git: 18d04cd2d42c - main - pf: align IPv6 dummynet handling with IPv4
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 23 Nov 2021 17:48:12 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=18d04cd2d42c16209c8f615bb9735dded328915b
commit 18d04cd2d42c16209c8f615bb9735dded328915b
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2021-11-22 20:28:10 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2021-11-23 15:46:15 +0000
pf: align IPv6 dummynet handling with IPv4
In e5c4987e3f we fixed issues with nat and dummynet, but only changed
the IPv4 code. Make the same change for IPv6 as well.
Reviewed by: glebius
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D33086
---
sys/netpfil/pf/pf.c | 87 ++++++++++++++++++++++++++++-------------------------
1 file changed, 46 insertions(+), 41 deletions(-)
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 1ddb61836e2e..34fa7918d697 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -6873,6 +6873,7 @@ done:
if (ip_dn_io_ptr == NULL) {
m_freem(*m0);
*m0 = NULL;
+ action = PF_DROP;
REASON_SET(&reason, PFRES_MEMORY);
} else {
struct ip_fw_args dnflow;
@@ -6951,6 +6952,13 @@ pf_test6(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, struct inpcb
}
pd.pf_mtag->flags |= PF_PACKET_LOOPED;
m_tag_delete(m, ipfwtag);
+ if (rr->info & IPFW_IS_DUMMYNET) {
+ /* Dummynet re-injects packets after they've
+ * completed their delay. We've already
+ * processed them, so pass unconditionally. */
+ PF_RULES_RUNLOCK();
+ return (PF_PASS);
+ }
}
} else if (pf_normalize_ip6(m0, dir, kif, &reason, &pd) != PF_PASS) {
action = PF_DROP;
@@ -7211,47 +7219,6 @@ done:
}
#endif /* ALTQ */
- if (s && (s->dnpipe || s->dnrpipe)) {
- pd.act.dnpipe = s->dnpipe;
- pd.act.dnrpipe = s->dnrpipe;
- pd.act.flags = s->state_flags;
- } else {
- pd.act.dnpipe = r->dnpipe;
- pd.act.dnrpipe = r->dnrpipe;
- pd.act.flags = r->free_flags;
- }
- if ((pd.act.dnpipe || pd.act.dnrpipe) && !PACKET_LOOPED(&pd)) {
- if (ip_dn_io_ptr == NULL) {
- action = PF_DROP;
- REASON_SET(&reason, PFRES_MEMORY);
- } else {
- struct ip_fw_args dnflow;
-
- if (pd.pf_mtag == NULL &&
- ((pd.pf_mtag = pf_get_mtag(m)) == NULL)) {
- action = PF_DROP;
- REASON_SET(&reason, PFRES_MEMORY);
- if (s)
- PF_STATE_UNLOCK(s);
- return (action);
- }
-
- if (pf_pdesc_to_dnflow(dir, &pd, r, s, &dnflow)) {
- ip_dn_io_ptr(m0, &dnflow);
-
- if (*m0 == NULL) {
- if (s)
- PF_STATE_UNLOCK(s);
- return (action);
- } else {
- /* This is dummynet fast io processing */
- m_tag_delete(*m0, m_tag_first(*m0));
- pd.pf_mtag->flags &= ~PF_PACKET_LOOPED;
- }
- }
- }
- }
-
if (dir == PF_IN && action == PF_PASS && (pd.proto == IPPROTO_TCP ||
pd.proto == IPPROTO_UDP) && s != NULL && s->nat_rule.ptr != NULL &&
(s->nat_rule.ptr->action == PF_RDR ||
@@ -7348,6 +7315,44 @@ done:
pf_route6(m0, r, dir, kif->pfik_ifp, s, &pd, inp);
return (action);
}
+ /* Dummynet processing. */
+ if (s && (s->dnpipe || s->dnrpipe)) {
+ pd.act.dnpipe = s->dnpipe;
+ pd.act.dnrpipe = s->dnrpipe;
+ pd.act.flags = s->state_flags;
+ } else {
+ pd.act.dnpipe = r->dnpipe;
+ pd.act.dnrpipe = r->dnrpipe;
+ pd.act.flags = r->free_flags;
+ }
+ if (pd.act.dnpipe || pd.act.dnrpipe) {
+ if (ip_dn_io_ptr == NULL) {
+ m_freem(*m0);
+ *m0 = NULL;
+ action = PF_DROP;
+ REASON_SET(&reason, PFRES_MEMORY);
+ } else {
+ struct ip_fw_args dnflow;
+
+ if (pd.pf_mtag == NULL &&
+ ((pd.pf_mtag = pf_get_mtag(m)) == NULL)) {
+ m_freem(*m0);
+ *m0 = NULL;
+ action = PF_DROP;
+ REASON_SET(&reason, PFRES_MEMORY);
+ if (s)
+ PF_STATE_UNLOCK(s);
+ return (action);
+ }
+
+ if (pf_pdesc_to_dnflow(dir, &pd, r, s, &dnflow)) {
+ ip_dn_io_ptr(m0, &dnflow);
+
+ if (*m0 == NULL)
+ action = PF_DROP;
+ }
+ }
+ }
break;
}