From owner-svn-src-projects@FreeBSD.ORG Mon Jun 4 07:12:12 2012 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 31DDB1065670; Mon, 4 Jun 2012 07:12:12 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 1BC348FC21; Mon, 4 Jun 2012 07:12:12 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q547CBUS011778; Mon, 4 Jun 2012 07:12:11 GMT (envelope-from glebius@svn.freebsd.org) Received: (from glebius@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q547CBu9011763; Mon, 4 Jun 2012 07:12:11 GMT (envelope-from glebius@svn.freebsd.org) Message-Id: <201206040712.q547CBu9011763@svn.freebsd.org> From: Gleb Smirnoff Date: Mon, 4 Jun 2012 07:12:11 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r236545 - in projects/pf/head/sys: contrib/pf/net netinet netinet6 netipsec sys X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Jun 2012 07:12:12 -0000 Author: glebius Date: Mon Jun 4 07:12:11 2012 New Revision: 236545 URL: http://svn.freebsd.org/changeset/base/236545 Log: Remove completely the m_addr_changed() hack, and support of reverse pointer in pf_state_ket, that ware 'if 0' since beginning of SMP-friendly pf project. In the new locking scheme we can't reference state keys from mbuf tags, nor a key can reference another key. Modified: projects/pf/head/sys/contrib/pf/net/pf.c projects/pf/head/sys/contrib/pf/net/pf_ioctl.c projects/pf/head/sys/contrib/pf/net/pf_mtag.h projects/pf/head/sys/contrib/pf/net/pfvar.h projects/pf/head/sys/netinet/in_gif.c projects/pf/head/sys/netinet/ip_icmp.c projects/pf/head/sys/netinet/raw_ip.c projects/pf/head/sys/netinet/tcp_subr.c projects/pf/head/sys/netinet6/icmp6.c projects/pf/head/sys/netinet6/in6_gif.c projects/pf/head/sys/netipsec/ipsec_input.c projects/pf/head/sys/netipsec/ipsec_output.c projects/pf/head/sys/netipsec/xform_ipip.c projects/pf/head/sys/sys/mbuf.h Modified: projects/pf/head/sys/contrib/pf/net/pf.c ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pf.c Mon Jun 4 07:08:58 2012 (r236544) +++ projects/pf/head/sys/contrib/pf/net/pf.c Mon Jun 4 07:12:11 2012 (r236545) @@ -292,10 +292,6 @@ static void pf_print_state_parts(struc struct pf_state_key *, struct pf_state_key *); static int pf_addr_wrap_neq(struct pf_addr_wrap *, struct pf_addr_wrap *); -#if 0 -static int pf_compare_state_keys(struct pf_state_key *, - struct pf_state_key *, struct pfi_kif *, u_int); -#endif static struct pf_state *pf_find_state(struct pfi_kif *, struct pf_state_key_cmp *, u_int); static int pf_src_connlimit(struct pf_state **); @@ -955,10 +951,6 @@ pf_state_key_detach(struct pf_state *s, if (TAILQ_EMPTY(&sk->states[0]) && TAILQ_EMPTY(&sk->states[1])) { LIST_REMOVE(sk, entry); -#if 0 /* XXXGL: TODO */ - if (sk->reverse) - sk->reverse->reverse = NULL; -#endif uma_zfree(V_pf_state_key_z, sk); } } @@ -1089,39 +1081,6 @@ pf_find_state_byid(uint64_t id, uint32_t return (s); } -#if 0 -/* XXX debug function, intended to be removed one day */ -static int -pf_compare_state_keys(struct pf_state_key *a, struct pf_state_key *b, - struct pfi_kif *kif, u_int dir) -{ - /* a (from hdr) and b (new) must be exact opposites of each other */ - if (a->af == b->af && a->proto == b->proto && - PF_AEQ(&a->addr[0], &b->addr[1], a->af) && - PF_AEQ(&a->addr[1], &b->addr[0], a->af) && - a->port[0] == b->port[1] && - a->port[1] == b->port[0]) - return (0); - else { - /* mismatch. must not happen. */ - printf("pf: state key linking mismatch! dir=%s, " - "if=%s, stored af=%u, a0: ", - dir == PF_OUT ? "OUT" : "IN", kif->pfik_name, a->af); - pf_print_host(&a->addr[0], a->port[0], a->af); - printf(", a1: "); - pf_print_host(&a->addr[1], a->port[1], a->af); - printf(", proto=%u", a->proto); - printf(", found af=%u, a0: ", b->af); - pf_print_host(&b->addr[0], b->port[0], b->af); - printf(", a1: "); - pf_print_host(&b->addr[1], b->port[1], b->af); - printf(", proto=%u", b->proto); - printf(".\n"); - return (-1); - } -} -#endif - /* * Find state by key. * Returns with ID hash slot locked on success. @@ -1136,27 +1095,6 @@ pf_find_state(struct pfi_kif *kif, struc V_pf_status.fcounters[FCNT_STATE_SEARCH]++; -#if 0 /* XXXGL: to do reverse */ - if (dir == PF_OUT && pftag->statekey && - ((struct pf_state_key *)pftag->statekey)->reverse) - sk = ((struct pf_state_key *)pftag->statekey)->reverse; - else { - if ((sk = RB_FIND(pf_state_tree, &V_pf_statetbl, - (struct pf_state_key *)key)) == NULL) { - return (NULL); - } - if (dir == PF_OUT && pftag->statekey && - pf_compare_state_keys(pftag->statekey, sk, - kif, dir) == 0) { - ((struct pf_state_key *) - pftag->statekey)->reverse = sk; - sk->reverse = pftag->statekey; - } - } - - if (dir == PF_OUT) - pftag->statekey = NULL; -#endif kh = &V_pf_keyhash[pf_hashkey((struct pf_state_key *)key)]; PF_HASHROW_LOCK(kh); @@ -5726,11 +5664,6 @@ done: if ((s && s->tag) || r->rtableid >= 0) pf_tag_packet(m, s ? s->tag : 0, r->rtableid, pd.pf_mtag); -#if 0 /* XXXGL: to do reverse */ - if (dir == PF_IN && s && s->key[PF_SK_STACK]) - pd.pf_mtag->statekey = s->key[PF_SK_STACK]; -#endif - #ifdef ALTQ if (action == PF_PASS && r->qid) { if (pqid || (pd.tos & IPTOS_LOWDELAY)) @@ -6142,11 +6075,6 @@ done: if ((s && s->tag) || r->rtableid >= 0) pf_tag_packet(m, s ? s->tag : 0, r->rtableid, pd.pf_mtag); -#if 0 /* XXXGL: to do reverse */ - if (dir == PF_IN && s && s->key[PF_SK_STACK]) - pd.pf_mtag->statekey = s->key[PF_SK_STACK]; -#endif - #ifdef ALTQ if (action == PF_PASS && r->qid) { if (pd.tos & IPTOS_LOWDELAY) Modified: projects/pf/head/sys/contrib/pf/net/pf_ioctl.c ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pf_ioctl.c Mon Jun 4 07:08:58 2012 (r236544) +++ projects/pf/head/sys/contrib/pf/net/pf_ioctl.c Mon Jun 4 07:12:11 2012 (r236545) @@ -134,7 +134,6 @@ static int pf_commit_rules(u_int32_t, static int pf_addr_setup(struct pf_ruleset *, struct pf_addr_wrap *, sa_family_t); static void pf_addr_copyout(struct pf_addr_wrap *); -static void pf_pkt_addr_changed(struct mbuf *); VNET_DEFINE(struct pf_rule, pf_default_rule); VNET_DEFINE(struct sx, pf_consistency_lock); @@ -307,8 +306,6 @@ pfattach(void) /* XXXGL: leaked all above. */ return (error); - m_addr_chg_pf_p = pf_pkt_addr_changed; - return (0); } @@ -3730,20 +3727,6 @@ dehook_pf(void) return (0); } -/* - * Must be called whenever any addressing information such as - * address, port, protocol has changed. - */ -static void -pf_pkt_addr_changed(struct mbuf *m) -{ -#if 0 /* XXXGL */ - struct pf_mtag *pf_tag; - if ((pf_tag = pf_find_mtag(m)) != NULL) - pf_tag->statekey = NULL; -#endif -} - static int pf_load(void) { @@ -3778,7 +3761,6 @@ pf_unload(void) PF_RULES_WLOCK(); V_pf_status.running = 0; PF_RULES_WUNLOCK(); - m_addr_chg_pf_p = NULL; swi_remove(V_pf_swi_cookie); error = dehook_pf(); if (error) { Modified: projects/pf/head/sys/contrib/pf/net/pf_mtag.h ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pf_mtag.h Mon Jun 4 07:08:58 2012 (r236544) +++ projects/pf/head/sys/contrib/pf/net/pf_mtag.h Mon Jun 4 07:12:11 2012 (r236545) @@ -42,9 +42,6 @@ struct pf_mtag { void *hdr; /* saved hdr pos in mbuf, for ECN */ -#if 0 - void *statekey; /* pf stackside statekey */ -#endif u_int32_t qid; /* queue id */ u_int rtableid; /* alternate routing table id */ u_int16_t tag; /* tag id */ Modified: projects/pf/head/sys/contrib/pf/net/pfvar.h ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pfvar.h Mon Jun 4 07:08:58 2012 (r236544) +++ projects/pf/head/sys/contrib/pf/net/pfvar.h Mon Jun 4 07:12:11 2012 (r236545) @@ -778,9 +778,6 @@ struct pf_state_key { LIST_ENTRY(pf_state_key) entry; TAILQ_HEAD(, pf_state) states[2]; -#if 0 /* XXXGL: TODO */ - struct pf_state_key *reverse; -#endif }; /* Keep synced with struct pf_state. */ Modified: projects/pf/head/sys/netinet/in_gif.c ============================================================================== --- projects/pf/head/sys/netinet/in_gif.c Mon Jun 4 07:08:58 2012 (r236544) +++ projects/pf/head/sys/netinet/in_gif.c Mon Jun 4 07:12:11 2012 (r236545) @@ -256,8 +256,6 @@ in_gif_output(struct ifnet *ifp, int fam #endif } - m_addr_changed(m); - error = ip_output(m, NULL, &sc->gif_ro, 0, NULL, NULL); if (!(GIF2IFP(sc)->if_flags & IFF_LINK0) && Modified: projects/pf/head/sys/netinet/ip_icmp.c ============================================================================== --- projects/pf/head/sys/netinet/ip_icmp.c Mon Jun 4 07:08:58 2012 (r236544) +++ projects/pf/head/sys/netinet/ip_icmp.c Mon Jun 4 07:12:11 2012 (r236545) @@ -675,8 +675,6 @@ icmp_reflect(struct mbuf *m) goto done; /* Ip_output() will check for broadcast */ } - m_addr_changed(m); - t = ip->ip_dst; ip->ip_dst = ip->ip_src; Modified: projects/pf/head/sys/netinet/raw_ip.c ============================================================================== --- projects/pf/head/sys/netinet/raw_ip.c Mon Jun 4 07:08:58 2012 (r236544) +++ projects/pf/head/sys/netinet/raw_ip.c Mon Jun 4 07:12:11 2012 (r236545) @@ -100,9 +100,6 @@ void (*ip_divert_ptr)(struct mbuf *, int int (*ng_ipfw_input_p)(struct mbuf **, int, struct ip_fw_args *, int); -/* Hook for telling pf that the destination address changed */ -void (*m_addr_chg_pf_p)(struct mbuf *m); - #ifdef INET /* * Hooks for multicast routing. They all default to NULL, so leave them not Modified: projects/pf/head/sys/netinet/tcp_subr.c ============================================================================== --- projects/pf/head/sys/netinet/tcp_subr.c Mon Jun 4 07:08:58 2012 (r236544) +++ projects/pf/head/sys/netinet/tcp_subr.c Mon Jun 4 07:12:11 2012 (r236545) @@ -542,7 +542,6 @@ tcp_respond(struct tcpcb *tp, void *ipge m_freem(m->m_next); m->m_next = NULL; m->m_data = (caddr_t)ipgen; - m_addr_changed(m); /* m_len is set later */ tlen = 0; #define xchg(a,b,type) { type t; t=a; a=b; b=t; } Modified: projects/pf/head/sys/netinet6/icmp6.c ============================================================================== --- projects/pf/head/sys/netinet6/icmp6.c Mon Jun 4 07:08:58 2012 (r236544) +++ projects/pf/head/sys/netinet6/icmp6.c Mon Jun 4 07:12:11 2012 (r236545) @@ -1177,8 +1177,6 @@ icmp6_notify_error(struct mbuf **mp, int ip6cp.ip6c_src = &icmp6src; ip6cp.ip6c_nxt = nxt; - m_addr_changed(m); - if (icmp6type == ICMP6_PACKET_TOO_BIG) { notifymtu = ntohl(icmp6->icmp6_mtu); ip6cp.ip6c_cmdarg = (void *)¬ifymtu; @@ -2298,8 +2296,6 @@ icmp6_reflect(struct mbuf *m, size_t off m->m_flags &= ~(M_BCAST|M_MCAST); - m_addr_changed(m); - ip6_output(m, NULL, NULL, 0, NULL, &outif, NULL); if (outif) icmp6_ifoutstat_inc(outif, type, code); Modified: projects/pf/head/sys/netinet6/in6_gif.c ============================================================================== --- projects/pf/head/sys/netinet6/in6_gif.c Mon Jun 4 07:08:58 2012 (r236544) +++ projects/pf/head/sys/netinet6/in6_gif.c Mon Jun 4 07:12:11 2012 (r236545) @@ -264,8 +264,6 @@ in6_gif_output(struct ifnet *ifp, #endif } - m_addr_changed(m); - #ifdef IPV6_MINMTU /* * force fragmentation to minimum MTU, to avoid path MTU discovery. Modified: projects/pf/head/sys/netipsec/ipsec_input.c ============================================================================== --- projects/pf/head/sys/netipsec/ipsec_input.c Mon Jun 4 07:08:58 2012 (r236544) +++ projects/pf/head/sys/netipsec/ipsec_input.c Mon Jun 4 07:12:11 2012 (r236545) @@ -473,8 +473,6 @@ ipsec4_common_input_cb(struct mbuf *m, s key_sa_recordxfer(sav, m); /* record data transfer */ - m_addr_changed(m); - #ifdef DEV_ENC encif->if_ipackets++; encif->if_ibytes += m->m_pkthdr.len; Modified: projects/pf/head/sys/netipsec/ipsec_output.c ============================================================================== --- projects/pf/head/sys/netipsec/ipsec_output.c Mon Jun 4 07:08:58 2012 (r236544) +++ projects/pf/head/sys/netipsec/ipsec_output.c Mon Jun 4 07:12:11 2012 (r236545) @@ -191,8 +191,6 @@ ipsec_process_done(struct mbuf *m, struc } key_sa_recordxfer(sav, m); /* record data transfer */ - m_addr_changed(m); - /* * We're done with IPsec processing, transmit the packet using the * appropriate network protocol (IP or IPv6). SPD lookup will be Modified: projects/pf/head/sys/netipsec/xform_ipip.c ============================================================================== --- projects/pf/head/sys/netipsec/xform_ipip.c Mon Jun 4 07:08:58 2012 (r236544) +++ projects/pf/head/sys/netipsec/xform_ipip.c Mon Jun 4 07:12:11 2012 (r236545) @@ -392,8 +392,6 @@ _ipip_input(struct mbuf *m, int iphlen, panic("%s: bogus ip version %u", __func__, v>>4); } - m_addr_changed(m); - if (netisr_queue(isr, m)) { /* (0) on success. */ V_ipipstat.ipips_qfull++; DPRINTF(("%s: packet dropped because of full queue\n", Modified: projects/pf/head/sys/sys/mbuf.h ============================================================================== --- projects/pf/head/sys/sys/mbuf.h Mon Jun 4 07:08:58 2012 (r236544) +++ projects/pf/head/sys/sys/mbuf.h Mon Jun 4 07:12:11 2012 (r236545) @@ -740,16 +740,6 @@ m_last(struct mbuf *m) return (m); } -extern void (*m_addr_chg_pf_p)(struct mbuf *m); - -static __inline void -m_addr_changed(struct mbuf *m) -{ - - if (m_addr_chg_pf_p) - m_addr_chg_pf_p(m); -} - /* * mbuf, cluster, and external object allocation macros (for compatibility * purposes).