From owner-svn-src-all@freebsd.org Sun Dec 27 23:26:52 2015 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 03318A5288D; Sun, 27 Dec 2015 23:26:52 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.13]) by mx1.freebsd.org (Postfix) with ESMTP id ADC121BF7; Sun, 27 Dec 2015 23:26:51 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: from spqr.komquats.com ([96.50.22.10]) by shaw.ca with SMTP id DKi4awFJHkK49DKi5a8KbA; Sun, 27 Dec 2015 16:26:51 -0700 X-Authority-Analysis: v=2.1 cv=AMkI9oPf c=1 sm=1 tr=0 a=jvE2nwUzI0ECrNeyr98KWA==:117 a=jvE2nwUzI0ECrNeyr98KWA==:17 a=BWvPGDcYAAAA:8 a=VxmjJ2MpAAAA:8 a=kj9zAlcOel0A:10 a=wUQvQvOEmiQA:10 a=6I5d2MoRAAAA:8 a=YxBL1-UpAAAA:8 a=hBRiNyo2w7lXQ92ch0sA:9 a=Q-0BtGJeCf-BjTat:21 a=HlmSUPbtQm4zg2Cc:21 a=-x0AuQ5L8kJXOgZ1:21 a=CjuIK1q_8ugA:10 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTP id 1A2CB13752; Wed, 23 Dec 2015 16:28:14 -0800 (PST) Received: from slippy (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id tBRNQiQJ008124; Sun, 27 Dec 2015 15:26:44 -0800 (PST) (envelope-from Cy.Schubert@komquats.com) Message-Id: <201512272326.tBRNQiQJ008124@slippy.cwsent.com> X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.6 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.komquats.com/ To: "George Neville-Neil" cc: "Cy Schubert" , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r290383 - in head/sys: net netinet In-Reply-To: Message from "George Neville-Neil" of "Thu, 24 Dec 2015 16:18:52 -0500." <98F16C2B-3904-438D-912B-85C17ACFBDEA@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 27 Dec 2015 15:26:44 -0800 X-CMAE-Envelope: MS4wfMOUhXRNio73hSBoEAxh8H73GDgKkuQlSfWiv3oa+KL9mXRdOE3d5YBkeyRpMNyrlIutFvoiZPrYUzdirsWavZc38P8q8d5OfVZSg9zYqRiH+vwmmkK6 cRtI1orprSSwk66AdLVbMDF2EmpGq91oxjPfp4ocTNsNhWxiDPsHAwBWYW7an+xW0337IfPXoGf+yINy26tWb+04FtqpTRqi84mvsWD5cI8DYJz8izjeCL+p /EGrq4p0w0RF2BS4bvJo8wagkEb35IMANR7/ZmpX1KybbywT5KqpOuzaTF6vr6iU X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Dec 2015 23:26:52 -0000 In message <98F16C2B-3904-438D-912B-85C17ACFBDEA@freebsd.org>, "George Neville- Neil" writes: > > > > On 20 Dec 2015, at 13:02, Cy Schubert wrote: > > > Cy Schubert writes: > >> In message <201511050726.tA57QXlu074213@repo.freebsd.org>, "George V. > >> Neville-N > >> eil" writes: > >>> Author: gnn > >>> Date: Thu Nov 5 07:26:32 2015 > >>> New Revision: 290383 > >>> URL: https://svnweb.freebsd.org/changeset/base/290383 > >>> > >>> Log: > >>> Replace the fastforward path with tryforward which does not require > >>> a > >>> sysctl and will always be on. The former split between default and > >>> fast forwarding is removed by this commit while preserving the > >>> ability > >>> to use all network stack features. > >>> > >>> Differential Revision: https://reviews.freebsd.org/D4042 > >>> Reviewed by: ae, melifaro, olivier, rwatson > >>> MFC after: 1 month > >>> Sponsored by: Rubicon Communications (Netgate) > >>> > >>> Modified: > >>> head/sys/net/if_arcsubr.c > >>> head/sys/net/if_ethersubr.c > >>> head/sys/net/if_fddisubr.c > >>> head/sys/net/if_fwsubr.c > >>> head/sys/net/if_iso88025subr.c > >>> head/sys/netinet/in_var.h > >>> head/sys/netinet/ip_fastfwd.c > >>> head/sys/netinet/ip_input.c > >>> > >>> Modified: head/sys/net/if_arcsubr.c > >>> ========================================================================= > == > >> == > >>> = > >>> --- head/sys/net/if_arcsubr.c Thu Nov 5 04:16:03 2015 (r29038 > >> 2) > >>> +++ head/sys/net/if_arcsubr.c Thu Nov 5 07:26:32 2015 (r29038 > >> 3) > >>> @@ -550,15 +550,11 @@ arc_input(struct ifnet *ifp, struct mbuf > >>> #ifdef INET > >>> case ARCTYPE_IP: > >>> m_adj(m, ARC_HDRNEWLEN); > >>> - if ((m = ip_fastforward(m)) == NULL) > >>> - return; > >>> isr = NETISR_IP; > >>> break; > >>> > >>> case ARCTYPE_IP_OLD: > >>> m_adj(m, ARC_HDRLEN); > >>> - if ((m = ip_fastforward(m)) == NULL) > >>> - return; > >>> isr = NETISR_IP; > >>> break; > >>> > >>> > >>> Modified: head/sys/net/if_ethersubr.c > >>> ========================================================================= > == > >> == > >>> = > >>> --- head/sys/net/if_ethersubr.c Thu Nov 5 04:16:03 2015 (r29038 > >>> 2) > >>> +++ head/sys/net/if_ethersubr.c Thu Nov 5 07:26:32 2015 (r29038 > >>> 3) > >>> @@ -722,8 +722,6 @@ ether_demux(struct ifnet *ifp, struct mb > >>> switch (ether_type) { > >>> #ifdef INET > >>> case ETHERTYPE_IP: > >>> - if ((m = ip_fastforward(m)) == NULL) > >>> - return; > >>> isr = NETISR_IP; > >>> break; > >>> > >>> > >>> Modified: head/sys/net/if_fddisubr.c > >>> ========================================================================= > == > >> == > >>> = > >>> --- head/sys/net/if_fddisubr.c Thu Nov 5 04:16:03 2015 (r29038 > >>> 2) > >>> +++ head/sys/net/if_fddisubr.c Thu Nov 5 07:26:32 2015 (r29038 > >>> 3) > >>> @@ -429,8 +429,6 @@ fddi_input(ifp, m) > >>> switch (type) { > >>> #ifdef INET > >>> case ETHERTYPE_IP: > >>> - if ((m = ip_fastforward(m)) == NULL) > >>> - return; > >>> isr = NETISR_IP; > >>> break; > >>> > >>> > >>> Modified: head/sys/net/if_fwsubr.c > >>> ========================================================================= > == > >> == > >>> = > >>> --- head/sys/net/if_fwsubr.c Thu Nov 5 04:16:03 2015 (r29038 > >> 2) > >>> +++ head/sys/net/if_fwsubr.c Thu Nov 5 07:26:32 2015 (r29038 > >> 3) > >>> @@ -605,8 +605,6 @@ firewire_input(struct ifnet *ifp, struct > >>> switch (type) { > >>> #ifdef INET > >>> case ETHERTYPE_IP: > >>> - if ((m = ip_fastforward(m)) == NULL) > >>> - return; > >>> isr = NETISR_IP; > >>> break; > >>> > >>> > >>> Modified: head/sys/net/if_iso88025subr.c > >>> ========================================================================= > == > >> == > >>> = > >>> --- head/sys/net/if_iso88025subr.c Thu Nov 5 04:16:03 2015 > (r29038 > >>> 2) > >>> +++ head/sys/net/if_iso88025subr.c Thu Nov 5 07:26:32 2015 > (r29038 > >>> 3) > >>> @@ -519,8 +519,6 @@ iso88025_input(ifp, m) > >>> #ifdef INET > >>> case ETHERTYPE_IP: > >>> th->iso88025_shost[0] &= ~(TR_RII); > >>> - if ((m = ip_fastforward(m)) == NULL) > >>> - return; > >>> isr = NETISR_IP; > >>> break; > >>> > >>> > >>> Modified: head/sys/netinet/in_var.h > >>> ========================================================================= > == > >> == > >>> = > >>> --- head/sys/netinet/in_var.h Thu Nov 5 04:16:03 2015 (r29038 > >> 2) > >>> +++ head/sys/netinet/in_var.h Thu Nov 5 07:26:32 2015 (r29038 > >> 3) > >>> @@ -380,7 +380,7 @@ int in_scrubprefix(struct in_ifaddr *, u > >>> void ip_input(struct mbuf *); > >>> void ip_direct_input(struct mbuf *); > >>> void in_ifadown(struct ifaddr *ifa, int); > >>> -struct mbuf *ip_fastforward(struct mbuf *); > >>> +struct mbuf *ip_tryforward(struct mbuf *); > >>> void *in_domifattach(struct ifnet *); > >>> void in_domifdetach(struct ifnet *, void *); > >>> > >>> > >>> Modified: head/sys/netinet/ip_fastfwd.c > >>> ========================================================================= > == > >> == > >>> = > >>> --- head/sys/netinet/ip_fastfwd.c Thu Nov 5 04:16:03 2015 (r29038 > >>> 2) > >>> +++ head/sys/netinet/ip_fastfwd.c Thu Nov 5 07:26:32 2015 (r29038 > >>> 3) > >>> @@ -108,12 +108,6 @@ __FBSDID("$FreeBSD$"); > >>> > >>> #include > >>> > >>> -static VNET_DEFINE(int, ipfastforward_active); > >>> -#define V_ipfastforward_active VNET(ipfastforward_active) > >>> - > >>> -SYSCTL_INT(_net_inet_ip, OID_AUTO, fastforwarding, CTLFLAG_VNET | > >>> CTLFLAG_ > >> RW > >>> , > >>> - &VNET_NAME(ipfastforward_active), 0, "Enable fast IP > >>> forwarding"); > >>> - > >>> static struct sockaddr_in * > >>> ip_findroute(struct route *ro, struct in_addr dest, struct mbuf *m) > >>> { > >>> @@ -158,7 +152,7 @@ ip_findroute(struct route *ro, struct in > >>> * to ip_input for full processing. > >>> */ > >>> struct mbuf * > >>> -ip_fastforward(struct mbuf *m) > >>> +ip_tryforward(struct mbuf *m) > >>> { > >>> struct ip *ip; > >>> struct mbuf *m0 = NULL; > >>> @@ -166,119 +160,20 @@ ip_fastforward(struct mbuf *m) > >>> struct sockaddr_in *dst = NULL; > >>> struct ifnet *ifp; > >>> struct in_addr odest, dest; > >>> - uint16_t sum, ip_len, ip_off; > >>> + uint16_t ip_len, ip_off; > >>> int error = 0; > >>> - int hlen, mtu; > >>> + int mtu; > >>> struct m_tag *fwd_tag = NULL; > >>> > >>> /* > >>> * Are we active and forwarding packets? > >>> */ > >>> - if (!V_ipfastforward_active || !V_ipforwarding) > >>> - return m; > >>> > >>> M_ASSERTVALID(m); > >>> M_ASSERTPKTHDR(m); > >>> > >>> bzero(&ro, sizeof(ro)); > >>> > >>> - /* > >>> - * Step 1: check for packet drop conditions (and sanity checks) > >>> - */ > >>> - > >>> - /* > >>> - * Is entire packet big enough? > >>> - */ > >>> - if (m->m_pkthdr.len < sizeof(struct ip)) { > >>> - IPSTAT_INC(ips_tooshort); > >>> - goto drop; > >>> - } > >>> - > >>> - /* > >>> - * Is first mbuf large enough for ip header and is header present? > >>> - */ > >>> - if (m->m_len < sizeof (struct ip) && > >>> - (m = m_pullup(m, sizeof (struct ip))) == NULL) { > >>> - IPSTAT_INC(ips_toosmall); > >>> - return NULL; /* mbuf already free'd */ > >>> - } > >>> - > >>> - ip = mtod(m, struct ip *); > >>> - > >>> - /* > >>> - * Is it IPv4? > >>> - */ > >>> - if (ip->ip_v != IPVERSION) { > >>> - IPSTAT_INC(ips_badvers); > >>> - goto drop; > >>> - } > >>> - > >>> - /* > >>> - * Is IP header length correct and is it in first mbuf? > >>> - */ > >>> - hlen = ip->ip_hl << 2; > >>> - if (hlen < sizeof(struct ip)) { /* minimum header length */ > >>> - IPSTAT_INC(ips_badhlen); > >>> - goto drop; > >>> - } > >>> - if (hlen > m->m_len) { > >>> - if ((m = m_pullup(m, hlen)) == NULL) { > >>> - IPSTAT_INC(ips_badhlen); > >>> - return NULL; /* mbuf already free'd */ > >>> - } > >>> - ip = mtod(m, struct ip *); > >>> - } > >>> - > >>> - /* > >>> - * Checksum correct? > >>> - */ > >>> - if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) > >>> - sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); > >>> - else { > >>> - if (hlen == sizeof(struct ip)) > >>> - sum = in_cksum_hdr(ip); > >>> - else > >>> - sum = in_cksum(m, hlen); > >>> - } > >>> - if (sum) { > >>> - IPSTAT_INC(ips_badsum); > >>> - goto drop; > >>> - } > >>> - > >>> - /* > >>> - * Remember that we have checked the IP header and found it valid. > >>> - */ > >>> - m->m_pkthdr.csum_flags |= (CSUM_IP_CHECKED | CSUM_IP_VALID); > >>> - > >>> - ip_len = ntohs(ip->ip_len); > >>> - > >>> - /* > >>> - * Is IP length longer than packet we have got? > >>> - */ > >>> - if (m->m_pkthdr.len < ip_len) { > >>> - IPSTAT_INC(ips_tooshort); > >>> - goto drop; > >>> - } > >>> - > >>> - /* > >>> - * Is packet longer than IP header tells us? If yes, truncate > >>> packet. > >>> - */ > >>> - if (m->m_pkthdr.len > ip_len) { > >>> - if (m->m_len == m->m_pkthdr.len) { > >>> - m->m_len = ip_len; > >>> - m->m_pkthdr.len = ip_len; > >>> - } else > >>> - m_adj(m, ip_len - m->m_pkthdr.len); > >>> - } > >>> - > >>> - /* > >>> - * Is packet from or to 127/8? > >>> - */ > >>> - if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == > >>> IN_LOOPBACKNET || > >>> - (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == > >>> IN_LOOPBACKNET) { > >>> - IPSTAT_INC(ips_badaddr); > >>> - goto drop; > >>> - } > >>> > >>> #ifdef ALTQ > >>> /* > >>> @@ -289,12 +184,10 @@ ip_fastforward(struct mbuf *m) > >>> #endif > >>> > >>> /* > >>> - * Step 2: fallback conditions to normal ip_input path processing > >>> - */ > >>> - > >>> - /* > >>> * Only IP packets without options > >>> */ > >>> + ip = mtod(m, struct ip *); > >>> + > >>> if (ip->ip_hl != (sizeof(struct ip) >> 2)) { > >>> if (V_ip_doopts == 1) > >>> return m; > >>> > >>> Modified: head/sys/netinet/ip_input.c > >>> ========================================================================= > == > >> == > >>> = > >>> --- head/sys/netinet/ip_input.c Thu Nov 5 04:16:03 2015 (r29038 > >>> 2) > >>> +++ head/sys/netinet/ip_input.c Thu Nov 5 07:26:32 2015 (r29038 > >>> 3) > >>> @@ -79,6 +79,8 @@ __FBSDID("$FreeBSD$"); > >>> #include > >>> #ifdef IPSEC > >>> #include > >>> +#include > >>> +#include > >>> #endif /* IPSEC */ > >>> #include > >>> > >>> @@ -500,12 +502,22 @@ tooshort: > >>> m_adj(m, ip_len - m->m_pkthdr.len); > >>> } > >>> > >>> + /* Try to forward the packet, but if we fail continue */ > >>> #ifdef IPSEC > >>> + /* For now we do not handle IPSEC in tryforward. */ > >>> + if (!key_havesp(IPSEC_DIR_INBOUND) && > >>> !key_havesp(IPSEC_DIR_OUTBOUND) & > >>> & > >>> + (V_ipforwarding == 1)) > >>> + if (ip_tryforward(m) == NULL) > >>> + return; > >>> /* > >>> * Bypass packet filtering for packets previously handled by IPsec. > >>> */ > >>> if (ip_ipsec_filtertunnel(m)) > >>> goto passin; > >>> +#else > >>> + if (V_ipforwarding == 1) > >>> + if (ip_tryforward(m) == NULL) > >>> + return; > >>> #endif /* IPSEC */ > >>> > >>> /* > >>> > >>> > >> > >> Hi George, > >> > >> Sorry for the lateness of this reply, I finally got some time off for > >> Christmas and have time to myself to boot. > >> > >> This breaks ipfilter's ipnat. I want to let you know before anyone > >> MFCs > >> this. > > > > A fix to ipfilter has been committed to head and will be MFCed in a > > week. > > > > Let me know when that's done. It's been MFCd. Thanks for waiting. -- Cheers, Cy Schubert or FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.