git: 24a07b61ff28 - stable/14 - icmp6: move ICMPv6 related tunables to the files where they are used
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 26 Jun 2024 04:50:26 UTC
The branch stable/14 has been updated by zlei: URL: https://cgit.FreeBSD.org/src/commit/?id=24a07b61ff28ed243615244e371ca02e326035a0 commit 24a07b61ff28ed243615244e371ca02e326035a0 Author: Gleb Smirnoff <glebius@FreeBSD.org> AuthorDate: 2024-03-24 16:13:23 +0000 Commit: Zhenlei Huang <zlei@FreeBSD.org> CommitDate: 2024-06-26 04:48:44 +0000 icmp6: move ICMPv6 related tunables to the files where they are used Most of them can be declared as static after the move out of in6_proto.c. Keeping sysctl(9) declarations with their text descriptions next to the variable declaration create self-documenting code. There should be no functional changes. Differential Revision: https://reviews.freebsd.org/D44481 (cherry picked from commit 4f96be33fe7676c69c5abb476bb09bba0c63a3f4) --- sys/netinet/icmp6.h | 10 +++----- sys/netinet6/icmp6.c | 34 +++++++++++++++++++++---- sys/netinet6/in6.c | 14 ++++++++++- sys/netinet6/in6_proto.c | 65 ------------------------------------------------ sys/netinet6/ip6_var.h | 5 ---- sys/netinet6/nd6.c | 44 ++++++++++++++++++++++---------- sys/netinet6/nd6.h | 14 ----------- sys/netinet6/nd6_nbr.c | 7 ++++++ sys/netinet6/nd6_rtr.c | 10 +++++--- 9 files changed, 91 insertions(+), 112 deletions(-) diff --git a/sys/netinet/icmp6.h b/sys/netinet/icmp6.h index e93317c66a11..ea7bf74797f1 100644 --- a/sys/netinet/icmp6.h +++ b/sys/netinet/icmp6.h @@ -646,6 +646,10 @@ struct icmp6stat { #ifdef _KERNEL #include <sys/counter.h> +#ifdef SYSCTL_DECL +SYSCTL_DECL(_net_inet6_icmp6); +#endif + VNET_PCPUSTAT_DECLARE(struct icmp6stat, icmp6stat); /* * In-kernel consumers can use these accessor macros directly to update @@ -774,12 +778,6 @@ do { \ } \ } while (/*CONSTCOND*/ 0) -VNET_DECLARE(int, icmp6_rediraccept); /* accept/process redirects */ -VNET_DECLARE(int, icmp6_redirtimeout); /* cache time for redirect routes */ - -#define V_icmp6_rediraccept VNET(icmp6_rediraccept) -#define V_icmp6_redirtimeout VNET(icmp6_redirtimeout) - #define ICMP6_NODEINFO_FQDNOK 0x1 #define ICMP6_NODEINFO_NODEADDROK 0x2 #define ICMP6_NODEINFO_TMPADDROK 0x4 diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c index 5b384889d422..996416856b20 100644 --- a/sys/netinet6/icmp6.c +++ b/sys/netinet6/icmp6.c @@ -116,22 +116,46 @@ extern ip6proto_ctlinput_t *ip6_ctlprotox[]; VNET_PCPUSTAT_DEFINE(struct icmp6stat, icmp6stat); VNET_PCPUSTAT_SYSINIT(icmp6stat); +SYSCTL_VNET_PCPUSTAT(_net_inet6_icmp6, ICMPV6CTL_STATS, stats, + struct icmp6stat, icmp6stat, + "ICMPv6 statistics (struct icmp6stat, netinet/icmp6.h)"); #ifdef VIMAGE VNET_PCPUSTAT_SYSUNINIT(icmp6stat); #endif /* VIMAGE */ +VNET_DEFINE_STATIC(int, icmp6_rediraccept) = 1; +#define V_icmp6_rediraccept VNET(icmp6_rediraccept) +SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT, rediraccept, + CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(icmp6_rediraccept), 0, + "Accept ICMPv6 redirect messages"); + +VNET_DEFINE_STATIC(int, icmp6_redirtimeout) = 10 * 60; /* 10 minutes */ +#define V_icmp6_redirtimeout VNET(icmp6_redirtimeout) +SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRTIMEOUT, redirtimeout, + CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(icmp6_redirtimeout), 0, + "Delay in seconds before expiring redirect route"); + +VNET_DEFINE_STATIC(int, icmp6_nodeinfo) = 0; +#define V_icmp6_nodeinfo VNET(icmp6_nodeinfo) +SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO, nodeinfo, + CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(icmp6_nodeinfo), 0, + "Mask of enabled RFC4620 node information query types"); + VNET_DECLARE(struct inpcbinfo, ripcbinfo); -VNET_DECLARE(int, icmp6errppslim); +#define V_ripcbinfo VNET(ripcbinfo) + +VNET_DEFINE_STATIC(int, icmp6errppslim) = 100; +#define V_icmp6errppslim VNET(icmp6errppslim) +SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ERRPPSLIMIT, errppslimit, + CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(icmp6errppslim), 0, + "Maximum number of ICMPv6 error messages per second"); + VNET_DEFINE_STATIC(int, icmp6errpps_count) = 0; VNET_DEFINE_STATIC(struct timeval, icmp6errppslim_last); -VNET_DECLARE(int, icmp6_nodeinfo); -#define V_ripcbinfo VNET(ripcbinfo) -#define V_icmp6errppslim VNET(icmp6errppslim) #define V_icmp6errpps_count VNET(icmp6errpps_count) #define V_icmp6errppslim_last VNET(icmp6errppslim_last) -#define V_icmp6_nodeinfo VNET(icmp6_nodeinfo) static void icmp6_errcount(int, int); static int icmp6_rip6_input(struct mbuf **, int); diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c index 55d675417c41..e9f16dcf5c54 100644 --- a/sys/netinet6/in6.c +++ b/sys/netinet6/in6.c @@ -102,6 +102,7 @@ #include <netinet/ip.h> #include <netinet/in_pcb.h> #include <netinet/ip_carp.h> +#include <netinet/icmp6.h> #include <netinet/ip6.h> #include <netinet6/ip6_var.h> @@ -125,8 +126,19 @@ _Static_assert(offsetof(struct in6_ifreq, ifr_ifru) == offsetof(struct ifreq, ifr_ifru), "struct in6_ifreq and struct ifreq are not type punnable"); -VNET_DECLARE(int, icmp6_nodeinfo_oldmcprefix); +VNET_DEFINE_STATIC(int, icmp6_nodeinfo_oldmcprefix) = 1; #define V_icmp6_nodeinfo_oldmcprefix VNET(icmp6_nodeinfo_oldmcprefix) +SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO_OLDMCPREFIX, + nodeinfo_oldmcprefix, CTLFLAG_VNET | CTLFLAG_RW, + &VNET_NAME(icmp6_nodeinfo_oldmcprefix), 0, + "Join old IPv6 NI group address in draft-ietf-ipngwg-icmp-name-lookup " + "for compatibility with KAME implementation"); + +VNET_DEFINE_STATIC(int, nd6_useloopback) = 1; +#define V_nd6_useloopback VNET(nd6_useloopback) +SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_USELOOPBACK, nd6_useloopback, + CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_useloopback), 0, + "Create a loopback route when configuring an IPv6 address"); /* * Definitions of some costant IP6 addresses. diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c index 6e7ffedc3dcd..de065f814560 100644 --- a/sys/netinet6/in6_proto.c +++ b/sys/netinet6/in6_proto.c @@ -173,11 +173,8 @@ VNET_DEFINE(int, ip6_v6only) = 1; #ifdef IPSTEALTH VNET_DEFINE(int, ip6stealth) = 0; #endif -VNET_DEFINE(int, nd6_onlink_ns_rfc4861) = 0;/* allow 'on-link' nd6 NS - * (RFC 4861) */ VNET_DEFINE(bool, ip6_log_cannot_forward) = 1; -/* icmp6 */ /* * BSDI4 defines these variables in in_proto.c... * XXX: what if we don't define INET? Should we define pmtu6_expire @@ -186,14 +183,6 @@ VNET_DEFINE(bool, ip6_log_cannot_forward) = 1; VNET_DEFINE(int, pmtu_expire) = 60*10; VNET_DEFINE(int, pmtu_probe) = 60*2; -/* ICMPV6 parameters */ -VNET_DEFINE(int, icmp6_rediraccept) = 1;/* accept and process redirects */ -VNET_DEFINE(int, icmp6_redirtimeout) = 10 * 60; /* 10 minutes */ -VNET_DEFINE(int, icmp6errppslim) = 100; /* 100pps */ -/* control how to respond to NI queries */ -VNET_DEFINE(int, icmp6_nodeinfo) = 0; -VNET_DEFINE(int, icmp6_nodeinfo_oldmcprefix) = 1; - VNET_DEFINE_STATIC(int, ip6_log_interval) = 5; VNET_DEFINE_STATIC(int, ip6_log_count) = 0; VNET_DEFINE_STATIC(struct timeval, ip6_log_last) = { 0 }; @@ -358,57 +347,3 @@ SYSCTL_BOOL(_net_inet6_ip6, OID_AUTO, log_cannot_forward, CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_log_cannot_forward), 1, "Log packets that cannot be forwarded"); - -/* net.inet6.icmp6 */ -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT, rediraccept, - CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(icmp6_rediraccept), 0, - "Accept ICMPv6 redirect messages"); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRTIMEOUT, redirtimeout, - CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(icmp6_redirtimeout), 0, - "Delay in seconds before expiring redirect route"); -SYSCTL_VNET_PCPUSTAT(_net_inet6_icmp6, ICMPV6CTL_STATS, stats, - struct icmp6stat, icmp6stat, - "ICMPv6 statistics (struct icmp6stat, netinet/icmp6.h)"); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_PRUNE, nd6_prune, - CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_prune), 0, - "Frequency in seconds of checks for expired prefixes and routers"); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DELAY, nd6_delay, - CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_delay), 0, - "Delay in seconds before probing for reachability"); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_UMAXTRIES, nd6_umaxtries, - CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_umaxtries), 0, - "Number of ICMPv6 NS messages sent during reachability detection"); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MMAXTRIES, nd6_mmaxtries, - CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_mmaxtries), 0, - "Number of ICMPv6 NS messages sent during address resolution"); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_USELOOPBACK, nd6_useloopback, - CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_useloopback), 0, - "Create a loopback route when configuring an IPv6 address"); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO, nodeinfo, - CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(icmp6_nodeinfo), 0, - "Mask of enabled RFC4620 node information query types"); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO_OLDMCPREFIX, - nodeinfo_oldmcprefix, CTLFLAG_VNET | CTLFLAG_RW, - &VNET_NAME(icmp6_nodeinfo_oldmcprefix), 0, - "Join old IPv6 NI group address in draft-ietf-ipngwg-icmp-name-lookup " - "for compatibility with KAME implementation"); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ERRPPSLIMIT, errppslimit, - CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(icmp6errppslim), 0, - "Maximum number of ICMPv6 error messages per second"); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXNUDHINT, nd6_maxnudhint, - CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_maxnudhint), 0, - ""); /* XXX unused */ -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG, nd6_debug, - CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_debug), 0, - "Log NDP debug messages"); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861, - nd6_onlink_ns_rfc4861, CTLFLAG_VNET | CTLFLAG_RW, - &VNET_NAME(nd6_onlink_ns_rfc4861), 0, - "Accept 'on-link' ICMPv6 NS messages in compliance with RFC 4861"); -#ifdef EXPERIMENTAL -SYSCTL_INT(_net_inet6_icmp6, OID_AUTO, - nd6_ignore_ipv6_only_ra, CTLFLAG_VNET | CTLFLAG_RW, - &VNET_NAME(nd6_ignore_ipv6_only_ra), 0, - "Ignore the 'IPv6-Only flag' in RA messages in compliance with " - "draft-ietf-6man-ipv6only-flag"); -#endif diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h index a3b3b0cb3585..464b74c4fd88 100644 --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -333,11 +333,6 @@ VNET_DECLARE(int, ip6stealth); #define V_ip6stealth VNET(ip6stealth) #endif -#ifdef EXPERIMENTAL -VNET_DECLARE(int, nd6_ignore_ipv6_only_ra); -#define V_nd6_ignore_ipv6_only_ra VNET(nd6_ignore_ipv6_only_ra) -#endif - VNET_DECLARE(bool, ip6_log_cannot_forward); #define V_ip6_log_cannot_forward VNET(ip6_log_cannot_forward) diff --git a/sys/netinet6/nd6.c b/sys/netinet6/nd6.c index b3ca612c90d6..3eacb05f88d7 100644 --- a/sys/netinet6/nd6.c +++ b/sys/netinet6/nd6.c @@ -91,21 +91,37 @@ MALLOC_DEFINE(M_IP6NDP, "ip6ndp", "IPv6 Neighbor Discovery"); -/* timer values */ -VNET_DEFINE(int, nd6_prune) = 1; /* walk list every 1 seconds */ -VNET_DEFINE(int, nd6_delay) = 5; /* delay first probe time 5 second */ -VNET_DEFINE(int, nd6_umaxtries) = 3; /* maximum unicast query */ -VNET_DEFINE(int, nd6_mmaxtries) = 3; /* maximum multicast query */ -VNET_DEFINE(int, nd6_useloopback) = 1; /* use loopback interface for - * local traffic */ -VNET_DEFINE(int, nd6_gctimer) = (60 * 60 * 24); /* 1 day: garbage - * collection timer */ +VNET_DEFINE_STATIC(int, nd6_prune) = 1; +#define V_nd6_prune VNET(nd6_prune) +SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_PRUNE, nd6_prune, + CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_prune), 0, + "Frequency in seconds of checks for expired prefixes and routers"); + +VNET_DEFINE_STATIC(int, nd6_delay) = 5; +#define V_nd6_delay VNET(nd6_delay) +SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DELAY, nd6_delay, + CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_delay), 0, + "Delay in seconds before probing for reachability"); + +VNET_DEFINE_STATIC(int, nd6_umaxtries) = 3; +#define V_nd6_umaxtries VNET(nd6_umaxtries) +SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_UMAXTRIES, nd6_umaxtries, + CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_umaxtries), 0, + "Number of ICMPv6 NS messages sent during reachability detection"); + +VNET_DEFINE(int, nd6_mmaxtries) = 3; +#define V_nd6_mmaxtries VNET(nd6_mmaxtries) +SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MMAXTRIES, nd6_mmaxtries, + CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_mmaxtries), 0, + "Number of ICMPv6 NS messages sent during address resolution"); + +VNET_DEFINE_STATIC(int, nd6_gctimer) = (60 * 60 * 24); /* 1 day: garbage + * collection timer */ +#define V_nd6_gctimer VNET(nd6_gctimer) /* preventing too many loops in ND option parsing */ VNET_DEFINE_STATIC(int, nd6_maxndopt) = 10; /* max # of ND options allowed */ -VNET_DEFINE(int, nd6_maxnudhint) = 0; /* max # of subsequent upper - * layer hints */ VNET_DEFINE_STATIC(int, nd6_maxqueuelen) = 16; /* max pkts cached in unresolved * ND entries */ #define V_nd6_maxndopt VNET(nd6_maxndopt) @@ -116,6 +132,10 @@ VNET_DEFINE(int, nd6_debug) = 1; #else VNET_DEFINE(int, nd6_debug) = 0; #endif +#define V_nd6_debug VNET(nd6_debug) +SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG, nd6_debug, + CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_debug), 0, + "Log NDP debug messages"); static eventhandler_tag lle_event_eh, iflladdr_event_eh, ifnet_link_event_eh; @@ -148,8 +168,6 @@ VNET_DEFINE_STATIC(struct callout, nd6_slowtimo_ch); VNET_DEFINE_STATIC(struct callout, nd6_timer_ch); #define V_nd6_timer_ch VNET(nd6_timer_ch) -SYSCTL_DECL(_net_inet6_icmp6); - static void nd6_lle_event(void *arg __unused, struct llentry *lle, int evt) { diff --git a/sys/netinet6/nd6.h b/sys/netinet6/nd6.h index 3e7f2d814d47..1db1b666c60b 100644 --- a/sys/netinet6/nd6.h +++ b/sys/netinet6/nd6.h @@ -255,26 +255,12 @@ MALLOC_DECLARE(M_IP6NDP); #endif /* nd6.c */ -VNET_DECLARE(int, nd6_prune); -VNET_DECLARE(int, nd6_delay); -VNET_DECLARE(int, nd6_umaxtries); VNET_DECLARE(int, nd6_mmaxtries); -VNET_DECLARE(int, nd6_useloopback); -VNET_DECLARE(int, nd6_maxnudhint); -VNET_DECLARE(int, nd6_gctimer); VNET_DECLARE(struct nd_prhead, nd_prefix); VNET_DECLARE(int, nd6_debug); -VNET_DECLARE(int, nd6_onlink_ns_rfc4861); -#define V_nd6_prune VNET(nd6_prune) -#define V_nd6_delay VNET(nd6_delay) -#define V_nd6_umaxtries VNET(nd6_umaxtries) #define V_nd6_mmaxtries VNET(nd6_mmaxtries) -#define V_nd6_useloopback VNET(nd6_useloopback) -#define V_nd6_maxnudhint VNET(nd6_maxnudhint) -#define V_nd6_gctimer VNET(nd6_gctimer) #define V_nd_prefix VNET(nd_prefix) #define V_nd6_debug VNET(nd6_debug) -#define V_nd6_onlink_ns_rfc4861 VNET(nd6_onlink_ns_rfc4861) /* Lock for the prefix and default router lists. */ VNET_DECLARE(struct rwlock, nd6_lock); diff --git a/sys/netinet6/nd6_nbr.c b/sys/netinet6/nd6_nbr.c index 7b4fa7a8d8c9..353db66c2323 100644 --- a/sys/netinet6/nd6_nbr.c +++ b/sys/netinet6/nd6_nbr.c @@ -110,6 +110,13 @@ VNET_DEFINE_STATIC(int, dad_maxtry) = 15; /* max # of *tries* to transmit DAD packet */ #define V_dad_maxtry VNET(dad_maxtry) +VNET_DEFINE_STATIC(int, nd6_onlink_ns_rfc4861) = 0; +#define V_nd6_onlink_ns_rfc4861 VNET(nd6_onlink_ns_rfc4861) +SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861, + nd6_onlink_ns_rfc4861, CTLFLAG_VNET | CTLFLAG_RW, + &VNET_NAME(nd6_onlink_ns_rfc4861), 0, + "Accept 'on-link' ICMPv6 NS messages in compliance with RFC 4861"); + /* * Input a Neighbor Solicitation Message. * diff --git a/sys/netinet6/nd6_rtr.c b/sys/netinet6/nd6_rtr.c index de991c98b6c3..845f9094f4c4 100644 --- a/sys/netinet6/nd6_rtr.c +++ b/sys/netinet6/nd6_rtr.c @@ -98,11 +98,15 @@ VNET_DEFINE(u_int32_t, ip6_temp_valid_lifetime) = DEF_TEMP_VALID_LIFETIME; VNET_DEFINE(int, ip6_temp_regen_advance) = TEMPADDR_REGEN_ADVANCE; #ifdef EXPERIMENTAL -VNET_DEFINE(int, nd6_ignore_ipv6_only_ra) = 1; +VNET_DEFINE_STATIC(int, nd6_ignore_ipv6_only_ra) = 1; +#define V_nd6_ignore_ipv6_only_ra VNET(nd6_ignore_ipv6_only_ra) +SYSCTL_INT(_net_inet6_icmp6, OID_AUTO, + nd6_ignore_ipv6_only_ra, CTLFLAG_VNET | CTLFLAG_RW, + &VNET_NAME(nd6_ignore_ipv6_only_ra), 0, + "Ignore the 'IPv6-Only flag' in RA messages in compliance with " + "draft-ietf-6man-ipv6only-flag"); #endif -SYSCTL_DECL(_net_inet6_icmp6); - /* RTPREF_MEDIUM has to be 0! */ #define RTPREF_HIGH 1 #define RTPREF_MEDIUM 0