Fri Apr 29 19:00:40 2016 UTC ()
Pull up following revision(s) (requested by christos in ticket #1152):
	sys/external/bsd/ipf/netinet/fil.c: revision 1.17
Comment out the mutex calls that protect against concurrent configuration
changes and processing. This needs to be done differently since you can't
sleep during interrupt processing.


(snj)
diff -r1.15.2.1 -r1.15.2.2 src/sys/external/bsd/ipf/netinet/fil.c
cvs diff -r1.15.2.1 -r1.15.2.2 src/sys/external/bsd/ipf/netinet/fil.c (expand / switch to unified diff)

--- src/sys/external/bsd/ipf/netinet/fil.c 2015/04/10 20:26:46 1.15.2.1
+++ src/sys/external/bsd/ipf/netinet/fil.c 2016/04/29 19:00:40 1.15.2.2
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: fil.c,v 1.15.2.1 2015/04/10 20:26:46 snj Exp $ */ 1/* $NetBSD: fil.c,v 1.15.2.2 2016/04/29 19:00:40 snj Exp $ */
2 2
3/* 3/*
4 * Copyright (C) 2012 by Darren Reed. 4 * Copyright (C) 2012 by Darren Reed.
5 * 5 *
6 * See the IPFILTER.LICENCE file for details on licencing. 6 * See the IPFILTER.LICENCE file for details on licencing.
7 * 7 *
8 * Id: fil.c,v 1.1.1.2 2012/07/22 13:45:07 darrenr Exp $ 8 * Id: fil.c,v 1.1.1.2 2012/07/22 13:45:07 darrenr Exp $
9 * 9 *
10 */ 10 */
11#if defined(KERNEL) || defined(_KERNEL) 11#if defined(KERNEL) || defined(_KERNEL)
12# undef KERNEL 12# undef KERNEL
13# undef _KERNEL 13# undef _KERNEL
14# define KERNEL 1 14# define KERNEL 1
@@ -128,27 +128,27 @@ struct file; @@ -128,27 +128,27 @@ struct file;
128#if defined(__NetBSD__) && (__NetBSD_Version__ >= 104230000) 128#if defined(__NetBSD__) && (__NetBSD_Version__ >= 104230000)
129# include <sys/callout.h> 129# include <sys/callout.h>
130extern struct callout ipf_slowtimer_ch; 130extern struct callout ipf_slowtimer_ch;
131#endif 131#endif
132#if defined(__OpenBSD__) 132#if defined(__OpenBSD__)
133# include <sys/timeout.h> 133# include <sys/timeout.h>
134extern struct timeout ipf_slowtimer_ch; 134extern struct timeout ipf_slowtimer_ch;
135#endif 135#endif
136/* END OF INCLUDES */ 136/* END OF INCLUDES */
137 137
138#if !defined(lint) 138#if !defined(lint)
139#if defined(__NetBSD__) 139#if defined(__NetBSD__)
140#include <sys/cdefs.h> 140#include <sys/cdefs.h>
141__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.15.2.1 2015/04/10 20:26:46 snj Exp $"); 141__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.15.2.2 2016/04/29 19:00:40 snj Exp $");
142#else 142#else
143static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; 143static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed";
144static const char rcsid[] = "@(#)Id: fil.c,v 1.1.1.2 2012/07/22 13:45:07 darrenr Exp $"; 144static const char rcsid[] = "@(#)Id: fil.c,v 1.1.1.2 2012/07/22 13:45:07 darrenr Exp $";
145#endif 145#endif
146#endif 146#endif
147 147
148#ifndef _KERNEL 148#ifndef _KERNEL
149# include "ipf.h" 149# include "ipf.h"
150# include "ipt.h" 150# include "ipt.h"
151extern int opts; 151extern int opts;
152extern int blockreason; 152extern int blockreason;
153#endif /* _KERNEL */ 153#endif /* _KERNEL */
154 154
@@ -2906,27 +2906,29 @@ ipf_check(void *ctx, ip_t *ip, int hlen, @@ -2906,27 +2906,29 @@ ipf_check(void *ctx, ip_t *ip, int hlen,
2906 else if (v == 6) { 2906 else if (v == 6) {
2907 if (((ip6_t *)ip)->ip6_hlim < softc->ipf_minttl) { 2907 if (((ip6_t *)ip)->ip6_hlim < softc->ipf_minttl) {
2908 LBUMPD(ipf_stats[0], fr_v6_badttl); 2908 LBUMPD(ipf_stats[0], fr_v6_badttl);
2909 fin->fin_flx |= FI_LOWTTL; 2909 fin->fin_flx |= FI_LOWTTL;
2910 } 2910 }
2911 } 2911 }
2912#endif 2912#endif
2913 } 2913 }
2914 2914
2915 if (fin->fin_flx & FI_SHORT) { 2915 if (fin->fin_flx & FI_SHORT) {
2916 LBUMPD(ipf_stats[out], fr_short); 2916 LBUMPD(ipf_stats[out], fr_short);
2917 } 2917 }
2918 2918
 2919#if 0
2919 READ_ENTER(&softc->ipf_mutex); 2920 READ_ENTER(&softc->ipf_mutex);
 2921#endif
2920 2922
2921 if (!out) { 2923 if (!out) {
2922 switch (fin->fin_v) 2924 switch (fin->fin_v)
2923 { 2925 {
2924 case 4 : 2926 case 4 :
2925 if (ipf_nat_checkin(fin, &pass) == -1) { 2927 if (ipf_nat_checkin(fin, &pass) == -1) {
2926 goto filterdone; 2928 goto filterdone;
2927 } 2929 }
2928 break; 2930 break;
2929#ifdef USE_INET6 2931#ifdef USE_INET6
2930 case 6 : 2932 case 6 :
2931 if (ipf_nat6_checkin(fin, &pass) == -1) { 2933 if (ipf_nat6_checkin(fin, &pass) == -1) {
2932 goto filterdone; 2934 goto filterdone;
@@ -3038,29 +3040,30 @@ filterdone: @@ -3038,29 +3040,30 @@ filterdone:
3038#if defined(FASTROUTE_RECURSION) 3040#if defined(FASTROUTE_RECURSION)
3039 /* 3041 /*
3040 * Up the reference on fr_lock and exit ipf_mutex. The generation of 3042 * Up the reference on fr_lock and exit ipf_mutex. The generation of
3041 * a packet below can sometimes cause a recursive call into IPFilter. 3043 * a packet below can sometimes cause a recursive call into IPFilter.
3042 * On those platforms where that does happen, we need to hang onto 3044 * On those platforms where that does happen, we need to hang onto
3043 * the filter rule just in case someone decides to remove or flush it 3045 * the filter rule just in case someone decides to remove or flush it
3044 * in the meantime. 3046 * in the meantime.
3045 */ 3047 */
3046 if (fr != NULL) { 3048 if (fr != NULL) {
3047 MUTEX_ENTER(&fr->fr_lock); 3049 MUTEX_ENTER(&fr->fr_lock);
3048 fr->fr_ref++; 3050 fr->fr_ref++;
3049 MUTEX_EXIT(&fr->fr_lock); 3051 MUTEX_EXIT(&fr->fr_lock);
3050 } 3052 }
3051 3053#if 0
3052 RWLOCK_EXIT(&softc->ipf_mutex); 3054 RWLOCK_EXIT(&softc->ipf_mutex);
3053#endif 3055#endif
 3056#endif
3054 3057
3055 if ((pass & FR_RETMASK) != 0) { 3058 if ((pass & FR_RETMASK) != 0) {
3056 /* 3059 /*
3057 * Should we return an ICMP packet to indicate error 3060 * Should we return an ICMP packet to indicate error
3058 * status passing through the packet filter ? 3061 * status passing through the packet filter ?
3059 * WARNING: ICMP error packets AND TCP RST packets should 3062 * WARNING: ICMP error packets AND TCP RST packets should
3060 * ONLY be sent in repsonse to incoming packets. Sending 3063 * ONLY be sent in repsonse to incoming packets. Sending
3061 * them in response to outbound packets can result in a 3064 * them in response to outbound packets can result in a
3062 * panic on some operating systems. 3065 * panic on some operating systems.
3063 */ 3066 */
3064 if (!out) { 3067 if (!out) {
3065 if (pass & FR_RETICMP) { 3068 if (pass & FR_RETICMP) {
3066 int dst; 3069 int dst;
@@ -3136,28 +3139,30 @@ filterdone: @@ -3136,28 +3139,30 @@ filterdone:
3136 m = *mp = NULL; 3139 m = *mp = NULL;
3137 } else if ((fdp != NULL) && (fdp->fd_ptr != NULL) && 3140 } else if ((fdp != NULL) && (fdp->fd_ptr != NULL) &&
3138 (fdp->fd_ptr != (struct ifnet *)-1)) { 3141 (fdp->fd_ptr != (struct ifnet *)-1)) {
3139 /* this is for to rules: */ 3142 /* this is for to rules: */
3140 ipf_fastroute(fin->fin_m, mp, fin, fdp); 3143 ipf_fastroute(fin->fin_m, mp, fin, fdp);
3141 m = *mp = NULL; 3144 m = *mp = NULL;
3142 } 3145 }
3143 3146
3144#if defined(FASTROUTE_RECURSION) 3147#if defined(FASTROUTE_RECURSION)
3145 (void) ipf_derefrule(softc, &fr); 3148 (void) ipf_derefrule(softc, &fr);
3146#endif 3149#endif
3147 } 3150 }
3148#if !defined(FASTROUTE_RECURSION) 3151#if !defined(FASTROUTE_RECURSION)
 3152#if 0
3149 RWLOCK_EXIT(&softc->ipf_mutex); 3153 RWLOCK_EXIT(&softc->ipf_mutex);
3150#endif 3154#endif
 3155#endif
3151 3156
3152finished: 3157finished:
3153 if (!FR_ISPASS(pass)) { 3158 if (!FR_ISPASS(pass)) {
3154 LBUMP(ipf_stats[out].fr_block); 3159 LBUMP(ipf_stats[out].fr_block);
3155 if (*mp != NULL) { 3160 if (*mp != NULL) {
3156#ifdef _KERNEL 3161#ifdef _KERNEL
3157 FREE_MB_T(*mp); 3162 FREE_MB_T(*mp);
3158#endif 3163#endif
3159 m = *mp = NULL; 3164 m = *mp = NULL;
3160 } 3165 }
3161 } else { 3166 } else {
3162 LBUMP(ipf_stats[out].fr_pass); 3167 LBUMP(ipf_stats[out].fr_pass);
3163#if defined(_KERNEL) && defined(__sgi) 3168#if defined(_KERNEL) && defined(__sgi)