svn commit: r362009 - stable/12/sys/net

Fri Jun 12 13:44:55 UTC 2020

On Wed, 10 Jun 2020 13:06:13 +0000 (UTC)
"Andrey V. Elsukov" <ae at freebsd.org> wrote:

> Author: ae
> Date: Wed Jun 10 13:06:13 2020
> New Revision: 362009
> URL: https://svnweb.freebsd.org/changeset/base/362009
> 
> Log:
>   MFC r361749:
>     Add if_reassign method to all tunneling interfaces.
>   
>     After r339550 tunneling interfaces have started handle appearing
> and disappearing of ingress IP address on the host system.
>     When such interfaces are moving into VNET jail, they lose ability
> to properly handle ifaddr_event_ext event. And this leads to need to
>     reconfigure tunnel to make it working again.
>   
>     Since moving an interface into VNET jail leads to removing of all
> IP addresses, it looks consistent, that tunnel configuration should
> also be cleared. This is what will do if_reassign method.

Sorry for not noticing this one before, but albeit jumping in late, I
have to state two objections:

1) what exactly is the use-case / purpose of moving clonable interfaces
from one vnet to another while removing their tunnel configs?
Apparently gif / gre already have virtualized cloners, so if a vnet
owner needs a new instance of gif / gre, it can create it there?  We
should either entirely prohibit moving such ifnets to child vnets, or
allow their tunnel endpoints to exist in the parent vnet space, while
permitting the traffic from child vnets to be encapsulated.

2) the behavior introduced by this change is inconsistent with how other
clonable interfaces have worked since 8.0, e.g if_vlan instances can be
moved (loaned) to a child vnet, and in such cases they remain tied to
their parent (physical) ethernet ifnets. Similarly, ng_eiface can be
loaned to a chiled vnet, but its netgraph part remains in the parent
vnet.

So now we got a confusion++, perhaps for a good reason, but I fail to
see the proper justification (execpt that someone wanted to see this
patch commited).

Cheers,

Marko

>   
>     Reported by:	John W. O'Brien <john saltant com>
> 
> Modified:
>   stable/12/sys/net/if_gif.c
>   stable/12/sys/net/if_gre.c
>   stable/12/sys/net/if_ipsec.c
>   stable/12/sys/net/if_me.c
> Directory Properties:
>   stable/12/   (props changed)
> 
> Modified: stable/12/sys/net/if_gif.c
> ==============================================================================
> --- stable/12/sys/net/if_gif.c	Wed Jun 10 09:31:37 2020
> (r362008) +++ stable/12/sys/net/if_gif.c	Wed Jun 10 13:06:13
> 2020	(r362009) @@ -104,6 +104,9 @@ void
> (*ng_gif_input_orphan_p)(struct ifnet *ifp, struc void
> (*ng_gif_attach_p)(struct ifnet *ifp); void
> (*ng_gif_detach_p)(struct ifnet *ifp); 
> +#ifdef VIMAGE
> +static void	gif_reassign(struct ifnet *, struct vnet *, char
> *); +#endif
>  static void	gif_delete_tunnel(struct gif_softc *);
>  static int	gif_ioctl(struct ifnet *, u_long, caddr_t);
>  static int	gif_transmit(struct ifnet *, struct mbuf *);
> @@ -150,6 +153,9 @@ gif_clone_create(struct if_clone *ifc, int unit,
> caddr GIF2IFP(sc)->if_transmit = gif_transmit;
>  	GIF2IFP(sc)->if_qflush = gif_qflush;
>  	GIF2IFP(sc)->if_output = gif_output;
> +#ifdef VIMAGE
> +	GIF2IFP(sc)->if_reassign = gif_reassign;
> +#endif
>  	GIF2IFP(sc)->if_capabilities |= IFCAP_LINKSTATE;
>  	GIF2IFP(sc)->if_capenable |= IFCAP_LINKSTATE;
>  	if_attach(GIF2IFP(sc));
> @@ -159,6 +165,21 @@ gif_clone_create(struct if_clone *ifc, int unit,
> caddr 
>  	return (0);
>  }
> +
> +#ifdef VIMAGE
> +static void
> +gif_reassign(struct ifnet *ifp, struct vnet *new_vnet __unused,
> +    char *unused __unused)
> +{
> +	struct gif_softc *sc;
> +
> +	sx_xlock(&gif_ioctl_sx);
> +	sc = ifp->if_softc;
> +	if (sc != NULL)
> +		gif_delete_tunnel(sc);
> +	sx_xunlock(&gif_ioctl_sx);
> +}
> +#endif /* VIMAGE */
>  
>  static void
>  gif_clone_destroy(struct ifnet *ifp)
> 
> Modified: stable/12/sys/net/if_gre.c
> ==============================================================================
> --- stable/12/sys/net/if_gre.c	Wed Jun 10 09:31:37 2020
> (r362008) +++ stable/12/sys/net/if_gre.c	Wed Jun 10 13:06:13
> 2020	(r362009) @@ -107,6 +107,9 @@ static void
> gre_clone_destroy(struct ifnet *); VNET_DEFINE_STATIC(struct if_clone
> *, gre_cloner); #define	V_gre_cloner	VNET(gre_cloner)
>  
> +#ifdef VIMAGE
> +static void	gre_reassign(struct ifnet *, struct vnet *, char
> *); +#endif
>  static void	gre_qflush(struct ifnet *);
>  static int	gre_transmit(struct ifnet *, struct mbuf *);
>  static int	gre_ioctl(struct ifnet *, u_long, caddr_t);
> @@ -183,12 +186,30 @@ gre_clone_create(struct if_clone *ifc, int
> unit, caddr GRE2IFP(sc)->if_ioctl = gre_ioctl;
>  	GRE2IFP(sc)->if_transmit = gre_transmit;
>  	GRE2IFP(sc)->if_qflush = gre_qflush;
> +#ifdef VIMAGE
> +	GRE2IFP(sc)->if_reassign = gre_reassign;
> +#endif
>  	GRE2IFP(sc)->if_capabilities |= IFCAP_LINKSTATE;
>  	GRE2IFP(sc)->if_capenable |= IFCAP_LINKSTATE;
>  	if_attach(GRE2IFP(sc));
>  	bpfattach(GRE2IFP(sc), DLT_NULL, sizeof(u_int32_t));
>  	return (0);
>  }
> +
> +#ifdef VIMAGE
> +static void
> +gre_reassign(struct ifnet *ifp, struct vnet *new_vnet __unused,
> +    char *unused __unused)
> +{
> +	struct gre_softc *sc;
> +
> +	sx_xlock(&gre_ioctl_sx);
> +	sc = ifp->if_softc;
> +	if (sc != NULL)
> +		gre_delete_tunnel(sc);
> +	sx_xunlock(&gre_ioctl_sx);
> +}
> +#endif /* VIMAGE */
>  
>  static void
>  gre_clone_destroy(struct ifnet *ifp)
> 
> Modified: stable/12/sys/net/if_ipsec.c
> ==============================================================================
> --- stable/12/sys/net/if_ipsec.c	Wed Jun 10 09:31:37
> 2020	(r362008) +++ stable/12/sys/net/if_ipsec.c	Wed Jun
> 10 13:06:13 2020	(r362009) @@ -169,6 +169,9 @@ static
> int	ipsec_set_addresses(struct ifnet *, struct static
> int	ipsec_set_reqid(struct ipsec_softc *, uint32_t); static
> void	ipsec_set_running(struct ipsec_softc *); 
> +#ifdef VIMAGE
> +static void	ipsec_reassign(struct ifnet *, struct vnet *,
> char *); +#endif
>  static void	ipsec_srcaddr(void *, const struct sockaddr *,
> int); static int	ipsec_ioctl(struct ifnet *, u_long, caddr_t);
>  static int	ipsec_transmit(struct ifnet *, struct mbuf *);
> @@ -200,11 +203,29 @@ ipsec_clone_create(struct if_clone *ifc, int
> unit, cad ifp->if_transmit  = ipsec_transmit;
>  	ifp->if_qflush  = ipsec_qflush;
>  	ifp->if_output = ipsec_output;
> +#ifdef VIMAGE
> +	ifp->if_reassign = ipsec_reassign;
> +#endif
>  	if_attach(ifp);
>  	bpfattach(ifp, DLT_NULL, sizeof(uint32_t));
>  
>  	return (0);
>  }
> +
> +#ifdef VIMAGE
> +static void
> +ipsec_reassign(struct ifnet *ifp, struct vnet *new_vnet __unused,
> +    char *unused __unused)
> +{
> +	struct ipsec_softc *sc;
> +
> +	sx_xlock(&ipsec_ioctl_sx);
> +	sc = ifp->if_softc;
> +	if (sc != NULL)
> +		ipsec_delete_tunnel(sc);
> +	sx_xunlock(&ipsec_ioctl_sx);
> +}
> +#endif /* VIMAGE */
>  
>  static void
>  ipsec_clone_destroy(struct ifnet *ifp)
> 
> Modified: stable/12/sys/net/if_me.c
> ==============================================================================
> --- stable/12/sys/net/if_me.c	Wed Jun 10 09:31:37 2020
> (r362008) +++ stable/12/sys/net/if_me.c	Wed Jun 10 13:06:13
> 2020	(r362009) @@ -113,6 +113,9 @@ static void
> me_clone_destroy(struct ifnet *); VNET_DEFINE_STATIC(struct if_clone
> *, me_cloner); #define	V_me_cloner	VNET(me_cloner)
>  
> +#ifdef VIMAGE
> +static void	me_reassign(struct ifnet *, struct vnet *, char
> *); +#endif
>  static void	me_qflush(struct ifnet *);
>  static int	me_transmit(struct ifnet *, struct mbuf *);
>  static int	me_ioctl(struct ifnet *, u_long, caddr_t);
> @@ -200,12 +203,30 @@ me_clone_create(struct if_clone *ifc, int unit,
> caddr_ ME2IFP(sc)->if_ioctl = me_ioctl;
>  	ME2IFP(sc)->if_transmit = me_transmit;
>  	ME2IFP(sc)->if_qflush = me_qflush;
> +#ifdef VIMAGE
> +	ME2IFP(sc)->if_reassign = me_reassign;
> +#endif
>  	ME2IFP(sc)->if_capabilities |= IFCAP_LINKSTATE;
>  	ME2IFP(sc)->if_capenable |= IFCAP_LINKSTATE;
>  	if_attach(ME2IFP(sc));
>  	bpfattach(ME2IFP(sc), DLT_NULL, sizeof(u_int32_t));
>  	return (0);
>  }
> +
> +#ifdef VIMAGE
> +static void
> +me_reassign(struct ifnet *ifp, struct vnet *new_vnet __unused,
> +    char *unused __unused)
> +{
> +	struct me_softc *sc;
> +
> +	sx_xlock(&me_ioctl_sx);
> +	sc = ifp->if_softc;
> +	if (sc != NULL)
> +		me_delete_tunnel(sc);
> +	sx_xunlock(&me_ioctl_sx);
> +}
> +#endif /* VIMAGE */
>  
>  static void
>  me_clone_destroy(struct ifnet *ifp)