MFP4: @176978-176982, 176984, 176990-176994, 177441

"Whitspace" churn after the VIMAGE/VNET whirls. Remove the need for some "init" functions within the network stack, like pim6_init(), icmp_init() or significantly shorten others like ip6_init() and nd6_init(), using static initialization again where possible and formerly missed. Move (most) variables back to the place they used to be before the container structs and VIMAGE_GLOABLS (before r185088) and try to reduce the diff to stable/7 and earlier as good as possible, to help out-of-tree consumers to update from 6.x or 7.x to 8 or 9. This also removes some header file pollution for putatively static global variables. Revert VIMAGE specific changes in ipfilter::ip_auth.c, that are no longer needed. Reviewed by: jhb Discussed with: rwatson Sponsored by: The FreeBSD Foundation Sponsored by: CK Software GmbH MFC after: 6 days
author: bz <bz@FreeBSD.org> 2010-04-29 11:52:42 +0000
committer: bz <bz@FreeBSD.org> 2010-04-29 11:52:42 +0000
commit: 0a90ef17283bc848eee90c3bdd5bec3fcc1bc879 (patch)
tree: e6f9695e24617b291f2a8f0b1f388eda2e605549 /sys/netinet
parent: 043deeb56455e1129861bf93ec57f03b90200344 (diff)
download: FreeBSD-src-0a90ef17283bc848eee90c3bdd5bec3fcc1bc879.zip
FreeBSD-src-0a90ef17283bc848eee90c3bdd5bec3fcc1bc879.tar.gz
21 files changed, 177 insertions, 306 deletions
diff --git a/sys/netinet/icmp6.h b/sys/netinet/icmp6.h
index c3a8ac7..5faae7c 100644
--- a/sys/netinet/icmp6.h
+++ b/sys/netinet/icmp6.h
@@ -652,7 +652,6 @@ struct	rtentry;
 struct	rttimer;
 struct	in6_multi;
 # endif
-void	icmp6_init(void);
 void	icmp6_paramerror(struct mbuf *, int);
 void	icmp6_error(struct mbuf *, int, int, int);
 void	icmp6_error2(struct mbuf *, int, int, int, struct ifnet *);
diff --git a/sys/netinet/if_ether.c b/sys/netinet/if_ether.c
index 25fba9f..08a162f 100644
--- a/sys/netinet/if_ether.c
+++ b/sys/netinet/if_ether.c
@@ -82,16 +82,15 @@ SYSCTL_DECL(_net_link_ether);
 SYSCTL_NODE(_net_link_ether, PF_INET, inet, CTLFLAG_RW, 0, "");
 SYSCTL_NODE(_net_link_ether, PF_ARP, arp, CTLFLAG_RW, 0, "");
 
-VNET_DEFINE(int, useloopback) = 1;	/* use loopback interface for
-					 * local traffic */
-
 /* timer values */
 static VNET_DEFINE(int, arpt_keep) = (20*60);	/* once resolved, good for 20
 						 * minutes */
+static VNET_DEFINE(int, arp_maxtries) = 5;
+VNET_DEFINE(int, useloopback) = 1;	/* use loopback interface for
+					 * local traffic */
+static VNET_DEFINE(int, arp_proxyall) = 0;
 static VNET_DEFINE(int, arpt_down) = 20;      /* keep incomplete entries for
 					       * 20 seconds */
-static VNET_DEFINE(int, arp_maxtries) = 5;
-static VNET_DEFINE(int, arp_proxyall);
 static VNET_DEFINE(struct arpstat, arpstat);  /* ARP statistics, see if_arp.h */
 
 #define	V_arpt_keep		VNET(arpt_keep)
@@ -103,7 +102,6 @@ static VNET_DEFINE(struct arpstat, arpstat);  /* ARP statistics, see if_arp.h */
 SYSCTL_VNET_INT(_net_link_ether_inet, OID_AUTO, max_age, CTLFLAG_RW,
 	&VNET_NAME(arpt_keep), 0,
 	"ARP entry lifetime in seconds");
-
 SYSCTL_VNET_INT(_net_link_ether_inet, OID_AUTO, maxtries, CTLFLAG_RW,
 	&VNET_NAME(arp_maxtries), 0,
 	"ARP resolution attempts before returning error");
diff --git a/sys/netinet/in.c b/sys/netinet/in.c
index 0a0fe47..96bfa0e 100644
--- a/sys/netinet/in.c
+++ b/sys/netinet/in.c
@@ -77,20 +77,19 @@ static int	in_ifinit(struct ifnet *,
 static void	in_purgemaddrs(struct ifnet *);
 
 static VNET_DEFINE(int, subnetsarelocal);
-static VNET_DEFINE(int, sameprefixcarponly);
-VNET_DECLARE(struct inpcbinfo, ripcbinfo);
-
 #define	V_subnetsarelocal		VNET(subnetsarelocal)
-#define	V_sameprefixcarponly		VNET(sameprefixcarponly)
-#define	V_ripcbinfo			VNET(ripcbinfo)
-
 SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, subnets_are_local, CTLFLAG_RW,
 	&VNET_NAME(subnetsarelocal), 0,
 	"Treat all subnets as directly connected");
+static VNET_DEFINE(int, sameprefixcarponly);
+#define	V_sameprefixcarponly		VNET(sameprefixcarponly)
 SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, same_prefix_carp_only, CTLFLAG_RW,
 	&VNET_NAME(sameprefixcarponly), 0,
 	"Refuse to create same prefixes on different interfaces");
 
+VNET_DECLARE(struct inpcbinfo, ripcbinfo);
+#define	V_ripcbinfo			VNET(ripcbinfo)
+
 /*
  * Return 1 if an internet address is for a ``local'' host
  * (one to which we have a connection).  If subnetsarelocal
diff --git a/sys/netinet/in_gif.c b/sys/netinet/in_gif.c
index 44b9961..6c60390 100644
--- a/sys/netinet/in_gif.c
+++ b/sys/netinet/in_gif.c
@@ -85,6 +85,8 @@ struct protosw in_gif_protosw = {
 	.pr_usrreqs =		&rip_usrreqs
 };
 
+VNET_DEFINE(int, ip_gif_ttl) = GIF_TTL;
+#define	V_ip_gif_ttl		VNET(ip_gif_ttl)
 SYSCTL_VNET_INT(_net_inet_ip, IPCTL_GIF_TTL, gifttl, CTLFLAG_RW,
 	&VNET_NAME(ip_gif_ttl), 0, "");
 
diff --git a/sys/netinet/in_proto.c b/sys/netinet/in_proto.c
index d9cab84..6d72fbe 100644
--- a/sys/netinet/in_proto.c
+++ b/sys/netinet/in_proto.c
@@ -208,7 +208,6 @@ struct protosw inetsw[] = {
 	.pr_flags =		PR_ATOMIC|PR_ADDR|PR_LASTHDR,
 	.pr_input =		icmp_input,
 	.pr_ctloutput =		rip_ctloutput,
-	.pr_init =		icmp_init,
 	.pr_usrreqs =		&rip_usrreqs
 },
 {
diff --git a/sys/netinet/in_rmx.c b/sys/netinet/in_rmx.c
index 6516277..5b8e0f6 100644
--- a/sys/netinet/in_rmx.c
+++ b/sys/netinet/in_rmx.c
@@ -131,22 +131,22 @@ in_matroute(void *v_arg, struct radix_node_head *head)
 	return rn;
 }
 
-static VNET_DEFINE(int, rtq_reallyold);
-static VNET_DEFINE(int, rtq_minreallyold);
-static VNET_DEFINE(int, rtq_toomany);
-
+static VNET_DEFINE(int, rtq_reallyold) = 60*60; /* one hour is "really old" */
 #define	V_rtq_reallyold		VNET(rtq_reallyold)
-#define	V_rtq_minreallyold	VNET(rtq_minreallyold)
-#define	V_rtq_toomany		VNET(rtq_toomany)
-
 SYSCTL_VNET_INT(_net_inet_ip, IPCTL_RTEXPIRE, rtexpire, CTLFLAG_RW,
     &VNET_NAME(rtq_reallyold), 0,
     "Default expiration time on dynamically learned routes");
 
+/* never automatically crank down to less */
+static VNET_DEFINE(int, rtq_minreallyold) = 10;
+#define	V_rtq_minreallyold	VNET(rtq_minreallyold)
 SYSCTL_VNET_INT(_net_inet_ip, IPCTL_RTMINEXPIRE, rtminexpire, CTLFLAG_RW,
     &VNET_NAME(rtq_minreallyold), 0,
     "Minimum time to attempt to hold onto dynamically learned routes");
 
+/* 128 cached routes is "too many" */
+static VNET_DEFINE(int, rtq_toomany) = 128;
+#define	V_rtq_toomany		VNET(rtq_toomany)
 SYSCTL_VNET_INT(_net_inet_ip, IPCTL_RTMAXCACHE, rtmaxcache, CTLFLAG_RW,
     &VNET_NAME(rtq_toomany), 0,
     "Upper limit on dynamically learned routes");
@@ -239,7 +239,7 @@ in_rtqkill(struct radix_node *rn, void *rock)
 }
 
 #define RTQ_TIMEOUT	60*10	/* run no less than once every ten minutes */
-static VNET_DEFINE(int, rtq_timeout);
+static VNET_DEFINE(int, rtq_timeout) = RTQ_TIMEOUT;
 static VNET_DEFINE(struct callout, rtq_timer);
 
 #define	V_rtq_timeout		VNET(rtq_timeout)
@@ -362,11 +362,6 @@ in_inithead(void **head, int off)
 	if (off == 0)		/* XXX MRT  see above */
 		return 1;	/* only do the rest for a real routing table */
 
-	V_rtq_reallyold = 60*60; /* one hour is "really old" */
-	V_rtq_minreallyold = 10; /* never automatically crank down to less */
-	V_rtq_toomany = 128;	 /* 128 cached routes is "too many" */
-	V_rtq_timeout = RTQ_TIMEOUT;
-
 	rnh = *head;
 	rnh->rnh_addaddr = in_addroute;
 	rnh->rnh_matchaddr = in_matroute;
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c
index b13bc7c..8dc08d9 100644
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@@ -75,65 +75,60 @@ __FBSDID("$FreeBSD$");
  * routines to turnaround packets back to the originator, and
  * host table maintenance routines.
  */
-
 VNET_DEFINE(struct icmpstat, icmpstat);
-static VNET_DEFINE(int, icmpmaskrepl);
-static VNET_DEFINE(u_int, icmpmaskfake);
-static VNET_DEFINE(int, drop_redirect);
-static VNET_DEFINE(int, log_redirect);
-static VNET_DEFINE(int, icmplim);
-static VNET_DEFINE(int, icmplim_output);
-static VNET_DEFINE(char, reply_src[IFNAMSIZ]);
-static VNET_DEFINE(int, icmp_rfi);
-static VNET_DEFINE(int, icmp_quotelen);
-static VNET_DEFINE(int, icmpbmcastecho);
-
-#define	V_icmpmaskrepl			VNET(icmpmaskrepl)
-#define	V_icmpmaskfake			VNET(icmpmaskfake)
-#define	V_drop_redirect			VNET(drop_redirect)
-#define	V_log_redirect			VNET(log_redirect)
-#define	V_icmplim			VNET(icmplim)
-#define	V_icmplim_output		VNET(icmplim_output)
-#define	V_reply_src			VNET(reply_src)
-#define	V_icmp_rfi			VNET(icmp_rfi)
-#define	V_icmp_quotelen			VNET(icmp_quotelen)
-#define	V_icmpbmcastecho		VNET(icmpbmcastecho)
-
 SYSCTL_VNET_STRUCT(_net_inet_icmp, ICMPCTL_STATS, stats, CTLFLAG_RW,
 	&VNET_NAME(icmpstat), icmpstat, "");
 
+static VNET_DEFINE(int, icmpmaskrepl) = 0;
+#define	V_icmpmaskrepl			VNET(icmpmaskrepl)
 SYSCTL_VNET_INT(_net_inet_icmp, ICMPCTL_MASKREPL, maskrepl, CTLFLAG_RW,
 	&VNET_NAME(icmpmaskrepl), 0,
 	"Reply to ICMP Address Mask Request packets.");
 
+static VNET_DEFINE(u_int, icmpmaskfake) = 0;
+#define	V_icmpmaskfake			VNET(icmpmaskfake)
 SYSCTL_VNET_UINT(_net_inet_icmp, OID_AUTO, maskfake, CTLFLAG_RW,
 	&VNET_NAME(icmpmaskfake), 0,
 	"Fake reply to ICMP Address Mask Request packets.");
 
+static VNET_DEFINE(int, drop_redirect) = 0;
+#define	V_drop_redirect			VNET(drop_redirect)
 SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, drop_redirect, CTLFLAG_RW,
 	&VNET_NAME(drop_redirect), 0,
 	"Ignore ICMP redirects");
 
+static VNET_DEFINE(int, log_redirect) = 0;
+#define	V_log_redirect			VNET(log_redirect)
 SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, log_redirect, CTLFLAG_RW,
 	&VNET_NAME(log_redirect), 0,
 	"Log ICMP redirects to the console");
 
+static VNET_DEFINE(int, icmplim) = 200;
+#define	V_icmplim			VNET(icmplim)
 SYSCTL_VNET_INT(_net_inet_icmp, ICMPCTL_ICMPLIM, icmplim, CTLFLAG_RW,
 	&VNET_NAME(icmplim), 0,
 	"Maximum number of ICMP responses per second");
 
+static VNET_DEFINE(int, icmplim_output) = 1;
+#define	V_icmplim_output		VNET(icmplim_output)
 SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, icmplim_output, CTLFLAG_RW,
 	&VNET_NAME(icmplim_output), 0,
 	"Enable rate limiting of ICMP responses");
 
+static VNET_DEFINE(char, reply_src[IFNAMSIZ]);
+#define	V_reply_src			VNET(reply_src)
 SYSCTL_VNET_STRING(_net_inet_icmp, OID_AUTO, reply_src, CTLFLAG_RW,
 	&VNET_NAME(reply_src), IFNAMSIZ,
 	"icmp reply source for non-local packets.");
 
+static VNET_DEFINE(int, icmp_rfi) = 0;
+#define	V_icmp_rfi			VNET(icmp_rfi)
 SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, reply_from_interface, CTLFLAG_RW,
 	&VNET_NAME(icmp_rfi), 0,
 	"ICMP reply from incoming interface for non-local packets");
 
+static VNET_DEFINE(int, icmp_quotelen) = 8;
+#define	V_icmp_quotelen			VNET(icmp_quotelen)
 SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, quotelen, CTLFLAG_RW,
 	&VNET_NAME(icmp_quotelen), 0,
 	"Number of bytes from original packet to quote in ICMP reply");
@@ -141,7 +136,8 @@ SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, quotelen, CTLFLAG_RW,
 /*
  * ICMP broadcast echo sysctl
  */
-
+static VNET_DEFINE(int, icmpbmcastecho) = 0;
+#define	V_icmpbmcastecho		VNET(icmpbmcastecho)
 SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, bmcastecho, CTLFLAG_RW,
 	&VNET_NAME(icmpbmcastecho), 0,
 	"");
@@ -156,21 +152,6 @@ static void	icmp_send(struct mbuf *, struct mbuf *);
 
 extern	struct protosw inetsw[];
 
-void
-icmp_init(void)
-{
-
-	V_icmpmaskrepl = 0;
-	V_icmpmaskfake = 0;
-	V_drop_redirect = 0;
-	V_log_redirect = 0;
-	V_icmplim = 200;
-	V_icmplim_output = 1;
-	V_icmp_rfi = 0;
-	V_icmp_quotelen = 8;
-	V_icmpbmcastecho = 0;
-}
-
 /*
  * Kernel module interface for updating icmpstat.  The argument is an index
  * into icmpstat treated as an array of u_long.  While this encodes the
diff --git a/sys/netinet/ip_icmp.h b/sys/netinet/ip_icmp.h
index e4ee7f7..9cabdb5 100644
--- a/sys/netinet/ip_icmp.h
+++ b/sys/netinet/ip_icmp.h
@@ -208,7 +208,6 @@ struct icmp {
 #ifdef _KERNEL
 void	icmp_error(struct mbuf *, int, int, uint32_t, int);
 void	icmp_input(struct mbuf *, int);
-void	icmp_init(void);
 int	ip_next_mtu(int, int);
 #endif
 
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index fdef645..a17907c 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -89,66 +89,40 @@ __FBSDID("$FreeBSD$");
 CTASSERT(sizeof(struct ip) == 20);
 #endif
 
-static VNET_DEFINE(int, ipsendredirects) = 1;	/* XXX */
-static VNET_DEFINE(int, ip_checkinterface);
-static VNET_DEFINE(int, ip_keepfaith);
-static VNET_DEFINE(int, ip_sendsourcequench);
-
-#define	V_ipsendredirects	VNET(ipsendredirects)
-#define	V_ip_checkinterface	VNET(ip_checkinterface)
-#define	V_ip_keepfaith		VNET(ip_keepfaith)
-#define	V_ip_sendsourcequench	VNET(ip_sendsourcequench)
-
-VNET_DEFINE(int, ip_defttl) = IPDEFTTL;
-VNET_DEFINE(int, ip_do_randomid);
-VNET_DEFINE(int, ipforwarding);
-
-VNET_DEFINE(struct in_ifaddrhead, in_ifaddrhead);  /* first inet address */
-VNET_DEFINE(struct in_ifaddrhashhead *, in_ifaddrhashtbl); /* inet addr hash table  */
-VNET_DEFINE(u_long, in_ifaddrhmask);		/* mask for hash table */
-VNET_DEFINE(struct ipstat, ipstat);
-
-static VNET_DEFINE(int, ip_rsvp_on);
-VNET_DEFINE(struct socket *, ip_rsvpd);
-VNET_DEFINE(int, rsvp_on);
-
-#define	V_ip_rsvp_on		VNET(ip_rsvp_on)
-
-static VNET_DEFINE(TAILQ_HEAD(ipqhead, ipq), ipq[IPREASS_NHASH]);
-static VNET_DEFINE(int, maxnipq);  /* Administrative limit on # reass queues. */
-static VNET_DEFINE(int, maxfragsperpacket);
-static VNET_DEFINE(int, nipq);			/* Total # of reass queues */
-
-#define	V_ipq			VNET(ipq)
-#define	V_maxnipq		VNET(maxnipq)
-#define	V_maxfragsperpacket	VNET(maxfragsperpacket)
-#define	V_nipq			VNET(nipq)
-
-VNET_DEFINE(int, ipstealth);
-
 struct	rwlock in_ifaddr_lock;
 RW_SYSINIT(in_ifaddr_lock, &in_ifaddr_lock, "in_ifaddr_lock");
 
+VNET_DEFINE(int, rsvp_on);
+
+VNET_DEFINE(int, ipforwarding);
 SYSCTL_VNET_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW,
     &VNET_NAME(ipforwarding), 0,
     "Enable IP forwarding between interfaces");
 
+static VNET_DEFINE(int, ipsendredirects) = 1;	/* XXX */
+#define	V_ipsendredirects	VNET(ipsendredirects)
 SYSCTL_VNET_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW,
     &VNET_NAME(ipsendredirects), 0,
     "Enable sending IP redirects");
 
+VNET_DEFINE(int, ip_defttl) = IPDEFTTL;
 SYSCTL_VNET_INT(_net_inet_ip, IPCTL_DEFTTL, ttl, CTLFLAG_RW,
     &VNET_NAME(ip_defttl), 0,
     "Maximum TTL on IP packets");
 
+static VNET_DEFINE(int, ip_keepfaith);
+#define	V_ip_keepfaith		VNET(ip_keepfaith)
 SYSCTL_VNET_INT(_net_inet_ip, IPCTL_KEEPFAITH, keepfaith, CTLFLAG_RW,
     &VNET_NAME(ip_keepfaith), 0,
     "Enable packet capture for FAITH IPv4->IPv6 translater daemon");
 
+static VNET_DEFINE(int, ip_sendsourcequench);
+#define	V_ip_sendsourcequench	VNET(ip_sendsourcequench)
 SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, sendsourcequench, CTLFLAG_RW,
     &VNET_NAME(ip_sendsourcequench), 0,
     "Enable the transmission of source quench packets");
 
+VNET_DEFINE(int, ip_do_randomid);
 SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, random_id, CTLFLAG_RW,
     &VNET_NAME(ip_do_randomid), 0,
     "Assign random ip_id values");
@@ -166,6 +140,8 @@ SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, random_id, CTLFLAG_RW,
  * to the loopback interface instead of the interface where the
  * packets for those addresses are received.
  */
+static VNET_DEFINE(int, ip_checkinterface);
+#define	V_ip_checkinterface	VNET(ip_checkinterface)
 SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, check_interface, CTLFLAG_RW,
     &VNET_NAME(ip_checkinterface), 0,
     "Verify packet arrives on correct interface");
@@ -182,16 +158,22 @@ static struct netisr_handler ip_nh = {
 extern	struct domain inetdomain;
 extern	struct protosw inetsw[];
 u_char	ip_protox[IPPROTO_MAX];
+VNET_DEFINE(struct in_ifaddrhead, in_ifaddrhead);  /* first inet address */
+VNET_DEFINE(struct in_ifaddrhashhead *, in_ifaddrhashtbl); /* inet addr hash table  */
+VNET_DEFINE(u_long, in_ifaddrhmask);		/* mask for hash table */
 
+VNET_DEFINE(struct ipstat, ipstat);
 SYSCTL_VNET_STRUCT(_net_inet_ip, IPCTL_STATS, stats, CTLFLAG_RW,
     &VNET_NAME(ipstat), ipstat,
     "IP statistics (struct ipstat, netinet/ip_var.h)");
 
 static VNET_DEFINE(uma_zone_t, ipq_zone);
-#define	V_ipq_zone		VNET(ipq_zone)
-
+static VNET_DEFINE(TAILQ_HEAD(ipqhead, ipq), ipq[IPREASS_NHASH]);
 static struct mtx ipqlock;
 
+#define	V_ipq_zone		VNET(ipq_zone)
+#define	V_ipq			VNET(ipq)
+
 #define	IPQ_LOCK()	mtx_lock(&ipqlock)
 #define	IPQ_UNLOCK()	mtx_unlock(&ipqlock)
 #define	IPQ_LOCK_INIT()	mtx_init(&ipqlock, "ipqlock", NULL, MTX_DEF)
@@ -201,10 +183,16 @@ static void	maxnipq_update(void);
 static void	ipq_zone_change(void *);
 static void	ip_drain_locked(void);
 
+static VNET_DEFINE(int, maxnipq);  /* Administrative limit on # reass queues. */
+static VNET_DEFINE(int, nipq);			/* Total # of reass queues */
+#define	V_maxnipq		VNET(maxnipq)
+#define	V_nipq			VNET(nipq)
 SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, fragpackets, CTLFLAG_RD,
     &VNET_NAME(nipq), 0,
     "Current number of IPv4 fragment reassembly queue entries");
 
+static VNET_DEFINE(int, maxfragsperpacket);
+#define	V_maxfragsperpacket	VNET(maxfragsperpacket)
 SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, maxfragsperpacket, CTLFLAG_RW,
     &VNET_NAME(maxfragsperpacket), 0,
     "Maximum number of IPv4 fragments allowed per packet");
@@ -217,6 +205,7 @@ SYSCTL_INT(_net_inet_ip, IPCTL_DEFMTU, mtu, CTLFLAG_RW,
 #endif
 
 #ifdef IPSTEALTH
+VNET_DEFINE(int, ipstealth);
 SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, stealth, CTLFLAG_RW,
     &VNET_NAME(ipstealth), 0,
     "IP stealth mode, no TTL decrementation on forwarding");
@@ -1740,6 +1729,11 @@ makedummy:
  * locking.  This code remains in ip_input.c as ip_mroute.c is optionally
  * compiled.
  */
+static VNET_DEFINE(int, ip_rsvp_on);
+VNET_DEFINE(struct socket *, ip_rsvpd);
+
+#define	V_ip_rsvp_on		VNET(ip_rsvp_on)
+
 int
 ip_rsvp_init(struct socket *so)
 {
diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h
index 389ad6e..4415001 100644
--- a/sys/netinet/ip_var.h
+++ b/sys/netinet/ip_var.h
@@ -181,9 +181,13 @@ VNET_DECLARE(int, ipforwarding);		/* ip forwarding */
 #ifdef IPSTEALTH
 VNET_DECLARE(int, ipstealth);			/* stealth forwarding */
 #endif
-VNET_DECLARE(int, rsvp_on);
+extern u_char	ip_protox[];
 VNET_DECLARE(struct socket *, ip_rsvpd);	/* reservation protocol daemon*/
 VNET_DECLARE(struct socket *, ip_mrouter);	/* multicast routing daemon */
+extern int	(*legal_vif_num)(int);
+extern u_long	(*ip_mcast_src)(int);
+VNET_DECLARE(int, rsvp_on);
+extern struct	pr_usrreqs rip_usrreqs;
 
 #define	V_ipstat		VNET(ipstat)
 #define	V_ip_id			VNET(ip_id)
@@ -192,14 +196,9 @@ VNET_DECLARE(struct socket *, ip_mrouter);	/* multicast routing daemon */
 #ifdef IPSTEALTH
 #define	V_ipstealth		VNET(ipstealth)
 #endif
-#define	V_rsvp_on		VNET(rsvp_on)
 #define	V_ip_rsvpd		VNET(ip_rsvpd)
 #define	V_ip_mrouter		VNET(ip_mrouter)
-
-extern u_char	ip_protox[];
-extern int	(*legal_vif_num)(int);
-extern u_long	(*ip_mcast_src)(int);
-extern struct	pr_usrreqs rip_usrreqs;
+#define	V_rsvp_on		VNET(rsvp_on)
 
 void	inp_freemoptions(struct ip_moptions *);
 int	inp_getmoptions(struct inpcb *, struct sockopt *);
diff --git a/sys/netinet/tcp_hostcache.c b/sys/netinet/tcp_hostcache.c
index a0c4012..d20adb7 100644
--- a/sys/netinet/tcp_hostcache.c
+++ b/sys/netinet/tcp_hostcache.c
@@ -107,9 +107,9 @@ __FBSDID("$FreeBSD$");
 #define TCP_HOSTCACHE_PRUNE		5*60	/* every 5 minutes */
 
 static VNET_DEFINE(struct tcp_hostcache, tcp_hostcache);
-static VNET_DEFINE(struct callout, tcp_hc_callout);
-
 #define	V_tcp_hostcache		VNET(tcp_hostcache)
+
+static VNET_DEFINE(struct callout, tcp_hc_callout);
 #define	V_tcp_hc_callout	VNET(tcp_hc_callout)
 
 static struct hc_metrics *tcp_hc_lookup(struct in_conninfo *);
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 0254cff..cbba9cd 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -99,20 +99,6 @@ __FBSDID("$FreeBSD$");
 static const int tcprexmtthresh = 3;
 
 VNET_DEFINE(struct tcpstat, tcpstat);
-VNET_DEFINE(int, blackhole);
-VNET_DEFINE(int, tcp_delack_enabled);
-VNET_DEFINE(int, drop_synfin);
-VNET_DEFINE(int, tcp_do_rfc3042);
-VNET_DEFINE(int, tcp_do_rfc3390);
-VNET_DEFINE(int, tcp_do_ecn);
-VNET_DEFINE(int, tcp_ecn_maxretries);
-VNET_DEFINE(int, tcp_insecure_rst);
-VNET_DEFINE(int, tcp_do_autorcvbuf);
-VNET_DEFINE(int, tcp_autorcvbuf_inc);
-VNET_DEFINE(int, tcp_autorcvbuf_max);
-VNET_DEFINE(int, tcp_do_rfc3465);
-VNET_DEFINE(int, tcp_abc_l_var);
-
 SYSCTL_VNET_STRUCT(_net_inet_tcp, TCPCTL_STATS, stats, CTLFLAG_RW,
     &VNET_NAME(tcpstat), tcpstat,
     "TCP statistics (struct tcpstat, netinet/tcp_var.h)");
@@ -122,56 +108,79 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_in_vain, CTLFLAG_RW,
     &tcp_log_in_vain, 0,
     "Log all incoming TCP segments to closed ports");
 
+VNET_DEFINE(int, blackhole) = 0;
+#define	V_blackhole		VNET(blackhole)
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, blackhole, CTLFLAG_RW,
     &VNET_NAME(blackhole), 0,
     "Do not send RST on segments to closed ports");
 
+VNET_DEFINE(int, tcp_delack_enabled) = 1;
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, delayed_ack, CTLFLAG_RW,
     &VNET_NAME(tcp_delack_enabled), 0,
     "Delay ACK to try and piggyback it onto a data packet");
 
+VNET_DEFINE(int, drop_synfin) = 0;
+#define	V_drop_synfin		VNET(drop_synfin)
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, drop_synfin, CTLFLAG_RW,
     &VNET_NAME(drop_synfin), 0,
     "Drop TCP packets with SYN+FIN set");
 
+VNET_DEFINE(int, tcp_do_rfc3042) = 1;
+#define	V_tcp_do_rfc3042	VNET(tcp_do_rfc3042)
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, rfc3042, CTLFLAG_RW,
     &VNET_NAME(tcp_do_rfc3042), 0,
     "Enable RFC 3042 (Limited Transmit)");
 
+VNET_DEFINE(int, tcp_do_rfc3390) = 1;
+#define	V_tcp_do_rfc3390	VNET(tcp_do_rfc3390)
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, rfc3390, CTLFLAG_RW,
     &VNET_NAME(tcp_do_rfc3390), 0,
     "Enable RFC 3390 (Increasing TCP's Initial Congestion Window)");
 
+VNET_DEFINE(int, tcp_do_rfc3465) = 1;
+#define	V_tcp_do_rfc3465	VNET(tcp_do_rfc3465)
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, rfc3465, CTLFLAG_RW,
     &VNET_NAME(tcp_do_rfc3465), 0,
     "Enable RFC 3465 (Appropriate Byte Counting)");
 
+VNET_DEFINE(int, tcp_abc_l_var) = 2;
+#define	V_tcp_abc_l_var		VNET(tcp_abc_l_var)
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, abc_l_var, CTLFLAG_RW,
     &VNET_NAME(tcp_abc_l_var), 2,
     "Cap the max cwnd increment during slow-start to this number of segments");
 
 SYSCTL_NODE(_net_inet_tcp, OID_AUTO, ecn, CTLFLAG_RW, 0, "TCP ECN");
 
+VNET_DEFINE(int, tcp_do_ecn) = 0;
 SYSCTL_VNET_INT(_net_inet_tcp_ecn, OID_AUTO, enable, CTLFLAG_RW,
     &VNET_NAME(tcp_do_ecn), 0,
     "TCP ECN support");
 
+VNET_DEFINE(int, tcp_ecn_maxretries) = 1;
 SYSCTL_VNET_INT(_net_inet_tcp_ecn, OID_AUTO, maxretries, CTLFLAG_RW,
     &VNET_NAME(tcp_ecn_maxretries), 0,
     "Max retries before giving up on ECN");
 
+VNET_DEFINE(int, tcp_insecure_rst) = 0;
+#define	V_tcp_insecure_rst	VNET(tcp_insecure_rst)
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, insecure_rst, CTLFLAG_RW,
     &VNET_NAME(tcp_insecure_rst), 0,
     "Follow the old (insecure) criteria for accepting RST packets");
 
+VNET_DEFINE(int, tcp_do_autorcvbuf) = 1;
+#define	V_tcp_do_autorcvbuf	VNET(tcp_do_autorcvbuf)
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, recvbuf_auto, CTLFLAG_RW,
     &VNET_NAME(tcp_do_autorcvbuf), 0,
     "Enable automatic receive buffer sizing");
 
+VNET_DEFINE(int, tcp_autorcvbuf_inc) = 16*1024;
+#define	V_tcp_autorcvbuf_inc	VNET(tcp_autorcvbuf_inc)
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, recvbuf_inc, CTLFLAG_RW,
     &VNET_NAME(tcp_autorcvbuf_inc), 0,
     "Incrementor step size of automatic receive buffer");
 
+VNET_DEFINE(int, tcp_autorcvbuf_max) = 256*1024;
+#define	V_tcp_autorcvbuf_max	VNET(tcp_autorcvbuf_max)
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, recvbuf_max, CTLFLAG_RW,
     &VNET_NAME(tcp_autorcvbuf_max), 0,
     "Max size of automatic receive buffer");
@@ -181,8 +190,8 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, read_locking, CTLFLAG_RW,
     &tcp_read_locking, 0, "Enable read locking strategy");
 
 VNET_DEFINE(struct inpcbhead, tcb);
-VNET_DEFINE(struct inpcbinfo, tcbinfo);
 #define	tcb6	tcb  /* for KAME src sync over BSD*'s */
+VNET_DEFINE(struct inpcbinfo, tcbinfo);
 
 static void	 tcp_dooptions(struct tcpopt *, u_char *, int, int);
 static void	 tcp_do_segment(struct mbuf *, struct tcphdr *,
diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c
index f9d1b63..50973c4 100644
--- a/sys/netinet/tcp_output.c
+++ b/sys/netinet/tcp_output.c
@@ -87,43 +87,46 @@ __FBSDID("$FreeBSD$");
 extern struct mbuf *m_copypack();
 #endif
 
-VNET_DEFINE(int, path_mtu_discovery);
-VNET_DEFINE(int, ss_fltsz);
-VNET_DEFINE(int, ss_fltsz_local);
-VNET_DEFINE(int, tcp_do_newreno);
-VNET_DEFINE(int, tcp_do_tso);
-VNET_DEFINE(int, tcp_do_autosndbuf);
-VNET_DEFINE(int, tcp_autosndbuf_inc);
-VNET_DEFINE(int, tcp_autosndbuf_max);
-
+VNET_DEFINE(int, path_mtu_discovery) = 1;
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, path_mtu_discovery, CTLFLAG_RW,
 	&VNET_NAME(path_mtu_discovery), 1,
 	"Enable Path MTU Discovery");
 
+VNET_DEFINE(int, ss_fltsz) = 1;
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, slowstart_flightsize, CTLFLAG_RW,
 	&VNET_NAME(ss_fltsz), 1,
 	"Slow start flight size");
 
+VNET_DEFINE(int, ss_fltsz_local) = 4;
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, local_slowstart_flightsize,
 	CTLFLAG_RW, &VNET_NAME(ss_fltsz_local), 1,
 	"Slow start flight size for local networks");
 
+VNET_DEFINE(int, tcp_do_newreno) = 1;
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, newreno, CTLFLAG_RW,
 	&VNET_NAME(tcp_do_newreno), 0,
 	"Enable NewReno Algorithms");
 
+VNET_DEFINE(int, tcp_do_tso) = 1;
+#define	V_tcp_do_tso		VNET(tcp_do_tso)
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, tso, CTLFLAG_RW,
 	&VNET_NAME(tcp_do_tso), 0,
 	"Enable TCP Segmentation Offload");
 
+VNET_DEFINE(int, tcp_do_autosndbuf) = 1;
+#define	V_tcp_do_autosndbuf	VNET(tcp_do_autosndbuf)
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, sendbuf_auto, CTLFLAG_RW,
 	&VNET_NAME(tcp_do_autosndbuf), 0,
 	"Enable automatic send buffer sizing");
 
+VNET_DEFINE(int, tcp_autosndbuf_inc) = 8*1024;
+#define	V_tcp_autosndbuf_inc	VNET(tcp_autosndbuf_inc)
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, sendbuf_inc, CTLFLAG_RW,
 	&VNET_NAME(tcp_autosndbuf_inc), 0,
 	"Incrementor step size of automatic send buffer");
 
+VNET_DEFINE(int, tcp_autosndbuf_max) = 256*1024;
+#define	V_tcp_autosndbuf_max	VNET(tcp_autosndbuf_max)
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, sendbuf_max, CTLFLAG_RW,
 	&VNET_NAME(tcp_autosndbuf_max), 0,
 	"Max size of automatic send buffer");
diff --git a/sys/netinet/tcp_reass.c b/sys/netinet/tcp_reass.c
index cd7eb1c..bfb53d3 100644
--- a/sys/netinet/tcp_reass.c
+++ b/sys/netinet/tcp_reass.c
@@ -74,30 +74,28 @@ __FBSDID("$FreeBSD$");
 #include <netinet/tcp_debug.h>
 #endif /* TCPDEBUG */
 
-static VNET_DEFINE(int, tcp_reass_maxseg);
-VNET_DEFINE(int, tcp_reass_qsize);
-static VNET_DEFINE(int, tcp_reass_maxqlen);
-static VNET_DEFINE(int, tcp_reass_overflows);
-
-#define	V_tcp_reass_maxseg		VNET(tcp_reass_maxseg)
-#define	V_tcp_reass_maxqlen		VNET(tcp_reass_maxqlen)
-#define	V_tcp_reass_overflows		VNET(tcp_reass_overflows)
-
 SYSCTL_NODE(_net_inet_tcp, OID_AUTO, reass, CTLFLAG_RW, 0,
     "TCP Segment Reassembly Queue");
 
+static VNET_DEFINE(int, tcp_reass_maxseg) = 0;
+#define	V_tcp_reass_maxseg		VNET(tcp_reass_maxseg)
 SYSCTL_VNET_INT(_net_inet_tcp_reass, OID_AUTO, maxsegments, CTLFLAG_RDTUN,
     &VNET_NAME(tcp_reass_maxseg), 0,
     "Global maximum number of TCP Segments in Reassembly Queue");
 
+VNET_DEFINE(int, tcp_reass_qsize) = 0;
 SYSCTL_VNET_INT(_net_inet_tcp_reass, OID_AUTO, cursegments, CTLFLAG_RD,
     &VNET_NAME(tcp_reass_qsize), 0,
     "Global number of TCP Segments currently in Reassembly Queue");
 
+static VNET_DEFINE(int, tcp_reass_maxqlen) = 48;
+#define	V_tcp_reass_maxqlen		VNET(tcp_reass_maxqlen)
 SYSCTL_VNET_INT(_net_inet_tcp_reass, OID_AUTO, maxqlen, CTLFLAG_RW,
     &VNET_NAME(tcp_reass_maxqlen), 0,
     "Maximum number of TCP Segments per individual Reassembly Queue");
 
+static VNET_DEFINE(int, tcp_reass_overflows) = 0;
+#define	V_tcp_reass_overflows		VNET(tcp_reass_overflows)
 SYSCTL_VNET_INT(_net_inet_tcp_reass, OID_AUTO, overflows, CTLFLAG_RD,
     &VNET_NAME(tcp_reass_overflows), 0,
     "Global number of TCP Segment Reassembly Queue Overflows");
@@ -117,11 +115,6 @@ void
 tcp_reass_init(void)
 {
 
-	V_tcp_reass_maxseg = 0;
-	V_tcp_reass_qsize = 0;
-	V_tcp_reass_maxqlen = 48;
-	V_tcp_reass_overflows = 0;
-
 	V_tcp_reass_maxseg = nmbclusters / 16;
 	TUNABLE_INT_FETCH("net.inet.tcp.reass.maxsegments",
 	    &V_tcp_reass_maxseg);
diff --git a/sys/netinet/tcp_sack.c b/sys/netinet/tcp_sack.c
index 06fb502..737c2b2 100644
--- a/sys/netinet/tcp_sack.c
+++ b/sys/netinet/tcp_sack.c
@@ -123,29 +123,28 @@ __FBSDID("$FreeBSD$");
 #include <machine/in_cksum.h>
 
 VNET_DECLARE(struct uma_zone *, sack_hole_zone);
-VNET_DEFINE(int, tcp_do_sack);
-VNET_DEFINE(int, tcp_sack_maxholes);
-VNET_DEFINE(int, tcp_sack_globalmaxholes);
-VNET_DEFINE(int, tcp_sack_globalholes);
-
 #define	V_sack_hole_zone		VNET(sack_hole_zone)
-#define	V_tcp_do_sack			VNET(tcp_do_sack)
-#define	V_tcp_sack_maxholes		VNET(tcp_sack_maxholes)
-#define	V_tcp_sack_globalmaxholes	VNET(tcp_sack_globalmaxholes)
-#define	V_tcp_sack_globalholes		VNET(tcp_sack_globalholes)
 
 SYSCTL_NODE(_net_inet_tcp, OID_AUTO, sack, CTLFLAG_RW, 0, "TCP SACK");
+VNET_DEFINE(int, tcp_do_sack) = 1;
+#define	V_tcp_do_sack			VNET(tcp_do_sack)
 SYSCTL_VNET_INT(_net_inet_tcp_sack, OID_AUTO, enable, CTLFLAG_RW,
     &VNET_NAME(tcp_do_sack), 0, "Enable/Disable TCP SACK support");
 
+VNET_DEFINE(int, tcp_sack_maxholes) = 128;
+#define	V_tcp_sack_maxholes		VNET(tcp_sack_maxholes)
 SYSCTL_VNET_INT(_net_inet_tcp_sack, OID_AUTO, maxholes, CTLFLAG_RW,
     &VNET_NAME(tcp_sack_maxholes), 0,
     "Maximum number of TCP SACK holes allowed per connection");
 
+VNET_DEFINE(int, tcp_sack_globalmaxholes) = 65536;
+#define	V_tcp_sack_globalmaxholes	VNET(tcp_sack_globalmaxholes)
 SYSCTL_VNET_INT(_net_inet_tcp_sack, OID_AUTO, globalmaxholes, CTLFLAG_RW,
     &VNET_NAME(tcp_sack_globalmaxholes), 0, 
     "Global maximum number of TCP SACK holes");
 
+VNET_DEFINE(int, tcp_sack_globalholes) = 0;
+#define	V_tcp_sack_globalholes		VNET(tcp_sack_globalholes)
 SYSCTL_VNET_INT(_net_inet_tcp_sack, OID_AUTO, globalholes, CTLFLAG_RD,
     &VNET_NAME(tcp_sack_globalholes), 0,
     "Global number of TCP SACK holes currently allocated");
diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
index 9ec434c..43ed1e4 100644
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@@ -111,28 +111,10 @@ __FBSDID("$FreeBSD$");
 
 #include <security/mac/mac_framework.h>
 
-VNET_DEFINE(int, tcp_mssdflt);
+VNET_DEFINE(int, tcp_mssdflt) = TCP_MSS;
 #ifdef INET6
-VNET_DEFINE(int, tcp_v6mssdflt);
+VNET_DEFINE(int, tcp_v6mssdflt) = TCP6_MSS;
 #endif
-VNET_DEFINE(int, tcp_minmss);
-VNET_DEFINE(int, tcp_do_rfc1323);
-
-static VNET_DEFINE(int, icmp_may_rst);
-static VNET_DEFINE(int, tcp_isn_reseed_interval);
-static VNET_DEFINE(int, tcp_inflight_enable);
-static VNET_DEFINE(int, tcp_inflight_rttthresh);
-static VNET_DEFINE(int, tcp_inflight_min);
-static VNET_DEFINE(int, tcp_inflight_max);
-static VNET_DEFINE(int, tcp_inflight_stab);
-
-#define	V_icmp_may_rst			VNET(icmp_may_rst)
-#define	V_tcp_isn_reseed_interval	VNET(tcp_isn_reseed_interval)
-#define	V_tcp_inflight_enable		VNET(tcp_inflight_enable)
-#define	V_tcp_inflight_rttthresh	VNET(tcp_inflight_rttthresh)
-#define	V_tcp_inflight_min		VNET(tcp_inflight_min)
-#define	V_tcp_inflight_max		VNET(tcp_inflight_max)
-#define	V_tcp_inflight_stab		VNET(tcp_inflight_stab)
 
 static int
 sysctl_net_inet_tcp_mss_check(SYSCTL_HANDLER_ARGS)
@@ -194,10 +176,12 @@ vnet_sysctl_msec_to_ticks(SYSCTL_HANDLER_ARGS)
  * with packet generation and sending. Set to zero to disable MINMSS
  * checking. This setting prevents us from sending too small packets.
  */
+VNET_DEFINE(int, tcp_minmss) = TCP_MINMSS;
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, minmss, CTLFLAG_RW,
      &VNET_NAME(tcp_minmss), 0,
     "Minmum TCP Maximum Segment Size");
 
+VNET_DEFINE(int, tcp_do_rfc1323) = 1;
 SYSCTL_VNET_INT(_net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323, CTLFLAG_RW,
     &VNET_NAME(tcp_do_rfc1323), 0,
     "Enable rfc1323 (high performance TCP) extensions");
@@ -217,10 +201,14 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, do_tcpdrain, CTLFLAG_RW, &do_tcpdrain, 0,
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, pcbcount, CTLFLAG_RD,
     &VNET_NAME(tcbinfo.ipi_count), 0, "Number of active PCBs");
 
+static VNET_DEFINE(int, icmp_may_rst) = 1;
+#define	V_icmp_may_rst			VNET(icmp_may_rst)
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, icmp_may_rst, CTLFLAG_RW,
     &VNET_NAME(icmp_may_rst), 0,
     "Certain ICMP unreachable messages may abort connections in SYN_SENT");
 
+static VNET_DEFINE(int, tcp_isn_reseed_interval) = 0;
+#define	V_tcp_isn_reseed_interval	VNET(tcp_isn_reseed_interval)
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, isn_reseed_interval, CTLFLAG_RW,
     &VNET_NAME(tcp_isn_reseed_interval), 0,
     "Seconds between reseeding of ISN secret");
@@ -233,6 +221,8 @@ SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, isn_reseed_interval, CTLFLAG_RW,
 SYSCTL_NODE(_net_inet_tcp, OID_AUTO, inflight, CTLFLAG_RW, 0,
     "TCP inflight data limiting");
 
+static VNET_DEFINE(int, tcp_inflight_enable) = 1;
+#define	V_tcp_inflight_enable		VNET(tcp_inflight_enable)
 SYSCTL_VNET_INT(_net_inet_tcp_inflight, OID_AUTO, enable, CTLFLAG_RW,
     &VNET_NAME(tcp_inflight_enable), 0,
     "Enable automatic TCP inflight data limiting");
@@ -242,19 +232,27 @@ SYSCTL_INT(_net_inet_tcp_inflight, OID_AUTO, debug, CTLFLAG_RW,
     &tcp_inflight_debug, 0,
     "Debug TCP inflight calculations");
 
+static VNET_DEFINE(int, tcp_inflight_rttthresh);
+#define	V_tcp_inflight_rttthresh	VNET(tcp_inflight_rttthresh)
 SYSCTL_VNET_PROC(_net_inet_tcp_inflight, OID_AUTO, rttthresh,
     CTLTYPE_INT|CTLFLAG_RW, &VNET_NAME(tcp_inflight_rttthresh), 0,
     vnet_sysctl_msec_to_ticks, "I",
     "RTT threshold below which inflight will deactivate itself");
 
+static VNET_DEFINE(int, tcp_inflight_min) = 6144;
+#define	V_tcp_inflight_min		VNET(tcp_inflight_min)
 SYSCTL_VNET_INT(_net_inet_tcp_inflight, OID_AUTO, min, CTLFLAG_RW,
     &VNET_NAME(tcp_inflight_min), 0,
     "Lower-bound for TCP inflight window");
 
+static VNET_DEFINE(int, tcp_inflight_max) = TCP_MAXWIN << TCP_MAX_WINSHIFT;
+#define	V_tcp_inflight_max		VNET(tcp_inflight_max)
 SYSCTL_VNET_INT(_net_inet_tcp_inflight, OID_AUTO, max, CTLFLAG_RW,
     &VNET_NAME(tcp_inflight_max), 0,
     "Upper-bound for TCP inflight window");
 
+static VNET_DEFINE(int, tcp_inflight_stab) = 20;
+#define	V_tcp_inflight_stab		VNET(tcp_inflight_stab)
 SYSCTL_VNET_INT(_net_inet_tcp_inflight, OID_AUTO, stab, CTLFLAG_RW,
     &VNET_NAME(tcp_inflight_stab), 0,
     "Inflight Algorithm Stabilization 20 = 2 packets");
@@ -329,53 +327,6 @@ tcp_init(void)
 {
 	int hashsize;
 
-	V_blackhole = 0;
-	V_tcp_delack_enabled = 1;
-	V_drop_synfin = 0;
-	V_tcp_do_rfc3042 = 1;
-	V_tcp_do_rfc3390 = 1;
-	V_tcp_do_ecn = 0;
-	V_tcp_ecn_maxretries = 1;
-	V_tcp_insecure_rst = 0;
-	V_tcp_do_autorcvbuf = 1;
-	V_tcp_autorcvbuf_inc = 16*1024;
-	V_tcp_autorcvbuf_max = 256*1024;
-	V_tcp_do_rfc3465 = 1;
-	V_tcp_abc_l_var = 2;
-
-	V_tcp_mssdflt = TCP_MSS;
-#ifdef INET6
-	V_tcp_v6mssdflt = TCP6_MSS;
-#endif
-	V_tcp_minmss = TCP_MINMSS;
-	V_tcp_do_rfc1323 = 1;
-	V_icmp_may_rst = 1;
-	V_tcp_isn_reseed_interval = 0;
-	V_tcp_inflight_enable = 1;
-	V_tcp_inflight_min = 6144;
-	V_tcp_inflight_max = TCP_MAXWIN << TCP_MAX_WINSHIFT;
-	V_tcp_inflight_stab = 20;
-
-	V_path_mtu_discovery = 1;
-	V_ss_fltsz = 1;
-	V_ss_fltsz_local = 4;
-	V_tcp_do_newreno = 1;
-	V_tcp_do_tso = 1;
-	V_tcp_do_autosndbuf = 1;
-	V_tcp_autosndbuf_inc = 8*1024;
-	V_tcp_autosndbuf_max = 256*1024;
-
-	V_nolocaltimewait = 0;
-
-	V_tcp_do_sack = 1;
-	V_tcp_sack_maxholes = 128;
-	V_tcp_sack_globalmaxholes = 65536;
-	V_tcp_sack_globalholes = 0;
-
-	V_tcp_inflight_rttthresh = TCPTV_INFLIGHT_RTTTHRESH;
-
-	TUNABLE_INT_FETCH("net.inet.tcp.sack.enable", &V_tcp_do_sack);
-
 	hashsize = TCBHASHSIZE;
 	TUNABLE_INT_FETCH("net.inet.tcp.tcbhashsize", &hashsize);
 	if (!powerof2(hashsize)) {
@@ -385,16 +336,21 @@ tcp_init(void)
 	in_pcbinfo_init(&V_tcbinfo, "tcp", &V_tcb, hashsize, hashsize,
 	    "tcp_inpcb", tcp_inpcb_init, NULL, UMA_ZONE_NOFREE);
 
+	V_tcp_inflight_rttthresh = TCPTV_INFLIGHT_RTTTHRESH;
+
 	/*
 	 * These have to be type stable for the benefit of the timers.
 	 */
 	V_tcpcb_zone = uma_zcreate("tcpcb", sizeof(struct tcpcb_mem),
 	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE);
 	uma_zone_set_max(V_tcpcb_zone, maxsockets);
+
 	tcp_tw_init();
 	syncache_init();
 	tcp_hc_init();
 	tcp_reass_init();
+
+	TUNABLE_INT_FETCH("net.inet.tcp.sack.enable", &V_tcp_do_sack);
 	V_sack_hole_zone = uma_zcreate("sackhole", sizeof(struct sackhole),
 	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE);
 
diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c
index 4d9d487..c47493c 100644
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@@ -97,19 +97,14 @@ __FBSDID("$FreeBSD$");
 
 #include <security/mac/mac_framework.h>
 
-static VNET_DEFINE(struct tcp_syncache, tcp_syncache);
-static VNET_DEFINE(int, tcp_syncookies);
-static VNET_DEFINE(int, tcp_syncookiesonly);
-VNET_DEFINE(int, tcp_sc_rst_sock_fail);
-
-#define	V_tcp_syncache			VNET(tcp_syncache)
+static VNET_DEFINE(int, tcp_syncookies) = 1;
 #define	V_tcp_syncookies		VNET(tcp_syncookies)
-#define	V_tcp_syncookiesonly		VNET(tcp_syncookiesonly)
-
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, syncookies, CTLFLAG_RW,
     &VNET_NAME(tcp_syncookies), 0,
     "Use TCP SYN cookies if the syncache overflows");
 
+static VNET_DEFINE(int, tcp_syncookiesonly) = 0;
+#define	V_tcp_syncookiesonly		VNET(tcp_syncookiesonly)
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, syncookies_only, CTLFLAG_RW,
     &VNET_NAME(tcp_syncookiesonly), 0,
     "Use only TCP SYN cookies");
@@ -148,6 +143,9 @@ static struct syncache
 #define TCP_SYNCACHE_HASHSIZE		512
 #define TCP_SYNCACHE_BUCKETLIMIT	30
 
+static VNET_DEFINE(struct tcp_syncache, tcp_syncache);
+#define	V_tcp_syncache			VNET(tcp_syncache)
+
 SYSCTL_NODE(_net_inet_tcp, OID_AUTO, syncache, CTLFLAG_RW, 0, "TCP SYN cache");
 
 SYSCTL_VNET_INT(_net_inet_tcp_syncache, OID_AUTO, bucketlimit, CTLFLAG_RDTUN,
@@ -170,6 +168,7 @@ SYSCTL_VNET_INT(_net_inet_tcp_syncache, OID_AUTO, rexmtlimit, CTLFLAG_RW,
     &VNET_NAME(tcp_syncache.rexmt_limit), 0,
     "Limit on SYN/ACK retransmissions");
 
+VNET_DEFINE(int, tcp_sc_rst_sock_fail) = 1;
 SYSCTL_VNET_INT(_net_inet_tcp_syncache, OID_AUTO, rst_on_sock_fail,
     CTLFLAG_RW, &VNET_NAME(tcp_sc_rst_sock_fail), 0,
     "Send reset on socket allocation failure");
@@ -224,10 +223,6 @@ syncache_init(void)
 {
 	int i;
 
-	V_tcp_syncookies = 1;
-	V_tcp_syncookiesonly = 0;
-	V_tcp_sc_rst_sock_fail = 1;
-
 	V_tcp_syncache.cache_count = 0;
 	V_tcp_syncache.hashsize = TCP_SYNCACHE_HASHSIZE;
 	V_tcp_syncache.bucket_limit = TCP_SYNCACHE_BUCKETLIMIT;
diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c
index 6e5b013..42df4fe 100644
--- a/sys/netinet/tcp_timewait.c
+++ b/sys/netinet/tcp_timewait.c
@@ -92,6 +92,8 @@ __FBSDID("$FreeBSD$");
 
 #include <security/mac/mac_framework.h>
 
+static VNET_DEFINE(uma_zone_t, tcptw_zone);
+#define	V_tcptw_zone			VNET(tcptw_zone)
 static int	maxtcptw;
 
 /*
@@ -100,11 +102,7 @@ static int	maxtcptw;
  * queue pointers in each tcptw structure, are protected using the global
  * tcbinfo lock, which must be held over queue iteration and modification.
  */
-static VNET_DEFINE(uma_zone_t, tcptw_zone);
 static VNET_DEFINE(TAILQ_HEAD(, tcptw), twq_2msl);
-VNET_DEFINE(int, nolocaltimewait);
-
-#define	V_tcptw_zone			VNET(tcptw_zone)
 #define	V_twq_2msl			VNET(twq_2msl)
 
 static void	tcp_tw_2msl_reset(struct tcptw *, int);
@@ -149,6 +147,8 @@ SYSCTL_PROC(_net_inet_tcp, OID_AUTO, maxtcptw, CTLTYPE_INT|CTLFLAG_RW,
     &maxtcptw, 0, sysctl_maxtcptw, "IU",
     "Maximum number of compressed TCP TIME_WAIT entries");
 
+VNET_DEFINE(int, nolocaltimewait) = 0;
+#define	V_nolocaltimewait	VNET(nolocaltimewait)
 SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, nolocaltimewait, CTLFLAG_RW,
     &VNET_NAME(nolocaltimewait), 0,
     "Do not create compressed TCP TIME_WAIT entries for local connections");
diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h
index 3a59eee..5811439 100644
--- a/sys/netinet/tcp_var.h
+++ b/sys/netinet/tcp_var.h
@@ -42,12 +42,12 @@
  * Kernel variables for tcp.
  */
 VNET_DECLARE(int, tcp_do_rfc1323);
+#define	V_tcp_do_rfc1323	VNET(tcp_do_rfc1323)
+
 VNET_DECLARE(int, tcp_reass_qsize);
 VNET_DECLARE(struct uma_zone *, tcp_reass_zone);
-#define	V_tcp_do_rfc1323	VNET(tcp_do_rfc1323)
 #define	V_tcp_reass_qsize	VNET(tcp_reass_qsize)
 #define	V_tcp_reass_zone	VNET(tcp_reass_zone)
-
 #endif /* _KERNEL */
 
 /* TCP segment queue entry */
@@ -558,11 +558,10 @@ SYSCTL_DECL(_net_inet_tcp_sack);
 MALLOC_DECLARE(M_TCPLOG);
 #endif
 
-extern	int tcp_log_in_vain;
-
 VNET_DECLARE(struct inpcbhead, tcb);		/* queue of active tcpcb's */
 VNET_DECLARE(struct inpcbinfo, tcbinfo);
 VNET_DECLARE(struct tcpstat, tcpstat);		/* tcp statistics */
+extern	int tcp_log_in_vain;
 VNET_DECLARE(int, tcp_mssdflt);	/* XXX */
 VNET_DECLARE(int, tcp_minmss);
 VNET_DECLARE(int, tcp_delack_enabled);
@@ -570,7 +569,6 @@ VNET_DECLARE(int, tcp_do_newreno);
 VNET_DECLARE(int, path_mtu_discovery);
 VNET_DECLARE(int, ss_fltsz);
 VNET_DECLARE(int, ss_fltsz_local);
-
 #define	V_tcb			VNET(tcb)
 #define	V_tcbinfo		VNET(tcbinfo)
 #define	V_tcpstat		VNET(tcpstat)
@@ -582,55 +580,13 @@ VNET_DECLARE(int, ss_fltsz_local);
 #define	V_ss_fltsz		VNET(ss_fltsz)
 #define	V_ss_fltsz_local	VNET(ss_fltsz_local)
 
-VNET_DECLARE(int, blackhole);
-VNET_DECLARE(int, drop_synfin);
-VNET_DECLARE(int, tcp_do_rfc3042);
-VNET_DECLARE(int, tcp_do_rfc3390);
-VNET_DECLARE(int, tcp_insecure_rst);
-VNET_DECLARE(int, tcp_do_autorcvbuf);
-VNET_DECLARE(int, tcp_autorcvbuf_inc);
-VNET_DECLARE(int, tcp_autorcvbuf_max);
-VNET_DECLARE(int, tcp_do_rfc3465);
-VNET_DECLARE(int, tcp_abc_l_var);
-
-#define	V_blackhole		VNET(blackhole)
-#define	V_drop_synfin		VNET(drop_synfin)
-#define	V_tcp_do_rfc3042	VNET(tcp_do_rfc3042)
-#define	V_tcp_do_rfc3390	VNET(tcp_do_rfc3390)
-#define	V_tcp_insecure_rst	VNET(tcp_insecure_rst)
-#define	V_tcp_do_autorcvbuf	VNET(tcp_do_autorcvbuf)
-#define	V_tcp_autorcvbuf_inc	VNET(tcp_autorcvbuf_inc)
-#define	V_tcp_autorcvbuf_max	VNET(tcp_autorcvbuf_max)
-#define	V_tcp_do_rfc3465	VNET(tcp_do_rfc3465)
-#define	V_tcp_abc_l_var		VNET(tcp_abc_l_var)
-
-VNET_DECLARE(int, tcp_do_tso);
-VNET_DECLARE(int, tcp_do_autosndbuf);
-VNET_DECLARE(int, tcp_autosndbuf_inc);
-VNET_DECLARE(int, tcp_autosndbuf_max);
-
-#define	V_tcp_do_tso		VNET(tcp_do_tso)
-#define	V_tcp_do_autosndbuf	VNET(tcp_do_autosndbuf)
-#define	V_tcp_autosndbuf_inc	VNET(tcp_autosndbuf_inc)
-#define	V_tcp_autosndbuf_max	VNET(tcp_autosndbuf_max)
-
-VNET_DECLARE(int, nolocaltimewait);
-
-#define	V_nolocaltimewait	VNET(nolocaltimewait)
-
 VNET_DECLARE(int, tcp_do_sack);			/* SACK enabled/disabled */
-VNET_DECLARE(int, tcp_sack_maxholes);
-VNET_DECLARE(int, tcp_sack_globalmaxholes);
-VNET_DECLARE(int, tcp_sack_globalholes);
 VNET_DECLARE(int, tcp_sc_rst_sock_fail);	/* RST on sock alloc failure */
-VNET_DECLARE(int, tcp_do_ecn);			/* TCP ECN enabled/disabled */
-VNET_DECLARE(int, tcp_ecn_maxretries);
-
 #define	V_tcp_do_sack		VNET(tcp_do_sack)
-#define	V_tcp_sack_maxholes	VNET(tcp_sack_maxholes)
-#define	V_tcp_sack_globalmaxholes	VNET(tcp_sack_globalmaxholes)
-#define	V_tcp_sack_globalholes	VNET(tcp_sack_globalholes)
 #define	V_tcp_sc_rst_sock_fail	VNET(tcp_sc_rst_sock_fail)
+
+VNET_DECLARE(int, tcp_do_ecn);			/* TCP ECN enabled/disabled */
+VNET_DECLARE(int, tcp_ecn_maxretries);
 #define	V_tcp_do_ecn		VNET(tcp_do_ecn)
 #define	V_tcp_ecn_maxretries	VNET(tcp_ecn_maxretries)
 
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index 0d8e04d..4541038 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -94,8 +94,6 @@ __FBSDID("$FreeBSD$");
  * Per RFC 768, August, 1980.
  */
 
-VNET_DEFINE(int, udp_blackhole);
-
 /*
  * BSD 4.2 defaulted the udp checksum to be off.  Turning off udp checksums
  * removes the only data integrity mechanism for packets and malformed
@@ -110,6 +108,7 @@ int	udp_log_in_vain = 0;
 SYSCTL_INT(_net_inet_udp, OID_AUTO, log_in_vain, CTLFLAG_RW,
     &udp_log_in_vain, 0, "Log all incoming UDP packets");
 
+VNET_DEFINE(int, udp_blackhole) = 0;
 SYSCTL_VNET_INT(_net_inet_udp, OID_AUTO, blackhole, CTLFLAG_RW,
     &VNET_NAME(udp_blackhole), 0,
     "Do not send port unreachables for refused connects");
@@ -133,14 +132,13 @@ SYSCTL_ULONG(_net_inet_udp, UDPCTL_RECVSPACE, recvspace, CTLFLAG_RW,
 VNET_DEFINE(struct inpcbhead, udb);		/* from udp_var.h */
 VNET_DEFINE(struct inpcbinfo, udbinfo);
 static VNET_DEFINE(uma_zone_t, udpcb_zone);
-VNET_DEFINE(struct udpstat, udpstat);		/* from udp_var.h */
-
 #define	V_udpcb_zone			VNET(udpcb_zone)
 
 #ifndef UDBHASHSIZE
 #define	UDBHASHSIZE	128
 #endif
 
+VNET_DEFINE(struct udpstat, udpstat);		/* from udp_var.h */
 SYSCTL_VNET_STRUCT(_net_inet_udp, UDPCTL_STATS, stats, CTLFLAG_RW,
     &VNET_NAME(udpstat), udpstat,
     "UDP statistics (struct udpstat, netinet/udp_var.h)");
@@ -179,7 +177,6 @@ void
 udp_init(void)
 {
 
-	V_udp_blackhole = 0;
 	in_pcbinfo_init(&V_udbinfo, "udp", &V_udb, UDBHASHSIZE, UDBHASHSIZE,
 	    "udp_inpcb", udp_inpcb_init, NULL, UMA_ZONE_NOFREE);
 	V_udpcb_zone = uma_zcreate("udpcb", sizeof(struct udpcb),
diff --git a/sys/netinet/udp_var.h b/sys/netinet/udp_var.h
index b8d994c..aa7ee47 100644
--- a/sys/netinet/udp_var.h
+++ b/sys/netinet/udp_var.h
@@ -129,19 +129,17 @@ void	kmod_udpstat_inc(int statnum);
 SYSCTL_DECL(_net_inet_udp);
 
 extern struct pr_usrreqs	udp_usrreqs;
-
 VNET_DECLARE(struct inpcbhead, udb);
 VNET_DECLARE(struct inpcbinfo, udbinfo);
-VNET_DECLARE(struct udpstat, udpstat);
-VNET_DECLARE(int, udp_blackhole);
-
 #define	V_udb			VNET(udb)
 #define	V_udbinfo		VNET(udbinfo)
-#define	V_udpstat		VNET(udpstat)
-#define	V_udp_blackhole		VNET(udp_blackhole)
 
 extern u_long			udp_sendspace;
 extern u_long			udp_recvspace;
+VNET_DECLARE(struct udpstat, udpstat);
+VNET_DECLARE(int, udp_blackhole);
+#define	V_udpstat		VNET(udpstat)
+#define	V_udp_blackhole		VNET(udp_blackhole)
 extern int			udp_log_in_vain;
 
 int		 udp_newudpcb(struct inpcb *);
author	bz <bz@FreeBSD.org>	2010-04-29 11:52:42 +0000
committer	bz <bz@FreeBSD.org>	2010-04-29 11:52:42 +0000
commit	0a90ef17283bc848eee90c3bdd5bec3fcc1bc879 (patch)
tree	e6f9695e24617b291f2a8f0b1f388eda2e605549 /sys/netinet
parent	043deeb56455e1129861bf93ec57f03b90200344 (diff)
download	FreeBSD-src-0a90ef17283bc848eee90c3bdd5bec3fcc1bc879.zip FreeBSD-src-0a90ef17283bc848eee90c3bdd5bec3fcc1bc879.tar.gz