Home | History | Annotate | Download | only in net
History log of /src/sys/net/pfil.c
RevisionDateAuthorComments
 1.42  16-Aug-2022  knakahara micro optimaize for pfil_run_hooks(), ok'ed by ozaki-r@n.o and ryo@n.o.

That can improve IPv4 forwarding throughput 5% - 10%.
 1.41  17-May-2022  riastradh pfil(9): Assert pfil lists are not run in interrupt context.

All the paths leading to this should have been dispensed with by now.
The network stack runs in thread or softint context these days; hard
interrupt context is used only to put packets on queues deferred to
softint.
 1.40  17-May-2022  riastradh pfil(9): Assert sleepable when editing pfil lists.

These might sleep to wait for users to drain.
 1.39  22-Jun-2020  maxv pfil_psz gets dropped by the compiler because it is unused if !NET_MPSAFE,
so add an #ifdef around it, not to leak memory. Found by kLSan.
 1.38  27-Apr-2020  nat Remove inappropriate place for __predict_false.

Ok mrg@ maya@.
 1.37  27-Apr-2020  nat Skip pfil_run_hooks if no packet filter configured in kernel.
 1.36  01-Feb-2020  riastradh Fix wrong memory order and switch pfil to atomic_load/store_*.
 1.35  10-Mar-2017  ryo branches: 1.35.14; 1.35.20;
need to membar_producer() *before* switching.

pointed out by riastradh@, thanks
 1.34  23-Jan-2017  ozaki-r Call pserialize_perform and psref_target_destroy only if NET_MPSAFE

They shouldn't be used with holding softnet_lock.
 1.33  23-Jan-2017  ozaki-r Add curlwp_bind

It is necessary for example when we use tun(4). Without it the following
panic occurs:

panic: kernel diagnostic assertion "(kpreempt_disabled() || cpu_softintr_p() || ISSET(curlwp->l_pflag, LP_BOUND))" failed: file "/usr/src/sys/kern/subr_psref.c", line 291 passive references are CPU-local, but preemption is enabled and the caller is not in a softint or CPU-bound LWP
Backtrace:
vpanic()
ch_voltag_convert_in()
psref_release()
pfil_run_arg.isra.0()
if_initialize()
if_attach()
tun_clone_create()
tunopen()
cdev_open()
spec_open()
VOP_OPEN()
vn_open()
do_open()
do_sys_openat()
sys_open()
syscall()
 1.32  16-Jan-2017  ryo Make pfil(9) MP-safe (applying psref(9))
 1.31  12-Jan-2017  ryo branches: 1.31.2;
* pfil_add_hook() no longer treats PFIL_IFADDR and PFIL_IFNET. delete them from pfil_flag_cases[].
* add/fix KASSERT
* fix comment
 1.30  04-Jan-2017  ryo Not to use ph_inout[2]. dir (= PFIL_IN or PFIL_OUT) is 1 or 2, not 0 or 1.
 1.29  26-Dec-2016  christos pfil(9) improvements to handle address changes:

Add:
PFIL_IFADDR call on interface reconfig (mbuf is ioctl #)
PFIL_IFNET call on interface attach/detach (mbuf is PFIL_IFNET_*)

from rmind@
 1.28  29-Jun-2013  rmind branches: 1.28.8; 1.28.12;
- Rewrite parts of pfil(9): use array to store hooks and thus be more cache
friendly (there are only few hooks in the system). Make the structures
opaque and the interface more strict.
- Remove PFIL_HOOKS option by making pfil(9) mandatory.
 1.27  23-Jun-2008  dyoung branches: 1.27.30; 1.27.40; 1.27.46;
Cosmetic: use LIST_FOREACH(). Join lines.
 1.26  23-Jun-2008  dyoung Cosmetic: use TAILQ_FOREACH(). Join lines.
 1.25  29-May-2008  mrg branches: 1.25.2;
remove clause #3 from my license where there are no other
copyright holders involved.
 1.24  11-Dec-2005  christos branches: 1.24.70; 1.24.72; 1.24.74; 1.24.76;
merge ktrace-lwp.
 1.23  27-Jul-2004  yamt - rename PFIL_NEWIF to PFIL_IFNET, and handle interface detach events
as well.
- use it for pf(4).

mostly from Peter Postma. PR/26403.
 1.22  18-Jul-2004  yamt pfil_run_hooks: don't dereference 'mp' unless it's a pointer.
 1.21  22-Jun-2004  itojun prepare PF-related hooks. reviewed by matt, perry, christos
 1.20  12-Nov-2001  lukem branches: 1.20.16;
add RCSIDs
 1.19  28-Dec-2000  thorpej branches: 1.19.2; 1.19.4;
Back out the sledgehammer damage applied by wiz while I was out for
the holiday.
 1.18  25-Dec-2000  wiz Back out previous change. It causes NAT to fail, and was CLEARLY
NOT TESTED before it was committed.
 1.17  22-Dec-2000  thorpej Slight adjustment to how pfil_head's are registered. Instead of a
"key" and a "dlt", use a "type" (PFIL_TYPE_{AF,IFNET} for now) and
a val/ptr appropriate for that type. This allows for more future
flexibility with the pfil_hook mechanism.
 1.16  11-Nov-2000  thorpej Restructure the PFIL_HOOKS mechanism a bit:
- All packets are passed to PFIL_HOOKS as they come off the wire, i.e.
fields in protocol headers in network order, etc.
- Allow for multiple hooks to be registered, using a "key" and a "dlt".
The "dlt" is a BPF data link type, indicating what type of header is
present.
- INET and INET6 register with key == AF_INET or AF_INET6, and
dlt == DLT_RAW.
- PFIL_HOOKS now take an argument for the filter hook, and mbuf **,
an ifnet *, and a direction (PFIL_IN or PFIL_OUT), thus making them
less IP (really, IP Filter) centric.

Maintain compatibility with IP Filter by adding wrapper functions for
IP Filter.
 1.15  23-Feb-2000  mycroft For pfil_add_hook(..., PFIL_ALL, ...), if we fail to add the output filter,
make sure to remove the input filter.
 1.14  22-Feb-2000  darrenr only call pfil_list_add with one of PFIL_IN or PFIL_OUT defined
 1.13  22-Feb-2000  darrenr return int from pfil_add_hook and pfil_remove_hook to indicate failure
or success, rather than panic'ing
 1.12  22-Feb-2000  darrenr fix from Mike Pelley to add filters in the reverse order for output
compared with input.
 1.11  20-Feb-2000  darrenr pass "struct pfil_head *" to pfil_add_hook and pfil_remove hook rather
than "struct protosw *".
 1.10  17-Feb-2000  darrenr Change the use of pfil hooks. There is no longer a single list of all
pfil information, instead, struct protosw now contains a structure
which caontains list heads, etc. The per-protosw pfil struct is passed
to pfil_hook_get(), along with an in/out flag to get the head of the
relevant filter list. This has been done for only IPv4 and IPv6, at
present, with these patches only enabling filtering for IPPROTO_IP and
IPPROTO_IPV6, although it is possible to have tcp/udp, etc, dedicated
filters now also. The ipfilter code has been updated to only filter
IPv4 packets - next major release of ipfilter is required for ipv6.
 1.9  10-Oct-1999  mrg branches: 1.9.2;
pass a pointer to the list, rather than passing a copy of it, when removing
functions from the pfil hook lists. this fixes the "missing function" problem.
also, re-add support for WAITOK that was lost several deltas ago.
 1.8  18-Jun-1999  mrg branches: 1.8.2;
call pfil_list_add with the right flag, to ensure it goes into the right list.
from mike@pelley.com in PR#7802.
 1.7  19-Mar-1998  mrg branches: 1.7.8; 1.7.10; 1.7.12;
convert pfil(9) in and out lists from <sys/queue.h> LISTs to TAILQs, and
change pfil_add_hook to put output filters at the tail of the queue,
while continuing to place input filters at the head of the queue. update
the two users of these functions, and document these changes.

fixes PR#4593.
 1.6  10-Oct-1997  mrg branches: 1.6.2;
remove advertising clause from all my licenses.
 1.5  20-Dec-1996  mrg branches: 1.5.10;
remove pfil_bad.
 1.4  13-Oct-1996  christos backout previous kprintf change
 1.3  10-Oct-1996  christos - printf -> kprintf, sprintf -> ksprintf
 1.2  05-Oct-1996  mrg minor copyright update.
 1.1  14-Sep-1996  mrg move the packet filter hooks in to a saner location. while i'm here, rename
PACKET_FILTER to PFIL_HOOKS.
 1.5.10.1  14-Oct-1997  thorpej Update marc-pcmcia branch from trunk.
 1.6.2.1  23-Jul-1998  mellon Pull up 1.7 (veego)
 1.7.12.1  30-Nov-1999  itojun bring in latest KAME (as of 19991130, KAME/NetBSD141) into kame branch
just for reference purposes.
This commit includes 1.4 -> 1.4.1 sync for kame branch.

The branch does not compile at all (due to the lack of ALTQ and some other
source code). Please do not try to modify the branch, this is just for
referenre purposes.

synchronization to latest KAME will take place on HEAD branch soon.
 1.7.10.1  21-Jun-1999  thorpej Sync w/ -current.
 1.7.8.2  10-Oct-1999  cgd pull up rev 1.9 from trunk (requested by mrg):
Fix panic()s in pfil_list_remove() when running "ipf -D" a second
time with a DIAGNOSTIC kernel.
 1.7.8.1  24-Jun-1999  perry pullup 1.7->1.8 (mrg)
 1.8.2.1  27-Dec-1999  wrstuden Pull up to last week's -current.
 1.9.2.3  05-Jan-2001  bouyer Sync with HEAD
 1.9.2.2  22-Nov-2000  bouyer Sync with HEAD.
 1.9.2.1  20-Nov-2000  bouyer Update thorpej_scsipi to -current as of a month ago
 1.19.4.1  10-Jan-2002  thorpej Sync kqueue branch with -current.
 1.19.2.1  14-Nov-2001  nathanw Catch up to -current.
 1.20.16.1  03-Aug-2004  skrll Sync with HEAD
 1.24.76.2  18-Sep-2008  wrstuden Sync with wrstuden-revivesa-base-2.
 1.24.76.1  23-Jun-2008  wrstuden Sync w/ -current. 34 merge conflicts to follow.
 1.24.74.1  04-May-2009  yamt sync with head.
 1.24.72.1  04-Jun-2008  yamt sync with head
 1.24.70.2  29-Jun-2008  mjf Sync with HEAD.
 1.24.70.1  02-Jun-2008  mjf Sync with HEAD.
 1.25.2.1  27-Jun-2008  simonb Sync with head.
 1.27.46.1  28-Aug-2013  rmind sync with head
 1.27.40.2  03-Dec-2017  jdolecek update from HEAD
 1.27.40.1  20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.27.30.1  22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.28.12.2  20-Mar-2017  pgoyette Sync with HEAD
 1.28.12.1  07-Jan-2017  pgoyette Sync with HEAD. (Note that most of these changes are simply $NetBSD$
tag issues.)
 1.28.8.2  28-Aug-2017  skrll Sync with HEAD
 1.28.8.1  05-Feb-2017  skrll Sync with HEAD
 1.31.2.1  21-Apr-2017  bouyer Sync with HEAD
 1.35.20.1  29-Feb-2020  ad Sync with head.
 1.35.14.2  27-Apr-2020  nat Skip pfil_run_hooks if no packet filter enabled in the kernel.
 1.35.14.1  08-Apr-2020  martin Merge changes from current as of 20200406

RSS XML Feed