65451730 glebius Oct. 21, 2019, 6:06 p.m.
16650a01 glebius Oct. 21, 2019, 6:06 p.m.
eed57e32 glebius Oct. 21, 2019, 6:06 p.m.
57d36163 glebius Oct. 21, 2019, 6:05 p.m.
This driver seems to have a bug.  The bug was carefully saved during
conversion.  In the al_eth_mac_table_unicast_add() the argument 'addr',
which is the actual address is unused.  So, the function is called as
many times as we have addresses, but with the exactly same argument
list.  This doesn't make any sense, but was preserved.
cgit ViewVC
8f49db67 glebius Oct. 21, 2019, 6 p.m.
f1c5eb0d glebius Oct. 21, 2019, 5:59 p.m.
d6b5965b glebius Oct. 21, 2019, 5:59 p.m.
7dce5659 glebius Oct. 21, 2019, 5:59 p.m.
3d501333 kevans Oct. 21, 2019, 2:38 p.m.
net.link.tap.user_open has historically allowed non-root users to do devfs
cloning and open /dev/tap* nodes based on permissions. Loosen this up to
make it only allow users to do devfs cloning -- we no longer check it in

This allows tap devices to be created that can actually be opened by a user,
rather than swiftly restricting them to root because the magic sysctl has
not been set.

The sysctl has not yet been completely deprecated, because more thought is
needed for how to handle the devfs cloning case. There is not an easy
suitable replacement for the sysctl there, and more care needs to be placed
in determining whether that's OK or not.

PR:		200185
cgit ViewVC
3ad1ce46 avg Oct. 21, 2019, 12:21 p.m.
MFC after:	1 week
cgit ViewVC
95ca4720 luporl Oct. 21, 2019, 11:56 a.m.
Implementation of PowerNV specific minidump code.

Reviewed by:	jhibbits
Differential Revision:	https://reviews.freebsd.org/D21643
cgit ViewVC
f74e6e49 bz Oct. 21, 2019, 9:33 a.m.
In order to ensure that changing the frag6 code does not change behaviour
or break code a set of test cases were implemented.

Like some other test cases these use Scapy to generate packets and possibly
wait for expected answers.  In most cases we do check the global and
per interface (netstat) statistics output using the libxo output and grep
to validate fields and numbers.  This is a bit hackish but we currently have
no better way to match a selected number of stats only (we have to ignore
some of the ND6 variables; otherwise we could use the entire list).

Test cases include atomic fragments, single fragments, multi-fragments,
and try to cover most error cases in the code currently.
In addition vnet teardown is tested to not panic.

A separate set (not in-tree currently) of probes were used in order to
make sure that the test cases actually test what they should.

The "sniffer" code was copied and adjusted from the netpfil version
as we sometimes will not get packets or have longer timeouts to deal with.

Sponsored by:	Netflix
cgit ViewVC
67a10c46 bz Oct. 21, 2019, 8:48 a.m.
When shutting down a VNET we did not cleanup the fragmentation hashes.
This has multiple problems: (1) leak memory but also (2) leak on the
global counters, which might eventually lead to a problem on a system
starting and stopping a lot of vnets and dealing with a lot of IPv6
fragments that the counters/limits would be exhausted and processing
would no longer take place.

Unfortunately we do not have a useable variable to indicate when
per-VNET initialization of frag6 has happened (or when destroy happened)
so introduce a boolean to flag this. This is needed here as well as
it was in r353635 for ip_reass.c in order to avoid tripping over the
already destroyed locks if interfaces go away after the frag6 destroy.

While splitting things up convert the TRY_LOCK to a LOCK operation in
now frag6_drain_one().  The try-lock was derived from a manual hand-rolled
implementation and carried forward all the time.  We no longer can afford
not to get the lock as that would mean we would continue to leak memory.

Assert that all the buckets are empty before destroying to lock to
ensure long-term stability of a clean shutdown.

Reported by:	hselasky
Reviewed by:	hselasky
MFC after:	3 weeks
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D22054
cgit ViewVC
65456706 bz Oct. 21, 2019, 8:36 a.m.
Add a read-only sysctl exporting the global number of fragments
(base system and all vnets).  This is helpful to (a) know how many
fragments are currently being processed, (b) if there are possible
leaks, (c) if vnet teardown is not working correctly, and lastly
(d) it can be used as part of test-suits to ensure (a) to (c).

MFC after:	3 weeks
Sponsored by:	Netflix
cgit ViewVC
685abd59 behlendorf1 Oct. 21, 2019, 3:37 a.m.
Reviewed-by: Igor Kozhukhov <igor@dilos.org>
Reviewed-by: Ryan Moeller <ryan@ixsystems.com>
Reviewed-by: George Melikov <mail@gmelikov.ru>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Matt Macy <mmacy@FreeBSD.org>
Closes #9486