diff options
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/if_ether.c | 17 | ||||
-rw-r--r-- | sys/netinet/igmp.c | 6 | ||||
-rw-r--r-- | sys/netinet/in.c | 12 | ||||
-rw-r--r-- | sys/netinet/in_gif.c | 4 | ||||
-rw-r--r-- | sys/netinet/in_mcast.c | 2 | ||||
-rw-r--r-- | sys/netinet/in_pcb.c | 26 | ||||
-rw-r--r-- | sys/netinet/in_pcb.h | 2 | ||||
-rw-r--r-- | sys/netinet/in_proto.c | 1 | ||||
-rw-r--r-- | sys/netinet/in_rmx.c | 18 | ||||
-rw-r--r-- | sys/netinet/in_var.h | 9 | ||||
-rw-r--r-- | sys/netinet/ip_divert.c | 2 | ||||
-rw-r--r-- | sys/netinet/ip_fastfwd.c | 4 | ||||
-rw-r--r-- | sys/netinet/ip_icmp.c | 41 | ||||
-rw-r--r-- | sys/netinet/ip_icmp.h | 1 | ||||
-rw-r--r-- | sys/netinet/ip_input.c | 80 | ||||
-rw-r--r-- | sys/netinet/ip_output.c | 2 | ||||
-rw-r--r-- | sys/netinet/raw_ip.c | 4 | ||||
-rw-r--r-- | sys/netinet/tcp_hostcache.c | 4 | ||||
-rw-r--r-- | sys/netinet/tcp_input.c | 29 | ||||
-rw-r--r-- | sys/netinet/tcp_output.c | 19 | ||||
-rw-r--r-- | sys/netinet/tcp_reass.c | 16 | ||||
-rw-r--r-- | sys/netinet/tcp_sack.c | 11 | ||||
-rw-r--r-- | sys/netinet/tcp_subr.c | 70 | ||||
-rw-r--r-- | sys/netinet/tcp_syncache.c | 16 | ||||
-rw-r--r-- | sys/netinet/tcp_timewait.c | 4 | ||||
-rw-r--r-- | sys/netinet/tcp_var.h | 19 | ||||
-rw-r--r-- | sys/netinet/udp_usrreq.c | 11 | ||||
-rw-r--r-- | sys/netinet/vinet.h | 2 |
28 files changed, 315 insertions, 117 deletions
diff --git a/sys/netinet/if_ether.c b/sys/netinet/if_ether.c index 3d1eba6..130ba0c 100644 --- a/sys/netinet/if_ether.c +++ b/sys/netinet/if_ether.c @@ -82,7 +82,12 @@ SYSCTL_DECL(_net_link_ether); SYSCTL_NODE(_net_link_ether, PF_INET, inet, CTLFLAG_RW, 0, ""); /* timer values */ -static int arpt_keep = (20*60); /* once resolved, good for 20 more minutes */ +#ifdef VIMAGE_GLOBALS +static int arpt_keep; /* once resolved, good for 20 more minutes */ +static int arp_maxtries; +static int useloopback; /* use loopback interface for local traffic */ +static int arp_proxyall; +#endif SYSCTL_INT(_net_link_ether_inet, OID_AUTO, max_age, CTLFLAG_RW, &arpt_keep, 0, "ARP entry lifetime in seconds"); @@ -99,10 +104,6 @@ struct llinfo_arp { static struct ifqueue arpintrq; -static int arp_maxtries = 5; -static int useloopback = 1; /* use loopback interface for local traffic */ -static int arp_proxyall = 0; - SYSCTL_V_INT(V_NET, vnet_inet, _net_link_ether_inet, OID_AUTO, maxtries, CTLFLAG_RW, arp_maxtries, 0, "ARP resolution attempts before returning error"); @@ -1076,6 +1077,12 @@ arp_ifinit2(struct ifnet *ifp, struct ifaddr *ifa, u_char *enaddr) static void arp_init(void) { + INIT_VNET_INET(curvnet); + + V_arpt_keep = (20*60); /* once resolved, good for 20 more minutes */ + V_arp_maxtries = 5; + V_useloopback = 1; /* use loopback interface for local traffic */ + V_arp_proxyall = 0; arpintrq.ifq_maxlen = 50; mtx_init(&arpintrq.ifq_mtx, "arp_inq", NULL, MTX_DEF); diff --git a/sys/netinet/igmp.c b/sys/netinet/igmp.c index d047abe..f77434c 100644 --- a/sys/netinet/igmp.c +++ b/sys/netinet/igmp.c @@ -80,7 +80,9 @@ static MALLOC_DEFINE(M_IGMP, "igmp", "igmp state"); static struct router_info *find_rti(struct ifnet *ifp); static void igmp_sendpkt(struct in_multi *, int, unsigned long); +#ifdef VIMAGE_GLOBALS static struct igmpstat igmpstat; +#endif SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_igmp, IGMPCTL_STATS, stats, CTLFLAG_RW, igmpstat, igmpstat, ""); @@ -92,8 +94,10 @@ SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_igmp, IGMPCTL_STATS, * reference counting is used. We allow unlocked reads of router_info data * when accessed via an in_multi read-only. */ -static struct mtx igmp_mtx; +#ifdef VIMAGE_GLOBALS static SLIST_HEAD(, router_info) router_info_head; +#endif +static struct mtx igmp_mtx; static int igmp_timers_are_running; /* diff --git a/sys/netinet/in.c b/sys/netinet/in.c index 0ce7dbd..f2d7ccb 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -66,18 +66,20 @@ static int in_ifinit(struct ifnet *, struct in_ifaddr *, struct sockaddr_in *, int); static void in_purgemaddrs(struct ifnet *); -static int subnetsarelocal = 0; +#ifdef VIMAGE_GLOBALS +static int subnetsarelocal; +static int sameprefixcarponly; +extern struct inpcbinfo ripcbinfo; +extern struct inpcbinfo udbinfo; +#endif + SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, subnets_are_local, CTLFLAG_RW, subnetsarelocal, 0, "Treat all subnets as directly connected"); -static int sameprefixcarponly = 0; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, same_prefix_carp_only, CTLFLAG_RW, sameprefixcarponly, 0, "Refuse to create same prefixes on different interfaces"); -extern struct inpcbinfo ripcbinfo; -extern struct inpcbinfo udbinfo; - /* * Return 1 if an internet address is for a ``local'' host * (one to which we have a connection). If subnetsarelocal diff --git a/sys/netinet/in_gif.c b/sys/netinet/in_gif.c index 6165421..f347102 100644 --- a/sys/netinet/in_gif.c +++ b/sys/netinet/in_gif.c @@ -85,7 +85,9 @@ struct protosw in_gif_protosw = { .pr_usrreqs = &rip_usrreqs }; -static int ip_gif_ttl = GIF_TTL; +#ifdef VIMAGE_GLOBALS +extern int ip_gif_ttl; +#endif SYSCTL_V_INT(V_NET, vnet_gif, _net_inet_ip, IPCTL_GIF_TTL, gifttl, CTLFLAG_RW, ip_gif_ttl, 0, ""); diff --git a/sys/netinet/in_mcast.c b/sys/netinet/in_mcast.c index 65e6be8..6cf6d92 100644 --- a/sys/netinet/in_mcast.c +++ b/sys/netinet/in_mcast.c @@ -86,7 +86,9 @@ static MALLOC_DEFINE(M_IPMSOURCE, "in_msource", "IPv4 multicast source filter"); * ip_output() to send IGMP packets while holding the lock; this probably is * not quite desirable. */ +#ifdef VIMAGE_GLOBALS struct in_multihead in_multihead; /* XXX BSS initialization */ +#endif struct mtx in_multi_mtx; MTX_SYSINIT(in_multi_mtx, &in_multi_mtx, "in_multi_mtx", MTX_DEF | MTX_RECURSE); diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 7732133..8611bee 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -84,32 +84,34 @@ __FBSDID("$FreeBSD$"); #include <security/mac/mac_framework.h> +#ifdef VIMAGE_GLOBALS /* * These configure the range of local port addresses assigned to * "unspecified" outgoing connections/packets/whatever. */ -int ipport_lowfirstauto = IPPORT_RESERVED - 1; /* 1023 */ -int ipport_lowlastauto = IPPORT_RESERVEDSTART; /* 600 */ -int ipport_firstauto = IPPORT_EPHEMERALFIRST; /* 10000 */ -int ipport_lastauto = IPPORT_EPHEMERALLAST; /* 65535 */ -int ipport_hifirstauto = IPPORT_HIFIRSTAUTO; /* 49152 */ -int ipport_hilastauto = IPPORT_HILASTAUTO; /* 65535 */ +int ipport_lowfirstauto; +int ipport_lowlastauto; +int ipport_firstauto; +int ipport_lastauto; +int ipport_hifirstauto; +int ipport_hilastauto; /* * Reserved ports accessible only to root. There are significant * security considerations that must be accounted for when changing these, * but the security benefits can be great. Please be careful. */ -int ipport_reservedhigh = IPPORT_RESERVED - 1; /* 1023 */ -int ipport_reservedlow = 0; +int ipport_reservedhigh; +int ipport_reservedlow; /* Variables dealing with random ephemeral port allocation. */ -int ipport_randomized = 1; /* user controlled via sysctl */ -int ipport_randomcps = 10; /* user controlled via sysctl */ -int ipport_randomtime = 45; /* user controlled via sysctl */ -int ipport_stoprandom = 0; /* toggled by ipport_tick */ +int ipport_randomized; +int ipport_randomcps; +int ipport_randomtime; +int ipport_stoprandom; int ipport_tcpallocs; int ipport_tcplastcount; +#endif #define RANGECHK(var, min, max) \ if ((var) < (min)) { (var) = (min); } \ diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h index 9a43511..076b262 100644 --- a/sys/netinet/in_pcb.h +++ b/sys/netinet/in_pcb.h @@ -450,6 +450,8 @@ extern int ipport_lastauto; extern int ipport_hifirstauto; extern int ipport_hilastauto; extern int ipport_randomized; +extern int ipport_randomcps; +extern int ipport_randomtime; extern int ipport_stoprandom; extern int ipport_tcpallocs; extern struct callout ipport_tick_callout; diff --git a/sys/netinet/in_proto.c b/sys/netinet/in_proto.c index aac2104..8af52f2 100644 --- a/sys/netinet/in_proto.c +++ b/sys/netinet/in_proto.c @@ -193,6 +193,7 @@ struct protosw inetsw[] = { .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR, .pr_input = icmp_input, .pr_ctloutput = rip_ctloutput, + .pr_init = icmp_init, .pr_usrreqs = &rip_usrreqs }, { diff --git a/sys/netinet/in_rmx.c b/sys/netinet/in_rmx.c index 66b8bb3..d70aaa6 100644 --- a/sys/netinet/in_rmx.c +++ b/sys/netinet/in_rmx.c @@ -151,17 +151,20 @@ in_matroute(void *v_arg, struct radix_node_head *head) return rn; } -static int rtq_reallyold = 60*60; /* one hour is "really old" */ +#ifdef VIMAGE_GLOBALS +static int rtq_reallyold; +static int rtq_minreallyold; +static int rtq_toomany; +#endif + SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_RTEXPIRE, rtexpire, CTLFLAG_RW, rtq_reallyold, 0, "Default expiration time on dynamically learned routes"); -static int rtq_minreallyold = 10; /* never automatically crank down to less */ SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_RTMINEXPIRE, rtminexpire, CTLFLAG_RW, rtq_minreallyold, 0, "Minimum time to attempt to hold onto dynamically learned routes"); -static int rtq_toomany = 128; /* 128 cached routes is "too many" */ SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_RTMAXCACHE, rtmaxcache, CTLFLAG_RW, rtq_toomany, 0, "Upper limit on dynamically learned routes"); @@ -256,8 +259,10 @@ in_rtqkill(struct radix_node *rn, void *rock) } #define RTQ_TIMEOUT 60*10 /* run no less than once every ten minutes */ -static int rtq_timeout = RTQ_TIMEOUT; +#ifdef VIMAGE_GLOBALS +static int rtq_timeout; static struct callout rtq_timer; +#endif static void in_rtqtimo_one(void *rock); @@ -376,6 +381,11 @@ in_inithead(void **head, int off) if (off == 0) /* XXX MRT see above */ return 1; /* only do the rest for a real routing table */ + V_rtq_reallyold = 60*60; /* one hour is "really old" */ + V_rtq_minreallyold = 10; /* never automatically crank down to less */ + V_rtq_toomany = 128; /* 128 cached routes is "too many" */ + V_rtq_timeout = RTQ_TIMEOUT; + rnh = *head; rnh->rnh_addaddr = in_addroute; rnh->rnh_matchaddr = in_matroute; diff --git a/sys/netinet/in_var.h b/sys/netinet/in_var.h index 4999e90..1190826 100644 --- a/sys/netinet/in_var.h +++ b/sys/netinet/in_var.h @@ -138,6 +138,15 @@ do { \ #endif /* + * IP datagram reassembly. + */ +#define IPREASS_NHASH_LOG2 6 +#define IPREASS_NHASH (1 << IPREASS_NHASH_LOG2) +#define IPREASS_HMASK (IPREASS_NHASH - 1) +#define IPREASS_HASH(x,y) \ + (((((x) & 0xF) | ((((x) >> 8) & 0xF) << 4)) ^ (y)) & IPREASS_HMASK) + +/* * This information should be part of the ifnet structure but we don't wish * to change that - as it might break a number of things */ diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c index bac4534..dc000cb 100644 --- a/sys/netinet/ip_divert.c +++ b/sys/netinet/ip_divert.c @@ -112,8 +112,10 @@ __FBSDID("$FreeBSD$"); */ /* Internal variables. */ +#ifdef VIMAGE_GLOBALS static struct inpcbhead divcb; static struct inpcbinfo divcbinfo; +#endif static u_long div_sendspace = DIVSNDQ; /* XXX sysctl ? */ static u_long div_recvspace = DIVRCVQ; /* XXX sysctl ? */ diff --git a/sys/netinet/ip_fastfwd.c b/sys/netinet/ip_fastfwd.c index 4cdfd6b..7af1758 100644 --- a/sys/netinet/ip_fastfwd.c +++ b/sys/netinet/ip_fastfwd.c @@ -106,7 +106,9 @@ __FBSDID("$FreeBSD$"); #include <machine/in_cksum.h> -static int ipfastforward_active = 0; +#ifdef VIMAGE_GLOBALS +static int ipfastforward_active; +#endif SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, fastforwarding, CTLFLAG_RW, ipfastforward_active, 0, "Enable fast IP forwarding"); diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index 2487533..e631dae 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -77,47 +77,51 @@ __FBSDID("$FreeBSD$"); * host table maintenance routines. */ -struct icmpstat icmpstat; +#ifdef VIMAGE_GLOBALS +struct icmpstat icmpstat; +static int icmpmaskrepl; +static u_int icmpmaskfake; +static int drop_redirect; +static int log_redirect; +static int icmplim; +static int icmplim_output; +static char reply_src[IFNAMSIZ]; +static int icmp_rfi; +static int icmp_quotelen; +static int icmpbmcastecho; +#endif + SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_icmp, ICMPCTL_STATS, stats, CTLFLAG_RW, icmpstat, icmpstat, ""); -static int icmpmaskrepl = 0; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, ICMPCTL_MASKREPL, maskrepl, CTLFLAG_RW, icmpmaskrepl, 0, "Reply to ICMP Address Mask Request packets."); -static u_int icmpmaskfake = 0; SYSCTL_V_UINT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, maskfake, CTLFLAG_RW, icmpmaskfake, 0, "Fake reply to ICMP Address Mask Request packets."); -static int drop_redirect = 0; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, drop_redirect, CTLFLAG_RW, drop_redirect, 0, "Ignore ICMP redirects"); -static int log_redirect = 0; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, log_redirect, CTLFLAG_RW, log_redirect, 0, "Log ICMP redirects to the console"); -static int icmplim = 200; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, ICMPCTL_ICMPLIM, icmplim, CTLFLAG_RW, icmplim, 0, "Maximum number of ICMP responses per second"); -static int icmplim_output = 1; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, icmplim_output, CTLFLAG_RW, icmplim_output, 0, "Enable rate limiting of ICMP responses"); -static char reply_src[IFNAMSIZ]; SYSCTL_V_STRING(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, reply_src, CTLFLAG_RW, reply_src, IFNAMSIZ, "icmp reply source for non-local packets."); -static int icmp_rfi = 0; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, reply_from_interface, CTLFLAG_RW, icmp_rfi, 0, "ICMP reply from incoming interface for " "non-local packets"); -static int icmp_quotelen = 8; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, quotelen, CTLFLAG_RW, icmp_quotelen, 0, "Number of bytes from original packet to " "quote in ICMP reply"); @@ -126,7 +130,6 @@ SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, quotelen, CTLFLAG_RW, * ICMP broadcast echo sysctl */ -static int icmpbmcastecho = 0; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, bmcastecho, CTLFLAG_RW, icmpbmcastecho, 0, ""); @@ -140,6 +143,22 @@ static void icmp_send(struct mbuf *, struct mbuf *); extern struct protosw inetsw[]; +void +icmp_init(void) +{ + INIT_VNET_INET(curvnet); + + V_icmpmaskrepl = 0; + V_icmpmaskfake = 0; + V_drop_redirect = 0; + V_log_redirect = 0; + V_icmplim = 200; + V_icmplim_output = 1; + V_icmp_rfi = 0; + V_icmp_quotelen = 8; + V_icmpbmcastecho = 0; +} + /* * Generate an error packet of type error * in response to bad packet ip. diff --git a/sys/netinet/ip_icmp.h b/sys/netinet/ip_icmp.h index e212083..a55c6fc 100644 --- a/sys/netinet/ip_icmp.h +++ b/sys/netinet/ip_icmp.h @@ -204,6 +204,7 @@ struct icmp { #ifdef _KERNEL void icmp_error(struct mbuf *, int, int, n_long, int); void icmp_input(struct mbuf *, int); +void icmp_init(void); int ip_next_mtu(int, int); #endif diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index ce92c2f..8e40d84 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -89,33 +89,47 @@ __FBSDID("$FreeBSD$"); CTASSERT(sizeof(struct ip) == 20); #endif -int rsvp_on = 0; +#ifdef VIMAGE_GLOBALS +static int ipsendredirects; +static int ip_checkinterface; +static int ip_keepfaith; +static int ip_sendsourcequench; +int ip_defttl; +int ip_do_randomid; +int ipforwarding; +struct in_ifaddrhead in_ifaddrhead; /* first inet address */ +struct in_ifaddrhashhead *in_ifaddrhashtbl; /* inet addr hash table */ +u_long in_ifaddrhmask; /* mask for hash table */ +struct ipstat ipstat; +static int ip_rsvp_on; +struct socket *ip_rsvpd; +int rsvp_on; +static TAILQ_HEAD(ipqhead, ipq) ipq[IPREASS_NHASH]; +static int maxnipq; /* Administrative limit on # reass queues. */ +static int maxfragsperpacket; +int ipstealth; +static int nipq; /* Total # of reass queues */ +#endif -int ipforwarding = 0; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW, ipforwarding, 0, "Enable IP forwarding between interfaces"); -static int ipsendredirects = 1; /* XXX */ SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW, ipsendredirects, 0, "Enable sending IP redirects"); -int ip_defttl = IPDEFTTL; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_DEFTTL, ttl, CTLFLAG_RW, ip_defttl, 0, "Maximum TTL on IP packets"); -static int ip_keepfaith = 0; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_KEEPFAITH, keepfaith, CTLFLAG_RW, ip_keepfaith, 0, "Enable packet capture for FAITH IPv4->IPv6 translater daemon"); -static int ip_sendsourcequench = 0; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, sendsourcequench, CTLFLAG_RW, ip_sendsourcequench, 0, "Enable the transmission of source quench packets"); -int ip_do_randomid = 0; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, random_id, CTLFLAG_RW, ip_do_randomid, 0, "Assign random ip_id values"); @@ -132,7 +146,6 @@ SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, random_id, * to the loopback interface instead of the interface where the * packets for those addresses are received. */ -static int ip_checkinterface = 0; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, check_interface, CTLFLAG_RW, ip_checkinterface, 0, "Verify packet arrives on correct interface"); @@ -145,9 +158,6 @@ static int ipqmaxlen = IFQ_MAXLEN; extern struct domain inetdomain; extern struct protosw inetsw[]; u_char ip_protox[IPPROTO_MAX]; -struct in_ifaddrhead in_ifaddrhead; /* first inet address */ -struct in_ifaddrhashhead *in_ifaddrhashtbl; /* inet addr hash table */ -u_long in_ifaddrhmask; /* mask for hash table */ SYSCTL_INT(_net_inet_ip, IPCTL_INTRQMAXLEN, intr_queue_maxlen, CTLFLAG_RW, &ipintrq.ifq_maxlen, 0, "Maximum size of the IP input queue"); @@ -155,21 +165,10 @@ SYSCTL_INT(_net_inet_ip, IPCTL_INTRQDROPS, intr_queue_drops, CTLFLAG_RD, &ipintrq.ifq_drops, 0, "Number of packets dropped from the IP input queue"); -struct ipstat ipstat; SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_ip, IPCTL_STATS, stats, CTLFLAG_RW, ipstat, ipstat, "IP statistics (struct ipstat, netinet/ip_var.h)"); -/* - * IP datagram reassembly. - */ -#define IPREASS_NHASH_LOG2 6 -#define IPREASS_NHASH (1 << IPREASS_NHASH_LOG2) -#define IPREASS_HMASK (IPREASS_NHASH - 1) -#define IPREASS_HASH(x,y) \ - (((((x) & 0xF) | ((((x) >> 8) & 0xF) << 4)) ^ (y)) & IPREASS_HMASK) - static uma_zone_t ipq_zone; -static TAILQ_HEAD(ipqhead, ipq) ipq[IPREASS_NHASH]; static struct mtx ipqlock; #define IPQ_LOCK() mtx_lock(&ipqlock) @@ -180,13 +179,10 @@ static struct mtx ipqlock; static void maxnipq_update(void); static void ipq_zone_change(void *); -static int maxnipq; /* Administrative limit on # reass queues. */ -static int nipq = 0; /* Total # of reass queues */ SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, fragpackets, CTLFLAG_RD, nipq, 0, "Current number of IPv4 fragment reassembly queue entries"); -static int maxfragsperpacket; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, maxfragsperpacket, CTLFLAG_RW, maxfragsperpacket, 0, "Maximum number of IPv4 fragments allowed per packet"); @@ -199,7 +195,6 @@ SYSCTL_INT(_net_inet_ip, IPCTL_DEFMTU, mtu, CTLFLAG_RW, #endif #ifdef IPSTEALTH -int ipstealth = 0; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, stealth, CTLFLAG_RW, ipstealth, 0, "IP stealth mode, no TTL decrementation on forwarding"); #endif @@ -225,6 +220,37 @@ ip_init(void) struct protosw *pr; int i; + V_ipsendredirects = 1; /* XXX */ + V_ip_checkinterface = 0; + V_ip_keepfaith = 0; + V_ip_sendsourcequench = 0; + V_rsvp_on = 0; + V_ip_defttl = IPDEFTTL; + V_ip_do_randomid = 0; + V_ipforwarding = 0; + V_ipstealth = 0; + V_nipq = 0; /* Total # of reass queues */ + + V_ipport_lowfirstauto = IPPORT_RESERVED - 1; /* 1023 */ + V_ipport_lowlastauto = IPPORT_RESERVEDSTART; /* 600 */ + V_ipport_firstauto = IPPORT_EPHEMERALFIRST; /* 10000 */ + V_ipport_lastauto = IPPORT_EPHEMERALLAST; /* 65535 */ + V_ipport_hifirstauto = IPPORT_HIFIRSTAUTO; /* 49152 */ + V_ipport_hilastauto = IPPORT_HILASTAUTO; /* 65535 */ + V_ipport_reservedhigh = IPPORT_RESERVED - 1; /* 1023 */ + V_ipport_reservedlow = 0; + V_ipport_randomized = 1; /* user controlled via sysctl */ + V_ipport_randomcps = 10; /* user controlled via sysctl */ + V_ipport_randomtime = 45; /* user controlled via sysctl */ + V_ipport_stoprandom = 0; /* toggled by ipport_tick */ + +#ifdef NOTYET + /* XXX global static but not instantiated in this file */ + V_ipfastforward_active = 0; + V_subnetsarelocal = 0; + V_sameprefixcarponly = 0; +#endif + TAILQ_INIT(&V_in_ifaddrhead); V_in_ifaddrhashtbl = hashinit(INADDR_NHASH, M_IFADDR, &V_in_ifaddrhmask); pr = pffindproto(PF_INET, IPPROTO_RAW, SOCK_RAW); @@ -1591,8 +1617,6 @@ makedummy: * locking. This code remains in ip_input.c as ip_mroute.c is optionally * compiled. */ -static int ip_rsvp_on; -struct socket *ip_rsvpd; int ip_rsvp_init(struct socket *so) { diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 7612f67..75ef09d 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -83,7 +83,9 @@ __FBSDID("$FreeBSD$"); (ntohl(a.s_addr)>>8)&0xFF,\ (ntohl(a.s_addr))&0xFF, y); +#ifdef VIMAGE_GLOBALS u_short ip_id; +#endif #ifdef MBUF_STRESS_TEST int mbuf_frag_size = 0; diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 8eca00a..dfe902e 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -76,8 +76,10 @@ __FBSDID("$FreeBSD$"); #include <security/mac/mac_framework.h> +#ifdef VIMAGE_GLOBALS struct inpcbhead ripcb; struct inpcbinfo ripcbinfo; +#endif /* control hooks for ipfw and dummynet */ ip_fw_ctl_t *ip_fw_ctl_ptr = NULL; @@ -91,7 +93,9 @@ ip_dn_ctl_t *ip_dn_ctl_ptr = NULL; /* * The socket used to communicate with the multicast routing daemon. */ +#ifdef VIMAGE_GLOBALS struct socket *ip_mrouter; +#endif /* * The various mrouter and rsvp functions. diff --git a/sys/netinet/tcp_hostcache.c b/sys/netinet/tcp_hostcache.c index ec8f9ba..25dc44a 100644 --- a/sys/netinet/tcp_hostcache.c +++ b/sys/netinet/tcp_hostcache.c @@ -146,9 +146,11 @@ struct tcp_hostcache { int prune; int purgeall; }; -static struct tcp_hostcache tcp_hostcache; +#ifdef VIMAGE_GLOBALS +static struct tcp_hostcache tcp_hostcache; static struct callout tcp_hc_callout; +#endif static struct hc_metrics *tcp_hc_lookup(struct in_conninfo *); static struct hc_metrics *tcp_hc_insert(struct in_conninfo *); diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index a7515ef..4c17f10d 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -99,7 +99,21 @@ __FBSDID("$FreeBSD$"); static const int tcprexmtthresh = 3; +#ifdef VIMAGE_GLOBALS struct tcpstat tcpstat; +int blackhole; +int tcp_delack_enabled; +int drop_synfin; +int tcp_do_rfc3042; +int tcp_do_rfc3390; +int tcp_do_ecn; +int tcp_ecn_maxretries; +int tcp_insecure_rst; +int tcp_do_autorcvbuf; +int tcp_autorcvbuf_inc; +int tcp_autorcvbuf_max; +#endif + SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_tcp, TCPCTL_STATS, stats, CTLFLAG_RW, tcpstat , tcpstat, "TCP statistics (struct tcpstat, netinet/tcp_var.h)"); @@ -108,59 +122,50 @@ int tcp_log_in_vain = 0; SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_in_vain, CTLFLAG_RW, &tcp_log_in_vain, 0, "Log all incoming TCP segments to closed ports"); -static int blackhole = 0; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, blackhole, CTLFLAG_RW, blackhole, 0, "Do not send RST on segments to closed ports"); -int tcp_delack_enabled = 1; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, delayed_ack, CTLFLAG_RW, tcp_delack_enabled, 0, "Delay ACK to try and piggyback it onto a data packet"); -static int drop_synfin = 0; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, drop_synfin, CTLFLAG_RW, drop_synfin, 0, "Drop TCP packets with SYN+FIN set"); -static int tcp_do_rfc3042 = 1; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, rfc3042, CTLFLAG_RW, tcp_do_rfc3042, 0, "Enable RFC 3042 (Limited Transmit)"); -static int tcp_do_rfc3390 = 1; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, rfc3390, CTLFLAG_RW, tcp_do_rfc3390, 0, "Enable RFC 3390 (Increasing TCP's Initial Congestion Window)"); -int tcp_do_ecn = 0; -int tcp_ecn_maxretries = 1; SYSCTL_NODE(_net_inet_tcp, OID_AUTO, ecn, CTLFLAG_RW, 0, "TCP ECN"); SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_ecn, OID_AUTO, enable, CTLFLAG_RW, tcp_do_ecn, 0, "TCP ECN support"); SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_ecn, OID_AUTO, maxretries, CTLFLAG_RW, tcp_ecn_maxretries, 0, "Max retries before giving up on ECN"); -static int tcp_insecure_rst = 0; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, insecure_rst, CTLFLAG_RW, tcp_insecure_rst, 0, "Follow the old (insecure) criteria for accepting RST packets"); -int tcp_do_autorcvbuf = 1; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, recvbuf_auto, CTLFLAG_RW, tcp_do_autorcvbuf, 0, "Enable automatic receive buffer sizing"); -int tcp_autorcvbuf_inc = 16*1024; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, recvbuf_inc, CTLFLAG_RW, tcp_autorcvbuf_inc, 0, "Incrementor step size of automatic receive buffer"); -int tcp_autorcvbuf_max = 256*1024; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, recvbuf_max, CTLFLAG_RW, tcp_autorcvbuf_max, 0, "Max size of automatic receive buffer"); +#ifdef VIMAGE_GLOBALS struct inpcbhead tcb; -#define tcb6 tcb /* for KAME src sync over BSD*'s */ struct inpcbinfo tcbinfo; +#endif +#define tcb6 tcb /* for KAME src sync over BSD*'s */ static void tcp_dooptions(struct tcpopt *, u_char *, int, int); static void tcp_do_segment(struct mbuf *, struct tcphdr *, diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c index b3a010b..ab92905 100644 --- a/sys/netinet/tcp_output.c +++ b/sys/netinet/tcp_output.c @@ -87,39 +87,42 @@ __FBSDID("$FreeBSD$"); extern struct mbuf *m_copypack(); #endif -int path_mtu_discovery = 1; +#ifdef VIMAGE_GLOBALS +int path_mtu_discovery; +int ss_fltsz; +int ss_fltsz_local; +int tcp_do_newreno; +int tcp_do_tso; +int tcp_do_autosndbuf; +int tcp_autosndbuf_inc; +int tcp_autosndbuf_max; +#endif + SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, path_mtu_discovery, CTLFLAG_RW, path_mtu_discovery, 1, "Enable Path MTU Discovery"); -int ss_fltsz = 1; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, slowstart_flightsize, CTLFLAG_RW, ss_fltsz, 1, "Slow start flight size"); -int ss_fltsz_local = 4; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, local_slowstart_flightsize, CTLFLAG_RW, ss_fltsz_local, 1, "Slow start flight size for local networks"); -int tcp_do_newreno = 1; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, newreno, CTLFLAG_RW, tcp_do_newreno, 0, "Enable NewReno Algorithms"); -int tcp_do_tso = 1; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, tso, CTLFLAG_RW, tcp_do_tso, 0, "Enable TCP Segmentation Offload"); -int tcp_do_autosndbuf = 1; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, sendbuf_auto, CTLFLAG_RW, tcp_do_autosndbuf, 0, "Enable automatic send buffer sizing"); -int tcp_autosndbuf_inc = 8*1024; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, sendbuf_inc, CTLFLAG_RW, tcp_autosndbuf_inc, 0, "Incrementor step size of automatic send buffer"); -int tcp_autosndbuf_max = 256*1024; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, sendbuf_max, CTLFLAG_RW, tcp_autosndbuf_max, 0, "Max size of automatic send buffer"); diff --git a/sys/netinet/tcp_reass.c b/sys/netinet/tcp_reass.c index 6f55e11..5f47be0 100644 --- a/sys/netinet/tcp_reass.c +++ b/sys/netinet/tcp_reass.c @@ -74,25 +74,28 @@ __FBSDID("$FreeBSD$"); #include <netinet/tcp_debug.h> #endif /* TCPDEBUG */ +#ifdef VIMAGE_GLOBALS +static int tcp_reass_maxseg; +int tcp_reass_qsize; +static int tcp_reass_maxqlen; +static int tcp_reass_overflows; +#endif + SYSCTL_NODE(_net_inet_tcp, OID_AUTO, reass, CTLFLAG_RW, 0, "TCP Segment Reassembly Queue"); -static int tcp_reass_maxseg = 0; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_reass, OID_AUTO, maxsegments, CTLFLAG_RDTUN, tcp_reass_maxseg, 0, "Global maximum number of TCP Segments in Reassembly Queue"); -int tcp_reass_qsize = 0; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_reass, OID_AUTO, cursegments, CTLFLAG_RD, tcp_reass_qsize, 0, "Global number of TCP Segments currently in Reassembly Queue"); -static int tcp_reass_maxqlen = 48; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_reass, OID_AUTO, maxqlen, CTLFLAG_RW, tcp_reass_maxqlen, 0, "Maximum number of TCP Segments per individual Reassembly Queue"); -static int tcp_reass_overflows = 0; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_reass, OID_AUTO, overflows, CTLFLAG_RD, tcp_reass_overflows, 0, "Global number of TCP Segment Reassembly Queue Overflows"); @@ -114,6 +117,11 @@ tcp_reass_init(void) { INIT_VNET_INET(curvnet); + V_tcp_reass_maxseg = 0; + V_tcp_reass_qsize = 0; + V_tcp_reass_maxqlen = 48; + V_tcp_reass_overflows = 0; + V_tcp_reass_maxseg = nmbclusters / 16; TUNABLE_INT_FETCH("net.inet.tcp.reass.maxsegments", &V_tcp_reass_maxseg); diff --git a/sys/netinet/tcp_sack.c b/sys/netinet/tcp_sack.c index 3c6ceca..9eb57ba 100644 --- a/sys/netinet/tcp_sack.c +++ b/sys/netinet/tcp_sack.c @@ -124,23 +124,26 @@ __FBSDID("$FreeBSD$"); extern struct uma_zone *sack_hole_zone; +#ifdef VIMAGE_GLOBALS +int tcp_do_sack; +int tcp_sack_maxholes; +int tcp_sack_globalmaxholes; +int tcp_sack_globalholes; +#endif + SYSCTL_NODE(_net_inet_tcp, OID_AUTO, sack, CTLFLAG_RW, 0, "TCP SACK"); -int tcp_do_sack = 1; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_sack, OID_AUTO, enable, CTLFLAG_RW, tcp_do_sack, 0, "Enable/Disable TCP SACK support"); TUNABLE_INT("net.inet.tcp.sack.enable", &tcp_do_sack); -static int tcp_sack_maxholes = 128; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_sack, OID_AUTO, maxholes, CTLFLAG_RW, tcp_sack_maxholes, 0, "Maximum number of TCP SACK holes allowed per connection"); -static int tcp_sack_globalmaxholes = 65536; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_sack, OID_AUTO, globalmaxholes, CTLFLAG_RW, tcp_sack_globalmaxholes, 0, "Global maximum number of TCP SACK holes"); -static int tcp_sack_globalholes = 0; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_sack, OID_AUTO, globalholes, CTLFLAG_RD, tcp_sack_globalholes, 0, "Global number of TCP SACK holes currently allocated"); diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index 02d654b..e28d40c 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -111,9 +111,20 @@ __FBSDID("$FreeBSD$"); #include <security/mac/mac_framework.h> -int tcp_mssdflt = TCP_MSS; +#ifdef VIMAGE_GLOBALS +int tcp_mssdflt; #ifdef INET6 -int tcp_v6mssdflt = TCP6_MSS; +int tcp_v6mssdflt; +#endif +int tcp_minmss; +int tcp_do_rfc1323; +static int icmp_may_rst; +static int tcp_isn_reseed_interval; +static int tcp_inflight_enable; +static int tcp_inflight_rttthresh; +static int tcp_inflight_min; +static int tcp_inflight_max; +static int tcp_inflight_stab; #endif static int @@ -168,11 +179,9 @@ SYSCTL_PROC(_net_inet_tcp, TCPCTL_V6MSSDFLT, v6mssdflt, CTLTYPE_INT|CTLFLAG_RW, * with packet generation and sending. Set to zero to disable MINMSS * checking. This setting prevents us from sending too small packets. */ -int tcp_minmss = TCP_MINMSS; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, minmss, CTLFLAG_RW, tcp_minmss , 0, "Minmum TCP Maximum Segment Size"); -int tcp_do_rfc1323 = 1; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323, CTLFLAG_RW, tcp_do_rfc1323, 0, "Enable rfc1323 (high performance TCP) extensions"); @@ -192,12 +201,10 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, do_tcpdrain, CTLFLAG_RW, &do_tcpdrain, 0, SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, pcbcount, CTLFLAG_RD, tcbinfo.ipi_count, 0, "Number of active PCBs"); -static int icmp_may_rst = 1; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, icmp_may_rst, CTLFLAG_RW, icmp_may_rst, 0, "Certain ICMP unreachable messages may abort connections in SYN_SENT"); -static int tcp_isn_reseed_interval = 0; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, isn_reseed_interval, CTLFLAG_RW, tcp_isn_reseed_interval, 0, "Seconds between reseeding of ISN secret"); @@ -210,7 +217,6 @@ SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, isn_reseed_interval, SYSCTL_NODE(_net_inet_tcp, OID_AUTO, inflight, CTLFLAG_RW, 0, "TCP inflight data limiting"); -static int tcp_inflight_enable = 1; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_inflight, OID_AUTO, enable, CTLFLAG_RW, tcp_inflight_enable, 0, "Enable automatic TCP inflight data limiting"); @@ -219,20 +225,16 @@ static int tcp_inflight_debug = 0; SYSCTL_INT(_net_inet_tcp_inflight, OID_AUTO, debug, CTLFLAG_RW, &tcp_inflight_debug, 0, "Debug TCP inflight calculations"); -static int tcp_inflight_rttthresh; SYSCTL_PROC(_net_inet_tcp_inflight, OID_AUTO, rttthresh, CTLTYPE_INT|CTLFLAG_RW, &tcp_inflight_rttthresh, 0, sysctl_msec_to_ticks, "I", "RTT threshold below which inflight will deactivate itself"); -static int tcp_inflight_min = 6144; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_inflight, OID_AUTO, min, CTLFLAG_RW, tcp_inflight_min, 0, "Lower-bound for TCP inflight window"); -static int tcp_inflight_max = TCP_MAXWIN << TCP_MAX_WINSHIFT; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_inflight, OID_AUTO, max, CTLFLAG_RW, tcp_inflight_max, 0, "Upper-bound for TCP inflight window"); -static int tcp_inflight_stab = 20; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_inflight, OID_AUTO, stab, CTLFLAG_RW, tcp_inflight_stab, 0, "Inflight Algorithm Stabilization 20 = 2 packets"); @@ -297,8 +299,49 @@ void tcp_init(void) { INIT_VNET_INET(curvnet); + int hashsize; + + V_blackhole = 0; + V_tcp_delack_enabled = 1; + V_drop_synfin = 0; + V_tcp_do_rfc3042 = 1; + V_tcp_do_rfc3390 = 1; + V_tcp_do_ecn = 0; + V_tcp_ecn_maxretries = 1; + V_tcp_insecure_rst = 0; + V_tcp_do_autorcvbuf = 1; + V_tcp_autorcvbuf_inc = 16*1024; + V_tcp_autorcvbuf_max = 256*1024; + + V_tcp_mssdflt = TCP_MSS; +#ifdef INET6 + V_tcp_v6mssdflt = TCP6_MSS; +#endif + V_tcp_minmss = TCP_MINMSS; + V_tcp_do_rfc1323 = 1; + V_icmp_may_rst = 1; + V_tcp_isn_reseed_interval = 0; + V_tcp_inflight_enable = 1; + V_tcp_inflight_min = 6144; + V_tcp_inflight_max = TCP_MAXWIN << TCP_MAX_WINSHIFT; + V_tcp_inflight_stab = 20; + + V_path_mtu_discovery = 1; + V_ss_fltsz = 1; + V_ss_fltsz_local = 4; + V_tcp_do_newreno = 1; + V_tcp_do_tso = 1; + V_tcp_do_autosndbuf = 1; + V_tcp_autosndbuf_inc = 8*1024; + V_tcp_autosndbuf_max = 256*1024; + + V_nolocaltimewait = 0; + + V_tcp_do_sack = 1; + V_tcp_sack_maxholes = 128; + V_tcp_sack_globalmaxholes = 65536; + V_tcp_sack_globalholes = 0; - int hashsize = TCBHASHSIZE; tcp_delacktime = TCPTV_DELACK; tcp_keepinit = TCPTV_KEEP_INIT; tcp_keepidle = TCPTV_KEEP_IDLE; @@ -315,6 +358,7 @@ tcp_init(void) INP_INFO_LOCK_INIT(&V_tcbinfo, "tcp"); LIST_INIT(&V_tcb); V_tcbinfo.ipi_listhead = &V_tcb; + hashsize = TCBHASHSIZE; TUNABLE_INT_FETCH("net.inet.tcp.tcbhashsize", &hashsize); if (!powerof2(hashsize)) { printf("WARNING: TCB hash size not a power of 2\n"); @@ -1429,10 +1473,12 @@ tcp6_ctlinput(int cmd, struct sockaddr *sa, void *d) #define ISN_STATIC_INCREMENT 4096 #define ISN_RANDOM_INCREMENT (4096 - 1) +#ifdef VIMAGE_GLOBALS static u_char isn_secret[32]; static int isn_last_reseed; static u_int32_t isn_offset, isn_offset_old; static MD5_CTX isn_ctx; +#endif tcp_seq tcp_new_isn(struct tcpcb *tp) diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index c9f3b4f..a69b0b2 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -98,12 +98,17 @@ __FBSDID("$FreeBSD$"); #include <security/mac/mac_framework.h> -static int tcp_syncookies = 1; +#ifdef VIMAGE_GLOBALS +static struct tcp_syncache tcp_syncache; +static int tcp_syncookies; +static int tcp_syncookiesonly; +int tcp_sc_rst_sock_fail; +#endif + SYSCTL_INT(_net_inet_tcp, OID_AUTO, syncookies, CTLFLAG_RW, &tcp_syncookies, 0, "Use TCP SYN cookies if the syncache overflows"); -static int tcp_syncookiesonly = 0; SYSCTL_INT(_net_inet_tcp, OID_AUTO, syncookies_only, CTLFLAG_RW, &tcp_syncookiesonly, 0, "Use only TCP SYN cookies"); @@ -142,8 +147,6 @@ static struct syncache #define TCP_SYNCACHE_HASHSIZE 512 #define TCP_SYNCACHE_BUCKETLIMIT 30 -static struct tcp_syncache tcp_syncache; - SYSCTL_NODE(_net_inet_tcp, OID_AUTO, syncache, CTLFLAG_RW, 0, "TCP SYN cache"); SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_syncache, OID_AUTO, @@ -166,7 +169,6 @@ SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_syncache, OID_AUTO, rexmtlimit, CTLFLAG_RW, tcp_syncache.rexmt_limit, 0, "Limit on SYN/ACK retransmissions"); -int tcp_sc_rst_sock_fail = 1; SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_syncache, OID_AUTO, rst_on_sock_fail, CTLFLAG_RW, tcp_sc_rst_sock_fail, 0, "Send reset on socket allocation failure"); @@ -223,6 +225,10 @@ syncache_init(void) INIT_VNET_INET(curvnet); int i; + V_tcp_syncookies = 1; + V_tcp_syncookiesonly = 0; + V_tcp_sc_rst_sock_fail = 1; + V_tcp_syncache.cache_count = 0; V_tcp_syncache.hashsize = TCP_SYNCACHE_HASHSIZE; V_tcp_syncache.bucket_limit = TCP_SYNCACHE_BUCKETLIMIT; diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c index 83b8aa6..a97b4a2 100644 --- a/sys/netinet/tcp_timewait.c +++ b/sys/netinet/tcp_timewait.c @@ -102,7 +102,10 @@ static int maxtcptw; * queue pointers in each tcptw structure, are protected using the global * tcbinfo lock, which must be held over queue iteration and modification. */ +#ifdef VIMAGE_GLOBALS static TAILQ_HEAD(, tcptw) twq_2msl; +int nolocaltimewait; +#endif static void tcp_tw_2msl_reset(struct tcptw *, int); static void tcp_tw_2msl_stop(struct tcptw *); @@ -147,7 +150,6 @@ SYSCTL_PROC(_net_inet_tcp, OID_AUTO, maxtcptw, CTLTYPE_INT|CTLFLAG_RW, &maxtcptw, 0, sysctl_maxtcptw, "IU", "Maximum number of compressed TCP TIME_WAIT entries"); -static int nolocaltimewait = 0; SYSCTL_INT(_net_inet_tcp, OID_AUTO, nolocaltimewait, CTLFLAG_RW, &nolocaltimewait, 0, "Do not create compressed TCP TIME_WAIT entries for local connections"); diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h index 40f060b..3bef611 100644 --- a/sys/netinet/tcp_var.h +++ b/sys/netinet/tcp_var.h @@ -517,7 +517,26 @@ extern int path_mtu_discovery; extern int ss_fltsz; extern int ss_fltsz_local; +extern int blackhole; +extern int drop_synfin; +extern int tcp_do_rfc3042; +extern int tcp_do_rfc3390; +extern int tcp_insecure_rst; +extern int tcp_do_autorcvbuf; +extern int tcp_autorcvbuf_inc; +extern int tcp_autorcvbuf_max; + +extern int tcp_do_tso; +extern int tcp_do_autosndbuf; +extern int tcp_autosndbuf_inc; +extern int tcp_autosndbuf_max; + +extern int nolocaltimewait; + extern int tcp_do_sack; /* SACK enabled/disabled */ +extern int tcp_sack_maxholes; +extern int tcp_sack_globalmaxholes; +extern int tcp_sack_globalholes; extern int tcp_sc_rst_sock_fail; /* RST on sock alloc failure */ extern int tcp_do_ecn; /* TCP ECN enabled/disabled */ extern int tcp_ecn_maxretries; diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index cbfdb6b..9409235 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -95,6 +95,10 @@ __FBSDID("$FreeBSD$"); * Per RFC 768, August, 1980. */ +#ifdef VIMAGE_GLOBALS +int udp_blackhole; +#endif + /* * BSD 4.2 defaulted the udp checksum to be off. Turning off udp checksums * removes the only data integrity mechanism for packets and malformed @@ -109,7 +113,6 @@ int udp_log_in_vain = 0; SYSCTL_INT(_net_inet_udp, OID_AUTO, log_in_vain, CTLFLAG_RW, &udp_log_in_vain, 0, "Log all incoming UDP packets"); -int udp_blackhole = 0; SYSCTL_INT(_net_inet_udp, OID_AUTO, blackhole, CTLFLAG_RW, &udp_blackhole, 0, "Do not send port unreachables for refused connects"); @@ -129,14 +132,16 @@ u_long udp_recvspace = 40 * (1024 + SYSCTL_ULONG(_net_inet_udp, UDPCTL_RECVSPACE, recvspace, CTLFLAG_RW, &udp_recvspace, 0, "Maximum space for incoming UDP datagrams"); +#ifdef VIMAGE_GLOBALS struct inpcbhead udb; /* from udp_var.h */ struct inpcbinfo udbinfo; +struct udpstat udpstat; /* from udp_var.h */ +#endif #ifndef UDBHASHSIZE #define UDBHASHSIZE 128 #endif -struct udpstat udpstat; /* from udp_var.h */ SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_udp, UDPCTL_STATS, stats, CTLFLAG_RW, udpstat, udpstat, "UDP statistics (struct udpstat, netinet/udp_var.h)"); @@ -167,6 +172,8 @@ udp_init(void) { INIT_VNET_INET(curvnet); + V_udp_blackhole = 0; + INP_INFO_LOCK_INIT(&V_udbinfo, "udp"); LIST_INIT(&V_udb); V_udbinfo.ipi_listhead = &V_udb; diff --git a/sys/netinet/vinet.h b/sys/netinet/vinet.h index 1f16dfd..961e772 100644 --- a/sys/netinet/vinet.h +++ b/sys/netinet/vinet.h @@ -319,6 +319,8 @@ struct vnet_inet { #define V_tcp_sack_maxholes VNET_INET(tcp_sack_maxholes) #define V_tcp_sc_rst_sock_fail VNET_INET(tcp_sc_rst_sock_fail) #define V_tcp_syncache VNET_INET(tcp_syncache) +#define V_tcp_syncookies VNET_INET(tcp_syncookies) +#define V_tcp_syncookiesonly VNET_INET(tcp_syncookiesonly) #define V_tcp_v6mssdflt VNET_INET(tcp_v6mssdflt) #define V_tcpstat VNET_INET(tcpstat) #define V_twq_2msl VNET_INET(twq_2msl) |