Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 12 Apr 2012 21:56:30 +0200
From:      =?ISO-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org>
To:        Gleb Smirnoff <glebius@freebsd.org>
Cc:        svn-src-projects@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r234187 - projects/pf/head/sys/contrib/pf/net
Message-ID:  <CAPBZQG3ntZC2SuPPZBG%2BLpvixFv=rumAk0J9bSxS36YucmP4ng@mail.gmail.com>
In-Reply-To: <201204121556.q3CFu4nH035176@svn.freebsd.org>
References:  <201204121556.q3CFu4nH035176@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
You do understand that some of these function are part of core
functionality of pf(4) as synproxy etc?!

On Thu, Apr 12, 2012 at 5:56 PM, Gleb Smirnoff <glebius@freebsd.org> wrote:
> Author: glebius
> Date: Thu Apr 12 15:56:04 2012
> New Revision: 234187
> URL: http://svn.freebsd.org/changeset/base/234187
>
> Log:
> =A0To avoid unsafe lock dropping and decouple stack in pf_send_tcp()
> =A0and pf_send_icmp() create a queue for pf-generated packets and
> =A0an swi, that would service them.
>
> Modified:
> =A0projects/pf/head/sys/contrib/pf/net/pf.c
> =A0projects/pf/head/sys/contrib/pf/net/pf_ioctl.c
> =A0projects/pf/head/sys/contrib/pf/net/pfvar.h
>
> Modified: projects/pf/head/sys/contrib/pf/net/pf.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> --- projects/pf/head/sys/contrib/pf/net/pf.c =A0 =A0Thu Apr 12 14:49:25 2=
012 =A0 =A0 =A0 =A0(r234186)
> +++ projects/pf/head/sys/contrib/pf/net/pf.c =A0 =A0Thu Apr 12 15:56:04 2=
012 =A0 =A0 =A0 =A0(r234187)
> @@ -53,7 +53,9 @@ __FBSDID("$FreeBSD$");
>
> =A0#include <sys/param.h>
> =A0#include <sys/systm.h>
> +#include <sys/bus.h>
> =A0#include <sys/mbuf.h>
> +#include <sys/interrupt.h>
> =A0#include <sys/filio.h>
> =A0#include <sys/socket.h>
> =A0#include <sys/socketvar.h>
> @@ -114,8 +116,6 @@ __FBSDID("$FreeBSD$");
> =A0#include <sys/ucred.h>
> =A0#include <security/mac/mac_framework.h>
>
> -extern int ip_optcopy(struct ip *, struct ip *);
> -
> =A0#define =A0 =A0 =A0 =A0DPFPRINTF(n, x) if (V_pf_status.debug >=3D (n))=
 printf x
>
> =A0/*
> @@ -152,6 +152,41 @@ struct pf_anchor_stackframe {
> =A0VNET_DEFINE(struct pf_anchor_stackframe, pf_anchor_stack[64]);
> =A0#define =A0 =A0 =A0 =A0V_pf_anchor_stack =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0VNET(pf_anchor_stack)
>
> +/*
> + * Queue for pf_intr() sends.
> + */
> +MALLOC_DEFINE(M_PFTEMP, "pf temp", "pf(4) temporary allocations");
> +struct pf_send_entry {
> + =A0 =A0 =A0 STAILQ_ENTRY(pf_send_entry) =A0 =A0 pfse_next;
> + =A0 =A0 =A0 struct mbuf =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 *pfse_m=
;
> + =A0 =A0 =A0 enum {
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 PFSE_IP,
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 PFSE_IP6,
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 PFSE_ICMP,
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 PFSE_ICMP6,
> + =A0 =A0 =A0 } =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 pfse_type;
> + =A0 =A0 =A0 union {
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 struct route =A0 =A0 =A0 =A0 =A0 =A0ro;
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 struct {
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 int =A0 =A0 =A0 =A0 =A0 =A0=
 type;
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 int =A0 =A0 =A0 =A0 =A0 =A0=
 code;
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 int =A0 =A0 =A0 =A0 =A0 =A0=
 mtu;
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 } icmpopts;
> + =A0 =A0 =A0 } u;
> +#define =A0 =A0 =A0 =A0pfse_ro =A0 =A0 =A0 =A0 u.ro
> +#define =A0 =A0 =A0 =A0pfse_icmp_type =A0u.icmpopts.type
> +#define =A0 =A0 =A0 =A0pfse_icmp_code =A0u.icmpopts.code
> +#define =A0 =A0 =A0 =A0pfse_icmp_mtu =A0 u.icmpopts.mtu
> +};
> +
> +STAILQ_HEAD(pf_send_head, pf_send_entry);
> +static VNET_DEFINE(struct pf_send_head, pf_sendqueue);
> +#define =A0 =A0 =A0 =A0V_pf_sendqueue =A0VNET(pf_sendqueue)
> +
> +static struct mtx pf_sendqueue_mtx;
> +#define =A0 =A0 =A0 =A0PF_QUEUE_LOCK() =A0 =A0 =A0 =A0 mtx_lock(&pf_send=
queue_mtx);
> +#define =A0 =A0 =A0 =A0PF_QUEUE_UNLOCK() =A0 =A0 =A0 mtx_unlock(&pf_send=
queue_mtx);
> +
> =A0VNET_DEFINE(uma_zone_t, =A0 =A0 =A0 =A0 pf_src_tree_z);
> =A0VNET_DEFINE(uma_zone_t, =A0 =A0 =A0 =A0 pf_rule_z);
> =A0VNET_DEFINE(uma_zone_t, =A0 =A0 =A0 =A0 pf_pooladdr_z);
> @@ -321,6 +356,8 @@ VNET_DEFINE(struct pf_keyhash *, pf_keyh
> =A0VNET_DEFINE(struct pf_idhash *, pf_idhash);
> =A0VNET_DEFINE(u_long, pf_hashmask);
>
> +VNET_DEFINE(void *, pf_swi_cookie);
> +
> =A0RB_GENERATE(pf_src_tree, pf_src_node, entry, pf_src_compare);
>
> =A0static __inline int
> @@ -684,6 +721,10 @@ pf_initialize()
> =A0 =A0 =A0 =A0V_pf_altqs_active =3D &V_pf_altqs[0];
> =A0 =A0 =A0 =A0V_pf_altqs_inactive =3D &V_pf_altqs[1];
>
> + =A0 =A0 =A0 /* Send queue. */
> + =A0 =A0 =A0 STAILQ_INIT(&V_pf_sendqueue);
> + =A0 =A0 =A0 mtx_init(&pf_sendqueue_mtx, "pf send queue", NULL, MTX_DEF)=
;
> +
> =A0 =A0 =A0 =A0/* XXXGL: sort this out */
> =A0 =A0 =A0 =A0V_pf_rule_z =3D uma_zcreate("pf rules", sizeof(struct pf_r=
ule),
> =A0 =A0 =A0 =A0 =A0 =A0NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
> @@ -707,6 +748,7 @@ pf_cleanup()
> =A0{
> =A0 =A0 =A0 =A0struct pf_keyhash =A0 =A0 =A0 *kh;
> =A0 =A0 =A0 =A0struct pf_idhash =A0 =A0 =A0 =A0*ih;
> + =A0 =A0 =A0 struct pf_send_entry =A0 =A0*pfse, *next;
> =A0 =A0 =A0 =A0u_int i;
>
> =A0 =A0 =A0 =A0for (i =3D 0, kh =3D V_pf_keyhash, ih =3D V_pf_idhash; i <=
=3D V_pf_hashmask;
> @@ -721,6 +763,12 @@ pf_cleanup()
> =A0 =A0 =A0 =A0free(V_pf_keyhash, M_PFHASH);
> =A0 =A0 =A0 =A0free(V_pf_idhash, M_PFHASH);
>
> + =A0 =A0 =A0 STAILQ_FOREACH_SAFE(pfse, &V_pf_sendqueue, pfse_next, next)=
 {
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 m_freem(pfse->pfse_m);
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 free(pfse, M_PFTEMP);
> + =A0 =A0 =A0 }
> + =A0 =A0 =A0 mtx_destroy(&pf_sendqueue_mtx);
> +
> =A0 =A0 =A0 =A0uma_zdestroy(V_pf_src_tree_z);
> =A0 =A0 =A0 =A0uma_zdestroy(V_pf_rule_z);
> =A0 =A0 =A0 =A0uma_zdestroy(V_pf_state_z);
> @@ -1185,6 +1233,55 @@ second_run:
>
> =A0/* END state table stuff */
>
> +static void
> +pf_send(struct pf_send_entry *pfse)
> +{
> +
> + =A0 =A0 =A0 PF_QUEUE_LOCK();
> + =A0 =A0 =A0 STAILQ_INSERT_TAIL(&V_pf_sendqueue, pfse, pfse_next);
> + =A0 =A0 =A0 PF_QUEUE_UNLOCK();
> + =A0 =A0 =A0 swi_sched(V_pf_swi_cookie, 0);
> +}
> +
> +void
> +pf_intr(void *v)
> +{
> + =A0 =A0 =A0 struct pf_send_head queue;
> + =A0 =A0 =A0 struct pf_send_entry *pfse, *next;
> + =A0 =A0 =A0 struct pf_sen
> +
> + =A0 =A0 =A0 CURVNET_SET((struct vnet *)v);
> +
> + =A0 =A0 =A0 PF_QUEUE_LOCK();
> + =A0 =A0 =A0 queue =3D V_pf_sendqueue;
> + =A0 =A0 =A0 STAILQ_INIT(&V_pf_sendqueue);
> + =A0 =A0 =A0 PF_QUEUE_UNLOCK();
> +
> + =A0 =A0 =A0 STAILQ_FOREACH_SAFE(pfse, &queue, pfse_next, next) {
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 switch (pfse->pfse_type) {
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 case PFSE_IP:
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 ip_output(pfse->pfse_m, NUL=
L, NULL, 0, NULL, NULL);
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 break;
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 case PFSE_IP6:
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 ip6_output(pfse->pfse_m, NU=
LL, NULL, 0, NULL, NULL,
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 NULL);
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 break;
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 case PFSE_ICMP:
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 icmp_error(pfse->pfse_m, pf=
se->pfse_icmp_type,
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 pfse->pfse_icmp_cod=
e, 0, pfse->pfse_icmp_mtu);
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 break;
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 case PFSE_ICMP6:
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 icmp6_error(pfse->pfse_m, p=
fse->pfse_icmp_type,
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 pfse->pfse_icmp_cod=
e, pfse->pfse_icmp_mtu);
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 break;
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 default:
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 panic("%s: unknown type", _=
_func__);
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 }
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 free(pfse, M_PFTEMP);
> + =A0 =A0 =A0 }
> +
> + =A0 =A0 =A0 CURVNET_RESTORE();
> +}
>
> =A0void
> =A0pf_purge_thread(void *v)
> @@ -1951,6 +2048,7 @@ pf_send_tcp(struct mbuf *replyto, const
> =A0 =A0 u_int8_t flags, u_int16_t win, u_int16_t mss, u_int8_t ttl, int t=
ag,
> =A0 =A0 u_int16_t rtag, struct ifnet *ifp)
> =A0{
> + =A0 =A0 =A0 struct pf_send_entry *pfse;
> =A0 =A0 =A0 =A0struct mbuf =A0 =A0 *m;
> =A0 =A0 =A0 =A0int =A0 =A0 =A0 =A0 =A0 =A0 =A0len, tlen;
> =A0#ifdef INET
> @@ -1963,27 +2061,8 @@ pf_send_tcp(struct mbuf *replyto, const
> =A0 =A0 =A0 =A0char =A0 =A0 =A0 =A0 =A0 =A0*opt;
> =A0 =A0 =A0 =A0struct pf_mtag =A0*pf_mtag;
>
> - =A0 =A0 =A0 KASSERT(
> -#ifdef INET
> - =A0 =A0 =A0 =A0 =A0 af =3D=3D AF_INET
> -#else
> - =A0 =A0 =A0 =A0 =A0 0
> -#endif
> - =A0 =A0 =A0 =A0 =A0 ||
> -#ifdef INET6
> - =A0 =A0 =A0 =A0 =A0 af =3D=3D AF_INET6
> -#else
> - =A0 =A0 =A0 =A0 =A0 0
> -#endif
> - =A0 =A0 =A0 =A0 =A0 , ("Unsupported AF %d", af));
> =A0 =A0 =A0 =A0len =3D 0;
> =A0 =A0 =A0 =A0th =3D NULL;
> -#ifdef INET
> - =A0 =A0 =A0 h =3D NULL;
> -#endif
> -#ifdef INET6
> - =A0 =A0 =A0 h6 =3D NULL;
> -#endif
>
> =A0 =A0 =A0 =A0/* maximum segment size tcp option */
> =A0 =A0 =A0 =A0tlen =3D sizeof(struct tcphdr);
> @@ -2001,16 +2080,24 @@ pf_send_tcp(struct mbuf *replyto, const
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0len =3D sizeof(struct ip6_hdr) + tlen;
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0break;
> =A0#endif /* INET6 */
> + =A0 =A0 =A0 default:
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 panic("%s: unsupported af %d", __func__, af=
);
> =A0 =A0 =A0 =A0}
>
> - =A0 =A0 =A0 /* create outgoing mbuf */
> + =A0 =A0 =A0 /* Allocate outgoing queue entry, mbuf and mbuf tag. */
> + =A0 =A0 =A0 pfse =3D malloc(sizeof(*pfse), M_PFTEMP, M_NOWAIT);
> + =A0 =A0 =A0 if (pfse =3D=3D NULL)
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 return;
> =A0 =A0 =A0 =A0m =3D m_gethdr(M_NOWAIT, MT_HEADER);
> - =A0 =A0 =A0 if (m =3D=3D NULL)
> + =A0 =A0 =A0 if (m =3D=3D NULL) {
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 free(pfse, M_PFTEMP);
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0return;
> + =A0 =A0 =A0 }
> =A0#ifdef MAC
> =A0 =A0 =A0 =A0mac_netinet_firewall_send(m);
> =A0#endif
> =A0 =A0 =A0 =A0if ((pf_mtag =3D pf_get_mtag(m)) =3D=3D NULL) {
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 free(pfse, M_PFTEMP);
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0m_freem(m);
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0return;
> =A0 =A0 =A0 =A0}
> @@ -2096,9 +2183,8 @@ pf_send_tcp(struct mbuf *replyto, const
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0h->ip_len =3D len;
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0h->ip_ttl =3D ttl ? ttl : V_ip_defttl;
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0h->ip_sum =3D 0;
> - =A0 =A0 =A0 =A0 =A0 =A0 =A0 PF_UNLOCK();
> - =A0 =A0 =A0 =A0 =A0 =A0 =A0 ip_output(m, NULL, NULL, 0, NULL, NULL);
> - =A0 =A0 =A0 =A0 =A0 =A0 =A0 PF_LOCK();
> +
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 pfse->pfse_type =3D PFSE_IP;
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0break;
> =A0#endif /* INET */
> =A0#ifdef INET6
> @@ -2110,29 +2196,36 @@ pf_send_tcp(struct mbuf *replyto, const
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0h6->ip6_vfc |=3D IPV6_VERSION;
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0h6->ip6_hlim =3D IPV6_DEFHLIM;
>
> - =A0 =A0 =A0 =A0 =A0 =A0 =A0 PF_UNLOCK();
> - =A0 =A0 =A0 =A0 =A0 =A0 =A0 ip6_output(m, NULL, NULL, 0, NULL, NULL, NU=
LL);
> - =A0 =A0 =A0 =A0 =A0 =A0 =A0 PF_LOCK();
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 pfse->pfse_type =3D PFSE_IP6;
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0break;
> =A0#endif /* INET6 */
> =A0 =A0 =A0 =A0}
> + =A0 =A0 =A0 pfse->pfse_m =3D m;
> + =A0 =A0 =A0 pf_send(pfse);
> =A0}
>
> =A0static void
> =A0pf_send_icmp(struct mbuf *m, u_int8_t type, u_int8_t code, sa_family_t=
 af,
> =A0 =A0 struct pf_rule *r)
> =A0{
> - =A0 =A0 =A0 struct mbuf =A0 =A0 *m0;
> -#ifdef INET
> - =A0 =A0 =A0 struct ip *ip;
> -#endif
> + =A0 =A0 =A0 struct pf_send_entry *pfse;
> + =A0 =A0 =A0 struct mbuf *m0;
> =A0 =A0 =A0 =A0struct pf_mtag *pf_mtag;
>
> - =A0 =A0 =A0 if ((m0 =3D m_copypacket(m, M_NOWAIT)) =3D=3D NULL)
> + =A0 =A0 =A0 /* Allocate outgoing queue entry, mbuf and mbuf tag. */
> + =A0 =A0 =A0 pfse =3D malloc(sizeof(*pfse), M_PFTEMP, M_NOWAIT);
> + =A0 =A0 =A0 if (pfse =3D=3D NULL)
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 return;
> +
> + =A0 =A0 =A0 if ((m0 =3D m_copypacket(m, M_NOWAIT)) =3D=3D NULL) {
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 free(pfse, M_PFTEMP);
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0return;
> + =A0 =A0 =A0 }
>
> - =A0 =A0 =A0 if ((pf_mtag =3D pf_get_mtag(m0)) =3D=3D NULL)
> + =A0 =A0 =A0 if ((pf_mtag =3D pf_get_mtag(m0)) =3D=3D NULL) {
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 free(pfse, M_PFTEMP);
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0return;
> + =A0 =A0 =A0 }
> =A0 =A0 =A0 =A0/* XXX: revisit */
> =A0 =A0 =A0 =A0m0->m_flags |=3D M_SKIP_FIREWALL;
>
> @@ -2153,23 +2246,28 @@ pf_send_icmp(struct mbuf *m, u_int8_t ty
> =A0 =A0 =A0 =A0switch (af) {
> =A0#ifdef INET
> =A0 =A0 =A0 =A0case AF_INET:
> + =A0 =A0 =A0 =A0 =A0 {
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 struct ip *ip;
> +
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0/* icmp_error() expects host byte ordering=
 */
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0ip =3D mtod(m0, struct ip *);
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0NTOHS(ip->ip_len);
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0NTOHS(ip->ip_off);
> - =A0 =A0 =A0 =A0 =A0 =A0 =A0 PF_UNLOCK();
> - =A0 =A0 =A0 =A0 =A0 =A0 =A0 icmp_error(m0, type, code, 0, 0);
> - =A0 =A0 =A0 =A0 =A0 =A0 =A0 PF_LOCK();
> +
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 pfse->pfse_type =3D PFSE_ICMP;
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0break;
> + =A0 =A0 =A0 =A0 =A0 }
> =A0#endif /* INET */
> =A0#ifdef INET6
> =A0 =A0 =A0 =A0case AF_INET6:
> - =A0 =A0 =A0 =A0 =A0 =A0 =A0 PF_UNLOCK();
> - =A0 =A0 =A0 =A0 =A0 =A0 =A0 icmp6_error(m0, type, code, 0);
> - =A0 =A0 =A0 =A0 =A0 =A0 =A0 PF_LOCK();
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 pfse->pfse_type =3D PFSE_ICMP6;
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0break;
> =A0#endif /* INET6 */
> =A0 =A0 =A0 =A0}
> + =A0 =A0 =A0 pfse->pfse_m =3D m0;
> + =A0 =A0 =A0 pfse->pfse_icmp_type =3D type;
> + =A0 =A0 =A0 pfse->pfse_icmp_code =3D code;
> + =A0 =A0 =A0 pf_send(pfse);
> =A0}
>
> =A0/*
>
> Modified: projects/pf/head/sys/contrib/pf/net/pf_ioctl.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> --- projects/pf/head/sys/contrib/pf/net/pf_ioctl.c =A0 =A0 =A0Thu Apr 12 =
14:49:25 2012 =A0 =A0 =A0 =A0(r234186)
> +++ projects/pf/head/sys/contrib/pf/net/pf_ioctl.c =A0 =A0 =A0Thu Apr 12 =
15:56:04 2012 =A0 =A0 =A0 =A0(r234187)
> @@ -52,10 +52,12 @@ __FBSDID("$FreeBSD$");
>
> =A0#include <sys/param.h>
> =A0#include <sys/systm.h>
> +#include <sys/bus.h>
> =A0#include <sys/mbuf.h>
> =A0#include <sys/endian.h>
> =A0#include <sys/filio.h>
> =A0#include <sys/fcntl.h>
> +#include <sys/interrupt.h>
> =A0#include <sys/socket.h>
> =A0#include <sys/socketvar.h>
> =A0#include <sys/kernel.h>
> @@ -248,6 +250,7 @@ static int
> =A0pfattach(void)
> =A0{
> =A0 =A0 =A0 =A0u_int32_t *my_timeout =3D V_pf_default_rule.timeout;
> + =A0 =A0 =A0 int error;
>
> =A0 =A0 =A0 =A0pf_initialize();
> =A0 =A0 =A0 =A0pfr_initialize();
> @@ -300,9 +303,14 @@ pfattach(void)
> =A0 =A0 =A0 =A0/* XXX do our best to avoid a conflict */
> =A0 =A0 =A0 =A0V_pf_status.hostid =3D arc4random();
>
> - =A0 =A0 =A0 if (kproc_create(pf_purge_thread, curvnet, NULL, 0, 0, "pfp=
urge"))
> + =A0 =A0 =A0 if ((error =3D kproc_create(pf_purge_thread, curvnet, NULL,=
 0, 0,
> + =A0 =A0 =A0 =A0 =A0 "pf purge")) !=3D 0)
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 /* XXXGL: leaked all above. */
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 return (error);
> + =A0 =A0 =A0 if ((error =3D swi_add(NULL, "pf send", pf_intr, curvnet, S=
WI_NET,
> + =A0 =A0 =A0 =A0 =A0 INTR_MPSAFE, &V_pf_swi_cookie)) !=3D 0)
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0/* XXXGL: leaked all above. */
> - =A0 =A0 =A0 =A0 =A0 =A0 =A0 return (ENXIO);
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 return (error);
>
> =A0 =A0 =A0 =A0m_addr_chg_pf_p =3D pf_pkt_addr_changed;
>
> @@ -3779,6 +3787,7 @@ pf_unload(void)
> =A0 =A0 =A0 =A0V_pf_status.running =3D 0;
> =A0 =A0 =A0 =A0PF_UNLOCK();
> =A0 =A0 =A0 =A0m_addr_chg_pf_p =3D NULL;
> + =A0 =A0 =A0 swi_remove(V_pf_swi_cookie);
> =A0 =A0 =A0 =A0error =3D dehook_pf();
> =A0 =A0 =A0 =A0if (error) {
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0/*
>
> Modified: projects/pf/head/sys/contrib/pf/net/pfvar.h
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> --- projects/pf/head/sys/contrib/pf/net/pfvar.h Thu Apr 12 14:49:25 2012 =
=A0 =A0 =A0 =A0(r234186)
> +++ projects/pf/head/sys/contrib/pf/net/pfvar.h Thu Apr 12 15:56:04 2012 =
=A0 =A0 =A0 =A0(r234187)
> @@ -1715,6 +1715,9 @@ VNET_DECLARE(u_long, pf_hashmask);
>
> =A0#define PF_IDHASH(s) =A0 (be64toh((s)->id) % (V_pf_hashmask + 1))
>
> +VNET_DECLARE(void *, pf_swi_cookie);
> +#define V_pf_swi_cookie =A0 =A0 =A0 =A0VNET(pf_swi_cookie)
> +
> =A0TAILQ_HEAD(pf_poolqueue, pf_pool);
> =A0VNET_DECLARE(struct pf_poolqueue, =A0 =A0 =A0 pf_pools[2]);
> =A0#define =A0 =A0 =A0 =A0V_pf_pools =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 VNET(pf_pools)
> @@ -1774,6 +1777,7 @@ VNET_DECLARE(uma_zone_t, =A0 pfi_addr_z);
> =A0#define =A0 =A0 =A0 =A0V_pfi_addr_z =A0 =A0 =A0 =A0 =A0 =A0 VNET(pfi_a=
ddr_z)
>
> =A0extern void =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 pf_purge_thread(vo=
id *);
> +extern void =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 pf_intr(void *);
> =A0extern void =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 pf_purge_expired_s=
rc_nodes(void);
>
> =A0extern void =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 pf_unlink_state(st=
ruct pf_state *, u_int);



--=20
Ermal

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPBZQG3ntZC2SuPPZBG%2BLpvixFv=rumAk0J9bSxS36YucmP4ng>