o Use new function ip_fillid() in all places throughout the kernel,

  where we want to create a new IP datagram.
o Add support for RFC6864, which allows to set IP ID for atomic IP
  datagrams to any value, to improve performance. The behaviour is
  controlled by net.inet.ip.rfc6864 sysctl knob, which is enabled by
  default.
o In case if we generate IP ID, use counter(9) to improve performance.
o Gather all code related to IP ID into ip_id.c.

Differential Revision:		https://reviews.freebsd.org/D2177
Reviewed by:			adrian, cy, rpaulo
Tested by:			Emeric POUPON <emeric.poupon stormshield.eu>
Sponsored by:			Netflix
Sponsored by:			Nginx, Inc.
Relnotes:			yes

4 files changed, 9 insertions, 36 deletions

diff --git a/sys/contrib/ipfilter/netinet/fil.c b/sys/contrib/ipfilter/netinet/fil.c
index 55a2a4d..58d9028 100644
--- a/sys/contrib/ipfilter/netinet/fil.c
+++ b/sys/contrib/ipfilter/netinet/fil.c
@@ -6086,23 +6086,24 @@ ipf_updateipid(fin)
 	u_32_t sumd, sum;
 	ip_t *ip;
 
+	ip = fin->fin_ip;
+	ido = ntohs(ip->ip_id);
 	if (fin->fin_off != 0) {
 		sum = ipf_frag_ipidknown(fin);
 		if (sum == 0xffffffff)
 			return -1;
 		sum &= 0xffff;
 		id = (u_short)sum;
+		ip->ip_id = htons(id);
 	} else {
-		id = ipf_nextipid(fin);
-		if (fin->fin_off == 0 && (fin->fin_flx & FI_FRAG) != 0)
+		ip_fillid(ip);
+		id = ntohs(ip->ip_id);
+		if ((fin->fin_flx & FI_FRAG) != 0)
 			(void) ipf_frag_ipidnew(fin, (u_32_t)id);
 	}
 
-	ip = fin->fin_ip;
-	ido = ntohs(ip->ip_id);
 	if (id == ido)
 		return 0;
-	ip->ip_id = htons(id);
 	CALC_SUMD(ido, id, sumd);	/* DESTRUCTIVE MACRO! id,ido change */
 	sum = (~ntohs(ip->ip_sum)) & 0xffff;
 	sum += sumd;
diff --git a/sys/contrib/ipfilter/netinet/ip_fil.h b/sys/contrib/ipfilter/netinet/ip_fil.h
index 11e8b9b..0ae18e1 100644
--- a/sys/contrib/ipfilter/netinet/ip_fil.h
+++ b/sys/contrib/ipfilter/netinet/ip_fil.h
@@ -1718,6 +1718,7 @@ extern	int	ipfioctl __P((ipf_main_softc_t *, int, ioctlcmd_t,
 extern	void	m_freem __P((mb_t *));
 extern	size_t	msgdsize __P((mb_t *));
 extern	int	bcopywrap __P((void *, void *, size_t));
+extern	void	ip_fillid(struct ip *);
 #else /* #ifndef _KERNEL */
 # if defined(__NetBSD__) && defined(PFIL_HOOKS)
 extern	void	ipfilterattach __P((int));
@@ -1932,7 +1933,6 @@ extern	int		ipf_matchtag __P((ipftag_t *, ipftag_t *));
 extern	int		ipf_matchicmpqueryreply __P((int, icmpinfo_t *,
 						     struct icmp *, int));
 extern	u_32_t		ipf_newisn __P((fr_info_t *));
-extern	u_short		ipf_nextipid __P((fr_info_t *));
 extern	u_int		ipf_pcksum __P((fr_info_t *, int, u_int));
 extern	void		ipf_rule_expire __P((ipf_main_softc_t *));
 extern	int		ipf_scanlist __P((fr_info_t *, u_32_t));
diff --git a/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c b/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
index 5515561..3bb46cf 100644
--- a/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
+++ b/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
@@ -97,7 +97,6 @@ MALLOC_DEFINE(M_IPFILTER, "ipfilter", "IP Filter packet filter data structures")
 # endif
 
 
-static	u_short	ipid = 0;
 static	int	(*ipf_savep) __P((void *, ip_t *, int, void *, int, struct mbuf **));
 static	int	ipf_send_ip __P((fr_info_t *, mb_t *));
 static void	ipf_timer_func __P((void *arg));
@@ -231,8 +230,6 @@ ipfattach(softc)
 	if (softc->ipf_control_forwarding & 1)
 		V_ipforwarding = 1;
 
-	ipid = 0;
-
 	SPL_X(s);
 #if 0
 	softc->ipf_slow_ch = timeout(ipf_timer_func, softc,
@@ -1074,31 +1071,6 @@ ipf_newisn(fin)
 }
 
 
-/* ------------------------------------------------------------------------ */
-/* Function:    ipf_nextipid                                                */
-/* Returns:     int - 0 == success, -1 == error (packet should be droppped) */
-/* Parameters:  fin(I) - pointer to packet information                      */
-/*                                                                          */
-/* Returns the next IPv4 ID to use for this packet.                         */
-/* ------------------------------------------------------------------------ */
-u_short
-ipf_nextipid(fin)
-	fr_info_t *fin;
-{
-	u_short id;
-
-#ifndef	RANDOM_IP_ID
-	MUTEX_ENTER(&ipfmain.ipf_rw);
-	id = ipid++;
-	MUTEX_EXIT(&ipfmain.ipf_rw);
-#else
-	id = ip_randomid();
-#endif
-
-	return id;
-}
-
-
 INLINE int
 ipf_checkv4sum(fin)
 	fr_info_t *fin;
diff --git a/sys/contrib/ipfilter/netinet/ip_nat.c b/sys/contrib/ipfilter/netinet/ip_nat.c
index 6c93810..36b4fe3 100644
--- a/sys/contrib/ipfilter/netinet/ip_nat.c
+++ b/sys/contrib/ipfilter/netinet/ip_nat.c
@@ -5221,7 +5221,7 @@ ipf_nat_out(fin, nat, natadd, nflags)
 		}
 
 		ip = MTOD(m, ip_t *);
-		ip->ip_id = htons(ipf_nextipid(fin));
+		ip_fillid(ip);
 		s2 = ntohs(ip->ip_id);
 
 		s1 = ip->ip_len;
@@ -5666,7 +5666,7 @@ ipf_nat_in(fin, nat, natadd, nflags)
 		}
 
 		ip = MTOD(m, ip_t *);
-		ip->ip_id = htons(ipf_nextipid(fin));
+		ip_fillid(ip);
 		sum1 = ntohs(ip->ip_len);
 		ip->ip_len = ntohs(ip->ip_len);
 		ip->ip_len += fin->fin_plen;