svn commit: r270577 - stable/10/sys/netpfil/pf

Gleb Smirnoff glebius at FreeBSD.org
Mon Aug 25 15:51:08 UTC 2014 

Author: glebius
Date: Mon Aug 25 15:51:07 2014
New Revision: 270577
URL: http://svnweb.freebsd.org/changeset/base/270577

Log:
  Merge r270023 from head:
    Do not lookup source node twice when pf_map_addr() is used.
  
    PR:           184003
    Submitted by: Kajetan Staszkiewicz <vegeta tuxpowered.net>
    Sponsored by: InnoGames GmbH

Modified:
  stable/10/sys/netpfil/pf/pf.c
  stable/10/sys/netpfil/pf/pf_lb.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sys/netpfil/pf/pf.c
==============================================================================
--- stable/10/sys/netpfil/pf/pf.c	Mon Aug 25 15:49:41 2014	(r270576)
+++ stable/10/sys/netpfil/pf/pf.c	Mon Aug 25 15:51:07 2014	(r270577)
@@ -3521,8 +3521,6 @@ pf_create_state(struct pf_rule *r, struc
 	}
 
 	if (r->rt && r->rt != PF_FASTROUTE) {
-		struct pf_src_node *sn = NULL;
-
 		if (pf_map_addr(pd->af, r, pd->src, &s->rt_addr, NULL, &sn)) {
 			REASON_SET(&reason, PFRES_MAPFAILED);
 			pf_src_tree_remove_state(s);

Modified: stable/10/sys/netpfil/pf/pf_lb.c
==============================================================================
--- stable/10/sys/netpfil/pf/pf_lb.c	Mon Aug 25 15:49:41 2014	(r270576)
+++ stable/10/sys/netpfil/pf/pf_lb.c	Mon Aug 25 15:51:07 2014	(r270577)
@@ -307,22 +307,30 @@ pf_map_addr(sa_family_t af, struct pf_ru
 	struct pf_pool		*rpool = &r->rpool;
 	struct pf_addr		*raddr = NULL, *rmask = NULL;
 
+	/* Try to find a src_node if none was given and this
+	   is a sticky-address rule. */
 	if (*sn == NULL && r->rpool.opts & PF_POOL_STICKYADDR &&
-	    (r->rpool.opts & PF_POOL_TYPEMASK) != PF_POOL_NONE) {
+	    (r->rpool.opts & PF_POOL_TYPEMASK) != PF_POOL_NONE)
 		*sn = pf_find_src_node(saddr, r, af, 0);
-		if (*sn != NULL && !PF_AZERO(&(*sn)->raddr, af)) {
-			PF_ACPY(naddr, &(*sn)->raddr, af);
-			if (V_pf_status.debug >= PF_DEBUG_MISC) {
-				printf("pf_map_addr: src tracking maps ");
-				pf_print_host(saddr, 0, af);
-				printf(" to ");
-				pf_print_host(naddr, 0, af);
-				printf("\n");
-			}
-			return (0);
+
+	/* If a src_node was found or explicitly given and it has a non-zero
+	   route address, use this address. A zeroed address is found if the
+	   src node was created just a moment ago in pf_create_state and it
+	   needs to be filled in with routing decision calculated here. */
+	if (*sn != NULL && !PF_AZERO(&(*sn)->raddr, af)) {
+		PF_ACPY(naddr, &(*sn)->raddr, af);
+		if (V_pf_status.debug >= PF_DEBUG_MISC) {
+			printf("pf_map_addr: src tracking maps ");
+			pf_print_host(saddr, 0, af);
+			printf(" to ");
+			pf_print_host(naddr, 0, af);
+			printf("\n");
 		}
+		return (0);
 	}
 
+	/* Find the route using chosen algorithm. Store the found route
+	   in src_node if it was given or found. */
 	if (rpool->cur->addr.type == PF_ADDR_NOROUTE)
 		return (1);
 	if (rpool->cur->addr.type == PF_ADDR_DYNIFTL) {

More information about the svn-src-stable mailing list