svn commit: r233846 - head/sys/contrib/pf/net
Author: glebius
Date: Tue Apr 3 18:09:20 2012
New Revision: 233846
URL: http://svn.freebsd.org/changeset/base/233846
Log:
Since pf 4.5 import pf(4) has a mechanism to defer
forwarding a packet, that creates state, until
pfsync(4) peer acks state addition (or 10 msec
timeout passes).
This is needed for active-active CARP configurations,
which are poorly supported in FreeBSD and arguably
a good idea at all.
Unfortunately by the time of import this feature in
OpenBSD was turned on, and did not have a switch to
turn it off. This leaked to FreeBSD.
This change make it possible to turn this feature
off via ioctl() and turns it off by default.
Obtained from:OpenBSD
Modified:
head/sys/contrib/pf/net/if_pfsync.c
head/sys/contrib/pf/net/if_pfsync.h
Modified: head/sys/contrib/pf/net/if_pfsync.c
==
--- head/sys/contrib/pf/net/if_pfsync.c Tue Apr 3 17:48:42 2012
(r233845)
+++ head/sys/contrib/pf/net/if_pfsync.c Tue Apr 3 18:09:20 2012
(r233846)
@@ -50,6 +50,7 @@
* 1.128 - cleanups
* 1.146 - bzero() mbuf before sparsely filling it with data
* 1.170 - SIOCSIFMTU checks
+ * 1.126, 1.142 - deferred packets processing
*/
#ifdef __FreeBSD__
@@ -262,6 +263,7 @@ struct pfsync_softc {
struct pfsync_upd_reqs sc_upd_req_list;
+ int sc_defer;
struct pfsync_deferrals sc_deferrals;
u_intsc_deferred;
@@ -1805,6 +1807,7 @@ pfsyncioctl(struct ifnet *ifp, u_long cm
}
pfsyncr.pfsyncr_syncpeer = sc-sc_sync_peer;
pfsyncr.pfsyncr_maxupdates = sc-sc_maxupdates;
+ pfsyncr.pfsyncr_defer = sc-sc_defer;
return (copyout(pfsyncr, ifr-ifr_data, sizeof(pfsyncr)));
case SIOCSETPFSYNC:
@@ -1840,6 +1843,7 @@ pfsyncioctl(struct ifnet *ifp, u_long cm
}
#endif
sc-sc_maxupdates = pfsyncr.pfsyncr_maxupdates;
+ sc-sc_defer = pfsyncr.pfsyncr_defer;
if (pfsyncr.pfsyncr_syncdev[0] == 0) {
sc-sc_sync_if = NULL;
@@ -2378,10 +2382,7 @@ pfsync_insert_state(struct pf_state *st)
pfsync_q_ins(st, PFSYNC_S_INS);
- if (ISSET(st-state_flags, PFSTATE_ACK))
- schednetisr(NETISR_PFSYNC);
- else
- st-sync_updates = 0;
+ st-sync_updates = 0;
}
int defer = 10;
@@ -2402,6 +2403,9 @@ pfsync_defer(struct pf_state *st, struct
splassert(IPL_SOFTNET);
#endif
+ if (!sc-sc_defer || m-m_flags (M_BCAST|M_MCAST))
+ return (0);
+
if (sc-sc_deferred = 128)
pfsync_undefer(TAILQ_FIRST(sc-sc_deferrals), 0);
@@ -2430,6 +2434,8 @@ pfsync_defer(struct pf_state *st, struct
timeout_add(pd-pd_tmo, defer);
#endif
+ swi_sched(V_pfsync_swi_cookie, 0);
+
return (1);
}
Modified: head/sys/contrib/pf/net/if_pfsync.h
==
--- head/sys/contrib/pf/net/if_pfsync.h Tue Apr 3 17:48:42 2012
(r233845)
+++ head/sys/contrib/pf/net/if_pfsync.h Tue Apr 3 18:09:20 2012
(r233846)
@@ -265,7 +265,7 @@ struct pfsyncreq {
char pfsyncr_syncdev[IFNAMSIZ];
struct in_addr pfsyncr_syncpeer;
int pfsyncr_maxupdates;
- int pfsyncr_authlevel;
+ int pfsyncr_defer;
};
#ifdef __FreeBSD__
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r233846 - head/sys/contrib/pf/net
On Tue, Apr 03, 2012 at 06:09:21PM +, Gleb Smirnoff wrote: T Author: glebius T Date: Tue Apr 3 18:09:20 2012 T New Revision: 233846 T URL: http://svn.freebsd.org/changeset/base/233846 T T Log: T Since pf 4.5 import pf(4) has a mechanism to defer T forwarding a packet, that creates state, until T pfsync(4) peer acks state addition (or 10 msec T timeout passes). T T This is needed for active-active CARP configurations, T which are poorly supported in FreeBSD and arguably T a good idea at all. T T Unfortunately by the time of import this feature in T OpenBSD was turned on, and did not have a switch to T turn it off. This leaked to FreeBSD. T T This change make it possible to turn this feature T off via ioctl() and turns it off by default. Fortunately, we got an unused field in struct pfsyncreq, so this commit doesn't break ioctl() ABI, and this is mergeable. -- Totus tuus, Glebius. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r233846 - head/sys/contrib/pf/net
You are sure that the defer feature is linked only to active-active? 2012/4/3 Gleb Smirnoff gleb...@freebsd.org: On Tue, Apr 03, 2012 at 06:09:21PM +, Gleb Smirnoff wrote: T Author: glebius T Date: Tue Apr 3 18:09:20 2012 T New Revision: 233846 T URL: http://svn.freebsd.org/changeset/base/233846 T T Log: T Since pf 4.5 import pf(4) has a mechanism to defer T forwarding a packet, that creates state, until T pfsync(4) peer acks state addition (or 10 msec T timeout passes). T T This is needed for active-active CARP configurations, T which are poorly supported in FreeBSD and arguably T a good idea at all. T T Unfortunately by the time of import this feature in T OpenBSD was turned on, and did not have a switch to T turn it off. This leaked to FreeBSD. T T This change make it possible to turn this feature T off via ioctl() and turns it off by default. Fortunately, we got an unused field in struct pfsyncreq, so this commit doesn't break ioctl() ABI, and this is mergeable. -- Totus tuus, Glebius. -- Ermal ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r233846 - head/sys/contrib/pf/net
Ermal, On Tue, Apr 03, 2012 at 08:30:41PM +0200, Ermal Lu?i wrote: E You are sure that the defer feature is linked only to active-active? I don't see any sane reason for deferring in normal master/backup configuration. -- Totus tuus, Glebius. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
