PERFORCE change 150005 for review

Marko Zec zec at FreeBSD.org
Thu Sep 18 12:24:57 UTC 2008 

http://perforce.freebsd.org/chv.cgi?CH=150005

Change 150005 by zec at zec_tca51 on 2008/09/18 12:24:08

	Virtualize a bunch of icmp related sysctls.
	
	TODO: add and register an initializer function for icmp related stuff.

Affected files ...

.. //depot/projects/vimage/src/sys/netinet/ip_icmp.c#16 edit
.. //depot/projects/vimage/src/sys/netinet/vinet.h#27 edit

Differences ...

==== //depot/projects/vimage/src/sys/netinet/ip_icmp.c#16 (text+ko) ====

@@ -81,57 +81,59 @@
 
 #ifndef VIMAGE
 struct	icmpstat icmpstat;
+static int	icmpmaskrepl = 0;
+static u_int	icmpmaskfake = 0;
+static int	drop_redirect = 0;
+static int	log_redirect = 0;
+static int      icmplim = 200;
+static int	icmplim_output = 1;
+static char	reply_src[IFNAMSIZ];
+static int	icmp_rfi = 0;
+static int	icmp_quotelen = 8;
+static int	icmpbmcastecho = 0;
 #endif
 SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_icmp, ICMPCTL_STATS, stats,
 	CTLFLAG_RW, icmpstat, icmpstat, "");
 
-static int	icmpmaskrepl = 0;
-SYSCTL_INT(_net_inet_icmp, ICMPCTL_MASKREPL, maskrepl, CTLFLAG_RW,
-	&icmpmaskrepl, 0, "Reply to ICMP Address Mask Request packets.");
+SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, ICMPCTL_MASKREPL, maskrepl,
+	CTLFLAG_RW, icmpmaskrepl, 0,
+	"Reply to ICMP Address Mask Request packets.");
 
-static u_int	icmpmaskfake = 0;
-SYSCTL_UINT(_net_inet_icmp, OID_AUTO, maskfake, CTLFLAG_RW,
-	&icmpmaskfake, 0, "Fake reply to ICMP Address Mask Request packets.");
+SYSCTL_V_UINT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, maskfake, CTLFLAG_RW,
+	icmpmaskfake, 0, "Fake reply to ICMP Address Mask Request packets.");
 
-static int	drop_redirect = 0;
-SYSCTL_INT(_net_inet_icmp, OID_AUTO, drop_redirect, CTLFLAG_RW,
-	&drop_redirect, 0, "Ignore ICMP redirects");
+SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, drop_redirect,
+	CTLFLAG_RW, drop_redirect, 0, "Ignore ICMP redirects");
 
-static int	log_redirect = 0;
-SYSCTL_INT(_net_inet_icmp, OID_AUTO, log_redirect, CTLFLAG_RW,
-	&log_redirect, 0, "Log ICMP redirects to the console");
+SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, log_redirect,
+	CTLFLAG_RW, log_redirect, 0, "Log ICMP redirects to the console");
 
-static int      icmplim = 200;
-SYSCTL_INT(_net_inet_icmp, ICMPCTL_ICMPLIM, icmplim, CTLFLAG_RW,
-	&icmplim, 0, "Maximum number of ICMP responses per second");
+SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, ICMPCTL_ICMPLIM, icmplim,
+	CTLFLAG_RW, icmplim, 0, "Maximum number of ICMP responses per second");
 
-static int	icmplim_output = 1;
-SYSCTL_INT(_net_inet_icmp, OID_AUTO, icmplim_output, CTLFLAG_RW,
-	&icmplim_output, 0, "Enable rate limiting of ICMP responses");
+SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, icmplim_output,
+	CTLFLAG_RW, icmplim_output, 0,
+	"Enable rate limiting of ICMP responses");
 
-static char	reply_src[IFNAMSIZ];
-SYSCTL_STRING(_net_inet_icmp, OID_AUTO, reply_src, CTLFLAG_RW,
-	&reply_src, IFNAMSIZ, "icmp reply source for non-local packets.");
+SYSCTL_V_STRING(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, reply_src,
+	CTLFLAG_RW, reply_src, IFNAMSIZ,
+	"icmp reply source for non-local packets.");
 
-static int	icmp_rfi = 0;
-SYSCTL_INT(_net_inet_icmp, OID_AUTO, reply_from_interface, CTLFLAG_RW,
-	&icmp_rfi, 0, "ICMP reply from incoming interface for "
+SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, reply_from_interface,
+	CTLFLAG_RW, icmp_rfi, 0, "ICMP reply from incoming interface for "
 	"non-local packets");
 
-static int	icmp_quotelen = 8;
-SYSCTL_INT(_net_inet_icmp, OID_AUTO, quotelen, CTLFLAG_RW,
-	&icmp_quotelen, 0, "Number of bytes from original packet to "
+SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, quotelen, CTLFLAG_RW,
+	icmp_quotelen, 0, "Number of bytes from original packet to "
 	"quote in ICMP reply");
 
 /*
  * ICMP broadcast echo sysctl
  */
+SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, bmcastecho,
+	CTLFLAG_RW, icmpbmcastecho, 0, "");
 
-static int	icmpbmcastecho = 0;
-SYSCTL_INT(_net_inet_icmp, OID_AUTO, bmcastecho, CTLFLAG_RW,
-	&icmpbmcastecho, 0, "");
 
-
 #ifdef ICMPPRINTFS
 int	icmpprintfs = 0;
 #endif
@@ -212,9 +214,9 @@
 		if (n->m_len < oiphlen + tcphlen && 
 		    ((n = m_pullup(n, oiphlen + tcphlen)) == NULL))
 			goto freeit;
-		icmpelen = max(tcphlen, min(icmp_quotelen, oip->ip_len - oiphlen));
+		icmpelen = max(tcphlen, min(V_icmp_quotelen, oip->ip_len - oiphlen));
 	} else
-stdreply:	icmpelen = max(8, min(icmp_quotelen, oip->ip_len - oiphlen));
+stdreply:	icmpelen = max(8, min(V_icmp_quotelen, oip->ip_len - oiphlen));
 
 	icmplen = min(oiphlen + icmpelen, nlen);
 	if (icmplen < sizeof(struct ip))
@@ -468,7 +470,7 @@
 		break;
 
 	case ICMP_ECHO:
-		if (!icmpbmcastecho
+		if (!V_icmpbmcastecho
 		    && (m->m_flags & (M_MCAST | M_BCAST)) != 0) {
 			V_icmpstat.icps_bmcastecho++;
 			break;
@@ -480,7 +482,7 @@
 			goto reflect;
 
 	case ICMP_TSTAMP:
-		if (!icmpbmcastecho
+		if (!V_icmpbmcastecho
 		    && (m->m_flags & (M_MCAST | M_BCAST)) != 0) {
 			V_icmpstat.icps_bmcasttstamp++;
 			break;
@@ -498,7 +500,7 @@
 			goto reflect;
 
 	case ICMP_MASKREQ:
-		if (icmpmaskrepl == 0)
+		if (V_icmpmaskrepl == 0)
 			break;
 		/*
 		 * We are not able to respond with all ones broadcast
@@ -523,10 +525,10 @@
 		if (ia->ia_ifp == 0)
 			break;
 		icp->icmp_type = ICMP_MASKREPLY;
-		if (icmpmaskfake == 0)
+		if (V_icmpmaskfake == 0)
 			icp->icmp_mask = ia->ia_sockmask.sin_addr.s_addr;
 		else
-			icp->icmp_mask = icmpmaskfake;
+			icp->icmp_mask = V_icmpmaskfake;
 		if (ip->ip_src.s_addr == 0) {
 			if (ia->ia_ifp->if_flags & IFF_BROADCAST)
 			    ip->ip_src = satosin(&ia->ia_broadaddr)->sin_addr;
@@ -541,7 +543,7 @@
 		return;
 
 	case ICMP_REDIRECT:
-		if (log_redirect) {
+		if (V_log_redirect) {
 			u_long src, dst, gw;
 
 			src = ntohl(ip->ip_src.s_addr);
@@ -560,7 +562,7 @@
 		 * RFC1812 says we must ignore ICMP redirects if we
 		 * are acting as router.
 		 */
-		if (drop_redirect || V_ipforwarding)
+		if (V_drop_redirect || V_ipforwarding)
 			break;
 		if (code > 3)
 			goto badcode;
@@ -679,7 +681,7 @@
 	 * doesn't have a suitable IP address, the normal selection
 	 * criteria apply.
 	 */
-	if (icmp_rfi && m->m_pkthdr.rcvif != NULL) {
+	if (V_icmp_rfi && m->m_pkthdr.rcvif != NULL) {
 		TAILQ_FOREACH(ifa, &m->m_pkthdr.rcvif->if_addrhead, ifa_link) {
 			if (ifa->ifa_addr->sa_family != AF_INET)
 				continue;
@@ -693,7 +695,7 @@
 	 * net.inet.icmp.reply_src (default not set). Otherwise continue
 	 * with normal source selection.
 	 */
-	if (reply_src[0] != '\0' && (ifn = ifunit(reply_src))) {
+	if (V_reply_src[0] != '\0' && (ifn = ifunit(V_reply_src))) {
 		TAILQ_FOREACH(ifa, &ifn->if_addrhead, ifa_link) {
 			if (ifa->ifa_addr->sa_family != AF_INET)
 				continue;
@@ -896,6 +898,8 @@
 int
 badport_bandlim(int which)
 {
+	INIT_VNET_INET(curvnet);
+
 #define	N(a)	(sizeof (a) / sizeof (a[0]))
 	static struct rate {
 		const char	*type;
@@ -913,20 +917,20 @@
 	/*
 	 * Return ok status if feature disabled or argument out of range.
 	 */
-	if (icmplim > 0 && (u_int) which < N(rates)) {
+	if (V_icmplim > 0 && (u_int) which < N(rates)) {
 		struct rate *r = &rates[which];
 		int opps = r->curpps;
 
-		if (!ppsratecheck(&r->lasttime, &r->curpps, icmplim))
+		if (!ppsratecheck(&r->lasttime, &r->curpps, V_icmplim))
 			return -1;	/* discard packet */
 		/*
 		 * If we've dropped below the threshold after having
 		 * rate-limited traffic print the message.  This preserves
 		 * the previous behaviour at the expense of added complexity.
 		 */
-		if (icmplim_output && opps > icmplim)
+		if (V_icmplim_output && opps > V_icmplim)
 			printf("Limiting %s from %d to %d packets/sec\n",
-				r->type, opps, icmplim);
+				r->type, opps, V_icmplim);
 	}
 	return 0;			/* okay to send packet */
 #undef N

==== //depot/projects/vimage/src/sys/netinet/vinet.h#27 (text+ko) ====

@@ -178,6 +178,17 @@
 	int	_ipport_stoprandom;
 	int	_ipport_tcpallocs;
 	int	_ipport_tcplastcount;
+
+	int	_icmpmaskrepl;
+	u_int	_icmpmaskfake;
+	int	_drop_redirect;
+	int	_log_redirect;
+	int	_icmplim;
+	int	_icmplim_output;
+	char	_reply_src[IFNAMSIZ];
+	int	_icmp_rfi;
+	int	_icmp_quotelen;
+	int	_icmpbmcastecho;
 };
 #endif
 
@@ -305,4 +316,14 @@
 #define V_ipport_tcplastcount	VNET_INET(ipport_tcplastcount)
 #define V_divcb			VNET_INET(divcb)
 #define V_divcbinfo		VNET_INET(divcbinfo)
+#define V_icmpmaskrepl		VNET_INET(icmpmaskrepl)
+#define V_icmpmaskfake		VNET_INET(icmpmaskfake)
+#define V_drop_redirect		VNET_INET(drop_redirect)
+#define V_log_redirect		VNET_INET(log_redirect)
+#define V_icmplim		VNET_INET(icmplim)
+#define V_icmplim_output	VNET_INET(icmplim_output)
+#define V_reply_src		VNET_INET(reply_src)
+#define V_icmp_rfi		VNET_INET(icmp_rfi)
+#define V_icmp_quotelen		VNET_INET(icmp_quotelen)
+#define V_icmpbmcastecho	VNET_INET(icmpbmcastecho)
 #endif /* !_NETINET_VINET_H_ */

More information about the p4-projects mailing list