diff options
| author | zec <zec@FreeBSD.org> | 2008-10-02 15:37:58 +0000 |
|---|---|---|
| committer | zec <zec@FreeBSD.org> | 2008-10-02 15:37:58 +0000 |
| commit | 8797d4caecd5881e312923ee1d07be3de68755dc (patch) | |
| tree | 53fef93d1ff076abec439159e0a765427992dee1 /sys | |
| parent | e682bfadb0a191a81290af2b846d8610ef3aff5c (diff) | |
| download | FreeBSD-src-8797d4caecd5881e312923ee1d07be3de68755dc.zip FreeBSD-src-8797d4caecd5881e312923ee1d07be3de68755dc.tar.gz | |
Step 1.5 of importing the network stack virtualization infrastructure
from the vimage project, as per plan established at devsummit 08/08:
http://wiki.freebsd.org/Image/Notes200808DevSummit
Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator
macros, and CURVNET_SET() context setting macros, all currently
resolving to NOPs.
Prepare for virtualization of selected SYSCTL objects by introducing a
family of SYSCTL_V_*() macros, currently resolving to their global
counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT().
Move selected #defines from sys/sys/vimage.h to newly introduced header
files specific to virtualized subsystems (sys/net/vnet.h,
sys/netinet/vinet.h etc.).
All the changes are verified to have zero functional impact at this
point in time by doing MD5 comparision between pre- and post-change
object files(*).
(*) netipsec/keysock.c did not validate depending on compile time options.
Implemented by: julian, bz, brooks, zec
Reviewed by: julian, bz, brooks, kris, rwatson, ...
Approved by: julian (mentor)
Obtained from: //depot/projects/vimage-commit2/...
X-MFC after: never
Sponsored by: NLnet Foundation, The FreeBSD Foundation
Diffstat (limited to 'sys')
125 files changed, 2728 insertions, 901 deletions
diff --git a/sys/compat/linprocfs/linprocfs.c b/sys/compat/linprocfs/linprocfs.c index ef2c90e..e183486 100644 --- a/sys/compat/linprocfs/linprocfs.c +++ b/sys/compat/linprocfs/linprocfs.c @@ -1001,6 +1001,7 @@ linprocfs_doprocmaps(PFS_FILL_ARGS) static int linprocfs_donetdev(PFS_FILL_ARGS) { + INIT_VNET_NET(TD_TO_VNET(curthread)); char ifname[16]; /* XXX LINUX_IFNAMSIZ */ struct ifnet *ifp; diff --git a/sys/compat/linux/linux_ioctl.c b/sys/compat/linux/linux_ioctl.c index 9979a0c..9f16817 100644 --- a/sys/compat/linux/linux_ioctl.c +++ b/sys/compat/linux/linux_ioctl.c @@ -2051,6 +2051,7 @@ linux_ioctl_console(struct thread *td, struct linux_ioctl_args *args) int linux_ifname(struct ifnet *ifp, char *buffer, size_t buflen) { + INIT_VNET_NET(ifp->if_vnet); struct ifnet *ifscan; int ethno; @@ -2084,6 +2085,7 @@ linux_ifname(struct ifnet *ifp, char *buffer, size_t buflen) static struct ifnet * ifname_linux_to_bsd(const char *lxname, char *bsdname) { + INIT_VNET_NET(TD_TO_VNET(curthread)); struct ifnet *ifp; int len, unit; char *ep; @@ -2124,6 +2126,7 @@ ifname_linux_to_bsd(const char *lxname, char *bsdname) static int linux_ifconf(struct thread *td, struct ifconf *uifc) { + INIT_VNET_NET(TD_TO_VNET(td)); #ifdef COMPAT_LINUX32 struct l_ifconf ifc; #else diff --git a/sys/compat/linux/linux_misc.c b/sys/compat/linux/linux_misc.c index ea04f3f..47d7d3f 100644 --- a/sys/compat/linux/linux_misc.c +++ b/sys/compat/linux/linux_misc.c @@ -707,6 +707,7 @@ linux_times(struct thread *td, struct linux_times_args *args) int linux_newuname(struct thread *td, struct linux_newuname_args *args) { + INIT_VPROCG(TD_TO_VPROCG(td)); struct l_new_utsname utsname; char osname[LINUX_MAX_UTSNAME]; char osrelease[LINUX_MAX_UTSNAME]; diff --git a/sys/compat/linux/linux_socket.c b/sys/compat/linux/linux_socket.c index b976fd4..24a7a81 100644 --- a/sys/compat/linux/linux_socket.c +++ b/sys/compat/linux/linux_socket.c @@ -546,6 +546,9 @@ struct linux_socket_args { static int linux_socket(struct thread *td, struct linux_socket_args *args) { +#ifdef INET6 + INIT_VNET_INET6(curvnet); +#endif struct socket_args /* { int domain; int type; diff --git a/sys/compat/svr4/svr4_sockio.c b/sys/compat/svr4/svr4_sockio.c index fb094d0..b1fcd3e 100644 --- a/sys/compat/svr4/svr4_sockio.c +++ b/sys/compat/svr4/svr4_sockio.c @@ -88,6 +88,7 @@ svr4_sock_ioctl(fp, td, retval, fd, cmd, data) switch (cmd) { case SVR4_SIOCGIFNUM: { + INIT_VNET_NET(curvnet); struct ifnet *ifp; struct ifaddr *ifa; int ifnum = 0; diff --git a/sys/contrib/ipfilter/netinet/ip_auth.c b/sys/contrib/ipfilter/netinet/ip_auth.c index 42d29d4..19a12f4 100644 --- a/sys/contrib/ipfilter/netinet/ip_auth.c +++ b/sys/contrib/ipfilter/netinet/ip_auth.c @@ -70,6 +70,11 @@ struct file; #include <netinet/in.h> #include <netinet/in_systm.h> #include <netinet/ip.h> +#if !defined(_KERNEL) && defined(__FreeBSD_version) && \ + __FreeBSD_version >= 800049 +# define V_ip_do_randomid ip_do_randomid +# define V_ip_id ip_id +#endif #if !defined(_KERNEL) && !defined(__osf__) && !defined(__sgi) # define KERNEL # define _KERNEL diff --git a/sys/contrib/pf/net/pf.c b/sys/contrib/pf/net/pf.c index 35488ea..c1011be 100644 --- a/sys/contrib/pf/net/pf.c +++ b/sys/contrib/pf/net/pf.c @@ -1759,6 +1759,7 @@ pf_send_tcp(const struct pf_rule *r, sa_family_t af, u_int8_t flags, u_int16_t win, u_int16_t mss, u_int8_t ttl, int tag, u_int16_t rtag, struct ether_header *eh, struct ifnet *ifp) { + INIT_VNET_INET(curvnet); struct mbuf *m; int len, tlen; #ifdef INET @@ -2922,6 +2923,7 @@ pf_socket_lookup(int direction, struct pf_pdesc *pd, struct inpcb *inp_arg) pf_socket_lookup(int direction, struct pf_pdesc *pd) #endif { + INIT_VNET_INET(curvnet); struct pf_addr *saddr, *daddr; u_int16_t sport, dport; #ifdef __FreeBSD__ @@ -3101,6 +3103,7 @@ pf_get_wscale(struct mbuf *m, int off, u_int16_t th_off, sa_family_t af) u_int16_t pf_get_mss(struct mbuf *m, int off, u_int16_t th_off, sa_family_t af) { + INIT_VNET_INET(curvnet); int hlen; u_int8_t hdr[60]; u_int8_t *opt, optlen; @@ -3140,6 +3143,7 @@ u_int16_t pf_calc_mss(struct pf_addr *addr, sa_family_t af, u_int16_t offer) { #ifdef INET + INIT_VNET_INET(curvnet); struct sockaddr_in *dst; struct route ro; #endif /* INET */ @@ -3242,6 +3246,7 @@ pf_test_tcp(struct pf_rule **rm, struct pf_state **sm, int direction, struct ifqueue *ifq) #endif { + INIT_VNET_INET(curvnet); struct pf_rule *nr = NULL; struct pf_addr *saddr = pd->src, *daddr = pd->dst; struct tcphdr *th = pd->hdr.tcp; @@ -6096,6 +6101,7 @@ void pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, struct pf_state *s, struct pf_pdesc *pd) { + INIT_VNET_INET(curvnet); struct mbuf *m0, *m1; struct route iproute; struct route *ro = NULL; @@ -6633,18 +6639,30 @@ pf_check_proto_cksum(struct mbuf *m, int off, int len, u_int8_t p, sa_family_t a if (sum) { switch (p) { case IPPROTO_TCP: + { + INIT_VNET_INET(curvnet); V_tcpstat.tcps_rcvbadsum++; break; + } case IPPROTO_UDP: + { + INIT_VNET_INET(curvnet); V_udpstat.udps_badsum++; break; + } case IPPROTO_ICMP: + { + INIT_VNET_INET(curvnet); V_icmpstat.icps_checksum++; break; + } #ifdef INET6 case IPPROTO_ICMPV6: + { + INIT_VNET_INET6(curvnet); V_icmp6stat.icp6s_checksum++; break; + } #endif /* INET6 */ } return (1); diff --git a/sys/contrib/pf/net/pf_if.c b/sys/contrib/pf/net/pf_if.c index fd42dc7..299d9e6 100644 --- a/sys/contrib/pf/net/pf_if.c +++ b/sys/contrib/pf/net/pf_if.c @@ -122,6 +122,8 @@ RB_GENERATE(pfi_ifhead, pfi_kif, pfik_tree, pfi_if_compare); void pfi_initialize(void) { + INIT_VNET_NET(curvnet); + if (pfi_all != NULL) /* already initialized */ return; diff --git a/sys/contrib/pf/net/pf_ioctl.c b/sys/contrib/pf/net/pf_ioctl.c index 9b35443..286fc31 100644 --- a/sys/contrib/pf/net/pf_ioctl.c +++ b/sys/contrib/pf/net/pf_ioctl.c @@ -3704,6 +3704,8 @@ static int pf_check6_in(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, struct inpcb *inp) { + INIT_VNET_NET(curvnet); + /* * IPv6 is not affected by ip_len/ip_off byte order changes. */ diff --git a/sys/contrib/pf/net/pf_subr.c b/sys/contrib/pf/net/pf_subr.c index f8550c7..5ea4b71 100644 --- a/sys/contrib/pf/net/pf_subr.c +++ b/sys/contrib/pf/net/pf_subr.c @@ -123,6 +123,7 @@ static MD5_CTX isn_ctx; u_int32_t pf_new_isn(struct pf_state *s) { + INIT_VNET_INET(curvnet); u_int32_t md5_buffer[4]; u_int32_t new_isn; struct pf_state_host *src, *dst; diff --git a/sys/contrib/pf/net/pfvar.h b/sys/contrib/pf/net/pfvar.h index bd75bfc..b12d389 100644 --- a/sys/contrib/pf/net/pfvar.h +++ b/sys/contrib/pf/net/pfvar.h @@ -1855,5 +1855,12 @@ int pf_osfp_match(struct pf_osfp_enlist *, pf_osfp_t); struct pf_os_fingerprint * pf_osfp_validate(void); +/* + * Symbol translation macros + */ +#define INIT_VNET_PF(vnet) \ + INIT_FROM_VNET(vnet, VNET_MOD_PF, struct vnet_pf, vnet_pf) + +#define VNET_PF(sym) VSYM(vnet_pf, sym) #endif /* _NET_PFVAR_H_ */ diff --git a/sys/contrib/rdma/rdma_cma.c b/sys/contrib/rdma/rdma_cma.c index fa93816..6b3c88d 100644 --- a/sys/contrib/rdma/rdma_cma.c +++ b/sys/contrib/rdma/rdma_cma.c @@ -48,6 +48,7 @@ __FBSDID("$FreeBSD$"); #include <sys/syslog.h> #include <sys/vimage.h> +#include <net/if.h> #include <netinet/in.h> #include <netinet/in_pcb.h> @@ -1947,6 +1948,7 @@ err1: static int cma_alloc_any_port(struct kvl *ps, struct rdma_id_private *id_priv) { + INIT_VNET_INET(curvnet); struct rdma_bind_list *bind_list; int port, ret; @@ -1991,6 +1993,7 @@ err1: static int cma_use_port(struct kvl *ps, struct rdma_id_private *id_priv) { + INIT_VNET_INET(curvnet); struct rdma_id_private *cur_id; struct sockaddr_in *sin, *cur_sin; struct rdma_bind_list *bind_list; @@ -2910,6 +2913,7 @@ static void cma_remove_one(struct ib_device *device) static int cma_init(void) { + INIT_VNET_INET(curvnet); int ret; LIST_INIT(&listen_any_list); diff --git a/sys/dev/cxgb/ulp/iw_cxgb/iw_cxgb.c b/sys/dev/cxgb/ulp/iw_cxgb/iw_cxgb.c index e41ce15..d2e3fe7 100644 --- a/sys/dev/cxgb/ulp/iw_cxgb/iw_cxgb.c +++ b/sys/dev/cxgb/ulp/iw_cxgb/iw_cxgb.c @@ -212,6 +212,7 @@ ifaddr_event_handler(void *arg, struct ifnet *ifp) static int iwch_init_module(void) { + VNET_ITERATOR_DECL(vnet_iter); int err; struct ifnet *ifp; @@ -233,9 +234,15 @@ iwch_init_module(void) /* Register existing TOE interfaces by walking the ifnet chain */ IFNET_RLOCK(); - TAILQ_FOREACH(ifp, &V_ifnet, if_link) { - (void)ifaddr_event_handler(NULL, ifp); + VNET_LIST_RLOCK(); + VNET_FOREACH(vnet_iter) { + CURVNET_SET(vnet_iter); /* XXX CURVNET_SET_QUIET() ? */ + INIT_VNET_NET(vnet_iter); + TAILQ_FOREACH(ifp, &V_ifnet, if_link) + (void)ifaddr_event_handler(NULL, ifp); + CURVNET_RESTORE(); } + VNET_LIST_RUNLOCK(); IFNET_RUNLOCK(); return 0; } diff --git a/sys/dev/cxgb/ulp/tom/cxgb_cpl_io.c b/sys/dev/cxgb/ulp/tom/cxgb_cpl_io.c index 62ffdaa..22fb58d 100644 --- a/sys/dev/cxgb/ulp/tom/cxgb_cpl_io.c +++ b/sys/dev/cxgb/ulp/tom/cxgb_cpl_io.c @@ -276,6 +276,7 @@ mk_tid_release(struct mbuf *m, const struct toepcb *toep, unsigned int tid) static inline void make_tx_data_wr(struct socket *so, struct mbuf *m, int len, struct mbuf *tail) { + INIT_VNET_INET(so->so_vnet); struct tcpcb *tp = so_sototcpcb(so); struct toepcb *toep = tp->t_toe; struct tx_data_wr *req; @@ -1220,6 +1221,7 @@ install_offload_ops(struct socket *so) static __inline int select_rcv_wscale(int space) { + INIT_VNET_INET(so->so_vnet); int wscale = 0; if (space > MAX_RCV_WND) @@ -1237,6 +1239,7 @@ select_rcv_wscale(int space) static unsigned long select_rcv_wnd(struct toedev *dev, struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct tom_data *d = TOM_DATA(dev); unsigned int wnd; unsigned int max_rcv_wnd; @@ -3783,6 +3786,7 @@ fixup_and_send_ofo(struct toepcb *toep) static void socket_act_establish(struct socket *so, struct mbuf *m) { + INIT_VNET_INET(so->so_vnet); struct cpl_act_establish *req = cplhdr(m); u32 rcv_isn = ntohl(req->rcv_isn); /* real RCV_ISN + 1 */ struct tcpcb *tp = so_sototcpcb(so); diff --git a/sys/dev/firewire/firewire.c b/sys/dev/firewire/firewire.c index 2c48ff3..ae0d5d3 100644 --- a/sys/dev/firewire/firewire.c +++ b/sys/dev/firewire/firewire.c @@ -703,7 +703,7 @@ fw_reset_crom(struct firewire_comm *fc) crom_add_simple_text(src, root, &buf->vendor, "FreeBSD Project"); crom_add_entry(root, CSRKEY_HW, __FreeBSD_version); #endif - crom_add_simple_text(src, root, &buf->hw, V_hostname); + crom_add_simple_text(src, root, &buf->hw, G_hostname); } /* diff --git a/sys/fs/cd9660/cd9660_rrip.c b/sys/fs/cd9660/cd9660_rrip.c index 2b540d8..670ca30 100644 --- a/sys/fs/cd9660/cd9660_rrip.c +++ b/sys/fs/cd9660/cd9660_rrip.c @@ -114,6 +114,7 @@ cd9660_rrip_slink(p,ana) ISO_RRIP_SLINK *p; ISO_RRIP_ANALYZE *ana; { + INIT_VPROCG(TD_TO_VPROCG(curthread)); ISO_RRIP_SLINK_COMPONENT *pcomp; ISO_RRIP_SLINK_COMPONENT *pcompe; int len, wlen, cont; @@ -224,6 +225,7 @@ cd9660_rrip_altname(p,ana) ISO_RRIP_ALTNAME *p; ISO_RRIP_ANALYZE *ana; { + INIT_VPROCG(TD_TO_VPROCG(curthread)); char *inbuf; int wlen; int cont; diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index a1ba436..654b56f 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -475,6 +475,7 @@ jailed(struct ucred *cred) void getcredhostname(struct ucred *cred, char *buf, size_t size) { + INIT_VPROCG(cred->cr_vimage->v_procg); if (jailed(cred)) { mtx_lock(&cred->cr_prison->pr_mtx); diff --git a/sys/kern/kern_mib.c b/sys/kern/kern_mib.c index aa05e93..afe0153 100644 --- a/sys/kern/kern_mib.c +++ b/sys/kern/kern_mib.c @@ -207,7 +207,9 @@ static char machine_arch[] = MACHINE_ARCH; SYSCTL_STRING(_hw, HW_MACHINE_ARCH, machine_arch, CTLFLAG_RD, machine_arch, 0, "System architecture"); +#ifndef VIMAGE char hostname[MAXHOSTNAMELEN]; +#endif /* * This mutex is used to protect the hostname and domainname variables, and @@ -219,6 +221,7 @@ MTX_SYSINIT(hostname_mtx, &hostname_mtx, "hostname", MTX_DEF); static int sysctl_hostname(SYSCTL_HANDLER_ARGS) { + INIT_VPROCG(TD_TO_VPROCG(req->td)); struct prison *pr; char tmphostname[MAXHOSTNAMELEN]; int error; @@ -345,7 +348,9 @@ SYSCTL_PROC(_kern, OID_AUTO, conftxt, CTLTYPE_STRING|CTLFLAG_RW, 0, 0, sysctl_kern_config, "", "Kernel configuration file"); #endif +#ifndef VIMAGE char domainname[MAXHOSTNAMELEN]; /* Protected by hostname_mtx. */ +#endif static int sysctl_domainname(SYSCTL_HANDLER_ARGS) @@ -354,13 +359,13 @@ sysctl_domainname(SYSCTL_HANDLER_ARGS) int error; mtx_lock(&hostname_mtx); - bcopy(domainname, tmpdomainname, MAXHOSTNAMELEN); + bcopy(V_domainname, tmpdomainname, MAXHOSTNAMELEN); mtx_unlock(&hostname_mtx); error = sysctl_handle_string(oidp, tmpdomainname, sizeof tmpdomainname, req); if (req->newptr != NULL && error == 0) { mtx_lock(&hostname_mtx); - bcopy(tmpdomainname, domainname, MAXHOSTNAMELEN); + bcopy(tmpdomainname, V_domainname, MAXHOSTNAMELEN); mtx_unlock(&hostname_mtx); } return (error); diff --git a/sys/kern/kern_uuid.c b/sys/kern/kern_uuid.c index 61e9ce9..8677f7a 100644 --- a/sys/kern/kern_uuid.c +++ b/sys/kern/kern_uuid.c @@ -88,6 +88,7 @@ MTX_SYSINIT(uuid_lock, &uuid_mutex, "UUID generator mutex lock", MTX_DEF); static void uuid_node(uint16_t *node) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; struct ifaddr *ifa; struct sockaddr_dl *sdl; diff --git a/sys/kern/kern_xxx.c b/sys/kern/kern_xxx.c index 9a30d17..aba4bbc 100644 --- a/sys/kern/kern_xxx.c +++ b/sys/kern/kern_xxx.c @@ -246,6 +246,7 @@ getdomainname(td, uap) struct thread *td; struct getdomainname_args *uap; { + INIT_VPROCG(TD_TO_VPROCG(td)); char tmpdomainname[MAXHOSTNAMELEN]; int domainnamelen; @@ -271,6 +272,7 @@ setdomainname(td, uap) struct thread *td; struct setdomainname_args *uap; { + INIT_VPROCG(TD_TO_VPROCG(td)); char tmpdomainname[MAXHOSTNAMELEN]; int error, domainnamelen; @@ -284,7 +286,7 @@ setdomainname(td, uap) if (error == 0) { tmpdomainname[domainnamelen] = 0; mtx_lock(&hostname_mtx); - bcopy(tmpdomainname, V_domainname, sizeof(domainname)); + bcopy(tmpdomainname, V_domainname, sizeof(V_domainname)); mtx_unlock(&hostname_mtx); } return (error); diff --git a/sys/net/bridgestp.c b/sys/net/bridgestp.c index aa9671e..99ad32e 100644 --- a/sys/net/bridgestp.c +++ b/sys/net/bridgestp.c @@ -2017,6 +2017,7 @@ bstp_same_bridgeid(uint64_t id1, uint64_t id2) void bstp_reinit(struct bstp_state *bs) { + INIT_VNET_NET(curvnet); struct bstp_port *bp; struct ifnet *ifp, *mif; u_char *e_addr; diff --git a/sys/net/if.c b/sys/net/if.c index 0e5821e..7bf1ecb 100644 --- a/sys/net/if.c +++ b/sys/net/if.c @@ -168,6 +168,7 @@ MALLOC_DEFINE(M_IFMADDR, "ether_multi", "link-level multicast address"); struct ifnet * ifnet_byindex(u_short idx) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; IFNET_RLOCK(); @@ -179,6 +180,7 @@ ifnet_byindex(u_short idx) static void ifnet_setbyindex(u_short idx, struct ifnet *ifp) { + INIT_VNET_NET(curvnet); IFNET_WLOCK_ASSERT(); @@ -188,6 +190,7 @@ ifnet_setbyindex(u_short idx, struct ifnet *ifp) struct ifaddr * ifaddr_byindex(u_short idx) { + INIT_VNET_NET(curvnet); struct ifaddr *ifa; IFNET_RLOCK(); @@ -199,6 +202,7 @@ ifaddr_byindex(u_short idx) struct cdev * ifdev_byindex(u_short idx) { + INIT_VNET_NET(curvnet); struct cdev *cdev; IFNET_RLOCK(); @@ -210,6 +214,7 @@ ifdev_byindex(u_short idx) static void ifdev_setbyindex(u_short idx, struct cdev *cdev) { + INIT_VNET_NET(curvnet); IFNET_WLOCK(); V_ifindex_table[idx].ife_dev = cdev; @@ -279,6 +284,7 @@ netioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, struct thread *td static int netkqfilter(struct cdev *dev, struct knote *kn) { + INIT_VNET_NET(curvnet); struct knlist *klist; struct ifnet *ifp; int idx; @@ -348,6 +354,7 @@ filt_netdev(struct knote *kn, long hint) static void if_init(void *dummy __unused) { + INIT_VNET_NET(curvnet); IFNET_LOCK_INIT(); TAILQ_INIT(&V_ifnet); @@ -362,6 +369,7 @@ if_init(void *dummy __unused) static void if_grow(void) { + INIT_VNET_NET(curvnet); u_int n; struct ifindex_entry *e; @@ -383,6 +391,7 @@ if_grow(void) struct ifnet* if_alloc(u_char type) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; ifp = malloc(sizeof(struct ifnet), M_IFNET, M_WAITOK|M_ZERO); @@ -445,6 +454,7 @@ if_free(struct ifnet *ifp) void if_free_type(struct ifnet *ifp, u_char type) { + INIT_VNET_NET(curvnet); /* ifp->if_vnet can be NULL here ! */ if (ifp != ifnet_byindex(ifp->if_index)) { if_printf(ifp, "%s: value was not if_alloced, skipping\n", @@ -482,6 +492,7 @@ if_free_type(struct ifnet *ifp, u_char type) void if_attach(struct ifnet *ifp) { + INIT_VNET_NET(curvnet); unsigned socksize, ifasize; int namelen, masklen; struct sockaddr_dl *sdl; @@ -595,6 +606,7 @@ if_attach(struct ifnet *ifp) static void if_attachdomain(void *dummy) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; int s; @@ -705,6 +717,7 @@ if_purgemaddrs(struct ifnet *ifp) void if_detach(struct ifnet *ifp) { + INIT_VNET_NET(ifp->if_vnet); struct ifaddr *ifa; struct radix_node_head *rnh; int s; @@ -820,6 +833,7 @@ if_detach(struct ifnet *ifp) int if_addgroup(struct ifnet *ifp, const char *groupname) { + INIT_VNET_NET(ifp->if_vnet); struct ifg_list *ifgl; struct ifg_group *ifg = NULL; struct ifg_member *ifgm; @@ -889,6 +903,7 @@ if_addgroup(struct ifnet *ifp, const char *groupname) int if_delgroup(struct ifnet *ifp, const char *groupname) { + INIT_VNET_NET(ifp->if_vnet); struct ifg_list *ifgl; struct ifg_member *ifgm; @@ -978,6 +993,7 @@ if_getgroup(struct ifgroupreq *data, struct ifnet *ifp) static int if_getgroupmembers(struct ifgroupreq *data) { + INIT_VNET_NET(curvnet); struct ifgroupreq *ifgr = data; struct ifg_group *ifg; struct ifg_member *ifgm; @@ -1087,6 +1103,7 @@ if_rtdel(struct radix_node *rn, void *arg) struct ifaddr * ifa_ifwithaddr(struct sockaddr *addr) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; struct ifaddr *ifa; @@ -1117,6 +1134,7 @@ done: struct ifaddr * ifa_ifwithbroadaddr(struct sockaddr *addr) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; struct ifaddr *ifa; @@ -1144,6 +1162,7 @@ done: struct ifaddr * ifa_ifwithdstaddr(struct sockaddr *addr) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; struct ifaddr *ifa; @@ -1172,6 +1191,7 @@ done: struct ifaddr * ifa_ifwithnet(struct sockaddr *addr) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; struct ifaddr *ifa; struct ifaddr *ifa_maybe = (struct ifaddr *) 0; @@ -1415,6 +1435,7 @@ do_link_state_change(void *arg, int pending) struct ifnet *ifp = (struct ifnet *)arg; int link_state = ifp->if_link_state; int link; + CURVNET_SET(ifp->if_vnet); /* Notify that the link state has changed. */ rt_ifmsg(ifp); @@ -1451,6 +1472,7 @@ do_link_state_change(void *arg, int pending) if (log_link_state_change) log(LOG_NOTICE, "%s: link state changed to %s\n", ifp->if_xname, (link_state == LINK_STATE_UP) ? "UP" : "DOWN" ); + CURVNET_RESTORE(); } /* @@ -1513,16 +1535,24 @@ if_qflush(struct ifaltq *ifq) static void if_slowtimo(void *arg) { + VNET_ITERATOR_DECL(vnet_iter); struct ifnet *ifp; int s = splimp(); IFNET_RLOCK(); - TAILQ_FOREACH(ifp, &V_ifnet, if_link) { - if (ifp->if_timer == 0 || --ifp->if_timer) - continue; - if (ifp->if_watchdog) - (*ifp->if_watchdog)(ifp); + VNET_LIST_RLOCK(); + VNET_FOREACH(vnet_iter) { + CURVNET_SET(vnet_iter); + INIT_VNET_NET(vnet_iter); + TAILQ_FOREACH(ifp, &V_ifnet, if_link) { + if (ifp->if_timer == 0 || --ifp->if_timer) + continue; + if (ifp->if_watchdog) + (*ifp->if_watchdog)(ifp); + } + CURVNET_RESTORE(); } + VNET_LIST_RUNLOCK(); IFNET_RUNLOCK(); splx(s); timeout(if_slowtimo, (void *)0, hz / IFNET_SLOWHZ); @@ -1535,6 +1565,7 @@ if_slowtimo(void *arg) struct ifnet * ifunit(const char *name) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; IFNET_RLOCK(); @@ -2107,6 +2138,7 @@ ifpromisc(struct ifnet *ifp, int pswitch) static int ifconf(u_long cmd, caddr_t data) { + INIT_VNET_NET(curvnet); struct ifconf *ifc = (struct ifconf *)data; #ifdef __amd64__ struct ifconf32 *ifc32 = (struct ifconf32 *)data; @@ -2466,6 +2498,7 @@ if_delmulti(struct ifnet *ifp, struct sockaddr *sa) int lastref; #ifdef INVARIANTS struct ifnet *oifp; + INIT_VNET_NET(ifp->if_vnet); IFNET_RLOCK(); TAILQ_FOREACH(oifp, &V_ifnet, if_link) @@ -2510,6 +2543,9 @@ if_delmulti(struct ifnet *ifp, struct sockaddr *sa) void if_delmulti_ifma(struct ifmultiaddr *ifma) { +#ifdef DIAGNOSTIC + INIT_VNET_NET(curvnet); +#endif struct ifnet *ifp; int lastref; diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c index 4e124d2..0a53265 100644 --- a/sys/net/if_bridge.c +++ b/sys/net/if_bridge.c @@ -3039,6 +3039,8 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) } if (IPFW_LOADED && pfil_ipfw != 0 && dir == PFIL_OUT && ifp != NULL) { + INIT_VNET_IPFW(curvnet); + error = -1; args.rule = ip_dn_claim_rule(*mp); if (args.rule != NULL && V_fw_one_pass) @@ -3223,6 +3225,7 @@ bad: static int bridge_ip_checkbasic(struct mbuf **mp) { + INIT_VNET_INET(curvnet); struct mbuf *m = *mp; struct ip *ip; int len, hlen; @@ -3318,6 +3321,7 @@ bad: static int bridge_ip6_checkbasic(struct mbuf **mp) { + INIT_VNET_INET6(curvnet); struct mbuf *m = *mp; struct ip6_hdr *ip6; @@ -3372,6 +3376,7 @@ static int bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh, int snap, struct llc *llc) { + INIT_VNET_INET(curvnet); struct mbuf *m0; struct ip *ip; int error = -1; diff --git a/sys/net/if_ef.c b/sys/net/if_ef.c index c60e615..59d4556 100644 --- a/sys/net/if_ef.c +++ b/sys/net/if_ef.c @@ -484,43 +484,51 @@ ef_clone(struct ef_link *efl, int ft) static int ef_load(void) { + VNET_ITERATOR_DECL(vnet_iter); struct ifnet *ifp; struct efnet *efp; struct ef_link *efl = NULL, *efl_temp; int error = 0, d; - IFNET_RLOCK(); - TAILQ_FOREACH(ifp, &V_ifnet, if_link) { - if (ifp->if_type != IFT_ETHER) continue; - EFDEBUG("Found interface %s\n", ifp->if_xname); - efl = (struct ef_link*)malloc(sizeof(struct ef_link), - M_IFADDR, M_WAITOK | M_ZERO); - if (efl == NULL) { - error = ENOMEM; - break; - } + VNET_LIST_RLOCK(); + VNET_FOREACH(vnet_iter) { + CURVNET_SET(vnet_iter); + INIT_VNET_NET(vnet_iter); + IFNET_RLOCK(); + TAILQ_FOREACH(ifp, &V_ifnet, if_link) { + if (ifp->if_type != IFT_ETHER) continue; + EFDEBUG("Found interface %s\n", ifp->if_xname); + efl = (struct ef_link*)malloc(sizeof(struct ef_link), + M_IFADDR, M_WAITOK | M_ZERO); + if (efl == NULL) { + error = ENOMEM; + break; + } - efl->el_ifp = ifp; + efl->el_ifp = ifp; #ifdef ETHER_II - error = ef_clone(efl, ETHER_FT_EII); - if (error) break; + error = ef_clone(efl, ETHER_FT_EII); + if (error) break; #endif #ifdef ETHER_8023 - error = ef_clone(efl, ETHER_FT_8023); - if (error) break; + error = ef_clone(efl, ETHER_FT_8023); + if (error) break; #endif #ifdef ETHER_8022 - error = ef_clone(efl, ETHER_FT_8022); - if (error) break; + error = ef_clone(efl, ETHER_FT_8022); + if (error) break; #endif #ifdef ETHER_SNAP - error = ef_clone(efl, ETHER_FT_SNAP); - if (error) break; + error = ef_clone(efl, ETHER_FT_SNAP); + if (error) break; #endif - efcount++; - SLIST_INSERT_HEAD(&efdev, efl, el_next); + efcount++; + SLIST_INSERT_HEAD(&efdev, efl, el_next); + } + IFNET_RUNLOCK(); + CURVNET_RESTORE(); } - IFNET_RUNLOCK(); + VNET_LIST_RUNLOCK(); if (error) { if (efl) SLIST_INSERT_HEAD(&efdev, efl, el_next); diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c index d20fb65..c51b331 100644 --- a/sys/net/if_ethersubr.c +++ b/sys/net/if_ethersubr.c @@ -393,6 +393,7 @@ ether_output_frame(struct ifnet *ifp, struct mbuf *m) { int error; #if defined(INET) || defined(INET6) + INIT_VNET_NET(ifp->if_vnet); struct ip_fw *rule = ip_dn_claim_rule(m); if (IPFW_LOADED && V_ether_ipfw != 0) { @@ -424,6 +425,7 @@ int ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst, struct ip_fw **rule, int shared) { + INIT_VNET_IPFW(dst->if_vnet); struct ether_header *eh; struct ether_header save_eh; struct mbuf *m; @@ -716,6 +718,7 @@ ether_demux(struct ifnet *ifp, struct mbuf *m) KASSERT(ifp != NULL, ("%s: NULL interface pointer", __func__)); #if defined(INET) || defined(INET6) + INIT_VNET_NET(ifp->if_vnet); /* * Allow dummynet and/or ipfw to claim the frame. * Do not do this for PROMISC frames in case we are re-entered. @@ -937,8 +940,8 @@ ether_ifdetach(struct ifnet *ifp) SYSCTL_DECL(_net_link); SYSCTL_NODE(_net_link, IFT_ETHER, ether, CTLFLAG_RW, 0, "Ethernet"); #if defined(INET) || defined(INET6) -SYSCTL_INT(_net_link_ether, OID_AUTO, ipfw, CTLFLAG_RW, - ðer_ipfw,0,"Pass ether pkts through firewall"); +SYSCTL_V_INT(V_NET, vnet_net, _net_link_ether, OID_AUTO, ipfw, CTLFLAG_RW, + ether_ipfw, 0, "Pass ether pkts through firewall"); #endif #if 0 diff --git a/sys/net/if_faith.c b/sys/net/if_faith.c index 6388820..6fdb72b 100644 --- a/sys/net/if_faith.c +++ b/sys/net/if_faith.c @@ -324,6 +324,7 @@ static int faithprefix(in6) struct in6_addr *in6; { + INIT_VNET_INET6(curvnet); struct rtentry *rt; struct sockaddr_in6 sin6; int ret; diff --git a/sys/net/if_gif.c b/sys/net/if_gif.c index 685f282..8e0363c 100644 --- a/sys/net/if_gif.c +++ b/sys/net/if_gif.c @@ -123,9 +123,17 @@ SYSCTL_NODE(_net_link, IFT_GIF, gif, CTLFLAG_RW, 0, */ #define MAX_GIF_NEST 1 #endif +#ifndef VIMAGE static int max_gif_nesting = MAX_GIF_NEST; -SYSCTL_INT(_net_link_gif, OID_AUTO, max_nesting, CTLFLAG_RW, - &max_gif_nesting, 0, "Max nested tunnels"); +#endif +SYSCTL_V_INT(V_NET, vnet_gif, _net_link_gif, OID_AUTO, max_nesting, + CTLFLAG_RW, max_gif_nesting, 0, "Max nested tunnels"); + +#ifdef INET6 +SYSCTL_DECL(_net_inet6_ip6); +SYSCTL_V_INT(V_NET, vnet_gif, _net_inet6_ip6, IPV6CTL_GIF_HLIM, + gifhlim, CTLFLAG_RW, ip6_gif_hlim, 0, ""); +#endif /* * By default, we disallow creation of multiple tunnels between the same @@ -137,8 +145,8 @@ static int parallel_tunnels = 1; #else static int parallel_tunnels = 0; #endif -SYSCTL_INT(_net_link_gif, OID_AUTO, parallel_tunnels, CTLFLAG_RW, - ¶llel_tunnels, 0, "Allow parallel tunnels?"); +SYSCTL_V_INT(V_NET, vnet_gif, _net_link_gif, OID_AUTO, parallel_tunnels, + CTLFLAG_RW, parallel_tunnels, 0, "Allow parallel tunnels?"); /* copy from src/sys/net/if_ethersubr.c */ static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] = @@ -154,6 +162,7 @@ gif_clone_create(ifc, unit, params) int unit; caddr_t params; { + INIT_VNET_GIF(curvnet); struct gif_softc *sc; sc = malloc(sizeof(struct gif_softc), M_GIF, M_WAITOK | M_ZERO); @@ -364,6 +373,7 @@ gif_output(ifp, m, dst, rt) struct sockaddr *dst; struct rtentry *rt; /* added in net2 */ { + INIT_VNET_GIF(ifp->if_vnet); struct gif_softc *sc = ifp->if_softc; struct m_tag *mtag; int error = 0; @@ -854,6 +864,7 @@ gif_set_tunnel(ifp, src, dst) struct sockaddr *src; struct sockaddr *dst; { + INIT_VNET_GIF(ifp->if_vnet); struct gif_softc *sc = ifp->if_softc; struct gif_softc *sc2; struct sockaddr *osrc, *odst, *sa; diff --git a/sys/net/if_gif.h b/sys/net/if_gif.h index 4e417fd..c2fcc8c 100644 --- a/sys/net/if_gif.h +++ b/sys/net/if_gif.h @@ -110,6 +110,30 @@ int gif_set_tunnel(struct ifnet *, struct sockaddr *, struct sockaddr *); void gif_delete_tunnel(struct ifnet *); int gif_encapcheck(const struct mbuf *, int, int, void *); +/* + * Virtualization support + */ +#ifdef VIMAGE +struct vnet_gif { + LIST_HEAD(, gif_softc) _gif_softc_list; + int _max_gif_nesting; + int _parallel_tunnels; + int _ip_gif_ttl; + int _ip6_gif_hlim; +}; +#endif + +#define INIT_VNET_GIF(vnet) \ + INIT_FROM_VNET(vnet, VNET_MOD_GIF, struct vnet_gif, vnet_gif) + +#define VNET_GIF(sym) VSYM(vnet_gif, sym) + +#define V_gif_softc_list VNET_GIF(gif_softc_list) +#define V_max_gif_nesting VNET_GIF(max_gif_nesting) +#define V_parallel_tunnels VNET_GIF(parallel_tunnels) +#define V_ip_gif_ttl VNET_GIF(ip_gif_ttl) +#define V_ip6_gif_hlim VNET_GIF(ip6_gif_hlim) + #endif /* _KERNEL */ #endif /* _NET_IF_GIF_H_ */ diff --git a/sys/net/if_gre.c b/sys/net/if_gre.c index c3ec001..6b5e739 100644 --- a/sys/net/if_gre.c +++ b/sys/net/if_gre.c @@ -241,6 +241,9 @@ static int gre_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, struct rtentry *rt) { +#ifdef INET6 + INIT_VNET_INET(ifp->if_vnet); +#endif int error = 0; struct gre_softc *sc = ifp->if_softc; struct greip *gh; diff --git a/sys/net/if_loop.c b/sys/net/if_loop.c index eebae0c..09bbb55 100644 --- a/sys/net/if_loop.c +++ b/sys/net/if_loop.c @@ -115,6 +115,7 @@ lo_clone_destroy(struct ifnet *ifp) static int lo_clone_create(struct if_clone *ifc, int unit, caddr_t params) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; ifp = if_alloc(IFT_LOOP); @@ -214,6 +215,7 @@ looutput(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, int if_simloop(struct ifnet *ifp, struct mbuf *m, int af, int hlen) { + INIT_VNET_NET(ifp->if_vnet); int isr; M_ASSERTPKTHDR(m); diff --git a/sys/net/if_mib.c b/sys/net/if_mib.c index 736c099..0902599 100644 --- a/sys/net/if_mib.c +++ b/sys/net/if_mib.c @@ -65,12 +65,15 @@ SYSCTL_DECL(_net_link_generic); SYSCTL_NODE(_net_link_generic, IFMIB_SYSTEM, system, CTLFLAG_RW, 0, "Variables global to all interfaces"); -SYSCTL_INT(_net_link_generic_system, IFMIB_IFCOUNT, ifcount, CTLFLAG_RD, - &if_index, 0, "Number of configured interfaces"); + +SYSCTL_V_INT(V_NET, vnet_net, _net_link_generic_system, IFMIB_IFCOUNT, + ifcount, CTLFLAG_RD, if_index, 0, + "Number of configured interfaces"); static int sysctl_ifdata(SYSCTL_HANDLER_ARGS) /* XXX bad syntax! */ { + INIT_VNET_NET(curvnet); int *name = (int *)arg1; int error; u_int namelen = arg2; diff --git a/sys/net/if_spppsubr.c b/sys/net/if_spppsubr.c index c7814e5..99dad77 100644 --- a/sys/net/if_spppsubr.c +++ b/sys/net/if_spppsubr.c @@ -4875,6 +4875,7 @@ sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) static void sppp_set_ip_addr(struct sppp *sp, u_long src) { + INIT_VNET_INET(curvnet); STDDCL; struct ifaddr *ifa; struct sockaddr_in *si; diff --git a/sys/net/if_stf.c b/sys/net/if_stf.c index 4e365d5..d3c0d75 100644 --- a/sys/net/if_stf.c +++ b/sys/net/if_stf.c @@ -375,6 +375,7 @@ static struct in6_ifaddr * stf_getsrcifa6(ifp) struct ifnet *ifp; { + INIT_VNET_INET(ifp->if_vnet); struct ifaddr *ia; struct in_ifaddr *ia4; struct sockaddr_in6 *sin6; @@ -584,6 +585,7 @@ stf_checkaddr4(sc, in, inifp) struct in_addr *in; struct ifnet *inifp; /* incoming interface */ { + INIT_VNET_INET(curvnet); struct in_ifaddr *ia4; /* diff --git a/sys/net/if_tun.c b/sys/net/if_tun.c index b057b79..a1ec495 100644 --- a/sys/net/if_tun.c +++ b/sys/net/if_tun.c @@ -43,6 +43,7 @@ #include <sys/uio.h> #include <sys/malloc.h> #include <sys/random.h> +#include <sys/vimage.h> #include <net/if.h> #include <net/if_clone.h> @@ -224,6 +225,7 @@ tunclone(void *arg, struct ucred *cred, char *name, int namelen, else append_unit = 0; + CURVNET_SET(TD_TO_VNET(curthread)); /* find any existing device, or allocate new unit number */ i = clone_create(&tunclones, &tun_cdevsw, &u, dev, 0); if (i) { @@ -242,6 +244,7 @@ tunclone(void *arg, struct ucred *cred, char *name, int namelen, } if_clone_create(name, namelen, NULL); + CURVNET_RESTORE(); } static void @@ -253,6 +256,7 @@ tun_destroy(struct tun_softc *tp) KASSERT((tp->tun_flags & TUN_OPEN) == 0, ("tununits is out of sync - unit %d", TUN2IFP(tp)->if_dunit)); + CURVNET_SET(TUN2IFP(tp)->if_vnet); dev = tp->tun_dev; bpfdetach(TUN2IFP(tp)); if_detach(TUN2IFP(tp)); @@ -261,6 +265,7 @@ tun_destroy(struct tun_softc *tp) knlist_destroy(&tp->tun_rsel.si_note); mtx_destroy(&tp->tun_mtx); free(tp, M_TUN); + CURVNET_RESTORE(); } static void @@ -447,6 +452,7 @@ tunclose(struct cdev *dev, int foo, int bar, struct thread *td) /* * junk all pending output */ + CURVNET_SET(ifp->if_vnet); s = splimp(); IFQ_PURGE(&ifp->if_snd); splx(s); @@ -476,6 +482,7 @@ tunclose(struct cdev *dev, int foo, int bar, struct thread *td) ifp->if_drv_flags &= ~IFF_DRV_RUNNING; splx(s); } + CURVNET_RESTORE(); funsetown(&tp->tun_sigio); selwakeuppri(&tp->tun_rsel, PZERO + 1); @@ -924,7 +931,9 @@ tunwrite(struct cdev *dev, struct uio *uio, int flag) random_harvest(m, 16, 3, 0, RANDOM_NET); ifp->if_ibytes += m->m_pkthdr.len; ifp->if_ipackets++; + CURVNET_SET(ifp->if_vnet); netisr_dispatch(isr, m); + CURVNET_RESTORE(); return (0); } diff --git a/sys/net/if_var.h b/sys/net/if_var.h index 593d9a2..3f7a008 100644 --- a/sys/net/if_var.h +++ b/sys/net/if_var.h @@ -713,6 +713,8 @@ int ether_poll_register(poll_handler_t *h, struct ifnet *ifp); int ether_poll_deregister(struct ifnet *ifp); #endif /* DEVICE_POLLING */ +#include <net/vnet.h> + #endif /* _KERNEL */ #endif /* !_NET_IF_VAR_H_ */ diff --git a/sys/net/if_vlan.c b/sys/net/if_vlan.c index 3f93883..af164e3 100644 --- a/sys/net/if_vlan.c +++ b/sys/net/if_vlan.c @@ -422,6 +422,8 @@ vlan_setmulti(struct ifnet *ifp) sc = ifp->if_softc; ifp_p = PARENT(sc); + CURVNET_SET_QUIET(ifp_p->if_vnet); + bzero((char *)&sdl, sizeof(sdl)); sdl.sdl_len = sizeof(sdl); sdl.sdl_family = AF_LINK; @@ -456,6 +458,7 @@ vlan_setmulti(struct ifnet *ifp) return (error); } + CURVNET_RESTORE(); return (0); } @@ -573,6 +576,7 @@ MODULE_DEPEND(if_vlan, miibus, 1, 1, 1); static struct ifnet * vlan_clone_match_ethertag(struct if_clone *ifc, const char *name, int *tag) { + INIT_VNET_NET(curvnet); const char *cp; struct ifnet *ifp; int t = 0; diff --git a/sys/net/raw_cb.c b/sys/net/raw_cb.c index ee8628c..076d2f5 100644 --- a/sys/net/raw_cb.c +++ b/sys/net/raw_cb.c @@ -44,6 +44,7 @@ #include <sys/systm.h> #include <sys/vimage.h> +#include <net/if.h> #include <net/raw_cb.h> /* @@ -75,6 +76,7 @@ SYSCTL_ULONG(_net_raw, OID_AUTO, recvspace, CTLFLAG_RW, &raw_recvspace, 0, int raw_attach(struct socket *so, int proto) { + INIT_VNET_NET(so->so_vnet); struct rawcb *rp = sotorawcb(so); int error; diff --git a/sys/net/raw_usrreq.c b/sys/net/raw_usrreq.c index 09752fc..633125a 100644 --- a/sys/net/raw_usrreq.c +++ b/sys/net/raw_usrreq.c @@ -46,6 +46,7 @@ #include <sys/systm.h> #include <sys/vimage.h> +#include <net/if.h> #include <net/raw_cb.h> MTX_SYSINIT(rawcb_mtx, &rawcb_mtx, "rawcb", MTX_DEF); @@ -56,6 +57,7 @@ MTX_SYSINIT(rawcb_mtx, &rawcb_mtx, "rawcb", MTX_DEF); void raw_init(void) { + INIT_VNET_NET(curvnet); LIST_INIT(&V_rawcb_list); } @@ -70,6 +72,7 @@ raw_init(void) void raw_input(struct mbuf *m0, struct sockproto *proto, struct sockaddr *src) { + INIT_VNET_NET(curvnet); struct rawcb *rp; struct mbuf *m = m0; struct socket *last; diff --git a/sys/net/route.c b/sys/net/route.c index 105c932..359ac8a 100644 --- a/sys/net/route.c +++ b/sys/net/route.c @@ -257,6 +257,7 @@ struct rtentry * rtalloc1_fib(struct sockaddr *dst, int report, u_long ignflags, u_int fibnum) { + INIT_VNET_NET(curvnet); struct radix_node_head *rnh; struct rtentry *rt; struct radix_node *rn; @@ -362,6 +363,7 @@ rtalloc1_fib(struct sockaddr *dst, int report, u_long ignflags, void rtfree(struct rtentry *rt) { + INIT_VNET_NET(curvnet); struct radix_node_head *rnh; KASSERT(rt != NULL,("%s: NULL rt", __func__)); @@ -462,6 +464,7 @@ rtredirect_fib(struct sockaddr *dst, struct sockaddr *src, u_int fibnum) { + INIT_VNET_NET(curvnet); struct rtentry *rt, *rt0 = NULL; int error = 0; short *stat = NULL; @@ -768,6 +771,7 @@ rt_getifa_fib(struct rt_addrinfo *info, u_int fibnum) int rtexpunge(struct rtentry *rt) { + INIT_VNET_NET(curvnet); struct radix_node *rn; struct radix_node_head *rnh; struct ifaddr *ifa; @@ -859,6 +863,7 @@ int rtrequest1_fib(int req, struct rt_addrinfo *info, struct rtentry **ret_nrt, u_int fibnum) { + INIT_VNET_NET(curvnet); int error = 0; register struct rtentry *rt; register struct radix_node *rn; @@ -1289,6 +1294,7 @@ delete_rt: int rt_setgate(struct rtentry *rt, struct sockaddr *dst, struct sockaddr *gate) { + INIT_VNET_NET(curvnet); /* XXX dst may be overwritten, can we move this to below */ struct radix_node_head *rnh = V_rt_tables[rt->rt_fibnum][dst->sa_family]; @@ -1431,6 +1437,7 @@ rt_maskedcopy(struct sockaddr *src, struct sockaddr *dst, struct sockaddr *netma static inline int rtinit1(struct ifaddr *ifa, int cmd, int flags, int fibnum) { + INIT_VNET_NET(curvnet); struct sockaddr *dst; struct sockaddr *netmask; struct rtentry *rt = NULL; diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c index 34db369..7b610d6 100644 --- a/sys/net/rtsock.c +++ b/sys/net/rtsock.c @@ -314,6 +314,7 @@ static int route_output(struct mbuf *m, struct socket *so) { #define sa_equal(a1, a2) (bcmp((a1), (a2), (a1)->sa_len) == 0) + INIT_VNET_NET(so->so_vnet); struct rt_msghdr *rtm = NULL; struct rtentry *rt = NULL; struct radix_node_head *rnh; @@ -1075,6 +1076,7 @@ rt_ifannouncemsg(struct ifnet *ifp, int what) static void rt_dispatch(struct mbuf *m, const struct sockaddr *sa) { + INIT_VNET_NET(curvnet); struct m_tag *tag; /* @@ -1138,6 +1140,7 @@ sysctl_dumpentry(struct radix_node *rn, void *vw) static int sysctl_iflist(int af, struct walkarg *w) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; struct ifaddr *ifa; struct rt_addrinfo info; @@ -1198,6 +1201,7 @@ done: int sysctl_ifmalist(int af, struct walkarg *w) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; struct ifmultiaddr *ifma; struct rt_addrinfo info; @@ -1247,6 +1251,7 @@ done: static int sysctl_rtsock(SYSCTL_HANDLER_ARGS) { + INIT_VNET_NET(curvnet); int *name = (int *)arg1; u_int namelen = arg2; struct radix_node_head *rnh; diff --git a/sys/net/vnet.h b/sys/net/vnet.h new file mode 100644 index 0000000..f287bf9 --- /dev/null +++ b/sys/net/vnet.h @@ -0,0 +1,93 @@ +/*- + * Copyright (c) 2006-2008 University of Zagreb + * Copyright (c) 2006-2008 FreeBSD Foundation + * + * This software was developed by the University of Zagreb and the + * FreeBSD Foundation under sponsorship by the Stichting NLnet and the + * FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _NET_VNET_H_ +#define _NET_VNET_H_ + +#ifdef VIMAGE +#include "opt_route.h" + +#include <sys/proc.h> +#include <sys/protosw.h> +#include <sys/socket.h> + +#include <net/if.h> +#include <net/if_var.h> +#include <net/route.h> +#include <net/raw_cb.h> + +struct vnet_net { + int _if_index; + struct ifindex_entry *_ifindex_table; + struct ifnethead _ifnet; + struct ifgrouphead _ifg_head; + + int _if_indexlim; + struct knlist _ifklist; + + struct rtstat _rtstat; + struct radix_node_head *_rt_tables[RT_MAXFIBS][AF_MAX+1]; + int _rttrash; + + struct ifnet *_loif; + LIST_HEAD(, lo_softc) _lo_list; + + LIST_HEAD(, rawcb) _rawcb_list; + + int _ether_ipfw; +}; + +#endif + +/* + * Symbol translation macros + */ +#define INIT_VNET_NET(vnet) \ + INIT_FROM_VNET(vnet, VNET_MOD_NET, struct vnet_net, vnet_net) + +#define VNET_NET(sym) VSYM(vnet_net, sym) + +#define V_ether_ipfw VNET_NET(ether_ipfw) +#define V_if_index VNET_NET(if_index) +#define V_if_indexlim VNET_NET(if_indexlim) +#define V_ifg_head VNET_NET(ifg_head) +#define V_ifindex_table VNET_NET(ifindex_table) +#define V_ifklist VNET_NET(ifklist) +#define V_ifnet VNET_NET(ifnet) +#define V_lo_list VNET_NET(lo_list) +#define V_loif VNET_NET(loif) +#define V_rawcb_list VNET_NET(rawcb_list) +#define V_rt_tables VNET_NET(rt_tables) +#define V_rtstat VNET_NET(rtstat) +#define V_rttrash VNET_NET(rttrash) + +#endif /* !_NET_VNET_H_ */ diff --git a/sys/net80211/ieee80211_ddb.c b/sys/net80211/ieee80211_ddb.c index c4030d3..a319bd5 100644 --- a/sys/net80211/ieee80211_ddb.c +++ b/sys/net80211/ieee80211_ddb.c @@ -189,6 +189,7 @@ DB_SHOW_COMMAND(com, db_show_com) DB_SHOW_ALL_COMMAND(vaps, db_show_all_vaps) { + VNET_ITERATOR_DECL(vnet_iter); const struct ifnet *ifp; int i, showall = 0; @@ -199,21 +200,25 @@ DB_SHOW_ALL_COMMAND(vaps, db_show_all_vaps) break; } - TAILQ_FOREACH(ifp, &V_ifnet, if_list) - if (ifp->if_type == IFT_IEEE80211) { - const struct ieee80211com *ic = ifp->if_l2com; - - if (!showall) { - const struct ieee80211vap *vap; - db_printf("%s: com %p vaps:", - ifp->if_xname, ic); - TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) - db_printf(" %s(%p)", - vap->iv_ifp->if_xname, vap); - db_printf("\n"); - } else - _db_show_com(ic, 1, 1, 1); - } + VNET_FOREACH(vnet_iter) { + INIT_VNET_NET(vnet_iter); + TAILQ_FOREACH(ifp, &V_ifnet, if_list) + if (ifp->if_type == IFT_IEEE80211) { + const struct ieee80211com *ic = ifp->if_l2com; + + if (!showall) { + const struct ieee80211vap *vap; + db_printf("%s: com %p vaps:", + ifp->if_xname, ic); + TAILQ_FOREACH(vap, &ic->ic_vaps, + iv_next) + db_printf(" %s(%p)", + vap->iv_ifp->if_xname, vap); + db_printf("\n"); + } else + _db_show_com(ic, 1, 1, 1); + } + } } static void diff --git a/sys/netgraph/atm/ng_atm.c b/sys/netgraph/atm/ng_atm.c index 1378eec..2beed32 100644 --- a/sys/netgraph/atm/ng_atm.c +++ b/sys/netgraph/atm/ng_atm.c @@ -1379,6 +1379,7 @@ ng_atm_constructor(node_p nodep) static int ng_atm_mod_event(module_t mod, int event, void *data) { + VNET_ITERATOR_DECL(vnet_iter); struct ifnet *ifp; int error = 0; @@ -1402,10 +1403,17 @@ ng_atm_mod_event(module_t mod, int event, void *data) ng_atm_event_p = ng_atm_event; /* Create nodes for existing ATM interfaces */ - TAILQ_FOREACH(ifp, &V_ifnet, if_link) { - if (ifp->if_type == IFT_ATM) - ng_atm_attach(ifp); + VNET_LIST_RLOCK(); + VNET_FOREACH(vnet_iter) { + CURVNET_SET_QUIET(vnet_iter); + INIT_VNET_NET(vnet_iter); + TAILQ_FOREACH(ifp, &V_ifnet, if_link) { + if (ifp->if_type == IFT_ATM) + ng_atm_attach(ifp); + } + CURVNET_RESTORE(); } + VNET_LIST_RUNLOCK(); IFNET_RUNLOCK(); break; @@ -1419,10 +1427,17 @@ ng_atm_mod_event(module_t mod, int event, void *data) ng_atm_input_orphan_p = NULL; ng_atm_event_p = NULL; - TAILQ_FOREACH(ifp, &V_ifnet, if_link) { - if (ifp->if_type == IFT_ATM) - ng_atm_detach(ifp); + VNET_LIST_RLOCK(); + VNET_FOREACH(vnet_iter) { + CURVNET_SET_QUIET(vnet_iter); + INIT_VNET_NET(vnet_iter); + TAILQ_FOREACH(ifp, &V_ifnet, if_link) { + if (ifp->if_type == IFT_ATM) + ng_atm_detach(ifp); + } + CURVNET_RESTORE(); } + VNET_LIST_RUNLOCK(); IFNET_RUNLOCK(); break; diff --git a/sys/netgraph/netgraph.h b/sys/netgraph/netgraph.h index 53fab56..1fc0b19 100644 --- a/sys/netgraph/netgraph.h +++ b/sys/netgraph/netgraph.h @@ -1184,4 +1184,23 @@ typedef void *meta_p; #define NGI_GET_META(i,m) #define ng_copy_meta(meta) NULL +/* Hash related definitions */ +#define NG_ID_HASH_SIZE 128 /* most systems wont need even this many */ + +/* Virtualization macros */ +#define INIT_VNET_NETGRAPH(vnet) \ + INIT_FROM_VNET(vnet, VNET_MOD_NETGRAPH, \ + struct vnet_netgraph, vnet_netgraph) + +#define VNET_NETGRAPH(sym) VSYM(vnet_netgraph, sym) + +/* Symbol translation macros */ +#define V_nextID VNET_NETGRAPH(nextID) +#define V_ng_ID_hash VNET_NETGRAPH(ng_ID_hash) +#define V_ng_eiface_unit VNET_NETGRAPH(ng_eiface_unit) +#define V_ng_iface_unit VNET_NETGRAPH(ng_iface_unit) +#define V_ng_name_hash VNET_NETGRAPH(ng_name_hash) +#define V_ng_nodelist VNET_NETGRAPH(ng_nodelist) +#define V_ng_wormhole_unit VNET_NETGRAPH(ng_wormhole_unit) + #endif /* _NETGRAPH_NETGRAPH_H_ */ diff --git a/sys/netgraph/ng_base.c b/sys/netgraph/ng_base.c index 82caad1..2a84d429 100644 --- a/sys/netgraph/ng_base.c +++ b/sys/netgraph/ng_base.c @@ -167,7 +167,6 @@ static struct mtx ng_typelist_mtx; /* Hash related definitions */ /* XXX Don't need to initialise them because it's a LIST */ -#define NG_ID_HASH_SIZE 128 /* most systems wont need even this many */ static LIST_HEAD(, ng_node) ng_ID_hash[NG_ID_HASH_SIZE]; static struct mtx ng_idhash_mtx; /* Method to find a node.. used twice so do it here */ @@ -612,6 +611,7 @@ ng_make_node(const char *typename, node_p *nodepp) int ng_make_node_common(struct ng_type *type, node_p *nodepp) { + INIT_VNET_NETGRAPH(curvnet); node_p node; /* Require the node type to have been already installed */ @@ -793,6 +793,7 @@ ng_unref_node(node_p node) static node_p ng_ID2noderef(ng_ID_t ID) { + INIT_VNET_NETGRAPH(curvnet); node_p node; mtx_lock(&ng_idhash_mtx); NG_IDHASH_FIND(ID, node); @@ -818,6 +819,7 @@ ng_node2ID(node_p node) int ng_name_node(node_p node, const char *name) { + INIT_VNET_NETGRAPH(curvnet); int i, hash; node_p node2; @@ -868,6 +870,7 @@ ng_name_node(node_p node, const char *name) node_p ng_name2noderef(node_p here, const char *name) { + INIT_VNET_NETGRAPH(curvnet); node_p node; ng_ID_t temp; int hash; @@ -2430,6 +2433,7 @@ ng_apply_item(node_p node, item_p item, int rw) static int ng_generic_msg(node_p here, item_p item, hook_p lasthook) { + INIT_VNET_NETGRAPH(curvnet); int error = 0; struct ng_mesg *msg; struct ng_mesg *resp = NULL; diff --git a/sys/netgraph/ng_eiface.c b/sys/netgraph/ng_eiface.c index ae47c75..dc52f95 100644 --- a/sys/netgraph/ng_eiface.c +++ b/sys/netgraph/ng_eiface.c @@ -333,6 +333,7 @@ ng_eiface_print_ioctl(struct ifnet *ifp, int command, caddr_t data) static int ng_eiface_constructor(node_p node) { + INIT_VNET_NETGRAPH(curvnet); struct ifnet *ifp; priv_p priv; u_char eaddr[6] = {0,0,0,0,0,0}; @@ -545,11 +546,18 @@ ng_eiface_rcvdata(hook_p hook, item_p item) static int ng_eiface_rmnode(node_p node) { + INIT_VNET_NETGRAPH(curvnet); const priv_p priv = NG_NODE_PRIVATE(node); struct ifnet *const ifp = priv->ifp; + /* + * the ifnet may be in a different vnet than the netgraph node, + * hence we have to change the current vnet context here. + */ + CURVNET_SET_QUIET(ifp->if_vnet); ether_ifdetach(ifp); if_free(ifp); + CURVNET_RESTORE(); free_unr(V_ng_eiface_unit, priv->unit); FREE(priv, M_NETGRAPH); NG_NODE_SET_PRIVATE(node, NULL); diff --git a/sys/netgraph/ng_gif.c b/sys/netgraph/ng_gif.c index 139a50b..96113d2 100644 --- a/sys/netgraph/ng_gif.c +++ b/sys/netgraph/ng_gif.c @@ -541,6 +541,7 @@ ng_gif_disconnect(hook_p hook) static int ng_gif_mod_event(module_t mod, int event, void *data) { + VNET_ITERATOR_DECL(vnet_iter); struct ifnet *ifp; int error = 0; int s; @@ -561,10 +562,17 @@ ng_gif_mod_event(module_t mod, int event, void *data) /* Create nodes for any already-existing gif interfaces */ IFNET_RLOCK(); - TAILQ_FOREACH(ifp, &V_ifnet, if_link) { - if (ifp->if_type == IFT_GIF) - ng_gif_attach(ifp); + VNET_LIST_RLOCK(); + VNET_FOREACH(vnet_iter) { + CURVNET_SET_QUIET(vnet_iter); /* XXX revisit quiet */ + INIT_VNET_NET(curvnet); + TAILQ_FOREACH(ifp, &V_ifnet, if_link) { + if (ifp->if_type == IFT_GIF) + ng_gif_attach(ifp); + } + CURVNET_RESTORE(); } + VNET_LIST_RUNLOCK(); IFNET_RUNLOCK(); break; diff --git a/sys/netgraph/ng_iface.c b/sys/netgraph/ng_iface.c index 3753adb..b216bfc 100644 --- a/sys/netgraph/ng_iface.c +++ b/sys/netgraph/ng_iface.c @@ -506,6 +506,7 @@ ng_iface_print_ioctl(struct ifnet *ifp, int command, caddr_t data) static int ng_iface_constructor(node_p node) { + INIT_VNET_NETGRAPH(curvnet); struct ifnet *ifp; priv_p priv; @@ -766,11 +767,18 @@ ng_iface_rcvdata(hook_p hook, item_p item) static int ng_iface_shutdown(node_p node) { + INIT_VNET_NETGRAPH(curvnet); const priv_p priv = NG_NODE_PRIVATE(node); + /* + * The ifnet may be in a different vnet than the netgraph node, + * hence we have to change the current vnet context here. + */ + CURVNET_SET_QUIET(priv->ifp->if_vnet); bpfdetach(priv->ifp); if_detach(priv->ifp); if_free(priv->ifp); + CURVNET_RESTORE(); priv->ifp = NULL; free_unr(V_ng_iface_unit, priv->unit); FREE(priv, M_NETGRAPH_IFACE); diff --git a/sys/netinet/if_ether.c b/sys/netinet/if_ether.c index e32864c..7d78d9a 100644 --- a/sys/netinet/if_ether.c +++ b/sys/netinet/if_ether.c @@ -104,12 +104,15 @@ static int arp_maxtries = 5; static int useloopback = 1; /* use loopback interface for local traffic */ static int arp_proxyall = 0; -SYSCTL_INT(_net_link_ether_inet, OID_AUTO, maxtries, CTLFLAG_RW, - &arp_maxtries, 0, "ARP resolution attempts before returning error"); -SYSCTL_INT(_net_link_ether_inet, OID_AUTO, useloopback, CTLFLAG_RW, - &useloopback, 0, "Use the loopback interface for local traffic"); -SYSCTL_INT(_net_link_ether_inet, OID_AUTO, proxyall, CTLFLAG_RW, - &arp_proxyall, 0, "Enable proxy ARP for all suitable requests"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_link_ether_inet, OID_AUTO, maxtries, + CTLFLAG_RW, arp_maxtries, 0, + "ARP resolution attempts before returning error"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_link_ether_inet, OID_AUTO, useloopback, + CTLFLAG_RW, useloopback, 0, + "Use the loopback interface for local traffic"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_link_ether_inet, OID_AUTO, proxyall, + CTLFLAG_RW, arp_proxyall, 0, + "Enable proxy ARP for all suitable requests"); static void arp_init(void); static void arp_rtrequest(int, struct rtentry *, struct rt_addrinfo *); @@ -150,6 +153,8 @@ arptimer(void *arg) static void arp_rtrequest(int req, struct rtentry *rt, struct rt_addrinfo *info) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET(curvnet); struct sockaddr *gate; struct llinfo_arp *la; static struct sockaddr_dl null_sdl = {sizeof(null_sdl), AF_LINK}; @@ -361,6 +366,7 @@ int arpresolve(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m, struct sockaddr *dst, u_char *desten) { + INIT_VNET_INET(ifp->if_vnet); struct llinfo_arp *la = NULL; struct rtentry *rt = NULL; struct sockaddr_dl *sdl; @@ -613,7 +619,8 @@ in_arpinput(struct mbuf *m) sin.sin_len = sizeof(struct sockaddr_in); sin.sin_family = AF_INET; sin.sin_addr.s_addr = 0; - + INIT_VNET_INET(ifp->if_vnet); + if (ifp->if_bridge) bridged = 1; if (ifp->if_type == IFT_BRIDGE) diff --git a/sys/netinet/igmp.c b/sys/netinet/igmp.c index 54dd41d..10bc50d 100644 --- a/sys/netinet/igmp.c +++ b/sys/netinet/igmp.c @@ -82,8 +82,8 @@ static void igmp_sendpkt(struct in_multi *, int, unsigned long); static struct igmpstat igmpstat; -SYSCTL_STRUCT(_net_inet_igmp, IGMPCTL_STATS, stats, CTLFLAG_RW, &igmpstat, - igmpstat, ""); +SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_igmp, IGMPCTL_STATS, + stats, CTLFLAG_RW, igmpstat, igmpstat, ""); /* * igmp_mtx protects all mutable global variables in igmp.c, as well as the @@ -116,6 +116,7 @@ static struct route igmprt; void igmp_init(void) { + INIT_VNET_INET(curvnet); struct ipoption *ra; /* @@ -145,6 +146,7 @@ igmp_init(void) static struct router_info * find_rti(struct ifnet *ifp) { + INIT_VNET_INET(ifp->if_vnet); struct router_info *rti; mtx_assert(&igmp_mtx, MA_OWNED); @@ -183,6 +185,7 @@ igmp_input(register struct mbuf *m, int off) struct in_multistep step; struct router_info *rti; int timer; /** timer value in the igmp query header **/ + INIT_VNET_INET(ifp->if_vnet); ++V_igmpstat.igps_rcv_total; @@ -410,6 +413,7 @@ igmp_leavegroup(struct in_multi *inm) void igmp_fasttimo(void) { + VNET_ITERATOR_DECL(vnet_iter); register struct in_multi *inm; struct in_multistep step; @@ -423,35 +427,50 @@ igmp_fasttimo(void) IN_MULTI_LOCK(); igmp_timers_are_running = 0; - IN_FIRST_MULTI(step, inm); - while (inm != NULL) { - if (inm->inm_timer == 0) { - /* do nothing */ - } else if (--inm->inm_timer == 0) { - igmp_sendpkt(inm, inm->inm_rti->rti_type, 0); - inm->inm_state = IGMP_IREPORTEDLAST; - } else { - igmp_timers_are_running = 1; + VNET_LIST_RLOCK(); + VNET_FOREACH(vnet_iter) { + CURVNET_SET(vnet_iter); + INIT_VNET_INET(vnet_iter); + IN_FIRST_MULTI(step, inm); + while (inm != NULL) { + if (inm->inm_timer == 0) { + /* do nothing */ + } else if (--inm->inm_timer == 0) { + igmp_sendpkt(inm, inm->inm_rti->rti_type, 0); + inm->inm_state = IGMP_IREPORTEDLAST; + } else { + igmp_timers_are_running = 1; + } + IN_NEXT_MULTI(step, inm); } - IN_NEXT_MULTI(step, inm); + CURVNET_RESTORE(); } + VNET_LIST_RUNLOCK(); IN_MULTI_UNLOCK(); } void igmp_slowtimo(void) { + VNET_ITERATOR_DECL(vnet_iter); struct router_info *rti; IGMP_PRINTF("[igmp.c,_slowtimo] -- > entering \n"); mtx_lock(&igmp_mtx); - SLIST_FOREACH(rti, &V_router_info_head, rti_list) { - if (rti->rti_type == IGMP_V1_ROUTER) { - rti->rti_time++; - if (rti->rti_time >= IGMP_AGE_THRESHOLD) - rti->rti_type = IGMP_V2_ROUTER; + VNET_LIST_RLOCK(); + VNET_FOREACH(vnet_iter) { + CURVNET_SET(vnet_iter); + INIT_VNET_INET(vnet_iter); + SLIST_FOREACH(rti, &V_router_info_head, rti_list) { + if (rti->rti_type == IGMP_V1_ROUTER) { + rti->rti_time++; + if (rti->rti_time >= IGMP_AGE_THRESHOLD) + rti->rti_type = IGMP_V2_ROUTER; + } } + CURVNET_RESTORE(); } + VNET_LIST_RUNLOCK(); mtx_unlock(&igmp_mtx); IGMP_PRINTF("[igmp.c,_slowtimo] -- > exiting \n"); } @@ -459,6 +478,8 @@ igmp_slowtimo(void) static void igmp_sendpkt(struct in_multi *inm, int type, unsigned long addr) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET(curvnet); struct mbuf *m; struct igmp *igmp; struct ip *ip; diff --git a/sys/netinet/in.c b/sys/netinet/in.c index 1952fff..7cdf139 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -67,11 +67,12 @@ static int in_ifinit(struct ifnet *, static void in_purgemaddrs(struct ifnet *); static int subnetsarelocal = 0; -SYSCTL_INT(_net_inet_ip, OID_AUTO, subnets_are_local, CTLFLAG_RW, - &subnetsarelocal, 0, "Treat all subnets as directly connected"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, subnets_are_local, + CTLFLAG_RW, subnetsarelocal, 0, + "Treat all subnets as directly connected"); static int sameprefixcarponly = 0; -SYSCTL_INT(_net_inet_ip, OID_AUTO, same_prefix_carp_only, CTLFLAG_RW, - &sameprefixcarponly, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, same_prefix_carp_only, + CTLFLAG_RW, sameprefixcarponly, 0, "Refuse to create same prefixes on different interfaces"); extern struct inpcbinfo ripcbinfo; @@ -86,6 +87,7 @@ extern struct inpcbinfo udbinfo; int in_localaddr(struct in_addr in) { + INIT_VNET_INET(curvnet); register u_long i = ntohl(in.s_addr); register struct in_ifaddr *ia; @@ -108,6 +110,7 @@ in_localaddr(struct in_addr in) int in_localip(struct in_addr in) { + INIT_VNET_INET(curvnet); struct in_ifaddr *ia; LIST_FOREACH(ia, INADDR_HASH(in.s_addr), ia_hash) { @@ -200,6 +203,7 @@ int in_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp, struct thread *td) { + INIT_VNET_INET(curvnet); /* both so and ifp can be NULL here! */ register struct ifreq *ifr = (struct ifreq *)data; register struct in_ifaddr *ia = 0, *iap; register struct ifaddr *ifa; @@ -708,6 +712,7 @@ static int in_ifinit(struct ifnet *ifp, struct in_ifaddr *ia, struct sockaddr_in *sin, int scrub) { + INIT_VNET_INET(ifp->if_vnet); register u_long i = ntohl(sin->sin_addr.s_addr); struct sockaddr_in oldaddr; int s = splimp(), flags = RTF_UP, error = 0; @@ -810,6 +815,7 @@ in_ifinit(struct ifnet *ifp, struct in_ifaddr *ia, struct sockaddr_in *sin, static int in_addprefix(struct in_ifaddr *target, int flags) { + INIT_VNET_INET(curvnet); struct in_ifaddr *ia; struct in_addr prefix, mask, p, m; int error; @@ -870,6 +876,7 @@ in_addprefix(struct in_ifaddr *target, int flags) static int in_scrubprefix(struct in_ifaddr *target) { + INIT_VNET_INET(curvnet); struct in_ifaddr *ia; struct in_addr prefix, mask, p; int error; @@ -976,6 +983,7 @@ in_broadcast(struct in_addr in, struct ifnet *ifp) static void in_purgemaddrs(struct ifnet *ifp) { + INIT_VNET_INET(ifp->if_vnet); struct in_multi *inm; struct in_multi *oinm; @@ -998,6 +1006,7 @@ in_purgemaddrs(struct ifnet *ifp) void in_ifdetach(struct ifnet *ifp) { + INIT_VNET_INET(ifp->if_vnet); in_pcbpurgeif0(&V_ripcbinfo, ifp); in_pcbpurgeif0(&V_udbinfo, ifp); diff --git a/sys/netinet/in.h b/sys/netinet/in.h index b969bdf..b505a2e 100644 --- a/sys/netinet/in.h +++ b/sys/netinet/in.h @@ -743,4 +743,8 @@ void in_ifdetach(struct ifnet *); #undef __KAME_NETINET_IN_H_INCLUDED_ #endif +#ifdef _KERNEL +#include <netinet/vinet.h> +#endif + #endif /* !_NETINET_IN_H_*/ diff --git a/sys/netinet/in_gif.c b/sys/netinet/in_gif.c index cbbde54..6165421 100644 --- a/sys/netinet/in_gif.c +++ b/sys/netinet/in_gif.c @@ -45,7 +45,6 @@ __FBSDID("$FreeBSD$"); #include <sys/kernel.h> #include <sys/sysctl.h> #include <sys/protosw.h> - #include <sys/malloc.h> #include <sys/vimage.h> @@ -87,12 +86,13 @@ struct protosw in_gif_protosw = { }; static int ip_gif_ttl = GIF_TTL; -SYSCTL_INT(_net_inet_ip, IPCTL_GIF_TTL, gifttl, CTLFLAG_RW, - &ip_gif_ttl, 0, ""); +SYSCTL_V_INT(V_NET, vnet_gif, _net_inet_ip, IPCTL_GIF_TTL, gifttl, + CTLFLAG_RW, ip_gif_ttl, 0, ""); int in_gif_output(struct ifnet *ifp, int family, struct mbuf *m) { + INIT_VNET_GIF(ifp->if_vnet); struct gif_softc *sc = ifp->if_softc; struct sockaddr_in *dst = (struct sockaddr_in *)&sc->gif_ro.ro_dst; struct sockaddr_in *sin_src = (struct sockaddr_in *)sc->gif_psrc; @@ -242,6 +242,7 @@ in_gif_output(struct ifnet *ifp, int family, struct mbuf *m) void in_gif_input(struct mbuf *m, int off) { + INIT_VNET_INET(curvnet); struct ifnet *gifp = NULL; struct gif_softc *sc; struct ip *ip; @@ -336,6 +337,7 @@ in_gif_input(struct mbuf *m, int off) static int gif_validate4(const struct ip *ip, struct gif_softc *sc, struct ifnet *ifp) { + INIT_VNET_INET(curvnet); struct sockaddr_in *src, *dst; struct in_ifaddr *ia4; diff --git a/sys/netinet/in_mcast.c b/sys/netinet/in_mcast.c index 0aa19a3..df841cb 100644 --- a/sys/netinet/in_mcast.c +++ b/sys/netinet/in_mcast.c @@ -311,6 +311,7 @@ imo_match_source(struct ip_moptions *imo, size_t gidx, struct sockaddr *src) struct in_multi * in_addmulti(struct in_addr *ap, struct ifnet *ifp) { + INIT_VNET_INET(ifp->if_vnet); struct in_multi *inm; inm = NULL; @@ -463,6 +464,8 @@ in_delmulti_locked(struct in_multi *inm) static int inp_change_source_filter(struct inpcb *inp, struct sockopt *sopt) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET(curvnet); struct group_source_req gsr; sockunion_t *gsa, *ssa; struct ifnet *ifp; @@ -752,6 +755,7 @@ inp_freemoptions(struct ip_moptions *imo) static int inp_get_source_filters(struct inpcb *inp, struct sockopt *sopt) { + INIT_VNET_NET(curvnet); struct __msfilterreq msfr; sockunion_t *gsa; struct ifnet *ifp; @@ -849,6 +853,7 @@ inp_get_source_filters(struct inpcb *inp, struct sockopt *sopt) int inp_getmoptions(struct inpcb *inp, struct sockopt *sopt) { + INIT_VNET_INET(curvnet); struct ip_mreqn mreqn; struct ip_moptions *imo; struct ifnet *ifp; @@ -955,6 +960,8 @@ inp_getmoptions(struct inpcb *inp, struct sockopt *sopt) static int inp_join_group(struct inpcb *inp, struct sockopt *sopt) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET(curvnet); struct group_source_req gsr; sockunion_t *gsa, *ssa; struct ifnet *ifp; @@ -1211,6 +1218,8 @@ out_locked: static int inp_leave_group(struct inpcb *inp, struct sockopt *sopt) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET(curvnet); struct group_source_req gsr; struct ip_mreq_source mreqs; sockunion_t *gsa, *ssa; @@ -1399,6 +1408,7 @@ out_locked: static int inp_set_multicast_if(struct inpcb *inp, struct sockopt *sopt) { + INIT_VNET_NET(curvnet); struct in_addr addr; struct ip_mreqn mreqn; struct ifnet *ifp; @@ -1467,6 +1477,7 @@ inp_set_multicast_if(struct inpcb *inp, struct sockopt *sopt) static int inp_set_source_filters(struct inpcb *inp, struct sockopt *sopt) { + INIT_VNET_NET(curvnet); struct __msfilterreq msfr; sockunion_t *gsa; struct ifnet *ifp; diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 8de45f7..f41296c 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -136,30 +136,37 @@ sysctl_net_ipport_check(SYSCTL_HANDLER_ARGS) SYSCTL_NODE(_net_inet_ip, IPPROTO_IP, portrange, CTLFLAG_RW, 0, "IP Ports"); -SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, lowfirst, CTLTYPE_INT|CTLFLAG_RW, - &ipport_lowfirstauto, 0, &sysctl_net_ipport_check, "I", ""); -SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, lowlast, CTLTYPE_INT|CTLFLAG_RW, - &ipport_lowlastauto, 0, &sysctl_net_ipport_check, "I", ""); -SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, first, CTLTYPE_INT|CTLFLAG_RW, - &ipport_firstauto, 0, &sysctl_net_ipport_check, "I", ""); -SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, last, CTLTYPE_INT|CTLFLAG_RW, - &ipport_lastauto, 0, &sysctl_net_ipport_check, "I", ""); -SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, hifirst, CTLTYPE_INT|CTLFLAG_RW, - &ipport_hifirstauto, 0, &sysctl_net_ipport_check, "I", ""); -SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, hilast, CTLTYPE_INT|CTLFLAG_RW, - &ipport_hilastauto, 0, &sysctl_net_ipport_check, "I", ""); -SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, reservedhigh, - CTLFLAG_RW|CTLFLAG_SECURE, &ipport_reservedhigh, 0, ""); -SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, reservedlow, - CTLFLAG_RW|CTLFLAG_SECURE, &ipport_reservedlow, 0, ""); -SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, randomized, CTLFLAG_RW, - &ipport_randomized, 0, "Enable random port allocation"); -SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, randomcps, CTLFLAG_RW, - &ipport_randomcps, 0, "Maximum number of random port " - "allocations before switching to a sequental one"); -SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, randomtime, CTLFLAG_RW, - &ipport_randomtime, 0, "Minimum time to keep sequental port " - "allocation before switching to a random one"); +SYSCTL_V_PROC(V_NET, vnet_inet, _net_inet_ip_portrange, OID_AUTO, + lowfirst, CTLTYPE_INT|CTLFLAG_RW, ipport_lowfirstauto, 0, + &sysctl_net_ipport_check, "I", ""); +SYSCTL_V_PROC(V_NET, vnet_inet, _net_inet_ip_portrange, OID_AUTO, + lowlast, CTLTYPE_INT|CTLFLAG_RW, ipport_lowlastauto, 0, + &sysctl_net_ipport_check, "I", ""); +SYSCTL_V_PROC(V_NET, vnet_inet, _net_inet_ip_portrange, OID_AUTO, + first, CTLTYPE_INT|CTLFLAG_RW, ipport_firstauto, 0, + &sysctl_net_ipport_check, "I", ""); +SYSCTL_V_PROC(V_NET, vnet_inet, _net_inet_ip_portrange, OID_AUTO, + last, CTLTYPE_INT|CTLFLAG_RW, ipport_lastauto, 0, + &sysctl_net_ipport_check, "I", ""); +SYSCTL_V_PROC(V_NET, vnet_inet, _net_inet_ip_portrange, OID_AUTO, + hifirst, CTLTYPE_INT|CTLFLAG_RW, ipport_hifirstauto, 0, + &sysctl_net_ipport_check, "I", ""); +SYSCTL_V_PROC(V_NET, vnet_inet, _net_inet_ip_portrange, OID_AUTO, + hilast, CTLTYPE_INT|CTLFLAG_RW, ipport_hilastauto, 0, + &sysctl_net_ipport_check, "I", ""); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip_portrange, OID_AUTO, + reservedhigh, CTLFLAG_RW|CTLFLAG_SECURE, ipport_reservedhigh, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip_portrange, OID_AUTO, reservedlow, + CTLFLAG_RW|CTLFLAG_SECURE, ipport_reservedlow, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip_portrange, OID_AUTO, randomized, + CTLFLAG_RW, ipport_randomized, 0, "Enable random port allocation"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip_portrange, OID_AUTO, randomcps, + CTLFLAG_RW, ipport_randomcps, 0, "Maximum number of random port " + "allocations before switching to a sequental one"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip_portrange, OID_AUTO, randomtime, + CTLFLAG_RW, ipport_randomtime, 0, + "Minimum time to keep sequental port " + "allocation before switching to a random one"); /* * in_pcb.c: manage the Protocol Control Blocks. @@ -176,6 +183,9 @@ SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, randomtime, CTLFLAG_RW, int in_pcballoc(struct socket *so, struct inpcbinfo *pcbinfo) { +#ifdef INET6 + INIT_VNET_INET6(curvnet); +#endif struct inpcb *inp; int error; @@ -270,6 +280,7 @@ int in_pcbbind_setup(struct inpcb *inp, struct sockaddr *nam, in_addr_t *laddrp, u_short *lportp, struct ucred *cred) { + INIT_VNET_INET(inp->inp_vnet); struct socket *so = inp->inp_socket; unsigned short *lastport; struct sockaddr_in *sin; @@ -543,6 +554,7 @@ in_pcbconnect_setup(struct inpcb *inp, struct sockaddr *nam, in_addr_t *laddrp, u_short *lportp, in_addr_t *faddrp, u_short *fportp, struct inpcb **oinpp, struct ucred *cred) { + INIT_VNET_INET(inp->inp_vnet); struct sockaddr_in *sin = (struct sockaddr_in *)nam; struct in_ifaddr *ia; struct sockaddr_in sa; @@ -1223,13 +1235,22 @@ in_pcbsosetlabel(struct socket *so) void ipport_tick(void *xtp) { - - if (V_ipport_tcpallocs <= V_ipport_tcplastcount + V_ipport_randomcps) { - if (V_ipport_stoprandom > 0) - V_ipport_stoprandom--; - } else - V_ipport_stoprandom = V_ipport_randomtime; - V_ipport_tcplastcount = V_ipport_tcpallocs; + VNET_ITERATOR_DECL(vnet_iter); + + VNET_LIST_RLOCK(); + VNET_FOREACH(vnet_iter) { + CURVNET_SET(vnet_iter); /* XXX appease INVARIANTS here */ + INIT_VNET_INET(vnet_iter); + if (V_ipport_tcpallocs <= + V_ipport_tcplastcount + V_ipport_randomcps) { + if (V_ipport_stoprandom > 0) + V_ipport_stoprandom--; + } else + V_ipport_stoprandom = V_ipport_randomtime; + V_ipport_tcplastcount = V_ipport_tcpallocs; + CURVNET_RESTORE(); + } + VNET_LIST_RUNLOCK(); callout_reset(&ipport_tick_callout, hz, ipport_tick, NULL); } @@ -1280,6 +1301,7 @@ inp_unlock_assert(struct inpcb *inp) void inp_apply_all(void (*func)(struct inpcb *, void *), void *arg) { + INIT_VNET_INET(curvnet); struct inpcb *inp; INP_INFO_RLOCK(&V_tcbinfo); diff --git a/sys/netinet/in_rmx.c b/sys/netinet/in_rmx.c index e79337b..66b8bb3 100644 --- a/sys/netinet/in_rmx.c +++ b/sys/netinet/in_rmx.c @@ -152,17 +152,19 @@ in_matroute(void *v_arg, struct radix_node_head *head) } static int rtq_reallyold = 60*60; /* one hour is "really old" */ -SYSCTL_INT(_net_inet_ip, IPCTL_RTEXPIRE, rtexpire, CTLFLAG_RW, - &rtq_reallyold, 0, "Default expiration time on dynamically learned routes"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_RTEXPIRE, rtexpire, + CTLFLAG_RW, rtq_reallyold, 0, + "Default expiration time on dynamically learned routes"); static int rtq_minreallyold = 10; /* never automatically crank down to less */ -SYSCTL_INT(_net_inet_ip, IPCTL_RTMINEXPIRE, rtminexpire, CTLFLAG_RW, - &rtq_minreallyold, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_RTMINEXPIRE, + rtminexpire, CTLFLAG_RW, rtq_minreallyold, 0, "Minimum time to attempt to hold onto dynamically learned routes"); static int rtq_toomany = 128; /* 128 cached routes is "too many" */ -SYSCTL_INT(_net_inet_ip, IPCTL_RTMAXCACHE, rtmaxcache, CTLFLAG_RW, - &rtq_toomany, 0, "Upper limit on dynamically learned routes"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_RTMAXCACHE, + rtmaxcache, CTLFLAG_RW, rtq_toomany, 0, + "Upper limit on dynamically learned routes"); /* * On last reference drop, mark the route as belong to us so that it can be @@ -171,6 +173,7 @@ SYSCTL_INT(_net_inet_ip, IPCTL_RTMAXCACHE, rtmaxcache, CTLFLAG_RW, static void in_clsroute(struct radix_node *rn, struct radix_node_head *head) { + INIT_VNET_INET(curvnet); struct rtentry *rt = (struct rtentry *)rn; RT_LOCK_ASSERT(rt); @@ -216,6 +219,7 @@ struct rtqk_arg { static int in_rtqkill(struct radix_node *rn, void *rock) { + INIT_VNET_INET(curvnet); struct rtqk_arg *ap = rock; struct rtentry *rt = (struct rtentry *)rn; int err; @@ -323,21 +327,29 @@ in_rtqtimo_one(void *rock) void in_rtqdrain(void) { + VNET_ITERATOR_DECL(vnet_iter); struct radix_node_head *rnh; struct rtqk_arg arg; int fibnum; - for ( fibnum = 0; fibnum < rt_numfibs; fibnum++) { - rnh = V_rt_tables[fibnum][AF_INET]; - arg.found = arg.killed = 0; - arg.rnh = rnh; - arg.nextstop = 0; - arg.draining = 1; - arg.updating = 0; - RADIX_NODE_HEAD_LOCK(rnh); - rnh->rnh_walktree(rnh, in_rtqkill, &arg); - RADIX_NODE_HEAD_UNLOCK(rnh); + VNET_LIST_RLOCK(); + VNET_FOREACH(vnet_iter) { + CURVNET_SET(vnet_iter); + INIT_VNET_NET(vnet_iter); + for ( fibnum = 0; fibnum < rt_numfibs; fibnum++) { + rnh = V_rt_tables[fibnum][AF_INET]; + arg.found = arg.killed = 0; + arg.rnh = rnh; + arg.nextstop = 0; + arg.draining = 1; + arg.updating = 0; + RADIX_NODE_HEAD_LOCK(rnh); + rnh->rnh_walktree(rnh, in_rtqkill, &arg); + RADIX_NODE_HEAD_UNLOCK(rnh); + } + CURVNET_RESTORE(); } + VNET_LIST_RUNLOCK(); } static int _in_rt_was_here; @@ -347,6 +359,7 @@ static int _in_rt_was_here; int in_inithead(void **head, int off) { + INIT_VNET_INET(curvnet); struct radix_node_head *rnh; /* XXX MRT @@ -416,6 +429,7 @@ in_ifadownkill(struct radix_node *rn, void *xap) int in_ifadown(struct ifaddr *ifa, int delete) { + INIT_VNET_NET(curvnet); struct in_ifadown_arg arg; struct radix_node_head *rnh; int fibnum; diff --git a/sys/netinet/ip6.h b/sys/netinet/ip6.h index 09692d9..a7df9c8 100644 --- a/sys/netinet/ip6.h +++ b/sys/netinet/ip6.h @@ -346,6 +346,9 @@ do { \ } \ } \ } while (/*CONSTCOND*/ 0) + +#include <netinet6/vinet6.h> + #endif /*_KERNEL*/ #endif /* not _NETINET_IP6_H_ */ diff --git a/sys/netinet/ip_carp.c b/sys/netinet/ip_carp.c index 1a07a97..25b629d 100644 --- a/sys/netinet/ip_carp.c +++ b/sys/netinet/ip_carp.c @@ -914,6 +914,7 @@ carp_send_ad_locked(struct carp_softc *sc) ch.carp_cksum = 0; #ifdef INET + INIT_VNET_INET(curvnet); if (sc->sc_ia) { struct ip *ip; @@ -1452,6 +1453,7 @@ carp_multicast6_cleanup(struct carp_softc *sc) static int carp_set_addr(struct carp_softc *sc, struct sockaddr_in *sin) { + INIT_VNET_INET(curvnet); struct ifnet *ifp; struct carp_if *cif; struct in_ifaddr *ia, *ia_if; @@ -1617,6 +1619,7 @@ carp_del_addr(struct carp_softc *sc, struct sockaddr_in *sin) static int carp_set_addr6(struct carp_softc *sc, struct sockaddr_in6 *sin6) { + INIT_VNET_INET6(curvnet); struct ifnet *ifp; struct carp_if *cif; struct in6_ifaddr *ia, *ia_if; diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c index 1bba15a..aea0d61 100644 --- a/sys/netinet/ip_divert.c +++ b/sys/netinet/ip_divert.c @@ -148,6 +148,7 @@ div_inpcb_fini(void *mem, int size) void div_init(void) { + INIT_VNET_INET(curvnet); INP_INFO_LOCK_INIT(&V_divcbinfo, "div"); LIST_INIT(&V_divcb); @@ -175,6 +176,8 @@ div_init(void) void div_input(struct mbuf *m, int off) { + INIT_VNET_INET(curvnet); + V_ipstat.ips_noproto++; m_freem(m); } @@ -188,6 +191,7 @@ div_input(struct mbuf *m, int off) static void divert_packet(struct mbuf *m, int incoming) { + INIT_VNET_INET(curvnet); struct ip *ip; struct inpcb *inp; struct socket *sa; @@ -304,6 +308,7 @@ static int div_output(struct socket *so, struct mbuf *m, struct sockaddr_in *sin, struct mbuf *control) { + INIT_VNET_INET(curvnet); struct m_tag *mtag; struct divert_tag *dt; int error = 0; @@ -456,6 +461,7 @@ cantsend: static int div_attach(struct socket *so, int proto, struct thread *td) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; int error; @@ -487,6 +493,7 @@ div_attach(struct socket *so, int proto, struct thread *td) static void div_detach(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); @@ -501,6 +508,7 @@ div_detach(struct socket *so) static int div_bind(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; int error; @@ -541,6 +549,8 @@ static int div_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam, struct mbuf *control, struct thread *td) { + INIT_VNET_INET(so->so_vnet); + /* Packet must have a header (but that's about it) */ if (m->m_len < sizeof (struct ip) && (m = m_pullup(m, sizeof (struct ip))) == 0) { diff --git a/sys/netinet/ip_fastfwd.c b/sys/netinet/ip_fastfwd.c index b38dfc0..4cdfd6b 100644 --- a/sys/netinet/ip_fastfwd.c +++ b/sys/netinet/ip_fastfwd.c @@ -107,12 +107,13 @@ __FBSDID("$FreeBSD$"); #include <machine/in_cksum.h> static int ipfastforward_active = 0; -SYSCTL_INT(_net_inet_ip, OID_AUTO, fastforwarding, CTLFLAG_RW, - &ipfastforward_active, 0, "Enable fast IP forwarding"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, fastforwarding, + CTLFLAG_RW, ipfastforward_active, 0, "Enable fast IP forwarding"); static struct sockaddr_in * ip_findroute(struct route *ro, struct in_addr dest, struct mbuf *m) { + INIT_VNET_INET(curvnet); struct sockaddr_in *dst; struct rtentry *rt; @@ -156,6 +157,7 @@ ip_findroute(struct route *ro, struct in_addr dest, struct mbuf *m) struct mbuf * ip_fastforward(struct mbuf *m) { + INIT_VNET_INET(curvnet); struct ip *ip; struct mbuf *m0 = NULL; struct route ro; diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h index 666e536..a274f94 100644 --- a/sys/netinet/ip_fw.h +++ b/sys/netinet/ip_fw.h @@ -630,14 +630,20 @@ int ipfw_chk(struct ip_fw_args *); int ipfw_init(void); void ipfw_destroy(void); +#ifdef NOTYET +void ipfw_nat_destroy(void); +#endif typedef int ip_fw_ctl_t(struct sockopt *); extern ip_fw_ctl_t *ip_fw_ctl_ptr; + +#ifndef VIMAGE extern int fw_one_pass; extern int fw_enable; #ifdef INET6 extern int fw6_enable; #endif +#endif /* For kernel ipfw_ether and ipfw_bridge. */ typedef int ip_fw_chk_t(struct ip_fw_args *args); @@ -675,5 +681,80 @@ typedef int ipfw_nat_t(struct ip_fw_args *, struct cfg_nat *, struct mbuf *); typedef int ipfw_nat_cfg_t(struct sockopt *); #endif +/* + * Stack virtualization support. + */ +#ifdef VIMAGE +struct vnet_ipfw { + int _fw_one_pass; + int _fw_enable; + int _fw6_enable; + u_int32_t _set_disable; + int _fw_deny_unknown_exthdrs; + int _fw_verbose; + int _verbose_limit; + int _fw_debug; + int _autoinc_step; + ipfw_dyn_rule **_ipfw_dyn_v; + struct ip_fw_chain _layer3_chain; + u_int32_t _dyn_buckets; + u_int32_t _curr_dyn_buckets; + u_int32_t _dyn_ack_lifetime; + u_int32_t _dyn_syn_lifetime; + u_int32_t _dyn_fin_lifetime; + u_int32_t _dyn_rst_lifetime; + u_int32_t _dyn_udp_lifetime; + u_int32_t _dyn_short_lifetime; + u_int32_t _dyn_keepalive_interval; + u_int32_t _dyn_keepalive_period; + u_int32_t _dyn_keepalive; + u_int32_t _static_count; + u_int32_t _static_len; + u_int32_t _dyn_count; + u_int32_t _dyn_max; + u_int64_t _norule_counter; + struct callout _ipfw_timeout; + eventhandler_tag _ifaddr_event_tag; +}; +#endif + +/* + * Symbol translation macros + */ +#define INIT_VNET_IPFW(vnet) \ + INIT_FROM_VNET(vnet, VNET_MOD_IPFW, struct vnet_ipfw, vnet_ipfw) + +#define VNET_IPFW(sym) VSYM(vnet_ipfw, sym) + +#define V_fw_one_pass VNET_IPFW(fw_one_pass) +#define V_fw_enable VNET_IPFW(fw_enable) +#define V_fw6_enable VNET_IPFW(fw6_enable) +#define V_set_disable VNET_IPFW(set_disable) +#define V_fw_deny_unknown_exthdrs VNET_IPFW(fw_deny_unknown_exthdrs) +#define V_fw_verbose VNET_IPFW(fw_verbose) +#define V_verbose_limit VNET_IPFW(verbose_limit) +#define V_fw_debug VNET_IPFW(fw_debug) +#define V_autoinc_step VNET_IPFW(autoinc_step) +#define V_ipfw_dyn_v VNET_IPFW(ipfw_dyn_v) +#define V_layer3_chain VNET_IPFW(layer3_chain) +#define V_dyn_buckets VNET_IPFW(dyn_buckets) +#define V_curr_dyn_buckets VNET_IPFW(curr_dyn_buckets) +#define V_dyn_ack_lifetime VNET_IPFW(dyn_ack_lifetime) +#define V_dyn_syn_lifetime VNET_IPFW(dyn_syn_lifetime) +#define V_dyn_fin_lifetime VNET_IPFW(dyn_fin_lifetime) +#define V_dyn_rst_lifetime VNET_IPFW(dyn_rst_lifetime) +#define V_dyn_udp_lifetime VNET_IPFW(dyn_udp_lifetime) +#define V_dyn_short_lifetime VNET_IPFW(dyn_short_lifetime) +#define V_dyn_keepalive_interval VNET_IPFW(dyn_keepalive_interval) +#define V_dyn_keepalive_period VNET_IPFW(dyn_keepalive_period) +#define V_dyn_keepalive VNET_IPFW(dyn_keepalive) +#define V_static_count VNET_IPFW(static_count) +#define V_static_len VNET_IPFW(static_len) +#define V_dyn_count VNET_IPFW(dyn_count) +#define V_dyn_max VNET_IPFW(dyn_max) +#define V_norule_counter VNET_IPFW(norule_counter) +#define V_ipfw_timeout VNET_IPFW(ipfw_timeout) +#define V_ifaddr_event_tag VNET_IPFW(ifaddr_event_tag) + #endif /* _KERNEL */ #endif /* _IPFW2_H */ diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c index 00ab781..861f9e9 100644 --- a/sys/netinet/ip_fw2.c +++ b/sys/netinet/ip_fw2.c @@ -163,20 +163,19 @@ extern int ipfw_chg_hook(SYSCTL_HANDLER_ARGS); #ifdef SYSCTL_NODE SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall"); -SYSCTL_PROC(_net_inet_ip_fw, OID_AUTO, enable, - CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3, &fw_enable, 0, +SYSCTL_V_PROC(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, enable, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3, fw_enable, 0, ipfw_chg_hook, "I", "Enable ipfw"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, autoinc_step, CTLFLAG_RW, - &autoinc_step, 0, "Rule number autincrement step"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, one_pass, - CTLFLAG_RW | CTLFLAG_SECURE3, - &fw_one_pass, 0, +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, autoinc_step, + CTLFLAG_RW, autoinc_step, 0, "Rule number autincrement step"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, one_pass, + CTLFLAG_RW | CTLFLAG_SECURE3, fw_one_pass, 0, "Only do a single pass through ipfw when using dummynet(4)"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, debug, CTLFLAG_RW, - &fw_debug, 0, "Enable printing of debug ip_fw statements"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose, +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, debug, CTLFLAG_RW, + fw_debug, 0, "Enable printing of debug ip_fw statements"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, verbose, CTLFLAG_RW | CTLFLAG_SECURE3, - &fw_verbose, 0, "Log matches to ipfw rules"); + fw_verbose, 0, "Log matches to ipfw rules"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose_limit, CTLFLAG_RW, &verbose_limit, 0, "Set upper limit of matches of ipfw rules logged"); SYSCTL_UINT(_net_inet_ip_fw, OID_AUTO, default_rule, CTLFLAG_RD, @@ -259,30 +258,32 @@ static u_int32_t static_len; /* size in bytes of static rules */ static u_int32_t dyn_count; /* # of dynamic rules */ static u_int32_t dyn_max = 4096; /* max # of dynamic rules */ -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_buckets, CTLFLAG_RW, - &dyn_buckets, 0, "Number of dyn. buckets"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, curr_dyn_buckets, CTLFLAG_RD, - &curr_dyn_buckets, 0, "Current Number of dyn. buckets"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_count, CTLFLAG_RD, - &dyn_count, 0, "Number of dyn. rules"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_max, CTLFLAG_RW, - &dyn_max, 0, "Max number of dyn. rules"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, static_count, CTLFLAG_RD, - &static_count, 0, "Number of static rules"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_ack_lifetime, CTLFLAG_RW, - &dyn_ack_lifetime, 0, "Lifetime of dyn. rules for acks"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_syn_lifetime, CTLFLAG_RW, - &dyn_syn_lifetime, 0, "Lifetime of dyn. rules for syn"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_fin_lifetime, CTLFLAG_RW, - &dyn_fin_lifetime, 0, "Lifetime of dyn. rules for fin"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_rst_lifetime, CTLFLAG_RW, - &dyn_rst_lifetime, 0, "Lifetime of dyn. rules for rst"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_udp_lifetime, CTLFLAG_RW, - &dyn_udp_lifetime, 0, "Lifetime of dyn. rules for UDP"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_short_lifetime, CTLFLAG_RW, - &dyn_short_lifetime, 0, "Lifetime of dyn. rules for other situations"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_keepalive, CTLFLAG_RW, - &dyn_keepalive, 0, "Enable keepalives for dyn. rules"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, dyn_buckets, + CTLFLAG_RW, dyn_buckets, 0, "Number of dyn. buckets"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, curr_dyn_buckets, + CTLFLAG_RD, curr_dyn_buckets, 0, "Current Number of dyn. buckets"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, dyn_count, + CTLFLAG_RD, dyn_count, 0, "Number of dyn. rules"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, dyn_max, + CTLFLAG_RW, dyn_max, 0, "Max number of dyn. rules"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, static_count, + CTLFLAG_RD, static_count, 0, "Number of static rules"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, dyn_ack_lifetime, + CTLFLAG_RW, dyn_ack_lifetime, 0, "Lifetime of dyn. rules for acks"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, dyn_syn_lifetime, + CTLFLAG_RW, dyn_syn_lifetime, 0, "Lifetime of dyn. rules for syn"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, dyn_fin_lifetime, + CTLFLAG_RW, dyn_fin_lifetime, 0, "Lifetime of dyn. rules for fin"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, dyn_rst_lifetime, + CTLFLAG_RW, dyn_rst_lifetime, 0, "Lifetime of dyn. rules for rst"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, dyn_udp_lifetime, + CTLFLAG_RW, dyn_udp_lifetime, 0, "Lifetime of dyn. rules for UDP"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, dyn_short_lifetime, + CTLFLAG_RW, dyn_short_lifetime, 0, + "Lifetime of dyn. rules for other situations"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, dyn_keepalive, + CTLFLAG_RW, dyn_keepalive, 0, "Enable keepalives for dyn. rules"); + #ifdef INET6 /* @@ -566,6 +567,7 @@ flow6id_match( int curr_flow, ipfw_insn_u32 *cmd ) static int search_ip6_addr_net (struct in6_addr * ip6_addr) { + INIT_VNET_NET(curvnet); struct ifnet *mdc; struct ifaddr *mdc2; struct in6_ifaddr *fdm; @@ -757,6 +759,7 @@ ipfw_log(struct ip_fw *f, u_int hlen, struct ip_fw_args *args, struct mbuf *m, struct ifnet *oif, u_short offset, uint32_t tablearg, struct ip *ip) { + INIT_VNET_IPFW(curvnet); struct ether_header *eh = args->eh; char *action; int limit_reached = 0; @@ -1027,6 +1030,7 @@ ipfw_log(struct ip_fw *f, u_int hlen, struct ip_fw_args *args, static __inline int hash_packet(struct ipfw_flow_id *id) { + INIT_VNET_IPFW(curvnet); u_int32_t i; #ifdef INET6 @@ -1078,6 +1082,7 @@ hash_packet(struct ipfw_flow_id *id) static void remove_dyn_rule(struct ip_fw *rule, ipfw_dyn_rule *keep_me) { + INIT_VNET_IPFW(curvnet); static u_int32_t last_remove = 0; #define FORCE (keep_me == NULL) @@ -1148,6 +1153,7 @@ static ipfw_dyn_rule * lookup_dyn_rule_locked(struct ipfw_flow_id *pkt, int *match_direction, struct tcphdr *tcp) { + INIT_VNET_IPFW(curvnet); /* * stateful ipfw extensions. * Lookup into dynamic session queue @@ -1304,6 +1310,7 @@ lookup_dyn_rule(struct ipfw_flow_id *pkt, int *match_direction, static void realloc_dynamic_table(void) { + INIT_VNET_IPFW(curvnet); IPFW_DYN_LOCK_ASSERT(); /* @@ -1343,6 +1350,7 @@ realloc_dynamic_table(void) static ipfw_dyn_rule * add_dyn_rule(struct ipfw_flow_id *id, u_int8_t dyn_type, struct ip_fw *rule) { + INIT_VNET_IPFW(curvnet); ipfw_dyn_rule *r; int i; @@ -1398,6 +1406,7 @@ add_dyn_rule(struct ipfw_flow_id *id, u_int8_t dyn_type, struct ip_fw *rule) static ipfw_dyn_rule * lookup_dyn_parent(struct ipfw_flow_id *pkt, struct ip_fw *rule) { + INIT_VNET_IPFW(curvnet); ipfw_dyn_rule *q; int i; @@ -1441,6 +1450,7 @@ static int install_state(struct ip_fw *rule, ipfw_insn_limit *cmd, struct ip_fw_args *args, uint32_t tablearg) { + INIT_VNET_IPFW(curvnet); static int last_log; ipfw_dyn_rule *q; struct in_addr da; @@ -1602,6 +1612,7 @@ static struct mbuf * send_pkt(struct mbuf *replyto, struct ipfw_flow_id *id, u_int32_t seq, u_int32_t ack, int flags) { + INIT_VNET_INET(curvnet); struct mbuf *m; struct ip *ip; struct tcphdr *tcp; @@ -1778,6 +1789,7 @@ static int add_table_entry(struct ip_fw_chain *ch, uint16_t tbl, in_addr_t addr, uint8_t mlen, uint32_t value) { + INIT_VNET_IPFW(curvnet); struct radix_node_head *rnh; struct table_entry *ent; @@ -1982,6 +1994,7 @@ check_uidgid(ipfw_insn_u32 *insn, int proto, struct ifnet *oif, u_int16_t src_port, struct ip_fw_ugid *ugp, int *ugid_lookupp, struct inpcb *inp) { + INIT_VNET_INET(curvnet); struct inpcbinfo *pi; int wildcard; struct inpcb *pcb; @@ -2099,6 +2112,9 @@ check_uidgid(ipfw_insn_u32 *insn, int proto, struct ifnet *oif, int ipfw_chk(struct ip_fw_args *args) { + INIT_VNET_INET(curvnet); + INIT_VNET_IPFW(curvnet); + /* * Local variables holding state during the processing of a packet: * @@ -3408,6 +3424,7 @@ flush_rule_ptrs(struct ip_fw_chain *chain) static int add_rule(struct ip_fw_chain *chain, struct ip_fw *input_rule) { + INIT_VNET_IPFW(curvnet); struct ip_fw *rule, *f, *prev; int l = RULESIZE(input_rule); @@ -3493,6 +3510,7 @@ static struct ip_fw * remove_rule(struct ip_fw_chain *chain, struct ip_fw *rule, struct ip_fw *prev) { + INIT_VNET_IPFW(curvnet); struct ip_fw *n; int l = RULESIZE(rule); @@ -3707,6 +3725,7 @@ clear_counters(struct ip_fw *rule, int log_only) static int zero_entry(struct ip_fw_chain *chain, u_int32_t arg, int log_only) { + INIT_VNET_IPFW(curvnet); struct ip_fw *rule; char *msg; @@ -4074,6 +4093,7 @@ bad_size: static size_t ipfw_getrules(struct ip_fw_chain *chain, void *buf, size_t space) { + INIT_VNET_IPFW(curvnet); char *bp = buf; char *ep = bp + space; struct ip_fw *rule; @@ -4156,6 +4176,7 @@ static int ipfw_ctl(struct sockopt *sopt) { #define RULE_MAXSIZE (256*sizeof(u_int32_t)) + INIT_VNET_IPFW(curvnet); int error; size_t size; struct ip_fw *buf, *rule; @@ -4495,6 +4516,7 @@ done: int ipfw_init(void) { + INIT_VNET_IPFW(curvnet); struct ip_fw default_rule; int error; diff --git a/sys/netinet/ip_fw_nat.c b/sys/netinet/ip_fw_nat.c index 688a181..732b6ae 100644 --- a/sys/netinet/ip_fw_nat.c +++ b/sys/netinet/ip_fw_nat.c @@ -82,6 +82,7 @@ extern ipfw_nat_cfg_t *ipfw_nat_get_log_ptr; static void ifaddr_change(void *arg __unused, struct ifnet *ifp) { + INIT_VNET_IPFW(curvnet); struct cfg_nat *ptr; struct ifaddr *ifa; @@ -109,6 +110,7 @@ ifaddr_change(void *arg __unused, struct ifnet *ifp) static void flush_nat_ptrs(const int i) { + INIT_VNET_IPFW(curvnet); struct ip_fw *rule; IPFW_WLOCK_ASSERT(&V_layer3_chain); @@ -404,6 +406,7 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m) static int ipfw_nat_cfg(struct sockopt *sopt) { + INIT_VNET_IPFW(curvnet); struct cfg_nat *ptr, *ser_n; char *buf; @@ -474,6 +477,7 @@ ipfw_nat_cfg(struct sockopt *sopt) static int ipfw_nat_del(struct sockopt *sopt) { + INIT_VNET_IPFW(curvnet); struct cfg_nat *ptr; int i; @@ -496,6 +500,7 @@ ipfw_nat_del(struct sockopt *sopt) static int ipfw_nat_get_cfg(struct sockopt *sopt) { + INIT_VNET_IPFW(curvnet); uint8_t *data; struct cfg_nat *n; struct cfg_redir *r; @@ -550,6 +555,7 @@ nospace: static int ipfw_nat_get_log(struct sockopt *sopt) { + INIT_VNET_IPFW(curvnet); uint8_t *data; struct cfg_nat *ptr; int i, size, cnt, sof; @@ -584,6 +590,7 @@ ipfw_nat_get_log(struct sockopt *sopt) static void ipfw_nat_init(void) { + INIT_VNET_IPFW(curvnet); IPFW_WLOCK(&V_layer3_chain); /* init ipfw hooks */ @@ -600,6 +607,7 @@ ipfw_nat_init(void) static void ipfw_nat_destroy(void) { + INIT_VNET_IPFW(curvnet); struct ip_fw *rule; struct cfg_nat *ptr, *ptr_temp; diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index bd8ac70..2487533 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -78,45 +78,48 @@ __FBSDID("$FreeBSD$"); */ struct icmpstat icmpstat; -SYSCTL_STRUCT(_net_inet_icmp, ICMPCTL_STATS, stats, CTLFLAG_RW, - &icmpstat, icmpstat, ""); +SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_icmp, ICMPCTL_STATS, stats, + CTLFLAG_RW, icmpstat, icmpstat, ""); static int icmpmaskrepl = 0; -SYSCTL_INT(_net_inet_icmp, ICMPCTL_MASKREPL, maskrepl, CTLFLAG_RW, - &icmpmaskrepl, 0, "Reply to ICMP Address Mask Request packets."); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, ICMPCTL_MASKREPL, maskrepl, + CTLFLAG_RW, icmpmaskrepl, 0, + "Reply to ICMP Address Mask Request packets."); static u_int icmpmaskfake = 0; -SYSCTL_UINT(_net_inet_icmp, OID_AUTO, maskfake, CTLFLAG_RW, - &icmpmaskfake, 0, "Fake reply to ICMP Address Mask Request packets."); +SYSCTL_V_UINT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, maskfake, CTLFLAG_RW, + icmpmaskfake, 0, "Fake reply to ICMP Address Mask Request packets."); static int drop_redirect = 0; -SYSCTL_INT(_net_inet_icmp, OID_AUTO, drop_redirect, CTLFLAG_RW, - &drop_redirect, 0, "Ignore ICMP redirects"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, drop_redirect, + CTLFLAG_RW, drop_redirect, 0, "Ignore ICMP redirects"); static int log_redirect = 0; -SYSCTL_INT(_net_inet_icmp, OID_AUTO, log_redirect, CTLFLAG_RW, - &log_redirect, 0, "Log ICMP redirects to the console"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, log_redirect, + CTLFLAG_RW, log_redirect, 0, "Log ICMP redirects to the console"); static int icmplim = 200; -SYSCTL_INT(_net_inet_icmp, ICMPCTL_ICMPLIM, icmplim, CTLFLAG_RW, - &icmplim, 0, "Maximum number of ICMP responses per second"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, ICMPCTL_ICMPLIM, icmplim, + CTLFLAG_RW, icmplim, 0, "Maximum number of ICMP responses per second"); static int icmplim_output = 1; -SYSCTL_INT(_net_inet_icmp, OID_AUTO, icmplim_output, CTLFLAG_RW, - &icmplim_output, 0, "Enable rate limiting of ICMP responses"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, icmplim_output, + CTLFLAG_RW, icmplim_output, 0, + "Enable rate limiting of ICMP responses"); static char reply_src[IFNAMSIZ]; -SYSCTL_STRING(_net_inet_icmp, OID_AUTO, reply_src, CTLFLAG_RW, - &reply_src, IFNAMSIZ, "icmp reply source for non-local packets."); +SYSCTL_V_STRING(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, reply_src, + CTLFLAG_RW, reply_src, IFNAMSIZ, + "icmp reply source for non-local packets."); static int icmp_rfi = 0; -SYSCTL_INT(_net_inet_icmp, OID_AUTO, reply_from_interface, CTLFLAG_RW, - &icmp_rfi, 0, "ICMP reply from incoming interface for " +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, reply_from_interface, + CTLFLAG_RW, icmp_rfi, 0, "ICMP reply from incoming interface for " "non-local packets"); static int icmp_quotelen = 8; -SYSCTL_INT(_net_inet_icmp, OID_AUTO, quotelen, CTLFLAG_RW, - &icmp_quotelen, 0, "Number of bytes from original packet to " +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, quotelen, CTLFLAG_RW, + icmp_quotelen, 0, "Number of bytes from original packet to " "quote in ICMP reply"); /* @@ -124,8 +127,8 @@ SYSCTL_INT(_net_inet_icmp, OID_AUTO, quotelen, CTLFLAG_RW, */ static int icmpbmcastecho = 0; -SYSCTL_INT(_net_inet_icmp, OID_AUTO, bmcastecho, CTLFLAG_RW, - &icmpbmcastecho, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, bmcastecho, + CTLFLAG_RW, icmpbmcastecho, 0, ""); #ifdef ICMPPRINTFS @@ -144,6 +147,7 @@ extern struct protosw inetsw[]; void icmp_error(struct mbuf *n, int type, int code, n_long dest, int mtu) { + INIT_VNET_INET(curvnet); register struct ip *oip = mtod(n, struct ip *), *nip; register unsigned oiphlen = oip->ip_hl << 2; register struct icmp *icp; @@ -207,9 +211,9 @@ icmp_error(struct mbuf *n, int type, int code, n_long dest, int mtu) if (n->m_len < oiphlen + tcphlen && ((n = m_pullup(n, oiphlen + tcphlen)) == NULL)) goto freeit; - icmpelen = max(tcphlen, min(icmp_quotelen, oip->ip_len - oiphlen)); + icmpelen = max(tcphlen, min(V_icmp_quotelen, oip->ip_len - oiphlen)); } else -stdreply: icmpelen = max(8, min(icmp_quotelen, oip->ip_len - oiphlen)); +stdreply: icmpelen = max(8, min(V_icmp_quotelen, oip->ip_len - oiphlen)); icmplen = min(oiphlen + icmpelen, nlen); if (icmplen < sizeof(struct ip)) @@ -292,6 +296,7 @@ freeit: void icmp_input(struct mbuf *m, int off) { + INIT_VNET_INET(curvnet); struct icmp *icp; struct in_ifaddr *ia; struct ip *ip = mtod(m, struct ip *); @@ -462,7 +467,7 @@ icmp_input(struct mbuf *m, int off) break; case ICMP_ECHO: - if (!icmpbmcastecho + if (!V_icmpbmcastecho && (m->m_flags & (M_MCAST | M_BCAST)) != 0) { V_icmpstat.icps_bmcastecho++; break; @@ -474,7 +479,7 @@ icmp_input(struct mbuf *m, int off) goto reflect; case ICMP_TSTAMP: - if (!icmpbmcastecho + if (!V_icmpbmcastecho && (m->m_flags & (M_MCAST | M_BCAST)) != 0) { V_icmpstat.icps_bmcasttstamp++; break; @@ -492,7 +497,7 @@ icmp_input(struct mbuf *m, int off) goto reflect; case ICMP_MASKREQ: - if (icmpmaskrepl == 0) + if (V_icmpmaskrepl == 0) break; /* * We are not able to respond with all ones broadcast @@ -517,10 +522,10 @@ icmp_input(struct mbuf *m, int off) if (ia->ia_ifp == 0) break; icp->icmp_type = ICMP_MASKREPLY; - if (icmpmaskfake == 0) + if (V_icmpmaskfake == 0) icp->icmp_mask = ia->ia_sockmask.sin_addr.s_addr; else - icp->icmp_mask = icmpmaskfake; + icp->icmp_mask = V_icmpmaskfake; if (ip->ip_src.s_addr == 0) { if (ia->ia_ifp->if_flags & IFF_BROADCAST) ip->ip_src = satosin(&ia->ia_broadaddr)->sin_addr; @@ -535,7 +540,7 @@ reflect: return; case ICMP_REDIRECT: - if (log_redirect) { + if (V_log_redirect) { u_long src, dst, gw; src = ntohl(ip->ip_src.s_addr); @@ -554,7 +559,7 @@ reflect: * RFC1812 says we must ignore ICMP redirects if we * are acting as router. */ - if (drop_redirect || V_ipforwarding) + if (V_drop_redirect || V_ipforwarding) break; if (code > 3) goto badcode; @@ -622,6 +627,7 @@ freeit: static void icmp_reflect(struct mbuf *m) { + INIT_VNET_INET(curvnet); struct ip *ip = mtod(m, struct ip *); struct ifaddr *ifa; struct ifnet *ifn; @@ -672,7 +678,7 @@ icmp_reflect(struct mbuf *m) * doesn't have a suitable IP address, the normal selection * criteria apply. */ - if (icmp_rfi && m->m_pkthdr.rcvif != NULL) { + if (V_icmp_rfi && m->m_pkthdr.rcvif != NULL) { TAILQ_FOREACH(ifa, &m->m_pkthdr.rcvif->if_addrhead, ifa_link) { if (ifa->ifa_addr->sa_family != AF_INET) continue; @@ -686,7 +692,7 @@ icmp_reflect(struct mbuf *m) * net.inet.icmp.reply_src (default not set). Otherwise continue * with normal source selection. */ - if (reply_src[0] != '\0' && (ifn = ifunit(reply_src))) { + if (V_reply_src[0] != '\0' && (ifn = ifunit(V_reply_src))) { TAILQ_FOREACH(ifa, &ifn->if_addrhead, ifa_link) { if (ifa->ifa_addr->sa_family != AF_INET) continue; @@ -889,6 +895,8 @@ ip_next_mtu(int mtu, int dir) int badport_bandlim(int which) { + INIT_VNET_INET(curvnet); + #define N(a) (sizeof (a) / sizeof (a[0])) static struct rate { const char *type; @@ -906,20 +914,20 @@ badport_bandlim(int which) /* * Return ok status if feature disabled or argument out of range. */ - if (icmplim > 0 && (u_int) which < N(rates)) { + if (V_icmplim > 0 && (u_int) which < N(rates)) { struct rate *r = &rates[which]; int opps = r->curpps; - if (!ppsratecheck(&r->lasttime, &r->curpps, icmplim)) + if (!ppsratecheck(&r->lasttime, &r->curpps, V_icmplim)) return -1; /* discard packet */ /* * If we've dropped below the threshold after having * rate-limited traffic print the message. This preserves * the previous behaviour at the expense of added complexity. */ - if (icmplim_output && opps > icmplim) + if (V_icmplim_output && opps > V_icmplim) printf("Limiting %s from %d to %d packets/sec\n", - r->type, opps, icmplim); + r->type, opps, V_icmplim); } return 0; /* okay to send packet */ #undef N diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index ef1586d..ce92c2f 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -92,31 +92,32 @@ CTASSERT(sizeof(struct ip) == 20); int rsvp_on = 0; int ipforwarding = 0; -SYSCTL_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW, - &ipforwarding, 0, "Enable IP forwarding between interfaces"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_FORWARDING, + forwarding, CTLFLAG_RW, ipforwarding, 0, + "Enable IP forwarding between interfaces"); static int ipsendredirects = 1; /* XXX */ -SYSCTL_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW, - &ipsendredirects, 0, "Enable sending IP redirects"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_SENDREDIRECTS, + redirect, CTLFLAG_RW, ipsendredirects, 0, + "Enable sending IP redirects"); int ip_defttl = IPDEFTTL; -SYSCTL_INT(_net_inet_ip, IPCTL_DEFTTL, ttl, CTLFLAG_RW, - &ip_defttl, 0, "Maximum TTL on IP packets"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_DEFTTL, + ttl, CTLFLAG_RW, ip_defttl, 0, "Maximum TTL on IP packets"); static int ip_keepfaith = 0; -SYSCTL_INT(_net_inet_ip, IPCTL_KEEPFAITH, keepfaith, CTLFLAG_RW, - &ip_keepfaith, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_KEEPFAITH, + keepfaith, CTLFLAG_RW, ip_keepfaith, 0, "Enable packet capture for FAITH IPv4->IPv6 translater daemon"); static int ip_sendsourcequench = 0; -SYSCTL_INT(_net_inet_ip, OID_AUTO, sendsourcequench, CTLFLAG_RW, - &ip_sendsourcequench, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, + sendsourcequench, CTLFLAG_RW, ip_sendsourcequench, 0, "Enable the transmission of source quench packets"); int ip_do_randomid = 0; -SYSCTL_INT(_net_inet_ip, OID_AUTO, random_id, CTLFLAG_RW, - &ip_do_randomid, 0, - "Assign random ip_id values"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, random_id, + CTLFLAG_RW, ip_do_randomid, 0, "Assign random ip_id values"); /* * XXX - Setting ip_checkinterface mostly implements the receive side of @@ -132,8 +133,9 @@ SYSCTL_INT(_net_inet_ip, OID_AUTO, random_id, CTLFLAG_RW, * packets for those addresses are received. */ static int ip_checkinterface = 0; -SYSCTL_INT(_net_inet_ip, OID_AUTO, check_interface, CTLFLAG_RW, - &ip_checkinterface, 0, "Verify packet arrives on correct interface"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, + check_interface, CTLFLAG_RW, ip_checkinterface, 0, + "Verify packet arrives on correct interface"); struct pfil_head inet_pfil_hook; /* Packet filter hooks */ @@ -154,8 +156,8 @@ SYSCTL_INT(_net_inet_ip, IPCTL_INTRQDROPS, intr_queue_drops, CTLFLAG_RD, "Number of packets dropped from the IP input queue"); struct ipstat ipstat; -SYSCTL_STRUCT(_net_inet_ip, IPCTL_STATS, stats, CTLFLAG_RW, - &ipstat, ipstat, "IP statistics (struct ipstat, netinet/ip_var.h)"); +SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_ip, IPCTL_STATS, stats, CTLFLAG_RW, + ipstat, ipstat, "IP statistics (struct ipstat, netinet/ip_var.h)"); /* * IP datagram reassembly. @@ -180,12 +182,13 @@ static void ipq_zone_change(void *); static int maxnipq; /* Administrative limit on # reass queues. */ static int nipq = 0; /* Total # of reass queues */ -SYSCTL_INT(_net_inet_ip, OID_AUTO, fragpackets, CTLFLAG_RD, - &nipq, 0, "Current number of IPv4 fragment reassembly queue entries"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, fragpackets, + CTLFLAG_RD, nipq, 0, + "Current number of IPv4 fragment reassembly queue entries"); static int maxfragsperpacket; -SYSCTL_INT(_net_inet_ip, OID_AUTO, maxfragsperpacket, CTLFLAG_RW, - &maxfragsperpacket, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, maxfragsperpacket, + CTLFLAG_RW, maxfragsperpacket, 0, "Maximum number of IPv4 fragments allowed per packet"); struct callout ipport_tick_callout; @@ -197,8 +200,8 @@ SYSCTL_INT(_net_inet_ip, IPCTL_DEFMTU, mtu, CTLFLAG_RW, #ifdef IPSTEALTH int ipstealth = 0; -SYSCTL_INT(_net_inet_ip, OID_AUTO, stealth, CTLFLAG_RW, - &ipstealth, 0, "IP stealth mode, no TTL decrementation on forwarding"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, stealth, CTLFLAG_RW, + ipstealth, 0, "IP stealth mode, no TTL decrementation on forwarding"); #endif /* @@ -218,6 +221,7 @@ static void ip_freef(struct ipqhead *, struct ipq *); void ip_init(void) { + INIT_VNET_INET(curvnet); struct protosw *pr; int i; @@ -289,6 +293,7 @@ ip_fini(void *xtp) void ip_input(struct mbuf *m) { + INIT_VNET_INET(curvnet); struct ip *ip = NULL; struct in_ifaddr *ia = NULL; struct ifaddr *ifa; @@ -681,6 +686,7 @@ bad: static void maxnipq_update(void) { + INIT_VNET_INET(curvnet); /* * -1 for unlimited allocation. @@ -704,6 +710,7 @@ maxnipq_update(void) static void ipq_zone_change(void *tag) { + INIT_VNET_INET(curvnet); if (V_maxnipq > 0 && V_maxnipq < (nmbclusters / 32)) { V_maxnipq = nmbclusters / 32; @@ -714,6 +721,7 @@ ipq_zone_change(void *tag) static int sysctl_maxnipq(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET(curvnet); int error, i; i = V_maxnipq; @@ -749,6 +757,7 @@ SYSCTL_PROC(_net_inet_ip, OID_AUTO, maxfragpackets, CTLTYPE_INT|CTLFLAG_RW, struct mbuf * ip_reass(struct mbuf *m) { + INIT_VNET_INET(curvnet); struct ip *ip; struct mbuf *p, *q, *nq, *t; struct ipq *fp = NULL; @@ -1064,6 +1073,7 @@ done: static void ip_freef(struct ipqhead *fhp, struct ipq *fp) { + INIT_VNET_INET(curvnet); struct mbuf *q; IPQ_LOCK_ASSERT(); @@ -1086,36 +1096,47 @@ ip_freef(struct ipqhead *fhp, struct ipq *fp) void ip_slowtimo(void) { + VNET_ITERATOR_DECL(vnet_iter); struct ipq *fp; int i; IPQ_LOCK(); - for (i = 0; i < IPREASS_NHASH; i++) { - for(fp = TAILQ_FIRST(&V_ipq[i]); fp;) { - struct ipq *fpp; - - fpp = fp; - fp = TAILQ_NEXT(fp, ipq_list); - if(--fpp->ipq_ttl == 0) { - V_ipstat.ips_fragtimeout += fpp->ipq_nfrags; - ip_freef(&V_ipq[i], fpp); + VNET_LIST_RLOCK(); + VNET_FOREACH(vnet_iter) { + CURVNET_SET(vnet_iter); + INIT_VNET_INET(vnet_iter); + for (i = 0; i < IPREASS_NHASH; i++) { + for(fp = TAILQ_FIRST(&V_ipq[i]); fp;) { + struct ipq *fpp; + + fpp = fp; + fp = TAILQ_NEXT(fp, ipq_list); + if(--fpp->ipq_ttl == 0) { + V_ipstat.ips_fragtimeout += + fpp->ipq_nfrags; + ip_freef(&V_ipq[i], fpp); + } } } - } - /* - * If we are over the maximum number of fragments - * (due to the limit being lowered), drain off - * enough to get down to the new limit. - */ - if (V_maxnipq >= 0 && V_nipq > V_maxnipq) { - for (i = 0; i < IPREASS_NHASH; i++) { - while (V_nipq > V_maxnipq && !TAILQ_EMPTY(&V_ipq[i])) { - V_ipstat.ips_fragdropped += - TAILQ_FIRST(&V_ipq[i])->ipq_nfrags; - ip_freef(&V_ipq[i], TAILQ_FIRST(&V_ipq[i])); + /* + * If we are over the maximum number of fragments + * (due to the limit being lowered), drain off + * enough to get down to the new limit. + */ + if (V_maxnipq >= 0 && V_nipq > V_maxnipq) { + for (i = 0; i < IPREASS_NHASH; i++) { + while (V_nipq > V_maxnipq && + !TAILQ_EMPTY(&V_ipq[i])) { + V_ipstat.ips_fragdropped += + TAILQ_FIRST(&V_ipq[i])->ipq_nfrags; + ip_freef(&V_ipq[i], + TAILQ_FIRST(&V_ipq[i])); + } } } + CURVNET_RESTORE(); } + VNET_LIST_RUNLOCK(); IPQ_UNLOCK(); } @@ -1125,16 +1146,24 @@ ip_slowtimo(void) void ip_drain(void) { + VNET_ITERATOR_DECL(vnet_iter); int i; IPQ_LOCK(); - for (i = 0; i < IPREASS_NHASH; i++) { - while(!TAILQ_EMPTY(&V_ipq[i])) { - V_ipstat.ips_fragdropped += - TAILQ_FIRST(&V_ipq[i])->ipq_nfrags; - ip_freef(&V_ipq[i], TAILQ_FIRST(&V_ipq[i])); + VNET_LIST_RLOCK(); + VNET_FOREACH(vnet_iter) { + CURVNET_SET(vnet_iter); + INIT_VNET_INET(vnet_iter); + for (i = 0; i < IPREASS_NHASH; i++) { + while(!TAILQ_EMPTY(&V_ipq[i])) { + V_ipstat.ips_fragdropped += + TAILQ_FIRST(&V_ipq[i])->ipq_nfrags; + ip_freef(&V_ipq[i], TAILQ_FIRST(&V_ipq[i])); + } } + CURVNET_RESTORE(); } + VNET_LIST_RUNLOCK(); IPQ_UNLOCK(); in_rtqdrain(); } @@ -1251,6 +1280,7 @@ u_char inetctlerrmap[PRC_NCMDS] = { void ip_forward(struct mbuf *m, int srcrt) { + INIT_VNET_INET(curvnet); struct ip *ip = mtod(m, struct ip *); struct in_ifaddr *ia = NULL; struct mbuf *mcopy; @@ -1466,6 +1496,8 @@ void ip_savecontrol(struct inpcb *inp, struct mbuf **mp, struct ip *ip, struct mbuf *m) { + INIT_VNET_NET(inp->inp_vnet); + if (inp->inp_socket->so_options & (SO_BINTIME | SO_TIMESTAMP)) { struct bintime bt; @@ -1564,6 +1596,8 @@ struct socket *ip_rsvpd; int ip_rsvp_init(struct socket *so) { + INIT_VNET_INET(so->so_vnet); + if (so->so_type != SOCK_RAW || so->so_proto->pr_protocol != IPPROTO_RSVP) return EOPNOTSUPP; @@ -1587,6 +1621,8 @@ ip_rsvp_init(struct socket *so) int ip_rsvp_done(void) { + INIT_VNET_INET(curvnet); + V_ip_rsvpd = NULL; /* * This may seem silly, but we need to be sure we don't over-decrement @@ -1602,6 +1638,8 @@ ip_rsvp_done(void) void rsvp_input(struct mbuf *m, int off) /* XXX must fixup manually */ { + INIT_VNET_INET(curvnet); + if (rsvp_input_p) { /* call the real one if loaded */ rsvp_input_p(m, off); return; diff --git a/sys/netinet/ip_ipsec.c b/sys/netinet/ip_ipsec.c index 3e8e826..a4f8631 100644 --- a/sys/netinet/ip_ipsec.c +++ b/sys/netinet/ip_ipsec.c @@ -94,6 +94,8 @@ int ip_ipsec_fwd(struct mbuf *m) { #ifdef IPSEC + INIT_VNET_INET(curvnet); + INIT_VNET_IPSEC(curvnet); struct m_tag *mtag; struct tdb_ident *tdbi; struct secpolicy *sp; @@ -141,6 +143,7 @@ ip_ipsec_input(struct mbuf *m) { struct ip *ip = mtod(m, struct ip *); #ifdef IPSEC + INIT_VNET_IPSEC(curvnet); struct m_tag *mtag; struct tdb_ident *tdbi; struct secpolicy *sp; diff --git a/sys/netinet/ip_mroute.c b/sys/netinet/ip_mroute.c index 730f0af..a241ec4 100644 --- a/sys/netinet/ip_mroute.c +++ b/sys/netinet/ip_mroute.c @@ -422,6 +422,7 @@ mfc_find(in_addr_t o, in_addr_t g) static int X_ip_mrouter_set(struct socket *so, struct sockopt *sopt) { + INIT_VNET_INET(curvnet); int error, optval; vifi_t vifi; struct vifctl vifc; @@ -646,6 +647,7 @@ ip_mrouter_reset(void) static void if_detached_event(void *arg __unused, struct ifnet *ifp) { + INIT_VNET_INET(curvnet); vifi_t vifi; int i; struct mfc *mfc; @@ -709,6 +711,8 @@ if_detached_event(void *arg __unused, struct ifnet *ifp) static int ip_mrouter_init(struct socket *so, int version) { + INIT_VNET_INET(curvnet); + if (mrtdebug) log(LOG_DEBUG, "ip_mrouter_init: so_type = %d, pr_protocol = %d\n", so->so_type, so->so_proto->pr_protocol); @@ -755,6 +759,7 @@ ip_mrouter_init(struct socket *so, int version) static int X_ip_mrouter_done(void) { + INIT_VNET_INET(curvnet); vifi_t vifi; int i; struct ifnet *ifp; @@ -1286,6 +1291,7 @@ static int X_ip_mforward(struct ip *ip, struct ifnet *ifp, struct mbuf *m, struct ip_moptions *imo) { + INIT_VNET_INET(curvnet); struct mfc *rt; int error; vifi_t vifi; @@ -1590,6 +1596,7 @@ expire_upcalls(void *unused) static int ip_mdq(struct mbuf *m, struct ifnet *ifp, struct mfc *rt, vifi_t xmt_vif) { + INIT_VNET_INET(curvnet); struct ip *ip = mtod(m, struct ip *); vifi_t vifi; int plen = ip->ip_len; @@ -1801,6 +1808,7 @@ send_packet(struct vif *vifp, struct mbuf *m) static int X_ip_rsvp_vif(struct socket *so, struct sockopt *sopt) { + INIT_VNET_INET(curvnet); int error, vifi; if (so->so_type != SOCK_RAW || so->so_proto->pr_protocol != IPPROTO_RSVP) @@ -1855,6 +1863,7 @@ X_ip_rsvp_vif(struct socket *so, struct sockopt *sopt) static void X_ip_rsvp_force_done(struct socket *so) { + INIT_VNET_INET(curvnet); int vifi; /* Don't bother if it is not the right type of socket. */ @@ -1885,6 +1894,7 @@ X_ip_rsvp_force_done(struct socket *so) static void X_rsvp_input(struct mbuf *m, int off) { + INIT_VNET_INET(curvnet); int vifi; struct ip *ip = mtod(m, struct ip *); struct sockaddr_in rsvp_src = { sizeof rsvp_src, AF_INET }; @@ -2286,6 +2296,7 @@ bw_meter_prepare_upcall(struct bw_meter *x, struct timeval *nowp) static void bw_upcalls_send(void) { + INIT_VNET_INET(curvnet); struct mbuf *m; int len = bw_upcalls_n * sizeof(bw_upcalls[0]); struct sockaddr_in k_igmpsrc = { sizeof k_igmpsrc, AF_INET }; @@ -2646,6 +2657,7 @@ static int pim_register_send_upcall(struct ip *ip, struct vif *vifp, struct mbuf *mb_copy, struct mfc *rt) { + INIT_VNET_INET(curvnet); struct mbuf *mb_first; int len = ntohs(ip->ip_len); struct igmpmsg *im; @@ -2700,6 +2712,7 @@ static int pim_register_send_rp(struct ip *ip, struct vif *vifp, struct mbuf *mb_copy, struct mfc *rt) { + INIT_VNET_INET(curvnet); struct mbuf *mb_first; struct ip *ip_outer; struct pim_encap_pimhdr *pimhdr; @@ -3029,6 +3042,8 @@ pim_input_to_daemon: static int ip_mroute_modevent(module_t mod, int type, void *unused) { + INIT_VNET_INET(curvnet); + switch (type) { case MOD_LOAD: MROUTER_LOCK_INIT(); diff --git a/sys/netinet/ip_options.c b/sys/netinet/ip_options.c index df41c43..1cbe9f6 100644 --- a/sys/netinet/ip_options.c +++ b/sys/netinet/ip_options.c @@ -98,6 +98,7 @@ static void save_rte(struct mbuf *m, u_char *, struct in_addr); int ip_dooptions(struct mbuf *m, int pass) { + INIT_VNET_INET(curvnet); struct ip *ip = mtod(m, struct ip *); u_char *cp; struct in_ifaddr *ia; diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 4567f05..7612f67 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -109,6 +109,8 @@ int ip_output(struct mbuf *m, struct mbuf *opt, struct route *ro, int flags, struct ip_moptions *imo, struct inpcb *inp) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET(curvnet); struct ip *ip; struct ifnet *ifp = NULL; /* keep compiler happy */ struct mbuf *m0; @@ -626,6 +628,7 @@ int ip_fragment(struct ip *ip, struct mbuf **m_frag, int mtu, u_long if_hwassist_flags, int sw_csum) { + INIT_VNET_INET(curvnet); int error = 0; int hlen = ip->ip_hl << 2; int len = (mtu - hlen) & ~7; /* size of payload in each fragment */ diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 9e70ceb..c6bca32 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -158,6 +158,7 @@ rip_delhash(struct inpcb *inp) static void rip_zone_change(void *tag) { + INIT_VNET_INET(curvnet); uma_zone_set_max(V_ripcbinfo.ipi_zone, maxsockets); } @@ -174,6 +175,7 @@ rip_inpcb_init(void *mem, int size, int flags) void rip_init(void) { + INIT_VNET_INET(curvnet); INP_INFO_LOCK_INIT(&V_ripcbinfo, "rip"); LIST_INIT(&V_ripcb); @@ -240,6 +242,7 @@ rip_append(struct inpcb *last, struct ip *ip, struct mbuf *n, void rip_input(struct mbuf *m, int off) { + INIT_VNET_INET(curvnet); struct ip *ip = mtod(m, struct ip *); int proto = ip->ip_p; struct inpcb *inp, *last; @@ -333,6 +336,7 @@ rip_input(struct mbuf *m, int off) int rip_output(struct mbuf *m, struct socket *so, u_long dst) { + INIT_VNET_INET(so->so_vnet); struct ip *ip; int error; struct inpcb *inp = sotoinpcb(so); @@ -598,6 +602,7 @@ rip_ctloutput(struct socket *so, struct sockopt *sopt) void rip_ctlinput(int cmd, struct sockaddr *sa, void *vip) { + INIT_VNET_INET(curvnet); struct in_ifaddr *ia; struct ifnet *ifp; int err; @@ -656,6 +661,7 @@ SYSCTL_ULONG(_net_inet_raw, OID_AUTO, recvspace, CTLFLAG_RW, static int rip_attach(struct socket *so, int proto, struct thread *td) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; int error; @@ -689,6 +695,7 @@ rip_attach(struct socket *so, int proto, struct thread *td) static void rip_detach(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); @@ -728,6 +735,7 @@ rip_dodisconnect(struct socket *so, struct inpcb *inp) static void rip_abort(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); @@ -743,6 +751,7 @@ rip_abort(struct socket *so) static void rip_close(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); @@ -758,6 +767,7 @@ rip_close(struct socket *so) static int rip_disconnect(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; if ((so->so_state & SS_ISCONNECTED) == 0) @@ -777,6 +787,8 @@ rip_disconnect(struct socket *so) static int rip_bind(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_NET(so->so_vnet); + INIT_VNET_INET(so->so_vnet); struct sockaddr_in *addr = (struct sockaddr_in *)nam; struct inpcb *inp; @@ -813,6 +825,8 @@ rip_bind(struct socket *so, struct sockaddr *nam, struct thread *td) static int rip_connect(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_NET(so->so_vnet); + INIT_VNET_INET(so->so_vnet); struct sockaddr_in *addr = (struct sockaddr_in *)nam; struct inpcb *inp; @@ -883,6 +897,7 @@ rip_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam, static int rip_pcblist(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET(curvnet); int error, i, n; struct inpcb *inp, **inp_list; inp_gen_t gencnt; diff --git a/sys/netinet/tcp_hostcache.c b/sys/netinet/tcp_hostcache.c index 50bf593..ec8f9ba 100644 --- a/sys/netinet/tcp_hostcache.c +++ b/sys/netinet/tcp_hostcache.c @@ -158,26 +158,32 @@ static void tcp_hc_purge(void *); SYSCTL_NODE(_net_inet_tcp, OID_AUTO, hostcache, CTLFLAG_RW, 0, "TCP Host cache"); -SYSCTL_INT(_net_inet_tcp_hostcache, OID_AUTO, cachelimit, CTLFLAG_RDTUN, - &tcp_hostcache.cache_limit, 0, "Overall entry limit for hostcache"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_hostcache, OID_AUTO, cachelimit, + CTLFLAG_RDTUN, tcp_hostcache.cache_limit, 0, + "Overall entry limit for hostcache"); -SYSCTL_INT(_net_inet_tcp_hostcache, OID_AUTO, hashsize, CTLFLAG_RDTUN, - &tcp_hostcache.hashsize, 0, "Size of TCP hostcache hashtable"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_hostcache, OID_AUTO, hashsize, + CTLFLAG_RDTUN, tcp_hostcache.hashsize, 0, + "Size of TCP hostcache hashtable"); -SYSCTL_INT(_net_inet_tcp_hostcache, OID_AUTO, bucketlimit, CTLFLAG_RDTUN, - &tcp_hostcache.bucket_limit, 0, "Per-bucket hash limit for hostcache"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_hostcache, OID_AUTO, bucketlimit, + CTLFLAG_RDTUN, tcp_hostcache.bucket_limit, 0, + "Per-bucket hash limit for hostcache"); -SYSCTL_INT(_net_inet_tcp_hostcache, OID_AUTO, count, CTLFLAG_RD, - &tcp_hostcache.cache_count, 0, "Current number of entries in hostcache"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_hostcache, OID_AUTO, count, + CTLFLAG_RD, tcp_hostcache.cache_count, 0, + "Current number of entries in hostcache"); -SYSCTL_INT(_net_inet_tcp_hostcache, OID_AUTO, expire, CTLFLAG_RW, - &tcp_hostcache.expire, 0, "Expire time of TCP hostcache entries"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_hostcache, OID_AUTO, expire, + CTLFLAG_RW, tcp_hostcache.expire, 0, + "Expire time of TCP hostcache entries"); -SYSCTL_INT(_net_inet_tcp_hostcache, OID_AUTO, prune, CTLFLAG_RW, - &tcp_hostcache.prune, 0, "Time between purge runs"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_hostcache, OID_AUTO, prune, + CTLFLAG_RW, tcp_hostcache.prune, 0, "Time between purge runs"); -SYSCTL_INT(_net_inet_tcp_hostcache, OID_AUTO, purge, CTLFLAG_RW, - &tcp_hostcache.purgeall, 0, "Expire all entires on next purge run"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_hostcache, OID_AUTO, purge, + CTLFLAG_RW, tcp_hostcache.purgeall, 0, + "Expire all entires on next purge run"); SYSCTL_PROC(_net_inet_tcp_hostcache, OID_AUTO, list, CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_SKIP, 0, 0, @@ -204,6 +210,7 @@ static MALLOC_DEFINE(M_HOSTCACHE, "hostcache", "TCP hostcache"); void tcp_hc_init(void) { + INIT_VNET_INET(curvnet); int i; /* @@ -271,6 +278,7 @@ tcp_hc_init(void) static struct hc_metrics * tcp_hc_lookup(struct in_conninfo *inc) { + INIT_VNET_INET(curvnet); int hash; struct hc_head *hc_head; struct hc_metrics *hc_entry; @@ -326,6 +334,7 @@ tcp_hc_lookup(struct in_conninfo *inc) static struct hc_metrics * tcp_hc_insert(struct in_conninfo *inc) { + INIT_VNET_INET(curvnet); int hash; struct hc_head *hc_head; struct hc_metrics *hc_entry; @@ -416,6 +425,7 @@ tcp_hc_insert(struct in_conninfo *inc) void tcp_hc_get(struct in_conninfo *inc, struct hc_metrics_lite *hc_metrics_lite) { + INIT_VNET_INET(curvnet); struct hc_metrics *hc_entry; /* @@ -456,6 +466,7 @@ tcp_hc_get(struct in_conninfo *inc, struct hc_metrics_lite *hc_metrics_lite) u_long tcp_hc_getmtu(struct in_conninfo *inc) { + INIT_VNET_INET(curvnet); struct hc_metrics *hc_entry; u_long mtu; @@ -478,6 +489,7 @@ tcp_hc_getmtu(struct in_conninfo *inc) void tcp_hc_updatemtu(struct in_conninfo *inc, u_long mtu) { + INIT_VNET_INET(curvnet); struct hc_metrics *hc_entry; /* @@ -517,6 +529,7 @@ tcp_hc_updatemtu(struct in_conninfo *inc, u_long mtu) void tcp_hc_update(struct in_conninfo *inc, struct hc_metrics_lite *hcml) { + INIT_VNET_INET(curvnet); struct hc_metrics *hc_entry; hc_entry = tcp_hc_lookup(inc); @@ -597,6 +610,7 @@ tcp_hc_update(struct in_conninfo *inc, struct hc_metrics_lite *hcml) static int sysctl_tcp_hc_list(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET(curvnet); int bufsize; int linesize = 128; char *p, *buf; @@ -659,6 +673,7 @@ sysctl_tcp_hc_list(SYSCTL_HANDLER_ARGS) static void tcp_hc_purge(void *arg) { + INIT_VNET_INET(curvnet); struct hc_metrics *hc_entry, *hc_next; int all = (intptr_t)arg; int i; diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 78ea22f..e31bea1 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -100,60 +100,63 @@ __FBSDID("$FreeBSD$"); static const int tcprexmtthresh = 3; struct tcpstat tcpstat; -SYSCTL_STRUCT(_net_inet_tcp, TCPCTL_STATS, stats, CTLFLAG_RW, - &tcpstat , tcpstat, "TCP statistics (struct tcpstat, netinet/tcp_var.h)"); +SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_tcp, TCPCTL_STATS, stats, + CTLFLAG_RW, tcpstat , tcpstat, + "TCP statistics (struct tcpstat, netinet/tcp_var.h)"); int tcp_log_in_vain = 0; SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_in_vain, CTLFLAG_RW, &tcp_log_in_vain, 0, "Log all incoming TCP segments to closed ports"); static int blackhole = 0; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, blackhole, CTLFLAG_RW, - &blackhole, 0, "Do not send RST on segments to closed ports"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, blackhole, CTLFLAG_RW, + blackhole, 0, "Do not send RST on segments to closed ports"); int tcp_delack_enabled = 1; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, delayed_ack, CTLFLAG_RW, - &tcp_delack_enabled, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, delayed_ack, + CTLFLAG_RW, tcp_delack_enabled, 0, "Delay ACK to try and piggyback it onto a data packet"); static int drop_synfin = 0; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, drop_synfin, CTLFLAG_RW, - &drop_synfin, 0, "Drop TCP packets with SYN+FIN set"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, drop_synfin, + CTLFLAG_RW, drop_synfin, 0, "Drop TCP packets with SYN+FIN set"); static int tcp_do_rfc3042 = 1; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, rfc3042, CTLFLAG_RW, - &tcp_do_rfc3042, 0, "Enable RFC 3042 (Limited Transmit)"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, rfc3042, CTLFLAG_RW, + tcp_do_rfc3042, 0, "Enable RFC 3042 (Limited Transmit)"); static int tcp_do_rfc3390 = 1; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, rfc3390, CTLFLAG_RW, - &tcp_do_rfc3390, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, rfc3390, CTLFLAG_RW, + tcp_do_rfc3390, 0, "Enable RFC 3390 (Increasing TCP's Initial Congestion Window)"); int tcp_do_ecn = 0; int tcp_ecn_maxretries = 1; SYSCTL_NODE(_net_inet_tcp, OID_AUTO, ecn, CTLFLAG_RW, 0, "TCP ECN"); -SYSCTL_INT(_net_inet_tcp_ecn, OID_AUTO, enable, CTLFLAG_RW, - &tcp_do_ecn, 0, "TCP ECN support"); -SYSCTL_INT(_net_inet_tcp_ecn, OID_AUTO, maxretries, CTLFLAG_RW, - &tcp_ecn_maxretries, 0, "Max retries before giving up on ECN"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_ecn, OID_AUTO, enable, + CTLFLAG_RW, tcp_do_ecn, 0, "TCP ECN support"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_ecn, OID_AUTO, maxretries, + CTLFLAG_RW, tcp_ecn_maxretries, 0, "Max retries before giving up on ECN"); static int tcp_insecure_rst = 0; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, insecure_rst, CTLFLAG_RW, - &tcp_insecure_rst, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, insecure_rst, + CTLFLAG_RW, tcp_insecure_rst, 0, "Follow the old (insecure) criteria for accepting RST packets"); int tcp_do_autorcvbuf = 1; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, recvbuf_auto, CTLFLAG_RW, - &tcp_do_autorcvbuf, 0, "Enable automatic receive buffer sizing"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, recvbuf_auto, + CTLFLAG_RW, tcp_do_autorcvbuf, 0, + "Enable automatic receive buffer sizing"); int tcp_autorcvbuf_inc = 16*1024; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, recvbuf_inc, CTLFLAG_RW, - &tcp_autorcvbuf_inc, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, recvbuf_inc, + CTLFLAG_RW, tcp_autorcvbuf_inc, 0, "Incrementor step size of automatic receive buffer"); int tcp_autorcvbuf_max = 256*1024; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, recvbuf_max, CTLFLAG_RW, - &tcp_autorcvbuf_max, 0, "Max size of automatic receive buffer"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, recvbuf_max, + CTLFLAG_RW, tcp_autorcvbuf_max, 0, + "Max size of automatic receive buffer"); struct inpcbhead tcb; #define tcb6 tcb /* for KAME src sync over BSD*'s */ @@ -225,6 +228,7 @@ do { \ int tcp6_input(struct mbuf **mp, int *offp, int proto) { + INIT_VNET_INET6(curvnet); struct mbuf *m = *mp; struct in6_ifaddr *ia6; @@ -252,6 +256,13 @@ tcp6_input(struct mbuf **mp, int *offp, int proto) void tcp_input(struct mbuf *m, int off0) { + INIT_VNET_INET(curvnet); +#ifdef INET6 + INIT_VNET_INET6(curvnet); +#endif +#ifdef IPSEC + INIT_VNET_IPSEC(curvnet); +#endif struct tcphdr *th; struct ip *ip = NULL; struct ipovly *ipov; @@ -921,6 +932,7 @@ static void tcp_do_segment(struct mbuf *m, struct tcphdr *th, struct socket *so, struct tcpcb *tp, int drop_hdrlen, int tlen, uint8_t iptos) { + INIT_VNET_INET(tp->t_vnet); int thflags, acked, ourfinisacked, needoutput = 0; int headlocked = 1; int rstreason, todrop, win; @@ -2585,6 +2597,7 @@ drop: static void tcp_dooptions(struct tcpopt *to, u_char *cp, int cnt, int flags) { + INIT_VNET_INET(curvnet); int opt, optlen; to->to_flags = 0; @@ -2712,6 +2725,7 @@ tcp_pulloutofband(struct socket *so, struct tcphdr *th, struct mbuf *m, static void tcp_xmit_timer(struct tcpcb *tp, int rtt) { + INIT_VNET_INET(tp->t_inpcb->inp_vnet); int delta; INP_WLOCK_ASSERT(tp->t_inpcb); @@ -2817,6 +2831,7 @@ tcp_xmit_timer(struct tcpcb *tp, int rtt) void tcp_mss_update(struct tcpcb *tp, int offer, struct hc_metrics_lite *metricptr) { + INIT_VNET_INET(tp->t_inpcb->inp_vnet); int mss; u_long maxmtu; struct inpcb *inp = tp->t_inpcb; @@ -3100,6 +3115,7 @@ tcp_mss(struct tcpcb *tp, int offer) int tcp_mssopt(struct in_conninfo *inc) { + INIT_VNET_INET(curvnet); int mss = 0; u_long maxmtu = 0; u_long thcmtu = 0; diff --git a/sys/netinet/tcp_offload.c b/sys/netinet/tcp_offload.c index 604aab0..6419a95 100644 --- a/sys/netinet/tcp_offload.c +++ b/sys/netinet/tcp_offload.c @@ -107,6 +107,7 @@ fail: void tcp_offload_twstart(struct tcpcb *tp) { + INIT_VNET_INET(curvnet); INP_INFO_WLOCK(&V_tcbinfo); INP_WLOCK(tp->t_inpcb); @@ -117,6 +118,7 @@ tcp_offload_twstart(struct tcpcb *tp) struct tcpcb * tcp_offload_close(struct tcpcb *tp) { + INIT_VNET_INET(curvnet); INP_INFO_WLOCK(&V_tcbinfo); INP_WLOCK(tp->t_inpcb); @@ -131,6 +133,7 @@ tcp_offload_close(struct tcpcb *tp) struct tcpcb * tcp_offload_drop(struct tcpcb *tp, int error) { + INIT_VNET_INET(curvnet); INP_INFO_WLOCK(&V_tcbinfo); INP_WLOCK(tp->t_inpcb); diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c index f8cf22f..b3a010b 100644 --- a/sys/netinet/tcp_output.c +++ b/sys/netinet/tcp_output.c @@ -88,36 +88,41 @@ extern struct mbuf *m_copypack(); #endif int path_mtu_discovery = 1; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, path_mtu_discovery, CTLFLAG_RW, - &path_mtu_discovery, 1, "Enable Path MTU Discovery"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, path_mtu_discovery, + CTLFLAG_RW, path_mtu_discovery, 1, "Enable Path MTU Discovery"); int ss_fltsz = 1; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, slowstart_flightsize, CTLFLAG_RW, - &ss_fltsz, 1, "Slow start flight size"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, + slowstart_flightsize, CTLFLAG_RW, + ss_fltsz, 1, "Slow start flight size"); int ss_fltsz_local = 4; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, local_slowstart_flightsize, CTLFLAG_RW, - &ss_fltsz_local, 1, "Slow start flight size for local networks"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, + local_slowstart_flightsize, CTLFLAG_RW, + ss_fltsz_local, 1, "Slow start flight size for local networks"); int tcp_do_newreno = 1; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, newreno, CTLFLAG_RW, - &tcp_do_newreno, 0, "Enable NewReno Algorithms"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, newreno, CTLFLAG_RW, + tcp_do_newreno, 0, "Enable NewReno Algorithms"); int tcp_do_tso = 1; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, tso, CTLFLAG_RW, - &tcp_do_tso, 0, "Enable TCP Segmentation Offload"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, tso, CTLFLAG_RW, + tcp_do_tso, 0, "Enable TCP Segmentation Offload"); int tcp_do_autosndbuf = 1; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, sendbuf_auto, CTLFLAG_RW, - &tcp_do_autosndbuf, 0, "Enable automatic send buffer sizing"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, sendbuf_auto, + CTLFLAG_RW, + tcp_do_autosndbuf, 0, "Enable automatic send buffer sizing"); int tcp_autosndbuf_inc = 8*1024; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, sendbuf_inc, CTLFLAG_RW, - &tcp_autosndbuf_inc, 0, "Incrementor step size of automatic send buffer"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, sendbuf_inc, + CTLFLAG_RW, tcp_autosndbuf_inc, 0, + "Incrementor step size of automatic send buffer"); int tcp_autosndbuf_max = 256*1024; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, sendbuf_max, CTLFLAG_RW, - &tcp_autosndbuf_max, 0, "Max size of automatic send buffer"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, sendbuf_max, + CTLFLAG_RW, tcp_autosndbuf_max, 0, + "Max size of automatic send buffer"); /* @@ -126,6 +131,7 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, sendbuf_max, CTLFLAG_RW, int tcp_output(struct tcpcb *tp) { + INIT_VNET_INET(tp->t_inpcb->inp_vnet); struct socket *so = tp->t_inpcb->inp_socket; long len, recwin, sendwin; int off, flags, error; @@ -1318,6 +1324,7 @@ tcp_setpersist(struct tcpcb *tp) int tcp_addoptions(struct tcpopt *to, u_char *optp) { + INIT_VNET_INET(curvnet); u_int mask, optlen = 0; for (mask = 1; mask < TOF_MAXOPT; mask <<= 1) { diff --git a/sys/netinet/tcp_reass.c b/sys/netinet/tcp_reass.c index cf83bc2..6f55e11 100644 --- a/sys/netinet/tcp_reass.c +++ b/sys/netinet/tcp_reass.c @@ -78,29 +78,30 @@ SYSCTL_NODE(_net_inet_tcp, OID_AUTO, reass, CTLFLAG_RW, 0, "TCP Segment Reassembly Queue"); static int tcp_reass_maxseg = 0; -SYSCTL_INT(_net_inet_tcp_reass, OID_AUTO, maxsegments, CTLFLAG_RDTUN, - &tcp_reass_maxseg, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_reass, OID_AUTO, maxsegments, + CTLFLAG_RDTUN, tcp_reass_maxseg, 0, "Global maximum number of TCP Segments in Reassembly Queue"); int tcp_reass_qsize = 0; -SYSCTL_INT(_net_inet_tcp_reass, OID_AUTO, cursegments, CTLFLAG_RD, - &tcp_reass_qsize, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_reass, OID_AUTO, cursegments, + CTLFLAG_RD, tcp_reass_qsize, 0, "Global number of TCP Segments currently in Reassembly Queue"); static int tcp_reass_maxqlen = 48; -SYSCTL_INT(_net_inet_tcp_reass, OID_AUTO, maxqlen, CTLFLAG_RW, - &tcp_reass_maxqlen, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_reass, OID_AUTO, maxqlen, + CTLFLAG_RW, tcp_reass_maxqlen, 0, "Maximum number of TCP Segments per individual Reassembly Queue"); static int tcp_reass_overflows = 0; -SYSCTL_INT(_net_inet_tcp_reass, OID_AUTO, overflows, CTLFLAG_RD, - &tcp_reass_overflows, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_reass, OID_AUTO, overflows, + CTLFLAG_RD, tcp_reass_overflows, 0, "Global number of TCP Segment Reassembly Queue Overflows"); /* Initialize TCP reassembly queue */ static void tcp_reass_zone_change(void *tag) { + INIT_VNET_INET(curvnet); V_tcp_reass_maxseg = nmbclusters / 16; uma_zone_set_max(tcp_reass_zone, V_tcp_reass_maxseg); @@ -111,6 +112,7 @@ uma_zone_t tcp_reass_zone; void tcp_reass_init(void) { + INIT_VNET_INET(curvnet); V_tcp_reass_maxseg = nmbclusters / 16; TUNABLE_INT_FETCH("net.inet.tcp.reass.maxsegments", @@ -125,6 +127,7 @@ tcp_reass_init(void) int tcp_reass(struct tcpcb *tp, struct tcphdr *th, int *tlenp, struct mbuf *m) { + INIT_VNET_INET(curvnet); struct tseg_qent *q; struct tseg_qent *p = NULL; struct tseg_qent *nq; diff --git a/sys/netinet/tcp_sack.c b/sys/netinet/tcp_sack.c index 961cb78..f43e4e7 100644 --- a/sys/netinet/tcp_sack.c +++ b/sys/netinet/tcp_sack.c @@ -126,23 +126,23 @@ extern struct uma_zone *sack_hole_zone; SYSCTL_NODE(_net_inet_tcp, OID_AUTO, sack, CTLFLAG_RW, 0, "TCP SACK"); int tcp_do_sack = 1; -SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, enable, CTLFLAG_RW, - &tcp_do_sack, 0, "Enable/Disable TCP SACK support"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_sack, OID_AUTO, enable, + CTLFLAG_RW, tcp_do_sack, 0, "Enable/Disable TCP SACK support"); TUNABLE_INT("net.inet.tcp.sack.enable", &tcp_do_sack); static int tcp_sack_maxholes = 128; -SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, maxholes, CTLFLAG_RW, - &tcp_sack_maxholes, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_sack, OID_AUTO, maxholes, + CTLFLAG_RW, tcp_sack_maxholes, 0, "Maximum number of TCP SACK holes allowed per connection"); static int tcp_sack_globalmaxholes = 65536; -SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, globalmaxholes, CTLFLAG_RW, - &tcp_sack_globalmaxholes, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_sack, OID_AUTO, globalmaxholes, + CTLFLAG_RW, tcp_sack_globalmaxholes, 0, "Global maximum number of TCP SACK holes"); static int tcp_sack_globalholes = 0; -SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, globalholes, CTLFLAG_RD, - &tcp_sack_globalholes, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_sack, OID_AUTO, globalholes, + CTLFLAG_RD, tcp_sack_globalholes, 0, "Global number of TCP SACK holes currently allocated"); /* @@ -253,6 +253,7 @@ tcp_clean_sackreport(struct tcpcb *tp) static struct sackhole * tcp_sackhole_alloc(struct tcpcb *tp, tcp_seq start, tcp_seq end) { + INIT_VNET_INET(tp->t_inpcb->inp_vnet); struct sackhole *hole; if (tp->snd_numholes >= V_tcp_sack_maxholes || @@ -281,6 +282,7 @@ tcp_sackhole_alloc(struct tcpcb *tp, tcp_seq start, tcp_seq end) static void tcp_sackhole_free(struct tcpcb *tp, struct sackhole *hole) { + INIT_VNET_INET(tp->t_vnet); uma_zfree(sack_hole_zone, hole); diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index fd3ea2d..f94e290 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -119,6 +119,7 @@ int tcp_v6mssdflt = TCP6_MSS; static int sysctl_net_inet_tcp_mss_check(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET(TD_TO_VNET(curthread)); int error, new; new = V_tcp_mssdflt; @@ -140,6 +141,7 @@ SYSCTL_PROC(_net_inet_tcp, TCPCTL_MSSDFLT, mssdflt, CTLTYPE_INT|CTLFLAG_RW, static int sysctl_net_inet_tcp_mss_v6_check(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET6(TD_TO_VNET(curthread)); int error, new; new = V_tcp_v6mssdflt; @@ -167,12 +169,13 @@ SYSCTL_PROC(_net_inet_tcp, TCPCTL_V6MSSDFLT, v6mssdflt, CTLTYPE_INT|CTLFLAG_RW, * checking. This setting prevents us from sending too small packets. */ int tcp_minmss = TCP_MINMSS; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, minmss, CTLFLAG_RW, - &tcp_minmss , 0, "Minmum TCP Maximum Segment Size"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, minmss, + CTLFLAG_RW, tcp_minmss , 0, "Minmum TCP Maximum Segment Size"); int tcp_do_rfc1323 = 1; -SYSCTL_INT(_net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323, CTLFLAG_RW, - &tcp_do_rfc1323, 0, "Enable rfc1323 (high performance TCP) extensions"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323, + CTLFLAG_RW, tcp_do_rfc1323, 0, + "Enable rfc1323 (high performance TCP) extensions"); static int tcp_log_debug = 0; SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_debug, CTLFLAG_RW, @@ -183,21 +186,21 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, tcbhashsize, CTLFLAG_RDTUN, &tcp_tcbhashsize, 0, "Size of TCP control-block hashtable"); static int do_tcpdrain = 1; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, do_tcpdrain, CTLFLAG_RW, - &do_tcpdrain, 0, +SYSCTL_INT(_net_inet_tcp, OID_AUTO, do_tcpdrain, CTLFLAG_RW, &do_tcpdrain, 0, "Enable tcp_drain routine for extra help when low on mbufs"); -SYSCTL_INT(_net_inet_tcp, OID_AUTO, pcbcount, CTLFLAG_RD, - &tcbinfo.ipi_count, 0, "Number of active PCBs"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, pcbcount, + CTLFLAG_RD, tcbinfo.ipi_count, 0, "Number of active PCBs"); static int icmp_may_rst = 1; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, icmp_may_rst, CTLFLAG_RW, - &icmp_may_rst, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, icmp_may_rst, + CTLFLAG_RW, icmp_may_rst, 0, "Certain ICMP unreachable messages may abort connections in SYN_SENT"); static int tcp_isn_reseed_interval = 0; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, isn_reseed_interval, CTLFLAG_RW, - &tcp_isn_reseed_interval, 0, "Seconds between reseeding of ISN secret"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, isn_reseed_interval, + CTLFLAG_RW, tcp_isn_reseed_interval, 0, + "Seconds between reseeding of ISN secret"); /* * TCP bandwidth limiting sysctls. Note that the default lower bound of @@ -208,8 +211,9 @@ SYSCTL_NODE(_net_inet_tcp, OID_AUTO, inflight, CTLFLAG_RW, 0, "TCP inflight data limiting"); static int tcp_inflight_enable = 1; -SYSCTL_INT(_net_inet_tcp_inflight, OID_AUTO, enable, CTLFLAG_RW, - &tcp_inflight_enable, 0, "Enable automatic TCP inflight data limiting"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_inflight, OID_AUTO, enable, + CTLFLAG_RW, tcp_inflight_enable, 0, + "Enable automatic TCP inflight data limiting"); static int tcp_inflight_debug = 0; SYSCTL_INT(_net_inet_tcp_inflight, OID_AUTO, debug, CTLFLAG_RW, @@ -221,16 +225,17 @@ SYSCTL_PROC(_net_inet_tcp_inflight, OID_AUTO, rttthresh, CTLTYPE_INT|CTLFLAG_RW, "RTT threshold below which inflight will deactivate itself"); static int tcp_inflight_min = 6144; -SYSCTL_INT(_net_inet_tcp_inflight, OID_AUTO, min, CTLFLAG_RW, - &tcp_inflight_min, 0, "Lower-bound for TCP inflight window"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_inflight, OID_AUTO, min, + CTLFLAG_RW, tcp_inflight_min, 0, "Lower-bound for TCP inflight window"); static int tcp_inflight_max = TCP_MAXWIN << TCP_MAX_WINSHIFT; -SYSCTL_INT(_net_inet_tcp_inflight, OID_AUTO, max, CTLFLAG_RW, - &tcp_inflight_max, 0, "Upper-bound for TCP inflight window"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_inflight, OID_AUTO, max, + CTLFLAG_RW, tcp_inflight_max, 0, "Upper-bound for TCP inflight window"); static int tcp_inflight_stab = 20; -SYSCTL_INT(_net_inet_tcp_inflight, OID_AUTO, stab, CTLFLAG_RW, - &tcp_inflight_stab, 0, "Inflight Algorithm Stabilization 20 = 2 packets"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_inflight, OID_AUTO, stab, + CTLFLAG_RW, tcp_inflight_stab, 0, + "Inflight Algorithm Stabilization 20 = 2 packets"); uma_zone_t sack_hole_zone; @@ -291,6 +296,7 @@ tcp_inpcb_init(void *mem, int size, int flags) void tcp_init(void) { + INIT_VNET_INET(curvnet); int hashsize = TCBHASHSIZE; tcp_delacktime = TCPTV_DELACK; @@ -450,6 +456,7 @@ void tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m, tcp_seq ack, tcp_seq seq, int flags) { + INIT_VNET_INET(curvnet); int tlen; int win = 0; struct ip *ip; @@ -620,6 +627,7 @@ tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m, struct tcpcb * tcp_newtcpcb(struct inpcb *inp) { + INIT_VNET_INET(inp->inp_vnet); struct tcpcb_mem *tm; struct tcpcb *tp; #ifdef INET6 @@ -683,6 +691,7 @@ tcp_newtcpcb(struct inpcb *inp) struct tcpcb * tcp_drop(struct tcpcb *tp, int errno) { + INIT_VNET_INET(tp->t_inpcb->inp_vnet); struct socket *so = tp->t_inpcb->inp_socket; INP_INFO_WLOCK_ASSERT(&V_tcbinfo); @@ -703,6 +712,7 @@ tcp_drop(struct tcpcb *tp, int errno) void tcp_discardcb(struct tcpcb *tp) { + INIT_VNET_INET(tp->t_vnet); struct tseg_qent *q; struct inpcb *inp = tp->t_inpcb; struct socket *so = inp->inp_socket; @@ -804,6 +814,7 @@ tcp_discardcb(struct tcpcb *tp) struct tcpcb * tcp_close(struct tcpcb *tp) { + INIT_VNET_INET(tp->t_inpcb->inp_vnet); struct inpcb *inp = tp->t_inpcb; struct socket *so; @@ -835,8 +846,15 @@ tcp_close(struct tcpcb *tp) void tcp_drain(void) { + VNET_ITERATOR_DECL(vnet_iter); - if (do_tcpdrain) { + if (!do_tcpdrain) + return; + + VNET_LIST_RLOCK(); + VNET_FOREACH(vnet_iter) { + CURVNET_SET(vnet_iter); + INIT_VNET_INET(vnet_iter); struct inpcb *inpb; struct tcpcb *tcpb; struct tseg_qent *te; @@ -868,7 +886,9 @@ tcp_drain(void) INP_WUNLOCK(inpb); } INP_INFO_RUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); } + VNET_LIST_RUNLOCK(); } /* @@ -926,6 +946,7 @@ tcp_notify(struct inpcb *inp, int error) static int tcp_pcblist(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET(curvnet); int error, i, m, n, pcb_count; struct inpcb *inp, **inp_list; inp_gen_t gencnt; @@ -1062,6 +1083,7 @@ SYSCTL_PROC(_net_inet_tcp, TCPCTL_PCBLIST, pcblist, CTLFLAG_RD, 0, 0, static int tcp_getcred(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET(curvnet); struct xucred xuc; struct sockaddr_in addrs[2]; struct inpcb *inp; @@ -1104,6 +1126,8 @@ SYSCTL_PROC(_net_inet_tcp, OID_AUTO, getcred, static int tcp6_getcred(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET(curvnet); + INIT_VNET_INET6(curvnet); struct xucred xuc; struct sockaddr_in6 addrs[2]; struct inpcb *inp; @@ -1167,6 +1191,7 @@ SYSCTL_PROC(_net_inet6_tcp6, OID_AUTO, getcred, void tcp_ctlinput(int cmd, struct sockaddr *sa, void *vip) { + INIT_VNET_INET(curvnet); struct ip *ip = vip; struct tcphdr *th; struct in_addr faddr; @@ -1286,6 +1311,7 @@ tcp_ctlinput(int cmd, struct sockaddr *sa, void *vip) void tcp6_ctlinput(int cmd, struct sockaddr *sa, void *d) { + INIT_VNET_INET(curvnet); struct tcphdr th; struct inpcb *(*notify)(struct inpcb *, int) = tcp_notify; struct ip6_hdr *ip6; @@ -1414,6 +1440,7 @@ static MD5_CTX isn_ctx; tcp_seq tcp_new_isn(struct tcpcb *tp) { + INIT_VNET_INET(tp->t_vnet); u_int32_t md5_buffer[4]; tcp_seq new_isn; @@ -1464,15 +1491,24 @@ tcp_new_isn(struct tcpcb *tp) static void tcp_isn_tick(void *xtp) { + VNET_ITERATOR_DECL(vnet_iter); u_int32_t projected_offset; ISN_LOCK(); - projected_offset = V_isn_offset_old + ISN_BYTES_PER_SECOND / 100; - - if (SEQ_GT(projected_offset, V_isn_offset)) - V_isn_offset = projected_offset; - - V_isn_offset_old = V_isn_offset; + VNET_LIST_RLOCK(); + VNET_FOREACH(vnet_iter) { + CURVNET_SET(vnet_iter); /* XXX appease INVARIANTS */ + INIT_VNET_INET(curvnet); + projected_offset = + V_isn_offset_old + ISN_BYTES_PER_SECOND / 100; + + if (SEQ_GT(projected_offset, V_isn_offset)) + V_isn_offset = projected_offset; + + V_isn_offset_old = V_isn_offset; + CURVNET_RESTORE(); + } + VNET_LIST_RUNLOCK(); callout_reset(&isn_callout, hz/100, tcp_isn_tick, NULL); ISN_UNLOCK(); } @@ -1485,6 +1521,9 @@ tcp_isn_tick(void *xtp) struct inpcb * tcp_drop_syn_sent(struct inpcb *inp, int errno) { +#ifdef INVARIANTS + INIT_VNET_INET(inp->inp_vnet); +#endif struct tcpcb *tp; INP_INFO_WLOCK_ASSERT(&V_tcbinfo); @@ -1514,6 +1553,7 @@ tcp_drop_syn_sent(struct inpcb *inp, int errno) struct inpcb * tcp_mtudisc(struct inpcb *inp, int errno) { + INIT_VNET_INET(inp->inp_vnet); struct tcpcb *tp; struct socket *so; @@ -1720,6 +1760,7 @@ ipsec_hdrsiz_tcp(struct tcpcb *tp) void tcp_xmit_bandwidth_limit(struct tcpcb *tp, tcp_seq ack_seq) { + INIT_VNET_INET(tp->t_vnet); u_long bw; u_long bwnd; int save_ticks; @@ -2008,6 +2049,10 @@ tcp_signature_compute(struct mbuf *m, int _unused, int len, int optlen, static int sysctl_drop(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET(curvnet); +#ifdef INET6 + INIT_VNET_INET6(curvnet); +#endif /* addrs[0] is a foreign socket, addrs[1] is a local one. */ struct sockaddr_storage addrs[2]; struct inpcb *inp; diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index fe67f81..b3846ce 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -146,24 +146,30 @@ static struct tcp_syncache tcp_syncache; SYSCTL_NODE(_net_inet_tcp, OID_AUTO, syncache, CTLFLAG_RW, 0, "TCP SYN cache"); -SYSCTL_INT(_net_inet_tcp_syncache, OID_AUTO, bucketlimit, CTLFLAG_RDTUN, - &tcp_syncache.bucket_limit, 0, "Per-bucket hash limit for syncache"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_syncache, OID_AUTO, + bucketlimit, CTLFLAG_RDTUN, + tcp_syncache.bucket_limit, 0, "Per-bucket hash limit for syncache"); -SYSCTL_INT(_net_inet_tcp_syncache, OID_AUTO, cachelimit, CTLFLAG_RDTUN, - &tcp_syncache.cache_limit, 0, "Overall entry limit for syncache"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_syncache, OID_AUTO, + cachelimit, CTLFLAG_RDTUN, + tcp_syncache.cache_limit, 0, "Overall entry limit for syncache"); -SYSCTL_INT(_net_inet_tcp_syncache, OID_AUTO, count, CTLFLAG_RD, - &tcp_syncache.cache_count, 0, "Current number of entries in syncache"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_syncache, OID_AUTO, + count, CTLFLAG_RD, + tcp_syncache.cache_count, 0, "Current number of entries in syncache"); -SYSCTL_INT(_net_inet_tcp_syncache, OID_AUTO, hashsize, CTLFLAG_RDTUN, - &tcp_syncache.hashsize, 0, "Size of TCP syncache hashtable"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_syncache, OID_AUTO, + hashsize, CTLFLAG_RDTUN, + tcp_syncache.hashsize, 0, "Size of TCP syncache hashtable"); -SYSCTL_INT(_net_inet_tcp_syncache, OID_AUTO, rexmtlimit, CTLFLAG_RW, - &tcp_syncache.rexmt_limit, 0, "Limit on SYN/ACK retransmissions"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_syncache, OID_AUTO, + rexmtlimit, CTLFLAG_RW, + tcp_syncache.rexmt_limit, 0, "Limit on SYN/ACK retransmissions"); int tcp_sc_rst_sock_fail = 1; -SYSCTL_INT(_net_inet_tcp_syncache, OID_AUTO, rst_on_sock_fail, CTLFLAG_RW, - &tcp_sc_rst_sock_fail, 0, "Send reset on socket allocation failure"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_syncache, OID_AUTO, + rst_on_sock_fail, CTLFLAG_RW, + tcp_sc_rst_sock_fail, 0, "Send reset on socket allocation failure"); static MALLOC_DEFINE(M_SYNCACHE, "syncache", "TCP syncache"); @@ -198,6 +204,8 @@ static MALLOC_DEFINE(M_SYNCACHE, "syncache", "TCP syncache"); static void syncache_free(struct syncache *sc) { + INIT_VNET_INET(curvnet); + if (sc->sc_ipopts) (void) m_free(sc->sc_ipopts); if (sc->sc_cred) @@ -212,6 +220,7 @@ syncache_free(struct syncache *sc) void syncache_init(void) { + INIT_VNET_INET(curvnet); int i; V_tcp_syncache.cache_count = 0; @@ -265,6 +274,7 @@ syncache_init(void) static void syncache_insert(struct syncache *sc, struct syncache_head *sch) { + INIT_VNET_INET(sch->sch_vnet); struct syncache *sc2; SCH_LOCK(sch); @@ -303,6 +313,7 @@ syncache_insert(struct syncache *sc, struct syncache_head *sch) static void syncache_drop(struct syncache *sc, struct syncache_head *sch) { + INIT_VNET_INET(sch->sch_vnet); SCH_LOCK_ASSERT(sch); @@ -343,6 +354,7 @@ static void syncache_timer(void *xsch) { struct syncache_head *sch = (struct syncache_head *)xsch; + INIT_VNET_INET(sch->sch_vnet); struct syncache *sc, *nsc; int tick = ticks; char *s; @@ -404,6 +416,7 @@ syncache_timer(void *xsch) struct syncache * syncache_lookup(struct in_conninfo *inc, struct syncache_head **schp) { + INIT_VNET_INET(curvnet); struct syncache *sc; struct syncache_head *sch; @@ -451,6 +464,7 @@ syncache_lookup(struct in_conninfo *inc, struct syncache_head **schp) void syncache_chkrst(struct in_conninfo *inc, struct tcphdr *th) { + INIT_VNET_INET(curvnet); struct syncache *sc; struct syncache_head *sch; char *s = NULL; @@ -525,6 +539,7 @@ done: void syncache_badack(struct in_conninfo *inc) { + INIT_VNET_INET(curvnet); struct syncache *sc; struct syncache_head *sch; @@ -540,6 +555,7 @@ syncache_badack(struct in_conninfo *inc) void syncache_unreach(struct in_conninfo *inc, struct tcphdr *th) { + INIT_VNET_INET(curvnet); struct syncache *sc; struct syncache_head *sch; @@ -576,6 +592,7 @@ done: static struct socket * syncache_socket(struct syncache *sc, struct socket *lso, struct mbuf *m) { + INIT_VNET_INET(lso->so_vnet); struct inpcb *inp = NULL; struct socket *so; struct tcpcb *tp; @@ -788,6 +805,7 @@ int syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, struct socket **lsop, struct mbuf *m) { + INIT_VNET_INET(curvnet); struct syncache *sc; struct syncache_head *sch; struct syncache scs; @@ -933,6 +951,7 @@ _syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, struct inpcb *inp, struct socket **lsop, struct mbuf *m, struct toe_usrreqs *tu, void *toepcb) { + INIT_VNET_INET(inp->inp_vnet); struct tcpcb *tp; struct socket *so; struct syncache *sc = NULL; @@ -1231,6 +1250,7 @@ done: static int syncache_respond(struct syncache *sc) { + INIT_VNET_INET(curvnet); struct ip *ip = NULL; struct mbuf *m; struct tcphdr *th; @@ -1400,6 +1420,7 @@ tcp_offload_syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, struct inpcb *inp, struct socket **lsop, struct toe_usrreqs *tu, void *toepcb) { + INIT_VNET_INET(curvnet); INP_INFO_WLOCK(&V_tcbinfo); INP_WLOCK(inp); @@ -1488,6 +1509,7 @@ static void syncookie_generate(struct syncache_head *sch, struct syncache *sc, u_int32_t *flowlabel) { + INIT_VNET_INET(curvnet); MD5_CTX ctx; u_int32_t md5_buffer[MD5_DIGEST_LENGTH / sizeof(u_int32_t)]; u_int32_t data; @@ -1563,6 +1585,7 @@ syncookie_lookup(struct in_conninfo *inc, struct syncache_head *sch, struct syncache *sc, struct tcpopt *to, struct tcphdr *th, struct socket *so) { + INIT_VNET_INET(curvnet); MD5_CTX ctx; u_int32_t md5_buffer[MD5_DIGEST_LENGTH / sizeof(u_int32_t)]; u_int32_t data = 0; @@ -1670,6 +1693,7 @@ syncookie_lookup(struct in_conninfo *inc, struct syncache_head *sch, int syncache_pcbcount(void) { + INIT_VNET_INET(curvnet); struct syncache_head *sch; int count, i; @@ -1693,6 +1717,7 @@ syncache_pcbcount(void) int syncache_pcblist(struct sysctl_req *req, int max_pcbs, int *pcbs_exported) { + INIT_VNET_INET(curvnet); struct xtcpcb xt; struct syncache *sc; struct syncache_head *sch; diff --git a/sys/netinet/tcp_timer.c b/sys/netinet/tcp_timer.c index db156ec..2e70719 100644 --- a/sys/netinet/tcp_timer.c +++ b/sys/netinet/tcp_timer.c @@ -124,11 +124,19 @@ int tcp_maxidle; void tcp_slowtimo(void) { - - tcp_maxidle = tcp_keepcnt * tcp_keepintvl; - INP_INFO_WLOCK(&V_tcbinfo); - (void) tcp_tw_2msl_scan(0); - INP_INFO_WUNLOCK(&V_tcbinfo); + VNET_ITERATOR_DECL(vnet_iter); + + VNET_LIST_RLOCK(); + VNET_FOREACH(vnet_iter) { + CURVNET_SET(vnet_iter); + INIT_VNET_INET(vnet_iter); + tcp_maxidle = tcp_keepcnt * tcp_keepintvl; + INP_INFO_WLOCK(&V_tcbinfo); + (void) tcp_tw_2msl_scan(0); + INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); + } + VNET_LIST_RUNLOCK(); } int tcp_syn_backoff[TCP_MAXRXTSHIFT + 1] = @@ -152,6 +160,8 @@ tcp_timer_delack(void *xtp) { struct tcpcb *tp = xtp; struct inpcb *inp; + CURVNET_SET(tp->t_vnet); + INIT_VNET_INET(tp->t_vnet); INP_INFO_RLOCK(&V_tcbinfo); inp = tp->t_inpcb; @@ -165,6 +175,7 @@ tcp_timer_delack(void *xtp) if (inp == NULL) { tcp_timer_race++; INP_INFO_RUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); return; } INP_WLOCK(inp); @@ -172,6 +183,7 @@ tcp_timer_delack(void *xtp) if ((inp->inp_vflag & INP_DROPPED) || callout_pending(&tp->t_timers->tt_delack) || !callout_active(&tp->t_timers->tt_delack)) { INP_WUNLOCK(inp); + CURVNET_RESTORE(); return; } callout_deactivate(&tp->t_timers->tt_delack); @@ -180,6 +192,7 @@ tcp_timer_delack(void *xtp) V_tcpstat.tcps_delack++; (void) tcp_output(tp); INP_WUNLOCK(inp); + CURVNET_RESTORE(); } void @@ -187,6 +200,8 @@ tcp_timer_2msl(void *xtp) { struct tcpcb *tp = xtp; struct inpcb *inp; + CURVNET_SET(tp->t_vnet); + INIT_VNET_INET(tp->t_vnet); #ifdef TCPDEBUG int ostate; @@ -207,6 +222,7 @@ tcp_timer_2msl(void *xtp) if (inp == NULL) { tcp_timer_race++; INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); return; } INP_WLOCK(inp); @@ -215,6 +231,7 @@ tcp_timer_2msl(void *xtp) !callout_active(&tp->t_timers->tt_2msl)) { INP_WUNLOCK(tp->t_inpcb); INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); return; } callout_deactivate(&tp->t_timers->tt_2msl); @@ -250,6 +267,7 @@ tcp_timer_2msl(void *xtp) if (tp != NULL) INP_WUNLOCK(inp); INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); } void @@ -258,6 +276,8 @@ tcp_timer_keep(void *xtp) struct tcpcb *tp = xtp; struct tcptemp *t_template; struct inpcb *inp; + CURVNET_SET(tp->t_vnet); + INIT_VNET_INET(tp->t_vnet); #ifdef TCPDEBUG int ostate; @@ -275,6 +295,7 @@ tcp_timer_keep(void *xtp) if (inp == NULL) { tcp_timer_race++; INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); return; } INP_WLOCK(inp); @@ -282,6 +303,7 @@ tcp_timer_keep(void *xtp) || !callout_active(&tp->t_timers->tt_keep)) { INP_WUNLOCK(inp); INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); return; } callout_deactivate(&tp->t_timers->tt_keep); @@ -327,6 +349,7 @@ tcp_timer_keep(void *xtp) #endif INP_WUNLOCK(inp); INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); return; dropit: @@ -341,6 +364,7 @@ dropit: if (tp != NULL) INP_WUNLOCK(tp->t_inpcb); INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); } void @@ -348,6 +372,8 @@ tcp_timer_persist(void *xtp) { struct tcpcb *tp = xtp; struct inpcb *inp; + CURVNET_SET(tp->t_vnet); + INIT_VNET_INET(tp->t_vnet); #ifdef TCPDEBUG int ostate; @@ -365,6 +391,7 @@ tcp_timer_persist(void *xtp) if (inp == NULL) { tcp_timer_race++; INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); return; } INP_WLOCK(inp); @@ -372,6 +399,7 @@ tcp_timer_persist(void *xtp) || !callout_active(&tp->t_timers->tt_persist)) { INP_WUNLOCK(inp); INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); return; } callout_deactivate(&tp->t_timers->tt_persist); @@ -407,12 +435,15 @@ out: if (tp != NULL) INP_WUNLOCK(inp); INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); } void tcp_timer_rexmt(void * xtp) { struct tcpcb *tp = xtp; + CURVNET_SET(tp->t_vnet); + INIT_VNET_INET(tp->t_vnet); int rexmt; int headlocked; struct inpcb *inp; @@ -434,6 +465,7 @@ tcp_timer_rexmt(void * xtp) if (inp == NULL) { tcp_timer_race++; INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); return; } INP_WLOCK(inp); @@ -441,6 +473,7 @@ tcp_timer_rexmt(void * xtp) || !callout_active(&tp->t_timers->tt_rexmt)) { INP_WUNLOCK(inp); INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); return; } callout_deactivate(&tp->t_timers->tt_rexmt); @@ -564,6 +597,7 @@ out: INP_WUNLOCK(inp); if (headlocked) INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); } void diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c index 75d61e7..83b8aa6 100644 --- a/sys/netinet/tcp_timewait.c +++ b/sys/netinet/tcp_timewait.c @@ -110,6 +110,7 @@ static void tcp_tw_2msl_stop(struct tcptw *); static int tcptw_auto_size(void) { + INIT_VNET_INET(curvnet); int halfrange; /* @@ -162,6 +163,7 @@ tcp_tw_zone_change(void) void tcp_tw_init(void) { + INIT_VNET_INET(curvnet); tcptw_zone = uma_zcreate("tcptw", sizeof(struct tcptw), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); @@ -181,6 +183,9 @@ tcp_tw_init(void) void tcp_twstart(struct tcpcb *tp) { +#if defined(INVARIANTS) || defined(INVARIANT_SUPPORT) + INIT_VNET_INET(tp->t_vnet); +#endif struct tcptw *tw; struct inpcb *inp = tp->t_inpcb; int acknow; @@ -296,6 +301,7 @@ tcp_twstart(struct tcpcb *tp) int tcp_twrecycleable(struct tcptw *tw) { + INIT_VNET_INET(curvnet); tcp_seq new_iss = tw->iss; tcp_seq new_irs = tw->irs; @@ -318,6 +324,9 @@ int tcp_twcheck(struct inpcb *inp, struct tcpopt *to, struct tcphdr *th, struct mbuf *m, int tlen) { +#if defined(INVARIANTS) || defined(INVARIANT_SUPPORT) + INIT_VNET_INET(curvnet); +#endif struct tcptw *tw; int thflags; tcp_seq seq; @@ -454,6 +463,7 @@ drop: void tcp_twclose(struct tcptw *tw, int reuse) { + INIT_VNET_INET(curvnet); struct socket *so; struct inpcb *inp; @@ -521,6 +531,7 @@ tcp_twclose(struct tcptw *tw, int reuse) int tcp_twrespond(struct tcptw *tw, int flags) { + INIT_VNET_INET(curvnet); struct inpcb *inp = tw->tw_inpcb; struct tcphdr *th; struct mbuf *m; @@ -614,6 +625,7 @@ tcp_twrespond(struct tcptw *tw, int flags) static void tcp_tw_2msl_reset(struct tcptw *tw, int rearm) { + INIT_VNET_INET(curvnet); INP_INFO_WLOCK_ASSERT(&V_tcbinfo); INP_WLOCK_ASSERT(tw->tw_inpcb); @@ -626,6 +638,7 @@ tcp_tw_2msl_reset(struct tcptw *tw, int rearm) static void tcp_tw_2msl_stop(struct tcptw *tw) { + INIT_VNET_INET(curvnet); INP_INFO_WLOCK_ASSERT(&V_tcbinfo); TAILQ_REMOVE(&V_twq_2msl, tw, tw_2msl); @@ -634,6 +647,7 @@ tcp_tw_2msl_stop(struct tcptw *tw) struct tcptw * tcp_tw_2msl_scan(int reuse) { + INIT_VNET_INET(curvnet); struct tcptw *tw; INP_INFO_WLOCK_ASSERT(&V_tcbinfo); diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c index 6a19ad0..856d3f0 100644 --- a/sys/netinet/tcp_usrreq.c +++ b/sys/netinet/tcp_usrreq.c @@ -159,6 +159,9 @@ tcp_detach(struct socket *so, struct inpcb *inp) #ifdef INET6 int isipv6 = INP_CHECK_SOCKAF(so, AF_INET6) != 0; #endif +#ifdef INVARIANTS + INIT_VNET_INET(so->so_vnet); +#endif INP_INFO_WLOCK_ASSERT(&V_tcbinfo); INP_WLOCK_ASSERT(inp); @@ -249,6 +252,7 @@ tcp_detach(struct socket *so, struct inpcb *inp) static void tcp_usr_detach(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); @@ -267,6 +271,7 @@ tcp_usr_detach(struct socket *so) static int tcp_usr_bind(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_INET(so->so_vnet); int error = 0; struct inpcb *inp; struct tcpcb *tp = NULL; @@ -307,6 +312,7 @@ out: static int tcp6_usr_bind(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_INET(so->so_vnet); int error = 0; struct inpcb *inp; struct tcpcb *tp = NULL; @@ -365,6 +371,7 @@ out: static int tcp_usr_listen(struct socket *so, int backlog, struct thread *td) { + INIT_VNET_INET(so->so_vnet); int error = 0; struct inpcb *inp; struct tcpcb *tp = NULL; @@ -402,6 +409,7 @@ out: static int tcp6_usr_listen(struct socket *so, int backlog, struct thread *td) { + INIT_VNET_INET(so->so_vnet); int error = 0; struct inpcb *inp; struct tcpcb *tp = NULL; @@ -449,6 +457,7 @@ out: static int tcp_usr_connect(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_INET(so->so_vnet); int error = 0; struct inpcb *inp; struct tcpcb *tp = NULL; @@ -491,6 +500,7 @@ out: static int tcp6_usr_connect(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_INET(so->so_vnet); int error = 0; struct inpcb *inp; struct tcpcb *tp = NULL; @@ -563,6 +573,7 @@ out: static int tcp_usr_disconnect(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; struct tcpcb *tp = NULL; int error = 0; @@ -594,6 +605,7 @@ out: static int tcp_usr_accept(struct socket *so, struct sockaddr **nam) { + INIT_VNET_INET(so->so_vnet); int error = 0; struct inpcb *inp = NULL; struct tcpcb *tp = NULL; @@ -691,6 +703,7 @@ out: static int tcp_usr_shutdown(struct socket *so) { + INIT_VNET_INET(so->so_vnet); int error = 0; struct inpcb *inp; struct tcpcb *tp = NULL; @@ -757,6 +770,7 @@ static int tcp_usr_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam, struct mbuf *control, struct thread *td) { + INIT_VNET_INET(so->so_vnet); int error = 0; struct inpcb *inp; struct tcpcb *tp = NULL; @@ -912,6 +926,7 @@ out: static void tcp_usr_abort(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; struct tcpcb *tp = NULL; TCPDEBUG0; @@ -950,6 +965,7 @@ tcp_usr_abort(struct socket *so) static void tcp_usr_close(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; struct tcpcb *tp = NULL; TCPDEBUG0; @@ -1082,6 +1098,7 @@ tcp_connect(struct tcpcb *tp, struct sockaddr *nam, struct thread *td) { struct inpcb *inp = tp->t_inpcb, *oinp; struct socket *so = inp->inp_socket; + INIT_VNET_INET(so->so_vnet); struct in_addr laddr; u_short lport; int error; @@ -1137,6 +1154,7 @@ tcp6_connect(struct tcpcb *tp, struct sockaddr *nam, struct thread *td) { struct inpcb *inp = tp->t_inpcb, *oinp; struct socket *so = inp->inp_socket; + INIT_VNET_INET(so->so_vnet); struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)nam; struct in6_addr *addr6; int error; @@ -1258,6 +1276,7 @@ tcp_fill_info(struct tcpcb *tp, struct tcp_info *ti) int tcp_ctloutput(struct socket *so, struct sockopt *sopt) { + INIT_VNET_INET(so->so_vnet); int error, opt, optval; struct inpcb *inp; struct tcpcb *tp; @@ -1445,6 +1464,7 @@ SYSCTL_ULONG(_net_inet_tcp, TCPCTL_RECVSPACE, recvspace, CTLFLAG_RW, static int tcp_attach(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct tcpcb *tp; struct inpcb *inp; int error; @@ -1509,6 +1529,9 @@ tcp_disconnect(struct tcpcb *tp) { struct inpcb *inp = tp->t_inpcb; struct socket *so = inp->inp_socket; +#ifdef INVARIANTS + INIT_VNET_INET(so->so_vnet); +#endif INP_INFO_WLOCK_ASSERT(&V_tcbinfo); INP_WLOCK_ASSERT(inp); @@ -1547,6 +1570,9 @@ tcp_disconnect(struct tcpcb *tp) static void tcp_usrclosed(struct tcpcb *tp) { +#ifdef INVARIANTS + INIT_VNET_INET(tp->t_inpcb->inp_vnet); +#endif INP_INFO_WLOCK_ASSERT(&V_tcbinfo); INP_WLOCK_ASSERT(tp->t_inpcb); diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 52ddbec..f33b760 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -137,8 +137,9 @@ struct inpcbinfo udbinfo; #endif struct udpstat udpstat; /* from udp_var.h */ -SYSCTL_STRUCT(_net_inet_udp, UDPCTL_STATS, stats, CTLFLAG_RW, &udpstat, - udpstat, "UDP statistics (struct udpstat, netinet/udp_var.h)"); +SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_udp, UDPCTL_STATS, stats, + CTLFLAG_RW, udpstat, udpstat, + "UDP statistics (struct udpstat, netinet/udp_var.h)"); static void udp_detach(struct socket *so); static int udp_output(struct inpcb *, struct mbuf *, struct sockaddr *, @@ -164,6 +165,7 @@ udp_inpcb_init(void *mem, int size, int flags) void udp_init(void) { + INIT_VNET_INET(curvnet); INP_INFO_LOCK_INIT(&V_udbinfo, "udp"); LIST_INIT(&V_udb); @@ -202,6 +204,7 @@ udp_append(struct inpcb *inp, struct ip *ip, struct mbuf *n, int off, #ifdef IPSEC /* Check AH/ESP integrity. */ if (ipsec4_in_reject(n, inp)) { + INIT_VNET_IPSEC(curvnet); m_freem(n); V_ipsec4stat.in_polvio++; return; @@ -237,6 +240,7 @@ udp_append(struct inpcb *inp, struct ip *ip, struct mbuf *n, int off, so = inp->inp_socket; SOCKBUF_LOCK(&so->so_rcv); if (sbappendaddr_locked(&so->so_rcv, append_sa, n, opts) == 0) { + INIT_VNET_INET(so->so_vnet); SOCKBUF_UNLOCK(&so->so_rcv); m_freem(n); if (opts) @@ -249,6 +253,7 @@ udp_append(struct inpcb *inp, struct ip *ip, struct mbuf *n, int off, void udp_input(struct mbuf *m, int off) { + INIT_VNET_INET(curvnet); int iphlen = off; struct ip *ip; struct udphdr *uh; @@ -586,6 +591,7 @@ udp_notify(struct inpcb *inp, int errno) void udp_ctlinput(int cmd, struct sockaddr *sa, void *vip) { + INIT_VNET_INET(curvnet); struct ip *ip = vip; struct udphdr *uh; struct in_addr faddr; @@ -632,6 +638,7 @@ udp_ctlinput(int cmd, struct sockaddr *sa, void *vip) static int udp_pcblist(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET(curvnet); int error, i, n; struct inpcb *inp, **inp_list; inp_gen_t gencnt; @@ -730,6 +737,7 @@ SYSCTL_PROC(_net_inet_udp, UDPCTL_PCBLIST, pcblist, CTLFLAG_RD, 0, 0, static int udp_getcred(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET(curvnet); struct xucred xuc; struct sockaddr_in addrs[2]; struct inpcb *inp; @@ -772,6 +780,7 @@ static int udp_output(struct inpcb *inp, struct mbuf *m, struct sockaddr *addr, struct mbuf *control, struct thread *td) { + INIT_VNET_INET(inp->inp_vnet); struct udpiphdr *ui; int len = m->m_pkthdr.len; struct in_addr faddr, laddr; @@ -1081,6 +1090,7 @@ release: static void udp_abort(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); @@ -1099,6 +1109,7 @@ udp_abort(struct socket *so) static int udp_attach(struct socket *so, int proto, struct thread *td) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; int error; @@ -1125,6 +1136,7 @@ udp_attach(struct socket *so, int proto, struct thread *td) static int udp_bind(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; int error; @@ -1141,6 +1153,7 @@ udp_bind(struct socket *so, struct sockaddr *nam, struct thread *td) static void udp_close(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); @@ -1159,6 +1172,7 @@ udp_close(struct socket *so) static int udp_connect(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; int error; struct sockaddr_in *sin; @@ -1186,6 +1200,7 @@ udp_connect(struct socket *so, struct sockaddr *nam, struct thread *td) static void udp_detach(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); @@ -1202,6 +1217,7 @@ udp_detach(struct socket *so) static int udp_disconnect(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); diff --git a/sys/netinet/vinet.h b/sys/netinet/vinet.h new file mode 100644 index 0000000..1f16dfd --- /dev/null +++ b/sys/netinet/vinet.h @@ -0,0 +1,331 @@ +/*- + * Copyright (c) 2006-2008 University of Zagreb + * Copyright (c) 2006-2008 FreeBSD Foundation + * + * This software was developed by the University of Zagreb and the + * FreeBSD Foundation under sponsorship by the Stichting NLnet and the + * FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _NETINET_VINET_H_ +#define _NETINET_VINET_H_ + +#ifdef VIMAGE +#include <sys/socketvar.h> +#include <sys/sysctl.h> +#include <sys/md5.h> + +#include <netinet/in.h> +#include <netinet/in_systm.h> +#include <netinet/in_var.h> +#include <netinet/in_pcb.h> +#include <netinet/ip_var.h> +#include <netinet/ip.h> +#include <netinet/ip_icmp.h> +#include <netinet/icmp_var.h> +#include <netinet/igmp_var.h> +#include <netinet/tcp.h> +#include <netinet/tcp_var.h> +#include <netinet/tcp_hostcache.h> +#include <netinet/tcp_syncache.h> +#include <netinet/udp.h> +#include <netinet/udp_var.h> + +struct vnet_inet { + struct in_ifaddrhashhead *_in_ifaddrhashtbl; + struct in_ifaddrhead _in_ifaddrhead; + u_long _in_ifaddrhmask; + struct in_multihead _in_multihead; + + int _arpt_keep; + int _arp_maxtries; + int _useloopback; + int _arp_proxyall; + int _subnetsarelocal; + int _sameprefixcarponly; + + int _ipforwarding; + int _ipstealth; + int _ipfastforward_active; + int _ipsendredirects; + int _ip_defttl; + int _ip_keepfaith; + int _ip_sendsourcequench; + int _ip_do_randomid; + int _ip_checkinterface; + u_short _ip_id; + + uma_zone_t _ipq_zone; + int _nipq; /* Total # of reass queues */ + int _maxnipq; /* Admin. limit on # reass queues. */ + int _maxfragsperpacket; + TAILQ_HEAD(ipqhead, ipq) _ipq[IPREASS_NHASH]; + + struct inpcbhead _tcb; /* head of queue of active tcpcb's */ + struct inpcbinfo _tcbinfo; + struct tcpstat _tcpstat; /* tcp statistics */ + struct tcp_hostcache _tcp_hostcache; + struct callout _tcp_hc_callout; + struct tcp_syncache _tcp_syncache; + struct inpcbhead _divcb; + struct inpcbinfo _divcbinfo; + TAILQ_HEAD(, tcptw) _twq_2msl; + + int _tcp_sc_rst_sock_fail; + int _tcp_mssdflt; + int _tcp_v6mssdflt; + int _tcp_minmss; + int _tcp_do_rfc1323; + int _icmp_may_rst; + int _tcp_isn_reseed_interval; + int _tcp_inflight_enable; + int _tcp_inflight_rttthresh; + int _tcp_inflight_min; + int _tcp_inflight_max; + int _tcp_inflight_stab; + int _nolocaltimewait; + int _path_mtu_discovery; + int _ss_fltsz; + int _ss_fltsz_local; + int _tcp_do_newreno; + int _tcp_do_tso; + int _tcp_do_autosndbuf; + int _tcp_autosndbuf_inc; + int _tcp_autosndbuf_max; + int _tcp_do_sack; + int _tcp_sack_maxholes; + int _tcp_sack_globalmaxholes; + int _tcp_sack_globalholes; + int _blackhole; + int _tcp_delack_enabled; + int _drop_synfin; + int _tcp_do_rfc3042; + int _tcp_do_rfc3390; + int _tcp_do_ecn; + int _tcp_ecn_maxretries; + int _tcp_insecure_rst; + int _tcp_do_autorcvbuf; + int _tcp_autorcvbuf_inc; + int _tcp_autorcvbuf_max; + int _tcp_reass_maxseg; + int _tcp_reass_qsize; + int _tcp_reass_maxqlen; + int _tcp_reass_overflows; + + u_char _isn_secret[32]; + int _isn_last_reseed; + u_int32_t _isn_offset; + u_int32_t _isn_offset_old; + MD5_CTX _isn_ctx; + + struct inpcbhead _udb; + struct inpcbinfo _udbinfo; + struct udpstat _udpstat; + int _udp_blackhole; + + struct inpcbhead _ripcb; + struct inpcbinfo _ripcbinfo; + struct socket *_ip_mrouter; + + struct socket *_ip_rsvpd; + int _ip_rsvp_on; + int _rsvp_on; + + struct icmpstat _icmpstat; + struct ipstat _ipstat; + struct igmpstat _igmpstat; + + SLIST_HEAD(, router_info) _router_info_head; + + int _rtq_timeout; + int _rtq_reallyold; + int _rtq_minreallyold; + int _rtq_toomany; + struct callout _rtq_timer; + + int _ipport_lowfirstauto; + int _ipport_lowlastauto; + int _ipport_firstauto; + int _ipport_lastauto; + int _ipport_hifirstauto; + int _ipport_hilastauto; + int _ipport_reservedhigh; + int _ipport_reservedlow; + int _ipport_randomized; + int _ipport_randomcps; + int _ipport_randomtime; + int _ipport_stoprandom; + int _ipport_tcpallocs; + int _ipport_tcplastcount; + + int _icmpmaskrepl; + u_int _icmpmaskfake; + int _drop_redirect; + int _log_redirect; + int _icmplim; + int _icmplim_output; + char _reply_src[IFNAMSIZ]; + int _icmp_rfi; + int _icmp_quotelen; + int _icmpbmcastecho; +}; +#endif + + +/* + * Symbol translation macros + */ +#define INIT_VNET_INET(vnet) \ + INIT_FROM_VNET(vnet, VNET_MOD_INET, struct vnet_inet, vnet_inet) + +#define VNET_INET(sym) VSYM(vnet_inet, sym) + +#define V_arp_maxtries VNET_INET(arp_maxtries) +#define V_arp_proxyall VNET_INET(arp_proxyall) +#define V_arpt_keep VNET_INET(arpt_keep) +#define V_arpt_prune VNET_INET(arpt_prune) +#define V_blackhole VNET_INET(blackhole) +#define V_divcb VNET_INET(divcb) +#define V_divcbinfo VNET_INET(divcbinfo) +#define V_drop_redirect VNET_INET(drop_redirect) +#define V_drop_synfin VNET_INET(drop_synfin) +#define V_icmp_may_rst VNET_INET(icmp_may_rst) +#define V_icmp_quotelen VNET_INET(icmp_quotelen) +#define V_icmp_rfi VNET_INET(icmp_rfi) +#define V_icmpbmcastecho VNET_INET(icmpbmcastecho) +#define V_icmplim VNET_INET(icmplim) +#define V_icmplim_output VNET_INET(icmplim_output) +#define V_icmpmaskfake VNET_INET(icmpmaskfake) +#define V_icmpmaskrepl VNET_INET(icmpmaskrepl) +#define V_icmpstat VNET_INET(icmpstat) +#define V_igmpstat VNET_INET(igmpstat) +#define V_in_ifaddrhashtbl VNET_INET(in_ifaddrhashtbl) +#define V_in_ifaddrhead VNET_INET(in_ifaddrhead) +#define V_in_ifaddrhmask VNET_INET(in_ifaddrhmask) +#define V_in_multihead VNET_INET(in_multihead) +#define V_ip_checkinterface VNET_INET(ip_checkinterface) +#define V_ip_defttl VNET_INET(ip_defttl) +#define V_ip_do_randomid VNET_INET(ip_do_randomid) +#define V_ip_id VNET_INET(ip_id) +#define V_ip_keepfaith VNET_INET(ip_keepfaith) +#define V_ip_mrouter VNET_INET(ip_mrouter) +#define V_ip_rsvp_on VNET_INET(ip_rsvp_on) +#define V_ip_rsvpd VNET_INET(ip_rsvpd) +#define V_ip_sendsourcequench VNET_INET(ip_sendsourcequench) +#define V_ipfastforward_active VNET_INET(ipfastforward_active) +#define V_ipforwarding VNET_INET(ipforwarding) +#define V_ipport_firstauto VNET_INET(ipport_firstauto) +#define V_ipport_hifirstauto VNET_INET(ipport_hifirstauto) +#define V_ipport_hilastauto VNET_INET(ipport_hilastauto) +#define V_ipport_lastauto VNET_INET(ipport_lastauto) +#define V_ipport_lowfirstauto VNET_INET(ipport_lowfirstauto) +#define V_ipport_lowlastauto VNET_INET(ipport_lowlastauto) +#define V_ipport_randomcps VNET_INET(ipport_randomcps) +#define V_ipport_randomized VNET_INET(ipport_randomized) +#define V_ipport_randomtime VNET_INET(ipport_randomtime) +#define V_ipport_reservedhigh VNET_INET(ipport_reservedhigh) +#define V_ipport_reservedlow VNET_INET(ipport_reservedlow) +#define V_ipport_stoprandom VNET_INET(ipport_stoprandom) +#define V_ipport_tcpallocs VNET_INET(ipport_tcpallocs) +#define V_ipport_tcplastcount VNET_INET(ipport_tcplastcount) +#define V_ipq VNET_INET(ipq) +#define V_ipq_zone VNET_INET(ipq_zone) +#define V_ipsendredirects VNET_INET(ipsendredirects) +#define V_ipstat VNET_INET(ipstat) +#define V_ipstealth VNET_INET(ipstealth) +#define V_isn_ctx VNET_INET(isn_ctx) +#define V_isn_last_reseed VNET_INET(isn_last_reseed) +#define V_isn_offset VNET_INET(isn_offset) +#define V_isn_offset_old VNET_INET(isn_offset_old) +#define V_isn_secret VNET_INET(isn_secret) +#define V_llinfo_arp VNET_INET(llinfo_arp) +#define V_log_redirect VNET_INET(log_redirect) +#define V_maxfragsperpacket VNET_INET(maxfragsperpacket) +#define V_maxnipq VNET_INET(maxnipq) +#define V_nipq VNET_INET(nipq) +#define V_nolocaltimewait VNET_INET(nolocaltimewait) +#define V_path_mtu_discovery VNET_INET(path_mtu_discovery) +#define V_reply_src VNET_INET(reply_src) +#define V_ripcb VNET_INET(ripcb) +#define V_ripcbinfo VNET_INET(ripcbinfo) +#define V_router_info_head VNET_INET(router_info_head) +#define V_rsvp_on VNET_INET(rsvp_on) +#define V_rtq_minreallyold VNET_INET(rtq_minreallyold) +#define V_rtq_reallyold VNET_INET(rtq_reallyold) +#define V_rtq_timeout VNET_INET(rtq_timeout) +#define V_rtq_timer VNET_INET(rtq_timer) +#define V_rtq_toomany VNET_INET(rtq_toomany) +#define V_sameprefixcarponly VNET_INET(sameprefixcarponly) +#define V_ss_fltsz VNET_INET(ss_fltsz) +#define V_ss_fltsz_local VNET_INET(ss_fltsz_local) +#define V_subnetsarelocal VNET_INET(subnetsarelocal) +#define V_tcb VNET_INET(tcb) +#define V_tcbinfo VNET_INET(tcbinfo) +#define V_tcp_autorcvbuf_inc VNET_INET(tcp_autorcvbuf_inc) +#define V_tcp_autorcvbuf_max VNET_INET(tcp_autorcvbuf_max) +#define V_tcp_autosndbuf_inc VNET_INET(tcp_autosndbuf_inc) +#define V_tcp_autosndbuf_max VNET_INET(tcp_autosndbuf_max) +#define V_tcp_delack_enabled VNET_INET(tcp_delack_enabled) +#define V_tcp_do_autorcvbuf VNET_INET(tcp_do_autorcvbuf) +#define V_tcp_do_autosndbuf VNET_INET(tcp_do_autosndbuf) +#define V_tcp_do_ecn VNET_INET(tcp_do_ecn) +#define V_tcp_do_newreno VNET_INET(tcp_do_newreno) +#define V_tcp_do_rfc1323 VNET_INET(tcp_do_rfc1323) +#define V_tcp_do_rfc3042 VNET_INET(tcp_do_rfc3042) +#define V_tcp_do_rfc3390 VNET_INET(tcp_do_rfc3390) +#define V_tcp_do_sack VNET_INET(tcp_do_sack) +#define V_tcp_do_tso VNET_INET(tcp_do_tso) +#define V_tcp_ecn_maxretries VNET_INET(tcp_ecn_maxretries) +#define V_tcp_hc_callout VNET_INET(tcp_hc_callout) +#define V_tcp_hostcache VNET_INET(tcp_hostcache) +#define V_tcp_inflight_enable VNET_INET(tcp_inflight_enable) +#define V_tcp_inflight_max VNET_INET(tcp_inflight_max) +#define V_tcp_inflight_min VNET_INET(tcp_inflight_min) +#define V_tcp_inflight_rttthresh VNET_INET(tcp_inflight_rttthresh) +#define V_tcp_inflight_stab VNET_INET(tcp_inflight_stab) +#define V_tcp_insecure_rst VNET_INET(tcp_insecure_rst) +#define V_tcp_isn_reseed_interval VNET_INET(tcp_isn_reseed_interval) +#define V_tcp_minmss VNET_INET(tcp_minmss) +#define V_tcp_mssdflt VNET_INET(tcp_mssdflt) +#define V_tcp_reass_maxqlen VNET_INET(tcp_reass_maxqlen) +#define V_tcp_reass_maxseg VNET_INET(tcp_reass_maxseg) +#define V_tcp_reass_overflows VNET_INET(tcp_reass_overflows) +#define V_tcp_reass_qsize VNET_INET(tcp_reass_qsize) +#define V_tcp_sack_globalholes VNET_INET(tcp_sack_globalholes) +#define V_tcp_sack_globalmaxholes VNET_INET(tcp_sack_globalmaxholes) +#define V_tcp_sack_maxholes VNET_INET(tcp_sack_maxholes) +#define V_tcp_sc_rst_sock_fail VNET_INET(tcp_sc_rst_sock_fail) +#define V_tcp_syncache VNET_INET(tcp_syncache) +#define V_tcp_v6mssdflt VNET_INET(tcp_v6mssdflt) +#define V_tcpstat VNET_INET(tcpstat) +#define V_twq_2msl VNET_INET(twq_2msl) +#define V_udb VNET_INET(udb) +#define V_udbinfo VNET_INET(udbinfo) +#define V_udp_blackhole VNET_INET(udp_blackhole) +#define V_udpstat VNET_INET(udpstat) +#define V_useloopback VNET_INET(useloopback) + +#endif /* !_NETINET_VINET_H_ */ diff --git a/sys/netinet6/dest6.c b/sys/netinet6/dest6.c index 20b5e9d..6ac30ed 100644 --- a/sys/netinet6/dest6.c +++ b/sys/netinet6/dest6.c @@ -62,6 +62,7 @@ __FBSDID("$FreeBSD$"); int dest6_input(struct mbuf **mp, int *offp, int proto) { + INIT_VNET_INET6(curvnet); struct mbuf *m = *mp; int off = *offp, dstoptlen, optlen; struct ip6_dest *dstopts; diff --git a/sys/netinet6/frag6.c b/sys/netinet6/frag6.c index bad4410..fca85c5 100644 --- a/sys/netinet6/frag6.c +++ b/sys/netinet6/frag6.c @@ -91,6 +91,7 @@ static MALLOC_DEFINE(M_FTABLE, "fragment", "fragment reassembly header"); static void frag6_change(void *tag) { + INIT_VNET_INET6(curvnet); V_ip6_maxfragpackets = nmbclusters / 4; V_ip6_maxfrags = nmbclusters / 4; @@ -99,6 +100,7 @@ frag6_change(void *tag) void frag6_init(void) { + INIT_VNET_INET6(curvnet); V_ip6_maxfragpackets = nmbclusters / 4; V_ip6_maxfrags = nmbclusters / 4; @@ -145,6 +147,7 @@ frag6_init(void) int frag6_input(struct mbuf **mp, int *offp, int proto) { + INIT_VNET_INET6(curvnet); struct mbuf *m = *mp, *t; struct ip6_hdr *ip6; struct ip6_frag *ip6f; @@ -586,6 +589,7 @@ insert: void frag6_freef(struct ip6q *q6) { + INIT_VNET_INET6(curvnet); struct ip6asfrag *af6, *down6; IP6Q_LOCK_ASSERT(); @@ -682,31 +686,39 @@ frag6_remque(struct ip6q *p6) void frag6_slowtimo(void) { + VNET_ITERATOR_DECL(vnet_iter); struct ip6q *q6; IP6Q_LOCK(); - q6 = V_ip6q.ip6q_next; - if (q6) - while (q6 != &V_ip6q) { - --q6->ip6q_ttl; - q6 = q6->ip6q_next; - if (q6->ip6q_prev->ip6q_ttl == 0) { - V_ip6stat.ip6s_fragtimeout++; - /* XXX in6_ifstat_inc(ifp, ifs6_reass_fail) */ - frag6_freef(q6->ip6q_prev); + VNET_LIST_RLOCK(); + VNET_FOREACH(vnet_iter) { + CURVNET_SET(vnet_iter); + INIT_VNET_INET6(vnet_iter); + q6 = V_ip6q.ip6q_next; + if (q6) + while (q6 != &V_ip6q) { + --q6->ip6q_ttl; + q6 = q6->ip6q_next; + if (q6->ip6q_prev->ip6q_ttl == 0) { + V_ip6stat.ip6s_fragtimeout++; + /* XXX in6_ifstat_inc(ifp, ifs6_reass_fail) */ + frag6_freef(q6->ip6q_prev); + } } + /* + * If we are over the maximum number of fragments + * (due to the limit being lowered), drain off + * enough to get down to the new limit. + */ + while (V_frag6_nfragpackets > (u_int)V_ip6_maxfragpackets && + V_ip6q.ip6q_prev) { + V_ip6stat.ip6s_fragoverflow++; + /* XXX in6_ifstat_inc(ifp, ifs6_reass_fail) */ + frag6_freef(V_ip6q.ip6q_prev); } - /* - * If we are over the maximum number of fragments - * (due to the limit being lowered), drain off - * enough to get down to the new limit. - */ - while (V_frag6_nfragpackets > (u_int)V_ip6_maxfragpackets && - V_ip6q.ip6q_prev) { - V_ip6stat.ip6s_fragoverflow++; - /* XXX in6_ifstat_inc(ifp, ifs6_reass_fail) */ - frag6_freef(V_ip6q.ip6q_prev); + CURVNET_RESTORE(); } + VNET_LIST_RUNLOCK(); IP6Q_UNLOCK(); #if 0 @@ -732,13 +744,21 @@ frag6_slowtimo(void) void frag6_drain(void) { + VNET_ITERATOR_DECL(vnet_iter); if (IP6Q_TRYLOCK() == 0) return; - while (V_ip6q.ip6q_next != &V_ip6q) { - V_ip6stat.ip6s_fragdropped++; - /* XXX in6_ifstat_inc(ifp, ifs6_reass_fail) */ - frag6_freef(V_ip6q.ip6q_next); + VNET_LIST_RLOCK(); + VNET_FOREACH(vnet_iter) { + CURVNET_SET(vnet_iter); + INIT_VNET_INET6(vnet_iter); + while (V_ip6q.ip6q_next != &V_ip6q) { + V_ip6stat.ip6s_fragdropped++; + /* XXX in6_ifstat_inc(ifp, ifs6_reass_fail) */ + frag6_freef(V_ip6q.ip6q_next); + } + CURVNET_RESTORE(); } + VNET_LIST_RUNLOCK(); IP6Q_UNLOCK(); } diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c index c4651ef..65ef96c 100644 --- a/sys/netinet6/icmp6.c +++ b/sys/netinet6/icmp6.c @@ -136,6 +136,7 @@ static int icmp6_notify_error(struct mbuf **, int, int, int); void icmp6_init(void) { + INIT_VNET_INET6(curvnet); mld6_init(); } @@ -204,6 +205,7 @@ void icmp6_error2(struct mbuf *m, int type, int code, int param, struct ifnet *ifp) { + INIT_VNET_INET6(curvnet); struct ip6_hdr *ip6; if (ifp == NULL) @@ -235,6 +237,7 @@ icmp6_error2(struct mbuf *m, int type, int code, int param, void icmp6_error(struct mbuf *m, int type, int code, int param) { + INIT_VNET_INET6(curvnet); struct ip6_hdr *oip6, *nip6; struct icmp6_hdr *icmp6; u_int preplen; @@ -389,6 +392,8 @@ icmp6_error(struct mbuf *m, int type, int code, int param) int icmp6_input(struct mbuf **mp, int *offp, int proto) { + INIT_VNET_INET6(curvnet); + INIT_VPROCG(TD_TO_VPROCG(curthread)); /* XXX V_hostname needs this */ struct mbuf *m = *mp, *n; struct ip6_hdr *ip6, *nip6; struct icmp6_hdr *icmp6, *nicmp6; @@ -862,6 +867,7 @@ icmp6_input(struct mbuf **mp, int *offp, int proto) static int icmp6_notify_error(struct mbuf **mp, int off, int icmp6len, int code) { + INIT_VNET_INET6(curvnet); struct mbuf *m = *mp; struct icmp6_hdr *icmp6; struct ip6_hdr *eip6; @@ -1093,6 +1099,7 @@ icmp6_notify_error(struct mbuf **mp, int off, int icmp6len, int code) void icmp6_mtudisc_update(struct ip6ctlparam *ip6cp, int validated) { + INIT_VNET_INET6(curvnet); struct in6_addr *dst = ip6cp->ip6c_finaldst; struct icmp6_hdr *icmp6 = ip6cp->ip6c_icmp6; struct mbuf *m = ip6cp->ip6c_m; /* will be necessary for scope issue */ @@ -1158,6 +1165,8 @@ icmp6_mtudisc_update(struct ip6ctlparam *ip6cp, int validated) static struct mbuf * ni6_input(struct mbuf *m, int off) { + INIT_VNET_INET6(curvnet); + INIT_VPROCG(TD_TO_VPROCG(curthread)); /* XXX V_hostname needs this */ struct icmp6_nodeinfo *ni6, *nni6; struct mbuf *n = NULL; u_int16_t qtype; @@ -1643,6 +1652,8 @@ static int ni6_addrs(struct icmp6_nodeinfo *ni6, struct mbuf *m, struct ifnet **ifpp, struct in6_addr *subj) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET6(curvnet); struct ifnet *ifp; struct in6_ifaddr *ifa6; struct ifaddr *ifa; @@ -1734,6 +1745,8 @@ static int ni6_store_addrs(struct icmp6_nodeinfo *ni6, struct icmp6_nodeinfo *nni6, struct ifnet *ifp0, int resid) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET6(curvnet); struct ifnet *ifp = ifp0 ? ifp0 : TAILQ_FIRST(&V_ifnet); struct in6_ifaddr *ifa6; struct ifaddr *ifa; @@ -1873,6 +1886,8 @@ ni6_store_addrs(struct icmp6_nodeinfo *ni6, struct icmp6_nodeinfo *nni6, static int icmp6_rip6_input(struct mbuf **mp, int off) { + INIT_VNET_INET(curvnet); + INIT_VNET_INET6(curvnet); struct mbuf *m = *mp; struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); struct in6pcb *in6p; @@ -2033,6 +2048,7 @@ icmp6_rip6_input(struct mbuf **mp, int off) void icmp6_reflect(struct mbuf *m, size_t off) { + INIT_VNET_INET6(curvnet); struct ip6_hdr *ip6; struct icmp6_hdr *icmp6; struct in6_ifaddr *ia; @@ -2212,6 +2228,7 @@ icmp6_redirect_diag(struct in6_addr *src6, struct in6_addr *dst6, void icmp6_redirect_input(struct mbuf *m, int off) { + INIT_VNET_INET6(curvnet); struct ifnet *ifp; struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); struct nd_redirect *nd_rd; @@ -2419,6 +2436,7 @@ icmp6_redirect_input(struct mbuf *m, int off) void icmp6_redirect_output(struct mbuf *m0, struct rtentry *rt) { + INIT_VNET_INET6(curvnet); struct ifnet *ifp; /* my outgoing interface */ struct in6_addr *ifp_ll6; struct in6_addr *router_ll6; @@ -2785,6 +2803,7 @@ static int icmp6_ratelimit(const struct in6_addr *dst, const int type, const int code) { + INIT_VNET_INET6(curvnet); int ret; ret = 0; /* okay to send */ diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c index a6cac29..19fba30 100644 --- a/sys/netinet6/in6.c +++ b/sys/netinet6/in6.c @@ -231,6 +231,7 @@ in6_ifaddloop(struct ifaddr *ifa) void in6_ifremloop(struct ifaddr *ifa) { + INIT_VNET_INET6(curvnet); struct in6_ifaddr *ia; struct rtentry *rt; int ia_count = 0; @@ -322,6 +323,7 @@ int in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp, struct thread *td) { + INIT_VNET_INET6(curvnet); struct in6_ifreq *ifr = (struct in6_ifreq *)data; struct in6_ifaddr *ia = NULL; struct in6_aliasreq *ifra = (struct in6_aliasreq *)data; @@ -795,6 +797,8 @@ int in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, struct in6_ifaddr *ia, int flags) { + INIT_VNET_INET6(ifp->if_vnet); + INIT_VPROCG(TD_TO_VPROCG(curthread)); /* XXX V_hostname needs this */ int error = 0, hostIsNew = 0, plen = -1; struct in6_ifaddr *oia; struct sockaddr_in6 dst6; @@ -1323,6 +1327,7 @@ in6_purgeaddr(struct ifaddr *ifa) static void in6_unlink_ifa(struct in6_ifaddr *ia, struct ifnet *ifp) { + INIT_VNET_INET6(ifp->if_vnet); struct in6_ifaddr *oia; int s = splnet(); @@ -1890,6 +1895,7 @@ ip6_sprintf(char *ip6buf, const struct in6_addr *addr) int in6_localaddr(struct in6_addr *in6) { + INIT_VNET_INET6(curvnet); struct in6_ifaddr *ia; if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6)) @@ -1908,6 +1914,7 @@ in6_localaddr(struct in6_addr *in6) int in6_is_addr_deprecated(struct sockaddr_in6 *sa6) { + INIT_VNET_INET6(curvnet); struct in6_ifaddr *ia; for (ia = V_in6_ifaddr; ia; ia = ia->ia_next) { @@ -2000,6 +2007,7 @@ in6_prefixlen2mask(struct in6_addr *maskp, int len) struct in6_ifaddr * in6_ifawithifp(struct ifnet *ifp, struct in6_addr *dst) { + INIT_VNET_INET6(curvnet); int dst_scope = in6_addrscope(dst), blen = -1, tlen; struct ifaddr *ifa; struct in6_ifaddr *besta = 0; @@ -2148,6 +2156,8 @@ in6if_do_dad(struct ifnet *ifp) void in6_setmaxmtu(void) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET6(curvnet); unsigned long maxmtu = 0; struct ifnet *ifp; diff --git a/sys/netinet6/in6_gif.c b/sys/netinet6/in6_gif.c index bdee674..a0bdda8 100644 --- a/sys/netinet6/in6_gif.c +++ b/sys/netinet6/in6_gif.c @@ -87,6 +87,7 @@ in6_gif_output(struct ifnet *ifp, int family, /* family of the packet to be encapsulate */ struct mbuf *m) { + INIT_VNET_GIF(ifp->if_vnet); struct gif_softc *sc = ifp->if_softc; struct sockaddr_in6 *dst = (struct sockaddr_in6 *)&sc->gif_ro6.ro_dst; struct sockaddr_in6 *sin6_src = (struct sockaddr_in6 *)sc->gif_psrc; @@ -246,6 +247,7 @@ in6_gif_output(struct ifnet *ifp, int in6_gif_input(struct mbuf **mp, int *offp, int proto) { + INIT_VNET_INET6(curvnet); struct mbuf *m = *mp; struct ifnet *gifp = NULL; struct gif_softc *sc; diff --git a/sys/netinet6/in6_ifattach.c b/sys/netinet6/in6_ifattach.c index 4f40a7a..a51f59c 100644 --- a/sys/netinet6/in6_ifattach.c +++ b/sys/netinet6/in6_ifattach.c @@ -104,6 +104,7 @@ static void in6_purgemaddrs(struct ifnet *); static int get_rand_ifid(struct ifnet *ifp, struct in6_addr *in6) { + INIT_VPROCG(TD_TO_VPROCG(curthread)); /* XXX V_hostname needs this */ MD5_CTX ctxt; u_int8_t digest[16]; int hostnamelen; @@ -139,6 +140,7 @@ get_rand_ifid(struct ifnet *ifp, struct in6_addr *in6) static int generate_tmp_ifid(u_int8_t *seed0, const u_int8_t *seed1, u_int8_t *ret) { + INIT_VNET_INET6(curvnet); MD5_CTX ctxt; u_int8_t seed[16], digest[16], nullbuf[8]; u_int32_t val32; @@ -358,6 +360,8 @@ static int get_ifid(struct ifnet *ifp0, struct ifnet *altifp, struct in6_addr *in6) { + INIT_VNET_NET(ifp0->if_vnet); + INIT_VNET_INET6(ifp0->if_vnet); struct ifnet *ifp; /* first, try to get it from the interface itself */ @@ -421,6 +425,7 @@ success: static int in6_ifattach_linklocal(struct ifnet *ifp, struct ifnet *altifp) { + INIT_VNET_INET6(curvnet); struct in6_ifaddr *ia; struct in6_aliasreq ifra; struct nd_prefixctl pr0; @@ -537,6 +542,7 @@ in6_ifattach_linklocal(struct ifnet *ifp, struct ifnet *altifp) static int in6_ifattach_loopback(struct ifnet *ifp) { + INIT_VNET_INET6(curvnet); struct in6_aliasreq ifra; int error; @@ -648,6 +654,7 @@ in6_nigroup(struct ifnet *ifp, const char *name, int namelen, void in6_ifattach(struct ifnet *ifp, struct ifnet *altifp) { + INIT_VNET_INET6(ifp->if_vnet); struct in6_ifaddr *ia; struct in6_addr in6; @@ -730,6 +737,9 @@ statinit: void in6_ifdetach(struct ifnet *ifp) { + INIT_VNET_NET(ifp->if_vnet); + INIT_VNET_INET(ifp->if_vnet); + INIT_VNET_INET6(ifp->if_vnet); struct in6_ifaddr *ia, *oia; struct ifaddr *ifa, *next; struct rtentry *rt; @@ -865,6 +875,8 @@ in6_get_tmpifid(struct ifnet *ifp, u_int8_t *retbuf, void in6_tmpaddrtimer(void *ignored_arg) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET6(curvnet); struct nd_ifinfo *ndi; u_int8_t nullbuf[8]; struct ifnet *ifp; diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index 979ddbd..404335b 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -117,6 +117,8 @@ int in6_pcbbind(register struct inpcb *inp, struct sockaddr *nam, struct ucred *cred) { + INIT_VNET_INET6(inp->inp_vnet); + INIT_VNET_INET(inp->inp_vnet); struct socket *so = inp->inp_socket; struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)NULL; struct inpcbinfo *pcbinfo = inp->inp_pcbinfo; @@ -284,6 +286,7 @@ int in6_pcbladdr(register struct inpcb *inp, struct sockaddr *nam, struct in6_addr **plocal_addr6) { + INIT_VNET_INET6(inp->inp_vnet); register struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)nam; int error = 0; struct ifnet *ifp = NULL; diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c index c1caaa5..ca221fe 100644 --- a/sys/netinet6/in6_proto.c +++ b/sys/netinet6/in6_proto.c @@ -458,6 +458,7 @@ SYSCTL_NODE(_net_inet6, IPPROTO_ESP, ipsec6, CTLFLAG_RW, 0, "IPSEC6"); static int sysctl_ip6_temppltime(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET6(curvnet); int error = 0; int old; @@ -477,6 +478,7 @@ sysctl_ip6_temppltime(SYSCTL_HANDLER_ARGS) static int sysctl_ip6_tempvltime(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET6(curvnet); int error = 0; int old; @@ -492,91 +494,92 @@ sysctl_ip6_tempvltime(SYSCTL_HANDLER_ARGS) return (error); } -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_FORWARDING, - forwarding, CTLFLAG_RW, &ip6_forwarding, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_SENDREDIRECTS, - redirect, CTLFLAG_RW, &ip6_sendredirects, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFHLIM, - hlim, CTLFLAG_RW, &ip6_defhlim, 0, ""); -SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_STATS, stats, CTLFLAG_RD, - &ip6stat, ip6stat, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGPACKETS, - maxfragpackets, CTLFLAG_RW, &ip6_maxfragpackets, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_ACCEPT_RTADV, - accept_rtadv, CTLFLAG_RW, &ip6_accept_rtadv, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_KEEPFAITH, - keepfaith, CTLFLAG_RW, &ip6_keepfaith, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_LOG_INTERVAL, - log_interval, CTLFLAG_RW, &ip6_log_interval, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_HDRNESTLIMIT, - hdrnestlimit, CTLFLAG_RW, &ip6_hdrnestlimit, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DAD_COUNT, - dad_count, CTLFLAG_RW, &ip6_dad_count, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_FLOWLABEL, - auto_flowlabel, CTLFLAG_RW, &ip6_auto_flowlabel, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFMCASTHLIM, - defmcasthlim, CTLFLAG_RW, &ip6_defmcasthlim, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_GIF_HLIM, - gifhlim, CTLFLAG_RW, &ip6_gif_hlim, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_FORWARDING, + forwarding, CTLFLAG_RW, ip6_forwarding, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_SENDREDIRECTS, + redirect, CTLFLAG_RW, ip6_sendredirects, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_DEFHLIM, + hlim, CTLFLAG_RW, ip6_defhlim, 0, ""); +SYSCTL_V_STRUCT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_STATS, stats, + CTLFLAG_RD, ip6stat, ip6stat, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_MAXFRAGPACKETS, + maxfragpackets, CTLFLAG_RW, ip6_maxfragpackets, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_ACCEPT_RTADV, + accept_rtadv, CTLFLAG_RW, ip6_accept_rtadv, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_KEEPFAITH, + keepfaith, CTLFLAG_RW, ip6_keepfaith, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_LOG_INTERVAL, + log_interval, CTLFLAG_RW, ip6_log_interval, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_HDRNESTLIMIT, + hdrnestlimit, CTLFLAG_RW, ip6_hdrnestlimit, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_DAD_COUNT, + dad_count, CTLFLAG_RW, ip6_dad_count, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_AUTO_FLOWLABEL, + auto_flowlabel, CTLFLAG_RW, ip6_auto_flowlabel, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_DEFMCASTHLIM, + defmcasthlim, CTLFLAG_RW, ip6_defmcasthlim, 0, ""); SYSCTL_STRING(_net_inet6_ip6, IPV6CTL_KAME_VERSION, kame_version, CTLFLAG_RD, __KAME_VERSION, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USE_DEPRECATED, - use_deprecated, CTLFLAG_RW, &ip6_use_deprecated, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RR_PRUNE, - rr_prune, CTLFLAG_RW, &ip6_rr_prune, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USETEMPADDR, - use_tempaddr, CTLFLAG_RW, &ip6_use_tempaddr, 0, ""); -SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPPLTIME, temppltime, - CTLTYPE_INT|CTLFLAG_RW, &ip6_temp_preferred_lifetime, 0, - sysctl_ip6_temppltime, "I", ""); -SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPVLTIME, tempvltime, - CTLTYPE_INT|CTLFLAG_RW, &ip6_temp_valid_lifetime, 0, - sysctl_ip6_tempvltime, "I", ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_V6ONLY, - v6only, CTLFLAG_RW, &ip6_v6only, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_USE_DEPRECATED, + use_deprecated, CTLFLAG_RW, ip6_use_deprecated, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_RR_PRUNE, + rr_prune, CTLFLAG_RW, ip6_rr_prune, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_USETEMPADDR, + use_tempaddr, CTLFLAG_RW, ip6_use_tempaddr, 0, ""); +SYSCTL_V_OID(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_TEMPPLTIME, temppltime, + CTLTYPE_INT|CTLFLAG_RW, ip6_temp_preferred_lifetime, 0, + sysctl_ip6_temppltime, "I", ""); +SYSCTL_V_OID(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_TEMPVLTIME, tempvltime, + CTLTYPE_INT|CTLFLAG_RW, ip6_temp_valid_lifetime, 0, + sysctl_ip6_tempvltime, "I", ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_V6ONLY, + v6only, CTLFLAG_RW, ip6_v6only, 0, ""); +#ifndef VIMAGE TUNABLE_INT("net.inet6.ip6.auto_linklocal", &ip6_auto_linklocal); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_LINKLOCAL, - auto_linklocal, CTLFLAG_RW, &ip6_auto_linklocal, 0, ""); -SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_RIP6STATS, rip6stats, CTLFLAG_RD, - &rip6stat, rip6stat, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_PREFER_TEMPADDR, - prefer_tempaddr, CTLFLAG_RW, &ip6_prefer_tempaddr, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USE_DEFAULTZONE, - use_defaultzone, CTLFLAG_RW, &ip6_use_defzone, 0,""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGS, - maxfrags, CTLFLAG_RW, &ip6_maxfrags, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MCAST_PMTU, - mcast_pmtu, CTLFLAG_RW, &ip6_mcast_pmtu, 0, ""); +#endif +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_AUTO_LINKLOCAL, + auto_linklocal, CTLFLAG_RW, ip6_auto_linklocal, 0, ""); +SYSCTL_V_STRUCT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_RIP6STATS, + rip6stats, CTLFLAG_RD, rip6stat, rip6stat, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_PREFER_TEMPADDR, + prefer_tempaddr, CTLFLAG_RW, ip6_prefer_tempaddr, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_USE_DEFAULTZONE, + use_defaultzone, CTLFLAG_RW, ip6_use_defzone, 0,""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_MAXFRAGS, + maxfrags, CTLFLAG_RW, ip6_maxfrags, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_MCAST_PMTU, + mcast_pmtu, CTLFLAG_RW, ip6_mcast_pmtu, 0, ""); #ifdef IPSTEALTH -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_STEALTH, stealth, CTLFLAG_RW, - &ip6stealth, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_STEALTH, + stealth, CTLFLAG_RW, ip6stealth, 0, ""); #endif /* net.inet6.icmp6 */ -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT, - rediraccept, CTLFLAG_RW, &icmp6_rediraccept, 0, ""); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRTIMEOUT, - redirtimeout, CTLFLAG_RW, &icmp6_redirtimeout, 0, ""); -SYSCTL_STRUCT(_net_inet6_icmp6, ICMPV6CTL_STATS, stats, CTLFLAG_RD, - &icmp6stat, icmp6stat, ""); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_PRUNE, - nd6_prune, CTLFLAG_RW, &nd6_prune, 0, ""); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DELAY, - nd6_delay, CTLFLAG_RW, &nd6_delay, 0, ""); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_UMAXTRIES, - nd6_umaxtries, CTLFLAG_RW, &nd6_umaxtries, 0, ""); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MMAXTRIES, - nd6_mmaxtries, CTLFLAG_RW, &nd6_mmaxtries, 0, ""); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_USELOOPBACK, - nd6_useloopback, CTLFLAG_RW, &nd6_useloopback, 0, ""); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO, - nodeinfo, CTLFLAG_RW, &icmp6_nodeinfo, 0, ""); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ERRPPSLIMIT, - errppslimit, CTLFLAG_RW, &icmp6errppslim, 0, ""); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXNUDHINT, - nd6_maxnudhint, CTLFLAG_RW, &nd6_maxnudhint, 0, ""); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG, - nd6_debug, CTLFLAG_RW, &nd6_debug, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT, + rediraccept, CTLFLAG_RW, icmp6_rediraccept, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_REDIRTIMEOUT, + redirtimeout, CTLFLAG_RW, icmp6_redirtimeout, 0, ""); +SYSCTL_V_STRUCT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_STATS, + stats, CTLFLAG_RD, icmp6stat, icmp6stat, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ND6_PRUNE, + nd6_prune, CTLFLAG_RW, nd6_prune, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ND6_DELAY, + nd6_delay, CTLFLAG_RW, nd6_delay, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ND6_UMAXTRIES, + nd6_umaxtries, CTLFLAG_RW, nd6_umaxtries, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ND6_MMAXTRIES, + nd6_mmaxtries, CTLFLAG_RW, nd6_mmaxtries, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ND6_USELOOPBACK, + nd6_useloopback, CTLFLAG_RW, nd6_useloopback, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_NODEINFO, + nodeinfo, CTLFLAG_RW, icmp6_nodeinfo, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ERRPPSLIMIT, + errppslimit, CTLFLAG_RW, icmp6errppslim, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ND6_MAXNUDHINT, + nd6_maxnudhint, CTLFLAG_RW, nd6_maxnudhint, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG, + nd6_debug, CTLFLAG_RW, nd6_debug, 0, ""); + SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861, nd6_onlink_ns_rfc4861, CTLFLAG_RW, &nd6_onlink_ns_rfc4861, 0, "Accept 'on-link' nd6 NS in compliance with RFC 4861."); diff --git a/sys/netinet6/in6_rmx.c b/sys/netinet6/in6_rmx.c index 6a719ca..ff426dc 100644 --- a/sys/netinet6/in6_rmx.c +++ b/sys/netinet6/in6_rmx.c @@ -242,6 +242,7 @@ SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RTMAXCACHE, rtmaxcache, static void in6_clsroute(struct radix_node *rn, struct radix_node_head *head) { + INIT_VNET_INET6(curvnet); struct rtentry *rt = (struct rtentry *)rn; RT_LOCK_ASSERT(rt); @@ -286,6 +287,7 @@ struct rtqk_arg { static int in6_rtqkill(struct radix_node *rn, void *rock) { + INIT_VNET_INET6(curvnet); struct rtqk_arg *ap = rock; struct rtentry *rt = (struct rtentry *)rn; int err; @@ -328,6 +330,9 @@ static struct callout rtq_timer6; static void in6_rtqtimo(void *rock) { + CURVNET_SET_QUIET((struct vnet *) rock); + INIT_VNET_NET((struct vnet *) rock); + INIT_VNET_INET6((struct vnet *) rock); struct radix_node_head *rnh = rock; struct rtqk_arg arg; struct timeval atv; @@ -372,6 +377,7 @@ in6_rtqtimo(void *rock) atv.tv_usec = 0; atv.tv_sec = arg.nextstop - time_uptime; callout_reset(&V_rtq_timer6, tvtohz(&atv), in6_rtqtimo, rock); + CURVNET_RESTORE(); } /* @@ -410,6 +416,9 @@ in6_mtuexpire(struct radix_node *rn, void *rock) static void in6_mtutimo(void *rock) { + CURVNET_SET_QUIET((struct vnet *) rock); + INIT_VNET_NET((struct vnet *) rock); + INIT_VNET_INET6((struct vnet *) rock); struct radix_node_head *rnh = rock; struct mtuex_arg arg; struct timeval atv; @@ -428,12 +437,14 @@ in6_mtutimo(void *rock) atv.tv_sec = 30; } callout_reset(&V_rtq_mtutimer, tvtohz(&atv), in6_mtutimo, rock); + CURVNET_RESTORE(); } #if 0 void in6_rtqdrain(void) { + INIT_VNET_NET(curvnet); struct radix_node_head *rnh = V_rt_tables[AF_INET6]; struct rtqk_arg arg; @@ -458,6 +469,7 @@ in6_rtqdrain(void) int in6_inithead(void **head, int off) { + INIT_VNET_INET6(curvnet); struct radix_node_head *rnh; if (!rn_inithead(head, offsetof(struct sockaddr_in6, sin6_addr) << 3)) diff --git a/sys/netinet6/in6_src.c b/sys/netinet6/in6_src.c index 7a0d7d1..cb2ad89 100644 --- a/sys/netinet6/in6_src.c +++ b/sys/netinet6/in6_src.c @@ -174,6 +174,7 @@ in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, struct inpcb *inp, struct route_in6 *ro, struct ucred *cred, struct ifnet **ifpp, int *errorp) { + INIT_VNET_INET6(curvnet); struct in6_addr dst; struct ifnet *ifp = NULL; struct in6_ifaddr *ia = NULL, *ia_best = NULL; @@ -456,6 +457,8 @@ selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, struct ifnet **retifp, struct rtentry **retrt, int clone, int norouteok) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET6(curvnet); int error = 0; struct ifnet *ifp = NULL; struct rtentry *rt = NULL; @@ -735,6 +738,7 @@ in6_selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, int in6_selecthlim(struct in6pcb *in6p, struct ifnet *ifp) { + INIT_VNET_INET6(curvnet); if (in6p && in6p->in6p_hops >= 0) return (in6p->in6p_hops); @@ -767,6 +771,7 @@ in6_selecthlim(struct in6pcb *in6p, struct ifnet *ifp) int in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred) { + INIT_VNET_INET(curvnet); struct socket *so = inp->inp_socket; u_int16_t lport = 0, first, last, *lastport; int count, error = 0, wild = 0; @@ -863,6 +868,7 @@ addrsel_policy_init(void) { ADDRSEL_LOCK_INIT(); ADDRSEL_SXLOCK_INIT(); + INIT_VNET_INET6(curvnet); init_policy_queue(); @@ -874,6 +880,7 @@ addrsel_policy_init(void) static struct in6_addrpolicy * lookup_addrsel_policy(struct sockaddr_in6 *key) { + INIT_VNET_INET6(curvnet); struct in6_addrpolicy *match = NULL; ADDRSEL_LOCK(); @@ -965,6 +972,7 @@ struct addrsel_policyhead addrsel_policytab; static void init_policy_queue(void) { + INIT_VNET_INET6(curvnet); TAILQ_INIT(&V_addrsel_policytab); } @@ -972,6 +980,7 @@ init_policy_queue(void) static int add_addrsel_policyent(struct in6_addrpolicy *newpolicy) { + INIT_VNET_INET6(curvnet); struct addrsel_policyent *new, *pol; MALLOC(new, struct addrsel_policyent *, sizeof(*new), M_IFADDR, @@ -1007,6 +1016,7 @@ add_addrsel_policyent(struct in6_addrpolicy *newpolicy) static int delete_addrsel_policyent(struct in6_addrpolicy *key) { + INIT_VNET_INET6(curvnet); struct addrsel_policyent *pol; ADDRSEL_XLOCK(); @@ -1038,6 +1048,7 @@ static int walk_addrsel_policy(int (*callback)(struct in6_addrpolicy *, void *), void *w) { + INIT_VNET_INET6(curvnet); struct addrsel_policyent *pol; int error = 0; @@ -1066,6 +1077,7 @@ dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg) static struct in6_addrpolicy * match_addrsel_policy(struct sockaddr_in6 *key) { + INIT_VNET_INET6(curvnet); struct addrsel_policyent *pent; struct in6_addrpolicy *bestpol = NULL, *pol; int matchlen, bestmatchlen = -1; diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c index ec25a31..8745b08 100644 --- a/sys/netinet6/ip6_forward.c +++ b/sys/netinet6/ip6_forward.c @@ -93,6 +93,7 @@ struct route_in6 ip6_forward_rt; void ip6_forward(struct mbuf *m, int srcrt) { + INIT_VNET_INET6(curvnet); struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); struct sockaddr_in6 *dst = NULL; struct rtentry *rt = NULL; @@ -102,6 +103,7 @@ ip6_forward(struct mbuf *m, int srcrt) u_int32_t inzone, outzone; struct in6_addr src_in6, dst_in6; #ifdef IPSEC + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp = NULL; int ipsecrt = 0; #endif diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index 6bd9557..8bd178f 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -145,6 +145,7 @@ static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); void ip6_init(void) { + INIT_VNET_INET6(curvnet); struct ip6protosw *pr; int i; @@ -192,6 +193,7 @@ ip6_init(void) static void ip6_init2(void *dummy) { + INIT_VNET_INET6(curvnet); /* nd6_timer_init */ callout_init(&V_nd6_timer_ch, 0); @@ -214,6 +216,8 @@ extern struct route_in6 ip6_forward_rt; void ip6_input(struct mbuf *m) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET6(curvnet); struct ip6_hdr *ip6; int off = sizeof(struct ip6_hdr), nest; u_int32_t plen; @@ -813,6 +817,7 @@ static int ip6_hopopts_input(u_int32_t *plenp, u_int32_t *rtalertp, struct mbuf **mp, int *offp) { + INIT_VNET_INET6(curvnet); struct mbuf *m = *mp; int off = *offp, hbhlen; struct ip6_hbh *hbh; @@ -868,6 +873,7 @@ int ip6_process_hopopts(struct mbuf *m, u_int8_t *opthead, int hbhlen, u_int32_t *rtalertp, u_int32_t *plenp) { + INIT_VNET_INET6(curvnet); struct ip6_hdr *ip6; int optlen = 0; u_int8_t *opt = opthead; @@ -1000,6 +1006,7 @@ ip6_process_hopopts(struct mbuf *m, u_int8_t *opthead, int hbhlen, int ip6_unknown_opt(u_int8_t *optp, struct mbuf *m, int off) { + INIT_VNET_INET6(curvnet); struct ip6_hdr *ip6; switch (IP6OPT_TYPE(*optp)) { diff --git a/sys/netinet6/ip6_ipsec.c b/sys/netinet6/ip6_ipsec.c index a8aaedb..23f4e26 100644 --- a/sys/netinet6/ip6_ipsec.c +++ b/sys/netinet6/ip6_ipsec.c @@ -103,6 +103,8 @@ int ip6_ipsec_fwd(struct mbuf *m) { #ifdef IPSEC + INIT_VNET_INET6(curvnet); + INIT_VNET_IPSEC(curvnet); struct m_tag *mtag; struct tdb_ident *tdbi; struct secpolicy *sp; @@ -148,6 +150,7 @@ int ip6_ipsec_input(struct mbuf *m, int nxt) { #ifdef IPSEC + INIT_VNET_IPSEC(curvnet); struct m_tag *mtag; struct tdb_ident *tdbi; struct secpolicy *sp; diff --git a/sys/netinet6/ip6_mroute.c b/sys/netinet6/ip6_mroute.c index 1b234c7..61a6e5c 100644 --- a/sys/netinet6/ip6_mroute.c +++ b/sys/netinet6/ip6_mroute.c @@ -376,6 +376,7 @@ X_ip6_mrouter_set(struct socket *so, struct sockopt *sopt) int X_ip6_mrouter_get(struct socket *so, struct sockopt *sopt) { + INIT_VNET_INET6(curvnet); int error = 0; if (so != ip6_mrouter) @@ -452,6 +453,7 @@ get_mif6_cnt(struct sioc_mif_req6 *req) static int set_pim6(int *i) { + INIT_VNET_INET6(curvnet); if ((*i != 1) && (*i != 0)) return (EINVAL); @@ -466,6 +468,8 @@ set_pim6(int *i) static int ip6_mrouter_init(struct socket *so, int v, int cmd) { + INIT_VNET_INET6(curvnet); + #ifdef MRT6DEBUG if (V_mrt6debug) log(LOG_DEBUG, @@ -509,6 +513,7 @@ ip6_mrouter_init(struct socket *so, int v, int cmd) int X_ip6_mrouter_done(void) { + INIT_VNET_INET6(curvnet); mifi_t mifi; int i; struct mf6c *rt; @@ -601,6 +606,7 @@ static struct sockaddr_in6 sin6 = { sizeof(sin6), AF_INET6 }; static int add_m6if(struct mif6ctl *mifcp) { + INIT_VNET_NET(curvnet); struct mif6 *mifp; struct ifnet *ifp; int error, s; @@ -1002,6 +1008,7 @@ socket_send(struct socket *s, struct mbuf *mm, struct sockaddr_in6 *src) int X_ip6_mforward(struct ip6_hdr *ip6, struct ifnet *ifp, struct mbuf *m) { + INIT_VNET_INET6(curvnet); struct mf6c *rt; struct mif6 *mifp; struct mbuf *mm; @@ -1327,6 +1334,7 @@ expire_upcalls(void *unused) static int ip6_mdq(struct mbuf *m, struct ifnet *ifp, struct mf6c *rt) { + INIT_VNET_INET6(curvnet); struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); mifi_t mifi, iif; struct mif6 *mifp; @@ -1505,6 +1513,7 @@ ip6_mdq(struct mbuf *m, struct ifnet *ifp, struct mf6c *rt) static void phyint_send(struct ip6_hdr *ip6, struct mif6 *mifp, struct mbuf *m) { + INIT_VNET_INET6(curvnet); struct mbuf *mb_copy; struct ifnet *ifp = mifp->m6_ifp; int error = 0; @@ -1692,6 +1701,7 @@ register_send(struct ip6_hdr *ip6, struct mif6 *mif, struct mbuf *m) int pim6_input(struct mbuf **mp, int *offp, int proto) { + INIT_VNET_INET6(curvnet); struct pim *pim; /* pointer to a pim struct */ struct ip6_hdr *ip6; int pimlen; diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index 7c07bdf..311d772 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -189,6 +189,8 @@ ip6_output(struct mbuf *m0, struct ip6_pktopts *opt, struct route_in6 *ro, int flags, struct ip6_moptions *im6o, struct ifnet **ifpp, struct inpcb *inp) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET6(curvnet); struct ip6_hdr *ip6, *mhip6; struct ifnet *ifp, *origifp; struct mbuf *m = m0; @@ -2420,6 +2422,8 @@ ip6_freepcbopts(struct ip6_pktopts *pktopt) static int ip6_setmoptions(int optname, struct ip6_moptions **im6op, struct mbuf *m) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET6(curvnet); int error = 0; u_int loop, ifindex; struct ipv6_mreq *mreq; @@ -2721,6 +2725,7 @@ ip6_setmoptions(int optname, struct ip6_moptions **im6op, struct mbuf *m) static int ip6_getmoptions(int optname, struct ip6_moptions *im6o, struct mbuf **mp) { + INIT_VNET_INET6(curvnet); u_int *hlim, *loop, *ifindex; *mp = m_get(M_WAIT, MT_HEADER); /* XXX */ @@ -2850,6 +2855,8 @@ static int ip6_setpktopt(int optname, u_char *buf, int len, struct ip6_pktopts *opt, struct ucred *cred, int sticky, int cmsg, int uproto) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET6(curvnet); int minmtupolicy, preftemp; int error; diff --git a/sys/netinet6/mld6.c b/sys/netinet6/mld6.c index 6ca9d0c..7bfd2c4 100644 --- a/sys/netinet6/mld6.c +++ b/sys/netinet6/mld6.c @@ -115,6 +115,7 @@ static u_long mld_timerresid(struct in6_multi *); void mld6_init(void) { + INIT_VNET_INET6(curvnet); static u_int8_t hbh_buf[8]; struct ip6_hbh *hbh = (struct ip6_hbh *)hbh_buf; u_int16_t rtalert_code = htons((u_int16_t)IP6OPT_RTALERT_MLD); @@ -268,6 +269,7 @@ mld6_stop_listening(struct in6_multi *in6m) void mld6_input(struct mbuf *m, int off) { + INIT_VNET_INET6(curvnet); struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); struct mld_hdr *mldh; struct ifnet *ifp = m->m_pkthdr.rcvif; @@ -438,6 +440,7 @@ mld6_input(struct mbuf *m, int off) static void mld6_sendpkt(struct in6_multi *in6m, int type, const struct in6_addr *dst) { + INIT_VNET_INET6(curvnet); struct mbuf *mh, *md; struct mld_hdr *mldh; struct ip6_hdr *ip6; diff --git a/sys/netinet6/nd6.c b/sys/netinet6/nd6.c index 94c4401..2ea6330 100644 --- a/sys/netinet6/nd6.c +++ b/sys/netinet6/nd6.c @@ -125,6 +125,7 @@ extern struct callout in6_tmpaddrtimer_ch; void nd6_init(void) { + INIT_VNET_INET6(curvnet); static int nd6_init_done = 0; int i; @@ -198,6 +199,7 @@ nd6_setmtu(struct ifnet *ifp) void nd6_setmtu0(struct ifnet *ifp, struct nd_ifinfo *ndi) { + INIT_VNET_INET6(ifp->if_vnet); u_int32_t omaxmtu; omaxmtu = ndi->maxmtu; @@ -307,6 +309,7 @@ nd6_option(union nd_opts *ndopts) int nd6_options(union nd_opts *ndopts) { + INIT_VNET_INET6(curvnet); struct nd_opt_hdr *nd_opt; int i = 0; @@ -432,6 +435,9 @@ nd6_llinfo_timer(void *arg) panic("ln->ln_rt->rt_ifp == NULL"); ndi = ND_IFINFO(ifp); + CURVNET_SET(ifp->if_vnet); + INIT_VNET_INET6(curvnet); + /* sanity check */ if (rt->rt_llinfo && (struct llinfo_nd6 *)rt->rt_llinfo != ln) panic("rt_llinfo(%p) is not equal to ln(%p)", @@ -522,6 +528,7 @@ nd6_llinfo_timer(void *arg) } break; } + CURVNET_RESTORE(); } @@ -529,8 +536,10 @@ nd6_llinfo_timer(void *arg) * ND6 timer routine to expire default route list and prefix list */ void -nd6_timer(void *ignored_arg) +nd6_timer(void *arg) { + CURVNET_SET_QUIET((struct vnet *) arg); + INIT_VNET_INET6((struct vnet *) arg); int s; struct nd_defrouter *dr; struct nd_prefix *pr; @@ -650,6 +659,7 @@ nd6_timer(void *ignored_arg) pr = pr->ndpr_next; } splx(s); + CURVNET_RESTORE(); } /* @@ -724,6 +734,7 @@ regen_tmpaddr(struct in6_ifaddr *ia6) void nd6_purge(struct ifnet *ifp) { + INIT_VNET_INET6(ifp->if_vnet); struct llinfo_nd6 *ln, *nln; struct nd_defrouter *dr, *ndr; struct nd_prefix *pr, *npr; @@ -811,6 +822,7 @@ nd6_purge(struct ifnet *ifp) struct rtentry * nd6_lookup(struct in6_addr *addr6, int create, struct ifnet *ifp) { + INIT_VNET_INET6(curvnet); struct rtentry *rt; struct sockaddr_in6 sin6; char ip6buf[INET6_ADDRSTRLEN]; @@ -916,6 +928,7 @@ nd6_lookup(struct in6_addr *addr6, int create, struct ifnet *ifp) static int nd6_is_new_addr_neighbor(struct sockaddr_in6 *addr, struct ifnet *ifp) { + INIT_VNET_INET6(ifp->if_vnet); struct nd_prefix *pr; struct ifaddr *dstaddr; @@ -1013,6 +1026,7 @@ nd6_is_addr_neighbor(struct sockaddr_in6 *addr, struct ifnet *ifp) static struct llinfo_nd6 * nd6_free(struct rtentry *rt, int gc) { + INIT_VNET_INET6(curvnet); struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo, *next; struct in6_addr in6 = ((struct sockaddr_in6 *)rt_key(rt))->sin6_addr; struct nd_defrouter *dr; @@ -1122,6 +1136,7 @@ nd6_free(struct rtentry *rt, int gc) void nd6_nud_hint(struct rtentry *rt, struct in6_addr *dst6, int force) { + INIT_VNET_INET6(curvnet); struct llinfo_nd6 *ln; /* @@ -1175,6 +1190,8 @@ nd6_rtrequest(int req, struct rtentry *rt, struct rt_addrinfo *info) static struct sockaddr_dl null_sdl = {sizeof(null_sdl), AF_LINK}; struct ifnet *ifp = rt->rt_ifp; struct ifaddr *ifa; + INIT_VNET_NET(ifp->if_vnet); + INIT_VNET_INET6(ifp->if_vnet); RT_LOCK_ASSERT(rt); @@ -1415,6 +1432,7 @@ nd6_rtrequest(int req, struct rtentry *rt, struct rt_addrinfo *info) int nd6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp) { + INIT_VNET_INET6(ifp->if_vnet); struct in6_drlist *drl = (struct in6_drlist *)data; struct in6_oprlist *oprl = (struct in6_oprlist *)data; struct in6_ndireq *ndi = (struct in6_ndireq *)data; @@ -1653,6 +1671,7 @@ struct rtentry * nd6_cache_lladdr(struct ifnet *ifp, struct in6_addr *from, char *lladdr, int lladdrlen, int type, int code) { + INIT_VNET_INET6(curvnet); struct rtentry *rt = NULL; struct llinfo_nd6 *ln = NULL; int is_newentry; @@ -1883,8 +1902,11 @@ fail: } static void -nd6_slowtimo(void *ignored_arg) +nd6_slowtimo(void *arg) { + CURVNET_SET((struct vnet *) arg); + INIT_VNET_NET((struct vnet *) arg); + INIT_VNET_INET6((struct vnet *) arg); struct nd_ifinfo *nd6if; struct ifnet *ifp; @@ -1907,6 +1929,7 @@ nd6_slowtimo(void *ignored_arg) } } IFNET_RUNLOCK(); + CURVNET_RESTORE(); } #define senderr(e) { error = (e); goto bad;} @@ -1914,6 +1937,7 @@ int nd6_output(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *m0, struct sockaddr_in6 *dst, struct rtentry *rt0) { + INIT_VNET_INET6(curvnet); struct mbuf *m = m0; struct rtentry *rt = rt0; struct sockaddr_in6 *gw6 = NULL; @@ -2264,12 +2288,13 @@ SYSCTL_NODE(_net_inet6_icmp6, ICMPV6CTL_ND6_DRLIST, nd6_drlist, CTLFLAG_RD, nd6_sysctl_drlist, ""); SYSCTL_NODE(_net_inet6_icmp6, ICMPV6CTL_ND6_PRLIST, nd6_prlist, CTLFLAG_RD, nd6_sysctl_prlist, ""); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXQLEN, nd6_maxqueuelen, - CTLFLAG_RW, &nd6_maxqueuelen, 1, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ND6_MAXQLEN, + nd6_maxqueuelen, CTLFLAG_RW, nd6_maxqueuelen, 1, ""); static int nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET6(curvnet); int error; char buf[1024] __aligned(4); struct in6_defrouter *d, *de; @@ -2310,6 +2335,7 @@ nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS) static int nd6_sysctl_prlist(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET6(curvnet); int error; char buf[1024] __aligned(4); struct in6_prefix *p, *pe; diff --git a/sys/netinet6/nd6_nbr.c b/sys/netinet6/nd6_nbr.c index 770a40a..f87a7a82 100644 --- a/sys/netinet6/nd6_nbr.c +++ b/sys/netinet6/nd6_nbr.c @@ -98,6 +98,7 @@ static int dad_maxtry = 15; /* max # of *tries* to transmit DAD packet */ void nd6_ns_input(struct mbuf *m, int off, int icmp6len) { + INIT_VNET_INET6(curvnet); struct ifnet *ifp = m->m_pkthdr.rcvif; struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); struct nd_neighbor_solicit *nd_ns; @@ -377,6 +378,7 @@ void nd6_ns_output(struct ifnet *ifp, const struct in6_addr *daddr6, const struct in6_addr *taddr6, struct llinfo_nd6 *ln, int dad) { + INIT_VNET_INET6(ifp->if_vnet); struct mbuf *m; struct ip6_hdr *ip6; struct nd_neighbor_solicit *nd_ns; @@ -582,6 +584,7 @@ nd6_ns_output(struct ifnet *ifp, const struct in6_addr *daddr6, void nd6_na_input(struct mbuf *m, int off, int icmp6len) { + INIT_VNET_INET6(curvnet); struct ifnet *ifp = m->m_pkthdr.rcvif; struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); struct nd_neighbor_advert *nd_na; @@ -894,6 +897,7 @@ nd6_na_output(struct ifnet *ifp, const struct in6_addr *daddr6_0, const struct in6_addr *taddr6, u_long flags, int tlladdr, struct sockaddr *sdl0) { + INIT_VNET_INET6(ifp->if_vnet); struct mbuf *m; struct ip6_hdr *ip6; struct nd_neighbor_advert *nd_na; @@ -1098,6 +1102,7 @@ static int dad_init = 0; static struct dadq * nd6_dad_find(struct ifaddr *ifa) { + INIT_VNET_INET6(curvnet); struct dadq *dp; for (dp = V_dadq.tqh_first; dp; dp = dp->dad_list.tqe_next) { @@ -1128,6 +1133,7 @@ nd6_dad_stoptimer(struct dadq *dp) void nd6_dad_start(struct ifaddr *ifa, int delay) { + INIT_VNET_INET6(curvnet); struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; struct dadq *dp; char ip6buf[INET6_ADDRSTRLEN]; @@ -1210,6 +1216,7 @@ nd6_dad_start(struct ifaddr *ifa, int delay) void nd6_dad_stop(struct ifaddr *ifa) { + INIT_VNET_INET6(curvnet); struct dadq *dp; if (!V_dad_init) @@ -1231,6 +1238,8 @@ nd6_dad_stop(struct ifaddr *ifa) static void nd6_dad_timer(struct ifaddr *ifa) { + CURVNET_SET(dp->dad_vnet); + INIT_VNET_INET6(curvnet); int s; struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; struct dadq *dp; @@ -1330,11 +1339,13 @@ nd6_dad_timer(struct ifaddr *ifa) done: splx(s); + CURVNET_RESTORE(); } void nd6_dad_duplicated(struct ifaddr *ifa) { + INIT_VNET_INET6(curvnet); struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; struct ifnet *ifp; struct dadq *dp; @@ -1424,6 +1435,7 @@ nd6_dad_ns_output(struct dadq *dp, struct ifaddr *ifa) static void nd6_dad_ns_input(struct ifaddr *ifa) { + INIT_VNET_INET6(curvnet); struct in6_ifaddr *ia; struct ifnet *ifp; const struct in6_addr *taddr6; diff --git a/sys/netinet6/nd6_rtr.c b/sys/netinet6/nd6_rtr.c index 3eb49bd..a1f891b 100644 --- a/sys/netinet6/nd6_rtr.c +++ b/sys/netinet6/nd6_rtr.c @@ -119,6 +119,7 @@ int ip6_temp_regen_advance = TEMPADDR_REGEN_ADVANCE; void nd6_rs_input(struct mbuf *m, int off, int icmp6len) { + INIT_VNET_INET6(curvnet); struct ifnet *ifp = m->m_pkthdr.rcvif; struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); struct nd_router_solicit *nd_rs; @@ -203,6 +204,7 @@ nd6_rs_input(struct mbuf *m, int off, int icmp6len) void nd6_ra_input(struct mbuf *m, int off, int icmp6len) { + INIT_VNET_INET6(curvnet); struct ifnet *ifp = m->m_pkthdr.rcvif; struct nd_ifinfo *ndi = ND_IFINFO(ifp); struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); @@ -483,6 +485,7 @@ defrouter_addreq(struct nd_defrouter *new) struct nd_defrouter * defrouter_lookup(struct in6_addr *addr, struct ifnet *ifp) { + INIT_VNET_INET6(ifp->if_vnet); struct nd_defrouter *dr; for (dr = TAILQ_FIRST(&V_nd_defrouter); dr; @@ -531,6 +534,7 @@ defrouter_delreq(struct nd_defrouter *dr) void defrouter_reset(void) { + INIT_VNET_INET6(curvnet); struct nd_defrouter *dr; for (dr = TAILQ_FIRST(&V_nd_defrouter); dr; @@ -546,6 +550,7 @@ defrouter_reset(void) void defrtrlist_del(struct nd_defrouter *dr) { + INIT_VNET_INET6(curvnet); struct nd_defrouter *deldr = NULL; struct nd_prefix *pr; @@ -607,6 +612,7 @@ defrtrlist_del(struct nd_defrouter *dr) void defrouter_select(void) { + INIT_VNET_INET6(curvnet); int s = splnet(); struct nd_defrouter *dr, *selected_dr = NULL, *installed_dr = NULL; struct rtentry *rt = NULL; @@ -723,6 +729,7 @@ rtpref(struct nd_defrouter *dr) static struct nd_defrouter * defrtrlist_update(struct nd_defrouter *new) { + INIT_VNET_INET6(curvnet); struct nd_defrouter *dr, *n; int s = splnet(); @@ -844,6 +851,7 @@ pfxrtr_del(struct nd_pfxrouter *pfr) struct nd_prefix * nd6_prefix_lookup(struct nd_prefixctl *key) { + INIT_VNET_INET6(curvnet); struct nd_prefix *search; for (search = V_nd_prefix.lh_first; @@ -863,6 +871,7 @@ int nd6_prelist_add(struct nd_prefixctl *pr, struct nd_defrouter *dr, struct nd_prefix **newp) { + INIT_VNET_INET6(curvnet); struct nd_prefix *new = NULL; int error = 0; int i, s; @@ -921,6 +930,7 @@ nd6_prelist_add(struct nd_prefixctl *pr, struct nd_defrouter *dr, void prelist_remove(struct nd_prefix *pr) { + INIT_VNET_INET6(curvnet); struct nd_pfxrouter *pfr, *next; int e, s; char ip6buf[INET6_ADDRSTRLEN]; @@ -973,6 +983,7 @@ static int prelist_update(struct nd_prefixctl *new, struct nd_defrouter *dr, struct mbuf *m, int mcast) { + INIT_VNET_INET6(curvnet); struct in6_ifaddr *ia6 = NULL, *ia6_match = NULL; struct ifaddr *ifa; struct ifnet *ifp = new->ndpr_ifp; @@ -1343,6 +1354,7 @@ find_pfxlist_reachable_router(struct nd_prefix *pr) void pfxlist_onlink_check() { + INIT_VNET_INET6(curvnet); struct nd_prefix *pr; struct in6_ifaddr *ifa; struct nd_defrouter *dr; @@ -1522,6 +1534,7 @@ pfxlist_onlink_check() int nd6_prefix_onlink(struct nd_prefix *pr) { + INIT_VNET_INET6(curvnet); struct ifaddr *ifa; struct ifnet *ifp = pr->ndpr_ifp; struct sockaddr_in6 mask6; @@ -1635,6 +1648,7 @@ nd6_prefix_onlink(struct nd_prefix *pr) int nd6_prefix_offlink(struct nd_prefix *pr) { + INIT_VNET_INET6(curvnet); int error = 0; struct ifnet *ifp = pr->ndpr_ifp; struct nd_prefix *opr; @@ -1726,6 +1740,7 @@ nd6_prefix_offlink(struct nd_prefix *pr) static struct in6_ifaddr * in6_ifadd(struct nd_prefixctl *pr, int mcast) { + INIT_VNET_INET6(curvnet); struct ifnet *ifp = pr->ndpr_ifp; struct ifaddr *ifa; struct in6_aliasreq ifra; @@ -1854,6 +1869,7 @@ in6_ifadd(struct nd_prefixctl *pr, int mcast) int in6_tmpifadd(const struct in6_ifaddr *ia0, int forcegen, int delay) { + INIT_VNET_INET6(curvnet); struct ifnet *ifp = ia0->ia_ifa.ifa_ifp; struct in6_ifaddr *newia, *ia; struct in6_aliasreq ifra; @@ -2021,7 +2037,7 @@ in6_init_address_ltimes(struct nd_prefix *new, struct in6_addrlifetime *lt6) void rt6_flush(struct in6_addr *gateway, struct ifnet *ifp) { - + INIT_VNET_NET(curvnet); struct radix_node_head *rnh = V_rt_tables[0][AF_INET6]; int s = splnet(); @@ -2074,6 +2090,8 @@ rt6_deleteroute(struct radix_node *rn, void *arg) int nd6_setdefaultiface(int ifindex) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET6(curvnet); int error = 0; if (ifindex < 0 || V_if_index < ifindex) diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index cbdca81..4fafdb1 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -136,6 +136,11 @@ int (*mrt6_ioctl)(int, caddr_t); int rip6_input(struct mbuf **mp, int *offp, int proto) { + INIT_VNET_INET(curvnet); + INIT_VNET_INET6(curvnet); +#ifdef IPSEC + INIT_VNET_IPSEC(curvnet); +#endif struct mbuf *m = *mp; register struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); register struct inpcb *in6p; @@ -258,6 +263,7 @@ rip6_input(struct mbuf **mp, int *offp, int proto) void rip6_ctlinput(int cmd, struct sockaddr *sa, void *d) { + INIT_VNET_INET(curvnet); struct ip6_hdr *ip6; struct mbuf *m; int off = 0; @@ -313,6 +319,7 @@ rip6_output(m, va_alist) va_dcl #endif { + INIT_VNET_INET6(curvnet); struct mbuf *control; struct socket *so; struct sockaddr_in6 *dstsock; @@ -544,6 +551,7 @@ rip6_ctloutput(struct socket *so, struct sockopt *sopt) static int rip6_attach(struct socket *so, int proto, struct thread *td) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; struct icmp6_filter *filter; int error; @@ -583,6 +591,7 @@ rip6_attach(struct socket *so, int proto, struct thread *td) static void rip6_detach(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); @@ -640,6 +649,9 @@ rip6_disconnect(struct socket *so) static int rip6_bind(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_NET(so->so_vnet); + INIT_VNET_INET(so->so_vnet); + INIT_VNET_INET6(so->so_vnet); struct inpcb *inp; struct sockaddr_in6 *addr = (struct sockaddr_in6 *)nam; struct ifaddr *ia = NULL; @@ -675,6 +687,9 @@ rip6_bind(struct socket *so, struct sockaddr *nam, struct thread *td) static int rip6_connect(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_NET(so->so_vnet); + INIT_VNET_INET(so->so_vnet); + INIT_VNET_INET6(so->so_vnet); struct inpcb *inp; struct sockaddr_in6 *addr = (struct sockaddr_in6 *)nam; struct in6_addr *in6a = NULL; @@ -749,6 +764,7 @@ static int rip6_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam, struct mbuf *control, struct thread *td) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; struct sockaddr_in6 tmp; struct sockaddr_in6 *dst; diff --git a/sys/netinet6/route6.c b/sys/netinet6/route6.c index c058f3b..dd1ec68 100644 --- a/sys/netinet6/route6.c +++ b/sys/netinet6/route6.c @@ -65,6 +65,7 @@ static int ip6_rthdr0 __P((struct mbuf *, struct ip6_hdr *, int route6_input(struct mbuf **mp, int *offp, int proto) { + INIT_VNET_INET6(curvnet); struct ip6_hdr *ip6; struct mbuf *m = *mp; struct ip6_rthdr *rh; @@ -150,6 +151,7 @@ route6_input(struct mbuf **mp, int *offp, int proto) static int ip6_rthdr0(struct mbuf *m, struct ip6_hdr *ip6, struct ip6_rthdr0 *rh0) { + INIT_VNET_INET6(curvnet); int addrs, index; struct in6_addr *nextaddr, tmpaddr; struct in6_ifaddr *ifa; diff --git a/sys/netinet6/scope6.c b/sys/netinet6/scope6.c index 5dce8ce..4c6b860 100644 --- a/sys/netinet6/scope6.c +++ b/sys/netinet6/scope6.c @@ -45,6 +45,7 @@ __FBSDID("$FreeBSD$"); #include <net/if.h> #include <netinet/in.h> +#include <netinet/ip6.h> #include <netinet6/in6_var.h> #include <netinet6/scope6_var.h> @@ -72,6 +73,7 @@ static struct scope6_id sid_default; void scope6_init(void) { + INIT_VNET_INET6(curvnet); SCOPE6_LOCK_INIT(); bzero(&V_sid_default, sizeof(V_sid_default)); @@ -110,6 +112,7 @@ scope6_ifdetach(struct scope6_id *sid) int scope6_set(struct ifnet *ifp, struct scope6_id *idlist) { + INIT_VNET_NET(ifp->if_vnet); int i; int error = 0; struct scope6_id *sid = NULL; @@ -264,6 +267,8 @@ in6_addrscope(struct in6_addr *addr) void scope6_setdefault(struct ifnet *ifp) { + INIT_VNET_INET6(ifp->if_vnet); + /* * Currently, this function just sets the default "interfaces" * and "links" according to the given interface. @@ -286,6 +291,7 @@ scope6_setdefault(struct ifnet *ifp) int scope6_get_default(struct scope6_id *idlist) { + INIT_VNET_INET6(curvnet); SCOPE6_LOCK(); *idlist = V_sid_default; @@ -297,6 +303,7 @@ scope6_get_default(struct scope6_id *idlist) u_int32_t scope6_addr2default(struct in6_addr *addr) { + INIT_VNET_INET6(curvnet); u_int32_t id; /* @@ -327,6 +334,7 @@ scope6_addr2default(struct in6_addr *addr) int sa6_embedscope(struct sockaddr_in6 *sin6, int defaultok) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; u_int32_t zoneid; @@ -363,6 +371,7 @@ sa6_embedscope(struct sockaddr_in6 *sin6, int defaultok) int sa6_recoverscope(struct sockaddr_in6 *sin6) { + INIT_VNET_NET(curvnet); char ip6buf[INET6_ADDRSTRLEN]; u_int32_t zoneid; diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c index 7d50c1b..5056ef1 100644 --- a/sys/netinet6/udp6_usrreq.c +++ b/sys/netinet6/udp6_usrreq.c @@ -127,6 +127,7 @@ static void udp6_append(struct inpcb *inp, struct mbuf *n, int off, struct sockaddr_in6 *fromsa) { + INIT_VNET_INET(inp->inp_vnet); struct socket *so; struct mbuf *opts; @@ -135,6 +136,7 @@ udp6_append(struct inpcb *inp, struct mbuf *n, int off, #ifdef IPSEC /* Check AH/ESP integrity. */ if (ipsec6_in_reject(n, inp)) { + INIT_VNET_IPSEC(inp->inp_vnet); m_freem(n); V_ipsec6stat.in_polvio++; return; @@ -168,6 +170,8 @@ udp6_append(struct inpcb *inp, struct mbuf *n, int off, int udp6_input(struct mbuf **mp, int *offp, int proto) { + INIT_VNET_INET(curvnet); + INIT_VNET_INET6(curvnet); struct mbuf *m = *mp; struct ip6_hdr *ip6; struct udphdr *uh; @@ -361,6 +365,7 @@ badunlocked: void udp6_ctlinput(int cmd, struct sockaddr *sa, void *d) { + INIT_VNET_INET(curvnet); struct udphdr uh; struct ip6_hdr *ip6; struct mbuf *m; @@ -426,6 +431,8 @@ udp6_ctlinput(int cmd, struct sockaddr *sa, void *d) static int udp6_getcred(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET(curvnet); + INIT_VNET_INET6(curvnet); struct xucred xuc; struct sockaddr_in6 addrs[2]; struct inpcb *inp; @@ -477,6 +484,8 @@ static int udp6_output(struct inpcb *inp, struct mbuf *m, struct sockaddr *addr6, struct mbuf *control, struct thread *td) { + INIT_VNET_INET(curvnet); + INIT_VNET_INET6(curvnet); u_int32_t ulen = m->m_pkthdr.len; u_int32_t plen = sizeof(struct udphdr) + ulen; struct ip6_hdr *ip6; @@ -692,6 +701,7 @@ releaseopt: static void udp6_abort(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); @@ -721,6 +731,7 @@ udp6_abort(struct socket *so) static int udp6_attach(struct socket *so, int proto, struct thread *td) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; int error; @@ -759,6 +770,7 @@ udp6_attach(struct socket *so, int proto, struct thread *td) static int udp6_bind(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; int error; @@ -798,6 +810,7 @@ out: static void udp6_close(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); @@ -826,6 +839,7 @@ udp6_close(struct socket *so) static int udp6_connect(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; int error; @@ -878,6 +892,7 @@ out: static void udp6_detach(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); @@ -893,6 +908,7 @@ udp6_detach(struct socket *so) static int udp6_disconnect(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; int error; @@ -931,6 +947,7 @@ static int udp6_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *addr, struct mbuf *control, struct thread *td) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; int error = 0; diff --git a/sys/netinet6/vinet6.h b/sys/netinet6/vinet6.h new file mode 100644 index 0000000..992e6e7 --- /dev/null +++ b/sys/netinet6/vinet6.h @@ -0,0 +1,259 @@ +/*- + * Copyright (c) 2006-2008 University of Zagreb + * Copyright (c) 2006-2008 FreeBSD Foundation + * + * This software was developed by the University of Zagreb and the + * FreeBSD Foundation under sponsorship by the Stichting NLnet and the + * FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _NETINET6_VINET6_H_ +#define _NETINET6_VINET6_H_ + +#ifdef VIMAGE +#include <sys/socket.h> +#include <netinet/ip6.h> +#include <net/if.h> +#include <netinet6/ip6_var.h> +#include <netinet6/raw_ip6.h> +#include <netinet/icmp6.h> +#include <netinet6/scope6_var.h> +#include <netinet6/in6_ifattach.h> +#include <netinet6/in6_var.h> +#include <netinet6/nd6.h> +#include <netinet/in_pcb.h> + +struct vnet_inet6 { + struct in6_ifaddr * _in6_ifaddr; + + u_int _frag6_nfragpackets; + u_int _frag6_nfrags; + struct ip6q _ip6q; + + struct route_in6 _ip6_forward_rt; + + struct in6_addrpolicy _defaultaddrpolicy; + TAILQ_HEAD(, addrsel_policyent) _addrsel_policytab; + u_int _in6_maxmtu; + int _ip6_auto_linklocal; + int _rtq_minreallyold6; + int _rtq_reallyold6; + int _rtq_toomany6; + + struct ip6stat _ip6stat; + struct rip6stat _rip6stat; + struct icmp6stat _icmp6stat; + + int _rtq_timeout6; + struct callout _rtq_timer6; + struct callout _rtq_mtutimer; + struct callout _nd6_slowtimo_ch; + struct callout _nd6_timer_ch; + struct callout _in6_tmpaddrtimer_ch; + + int _nd6_inuse; + int _nd6_allocated; + struct llinfo_nd6 _llinfo_nd6; + struct nd_drhead _nd_defrouter; + struct nd_prhead _nd_prefix; + struct ifnet * _nd6_defifp; + int _nd6_defifindex; + + struct scope6_id _sid_default; + + TAILQ_HEAD(, dadq) _dadq; + int _dad_init; + + int _icmp6errpps_count; + int _icmp6errppslim_last; + + int _ip6_forwarding; + int _ip6_sendredirects; + int _ip6_defhlim; + int _ip6_defmcasthlim; + int _ip6_accept_rtadv; + int _ip6_maxfragpackets; + int _ip6_maxfrags; + int _ip6_log_interval; + int _ip6_hdrnestlimit; + int _ip6_dad_count; + int _ip6_auto_flowlabel; + int _ip6_use_deprecated; + int _ip6_rr_prune; + int _ip6_mcast_pmtu; + int _ip6_v6only; + int _ip6_keepfaith; + int _ip6stealth; + time_t _ip6_log_time; + + int _pmtu_expire; + int _pmtu_probe; + u_long _rip6_sendspace; + u_long _rip6_recvspace; + int _icmp6_rediraccept; + int _icmp6_redirtimeout; + int _icmp6errppslim; + int _icmp6_nodeinfo; + int _udp6_sendspace; + int _udp6_recvspace; + int _ip6qmaxlen; + int _ip6_prefer_tempaddr; + int _ip6_forward_srcrt; + int _ip6_sourcecheck; + int _ip6_sourcecheck_interval; + int _ip6_ours_check_algorithm; + + int _nd6_prune; + int _nd6_delay; + int _nd6_umaxtries; + int _nd6_mmaxtries; + int _nd6_useloopback; + int _nd6_gctimer; + int _nd6_maxndopt; + int _nd6_maxnudhint; + int _nd6_maxqueuelen; + int _nd6_debug; + int _nd6_recalc_reachtm_interval; + int _dad_ignore_ns; + int _dad_maxtry; + int _ip6_use_tempaddr; + int _ip6_desync_factor; + u_int32_t _ip6_temp_preferred_lifetime; + u_int32_t _ip6_temp_valid_lifetime; + + int _ip6_mrouter_ver; + int _pim6; + u_int _mrt6debug; + + int _ip6_temp_regen_advance; + int _ip6_use_defzone; + + struct ip6_pktopts _ip6_opts; +}; +#endif + + +#define INIT_VNET_INET6(vnet) \ + INIT_FROM_VNET(vnet, VNET_MOD_INET6, struct vnet_inet6, vnet_inet6) + +#define VNET_INET6(sym) VSYM(vnet_inet6, sym) + + +/* + * Symbol translation macros + */ +#define V_addrsel_policytab VNET_INET6(addrsel_policytab) +#define V_dad_ignore_ns VNET_INET6(dad_ignore_ns) +#define V_dad_init VNET_INET6(dad_init) +#define V_dad_maxtry VNET_INET6(dad_maxtry) +#define V_dadq VNET_INET6(dadq) +#define V_defaultaddrpolicy VNET_INET6(defaultaddrpolicy) +#define V_frag6_nfragpackets VNET_INET6(frag6_nfragpackets) +#define V_frag6_nfrags VNET_INET6(frag6_nfrags) +#define V_icmp6_nodeinfo VNET_INET6(icmp6_nodeinfo) +#define V_icmp6_rediraccept VNET_INET6(icmp6_rediraccept) +#define V_icmp6_redirtimeout VNET_INET6(icmp6_redirtimeout) +#define V_icmp6errpps_count VNET_INET6(icmp6errpps_count) +#define V_icmp6errppslim VNET_INET6(icmp6errppslim) +#define V_icmp6errppslim_last VNET_INET6(icmp6errppslim_last) +#define V_icmp6stat VNET_INET6(icmp6stat) +#define V_in6_ifaddr VNET_INET6(in6_ifaddr) +#define V_in6_maxmtu VNET_INET6(in6_maxmtu) +#define V_in6_tmpaddrtimer_ch VNET_INET6(in6_tmpaddrtimer_ch) +#define V_ip6_accept_rtadv VNET_INET6(ip6_accept_rtadv) +#define V_ip6_auto_flowlabel VNET_INET6(ip6_auto_flowlabel) +#define V_ip6_auto_linklocal VNET_INET6(ip6_auto_linklocal) +#define V_ip6_dad_count VNET_INET6(ip6_dad_count) +#define V_ip6_defhlim VNET_INET6(ip6_defhlim) +#define V_ip6_defmcasthlim VNET_INET6(ip6_defmcasthlim) +#define V_ip6_desync_factor VNET_INET6(ip6_desync_factor) +#define V_ip6_forward_rt VNET_INET6(ip6_forward_rt) +#define V_ip6_forward_srcrt VNET_INET6(ip6_forward_srcrt) +#define V_ip6_forwarding VNET_INET6(ip6_forwarding) +#define V_ip6_hdrnestlimit VNET_INET6(ip6_hdrnestlimit) +#define V_ip6_keepfaith VNET_INET6(ip6_keepfaith) +#define V_ip6_log_interval VNET_INET6(ip6_log_interval) +#define V_ip6_log_time VNET_INET6(ip6_log_time) +#define V_ip6_maxfragpackets VNET_INET6(ip6_maxfragpackets) +#define V_ip6_maxfrags VNET_INET6(ip6_maxfrags) +#define V_ip6_mcast_pmtu VNET_INET6(ip6_mcast_pmtu) +#define V_ip6_mrouter_ver VNET_INET6(ip6_mrouter_ver) +#define V_ip6_opts VNET_INET6(ip6_opts) +#define V_ip6_ours_check_algorithm VNET_INET6(ip6_ours_check_algorithm) +#define V_ip6_prefer_tempaddr VNET_INET6(ip6_prefer_tempaddr) +#define V_ip6_rr_prune VNET_INET6(ip6_rr_prune) +#define V_ip6_sendredirects VNET_INET6(ip6_sendredirects) +#define V_ip6_sourcecheck VNET_INET6(ip6_sourcecheck) +#define V_ip6_sourcecheck_interval VNET_INET6(ip6_sourcecheck_interval) +#define V_ip6_temp_preferred_lifetime VNET_INET6(ip6_temp_preferred_lifetime) +#define V_ip6_temp_regen_advance VNET_INET6(ip6_temp_regen_advance) +#define V_ip6_temp_valid_lifetime VNET_INET6(ip6_temp_valid_lifetime) +#define V_ip6_use_defzone VNET_INET6(ip6_use_defzone) +#define V_ip6_use_deprecated VNET_INET6(ip6_use_deprecated) +#define V_ip6_use_tempaddr VNET_INET6(ip6_use_tempaddr) +#define V_ip6_v6only VNET_INET6(ip6_v6only) +#define V_ip6q VNET_INET6(ip6q) +#define V_ip6qmaxlen VNET_INET6(ip6qmaxlen) +#define V_ip6stat VNET_INET6(ip6stat) +#define V_ip6stealth VNET_INET6(ip6stealth) +#define V_llinfo_nd6 VNET_INET6(llinfo_nd6) +#define V_mrt6debug VNET_INET6(mrt6debug) +#define V_nd6_allocated VNET_INET6(nd6_allocated) +#define V_nd6_debug VNET_INET6(nd6_debug) +#define V_nd6_defifindex VNET_INET6(nd6_defifindex) +#define V_nd6_defifp VNET_INET6(nd6_defifp) +#define V_nd6_delay VNET_INET6(nd6_delay) +#define V_nd6_gctimer VNET_INET6(nd6_gctimer) +#define V_nd6_inuse VNET_INET6(nd6_inuse) +#define V_nd6_maxndopt VNET_INET6(nd6_maxndopt) +#define V_nd6_maxnudhint VNET_INET6(nd6_maxnudhint) +#define V_nd6_maxqueuelen VNET_INET6(nd6_maxqueuelen) +#define V_nd6_mmaxtries VNET_INET6(nd6_mmaxtries) +#define V_nd6_prune VNET_INET6(nd6_prune) +#define V_nd6_recalc_reachtm_interval VNET_INET6(nd6_recalc_reachtm_interval) +#define V_nd6_slowtimo_ch VNET_INET6(nd6_slowtimo_ch) +#define V_nd6_timer_ch VNET_INET6(nd6_timer_ch) +#define V_nd6_umaxtries VNET_INET6(nd6_umaxtries) +#define V_nd6_useloopback VNET_INET6(nd6_useloopback) +#define V_nd_defrouter VNET_INET6(nd_defrouter) +#define V_nd_prefix VNET_INET6(nd_prefix) +#define V_pim6 VNET_INET6(pim6) +#define V_pmtu_expire VNET_INET6(pmtu_expire) +#define V_pmtu_probe VNET_INET6(pmtu_probe) +#define V_rip6_recvspace VNET_INET6(rip6_recvspace) +#define V_rip6_sendspace VNET_INET6(rip6_sendspace) +#define V_rip6stat VNET_INET6(rip6stat) +#define V_rtq_minreallyold6 VNET_INET6(rtq_minreallyold6) +#define V_rtq_mtutimer VNET_INET6(rtq_mtutimer) +#define V_rtq_reallyold6 VNET_INET6(rtq_reallyold6) +#define V_rtq_timeout6 VNET_INET6(rtq_timeout6) +#define V_rtq_timer6 VNET_INET6(rtq_timer6) +#define V_rtq_toomany6 VNET_INET6(rtq_toomany6) +#define V_sid_default VNET_INET6(sid_default) +#define V_udp6_recvspace VNET_INET6(udp6_recvspace) +#define V_udp6_sendspace VNET_INET6(udp6_sendspace) + +#endif /* !_NETINET6_VINET6_H_ */ diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c index f973688..b752a67 100644 --- a/sys/netipsec/ipsec.c +++ b/sys/netipsec/ipsec.c @@ -126,36 +126,42 @@ int crypto_support = CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE; SYSCTL_DECL(_net_inet_ipsec); /* net.inet.ipsec */ -SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_POLICY, - def_policy, CTLFLAG_RW, &ip4_def_policy.policy, 0, - "IPsec default policy."); -SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_ESP_TRANSLEV, esp_trans_deflev, - CTLFLAG_RW, &ip4_esp_trans_deflev, 0, "Default ESP transport mode level"); -SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_ESP_NETLEV, esp_net_deflev, - CTLFLAG_RW, &ip4_esp_net_deflev, 0, "Default ESP tunnel mode level."); -SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_AH_TRANSLEV, ah_trans_deflev, - CTLFLAG_RW, &ip4_ah_trans_deflev, 0, "AH transfer mode default level."); -SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_AH_NETLEV, ah_net_deflev, - CTLFLAG_RW, &ip4_ah_net_deflev, 0, "AH tunnel mode default level."); -SYSCTL_INT(_net_inet_ipsec, IPSECCTL_AH_CLEARTOS, - ah_cleartos, CTLFLAG_RW, &ah_cleartos, 0, - "If set clear type-of-service field when doing AH computation."); -SYSCTL_INT(_net_inet_ipsec, IPSECCTL_AH_OFFSETMASK, - ah_offsetmask, CTLFLAG_RW, &ip4_ah_offsetmask, 0, - "If not set clear offset field mask when doing AH computation."); -SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DFBIT, - dfbit, CTLFLAG_RW, &ip4_ipsec_dfbit, 0, "Do not fragment bit on encap."); -SYSCTL_INT(_net_inet_ipsec, IPSECCTL_ECN, - ecn, CTLFLAG_RW, &ip4_ipsec_ecn, 0, - "Explicit Congestion Notification handling."); -SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG, - debug, CTLFLAG_RW, &ipsec_debug, 0, - "Enable IPsec debugging output when set."); -SYSCTL_INT(_net_inet_ipsec, OID_AUTO, - crypto_support, CTLFLAG_RW, &crypto_support, 0, - "Crypto driver selection."); -SYSCTL_STRUCT(_net_inet_ipsec, OID_AUTO, - ipsecstats, CTLFLAG_RD, &ipsec4stat, ipsecstat, "IPsec IPv4 statistics."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_DEF_POLICY, + def_policy, CTLFLAG_RW, ip4_def_policy.policy, 0, + "IPsec default policy."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_DEF_ESP_TRANSLEV, + esp_trans_deflev, CTLFLAG_RW, ip4_esp_trans_deflev, 0, + "Default ESP transport mode level"); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_DEF_ESP_NETLEV, + esp_net_deflev, CTLFLAG_RW, ip4_esp_net_deflev, 0, + "Default ESP tunnel mode level."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_DEF_AH_TRANSLEV, + ah_trans_deflev, CTLFLAG_RW, ip4_ah_trans_deflev, 0, + "AH transfer mode default level."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_DEF_AH_NETLEV, + ah_net_deflev, CTLFLAG_RW, ip4_ah_net_deflev, 0, + "AH tunnel mode default level."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_AH_CLEARTOS, + ah_cleartos, CTLFLAG_RW, ah_cleartos, 0, + "If set clear type-of-service field when doing AH computation."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_AH_OFFSETMASK, + ah_offsetmask, CTLFLAG_RW, ip4_ah_offsetmask, 0, + "If not set clear offset field mask when doing AH computation."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_DFBIT, + dfbit, CTLFLAG_RW, ip4_ipsec_dfbit, 0, + "Do not fragment bit on encap."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_ECN, + ecn, CTLFLAG_RW, ip4_ipsec_ecn, 0, + "Explicit Congestion Notification handling."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_DEBUG, + debug, CTLFLAG_RW, ipsec_debug, 0, + "Enable IPsec debugging output when set."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, OID_AUTO, + crypto_support, CTLFLAG_RW, crypto_support,0, + "Crypto driver selection."); +SYSCTL_V_STRUCT(V_NET, vnet_ipsec, _net_inet_ipsec, OID_AUTO, + ipsecstats, CTLFLAG_RD, ipsec4stat, ipsecstat, + "IPsec IPv4 statistics."); #ifdef REGRESSION /* @@ -163,15 +169,15 @@ SYSCTL_STRUCT(_net_inet_ipsec, OID_AUTO, * This allows to verify if the other side has proper replay attacks detection. */ int ipsec_replay = 0; -SYSCTL_INT(_net_inet_ipsec, OID_AUTO, test_replay, CTLFLAG_RW, &ipsec_replay, 0, - "Emulate replay attack"); +SYSCTL_V_INT(V_NET, vnet_ipsec,_net_inet_ipsec, OID_AUTO, test_replay, + CTLFLAG_RW, ipsec_replay, 0, "Emulate replay attack"); /* * When set 1, IPsec will send packets with corrupted HMAC. * This allows to verify if the other side properly detects modified packets. */ int ipsec_integrity = 0; -SYSCTL_INT(_net_inet_ipsec, OID_AUTO, test_integrity, CTLFLAG_RW, - &ipsec_integrity, 0, "Emulate man-in-the-middle attack"); +SYSCTL_V_INT(V_NET, vnet_ipsec,_net_inet_ipsec, OID_AUTO, test_integrity, + CTLFLAG_RW, ipsec_integrity, 0, "Emulate man-in-the-middle attack"); #endif #ifdef INET6 @@ -189,24 +195,30 @@ SYSCTL_DECL(_net_inet6_ipsec6); SYSCTL_OID(_net_inet6_ipsec6, IPSECCTL_STATS, stats, CTLFLAG_RD, 0, 0, compat_ipsecstats_sysctl, "S", "IPsec IPv6 statistics."); #endif /* COMPAT_KAME */ -SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_POLICY, - def_policy, CTLFLAG_RW, &ip4_def_policy.policy, 0, "IPsec default policy."); -SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_ESP_TRANSLEV, esp_trans_deflev, - CTLFLAG_RW, &ip6_esp_trans_deflev, 0, "Default ESP transport mode level."); -SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_ESP_NETLEV, esp_net_deflev, - CTLFLAG_RW, &ip6_esp_net_deflev, 0, "Default ESP tunnel mode level."); -SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_AH_TRANSLEV, ah_trans_deflev, - CTLFLAG_RW, &ip6_ah_trans_deflev, 0, "AH transfer mode default level."); -SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_AH_NETLEV, ah_net_deflev, - CTLFLAG_RW, &ip6_ah_net_deflev, 0, "AH tunnel mode default level."); -SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_ECN, - ecn, CTLFLAG_RW, &ip6_ipsec_ecn, 0, - "Explicit Congestion Notification handling."); -SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG, - debug, CTLFLAG_RW, &ipsec_debug, 0, - "Enable IPsec debugging output when set."); -SYSCTL_STRUCT(_net_inet6_ipsec6, IPSECCTL_STATS, - ipsecstats, CTLFLAG_RD, &ipsec6stat, ipsecstat, "IPsec IPv6 statistics."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_DEF_POLICY, + def_policy, CTLFLAG_RW, ip4_def_policy.policy, 0, + "IPsec default policy."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_DEF_ESP_TRANSLEV, + esp_trans_deflev, CTLFLAG_RW, ip6_esp_trans_deflev, 0, + "Default ESP transport mode level."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_DEF_ESP_NETLEV, + esp_net_deflev, CTLFLAG_RW, ip6_esp_net_deflev, 0, + "Default ESP tunnel mode level."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_DEF_AH_TRANSLEV, + ah_trans_deflev, CTLFLAG_RW, ip6_ah_trans_deflev, 0, + "AH transfer mode default level."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_DEF_AH_NETLEV, + ah_net_deflev, CTLFLAG_RW, ip6_ah_net_deflev, 0, + "AH tunnel mode default level."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_ECN, + ecn, CTLFLAG_RW, ip6_ipsec_ecn, 0, + "Explicit Congestion Notification handling."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_DEBUG, + debug, CTLFLAG_RW, ipsec_debug, 0, + "Enable IPsec debugging output when set."); +SYSCTL_V_STRUCT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_STATS, + ipsecstats, CTLFLAG_RD, ipsec6stat, ipsecstat, + "IPsec IPv6 statistics."); #endif /* INET6 */ static int ipsec4_setspidx_inpcb __P((struct mbuf *, struct inpcb *pcb)); @@ -236,6 +248,7 @@ MALLOC_DEFINE(M_IPSEC_INPCB, "inpcbpolicy", "inpcb-resident ipsec policy"); static struct secpolicy * key_allocsp_default(const char* where, int tag) { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp; KEYDEBUG(KEYDEBUG_IPSEC_STAMP, @@ -305,6 +318,7 @@ ipsec_getpolicybysock(m, dir, inp, error) struct inpcb *inp; int *error; { + INIT_VNET_IPSEC(curvnet); struct inpcbpolicy *pcbsp = NULL; struct secpolicy *currsp = NULL; /* policy on socket */ struct secpolicy *sp; @@ -415,6 +429,7 @@ ipsec_getpolicybyaddr(m, dir, flag, error) int flag; int *error; { + INIT_VNET_IPSEC(curvnet); struct secpolicyindex spidx; struct secpolicy *sp; @@ -450,6 +465,7 @@ ipsec4_checkpolicy(m, dir, flag, error, inp) int *error; struct inpcb *inp; { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp; *error = 0; @@ -521,6 +537,7 @@ ipsec6_setspidx_in6pcb(m, pcb) struct mbuf *m; struct in6pcb *pcb; { + //INIT_VNET_IPSEC(curvnet); struct secpolicyindex *spidx; int error; @@ -564,6 +581,7 @@ ipsec_setspidx(m, spidx, needport) struct secpolicyindex *spidx; int needport; { + INIT_VNET_IPSEC(curvnet); struct ip *ip = NULL; struct ip ipbuf; u_int v; @@ -757,6 +775,7 @@ ipsec6_get_ulp(m, spidx, needport) struct secpolicyindex *spidx; int needport; { + INIT_VNET_IPSEC(curvnet); int off, nxt; struct tcphdr th; struct udphdr uh; @@ -873,6 +892,7 @@ ipsec_init_policy(so, pcb_sp) struct socket *so; struct inpcbpolicy **pcb_sp; { + INIT_VNET_IPSEC(curvnet); struct inpcbpolicy *new; /* sanity check. */ @@ -1016,6 +1036,7 @@ ipsec_set_policy(pcb_sp, optname, request, len, cred) size_t len; struct ucred *cred; { + INIT_VNET_IPSEC(curvnet); struct sadb_x_policy *xpl; struct secpolicy *newsp = NULL; int error; @@ -1065,6 +1086,7 @@ ipsec_get_policy(pcb_sp, mp) struct secpolicy *pcb_sp; struct mbuf **mp; { + INIT_VNET_IPSEC(curvnet); /* sanity check. */ if (pcb_sp == NULL || mp == NULL) @@ -1091,6 +1113,7 @@ ipsec4_set_policy(inp, optname, request, len, cred) size_t len; struct ucred *cred; { + INIT_VNET_IPSEC(curvnet); struct sadb_x_policy *xpl; struct secpolicy **pcb_sp; @@ -1125,6 +1148,7 @@ ipsec4_get_policy(inp, request, len, mp) size_t len; struct mbuf **mp; { + INIT_VNET_IPSEC(curvnet); struct sadb_x_policy *xpl; struct secpolicy *pcb_sp; @@ -1184,6 +1208,7 @@ ipsec6_set_policy(in6p, optname, request, len, cred) size_t len; struct ucred *cred; { + INIT_VNET_IPSEC(curvnet); struct sadb_x_policy *xpl; struct secpolicy **pcb_sp; @@ -1218,6 +1243,7 @@ ipsec6_get_policy(in6p, request, len, mp) size_t len; struct mbuf **mp; { + INIT_VNET_IPSEC(curvnet); struct sadb_x_policy *xpl; struct secpolicy *pcb_sp; @@ -1276,6 +1302,7 @@ u_int ipsec_get_reqlevel(isr) struct ipsecrequest *isr; { + INIT_VNET_IPSEC(curvnet); u_int level = 0; u_int esp_trans_deflev, esp_net_deflev; u_int ah_trans_deflev, ah_net_deflev; @@ -1380,6 +1407,7 @@ ipsec_get_reqlevel(isr) int ipsec_in_reject(struct secpolicy *sp, struct mbuf *m) { + INIT_VNET_IPSEC(curvnet); struct ipsecrequest *isr; int need_auth; @@ -1455,6 +1483,7 @@ ipsec4_in_reject(m, inp) struct mbuf *m; struct inpcb *inp; { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp; int error; int result; @@ -1493,6 +1522,7 @@ ipsec6_in_reject(m, inp) struct mbuf *m; struct inpcb *inp; { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp = NULL; int error; int result; @@ -1530,6 +1560,7 @@ ipsec6_in_reject(m, inp) static size_t ipsec_hdrsiz(struct secpolicy *sp) { + INIT_VNET_IPSEC(curvnet); struct ipsecrequest *isr; size_t siz; @@ -1592,6 +1623,7 @@ ipsec4_hdrsiz(m, dir, inp) u_int dir; struct inpcb *inp; { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp; int error; size_t size; @@ -1632,6 +1664,7 @@ ipsec6_hdrsiz(m, dir, in6p) u_int dir; struct in6pcb *in6p; { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp; int error; size_t size; @@ -1731,6 +1764,7 @@ ipsec_updatereplay(seq, sav) u_int32_t seq; struct secasvar *sav; { + INIT_VNET_IPSEC(curvnet); struct secreplay *replay; u_int32_t diff; int fr; diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h index 6f04611..f6346f8 100644 --- a/sys/netipsec/ipsec.h +++ b/sys/netipsec/ipsec.h @@ -433,6 +433,9 @@ extern int ipsec_get_policylen __P((caddr_t)); extern char *ipsec_dump_policy __P((caddr_t, char *)); extern const char *ipsec_strerror __P((void)); -#endif /* !_KERNEL */ + +#else +#include <netipsec/vipsec.h> +#endif /* ! KERNEL */ #endif /* _NETIPSEC_IPSEC_H_ */ diff --git a/sys/netipsec/ipsec_input.c b/sys/netipsec/ipsec_input.c index 0041698..0c37aef 100644 --- a/sys/netipsec/ipsec_input.c +++ b/sys/netipsec/ipsec_input.c @@ -113,6 +113,7 @@ static void ipsec4_common_ctlinput(int, struct sockaddr *, void *, int); static int ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto) { + INIT_VNET_IPSEC(curvnet); union sockaddr_union dst_address; struct secasvar *sav; u_int32_t spi; @@ -282,6 +283,7 @@ int ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int protoff, struct m_tag *mt) { + INIT_VNET_IPSEC(curvnet); int prot, af, sproto; struct ip *ip; struct m_tag *mtag; @@ -504,6 +506,7 @@ ipsec4_common_ctlinput(int cmd, struct sockaddr *sa, void *v, int proto) int ipsec6_common_input(struct mbuf **mp, int *offp, int proto) { + INIT_VNET_IPSEC(curvnet); int l = 0; int protoff; struct ip6_ext ip6e; @@ -554,6 +557,8 @@ int ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int protoff, struct m_tag *mt) { + INIT_VNET_INET6(curvnet); + INIT_VNET_IPSEC(curvnet); int prot, af, sproto; struct ip6_hdr *ip6; struct m_tag *mtag; diff --git a/sys/netipsec/ipsec_mbuf.c b/sys/netipsec/ipsec_mbuf.c index 79c1928..322df11 100644 --- a/sys/netipsec/ipsec_mbuf.c +++ b/sys/netipsec/ipsec_mbuf.c @@ -54,6 +54,7 @@ struct mbuf * m_makespace(struct mbuf *m0, int skip, int hlen, int *off) { + INIT_VNET_IPSEC(curvnet); struct mbuf *m; unsigned remain; @@ -156,6 +157,7 @@ m_makespace(struct mbuf *m0, int skip, int hlen, int *off) caddr_t m_pad(struct mbuf *m, int n) { + INIT_VNET_IPSEC(curvnet); register struct mbuf *m0, *m1; register int len, pad; caddr_t retval; @@ -228,6 +230,7 @@ m_pad(struct mbuf *m, int n) int m_striphdr(struct mbuf *m, int skip, int hlen) { + INIT_VNET_IPSEC(curvnet); struct mbuf *m1; int roff; diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c index 88ff2f6..7b79294 100644 --- a/sys/netipsec/ipsec_output.c +++ b/sys/netipsec/ipsec_output.c @@ -91,6 +91,7 @@ int ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr) { + INIT_VNET_IPSEC(curvnet); struct tdb_ident *tdbi; struct m_tag *mtag; struct secasvar *sav; @@ -207,6 +208,7 @@ ipsec_nextisr( { #define IPSEC_OSTAT(x,y,z) (isr->saidx.proto == IPPROTO_ESP ? (x)++ : \ isr->saidx.proto == IPPROTO_AH ? (y)++ : (z)++) + INIT_VNET_IPSEC(curvnet); struct secasvar *sav; IPSECREQUEST_LOCK_ASSERT(isr); @@ -350,6 +352,7 @@ ipsec4_process_packet( int flags, int tunalready) { + INIT_VNET_IPSEC(curvnet); struct secasindex saidx; struct secasvar *sav; struct ip *ip; @@ -563,6 +566,7 @@ ipsec6_output_trans( int flags, int *tun) { + INIT_VNET_IPSEC(curvnet); struct ipsecrequest *isr; struct secasindex saidx; int error = 0; @@ -630,6 +634,7 @@ bad: static int ipsec6_encapsulate(struct mbuf *m, struct secasvar *sav) { + INIT_VNET_IPSEC(curvnet); struct ip6_hdr *oip6; struct ip6_hdr *ip6; size_t plen; @@ -699,6 +704,8 @@ ipsec6_encapsulate(struct mbuf *m, struct secasvar *sav) int ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, int flags) { + INIT_VNET_INET6(curvnet); + INIT_VNET_IPSEC(curvnet); struct ip6_hdr *ip6; struct ipsecrequest *isr; struct secasindex saidx; diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index e575cdc..c3cba60 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -56,6 +56,7 @@ #include <sys/queue.h> #include <sys/refcount.h> #include <sys/syslog.h> +#include <sys/vimage.h> #include <net/if.h> #include <net/route.h> @@ -243,52 +244,52 @@ static int ipsec_ah_keymin = 128; SYSCTL_DECL(_net_key); #endif -SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, CTLFLAG_RW, \ - &key_debug_level, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec,_net_key, KEYCTL_DEBUG_LEVEL, debug, + CTLFLAG_RW, key_debug_level, 0, ""); /* max count of trial for the decision of spi value */ -SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW, \ - &key_spi_trycnt, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec,_net_key, KEYCTL_SPI_TRY, spi_trycnt, + CTLFLAG_RW, key_spi_trycnt, 0, ""); /* minimum spi value to allocate automatically. */ -SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW, \ - &key_spi_minval, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_key, KEYCTL_SPI_MIN_VALUE, + spi_minval, CTLFLAG_RW, key_spi_minval, 0, ""); /* maximun spi value to allocate automatically. */ -SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW, \ - &key_spi_maxval, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_key, KEYCTL_SPI_MAX_VALUE, + spi_maxval, CTLFLAG_RW, key_spi_maxval, 0, ""); /* interval to initialize randseed */ -SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW, \ - &key_int_random, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_key, KEYCTL_RANDOM_INT, + int_random, CTLFLAG_RW, key_int_random, 0, ""); /* lifetime for larval SA */ -SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \ - &key_larval_lifetime, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_key, KEYCTL_LARVAL_LIFETIME, + larval_lifetime, CTLFLAG_RW, key_larval_lifetime, 0, ""); /* counter for blocking to send SADB_ACQUIRE to IKEd */ -SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW, \ - &key_blockacq_count, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_key, KEYCTL_BLOCKACQ_COUNT, + blockacq_count, CTLFLAG_RW, key_blockacq_count, 0, ""); /* lifetime for blocking to send SADB_ACQUIRE to IKEd */ -SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \ - &key_blockacq_lifetime, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_key, KEYCTL_BLOCKACQ_LIFETIME, + blockacq_lifetime, CTLFLAG_RW, key_blockacq_lifetime, 0, ""); /* ESP auth */ -SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, CTLFLAG_RW, \ - &ipsec_esp_auth, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_key, KEYCTL_ESP_AUTH, esp_auth, + CTLFLAG_RW, ipsec_esp_auth, 0, ""); /* minimum ESP key length */ -SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW, \ - &ipsec_esp_keymin, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_key, KEYCTL_ESP_KEYMIN, + esp_keymin, CTLFLAG_RW, ipsec_esp_keymin, 0, ""); /* minimum AH key length */ -SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, CTLFLAG_RW, \ - &ipsec_ah_keymin, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_key, KEYCTL_AH_KEYMIN, ah_keymin, + CTLFLAG_RW, ipsec_ah_keymin, 0, ""); /* perfered old SA rather than new SA */ -SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa, CTLFLAG_RW,\ - &key_preferred_oldsa, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_key, KEYCTL_PREFERED_OLDSA, + preferred_oldsa, CTLFLAG_RW, key_preferred_oldsa, 0, ""); #define __LIST_CHAINED(elm) \ (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL)) @@ -554,6 +555,8 @@ key_addref(struct secpolicy *sp) int key_havesp(u_int dir) { + INIT_VNET_IPSEC(curvnet); + return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ? LIST_FIRST(&V_sptree[dir]) != NULL : 1); } @@ -568,6 +571,7 @@ key_havesp(u_int dir) struct secpolicy * key_allocsp(struct secpolicyindex *spidx, u_int dir, const char* where, int tag) { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp; IPSEC_ASSERT(spidx != NULL, ("null spidx")); @@ -624,6 +628,7 @@ key_allocsp2(u_int32_t spi, u_int dir, const char* where, int tag) { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp; IPSEC_ASSERT(dst != NULL, ("null dst")); @@ -685,6 +690,7 @@ key_gettunnel(const struct sockaddr *osrc, const struct sockaddr *idst, const char* where, int tag) { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp; const int dir = IPSEC_DIR_INBOUND; struct ipsecrequest *r1, *r2, *p; @@ -759,6 +765,7 @@ done: int key_checkrequest(struct ipsecrequest *isr, const struct secasindex *saidx) { + INIT_VNET_IPSEC(curvnet); u_int level; int error; @@ -854,6 +861,7 @@ static struct secasvar * key_allocsa_policy(const struct secasindex *saidx) { #define N(a) _ARRAYLEN(a) + INIT_VNET_IPSEC(curvnet); struct secashead *sah; struct secasvar *sav; u_int stateidx, arraysize; @@ -901,6 +909,7 @@ key_allocsa_policy(const struct secasindex *saidx) static struct secasvar * key_do_allocsa_policy(struct secashead *sah, u_int state) { + INIT_VNET_IPSEC(curvnet); struct secasvar *sav, *nextsav, *candidate, *d; /* initilize */ @@ -1046,6 +1055,7 @@ key_allocsa( u_int32_t spi, const char* where, int tag) { + INIT_VNET_IPSEC(curvnet); struct secashead *sah; struct secasvar *sav; u_int stateidx, arraysize, state; @@ -1115,6 +1125,7 @@ done: void _key_freesp(struct secpolicy **spp, const char* where, int tag) { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp = *spp; IPSEC_ASSERT(sp != NULL, ("null sp")); @@ -1140,6 +1151,7 @@ _key_freesp(struct secpolicy **spp, const char* where, int tag) void key_freeso(struct socket *so) { + INIT_VNET_IPSEC(curvnet); IPSEC_ASSERT(so != NULL, ("null so")); switch (so->so_proto->pr_domain->dom_family) { @@ -1208,6 +1220,7 @@ key_freesp_so(struct secpolicy **sp) void key_freesav(struct secasvar **psav, const char* where, int tag) { + INIT_VNET_IPSEC(curvnet); struct secasvar *sav = *psav; IPSEC_ASSERT(sav != NULL, ("null sav")); @@ -1266,6 +1279,7 @@ key_delsp(struct secpolicy *sp) static struct secpolicy * key_getsp(struct secpolicyindex *spidx) { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp; IPSEC_ASSERT(spidx != NULL, ("null spidx")); @@ -1292,6 +1306,7 @@ key_getsp(struct secpolicyindex *spidx) static struct secpolicy * key_getspbyid(u_int32_t id) { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp; SPTREE_LOCK(); @@ -1321,6 +1336,7 @@ done: struct secpolicy * key_newsp(const char* where, int tag) { + INIT_VNET_IPSEC(curvnet); struct secpolicy *newsp = NULL; newsp = (struct secpolicy *) @@ -1355,6 +1371,7 @@ key_msg2sp(xpl0, len, error) size_t len; int *error; { + INIT_VNET_IPSEC(curvnet); struct secpolicy *newsp; IPSEC_ASSERT(xpl0 != NULL, ("null xpl0")); @@ -1752,6 +1769,7 @@ key_spdadd(so, m, mhp) struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct sadb_address *src0, *dst0; struct sadb_x_policy *xpl0, *xpl; struct sadb_lifetime *lft = NULL; @@ -1974,6 +1992,7 @@ key_spdadd(so, m, mhp) static u_int32_t key_getnewspid() { + INIT_VNET_IPSEC(curvnet); u_int32_t newid = 0; int count = V_key_spi_trycnt; /* XXX */ struct secpolicy *sp; @@ -2015,6 +2034,7 @@ key_spddelete(so, m, mhp) struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct sadb_address *src0, *dst0; struct sadb_x_policy *xpl0; struct secpolicyindex spidx; @@ -2113,6 +2133,7 @@ key_spddelete2(so, m, mhp) struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); u_int32_t id; struct secpolicy *sp; @@ -2205,6 +2226,7 @@ key_spdget(so, m, mhp) struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); u_int32_t id; struct secpolicy *sp; struct mbuf *n; @@ -2256,6 +2278,7 @@ int key_spdacquire(sp) struct secpolicy *sp; { + INIT_VNET_IPSEC(curvnet); struct mbuf *result = NULL, *m; struct secspacq *newspacq; @@ -2318,6 +2341,7 @@ key_spdflush(so, m, mhp) struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct sadb_msg *newmsg; struct secpolicy *sp; u_int dir; @@ -2370,6 +2394,7 @@ key_spddump(so, m, mhp) struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp; int cnt; u_int dir; @@ -2632,6 +2657,7 @@ static struct secashead * key_newsah(saidx) struct secasindex *saidx; { + INIT_VNET_IPSEC(curvnet); struct secashead *newsah; IPSEC_ASSERT(saidx != NULL, ("null saidx")); @@ -2660,6 +2686,7 @@ static void key_delsah(sah) struct secashead *sah; { + INIT_VNET_IPSEC(curvnet); struct secasvar *sav, *nextsav; u_int stateidx; int zombie = 0; @@ -2716,6 +2743,7 @@ key_newsav(m, mhp, sah, errp, where, tag) const char* where; int tag; { + INIT_VNET_IPSEC(curvnet); struct secasvar *newsav; const struct sadb_sa *xsa; @@ -2882,6 +2910,7 @@ static struct secashead * key_getsah(saidx) struct secasindex *saidx; { + INIT_VNET_IPSEC(curvnet); struct secashead *sah; SAHTREE_LOCK(); @@ -2908,6 +2937,7 @@ key_checkspidup(saidx, spi) struct secasindex *saidx; u_int32_t spi; { + INIT_VNET_IPSEC(curvnet); struct secashead *sah; struct secasvar *sav; @@ -2944,6 +2974,7 @@ key_getsavbyspi(sah, spi) struct secashead *sah; u_int32_t spi; { + INIT_VNET_IPSEC(curvnet); struct secasvar *sav; u_int stateidx, state; @@ -2987,6 +3018,7 @@ key_setsaval(sav, m, mhp) struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); int error = 0; IPSEC_ASSERT(m != NULL, ("null mbuf")); @@ -3219,6 +3251,7 @@ key_setsaval(sav, m, mhp) static int key_mature(struct secasvar *sav) { + INIT_VNET_IPSEC(curvnet); int error; /* check SPI value */ @@ -3649,6 +3682,7 @@ struct seckey * key_dup_keymsg(const struct sadb_key *src, u_int len, struct malloc_type *type) { + INIT_VNET_IPSEC(curvnet); struct seckey *dst; dst = (struct seckey *)malloc(sizeof(struct seckey), type, M_NOWAIT); if (dst != NULL) { @@ -3682,6 +3716,7 @@ static struct seclifetime * key_dup_lifemsg(const struct sadb_lifetime *src, struct malloc_type *type) { + INIT_VNET_IPSEC(curvnet); struct seclifetime *dst = NULL; dst = (struct seclifetime *)malloc(sizeof(struct seclifetime), @@ -3707,6 +3742,7 @@ key_ismyaddr(sa) struct sockaddr *sa; { #ifdef INET + INIT_VNET_INET(curvnet); struct sockaddr_in *sin; struct in_ifaddr *ia; #endif @@ -3751,6 +3787,7 @@ static int key_ismyaddr6(sin6) struct sockaddr_in6 *sin6; { + INIT_VNET_INET6(curvnet); struct in6_ifaddr *ia; struct in6_multi *in6m; @@ -4072,6 +4109,7 @@ key_bbcmp(const void *a1, const void *a2, u_int bits) static void key_flush_spd(time_t now) { + INIT_VNET_IPSEC(curvnet); static u_int16_t sptree_scangen = 0; u_int16_t gen = sptree_scangen++; struct secpolicy *sp; @@ -4109,6 +4147,7 @@ restart: static void key_flush_sad(time_t now) { + INIT_VNET_IPSEC(curvnet); struct secashead *sah, *nextsah; struct secasvar *sav, *nextsav; @@ -4247,6 +4286,7 @@ key_flush_sad(time_t now) static void key_flush_acq(time_t now) { + INIT_VNET_IPSEC(curvnet); struct secacq *acq, *nextacq; /* ACQ tree */ @@ -4265,6 +4305,7 @@ key_flush_acq(time_t now) static void key_flush_spacq(time_t now) { + INIT_VNET_IPSEC(curvnet); struct secspacq *acq, *nextacq; /* SP ACQ tree */ @@ -4289,12 +4330,17 @@ key_flush_spacq(time_t now) void key_timehandler(void) { + VNET_ITERATOR_DECL(vnet_iter); time_t now = time_second; - key_flush_spd(now); - key_flush_sad(now); - key_flush_acq(now); - key_flush_spacq(now); + VNET_FOREACH(vnet_iter) { + CURVNET_SET(vnet_iter); + key_flush_spd(now); + key_flush_sad(now); + key_flush_acq(now); + key_flush_spacq(now); + CURVNET_RESTORE(); + } #ifndef IPSEC_DEBUG2 /* do exchange to tick time !! */ @@ -4407,6 +4453,7 @@ key_getspi(so, m, mhp) struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct sadb_address *src0, *dst0; struct secasindex saidx; struct secashead *newsah; @@ -4601,6 +4648,7 @@ key_do_getnewspi(spirange, saidx) struct sadb_spirange *spirange; struct secasindex *saidx; { + INIT_VNET_IPSEC(curvnet); u_int32_t newspi; u_int32_t min, max; int count = V_key_spi_trycnt; @@ -4682,6 +4730,7 @@ key_update(so, m, mhp) struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct sadb_sa *sa0; struct sadb_address *src0, *dst0; struct secasindex saidx; @@ -4880,6 +4929,7 @@ key_add(so, m, mhp) struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct sadb_sa *sa0; struct sadb_address *src0, *dst0; struct secasindex saidx; @@ -5003,6 +5053,7 @@ key_setident(sah, m, mhp) struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); const struct sadb_ident *idsrc, *iddst; int idsrclen, iddstlen; @@ -5125,6 +5176,7 @@ key_delete(so, m, mhp) struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct sadb_sa *sa0; struct sadb_address *src0, *dst0; struct secasindex saidx; @@ -5236,6 +5288,7 @@ key_delete_all(so, m, mhp, proto) const struct sadb_msghdr *mhp; u_int16_t proto; { + INIT_VNET_IPSEC(curvnet); struct sadb_address *src0, *dst0; struct secasindex saidx; struct secashead *sah; @@ -5321,6 +5374,7 @@ key_get(so, m, mhp) struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct sadb_sa *sa0; struct sadb_address *src0, *dst0; struct secasindex saidx; @@ -5426,6 +5480,7 @@ key_getcomb_setlifetime(comb) static struct mbuf * key_getcomb_esp() { + INIT_VNET_IPSEC(curvnet); struct sadb_comb *comb; struct enc_xform *algo; struct mbuf *result = NULL, *m, *n; @@ -5504,6 +5559,8 @@ key_getsizes_ah( u_int16_t* min, u_int16_t* max) { + INIT_VNET_IPSEC(curvnet); + *min = *max = ah->keysize; if (ah->keysize == 0) { /* @@ -5528,6 +5585,7 @@ key_getsizes_ah( static struct mbuf * key_getcomb_ah() { + INIT_VNET_IPSEC(curvnet); struct sadb_comb *comb; struct auth_hash *algo; struct mbuf *m; @@ -5688,6 +5746,7 @@ key_getprop(saidx) static int key_acquire(const struct secasindex *saidx, struct secpolicy *sp) { + INIT_VNET_IPSEC(curvnet); struct mbuf *result = NULL, *m; struct secacq *newacq; u_int8_t satype; @@ -5853,6 +5912,7 @@ key_acquire(const struct secasindex *saidx, struct secpolicy *sp) static struct secacq * key_newacq(const struct secasindex *saidx) { + INIT_VNET_IPSEC(curvnet); struct secacq *newacq; /* get new entry */ @@ -5879,6 +5939,7 @@ key_newacq(const struct secasindex *saidx) static struct secacq * key_getacq(const struct secasindex *saidx) { + INIT_VNET_IPSEC(curvnet); struct secacq *acq; ACQ_LOCK(); @@ -5895,6 +5956,7 @@ static struct secacq * key_getacqbyseq(seq) u_int32_t seq; { + INIT_VNET_IPSEC(curvnet); struct secacq *acq; ACQ_LOCK(); @@ -5911,6 +5973,7 @@ static struct secspacq * key_newspacq(spidx) struct secpolicyindex *spidx; { + INIT_VNET_IPSEC(curvnet); struct secspacq *acq; /* get new entry */ @@ -5937,6 +6000,7 @@ static struct secspacq * key_getspacq(spidx) struct secpolicyindex *spidx; { + INIT_VNET_IPSEC(curvnet); struct secspacq *acq; SPACQ_LOCK(); @@ -5971,6 +6035,7 @@ key_acquire2(so, m, mhp) struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); const struct sadb_address *src0, *dst0; struct secasindex saidx; struct secashead *sah; @@ -6092,6 +6157,7 @@ key_register(so, m, mhp) struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct secreg *reg, *newreg = 0; IPSEC_ASSERT(so != NULL, ("null socket")); @@ -6246,6 +6312,7 @@ key_register(so, m, mhp) void key_freereg(struct socket *so) { + INIT_VNET_IPSEC(curvnet); struct secreg *reg; int i; @@ -6417,6 +6484,7 @@ key_flush(so, m, mhp) struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct sadb_msg *newmsg; struct secashead *sah, *nextsah; struct secasvar *sav, *nextsav; @@ -6500,6 +6568,7 @@ key_dump(so, m, mhp) struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct secashead *sah; struct secasvar *sav; u_int16_t proto; @@ -6680,6 +6749,7 @@ key_parse(m, so) struct mbuf *m; struct socket *so; { + INIT_VNET_IPSEC(curvnet); struct sadb_msg *msg; struct sadb_msghdr mh; u_int orglen; @@ -6951,6 +7021,7 @@ key_align(m, mhp) struct mbuf *m; struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct mbuf *n; struct sadb_ext *ext; size_t off, end; @@ -7110,6 +7181,7 @@ key_validate_ext(ext, len) void key_init(void) { + INIT_VNET_IPSEC(curvnet); int i; SPTREE_LOCK_INIT(); @@ -7215,6 +7287,7 @@ void key_sa_routechange(dst) struct sockaddr *dst; { + INIT_VNET_IPSEC(curvnet); struct secashead *sah; struct route *ro; diff --git a/sys/netipsec/keysock.c b/sys/netipsec/keysock.c index c86791e..2f74261 100644 --- a/sys/netipsec/keysock.c +++ b/sys/netipsec/keysock.c @@ -52,13 +52,17 @@ #include <sys/systm.h> #include <sys/vimage.h> +#include <net/if.h> #include <net/raw_cb.h> #include <net/route.h> +#include <netinet/in.h> + #include <net/pfkeyv2.h> #include <netipsec/key.h> #include <netipsec/keysock.h> #include <netipsec/key_debug.h> +#include <netipsec/ipsec.h> #include <machine/stdarg.h> @@ -80,6 +84,7 @@ struct pfkeystat pfkeystat; int key_output(struct mbuf *m, struct socket *so) { + INIT_VNET_IPSEC(curvnet); struct sadb_msg *msg; int len, error = 0; @@ -133,6 +138,7 @@ key_sendup0(rp, m, promisc) struct mbuf *m; int promisc; { + INIT_VNET_IPSEC(curvnet); int error; if (promisc) { @@ -177,6 +183,7 @@ key_sendup(so, msg, len, target) u_int len; int target; /*target of the resulting message*/ { + INIT_VNET_IPSEC(curvnet); struct mbuf *m, *n, *mprev; int tlen; @@ -265,6 +272,8 @@ key_sendup_mbuf(so, m, target) struct mbuf *m; int target; { + INIT_VNET_NET(curvnet); + INIT_VNET_IPSEC(curvnet); struct mbuf *n; struct keycb *kp; int sendup; @@ -382,6 +391,7 @@ key_abort(struct socket *so) static int key_attach(struct socket *so, int proto, struct thread *td) { + INIT_VNET_IPSEC(curvnet); struct keycb *kp; int error; @@ -456,6 +466,7 @@ key_connect(struct socket *so, struct sockaddr *nam, struct thread *td) static void key_detach(struct socket *so) { + INIT_VNET_IPSEC(curvnet); struct keycb *kp = (struct keycb *)sotorawcb(so); KASSERT(kp != NULL, ("key_detach: kp == NULL")); @@ -558,6 +569,7 @@ struct protosw keysw[] = { static void key_init0(void) { + INIT_VNET_IPSEC(curvnet); bzero((caddr_t)&V_key_cb, sizeof(V_key_cb)); key_init(); } diff --git a/sys/netipsec/vipsec.h b/sys/netipsec/vipsec.h new file mode 100644 index 0000000..5a007ce --- /dev/null +++ b/sys/netipsec/vipsec.h @@ -0,0 +1,188 @@ +/* + * Copyright (c) 2007-2008 University of Zagreb + * Copyright (c) 2007-2008 FreeBSD Foundation + * + * This software was developed by the University of Zagreb and the + * FreeBSD Foundation under sponsorship by the Stichting NLnet and the + * FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _NETIPSEC_VIPSEC_H_ +#define _NETIPSEC_VIPSEC_H_ + +#ifdef VIMAGE +#include <sys/proc.h> +#include <sys/protosw.h> +#include <sys/socket.h> + +#include <netipsec/ipsec.h> +#include <netipsec/esp_var.h> +#include <netipsec/ah_var.h> +#include <netipsec/ipcomp_var.h> +#include <netipsec/ipip_var.h> + +#include <net/if.h> +#include <net/if_var.h> +#include <net/route.h> +#include <net/raw_cb.h> + +#include <netipsec/keysock.h> + +struct vnet_ipsec { + int _ipsec_debug; + struct ipsecstat _ipsec4stat; + struct secpolicy _ip4_def_policy; + + int _ip4_esp_trans_deflev; + int _ip4_esp_net_deflev; + int _ip4_ah_trans_deflev; + int _ip4_ah_net_deflev; + int _ip4_ah_offsetmask; + int _ip4_ipsec_dfbit; + int _ip4_ipsec_ecn; + int _ip4_esp_randpad; + + int _ipsec_replay; + int _ipsec_integrity; + int _crypto_support; + + u_int32_t _key_debug_level; + u_int _key_spi_trycnt; + u_int32_t _key_spi_minval; + u_int32_t _key_spi_maxval; + u_int32_t _policy_id; + u_int _key_int_random; + u_int _key_larval_lifetime; + int _key_blockacq_count; + int _key_blockacq_lifetime; + int _key_preferred_oldsa; + u_int32_t _acq_seq; + + u_int _saorder_state_alive[3]; + u_int _saorder_state_any[4]; + int _esp_enable; + struct espstat _espstat; + int _esp_max_ivlen; + int _ipsec_esp_keymin; + int _ipsec_esp_auth; + int _ipsec_ah_keymin; + int _ipip_allow; + struct ipipstat _ipipstat; + + struct ipsecstat _ipsec6stat; + int _ip6_esp_trans_deflev; + int _ip6_esp_net_deflev; + int _ip6_ah_trans_deflev; + int _ip6_ah_net_deflev; + int _ip6_ipsec_ecn; + int _ip6_esp_randpad; + + int _ah_enable; + int _ah_cleartos; + struct ahstat _ahstat; + + int _ipcomp_enable; + struct ipcompstat _ipcompstat; + + struct pfkeystat _pfkeystat; + struct key_cb _key_cb; + struct sockaddr _key_dst; + struct sockaddr _key_src; + + LIST_HEAD(, secpolicy) _sptree[IPSEC_DIR_MAX]; + LIST_HEAD(, secashead) _sahtree; + LIST_HEAD(, secreg) _regtree[SADB_SATYPE_MAX + 1]; + LIST_HEAD(, secacq) _acqtree; + LIST_HEAD(, secspacq) _spacqtree; +}; +#endif + +/* + * Symbol translation macros + */ +#define INIT_VNET_IPSEC(vnet) \ + INIT_FROM_VNET(vnet, VNET_MOD_IPSEC, struct vnet_ipsec, vnet_ipsec) + +#define VNET_IPSEC(sym) VSYM(vnet_ipsec, sym) + +#define V_acq_seq VNET_IPSEC(acq_seq) +#define V_acqtree VNET_IPSEC(acqtree) +#define V_ah_cleartos VNET_IPSEC(ah_cleartos) +#define V_ah_enable VNET_IPSEC(ah_enable) +#define V_ahstat VNET_IPSEC(ahstat) +#define V_crypto_support VNET_IPSEC(crypto_support) +#define V_esp_enable VNET_IPSEC(esp_enable) +#define V_esp_max_ivlen VNET_IPSEC(esp_max_ivlen) +#define V_espstat VNET_IPSEC(espstat) +#define V_ip4_ah_net_deflev VNET_IPSEC(ip4_ah_net_deflev) +#define V_ip4_ah_offsetmask VNET_IPSEC(ip4_ah_offsetmask) +#define V_ip4_ah_trans_deflev VNET_IPSEC(ip4_ah_trans_deflev) +#define V_ip4_def_policy VNET_IPSEC(ip4_def_policy) +#define V_ip4_esp_net_deflev VNET_IPSEC(ip4_esp_net_deflev) +#define V_ip4_esp_randpad VNET_IPSEC(ip4_esp_randpad) +#define V_ip4_esp_trans_deflev VNET_IPSEC(ip4_esp_trans_deflev) +#define V_ip4_ipsec_dfbit VNET_IPSEC(ip4_ipsec_dfbit) +#define V_ip4_ipsec_ecn VNET_IPSEC(ip4_ipsec_ecn) +#define V_ip6_ah_net_deflev VNET_IPSEC(ip6_ah_net_deflev) +#define V_ip6_ah_trans_deflev VNET_IPSEC(ip6_ah_trans_deflev) +#define V_ip6_esp_net_deflev VNET_IPSEC(ip6_esp_net_deflev) +#define V_ip6_esp_randpad VNET_IPSEC(ip6_esp_randpad) +#define V_ip6_esp_trans_deflev VNET_IPSEC(ip6_esp_trans_deflev) +#define V_ip6_ipsec_ecn VNET_IPSEC(ip6_ipsec_ecn) +#define V_ipcomp_enable VNET_IPSEC(ipcomp_enable) +#define V_ipcompstat VNET_IPSEC(ipcompstat) +#define V_ipip_allow VNET_IPSEC(ipip_allow) +#define V_ipipstat VNET_IPSEC(ipipstat) +#define V_ipsec4stat VNET_IPSEC(ipsec4stat) +#define V_ipsec6stat VNET_IPSEC(ipsec6stat) +#define V_ipsec_ah_keymin VNET_IPSEC(ipsec_ah_keymin) +#define V_ipsec_debug VNET_IPSEC(ipsec_debug) +#define V_ipsec_esp_auth VNET_IPSEC(ipsec_esp_auth) +#define V_ipsec_esp_keymin VNET_IPSEC(ipsec_esp_keymin) +#define V_ipsec_integrity VNET_IPSEC(ipsec_integrity) +#define V_ipsec_replay VNET_IPSEC(ipsec_replay) +#define V_key_blockacq_count VNET_IPSEC(key_blockacq_count) +#define V_key_blockacq_lifetime VNET_IPSEC(key_blockacq_lifetime) +#define V_key_cb VNET_IPSEC(key_cb) +#define V_key_debug_level VNET_IPSEC(key_debug_level) +#define V_key_dst VNET_IPSEC(key_dst) +#define V_key_int_random VNET_IPSEC(key_int_random) +#define V_key_larval_lifetime VNET_IPSEC(key_larval_lifetime) +#define V_key_preferred_oldsa VNET_IPSEC(key_preferred_oldsa) +#define V_key_spi_maxval VNET_IPSEC(key_spi_maxval) +#define V_key_spi_minval VNET_IPSEC(key_spi_minval) +#define V_key_spi_trycnt VNET_IPSEC(key_spi_trycnt) +#define V_key_src VNET_IPSEC(key_src) +#define V_pfkeystat VNET_IPSEC(pfkeystat) +#define V_policy_id VNET_IPSEC(policy_id) +#define V_regtree VNET_IPSEC(regtree) +#define V_sahtree VNET_IPSEC(sahtree) +#define V_saorder_state_alive VNET_IPSEC(saorder_state_alive) +#define V_saorder_state_any VNET_IPSEC(saorder_state_any) +#define V_spacqtree VNET_IPSEC(spacqtree) +#define V_sptree VNET_IPSEC(sptree) + +#endif /* !_NETIPSEC_VIPSEC_H_ */ diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c index 4f87db6f..76fecb1 100644 --- a/sys/netipsec/xform_ah.c +++ b/sys/netipsec/xform_ah.c @@ -93,12 +93,12 @@ int ah_cleartos = 1; /* clear ip_tos when doing AH calc */ struct ahstat ahstat; SYSCTL_DECL(_net_inet_ah); -SYSCTL_INT(_net_inet_ah, OID_AUTO, - ah_enable, CTLFLAG_RW, &ah_enable, 0, ""); -SYSCTL_INT(_net_inet_ah, OID_AUTO, - ah_cleartos, CTLFLAG_RW, &ah_cleartos, 0, ""); -SYSCTL_STRUCT(_net_inet_ah, IPSECCTL_STATS, - stats, CTLFLAG_RD, &ahstat, ahstat, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ah, OID_AUTO, + ah_enable, CTLFLAG_RW, ah_enable, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ah, OID_AUTO, + ah_cleartos, CTLFLAG_RW, ah_cleartos, 0, ""); +SYSCTL_V_STRUCT(V_NET, vnet_ipsec, _net_inet_ah, IPSECCTL_STATS, + stats, CTLFLAG_RD, ahstat, ahstat, ""); static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */ @@ -160,6 +160,7 @@ ah_hdrsiz(struct secasvar *sav) int ah_init0(struct secasvar *sav, struct xformsw *xsp, struct cryptoini *cria) { + INIT_VNET_IPSEC(curvnet); struct auth_hash *thash; int keylen; @@ -214,6 +215,7 @@ ah_init0(struct secasvar *sav, struct xformsw *xsp, struct cryptoini *cria) static int ah_init(struct secasvar *sav, struct xformsw *xsp) { + INIT_VNET_IPSEC(curvnet); struct cryptoini cria; int error; @@ -248,6 +250,7 @@ ah_zeroize(struct secasvar *sav) static int ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out) { + INIT_VNET_IPSEC(curvnet); struct mbuf *m = *m0; unsigned char *ptr; int off, count; @@ -552,6 +555,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out) static int ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) { + INIT_VNET_IPSEC(curvnet); struct auth_hash *ahx; struct tdb_ident *tdbi; struct tdb_crypto *tc; @@ -721,6 +725,7 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) static int ah_input_cb(struct cryptop *crp) { + INIT_VNET_IPSEC(curvnet); int rplen, error, skip, protoff; unsigned char calc[AH_ALEN_MAX]; struct mbuf *m; @@ -883,6 +888,7 @@ ah_output( int skip, int protoff) { + INIT_VNET_IPSEC(curvnet); struct secasvar *sav; struct auth_hash *ahx; struct cryptodesc *crda; @@ -1109,6 +1115,7 @@ bad: static int ah_output_cb(struct cryptop *crp) { + INIT_VNET_IPSEC(curvnet); int skip, protoff, error; struct tdb_crypto *tc; struct ipsecrequest *isr; diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index 3ac01c6..21cc82f 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -80,10 +80,10 @@ int esp_enable = 1; struct espstat espstat; SYSCTL_DECL(_net_inet_esp); -SYSCTL_INT(_net_inet_esp, OID_AUTO, - esp_enable, CTLFLAG_RW, &esp_enable, 0, ""); -SYSCTL_STRUCT(_net_inet_esp, IPSECCTL_STATS, - stats, CTLFLAG_RD, &espstat, espstat, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec,_net_inet_esp, OID_AUTO, + esp_enable, CTLFLAG_RW, esp_enable, 0, ""); +SYSCTL_V_STRUCT(V_NET, vnet_ipsec, _net_inet_esp, IPSECCTL_STATS, + stats, CTLFLAG_RD, espstat, espstat, ""); static int esp_max_ivlen; /* max iv length over all algorithms */ @@ -123,6 +123,7 @@ esp_algorithm_lookup(int alg) size_t esp_hdrsiz(struct secasvar *sav) { + INIT_VNET_IPSEC(curvnet); size_t size; if (sav != NULL) { @@ -157,6 +158,7 @@ esp_hdrsiz(struct secasvar *sav) static int esp_init(struct secasvar *sav, struct xformsw *xsp) { + INIT_VNET_IPSEC(curvnet); struct enc_xform *txform; struct cryptoini cria, crie; int keylen; @@ -267,6 +269,7 @@ esp_zeroize(struct secasvar *sav) static int esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) { + INIT_VNET_IPSEC(curvnet); struct auth_hash *esph; struct enc_xform *espx; struct tdb_ident *tdbi; @@ -449,6 +452,7 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) static int esp_input_cb(struct cryptop *crp) { + INIT_VNET_IPSEC(curvnet); u_int8_t lastthree[3], aalg[AH_HMAC_HASHLEN]; int hlen, skip, protoff, error; struct mbuf *m; @@ -652,6 +656,7 @@ esp_output( int protoff ) { + INIT_VNET_IPSEC(curvnet); struct enc_xform *espx; struct auth_hash *esph; int hlen, rlen, plen, padding, blks, alen, i, roff; @@ -882,6 +887,7 @@ bad: static int esp_output_cb(struct cryptop *crp) { + INIT_VNET_IPSEC(curvnet); struct tdb_crypto *tc; struct ipsecrequest *isr; struct secasvar *sav; diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c index 2882af8..3492924 100644 --- a/sys/netipsec/xform_ipcomp.c +++ b/sys/netipsec/xform_ipcomp.c @@ -71,10 +71,10 @@ int ipcomp_enable = 0; struct ipcompstat ipcompstat; SYSCTL_DECL(_net_inet_ipcomp); -SYSCTL_INT(_net_inet_ipcomp, OID_AUTO, - ipcomp_enable, CTLFLAG_RW, &ipcomp_enable, 0, ""); -SYSCTL_STRUCT(_net_inet_ipcomp, IPSECCTL_STATS, - stats, CTLFLAG_RD, &ipcompstat, ipcompstat, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipcomp, OID_AUTO, + ipcomp_enable, CTLFLAG_RW, ipcomp_enable, 0, ""); +SYSCTL_V_STRUCT(V_NET, vnet_ipsec, _net_inet_ipcomp, IPSECCTL_STATS, + stats, CTLFLAG_RD, ipcompstat, ipcompstat, ""); static int ipcomp_input_cb(struct cryptop *crp); static int ipcomp_output_cb(struct cryptop *crp); @@ -97,6 +97,7 @@ ipcomp_algorithm_lookup(int alg) static int ipcomp_init(struct secasvar *sav, struct xformsw *xsp) { + INIT_VNET_IPSEC(curvnet); struct comp_algo *tcomp; struct cryptoini cric; @@ -137,6 +138,7 @@ ipcomp_zeroize(struct secasvar *sav) static int ipcomp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) { + INIT_VNET_IPSEC(curvnet); struct tdb_crypto *tc; struct cryptodesc *crdc; struct cryptop *crp; @@ -207,6 +209,7 @@ ipcomp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) static int ipcomp_input_cb(struct cryptop *crp) { + INIT_VNET_IPSEC(curvnet); struct cryptodesc *crd; struct tdb_crypto *tc; int skip, protoff; @@ -327,6 +330,7 @@ ipcomp_output( int protoff ) { + INIT_VNET_IPSEC(curvnet); struct secasvar *sav; struct comp_algo *ipcompx; int error, ralen, hlen, maxpacketsize, roff; @@ -485,6 +489,7 @@ bad: static int ipcomp_output_cb(struct cryptop *crp) { + INIT_VNET_IPSEC(curvnet); struct tdb_crypto *tc; struct ipsecrequest *isr; struct secasvar *sav; diff --git a/sys/netipsec/xform_ipip.c b/sys/netipsec/xform_ipip.c index cb9256d..568d42e 100644 --- a/sys/netipsec/xform_ipip.c +++ b/sys/netipsec/xform_ipip.c @@ -95,10 +95,10 @@ int ipip_allow = 0; struct ipipstat ipipstat; SYSCTL_DECL(_net_inet_ipip); -SYSCTL_INT(_net_inet_ipip, OID_AUTO, - ipip_allow, CTLFLAG_RW, &ipip_allow, 0, ""); -SYSCTL_STRUCT(_net_inet_ipip, IPSECCTL_STATS, - stats, CTLFLAG_RD, &ipipstat, ipipstat, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipip, OID_AUTO, + ipip_allow, CTLFLAG_RW, ipip_allow, 0, ""); +SYSCTL_V_STRUCT(V_NET, vnet_ipsec, _net_inet_ipip, IPSECCTL_STATS, + stats, CTLFLAG_RD, ipipstat, ipipstat, ""); /* XXX IPCOMP */ #define M_IPSEC (M_AUTHIPHDR|M_AUTHIPDGM|M_DECRYPTED) @@ -156,6 +156,8 @@ ip4_input(struct mbuf *m, int off) static void _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) { + INIT_VNET_NET(curvnet); + INIT_VNET_IPSEC(curvnet); register struct sockaddr_in *sin; register struct ifnet *ifp; register struct ifaddr *ifa; @@ -407,6 +409,10 @@ ipip_output( int protoff ) { + INIT_VNET_IPSEC(curvnet); +#ifdef INET + INIT_VNET_INET(curvnet); +#endif /* INET */ struct secasvar *sav; u_int8_t tp, otos; struct secasindex *saidx; diff --git a/sys/nfsclient/nfs_diskless.c b/sys/nfsclient/nfs_diskless.c index be5f934..7362aa9 100644 --- a/sys/nfsclient/nfs_diskless.c +++ b/sys/nfsclient/nfs_diskless.c @@ -42,9 +42,9 @@ __FBSDID("$FreeBSD$"); #include <sys/kernel.h> #include <sys/malloc.h> #include <sys/mount.h> - #include <sys/socket.h> #include <sys/vimage.h> + #include <net/if.h> #include <net/if_dl.h> #include <net/if_types.h> @@ -149,6 +149,7 @@ nfs_parse_options(const char *envopts, struct nfs_args *nd) void nfs_setup_diskless(void) { + INIT_VNET_NET(curvnet); struct nfs_diskless *nd = &nfs_diskless; struct ifnet *ifp; struct ifaddr *ifa; diff --git a/sys/nfsclient/nfs_vfsops.c b/sys/nfsclient/nfs_vfsops.c index f5b442d..a175f33 100644 --- a/sys/nfsclient/nfs_vfsops.c +++ b/sys/nfsclient/nfs_vfsops.c @@ -401,6 +401,7 @@ nfsmout: int nfs_mountroot(struct mount *mp, struct thread *td) { + INIT_VPROCG(TD_TO_VPROCG(td)); struct nfsv3_diskless *nd = &nfsv3_diskless; struct socket *so; struct vnode *vp; diff --git a/sys/nfsclient/nfs_vnops.c b/sys/nfsclient/nfs_vnops.c index bbf6810..33b391c 100644 --- a/sys/nfsclient/nfs_vnops.c +++ b/sys/nfsclient/nfs_vnops.c @@ -1411,15 +1411,18 @@ again: if (v3) { tl = nfsm_build(u_int32_t *, NFSX_UNSIGNED); if (fmode & O_EXCL) { + CURVNET_SET(VFSTONFS(dvp->v_mount)->nm_so->so_vnet); *tl = txdr_unsigned(NFSV3CREATE_EXCLUSIVE); tl = nfsm_build(u_int32_t *, NFSX_V3CREATEVERF); #ifdef INET + INIT_VNET_INET(curvnet); if (!TAILQ_EMPTY(&V_in_ifaddrhead)) *tl++ = IA_SIN(TAILQ_FIRST(&V_in_ifaddrhead))->sin_addr.s_addr; else #endif *tl++ = create_verf; *tl = ++create_verf; + CURVNET_RESTORE(); } else { *tl = txdr_unsigned(NFSV3CREATE_UNCHECKED); nfsm_v3attrbuild(vap, FALSE); diff --git a/sys/rpc/authunix_prot.c b/sys/rpc/authunix_prot.c index 3f61299..eb75e2d 100644 --- a/sys/rpc/authunix_prot.c +++ b/sys/rpc/authunix_prot.c @@ -69,6 +69,7 @@ xdr_authunix_parms(XDR *xdrs, uint32_t *time, struct xucred *cred) uint32_t namelen; uint32_t ngroups, i; uint32_t junk; + INIT_VPROCG(TD_TO_VPROCG(&thread0)); /* XXX revisit - fixme! */ mtx_lock(&hostname_mtx); if (xdrs->x_op == XDR_ENCODE) { diff --git a/sys/sys/sysctl.h b/sys/sys/sysctl.h index 2597862..e605e9f 100644 --- a/sys/sys/sysctl.h +++ b/sys/sys/sysctl.h @@ -175,6 +175,12 @@ int sysctl_handle_intptr(SYSCTL_HANDLER_ARGS); int sysctl_handle_string(SYSCTL_HANDLER_ARGS); int sysctl_handle_opaque(SYSCTL_HANDLER_ARGS); +#ifdef VIMAGE +int sysctl_handle_v_int(SYSCTL_HANDLER_ARGS); +int sysctl_handle_v_string(SYSCTL_HANDLER_ARGS); +int sysctl_handle_v_opaque(SYSCTL_HANDLER_ARGS); +#endif + /* * These functions are used to add/remove an oid from the mib. */ @@ -219,6 +225,20 @@ TAILQ_HEAD(sysctl_ctx_list, sysctl_ctx_entry); a1, a2, #name, handler, fmt, 0, __DESCR(descr) }; \ DATA_SET(sysctl_set, sysctl__##parent##_##name) +#ifdef VIMAGE +#define SYSCTL_V_OID(subs, mod, parent, nbr, name, kind, a1, a2, \ + handler, fmt, descr) \ + static struct sysctl_oid sysctl__##parent##_##name = { \ + &sysctl_##parent##_children, { 0 }, nbr, kind, \ + (void *) offsetof(struct mod, _##a1), a2, #name, \ + handler, fmt, 0, __DESCR(descr), subs, V_MOD_##mod }; \ + DATA_SET(sysctl_set, sysctl__##parent##_##name) +#else +#define SYSCTL_V_OID(subs, mod, parent, nbr, name, kind, a1, a2, \ + handler, fmt, descr) \ + SYSCTL_OID(parent, nbr, name, kind, &a1, a2, handler, fmt, descr) +#endif + #define SYSCTL_ADD_OID(ctx, parent, nbr, name, kind, a1, a2, handler, fmt, descr) \ sysctl_add_oid(ctx, parent, nbr, name, kind, a1, a2, handler, fmt, __DESCR(descr)) @@ -237,6 +257,16 @@ TAILQ_HEAD(sysctl_ctx_list, sysctl_ctx_entry); SYSCTL_OID(parent, nbr, name, CTLTYPE_STRING|(access), \ arg, len, sysctl_handle_string, "A", descr) +#ifdef VIMAGE +#define SYSCTL_V_STRING(subs, mod, parent, nbr, name, access, sym, len, descr) \ + SYSCTL_V_OID(subs, mod, parent, nbr, name, CTLTYPE_STRING|(access), \ + sym, len, sysctl_handle_v_string, "A", descr) +#else +#define SYSCTL_V_STRING(subs, mod, parent, nbr, name, access, sym, len, descr) \ + SYSCTL_OID(parent, nbr, name, CTLTYPE_STRING|(access), \ + &sym, len, sysctl_handle_string, "A", descr) +#endif + #define SYSCTL_ADD_STRING(ctx, parent, nbr, name, access, arg, len, descr) \ sysctl_add_oid(ctx, parent, nbr, name, CTLTYPE_STRING|(access), \ arg, len, sysctl_handle_string, "A", __DESCR(descr)) @@ -246,6 +276,16 @@ TAILQ_HEAD(sysctl_ctx_list, sysctl_ctx_entry); SYSCTL_OID(parent, nbr, name, CTLTYPE_INT|(access), \ ptr, val, sysctl_handle_int, "I", descr) +#ifdef VIMAGE +#define SYSCTL_V_INT(subs, mod, parent, nbr, name, access, sym, val, descr) \ + SYSCTL_V_OID(subs, mod, parent, nbr, name, CTLTYPE_INT|(access), \ + sym, val, sysctl_handle_v_int, "I", descr) +#else +#define SYSCTL_V_INT(subs, mod, parent, nbr, name, access, sym, val, descr) \ + SYSCTL_OID(parent, nbr, name, CTLTYPE_INT|(access), \ + &sym, val, sysctl_handle_int, "I", descr) +#endif + #define SYSCTL_ADD_INT(ctx, parent, nbr, name, access, ptr, val, descr) \ sysctl_add_oid(ctx, parent, nbr, name, CTLTYPE_INT|(access), \ ptr, val, sysctl_handle_int, "I", __DESCR(descr)) @@ -255,6 +295,16 @@ TAILQ_HEAD(sysctl_ctx_list, sysctl_ctx_entry); SYSCTL_OID(parent, nbr, name, CTLTYPE_UINT|(access), \ ptr, val, sysctl_handle_int, "IU", descr) +#ifdef VIMAGE +#define SYSCTL_V_UINT(subs, mod, parent, nbr, name, access, sym, val, descr) \ + SYSCTL_V_OID(subs, mod, parent, nbr, name, CTLTYPE_UINT|(access), \ + sym, val, sysctl_handle_v_int, "IU", descr) +#else +#define SYSCTL_V_UINT(subs, mod, parent, nbr, name, access, sym, val, descr) \ + SYSCTL_OID(parent, nbr, name, CTLTYPE_UINT|(access), \ + &sym, val, sysctl_handle_int, "IU", descr) +#endif + #define SYSCTL_ADD_UINT(ctx, parent, nbr, name, access, ptr, val, descr) \ sysctl_add_oid(ctx, parent, nbr, name, CTLTYPE_UINT|(access), \ ptr, val, sysctl_handle_int, "IU", __DESCR(descr)) @@ -317,6 +367,20 @@ TAILQ_HEAD(sysctl_ctx_list, sysctl_ctx_entry); ptr, sizeof(struct type), sysctl_handle_opaque, \ "S," #type, descr) +#ifdef VIMAGE +#define SYSCTL_V_STRUCT(subs, mod, parent, nbr, name, access, sym, \ + type, descr) \ + SYSCTL_V_OID(subs, mod, parent, nbr, name, CTLTYPE_OPAQUE|(access), \ + sym, sizeof(struct type), sysctl_handle_v_opaque, \ + "S," #type, descr) +#else +#define SYSCTL_V_STRUCT(subs, mod, parent, nbr, name, access, sym, \ + type, descr) \ + SYSCTL_OID(parent, nbr, name, CTLTYPE_OPAQUE|(access), \ + &sym, sizeof(struct type), sysctl_handle_opaque, \ + "S," #type, descr) +#endif + #define SYSCTL_ADD_STRUCT(ctx, parent, nbr, name, access, ptr, type, descr) \ sysctl_add_oid(ctx, parent, nbr, name, CTLTYPE_OPAQUE|(access), \ ptr, sizeof(struct type), sysctl_handle_opaque, "S," #type, __DESCR(descr)) @@ -326,6 +390,11 @@ TAILQ_HEAD(sysctl_ctx_list, sysctl_ctx_entry); SYSCTL_OID(parent, nbr, name, (access), \ ptr, arg, handler, fmt, descr) +#define SYSCTL_V_PROC(subs, mod, parent, nbr, name, access, sym, arg, \ + handler, fmt, descr) \ + SYSCTL_V_OID(subs, mod, parent, nbr, name, (access), \ + sym, arg, handler, fmt, descr) + #define SYSCTL_ADD_PROC(ctx, parent, nbr, name, access, ptr, arg, handler, fmt, descr) \ sysctl_add_oid(ctx, parent, nbr, name, (access), \ ptr, arg, handler, fmt, __DESCR(descr)) diff --git a/sys/sys/vimage.h b/sys/sys/vimage.h index 16f6e20..7f87142 100644 --- a/sys/sys/vimage.h +++ b/sys/sys/vimage.h @@ -33,317 +33,34 @@ #ifndef _SYS_VIMAGE_H_ #define _SYS_VIMAGE_H_ -#define V_hostname hostname -#define G_hostname hostname -#define V_domainname domainname -#define V_acq_seq acq_seq -#define V_acqtree acqtree -#define V_addrsel_policytab addrsel_policytab -#define V_ah_cleartos ah_cleartos -#define V_ah_enable ah_enable -#define V_ahstat ahstat -#define V_arp_maxtries arp_maxtries -#define V_arp_proxyall arp_proxyall -#define V_arpt_keep arpt_keep -#define V_autoinc_step autoinc_step -#define V_blackhole blackhole -#define V_crypto_support crypto_support -#define V_curr_dyn_buckets curr_dyn_buckets -#define V_dad_ignore_ns dad_ignore_ns -#define V_dad_init dad_init -#define V_dad_maxtry dad_maxtry -#define V_dadq dadq -#define V_defaultaddrpolicy defaultaddrpolicy -#define V_divcb divcb -#define V_divcbinfo divcbinfo -#define V_drop_synfin drop_synfin -#define V_dyn_ack_lifetime dyn_ack_lifetime -#define V_dyn_buckets dyn_buckets -#define V_dyn_count dyn_count -#define V_dyn_fin_lifetime dyn_fin_lifetime -#define V_dyn_keepalive dyn_keepalive -#define V_dyn_keepalive_interval dyn_keepalive_interval -#define V_dyn_keepalive_period dyn_keepalive_period -#define V_dyn_max dyn_max -#define V_dyn_rst_lifetime dyn_rst_lifetime -#define V_dyn_short_lifetime dyn_short_lifetime -#define V_dyn_syn_lifetime dyn_syn_lifetime -#define V_dyn_udp_lifetime dyn_udp_lifetime -#define V_esp_enable esp_enable -#define V_esp_max_ivlen esp_max_ivlen -#define V_espstat espstat -#define V_ether_ipfw ether_ipfw -#define V_frag6_nfragpackets frag6_nfragpackets -#define V_frag6_nfrags frag6_nfrags -#define V_fw6_enable fw6_enable -#define V_fw_debug fw_debug -#define V_fw_deny_unknown_exthdrs fw_deny_unknown_exthdrs -#define V_fw_enable fw_enable -#define V_fw_one_pass fw_one_pass -#define V_fw_verbose fw_verbose -#define V_gif_softc_list gif_softc_list -#define V_icmp6_nodeinfo icmp6_nodeinfo -#define V_icmp6_rediraccept icmp6_rediraccept -#define V_icmp6_redirtimeout icmp6_redirtimeout -#define V_icmp6errpps_count icmp6errpps_count -#define V_icmp6errppslim icmp6errppslim -#define V_icmp6errppslim_last icmp6errppslim_last -#define V_icmp6stat icmp6stat -#define V_icmp_may_rst icmp_may_rst -#define V_icmpstat icmpstat -#define V_if_index if_index -#define V_if_indexlim if_indexlim -#define V_ifaddr_event_tag ifaddr_event_tag -#define V_ifg_head ifg_head -#define V_ifindex_table ifindex_table -#define V_ifklist ifklist -#define V_ifnet ifnet -#define V_igmpstat igmpstat -#define V_in6_ifaddr in6_ifaddr -#define V_in6_maxmtu in6_maxmtu -#define V_in6_tmpaddrtimer_ch in6_tmpaddrtimer_ch -#define V_in_ifaddrhashtbl in_ifaddrhashtbl -#define V_in_ifaddrhead in_ifaddrhead -#define V_in_ifaddrhmask in_ifaddrhmask -#define V_in_multihead in_multihead -#define V_ip4_ah_net_deflev ip4_ah_net_deflev -#define V_ip4_ah_offsetmask ip4_ah_offsetmask -#define V_ip4_ah_trans_deflev ip4_ah_trans_deflev -#define V_ip4_def_policy ip4_def_policy -#define V_ip4_esp_net_deflev ip4_esp_net_deflev -#define V_ip4_esp_randpad ip4_esp_randpad -#define V_ip4_esp_trans_deflev ip4_esp_trans_deflev -#define V_ip4_ipsec_dfbit ip4_ipsec_dfbit -#define V_ip4_ipsec_ecn ip4_ipsec_ecn -#define V_ip6_accept_rtadv ip6_accept_rtadv -#define V_ip6_ah_net_deflev ip6_ah_net_deflev -#define V_ip6_ah_trans_deflev ip6_ah_trans_deflev -#define V_ip6_auto_flowlabel ip6_auto_flowlabel -#define V_ip6_auto_linklocal ip6_auto_linklocal -#define V_ip6_dad_count ip6_dad_count -#define V_ip6_defhlim ip6_defhlim -#define V_ip6_defmcasthlim ip6_defmcasthlim -#define V_ip6_desync_factor ip6_desync_factor -#define V_ip6_esp_net_deflev ip6_esp_net_deflev -#define V_ip6_esp_trans_deflev ip6_esp_trans_deflev -#define V_ip6_forward_rt ip6_forward_rt -#define V_ip6_forward_srcrt ip6_forward_srcrt -#define V_ip6_forwarding ip6_forwarding -#define V_ip6_gif_hlim ip6_gif_hlim -#define V_ip6_hdrnestlimit ip6_hdrnestlimit -#define V_ip6_ipsec_ecn ip6_ipsec_ecn -#define V_ip6_keepfaith ip6_keepfaith -#define V_ip6_log_interval ip6_log_interval -#define V_ip6_log_time ip6_log_time -#define V_ip6_maxfragpackets ip6_maxfragpackets -#define V_ip6_maxfrags ip6_maxfrags -#define V_ip6_mcast_pmtu ip6_mcast_pmtu -#define V_ip6_mrouter_ver ip6_mrouter_ver -#define V_ip6_opts ip6_opts -#define V_ip6_ours_check_algorithm ip6_ours_check_algorithm -#define V_ip6_prefer_tempaddr ip6_prefer_tempaddr -#define V_ip6_rr_prune ip6_rr_prune -#define V_ip6_sendredirects ip6_sendredirects -#define V_ip6_sourcecheck ip6_sourcecheck -#define V_ip6_sourcecheck_interval ip6_sourcecheck_interval -#define V_ip6_temp_preferred_lifetime ip6_temp_preferred_lifetime -#define V_ip6_temp_regen_advance ip6_temp_regen_advance -#define V_ip6_temp_valid_lifetime ip6_temp_valid_lifetime -#define V_ip6_use_defzone ip6_use_defzone -#define V_ip6_use_deprecated ip6_use_deprecated -#define V_ip6_use_tempaddr ip6_use_tempaddr -#define V_ip6_v6only ip6_v6only -#define V_ip6q ip6q -#define V_ip6qmaxlen ip6qmaxlen -#define V_ip6stat ip6stat -#define V_ip6stealth ip6stealth -#define V_ip_checkinterface ip_checkinterface -#define V_ip_defttl ip_defttl -#define V_ip_do_randomid ip_do_randomid -#define V_ip_gif_ttl ip_gif_ttl -#define V_ip_id ip_id -#define V_ip_keepfaith ip_keepfaith -#define V_ip_mrouter ip_mrouter -#define V_ip_rsvp_on ip_rsvp_on -#define V_ip_rsvpd ip_rsvpd -#define V_ip_sendsourcequench ip_sendsourcequench -#define V_ipcomp_enable ipcomp_enable -#define V_ipcompstat ipcompstat -#define V_ipfastforward_active ipfastforward_active -#define V_ipforwarding ipforwarding -#define V_ipfw_dyn_v ipfw_dyn_v -#define V_ipfw_timeout ipfw_timeout -#define V_ipip_allow ipip_allow -#define V_ipipstat ipipstat -#define V_ipport_firstauto ipport_firstauto -#define V_ipport_hifirstauto ipport_hifirstauto -#define V_ipport_hilastauto ipport_hilastauto -#define V_ipport_lastauto ipport_lastauto -#define V_ipport_lowfirstauto ipport_lowfirstauto -#define V_ipport_lowlastauto ipport_lowlastauto -#define V_ipport_randomcps ipport_randomcps -#define V_ipport_randomized ipport_randomized -#define V_ipport_randomtime ipport_randomtime -#define V_ipport_reservedhigh ipport_reservedhigh -#define V_ipport_reservedlow ipport_reservedlow -#define V_ipport_stoprandom ipport_stoprandom -#define V_ipport_tcpallocs ipport_tcpallocs -#define V_ipport_tcplastcount ipport_tcplastcount -#define V_ipq ipq -#define V_ipq_zone ipq_zone -#define V_ipsec4stat ipsec4stat -#define V_ipsec6stat ipsec6stat -#define V_ipsec_ah_keymin ipsec_ah_keymin -#define V_ipsec_debug ipsec_debug -#define V_ipsec_esp_auth ipsec_esp_auth -#define V_ipsec_esp_keymin ipsec_esp_keymin -#define V_ipsec_integrity ipsec_integrity -#define V_ipsec_replay ipsec_replay -#define V_ipsendredirects ipsendredirects -#define V_ipstat ipstat -#define V_ipstealth ipstealth -#define V_isn_ctx isn_ctx -#define V_isn_last_reseed isn_last_reseed -#define V_isn_offset isn_offset -#define V_isn_offset_old isn_offset_old -#define V_isn_secret isn_secret -#define V_key_blockacq_count key_blockacq_count -#define V_key_blockacq_lifetime key_blockacq_lifetime -#define V_key_cb key_cb -#define V_key_debug_level key_debug_level -#define V_key_int_random key_int_random -#define V_key_larval_lifetime key_larval_lifetime -#define V_key_preferred_oldsa key_preferred_oldsa -#define V_key_spi_maxval key_spi_maxval -#define V_key_spi_minval key_spi_minval -#define V_key_spi_trycnt key_spi_trycnt -#define V_key_src key_src -#define V_layer3_chain layer3_chain -#define V_llinfo_arp llinfo_arp -#define V_llinfo_nd6 llinfo_nd6 -#define V_lo_list lo_list -#define V_loif loif -#define V_max_gif_nesting max_gif_nesting -#define V_maxfragsperpacket maxfragsperpacket -#define V_maxnipq maxnipq -#define V_mrt6debug mrt6debug -#define V_nd6_allocated nd6_allocated -#define V_nd6_debug nd6_debug -#define V_nd6_defifindex nd6_defifindex -#define V_nd6_defifp nd6_defifp -#define V_nd6_delay nd6_delay -#define V_nd6_gctimer nd6_gctimer -#define V_nd6_inuse nd6_inuse -#define V_nd6_maxndopt nd6_maxndopt -#define V_nd6_maxnudhint nd6_maxnudhint -#define V_nd6_maxqueuelen nd6_maxqueuelen -#define V_nd6_mmaxtries nd6_mmaxtries -#define V_nd6_prune nd6_prune -#define V_nd6_recalc_reachtm_interval nd6_recalc_reachtm_interval -#define V_nd6_slowtimo_ch nd6_slowtimo_ch -#define V_nd6_timer_ch nd6_timer_ch -#define V_nd6_umaxtries nd6_umaxtries -#define V_nd6_useloopback nd6_useloopback -#define V_nd_defrouter nd_defrouter -#define V_nd_prefix nd_prefix -#define V_nextID nextID -#define V_ng_ID_hash ng_ID_hash -#define V_ng_eiface_unit ng_eiface_unit -#define V_ng_iface_unit ng_iface_unit -#define V_ng_name_hash ng_name_hash -#define V_nipq nipq -#define V_nolocaltimewait nolocaltimewait -#define V_norule_counter norule_counter -#define V_parallel_tunnels parallel_tunnels -#define V_path_mtu_discovery path_mtu_discovery -#define V_pfkeystat pfkeystat -#define V_pim6 pim6 -#define V_pmtu_expire pmtu_expire -#define V_pmtu_probe pmtu_probe -#define V_policy_id policy_id -#define V_rawcb_list rawcb_list -#define V_regtree regtree -#define V_rip6_recvspace rip6_recvspace -#define V_rip6_sendspace rip6_sendspace -#define V_rip6stat rip6stat -#define V_ripcb ripcb -#define V_ripcbinfo ripcbinfo -#define V_router_info_head router_info_head -#define V_rsvp_on rsvp_on -#define V_rt_tables rt_tables -#define V_rtq_minreallyold rtq_minreallyold -#define V_rtq_minreallyold6 rtq_minreallyold6 -#define V_rtq_mtutimer rtq_mtutimer -#define V_rtq_reallyold rtq_reallyold -#define V_rtq_reallyold6 rtq_reallyold6 -#define V_rtq_timeout rtq_timeout -#define V_rtq_timeout6 rtq_timeout6 -#define V_rtq_timer rtq_timer -#define V_rtq_timer6 rtq_timer6 -#define V_rtq_toomany rtq_toomany -#define V_rtq_toomany6 rtq_toomany6 -#define V_rtstat rtstat -#define V_rttrash rttrash -#define V_sahtree sahtree -#define V_sameprefixcarponly sameprefixcarponly -#define V_saorder_state_alive saorder_state_alive -#define V_saorder_state_any saorder_state_any -#define V_set_disable set_disable -#define V_sid_default sid_default -#define V_spacqtree spacqtree -#define V_sptree sptree -#define V_ss_fltsz ss_fltsz -#define V_ss_fltsz_local ss_fltsz_local -#define V_static_len static_len -#define V_static_count static_count -#define V_subnetsarelocal subnetsarelocal -#define V_tcb tcb -#define V_tcbinfo tcbinfo -#define V_tcp_autorcvbuf_inc tcp_autorcvbuf_inc -#define V_tcp_autorcvbuf_max tcp_autorcvbuf_max -#define V_tcp_autosndbuf_inc tcp_autosndbuf_inc -#define V_tcp_autosndbuf_max tcp_autosndbuf_max -#define V_tcp_delack_enabled tcp_delack_enabled -#define V_tcp_do_autorcvbuf tcp_do_autorcvbuf -#define V_tcp_do_autosndbuf tcp_do_autosndbuf -#define V_tcp_do_ecn tcp_do_ecn -#define V_tcp_do_newreno tcp_do_newreno -#define V_tcp_do_rfc1323 tcp_do_rfc1323 -#define V_tcp_do_rfc3042 tcp_do_rfc3042 -#define V_tcp_do_rfc3390 tcp_do_rfc3390 -#define V_tcp_do_sack tcp_do_sack -#define V_tcp_do_tso tcp_do_tso -#define V_tcp_hc_callout tcp_hc_callout -#define V_tcp_ecn_maxretries tcp_ecn_maxretries -#define V_tcp_hostcache tcp_hostcache -#define V_tcp_inflight_enable tcp_inflight_enable -#define V_tcp_inflight_max tcp_inflight_max -#define V_tcp_inflight_min tcp_inflight_min -#define V_tcp_inflight_rttthresh tcp_inflight_rttthresh -#define V_tcp_inflight_stab tcp_inflight_stab -#define V_tcp_insecure_rst tcp_insecure_rst -#define V_tcp_isn_reseed_interval tcp_isn_reseed_interval -#define V_tcp_minmss tcp_minmss -#define V_tcp_mssdflt tcp_mssdflt -#define V_tcp_reass_maxqlen tcp_reass_maxqlen -#define V_tcp_reass_maxseg tcp_reass_maxseg -#define V_tcp_reass_overflows tcp_reass_overflows -#define V_tcp_reass_qsize tcp_reass_qsize -#define V_tcp_sack_globalholes tcp_sack_globalholes -#define V_tcp_sack_globalmaxholes tcp_sack_globalmaxholes -#define V_tcp_sack_maxholes tcp_sack_maxholes -#define V_tcp_sc_rst_sock_fail tcp_sc_rst_sock_fail -#define V_tcp_syncache tcp_syncache -#define V_tcp_v6mssdflt tcp_v6mssdflt -#define V_tcpstat tcpstat -#define V_twq_2msl twq_2msl -#define V_udb udb -#define V_udbinfo udbinfo -#define V_udp_blackhole udp_blackhole -#define V_udp6_recvspace udp6_recvspace -#define V_udp6_sendspace udp6_sendspace -#define V_udpstat udpstat -#define V_useloopback useloopback -#define V_verbose_limit verbose_limit +/* Non-VIMAGE null-macros */ +#define CURVNET_SET(arg) +#define CURVNET_SET_QUIET(arg) +#define CURVNET_RESTORE() +#define VNET_ASSERT(condition) +#define VSYM(base, sym) (sym) +#define INIT_FROM_VNET(vnet, modindex, modtype, sym) +#define VNET_ITERATOR_DECL(arg) +#define VNET_FOREACH(arg) +#define VNET_LIST_RLOCK() +#define VNET_LIST_RUNLOCK() +#define INIT_VPROCG(arg) +#define INIT_VCPU(arg) +#define TD_TO_VIMAGE(td) +#define TD_TO_VNET(td) +#define TD_TO_VPROCG(td) +#define TD_TO_VCPU(td) +#define P_TO_VIMAGE(p) +#define P_TO_VNET(p) +#define P_TO_VPROCG(p) +#define P_TO_VCPU(p) + +/* XXX those defines bellow should probably go into vprocg.h and vcpu.h */ +#define VPROCG(sym) VSYM(vprocg, sym) +#define VCPU(sym) VSYM(vcpu, sym) + +#define V_hostname VPROCG(hostname) +#define G_hostname VSYM(basevprocg, hostname) /* global hostname */ +#define V_domainname VPROCG(domainname) #endif /* !_SYS_VIMAGE_H_ */ |
