On Wed, 10 Jun 2020 13:06:13 +0000 (UTC) "Andrey V. Elsukov" <a...@freebsd.org> wrote:
> Author: ae > Date: Wed Jun 10 13:06:13 2020 > New Revision: 362009 > URL: https://svnweb.freebsd.org/changeset/base/362009 > > Log: > MFC r361749: > Add if_reassign method to all tunneling interfaces. > > After r339550 tunneling interfaces have started handle appearing > and disappearing of ingress IP address on the host system. > When such interfaces are moving into VNET jail, they lose ability > to properly handle ifaddr_event_ext event. And this leads to need to > reconfigure tunnel to make it working again. > > Since moving an interface into VNET jail leads to removing of all > IP addresses, it looks consistent, that tunnel configuration should > also be cleared. This is what will do if_reassign method. Sorry for not noticing this one before, but albeit jumping in late, I have to state two objections: 1) what exactly is the use-case / purpose of moving clonable interfaces from one vnet to another while removing their tunnel configs? Apparently gif / gre already have virtualized cloners, so if a vnet owner needs a new instance of gif / gre, it can create it there? We should either entirely prohibit moving such ifnets to child vnets, or allow their tunnel endpoints to exist in the parent vnet space, while permitting the traffic from child vnets to be encapsulated. 2) the behavior introduced by this change is inconsistent with how other clonable interfaces have worked since 8.0, e.g if_vlan instances can be moved (loaned) to a child vnet, and in such cases they remain tied to their parent (physical) ethernet ifnets. Similarly, ng_eiface can be loaned to a chiled vnet, but its netgraph part remains in the parent vnet. So now we got a confusion++, perhaps for a good reason, but I fail to see the proper justification (execpt that someone wanted to see this patch commited). Cheers, Marko > > Reported by: John W. O'Brien <john saltant com> > > Modified: > stable/12/sys/net/if_gif.c > stable/12/sys/net/if_gre.c > stable/12/sys/net/if_ipsec.c > stable/12/sys/net/if_me.c > Directory Properties: > stable/12/ (props changed) > > Modified: stable/12/sys/net/if_gif.c > ============================================================================== > --- stable/12/sys/net/if_gif.c Wed Jun 10 09:31:37 2020 > (r362008) +++ stable/12/sys/net/if_gif.c Wed Jun 10 13:06:13 > 2020 (r362009) @@ -104,6 +104,9 @@ void > (*ng_gif_input_orphan_p)(struct ifnet *ifp, struc void > (*ng_gif_attach_p)(struct ifnet *ifp); void > (*ng_gif_detach_p)(struct ifnet *ifp); > +#ifdef VIMAGE > +static void gif_reassign(struct ifnet *, struct vnet *, char > *); +#endif > static void gif_delete_tunnel(struct gif_softc *); > static int gif_ioctl(struct ifnet *, u_long, caddr_t); > static int gif_transmit(struct ifnet *, struct mbuf *); > @@ -150,6 +153,9 @@ gif_clone_create(struct if_clone *ifc, int unit, > caddr GIF2IFP(sc)->if_transmit = gif_transmit; > GIF2IFP(sc)->if_qflush = gif_qflush; > GIF2IFP(sc)->if_output = gif_output; > +#ifdef VIMAGE > + GIF2IFP(sc)->if_reassign = gif_reassign; > +#endif > GIF2IFP(sc)->if_capabilities |= IFCAP_LINKSTATE; > GIF2IFP(sc)->if_capenable |= IFCAP_LINKSTATE; > if_attach(GIF2IFP(sc)); > @@ -159,6 +165,21 @@ gif_clone_create(struct if_clone *ifc, int unit, > caddr > return (0); > } > + > +#ifdef VIMAGE > +static void > +gif_reassign(struct ifnet *ifp, struct vnet *new_vnet __unused, > + char *unused __unused) > +{ > + struct gif_softc *sc; > + > + sx_xlock(&gif_ioctl_sx); > + sc = ifp->if_softc; > + if (sc != NULL) > + gif_delete_tunnel(sc); > + sx_xunlock(&gif_ioctl_sx); > +} > +#endif /* VIMAGE */ > > static void > gif_clone_destroy(struct ifnet *ifp) > > Modified: stable/12/sys/net/if_gre.c > ============================================================================== > --- stable/12/sys/net/if_gre.c Wed Jun 10 09:31:37 2020 > (r362008) +++ stable/12/sys/net/if_gre.c Wed Jun 10 13:06:13 > 2020 (r362009) @@ -107,6 +107,9 @@ static void > gre_clone_destroy(struct ifnet *); VNET_DEFINE_STATIC(struct if_clone > *, gre_cloner); #define V_gre_cloner VNET(gre_cloner) > > +#ifdef VIMAGE > +static void gre_reassign(struct ifnet *, struct vnet *, char > *); +#endif > static void gre_qflush(struct ifnet *); > static int gre_transmit(struct ifnet *, struct mbuf *); > static int gre_ioctl(struct ifnet *, u_long, caddr_t); > @@ -183,12 +186,30 @@ gre_clone_create(struct if_clone *ifc, int > unit, caddr GRE2IFP(sc)->if_ioctl = gre_ioctl; > GRE2IFP(sc)->if_transmit = gre_transmit; > GRE2IFP(sc)->if_qflush = gre_qflush; > +#ifdef VIMAGE > + GRE2IFP(sc)->if_reassign = gre_reassign; > +#endif > GRE2IFP(sc)->if_capabilities |= IFCAP_LINKSTATE; > GRE2IFP(sc)->if_capenable |= IFCAP_LINKSTATE; > if_attach(GRE2IFP(sc)); > bpfattach(GRE2IFP(sc), DLT_NULL, sizeof(u_int32_t)); > return (0); > } > + > +#ifdef VIMAGE > +static void > +gre_reassign(struct ifnet *ifp, struct vnet *new_vnet __unused, > + char *unused __unused) > +{ > + struct gre_softc *sc; > + > + sx_xlock(&gre_ioctl_sx); > + sc = ifp->if_softc; > + if (sc != NULL) > + gre_delete_tunnel(sc); > + sx_xunlock(&gre_ioctl_sx); > +} > +#endif /* VIMAGE */ > > static void > gre_clone_destroy(struct ifnet *ifp) > > Modified: stable/12/sys/net/if_ipsec.c > ============================================================================== > --- stable/12/sys/net/if_ipsec.c Wed Jun 10 09:31:37 > 2020 (r362008) +++ stable/12/sys/net/if_ipsec.c Wed Jun > 10 13:06:13 2020 (r362009) @@ -169,6 +169,9 @@ static > int ipsec_set_addresses(struct ifnet *, struct static > int ipsec_set_reqid(struct ipsec_softc *, uint32_t); static > void ipsec_set_running(struct ipsec_softc *); > +#ifdef VIMAGE > +static void ipsec_reassign(struct ifnet *, struct vnet *, > char *); +#endif > static void ipsec_srcaddr(void *, const struct sockaddr *, > int); static int ipsec_ioctl(struct ifnet *, u_long, caddr_t); > static int ipsec_transmit(struct ifnet *, struct mbuf *); > @@ -200,11 +203,29 @@ ipsec_clone_create(struct if_clone *ifc, int > unit, cad ifp->if_transmit = ipsec_transmit; > ifp->if_qflush = ipsec_qflush; > ifp->if_output = ipsec_output; > +#ifdef VIMAGE > + ifp->if_reassign = ipsec_reassign; > +#endif > if_attach(ifp); > bpfattach(ifp, DLT_NULL, sizeof(uint32_t)); > > return (0); > } > + > +#ifdef VIMAGE > +static void > +ipsec_reassign(struct ifnet *ifp, struct vnet *new_vnet __unused, > + char *unused __unused) > +{ > + struct ipsec_softc *sc; > + > + sx_xlock(&ipsec_ioctl_sx); > + sc = ifp->if_softc; > + if (sc != NULL) > + ipsec_delete_tunnel(sc); > + sx_xunlock(&ipsec_ioctl_sx); > +} > +#endif /* VIMAGE */ > > static void > ipsec_clone_destroy(struct ifnet *ifp) > > Modified: stable/12/sys/net/if_me.c > ============================================================================== > --- stable/12/sys/net/if_me.c Wed Jun 10 09:31:37 2020 > (r362008) +++ stable/12/sys/net/if_me.c Wed Jun 10 13:06:13 > 2020 (r362009) @@ -113,6 +113,9 @@ static void > me_clone_destroy(struct ifnet *); VNET_DEFINE_STATIC(struct if_clone > *, me_cloner); #define V_me_cloner VNET(me_cloner) > > +#ifdef VIMAGE > +static void me_reassign(struct ifnet *, struct vnet *, char > *); +#endif > static void me_qflush(struct ifnet *); > static int me_transmit(struct ifnet *, struct mbuf *); > static int me_ioctl(struct ifnet *, u_long, caddr_t); > @@ -200,12 +203,30 @@ me_clone_create(struct if_clone *ifc, int unit, > caddr_ ME2IFP(sc)->if_ioctl = me_ioctl; > ME2IFP(sc)->if_transmit = me_transmit; > ME2IFP(sc)->if_qflush = me_qflush; > +#ifdef VIMAGE > + ME2IFP(sc)->if_reassign = me_reassign; > +#endif > ME2IFP(sc)->if_capabilities |= IFCAP_LINKSTATE; > ME2IFP(sc)->if_capenable |= IFCAP_LINKSTATE; > if_attach(ME2IFP(sc)); > bpfattach(ME2IFP(sc), DLT_NULL, sizeof(u_int32_t)); > return (0); > } > + > +#ifdef VIMAGE > +static void > +me_reassign(struct ifnet *ifp, struct vnet *new_vnet __unused, > + char *unused __unused) > +{ > + struct me_softc *sc; > + > + sx_xlock(&me_ioctl_sx); > + sc = ifp->if_softc; > + if (sc != NULL) > + me_delete_tunnel(sc); > + sx_xunlock(&me_ioctl_sx); > +} > +#endif /* VIMAGE */ > > static void > me_clone_destroy(struct ifnet *ifp) _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
