diff options
| -rw-r--r-- | sys/net/if.c | 21 | ||||
| -rw-r--r-- | sys/net/if_gif.c | 37 | ||||
| -rw-r--r-- | sys/net/if_loop.c | 13 | ||||
| -rw-r--r-- | sys/net/route.c | 33 | ||||
| -rw-r--r-- | sys/net/vnet.h | 2 | ||||
| -rw-r--r-- | sys/netinet/if_ether.c | 14 | ||||
| -rw-r--r-- | sys/netinet/ip_fw.h | 2 | ||||
| -rw-r--r-- | sys/netinet/ip_input.c | 27 | ||||
| -rw-r--r-- | sys/netinet/tcp_reass.c | 16 | ||||
| -rw-r--r-- | sys/netinet/tcp_sack.c | 7 | ||||
| -rw-r--r-- | sys/netinet/tcp_subr.c | 76 | ||||
| -rw-r--r-- | sys/netinet/tcp_timewait.c | 16 | ||||
| -rw-r--r-- | sys/netinet/vinet.h | 9 | ||||
| -rw-r--r-- | sys/netinet6/frag6.c | 10 | ||||
| -rw-r--r-- | sys/netinet6/in6_src.c | 8 | ||||
| -rw-r--r-- | sys/netinet6/ip6_input.c | 31 | ||||
| -rw-r--r-- | sys/netinet6/scope6.c | 6 | ||||
| -rw-r--r-- | sys/netipsec/ipsec.c | 12 | ||||
| -rw-r--r-- | sys/netipsec/key.c | 15 | ||||
| -rw-r--r-- | sys/netipsec/xform_ah.c | 13 | ||||
| -rw-r--r-- | sys/netipsec/xform_esp.c | 17 | ||||
| -rw-r--r-- | sys/netipsec/xform_ipcomp.c | 12 | ||||
| -rw-r--r-- | sys/netipsec/xform_ipip.c | 12 | ||||
| -rw-r--r-- | sys/sys/param.h | 2 | ||||
| -rw-r--r-- | sys/sys/vimage.h | 1 |
25 files changed, 287 insertions, 125 deletions
diff --git a/sys/net/if.c b/sys/net/if.c index d9af711..20627d3 100644 --- a/sys/net/if.c +++ b/sys/net/if.c @@ -150,6 +150,8 @@ static int if_getgroupmembers(struct ifgroupreq *); extern void nd6_setmtu(struct ifnet *); #endif +static int vnet_net_iattach(const void *); + #ifdef VIMAGE_GLOBALS struct ifnethead ifnet; /* depend on static init XXX */ struct ifgrouphead ifg_head; @@ -391,24 +393,33 @@ filt_netdev(struct knote *kn, long hint) static void if_init(void *dummy __unused) { - INIT_VNET_NET(curvnet); #ifndef VIMAGE_GLOBALS vnet_mod_register(&vnet_net_modinfo); #endif + vnet_net_iattach(NULL); + + IFNET_LOCK_INIT(); + ifdev_setbyindex(0, make_dev(&net_cdevsw, 0, UID_ROOT, GID_WHEEL, + 0600, "network")); + if_clone_init(); +} + +static int +vnet_net_iattach(const void *unused __unused) +{ + INIT_VNET_NET(curvnet); V_if_index = 0; V_ifindex_table = NULL; V_if_indexlim = 8; - IFNET_LOCK_INIT(); TAILQ_INIT(&V_ifnet); TAILQ_INIT(&V_ifg_head); knlist_init(&V_ifklist, NULL, NULL, NULL, NULL); if_grow(); /* create initial table */ - ifdev_setbyindex(0, make_dev(&net_cdevsw, 0, UID_ROOT, GID_WHEEL, - 0600, "network")); - if_clone_init(); + + return (0); } static void diff --git a/sys/net/if_gif.c b/sys/net/if_gif.c index be7fa9f..4fbbb2d 100644 --- a/sys/net/if_gif.c +++ b/sys/net/if_gif.c @@ -121,6 +121,7 @@ void (*ng_gif_detach_p)(struct ifnet *ifp); static void gif_start(struct ifnet *); static int gif_clone_create(struct if_clone *, int, caddr_t); static void gif_clone_destroy(struct ifnet *); +static int vnet_gif_iattach(const void *); IFC_SIMPLE_DECLARE(gif, 0); @@ -251,6 +252,26 @@ gif_clone_destroy(ifp) } static int +vnet_gif_iattach(const void *unused __unused) +{ + INIT_VNET_GIF(curvnet); + + LIST_INIT(&V_gif_softc_list); + V_max_gif_nesting = MAX_GIF_NEST; +#ifdef XBONEHACK + V_parallel_tunnels = 1; +#else + V_parallel_tunnels = 0; +#endif + V_ip_gif_ttl = GIF_TTL; +#ifdef INET6 + V_ip6_gif_hlim = GIF_HLIM; +#endif + + return (0); +} + +static int gifmodevent(mod, type, data) module_t mod; int type; @@ -261,19 +282,7 @@ gifmodevent(mod, type, data) case MOD_LOAD: mtx_init(&gif_mtx, "gif_mtx", NULL, MTX_DEF); - LIST_INIT(&V_gif_softc_list); - V_max_gif_nesting = MAX_GIF_NEST; -#ifdef XBONEHACK - V_parallel_tunnels = 1; -#else - V_parallel_tunnels = 0; -#endif -#ifdef INET - V_ip_gif_ttl = GIF_TTL; -#endif -#ifdef INET6 - V_ip6_gif_hlim = GIF_HLIM; -#endif + vnet_gif_iattach(NULL); if_clone_attach(&gif_cloner); break; @@ -281,7 +290,7 @@ gifmodevent(mod, type, data) if_clone_detach(&gif_cloner); mtx_destroy(&gif_mtx); #ifdef INET6 - V_ip6_gif_hlim = 0; + V_ip6_gif_hlim = 0; /* XXX -> vnet_gif_idetach() */ #endif break; default: diff --git a/sys/net/if_loop.c b/sys/net/if_loop.c index f1a017b..5748311 100644 --- a/sys/net/if_loop.c +++ b/sys/net/if_loop.c @@ -105,6 +105,7 @@ int looutput(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, struct rtentry *rt); static int lo_clone_create(struct if_clone *, int, caddr_t); static void lo_clone_destroy(struct ifnet *); +static int vnet_loif_iattach(const void *); #ifdef VIMAGE_GLOBALS struct ifnet *loif; /* Used externally */ @@ -153,6 +154,15 @@ lo_clone_create(struct if_clone *ifc, int unit, caddr_t params) return (0); } +static int vnet_loif_iattach(const void *unused __unused) +{ + INIT_VNET_NET(curvnet); + + V_loif = NULL; + if_clone_attach(&lo_cloner); + return (0); +} + static int loop_modevent(module_t mod, int type, void *data) { @@ -160,8 +170,7 @@ loop_modevent(module_t mod, int type, void *data) switch (type) { case MOD_LOAD: - V_loif = NULL; - if_clone_attach(&lo_cloner); + vnet_loif_iattach(NULL); break; case MOD_UNLOAD: diff --git a/sys/net/route.c b/sys/net/route.c index e06c059..a1a3d8c 100644 --- a/sys/net/route.c +++ b/sys/net/route.c @@ -106,6 +106,7 @@ static int rttrash; /* routes not in table but not freed */ static void rt_maskedcopy(struct sockaddr *, struct sockaddr *, struct sockaddr *); +static int vnet_route_iattach(const void *); /* compare two sockaddr structures */ #define sa_equal(a1, a2) (bcmp((a1), (a2), (a1)->sa_len) == 0) @@ -122,7 +123,9 @@ static void rt_maskedcopy(struct sockaddr *, */ #define RNTORT(p) ((struct rtentry *)(p)) +#ifdef VIMAGE_GLOBALS static uma_zone_t rtzone; /* Routing table UMA zone. */ +#endif #if 0 /* default fib for tunnels to use */ @@ -150,20 +153,26 @@ SYSCTL_PROC(_net, OID_AUTO, my_fibnum, CTLTYPE_INT|CTLFLAG_RD, static void route_init(void) { - INIT_VNET_INET(curvnet); - int table; - struct domain *dom; - int fam; /* whack the tunable ints into line. */ if (rt_numfibs > RT_MAXFIBS) rt_numfibs = RT_MAXFIBS; if (rt_numfibs == 0) rt_numfibs = 1; - rtzone = uma_zcreate("rtentry", sizeof(struct rtentry), NULL, NULL, - NULL, NULL, UMA_ALIGN_PTR, 0); rn_init(); /* initialize all zeroes, all ones, mask table */ + vnet_route_iattach(NULL); +} + +static int vnet_route_iattach(const void *unused __unused) +{ + INIT_VNET_INET(curvnet); + int table; + struct domain *dom; + int fam; + + V_rtzone = uma_zcreate("rtentry", sizeof(struct rtentry), NULL, NULL, + NULL, NULL, UMA_ALIGN_PTR, 0); for (dom = domains; dom; dom = dom->dom_next) { if (dom->dom_rtattach) { for (table = 0; table < rt_numfibs; table++) { @@ -186,6 +195,8 @@ route_init(void) } } } + + return (0); } #ifndef _SYS_SYSPROTO_H_ @@ -402,7 +413,7 @@ rtfree(struct rtentry *rt) * and the rtentry itself of course */ RT_LOCK_DESTROY(rt); - uma_zfree(rtzone, rt); + uma_zfree(V_rtzone, rt); return; } done: @@ -958,7 +969,7 @@ deldone: if (info->rti_ifa == NULL && (error = rt_getifa_fib(info, fibnum))) senderr(error); ifa = info->rti_ifa; - rt = uma_zalloc(rtzone, M_NOWAIT | M_ZERO); + rt = uma_zalloc(V_rtzone, M_NOWAIT | M_ZERO); if (rt == NULL) senderr(ENOBUFS); RT_LOCK_INIT(rt); @@ -971,7 +982,7 @@ deldone: RT_LOCK(rt); if ((error = rt_setgate(rt, dst, gateway)) != 0) { RT_LOCK_DESTROY(rt); - uma_zfree(rtzone, rt); + uma_zfree(V_rtzone, rt); senderr(error); } @@ -1006,7 +1017,7 @@ deldone: } Free(rt_key(rt)); RT_LOCK_DESTROY(rt); - uma_zfree(rtzone, rt); + uma_zfree(V_rtzone, rt); senderr(EEXIST); } #endif @@ -1022,7 +1033,7 @@ deldone: IFAFREE(rt->rt_ifa); Free(rt_key(rt)); RT_LOCK_DESTROY(rt); - uma_zfree(rtzone, rt); + uma_zfree(V_rtzone, rt); senderr(EEXIST); } diff --git a/sys/net/vnet.h b/sys/net/vnet.h index 9354610..0b3ef8e 100644 --- a/sys/net/vnet.h +++ b/sys/net/vnet.h @@ -47,6 +47,7 @@ struct vnet_net { struct rtstat _rtstat; struct radix_node_head *_rt_tables[RT_MAXFIBS][AF_MAX+1]; int _rttrash; + uma_zone_t _rtzone; struct ifnet *_loif; LIST_HEAD(, lo_softc) _lo_list; @@ -86,5 +87,6 @@ extern struct vnet_net vnet_net_0; #define V_rt_tables VNET_NET(rt_tables) #define V_rtstat VNET_NET(rtstat) #define V_rttrash VNET_NET(rttrash) +#define V_rtzone VNET_NET(rtzone) #endif /* !_NET_VNET_H_ */ diff --git a/sys/netinet/if_ether.c b/sys/netinet/if_ether.c index a918415..3a44f5c 100644 --- a/sys/netinet/if_ether.c +++ b/sys/netinet/if_ether.c @@ -111,6 +111,7 @@ SYSCTL_V_INT(V_NET, vnet_inet, _net_link_ether_inet, OID_AUTO, proxyall, "Enable proxy ARP for all suitable requests"); static void arp_init(void); +static int arp_iattach(const void *); void arprequest(struct ifnet *, struct in_addr *, struct in_addr *, u_char *); static void arpintr(struct mbuf *); @@ -790,8 +791,8 @@ arp_ifinit2(struct ifnet *ifp, struct ifaddr *ifa, u_char *enaddr) ifa->ifa_rtrequest = NULL; } -static void -arp_init(void) +static int +arp_iattach(const void *unused __unused) { INIT_VNET_INET(curvnet); @@ -800,6 +801,15 @@ arp_init(void) V_useloopback = 1; /* use loopback interface for local traffic */ V_arp_proxyall = 0; + return (0); +} + +static void +arp_init(void) +{ + + arp_iattach(NULL); + arpintrq.ifq_maxlen = 50; mtx_init(&arpintrq.ifq_mtx, "arp_inq", NULL, MTX_DEF); netisr_register(NETISR_ARP, arpintr, &arpintrq, 0); diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h index 35e7e12..fa37a73 100644 --- a/sys/netinet/ip_fw.h +++ b/sys/netinet/ip_fw.h @@ -698,6 +698,7 @@ struct vnet_ipfw { int _fw_debug; /* actually unused */ int _autoinc_step; ipfw_dyn_rule **_ipfw_dyn_v; + uma_zone_t _ipfw_dyn_rule_zone; struct ip_fw_chain _layer3_chain; u_int32_t _dyn_buckets; u_int32_t _curr_dyn_buckets; @@ -742,6 +743,7 @@ extern struct vnet_ipfw vnet_ipfw_0; #define V_fw_debug VNET_IPFW(fw_debug) #define V_autoinc_step VNET_IPFW(autoinc_step) #define V_ipfw_dyn_v VNET_IPFW(ipfw_dyn_v) +#define V_ipfw_dyn_rule_zone VNET_IPFW(ipfw_dyn_rule_zone) #define V_layer3_chain VNET_IPFW(layer3_chain) #define V_dyn_buckets VNET_IPFW(dyn_buckets) #define V_curr_dyn_buckets VNET_IPFW(curr_dyn_buckets) diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index a75ee72..db53a23 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -242,6 +242,7 @@ ip_init(void) V_rsvp_on = 0; V_ip_defttl = IPDEFTTL; V_ip_do_randomid = 0; + V_ip_id = time_second & 0xffff; V_ipforwarding = 0; V_ipstealth = 0; V_nipq = 0; /* Total # of reass queues */ @@ -270,6 +271,20 @@ ip_init(void) TAILQ_INIT(&V_in_ifaddrhead); V_in_ifaddrhashtbl = hashinit(INADDR_NHASH, M_IFADDR, &V_in_ifaddrhmask); + + /* Initialize IP reassembly queue. */ + for (i = 0; i < IPREASS_NHASH; i++) + TAILQ_INIT(&V_ipq[i]); + V_maxnipq = nmbclusters / 32; + V_maxfragsperpacket = 16; + V_ipq_zone = uma_zcreate("ipq", sizeof(struct ipq), NULL, NULL, NULL, + NULL, UMA_ALIGN_PTR, 0); + maxnipq_update(); + + /* Skip initialization of globals for non-default instances. */ + if (!IS_DEFAULT_VNET(curvnet)) + return; + pr = pffindproto(PF_INET, IPPROTO_RAW, SOCK_RAW); if (pr == NULL) panic("ip_init: PF_INET not found"); @@ -297,16 +312,6 @@ ip_init(void) printf("%s: WARNING: unable to register pfil hook, " "error %d\n", __func__, i); - /* Initialize IP reassembly queue. */ - IPQ_LOCK_INIT(); - for (i = 0; i < IPREASS_NHASH; i++) - TAILQ_INIT(&V_ipq[i]); - V_maxnipq = nmbclusters / 32; - V_maxfragsperpacket = 16; - V_ipq_zone = uma_zcreate("ipq", sizeof(struct ipq), NULL, NULL, NULL, - NULL, UMA_ALIGN_PTR, 0); - maxnipq_update(); - /* Start ipport_tick. */ callout_init(&ipport_tick_callout, CALLOUT_MPSAFE); ipport_tick(NULL); @@ -316,7 +321,7 @@ ip_init(void) NULL, EVENTHANDLER_PRI_ANY); /* Initialize various other remaining things. */ - V_ip_id = time_second & 0xffff; + IPQ_LOCK_INIT(); ipintrq.ifq_maxlen = ipqmaxlen; mtx_init(&ipintrq.ifq_mtx, "ip_inq", NULL, MTX_DEF); netisr_register(NETISR_IP, ip_input, &ipintrq, 0); diff --git a/sys/netinet/tcp_reass.c b/sys/netinet/tcp_reass.c index 172abc5..ba5e0b3 100644 --- a/sys/netinet/tcp_reass.c +++ b/sys/netinet/tcp_reass.c @@ -108,10 +108,12 @@ tcp_reass_zone_change(void *tag) INIT_VNET_INET(curvnet); V_tcp_reass_maxseg = nmbclusters / 16; - uma_zone_set_max(tcp_reass_zone, V_tcp_reass_maxseg); + uma_zone_set_max(V_tcp_reass_zone, V_tcp_reass_maxseg); } +#ifdef VIMAGE_GLOBALS uma_zone_t tcp_reass_zone; +#endif void tcp_reass_init(void) @@ -126,9 +128,9 @@ tcp_reass_init(void) V_tcp_reass_maxseg = nmbclusters / 16; TUNABLE_INT_FETCH("net.inet.tcp.reass.maxsegments", &V_tcp_reass_maxseg); - tcp_reass_zone = uma_zcreate("tcpreass", sizeof (struct tseg_qent), + V_tcp_reass_zone = uma_zcreate("tcpreass", sizeof (struct tseg_qent), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); - uma_zone_set_max(tcp_reass_zone, V_tcp_reass_maxseg); + uma_zone_set_max(V_tcp_reass_zone, V_tcp_reass_maxseg); EVENTHANDLER_REGISTER(nmbclusters_change, tcp_reass_zone_change, NULL, EVENTHANDLER_PRI_ANY); } @@ -180,7 +182,7 @@ tcp_reass(struct tcpcb *tp, struct tcphdr *th, int *tlenp, struct mbuf *m) * Allocate a new queue entry. If we can't, or hit the zone limit * just drop the pkt. */ - te = uma_zalloc(tcp_reass_zone, M_NOWAIT); + te = uma_zalloc(V_tcp_reass_zone, M_NOWAIT); if (te == NULL) { V_tcpstat.tcps_rcvmemdrop++; m_freem(m); @@ -213,7 +215,7 @@ tcp_reass(struct tcpcb *tp, struct tcphdr *th, int *tlenp, struct mbuf *m) V_tcpstat.tcps_rcvduppack++; V_tcpstat.tcps_rcvdupbyte += *tlenp; m_freem(m); - uma_zfree(tcp_reass_zone, te); + uma_zfree(V_tcp_reass_zone, te); tp->t_segqlen--; V_tcp_reass_qsize--; /* @@ -250,7 +252,7 @@ tcp_reass(struct tcpcb *tp, struct tcphdr *th, int *tlenp, struct mbuf *m) nq = LIST_NEXT(q, tqe_q); LIST_REMOVE(q, tqe_q); m_freem(q->tqe_m); - uma_zfree(tcp_reass_zone, q); + uma_zfree(V_tcp_reass_zone, q); tp->t_segqlen--; V_tcp_reass_qsize--; q = nq; @@ -287,7 +289,7 @@ present: m_freem(q->tqe_m); else sbappendstream_locked(&so->so_rcv, q->tqe_m); - uma_zfree(tcp_reass_zone, q); + uma_zfree(V_tcp_reass_zone, q); tp->t_segqlen--; V_tcp_reass_qsize--; q = nq; diff --git a/sys/netinet/tcp_sack.c b/sys/netinet/tcp_sack.c index 4ca10af..f4998af 100644 --- a/sys/netinet/tcp_sack.c +++ b/sys/netinet/tcp_sack.c @@ -123,9 +123,8 @@ __FBSDID("$FreeBSD$"); #include <machine/in_cksum.h> -extern struct uma_zone *sack_hole_zone; - #ifdef VIMAGE_GLOBALS +extern struct uma_zone *sack_hole_zone; int tcp_do_sack; int tcp_sack_maxholes; int tcp_sack_globalmaxholes; @@ -265,7 +264,7 @@ tcp_sackhole_alloc(struct tcpcb *tp, tcp_seq start, tcp_seq end) return NULL; } - hole = (struct sackhole *)uma_zalloc(sack_hole_zone, M_NOWAIT); + hole = (struct sackhole *)uma_zalloc(V_sack_hole_zone, M_NOWAIT); if (hole == NULL) return NULL; @@ -287,7 +286,7 @@ tcp_sackhole_free(struct tcpcb *tp, struct sackhole *hole) { INIT_VNET_INET(tp->t_vnet); - uma_zfree(sack_hole_zone, hole); + uma_zfree(V_sack_hole_zone, hole); tp->snd_numholes--; V_tcp_sack_globalholes--; diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index cda8817..e566434 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -243,7 +243,9 @@ SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_inflight, OID_AUTO, stab, CTLFLAG_RW, tcp_inflight_stab, 0, "Inflight Algorithm Stabilization 20 = 2 packets"); +#ifdef VIMAGE_GLOBALS uma_zone_t sack_hole_zone; +#endif static struct inpcb *tcp_notify(struct inpcb *, int); static void tcp_isn_tick(void *); @@ -269,7 +271,9 @@ struct tcpcb_mem { struct tcp_timer tt; }; +#ifdef VIMAGE_GLOBALS static uma_zone_t tcpcb_zone; +#endif MALLOC_DEFINE(M_TCPLOG, "tcplog", "TCP address and flags print buffers"); struct callout isn_callout; static struct mtx isn_mtx; @@ -286,7 +290,7 @@ tcp_zone_change(void *tag) { uma_zone_set_max(V_tcbinfo.ipi_zone, maxsockets); - uma_zone_set_max(tcpcb_zone, maxsockets); + uma_zone_set_max(V_tcpcb_zone, maxsockets); tcp_tw_zone_change(); } @@ -348,18 +352,7 @@ tcp_init(void) V_tcp_sack_globalmaxholes = 65536; V_tcp_sack_globalholes = 0; - tcp_delacktime = TCPTV_DELACK; - tcp_keepinit = TCPTV_KEEP_INIT; - tcp_keepidle = TCPTV_KEEP_IDLE; - tcp_keepintvl = TCPTV_KEEPINTVL; - tcp_maxpersistidle = TCPTV_KEEP_IDLE; - tcp_msl = TCPTV_MSL; - tcp_rexmit_min = TCPTV_MIN; - if (tcp_rexmit_min < 1) - tcp_rexmit_min = 1; - tcp_rexmit_slop = TCPTV_CPU_VAR; V_tcp_inflight_rttthresh = TCPTV_INFLIGHT_RTTTHRESH; - tcp_finwait2_timeout = TCPTV_FINWAIT2_TIMEOUT; TUNABLE_INT_FETCH("net.inet.tcp.sack.enable", &V_tcp_do_sack); @@ -372,7 +365,6 @@ tcp_init(void) printf("WARNING: TCB hash size not a power of 2\n"); hashsize = 512; /* safe default */ } - tcp_tcbhashsize = hashsize; V_tcbinfo.ipi_hashbase = hashinit(hashsize, M_PCB, &V_tcbinfo.ipi_hashmask); V_tcbinfo.ipi_porthashbase = hashinit(hashsize, M_PCB, @@ -380,6 +372,37 @@ tcp_init(void) V_tcbinfo.ipi_zone = uma_zcreate("inpcb", sizeof(struct inpcb), NULL, NULL, tcp_inpcb_init, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); uma_zone_set_max(V_tcbinfo.ipi_zone, maxsockets); + /* + * These have to be type stable for the benefit of the timers. + */ + V_tcpcb_zone = uma_zcreate("tcpcb", sizeof(struct tcpcb_mem), + NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); + uma_zone_set_max(V_tcpcb_zone, maxsockets); + tcp_tw_init(); + syncache_init(); + tcp_hc_init(); + tcp_reass_init(); + V_sack_hole_zone = uma_zcreate("sackhole", sizeof(struct sackhole), + NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); + + /* Skip initialization of globals for non-default instances. */ + if (!IS_DEFAULT_VNET(curvnet)) + return; + + /* XXX virtualize those bellow? */ + tcp_delacktime = TCPTV_DELACK; + tcp_keepinit = TCPTV_KEEP_INIT; + tcp_keepidle = TCPTV_KEEP_IDLE; + tcp_keepintvl = TCPTV_KEEPINTVL; + tcp_maxpersistidle = TCPTV_KEEP_IDLE; + tcp_msl = TCPTV_MSL; + tcp_rexmit_min = TCPTV_MIN; + if (tcp_rexmit_min < 1) + tcp_rexmit_min = 1; + tcp_rexmit_slop = TCPTV_CPU_VAR; + tcp_finwait2_timeout = TCPTV_FINWAIT2_TIMEOUT; + tcp_tcbhashsize = hashsize; + #ifdef INET6 #define TCP_MINPROTOHDR (sizeof(struct ip6_hdr) + sizeof(struct tcphdr)) #else /* INET6 */ @@ -390,23 +413,12 @@ tcp_init(void) if (max_linkhdr + TCP_MINPROTOHDR > MHLEN) panic("tcp_init"); #undef TCP_MINPROTOHDR - /* - * These have to be type stable for the benefit of the timers. - */ - tcpcb_zone = uma_zcreate("tcpcb", sizeof(struct tcpcb_mem), - NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); - uma_zone_set_max(tcpcb_zone, maxsockets); - tcp_tw_init(); - syncache_init(); - tcp_hc_init(); - tcp_reass_init(); + ISN_LOCK_INIT(); callout_init(&isn_callout, CALLOUT_MPSAFE); - tcp_isn_tick(NULL); + callout_reset(&isn_callout, hz/100, tcp_isn_tick, NULL); EVENTHANDLER_REGISTER(shutdown_pre_sync, tcp_fini, NULL, SHUTDOWN_PRI_DEFAULT); - sack_hole_zone = uma_zcreate("sackhole", sizeof(struct sackhole), - NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); EVENTHANDLER_REGISTER(maxsockets_change, tcp_zone_change, NULL, EVENTHANDLER_PRI_ANY); } @@ -686,7 +698,7 @@ tcp_newtcpcb(struct inpcb *inp) int isipv6 = (inp->inp_vflag & INP_IPV6) != 0; #endif /* INET6 */ - tm = uma_zalloc(tcpcb_zone, M_NOWAIT | M_ZERO); + tm = uma_zalloc(V_tcpcb_zone, M_NOWAIT | M_ZERO); if (tm == NULL) return (NULL); tp = &tm->tcb; @@ -846,7 +858,7 @@ tcp_discardcb(struct tcpcb *tp) while ((q = LIST_FIRST(&tp->t_segq)) != NULL) { LIST_REMOVE(q, tqe_q); m_freem(q->tqe_m); - uma_zfree(tcp_reass_zone, q); + uma_zfree(V_tcp_reass_zone, q); tp->t_segqlen--; V_tcp_reass_qsize--; } @@ -856,7 +868,7 @@ tcp_discardcb(struct tcpcb *tp) tcp_free_sackholes(tp); inp->inp_ppcb = NULL; tp->t_inpcb = NULL; - uma_zfree(tcpcb_zone, tp); + uma_zfree(V_tcpcb_zone, tp); } /* @@ -929,7 +941,7 @@ tcp_drain(void) != NULL) { LIST_REMOVE(te, tqe_q); m_freem(te->tqe_m); - uma_zfree(tcp_reass_zone, te); + uma_zfree(V_tcp_reass_zone, te); tcpb->t_segqlen--; V_tcp_reass_qsize--; } @@ -1546,8 +1558,8 @@ tcp_isn_tick(void *xtp) VNET_ITERATOR_DECL(vnet_iter); u_int32_t projected_offset; - ISN_LOCK(); VNET_LIST_RLOCK(); + ISN_LOCK(); VNET_FOREACH(vnet_iter) { CURVNET_SET(vnet_iter); /* XXX appease INVARIANTS */ INIT_VNET_INET(curvnet); @@ -1560,9 +1572,9 @@ tcp_isn_tick(void *xtp) V_isn_offset_old = V_isn_offset; CURVNET_RESTORE(); } + ISN_UNLOCK(); VNET_LIST_RUNLOCK(); callout_reset(&isn_callout, hz/100, tcp_isn_tick, NULL); - ISN_UNLOCK(); } /* diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c index c5b02ba..a2c5a4c 100644 --- a/sys/netinet/tcp_timewait.c +++ b/sys/netinet/tcp_timewait.c @@ -94,7 +94,6 @@ __FBSDID("$FreeBSD$"); #include <security/mac/mac_framework.h> -static uma_zone_t tcptw_zone; static int maxtcptw; /* @@ -104,6 +103,7 @@ static int maxtcptw; * tcbinfo lock, which must be held over queue iteration and modification. */ #ifdef VIMAGE_GLOBALS +static uma_zone_t tcptw_zone; static TAILQ_HEAD(, tcptw) twq_2msl; int nolocaltimewait; #endif @@ -142,7 +142,7 @@ sysctl_maxtcptw(SYSCTL_HANDLER_ARGS) if (error == 0 && req->newptr) if (new >= 32) { maxtcptw = new; - uma_zone_set_max(tcptw_zone, maxtcptw); + uma_zone_set_max(V_tcptw_zone, maxtcptw); } return (error); } @@ -160,7 +160,7 @@ tcp_tw_zone_change(void) { if (maxtcptw == 0) - uma_zone_set_max(tcptw_zone, tcptw_auto_size()); + uma_zone_set_max(V_tcptw_zone, tcptw_auto_size()); } void @@ -168,13 +168,13 @@ tcp_tw_init(void) { INIT_VNET_INET(curvnet); - tcptw_zone = uma_zcreate("tcptw", sizeof(struct tcptw), + V_tcptw_zone = uma_zcreate("tcptw", sizeof(struct tcptw), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); TUNABLE_INT_FETCH("net.inet.tcp.maxtcptw", &maxtcptw); if (maxtcptw == 0) - uma_zone_set_max(tcptw_zone, tcptw_auto_size()); + uma_zone_set_max(V_tcptw_zone, tcptw_auto_size()); else - uma_zone_set_max(tcptw_zone, maxtcptw); + uma_zone_set_max(V_tcptw_zone, maxtcptw); TAILQ_INIT(&V_twq_2msl); } @@ -204,7 +204,7 @@ tcp_twstart(struct tcpcb *tp) return; } - tw = uma_zalloc(tcptw_zone, M_NOWAIT); + tw = uma_zalloc(V_tcptw_zone, M_NOWAIT); if (tw == NULL) { tw = tcp_tw_2msl_scan(1); if (tw == NULL) { @@ -477,7 +477,7 @@ tcp_twclose(struct tcptw *tw, int reuse) tw->tw_cred = NULL; if (reuse) return; - uma_zfree(tcptw_zone, tw); + uma_zfree(V_tcptw_zone, tw); } int diff --git a/sys/netinet/vinet.h b/sys/netinet/vinet.h index e5b0bab..b65acc1 100644 --- a/sys/netinet/vinet.h +++ b/sys/netinet/vinet.h @@ -86,6 +86,11 @@ struct vnet_inet { struct tcp_hostcache _tcp_hostcache; struct callout _tcp_hc_callout; + uma_zone_t _tcp_reass_zone; + uma_zone_t _tcpcb_zone; + uma_zone_t _tcptw_zone; + uma_zone_t _sack_hole_zone; + struct tcp_syncache _tcp_syncache; int _tcp_syncookies; int _tcp_syncookiesonly; @@ -315,12 +320,15 @@ extern struct vnet_inet vnet_inet_0; #define V_rtq_timeout VNET_INET(rtq_timeout) #define V_rtq_timer VNET_INET(rtq_timer) #define V_rtq_toomany VNET_INET(rtq_toomany) +#define V_sack_hole_zone VNET_INET(sack_hole_zone) #define V_sameprefixcarponly VNET_INET(sameprefixcarponly) #define V_ss_fltsz VNET_INET(ss_fltsz) #define V_ss_fltsz_local VNET_INET(ss_fltsz_local) #define V_subnetsarelocal VNET_INET(subnetsarelocal) #define V_tcb VNET_INET(tcb) #define V_tcbinfo VNET_INET(tcbinfo) +#define V_tcpcb_zone VNET_INET(tcpcb_zone) +#define V_tcptw_zone VNET_INET(tcptw_zone) #define V_tcp_abc_l_var VNET_INET(tcp_abc_l_var) #define V_tcp_autorcvbuf_inc VNET_INET(tcp_autorcvbuf_inc) #define V_tcp_autorcvbuf_max VNET_INET(tcp_autorcvbuf_max) @@ -353,6 +361,7 @@ extern struct vnet_inet vnet_inet_0; #define V_tcp_reass_maxseg VNET_INET(tcp_reass_maxseg) #define V_tcp_reass_overflows VNET_INET(tcp_reass_overflows) #define V_tcp_reass_qsize VNET_INET(tcp_reass_qsize) +#define V_tcp_reass_zone VNET_INET(tcp_reass_zone) #define V_tcp_sack_globalholes VNET_INET(tcp_sack_globalholes) #define V_tcp_sack_globalmaxholes VNET_INET(tcp_sack_globalmaxholes) #define V_tcp_sack_maxholes VNET_INET(tcp_sack_maxholes) diff --git a/sys/netinet6/frag6.c b/sys/netinet6/frag6.c index e2eda6f..d0f333d 100644 --- a/sys/netinet6/frag6.c +++ b/sys/netinet6/frag6.c @@ -109,14 +109,16 @@ frag6_init(void) { INIT_VNET_INET6(curvnet); + V_ip6q.ip6q_next = V_ip6q.ip6q_prev = &V_ip6q; V_ip6_maxfragpackets = nmbclusters / 4; V_ip6_maxfrags = nmbclusters / 4; - EVENTHANDLER_REGISTER(nmbclusters_change, - frag6_change, NULL, EVENTHANDLER_PRI_ANY); - IP6Q_LOCK_INIT(); + if (!IS_DEFAULT_VNET(curvnet)) + return; - V_ip6q.ip6q_next = V_ip6q.ip6q_prev = &V_ip6q; + IP6Q_LOCK_INIT(); + EVENTHANDLER_REGISTER(nmbclusters_change, + frag6_change, NULL, EVENTHANDLER_PRI_ANY); } /* diff --git a/sys/netinet6/in6_src.c b/sys/netinet6/in6_src.c index 8030416..7ae30387 100644 --- a/sys/netinet6/in6_src.c +++ b/sys/netinet6/in6_src.c @@ -920,8 +920,6 @@ in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred) void addrsel_policy_init(void) { - ADDRSEL_LOCK_INIT(); - ADDRSEL_SXLOCK_INIT(); INIT_VNET_INET6(curvnet); V_ip6_prefer_tempaddr = 0; @@ -931,6 +929,12 @@ addrsel_policy_init(void) /* initialize the "last resort" policy */ bzero(&V_defaultaddrpolicy, sizeof(V_defaultaddrpolicy)); V_defaultaddrpolicy.label = ADDR_LABEL_NOTAPP; + + if (!IS_DEFAULT_VNET(curvnet)) + return; + + ADDRSEL_LOCK_INIT(); + ADDRSEL_SXLOCK_INIT(); } static struct in6_addrpolicy * diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index f094683..f0bb9d5 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -234,6 +234,17 @@ ip6_init(void) /* 40 1K datagrams */ V_dad_init = 0; + scope6_init(); + addrsel_policy_init(); + nd6_init(); + frag6_init(); + + V_ip6_desync_factor = arc4random() % MAX_TEMP_DESYNC_FACTOR; + + /* Skip global initialization stuff for non-default instances. */ + if (!IS_DEFAULT_VNET(curvnet)) + return; + #ifdef DIAGNOSTIC if (sizeof(struct protosw) != sizeof(struct ip6protosw)) panic("sizeof(protosw) != sizeof(ip6protosw)"); @@ -265,18 +276,13 @@ ip6_init(void) printf("%s: WARNING: unable to register pfil hook, " "error %d\n", __func__, i); - ip6intrq.ifq_maxlen = V_ip6qmaxlen; + ip6intrq.ifq_maxlen = V_ip6qmaxlen; /* XXX */ mtx_init(&ip6intrq.ifq_mtx, "ip6_inq", NULL, MTX_DEF); netisr_register(NETISR_IPV6, ip6_input, &ip6intrq, 0); - scope6_init(); - addrsel_policy_init(); - nd6_init(); - frag6_init(); - V_ip6_desync_factor = arc4random() % MAX_TEMP_DESYNC_FACTOR; } -static void -ip6_init2(void *dummy) +static int +ip6_init2_vnet(const void *unused __unused) { INIT_VNET_INET6(curvnet); @@ -290,6 +296,15 @@ ip6_init2(void *dummy) (V_ip6_temp_preferred_lifetime - V_ip6_desync_factor - V_ip6_temp_regen_advance) * hz, in6_tmpaddrtimer, NULL); + + return (0); +} + +static void +ip6_init2(void *dummy) +{ + + ip6_init2_vnet(NULL); } /* cheat */ diff --git a/sys/netinet6/scope6.c b/sys/netinet6/scope6.c index 9611deb..b866cd9 100644 --- a/sys/netinet6/scope6.c +++ b/sys/netinet6/scope6.c @@ -83,8 +83,12 @@ scope6_init(void) #else V_ip6_use_defzone = 0; #endif - SCOPE6_LOCK_INIT(); bzero(&V_sid_default, sizeof(V_sid_default)); + + if (!IS_DEFAULT_VNET(curvnet)) + return; + + SCOPE6_LOCK_INIT(); } struct scope6_id * diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c index 00ce8de..85d2897 100644 --- a/sys/netipsec/ipsec.c +++ b/sys/netipsec/ipsec.c @@ -103,6 +103,8 @@ struct vnet_ipsec vnet_ipsec_0; #endif #endif +static int ipsec_iattach(const void *); + #ifdef VIMAGE_GLOBALS /* NB: name changed so netstat doesn't use it. */ struct ipsecstat ipsec4stat; @@ -1758,8 +1760,18 @@ static void ipsec_attach(void) { + ipsec_iattach(NULL); +} + +static int +ipsec_iattach(const void *unused __unused) +{ + INIT_VNET_IPSEC(curvnet); + SECPOLICY_LOCK_INIT(&V_ip4_def_policy); V_ip4_def_policy.refcnt = 1; /* NB: disallow free. */ + + return (0); } SYSINIT(ipsec, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, ipsec_attach, NULL); diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index 95a5df6..70b68a8 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -7171,12 +7171,6 @@ key_init(void) V_ipsec_esp_auth = 0; V_ipsec_ah_keymin = 128; - SPTREE_LOCK_INIT(); - REGTREE_LOCK_INIT(); - SAHTREE_LOCK_INIT(); - ACQ_LOCK_INIT(); - SPACQ_LOCK_INIT(); - for (i = 0; i < IPSEC_DIR_MAX; i++) LIST_INIT(&V_sptree[i]); @@ -7192,6 +7186,15 @@ key_init(void) V_ip4_def_policy.policy = IPSEC_POLICY_NONE; V_ip4_def_policy.refcnt++; /*never reclaim this*/ + if (!IS_DEFAULT_VNET(curvnet)) + return; + + SPTREE_LOCK_INIT(); + REGTREE_LOCK_INIT(); + SAHTREE_LOCK_INIT(); + ACQ_LOCK_INIT(); + SPACQ_LOCK_INIT(); + #ifndef IPSEC_DEBUG2 timeout((void *)key_timehandler, (void *)0, hz); #endif /*IPSEC_DEBUG2*/ diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c index 3a4c7dc..365ac13 100644 --- a/sys/netipsec/xform_ah.c +++ b/sys/netipsec/xform_ah.c @@ -73,6 +73,8 @@ #include <opencrypto/cryptodev.h> +static int ah_iattach(const void *); + /* * Return header size in bytes. The old protocol did not support * the replay counter; the new protocol always includes the counter. @@ -1220,9 +1222,18 @@ static void ah_attach(void) { + xform_register(&ah_xformsw); + ah_iattach(NULL); +} + +static int +ah_iattach(const void *unused __unused) +{ + INIT_VNET_IPSEC(curvnet); + V_ah_enable = 1; /* control flow of packets with AH */ V_ah_cleartos = 1; /* clear ip_tos when doing AH calc */ - xform_register(&ah_xformsw); + return (0); } SYSINIT(ah_xform_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE, ah_attach, NULL); diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index 98a2240..46ab8d8 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -90,6 +90,7 @@ SYSCTL_V_STRUCT(V_NET, vnet_ipsec, _net_inet_esp, IPSECCTL_STATS, static int esp_input_cb(struct cryptop *op); static int esp_output_cb(struct cryptop *crp); +static int esp_iattach(const void *); /* * NB: this is public for use by the PF_KEY support. @@ -990,9 +991,19 @@ static struct xformsw esp_xformsw = { static void esp_attach(void) { + + xform_register(&esp_xformsw); + esp_iattach(NULL); +} + +static int +esp_iattach(const void *unused __unused) +{ + INIT_VNET_IPSEC(curvnet); + #define MAXIV(xform) \ if (xform.blocksize > V_esp_max_ivlen) \ - V_esp_max_ivlen = xform.blocksize \ + V_esp_max_ivlen = xform.blocksize \ V_esp_enable = 1; V_esp_max_ivlen = 0; @@ -1005,8 +1016,8 @@ esp_attach(void) MAXIV(enc_xform_skipjack); /* SADB_X_EALG_SKIPJACK */ MAXIV(enc_xform_null); /* SADB_EALG_NULL */ MAXIV(enc_xform_camellia); /* SADB_X_EALG_CAMELLIACBC */ - - xform_register(&esp_xformsw); #undef MAXIV + + return (0); } SYSINIT(esp_xform_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE, esp_attach, NULL); diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c index d64abf0f..c4f0591 100644 --- a/sys/netipsec/xform_ipcomp.c +++ b/sys/netipsec/xform_ipcomp.c @@ -80,6 +80,7 @@ SYSCTL_V_STRUCT(V_NET, vnet_ipsec, _net_inet_ipcomp, IPSECCTL_STATS, static int ipcomp_input_cb(struct cryptop *crp); static int ipcomp_output_cb(struct cryptop *crp); +static int ipcomp_iattach(const void *); struct comp_algo * ipcomp_algorithm_lookup(int alg) @@ -600,7 +601,16 @@ static void ipcomp_attach(void) { - V_ipcomp_enable = 0; xform_register(&ipcomp_xformsw); + ipcomp_iattach(NULL); +} + +static int +ipcomp_iattach(const void *unused __unused) +{ + INIT_VNET_IPSEC(curvnet); + + V_ipcomp_enable = 0; + return (0); } SYSINIT(ipcomp_xform_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE, ipcomp_attach, NULL); diff --git a/sys/netipsec/xform_ipip.c b/sys/netipsec/xform_ipip.c index cbc447c..f7949ec 100644 --- a/sys/netipsec/xform_ipip.c +++ b/sys/netipsec/xform_ipip.c @@ -697,11 +697,18 @@ ipe4_encapcheck(const struct mbuf *m, int off, int proto, void *arg) return ((m->m_flags & M_IPSEC) != 0 ? 1 : 0); } -static void -ipe4_attach(void) +static int +ipe4_iattach(const void *unused __unused) { + INIT_VNET_IPSEC(curvnet); V_ipip_allow = 0; + return (0); +} + +static void +ipe4_attach(void) +{ xform_register(&ipe4_xformsw); /* attach to encapsulation framework */ @@ -712,6 +719,7 @@ ipe4_attach(void) (void) encap_attach_func(AF_INET6, -1, ipe4_encapcheck, (struct protosw *)&ipe6_protosw, NULL); #endif + ipe4_iattach(NULL); } SYSINIT(ipe4_xform_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE, ipe4_attach, NULL); #endif /* IPSEC */ diff --git a/sys/sys/param.h b/sys/sys/param.h index 718081a..a4f1bc0 100644 --- a/sys/sys/param.h +++ b/sys/sys/param.h @@ -57,7 +57,7 @@ * is created, otherwise 1. */ #undef __FreeBSD_version -#define __FreeBSD_version 800074 /* Master, propagated to newvers */ +#define __FreeBSD_version 800075 /* Master, propagated to newvers */ #ifndef LOCORE #include <sys/types.h> diff --git a/sys/sys/vimage.h b/sys/sys/vimage.h index ea51e49..b7aec29 100644 --- a/sys/sys/vimage.h +++ b/sys/sys/vimage.h @@ -81,6 +81,7 @@ struct vnet_modlink { #define VNET_SYMMAP_END { NULL, 0 } /* Non-VIMAGE null-macros */ +#define IS_DEFAULT_VNET(arg) 1 #define CURVNET_SET(arg) #define CURVNET_SET_QUIET(arg) #define CURVNET_RESTORE() |
