From owner-svn-src-stable@freebsd.org Wed Aug 22 01:23:13 2018 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 348A91086315; Wed, 22 Aug 2018 01:23:13 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D887178723; Wed, 22 Aug 2018 01:23:12 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B68D84384; Wed, 22 Aug 2018 01:23:12 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w7M1NCAC002425; Wed, 22 Aug 2018 01:23:12 GMT (envelope-from cy@FreeBSD.org) Received: (from cy@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w7M1NCJC002424; Wed, 22 Aug 2018 01:23:12 GMT (envelope-from cy@FreeBSD.org) Message-Id: <201808220123.w7M1NCJC002424@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: cy set sender to cy@FreeBSD.org using -f From: Cy Schubert Date: Wed, 22 Aug 2018 01:23:12 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r338170 - in stable: 10/sys/contrib/ipfilter/netinet 11/sys/contrib/ipfilter/netinet X-SVN-Group: stable-10 X-SVN-Commit-Author: cy X-SVN-Commit-Paths: in stable: 10/sys/contrib/ipfilter/netinet 11/sys/contrib/ipfilter/netinet X-SVN-Commit-Revision: 338170 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Aug 2018 01:23:13 -0000 Author: cy Date: Wed Aug 22 01:23:11 2018 New Revision: 338170 URL: https://svnweb.freebsd.org/changeset/base/338170 Log: MFC r338046: Add handy DTrace probes useful in diagnosing NAT issues. DTrace probes are situated next to error counters and/or in one instance prior to the -1 return from various functions. This was useful in diagnosis of PR/208566 and will be handy in the future diagnosing NAT failures. PR: 208566 Modified: stable/10/sys/contrib/ipfilter/netinet/ip_nat.c Directory Properties: stable/10/ (props changed) Changes in other areas also in this revision: Modified: stable/11/sys/contrib/ipfilter/netinet/ip_nat.c Directory Properties: stable/11/ (props changed) Modified: stable/10/sys/contrib/ipfilter/netinet/ip_nat.c ============================================================================== --- stable/10/sys/contrib/ipfilter/netinet/ip_nat.c Wed Aug 22 01:04:52 2018 (r338169) +++ stable/10/sys/contrib/ipfilter/netinet/ip_nat.c Wed Aug 22 01:23:11 2018 (r338170) @@ -2681,6 +2681,7 @@ ipf_nat_newmap(fin, nat, ni) if ((np->in_nsrcmsk == 0xffffffff) && (np->in_spnext == 0)) { if (l > 0) { NBUMPSIDEX(1, ns_exhausted, ns_exhausted_1); + DT4(ns_exhausted_1, fr_info_t *, fin, nat_t *, nat, natinfo_t *, ni, ipnat_t *, np); return -1; } } @@ -2698,6 +2699,7 @@ ipf_nat_newmap(fin, nat, ni) if ((l >= np->in_ppip) || ((l > 0) && !(flags & IPN_TCPUDP))) { NBUMPSIDEX(1, ns_exhausted, ns_exhausted_2); + DT4(ns_exhausted_2, fr_info_t *, fin, nat_t *, nat, natinfo_t *, ni, ipnat_t *, np); return -1; } /* @@ -2733,6 +2735,7 @@ ipf_nat_newmap(fin, nat, ni) ipf_ifpaddr(softc, 4, FRI_NORMAL, fin->fin_ifp, &in6, NULL) == -1) { NBUMPSIDEX(1, ns_new_ifpaddr, ns_new_ifpaddr_1); + DT4(ns_new_ifpaddr_1, fr_info_t *, fin, nat_t *, nat, natinfo_t *, ni, ipnat_t *, np); return -1; } in.s_addr = ntohl(in6.in4.s_addr); @@ -2743,6 +2746,7 @@ ipf_nat_newmap(fin, nat, ni) */ if (l > 0) { NBUMPSIDEX(1, ns_exhausted, ns_exhausted_3); + DT4(ns_exhausted_3, fr_info_t *, fin, nat_t *, nat, natinfo_t *, ni, ipnat_t *, np); return -1; } in.s_addr = ntohl(fin->fin_saddr); @@ -2838,6 +2842,7 @@ ipf_nat_newmap(fin, nat, ni) (np->in_spnext != 0) && (st_port == np->in_spnext) && (np->in_snip != 0) && (st_ip == np->in_snip)) { NBUMPSIDED(1, ns_wrap); + DT4(ns_wrap, fr_info_t *, fin, nat_t *, nat, natinfo_t *, ni, ipnat_t *, np); return -1; } l++; @@ -2973,6 +2978,7 @@ ipf_nat_newrdr(fin, nat, ni) if (ipf_ifpaddr(softc, 4, FRI_NORMAL, fin->fin_ifp, &in6, NULL) == -1) { NBUMPSIDEX(0, ns_new_ifpaddr, ns_new_ifpaddr_2); + DT3(ns_new_ifpaddr_2, fr_info_t *, fin, nat_t *, nat, natinfo_t, ni); return -1; } in.s_addr = ntohl(in6.in4.s_addr); @@ -3119,6 +3125,7 @@ ipf_nat_add(fin, np, natsave, flags, direction) if (nsp->ns_active >= softn->ipf_nat_table_max) { NBUMPSIDED(fin->fin_out, ns_table_max); + DT2(ns_table_max, nat_stat_t *, nsp, ipf_nat_softc_t *, softn); return NULL; } @@ -3133,6 +3140,7 @@ ipf_nat_add(fin, np, natsave, flags, direction) /* Give me a new nat */ KMALLOC(nat, nat_t *); if (nat == NULL) { + DT(ns_memfail); NBUMPSIDED(fin->fin_out, ns_memfail); /* * Try to automatically tune the max # of entries in the @@ -3228,6 +3236,7 @@ ipf_nat_add(fin, np, natsave, flags, direction) if ((np->in_apr != NULL) && ((nat->nat_flags & NAT_SLAVE) == 0)) { if (ipf_proxy_new(fin, nat) == -1) { NBUMPSIDED(fin->fin_out, ns_appr_fail); + DT3(ns_appr_fail, fr_info_t *, fin, nat_t *, nat, ipnat_t *, np); goto badnat; } } @@ -3385,6 +3394,7 @@ ipf_nat_finalise(fin, nat) } NBUMPSIDED(fin->fin_out, ns_unfinalised); + DT2(ns_unfinalised, fr_info_t *, fin, nat_t *, nat); /* * nat_insert failed, so cleanup time... */ @@ -7070,6 +7080,7 @@ ipf_nat_newrewrite(fin, nat, nai) do { changed = -1; /* TRACE (l, src_search, dst_search, np) */ + DT4(ipf_nat_rewrite_1, int, l, int, src_search, int, dst_search, ipnat_t *, np); if ((src_search == 0) && (np->in_spnext == 0) && (dst_search == 0) && (np->in_dpnext == 0)) { @@ -7134,6 +7145,7 @@ ipf_nat_newrewrite(fin, nat, nai) * Find a new destination address */ /* TRACE (fin, np, l, frnat) */ + DT4(ipf_nat_rewrite_2, frinfo_t *, fin, ipnat_t *, np, int, l, frinfo_t *, &frnat); if (ipf_nat_nextaddr(fin, &np->in_ndst, &frnat.fin_daddr, &frnat.fin_daddr) == -1) @@ -7184,6 +7196,7 @@ ipf_nat_newrewrite(fin, nat, nai) } /* TRACE (frnat) */ + DT1(ipf_nat_rewrite_3, frinfo_t *, &frnat); /* * Here we do a lookup of the connection as seen from @@ -7223,6 +7236,7 @@ ipf_nat_newrewrite(fin, nat, nai) } /* TRACE natl, in_stepnext, l */ + DT3(ipf_nat_rewrite_2, nat_t *, natl, ipnat_t *, np , int, l); if ((natl != NULL) && (l > 8)) /* XXX 8 is arbitrary */ return -1; @@ -7315,6 +7329,7 @@ ipf_nat_newdivert(fin, nat, nai) if (natl != NULL) { NBUMPSIDED(fin->fin_out, ns_divert_exist); + DT3(ns_divert_exist, fr_info_t *, fin, nat_t *, nat, natinfo_t, nai); return -1; } @@ -7567,6 +7582,7 @@ ipf_nat_nextaddr(fin, na, old, dst) case FRI_PEERADDR : case FRI_NETWORK : default : + DT4(ns_na_atype, fr_info_t *, fin, nat_addr_t *, na, u_32_t *, old, u_32_t *, new); return -1; } @@ -7578,6 +7594,7 @@ ipf_nat_nextaddr(fin, na, old, dst) NULL); } else { NBUMPSIDE(fin->fin_out, ns_badnextaddr); + DT4(ns_badnextaddr_1, fr_info_t *, fin, nat_addr_t *, na, u_32_t *, old, u_32_t *, new); } } else if (na->na_atype == IPLT_NONE) { @@ -7596,6 +7613,7 @@ ipf_nat_nextaddr(fin, na, old, dst) if (ipf_ifpaddr(softc, 4, na->na_atype, fin->fin_ifp, &newip, NULL) == -1) { NBUMPSIDED(fin->fin_out, ns_ifpaddrfail); + DT4(ns_ifpaddrfail, fr_info_t *, fin, nat_addr_t *, na, u_32_t *, old, u_32_t *, new); return -1; } new = newip.in4.s_addr; @@ -7607,6 +7625,7 @@ ipf_nat_nextaddr(fin, na, old, dst) } else { NBUMPSIDE(fin->fin_out, ns_badnextaddr); + DT4(ns_badnextaddr_2, fr_info_t *, fin, nat_addr_t *, na, u_32_t *, old, u_32_t *, new); } return error;