svn commit: r233846 - head/sys/contrib/pf/net

Gleb Smirnoff glebius at FreeBSD.org
Tue Apr 3 18:09:21 UTC 2012 

Author: glebius
Date: Tue Apr  3 18:09:20 2012
New Revision: 233846
URL: http://svn.freebsd.org/changeset/base/233846

Log:
  Since pf 4.5 import pf(4) has a mechanism to defer
  forwarding a packet, that creates state, until
  pfsync(4) peer acks state addition (or 10 msec
  timeout passes).
  
  This is needed for active-active CARP configurations,
  which are poorly supported in FreeBSD and arguably
  a good idea at all.
  
  Unfortunately by the time of import this feature in
  OpenBSD was turned on, and did not have a switch to
  turn it off. This leaked to FreeBSD.
  
  This change make it possible to turn this feature
  off via ioctl() and turns it off by default.
  
  Obtained from:	OpenBSD

Modified:
  head/sys/contrib/pf/net/if_pfsync.c
  head/sys/contrib/pf/net/if_pfsync.h

Modified: head/sys/contrib/pf/net/if_pfsync.c
==============================================================================
--- head/sys/contrib/pf/net/if_pfsync.c	Tue Apr  3 17:48:42 2012	(r233845)
+++ head/sys/contrib/pf/net/if_pfsync.c	Tue Apr  3 18:09:20 2012	(r233846)
@@ -50,6 +50,7 @@
  * 1.128 - cleanups
  * 1.146 - bzero() mbuf before sparsely filling it with data
  * 1.170 - SIOCSIFMTU checks
+ * 1.126, 1.142 - deferred packets processing
  */
 
 #ifdef __FreeBSD__
@@ -262,6 +263,7 @@ struct pfsync_softc {
 
 	struct pfsync_upd_reqs	 sc_upd_req_list;
 
+	int			 sc_defer;
 	struct pfsync_deferrals	 sc_deferrals;
 	u_int			 sc_deferred;
 
@@ -1805,6 +1807,7 @@ pfsyncioctl(struct ifnet *ifp, u_long cm
 		}
 		pfsyncr.pfsyncr_syncpeer = sc->sc_sync_peer;
 		pfsyncr.pfsyncr_maxupdates = sc->sc_maxupdates;
+		pfsyncr.pfsyncr_defer = sc->sc_defer;
 		return (copyout(&pfsyncr, ifr->ifr_data, sizeof(pfsyncr)));
 
 	case SIOCSETPFSYNC:
@@ -1840,6 +1843,7 @@ pfsyncioctl(struct ifnet *ifp, u_long cm
 		}
 #endif
 		sc->sc_maxupdates = pfsyncr.pfsyncr_maxupdates;
+		sc->sc_defer = pfsyncr.pfsyncr_defer;
 
 		if (pfsyncr.pfsyncr_syncdev[0] == 0) {
 			sc->sc_sync_if = NULL;
@@ -2378,10 +2382,7 @@ pfsync_insert_state(struct pf_state *st)
 
 	pfsync_q_ins(st, PFSYNC_S_INS);
 
-	if (ISSET(st->state_flags, PFSTATE_ACK))
-		schednetisr(NETISR_PFSYNC);
-	else
-		st->sync_updates = 0;
+	st->sync_updates = 0;
 }
 
 int defer = 10;
@@ -2402,6 +2403,9 @@ pfsync_defer(struct pf_state *st, struct
 	splassert(IPL_SOFTNET);
 #endif
 
+	if (!sc->sc_defer || m->m_flags & (M_BCAST|M_MCAST))
+		return (0);
+
 	if (sc->sc_deferred >= 128)
 		pfsync_undefer(TAILQ_FIRST(&sc->sc_deferrals), 0);
 
@@ -2430,6 +2434,8 @@ pfsync_defer(struct pf_state *st, struct
 	timeout_add(&pd->pd_tmo, defer);
 #endif
 
+	swi_sched(V_pfsync_swi_cookie, 0);
+
 	return (1);
 }
 

Modified: head/sys/contrib/pf/net/if_pfsync.h
==============================================================================
--- head/sys/contrib/pf/net/if_pfsync.h	Tue Apr  3 17:48:42 2012	(r233845)
+++ head/sys/contrib/pf/net/if_pfsync.h	Tue Apr  3 18:09:20 2012	(r233846)
@@ -265,7 +265,7 @@ struct pfsyncreq {
 	char		 pfsyncr_syncdev[IFNAMSIZ];
 	struct in_addr	 pfsyncr_syncpeer;
 	int		 pfsyncr_maxupdates;
-	int		 pfsyncr_authlevel;
+	int		 pfsyncr_defer;
 };
 
 #ifdef __FreeBSD__

More information about the svn-src-head mailing list