Commit Graph

43 Commits

Author SHA1 Message Date
fengbojiang da4b496cab Netgraph and ipfw for FreeBSD 13.0. 2021-10-12 18:59:42 +08:00
fengbojiang 21cfeb4372 Support extra tcp stacks, rack and bbr. 2021-09-23 15:16:09 +08:00
fengbojiang 8fe2bf87f3 FreeBSD13 can simply work. 2021-09-18 14:50:06 +08:00
fengbojiang 63f0426fdf fix some issues. 2021-09-16 15:30:22 +08:00
fengbojiang e7b7fb6cc9 FreeBSD: Upgrade to FreeBSD-releng-13.0 compiled, to be tested. 2021-08-31 19:00:09 +08:00
fengbojiang(姜凤波) cddb7cd030 Add `ff_regist_pcblddr_fun` to regist a pcb lddr function in F-Stack.
If There are multiple ips, and F-Stack client application can choose a source ip by yourself, instead always use the first ip.
2021-03-06 19:18:52 +08:00
fengbojiang(姜凤波) 5212857100 ICMPv6 / MLDv2 out-of-bounds memory access.
Corresponding upstream changeset from
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:19.mldv2.asc.
2019-11-22 23:03:52 +08:00
fengbojiang(姜凤波) 0e148a1207 Denial of service in listen system call.
Corresponding upstream changeset from
https://www.freebsd.org/security/advisories/FreeBSD-EN-18:11.listen.asc.

Refer: #329.
2019-11-22 22:07:47 +08:00
fengbojiang(姜凤波) c476ff78a9 Resource exhaustion in IP fragment reassembly.
Corresponding upstream changeset from
https://www.freebsd.org/security/advisories/FreeBSD-SA-18:10.ip.asc.
2019-11-22 21:06:30 +08:00
fengbojiang(姜凤波) 30c2a48ca1 Resource exhaustion in TCP reassembly.
Corresponding upstream changeset from
https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc.
2019-11-22 16:16:34 +08:00
fengbojiang(姜凤波) b4eda9868a The icmp6(4) protocol has been updated to fix ICMPv6 redirects.
Corresponding upstream changeset from https://svnweb.freebsd.org/base/stable/11/sys/netinet6/icmp6.c?r1=329581&r2=329580&pathrev=329581.
2019-11-22 15:57:05 +08:00
fengbojiang(姜凤波) eb6df281b3 The disclosure in the TCP network stack was introduced in 11.0.
Corresponding upstream changeset from
https://www.freebsd.org/security/advisories/FreeBSD-EN-18:05.mem.asc.
2019-11-22 14:39:26 +08:00
fengbojiang(姜凤波) 441d416594 Fix denial of service of ipsec.
Corresponding upstream changeset from
 https://www.freebsd.org/security/advisories/FreeBSD-SA-18:05.ipsec.asc.
2019-11-22 12:33:19 +08:00
fengbojiang(姜凤波) b6e183603d The TCP stack has been changed to use the estimated RTT instead of timestamps for receive buffer auto resizing.
Corresponding upstream changeset from https://svnweb.freebsd.org/base?view=revision&revision=317368.
2019-11-22 11:40:45 +08:00
fengbojiang(姜凤波) e1bffb8a14 The network stack has been modified to fix incorrect or invalid IP
addresses if multiple threads emit a UDP log_in_vain message
concurrently.

Corresponding upstream changeset from
https://svnweb.freebsd.org/base?view=revision&revision=313523.
2019-11-21 16:57:10 +08:00
fengbojiang(姜凤波) efd36ee293 The network stack has been updated to include ip6_tryforward(),
providing performance benefits as result of a reduced number of checks.

Corresponding upstream changeset from
https://svnweb.freebsd.org/base?view=revision&revision=311681.
2019-11-21 16:42:24 +08:00
fengbojiang(姜凤波) d53a2d2032 FreeBSD: upgrad to FreeBSD-releng-11.0 for some bugs. 2019-11-20 20:41:29 +08:00
fengbojiang(姜凤波) adfdf56113 IPv6: FreeBSD stack and f-stack support ipv6. 2019-07-12 20:56:01 +08:00
jfb8856606 1743e020f9 recommit bind and connet use other ip.
Refer #322 #323 #343
2019-06-25 19:14:07 +08:00
fengbojiang(姜凤波) fe45045298 Revert "Merge branch 'master' of https://github.com/F-Stack/f-stack"
Refer #322 #323 #343

This reverts commit 2bc927fd77, reversing
changes made to 2576201343.
2019-03-14 18:07:36 +08:00
10077240 2c6bc8e771 indent correctly 2019-01-14 15:10:42 +08:00
10077240 490ee526cc support bind and connect 2019-01-05 11:51:57 +08:00
dongbo4 eb3a5857ca Fix nginx_with_fstack setting up segment faults on arm64 platform 2018-11-07 08:59:23 +00:00
10077240 61467f3e8d Update freebsd/netinet/in_pcb.c
BSD's socket can bind the address not belong to local ports, this works well when using as transparent proxy. If fstack check the ip and port whenever new connect, tranparent proxy is not supported.
When using specified local port, it is app's responsibility to make 5-tuple rss hash good.
2018-10-10 07:48:32 +08:00
logwang 5e5c25c329 kern_timeout: decrease the cpu usage of timer.
There's a bug of last version, every tick, the timer will traverse all the
entries in callwheel, when lots of connections comming, the callout
process will use lots of cpu resources.

This commit fixes it, every tick, check the bucket which is hashed with current
tick, if there are entries, compare the callout tick, and invoke
callbacks.
2018-05-10 17:53:18 +08:00
ouliuquan 744da4ea50 Update vnode_if.src
Missing end-of-line ; in " IN struct task *task;   ".
2018-04-27 17:42:22 +08:00
logwang 39be5a505f ff_kern_timeout: optimize the timecounter.
This timecounter implementation retrieves the current time and reports it
as the equivalent number of counts from a counter incrementing at 'hz'.
2018-01-19 21:03:20 +08:00
Shivansh Rai 4f4a430529 Fix tautological comparison
Corresponding upstream changeset: https://github.com/freebsd/freebsd/commit/d45a807e
2018-01-02 23:11:52 +05:30
chenwei 70bb2888cb Nginx: support kernel network stack, so we can do what fstack can't do,
e.g. unix socket, ipc (with APP on kernel network stack), packet from kernel network stack.
1. Add a new directive kernel_network_stack :
    Syntax: 	kernel_network_stack on | off;
    Default: 	kernel_network_stack off;
   Context: 	http, server
  This directive is available only when NGX_HAVE_FF_STACK is defined.
  Determines whether server should run on kernel network stack or fstack.
2. Use a simpler and  more effective solution to discriminate fstack fd(file descriptor, only socket for now) from kernel fd.
2017-12-08 18:32:08 +08:00
logwang 2aa28acdb3 Fix #114: An out of bounds of memory in netinet/libalias/alias_sctp.c.
Run with valgrind, and found this:
==2228== Invalid write of size 8
==2228==    at 0x4E05DA: AliasSctpInit (alias_sctp.c:641)
==2228==    by 0x4DE565: LibAliasInit (alias_db.c:2503)
==2228==    by 0x4E9B3B: nat44_config (ip_fw_nat.c:505)
==2228==    by 0x4E9E91: nat44_cfg (ip_fw_nat.c:599)
==2228==    by 0x4F1719: ipfw_ctl3 (ip_fw_sockopt.c:3666)
==2228==    by 0x4B9954: rip_ctloutput (raw_ip.c:659)
==2228==    by 0x447E11: sosetopt (uipc_socket.c:2505)
==2228==    by 0x44BF4D: kern_setsockopt (uipc_syscalls.c:1407)
==2228==    by 0x409F08: ff_setsockopt (ff_syscall_wrapper.c:412)
==2228==    by 0x5277AA: handle_ipfw_msg (ff_dpdk_if.c:1146)
==2228==    by 0x52788C: handle_msg (ff_dpdk_if.c:1196)
==2228==    by 0x5289B8: process_msg_ring (ff_dpdk_if.c:1213)
==2228==  Address 0x60779b0 is 4,800 bytes inside a block of size 4,802
alloc'd
==2228==    at 0x4C2ABBD: malloc (vg_replace_malloc.c:296)
==2228==    by 0x509F15: ff_malloc (ff_host_interface.c:89)
==2228==    by 0x4053BE: malloc (ff_glue.c:1021)
==2228==    by 0x4E054E: AliasSctpInit (alias_sctp.c:632)
==2228==    by 0x4DE565: LibAliasInit (alias_db.c:2503)
==2228==    by 0x4E9B3B: nat44_config (ip_fw_nat.c:505)
==2228==    by 0x4E9E91: nat44_cfg (ip_fw_nat.c:599)
==2228==    by 0x4F1719: ipfw_ctl3 (ip_fw_sockopt.c:3666)
==2228==    by 0x4B9954: rip_ctloutput (raw_ip.c:659)
==2228==    by 0x447E11: sosetopt (uipc_socket.c:2505)
==2228==    by 0x44BF4D: kern_setsockopt (uipc_syscalls.c:1407)
==2228==    by 0x409F08: ff_setsockopt (ff_syscall_wrapper.c:412)
==2228==

The error line is:
`la->sctpNatTimer.TimerQ = sn_calloc(SN_TIMER_QUEUE_SIZE, sizeof(struct
sctpTimerQ));`

Since SN_TIMER_QUEUE_SIZE is defined as SN_MAX_TIMER+2, and sn_calloc is
defined as sn_malloc(x * n) if _SYS_MALLOC_H_ is defined, the size of
calloced memory will be wrong, because the macro will be expanded to
sizeof(struct sctpTimerQ)*SN_MAX_TIMER+2.

And the memory will be out of bounds here.
```
/* Initialise circular timer Q*/
for (i = 0; i < SN_TIMER_QUEUE_SIZE; i++)
    LIST_INIT(&la->sctpNatTimer.TimerQ[i]);
```
2017-12-05 15:32:10 +08:00
logwang 0e1bd6da1b Fix bug: dead loop when destroy a network interface. 2017-11-10 18:52:10 +08:00
logwang 3b2bd0f641 Add tool: ngctl.
ngctl -- netgraph control utility.
The ngctl utility creates a new netgraph node of type socket which can be used to issue netgraph commands.
2017-11-01 17:38:22 +08:00
logwang a1fd9364a9 FreeBSD: add module netgraph. 2017-10-25 14:38:15 +08:00
logwang 1cd6edf41e Fix endless loop when connect to a peer if all ports are completely used. 2017-09-11 11:01:18 +08:00
Andy 08dba0109c add lvs toa option 2017-09-04 23:19:12 -04:00
logwang 1eaf0ac36a Add tool: netstat.
Including libraries: libutil,libmemstat,libxo.
2017-08-31 21:34:50 +08:00
logwang a9e7dcf4da Fix ff_rss_check function bug.
1.Close #22.
2.Configure the HW indirection table when initializing port.
3.Use several LSBs of the rss hash result according to reta_size when
calculating queue index.
2017-08-28 17:12:07 +08:00
logwang 406002113b Support nginx reload.
close #12.
For more details, see doc/F-Stack_Nginx_APP_Guide.md.
2017-08-23 16:54:32 +08:00
logwang 5825eee0c3 Optimize ngx_ff_module 2017-08-09 14:50:21 +08:00
logwang 615f2d3c02 Fix `ff_fdused_range` not work. 2017-08-08 23:47:38 +08:00
logwang a02c88d651 Simplify startup arguments and add ff_fdisused.
Changes:
1.Simplify f-stack startup arguments:"--conf, --proc-type, --proc-id".
2.add a function `ff_fdisused` to check if fd is used in f-stack.
2017-08-08 22:36:49 +08:00
Li Wei 839295c867 freebsd: fix compiling error with gcc 6.3.1
Fix this misleading indentation according to the upstream of freebsd.

Signed-off-by: Li Wei <liwei@anbutu.com>
2017-05-25 18:57:02 +08:00
logwang a9643ea85c init 2017-04-21 18:43:26 +08:00