ng_bridge: allow to automatically assign numbers to new hooks

This will allow a userland machinery that orchestrates a bridge (e.g. a
jail or vm manager) to not double the number allocation logic.

ng_bridge: allow to automatically assign numbers to new hooks

This will allow a userland machinery that orchestrates a bridge (e.g. a
jail or vm manager) to not double the number allocation logic. See bug
278130 for longer description and examples.

Reviewed by: glebius, afedorov
Differential Revision: https://reviews.freebsd.org/D44615
PR: 278130

show more ...

sys: Remove $FreeBSD$: two-line .h pattern

Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/

ipfw: garbage collect ip_fw_chk_ptr

It is a relict left from the old times when ipfw(4) was hooked
into IP stack directly, without pfil(9).

netgraph: Remove the rethook parameter from NG_NODE_FOREACH_HOOK.

This parameter was set to the hook that terminated the iteration
early. However, none of the remaining callers used this argument a

netgraph: Remove the rethook parameter from NG_NODE_FOREACH_HOOK.

This parameter was set to the hook that terminated the iteration
early. However, none of the remaining callers used this argument and
it was always set to an otherwise-unused variable.

show more ...

ng_bridge: count item allocation failures as memory failures

Submitted by: Dmitry Luhtionov <dmitryluhtionov gmail.com>

ng_bridge: Use M_NOWAIT when allocating memory in the newhook routine

newhook can be invoked by ngthread, which runs in a network epoch
section and is thus not permitted to perform M_WAITOK allocati

ng_bridge: Use M_NOWAIT when allocating memory in the newhook routine

newhook can be invoked by ngthread, which runs in a network epoch
section and is thus not permitted to perform M_WAITOK allocations.

Reported by: Jenkins
Reviewed by: donner, afedorov
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31486

show more ...

netgraph/bridge: malloc without flags

During tests an assert was triggered and pointed to missing flags in
the newlink function of ng_bridge(4).

Reported by: markj
Reviewed by: markj
MFC after: 3 d

netgraph/bridge: malloc without flags

During tests an assert was triggered and pointed to missing flags in
the newlink function of ng_bridge(4).

Reported by: markj
Reviewed by: markj
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D30759

show more ...

netgraph/ng_bridge: Handle send errors during loop handling

If sending out a packet fails during the loop over all links, the
allocated memory is leaked and not all links receive a copy. This
patch

netgraph/ng_bridge: Handle send errors during loop handling

If sending out a packet fails during the loop over all links, the
allocated memory is leaked and not all links receive a copy. This
patch fixes those problems, clarifies a premature abort of the loop,
and fixes a minory style(9) bug.

PR: 255430
Submitted by: Dancho Penev
Tested by: Dancho Penev
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30008

show more ...

netgraph/ng_bridge: Avoid cache thrashing

Hint the compiler, that this update is needed at most once per second.
Only in this case the memory line needs to be written. This will
reduce the amount o

netgraph/ng_bridge: Avoid cache thrashing

Hint the compiler, that this update is needed at most once per second.
Only in this case the memory line needs to be written. This will
reduce the amount of cache trashing during forward of most frames.

Suggested by: zec
Approved by: zec
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D28601

show more ...

netgraph/ng_bridge: become SMP aware

The node ng_bridge underwent a lot of changes in the last few months.
All those steps were necessary to distinguish between structure
modifying and read-only dat

netgraph/ng_bridge: become SMP aware

The node ng_bridge underwent a lot of changes in the last few months.
All those steps were necessary to distinguish between structure
modifying and read-only data transport paths. Now it's done, the node
can perform frame forwarding on multiple cores in parallel.

MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D28123

show more ...

netgraph/ng_bridge: move MACs via control message

Use the new control message to move ethernet addresses from a link to
a new link in ng_bridge(4). Send this message instead of doing the
work direc

netgraph/ng_bridge: move MACs via control message

Use the new control message to move ethernet addresses from a link to
a new link in ng_bridge(4). Send this message instead of doing the
work directly requires to move the loop detection into the control
message processing. This will delay the loop detection by a few
frames.

This decouples the read-only activity from the modification under a
more strict writer lock.

Reviewed by: manpages (gbe)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D28559

show more ...

netgraph/ng_bridge: learn MACs via control message

Add a new control message to move ethernet addresses to a given link
in ng_bridge(4). Send this message instead of doing the work directly.
This de

netgraph/ng_bridge: learn MACs via control message

Add a new control message to move ethernet addresses to a given link
in ng_bridge(4). Send this message instead of doing the work directly.
This decouples the read-only activity from the modification under a
more strict writer lock.

Decoupling the work is a prerequisite for multithreaded operation.

Approved by: manpages (bcr), kp (earlier version)
MFC: 3 weeks
Differential Revision: https://reviews.freebsd.org/D28516

show more ...

netgraph/ng_bridge: Add counters for the first link, too

For broadcast, multicast and unknown unicast, the replication loop
sends a copy of the packet to each link, beside the first one. This
specia

netgraph/ng_bridge: Add counters for the first link, too

For broadcast, multicast and unknown unicast, the replication loop
sends a copy of the packet to each link, beside the first one. This
special path is handled later, but the counters are not updated.
Factor out the common send and count actions as a function.

Reviewed by: kp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D28537

show more ...

netgraph/ng_bridge: Document staleness in multithreaded operation

In the data path of ng_bridge(4), the only value of the host struct,
which needs to be modified, is the staleness, which is reset ev

netgraph/ng_bridge: Document staleness in multithreaded operation

In the data path of ng_bridge(4), the only value of the host struct,
which needs to be modified, is the staleness, which is reset every
time a frame is received. It's save to leave the code as it is.

This patch is part of a series to make ng_bridge(4) multithreaded.

Reviewed by: kp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D28546

show more ...

netgraph/ng_bridge: Merge internal structures

In a earlier version of ng_bridge(4) the exernal visible host entry
structure was a strict subset of the internal one. So internal view
was a direct an

netgraph/ng_bridge: Merge internal structures

In a earlier version of ng_bridge(4) the exernal visible host entry
structure was a strict subset of the internal one. So internal view
was a direct annotation of the external structure. This strict
inheritance was lost many versions ago. There is no need to
encapsulate a part of the internal represntation as a separate
structure.

This patch is a preparation to make the internal structure read only
in the data path in order to make ng_bridge(4) multithreaded.

Reviewed by: kp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D28545

show more ...

netgraph/ng_bridge: Make simple internal functions read-only

The data path in netgraph is designed to work on an read only state of
the whole netgraph network. Currently this is achived by conventi

netgraph/ng_bridge: Make simple internal functions read-only

The data path in netgraph is designed to work on an read only state of
the whole netgraph network. Currently this is achived by convention,
there is no technical enforcment. In the case of NETGRAPH_DEBUG all
nodes can be annotated for debugging purposes, so the strict
enforcment needs to be lifted for this purpose.

This patch is part of a series to make ng_bridge multithreaded, which
is done by rewrite the data path to operate on const.

Reviewed By: kp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D28141

show more ...

Revert "netgraph/ng_bridge: Make simple internal functions read-only"

Patch mass breaks LINT kernels.

This reverts commit bb67e52db143b699bdac1830717930b26a7b5766.

netgraph/ng_bridge: Make simple internal functions read-only

The data path in netgraph is designed to work on an read only state of
the whole netgraph network. Currently this is achived by convetio

netgraph/ng_bridge: Make simple internal functions read-only

The data path in netgraph is designed to work on an read only state of
the whole netgraph network. Currently this is achived by convetion,
there is no technical enforcment. This patch is part of a series to
make ng_brigde multithreaded, which is done by rewrite the data path
to const handling.

Reviewed By: kp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D28141

show more ...

netgraph/ng_bridge: Remove old table ABI

This was announced to happen after the 12 relases.
Remove a depeciated ABI.

The complete removal is for HEAD only. I'll remove the #define in
stable/13 as M

netgraph/ng_bridge: Remove old table ABI

This was announced to happen after the 12 relases.
Remove a depeciated ABI.

The complete removal is for HEAD only. I'll remove the #define in
stable/13 as MFC, so the code will still exist in 13.x, but will not
included by default. Earlier versions will not be affected.

Reviewed by: kp
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D28518

show more ...

netgraph/ng_bridge: switch stats to counter framework

This is the first patch of a series of necessary steps
to make ng_bridge(4) multithreaded.

Reviewed by: melifaro (network), afedorov
MFC after:

netgraph/ng_bridge: switch stats to counter framework

This is the first patch of a series of necessary steps
to make ng_bridge(4) multithreaded.

Reviewed by: melifaro (network), afedorov
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D28125

show more ...

netgraph/ng_bridge: Derive forwarding mode from first attached hook

Handling of unknown MACs on an bridge with incomplete learning
capabilites (aka uplink ports) can be defined in different ways.

T

netgraph/ng_bridge: Derive forwarding mode from first attached hook

Handling of unknown MACs on an bridge with incomplete learning
capabilites (aka uplink ports) can be defined in different ways.

The classical approach is to broadcast unicast frames send to an
unknown MAC, because the unknown devices can be everywhere. This mode
is default for ng_bridge(4).

In the case of dedicated uplink ports, which prohibit learning of MAC
addresses in order to save memory and CPU cycles, the broadcast
approach is dangerous. All traffic to the uplink port is broadcasted
to every downlink port, too. In this case, it's better to restrict the
distribution of frames to unknown MAC to the uplink ports only.

In order to keep the chance small and the handling as natural as
possible, the first attached link is used to determine the behaviour
of the bridge: If it is an "uplink" port, then the bridge switch from
classical mode to restricted mode.

Reviewed By: kp
Approved by: kp (mentor)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D28487

show more ...

netgraph/ng_bridge: Introduce "uplink" ports without MAC learning

The ng_bridge(4) node is designed to work in moderately small
environments. Connecting such a node to a larger network rapidly fills

netgraph/ng_bridge: Introduce "uplink" ports without MAC learning

The ng_bridge(4) node is designed to work in moderately small
environments. Connecting such a node to a larger network rapidly fills
the MAC table for no reason. It even become complicated to obtain data
from the gettable message, because the result is too large to
transmit.

This patch introduces, two new functionality bits on the hooks:
- Allow or disallow MAC address learning for incoming patckets.
- Allow or disallow sending unknown MACs through this hook.

Uplinks are characterized by denied learing while sending out
unknowns. Normal links are charaterized by allowed learning and
sending out unknowns.

Reviewed by: kp
Approved by: kp (mentor)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D23963

show more ...

net: clean up empty lines in .c and .h files

netgraph/ng_bridge: Reestablish old ABI

In order to be able to merge r353026 bring back support for the old
cookie API for a transition period in 12.x releases (and possibly 13)
before the old API c

netgraph/ng_bridge: Reestablish old ABI

In order to be able to merge r353026 bring back support for the old
cookie API for a transition period in 12.x releases (and possibly 13)
before the old API can be removed again entirely.

Suggested by: julian
Submitted by: Lutz Donnerhacke (lutz donnerhacke.de)
PR: 240787
Reviewed by: julian
MFC after: 2 weeks
X-MFC with: r353026
Differential Revision: https://reviews.freebsd.org/D21961

show more ...

Fix regression from r353026. Pointer was increased instead of value
pointed to.

PR: 241646
Submitted by: Aleksandr Fedorov <aleksandr.fedorov itglobal.com>