svn commit: r263091 - in head/sys: netinet netinet6

Gleb Smirnoff glebius at FreeBSD.org
Wed Mar 12 14:29:09 UTC 2014 

Author: glebius
Date: Wed Mar 12 14:29:08 2014
New Revision: 263091
URL: http://svnweb.freebsd.org/changeset/base/263091

Log:
  Since both netinet/ and netinet6/ call into netipsec/ and netpfil/,
  the protocol specific mbuf flags are shared between them.
  
  - Move all M_FOO definitions into a single place: netinet/in6.h, to
    avoid future  clashes.
  - Resolve clash between M_DECRYPTED and M_SKIP_FIREWALL which resulted
    in a failure of operation of IPSEC and packet filters.
  
  Thanks to Nicolas and Georgios for all the hard work on bisecting,
  testing and finally finding the root of the problem.
  
  PR:			kern/186755
  PR:			kern/185876
  In collaboration with:	Georgios Amanakis <gamanakis gmail.com>
  In collaboration with:	Nicolas DEFFAYET <nicolas-ml deffayet.com>
  Sponsored by:		Nginx, Inc.

Modified:
  head/sys/netinet/ip_input.c
  head/sys/netinet/ip_var.h
  head/sys/netinet6/in6.h
  head/sys/netinet6/ip6_var.h

Modified: head/sys/netinet/ip_input.c
==============================================================================
--- head/sys/netinet/ip_input.c	Wed Mar 12 12:27:13 2014	(r263090)
+++ head/sys/netinet/ip_input.c	Wed Mar 12 14:29:08 2014	(r263091)
@@ -702,6 +702,7 @@ ours:
 	 * ip_reass() will return a different mbuf.
 	 */
 	if (ip->ip_off & htons(IP_MF | IP_OFFMASK)) {
+		/* XXXGL: shouldn't we save & set m_flags? */
 		m = ip_reass(m);
 		if (m == NULL)
 			return;
@@ -794,6 +795,8 @@ SYSCTL_PROC(_net_inet_ip, OID_AUTO, maxf
     NULL, 0, sysctl_maxnipq, "I",
     "Maximum number of IPv4 fragment reassembly queue entries");
 
+#define	M_IP_FRAG	M_PROTO9
+
 /*
  * Take incoming datagram fragment and try to reassemble it into
  * whole datagram.  If the argument is the first fragment or one

Modified: head/sys/netinet/ip_var.h
==============================================================================
--- head/sys/netinet/ip_var.h	Wed Mar 12 12:27:13 2014	(r263090)
+++ head/sys/netinet/ip_var.h	Wed Mar 12 14:29:08 2014	(r263091)
@@ -162,15 +162,6 @@ void	kmod_ipstat_dec(int statnum);
 #define IP_ROUTETOIF		SO_DONTROUTE	/* 0x10 bypass routing tables */
 #define IP_ALLOWBROADCAST	SO_BROADCAST	/* 0x20 can send broadcast packets */
 
-/*
- * IPv4 protocol layer specific mbuf flags.
- */
-#define	M_FASTFWD_OURS		M_PROTO1	/* changed dst to local */
-#define	M_IP_NEXTHOP		M_PROTO2	/* explicit ip nexthop */
-#define	M_SKIP_FIREWALL		M_PROTO3	/* skip firewall processing,
-						   keep in sync with IP6 */
-#define	M_IP_FRAG		M_PROTO4	/* fragment reassembly */
-
 #ifdef __NO_STRICT_ALIGNMENT
 #define IP_HDR_ALIGNED_P(ip)	1
 #else

Modified: head/sys/netinet6/in6.h
==============================================================================
--- head/sys/netinet6/in6.h	Wed Mar 12 12:27:13 2014	(r263090)
+++ head/sys/netinet6/in6.h	Wed Mar 12 14:29:08 2014	(r263091)
@@ -622,13 +622,18 @@ struct ip6_mtuinfo {
 #endif /* __BSD_VISIBLE */
 
 /*
- * Redefinition of mbuf flags
+ * Since both netinet/ and netinet6/ call into netipsec/ and netpfil/,
+ * the protocol specific mbuf flags are shared between them.
  */
-#define	M_AUTHIPHDR	M_PROTO2
-#define	M_DECRYPTED	M_PROTO3
-#define	M_LOOP		M_PROTO4
-#define	M_AUTHIPDGM	M_PROTO5
-#define	M_RTALERT_MLD	M_PROTO6
+#define	M_FASTFWD_OURS		M_PROTO1	/* changed dst to local */
+#define	M_IP6_NEXTHOP		M_PROTO2	/* explicit ip nexthop */
+#define	M_IP_NEXTHOP		M_PROTO2	/* explicit ip nexthop */
+#define	M_SKIP_FIREWALL		M_PROTO3	/* skip firewall processing */
+#define	M_AUTHIPHDR		M_PROTO4
+#define	M_DECRYPTED		M_PROTO5
+#define	M_LOOP			M_PROTO6
+#define	M_AUTHIPDGM		M_PROTO7
+#define	M_RTALERT_MLD		M_PROTO8
 
 #ifdef _KERNEL
 struct cmsghdr;

Modified: head/sys/netinet6/ip6_var.h
==============================================================================
--- head/sys/netinet6/ip6_var.h	Wed Mar 12 12:27:13 2014	(r263090)
+++ head/sys/netinet6/ip6_var.h	Wed Mar 12 14:29:08 2014	(r263091)
@@ -293,13 +293,6 @@ struct ip6aux {
 #define	IPV6_FORWARDING		0x02	/* most of IPv6 header exists */
 #define	IPV6_MINMTU		0x04	/* use minimum MTU (IPV6_USE_MIN_MTU) */
 
-/*
- * IPv6 protocol layer specific mbuf flags.
- */
-#define	M_IP6_NEXTHOP		M_PROTO2	/* explicit ip nexthop */
-#define	M_SKIP_FIREWALL		M_PROTO3	/* skip firewall processing,
-						   keep in sync with IPv4 */
-
 #ifdef __NO_STRICT_ALIGNMENT
 #define IP6_HDR_ALIGNED_P(ip)	1
 #else

More information about the svn-src-head mailing list