Date: Fri, 17 Aug 2018 02:46:36 +0000 (UTC) From: Cy Schubert <cy@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r337948 - in stable: 10/sys/contrib/ipfilter/netinet 11/sys/contrib/ipfilter/netinet Message-ID: <201808170246.w7H2kaOR099491@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cy Date: Fri Aug 17 02:46:36 2018 New Revision: 337948 URL: https://svnweb.freebsd.org/changeset/base/337948 Log: MFC r337558, r337560 r337558: Identify the return value (rval) that led to the IPv4 NAT failure in ipf_nat_checkout() and report it in the frb_natv4out and frb_natv4in dtrace probes. This is currently being used to diagnose NAT failures in PR/208566. It's rather handy so this commit makes it available for future diagnosis and debugging efforts. PR: 208566 r337560: Correct a comment. Should have been detected by ipf_nat_in() not ipf_nat_out(). Modified: stable/10/sys/contrib/ipfilter/netinet/ip_nat.c Directory Properties: stable/10/ (props changed) Changes in other areas also in this revision: Modified: stable/11/sys/contrib/ipfilter/netinet/ip_nat.c Directory Properties: stable/11/ (props changed) Modified: stable/10/sys/contrib/ipfilter/netinet/ip_nat.c ============================================================================== --- stable/10/sys/contrib/ipfilter/netinet/ip_nat.c Fri Aug 17 01:59:19 2018 (r337947) +++ stable/10/sys/contrib/ipfilter/netinet/ip_nat.c Fri Aug 17 02:46:36 2018 (r337948) @@ -4956,7 +4956,7 @@ retry_roundrobin: case 0 : continue; case -1 : - rval = -1; + rval = -3; goto outmatchfail; case 1 : default : @@ -5001,7 +5001,7 @@ retry_roundrobin: natfailed = 0; break; } - natfailed = -1; + natfailed = -2; } if ((np == NULL) && (nmsk < softn->ipf_nat_map_max)) { nmsk++; @@ -5026,15 +5026,23 @@ outmatchfail: switch (rval) { + case -3 : + /* ipf_nat_match() failure */ + /* FALLTHROUGH */ + case -2 : + /* retry_roundrobin loop failure */ + /* FALLTHROUGH */ case -1 : + /* proxy failure detected by ipf_nat_out() */ if (passp != NULL) { - DT1(frb_natv4out, fr_info_t *, fin); + DT2(frb_natv4out, fr_info_t *, fin, int, rval); NBUMPSIDED(1, ns_drop); *passp = FR_BLOCK; fin->fin_reason = FRB_NATV4; } fin->fin_flx |= FI_BADNAT; NBUMPSIDED(1, ns_badnat); + rval = -1; /* We only return -1 on error. */ break; case 0 : NBUMPSIDE(1, ns_ignored); @@ -5442,7 +5450,7 @@ retry_roundrobin: case 0 : continue; case -1 : - rval = -1; + rval = -3; goto inmatchfail; case 1 : default : @@ -5489,7 +5497,7 @@ retry_roundrobin: natfailed = 0; break; } - natfailed = -1; + natfailed = -2; } if ((np == NULL) && (rmsk < softn->ipf_nat_rdr_max)) { rmsk++; @@ -5514,15 +5522,23 @@ inmatchfail: switch (rval) { + case -3 : + /* ipf_nat_match() failure */ + /* FALLTHROUGH */ + case -2 : + /* retry_roundrobin loop failure */ + /* FALLTHROUGH */ case -1 : + /* proxy failure detected by ipf_nat_in() */ if (passp != NULL) { - DT1(frb_natv4in, fr_info_t *, fin); + DT2(frb_natv4in, fr_info_t *, fin, int, rval); NBUMPSIDED(0, ns_drop); *passp = FR_BLOCK; fin->fin_reason = FRB_NATV4; } fin->fin_flx |= FI_BADNAT; NBUMPSIDED(0, ns_badnat); + rval = -1; /* We only return -1 on error. */ break; case 0 : NBUMPSIDE(0, ns_ignored);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201808170246.w7H2kaOR099491>