domains: use queue(9) SLIST for linked list of domains

protosw: refactor protosw and domain static declaration and load

o Assert that every protosw has pr_attach. Now this structure is
only for socket protocols declarations and nothing else.
o Merge

protosw: refactor protosw and domain static declaration and load

o Assert that every protosw has pr_attach. Now this structure is
only for socket protocols declarations and nothing else.
o Merge struct pr_usrreqs into struct protosw. This was suggested
in 1996 by wollman@ (see 7b187005d18ef), and later reiterated
in 2006 by rwatson@ (see 6fbb9cf860dcd).
o Make struct domain hold a variable sized array of protosw pointers.
For most protocols these pointers are initialized statically.
Those domains that may have loadable protocols have spacers. IPv4
and IPv6 have 8 spacers each (andre@ dff3237ee54ea).
o For inetsw and inet6sw leave a comment noting that many protosw
entries very likely are dead code.
o Refactor pf_proto_[un]register() into protosw_[un]register().
o Isolate pr_*_notsupp() methods into uipc_domain.c

Reviewed by: melifaro
Differential revision: https://reviews.freebsd.org/D36232

show more ...

rtsock: subscribe to ifnet eventhandlers instead of direct calls.

Stop treating rtsock as a "special" consumer and use already-provided
ifaddr arrival/departure notifications.

MFC after: 2 weeks

rtsock: subscribe to ifnet eventhandlers instead of direct calls.

Stop treating rtsock as a "special" consumer and use already-provided
ifaddr arrival/departure notifications.

MFC after: 2 weeks

Test Plan:
```
21:05 [0] m@devel0 route -n monitor

-> ifconfig vtnet0.2 create

got message of size 24 on Tue Aug 9 21:05:44 2022
RTM_IFANNOUNCE: interface arrival/departure: len 24, if# 3, what: arrival

got message of size 168 on Tue Aug 9 21:05:54 2022
RTM_IFINFO: iface status change: len 168, if# 3, link: up, flags:<BROADCAST,RUNNING,SIMPLEX,MULTICAST>

-> ifconfig vtnet0.2 destroy

got message of size 24 on Tue Aug 9 21:05:54 2022
RTM_IFANNOUNCE: interface arrival/departure: len 24, if# 3, what: departure

```

Reviewed By: glebius
Differential Revision: https://reviews.freebsd.org/D36095
MFC after: 2 weeks

show more ...

netinet: get interface event notifications directly via EVENTHANDLER(9)

The old mechanism of getting them via domains/protocols control input
is a relict from the previous century, when nothing like

netinet: get interface event notifications directly via EVENTHANDLER(9)

The old mechanism of getting them via domains/protocols control input
is a relict from the previous century, when nothing like EVENTHANDLER(9)
existed yet. Retire PRC_IFDOWN/PRC_IFUP as netinet was the only one
to use them.

Reviewed by: melifaro
Differential revision: https://reviews.freebsd.org/D36116

show more ...

Introduce and use the NET_EPOCH_DRAIN_CALLBACKS() macro

Reviewed by: melifao, kp
Differential Revision: https://reviews.freebsd.org/D35968

netinet6: fix ndp proxying

We could insert proxy NDP entries by the ndp command, but the host
with proxy ndp entries had not responded to Neighbor Solicitations.
Change the following points for prox

netinet6: fix ndp proxying

We could insert proxy NDP entries by the ndp command, but the host
with proxy ndp entries had not responded to Neighbor Solicitations.
Change the following points for proxy NDP to work as expected:
* join solicited-node multicast addresses for proxy NDP entries
in order to receive Neighbor Solicitations.
* look up proxy NDP entries not on the routing table but on the
link-level address table when receiving Neighbor Solicitations.

Reviewed By: melifaro
Differential Revision: https://reviews.freebsd.org/D35307
MFC after: 2 weeks

show more ...

Kernel-side infrastructure to implement nvlist-based set/get ifcaps

Reviewed by: hselasky, jhb, kp (previous version)
Sponsored by: NVIDIA Networking
MFC after: 3 weeks
Differential revision: https:

Kernel-side infrastructure to implement nvlist-based set/get ifcaps

Reviewed by: hselasky, jhb, kp (previous version)
Sponsored by: NVIDIA Networking
MFC after: 3 weeks
Differential revision: https://reviews.freebsd.org/D32551

show more ...

if: avoid interface destroy race

When we destroy an interface while the jail containing it is being
destroyed we risk seeing a race between if_vmove() and the destruction
code, which results in us t

if: avoid interface destroy race

When we destroy an interface while the jail containing it is being
destroyed we risk seeing a race between if_vmove() and the destruction
code, which results in us trying to move a destroyed interface.

Protect against this by using the ifnet_detach_sxlock to also covert
if_vmove() (and not just detach).

PR: 262829
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D34704

show more ...

ifnet/mbuf: provide KPI to serialize/restore m->m_pkthdr.rcvif

Supplement ifindex table with generation count and use it to
serialize & restore an ifnet pointer.

Reviewed by: kp
Differential revis

ifnet/mbuf: provide KPI to serialize/restore m->m_pkthdr.rcvif

Supplement ifindex table with generation count and use it to
serialize & restore an ifnet pointer.

Reviewed by: kp
Differential revision: https://reviews.freebsd.org/D33266
Fun note: git show e6abef09187a

(cherry picked from commit e1882428dcbbafd2814d7e17b977a8f686784b39)

show more ...

ifnet: make if_index global

Now that ifindex is static to if.c we can unvirtualize it. For lifetime
of an ifnet its index never changes. To avoid leaking foreign interfaces
the net.link.generic.sy

ifnet: make if_index global

Now that ifindex is static to if.c we can unvirtualize it. For lifetime
of an ifnet its index never changes. To avoid leaking foreign interfaces
the net.link.generic.system.ifcount sysctl and the ifnet_byindex() KPI
filter their returned value on curvnet. Since if_vmove() no longer
changes the if_index, inline ifindex_alloc() and ifindex_free() into
if_alloc() and if_free() respectively.

API wise the only change is that now minimum interface index can be
greater than 1. The holes in interface indexes were always allowed.

Reviewed by: kp
Differential revision: https://reviews.freebsd.org/D33672

(cherry picked from commit 91f44749c6feb50f39af8805dd803e860f0418f1)

show more ...

VNET: Revert "ifnet: make if_index global"

This reverts commit 91f44749c6feb50f39af8805dd803e860f0418f1.

Devirtualization of V_if_index and V_ifindex_table was rushed into
the tree lacking proper c

VNET: Revert "ifnet: make if_index global"

This reverts commit 91f44749c6feb50f39af8805dd803e860f0418f1.

Devirtualization of V_if_index and V_ifindex_table was rushed into
the tree lacking proper context, discussion, and declaration of intent,
so I'm backing it out as harmful to VNET on the following grounds:

1) The change repurposed the decades-old and stable if_index KBI for
new, unclear goals which were omitted from the commit note.

2) The change opened up a new resource exhaustion vector where any vnet
could starve the system of ifnet indices, including vnet0.

3) To circumvent the newly introduced problem of separating ifnets
belonging to different vnets from the globalized ifindex_table, the
author introduced sysctl_ifcount() which does a linear traversal over
the (potentially huge) global ifnet list just to return a simple upper
bound on existing ifnet indices.

4) The change effectively led to nonuniform ifnet index allocation
among vnets.

5) The commit note clearly stated that the patch changed the implicit
if_index ABI contract where ifnet indices were assumed to be starting
from one. The commit note also included a correct observation that
holes in interface indices were always allowed, but failed to declare
that the userland-observable ifindex tables could now include huge
empty spans even under modest operating conditions.

6) The author had an earlier proposal in the works which did not
affect per-vnet ifnet lists (D33265) but which he abandoned without
providing the rationale behind his decision to do so, at the expense
of sacrificing the vnet isolation contract and if_index ABI / KBI.

Furthermore, the author agreed to back out his changes himself and
to follow up with a proposal for a less intrusive alternative, but
later silently declined to act. Therefore, I decided to resolve the
status-quo by backing this out myself. This in no way precludes a
future proposal aiming to mitigate ifnet-removal related system
crashes or panics to be accepted, provided it would not unnecessarily
compromise the goal of as strict as possible isolation between vnets.

Obtained from: github.com/glebius/FreeBSD/commits/backout-ifindex

show more ...

Revert "mbuf: do not restore dying interfaces"

This reverts commit 703e533da5e2e4743d38bbf4605fec041bc69976.

Revert "ifnet/mbuf: provide KPI to serialize/restore m->m_pkthdr.rcvif"

This reverts co

Revert "mbuf: do not restore dying interfaces"

This reverts commit 703e533da5e2e4743d38bbf4605fec041bc69976.

Revert "ifnet/mbuf: provide KPI to serialize/restore m->m_pkthdr.rcvif"

This reverts commit e1882428dcbbafd2814d7e17b977a8f686784b39.

Obtained from: github.com/glebius/FreeBSD/commits/backout-ifindex

show more ...

net: Fix a typo in a source code comment

- s/peform/perform/

MFC after: 3 days

ifnet: garbage collect unused function ifaddr_byindex().

Last use was removed in 5adea417d49.

ifnet/mbuf: provide KPI to serialize/restore m->m_pkthdr.rcvif

Supplement ifindex table with generation count and use it to
serialize & restore an ifnet pointer.

Reviewed by: kp
Differential revis

ifnet/mbuf: provide KPI to serialize/restore m->m_pkthdr.rcvif

Supplement ifindex table with generation count and use it to
serialize & restore an ifnet pointer.

Reviewed by: kp
Differential revision: https://reviews.freebsd.org/D33266
Fun note: git show e6abef09187a

show more ...

ifnet: make if_index global

Now that ifindex is static to if.c we can unvirtualize it. For lifetime
of an ifnet its index never changes. To avoid leaking foreign interfaces
the net.link.generic.sy

ifnet: make if_index global

Now that ifindex is static to if.c we can unvirtualize it. For lifetime
of an ifnet its index never changes. To avoid leaking foreign interfaces
the net.link.generic.system.ifcount sysctl and the ifnet_byindex() KPI
filter their returned value on curvnet. Since if_vmove() no longer
changes the if_index, inline ifindex_alloc() and ifindex_free() into
if_alloc() and if_free() respectively.

API wise the only change is that now minimum interface index can be
greater than 1. The holes in interface indexes were always allowed.

Reviewed by: kp
Differential revision: https://reviews.freebsd.org/D33672

show more ...

if_vmove: improve restoration in cloner's ifgroup membership

* Do a single call into if_clone.c instead of two. The cloner
can't disappear since the interface sits on its list.
* Make restoration

if_vmove: improve restoration in cloner's ifgroup membership

* Do a single call into if_clone.c instead of two. The cloner
can't disappear since the interface sits on its list.
* Make restoration smarter - check that cloner with same name
exists in the new vnet.

Differential revision: https://reviews.freebsd.org/D33941

show more ...

Fix ifa refcount leak in ifa_ifwithnet()

In 4f6c66cc9c75c8, ifa_ifwithnet() was changed to no longer
ifa_ref() the returned ifaddr, and instead the caller was required
to stay in the net_epoch for a

Fix ifa refcount leak in ifa_ifwithnet()

In 4f6c66cc9c75c8, ifa_ifwithnet() was changed to no longer
ifa_ref() the returned ifaddr, and instead the caller was required
to stay in the net_epoch for as long as they wanted the ifaddr
to remain valid. However, this missed the case where an AF_LINK
lookup would call ifaddr_byindex(), which still does ifa_ref()
the ifaddr. This would cause a refcount leak.

Fix this by inlining the relevant parts of ifaddr_byindex() here,
with the ifa_ref() call removed. This also avoids an unnecessary
entry and exit from the net_epoch for this case.

I've audited all in-tree consumers of ifa_ifwithnet() that could
possibly perform an AF_LINK lookup and confirmed that none of them
will expect the ifaddr to have a reference that they need to
release.

MFC after: 2 months
Sponsored by: Dell Inc
Differential Revision: https://reviews.freebsd.org/D28705
Reviewed by: melifaro

show more ...

net/if.c: plug set-but-not-unused vars

Sponsored by: Rubicon Communications, LLC ("Netgate")

ifnet: make V_if_index static to if.c

This requires moving net.link.generic sysctl declaration from if_mib.c
to if.c. Ideally if_mib.c needs just to be merged to if.c, but they
have different licen

ifnet: make V_if_index static to if.c

This requires moving net.link.generic sysctl declaration from if_mib.c
to if.c. Ideally if_mib.c needs just to be merged to if.c, but they
have different license texts.

Differential revision: https://reviews.freebsd.org/D33263

show more ...

ifnet_byindex() actually requires network epoch

Sweep over potentially unsafe calls to ifnet_byindex() and wrap them
in epoch. Most of the code touched remains unsafe, as the returned
pointer is be

ifnet_byindex() actually requires network epoch

Sweep over potentially unsafe calls to ifnet_byindex() and wrap them
in epoch. Most of the code touched remains unsafe, as the returned
pointer is being used after epoch exit. Mark that with a comment.

Validate the index argument inside the function, reducing argument
validation requirement from the callers and making V_if_index
private to if.c.

Reviewed by: melifaro
Differential revision: https://reviews.freebsd.org/D33263

show more ...

ifnet: merge ifindex_alloc(), ifnet_setbyindex(), if_grow() and call magic

Now it is possible to just merge all this complexity into single
linear function. Note that IFNET_WLOCK() is a sleepable l

ifnet: merge ifindex_alloc(), ifnet_setbyindex(), if_grow() and call magic

Now it is possible to just merge all this complexity into single
linear function. Note that IFNET_WLOCK() is a sleepable lock, so
we can M_WAITOK and epoch_wait_preempt().

Reviewed by: melifaro, bz, kp
Differential revision: https://reviews.freebsd.org/D33262

show more ...

ifnet: initial if_grow() shall always succeed

So let's just call malloc() directly. This also avoids hidden
doubling of default V_if_indexlim.

Reviewed by: melifaro, bz, kp
Differential revision:

ifnet: initial if_grow() shall always succeed

So let's just call malloc() directly. This also avoids hidden
doubling of default V_if_indexlim.

Reviewed by: melifaro, bz, kp
Differential revision: https://reviews.freebsd.org/D33261

show more ...

ifnet: use ck_pr(3) store & load setting ifnet pointer in ifindex

The lockless access to the array is protected by the network epoch.

Reviewed by: bz, kp
Differential revision: https://reviews.fre

ifnet: use ck_pr(3) store & load setting ifnet pointer in ifindex

The lockless access to the array is protected by the network epoch.

Reviewed by: bz, kp
Differential revision: https://reviews.freebsd.org/D33260

show more ...

ifnet: allocate index at the end of if_alloc_domain()

Now that if_alloc_domain() never fails and actually doesn't
expose ifnet to outside we can eliminate IFNET_HOLD and two
step index allocation.

ifnet: allocate index at the end of if_alloc_domain()

Now that if_alloc_domain() never fails and actually doesn't
expose ifnet to outside we can eliminate IFNET_HOLD and two
step index allocation.

Reviewed by: kp
Differential revision: https://reviews.freebsd.org/D33259

show more ...