d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove the single global unlocked route cache ip6_forward_rt

Browse Source 
from the inet6 stack along with statistics and make sure we
properly free the rt in all cases.

While the current situation is not better performance wise it
prevents panics seen more often these days.
After more inet6 and ipsec cleanup we should be able to improve
the situation again passing the rt to ip6_forward directly.

Leave the ip6_forward_rt entry in struct vinet6 but mark it
for removal.

PR:		kern/128247, kern/131038
MFC after:	25 days
Committed from:	Bugathon #6
Tested by:	Denis Ahrens <denis@h3q.com> (different initial version)
This commit is contained in:
Bjoern A. Zeeb 2009-02-01 21:11:08 +00:00
parent 23c608c8f6
commit 09f8c3ff36
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=187989
7 changed files with 74 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
UPDATING
View File

@ -22,6 +22,10 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8.x IS SLOW:
to maximize performance. (To disable malloc debugging, run
ln -s aj /etc/malloc.conf.)
20090201:
INET6 statistics (struct ip6stat) was updated.
netstat(1) needs to be recompiled.
20090119:
NTFS has been removed from GENERIC kernel on amd64 to match
GENERIC on i386. Should not cause any issues since mount_ntfs(8)

12
sys/netinet6/frag6.c
View File

@ -751,18 +751,6 @@ frag6_slowtimo(void)
}
VNET_LIST_RUNLOCK();
IP6Q_UNLOCK();
#if 0
/*
* Routing changes might produce a better route than we last used;
* make sure we notice eventually, even if forwarding only for one
* destination and the cache is never replaced.
*/
if (V_ip6_forward_rt.ro_rt) {
RTFREE(V_ip6_forward_rt.ro_rt);
V_ip6_forward_rt.ro_rt = 0;
}
#endif
}
/*

105
sys/netinet6/ip6_forward.c
View File

@ -77,10 +77,6 @@ __FBSDID("$FreeBSD$");
#include <netinet6/ip6protosw.h>
#ifdef VIMAGE_GLOBALS
struct route_in6 ip6_forward_rt;
#endif
/*
* Forward a packet. If some error occurs return the sender
* an icmp packet. Note we can't always generate a meaningful
@ -100,6 +96,7 @@ ip6_forward(struct mbuf *m, int srcrt)
struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
struct sockaddr_in6 *dst = NULL;
struct rtentry *rt = NULL;
struct route_in6 rin6;
int error, type = 0, code = 0;
struct mbuf *mcopy = NULL;
struct ifnet *origifp; /* maybe unnecessary */
@ -112,8 +109,6 @@ ip6_forward(struct mbuf *m, int srcrt)
#endif
char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
/* GIANT_REQUIRED; */ /* XXX bz: ip6_forward_rt */
#ifdef IPSEC
/*
* Check AH/ESP integrity.
@ -355,56 +350,27 @@ ip6_forward(struct mbuf *m, int srcrt)
skip_ipsec:
#endif
dst = (struct sockaddr_in6 *)&V_ip6_forward_rt.ro_dst;
if (!srcrt) {
/* ip6_forward_rt.ro_dst.sin6_addr is equal to ip6->ip6_dst */
if (V_ip6_forward_rt.ro_rt == 0 ||
(V_ip6_forward_rt.ro_rt->rt_flags & RTF_UP) == 0) {
if (V_ip6_forward_rt.ro_rt) {
RTFREE(V_ip6_forward_rt.ro_rt);
V_ip6_forward_rt.ro_rt = 0;
}
bzero(&rin6, sizeof(struct route_in6));
dst = (struct sockaddr_in6 *)&rin6.ro_dst;
dst->sin6_len = sizeof(struct sockaddr_in6);
dst->sin6_family = AF_INET6;
dst->sin6_addr = ip6->ip6_dst;
/* this probably fails but give it a try again */
rtalloc((struct route *)&V_ip6_forward_rt);
}
if (V_ip6_forward_rt.ro_rt == 0) {
V_ip6stat.ip6s_noroute++;
in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_noroute);
if (mcopy) {
icmp6_error(mcopy, ICMP6_DST_UNREACH,
ICMP6_DST_UNREACH_NOROUTE, 0);
}
m_freem(m);
return;
}
} else if ((rt = V_ip6_forward_rt.ro_rt) == 0 ||
!IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &dst->sin6_addr)) {
if (V_ip6_forward_rt.ro_rt) {
RTFREE(V_ip6_forward_rt.ro_rt);
V_ip6_forward_rt.ro_rt = 0;
}
bzero(dst, sizeof(*dst));
dst->sin6_len = sizeof(struct sockaddr_in6);
dst->sin6_family = AF_INET6;
dst->sin6_addr = ip6->ip6_dst;
rtalloc((struct route *)&V_ip6_forward_rt);
if (V_ip6_forward_rt.ro_rt == 0) {
V_ip6stat.ip6s_noroute++;
in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_noroute);
if (mcopy) {
icmp6_error(mcopy, ICMP6_DST_UNREACH,
ICMP6_DST_UNREACH_NOROUTE, 0);
}
m_freem(m);
return;
rin6.ro_rt = rtalloc1((struct sockaddr *)dst, 0, 0);
if (rin6.ro_rt != NULL)
RT_UNLOCK(rin6.ro_rt);
else {
V_ip6stat.ip6s_noroute++;
in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_noroute);
if (mcopy) {
icmp6_error(mcopy, ICMP6_DST_UNREACH,
ICMP6_DST_UNREACH_NOROUTE, 0);
}
goto bad;
}
rt = V_ip6_forward_rt.ro_rt;
rt = rin6.ro_rt;
#ifdef IPSEC
skip_routing:;
skip_routing:
#endif
/*
@ -421,14 +387,12 @@ ip6_forward(struct mbuf *m, int srcrt)
/* XXX: this should not happen */
V_ip6stat.ip6s_cantforward++;
V_ip6stat.ip6s_badscope++;
m_freem(m);
return;
goto bad;
}
if (in6_setscope(&src_in6, m->m_pkthdr.rcvif, &inzone)) {
V_ip6stat.ip6s_cantforward++;
V_ip6stat.ip6s_badscope++;
m_freem(m);
return;
goto bad;
}
if (inzone != outzone
#ifdef IPSEC
@ -452,8 +416,7 @@ ip6_forward(struct mbuf *m, int srcrt)
if (mcopy)
icmp6_error(mcopy, ICMP6_DST_UNREACH,
ICMP6_DST_UNREACH_BEYONDSCOPE, 0);
m_freem(m);
return;
goto bad;
}
/*
@ -469,8 +432,7 @@ ip6_forward(struct mbuf *m, int srcrt)
inzone != outzone) {
V_ip6stat.ip6s_cantforward++;
V_ip6stat.ip6s_badscope++;
m_freem(m);
return;
goto bad;
}
if (m->m_pkthdr.len > IN6_LINKMTU(rt->rt_ifp)) {
@ -510,8 +472,7 @@ ip6_forward(struct mbuf *m, int srcrt)
#endif /* IPSEC */
icmp6_error(mcopy, ICMP6_PACKET_TOO_BIG, 0, mtu);
}
m_freem(m);
return;
goto bad;
}
if (rt->rt_flags & RTF_GATEWAY)
@ -544,8 +505,7 @@ ip6_forward(struct mbuf *m, int srcrt)
*/
icmp6_error(mcopy, ICMP6_DST_UNREACH,
ICMP6_DST_UNREACH_ADDR, 0);
m_freem(m);
return;
goto bad;
}
type = ND_REDIRECT;
}
@ -624,12 +584,12 @@ ip6_forward(struct mbuf *m, int srcrt)
senderr:
if (mcopy == NULL)
return;
goto out;
switch (error) {
case 0:
if (type == ND_REDIRECT) {
icmp6_redirect_output(mcopy, rt);
return;
goto out;
}
goto freecopy;
@ -651,9 +611,18 @@ ip6_forward(struct mbuf *m, int srcrt)
break;
}
icmp6_error(mcopy, type, code, 0);
return;
goto out;
freecopy:
m_freem(mcopy);
return;
goto out;
bad:
m_freem(m);
out:
if (rt != NULL
#ifdef IPSEC
&& !ipsecrt
#endif
)
RTFREE(rt);
}

80
sys/netinet6/ip6_input.c
View File

@ -143,8 +143,6 @@ extern int icmp6errppslim;
extern int icmp6_nodeinfo;
extern int udp6_sendspace;
extern int udp6_recvspace;
extern struct route_in6 ip6_forward_rt;
#endif
struct pfil_head inet6_pfil_hook;
@ -309,10 +307,12 @@ ip6_input(struct mbuf *m)
int nxt, ours = 0;
struct ifnet *deliverifp = NULL, *ifp = NULL;
struct in6_addr odst;
struct route_in6 rin6;
int srcrt = 0;
struct llentry *lle = NULL;
struct sockaddr_in6 dst6;
struct sockaddr_in6 dst6, *dst;
bzero(&rin6, sizeof(struct route_in6));
#ifdef IPSEC
/*
* should the inner packet be considered authentic?
@ -565,29 +565,13 @@ ip6_input(struct mbuf *m)
if (lle != NULL)
LLE_RUNLOCK(lle);
if (V_ip6_forward_rt.ro_rt != NULL &&
(V_ip6_forward_rt.ro_rt->rt_flags & RTF_UP) != 0 &&
IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst,
&((struct sockaddr_in6 *)(&V_ip6_forward_rt.ro_dst))->sin6_addr))
V_ip6stat.ip6s_forward_cachehit++;
else {
struct sockaddr_in6 *dst6;
if (V_ip6_forward_rt.ro_rt) {
/* route is down or destination is different */
V_ip6stat.ip6s_forward_cachemiss++;
RTFREE(V_ip6_forward_rt.ro_rt);
V_ip6_forward_rt.ro_rt = 0;
}
bzero(&V_ip6_forward_rt.ro_dst, sizeof(struct sockaddr_in6));
dst6 = (struct sockaddr_in6 *)&V_ip6_forward_rt.ro_dst;
dst6->sin6_len = sizeof(struct sockaddr_in6);
dst6->sin6_family = AF_INET6;
dst6->sin6_addr = ip6->ip6_dst;
rtalloc((struct route *)&V_ip6_forward_rt);
}
dst = &rin6.ro_dst;
dst->sin6_len = sizeof(struct sockaddr_in6);
dst->sin6_family = AF_INET6;
dst->sin6_addr = ip6->ip6_dst;
rin6.ro_rt = rtalloc1((struct sockaddr *)dst, 0, 0);
if (rin6.ro_rt)
RT_UNLOCK(rin6.ro_rt);
#define rt6_key(r) ((struct sockaddr_in6 *)((r)->rt_nodes->rn_key))
@ -611,14 +595,14 @@ ip6_input(struct mbuf *m)
* while it would be less efficient. Or, should we rather install a
* reject route for such a case?
*/
if (V_ip6_forward_rt.ro_rt &&
(V_ip6_forward_rt.ro_rt->rt_flags &
if (rin6.ro_rt &&
(rin6.ro_rt->rt_flags &
(RTF_HOST|RTF_GATEWAY)) == RTF_HOST &&
#ifdef RTF_WASCLONED
!(V_ip6_forward_rt.ro_rt->rt_flags & RTF_WASCLONED) &&
!(rin6.ro_rt->rt_flags & RTF_WASCLONED) &&
#endif
#ifdef RTF_CLONED
!(V_ip6_forward_rt.ro_rt->rt_flags & RTF_CLONED) &&
!(rin6.ro_rt->rt_flags & RTF_CLONED) &&
#endif
#if 0
/*
@ -627,11 +611,11 @@ ip6_input(struct mbuf *m)
* already done through looking up the routing table.
*/
IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst,
&rt6_key(V_ip6_forward_rt.ro_rt)->sin6_addr)
&rt6_key(rin6.ro_rt)->sin6_addr)
#endif
V_ip6_forward_rt.ro_rt->rt_ifp->if_type == IFT_LOOP) {
rin6.ro_rt->rt_ifp->if_type == IFT_LOOP) {
struct in6_ifaddr *ia6 =
(struct in6_ifaddr *)V_ip6_forward_rt.ro_rt->rt_ifa;
(struct in6_ifaddr *)rin6.ro_rt->rt_ifa;
/*
* record address information into m_tag.
@ -667,11 +651,11 @@ ip6_input(struct mbuf *m)
* FAITH (Firewall Aided Internet Translator)
*/
if (V_ip6_keepfaith) {
if (V_ip6_forward_rt.ro_rt && V_ip6_forward_rt.ro_rt->rt_ifp
&& V_ip6_forward_rt.ro_rt->rt_ifp->if_type == IFT_FAITH) {
if (rin6.ro_rt && rin6.ro_rt->rt_ifp &&
rin6.ro_rt->rt_ifp->if_type == IFT_FAITH) {
/* XXX do we need more sanity checks? */
ours = 1;
deliverifp = V_ip6_forward_rt.ro_rt->rt_ifp; /* faith */
deliverifp = rin6.ro_rt->rt_ifp; /* faith */
goto hbhcheck;
}
}
@ -721,7 +705,7 @@ ip6_input(struct mbuf *m)
#if 0 /*touches NULL pointer*/
in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard);
#endif
return; /* m have already been freed */
goto out; /* m have already been freed */
}
/* adjust pointer */
@ -744,7 +728,7 @@ ip6_input(struct mbuf *m)
icmp6_error(m, ICMP6_PARAM_PROB,
ICMP6_PARAMPROB_HEADER,
(caddr_t)&ip6->ip6_plen - (caddr_t)ip6);
return;
goto out;
}
#ifndef PULLDOWN_TEST
/* ip6_hopopts_input() ensures that mbuf is contiguous */
@ -754,7 +738,7 @@ ip6_input(struct mbuf *m)
sizeof(struct ip6_hbh));
if (hbh == NULL) {
V_ip6stat.ip6s_tooshort++;
return;
goto out;
}
#endif
nxt = hbh->ip6h_nxt;
@ -816,16 +800,13 @@ ip6_input(struct mbuf *m)
if (ip6_mrouter && ip6_mforward &&
ip6_mforward(ip6, m->m_pkthdr.rcvif, m)) {
V_ip6stat.ip6s_cantforward++;
m_freem(m);
return;
}
if (!ours) {
m_freem(m);
return;
goto bad;
}
if (!ours)
goto bad;
} else if (!ours) {
ip6_forward(m, srcrt);
return;
goto out;
}
ip6 = mtod(m, struct ip6_hdr *);
@ -880,9 +861,12 @@ ip6_input(struct mbuf *m)
#endif /* IPSEC */
nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt);
}
return;
bad:
goto out;
bad:
m_freem(m);
out:
if (rin6.ro_rt)
RTFREE(rin6.ro_rt);
}
/*

3
sys/netinet6/ip6_var.h
View File

@ -229,9 +229,6 @@ struct ip6stat {
/* number of times that a deprecated address is chosen */
u_quad_t ip6s_sources_deprecated[16];
u_quad_t ip6s_forward_cachehit;
u_quad_t ip6s_forward_cachemiss;
/* number of times that each rule of source selection is applied. */
u_quad_t ip6s_sources_rule[16];
};

3
sys/netinet6/vinet6.h
View File

@ -54,7 +54,7 @@ struct vnet_inet6 {
u_int _frag6_nfrags;
struct ip6q _ip6q;
struct route_in6 _ip6_forward_rt;
struct route_in6 _ip6_forward_rt; /* XXX remove */
struct in6_addrpolicy _defaultaddrpolicy;
TAILQ_HEAD(, addrsel_policyent) _addrsel_policytab;
@ -194,7 +194,6 @@ extern struct vnet_inet6 vnet_inet6_0;
#define V_ip6_defhlim VNET_INET6(ip6_defhlim)
#define V_ip6_defmcasthlim VNET_INET6(ip6_defmcasthlim)
#define V_ip6_desync_factor VNET_INET6(ip6_desync_factor)
#define V_ip6_forward_rt VNET_INET6(ip6_forward_rt)
#define V_ip6_forwarding VNET_INET6(ip6_forwarding)
#define V_ip6_hdrnestlimit VNET_INET6(ip6_hdrnestlimit)
#define V_ip6_keepfaith VNET_INET6(ip6_keepfaith)

2
usr.bin/netstat/inet6.c
View File

@ -512,8 +512,6 @@ ip6_stats(u_long off, const char *name, int af1 __unused, int proto __unused)
}
}
p1a(ip6s_forward_cachehit, "\t%ju forward cache hit\n");
p1a(ip6s_forward_cachemiss, "\t%ju forward cache miss\n");
printf("\tSource addresses selection rule applied:\n");
for (i = 0; i < 16; i++) {
if (ip6stat.ip6s_sources_rule[i])