From owner-svn-src-head@FreeBSD.ORG Wed Mar 12 14:29:09 2014 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 72D2D9A3; Wed, 12 Mar 2014 14:29:09 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 5F6D71F1; Wed, 12 Mar 2014 14:29:09 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s2CET9px038769; Wed, 12 Mar 2014 14:29:09 GMT (envelope-from glebius@svn.freebsd.org) Received: (from glebius@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s2CET8Hh038762; Wed, 12 Mar 2014 14:29:08 GMT (envelope-from glebius@svn.freebsd.org) Message-Id: <201403121429.s2CET8Hh038762@svn.freebsd.org> From: Gleb Smirnoff Date: Wed, 12 Mar 2014 14:29:08 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r263091 - in head/sys: netinet netinet6 X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Mar 2014 14:29:09 -0000 Author: glebius Date: Wed Mar 12 14:29:08 2014 New Revision: 263091 URL: http://svnweb.freebsd.org/changeset/base/263091 Log: Since both netinet/ and netinet6/ call into netipsec/ and netpfil/, the protocol specific mbuf flags are shared between them. - Move all M_FOO definitions into a single place: netinet/in6.h, to avoid future clashes. - Resolve clash between M_DECRYPTED and M_SKIP_FIREWALL which resulted in a failure of operation of IPSEC and packet filters. Thanks to Nicolas and Georgios for all the hard work on bisecting, testing and finally finding the root of the problem. PR: kern/186755 PR: kern/185876 In collaboration with: Georgios Amanakis In collaboration with: Nicolas DEFFAYET Sponsored by: Nginx, Inc. Modified: head/sys/netinet/ip_input.c head/sys/netinet/ip_var.h head/sys/netinet6/in6.h head/sys/netinet6/ip6_var.h Modified: head/sys/netinet/ip_input.c ============================================================================== --- head/sys/netinet/ip_input.c Wed Mar 12 12:27:13 2014 (r263090) +++ head/sys/netinet/ip_input.c Wed Mar 12 14:29:08 2014 (r263091) @@ -702,6 +702,7 @@ ours: * ip_reass() will return a different mbuf. */ if (ip->ip_off & htons(IP_MF | IP_OFFMASK)) { + /* XXXGL: shouldn't we save & set m_flags? */ m = ip_reass(m); if (m == NULL) return; @@ -794,6 +795,8 @@ SYSCTL_PROC(_net_inet_ip, OID_AUTO, maxf NULL, 0, sysctl_maxnipq, "I", "Maximum number of IPv4 fragment reassembly queue entries"); +#define M_IP_FRAG M_PROTO9 + /* * Take incoming datagram fragment and try to reassemble it into * whole datagram. If the argument is the first fragment or one Modified: head/sys/netinet/ip_var.h ============================================================================== --- head/sys/netinet/ip_var.h Wed Mar 12 12:27:13 2014 (r263090) +++ head/sys/netinet/ip_var.h Wed Mar 12 14:29:08 2014 (r263091) @@ -162,15 +162,6 @@ void kmod_ipstat_dec(int statnum); #define IP_ROUTETOIF SO_DONTROUTE /* 0x10 bypass routing tables */ #define IP_ALLOWBROADCAST SO_BROADCAST /* 0x20 can send broadcast packets */ -/* - * IPv4 protocol layer specific mbuf flags. - */ -#define M_FASTFWD_OURS M_PROTO1 /* changed dst to local */ -#define M_IP_NEXTHOP M_PROTO2 /* explicit ip nexthop */ -#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall processing, - keep in sync with IP6 */ -#define M_IP_FRAG M_PROTO4 /* fragment reassembly */ - #ifdef __NO_STRICT_ALIGNMENT #define IP_HDR_ALIGNED_P(ip) 1 #else Modified: head/sys/netinet6/in6.h ============================================================================== --- head/sys/netinet6/in6.h Wed Mar 12 12:27:13 2014 (r263090) +++ head/sys/netinet6/in6.h Wed Mar 12 14:29:08 2014 (r263091) @@ -622,13 +622,18 @@ struct ip6_mtuinfo { #endif /* __BSD_VISIBLE */ /* - * Redefinition of mbuf flags + * Since both netinet/ and netinet6/ call into netipsec/ and netpfil/, + * the protocol specific mbuf flags are shared between them. */ -#define M_AUTHIPHDR M_PROTO2 -#define M_DECRYPTED M_PROTO3 -#define M_LOOP M_PROTO4 -#define M_AUTHIPDGM M_PROTO5 -#define M_RTALERT_MLD M_PROTO6 +#define M_FASTFWD_OURS M_PROTO1 /* changed dst to local */ +#define M_IP6_NEXTHOP M_PROTO2 /* explicit ip nexthop */ +#define M_IP_NEXTHOP M_PROTO2 /* explicit ip nexthop */ +#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall processing */ +#define M_AUTHIPHDR M_PROTO4 +#define M_DECRYPTED M_PROTO5 +#define M_LOOP M_PROTO6 +#define M_AUTHIPDGM M_PROTO7 +#define M_RTALERT_MLD M_PROTO8 #ifdef _KERNEL struct cmsghdr; Modified: head/sys/netinet6/ip6_var.h ============================================================================== --- head/sys/netinet6/ip6_var.h Wed Mar 12 12:27:13 2014 (r263090) +++ head/sys/netinet6/ip6_var.h Wed Mar 12 14:29:08 2014 (r263091) @@ -293,13 +293,6 @@ struct ip6aux { #define IPV6_FORWARDING 0x02 /* most of IPv6 header exists */ #define IPV6_MINMTU 0x04 /* use minimum MTU (IPV6_USE_MIN_MTU) */ -/* - * IPv6 protocol layer specific mbuf flags. - */ -#define M_IP6_NEXTHOP M_PROTO2 /* explicit ip nexthop */ -#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall processing, - keep in sync with IPv4 */ - #ifdef __NO_STRICT_ALIGNMENT #define IP6_HDR_ALIGNED_P(ip) 1 #else