From owner-svn-src-all@freebsd.org Sun Nov 18 12:30:20 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 659D411388AF; Sun, 18 Nov 2018 12:30:20 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E4CB27B4AF; Sun, 18 Nov 2018 12:30:19 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C5A9D1351A; Sun, 18 Nov 2018 12:30:19 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAICUJAO058930; Sun, 18 Nov 2018 12:30:19 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAICUICa058926; Sun, 18 Nov 2018 12:30:18 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201811181230.wAICUICa058926@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Sun, 18 Nov 2018 12:30:18 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340574 - in stable/11/sys: net netpfil/pf X-SVN-Group: stable-11 X-SVN-Commit-Author: kp X-SVN-Commit-Paths: in stable/11/sys: net netpfil/pf X-SVN-Commit-Revision: 340574 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: E4CB27B4AF X-Spamd-Result: default: False [0.06 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_SHORT(0.06)[0.058,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 12:30:20 -0000 Author: kp Date: Sun Nov 18 12:30:18 2018 New Revision: 340574 URL: https://svnweb.freebsd.org/changeset/base/340574 Log: MFC r340068: pfsync: Handle syncdev going away If the syncdev is removed we no longer need to clean up the multicast entry we've got set up for that device. Pass the ifnet detach event through pf to pfsync, and remove our multicast handle, and mark us as no longer having a syncdev. Note that this callback is always installed, even if the pfsync interface is disabled (and thus it's not a per-vnet callback pointer). Sponsored by: Orange Business Services Modified: stable/11/sys/net/pfvar.h stable/11/sys/netpfil/pf/if_pfsync.c stable/11/sys/netpfil/pf/pf_if.c stable/11/sys/netpfil/pf/pf_ioctl.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/net/pfvar.h ============================================================================== --- stable/11/sys/net/pfvar.h Sun Nov 18 12:30:16 2018 (r340573) +++ stable/11/sys/net/pfvar.h Sun Nov 18 12:30:18 2018 (r340574) @@ -820,6 +820,7 @@ typedef void pfsync_update_state_t(struct pf_state *) typedef void pfsync_delete_state_t(struct pf_state *); typedef void pfsync_clear_states_t(u_int32_t, const char *); typedef int pfsync_defer_t(struct pf_state *, struct mbuf *); +typedef void pfsync_detach_ifnet_t(struct ifnet *); VNET_DECLARE(pfsync_state_import_t *, pfsync_state_import_ptr); #define V_pfsync_state_import_ptr VNET(pfsync_state_import_ptr) @@ -833,6 +834,7 @@ VNET_DECLARE(pfsync_clear_states_t *, pfsync_clear_sta #define V_pfsync_clear_states_ptr VNET(pfsync_clear_states_ptr) VNET_DECLARE(pfsync_defer_t *, pfsync_defer_ptr); #define V_pfsync_defer_ptr VNET(pfsync_defer_ptr) +extern pfsync_detach_ifnet_t *pfsync_detach_ifnet_ptr; void pfsync_state_export(struct pfsync_state *, struct pf_state *); Modified: stable/11/sys/netpfil/pf/if_pfsync.c ============================================================================== --- stable/11/sys/netpfil/pf/if_pfsync.c Sun Nov 18 12:30:16 2018 (r340573) +++ stable/11/sys/netpfil/pf/if_pfsync.c Sun Nov 18 12:30:18 2018 (r340574) @@ -279,6 +279,7 @@ static void pfsync_bulk_status(u_int8_t); static void pfsync_bulk_update(void *); static void pfsync_bulk_fail(void *); +static void pfsync_detach_ifnet(struct ifnet *); #ifdef IPSEC static void pfsync_update_net_tdb(struct pfsync_tdb *); #endif @@ -2290,6 +2291,29 @@ pfsync_multicast_cleanup(struct pfsync_softc *sc) imo->imo_multicast_ifp = NULL; } +void +pfsync_detach_ifnet(struct ifnet *ifp) +{ + struct pfsync_softc *sc = V_pfsyncif; + + if (sc == NULL) + return; + + PFSYNC_LOCK(sc); + + if (sc->sc_sync_if == ifp) { + /* We don't need mutlicast cleanup here, because the interface + * is going away. We do need to ensure we don't try to do + * cleanup later. + */ + sc->sc_imo.imo_membership = NULL; + sc->sc_imo.imo_multicast_ifp = NULL; + sc->sc_sync_if = NULL; + } + + PFSYNC_UNLOCK(sc); +} + #ifdef INET extern struct domain inetdomain; static struct protosw in_pfsync_protosw = { @@ -2370,6 +2394,8 @@ pfsync_init() #ifdef INET int error; + pfsync_detach_ifnet_ptr = pfsync_detach_ifnet; + error = pf_proto_register(PF_INET, &in_pfsync_protosw); if (error) return (error); @@ -2386,6 +2412,7 @@ pfsync_init() static void pfsync_uninit() { + pfsync_detach_ifnet_ptr = NULL; #ifdef INET ipproto_unregister(IPPROTO_PFSYNC); Modified: stable/11/sys/netpfil/pf/pf_if.c ============================================================================== --- stable/11/sys/netpfil/pf/pf_if.c Sun Nov 18 12:30:16 2018 (r340573) +++ stable/11/sys/netpfil/pf/pf_if.c Sun Nov 18 12:30:18 2018 (r340574) @@ -829,6 +829,9 @@ pfi_detach_ifnet_event(void *arg __unused, struct ifne { struct pfi_kif *kif = (struct pfi_kif *)ifp->if_pf_kif; + if (pfsync_detach_ifnet_ptr) + pfsync_detach_ifnet_ptr(ifp); + if (kif == NULL) return; @@ -838,6 +841,7 @@ pfi_detach_ifnet_event(void *arg __unused, struct ifne CURVNET_RESTORE(); return; } + PF_RULES_WLOCK(); V_pfi_update++; pfi_kif_update(kif); Modified: stable/11/sys/netpfil/pf/pf_ioctl.c ============================================================================== --- stable/11/sys/netpfil/pf/pf_ioctl.c Sun Nov 18 12:30:16 2018 (r340573) +++ stable/11/sys/netpfil/pf/pf_ioctl.c Sun Nov 18 12:30:18 2018 (r340574) @@ -210,6 +210,7 @@ VNET_DEFINE(pfsync_update_state_t *, pfsync_update_sta VNET_DEFINE(pfsync_delete_state_t *, pfsync_delete_state_ptr); VNET_DEFINE(pfsync_clear_states_t *, pfsync_clear_states_ptr); VNET_DEFINE(pfsync_defer_t *, pfsync_defer_ptr); +pfsync_detach_ifnet_t *pfsync_detach_ifnet_ptr; /* pflog */ pflog_packet_t *pflog_packet_ptr = NULL;