Differential D38888 Diff 128492 sys/netpfil/pf/pf_ioctl.c

Changeset View

Standalone View

sys/netpfil/pf/pf_ioctl.c

Show First 20 Lines • Show All 77 Lines • ▼ Show 20 Lines
#include <net/if_pfsync.h>		#include <net/if_pfsync.h>
#include <net/if_pflog.h>		#include <net/if_pflog.h>

#include <netinet/in.h>		#include <netinet/in.h>
#include <netinet/ip.h>		#include <netinet/ip.h>
#include <netinet/ip_var.h>		#include <netinet/ip_var.h>
#include <netinet6/ip6_var.h>		#include <netinet6/ip6_var.h>
#include <netinet/ip_icmp.h>		#include <netinet/ip_icmp.h>
		#include <netpfil/pf/pf_nl.h>
#include <netpfil/pf/pf_nv.h>		#include <netpfil/pf/pf_nv.h>

#ifdef INET6		#ifdef INET6
#include <netinet/ip6.h>		#include <netinet/ip6.h>
#endif /* INET6 */		#endif /* INET6 */

#ifdef ALTQ		#ifdef ALTQ
#include <net/altq/altq.h>		#include <net/altq/altq.h>
▲ Show 20 Lines • Show All 6,549 Lines • ▼ Show 20 Lines	pf_unload(void)
sx_xlock(&pf_end_lock);		sx_xlock(&pf_end_lock);
pf_end_threads = 1;		pf_end_threads = 1;
while (pf_end_threads < 2) {		while (pf_end_threads < 2) {
wakeup_one(pf_purge_thread);		wakeup_one(pf_purge_thread);
sx_sleep(pf_purge_proc, &pf_end_lock, 0, "pftmo", 0);		sx_sleep(pf_purge_proc, &pf_end_lock, 0, "pftmo", 0);
}		}
sx_xunlock(&pf_end_lock);		sx_xunlock(&pf_end_lock);

		pf_nl_unregister();

if (pf_dev != NULL)		if (pf_dev != NULL)
destroy_dev(pf_dev);		destroy_dev(pf_dev);

pfi_cleanup();		pfi_cleanup();

sx_destroy(&pf_end_lock);		sx_destroy(&pf_end_lock);
}		}

Show All 19 Lines
static int		static int
pf_modevent(module_t mod, int type, void *data)		pf_modevent(module_t mod, int type, void *data)
{		{
int error = 0;		int error = 0;

switch(type) {		switch(type) {
case MOD_LOAD:		case MOD_LOAD:
error = pf_load();		error = pf_load();
		pf_nl_register();
break;		break;
case MOD_UNLOAD:		case MOD_UNLOAD:
/* Handled in SYSUNINIT(pf_unload) to ensure it's done after		/* Handled in SYSUNINIT(pf_unload) to ensure it's done after
* the vnet_pf_uninit()s */		* the vnet_pf_uninit()s */
break;		break;
default:		default:
error = EINVAL;		error = EINVAL;
break;		break;
}		}

return (error);		return (error);
}		}

static moduledata_t pf_mod = {		static moduledata_t pf_mod = {
"pf",		"pf",
pf_modevent,		pf_modevent,
0		0
};		};

DECLARE_MODULE(pf, pf_mod, SI_SUB_PROTO_FIREWALL, SI_ORDER_SECOND);		DECLARE_MODULE(pf, pf_mod, SI_SUB_PROTO_FIREWALL, SI_ORDER_SECOND);
		MODULE_DEPEND(pf, netlink, 1, 1, 1);
MODULE_VERSION(pf, PF_MODVER);		MODULE_VERSION(pf, PF_MODVER);
		kpAuthorUnsubmitted Not Done Inline Actions Does this imply that we're already sending data while we're generating it here? I'm not getting that sense from a quick look at nlmsg_end(), but perhaps I'm missing something important. kp: Does this imply that we're already sending data while we're generating it here? I'm not…
		melifaroUnsubmitted Done Inline Actions Yes. We may generate a lot of small messages or a large message(s) that's beyond the mbuf size, so there is a logic that transparently flushes the completed messages & reallocates the underlying storage ( https://cgit.freebsd.org/src/tree/sys/netlink/netlink_message_writer.c#n506 ). melifaro: Yes. We may generate a lot of small messages or a large message(s) that's beyond the mbuf size…
		kpAuthorUnsubmitted Not Done Inline Actions Ah, that's what I was missing. Do we have documentation about which calls can sleep (or allocate memory)? Sometimes we end up having to hold lock to export data, and it's not generally ideal to hold e.g. the pf write lock for extended periods (users get annoyed if we stop passing packets. They're very demanding like that.) kp: Ah, that's what I was missing. Do we have documentation about which calls can sleep (or…
		melifaroUnsubmitted Done Inline Actions EINPROGRESS. The default writer that is allocated automatically does not allow sleeping (but it's possible to allocate the one that is allowed to sleep). Understand the situation; same happens with the routing table locks. melifaro: EINPROGRESS. The default writer that is allocated automatically does not allow sleeping (but…
		kpAuthorUnsubmitted Not Done Inline Actions It clearly works, but I'm not seeing how this interacts with VIMAGE. Is the netlink socket in userspace already linked to the correct vnet? kp: It clearly works, but I'm not seeing how this interacts with VIMAGE. Is the netlink socket in…
		melifaroUnsubmitted Done Inline Actions Yes, the socket is bound to the VNET ( https://cgit.freebsd.org/src/tree/sys/netlink/netlink_io.c#n304 ). melifaro: Yes, the socket is bound to the VNET ( https://cgit.freebsd.org/src/tree/sys/netlink/netlink_io.