libalias: Handle GetNewPort() errors properly

AddLink() fails when memory allocation fails or no free port is
available; both are error conditions. However, functions such as
FindUdpTcpIn() were co

libalias: Handle GetNewPort() errors properly

AddLink() fails when memory allocation fails or no free port is
available; both are error conditions. However, functions such as
FindUdpTcpIn() were converting such failures to PKT_ALIAS_IGNORED, which
effectively means, "pass the packet without translation," which isn't
what we want.

Fix the problem by making sure that AddLink() errors are converted to
PKT_ALIAS_ERROR where appropriate. The diff is a bit large but is
mostly mechanical: functions like TcpAliasOut() are converted to return
a result code, and an additional out-parameter is added to return the
alias_link pointer.

Reported by: Yuxiang Yang <yangyx22@mails.tsinghua.edu.cn>
Tested by: Yuxiang Yang <yangyx22@mails.tsinghua.edu.cn>
MFC after: 2 months
Differential Revision: https://reviews.freebsd.org/D47778

show more ...

libalias: Add support for EIM NAT

Add support for endpoint-independent mapping ("full cone NAT") in
Libalias's UDP NAT.

This conforms to RFC 4787 requirements 1 and 3. All UDP packets sent out from

libalias: Add support for EIM NAT

Add support for endpoint-independent mapping ("full cone NAT") in
Libalias's UDP NAT.

This conforms to RFC 4787 requirements 1 and 3. All UDP packets sent out from a
particular internal address:port leave via the same NAT address:port,
regardless of their destination.

Add some libalias tests and supporting defines.

Reviewed by: igoro, thj
Differential Revision: https://reviews.freebsd.org/D46689D

show more ...

sys: Remove $FreeBSD$: two-line .h pattern

Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix

show more ...

libalias: Switch to efficient data structure for incoming traffic

Current data structure is using a hash of unordered lists. Those
unordered lists are quite efficient, because the least recently
in

libalias: Switch to efficient data structure for incoming traffic

Current data structure is using a hash of unordered lists. Those
unordered lists are quite efficient, because the least recently
inserted entries are most likely to be used again. In order to avoid
long search times in other cases, the lists are hashed into many
buckets. Unfortunatly a search for a miss needs an exhaustive
inspection and a careful definition of the hash.

Splay trees offer a similar feature: Almost O(1) for access of the
least recently used entries, and amortized O(ln(n)) for almost all
other cases. Get rid of the hash.

Now the data structure should able to quickly react to external
packets without eating CPU cycles for breakfast, preventing a DoS.

PR: 192888
Discussed with: Dimitry Luhtionov
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30536

show more ...

libalias: Switch to efficient data structure for outgoing traffic

Current data structure is using a hash of unordered lists. Those
unordered lists are quite efficient, because the least recently
in

libalias: Switch to efficient data structure for outgoing traffic

Current data structure is using a hash of unordered lists. Those
unordered lists are quite efficient, because the least recently
inserted entries are most likely to be used again. In order to avoid
long search times in other cases, the lists are hashed into many
buckets. Unfortunatly a search for a miss needs an exhaustive
inspection and a careful definition of the hash.

Splay trees offer a similar feature - almost O(1) for access of the
least recently used entries), and amortized O(ln(n) - for almost all
other cases. Get rid of the hash.

Discussed with: Dimitry Luhtionov
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30516

show more ...

libalias: Restructure - Remove temporary state deleteAllLinks from global struct

The entry deleteAllLinks in the struct libalias is only used to signal
a state between internal calls. It's not used

libalias: Restructure - Remove temporary state deleteAllLinks from global struct

The entry deleteAllLinks in the struct libalias is only used to signal
a state between internal calls. It's not used between API calls.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30604

show more ...

libalias: Restructure - Table for PPTP

Let PPTP use its own data structure.
Regroup and rename other lists, which are not PPTP.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/

libalias: Restructure - Table for PPTP

Let PPTP use its own data structure.
Regroup and rename other lists, which are not PPTP.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30580

show more ...

libalias: Restructure - Group incoming links

Reorder incoming links by grouping of common search terms.
Significant performance improvement for incoming (missing) flows.

Remove LSNAT from outgoing

libalias: Restructure - Group incoming links

Reorder incoming links by grouping of common search terms.
Significant performance improvement for incoming (missing) flows.

Remove LSNAT from outgoing search.
Slight speedup due to less comparsions in the loop.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30574

show more ...

libalias: Restructure - Table for partially links

Separate the partially specified links into a separate data structure.

This would causes a major parformance impact, if there are many of
them. Us

libalias: Restructure - Table for partially links

Separate the partially specified links into a separate data structure.

This would causes a major parformance impact, if there are many of
them. Use a (smaller) hash table to speed up the partially link
access.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30570

show more ...

libalias: Promote per instance global variable timeStamp

Summary:
- Use LibAliasTime as a real global variable for central timekeeping.
- Reduce number of syscalls in user space considerably.
- Dyna

libalias: Promote per instance global variable timeStamp

Summary:
- Use LibAliasTime as a real global variable for central timekeeping.
- Reduce number of syscalls in user space considerably.
- Dynamically adjust the packet counters to match the second resolution.
- Only check the first few packets after a time increase for expiry.

Discussed with: hselasky
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30566

show more ...

libalias: Stats are unsigned

Stats counters are used as unsigned valued (i.e. printf("%u")) but are
defined as signed int. This causes trouble later, so fix it early.

MFC after: 1 week
Differentia

libalias: Stats are unsigned

Stats counters are used as unsigned valued (i.e. printf("%u")) but are
defined as signed int. This causes trouble later, so fix it early.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30587

show more ...

libalias: tidy up housekeeping

Replace current expensive, but sparsly called housekeeping
by a single, repetive action.

This is part of a larger restructure of libalias in order to switch to
more e

libalias: tidy up housekeeping

Replace current expensive, but sparsly called housekeeping
by a single, repetive action.

This is part of a larger restructure of libalias in order to switch to
more efficient data structures. The whole restructure process is
split into 15 reviews to ease reviewing. All those steps will be
squashed into a single commit for MFC in order to hide the
intermediate states from production systems.

Reviewed by: hselasky
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30277

show more ...

libalias: Remove unused function LibAliasCheckNewLink

The functionality to detect a newly created link after processing a
single packet is decoupled from the packet processing. Every new
packet is

libalias: Remove unused function LibAliasCheckNewLink

The functionality to detect a newly created link after processing a
single packet is decoupled from the packet processing. Every new
packet is processed asynchronously and will reset the indicator, hence
the function is unusable. I made a Google search for third party code,
which uses the function, and failed to find one.

That's why the function should be removed: It unusable and unused.
A much simplified API/ABI will remain in anything below 14.

Discussed with: kp
Reviewed by: manpages (bcr)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30275

show more ...

libalias: replace placeholder with static constant

The field nullAddress in struct libalias is never set and never used.
It exists as a placeholder for an unused argument only.

Reviewed by: hselask

libalias: replace placeholder with static constant

The field nullAddress in struct libalias is never set and never used.
It exists as a placeholder for an unused argument only.

Reviewed by: hselasky
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D30253

show more ...

libalias: Style cleanup

libalias is a convolut of various coding styles modified by a series
of different editors enforcing interesting convetions on spacing and
comments.

This patch is a baseline

libalias: Style cleanup

libalias is a convolut of various coding styles modified by a series
of different editors enforcing interesting convetions on spacing and
comments.

This patch is a baseline to start with a perfomance rework of
libalias. Upcoming patches should be focus on the code, not on the
style. That's why most annoying style errors should be fixed
beforehand.

Reviewed by: hselasky
Discussed by: emaste
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D30259

show more ...

Allow setting alias port ranges in libalias and ipfw. This will allow a system
to be a true RFC 6598 NAT444 setup, where each network segment (e.g. user,
subnet) can have their own dedicated port ali

Allow setting alias port ranges in libalias and ipfw. This will allow a system
to be a true RFC 6598 NAT444 setup, where each network segment (e.g. user,
subnet) can have their own dedicated port aliasing ranges.

Reviewed by: donner, kp
Approved by: 0mp (mentor), donner, kp
Differential Revision: https://reviews.freebsd.org/D23450

show more ...

libalias: Fix -Wcast-align compiler warnings

This fixes -Wcast-align warnings caused by the underaligned `struct ip`.
This also silences them in the public functions by changing the function
signatu

libalias: Fix -Wcast-align compiler warnings

This fixes -Wcast-align warnings caused by the underaligned `struct ip`.
This also silences them in the public functions by changing the function
signature from char * to void *. This is source and binary compatible and
avoids the -Wcast-align warning.

Reviewed By: ae, gbe (manpages)
Differential Revision: https://reviews.freebsd.org/D27882

show more ...

net: clean up empty lines in .c and .h files

libalias: Handle GetNewPort() errors properly

AddLink() fails when memory allocation fails or no free port is
available; both are error conditions. However, functions such as
FindUdpTcpIn() were co

libalias: Handle GetNewPort() errors properly

AddLink() fails when memory allocation fails or no free port is
available; both are error conditions. However, functions such as
FindUdpTcpIn() were converting such failures to PKT_ALIAS_IGNORED, which
effectively means, "pass the packet without translation," which isn't
what we want.

Fix the problem by making sure that AddLink() errors are converted to
PKT_ALIAS_ERROR where appropriate. The diff is a bit large but is
mostly mechanical: functions like TcpAliasOut() are converted to return
a result code, and an additional out-parameter is added to return the
alias_link pointer.

Reported by: Yuxiang Yang <yangyx22@mails.tsinghua.edu.cn>
Tested by: Yuxiang Yang <yangyx22@mails.tsinghua.edu.cn>
MFC after: 2 months
Differential Revision: https://reviews.freebsd.org/D47778

show more ...

libalias: Add support for EIM NAT

Add support for endpoint-independent mapping ("full cone NAT") in
Libalias's UDP NAT.

This conforms to RFC 4787 requirements 1 and 3. All UDP packets sent out from

libalias: Add support for EIM NAT

Add support for endpoint-independent mapping ("full cone NAT") in
Libalias's UDP NAT.

This conforms to RFC 4787 requirements 1 and 3. All UDP packets sent out from a
particular internal address:port leave via the same NAT address:port,
regardless of their destination.

Add some libalias tests and supporting defines.

Reviewed by: igoro, thj
Differential Revision: https://reviews.freebsd.org/D46689D

show more ...

sys: Remove $FreeBSD$: two-line .h pattern

Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix

show more ...

libalias: Switch to efficient data structure for incoming traffic

Current data structure is using a hash of unordered lists. Those
unordered lists are quite efficient, because the least recently
in

libalias: Switch to efficient data structure for incoming traffic

Current data structure is using a hash of unordered lists. Those
unordered lists are quite efficient, because the least recently
inserted entries are most likely to be used again. In order to avoid
long search times in other cases, the lists are hashed into many
buckets. Unfortunatly a search for a miss needs an exhaustive
inspection and a careful definition of the hash.

Splay trees offer a similar feature: Almost O(1) for access of the
least recently used entries, and amortized O(ln(n)) for almost all
other cases. Get rid of the hash.

Now the data structure should able to quickly react to external
packets without eating CPU cycles for breakfast, preventing a DoS.

PR: 192888
Discussed with: Dimitry Luhtionov
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30536

show more ...

libalias: Switch to efficient data structure for outgoing traffic

Current data structure is using a hash of unordered lists. Those
unordered lists are quite efficient, because the least recently
in

libalias: Switch to efficient data structure for outgoing traffic

Current data structure is using a hash of unordered lists. Those
unordered lists are quite efficient, because the least recently
inserted entries are most likely to be used again. In order to avoid
long search times in other cases, the lists are hashed into many
buckets. Unfortunatly a search for a miss needs an exhaustive
inspection and a careful definition of the hash.

Splay trees offer a similar feature - almost O(1) for access of the
least recently used entries), and amortized O(ln(n) - for almost all
other cases. Get rid of the hash.

Discussed with: Dimitry Luhtionov
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30516

show more ...