svn commit: r367740 - stable/12/sys/netinet

George V. Neville-Neil gnn at FreeBSD.org
Tue Nov 17 01:02:01 UTC 2020


Author: gnn
Date: Tue Nov 17 01:02:00 2020
New Revision: 367740
URL: https://svnweb.freebsd.org/changeset/base/367740

Log:
  MFC: 367628, 367635, 367645
  
  An earlier commit effectively turned out the fast forwading path
    due to its lack of support for ICMP redirects. The following commit
    adds redirects to the fastforward path, again allowing for decent
    forwarding performance in the kernel.
  
    Reviewed by: ae, melifaro (also helped with the MFC)
    Sponsored by: Rubicon Communications, LLC (d/b/a "Netgate")

Modified:
  stable/12/sys/netinet/ip_fastfwd.c
  stable/12/sys/netinet/ip_input.c
  stable/12/sys/netinet/ip_var.h
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sys/netinet/ip_fastfwd.c
==============================================================================
--- stable/12/sys/netinet/ip_fastfwd.c	Tue Nov 17 00:35:59 2020	(r367739)
+++ stable/12/sys/netinet/ip_fastfwd.c	Tue Nov 17 01:02:00 2020	(r367740)
@@ -110,6 +110,62 @@ __FBSDID("$FreeBSD$");
 
 #include <machine/in_cksum.h>
 
+#define	V_ipsendredirects	VNET(ipsendredirects)
+
+struct mbuf *
+ip_redir_alloc(struct mbuf *m, struct ip *ip, struct in_addr dest,
+    in_addr_t *addr);
+
+
+struct mbuf *
+ip_redir_alloc(struct mbuf *m, struct ip *ip, struct in_addr dest,
+    in_addr_t *addr)
+{
+	struct sockaddr_in s;
+	struct nhop4_extended nh;
+	struct mbuf *mcopy = m_gethdr(M_NOWAIT, m->m_type);
+
+	if (mcopy == NULL)
+		return (NULL);
+
+	if (fib4_lookup_nh_ext(M_GETFIB(m), dest, 0, 0, &nh) != 0)
+		return (NULL);
+
+	if (m_dup_pkthdr(mcopy, m, M_NOWAIT) == 0) {
+		/*
+		 * It's probably ok if the pkthdr dup fails (because
+		 * the deep copy of the tag chain failed), but for now
+		 * be conservative and just discard the copy since
+		 * code below may some day want the tags.
+		 */
+		m_free(mcopy);
+		return (NULL);
+	}
+	mcopy->m_len = min(ntohs(ip->ip_len), M_TRAILINGSPACE(mcopy));
+	mcopy->m_pkthdr.len = mcopy->m_len;
+	m_copydata(m, 0, mcopy->m_len, mtod(mcopy, caddr_t));
+
+	s.sin_len = sizeof(struct sockaddr_in);
+	s.sin_family= AF_INET;
+	s.sin_addr = nh.nh_src;
+
+	if (((nh.nh_flags & (NHF_REDIRECT|NHF_DEFAULT)) == 0)) {
+		struct in_ifaddr *nh_ia = (struct in_ifaddr *)ifaof_ifpforaddr((struct sockaddr *)&s, nh.nh_ifp);
+		u_long src = ntohl(ip->ip_src.s_addr);
+		
+		if (nh_ia != NULL && (src & nh_ia->ia_subnetmask) == nh_ia->ia_subnet) {
+			if (nh.nh_flags & NHF_GATEWAY)
+				*addr = nh.nh_addr.s_addr;
+			else
+				*addr = ip->ip_dst.s_addr;
+		}
+	}
+
+
+	return (mcopy);
+}
+
+
 static int
 ip_findroute(struct nhop4_basic *pnh, struct in_addr dest, struct mbuf *m)
 {
@@ -157,7 +213,8 @@ ip_tryforward(struct mbuf *m)
 	uint16_t ip_len, ip_off;
 	int error = 0;
 	struct m_tag *fwd_tag = NULL;
-
+	struct mbuf *mcopy = NULL;
+	struct in_addr redest;
 	/*
 	 * Are we active and forwarding packets?
 	 */
@@ -381,6 +438,13 @@ passout:
 	dst.sin_addr = nh.nh_addr;
 
 	/*
+	 * Handle redirect case.
+	 */
+	redest.s_addr = 0;
+	if (V_ipsendredirects && (nh.nh_ifp == m->m_pkthdr.rcvif))
+		mcopy = ip_redir_alloc(m, ip, dest, &redest.s_addr);
+
+	/*
 	 * Check if packet fits MTU or if hardware will fragment for us
 	 */
 	if (ip_len <= nh.nh_mtu) {
@@ -450,7 +514,16 @@ passout:
 		IPSTAT_INC(ips_forward);
 		IPSTAT_INC(ips_fastforward);
 	}
+
+	/* Send required redirect */
+	if (mcopy != NULL) {
+		icmp_error(mcopy, ICMP_REDIRECT, ICMP_REDIRECT_HOST, redest.s_addr, 0);
+		mcopy = NULL; /* Freed by caller */
+	}
+
 consumed:
+	if (mcopy != NULL)
+		m_freem(mcopy);
 	return NULL;
 drop:
 	if (m)

Modified: stable/12/sys/netinet/ip_input.c
==============================================================================
--- stable/12/sys/netinet/ip_input.c	Tue Nov 17 00:35:59 2020	(r367739)
+++ stable/12/sys/netinet/ip_input.c	Tue Nov 17 01:02:00 2020	(r367740)
@@ -109,8 +109,11 @@ SYSCTL_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding,
     &VNET_NAME(ipforwarding), 0,
     "Enable IP forwarding between interfaces");
 
-VNET_DEFINE_STATIC(int, ipsendredirects) = 1;	/* XXX */
-#define	V_ipsendredirects	VNET(ipsendredirects)
+/*
+ * Respond with an ICMP host redirect when we forward a packet out of
+ * the same interface on which it was received.  See RFC 792.
+ */
+VNET_DEFINE(int, ipsendredirects) = 1;
 SYSCTL_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_VNET | CTLFLAG_RW,
     &VNET_NAME(ipsendredirects), 0,
     "Enable sending IP redirects");
@@ -566,7 +569,7 @@ tooshort:
 	 * case skip another inbound firewall processing and update
 	 * ip pointer.
 	 */
-	if (V_ipforwarding != 0 && V_ipsendredirects == 0
+	if (V_ipforwarding != 0
 #if defined(IPSEC) || defined(IPSEC_SUPPORT)
 	    && (!IPSEC_ENABLED(ipv4) ||
 	    IPSEC_CAPS(ipv4, m, IPSEC_CAP_OPERABLE) == 0)

Modified: stable/12/sys/netinet/ip_var.h
==============================================================================
--- stable/12/sys/netinet/ip_var.h	Tue Nov 17 00:35:59 2020	(r367739)
+++ stable/12/sys/netinet/ip_var.h	Tue Nov 17 01:02:00 2020	(r367740)
@@ -181,6 +181,7 @@ struct inpcbinfo;
 
 VNET_DECLARE(int, ip_defttl);			/* default IP ttl */
 VNET_DECLARE(int, ipforwarding);		/* ip forwarding */
+VNET_DECLARE(int, ipsendredirects);
 #ifdef IPSTEALTH
 VNET_DECLARE(int, ipstealth);			/* stealth forwarding */
 #endif
@@ -196,6 +197,7 @@ extern struct	pr_usrreqs rip_usrreqs;
 #define	V_ip_id			VNET(ip_id)
 #define	V_ip_defttl		VNET(ip_defttl)
 #define	V_ipforwarding		VNET(ipforwarding)
+#define	V_ipsendredirects	VNET(ipsendredirects)
 #ifdef IPSTEALTH
 #define	V_ipstealth		VNET(ipstealth)
 #endif


More information about the svn-src-all mailing list