svn commit: r263091 - in head/sys: netinet netinet6
Gleb Smirnoff
glebius at FreeBSD.org
Wed Mar 12 14:29:09 UTC 2014
Author: glebius
Date: Wed Mar 12 14:29:08 2014
New Revision: 263091
URL: http://svnweb.freebsd.org/changeset/base/263091
Log:
Since both netinet/ and netinet6/ call into netipsec/ and netpfil/,
the protocol specific mbuf flags are shared between them.
- Move all M_FOO definitions into a single place: netinet/in6.h, to
avoid future clashes.
- Resolve clash between M_DECRYPTED and M_SKIP_FIREWALL which resulted
in a failure of operation of IPSEC and packet filters.
Thanks to Nicolas and Georgios for all the hard work on bisecting,
testing and finally finding the root of the problem.
PR: kern/186755
PR: kern/185876
In collaboration with: Georgios Amanakis <gamanakis gmail.com>
In collaboration with: Nicolas DEFFAYET <nicolas-ml deffayet.com>
Sponsored by: Nginx, Inc.
Modified:
head/sys/netinet/ip_input.c
head/sys/netinet/ip_var.h
head/sys/netinet6/in6.h
head/sys/netinet6/ip6_var.h
Modified: head/sys/netinet/ip_input.c
==============================================================================
--- head/sys/netinet/ip_input.c Wed Mar 12 12:27:13 2014 (r263090)
+++ head/sys/netinet/ip_input.c Wed Mar 12 14:29:08 2014 (r263091)
@@ -702,6 +702,7 @@ ours:
* ip_reass() will return a different mbuf.
*/
if (ip->ip_off & htons(IP_MF | IP_OFFMASK)) {
+ /* XXXGL: shouldn't we save & set m_flags? */
m = ip_reass(m);
if (m == NULL)
return;
@@ -794,6 +795,8 @@ SYSCTL_PROC(_net_inet_ip, OID_AUTO, maxf
NULL, 0, sysctl_maxnipq, "I",
"Maximum number of IPv4 fragment reassembly queue entries");
+#define M_IP_FRAG M_PROTO9
+
/*
* Take incoming datagram fragment and try to reassemble it into
* whole datagram. If the argument is the first fragment or one
Modified: head/sys/netinet/ip_var.h
==============================================================================
--- head/sys/netinet/ip_var.h Wed Mar 12 12:27:13 2014 (r263090)
+++ head/sys/netinet/ip_var.h Wed Mar 12 14:29:08 2014 (r263091)
@@ -162,15 +162,6 @@ void kmod_ipstat_dec(int statnum);
#define IP_ROUTETOIF SO_DONTROUTE /* 0x10 bypass routing tables */
#define IP_ALLOWBROADCAST SO_BROADCAST /* 0x20 can send broadcast packets */
-/*
- * IPv4 protocol layer specific mbuf flags.
- */
-#define M_FASTFWD_OURS M_PROTO1 /* changed dst to local */
-#define M_IP_NEXTHOP M_PROTO2 /* explicit ip nexthop */
-#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall processing,
- keep in sync with IP6 */
-#define M_IP_FRAG M_PROTO4 /* fragment reassembly */
-
#ifdef __NO_STRICT_ALIGNMENT
#define IP_HDR_ALIGNED_P(ip) 1
#else
Modified: head/sys/netinet6/in6.h
==============================================================================
--- head/sys/netinet6/in6.h Wed Mar 12 12:27:13 2014 (r263090)
+++ head/sys/netinet6/in6.h Wed Mar 12 14:29:08 2014 (r263091)
@@ -622,13 +622,18 @@ struct ip6_mtuinfo {
#endif /* __BSD_VISIBLE */
/*
- * Redefinition of mbuf flags
+ * Since both netinet/ and netinet6/ call into netipsec/ and netpfil/,
+ * the protocol specific mbuf flags are shared between them.
*/
-#define M_AUTHIPHDR M_PROTO2
-#define M_DECRYPTED M_PROTO3
-#define M_LOOP M_PROTO4
-#define M_AUTHIPDGM M_PROTO5
-#define M_RTALERT_MLD M_PROTO6
+#define M_FASTFWD_OURS M_PROTO1 /* changed dst to local */
+#define M_IP6_NEXTHOP M_PROTO2 /* explicit ip nexthop */
+#define M_IP_NEXTHOP M_PROTO2 /* explicit ip nexthop */
+#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall processing */
+#define M_AUTHIPHDR M_PROTO4
+#define M_DECRYPTED M_PROTO5
+#define M_LOOP M_PROTO6
+#define M_AUTHIPDGM M_PROTO7
+#define M_RTALERT_MLD M_PROTO8
#ifdef _KERNEL
struct cmsghdr;
Modified: head/sys/netinet6/ip6_var.h
==============================================================================
--- head/sys/netinet6/ip6_var.h Wed Mar 12 12:27:13 2014 (r263090)
+++ head/sys/netinet6/ip6_var.h Wed Mar 12 14:29:08 2014 (r263091)
@@ -293,13 +293,6 @@ struct ip6aux {
#define IPV6_FORWARDING 0x02 /* most of IPv6 header exists */
#define IPV6_MINMTU 0x04 /* use minimum MTU (IPV6_USE_MIN_MTU) */
-/*
- * IPv6 protocol layer specific mbuf flags.
- */
-#define M_IP6_NEXTHOP M_PROTO2 /* explicit ip nexthop */
-#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall processing,
- keep in sync with IPv4 */
-
#ifdef __NO_STRICT_ALIGNMENT
#define IP6_HDR_ALIGNED_P(ip) 1
#else
More information about the svn-src-head
mailing list