svn commit: r344139 - in stable/12: share/man/man4 sys/netgraph

Gleb Smirnoff glebius at FreeBSD.org
Fri Feb 15 00:29:46 UTC 2019 

Author: glebius
Date: Fri Feb 15 00:29:44 2019
New Revision: 344139
URL: https://svnweb.freebsd.org/changeset/base/344139

Log:
  Merge r343895:
    Allow some nesting of ng_iface(4) interfaces and add a configuration knob.
  
  PR:		235500

Modified:
  stable/12/share/man/man4/ng_iface.4
  stable/12/sys/netgraph/ng_iface.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/share/man/man4/ng_iface.4
==============================================================================
--- stable/12/share/man/man4/ng_iface.4	Thu Feb 14 20:33:35 2019	(r344138)
+++ stable/12/share/man/man4/ng_iface.4	Fri Feb 15 00:29:44 2019	(r344139)
@@ -35,7 +35,7 @@
 .\" $FreeBSD$
 .\" $Whistle: ng_iface.8,v 1.5 1999/01/25 23:46:26 archie Exp $
 .\"
-.Dd January 12, 2015
+.Dd February 6, 2019
 .Dt NG_IFACE 4
 .Os
 .Sh NAME
@@ -144,6 +144,17 @@ In case when your graph ends up with some kind of seri
 synchronous or modem, the
 .Nm
 is the right place to turn ALTQ on.
+.Sh Nesting
+.Nm
+supports nesting, a configuration when traffic of one
+.Nm
+interface flows through the other.
+The default maximum allowed nesting level is 2.
+It can be changed at runtime setting
+.Xr sysctl 8
+variable
+.Va net.graph.iface.max_nesting
+to the desired level of nesting.
 .Sh SEE ALSO
 .Xr altq 4 ,
 .Xr bpf 4 ,
@@ -151,6 +162,7 @@ is the right place to turn ALTQ on.
 .Xr ng_cisco 4 ,
 .Xr ifconfig 8 ,
 .Xr ngctl 8
+.Xr sysctl
 .Sh HISTORY
 The
 .Nm iface

Modified: stable/12/sys/netgraph/ng_iface.c
==============================================================================
--- stable/12/sys/netgraph/ng_iface.c	Thu Feb 14 20:33:35 2019	(r344138)
+++ stable/12/sys/netgraph/ng_iface.c	Fri Feb 15 00:29:44 2019	(r344139)
@@ -68,6 +68,7 @@
 #include <sys/rmlock.h>
 #include <sys/sockio.h>
 #include <sys/socket.h>
+#include <sys/sysctl.h>
 #include <sys/syslog.h>
 #include <sys/libkern.h>
 
@@ -92,6 +93,13 @@ static MALLOC_DEFINE(M_NETGRAPH_IFACE, "netgraph_iface
 #define M_NETGRAPH_IFACE M_NETGRAPH
 #endif
 
+static SYSCTL_NODE(_net_graph, OID_AUTO, iface, CTLFLAG_RW, 0,
+    "Point to point netgraph interface");
+VNET_DEFINE_STATIC(int, ng_iface_max_nest) = 2;
+#define	V_ng_iface_max_nest	VNET(ng_iface_max_nest)
+SYSCTL_INT(_net_graph_iface, OID_AUTO, max_nesting, CTLFLAG_VNET | CTLFLAG_RW,
+    &VNET_NAME(ng_iface_max_nest), 0, "Max nested tunnels");
+
 /* This struct describes one address family */
 struct iffam {
 	sa_family_t	family;		/* Address family */
@@ -355,7 +363,8 @@ ng_iface_output(struct ifnet *ifp, struct mbuf *m,
 	}
 
 	/* Protect from deadly infinite recursion. */
-	error = if_tunnel_check_nesting(ifp, m, NGM_IFACE_COOKIE, 1);
+	error = if_tunnel_check_nesting(ifp, m, NGM_IFACE_COOKIE,
+	    V_ng_iface_max_nest);
 	if (error) {
 		m_freem(m);
 		return (error);

More information about the svn-src-stable-12 mailing list