Date: Fri, 14 Oct 2016 20:01:19 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: "Jonathan T. Looney" <jtl@FreeBSD.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r307082 - in head: . sys/amd64/conf sys/arm/conf sys/arm64/conf sys/conf sys/i386/conf sys/mips/conf sys/modules/cc sys/modules/khelp sys/netinet sys/netinet/tcp_stacks sys/pc98/conf sy... Message-ID: <20161015000119.GA17390@mutt-hardenedbsd> In-Reply-To: <201610120216.u9C2Gga8041814@repo.freebsd.org> References: <201610120216.u9C2Gga8041814@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--H+4ONPRPur6+Ovig Content-Type: multipart/mixed; boundary="ReaqsoxgOBHFXBhH" Content-Disposition: inline --ReaqsoxgOBHFXBhH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Oct 12, 2016 at 02:16:42AM +0000, Jonathan T. Looney wrote: > Author: jtl > Date: Wed Oct 12 02:16:42 2016 > New Revision: 307082 > URL: https://svnweb.freebsd.org/changeset/base/307082 >=20 > Log: > In the TCP stack, the hhook(9) framework provides hooks for kernel modu= les > to add actions that run when a TCP frame is sent or received on a TCP > session in the ESTABLISHED state. In the base tree, this functionality = is > only used for the h_ertt module, which is used by the cc_cdg, cc_chd, c= c_hd, > and cc_vegas congestion control modules. > =20 > Presently, we incur overhead to check for hooks each time a TCP frame is > sent or received on an ESTABLISHED TCP session. > =20 > This change adds a new compile-time option (TCP_HHOOK) to determine whe= ther > to include the hhook(9) framework for TCP. To retain backwards > compatibility, I added the TCP_HHOOK option to every configuration file= that > already defined "options INET". (Therefore, this patch introduces no > functional change. In order to see a functional difference, you need to > compile a custom kernel without the TCP_HHOOK option.) This change will > allow users to easily exclude this functionality from their kernel, sho= uld > they wish to do so. > =20 > Note that any users who use a custom kernel configuration and use one o= f the > congestion control modules listed above will need to add the TCP_HHOOK > option to their kernel configuration. > =20 > Reviewed by: rrs, lstewart, hiren (previous version), sjg (makefiles on= ly) > Sponsored by: Netflix > Differential Revision: https://reviews.freebsd.org/D8185 This commit breaks the build when VNET is enabled. Attached is a candidate patch to fix. If the patch doesn't make it to the list, I've pasted it here: http://ix.io/1wbE Thanks, --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --ReaqsoxgOBHFXBhH Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="2016-10-14-tcp_subr.c.patch.txt" Content-Transfer-Encoding: quoted-printable diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index b8c9ff0..e69c3d4 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -742,7 +742,10 @@ tcp_init(void) static void tcp_destroy(void *unused __unused) { - int error, n; + int n; +#ifdef TCP_HHOOK + int error; +#endif =20 /* * All our processes are gone, all our sockets should be cleaned --ReaqsoxgOBHFXBhH-- --H+4ONPRPur6+Ovig Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJYAXHMAAoJEGqEZY9SRW7ur/YQAIr0AlUhxRxuPJwatB+Y9Iyx qbiN3PgBgtCjYXA0JMqZuJP775xnF//pvyXvRgRev1lTTLTK6MLd+j/xTT+kT70l vWCkLI2iNhEz3ZWN2vIIlJbq4fMsyxVTehb07IqdLRehlbvS+Y+cB7Ck6xRFo+DX 0icx4KfWC+zHHtE2ZzyLGb28BLJgk22lBZe5lB4luvsnEIVC37O4A1wAoLw82fMY GYuSnnSVgDPyBYwAvNQa///tVb9iM6EtvCNN6p44NrOtKZRzJIA3BJrwOF94rfB/ wyvW5RXpkRwYiKfwQiyzUvLQf/uRXvYdZfkyjxPq8veaivozTScBXblDQSLjH88P EjuKVu/H94zlTXeNNtXClbL6zLxFankzCFbvhHTtvZ40ajSqF1LfrFo4lZqAWi7/ 7XSiFq4e9w2CdldoMquMIn8/naVELwhWGnm7SD2rSIGk1pWOpOyk0Vm+2VpgvA5j lc/Ef07vQorTwEhmlS0inqEoji1+j2EUVWuTbVe3AgOzYEXBZtbtrcZYdw/O6zwX sr7to/XDtkfAkTgpWsYmb+r91Ngy7EsaLGMtMfYWb7d7ajUhRcmxANiuNN7UiS6O aQkXMhxjXCDQXrFPw2DI/Cg83SSyCqmwrncAXJCXhBf744Hs5f7vCt8gLtXy2rB9 LBTMaLGTGjQ4nDq3e5c+ =laFA -----END PGP SIGNATURE----- --H+4ONPRPur6+Ovig--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20161015000119.GA17390>