svn commit: r236545 - in projects/pf/head/sys: contrib/pf/net
netinet netinet6 netipsec sys
Gleb Smirnoff
glebius at FreeBSD.org
Mon Jun 4 07:12:12 UTC 2012
Author: glebius
Date: Mon Jun 4 07:12:11 2012
New Revision: 236545
URL: http://svn.freebsd.org/changeset/base/236545
Log:
Remove completely the m_addr_changed() hack, and support of reverse
pointer in pf_state_ket, that ware 'if 0' since beginning of
SMP-friendly pf project. In the new locking scheme we can't reference
state keys from mbuf tags, nor a key can reference another key.
Modified:
projects/pf/head/sys/contrib/pf/net/pf.c
projects/pf/head/sys/contrib/pf/net/pf_ioctl.c
projects/pf/head/sys/contrib/pf/net/pf_mtag.h
projects/pf/head/sys/contrib/pf/net/pfvar.h
projects/pf/head/sys/netinet/in_gif.c
projects/pf/head/sys/netinet/ip_icmp.c
projects/pf/head/sys/netinet/raw_ip.c
projects/pf/head/sys/netinet/tcp_subr.c
projects/pf/head/sys/netinet6/icmp6.c
projects/pf/head/sys/netinet6/in6_gif.c
projects/pf/head/sys/netipsec/ipsec_input.c
projects/pf/head/sys/netipsec/ipsec_output.c
projects/pf/head/sys/netipsec/xform_ipip.c
projects/pf/head/sys/sys/mbuf.h
Modified: projects/pf/head/sys/contrib/pf/net/pf.c
==============================================================================
--- projects/pf/head/sys/contrib/pf/net/pf.c Mon Jun 4 07:08:58 2012 (r236544)
+++ projects/pf/head/sys/contrib/pf/net/pf.c Mon Jun 4 07:12:11 2012 (r236545)
@@ -292,10 +292,6 @@ static void pf_print_state_parts(struc
struct pf_state_key *, struct pf_state_key *);
static int pf_addr_wrap_neq(struct pf_addr_wrap *,
struct pf_addr_wrap *);
-#if 0
-static int pf_compare_state_keys(struct pf_state_key *,
- struct pf_state_key *, struct pfi_kif *, u_int);
-#endif
static struct pf_state *pf_find_state(struct pfi_kif *,
struct pf_state_key_cmp *, u_int);
static int pf_src_connlimit(struct pf_state **);
@@ -955,10 +951,6 @@ pf_state_key_detach(struct pf_state *s,
if (TAILQ_EMPTY(&sk->states[0]) && TAILQ_EMPTY(&sk->states[1])) {
LIST_REMOVE(sk, entry);
-#if 0 /* XXXGL: TODO */
- if (sk->reverse)
- sk->reverse->reverse = NULL;
-#endif
uma_zfree(V_pf_state_key_z, sk);
}
}
@@ -1089,39 +1081,6 @@ pf_find_state_byid(uint64_t id, uint32_t
return (s);
}
-#if 0
-/* XXX debug function, intended to be removed one day */
-static int
-pf_compare_state_keys(struct pf_state_key *a, struct pf_state_key *b,
- struct pfi_kif *kif, u_int dir)
-{
- /* a (from hdr) and b (new) must be exact opposites of each other */
- if (a->af == b->af && a->proto == b->proto &&
- PF_AEQ(&a->addr[0], &b->addr[1], a->af) &&
- PF_AEQ(&a->addr[1], &b->addr[0], a->af) &&
- a->port[0] == b->port[1] &&
- a->port[1] == b->port[0])
- return (0);
- else {
- /* mismatch. must not happen. */
- printf("pf: state key linking mismatch! dir=%s, "
- "if=%s, stored af=%u, a0: ",
- dir == PF_OUT ? "OUT" : "IN", kif->pfik_name, a->af);
- pf_print_host(&a->addr[0], a->port[0], a->af);
- printf(", a1: ");
- pf_print_host(&a->addr[1], a->port[1], a->af);
- printf(", proto=%u", a->proto);
- printf(", found af=%u, a0: ", b->af);
- pf_print_host(&b->addr[0], b->port[0], b->af);
- printf(", a1: ");
- pf_print_host(&b->addr[1], b->port[1], b->af);
- printf(", proto=%u", b->proto);
- printf(".\n");
- return (-1);
- }
-}
-#endif
-
/*
* Find state by key.
* Returns with ID hash slot locked on success.
@@ -1136,27 +1095,6 @@ pf_find_state(struct pfi_kif *kif, struc
V_pf_status.fcounters[FCNT_STATE_SEARCH]++;
-#if 0 /* XXXGL: to do reverse */
- if (dir == PF_OUT && pftag->statekey &&
- ((struct pf_state_key *)pftag->statekey)->reverse)
- sk = ((struct pf_state_key *)pftag->statekey)->reverse;
- else {
- if ((sk = RB_FIND(pf_state_tree, &V_pf_statetbl,
- (struct pf_state_key *)key)) == NULL) {
- return (NULL);
- }
- if (dir == PF_OUT && pftag->statekey &&
- pf_compare_state_keys(pftag->statekey, sk,
- kif, dir) == 0) {
- ((struct pf_state_key *)
- pftag->statekey)->reverse = sk;
- sk->reverse = pftag->statekey;
- }
- }
-
- if (dir == PF_OUT)
- pftag->statekey = NULL;
-#endif
kh = &V_pf_keyhash[pf_hashkey((struct pf_state_key *)key)];
PF_HASHROW_LOCK(kh);
@@ -5726,11 +5664,6 @@ done:
if ((s && s->tag) || r->rtableid >= 0)
pf_tag_packet(m, s ? s->tag : 0, r->rtableid, pd.pf_mtag);
-#if 0 /* XXXGL: to do reverse */
- if (dir == PF_IN && s && s->key[PF_SK_STACK])
- pd.pf_mtag->statekey = s->key[PF_SK_STACK];
-#endif
-
#ifdef ALTQ
if (action == PF_PASS && r->qid) {
if (pqid || (pd.tos & IPTOS_LOWDELAY))
@@ -6142,11 +6075,6 @@ done:
if ((s && s->tag) || r->rtableid >= 0)
pf_tag_packet(m, s ? s->tag : 0, r->rtableid, pd.pf_mtag);
-#if 0 /* XXXGL: to do reverse */
- if (dir == PF_IN && s && s->key[PF_SK_STACK])
- pd.pf_mtag->statekey = s->key[PF_SK_STACK];
-#endif
-
#ifdef ALTQ
if (action == PF_PASS && r->qid) {
if (pd.tos & IPTOS_LOWDELAY)
Modified: projects/pf/head/sys/contrib/pf/net/pf_ioctl.c
==============================================================================
--- projects/pf/head/sys/contrib/pf/net/pf_ioctl.c Mon Jun 4 07:08:58 2012 (r236544)
+++ projects/pf/head/sys/contrib/pf/net/pf_ioctl.c Mon Jun 4 07:12:11 2012 (r236545)
@@ -134,7 +134,6 @@ static int pf_commit_rules(u_int32_t,
static int pf_addr_setup(struct pf_ruleset *,
struct pf_addr_wrap *, sa_family_t);
static void pf_addr_copyout(struct pf_addr_wrap *);
-static void pf_pkt_addr_changed(struct mbuf *);
VNET_DEFINE(struct pf_rule, pf_default_rule);
VNET_DEFINE(struct sx, pf_consistency_lock);
@@ -307,8 +306,6 @@ pfattach(void)
/* XXXGL: leaked all above. */
return (error);
- m_addr_chg_pf_p = pf_pkt_addr_changed;
-
return (0);
}
@@ -3730,20 +3727,6 @@ dehook_pf(void)
return (0);
}
-/*
- * Must be called whenever any addressing information such as
- * address, port, protocol has changed.
- */
-static void
-pf_pkt_addr_changed(struct mbuf *m)
-{
-#if 0 /* XXXGL */
- struct pf_mtag *pf_tag;
- if ((pf_tag = pf_find_mtag(m)) != NULL)
- pf_tag->statekey = NULL;
-#endif
-}
-
static int
pf_load(void)
{
@@ -3778,7 +3761,6 @@ pf_unload(void)
PF_RULES_WLOCK();
V_pf_status.running = 0;
PF_RULES_WUNLOCK();
- m_addr_chg_pf_p = NULL;
swi_remove(V_pf_swi_cookie);
error = dehook_pf();
if (error) {
Modified: projects/pf/head/sys/contrib/pf/net/pf_mtag.h
==============================================================================
--- projects/pf/head/sys/contrib/pf/net/pf_mtag.h Mon Jun 4 07:08:58 2012 (r236544)
+++ projects/pf/head/sys/contrib/pf/net/pf_mtag.h Mon Jun 4 07:12:11 2012 (r236545)
@@ -42,9 +42,6 @@
struct pf_mtag {
void *hdr; /* saved hdr pos in mbuf, for ECN */
-#if 0
- void *statekey; /* pf stackside statekey */
-#endif
u_int32_t qid; /* queue id */
u_int rtableid; /* alternate routing table id */
u_int16_t tag; /* tag id */
Modified: projects/pf/head/sys/contrib/pf/net/pfvar.h
==============================================================================
--- projects/pf/head/sys/contrib/pf/net/pfvar.h Mon Jun 4 07:08:58 2012 (r236544)
+++ projects/pf/head/sys/contrib/pf/net/pfvar.h Mon Jun 4 07:12:11 2012 (r236545)
@@ -778,9 +778,6 @@ struct pf_state_key {
LIST_ENTRY(pf_state_key) entry;
TAILQ_HEAD(, pf_state) states[2];
-#if 0 /* XXXGL: TODO */
- struct pf_state_key *reverse;
-#endif
};
/* Keep synced with struct pf_state. */
Modified: projects/pf/head/sys/netinet/in_gif.c
==============================================================================
--- projects/pf/head/sys/netinet/in_gif.c Mon Jun 4 07:08:58 2012 (r236544)
+++ projects/pf/head/sys/netinet/in_gif.c Mon Jun 4 07:12:11 2012 (r236545)
@@ -256,8 +256,6 @@ in_gif_output(struct ifnet *ifp, int fam
#endif
}
- m_addr_changed(m);
-
error = ip_output(m, NULL, &sc->gif_ro, 0, NULL, NULL);
if (!(GIF2IFP(sc)->if_flags & IFF_LINK0) &&
Modified: projects/pf/head/sys/netinet/ip_icmp.c
==============================================================================
--- projects/pf/head/sys/netinet/ip_icmp.c Mon Jun 4 07:08:58 2012 (r236544)
+++ projects/pf/head/sys/netinet/ip_icmp.c Mon Jun 4 07:12:11 2012 (r236545)
@@ -675,8 +675,6 @@ icmp_reflect(struct mbuf *m)
goto done; /* Ip_output() will check for broadcast */
}
- m_addr_changed(m);
-
t = ip->ip_dst;
ip->ip_dst = ip->ip_src;
Modified: projects/pf/head/sys/netinet/raw_ip.c
==============================================================================
--- projects/pf/head/sys/netinet/raw_ip.c Mon Jun 4 07:08:58 2012 (r236544)
+++ projects/pf/head/sys/netinet/raw_ip.c Mon Jun 4 07:12:11 2012 (r236545)
@@ -100,9 +100,6 @@ void (*ip_divert_ptr)(struct mbuf *, int
int (*ng_ipfw_input_p)(struct mbuf **, int,
struct ip_fw_args *, int);
-/* Hook for telling pf that the destination address changed */
-void (*m_addr_chg_pf_p)(struct mbuf *m);
-
#ifdef INET
/*
* Hooks for multicast routing. They all default to NULL, so leave them not
Modified: projects/pf/head/sys/netinet/tcp_subr.c
==============================================================================
--- projects/pf/head/sys/netinet/tcp_subr.c Mon Jun 4 07:08:58 2012 (r236544)
+++ projects/pf/head/sys/netinet/tcp_subr.c Mon Jun 4 07:12:11 2012 (r236545)
@@ -542,7 +542,6 @@ tcp_respond(struct tcpcb *tp, void *ipge
m_freem(m->m_next);
m->m_next = NULL;
m->m_data = (caddr_t)ipgen;
- m_addr_changed(m);
/* m_len is set later */
tlen = 0;
#define xchg(a,b,type) { type t; t=a; a=b; b=t; }
Modified: projects/pf/head/sys/netinet6/icmp6.c
==============================================================================
--- projects/pf/head/sys/netinet6/icmp6.c Mon Jun 4 07:08:58 2012 (r236544)
+++ projects/pf/head/sys/netinet6/icmp6.c Mon Jun 4 07:12:11 2012 (r236545)
@@ -1177,8 +1177,6 @@ icmp6_notify_error(struct mbuf **mp, int
ip6cp.ip6c_src = &icmp6src;
ip6cp.ip6c_nxt = nxt;
- m_addr_changed(m);
-
if (icmp6type == ICMP6_PACKET_TOO_BIG) {
notifymtu = ntohl(icmp6->icmp6_mtu);
ip6cp.ip6c_cmdarg = (void *)¬ifymtu;
@@ -2298,8 +2296,6 @@ icmp6_reflect(struct mbuf *m, size_t off
m->m_flags &= ~(M_BCAST|M_MCAST);
- m_addr_changed(m);
-
ip6_output(m, NULL, NULL, 0, NULL, &outif, NULL);
if (outif)
icmp6_ifoutstat_inc(outif, type, code);
Modified: projects/pf/head/sys/netinet6/in6_gif.c
==============================================================================
--- projects/pf/head/sys/netinet6/in6_gif.c Mon Jun 4 07:08:58 2012 (r236544)
+++ projects/pf/head/sys/netinet6/in6_gif.c Mon Jun 4 07:12:11 2012 (r236545)
@@ -264,8 +264,6 @@ in6_gif_output(struct ifnet *ifp,
#endif
}
- m_addr_changed(m);
-
#ifdef IPV6_MINMTU
/*
* force fragmentation to minimum MTU, to avoid path MTU discovery.
Modified: projects/pf/head/sys/netipsec/ipsec_input.c
==============================================================================
--- projects/pf/head/sys/netipsec/ipsec_input.c Mon Jun 4 07:08:58 2012 (r236544)
+++ projects/pf/head/sys/netipsec/ipsec_input.c Mon Jun 4 07:12:11 2012 (r236545)
@@ -473,8 +473,6 @@ ipsec4_common_input_cb(struct mbuf *m, s
key_sa_recordxfer(sav, m); /* record data transfer */
- m_addr_changed(m);
-
#ifdef DEV_ENC
encif->if_ipackets++;
encif->if_ibytes += m->m_pkthdr.len;
Modified: projects/pf/head/sys/netipsec/ipsec_output.c
==============================================================================
--- projects/pf/head/sys/netipsec/ipsec_output.c Mon Jun 4 07:08:58 2012 (r236544)
+++ projects/pf/head/sys/netipsec/ipsec_output.c Mon Jun 4 07:12:11 2012 (r236545)
@@ -191,8 +191,6 @@ ipsec_process_done(struct mbuf *m, struc
}
key_sa_recordxfer(sav, m); /* record data transfer */
- m_addr_changed(m);
-
/*
* We're done with IPsec processing, transmit the packet using the
* appropriate network protocol (IP or IPv6). SPD lookup will be
Modified: projects/pf/head/sys/netipsec/xform_ipip.c
==============================================================================
--- projects/pf/head/sys/netipsec/xform_ipip.c Mon Jun 4 07:08:58 2012 (r236544)
+++ projects/pf/head/sys/netipsec/xform_ipip.c Mon Jun 4 07:12:11 2012 (r236545)
@@ -392,8 +392,6 @@ _ipip_input(struct mbuf *m, int iphlen,
panic("%s: bogus ip version %u", __func__, v>>4);
}
- m_addr_changed(m);
-
if (netisr_queue(isr, m)) { /* (0) on success. */
V_ipipstat.ipips_qfull++;
DPRINTF(("%s: packet dropped because of full queue\n",
Modified: projects/pf/head/sys/sys/mbuf.h
==============================================================================
--- projects/pf/head/sys/sys/mbuf.h Mon Jun 4 07:08:58 2012 (r236544)
+++ projects/pf/head/sys/sys/mbuf.h Mon Jun 4 07:12:11 2012 (r236545)
@@ -740,16 +740,6 @@ m_last(struct mbuf *m)
return (m);
}
-extern void (*m_addr_chg_pf_p)(struct mbuf *m);
-
-static __inline void
-m_addr_changed(struct mbuf *m)
-{
-
- if (m_addr_chg_pf_p)
- m_addr_chg_pf_p(m);
-}
-
/*
* mbuf, cluster, and external object allocation macros (for compatibility
* purposes).
More information about the svn-src-projects
mailing list