libalias: Add support for EIM NAT

Add support for endpoint-independent mapping ("full cone NAT") in
Libalias's UDP NAT.

This conforms to RFC 4787 requirements 1 and 3. All UDP packets sent out from

libalias: Add support for EIM NAT

Add support for endpoint-independent mapping ("full cone NAT") in
Libalias's UDP NAT.

This conforms to RFC 4787 requirements 1 and 3. All UDP packets sent out from a
particular internal address:port leave via the same NAT address:port,
regardless of their destination.

Add some libalias tests and supporting defines.

Reviewed by: igoro, thj
Differential Revision: https://reviews.freebsd.org/D46689D

show more ...

sys: Remove $FreeBSD$: two-line .h pattern

Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix

show more ...

libalias: Switch to efficient data structure for incoming traffic

Current data structure is using a hash of unordered lists. Those
unordered lists are quite efficient, because the least recently
in

libalias: Switch to efficient data structure for incoming traffic

Current data structure is using a hash of unordered lists. Those
unordered lists are quite efficient, because the least recently
inserted entries are most likely to be used again. In order to avoid
long search times in other cases, the lists are hashed into many
buckets. Unfortunatly a search for a miss needs an exhaustive
inspection and a careful definition of the hash.

Splay trees offer a similar feature: Almost O(1) for access of the
least recently used entries, and amortized O(ln(n)) for almost all
other cases. Get rid of the hash.

Now the data structure should able to quickly react to external
packets without eating CPU cycles for breakfast, preventing a DoS.

PR: 192888
Discussed with: Dimitry Luhtionov
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30536

show more ...

libalias: Switch to efficient data structure for outgoing traffic

Current data structure is using a hash of unordered lists. Those
unordered lists are quite efficient, because the least recently
in

libalias: Switch to efficient data structure for outgoing traffic

Current data structure is using a hash of unordered lists. Those
unordered lists are quite efficient, because the least recently
inserted entries are most likely to be used again. In order to avoid
long search times in other cases, the lists are hashed into many
buckets. Unfortunatly a search for a miss needs an exhaustive
inspection and a careful definition of the hash.

Splay trees offer a similar feature - almost O(1) for access of the
least recently used entries), and amortized O(ln(n) - for almost all
other cases. Get rid of the hash.

Discussed with: Dimitry Luhtionov
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30516

show more ...

libalias: Restructure - Remove temporary state deleteAllLinks from global struct

The entry deleteAllLinks in the struct libalias is only used to signal
a state between internal calls. It's not used

libalias: Restructure - Remove temporary state deleteAllLinks from global struct

The entry deleteAllLinks in the struct libalias is only used to signal
a state between internal calls. It's not used between API calls.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30604

show more ...

libalias: Restructure - Table for PPTP

Let PPTP use its own data structure.
Regroup and rename other lists, which are not PPTP.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/

libalias: Restructure - Table for PPTP

Let PPTP use its own data structure.
Regroup and rename other lists, which are not PPTP.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30580

show more ...

libalias: Restructure - Group incoming links

Reorder incoming links by grouping of common search terms.
Significant performance improvement for incoming (missing) flows.

Remove LSNAT from outgoing

libalias: Restructure - Group incoming links

Reorder incoming links by grouping of common search terms.
Significant performance improvement for incoming (missing) flows.

Remove LSNAT from outgoing search.
Slight speedup due to less comparsions in the loop.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30574

show more ...

libalias: Restructure - Table for partially links

Separate the partially specified links into a separate data structure.

This would causes a major parformance impact, if there are many of
them. Us

libalias: Restructure - Table for partially links

Separate the partially specified links into a separate data structure.

This would causes a major parformance impact, if there are many of
them. Use a (smaller) hash table to speed up the partially link
access.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30570

show more ...

libalias: Promote per instance global variable timeStamp

Summary:
- Use LibAliasTime as a real global variable for central timekeeping.
- Reduce number of syscalls in user space considerably.
- Dyna

libalias: Promote per instance global variable timeStamp

Summary:
- Use LibAliasTime as a real global variable for central timekeeping.
- Reduce number of syscalls in user space considerably.
- Dynamically adjust the packet counters to match the second resolution.
- Only check the first few packets after a time increase for expiry.

Discussed with: hselasky
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30566

show more ...

libalias: Stats are unsigned

Stats counters are used as unsigned valued (i.e. printf("%u")) but are
defined as signed int. This causes trouble later, so fix it early.

MFC after: 1 week
Differentia

libalias: Stats are unsigned

Stats counters are used as unsigned valued (i.e. printf("%u")) but are
defined as signed int. This causes trouble later, so fix it early.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30587

show more ...

libalias: tidy up housekeeping

Replace current expensive, but sparsly called housekeeping
by a single, repetive action.

This is part of a larger restructure of libalias in order to switch to
more e

libalias: tidy up housekeeping

Replace current expensive, but sparsly called housekeeping
by a single, repetive action.

This is part of a larger restructure of libalias in order to switch to
more efficient data structures. The whole restructure process is
split into 15 reviews to ease reviewing. All those steps will be
squashed into a single commit for MFC in order to hide the
intermediate states from production systems.

Reviewed by: hselasky
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30277

show more ...

libalias: Remove unused function LibAliasCheckNewLink

The functionality to detect a newly created link after processing a
single packet is decoupled from the packet processing. Every new
packet is

libalias: Remove unused function LibAliasCheckNewLink

The functionality to detect a newly created link after processing a
single packet is decoupled from the packet processing. Every new
packet is processed asynchronously and will reset the indicator, hence
the function is unusable. I made a Google search for third party code,
which uses the function, and failed to find one.

That's why the function should be removed: It unusable and unused.
A much simplified API/ABI will remain in anything below 14.

Discussed with: kp
Reviewed by: manpages (bcr)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30275

show more ...

libalias: replace placeholder with static constant

The field nullAddress in struct libalias is never set and never used.
It exists as a placeholder for an unused argument only.

Reviewed by: hselask

libalias: replace placeholder with static constant

The field nullAddress in struct libalias is never set and never used.
It exists as a placeholder for an unused argument only.

Reviewed by: hselasky
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D30253

show more ...

libalias: Style cleanup

libalias is a convolut of various coding styles modified by a series
of different editors enforcing interesting convetions on spacing and
comments.

This patch is a baseline

libalias: Style cleanup

libalias is a convolut of various coding styles modified by a series
of different editors enforcing interesting convetions on spacing and
comments.

This patch is a baseline to start with a perfomance rework of
libalias. Upcoming patches should be focus on the code, not on the
style. That's why most annoying style errors should be fixed
beforehand.

Reviewed by: hselasky
Discussed by: emaste
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D30259

show more ...

Allow setting alias port ranges in libalias and ipfw. This will allow a system
to be a true RFC 6598 NAT444 setup, where each network segment (e.g. user,
subnet) can have their own dedicated port ali

Allow setting alias port ranges in libalias and ipfw. This will allow a system
to be a true RFC 6598 NAT444 setup, where each network segment (e.g. user,
subnet) can have their own dedicated port aliasing ranges.

Reviewed by: donner, kp
Approved by: 0mp (mentor), donner, kp
Differential Revision: https://reviews.freebsd.org/D23450

show more ...

libalias: Fix -Wcast-align compiler warnings

This fixes -Wcast-align warnings caused by the underaligned `struct ip`.
This also silences them in the public functions by changing the function
signatu

libalias: Fix -Wcast-align compiler warnings

This fixes -Wcast-align warnings caused by the underaligned `struct ip`.
This also silences them in the public functions by changing the function
signature from char * to void *. This is source and binary compatible and
avoids the -Wcast-align warning.

Reviewed By: ae, gbe (manpages)
Differential Revision: https://reviews.freebsd.org/D27882

show more ...

net: clean up empty lines in .c and .h files

sys: general adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
pro

sys: general adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.

show more ...

Merge ^/head r313644 through r313895.

Use inet_ntoa_r() instead of inet_ntoa() throughout the kernel

inet_ntoa() cannot be used safely in a multithreaded environment
because it uses a static local buffer. Instead, use inet_ntoa_r()
with

Use inet_ntoa_r() instead of inet_ntoa() throughout the kernel

inet_ntoa() cannot be used safely in a multithreaded environment
because it uses a static local buffer. Instead, use inet_ntoa_r()
with a buffer on the caller's stack.

Suggested by: glebius, emaste
Reviewed by: gnn
MFC after: 2 weeks
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D9625

show more ...

sys/net*: minor spelling fixes.

No functional change.

Integrate from Head into ZFSD feature branch as of revision r224141.

IFC @ r223696 to pick up dfr's userboot

MFC