From owner-svn-src-stable@freebsd.org Tue Nov 17 01:02:01 2020 Return-Path: Delivered-To: svn-src-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3403B4771C0; Tue, 17 Nov 2020 01:02:01 +0000 (UTC) (envelope-from gnn@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CZnhn12X1z4qR5; Tue, 17 Nov 2020 01:02:01 +0000 (UTC) (envelope-from gnn@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 15FE4174CD; Tue, 17 Nov 2020 01:02:01 +0000 (UTC) (envelope-from gnn@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0AH1209P008486; Tue, 17 Nov 2020 01:02:00 GMT (envelope-from gnn@FreeBSD.org) Received: (from gnn@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0AH120Ul008484; Tue, 17 Nov 2020 01:02:00 GMT (envelope-from gnn@FreeBSD.org) Message-Id: <202011170102.0AH120Ul008484@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gnn set sender to gnn@FreeBSD.org using -f From: "George V. Neville-Neil" Date: Tue, 17 Nov 2020 01:02:00 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r367740 - stable/12/sys/netinet X-SVN-Group: stable-12 X-SVN-Commit-Author: gnn X-SVN-Commit-Paths: stable/12/sys/netinet X-SVN-Commit-Revision: 367740 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Nov 2020 01:02:01 -0000 Author: gnn Date: Tue Nov 17 01:02:00 2020 New Revision: 367740 URL: https://svnweb.freebsd.org/changeset/base/367740 Log: MFC: 367628, 367635, 367645 An earlier commit effectively turned out the fast forwading path due to its lack of support for ICMP redirects. The following commit adds redirects to the fastforward path, again allowing for decent forwarding performance in the kernel. Reviewed by: ae, melifaro (also helped with the MFC) Sponsored by: Rubicon Communications, LLC (d/b/a "Netgate") Modified: stable/12/sys/netinet/ip_fastfwd.c stable/12/sys/netinet/ip_input.c stable/12/sys/netinet/ip_var.h Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/netinet/ip_fastfwd.c ============================================================================== --- stable/12/sys/netinet/ip_fastfwd.c Tue Nov 17 00:35:59 2020 (r367739) +++ stable/12/sys/netinet/ip_fastfwd.c Tue Nov 17 01:02:00 2020 (r367740) @@ -110,6 +110,62 @@ __FBSDID("$FreeBSD$"); #include +#define V_ipsendredirects VNET(ipsendredirects) + +struct mbuf * +ip_redir_alloc(struct mbuf *m, struct ip *ip, struct in_addr dest, + in_addr_t *addr); + + +struct mbuf * +ip_redir_alloc(struct mbuf *m, struct ip *ip, struct in_addr dest, + in_addr_t *addr) +{ + struct sockaddr_in s; + struct nhop4_extended nh; + struct mbuf *mcopy = m_gethdr(M_NOWAIT, m->m_type); + + if (mcopy == NULL) + return (NULL); + + if (fib4_lookup_nh_ext(M_GETFIB(m), dest, 0, 0, &nh) != 0) + return (NULL); + + if (m_dup_pkthdr(mcopy, m, M_NOWAIT) == 0) { + /* + * It's probably ok if the pkthdr dup fails (because + * the deep copy of the tag chain failed), but for now + * be conservative and just discard the copy since + * code below may some day want the tags. + */ + m_free(mcopy); + return (NULL); + } + mcopy->m_len = min(ntohs(ip->ip_len), M_TRAILINGSPACE(mcopy)); + mcopy->m_pkthdr.len = mcopy->m_len; + m_copydata(m, 0, mcopy->m_len, mtod(mcopy, caddr_t)); + + s.sin_len = sizeof(struct sockaddr_in); + s.sin_family= AF_INET; + s.sin_addr = nh.nh_src; + + if (((nh.nh_flags & (NHF_REDIRECT|NHF_DEFAULT)) == 0)) { + struct in_ifaddr *nh_ia = (struct in_ifaddr *)ifaof_ifpforaddr((struct sockaddr *)&s, nh.nh_ifp); + u_long src = ntohl(ip->ip_src.s_addr); + + if (nh_ia != NULL && (src & nh_ia->ia_subnetmask) == nh_ia->ia_subnet) { + if (nh.nh_flags & NHF_GATEWAY) + *addr = nh.nh_addr.s_addr; + else + *addr = ip->ip_dst.s_addr; + } + } + + + return (mcopy); +} + + static int ip_findroute(struct nhop4_basic *pnh, struct in_addr dest, struct mbuf *m) { @@ -157,7 +213,8 @@ ip_tryforward(struct mbuf *m) uint16_t ip_len, ip_off; int error = 0; struct m_tag *fwd_tag = NULL; - + struct mbuf *mcopy = NULL; + struct in_addr redest; /* * Are we active and forwarding packets? */ @@ -381,6 +438,13 @@ passout: dst.sin_addr = nh.nh_addr; /* + * Handle redirect case. + */ + redest.s_addr = 0; + if (V_ipsendredirects && (nh.nh_ifp == m->m_pkthdr.rcvif)) + mcopy = ip_redir_alloc(m, ip, dest, &redest.s_addr); + + /* * Check if packet fits MTU or if hardware will fragment for us */ if (ip_len <= nh.nh_mtu) { @@ -450,7 +514,16 @@ passout: IPSTAT_INC(ips_forward); IPSTAT_INC(ips_fastforward); } + + /* Send required redirect */ + if (mcopy != NULL) { + icmp_error(mcopy, ICMP_REDIRECT, ICMP_REDIRECT_HOST, redest.s_addr, 0); + mcopy = NULL; /* Freed by caller */ + } + consumed: + if (mcopy != NULL) + m_freem(mcopy); return NULL; drop: if (m) Modified: stable/12/sys/netinet/ip_input.c ============================================================================== --- stable/12/sys/netinet/ip_input.c Tue Nov 17 00:35:59 2020 (r367739) +++ stable/12/sys/netinet/ip_input.c Tue Nov 17 01:02:00 2020 (r367740) @@ -109,8 +109,11 @@ SYSCTL_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, &VNET_NAME(ipforwarding), 0, "Enable IP forwarding between interfaces"); -VNET_DEFINE_STATIC(int, ipsendredirects) = 1; /* XXX */ -#define V_ipsendredirects VNET(ipsendredirects) +/* + * Respond with an ICMP host redirect when we forward a packet out of + * the same interface on which it was received. See RFC 792. + */ +VNET_DEFINE(int, ipsendredirects) = 1; SYSCTL_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsendredirects), 0, "Enable sending IP redirects"); @@ -566,7 +569,7 @@ tooshort: * case skip another inbound firewall processing and update * ip pointer. */ - if (V_ipforwarding != 0 && V_ipsendredirects == 0 + if (V_ipforwarding != 0 #if defined(IPSEC) || defined(IPSEC_SUPPORT) && (!IPSEC_ENABLED(ipv4) || IPSEC_CAPS(ipv4, m, IPSEC_CAP_OPERABLE) == 0) Modified: stable/12/sys/netinet/ip_var.h ============================================================================== --- stable/12/sys/netinet/ip_var.h Tue Nov 17 00:35:59 2020 (r367739) +++ stable/12/sys/netinet/ip_var.h Tue Nov 17 01:02:00 2020 (r367740) @@ -181,6 +181,7 @@ struct inpcbinfo; VNET_DECLARE(int, ip_defttl); /* default IP ttl */ VNET_DECLARE(int, ipforwarding); /* ip forwarding */ +VNET_DECLARE(int, ipsendredirects); #ifdef IPSTEALTH VNET_DECLARE(int, ipstealth); /* stealth forwarding */ #endif @@ -196,6 +197,7 @@ extern struct pr_usrreqs rip_usrreqs; #define V_ip_id VNET(ip_id) #define V_ip_defttl VNET(ip_defttl) #define V_ipforwarding VNET(ipforwarding) +#define V_ipsendredirects VNET(ipsendredirects) #ifdef IPSTEALTH #define V_ipstealth VNET(ipstealth) #endif