diff options
| author | Owain Ainsworth <oga@cvs.openbsd.org> | 2011-05-13 14:31:18 +0000 |
|---|---|---|
| committer | Owain Ainsworth <oga@cvs.openbsd.org> | 2011-05-13 14:31:18 +0000 |
| commit | ed79ef5e5e54236b2cde828337d1acf93d02f442 (patch) | |
| tree | dcfb1bcc7fa65a20d91d0076be9d5d9ea187d9c3 /sys/netinet | |
| parent | b9af3cd5dbf28bd20d87221cc821162f2cb4eee6 (diff) | |
Revert the pf->socket linking diff.
at least krw@, pirofti@ and todd@ have been seeing panics (todd and krw
with xxxterm not sure about pirofti) involving pool corruption while
using this commit.
krw and todd confirm that this backout fixes the problem.
ok blambert@ krw@, todd@ henning@ and kettenis@
Double link between pf states and sockets. Henning has
already implemented half of it. The additional part is: -
The pf state lookup for outgoing packets is optimized by
using mbuf->inp->state.
- For incomming tcp, udp, raw, raw6 packets the socket
lookup always is optimized by using mbuf->state->inp.
- All protocols establish the link for incomming packets.
- All protocols set the inp in the mbuf for outgoing packets.
This allows the linkage beginning with the first packet
for outgoing connections.
- In case of divert states, delete the state when the socket
closes. Otherwise new connections could match on old
states instead of being diverted to the listen socket.
ok henning@
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/in_pcb.c | 21 | ||||
| -rw-r--r-- | sys/netinet/raw_ip.c | 17 | ||||
| -rw-r--r-- | sys/netinet/tcp_input.c | 18 | ||||
| -rw-r--r-- | sys/netinet/tcp_output.c | 8 | ||||
| -rw-r--r-- | sys/netinet/udp_usrreq.c | 17 |
5 files changed, 9 insertions, 72 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 1a125bc5296..91d274faa30 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.c,v 1.119 2011/04/28 09:56:27 claudio Exp $ */ +/* $OpenBSD: in_pcb.c,v 1.120 2011/05/13 14:31:16 oga Exp $ */ /* $NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $ */ /* @@ -513,23 +513,8 @@ in_pcbdetach(v) splx(s); #endif #if NPF > 0 - if (inp->inp_pf_sk) { - struct pf_state_key *sk; - struct pf_state_item *si; - - s = splsoftnet(); - sk = (struct pf_state_key *)inp->inp_pf_sk; - TAILQ_FOREACH(si, &sk->states, entry) - if (sk == si->s->key[PF_SK_STACK] && si->s->rule.ptr && - si->s->rule.ptr->divert.port) { - pf_unlink_state(si->s); - break; - } - /* pf_unlink_state() may have detached the state */ - if (inp->inp_pf_sk) - ((struct pf_state_key *)inp->inp_pf_sk)->inp = NULL; - splx(s); - } + if (inp->inp_pf_sk) + ((struct pf_state_key *)inp->inp_pf_sk)->inp = NULL; #endif s = splnet(); LIST_REMOVE(inp, inp_lhash); diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index efac6a6d96c..9e2797aac3e 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: raw_ip.c,v 1.57 2011/04/28 09:56:27 claudio Exp $ */ +/* $OpenBSD: raw_ip.c,v 1.58 2011/05/13 14:31:16 oga Exp $ */ /* $NetBSD: raw_ip.c,v 1.25 1996/02/18 18:58:33 christos Exp $ */ /* @@ -157,16 +157,6 @@ rip_input(struct mbuf *m, ...) if (inp->inp_faddr.s_addr && inp->inp_faddr.s_addr != ip->ip_src.s_addr) continue; -#if NPF > 0 - if (m->m_pkthdr.pf.statekey && !inp->inp_pf_sk && - !((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp && - (inp->inp_socket->so_state & SS_ISCONNECTED) && - ip->ip_p != IPPROTO_ICMP) { - ((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp = - inp; - inp->inp_pf_sk = m->m_pkthdr.pf.statekey; - } -#endif if (last) { struct mbuf *n; @@ -287,11 +277,6 @@ rip_output(struct mbuf *m, ...) /* force routing domain */ m->m_pkthdr.rdomain = inp->inp_rtableid; -#if NPF > 0 - if (inp->inp_socket->so_state & SS_ISCONNECTED && - ip->ip_p != IPPROTO_ICMP) - m->m_pkthdr.pf.inp = inp; -#endif error = ip_output(m, inp->inp_options, &inp->inp_route, flags, inp->inp_moptions, inp); if (error == EACCES) /* translate pf(4) error for userland */ diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 3eabda7633a..2cb29ea6c53 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_input.c,v 1.249 2011/05/04 08:20:05 blambert Exp $ */ +/* $OpenBSD: tcp_input.c,v 1.250 2011/05/13 14:31:16 oga Exp $ */ /* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */ /* @@ -895,8 +895,7 @@ findpcb: #endif #if NPF > 0 - if (m->m_pkthdr.pf.statekey && !inp->inp_pf_sk && - !((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp) { + if (m->m_pkthdr.pf.statekey) { ((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp = inp; inp->inp_pf_sk = m->m_pkthdr.pf.statekey; } @@ -1339,19 +1338,6 @@ trimthenstep6: ((opti.ts_present && TSTMP_LT(tp->ts_recent, opti.ts_val)) || SEQ_GT(th->th_seq, tp->rcv_nxt))) { -#if NPF > 0 - /* - * The socket will be recreated but the new state - * has already been linked to the socket. Remove the - * link between old socket and new state. Otherwise - * closing the socket would remove the state. - */ - if (inp->inp_pf_sk) { - ((struct pf_state_key *)inp->inp_pf_sk)->inp = - NULL; - inp->inp_pf_sk = NULL; - } -#endif /* * Advance the iss by at least 32768, but * clear the msb in order to make sure diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c index bb5416e7e0f..7e1776865b5 100644 --- a/sys/netinet/tcp_output.c +++ b/sys/netinet/tcp_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_output.c,v 1.95 2011/04/24 19:36:54 bluhm Exp $ */ +/* $OpenBSD: tcp_output.c,v 1.96 2011/05/13 14:31:17 oga Exp $ */ /* $NetBSD: tcp_output.c,v 1.16 1997/06/03 16:17:09 kml Exp $ */ /* @@ -98,8 +98,6 @@ #include <netinet6/in6_var.h> #endif /* INET6 */ -#include "pf.h" - #ifdef notyet extern struct mbuf *m_copypack(); #endif @@ -1079,10 +1077,6 @@ send: /* force routing domain */ m->m_pkthdr.rdomain = tp->t_inpcb->inp_rtableid; -#if NPF > 0 - m->m_pkthdr.pf.inp = tp->t_inpcb; -#endif - switch (tp->pf) { case 0: /*default to PF_INET*/ #ifdef INET diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 53906eece24..d2479425074 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp_usrreq.c,v 1.143 2011/05/04 16:05:49 blambert Exp $ */ +/* $OpenBSD: udp_usrreq.c,v 1.144 2011/05/13 14:31:17 oga Exp $ */ /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ /* @@ -561,7 +561,7 @@ udp_input(struct mbuf *m, ...) /* * Locate pcb for datagram. */ -#if NPF > 0 +#if 0 if (m->m_pkthdr.pf.statekey) inp = ((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp; #endif @@ -619,15 +619,6 @@ udp_input(struct mbuf *m, ...) } } -#if NPF > 0 - if (m->m_pkthdr.pf.statekey && !inp->inp_pf_sk && - !((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp && - (inp->inp_socket->so_state & SS_ISCONNECTED)) { - ((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp = inp; - inp->inp_pf_sk = m->m_pkthdr.pf.statekey; - } -#endif - #ifdef IPSEC mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); s = splnet(); @@ -1042,10 +1033,6 @@ udp_output(struct mbuf *m, ...) /* force routing domain */ m->m_pkthdr.rdomain = inp->inp_rtableid; -#if NPF > 0 - if (inp->inp_socket->so_state & SS_ISCONNECTED) - m->m_pkthdr.pf.inp = inp; -#endif error = ip_output(m, inp->inp_options, &inp->inp_route, inp->inp_socket->so_options & (SO_DONTROUTE | SO_BROADCAST | SO_JUMBO), |