svn commit: r284548 - stable/10/sys/kern
Author: kib Date: Thu Jun 18 13:46:32 2015 New Revision: 284548 URL: https://svnweb.freebsd.org/changeset/base/284548 Log: MFC r284178: Add barriers when updating and reading th_generation. MFC r284256: Tweaks for r284178. Modified: stable/10/sys/kern/kern_tc.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/kern/kern_tc.c == --- stable/10/sys/kern/kern_tc.cThu Jun 18 13:45:07 2015 (r284547) +++ stable/10/sys/kern/kern_tc.cThu Jun 18 13:46:32 2015 (r284548) @@ -70,7 +70,7 @@ struct timehands { struct timeval th_microtime; struct timespec th_nanotime; /* Fields not to be copied in tc_windup start with th_generation. */ - volatile u_int th_generation; + u_int th_generation; struct timehands*th_next; }; @@ -189,6 +189,33 @@ tc_delta(struct timehands *th) tc-tc_counter_mask); } +static inline u_int +tc_getgen(struct timehands *th) +{ + +#ifdef SMP + return (atomic_load_acq_int(th-th_generation)); +#else + u_int gen; + + gen = th-th_generation; + __compiler_membar(); + return (gen); +#endif +} + +static inline void +tc_setgen(struct timehands *th, u_int newgen) +{ + +#ifdef SMP + atomic_store_rel_int(th-th_generation, newgen); +#else + __compiler_membar(); + th-th_generation = newgen; +#endif +} + /* * Functions for reading the time. We have to loop until we are sure that * the timehands that we operated on was not updated under our feet. See @@ -204,10 +231,10 @@ fbclock_binuptime(struct bintime *bt) do { th = timehands; - gen = th-th_generation; + gen = tc_getgen(th); *bt = th-th_offset; bintime_addx(bt, th-th_scale * tc_delta(th)); - } while (gen == 0 || gen != th-th_generation); + } while (gen == 0 || gen != tc_getgen(th)); } void @@ -262,9 +289,9 @@ fbclock_getbinuptime(struct bintime *bt) do { th = timehands; - gen = th-th_generation; + gen = tc_getgen(th); *bt = th-th_offset; - } while (gen == 0 || gen != th-th_generation); + } while (gen == 0 || gen != tc_getgen(th)); } void @@ -275,9 +302,9 @@ fbclock_getnanouptime(struct timespec *t do { th = timehands; - gen = th-th_generation; + gen = tc_getgen(th); bintime2timespec(th-th_offset, tsp); - } while (gen == 0 || gen != th-th_generation); + } while (gen == 0 || gen != tc_getgen(th)); } void @@ -288,9 +315,9 @@ fbclock_getmicrouptime(struct timeval *t do { th = timehands; - gen = th-th_generation; + gen = tc_getgen(th); bintime2timeval(th-th_offset, tvp); - } while (gen == 0 || gen != th-th_generation); + } while (gen == 0 || gen != tc_getgen(th)); } void @@ -301,9 +328,9 @@ fbclock_getbintime(struct bintime *bt) do { th = timehands; - gen = th-th_generation; + gen = tc_getgen(th); *bt = th-th_offset; - } while (gen == 0 || gen != th-th_generation); + } while (gen == 0 || gen != tc_getgen(th)); bintime_add(bt, boottimebin); } @@ -315,9 +342,9 @@ fbclock_getnanotime(struct timespec *tsp do { th = timehands; - gen = th-th_generation; + gen = tc_getgen(th); *tsp = th-th_nanotime; - } while (gen == 0 || gen != th-th_generation); + } while (gen == 0 || gen != tc_getgen(th)); } void @@ -328,9 +355,9 @@ fbclock_getmicrotime(struct timeval *tvp do { th = timehands; - gen = th-th_generation; + gen = tc_getgen(th); *tvp = th-th_microtime; - } while (gen == 0 || gen != th-th_generation); + } while (gen == 0 || gen != tc_getgen(th)); } #else /* !FFCLOCK */ void @@ -341,10 +368,10 @@ binuptime(struct bintime *bt) do { th = timehands; - gen = th-th_generation; + gen = tc_getgen(th); *bt = th-th_offset; bintime_addx(bt, th-th_scale * tc_delta(th)); - } while (gen == 0 || gen != th-th_generation); + } while (gen == 0 || gen != tc_getgen(th)); } void @@ -399,9 +426,9 @@ getbinuptime(struct bintime *bt) do { th = timehands; - gen = th-th_generation; + gen = tc_getgen(th); *bt = th-th_offset; - } while (gen == 0 || gen != th-th_generation); + } while (gen == 0 || gen != tc_getgen(th)); } void @@ -412,9 +439,9 @@ getnanouptime(struct timespec *tsp) do
svn commit: r284554 - stable/10/sys/dev/sfxge
Author: arybchik Date: Thu Jun 18 15:41:09 2015 New Revision: 284554 URL: https://svnweb.freebsd.org/changeset/base/284554 Log: sfxge: use if_initbaudrate() to set interface baudrate It is required to cope with u_long limit for 10 Gbps in a right way. It is a direct commit to stable/10 since head differs (head does not have if_initbaudrate(), if_baudrate is simply uint64_t). Sponsored by: Solarflare Communications, Inc. Differential Revision: https://reviews.freebsd.org/D2849 Modified: stable/10/sys/dev/sfxge/sfxge_port.c Modified: stable/10/sys/dev/sfxge/sfxge_port.c == --- stable/10/sys/dev/sfxge/sfxge_port.cThu Jun 18 14:29:46 2015 (r284553) +++ stable/10/sys/dev/sfxge/sfxge_port.cThu Jun 18 15:41:09 2015 (r284554) @@ -224,14 +224,14 @@ sfxge_port_link_fc_handler(SYSCTL_HANDLE #endif /* SFXGE_HAVE_PAUSE_MEDIAOPTS */ -static const u_long sfxge_link_baudrate[EFX_LINK_NMODES] = { +static const uint64_t sfxge_link_baudrate[EFX_LINK_NMODES] = { [EFX_LINK_10HDX]= IF_Mbps(10), [EFX_LINK_10FDX]= IF_Mbps(10), [EFX_LINK_100HDX] = IF_Mbps(100), [EFX_LINK_100FDX] = IF_Mbps(100), [EFX_LINK_1000HDX] = IF_Gbps(1), [EFX_LINK_1000FDX] = IF_Gbps(1), - [EFX_LINK_1FDX] = MIN(IF_Gbps(10ULL), ULONG_MAX), + [EFX_LINK_1FDX] = IF_Gbps(10), }; void @@ -250,7 +250,7 @@ sfxge_mac_link_update(struct sfxge_softc /* Push link state update to the OS */ link_state = (port-link_mode != EFX_LINK_DOWN ? LINK_STATE_UP : LINK_STATE_DOWN); - sc-ifnet-if_baudrate = sfxge_link_baudrate[port-link_mode]; + if_initbaudrate(sc-ifnet, sfxge_link_baudrate[port-link_mode]); if_link_state_change(sc-ifnet, link_state); } ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r284555 - in stable/10: share/man/man4 sys/conf sys/dev/sfxge sys/dev/sfxge/common sys/modules/sfxge
Author: arybchik Date: Thu Jun 18 15:46:39 2015 New Revision: 284555 URL: https://svnweb.freebsd.org/changeset/base/284555 Log: MFC: r283514 sfxge: add 7xxx NICs family support Support 7xxx adapters including firmware-assisted TSO and VLAN tagging: - Solarflare Flareon Ultra 7000 series 10/40G adapters: - Solarflare SFN7042Q QSFP+ Server Adapter - Solarflare SFN7142Q QSFP+ Server Adapter - Solarflare Flareon Ultra 7000 series 10G adapters: - Solarflare SFN7022F SFP+ Server Adapter - Solarflare SFN7122F SFP+ Server Adapter - Solarflare SFN7322F Precision Time Synchronization Server Adapter - Solarflare Flareon 7000 series 10G adapters: - Solarflare SFN7002F SFP+ Server Adapter Support utilities to configure adapters and update firmware. The work is done by Solarflare developers (Andy Moreton, Andrew Lee and many others), Artem V. Andreev Artem.Andreev at oktetlabs.ru and me. Sponsored by: Solarflare Communications, Inc. Added: stable/10/sys/dev/sfxge/common/ef10_tlv_layout.h - copied unchanged from r283514, head/sys/dev/sfxge/common/ef10_tlv_layout.h stable/10/sys/dev/sfxge/common/efx_check.h - copied unchanged from r283514, head/sys/dev/sfxge/common/efx_check.h stable/10/sys/dev/sfxge/common/efx_crc32.c - copied unchanged from r283514, head/sys/dev/sfxge/common/efx_crc32.c stable/10/sys/dev/sfxge/common/efx_hash.c - copied unchanged from r283514, head/sys/dev/sfxge/common/efx_hash.c stable/10/sys/dev/sfxge/common/efx_phy_ids.h - copied unchanged from r283514, head/sys/dev/sfxge/common/efx_phy_ids.h stable/10/sys/dev/sfxge/common/hunt_ev.c - copied unchanged from r283514, head/sys/dev/sfxge/common/hunt_ev.c stable/10/sys/dev/sfxge/common/hunt_filter.c - copied unchanged from r283514, head/sys/dev/sfxge/common/hunt_filter.c stable/10/sys/dev/sfxge/common/hunt_impl.h - copied unchanged from r283514, head/sys/dev/sfxge/common/hunt_impl.h stable/10/sys/dev/sfxge/common/hunt_intr.c - copied unchanged from r283514, head/sys/dev/sfxge/common/hunt_intr.c stable/10/sys/dev/sfxge/common/hunt_mac.c - copied unchanged from r283514, head/sys/dev/sfxge/common/hunt_mac.c stable/10/sys/dev/sfxge/common/hunt_mcdi.c - copied unchanged from r283514, head/sys/dev/sfxge/common/hunt_mcdi.c stable/10/sys/dev/sfxge/common/hunt_nic.c - copied unchanged from r283514, head/sys/dev/sfxge/common/hunt_nic.c stable/10/sys/dev/sfxge/common/hunt_nvram.c - copied unchanged from r283514, head/sys/dev/sfxge/common/hunt_nvram.c stable/10/sys/dev/sfxge/common/hunt_phy.c - copied unchanged from r283514, head/sys/dev/sfxge/common/hunt_phy.c stable/10/sys/dev/sfxge/common/hunt_rx.c - copied unchanged from r283514, head/sys/dev/sfxge/common/hunt_rx.c stable/10/sys/dev/sfxge/common/hunt_sram.c - copied unchanged from r283514, head/sys/dev/sfxge/common/hunt_sram.c stable/10/sys/dev/sfxge/common/hunt_tx.c - copied unchanged from r283514, head/sys/dev/sfxge/common/hunt_tx.c stable/10/sys/dev/sfxge/common/hunt_vpd.c - copied unchanged from r283514, head/sys/dev/sfxge/common/hunt_vpd.c stable/10/sys/dev/sfxge/common/mcdi_mon.c - copied unchanged from r283514, head/sys/dev/sfxge/common/mcdi_mon.c stable/10/sys/dev/sfxge/common/mcdi_mon.h - copied unchanged from r283514, head/sys/dev/sfxge/common/mcdi_mon.h stable/10/sys/dev/sfxge/common/siena_mcdi.c - copied unchanged from r283514, head/sys/dev/sfxge/common/siena_mcdi.c stable/10/sys/dev/sfxge/sfxge_ioc.h - copied unchanged from r283514, head/sys/dev/sfxge/sfxge_ioc.h stable/10/sys/dev/sfxge/sfxge_nvram.c - copied unchanged from r283514, head/sys/dev/sfxge/sfxge_nvram.c Deleted: stable/10/sys/dev/sfxge/common/siena_mon.c Modified: stable/10/share/man/man4/sfxge.4 (contents, props changed) stable/10/sys/conf/files stable/10/sys/conf/files.amd64 stable/10/sys/dev/sfxge/common/efsys.h (contents, props changed) stable/10/sys/dev/sfxge/common/efx.h (contents, props changed) stable/10/sys/dev/sfxge/common/efx_bootcfg.c (contents, props changed) stable/10/sys/dev/sfxge/common/efx_ev.c (contents, props changed) stable/10/sys/dev/sfxge/common/efx_filter.c (contents, props changed) stable/10/sys/dev/sfxge/common/efx_impl.h (contents, props changed) stable/10/sys/dev/sfxge/common/efx_intr.c (contents, props changed) stable/10/sys/dev/sfxge/common/efx_mac.c (contents, props changed) stable/10/sys/dev/sfxge/common/efx_mcdi.c (contents, props changed) stable/10/sys/dev/sfxge/common/efx_mcdi.h (contents, props changed) stable/10/sys/dev/sfxge/common/efx_mon.c (contents, props changed) stable/10/sys/dev/sfxge/common/efx_nic.c (contents, props changed) stable/10/sys/dev/sfxge/common/efx_nvram.c (contents, props changed) stable/10/sys/dev/sfxge/common/efx_phy.c (contents, props changed)
svn commit: r284556 - in stable/10/sys: dev/sfxge modules/sfxge
Author: arybchik Date: Thu Jun 18 15:50:42 2015 New Revision: 284556 URL: https://svnweb.freebsd.org/changeset/base/284556 Log: MFC: r283679 sfxge: do not use DEBUG_FLAGS to enable extra debug checks DEBUG_FLAGS are set to DEBUG option value when kernel is built. For example, it is -g in GENERIC config to have debug symbols. Also DEBUG_FLAGS are used to determine if ctfconvert should keep debug symbols. Since we redefined DEBUG_FLAGS, debug symbols were always missing. ctfconvert complains about it during kernel build. It is incorrect to append DEBUG_FLAGS, since if DEBUG has no -g (or similar), we'll have no debug symbols and ctfconvert will complain. If it incorrect to always have -g in our DEBUG_FLAGS, since debug symbols presence should be controllable by kernel config. So, just add disabled by default addition of -DDEBUG=1 to CFLAGS. Reviewed by:imp Sponsored by: Solarflare Communications, Inc. Modified: stable/10/sys/dev/sfxge/sfxge_version.h stable/10/sys/modules/sfxge/Makefile Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/dev/sfxge/sfxge_version.h == --- stable/10/sys/dev/sfxge/sfxge_version.h Thu Jun 18 15:46:39 2015 (r284555) +++ stable/10/sys/dev/sfxge/sfxge_version.h Thu Jun 18 15:50:42 2015 (r284556) @@ -36,6 +36,6 @@ #ifndef _SFXGE_VERSION_H #define_SFXGE_VERSION_H -#defineSFXGE_VERSION_STRINGv4.5.1.1018 +#defineSFXGE_VERSION_STRINGv4.5.2.1000 #endif /* _SFXGE_DRIVER_VERSION_H */ Modified: stable/10/sys/modules/sfxge/Makefile == --- stable/10/sys/modules/sfxge/MakefileThu Jun 18 15:46:39 2015 (r284555) +++ stable/10/sys/modules/sfxge/MakefileThu Jun 18 15:50:42 2015 (r284556) @@ -36,7 +36,8 @@ SRCS+=hunt_nvram.c hunt_rx.c hunt_phy.c SRCS+= hunt_filter.c SRCS+= hunt_impl.h -DEBUG_FLAGS= -DDEBUG=1 +# Extra debug checks +#CFLAGS += -DDEBUG=1 .if !defined(KERNBUILDDIR) .if ${MK_INET_SUPPORT} != no ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r284559 - stable/10/lib/libc/resolv
Author: ume Date: Thu Jun 18 16:39:05 2015 New Revision: 284559 URL: https://svnweb.freebsd.org/changeset/base/284559 Log: MFC r284229: Add support for '_' occurring at the beginning or end of a name component. PR: 176093 Submitted by: landonf__at__bikemonkey.org Modified: stable/10/lib/libc/resolv/res_comp.c Directory Properties: stable/10/ (props changed) Modified: stable/10/lib/libc/resolv/res_comp.c == --- stable/10/lib/libc/resolv/res_comp.cThu Jun 18 16:31:32 2015 (r284558) +++ stable/10/lib/libc/resolv/res_comp.cThu Jun 18 16:39:05 2015 (r284559) @@ -147,12 +147,12 @@ dn_skipname(const u_char *ptr, const u_c || ((c) = 0x61 (c) = 0x7a)) #define digitchar(c) ((c) = 0x30 (c) = 0x39) -#define borderchar(c) (alphachar(c) || digitchar(c)) #ifdef RES_ENFORCE_RFC1034 -#define middlechar(c) (borderchar(c) || hyphenchar(c)) +#define borderchar(c) (alphachar(c) || digitchar(c)) #else -#define middlechar(c) (borderchar(c) || hyphenchar(c) || underscorechar(c)) +#define borderchar(c) (alphachar(c) || digitchar(c) || underscorechar(c)) #endif +#define middlechar(c) (borderchar(c) || hyphenchar(c)) #definedomainchar(c) ((c) 0x20 (c) 0x7f) int ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r284586 - stable/10/sys/cam/ctl
Author: mav Date: Fri Jun 19 00:53:15 2015 New Revision: 284586 URL: https://svnweb.freebsd.org/changeset/base/284586 Log: MFC r284013: Allow setting only WWNN or only WWPN. Modified: stable/10/sys/cam/ctl/scsi_ctl.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/cam/ctl/scsi_ctl.c == --- stable/10/sys/cam/ctl/scsi_ctl.cFri Jun 19 00:10:30 2015 (r284585) +++ stable/10/sys/cam/ctl/scsi_ctl.cFri Jun 19 00:53:15 2015 (r284586) @@ -1657,16 +1657,24 @@ ctlfe_onoffline(void *arg, int online) * down to the SIM. Otherwise, record what the SIM * has reported. */ - if ((bus_softc-port.wwnn != 0) - (bus_softc-port.wwpn != 0)) { + if (bus_softc-port.wwnn != 0 bus_softc-port.wwnn + != ccb-knob.xport_specific.fc.wwnn) { ccb-knob.xport_specific.fc.wwnn = - bus_softc-port.wwnn; - ccb-knob.xport_specific.fc.wwpn = - bus_softc-port.wwpn; + bus_softc-port.wwnn; set_wwnn = 1; } else { ctl_port_set_wwns(bus_softc-port, true, ccb-knob.xport_specific.fc.wwnn, + false, 0); + } + if (bus_softc-port.wwpn != 0 bus_softc-port.wwpn +!= ccb-knob.xport_specific.fc.wwpn) { + ccb-knob.xport_specific.fc.wwpn = + bus_softc-port.wwpn; + set_wwnn = 1; + } else { + ctl_port_set_wwns(bus_softc-port, + false, 0, true, ccb-knob.xport_specific.fc.wwpn); } #endif /* RANDOM_WWNN */ ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r284565 - stable/10/sys/geom/part
Author: ae Date: Thu Jun 18 17:42:24 2015 New Revision: 284565 URL: https://svnweb.freebsd.org/changeset/base/284565 Log: MFC r284151: Teach G_PART_GPT class handle g_resize_provider event. Modified: stable/10/sys/geom/part/g_part_gpt.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/geom/part/g_part_gpt.c == --- stable/10/sys/geom/part/g_part_gpt.cThu Jun 18 17:28:15 2015 (r284564) +++ stable/10/sys/geom/part/g_part_gpt.cThu Jun 18 17:42:24 2015 (r284565) @@ -760,7 +760,7 @@ g_part_gpt_resize(struct g_part_table *b struct g_part_gpt_entry *entry; if (baseentry == NULL) - return (EOPNOTSUPP); + return (g_part_gpt_recover(basetable)); entry = (struct g_part_gpt_entry *)baseentry; baseentry-gpe_end = baseentry-gpe_start + gpp-gpp_size - 1; ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r284568 - stable/10/sys/netinet6
Author: kp Date: Thu Jun 18 20:21:02 2015 New Revision: 284568 URL: https://svnweb.freebsd.org/changeset/base/284568 Log: Merge r278828, r278832 - Factor out ip6_deletefraghdr() function, to be shared between IPv6 stack and pf(4). - Move ip6_deletefraghdr() to frag6.c. (Suggested by bz) Differential Revision:https://reviews.freebsd.org/D2813 Reviewed by: gnn Modified: stable/10/sys/netinet6/frag6.c stable/10/sys/netinet6/ip6_var.h Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netinet6/frag6.c == --- stable/10/sys/netinet6/frag6.c Thu Jun 18 19:20:00 2015 (r284567) +++ stable/10/sys/netinet6/frag6.c Thu Jun 18 20:21:02 2015 (r284568) @@ -555,27 +555,16 @@ insert: *q6-ip6q_nxtp = (u_char)(nxt 0xff); #endif - /* Delete frag6 header */ - if (m-m_len = offset + sizeof(struct ip6_frag)) { - /* This is the only possible case with !PULLDOWN_TEST */ - ovbcopy((caddr_t)ip6, (caddr_t)ip6 + sizeof(struct ip6_frag), - offset); - m-m_data += sizeof(struct ip6_frag); - m-m_len -= sizeof(struct ip6_frag); - } else { - /* this comes with no copy if the boundary is on cluster */ - if ((t = m_split(m, offset, M_NOWAIT)) == NULL) { - frag6_remque(q6); - V_frag6_nfrags -= q6-ip6q_nfrag; + if (ip6_deletefraghdr(m, offset, M_NOWAIT) != 0) { + frag6_remque(q6); + V_frag6_nfrags -= q6-ip6q_nfrag; #ifdef MAC - mac_ip6q_destroy(q6); + mac_ip6q_destroy(q6); #endif - free(q6, M_FTABLE); - V_frag6_nfragpackets--; - goto dropfrag; - } - m_adj(t, sizeof(struct ip6_frag)); - m_cat(m, t); + free(q6, M_FTABLE); + V_frag6_nfragpackets--; + + goto dropfrag; } /* @@ -789,3 +778,27 @@ frag6_drain(void) IP6Q_UNLOCK(); VNET_LIST_RUNLOCK_NOSLEEP(); } + +int +ip6_deletefraghdr(struct mbuf *m, int offset, int wait) +{ + struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); + struct mbuf *t; + + /* Delete frag6 header. */ + if (m-m_len = offset + sizeof(struct ip6_frag)) { + /* This is the only possible case with !PULLDOWN_TEST. */ + bcopy(ip6, (char *)ip6 + sizeof(struct ip6_frag), + offset); + m-m_data += sizeof(struct ip6_frag); + m-m_len -= sizeof(struct ip6_frag); + } else { + /* This comes with no copy if the boundary is on cluster. */ + if ((t = m_split(m, offset, wait)) == NULL) + return (ENOMEM); + m_adj(t, sizeof(struct ip6_frag)); + m_cat(m, t); + } + + return (0); +} Modified: stable/10/sys/netinet6/ip6_var.h == --- stable/10/sys/netinet6/ip6_var.hThu Jun 18 19:20:00 2015 (r284567) +++ stable/10/sys/netinet6/ip6_var.hThu Jun 18 20:21:02 2015 (r284568) @@ -425,6 +425,7 @@ int ip6_setpktopts(struct mbuf *, struct void ip6_clearpktopts(struct ip6_pktopts *, int); struct ip6_pktopts *ip6_copypktopts(struct ip6_pktopts *, int); intip6_optlen(struct inpcb *); +intip6_deletefraghdr(struct mbuf *, int, int); introute6_input(struct mbuf **, int *, int); ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r284576 - stable/10/sys/netinet6
Author: kp Date: Thu Jun 18 20:57:21 2015 New Revision: 284576 URL: https://svnweb.freebsd.org/changeset/base/284576 Log: Merge r281234 Evaluate packet size after the firewall had its chance Defer the packet size check until after the firewall has had a look at it. This means that the firewall now has the opportunity to (re-)fragment an oversized packet. Differential Revision:https://reviews.freebsd.org/D2821 Reviewed by: gnn Modified: stable/10/sys/netinet6/ip6_forward.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netinet6/ip6_forward.c == --- stable/10/sys/netinet6/ip6_forward.cThu Jun 18 20:45:37 2015 (r284575) +++ stable/10/sys/netinet6/ip6_forward.cThu Jun 18 20:57:21 2015 (r284576) @@ -423,46 +423,6 @@ again2: goto bad; } - if (m-m_pkthdr.len IN6_LINKMTU(rt-rt_ifp)) { - in6_ifstat_inc(rt-rt_ifp, ifs6_in_toobig); - if (mcopy) { - u_long mtu; -#ifdef IPSEC - struct secpolicy *sp; - int ipsecerror; - size_t ipsechdrsiz; -#endif /* IPSEC */ - - mtu = IN6_LINKMTU(rt-rt_ifp); -#ifdef IPSEC - /* -* When we do IPsec tunnel ingress, we need to play -* with the link value (decrement IPsec header size -* from mtu value). The code is much simpler than v4 -* case, as we have the outgoing interface for -* encapsulated packet as rt-rt_ifp. -*/ - sp = ipsec_getpolicybyaddr(mcopy, IPSEC_DIR_OUTBOUND, - IP_FORWARDING, ipsecerror); - if (sp) { - ipsechdrsiz = ipsec_hdrsiz(mcopy, - IPSEC_DIR_OUTBOUND, NULL); - if (ipsechdrsiz mtu) - mtu -= ipsechdrsiz; - } - - /* -* if mtu becomes less than minimum MTU, -* tell minimum MTU (and I'll need to fragment it). -*/ - if (mtu IPV6_MMTU) - mtu = IPV6_MMTU; -#endif /* IPSEC */ - icmp6_error(mcopy, ICMP6_PACKET_TOO_BIG, 0, mtu); - } - goto bad; - } - if (rt-rt_flags RTF_GATEWAY) dst = (struct sockaddr_in6 *)rt-rt_gateway; @@ -591,6 +551,47 @@ again2: } pass: + /* See if the size was changed by the packet filter. */ + if (m-m_pkthdr.len IN6_LINKMTU(rt-rt_ifp)) { + in6_ifstat_inc(rt-rt_ifp, ifs6_in_toobig); + if (mcopy) { + u_long mtu; +#ifdef IPSEC + struct secpolicy *sp; + int ipsecerror; + size_t ipsechdrsiz; +#endif /* IPSEC */ + + mtu = IN6_LINKMTU(rt-rt_ifp); +#ifdef IPSEC + /* +* When we do IPsec tunnel ingress, we need to play +* with the link value (decrement IPsec header size +* from mtu value). The code is much simpler than v4 +* case, as we have the outgoing interface for +* encapsulated packet as rt-rt_ifp. +*/ + sp = ipsec_getpolicybyaddr(mcopy, IPSEC_DIR_OUTBOUND, + IP_FORWARDING, ipsecerror); + if (sp) { + ipsechdrsiz = ipsec_hdrsiz(mcopy, + IPSEC_DIR_OUTBOUND, NULL); + if (ipsechdrsiz mtu) + mtu -= ipsechdrsiz; + } + + /* +* if mtu becomes less than minimum MTU, +* tell minimum MTU (and I'll need to fragment it). +*/ + if (mtu IPV6_MMTU) + mtu = IPV6_MMTU; +#endif /* IPSEC */ + icmp6_error(mcopy, ICMP6_PACKET_TOO_BIG, 0, mtu); + } + goto bad; + } + error = nd6_output(rt-rt_ifp, origifp, m, dst, rt); if (error) { in6_ifstat_inc(rt-rt_ifp, ifs6_out_discard); ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r284579 - in stable/10/sys: net netpfil/pf
Author: kp Date: Thu Jun 18 21:21:52 2015 New Revision: 284579 URL: https://svnweb.freebsd.org/changeset/base/284579 Log: Merge r278874, r278925, r278868 - Improve INET/INET6 scope. - style(9) declarations. - Make couple of local functions static. - Even more fixes to !INET and !INET6 kernels. In collaboration with pluknet - Toss declarations to fix regular build and NO_INET6 build. Differential Revision:https://reviews.freebsd.org/D2823 Reviewed by: gnn Modified: stable/10/sys/net/pfvar.h stable/10/sys/netpfil/pf/pf_norm.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/net/pfvar.h == --- stable/10/sys/net/pfvar.h Thu Jun 18 21:18:43 2015(r284578) +++ stable/10/sys/net/pfvar.h Thu Jun 18 21:21:52 2015(r284579) @@ -1566,14 +1566,18 @@ voidpf_free_rule(struct pf_rule *); #ifdef INET intpf_test(int, struct ifnet *, struct mbuf **, struct inpcb *); +intpf_normalize_ip(struct mbuf **, int, struct pfi_kif *, u_short *, + struct pf_pdesc *); #endif /* INET */ #ifdef INET6 intpf_test6(int, struct ifnet *, struct mbuf **, struct inpcb *); +intpf_normalize_ip6(struct mbuf **, int, struct pfi_kif *, u_short *, + struct pf_pdesc *); void pf_poolmask(struct pf_addr *, struct pf_addr*, struct pf_addr *, struct pf_addr *, u_int8_t); void pf_addr_inc(struct pf_addr *, sa_family_t); -intpf_refragment6(struct ifnet *ifp, struct mbuf **m0, struct m_tag *mtag); +intpf_refragment6(struct ifnet *, struct mbuf **, struct m_tag *); #endif /* INET6 */ u_int32_t pf_new_isn(struct pf_state *); @@ -1589,10 +1593,6 @@ int pf_match_port(u_int8_t, u_int16_t, u void pf_normalize_init(void); void pf_normalize_cleanup(void); -intpf_normalize_ip(struct mbuf **, int, struct pfi_kif *, u_short *, - struct pf_pdesc *); -intpf_normalize_ip6(struct mbuf **, int, struct pfi_kif *, u_short *, - struct pf_pdesc *); intpf_normalize_tcp(int, struct pfi_kif *, struct mbuf *, int, int, void *, struct pf_pdesc *); void pf_normalize_tcp_cleanup(struct pf_state *); Modified: stable/10/sys/netpfil/pf/pf_norm.c == --- stable/10/sys/netpfil/pf/pf_norm.c Thu Jun 18 21:18:43 2015 (r284578) +++ stable/10/sys/netpfil/pf/pf_norm.c Thu Jun 18 21:21:52 2015 (r284579) @@ -135,35 +135,30 @@ static int pf_frag_compare(struct pf_f static RB_PROTOTYPE(pf_frag_tree, pf_fragment, fr_entry, pf_frag_compare); static RB_GENERATE(pf_frag_tree, pf_fragment, fr_entry, pf_frag_compare); -/* Private prototypes */ -static void pf_free_fragment(struct pf_fragment *); -static void pf_remove_fragment(struct pf_fragment *); -static int pf_normalize_tcpopt(struct pf_rule *, struct mbuf *, - struct tcphdr *, int, sa_family_t); -#ifdef INET -static void pf_scrub_ip(struct mbuf **, u_int32_t, u_int8_t, - u_int8_t); -static void pf_flush_fragments(void); +static voidpf_flush_fragments(void); +static voidpf_free_fragment(struct pf_fragment *); +static voidpf_remove_fragment(struct pf_fragment *); +static int pf_normalize_tcpopt(struct pf_rule *, struct mbuf *, + struct tcphdr *, int, sa_family_t); +static struct pf_frent *pf_create_fragment(u_short *); static struct pf_fragment *pf_find_fragment(struct pf_fragment_cmp *key, - struct pf_frag_tree *tree); -struct pf_frent*pf_create_fragment(u_short *); -static int pf_reassemble(struct mbuf **, struct ip *, int, - u_short *); -intpf_reassemble6(struct mbuf **, struct ip6_hdr *, - struct ip6_frag *, uint16_t, uint16_t, int, - u_short *); -static struct mbuf *pf_fragcache(struct mbuf **, struct ip*, - struct pf_fragment **, int, int, int *); + struct pf_frag_tree *tree); static struct pf_fragment *pf_fillup_fragment(struct pf_fragment_cmp *, - struct pf_frent *, u_short *); -intpf_isfull_fragment(struct pf_fragment *); -struct mbuf*pf_join_fragment(struct pf_fragment *); - - -#endif /* INET */ + struct pf_frent *, u_short *); +static int pf_isfull_fragment(struct pf_fragment *); +static struct mbuf *pf_join_fragment(struct pf_fragment *); +#ifdef INET +static voidpf_scrub_ip(struct mbuf **, uint32_t, uint8_t, uint8_t); +static int pf_reassemble(struct mbuf **, struct ip *, int, u_short *); +static struct mbuf *pf_fragcache(struct mbuf **, struct ip*, +
svn commit: r284575 - stable/10/sys/netinet6
Author: kp Date: Thu Jun 18 20:45:37 2015 New Revision: 284575 URL: https://svnweb.freebsd.org/changeset/base/284575 Log: Merge r281165 Remove duplicate code We'll just fall into the same local delivery block under the 'if (m-m_flags M_FASTFWD_OURS)'. Suggested by: ae Differential Revision:https://reviews.freebsd.org/D2820 Reviewed by: gnn Modified: stable/10/sys/netinet6/ip6_forward.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netinet6/ip6_forward.c == --- stable/10/sys/netinet6/ip6_forward.cThu Jun 18 20:43:16 2015 (r284574) +++ stable/10/sys/netinet6/ip6_forward.cThu Jun 18 20:45:37 2015 (r284575) @@ -557,22 +557,9 @@ again2: if (!IN6_ARE_ADDR_EQUAL(odst, ip6-ip6_dst)) { m-m_flags |= M_SKIP_FIREWALL; /* If destination is now ourself drop to ip6_input(). */ - if (in6_localip(ip6-ip6_dst)) { + if (in6_localip(ip6-ip6_dst)) m-m_flags |= M_FASTFWD_OURS; - if (m-m_pkthdr.rcvif == NULL) - m-m_pkthdr.rcvif = V_loif; - if (m-m_pkthdr.csum_flags CSUM_DELAY_DATA_IPV6) { - m-m_pkthdr.csum_flags |= - CSUM_DATA_VALID_IPV6 | CSUM_PSEUDO_HDR; - m-m_pkthdr.csum_data = 0x; - } -#ifdef SCTP - if (m-m_pkthdr.csum_flags CSUM_SCTP_IPV6) - m-m_pkthdr.csum_flags |= CSUM_SCTP_VALID; -#endif - error = netisr_queue(NETISR_IPV6, m); - goto out; - } else + else goto again; /* Redo the routing table lookup. */ } ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r284580 - stable/10/sys/netpfil/pf
Author: kp Date: Thu Jun 18 21:23:41 2015 New Revision: 284580 URL: https://svnweb.freebsd.org/changeset/base/284580 Log: Merge r284222, r284260 pf: address family must be set when creating a pf_fragment Fix a panic when handling fragmented ip4 packets with 'drop-ovl' set. In that scenario we take a different branch in pf_normalize_ip(), taking us to pf_fragcache() (rather than pf_reassemble()). In pf_fragcache() we create a pf_fragment, but do not set the address family. This leads to a panic when we try to insert that into pf_frag_tree because pf_addr_cmp(), which is used to compare the pf_fragments doesn't know what to do if the address family is not set. Simply ensure that the address family is set correctly (always AF_INET in this path). When we try to look up a pf_fragment with pf_find_fragment() we compare (see pf_frag_compare()) addresses (and family), but also protocol. We failed to save the protocol to the pf_fragment in pf_fragcache(), resulting in failing reassembly. PR: 200330 Differential Revision:https://reviews.freebsd.org/D2824 Reviewed by: gnn Modified: stable/10/sys/netpfil/pf/pf_norm.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netpfil/pf/pf_norm.c == --- stable/10/sys/netpfil/pf/pf_norm.c Thu Jun 18 21:21:52 2015 (r284579) +++ stable/10/sys/netpfil/pf/pf_norm.c Thu Jun 18 21:23:41 2015 (r284580) @@ -825,6 +825,8 @@ pf_fragcache(struct mbuf **m0, struct ip (*frag)-fr_max = 0; (*frag)-fr_src.v4 = h-ip_src; (*frag)-fr_dst.v4 = h-ip_dst; + (*frag)-fr_af = AF_INET; + (*frag)-fr_proto = h-ip_p; (*frag)-fr_id = h-ip_id; (*frag)-fr_timeout = time_uptime; ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r284570 - stable/10/sys/netinet6
Author: kp Date: Thu Jun 18 20:32:53 2015 New Revision: 284570 URL: https://svnweb.freebsd.org/changeset/base/284570 Log: Merge r278842 Factor out ip6_fragment() function, to be used in IPv6 stack and pf(4). Differential Revision:https://reviews.freebsd.org/D2815 Reviewed by: gnn Modified: stable/10/sys/netinet6/ip6_output.c stable/10/sys/netinet6/ip6_var.h Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netinet6/ip6_output.c == --- stable/10/sys/netinet6/ip6_output.c Thu Jun 18 20:28:52 2015 (r284569) +++ stable/10/sys/netinet6/ip6_output.c Thu Jun 18 20:32:53 2015 (r284570) @@ -208,6 +208,65 @@ in6_delayed_cksum(struct mbuf *m, uint32 *(u_short *)(m-m_data + offset) = csum; } +int +ip6_fragment(struct ifnet *ifp, struct mbuf *m0, int hlen, u_char nextproto, +int mtu) +{ + struct mbuf *m, **mnext, *m_frgpart; + struct ip6_hdr *ip6, *mhip6; + struct ip6_frag *ip6f; + int off; + int error; + int tlen = m0-m_pkthdr.len; + uint32_t id = htonl(ip6_randomid()); + + m = m0; + ip6 = mtod(m, struct ip6_hdr *); + mnext = m-m_nextpkt; + + for (off = hlen; off tlen; off += mtu) { + m = m_gethdr(M_NOWAIT, MT_DATA); + if (!m) { + IP6STAT_INC(ip6s_odropped); + return (ENOBUFS); + } + m-m_flags = m0-m_flags M_COPYFLAGS; + *mnext = m; + mnext = m-m_nextpkt; + m-m_data += max_linkhdr; + mhip6 = mtod(m, struct ip6_hdr *); + *mhip6 = *ip6; + m-m_len = sizeof(*mhip6); + error = ip6_insertfraghdr(m0, m, hlen, ip6f); + if (error) { + IP6STAT_INC(ip6s_odropped); + return (error); + } + ip6f-ip6f_offlg = htons((u_short)((off - hlen) ~7)); + if (off + mtu = tlen) + mtu = tlen - off; + else + ip6f-ip6f_offlg |= IP6F_MORE_FRAG; + mhip6-ip6_plen = htons((u_short)(mtu + hlen + + sizeof(*ip6f) - sizeof(struct ip6_hdr))); + if ((m_frgpart = m_copy(m0, off, mtu)) == 0) { + IP6STAT_INC(ip6s_odropped); + return (ENOBUFS); + } + m_cat(m, m_frgpart); + m-m_pkthdr.len = mtu + hlen + sizeof(*ip6f); + m-m_pkthdr.fibnum = m0-m_pkthdr.fibnum; + m-m_pkthdr.rcvif = NULL; + ip6f-ip6f_reserved = 0; + ip6f-ip6f_ident = id; + ip6f-ip6f_nxt = nextproto; + IP6STAT_INC(ip6s_ofragments); + in6_ifstat_inc(ifp, ifs6_out_fragcreat); + } + + return (0); +} + /* * IP6 output. The packet in mbuf chain m contains a skeletal IP6 * header (with pri, len, nxt, hlim, src, dst). @@ -229,11 +288,11 @@ ip6_output(struct mbuf *m0, struct ip6_p struct route_in6 *ro, int flags, struct ip6_moptions *im6o, struct ifnet **ifpp, struct inpcb *inp) { - struct ip6_hdr *ip6, *mhip6; + struct ip6_hdr *ip6; struct ifnet *ifp, *origifp; struct mbuf *m = m0; struct mbuf *mprev = NULL; - int hlen, tlen, len, off; + int hlen, tlen, len; struct route_in6 ip6route; struct rtentry *rt = NULL; struct sockaddr_in6 *dst, src_sa, dst_sa; @@ -866,9 +925,6 @@ passout: in6_ifstat_inc(ifp, ifs6_out_fragfail); goto bad; } else { - struct mbuf **mnext, *m_frgpart; - struct ip6_frag *ip6f; - u_int32_t id = htonl(ip6_randomid()); u_char nextproto; int qslots = ifp-if_snd.ifq_maxlen - ifp-if_snd.ifq_len; @@ -916,8 +972,6 @@ passout: m-m_pkthdr.csum_flags = ~CSUM_SCTP_IPV6; } #endif - mnext = m-m_nextpkt; - /* * Change the next header field of the last header in the * unfragmentable part. @@ -942,47 +996,8 @@ passout: * chain. */ m0 = m; - for (off = hlen; off tlen; off += len) { - m = m_gethdr(M_NOWAIT, MT_DATA); - if (!m) { - error = ENOBUFS; - IP6STAT_INC(ip6s_odropped); - goto sendorfree; - } - m-m_flags = m0-m_flags M_COPYFLAGS; - *mnext = m; - mnext = m-m_nextpkt; - m-m_data += max_linkhdr; - mhip6 = mtod(m, struct ip6_hdr *); -
svn commit: r284572 - in stable/10/sys: netinet6 netpfil/pf
Author: kp Date: Thu Jun 18 20:40:36 2015 New Revision: 284572 URL: https://svnweb.freebsd.org/changeset/base/284572 Log: Merge r280955 Preserve IPv6 fragment IDs accross reassembly and refragmentation When forwarding fragmented IPv6 packets and filtering with PF we reassemble and refragment. That means we generate new fragment headers and a new fragment ID. We already save the fragment IDs so we can do the reassembly so it's straightforward to apply the incoming fragment ID on the refragmented packets. Differential Revision:https://reviews.freebsd.org/D2817 Reviewed by: gnn Modified: stable/10/sys/netinet6/ip6_output.c stable/10/sys/netinet6/ip6_var.h stable/10/sys/netpfil/pf/pf_norm.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netinet6/ip6_output.c == --- stable/10/sys/netinet6/ip6_output.c Thu Jun 18 20:34:39 2015 (r284571) +++ stable/10/sys/netinet6/ip6_output.c Thu Jun 18 20:40:36 2015 (r284572) @@ -210,7 +210,7 @@ in6_delayed_cksum(struct mbuf *m, uint32 int ip6_fragment(struct ifnet *ifp, struct mbuf *m0, int hlen, u_char nextproto, -int mtu) +int mtu, uint32_t id) { struct mbuf *m, **mnext, *m_frgpart; struct ip6_hdr *ip6, *mhip6; @@ -218,7 +218,6 @@ ip6_fragment(struct ifnet *ifp, struct m int off; int error; int tlen = m0-m_pkthdr.len; - uint32_t id = htonl(ip6_randomid()); m = m0; ip6 = mtod(m, struct ip6_hdr *); @@ -309,6 +308,7 @@ ip6_output(struct mbuf *m0, struct ip6_p int hdrsplit = 0; int sw_csum, tso; struct m_tag *fwd_tag = NULL; + uint32_t id; ip6 = mtod(m, struct ip6_hdr *); if (ip6 == NULL) { @@ -996,7 +996,8 @@ passout: * chain. */ m0 = m; - if ((error = ip6_fragment(ifp, m, hlen, nextproto, len))) + id = htonl(ip6_randomid()); + if ((error = ip6_fragment(ifp, m, hlen, nextproto, len, id))) goto sendorfree; in6_ifstat_inc(ifp, ifs6_out_fragok); Modified: stable/10/sys/netinet6/ip6_var.h == --- stable/10/sys/netinet6/ip6_var.hThu Jun 18 20:34:39 2015 (r284571) +++ stable/10/sys/netinet6/ip6_var.hThu Jun 18 20:40:36 2015 (r284572) @@ -426,7 +426,8 @@ voidip6_clearpktopts(struct ip6_pktopts struct ip6_pktopts *ip6_copypktopts(struct ip6_pktopts *, int); intip6_optlen(struct inpcb *); intip6_deletefraghdr(struct mbuf *, int, int); -intip6_fragment(struct ifnet *, struct mbuf *, int, u_char, int); +intip6_fragment(struct ifnet *, struct mbuf *, int, u_char, int, + uint32_t); introute6_input(struct mbuf **, int *, int); Modified: stable/10/sys/netpfil/pf/pf_norm.c == --- stable/10/sys/netpfil/pf/pf_norm.c Thu Jun 18 20:34:39 2015 (r284571) +++ stable/10/sys/netpfil/pf/pf_norm.c Thu Jun 18 20:40:36 2015 (r284572) @@ -104,6 +104,7 @@ struct pf_fragment_tag { uint16_tft_hdrlen; /* header length of reassembled pkt */ uint16_tft_extoff; /* last extension header offset or 0 */ uint16_tft_maxlen; /* maximum fragment payload length */ + uint32_tft_id; /* fragment id */ }; static struct mtx pf_frag_mtx; @@ -681,6 +682,7 @@ pf_reassemble6(struct mbuf **m0, struct struct m_tag*mtag; struct pf_fragment_tag *ftag; int off; + uint32_t frag_id; uint16_t total, maxlen; uint8_t proto; @@ -723,6 +725,7 @@ pf_reassemble6(struct mbuf **m0, struct /* We have all the data. */ extoff = frent-fe_extoff; maxlen = frag-fr_maxlen; + frag_id = frag-fr_id; frent = TAILQ_FIRST(frag-fr_queue); KASSERT(frent != NULL, (frent != NULL)); total = TAILQ_LAST(frag-fr_queue, pf_fragq)-fe_off + @@ -759,6 +762,7 @@ pf_reassemble6(struct mbuf **m0, struct ftag-ft_hdrlen = hdrlen; ftag-ft_extoff = extoff; ftag-ft_maxlen = maxlen; + ftag-ft_id = frag_id; m_tag_prepend(m, mtag); ip6 = mtod(m, struct ip6_hdr *); @@ -1100,6 +1104,7 @@ pf_refragment6(struct ifnet *ifp, struct struct mbuf *m = *m0, *t; struct pf_fragment_tag *ftag = (struct pf_fragment_tag *)(mtag + 1); struct pf_pdesc pd; + uint32_t frag_id; uint16_t hdrlen, extoff, maxlen; uint8_t proto; int error, action; @@ -1107,6 +1112,7 @@
svn commit: r284574 - stable/10/sys/netpfil/pf
Author: kp Date: Thu Jun 18 20:43:16 2015 New Revision: 284574 URL: https://svnweb.freebsd.org/changeset/base/284574 Log: Merge r281164 pf: Skip firewall for refragmented ip6 packets In cases where we scrub (fragment reassemble) on both input and output we risk ending up in infinite loops when forwarding packets. Fragmented packets come in and get collected until we can defragment. At that point the defragmented packet is handed back to the ip stack (at the pfil point in ip6_input(). Normal processing continues. Eventually we figure out that the packet has to be forwarded and we end up at the pfil hook in ip6_forward(). After doing the inspection on the defragmented packet we see that the packet has been defragmented and because we're forwarding we have to refragment it. In pf_refragment6() we split the packet up again and then ip6_forward() the individual fragments. Those fragments hit the pfil hook on the way out, so they're collected until we can reconstruct the full packet, at which point we're right back where we left off and things continue until we run out of stack. Break that loop by marking the fragments generated by pf_refragment6() as M_SKIP_FIREWALL. There's no point in processing those packets in the firewall anyway. We've already filtered on the full packet. Differential Revision:https://reviews.freebsd.org/D2819 Reviewed by: gnn Modified: stable/10/sys/netpfil/pf/pf_norm.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netpfil/pf/pf_norm.c == --- stable/10/sys/netpfil/pf/pf_norm.c Thu Jun 18 20:41:55 2015 (r284573) +++ stable/10/sys/netpfil/pf/pf_norm.c Thu Jun 18 20:43:16 2015 (r284574) @@ -1158,6 +1158,7 @@ pf_refragment6(struct ifnet *ifp, struct for (t = m; m; m = t) { t = m-m_nextpkt; m-m_nextpkt = NULL; + m-m_flags |= M_SKIP_FIREWALL; memset(pd, 0, sizeof(pd)); pd.pf_mtag = pf_find_mtag(m); if (error == 0) ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r284577 - stable/10/sys/netpfil/pf
Author: kp Date: Thu Jun 18 20:59:48 2015 New Revision: 284577 URL: https://svnweb.freebsd.org/changeset/base/284577 Log: Merge r281536 pf: Fix forwarding detection If the direction is not PF_OUT we can never be forwarding. Some input packets have rcvif != ifp (looped back packets), which lead us to ip6_forward() inbound packets, causing panics. Equally, we need to ensure that packets were really received and not locally generated before trying to ip6_forward() them. Differential Revision:https://reviews.freebsd.org/D2822 Reviewed by: gnn Modified: stable/10/sys/netpfil/pf/pf.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netpfil/pf/pf.c == --- stable/10/sys/netpfil/pf/pf.c Thu Jun 18 20:57:21 2015 (r284576) +++ stable/10/sys/netpfil/pf/pf.c Thu Jun 18 20:59:48 2015 (r284577) @@ -6078,7 +6078,7 @@ pf_test6(int dir, struct ifnet *ifp, str M_ASSERTPKTHDR(m); - if (ifp != m-m_pkthdr.rcvif) + if (dir == PF_OUT m-m_pkthdr.rcvif ifp != m-m_pkthdr.rcvif) fwdir = PF_FWD; if (!V_pf_status.running) ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r284581 - stable/10/sys/netpfil/pf
Author: kp Date: Thu Jun 18 21:25:07 2015 New Revision: 284581 URL: https://svnweb.freebsd.org/changeset/base/284581 Log: Merge r284280 pf: Remove frc_direction We don't use the direction of the fragments for anything. The frc_direction field is assigned, but never read. Just remove it. Differential Revision:https://reviews.freebsd.org/D2825 Reviewed by: gnn Modified: stable/10/sys/netpfil/pf/pf_norm.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netpfil/pf/pf_norm.c == --- stable/10/sys/netpfil/pf/pf_norm.c Thu Jun 18 21:23:41 2015 (r284580) +++ stable/10/sys/netpfil/pf/pf_norm.c Thu Jun 18 21:25:07 2015 (r284581) @@ -75,7 +75,6 @@ struct pf_fragment_cmp { uint32_tfrc_id; sa_family_t frc_af; uint8_t frc_proto; - uint8_t frc_direction; }; struct pf_fragment { @@ -85,7 +84,6 @@ struct pf_fragment { #define fr_id fr_key.frc_id #define fr_af fr_key.frc_af #define fr_proto fr_key.frc_proto -#define fr_direction fr_key.frc_direction RB_ENTRY(pf_fragment) fr_entry; TAILQ_ENTRY(pf_fragment) frag_next; @@ -155,7 +153,7 @@ static struct mbuf *pf_fragcache(struct #endif /* INET */ #ifdef INET6 static int pf_reassemble6(struct mbuf **, struct ip6_hdr *, - struct ip6_frag *, uint16_t, uint16_t, int, u_short *); + struct ip6_frag *, uint16_t, uint16_t, u_short *); static voidpf_scrub_ip6(struct mbuf **, uint8_t); #endif /* INET6 */ @@ -176,7 +174,6 @@ pf_ip2key(struct ip *ip, int dir, struct key-frc_af = AF_INET; key-frc_proto = ip-ip_p; key-frc_id = ip-ip_id; - key-frc_direction = dir; } #endif /* INET */ @@ -665,7 +662,7 @@ pf_reassemble(struct mbuf **m0, struct i #ifdef INET6 static int pf_reassemble6(struct mbuf **m0, struct ip6_hdr *ip6, struct ip6_frag *fraghdr, -uint16_t hdrlen, uint16_t extoff, int dir, u_short *reason) +uint16_t hdrlen, uint16_t extoff, u_short *reason) { struct mbuf *m = *m0; struct pf_frent *frent; @@ -699,7 +696,6 @@ pf_reassemble6(struct mbuf **m0, struct /* Only the first fragment's protocol is relevant. */ key.frc_proto = 0; key.frc_id = fraghdr-ip6f_ident; - key.frc_direction = dir; if ((frag = pf_fillup_fragment(key, frent, reason)) == NULL) { PF_FRAG_UNLOCK(); @@ -1572,7 +1568,7 @@ pf_normalize_ip6(struct mbuf **m0, int d off += sizeof(frag); /* Returns PF_DROP or *m0 is NULL or completely reassembled mbuf. */ - if (pf_reassemble6(m0, h, frag, off, extoff, dir, reason) != PF_PASS) + if (pf_reassemble6(m0, h, frag, off, extoff, reason) != PF_PASS) return (PF_DROP); m = *m0; if (m == NULL) ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org
svn commit: r284584 - in stable/10: gnu/usr.bin/groff/tmac lib/clang sys/conf
Author: gjb Date: Fri Jun 19 00:00:32 2015 New Revision: 284584 URL: https://svnweb.freebsd.org/changeset/base/284584 Log: Update stable/10 from 10.1-STABLE to 10.2-PRERELEASE, marking the official start of the code slush. Set the default mdoc(7) version to 10.2, and update the clang(1) TARGET_TRIPLE and BUILD_TRIPLE to reflect 10.2. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Modified: stable/10/gnu/usr.bin/groff/tmac/mdoc.local stable/10/lib/clang/clang.build.mk stable/10/sys/conf/newvers.sh Modified: stable/10/gnu/usr.bin/groff/tmac/mdoc.local == --- stable/10/gnu/usr.bin/groff/tmac/mdoc.local Thu Jun 18 23:14:45 2015 (r284583) +++ stable/10/gnu/usr.bin/groff/tmac/mdoc.local Fri Jun 19 00:00:32 2015 (r284584) @@ -50,7 +50,7 @@ .ds doc-str-Lb-libstdthreads C11 Threads Library (libstdthreads, \-lstdthreads) . .\ Default .Os value -.ds doc-default-operating-system FreeBSD\~10.1 +.ds doc-default-operating-system FreeBSD\~10.2 . .\ FreeBSD releases not found in doc-common .ds doc-operating-system-FreeBSD-7.47.4 @@ -61,6 +61,7 @@ .ds doc-operating-system-FreeBSD-9.39.3 .ds doc-operating-system-FreeBSD-10.0 10.0 .ds doc-operating-system-FreeBSD-10.1 10.1 +.ds doc-operating-system-FreeBSD-10.2 10.2 .ds doc-operating-system-FreeBSD-11.0 11.0 . .\ Definitions for other *BSDs not (yet) in doc-common Modified: stable/10/lib/clang/clang.build.mk == --- stable/10/lib/clang/clang.build.mk Thu Jun 18 23:14:45 2015 (r284583) +++ stable/10/lib/clang/clang.build.mk Fri Jun 19 00:00:32 2015 (r284584) @@ -27,8 +27,8 @@ TARGET_ABI= gnueabi TARGET_ABI=unknown .endif -TARGET_TRIPLE?=${TARGET_ARCH:C/amd64/x86_64/}-${TARGET_ABI}-freebsd10.1 -BUILD_TRIPLE?= ${BUILD_ARCH:C/amd64/x86_64/}-unknown-freebsd10.1 +TARGET_TRIPLE?=${TARGET_ARCH:C/amd64/x86_64/}-${TARGET_ABI}-freebsd10.2 +BUILD_TRIPLE?= ${BUILD_ARCH:C/amd64/x86_64/}-unknown-freebsd10.2 CFLAGS+= -DLLVM_DEFAULT_TARGET_TRIPLE=\${TARGET_TRIPLE}\ \ -DLLVM_HOST_TRIPLE=\${BUILD_TRIPLE}\ \ -DDEFAULT_SYSROOT=\${TOOLS_PREFIX}\ Modified: stable/10/sys/conf/newvers.sh == --- stable/10/sys/conf/newvers.sh Thu Jun 18 23:14:45 2015 (r284583) +++ stable/10/sys/conf/newvers.sh Fri Jun 19 00:00:32 2015 (r284584) @@ -31,8 +31,8 @@ # $FreeBSD$ TYPE=FreeBSD -REVISION=10.1 -BRANCH=STABLE +REVISION=10.2 +BRANCH=PRERELEASE if [ X${BRANCH_OVERRIDE} != X ]; then BRANCH=${BRANCH_OVERRIDE} fi ___ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to svn-src-stable-10-unsubscr...@freebsd.org