From 0a90ef17283bc848eee90c3bdd5bec3fcc1bc879 Mon Sep 17 00:00:00 2001 From: bz Date: Thu, 29 Apr 2010 11:52:42 +0000 Subject: MFP4: @176978-176982, 176984, 176990-176994, 177441 "Whitspace" churn after the VIMAGE/VNET whirls. Remove the need for some "init" functions within the network stack, like pim6_init(), icmp_init() or significantly shorten others like ip6_init() and nd6_init(), using static initialization again where possible and formerly missed. Move (most) variables back to the place they used to be before the container structs and VIMAGE_GLOABLS (before r185088) and try to reduce the diff to stable/7 and earlier as good as possible, to help out-of-tree consumers to update from 6.x or 7.x to 8 or 9. This also removes some header file pollution for putatively static global variables. Revert VIMAGE specific changes in ipfilter::ip_auth.c, that are no longer needed. Reviewed by: jhb Discussed with: rwatson Sponsored by: The FreeBSD Foundation Sponsored by: CK Software GmbH MFC after: 6 days --- sys/contrib/ipfilter/netinet/ip_auth.c | 5 -- sys/net/if.c | 6 +- sys/net/if_gif.c | 20 ------ sys/net/if_gif.h | 4 -- sys/net/route.c | 12 ++-- sys/netinet/icmp6.h | 1 - sys/netinet/if_ether.c | 10 ++- sys/netinet/in.c | 11 ++-- sys/netinet/in_gif.c | 2 + sys/netinet/in_proto.c | 1 - sys/netinet/in_rmx.c | 21 +++---- sys/netinet/ip_icmp.c | 59 ++++++------------ sys/netinet/ip_icmp.h | 1 - sys/netinet/ip_input.c | 72 ++++++++++------------ sys/netinet/ip_var.h | 13 ++-- sys/netinet/tcp_hostcache.c | 4 +- sys/netinet/tcp_input.c | 39 +++++++----- sys/netinet/tcp_output.c | 21 ++++--- sys/netinet/tcp_reass.c | 21 +++---- sys/netinet/tcp_sack.c | 17 +++--- sys/netinet/tcp_subr.c | 90 +++++++-------------------- sys/netinet/tcp_syncache.c | 19 +++--- sys/netinet/tcp_timewait.c | 8 +-- sys/netinet/tcp_var.h | 56 ++--------------- sys/netinet/udp_usrreq.c | 7 +-- sys/netinet/udp_var.h | 10 ++- sys/netinet6/frag6.c | 5 +- sys/netinet6/icmp6.c | 21 ++----- sys/netinet6/in6_gif.c | 9 +++ sys/netinet6/in6_ifattach.c | 11 +++- sys/netinet6/in6_proto.c | 84 ++++++++++++++++---------- sys/netinet6/in6_rmx.c | 23 +++---- sys/netinet6/in6_src.c | 7 +-- sys/netinet6/in6_var.h | 9 ++- sys/netinet6/ip6_input.c | 107 ++++----------------------------- sys/netinet6/ip6_mroute.c | 19 +----- sys/netinet6/ip6_var.h | 53 ++++++++-------- sys/netinet6/nd6.c | 77 +++++++----------------- sys/netinet6/nd6.h | 9 ++- sys/netinet6/nd6_nbr.c | 8 +-- sys/netinet6/nd6_rtr.c | 12 ++-- sys/netinet6/raw_ip6.c | 4 +- sys/netinet6/scope6.c | 12 ++-- sys/netipsec/ah_var.h | 5 +- sys/netipsec/esp_var.h | 3 +- sys/netipsec/ipcomp_var.h | 3 +- sys/netipsec/ipip_var.h | 3 +- sys/netipsec/ipsec.c | 1 + sys/netipsec/ipsec.h | 44 +++++++------- sys/netipsec/ipsec6.h | 11 ++-- sys/netipsec/key.c | 21 ++++--- sys/netipsec/xform_esp.c | 3 +- 52 files changed, 412 insertions(+), 682 deletions(-) (limited to 'sys') diff --git a/sys/contrib/ipfilter/netinet/ip_auth.c b/sys/contrib/ipfilter/netinet/ip_auth.c index 19a12f4..42d29d4 100644 --- a/sys/contrib/ipfilter/netinet/ip_auth.c +++ b/sys/contrib/ipfilter/netinet/ip_auth.c @@ -70,11 +70,6 @@ struct file; #include #include #include -#if !defined(_KERNEL) && defined(__FreeBSD_version) && \ - __FreeBSD_version >= 800049 -# define V_ip_do_randomid ip_do_randomid -# define V_ip_id ip_id -#endif #if !defined(_KERNEL) && !defined(__osf__) && !defined(__sgi) # define KERNEL # define _KERNEL diff --git a/sys/net/if.c b/sys/net/if.c index 98c8afa..1acfb24 100644 --- a/sys/net/if.c +++ b/sys/net/if.c @@ -163,9 +163,11 @@ static void if_detach_internal(struct ifnet *, int); extern void nd6_setmtu(struct ifnet *); #endif +VNET_DEFINE(int, if_index); +int ifqmaxlen = IFQ_MAXLEN; VNET_DEFINE(struct ifnethead, ifnet); /* depend on static init XXX */ VNET_DEFINE(struct ifgrouphead, ifg_head); -VNET_DEFINE(int, if_index); + static VNET_DEFINE(int, if_indexlim) = 8; /* Table of ifnet by index. */ @@ -174,8 +176,6 @@ static VNET_DEFINE(struct ifindex_entry *, ifindex_table); #define V_if_indexlim VNET(if_indexlim) #define V_ifindex_table VNET(ifindex_table) -int ifqmaxlen = IFQ_MAXLEN; - /* * The global network interface list (V_ifnet) and related state (such as * if_index, if_indexlim, and ifindex_table) are protected by an sxlock and diff --git a/sys/net/if_gif.c b/sys/net/if_gif.c index 22ef6ab..ae0ff4e 100644 --- a/sys/net/if_gif.c +++ b/sys/net/if_gif.c @@ -94,20 +94,9 @@ */ static struct mtx gif_mtx; static MALLOC_DEFINE(M_GIF, "gif", "Generic Tunnel Interface"); - static VNET_DEFINE(LIST_HEAD(, gif_softc), gif_softc_list); - #define V_gif_softc_list VNET(gif_softc_list) -#ifdef INET -VNET_DEFINE(int, ip_gif_ttl) = GIF_TTL; -#define V_ip_gif_ttl VNET(ip_gif_ttl) -#endif -#ifdef INET6 -VNET_DEFINE(int, ip6_gif_hlim) = GIF_HLIM; -#define V_ip6_gif_hlim VNET(ip6_gif_hlim) -#endif - void (*ng_gif_input_p)(struct ifnet *ifp, struct mbuf **mp, int af); void (*ng_gif_input_orphan_p)(struct ifnet *ifp, struct mbuf *m, int af); void (*ng_gif_attach_p)(struct ifnet *ifp); @@ -135,19 +124,11 @@ SYSCTL_NODE(_net_link, IFT_GIF, gif, CTLFLAG_RW, 0, */ #define MAX_GIF_NEST 1 #endif - static VNET_DEFINE(int, max_gif_nesting) = MAX_GIF_NEST; #define V_max_gif_nesting VNET(max_gif_nesting) - SYSCTL_VNET_INT(_net_link_gif, OID_AUTO, max_nesting, CTLFLAG_RW, &VNET_NAME(max_gif_nesting), 0, "Max nested tunnels"); -#ifdef INET6 -SYSCTL_DECL(_net_inet6_ip6); -SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_GIF_HLIM, gifhlim, CTLFLAG_RW, - &VNET_NAME(ip6_gif_hlim), 0, ""); -#endif - /* * By default, we disallow creation of multiple tunnels between the same * pair of addresses. Some applications require this functionality so @@ -159,7 +140,6 @@ static VNET_DEFINE(int, parallel_tunnels) = 1; static VNET_DEFINE(int, parallel_tunnels) = 0; #endif #define V_parallel_tunnels VNET(parallel_tunnels) - SYSCTL_VNET_INT(_net_link_gif, OID_AUTO, parallel_tunnels, CTLFLAG_RW, &VNET_NAME(parallel_tunnels), 0, "Allow parallel tunnels?"); diff --git a/sys/net/if_gif.h b/sys/net/if_gif.h index 18b7831..5d0db6d 100644 --- a/sys/net/if_gif.h +++ b/sys/net/if_gif.h @@ -118,10 +118,6 @@ int gif_ioctl(struct ifnet *, u_long, caddr_t); int gif_set_tunnel(struct ifnet *, struct sockaddr *, struct sockaddr *); void gif_delete_tunnel(struct ifnet *); int gif_encapcheck(const struct mbuf *, int, int, void *); - -VNET_DECLARE(int, ip_gif_ttl); -#define V_ip_gif_ttl VNET(ip_gif_ttl) - #endif /* _KERNEL */ #define GIFGOPTS _IOWR('i', 150, struct ifreq) diff --git a/sys/net/route.c b/sys/net/route.c index e500ed1..b45361e 100644 --- a/sys/net/route.c +++ b/sys/net/route.c @@ -88,15 +88,14 @@ SYSCTL_INT(_net, OID_AUTO, add_addr_allfibs, CTLFLAG_RW, &rt_add_addr_allfibs, 0, ""); TUNABLE_INT("net.add_addr_allfibs", &rt_add_addr_allfibs); -VNET_DEFINE(struct radix_node_head *, rt_tables); -static VNET_DEFINE(uma_zone_t, rtzone); /* Routing table UMA zone. */ -VNET_DEFINE(int, rttrash); /* routes not in table but not freed */ VNET_DEFINE(struct rtstat, rtstat); +#define V_rtstat VNET(rtstat) +VNET_DEFINE(struct radix_node_head *, rt_tables); #define V_rt_tables VNET(rt_tables) -#define V_rtzone VNET(rtzone) + +VNET_DEFINE(int, rttrash); /* routes not in table but not freed */ #define V_rttrash VNET(rttrash) -#define V_rtstat VNET(rtstat) /* compare two sockaddr structures */ @@ -114,6 +113,9 @@ VNET_DEFINE(struct rtstat, rtstat); */ #define RNTORT(p) ((struct rtentry *)(p)) +static VNET_DEFINE(uma_zone_t, rtzone); /* Routing table UMA zone. */ +#define V_rtzone VNET(rtzone) + #if 0 /* default fib for tunnels to use */ u_int tunnel_fib = 0; diff --git a/sys/netinet/icmp6.h b/sys/netinet/icmp6.h index c3a8ac7..5faae7c 100644 --- a/sys/netinet/icmp6.h +++ b/sys/netinet/icmp6.h @@ -652,7 +652,6 @@ struct rtentry; struct rttimer; struct in6_multi; # endif -void icmp6_init(void); void icmp6_paramerror(struct mbuf *, int); void icmp6_error(struct mbuf *, int, int, int); void icmp6_error2(struct mbuf *, int, int, int, struct ifnet *); diff --git a/sys/netinet/if_ether.c b/sys/netinet/if_ether.c index 25fba9f..08a162f 100644 --- a/sys/netinet/if_ether.c +++ b/sys/netinet/if_ether.c @@ -82,16 +82,15 @@ SYSCTL_DECL(_net_link_ether); SYSCTL_NODE(_net_link_ether, PF_INET, inet, CTLFLAG_RW, 0, ""); SYSCTL_NODE(_net_link_ether, PF_ARP, arp, CTLFLAG_RW, 0, ""); -VNET_DEFINE(int, useloopback) = 1; /* use loopback interface for - * local traffic */ - /* timer values */ static VNET_DEFINE(int, arpt_keep) = (20*60); /* once resolved, good for 20 * minutes */ +static VNET_DEFINE(int, arp_maxtries) = 5; +VNET_DEFINE(int, useloopback) = 1; /* use loopback interface for + * local traffic */ +static VNET_DEFINE(int, arp_proxyall) = 0; static VNET_DEFINE(int, arpt_down) = 20; /* keep incomplete entries for * 20 seconds */ -static VNET_DEFINE(int, arp_maxtries) = 5; -static VNET_DEFINE(int, arp_proxyall); static VNET_DEFINE(struct arpstat, arpstat); /* ARP statistics, see if_arp.h */ #define V_arpt_keep VNET(arpt_keep) @@ -103,7 +102,6 @@ static VNET_DEFINE(struct arpstat, arpstat); /* ARP statistics, see if_arp.h */ SYSCTL_VNET_INT(_net_link_ether_inet, OID_AUTO, max_age, CTLFLAG_RW, &VNET_NAME(arpt_keep), 0, "ARP entry lifetime in seconds"); - SYSCTL_VNET_INT(_net_link_ether_inet, OID_AUTO, maxtries, CTLFLAG_RW, &VNET_NAME(arp_maxtries), 0, "ARP resolution attempts before returning error"); diff --git a/sys/netinet/in.c b/sys/netinet/in.c index 0a0fe47..96bfa0e 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -77,20 +77,19 @@ static int in_ifinit(struct ifnet *, static void in_purgemaddrs(struct ifnet *); static VNET_DEFINE(int, subnetsarelocal); -static VNET_DEFINE(int, sameprefixcarponly); -VNET_DECLARE(struct inpcbinfo, ripcbinfo); - #define V_subnetsarelocal VNET(subnetsarelocal) -#define V_sameprefixcarponly VNET(sameprefixcarponly) -#define V_ripcbinfo VNET(ripcbinfo) - SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, subnets_are_local, CTLFLAG_RW, &VNET_NAME(subnetsarelocal), 0, "Treat all subnets as directly connected"); +static VNET_DEFINE(int, sameprefixcarponly); +#define V_sameprefixcarponly VNET(sameprefixcarponly) SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, same_prefix_carp_only, CTLFLAG_RW, &VNET_NAME(sameprefixcarponly), 0, "Refuse to create same prefixes on different interfaces"); +VNET_DECLARE(struct inpcbinfo, ripcbinfo); +#define V_ripcbinfo VNET(ripcbinfo) + /* * Return 1 if an internet address is for a ``local'' host * (one to which we have a connection). If subnetsarelocal diff --git a/sys/netinet/in_gif.c b/sys/netinet/in_gif.c index 44b9961..6c60390 100644 --- a/sys/netinet/in_gif.c +++ b/sys/netinet/in_gif.c @@ -85,6 +85,8 @@ struct protosw in_gif_protosw = { .pr_usrreqs = &rip_usrreqs }; +VNET_DEFINE(int, ip_gif_ttl) = GIF_TTL; +#define V_ip_gif_ttl VNET(ip_gif_ttl) SYSCTL_VNET_INT(_net_inet_ip, IPCTL_GIF_TTL, gifttl, CTLFLAG_RW, &VNET_NAME(ip_gif_ttl), 0, ""); diff --git a/sys/netinet/in_proto.c b/sys/netinet/in_proto.c index d9cab84..6d72fbe 100644 --- a/sys/netinet/in_proto.c +++ b/sys/netinet/in_proto.c @@ -208,7 +208,6 @@ struct protosw inetsw[] = { .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR, .pr_input = icmp_input, .pr_ctloutput = rip_ctloutput, - .pr_init = icmp_init, .pr_usrreqs = &rip_usrreqs }, { diff --git a/sys/netinet/in_rmx.c b/sys/netinet/in_rmx.c index 6516277..5b8e0f6 100644 --- a/sys/netinet/in_rmx.c +++ b/sys/netinet/in_rmx.c @@ -131,22 +131,22 @@ in_matroute(void *v_arg, struct radix_node_head *head) return rn; } -static VNET_DEFINE(int, rtq_reallyold); -static VNET_DEFINE(int, rtq_minreallyold); -static VNET_DEFINE(int, rtq_toomany); - +static VNET_DEFINE(int, rtq_reallyold) = 60*60; /* one hour is "really old" */ #define V_rtq_reallyold VNET(rtq_reallyold) -#define V_rtq_minreallyold VNET(rtq_minreallyold) -#define V_rtq_toomany VNET(rtq_toomany) - SYSCTL_VNET_INT(_net_inet_ip, IPCTL_RTEXPIRE, rtexpire, CTLFLAG_RW, &VNET_NAME(rtq_reallyold), 0, "Default expiration time on dynamically learned routes"); +/* never automatically crank down to less */ +static VNET_DEFINE(int, rtq_minreallyold) = 10; +#define V_rtq_minreallyold VNET(rtq_minreallyold) SYSCTL_VNET_INT(_net_inet_ip, IPCTL_RTMINEXPIRE, rtminexpire, CTLFLAG_RW, &VNET_NAME(rtq_minreallyold), 0, "Minimum time to attempt to hold onto dynamically learned routes"); +/* 128 cached routes is "too many" */ +static VNET_DEFINE(int, rtq_toomany) = 128; +#define V_rtq_toomany VNET(rtq_toomany) SYSCTL_VNET_INT(_net_inet_ip, IPCTL_RTMAXCACHE, rtmaxcache, CTLFLAG_RW, &VNET_NAME(rtq_toomany), 0, "Upper limit on dynamically learned routes"); @@ -239,7 +239,7 @@ in_rtqkill(struct radix_node *rn, void *rock) } #define RTQ_TIMEOUT 60*10 /* run no less than once every ten minutes */ -static VNET_DEFINE(int, rtq_timeout); +static VNET_DEFINE(int, rtq_timeout) = RTQ_TIMEOUT; static VNET_DEFINE(struct callout, rtq_timer); #define V_rtq_timeout VNET(rtq_timeout) @@ -362,11 +362,6 @@ in_inithead(void **head, int off) if (off == 0) /* XXX MRT see above */ return 1; /* only do the rest for a real routing table */ - V_rtq_reallyold = 60*60; /* one hour is "really old" */ - V_rtq_minreallyold = 10; /* never automatically crank down to less */ - V_rtq_toomany = 128; /* 128 cached routes is "too many" */ - V_rtq_timeout = RTQ_TIMEOUT; - rnh = *head; rnh->rnh_addaddr = in_addroute; rnh->rnh_matchaddr = in_matroute; diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index b13bc7c..8dc08d9 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -75,65 +75,60 @@ __FBSDID("$FreeBSD$"); * routines to turnaround packets back to the originator, and * host table maintenance routines. */ - VNET_DEFINE(struct icmpstat, icmpstat); -static VNET_DEFINE(int, icmpmaskrepl); -static VNET_DEFINE(u_int, icmpmaskfake); -static VNET_DEFINE(int, drop_redirect); -static VNET_DEFINE(int, log_redirect); -static VNET_DEFINE(int, icmplim); -static VNET_DEFINE(int, icmplim_output); -static VNET_DEFINE(char, reply_src[IFNAMSIZ]); -static VNET_DEFINE(int, icmp_rfi); -static VNET_DEFINE(int, icmp_quotelen); -static VNET_DEFINE(int, icmpbmcastecho); - -#define V_icmpmaskrepl VNET(icmpmaskrepl) -#define V_icmpmaskfake VNET(icmpmaskfake) -#define V_drop_redirect VNET(drop_redirect) -#define V_log_redirect VNET(log_redirect) -#define V_icmplim VNET(icmplim) -#define V_icmplim_output VNET(icmplim_output) -#define V_reply_src VNET(reply_src) -#define V_icmp_rfi VNET(icmp_rfi) -#define V_icmp_quotelen VNET(icmp_quotelen) -#define V_icmpbmcastecho VNET(icmpbmcastecho) - SYSCTL_VNET_STRUCT(_net_inet_icmp, ICMPCTL_STATS, stats, CTLFLAG_RW, &VNET_NAME(icmpstat), icmpstat, ""); +static VNET_DEFINE(int, icmpmaskrepl) = 0; +#define V_icmpmaskrepl VNET(icmpmaskrepl) SYSCTL_VNET_INT(_net_inet_icmp, ICMPCTL_MASKREPL, maskrepl, CTLFLAG_RW, &VNET_NAME(icmpmaskrepl), 0, "Reply to ICMP Address Mask Request packets."); +static VNET_DEFINE(u_int, icmpmaskfake) = 0; +#define V_icmpmaskfake VNET(icmpmaskfake) SYSCTL_VNET_UINT(_net_inet_icmp, OID_AUTO, maskfake, CTLFLAG_RW, &VNET_NAME(icmpmaskfake), 0, "Fake reply to ICMP Address Mask Request packets."); +static VNET_DEFINE(int, drop_redirect) = 0; +#define V_drop_redirect VNET(drop_redirect) SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, drop_redirect, CTLFLAG_RW, &VNET_NAME(drop_redirect), 0, "Ignore ICMP redirects"); +static VNET_DEFINE(int, log_redirect) = 0; +#define V_log_redirect VNET(log_redirect) SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, log_redirect, CTLFLAG_RW, &VNET_NAME(log_redirect), 0, "Log ICMP redirects to the console"); +static VNET_DEFINE(int, icmplim) = 200; +#define V_icmplim VNET(icmplim) SYSCTL_VNET_INT(_net_inet_icmp, ICMPCTL_ICMPLIM, icmplim, CTLFLAG_RW, &VNET_NAME(icmplim), 0, "Maximum number of ICMP responses per second"); +static VNET_DEFINE(int, icmplim_output) = 1; +#define V_icmplim_output VNET(icmplim_output) SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, icmplim_output, CTLFLAG_RW, &VNET_NAME(icmplim_output), 0, "Enable rate limiting of ICMP responses"); +static VNET_DEFINE(char, reply_src[IFNAMSIZ]); +#define V_reply_src VNET(reply_src) SYSCTL_VNET_STRING(_net_inet_icmp, OID_AUTO, reply_src, CTLFLAG_RW, &VNET_NAME(reply_src), IFNAMSIZ, "icmp reply source for non-local packets."); +static VNET_DEFINE(int, icmp_rfi) = 0; +#define V_icmp_rfi VNET(icmp_rfi) SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, reply_from_interface, CTLFLAG_RW, &VNET_NAME(icmp_rfi), 0, "ICMP reply from incoming interface for non-local packets"); +static VNET_DEFINE(int, icmp_quotelen) = 8; +#define V_icmp_quotelen VNET(icmp_quotelen) SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, quotelen, CTLFLAG_RW, &VNET_NAME(icmp_quotelen), 0, "Number of bytes from original packet to quote in ICMP reply"); @@ -141,7 +136,8 @@ SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, quotelen, CTLFLAG_RW, /* * ICMP broadcast echo sysctl */ - +static VNET_DEFINE(int, icmpbmcastecho) = 0; +#define V_icmpbmcastecho VNET(icmpbmcastecho) SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, bmcastecho, CTLFLAG_RW, &VNET_NAME(icmpbmcastecho), 0, ""); @@ -156,21 +152,6 @@ static void icmp_send(struct mbuf *, struct mbuf *); extern struct protosw inetsw[]; -void -icmp_init(void) -{ - - V_icmpmaskrepl = 0; - V_icmpmaskfake = 0; - V_drop_redirect = 0; - V_log_redirect = 0; - V_icmplim = 200; - V_icmplim_output = 1; - V_icmp_rfi = 0; - V_icmp_quotelen = 8; - V_icmpbmcastecho = 0; -} - /* * Kernel module interface for updating icmpstat. The argument is an index * into icmpstat treated as an array of u_long. While this encodes the diff --git a/sys/netinet/ip_icmp.h b/sys/netinet/ip_icmp.h index e4ee7f7..9cabdb5 100644 --- a/sys/netinet/ip_icmp.h +++ b/sys/netinet/ip_icmp.h @@ -208,7 +208,6 @@ struct icmp { #ifdef _KERNEL void icmp_error(struct mbuf *, int, int, uint32_t, int); void icmp_input(struct mbuf *, int); -void icmp_init(void); int ip_next_mtu(int, int); #endif diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index fdef645..a17907c 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -89,66 +89,40 @@ __FBSDID("$FreeBSD$"); CTASSERT(sizeof(struct ip) == 20); #endif -static VNET_DEFINE(int, ipsendredirects) = 1; /* XXX */ -static VNET_DEFINE(int, ip_checkinterface); -static VNET_DEFINE(int, ip_keepfaith); -static VNET_DEFINE(int, ip_sendsourcequench); - -#define V_ipsendredirects VNET(ipsendredirects) -#define V_ip_checkinterface VNET(ip_checkinterface) -#define V_ip_keepfaith VNET(ip_keepfaith) -#define V_ip_sendsourcequench VNET(ip_sendsourcequench) - -VNET_DEFINE(int, ip_defttl) = IPDEFTTL; -VNET_DEFINE(int, ip_do_randomid); -VNET_DEFINE(int, ipforwarding); - -VNET_DEFINE(struct in_ifaddrhead, in_ifaddrhead); /* first inet address */ -VNET_DEFINE(struct in_ifaddrhashhead *, in_ifaddrhashtbl); /* inet addr hash table */ -VNET_DEFINE(u_long, in_ifaddrhmask); /* mask for hash table */ -VNET_DEFINE(struct ipstat, ipstat); - -static VNET_DEFINE(int, ip_rsvp_on); -VNET_DEFINE(struct socket *, ip_rsvpd); -VNET_DEFINE(int, rsvp_on); - -#define V_ip_rsvp_on VNET(ip_rsvp_on) - -static VNET_DEFINE(TAILQ_HEAD(ipqhead, ipq), ipq[IPREASS_NHASH]); -static VNET_DEFINE(int, maxnipq); /* Administrative limit on # reass queues. */ -static VNET_DEFINE(int, maxfragsperpacket); -static VNET_DEFINE(int, nipq); /* Total # of reass queues */ - -#define V_ipq VNET(ipq) -#define V_maxnipq VNET(maxnipq) -#define V_maxfragsperpacket VNET(maxfragsperpacket) -#define V_nipq VNET(nipq) - -VNET_DEFINE(int, ipstealth); - struct rwlock in_ifaddr_lock; RW_SYSINIT(in_ifaddr_lock, &in_ifaddr_lock, "in_ifaddr_lock"); +VNET_DEFINE(int, rsvp_on); + +VNET_DEFINE(int, ipforwarding); SYSCTL_VNET_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW, &VNET_NAME(ipforwarding), 0, "Enable IP forwarding between interfaces"); +static VNET_DEFINE(int, ipsendredirects) = 1; /* XXX */ +#define V_ipsendredirects VNET(ipsendredirects) SYSCTL_VNET_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW, &VNET_NAME(ipsendredirects), 0, "Enable sending IP redirects"); +VNET_DEFINE(int, ip_defttl) = IPDEFTTL; SYSCTL_VNET_INT(_net_inet_ip, IPCTL_DEFTTL, ttl, CTLFLAG_RW, &VNET_NAME(ip_defttl), 0, "Maximum TTL on IP packets"); +static VNET_DEFINE(int, ip_keepfaith); +#define V_ip_keepfaith VNET(ip_keepfaith) SYSCTL_VNET_INT(_net_inet_ip, IPCTL_KEEPFAITH, keepfaith, CTLFLAG_RW, &VNET_NAME(ip_keepfaith), 0, "Enable packet capture for FAITH IPv4->IPv6 translater daemon"); +static VNET_DEFINE(int, ip_sendsourcequench); +#define V_ip_sendsourcequench VNET(ip_sendsourcequench) SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, sendsourcequench, CTLFLAG_RW, &VNET_NAME(ip_sendsourcequench), 0, "Enable the transmission of source quench packets"); +VNET_DEFINE(int, ip_do_randomid); SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, random_id, CTLFLAG_RW, &VNET_NAME(ip_do_randomid), 0, "Assign random ip_id values"); @@ -166,6 +140,8 @@ SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, random_id, CTLFLAG_RW, * to the loopback interface instead of the interface where the * packets for those addresses are received. */ +static VNET_DEFINE(int, ip_checkinterface); +#define V_ip_checkinterface VNET(ip_checkinterface) SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, check_interface, CTLFLAG_RW, &VNET_NAME(ip_checkinterface), 0, "Verify packet arrives on correct interface"); @@ -182,16 +158,22 @@ static struct netisr_handler ip_nh = { extern struct domain inetdomain; extern struct protosw inetsw[]; u_char ip_protox[IPPROTO_MAX]; +VNET_DEFINE(struct in_ifaddrhead, in_ifaddrhead); /* first inet address */ +VNET_DEFINE(struct in_ifaddrhashhead *, in_ifaddrhashtbl); /* inet addr hash table */ +VNET_DEFINE(u_long, in_ifaddrhmask); /* mask for hash table */ +VNET_DEFINE(struct ipstat, ipstat); SYSCTL_VNET_STRUCT(_net_inet_ip, IPCTL_STATS, stats, CTLFLAG_RW, &VNET_NAME(ipstat), ipstat, "IP statistics (struct ipstat, netinet/ip_var.h)"); static VNET_DEFINE(uma_zone_t, ipq_zone); -#define V_ipq_zone VNET(ipq_zone) - +static VNET_DEFINE(TAILQ_HEAD(ipqhead, ipq), ipq[IPREASS_NHASH]); static struct mtx ipqlock; +#define V_ipq_zone VNET(ipq_zone) +#define V_ipq VNET(ipq) + #define IPQ_LOCK() mtx_lock(&ipqlock) #define IPQ_UNLOCK() mtx_unlock(&ipqlock) #define IPQ_LOCK_INIT() mtx_init(&ipqlock, "ipqlock", NULL, MTX_DEF) @@ -201,10 +183,16 @@ static void maxnipq_update(void); static void ipq_zone_change(void *); static void ip_drain_locked(void); +static VNET_DEFINE(int, maxnipq); /* Administrative limit on # reass queues. */ +static VNET_DEFINE(int, nipq); /* Total # of reass queues */ +#define V_maxnipq VNET(maxnipq) +#define V_nipq VNET(nipq) SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, fragpackets, CTLFLAG_RD, &VNET_NAME(nipq), 0, "Current number of IPv4 fragment reassembly queue entries"); +static VNET_DEFINE(int, maxfragsperpacket); +#define V_maxfragsperpacket VNET(maxfragsperpacket) SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, maxfragsperpacket, CTLFLAG_RW, &VNET_NAME(maxfragsperpacket), 0, "Maximum number of IPv4 fragments allowed per packet"); @@ -217,6 +205,7 @@ SYSCTL_INT(_net_inet_ip, IPCTL_DEFMTU, mtu, CTLFLAG_RW, #endif #ifdef IPSTEALTH +VNET_DEFINE(int, ipstealth); SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, stealth, CTLFLAG_RW, &VNET_NAME(ipstealth), 0, "IP stealth mode, no TTL decrementation on forwarding"); @@ -1740,6 +1729,11 @@ makedummy: * locking. This code remains in ip_input.c as ip_mroute.c is optionally * compiled. */ +static VNET_DEFINE(int, ip_rsvp_on); +VNET_DEFINE(struct socket *, ip_rsvpd); + +#define V_ip_rsvp_on VNET(ip_rsvp_on) + int ip_rsvp_init(struct socket *so) { diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h index 389ad6e..4415001 100644 --- a/sys/netinet/ip_var.h +++ b/sys/netinet/ip_var.h @@ -181,9 +181,13 @@ VNET_DECLARE(int, ipforwarding); /* ip forwarding */ #ifdef IPSTEALTH VNET_DECLARE(int, ipstealth); /* stealth forwarding */ #endif -VNET_DECLARE(int, rsvp_on); +extern u_char ip_protox[]; VNET_DECLARE(struct socket *, ip_rsvpd); /* reservation protocol daemon*/ VNET_DECLARE(struct socket *, ip_mrouter); /* multicast routing daemon */ +extern int (*legal_vif_num)(int); +extern u_long (*ip_mcast_src)(int); +VNET_DECLARE(int, rsvp_on); +extern struct pr_usrreqs rip_usrreqs; #define V_ipstat VNET(ipstat) #define V_ip_id VNET(ip_id) @@ -192,14 +196,9 @@ VNET_DECLARE(struct socket *, ip_mrouter); /* multicast routing daemon */ #ifdef IPSTEALTH #define V_ipstealth VNET(ipstealth) #endif -#define V_rsvp_on VNET(rsvp_on) #define V_ip_rsvpd VNET(ip_rsvpd) #define V_ip_mrouter VNET(ip_mrouter) - -extern u_char ip_protox[]; -extern int (*legal_vif_num)(int); -extern u_long (*ip_mcast_src)(int); -extern struct pr_usrreqs rip_usrreqs; +#define V_rsvp_on VNET(rsvp_on) void inp_freemoptions(struct ip_moptions *); int inp_getmoptions(struct inpcb *, struct sockopt *); diff --git a/sys/netinet/tcp_hostcache.c b/sys/netinet/tcp_hostcache.c index a0c4012..d20adb7 100644 --- a/sys/netinet/tcp_hostcache.c +++ b/sys/netinet/tcp_hostcache.c @@ -107,9 +107,9 @@ __FBSDID("$FreeBSD$"); #define TCP_HOSTCACHE_PRUNE 5*60 /* every 5 minutes */ static VNET_DEFINE(struct tcp_hostcache, tcp_hostcache); -static VNET_DEFINE(struct callout, tcp_hc_callout); - #define V_tcp_hostcache VNET(tcp_hostcache) + +static VNET_DEFINE(struct callout, tcp_hc_callout); #define V_tcp_hc_callout VNET(tcp_hc_callout) static struct hc_metrics *tcp_hc_lookup(struct in_conninfo *); diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 0254cff..cbba9cd 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -99,20 +99,6 @@ __FBSDID("$FreeBSD$"); static const int tcprexmtthresh = 3; VNET_DEFINE(struct tcpstat, tcpstat); -VNET_DEFINE(int, blackhole); -VNET_DEFINE(int, tcp_delack_enabled); -VNET_DEFINE(int, drop_synfin); -VNET_DEFINE(int, tcp_do_rfc3042); -VNET_DEFINE(int, tcp_do_rfc3390); -VNET_DEFINE(int, tcp_do_ecn); -VNET_DEFINE(int, tcp_ecn_maxretries); -VNET_DEFINE(int, tcp_insecure_rst); -VNET_DEFINE(int, tcp_do_autorcvbuf); -VNET_DEFINE(int, tcp_autorcvbuf_inc); -VNET_DEFINE(int, tcp_autorcvbuf_max); -VNET_DEFINE(int, tcp_do_rfc3465); -VNET_DEFINE(int, tcp_abc_l_var); - SYSCTL_VNET_STRUCT(_net_inet_tcp, TCPCTL_STATS, stats, CTLFLAG_RW, &VNET_NAME(tcpstat), tcpstat, "TCP statistics (struct tcpstat, netinet/tcp_var.h)"); @@ -122,56 +108,79 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_in_vain, CTLFLAG_RW, &tcp_log_in_vain, 0, "Log all incoming TCP segments to closed ports"); +VNET_DEFINE(int, blackhole) = 0; +#define V_blackhole VNET(blackhole) SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, blackhole, CTLFLAG_RW, &VNET_NAME(blackhole), 0, "Do not send RST on segments to closed ports"); +VNET_DEFINE(int, tcp_delack_enabled) = 1; SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, delayed_ack, CTLFLAG_RW, &VNET_NAME(tcp_delack_enabled), 0, "Delay ACK to try and piggyback it onto a data packet"); +VNET_DEFINE(int, drop_synfin) = 0; +#define V_drop_synfin VNET(drop_synfin) SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, drop_synfin, CTLFLAG_RW, &VNET_NAME(drop_synfin), 0, "Drop TCP packets with SYN+FIN set"); +VNET_DEFINE(int, tcp_do_rfc3042) = 1; +#define V_tcp_do_rfc3042 VNET(tcp_do_rfc3042) SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, rfc3042, CTLFLAG_RW, &VNET_NAME(tcp_do_rfc3042), 0, "Enable RFC 3042 (Limited Transmit)"); +VNET_DEFINE(int, tcp_do_rfc3390) = 1; +#define V_tcp_do_rfc3390 VNET(tcp_do_rfc3390) SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, rfc3390, CTLFLAG_RW, &VNET_NAME(tcp_do_rfc3390), 0, "Enable RFC 3390 (Increasing TCP's Initial Congestion Window)"); +VNET_DEFINE(int, tcp_do_rfc3465) = 1; +#define V_tcp_do_rfc3465 VNET(tcp_do_rfc3465) SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, rfc3465, CTLFLAG_RW, &VNET_NAME(tcp_do_rfc3465), 0, "Enable RFC 3465 (Appropriate Byte Counting)"); +VNET_DEFINE(int, tcp_abc_l_var) = 2; +#define V_tcp_abc_l_var VNET(tcp_abc_l_var) SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, abc_l_var, CTLFLAG_RW, &VNET_NAME(tcp_abc_l_var), 2, "Cap the max cwnd increment during slow-start to this number of segments"); SYSCTL_NODE(_net_inet_tcp, OID_AUTO, ecn, CTLFLAG_RW, 0, "TCP ECN"); +VNET_DEFINE(int, tcp_do_ecn) = 0; SYSCTL_VNET_INT(_net_inet_tcp_ecn, OID_AUTO, enable, CTLFLAG_RW, &VNET_NAME(tcp_do_ecn), 0, "TCP ECN support"); +VNET_DEFINE(int, tcp_ecn_maxretries) = 1; SYSCTL_VNET_INT(_net_inet_tcp_ecn, OID_AUTO, maxretries, CTLFLAG_RW, &VNET_NAME(tcp_ecn_maxretries), 0, "Max retries before giving up on ECN"); +VNET_DEFINE(int, tcp_insecure_rst) = 0; +#define V_tcp_insecure_rst VNET(tcp_insecure_rst) SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, insecure_rst, CTLFLAG_RW, &VNET_NAME(tcp_insecure_rst), 0, "Follow the old (insecure) criteria for accepting RST packets"); +VNET_DEFINE(int, tcp_do_autorcvbuf) = 1; +#define V_tcp_do_autorcvbuf VNET(tcp_do_autorcvbuf) SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, recvbuf_auto, CTLFLAG_RW, &VNET_NAME(tcp_do_autorcvbuf), 0, "Enable automatic receive buffer sizing"); +VNET_DEFINE(int, tcp_autorcvbuf_inc) = 16*1024; +#define V_tcp_autorcvbuf_inc VNET(tcp_autorcvbuf_inc) SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, recvbuf_inc, CTLFLAG_RW, &VNET_NAME(tcp_autorcvbuf_inc), 0, "Incrementor step size of automatic receive buffer"); +VNET_DEFINE(int, tcp_autorcvbuf_max) = 256*1024; +#define V_tcp_autorcvbuf_max VNET(tcp_autorcvbuf_max) SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, recvbuf_max, CTLFLAG_RW, &VNET_NAME(tcp_autorcvbuf_max), 0, "Max size of automatic receive buffer"); @@ -181,8 +190,8 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, read_locking, CTLFLAG_RW, &tcp_read_locking, 0, "Enable read locking strategy"); VNET_DEFINE(struct inpcbhead, tcb); -VNET_DEFINE(struct inpcbinfo, tcbinfo); #define tcb6 tcb /* for KAME src sync over BSD*'s */ +VNET_DEFINE(struct inpcbinfo, tcbinfo); static void tcp_dooptions(struct tcpopt *, u_char *, int, int); static void tcp_do_segment(struct mbuf *, struct tcphdr *, diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c index f9d1b63..50973c4 100644 --- a/sys/netinet/tcp_output.c +++ b/sys/netinet/tcp_output.c @@ -87,43 +87,46 @@ __FBSDID("$FreeBSD$"); extern struct mbuf *m_copypack(); #endif -VNET_DEFINE(int, path_mtu_discovery); -VNET_DEFINE(int, ss_fltsz); -VNET_DEFINE(int, ss_fltsz_local); -VNET_DEFINE(int, tcp_do_newreno); -VNET_DEFINE(int, tcp_do_tso); -VNET_DEFINE(int, tcp_do_autosndbuf); -VNET_DEFINE(int, tcp_autosndbuf_inc); -VNET_DEFINE(int, tcp_autosndbuf_max); - +VNET_DEFINE(int, path_mtu_discovery) = 1; SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, path_mtu_discovery, CTLFLAG_RW, &VNET_NAME(path_mtu_discovery), 1, "Enable Path MTU Discovery"); +VNET_DEFINE(int, ss_fltsz) = 1; SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, slowstart_flightsize, CTLFLAG_RW, &VNET_NAME(ss_fltsz), 1, "Slow start flight size"); +VNET_DEFINE(int, ss_fltsz_local) = 4; SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, local_slowstart_flightsize, CTLFLAG_RW, &VNET_NAME(ss_fltsz_local), 1, "Slow start flight size for local networks"); +VNET_DEFINE(int, tcp_do_newreno) = 1; SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, newreno, CTLFLAG_RW, &VNET_NAME(tcp_do_newreno), 0, "Enable NewReno Algorithms"); +VNET_DEFINE(int, tcp_do_tso) = 1; +#define V_tcp_do_tso VNET(tcp_do_tso) SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, tso, CTLFLAG_RW, &VNET_NAME(tcp_do_tso), 0, "Enable TCP Segmentation Offload"); +VNET_DEFINE(int, tcp_do_autosndbuf) = 1; +#define V_tcp_do_autosndbuf VNET(tcp_do_autosndbuf) SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, sendbuf_auto, CTLFLAG_RW, &VNET_NAME(tcp_do_autosndbuf), 0, "Enable automatic send buffer sizing"); +VNET_DEFINE(int, tcp_autosndbuf_inc) = 8*1024; +#define V_tcp_autosndbuf_inc VNET(tcp_autosndbuf_inc) SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, sendbuf_inc, CTLFLAG_RW, &VNET_NAME(tcp_autosndbuf_inc), 0, "Incrementor step size of automatic send buffer"); +VNET_DEFINE(int, tcp_autosndbuf_max) = 256*1024; +#define V_tcp_autosndbuf_max VNET(tcp_autosndbuf_max) SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, sendbuf_max, CTLFLAG_RW, &VNET_NAME(tcp_autosndbuf_max), 0, "Max size of automatic send buffer"); diff --git a/sys/netinet/tcp_reass.c b/sys/netinet/tcp_reass.c index cd7eb1c..bfb53d3 100644 --- a/sys/netinet/tcp_reass.c +++ b/sys/netinet/tcp_reass.c @@ -74,30 +74,28 @@ __FBSDID("$FreeBSD$"); #include #endif /* TCPDEBUG */ -static VNET_DEFINE(int, tcp_reass_maxseg); -VNET_DEFINE(int, tcp_reass_qsize); -static VNET_DEFINE(int, tcp_reass_maxqlen); -static VNET_DEFINE(int, tcp_reass_overflows); - -#define V_tcp_reass_maxseg VNET(tcp_reass_maxseg) -#define V_tcp_reass_maxqlen VNET(tcp_reass_maxqlen) -#define V_tcp_reass_overflows VNET(tcp_reass_overflows) - SYSCTL_NODE(_net_inet_tcp, OID_AUTO, reass, CTLFLAG_RW, 0, "TCP Segment Reassembly Queue"); +static VNET_DEFINE(int, tcp_reass_maxseg) = 0; +#define V_tcp_reass_maxseg VNET(tcp_reass_maxseg) SYSCTL_VNET_INT(_net_inet_tcp_reass, OID_AUTO, maxsegments, CTLFLAG_RDTUN, &VNET_NAME(tcp_reass_maxseg), 0, "Global maximum number of TCP Segments in Reassembly Queue"); +VNET_DEFINE(int, tcp_reass_qsize) = 0; SYSCTL_VNET_INT(_net_inet_tcp_reass, OID_AUTO, cursegments, CTLFLAG_RD, &VNET_NAME(tcp_reass_qsize), 0, "Global number of TCP Segments currently in Reassembly Queue"); +static VNET_DEFINE(int, tcp_reass_maxqlen) = 48; +#define V_tcp_reass_maxqlen VNET(tcp_reass_maxqlen) SYSCTL_VNET_INT(_net_inet_tcp_reass, OID_AUTO, maxqlen, CTLFLAG_RW, &VNET_NAME(tcp_reass_maxqlen), 0, "Maximum number of TCP Segments per individual Reassembly Queue"); +static VNET_DEFINE(int, tcp_reass_overflows) = 0; +#define V_tcp_reass_overflows VNET(tcp_reass_overflows) SYSCTL_VNET_INT(_net_inet_tcp_reass, OID_AUTO, overflows, CTLFLAG_RD, &VNET_NAME(tcp_reass_overflows), 0, "Global number of TCP Segment Reassembly Queue Overflows"); @@ -117,11 +115,6 @@ void tcp_reass_init(void) { - V_tcp_reass_maxseg = 0; - V_tcp_reass_qsize = 0; - V_tcp_reass_maxqlen = 48; - V_tcp_reass_overflows = 0; - V_tcp_reass_maxseg = nmbclusters / 16; TUNABLE_INT_FETCH("net.inet.tcp.reass.maxsegments", &V_tcp_reass_maxseg); diff --git a/sys/netinet/tcp_sack.c b/sys/netinet/tcp_sack.c index 06fb502..737c2b2 100644 --- a/sys/netinet/tcp_sack.c +++ b/sys/netinet/tcp_sack.c @@ -123,29 +123,28 @@ __FBSDID("$FreeBSD$"); #include VNET_DECLARE(struct uma_zone *, sack_hole_zone); -VNET_DEFINE(int, tcp_do_sack); -VNET_DEFINE(int, tcp_sack_maxholes); -VNET_DEFINE(int, tcp_sack_globalmaxholes); -VNET_DEFINE(int, tcp_sack_globalholes); - #define V_sack_hole_zone VNET(sack_hole_zone) -#define V_tcp_do_sack VNET(tcp_do_sack) -#define V_tcp_sack_maxholes VNET(tcp_sack_maxholes) -#define V_tcp_sack_globalmaxholes VNET(tcp_sack_globalmaxholes) -#define V_tcp_sack_globalholes VNET(tcp_sack_globalholes) SYSCTL_NODE(_net_inet_tcp, OID_AUTO, sack, CTLFLAG_RW, 0, "TCP SACK"); +VNET_DEFINE(int, tcp_do_sack) = 1; +#define V_tcp_do_sack VNET(tcp_do_sack) SYSCTL_VNET_INT(_net_inet_tcp_sack, OID_AUTO, enable, CTLFLAG_RW, &VNET_NAME(tcp_do_sack), 0, "Enable/Disable TCP SACK support"); +VNET_DEFINE(int, tcp_sack_maxholes) = 128; +#define V_tcp_sack_maxholes VNET(tcp_sack_maxholes) SYSCTL_VNET_INT(_net_inet_tcp_sack, OID_AUTO, maxholes, CTLFLAG_RW, &VNET_NAME(tcp_sack_maxholes), 0, "Maximum number of TCP SACK holes allowed per connection"); +VNET_DEFINE(int, tcp_sack_globalmaxholes) = 65536; +#define V_tcp_sack_globalmaxholes VNET(tcp_sack_globalmaxholes) SYSCTL_VNET_INT(_net_inet_tcp_sack, OID_AUTO, globalmaxholes, CTLFLAG_RW, &VNET_NAME(tcp_sack_globalmaxholes), 0, "Global maximum number of TCP SACK holes"); +VNET_DEFINE(int, tcp_sack_globalholes) = 0; +#define V_tcp_sack_globalholes VNET(tcp_sack_globalholes) SYSCTL_VNET_INT(_net_inet_tcp_sack, OID_AUTO, globalholes, CTLFLAG_RD, &VNET_NAME(tcp_sack_globalholes), 0, "Global number of TCP SACK holes currently allocated"); diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index 9ec434c..43ed1e4 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -111,28 +111,10 @@ __FBSDID("$FreeBSD$"); #include -VNET_DEFINE(int, tcp_mssdflt); +VNET_DEFINE(int, tcp_mssdflt) = TCP_MSS; #ifdef INET6 -VNET_DEFINE(int, tcp_v6mssdflt); +VNET_DEFINE(int, tcp_v6mssdflt) = TCP6_MSS; #endif -VNET_DEFINE(int, tcp_minmss); -VNET_DEFINE(int, tcp_do_rfc1323); - -static VNET_DEFINE(int, icmp_may_rst); -static VNET_DEFINE(int, tcp_isn_reseed_interval); -static VNET_DEFINE(int, tcp_inflight_enable); -static VNET_DEFINE(int, tcp_inflight_rttthresh); -static VNET_DEFINE(int, tcp_inflight_min); -static VNET_DEFINE(int, tcp_inflight_max); -static VNET_DEFINE(int, tcp_inflight_stab); - -#define V_icmp_may_rst VNET(icmp_may_rst) -#define V_tcp_isn_reseed_interval VNET(tcp_isn_reseed_interval) -#define V_tcp_inflight_enable VNET(tcp_inflight_enable) -#define V_tcp_inflight_rttthresh VNET(tcp_inflight_rttthresh) -#define V_tcp_inflight_min VNET(tcp_inflight_min) -#define V_tcp_inflight_max VNET(tcp_inflight_max) -#define V_tcp_inflight_stab VNET(tcp_inflight_stab) static int sysctl_net_inet_tcp_mss_check(SYSCTL_HANDLER_ARGS) @@ -194,10 +176,12 @@ vnet_sysctl_msec_to_ticks(SYSCTL_HANDLER_ARGS) * with packet generation and sending. Set to zero to disable MINMSS * checking. This setting prevents us from sending too small packets. */ +VNET_DEFINE(int, tcp_minmss) = TCP_MINMSS; SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, minmss, CTLFLAG_RW, &VNET_NAME(tcp_minmss), 0, "Minmum TCP Maximum Segment Size"); +VNET_DEFINE(int, tcp_do_rfc1323) = 1; SYSCTL_VNET_INT(_net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323, CTLFLAG_RW, &VNET_NAME(tcp_do_rfc1323), 0, "Enable rfc1323 (high performance TCP) extensions"); @@ -217,10 +201,14 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, do_tcpdrain, CTLFLAG_RW, &do_tcpdrain, 0, SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, pcbcount, CTLFLAG_RD, &VNET_NAME(tcbinfo.ipi_count), 0, "Number of active PCBs"); +static VNET_DEFINE(int, icmp_may_rst) = 1; +#define V_icmp_may_rst VNET(icmp_may_rst) SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, icmp_may_rst, CTLFLAG_RW, &VNET_NAME(icmp_may_rst), 0, "Certain ICMP unreachable messages may abort connections in SYN_SENT"); +static VNET_DEFINE(int, tcp_isn_reseed_interval) = 0; +#define V_tcp_isn_reseed_interval VNET(tcp_isn_reseed_interval) SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, isn_reseed_interval, CTLFLAG_RW, &VNET_NAME(tcp_isn_reseed_interval), 0, "Seconds between reseeding of ISN secret"); @@ -233,6 +221,8 @@ SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, isn_reseed_interval, CTLFLAG_RW, SYSCTL_NODE(_net_inet_tcp, OID_AUTO, inflight, CTLFLAG_RW, 0, "TCP inflight data limiting"); +static VNET_DEFINE(int, tcp_inflight_enable) = 1; +#define V_tcp_inflight_enable VNET(tcp_inflight_enable) SYSCTL_VNET_INT(_net_inet_tcp_inflight, OID_AUTO, enable, CTLFLAG_RW, &VNET_NAME(tcp_inflight_enable), 0, "Enable automatic TCP inflight data limiting"); @@ -242,19 +232,27 @@ SYSCTL_INT(_net_inet_tcp_inflight, OID_AUTO, debug, CTLFLAG_RW, &tcp_inflight_debug, 0, "Debug TCP inflight calculations"); +static VNET_DEFINE(int, tcp_inflight_rttthresh); +#define V_tcp_inflight_rttthresh VNET(tcp_inflight_rttthresh) SYSCTL_VNET_PROC(_net_inet_tcp_inflight, OID_AUTO, rttthresh, CTLTYPE_INT|CTLFLAG_RW, &VNET_NAME(tcp_inflight_rttthresh), 0, vnet_sysctl_msec_to_ticks, "I", "RTT threshold below which inflight will deactivate itself"); +static VNET_DEFINE(int, tcp_inflight_min) = 6144; +#define V_tcp_inflight_min VNET(tcp_inflight_min) SYSCTL_VNET_INT(_net_inet_tcp_inflight, OID_AUTO, min, CTLFLAG_RW, &VNET_NAME(tcp_inflight_min), 0, "Lower-bound for TCP inflight window"); +static VNET_DEFINE(int, tcp_inflight_max) = TCP_MAXWIN << TCP_MAX_WINSHIFT; +#define V_tcp_inflight_max VNET(tcp_inflight_max) SYSCTL_VNET_INT(_net_inet_tcp_inflight, OID_AUTO, max, CTLFLAG_RW, &VNET_NAME(tcp_inflight_max), 0, "Upper-bound for TCP inflight window"); +static VNET_DEFINE(int, tcp_inflight_stab) = 20; +#define V_tcp_inflight_stab VNET(tcp_inflight_stab) SYSCTL_VNET_INT(_net_inet_tcp_inflight, OID_AUTO, stab, CTLFLAG_RW, &VNET_NAME(tcp_inflight_stab), 0, "Inflight Algorithm Stabilization 20 = 2 packets"); @@ -329,53 +327,6 @@ tcp_init(void) { int hashsize; - V_blackhole = 0; - V_tcp_delack_enabled = 1; - V_drop_synfin = 0; - V_tcp_do_rfc3042 = 1; - V_tcp_do_rfc3390 = 1; - V_tcp_do_ecn = 0; - V_tcp_ecn_maxretries = 1; - V_tcp_insecure_rst = 0; - V_tcp_do_autorcvbuf = 1; - V_tcp_autorcvbuf_inc = 16*1024; - V_tcp_autorcvbuf_max = 256*1024; - V_tcp_do_rfc3465 = 1; - V_tcp_abc_l_var = 2; - - V_tcp_mssdflt = TCP_MSS; -#ifdef INET6 - V_tcp_v6mssdflt = TCP6_MSS; -#endif - V_tcp_minmss = TCP_MINMSS; - V_tcp_do_rfc1323 = 1; - V_icmp_may_rst = 1; - V_tcp_isn_reseed_interval = 0; - V_tcp_inflight_enable = 1; - V_tcp_inflight_min = 6144; - V_tcp_inflight_max = TCP_MAXWIN << TCP_MAX_WINSHIFT; - V_tcp_inflight_stab = 20; - - V_path_mtu_discovery = 1; - V_ss_fltsz = 1; - V_ss_fltsz_local = 4; - V_tcp_do_newreno = 1; - V_tcp_do_tso = 1; - V_tcp_do_autosndbuf = 1; - V_tcp_autosndbuf_inc = 8*1024; - V_tcp_autosndbuf_max = 256*1024; - - V_nolocaltimewait = 0; - - V_tcp_do_sack = 1; - V_tcp_sack_maxholes = 128; - V_tcp_sack_globalmaxholes = 65536; - V_tcp_sack_globalholes = 0; - - V_tcp_inflight_rttthresh = TCPTV_INFLIGHT_RTTTHRESH; - - TUNABLE_INT_FETCH("net.inet.tcp.sack.enable", &V_tcp_do_sack); - hashsize = TCBHASHSIZE; TUNABLE_INT_FETCH("net.inet.tcp.tcbhashsize", &hashsize); if (!powerof2(hashsize)) { @@ -385,16 +336,21 @@ tcp_init(void) in_pcbinfo_init(&V_tcbinfo, "tcp", &V_tcb, hashsize, hashsize, "tcp_inpcb", tcp_inpcb_init, NULL, UMA_ZONE_NOFREE); + V_tcp_inflight_rttthresh = TCPTV_INFLIGHT_RTTTHRESH; + /* * These have to be type stable for the benefit of the timers. */ V_tcpcb_zone = uma_zcreate("tcpcb", sizeof(struct tcpcb_mem), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); uma_zone_set_max(V_tcpcb_zone, maxsockets); + tcp_tw_init(); syncache_init(); tcp_hc_init(); tcp_reass_init(); + + TUNABLE_INT_FETCH("net.inet.tcp.sack.enable", &V_tcp_do_sack); V_sack_hole_zone = uma_zcreate("sackhole", sizeof(struct sackhole), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index 4d9d487..c47493c 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -97,19 +97,14 @@ __FBSDID("$FreeBSD$"); #include -static VNET_DEFINE(struct tcp_syncache, tcp_syncache); -static VNET_DEFINE(int, tcp_syncookies); -static VNET_DEFINE(int, tcp_syncookiesonly); -VNET_DEFINE(int, tcp_sc_rst_sock_fail); - -#define V_tcp_syncache VNET(tcp_syncache) +static VNET_DEFINE(int, tcp_syncookies) = 1; #define V_tcp_syncookies VNET(tcp_syncookies) -#define V_tcp_syncookiesonly VNET(tcp_syncookiesonly) - SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, syncookies, CTLFLAG_RW, &VNET_NAME(tcp_syncookies), 0, "Use TCP SYN cookies if the syncache overflows"); +static VNET_DEFINE(int, tcp_syncookiesonly) = 0; +#define V_tcp_syncookiesonly VNET(tcp_syncookiesonly) SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, syncookies_only, CTLFLAG_RW, &VNET_NAME(tcp_syncookiesonly), 0, "Use only TCP SYN cookies"); @@ -148,6 +143,9 @@ static struct syncache #define TCP_SYNCACHE_HASHSIZE 512 #define TCP_SYNCACHE_BUCKETLIMIT 30 +static VNET_DEFINE(struct tcp_syncache, tcp_syncache); +#define V_tcp_syncache VNET(tcp_syncache) + SYSCTL_NODE(_net_inet_tcp, OID_AUTO, syncache, CTLFLAG_RW, 0, "TCP SYN cache"); SYSCTL_VNET_INT(_net_inet_tcp_syncache, OID_AUTO, bucketlimit, CTLFLAG_RDTUN, @@ -170,6 +168,7 @@ SYSCTL_VNET_INT(_net_inet_tcp_syncache, OID_AUTO, rexmtlimit, CTLFLAG_RW, &VNET_NAME(tcp_syncache.rexmt_limit), 0, "Limit on SYN/ACK retransmissions"); +VNET_DEFINE(int, tcp_sc_rst_sock_fail) = 1; SYSCTL_VNET_INT(_net_inet_tcp_syncache, OID_AUTO, rst_on_sock_fail, CTLFLAG_RW, &VNET_NAME(tcp_sc_rst_sock_fail), 0, "Send reset on socket allocation failure"); @@ -224,10 +223,6 @@ syncache_init(void) { int i; - V_tcp_syncookies = 1; - V_tcp_syncookiesonly = 0; - V_tcp_sc_rst_sock_fail = 1; - V_tcp_syncache.cache_count = 0; V_tcp_syncache.hashsize = TCP_SYNCACHE_HASHSIZE; V_tcp_syncache.bucket_limit = TCP_SYNCACHE_BUCKETLIMIT; diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c index 6e5b013..42df4fe 100644 --- a/sys/netinet/tcp_timewait.c +++ b/sys/netinet/tcp_timewait.c @@ -92,6 +92,8 @@ __FBSDID("$FreeBSD$"); #include +static VNET_DEFINE(uma_zone_t, tcptw_zone); +#define V_tcptw_zone VNET(tcptw_zone) static int maxtcptw; /* @@ -100,11 +102,7 @@ static int maxtcptw; * queue pointers in each tcptw structure, are protected using the global * tcbinfo lock, which must be held over queue iteration and modification. */ -static VNET_DEFINE(uma_zone_t, tcptw_zone); static VNET_DEFINE(TAILQ_HEAD(, tcptw), twq_2msl); -VNET_DEFINE(int, nolocaltimewait); - -#define V_tcptw_zone VNET(tcptw_zone) #define V_twq_2msl VNET(twq_2msl) static void tcp_tw_2msl_reset(struct tcptw *, int); @@ -149,6 +147,8 @@ SYSCTL_PROC(_net_inet_tcp, OID_AUTO, maxtcptw, CTLTYPE_INT|CTLFLAG_RW, &maxtcptw, 0, sysctl_maxtcptw, "IU", "Maximum number of compressed TCP TIME_WAIT entries"); +VNET_DEFINE(int, nolocaltimewait) = 0; +#define V_nolocaltimewait VNET(nolocaltimewait) SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, nolocaltimewait, CTLFLAG_RW, &VNET_NAME(nolocaltimewait), 0, "Do not create compressed TCP TIME_WAIT entries for local connections"); diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h index 3a59eee..5811439 100644 --- a/sys/netinet/tcp_var.h +++ b/sys/netinet/tcp_var.h @@ -42,12 +42,12 @@ * Kernel variables for tcp. */ VNET_DECLARE(int, tcp_do_rfc1323); +#define V_tcp_do_rfc1323 VNET(tcp_do_rfc1323) + VNET_DECLARE(int, tcp_reass_qsize); VNET_DECLARE(struct uma_zone *, tcp_reass_zone); -#define V_tcp_do_rfc1323 VNET(tcp_do_rfc1323) #define V_tcp_reass_qsize VNET(tcp_reass_qsize) #define V_tcp_reass_zone VNET(tcp_reass_zone) - #endif /* _KERNEL */ /* TCP segment queue entry */ @@ -558,11 +558,10 @@ SYSCTL_DECL(_net_inet_tcp_sack); MALLOC_DECLARE(M_TCPLOG); #endif -extern int tcp_log_in_vain; - VNET_DECLARE(struct inpcbhead, tcb); /* queue of active tcpcb's */ VNET_DECLARE(struct inpcbinfo, tcbinfo); VNET_DECLARE(struct tcpstat, tcpstat); /* tcp statistics */ +extern int tcp_log_in_vain; VNET_DECLARE(int, tcp_mssdflt); /* XXX */ VNET_DECLARE(int, tcp_minmss); VNET_DECLARE(int, tcp_delack_enabled); @@ -570,7 +569,6 @@ VNET_DECLARE(int, tcp_do_newreno); VNET_DECLARE(int, path_mtu_discovery); VNET_DECLARE(int, ss_fltsz); VNET_DECLARE(int, ss_fltsz_local); - #define V_tcb VNET(tcb) #define V_tcbinfo VNET(tcbinfo) #define V_tcpstat VNET(tcpstat) @@ -582,55 +580,13 @@ VNET_DECLARE(int, ss_fltsz_local); #define V_ss_fltsz VNET(ss_fltsz) #define V_ss_fltsz_local VNET(ss_fltsz_local) -VNET_DECLARE(int, blackhole); -VNET_DECLARE(int, drop_synfin); -VNET_DECLARE(int, tcp_do_rfc3042); -VNET_DECLARE(int, tcp_do_rfc3390); -VNET_DECLARE(int, tcp_insecure_rst); -VNET_DECLARE(int, tcp_do_autorcvbuf); -VNET_DECLARE(int, tcp_autorcvbuf_inc); -VNET_DECLARE(int, tcp_autorcvbuf_max); -VNET_DECLARE(int, tcp_do_rfc3465); -VNET_DECLARE(int, tcp_abc_l_var); - -#define V_blackhole VNET(blackhole) -#define V_drop_synfin VNET(drop_synfin) -#define V_tcp_do_rfc3042 VNET(tcp_do_rfc3042) -#define V_tcp_do_rfc3390 VNET(tcp_do_rfc3390) -#define V_tcp_insecure_rst VNET(tcp_insecure_rst) -#define V_tcp_do_autorcvbuf VNET(tcp_do_autorcvbuf) -#define V_tcp_autorcvbuf_inc VNET(tcp_autorcvbuf_inc) -#define V_tcp_autorcvbuf_max VNET(tcp_autorcvbuf_max) -#define V_tcp_do_rfc3465 VNET(tcp_do_rfc3465) -#define V_tcp_abc_l_var VNET(tcp_abc_l_var) - -VNET_DECLARE(int, tcp_do_tso); -VNET_DECLARE(int, tcp_do_autosndbuf); -VNET_DECLARE(int, tcp_autosndbuf_inc); -VNET_DECLARE(int, tcp_autosndbuf_max); - -#define V_tcp_do_tso VNET(tcp_do_tso) -#define V_tcp_do_autosndbuf VNET(tcp_do_autosndbuf) -#define V_tcp_autosndbuf_inc VNET(tcp_autosndbuf_inc) -#define V_tcp_autosndbuf_max VNET(tcp_autosndbuf_max) - -VNET_DECLARE(int, nolocaltimewait); - -#define V_nolocaltimewait VNET(nolocaltimewait) - VNET_DECLARE(int, tcp_do_sack); /* SACK enabled/disabled */ -VNET_DECLARE(int, tcp_sack_maxholes); -VNET_DECLARE(int, tcp_sack_globalmaxholes); -VNET_DECLARE(int, tcp_sack_globalholes); VNET_DECLARE(int, tcp_sc_rst_sock_fail); /* RST on sock alloc failure */ -VNET_DECLARE(int, tcp_do_ecn); /* TCP ECN enabled/disabled */ -VNET_DECLARE(int, tcp_ecn_maxretries); - #define V_tcp_do_sack VNET(tcp_do_sack) -#define V_tcp_sack_maxholes VNET(tcp_sack_maxholes) -#define V_tcp_sack_globalmaxholes VNET(tcp_sack_globalmaxholes) -#define V_tcp_sack_globalholes VNET(tcp_sack_globalholes) #define V_tcp_sc_rst_sock_fail VNET(tcp_sc_rst_sock_fail) + +VNET_DECLARE(int, tcp_do_ecn); /* TCP ECN enabled/disabled */ +VNET_DECLARE(int, tcp_ecn_maxretries); #define V_tcp_do_ecn VNET(tcp_do_ecn) #define V_tcp_ecn_maxretries VNET(tcp_ecn_maxretries) diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 0d8e04d..4541038 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -94,8 +94,6 @@ __FBSDID("$FreeBSD$"); * Per RFC 768, August, 1980. */ -VNET_DEFINE(int, udp_blackhole); - /* * BSD 4.2 defaulted the udp checksum to be off. Turning off udp checksums * removes the only data integrity mechanism for packets and malformed @@ -110,6 +108,7 @@ int udp_log_in_vain = 0; SYSCTL_INT(_net_inet_udp, OID_AUTO, log_in_vain, CTLFLAG_RW, &udp_log_in_vain, 0, "Log all incoming UDP packets"); +VNET_DEFINE(int, udp_blackhole) = 0; SYSCTL_VNET_INT(_net_inet_udp, OID_AUTO, blackhole, CTLFLAG_RW, &VNET_NAME(udp_blackhole), 0, "Do not send port unreachables for refused connects"); @@ -133,14 +132,13 @@ SYSCTL_ULONG(_net_inet_udp, UDPCTL_RECVSPACE, recvspace, CTLFLAG_RW, VNET_DEFINE(struct inpcbhead, udb); /* from udp_var.h */ VNET_DEFINE(struct inpcbinfo, udbinfo); static VNET_DEFINE(uma_zone_t, udpcb_zone); -VNET_DEFINE(struct udpstat, udpstat); /* from udp_var.h */ - #define V_udpcb_zone VNET(udpcb_zone) #ifndef UDBHASHSIZE #define UDBHASHSIZE 128 #endif +VNET_DEFINE(struct udpstat, udpstat); /* from udp_var.h */ SYSCTL_VNET_STRUCT(_net_inet_udp, UDPCTL_STATS, stats, CTLFLAG_RW, &VNET_NAME(udpstat), udpstat, "UDP statistics (struct udpstat, netinet/udp_var.h)"); @@ -179,7 +177,6 @@ void udp_init(void) { - V_udp_blackhole = 0; in_pcbinfo_init(&V_udbinfo, "udp", &V_udb, UDBHASHSIZE, UDBHASHSIZE, "udp_inpcb", udp_inpcb_init, NULL, UMA_ZONE_NOFREE); V_udpcb_zone = uma_zcreate("udpcb", sizeof(struct udpcb), diff --git a/sys/netinet/udp_var.h b/sys/netinet/udp_var.h index b8d994c..aa7ee47 100644 --- a/sys/netinet/udp_var.h +++ b/sys/netinet/udp_var.h @@ -129,19 +129,17 @@ void kmod_udpstat_inc(int statnum); SYSCTL_DECL(_net_inet_udp); extern struct pr_usrreqs udp_usrreqs; - VNET_DECLARE(struct inpcbhead, udb); VNET_DECLARE(struct inpcbinfo, udbinfo); -VNET_DECLARE(struct udpstat, udpstat); -VNET_DECLARE(int, udp_blackhole); - #define V_udb VNET(udb) #define V_udbinfo VNET(udbinfo) -#define V_udpstat VNET(udpstat) -#define V_udp_blackhole VNET(udp_blackhole) extern u_long udp_sendspace; extern u_long udp_recvspace; +VNET_DECLARE(struct udpstat, udpstat); +VNET_DECLARE(int, udp_blackhole); +#define V_udpstat VNET(udpstat) +#define V_udp_blackhole VNET(udp_blackhole) extern int udp_log_in_vain; int udp_newudpcb(struct inpcb *); diff --git a/sys/netinet6/frag6.c b/sys/netinet6/frag6.c index 8900f7d..1523133 100644 --- a/sys/netinet6/frag6.c +++ b/sys/netinet6/frag6.c @@ -106,16 +106,17 @@ void frag6_init(void) { - V_ip6q.ip6q_next = V_ip6q.ip6q_prev = &V_ip6q; V_ip6_maxfragpackets = nmbclusters / 4; V_ip6_maxfrags = nmbclusters / 4; + V_ip6q.ip6q_next = V_ip6q.ip6q_prev = &V_ip6q; if (!IS_DEFAULT_VNET(curvnet)) return; - IP6Q_LOCK_INIT(); EVENTHANDLER_REGISTER(nmbclusters_change, frag6_change, NULL, EVENTHANDLER_PRI_ANY); + + IP6Q_LOCK_INIT(); } /* diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c index 57f8d32..87df9c3 100644 --- a/sys/netinet6/icmp6.c +++ b/sys/netinet6/icmp6.c @@ -113,23 +113,22 @@ __FBSDID("$FreeBSD$"); extern struct domain inet6domain; +VNET_DEFINE(struct icmp6stat, icmp6stat); + VNET_DECLARE(struct inpcbinfo, ripcbinfo); VNET_DECLARE(struct inpcbhead, ripcb); VNET_DECLARE(int, icmp6errppslim); +static VNET_DEFINE(int, icmp6errpps_count) = 0; +static VNET_DEFINE(struct timeval, icmp6errppslim_last); VNET_DECLARE(int, icmp6_nodeinfo); #define V_ripcbinfo VNET(ripcbinfo) #define V_ripcb VNET(ripcb) #define V_icmp6errppslim VNET(icmp6errppslim) +#define V_icmp6errpps_count VNET(icmp6errpps_count) +#define V_icmp6errppslim_last VNET(icmp6errppslim_last) #define V_icmp6_nodeinfo VNET(icmp6_nodeinfo) -VNET_DEFINE(struct icmp6stat, icmp6stat); -static VNET_DEFINE(int, icmp6errpps_count); -static VNET_DEFINE(struct timeval, icmp6errppslim_last); - -#define V_icmp6errpps_count VNET(icmp6errpps_count) -#define V_icmp6errppslim_last VNET(icmp6errppslim_last) - static void icmp6_errcount(struct icmp6errstat *, int, int); static int icmp6_rip6_input(struct mbuf **, int); static int icmp6_ratelimit(const struct in6_addr *, const int, const int); @@ -144,14 +143,6 @@ static int ni6_store_addrs __P((struct icmp6_nodeinfo *, struct icmp6_nodeinfo * struct ifnet *, int)); static int icmp6_notify_error(struct mbuf **, int, int, int); - -void -icmp6_init(void) -{ - - V_icmp6errpps_count = 0; -} - /* * Kernel module interface for updating icmp6stat. The argument is an index * into icmp6stat treated as an array of u_quad_t. While this encodes the diff --git a/sys/netinet6/in6_gif.c b/sys/netinet6/in6_gif.c index a481706..e786836 100644 --- a/sys/netinet6/in6_gif.c +++ b/sys/netinet6/in6_gif.c @@ -41,8 +41,10 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include +#include #include #include @@ -69,6 +71,13 @@ __FBSDID("$FreeBSD$"); #include +VNET_DEFINE(int, ip6_gif_hlim) = GIF_HLIM; +#define V_ip6_gif_hlim VNET(ip6_gif_hlim) + +SYSCTL_DECL(_net_inet6_ip6); +SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_GIF_HLIM, gifhlim, CTLFLAG_RW, + &VNET_NAME(ip6_gif_hlim), 0, ""); + static int gif_validate6(const struct ip6_hdr *, struct gif_softc *, struct ifnet *); diff --git a/sys/netinet6/in6_ifattach.c b/sys/netinet6/in6_ifattach.c index 5041ee2..363d7be 100644 --- a/sys/netinet6/in6_ifattach.c +++ b/sys/netinet6/in6_ifattach.c @@ -67,10 +67,15 @@ __FBSDID("$FreeBSD$"); #include #include -VNET_DEFINE(unsigned long, in6_maxmtu); -VNET_DEFINE(int, ip6_auto_linklocal); -VNET_DEFINE(struct callout, in6_tmpaddrtimer_ch); +VNET_DEFINE(unsigned long, in6_maxmtu) = 0; + +#ifdef IP6_AUTO_LINKLOCAL +VNET_DEFINE(int, ip6_auto_linklocal) = IP6_AUTO_LINKLOCAL; +#else +VNET_DEFINE(int, ip6_auto_linklocal) = 1; /* enabled by default */ +#endif +VNET_DEFINE(struct callout, in6_tmpaddrtimer_ch); #define V_in6_tmpaddrtimer_ch VNET(in6_tmpaddrtimer_ch) VNET_DECLARE(struct inpcbinfo, ripcbinfo); diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c index 3289e57..51f5187 100644 --- a/sys/netinet6/in6_proto.c +++ b/sys/netinet6/in6_proto.c @@ -234,7 +234,6 @@ struct ip6protosw inet6sw[] = { .pr_output = rip6_output, .pr_ctlinput = rip6_ctlinput, .pr_ctloutput = rip6_ctloutput, - .pr_init = icmp6_init, .pr_fasttimo = icmp6_fasttimo, .pr_slowtimo = icmp6_slowtimo, .pr_usrreqs = &rip6_usrreqs @@ -378,25 +377,44 @@ VNET_DOMAIN_SET(inet6); /* * Internet configuration info */ -VNET_DEFINE(int, ip6_forwarding); -VNET_DEFINE(int, ip6_sendredirects); -VNET_DEFINE(int, ip6_defhlim); -VNET_DEFINE(int, ip6_defmcasthlim); -VNET_DEFINE(int, ip6_accept_rtadv); -VNET_DEFINE(int, ip6_maxfragpackets); -VNET_DEFINE(int, ip6_maxfrags); -VNET_DEFINE(int, ip6_log_interval); -VNET_DEFINE(int, ip6_hdrnestlimit); -VNET_DEFINE(int, ip6_dad_count); -VNET_DEFINE(int, ip6_auto_flowlabel); -VNET_DEFINE(int, ip6_use_deprecated); -VNET_DEFINE(int, ip6_rr_prune); -VNET_DEFINE(int, ip6_mcast_pmtu); -VNET_DEFINE(int, ip6_v6only); -VNET_DEFINE(int, ip6_keepfaith); -VNET_DEFINE(time_t, ip6_log_time); -VNET_DEFINE(int, ip6stealth); -VNET_DEFINE(int, nd6_onlink_ns_rfc4861); +#ifndef IPV6FORWARDING +#ifdef GATEWAY6 +#define IPV6FORWARDING 1 /* forward IP6 packets not for us */ +#else +#define IPV6FORWARDING 0 /* don't forward IP6 packets not for us */ +#endif /* GATEWAY6 */ +#endif /* !IPV6FORWARDING */ + +#ifndef IPV6_SENDREDIRECTS +#define IPV6_SENDREDIRECTS 1 +#endif + +VNET_DEFINE(int, ip6_forwarding) = IPV6FORWARDING; /* act as router? */ +VNET_DEFINE(int, ip6_sendredirects) = IPV6_SENDREDIRECTS; +VNET_DEFINE(int, ip6_defhlim) = IPV6_DEFHLIM; +VNET_DEFINE(int, ip6_defmcasthlim) = IPV6_DEFAULT_MULTICAST_HOPS; +VNET_DEFINE(int, ip6_accept_rtadv) = 0; +VNET_DEFINE(int, ip6_maxfragpackets); /* initialized in frag6.c:frag6_init() */ +VNET_DEFINE(int, ip6_maxfrags); /* initialized in frag6.c:frag6_init() */ +VNET_DEFINE(int, ip6_log_interval) = 5; +VNET_DEFINE(int, ip6_hdrnestlimit) = 15;/* How many header options will we + * process? */ +VNET_DEFINE(int, ip6_dad_count) = 1; /* DupAddrDetectionTransmits */ +VNET_DEFINE(int, ip6_auto_flowlabel) = 1; +VNET_DEFINE(int, ip6_use_deprecated) = 1;/* allow deprecated addr + * (RFC2462 5.5.4) */ +VNET_DEFINE(int, ip6_rr_prune) = 5; /* router renumbering prefix + * walk list every 5 sec. */ +VNET_DEFINE(int, ip6_mcast_pmtu) = 0; /* enable pMTU discovery for multicast? */ +VNET_DEFINE(int, ip6_v6only) = 1; + +VNET_DEFINE(int, ip6_keepfaith) = 0; +VNET_DEFINE(time_t, ip6_log_time) = (time_t)0L; +#ifdef IPSTEALTH +VNET_DEFINE(int, ip6stealth) = 0; +#endif +VNET_DEFINE(int, nd6_onlink_ns_rfc4861) = 0;/* allow 'on-link' nd6 NS + * (RFC 4861) */ /* icmp6 */ /* @@ -404,26 +422,31 @@ VNET_DEFINE(int, nd6_onlink_ns_rfc4861); * XXX: what if we don't define INET? Should we define pmtu6_expire * or so? (jinmei@kame.net 19990310) */ -VNET_DEFINE(int, pmtu_expire); -VNET_DEFINE(int, pmtu_probe); +VNET_DEFINE(int, pmtu_expire) = 60*10; +VNET_DEFINE(int, pmtu_probe) = 60*2; /* raw IP6 parameters */ /* * Nominal space allocated to a raw ip socket. */ -VNET_DEFINE(u_long, rip6_sendspace); -VNET_DEFINE(u_long, rip6_recvspace); +#define RIPV6SNDQ 8192 +#define RIPV6RCVQ 8192 + +VNET_DEFINE(u_long, rip6_sendspace) = RIPV6SNDQ; +VNET_DEFINE(u_long, rip6_recvspace) = RIPV6RCVQ; /* ICMPV6 parameters */ -VNET_DEFINE(int, icmp6_rediraccept); -VNET_DEFINE(int, icmp6_redirtimeout); -VNET_DEFINE(int, icmp6errppslim); +VNET_DEFINE(int, icmp6_rediraccept) = 1;/* accept and process redirects */ +VNET_DEFINE(int, icmp6_redirtimeout) = 10 * 60; /* 10 minutes */ +VNET_DEFINE(int, icmp6errppslim) = 100; /* 100pps */ /* control how to respond to NI queries */ -VNET_DEFINE(int, icmp6_nodeinfo); +VNET_DEFINE(int, icmp6_nodeinfo) = + (ICMP6_NODEINFO_FQDNOK|ICMP6_NODEINFO_NODEADDROK); /* UDP on IP6 parameters */ -VNET_DEFINE(int, udp6_sendspace); -VNET_DEFINE(int, udp6_recvspace); +VNET_DEFINE(int, udp6_sendspace) = 9216;/* really max datagram size */ +VNET_DEFINE(int, udp6_recvspace) = 40 * (1024 + sizeof(struct sockaddr_in6)); + /* 40 1K datagrams */ /* * sysctl related items. @@ -571,7 +594,6 @@ SYSCTL_VNET_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXNUDHINT, nd6_maxnudhint, CTLFLAG_RW, &VNET_NAME(nd6_maxnudhint), 0, ""); SYSCTL_VNET_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG, nd6_debug, CTLFLAG_RW, &VNET_NAME(nd6_debug), 0, ""); - SYSCTL_VNET_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861, nd6_onlink_ns_rfc4861, CTLFLAG_RW, &VNET_NAME(nd6_onlink_ns_rfc4861), 0, "Accept 'on-link' nd6 NS in compliance with RFC 4861."); diff --git a/sys/netinet6/in6_rmx.c b/sys/netinet6/in6_rmx.c index 1ae04c3..8927a17 100644 --- a/sys/netinet6/in6_rmx.c +++ b/sys/netinet6/in6_rmx.c @@ -204,20 +204,21 @@ in6_matroute(void *v_arg, struct radix_node_head *head) SYSCTL_DECL(_net_inet6_ip6); -static VNET_DEFINE(int, rtq_reallyold6); -static VNET_DEFINE(int, rtq_minreallyold6); -static VNET_DEFINE(int, rtq_toomany6); - +static VNET_DEFINE(int, rtq_reallyold6) = 60*60; + /* one hour is ``really old'' */ #define V_rtq_reallyold6 VNET(rtq_reallyold6) -#define V_rtq_minreallyold6 VNET(rtq_minreallyold6) -#define V_rtq_toomany6 VNET(rtq_toomany6) - SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_RTEXPIRE, rtexpire, CTLFLAG_RW, &VNET_NAME(rtq_reallyold6) , 0, ""); +static VNET_DEFINE(int, rtq_minreallyold6) = 10; + /* never automatically crank down to less */ +#define V_rtq_minreallyold6 VNET(rtq_minreallyold6) SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_RTMINEXPIRE, rtminexpire, CTLFLAG_RW, &VNET_NAME(rtq_minreallyold6) , 0, ""); +static VNET_DEFINE(int, rtq_toomany6) = 128; + /* 128 cached routes is ``too many'' */ +#define V_rtq_toomany6 VNET(rtq_toomany6) SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_RTMAXCACHE, rtmaxcache, CTLFLAG_RW, &VNET_NAME(rtq_toomany6) , 0, ""); @@ -277,7 +278,7 @@ in6_rtqkill(struct radix_node *rn, void *rock) } #define RTQ_TIMEOUT 60*10 /* run no less than once every ten minutes */ -static VNET_DEFINE(int, rtq_timeout6); +static VNET_DEFINE(int, rtq_timeout6) = RTQ_TIMEOUT; static VNET_DEFINE(struct callout, rtq_timer6); #define V_rtq_timeout6 VNET(rtq_timeout6) @@ -346,7 +347,6 @@ struct mtuex_arg { struct radix_node_head *rnh; time_t nextstop; }; - static VNET_DEFINE(struct callout, rtq_mtutimer); #define V_rtq_mtutimer VNET(rtq_mtutimer) @@ -422,11 +422,6 @@ in6_inithead(void **head, int off) if (off == 0) /* See above */ return 1; /* only do the rest for the real thing */ - V_rtq_reallyold6 = 60*60; /* one hour is ``really old'' */ - V_rtq_minreallyold6 = 10; /* never automatically crank down to less */ - V_rtq_toomany6 = 128; /* 128 cached routes is ``too many'' */ - V_rtq_timeout6 = RTQ_TIMEOUT; - rnh = *head; KASSERT(rnh == rt_tables_get_rnh(0, AF_INET6), ("rnh?")); rnh->rnh_addaddr = in6_addroute; diff --git a/sys/netinet6/in6_src.c b/sys/netinet6/in6_src.c index e6c2cd8..49bc715 100644 --- a/sys/netinet6/in6_src.c +++ b/sys/netinet6/in6_src.c @@ -122,12 +122,11 @@ static struct sx addrsel_sxlock; #define ADDRSEL_XUNLOCK() sx_xunlock(&addrsel_sxlock) #define ADDR_LABEL_NOTAPP (-1) - static VNET_DEFINE(struct in6_addrpolicy, defaultaddrpolicy); -VNET_DEFINE(int, ip6_prefer_tempaddr); - #define V_defaultaddrpolicy VNET(defaultaddrpolicy) +VNET_DEFINE(int, ip6_prefer_tempaddr) = 0; + static int selectroute __P((struct sockaddr_in6 *, struct ip6_pktopts *, struct ip6_moptions *, struct route_in6 *, struct ifnet **, struct rtentry **, int)); @@ -952,8 +951,6 @@ void addrsel_policy_init(void) { - V_ip6_prefer_tempaddr = 0; - init_policy_queue(); /* initialize the "last resort" policy */ diff --git a/sys/netinet6/in6_var.h b/sys/netinet6/in6_var.h index d0a54e0..00342fd 100644 --- a/sys/netinet6/in6_var.h +++ b/sys/netinet6/in6_var.h @@ -487,12 +487,7 @@ struct in6_rrenumreq { #ifdef _KERNEL VNET_DECLARE(struct in6_ifaddrhead, in6_ifaddrhead); -VNET_DECLARE(struct icmp6stat, icmp6stat); -VNET_DECLARE(unsigned long, in6_maxmtu); - #define V_in6_ifaddrhead VNET(in6_ifaddrhead) -#define V_icmp6stat VNET(icmp6stat) -#define V_in6_maxmtu VNET(in6_maxmtu) extern struct rwlock in6_ifaddr_lock; #define IN6_IFADDR_LOCK_ASSERT( ) rw_assert(&in6_ifaddr_lock, RA_LOCKED) @@ -503,6 +498,8 @@ extern struct rwlock in6_ifaddr_lock; #define IN6_IFADDR_WLOCK_ASSERT() rw_assert(&in6_ifaddr_lock, RA_WLOCKED) #define IN6_IFADDR_WUNLOCK() rw_wunlock(&in6_ifaddr_lock) +VNET_DECLARE(struct icmp6stat, icmp6stat); +#define V_icmp6stat VNET(icmp6stat) #define in6_ifstat_inc(ifp, tag) \ do { \ if (ifp) \ @@ -511,6 +508,8 @@ do { \ extern struct in6_addr zeroin6_addr; extern u_char inet6ctlerrmap[]; +VNET_DECLARE(unsigned long, in6_maxmtu); +#define V_in6_maxmtu VNET(in6_maxmtu) #endif /* _KERNEL */ /* diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index c244f37..42f9351 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -116,6 +116,7 @@ __FBSDID("$FreeBSD$"); extern struct domain inet6domain; u_char ip6_protox[IPPROTO_MAX]; +VNET_DEFINE(struct in6_ifaddrhead, in6_ifaddrhead); static struct netisr_handler ip6_nh = { .nh_name = "ip6", @@ -124,36 +125,16 @@ static struct netisr_handler ip6_nh = { .nh_policy = NETISR_POLICY_FLOW, }; -VNET_DEFINE(struct in6_ifaddrhead, in6_ifaddrhead); -VNET_DEFINE(struct ip6stat, ip6stat); - VNET_DECLARE(struct callout, in6_tmpaddrtimer_ch); -VNET_DECLARE(int, dad_init); -VNET_DECLARE(int, pmtu_expire); -VNET_DECLARE(int, pmtu_probe); -VNET_DECLARE(u_long, rip6_sendspace); -VNET_DECLARE(u_long, rip6_recvspace); -VNET_DECLARE(int, icmp6errppslim); -VNET_DECLARE(int, icmp6_nodeinfo); -VNET_DECLARE(int, udp6_sendspace); -VNET_DECLARE(int, udp6_recvspace); - #define V_in6_tmpaddrtimer_ch VNET(in6_tmpaddrtimer_ch) -#define V_dad_init VNET(dad_init) -#define V_pmtu_expire VNET(pmtu_expire) -#define V_pmtu_probe VNET(pmtu_probe) -#define V_rip6_sendspace VNET(rip6_sendspace) -#define V_rip6_recvspace VNET(rip6_recvspace) -#define V_icmp6errppslim VNET(icmp6errppslim) -#define V_icmp6_nodeinfo VNET(icmp6_nodeinfo) -#define V_udp6_sendspace VNET(udp6_sendspace) -#define V_udp6_recvspace VNET(udp6_recvspace) + +VNET_DEFINE(struct pfil_head, inet6_pfil_hook); + +VNET_DEFINE(struct ip6stat, ip6stat); struct rwlock in6_ifaddr_lock; RW_SYSINIT(in6_ifaddr_lock, &in6_ifaddr_lock, "in6_ifaddr_lock"); -VNET_DEFINE (struct pfil_head, inet6_pfil_hook); - static void ip6_init2(void *); static struct ip6aux *ip6_setdstifaddr(struct mbuf *, struct in6_ifaddr *); static int ip6_hopopts_input(u_int32_t *, u_int32_t *, struct mbuf **, int *); @@ -171,82 +152,11 @@ ip6_init(void) struct ip6protosw *pr; int i; - V_in6_maxmtu = 0; -#ifdef IP6_AUTO_LINKLOCAL - V_ip6_auto_linklocal = IP6_AUTO_LINKLOCAL; -#else - V_ip6_auto_linklocal = 1; /* enabled by default */ -#endif TUNABLE_INT_FETCH("net.inet6.ip6.auto_linklocal", &V_ip6_auto_linklocal); -#ifndef IPV6FORWARDING -#ifdef GATEWAY6 -#define IPV6FORWARDING 1 /* forward IP6 packets not for us */ -#else -#define IPV6FORWARDING 0 /* don't forward IP6 packets not for us */ -#endif /* GATEWAY6 */ -#endif /* !IPV6FORWARDING */ - -#ifndef IPV6_SENDREDIRECTS -#define IPV6_SENDREDIRECTS 1 -#endif - - V_ip6_forwarding = IPV6FORWARDING; /* act as router? */ - V_ip6_sendredirects = IPV6_SENDREDIRECTS; - V_ip6_defhlim = IPV6_DEFHLIM; - V_ip6_defmcasthlim = IPV6_DEFAULT_MULTICAST_HOPS; - V_ip6_accept_rtadv = 0; - V_ip6_log_interval = 5; - V_ip6_hdrnestlimit = 15; /* How many header options will we process? */ - V_ip6_dad_count = 1; /* DupAddrDetectionTransmits */ - V_ip6_auto_flowlabel = 1; - V_ip6_use_deprecated = 1;/* allow deprecated addr (RFC2462 5.5.4) */ - V_ip6_rr_prune = 5; /* router renumbering prefix - * walk list every 5 sec. */ - V_ip6_mcast_pmtu = 0; /* enable pMTU discovery for multicast? */ - V_ip6_v6only = 1; - V_ip6_keepfaith = 0; - V_ip6_log_time = (time_t)0L; -#ifdef IPSTEALTH - V_ip6stealth = 0; -#endif - V_nd6_onlink_ns_rfc4861 = 0; /* allow 'on-link' nd6 NS (RFC 4861) */ - - V_pmtu_expire = 60*10; - V_pmtu_probe = 60*2; - - /* raw IP6 parameters */ - /* - * Nominal space allocated to a raw ip socket. - */ -#define RIPV6SNDQ 8192 -#define RIPV6RCVQ 8192 - V_rip6_sendspace = RIPV6SNDQ; - V_rip6_recvspace = RIPV6RCVQ; - - /* ICMPV6 parameters */ - V_icmp6_rediraccept = 1; /* accept and process redirects */ - V_icmp6_redirtimeout = 10 * 60; /* 10 minutes */ - V_icmp6errppslim = 100; /* 100pps */ - /* control how to respond to NI queries */ - V_icmp6_nodeinfo = (ICMP6_NODEINFO_FQDNOK|ICMP6_NODEINFO_NODEADDROK); - - /* UDP on IP6 parameters */ - V_udp6_sendspace = 9216; /* really max datagram size */ - V_udp6_recvspace = 40 * (1024 + sizeof(struct sockaddr_in6)); - /* 40 1K datagrams */ - V_dad_init = 0; - TAILQ_INIT(&V_in6_ifaddrhead); - scope6_init(); - addrsel_policy_init(); - nd6_init(); - frag6_init(); - - V_ip6_desync_factor = arc4random() % MAX_TEMP_DESYNC_FACTOR; - /* Initialize packet filter hooks. */ V_inet6_pfil_hook.ph_type = PFIL_TYPE_AF; V_inet6_pfil_hook.ph_af = AF_INET6; @@ -254,6 +164,13 @@ ip6_init(void) printf("%s: WARNING: unable to register pfil hook, " "error %d\n", __func__, i); + scope6_init(); + addrsel_policy_init(); + nd6_init(); + frag6_init(); + + V_ip6_desync_factor = arc4random() % MAX_TEMP_DESYNC_FACTOR; + /* Skip global initialization stuff for non-default instances. */ if (!IS_DEFAULT_VNET(curvnet)) return; diff --git a/sys/netinet6/ip6_mroute.c b/sys/netinet6/ip6_mroute.c index 5496062..0c1ff78 100644 --- a/sys/netinet6/ip6_mroute.c +++ b/sys/netinet6/ip6_mroute.c @@ -130,7 +130,6 @@ static MALLOC_DEFINE(M_MRTABLE6, "mf6c", "multicast forwarding cache entry"); static int ip6_mdq(struct mbuf *, struct ifnet *, struct mf6c *); static void phyint_send(struct ip6_hdr *, struct mif6 *, struct mbuf *); -static void pim6_init(void); static int register_send(struct ip6_hdr *, struct mif6 *, struct mbuf *); static int set_pim6(int *); static int socket_send(struct socket *, struct mbuf *, @@ -148,12 +147,11 @@ static const struct ip6protosw in6_pim_protosw = { .pr_input = pim6_input, .pr_output = rip6_output, .pr_ctloutput = rip6_ctloutput, - .pr_init = pim6_init, .pr_usrreqs = &rip6_usrreqs }; static int pim6_encapcheck(const struct mbuf *, int, int, void *); -static VNET_DEFINE(int, ip6_mrouter_ver); +static VNET_DEFINE(int, ip6_mrouter_ver) = 0; #define V_ip6_mrouter_ver VNET(ip6_mrouter_ver) SYSCTL_DECL(_net_inet6); @@ -212,7 +210,7 @@ static struct mtx mif6_mtx; #define MIF6_LOCK_DESTROY() mtx_destroy(&mif6_mtx) #ifdef MRT6DEBUG -static VNET_DEFINE(u_int, mrt6debug); /* debug level */ +static VNET_DEFINE(u_int, mrt6debug) = 0; /* debug level */ #define V_mrt6debug VNET(mrt6debug) #define DEBUG_MFC 0x02 #define DEBUG_FORWARD 0x04 @@ -338,15 +336,6 @@ int X_ip6_mrouter_set(struct socket *, struct sockopt *); int X_ip6_mrouter_get(struct socket *, struct sockopt *); int X_mrt6_ioctl(u_long, caddr_t); -static void -pim6_init(void) -{ - -#ifdef MRT6DEBUG - V_mrt6debug = 0; /* debug level */ -#endif -} - /* * Handle MRT setsockopt commands to modify the multicast routing tables. */ @@ -533,11 +522,7 @@ static int ip6_mrouter_init(struct socket *so, int v, int cmd) { - V_ip6_mrouter_ver = 0; - #ifdef MRT6DEBUG - V_mrt6debug = 0; - if (V_mrt6debug) log(LOG_DEBUG, "ip6_mrouter_init: so_type = %d, pr_protocol = %d\n", diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h index a0a0f3a..3e91a79 100644 --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -295,12 +295,20 @@ VNET_DECLARE(struct ip6stat, ip6stat); /* statistics */ VNET_DECLARE(int, ip6_defhlim); /* default hop limit */ VNET_DECLARE(int, ip6_defmcasthlim); /* default multicast hop limit */ VNET_DECLARE(int, ip6_forwarding); /* act as router? */ -VNET_DECLARE(int, ip6_gif_hlim); /* Hop limit for gif encap packet */ VNET_DECLARE(int, ip6_use_deprecated); /* allow deprecated addr as source */ VNET_DECLARE(int, ip6_rr_prune); /* router renumbering prefix * walk list every 5 sec. */ VNET_DECLARE(int, ip6_mcast_pmtu); /* enable pMTU discovery for multicast? */ VNET_DECLARE(int, ip6_v6only); +#define V_ip6stat VNET(ip6stat) +#define V_ip6_defhlim VNET(ip6_defhlim) +#define V_ip6_defmcasthlim VNET(ip6_defmcasthlim) +#define V_ip6_forwarding VNET(ip6_forwarding) +#define V_ip6_use_deprecated VNET(ip6_use_deprecated) +#define V_ip6_rr_prune VNET(ip6_rr_prune) +#define V_ip6_mcast_pmtu VNET(ip6_mcast_pmtu) +#define V_ip6_v6only VNET(ip6_v6only) + VNET_DECLARE(struct socket *, ip6_mrouter); /* multicast routing daemon */ VNET_DECLARE(int, ip6_sendredirects); /* send IP redirects when forwarding? */ VNET_DECLARE(int, ip6_maxfragpackets); /* Maximum packets in reassembly @@ -314,31 +322,6 @@ VNET_DECLARE(time_t, ip6_log_time); VNET_DECLARE(int, ip6_hdrnestlimit); /* upper limit of # of extension * headers */ VNET_DECLARE(int, ip6_dad_count); /* DupAddrDetectionTransmits */ - -VNET_DECLARE(int, ip6_auto_flowlabel); -VNET_DECLARE(int, ip6_auto_linklocal); - -VNET_DECLARE(int, ip6_use_tempaddr); /* Whether to use temporary addresses */ -VNET_DECLARE(int, ip6_prefer_tempaddr); /* Whether to prefer temporary - * addresses in the source address - * selection */ - -#ifdef IPSTEALTH -VNET_DECLARE(int, ip6stealth); -#endif - -VNET_DECLARE(int, ip6_use_defzone); /* Whether to use the default scope - * zone when unspecified */ - -#define V_ip6stat VNET(ip6stat) -#define V_ip6_defhlim VNET(ip6_defhlim) -#define V_ip6_defmcasthlim VNET(ip6_defmcasthlim) -#define V_ip6_forwarding VNET(ip6_forwarding) -#define V_ip6_gif_hlim VNET(ip6_gif_hlim) -#define V_ip6_use_deprecated VNET(ip6_use_deprecated) -#define V_ip6_rr_prune VNET(ip6_rr_prune) -#define V_ip6_mcast_pmtu VNET(ip6_mcast_pmtu) -#define V_ip6_v6only VNET(ip6_v6only) #define V_ip6_mrouter VNET(ip6_mrouter) #define V_ip6_sendredirects VNET(ip6_sendredirects) #define V_ip6_maxfragpackets VNET(ip6_maxfragpackets) @@ -349,17 +332,29 @@ VNET_DECLARE(int, ip6_use_defzone); /* Whether to use the default scope #define V_ip6_log_time VNET(ip6_log_time) #define V_ip6_hdrnestlimit VNET(ip6_hdrnestlimit) #define V_ip6_dad_count VNET(ip6_dad_count) + +VNET_DECLARE(int, ip6_auto_flowlabel); +VNET_DECLARE(int, ip6_auto_linklocal); #define V_ip6_auto_flowlabel VNET(ip6_auto_flowlabel) #define V_ip6_auto_linklocal VNET(ip6_auto_linklocal) + +VNET_DECLARE(int, ip6_use_tempaddr); /* Whether to use temporary addresses */ +VNET_DECLARE(int, ip6_prefer_tempaddr); /* Whether to prefer temporary + * addresses in the source address + * selection */ #define V_ip6_use_tempaddr VNET(ip6_use_tempaddr) #define V_ip6_prefer_tempaddr VNET(ip6_prefer_tempaddr) -#ifdef IPSTEALTH -#define V_ip6stealth VNET(ip6stealth) -#endif + +VNET_DECLARE(int, ip6_use_defzone); /* Whether to use the default scope + * zone when unspecified */ #define V_ip6_use_defzone VNET(ip6_use_defzone) VNET_DECLARE (struct pfil_head, inet6_pfil_hook); /* packet filter hooks */ #define V_inet6_pfil_hook VNET(inet6_pfil_hook) +#ifdef IPSTEALTH +VNET_DECLARE(int, ip6stealth); +#define V_ip6stealth VNET(ip6stealth) +#endif extern struct pr_usrreqs rip6_usrreqs; struct sockopt; diff --git a/sys/netinet6/nd6.c b/sys/netinet6/nd6.c index a0ef204..7a54226 100644 --- a/sys/netinet6/nd6.c +++ b/sys/netinet6/nd6.c @@ -82,21 +82,31 @@ __FBSDID("$FreeBSD$"); #define SIN6(s) ((struct sockaddr_in6 *)s) -VNET_DEFINE(int, nd6_prune); -VNET_DEFINE(int, nd6_delay); -VNET_DEFINE(int, nd6_umaxtries); -VNET_DEFINE(int, nd6_mmaxtries); -VNET_DEFINE(int, nd6_useloopback); -VNET_DEFINE(int, nd6_gctimer); +/* timer values */ +VNET_DEFINE(int, nd6_prune) = 1; /* walk list every 1 seconds */ +VNET_DEFINE(int, nd6_delay) = 5; /* delay first probe time 5 second */ +VNET_DEFINE(int, nd6_umaxtries) = 3; /* maximum unicast query */ +VNET_DEFINE(int, nd6_mmaxtries) = 3; /* maximum multicast query */ +VNET_DEFINE(int, nd6_useloopback) = 1; /* use loopback interface for + * local traffic */ +VNET_DEFINE(int, nd6_gctimer) = (60 * 60 * 24); /* 1 day: garbage + * collection timer */ /* preventing too many loops in ND option parsing */ -static VNET_DEFINE(int, nd6_maxndopt); -VNET_DEFINE(int, nd6_maxnudhint); -static VNET_DEFINE(int, nd6_maxqueuelen); +static VNET_DEFINE(int, nd6_maxndopt) = 10; /* max # of ND options allowed */ + +VNET_DEFINE(int, nd6_maxnudhint) = 0; /* max # of subsequent upper + * layer hints */ +static VNET_DEFINE(int, nd6_maxqueuelen) = 1; /* max pkts cached in unresolved + * ND entries */ #define V_nd6_maxndopt VNET(nd6_maxndopt) #define V_nd6_maxqueuelen VNET(nd6_maxqueuelen) -VNET_DEFINE(int, nd6_debug); +#ifdef ND6_DEBUG +VNET_DEFINE(int, nd6_debug) = 1; +#else +VNET_DEFINE(int, nd6_debug) = 0; +#endif /* for debugging? */ #if 0 @@ -106,7 +116,7 @@ static int nd6_inuse, nd6_allocated; VNET_DEFINE(struct nd_drhead, nd_defrouter); VNET_DEFINE(struct nd_prhead, nd_prefix); -VNET_DEFINE(int, nd6_recalc_reachtm_interval); +VNET_DEFINE(int, nd6_recalc_reachtm_interval) = ND6_RECALC_REACHTM_INTERVAL; #define V_nd6_recalc_reachtm_interval VNET(nd6_recalc_reachtm_interval) static struct sockaddr_in6 all1_sa; @@ -125,56 +135,13 @@ static VNET_DEFINE(struct callout, nd6_slowtimo_ch); VNET_DEFINE(struct callout, nd6_timer_ch); -VNET_DECLARE(int, dad_ignore_ns); -VNET_DECLARE(int, dad_maxtry); -#define V_dad_ignore_ns VNET(dad_ignore_ns) -#define V_dad_maxtry VNET(dad_maxtry) - void nd6_init(void) { int i; - V_nd6_prune = 1; /* walk list every 1 seconds */ - V_nd6_delay = 5; /* delay first probe time 5 second */ - V_nd6_umaxtries = 3; /* maximum unicast query */ - V_nd6_mmaxtries = 3; /* maximum multicast query */ - V_nd6_useloopback = 1; /* use loopback interface for local traffic */ - V_nd6_gctimer = (60 * 60 * 24); /* 1 day: garbage collection timer */ - - /* preventing too many loops in ND option parsing */ - V_nd6_maxndopt = 10; /* max # of ND options allowed */ - - V_nd6_maxnudhint = 0; /* max # of subsequent upper layer hints */ - V_nd6_maxqueuelen = 1; /* max pkts cached in unresolved ND entries */ - -#ifdef ND6_DEBUG - V_nd6_debug = 1; -#else - V_nd6_debug = 0; -#endif - - V_nd6_recalc_reachtm_interval = ND6_RECALC_REACHTM_INTERVAL; - - V_dad_ignore_ns = 0; /* ignore NS in DAD - specwise incorrect*/ - V_dad_maxtry = 15; /* max # of *tries* to transmit DAD packet */ - - /* - * XXX just to get this to compile KMM - */ -#ifdef notyet - V_llinfo_nd6.ln_next = &V_llinfo_nd6; - V_llinfo_nd6.ln_prev = &V_llinfo_nd6; -#endif LIST_INIT(&V_nd_prefix); - V_ip6_use_tempaddr = 0; - V_ip6_temp_preferred_lifetime = DEF_TEMP_PREFERRED_LIFETIME; - V_ip6_temp_valid_lifetime = DEF_TEMP_VALID_LIFETIME; - V_ip6_temp_regen_advance = TEMPADDR_REGEN_ADVANCE; - - V_ip6_desync_factor = 0; - all1_sa.sin6_family = AF_INET6; all1_sa.sin6_len = sizeof(struct sockaddr_in6); for (i = 0; i < sizeof(all1_sa.sin6_addr); i++) @@ -182,13 +149,13 @@ nd6_init(void) /* initialization of the default router list */ TAILQ_INIT(&V_nd_defrouter); + /* start timer */ callout_init(&V_nd6_slowtimo_ch, 0); callout_reset(&V_nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, nd6_slowtimo, curvnet); } - #ifdef VIMAGE void nd6_destroy() diff --git a/sys/netinet6/nd6.h b/sys/netinet6/nd6.h index ff8faa2..abcfcb7 100644 --- a/sys/netinet6/nd6.h +++ b/sys/netinet6/nd6.h @@ -330,8 +330,6 @@ VNET_DECLARE(struct nd_drhead, nd_defrouter); VNET_DECLARE(struct nd_prhead, nd_prefix); VNET_DECLARE(int, nd6_debug); VNET_DECLARE(int, nd6_onlink_ns_rfc4861); -VNET_DECLARE(struct callout, nd6_timer_ch); - #define V_nd6_prune VNET(nd6_prune) #define V_nd6_delay VNET(nd6_delay) #define V_nd6_umaxtries VNET(nd6_umaxtries) @@ -343,6 +341,10 @@ VNET_DECLARE(struct callout, nd6_timer_ch); #define V_nd_prefix VNET(nd_prefix) #define V_nd6_debug VNET(nd6_debug) #define V_nd6_onlink_ns_rfc4861 VNET(nd6_onlink_ns_rfc4861) + +#define nd6log(x) do { if (V_nd6_debug) log x; } while (/*CONSTCOND*/ 0) + +VNET_DECLARE(struct callout, nd6_timer_ch); #define V_nd6_timer_ch VNET(nd6_timer_ch) /* nd6_rtr.c */ @@ -351,15 +353,12 @@ VNET_DECLARE(int, ip6_desync_factor); /* seconds */ VNET_DECLARE(u_int32_t, ip6_temp_preferred_lifetime); /* seconds */ VNET_DECLARE(u_int32_t, ip6_temp_valid_lifetime); /* seconds */ VNET_DECLARE(int, ip6_temp_regen_advance); /* seconds */ - #define V_nd6_defifindex VNET(nd6_defifindex) #define V_ip6_desync_factor VNET(ip6_desync_factor) #define V_ip6_temp_preferred_lifetime VNET(ip6_temp_preferred_lifetime) #define V_ip6_temp_valid_lifetime VNET(ip6_temp_valid_lifetime) #define V_ip6_temp_regen_advance VNET(ip6_temp_regen_advance) -#define nd6log(x) do { if (V_nd6_debug) log x; } while (/*CONSTCOND*/ 0) - union nd_opts { struct nd_opt_hdr *nd_opt_array[8]; /* max = target address list */ struct { diff --git a/sys/netinet6/nd6_nbr.c b/sys/netinet6/nd6_nbr.c index f9061d3..a50925b 100644 --- a/sys/netinet6/nd6_nbr.c +++ b/sys/netinet6/nd6_nbr.c @@ -89,9 +89,8 @@ static void nd6_dad_ns_output(struct dadq *, struct ifaddr *); static void nd6_dad_ns_input(struct ifaddr *); static void nd6_dad_na_input(struct ifaddr *); -VNET_DEFINE(int, dad_ignore_ns); -VNET_DEFINE(int, dad_maxtry); - +VNET_DEFINE(int, dad_ignore_ns) = 0; /* ignore NS in DAD - specwise incorrect*/ +VNET_DEFINE(int, dad_maxtry) = 15; /* max # of *tries* to transmit DAD packet */ #define V_dad_ignore_ns VNET(dad_ignore_ns) #define V_dad_maxtry VNET(dad_maxtry) @@ -1124,9 +1123,8 @@ struct dadq { }; static VNET_DEFINE(TAILQ_HEAD(, dadq), dadq); +VNET_DEFINE(int, dad_init) = 0; #define V_dadq VNET(dadq) - -VNET_DEFINE(int, dad_init); #define V_dad_init VNET(dad_init) static struct dadq * diff --git a/sys/netinet6/nd6_rtr.c b/sys/netinet6/nd6_rtr.c index 74f4954..19ec989 100644 --- a/sys/netinet6/nd6_rtr.c +++ b/sys/netinet6/nd6_rtr.c @@ -90,14 +90,16 @@ VNET_DECLARE(int, nd6_recalc_reachtm_interval); #define V_nd6_recalc_reachtm_interval VNET(nd6_recalc_reachtm_interval) static VNET_DEFINE(struct ifnet *, nd6_defifp); +VNET_DEFINE(int, nd6_defifindex); #define V_nd6_defifp VNET(nd6_defifp) -VNET_DEFINE(int, nd6_defifindex); -VNET_DEFINE(int, ip6_use_tempaddr); +VNET_DEFINE(int, ip6_use_tempaddr) = 0; + VNET_DEFINE(int, ip6_desync_factor); -VNET_DEFINE(u_int32_t, ip6_temp_preferred_lifetime); -VNET_DEFINE(u_int32_t, ip6_temp_valid_lifetime); -VNET_DEFINE(int, ip6_temp_regen_advance); +VNET_DEFINE(u_int32_t, ip6_temp_preferred_lifetime) = DEF_TEMP_PREFERRED_LIFETIME; +VNET_DEFINE(u_int32_t, ip6_temp_valid_lifetime) = DEF_TEMP_VALID_LIFETIME; + +VNET_DEFINE(int, ip6_temp_regen_advance) = TEMPADDR_REGEN_ADVANCE; /* RTPREF_MEDIUM has to be 0! */ #define RTPREF_HIGH 1 diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index 6052b24..939aa6a 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -119,11 +119,11 @@ VNET_DECLARE(struct inpcbinfo, ripcbinfo); #define V_ripcb VNET(ripcb) #define V_ripcbinfo VNET(ripcbinfo) -VNET_DEFINE(struct rip6stat, rip6stat); - extern u_long rip_sendspace; extern u_long rip_recvspace; +VNET_DEFINE(struct rip6stat, rip6stat); + /* * Hooks for multicast routing. They all default to NULL, so leave them not * initialized and rely on BSS being set to 0. diff --git a/sys/netinet6/scope6.c b/sys/netinet6/scope6.c index cced5e30..8189d87 100644 --- a/sys/netinet6/scope6.c +++ b/sys/netinet6/scope6.c @@ -50,6 +50,11 @@ __FBSDID("$FreeBSD$"); #include #include +#ifdef ENABLE_DEFAULT_SCOPE +VNET_DEFINE(int, ip6_use_defzone) = 1; +#else +VNET_DEFINE(int, ip6_use_defzone) = 0; +#endif /* * The scope6_lock protects the global sid default stored in @@ -62,8 +67,6 @@ static struct mtx scope6_lock; #define SCOPE6_LOCK_ASSERT() mtx_assert(&scope6_lock, MA_OWNED) static VNET_DEFINE(struct scope6_id, sid_default); -VNET_DEFINE(int, ip6_use_defzone); - #define V_sid_default VNET(sid_default) #define SID(ifp) \ @@ -73,11 +76,6 @@ void scope6_init(void) { -#ifdef ENABLE_DEFAULT_SCOPE - V_ip6_use_defzone = 1; -#else - V_ip6_use_defzone = 0; -#endif bzero(&V_sid_default, sizeof(V_sid_default)); if (!IS_DEFAULT_VNET(curvnet)) diff --git a/sys/netipsec/ah_var.h b/sys/netipsec/ah_var.h index b031a98..6145dba 100644 --- a/sys/netipsec/ah_var.h +++ b/sys/netipsec/ah_var.h @@ -72,10 +72,11 @@ struct ahstat { #ifdef _KERNEL VNET_DECLARE(int, ah_enable); -#define V_ah_enable VNET(ah_enable) VNET_DECLARE(int, ah_cleartos); -#define V_ah_cleartos VNET(ah_cleartos) VNET_DECLARE(struct ahstat, ahstat); + +#define V_ah_enable VNET(ah_enable) +#define V_ah_cleartos VNET(ah_cleartos) #define V_ahstat VNET(ahstat) #endif /* _KERNEL */ #endif /*_NETIPSEC_AH_VAR_H_*/ diff --git a/sys/netipsec/esp_var.h b/sys/netipsec/esp_var.h index dc1aad4..477dcbf 100644 --- a/sys/netipsec/esp_var.h +++ b/sys/netipsec/esp_var.h @@ -73,8 +73,9 @@ struct espstat { #ifdef _KERNEL VNET_DECLARE(int, esp_enable); -#define V_esp_enable VNET(esp_enable) VNET_DECLARE(struct espstat, espstat); + +#define V_esp_enable VNET(esp_enable) #define V_espstat VNET(espstat) #endif /* _KERNEL */ #endif /*_NETIPSEC_ESP_VAR_H_*/ diff --git a/sys/netipsec/ipcomp_var.h b/sys/netipsec/ipcomp_var.h index 78f1848..c99a3be 100644 --- a/sys/netipsec/ipcomp_var.h +++ b/sys/netipsec/ipcomp_var.h @@ -66,8 +66,9 @@ struct ipcompstat { #ifdef _KERNEL VNET_DECLARE(int, ipcomp_enable); -#define V_ipcomp_enable VNET(ipcomp_enable) VNET_DECLARE(struct ipcompstat, ipcompstat); + +#define V_ipcomp_enable VNET(ipcomp_enable) #define V_ipcompstat VNET(ipcompstat) #endif /* _KERNEL */ #endif /*_NETIPSEC_IPCOMP_VAR_H_*/ diff --git a/sys/netipsec/ipip_var.h b/sys/netipsec/ipip_var.h index a6e33e8..3c8c397 100644 --- a/sys/netipsec/ipip_var.h +++ b/sys/netipsec/ipip_var.h @@ -60,8 +60,9 @@ struct ipipstat #ifdef _KERNEL VNET_DECLARE(int, ipip_allow); -#define V_ipip_allow VNET(ipip_allow) VNET_DECLARE(struct ipipstat, ipipstat); + +#define V_ipip_allow VNET(ipip_allow) #define V_ipipstat VNET(ipipstat) #endif /* _KERNEL */ #endif /* _NETINET_IPIP_H_ */ diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c index 5ee4bbb..1f48dd6 100644 --- a/sys/netipsec/ipsec.c +++ b/sys/netipsec/ipsec.c @@ -102,6 +102,7 @@ VNET_DEFINE(int, ipsec_debug) = 1; #else VNET_DEFINE(int, ipsec_debug) = 0; #endif + /* NB: name changed so netstat doesn't use it. */ VNET_DEFINE(struct ipsecstat, ipsec4stat); VNET_DEFINE(int, ip4_ah_offsetmask) = 0; /* maybe IP_DF? */ diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h index 92539b9..090255a 100644 --- a/sys/netipsec/ipsec.h +++ b/sys/netipsec/ipsec.h @@ -334,39 +334,39 @@ struct ipsec_history { VNET_DECLARE(int, ipsec_debug); #define V_ipsec_debug VNET(ipsec_debug) + +#ifdef REGRESSION +VNET_DECLARE(int, ipsec_replay); +VNET_DECLARE(int, ipsec_integrity); + +#define V_ipsec_replay VNET(ipsec_replay) +#define V_ipsec_integrity VNET(ipsec_integrity) +#endif + VNET_DECLARE(struct ipsecstat, ipsec4stat); -#define V_ipsec4stat VNET(ipsec4stat) +VNET_DECLARE(struct secpolicy, ip4_def_policy); +VNET_DECLARE(int, ip4_esp_trans_deflev); +VNET_DECLARE(int, ip4_esp_net_deflev); +VNET_DECLARE(int, ip4_ah_trans_deflev); +VNET_DECLARE(int, ip4_ah_net_deflev); VNET_DECLARE(int, ip4_ah_offsetmask); -#define V_ip4_ah_offsetmask VNET(ip4_ah_offsetmask) VNET_DECLARE(int, ip4_ipsec_dfbit); -#define V_ip4_ipsec_dfbit VNET(ip4_ipsec_dfbit) -VNET_DECLARE(int, ip4_esp_trans_deflev); +VNET_DECLARE(int, ip4_ipsec_ecn); +VNET_DECLARE(int, ip4_esp_randpad); +VNET_DECLARE(int, crypto_support); + +#define V_ipsec4stat VNET(ipsec4stat) +#define V_ip4_def_policy VNET(ip4_def_policy) #define V_ip4_esp_trans_deflev VNET(ip4_esp_trans_deflev) -VNET_DECLARE(int, ip4_esp_net_deflev); #define V_ip4_esp_net_deflev VNET(ip4_esp_net_deflev) -VNET_DECLARE(int, ip4_ah_trans_deflev); #define V_ip4_ah_trans_deflev VNET(ip4_ah_trans_deflev) -VNET_DECLARE(int, ip4_ah_net_deflev); #define V_ip4_ah_net_deflev VNET(ip4_ah_net_deflev) -VNET_DECLARE(struct secpolicy, ip4_def_policy); -#define V_ip4_def_policy VNET(ip4_def_policy) -VNET_DECLARE(int, ip4_ipsec_ecn); +#define V_ip4_ah_offsetmask VNET(ip4_ah_offsetmask) +#define V_ip4_ipsec_dfbit VNET(ip4_ipsec_dfbit) #define V_ip4_ipsec_ecn VNET(ip4_ipsec_ecn) -VNET_DECLARE(int, ip4_esp_randpad); #define V_ip4_esp_randpad VNET(ip4_esp_randpad) - -VNET_DECLARE(int, crypto_support); #define V_crypto_support VNET(crypto_support) -extern int ip4_ah_cleartos; - -#ifdef REGRESSION -VNET_DECLARE(int, ipsec_replay); -#define V_ipsec_replay VNET(ipsec_replay) -VNET_DECLARE(int, ipsec_integrity); -#define V_ipsec_integrity VNET(ipsec_integrity) -#endif - #define ipseclog(x) do { if (V_ipsec_debug) log x; } while (0) /* for openbsd compatibility */ #define DPRINTF(x) do { if (V_ipsec_debug) printf x; } while (0) diff --git a/sys/netipsec/ipsec6.h b/sys/netipsec/ipsec6.h index 030113f..c004220 100644 --- a/sys/netipsec/ipsec6.h +++ b/sys/netipsec/ipsec6.h @@ -42,16 +42,17 @@ #ifdef _KERNEL VNET_DECLARE(struct ipsecstat, ipsec6stat); -#define V_ipsec6stat VNET(ipsec6stat) VNET_DECLARE(int, ip6_esp_trans_deflev); -#define V_ip6_esp_trans_deflev VNET(ip6_esp_trans_deflev) VNET_DECLARE(int, ip6_esp_net_deflev); -#define V_ip6_esp_net_deflev VNET(ip6_esp_net_deflev) VNET_DECLARE(int, ip6_ah_trans_deflev); -#define V_ip6_ah_trans_deflev VNET(ip6_ah_trans_deflev) VNET_DECLARE(int, ip6_ah_net_deflev); -#define V_ip6_ah_net_deflev VNET(ip6_ah_net_deflev) VNET_DECLARE(int, ip6_ipsec_ecn); + +#define V_ipsec6stat VNET(ipsec6stat) +#define V_ip6_esp_trans_deflev VNET(ip6_esp_trans_deflev) +#define V_ip6_esp_net_deflev VNET(ip6_esp_net_deflev) +#define V_ip6_ah_trans_deflev VNET(ip6_ah_trans_deflev) +#define V_ip6_ah_net_deflev VNET(ip6_ah_net_deflev) #define V_ip6_ipsec_ecn VNET(ip6_ipsec_ecn) struct inpcb; diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index 2b17fb0..5219768 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -114,27 +114,27 @@ VNET_DEFINE(u_int32_t, key_debug_level) = 0; static VNET_DEFINE(u_int, key_spi_trycnt) = 1000; -#define V_key_spi_trycnt VNET(key_spi_trycnt) static VNET_DEFINE(u_int32_t, key_spi_minval) = 0x100; -#define V_key_spi_minval VNET(key_spi_minval) static VNET_DEFINE(u_int32_t, key_spi_maxval) = 0x0fffffff; /* XXX */ -#define V_key_spi_maxval VNET(key_spi_maxval) static VNET_DEFINE(u_int32_t, policy_id) = 0; -#define V_policy_id VNET(policy_id) /*interval to initialize randseed,1(m)*/ static VNET_DEFINE(u_int, key_int_random) = 60; -#define V_key_int_random VNET(key_int_random) /* interval to expire acquiring, 30(s)*/ static VNET_DEFINE(u_int, key_larval_lifetime) = 30; -#define V_key_larval_lifetime VNET(key_larval_lifetime) /* counter for blocking SADB_ACQUIRE.*/ static VNET_DEFINE(int, key_blockacq_count) = 10; -#define V_key_blockacq_count VNET(key_blockacq_count) /* lifetime for blocking SADB_ACQUIRE.*/ static VNET_DEFINE(int, key_blockacq_lifetime) = 20; -#define V_key_blockacq_lifetime VNET(key_blockacq_lifetime) /* preferred old sa rather than new sa.*/ static VNET_DEFINE(int, key_preferred_oldsa) = 1; +#define V_key_spi_trycnt VNET(key_spi_trycnt) +#define V_key_spi_minval VNET(key_spi_minval) +#define V_key_spi_maxval VNET(key_spi_maxval) +#define V_policy_id VNET(policy_id) +#define V_key_int_random VNET(key_int_random) +#define V_key_larval_lifetime VNET(key_larval_lifetime) +#define V_key_blockacq_count VNET(key_blockacq_count) +#define V_key_blockacq_lifetime VNET(key_blockacq_lifetime) #define V_key_preferred_oldsa VNET(key_preferred_oldsa) static VNET_DEFINE(u_int32_t, acq_seq) = 0; @@ -270,10 +270,11 @@ static const int maxsize[] = { }; static VNET_DEFINE(int, ipsec_esp_keymin) = 256; -#define V_ipsec_esp_keymin VNET(ipsec_esp_keymin) static VNET_DEFINE(int, ipsec_esp_auth) = 0; -#define V_ipsec_esp_auth VNET(ipsec_esp_auth) static VNET_DEFINE(int, ipsec_ah_keymin) = 128; + +#define V_ipsec_esp_keymin VNET(ipsec_esp_keymin) +#define V_ipsec_esp_auth VNET(ipsec_esp_auth) #define V_ipsec_ah_keymin VNET(ipsec_ah_keymin) #ifdef SYSCTL_DECL diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index dbacd77..6186b59 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -85,8 +85,7 @@ SYSCTL_VNET_INT(_net_inet_esp, OID_AUTO, SYSCTL_VNET_STRUCT(_net_inet_esp, IPSECCTL_STATS, stats, CTLFLAG_RD, &VNET_NAME(espstat), espstat, ""); -/* max iv length over all algorithms */ -static VNET_DEFINE(int, esp_max_ivlen) = 0; +static VNET_DEFINE(int, esp_max_ivlen); /* max iv length over all algorithms */ #define V_esp_max_ivlen VNET(esp_max_ivlen) static int esp_input_cb(struct cryptop *op); -- cgit v1.1