summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sys/kern/kern_poll.c1
-rw-r--r--sys/kern/kern_sysctl.c3
-rw-r--r--sys/net/bpf.c7
-rw-r--r--sys/net/if.c1
-rw-r--r--sys/net/if_loop.c4
-rw-r--r--sys/net/route.c1
-rw-r--r--sys/netinet/if_ether.c4
-rw-r--r--sys/netinet/in_pcb.c3
-rw-r--r--sys/netinet/in_rmx.c2
-rw-r--r--sys/netinet/ip_divert.c1
-rw-r--r--sys/netinet/ip_fw_pfil.c1
-rw-r--r--sys/netinet/ip_output.c1
-rw-r--r--sys/netinet/tcp_input.c1
-rw-r--r--sys/netinet/tcp_subr.c28
-rw-r--r--sys/netinet/tcp_syncache.c22
-rw-r--r--sys/netinet/tcp_timewait.c4
-rw-r--r--sys/netinet/udp_usrreq.c3
-rw-r--r--sys/netinet/vinet.h7
-rw-r--r--sys/netinet6/icmp6.c3
-rw-r--r--sys/netinet6/in6_ifattach.c3
-rw-r--r--sys/netinet6/in6_proto.c4
-rw-r--r--sys/netinet6/in6_rmx.c12
-rw-r--r--sys/netinet6/in6_src.c1
-rw-r--r--sys/netinet6/nd6_nbr.c2
-rw-r--r--sys/netinet6/nd6_rtr.c2
-rw-r--r--sys/netinet6/raw_ip6.c9
-rw-r--r--sys/netipsec/ipsec.c2
-rw-r--r--sys/netipsec/key.c30
-rw-r--r--sys/netipsec/keysock.c4
-rw-r--r--sys/netipsec/vipsec.h10
30 files changed, 101 insertions, 75 deletions
diff --git a/sys/kern/kern_poll.c b/sys/kern/kern_poll.c
index 2bd1550..2cebab9 100644
--- a/sys/kern/kern_poll.c
+++ b/sys/kern/kern_poll.c
@@ -521,6 +521,7 @@ ether_poll_deregister(struct ifnet *ifp)
static int
poll_switch(SYSCTL_HANDLER_ARGS)
{
+ INIT_VNET_NET(curvnet);
struct ifnet *ifp;
int error;
int val = polling;
diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c
index d71c746..5d79ca2 100644
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@@ -52,6 +52,7 @@ __FBSDID("$FreeBSD$");
#include <sys/mutex.h>
#include <sys/sx.h>
#include <sys/sysproto.h>
+#include <sys/vimage.h>
#include <security/mac/mac_framework.h>
@@ -1413,6 +1414,7 @@ userland_sysctl(struct thread *td, int *name, u_int namelen, void *old,
req.lock = REQ_LOCKED;
SYSCTL_LOCK();
+ CURVNET_SET(TD_TO_VNET(curthread));
do {
req.oldidx = 0;
@@ -1423,6 +1425,7 @@ userland_sysctl(struct thread *td, int *name, u_int namelen, void *old,
if (req.lock == REQ_WIRED && req.validlen > 0)
vsunlock(req.oldptr, req.validlen);
+ CURVNET_RESTORE();
SYSCTL_UNLOCK();
if (error && error != ENOMEM)
diff --git a/sys/net/bpf.c b/sys/net/bpf.c
index 6eb58f7..3a7ec7f 100644
--- a/sys/net/bpf.c
+++ b/sys/net/bpf.c
@@ -56,6 +56,7 @@ __FBSDID("$FreeBSD$");
#include <sys/sockio.h>
#include <sys/ttycom.h>
#include <sys/uio.h>
+#include <sys/vimage.h>
#include <sys/event.h>
#include <sys/file.h>
@@ -566,7 +567,9 @@ bpf_detachd(struct bpf_d *d)
*/
if (d->bd_promisc) {
d->bd_promisc = 0;
+ CURVNET_SET(ifp->if_vnet);
error = ifpromisc(ifp, 0);
+ CURVNET_RESTORE();
if (error != 0 && error != ENXIO) {
/*
* ENXIO can happen if a pccard is unplugged
@@ -872,7 +875,9 @@ bpfwrite(struct cdev *dev, struct uio *uio, int ioflag)
#ifdef MAC
BPFD_LOCK(d);
+ CURVNET_SET(ifp->if_vnet);
mac_bpfdesc_create_mbuf(d, m);
+ CURVNET_RESTORE();
if (mc != NULL)
mac_bpfdesc_create_mbuf(d, mc);
BPFD_UNLOCK(d);
@@ -993,6 +998,7 @@ bpfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags,
return (EPERM);
}
}
+ CURVNET_SET(TD_TO_VNET(td));
switch (cmd) {
default:
@@ -1322,6 +1328,7 @@ bpfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags,
case BIOCROTZBUF:
return (bpf_ioctl_rotzbuf(td, d, (struct bpf_zbuf *)addr));
}
+ CURVNET_RESTORE();
return (error);
}
diff --git a/sys/net/if.c b/sys/net/if.c
index 02ad6c6..203a75f 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -192,7 +192,6 @@ ifnet_setbyindex(u_short idx, struct ifnet *ifp)
struct ifaddr *
ifaddr_byindex(u_short idx)
{
- INIT_VNET_NET(curvnet);
struct ifaddr *ifa;
IFNET_RLOCK();
diff --git a/sys/net/if_loop.c b/sys/net/if_loop.c
index ba49d76..ab5bda7 100644
--- a/sys/net/if_loop.c
+++ b/sys/net/if_loop.c
@@ -105,6 +105,9 @@ IFC_SIMPLE_DECLARE(lo, 1);
static void
lo_clone_destroy(struct ifnet *ifp)
{
+#ifdef INVARIANTS
+ INIT_VNET_NET(ifp->if_vnet);
+#endif
/* XXX: destroying lo0 will lead to panics. */
KASSERT(V_loif != ifp, ("%s: destroying lo0", __func__));
@@ -141,6 +144,7 @@ lo_clone_create(struct if_clone *ifc, int unit, caddr_t params)
static int
loop_modevent(module_t mod, int type, void *data)
{
+ INIT_VNET_NET(curvnet);
switch (type) {
case MOD_LOAD:
diff --git a/sys/net/route.c b/sys/net/route.c
index de45ff8..f97c077 100644
--- a/sys/net/route.c
+++ b/sys/net/route.c
@@ -145,6 +145,7 @@ SYSCTL_PROC(_net, OID_AUTO, my_fibnum, CTLTYPE_INT|CTLFLAG_RD,
static void
route_init(void)
{
+ INIT_VNET_INET(curvnet);
int table;
struct domain *dom;
int fam;
diff --git a/sys/netinet/if_ether.c b/sys/netinet/if_ether.c
index 130ba0c..82dc605 100644
--- a/sys/netinet/if_ether.c
+++ b/sys/netinet/if_ether.c
@@ -89,8 +89,8 @@ static int useloopback; /* use loopback interface for local traffic */
static int arp_proxyall;
#endif
-SYSCTL_INT(_net_link_ether_inet, OID_AUTO, max_age, CTLFLAG_RW,
- &arpt_keep, 0, "ARP entry lifetime in seconds");
+SYSCTL_V_INT(V_NET, vnet_inet, _net_link_ether_inet, OID_AUTO, max_age,
+ CTLFLAG_RW, arpt_keep, 0, "ARP entry lifetime in seconds");
#define rt_expire rt_rmx.rmx_expire
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index dd5fb15..09fed47 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -120,6 +120,7 @@ int ipport_tcplastcount;
static int
sysctl_net_ipport_check(SYSCTL_HANDLER_ARGS)
{
+ INIT_VNET_INET(curvnet);
int error;
error = sysctl_handle_int(oidp, oidp->oid_arg1, oidp->oid_arg2, req);
@@ -1474,7 +1475,7 @@ inp_apply_all(void (*func)(struct inpcb *, void *), void *arg)
struct inpcb *inp;
INP_INFO_RLOCK(&V_tcbinfo);
- LIST_FOREACH(inp, tcbinfo.ipi_listhead, inp_list) {
+ LIST_FOREACH(inp, V_tcbinfo.ipi_listhead, inp_list) {
INP_WLOCK(inp);
func(inp, arg);
INP_WUNLOCK(inp);
diff --git a/sys/netinet/in_rmx.c b/sys/netinet/in_rmx.c
index d70aaa6..adb4fee 100644
--- a/sys/netinet/in_rmx.c
+++ b/sys/netinet/in_rmx.c
@@ -287,6 +287,7 @@ in_rtqtimo(void *rock)
static void
in_rtqtimo_one(void *rock)
{
+ INIT_VNET_INET(curvnet);
struct radix_node_head *rnh = rock;
struct rtqk_arg arg;
static time_t last_adjusted_timeout = 0;
@@ -341,6 +342,7 @@ in_rtqdrain(void)
VNET_FOREACH(vnet_iter) {
CURVNET_SET(vnet_iter);
INIT_VNET_NET(vnet_iter);
+
for ( fibnum = 0; fibnum < rt_numfibs; fibnum++) {
rnh = V_rt_tables[fibnum][AF_INET];
arg.found = arg.killed = 0;
diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c
index dd0445d..b74f5db 100644
--- a/sys/netinet/ip_divert.c
+++ b/sys/netinet/ip_divert.c
@@ -581,6 +581,7 @@ div_ctlinput(int cmd, struct sockaddr *sa, void *vip)
static int
div_pcblist(SYSCTL_HANDLER_ARGS)
{
+ INIT_VNET_INET(curvnet);
int error, i, n;
struct inpcb *inp, **inp_list;
inp_gen_t gencnt;
diff --git a/sys/netinet/ip_fw_pfil.c b/sys/netinet/ip_fw_pfil.c
index 64a1752..3199ce8 100644
--- a/sys/netinet/ip_fw_pfil.c
+++ b/sys/netinet/ip_fw_pfil.c
@@ -487,6 +487,7 @@ ipfw6_unhook(void)
int
ipfw_chg_hook(SYSCTL_HANDLER_ARGS)
{
+ INIT_VNET_IPFW(curvnet);
int enable = *(int *)arg1;
int error;
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index aa5d3e7..197ce9c 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -791,6 +791,7 @@ done:
void
in_delayed_cksum(struct mbuf *m)
{
+ INIT_VNET_INET(curvnet);
struct ip *ip;
u_short csum, offset;
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 4c17f10d..7b292d2 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -2986,6 +2986,7 @@ tcp_mss(struct tcpcb *tp, int offer)
int isipv6;
#endif
KASSERT(tp != NULL, ("%s: tp == NULL", __func__));
+ INIT_VNET_INET(tp->t_vnet);
tcp_mss_update(tp, offer, &metrics, &mtuflags);
diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
index e28d40c..9fe707f 100644
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@@ -130,7 +130,7 @@ static int tcp_inflight_stab;
static int
sysctl_net_inet_tcp_mss_check(SYSCTL_HANDLER_ARGS)
{
- INIT_VNET_INET(TD_TO_VNET(curthread));
+ INIT_VNET_INET(curvnet);
int error, new;
new = V_tcp_mssdflt;
@@ -144,15 +144,16 @@ sysctl_net_inet_tcp_mss_check(SYSCTL_HANDLER_ARGS)
return (error);
}
-SYSCTL_PROC(_net_inet_tcp, TCPCTL_MSSDFLT, mssdflt, CTLTYPE_INT|CTLFLAG_RW,
- &tcp_mssdflt, 0, &sysctl_net_inet_tcp_mss_check, "I",
- "Default TCP Maximum Segment Size");
+SYSCTL_V_PROC(V_NET, vnet_inet, _net_inet_tcp, TCPCTL_MSSDFLT, mssdflt,
+ CTLTYPE_INT|CTLFLAG_RW, tcp_mssdflt, 0,
+ &sysctl_net_inet_tcp_mss_check, "I",
+ "Default TCP Maximum Segment Size");
#ifdef INET6
static int
sysctl_net_inet_tcp_mss_v6_check(SYSCTL_HANDLER_ARGS)
{
- INIT_VNET_INET6(TD_TO_VNET(curthread));
+ INIT_VNET_INET6(curvnet);
int error, new;
new = V_tcp_v6mssdflt;
@@ -166,9 +167,10 @@ sysctl_net_inet_tcp_mss_v6_check(SYSCTL_HANDLER_ARGS)
return (error);
}
-SYSCTL_PROC(_net_inet_tcp, TCPCTL_V6MSSDFLT, v6mssdflt, CTLTYPE_INT|CTLFLAG_RW,
- &tcp_v6mssdflt, 0, &sysctl_net_inet_tcp_mss_v6_check, "I",
- "Default TCP Maximum Segment Size for IPv6");
+SYSCTL_V_PROC(V_NET, vnet_inet, _net_inet_tcp, TCPCTL_V6MSSDFLT, v6mssdflt,
+ CTLTYPE_INT|CTLFLAG_RW, tcp_v6mssdflt, 0,
+ &sysctl_net_inet_tcp_mss_v6_check, "I",
+ "Default TCP Maximum Segment Size for IPv6");
#endif
/*
@@ -225,9 +227,9 @@ static int tcp_inflight_debug = 0;
SYSCTL_INT(_net_inet_tcp_inflight, OID_AUTO, debug, CTLFLAG_RW,
&tcp_inflight_debug, 0, "Debug TCP inflight calculations");
-SYSCTL_PROC(_net_inet_tcp_inflight, OID_AUTO, rttthresh, CTLTYPE_INT|CTLFLAG_RW,
- &tcp_inflight_rttthresh, 0, sysctl_msec_to_ticks, "I",
- "RTT threshold below which inflight will deactivate itself");
+SYSCTL_V_PROC(V_NET, vnet_inet, _net_inet_tcp_inflight, OID_AUTO, rttthresh,
+ CTLTYPE_INT|CTLFLAG_RW, tcp_inflight_rttthresh, 0, sysctl_msec_to_ticks,
+ "I", "RTT threshold below which inflight will deactivate itself");
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_inflight, OID_AUTO, min,
CTLFLAG_RW, tcp_inflight_min, 0, "Lower-bound for TCP inflight window");
@@ -947,6 +949,9 @@ static struct inpcb *
tcp_notify(struct inpcb *inp, int error)
{
struct tcpcb *tp;
+#ifdef INVARIANTS
+ INIT_VNET_INET(inp->inp_vnet); /* V_tcbinfo WLOCK ASSERT */
+#endif
INP_INFO_WLOCK_ASSERT(&V_tcbinfo);
INP_WLOCK_ASSERT(inp);
@@ -1940,6 +1945,7 @@ int
tcp_signature_compute(struct mbuf *m, int _unused, int len, int optlen,
u_char *buf, u_int direction)
{
+ INIT_VNET_IPSEC(curvnet);
union sockaddr_union dst;
struct ippseudo ippseudo;
MD5_CTX ctx;
diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c
index a69b0b2..252fa1c 100644
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@@ -105,12 +105,12 @@ static int tcp_syncookiesonly;
int tcp_sc_rst_sock_fail;
#endif
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, syncookies, CTLFLAG_RW,
- &tcp_syncookies, 0,
+SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, syncookies,
+ CTLFLAG_RW, tcp_syncookies, 0,
"Use TCP SYN cookies if the syncache overflows");
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, syncookies_only, CTLFLAG_RW,
- &tcp_syncookiesonly, 0,
+SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, syncookies_only,
+ CTLFLAG_RW, tcp_syncookiesonly, 0,
"Use only TCP SYN cookies");
#ifdef TCP_OFFLOAD_DISABLE
@@ -359,11 +359,13 @@ static void
syncache_timer(void *xsch)
{
struct syncache_head *sch = (struct syncache_head *)xsch;
- INIT_VNET_INET(sch->sch_vnet);
struct syncache *sc, *nsc;
int tick = ticks;
char *s;
+ CURVNET_SET(sch->sch_vnet);
+ INIT_VNET_INET(sch->sch_vnet);
+
/* NB: syncache_head has already been locked by the callout. */
SCH_LOCK_ASSERT(sch);
@@ -412,6 +414,7 @@ syncache_timer(void *xsch)
if (!TAILQ_EMPTY(&(sch)->sch_bucket))
callout_reset(&(sch)->sch_timer, (sch)->sch_nextc - tick,
syncache_timer, (void *)(sch));
+ CURVNET_RESTORE();
}
/*
@@ -836,7 +839,7 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
* B. check that the syncookie is valid. If it is, then
* cobble up a fake syncache entry, and return.
*/
- if (!tcp_syncookies) {
+ if (!V_tcp_syncookies) {
SCH_UNLOCK(sch);
if ((s = tcp_log_addrs(inc, th, NULL, NULL)))
log(LOG_DEBUG, "%s; %s: Spurious ACK, "
@@ -929,6 +932,7 @@ int
tcp_offload_syncache_expand(struct in_conninfo *inc, struct tcpopt *to,
struct tcphdr *th, struct socket **lsop, struct mbuf *m)
{
+ INIT_VNET_INET(curvnet);
int rc;
INP_INFO_WLOCK(&V_tcbinfo);
@@ -1097,7 +1101,7 @@ _syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
syncache_drop(sc, sch);
sc = uma_zalloc(V_tcp_syncache.zone, M_NOWAIT | M_ZERO);
if (sc == NULL) {
- if (tcp_syncookies) {
+ if (V_tcp_syncookies) {
bzero(&scs, sizeof(scs));
sc = &scs;
} else {
@@ -1206,7 +1210,7 @@ _syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
if ((th->th_flags & (TH_ECE|TH_CWR)) && V_tcp_do_ecn)
sc->sc_flags |= SCF_ECN;
- if (tcp_syncookies) {
+ if (V_tcp_syncookies) {
syncookie_generate(sch, sc, &flowtmp);
#ifdef INET6
if (autoflowlabel)
@@ -1225,7 +1229,7 @@ _syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
* Do a standard 3-way handshake.
*/
if (TOEPCB_ISSET(sc) || syncache_respond(sc) == 0) {
- if (tcp_syncookies && tcp_syncookiesonly && sc != &scs)
+ if (V_tcp_syncookies && V_tcp_syncookiesonly && sc != &scs)
syncache_free(sc);
else if (sc != &scs)
syncache_insert(sc, sch); /* locks and unlocks sch */
diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c
index a97b4a2..d3a582c 100644
--- a/sys/netinet/tcp_timewait.c
+++ b/sys/netinet/tcp_timewait.c
@@ -150,8 +150,8 @@ SYSCTL_PROC(_net_inet_tcp, OID_AUTO, maxtcptw, CTLTYPE_INT|CTLFLAG_RW,
&maxtcptw, 0, sysctl_maxtcptw, "IU",
"Maximum number of compressed TCP TIME_WAIT entries");
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, nolocaltimewait, CTLFLAG_RW,
- &nolocaltimewait, 0,
+SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, nolocaltimewait,
+ CTLFLAG_RW, nolocaltimewait, 0,
"Do not create compressed TCP TIME_WAIT entries for local connections");
void
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index 9409235..de341af 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -113,7 +113,8 @@ int udp_log_in_vain = 0;
SYSCTL_INT(_net_inet_udp, OID_AUTO, log_in_vain, CTLFLAG_RW,
&udp_log_in_vain, 0, "Log all incoming UDP packets");
-SYSCTL_INT(_net_inet_udp, OID_AUTO, blackhole, CTLFLAG_RW, &udp_blackhole, 0,
+SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_udp, OID_AUTO, blackhole,
+ CTLFLAG_RW, udp_blackhole, 0,
"Do not send port unreachables for refused connects");
u_long udp_sendspace = 9216; /* really max datagram size */
diff --git a/sys/netinet/vinet.h b/sys/netinet/vinet.h
index 961e772..005a46b 100644
--- a/sys/netinet/vinet.h
+++ b/sys/netinet/vinet.h
@@ -89,12 +89,16 @@ struct vnet_inet {
struct tcpstat _tcpstat; /* tcp statistics */
struct tcp_hostcache _tcp_hostcache;
struct callout _tcp_hc_callout;
+
struct tcp_syncache _tcp_syncache;
+ int _tcp_syncookies;
+ int _tcp_syncookiesonly;
+ int _tcp_sc_rst_sock_fail;
+
struct inpcbhead _divcb;
struct inpcbinfo _divcbinfo;
TAILQ_HEAD(, tcptw) _twq_2msl;
- int _tcp_sc_rst_sock_fail;
int _tcp_mssdflt;
int _tcp_v6mssdflt;
int _tcp_minmss;
@@ -206,7 +210,6 @@ struct vnet_inet {
#define V_arp_maxtries VNET_INET(arp_maxtries)
#define V_arp_proxyall VNET_INET(arp_proxyall)
#define V_arpt_keep VNET_INET(arpt_keep)
-#define V_arpt_prune VNET_INET(arpt_prune)
#define V_blackhole VNET_INET(blackhole)
#define V_divcb VNET_INET(divcb)
#define V_divcbinfo VNET_INET(divcbinfo)
diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c
index 4a1557f..4424481 100644
--- a/sys/netinet6/icmp6.c
+++ b/sys/netinet6/icmp6.c
@@ -108,12 +108,13 @@ __FBSDID("$FreeBSD$");
#endif
extern struct domain inet6domain;
+
+#ifdef VIMAGE_GLOBALS
extern struct inpcbinfo ripcbinfo;
extern struct inpcbhead ripcb;
extern int icmp6errppslim;
extern int icmp6_nodeinfo;
-#ifdef VIMAGE_GLOBALS
struct icmp6stat icmp6stat;
static int icmp6errpps_count;
static struct timeval icmp6errppslim_last;
diff --git a/sys/netinet6/in6_ifattach.c b/sys/netinet6/in6_ifattach.c
index 3fdfc8c..534eb75 100644
--- a/sys/netinet6/in6_ifattach.c
+++ b/sys/netinet6/in6_ifattach.c
@@ -65,10 +65,9 @@ __FBSDID("$FreeBSD$");
unsigned long in6_maxmtu;
int ip6_auto_linklocal;
struct callout in6_tmpaddrtimer_ch;
-#endif
-
extern struct inpcbinfo udbinfo;
extern struct inpcbinfo ripcbinfo;
+#endif
static int get_rand_ifid(struct ifnet *, struct in6_addr *);
static int generate_tmp_ifid(u_int8_t *, const u_int8_t *, u_int8_t *);
diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c
index c4ded5e..f4fabf6 100644
--- a/sys/netinet6/in6_proto.c
+++ b/sys/netinet6/in6_proto.c
@@ -563,6 +563,6 @@ SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ND6_MAXNUDHINT,
SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG,
nd6_debug, CTLFLAG_RW, nd6_debug, 0, "");
-SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861,
- nd6_onlink_ns_rfc4861, CTLFLAG_RW, &nd6_onlink_ns_rfc4861, 0,
+SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861,
+ nd6_onlink_ns_rfc4861, CTLFLAG_RW, nd6_onlink_ns_rfc4861, 0,
"Accept 'on-link' nd6 NS in compliance with RFC 4861.");
diff --git a/sys/netinet6/in6_rmx.c b/sys/netinet6/in6_rmx.c
index 0936a92..f628965 100644
--- a/sys/netinet6/in6_rmx.c
+++ b/sys/netinet6/in6_rmx.c
@@ -225,14 +225,14 @@ static int rtq_minreallyold6;
static int rtq_toomany6;
#endif
-SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RTEXPIRE, rtexpire,
- CTLFLAG_RW, &rtq_reallyold6 , 0, "");
+SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_RTEXPIRE,
+ rtexpire, CTLFLAG_RW, rtq_reallyold6 , 0, "");
-SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RTMINEXPIRE, rtminexpire,
- CTLFLAG_RW, &rtq_minreallyold6 , 0, "");
+SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_RTMINEXPIRE,
+ rtminexpire, CTLFLAG_RW, rtq_minreallyold6 , 0, "");
-SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RTMAXCACHE, rtmaxcache,
- CTLFLAG_RW, &rtq_toomany6 , 0, "");
+SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_RTMAXCACHE,
+ rtmaxcache, CTLFLAG_RW, rtq_toomany6 , 0, "");
/*
diff --git a/sys/netinet6/in6_src.c b/sys/netinet6/in6_src.c
index b38869e..8fa27c6 100644
--- a/sys/netinet6/in6_src.c
+++ b/sys/netinet6/in6_src.c
@@ -462,7 +462,6 @@ selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
struct ifnet **retifp, struct rtentry **retrt, int clone,
int norouteok)
{
- INIT_VNET_NET(curvnet);
INIT_VNET_INET6(curvnet);
int error = 0;
struct ifnet *ifp = NULL;
diff --git a/sys/netinet6/nd6_nbr.c b/sys/netinet6/nd6_nbr.c
index 9d04c1b..ef898cd 100644
--- a/sys/netinet6/nd6_nbr.c
+++ b/sys/netinet6/nd6_nbr.c
@@ -153,7 +153,7 @@ nd6_ns_input(struct mbuf *m, int off, int icmp6len)
"(wrong ip6 dst)\n"));
goto bad;
}
- } else if (!nd6_onlink_ns_rfc4861) {
+ } else if (!V_nd6_onlink_ns_rfc4861) {
struct sockaddr_in6 src_sa6;
/*
diff --git a/sys/netinet6/nd6_rtr.c b/sys/netinet6/nd6_rtr.c
index 31f06a7..200f1f4 100644
--- a/sys/netinet6/nd6_rtr.c
+++ b/sys/netinet6/nd6_rtr.c
@@ -85,9 +85,9 @@ static void in6_init_address_ltimes __P((struct nd_prefix *,
static int rt6_deleteroute(struct radix_node *, void *);
+#ifdef VIMAGE_GLOBALS
extern int nd6_recalc_reachtm_interval;
-#ifdef VIMAGE_GLOBALS
static struct ifnet *nd6_defifp;
int nd6_defifindex;
diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c
index 9191f4a..bbdb27b 100644
--- a/sys/netinet6/raw_ip6.c
+++ b/sys/netinet6/raw_ip6.c
@@ -112,15 +112,15 @@ __FBSDID("$FreeBSD$");
* Raw interface to IP6 protocol.
*/
+#ifdef VIMAGE_GLOBALS
extern struct inpcbhead ripcb;
extern struct inpcbinfo ripcbinfo;
-extern u_long rip_sendspace;
-extern u_long rip_recvspace;
-
-#ifdef VIMAGE_GLOBALS
struct rip6stat rip6stat;
#endif
+extern u_long rip_sendspace;
+extern u_long rip_recvspace;
+
/*
* Hooks for multicast forwarding.
*/
@@ -765,7 +765,6 @@ static int
rip6_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam,
struct mbuf *control, struct thread *td)
{
- INIT_VNET_INET(so->so_vnet);
struct inpcb *inp;
struct sockaddr_in6 tmp;
struct sockaddr_in6 *dst;
diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c
index 262b302..c99ccca 100644
--- a/sys/netipsec/ipsec.c
+++ b/sys/netipsec/ipsec.c
@@ -2009,7 +2009,7 @@ static void
ipsec_attach(void)
{
SECPOLICY_LOCK_INIT(&V_ip4_def_policy);
- ip4_def_policy.refcnt = 1; /* NB: disallow free */
+ V_ip4_def_policy.refcnt = 1; /* NB: disallow free */
}
SYSINIT(ipsec, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, ipsec_attach, NULL);
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index db79f59..3e2b4e0 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -189,11 +189,11 @@ static const u_int saorder_state_valid_prefer_old[] = {
static const u_int saorder_state_valid_prefer_new[] = {
SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
};
-static u_int saorder_state_alive[] = {
+static const u_int saorder_state_alive[] = {
/* except DEAD */
SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL
};
-static u_int saorder_state_any[] = {
+static const u_int saorder_state_any[] = {
SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD
};
@@ -2699,9 +2699,9 @@ key_delsah(sah)
/* searching all SA registerd in the secindex. */
for (stateidx = 0;
- stateidx < _ARRAYLEN(V_saorder_state_any);
+ stateidx < _ARRAYLEN(saorder_state_any);
stateidx++) {
- u_int state = V_saorder_state_any[stateidx];
+ u_int state = saorder_state_any[stateidx];
LIST_FOREACH_SAFE(sav, &sah->savtree[state], chain, nextsav) {
if (sav->refcnt == 0) {
/* sanity check */
@@ -2985,10 +2985,10 @@ key_getsavbyspi(sah, spi)
SAHTREE_LOCK_ASSERT();
/* search all status */
for (stateidx = 0;
- stateidx < _ARRAYLEN(V_saorder_state_alive);
+ stateidx < _ARRAYLEN(saorder_state_alive);
stateidx++) {
- state = V_saorder_state_alive[stateidx];
+ state = saorder_state_alive[stateidx];
LIST_FOREACH(sav, &sah->savtree[state], chain) {
/* sanity check */
@@ -4336,6 +4336,7 @@ key_timehandler(void)
VNET_ITERATOR_DECL(vnet_iter);
time_t now = time_second;
+ VNET_LIST_RLOCK();
VNET_FOREACH(vnet_iter) {
CURVNET_SET(vnet_iter);
key_flush_spd(now);
@@ -4344,6 +4345,7 @@ key_timehandler(void)
key_flush_spacq(now);
CURVNET_RESTORE();
}
+ VNET_LIST_RUNLOCK();
#ifndef IPSEC_DEBUG2
/* do exchange to tick time !! */
@@ -5313,9 +5315,9 @@ key_delete_all(so, m, mhp, proto)
/* Delete all non-LARVAL SAs. */
for (stateidx = 0;
- stateidx < _ARRAYLEN(V_saorder_state_alive);
+ stateidx < _ARRAYLEN(saorder_state_alive);
stateidx++) {
- state = V_saorder_state_alive[stateidx];
+ state = saorder_state_alive[stateidx];
if (state == SADB_SASTATE_LARVAL)
continue;
for (sav = LIST_FIRST(&sah->savtree[state]);
@@ -6518,9 +6520,9 @@ key_flush(so, m, mhp)
continue;
for (stateidx = 0;
- stateidx < _ARRAYLEN(V_saorder_state_alive);
+ stateidx < _ARRAYLEN(saorder_state_alive);
stateidx++) {
- state = V_saorder_state_any[stateidx];
+ state = saorder_state_any[stateidx];
for (sav = LIST_FIRST(&sah->savtree[state]);
sav != NULL;
sav = nextsav) {
@@ -6603,9 +6605,9 @@ key_dump(so, m, mhp)
continue;
for (stateidx = 0;
- stateidx < _ARRAYLEN(V_saorder_state_any);
+ stateidx < _ARRAYLEN(saorder_state_any);
stateidx++) {
- state = V_saorder_state_any[stateidx];
+ state = saorder_state_any[stateidx];
LIST_FOREACH(sav, &sah->savtree[state], chain) {
cnt++;
}
@@ -6633,9 +6635,9 @@ key_dump(so, m, mhp)
}
for (stateidx = 0;
- stateidx < _ARRAYLEN(V_saorder_state_any);
+ stateidx < _ARRAYLEN(saorder_state_any);
stateidx++) {
- state = V_saorder_state_any[stateidx];
+ state = saorder_state_any[stateidx];
LIST_FOREACH(sav, &sah->savtree[state], chain) {
n = key_setdumpsa(sav, SADB_DUMP, satype,
--cnt, mhp->msg->sadb_msg_pid);
diff --git a/sys/netipsec/keysock.c b/sys/netipsec/keysock.c
index 6d5c4bc..ace6993 100644
--- a/sys/netipsec/keysock.c
+++ b/sys/netipsec/keysock.c
@@ -76,7 +76,7 @@ static struct key_cb key_cb;
struct pfkeystat pfkeystat;
#endif
-static struct sockaddr key_src = { 2, PF_KEY, };
+static struct sockaddr key_src = { 2, PF_KEY };
static int key_sendup0 __P((struct rawcb *, struct mbuf *, int));
@@ -166,7 +166,7 @@ key_sendup0(rp, m, promisc)
V_pfkeystat.in_msgtype[pmsg->sadb_msg_type]++;
}
- if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&V_key_src,
+ if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src,
m, NULL)) {
V_pfkeystat.in_nomem++;
m_freem(m);
diff --git a/sys/netipsec/vipsec.h b/sys/netipsec/vipsec.h
index 5a007ce..2f5acf7 100644
--- a/sys/netipsec/vipsec.h
+++ b/sys/netipsec/vipsec.h
@@ -81,8 +81,6 @@ struct vnet_ipsec {
int _key_preferred_oldsa;
u_int32_t _acq_seq;
- u_int _saorder_state_alive[3];
- u_int _saorder_state_any[4];
int _esp_enable;
struct espstat _espstat;
int _esp_max_ivlen;
@@ -98,7 +96,6 @@ struct vnet_ipsec {
int _ip6_ah_trans_deflev;
int _ip6_ah_net_deflev;
int _ip6_ipsec_ecn;
- int _ip6_esp_randpad;
int _ah_enable;
int _ah_cleartos;
@@ -109,9 +106,6 @@ struct vnet_ipsec {
struct pfkeystat _pfkeystat;
struct key_cb _key_cb;
- struct sockaddr _key_dst;
- struct sockaddr _key_src;
-
LIST_HEAD(, secpolicy) _sptree[IPSEC_DIR_MAX];
LIST_HEAD(, secashead) _sahtree;
LIST_HEAD(, secreg) _regtree[SADB_SATYPE_MAX + 1];
@@ -168,20 +162,16 @@ struct vnet_ipsec {
#define V_key_blockacq_lifetime VNET_IPSEC(key_blockacq_lifetime)
#define V_key_cb VNET_IPSEC(key_cb)
#define V_key_debug_level VNET_IPSEC(key_debug_level)
-#define V_key_dst VNET_IPSEC(key_dst)
#define V_key_int_random VNET_IPSEC(key_int_random)
#define V_key_larval_lifetime VNET_IPSEC(key_larval_lifetime)
#define V_key_preferred_oldsa VNET_IPSEC(key_preferred_oldsa)
#define V_key_spi_maxval VNET_IPSEC(key_spi_maxval)
#define V_key_spi_minval VNET_IPSEC(key_spi_minval)
#define V_key_spi_trycnt VNET_IPSEC(key_spi_trycnt)
-#define V_key_src VNET_IPSEC(key_src)
#define V_pfkeystat VNET_IPSEC(pfkeystat)
#define V_policy_id VNET_IPSEC(policy_id)
#define V_regtree VNET_IPSEC(regtree)
#define V_sahtree VNET_IPSEC(sahtree)
-#define V_saorder_state_alive VNET_IPSEC(saorder_state_alive)
-#define V_saorder_state_any VNET_IPSEC(saorder_state_any)
#define V_spacqtree VNET_IPSEC(spacqtree)
#define V_sptree VNET_IPSEC(sptree)
OpenPOWER on IntegriCloud