diff options
44 files changed, 436 insertions, 88 deletions
diff --git a/sys/conf/files b/sys/conf/files index 151a227..d09ead4 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -1953,6 +1953,7 @@ kern/kern_timeout.c standard kern/kern_umtx.c standard kern/kern_uuid.c standard kern/kern_xxx.c standard +kern/kern_vimage.c standard kern/link_elf.c standard kern/linker_if.m standard kern/md4c.c optional netsmb diff --git a/sys/conf/options b/sys/conf/options index f707478..1f59aaf 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -415,6 +415,7 @@ TCPDEBUG TCP_OFFLOAD_DISABLE opt_inet.h #Disable code to dispatch tcp offloading TCP_SIGNATURE opt_inet.h VLAN_ARRAY opt_vlan.h +VIMAGE_GLOBALS opt_global.h XBONEHACK # diff --git a/sys/contrib/pf/net/pf_subr.c b/sys/contrib/pf/net/pf_subr.c index 3b680e3..1ac8b40 100644 --- a/sys/contrib/pf/net/pf_subr.c +++ b/sys/contrib/pf/net/pf_subr.c @@ -124,15 +124,14 @@ static MD5_CTX isn_ctx; u_int32_t pf_new_isn(struct pf_state *s) { - INIT_VNET_INET(curvnet); u_int32_t md5_buffer[4]; u_int32_t new_isn; struct pf_state_host *src, *dst; /* Seed if this is the first use, reseed if requested. */ - if (V_isn_last_reseed == 0) { - read_random(&V_isn_secret, sizeof(V_isn_secret)); - V_isn_last_reseed = ticks; + if (isn_last_reseed == 0) { + read_random(&isn_secret, sizeof(isn_secret)); + isn_last_reseed = ticks; } if (s->direction == PF_IN) { @@ -144,28 +143,28 @@ pf_new_isn(struct pf_state *s) } /* Compute the md5 hash and return the ISN. */ - MD5Init(&V_isn_ctx); - MD5Update(&V_isn_ctx, (u_char *) &dst->port, sizeof(u_short)); - MD5Update(&V_isn_ctx, (u_char *) &src->port, sizeof(u_short)); + MD5Init(&isn_ctx); + MD5Update(&isn_ctx, (u_char *) &dst->port, sizeof(u_short)); + MD5Update(&isn_ctx, (u_char *) &src->port, sizeof(u_short)); #ifdef INET6 if (s->af == AF_INET6) { - MD5Update(&V_isn_ctx, (u_char *) &dst->addr, + MD5Update(&isn_ctx, (u_char *) &dst->addr, sizeof(struct in6_addr)); - MD5Update(&V_isn_ctx, (u_char *) &src->addr, + MD5Update(&isn_ctx, (u_char *) &src->addr, sizeof(struct in6_addr)); } else #endif { - MD5Update(&V_isn_ctx, (u_char *) &dst->addr, + MD5Update(&isn_ctx, (u_char *) &dst->addr, sizeof(struct in_addr)); - MD5Update(&V_isn_ctx, (u_char *) &src->addr, + MD5Update(&isn_ctx, (u_char *) &src->addr, sizeof(struct in_addr)); } - MD5Update(&V_isn_ctx, (u_char *) &V_isn_secret, sizeof(V_isn_secret)); - MD5Final((u_char *) &md5_buffer, &V_isn_ctx); + MD5Update(&isn_ctx, (u_char *) &isn_secret, sizeof(isn_secret)); + MD5Final((u_char *) &md5_buffer, &isn_ctx); new_isn = (tcp_seq) md5_buffer[0]; - V_isn_offset += ISN_STATIC_INCREMENT + + isn_offset += ISN_STATIC_INCREMENT + (arc4random() & ISN_RANDOM_INCREMENT); - new_isn += V_isn_offset; + new_isn += isn_offset; return (new_isn); } diff --git a/sys/kern/kern_linker.c b/sys/kern/kern_linker.c index f657efa..1683a5a 100644 --- a/sys/kern/kern_linker.c +++ b/sys/kern/kern_linker.c @@ -51,6 +51,7 @@ __FBSDID("$FreeBSD$"); #include <sys/vnode.h> #include <sys/syscallsubr.h> #include <sys/sysctl.h> +#include <sys/vimage.h> #include <security/mac/mac_framework.h> @@ -1301,8 +1302,23 @@ kldsym(struct thread *td, struct kldsym_args *uap) break; } } +#ifndef VIMAGE_GLOBALS + /* + * If the symbol is not found in global namespace, + * try to look it up in the current vimage namespace. + */ + if (lf == NULL) { + CURVNET_SET(TD_TO_VNET(td)); + error = vi_symlookup(&lookup, symstr); + CURVNET_RESTORE(); + if (error == 0) + error = copyout(&lookup, uap->data, + sizeof(lookup)); + } +#else if (lf == NULL) error = ENOENT; +#endif } KLD_UNLOCK(); out: diff --git a/sys/kern/kern_vimage.c b/sys/kern/kern_vimage.c new file mode 100644 index 0000000..0cba35a --- /dev/null +++ b/sys/kern/kern_vimage.c @@ -0,0 +1,98 @@ +/*- + * Copyright (c) 2004-2008 University of Zagreb + * Copyright (c) 2006-2008 FreeBSD Foundation + * + * This software was developed by the University of Zagreb and the + * FreeBSD Foundation under sponsorship by the Stichting NLnet and the + * FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#include <sys/param.h> +#include <sys/types.h> +#include <sys/kernel.h> +#include <sys/linker.h> +#include <sys/malloc.h> +#include <sys/systm.h> +#include <sys/vimage.h> + +#ifndef VIMAGE_GLOBALS + +MALLOC_DEFINE(M_VIMAGE, "vimage", "vimage resource container"); + +static TAILQ_HEAD(vnet_modlink_head, vnet_modlink) vnet_modlink_head; + +void +vnet_mod_register(const struct vnet_modinfo *vmi) +{ + struct vnet_modlink *vml, *vml_iter; + + /* Do not register the same module instance more than once. */ + TAILQ_FOREACH(vml_iter, &vnet_modlink_head, vml_mod_le) + if (vml_iter->vml_modinfo == vmi) + panic("%s: %s", __func__, vmi->vmi_name); + vml = malloc(sizeof(struct vnet_modlink), M_VIMAGE, M_NOWAIT); + vml->vml_modinfo = vmi; + TAILQ_INSERT_TAIL(&vnet_modlink_head, vml, vml_mod_le); +} + +/* + * vi_symlookup() attempts to resolve name to address queries for + * variables which have been moved from global namespace to virtualization + * container structures, but are still directly accessed from legacy + * userspace processes via kldsym(2) and kmem(4) interfaces. + */ +int +vi_symlookup(struct kld_sym_lookup *lookup, char *symstr) +{ + struct vnet_modlink *vml; + struct vnet_symmap *mapentry; + + TAILQ_FOREACH(vml, &vnet_modlink_head, vml_mod_le) { + if (vml->vml_modinfo->vmi_symmap == NULL) + continue; + for (mapentry = vml->vml_modinfo->vmi_symmap; + mapentry->name != NULL; mapentry++) { + if (strcmp(symstr, mapentry->name) == 0) { + lookup->symvalue = (u_long) mapentry->base; + lookup->symsize = mapentry->size; + return (0); + } + } + } + return (ENOENT); +} + +static void +vi_init(void *unused) +{ + + TAILQ_INIT(&vnet_modlink_head); +} + +SYSINIT(vimage, SI_SUB_VIMAGE, SI_ORDER_FIRST, vi_init, NULL); + +#endif /* !VIMAGE_GLOBALS */ diff --git a/sys/net/if.c b/sys/net/if.c index f551c60..87b0328 100644 --- a/sys/net/if.c +++ b/sys/net/if.c @@ -90,6 +90,12 @@ #include <security/mac/mac_framework.h> +#ifndef VIMAGE +#ifndef VIMAGE_GLOBALS +struct vnet_net vnet_net_0; +#endif +#endif + SYSCTL_NODE(_net, PF_LINK, link, CTLFLAG_RW, 0, "Link layers"); SYSCTL_NODE(_net_link, 0, generic, CTLFLAG_RW, 0, "Generic link-management"); @@ -161,6 +167,19 @@ static int filt_netdev(struct knote *kn, long hint); static struct filterops netdev_filtops = { 1, NULL, filt_netdetach, filt_netdev }; +#ifndef VIMAGE_GLOBALS +static struct vnet_symmap vnet_net_symmap[] = { + VNET_SYMMAP(net, ifnet), + VNET_SYMMAP(net, rt_tables), + VNET_SYMMAP(net, rtstat), + VNET_SYMMAP(net, rttrash), + VNET_SYMMAP_END +}; + +VNET_MOD_DECLARE(NET, net, vnet_net_iattach, vnet_net_idetach, + NONE, vnet_net_symmap) +#endif + /* * System initialization */ @@ -361,6 +380,10 @@ if_init(void *dummy __unused) { INIT_VNET_NET(curvnet); +#ifndef VIMAGE_GLOBALS + vnet_mod_register(&vnet_net_modinfo); +#endif + V_if_index = 0; V_ifindex_table = NULL; V_if_indexlim = 8; diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c index 8f07e6c..6d7aed0 100644 --- a/sys/net/if_bridge.c +++ b/sys/net/if_bridge.c @@ -100,6 +100,7 @@ __FBSDID("$FreeBSD$"); #include <sys/proc.h> #include <sys/lock.h> #include <sys/mutex.h> +#include <sys/rwlock.h> #include <sys/vimage.h> #include <net/bpf.h> @@ -3041,7 +3042,7 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) } if (IPFW_LOADED && pfil_ipfw != 0 && dir == PFIL_OUT && ifp != NULL) { - INIT_VNET_IPFW(curvnet); + INIT_VNET_INET(curvnet); error = -1; args.rule = ip_dn_claim_rule(*mp); diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c index d26609c..4524fdd 100644 --- a/sys/net/if_ethersubr.c +++ b/sys/net/if_ethersubr.c @@ -42,10 +42,12 @@ #include <sys/param.h> #include <sys/systm.h> #include <sys/kernel.h> +#include <sys/lock.h> #include <sys/malloc.h> #include <sys/module.h> #include <sys/mbuf.h> #include <sys/random.h> +#include <sys/rwlock.h> #include <sys/socket.h> #include <sys/sockio.h> #include <sys/sysctl.h> @@ -71,6 +73,7 @@ #include <netinet/if_ether.h> #include <netinet/ip_fw.h> #include <netinet/ip_dummynet.h> +#include <netinet/vinet.h> #endif #ifdef INET6 #include <netinet6/nd6.h> @@ -426,7 +429,7 @@ int ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst, struct ip_fw **rule, int shared) { - INIT_VNET_IPFW(dst->if_vnet); + INIT_VNET_INET(dst->if_vnet); struct ether_header *eh; struct ether_header save_eh; struct mbuf *m; diff --git a/sys/net/if_gif.c b/sys/net/if_gif.c index 57bfaab..be7fa9f 100644 --- a/sys/net/if_gif.c +++ b/sys/net/if_gif.c @@ -95,6 +95,12 @@ static struct mtx gif_mtx; static MALLOC_DEFINE(M_GIF, "gif", "Generic Tunnel Interface"); +#ifndef VIMAGE +#ifndef VIMAGE_GLOBALS +struct vnet_gif vnet_gif_0; +#endif +#endif + #ifdef VIMAGE_GLOBALS static LIST_HEAD(, gif_softc) gif_softc_list; static int max_gif_nesting; diff --git a/sys/net/if_gif.h b/sys/net/if_gif.h index c2fcc8c..2ba7bd3 100644 --- a/sys/net/if_gif.h +++ b/sys/net/if_gif.h @@ -113,7 +113,7 @@ int gif_encapcheck(const struct mbuf *, int, int, void *); /* * Virtualization support */ -#ifdef VIMAGE + struct vnet_gif { LIST_HEAD(, gif_softc) _gif_softc_list; int _max_gif_nesting; @@ -121,6 +121,11 @@ struct vnet_gif { int _ip_gif_ttl; int _ip6_gif_hlim; }; + +#ifndef VIMAGE +#ifndef VIMAGE_GLOBALS +extern struct vnet_gif vnet_gif_0; +#endif #endif #define INIT_VNET_GIF(vnet) \ diff --git a/sys/net/vnet.h b/sys/net/vnet.h index 531d714..f09fc6e 100644 --- a/sys/net/vnet.h +++ b/sys/net/vnet.h @@ -37,9 +37,7 @@ #include <sys/param.h> #include <sys/systm.h> -#include <sys/proc.h> #include <sys/protosw.h> -#include <sys/socket.h> #include <net/if.h> #include <net/if_var.h> @@ -67,6 +65,12 @@ struct vnet_net { int _ether_ipfw; }; +#ifndef VIMAGE +#ifndef VIMAGE_GLOBALS +extern struct vnet_net vnet_net_0; +#endif +#endif + /* * Symbol translation macros */ diff --git a/sys/netgraph/netgraph.h b/sys/netgraph/netgraph.h index 0def641..4072f76 100644 --- a/sys/netgraph/netgraph.h +++ b/sys/netgraph/netgraph.h @@ -1205,6 +1205,12 @@ struct vnet_netgraph { struct unrhdr *_ng_wormhole_unit; }; +#ifndef VIMAGE +#ifndef VIMAGE_GLOBALS +extern struct vnet_netgraph vnet_netgraph_0; +#endif +#endif + /* Symbol translation macros */ #define V_nextID VNET_NETGRAPH(nextID) #define V_ng_ID_hash VNET_NETGRAPH(ng_ID_hash) diff --git a/sys/netgraph/ng_base.c b/sys/netgraph/ng_base.c index 24ed885..0406da1 100644 --- a/sys/netgraph/ng_base.c +++ b/sys/netgraph/ng_base.c @@ -72,6 +72,12 @@ MODULE_VERSION(netgraph, NG_ABI_VERSION); +#ifndef VIMAGE +#ifndef VIMAGE_GLOBALS +struct vnet_netgraph vnet_netgraph_0; +#endif +#endif + /* Mutex to protect topology events. */ static struct mtx ng_topo_mtx; @@ -167,7 +173,9 @@ static struct mtx ng_typelist_mtx; /* Hash related definitions */ /* XXX Don't need to initialise them because it's a LIST */ +#ifdef VIMAGE_GLOBALS static LIST_HEAD(, ng_node) ng_ID_hash[NG_ID_HASH_SIZE]; +#endif static struct mtx ng_idhash_mtx; /* Method to find a node.. used twice so do it here */ #define NG_IDHASH_FN(ID) ((ID) % (NG_ID_HASH_SIZE)) @@ -183,7 +191,9 @@ static struct mtx ng_idhash_mtx; } \ } while (0) +#ifdef VIMAGE_GLOBALS static LIST_HEAD(, ng_node) ng_name_hash[NG_NAME_HASH_SIZE]; +#endif static struct mtx ng_namehash_mtx; #define NG_NAMEHASH(NAME, HASH) \ do { \ @@ -348,7 +358,9 @@ ng_alloc_node(void) #define TRAP_ERROR() #endif -static ng_ID_t nextID = 1; +#ifdef VIMAGE_GLOBALS +static ng_ID_t nextID; +#endif #ifdef INVARIANTS #define CHECK_DATA_MBUF(m) do { \ @@ -3063,6 +3075,7 @@ ngb_mod_event(module_t mod, int event, void *data) switch (event) { case MOD_LOAD: /* Initialize everything. */ + V_nextID = 1; NG_WORKLIST_LOCK_INIT(); mtx_init(&ng_typelist_mtx, "netgraph types mutex", NULL, MTX_DEF); diff --git a/sys/netgraph/ng_bridge.c b/sys/netgraph/ng_bridge.c index c033a55..d998f1e 100644 --- a/sys/netgraph/ng_bridge.c +++ b/sys/netgraph/ng_bridge.c @@ -61,9 +61,11 @@ #include <sys/param.h> #include <sys/systm.h> #include <sys/kernel.h> +#include <sys/lock.h> #include <sys/malloc.h> #include <sys/mbuf.h> #include <sys/errno.h> +#include <sys/rwlock.h> #include <sys/syslog.h> #include <sys/socket.h> #include <sys/ctype.h> diff --git a/sys/netgraph/ng_eiface.c b/sys/netgraph/ng_eiface.c index 3d92e5f..542eaad 100644 --- a/sys/netgraph/ng_eiface.c +++ b/sys/netgraph/ng_eiface.c @@ -113,7 +113,9 @@ static struct ng_type typestruct = { }; NETGRAPH_INIT(eiface, &typestruct); +#ifdef VIMAGE_GLOBALS static struct unrhdr *ng_eiface_unit; +#endif /************************************************************************ INTERFACE STUFF diff --git a/sys/netgraph/ng_iface.c b/sys/netgraph/ng_iface.c index 35fc1cc8..2295004 100644 --- a/sys/netgraph/ng_iface.c +++ b/sys/netgraph/ng_iface.c @@ -208,7 +208,9 @@ static struct ng_type typestruct = { }; NETGRAPH_INIT(iface, &typestruct); +#ifdef VIMAGE_GLOBALS static struct unrhdr *ng_iface_unit; +#endif /************************************************************************ HELPER STUFF diff --git a/sys/netgraph/ng_ipfw.c b/sys/netgraph/ng_ipfw.c index 91af215..cce623b 100644 --- a/sys/netgraph/ng_ipfw.c +++ b/sys/netgraph/ng_ipfw.c @@ -29,10 +29,12 @@ #include <sys/param.h> #include <sys/systm.h> #include <sys/kernel.h> +#include <sys/lock.h> #include <sys/mbuf.h> #include <sys/malloc.h> #include <sys/ctype.h> #include <sys/errno.h> +#include <sys/rwlock.h> #include <sys/socket.h> #include <sys/syslog.h> diff --git a/sys/netinet/in_proto.c b/sys/netinet/in_proto.c index 8af52f2..a93f1f2 100644 --- a/sys/netinet/in_proto.c +++ b/sys/netinet/in_proto.c @@ -46,6 +46,7 @@ __FBSDID("$FreeBSD$"); #include <sys/kernel.h> #include <sys/socket.h> #include <sys/domain.h> +#include <sys/proc.h> #include <sys/protosw.h> #include <sys/queue.h> #include <sys/sysctl.h> diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c index dc627a8..d6eb16f 100644 --- a/sys/netinet/ip_divert.c +++ b/sys/netinet/ip_divert.c @@ -52,6 +52,7 @@ __FBSDID("$FreeBSD$"); #include <sys/priv.h> #include <sys/proc.h> #include <sys/protosw.h> +#include <sys/rwlock.h> #include <sys/signalvar.h> #include <sys/socket.h> #include <sys/socketvar.h> @@ -167,7 +168,7 @@ div_init(void) V_divcbinfo.ipi_zone = uma_zcreate("divcb", sizeof(struct inpcb), NULL, NULL, div_inpcb_init, div_inpcb_fini, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); - uma_zone_set_max(divcbinfo.ipi_zone, maxsockets); + uma_zone_set_max(V_divcbinfo.ipi_zone, maxsockets); EVENTHANDLER_REGISTER(maxsockets_change, div_zone_change, NULL, EVENTHANDLER_PRI_ANY); } diff --git a/sys/netinet/ip_dummynet.c b/sys/netinet/ip_dummynet.c index a7c0a31..15595b8 100644 --- a/sys/netinet/ip_dummynet.c +++ b/sys/netinet/ip_dummynet.c @@ -62,9 +62,11 @@ __FBSDID("$FreeBSD$"); #include <sys/malloc.h> #include <sys/mbuf.h> #include <sys/kernel.h> +#include <sys/lock.h> #include <sys/module.h> #include <sys/priv.h> #include <sys/proc.h> +#include <sys/rwlock.h> #include <sys/socket.h> #include <sys/socketvar.h> #include <sys/time.h> diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h index a0123ad..6e7db99 100644 --- a/sys/netinet/ip_fw.h +++ b/sys/netinet/ip_fw.h @@ -650,8 +650,6 @@ typedef int ip_fw_chk_t(struct ip_fw_args *args); extern ip_fw_chk_t *ip_fw_chk_ptr; #define IPFW_LOADED (ip_fw_chk_ptr != NULL) -#ifdef IPFW_INTERNAL - struct ip_fw_chain { struct ip_fw *rules; /* list of rules */ struct ip_fw *reap; /* list of rules to reap */ @@ -659,6 +657,9 @@ struct ip_fw_chain { struct radix_node_head *tables[IPFW_TABLES_MAX]; struct rwlock rwmtx; }; + +#ifdef IPFW_INTERNAL + #define IPFW_LOCK_INIT(_chain) \ rw_init(&(_chain)->rwmtx, "IPFW static rules") #define IPFW_LOCK_DESTROY(_chain) rw_destroy(&(_chain)->rwmtx) @@ -684,9 +685,7 @@ typedef int ipfw_nat_cfg_t(struct sockopt *); /* * Stack virtualization support. */ -#ifdef VIMAGE struct vnet_ipfw { - int _fw_one_pass; int _fw_enable; int _fw6_enable; u_int32_t _set_disable; @@ -716,6 +715,11 @@ struct vnet_ipfw { struct callout _ipfw_timeout; eventhandler_tag _ifaddr_event_tag; }; + +#ifndef VIMAGE +#ifndef VIMAGE_GLOBALS +extern struct vnet_ipfw vnet_ipfw_0; +#endif #endif /* @@ -726,7 +730,6 @@ struct vnet_ipfw { #define VNET_IPFW(sym) VSYM(vnet_ipfw, sym) -#define V_fw_one_pass VNET_IPFW(fw_one_pass) #define V_fw_enable VNET_IPFW(fw_enable) #define V_fw6_enable VNET_IPFW(fw6_enable) #define V_set_disable VNET_IPFW(set_disable) diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c index f9696cc..61c76cf 100644 --- a/sys/netinet/ip_fw2.c +++ b/sys/netinet/ip_fw2.c @@ -110,6 +110,12 @@ __FBSDID("$FreeBSD$"); #include <security/mac/mac_framework.h> +#ifndef VIMAGE +#ifndef VIMAGE_GLOBALS +struct vnet_ipfw vnet_ipfw_0; +#endif +#endif + /* * set_disable contains one bit per set value (0..31). * If the bit is set, all rules with the corresponding set @@ -118,12 +124,13 @@ __FBSDID("$FreeBSD$"); * and CANNOT be disabled. * Rules in set RESVD_SET can only be deleted explicitly. */ +#ifdef VIMAGE_GLOBALS static u_int32_t set_disable; - static int fw_verbose; +static struct callout ipfw_timeout; +#endif static int verbose_limit; -static struct callout ipfw_timeout; static uma_zone_t ipfw_dyn_rule_zone; /* @@ -159,8 +166,10 @@ struct table_entry { u_int32_t value; }; -static int fw_debug = 1; -static int autoinc_step = 100; /* bounded to 1..1000 in add_rule() */ +#ifdef VIMAGE_GLOBALS +static int fw_debug; +static int autoinc_step; +#endif extern int ipfw_chg_hook(SYSCTL_HANDLER_ARGS); @@ -171,7 +180,7 @@ SYSCTL_V_PROC(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, enable, ipfw_chg_hook, "I", "Enable ipfw"); SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, autoinc_step, CTLFLAG_RW, autoinc_step, 0, "Rule number autincrement step"); -SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, one_pass, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip_fw, OID_AUTO, one_pass, CTLFLAG_RW | CTLFLAG_SECURE3, fw_one_pass, 0, "Only do a single pass through ipfw when using dummynet(4)"); SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, debug, CTLFLAG_RW, @@ -222,9 +231,11 @@ SYSCTL_UINT(_net_inet_ip_fw, OID_AUTO, tables_max, CTLFLAG_RD, * obey the 'randomized match', and we do not do multiple * passes through the firewall. XXX check the latter!!! */ -static ipfw_dyn_rule **ipfw_dyn_v = NULL; -static u_int32_t dyn_buckets = 256; /* must be power of 2 */ -static u_int32_t curr_dyn_buckets = 256; /* must be power of 2 */ +#ifdef VIMAGE_GLOBALS +static ipfw_dyn_rule **ipfw_dyn_v; +static u_int32_t dyn_buckets; +static u_int32_t curr_dyn_buckets; +#endif static struct mtx ipfw_dyn_mtx; /* mutex guarding dynamic rules */ #define IPFW_DYN_LOCK_INIT() \ @@ -237,12 +248,13 @@ static struct mtx ipfw_dyn_mtx; /* mutex guarding dynamic rules */ /* * Timeouts for various events in handing dynamic rules. */ -static u_int32_t dyn_ack_lifetime = 300; -static u_int32_t dyn_syn_lifetime = 20; -static u_int32_t dyn_fin_lifetime = 1; -static u_int32_t dyn_rst_lifetime = 1; -static u_int32_t dyn_udp_lifetime = 10; -static u_int32_t dyn_short_lifetime = 5; +#ifdef VIMAGE_GLOBALS +static u_int32_t dyn_ack_lifetime; +static u_int32_t dyn_syn_lifetime; +static u_int32_t dyn_fin_lifetime; +static u_int32_t dyn_rst_lifetime; +static u_int32_t dyn_udp_lifetime; +static u_int32_t dyn_short_lifetime; /* * Keepalives are sent if dyn_keepalive is set. They are sent every @@ -252,14 +264,15 @@ static u_int32_t dyn_short_lifetime = 5; * than dyn_keepalive_period. */ -static u_int32_t dyn_keepalive_interval = 20; -static u_int32_t dyn_keepalive_period = 5; -static u_int32_t dyn_keepalive = 1; /* do send keepalives */ +static u_int32_t dyn_keepalive_interval; +static u_int32_t dyn_keepalive_period; +static u_int32_t dyn_keepalive; static u_int32_t static_count; /* # of static rules */ static u_int32_t static_len; /* size in bytes of static rules */ -static u_int32_t dyn_count; /* # of dynamic rules */ -static u_int32_t dyn_max = 4096; /* max # of dynamic rules */ +static u_int32_t dyn_count; /* # of dynamic rules */ +static u_int32_t dyn_max; /* max # of dynamic rules */ +#endif /* VIMAGE_GLOBALS */ SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, dyn_buckets, CTLFLAG_RW, dyn_buckets, 0, "Number of dyn. buckets"); @@ -299,8 +312,9 @@ static struct sysctl_oid *ip6_fw_sysctl_tree; #endif /* INET6 */ #endif /* SYSCTL_NODE */ -static int fw_deny_unknown_exthdrs = 1; - +#ifdef VIMAGE_GLOBALS +static int fw_deny_unknown_exthdrs; +#endif /* * L3HDR maps an ipv4 pointer into a layer3 header pointer of type T @@ -748,7 +762,9 @@ send_reject6(struct ip_fw_args *args, int code, u_int hlen, struct ip6_hdr *ip6) #endif /* INET6 */ +#ifdef VIMAGE_GLOBALS static u_int64_t norule_counter; /* counter for ipfw_log(NULL...) */ +#endif #define SNPARGS(buf, len) buf + len, sizeof(buf) > len ? sizeof(buf) - len : 0 #define SNP(buf) buf, sizeof(buf) @@ -4510,6 +4526,28 @@ ipfw_init(void) struct ip_fw default_rule; int error; + V_fw_debug = 1; + V_autoinc_step = 100; /* bounded to 1..1000 in add_rule() */ + + V_ipfw_dyn_v = NULL; + V_dyn_buckets = 256; /* must be power of 2 */ + V_curr_dyn_buckets = 256; /* must be power of 2 */ + + V_dyn_ack_lifetime = 300; + V_dyn_syn_lifetime = 20; + V_dyn_fin_lifetime = 1; + V_dyn_rst_lifetime = 1; + V_dyn_udp_lifetime = 10; + V_dyn_short_lifetime = 5; + + V_dyn_keepalive_interval = 20; + V_dyn_keepalive_period = 5; + V_dyn_keepalive = 1; /* do send keepalives */ + + V_dyn_max = 4096; /* max # of dynamic rules */ + + V_fw_deny_unknown_exthdrs = 1; + #ifdef INET6 /* Setup IPv6 fw sysctl tree. */ sysctl_ctx_init(&ip6_fw_sysctl_ctx); diff --git a/sys/netinet/ip_fw_nat.c b/sys/netinet/ip_fw_nat.c index 6b8369c..d770d5c 100644 --- a/sys/netinet/ip_fw_nat.c +++ b/sys/netinet/ip_fw_nat.c @@ -71,7 +71,9 @@ MALLOC_DECLARE(M_IPFW); extern struct ip_fw_chain layer3_chain; +#ifdef VIMAGE_GLOBALS static eventhandler_tag ifaddr_event_tag; +#endif extern ipfw_nat_t *ipfw_nat_ptr; extern ipfw_nat_cfg_t *ipfw_nat_cfg_ptr; diff --git a/sys/netinet/ip_fw_pfil.c b/sys/netinet/ip_fw_pfil.c index 3199ce8..246fdef 100644 --- a/sys/netinet/ip_fw_pfil.c +++ b/sys/netinet/ip_fw_pfil.c @@ -43,6 +43,8 @@ __FBSDID("$FreeBSD$"); #include <sys/mbuf.h> #include <sys/module.h> #include <sys/kernel.h> +#include <sys/lock.h> +#include <sys/rwlock.h> #include <sys/socket.h> #include <sys/socketvar.h> #include <sys/sysctl.h> diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 35ebf86..c99c53e 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -49,6 +49,8 @@ __FBSDID("$FreeBSD$"); #include <sys/socket.h> #include <sys/time.h> #include <sys/kernel.h> +#include <sys/lock.h> +#include <sys/rwlock.h> #include <sys/syslog.h> #include <sys/sysctl.h> #include <sys/vimage.h> @@ -91,6 +93,12 @@ __FBSDID("$FreeBSD$"); CTASSERT(sizeof(struct ip) == 20); #endif +#ifndef VIMAGE +#ifndef VIMAGE_GLOBALS +struct vnet_inet vnet_inet_0; +#endif +#endif + #ifdef VIMAGE_GLOBALS static int ipsendredirects; static int ip_checkinterface; @@ -170,7 +178,9 @@ SYSCTL_INT(_net_inet_ip, IPCTL_INTRQDROPS, intr_queue_drops, CTLFLAG_RD, SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_ip, IPCTL_STATS, stats, CTLFLAG_RW, ipstat, ipstat, "IP statistics (struct ipstat, netinet/ip_var.h)"); +#ifdef VIMAGE_GLOBALS static uma_zone_t ipq_zone; +#endif static struct mtx ipqlock; #define IPQ_LOCK() mtx_lock(&ipqlock) @@ -207,7 +217,9 @@ SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, stealth, CTLFLAG_RW, */ ip_fw_chk_t *ip_fw_chk_ptr = NULL; ip_dn_io_t *ip_dn_io_ptr = NULL; -int fw_one_pass = 1; +#ifdef VIMAGE_GLOBALS +int fw_one_pass; +#endif static void ip_freef(struct ipqhead *, struct ipq *); @@ -246,6 +258,8 @@ ip_init(void) V_ipport_randomtime = 45; /* user controlled via sysctl */ V_ipport_stoprandom = 0; /* toggled by ipport_tick */ + V_fw_one_pass = 1; + #ifdef NOTYET /* XXX global static but not instantiated in this file */ V_ipfastforward_active = 0; diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index a40dd1d..03cf56f 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -793,7 +793,6 @@ done: void in_delayed_cksum(struct mbuf *m) { - INIT_VNET_INET(curvnet); struct ip *ip; u_short csum, offset; diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h index e23fe93..a4e73db 100644 --- a/sys/netinet/ip_var.h +++ b/sys/netinet/ip_var.h @@ -177,6 +177,7 @@ struct sockopt; extern struct ipstat ipstat; extern u_short ip_id; /* ip packet ctr, for ids */ +extern int ip_do_randomid; extern int ip_defttl; /* default IP ttl */ extern int ipforwarding; /* ip forwarding */ #ifdef IPSTEALTH diff --git a/sys/netinet/libalias/alias_db.c b/sys/netinet/libalias/alias_db.c index 82ff138..93b226e 100644 --- a/sys/netinet/libalias/alias_db.c +++ b/sys/netinet/libalias/alias_db.c @@ -146,7 +146,9 @@ __FBSDID("$FreeBSD$"); #include <machine/stdarg.h> #include <sys/param.h> #include <sys/kernel.h> +#include <sys/lock.h> #include <sys/module.h> +#include <sys/rwlock.h> #include <sys/syslog.h> #else #include <stdarg.h> diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 7871949..9b5a3f3 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -46,6 +46,7 @@ __FBSDID("$FreeBSD$"); #include <sys/priv.h> #include <sys/proc.h> #include <sys/protosw.h> +#include <sys/rwlock.h> #include <sys/signalvar.h> #include <sys/socket.h> #include <sys/socketvar.h> diff --git a/sys/netinet/sctp_os_bsd.h b/sys/netinet/sctp_os_bsd.h index ff9d534..d0e7a18 100644 --- a/sys/netinet/sctp_os_bsd.h +++ b/sys/netinet/sctp_os_bsd.h @@ -68,6 +68,7 @@ __FBSDID("$FreeBSD$"); #include <net/if_types.h> #include <net/if_var.h> #include <net/route.h> +#include <net/vnet.h> #include <netinet/in.h> #include <netinet/in_systm.h> @@ -96,6 +97,7 @@ __FBSDID("$FreeBSD$"); #include <netinet6/ip6protosw.h> #include <netinet6/nd6.h> #include <netinet6/scope6_var.h> +#include <netinet6/vinet6.h> #endif /* INET6 */ @@ -152,13 +154,8 @@ MALLOC_DECLARE(SCTP_M_SOCKOPT); #define MOD_IPSEC ipsec /* then define the macro(s) that hook into the vimage macros */ -#if defined(__FreeBSD__) && __FreeBSD_version >= 800044 && defined(VIMAGE) -#if 0 -#define VSYMNAME(__MODULE) vnet_ ## __MODULE -#define MODULE_GLOBAL(__MODULE, __SYMBOL) VSYM(VSYMNAME(__MODULE), __SYMBOL) -#else +#if defined(__FreeBSD__) && __FreeBSD_version >= 800056 #define MODULE_GLOBAL(__MODULE, __SYMBOL) V_ ## __SYMBOL -#endif #else #define MODULE_GLOBAL(__MODULE, __SYMBOL) (__SYMBOL) #endif diff --git a/sys/netinet/sctp_pcb.c b/sys/netinet/sctp_pcb.c index d300382..5f05dcd 100644 --- a/sys/netinet/sctp_pcb.c +++ b/sys/netinet/sctp_pcb.c @@ -59,11 +59,11 @@ SCTP6_ARE_ADDR_EQUAL(struct sockaddr_in6 *a, struct sockaddr_in6 *b) struct sockaddr_in6 tmp_a, tmp_b; memcpy(&tmp_a, a, sizeof(struct sockaddr_in6)); - if (sa6_embedscope(&tmp_a, MODULE_GLOBAL(MOD_INET6, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone))) != 0) { + if (sa6_embedscope(&tmp_a, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone)) != 0) { return 0; } memcpy(&tmp_b, b, sizeof(struct sockaddr_in6)); - if (sa6_embedscope(&tmp_b, MODULE_GLOBAL(MOD_INET6, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone))) != 0) { + if (sa6_embedscope(&tmp_b, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone)) != 0) { return 0; } return (IN6_ARE_ADDR_EQUAL(&tmp_a.sin6_addr, &tmp_b.sin6_addr)); @@ -2008,7 +2008,7 @@ sctp_findassociation_addr(struct mbuf *m, int iphlen, int offset, /* Get the scopes in properly to the sin6 addr's */ /* we probably don't need these operations */ (void)sa6_recoverscope(from6); - sa6_embedscope(from6, MODULE_GLOBAL(MOD_INET6, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone))); + sa6_embedscope(from6, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone)); break; } #endif @@ -2049,7 +2049,7 @@ sctp_findassociation_addr(struct mbuf *m, int iphlen, int offset, /* Get the scopes in properly to the sin6 addr's */ /* we probably don't need these operations */ (void)sa6_recoverscope(to6); - sa6_embedscope(to6, MODULE_GLOBAL(MOD_INET6, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone))); + sa6_embedscope(to6, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone)); break; } #endif diff --git a/sys/netinet/tcp_sack.c b/sys/netinet/tcp_sack.c index b52b5b3..4ca10af 100644 --- a/sys/netinet/tcp_sack.c +++ b/sys/netinet/tcp_sack.c @@ -135,7 +135,6 @@ int tcp_sack_globalholes; SYSCTL_NODE(_net_inet_tcp, OID_AUTO, sack, CTLFLAG_RW, 0, "TCP SACK"); SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_sack, OID_AUTO, enable, CTLFLAG_RW, tcp_do_sack, 0, "Enable/Disable TCP SACK support"); -TUNABLE_INT("net.inet.tcp.sack.enable", &tcp_do_sack); SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_sack, OID_AUTO, maxholes, CTLFLAG_RW, tcp_sack_maxholes, 0, diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index 639c42f..bc136b2 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -203,7 +203,7 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, do_tcpdrain, CTLFLAG_RW, &do_tcpdrain, 0, "Enable tcp_drain routine for extra help when low on mbufs"); SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, pcbcount, - CTLFLAG_RD, V_tcbinfo.ipi_count, 0, "Number of active PCBs"); + CTLFLAG_RD, tcbinfo.ipi_count, 0, "Number of active PCBs"); SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, icmp_may_rst, CTLFLAG_RW, icmp_may_rst, 0, @@ -359,6 +359,8 @@ tcp_init(void) V_tcp_inflight_rttthresh = TCPTV_INFLIGHT_RTTTHRESH; tcp_finwait2_timeout = TCPTV_FINWAIT2_TIMEOUT; + TUNABLE_INT_FETCH("net.inet.tcp.sack.enable", &V_tcp_do_sack); + INP_INFO_LOCK_INIT(&V_tcbinfo, "tcp"); LIST_INIT(&V_tcb); V_tcbinfo.ipi_listhead = &V_tcb; diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 53e9626..e402297 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -1198,7 +1198,7 @@ udp_connect(struct socket *so, struct sockaddr *nam, struct thread *td) sin = (struct sockaddr_in *)nam; if (prison_remote_ip4(td->td_ucred, &sin->sin_addr) != 0) { INP_WUNLOCK(inp); - INP_INFO_WUNLOCK(&udbinfo); + INP_INFO_WUNLOCK(&V_udbinfo); return (EAFNOSUPPORT); } error = in_pcbconnect(inp, nam, td->td_ucred); diff --git a/sys/netinet/vinet.h b/sys/netinet/vinet.h index 8a8baba..65ccfa4 100644 --- a/sys/netinet/vinet.h +++ b/sys/netinet/vinet.h @@ -194,8 +194,16 @@ struct vnet_inet { int _icmp_rfi; int _icmp_quotelen; int _icmpbmcastecho; + + int _fw_one_pass; }; +#ifndef VIMAGE +#ifndef VIMAGE_GLOBALS +extern struct vnet_inet vnet_inet_0; +#endif +#endif + /* * Symbol translation macros */ @@ -212,6 +220,7 @@ struct vnet_inet { #define V_divcbinfo VNET_INET(divcbinfo) #define V_drop_redirect VNET_INET(drop_redirect) #define V_drop_synfin VNET_INET(drop_synfin) +#define V_fw_one_pass VNET_INET(fw_one_pass) #define V_icmp_may_rst VNET_INET(icmp_may_rst) #define V_icmp_quotelen VNET_INET(icmp_quotelen) #define V_icmp_rfi VNET_INET(icmp_rfi) @@ -330,16 +339,6 @@ struct vnet_inet { #define V_udpstat VNET_INET(udpstat) #define V_useloopback VNET_INET(useloopback) -static __inline uint16_t ip_newid(void); -extern int ip_do_randomid; - -static __inline uint16_t -ip_newid(void) -{ - if (V_ip_do_randomid) - return ip_randomid(); - - return htons(V_ip_id++); -} +#define ip_newid() ((V_ip_do_randomid != 0) ? ip_randomid() : htons(V_ip_id++)) #endif /* !_NETINET_VINET_H_ */ diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c index 112cda2..380ee55 100644 --- a/sys/netinet6/in6_proto.c +++ b/sys/netinet6/in6_proto.c @@ -74,6 +74,7 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> #include <sys/socket.h> #include <sys/socketvar.h> +#include <sys/proc.h> #include <sys/protosw.h> #include <sys/kernel.h> #include <sys/domain.h> @@ -518,9 +519,6 @@ SYSCTL_V_OID(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_TEMPVLTIME, tempvltime, sysctl_ip6_tempvltime, "I", ""); SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_V6ONLY, v6only, CTLFLAG_RW, ip6_v6only, 0, ""); -#ifndef VIMAGE -TUNABLE_INT("net.inet6.ip6.auto_linklocal", &ip6_auto_linklocal); -#endif SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_AUTO_LINKLOCAL, auto_linklocal, CTLFLAG_RW, ip6_auto_linklocal, 0, ""); SYSCTL_V_STRUCT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_RIP6STATS, diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index fb42c5e..7edcaa3 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -120,6 +120,12 @@ extern struct domain inet6domain; u_char ip6_protox[IPPROTO_MAX]; static struct ifqueue ip6intrq; +#ifndef VIMAGE +#ifndef VIMAGE_GLOBALS +struct vnet_inet6 vnet_inet6_0; +#endif +#endif + #ifdef VIMAGE_GLOBALS static int ip6qmaxlen; struct in6_ifaddr *in6_ifaddr; @@ -172,6 +178,8 @@ ip6_init(void) #else V_ip6_auto_linklocal = 1; /* enable by default */ #endif + TUNABLE_INT_FETCH("net.inet6.ip6.auto_linklocal", + &V_ip6_auto_linklocal); #ifndef IPV6FORWARDING #ifdef GATEWAY6 diff --git a/sys/netinet6/nd6.c b/sys/netinet6/nd6.c index 8f517a5..18e81c3 100644 --- a/sys/netinet6/nd6.c +++ b/sys/netinet6/nd6.c @@ -166,10 +166,10 @@ nd6_init(void) V_llinfo_nd6.ln_prev = &V_llinfo_nd6; LIST_INIT(&V_nd_prefix); - ip6_use_tempaddr = 0; - ip6_temp_preferred_lifetime = DEF_TEMP_PREFERRED_LIFETIME; - ip6_temp_valid_lifetime = DEF_TEMP_VALID_LIFETIME; - ip6_temp_regen_advance = TEMPADDR_REGEN_ADVANCE; + V_ip6_use_tempaddr = 0; + V_ip6_temp_preferred_lifetime = DEF_TEMP_PREFERRED_LIFETIME; + V_ip6_temp_valid_lifetime = DEF_TEMP_VALID_LIFETIME; + V_ip6_temp_regen_advance = TEMPADDR_REGEN_ADVANCE; all1_sa.sin6_family = AF_INET6; all1_sa.sin6_len = sizeof(struct sockaddr_in6); diff --git a/sys/netinet6/vinet6.h b/sys/netinet6/vinet6.h index a84be4f..d509977 100644 --- a/sys/netinet6/vinet6.h +++ b/sys/netinet6/vinet6.h @@ -89,7 +89,7 @@ struct vnet_inet6 { int _dad_init; int _icmp6errpps_count; - int _icmp6errppslim_last; + struct timeval _icmp6errppslim_last; int _ip6_forwarding; int _ip6_sendredirects; @@ -156,6 +156,12 @@ struct vnet_inet6 { struct ip6_pktopts _ip6_opts; }; +#ifndef VIMAGE +#ifndef VIMAGE_GLOBALS +extern struct vnet_inet6 vnet_inet6_0; +#endif +#endif + #define INIT_VNET_INET6(vnet) \ INIT_FROM_VNET(vnet, VNET_MOD_INET6, struct vnet_inet6, vnet_inet6) diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c index 2fd83f0..541e42e 100644 --- a/sys/netipsec/ipsec.c +++ b/sys/netipsec/ipsec.c @@ -97,6 +97,12 @@ #include <opencrypto/cryptodev.h> +#ifndef VIMAGE +#ifndef VIMAGE_GLOBALS +struct vnet_ipsec vnet_ipsec_0; +#endif +#endif + #ifdef VIMAGE_GLOBALS /* NB: name changed so netstat doesn't use it */ struct ipsecstat ipsec4stat; diff --git a/sys/netipsec/vipsec.h b/sys/netipsec/vipsec.h index de97452..5b26c0e 100644 --- a/sys/netipsec/vipsec.h +++ b/sys/netipsec/vipsec.h @@ -109,6 +109,12 @@ struct vnet_ipsec { LIST_HEAD(, secspacq) _spacqtree; }; +#ifndef VIMAGE +#ifndef VIMAGE_GLOBALS +extern struct vnet_ipsec vnet_ipsec_0; +#endif +#endif + /* * Symbol translation macros */ diff --git a/sys/sys/kernel.h b/sys/sys/kernel.h index d224733..16fab6c 100644 --- a/sys/sys/kernel.h +++ b/sys/sys/kernel.h @@ -117,6 +117,7 @@ enum sysinit_sub_id { SI_SUB_MAC = 0x2180000, /* TrustedBSD MAC subsystem */ SI_SUB_MAC_POLICY = 0x21C0000, /* TrustedBSD MAC policies */ SI_SUB_MAC_LATE = 0x21D0000, /* TrustedBSD MAC subsystem */ + SI_SUB_VIMAGE = 0x21E0000, /* vimage infrastructure */ SI_SUB_INTRINSIC = 0x2200000, /* proc 0*/ SI_SUB_VM_CONF = 0x2300000, /* config VM, set limits*/ SI_SUB_DDB_SERVICES = 0x2380000, /* capture, scripting, etc. */ diff --git a/sys/sys/sysctl.h b/sys/sys/sysctl.h index f1cb04a..a92f190 100644 --- a/sys/sys/sysctl.h +++ b/sys/sys/sysctl.h @@ -227,16 +227,23 @@ TAILQ_HEAD(sysctl_ctx_list, sysctl_ctx_entry); #ifdef VIMAGE #define SYSCTL_V_OID(subs, mod, parent, nbr, name, kind, a1, a2, \ - handler, fmt, descr) \ + handler, fmt, descr) \ static struct sysctl_oid sysctl__##parent##_##name = { \ &sysctl_##parent##_children, { 0 }, nbr, kind, \ (void *) offsetof(struct mod, _##a1), a2, #name, \ handler, fmt, 0, __DESCR(descr), subs, V_MOD_##mod }; \ DATA_SET(sysctl_set, sysctl__##parent##_##name) #else +#ifdef VIMAGE_GLOBALS #define SYSCTL_V_OID(subs, mod, parent, nbr, name, kind, a1, a2, \ handler, fmt, descr) \ SYSCTL_OID(parent, nbr, name, kind, &a1, a2, handler, fmt, descr) +#else +#define SYSCTL_V_OID(subs, mod, parent, nbr, name, kind, a1, a2, \ + handler, fmt, descr) \ + SYSCTL_OID(parent, nbr, name, kind, & mod ## _0._ ## a1, a2, \ + handler, fmt, descr) +#endif #endif #define SYSCTL_ADD_OID(ctx, parent, nbr, name, kind, a1, a2, handler, fmt, descr) \ @@ -262,9 +269,15 @@ TAILQ_HEAD(sysctl_ctx_list, sysctl_ctx_entry); SYSCTL_V_OID(subs, mod, parent, nbr, name, CTLTYPE_STRING|(access), \ sym, len, sysctl_handle_v_string, "A", descr) #else +#ifdef VIMAGE_GLOBALS #define SYSCTL_V_STRING(subs, mod, parent, nbr, name, access, sym, len, descr) \ SYSCTL_OID(parent, nbr, name, CTLTYPE_STRING|(access), \ &sym, len, sysctl_handle_string, "A", descr) +#else +#define SYSCTL_V_STRING(subs, mod, parent, nbr, name, access, sym, len, descr) \ + SYSCTL_OID(parent, nbr, name, CTLTYPE_STRING|(access), \ + & mod ## _0._ ## sym, len, sysctl_handle_string, "A", descr) +#endif #endif #define SYSCTL_ADD_STRING(ctx, parent, nbr, name, access, arg, len, descr) \ @@ -281,9 +294,15 @@ TAILQ_HEAD(sysctl_ctx_list, sysctl_ctx_entry); SYSCTL_V_OID(subs, mod, parent, nbr, name, CTLTYPE_INT|(access), \ sym, val, sysctl_handle_v_int, "I", descr) #else +#ifdef VIMAGE_GLOBALS #define SYSCTL_V_INT(subs, mod, parent, nbr, name, access, sym, val, descr) \ SYSCTL_OID(parent, nbr, name, CTLTYPE_INT|(access), \ &sym, val, sysctl_handle_int, "I", descr) +#else +#define SYSCTL_V_INT(subs, mod, parent, nbr, name, access, sym, val, descr) \ + SYSCTL_OID(parent, nbr, name, CTLTYPE_INT|(access), \ + & mod ## _0._ ## sym, val, sysctl_handle_int, "I", descr) +#endif #endif #define SYSCTL_ADD_INT(ctx, parent, nbr, name, access, ptr, val, descr) \ @@ -300,9 +319,15 @@ TAILQ_HEAD(sysctl_ctx_list, sysctl_ctx_entry); SYSCTL_V_OID(subs, mod, parent, nbr, name, CTLTYPE_UINT|(access), \ sym, val, sysctl_handle_v_int, "IU", descr) #else +#ifdef VIMAGE_GLOBALS #define SYSCTL_V_UINT(subs, mod, parent, nbr, name, access, sym, val, descr) \ SYSCTL_OID(parent, nbr, name, CTLTYPE_UINT|(access), \ &sym, val, sysctl_handle_int, "IU", descr) +#else +#define SYSCTL_V_UINT(subs, mod, parent, nbr, name, access, sym, val, descr) \ + SYSCTL_OID(parent, nbr, name, CTLTYPE_UINT|(access), \ + & mod ## _0._ ## sym, val, sysctl_handle_int, "IU", descr) +#endif #endif #define SYSCTL_ADD_UINT(ctx, parent, nbr, name, access, ptr, val, descr) \ @@ -374,11 +399,19 @@ TAILQ_HEAD(sysctl_ctx_list, sysctl_ctx_entry); sym, sizeof(struct type), sysctl_handle_v_opaque, \ "S," #type, descr) #else +#ifdef VIMAGE_GLOBALS #define SYSCTL_V_STRUCT(subs, mod, parent, nbr, name, access, sym, \ type, descr) \ SYSCTL_OID(parent, nbr, name, CTLTYPE_OPAQUE|(access), \ &sym, sizeof(struct type), sysctl_handle_opaque, \ "S," #type, descr) +#else +#define SYSCTL_V_STRUCT(subs, mod, parent, nbr, name, access, sym, \ + type, descr) \ + SYSCTL_OID(parent, nbr, name, CTLTYPE_OPAQUE|(access), \ + & mod ## _0._ ## sym, sizeof(struct type), \ + sysctl_handle_opaque, "S," #type, descr) +#endif #endif #define SYSCTL_ADD_STRUCT(ctx, parent, nbr, name, access, ptr, type, descr) \ diff --git a/sys/sys/vimage.h b/sys/sys/vimage.h index 9124004..fd6e00c 100644 --- a/sys/sys/vimage.h +++ b/sys/sys/vimage.h @@ -33,14 +33,54 @@ #ifndef _SYS_VIMAGE_H_ #define _SYS_VIMAGE_H_ -#define VIMAGE_GLOBALS 1 +#include <sys/queue.h> + +struct kld_sym_lookup; + +struct vnet_symmap { + char *name; + void *base; + size_t size; +}; + +struct vnet_modinfo { + char *vmi_name; + struct vnet_symmap *vmi_symmap; +}; + +struct vnet_modlink { + TAILQ_ENTRY(vnet_modlink) vml_mod_le; + const struct vnet_modinfo *vml_modinfo; +}; + +#define VNET_MOD_DECLARE(m_name_uc, m_name_lc, m_iattach, m_idetach, \ + m_dependson, m_symmap) \ + static const struct vnet_modinfo vnet_##m_name_lc##_modinfo = { \ + .vmi_name = #m_name_lc, \ + .vmi_symmap = m_symmap \ +}; + +#ifdef VIMAGE_GLOBALS +#define VSYM(base, sym) (sym) +#else +#ifdef VIMAGE +#error "No option VIMAGE yet!" +#else +#define VSYM(base, sym) (base ## _0._ ## sym) +#endif +#endif + +#define VNET_SYMMAP(mod, name) \ + { #name, &(vnet_ ## mod ## _0._ ## name), \ + sizeof(vnet_ ## mod ## _0._ ## name) } + +#define VNET_SYMMAP_END { NULL, 0 } /* Non-VIMAGE null-macros */ #define CURVNET_SET(arg) #define CURVNET_SET_QUIET(arg) #define CURVNET_RESTORE() #define VNET_ASSERT(condition) -#define VSYM(base, sym) (sym) #define INIT_FROM_VNET(vnet, modindex, modtype, sym) #define VNET_ITERATOR_DECL(arg) #define VNET_FOREACH(arg) @@ -58,11 +98,14 @@ #define P_TO_VCPU(p) /* XXX those defines bellow should probably go into vprocg.h and vcpu.h */ -#define VPROCG(sym) VSYM(vprocg, sym) -#define VCPU(sym) VSYM(vcpu, sym) +#define VPROCG(sym) (sym) +#define VCPU(sym) (sym) #define V_hostname VPROCG(hostname) -#define G_hostname VSYM(basevprocg, hostname) /* global hostname */ +#define G_hostname VPROCG(hostname) /* global hostname */ #define V_domainname VPROCG(domainname) +int vi_symlookup(struct kld_sym_lookup *, char *); +void vnet_mod_register(const struct vnet_modinfo *); + #endif /* !_SYS_VIMAGE_H_ */ |
