/in_l2tp.c: revision 1.17
sys/netipsec/ipsecif.c: revision 1.17
sys/net/if_ipsec.c: revision 1.24
sys/net/if_l2tp.c: revision 1.37
sys/netinet/ip_input.c: revision 1.391
sys/net/if_l2tp.c: revision 1.38
sys/netinet/ip_input.c: revision 1.392
sys/net/if_l2tp.c: revision 1.39

Avoid having a rtcache directly in a percpu storage

percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users. If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.

A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Using rtcache, i.e., packet processing, typically involves sleepable operations
such as rwlock so we must avoid dereferencing a rtcache that is directly stored
in a percpu storage during packet processing. Address this situation by having
just a pointer to a rtcache in a percpu storage instead.
Reviewed by knakahara@ and yamaguchi@

-

wqinput: avoid having struct wqinput_worklist directly in a percpu storage

percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users. If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.

A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Input handlers of wqinput normally involves sleepable operations so we must
avoid dereferencing a percpu data (struct wqinput_worklist) after executing
an input handler. Address this situation by having just a pointer to the data
in a percpu storage instead.
Reviewed by knakahara@ and yamaguchi@

-

Add missing #include <sys/kmem.h>

-

Divide Tx context of l2tp(4) to improve performance.

It seems l2tp(4) call path is too long for instruction cache. So, dividing
l2tp(4) Tx context improves CPU use efficiency.

After this commit, l2tp(4) throughput gains 10% on my machine(Atom C3000).

-

Apply some missing changes lost on the previous commit

-

Avoid having a rtcache directly in a percpu storage for tunnel protocols.
percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users. If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.

A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Using rtcache, i.e., packet processing, typically involves sleepable operations
such as rwlock so we must avoid dereferencing a rtcache that is directly stored
in a percpu storage during packet processing. Address this situation by having
just a pointer to a rtcache in a percpu storage instead.

Reviewed by ozaki-r@ and yamaguchi@

-

l2tp(4): avoid having struct ifqueue directly in a percpu storage.
percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users. If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.

A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Tx processing of l2tp(4) uses normally involves sleepable operations so we
must avoid dereferencing a percpu data (struct ifqueue) after executing Tx
processing. Address this situation by having just a pointer to the data in
a percpu storage instead.

Reviewed by ozaki-r@ and yamaguchi@
 1.40.2.1  29-Feb-2020  ad Sync with head.
 1.46.6.1  17-Jun-2021  thorpej Sync w/ HEAD.
 1.48.4.1  03-Nov-2023  martin Pull up following revision(s) (requested by yamaguchi in ticket #455):
sys/dev/pci/ixgbe/ixgbe.c: revision 1.347
sys/net/if_l2tp.c: revision 1.49
tests/net/if_vlan/t_vlan.sh: revision 1.25
sys/net/if_vlan.c: revision 1.171
sys/net/if_ethersubr.c: revision 1.326
sys/dev/pci/ixgbe/ixv.c: revision 1.194
Use ether_bpf_mtap only when the device supports vlan harware tagging
The function is bpf_mtap() for ethernet devices and *currently*
it is just handling VLAN tag stripped by the hardware.
l2tp(4): use ether_ifattach() to initialize ethercom
Support vlan(4) over l2tp(4)
Added the test for vlan over l2tp
 1.49.4.1  16-Nov-2023  thorpej IFQ_CLASSIFY() -> ifq_classify_packet().

RSS XML Feed