From owner-svn-src-projects@freebsd.org Sun Jun 12 15:37:36 2016 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E9E28AF096D for ; Sun, 12 Jun 2016 15:37:36 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A7930269D; Sun, 12 Jun 2016 15:37:36 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u5CFbZd3033321; Sun, 12 Jun 2016 15:37:35 GMT (envelope-from bz@FreeBSD.org) Received: (from bz@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u5CFbZW1033316; Sun, 12 Jun 2016 15:37:35 GMT (envelope-from bz@FreeBSD.org) Message-Id: <201606121537.u5CFbZW1033316@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bz set sender to bz@FreeBSD.org using -f From: "Bjoern A. Zeeb" Date: Sun, 12 Jun 2016 15:37:35 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r301840 - in projects/vnet/sys: net netpfil/pf X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Jun 2016 15:37:37 -0000 Author: bz Date: Sun Jun 12 15:37:35 2016 New Revision: 301840 URL: https://svnweb.freebsd.org/changeset/base/301840 Log: Make pf starting to think VNETs some more. Now it at least attaches, starts, probably shuts down parts, and doesn't crash that much anymore. Sponsored by: The FreeBSD Foundation Modified: projects/vnet/sys/net/pfvar.h projects/vnet/sys/netpfil/pf/pf.c projects/vnet/sys/netpfil/pf/pf_if.c projects/vnet/sys/netpfil/pf/pf_ioctl.c Modified: projects/vnet/sys/net/pfvar.h ============================================================================== --- projects/vnet/sys/net/pfvar.h Sun Jun 12 11:45:45 2016 (r301839) +++ projects/vnet/sys/net/pfvar.h Sun Jun 12 15:37:35 2016 (r301840) @@ -1655,7 +1655,9 @@ VNET_DECLARE(struct pfi_kif *, pfi_all #define V_pfi_all VNET(pfi_all) void pfi_initialize(void); +void pfi_initialize_vnet(void); void pfi_cleanup(void); +void pfi_cleanup_vnet(void); void pfi_kif_ref(struct pfi_kif *); void pfi_kif_unref(struct pfi_kif *); struct pfi_kif *pfi_kif_find(const char *); Modified: projects/vnet/sys/netpfil/pf/pf.c ============================================================================== --- projects/vnet/sys/netpfil/pf/pf.c Sun Jun 12 11:45:45 2016 (r301839) +++ projects/vnet/sys/netpfil/pf/pf.c Sun Jun 12 15:37:35 2016 (r301840) @@ -1420,16 +1420,22 @@ pf_intr(void *v) } void -pf_purge_thread(void *v) +pf_purge_thread(void *unused __unused) { + VNET_ITERATOR_DECL(vnet_iter); u_int idx = 0; - CURVNET_SET((struct vnet *)v); - for (;;) { PF_RULES_RLOCK(); rw_sleep(pf_purge_thread, &pf_rules_lock, 0, "pftm", hz / 10); + PF_RULES_RUNLOCK(); + + VNET_LIST_RLOCK(); + VNET_FOREACH(vnet_iter) { + CURVNET_SET(vnet_iter); +#if 0 + /* XXX-BZ cleanup needs to happen elsewhere. */ if (V_pf_end_threads) { /* * To cleanse up all kifs and rules we need @@ -1462,9 +1468,9 @@ pf_purge_thread(void *v) V_pf_end_threads++; PF_RULES_RUNLOCK(); wakeup(pf_purge_thread); - kproc_exit(0); + //kproc_exit(0); } - PF_RULES_RUNLOCK(); +#endif /* Process 1/interval fraction of the state table every run. */ idx = pf_purge_expired_states(idx, pf_hashmask / @@ -1482,9 +1488,11 @@ pf_purge_thread(void *v) pf_purge_unlinked_rules(); pfi_kif_purge(); } + CURVNET_RESTORE(); + } + VNET_LIST_RUNLOCK(); } /* not reached */ - CURVNET_RESTORE(); } u_int32_t Modified: projects/vnet/sys/netpfil/pf/pf_if.c ============================================================================== --- projects/vnet/sys/netpfil/pf/pf_if.c Sun Jun 12 11:45:45 2016 (r301839) +++ projects/vnet/sys/netpfil/pf/pf_if.c Sun Jun 12 15:37:35 2016 (r301840) @@ -108,7 +108,7 @@ MTX_SYSINIT(pfi_unlnkdkifs_mtx, &pfi_unl MTX_DEF); void -pfi_initialize(void) +pfi_initialize_vnet(void) { struct ifg_group *ifg; struct ifnet *ifp; @@ -129,6 +129,11 @@ pfi_initialize(void) TAILQ_FOREACH(ifp, &V_ifnet, if_link) pfi_attach_ifnet(ifp); IFNET_RUNLOCK(); +} + +void +pfi_initialize(void) +{ pfi_attach_cookie = EVENTHANDLER_REGISTER(ifnet_arrival_event, pfi_attach_ifnet_event, NULL, EVENTHANDLER_PRI_ANY); @@ -145,17 +150,10 @@ pfi_initialize(void) } void -pfi_cleanup(void) +pfi_cleanup_vnet(void) { struct pfi_kif *p; - EVENTHANDLER_DEREGISTER(ifnet_arrival_event, pfi_attach_cookie); - EVENTHANDLER_DEREGISTER(ifnet_departure_event, pfi_detach_cookie); - EVENTHANDLER_DEREGISTER(group_attach_event, pfi_attach_group_cookie); - EVENTHANDLER_DEREGISTER(group_change_event, pfi_change_group_cookie); - EVENTHANDLER_DEREGISTER(group_detach_event, pfi_detach_group_cookie); - EVENTHANDLER_DEREGISTER(ifaddr_event, pfi_ifaddr_event_cookie); - V_pfi_all = NULL; while ((p = RB_MIN(pfi_ifhead, &V_pfi_ifs))) { RB_REMOVE(pfi_ifhead, &V_pfi_ifs, p); @@ -170,6 +168,18 @@ pfi_cleanup(void) free(V_pfi_buffer, PFI_MTYPE); } +void +pfi_cleanup(void) +{ + + EVENTHANDLER_DEREGISTER(ifnet_arrival_event, pfi_attach_cookie); + EVENTHANDLER_DEREGISTER(ifnet_departure_event, pfi_detach_cookie); + EVENTHANDLER_DEREGISTER(group_attach_event, pfi_attach_group_cookie); + EVENTHANDLER_DEREGISTER(group_change_event, pfi_change_group_cookie); + EVENTHANDLER_DEREGISTER(group_detach_event, pfi_detach_group_cookie); + EVENTHANDLER_DEREGISTER(ifaddr_event, pfi_ifaddr_event_cookie); +} + struct pfi_kif * pfi_kif_find(const char *kif_name) { Modified: projects/vnet/sys/netpfil/pf/pf_ioctl.c ============================================================================== --- projects/vnet/sys/netpfil/pf/pf_ioctl.c Sun Jun 12 11:45:45 2016 (r301839) +++ projects/vnet/sys/netpfil/pf/pf_ioctl.c Sun Jun 12 15:37:35 2016 (r301840) @@ -204,17 +204,14 @@ pfsync_defer_t *pfsync_defer_ptr = NUL /* pflog */ pflog_packet_t *pflog_packet_ptr = NULL; -static int -pfattach(void) +static void +pfattach_vnet(void) { u_int32_t *my_timeout = V_pf_default_rule.timeout; - int error; - if (IS_DEFAULT_VNET(curvnet)) - pf_mtag_initialize(); pf_initialize(); pfr_initialize(); - pfi_initialize(); + pfi_initialize_vnet(); pf_normalize_init(); V_pf_limits[PF_LIMIT_STATES].limit = PFSTATE_HIWAT; @@ -276,14 +273,24 @@ pfattach(void) for (int i = 0; i < SCNT_MAX; i++) V_pf_status.scounters[i] = counter_u64_alloc(M_WAITOK); - if ((error = kproc_create(pf_purge_thread, curvnet, NULL, 0, 0, - "pf purge")) != 0) - /* XXXGL: leaked all above. */ - return (error); - if ((error = swi_add(NULL, "pf send", pf_intr, curvnet, SWI_NET, - INTR_MPSAFE, &V_pf_swi_cookie)) != 0) + if (swi_add(NULL, "pf send", pf_intr, curvnet, SWI_NET, + INTR_MPSAFE, &V_pf_swi_cookie) != 0) /* XXXGL: leaked all above. */ + return; +} + +static int +pfattach(void) +{ + int error; + + pf_mtag_initialize(); + + error = kproc_create(pf_purge_thread, NULL, NULL, 0, 0, "pf purge"); + if (error != 0) { + pf_mtag_cleanup(); return (error); + } return (0); } @@ -3691,24 +3698,32 @@ dehook_pf(void) return (0); } -static int -pf_load(void) +static void +pf_load_vnet(void) { - int error; - VNET_ITERATOR_DECL(vnet_iter); VNET_LIST_RLOCK(); VNET_FOREACH(vnet_iter) { CURVNET_SET(vnet_iter); V_pf_pfil_hooked = 0; +#if 0 V_pf_end_threads = 0; +#endif TAILQ_INIT(&V_pf_tags); TAILQ_INIT(&V_pf_qids); CURVNET_RESTORE(); } VNET_LIST_RUNLOCK(); + pfattach_vnet(); +} + +static int +pf_load(void) +{ + int error; + rw_init(&pf_rules_lock, "pf rulesets"); sx_init(&pf_ioctl_lock, "pf ioctl"); @@ -3719,10 +3734,10 @@ pf_load(void) return (0); } -static int -pf_unload(void) +static void +pf_unload_vnet() { - int error = 0; + int error; V_pf_status.running = 0; swi_remove(V_pf_swi_cookie); @@ -3734,23 +3749,34 @@ pf_unload(void) * a message like 'No such process'. */ printf("%s : pfil unregisteration fail\n", __FUNCTION__); - return error; + return; } PF_RULES_WLOCK(); shutdown_pf(); +#if 0 V_pf_end_threads = 1; while (V_pf_end_threads < 2) { wakeup_one(pf_purge_thread); rw_sleep(pf_purge_thread, &pf_rules_lock, 0, "pftmo", 0); } +#endif PF_RULES_WUNLOCK(); pf_normalize_cleanup(); - pfi_cleanup(); + pfi_cleanup_vnet(); pfr_cleanup(); pf_osfp_flush(); pf_cleanup(); if (IS_DEFAULT_VNET(curvnet)) pf_mtag_cleanup(); +} + +static int +pf_unload(void) +{ + int error = 0; + + pfi_cleanup(); + destroy_dev(pf_dev); rw_destroy(&pf_rules_lock); sx_destroy(&pf_ioctl_lock); @@ -3758,6 +3784,25 @@ pf_unload(void) return (error); } +static void +vnet_pf_init(void *unused __unused) +{ + + pf_load_vnet(); +} +VNET_SYSINIT(vnet_pf_init, SI_SUB_PROTO_FIREWALL, SI_ORDER_THIRD, + vnet_pf_init, NULL); + +static void +vnet_pf_uninit(const void *unused __unused) +{ + + pf_unload_vnet(); +} +VNET_SYSUNINIT(vnet_pf_uninit, SI_SUB_PROTO_FIREWALL, SI_ORDER_THIRD, + vnet_pf_uninit, NULL); + + static int pf_modevent(module_t mod, int type, void *data) { @@ -3790,5 +3835,5 @@ static moduledata_t pf_mod = { 0 }; -DECLARE_MODULE(pf, pf_mod, SI_SUB_PROTO_FIREWALL, SI_ORDER_FIRST); +DECLARE_MODULE(pf, pf_mod, SI_SUB_PROTO_FIREWALL, SI_ORDER_SECOND); MODULE_VERSION(pf, PF_MODVER); From owner-svn-src-projects@freebsd.org Mon Jun 13 10:30:51 2016 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3811AAF1504 for ; Mon, 13 Jun 2016 10:30:51 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 141B124CA; Mon, 13 Jun 2016 10:30:51 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u5DAUoru050477; Mon, 13 Jun 2016 10:30:50 GMT (envelope-from ngie@FreeBSD.org) Received: (from ngie@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u5DAUoF1050474; Mon, 13 Jun 2016 10:30:50 GMT (envelope-from ngie@FreeBSD.org) Message-Id: <201606131030.u5DAUoF1050474@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ngie set sender to ngie@FreeBSD.org using -f From: Garrett Cooper Date: Mon, 13 Jun 2016 10:30:50 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r301868 - in projects/bsnmp-improved-ipv6-support: share/misc usr.bin/calendar/calendars usr.sbin/sysrc X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jun 2016 10:30:51 -0000 Author: ngie Date: Mon Jun 13 10:30:49 2016 New Revision: 301868 URL: https://svnweb.freebsd.org/changeset/base/301868 Log: Change my given name from "Garrett" to "Ngie" A legal name change from "Garrett" to "Ngie", as well as a FreeBSD account name change, is pending. Approved by: re (hrs) Modified: projects/bsnmp-improved-ipv6-support/share/misc/committers-src.dot projects/bsnmp-improved-ipv6-support/usr.bin/calendar/calendars/calendar.freebsd projects/bsnmp-improved-ipv6-support/usr.sbin/sysrc/sysrc.8 Modified: projects/bsnmp-improved-ipv6-support/share/misc/committers-src.dot ============================================================================== --- projects/bsnmp-improved-ipv6-support/share/misc/committers-src.dot Mon Jun 13 09:22:20 2016 (r301867) +++ projects/bsnmp-improved-ipv6-support/share/misc/committers-src.dot Mon Jun 13 10:30:49 2016 (r301868) @@ -244,7 +244,7 @@ mp [label="Mark Peek\nmp@FreeBSD.org\n20 mr [label="Michael Reifenberger\nmr@FreeBSD.org\n2001/09/30"] neel [label="Neel Natu\nneel@FreeBSD.org\n2009/09/20"] netchild [label="Alexander Leidinger\nnetchild@FreeBSD.org\n2005/03/31"] -ngie [label="Garrett Cooper\nngie@FreeBSD.org\n2014/07/27"] +ngie [label="Ngie Cooper\nngie@FreeBSD.org\n2014/07/27"] nork [label="Norikatsu Shigemura\nnork@FreeBSD.org\n2009/06/09"] np [label="Navdeep Parhar\nnp@FreeBSD.org\n2009/06/05"] nwhitehorn [label="Nathan Whitehorn\nnwhitehorn@FreeBSD.org\n2008/07/03"] Modified: projects/bsnmp-improved-ipv6-support/usr.bin/calendar/calendars/calendar.freebsd ============================================================================== --- projects/bsnmp-improved-ipv6-support/usr.bin/calendar/calendars/calendar.freebsd Mon Jun 13 09:22:20 2016 (r301867) +++ projects/bsnmp-improved-ipv6-support/usr.bin/calendar/calendars/calendar.freebsd Mon Jun 13 10:30:49 2016 (r301868) @@ -36,7 +36,7 @@ 01/26 Andrew Gallatin born in Buffalo, New York, United States, 1970 01/27 Nick Sayer born in San Diego, California, United States, 1968 01/27 Jacques Anthony Vidrine born in Baton Rouge, Louisiana, United States, 1971 -01/27 Garrett Cooper born in Seattle, Washington, United States, 1984 +01/27 Ngie Cooper born in Seattle, Washington, United States, 1984 01/31 Hidetoshi Shimokawa born in Yokohama, Kanagawa, Japan, 1970 02/01 Doug Rabson born in London, England, 1966 02/01 Nicola Vitale born in Busto Arsizio, Varese, Italy, 1976 Modified: projects/bsnmp-improved-ipv6-support/usr.sbin/sysrc/sysrc.8 ============================================================================== --- projects/bsnmp-improved-ipv6-support/usr.sbin/sysrc/sysrc.8 Mon Jun 13 09:22:20 2016 (r301867) +++ projects/bsnmp-improved-ipv6-support/usr.sbin/sysrc/sysrc.8 Mon Jun 13 10:30:49 2016 (r301868) @@ -480,6 +480,6 @@ utility first appeared in .Sh AUTHORS .An Devin Teske Aq Mt dteske@FreeBSD.org .Sh THANKS TO -Brandon Gooch, Garrett Cooper, Julian Elischer, Pawel Jakub Dawidek, +Brandon Gooch, Ngie Cooper, Julian Elischer, Pawel Jakub Dawidek, Cyrille Lefevre, Ross West, Stefan Esser, Marco Steinbach, Jilles Tjoelker, Allan Jude, and Lars Engels for suggestions, help, and testing. From owner-svn-src-projects@freebsd.org Fri Jun 17 16:14:43 2016 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E2484A77401 for ; Fri, 17 Jun 2016 16:14:43 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A45361F08; Fri, 17 Jun 2016 16:14:43 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u5HGEgub075640; Fri, 17 Jun 2016 16:14:42 GMT (envelope-from bz@FreeBSD.org) Received: (from bz@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u5HGEg0J075637; Fri, 17 Jun 2016 16:14:42 GMT (envelope-from bz@FreeBSD.org) Message-Id: <201606171614.u5HGEg0J075637@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bz set sender to bz@FreeBSD.org using -f From: "Bjoern A. Zeeb" Date: Fri, 17 Jun 2016 16:14:42 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r301990 - in projects/vnet/sys: net netpfil/pf X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jun 2016 16:14:44 -0000 Author: bz Date: Fri Jun 17 16:14:42 2016 New Revision: 301990 URL: https://svnweb.freebsd.org/changeset/base/301990 Log: Tie up a few lose ends on pf vnet cleanup and in theory if we could unload the module try to also end the kthread again. Sponsored by: The FreeBSD Foundation Modified: projects/vnet/sys/net/pfvar.h projects/vnet/sys/netpfil/pf/pf.c projects/vnet/sys/netpfil/pf/pf_ioctl.c Modified: projects/vnet/sys/net/pfvar.h ============================================================================== --- projects/vnet/sys/net/pfvar.h Fri Jun 17 09:07:27 2016 (r301989) +++ projects/vnet/sys/net/pfvar.h Fri Jun 17 16:14:42 2016 (r301990) @@ -1514,6 +1514,7 @@ VNET_DECLARE(uma_zone_t, pf_state_scrub #define V_pf_state_scrub_z VNET(pf_state_scrub_z) extern void pf_purge_thread(void *); +extern void pf_unload_vnet_purge(void); extern void pf_intr(void *); extern void pf_purge_expired_src_nodes(void); Modified: projects/vnet/sys/netpfil/pf/pf.c ============================================================================== --- projects/vnet/sys/netpfil/pf/pf.c Fri Jun 17 09:07:27 2016 (r301989) +++ projects/vnet/sys/netpfil/pf/pf.c Fri Jun 17 16:14:42 2016 (r301990) @@ -298,7 +298,7 @@ static void pf_route6(struct mbuf **, int in4_cksum(struct mbuf *m, u_int8_t nxt, int off, int len); -VNET_DECLARE(int, pf_end_threads); +extern int pf_end_threads; VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]); @@ -1434,43 +1434,10 @@ pf_purge_thread(void *unused __unused) VNET_FOREACH(vnet_iter) { CURVNET_SET(vnet_iter); -#if 0 - /* XXX-BZ cleanup needs to happen elsewhere. */ - if (V_pf_end_threads) { - /* - * To cleanse up all kifs and rules we need - * two runs: first one clears reference flags, - * then pf_purge_expired_states() doesn't - * raise them, and then second run frees. - */ - PF_RULES_RUNLOCK(); - pf_purge_unlinked_rules(); - pfi_kif_purge(); - - /* - * Now purge everything. - */ - pf_purge_expired_states(0, pf_hashmask); - pf_purge_expired_fragments(); - pf_purge_expired_src_nodes(); - - /* - * Now all kifs & rules should be unreferenced, - * thus should be successfully freed. - */ - pf_purge_unlinked_rules(); - pfi_kif_purge(); - - /* - * Announce success and exit. - */ - PF_RULES_RLOCK(); - V_pf_end_threads++; - PF_RULES_RUNLOCK(); + if (pf_end_threads) { wakeup(pf_purge_thread); - //kproc_exit(0); + kproc_exit(0); } -#endif /* Process 1/interval fraction of the state table every run. */ idx = pf_purge_expired_states(idx, pf_hashmask / @@ -1495,6 +1462,35 @@ pf_purge_thread(void *unused __unused) /* not reached */ } +void +pf_unload_vnet_purge(void) +{ + + /* + * To cleanse up all kifs and rules we need + * two runs: first one clears reference flags, + * then pf_purge_expired_states() doesn't + * raise them, and then second run frees. + */ + pf_purge_unlinked_rules(); + pfi_kif_purge(); + + /* + * Now purge everything. + */ + pf_purge_expired_states(0, pf_hashmask); + pf_purge_expired_fragments(); + pf_purge_expired_src_nodes(); + + /* + * Now all kifs & rules should be unreferenced, + * thus should be successfully freed. + */ + pf_purge_unlinked_rules(); + pfi_kif_purge(); +} + + u_int32_t pf_state_expires(const struct pf_state *state) { Modified: projects/vnet/sys/netpfil/pf/pf_ioctl.c ============================================================================== --- projects/vnet/sys/netpfil/pf/pf_ioctl.c Fri Jun 17 09:07:27 2016 (r301989) +++ projects/vnet/sys/netpfil/pf/pf_ioctl.c Fri Jun 17 16:14:42 2016 (r301990) @@ -87,7 +87,6 @@ __FBSDID("$FreeBSD$"); #include #endif -static int pfattach(void); static struct pf_pool *pf_get_pool(char *, u_int32_t, u_int8_t, u_int32_t, u_int8_t, u_int8_t, u_int8_t); @@ -189,7 +188,7 @@ static struct cdevsw pf_cdevsw = { static volatile VNET_DEFINE(int, pf_pfil_hooked); #define V_pf_pfil_hooked VNET(pf_pfil_hooked) -VNET_DEFINE(int, pf_end_threads); +int pf_end_threads; struct rwlock pf_rules_lock; struct sx pf_ioctl_lock; @@ -279,21 +278,6 @@ pfattach_vnet(void) return; } -static int -pfattach(void) -{ - int error; - - pf_mtag_initialize(); - - error = kproc_create(pf_purge_thread, NULL, NULL, 0, 0, "pf purge"); - if (error != 0) { - pf_mtag_cleanup(); - return (error); - } - - return (0); -} static struct pf_pool * pf_get_pool(char *anchor, u_int32_t ticket, u_int8_t rule_action, @@ -3707,9 +3691,6 @@ pf_load_vnet(void) VNET_FOREACH(vnet_iter) { CURVNET_SET(vnet_iter); V_pf_pfil_hooked = 0; -#if 0 - V_pf_end_threads = 0; -#endif TAILQ_INIT(&V_pf_tags); TAILQ_INIT(&V_pf_qids); CURVNET_RESTORE(); @@ -3727,8 +3708,15 @@ pf_load(void) rw_init(&pf_rules_lock, "pf rulesets"); sx_init(&pf_ioctl_lock, "pf ioctl"); + pf_mtag_initialize(); + pf_dev = make_dev(&pf_cdevsw, 0, 0, 0, 0600, PF_NAME); - if ((error = pfattach()) != 0) + if (pf_dev == NULL) + return (ENOMEM); + + pf_end_threads = 0; + error = kproc_create(pf_purge_thread, NULL, NULL, 0, 0, "pf purge"); + if (error != 0) return (error); return (0); @@ -3751,16 +3739,13 @@ pf_unload_vnet() printf("%s : pfil unregisteration fail\n", __FUNCTION__); return; } + + pf_unload_vnet_purge(); + PF_RULES_WLOCK(); shutdown_pf(); -#if 0 - V_pf_end_threads = 1; - while (V_pf_end_threads < 2) { - wakeup_one(pf_purge_thread); - rw_sleep(pf_purge_thread, &pf_rules_lock, 0, "pftmo", 0); - } -#endif PF_RULES_WUNLOCK(); + pf_normalize_cleanup(); pfi_cleanup_vnet(); pfr_cleanup(); @@ -3775,9 +3760,17 @@ pf_unload(void) { int error = 0; + pf_end_threads = 1; + while (pf_end_threads < 2) { + wakeup_one(pf_purge_thread); + rw_sleep(pf_purge_thread, &pf_rules_lock, 0, "pftmo", 0); + } + + if (pf_dev != NULL) + destroy_dev(pf_dev); + pfi_cleanup(); - destroy_dev(pf_dev); rw_destroy(&pf_rules_lock); sx_destroy(&pf_ioctl_lock); From owner-svn-src-projects@freebsd.org Sat Jun 18 09:48:21 2016 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EDE90A785E6 for ; Sat, 18 Jun 2016 09:48:21 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9F9581D8C; Sat, 18 Jun 2016 09:48:21 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u5I9mKb4077423; Sat, 18 Jun 2016 09:48:20 GMT (envelope-from bz@FreeBSD.org) Received: (from bz@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u5I9mK1a077422; Sat, 18 Jun 2016 09:48:20 GMT (envelope-from bz@FreeBSD.org) Message-Id: <201606180948.u5I9mK1a077422@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bz set sender to bz@FreeBSD.org using -f From: "Bjoern A. Zeeb" Date: Sat, 18 Jun 2016 09:48:20 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r302004 - projects/vnet/sys/netpfil/pf X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Jun 2016 09:48:22 -0000 Author: bz Date: Sat Jun 18 09:48:20 2016 New Revision: 302004 URL: https://svnweb.freebsd.org/changeset/base/302004 Log: Virtualize pflog. Sponsored by: The FreeBSD Foundation Modified: projects/vnet/sys/netpfil/pf/if_pflog.c Modified: projects/vnet/sys/netpfil/pf/if_pflog.c ============================================================================== --- projects/vnet/sys/netpfil/pf/if_pflog.c Sat Jun 18 08:25:31 2016 (r302003) +++ projects/vnet/sys/netpfil/pf/if_pflog.c Sat Jun 18 09:48:20 2016 (r302004) @@ -91,19 +91,22 @@ static int pflogioctl(struct ifnet *, u_ static void pflogstart(struct ifnet *); static int pflog_clone_create(struct if_clone *, int, caddr_t); static void pflog_clone_destroy(struct ifnet *); -static struct if_clone *pflog_cloner; static const char pflogname[] = "pflog"; -struct ifnet *pflogifs[PFLOGIFS_MAX]; /* for fast access */ +static VNET_DEFINE(struct if_clone *, pflog_cloner); +#define V_pflog_cloner VNET(pflog_cloner) + +VNET_DEFINE(struct ifnet *, pflogifs[PFLOGIFS_MAX]); /* for fast access */ +#define V_pflogifs VNET(pflogifs) static void -pflogattach(int npflog) +pflogattach(int npflog __unused) { int i; for (i = 0; i < PFLOGIFS_MAX; i++) - pflogifs[i] = NULL; - pflog_cloner = if_clone_simple(pflogname, pflog_clone_create, + V_pflogifs[i] = NULL; + V_pflog_cloner = if_clone_simple(pflogname, pflog_clone_create, pflog_clone_destroy, 1); } @@ -130,7 +133,7 @@ pflog_clone_create(struct if_clone *ifc, bpfattach(ifp, DLT_PFLOG, PFLOG_HDRLEN); - pflogifs[unit] = ifp; + V_pflogifs[unit] = ifp; return (0); } @@ -141,8 +144,8 @@ pflog_clone_destroy(struct ifnet *ifp) int i; for (i = 0; i < PFLOGIFS_MAX; i++) - if (pflogifs[i] == ifp) - pflogifs[i] = NULL; + if (V_pflogifs[i] == ifp) + V_pflogifs[i] = NULL; bpfdetach(ifp); if_detach(ifp); @@ -206,7 +209,7 @@ pflog_packet(struct pfi_kif *kif, struct if (kif == NULL || m == NULL || rm == NULL || pd == NULL) return ( 1); - if ((ifn = pflogifs[rm->logif]) == NULL || !ifn->if_bpf) + if ((ifn = V_pflogifs[rm->logif]) == NULL || !ifn->if_bpf) return (0); bzero(&hdr, sizeof(hdr)); @@ -259,6 +262,24 @@ pflog_packet(struct pfi_kif *kif, struct return (0); } +static void +vnet_pflog_init(const void *unused __unused) +{ + + pflogattach(1); +} +VNET_SYSINIT(vnet_pflog_init, SI_SUB_PSEUDO, SI_ORDER_ANY, + vnet_pflog_init, NULL); + +static void +vnet_pflog_uninit(const void *unused __unused) +{ + + if_clone_detach(V_pflog_cloner); +} +VNET_SYSUNINIT(vnet_pflog_uninit, SI_SUB_INIT_IF, SI_ORDER_SECOND, + vnet_pflog_uninit, NULL); + static int pflog_modevent(module_t mod, int type, void *data) { @@ -266,7 +287,6 @@ pflog_modevent(module_t mod, int type, v switch (type) { case MOD_LOAD: - pflogattach(1); PF_RULES_WLOCK(); pflog_packet_ptr = pflog_packet; PF_RULES_WUNLOCK(); @@ -275,10 +295,9 @@ pflog_modevent(module_t mod, int type, v PF_RULES_WLOCK(); pflog_packet_ptr = NULL; PF_RULES_WUNLOCK(); - if_clone_detach(pflog_cloner); break; default: - error = EINVAL; + error = EOPNOTSUPP; break; } From owner-svn-src-projects@freebsd.org Sat Jun 18 12:42:50 2016 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5DEC0A7844A for ; Sat, 18 Jun 2016 12:42:50 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2FDBB12EB; Sat, 18 Jun 2016 12:42:50 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u5ICgnB8043794; Sat, 18 Jun 2016 12:42:49 GMT (envelope-from bz@FreeBSD.org) Received: (from bz@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u5ICgnJ1043793; Sat, 18 Jun 2016 12:42:49 GMT (envelope-from bz@FreeBSD.org) Message-Id: <201606181242.u5ICgnJ1043793@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bz set sender to bz@FreeBSD.org using -f From: "Bjoern A. Zeeb" Date: Sat, 18 Jun 2016 12:42:49 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r302005 - projects/vnet/sys/net X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Jun 2016 12:42:50 -0000 Author: bz Date: Sat Jun 18 12:42:49 2016 New Revision: 302005 URL: https://svnweb.freebsd.org/changeset/base/302005 Log: Some more debugging fields and resort some to get them closer to the order of the struct. Sponsored by: The FreeBSD Foundation Modified: projects/vnet/sys/net/if_debug.c Modified: projects/vnet/sys/net/if_debug.c ============================================================================== --- projects/vnet/sys/net/if_debug.c Sat Jun 18 09:48:20 2016 (r302004) +++ projects/vnet/sys/net/if_debug.c Sat Jun 18 12:42:49 2016 (r302005) @@ -65,6 +65,10 @@ if_show_ifnet(struct ifnet *ifp) IF_DB_PRINTF("%d", if_index_reserved); IF_DB_PRINTF("%p", if_softc); IF_DB_PRINTF("%p", if_l2com); + IF_DB_PRINTF("%p", if_llsoftc); + IF_DB_PRINTF("%d", if_amcount); + IF_DB_PRINTF("%p", if_addr); + IF_DB_PRINTF("%p", if_broadcastaddr); IF_DB_PRINTF("%p", if_afdata); IF_DB_PRINTF("%d", if_afdata_initialized); IF_DB_PRINTF("%u", if_fib); @@ -72,10 +76,13 @@ if_show_ifnet(struct ifnet *ifp) IF_DB_PRINTF("%p", if_home_vnet); IF_DB_PRINTF("%p", if_vlantrunk); IF_DB_PRINTF("%p", if_bpf); - IF_DB_PRINTF("%p", if_addr); - IF_DB_PRINTF("%p", if_llsoftc); - IF_DB_PRINTF("%p", if_label); IF_DB_PRINTF("%u", if_pcount); + IF_DB_PRINTF("%p", if_bridge); + IF_DB_PRINTF("%p", if_lagg); + IF_DB_PRINTF("%p", if_pf_kif); + IF_DB_PRINTF("%p", if_carp); + IF_DB_PRINTF("%p", if_label); + IF_DB_PRINTF("%p", if_netmap); IF_DB_PRINTF("0x%08x", if_flags); IF_DB_PRINTF("0x%08x", if_drv_flags); IF_DB_PRINTF("0x%08x", if_capabilities); From owner-svn-src-projects@freebsd.org Sat Jun 18 12:44:23 2016 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 84438A78546 for ; Sat, 18 Jun 2016 12:44:23 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 55C691714; Sat, 18 Jun 2016 12:44:23 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u5ICiMsf043963; Sat, 18 Jun 2016 12:44:22 GMT (envelope-from bz@FreeBSD.org) Received: (from bz@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u5ICiMm3043962; Sat, 18 Jun 2016 12:44:22 GMT (envelope-from bz@FreeBSD.org) Message-Id: <201606181244.u5ICiMm3043962@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bz set sender to bz@FreeBSD.org using -f From: "Bjoern A. Zeeb" Date: Sat, 18 Jun 2016 12:44:22 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r302007 - projects/vnet/sys/netpfil/pf X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Jun 2016 12:44:23 -0000 Author: bz Date: Sat Jun 18 12:44:22 2016 New Revision: 302007 URL: https://svnweb.freebsd.org/changeset/base/302007 Log: Calling the function for the event handler registration helps in order to receive the events. Now to deal with follow-up issues inside pf. Sponsored by: The FreeBSD Foundation Modified: projects/vnet/sys/netpfil/pf/pf_ioctl.c Modified: projects/vnet/sys/netpfil/pf/pf_ioctl.c ============================================================================== --- projects/vnet/sys/netpfil/pf/pf_ioctl.c Sat Jun 18 12:44:14 2016 (r302006) +++ projects/vnet/sys/netpfil/pf/pf_ioctl.c Sat Jun 18 12:44:22 2016 (r302007) @@ -3719,6 +3719,8 @@ pf_load(void) if (error != 0) return (error); + pfi_initialize(); + return (0); }