PERFORCE change 108917 for review
Paolo Pisati
piso at FreeBSD.org
Wed Nov 1 14:19:28 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=108917
Change 108917 by piso at piso_newluxor on 2006/11/01 14:18:45
-back out the #ifdef LIBALIAS ... #endif stuff: libalias +
nat support add ~120kb to the total kernel size (if both are
compiled in), and i guess people can live with that.
If someone with _real_ size constraint complains,
i'll take a second look at it.
-wrap lines at 80 and fix spacing
Affected files ...
.. //depot/projects/soc2005/libalias/sys/netinet/ip_fw2.c#26 edit
Differences ...
==== //depot/projects/soc2005/libalias/sys/netinet/ip_fw2.c#26 (text+ko) ====
@@ -138,9 +138,7 @@
struct ip_fw_chain {
struct ip_fw *rules; /* list of rules */
struct ip_fw *reap; /* list of rules to reap */
-#ifdef LIBALIAS
LIST_HEAD(, cfg_nat) nat; /* list of nat entries */
-#endif
struct radix_node_head *tables[IPFW_TABLES_MAX];
struct rwlock rwmtx;
};
@@ -2032,7 +2030,6 @@
return match;
}
-#ifdef LIBALIAS
static eventhandler_tag ifaddr_event_tag;
static void
@@ -2053,7 +2050,7 @@
continue;
ptr->ip = ((struct sockaddr_in *)
(ifa->ifa_addr))->sin_addr;
- LibAliasSetAddress(ptr->lib, ptr->ip);
+ LibAliasSetAddress(ptr->lib, ptr->ip);
}
mtx_unlock(&ifp->if_addr_mtx);
}
@@ -2168,14 +2165,17 @@
u_short remotePortCopy = r->rport + i;
if (r->rport_cnt == 1 && r->rport == 0)
remotePortCopy = 0;
- r->alink[i] = LibAliasRedirectPort (ptr->lib, r->laddr,
- htons(r->lport + i),
- r->raddr,
- htons(remotePortCopy),
- r->paddr,
- htons(r->pport + i),
- r->proto);
- if (r->alink[i] == NULL) {
+ r->alink[i] =
+ LibAliasRedirectPort(
+ ptr->lib,
+ r->laddr,
+ htons(r->lport + i),
+ r->raddr,
+ htons(remotePortCopy),
+ r->paddr,
+ htons(r->pport + i),
+ r->proto);
+ if (r->alink[i] == NULL) {
r->alink[0] = NULL;
break;
}
@@ -2186,7 +2186,7 @@
r->laddr,
r->raddr,
r->paddr,
- r->proto);
+ r->proto);
break;
default:
printf("unknown redirect mode: %u\n", r->mode);
@@ -2198,7 +2198,8 @@
} else /* LSNAT handling. */
for (i = 0; i < r->spool_cnt; i++) {
ser_s = (struct cfg_spool *)&buf[off];
- s = malloc(sof_redir, M_IPFW, M_WAITOK | M_ZERO);
+ s = malloc(sof_redir, M_IPFW,
+ M_WAITOK | M_ZERO);
memcpy(s, ser_s, sof_spool);
LibAliasAddServer(ptr->lib, r->alink[0],
s->addr,
@@ -2215,7 +2216,6 @@
/* something really bad happened: panic! */
panic("%s\n", panic_err);
}
-#endif
/*
* The main check routine for the firewall.
@@ -3439,7 +3439,7 @@
retval = (cmd->opcode == O_NETGRAPH) ?
IP_FW_NETGRAPH : IP_FW_NGTEE;
goto done;
-#ifdef LIBALIAS
+
case O_NAT: {
struct cfg_nat *t;
struct mbuf *mcl;
@@ -3449,55 +3449,72 @@
args->rule = f; /* Report matching rule. */
retval = 0;
- t = ((ipfw_insn_nat *)cmd)->nat;
+ t = ((ipfw_insn_nat *)cmd)->nat;
if (t == NULL) {
t = lookup_nat(cmd->arg1);
if (t == NULL) {
retval = IP_FW_DENY;
goto done;
} else
- ((ipfw_insn_nat *)cmd)->nat = t;
+ ((ipfw_insn_nat *)cmd)->nat =
+ t;
}
- if ((mcl = m_megapullup(m, m->m_pkthdr.len)) == NULL)
+ if ((mcl = m_megapullup(m, m->m_pkthdr.len)) ==
+ NULL)
goto badnat;
ip = mtod(mcl, struct ip *);
if (args->eh == NULL) {
ip->ip_len = htons(ip->ip_len);
- ip->ip_off = htons(ip->ip_off);
+ ip->ip_off = htons(ip->ip_off);
}
/*
- * XXX - Libalias checksum offload 'duct tape':
+ * XXX - Libalias checksum offload 'duct tape':
*
- * locally generated packets have only pseudo-header
- * checksum calculated and libalias will screw it[1],
+ * locally generated packets have only
+ * pseudo-header
+ * checksum calculated and libalias will
+ screw it[1],
* so mark them for later fix.
- * Moreover there are cases when libalias modify tcp
+ * Moreover there are cases when libalias
+ modify tcp
* packet data[2], mark it for later fix too.
*
- * [1] libalias was never meant to run in kernel, so
- * it doesn't have any knowledge about checksum
- * offloading, and it expects a packet with a full
+ * [1] libalias was never meant to run in
+ kernel, so
+ * it doesn't have any knowledge about
+ checksum
+ * offloading, and it expects a packet with
+ a full
* internet checksum. Unfortunately, packets
* generated locally will have just the pseudo
- * header calculated, and when libalias tries to
- * adjust the checksum it will actually screw it.
+ * header calculated, and when libalias tries
+ to
+ * adjust the checksum it will actually screw
+ it.
*
- * [2] when libalias modify tcp's data content,
+ * [2] when libalias modify tcp's data content,
* full TCP checksum has to be recomputed:
- * the problem is that libalias doesn't have any
+ * the problem is that libalias doesn't have
+ any
* idea about checksum offloading
- * To workaround this, we do not do checksumming
- * in LibAlias, but only mark the packets in th_x2
+ * To workaround this, we do not do
+ checksumming
+ * in LibAlias, but only mark the packets in
+ th_x2
* field. If we receive a marked packet, we
* calculate correct checksum for it aware of
* offloading.
* Why such a terrible hack instead of
* recalculating checksum for each packet?
- * Because the previous checksum was not checked!
- * Recalculating checksums for EVERY packet will
- * hide ALL transmission errors. Yes, marked packets
- * still suffer from this problem. But, sigh, natd(8)
+ * Because the previous checksum was not
+ checked!
+ * Recalculating checksums for EVERY packet
+ will
+ * hide ALL transmission errors. Yes, marked
+ packets
+ * still suffer from this problem. But, sigh,
+ natd(8)
* has this problem, too.
*
* TODO:
@@ -3506,15 +3523,17 @@
*/
if (mcl->m_pkthdr.rcvif == NULL &&
- mcl->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
+ mcl->m_pkthdr.csum_flags &
+ CSUM_DELAY_DATA)
ldt = 1;
- }
c = mtod(mcl, char *);
if (oif == NULL)
- retval = LibAliasIn(t->lib, c, MCLBYTES);
+ retval = LibAliasIn(t->lib, c,
+ MCLBYTES);
else
- retval = LibAliasOut(t->lib, c, MCLBYTES);
+ retval = LibAliasOut(t->lib, c,
+ MCLBYTES);
if (retval != PKT_ALIAS_OK) {
/* XXX - should i add some logging? */
m_free(mcl);
@@ -3523,7 +3542,8 @@
retval = IP_FW_DENY;
goto done;
}
- mcl->m_pkthdr.len = mcl->m_len = ntohs(ip->ip_len);
+ mcl->m_pkthdr.len = mcl->m_len =
+ ntohs(ip->ip_len);
/*
* XXX - libalias checksum offload
@@ -3532,10 +3552,11 @@
if ((ip->ip_off & htons(IP_OFFMASK)) == 0 &&
ip->ip_p == IPPROTO_TCP) {
- struct tcphdr *th = (struct tcphdr *)(ip + 1);
-
+ struct tcphdr *th;
+
+ th = (struct tcphdr *)(ip + 1);
if (th->th_x2)
- ldt = 1;
+ ldt = 1;
}
if (ldt) {
@@ -3544,49 +3565,58 @@
u_short cksum;
ip->ip_len = ntohs(ip->ip_len);
- cksum = in_pseudo(
+ cksum = in_pseudo(
ip->ip_src.s_addr,
ip->ip_dst.s_addr,
- htons(ip->ip_p + ip->ip_len - (ip->ip_hl << 2))
+ htons(ip->ip_p + ip->ip_len -
+ (ip->ip_hl << 2))
);
switch (ip->ip_p) {
case IPPROTO_TCP:
th = (struct tcphdr *)(ip + 1);
- /* Maybe it was set in libalias... */
+ /*
+ * Maybe it was set in
+ * libalias...
+ */
th->th_x2 = 0;
th->th_sum = cksum;
mcl->m_pkthdr.csum_data =
- offsetof(struct tcphdr,
+ offsetof(struct tcphdr,
th_sum);
break;
case IPPROTO_UDP:
uh = (struct udphdr *)(ip + 1);
uh->uh_sum = cksum;
mcl->m_pkthdr.csum_data =
- offsetof(struct udphdr,
+ offsetof(struct udphdr,
uh_sum);
break;
}
- /* No hw checksum offloading: do it by ourself. */
- if ((mcl->m_pkthdr.csum_flags & CSUM_DELAY_DATA) == 0) {
+ /*
+ * No hw checksum offloading: do it
+ * by ourself.
+ */
+ if ((mcl->m_pkthdr.csum_flags &
+ CSUM_DELAY_DATA) == 0) {
in_delayed_cksum(mcl);
- mcl->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
+ mcl->m_pkthdr.csum_flags &=
+ ~CSUM_DELAY_DATA;
}
ip->ip_len = htons(ip->ip_len);
}
if (args->eh == NULL) {
ip->ip_len = ntohs(ip->ip_len);
- ip->ip_off = ntohs(ip->ip_off);
+ ip->ip_off = ntohs(ip->ip_off);
}
args->m = mcl;
retval = IP_FW_NAT;
goto done;
}
-#endif
+
default:
panic("-- unknown opcode %d\n", cmd->opcode);
} /* end of switch() on opcodes */
@@ -4533,7 +4563,7 @@
free(tbl, M_TEMP);
}
break;
-#ifdef LIBALIAS
+
case IP_FW_NAT_CFG:
{
struct cfg_nat *ptr, *ser_n;
@@ -4541,15 +4571,17 @@
buf = malloc(NAT_BUF_LEN, M_IPFW, M_WAITOK | M_ZERO);
- error = sooptcopyin(sopt, buf, NAT_BUF_LEN, sizeof(struct cfg_nat));
+ error = sooptcopyin(sopt, buf, NAT_BUF_LEN,
+ sizeof(struct cfg_nat));
ser_n = (struct cfg_nat *)buf;
/*
* Find/create nat rule.
*/
IPFW_WLOCK(&layer3_chain);
- ptr = lookup_nat(ser_n->id);
- if (ptr == NULL) { /* New rule: allocate and init new instance. */
+ ptr = lookup_nat(ser_n->id);
+ if (ptr == NULL) {
+ /* New rule: allocate and init new instance. */
ptr = malloc(sizeof(struct cfg_nat),
M_IPFW, M_NOWAIT | M_ZERO);
if (ptr == NULL) {
@@ -4561,13 +4593,14 @@
if (ptr->lib == NULL) {
free(ptr, M_IPFW);
free(buf, M_IPFW);
- IPFW_WUNLOCK(&layer3_chain);
+ IPFW_WUNLOCK(&layer3_chain);
return(EINVAL);
}
LIST_INIT(&ptr->redir_chain);
- } else { /* Entry already present: temporarly unhook it. */
+ } else {
+ /* Entry already present: temporarly unhook it. */
UNHOOK_NAT(ptr);
- flush_nat_ptrs(ser_n->id);
+ flush_nat_ptrs(ser_n->id);
}
IPFW_WUNLOCK(&layer3_chain);
@@ -4576,7 +4609,8 @@
*/
ptr->id = ser_n->id;
/*
- * XXX - what if this rule doesn't nat any ip and just redirect?
+ * XXX - what if this rule doesn't nat any ip and just
+ * redirect?
* do we set aliasaddress to 0.0.0.0?
*/
ptr->ip = ser_n->ip;
@@ -4584,14 +4618,15 @@
ptr->mode = ser_n->mode;
LibAliasSetMode(ptr->lib, ser_n->mode, ser_n->mode);
LibAliasSetAddress(ptr->lib, ptr->ip);
- memcpy(ptr->if_name, ser_n->if_name, IF_NAMESIZE);
+ memcpy(ptr->if_name, ser_n->if_name, IF_NAMESIZE);
/*
* Redir and LSNAT configuration.
*/
- del_redir_spool_cfg(ptr, &ptr->redir_chain); /* Delete old cfgs. */
- add_redir_spool_cfg(&buf[(sizeof(struct cfg_nat))],
- ptr); /* Add new entries. */
+ /* Delete old cfgs. */
+ del_redir_spool_cfg(ptr, &ptr->redir_chain);
+ /* Add new entries. */
+ add_redir_spool_cfg(&buf[(sizeof(struct cfg_nat))], ptr);
free(buf, M_IPFW);
IPFW_WLOCK(&layer3_chain);
HOOK_NAT(&layer3_chain.nat, ptr);
@@ -4643,11 +4678,16 @@
off += sof_nat;
LIST_FOREACH(r, &n->redir_chain, _next) {
if (off + sof_redir < NAT_BUF_LEN) {
- bcopy(r, &data[off], sof_redir);
+ bcopy(r, &data[off],
+ sof_redir);
off += sof_redir;
- LIST_FOREACH(s, &r->spool_chain, _next) {
- if (off + sof_spool < NAT_BUF_LEN) {
- bcopy(s, &data[off], sof_spool);
+ LIST_FOREACH(s,
+ &r->spool_chain,
+ _next) {
+ if (off + sof_spool <
+ NAT_BUF_LEN) {
+ bcopy(s, &data[off],
+ sof_spool);
off += sof_spool;
} else
goto nospace;
@@ -4665,7 +4705,8 @@
break;
nospace:
IPFW_RUNLOCK(&layer3_chain);
- printf("serialized data buffer not big enough: please increase NAT_BUF_LEN\n");
+ printf("serialized data buffer not big enough:"
+ "please increase NAT_BUF_LEN\n");
free(data, M_IPFW);
}
break;
@@ -4699,7 +4740,7 @@
free(data, M_IPFW);
}
break;
-#endif
+
default:
printf("ipfw: ipfw_ctl invalid option %d\n", sopt->sopt_name);
error = EINVAL;
@@ -4872,11 +4913,9 @@
ip_fw_ctl_ptr = ipfw_ctl;
ip_fw_chk_ptr = ipfw_chk;
callout_reset(&ipfw_timeout, hz, ipfw_tick, NULL);
-#ifdef LIBALIAS
LIST_INIT(&layer3_chain.nat);
ifaddr_event_tag = EVENTHANDLER_REGISTER(ifaddr_event, ifaddr_change,
NULL, EVENTHANDLER_PRI_ANY);
-#endif
return (0);
}
@@ -4884,16 +4923,13 @@
ipfw_destroy(void)
{
struct ip_fw *reap;
-#ifdef LIBALIAS
struct cfg_nat *ptr, *ptr_temp;
-#endif
ip_fw_chk_ptr = NULL;
ip_fw_ctl_ptr = NULL;
callout_drain(&ipfw_timeout);
IPFW_WLOCK(&layer3_chain);
flush_tables(&layer3_chain);
-#ifdef LIBALIAS
LIST_FOREACH_SAFE(ptr, &layer3_chain.nat, _next, ptr_temp) {
LIST_REMOVE(ptr, _next);
del_redir_spool_cfg(ptr, &ptr->redir_chain);
@@ -4901,7 +4937,6 @@
free(ptr, M_IPFW);
}
EVENTHANDLER_DEREGISTER(ifaddr_event, ifaddr_event_tag);
-#endif
layer3_chain.reap = NULL;
free_chain(&layer3_chain, 1 /* kill default rule */);
reap = layer3_chain.reap, layer3_chain.reap = NULL;
More information about the p4-projects
mailing list