Author: cy
Date: Fri Aug 10 00:04:32 2018
New Revision: 337558
URL: https://svnweb.freebsd.org/changeset/base/337558
Log:
Identify the return value (rval) that led to the IPv4 NAT failure
in ipf_nat_checkout() and report it in the frb_natv4out and frb_natv4in
dtrace probes.
This is currently being used to diagnose NAT failures in PR/208566. It's
rather handy so this commit makes it available for future diagnosis and
debugging efforts.
PR: 208566
MFC after: 1 week
Modified:
head/sys/contrib/ipfilter/netinet/ip_nat.c
Modified: head/sys/contrib/ipfilter/netinet/ip_nat.c
==============================================================================
--- head/sys/contrib/ipfilter/netinet/ip_nat.c Fri Aug 10 00:01:21 2018
(r337557)
+++ head/sys/contrib/ipfilter/netinet/ip_nat.c Fri Aug 10 00:04:32 2018
(r337558)
@@ -4951,7 +4951,7 @@ retry_roundrobin:
case 0 :
continue;
case -1 :
- rval = -1;
+ rval = -3;
goto outmatchfail;
case 1 :
default :
@@ -4996,7 +4996,7 @@ retry_roundrobin:
natfailed = 0;
break;
}
- natfailed = -1;
+ natfailed = -2;
}
if ((np == NULL) && (nmsk < softn->ipf_nat_map_max)) {
nmsk++;
@@ -5021,15 +5021,23 @@ outmatchfail:
switch (rval)
{
+ case -3 :
+ /* ipf_nat_match() failure */
+ /* FALLTHROUGH */
+ case -2 :
+ /* retry_roundrobin loop failure */
+ /* FALLTHROUGH */
case -1 :
+ /* proxy failure detected by ipf_nat_out() */
if (passp != NULL) {
- DT1(frb_natv4out, fr_info_t *, fin);
+ DT2(frb_natv4out, fr_info_t *, fin, int, rval);
NBUMPSIDED(1, ns_drop);
*passp = FR_BLOCK;
fin->fin_reason = FRB_NATV4;
}
fin->fin_flx |= FI_BADNAT;
NBUMPSIDED(1, ns_badnat);
+ rval = -1; /* We only return -1 on error. */
break;
case 0 :
NBUMPSIDE(1, ns_ignored);
@@ -5437,7 +5445,7 @@ retry_roundrobin:
case 0 :
continue;
case -1 :
- rval = -1;
+ rval = -3;
goto inmatchfail;
case 1 :
default :
@@ -5484,7 +5492,7 @@ retry_roundrobin:
natfailed = 0;
break;
}
- natfailed = -1;
+ natfailed = -2;
}
if ((np == NULL) && (rmsk < softn->ipf_nat_rdr_max)) {
rmsk++;
@@ -5509,15 +5517,23 @@ inmatchfail:
switch (rval)
{
+ case -3 :
+ /* ipf_nat_match() failure */
+ /* FALLTHROUGH */
+ case -2 :
+ /* retry_roundrobin loop failure */
+ /* FALLTHROUGH */
case -1 :
+ /* proxy failure detected by ipf_nat_out() */
if (passp != NULL) {
- DT1(frb_natv4in, fr_info_t *, fin);
+ DT2(frb_natv4in, fr_info_t *, fin, int, rval);
NBUMPSIDED(0, ns_drop);
*passp = FR_BLOCK;
fin->fin_reason = FRB_NATV4;
}
fin->fin_flx |= FI_BADNAT;
NBUMPSIDED(0, ns_badnat);
+ rval = -1; /* We only return -1 on error. */
break;
case 0 :
NBUMPSIDE(0, ns_ignored);
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
