1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-14 14:55:41 +00:00
freebsd/sys/net
Gleb Smirnoff 1d6139c0e4 Make ruleset anchors in pf(4) reentrant. We've got two problems here:
1) Ruleset parser uses a global variable for anchor stack.
2) When processing a wildcard anchor, matching anchors are marked.

To fix the first one:

o Allocate anchor processing stack on stack. To make this allocation
  as small as possible, following measures taken:
  - Maximum stack size reduced from 64 to 32.
  - The struct pf_anchor_stackframe trimmed by one pointer - parent.
    We can always obtain the parent via the rule pointer.
  - When pf_test_rule() calls pf_get_translation(), the former lends
    its stack to the latter, to avoid recursive allocation 32 entries.

The second one appeared more tricky. The code, that marks anchors was
added in OpenBSD rev. 1.516 of pf.c. According to commit log, the idea
is to enable the "quick" keyword on an anchor rule. The feature isn't
documented anywhere. The most obscure part of the 1.516 was that code
examines the "match" mark on a just processed child, which couldn't be
put here by current frame. Since this wasn't documented even in the
commit message and functionality of this is not clear to me, I decided
to drop this examination for now. The rest of 1.516 is redone in a
thread safe manner - the mark isn't put on the anchor itself, but on
current stack frame. To avoid growing stack frame, we utilize LSB
from the rule pointer, relying on kernel malloc(9) returning pointer
aligned addresses.

Discussed with:		dhartmei
2012-09-18 10:54:56 +00:00
..
bpf_buffer.c Call bpf_jitter() before acquiring BPF global lock due to malloc() being used inside bpf_jitter. 2012-05-21 22:19:19 +00:00
bpf_buffer.h Call bpf_jitter() before acquiring BPF global lock due to malloc() being used inside bpf_jitter. 2012-05-21 22:19:19 +00:00
bpf_filter.c Clear the filter memory area before using it. Leaving it uninitialized may 2011-07-14 21:06:22 +00:00
bpf_jitter.c
bpf_jitter.h
bpf_zerocopy.c After the PHYS_TO_VM_PAGE() function was de-inlined, the main reason 2012-08-05 14:11:42 +00:00
bpf_zerocopy.h - Fix trivial typo 2012-01-14 17:07:52 +00:00
bpf.c Fix typo introduced in r236559. 2012-06-09 10:04:40 +00:00
bpf.h Fix old panic when BPF consumer attaches to destroying interface. 2012-05-21 22:17:29 +00:00
bpfdesc.h Fix old panic when BPF consumer attaches to destroying interface. 2012-05-21 22:17:29 +00:00
bridgestp.c Move the interface media check to a taskqueue, some interfaces (usb) sleep 2012-04-20 10:06:28 +00:00
bridgestp.h Move the interface media check to a taskqueue, some interfaces (usb) sleep 2012-04-20 10:06:28 +00:00
ethernet.h
fddi.h
firewire.h
flowtable.c - Move jenkins.h to jenkins_hash.c 2012-09-04 12:07:33 +00:00
flowtable.h allocate ipv6 flows from the ipv6 flow zone 2010-05-16 21:48:39 +00:00
ieee8023ad_lacp.c Turn LACP debugging from a compile time option to a sysctl, it is very handy to 2012-05-26 08:09:01 +00:00
ieee8023ad_lacp.h
if_arc.h
if_arcsubr.c Mark MALLOC_DEFINEs static that have no corresponding MALLOC_DECLAREs. 2011-11-07 06:44:47 +00:00
if_arp.h - Merge changes to the base system to support OFED. These include 2011-03-21 09:40:01 +00:00
if_atm.h
if_atmsubr.c Mark MALLOC_DEFINEs static that have no corresponding MALLOC_DECLAREs. 2011-11-07 06:44:47 +00:00
if_bridge.c Introduce new link-layer PFIL hook V_link_pfil_hook. 2012-09-04 19:43:26 +00:00
if_bridgevar.h
if_clone.c In ifc_alloc_unit(): 2012-08-30 12:18:45 +00:00
if_clone.h - Use generic alloc_unr(9) allocator for if_clone, instead 2011-11-28 14:44:59 +00:00
if_dead.c
if_debug.c Add infrastructure to allow all frames/packets received on an interface 2011-07-03 12:22:02 +00:00
if_disc.c
if_dl.h Use the LLINDEX macro to access the link-level I/F index. This makes 2012-05-19 02:39:43 +00:00
if_edsc.c
if_ef.c Add new tunable 'net.link.ifqmaxlen' to set default send interface 2010-05-03 07:32:50 +00:00
if_enc.c Mark all SYSCTL_NODEs static that have no corresponding SYSCTL_DECLs. 2011-11-07 15:43:11 +00:00
if_enc.h
if_epair.c In epair_clone_destroy(), when destroying the second half, we have to 2012-07-09 20:38:18 +00:00
if_ethersubr.c Introduce new link-layer PFIL hook V_link_pfil_hook. 2012-09-04 19:43:26 +00:00
if_faith.c Add multi-FIB IPv6 support to the core network stack supplementing 2012-02-03 13:08:44 +00:00
if_fddisubr.c Tag mbufs of all incoming frames or packets with the interface's FIB 2011-07-03 16:08:38 +00:00
if_fwsubr.c Mark MALLOC_DEFINEs static that have no corresponding MALLOC_DECLAREs. 2011-11-07 06:44:47 +00:00
if_gif.c Hold GIF_LOCK() for almost all of gif_start(). It is required to be held 2012-06-29 15:21:34 +00:00
if_gif.h MFP4: @176978-176982, 176984, 176990-176994, 177441 2010-04-29 11:52:42 +00:00
if_gre.c Mark all SYSCTL_NODEs static that have no corresponding SYSCTL_DECLs. 2011-11-07 15:43:11 +00:00
if_gre.h gre(4) was using a field in the softc to detect possible recursion. 2011-06-18 09:34:03 +00:00
if_iso88025subr.c Mark MALLOC_DEFINEs static that have no corresponding MALLOC_DECLAREs. 2011-11-07 06:44:47 +00:00
if_lagg.c Add the same check as vlan(4) where we ignore the ifnet departure event if the 2012-06-30 19:09:02 +00:00
if_lagg.h Add the ability to set which packet layers are used for the load balance hash 2012-03-06 22:58:13 +00:00
if_llatbl.c Fix races between in_lltable_prefix_free(), lla_lookup(), 2012-08-02 13:57:49 +00:00
if_llatbl.h Fix races between in_lltable_prefix_free(), lla_lookup(), 2012-08-02 13:57:49 +00:00
if_llc.h
if_loop.c Hardcode the loopback rx/tx checkum options for IPv6 to on without 2012-07-28 20:31:39 +00:00
if_media.c Fix typos - remove duplicate "the". 2011-02-21 09:01:34 +00:00
if_media.h Add media types for 40G media that might be used with FreeBSD. 2012-04-10 13:59:35 +00:00
if_mib.c Mark all SYSCTL_NODEs static that have no corresponding SYSCTL_DECLs. 2011-11-07 15:43:11 +00:00
if_mib.h
if_pflog.h o Create directory sys/netpfil, where all packet filters should 2012-09-14 11:51:49 +00:00
if_pfsync.h o Create directory sys/netpfil, where all packet filters should 2012-09-14 11:51:49 +00:00
if_sppp.h
if_spppfr.c Remove a few bits of FreeBSD 2.x compatibility code. 2011-11-14 18:21:27 +00:00
if_spppsubr.c Mark MALLOC_DEFINEs static that have no corresponding MALLOC_DECLAREs. 2011-11-07 06:44:47 +00:00
if_stf.c Unexpand a couple of TAILQ_FOREACH()s. 2012-08-17 16:01:24 +00:00
if_stf.h
if_tap.c Implement SIOCGIFMEDIA for if_tap(4) 2012-07-06 23:17:30 +00:00
if_tap.h
if_tapvar.h
if_tun.c Mark all SYSCTL_NODEs static that have no corresponding SYSCTL_DECLs. 2011-11-07 15:43:11 +00:00
if_tun.h
if_types.h A major overhaul of the CARP implementation. The ip_carp.c was started 2011-12-16 12:16:56 +00:00
if_var.h Fix the build broken by r240099. 2012-09-04 22:17:33 +00:00
if_vlan_var.h Clarify throughout the vlan(4) code the difference between a "tag" (the 2012-01-12 18:39:37 +00:00
if_vlan.c Fix a silly grammar bogon. 2012-08-21 19:07:28 +00:00
if.c Merge the projects/pf/head branch, that was worked on for last six months, 2012-09-08 06:41:54 +00:00
if.h Hold GIF_LOCK() for almost all of gif_start(). It is required to be held 2012-06-29 15:21:34 +00:00
iso88025.h
netisr_internal.h Rework netisr policy mechanism so that per-protocol dispatch policies can 2011-05-24 12:34:19 +00:00
netisr.c Mark all SYSCTL_NODEs static that have no corresponding SYSCTL_DECLs. 2011-11-07 15:43:11 +00:00
netisr.h Rework netisr policy mechanism so that per-protocol dispatch policies can 2011-05-24 12:34:19 +00:00
netmap_user.h A bit of cleanup in the names of fields of netmap-related structures. 2012-04-13 16:03:07 +00:00
netmap.h A bit of cleanup in the names of fields of netmap-related structures. 2012-04-13 16:03:07 +00:00
pf_mtag.h o Create directory sys/netpfil, where all packet filters should 2012-09-14 11:51:49 +00:00
pfil.c
pfil.h small portability fix to build on linux/windows 2010-07-15 14:41:06 +00:00
pfkeyv2.h
pfvar.h Make ruleset anchors in pf(4) reentrant. We've got two problems here: 2012-09-18 10:54:56 +00:00
ppp_defs.h
radix_mpath.c When the RADIX_MPATH kernel option is enabled, the RADIX_MPATH code tries 2011-08-25 04:31:20 +00:00
radix_mpath.h
radix.c whitespace cleanup 2010-07-15 14:41:59 +00:00
radix.h Make KBI changes required for future MFCing of inpcb rtentry / llentry caching. 2011-09-20 20:27:26 +00:00
raw_cb.c Mark all SYSCTL_NODEs static that have no corresponding SYSCTL_DECLs. 2011-11-07 15:43:11 +00:00
raw_cb.h Pass the fibnum where we need filtering of the message on the 2011-09-28 13:48:36 +00:00
raw_usrreq.c Pass the fibnum where we need filtering of the message on the 2011-09-28 13:48:36 +00:00
route.c Hide kernel option ROUTETABLES evaluations in the implementation 2012-03-18 11:23:40 +00:00
route.h When ip_output()/ip6_output() is supplied a struct route *ro argument, 2012-07-04 07:37:53 +00:00
rtsock.c Do not require radix write lock to be held while dumping route table 2012-04-22 16:13:23 +00:00
slcompress.c
slcompress.h
vnet.c Mark MALLOC_DEFINEs static that have no corresponding MALLOC_DECLAREs. 2011-11-07 06:44:47 +00:00
vnet.h Mfp4 CH=177255: 2011-02-11 14:17:58 +00:00
zlib.c
zlib.h Change some headers such that lang/gcc* ports no longer patch them. 2012-02-14 12:50:20 +00:00
zutil.h Merge projects/enhanced_coredumps (r204346) into HEAD: 2010-03-02 06:58:58 +00:00