svn commit: r198192 - user/eri/pf45/head/sys/contrib/pf/net
Ermal Luçi
eri at FreeBSD.org
Sat Oct 17 23:01:29 UTC 2009
Author: eri
Date: Sat Oct 17 23:01:29 2009
New Revision: 198192
URL: http://svn.freebsd.org/changeset/base/198192
Log:
Say HELLO to pf(4) virtualized.
* Set propper context where required.
* Prepend V_ to some more global variables.
* Initialize pf(4) during with vnet events rather than module ones.
* Include opt_global.h where required to aid in building with
virtualization enabled
Please help test!
Modified:
user/eri/pf45/head/sys/contrib/pf/net/pf.c
user/eri/pf45/head/sys/contrib/pf/net/pf_if.c
user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c
user/eri/pf45/head/sys/contrib/pf/net/pf_lb.c
user/eri/pf45/head/sys/contrib/pf/net/pf_norm.c
user/eri/pf45/head/sys/contrib/pf/net/pf_osfp.c
user/eri/pf45/head/sys/contrib/pf/net/pf_ruleset.c
user/eri/pf45/head/sys/contrib/pf/net/pf_table.c
user/eri/pf45/head/sys/contrib/pf/net/pfvar.h
Modified: user/eri/pf45/head/sys/contrib/pf/net/pf.c
==============================================================================
--- user/eri/pf45/head/sys/contrib/pf/net/pf.c Sat Oct 17 21:52:31 2009 (r198191)
+++ user/eri/pf45/head/sys/contrib/pf/net/pf.c Sat Oct 17 23:01:29 2009 (r198192)
@@ -36,6 +36,7 @@
*/
#ifdef __FreeBSD__
+#include "opt_global.h"
#include "opt_inet.h"
#include "opt_inet6.h"
@@ -1326,18 +1327,20 @@ void
pf_purge_thread(void *v)
{
int nloops = 0, s;
- #ifdef __FreeBSD__
+#ifdef __FreeBSD__
int locked;
- #endif
+#endif
+
+ CURVNET_SET((struct vnet *)v);
for (;;) {
tsleep(pf_purge_thread, PWAIT, "pftm", 1 * hz);
- #ifdef __FreeBSD__
+#ifdef __FreeBSD__
sx_slock(&V_pf_consistency_lock);
PF_LOCK();
locked = 0;
-
+
if (V_pf_end_threads) {
PF_UNLOCK();
sx_sunlock(&V_pf_consistency_lock);
@@ -1354,11 +1357,11 @@ pf_purge_thread(void *v)
wakeup(pf_purge_thread);
kproc_exit(0);
}
- #endif
+#endif
s = splsoftnet();
/* process a fraction of the state table every second */
- #ifdef __FreeBSD__
+#ifdef __FreeBSD__
if(!pf_purge_expired_states(1 + (V_pf_status.states
/ V_pf_default_rule.timeout[PFTM_INTERVAL]), 0)) {
PF_UNLOCK();
@@ -1370,7 +1373,7 @@ pf_purge_thread(void *v)
pf_purge_expired_states(1 + (V_pf_status.states
/ V_pf_default_rule.timeout[PFTM_INTERVAL]), 1);
}
- #else
+#else
pf_purge_expired_states(1 + (pf_status.states
/ pf_default_rule.timeout[PFTM_INTERVAL]));
#endif
@@ -1395,6 +1398,7 @@ pf_purge_thread(void *v)
sx_sunlock(&V_pf_consistency_lock);
#endif
}
+ CURVNET_RESTORE();
}
u_int32_t
Modified: user/eri/pf45/head/sys/contrib/pf/net/pf_if.c
==============================================================================
--- user/eri/pf45/head/sys/contrib/pf/net/pf_if.c Sat Oct 17 21:52:31 2009 (r198191)
+++ user/eri/pf45/head/sys/contrib/pf/net/pf_if.c Sat Oct 17 23:01:29 2009 (r198192)
@@ -33,6 +33,7 @@
*/
#if defined(__FreeBSD__)
+#include "opt_global.h"
#include "opt_inet.h"
#include "opt_inet6.h"
@@ -120,11 +121,10 @@ int pfi_unmask(void *);
#ifdef __FreeBSD__
void pfi_attach_ifnet_event(void * __unused, struct ifnet *);
void pfi_detach_ifnet_event(void * __unused, struct ifnet *);
-void pfi_attach_group_event(void * __unused, struct ifg_group *);
-void pfi_change_group_event(void * __unused, char *);
-void pfi_detach_group_event(void * __unused, struct ifg_group *);
+void pfi_attach_group_event(void *, struct ifg_group *);
+void pfi_change_group_event(void *, char *);
+void pfi_detach_group_event(void *, struct ifg_group *);
void pfi_ifaddr_event(void * __unused, struct ifnet *);
-
#endif
RB_PROTOTYPE(pfi_ifhead, pfi_kif, pfik_tree, pfi_if_compare);
@@ -177,11 +177,11 @@ pfi_initialize(void)
pfi_detach_cookie = EVENTHANDLER_REGISTER(ifnet_departure_event,
pfi_detach_ifnet_event, NULL, EVENTHANDLER_PRI_ANY);
pfi_attach_group_cookie = EVENTHANDLER_REGISTER(group_attach_event,
- pfi_attach_group_event, NULL, EVENTHANDLER_PRI_ANY);
+ pfi_attach_group_event, curvnet, EVENTHANDLER_PRI_ANY);
pfi_change_group_cookie = EVENTHANDLER_REGISTER(group_change_event,
- pfi_change_group_event, NULL, EVENTHANDLER_PRI_ANY);
+ pfi_change_group_event, curvnet, EVENTHANDLER_PRI_ANY);
pfi_detach_group_cookie = EVENTHANDLER_REGISTER(group_detach_event,
- pfi_detach_group_event, NULL, EVENTHANDLER_PRI_ANY);
+ pfi_detach_group_event, curvnet, EVENTHANDLER_PRI_ANY);
pfi_ifaddr_event_cookie = EVENTHANDLER_REGISTER(ifaddr_event,
pfi_ifaddr_event, NULL, EVENTHANDLER_PRI_ANY);
#endif
@@ -1040,55 +1040,67 @@ pfi_unmask(void *addr)
void
pfi_attach_ifnet_event(void *arg __unused, struct ifnet *ifp)
{
+ CURVNET_SET(ifp->if_vnet);
PF_LOCK();
pfi_attach_ifnet(ifp);
#ifdef ALTQ
pf_altq_ifnet_event(ifp, 0);
#endif
PF_UNLOCK();
+ CURVNET_RESTORE();
}
void
pfi_detach_ifnet_event(void *arg __unused, struct ifnet *ifp)
{
+ CURVNET_SET(ifp->if_vnet);
PF_LOCK();
pfi_detach_ifnet(ifp);
#ifdef ALTQ
pf_altq_ifnet_event(ifp, 1);
#endif
PF_UNLOCK();
+ CURVNET_RESTORE();
}
void
- pfi_attach_group_event(void *arg __unused, struct ifg_group *ifg)
+ pfi_attach_group_event(void *arg , struct ifg_group *ifg)
{
+ CURVNET_SET((struct vnet *)arg);
PF_LOCK();
pfi_attach_ifgroup(ifg);
PF_UNLOCK();
+ CURVNET_RESTORE();
}
void
- pfi_change_group_event(void *arg __unused, char *gname)
+ pfi_change_group_event(void *arg, char *gname)
{
+ CURVNET_SET((struct vnet *)arg);
PF_LOCK();
pfi_group_change(gname);
PF_UNLOCK();
+ CURVNET_RESTORE();
}
void
- pfi_detach_group_event(void *arg __unused, struct ifg_group *ifg)
+ pfi_detach_group_event(void *arg, struct ifg_group *ifg)
{
+ CURVNET_SET((struct vnet *)arg);
PF_LOCK();
pfi_detach_ifgroup(ifg);
PF_UNLOCK();
+ CURVNET_RESTORE();
}
void
pfi_ifaddr_event(void *arg __unused, struct ifnet *ifp)
{
+ CURVNET_SET(ifp->if_vnet);
PF_LOCK();
if (ifp && ifp->if_pf_kif)
pfi_kifaddr_update(ifp->if_pf_kif);
PF_UNLOCK();
+ CURVNET_RESTORE();
}
#endif /* __FreeBSD__ */
Modified: user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c
==============================================================================
--- user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c Sat Oct 17 21:52:31 2009 (r198191)
+++ user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c Sat Oct 17 23:01:29 2009 (r198192)
@@ -78,6 +78,8 @@ __FBSDID("$FreeBSD$");
#include <sys/kernel.h>
#include <sys/time.h>
#ifdef __FreeBSD__
+#include <sys/ucred.h>
+#include <sys/jail.h>
#include <sys/module.h>
#include <sys/conf.h>
#include <sys/proc.h>
@@ -176,13 +178,11 @@ int pf_addr_setup(struct pf_ruleset *
void pf_addr_copyout(struct pf_addr_wrap *);
#define TAGID_MAX 50000
+
#ifdef __FreeBSD__
VNET_DEFINE(struct pf_rule, pf_default_rule);
VNET_DEFINE(struct sx, pf_consistency_lock);
-#ifndef VIMAGE
-SX_SYSINIT(pf_consistency_lock, &V_pf_consistency_lock,
- "pf_statetbl_lock");
-#endif
+
#ifdef ALTQ
static VNET_DEFINE(int, pf_altq_running);
#define V_pf_altq_running VNET(pf_altq_running)
@@ -190,19 +190,10 @@ static VNET_DEFINE(int, pf_altq_running
TAILQ_HEAD(pf_tags, pf_tagname);
-#ifdef VIMAGE
#define V_pf_tags VNET(pf_tags)
VNET_DEFINE(struct pf_tags, pf_tags);
#define V_pf_qids VNET(pf_qids)
VNET_DEFINE(struct pf_tags, pf_qids);
-#else
-#define V_pf_tags VNET(pf_tags)
-VNET_DEFINE(struct pf_tags, pf_tags) =
- TAILQ_HEAD_INITIALIZER(V_pf_tags);
-#define V_pf_qids VNET(pf_qids)
-VNET_DEFINE(struct pf_tags, pf_qids) =
- TAILQ_HEAD_INITIALIZER(V_pf_qids);
-#endif
#else /* !__FreeBSD__ */
struct pf_rule pf_default_rule;
@@ -233,7 +224,8 @@ void pf_rtlabel_copyout(struct pf_add
#endif
#ifdef __FreeBSD__
-static struct cdev *pf_dev;
+static VNET_DEFINE(struct cdev *, pf_dev);
+#define V_pf_dev VNET(pf_dev)
/*
* XXX - These are new and need to be checked when moveing to a new version
@@ -265,12 +257,11 @@ static int shutdown_pf(void
static int pf_load(void);
static int pf_unload(void);
-static VNET_DEFINE(struct cdevsw, pf_cdevsw) = {
+static struct cdevsw pf_cdevsw = {
.d_ioctl = pfioctl,
.d_name = PF_NAME,
.d_version = D_VERSION,
};
-#define pf_cdevsw VNET(pf_cdevsw)
static volatile VNET_DEFINE(int, pf_pfil_hooked);
#define V_pf_pfil_hooked VNET(pf_pfil_hooked)
@@ -437,7 +428,7 @@ pfattach(void)
/* XXX do our best to avoid a conflict */
V_pf_status.hostid = arc4random();
- if (kproc_create(pf_purge_thread, NULL, NULL, 0, 0, "pfpurge"))
+ if (kproc_create(pf_purge_thread, curvnet, NULL, 0, 0, "pfpurge"))
return (ENXIO);
m_addr_chg_pf_p = pf_pkt_addr_changed;
@@ -1460,6 +1451,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a
#endif
int error = 0;
+ CURVNET_SET(TD_TO_VNET(td));
+
/* XXX keep in sync with switch() below */
#ifdef __FreeBSD__
if (securelevel_gt(td->td_ucred, 2))
@@ -3894,6 +3887,9 @@ fail:
else
rw_exit_read(&pf_consistency_lock);
#endif
+
+ CURVNET_RESTORE();
+
return (error);
}
@@ -4118,7 +4114,9 @@ pf_check_in(void *arg, struct mbuf **m,
HTONS(h->ip_len);
HTONS(h->ip_off);
}
+ CURVNET_SET(ifp->if_vnet);
chk = pf_test(PF_IN, ifp, m, NULL, inp);
+ CURVNET_RESTORE();
if (chk && *m) {
m_freem(*m);
*m = NULL;
@@ -4158,7 +4156,9 @@ pf_check_out(void *arg, struct mbuf **m,
HTONS(h->ip_len);
HTONS(h->ip_off);
}
+ CURVNET_SET(ifp->if_vnet);
chk = pf_test(PF_OUT, ifp, m, NULL, inp);
+ CURVNET_RESTORE();
if (chk && *m) {
m_freem(*m);
*m = NULL;
@@ -4189,8 +4189,10 @@ pf_check6_in(void *arg, struct mbuf **m,
* order to support scoped addresses. In order to support stateful
* filtering we have change this to lo0 as it is the case in IPv4.
*/
+ CURVNET_SET(ifp->if_vnet);
chk = pf_test6(PF_IN, (*m)->m_flags & M_LOOP ? V_loif : ifp, m,
NULL, inp);
+ CURVNET_RESTORE();
if (chk && *m) {
m_freem(*m);
*m = NULL;
@@ -4212,7 +4214,9 @@ pf_check6_out(void *arg, struct mbuf **m
in_delayed_cksum(*m);
(*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
}
+ CURVNET_SET(ifp->if_vnet);
chk = pf_test6(PF_OUT, ifp, m, NULL, inp);
+ CURVNET_RESTORE();
if (chk && *m) {
m_freem(*m);
*m = NULL;
@@ -4232,7 +4236,7 @@ hook_pf(void)
#endif
PF_ASSERT(MA_NOTOWNED);
-
+
if (V_pf_pfil_hooked)
return (0);
@@ -4310,11 +4314,15 @@ vnet_pf_init(const void *unused)
TAILQ_INIT(&V_pf_tags);
TAILQ_INIT(&V_pf_qids);
+ pf_load();
+
return (0);
}
static int
vnet_pf_uninit(const void *unused) {
+ pf_unload();
+
return (0);
}
@@ -4342,16 +4350,15 @@ static int
pf_load(void)
{
init_zone_var();
-#ifdef VIMAGE
sx_init(&V_pf_consistency_lock, "pf_statetbl_lock");
-#endif
init_pf_mutex();
- pf_dev = make_dev(&pf_cdevsw, 0, 0, 0, 0600, PF_NAME);
+ V_pf_dev = make_dev(&pf_cdevsw, 0, 0, 0, 0600, PF_NAME);
if (pfattach() < 0) {
- destroy_dev(pf_dev);
+ destroy_dev(V_pf_dev);
destroy_pf_mutex();
return (ENOMEM);
}
+
return (0);
}
@@ -4385,11 +4392,9 @@ pf_unload(void)
pf_osfp_cleanup();
cleanup_pf_zone();
PF_UNLOCK();
- destroy_dev(pf_dev);
+ destroy_dev(V_pf_dev);
destroy_pf_mutex();
-#ifdef VIMAGE
sx_destroy(&V_pf_consistency_lock);
-#endif
return error;
}
@@ -4400,11 +4405,9 @@ pf_modevent(module_t mod, int type, void
switch(type) {
case MOD_LOAD:
- error = pf_load();
break;
case MOD_UNLOAD:
- error = pf_unload();
break;
default:
error = EINVAL;
Modified: user/eri/pf45/head/sys/contrib/pf/net/pf_lb.c
==============================================================================
--- user/eri/pf45/head/sys/contrib/pf/net/pf_lb.c Sat Oct 17 21:52:31 2009 (r198191)
+++ user/eri/pf45/head/sys/contrib/pf/net/pf_lb.c Sat Oct 17 23:01:29 2009 (r198192)
@@ -36,6 +36,7 @@
*/
#ifdef __FreeBSD__
+#include "opt_global.h"
#include "opt_inet.h"
#include "opt_inet6.h"
Modified: user/eri/pf45/head/sys/contrib/pf/net/pf_norm.c
==============================================================================
--- user/eri/pf45/head/sys/contrib/pf/net/pf_norm.c Sat Oct 17 21:52:31 2009 (r198191)
+++ user/eri/pf45/head/sys/contrib/pf/net/pf_norm.c Sat Oct 17 23:01:29 2009 (r198192)
@@ -26,6 +26,7 @@
*/
#ifdef __FreeBSD__
+#include "opt_global.h"
#include "opt_inet.h"
#include "opt_inet6.h"
#include "opt_pf.h"
Modified: user/eri/pf45/head/sys/contrib/pf/net/pf_osfp.c
==============================================================================
--- user/eri/pf45/head/sys/contrib/pf/net/pf_osfp.c Sat Oct 17 21:52:31 2009 (r198191)
+++ user/eri/pf45/head/sys/contrib/pf/net/pf_osfp.c Sat Oct 17 23:01:29 2009 (r198192)
@@ -17,6 +17,10 @@
*
*/
+#ifdef __FreeBSD__
+#include "opt_global.h"
+#endif
+
#include <sys/param.h>
#include <sys/socket.h>
#ifdef _KERNEL
Modified: user/eri/pf45/head/sys/contrib/pf/net/pf_ruleset.c
==============================================================================
--- user/eri/pf45/head/sys/contrib/pf/net/pf_ruleset.c Sat Oct 17 21:52:31 2009 (r198191)
+++ user/eri/pf45/head/sys/contrib/pf/net/pf_ruleset.c Sat Oct 17 23:01:29 2009 (r198192)
@@ -40,6 +40,10 @@
__FBSDID("$FreeBSD$");
#endif
+#ifdef _KERNEL
+#include "opt_global.h"
+#endif
+
#include <sys/param.h>
#include <sys/socket.h>
#ifdef _KERNEL
@@ -96,6 +100,13 @@ __FBSDID("$FreeBSD$");
# endif /* PFDEBUG */
#endif /* _KERNEL */
+#if defined(__FreeBSD__) && !defined(_KERNEL)
+#undef V_pf_anchors
+#define V_pf_anchors pf_anchors
+
+#undef pf_main_ruleset
+#define pf_main_ruleset pf_main_anchor.ruleset
+#endif
#if defined(__FreeBSD__) && defined(_KERNEL)
VNET_DEFINE(struct pf_anchor_global, pf_anchors);
Modified: user/eri/pf45/head/sys/contrib/pf/net/pf_table.c
==============================================================================
--- user/eri/pf45/head/sys/contrib/pf/net/pf_table.c Sat Oct 17 21:52:31 2009 (r198191)
+++ user/eri/pf45/head/sys/contrib/pf/net/pf_table.c Sat Oct 17 23:01:29 2009 (r198192)
@@ -31,6 +31,7 @@
*/
#ifdef __FreeBSD__
+#include "opt_global.h"
#include "opt_inet.h"
#include "opt_inet6.h"
Modified: user/eri/pf45/head/sys/contrib/pf/net/pfvar.h
==============================================================================
--- user/eri/pf45/head/sys/contrib/pf/net/pfvar.h Sat Oct 17 21:52:31 2009 (r198191)
+++ user/eri/pf45/head/sys/contrib/pf/net/pfvar.h Sat Oct 17 23:01:29 2009 (r198192)
@@ -235,8 +235,8 @@ struct pfi_dynaddr {
if(var) uma_zdestroy(var)
#ifdef __FreeBSD__
-VNET_DECLARE(struct mtx, pf_task_mtx);
-#define V_pf_task_mtx VNET(pf_task_mtx)
+VNET_DECLARE(struct mtx, pf_task_mtx);
+#define V_pf_task_mtx VNET(pf_task_mtx)
#define PF_ASSERT(h) mtx_assert(&V_pf_task_mtx, (h))
More information about the svn-src-user
mailing list