From owner-svn-src-all@freebsd.org Sat Oct 15 00:01:23 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5A63DC1046A for ; Sat, 15 Oct 2016 00:01:23 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qk0-x231.google.com (mail-qk0-x231.google.com [IPv6:2607:f8b0:400d:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0B386D9E for ; Sat, 15 Oct 2016 00:01:23 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-qk0-x231.google.com with SMTP id o68so214609857qkf.3 for ; Fri, 14 Oct 2016 17:01:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=9bxD518i0BIPGecK1r8L2XzaOOPYnmjSPQ8FL6KZVRg=; b=Ejkq+FetP9tYtd7Kw7OS4ontImcp1J3JfiTwIvoBfa2NKxjibK9cE01HxU8AXDjlrO 6k5bQHIIdoau9CayWmwxhDrP2j2a6ujcdDVRwLJbCnIVgJsbokt8akZ7Xl3J0cALSTGB 8vT34fpmv8TmMNZDJniuoVNE+eyx28ZSjhe7H7NfhGTtBznK0f8cJSlaQRKehIVxKCOD W9wWrmMa2q/9of2CJhvF3yn1jRuzaUu/Q23v8+vWUnyXYDjOh2x6QiNZYtAcrpyhzp4I T6i7k3wqOBl5HTM0IX7T76snqpk3P6nEvPV+uc0ho5S6fUL/eTFgxRtMJd+kO61ZoxkT 1Hew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=9bxD518i0BIPGecK1r8L2XzaOOPYnmjSPQ8FL6KZVRg=; b=hQzoNlZWn6pK6dddsz0PdeP9oae64bPoBh49hDR9py5UN9VR1tHiw9d69qg5VQVSmc dZtxo5oKhCt1tS33nasUXkjElYJy0VlP/jUPsUS6RIM6Cm5lQ7MeF/GrdZw5wJucmXGm al4S2ewpogxZRT9xdZF40tXL2SCtRntwSdGD8Wkxq/Z5CYad52tKqcXCpNRPYke9faR1 JzA5kohHTQ2NRA2lY4p9Ui7voDvJJ63U6B3G3kfSWrohv0xZX7X2Jc7YD7aK4t/66WwO ONxdcsJMhUuiLFb4KOwytUZNU5g9uN9zhvh6mmnW3+Em77/kdTfvQCaEfibnP57/Y3M6 Mwig== X-Gm-Message-State: AA6/9Rkuy1LDJHXlqHX2g8w/X4Ddce8wBYhx6NddAZo8gp17to4u6K5PqOWnCaO3flEnrtcR X-Received: by 10.55.162.150 with SMTP id l144mr15859593qke.72.1476489682130; Fri, 14 Oct 2016 17:01:22 -0700 (PDT) Received: from mutt-hardenedbsd (pool-100-16-218-231.bltmmd.fios.verizon.net. [100.16.218.231]) by smtp.gmail.com with ESMTPSA id y33sm8827397qtc.34.2016.10.14.17.01.20 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 14 Oct 2016 17:01:20 -0700 (PDT) Date: Fri, 14 Oct 2016 20:01:19 -0400 From: Shawn Webb To: "Jonathan T. Looney" Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r307082 - in head: . sys/amd64/conf sys/arm/conf sys/arm64/conf sys/conf sys/i386/conf sys/mips/conf sys/modules/cc sys/modules/khelp sys/netinet sys/netinet/tcp_stacks sys/pc98/conf sy... Message-ID: <20161015000119.GA17390@mutt-hardenedbsd> References: <201610120216.u9C2Gga8041814@repo.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="H+4ONPRPur6+Ovig" Content-Disposition: inline In-Reply-To: <201610120216.u9C2Gga8041814@repo.freebsd.org> X-Operating-System: FreeBSD mutt-hardenedbsd 12.0-CURRENT-HBSD FreeBSD 12.0-CURRENT-HBSD X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: Mutt/1.6.1 (2016-04-27) X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Oct 2016 00:01:23 -0000 --H+4ONPRPur6+Ovig Content-Type: multipart/mixed; boundary="ReaqsoxgOBHFXBhH" Content-Disposition: inline --ReaqsoxgOBHFXBhH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Oct 12, 2016 at 02:16:42AM +0000, Jonathan T. Looney wrote: > Author: jtl > Date: Wed Oct 12 02:16:42 2016 > New Revision: 307082 > URL: https://svnweb.freebsd.org/changeset/base/307082 >=20 > Log: > In the TCP stack, the hhook(9) framework provides hooks for kernel modu= les > to add actions that run when a TCP frame is sent or received on a TCP > session in the ESTABLISHED state. In the base tree, this functionality = is > only used for the h_ertt module, which is used by the cc_cdg, cc_chd, c= c_hd, > and cc_vegas congestion control modules. > =20 > Presently, we incur overhead to check for hooks each time a TCP frame is > sent or received on an ESTABLISHED TCP session. > =20 > This change adds a new compile-time option (TCP_HHOOK) to determine whe= ther > to include the hhook(9) framework for TCP. To retain backwards > compatibility, I added the TCP_HHOOK option to every configuration file= that > already defined "options INET". (Therefore, this patch introduces no > functional change. In order to see a functional difference, you need to > compile a custom kernel without the TCP_HHOOK option.) This change will > allow users to easily exclude this functionality from their kernel, sho= uld > they wish to do so. > =20 > Note that any users who use a custom kernel configuration and use one o= f the > congestion control modules listed above will need to add the TCP_HHOOK > option to their kernel configuration. > =20 > Reviewed by: rrs, lstewart, hiren (previous version), sjg (makefiles on= ly) > Sponsored by: Netflix > Differential Revision: https://reviews.freebsd.org/D8185 This commit breaks the build when VNET is enabled. Attached is a candidate patch to fix. If the patch doesn't make it to the list, I've pasted it here: http://ix.io/1wbE Thanks, --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --ReaqsoxgOBHFXBhH Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="2016-10-14-tcp_subr.c.patch.txt" Content-Transfer-Encoding: quoted-printable diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index b8c9ff0..e69c3d4 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -742,7 +742,10 @@ tcp_init(void) static void tcp_destroy(void *unused __unused) { - int error, n; + int n; +#ifdef TCP_HHOOK + int error; +#endif =20 /* * All our processes are gone, all our sockets should be cleaned --ReaqsoxgOBHFXBhH-- --H+4ONPRPur6+Ovig Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJYAXHMAAoJEGqEZY9SRW7ur/YQAIr0AlUhxRxuPJwatB+Y9Iyx qbiN3PgBgtCjYXA0JMqZuJP775xnF//pvyXvRgRev1lTTLTK6MLd+j/xTT+kT70l vWCkLI2iNhEz3ZWN2vIIlJbq4fMsyxVTehb07IqdLRehlbvS+Y+cB7Ck6xRFo+DX 0icx4KfWC+zHHtE2ZzyLGb28BLJgk22lBZe5lB4luvsnEIVC37O4A1wAoLw82fMY GYuSnnSVgDPyBYwAvNQa///tVb9iM6EtvCNN6p44NrOtKZRzJIA3BJrwOF94rfB/ wyvW5RXpkRwYiKfwQiyzUvLQf/uRXvYdZfkyjxPq8veaivozTScBXblDQSLjH88P EjuKVu/H94zlTXeNNtXClbL6zLxFankzCFbvhHTtvZ40ajSqF1LfrFo4lZqAWi7/ 7XSiFq4e9w2CdldoMquMIn8/naVELwhWGnm7SD2rSIGk1pWOpOyk0Vm+2VpgvA5j lc/Ef07vQorTwEhmlS0inqEoji1+j2EUVWuTbVe3AgOzYEXBZtbtrcZYdw/O6zwX sr7to/XDtkfAkTgpWsYmb+r91Ngy7EsaLGMtMfYWb7d7ajUhRcmxANiuNN7UiS6O aQkXMhxjXCDQXrFPw2DI/Cg83SSyCqmwrncAXJCXhBf744Hs5f7vCt8gLtXy2rB9 LBTMaLGTGjQ4nDq3e5c+ =laFA -----END PGP SIGNATURE----- --H+4ONPRPur6+Ovig--