Re: Check `flags' on target session, not multicast session

[Vitaliy Makkoveev]

On Mon, Jun 27, 2022 at 01:29:26AM +0300, Vitaliy Makkoveev wrote:
> We should check PIPEX_SFLAGS_IP{,6}_FORWARD bits on the session which we
> will output packet, not on the dummy multicast session.
> 
> npppd(8) clears these flags before release IP address assigned to
> session. So this IP address could be assigned to other session while our
> session is still alive.
> 
> We should also do this check within pppx_if_qstart(), but I want to do
> this with separate diff.
> 
> Index: sys/net/pipex.c
> ===================================================================
> RCS file: /cvs/src/sys/net/pipex.c,v
> retrieving revision 1.138
> diff -u -p -r1.138 pipex.c
> --- sys/net/pipex.c   26 Jun 2022 15:50:21 -0000      1.138
> +++ sys/net/pipex.c   26 Jun 2022 22:16:17 -0000
> @@ -801,7 +801,7 @@ pipex_ip_output(struct mbuf *m0, struct 
>               LIST_FOREACH(session_tmp, &pipex_session_list, session_list) {
>                       if (session_tmp->ownersc != session->ownersc)
>                               continue;
> -                     if ((session->flags & (PIPEX_SFLAGS_IP_FORWARD |
> +                     if ((session_tmp->flags & (PIPEX_SFLAGS_IP_FORWARD |
>                           PIPEX_SFLAGS_IP6_FORWARD)) == 0)
>                               continue;
>                       m = m_copym(m0, 0, M_COPYALL, M_NOWAIT);
>

I changed my opinion about PIPEX_SFLAGS_IP{,6}_FORWARD flags in pipex(4)
output path. We have a lot of buffers between pipex(4) server and ppp
client. Some of such buffers could be located in other routers. And
outgoing pipex(4) packets will be delivered regardless on session's
`flags'. pppx(4) output has no PIPEX_SFLAGS_IP{,6}_FORWARD flags check,
so remove them from pppac(4) output too.

This allow us to make output lockless for pppoe sessions and cover very
small code sections within pipex_{pptp,l2tp}_output().

Index: sys/net/pipex.c
===================================================================
RCS file: /cvs/src/sys/net/pipex.c,v
retrieving revision 1.141
diff -u -p -r1.141 pipex.c
--- sys/net/pipex.c     26 Jun 2022 22:51:58 -0000      1.141
+++ sys/net/pipex.c     27 Jun 2022 08:57:38 -0000
@@ -767,9 +767,7 @@ pipex_ip_output(struct mbuf *m0, struct 
                /*
                 * Multicast packet is a idle packet and it's not TCP.
                 */
-               if ((session->flags & (PIPEX_SFLAGS_IP_FORWARD |
-                   PIPEX_SFLAGS_IP6_FORWARD)) == 0)
-                       goto drop;
+
                /* reset idle timer */
                if (session->timeout_sec != 0) {
                        is_idle = 0;
@@ -802,9 +800,6 @@ pipex_ip_output(struct mbuf *m0, struct 
                LIST_FOREACH(session_tmp, &pipex_session_list, session_list) {
                        if (session_tmp->ownersc != session->ownersc)
                                continue;
-                       if ((session->flags & (PIPEX_SFLAGS_IP_FORWARD |
-                           PIPEX_SFLAGS_IP6_FORWARD)) == 0)
-                               continue;
                        m = m_copym(m0, 0, M_COPYALL, M_NOWAIT);
                        if (m == NULL) {
                                counters_inc(session->stat_counters,
@@ -817,8 +812,6 @@ pipex_ip_output(struct mbuf *m0, struct 
        }
 
        return;
-drop:
-       m_freem(m0);
 dropped:
        counters_inc(session->stat_counters, pxc_oerrors);
 }