we don't have to cast to caddr_t when calling m_copydata anymore.

the first cut of this diff was made with coccinelle using this spatch:

@rule@
type caddr_t;
expression m, off, len, cp;
@@
-m_copyd

we don't have to cast to caddr_t when calling m_copydata anymore.

the first cut of this diff was made with coccinelle using this spatch:

@rule@
type caddr_t;
expression m, off, len, cp;
@@
-m_copydata(m, off, len, (caddr_t)cp)
+m_copydata(m, off, len, cp)

i had fix it's opinionated idea of formatting by hand though, so
i'm not sure it was worth it.

ok deraadt@ bluhm@

show more ...

fix the length check on arp packets when handling arp filter rules.

another bridge feature i'm not convinced people actually use.

ok jmatthew@ claudio@

bridge(4): convert ifunit() to if_unit(9)

ok bluhm@ sashan@

We have this sequence in bridge(4) ioctl(2) path:

ifs = ifunit(req->ifbr_ifsname);
if (ifs == NULL) {
error = ENOENT;
break;
}
if (ifs->if_bridgeidx != ifp->if_index) {
error = ESRCH;

We have this sequence in bridge(4) ioctl(2) path:

ifs = ifunit(req->ifbr_ifsname);
if (ifs == NULL) {
error = ENOENT;
break;
}
if (ifs->if_bridgeidx != ifp->if_index) {
error = ESRCH;
break;
}
bif = bridge_getbif(ifs);

This sequence repeats 8 times. Also we don't check value returned by
bridge_getbig() before use. Newly introduced bridge_getbig() function
replaces this sequence. This not only reduces duplicated code but also
makes `bif' dereference safe.

ok bluhm@

show more ...

kernel: use gettime(9)/getuptime(9) in lieu of time_second(9)/time_uptime(9)

time_second(9) and time_uptime(9) are widely used in the kernel to
quickly get the system UTC or system uptime as a time_

kernel: use gettime(9)/getuptime(9) in lieu of time_second(9)/time_uptime(9)

time_second(9) and time_uptime(9) are widely used in the kernel to
quickly get the system UTC or system uptime as a time_t. However,
time_t is 64-bit everywhere, so it is not generally safe to use them
on 32-bit platforms: you have a split-read problem if your hardware
cannot perform atomic 64-bit reads.

This patch replaces time_second(9) with gettime(9), a safer successor
interface, throughout the kernel. Similarly, time_uptime(9) is replaced
with getuptime(9).

There is a performance cost on 32-bit platforms in exchange for
eliminating the split-read problem: instead of two register reads you
now have a lockless read loop to pull the values from the timehands.
This is really not *too* bad in the grand scheme of things, but
compared to what we were doing before it is several times slower.

There is no performance cost on 64-bit (__LP64__) platforms.

With input from visa@, dlg@, and tedu@.

Several bugs squashed by visa@.

ok kettenis@

show more ...

Add missing mtx_leave() in error path.

Reported by kn@, ok visa@

Switch the list of span interfaces and interfaces to SMR.

This removes the KERNEL_LOCK() around the list iteration in bridge_enqueue().

Since the NET_LOCK() isn't protecting any data structure, rel

Switch the list of span interfaces and interfaces to SMR.

This removes the KERNEL_LOCK() around the list iteration in bridge_enqueue().

Since the NET_LOCK() isn't protecting any data structure, release it early
in all the code paths coming from the Network Stack to prevent possible
deadlock situations with smr_barrier().

bridge_input() is still KERNEL_LOCK()ed as well as bridge_filterrule().

ok visa@

show more ...

Removes the KERNEL_LOCK() from bridge(4)'s output fast-path.

This redefines the ifp <-> bridge relationship. No lock can be
currently used across the multiples contexts where the bridge has
tentacl

Removes the KERNEL_LOCK() from bridge(4)'s output fast-path.

This redefines the ifp <-> bridge relationship. No lock can be
currently used across the multiples contexts where the bridge has
tentacles to protect a pointer, use an interface index.

Tested by various, ok dlg@, visa@

show more ...

Move the tag mechanism outside of net/if_bridge.c.

This will help for future (un)locking.

ok visa@

Protect the hash table with a mutex.

inputs & ok visa@

Make bridge_rtupdate() return an error value instead of a pointer.

Use timeout_barrier() when bringing the bridge(4) down and only execute
the timeout handler if the interface is running.

ok claudio@

Various cleanups:

- Unify the two hooks by passing the same argument
- Check for nullity before dereferencing `if_bridgeport', this will
matter when we go MP
- Use the same pattern to find a membe

Various cleanups:

- Unify the two hooks by passing the same argument
- Check for nullity before dereferencing `if_bridgeport', this will
matter when we go MP
- Use the same pattern to find a member in the ioctl path


ok bluhm@, visa@

show more ...

Batch copyout(9)s in preparation for finer locking.

Tested by Hrvoje Popovski, inputs and ok visa@

Make it clear that `if_bridgeport' is dereferenced in the ioctl path
by making all handlers consistent.

ok bluhm@, visa@

Rename 'bridge_iflist' variables for coherency, missed in previous.

Coherently name "struct bridge_iflist" variables `bif'.

ok visa@

bcmp -> memcmp; kinda req'd / not-just-kinda ok'd by claudio

implement an arp filter
allows arp (and rarp) requests and replies to be matched, including matching
based on the source and target host and protocol adresses, and thus control
over arp traffic and l

implement an arp filter
allows arp (and rarp) requests and replies to be matched, including matching
based on the source and target host and protocol adresses, and thus control
over arp traffic and learning.
written for medical x-ray machines, but useful in many spread out L2 networks
ok claudio benno

show more ...

Introduce sstosa() for converting sockaddr_storage with a type safe
inline function instead of casting it to sockaddr. While there,
use inline instead of __inline for all these conversions. Some
st

Introduce sstosa() for converting sockaddr_storage with a type safe
inline function instead of casting it to sockaddr. While there,
use inline instead of __inline for all these conversions. Some
struct sockaddr casts can be avoided completely.
OK dhill@ mpi@

show more ...

No need for a splsoftnet()/splx() dance when the KERNEL_LOCK() is what
serialize access to bridge(4) data structures.

ok mikeb@

Rename brtag_src/brtag_dst to brtag_peer/brtag_local to avoid
confusion about the tunnel endpoints when responding to the peer.

OK yasuoka@

Add support for a multipoint-to-multipoint mode in vxlan(4). In this
mode, vxlan(4) must be configured to accept any virtual network
identifier with "vnetid any" and added to a bridge(4) or switch(4

Add support for a multipoint-to-multipoint mode in vxlan(4). In this
mode, vxlan(4) must be configured to accept any virtual network
identifier with "vnetid any" and added to a bridge(4) or switch(4).
This way the driver will dynamically learn the tunnel endpoints and
their vnetids for the responses and can be used to dynamically bridge
between VXLANs. It is also being used in combination with switch(4)
and the OpenFlow tunnel classifiers.

With input from yasuoka@ goda@
OK deraadt@ dlg@

show more ...

Include cleanup.

Split functions in if_bridge.c into if_bridge.c bridgectl.c .

Splitting functions in if_bridge.c into if_bridge.c for the forwarding part
and bridgectl.c for the control part. It shouldn't have any

Split functions in if_bridge.c into if_bridge.c bridgectl.c .

Splitting functions in if_bridge.c into if_bridge.c for the forwarding part
and bridgectl.c for the control part. It shouldn't have any functional change.

ok reyk@ mpi@ yasuoka@

show more ...