PERFORCE change 108003 for review
Paolo Pisati
piso at FreeBSD.org
Mon Oct 16 14:51:03 PDT 2006
http://perforce.freebsd.org/chv.cgi?CH=108003
Change 108003 by piso at piso_newluxor on 2006/10/16 21:50:47
Complete movement of nat entries under ip_fw_chain:
used IPFW_[RW]LOCK instead of NAT_[RW]LOCK,
deleted nat_chain_rwl and reviewed some locking.
Affected files ...
.. //depot/projects/soc2005/libalias/sys/netinet/ip_fw2.c#22 edit
Differences ...
==== //depot/projects/soc2005/libalias/sys/netinet/ip_fw2.c#22 (text+ko) ====
@@ -154,6 +154,8 @@
#define IPFW_WLOCK(p) rw_wlock(&(p)->rwmtx)
#define IPFW_WUNLOCK(p) rw_wunlock(&(p)->rwmtx)
+static eventhandler_tag ifaddr_event_tag;
+
/*
* list of rules for layer 3
*/
@@ -305,14 +307,6 @@
MODULE_DEPEND(ipfw, libalias, 1, 1, 1);
-#define NAT_WLOCK_ASSERT(_chain) IPFW_WLOCK_ASSERT(_chain)
-#define NAT_RLOCK(p) IPFW_RLOCK(p)
-#define NAT_RUNLOCK(p) IPFW_RUNLOCK(p)
-#define NAT_WLOCK(p) IPFW_WLOCK(p)
-#define NAT_WUNLOCK(p) IPFW_WUNLOCK(p)
-
-static eventhandler_tag ifaddr_event_tag;
-
static int fw_deny_unknown_exthdrs = 1;
/*
@@ -2041,7 +2035,7 @@
flush_nat_ptrs(const int i) {
struct ip_fw *rule;
- IPFW_WLOCK(&layer3_chain);
+ IPFW_WLOCK_ASSERT(&layer3_chain);
for (rule = layer3_chain.rules; rule; rule = rule->next) {
ipfw_insn_nat *cmd = (ipfw_insn_nat *)ACTION_PTR(rule);
@@ -2050,7 +2044,6 @@
if (cmd->nat != NULL && cmd->nat->id == i)
cmd->nat = NULL;
}
- IPFW_WUNLOCK(&layer3_chain);
}
static struct cfg_nat *
@@ -2064,12 +2057,12 @@
}
#define HOOK_NAT(b, p) do { \
- NAT_WLOCK_ASSERT(&layer3_chain); \
+ IPFW_WLOCK_ASSERT(&layer3_chain); \
LIST_INSERT_HEAD(b, p, _next); \
} while (0)
#define UNHOOK_NAT(p) do { \
- NAT_WLOCK_ASSERT(&layer3_chain); \
+ IPFW_WLOCK_ASSERT(&layer3_chain); \
LIST_REMOVE(p, _next); \
} while (0)
@@ -3438,12 +3431,10 @@
args->rule = f; /* Report matching rule. */
retval = 0;
t = ((ipfw_insn_nat *)cmd)->nat;
- NAT_RLOCK(&layer3_chain);
if (t == NULL) {
t = lookup_nat(cmd->arg1);
if (t == NULL) {
retval = IP_FW_DENY;
- NAT_RUNLOCK(&layer3_chain);
goto done;
} else
((ipfw_insn_nat *)cmd)->nat = t;
@@ -3509,7 +3500,6 @@
/* XXX - should i add some logging? */
m_free(mcl);
badnat:
- NAT_RUNLOCK(&layer3_chain);
args->m = NULL;
retval = IP_FW_DENY;
goto done;
@@ -3575,7 +3565,6 @@
args->m = mcl;
retval = IP_FW_NAT;
- NAT_RUNLOCK(&layer3_chain);
goto done;
}
@@ -4310,7 +4299,7 @@
struct cfg_nat *ptr;
struct ifaddr *ifa;
- NAT_WLOCK(&layer3_chain);
+ IPFW_WLOCK(&layer3_chain);
/* Check every nat entry... */
LIST_FOREACH(ptr, &layer3_chain.nat, _next) {
/* ...using nic 'ifp->if_xname' as dynamic alias address. */
@@ -4328,7 +4317,7 @@
mtx_unlock(&ifp->if_addr_mtx);
}
}
- NAT_WUNLOCK(&layer3_chain);
+ IPFW_WUNLOCK(&layer3_chain);
}
/**
@@ -4568,21 +4557,21 @@
/*
* Find/create nat rule.
*/
- NAT_WLOCK(&layer3_chain);
+ IPFW_WLOCK(&layer3_chain);
ptr = lookup_nat(ser_n->id);
if (ptr == NULL) { /* New rule: allocate and init new instance. */
ptr = malloc(sizeof(struct cfg_nat),
M_IPFW, M_NOWAIT | M_ZERO);
if (ptr == NULL) {
free(buf, M_IPFW);
- NAT_WUNLOCK(&layer3_chain);
+ IPFW_WUNLOCK(&layer3_chain);
return (ENOSPC);
}
ptr->lib = LibAliasInit(NULL);
if (ptr->lib == NULL) {
free(ptr, M_IPFW);
free(buf, M_IPFW);
- NAT_WUNLOCK(&layer3_chain);
+ IPFW_WUNLOCK(&layer3_chain);
return(EINVAL);
}
LIST_INIT(&ptr->redir_chain);
@@ -4590,7 +4579,7 @@
UNHOOK_NAT(ptr);
flush_nat_ptrs(ser_n->id);
}
- NAT_WUNLOCK(&layer3_chain);
+ IPFW_WUNLOCK(&layer3_chain);
/*
* Basic nat configuration.
@@ -4614,9 +4603,9 @@
add_redir_spool_cfg(&buf[(sizeof(struct cfg_nat))],
ptr); /* Add new entries. */
free(buf, M_IPFW);
- NAT_WLOCK(&layer3_chain);
+ IPFW_WLOCK(&layer3_chain);
HOOK_NAT(&layer3_chain.nat, ptr);
- NAT_WUNLOCK(&layer3_chain);
+ IPFW_WUNLOCK(&layer3_chain);
}
break;
@@ -4626,16 +4615,16 @@
int i;
error = sooptcopyin(sopt, &i, sizeof i, sizeof i);
- NAT_WLOCK(&layer3_chain);
+ IPFW_WLOCK(&layer3_chain);
ptr = lookup_nat(i);
if (ptr == NULL) {
error = EINVAL;
- NAT_WUNLOCK(&layer3_chain);
+ IPFW_WUNLOCK(&layer3_chain);
break;
}
UNHOOK_NAT(ptr);
- NAT_WUNLOCK(&layer3_chain);
flush_nat_ptrs(i);
+ IPFW_WUNLOCK(&layer3_chain);
del_redir_spool_cfg(ptr, &ptr->redir_chain);
LibAliasUninit(ptr->lib);
free(ptr, M_IPFW);
@@ -4656,7 +4645,7 @@
data = malloc(NAT_BUF_LEN, M_IPFW, M_NOWAIT | M_ZERO);
if (data == NULL)
return (ENOSPC);
- NAT_RLOCK(&layer3_chain);
+ IPFW_RLOCK(&layer3_chain);
/* Serialize all the data. */
LIST_FOREACH(n, &layer3_chain.nat, _next) {
nat_cnt++;
@@ -4681,12 +4670,12 @@
goto nospace;
}
bcopy(&nat_cnt, data, sizeof(nat_cnt));
- NAT_RUNLOCK(&layer3_chain);
+ IPFW_RUNLOCK(&layer3_chain);
error = sooptcopyout(sopt, data, NAT_BUF_LEN);
free(data, M_IPFW);
break;
nospace:
- NAT_RUNLOCK(&layer3_chain);
+ IPFW_RUNLOCK(&layer3_chain);
printf("serialized data buffer not big enough: please increase NAT_BUF_LEN\n");
free(data, M_IPFW);
}
@@ -4699,7 +4688,7 @@
int sof = LIBALIAS_BUF_SIZE;
int i, size, cnt = 0;
- NAT_RLOCK(&layer3_chain);
+ IPFW_RLOCK(&layer3_chain);
size = i = 0;
LIST_FOREACH(ptr, &layer3_chain.nat, _next) {
if (ptr->lib->logDesc == NULL)
@@ -4708,7 +4697,7 @@
size = cnt * (sof + sizeof(int));
data = realloc(data, size, M_IPFW, M_NOWAIT | M_ZERO);
if (data == NULL) {
- NAT_RUNLOCK(&layer3_chain);
+ IPFW_RUNLOCK(&layer3_chain);
return (ENOSPC);
}
bcopy(&ptr->id, &data[i], sizeof(int));
@@ -4716,7 +4705,7 @@
bcopy(ptr->lib->logDesc, &data[i], sof);
i += sof;
}
- NAT_RUNLOCK(&layer3_chain);
+ IPFW_RUNLOCK(&layer3_chain);
error = sooptcopyout(sopt, data, size);
free(data, M_IPFW);
}
@@ -4911,14 +4900,12 @@
callout_drain(&ipfw_timeout);
IPFW_WLOCK(&layer3_chain);
flush_tables(&layer3_chain);
- NAT_WLOCK(&layer3_chain);
LIST_FOREACH_SAFE(ptr, &layer3_chain.nat, _next, ptr_temp) {
LIST_REMOVE(ptr, _next);
del_redir_spool_cfg(ptr, &ptr->redir_chain);
LibAliasUninit(ptr->lib);
free(ptr, M_IPFW);
}
- NAT_WUNLOCK(&layer3_chain);
EVENTHANDLER_DEREGISTER(ifaddr_event, ifaddr_event_tag);
layer3_chain.reap = NULL;
free_chain(&layer3_chain, 1 /* kill default rule */);
More information about the p4-projects
mailing list