Date: Sat, 17 Oct 2009 23:01:29 +0000 (UTC) From: Ermal Luçi <eri@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r198192 - user/eri/pf45/head/sys/contrib/pf/net Message-ID: <200910172301.n9HN1Tnw053214@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: eri Date: Sat Oct 17 23:01:29 2009 New Revision: 198192 URL: http://svn.freebsd.org/changeset/base/198192 Log: Say HELLO to pf(4) virtualized. * Set propper context where required. * Prepend V_ to some more global variables. * Initialize pf(4) during with vnet events rather than module ones. * Include opt_global.h where required to aid in building with virtualization enabled Please help test! Modified: user/eri/pf45/head/sys/contrib/pf/net/pf.c user/eri/pf45/head/sys/contrib/pf/net/pf_if.c user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c user/eri/pf45/head/sys/contrib/pf/net/pf_lb.c user/eri/pf45/head/sys/contrib/pf/net/pf_norm.c user/eri/pf45/head/sys/contrib/pf/net/pf_osfp.c user/eri/pf45/head/sys/contrib/pf/net/pf_ruleset.c user/eri/pf45/head/sys/contrib/pf/net/pf_table.c user/eri/pf45/head/sys/contrib/pf/net/pfvar.h Modified: user/eri/pf45/head/sys/contrib/pf/net/pf.c ============================================================================== --- user/eri/pf45/head/sys/contrib/pf/net/pf.c Sat Oct 17 21:52:31 2009 (r198191) +++ user/eri/pf45/head/sys/contrib/pf/net/pf.c Sat Oct 17 23:01:29 2009 (r198192) @@ -36,6 +36,7 @@ */ #ifdef __FreeBSD__ +#include "opt_global.h" #include "opt_inet.h" #include "opt_inet6.h" @@ -1326,18 +1327,20 @@ void pf_purge_thread(void *v) { int nloops = 0, s; - #ifdef __FreeBSD__ +#ifdef __FreeBSD__ int locked; - #endif +#endif + + CURVNET_SET((struct vnet *)v); for (;;) { tsleep(pf_purge_thread, PWAIT, "pftm", 1 * hz); - #ifdef __FreeBSD__ +#ifdef __FreeBSD__ sx_slock(&V_pf_consistency_lock); PF_LOCK(); locked = 0; - + if (V_pf_end_threads) { PF_UNLOCK(); sx_sunlock(&V_pf_consistency_lock); @@ -1354,11 +1357,11 @@ pf_purge_thread(void *v) wakeup(pf_purge_thread); kproc_exit(0); } - #endif +#endif s = splsoftnet(); /* process a fraction of the state table every second */ - #ifdef __FreeBSD__ +#ifdef __FreeBSD__ if(!pf_purge_expired_states(1 + (V_pf_status.states / V_pf_default_rule.timeout[PFTM_INTERVAL]), 0)) { PF_UNLOCK(); @@ -1370,7 +1373,7 @@ pf_purge_thread(void *v) pf_purge_expired_states(1 + (V_pf_status.states / V_pf_default_rule.timeout[PFTM_INTERVAL]), 1); } - #else +#else pf_purge_expired_states(1 + (pf_status.states / pf_default_rule.timeout[PFTM_INTERVAL])); #endif @@ -1395,6 +1398,7 @@ pf_purge_thread(void *v) sx_sunlock(&V_pf_consistency_lock); #endif } + CURVNET_RESTORE(); } u_int32_t Modified: user/eri/pf45/head/sys/contrib/pf/net/pf_if.c ============================================================================== --- user/eri/pf45/head/sys/contrib/pf/net/pf_if.c Sat Oct 17 21:52:31 2009 (r198191) +++ user/eri/pf45/head/sys/contrib/pf/net/pf_if.c Sat Oct 17 23:01:29 2009 (r198192) @@ -33,6 +33,7 @@ */ #if defined(__FreeBSD__) +#include "opt_global.h" #include "opt_inet.h" #include "opt_inet6.h" @@ -120,11 +121,10 @@ int pfi_unmask(void *); #ifdef __FreeBSD__ void pfi_attach_ifnet_event(void * __unused, struct ifnet *); void pfi_detach_ifnet_event(void * __unused, struct ifnet *); -void pfi_attach_group_event(void * __unused, struct ifg_group *); -void pfi_change_group_event(void * __unused, char *); -void pfi_detach_group_event(void * __unused, struct ifg_group *); +void pfi_attach_group_event(void *, struct ifg_group *); +void pfi_change_group_event(void *, char *); +void pfi_detach_group_event(void *, struct ifg_group *); void pfi_ifaddr_event(void * __unused, struct ifnet *); - #endif RB_PROTOTYPE(pfi_ifhead, pfi_kif, pfik_tree, pfi_if_compare); @@ -177,11 +177,11 @@ pfi_initialize(void) pfi_detach_cookie = EVENTHANDLER_REGISTER(ifnet_departure_event, pfi_detach_ifnet_event, NULL, EVENTHANDLER_PRI_ANY); pfi_attach_group_cookie = EVENTHANDLER_REGISTER(group_attach_event, - pfi_attach_group_event, NULL, EVENTHANDLER_PRI_ANY); + pfi_attach_group_event, curvnet, EVENTHANDLER_PRI_ANY); pfi_change_group_cookie = EVENTHANDLER_REGISTER(group_change_event, - pfi_change_group_event, NULL, EVENTHANDLER_PRI_ANY); + pfi_change_group_event, curvnet, EVENTHANDLER_PRI_ANY); pfi_detach_group_cookie = EVENTHANDLER_REGISTER(group_detach_event, - pfi_detach_group_event, NULL, EVENTHANDLER_PRI_ANY); + pfi_detach_group_event, curvnet, EVENTHANDLER_PRI_ANY); pfi_ifaddr_event_cookie = EVENTHANDLER_REGISTER(ifaddr_event, pfi_ifaddr_event, NULL, EVENTHANDLER_PRI_ANY); #endif @@ -1040,55 +1040,67 @@ pfi_unmask(void *addr) void pfi_attach_ifnet_event(void *arg __unused, struct ifnet *ifp) { + CURVNET_SET(ifp->if_vnet); PF_LOCK(); pfi_attach_ifnet(ifp); #ifdef ALTQ pf_altq_ifnet_event(ifp, 0); #endif PF_UNLOCK(); + CURVNET_RESTORE(); } void pfi_detach_ifnet_event(void *arg __unused, struct ifnet *ifp) { + CURVNET_SET(ifp->if_vnet); PF_LOCK(); pfi_detach_ifnet(ifp); #ifdef ALTQ pf_altq_ifnet_event(ifp, 1); #endif PF_UNLOCK(); + CURVNET_RESTORE(); } void - pfi_attach_group_event(void *arg __unused, struct ifg_group *ifg) + pfi_attach_group_event(void *arg , struct ifg_group *ifg) { + CURVNET_SET((struct vnet *)arg); PF_LOCK(); pfi_attach_ifgroup(ifg); PF_UNLOCK(); + CURVNET_RESTORE(); } void - pfi_change_group_event(void *arg __unused, char *gname) + pfi_change_group_event(void *arg, char *gname) { + CURVNET_SET((struct vnet *)arg); PF_LOCK(); pfi_group_change(gname); PF_UNLOCK(); + CURVNET_RESTORE(); } void - pfi_detach_group_event(void *arg __unused, struct ifg_group *ifg) + pfi_detach_group_event(void *arg, struct ifg_group *ifg) { + CURVNET_SET((struct vnet *)arg); PF_LOCK(); pfi_detach_ifgroup(ifg); PF_UNLOCK(); + CURVNET_RESTORE(); } void pfi_ifaddr_event(void *arg __unused, struct ifnet *ifp) { + CURVNET_SET(ifp->if_vnet); PF_LOCK(); if (ifp && ifp->if_pf_kif) pfi_kifaddr_update(ifp->if_pf_kif); PF_UNLOCK(); + CURVNET_RESTORE(); } #endif /* __FreeBSD__ */ Modified: user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c ============================================================================== --- user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c Sat Oct 17 21:52:31 2009 (r198191) +++ user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c Sat Oct 17 23:01:29 2009 (r198192) @@ -78,6 +78,8 @@ __FBSDID("$FreeBSD$"); #include <sys/kernel.h> #include <sys/time.h> #ifdef __FreeBSD__ +#include <sys/ucred.h> +#include <sys/jail.h> #include <sys/module.h> #include <sys/conf.h> #include <sys/proc.h> @@ -176,13 +178,11 @@ int pf_addr_setup(struct pf_ruleset * void pf_addr_copyout(struct pf_addr_wrap *); #define TAGID_MAX 50000 + #ifdef __FreeBSD__ VNET_DEFINE(struct pf_rule, pf_default_rule); VNET_DEFINE(struct sx, pf_consistency_lock); -#ifndef VIMAGE -SX_SYSINIT(pf_consistency_lock, &V_pf_consistency_lock, - "pf_statetbl_lock"); -#endif + #ifdef ALTQ static VNET_DEFINE(int, pf_altq_running); #define V_pf_altq_running VNET(pf_altq_running) @@ -190,19 +190,10 @@ static VNET_DEFINE(int, pf_altq_running TAILQ_HEAD(pf_tags, pf_tagname); -#ifdef VIMAGE #define V_pf_tags VNET(pf_tags) VNET_DEFINE(struct pf_tags, pf_tags); #define V_pf_qids VNET(pf_qids) VNET_DEFINE(struct pf_tags, pf_qids); -#else -#define V_pf_tags VNET(pf_tags) -VNET_DEFINE(struct pf_tags, pf_tags) = - TAILQ_HEAD_INITIALIZER(V_pf_tags); -#define V_pf_qids VNET(pf_qids) -VNET_DEFINE(struct pf_tags, pf_qids) = - TAILQ_HEAD_INITIALIZER(V_pf_qids); -#endif #else /* !__FreeBSD__ */ struct pf_rule pf_default_rule; @@ -233,7 +224,8 @@ void pf_rtlabel_copyout(struct pf_add #endif #ifdef __FreeBSD__ -static struct cdev *pf_dev; +static VNET_DEFINE(struct cdev *, pf_dev); +#define V_pf_dev VNET(pf_dev) /* * XXX - These are new and need to be checked when moveing to a new version @@ -265,12 +257,11 @@ static int shutdown_pf(void static int pf_load(void); static int pf_unload(void); -static VNET_DEFINE(struct cdevsw, pf_cdevsw) = { +static struct cdevsw pf_cdevsw = { .d_ioctl = pfioctl, .d_name = PF_NAME, .d_version = D_VERSION, }; -#define pf_cdevsw VNET(pf_cdevsw) static volatile VNET_DEFINE(int, pf_pfil_hooked); #define V_pf_pfil_hooked VNET(pf_pfil_hooked) @@ -437,7 +428,7 @@ pfattach(void) /* XXX do our best to avoid a conflict */ V_pf_status.hostid = arc4random(); - if (kproc_create(pf_purge_thread, NULL, NULL, 0, 0, "pfpurge")) + if (kproc_create(pf_purge_thread, curvnet, NULL, 0, 0, "pfpurge")) return (ENXIO); m_addr_chg_pf_p = pf_pkt_addr_changed; @@ -1460,6 +1451,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a #endif int error = 0; + CURVNET_SET(TD_TO_VNET(td)); + /* XXX keep in sync with switch() below */ #ifdef __FreeBSD__ if (securelevel_gt(td->td_ucred, 2)) @@ -3894,6 +3887,9 @@ fail: else rw_exit_read(&pf_consistency_lock); #endif + + CURVNET_RESTORE(); + return (error); } @@ -4118,7 +4114,9 @@ pf_check_in(void *arg, struct mbuf **m, HTONS(h->ip_len); HTONS(h->ip_off); } + CURVNET_SET(ifp->if_vnet); chk = pf_test(PF_IN, ifp, m, NULL, inp); + CURVNET_RESTORE(); if (chk && *m) { m_freem(*m); *m = NULL; @@ -4158,7 +4156,9 @@ pf_check_out(void *arg, struct mbuf **m, HTONS(h->ip_len); HTONS(h->ip_off); } + CURVNET_SET(ifp->if_vnet); chk = pf_test(PF_OUT, ifp, m, NULL, inp); + CURVNET_RESTORE(); if (chk && *m) { m_freem(*m); *m = NULL; @@ -4189,8 +4189,10 @@ pf_check6_in(void *arg, struct mbuf **m, * order to support scoped addresses. In order to support stateful * filtering we have change this to lo0 as it is the case in IPv4. */ + CURVNET_SET(ifp->if_vnet); chk = pf_test6(PF_IN, (*m)->m_flags & M_LOOP ? V_loif : ifp, m, NULL, inp); + CURVNET_RESTORE(); if (chk && *m) { m_freem(*m); *m = NULL; @@ -4212,7 +4214,9 @@ pf_check6_out(void *arg, struct mbuf **m in_delayed_cksum(*m); (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; } + CURVNET_SET(ifp->if_vnet); chk = pf_test6(PF_OUT, ifp, m, NULL, inp); + CURVNET_RESTORE(); if (chk && *m) { m_freem(*m); *m = NULL; @@ -4232,7 +4236,7 @@ hook_pf(void) #endif PF_ASSERT(MA_NOTOWNED); - + if (V_pf_pfil_hooked) return (0); @@ -4310,11 +4314,15 @@ vnet_pf_init(const void *unused) TAILQ_INIT(&V_pf_tags); TAILQ_INIT(&V_pf_qids); + pf_load(); + return (0); } static int vnet_pf_uninit(const void *unused) { + pf_unload(); + return (0); } @@ -4342,16 +4350,15 @@ static int pf_load(void) { init_zone_var(); -#ifdef VIMAGE sx_init(&V_pf_consistency_lock, "pf_statetbl_lock"); -#endif init_pf_mutex(); - pf_dev = make_dev(&pf_cdevsw, 0, 0, 0, 0600, PF_NAME); + V_pf_dev = make_dev(&pf_cdevsw, 0, 0, 0, 0600, PF_NAME); if (pfattach() < 0) { - destroy_dev(pf_dev); + destroy_dev(V_pf_dev); destroy_pf_mutex(); return (ENOMEM); } + return (0); } @@ -4385,11 +4392,9 @@ pf_unload(void) pf_osfp_cleanup(); cleanup_pf_zone(); PF_UNLOCK(); - destroy_dev(pf_dev); + destroy_dev(V_pf_dev); destroy_pf_mutex(); -#ifdef VIMAGE sx_destroy(&V_pf_consistency_lock); -#endif return error; } @@ -4400,11 +4405,9 @@ pf_modevent(module_t mod, int type, void switch(type) { case MOD_LOAD: - error = pf_load(); break; case MOD_UNLOAD: - error = pf_unload(); break; default: error = EINVAL; Modified: user/eri/pf45/head/sys/contrib/pf/net/pf_lb.c ============================================================================== --- user/eri/pf45/head/sys/contrib/pf/net/pf_lb.c Sat Oct 17 21:52:31 2009 (r198191) +++ user/eri/pf45/head/sys/contrib/pf/net/pf_lb.c Sat Oct 17 23:01:29 2009 (r198192) @@ -36,6 +36,7 @@ */ #ifdef __FreeBSD__ +#include "opt_global.h" #include "opt_inet.h" #include "opt_inet6.h" Modified: user/eri/pf45/head/sys/contrib/pf/net/pf_norm.c ============================================================================== --- user/eri/pf45/head/sys/contrib/pf/net/pf_norm.c Sat Oct 17 21:52:31 2009 (r198191) +++ user/eri/pf45/head/sys/contrib/pf/net/pf_norm.c Sat Oct 17 23:01:29 2009 (r198192) @@ -26,6 +26,7 @@ */ #ifdef __FreeBSD__ +#include "opt_global.h" #include "opt_inet.h" #include "opt_inet6.h" #include "opt_pf.h" Modified: user/eri/pf45/head/sys/contrib/pf/net/pf_osfp.c ============================================================================== --- user/eri/pf45/head/sys/contrib/pf/net/pf_osfp.c Sat Oct 17 21:52:31 2009 (r198191) +++ user/eri/pf45/head/sys/contrib/pf/net/pf_osfp.c Sat Oct 17 23:01:29 2009 (r198192) @@ -17,6 +17,10 @@ * */ +#ifdef __FreeBSD__ +#include "opt_global.h" +#endif + #include <sys/param.h> #include <sys/socket.h> #ifdef _KERNEL Modified: user/eri/pf45/head/sys/contrib/pf/net/pf_ruleset.c ============================================================================== --- user/eri/pf45/head/sys/contrib/pf/net/pf_ruleset.c Sat Oct 17 21:52:31 2009 (r198191) +++ user/eri/pf45/head/sys/contrib/pf/net/pf_ruleset.c Sat Oct 17 23:01:29 2009 (r198192) @@ -40,6 +40,10 @@ __FBSDID("$FreeBSD$"); #endif +#ifdef _KERNEL +#include "opt_global.h" +#endif + #include <sys/param.h> #include <sys/socket.h> #ifdef _KERNEL @@ -96,6 +100,13 @@ __FBSDID("$FreeBSD$"); # endif /* PFDEBUG */ #endif /* _KERNEL */ +#if defined(__FreeBSD__) && !defined(_KERNEL) +#undef V_pf_anchors +#define V_pf_anchors pf_anchors + +#undef pf_main_ruleset +#define pf_main_ruleset pf_main_anchor.ruleset +#endif #if defined(__FreeBSD__) && defined(_KERNEL) VNET_DEFINE(struct pf_anchor_global, pf_anchors); Modified: user/eri/pf45/head/sys/contrib/pf/net/pf_table.c ============================================================================== --- user/eri/pf45/head/sys/contrib/pf/net/pf_table.c Sat Oct 17 21:52:31 2009 (r198191) +++ user/eri/pf45/head/sys/contrib/pf/net/pf_table.c Sat Oct 17 23:01:29 2009 (r198192) @@ -31,6 +31,7 @@ */ #ifdef __FreeBSD__ +#include "opt_global.h" #include "opt_inet.h" #include "opt_inet6.h" Modified: user/eri/pf45/head/sys/contrib/pf/net/pfvar.h ============================================================================== --- user/eri/pf45/head/sys/contrib/pf/net/pfvar.h Sat Oct 17 21:52:31 2009 (r198191) +++ user/eri/pf45/head/sys/contrib/pf/net/pfvar.h Sat Oct 17 23:01:29 2009 (r198192) @@ -235,8 +235,8 @@ struct pfi_dynaddr { if(var) uma_zdestroy(var) #ifdef __FreeBSD__ -VNET_DECLARE(struct mtx, pf_task_mtx); -#define V_pf_task_mtx VNET(pf_task_mtx) +VNET_DECLARE(struct mtx, pf_task_mtx); +#define V_pf_task_mtx VNET(pf_task_mtx) #define PF_ASSERT(h) mtx_assert(&V_pf_task_mtx, (h))
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910172301.n9HN1Tnw053214>