From owner-svn-src-head@FreeBSD.ORG Sun Feb 1 21:11:09 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5C321106567C; Sun, 1 Feb 2009 21:11:09 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 475FF8FC08; Sun, 1 Feb 2009 21:11:09 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n11LB9G5066525; Sun, 1 Feb 2009 21:11:09 GMT (envelope-from bz@svn.freebsd.org) Received: (from bz@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n11LB9er066518; Sun, 1 Feb 2009 21:11:09 GMT (envelope-from bz@svn.freebsd.org) Message-Id: <200902012111.n11LB9er066518@svn.freebsd.org> From: "Bjoern A. Zeeb" Date: Sun, 1 Feb 2009 21:11:09 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r187989 - in head: . sys/netinet6 usr.bin/netstat X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Feb 2009 21:11:11 -0000 Author: bz Date: Sun Feb 1 21:11:08 2009 New Revision: 187989 URL: http://svn.freebsd.org/changeset/base/187989 Log: Remove the single global unlocked route cache ip6_forward_rt from the inet6 stack along with statistics and make sure we properly free the rt in all cases. While the current situation is not better performance wise it prevents panics seen more often these days. After more inet6 and ipsec cleanup we should be able to improve the situation again passing the rt to ip6_forward directly. Leave the ip6_forward_rt entry in struct vinet6 but mark it for removal. PR: kern/128247, kern/131038 MFC after: 25 days Committed from: Bugathon #6 Tested by: Denis Ahrens (different initial version) Modified: head/UPDATING head/sys/netinet6/frag6.c head/sys/netinet6/ip6_forward.c head/sys/netinet6/ip6_input.c head/sys/netinet6/ip6_var.h head/sys/netinet6/vinet6.h head/usr.bin/netstat/inet6.c Modified: head/UPDATING ============================================================================== --- head/UPDATING Sun Feb 1 20:18:27 2009 (r187988) +++ head/UPDATING Sun Feb 1 21:11:08 2009 (r187989) @@ -22,6 +22,10 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8. to maximize performance. (To disable malloc debugging, run ln -s aj /etc/malloc.conf.) +20090201: + INET6 statistics (struct ip6stat) was updated. + netstat(1) needs to be recompiled. + 20090119: NTFS has been removed from GENERIC kernel on amd64 to match GENERIC on i386. Should not cause any issues since mount_ntfs(8) Modified: head/sys/netinet6/frag6.c ============================================================================== --- head/sys/netinet6/frag6.c Sun Feb 1 20:18:27 2009 (r187988) +++ head/sys/netinet6/frag6.c Sun Feb 1 21:11:08 2009 (r187989) @@ -751,18 +751,6 @@ frag6_slowtimo(void) } VNET_LIST_RUNLOCK(); IP6Q_UNLOCK(); - -#if 0 - /* - * Routing changes might produce a better route than we last used; - * make sure we notice eventually, even if forwarding only for one - * destination and the cache is never replaced. - */ - if (V_ip6_forward_rt.ro_rt) { - RTFREE(V_ip6_forward_rt.ro_rt); - V_ip6_forward_rt.ro_rt = 0; - } -#endif } /* Modified: head/sys/netinet6/ip6_forward.c ============================================================================== --- head/sys/netinet6/ip6_forward.c Sun Feb 1 20:18:27 2009 (r187988) +++ head/sys/netinet6/ip6_forward.c Sun Feb 1 21:11:08 2009 (r187989) @@ -77,10 +77,6 @@ __FBSDID("$FreeBSD$"); #include -#ifdef VIMAGE_GLOBALS -struct route_in6 ip6_forward_rt; -#endif - /* * Forward a packet. If some error occurs return the sender * an icmp packet. Note we can't always generate a meaningful @@ -100,6 +96,7 @@ ip6_forward(struct mbuf *m, int srcrt) struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); struct sockaddr_in6 *dst = NULL; struct rtentry *rt = NULL; + struct route_in6 rin6; int error, type = 0, code = 0; struct mbuf *mcopy = NULL; struct ifnet *origifp; /* maybe unnecessary */ @@ -112,8 +109,6 @@ ip6_forward(struct mbuf *m, int srcrt) #endif char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN]; - /* GIANT_REQUIRED; */ /* XXX bz: ip6_forward_rt */ - #ifdef IPSEC /* * Check AH/ESP integrity. @@ -355,56 +350,27 @@ ip6_forward(struct mbuf *m, int srcrt) skip_ipsec: #endif - dst = (struct sockaddr_in6 *)&V_ip6_forward_rt.ro_dst; - if (!srcrt) { - /* ip6_forward_rt.ro_dst.sin6_addr is equal to ip6->ip6_dst */ - if (V_ip6_forward_rt.ro_rt == 0 || - (V_ip6_forward_rt.ro_rt->rt_flags & RTF_UP) == 0) { - if (V_ip6_forward_rt.ro_rt) { - RTFREE(V_ip6_forward_rt.ro_rt); - V_ip6_forward_rt.ro_rt = 0; - } - - /* this probably fails but give it a try again */ - rtalloc((struct route *)&V_ip6_forward_rt); - } - - if (V_ip6_forward_rt.ro_rt == 0) { - V_ip6stat.ip6s_noroute++; - in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_noroute); - if (mcopy) { - icmp6_error(mcopy, ICMP6_DST_UNREACH, - ICMP6_DST_UNREACH_NOROUTE, 0); - } - m_freem(m); - return; - } - } else if ((rt = V_ip6_forward_rt.ro_rt) == 0 || - !IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &dst->sin6_addr)) { - if (V_ip6_forward_rt.ro_rt) { - RTFREE(V_ip6_forward_rt.ro_rt); - V_ip6_forward_rt.ro_rt = 0; - } - bzero(dst, sizeof(*dst)); - dst->sin6_len = sizeof(struct sockaddr_in6); - dst->sin6_family = AF_INET6; - dst->sin6_addr = ip6->ip6_dst; - - rtalloc((struct route *)&V_ip6_forward_rt); - if (V_ip6_forward_rt.ro_rt == 0) { - V_ip6stat.ip6s_noroute++; - in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_noroute); - if (mcopy) { - icmp6_error(mcopy, ICMP6_DST_UNREACH, - ICMP6_DST_UNREACH_NOROUTE, 0); - } - m_freem(m); - return; + bzero(&rin6, sizeof(struct route_in6)); + dst = (struct sockaddr_in6 *)&rin6.ro_dst; + dst->sin6_len = sizeof(struct sockaddr_in6); + dst->sin6_family = AF_INET6; + dst->sin6_addr = ip6->ip6_dst; + + rin6.ro_rt = rtalloc1((struct sockaddr *)dst, 0, 0); + if (rin6.ro_rt != NULL) + RT_UNLOCK(rin6.ro_rt); + else { + V_ip6stat.ip6s_noroute++; + in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_noroute); + if (mcopy) { + icmp6_error(mcopy, ICMP6_DST_UNREACH, + ICMP6_DST_UNREACH_NOROUTE, 0); } + goto bad; } - rt = V_ip6_forward_rt.ro_rt; + rt = rin6.ro_rt; #ifdef IPSEC - skip_routing:; +skip_routing: #endif /* @@ -421,14 +387,12 @@ skip_ipsec: /* XXX: this should not happen */ V_ip6stat.ip6s_cantforward++; V_ip6stat.ip6s_badscope++; - m_freem(m); - return; + goto bad; } if (in6_setscope(&src_in6, m->m_pkthdr.rcvif, &inzone)) { V_ip6stat.ip6s_cantforward++; V_ip6stat.ip6s_badscope++; - m_freem(m); - return; + goto bad; } if (inzone != outzone #ifdef IPSEC @@ -452,8 +416,7 @@ skip_ipsec: if (mcopy) icmp6_error(mcopy, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_BEYONDSCOPE, 0); - m_freem(m); - return; + goto bad; } /* @@ -469,8 +432,7 @@ skip_ipsec: inzone != outzone) { V_ip6stat.ip6s_cantforward++; V_ip6stat.ip6s_badscope++; - m_freem(m); - return; + goto bad; } if (m->m_pkthdr.len > IN6_LINKMTU(rt->rt_ifp)) { @@ -510,8 +472,7 @@ skip_ipsec: #endif /* IPSEC */ icmp6_error(mcopy, ICMP6_PACKET_TOO_BIG, 0, mtu); } - m_freem(m); - return; + goto bad; } if (rt->rt_flags & RTF_GATEWAY) @@ -544,8 +505,7 @@ skip_ipsec: */ icmp6_error(mcopy, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADDR, 0); - m_freem(m); - return; + goto bad; } type = ND_REDIRECT; } @@ -624,12 +584,12 @@ pass: senderr: if (mcopy == NULL) - return; + goto out; switch (error) { case 0: if (type == ND_REDIRECT) { icmp6_redirect_output(mcopy, rt); - return; + goto out; } goto freecopy; @@ -651,9 +611,18 @@ senderr: break; } icmp6_error(mcopy, type, code, 0); - return; + goto out; freecopy: m_freem(mcopy); - return; + goto out; +bad: + m_freem(m); +out: + if (rt != NULL +#ifdef IPSEC + && !ipsecrt +#endif + ) + RTFREE(rt); } Modified: head/sys/netinet6/ip6_input.c ============================================================================== --- head/sys/netinet6/ip6_input.c Sun Feb 1 20:18:27 2009 (r187988) +++ head/sys/netinet6/ip6_input.c Sun Feb 1 21:11:08 2009 (r187989) @@ -143,8 +143,6 @@ extern int icmp6errppslim; extern int icmp6_nodeinfo; extern int udp6_sendspace; extern int udp6_recvspace; - -extern struct route_in6 ip6_forward_rt; #endif struct pfil_head inet6_pfil_hook; @@ -309,10 +307,12 @@ ip6_input(struct mbuf *m) int nxt, ours = 0; struct ifnet *deliverifp = NULL, *ifp = NULL; struct in6_addr odst; + struct route_in6 rin6; int srcrt = 0; struct llentry *lle = NULL; - struct sockaddr_in6 dst6; + struct sockaddr_in6 dst6, *dst; + bzero(&rin6, sizeof(struct route_in6)); #ifdef IPSEC /* * should the inner packet be considered authentic? @@ -565,29 +565,13 @@ passin: if (lle != NULL) LLE_RUNLOCK(lle); - if (V_ip6_forward_rt.ro_rt != NULL && - (V_ip6_forward_rt.ro_rt->rt_flags & RTF_UP) != 0 && - IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, - &((struct sockaddr_in6 *)(&V_ip6_forward_rt.ro_dst))->sin6_addr)) - V_ip6stat.ip6s_forward_cachehit++; - else { - struct sockaddr_in6 *dst6; - - if (V_ip6_forward_rt.ro_rt) { - /* route is down or destination is different */ - V_ip6stat.ip6s_forward_cachemiss++; - RTFREE(V_ip6_forward_rt.ro_rt); - V_ip6_forward_rt.ro_rt = 0; - } - - bzero(&V_ip6_forward_rt.ro_dst, sizeof(struct sockaddr_in6)); - dst6 = (struct sockaddr_in6 *)&V_ip6_forward_rt.ro_dst; - dst6->sin6_len = sizeof(struct sockaddr_in6); - dst6->sin6_family = AF_INET6; - dst6->sin6_addr = ip6->ip6_dst; - - rtalloc((struct route *)&V_ip6_forward_rt); - } + dst = &rin6.ro_dst; + dst->sin6_len = sizeof(struct sockaddr_in6); + dst->sin6_family = AF_INET6; + dst->sin6_addr = ip6->ip6_dst; + rin6.ro_rt = rtalloc1((struct sockaddr *)dst, 0, 0); + if (rin6.ro_rt) + RT_UNLOCK(rin6.ro_rt); #define rt6_key(r) ((struct sockaddr_in6 *)((r)->rt_nodes->rn_key)) @@ -611,14 +595,14 @@ passin: * while it would be less efficient. Or, should we rather install a * reject route for such a case? */ - if (V_ip6_forward_rt.ro_rt && - (V_ip6_forward_rt.ro_rt->rt_flags & + if (rin6.ro_rt && + (rin6.ro_rt->rt_flags & (RTF_HOST|RTF_GATEWAY)) == RTF_HOST && #ifdef RTF_WASCLONED - !(V_ip6_forward_rt.ro_rt->rt_flags & RTF_WASCLONED) && + !(rin6.ro_rt->rt_flags & RTF_WASCLONED) && #endif #ifdef RTF_CLONED - !(V_ip6_forward_rt.ro_rt->rt_flags & RTF_CLONED) && + !(rin6.ro_rt->rt_flags & RTF_CLONED) && #endif #if 0 /* @@ -627,11 +611,11 @@ passin: * already done through looking up the routing table. */ IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, - &rt6_key(V_ip6_forward_rt.ro_rt)->sin6_addr) + &rt6_key(rin6.ro_rt)->sin6_addr) #endif - V_ip6_forward_rt.ro_rt->rt_ifp->if_type == IFT_LOOP) { + rin6.ro_rt->rt_ifp->if_type == IFT_LOOP) { struct in6_ifaddr *ia6 = - (struct in6_ifaddr *)V_ip6_forward_rt.ro_rt->rt_ifa; + (struct in6_ifaddr *)rin6.ro_rt->rt_ifa; /* * record address information into m_tag. @@ -667,11 +651,11 @@ passin: * FAITH (Firewall Aided Internet Translator) */ if (V_ip6_keepfaith) { - if (V_ip6_forward_rt.ro_rt && V_ip6_forward_rt.ro_rt->rt_ifp - && V_ip6_forward_rt.ro_rt->rt_ifp->if_type == IFT_FAITH) { + if (rin6.ro_rt && rin6.ro_rt->rt_ifp && + rin6.ro_rt->rt_ifp->if_type == IFT_FAITH) { /* XXX do we need more sanity checks? */ ours = 1; - deliverifp = V_ip6_forward_rt.ro_rt->rt_ifp; /* faith */ + deliverifp = rin6.ro_rt->rt_ifp; /* faith */ goto hbhcheck; } } @@ -721,7 +705,7 @@ passin: #if 0 /*touches NULL pointer*/ in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard); #endif - return; /* m have already been freed */ + goto out; /* m have already been freed */ } /* adjust pointer */ @@ -744,7 +728,7 @@ passin: icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_HEADER, (caddr_t)&ip6->ip6_plen - (caddr_t)ip6); - return; + goto out; } #ifndef PULLDOWN_TEST /* ip6_hopopts_input() ensures that mbuf is contiguous */ @@ -754,7 +738,7 @@ passin: sizeof(struct ip6_hbh)); if (hbh == NULL) { V_ip6stat.ip6s_tooshort++; - return; + goto out; } #endif nxt = hbh->ip6h_nxt; @@ -816,16 +800,13 @@ passin: if (ip6_mrouter && ip6_mforward && ip6_mforward(ip6, m->m_pkthdr.rcvif, m)) { V_ip6stat.ip6s_cantforward++; - m_freem(m); - return; - } - if (!ours) { - m_freem(m); - return; + goto bad; } + if (!ours) + goto bad; } else if (!ours) { ip6_forward(m, srcrt); - return; + goto out; } ip6 = mtod(m, struct ip6_hdr *); @@ -880,9 +861,12 @@ passin: #endif /* IPSEC */ nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); } - return; - bad: + goto out; +bad: m_freem(m); +out: + if (rin6.ro_rt) + RTFREE(rin6.ro_rt); } /* Modified: head/sys/netinet6/ip6_var.h ============================================================================== --- head/sys/netinet6/ip6_var.h Sun Feb 1 20:18:27 2009 (r187988) +++ head/sys/netinet6/ip6_var.h Sun Feb 1 21:11:08 2009 (r187989) @@ -229,9 +229,6 @@ struct ip6stat { /* number of times that a deprecated address is chosen */ u_quad_t ip6s_sources_deprecated[16]; - u_quad_t ip6s_forward_cachehit; - u_quad_t ip6s_forward_cachemiss; - /* number of times that each rule of source selection is applied. */ u_quad_t ip6s_sources_rule[16]; }; Modified: head/sys/netinet6/vinet6.h ============================================================================== --- head/sys/netinet6/vinet6.h Sun Feb 1 20:18:27 2009 (r187988) +++ head/sys/netinet6/vinet6.h Sun Feb 1 21:11:08 2009 (r187989) @@ -54,7 +54,7 @@ struct vnet_inet6 { u_int _frag6_nfrags; struct ip6q _ip6q; - struct route_in6 _ip6_forward_rt; + struct route_in6 _ip6_forward_rt; /* XXX remove */ struct in6_addrpolicy _defaultaddrpolicy; TAILQ_HEAD(, addrsel_policyent) _addrsel_policytab; @@ -194,7 +194,6 @@ extern struct vnet_inet6 vnet_inet6_0; #define V_ip6_defhlim VNET_INET6(ip6_defhlim) #define V_ip6_defmcasthlim VNET_INET6(ip6_defmcasthlim) #define V_ip6_desync_factor VNET_INET6(ip6_desync_factor) -#define V_ip6_forward_rt VNET_INET6(ip6_forward_rt) #define V_ip6_forwarding VNET_INET6(ip6_forwarding) #define V_ip6_hdrnestlimit VNET_INET6(ip6_hdrnestlimit) #define V_ip6_keepfaith VNET_INET6(ip6_keepfaith) Modified: head/usr.bin/netstat/inet6.c ============================================================================== --- head/usr.bin/netstat/inet6.c Sun Feb 1 20:18:27 2009 (r187988) +++ head/usr.bin/netstat/inet6.c Sun Feb 1 21:11:08 2009 (r187989) @@ -512,8 +512,6 @@ ip6_stats(u_long off, const char *name, } } - p1a(ip6s_forward_cachehit, "\t%ju forward cache hit\n"); - p1a(ip6s_forward_cachemiss, "\t%ju forward cache miss\n"); printf("\tSource addresses selection rule applied:\n"); for (i = 0; i < 16; i++) { if (ip6stat.ip6s_sources_rule[i])