From owner-svn-src-all@freebsd.org Sun Aug 19 13:45:03 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1E310106622D; Sun, 19 Aug 2018 13:45:03 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0FFC076403; Sun, 19 Aug 2018 13:45:00 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3635B270C8; Sun, 19 Aug 2018 13:45:00 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w7JDixVW033277; Sun, 19 Aug 2018 13:44:59 GMT (envelope-from cy@FreeBSD.org) Received: (from cy@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w7JDix4H033276; Sun, 19 Aug 2018 13:44:59 GMT (envelope-from cy@FreeBSD.org) Message-Id: <201808191344.w7JDix4H033276@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: cy set sender to cy@FreeBSD.org using -f From: Cy Schubert Date: Sun, 19 Aug 2018 13:44:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r338046 - head/sys/contrib/ipfilter/netinet X-SVN-Group: head X-SVN-Commit-Author: cy X-SVN-Commit-Paths: head/sys/contrib/ipfilter/netinet X-SVN-Commit-Revision: 338046 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Aug 2018 13:45:03 -0000 Author: cy Date: Sun Aug 19 13:44:59 2018 New Revision: 338046 URL: https://svnweb.freebsd.org/changeset/base/338046 Log: Add handy DTrace probes useful in diagnosing NAT issues. DTrace probes are situated next to error counters and/or in one instance prior to the -1 return from various functions. This was useful in diagnosis of PR/208566 and will be handy in the future diagnosing NAT failures. PR: 208566 MFC after: 3 days Modified: head/sys/contrib/ipfilter/netinet/ip_nat.c Modified: head/sys/contrib/ipfilter/netinet/ip_nat.c ============================================================================== --- head/sys/contrib/ipfilter/netinet/ip_nat.c Sun Aug 19 13:44:56 2018 (r338045) +++ head/sys/contrib/ipfilter/netinet/ip_nat.c Sun Aug 19 13:44:59 2018 (r338046) @@ -2676,6 +2676,7 @@ ipf_nat_newmap(fin, nat, ni) if ((np->in_nsrcmsk == 0xffffffff) && (np->in_spnext == 0)) { if (l > 0) { NBUMPSIDEX(1, ns_exhausted, ns_exhausted_1); + DT4(ns_exhausted_1, fr_info_t *, fin, nat_t *, nat, natinfo_t *, ni, ipnat_t *, np); return -1; } } @@ -2693,6 +2694,7 @@ ipf_nat_newmap(fin, nat, ni) if ((l >= np->in_ppip) || ((l > 0) && !(flags & IPN_TCPUDP))) { NBUMPSIDEX(1, ns_exhausted, ns_exhausted_2); + DT4(ns_exhausted_2, fr_info_t *, fin, nat_t *, nat, natinfo_t *, ni, ipnat_t *, np); return -1; } /* @@ -2728,6 +2730,7 @@ ipf_nat_newmap(fin, nat, ni) ipf_ifpaddr(softc, 4, FRI_NORMAL, fin->fin_ifp, &in6, NULL) == -1) { NBUMPSIDEX(1, ns_new_ifpaddr, ns_new_ifpaddr_1); + DT4(ns_new_ifpaddr_1, fr_info_t *, fin, nat_t *, nat, natinfo_t *, ni, ipnat_t *, np); return -1; } in.s_addr = ntohl(in6.in4.s_addr); @@ -2738,6 +2741,7 @@ ipf_nat_newmap(fin, nat, ni) */ if (l > 0) { NBUMPSIDEX(1, ns_exhausted, ns_exhausted_3); + DT4(ns_exhausted_3, fr_info_t *, fin, nat_t *, nat, natinfo_t *, ni, ipnat_t *, np); return -1; } in.s_addr = ntohl(fin->fin_saddr); @@ -2833,6 +2837,7 @@ ipf_nat_newmap(fin, nat, ni) (np->in_spnext != 0) && (st_port == np->in_spnext) && (np->in_snip != 0) && (st_ip == np->in_snip)) { NBUMPSIDED(1, ns_wrap); + DT4(ns_wrap, fr_info_t *, fin, nat_t *, nat, natinfo_t *, ni, ipnat_t *, np); return -1; } l++; @@ -2968,6 +2973,7 @@ ipf_nat_newrdr(fin, nat, ni) if (ipf_ifpaddr(softc, 4, FRI_NORMAL, fin->fin_ifp, &in6, NULL) == -1) { NBUMPSIDEX(0, ns_new_ifpaddr, ns_new_ifpaddr_2); + DT3(ns_new_ifpaddr_2, fr_info_t *, fin, nat_t *, nat, natinfo_t, ni); return -1; } in.s_addr = ntohl(in6.in4.s_addr); @@ -3114,6 +3120,7 @@ ipf_nat_add(fin, np, natsave, flags, direction) if (nsp->ns_active >= softn->ipf_nat_table_max) { NBUMPSIDED(fin->fin_out, ns_table_max); + DT2(ns_table_max, nat_stat_t *, nsp, ipf_nat_softc_t *, softn); return NULL; } @@ -3128,6 +3135,7 @@ ipf_nat_add(fin, np, natsave, flags, direction) /* Give me a new nat */ KMALLOC(nat, nat_t *); if (nat == NULL) { + DT(ns_memfail); NBUMPSIDED(fin->fin_out, ns_memfail); /* * Try to automatically tune the max # of entries in the @@ -3223,6 +3231,7 @@ ipf_nat_add(fin, np, natsave, flags, direction) if ((np->in_apr != NULL) && ((nat->nat_flags & NAT_SLAVE) == 0)) { if (ipf_proxy_new(fin, nat) == -1) { NBUMPSIDED(fin->fin_out, ns_appr_fail); + DT3(ns_appr_fail, fr_info_t *, fin, nat_t *, nat, ipnat_t *, np); goto badnat; } } @@ -3380,6 +3389,7 @@ ipf_nat_finalise(fin, nat) } NBUMPSIDED(fin->fin_out, ns_unfinalised); + DT2(ns_unfinalised, fr_info_t *, fin, nat_t *, nat); /* * nat_insert failed, so cleanup time... */ @@ -7065,6 +7075,7 @@ ipf_nat_newrewrite(fin, nat, nai) do { changed = -1; /* TRACE (l, src_search, dst_search, np) */ + DT4(ipf_nat_rewrite_1, int, l, int, src_search, int, dst_search, ipnat_t *, np); if ((src_search == 0) && (np->in_spnext == 0) && (dst_search == 0) && (np->in_dpnext == 0)) { @@ -7129,6 +7140,7 @@ ipf_nat_newrewrite(fin, nat, nai) * Find a new destination address */ /* TRACE (fin, np, l, frnat) */ + DT4(ipf_nat_rewrite_2, frinfo_t *, fin, ipnat_t *, np, int, l, frinfo_t *, &frnat); if (ipf_nat_nextaddr(fin, &np->in_ndst, &frnat.fin_daddr, &frnat.fin_daddr) == -1) @@ -7179,6 +7191,7 @@ ipf_nat_newrewrite(fin, nat, nai) } /* TRACE (frnat) */ + DT1(ipf_nat_rewrite_3, frinfo_t *, &frnat); /* * Here we do a lookup of the connection as seen from @@ -7218,6 +7231,7 @@ ipf_nat_newrewrite(fin, nat, nai) } /* TRACE natl, in_stepnext, l */ + DT3(ipf_nat_rewrite_2, nat_t *, natl, ipnat_t *, np , int, l); if ((natl != NULL) && (l > 8)) /* XXX 8 is arbitrary */ return -1; @@ -7310,6 +7324,7 @@ ipf_nat_newdivert(fin, nat, nai) if (natl != NULL) { NBUMPSIDED(fin->fin_out, ns_divert_exist); + DT3(ns_divert_exist, fr_info_t *, fin, nat_t *, nat, natinfo_t, nai); return -1; } @@ -7562,6 +7577,7 @@ ipf_nat_nextaddr(fin, na, old, dst) case FRI_PEERADDR : case FRI_NETWORK : default : + DT4(ns_na_atype, fr_info_t *, fin, nat_addr_t *, na, u_32_t *, old, u_32_t *, new); return -1; } @@ -7573,6 +7589,7 @@ ipf_nat_nextaddr(fin, na, old, dst) NULL); } else { NBUMPSIDE(fin->fin_out, ns_badnextaddr); + DT4(ns_badnextaddr_1, fr_info_t *, fin, nat_addr_t *, na, u_32_t *, old, u_32_t *, new); } } else if (na->na_atype == IPLT_NONE) { @@ -7591,6 +7608,7 @@ ipf_nat_nextaddr(fin, na, old, dst) if (ipf_ifpaddr(softc, 4, na->na_atype, fin->fin_ifp, &newip, NULL) == -1) { NBUMPSIDED(fin->fin_out, ns_ifpaddrfail); + DT4(ns_ifpaddrfail, fr_info_t *, fin, nat_addr_t *, na, u_32_t *, old, u_32_t *, new); return -1; } new = newip.in4.s_addr; @@ -7602,6 +7620,7 @@ ipf_nat_nextaddr(fin, na, old, dst) } else { NBUMPSIDE(fin->fin_out, ns_badnextaddr); + DT4(ns_badnextaddr_2, fr_info_t *, fin, nat_addr_t *, na, u_32_t *, old, u_32_t *, new); } return error;