From owner-svn-src-all@freebsd.org Sun Nov 12 01:28:22 2017 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D374EE53036; Sun, 12 Nov 2017 01:28:22 +0000 (UTC) (envelope-from truckman@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 70EB476A33; Sun, 12 Nov 2017 01:28:22 +0000 (UTC) (envelope-from truckman@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id vAC1SLwe028135; Sun, 12 Nov 2017 01:28:21 GMT (envelope-from truckman@FreeBSD.org) Received: (from truckman@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id vAC1SK0w028126; Sun, 12 Nov 2017 01:28:20 GMT (envelope-from truckman@FreeBSD.org) Message-Id: <201711120128.vAC1SK0w028126@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: truckman set sender to truckman@FreeBSD.org using -f From: Don Lewis Date: Sun, 12 Nov 2017 01:28:20 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r325731 - stable/10/sys/netpfil/ipfw X-SVN-Group: stable-10 X-SVN-Commit-Author: truckman X-SVN-Commit-Paths: stable/10/sys/netpfil/ipfw X-SVN-Commit-Revision: 325731 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2017 01:28:23 -0000 Author: truckman Date: Sun Nov 12 01:28:20 2017 New Revision: 325731 URL: https://svnweb.freebsd.org/changeset/base/325731 Log: MFC r325008 Fix Dummynet AQM packet marking function ecn_mark() and fq_codel / fq_pie schedulers packet classification functions in layer2 (bridge mode). Dummynet AQM packet marking function ecn_mark() and fq_codel/fq_pie schedulers packet classification functions (fq_codel_classify_flow() and fq_pie_classify_flow()) assume mbuf is pointing at L3 (IP) packet. However, this assumption is incorrect if ipfw/dummynet is used to manage layer2 traffic (bridge mode) since mbuf will point at L2 frame. This patch solves this problem by identifying the source of the frame/packet (L2 or L3) and adding ETHER_HDR_LEN offset when converting an mbuf pointer to ip pointer if the traffic is from layer2. More specifically, in dummynet packet tagging function, tag_mbuf(), iphdr_off is set to ETHER_HDR_LEN if the traffic is from layer2 and set to zero otherwise. Whenever an access to IP header is required, mtodo(m, dn_tag_get(m)->iphdr_off) is used instead of mtod(m, struct ip *) to correctly convert mbuf pointer to ip pointer in both L2 and L3 traffic. Submitted by: lstewart Relnotes: yes Differential Revision: https://reviews.freebsd.org/D12506 Modified: stable/10/sys/netpfil/ipfw/dn_sched_fifo.c stable/10/sys/netpfil/ipfw/dn_sched_fq_codel.c stable/10/sys/netpfil/ipfw/dn_sched_fq_pie.c stable/10/sys/netpfil/ipfw/dn_sched_prio.c stable/10/sys/netpfil/ipfw/dn_sched_qfq.c stable/10/sys/netpfil/ipfw/dn_sched_rr.c stable/10/sys/netpfil/ipfw/dn_sched_wf2q.c stable/10/sys/netpfil/ipfw/ip_dn_io.c stable/10/sys/netpfil/ipfw/ip_dn_private.h Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netpfil/ipfw/dn_sched_fifo.c ============================================================================== --- stable/10/sys/netpfil/ipfw/dn_sched_fifo.c Sun Nov 12 01:26:43 2017 (r325730) +++ stable/10/sys/netpfil/ipfw/dn_sched_fifo.c Sun Nov 12 01:28:20 2017 (r325731) @@ -33,13 +33,16 @@ #include #include #include +#include #include #include +#include #include /* IFNAMSIZ */ #include #include /* ipfw_rule_ref */ #include /* flow_id */ #include +#include #include #include #ifdef NEW_AQM Modified: stable/10/sys/netpfil/ipfw/dn_sched_fq_codel.c ============================================================================== --- stable/10/sys/netpfil/ipfw/dn_sched_fq_codel.c Sun Nov 12 01:26:43 2017 (r325730) +++ stable/10/sys/netpfil/ipfw/dn_sched_fq_codel.c Sun Nov 12 01:28:20 2017 (r325731) @@ -218,13 +218,14 @@ fq_codel_classify_flow(struct mbuf *m, uint16_t fcount uint8_t tuple[41]; uint16_t hash=0; + ip = (struct ip *)mtodo(m, dn_tag_get(m)->iphdr_off); //#ifdef INET6 struct ip6_hdr *ip6; int isip6; - isip6 = (mtod(m, struct ip *)->ip_v == 6) ? 1 : 0; + isip6 = (ip->ip_v == 6); if(isip6) { - ip6 = mtod(m, struct ip6_hdr *); + ip6 = (struct ip6_hdr *)ip; *((uint8_t *) &tuple[0]) = ip6->ip6_nxt; *((uint32_t *) &tuple[1]) = si->perturbation; memcpy(&tuple[5], ip6->ip6_src.s6_addr, 16); @@ -253,7 +254,6 @@ fq_codel_classify_flow(struct mbuf *m, uint16_t fcount //#endif /* IPv4 */ - ip = mtod(m, struct ip *); *((uint8_t *) &tuple[0]) = ip->ip_p; *((uint32_t *) &tuple[1]) = si->perturbation; *((uint32_t *) &tuple[5]) = ip->ip_src.s_addr; Modified: stable/10/sys/netpfil/ipfw/dn_sched_fq_pie.c ============================================================================== --- stable/10/sys/netpfil/ipfw/dn_sched_fq_pie.c Sun Nov 12 01:26:43 2017 (r325730) +++ stable/10/sys/netpfil/ipfw/dn_sched_fq_pie.c Sun Nov 12 01:28:20 2017 (r325731) @@ -792,13 +792,14 @@ fq_pie_classify_flow(struct mbuf *m, uint16_t fcount, uint8_t tuple[41]; uint16_t hash=0; + ip = (struct ip *)mtodo(m, dn_tag_get(m)->iphdr_off); //#ifdef INET6 struct ip6_hdr *ip6; int isip6; - isip6 = (mtod(m, struct ip *)->ip_v == 6) ? 1 : 0; + isip6 = (ip->ip_v == 6); if(isip6) { - ip6 = mtod(m, struct ip6_hdr *); + ip6 = (struct ip6_hdr *)ip; *((uint8_t *) &tuple[0]) = ip6->ip6_nxt; *((uint32_t *) &tuple[1]) = si->perturbation; memcpy(&tuple[5], ip6->ip6_src.s6_addr, 16); @@ -826,7 +827,6 @@ fq_pie_classify_flow(struct mbuf *m, uint16_t fcount, //#endif /* IPv4 */ - ip = mtod(m, struct ip *); *((uint8_t *) &tuple[0]) = ip->ip_p; *((uint32_t *) &tuple[1]) = si->perturbation; *((uint32_t *) &tuple[5]) = ip->ip_src.s_addr; Modified: stable/10/sys/netpfil/ipfw/dn_sched_prio.c ============================================================================== --- stable/10/sys/netpfil/ipfw/dn_sched_prio.c Sun Nov 12 01:26:43 2017 (r325730) +++ stable/10/sys/netpfil/ipfw/dn_sched_prio.c Sun Nov 12 01:28:20 2017 (r325731) @@ -32,13 +32,16 @@ #include #include #include +#include #include #include +#include #include /* IFNAMSIZ */ #include #include /* ipfw_rule_ref */ #include /* flow_id */ #include +#include #include #include #ifdef NEW_AQM Modified: stable/10/sys/netpfil/ipfw/dn_sched_qfq.c ============================================================================== --- stable/10/sys/netpfil/ipfw/dn_sched_qfq.c Sun Nov 12 01:26:43 2017 (r325730) +++ stable/10/sys/netpfil/ipfw/dn_sched_qfq.c Sun Nov 12 01:28:20 2017 (r325731) @@ -33,13 +33,16 @@ #include #include #include +#include #include #include +#include #include /* IFNAMSIZ */ #include #include /* ipfw_rule_ref */ #include /* flow_id */ #include +#include #include #include #ifdef NEW_AQM Modified: stable/10/sys/netpfil/ipfw/dn_sched_rr.c ============================================================================== --- stable/10/sys/netpfil/ipfw/dn_sched_rr.c Sun Nov 12 01:26:43 2017 (r325730) +++ stable/10/sys/netpfil/ipfw/dn_sched_rr.c Sun Nov 12 01:28:20 2017 (r325731) @@ -33,13 +33,16 @@ #include #include #include +#include #include #include +#include #include /* IFNAMSIZ */ #include #include /* ipfw_rule_ref */ #include /* flow_id */ #include +#include #include #include #ifdef NEW_AQM Modified: stable/10/sys/netpfil/ipfw/dn_sched_wf2q.c ============================================================================== --- stable/10/sys/netpfil/ipfw/dn_sched_wf2q.c Sun Nov 12 01:26:43 2017 (r325730) +++ stable/10/sys/netpfil/ipfw/dn_sched_wf2q.c Sun Nov 12 01:28:20 2017 (r325731) @@ -34,13 +34,16 @@ #include #include #include +#include #include #include +#include #include /* IFNAMSIZ */ #include #include /* ipfw_rule_ref */ #include /* flow_id */ #include +#include #include #include #ifdef NEW_AQM Modified: stable/10/sys/netpfil/ipfw/ip_dn_io.c ============================================================================== --- stable/10/sys/netpfil/ipfw/ip_dn_io.c Sun Nov 12 01:26:43 2017 (r325730) +++ stable/10/sys/netpfil/ipfw/ip_dn_io.c Sun Nov 12 01:28:20 2017 (r325731) @@ -236,27 +236,10 @@ SYSEND static void dummynet_send(struct mbuf *); /* - * Packets processed by dummynet have an mbuf tag associated with - * them that carries their dummynet state. - * Outside dummynet, only the 'rule' field is relevant, and it must - * be at the beginning of the structure. - */ -struct dn_pkt_tag { - struct ipfw_rule_ref rule; /* matching rule */ - - /* second part, dummynet specific */ - int dn_dir; /* action when packet comes out.*/ - /* see ip_fw_private.h */ - uint64_t output_time; /* when the pkt is due for delivery*/ - struct ifnet *ifp; /* interface, for ip_output */ - struct _ip6dn_args ip6opt; /* XXX ipv6 options */ -}; - -/* * Return the mbuf tag holding the dummynet state (it should * be the first one on the list). */ -static struct dn_pkt_tag * +struct dn_pkt_tag * dn_tag_get(struct mbuf *m) { struct m_tag *mtag = m_tag_first(m); @@ -418,7 +401,7 @@ int ecn_mark(struct mbuf* m) { struct ip *ip; - ip = mtod(m, struct ip *); + ip = (struct ip *)mtodo(m, dn_tag_get(m)->iphdr_off); switch (ip->ip_v) { case IPVERSION: @@ -451,7 +434,7 @@ ecn_mark(struct mbuf* m) #ifdef INET6 case (IPV6_VERSION >> 4): { - struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); + struct ip6_hdr *ip6 = (struct ip6_hdr *)ip; u_int32_t flowlabel; flowlabel = ntohl(ip6->ip6_flow); @@ -832,6 +815,7 @@ tag_mbuf(struct mbuf *m, int dir, struct ip_fw_args *f dt->ifp = fwa->oif; /* dt->output tame is updated as we move through */ dt->output_time = dn_cfg.curr_time; + dt->iphdr_off = (dir & PROTO_LAYER2) ? ETHER_HDR_LEN : 0; return 0; } Modified: stable/10/sys/netpfil/ipfw/ip_dn_private.h ============================================================================== --- stable/10/sys/netpfil/ipfw/ip_dn_private.h Sun Nov 12 01:26:43 2017 (r325730) +++ stable/10/sys/netpfil/ipfw/ip_dn_private.h Sun Nov 12 01:28:20 2017 (r325731) @@ -366,6 +366,24 @@ enum { DN_QHT_IS_Q = 0x0100, /* in flowset, qht is a single queue */ }; +/* + * Packets processed by dummynet have an mbuf tag associated with + * them that carries their dummynet state. + * Outside dummynet, only the 'rule' field is relevant, and it must + * be at the beginning of the structure. + */ +struct dn_pkt_tag { + struct ipfw_rule_ref rule; /* matching rule */ + + /* second part, dummynet specific */ + int dn_dir; /* action when packet comes out.*/ + /* see ip_fw_private.h */ + uint64_t output_time; /* when the pkt is due for delivery*/ + struct ifnet *ifp; /* interface, for ip_output */ + struct _ip6dn_args ip6opt; /* XXX ipv6 options */ + uint16_t iphdr_off; /* IP header offset for mtodo() */ +}; + extern struct dn_parms dn_cfg; //VNET_DECLARE(struct dn_parms, _base_dn_cfg); //#define dn_cfg VNET(_base_dn_cfg) @@ -373,6 +391,7 @@ extern struct dn_parms dn_cfg; int dummynet_io(struct mbuf **, int , struct ip_fw_args *); void dummynet_task(void *context, int pending); void dn_reschedule(void); +struct dn_pkt_tag * dn_tag_get(struct mbuf *m); struct dn_queue *ipdn_q_find(struct dn_fsk *, struct dn_sch_inst *, struct ipfw_flow_id *);