Date: Wed, 12 Mar 2014 12:58:10 -0700 From: Adrian Chadd <adrian.chadd@gmail.com> To: Gleb Smirnoff <glebius@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r263091 - in head/sys: netinet netinet6 Message-ID: <CAJ-VmomowyL8D74g9j8PF4XedXmUA%2BjfqHfyXYT0gSOCW1mLBg@mail.gmail.com> In-Reply-To: <201403121429.s2CET8Hh038762@svn.freebsd.org> References: <201403121429.s2CET8Hh038762@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Will this work for non inet6 builds? Adrian On Mar 12, 2014 7:29 AM, "Gleb Smirnoff" <glebius@freebsd.org> wrote: > Author: glebius > Date: Wed Mar 12 14:29:08 2014 > New Revision: 263091 > URL: http://svnweb.freebsd.org/changeset/base/263091 > > Log: > Since both netinet/ and netinet6/ call into netipsec/ and netpfil/, > the protocol specific mbuf flags are shared between them. > > - Move all M_FOO definitions into a single place: netinet/in6.h, to > avoid future clashes. > - Resolve clash between M_DECRYPTED and M_SKIP_FIREWALL which resulted > in a failure of operation of IPSEC and packet filters. > > Thanks to Nicolas and Georgios for all the hard work on bisecting, > testing and finally finding the root of the problem. > > PR: kern/186755 > PR: kern/185876 > In collaboration with: Georgios Amanakis <gamanakis gmail.com> > In collaboration with: Nicolas DEFFAYET <nicolas-ml deffayet.com> > Sponsored by: Nginx, Inc. > > Modified: > head/sys/netinet/ip_input.c > head/sys/netinet/ip_var.h > head/sys/netinet6/in6.h > head/sys/netinet6/ip6_var.h > > Modified: head/sys/netinet/ip_input.c > > ============================================================================== > --- head/sys/netinet/ip_input.c Wed Mar 12 12:27:13 2014 (r263090) > +++ head/sys/netinet/ip_input.c Wed Mar 12 14:29:08 2014 (r263091) > @@ -702,6 +702,7 @@ ours: > * ip_reass() will return a different mbuf. > */ > if (ip->ip_off & htons(IP_MF | IP_OFFMASK)) { > + /* XXXGL: shouldn't we save & set m_flags? */ > m = ip_reass(m); > if (m == NULL) > return; > @@ -794,6 +795,8 @@ SYSCTL_PROC(_net_inet_ip, OID_AUTO, maxf > NULL, 0, sysctl_maxnipq, "I", > "Maximum number of IPv4 fragment reassembly queue entries"); > > +#define M_IP_FRAG M_PROTO9 > + > /* > * Take incoming datagram fragment and try to reassemble it into > * whole datagram. If the argument is the first fragment or one > > Modified: head/sys/netinet/ip_var.h > > ============================================================================== > --- head/sys/netinet/ip_var.h Wed Mar 12 12:27:13 2014 (r263090) > +++ head/sys/netinet/ip_var.h Wed Mar 12 14:29:08 2014 (r263091) > @@ -162,15 +162,6 @@ void kmod_ipstat_dec(int statnum); > #define IP_ROUTETOIF SO_DONTROUTE /* 0x10 bypass routing > tables */ > #define IP_ALLOWBROADCAST SO_BROADCAST /* 0x20 can send broadcast > packets */ > > -/* > - * IPv4 protocol layer specific mbuf flags. > - */ > -#define M_FASTFWD_OURS M_PROTO1 /* changed dst to > local */ > -#define M_IP_NEXTHOP M_PROTO2 /* explicit ip > nexthop */ > -#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall > processing, > - keep in sync with IP6 */ > -#define M_IP_FRAG M_PROTO4 /* fragment > reassembly */ > - > #ifdef __NO_STRICT_ALIGNMENT > #define IP_HDR_ALIGNED_P(ip) 1 > #else > > Modified: head/sys/netinet6/in6.h > > ============================================================================== > --- head/sys/netinet6/in6.h Wed Mar 12 12:27:13 2014 (r263090) > +++ head/sys/netinet6/in6.h Wed Mar 12 14:29:08 2014 (r263091) > @@ -622,13 +622,18 @@ struct ip6_mtuinfo { > #endif /* __BSD_VISIBLE */ > > /* > - * Redefinition of mbuf flags > + * Since both netinet/ and netinet6/ call into netipsec/ and netpfil/, > + * the protocol specific mbuf flags are shared between them. > */ > -#define M_AUTHIPHDR M_PROTO2 > -#define M_DECRYPTED M_PROTO3 > -#define M_LOOP M_PROTO4 > -#define M_AUTHIPDGM M_PROTO5 > -#define M_RTALERT_MLD M_PROTO6 > +#define M_FASTFWD_OURS M_PROTO1 /* changed dst to > local */ > +#define M_IP6_NEXTHOP M_PROTO2 /* explicit ip > nexthop */ > +#define M_IP_NEXTHOP M_PROTO2 /* explicit ip > nexthop */ > +#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall > processing */ > +#define M_AUTHIPHDR M_PROTO4 > +#define M_DECRYPTED M_PROTO5 > +#define M_LOOP M_PROTO6 > +#define M_AUTHIPDGM M_PROTO7 > +#define M_RTALERT_MLD M_PROTO8 > > #ifdef _KERNEL > struct cmsghdr; > > Modified: head/sys/netinet6/ip6_var.h > > ============================================================================== > --- head/sys/netinet6/ip6_var.h Wed Mar 12 12:27:13 2014 (r263090) > +++ head/sys/netinet6/ip6_var.h Wed Mar 12 14:29:08 2014 (r263091) > @@ -293,13 +293,6 @@ struct ip6aux { > #define IPV6_FORWARDING 0x02 /* most of IPv6 header > exists */ > #define IPV6_MINMTU 0x04 /* use minimum MTU > (IPV6_USE_MIN_MTU) */ > > -/* > - * IPv6 protocol layer specific mbuf flags. > - */ > -#define M_IP6_NEXTHOP M_PROTO2 /* explicit ip > nexthop */ > -#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall > processing, > - keep in sync with IPv4 > */ > - > #ifdef __NO_STRICT_ALIGNMENT > #define IP6_HDR_ALIGNED_P(ip) 1 > #else > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ-VmomowyL8D74g9j8PF4XedXmUA%2BjfqHfyXYT0gSOCW1mLBg>