git: 99b0270adc2a - main - sockets: hide socket hhook(9)s under SOCKET_HHOOK
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 06 May 2024 19:49:43 UTC
The branch main has been updated by glebius:
URL: https://cgit.FreeBSD.org/src/commit/?id=99b0270adc2a99fbcb089ee5ee6e8d25dd32f407
commit 99b0270adc2a99fbcb089ee5ee6e8d25dd32f407
Author: Gleb Smirnoff <glebius@FreeBSD.org>
AuthorDate: 2024-05-06 19:49:29 +0000
Commit: Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2024-05-06 19:49:29 +0000
sockets: hide socket hhook(9)s under SOCKET_HHOOK
There are no in-tree consumers of these hooks.
Reviewed by: stevek
Differential Revision: https://reviews.freebsd.org/D44928
---
sys/conf/NOTES | 2 ++
sys/conf/options | 1 +
sys/kern/uipc_socket.c | 52 +++++++++++++++++++++++++++++++++++---------------
3 files changed, 40 insertions(+), 15 deletions(-)
diff --git a/sys/conf/NOTES b/sys/conf/NOTES
index 5819eeb57b2d..fec65452ba0f 100644
--- a/sys/conf/NOTES
+++ b/sys/conf/NOTES
@@ -1029,6 +1029,7 @@ device wg
# TCP_BLACKBOX enables enhanced TCP event logging.
#
# TCP_HHOOK enables the hhook(9) framework hooks for the TCP stack.
+# SOCKET_HHOOK enables the hhook(9) framework hooks for socket operations.
#
# ROUTE_MPATH provides support for multipath routing.
#
@@ -1050,6 +1051,7 @@ options PF_DEFAULT_TO_DROP #drop everything by default
options TCPPCAP
options TCP_BLACKBOX
options TCP_HHOOK
+options SOCKET_HHOOK
options ROUTE_MPATH
# The MBUF_STRESS_TEST option enables options which create
diff --git a/sys/conf/options b/sys/conf/options
index fcab21ad7e78..40c24799aa0c 100644
--- a/sys/conf/options
+++ b/sys/conf/options
@@ -208,6 +208,7 @@ SCHED_STATS opt_sched.h
SCHED_ULE opt_sched.h
SLEEPQUEUE_PROFILING
SLHCI_DEBUG opt_slhci.h
+SOCKET_HHOOK opt_global.h
STACK opt_stack.h
SUIDDIR
MSGMNB opt_sysvipc.h
diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c
index f0b36fc5595e..f0d22b3887a4 100644
--- a/sys/kern/uipc_socket.c
+++ b/sys/kern/uipc_socket.c
@@ -173,7 +173,6 @@ static int filt_soread(struct knote *kn, long hint);
static void filt_sowdetach(struct knote *kn);
static int filt_sowrite(struct knote *kn, long hint);
static int filt_soempty(struct knote *kn, long hint);
-static int inline hhook_run_socket(struct socket *so, void *hctx, int32_t h_id);
fo_kqfilter_t soo_kqfilter;
static struct filterops soread_filtops = {
@@ -201,8 +200,11 @@ MALLOC_DEFINE(M_PCB, "pcb", "protocol control block");
VNET_ASSERT(curvnet != NULL, \
("%s:%d curvnet is NULL, so=%p", __func__, __LINE__, (so)));
+#ifdef SOCKET_HHOOK
VNET_DEFINE(struct hhook_head *, socket_hhh[HHOOK_SOCKET_LAST + 1]);
#define V_socket_hhh VNET(socket_hhh)
+static inline int hhook_run_socket(struct socket *, void *, int32_t);
+#endif
/*
* Limit on the number of connections in the listen queue waiting
@@ -276,6 +278,20 @@ socket_zone_change(void *tag)
maxsockets = uma_zone_set_max(socket_zone, maxsockets);
}
+static void
+socket_init(void *tag)
+{
+
+ socket_zone = uma_zcreate("socket", sizeof(struct socket), NULL, NULL,
+ NULL, NULL, UMA_ALIGN_PTR, 0);
+ maxsockets = uma_zone_set_max(socket_zone, maxsockets);
+ uma_zone_set_warning(socket_zone, "kern.ipc.maxsockets limit reached");
+ EVENTHANDLER_REGISTER(maxsockets_change, socket_zone_change, NULL,
+ EVENTHANDLER_PRI_FIRST);
+}
+SYSINIT(socket, SI_SUB_PROTO_DOMAININIT, SI_ORDER_ANY, socket_init, NULL);
+
+#ifdef SOCKET_HHOOK
static void
socket_hhook_register(int subtype)
{
@@ -294,19 +310,6 @@ socket_hhook_deregister(int subtype)
printf("%s: WARNING: unable to deregister hook\n", __func__);
}
-static void
-socket_init(void *tag)
-{
-
- socket_zone = uma_zcreate("socket", sizeof(struct socket), NULL, NULL,
- NULL, NULL, UMA_ALIGN_PTR, 0);
- maxsockets = uma_zone_set_max(socket_zone, maxsockets);
- uma_zone_set_warning(socket_zone, "kern.ipc.maxsockets limit reached");
- EVENTHANDLER_REGISTER(maxsockets_change, socket_zone_change, NULL,
- EVENTHANDLER_PRI_FIRST);
-}
-SYSINIT(socket, SI_SUB_PROTO_DOMAININIT, SI_ORDER_ANY, socket_init, NULL);
-
static void
socket_vnet_init(const void *unused __unused)
{
@@ -329,6 +332,7 @@ socket_vnet_uninit(const void *unused __unused)
}
VNET_SYSUNINIT(socket_vnet_uninit, SI_SUB_PROTO_DOMAININIT, SI_ORDER_ANY,
socket_vnet_uninit, NULL);
+#endif /* SOCKET_HHOOK */
/*
* Initialise maxsockets. This SYSINIT must be run after
@@ -423,12 +427,14 @@ soalloc(struct vnet *vnet)
__func__, __LINE__, so));
so->so_vnet = vnet;
#endif
+#ifdef SOCKET_HHOOK
/* We shouldn't need the so_global_mtx */
if (hhook_run_socket(so, NULL, HHOOK_SOCKET_CREATE)) {
/* Do we need more comprehensive error returns? */
uma_zfree(socket_zone, so);
return (NULL);
}
+#endif
mtx_lock(&so_global_mtx);
so->so_gencnt = ++so_gencnt;
++numopensockets;
@@ -464,7 +470,9 @@ sodealloc(struct socket *so)
#ifdef MAC
mac_socket_destroy(so);
#endif
+#ifdef SOCKET_HHOOK
hhook_run_socket(so, NULL, HHOOK_SOCKET_CLOSE);
+#endif
khelp_destroy_osd(&so->osd);
if (SOLISTENING(so)) {
@@ -773,6 +781,7 @@ solisten_clone(struct socket *head)
so->so_fibnum = head->so_fibnum;
so->so_proto = head->so_proto;
so->so_cred = crhold(head->so_cred);
+#ifdef SOCKET_HHOOK
if (V_socket_hhh[HHOOK_SOCKET_NEWCONN]->hhh_nhooks > 0) {
if (hhook_run_socket(so, head, HHOOK_SOCKET_NEWCONN)) {
sodealloc(so);
@@ -780,6 +789,7 @@ solisten_clone(struct socket *head)
return (NULL);
}
}
+#endif
#ifdef MAC
mac_socket_newconn(head, so);
#endif
@@ -3019,11 +3029,12 @@ sorflush(struct socket *so)
}
+#ifdef SOCKET_HHOOK
/*
* Wrapper for Socket established helper hook.
* Parameters: socket, context of the hook point, hook id.
*/
-static int inline
+static inline int
hhook_run_socket(struct socket *so, void *hctx, int32_t h_id)
{
struct socket_hhook_data hhook_data = {
@@ -3040,6 +3051,7 @@ hhook_run_socket(struct socket *so, void *hctx, int32_t h_id)
/* Ugly but needed, since hhooks return void for now */
return (hhook_data.status);
}
+#endif
/*
* Perhaps this routine, and sooptcopyout(), below, ought to come in an
@@ -3268,10 +3280,12 @@ sosetopt(struct socket *so, struct sockopt *sopt)
break;
default:
+#ifdef SOCKET_HHOOK
if (V_socket_hhh[HHOOK_SOCKET_OPT]->hhh_nhooks > 0)
error = hhook_run_socket(so, sopt,
HHOOK_SOCKET_OPT);
else
+#endif
error = ENOPROTOOPT;
break;
}
@@ -3485,10 +3499,12 @@ integer:
goto integer;
default:
+#ifdef SOCKET_HHOOK
if (V_socket_hhh[HHOOK_SOCKET_OPT]->hhh_nhooks > 0)
error = hhook_run_socket(so, sopt,
HHOOK_SOCKET_OPT);
else
+#endif
error = ENOPROTOOPT;
break;
}
@@ -3785,8 +3801,12 @@ filt_soread(struct knote *kn, long hint)
} else if (sbavail(&so->so_rcv) >= so->so_rcv.sb_lowat)
return (1);
+#ifdef SOCKET_HHOOK
/* This hook returning non-zero indicates an event, not error */
return (hhook_run_socket(so, NULL, HHOOK_FILT_SOREAD));
+#else
+ return (0);
+#endif
}
static void
@@ -3815,7 +3835,9 @@ filt_sowrite(struct knote *kn, long hint)
SOCK_SENDBUF_LOCK_ASSERT(so);
kn->kn_data = sbspace(&so->so_snd);
+#ifdef SOCKET_HHOOK
hhook_run_socket(so, kn, HHOOK_FILT_SOWRITE);
+#endif
if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
kn->kn_flags |= EV_EOF;