From owner-svn-src-projects@FreeBSD.ORG Thu Mar 1 14:42:07 2012 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 528AE106566C; Thu, 1 Mar 2012 14:42:07 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 3CE4F8FC18; Thu, 1 Mar 2012 14:42:07 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q21Eg7kS083262; Thu, 1 Mar 2012 14:42:07 GMT (envelope-from glebius@svn.freebsd.org) Received: (from glebius@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q21Eg70a083257; Thu, 1 Mar 2012 14:42:07 GMT (envelope-from glebius@svn.freebsd.org) Message-Id: <201203011442.q21Eg70a083257@svn.freebsd.org> From: Gleb Smirnoff Date: Thu, 1 Mar 2012 14:42:07 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r232340 - projects/pf/head/sys/contrib/pf/net X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Mar 2012 14:42:07 -0000 Author: glebius Date: Thu Mar 1 14:42:06 2012 New Revision: 232340 URL: http://svn.freebsd.org/changeset/base/232340 Log: o Axe intermediate struct pf_state_item, instead embed TAILQ_ENTRY right into struct pf_state. Axe associated UMA zone. - More PF_RULES_RASSERT. - Minor unrelated nits. Modified: projects/pf/head/sys/contrib/pf/net/if_pfsync.c projects/pf/head/sys/contrib/pf/net/pf.c projects/pf/head/sys/contrib/pf/net/pf_ioctl.c projects/pf/head/sys/contrib/pf/net/pfvar.h Modified: projects/pf/head/sys/contrib/pf/net/if_pfsync.c ============================================================================== --- projects/pf/head/sys/contrib/pf/net/if_pfsync.c Thu Mar 1 14:39:01 2012 (r232339) +++ projects/pf/head/sys/contrib/pf/net/if_pfsync.c Thu Mar 1 14:42:06 2012 (r232340) @@ -682,9 +682,8 @@ pfsync_in_clr(struct pfsync_pkt *pkt, st int len = sizeof(*clr) * count; int i, offp; - struct pf_state *st, *nexts; + struct pf_state *si, *st, *nexts; struct pf_state_key *sk, *nextsk; - struct pf_state_item *si; u_int32_t creatorid; mp = m_pulldown(m, offset, len, &offp); @@ -716,11 +715,11 @@ pfsync_in_clr(struct pfsync_pkt *pkt, st sk; sk = nextsk) { nextsk = RB_NEXT(pf_state_tree, &V_pf_statetbl, sk); - TAILQ_FOREACH(si, &sk->states, entry) { - if (si->s->creatorid == creatorid) { - SET(si->s->state_flags, + TAILQ_FOREACH(si, &sk->states, key_list) { + if (si->creatorid == creatorid) { + SET(si->state_flags, PFSTATE_NOSYNC); - pf_unlink_state(si->s); + pf_unlink_state(si); } } } Modified: projects/pf/head/sys/contrib/pf/net/pf.c ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pf.c Thu Mar 1 14:39:01 2012 (r232339) +++ projects/pf/head/sys/contrib/pf/net/pf.c Thu Mar 1 14:42:06 2012 (r232340) @@ -160,7 +160,6 @@ VNET_DEFINE(uma_zone_t, pf_rule_pl); VNET_DEFINE(uma_zone_t, pf_pooladdr_pl); VNET_DEFINE(uma_zone_t, pf_state_pl); VNET_DEFINE(uma_zone_t, pf_state_key_pl); -VNET_DEFINE(uma_zone_t, pf_state_item_pl); VNET_DEFINE(uma_zone_t, pf_altq_pl); static void pf_src_tree_remove_state(struct pf_state *); @@ -678,24 +677,23 @@ pf_state_compare_id(struct pf_state *a, static int pf_state_key_attach(struct pf_state_key *sk, struct pf_state *s, int idx) { - struct pf_state_item *si; struct pf_state_key *cur; - struct pf_state *olds = NULL; + struct pf_state *si, *olds = NULL; KASSERT(s->key[idx] == NULL, ("%s: key is null!", __func__)); if ((cur = RB_INSERT(pf_state_tree, &V_pf_statetbl, sk)) != NULL) { /* key exists. check for same kif, if none, add to key */ - TAILQ_FOREACH(si, &cur->states, entry) - if (si->s->kif == s->kif && - si->s->direction == s->direction) { + TAILQ_FOREACH(si, &cur->states, key_list) + if (si->kif == s->kif && + si->direction == s->direction) { if (sk->proto == IPPROTO_TCP && - si->s->src.state >= TCPS_FIN_WAIT_2 && - si->s->dst.state >= TCPS_FIN_WAIT_2) { - si->s->src.state = si->s->dst.state = + si->src.state >= TCPS_FIN_WAIT_2 && + si->dst.state >= TCPS_FIN_WAIT_2) { + si->src.state = si->dst.state = TCPS_CLOSED; /* unlink late or sks can go away */ - olds = si->s; + olds = si; } else { if (V_pf_status.debug >= PF_DEBUG_MISC) { printf("pf: %s key attach " @@ -709,7 +707,7 @@ pf_state_key_attach(struct pf_state_key (idx == PF_SK_STACK) ? sk : NULL); printf(", existing: "); - pf_print_state_parts(si->s, + pf_print_state_parts(si, (idx == PF_SK_WIRE) ? sk : NULL, (idx == PF_SK_STACK) ? @@ -725,17 +723,11 @@ pf_state_key_attach(struct pf_state_key } else s->key[idx] = sk; - if ((si = uma_zalloc(V_pf_state_item_pl, M_NOWAIT)) == NULL) { - pf_state_key_detach(s, idx); - return (-1); - } - si->s = s; - /* list is sorted, if-bound states before floating */ if (s->kif == V_pfi_all) - TAILQ_INSERT_TAIL(&s->key[idx]->states, si, entry); + TAILQ_INSERT_TAIL(&s->key[idx]->states, s, key_list); else - TAILQ_INSERT_HEAD(&s->key[idx]->states, si, entry); + TAILQ_INSERT_HEAD(&s->key[idx]->states, s, key_list); if (olds) pf_unlink_state(olds); @@ -759,22 +751,19 @@ pf_detach_state(struct pf_state *s) static void pf_state_key_detach(struct pf_state *s, int idx) { - struct pf_state_item *si; + struct pf_state *si; si = TAILQ_FIRST(&s->key[idx]->states); - while (si && si->s != s) - si = TAILQ_NEXT(si, entry); + while (si && si != s) + si = TAILQ_NEXT(si, key_list); - if (si) { - TAILQ_REMOVE(&s->key[idx]->states, si, entry); - uma_zfree(V_pf_state_item_pl, si); - } + if (si) + TAILQ_REMOVE(&s->key[idx]->states, si, key_list); if (TAILQ_EMPTY(&s->key[idx]->states)) { RB_REMOVE(pf_state_tree, &V_pf_statetbl, s->key[idx]); if (s->key[idx]->reverse) s->key[idx]->reverse->reverse = NULL; - /* XXX: implement this */ uma_zfree(V_pf_state_key_pl, s->key[idx]); } s->key[idx] = NULL; @@ -927,7 +916,7 @@ pf_find_state(struct pfi_kif *kif, struc struct mbuf *m, struct pf_mtag *pftag) { struct pf_state_key *sk; - struct pf_state_item *si; + struct pf_state *si; V_pf_status.fcounters[FCNT_STATE_SEARCH]++; @@ -951,11 +940,11 @@ pf_find_state(struct pfi_kif *kif, struc pftag->statekey = NULL; /* list is sorted, if-bound states before floating ones */ - TAILQ_FOREACH(si, &sk->states, entry) - if ((si->s->kif == V_pfi_all || si->s->kif == kif) && - sk == (dir == PF_IN ? si->s->key[PF_SK_WIRE] : - si->s->key[PF_SK_STACK])) - return (si->s); + TAILQ_FOREACH(si, &sk->states, key_list) + if ((si->kif == V_pfi_all || si->kif == kif) && + sk == (dir == PF_IN ? si->key[PF_SK_WIRE] : + si->key[PF_SK_STACK])) + return (si); return (NULL); } @@ -964,26 +953,27 @@ struct pf_state * pf_find_state_all(struct pf_state_key_cmp *key, u_int dir, int *more) { struct pf_state_key *sk; - struct pf_state_item *si, *ret = NULL; + struct pf_state *s, *ret = NULL; V_pf_status.fcounters[FCNT_STATE_SEARCH]++; sk = RB_FIND(pf_state_tree, &V_pf_statetbl, (struct pf_state_key *)key); if (sk != NULL) { - TAILQ_FOREACH(si, &sk->states, entry) + TAILQ_FOREACH(s, &sk->states, key_list) if (dir == PF_INOUT || - (sk == (dir == PF_IN ? si->s->key[PF_SK_WIRE] : - si->s->key[PF_SK_STACK]))) { + (sk == (dir == PF_IN ? s->key[PF_SK_WIRE] : + s->key[PF_SK_STACK]))) { if (more == NULL) - return (si->s); + return (s); if (ret) (*more)++; else - ret = si; + ret = s; } } - return (ret ? ret->s : NULL); + + return (ret); } /* END state table stuff */ @@ -1157,9 +1147,6 @@ pf_src_tree_remove_state(struct pf_state void pf_unlink_state(struct pf_state *cur) { - if (cur->local_flags & PFSTATE_EXPIRING) - return; - cur->local_flags |= PFSTATE_EXPIRING; if (cur->src.state == PF_TCPS_PROXY_DST) { /* XXX wire key the right one? */ @@ -2206,6 +2193,8 @@ pf_step_into_anchor(int *depth, struct p { struct pf_anchor_stackframe *f; + PF_RULES_RASSERT(); + (*r)->anchor->match = 0; if (match) *match = 0; @@ -2242,6 +2231,8 @@ pf_step_out_of_anchor(int *depth, struct struct pf_anchor_stackframe *f; int quick = 0; + PF_RULES_RASSERT(); + do { if (*depth <= 0) break; @@ -3280,6 +3271,8 @@ pf_test_fragment(struct pf_rule **rm, in int asd = 0; int match = 0; + PF_RULES_RASSERT(); + r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_FILTER].active.ptr); while (r != NULL) { r->evaluations++; Modified: projects/pf/head/sys/contrib/pf/net/pf_ioctl.c ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pf_ioctl.c Thu Mar 1 14:39:01 2012 (r232339) +++ projects/pf/head/sys/contrib/pf/net/pf_ioctl.c Thu Mar 1 14:42:06 2012 (r232340) @@ -257,7 +257,6 @@ cleanup_pf_zone(void) uma_zdestroy(V_pf_rule_pl); uma_zdestroy(V_pf_state_pl); uma_zdestroy(V_pf_state_key_pl); - uma_zdestroy(V_pf_state_item_pl); uma_zdestroy(V_pf_altq_pl); uma_zdestroy(V_pf_pooladdr_pl); uma_zdestroy(V_pfr_ktable_pl); @@ -279,9 +278,6 @@ pfattach(void) V_pf_state_key_pl = uma_zcreate("pfstatekeypl", sizeof(struct pf_state_key), NULL, NULL, NULL, NULL,UMA_ALIGN_PTR, 0); - V_pf_state_item_pl = uma_zcreate("pfstateitempl", - sizeof(struct pf_state_item), NULL, NULL, NULL, NULL, - UMA_ALIGN_PTR, 0); V_pf_altq_pl = uma_zcreate("pfaltqpl", sizeof(struct pf_altq), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); V_pf_pooladdr_pl = uma_zcreate("pfpooladdrpl", Modified: projects/pf/head/sys/contrib/pf/net/pfvar.h ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pfvar.h Thu Mar 1 14:39:01 2012 (r232339) +++ projects/pf/head/sys/contrib/pf/net/pfvar.h Thu Mar 1 14:42:06 2012 (r232340) @@ -764,13 +764,6 @@ struct pf_state_key_cmp { u_int8_t pad[2]; }; -struct pf_state_item { - TAILQ_ENTRY(pf_state_item) entry; - struct pf_state *s; -}; - -TAILQ_HEAD(pf_statelisthead, pf_state_item); - struct pf_state_key { struct pf_addr addr[2]; u_int16_t port[2]; @@ -779,7 +772,7 @@ struct pf_state_key { u_int8_t pad[2]; RB_ENTRY(pf_state_key) entry; - struct pf_statelisthead states; + TAILQ_HEAD(, pf_state) states; struct pf_state_key *reverse; struct inpcb *inp; }; @@ -797,11 +790,9 @@ struct pf_state { u_int32_t creatorid; u_int8_t direction; u_int8_t pad[2]; - u_int8_t local_flags; -#define PFSTATE_EXPIRING 0x01 - TAILQ_ENTRY(pf_state) sync_list; TAILQ_ENTRY(pf_state) entry_list; + TAILQ_ENTRY(pf_state) key_list; RB_ENTRY(pf_state) entry_id; struct pf_state_peer src; struct pf_state_peer dst; @@ -882,9 +873,7 @@ struct pfsync_state { sa_family_t af; u_int8_t proto; u_int8_t direction; - u_int8_t local_flags; -#define PFSTATE_EXPIRING 0x01 - + u_int8_t __spare; u_int8_t log; u_int8_t state_flags; u_int8_t timeout; @@ -1766,8 +1755,6 @@ VNET_DECLARE(uma_zone_t, pf_state_pl); #define V_pf_state_pl VNET(pf_state_pl) VNET_DECLARE(uma_zone_t, pf_state_key_pl); #define V_pf_state_key_pl VNET(pf_state_key_pl) -VNET_DECLARE(uma_zone_t, pf_state_item_pl); -#define V_pf_state_item_pl VNET(pf_state_item_pl) VNET_DECLARE(uma_zone_t, pf_altq_pl); #define V_pf_altq_pl VNET(pf_altq_pl) VNET_DECLARE(uma_zone_t, pf_pooladdr_pl);