svn commit: r185629 - in user/kmacy/HEAD_fast_multi_xmit/sys:
netinet netipsec sparc64/conf sparc64/include sparc64/pci
sparc64/sparc64
Kip Macy
kmacy at FreeBSD.org
Thu Dec 4 23:42:55 PST 2008
Author: kmacy
Date: Fri Dec 5 07:42:54 2008
New Revision: 185629
URL: http://svn.freebsd.org/changeset/base/185629
Log:
IFC 184756:185625 part 4
Added:
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/tcp_hostcache.h
Modified:
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/if_ether.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/igmp.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in.h
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_gif.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_mcast.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_pcb.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_pcb.h
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_proto.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_rmx.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_var.h
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip6.h
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_carp.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_divert.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_fastfwd.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_fw2.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_fw_pfil.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_icmp.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_icmp.h
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_input.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_ipsec.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_mroute.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_options.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_output.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_var.h
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/raw_ip.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/sctp_constants.h
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/sctp_indata.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/sctp_input.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/sctp_os_bsd.h
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/sctp_pcb.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/sctp_pcb.h
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/sctp_usrreq.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/sctputil.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/tcp_hostcache.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/tcp_input.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/tcp_offload.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/tcp_output.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/tcp_reass.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/tcp_sack.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/tcp_subr.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/tcp_syncache.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/tcp_timer.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/tcp_timewait.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/tcp_usrreq.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/tcp_var.h
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/udp_usrreq.c
user/kmacy/HEAD_fast_multi_xmit/sys/netinet/vinet.h
user/kmacy/HEAD_fast_multi_xmit/sys/netipsec/ipsec.c
user/kmacy/HEAD_fast_multi_xmit/sys/netipsec/ipsec.h
user/kmacy/HEAD_fast_multi_xmit/sys/netipsec/ipsec6.h
user/kmacy/HEAD_fast_multi_xmit/sys/netipsec/ipsec_input.c
user/kmacy/HEAD_fast_multi_xmit/sys/netipsec/ipsec_output.c
user/kmacy/HEAD_fast_multi_xmit/sys/netipsec/key.c
user/kmacy/HEAD_fast_multi_xmit/sys/netipsec/keysock.c
user/kmacy/HEAD_fast_multi_xmit/sys/netipsec/keysock.h
user/kmacy/HEAD_fast_multi_xmit/sys/netipsec/vipsec.h
user/kmacy/HEAD_fast_multi_xmit/sys/netipsec/xform_ah.c
user/kmacy/HEAD_fast_multi_xmit/sys/netipsec/xform_esp.c
user/kmacy/HEAD_fast_multi_xmit/sys/netipsec/xform_ipcomp.c
user/kmacy/HEAD_fast_multi_xmit/sys/netipsec/xform_ipip.c
user/kmacy/HEAD_fast_multi_xmit/sys/sparc64/conf/GENERIC
user/kmacy/HEAD_fast_multi_xmit/sys/sparc64/include/atomic.h
user/kmacy/HEAD_fast_multi_xmit/sys/sparc64/include/intr_machdep.h
user/kmacy/HEAD_fast_multi_xmit/sys/sparc64/include/iommureg.h
user/kmacy/HEAD_fast_multi_xmit/sys/sparc64/include/iommuvar.h
user/kmacy/HEAD_fast_multi_xmit/sys/sparc64/pci/schizo.c
user/kmacy/HEAD_fast_multi_xmit/sys/sparc64/pci/schizoreg.h
user/kmacy/HEAD_fast_multi_xmit/sys/sparc64/pci/schizovar.h
user/kmacy/HEAD_fast_multi_xmit/sys/sparc64/sparc64/elf_machdep.c
user/kmacy/HEAD_fast_multi_xmit/sys/sparc64/sparc64/intr_machdep.c
user/kmacy/HEAD_fast_multi_xmit/sys/sparc64/sparc64/iommu.c
user/kmacy/HEAD_fast_multi_xmit/sys/sparc64/sparc64/machdep.c
user/kmacy/HEAD_fast_multi_xmit/sys/sparc64/sparc64/nexus.c
user/kmacy/HEAD_fast_multi_xmit/sys/sparc64/sparc64/support.S
Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet/if_ether.c
==============================================================================
--- user/kmacy/HEAD_fast_multi_xmit/sys/netinet/if_ether.c Fri Dec 5 07:41:53 2008 (r185628)
+++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet/if_ether.c Fri Dec 5 07:42:54 2008 (r185629)
@@ -61,10 +61,12 @@ __FBSDID("$FreeBSD$");
#include <net/netisr.h>
#include <net/if_llc.h>
#include <net/ethernet.h>
+#include <net/vnet.h>
#include <netinet/in.h>
#include <netinet/in_var.h>
#include <netinet/if_ether.h>
+#include <netinet/vinet.h>
#include <net/if_arc.h>
#include <net/iso88025.h>
@@ -82,10 +84,15 @@ SYSCTL_DECL(_net_link_ether);
SYSCTL_NODE(_net_link_ether, PF_INET, inet, CTLFLAG_RW, 0, "");
/* timer values */
-static int arpt_keep = (20*60); /* once resolved, good for 20 more minutes */
+#ifdef VIMAGE_GLOBALS
+static int arpt_keep; /* once resolved, good for 20 more minutes */
+static int arp_maxtries;
+static int useloopback; /* use loopback interface for local traffic */
+static int arp_proxyall;
+#endif
-SYSCTL_INT(_net_link_ether_inet, OID_AUTO, max_age, CTLFLAG_RW,
- &arpt_keep, 0, "ARP entry lifetime in seconds");
+SYSCTL_V_INT(V_NET, vnet_inet, _net_link_ether_inet, OID_AUTO, max_age,
+ CTLFLAG_RW, arpt_keep, 0, "ARP entry lifetime in seconds");
#define rt_expire rt_rmx.rmx_expire
@@ -99,10 +106,6 @@ struct llinfo_arp {
static struct ifqueue arpintrq;
-static int arp_maxtries = 5;
-static int useloopback = 1; /* use loopback interface for local traffic */
-static int arp_proxyall = 0;
-
SYSCTL_V_INT(V_NET, vnet_inet, _net_link_ether_inet, OID_AUTO, maxtries,
CTLFLAG_RW, arp_maxtries, 0,
"ARP resolution attempts before returning error");
@@ -1082,6 +1085,12 @@ arp_ifinit2(struct ifnet *ifp, struct if
static void
arp_init(void)
{
+ INIT_VNET_INET(curvnet);
+
+ V_arpt_keep = (20*60); /* once resolved, good for 20 more minutes */
+ V_arp_maxtries = 5;
+ V_useloopback = 1; /* use loopback interface for local traffic */
+ V_arp_proxyall = 0;
arpintrq.ifq_maxlen = 50;
mtx_init(&arpintrq.ifq_mtx, "arp_inq", NULL, MTX_DEF);
Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet/igmp.c
==============================================================================
--- user/kmacy/HEAD_fast_multi_xmit/sys/netinet/igmp.c Fri Dec 5 07:41:53 2008 (r185628)
+++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet/igmp.c Fri Dec 5 07:42:54 2008 (r185629)
@@ -61,6 +61,7 @@ __FBSDID("$FreeBSD$");
#include <net/if.h>
#include <net/route.h>
+#include <net/vnet.h>
#include <netinet/in.h>
#include <netinet/in_var.h>
@@ -70,6 +71,7 @@ __FBSDID("$FreeBSD$");
#include <netinet/ip_options.h>
#include <netinet/igmp.h>
#include <netinet/igmp_var.h>
+#include <netinet/vinet.h>
#include <machine/in_cksum.h>
@@ -80,7 +82,9 @@ static MALLOC_DEFINE(M_IGMP, "igmp", "ig
static struct router_info *find_rti(struct ifnet *ifp);
static void igmp_sendpkt(struct in_multi *, int, unsigned long);
+#ifdef VIMAGE_GLOBALS
static struct igmpstat igmpstat;
+#endif
SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_igmp, IGMPCTL_STATS,
stats, CTLFLAG_RW, igmpstat, igmpstat, "");
@@ -92,8 +96,10 @@ SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_i
* reference counting is used. We allow unlocked reads of router_info data
* when accessed via an in_multi read-only.
*/
-static struct mtx igmp_mtx;
+#ifdef VIMAGE_GLOBALS
static SLIST_HEAD(, router_info) router_info_head;
+#endif
+static struct mtx igmp_mtx;
static int igmp_timers_are_running;
/*
Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in.c
==============================================================================
--- user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in.c Fri Dec 5 07:41:53 2008 (r185628)
+++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in.c Fri Dec 5 07:42:54 2008 (r185629)
@@ -53,6 +53,7 @@ __FBSDID("$FreeBSD$");
#include <netinet/in_var.h>
#include <netinet/in_pcb.h>
#include <netinet/ip_var.h>
+#include <netinet/vinet.h>
static int in_mask2len(struct in_addr *);
static void in_len2mask(struct in_addr *, int);
@@ -66,18 +67,19 @@ static int in_ifinit(struct ifnet *,
struct in_ifaddr *, struct sockaddr_in *, int);
static void in_purgemaddrs(struct ifnet *);
-static int subnetsarelocal = 0;
+#ifdef VIMAGE_GLOBALS
+static int subnetsarelocal;
+static int sameprefixcarponly;
+extern struct inpcbinfo ripcbinfo;
+#endif
+
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, subnets_are_local,
CTLFLAG_RW, subnetsarelocal, 0,
"Treat all subnets as directly connected");
-static int sameprefixcarponly = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, same_prefix_carp_only,
CTLFLAG_RW, sameprefixcarponly, 0,
"Refuse to create same prefixes on different interfaces");
-extern struct inpcbinfo ripcbinfo;
-extern struct inpcbinfo udbinfo;
-
/*
* Return 1 if an internet address is for a ``local'' host
* (one to which we have a connection). If subnetsarelocal
Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in.h
==============================================================================
--- user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in.h Fri Dec 5 07:41:53 2008 (r185628)
+++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in.h Fri Dec 5 07:42:54 2008 (r185629)
@@ -743,8 +743,4 @@ void in_ifdetach(struct ifnet *);
#undef __KAME_NETINET_IN_H_INCLUDED_
#endif
-#ifdef _KERNEL
-#include <netinet/vinet.h>
-#endif
-
#endif /* !_NETINET_IN_H_*/
Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_gif.c
==============================================================================
--- user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_gif.c Fri Dec 5 07:41:53 2008 (r185628)
+++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_gif.c Fri Dec 5 07:42:54 2008 (r185629)
@@ -59,6 +59,7 @@ __FBSDID("$FreeBSD$");
#include <netinet/in_var.h>
#include <netinet/ip_encap.h>
#include <netinet/ip_ecn.h>
+#include <netinet/vinet.h>
#ifdef INET6
#include <netinet/ip6.h>
@@ -85,7 +86,9 @@ struct protosw in_gif_protosw = {
.pr_usrreqs = &rip_usrreqs
};
-static int ip_gif_ttl = GIF_TTL;
+#ifdef VIMAGE_GLOBALS
+extern int ip_gif_ttl;
+#endif
SYSCTL_V_INT(V_NET, vnet_gif, _net_inet_ip, IPCTL_GIF_TTL, gifttl,
CTLFLAG_RW, ip_gif_ttl, 0, "");
Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_mcast.c
==============================================================================
--- user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_mcast.c Fri Dec 5 07:41:53 2008 (r185628)
+++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_mcast.c Fri Dec 5 07:42:54 2008 (r185629)
@@ -53,6 +53,7 @@ __FBSDID("$FreeBSD$");
#include <net/if.h>
#include <net/if_dl.h>
#include <net/route.h>
+#include <net/vnet.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
@@ -60,6 +61,7 @@ __FBSDID("$FreeBSD$");
#include <netinet/in_var.h>
#include <netinet/ip_var.h>
#include <netinet/igmp_var.h>
+#include <netinet/vinet.h>
#ifndef __SOCKUNION_DECLARED
union sockunion {
@@ -86,7 +88,9 @@ static MALLOC_DEFINE(M_IPMSOURCE, "in_ms
* ip_output() to send IGMP packets while holding the lock; this probably is
* not quite desirable.
*/
+#ifdef VIMAGE_GLOBALS
struct in_multihead in_multihead; /* XXX BSS initialization */
+#endif
struct mtx in_multi_mtx;
MTX_SYSINIT(in_multi_mtx, &in_multi_mtx, "in_multi_mtx", MTX_DEF | MTX_RECURSE);
Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_pcb.c
==============================================================================
--- user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_pcb.c Fri Dec 5 07:41:53 2008 (r185628)
+++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_pcb.c Fri Dec 5 07:42:54 2008 (r185629)
@@ -71,9 +71,11 @@ __FBSDID("$FreeBSD$");
#include <netinet/tcp_var.h>
#include <netinet/udp.h>
#include <netinet/udp_var.h>
+#include <netinet/vinet.h>
#ifdef INET6
#include <netinet/ip6.h>
#include <netinet6/ip6_var.h>
+#include <netinet6/vinet6.h>
#endif /* INET6 */
@@ -84,32 +86,34 @@ __FBSDID("$FreeBSD$");
#include <security/mac/mac_framework.h>
+#ifdef VIMAGE_GLOBALS
/*
* These configure the range of local port addresses assigned to
* "unspecified" outgoing connections/packets/whatever.
*/
-int ipport_lowfirstauto = IPPORT_RESERVED - 1; /* 1023 */
-int ipport_lowlastauto = IPPORT_RESERVEDSTART; /* 600 */
-int ipport_firstauto = IPPORT_EPHEMERALFIRST; /* 10000 */
-int ipport_lastauto = IPPORT_EPHEMERALLAST; /* 65535 */
-int ipport_hifirstauto = IPPORT_HIFIRSTAUTO; /* 49152 */
-int ipport_hilastauto = IPPORT_HILASTAUTO; /* 65535 */
+int ipport_lowfirstauto;
+int ipport_lowlastauto;
+int ipport_firstauto;
+int ipport_lastauto;
+int ipport_hifirstauto;
+int ipport_hilastauto;
/*
* Reserved ports accessible only to root. There are significant
* security considerations that must be accounted for when changing these,
* but the security benefits can be great. Please be careful.
*/
-int ipport_reservedhigh = IPPORT_RESERVED - 1; /* 1023 */
-int ipport_reservedlow = 0;
+int ipport_reservedhigh;
+int ipport_reservedlow;
/* Variables dealing with random ephemeral port allocation. */
-int ipport_randomized = 1; /* user controlled via sysctl */
-int ipport_randomcps = 10; /* user controlled via sysctl */
-int ipport_randomtime = 45; /* user controlled via sysctl */
-int ipport_stoprandom = 0; /* toggled by ipport_tick */
+int ipport_randomized;
+int ipport_randomcps;
+int ipport_randomtime;
+int ipport_stoprandom;
int ipport_tcpallocs;
int ipport_tcplastcount;
+#endif
#define RANGECHK(var, min, max) \
if ((var) < (min)) { (var) = (min); } \
@@ -118,6 +122,7 @@ int ipport_tcplastcount;
static int
sysctl_net_ipport_check(SYSCTL_HANDLER_ARGS)
{
+ INIT_VNET_INET(curvnet);
int error;
error = sysctl_handle_int(oidp, oidp->oid_arg1, oidp->oid_arg2, req);
@@ -291,7 +296,7 @@ in_pcbbind_setup(struct inpcb *inp, stru
struct in_addr laddr;
u_short lport = 0;
int wild = 0, reuseport = (so->so_options & SO_REUSEPORT);
- int error, prison = 0;
+ int error;
int dorandom;
/*
@@ -320,9 +325,8 @@ in_pcbbind_setup(struct inpcb *inp, stru
if (sin->sin_family != AF_INET)
return (EAFNOSUPPORT);
#endif
- if (sin->sin_addr.s_addr != INADDR_ANY)
- if (prison_ip(cred, 0, &sin->sin_addr.s_addr))
- return(EINVAL);
+ if (prison_local_ip4(cred, &sin->sin_addr))
+ return (EINVAL);
if (sin->sin_port != *lportp) {
/* Don't allow the port to change. */
if (*lportp != 0)
@@ -357,14 +361,11 @@ in_pcbbind_setup(struct inpcb *inp, stru
priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT,
0))
return (EACCES);
- if (jailed(cred))
- prison = 1;
if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr)) &&
priv_check_cred(inp->inp_cred,
PRIV_NETINET_REUSEPORT, 0) != 0) {
t = in_pcblookup_local(pcbinfo, sin->sin_addr,
- lport, prison ? 0 : INPLOOKUP_WILDCARD,
- cred);
+ lport, INPLOOKUP_WILDCARD, cred);
/*
* XXX
* This entire block sorely needs a rewrite.
@@ -381,10 +382,10 @@ in_pcbbind_setup(struct inpcb *inp, stru
t->inp_cred->cr_uid))
return (EADDRINUSE);
}
- if (prison && prison_ip(cred, 0, &sin->sin_addr.s_addr))
+ if (prison_local_ip4(cred, &sin->sin_addr))
return (EADDRNOTAVAIL);
t = in_pcblookup_local(pcbinfo, sin->sin_addr,
- lport, prison ? 0 : wild, cred);
+ lport, wild, cred);
if (t && (t->inp_vflag & INP_TIMEWAIT)) {
/*
* XXXRW: If an incpb has had its timewait
@@ -416,9 +417,8 @@ in_pcbbind_setup(struct inpcb *inp, stru
u_short first, last, aux;
int count;
- if (laddr.s_addr != INADDR_ANY)
- if (prison_ip(cred, 0, &laddr.s_addr))
- return (EINVAL);
+ if (prison_local_ip4(cred, &laddr))
+ return (EINVAL);
if (inp->inp_flags & INP_HIGHPORT) {
first = V_ipport_hifirstauto; /* sysctl */
@@ -484,7 +484,7 @@ in_pcbbind_setup(struct inpcb *inp, stru
} while (in_pcblookup_local(pcbinfo, laddr,
lport, wild, cred));
}
- if (prison_ip(cred, 0, &laddr.s_addr))
+ if (prison_local_ip4(cred, &laddr))
return (EINVAL);
*laddrp = laddr.s_addr;
*lportp = lport;
@@ -553,7 +553,7 @@ in_pcbladdr(struct inpcb *inp, struct in
struct route sro;
int error;
- KASSERT(laddr != NULL, ("%s: null laddr", __func__));
+ KASSERT(laddr != NULL, ("%s: laddr NULL", __func__));
error = 0;
ia = NULL;
@@ -605,7 +605,7 @@ in_pcbladdr(struct inpcb *inp, struct in
if (sa->sa_family != AF_INET)
continue;
sin = (struct sockaddr_in *)sa;
- if (htonl(prison_getip(cred)) == sin->sin_addr.s_addr) {
+ if (prison_check_ip4(cred, &sin->sin_addr)) {
ia = (struct in_ifaddr *)ifa;
break;
}
@@ -616,7 +616,8 @@ in_pcbladdr(struct inpcb *inp, struct in
}
/* 3. As a last resort return the 'default' jail address. */
- laddr->s_addr = htonl(prison_getip(cred));
+ if (prison_getip4(cred, laddr) != 0)
+ error = EADDRNOTAVAIL;
goto done;
}
@@ -641,7 +642,7 @@ in_pcbladdr(struct inpcb *inp, struct in
/* Jailed. */
/* 1. Check if the iface address belongs to the jail. */
sin = (struct sockaddr_in *)sro.ro_rt->rt_ifa->ifa_addr;
- if (htonl(prison_getip(cred)) == sin->sin_addr.s_addr) {
+ if (prison_check_ip4(cred, &sin->sin_addr)) {
ia = (struct in_ifaddr *)sro.ro_rt->rt_ifa;
laddr->s_addr = ia->ia_addr.sin_addr.s_addr;
goto done;
@@ -657,7 +658,7 @@ in_pcbladdr(struct inpcb *inp, struct in
if (sa->sa_family != AF_INET)
continue;
sin = (struct sockaddr_in *)sa;
- if (htonl(prison_getip(cred)) == sin->sin_addr.s_addr) {
+ if (prison_check_ip4(cred, &sin->sin_addr)) {
ia = (struct in_ifaddr *)ifa;
break;
}
@@ -668,7 +669,8 @@ in_pcbladdr(struct inpcb *inp, struct in
}
/* 3. As a last resort return the 'default' jail address. */
- laddr->s_addr = htonl(prison_getip(cred));
+ if (prison_getip4(cred, laddr) != 0)
+ error = EADDRNOTAVAIL;
goto done;
}
@@ -714,8 +716,7 @@ in_pcbladdr(struct inpcb *inp, struct in
if (sa->sa_family != AF_INET)
continue;
sin = (struct sockaddr_in *)sa;
- if (htonl(prison_getip(cred)) ==
- sin->sin_addr.s_addr) {
+ if (prison_check_ip4(cred, &sin->sin_addr)) {
ia = (struct in_ifaddr *)ifa;
break;
}
@@ -727,7 +728,8 @@ in_pcbladdr(struct inpcb *inp, struct in
}
/* 3. As a last resort return the 'default' jail address. */
- laddr->s_addr = htonl(prison_getip(cred));
+ if (prison_getip4(cred, laddr) != 0)
+ error = EADDRNOTAVAIL;
goto done;
}
@@ -761,7 +763,7 @@ in_pcbconnect_setup(struct inpcb *inp, s
struct sockaddr_in *sin = (struct sockaddr_in *)nam;
struct in_ifaddr *ia;
struct inpcb *oinp;
- struct in_addr laddr, faddr;
+ struct in_addr laddr, faddr, jailia;
u_short lport, fport;
int error;
@@ -793,9 +795,17 @@ in_pcbconnect_setup(struct inpcb *inp, s
* and the primary interface supports broadcast,
* choose the broadcast address for that interface.
*/
- if (faddr.s_addr == INADDR_ANY)
- faddr = IA_SIN(TAILQ_FIRST(&V_in_ifaddrhead))->sin_addr;
- else if (faddr.s_addr == (u_long)INADDR_BROADCAST &&
+ if (faddr.s_addr == INADDR_ANY) {
+ if (cred != NULL && jailed(cred)) {
+ if (prison_getip4(cred, &jailia) != 0)
+ return (EADDRNOTAVAIL);
+ faddr.s_addr = jailia.s_addr;
+ } else {
+ faddr =
+ IA_SIN(TAILQ_FIRST(&V_in_ifaddrhead))->
+ sin_addr;
+ }
+ } else if (faddr.s_addr == (u_long)INADDR_BROADCAST &&
(TAILQ_FIRST(&V_in_ifaddrhead)->ia_ifp->if_flags &
IFF_BROADCAST))
faddr = satosin(&TAILQ_FIRST(
@@ -875,7 +885,7 @@ void
in_pcbdetach(struct inpcb *inp)
{
- KASSERT(inp->inp_socket != NULL, ("in_pcbdetach: inp_socket == NULL"));
+ KASSERT(inp->inp_socket != NULL, ("%s: inp_socket == NULL", __func__));
inp->inp_socket->so_pcb = NULL;
inp->inp_socket = NULL;
@@ -890,16 +900,23 @@ in_pcbfree(struct inpcb *inp)
{
struct inpcbinfo *ipi = inp->inp_pcbinfo;
- KASSERT(inp->inp_socket == NULL, ("in_pcbfree: inp_socket != NULL"));
+ KASSERT(inp->inp_socket == NULL, ("%s: inp_socket != NULL", __func__));
INP_INFO_WLOCK_ASSERT(ipi);
INP_WLOCK_ASSERT(inp);
#ifdef IPSEC
- ipsec4_delete_pcbpolicy(inp);
-#endif /*IPSEC*/
+ if (inp->inp_sp != NULL)
+ ipsec_delete_pcbpolicy(inp);
+#endif /* IPSEC */
inp->inp_gencnt = ++ipi->ipi_gencnt;
in_pcbremlists(inp);
+#ifdef INET6
+ if (inp->inp_vflag & INP_IPV6PROTO) {
+ ip6_freepcbopts(inp->in6p_outputopts);
+ ip6_freemoptions(inp->in6p_moptions);
+ }
+#endif
if (inp->inp_options)
(void)m_free(inp->inp_options);
if (inp->inp_moptions != NULL)
@@ -1105,6 +1122,7 @@ in_pcblookup_local(struct inpcbinfo *pcb
0, pcbinfo->ipi_hashmask)];
LIST_FOREACH(inp, head, inp_hash) {
#ifdef INET6
+ /* XXX inp locking */
if ((inp->inp_vflag & INP_IPV4) == 0)
continue;
#endif
@@ -1112,9 +1130,11 @@ in_pcblookup_local(struct inpcbinfo *pcb
inp->inp_laddr.s_addr == laddr.s_addr &&
inp->inp_lport == lport) {
/*
- * Found.
+ * Found?
*/
- return (inp);
+ if (cred == NULL ||
+ inp->inp_cred->cr_prison == cred->cr_prison)
+ return (inp);
}
}
/*
@@ -1144,7 +1164,11 @@ in_pcblookup_local(struct inpcbinfo *pcb
*/
LIST_FOREACH(inp, &phd->phd_pcblist, inp_portlist) {
wildcard = 0;
+ if (cred != NULL &&
+ inp->inp_cred->cr_prison != cred->cr_prison)
+ continue;
#ifdef INET6
+ /* XXX inp locking */
if ((inp->inp_vflag & INP_IPV4) == 0)
continue;
/*
@@ -1177,9 +1201,8 @@ in_pcblookup_local(struct inpcbinfo *pcb
if (wildcard < matchwild) {
match = inp;
matchwild = wildcard;
- if (matchwild == 0) {
+ if (matchwild == 0)
break;
- }
}
}
}
@@ -1197,7 +1220,7 @@ in_pcblookup_hash(struct inpcbinfo *pcbi
struct ifnet *ifp)
{
struct inpcbhead *head;
- struct inpcb *inp;
+ struct inpcb *inp, *tmpinp;
u_short fport = fport_arg, lport = lport_arg;
INP_INFO_LOCK_ASSERT(pcbinfo);
@@ -1205,60 +1228,108 @@ in_pcblookup_hash(struct inpcbinfo *pcbi
/*
* First look for an exact match.
*/
+ tmpinp = NULL;
head = &pcbinfo->ipi_hashbase[INP_PCBHASH(faddr.s_addr, lport, fport,
pcbinfo->ipi_hashmask)];
LIST_FOREACH(inp, head, inp_hash) {
#ifdef INET6
+ /* XXX inp locking */
if ((inp->inp_vflag & INP_IPV4) == 0)
continue;
#endif
if (inp->inp_faddr.s_addr == faddr.s_addr &&
inp->inp_laddr.s_addr == laddr.s_addr &&
inp->inp_fport == fport &&
- inp->inp_lport == lport)
- return (inp);
+ inp->inp_lport == lport) {
+ /*
+ * XXX We should be able to directly return
+ * the inp here, without any checks.
+ * Well unless both bound with SO_REUSEPORT?
+ */
+ if (jailed(inp->inp_cred))
+ return (inp);
+ if (tmpinp == NULL)
+ tmpinp = inp;
+ }
}
+ if (tmpinp != NULL)
+ return (tmpinp);
/*
* Then look for a wildcard match, if requested.
*/
- if (wildcard) {
- struct inpcb *local_wild = NULL;
+ if (wildcard == INPLOOKUP_WILDCARD) {
+ struct inpcb *local_wild = NULL, *local_exact = NULL;
#ifdef INET6
struct inpcb *local_wild_mapped = NULL;
#endif
+ struct inpcb *jail_wild = NULL;
+ int injail;
+
+ /*
+ * Order of socket selection - we always prefer jails.
+ * 1. jailed, non-wild.
+ * 2. jailed, wild.
+ * 3. non-jailed, non-wild.
+ * 4. non-jailed, wild.
+ */
head = &pcbinfo->ipi_hashbase[INP_PCBHASH(INADDR_ANY, lport,
0, pcbinfo->ipi_hashmask)];
LIST_FOREACH(inp, head, inp_hash) {
#ifdef INET6
+ /* XXX inp locking */
if ((inp->inp_vflag & INP_IPV4) == 0)
continue;
#endif
- if (inp->inp_faddr.s_addr == INADDR_ANY &&
- inp->inp_lport == lport) {
- if (ifp && ifp->if_type == IFT_FAITH &&
- (inp->inp_flags & INP_FAITH) == 0)
+ if (inp->inp_faddr.s_addr != INADDR_ANY ||
+ inp->inp_lport != lport)
+ continue;
+
+ /* XXX inp locking */
+ if (ifp && ifp->if_type == IFT_FAITH &&
+ (inp->inp_flags & INP_FAITH) == 0)
+ continue;
+
+ injail = jailed(inp->inp_cred);
+ if (injail) {
+ if (!prison_check_ip4(inp->inp_cred, &laddr))
continue;
- if (inp->inp_laddr.s_addr == laddr.s_addr)
+ } else {
+ if (local_exact != NULL)
+ continue;
+ }
+
+ if (inp->inp_laddr.s_addr == laddr.s_addr) {
+ if (injail)
return (inp);
- else if (inp->inp_laddr.s_addr == INADDR_ANY) {
+ else
+ local_exact = inp;
+ } else if (inp->inp_laddr.s_addr == INADDR_ANY) {
#ifdef INET6
- if (INP_CHECK_SOCKAF(inp->inp_socket,
- AF_INET6))
- local_wild_mapped = inp;
+ /* XXX inp locking, NULL check */
+ if (inp->inp_vflag & INP_IPV6PROTO)
+ local_wild_mapped = inp;
+ else
+#endif /* INET6 */
+ if (injail)
+ jail_wild = inp;
else
-#endif
local_wild = inp;
- }
}
- }
+ } /* LIST_FOREACH */
+ if (jail_wild != NULL)
+ return (jail_wild);
+ if (local_exact != NULL)
+ return (local_exact);
+ if (local_wild != NULL)
+ return (local_wild);
#ifdef INET6
- if (local_wild == NULL)
+ if (local_wild_mapped != NULL)
return (local_wild_mapped);
-#endif
- return (local_wild);
- }
+#endif /* defined(INET6) */
+ } /* if (wildcard == INPLOOKUP_WILDCARD) */
+
return (NULL);
}
@@ -1472,7 +1543,7 @@ inp_apply_all(void (*func)(struct inpcb
struct inpcb *inp;
INP_INFO_RLOCK(&V_tcbinfo);
- LIST_FOREACH(inp, tcbinfo.ipi_listhead, inp_list) {
+ LIST_FOREACH(inp, V_tcbinfo.ipi_listhead, inp_list) {
INP_WLOCK(inp);
func(inp, arg);
INP_WUNLOCK(inp);
Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_pcb.h
==============================================================================
--- user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_pcb.h Fri Dec 5 07:41:53 2008 (r185628)
+++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_pcb.h Fri Dec 5 07:42:54 2008 (r185629)
@@ -450,6 +450,8 @@ extern int ipport_lastauto;
extern int ipport_hifirstauto;
extern int ipport_hilastauto;
extern int ipport_randomized;
+extern int ipport_randomcps;
+extern int ipport_randomtime;
extern int ipport_stoprandom;
extern int ipport_tcpallocs;
extern struct callout ipport_tick_callout;
Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_proto.c
==============================================================================
--- user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_proto.c Fri Dec 5 07:41:53 2008 (r185628)
+++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_proto.c Fri Dec 5 07:42:54 2008 (r185629)
@@ -193,6 +193,7 @@ struct protosw inetsw[] = {
.pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR,
.pr_input = icmp_input,
.pr_ctloutput = rip_ctloutput,
+ .pr_init = icmp_init,
.pr_usrreqs = &rip_usrreqs
},
{
Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_rmx.c
==============================================================================
--- user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_rmx.c Fri Dec 5 07:41:53 2008 (r185628)
+++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_rmx.c Fri Dec 5 07:42:54 2008 (r185629)
@@ -55,9 +55,12 @@ __FBSDID("$FreeBSD$");
#include <net/if.h>
#include <net/route.h>
+#include <net/vnet.h>
+
#include <netinet/in.h>
#include <netinet/in_var.h>
#include <netinet/ip_var.h>
+#include <netinet/vinet.h>
extern int in_inithead(void **head, int off);
@@ -151,17 +154,20 @@ in_matroute(void *v_arg, struct radix_no
return rn;
}
-static int rtq_reallyold = 60*60; /* one hour is "really old" */
+#ifdef VIMAGE_GLOBALS
+static int rtq_reallyold;
+static int rtq_minreallyold;
+static int rtq_toomany;
+#endif
+
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_RTEXPIRE, rtexpire,
CTLFLAG_RW, rtq_reallyold, 0,
"Default expiration time on dynamically learned routes");
-static int rtq_minreallyold = 10; /* never automatically crank down to less */
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_RTMINEXPIRE,
rtminexpire, CTLFLAG_RW, rtq_minreallyold, 0,
"Minimum time to attempt to hold onto dynamically learned routes");
-static int rtq_toomany = 128; /* 128 cached routes is "too many" */
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_RTMAXCACHE,
rtmaxcache, CTLFLAG_RW, rtq_toomany, 0,
"Upper limit on dynamically learned routes");
@@ -256,8 +262,10 @@ in_rtqkill(struct radix_node *rn, void *
}
#define RTQ_TIMEOUT 60*10 /* run no less than once every ten minutes */
-static int rtq_timeout = RTQ_TIMEOUT;
+#ifdef VIMAGE_GLOBALS
+static int rtq_timeout;
static struct callout rtq_timer;
+#endif
static void in_rtqtimo_one(void *rock);
@@ -282,6 +290,7 @@ in_rtqtimo(void *rock)
static void
in_rtqtimo_one(void *rock)
{
+ INIT_VNET_INET(curvnet);
struct radix_node_head *rnh = rock;
struct rtqk_arg arg;
static time_t last_adjusted_timeout = 0;
@@ -336,6 +345,7 @@ in_rtqdrain(void)
VNET_FOREACH(vnet_iter) {
CURVNET_SET(vnet_iter);
INIT_VNET_NET(vnet_iter);
+
for ( fibnum = 0; fibnum < rt_numfibs; fibnum++) {
rnh = V_rt_tables[fibnum][AF_INET];
arg.found = arg.killed = 0;
@@ -376,6 +386,11 @@ in_inithead(void **head, int off)
if (off == 0) /* XXX MRT see above */
return 1; /* only do the rest for a real routing table */
+ V_rtq_reallyold = 60*60; /* one hour is "really old" */
+ V_rtq_minreallyold = 10; /* never automatically crank down to less */
+ V_rtq_toomany = 128; /* 128 cached routes is "too many" */
+ V_rtq_timeout = RTQ_TIMEOUT;
+
rnh = *head;
rnh->rnh_addaddr = in_addroute;
rnh->rnh_matchaddr = in_matroute;
Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_var.h
==============================================================================
--- user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_var.h Fri Dec 5 07:41:53 2008 (r185628)
+++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet/in_var.h Fri Dec 5 07:42:54 2008 (r185629)
@@ -138,6 +138,15 @@ do { \
#endif
/*
+ * IP datagram reassembly.
+ */
+#define IPREASS_NHASH_LOG2 6
+#define IPREASS_NHASH (1 << IPREASS_NHASH_LOG2)
+#define IPREASS_HMASK (IPREASS_NHASH - 1)
+#define IPREASS_HASH(x,y) \
+ (((((x) & 0xF) | ((((x) >> 8) & 0xF) << 4)) ^ (y)) & IPREASS_HMASK)
+
+/*
* This information should be part of the ifnet structure but we don't wish
* to change that - as it might break a number of things
*/
Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip6.h
==============================================================================
--- user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip6.h Fri Dec 5 07:41:53 2008 (r185628)
+++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip6.h Fri Dec 5 07:42:54 2008 (r185629)
@@ -347,8 +347,6 @@ do { \
} \
} while (/*CONSTCOND*/ 0)
-#include <netinet6/vinet6.h>
-
#endif /*_KERNEL*/
#endif /* not _NETINET_IP6_H_ */
Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_carp.c
==============================================================================
--- user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_carp.c Fri Dec 5 07:41:53 2008 (r185628)
+++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_carp.c Fri Dec 5 07:42:54 2008 (r185629)
@@ -74,6 +74,7 @@ __FBSDID("$FreeBSD$");
#include <netinet/ip_var.h>
#include <netinet/if_ether.h>
#include <machine/in_cksum.h>
+#include <netinet/vinet.h>
#endif
#ifdef INET6
@@ -82,6 +83,7 @@ __FBSDID("$FreeBSD$");
#include <netinet6/ip6_var.h>
#include <netinet6/scope6_var.h>
#include <netinet6/nd6.h>
+#include <netinet6/vinet6.h>
#endif
#include <crypto/sha1.h>
Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_divert.c
==============================================================================
--- user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_divert.c Fri Dec 5 07:41:53 2008 (r185628)
+++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_divert.c Fri Dec 5 07:42:54 2008 (r185629)
@@ -74,6 +74,7 @@ __FBSDID("$FreeBSD$");
#include <netinet/ip_divert.h>
#include <netinet/ip_var.h>
#include <netinet/ip_fw.h>
+#include <netinet/vinet.h>
#include <security/mac/mac_framework.h>
@@ -112,8 +113,10 @@ __FBSDID("$FreeBSD$");
*/
/* Internal variables. */
+#ifdef VIMAGE_GLOBALS
static struct inpcbhead divcb;
static struct inpcbinfo divcbinfo;
+#endif
static u_long div_sendspace = DIVSNDQ; /* XXX sysctl ? */
static u_long div_recvspace = DIVRCVQ; /* XXX sysctl ? */
@@ -320,6 +323,7 @@ div_output(struct socket *so, struct mbu
*/
m->m_pkthdr.rcvif = NULL;
m->m_nextpkt = NULL;
+ M_SETFIB(m, so->so_fibnum);
if (control)
m_freem(control); /* XXX */
@@ -578,6 +582,7 @@ div_ctlinput(int cmd, struct sockaddr *s
static int
div_pcblist(SYSCTL_HANDLER_ARGS)
{
+ INIT_VNET_INET(curvnet);
int error, i, n;
struct inpcb *inp, **inp_list;
inp_gen_t gencnt;
Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_fastfwd.c
==============================================================================
--- user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_fastfwd.c Fri Dec 5 07:41:53 2008 (r185628)
+++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_fastfwd.c Fri Dec 5 07:42:54 2008 (r185629)
@@ -103,10 +103,13 @@ __FBSDID("$FreeBSD$");
#include <netinet/ip_var.h>
#include <netinet/ip_icmp.h>
#include <netinet/ip_options.h>
+#include <netinet/vinet.h>
#include <machine/in_cksum.h>
-static int ipfastforward_active = 0;
+#ifdef VIMAGE_GLOBALS
+static int ipfastforward_active;
+#endif
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, fastforwarding,
CTLFLAG_RW, ipfastforward_active, 0, "Enable fast IP forwarding");
Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_fw2.c
==============================================================================
--- user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_fw2.c Fri Dec 5 07:41:53 2008 (r185628)
+++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_fw2.c Fri Dec 5 07:42:54 2008 (r185629)
@@ -69,6 +69,7 @@ __FBSDID("$FreeBSD$");
#include <net/radix.h>
#include <net/route.h>
#include <net/pf_mtag.h>
+#include <net/vnet.h>
#define IPFW_INTERNAL /* Access to protected data structures in ip_fw.h. */
@@ -91,6 +92,8 @@ __FBSDID("$FreeBSD$");
#include <netinet/udp.h>
#include <netinet/udp_var.h>
#include <netinet/sctp.h>
+#include <netinet/vinet.h>
+
#include <netgraph/ng_ipfw.h>
#include <altq/if_altq.h>
@@ -1803,14 +1806,14 @@ add_table_entry(struct ip_fw_chain *ch,
ent->addr.sin_len = ent->mask.sin_len = 8;
ent->mask.sin_addr.s_addr = htonl(mlen ? ~((1 << (32 - mlen)) - 1) : 0);
ent->addr.sin_addr.s_addr = addr & ent->mask.sin_addr.s_addr;
- IPFW_WLOCK(&V_layer3_chain);
+ IPFW_WLOCK(ch);
if (rnh->rnh_addaddr(&ent->addr, &ent->mask, rnh, (void *)ent) ==
NULL) {
- IPFW_WUNLOCK(&V_layer3_chain);
+ IPFW_WUNLOCK(ch);
free(ent, M_IPFW_TBL);
return (EEXIST);
}
- IPFW_WUNLOCK(&V_layer3_chain);
+ IPFW_WUNLOCK(ch);
return (0);
}
Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_fw_pfil.c
==============================================================================
--- user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_fw_pfil.c Fri Dec 5 07:41:53 2008 (r185628)
+++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_fw_pfil.c Fri Dec 5 07:42:54 2008 (r185629)
@@ -487,6 +487,7 @@ ipfw6_unhook(void)
int
ipfw_chg_hook(SYSCTL_HANDLER_ARGS)
{
+ INIT_VNET_IPFW(curvnet);
int enable = *(int *)arg1;
int error;
Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_icmp.c
==============================================================================
--- user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_icmp.c Fri Dec 5 07:41:53 2008 (r185628)
+++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet/ip_icmp.c Fri Dec 5 07:42:54 2008 (r185629)
@@ -61,6 +61,7 @@ __FBSDID("$FreeBSD$");
#include <netinet/tcp_var.h>
#include <netinet/tcpip.h>
#include <netinet/icmp_var.h>
+#include <netinet/vinet.h>
#ifdef IPSEC
#include <netipsec/ipsec.h>
@@ -77,47 +78,51 @@ __FBSDID("$FreeBSD$");
* host table maintenance routines.
*/
-struct icmpstat icmpstat;
+#ifdef VIMAGE_GLOBALS
+struct icmpstat icmpstat;
+static int icmpmaskrepl;
+static u_int icmpmaskfake;
+static int drop_redirect;
+static int log_redirect;
+static int icmplim;
+static int icmplim_output;
+static char reply_src[IFNAMSIZ];
+static int icmp_rfi;
+static int icmp_quotelen;
+static int icmpbmcastecho;
+#endif
+
SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_icmp, ICMPCTL_STATS, stats,
CTLFLAG_RW, icmpstat, icmpstat, "");
-static int icmpmaskrepl = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, ICMPCTL_MASKREPL, maskrepl,
CTLFLAG_RW, icmpmaskrepl, 0,
"Reply to ICMP Address Mask Request packets.");
-static u_int icmpmaskfake = 0;
SYSCTL_V_UINT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, maskfake, CTLFLAG_RW,
icmpmaskfake, 0, "Fake reply to ICMP Address Mask Request packets.");
-static int drop_redirect = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, drop_redirect,
CTLFLAG_RW, drop_redirect, 0, "Ignore ICMP redirects");
-static int log_redirect = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, log_redirect,
CTLFLAG_RW, log_redirect, 0, "Log ICMP redirects to the console");
-static int icmplim = 200;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, ICMPCTL_ICMPLIM, icmplim,
CTLFLAG_RW, icmplim, 0, "Maximum number of ICMP responses per second");
-static int icmplim_output = 1;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, icmplim_output,
CTLFLAG_RW, icmplim_output, 0,
"Enable rate limiting of ICMP responses");
-static char reply_src[IFNAMSIZ];
SYSCTL_V_STRING(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, reply_src,
CTLFLAG_RW, reply_src, IFNAMSIZ,
"icmp reply source for non-local packets.");
-static int icmp_rfi = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, reply_from_interface,
CTLFLAG_RW, icmp_rfi, 0, "ICMP reply from incoming interface for "
"non-local packets");
-static int icmp_quotelen = 8;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, quotelen, CTLFLAG_RW,
icmp_quotelen, 0, "Number of bytes from original packet to "
"quote in ICMP reply");
@@ -126,7 +131,6 @@ SYSCTL_V_INT(V_NET, vnet_inet, _net_inet
* ICMP broadcast echo sysctl
*/
-static int icmpbmcastecho = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, bmcastecho,
CTLFLAG_RW, icmpbmcastecho, 0, "");
@@ -140,6 +144,22 @@ static void icmp_send(struct mbuf *, str
extern struct protosw inetsw[];
+void
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-user
mailing list