From owner-svn-src-head@FreeBSD.ORG Wed Mar 12 19:58:12 2014 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3C63542A; Wed, 12 Mar 2014 19:58:12 +0000 (UTC) Received: from mail-qa0-x22f.google.com (mail-qa0-x22f.google.com [IPv6:2607:f8b0:400d:c00::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id B6272A2E; Wed, 12 Mar 2014 19:58:11 +0000 (UTC) Received: by mail-qa0-f47.google.com with SMTP id w5so2489qac.34 for ; Wed, 12 Mar 2014 12:58:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ECDq/vtydSeEAHH6kfk8l82I/EmFCgyxh0N4Hz7OJgA=; b=pyTo4DUgpYBjLALB5y6llQbpbSTA26gfmYT4tJdtKghaoo5LPZC7mtJVxpXne7IWBR +FgHxGL5QvacbUf+TrOeRWgxlhqEMiubCVa35nfycwFjPvFY7UyOa05bMeCZi72iEP7H l+OTFil8LfXzUTcmb3X6Rm/DV+/1Vhu7tEmoNPgcRSTaTNFLGMW2TAZwjEjHG272350D hYcYWSIAKRCpjB5AvYg8ssYyJ6Mn3rMmMJ9BCtPJkQ9+hPMYO2mgi8iH72a0y/Yk73sl gkhv3hyTHbgSKlXVGxj19T1U62EEuLHlDsTsodSpCo38nHRHX56l4c/0x4pRA3ykUPHD AzOQ== MIME-Version: 1.0 X-Received: by 10.140.50.169 with SMTP id s38mr41552794qga.12.1394654290905; Wed, 12 Mar 2014 12:58:10 -0700 (PDT) Received: by 10.224.8.137 with HTTP; Wed, 12 Mar 2014 12:58:10 -0700 (PDT) Received: by 10.224.8.137 with HTTP; Wed, 12 Mar 2014 12:58:10 -0700 (PDT) In-Reply-To: <201403121429.s2CET8Hh038762@svn.freebsd.org> References: <201403121429.s2CET8Hh038762@svn.freebsd.org> Date: Wed, 12 Mar 2014 12:58:10 -0700 Message-ID: Subject: Re: svn commit: r263091 - in head/sys: netinet netinet6 From: Adrian Chadd To: Gleb Smirnoff Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Mar 2014 19:58:12 -0000 Will this work for non inet6 builds? Adrian On Mar 12, 2014 7:29 AM, "Gleb Smirnoff" wrote: > Author: glebius > Date: Wed Mar 12 14:29:08 2014 > New Revision: 263091 > URL: http://svnweb.freebsd.org/changeset/base/263091 > > Log: > Since both netinet/ and netinet6/ call into netipsec/ and netpfil/, > the protocol specific mbuf flags are shared between them. > > - Move all M_FOO definitions into a single place: netinet/in6.h, to > avoid future clashes. > - Resolve clash between M_DECRYPTED and M_SKIP_FIREWALL which resulted > in a failure of operation of IPSEC and packet filters. > > Thanks to Nicolas and Georgios for all the hard work on bisecting, > testing and finally finding the root of the problem. > > PR: kern/186755 > PR: kern/185876 > In collaboration with: Georgios Amanakis > In collaboration with: Nicolas DEFFAYET > Sponsored by: Nginx, Inc. > > Modified: > head/sys/netinet/ip_input.c > head/sys/netinet/ip_var.h > head/sys/netinet6/in6.h > head/sys/netinet6/ip6_var.h > > Modified: head/sys/netinet/ip_input.c > > ============================================================================== > --- head/sys/netinet/ip_input.c Wed Mar 12 12:27:13 2014 (r263090) > +++ head/sys/netinet/ip_input.c Wed Mar 12 14:29:08 2014 (r263091) > @@ -702,6 +702,7 @@ ours: > * ip_reass() will return a different mbuf. > */ > if (ip->ip_off & htons(IP_MF | IP_OFFMASK)) { > + /* XXXGL: shouldn't we save & set m_flags? */ > m = ip_reass(m); > if (m == NULL) > return; > @@ -794,6 +795,8 @@ SYSCTL_PROC(_net_inet_ip, OID_AUTO, maxf > NULL, 0, sysctl_maxnipq, "I", > "Maximum number of IPv4 fragment reassembly queue entries"); > > +#define M_IP_FRAG M_PROTO9 > + > /* > * Take incoming datagram fragment and try to reassemble it into > * whole datagram. If the argument is the first fragment or one > > Modified: head/sys/netinet/ip_var.h > > ============================================================================== > --- head/sys/netinet/ip_var.h Wed Mar 12 12:27:13 2014 (r263090) > +++ head/sys/netinet/ip_var.h Wed Mar 12 14:29:08 2014 (r263091) > @@ -162,15 +162,6 @@ void kmod_ipstat_dec(int statnum); > #define IP_ROUTETOIF SO_DONTROUTE /* 0x10 bypass routing > tables */ > #define IP_ALLOWBROADCAST SO_BROADCAST /* 0x20 can send broadcast > packets */ > > -/* > - * IPv4 protocol layer specific mbuf flags. > - */ > -#define M_FASTFWD_OURS M_PROTO1 /* changed dst to > local */ > -#define M_IP_NEXTHOP M_PROTO2 /* explicit ip > nexthop */ > -#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall > processing, > - keep in sync with IP6 */ > -#define M_IP_FRAG M_PROTO4 /* fragment > reassembly */ > - > #ifdef __NO_STRICT_ALIGNMENT > #define IP_HDR_ALIGNED_P(ip) 1 > #else > > Modified: head/sys/netinet6/in6.h > > ============================================================================== > --- head/sys/netinet6/in6.h Wed Mar 12 12:27:13 2014 (r263090) > +++ head/sys/netinet6/in6.h Wed Mar 12 14:29:08 2014 (r263091) > @@ -622,13 +622,18 @@ struct ip6_mtuinfo { > #endif /* __BSD_VISIBLE */ > > /* > - * Redefinition of mbuf flags > + * Since both netinet/ and netinet6/ call into netipsec/ and netpfil/, > + * the protocol specific mbuf flags are shared between them. > */ > -#define M_AUTHIPHDR M_PROTO2 > -#define M_DECRYPTED M_PROTO3 > -#define M_LOOP M_PROTO4 > -#define M_AUTHIPDGM M_PROTO5 > -#define M_RTALERT_MLD M_PROTO6 > +#define M_FASTFWD_OURS M_PROTO1 /* changed dst to > local */ > +#define M_IP6_NEXTHOP M_PROTO2 /* explicit ip > nexthop */ > +#define M_IP_NEXTHOP M_PROTO2 /* explicit ip > nexthop */ > +#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall > processing */ > +#define M_AUTHIPHDR M_PROTO4 > +#define M_DECRYPTED M_PROTO5 > +#define M_LOOP M_PROTO6 > +#define M_AUTHIPDGM M_PROTO7 > +#define M_RTALERT_MLD M_PROTO8 > > #ifdef _KERNEL > struct cmsghdr; > > Modified: head/sys/netinet6/ip6_var.h > > ============================================================================== > --- head/sys/netinet6/ip6_var.h Wed Mar 12 12:27:13 2014 (r263090) > +++ head/sys/netinet6/ip6_var.h Wed Mar 12 14:29:08 2014 (r263091) > @@ -293,13 +293,6 @@ struct ip6aux { > #define IPV6_FORWARDING 0x02 /* most of IPv6 header > exists */ > #define IPV6_MINMTU 0x04 /* use minimum MTU > (IPV6_USE_MIN_MTU) */ > > -/* > - * IPv6 protocol layer specific mbuf flags. > - */ > -#define M_IP6_NEXTHOP M_PROTO2 /* explicit ip > nexthop */ > -#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall > processing, > - keep in sync with IPv4 > */ > - > #ifdef __NO_STRICT_ALIGNMENT > #define IP6_HDR_ALIGNED_P(ip) 1 > #else > >