From 98e7fe0e6a4b7ee298fffadcf232867ffeecbad6 Mon Sep 17 00:00:00 2001 From: bz Date: Sat, 13 Dec 2008 19:13:03 +0000 Subject: Second round of putting global variables, which were virtualized but formerly missed under VIMAGE_GLOBAL. Put the extern declarations of the virtualized globals under VIMAGE_GLOBAL as the globals themsevles are already. This will help by the time when we are going to remove the globals entirely. Sponsored by: The FreeBSD Foundation --- sys/contrib/pf/net/pf_if.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sys/contrib') diff --git a/sys/contrib/pf/net/pf_if.c b/sys/contrib/pf/net/pf_if.c index 62dbbf2..1972edc 100644 --- a/sys/contrib/pf/net/pf_if.c +++ b/sys/contrib/pf/net/pf_if.c @@ -115,8 +115,10 @@ void pfi_change_group_event(void * __unused, char *); void pfi_detach_group_event(void * __unused, struct ifg_group *); void pfi_ifaddr_event(void * __unused, struct ifnet *); +#ifdef VIMAGE_GLOBALS extern struct ifgrouphead ifg_head; #endif +#endif RB_PROTOTYPE(pfi_ifhead, pfi_kif, pfik_tree, pfi_if_compare); RB_GENERATE(pfi_ifhead, pfi_kif, pfik_tree, pfi_if_compare); -- cgit v1.1 From 74c06b7ee1392d81e868407517076e1be5882927 Mon Sep 17 00:00:00 2001 From: bz Date: Sat, 13 Dec 2008 22:04:52 +0000 Subject: Like for tcp_subr.c in r186057 make the MD5 context a function local variable in this copy of the code[1]. While here prefix the variables with 'pf_' to avoid file static global variables with colliding names that are or will be virtualized. Discussed with: rwatson, silby [1] --- sys/contrib/pf/net/pf_subr.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'sys/contrib') diff --git a/sys/contrib/pf/net/pf_subr.c b/sys/contrib/pf/net/pf_subr.c index 1ac8b40..a722aef 100644 --- a/sys/contrib/pf/net/pf_subr.c +++ b/sys/contrib/pf/net/pf_subr.c @@ -116,22 +116,22 @@ __FBSDID("$FreeBSD$"); #define ISN_STATIC_INCREMENT 4096 #define ISN_RANDOM_INCREMENT (4096 - 1) -static u_char isn_secret[32]; -static int isn_last_reseed; -static u_int32_t isn_offset; -static MD5_CTX isn_ctx; +static u_char pf_isn_secret[32]; +static int pf_isn_last_reseed; +static u_int32_t pf_isn_offset; u_int32_t pf_new_isn(struct pf_state *s) { + MD5_CTX isn_ctx; u_int32_t md5_buffer[4]; u_int32_t new_isn; struct pf_state_host *src, *dst; /* Seed if this is the first use, reseed if requested. */ - if (isn_last_reseed == 0) { - read_random(&isn_secret, sizeof(isn_secret)); - isn_last_reseed = ticks; + if (pf_isn_last_reseed == 0) { + read_random(&pf_isn_secret, sizeof(pf_isn_secret)); + pf_isn_last_reseed = ticks; } if (s->direction == PF_IN) { @@ -160,11 +160,11 @@ pf_new_isn(struct pf_state *s) MD5Update(&isn_ctx, (u_char *) &src->addr, sizeof(struct in_addr)); } - MD5Update(&isn_ctx, (u_char *) &isn_secret, sizeof(isn_secret)); + MD5Update(&isn_ctx, (u_char *) &pf_isn_secret, sizeof(pf_isn_secret)); MD5Final((u_char *) &md5_buffer, &isn_ctx); new_isn = (tcp_seq) md5_buffer[0]; - isn_offset += ISN_STATIC_INCREMENT + + pf_isn_offset += ISN_STATIC_INCREMENT + (arc4random() & ISN_RANDOM_INCREMENT); - new_isn += isn_offset; + new_isn += pf_isn_offset; return (new_isn); } -- cgit v1.1 From ec826ad5c7f97de814529d3b3bae7950f91d9a5d Mon Sep 17 00:00:00 2001 From: qingli Date: Mon, 15 Dec 2008 06:10:57 +0000 Subject: This main goals of this project are: 1. separating L2 tables (ARP, NDP) from the L3 routing tables 2. removing as much locking dependencies among these layers as possible to allow for some parallelism in the search operations 3. simplify the logic in the routing code, The most notable end result is the obsolescent of the route cloning (RTF_CLONING) concept, which translated into code reduction in both IPv4 ARP and IPv6 NDP related modules, and size reduction in struct rtentry{}. The change in design obsoletes the semantics of RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland applications such as "arp" and "ndp" have been modified to reflect those changes. The output from "netstat -r" shows only the routing entries. Quite a few developers have contributed to this project in the past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and Andre Oppermann. And most recently: - Kip Macy revised the locking code completely, thus completing the last piece of the puzzle, Kip has also been conducting active functional testing - Sam Leffler has helped me improving/refactoring the code, and provided valuable reviews - Julian Elischer setup the perforce tree for me and has helped me maintaining that branch before the svn conversion --- sys/contrib/pf/net/pf.c | 12 ++++++------ sys/contrib/rdma/rdma_addr.c | 6 ++++-- 2 files changed, 10 insertions(+), 8 deletions(-) (limited to 'sys/contrib') diff --git a/sys/contrib/pf/net/pf.c b/sys/contrib/pf/net/pf.c index 2959830..d69372b 100644 --- a/sys/contrib/pf/net/pf.c +++ b/sys/contrib/pf/net/pf.c @@ -3162,7 +3162,7 @@ pf_calc_mss(struct pf_addr *addr, sa_family_t af, u_int16_t offer) #ifdef RTF_PRCLONING rtalloc_ign(&ro, (RTF_CLONING | RTF_PRCLONING)); #else /* !RTF_PRCLONING */ - in_rtalloc_ign(&ro, RTF_CLONING, 0); + in_rtalloc_ign(&ro, 0, 0); #endif #else /* ! __FreeBSD__ */ rtalloc_noclone(&ro, NO_CLONING); @@ -3183,7 +3183,7 @@ pf_calc_mss(struct pf_addr *addr, sa_family_t af, u_int16_t offer) rtalloc_ign((struct route *)&ro6, (RTF_CLONING | RTF_PRCLONING)); #else /* !RTF_PRCLONING */ - rtalloc_ign((struct route *)&ro6, RTF_CLONING); + rtalloc_ign((struct route *)&ro6, 0); #endif #else /* ! __FreeBSD__ */ rtalloc_noclone((struct route *)&ro6, NO_CLONING); @@ -5986,9 +5986,9 @@ pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kif *kif) #ifdef __FreeBSD__ /* XXX MRT not always INET */ /* stick with table 0 though */ if (af == AF_INET) - in_rtalloc_ign((struct route *)&ro, RTF_CLONING, 0); + in_rtalloc_ign((struct route *)&ro, 0, 0); else - rtalloc_ign((struct route *)&ro, RTF_CLONING); + rtalloc_ign((struct route *)&ro, 0); #else /* ! __FreeBSD__ */ rtalloc_noclone((struct route *)&ro, NO_CLONING); #endif @@ -6068,9 +6068,9 @@ pf_rtlabel_match(struct pf_addr *addr, sa_family_t af, struct pf_addr_wrap *aw) rtalloc_ign((struct route *)&ro, (RTF_CLONING|RTF_PRCLONING)); # else /* !RTF_PRCLONING */ if (af == AF_INET) - in_rtalloc_ign((struct route *)&ro, RTF_CLONING, 0); + in_rtalloc_ign((struct route *)&ro, 0, 0); else - rtalloc_ign((struct route *)&ro, RTF_CLONING); + rtalloc_ign((struct route *)&ro, 0); # endif #else /* ! __FreeBSD__ */ rtalloc_noclone((struct route *)&ro, NO_CLONING); diff --git a/sys/contrib/rdma/rdma_addr.c b/sys/contrib/rdma/rdma_addr.c index e052b80..971b4de 100644 --- a/sys/contrib/rdma/rdma_addr.c +++ b/sys/contrib/rdma/rdma_addr.c @@ -163,6 +163,7 @@ static void addr_send_arp(struct sockaddr_in *dst_in) struct route iproute; struct sockaddr_in *dst = (struct sockaddr_in *)&iproute.ro_dst; char dmac[ETHER_ADDR_LEN]; + struct llentry *lle; bzero(&iproute, sizeof iproute); *dst = *dst_in; @@ -172,7 +173,7 @@ static void addr_send_arp(struct sockaddr_in *dst_in) return; arpresolve(iproute.ro_rt->rt_ifp, iproute.ro_rt, NULL, - rt_key(iproute.ro_rt), dmac); + rt_key(iproute.ro_rt), dmac, &lle); RTFREE(iproute.ro_rt); } @@ -186,6 +187,7 @@ static int addr_resolve_remote(struct sockaddr_in *src_in, struct route iproute; struct sockaddr_in *dst = (struct sockaddr_in *)&iproute.ro_dst; char dmac[ETHER_ADDR_LEN]; + struct llentry *lle; bzero(&iproute, sizeof iproute); *dst = *dst_in; @@ -202,7 +204,7 @@ static int addr_resolve_remote(struct sockaddr_in *src_in, goto put; } ret = arpresolve(iproute.ro_rt->rt_ifp, iproute.ro_rt, NULL, - rt_key(iproute.ro_rt), dmac); + rt_key(iproute.ro_rt), dmac, &lle); if (ret) { goto put; } -- cgit v1.1