git: ac5e30a8073f - main - pf: add probe points to pf_route(6)()
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 13 Nov 2024 20:32:00 UTC
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=ac5e30a8073f95a4764c939cde29adae51229bdd commit ac5e30a8073f95a4764c939cde29adae51229bdd Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-11-13 10:26:39 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2024-11-13 20:26:28 +0000 pf: add probe points to pf_route(6)() Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf.c | 71 +++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 58 insertions(+), 13 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 691cb697a659..daf3fcf567ad 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -126,6 +126,14 @@ SDT_PROBE_DEFINE5(pf, ip, state, lookup, "struct pfi_kkif *", "struct pf_kstate *"); SDT_PROBE_DEFINE2(pf, ip, , bound_iface, "struct pf_kstate *", "struct pfi_kkif *"); +SDT_PROBE_DEFINE4(pf, ip, route_to, entry, "struct mbuf *", + "struct pf_pdesc *", "struct pf_kstate *", "struct ifnet *"); +SDT_PROBE_DEFINE1(pf, ip, route_to, drop, "int"); +SDT_PROBE_DEFINE2(pf, ip, route_to, output, "struct ifnet *", "int"); +SDT_PROBE_DEFINE4(pf, ip6, route_to, entry, "struct mbuf *", + "struct pf_pdesc *", "struct pf_kstate *", "struct ifnet *"); +SDT_PROBE_DEFINE1(pf, ip6, route_to, drop, "int"); +SDT_PROBE_DEFINE2(pf, ip6, route_to, output, "struct ifnet *", "int"); SDT_PROBE_DEFINE4(pf, sctp, multihome, test, "struct pfi_kkif *", "struct pf_krule *", "struct mbuf *", "int"); SDT_PROBE_DEFINE2(pf, sctp, multihome, add, "uint32_t", @@ -7660,6 +7668,8 @@ pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, KASSERT(m && *m && r && oifp, ("%s: invalid parameters", __func__)); + SDT_PROBE4(pf, ip, route_to, entry, *m, pd, s, oifp); + if (s) { r_rt = s->rt; r_dir = s->direction; @@ -7677,6 +7687,7 @@ pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, pd->pf_mtag->routed++ > 3) { m0 = *m; *m = NULL; + SDT_PROBE1(pf, ip, route_to, drop, __LINE__); goto bad_locked; } @@ -7699,6 +7710,7 @@ pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, } else { m0 = *m; *m = NULL; + SDT_PROBE1(pf, ip, route_to, drop, __LINE__); goto bad; } } else { @@ -7732,6 +7744,7 @@ pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, if (TAILQ_EMPTY(&r->rpool.list)) { DPFPRINTF(PF_DEBUG_URGENT, ("%s: TAILQ_EMPTY(&r->rpool.list)\n", __func__)); + SDT_PROBE1(pf, ip, route_to, drop, __LINE__); goto bad_locked; } pf_map_addr(AF_INET, r, (struct pf_addr *)&ip->ip_src, @@ -7764,18 +7777,24 @@ pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, PF_STATE_UNLOCK(s); } - if (ifp == NULL) + if (ifp == NULL) { + SDT_PROBE1(pf, ip, route_to, drop, __LINE__); goto bad; + } if (pd->dir == PF_IN) { if (pf_test(AF_INET, PF_OUT, PFIL_FWD, ifp, &m0, inp, - &pd->act) != PF_PASS) + &pd->act) != PF_PASS) { + SDT_PROBE1(pf, ip, route_to, drop, __LINE__); goto bad; - else if (m0 == NULL) + } else if (m0 == NULL) { + SDT_PROBE1(pf, ip, route_to, drop, __LINE__); goto done; + } if (m0->m_len < sizeof(struct ip)) { DPFPRINTF(PF_DEBUG_URGENT, ("%s: m0->m_len < sizeof(struct ip)\n", __func__)); + SDT_PROBE1(pf, ip, route_to, drop, __LINE__); goto bad; } ip = mtod(m0, struct ip *); @@ -7834,8 +7853,10 @@ pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, md = m0; error = pf_dummynet_route(pd, s, r, ifp, sintosa(&dst), &md); - if (md != NULL) + if (md != NULL) { error = (*ifp->if_output)(ifp, md, sintosa(&dst), NULL); + SDT_PROBE2(pf, ip, route_to, output, ifp, error); + } goto done; } @@ -7851,14 +7872,19 @@ pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, icmp_error(m0, ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG, 0, ifp->if_mtu); + SDT_PROBE1(pf, ip, route_to, drop, __LINE__); goto done; - } else + } else { + SDT_PROBE1(pf, ip, route_to, drop, __LINE__); goto bad; + } } error = ip_fragment(ip, &m0, ifp->if_mtu, ifp->if_hwassist); - if (error) + if (error) { + SDT_PROBE1(pf, ip, route_to, drop, __LINE__); goto bad; + } for (; m0; m0 = m1) { m1 = m0->m_nextpkt; @@ -7869,9 +7895,11 @@ pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, pd->pf_mtag = pf_find_mtag(md); error = pf_dummynet_route(pd, s, r, ifp, sintosa(&dst), &md); - if (md != NULL) + if (md != NULL) { error = (*ifp->if_output)(ifp, md, sintosa(&dst), NULL); + SDT_PROBE2(pf, ip, route_to, output, ifp, error); + } } else m_freem(m0); } @@ -7908,6 +7936,8 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, KASSERT(m && *m && r && oifp, ("%s: invalid parameters", __func__)); + SDT_PROBE4(pf, ip6, route_to, entry, *m, pd, s, oifp); + if (s) { r_rt = s->rt; r_dir = s->direction; @@ -7925,6 +7955,7 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, pd->pf_mtag->routed++ > 3) { m0 = *m; *m = NULL; + SDT_PROBE1(pf, ip6, route_to, drop, __LINE__); goto bad_locked; } @@ -7947,6 +7978,7 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, } else { m0 = *m; *m = NULL; + SDT_PROBE1(pf, ip6, route_to, drop, __LINE__); goto bad; } } else { @@ -7980,6 +8012,7 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, if (TAILQ_EMPTY(&r->rpool.list)) { DPFPRINTF(PF_DEBUG_URGENT, ("%s: TAILQ_EMPTY(&r->rpool.list)\n", __func__)); + SDT_PROBE1(pf, ip6, route_to, drop, __LINE__); goto bad_locked; } pf_map_addr(AF_INET6, r, (struct pf_addr *)&ip6->ip6_src, @@ -8014,19 +8047,25 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, if (s) PF_STATE_UNLOCK(s); - if (ifp == NULL) + if (ifp == NULL) { + SDT_PROBE1(pf, ip6, route_to, drop, __LINE__); goto bad; + } if (pd->dir == PF_IN) { if (pf_test(AF_INET6, PF_OUT, PFIL_FWD, ifp, &m0, inp, - &pd->act) != PF_PASS) + &pd->act) != PF_PASS) { + SDT_PROBE1(pf, ip6, route_to, drop, __LINE__); goto bad; - else if (m0 == NULL) + } else if (m0 == NULL) { + SDT_PROBE1(pf, ip6, route_to, drop, __LINE__); goto done; + } if (m0->m_len < sizeof(struct ip6_hdr)) { DPFPRINTF(PF_DEBUG_URGENT, ("%s: m0->m_len < sizeof(struct ip6_hdr)\n", __func__)); + SDT_PROBE1(pf, ip6, route_to, drop, __LINE__); goto bad; } ip6 = mtod(m0, struct ip6_hdr *); @@ -8051,8 +8090,11 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, if ((u_long)m0->m_pkthdr.len <= ifp->if_mtu) { md = m0; pf_dummynet_route(pd, s, r, ifp, sintosa(&dst), &md); - if (md != NULL) - nd6_output_ifp(ifp, ifp, md, &dst, NULL); + if (md != NULL) { + int ret; + ret = nd6_output_ifp(ifp, ifp, md, &dst, NULL); + SDT_PROBE2(pf, ip6, route_to, output, ifp, ret); + } } else { in6_ifstat_inc(ifp, ifs6_in_toobig); @@ -8063,8 +8105,11 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp, sizeof(struct ip6_hdr), s); icmp6_error(m0, ICMP6_PACKET_TOO_BIG, 0, ifp->if_mtu); - } else + SDT_PROBE1(pf, ip6, route_to, drop, __LINE__); + } else { + SDT_PROBE1(pf, ip6, route_to, drop, __LINE__); goto bad; + } } done: