Date: Tue, 31 Mar 2026 15:58:56 +0000 From: Mark Johnston <markj@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 6bdeab190345 - stable/15 - ip_mroute: Make the routing socket private Message-ID: <69cbef40.3a6bd.6d1a7fa9@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch stable/15 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=6bdeab19034539668cdd610c7dcbdec01c58c642 commit 6bdeab19034539668cdd610c7dcbdec01c58c642 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2026-02-13 16:50:18 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2026-03-31 15:57:28 +0000 ip_mroute: Make the routing socket private I have some patches which make ip_mroute and ip6_mroute multi-FIB-aware. This enables running per-FIB routing daemons, each of which has a separate routing socket. Several places in the network stack check whether multicast routing is configured by checking whether the multicast routing socket is non-NULL. This doesn't directly translate in my proposed scheme, as each FIB would have its own socket. I'd like to modify the ip(6)_mroute code to store all state, including the socket, in a per-FIB structure. So, take a step towards that and 1) hide the socket, 2) add a boolean flag which indicates whether a multicast router is registered. Reviewed by: pouria, zlei, glebius, adrian MFC after: 2 weeks Sponsored by: Stormshield Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D55236 (cherry picked from commit d19fd2f349226116f7effb281baa1eb32b8292e7) --- sys/netinet/igmp.c | 2 +- sys/netinet/ip_input.c | 3 ++- sys/netinet/ip_mroute.c | 29 +++++++++++++++-------------- sys/netinet/ip_mroute.h | 6 +++--- sys/netinet/ip_output.c | 3 ++- sys/netinet/raw_ip.c | 10 +++++----- sys/netinet6/ip6_input.c | 2 +- sys/netinet6/ip6_mroute.c | 35 ++++++++++++++++++++--------------- sys/netinet6/ip6_mroute.h | 6 +++--- sys/netinet6/ip6_output.c | 3 ++- sys/netinet6/mld6.c | 2 +- sys/netinet6/raw_ip6.c | 8 ++++---- 12 files changed, 59 insertions(+), 50 deletions(-) diff --git a/sys/netinet/igmp.c b/sys/netinet/igmp.c index da0b4910b9da..63a44bbcfb7a 100644 --- a/sys/netinet/igmp.c +++ b/sys/netinet/igmp.c @@ -3490,7 +3490,7 @@ igmp_intr(struct mbuf *m) imo.imo_multicast_ttl = 1; imo.imo_multicast_vif = -1; - imo.imo_multicast_loop = (V_ip_mrouter != NULL); + imo.imo_multicast_loop = V_ip_mrouting_enabled; /* * If the user requested that IGMP traffic be explicitly diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 3832a21847c0..652aa4a99e79 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -758,7 +758,8 @@ passin: * RFC 3927 2.7: Do not forward multicast packets from * IN_LINKLOCAL. */ - if (V_ip_mrouter && !IN_LINKLOCAL(ntohl(ip->ip_src.s_addr))) { + if (V_ip_mrouting_enabled && + !IN_LINKLOCAL(ntohl(ip->ip_src.s_addr))) { /* * If we are acting as a multicast router, all * incoming multicast packets are passed to the diff --git a/sys/netinet/ip_mroute.c b/sys/netinet/ip_mroute.c index efd63f239d9a..b4456d44f11c 100644 --- a/sys/netinet/ip_mroute.c +++ b/sys/netinet/ip_mroute.c @@ -170,6 +170,9 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_ip, OID_AUTO, mrtstat, struct mrtstat, mrtstat, "IPv4 Multicast Forwarding Statistics (struct mrtstat, " "netinet/ip_mroute.h)"); +VNET_DEFINE_STATIC(struct socket *, ip_mrouter); +#define V_ip_mrouter VNET(ip_mrouter) + VNET_DEFINE_STATIC(u_long, mfchash); #define V_mfchash VNET(mfchash) #define MFCHASH(a, g) \ @@ -306,7 +309,7 @@ VNET_DEFINE_STATIC(struct ifnet *, multicast_register_if); static u_long X_ip_mcast_src(int); static int X_ip_mforward(struct ip *, struct ifnet *, struct mbuf *, struct ip_moptions *); -static int X_ip_mrouter_done(void); +static void X_ip_mrouter_done(struct socket *); static int X_ip_mrouter_get(struct socket *, struct sockopt *); static int X_ip_mrouter_set(struct socket *, struct sockopt *); static int X_legal_vif_num(int); @@ -436,7 +439,7 @@ X_ip_mrouter_set(struct socket *so, struct sockopt *sopt) error = ip_mrouter_init(so, optval); break; case MRT_DONE: - error = ip_mrouter_done(); + ip_mrouter_done(so); break; case MRT_ADD_VIF: error = sooptcopyin(sopt, &vifc, sizeof vifc, sizeof vifc); @@ -625,8 +628,7 @@ if_detached_event(void *arg __unused, struct ifnet *ifp) struct ifnet *free_ptr, *multi_leave; MRW_WLOCK(); - - if (V_ip_mrouter == NULL) { + if (!V_ip_mrouting_enabled) { MRW_WUNLOCK(); return; } @@ -741,6 +743,7 @@ ip_mrouter_init(struct socket *so, int version) curvnet); V_ip_mrouter = so; + V_ip_mrouting_enabled = true; atomic_add_int(&ip_mrouter_cnt, 1); /* This is a mutex required by buf_ring init, but not used internally */ @@ -757,8 +760,8 @@ ip_mrouter_init(struct socket *so, int version) /* * Disable multicast forwarding. */ -static int -X_ip_mrouter_done(void) +static void +X_ip_mrouter_done(struct socket *so) { struct ifnet **ifps; int nifp; @@ -767,22 +770,22 @@ X_ip_mrouter_done(void) struct bw_upcall *bu; MRW_TEARDOWN_WLOCK(); - - if (V_ip_mrouter == NULL) { + if (so != V_ip_mrouter) { MRW_TEARDOWN_WUNLOCK(); - return (EINVAL); + return; } /* * Detach/disable hooks to the reset of the system. */ V_ip_mrouter = NULL; + V_ip_mrouting_enabled = false; atomic_subtract_int(&ip_mrouter_cnt, 1); V_mrt_api_config = 0; /* - * Wait for all epoch sections to complete to ensure - * V_ip_mrouter = NULL is visible to others. + * Wait for all epoch sections to complete to ensure the new value of + * V_ip_mrouting_enabled is visible to others. */ NET_EPOCH_WAIT(); @@ -857,8 +860,6 @@ X_ip_mrouter_done(void) free(ifps, M_TEMP); CTR1(KTR_IPMF, "%s: done", __func__); - - return 0; } /* @@ -2873,7 +2874,7 @@ ip_mroute_modevent(module_t mod, int type, void *unused) MRW_WLOCK(); if (ip_mrouter_cnt != 0) { MRW_WUNLOCK(); - return (EINVAL); + return (EBUSY); } ip_mrouter_unloading = 1; MRW_WUNLOCK(); diff --git a/sys/netinet/ip_mroute.h b/sys/netinet/ip_mroute.h index 6f09006ec9e2..5c2527ea64e5 100644 --- a/sys/netinet/ip_mroute.h +++ b/sys/netinet/ip_mroute.h @@ -356,8 +356,8 @@ struct bw_meter { }; #ifdef _KERNEL -VNET_DECLARE(struct socket *, ip_mrouter); /* multicast routing daemon */ -#define V_ip_mrouter VNET(ip_mrouter) +VNET_DECLARE(bool, ip_mrouting_enabled); +#define V_ip_mrouting_enabled VNET(ip_mrouting_enabled) struct ifnet; struct ip; @@ -369,7 +369,7 @@ struct sockopt; extern u_long (*ip_mcast_src)(int); extern int (*ip_mforward)(struct ip *, struct ifnet *, struct mbuf *, struct ip_moptions *); -extern int (*ip_mrouter_done)(void); +extern void (*ip_mrouter_done)(struct socket *); extern int (*ip_mrouter_get)(struct socket *, struct sockopt *); extern int (*ip_mrouter_set)(struct socket *, struct sockopt *); diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 6a9c85a83e65..a3fefba26c5e 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -611,7 +611,8 @@ again: * above, will be forwarded by the ip_input() routine, * if necessary. */ - if (V_ip_mrouter && (flags & IP_FORWARDING) == 0) { + if (V_ip_mrouting_enabled && + (flags & IP_FORWARDING) == 0) { /* * If rsvp daemon is not running, do not * set ip_moptions. This ensures that the packet diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index bfe608be6b36..e0e7aed04cd0 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -106,16 +106,16 @@ int (*ng_ipfw_input_p)(struct mbuf **, struct ip_fw_args *, bool); */ /* - * The socket used to communicate with the multicast routing daemon. + * A per-VNET flag indicating whether multicast routing is enabled. */ -VNET_DEFINE(struct socket *, ip_mrouter); +VNET_DEFINE(bool, ip_mrouting_enabled); /* * The various mrouter and rsvp functions. */ int (*ip_mrouter_set)(struct socket *, struct sockopt *); int (*ip_mrouter_get)(struct socket *, struct sockopt *); -int (*ip_mrouter_done)(void); +void (*ip_mrouter_done)(struct socket *); int (*ip_mforward)(struct ip *, struct ifnet *, struct mbuf *, struct ip_moptions *); int (*mrt_ioctl)(u_long, caddr_t, int); @@ -860,8 +860,8 @@ rip_detach(struct socket *so) ("rip_detach: not closed")); /* Disable mrouter first */ - if (so == V_ip_mrouter && ip_mrouter_done) - ip_mrouter_done(); + if (ip_mrouter_done != NULL) + ip_mrouter_done(so); INP_WLOCK(inp); INP_HASH_WLOCK(&V_ripcbinfo); diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index bd3042fc54c5..e826cc45cf8f 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -884,7 +884,7 @@ passin: /* * Forward if desirable. */ - if (V_ip6_mrouter && + if (V_ip6_mrouting_enabled && IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { /* * If we are acting as a multicast router, all diff --git a/sys/netinet6/ip6_mroute.c b/sys/netinet6/ip6_mroute.c index 7c2bdfeaeaec..195a240fef00 100644 --- a/sys/netinet6/ip6_mroute.c +++ b/sys/netinet6/ip6_mroute.c @@ -173,6 +173,9 @@ static struct sx mrouter6_mtx; #define MROUTER6_LOCK_INIT() sx_init(MROUTER6_LOCKPTR(), "mrouter6") #define MROUTER6_LOCK_DESTROY() sx_destroy(MROUTER6_LOCKPTR()) +VNET_DEFINE_STATIC(struct socket *, ip6_mrouter); +#define V_ip6_mrouter VNET(ip6_mrouter) + static struct mf6c *mf6ctable[MF6CTBLSIZ]; SYSCTL_OPAQUE(_net_inet6_ip6, OID_AUTO, mf6ctable, CTLFLAG_RD, &mf6ctable, sizeof(mf6ctable), "S,*mf6ctable[MF6CTBLSIZ]", @@ -336,7 +339,7 @@ static int get_sg_cnt(struct sioc_sg_req6 *); static struct callout expire_upcalls_ch; static int X_ip6_mforward(struct ip6_hdr *, struct ifnet *, struct mbuf *); -static int X_ip6_mrouter_done(void); +static void X_ip6_mrouter_done(struct socket *); static int X_ip6_mrouter_set(struct socket *, struct sockopt *); static int X_ip6_mrouter_get(struct socket *, struct sockopt *); static int X_mrt6_ioctl(u_long, caddr_t); @@ -384,7 +387,7 @@ X_ip6_mrouter_set(struct socket *so, struct sockopt *sopt) error = ip6_mrouter_init(so, optval, sopt->sopt_name); break; case MRT6_DONE: - error = X_ip6_mrouter_done(); + X_ip6_mrouter_done(so); break; case MRT6_ADD_MIF: error = sooptcopyin(sopt, &mifc, sizeof(mifc), sizeof(mifc)); @@ -557,6 +560,8 @@ ip6_mrouter_init(struct socket *so, int v, int cmd) return (EADDRINUSE); } + MFC6_LOCK(); + V_ip6_mrouting_enabled = true; V_ip6_mrouter = so; V_ip6_mrouter_ver = cmd; @@ -569,6 +574,7 @@ ip6_mrouter_init(struct socket *so, int v, int cmd) callout_reset(&expire_upcalls_ch, EXPIRE_TIMEOUT, expire_upcalls, NULL); + MFC6_UNLOCK(); MROUTER6_UNLOCK(); MRT6_DLOG(DEBUG_ANY, "finished"); @@ -579,8 +585,8 @@ ip6_mrouter_init(struct socket *so, int v, int cmd) /* * Disable IPv6 multicast forwarding. */ -static int -X_ip6_mrouter_done(void) +static void +X_ip6_mrouter_done(struct socket *so) { mifi_t mifi; u_long i; @@ -589,9 +595,9 @@ X_ip6_mrouter_done(void) MROUTER6_LOCK(); - if (V_ip6_mrouter == NULL) { + if (V_ip6_mrouter != so) { MROUTER6_UNLOCK(); - return (EINVAL); + return; } /* @@ -604,6 +610,7 @@ X_ip6_mrouter_done(void) if_allmulti(mif6table[mifi].m6_ifp, 0); } } + MFC6_LOCK(); bzero((caddr_t)mif6table, sizeof(mif6table)); nummifs = 0; @@ -612,7 +619,6 @@ X_ip6_mrouter_done(void) /* * Free all multicast forwarding cache entries. */ - MFC6_LOCK(); for (i = 0; i < MF6CTBLSIZ; i++) { rt = mf6ctable[i]; while (rt) { @@ -631,6 +637,10 @@ X_ip6_mrouter_done(void) } } bzero((caddr_t)mf6ctable, sizeof(mf6ctable)); + + V_ip6_mrouter = NULL; + V_ip6_mrouting_enabled = false; + V_ip6_mrouter_ver = 0; MFC6_UNLOCK(); callout_drain(&expire_upcalls_ch); @@ -645,13 +655,8 @@ X_ip6_mrouter_done(void) multicast_register_if6 = NULL; } - V_ip6_mrouter = NULL; - V_ip6_mrouter_ver = 0; - MROUTER6_UNLOCK(); MRT6_DLOG(DEBUG_ANY, "finished"); - - return (0); } static struct sockaddr_in6 sin6 = { sizeof(sin6), AF_INET6 }; @@ -1904,14 +1909,14 @@ ip6_mroute_modevent(module_t mod, int type, void *unused) break; case MOD_UNLOAD: - if (V_ip6_mrouter != NULL) - return EINVAL; + if (V_ip6_mrouting_enabled) + return (EBUSY); if (pim6_encap_cookie) { ip6_encap_detach(pim6_encap_cookie); pim6_encap_cookie = NULL; } - X_ip6_mrouter_done(); + ip6_mforward = NULL; ip6_mrouter_done = NULL; ip6_mrouter_get = NULL; diff --git a/sys/netinet6/ip6_mroute.h b/sys/netinet6/ip6_mroute.h index 2f298df6a1ce..fda8c4308e86 100644 --- a/sys/netinet6/ip6_mroute.h +++ b/sys/netinet6/ip6_mroute.h @@ -273,8 +273,8 @@ struct rtdetq { /* XXX: rtdetq is also defined in ip_mroute.h */ #endif /* _KERNEL || KERNEL */ #ifdef _KERNEL -VNET_DECLARE(struct socket *, ip6_mrouter); /* multicast routing daemon */ -#define V_ip6_mrouter VNET(ip6_mrouter) +VNET_DECLARE(bool, ip6_mrouting_enabled); +#define V_ip6_mrouting_enabled VNET(ip6_mrouting_enabled) struct ifnet; struct ip6_hdr; @@ -286,7 +286,7 @@ extern int (*ip6_mforward)(struct ip6_hdr *, struct ifnet *, struct mbuf *); extern int (*ip6_mrouter_set)(struct socket *so, struct sockopt *sopt); extern int (*ip6_mrouter_get)(struct socket *so, struct sockopt *sopt); -extern int (*ip6_mrouter_done)(void); +extern void (*ip6_mrouter_done)(struct socket *so); extern int (*mrt6_ioctl)(u_long, caddr_t); #endif /* _KERNEL */ diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index 10e38c317ad2..5e395cc63525 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -904,7 +904,8 @@ nonh6lookup: * above, will be forwarded by the ip6_input() routine, * if necessary. */ - if (V_ip6_mrouter && (flags & IPV6_FORWARDING) == 0) { + if (V_ip6_mrouting_enabled && + (flags & IPV6_FORWARDING) == 0) { /* * XXX: ip6_mforward expects that rcvif is NULL * when it is called from the originating path. diff --git a/sys/netinet6/mld6.c b/sys/netinet6/mld6.c index d3757627116c..e78376b925e4 100644 --- a/sys/netinet6/mld6.c +++ b/sys/netinet6/mld6.c @@ -3092,7 +3092,7 @@ mld_dispatch_packet(struct mbuf *m) } im6o.im6o_multicast_hlim = 1; - im6o.im6o_multicast_loop = (V_ip6_mrouter != NULL); + im6o.im6o_multicast_loop = V_ip6_mrouting_enabled; im6o.im6o_multicast_ifp = ifp; if (m->m_flags & M_MLDV1) { diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index 7deb605c07a2..f3153b5435e2 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -137,14 +137,14 @@ VNET_PCPUSTAT_SYSUNINIT(rip6stat); /* * The socket used to communicate with the multicast routing daemon. */ -VNET_DEFINE(struct socket *, ip6_mrouter); +VNET_DEFINE(bool, ip6_mrouting_enabled); /* * The various mrouter functions. */ int (*ip6_mrouter_set)(struct socket *, struct sockopt *); int (*ip6_mrouter_get)(struct socket *, struct sockopt *); -int (*ip6_mrouter_done)(void); +void (*ip6_mrouter_done)(struct socket *); int (*ip6_mforward)(struct ip6_hdr *, struct ifnet *, struct mbuf *); int (*mrt6_ioctl)(u_long, caddr_t); @@ -694,8 +694,8 @@ rip6_detach(struct socket *so) inp = sotoinpcb(so); KASSERT(inp != NULL, ("rip6_detach: inp == NULL")); - if (so == V_ip6_mrouter && ip6_mrouter_done) - ip6_mrouter_done(); + if (ip6_mrouter_done != NULL) + ip6_mrouter_done(so); /* xxx: RSVP */ INP_WLOCK(inp); free(inp->in6p_icmp6filt, M_PCB);home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69cbef40.3a6bd.6d1a7fa9>