From 77e0b69a0de4a56d863c91fefe693eced8d61967 Mon Sep 17 00:00:00 2001 From: Sepherosa Ziehau Date: Sat, 20 Sep 2008 06:08:13 +0000 Subject: [PATCH] Add PFIL_MPSAFE flag to give hint to pfil(9) that the underlying firewall code is MPSAFE. Set this flag for ipfw(4). --- share/man/man9/pfil.9 | 6 ++++-- sys/net/ipfw/ip_fw2.c | 6 +++--- sys/net/pfil.c | 24 ++++++++++++++++++++---- sys/net/pfil.h | 3 ++- 4 files changed, 29 insertions(+), 10 deletions(-) diff --git a/share/man/man9/pfil.9 b/share/man/man9/pfil.9 index 3732fc062c..5e211bfa6b 100644 --- a/share/man/man9/pfil.9 +++ b/share/man/man9/pfil.9 @@ -1,5 +1,5 @@ .\" $NetBSD: pfil.9,v 1.24 2004/01/01 15:24:35 wiz Exp $ -.\" $DragonFly: src/share/man/man9/pfil.9,v 1.8 2008/09/17 08:58:33 sephe Exp $ +.\" $DragonFly: src/share/man/man9/pfil.9,v 1.9 2008/09/20 06:08:13 sephe Exp $ .\" .\" Copyright (c) 1996 Matthew R. Green .\" All rights reserved. @@ -121,13 +121,15 @@ and .Fn pfil_remove_hook functions, indicates when the filter should be called. The flags are: -.Bl -tag -offset indent -width PFIL_ALL -compact +.Bl -tag -offset indent -width PFIL_MPSAFE -compact .It PFIL_IN call me on incoming packets .It PFIL_OUT call me on outgoing packets .It PFIL_ALL call me on all of the above +.It PFIL_MPSAFE +call me without BGL .El .Sh SEE ALSO .Xr bpf 4 diff --git a/sys/net/ipfw/ip_fw2.c b/sys/net/ipfw/ip_fw2.c index 0c9846eed7..945f6e5657 100644 --- a/sys/net/ipfw/ip_fw2.c +++ b/sys/net/ipfw/ip_fw2.c @@ -23,7 +23,7 @@ * SUCH DAMAGE. * * $FreeBSD: src/sys/netinet/ip_fw2.c,v 1.6.2.12 2003/04/08 10:42:32 maxim Exp $ - * $DragonFly: src/sys/net/ipfw/ip_fw2.c,v 1.95 2008/09/20 04:36:51 sephe Exp $ + * $DragonFly: src/sys/net/ipfw/ip_fw2.c,v 1.96 2008/09/20 06:08:13 sephe Exp $ */ /* @@ -4210,8 +4210,8 @@ ipfw_hook(void) if (pfh == NULL) return; - pfil_add_hook(ipfw_check_in, NULL, PFIL_IN, pfh); - pfil_add_hook(ipfw_check_out, NULL, PFIL_OUT, pfh); + pfil_add_hook(ipfw_check_in, NULL, PFIL_IN | PFIL_MPSAFE, pfh); + pfil_add_hook(ipfw_check_out, NULL, PFIL_OUT | PFIL_MPSAFE, pfh); } static void diff --git a/sys/net/pfil.c b/sys/net/pfil.c index 54aaa8ae40..8f9b4a3faa 100644 --- a/sys/net/pfil.c +++ b/sys/net/pfil.c @@ -1,5 +1,5 @@ /* $NetBSD: pfil.c,v 1.20 2001/11/12 23:49:46 lukem Exp $ */ -/* $DragonFly: src/sys/net/pfil.c,v 1.13 2008/09/16 11:57:30 sephe Exp $ */ +/* $DragonFly: src/sys/net/pfil.c,v 1.14 2008/09/20 06:08:13 sephe Exp $ */ /* * Copyright (c) 1996 Matthew R. Green @@ -42,6 +42,20 @@ #include #include +#define PFIL_CFGPORT cpu_portfn(0) + +#define PFIL_GETMPLOCK(pfh) \ +do { \ + if (((pfh)->pfil_flags & PFIL_MPSAFE) == 0) \ + get_mplock(); \ +} while (0) + +#define PFIL_RELMPLOCK(pfh) \ +do { \ + if (((pfh)->pfil_flags & PFIL_MPSAFE) == 0) \ + rel_mplock(); \ +} while (0) + /* * The packet filter hooks are designed for anything to call them to * possibly intercept the packet. @@ -53,8 +67,6 @@ struct packet_filter_hook { int pfil_flags; }; -#define PFIL_CFGPORT cpu_portfn(0) - struct netmsg_pfil { struct netmsg pfil_nmsg; pfil_func_t pfil_func; @@ -99,7 +111,10 @@ pfil_run_hooks(struct pfil_head *ph, struct mbuf **mp, struct ifnet *ifp, TAILQ_FOREACH(pfh, list, pfil_link) { if (pfh->pfil_func != NULL) { - rv = (*pfh->pfil_func)(pfh->pfil_arg, &m, ifp, dir); + PFIL_GETMPLOCK(pfh); + rv = pfh->pfil_func(pfh->pfil_arg, &m, ifp, dir); + PFIL_RELMPLOCK(pfh); + if (rv != 0 || m == NULL) break; } @@ -245,6 +260,7 @@ reply: * PFIL_IN call me on incoming packets * PFIL_OUT call me on outgoing packets * PFIL_ALL call me on all of the above + * PFIL_MPSAFE call me without BGL */ int pfil_add_hook(pfil_func_t func, void *arg, int flags, struct pfil_head *ph) diff --git a/sys/net/pfil.h b/sys/net/pfil.h index 2ae5a7bbcd..0265d90039 100644 --- a/sys/net/pfil.h +++ b/sys/net/pfil.h @@ -1,5 +1,5 @@ /* $NetBSD: pfil.h,v 1.22 2003/06/23 12:57:08 martin Exp $ */ -/* $DragonFly: src/sys/net/pfil.h,v 1.10 2008/09/16 11:53:33 sephe Exp $ */ +/* $DragonFly: src/sys/net/pfil.h,v 1.11 2008/09/20 06:08:13 sephe Exp $ */ /* * Copyright (c) 1996 Matthew R. Green @@ -50,6 +50,7 @@ typedef int (*pfil_func_t)(void *, struct mbuf **, struct ifnet *, int); #define PFIL_IN 0x00000001 #define PFIL_OUT 0x00000002 +#define PFIL_MPSAFE 0x00000004 #define PFIL_ALL (PFIL_IN|PFIL_OUT) typedef TAILQ_HEAD(pfil_list, packet_filter_hook) pfil_list_t; -- 2.41.0