From owner-svn-src-all@FreeBSD.ORG  Tue Nov  6 00:49:52 2012
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id E45173E1;
 Tue,  6 Nov 2012 00:49:52 +0000 (UTC)
 (envelope-from melifaro@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 by mx1.freebsd.org (Postfix) with ESMTP id C85628FC0A;
 Tue,  6 Nov 2012 00:49:52 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
 by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id qA60nqxU033699;
 Tue, 6 Nov 2012 00:49:52 GMT (envelope-from melifaro@svn.freebsd.org)
Received: (from melifaro@localhost)
 by svn.freebsd.org (8.14.5/8.14.5/Submit) id qA60nqfv033694;
 Tue, 6 Nov 2012 00:49:52 GMT (envelope-from melifaro@svn.freebsd.org)
Message-Id: <201211060049.qA60nqfv033694@svn.freebsd.org>
From: "Alexander V. Chernikov" <melifaro@FreeBSD.org>
Date: Tue, 6 Nov 2012 00:49:52 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject: svn commit: r242640 - stable/9/sys/netinet
X-SVN-Group: stable-9
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Nov 2012 00:49:53 -0000

Author: melifaro
Date: Tue Nov  6 00:49:52 2012
New Revision: 242640
URL: http://svnweb.freebsd.org/changeset/base/242640

Log:
  MFC r241406.
  
  Do not check if found IPv4 rte is dynamic if net.inet.icmp.drop_redirect is
  enabled. This eliminates one mtx_lock() per each routing lookup thus improving
  performance in several cases (routing to directly connected interface or routing
  to default gateway).
  
  Icmp redirects should not be used to provide routing direction nowadays, even
  for end hosts. Routers should not use them too (and this is explicitly restricted
  in IPv6, see RFC 4861, clause 8.2).
  
  Current commit changes rnh_machaddr function to 'stock' rn_match (and back) for every
  AF_INET routing table in given VNET instance on drop_redirect sysctl change.
  
  This change is part of bigger patch eliminating rte locking.
  
  Sponsored by:	Yandex LLC

Modified:
  stable/9/sys/netinet/in_rmx.c
  stable/9/sys/netinet/in_var.h
  stable/9/sys/netinet/ip_icmp.c
  stable/9/sys/netinet/ip_var.h
Directory Properties:
  stable/9/sys/   (props changed)

Modified: stable/9/sys/netinet/in_rmx.c
==============================================================================
--- stable/9/sys/netinet/in_rmx.c	Tue Nov  6 00:41:59 2012	(r242639)
+++ stable/9/sys/netinet/in_rmx.c	Tue Nov  6 00:49:52 2012	(r242640)
@@ -58,6 +58,8 @@ __FBSDID("$FreeBSD$");
 
 #include <netinet/in.h>
 #include <netinet/in_var.h>
+#include <netinet/ip.h>
+#include <netinet/ip_icmp.h>
 #include <netinet/ip_var.h>
 
 extern int	in_inithead(void **head, int off);
@@ -340,6 +342,13 @@ in_rtqdrain(void)
 	VNET_LIST_RUNLOCK_NOSLEEP();
 }
 
+void
+in_setmatchfunc(struct radix_node_head *rnh, int val)
+{
+
+	rnh->rnh_matchaddr = (val != 0) ? rn_match : in_matroute;
+}
+
 static int _in_rt_was_here;
 /*
  * Initialize our routing tree.
@@ -365,7 +374,7 @@ in_inithead(void **head, int off)
 
 	rnh = *head;
 	rnh->rnh_addaddr = in_addroute;
-	rnh->rnh_matchaddr = in_matroute;
+	in_setmatchfunc(rnh, V_drop_redirect);
 	rnh->rnh_close = in_clsroute;
 	if (_in_rt_was_here == 0 ) {
 		callout_init(&V_rtq_timer, CALLOUT_MPSAFE);

Modified: stable/9/sys/netinet/in_var.h
==============================================================================
--- stable/9/sys/netinet/in_var.h	Tue Nov  6 00:41:59 2012	(r242639)
+++ stable/9/sys/netinet/in_var.h	Tue Nov  6 00:49:52 2012	(r242640)
@@ -422,6 +422,7 @@ inm_acquire_locked(struct in_multi *inm)
 struct	rtentry;
 struct	route;
 struct	ip_moptions;
+struct radix_node_head;
 
 int	imo_multi_filter(const struct ip_moptions *, const struct ifnet *,
 	    const struct sockaddr *, const struct sockaddr *);
@@ -460,6 +461,7 @@ void	 in_rtredirect(struct sockaddr *, s
 	    struct sockaddr *, int, struct sockaddr *, u_int);
 int	 in_rtrequest(int, struct sockaddr *,
 	    struct sockaddr *, struct sockaddr *, int, struct rtentry **, u_int);
+void	in_setmatchfunc(struct radix_node_head *, int);
 
 #if 0
 int	 in_rt_getifa(struct rt_addrinfo *, u_int fibnum);

Modified: stable/9/sys/netinet/ip_icmp.c
==============================================================================
--- stable/9/sys/netinet/ip_icmp.c	Tue Nov  6 00:41:59 2012	(r242639)
+++ stable/9/sys/netinet/ip_icmp.c	Tue Nov  6 00:49:52 2012	(r242640)
@@ -108,11 +108,7 @@ SYSCTL_VNET_UINT(_net_inet_icmp, OID_AUT
 	&VNET_NAME(icmpmaskfake), 0,
 	"Fake reply to ICMP Address Mask Request packets.");
 
-static VNET_DEFINE(int, drop_redirect) = 0;
-#define	V_drop_redirect			VNET(drop_redirect)
-SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, drop_redirect, CTLFLAG_RW,
-	&VNET_NAME(drop_redirect), 0,
-	"Ignore ICMP redirects");
+VNET_DEFINE(int, drop_redirect) = 0;
 
 static VNET_DEFINE(int, log_redirect) = 0;
 #define	V_log_redirect			VNET(log_redirect)
@@ -157,6 +153,39 @@ static void	icmp_send(struct mbuf *, str
 
 extern	struct protosw inetsw[];
 
+static int
+sysctl_net_icmp_drop_redir(SYSCTL_HANDLER_ARGS)
+{
+	int error, new;
+	int i;
+	struct radix_node_head *rnh;
+
+	new = V_drop_redirect;
+	error = sysctl_handle_int(oidp, &new, 0, req);
+	if (error == 0 && req->newptr) {
+		new = (new != 0) ? 1 : 0;
+
+		if (new == V_drop_redirect)
+			return (0);
+
+		for (i = 0; i < rt_numfibs; i++) {
+			if ((rnh = rt_tables_get_rnh(i, AF_INET)) == NULL)
+				continue;
+			RADIX_NODE_HEAD_LOCK(rnh);
+			in_setmatchfunc(rnh, new);
+			RADIX_NODE_HEAD_UNLOCK(rnh);
+		}
+		
+		V_drop_redirect = new;
+	}
+
+	return (error);
+}
+
+SYSCTL_VNET_PROC(_net_inet_icmp, OID_AUTO, drop_redirect,
+    CTLTYPE_INT|CTLFLAG_RW, 0, 0,
+    sysctl_net_icmp_drop_redir, "I", "Ignore ICMP redirects");
+
 /*
  * Kernel module interface for updating icmpstat.  The argument is an index
  * into icmpstat treated as an array of u_long.  While this encodes the

Modified: stable/9/sys/netinet/ip_var.h
==============================================================================
--- stable/9/sys/netinet/ip_var.h	Tue Nov  6 00:41:59 2012	(r242639)
+++ stable/9/sys/netinet/ip_var.h	Tue Nov  6 00:49:52 2012	(r242640)
@@ -187,6 +187,7 @@ VNET_DECLARE(struct socket *, ip_mrouter
 extern int	(*legal_vif_num)(int);
 extern u_long	(*ip_mcast_src)(int);
 VNET_DECLARE(int, rsvp_on);
+VNET_DECLARE(int, drop_redirect);
 extern struct	pr_usrreqs rip_usrreqs;
 
 #define	V_ipstat		VNET(ipstat)
@@ -199,6 +200,7 @@ extern struct	pr_usrreqs rip_usrreqs;
 #define	V_ip_rsvpd		VNET(ip_rsvpd)
 #define	V_ip_mrouter		VNET(ip_mrouter)
 #define	V_rsvp_on		VNET(rsvp_on)
+#define	V_drop_redirect		VNET(drop_redirect)
 
 void	inp_freemoptions(struct ip_moptions *);
 int	inp_getmoptions(struct inpcb *, struct sockopt *);