#
9f9935a8 |
| 11-Nov-2021 |
claudio <claudio@openbsd.org> |
Retire switch(4) it never really was production ready and the OpenFlow API implemented is a deadend. OK akoshibe@ yasuoka@ deraadt@ kn@ patrick@ sthen@
|
#
678831be |
| 10-Mar-2021 |
jsg <jsg@openbsd.org> |
spelling
ok gnezdo@ semarie@ mpi@
|
#
044aaac6 |
| 25-Jan-2021 |
mvs <mvs@openbsd.org> |
We have this sequence in bridge(4) ioctl(2) path:
ifs = ifunit(req->ifbr_ifsname); if (ifs == NULL) { error = ENOENT; break; } if (ifs->if_bridgeidx != ifp->if_index) { error = ESRCH;
We have this sequence in bridge(4) ioctl(2) path:
ifs = ifunit(req->ifbr_ifsname); if (ifs == NULL) { error = ENOENT; break; } if (ifs->if_bridgeidx != ifp->if_index) { error = ESRCH; break; } bif = bridge_getbif(ifs);
This sequence repeats 8 times. Also we don't check value returned by bridge_getbig() before use. Newly introduced bridge_getbig() function replaces this sequence. This not only reduces duplicated code but also makes `bif' dereference safe.
ok bluhm@
show more ...
|
#
13dba897 |
| 30-Jul-2020 |
mvs <mvs@openbsd.org> |
`struct bstp_state' stores pointer to parent `ifnet' as `bs_ifp'. Replace this pointer by interface index. This allow us to avoid some use after free issues caused by ifioctl() races.
ok sashan@
|
#
f6fc373e |
| 29-Jul-2020 |
mvs <mvs@openbsd.org> |
Interface index is unsigned integer. Fix the places where it referenced as signed. u_int used within pipex(4) for consistency with other code.
ok dlg@ mpi@
|
#
793c5642 |
| 22-Jul-2020 |
mvs <mvs@openbsd.org> |
Use interface index instead of pointer to `ifnet' in `struct bstp_port'.
ok yasuoka@
|
#
4f5e51a4 |
| 07-Nov-2019 |
dlg <dlg@openbsd.org> |
turn the linkstate hooks into a task list, like the detach hooks.
this is largely mechanical, except for carp. this moves the addition of the carp link state hook after we're committed to using the
turn the linkstate hooks into a task list, like the detach hooks.
this is largely mechanical, except for carp. this moves the addition of the carp link state hook after we're committed to using the new interface as a carpdev. because the add can't fail, we avoid a complicated unwind dance. also, this tweaks the carp linkstate hook so it only updates the relevant carp interface, not all of the carpdevs on the parent.
hrvoje popovski has tested an early version of this diff and it's generally ok, but there's some splasserts that this diff fires that i'll fix in an upcoming diff.
ok claudio@
show more ...
|
#
3fe9d1bd |
| 06-Nov-2019 |
dlg <dlg@openbsd.org> |
replace the hooks used with if_detachhooks with a task list.
the main semantic change is that things registering detach hooks have to allocate and set a task structure that then gets added to the li
replace the hooks used with if_detachhooks with a task list.
the main semantic change is that things registering detach hooks have to allocate and set a task structure that then gets added to the list. this means if the task is allocated up front (eg, as part of carps softc or bridges port structure), it avoids the possibility that adding a hook can fail. a lot of drivers weren't checking for failure, and unwinding state in the event of failure in other parts was error prone.
while doing this i discovered that the list operations have to be in a particular order, but drivers weren't doing that consistently either. this diff wraps the list ops up so you have to seriously go out of your way to screw them up.
ive also sprinkled some NET_ASSERT_LOCKED around the list operations so we can make sure there's no potential for the list to be corrupted, especially while it's being run.
hrvoje popovski has tested this a bit, and some issues he discovered have been fixed.
ok sashan@
show more ...
|
#
282291ed |
| 12-May-2019 |
mpi <mpi@openbsd.org> |
Switch the list of span interfaces and interfaces to SMR.
This removes the KERNEL_LOCK() around the list iteration in bridge_enqueue().
Since the NET_LOCK() isn't protecting any data structure, rel
Switch the list of span interfaces and interfaces to SMR.
This removes the KERNEL_LOCK() around the list iteration in bridge_enqueue().
Since the NET_LOCK() isn't protecting any data structure, release it early in all the code paths coming from the Network Stack to prevent possible deadlock situations with smr_barrier().
bridge_input() is still KERNEL_LOCK()ed as well as bridge_filterrule().
ok visa@
show more ...
|
#
96c4247c |
| 28-Apr-2019 |
mpi <mpi@openbsd.org> |
Removes the KERNEL_LOCK() from bridge(4)'s output fast-path.
This redefines the ifp <-> bridge relationship. No lock can be currently used across the multiples contexts where the bridge has tentacl
Removes the KERNEL_LOCK() from bridge(4)'s output fast-path.
This redefines the ifp <-> bridge relationship. No lock can be currently used across the multiples contexts where the bridge has tentacles to protect a pointer, use an interface index.
Tested by various, ok dlg@, visa@
show more ...
|
#
33d9f1d5 |
| 08-Mar-2019 |
mpi <mpi@openbsd.org> |
Move the tag mechanism outside of net/if_bridge.c.
This will help for future (un)locking.
ok visa@
|
#
96d0f2ae |
| 20-Feb-2019 |
mpi <mpi@openbsd.org> |
Protect the hash table with a mutex.
inputs & ok visa@
|
#
29016cb9 |
| 17-Feb-2019 |
mpi <mpi@openbsd.org> |
Make bridge_rtupdate() return an error value instead of a pointer.
|
#
41b46478 |
| 29-Jan-2019 |
mpi <mpi@openbsd.org> |
Plumbing to simplify upcoming locking.
- Do checks that do not access shared data structures first, they don't need locking and save us some dances.
- Use the common !ETHER_IS_MULTICAST() idiom a
Plumbing to simplify upcoming locking.
- Do checks that do not access shared data structures first, they don't need locking and save us some dances.
- Use the common !ETHER_IS_MULTICAST() idiom and move some code that won't be executed if the bridge(4) is down.
ok bluhm@, visa@
show more ...
|
#
9907846e |
| 17-Jan-2019 |
mpi <mpi@openbsd.org> |
Convert interface lists from TAILQ to SLIST in preparation for fine grained locking.
ok visa@, florian@
|
#
1cfe6aaa |
| 07-Dec-2018 |
mpi <mpi@openbsd.org> |
Stop passing `sc' when it isn't needed and use `ifp' where it's good enough.
ok sthen@, visa@
|
#
0a04437d |
| 08-Feb-2018 |
mpi <mpi@openbsd.org> |
Add a new '-protected' option for bridge members.
Bridge members that are part of the same protected domain, refered by a number between 1 and 31, cannot talk to each others. This is useful to isol
Add a new '-protected' option for bridge members.
Bridge members that are part of the same protected domain, refered by a number between 1 and 31, cannot talk to each others. This is useful to isolate VMs or untrusted networks at layer 2.
Members can be part of multiple protected domain making it possible to create complex protected setups.
ok ccardenas@, claudio@, dlg@, henning@
show more ...
|
#
d6404d18 |
| 05-Feb-2018 |
henning <henning@openbsd.org> |
implement an arp filter allows arp (and rarp) requests and replies to be matched, including matching based on the source and target host and protocol adresses, and thus control over arp traffic and l
implement an arp filter allows arp (and rarp) requests and replies to be matched, including matching based on the source and target host and protocol adresses, and thus control over arp traffic and learning. written for medical x-ray machines, but useful in many spread out L2 networks ok claudio benno
show more ...
|
#
24d7e143 |
| 20-Jan-2017 |
claudio <claudio@openbsd.org> |
Stop using pfsockaddr_union outside of pf so that we can remove its usage inside pf later on. pfsync can use the one from ip_ipsp.h and bridge can have its own version for now. OK mpi@ phessler@
|
#
abb517ab |
| 11-Jan-2017 |
mpi <mpi@openbsd.org> |
No need for a splsoftnet()/splx() dance when the KERNEL_LOCK() is what serialize access to bridge(4) data structures.
ok mikeb@
|
#
051fa421 |
| 03-Oct-2016 |
rzalamena <rzalamena@openbsd.org> |
Use detach hook to notify bridge of interface removal instead of adding code to if.c.
ok mpi@
|
#
8eacc5b2 |
| 29-Sep-2016 |
reyk <reyk@openbsd.org> |
Rename brtag_src/brtag_dst to brtag_peer/brtag_local to avoid confusion about the tunnel endpoints when responding to the peer.
OK yasuoka@
|
#
26334ce3 |
| 03-Sep-2016 |
reyk <reyk@openbsd.org> |
Add support for a multipoint-to-multipoint mode in vxlan(4). In this mode, vxlan(4) must be configured to accept any virtual network identifier with "vnetid any" and added to a bridge(4) or switch(4
Add support for a multipoint-to-multipoint mode in vxlan(4). In this mode, vxlan(4) must be configured to accept any virtual network identifier with "vnetid any" and added to a bridge(4) or switch(4). This way the driver will dynamically learn the tunnel endpoints and their vnetids for the responses and can be used to dynamically bridge between VXLANs. It is also being used in combination with switch(4) and the OpenFlow tunnel classifiers.
With input from yasuoka@ goda@ OK deraadt@ dlg@
show more ...
|
#
70d427ba |
| 02-Sep-2016 |
goda <goda@openbsd.org> |
Add switch(4) support to ifconfig
ok deraadt@ yasuoka@ reyk@ henning@
|
#
6a5c526d |
| 01-Sep-2016 |
goda <goda@openbsd.org> |
Import switch(4), an in-kernel OpenFlow switch which can work alone. switch(4) currently supports OpenFlow 1.3.5. Currently, it's disabled by the kernel config.
With help from yasuoka@ reyk@ jsg@.
Import switch(4), an in-kernel OpenFlow switch which can work alone. switch(4) currently supports OpenFlow 1.3.5. Currently, it's disabled by the kernel config.
With help from yasuoka@ reyk@ jsg@.
ok deraadt@ yasuoka@ reyk@ henning@
show more ...
|