svn commit: r340574 - in stable/11/sys: net netpfil/pf

Kristof Provost kp at FreeBSD.org
Sun Nov 18 12:30:20 UTC 2018 

Author: kp
Date: Sun Nov 18 12:30:18 2018
New Revision: 340574
URL: https://svnweb.freebsd.org/changeset/base/340574

Log:
  MFC r340068:
  
  pfsync: Handle syncdev going away
  
  If the syncdev is removed we no longer need to clean up the multicast
  entry we've got set up for that device.
  
  Pass the ifnet detach event through pf to pfsync, and remove our
  multicast handle, and mark us as no longer having a syncdev.
  
  Note that this callback is always installed, even if the pfsync
  interface is disabled (and thus it's not a per-vnet callback pointer).
  
  Sponsored by:	Orange Business Services

Modified:
  stable/11/sys/net/pfvar.h
  stable/11/sys/netpfil/pf/if_pfsync.c
  stable/11/sys/netpfil/pf/pf_if.c
  stable/11/sys/netpfil/pf/pf_ioctl.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/net/pfvar.h
==============================================================================
--- stable/11/sys/net/pfvar.h	Sun Nov 18 12:30:16 2018	(r340573)
+++ stable/11/sys/net/pfvar.h	Sun Nov 18 12:30:18 2018	(r340574)
@@ -820,6 +820,7 @@ typedef	void		pfsync_update_state_t(struct pf_state *)
 typedef	void		pfsync_delete_state_t(struct pf_state *);
 typedef void		pfsync_clear_states_t(u_int32_t, const char *);
 typedef int		pfsync_defer_t(struct pf_state *, struct mbuf *);
+typedef void		pfsync_detach_ifnet_t(struct ifnet *);
 
 VNET_DECLARE(pfsync_state_import_t *, pfsync_state_import_ptr);
 #define V_pfsync_state_import_ptr	VNET(pfsync_state_import_ptr)
@@ -833,6 +834,7 @@ VNET_DECLARE(pfsync_clear_states_t *, pfsync_clear_sta
 #define V_pfsync_clear_states_ptr	VNET(pfsync_clear_states_ptr)
 VNET_DECLARE(pfsync_defer_t *, pfsync_defer_ptr);
 #define V_pfsync_defer_ptr		VNET(pfsync_defer_ptr)
+extern pfsync_detach_ifnet_t	*pfsync_detach_ifnet_ptr;
 
 void			pfsync_state_export(struct pfsync_state *,
 			    struct pf_state *);

Modified: stable/11/sys/netpfil/pf/if_pfsync.c
==============================================================================
--- stable/11/sys/netpfil/pf/if_pfsync.c	Sun Nov 18 12:30:16 2018	(r340573)
+++ stable/11/sys/netpfil/pf/if_pfsync.c	Sun Nov 18 12:30:18 2018	(r340574)
@@ -279,6 +279,7 @@ static void	pfsync_bulk_status(u_int8_t);
 static void	pfsync_bulk_update(void *);
 static void	pfsync_bulk_fail(void *);
 
+static void	pfsync_detach_ifnet(struct ifnet *);
 #ifdef IPSEC
 static void	pfsync_update_net_tdb(struct pfsync_tdb *);
 #endif
@@ -2290,6 +2291,29 @@ pfsync_multicast_cleanup(struct pfsync_softc *sc)
 	imo->imo_multicast_ifp = NULL;
 }
 
+void
+pfsync_detach_ifnet(struct ifnet *ifp)
+{
+	struct pfsync_softc *sc = V_pfsyncif;
+
+	if (sc == NULL)
+		return;
+
+	PFSYNC_LOCK(sc);
+
+	if (sc->sc_sync_if == ifp) {
+		/* We don't need mutlicast cleanup here, because the interface
+		 * is going away. We do need to ensure we don't try to do
+		 * cleanup later.
+		 */
+		sc->sc_imo.imo_membership = NULL;
+		sc->sc_imo.imo_multicast_ifp = NULL;
+		sc->sc_sync_if = NULL;
+	}
+
+	PFSYNC_UNLOCK(sc);
+}
+
 #ifdef INET
 extern  struct domain inetdomain;
 static struct protosw in_pfsync_protosw = {
@@ -2370,6 +2394,8 @@ pfsync_init()
 #ifdef INET
 	int error;
 
+	pfsync_detach_ifnet_ptr = pfsync_detach_ifnet;
+
 	error = pf_proto_register(PF_INET, &in_pfsync_protosw);
 	if (error)
 		return (error);
@@ -2386,6 +2412,7 @@ pfsync_init()
 static void
 pfsync_uninit()
 {
+	pfsync_detach_ifnet_ptr = NULL;
 
 #ifdef INET
 	ipproto_unregister(IPPROTO_PFSYNC);

Modified: stable/11/sys/netpfil/pf/pf_if.c
==============================================================================
--- stable/11/sys/netpfil/pf/pf_if.c	Sun Nov 18 12:30:16 2018	(r340573)
+++ stable/11/sys/netpfil/pf/pf_if.c	Sun Nov 18 12:30:18 2018	(r340574)
@@ -829,6 +829,9 @@ pfi_detach_ifnet_event(void *arg __unused, struct ifne
 {
 	struct pfi_kif *kif = (struct pfi_kif *)ifp->if_pf_kif;
 
+	if (pfsync_detach_ifnet_ptr)
+		pfsync_detach_ifnet_ptr(ifp);
+
 	if (kif == NULL)
 		return;
 
@@ -838,6 +841,7 @@ pfi_detach_ifnet_event(void *arg __unused, struct ifne
 		CURVNET_RESTORE();
 		return;
 	}
+
 	PF_RULES_WLOCK();
 	V_pfi_update++;
 	pfi_kif_update(kif);

Modified: stable/11/sys/netpfil/pf/pf_ioctl.c
==============================================================================
--- stable/11/sys/netpfil/pf/pf_ioctl.c	Sun Nov 18 12:30:16 2018	(r340573)
+++ stable/11/sys/netpfil/pf/pf_ioctl.c	Sun Nov 18 12:30:18 2018	(r340574)
@@ -210,6 +210,7 @@ VNET_DEFINE(pfsync_update_state_t *, pfsync_update_sta
 VNET_DEFINE(pfsync_delete_state_t *, pfsync_delete_state_ptr);
 VNET_DEFINE(pfsync_clear_states_t *, pfsync_clear_states_ptr);
 VNET_DEFINE(pfsync_defer_t *, pfsync_defer_ptr);
+pfsync_detach_ifnet_t *pfsync_detach_ifnet_ptr;
 
 /* pflog */
 pflog_packet_t			*pflog_packet_ptr = NULL;

More information about the svn-src-all mailing list