svn commit: r340068 - in head/sys: net netpfil/pf

Kristof Provost kp at FreeBSD.org
Fri Nov 2 16:57:25 UTC 2018 

Author: kp
Date: Fri Nov  2 16:57:23 2018
New Revision: 340068
URL: https://svnweb.freebsd.org/changeset/base/340068

Log:
  pfsync: Handle syncdev going away
  
  If the syncdev is removed we no longer need to clean up the multicast
  entry we've got set up for that device.
  
  Pass the ifnet detach event through pf to pfsync, and remove our
  multicast handle, and mark us as no longer having a syncdev.
  
  Note that this callback is always installed, even if the pfsync
  interface is disabled (and thus it's not a per-vnet callback pointer).
  
  MFC after:	2 weeks
  Sponsored by:	Orange Business Services
  Differential Revision:	https://reviews.freebsd.org/D17502

Modified:
  head/sys/net/pfvar.h
  head/sys/netpfil/pf/if_pfsync.c
  head/sys/netpfil/pf/pf_if.c
  head/sys/netpfil/pf/pf_ioctl.c

Modified: head/sys/net/pfvar.h
==============================================================================
--- head/sys/net/pfvar.h	Fri Nov  2 16:53:15 2018	(r340067)
+++ head/sys/net/pfvar.h	Fri Nov  2 16:57:23 2018	(r340068)
@@ -824,6 +824,7 @@ typedef	void		pfsync_update_state_t(struct pf_state *)
 typedef	void		pfsync_delete_state_t(struct pf_state *);
 typedef void		pfsync_clear_states_t(u_int32_t, const char *);
 typedef int		pfsync_defer_t(struct pf_state *, struct mbuf *);
+typedef void		pfsync_detach_ifnet_t(struct ifnet *);
 
 VNET_DECLARE(pfsync_state_import_t *, pfsync_state_import_ptr);
 #define V_pfsync_state_import_ptr	VNET(pfsync_state_import_ptr)
@@ -837,6 +838,7 @@ VNET_DECLARE(pfsync_clear_states_t *, pfsync_clear_sta
 #define V_pfsync_clear_states_ptr	VNET(pfsync_clear_states_ptr)
 VNET_DECLARE(pfsync_defer_t *, pfsync_defer_ptr);
 #define V_pfsync_defer_ptr		VNET(pfsync_defer_ptr)
+extern pfsync_detach_ifnet_t	*pfsync_detach_ifnet_ptr;
 
 void			pfsync_state_export(struct pfsync_state *,
 			    struct pf_state *);

Modified: head/sys/netpfil/pf/if_pfsync.c
==============================================================================
--- head/sys/netpfil/pf/if_pfsync.c	Fri Nov  2 16:53:15 2018	(r340067)
+++ head/sys/netpfil/pf/if_pfsync.c	Fri Nov  2 16:57:23 2018	(r340068)
@@ -281,6 +281,7 @@ static void	pfsync_bulk_status(u_int8_t);
 static void	pfsync_bulk_update(void *);
 static void	pfsync_bulk_fail(void *);
 
+static void	pfsync_detach_ifnet(struct ifnet *);
 #ifdef IPSEC
 static void	pfsync_update_net_tdb(struct pfsync_tdb *);
 #endif
@@ -2292,6 +2293,29 @@ pfsync_multicast_cleanup(struct pfsync_softc *sc)
 	imo->imo_multicast_ifp = NULL;
 }
 
+void
+pfsync_detach_ifnet(struct ifnet *ifp)
+{
+	struct pfsync_softc *sc = V_pfsyncif;
+
+	if (sc == NULL)
+		return;
+
+	PFSYNC_LOCK(sc);
+
+	if (sc->sc_sync_if == ifp) {
+		/* We don't need mutlicast cleanup here, because the interface
+		 * is going away. We do need to ensure we don't try to do
+		 * cleanup later.
+		 */
+		sc->sc_imo.imo_membership = NULL;
+		sc->sc_imo.imo_multicast_ifp = NULL;
+		sc->sc_sync_if = NULL;
+	}
+
+	PFSYNC_UNLOCK(sc);
+}
+
 #ifdef INET
 extern  struct domain inetdomain;
 static struct protosw in_pfsync_protosw = {
@@ -2372,6 +2396,8 @@ pfsync_init()
 #ifdef INET
 	int error;
 
+	pfsync_detach_ifnet_ptr = pfsync_detach_ifnet;
+
 	error = pf_proto_register(PF_INET, &in_pfsync_protosw);
 	if (error)
 		return (error);
@@ -2388,6 +2414,7 @@ pfsync_init()
 static void
 pfsync_uninit()
 {
+	pfsync_detach_ifnet_ptr = NULL;
 
 #ifdef INET
 	ipproto_unregister(IPPROTO_PFSYNC);

Modified: head/sys/netpfil/pf/pf_if.c
==============================================================================
--- head/sys/netpfil/pf/pf_if.c	Fri Nov  2 16:53:15 2018	(r340067)
+++ head/sys/netpfil/pf/pf_if.c	Fri Nov  2 16:57:23 2018	(r340068)
@@ -834,6 +834,9 @@ pfi_detach_ifnet_event(void *arg __unused, struct ifne
 {
 	struct pfi_kif *kif = (struct pfi_kif *)ifp->if_pf_kif;
 
+	if (pfsync_detach_ifnet_ptr)
+		pfsync_detach_ifnet_ptr(ifp);
+
 	if (kif == NULL)
 		return;
 
@@ -841,6 +844,7 @@ pfi_detach_ifnet_event(void *arg __unused, struct ifne
 		/* Avoid teardown race in the least expensive way. */
 		return;
 	}
+
 	PF_RULES_WLOCK();
 	V_pfi_update++;
 	pfi_kif_update(kif);

Modified: head/sys/netpfil/pf/pf_ioctl.c
==============================================================================
--- head/sys/netpfil/pf/pf_ioctl.c	Fri Nov  2 16:53:15 2018	(r340067)
+++ head/sys/netpfil/pf/pf_ioctl.c	Fri Nov  2 16:57:23 2018	(r340068)
@@ -218,6 +218,7 @@ VNET_DEFINE(pfsync_update_state_t *, pfsync_update_sta
 VNET_DEFINE(pfsync_delete_state_t *, pfsync_delete_state_ptr);
 VNET_DEFINE(pfsync_clear_states_t *, pfsync_clear_states_ptr);
 VNET_DEFINE(pfsync_defer_t *, pfsync_defer_ptr);
+pfsync_detach_ifnet_t *pfsync_detach_ifnet_ptr;
 
 /* pflog */
 pflog_packet_t			*pflog_packet_ptr = NULL;

More information about the svn-src-all mailing list