git: b079ca8593ed - main - Revert "if_ovpn: allow peer lookup by vpn4/vpn6 address"

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Kristof Provost <kp_at_FreeBSD.org>
Date: Mon, 26 Dec 2022 21:39:47 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=b079ca8593edb24fec69fc1d9749c014db4384c3

commit b079ca8593edb24fec69fc1d9749c014db4384c3
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-12-26 20:36:02 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-12-26 21:38:10 +0000

    Revert "if_ovpn: allow peer lookup by vpn4/vpn6 address"
    
    This reverts commit 92f0cf77db18502cac9a731cd2f6e8f3cc8a9369.
    
    This change was incorrect, at least because it uses ovpn_kpeer's tree
    for multipbe RB_TREEs.
    
    This is a performance change, not a functional one, so we can revert
    this until it can be fixed.
    
    Reported by:    Gert Doering <gert@greenie.muc.de>
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/net/if_ovpn.c | 81 +++++++++++++------------------------------------------
 1 file changed, 18 insertions(+), 63 deletions(-)

diff --git a/sys/net/if_ovpn.c b/sys/net/if_ovpn.c
index 9244b4088ec9..fa69e5277f75 100644
--- a/sys/net/if_ovpn.c
+++ b/sys/net/if_ovpn.c
@@ -177,8 +177,6 @@ struct ovpn_counters {
 #define OVPN_COUNTER_SIZE (sizeof(struct ovpn_counters)/sizeof(uint64_t))
 
 RB_HEAD(ovpn_kpeers, ovpn_kpeer);
-RB_HEAD(ovpn_kpeers_by_ip, ovpn_kpeer);
-RB_HEAD(ovpn_kpeers_by_ip6, ovpn_kpeer);
 
 struct ovpn_softc {
 	int			 refcount;
@@ -187,8 +185,6 @@ struct ovpn_softc {
 	struct socket		*so;
 	int			 peercount;
 	struct ovpn_kpeers	 peers;
-	struct ovpn_kpeers_by_ip	peers_by_ip;
-	struct ovpn_kpeers_by_ip6	peers_by_ip6;
 
 	/* Pending notification */
 	struct buf_ring		*notifring;
@@ -199,10 +195,6 @@ struct ovpn_softc {
 };
 
 static struct ovpn_kpeer *ovpn_find_peer(struct ovpn_softc *, uint32_t);
-static struct ovpn_kpeer *ovpn_find_peer_by_ip(struct ovpn_softc *,
-    const struct in_addr);
-static struct ovpn_kpeer *ovpn_find_peer_by_ip6(struct ovpn_softc *,
-    const struct in6_addr *);
 static bool ovpn_udp_input(struct mbuf *, int, struct inpcb *,
     const struct sockaddr *, void *);
 static int ovpn_transmit_to_peer(struct ifnet *, struct mbuf *,
@@ -211,23 +203,10 @@ static int ovpn_encap(struct ovpn_softc *, uint32_t, struct mbuf *);
 static int ovpn_get_af(struct mbuf *);
 static void ovpn_free_kkey_dir(struct ovpn_kkey_dir *);
 static bool ovpn_check_replay(struct ovpn_kkey_dir *, uint32_t);
-static int ovpn_peer_compare(const struct ovpn_kpeer *,
-    const struct ovpn_kpeer *);
-static int ovpn_peer_compare_by_ip(const struct ovpn_kpeer *,
-    const struct ovpn_kpeer *);
-static int ovpn_peer_compare_by_ip6(const struct ovpn_kpeer *,
-    const struct ovpn_kpeer *);
+static int ovpn_peer_compare(struct ovpn_kpeer *, struct ovpn_kpeer *);
 
 static RB_PROTOTYPE(ovpn_kpeers, ovpn_kpeer, tree, ovpn_peer_compare);
 static RB_GENERATE(ovpn_kpeers, ovpn_kpeer, tree, ovpn_peer_compare);
-static RB_PROTOTYPE(ovpn_kpeers_by_ip, ovpn_kpeer, tree,
-    ovpn_peer_compare_by_ip);
-static RB_GENERATE(ovpn_kpeers_by_ip, ovpn_kpeer, tree,
-    ovpn_peer_compare_by_ip);
-static RB_PROTOTYPE(ovpn_kpeers_by_ip6, ovpn_kpeer, tree,
-    ovpn_peer_compare_by_ip6);
-static RB_GENERATE(ovpn_kpeers_by_ip6, ovpn_kpeer, tree,
-    ovpn_peer_compare_by_ip6);
 
 #define OVPN_MTU_MIN		576
 #define OVPN_MTU_MAX		(IP_MAXPACKET - sizeof(struct ip) - \
@@ -295,24 +274,11 @@ SYSCTL_INT(_net_link_openvpn, OID_AUTO, netisr_queue,
 	"Use netisr_queue() rather than netisr_dispatch().");
 
 static int
-ovpn_peer_compare(const struct ovpn_kpeer *a, const struct ovpn_kpeer *b)
+ovpn_peer_compare(struct ovpn_kpeer *a, struct ovpn_kpeer *b)
 {
 	return (a->peerid - b->peerid);
 }
 
-static int
-ovpn_peer_compare_by_ip(const struct ovpn_kpeer *a, const struct ovpn_kpeer *b)
-{
-	return (memcmp(&a->vpn4, &b->vpn4, sizeof(a->vpn4)));
-}
-
-static int
-ovpn_peer_compare_by_ip6(const struct ovpn_kpeer *a,
-    const struct ovpn_kpeer *b)
-{
-	return (memcmp(&a->vpn6, &b->vpn6, sizeof(a->vpn6)));
-}
-
 static struct ovpn_kpeer *
 ovpn_find_peer(struct ovpn_softc *sc, uint32_t peerid)
 {
@@ -643,14 +609,8 @@ ovpn_new_peer(struct ifnet *ifp, const nvlist_t *nvl)
 	if (sc->so == NULL)
 		sc->so = so;
 
-	/* Insert the peer into the lists. */
+	/* Insert the peer into the list. */
 	RB_INSERT(ovpn_kpeers, &sc->peers, peer);
-	if (nvlist_exists_binary(nvl, "vpn_ipv4")) {
-		RB_INSERT(ovpn_kpeers_by_ip, &sc->peers_by_ip, peer);
-	}
-	if (nvlist_exists_binary(nvl, "vpn_ipv6")) {
-		RB_INSERT(ovpn_kpeers_by_ip6, &sc->peers_by_ip6, peer);
-	}
 	sc->peercount++;
 	soref(sc->so);
 
@@ -661,12 +621,6 @@ ovpn_new_peer(struct ifnet *ifp, const nvlist_t *nvl)
 	}
 	if (ret != 0) {
 		RB_REMOVE(ovpn_kpeers, &sc->peers, peer);
-		if (nvlist_exists_binary(nvl, "vpn_ipv4")) {
-			RB_REMOVE(ovpn_kpeers_by_ip, &sc->peers_by_ip, peer);
-		}
-		if (nvlist_exists_binary(nvl, "vpn_ipv6")) {
-			RB_REMOVE(ovpn_kpeers_by_ip6, &sc->peers_by_ip6, peer);
-		}
 		sc->peercount--;
 		goto error_locked;
 	}
@@ -692,7 +646,7 @@ done:
 static int
 _ovpn_del_peer(struct ovpn_softc *sc, struct ovpn_kpeer *peer)
 {
-	struct ovpn_kpeer *tmp;
+	struct ovpn_kpeer *tmp __diagused;
 
 	OVPN_WASSERT(sc);
 	CURVNET_ASSERT_SET();
@@ -702,13 +656,6 @@ _ovpn_del_peer(struct ovpn_softc *sc, struct ovpn_kpeer *peer)
 	tmp = RB_REMOVE(ovpn_kpeers, &sc->peers, peer);
 	MPASS(tmp != NULL);
 
-	tmp = ovpn_find_peer_by_ip(sc, peer->vpn4);
-	if (tmp)
-		RB_REMOVE(ovpn_kpeers_by_ip, &sc->peers_by_ip, tmp);
-	tmp = ovpn_find_peer_by_ip6(sc, &peer->vpn6);
-	if (tmp)
-		RB_REMOVE(ovpn_kpeers_by_ip6, &sc->peers_by_ip6, tmp);
-
 	sc->peercount--;
 
 	ovpn_peer_release_ref(peer, true);
@@ -1718,25 +1665,33 @@ ovpn_get_af(struct mbuf *m)
 static struct ovpn_kpeer *
 ovpn_find_peer_by_ip(struct ovpn_softc *sc, const struct in_addr addr)
 {
-	struct ovpn_kpeer peer;
+	struct ovpn_kpeer *peer = NULL;
 
 	OVPN_ASSERT(sc);
 
-	peer.vpn4 = addr;
+	/* TODO: Add a second RB so we can look up by IP. */
+	RB_FOREACH(peer, ovpn_kpeers, &sc->peers) {
+		if (addr.s_addr == peer->vpn4.s_addr)
+			return (peer);
+	}
 
-	return (RB_FIND(ovpn_kpeers_by_ip, &sc->peers_by_ip, &peer));
+	return (peer);
 }
 
 static struct ovpn_kpeer *
 ovpn_find_peer_by_ip6(struct ovpn_softc *sc, const struct in6_addr *addr)
 {
-	struct ovpn_kpeer peer;
+	struct ovpn_kpeer *peer = NULL;
 
 	OVPN_ASSERT(sc);
 
-	peer.vpn6 = *addr;
+	/* TODO: Add a third RB so we can look up by IPv6 address. */
+	RB_FOREACH(peer, ovpn_kpeers, &sc->peers) {
+		if (memcmp(addr, &peer->vpn6, sizeof(*addr)) == 0)
+			return (peer);
+	}
 
-	return (RB_FIND(ovpn_kpeers_by_ip6, &sc->peers_by_ip6, &peer));
+	return (peer);
 }
 
 static struct ovpn_kpeer *