Parent Directory
| 
Revision Log
| Links to HEAD: | (view) (download) (annotate) |
| Sticky Revision: |
Ensure consistent error messages from ifconfig(8). If multiple threads are invoking "ifconfig XXX create" a race may occur which can lead to two different error messages for the same error. a) ifconfig: SIOCIFCREATE2: File exists b) ifconfig: interface XXX already exists This patch ensures ifconfig prints the same error code for the same case. Reviewed by: imp@ and kib@ Differential Revision: https://reviews.freebsd.org/D27380 MFC after: 1 week Sponsored by: Mellanox Technologies // NVIDIA Networking
Support hardware rate limiting (pacing) with TLS offload. - Add a new send tag type for a send tag that supports both rate limiting (packet pacing) and TLS offload (mostly similar to D22669 but adds a separate structure when allocating the new tag type). - When allocating a send tag for TLS offload, check to see if the connection already has a pacing rate. If so, allocate a tag that supports both rate limiting and TLS offload rather than a plain TLS offload tag. - When setting an initial rate on an existing ifnet KTLS connection, set the rate in the TCP control block inp and then reset the TLS send tag (via ktls_output_eagain) to reallocate a TLS + ratelimit send tag. This allocates the TLS send tag asynchronously from a task queue, so the TLS rate limit tag alloc is always sleepable. - When modifying a rate on a connection using KTLS, look for a TLS send tag. If the send tag is only a plain TLS send tag, assume we failed to allocate a TLS ratelimit tag (either during the TCP_TXTLS_ENABLE socket option, or during the send tag reset triggered by ktls_output_eagain) and ignore the new rate. If the send tag is a ratelimit TLS send tag, change the rate on the TLS tag and leave the inp tag alone. - Lock the inp lock when setting sb_tls_info for a socket send buffer so that the routines in tcp_ratelimit can safely dereference the pointer without needing to grab the socket buffer lock. - Add an IFCAP_TXTLS_RTLMT capability flag and associated administrative controls in ifconfig(8). TLS rate limit tags are only allocated if this capability is enabled. Note that TLS offload (whether unlimited or rate limited) always requires IFCAP_TXTLS[46]. Reviewed by: gallatin, hselasky Relnotes: yes Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D26691
Add two new ifnet capabilities for hw checksumming and TSO for VXLAN traffic. These are similar to the existing VLAN capabilities. Reviewed by: kib@ Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D25873
ifconfig(8): plug memory leak after r361790 by me. MFC after: 3 days
ifconfig(8): make it possible to filter output by interface group. Now options -g/-G allow to select/unselect interfaces by groups in the "ifconfig -a" output just like already existing -d/-u. Examples: to exclude loopback from the list: ifconfig -a -G lo to show vlan interfaces only: ifconfig -a -g vlan to show tap interfaces that are up: ifconfig -aug tap Arguments to -g/-G may be shell patterns and both may be specified. Later options -g/-G override previous ones. MFC after: 2 weeks Relnotes: yes Differential Revision: https://reviews.freebsd.org/D25029
Add kernel-side support for in-kernel TLS. KTLS adds support for in-kernel framing and encryption of Transport Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports offload of TLS for transmitted data. Key negotation must still be performed in userland. Once completed, transmit session keys for a connection are provided to the kernel via a new TCP_TXTLS_ENABLE socket option. All subsequent data transmitted on the socket is placed into TLS frames and encrypted using the supplied keys. Any data written to a KTLS-enabled socket via write(2), aio_write(2), or sendfile(2) is assumed to be application data and is encoded in TLS frames with an application data type. Individual records can be sent with a custom type (e.g. handshake messages) via sendmsg(2) with a new control message (TLS_SET_RECORD_TYPE) specifying the record type. At present, rekeying is not supported though the in-kernel framework should support rekeying. KTLS makes use of the recently added unmapped mbufs to store TLS frames in the socket buffer. Each TLS frame is described by a single ext_pgs mbuf. The ext_pgs structure contains the header of the TLS record (and trailer for encrypted records) as well as references to the associated TLS session. KTLS supports two primary methods of encrypting TLS frames: software TLS and ifnet TLS. Software TLS marks mbufs holding socket data as not ready via M_NOTREADY similar to sendfile(2) when TLS framing information is added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then called to schedule TLS frames for encryption. In the case of sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving the mbufs marked M_NOTREADY until encryption is completed. For other writes (vn_sendfile when pages are available, write(2), etc.), the PRUS_NOTREADY is set when invoking pru_send() along with invoking ktls_enqueue(). A pool of worker threads (the "KTLS" kernel process) encrypts TLS frames queued via ktls_enqueue(). Each TLS frame is temporarily mapped using the direct map and passed to a software encryption backend to perform the actual encryption. (Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if someone wished to make this work on architectures without a direct map.) KTLS supports pluggable software encryption backends. Internally, Netflix uses proprietary pure-software backends. This commit includes a simple backend in a new ktls_ocf.ko module that uses the kernel's OpenCrypto framework to provide AES-GCM encryption of TLS frames. As a result, software TLS is now a bit of a misnomer as it can make use of hardware crypto accelerators. Once software encryption has finished, the TLS frame mbufs are marked ready via pru_ready(). At this point, the encrypted data appears as regular payload to the TCP stack stored in unmapped mbufs. ifnet TLS permits a NIC to offload the TLS encryption and TCP segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS) is allocated on the interface a socket is routed over and associated with a TLS session. TLS records for a TLS session using ifnet TLS are not marked M_NOTREADY but are passed down the stack unencrypted. The ip_output_send() and ip6_output_send() helper functions that apply send tags to outbound IP packets verify that the send tag of the TLS record matches the outbound interface. If so, the packet is tagged with the TLS send tag and sent to the interface. The NIC device driver must recognize packets with the TLS send tag and schedule them for TLS encryption and TCP segmentation. If the the outbound interface does not match the interface in the TLS send tag, the packet is dropped. In addition, a task is scheduled to refresh the TLS send tag for the TLS session. If a new TLS send tag cannot be allocated, the connection is dropped. If a new TLS send tag is allocated, however, subsequent packets will be tagged with the correct TLS send tag. (This latter case has been tested by configuring both ports of a Chelsio T6 in a lagg and failing over from one port to another. As the connections migrated to the new port, new TLS send tags were allocated for the new port and connections resumed without being dropped.) ifnet TLS can be enabled and disabled on supported network interfaces via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported across both vlan devices and lagg interfaces using failover, lacp with flowid enabled, or lacp with flowid enabled. Applications may request the current KTLS mode of a connection via a new TCP_TXTLS_MODE socket option. They can also use this socket option to toggle between software and ifnet TLS modes. In addition, a testing tool is available in tools/tools/switch_tls. This is modeled on tcpdrop and uses similar syntax. However, instead of dropping connections, -s is used to force KTLS connections to switch to software TLS and -i is used to switch to ifnet TLS. Various sysctls and counters are available under the kern.ipc.tls sysctl node. The kern.ipc.tls.enable node must be set to true to enable KTLS (it is off by default). The use of unmapped mbufs must also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS. KTLS is enabled via the KERN_TLS kernel option. This patch is the culmination of years of work by several folks including Scott Long and Randall Stewart for the original design and implementation; Drew Gallatin for several optimizations including the use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records awaiting software encryption, and pluggable software crypto backends; and John Baldwin for modifications to support hardware TLS offload. Reviewed by: gallatin, hselasky, rrs Obtained from: Netflix Sponsored by: Netflix, Chelsio Communications Differential Revision: https://reviews.freebsd.org/D21277
Add an external mbuf buffer type that holds multiple unmapped pages. Unmapped mbufs allow sendfile to carry multiple pages of data in a single mbuf, without mapping those pages. It is a requirement for Netflix's in-kernel TLS, and provides a 5-10% CPU savings on heavy web serving workloads when used by sendfile, due to effectively compressing socket buffers by an order of magnitude, and hence reducing cache misses. For this new external mbuf buffer type (EXT_PGS), the ext_buf pointer now points to a struct mbuf_ext_pgs structure instead of a data buffer. This structure contains an array of physical addresses (this reduces cache misses compared to an earlier version that stored an array of vm_page_t pointers). It also stores additional fields needed for in-kernel TLS such as the TLS header and trailer data that are currently unused. To more easily detect these mbufs, the M_NOMAP flag is set in m_flags in addition to M_EXT. Various functions like m_copydata() have been updated to safely access packet contents (using uiomove_fromphys()), to make things like BPF safe. NIC drivers advertise support for unmapped mbufs on transmit via a new IFCAP_NOMAP capability. This capability can be toggled via the new 'nomap' and '-nomap' ifconfig(8) commands. For NIC drivers that only transmit packet contents via DMA and use bus_dma, adding the capability to if_capabilities and if_capenable should be all that is required. If a NIC does not support unmapped mbufs, they are converted to a chain of mapped mbufs (using sf_bufs to provide the mapping) in ip_output or ip6_output. If an unmapped mbuf requires software checksums, it is also converted to a chain of mapped mbufs before computing the checksum. Submitted by: gallatin (earlier version) Reviewed by: gallatin, hselasky, rrs Discussed with: ae, kp (firewalls) Relnotes: yes Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D20616
ifconfig(8): Add kld mappings for ipsec/enc Additionally, providing mappings makes the comparison for already loaded modules a little more strict. This should have been done at initial introduction, but there was no real reason- however, it proves necessary for enc which has a standard enc -> if_enc mapping but there also exists an 'enc' module that's actually CAM. The mapping lets us unambiguously determine the correct module. Discussed with: ae MFC after: 4 days
ifconfig(8): Partial revert of r347241 r347241 introduced an ifname <-> kld mapping table, mostly so tun/tap/vmnet can autoload the correct module on use. It also inadvertently made bogus some previously valid uses of sizeof(). Revert back to ifkind on the stack for simplicity sake. This reduces the diff from the previous version of ifmaybeload for easiser auditing.
tun/tap: merge and rename to `tuntap` tun(4) and tap(4) share the same general management interface and have a lot in common. Bugs exist in tap(4) that have been fixed in tun(4), and vice-versa. Let's reduce the maintenance requirements by merging them together and using flags to differentiate between the three interface types (tun, tap, vmnet). This fixes a couple of tap(4)/vmnet(4) issues right out of the gate: - tap devices may no longer be destroyed while they're open [0] - VIMAGE issues already addressed in tun by kp [0] emaste had removed an easy-panic-button in r240938 due to devdrn blocking. A naive glance over this leads me to believe that this isn't quite complete -- destroy_devl will only block while executing d_* functions, but doesn't block the device from being destroyed while a process has it open. The latter is the intent of the condvar in tun, so this is "fixed" (for certain definitions of the word -- it wasn't really broken in tap, it just wasn't quite ideal). ifconfig(8) also grew the ability to map an interface name to a kld, so that `ifconfig {tun,tap}0` can continue to autoload the correct module, and `ifconfig vmnet0 create` will now autoload the correct module. This is a low overhead addition. (MFC commentary) This may get MFC'd if many bugs in tun(4)/tap(4) are discovered after this, and how critical they are. Changes after this are likely easily MFC'd without taking this merge, but the merge will be easier. I have no plans to do this MFC as of now. Reviewed by: bcr (manpages), tuexen (testing, syzkaller/packetdrill) Input also from: melifaro Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20044
ifconfig: eliminate trailing whitespace Eliminate trailing whitespace on inet, inet6, and groups lines. I think the "list txpower" command will still show some, but I'm not able to test that. PR: 153731 Reported-by: Nikolay Denev <ndenev@gmail.com> MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D19004
Speed up non-status operations applied to a single interface When performing a non-status operation on a single interface, it is not necessary for ifconfig to build a list of all addresses in the system, sort them, then iterate through them looking for the entry for the single interface of interest. Doing so becomes increasingly expensive as the number of interfaces in the system grows (e.g., in a system with 1000+ vlan(4) interfaces). Reviewed by: ae, kp MFC after: 1 week Sponsored by: RG Nets Differential Revision: https://reviews.freebsd.org/D18919
Fix grammar. Reported by: yuripv MFC after: 3 weeks
Do not allow use `create` keyword as hostname when ifconfig(8) is invoked for already existing interface. It appeared, that ifconfig(8) assumes `create` keyword as hostname and tries to resolve it, when `ifconfig ifname create` invoked for already existing interface. This can produce some unexpected results, when hostname resolving has successfully happened. This patch adds check for such case. When an interface is already exists, and create is only one argument, return error message. But when there are some other arguments, just remove create keyword from the arguments list. Obtained from: Yandex LLC MFC after: 3 weeks Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D17171
ifconfig: Fix use of _Noreturn. The _Noreturn is a function-specifier (like inline) which must preceed the declarator. Submitted by: Sebastian Huber <sebastian.huber@embedded-brains.de> MFC after: 1 week
Make the name of option that toggles IFCAP_HWRXTSTMP capability to match the name of this capability. It was added recently and is not merged to stable branch, so I hope it is not too late to change the name. Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D15475
Make lagg creation more fault tolerant - Warn, don't exit, when SIOCSLAGGPORT returns an error. When we exit with an error during lagg creation, a single failed NIC (which no longer attaches) can prevent lagg creation and other configuration, such as adding an IPv4 address, and thus leave a machine unreachable. - Preserve non-EEXISTS errors for exit status from SIOCSLAGGPORT, in case scripts are looking for it. Hopefully this can be extended if other parts of ifconfig can allow a "soft" failure. - Improve the warning message to mention what lagg and what member are problematic. Reviewed by: jtl, glebius Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D15046
Allow to specify PCP on packets not belonging to any VLAN. According to 802.1Q-2014, VLAN tagged packets with VLAN id 0 should be considered as untagged, and only PCP and DEI values from the VLAN tag are meaningful. See for instance https://www.cisco.com/c/en/us/td/docs/switches/connectedgrid/cg-switch-sw-master/software/configuration/guide/vlan0/b_vlan_0.html. Make it possible to specify PCP value for outgoing packets on an ethernet interface. When PCP is supplied, the tag is appended, VLAN id set to 0, and PCP is filled by the supplied value. The code to do VLAN tag encapsulation is refactored from the if_vlan.c and moved into if_ethersubr.c. Drivers might have issues with filtering VID 0 packets on receive. This bug should be fixed for each driver. Reviewed by: ae (previous version), hselasky, melifaro Sponsored by: Mellanox Technologies MFC after: 2 weeks Differential revision: https://reviews.freebsd.org/D14702
General further adoption of SPDX licensing ID tags. Mainly focus on files that use BSD 3-Clause license. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. Special thanks to Wind River for providing access to "The Duke of Highlander" tool: an older (2014) run over FreeBSD tree was useful as a starting point.
Add a place for a driver to report rx timestamps in nanoseconds from boot for the received packets. The rcv_tstmp field overlaps the place of Ln header length indicators, not used by received packets. The basic pkthdr rearrangement change in sys/mbuf.h was provided by gallatin. There are two accompanying M_ flags: M_TSTMP means that there is the timestamp (and it was generated by hardware). Another flag M_TSTMP_HPREC indicates that the timestamp is high-precision. Practically M_TSTMP_HPREC means that hardware provided additional precision comparing with the stamps when the flag is not set. E.g., for ConnectX all packets are stamped by hardware when PCIe transaction to write out the completion descriptor is performed, but PTP packet are stamped on port. For Intel cards, when PTP assist is enabled, only PTP packets are stamped in the limited number of registers, so if Intel cards ever start support this mechanism, they would always set M_TSTMP | M_TSTMP_HPREC if hardware timestamp is present for the given packet. Add IFCAP_HWRXTSTMP interface capability to indicate the support for hardware rx timestamping, and ifconfig(8) command to toggle it. Based on the patch by: gallatin Reviewed by: gallatin (previous version), hselasky Sponsored by: Mellanox Technologies MFC after: 2 weeks (? mbuf KBI issue) X-Differential revision: https://reviews.freebsd.org/D12638
Add missing parenthesis on error message Approved by: loos MFC after: 3 days Sponsored by: Rubicon Communications, LLC (Netgate)
Unbreak ifconfig for mlx4en(4) after r317755 ifconfig doesn't correctly infer mlx interfaces' module names, so it will attempt to load the mlx(4) module even when not necessary. Reported by: rstone MFC after: 3 weeks X-MFC-With: 317755 Sponsored by: Spectra Logic Corp
Various Coverity fixes in ifconfig(8) * Exit early if kldload(2) fails (1011259). This is the only change that affects ifconfig's behavior. * Close memory and resource leaks (1305624, 1305205, 1007100) * Mark usage() as _Noreturn (1305806, 1305750) * Fix some dereference after null checks (1011474, 270774) Reported by: Coverity CID: 1305624, 1305205, 1007100, 1305806, 1305750, 1011474, CID: 270774, 1011259 Reviewed by: cem MFC after: 3 weeks Sponsored by: Spectra Logic Corp Differential Revision: https://reviews.freebsd.org/D10587
Renumber copyright clause 4 Renumber cluase 4 to 3, per what everybody else did when BSD granted them permission to remove clause 3. My insistance on keeping the same numbering for legal reasons is too pedantic, so give up on that point. Submitted by: Jan Schaumann <jschauma@stevens.edu> Pull Request: https://github.com/freebsd/freebsd/pull/96
Implement kernel support for hardware rate limited sockets. - Add RATELIMIT kernel configuration keyword which must be set to enable the new functionality. - Add support for hardware driven, Receive Side Scaling, RSS aware, rate limited sendqueues and expose the functionality through the already established SO_MAX_PACING_RATE setsockopt(). The API support rates in the range from 1 to 4Gbytes/s which are suitable for regular TCP and UDP streams. The setsockopt(2) manual page has been updated. - Add rate limit function callback API to "struct ifnet" which supports the following operations: if_snd_tag_alloc(), if_snd_tag_modify(), if_snd_tag_query() and if_snd_tag_free(). - Add support to ifconfig to view, set and clear the IFCAP_TXRTLMT flag, which tells if a network driver supports rate limiting or not. - This patch also adds support for rate limiting through VLAN and LAGG intermediate network devices. - How rate limiting works: 1) The userspace application calls setsockopt() after accepting or making a new connection to set the rate which is then stored in the socket structure in the kernel. Later on when packets are transmitted a check is made in the transmit path for rate changes. A rate change implies a non-blocking ifp->if_snd_tag_alloc() call will be made to the destination network interface, which then sets up a custom sendqueue with the given rate limitation parameter. A "struct m_snd_tag" pointer is returned which serves as a "snd_tag" hint in the m_pkthdr for the subsequently transmitted mbufs. 2) When the network driver sees the "m->m_pkthdr.snd_tag" different from NULL, it will move the packets into a designated rate limited sendqueue given by the snd_tag pointer. It is up to the individual drivers how the rate limited traffic will be rate limited. 3) Route changes are detected by the NIC drivers in the ifp->if_transmit() routine when the ifnet pointer in the incoming snd_tag mismatches the one of the network interface. The network adapter frees the mbuf and returns EAGAIN which causes the ip_output() to release and clear the send tag. Upon next ip_output() a new "snd_tag" will be tried allocated. 4) When the PCB is detached the custom sendqueue will be released by a non-blocking ifp->if_snd_tag_free() call to the currently bound network interface. Reviewed by: wblock (manpages), adrian, gallatin, scottl (network) Differential Revision: https://reviews.freebsd.org/D3687 Sponsored by: Mellanox Technologies MFC after: 3 months
Address feedback from hrs@ re: r301059 (ifconfig subnet mask) - Use NI_MAXHOST to size buffers for getnameinfo() - remove non-standard 'full' inet6 address printing - remove 'no scope' option - use strchr(3) to optimize replacing separator character in lladdrs Reviewed by: gnn, jhb Differential Revision: https://reviews.freebsd.org/D2856
ifconfig(8) now supports some output formatting options specified by the -f flag or IFCONFIG_FORMAT environment variable, the user can request that inet4 subnet masks be printed in CIDR or dotted-quad notation, in addition to the traditional hex output. inet6 prefixes can be printed in CIDR as well. For more documentation see the ifconfig(8) man page. PR: 169072 Requested by: seanc, marcel, brd, many others Reviewed by: gnn, jhb (earlier version) Relnotes: yes Sponsored by: ScaleEngine Inc. Differential Revision: https://reviews.freebsd.org/D2856
Use strlcpy() instead of strncpy() when copying ifname to ensure that it is NUL terminated. Additional NUL padding is not required for short names. Use sizeof(destination) in a few places instead of IFNAMSIZ. Cast afp->af_ridreq and afp->af_addreq to make the intent of the code more obvious. Reported by: Coverity CID: 1009628, 1009630, 1009631, 1009632, 1009633, 1009635, 1009638 CID: 1009639, 1009640, 1009641, 1009642, 1009643, 1009644, 1009645 CID: 1009646, 1009647, 1010049, 1010050, 1010051, 1010052, 1010053 CID: 1010054, 1011293, 1011294, 1011295, 1011296, 1011297, 1011298 CID: 1011299, 1305821, 1351720, 1351721 MFC after: 1 week
ifconfig(8): can't use 'name' or 'description' when creating interface with auto numbering If one does 'ifconfig tap create name blah', it will return error because the 'name' command doesn't properly populate the request sent to ioctl(...). The 'description' command has the same bug, and is also fixed with this patch. If one does 'ifconfig tap create mtu 9000 name blah', it DOES work, but 'tap0' (or other sequence number) is echoed, instead of the expected 'blah'. (assuming the name change actually succeeded) Submitted by: Marie Helene Kvello-Aune <marieheleneka@gmail.com> Differential Revision: https://reviews.freebsd.org/D5341
Replace N #defines with nitems to simplify ifconfig code slightly MFC after: 1 week
Make ifconfig always exit with an error code if an important ioctl fails PR: 203062 Arm Twisting by: Kristof Provost Reviewed by: kp Approved by: bapt (mentor) MFC after: 2 weeks Relnotes: yes Sponsored by: ScaleEngine Inc. Sponsored by: vBSDCon Differential Revision: https://reviews.freebsd.org/D3644
Stop including if_var.h from userland. Sponsored by: Nginx, Inc.
Simplify string mangling in ifmaybeload(). - Use strlcpy() instead of strcpy(). - Use strlcat() instead of a strlcpy() with a magic number subtracted from the length. - Replace strncmp(..., strlen(foo) + 1) with strcmp(...). Differential Revision: https://reviews.freebsd.org/D1814 Reviewed by: rpaulo MFC after: 2 weeks
Revert the change of flowid output format. [1] Reverse the sorting order of the interfaces addresses familise so it should be the same as getifaddrs(3) order. [2] Suggested by: hrs [1], bz [2] Approved by: hrs, bapt
Style(9) fixes. Approved by: bapt, ae X-MFC-With: r278080
Reorganize the list of addresses associated with an interface and group them based on the address family. This should help to recognize interfaces with multiple AF (e.g. ipv4 and ipv6) with many aliases or additional addresses. The order of addresses inside a single group is strictly preserved. Improve the scope_id output for AF_INET6 families, as the current approach uses hexadecimal string that is basically the ID of an interface, whilst this information is already depicted by getnameinfo(3) call. Therefore, now ifconfig just prints the scope of address as it is defined in 2.4 of RFC 2373. PR: 197270 Approved by: bapt MFC after: 2 weeks
Revert r272390. Pointed out by: glebius
Add IFCAP_HWSTATS.
Add support for reading i2c SFP/SFP+ data from NIC driver and presenting most interesting fields via ifconfig -v. This version supports Intel ixgbe driver only. Tested on: Cisco,Intel,Mellanox,ModuleTech,Molex transceivers MFC after: 2 weeks
Fix a typo in a comment: s/interprete/interpret/ Submitted by: Sam Fourman Jr. MFC after: 3 days Sponsored by: The FreeBSD Foundation
Remove IPX support. IPX was a network transport protocol in Novell's NetWare network operating system from late 80s and then 90s. The NetWare itself switched to TCP/IP as default transport in 1998. Later, in this century the Novell Open Enterprise Server became successor of Novell NetWare. The last release that claimed to still support IPX was OES 2 in 2007. Routing equipment vendors (e.g. Cisco) discontinued support for IPX in 2011. Thus, IPX won't be supported in FreeBSD 11.0-RELEASE.
Axe IFF_SMART. Submitted by: pluknet
Fix socket calls on error post-r243965. Submitted by: Garrett Cooper
- Updated TOE support in the kernel. - Stateful TCP offload drivers for Terminator 3 and 4 (T3 and T4) ASICs. These are available as t3_tom and t4_tom modules that augment cxgb(4) and cxgbe(4) respectively. The cxgb/cxgbe drivers continue to work as usual with or without these extra features. - iWARP driver for Terminator 3 ASIC (kernel verbs). T4 iWARP in the works and will follow soon. Build-tested with make universe. 30s overview ============ What interfaces support TCP offload? Look for TOE4 and/or TOE6 in the capabilities of an interface: # ifconfig -m | grep TOE Enable/disable TCP offload on an interface (just like any other ifnet capability): # ifconfig cxgbe0 toe # ifconfig cxgbe0 -toe Which connections are offloaded? Look for toe4 and/or toe6 in the output of netstat and sockstat: # netstat -np tcp | grep toe # sockstat -46c | grep toe Reviewed by: bz, gnn Sponsored by: Chelsio communications. MFC after: ~3 months (after 9.1, and after ensuring MFC is feasible)
Removed the IFCAP_ prefix when printing the IPv6 checksum capabilities. Submitted by: dim MFC after: 3 days
It turns out that too many drivers are not only parsing the L2/3/4 headers for TSO but also for generic checksum offloading. Ideally we would only have one common function shared amongst all drivers, and perhaps when updating them for IPv6 we should introduce that. Eventually we should provide the meta information along with mbufs to avoid (re-)parsing entirely. To not break IPv6 (checksums and offload) and to be able to MFC the changes without risking to hurt 3rd party drivers, duplicate the v4 framework, as other OSes have done as well. Introduce interface capability flags for TX/RX checksum offload with IPv6, to allow independent toggling (where possible). Add CSUM_*_IPV6 flags for UDP/TCP over IPv6, and reserve further for SCTP, and IPv6 fragmentation. Define CSUM_DELAY_DATA_IPV6 as we do for legacy IP and add an alias for CSUM_DATA_VALID_IPV6. This pretty much brings IPv6 handling in line with IPv4. TSO is still handled in a different way and not via if_hwassist. Update ifconfig to allow (un)setting of the new capability flags. Update loopback to announce the new capabilities and if_hwassist flags. Individual driver updates will have to follow, as will SCTP. Reported by: gallatin, dim, .. Reviewed by: gallatin (glanced at?) MFC after: 3 days X-MFC with: r235961,235959,235958
MFp4 bz_ipv6_fast: Allow tso4 and tso6 be set individually given we have the bits. This will help with drivers not working as expected during the transition time and later. Sponsored by: The FreeBSD Foundation Sponsored by: iXsystems Reviewed by: gnn MFC After: 1 week
Disable jail support in ifconfig when either building a rescue image or MK_JAIL knob has been set to "no". Reviewed by: bz Approved by: adrian (mentor)
A major overhaul of the CARP implementation. The ip_carp.c was started from scratch, copying needed functionality from the old implemenation on demand, with a thorough review of all code. The main change is that interface layer has been removed from the CARP. Now redundant addresses are configured exactly on the interfaces, they run on. The CARP configuration itself is, as before, configured and read via SIOCSVH/SIOCGVH ioctls. A new prefix created with SIOCAIFADDR or SIOCAIFADDR_IN6 may now be configured to a particular virtual host id, which makes the prefix redundant. ifconfig(8) semantics has been changed too: now one doesn't need to clone carpXX interface, he/she should directly configure a vhid on a Ethernet interface. To supply vhid data from the kernel to an application the getifaddrs(8) function had been changed to pass ifam_data with each address. [1] The new implementation definitely closes all PRs related to carp(4) being an interface, and may close several others. It also allows to run a single redundant IP per interface. Big thanks to Bjoern Zeeb for his help with inet6 part of patch, for idea on using ifam_data and for several rounds of reviewing! PR: kern/117000, kern/126945, kern/126714, kern/120130, kern/117448 Reviewed by: bz Submitted by: bz [1]
If compiling RESCUE always ignore feature_present(3) calls so that a /rescue/ifconfig more modern than the kernel could still configure IPv4 or IPv6 addresses. Reported by: Andrzej Tobola (ato iem.pw.edu.pl) Reported by: gcooper MFC after: 1 day X-MFC: will not MFC any time soon, just reminder for r222527
Grab one of the ifcap bits for netmap, and enable printing in ifconfig. Document the fact that we might want an IFCAP_CANTCHANGE mask, even though the value is not yet used in sys/net/if.c (asked on -current a week ago, no feedback so i assume no objection).
Conditionally compile in the af_inet and af_inet6, af_nd6 modules. If compiled in for dual-stack use, test with feature_present(3) to see if we should register the IPv4/IPv6 address family related options. In case there is no "inet" support we would love to go with the usage() and make the address family mandatory (as it is for anything but inet in theory). Unfortunately people are used to ifconfig IF up/down etc. as well, so use a fallback of "link". Adjust the man page to reflect these minor details. Improve error handling printing a warning in addition to the usage telling that we do not know the given address family in two places. Reviewed by: hrs, rwatson Sponsored by: The FreeBSD Foundation Sponsored by: iXsystems MFC after: 2 weeks
Introduces IFF_CANTCONFIG interface flag to point that the interface isn't configurable in a meaningful way. This is for ifconfig(8) or other tools not to change code whenever IFT_USB-like interfaces are registered at the interface list. Reviewed by: brooks No objections: gavin, jkim
Don't print usbus[0-9] interfaces that it's not the interesting interface type for ifconfig(8).
Ethernet vlan(4) interfaces have valid Ethernet link layer addresses but use a different interface type (IFT_L2VLAN vs IFT_ETHER). Treat IFT_L2VLAN interfaces like IFT_ETHER interfaces when handling link layer addresses. Reviewed by: syrinx (bsnmpd) MFC after: 1 week
When an underlying ioctl(2) handler returns an error, our ioctl(2) interface considers that it hits a fatal error, and will not copyout the request structure back for _IOW and _IOWR ioctls, keeping them untouched. The previous implementation of the SIOCGIFDESCR ioctl intends to feed the buffer length back to userland. However, if we return an error, the feedback would be defeated and ifconfig(8) would trap into an infinite loop. This commit changes SIOCGIFDESCR to set buffer field to NULL to indicate the previous ENAMETOOLONG case. Reported by: bschmidt MFC after: 2 weeks
Verify interface up status using its link state only if the interface has such capability. The interface capability flag indicates whether such capability exists. This approach is much more backward compatible. Physical device driver changes will be part of another commit. Also updated the ifconfig utility to show the LINKSTATE capability if present. Reviewed by: rwatson, imp, juli MFC after: 3 days
Add TSO support on VLAN in fconfig(8). Reviewed by: thompsa
Revised revision 199201 (add interface description capability as inspired by OpenBSD), based on comments from many, including rwatson, jhb, brooks and others. Sponsored by: iXsystems, Inc. MFC after: 1 month
Make ``ifconfig -l ether'' only list interfaces that speak Ethernet. PR: 118987 Approved by: ken (mentor)
Revert revision 199201 for now as it has introduced a kernel vulnerability and requires more polishing.
Add interface description capability as inspired by OpenBSD. MFC after: 3 months
Make ifconfig ifN -vnet <jname|jid> actually work: - fix ifconfig to ignore the non-existent interface in the current network stack in case of '-vnet'. - in ifconfig: actually use the local variables defined for the vnet functions rather than modifying the global. Reviewed by: rwatson Approved by: re (kib)
Add the "vnet" and "-vnet" options, to allow moving interfaces between jails with VIMAGE. Approved by: bz (mentor)
- Use size_t instead of int when appropriate; - Use C99 sparse initialization. With these changes ifconfig(8) is WARNS=2 clean.
ifconfig(8) no longer needs to know how to print the IFF_NEEDSGIANT flag, since it shortly won't be defined at all.
Default to AF_LOCAL instead of AF_INET sockets for non-family-specific operations. This allows the query operations to work in non-IPv4 jails, and will be necessary in a future of possible non-INET networking. Approved by: bz (mentor)
use correct interface name when setting flags; fixes ifconfig ... create ... up Noticed by: Chris Anderson
Distinguish between cmd/parameters used for clone operations and all others. Use this to disambiguate cmd line arguments that can be either clone params or regular parameters so, in particular, "bssid" again works as a regular parameter. While here leverage the above to improve the logic for flushing clone operations on the first !clone cmd line parameter. Reviewed by: jhay
Add support in ifconfig to control the vlan hardware filter feature. Reviewed by: EvilSam and moi MFC after:1 week
Move the grekey to its own file, ifconfig.c does not have interface specific code. Submitted by: sam
Add support for the optional key in the GRE header. PR: kern/114714 Submitted by: Cristian KLEIN
Fix handling of create operation together with setting other parameters: o mark cmds/parameters to indicate they are potential arguments to a clone operation (e.g. vlantag) o when handling a create/clone operation do the callback on seeing the first non-clone cmd line argument so the new device is created and can be used; and re-setup operating state to reflect the newly created device Reviewed by: Eugene Grosbein MFC after: 2 weeks
Wake On Lan (WOL) infrastructure Submitted by: Stefan Sperling <stsp@stsp.name> Reviewed by: brooks
Fix the module name matching to the drivers present in the kernel. Previously it would return true on a partial match where it would think the edsc module was already present by having a positive match on 'ed'. This changes it so that it compares the full string including the nul terminators. This also fixes a buffer overflow in the ifkind variable where the length of the interface name in *argv wasnt checked for size. Reviewed by: brooks Approved by: re (gnn)
Remove IPX over IP tunneling pieces from ifconfig(8), omitted portion of previous commit: Remove IPX over IP tunneling support, which allows IPX routing over IP tunnels, and was not MPSAFE. The code can be easily restored in the event that someone with an IPX over IP tunnel configuration can work with me to test patches. This removes one of five remaining consumers of NET_NEEDS_GIANT. Approved by: re (kensmith) Spotted by: Artem Naluzhny <tutat nhamon dot com dot ua>
Add reporting and toggling of TCP LRO (large receive offload) support to ifconfig(8).
Add the -n flag for disabling automatic module loading, this will be used by rc.d to stop it reloading the network module on unload.
Back out rev. 1.129 because it breaks the practice of auto-loading hardware drivers. Unlike pseudo-device drivers, which just attach to the cloning framework and wait for "ifconfig create", h/w drivers create interfaces for installed cards as soon as loaded. The issue of devd(8) involuntarily reloading modules should be dealt with in a different way.
Attempt to load the kernel module only if we are going to create a new interface. In other cases loading the module is unwanted and can lead to ill side effects. One such effect found is as follows: "kldunload if_foo" tells the module to kill all its interfaces, which results in messages sent to devd; the module unloads. Then devd starts processing the messages, which ends up in a etc script running ifconfig fooX, which reloads the module.
o consistently check strlcpy result o warn when we skip an interface because it's name is too long
correct type to silence const complaint
unbreak create operation, must copy argument to global name Spotted by: des
use getifaddrs from libc instead of private code Reviewed by: bms MFC after: 1 month
Fix an off-by-one which could mean writing beyond the end of the array when copying the interface name. This code part should probably be rewritten.
In setifcap() only set/unset those capabilities the interface actually supports.
Fix octal representation of TSO4 and TSO6 bits in interface capabilities description.
Make TSO (TCP segmentation offload) capabilities visible and accessible with 'ifconfig em0 tso' and 'ifconfig em0 -tso'. TSO for IPv4 and IPv6 is always enabled or disabled together. The driver may enable only one if it doesn't support both. Document 'tso' and '-tso' in the ifconfig(8) man pages. Sponsored by: TCP/IP Optimization Fundraise 2005
o replace special handling of clone operations by a clone callback mechanism o change vlan cloning to use callback and pass all vlan parameters on create using the new SIOCREATE2 ioctl o update vlan set logic to match existing practice
There is no IFF_POLLING flag anymore.
Recognize new VLAN_HWCSUM flag.
Do address assignment/removal operations after callbacks. Presently, ifconfig callbacks are used for L2 configuration, media and vlan, so actions associated with address assignment, like sending out a gratuitous ARP, should go when L2 is running already. This also should fix the problem with setting up vlan interfaces from rc.conf, when both IP and vlan+vlandev parameters are passed to ifconfig at once. Future work: Consider introducing several ifconfig callback lists to invoke callbacks orderly. MFC after: 1 week
For the sake of consistency and easier typing, introduce "-tunnel" as an alias for "deletetunnel". The latter is overly long and prone to typos, but keep it for POLA since it costs nothing. MFC after: 5 days
Add a new flag '-k' to ifconfig(8), indicating that it is alright to print potentially sensitive keying material to stdout. With the new 802.11 support, ifconfig(8) is now capable of printing 802.11 keys, and did by default for the root user, which is undesirable in some environments. Now it will not print keying material unless requested (and available to the user). MFC after: 1 week
Add symbolic names for the IFF_PPROMISC and IFF_NEEDSGIANT flags so that ifconfig(8) can print them. MFC after: 5 days
guard against bogus address data Submitted by: Bakul Shah
ISO C does not allow unnamed union members.
Fix typo in comment.
Fix special status reporting. Prior to the reorg there was special-purpose code to display status for an interface for state that was not address-oriented. This status reporting was merged in to the address-oriented status reporting but did not work for link address reporting (as discovered with fwip interfaces). Correct this mis-merge and eliminate the bogus kludge that was used for link-level address reporting. o add an af_other_status method for an address family for reporting status of things like media, vlan, etc. o call the af_other_status methods after reporting address status for an interface o special-case link address status; when reporting all status for an interface invoke it specially prior to reporting af_other_status methods (since it requires the sockaddr_dl that is passed in to status separately from the rtmsg address state) o correct the calling convention for link address status; don't cast types, construct the proper parameter This fixes ifconfig on fwip interfaces.
add a callback mechanism for code that wants to defer committing changes until all the command line args have been processed Reviewed by: ambrisko
This form allows you to request diffs between any two revisions of this file. For each of the two "sides" of the diff, enter a numeric revision.
| ViewVC Help | |
| Powered by ViewVC 1.1.27 |