Index: sys/compat/linprocfs/linprocfs.c =========================================================================== --- sys/compat/linprocfs/linprocfs.c 2008/09/03 22:27:36 #89 +++ sys/compat/linprocfs/linprocfs.c 2008/09/03 22:27:36 @@ -1001,6 +1001,7 @@ static int linprocfs_donetdev(PFS_FILL_ARGS) { + INIT_VNET_NET(TD_TO_VNET(curthread)); char ifname[16]; /* XXX LINUX_IFNAMSIZ */ struct ifnet *ifp; Index: sys/compat/linux/linux_ioctl.c =========================================================================== --- sys/compat/linux/linux_ioctl.c 2008/09/03 22:27:36 #81 +++ sys/compat/linux/linux_ioctl.c 2008/09/03 22:27:36 @@ -2051,6 +2051,7 @@ int linux_ifname(struct ifnet *ifp, char *buffer, size_t buflen) { + INIT_VNET_NET(ifp->if_vnet); struct ifnet *ifscan; int ethno; @@ -2084,6 +2085,7 @@ static struct ifnet * ifname_linux_to_bsd(const char *lxname, char *bsdname) { + INIT_VNET_NET(TD_TO_VNET(curthread)); struct ifnet *ifp; int len, unit; char *ep; @@ -2124,6 +2126,7 @@ static int linux_ifconf(struct thread *td, struct ifconf *uifc) { + INIT_VNET_NET(TD_TO_VNET(td)); #ifdef COMPAT_LINUX32 struct l_ifconf ifc; #else Index: sys/compat/linux/linux_misc.c =========================================================================== --- sys/compat/linux/linux_misc.c 2008/09/03 22:27:36 #121 +++ sys/compat/linux/linux_misc.c 2008/09/03 22:27:36 @@ -714,6 +714,7 @@ int linux_newuname(struct thread *td, struct linux_newuname_args *args) { + INIT_VPROCG(TD_TO_VPROCG(td)); struct l_new_utsname utsname; char osname[LINUX_MAX_UTSNAME]; char osrelease[LINUX_MAX_UTSNAME]; Index: sys/contrib/dev/ath/public/mipsisa32-be-elf.hal.o.uu =========================================================================== --- sys/contrib/dev/ath/public/mipsisa32-be-elf.hal.o.uu 2008/09/03 22:27:36 #10 +++ sys/contrib/dev/ath/public/mipsisa32-be-elf.hal.o.uu 2008/09/03 22:27:36 Index: sys/contrib/pf/net/pfvar.h =========================================================================== --- sys/contrib/pf/net/pfvar.h 2008/09/03 22:27:36 #17 +++ sys/contrib/pf/net/pfvar.h 2008/09/03 22:27:36 @@ -1855,5 +1855,12 @@ struct pf_os_fingerprint * pf_osfp_validate(void); +/* + * Symbol translation macros + */ +#define INIT_VNET_PF(vnet) \ + INIT_FROM_VNET(vnet, VNET_MOD_PF, struct vnet_pf, vnet_pf) + +#define VNET_PF(sym) VSYM(vnet_pf, sym) #endif /* _NET_PFVAR_H_ */ Index: sys/dev/firewire/firewire.c =========================================================================== --- sys/dev/firewire/firewire.c 2008/09/03 22:27:36 #101 +++ sys/dev/firewire/firewire.c 2008/09/03 22:27:36 @@ -703,7 +703,7 @@ crom_add_simple_text(src, root, &buf->vendor, "FreeBSD Project"); crom_add_entry(root, CSRKEY_HW, __FreeBSD_version); #endif - crom_add_simple_text(src, root, &buf->hw, V_hostname); + crom_add_simple_text(src, root, &buf->hw, G_hostname); } /* Index: sys/fs/cd9660/cd9660_rrip.c =========================================================================== --- sys/fs/cd9660/cd9660_rrip.c 2008/09/03 22:27:36 #4 +++ sys/fs/cd9660/cd9660_rrip.c 2008/09/03 22:27:36 @@ -114,6 +114,7 @@ ISO_RRIP_SLINK *p; ISO_RRIP_ANALYZE *ana; { + INIT_VPROCG(TD_TO_VPROCG(curthread)); ISO_RRIP_SLINK_COMPONENT *pcomp; ISO_RRIP_SLINK_COMPONENT *pcompe; int len, wlen, cont; @@ -224,6 +225,7 @@ ISO_RRIP_ALTNAME *p; ISO_RRIP_ANALYZE *ana; { + INIT_VPROCG(TD_TO_VPROCG(curthread)); char *inbuf; int wlen; int cont; Index: sys/kern/kern_jail.c =========================================================================== --- sys/kern/kern_jail.c 2008/09/03 22:27:36 #72 +++ sys/kern/kern_jail.c 2008/09/03 22:27:36 @@ -475,6 +475,7 @@ void getcredhostname(struct ucred *cred, char *buf, size_t size) { + INIT_VPROCG(cred->cr_vimage->v_procg); if (jailed(cred)) { mtx_lock(&cred->cr_prison->pr_mtx); Index: sys/kern/kern_mib.c =========================================================================== --- sys/kern/kern_mib.c 2008/09/03 22:27:36 #48 +++ sys/kern/kern_mib.c 2008/09/03 22:27:36 @@ -207,7 +207,9 @@ SYSCTL_STRING(_hw, HW_MACHINE_ARCH, machine_arch, CTLFLAG_RD, machine_arch, 0, "System architecture"); +#ifndef VIMAGE char hostname[MAXHOSTNAMELEN]; +#endif /* * This mutex is used to protect the hostname and domainname variables, and @@ -219,6 +221,7 @@ static int sysctl_hostname(SYSCTL_HANDLER_ARGS) { + INIT_VPROCG(TD_TO_VPROCG(req->td)); struct prison *pr; char tmphostname[MAXHOSTNAMELEN]; int error; @@ -345,7 +348,9 @@ 0, 0, sysctl_kern_config, "", "Kernel configuration file"); #endif +#ifndef VIMAGE char domainname[MAXHOSTNAMELEN]; /* Protected by hostname_mtx. */ +#endif static int sysctl_domainname(SYSCTL_HANDLER_ARGS) @@ -354,13 +359,13 @@ int error; mtx_lock(&hostname_mtx); - bcopy(domainname, tmpdomainname, MAXHOSTNAMELEN); + bcopy(V_domainname, tmpdomainname, MAXHOSTNAMELEN); mtx_unlock(&hostname_mtx); error = sysctl_handle_string(oidp, tmpdomainname, sizeof tmpdomainname, req); if (req->newptr != NULL && error == 0) { mtx_lock(&hostname_mtx); - bcopy(tmpdomainname, domainname, MAXHOSTNAMELEN); + bcopy(tmpdomainname, V_domainname, MAXHOSTNAMELEN); mtx_unlock(&hostname_mtx); } return (error); Index: sys/kern/kern_uuid.c =========================================================================== --- sys/kern/kern_uuid.c 2008/09/03 22:27:36 #14 +++ sys/kern/kern_uuid.c 2008/09/03 22:27:36 @@ -88,6 +88,7 @@ static void uuid_node(uint16_t *node) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; struct ifaddr *ifa; struct sockaddr_dl *sdl; Index: sys/kern/kern_xxx.c =========================================================================== --- sys/kern/kern_xxx.c 2008/09/03 22:27:36 #21 +++ sys/kern/kern_xxx.c 2008/09/03 22:27:36 @@ -246,6 +246,7 @@ struct thread *td; struct getdomainname_args *uap; { + INIT_VPROCG(TD_TO_VPROCG(td)); char tmpdomainname[MAXHOSTNAMELEN]; int domainnamelen; @@ -271,6 +272,7 @@ struct thread *td; struct setdomainname_args *uap; { + INIT_VPROCG(TD_TO_VPROCG(td)); char tmpdomainname[MAXHOSTNAMELEN]; int error, domainnamelen; Index: sys/net/if.c =========================================================================== --- sys/net/if.c 2008/09/03 22:27:36 #173 +++ sys/net/if.c 2008/09/03 22:27:36 @@ -279,6 +279,7 @@ static int netkqfilter(struct cdev *dev, struct knote *kn) { + INIT_VNET_NET(curvnet); struct knlist *klist; struct ifnet *ifp; int idx; @@ -383,6 +384,7 @@ struct ifnet* if_alloc(u_char type) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; ifp = malloc(sizeof(struct ifnet), M_IFNET, M_WAITOK|M_ZERO); @@ -445,6 +447,7 @@ void if_free_type(struct ifnet *ifp, u_char type) { + INIT_VNET_NET(curvnet); /* ifp->if_vnet can be NULL here ! */ if (ifp != ifnet_byindex(ifp->if_index)) { if_printf(ifp, "%s: value was not if_alloced, skipping\n", @@ -482,6 +485,7 @@ void if_attach(struct ifnet *ifp) { + INIT_VNET_NET(curvnet); unsigned socksize, ifasize; int namelen, masklen; struct sockaddr_dl *sdl; @@ -595,6 +599,7 @@ static void if_attachdomain(void *dummy) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; int s; @@ -705,6 +710,7 @@ void if_detach(struct ifnet *ifp) { + INIT_VNET_NET(ifp->if_vnet); struct ifaddr *ifa; struct radix_node_head *rnh; int s; @@ -820,6 +826,7 @@ int if_addgroup(struct ifnet *ifp, const char *groupname) { + INIT_VNET_NET(ifp->if_vnet); struct ifg_list *ifgl; struct ifg_group *ifg = NULL; struct ifg_member *ifgm; @@ -889,6 +896,7 @@ int if_delgroup(struct ifnet *ifp, const char *groupname) { + INIT_VNET_NET(ifp->if_vnet); struct ifg_list *ifgl; struct ifg_member *ifgm; @@ -978,6 +986,7 @@ static int if_getgroupmembers(struct ifgroupreq *data) { + INIT_VNET_NET(curvnet); struct ifgroupreq *ifgr = data; struct ifg_group *ifg; struct ifg_member *ifgm; @@ -1087,6 +1096,7 @@ struct ifaddr * ifa_ifwithaddr(struct sockaddr *addr) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; struct ifaddr *ifa; @@ -1117,6 +1127,7 @@ struct ifaddr * ifa_ifwithbroadaddr(struct sockaddr *addr) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; struct ifaddr *ifa; @@ -1144,6 +1155,7 @@ struct ifaddr * ifa_ifwithdstaddr(struct sockaddr *addr) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; struct ifaddr *ifa; @@ -1172,6 +1184,7 @@ struct ifaddr * ifa_ifwithnet(struct sockaddr *addr) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; struct ifaddr *ifa; struct ifaddr *ifa_maybe = (struct ifaddr *) 0; @@ -1415,6 +1428,7 @@ struct ifnet *ifp = (struct ifnet *)arg; int link_state = ifp->if_link_state; int link; + CURVNET_SET(ifp->if_vnet); /* Notify that the link state has changed. */ rt_ifmsg(ifp); @@ -1451,6 +1465,7 @@ if (log_link_state_change) log(LOG_NOTICE, "%s: link state changed to %s\n", ifp->if_xname, (link_state == LINK_STATE_UP) ? "UP" : "DOWN" ); + CURVNET_RESTORE(); } /* @@ -1517,12 +1532,15 @@ int s = splimp(); IFNET_RLOCK(); + VNET_ITERLOOP_BEGIN(); + INIT_VNET_NET(curvnet); TAILQ_FOREACH(ifp, &V_ifnet, if_link) { if (ifp->if_timer == 0 || --ifp->if_timer) continue; if (ifp->if_watchdog) (*ifp->if_watchdog)(ifp); } + VNET_ITERLOOP_END(); IFNET_RUNLOCK(); splx(s); timeout(if_slowtimo, (void *)0, hz / IFNET_SLOWHZ); @@ -1535,6 +1553,7 @@ struct ifnet * ifunit(const char *name) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; IFNET_RLOCK(); @@ -2107,6 +2126,7 @@ static int ifconf(u_long cmd, caddr_t data) { + INIT_VNET_NET(curvnet); struct ifconf *ifc = (struct ifconf *)data; #ifdef __amd64__ struct ifconf32 *ifc32 = (struct ifconf32 *)data; @@ -2466,6 +2486,7 @@ int lastref; #ifdef INVARIANTS struct ifnet *oifp; + INIT_VNET_NET(ifp->if_vnet); IFNET_RLOCK(); TAILQ_FOREACH(oifp, &V_ifnet, if_link) Index: sys/net/if_ethersubr.c =========================================================================== --- sys/net/if_ethersubr.c 2008/09/03 22:27:36 #154 +++ sys/net/if_ethersubr.c 2008/09/03 22:27:36 @@ -393,6 +393,7 @@ { int error; #if defined(INET) || defined(INET6) + INIT_VNET_NET(ifp->if_vnet); struct ip_fw *rule = ip_dn_claim_rule(m); if (IPFW_LOADED && V_ether_ipfw != 0) { @@ -424,6 +425,7 @@ ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst, struct ip_fw **rule, int shared) { + INIT_VNET_IPFW(dst->if_vnet); struct ether_header *eh; struct ether_header save_eh; struct mbuf *m; @@ -716,6 +718,7 @@ KASSERT(ifp != NULL, ("%s: NULL interface pointer", __func__)); #if defined(INET) || defined(INET6) + INIT_VNET_NET(ifp->if_vnet); /* * Allow dummynet and/or ipfw to claim the frame. * Do not do this for PROMISC frames in case we are re-entered. @@ -937,8 +940,8 @@ SYSCTL_DECL(_net_link); SYSCTL_NODE(_net_link, IFT_ETHER, ether, CTLFLAG_RW, 0, "Ethernet"); #if defined(INET) || defined(INET6) -SYSCTL_INT(_net_link_ether, OID_AUTO, ipfw, CTLFLAG_RW, - ðer_ipfw,0,"Pass ether pkts through firewall"); +SYSCTL_V_INT(V_NET, vnet_net, _net_link_ether, OID_AUTO, ipfw, CTLFLAG_RW, + ether_ipfw, 0, "Pass ether pkts through firewall"); #endif #if 0 Index: sys/net/if_faith.c =========================================================================== --- sys/net/if_faith.c 2008/09/03 22:27:36 #38 +++ sys/net/if_faith.c 2008/09/03 22:27:36 @@ -324,6 +324,7 @@ faithprefix(in6) struct in6_addr *in6; { + INIT_VNET_INET6(curvnet); struct rtentry *rt; struct sockaddr_in6 sin6; int ret; Index: sys/net/if_gif.c =========================================================================== --- sys/net/if_gif.c 2008/09/03 22:27:36 #59 +++ sys/net/if_gif.c 2008/09/03 22:27:36 @@ -123,9 +123,17 @@ */ #define MAX_GIF_NEST 1 #endif -static int max_gif_nesting = MAX_GIF_NEST; -SYSCTL_INT(_net_link_gif, OID_AUTO, max_nesting, CTLFLAG_RW, - &max_gif_nesting, 0, "Max nested tunnels"); +#ifndef VIMAGE +static int max_gif_nesting; +#endif +SYSCTL_V_INT(V_NET, vnet_gif, _net_link_gif, OID_AUTO, max_nesting, + CTLFLAG_RW, max_gif_nesting, 0, "Max nested tunnels"); + +#ifdef INET6 +SYSCTL_DECL(_net_inet6_ip6); +SYSCTL_V_INT(V_NET, vnet_gif, _net_inet6_ip6, IPV6CTL_GIF_HLIM, + gifhlim, CTLFLAG_RW, ip6_gif_hlim, 0, ""); +#endif /* * By default, we disallow creation of multiple tunnels between the same @@ -137,8 +145,8 @@ #else static int parallel_tunnels = 0; #endif -SYSCTL_INT(_net_link_gif, OID_AUTO, parallel_tunnels, CTLFLAG_RW, - ¶llel_tunnels, 0, "Allow parallel tunnels?"); +SYSCTL_V_INT(V_NET, vnet_gif, _net_link_gif, OID_AUTO, parallel_tunnels, + CTLFLAG_RW, parallel_tunnels, 0, "Allow parallel tunnels?"); /* copy from src/sys/net/if_ethersubr.c */ static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] = @@ -154,6 +162,7 @@ int unit; caddr_t params; { + INIT_VNET_GIF(curvnet); struct gif_softc *sc; sc = malloc(sizeof(struct gif_softc), M_GIF, M_WAITOK | M_ZERO); @@ -364,6 +373,7 @@ struct sockaddr *dst; struct rtentry *rt; /* added in net2 */ { + INIT_VNET_GIF(ifp->if_vnet); struct gif_softc *sc = ifp->if_softc; struct m_tag *mtag; int error = 0; @@ -854,6 +864,7 @@ struct sockaddr *src; struct sockaddr *dst; { + INIT_VNET_GIF(ifp->if_vnet); struct gif_softc *sc = ifp->if_softc; struct gif_softc *sc2; struct sockaddr *osrc, *odst, *sa; Index: sys/net/if_gif.h =========================================================================== --- sys/net/if_gif.h 2008/09/03 22:27:36 #16 +++ sys/net/if_gif.h 2008/09/03 22:27:36 @@ -110,6 +110,29 @@ void gif_delete_tunnel(struct ifnet *); int gif_encapcheck(const struct mbuf *, int, int, void *); +/* + * Virtualization support + */ + +#define INIT_VNET_GIF(vnet) \ + INIT_FROM_VNET(vnet, VNET_MOD_GIF, struct vnet_gif, vnet_gif) + +#define VNET_GIF(sym) VSYM(vnet_gif, sym) + +struct vnet_gif { + LIST_HEAD(, gif_softc) _gif_softc_list; + int _max_gif_nesting; + int _parallel_tunnels; + int _ip_gif_ttl; + int _ip6_gif_hlim; +}; + +#define V_gif_softc_list VNET_GIF(gif_softc_list) +#define V_max_gif_nesting VNET_GIF(max_gif_nesting) +#define V_parallel_tunnels VNET_GIF(parallel_tunnels) +#define V_ip_gif_ttl VNET_GIF(ip_gif_ttl) +#define V_ip6_gif_hlim VNET_GIF(ip6_gif_hlim) + #endif /* _KERNEL */ #endif /* _NET_IF_GIF_H_ */ Index: sys/net/if_gre.c =========================================================================== --- sys/net/if_gre.c 2008/09/03 22:27:36 #52 +++ sys/net/if_gre.c 2008/09/03 22:27:36 @@ -241,6 +241,9 @@ gre_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, struct rtentry *rt) { +#ifdef INET6 + INIT_VNET_INET(ifp->if_vnet); +#endif int error = 0; struct gre_softc *sc = ifp->if_softc; struct greip *gh; Index: sys/net/if_loop.c =========================================================================== --- sys/net/if_loop.c 2008/09/03 22:27:36 #59 +++ sys/net/if_loop.c 2008/09/03 22:27:36 @@ -115,6 +115,7 @@ static int lo_clone_create(struct if_clone *ifc, int unit, caddr_t params) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; ifp = if_alloc(IFT_LOOP); @@ -214,6 +215,7 @@ int if_simloop(struct ifnet *ifp, struct mbuf *m, int af, int hlen) { + INIT_VNET_NET(ifp->if_vnet); int isr; M_ASSERTPKTHDR(m); Index: sys/net/if_mib.c =========================================================================== --- sys/net/if_mib.c 2008/09/03 22:27:36 #10 +++ sys/net/if_mib.c 2008/09/03 22:27:36 @@ -65,12 +65,15 @@ SYSCTL_DECL(_net_link_generic); SYSCTL_NODE(_net_link_generic, IFMIB_SYSTEM, system, CTLFLAG_RW, 0, "Variables global to all interfaces"); -SYSCTL_INT(_net_link_generic_system, IFMIB_IFCOUNT, ifcount, CTLFLAG_RD, - &if_index, 0, "Number of configured interfaces"); + +SYSCTL_V_INT(V_NET, vnet_net, _net_link_generic_system, IFMIB_IFCOUNT, + ifcount, CTLFLAG_RD, if_index, 0, + "Number of configured interfaces"); static int sysctl_ifdata(SYSCTL_HANDLER_ARGS) /* XXX bad syntax! */ { + INIT_VNET_NET(curvnet); int *name = (int *)arg1; int error; u_int namelen = arg2; Index: sys/net/if_stf.c =========================================================================== --- sys/net/if_stf.c 2008/09/03 22:27:36 #55 +++ sys/net/if_stf.c 2008/09/03 22:27:36 @@ -365,6 +365,7 @@ stf_getsrcifa6(ifp) struct ifnet *ifp; { + INIT_VNET_INET(ifp->if_vnet); struct ifaddr *ia; struct in_ifaddr *ia4; struct sockaddr_in6 *sin6; @@ -560,6 +561,7 @@ struct in_addr *in; struct ifnet *inifp; /* incoming interface */ { + INIT_VNET_INET(curvnet); struct in_ifaddr *ia4; /* Index: sys/net/if_tun.c =========================================================================== --- sys/net/if_tun.c 2008/09/03 22:27:36 #70 +++ sys/net/if_tun.c 2008/09/03 22:27:36 @@ -43,6 +43,7 @@ #include #include #include +#include #include #include @@ -224,6 +225,7 @@ else append_unit = 0; + CURVNET_SET(TD_TO_VNET(curthread)); /* find any existing device, or allocate new unit number */ i = clone_create(&tunclones, &tun_cdevsw, &u, dev, 0); if (i) { @@ -242,6 +244,7 @@ } if_clone_create(name, namelen, NULL); + CURVNET_RESTORE(); } static void @@ -253,6 +256,7 @@ KASSERT((tp->tun_flags & TUN_OPEN) == 0, ("tununits is out of sync - unit %d", TUN2IFP(tp)->if_dunit)); + CURVNET_SET(TUN2IFP(tp)->if_vnet); dev = tp->tun_dev; bpfdetach(TUN2IFP(tp)); if_detach(TUN2IFP(tp)); @@ -261,6 +265,7 @@ knlist_destroy(&tp->tun_rsel.si_note); mtx_destroy(&tp->tun_mtx); free(tp, M_TUN); + CURVNET_RESTORE(); } static void @@ -447,6 +452,7 @@ /* * junk all pending output */ + CURVNET_SET(ifp->if_vnet); s = splimp(); IFQ_PURGE(&ifp->if_snd); splx(s); @@ -476,6 +482,7 @@ ifp->if_drv_flags &= ~IFF_DRV_RUNNING; splx(s); } + CURVNET_RESTORE(); funsetown(&tp->tun_sigio); selwakeuppri(&tp->tun_rsel, PZERO + 1); @@ -924,7 +931,9 @@ random_harvest(m, 16, 3, 0, RANDOM_NET); ifp->if_ibytes += m->m_pkthdr.len; ifp->if_ipackets++; + CURVNET_SET(ifp->if_vnet); netisr_dispatch(isr, m); + CURVNET_RESTORE(); return (0); } Index: sys/net/if_var.h =========================================================================== --- sys/net/if_var.h 2008/09/03 22:27:36 #88 +++ sys/net/if_var.h 2008/09/03 22:27:36 @@ -713,6 +713,8 @@ int ether_poll_deregister(struct ifnet *ifp); #endif /* DEVICE_POLLING */ +#include + #endif /* _KERNEL */ #endif /* !_NET_IF_VAR_H_ */ Index: sys/net/if_vlan.c =========================================================================== --- sys/net/if_vlan.c 2008/09/03 22:27:36 #101 +++ sys/net/if_vlan.c 2008/09/03 22:27:36 @@ -422,6 +422,8 @@ sc = ifp->if_softc; ifp_p = PARENT(sc); + CURVNET_SET_QUIET(ifp_p->if_vnet); + bzero((char *)&sdl, sizeof(sdl)); sdl.sdl_len = sizeof(sdl); sdl.sdl_family = AF_LINK; @@ -456,6 +458,7 @@ return (error); } + CURVNET_RESTORE(); return (0); } @@ -573,6 +576,7 @@ static struct ifnet * vlan_clone_match_ethertag(struct if_clone *ifc, const char *name, int *tag) { + INIT_VNET_NET(curvnet); const char *cp; struct ifnet *ifp; int t = 0; Index: sys/net/raw_cb.c =========================================================================== --- sys/net/raw_cb.c 2008/09/03 22:27:36 #25 +++ sys/net/raw_cb.c 2008/09/03 22:27:36 @@ -44,6 +44,7 @@ #include #include +#include #include /* @@ -75,6 +76,7 @@ int raw_attach(struct socket *so, int proto) { + INIT_VNET_NET(so->so_vnet); struct rawcb *rp = sotorawcb(so); int error; Index: sys/net/raw_usrreq.c =========================================================================== --- sys/net/raw_usrreq.c 2008/09/03 22:27:36 #29 +++ sys/net/raw_usrreq.c 2008/09/03 22:27:36 @@ -46,6 +46,7 @@ #include #include +#include #include MTX_SYSINIT(rawcb_mtx, &rawcb_mtx, "rawcb", MTX_DEF); @@ -56,6 +57,7 @@ void raw_init(void) { + INIT_VNET_NET(curvnet); LIST_INIT(&V_rawcb_list); } @@ -70,6 +72,7 @@ void raw_input(struct mbuf *m0, struct sockproto *proto, struct sockaddr *src) { + INIT_VNET_NET(curvnet); struct rawcb *rp; struct mbuf *m = m0; struct socket *last; Index: sys/net/route.c =========================================================================== --- sys/net/route.c 2008/09/03 22:27:36 #72 +++ sys/net/route.c 2008/09/03 22:27:36 @@ -278,6 +278,7 @@ u_int fibnum) { struct radix_node_head *rnh; + INIT_VNET_NET(curvnet); struct rtentry *rt; struct radix_node *rn; struct rtentry *newrt; @@ -382,6 +383,7 @@ void rtfree(struct rtentry *rt) { + INIT_VNET_NET(curvnet); struct radix_node_head *rnh; KASSERT(rt != NULL,("%s: NULL rt", __func__)); @@ -482,6 +484,7 @@ struct sockaddr *src, u_int fibnum) { + INIT_VNET_NET(curvnet); struct rtentry *rt, *rt0 = NULL; int error = 0; short *stat = NULL; @@ -788,6 +791,7 @@ int rtexpunge(struct rtentry *rt) { + INIT_VNET_NET(curvnet); struct radix_node *rn; struct radix_node_head *rnh; struct ifaddr *ifa; @@ -879,6 +883,7 @@ rtrequest1_fib(int req, struct rt_addrinfo *info, struct rtentry **ret_nrt, u_int fibnum) { + INIT_VNET_NET(curvnet); int error = 0; register struct rtentry *rt; register struct radix_node *rn; @@ -1309,6 +1314,7 @@ int rt_setgate(struct rtentry *rt, struct sockaddr *dst, struct sockaddr *gate) { + INIT_VNET_NET(curvnet); /* XXX dst may be overwritten, can we move this to below */ struct radix_node_head *rnh = V_rt_tables[rt->rt_fibnum][dst->sa_family]; @@ -1451,6 +1457,7 @@ static inline int rtinit1(struct ifaddr *ifa, int cmd, int flags, int fibnum) { + INIT_VNET_NET(curvnet); struct sockaddr *dst; struct sockaddr *netmask; struct rtentry *rt = NULL; Index: sys/net/rtsock.c =========================================================================== --- sys/net/rtsock.c 2008/09/03 22:27:36 #94 +++ sys/net/rtsock.c 2008/09/03 22:27:36 @@ -314,6 +314,7 @@ route_output(struct mbuf *m, struct socket *so) { #define sa_equal(a1, a2) (bcmp((a1), (a2), (a1)->sa_len) == 0) + INIT_VNET_NET(so->so_vnet); struct rt_msghdr *rtm = NULL; struct rtentry *rt = NULL; struct radix_node_head *rnh; @@ -1075,6 +1076,7 @@ static void rt_dispatch(struct mbuf *m, const struct sockaddr *sa) { + INIT_VNET_NET(curvnet); struct m_tag *tag; /* @@ -1138,6 +1140,7 @@ static int sysctl_iflist(int af, struct walkarg *w) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; struct ifaddr *ifa; struct rt_addrinfo info; @@ -1198,6 +1201,7 @@ int sysctl_ifmalist(int af, struct walkarg *w) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; struct ifmultiaddr *ifma; struct rt_addrinfo info; @@ -1247,6 +1251,7 @@ static int sysctl_rtsock(SYSCTL_HANDLER_ARGS) { + INIT_VNET_NET(curvnet); int *name = (int *)arg1; u_int namelen = arg2; struct radix_node_head *rnh; Index: sys/net/vnet.h =========================================================================== *** /dev/null Wed Sep 3 22:22:00 2008 --- sys/net/vnet.h Wed Sep 3 22:27:39 2008 *************** *** 0 **** --- 1,100 ---- + /*- + * Copyright (c) 2006-2008 University of Zagreb + * Copyright (c) 2006-2008 FreeBSD Foundation + * + * This software was developed by the University of Zagreb and the + * FreeBSD Foundation under sponsorship by the Stichting NLnet and the + * FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + + #ifndef _NET_VNET_H_ + #define _NET_VNET_H_ + + + #ifdef VIMAGE + #include "opt_route.h" + + #include + #include + #include + + #include + #include + #include + #include + + + /* calculate this the same as in route.c */ + #ifndef ROUTETABLES + #define RT_MAXFIBS 1 + #else + #define RT_MAXFIBS 16 + #endif + + struct vnet_net { + int _if_index; + struct ifindex_entry *_ifindex_table; + struct ifnethead _ifnet; + struct ifgrouphead _ifg_head; + + int _if_indexlim; + struct knlist _ifklist; + + struct rtstat _rtstat; + struct radix_node_head *_rt_tables[RT_MAXFIBS][AF_MAX+1]; + int _rttrash; + + struct ifnet *_loif; + LIST_HEAD(, lo_softc) _lo_list; + + LIST_HEAD(, rawcb) _rawcb_list; + + int _ether_ipfw; + }; + + #endif + + /* + * Symbol translation macros + */ + #define INIT_VNET_NET(vnet) \ + INIT_FROM_VNET(vnet, VNET_MOD_NET, struct vnet_net, vnet_net) + + #define VNET_NET(sym) VSYM(vnet_net, sym) + + #define V_if_index VNET_NET(if_index) + #define V_ifindex_table VNET_NET(ifindex_table) + #define V_ifnet VNET_NET(ifnet) + #define V_ifg_head VNET_NET(ifg_head) + #define V_if_indexlim VNET_NET(if_indexlim) + #define V_ifklist VNET_NET(ifklist) + #define V_rtstat VNET_NET(rtstat) + #define V_rt_tables VNET_NET(rt_tables) + #define V_rttrash VNET_NET(rttrash) + #define V_loif VNET_NET(loif) + #define V_lo_list VNET_NET(lo_list) + #define V_rawcb_list VNET_NET(rawcb_list) + #define V_ether_ipfw VNET_NET(ether_ipfw) + + #endif /* !_NET_VNET_H_ */ Index: sys/netgraph/netgraph.h =========================================================================== --- sys/netgraph/netgraph.h 2008/09/03 22:27:36 #43 +++ sys/netgraph/netgraph.h 2008/09/03 22:27:36 @@ -1183,4 +1183,6 @@ #define NGI_GET_META(i,m) #define ng_copy_meta(meta) NULL +#include + #endif /* _NETGRAPH_NETGRAPH_H_ */ Index: sys/netgraph/ng_base.c =========================================================================== --- sys/netgraph/ng_base.c 2008/09/03 22:27:36 #108 +++ sys/netgraph/ng_base.c 2008/09/03 22:27:36 @@ -167,7 +167,6 @@ /* Hash related definitions */ /* XXX Don't need to initialise them because it's a LIST */ -#define NG_ID_HASH_SIZE 128 /* most systems wont need even this many */ static LIST_HEAD(, ng_node) ng_ID_hash[NG_ID_HASH_SIZE]; static struct mtx ng_idhash_mtx; /* Method to find a node.. used twice so do it here */ @@ -612,6 +611,7 @@ int ng_make_node_common(struct ng_type *type, node_p *nodepp) { + INIT_VNET_NETGRAPH(curvnet); node_p node; /* Require the node type to have been already installed */ @@ -793,6 +793,7 @@ static node_p ng_ID2noderef(ng_ID_t ID) { + INIT_VNET_NETGRAPH(curvnet); node_p node; mtx_lock(&ng_idhash_mtx); NG_IDHASH_FIND(ID, node); @@ -818,6 +819,7 @@ int ng_name_node(node_p node, const char *name) { + INIT_VNET_NETGRAPH(curvnet); int i, hash; node_p node2; @@ -868,6 +870,7 @@ node_p ng_name2noderef(node_p here, const char *name) { + INIT_VNET_NETGRAPH(curvnet); node_p node; ng_ID_t temp; int hash; @@ -2416,6 +2419,7 @@ static int ng_generic_msg(node_p here, item_p item, hook_p lasthook) { + INIT_VNET_NETGRAPH(curvnet); int error = 0; struct ng_mesg *msg; struct ng_mesg *resp = NULL; Index: sys/netgraph/ng_eiface.c =========================================================================== --- sys/netgraph/ng_eiface.c 2008/09/03 22:27:36 #38 +++ sys/netgraph/ng_eiface.c 2008/09/03 22:27:36 @@ -333,6 +333,7 @@ static int ng_eiface_constructor(node_p node) { + INIT_VNET_NETGRAPH(curvnet); struct ifnet *ifp; priv_p priv; u_char eaddr[6] = {0,0,0,0,0,0}; @@ -545,11 +546,14 @@ static int ng_eiface_rmnode(node_p node) { + INIT_VNET_NETGRAPH(curvnet); const priv_p priv = NG_NODE_PRIVATE(node); struct ifnet *const ifp = priv->ifp; + CURVNET_SET_QUIET(ifp->if_vnet); ether_ifdetach(ifp); if_free(ifp); + CURVNET_RESTORE(); free_unr(V_ng_eiface_unit, priv->unit); FREE(priv, M_NETGRAPH); NG_NODE_SET_PRIVATE(node, NULL); Index: sys/netgraph/ng_iface.c =========================================================================== --- sys/netgraph/ng_iface.c 2008/09/03 22:27:36 #34 +++ sys/netgraph/ng_iface.c 2008/09/03 22:27:36 @@ -506,6 +506,7 @@ static int ng_iface_constructor(node_p node) { + INIT_VNET_NETGRAPH(curvnet); struct ifnet *ifp; priv_p priv; @@ -766,11 +767,14 @@ static int ng_iface_shutdown(node_p node) { + INIT_VNET_NETGRAPH(curvnet); const priv_p priv = NG_NODE_PRIVATE(node); + CURVNET_SET_QUIET(priv->ifp->if_vnet); bpfdetach(priv->ifp); if_detach(priv->ifp); if_free(priv->ifp); + CURVNET_RESTORE(); priv->ifp = NULL; free_unr(V_ng_iface_unit, priv->unit); FREE(priv, M_NETGRAPH_IFACE); Index: sys/netgraph/vnetgraph.h =========================================================================== *** /dev/null Wed Sep 3 22:22:00 2008 --- sys/netgraph/vnetgraph.h Wed Sep 3 22:27:40 2008 *************** *** 0 **** --- 1,66 ---- + /*- + * Copyright (c) 2006-2008 University of Zagreb + * Copyright (c) 2006-2008 FreeBSD Foundation + * + * This software was developed by the University of Zagreb and the + * FreeBSD Foundation under sponsorship by the Stichting NLnet and the + * FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + + #ifndef _NETGRAPH_VNETGRPAH_H_ + #define _NETGRAPH_VNETGRAPH_H_ + + #include + + #define INIT_VNET_NETGRAPH(vnet) \ + INIT_FROM_VNET(vnet, VNET_MOD_NETGRAPH, \ + struct vnet_netgraph, vnet_netgraph) + + #define VNET_NETGRAPH(sym) VSYM(vnet_netgraph, sym) + + #define NG_ID_HASH_SIZE 32 /* most systems wont need even this many */ + #define NG_NAME_HASH_SIZE 128 /* most systems wont need even this many */ + + #ifdef VIMAGE + struct vnet_netgraph { + LIST_HEAD(, ng_node) _ng_ID_hash[NG_ID_HASH_SIZE]; + LIST_HEAD(, ng_node) _ng_name_hash[NG_ID_HASH_SIZE]; + LIST_HEAD(, ng_node) _ng_nodelist; + ng_ID_t _nextID; + struct unrhdr *_ng_iface_unit; + struct unrhdr *_ng_eiface_unit; + struct unrhdr *_ng_wormhole_unit; + }; + #endif + + /* Symbol translation macros */ + #define V_ng_ID_hash VNET_NETGRAPH(ng_ID_hash) + #define V_ng_name_hash VNET_NETGRAPH(ng_name_hash) + #define V_ng_nodelist VNET_NETGRAPH(ng_nodelist) + #define V_nextID VNET_NETGRAPH(nextID) + #define V_ng_iface_unit VNET_NETGRAPH(ng_iface_unit) + #define V_ng_eiface_unit VNET_NETGRAPH(ng_eiface_unit) + #define V_ng_wormhole_unit VNET_NETGRAPH(ng_wormhole_unit) + + #endif /* !_NETGRAPH_VNETGRAPH_H_ */ Index: sys/netinet/if_ether.c =========================================================================== --- sys/netinet/if_ether.c 2008/09/03 22:27:36 #95 +++ sys/netinet/if_ether.c 2008/09/03 22:27:36 @@ -103,12 +103,15 @@ static int useloopback = 1; /* use loopback interface for local traffic */ static int arp_proxyall = 0; -SYSCTL_INT(_net_link_ether_inet, OID_AUTO, maxtries, CTLFLAG_RW, - &arp_maxtries, 0, "ARP resolution attempts before returning error"); -SYSCTL_INT(_net_link_ether_inet, OID_AUTO, useloopback, CTLFLAG_RW, - &useloopback, 0, "Use the loopback interface for local traffic"); -SYSCTL_INT(_net_link_ether_inet, OID_AUTO, proxyall, CTLFLAG_RW, - &arp_proxyall, 0, "Enable proxy ARP for all suitable requests"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_link_ether_inet, OID_AUTO, maxtries, + CTLFLAG_RW, arp_maxtries, 0, + "ARP resolution attempts before returning error"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_link_ether_inet, OID_AUTO, useloopback, + CTLFLAG_RW, useloopback, 0, + "Use the loopback interface for local traffic"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_link_ether_inet, OID_AUTO, proxyall, + CTLFLAG_RW, arp_proxyall, 0, + "Enable proxy ARP for all suitable requests"); static void arp_init(void); static void arp_rtrequest(int, struct rtentry *, struct rt_addrinfo *); @@ -149,6 +152,8 @@ static void arp_rtrequest(int req, struct rtentry *rt, struct rt_addrinfo *info) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET(curvnet); struct sockaddr *gate; struct llinfo_arp *la; static struct sockaddr_dl null_sdl = {sizeof(null_sdl), AF_LINK}; @@ -360,6 +365,7 @@ arpresolve(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m, struct sockaddr *dst, u_char *desten) { + INIT_VNET_INET(ifp->if_vnet); struct llinfo_arp *la = NULL; struct rtentry *rt = NULL; struct sockaddr_dl *sdl; @@ -603,7 +609,8 @@ sin.sin_len = sizeof(struct sockaddr_in); sin.sin_family = AF_INET; sin.sin_addr.s_addr = 0; - + INIT_VNET_INET(ifp->if_vnet); + if (ifp->if_bridge) bridged = 1; if (ifp->if_type == IFT_BRIDGE) Index: sys/netinet/igmp.c =========================================================================== --- sys/netinet/igmp.c 2008/09/03 22:27:36 #26 +++ sys/netinet/igmp.c 2008/09/03 22:27:36 @@ -82,8 +82,8 @@ static struct igmpstat igmpstat; -SYSCTL_STRUCT(_net_inet_igmp, IGMPCTL_STATS, stats, CTLFLAG_RW, &igmpstat, - igmpstat, ""); +SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_igmp, IGMPCTL_STATS, + stats, CTLFLAG_RW, igmpstat, igmpstat, ""); /* * igmp_mtx protects all mutable global variables in igmp.c, as well as the @@ -145,6 +145,7 @@ static struct router_info * find_rti(struct ifnet *ifp) { + INIT_VNET_INET(ifp->if_vnet); struct router_info *rti; mtx_assert(&igmp_mtx, MA_OWNED); @@ -183,6 +184,7 @@ struct in_multistep step; struct router_info *rti; int timer; /** timer value in the igmp query header **/ + INIT_VNET_INET(ifp->if_vnet); ++V_igmpstat.igps_rcv_total; @@ -445,6 +447,7 @@ IGMP_PRINTF("[igmp.c,_slowtimo] -- > entering \n"); mtx_lock(&igmp_mtx); + INIT_VNET_INET(vnet_iter); SLIST_FOREACH(rti, &V_router_info_head, rti_list) { if (rti->rti_type == IGMP_V1_ROUTER) { rti->rti_time++; @@ -459,6 +462,8 @@ static void igmp_sendpkt(struct in_multi *inm, int type, unsigned long addr) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET(curvnet); struct mbuf *m; struct igmp *igmp; struct ip *ip; Index: sys/netinet/in.c =========================================================================== --- sys/netinet/in.c 2008/09/03 22:27:36 #51 +++ sys/netinet/in.c 2008/09/03 22:27:36 @@ -67,11 +67,12 @@ static void in_purgemaddrs(struct ifnet *); static int subnetsarelocal = 0; -SYSCTL_INT(_net_inet_ip, OID_AUTO, subnets_are_local, CTLFLAG_RW, - &subnetsarelocal, 0, "Treat all subnets as directly connected"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, subnets_are_local, + CTLFLAG_RW, subnetsarelocal, 0, + "Treat all subnets as directly connected"); static int sameprefixcarponly = 0; -SYSCTL_INT(_net_inet_ip, OID_AUTO, same_prefix_carp_only, CTLFLAG_RW, - &sameprefixcarponly, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, same_prefix_carp_only, + CTLFLAG_RW, sameprefixcarponly, 0, "Refuse to create same prefixes on different interfaces"); extern struct inpcbinfo ripcbinfo; @@ -86,6 +87,7 @@ int in_localaddr(struct in_addr in) { + INIT_VNET_INET(curvnet); register u_long i = ntohl(in.s_addr); register struct in_ifaddr *ia; @@ -108,6 +110,7 @@ int in_localip(struct in_addr in) { + INIT_VNET_INET(curvnet); struct in_ifaddr *ia; LIST_FOREACH(ia, INADDR_HASH(in.s_addr), ia_hash) { @@ -200,6 +203,7 @@ in_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp, struct thread *td) { + INIT_VNET_INET(curvnet); /* so and ifp can be 0 ! */ register struct ifreq *ifr = (struct ifreq *)data; register struct in_ifaddr *ia = 0, *iap; register struct ifaddr *ifa; @@ -708,6 +712,7 @@ in_ifinit(struct ifnet *ifp, struct in_ifaddr *ia, struct sockaddr_in *sin, int scrub) { + INIT_VNET_INET(ifp->if_vnet); register u_long i = ntohl(sin->sin_addr.s_addr); struct sockaddr_in oldaddr; int s = splimp(), flags = RTF_UP, error = 0; @@ -810,6 +815,7 @@ static int in_addprefix(struct in_ifaddr *target, int flags) { + INIT_VNET_INET(curvnet); struct in_ifaddr *ia; struct in_addr prefix, mask, p, m; int error; @@ -870,6 +876,7 @@ static int in_scrubprefix(struct in_ifaddr *target) { + INIT_VNET_INET(curvnet); struct in_ifaddr *ia; struct in_addr prefix, mask, p; int error; @@ -976,6 +983,8 @@ static void in_purgemaddrs(struct ifnet *ifp) { + INIT_VNET_INET(ifp->if_vnet); + struct in_multi *inm; struct in_multi *oinm; @@ -998,6 +1007,7 @@ void in_ifdetach(struct ifnet *ifp) { + INIT_VNET_INET(ifp->if_vnet); in_pcbpurgeif0(&V_ripcbinfo, ifp); in_pcbpurgeif0(&V_udbinfo, ifp); Index: sys/netinet/in.h =========================================================================== --- sys/netinet/in.h 2008/09/03 22:27:36 #48 +++ sys/netinet/in.h 2008/09/03 22:27:36 @@ -743,4 +743,8 @@ #undef __KAME_NETINET_IN_H_INCLUDED_ #endif +#ifdef _KERNEL +#include +#endif + #endif /* !_NETINET_IN_H_*/ Index: sys/netinet/in_gif.c =========================================================================== --- sys/netinet/in_gif.c 2008/09/03 22:27:36 #30 +++ sys/netinet/in_gif.c 2008/09/03 22:27:36 @@ -45,7 +45,6 @@ #include #include #include - #include #include @@ -87,12 +86,13 @@ }; static int ip_gif_ttl = GIF_TTL; -SYSCTL_INT(_net_inet_ip, IPCTL_GIF_TTL, gifttl, CTLFLAG_RW, - &ip_gif_ttl, 0, ""); +SYSCTL_V_INT(V_NET, vnet_gif, _net_inet_ip, IPCTL_GIF_TTL, gifttl, + CTLFLAG_RW, ip_gif_ttl, 0, ""); int in_gif_output(struct ifnet *ifp, int family, struct mbuf *m) { + INIT_VNET_GIF(ifp->if_vnet); struct gif_softc *sc = ifp->if_softc; struct sockaddr_in *dst = (struct sockaddr_in *)&sc->gif_ro.ro_dst; struct sockaddr_in *sin_src = (struct sockaddr_in *)sc->gif_psrc; @@ -242,6 +242,7 @@ void in_gif_input(struct mbuf *m, int off) { + INIT_VNET_INET(curvnet); struct ifnet *gifp = NULL; struct gif_softc *sc; struct ip *ip; @@ -336,6 +337,7 @@ static int gif_validate4(const struct ip *ip, struct gif_softc *sc, struct ifnet *ifp) { + INIT_VNET_INET(curvnet); struct sockaddr_in *src, *dst; struct in_ifaddr *ia4; Index: sys/netinet/in_mcast.c =========================================================================== --- sys/netinet/in_mcast.c 2008/09/03 22:27:36 #6 +++ sys/netinet/in_mcast.c 2008/09/03 22:27:36 @@ -311,6 +311,7 @@ struct in_multi * in_addmulti(struct in_addr *ap, struct ifnet *ifp) { + INIT_VNET_INET(ifp->if_vnet); struct in_multi *inm; inm = NULL; @@ -463,6 +464,8 @@ static int inp_change_source_filter(struct inpcb *inp, struct sockopt *sopt) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET(curvnet); struct group_source_req gsr; sockunion_t *gsa, *ssa; struct ifnet *ifp; @@ -752,6 +755,7 @@ static int inp_get_source_filters(struct inpcb *inp, struct sockopt *sopt) { + INIT_VNET_NET(curvnet); struct __msfilterreq msfr; sockunion_t *gsa; struct ifnet *ifp; @@ -849,6 +853,7 @@ int inp_getmoptions(struct inpcb *inp, struct sockopt *sopt) { + INIT_VNET_INET(curvnet); struct ip_mreqn mreqn; struct ip_moptions *imo; struct ifnet *ifp; @@ -955,6 +960,8 @@ static int inp_join_group(struct inpcb *inp, struct sockopt *sopt) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET(curvnet); struct group_source_req gsr; sockunion_t *gsa, *ssa; struct ifnet *ifp; @@ -1211,6 +1218,8 @@ static int inp_leave_group(struct inpcb *inp, struct sockopt *sopt) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET(curvnet); struct group_source_req gsr; struct ip_mreq_source mreqs; sockunion_t *gsa, *ssa; @@ -1399,6 +1408,7 @@ static int inp_set_multicast_if(struct inpcb *inp, struct sockopt *sopt) { + INIT_VNET_NET(curvnet); struct in_addr addr; struct ip_mreqn mreqn; struct ifnet *ifp; @@ -1467,6 +1477,7 @@ static int inp_set_source_filters(struct inpcb *inp, struct sockopt *sopt) { + INIT_VNET_NET(curvnet); struct __msfilterreq msfr; sockunion_t *gsa; struct ifnet *ifp; Index: sys/netinet/in_pcb.c =========================================================================== --- sys/netinet/in_pcb.c 2008/09/03 22:27:36 #130 +++ sys/netinet/in_pcb.c 2008/09/03 22:27:36 @@ -136,30 +136,37 @@ SYSCTL_NODE(_net_inet_ip, IPPROTO_IP, portrange, CTLFLAG_RW, 0, "IP Ports"); -SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, lowfirst, CTLTYPE_INT|CTLFLAG_RW, - &ipport_lowfirstauto, 0, &sysctl_net_ipport_check, "I", ""); -SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, lowlast, CTLTYPE_INT|CTLFLAG_RW, - &ipport_lowlastauto, 0, &sysctl_net_ipport_check, "I", ""); -SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, first, CTLTYPE_INT|CTLFLAG_RW, - &ipport_firstauto, 0, &sysctl_net_ipport_check, "I", ""); -SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, last, CTLTYPE_INT|CTLFLAG_RW, - &ipport_lastauto, 0, &sysctl_net_ipport_check, "I", ""); -SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, hifirst, CTLTYPE_INT|CTLFLAG_RW, - &ipport_hifirstauto, 0, &sysctl_net_ipport_check, "I", ""); -SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, hilast, CTLTYPE_INT|CTLFLAG_RW, - &ipport_hilastauto, 0, &sysctl_net_ipport_check, "I", ""); -SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, reservedhigh, - CTLFLAG_RW|CTLFLAG_SECURE, &ipport_reservedhigh, 0, ""); -SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, reservedlow, - CTLFLAG_RW|CTLFLAG_SECURE, &ipport_reservedlow, 0, ""); -SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, randomized, CTLFLAG_RW, - &ipport_randomized, 0, "Enable random port allocation"); -SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, randomcps, CTLFLAG_RW, - &ipport_randomcps, 0, "Maximum number of random port " - "allocations before switching to a sequental one"); -SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, randomtime, CTLFLAG_RW, - &ipport_randomtime, 0, "Minimum time to keep sequental port " - "allocation before switching to a random one"); +SYSCTL_V_PROC(V_NET, vnet_inet, _net_inet_ip_portrange, OID_AUTO, + lowfirst, CTLTYPE_INT|CTLFLAG_RW, ipport_lowfirstauto, 0, + &sysctl_net_ipport_check, "I", ""); +SYSCTL_V_PROC(V_NET, vnet_inet, _net_inet_ip_portrange, OID_AUTO, + lowlast, CTLTYPE_INT|CTLFLAG_RW, ipport_lowlastauto, 0, + &sysctl_net_ipport_check, "I", ""); +SYSCTL_V_PROC(V_NET, vnet_inet, _net_inet_ip_portrange, OID_AUTO, + first, CTLTYPE_INT|CTLFLAG_RW, ipport_firstauto, 0, + &sysctl_net_ipport_check, "I", ""); +SYSCTL_V_PROC(V_NET, vnet_inet, _net_inet_ip_portrange, OID_AUTO, + last, CTLTYPE_INT|CTLFLAG_RW, ipport_lastauto, 0, + &sysctl_net_ipport_check, "I", ""); +SYSCTL_V_PROC(V_NET, vnet_inet, _net_inet_ip_portrange, OID_AUTO, + hifirst, CTLTYPE_INT|CTLFLAG_RW, ipport_hifirstauto, 0, + &sysctl_net_ipport_check, "I", ""); +SYSCTL_V_PROC(V_NET, vnet_inet, _net_inet_ip_portrange, OID_AUTO, + hilast, CTLTYPE_INT|CTLFLAG_RW, ipport_hilastauto, 0, + &sysctl_net_ipport_check, "I", ""); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip_portrange, OID_AUTO, + reservedhigh, CTLFLAG_RW|CTLFLAG_SECURE, ipport_reservedhigh, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip_portrange, OID_AUTO, reservedlow, + CTLFLAG_RW|CTLFLAG_SECURE, ipport_reservedlow, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip_portrange, OID_AUTO, randomized, + CTLFLAG_RW, ipport_randomized, 0, "Enable random port allocation"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip_portrange, OID_AUTO, randomcps, + CTLFLAG_RW, ipport_randomcps, 0, "Maximum number of random port " + "allocations before switching to a sequental one"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip_portrange, OID_AUTO, randomtime, + CTLFLAG_RW, ipport_randomtime, 0, + "Minimum time to keep sequental port " + "allocation before switching to a random one"); /* * in_pcb.c: manage the Protocol Control Blocks. @@ -176,6 +183,9 @@ int in_pcballoc(struct socket *so, struct inpcbinfo *pcbinfo) { +#ifdef INET6 + INIT_VNET_INET6(curvnet); +#endif struct inpcb *inp; int error; @@ -270,6 +280,7 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr *nam, in_addr_t *laddrp, u_short *lportp, struct ucred *cred) { + INIT_VNET_INET(inp->inp_vnet); struct socket *so = inp->inp_socket; unsigned short *lastport; struct sockaddr_in *sin; @@ -543,6 +554,7 @@ in_addr_t *laddrp, u_short *lportp, in_addr_t *faddrp, u_short *fportp, struct inpcb **oinpp, struct ucred *cred) { + INIT_VNET_INET(inp->inp_vnet); struct sockaddr_in *sin = (struct sockaddr_in *)nam; struct in_ifaddr *ia; struct sockaddr_in sa; @@ -1202,12 +1214,15 @@ ipport_tick(void *xtp) { + VNET_ITERLOOP_BEGIN(); + INIT_VNET_INET(curvnet); if (V_ipport_tcpallocs <= V_ipport_tcplastcount + V_ipport_randomcps) { if (V_ipport_stoprandom > 0) V_ipport_stoprandom--; } else V_ipport_stoprandom = V_ipport_randomtime; V_ipport_tcplastcount = V_ipport_tcpallocs; + VNET_ITERLOOP_END(); callout_reset(&ipport_tick_callout, hz, ipport_tick, NULL); } Index: sys/netinet/in_rmx.c =========================================================================== --- sys/netinet/in_rmx.c 2008/09/03 22:27:36 #21 +++ sys/netinet/in_rmx.c 2008/09/03 22:27:36 @@ -152,17 +152,19 @@ } static int rtq_reallyold = 60*60; /* one hour is "really old" */ -SYSCTL_INT(_net_inet_ip, IPCTL_RTEXPIRE, rtexpire, CTLFLAG_RW, - &rtq_reallyold, 0, "Default expiration time on dynamically learned routes"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_RTEXPIRE, rtexpire, + CTLFLAG_RW, rtq_reallyold, 0, + "Default expiration time on dynamically learned routes"); static int rtq_minreallyold = 10; /* never automatically crank down to less */ -SYSCTL_INT(_net_inet_ip, IPCTL_RTMINEXPIRE, rtminexpire, CTLFLAG_RW, - &rtq_minreallyold, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_RTMINEXPIRE, + rtminexpire, CTLFLAG_RW, rtq_minreallyold, 0, "Minimum time to attempt to hold onto dynamically learned routes"); static int rtq_toomany = 128; /* 128 cached routes is "too many" */ -SYSCTL_INT(_net_inet_ip, IPCTL_RTMAXCACHE, rtmaxcache, CTLFLAG_RW, - &rtq_toomany, 0, "Upper limit on dynamically learned routes"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_RTMAXCACHE, + rtmaxcache, CTLFLAG_RW, rtq_toomany, 0, + "Upper limit on dynamically learned routes"); /* * On last reference drop, mark the route as belong to us so that it can be @@ -171,6 +173,7 @@ static void in_clsroute(struct radix_node *rn, struct radix_node_head *head) { + INIT_VNET_INET(curvnet); struct rtentry *rt = (struct rtentry *)rn; RT_LOCK_ASSERT(rt); @@ -216,6 +219,7 @@ static int in_rtqkill(struct radix_node *rn, void *rock) { + INIT_VNET_INET(curvnet); struct rtqk_arg *ap = rock; struct rtentry *rt = (struct rtentry *)rn; int err; @@ -347,6 +351,7 @@ int in_inithead(void **head, int off) { + INIT_VNET_INET(curvnet); struct radix_node_head *rnh; /* XXX MRT @@ -416,6 +421,7 @@ int in_ifadown(struct ifaddr *ifa, int delete) { + INIT_VNET_NET(curvnet); struct in_ifadown_arg arg; struct radix_node_head *rnh; int fibnum; Index: sys/netinet/ip6.h =========================================================================== --- sys/netinet/ip6.h 2008/09/03 22:27:36 #12 +++ sys/netinet/ip6.h 2008/09/03 22:27:36 @@ -346,6 +346,9 @@ } \ } \ } while (/*CONSTCOND*/ 0) + +#include + #endif /*_KERNEL*/ #endif /* not _NETINET_IP6_H_ */ Index: sys/netinet/ip_carp.c =========================================================================== --- sys/netinet/ip_carp.c 2008/09/03 22:27:36 #56 +++ sys/netinet/ip_carp.c 2008/09/03 22:27:36 @@ -914,6 +914,7 @@ ch.carp_cksum = 0; #ifdef INET + INIT_VNET_INET(curvnet); if (sc->sc_ia) { struct ip *ip; @@ -1452,6 +1453,7 @@ static int carp_set_addr(struct carp_softc *sc, struct sockaddr_in *sin) { + INIT_VNET_INET(curvnet); struct ifnet *ifp; struct carp_if *cif; struct in_ifaddr *ia, *ia_if; @@ -1617,6 +1619,7 @@ static int carp_set_addr6(struct carp_softc *sc, struct sockaddr_in6 *sin6) { + INIT_VNET_INET6(curvnet); struct ifnet *ifp; struct carp_if *cif; struct in6_ifaddr *ia, *ia_if; Index: sys/netinet/ip_fastfwd.c =========================================================================== --- sys/netinet/ip_fastfwd.c 2008/09/03 22:27:36 #43 +++ sys/netinet/ip_fastfwd.c 2008/09/03 22:27:36 @@ -107,12 +107,13 @@ #include static int ipfastforward_active = 0; -SYSCTL_INT(_net_inet_ip, OID_AUTO, fastforwarding, CTLFLAG_RW, - &ipfastforward_active, 0, "Enable fast IP forwarding"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, fastforwarding, + CTLFLAG_RW, ipfastforward_active, 0, "Enable fast IP forwarding"); static struct sockaddr_in * ip_findroute(struct route *ro, struct in_addr dest, struct mbuf *m) { + INIT_VNET_INET(curvnet); struct sockaddr_in *dst; struct rtentry *rt; @@ -156,6 +157,7 @@ struct mbuf * ip_fastforward(struct mbuf *m) { + INIT_VNET_INET(curvnet); struct ip *ip; struct mbuf *m0 = NULL; struct route ro; Index: sys/netinet/ip_fw.h =========================================================================== --- sys/netinet/ip_fw.h 2008/09/03 22:27:36 #58 +++ sys/netinet/ip_fw.h 2008/09/03 22:27:36 @@ -28,6 +28,9 @@ #ifndef _IPFW2_H #define _IPFW2_H +#include +#include + /* * The kernel representation of ipfw rules is made of a list of * 'instructions' (for all practical purposes equivalent to BPF @@ -549,6 +552,39 @@ * Main firewall chains definitions and global var's definitions. */ #ifdef _KERNEL +#ifdef NOTYET /* still in ip_fw2.c */ + +/* + * Data structure to cache our ucred related + * information. This structure only gets used if + * the user specified UID/GID based constraints in + * a firewall rule. + */ +struct ip_fw_ugid { + gid_t fw_groups[NGROUPS]; + int fw_ngroups; + uid_t fw_uid; + int fw_prid; +}; +#endif + + +#define IPFW_TABLES_MAX 128 +struct ip_fw_chain { + struct ip_fw *rules; /* list of rules */ + struct ip_fw *reap; /* list of rules to reap */ + LIST_HEAD(, cfg_nat) nat; /* list of nat entries */ + struct radix_node_head *tables[IPFW_TABLES_MAX]; + struct rwlock rwmtx; +}; + +#ifdef NOTYET /* still in ip_fw2.c */ +struct table_entry { + struct radix_node rn[2]; + struct sockaddr_in addr, mask; + u_int32_t value; +}; +#endif /* Return values from ipfw_chk() */ enum { @@ -616,14 +652,20 @@ int ipfw_init(void); void ipfw_destroy(void); +#ifdef NOTYET +void ipfw_nat_destroy(void); +#endif typedef int ip_fw_ctl_t(struct sockopt *); extern ip_fw_ctl_t *ip_fw_ctl_ptr; + +#ifndef VIMAGE extern int fw_one_pass; extern int fw_enable; #ifdef INET6 extern int fw6_enable; #endif +#endif /* For kernel ipfw_ether and ipfw_bridge. */ typedef int ip_fw_chk_t(struct ip_fw_args *args); @@ -632,14 +674,6 @@ #ifdef IPFW_INTERNAL -#define IPFW_TABLES_MAX 128 -struct ip_fw_chain { - struct ip_fw *rules; /* list of rules */ - struct ip_fw *reap; /* list of rules to reap */ - LIST_HEAD(, cfg_nat) nat; /* list of nat entries */ - struct radix_node_head *tables[IPFW_TABLES_MAX]; - struct rwlock rwmtx; -}; #define IPFW_LOCK_INIT(_chain) \ rw_init(&(_chain)->rwmtx, "IPFW static rules") #define IPFW_LOCK_DESTROY(_chain) rw_destroy(&(_chain)->rwmtx) @@ -662,5 +696,91 @@ typedef int ipfw_nat_cfg_t(struct sockopt *); #endif +/* + * Stack virtualization support. + */ +#ifdef VIMAGE +struct vnet_ipfw { + int _fw_one_pass; + int _fw_enable; + int _fw6_enable; + + u_int32_t _set_disable; + int _fw_deny_unknown_exthdrs; + int _fw_verbose; + int _verbose_limit; + int _fw_debug; + int _autoinc_step; + + ipfw_dyn_rule **_ipfw_dyn_v; + struct ip_fw_chain _layer3_chain; + u_int32_t _dyn_buckets; + u_int32_t _curr_dyn_buckets; + + u_int32_t _dyn_ack_lifetime; + u_int32_t _dyn_syn_lifetime; + u_int32_t _dyn_fin_lifetime; + u_int32_t _dyn_rst_lifetime; + u_int32_t _dyn_udp_lifetime; + u_int32_t _dyn_short_lifetime; + u_int32_t _dyn_keepalive_interval; + u_int32_t _dyn_keepalive_period; + u_int32_t _dyn_keepalive; + u_int32_t _static_count; + u_int32_t _static_len; + u_int32_t _dyn_count; + u_int32_t _dyn_max; + + u_int64_t _norule_counter; + + struct callout _ipfw_timeout; + eventhandler_tag _ifaddr_event_tag; +}; +#endif + +/* + * Symbol translation macros + */ + +#define INIT_VNET_IPFW(vnet) \ + INIT_FROM_VNET(vnet, VNET_MOD_IPFW, struct vnet_ipfw, vnet_ipfw) + +#define VNET_IPFW(sym) VSYM(vnet_ipfw, sym) + +#define V_fw_one_pass VNET_IPFW(fw_one_pass) +#define V_fw_enable VNET_IPFW(fw_enable) +#define V_fw6_enable VNET_IPFW(fw6_enable) + +#define V_set_disable VNET_IPFW(set_disable) +#define V_fw_deny_unknown_exthdrs VNET_IPFW(fw_deny_unknown_exthdrs) +#define V_fw_verbose VNET_IPFW(fw_verbose) +#define V_verbose_limit VNET_IPFW(verbose_limit) + +#define V_fw_debug VNET_IPFW(fw_debug) +#define V_autoinc_step VNET_IPFW(autoinc_step) + +#define V_ipfw_dyn_v VNET_IPFW(ipfw_dyn_v) +#define V_layer3_chain VNET_IPFW(layer3_chain) +#define V_dyn_buckets VNET_IPFW(dyn_buckets) +#define V_curr_dyn_buckets VNET_IPFW(curr_dyn_buckets) + +#define V_dyn_ack_lifetime VNET_IPFW(dyn_ack_lifetime) +#define V_dyn_syn_lifetime VNET_IPFW(dyn_syn_lifetime) +#define V_dyn_fin_lifetime VNET_IPFW(dyn_fin_lifetime) +#define V_dyn_rst_lifetime VNET_IPFW(dyn_rst_lifetime) +#define V_dyn_udp_lifetime VNET_IPFW(dyn_udp_lifetime) +#define V_dyn_short_lifetime VNET_IPFW(dyn_short_lifetime) +#define V_dyn_keepalive_interval VNET_IPFW(dyn_keepalive_interval) +#define V_dyn_keepalive_period VNET_IPFW(dyn_keepalive_period) +#define V_dyn_keepalive VNET_IPFW(dyn_keepalive) +#define V_static_count VNET_IPFW(static_count) +#define V_static_len VNET_IPFW(static_len) +#define V_dyn_count VNET_IPFW(dyn_count) +#define V_dyn_max VNET_IPFW(dyn_max) + +#define V_norule_counter VNET_IPFW(norule_counter) +#define V_ipfw_timeout VNET_IPFW(ipfw_timeout) +#define V_ifaddr_event_tag VNET_IPFW(ifaddr_event_tag) + #endif /* _KERNEL */ #endif /* _IPFW2_H */ Index: sys/netinet/ip_fw2.c =========================================================================== --- sys/netinet/ip_fw2.c 2008/09/03 22:27:36 #188 +++ sys/netinet/ip_fw2.c 2008/09/03 22:27:36 @@ -164,22 +164,22 @@ #ifdef SYSCTL_NODE SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall"); -SYSCTL_PROC(_net_inet_ip_fw, OID_AUTO, enable, - CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3, &fw_enable, 0, +SYSCTL_V_PROC(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, enable, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3, fw_enable, 0, ipfw_chg_hook, "I", "Enable ipfw"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, autoinc_step, CTLFLAG_RW, - &autoinc_step, 0, "Rule number autincrement step"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, one_pass, - CTLFLAG_RW | CTLFLAG_SECURE3, - &fw_one_pass, 0, +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, autoinc_step, + CTLFLAG_RW, autoinc_step, 0, "Rule number autincrement step"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, one_pass, + CTLFLAG_RW | CTLFLAG_SECURE3, fw_one_pass, 0, "Only do a single pass through ipfw when using dummynet(4)"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, debug, CTLFLAG_RW, - &fw_debug, 0, "Enable printing of debug ip_fw statements"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose, +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, debug, CTLFLAG_RW, + fw_debug, 0, "Enable printing of debug ip_fw statements"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, verbose, CTLFLAG_RW | CTLFLAG_SECURE3, - &fw_verbose, 0, "Log matches to ipfw rules"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose_limit, CTLFLAG_RW, - &verbose_limit, 0, "Set upper limit of matches of ipfw rules logged"); + fw_verbose, 0, "Log matches to ipfw rules"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, verbose_limit, + CTLFLAG_RW, + verbose_limit, 0, "Set upper limit of matches of ipfw rules logged"); /* * Description of dynamic rules. @@ -256,30 +256,32 @@ static u_int32_t dyn_count; /* # of dynamic rules */ static u_int32_t dyn_max = 4096; /* max # of dynamic rules */ -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_buckets, CTLFLAG_RW, - &dyn_buckets, 0, "Number of dyn. buckets"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, curr_dyn_buckets, CTLFLAG_RD, - &curr_dyn_buckets, 0, "Current Number of dyn. buckets"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_count, CTLFLAG_RD, - &dyn_count, 0, "Number of dyn. rules"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_max, CTLFLAG_RW, - &dyn_max, 0, "Max number of dyn. rules"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, static_count, CTLFLAG_RD, - &static_count, 0, "Number of static rules"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_ack_lifetime, CTLFLAG_RW, - &dyn_ack_lifetime, 0, "Lifetime of dyn. rules for acks"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_syn_lifetime, CTLFLAG_RW, - &dyn_syn_lifetime, 0, "Lifetime of dyn. rules for syn"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_fin_lifetime, CTLFLAG_RW, - &dyn_fin_lifetime, 0, "Lifetime of dyn. rules for fin"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_rst_lifetime, CTLFLAG_RW, - &dyn_rst_lifetime, 0, "Lifetime of dyn. rules for rst"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_udp_lifetime, CTLFLAG_RW, - &dyn_udp_lifetime, 0, "Lifetime of dyn. rules for UDP"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_short_lifetime, CTLFLAG_RW, - &dyn_short_lifetime, 0, "Lifetime of dyn. rules for other situations"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_keepalive, CTLFLAG_RW, - &dyn_keepalive, 0, "Enable keepalives for dyn. rules"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, dyn_buckets, + CTLFLAG_RW, dyn_buckets, 0, "Number of dyn. buckets"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, curr_dyn_buckets, + CTLFLAG_RD, curr_dyn_buckets, 0, "Current Number of dyn. buckets"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, dyn_count, + CTLFLAG_RD, dyn_count, 0, "Number of dyn. rules"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, dyn_max, + CTLFLAG_RW, dyn_max, 0, "Max number of dyn. rules"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, static_count, + CTLFLAG_RD, static_count, 0, "Number of static rules"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, dyn_ack_lifetime, + CTLFLAG_RW, dyn_ack_lifetime, 0, "Lifetime of dyn. rules for acks"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, dyn_syn_lifetime, + CTLFLAG_RW, dyn_syn_lifetime, 0, "Lifetime of dyn. rules for syn"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, dyn_fin_lifetime, + CTLFLAG_RW, dyn_fin_lifetime, 0, "Lifetime of dyn. rules for fin"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, dyn_rst_lifetime, + CTLFLAG_RW, dyn_rst_lifetime, 0, "Lifetime of dyn. rules for rst"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, dyn_udp_lifetime, + CTLFLAG_RW, dyn_udp_lifetime, 0, "Lifetime of dyn. rules for UDP"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, dyn_short_lifetime, + CTLFLAG_RW, dyn_short_lifetime, 0, + "Lifetime of dyn. rules for other situations"); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, dyn_keepalive, + CTLFLAG_RW, dyn_keepalive, 0, "Enable keepalives for dyn. rules"); + #ifdef INET6 /* @@ -563,6 +565,7 @@ static int search_ip6_addr_net (struct in6_addr * ip6_addr) { + INIT_VNET_NET(curvnet); struct ifnet *mdc; struct ifaddr *mdc2; struct in6_ifaddr *fdm; @@ -630,6 +633,7 @@ return 1; } + static __inline int hash_packet6(struct ipfw_flow_id *id) { @@ -754,6 +758,7 @@ struct mbuf *m, struct ifnet *oif, u_short offset, uint32_t tablearg, struct ip *ip) { + INIT_VNET_IPFW(curvnet); struct ether_header *eh = args->eh; char *action; int limit_reached = 0; @@ -1024,6 +1029,7 @@ static __inline int hash_packet(struct ipfw_flow_id *id) { + INIT_VNET_IPFW(curvnet); u_int32_t i; #ifdef INET6 @@ -1075,6 +1081,7 @@ static void remove_dyn_rule(struct ip_fw *rule, ipfw_dyn_rule *keep_me) { + INIT_VNET_IPFW(curvnet); static u_int32_t last_remove = 0; #define FORCE (keep_me == NULL) @@ -1145,6 +1152,7 @@ lookup_dyn_rule_locked(struct ipfw_flow_id *pkt, int *match_direction, struct tcphdr *tcp) { + INIT_VNET_IPFW(curvnet); /* * stateful ipfw extensions. * Lookup into dynamic session queue @@ -1301,6 +1309,7 @@ static void realloc_dynamic_table(void) { + INIT_VNET_IPFW(curvnet); IPFW_DYN_LOCK_ASSERT(); /* @@ -1340,6 +1349,7 @@ static ipfw_dyn_rule * add_dyn_rule(struct ipfw_flow_id *id, u_int8_t dyn_type, struct ip_fw *rule) { + INIT_VNET_IPFW(curvnet); ipfw_dyn_rule *r; int i; @@ -1395,6 +1405,7 @@ static ipfw_dyn_rule * lookup_dyn_parent(struct ipfw_flow_id *pkt, struct ip_fw *rule) { + INIT_VNET_IPFW(curvnet); ipfw_dyn_rule *q; int i; @@ -1438,6 +1449,7 @@ install_state(struct ip_fw *rule, ipfw_insn_limit *cmd, struct ip_fw_args *args, uint32_t tablearg) { + INIT_VNET_IPFW(curvnet); static int last_log; ipfw_dyn_rule *q; struct in_addr da; @@ -1599,6 +1611,7 @@ send_pkt(struct mbuf *replyto, struct ipfw_flow_id *id, u_int32_t seq, u_int32_t ack, int flags) { + INIT_VNET_INET(curvnet); struct mbuf *m; struct ip *ip; struct tcphdr *tcp; @@ -1775,6 +1788,7 @@ add_table_entry(struct ip_fw_chain *ch, uint16_t tbl, in_addr_t addr, uint8_t mlen, uint32_t value) { + INIT_VNET_IPFW(curvnet); struct radix_node_head *rnh; struct table_entry *ent; @@ -1979,6 +1993,7 @@ u_int16_t src_port, struct ip_fw_ugid *ugp, int *lookup, struct inpcb *inp) { + INIT_VNET_INET(curvnet); struct inpcbinfo *pi; int wildcard; struct inpcb *pcb; @@ -2095,6 +2110,9 @@ int ipfw_chk(struct ip_fw_args *args) { + INIT_VNET_INET(curvnet); + INIT_VNET_IPFW(curvnet); + /* * Local variables holding state during the processing of a packet: * @@ -3404,6 +3422,7 @@ static int add_rule(struct ip_fw_chain *chain, struct ip_fw *input_rule) { + INIT_VNET_IPFW(curvnet); struct ip_fw *rule, *f, *prev; int l = RULESIZE(input_rule); @@ -3489,6 +3508,7 @@ remove_rule(struct ip_fw_chain *chain, struct ip_fw *rule, struct ip_fw *prev) { + INIT_VNET_IPFW(curvnet); struct ip_fw *n; int l = RULESIZE(rule); @@ -3703,6 +3723,7 @@ static int zero_entry(struct ip_fw_chain *chain, u_int32_t arg, int log_only) { + INIT_VNET_IPFW(curvnet); struct ip_fw *rule; char *msg; @@ -4070,6 +4091,7 @@ static size_t ipfw_getrules(struct ip_fw_chain *chain, void *buf, size_t space) { + INIT_VNET_IPFW(curvnet); char *bp = buf; char *ep = bp + space; struct ip_fw *rule; @@ -4151,6 +4173,7 @@ static int ipfw_ctl(struct sockopt *sopt) { + INIT_VNET_IPFW(curvnet); #define RULE_MAXSIZE (256*sizeof(u_int32_t)) int error; size_t size; @@ -4491,6 +4514,7 @@ int ipfw_init(void) { + INIT_VNET_IPFW(curvnet); struct ip_fw default_rule; int error; Index: sys/netinet/ip_fw_nat.c =========================================================================== --- sys/netinet/ip_fw_nat.c 2008/09/03 22:27:36 #4 +++ sys/netinet/ip_fw_nat.c 2008/09/03 22:27:36 @@ -82,6 +82,7 @@ static void ifaddr_change(void *arg __unused, struct ifnet *ifp) { + INIT_VNET_IPFW(curvnet); struct cfg_nat *ptr; struct ifaddr *ifa; @@ -109,6 +110,7 @@ static void flush_nat_ptrs(const int i) { + INIT_VNET_IPFW(curvnet); struct ip_fw *rule; IPFW_WLOCK_ASSERT(&V_layer3_chain); @@ -404,6 +406,7 @@ static int ipfw_nat_cfg(struct sockopt *sopt) { + INIT_VNET_IPFW(curvnet); struct cfg_nat *ptr, *ser_n; char *buf; @@ -474,6 +477,7 @@ static int ipfw_nat_del(struct sockopt *sopt) { + INIT_VNET_IPFW(curvnet); struct cfg_nat *ptr; int i; @@ -496,6 +500,7 @@ static int ipfw_nat_get_cfg(struct sockopt *sopt) { + INIT_VNET_IPFW(curvnet); uint8_t *data; struct cfg_nat *n; struct cfg_redir *r; @@ -550,6 +555,7 @@ static int ipfw_nat_get_log(struct sockopt *sopt) { + INIT_VNET_IPFW(curvnet); uint8_t *data; struct cfg_nat *ptr; int i, size, cnt, sof; @@ -584,6 +590,7 @@ static void ipfw_nat_init(void) { + INIT_VNET_IPFW(curvnet); IPFW_WLOCK(&V_layer3_chain); /* init ipfw hooks */ @@ -600,6 +607,7 @@ static void ipfw_nat_destroy(void) { + INIT_VNET_IPFW(curvnet); struct ip_fw *rule; struct cfg_nat *ptr, *ptr_temp; Index: sys/netinet/ip_icmp.c =========================================================================== --- sys/netinet/ip_icmp.c 2008/09/03 22:27:36 #68 +++ sys/netinet/ip_icmp.c 2008/09/03 22:27:36 @@ -78,8 +78,8 @@ */ struct icmpstat icmpstat; -SYSCTL_STRUCT(_net_inet_icmp, ICMPCTL_STATS, stats, CTLFLAG_RW, - &icmpstat, icmpstat, ""); +SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_icmp, ICMPCTL_STATS, stats, + CTLFLAG_RW, icmpstat, icmpstat, ""); static int icmpmaskrepl = 0; SYSCTL_INT(_net_inet_icmp, ICMPCTL_MASKREPL, maskrepl, CTLFLAG_RW, @@ -144,6 +144,7 @@ void icmp_error(struct mbuf *n, int type, int code, n_long dest, int mtu) { + INIT_VNET_INET(curvnet); register struct ip *oip = mtod(n, struct ip *), *nip; register unsigned oiphlen = oip->ip_hl << 2; register struct icmp *icp; @@ -292,6 +293,7 @@ void icmp_input(struct mbuf *m, int off) { + INIT_VNET_INET(curvnet); struct icmp *icp; struct in_ifaddr *ia; struct ip *ip = mtod(m, struct ip *); @@ -622,6 +624,7 @@ static void icmp_reflect(struct mbuf *m) { + INIT_VNET_INET(curvnet); struct ip *ip = mtod(m, struct ip *); struct ifaddr *ifa; struct ifnet *ifn; Index: sys/netinet/ip_input.c =========================================================================== --- sys/netinet/ip_input.c 2008/09/03 22:27:36 #169 +++ sys/netinet/ip_input.c 2008/09/03 22:27:36 @@ -88,31 +88,32 @@ int rsvp_on = 0; int ipforwarding = 0; -SYSCTL_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW, - &ipforwarding, 0, "Enable IP forwarding between interfaces"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_FORWARDING, + forwarding, CTLFLAG_RW, ipforwarding, 0, + "Enable IP forwarding between interfaces"); static int ipsendredirects = 1; /* XXX */ -SYSCTL_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW, - &ipsendredirects, 0, "Enable sending IP redirects"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_SENDREDIRECTS, + redirect, CTLFLAG_RW, ipsendredirects, 0, + "Enable sending IP redirects"); int ip_defttl = IPDEFTTL; -SYSCTL_INT(_net_inet_ip, IPCTL_DEFTTL, ttl, CTLFLAG_RW, - &ip_defttl, 0, "Maximum TTL on IP packets"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_DEFTTL, + ttl, CTLFLAG_RW, ip_defttl, 0, "Maximum TTL on IP packets"); static int ip_keepfaith = 0; -SYSCTL_INT(_net_inet_ip, IPCTL_KEEPFAITH, keepfaith, CTLFLAG_RW, - &ip_keepfaith, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_KEEPFAITH, + keepfaith, CTLFLAG_RW, ip_keepfaith, 0, "Enable packet capture for FAITH IPv4->IPv6 translater daemon"); static int ip_sendsourcequench = 0; -SYSCTL_INT(_net_inet_ip, OID_AUTO, sendsourcequench, CTLFLAG_RW, - &ip_sendsourcequench, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, + sendsourcequench, CTLFLAG_RW, ip_sendsourcequench, 0, "Enable the transmission of source quench packets"); int ip_do_randomid = 0; -SYSCTL_INT(_net_inet_ip, OID_AUTO, random_id, CTLFLAG_RW, - &ip_do_randomid, 0, - "Assign random ip_id values"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, random_id, + CTLFLAG_RW, ip_do_randomid, 0, "Assign random ip_id values"); /* * XXX - Setting ip_checkinterface mostly implements the receive side of @@ -128,8 +129,9 @@ * packets for those addresses are received. */ static int ip_checkinterface = 0; -SYSCTL_INT(_net_inet_ip, OID_AUTO, check_interface, CTLFLAG_RW, - &ip_checkinterface, 0, "Verify packet arrives on correct interface"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, + check_interface, CTLFLAG_RW, ip_checkinterface, 0, + "Verify packet arrives on correct interface"); struct pfil_head inet_pfil_hook; /* Packet filter hooks */ @@ -150,8 +152,8 @@ "Number of packets dropped from the IP input queue"); struct ipstat ipstat; -SYSCTL_STRUCT(_net_inet_ip, IPCTL_STATS, stats, CTLFLAG_RW, - &ipstat, ipstat, "IP statistics (struct ipstat, netinet/ip_var.h)"); +SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_ip, IPCTL_STATS, stats, CTLFLAG_RW, + ipstat, ipstat, "IP statistics (struct ipstat, netinet/ip_var.h)"); /* * IP datagram reassembly. @@ -176,12 +178,13 @@ static int maxnipq; /* Administrative limit on # reass queues. */ static int nipq = 0; /* Total # of reass queues */ -SYSCTL_INT(_net_inet_ip, OID_AUTO, fragpackets, CTLFLAG_RD, - &nipq, 0, "Current number of IPv4 fragment reassembly queue entries"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, fragpackets, + CTLFLAG_RD, nipq, 0, + "Current number of IPv4 fragment reassembly queue entries"); static int maxfragsperpacket; -SYSCTL_INT(_net_inet_ip, OID_AUTO, maxfragsperpacket, CTLFLAG_RW, - &maxfragsperpacket, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, maxfragsperpacket, + CTLFLAG_RW, maxfragsperpacket, 0, "Maximum number of IPv4 fragments allowed per packet"); struct callout ipport_tick_callout; @@ -193,8 +196,8 @@ #ifdef IPSTEALTH int ipstealth = 0; -SYSCTL_INT(_net_inet_ip, OID_AUTO, stealth, CTLFLAG_RW, - &ipstealth, 0, "IP stealth mode, no TTL decrementation on forwarding"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, stealth, CTLFLAG_RW, + ipstealth, 0, "IP stealth mode, no TTL decrementation on forwarding"); #endif /* @@ -285,6 +288,7 @@ void ip_input(struct mbuf *m) { + INIT_VNET_INET(curvnet); struct ip *ip = NULL; struct in_ifaddr *ia = NULL; struct ifaddr *ifa; @@ -677,6 +681,7 @@ static void maxnipq_update(void) { + INIT_VNET_INET(curvnet); /* * -1 for unlimited allocation. @@ -700,6 +705,7 @@ static void ipq_zone_change(void *tag) { + INIT_VNET_INET(curvnet); if (V_maxnipq > 0 && V_maxnipq < (nmbclusters / 32)) { V_maxnipq = nmbclusters / 32; @@ -710,6 +716,7 @@ static int sysctl_maxnipq(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET(curvnet); int error, i; i = V_maxnipq; @@ -745,6 +752,7 @@ struct mbuf * ip_reass(struct mbuf *m) { + INIT_VNET_INET(curvnet); struct ip *ip; struct mbuf *p, *q, *nq, *t; struct ipq *fp = NULL; @@ -1060,6 +1068,7 @@ static void ip_freef(struct ipqhead *fhp, struct ipq *fp) { + INIT_VNET_INET(curvnet); struct mbuf *q; IPQ_LOCK_ASSERT(); @@ -1086,6 +1095,8 @@ int i; IPQ_LOCK(); + VNET_ITERLOOP_BEGIN(); + INIT_VNET_INET(vnet_iter); for (i = 0; i < IPREASS_NHASH; i++) { for(fp = TAILQ_FIRST(&V_ipq[i]); fp;) { struct ipq *fpp; @@ -1112,6 +1123,7 @@ } } } + VNET_ITERLOOP_END(); IPQ_UNLOCK(); } @@ -1124,6 +1136,8 @@ int i; IPQ_LOCK(); + VNET_ITERLOOP_BEGIN(); + INIT_VNET_INET(vnet_iter); for (i = 0; i < IPREASS_NHASH; i++) { while(!TAILQ_EMPTY(&V_ipq[i])) { V_ipstat.ips_fragdropped += @@ -1131,6 +1145,7 @@ ip_freef(&V_ipq[i], TAILQ_FIRST(&V_ipq[i])); } } + VNET_ITERLOOP_END(); IPQ_UNLOCK(); in_rtqdrain(); } @@ -1247,6 +1262,7 @@ void ip_forward(struct mbuf *m, int srcrt) { + INIT_VNET_INET(curvnet); struct ip *ip = mtod(m, struct ip *); struct in_ifaddr *ia = NULL; struct mbuf *mcopy; @@ -1462,6 +1478,8 @@ ip_savecontrol(struct inpcb *inp, struct mbuf **mp, struct ip *ip, struct mbuf *m) { + INIT_VNET_NET(inp->inp_vnet); + if (inp->inp_socket->so_options & (SO_BINTIME | SO_TIMESTAMP)) { struct bintime bt; @@ -1560,6 +1578,8 @@ int ip_rsvp_init(struct socket *so) { + INIT_VNET_INET(so->so_vnet); + if (so->so_type != SOCK_RAW || so->so_proto->pr_protocol != IPPROTO_RSVP) return EOPNOTSUPP; @@ -1583,6 +1603,8 @@ int ip_rsvp_done(void) { + INIT_VNET_INET(curvnet); + V_ip_rsvpd = NULL; /* * This may seem silly, but we need to be sure we don't over-decrement @@ -1598,6 +1620,8 @@ void rsvp_input(struct mbuf *m, int off) /* XXX must fixup manually */ { + INIT_VNET_INET(curvnet); + if (rsvp_input_p) { /* call the real one if loaded */ rsvp_input_p(m, off); return; Index: sys/netinet/ip_ipsec.c =========================================================================== --- sys/netinet/ip_ipsec.c 2008/09/03 22:27:36 #11 +++ sys/netinet/ip_ipsec.c 2008/09/03 22:27:36 @@ -94,6 +94,8 @@ ip_ipsec_fwd(struct mbuf *m) { #ifdef IPSEC + INIT_VNET_INET(curvnet); + INIT_VNET_IPSEC(curvnet); struct m_tag *mtag; struct tdb_ident *tdbi; struct secpolicy *sp; @@ -141,6 +143,7 @@ { struct ip *ip = mtod(m, struct ip *); #ifdef IPSEC + INIT_VNET_IPSEC(curvnet); struct m_tag *mtag; struct tdb_ident *tdbi; struct secpolicy *sp; Index: sys/netinet/ip_mroute.c =========================================================================== --- sys/netinet/ip_mroute.c 2008/09/03 22:27:36 #79 +++ sys/netinet/ip_mroute.c 2008/09/03 22:27:36 @@ -422,6 +422,7 @@ static int X_ip_mrouter_set(struct socket *so, struct sockopt *sopt) { + INIT_VNET_INET(curvnet); int error, optval; vifi_t vifi; struct vifctl vifc; @@ -646,6 +647,7 @@ static void if_detached_event(void *arg __unused, struct ifnet *ifp) { + INIT_VNET_INET(curvnet); vifi_t vifi; int i; struct mfc *mfc; @@ -709,6 +711,8 @@ static int ip_mrouter_init(struct socket *so, int version) { + INIT_VNET_INET(curvnet); + if (mrtdebug) log(LOG_DEBUG, "ip_mrouter_init: so_type = %d, pr_protocol = %d\n", so->so_type, so->so_proto->pr_protocol); @@ -755,6 +759,7 @@ static int X_ip_mrouter_done(void) { + INIT_VNET_INET(curvnet); vifi_t vifi; int i; struct ifnet *ifp; @@ -1286,6 +1291,7 @@ X_ip_mforward(struct ip *ip, struct ifnet *ifp, struct mbuf *m, struct ip_moptions *imo) { + INIT_VNET_INET(curvnet); struct mfc *rt; int error; vifi_t vifi; @@ -1590,6 +1596,7 @@ static int ip_mdq(struct mbuf *m, struct ifnet *ifp, struct mfc *rt, vifi_t xmt_vif) { + INIT_VNET_INET(curvnet); struct ip *ip = mtod(m, struct ip *); vifi_t vifi; int plen = ip->ip_len; @@ -1801,6 +1808,7 @@ static int X_ip_rsvp_vif(struct socket *so, struct sockopt *sopt) { + INIT_VNET_INET(curvnet); int error, vifi; if (so->so_type != SOCK_RAW || so->so_proto->pr_protocol != IPPROTO_RSVP) @@ -1855,6 +1863,7 @@ static void X_ip_rsvp_force_done(struct socket *so) { + INIT_VNET_INET(curvnet); int vifi; /* Don't bother if it is not the right type of socket. */ @@ -1885,6 +1894,7 @@ static void X_rsvp_input(struct mbuf *m, int off) { + INIT_VNET_INET(curvnet); int vifi; struct ip *ip = mtod(m, struct ip *); struct sockaddr_in rsvp_src = { sizeof rsvp_src, AF_INET }; @@ -2286,6 +2296,7 @@ static void bw_upcalls_send(void) { + INIT_VNET_INET(curvnet); struct mbuf *m; int len = bw_upcalls_n * sizeof(bw_upcalls[0]); struct sockaddr_in k_igmpsrc = { sizeof k_igmpsrc, AF_INET }; @@ -2646,6 +2657,7 @@ pim_register_send_upcall(struct ip *ip, struct vif *vifp, struct mbuf *mb_copy, struct mfc *rt) { + INIT_VNET_INET(curvnet); struct mbuf *mb_first; int len = ntohs(ip->ip_len); struct igmpmsg *im; @@ -2700,6 +2712,7 @@ pim_register_send_rp(struct ip *ip, struct vif *vifp, struct mbuf *mb_copy, struct mfc *rt) { + INIT_VNET_INET(curvnet); struct mbuf *mb_first; struct ip *ip_outer; struct pim_encap_pimhdr *pimhdr; @@ -3029,6 +3042,7 @@ static int ip_mroute_modevent(module_t mod, int type, void *unused) { + INIT_VNET_INET(curvnet); switch (type) { case MOD_LOAD: MROUTER_LOCK_INIT(); Index: sys/netinet/ip_options.c =========================================================================== --- sys/netinet/ip_options.c 2008/09/03 22:27:36 #12 +++ sys/netinet/ip_options.c 2008/09/03 22:27:36 @@ -98,6 +98,7 @@ int ip_dooptions(struct mbuf *m, int pass) { + INIT_VNET_INET(curvnet); struct ip *ip = mtod(m, struct ip *); u_char *cp; struct in_ifaddr *ia; Index: sys/netinet/ip_output.c =========================================================================== --- sys/netinet/ip_output.c 2008/09/03 22:27:36 #158 +++ sys/netinet/ip_output.c 2008/09/03 22:27:36 @@ -109,6 +109,8 @@ ip_output(struct mbuf *m, struct mbuf *opt, struct route *ro, int flags, struct ip_moptions *imo, struct inpcb *inp) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET(curvnet); struct ip *ip; struct ifnet *ifp = NULL; /* keep compiler happy */ struct mbuf *m0; @@ -626,6 +628,7 @@ ip_fragment(struct ip *ip, struct mbuf **m_frag, int mtu, u_long if_hwassist_flags, int sw_csum) { + INIT_VNET_INET(curvnet); int error = 0; int hlen = ip->ip_hl << 2; int len = (mtu - hlen) & ~7; /* size of payload in each fragment */ Index: sys/netinet/raw_ip.c =========================================================================== --- sys/netinet/raw_ip.c 2008/09/03 22:27:36 #115 +++ sys/netinet/raw_ip.c 2008/09/03 22:27:36 @@ -158,6 +158,7 @@ static void rip_zone_change(void *tag) { + INIT_VNET_INET(curvnet); uma_zone_set_max(V_ripcbinfo.ipi_zone, maxsockets); } @@ -174,6 +175,7 @@ void rip_init(void) { + INIT_VNET_INET(curvnet); INP_INFO_LOCK_INIT(&V_ripcbinfo, "rip"); LIST_INIT(&V_ripcb); @@ -240,6 +242,7 @@ void rip_input(struct mbuf *m, int off) { + INIT_VNET_INET(curvnet); struct ip *ip = mtod(m, struct ip *); int proto = ip->ip_p; struct inpcb *inp, *last; @@ -333,6 +336,7 @@ int rip_output(struct mbuf *m, struct socket *so, u_long dst) { + INIT_VNET_INET(so->so_vnet); struct ip *ip; int error; struct inpcb *inp = sotoinpcb(so); @@ -598,6 +602,7 @@ void rip_ctlinput(int cmd, struct sockaddr *sa, void *vip) { + INIT_VNET_INET(curvnet); struct in_ifaddr *ia; struct ifnet *ifp; int err; @@ -656,6 +661,7 @@ static int rip_attach(struct socket *so, int proto, struct thread *td) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; int error; @@ -689,6 +695,7 @@ static void rip_detach(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); @@ -728,6 +735,7 @@ static void rip_abort(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); @@ -743,6 +751,7 @@ static void rip_close(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); @@ -758,6 +767,7 @@ static int rip_disconnect(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; if ((so->so_state & SS_ISCONNECTED) == 0) @@ -777,6 +787,8 @@ static int rip_bind(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_NET(so->so_vnet); + INIT_VNET_INET(so->so_vnet); struct sockaddr_in *addr = (struct sockaddr_in *)nam; struct inpcb *inp; @@ -813,6 +825,8 @@ static int rip_connect(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_NET(so->so_vnet); + INIT_VNET_INET(so->so_vnet); struct sockaddr_in *addr = (struct sockaddr_in *)nam; struct inpcb *inp; @@ -883,6 +897,7 @@ static int rip_pcblist(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET(curvnet); int error, i, n; struct inpcb *inp, **inp_list; inp_gen_t gencnt; Index: sys/netinet/tcp_hostcache.c =========================================================================== --- sys/netinet/tcp_hostcache.c 2008/09/03 22:27:36 #22 +++ sys/netinet/tcp_hostcache.c 2008/09/03 22:27:36 @@ -158,26 +158,32 @@ SYSCTL_NODE(_net_inet_tcp, OID_AUTO, hostcache, CTLFLAG_RW, 0, "TCP Host cache"); -SYSCTL_INT(_net_inet_tcp_hostcache, OID_AUTO, cachelimit, CTLFLAG_RDTUN, - &tcp_hostcache.cache_limit, 0, "Overall entry limit for hostcache"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_hostcache, OID_AUTO, cachelimit, + CTLFLAG_RDTUN, tcp_hostcache.cache_limit, 0, + "Overall entry limit for hostcache"); -SYSCTL_INT(_net_inet_tcp_hostcache, OID_AUTO, hashsize, CTLFLAG_RDTUN, - &tcp_hostcache.hashsize, 0, "Size of TCP hostcache hashtable"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_hostcache, OID_AUTO, hashsize, + CTLFLAG_RDTUN, tcp_hostcache.hashsize, 0, + "Size of TCP hostcache hashtable"); -SYSCTL_INT(_net_inet_tcp_hostcache, OID_AUTO, bucketlimit, CTLFLAG_RDTUN, - &tcp_hostcache.bucket_limit, 0, "Per-bucket hash limit for hostcache"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_hostcache, OID_AUTO, bucketlimit, + CTLFLAG_RDTUN, tcp_hostcache.bucket_limit, 0, + "Per-bucket hash limit for hostcache"); -SYSCTL_INT(_net_inet_tcp_hostcache, OID_AUTO, count, CTLFLAG_RD, - &tcp_hostcache.cache_count, 0, "Current number of entries in hostcache"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_hostcache, OID_AUTO, count, + CTLFLAG_RD, tcp_hostcache.cache_count, 0, + "Current number of entries in hostcache"); -SYSCTL_INT(_net_inet_tcp_hostcache, OID_AUTO, expire, CTLFLAG_RW, - &tcp_hostcache.expire, 0, "Expire time of TCP hostcache entries"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_hostcache, OID_AUTO, expire, + CTLFLAG_RW, tcp_hostcache.expire, 0, + "Expire time of TCP hostcache entries"); -SYSCTL_INT(_net_inet_tcp_hostcache, OID_AUTO, prune, CTLFLAG_RW, - &tcp_hostcache.prune, 0, "Time between purge runs"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_hostcache, OID_AUTO, prune, + CTLFLAG_RW, tcp_hostcache.prune, 0, "Time between purge runs"); -SYSCTL_INT(_net_inet_tcp_hostcache, OID_AUTO, purge, CTLFLAG_RW, - &tcp_hostcache.purgeall, 0, "Expire all entires on next purge run"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_hostcache, OID_AUTO, purge, + CTLFLAG_RW, tcp_hostcache.purgeall, 0, + "Expire all entires on next purge run"); SYSCTL_PROC(_net_inet_tcp_hostcache, OID_AUTO, list, CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_SKIP, 0, 0, @@ -204,6 +210,7 @@ void tcp_hc_init(void) { + INIT_VNET_INET(curvnet); int i; /* @@ -271,6 +278,7 @@ static struct hc_metrics * tcp_hc_lookup(struct in_conninfo *inc) { + INIT_VNET_INET(curvnet); int hash; struct hc_head *hc_head; struct hc_metrics *hc_entry; @@ -326,6 +334,7 @@ static struct hc_metrics * tcp_hc_insert(struct in_conninfo *inc) { + INIT_VNET_INET(curvnet); int hash; struct hc_head *hc_head; struct hc_metrics *hc_entry; @@ -416,6 +425,7 @@ void tcp_hc_get(struct in_conninfo *inc, struct hc_metrics_lite *hc_metrics_lite) { + INIT_VNET_INET(curvnet); struct hc_metrics *hc_entry; /* @@ -456,6 +466,7 @@ u_long tcp_hc_getmtu(struct in_conninfo *inc) { + INIT_VNET_INET(curvnet); struct hc_metrics *hc_entry; u_long mtu; @@ -478,6 +489,7 @@ void tcp_hc_updatemtu(struct in_conninfo *inc, u_long mtu) { + INIT_VNET_INET(curvnet); struct hc_metrics *hc_entry; /* @@ -517,6 +529,7 @@ void tcp_hc_update(struct in_conninfo *inc, struct hc_metrics_lite *hcml) { + INIT_VNET_INET(curvnet); struct hc_metrics *hc_entry; hc_entry = tcp_hc_lookup(inc); @@ -597,6 +610,7 @@ static int sysctl_tcp_hc_list(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET(curvnet); int bufsize; int linesize = 128; char *p, *buf; @@ -659,6 +673,7 @@ static void tcp_hc_purge(void *arg) { + INIT_VNET_INET(curvnet); struct hc_metrics *hc_entry, *hc_next; int all = (intptr_t)arg; int i; Index: sys/netinet/tcp_input.c =========================================================================== --- sys/netinet/tcp_input.c 2008/09/03 22:27:36 #240 +++ sys/netinet/tcp_input.c 2008/09/03 22:27:36 @@ -100,60 +100,63 @@ static const int tcprexmtthresh = 3; struct tcpstat tcpstat; -SYSCTL_STRUCT(_net_inet_tcp, TCPCTL_STATS, stats, CTLFLAG_RW, - &tcpstat , tcpstat, "TCP statistics (struct tcpstat, netinet/tcp_var.h)"); +SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_tcp, TCPCTL_STATS, stats, + CTLFLAG_RW, tcpstat , tcpstat, + "TCP statistics (struct tcpstat, netinet/tcp_var.h)"); int tcp_log_in_vain = 0; SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_in_vain, CTLFLAG_RW, &tcp_log_in_vain, 0, "Log all incoming TCP segments to closed ports"); static int blackhole = 0; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, blackhole, CTLFLAG_RW, - &blackhole, 0, "Do not send RST on segments to closed ports"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, blackhole, CTLFLAG_RW, + blackhole, 0, "Do not send RST on segments to closed ports"); int tcp_delack_enabled = 1; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, delayed_ack, CTLFLAG_RW, - &tcp_delack_enabled, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, delayed_ack, + CTLFLAG_RW, tcp_delack_enabled, 0, "Delay ACK to try and piggyback it onto a data packet"); static int drop_synfin = 0; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, drop_synfin, CTLFLAG_RW, - &drop_synfin, 0, "Drop TCP packets with SYN+FIN set"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, drop_synfin, + CTLFLAG_RW, drop_synfin, 0, "Drop TCP packets with SYN+FIN set"); static int tcp_do_rfc3042 = 1; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, rfc3042, CTLFLAG_RW, - &tcp_do_rfc3042, 0, "Enable RFC 3042 (Limited Transmit)"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, rfc3042, CTLFLAG_RW, + tcp_do_rfc3042, 0, "Enable RFC 3042 (Limited Transmit)"); static int tcp_do_rfc3390 = 1; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, rfc3390, CTLFLAG_RW, - &tcp_do_rfc3390, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, rfc3390, CTLFLAG_RW, + tcp_do_rfc3390, 0, "Enable RFC 3390 (Increasing TCP's Initial Congestion Window)"); int tcp_do_ecn = 0; int tcp_ecn_maxretries = 1; SYSCTL_NODE(_net_inet_tcp, OID_AUTO, ecn, CTLFLAG_RW, 0, "TCP ECN"); -SYSCTL_INT(_net_inet_tcp_ecn, OID_AUTO, enable, CTLFLAG_RW, - &tcp_do_ecn, 0, "TCP ECN support"); -SYSCTL_INT(_net_inet_tcp_ecn, OID_AUTO, maxretries, CTLFLAG_RW, - &tcp_ecn_maxretries, 0, "Max retries before giving up on ECN"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_ecn, OID_AUTO, enable, + CTLFLAG_RW, tcp_do_ecn, 0, "TCP ECN support"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_ecn, OID_AUTO, maxretries, + CTLFLAG_RW, tcp_ecn_maxretries, 0, "Max retries before giving up on ECN"); static int tcp_insecure_rst = 0; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, insecure_rst, CTLFLAG_RW, - &tcp_insecure_rst, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, insecure_rst, + CTLFLAG_RW, tcp_insecure_rst, 0, "Follow the old (insecure) criteria for accepting RST packets"); int tcp_do_autorcvbuf = 1; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, recvbuf_auto, CTLFLAG_RW, - &tcp_do_autorcvbuf, 0, "Enable automatic receive buffer sizing"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, recvbuf_auto, + CTLFLAG_RW, tcp_do_autorcvbuf, 0, + "Enable automatic receive buffer sizing"); int tcp_autorcvbuf_inc = 16*1024; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, recvbuf_inc, CTLFLAG_RW, - &tcp_autorcvbuf_inc, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, recvbuf_inc, + CTLFLAG_RW, tcp_autorcvbuf_inc, 0, "Incrementor step size of automatic receive buffer"); int tcp_autorcvbuf_max = 256*1024; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, recvbuf_max, CTLFLAG_RW, - &tcp_autorcvbuf_max, 0, "Max size of automatic receive buffer"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, recvbuf_max, + CTLFLAG_RW, tcp_autorcvbuf_max, 0, + "Max size of automatic receive buffer"); struct inpcbhead tcb; #define tcb6 tcb /* for KAME src sync over BSD*'s */ @@ -225,6 +228,7 @@ int tcp6_input(struct mbuf **mp, int *offp, int proto) { + INIT_VNET_INET6(curvnet); struct mbuf *m = *mp; struct in6_ifaddr *ia6; @@ -905,6 +909,7 @@ tcp_do_segment(struct mbuf *m, struct tcphdr *th, struct socket *so, struct tcpcb *tp, int drop_hdrlen, int tlen, uint8_t iptos) { + INIT_VNET_INET(tp->t_vnet); int thflags, acked, ourfinisacked, needoutput = 0; int headlocked = 1; int rstreason, todrop, win; @@ -2560,6 +2565,7 @@ static void tcp_dooptions(struct tcpopt *to, u_char *cp, int cnt, int flags) { + INIT_VNET_INET(curvnet); int opt, optlen; to->to_flags = 0; @@ -2687,6 +2693,7 @@ static void tcp_xmit_timer(struct tcpcb *tp, int rtt) { + INIT_VNET_INET(tp->t_inpcb->inp_vnet); int delta; INP_WLOCK_ASSERT(tp->t_inpcb); @@ -2792,6 +2799,7 @@ void tcp_mss(struct tcpcb *tp, int offer) { + INIT_VNET_INET(tp->t_inpcb->inp_vnet); int rtt, mss; u_long bufsize; u_long maxmtu; @@ -3034,6 +3042,7 @@ int tcp_mssopt(struct in_conninfo *inc) { + INIT_VNET_INET(curvnet); int mss = 0; u_long maxmtu = 0; u_long thcmtu = 0; Index: sys/netinet/tcp_output.c =========================================================================== --- sys/netinet/tcp_output.c 2008/09/03 22:27:36 #102 +++ sys/netinet/tcp_output.c 2008/09/03 22:27:36 @@ -88,36 +88,42 @@ #endif int path_mtu_discovery = 1; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, path_mtu_discovery, CTLFLAG_RW, - &path_mtu_discovery, 1, "Enable Path MTU Discovery"); + +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, path_mtu_discovery, + CTLFLAG_RW, path_mtu_discovery, 1, "Enable Path MTU Discovery"); int ss_fltsz = 1; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, slowstart_flightsize, CTLFLAG_RW, - &ss_fltsz, 1, "Slow start flight size"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, + slowstart_flightsize, CTLFLAG_RW, + ss_fltsz, 1, "Slow start flight size"); int ss_fltsz_local = 4; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, local_slowstart_flightsize, CTLFLAG_RW, - &ss_fltsz_local, 1, "Slow start flight size for local networks"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, + local_slowstart_flightsize, CTLFLAG_RW, + ss_fltsz_local, 1, "Slow start flight size for local networks"); int tcp_do_newreno = 1; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, newreno, CTLFLAG_RW, - &tcp_do_newreno, 0, "Enable NewReno Algorithms"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, newreno, CTLFLAG_RW, + tcp_do_newreno, 0, "Enable NewReno Algorithms"); int tcp_do_tso = 1; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, tso, CTLFLAG_RW, - &tcp_do_tso, 0, "Enable TCP Segmentation Offload"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, tso, CTLFLAG_RW, + tcp_do_tso, 0, "Enable TCP Segmentation Offload"); int tcp_do_autosndbuf = 1; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, sendbuf_auto, CTLFLAG_RW, - &tcp_do_autosndbuf, 0, "Enable automatic send buffer sizing"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, sendbuf_auto, + CTLFLAG_RW, + tcp_do_autosndbuf, 0, "Enable automatic send buffer sizing"); int tcp_autosndbuf_inc = 8*1024; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, sendbuf_inc, CTLFLAG_RW, - &tcp_autosndbuf_inc, 0, "Incrementor step size of automatic send buffer"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, sendbuf_inc, + CTLFLAG_RW, tcp_autosndbuf_inc, 0, + "Incrementor step size of automatic send buffer"); int tcp_autosndbuf_max = 256*1024; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, sendbuf_max, CTLFLAG_RW, - &tcp_autosndbuf_max, 0, "Max size of automatic send buffer"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, sendbuf_max, + CTLFLAG_RW, tcp_autosndbuf_max, 0, + "Max size of automatic send buffer"); /* @@ -126,6 +132,7 @@ int tcp_output(struct tcpcb *tp) { + INIT_VNET_INET(tp->t_inpcb->inp_vnet); struct socket *so = tp->t_inpcb->inp_socket; long len, recwin, sendwin; int off, flags, error; @@ -1319,6 +1326,7 @@ int tcp_addoptions(struct tcpopt *to, u_char *optp) { + INIT_VNET_INET(curvnet); u_int mask, optlen = 0; for (mask = 1; mask < TOF_MAXOPT; mask <<= 1) { Index: sys/netinet/tcp_reass.c =========================================================================== --- sys/netinet/tcp_reass.c 2008/09/03 22:27:36 #7 +++ sys/netinet/tcp_reass.c 2008/09/03 22:27:36 @@ -78,29 +78,30 @@ "TCP Segment Reassembly Queue"); static int tcp_reass_maxseg = 0; -SYSCTL_INT(_net_inet_tcp_reass, OID_AUTO, maxsegments, CTLFLAG_RDTUN, - &tcp_reass_maxseg, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_reass, OID_AUTO, maxsegments, + CTLFLAG_RDTUN, tcp_reass_maxseg, 0, "Global maximum number of TCP Segments in Reassembly Queue"); int tcp_reass_qsize = 0; -SYSCTL_INT(_net_inet_tcp_reass, OID_AUTO, cursegments, CTLFLAG_RD, - &tcp_reass_qsize, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_reass, OID_AUTO, cursegments, + CTLFLAG_RD, tcp_reass_qsize, 0, "Global number of TCP Segments currently in Reassembly Queue"); static int tcp_reass_maxqlen = 48; -SYSCTL_INT(_net_inet_tcp_reass, OID_AUTO, maxqlen, CTLFLAG_RW, - &tcp_reass_maxqlen, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_reass, OID_AUTO, maxqlen, + CTLFLAG_RW, tcp_reass_maxqlen, 0, "Maximum number of TCP Segments per individual Reassembly Queue"); static int tcp_reass_overflows = 0; -SYSCTL_INT(_net_inet_tcp_reass, OID_AUTO, overflows, CTLFLAG_RD, - &tcp_reass_overflows, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_reass, OID_AUTO, overflows, + CTLFLAG_RD, tcp_reass_overflows, 0, "Global number of TCP Segment Reassembly Queue Overflows"); /* Initialize TCP reassembly queue */ static void tcp_reass_zone_change(void *tag) { + INIT_VNET_INET(curvnet); V_tcp_reass_maxseg = nmbclusters / 16; uma_zone_set_max(tcp_reass_zone, V_tcp_reass_maxseg); @@ -111,6 +112,7 @@ void tcp_reass_init(void) { + INIT_VNET_INET(curvnet); V_tcp_reass_maxseg = nmbclusters / 16; TUNABLE_INT_FETCH("net.inet.tcp.reass.maxsegments", @@ -125,6 +127,7 @@ int tcp_reass(struct tcpcb *tp, struct tcphdr *th, int *tlenp, struct mbuf *m) { + INIT_VNET_INET(curvnet); struct tseg_qent *q; struct tseg_qent *p = NULL; struct tseg_qent *nq; Index: sys/netinet/tcp_sack.c =========================================================================== --- sys/netinet/tcp_sack.c 2008/09/03 22:27:36 #41 +++ sys/netinet/tcp_sack.c 2008/09/03 22:27:36 @@ -126,23 +126,23 @@ SYSCTL_NODE(_net_inet_tcp, OID_AUTO, sack, CTLFLAG_RW, 0, "TCP SACK"); int tcp_do_sack = 1; -SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, enable, CTLFLAG_RW, - &tcp_do_sack, 0, "Enable/Disable TCP SACK support"); TUNABLE_INT("net.inet.tcp.sack.enable", &tcp_do_sack); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_sack, OID_AUTO, enable, + CTLFLAG_RW, tcp_do_sack, 0, "Enable/Disable TCP SACK support"); -static int tcp_sack_maxholes = 128; -SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, maxholes, CTLFLAG_RW, - &tcp_sack_maxholes, 0, +int tcp_sack_maxholes = 128; +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_sack, OID_AUTO, maxholes, + CTLFLAG_RW, tcp_sack_maxholes, 0, "Maximum number of TCP SACK holes allowed per connection"); -static int tcp_sack_globalmaxholes = 65536; -SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, globalmaxholes, CTLFLAG_RW, - &tcp_sack_globalmaxholes, 0, +int tcp_sack_globalmaxholes = 65536; +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_sack, OID_AUTO, globalmaxholes, + CTLFLAG_RW, tcp_sack_globalmaxholes, 0, "Global maximum number of TCP SACK holes"); -static int tcp_sack_globalholes = 0; -SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, globalholes, CTLFLAG_RD, - &tcp_sack_globalholes, 0, +int tcp_sack_globalholes = 0; +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_sack, OID_AUTO, globalholes, + CTLFLAG_RD, tcp_sack_globalholes, 0, "Global number of TCP SACK holes currently allocated"); /* @@ -253,6 +253,7 @@ static struct sackhole * tcp_sackhole_alloc(struct tcpcb *tp, tcp_seq start, tcp_seq end) { + INIT_VNET_INET(tp->t_inpcb->inp_vnet); struct sackhole *hole; if (tp->snd_numholes >= V_tcp_sack_maxholes || @@ -281,6 +282,7 @@ static void tcp_sackhole_free(struct tcpcb *tp, struct sackhole *hole) { + INIT_VNET_INET(tp->t_vnet); uma_zfree(sack_hole_zone, hole); Index: sys/netinet/tcp_subr.c =========================================================================== --- sys/netinet/tcp_subr.c 2008/09/03 22:27:36 #200 +++ sys/netinet/tcp_subr.c 2008/09/03 22:27:36 @@ -111,13 +111,13 @@ #include int tcp_mssdflt = TCP_MSS; -SYSCTL_INT(_net_inet_tcp, TCPCTL_MSSDFLT, mssdflt, CTLFLAG_RW, - &tcp_mssdflt, 0, "Default TCP Maximum Segment Size"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, TCPCTL_MSSDFLT, mssdflt, + CTLFLAG_RW, tcp_mssdflt, 0, "Default TCP Maximum Segment Size"); #ifdef INET6 int tcp_v6mssdflt = TCP6_MSS; -SYSCTL_INT(_net_inet_tcp, TCPCTL_V6MSSDFLT, v6mssdflt, - CTLFLAG_RW, &tcp_v6mssdflt , 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, TCPCTL_V6MSSDFLT, v6mssdflt, + CTLFLAG_RW, tcp_v6mssdflt, 0, "Default TCP Maximum Segment Size for IPv6"); #endif @@ -130,12 +130,13 @@ * checking. This setting prevents us from sending too small packets. */ int tcp_minmss = TCP_MINMSS; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, minmss, CTLFLAG_RW, - &tcp_minmss , 0, "Minmum TCP Maximum Segment Size"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, minmss, + CTLFLAG_RW, tcp_minmss , 0, "Minmum TCP Maximum Segment Size"); int tcp_do_rfc1323 = 1; -SYSCTL_INT(_net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323, CTLFLAG_RW, - &tcp_do_rfc1323, 0, "Enable rfc1323 (high performance TCP) extensions"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323, + CTLFLAG_RW, tcp_do_rfc1323, 0, + "Enable rfc1323 (high performance TCP) extensions"); static int tcp_log_debug = 0; SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_debug, CTLFLAG_RW, @@ -146,21 +147,21 @@ &tcp_tcbhashsize, 0, "Size of TCP control-block hashtable"); static int do_tcpdrain = 1; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, do_tcpdrain, CTLFLAG_RW, - &do_tcpdrain, 0, +SYSCTL_INT(_net_inet_tcp, OID_AUTO, do_tcpdrain, CTLFLAG_RW, &do_tcpdrain, 0, "Enable tcp_drain routine for extra help when low on mbufs"); -SYSCTL_INT(_net_inet_tcp, OID_AUTO, pcbcount, CTLFLAG_RD, - &tcbinfo.ipi_count, 0, "Number of active PCBs"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, pcbcount, + CTLFLAG_RD, tcbinfo.ipi_count, 0, "Number of active PCBs"); static int icmp_may_rst = 1; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, icmp_may_rst, CTLFLAG_RW, - &icmp_may_rst, 0, +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, icmp_may_rst, + CTLFLAG_RW, icmp_may_rst, 0, "Certain ICMP unreachable messages may abort connections in SYN_SENT"); static int tcp_isn_reseed_interval = 0; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, isn_reseed_interval, CTLFLAG_RW, - &tcp_isn_reseed_interval, 0, "Seconds between reseeding of ISN secret"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, isn_reseed_interval, + CTLFLAG_RW, tcp_isn_reseed_interval, 0, + "Seconds between reseeding of ISN secret"); /* * TCP bandwidth limiting sysctls. Note that the default lower bound of @@ -171,8 +172,9 @@ "TCP inflight data limiting"); static int tcp_inflight_enable = 1; -SYSCTL_INT(_net_inet_tcp_inflight, OID_AUTO, enable, CTLFLAG_RW, - &tcp_inflight_enable, 0, "Enable automatic TCP inflight data limiting"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_inflight, OID_AUTO, enable, + CTLFLAG_RW, tcp_inflight_enable, 0, + "Enable automatic TCP inflight data limiting"); static int tcp_inflight_debug = 0; SYSCTL_INT(_net_inet_tcp_inflight, OID_AUTO, debug, CTLFLAG_RW, @@ -184,16 +186,17 @@ "RTT threshold below which inflight will deactivate itself"); static int tcp_inflight_min = 6144; -SYSCTL_INT(_net_inet_tcp_inflight, OID_AUTO, min, CTLFLAG_RW, - &tcp_inflight_min, 0, "Lower-bound for TCP inflight window"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_inflight, OID_AUTO, min, + CTLFLAG_RW, tcp_inflight_min, 0, "Lower-bound for TCP inflight window"); static int tcp_inflight_max = TCP_MAXWIN << TCP_MAX_WINSHIFT; -SYSCTL_INT(_net_inet_tcp_inflight, OID_AUTO, max, CTLFLAG_RW, - &tcp_inflight_max, 0, "Upper-bound for TCP inflight window"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_inflight, OID_AUTO, max, + CTLFLAG_RW, tcp_inflight_max, 0, "Upper-bound for TCP inflight window"); static int tcp_inflight_stab = 20; -SYSCTL_INT(_net_inet_tcp_inflight, OID_AUTO, stab, CTLFLAG_RW, - &tcp_inflight_stab, 0, "Inflight Algorithm Stabilization 20 = 2 packets"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_inflight, OID_AUTO, stab, + CTLFLAG_RW, tcp_inflight_stab, 0, + "Inflight Algorithm Stabilization 20 = 2 packets"); uma_zone_t sack_hole_zone; @@ -254,6 +257,7 @@ void tcp_init(void) { + INIT_VNET_INET(curvnet); int hashsize = TCBHASHSIZE; tcp_delacktime = TCPTV_DELACK; @@ -413,6 +417,7 @@ tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m, tcp_seq ack, tcp_seq seq, int flags) { + INIT_VNET_INET(curvnet); int tlen; int win = 0; struct ip *ip; @@ -583,6 +588,8 @@ struct tcpcb * tcp_newtcpcb(struct inpcb *inp) { + INIT_VNET_INET(inp->inp_vnet); + struct tcpcb_mem *tm; struct tcpcb *tp; #ifdef INET6 @@ -646,6 +653,7 @@ struct tcpcb * tcp_drop(struct tcpcb *tp, int errno) { + INIT_VNET_INET(tp->t_inpcb->inp_vnet); struct socket *so = tp->t_inpcb->inp_socket; INP_INFO_WLOCK_ASSERT(&V_tcbinfo); @@ -666,6 +674,7 @@ void tcp_discardcb(struct tcpcb *tp) { + INIT_VNET_INET(tp->t_vnet); struct tseg_qent *q; struct inpcb *inp = tp->t_inpcb; struct socket *so = inp->inp_socket; @@ -767,6 +776,7 @@ struct tcpcb * tcp_close(struct tcpcb *tp) { + INIT_VNET_INET(tp->t_inpcb->inp_vnet); struct inpcb *inp = tp->t_inpcb; struct socket *so; @@ -800,6 +810,8 @@ { if (do_tcpdrain) { + VNET_ITERLOOP_BEGIN(); + INIT_VNET_INET(vnet_iter); struct inpcb *inpb; struct tcpcb *tcpb; struct tseg_qent *te; @@ -831,6 +843,7 @@ INP_WUNLOCK(inpb); } INP_INFO_RUNLOCK(&V_tcbinfo); + VNET_ITERLOOP_END(); } } @@ -889,6 +902,7 @@ static int tcp_pcblist(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET(curvnet); int error, i, m, n, pcb_count; struct inpcb *inp, **inp_list; inp_gen_t gencnt; @@ -1025,6 +1039,7 @@ static int tcp_getcred(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET(curvnet); struct xucred xuc; struct sockaddr_in addrs[2]; struct inpcb *inp; @@ -1067,6 +1082,8 @@ static int tcp6_getcred(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET(curvnet); + INIT_VNET_INET6(curvnet); struct xucred xuc; struct sockaddr_in6 addrs[2]; struct inpcb *inp; @@ -1130,6 +1147,7 @@ void tcp_ctlinput(int cmd, struct sockaddr *sa, void *vip) { + INIT_VNET_INET(curvnet); struct ip *ip = vip; struct tcphdr *th; struct in_addr faddr; @@ -1249,6 +1267,7 @@ void tcp6_ctlinput(int cmd, struct sockaddr *sa, void *d) { + INIT_VNET_INET(curvnet); struct tcphdr th; struct inpcb *(*notify)(struct inpcb *, int) = tcp_notify; struct ip6_hdr *ip6; @@ -1377,6 +1396,7 @@ tcp_seq tcp_new_isn(struct tcpcb *tp) { + INIT_VNET_INET(tp->t_vnet); u_int32_t md5_buffer[4]; tcp_seq new_isn; @@ -1430,12 +1450,15 @@ u_int32_t projected_offset; ISN_LOCK(); + VNET_ITERLOOP_BEGIN(); + INIT_VNET_INET(curvnet); projected_offset = V_isn_offset_old + ISN_BYTES_PER_SECOND / 100; if (SEQ_GT(projected_offset, V_isn_offset)) V_isn_offset = projected_offset; V_isn_offset_old = V_isn_offset; + VNET_ITERLOOP_END(); callout_reset(&isn_callout, hz/100, tcp_isn_tick, NULL); ISN_UNLOCK(); } @@ -1477,6 +1500,7 @@ struct inpcb * tcp_mtudisc(struct inpcb *inp, int errno) { + INIT_VNET_INET(inp->inp_vnet); struct tcpcb *tp; struct socket *so = inp->inp_socket; u_int maxmtu; @@ -1747,6 +1771,7 @@ void tcp_xmit_bandwidth_limit(struct tcpcb *tp, tcp_seq ack_seq) { + INIT_VNET_INET(tp->t_vnet); u_long bw; u_long bwnd; int save_ticks; @@ -1967,6 +1992,10 @@ static int sysctl_drop(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET(curvnet); +#ifdef INET6 + INIT_VNET_INET6(curvnet); +#endif /* addrs[0] is a foreign socket, addrs[1] is a local one. */ struct sockaddr_storage addrs[2]; struct inpcb *inp; Index: sys/netinet/tcp_syncache.c =========================================================================== --- sys/netinet/tcp_syncache.c 2008/09/03 22:27:36 #154 +++ sys/netinet/tcp_syncache.c 2008/09/03 22:27:36 @@ -146,24 +146,30 @@ SYSCTL_NODE(_net_inet_tcp, OID_AUTO, syncache, CTLFLAG_RW, 0, "TCP SYN cache"); -SYSCTL_INT(_net_inet_tcp_syncache, OID_AUTO, bucketlimit, CTLFLAG_RDTUN, - &tcp_syncache.bucket_limit, 0, "Per-bucket hash limit for syncache"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_syncache, OID_AUTO, + bucketlimit, CTLFLAG_RDTUN, + tcp_syncache.bucket_limit, 0, "Per-bucket hash limit for syncache"); -SYSCTL_INT(_net_inet_tcp_syncache, OID_AUTO, cachelimit, CTLFLAG_RDTUN, - &tcp_syncache.cache_limit, 0, "Overall entry limit for syncache"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_syncache, OID_AUTO, + cachelimit, CTLFLAG_RDTUN, + tcp_syncache.cache_limit, 0, "Overall entry limit for syncache"); -SYSCTL_INT(_net_inet_tcp_syncache, OID_AUTO, count, CTLFLAG_RD, - &tcp_syncache.cache_count, 0, "Current number of entries in syncache"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_syncache, OID_AUTO, + count, CTLFLAG_RD, + tcp_syncache.cache_count, 0, "Current number of entries in syncache"); -SYSCTL_INT(_net_inet_tcp_syncache, OID_AUTO, hashsize, CTLFLAG_RDTUN, - &tcp_syncache.hashsize, 0, "Size of TCP syncache hashtable"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_syncache, OID_AUTO, + hashsize, CTLFLAG_RDTUN, + tcp_syncache.hashsize, 0, "Size of TCP syncache hashtable"); -SYSCTL_INT(_net_inet_tcp_syncache, OID_AUTO, rexmtlimit, CTLFLAG_RW, - &tcp_syncache.rexmt_limit, 0, "Limit on SYN/ACK retransmissions"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_syncache, OID_AUTO, + rexmtlimit, CTLFLAG_RW, + tcp_syncache.rexmt_limit, 0, "Limit on SYN/ACK retransmissions"); int tcp_sc_rst_sock_fail = 1; -SYSCTL_INT(_net_inet_tcp_syncache, OID_AUTO, rst_on_sock_fail, CTLFLAG_RW, - &tcp_sc_rst_sock_fail, 0, "Send reset on socket allocation failure"); +SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_syncache, OID_AUTO, + rst_on_sock_fail, CTLFLAG_RW, + tcp_sc_rst_sock_fail, 0, "Send reset on socket allocation failure"); static MALLOC_DEFINE(M_SYNCACHE, "syncache", "TCP syncache"); @@ -198,6 +204,8 @@ static void syncache_free(struct syncache *sc) { + INIT_VNET_INET(curvnet); + if (sc->sc_ipopts) (void) m_free(sc->sc_ipopts); if (sc->sc_cred) @@ -212,6 +220,7 @@ void syncache_init(void) { + INIT_VNET_INET(curvnet); int i; V_tcp_syncache.cache_count = 0; @@ -265,6 +274,7 @@ static void syncache_insert(struct syncache *sc, struct syncache_head *sch) { + INIT_VNET_INET(sch->sch_vnet); struct syncache *sc2; SCH_LOCK(sch); @@ -303,6 +313,7 @@ static void syncache_drop(struct syncache *sc, struct syncache_head *sch) { + INIT_VNET_INET(sch->sch_vnet); SCH_LOCK_ASSERT(sch); @@ -346,6 +357,7 @@ struct syncache *sc, *nsc; int tick = ticks; char *s; + INIT_VNET_INET(sch->sch_vnet); /* NB: syncache_head has already been locked by the callout. */ SCH_LOCK_ASSERT(sch); @@ -404,6 +416,7 @@ struct syncache * syncache_lookup(struct in_conninfo *inc, struct syncache_head **schp) { + INIT_VNET_INET(curvnet); struct syncache *sc; struct syncache_head *sch; @@ -451,6 +464,7 @@ void syncache_chkrst(struct in_conninfo *inc, struct tcphdr *th) { + INIT_VNET_INET(curvnet); struct syncache *sc; struct syncache_head *sch; char *s = NULL; @@ -525,6 +539,7 @@ void syncache_badack(struct in_conninfo *inc) { + INIT_VNET_INET(curvnet); struct syncache *sc; struct syncache_head *sch; @@ -540,6 +555,7 @@ void syncache_unreach(struct in_conninfo *inc, struct tcphdr *th) { + INIT_VNET_INET(curvnet); struct syncache *sc; struct syncache_head *sch; @@ -576,6 +592,7 @@ static struct socket * syncache_socket(struct syncache *sc, struct socket *lso, struct mbuf *m) { + INIT_VNET_INET(lso->so_vnet); struct inpcb *inp = NULL; struct socket *so; struct tcpcb *tp; @@ -788,6 +805,7 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, struct socket **lsop, struct mbuf *m) { + INIT_VNET_INET(curvnet); struct syncache *sc; struct syncache_head *sch; struct syncache scs; @@ -933,6 +951,7 @@ struct inpcb *inp, struct socket **lsop, struct mbuf *m, struct toe_usrreqs *tu, void *toepcb) { + INIT_VNET_INET(inp->inp_vnet); struct tcpcb *tp; struct socket *so; struct syncache *sc = NULL; @@ -1231,6 +1250,7 @@ static int syncache_respond(struct syncache *sc) { + INIT_VNET_INET(curvnet); struct ip *ip = NULL; struct mbuf *m; struct tcphdr *th; @@ -1400,6 +1420,7 @@ struct tcphdr *th, struct inpcb *inp, struct socket **lsop, struct toe_usrreqs *tu, void *toepcb) { + INIT_VNET_INET(curvnet); INP_INFO_WLOCK(&V_tcbinfo); INP_WLOCK(inp); @@ -1488,6 +1509,7 @@ syncookie_generate(struct syncache_head *sch, struct syncache *sc, u_int32_t *flowlabel) { + INIT_VNET_INET(curvnet); MD5_CTX ctx; u_int32_t md5_buffer[MD5_DIGEST_LENGTH / sizeof(u_int32_t)]; u_int32_t data; @@ -1563,6 +1585,7 @@ struct syncache *sc, struct tcpopt *to, struct tcphdr *th, struct socket *so) { + INIT_VNET_INET(curvnet); MD5_CTX ctx; u_int32_t md5_buffer[MD5_DIGEST_LENGTH / sizeof(u_int32_t)]; u_int32_t data = 0; @@ -1670,6 +1693,7 @@ int syncache_pcbcount(void) { + INIT_VNET_INET(curvnet); struct syncache_head *sch; int count, i; @@ -1693,6 +1717,7 @@ int syncache_pcblist(struct sysctl_req *req, int max_pcbs, int *pcbs_exported) { + INIT_VNET_INET(curvnet); struct xtcpcb xt; struct syncache *sc; struct syncache_head *sch; Index: sys/netinet/tcp_timer.c =========================================================================== --- sys/netinet/tcp_timer.c 2008/09/03 22:27:36 #58 +++ sys/netinet/tcp_timer.c 2008/09/03 22:27:36 @@ -125,10 +125,13 @@ tcp_slowtimo(void) { + VNET_ITERLOOP_BEGIN(); + INIT_VNET_INET(vnet_iter); tcp_maxidle = tcp_keepcnt * tcp_keepintvl; INP_INFO_WLOCK(&V_tcbinfo); (void) tcp_tw_2msl_scan(0); INP_INFO_WUNLOCK(&V_tcbinfo); + VNET_ITERLOOP_END(); } int tcp_syn_backoff[TCP_MAXRXTSHIFT + 1] = @@ -152,6 +155,8 @@ { struct tcpcb *tp = xtp; struct inpcb *inp; + CURVNET_SET(tp->t_vnet); + INIT_VNET_INET(tp->t_vnet); INP_INFO_RLOCK(&V_tcbinfo); inp = tp->t_inpcb; @@ -165,6 +170,7 @@ if (inp == NULL) { tcp_timer_race++; INP_INFO_RUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); return; } INP_WLOCK(inp); @@ -172,6 +178,7 @@ if ((inp->inp_vflag & INP_DROPPED) || callout_pending(&tp->t_timers->tt_delack) || !callout_active(&tp->t_timers->tt_delack)) { INP_WUNLOCK(inp); + CURVNET_RESTORE(); return; } callout_deactivate(&tp->t_timers->tt_delack); @@ -180,6 +187,7 @@ V_tcpstat.tcps_delack++; (void) tcp_output(tp); INP_WUNLOCK(inp); + CURVNET_RESTORE(); } void @@ -187,6 +195,8 @@ { struct tcpcb *tp = xtp; struct inpcb *inp; + CURVNET_SET(tp->t_vnet); + INIT_VNET_INET(tp->t_vnet); #ifdef TCPDEBUG int ostate; @@ -207,6 +217,7 @@ if (inp == NULL) { tcp_timer_race++; INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); return; } INP_WLOCK(inp); @@ -215,6 +226,7 @@ !callout_active(&tp->t_timers->tt_2msl)) { INP_WUNLOCK(tp->t_inpcb); INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); return; } callout_deactivate(&tp->t_timers->tt_2msl); @@ -250,6 +262,7 @@ if (tp != NULL) INP_WUNLOCK(inp); INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); } void @@ -258,6 +271,8 @@ struct tcpcb *tp = xtp; struct tcptemp *t_template; struct inpcb *inp; + CURVNET_SET(tp->t_vnet); + INIT_VNET_INET(tp->t_vnet); #ifdef TCPDEBUG int ostate; @@ -275,6 +290,7 @@ if (inp == NULL) { tcp_timer_race++; INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); return; } INP_WLOCK(inp); @@ -282,6 +298,7 @@ || !callout_active(&tp->t_timers->tt_keep)) { INP_WUNLOCK(inp); INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); return; } callout_deactivate(&tp->t_timers->tt_keep); @@ -327,6 +344,7 @@ #endif INP_WUNLOCK(inp); INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); return; dropit: @@ -341,6 +359,7 @@ if (tp != NULL) INP_WUNLOCK(tp->t_inpcb); INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); } void @@ -348,6 +367,8 @@ { struct tcpcb *tp = xtp; struct inpcb *inp; + CURVNET_SET(tp->t_vnet); + INIT_VNET_INET(tp->t_vnet); #ifdef TCPDEBUG int ostate; @@ -365,6 +386,7 @@ if (inp == NULL) { tcp_timer_race++; INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); return; } INP_WLOCK(inp); @@ -372,6 +394,7 @@ || !callout_active(&tp->t_timers->tt_persist)) { INP_WUNLOCK(inp); INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); return; } callout_deactivate(&tp->t_timers->tt_persist); @@ -407,12 +430,15 @@ if (tp != NULL) INP_WUNLOCK(inp); INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); } void tcp_timer_rexmt(void * xtp) { struct tcpcb *tp = xtp; + CURVNET_SET(tp->t_vnet); + INIT_VNET_INET(tp->t_vnet); int rexmt; int headlocked; struct inpcb *inp; @@ -434,6 +460,7 @@ if (inp == NULL) { tcp_timer_race++; INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); return; } INP_WLOCK(inp); @@ -441,6 +468,7 @@ || !callout_active(&tp->t_timers->tt_rexmt)) { INP_WUNLOCK(inp); INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); return; } callout_deactivate(&tp->t_timers->tt_rexmt); @@ -564,6 +592,7 @@ INP_WUNLOCK(inp); if (headlocked) INP_INFO_WUNLOCK(&V_tcbinfo); + CURVNET_RESTORE(); } void Index: sys/netinet/tcp_timewait.c =========================================================================== --- sys/netinet/tcp_timewait.c 2008/09/03 22:27:36 #11 +++ sys/netinet/tcp_timewait.c 2008/09/03 22:27:36 @@ -110,6 +110,7 @@ static int tcptw_auto_size(void) { + INIT_VNET_INET(curvnet); int halfrange; /* @@ -181,6 +182,9 @@ void tcp_twstart(struct tcpcb *tp) { +#if defined(INVARIANTS) || defined(INVARIANT_SUPPORT) + INIT_VNET_INET(tp->t_vnet); +#endif struct tcptw *tw; struct inpcb *inp = tp->t_inpcb; int acknow; @@ -296,6 +300,7 @@ int tcp_twrecycleable(struct tcptw *tw) { + INIT_VNET_INET(curvnet); tcp_seq new_iss = tw->iss; tcp_seq new_irs = tw->irs; @@ -318,6 +323,9 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to, struct tcphdr *th, struct mbuf *m, int tlen) { +#if defined(INVARIANTS) || defined(INVARIANT_SUPPORT) + INIT_VNET_INET(curvnet); +#endif struct tcptw *tw; int thflags; tcp_seq seq; @@ -454,6 +462,7 @@ void tcp_twclose(struct tcptw *tw, int reuse) { + INIT_VNET_INET(curvnet); struct socket *so; struct inpcb *inp; @@ -521,6 +530,7 @@ int tcp_twrespond(struct tcptw *tw, int flags) { + INIT_VNET_INET(curvnet); struct inpcb *inp = tw->tw_inpcb; struct tcphdr *th; struct mbuf *m; @@ -614,6 +624,7 @@ static void tcp_tw_2msl_reset(struct tcptw *tw, int rearm) { + INIT_VNET_INET(curvnet); INP_INFO_WLOCK_ASSERT(&V_tcbinfo); INP_WLOCK_ASSERT(tw->tw_inpcb); @@ -626,6 +637,7 @@ static void tcp_tw_2msl_stop(struct tcptw *tw) { + INIT_VNET_INET(curvnet); INP_INFO_WLOCK_ASSERT(&V_tcbinfo); TAILQ_REMOVE(&V_twq_2msl, tw, tw_2msl); @@ -634,6 +646,7 @@ struct tcptw * tcp_tw_2msl_scan(int reuse) { + INIT_VNET_INET(curvnet); struct tcptw *tw; INP_INFO_WLOCK_ASSERT(&V_tcbinfo); Index: sys/netinet/tcp_usrreq.c =========================================================================== --- sys/netinet/tcp_usrreq.c 2008/09/03 22:27:36 #107 +++ sys/netinet/tcp_usrreq.c 2008/09/03 22:27:36 @@ -159,6 +159,9 @@ #ifdef INET6 int isipv6 = INP_CHECK_SOCKAF(so, AF_INET6) != 0; #endif +#ifdef INVARIANTS + INIT_VNET_INET(so->so_vnet); +#endif INP_INFO_WLOCK_ASSERT(&V_tcbinfo); INP_WLOCK_ASSERT(inp); @@ -249,6 +252,7 @@ static void tcp_usr_detach(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); @@ -267,6 +271,7 @@ static int tcp_usr_bind(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_INET(so->so_vnet); int error = 0; struct inpcb *inp; struct tcpcb *tp = NULL; @@ -307,6 +312,7 @@ static int tcp6_usr_bind(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_INET(so->so_vnet); int error = 0; struct inpcb *inp; struct tcpcb *tp = NULL; @@ -365,6 +371,7 @@ static int tcp_usr_listen(struct socket *so, int backlog, struct thread *td) { + INIT_VNET_INET(so->so_vnet); int error = 0; struct inpcb *inp; struct tcpcb *tp = NULL; @@ -402,6 +409,7 @@ static int tcp6_usr_listen(struct socket *so, int backlog, struct thread *td) { + INIT_VNET_INET(so->so_vnet); int error = 0; struct inpcb *inp; struct tcpcb *tp = NULL; @@ -449,6 +457,7 @@ static int tcp_usr_connect(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_INET(so->so_vnet); int error = 0; struct inpcb *inp; struct tcpcb *tp = NULL; @@ -491,6 +500,7 @@ static int tcp6_usr_connect(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_INET(so->so_vnet); int error = 0; struct inpcb *inp; struct tcpcb *tp = NULL; @@ -563,6 +573,7 @@ static int tcp_usr_disconnect(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; struct tcpcb *tp = NULL; int error = 0; @@ -594,6 +605,7 @@ static int tcp_usr_accept(struct socket *so, struct sockaddr **nam) { + INIT_VNET_INET(so->so_vnet); int error = 0; struct inpcb *inp = NULL; struct tcpcb *tp = NULL; @@ -691,6 +703,7 @@ static int tcp_usr_shutdown(struct socket *so) { + INIT_VNET_INET(so->so_vnet); int error = 0; struct inpcb *inp; struct tcpcb *tp = NULL; @@ -757,6 +770,7 @@ tcp_usr_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam, struct mbuf *control, struct thread *td) { + INIT_VNET_INET(so->so_vnet); int error = 0; struct inpcb *inp; struct tcpcb *tp = NULL; @@ -912,6 +926,7 @@ static void tcp_usr_abort(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; struct tcpcb *tp = NULL; TCPDEBUG0; @@ -950,6 +965,7 @@ static void tcp_usr_close(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; struct tcpcb *tp = NULL; TCPDEBUG0; @@ -1085,6 +1101,7 @@ struct in_addr laddr; u_short lport; int error; + INIT_VNET_INET(so->so_vnet); INP_INFO_WLOCK_ASSERT(&V_tcbinfo); INP_WLOCK_ASSERT(inp); @@ -1140,6 +1157,7 @@ struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)nam; struct in6_addr *addr6; int error; + INIT_VNET_INET(so->so_vnet); INP_INFO_WLOCK_ASSERT(&V_tcbinfo); INP_WLOCK_ASSERT(inp); @@ -1258,6 +1276,7 @@ int tcp_ctloutput(struct socket *so, struct sockopt *sopt) { + INIT_VNET_INET(so->so_vnet); int error, opt, optval; struct inpcb *inp; struct tcpcb *tp; @@ -1445,6 +1464,7 @@ static int tcp_attach(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct tcpcb *tp; struct inpcb *inp; int error; @@ -1509,6 +1529,9 @@ { struct inpcb *inp = tp->t_inpcb; struct socket *so = inp->inp_socket; +#ifdef INVARIANTS + INIT_VNET_INET(so->so_vnet); +#endif INP_INFO_WLOCK_ASSERT(&V_tcbinfo); INP_WLOCK_ASSERT(inp); @@ -1547,6 +1570,9 @@ static void tcp_usrclosed(struct tcpcb *tp) { +#ifdef INVARIANTS + INIT_VNET_INET(tp->t_inpcb->inp_vnet); +#endif INP_INFO_WLOCK_ASSERT(&V_tcbinfo); INP_WLOCK_ASSERT(tp->t_inpcb); Index: sys/netinet/udp_usrreq.c =========================================================================== --- sys/netinet/udp_usrreq.c 2008/09/03 22:27:36 #145 +++ sys/netinet/udp_usrreq.c 2008/09/03 22:27:36 @@ -137,8 +137,9 @@ #endif struct udpstat udpstat; /* from udp_var.h */ -SYSCTL_STRUCT(_net_inet_udp, UDPCTL_STATS, stats, CTLFLAG_RW, &udpstat, - udpstat, "UDP statistics (struct udpstat, netinet/udp_var.h)"); +SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_udp, UDPCTL_STATS, stats, + CTLFLAG_RW, udpstat, udpstat, + "UDP statistics (struct udpstat, netinet/udp_var.h)"); static void udp_detach(struct socket *so); static int udp_output(struct inpcb *, struct mbuf *, struct sockaddr *, @@ -164,6 +165,7 @@ void udp_init(void) { + INIT_VNET_INET(curvnet); INP_INFO_LOCK_INIT(&V_udbinfo, "udp"); LIST_INIT(&V_udb); @@ -202,6 +204,7 @@ #ifdef IPSEC /* Check AH/ESP integrity. */ if (ipsec4_in_reject(n, inp)) { + INIT_VNET_IPSEC(curvnet); m_freem(n); V_ipsec4stat.in_polvio++; return; @@ -237,6 +240,7 @@ so = inp->inp_socket; SOCKBUF_LOCK(&so->so_rcv); if (sbappendaddr_locked(&so->so_rcv, append_sa, n, opts) == 0) { + INIT_VNET_INET(so->so_vnet); SOCKBUF_UNLOCK(&so->so_rcv); m_freem(n); if (opts) @@ -249,6 +253,7 @@ void udp_input(struct mbuf *m, int off) { + INIT_VNET_INET(curvnet); int iphlen = off; struct ip *ip; struct udphdr *uh; @@ -586,6 +591,7 @@ void udp_ctlinput(int cmd, struct sockaddr *sa, void *vip) { + INIT_VNET_INET(curvnet); struct ip *ip = vip; struct udphdr *uh; struct in_addr faddr; @@ -632,6 +638,7 @@ static int udp_pcblist(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET(curvnet); int error, i, n; struct inpcb *inp, **inp_list; inp_gen_t gencnt; @@ -730,6 +737,7 @@ static int udp_getcred(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET(curvnet); struct xucred xuc; struct sockaddr_in addrs[2]; struct inpcb *inp; @@ -772,6 +780,7 @@ udp_output(struct inpcb *inp, struct mbuf *m, struct sockaddr *addr, struct mbuf *control, struct thread *td) { + INIT_VNET_INET(inp->inp_vnet); struct udpiphdr *ui; int len = m->m_pkthdr.len; struct in_addr faddr, laddr; @@ -1081,6 +1090,7 @@ static void udp_abort(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); @@ -1099,6 +1109,7 @@ static int udp_attach(struct socket *so, int proto, struct thread *td) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; int error; @@ -1125,6 +1136,7 @@ static int udp_bind(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; int error; @@ -1141,6 +1153,7 @@ static void udp_close(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); @@ -1159,6 +1172,7 @@ static int udp_connect(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; int error; struct sockaddr_in *sin; @@ -1186,6 +1200,7 @@ static void udp_detach(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); @@ -1202,6 +1217,7 @@ static int udp_disconnect(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); Index: sys/netinet/vinet.h =========================================================================== *** /dev/null Wed Sep 3 22:22:00 2008 --- sys/netinet/vinet.h Wed Sep 3 22:27:40 2008 *************** *** 0 **** --- 1,321 ---- + /*- + * Copyright (c) 2006-2008 University of Zagreb + * Copyright (c) 2006-2008 FreeBSD Foundation + * + * This software was developed by the University of Zagreb and the + * FreeBSD Foundation under sponsorship by the Stichting NLnet and the + * FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + + #ifndef _NETINET_VINET_H_ + #define _NETINET_VINET_H_ + + #ifdef VIMAGE + #include + #include + #include + + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + + struct vnet_inet { + struct in_ifaddrhashhead *_in_ifaddrhashtbl; + struct in_ifaddrhead _in_ifaddrhead; + u_long _in_ifaddrhmask; + struct in_multihead _in_multihead; + + int _arpt_keep; + int _arp_maxtries; + int _useloopback; + int _arp_proxyall; + int _subnetsarelocal; + int _sameprefixcarponly; + + int _ipforwarding; + int _ipstealth; + int _ipfastforward_active; + int _ipsendredirects; + int _ip_defttl; + int _ip_keepfaith; + int _ip_sendsourcequench; + int _ip_do_randomid; + int _ip_checkinterface; + u_short _ip_id; + + uma_zone_t _ipq_zone; + int _nipq; /* Total # of reass queues */ + int _maxnipq; /* Admin. limit on # reass queues. */ + int _maxfragsperpacket; + TAILQ_HEAD(ipqhead, ipq) _ipq[IPREASS_NHASH]; + + struct inpcbhead _tcb; /* head of queue of active tcpcb's */ + struct inpcbinfo _tcbinfo; + struct tcpstat _tcpstat; /* tcp statistics */ + struct tcp_hostcache _tcp_hostcache; + struct callout _tcp_hc_callout; + struct tcp_syncache _tcp_syncache; + struct inpcbhead _divcb; + struct inpcbinfo _divcbinfo; + TAILQ_HEAD(, tcptw) _twq_2msl; + + int _tcp_sc_rst_sock_fail; + int _tcp_mssdflt; + int _tcp_v6mssdflt; + int _tcp_minmss; + int _tcp_do_rfc1323; + int _icmp_may_rst; + int _tcp_isn_reseed_interval; + int _tcp_inflight_enable; + int _tcp_inflight_rttthresh; + int _tcp_inflight_min; + int _tcp_inflight_max; + int _tcp_inflight_stab; + int _nolocaltimewait; + int _path_mtu_discovery; + int _ss_fltsz; + int _ss_fltsz_local; + int _tcp_do_newreno; + int _tcp_do_tso; + int _tcp_do_autosndbuf; + int _tcp_autosndbuf_inc; + int _tcp_autosndbuf_max; + int _tcp_do_sack; + int _tcp_sack_maxholes; + int _tcp_sack_globalmaxholes; + int _tcp_sack_globalholes; + int _blackhole; + int _tcp_delack_enabled; + int _drop_synfin; + int _tcp_do_rfc3042; + int _tcp_do_rfc3390; + int _tcp_do_ecn; + int _tcp_ecn_maxretries; + int _tcp_insecure_rst; + int _tcp_do_autorcvbuf; + int _tcp_autorcvbuf_inc; + int _tcp_autorcvbuf_max; + int _tcp_reass_maxseg; + int _tcp_reass_qsize; + int _tcp_reass_maxqlen; + int _tcp_reass_overflows; + + u_char _isn_secret[32]; + int _isn_last_reseed; + u_int32_t _isn_offset; + u_int32_t _isn_offset_old; + MD5_CTX _isn_ctx; + + struct inpcbhead _udb; + struct inpcbinfo _udbinfo; + struct udpstat _udpstat; + int _udp_blackhole; + + struct inpcbhead _ripcb; + struct inpcbinfo _ripcbinfo; + struct socket *_ip_mrouter; + + struct socket *_ip_rsvpd; + int _ip_rsvp_on; + int _rsvp_on; + + struct icmpstat _icmpstat; + struct ipstat _ipstat; + struct igmpstat _igmpstat; + + SLIST_HEAD(, router_info) _router_info_head; + + int _rtq_timeout; + int _rtq_reallyold; + int _rtq_minreallyold; + int _rtq_toomany; + struct callout _rtq_timer; + + int _ipport_lowfirstauto; + int _ipport_lowlastauto; + int _ipport_firstauto; + int _ipport_lastauto; + int _ipport_hifirstauto; + int _ipport_hilastauto; + int _ipport_reservedhigh; + int _ipport_reservedlow; + int _ipport_randomized; + int _ipport_randomcps; + int _ipport_randomtime; + int _ipport_stoprandom; + int _ipport_tcpallocs; + int _ipport_tcplastcount; + }; + #endif + + + /* + * Symbol translation macros + */ + #define INIT_VNET_INET(vnet) \ + INIT_FROM_VNET(vnet, VNET_MOD_INET, struct vnet_inet, vnet_inet) + + #define VNET_INET(sym) VSYM(vnet_inet, sym) + + #define V_in_ifaddrhead VNET_INET(in_ifaddrhead) + #define V_in_ifaddrhashtbl VNET_INET(in_ifaddrhashtbl) + #define V_in_ifaddrhmask VNET_INET(in_ifaddrhmask) + #define V_in_multihead VNET_INET(in_multihead) + + #define V_llinfo_arp VNET_INET(llinfo_arp) + #define V_arpt_prune VNET_INET(arpt_prune) + #define V_arpt_keep VNET_INET(arpt_keep) + #define V_arp_maxtries VNET_INET(arp_maxtries) + #define V_useloopback VNET_INET(useloopback) + #define V_arp_proxyall VNET_INET(arp_proxyall) + #define V_subnetsarelocal VNET_INET(subnetsarelocal) + #define V_sameprefixcarponly VNET_INET(sameprefixcarponly) + + #define V_ipforwarding VNET_INET(ipforwarding) + #define V_ipstealth VNET_INET(ipstealth) + #define V_ipfastforward_active VNET_INET(ipfastforward_active) + #define V_ipsendredirects VNET_INET(ipsendredirects) + #define V_ip_defttl VNET_INET(ip_defttl) + #define V_ip_keepfaith VNET_INET(ip_keepfaith) + #define V_ip_sendsourcequench VNET_INET(ip_sendsourcequench) + #define V_ip_id VNET_INET(ip_id) + #define V_ip_do_randomid VNET_INET(ip_do_randomid) + #define V_ip_checkinterface VNET_INET(ip_checkinterface) + + #define V_ipq VNET_INET(ipq) + #define V_ipq_zone VNET_INET(ipq_zone) + #define V_nipq VNET_INET(nipq) + #define V_maxnipq VNET_INET(maxnipq) + #define V_maxfragsperpacket VNET_INET(maxfragsperpacket) + + #define V_tcb VNET_INET(tcb) + #define V_tcbinfo VNET_INET(tcbinfo) + #define V_tcpstat VNET_INET(tcpstat) + #define V_twq_2msl VNET_INET(twq_2msl) + #define V_tcp_hostcache VNET_INET(tcp_hostcache) + #define V_tcp_hc_callout VNET_INET(tcp_hc_callout) + #define V_tcp_syncache VNET_INET(tcp_syncache) + #define V_tcp_sc_rst_sock_fail VNET_INET(tcp_sc_rst_sock_fail) + + #define V_tcp_mssdflt VNET_INET(tcp_mssdflt) + #define V_tcp_v6mssdflt VNET_INET(tcp_v6mssdflt) + #define V_tcp_minmss VNET_INET(tcp_minmss) + #define V_tcp_do_rfc1323 VNET_INET(tcp_do_rfc1323) + #define V_icmp_may_rst VNET_INET(icmp_may_rst) + #define V_tcp_isn_reseed_interval VNET_INET(tcp_isn_reseed_interval) + #define V_tcp_inflight_enable VNET_INET(tcp_inflight_enable) + #define V_tcp_inflight_rttthresh VNET_INET(tcp_inflight_rttthresh) + #define V_tcp_inflight_min VNET_INET(tcp_inflight_min) + #define V_tcp_inflight_max VNET_INET(tcp_inflight_max) + #define V_tcp_inflight_stab VNET_INET(tcp_inflight_stab) + #define V_nolocaltimewait VNET_INET(nolocaltimewait) + #define V_path_mtu_discovery VNET_INET(path_mtu_discovery) + #define V_ss_fltsz VNET_INET(ss_fltsz) + #define V_ss_fltsz_local VNET_INET(ss_fltsz_local) + #define V_tcp_do_newreno VNET_INET(tcp_do_newreno) + #define V_tcp_do_tso VNET_INET(tcp_do_tso) + #define V_tcp_do_autosndbuf VNET_INET(tcp_do_autosndbuf) + #define V_tcp_autosndbuf_inc VNET_INET(tcp_autosndbuf_inc) + #define V_tcp_autosndbuf_max VNET_INET(tcp_autosndbuf_max) + #define V_tcp_do_sack VNET_INET(tcp_do_sack) + #define V_tcp_sack_maxholes VNET_INET(tcp_sack_maxholes) + #define V_tcp_sack_globalmaxholes VNET_INET(tcp_sack_globalmaxholes) + #define V_tcp_sack_globalholes VNET_INET(tcp_sack_globalholes) + #define V_blackhole VNET_INET(blackhole) + #define V_tcp_delack_enabled VNET_INET(tcp_delack_enabled) + #define V_drop_synfin VNET_INET(drop_synfin) + #define V_tcp_do_rfc3042 VNET_INET(tcp_do_rfc3042) + #define V_tcp_do_rfc3390 VNET_INET(tcp_do_rfc3390) + #define V_tcp_do_ecn VNET_INET(tcp_do_ecn) + #define V_tcp_ecn_maxretries VNET_INET(tcp_ecn_maxretries) + #define V_tcp_insecure_rst VNET_INET(tcp_insecure_rst) + #define V_tcp_do_autorcvbuf VNET_INET(tcp_do_autorcvbuf) + #define V_tcp_autorcvbuf_inc VNET_INET(tcp_autorcvbuf_inc) + #define V_tcp_autorcvbuf_max VNET_INET(tcp_autorcvbuf_max) + #define V_tcp_reass_maxseg VNET_INET(tcp_reass_maxseg) + #define V_tcp_reass_qsize VNET_INET(tcp_reass_qsize) + #define V_tcp_reass_maxqlen VNET_INET(tcp_reass_maxqlen) + #define V_tcp_reass_overflows VNET_INET(tcp_reass_overflows) + + #define V_isn_secret VNET_INET(isn_secret) + #define V_isn_last_reseed VNET_INET(isn_last_reseed) + #define V_isn_offset VNET_INET(isn_offset) + #define V_isn_offset_old VNET_INET(isn_offset_old) + #define V_isn_ctx VNET_INET(isn_ctx) + + #define V_udb VNET_INET(udb) + #define V_udbinfo VNET_INET(udbinfo) + #define V_udpstat VNET_INET(udpstat) + #define V_udp_blackhole VNET_INET(udp_blackhole) + + #define V_ripcb VNET_INET(ripcb) + #define V_ripcbinfo VNET_INET(ripcbinfo) + #define V_ip_mrouter VNET_INET(ip_mrouter) + + #define V_rsvp_on VNET_INET(rsvp_on) + #define V_ip_rsvp_on VNET_INET(ip_rsvp_on) + #define V_ip_rsvpd VNET_INET(ip_rsvpd) + + #define V_icmpstat VNET_INET(icmpstat) + #define V_ipstat VNET_INET(ipstat) + #define V_igmpstat VNET_INET(igmpstat) + + #define V_router_info_head VNET_INET(router_info_head) + + #define V_rtq_timeout VNET_INET(rtq_timeout) + #define V_rtq_reallyold VNET_INET(rtq_reallyold) + #define V_rtq_minreallyold VNET_INET(rtq_minreallyold) + #define V_rtq_toomany VNET_INET(rtq_toomany) + #define V_rtq_timer VNET_INET(rtq_timer) + + #define V_ipport_lowfirstauto VNET_INET(ipport_lowfirstauto) + #define V_ipport_lowlastauto VNET_INET(ipport_lowlastauto) + #define V_ipport_firstauto VNET_INET(ipport_firstauto) + #define V_ipport_lastauto VNET_INET(ipport_lastauto) + #define V_ipport_hifirstauto VNET_INET(ipport_hifirstauto) + #define V_ipport_hilastauto VNET_INET(ipport_hilastauto) + #define V_ipport_reservedhigh VNET_INET(ipport_reservedhigh) + #define V_ipport_reservedlow VNET_INET(ipport_reservedlow) + #define V_ipport_randomized VNET_INET(ipport_randomized) + #define V_ipport_randomcps VNET_INET(ipport_randomcps) + #define V_ipport_randomtime VNET_INET(ipport_randomtime) + #define V_ipport_stoprandom VNET_INET(ipport_stoprandom) + #define V_ipport_tcpallocs VNET_INET(ipport_tcpallocs) + #define V_ipport_tcplastcount VNET_INET(ipport_tcplastcount) + + #define V_divcb VNET_INET(divcb) + #define V_divcbinfo VNET_INET(divcbinfo) + #endif /* !_NETINET_VINET_H_ */ Index: sys/netinet6/dest6.c =========================================================================== --- sys/netinet6/dest6.c 2008/09/03 22:27:36 #8 +++ sys/netinet6/dest6.c 2008/09/03 22:27:36 @@ -62,6 +62,7 @@ int dest6_input(struct mbuf **mp, int *offp, int proto) { + INIT_VNET_INET6(curvnet); struct mbuf *m = *mp; int off = *offp, dstoptlen, optlen; struct ip6_dest *dstopts; Index: sys/netinet6/frag6.c =========================================================================== --- sys/netinet6/frag6.c 2008/09/03 22:27:36 #30 +++ sys/netinet6/frag6.c 2008/09/03 22:27:36 @@ -91,6 +91,7 @@ static void frag6_change(void *tag) { + INIT_VNET_INET6(curvnet); V_ip6_maxfragpackets = nmbclusters / 4; V_ip6_maxfrags = nmbclusters / 4; @@ -99,6 +100,7 @@ void frag6_init(void) { + INIT_VNET_INET6(curvnet); V_ip6_maxfragpackets = nmbclusters / 4; V_ip6_maxfrags = nmbclusters / 4; @@ -145,6 +147,7 @@ int frag6_input(struct mbuf **mp, int *offp, int proto) { + INIT_VNET_INET6(curvnet); struct mbuf *m = *mp, *t; struct ip6_hdr *ip6; struct ip6_frag *ip6f; @@ -586,6 +589,7 @@ void frag6_freef(struct ip6q *q6) { + INIT_VNET_INET6(curvnet); struct ip6asfrag *af6, *down6; IP6Q_LOCK_ASSERT(); @@ -685,6 +689,7 @@ struct ip6q *q6; IP6Q_LOCK(); + INIT_VNET_INET6(curvnet); q6 = V_ip6q.ip6q_next; if (q6) while (q6 != &V_ip6q) { @@ -735,6 +740,7 @@ if (IP6Q_TRYLOCK() == 0) return; + INIT_VNET_INET6(curvnet); while (V_ip6q.ip6q_next != &V_ip6q) { V_ip6stat.ip6s_fragdropped++; /* XXX in6_ifstat_inc(ifp, ifs6_reass_fail) */ Index: sys/netinet6/icmp6.c =========================================================================== --- sys/netinet6/icmp6.c 2008/09/03 22:27:36 #79 +++ sys/netinet6/icmp6.c 2008/09/03 22:27:36 @@ -136,6 +136,7 @@ void icmp6_init(void) { + INIT_VNET_INET6(curvnet); mld6_init(); } @@ -204,6 +205,7 @@ icmp6_error2(struct mbuf *m, int type, int code, int param, struct ifnet *ifp) { + INIT_VNET_INET6(curvnet); struct ip6_hdr *ip6; if (ifp == NULL) @@ -235,6 +237,7 @@ void icmp6_error(struct mbuf *m, int type, int code, int param) { + INIT_VNET_INET6(curvnet); struct ip6_hdr *oip6, *nip6; struct icmp6_hdr *icmp6; u_int preplen; @@ -389,6 +392,9 @@ int icmp6_input(struct mbuf **mp, int *offp, int proto) { + INIT_VNET_INET6(curvnet); + /* XXX this below is WRONG - MARKO */ + INIT_VPROCG(TD_TO_VPROCG(curthread)); struct mbuf *m = *mp, *n; struct ip6_hdr *ip6, *nip6; struct icmp6_hdr *icmp6, *nicmp6; @@ -862,6 +868,7 @@ static int icmp6_notify_error(struct mbuf **mp, int off, int icmp6len, int code) { + INIT_VNET_INET6(curvnet); struct mbuf *m = *mp; struct icmp6_hdr *icmp6; struct ip6_hdr *eip6; @@ -1093,6 +1100,7 @@ void icmp6_mtudisc_update(struct ip6ctlparam *ip6cp, int validated) { + INIT_VNET_INET6(curvnet); struct in6_addr *dst = ip6cp->ip6c_finaldst; struct icmp6_hdr *icmp6 = ip6cp->ip6c_icmp6; struct mbuf *m = ip6cp->ip6c_m; /* will be necessary for scope issue */ @@ -1158,6 +1166,9 @@ static struct mbuf * ni6_input(struct mbuf *m, int off) { + INIT_VNET_INET6(curvnet); + /* XXX this bellow is WRONG - MARKO */ + INIT_VPROCG(TD_TO_VPROCG(curthread)); struct icmp6_nodeinfo *ni6, *nni6; struct mbuf *n = NULL; u_int16_t qtype; @@ -1643,6 +1654,8 @@ ni6_addrs(struct icmp6_nodeinfo *ni6, struct mbuf *m, struct ifnet **ifpp, struct in6_addr *subj) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET6(curvnet); struct ifnet *ifp; struct in6_ifaddr *ifa6; struct ifaddr *ifa; @@ -1734,6 +1747,8 @@ ni6_store_addrs(struct icmp6_nodeinfo *ni6, struct icmp6_nodeinfo *nni6, struct ifnet *ifp0, int resid) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET6(curvnet); struct ifnet *ifp = ifp0 ? ifp0 : TAILQ_FIRST(&V_ifnet); struct in6_ifaddr *ifa6; struct ifaddr *ifa; @@ -1873,6 +1888,8 @@ static int icmp6_rip6_input(struct mbuf **mp, int off) { + INIT_VNET_INET(curvnet); + INIT_VNET_INET6(curvnet); struct mbuf *m = *mp; struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); struct in6pcb *in6p; @@ -2033,6 +2050,7 @@ void icmp6_reflect(struct mbuf *m, size_t off) { + INIT_VNET_INET6(curvnet); struct ip6_hdr *ip6; struct icmp6_hdr *icmp6; struct in6_ifaddr *ia; @@ -2212,6 +2230,7 @@ void icmp6_redirect_input(struct mbuf *m, int off) { + INIT_VNET_INET6(curvnet); struct ifnet *ifp; struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); struct nd_redirect *nd_rd; @@ -2419,6 +2438,7 @@ void icmp6_redirect_output(struct mbuf *m0, struct rtentry *rt) { + INIT_VNET_INET6(curvnet); struct ifnet *ifp; /* my outgoing interface */ struct in6_addr *ifp_ll6; struct in6_addr *router_ll6; @@ -2785,6 +2805,7 @@ icmp6_ratelimit(const struct in6_addr *dst, const int type, const int code) { + INIT_VNET_INET6(curvnet); int ret; ret = 0; /* okay to send */ Index: sys/netinet6/in6.c =========================================================================== --- sys/netinet6/in6.c 2008/09/03 22:27:36 #70 +++ sys/netinet6/in6.c 2008/09/03 22:27:36 @@ -231,6 +231,7 @@ void in6_ifremloop(struct ifaddr *ifa) { + INIT_VNET_INET6(curvnet); struct in6_ifaddr *ia; struct rtentry *rt; int ia_count = 0; @@ -322,6 +323,7 @@ in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp, struct thread *td) { + INIT_VNET_INET6(curvnet); struct in6_ifreq *ifr = (struct in6_ifreq *)data; struct in6_ifaddr *ia = NULL; struct in6_aliasreq *ifra = (struct in6_aliasreq *)data; @@ -795,6 +797,8 @@ in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, struct in6_ifaddr *ia, int flags) { + INIT_VNET_INET6(ifp->if_vnet); + INIT_VPROCG(TD_TO_VPROCG(curthread)); /* XXX V_hostname needs this */ int error = 0, hostIsNew = 0, plen = -1; struct in6_ifaddr *oia; struct sockaddr_in6 dst6; @@ -1323,6 +1327,7 @@ static void in6_unlink_ifa(struct in6_ifaddr *ia, struct ifnet *ifp) { + INIT_VNET_INET6(ifp->if_vnet); struct in6_ifaddr *oia; int s = splnet(); @@ -1890,6 +1895,7 @@ int in6_localaddr(struct in6_addr *in6) { + INIT_VNET_INET6(curvnet); struct in6_ifaddr *ia; if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6)) @@ -1908,6 +1914,7 @@ int in6_is_addr_deprecated(struct sockaddr_in6 *sa6) { + INIT_VNET_INET6(curvnet); struct in6_ifaddr *ia; for (ia = V_in6_ifaddr; ia; ia = ia->ia_next) { @@ -2000,6 +2007,7 @@ struct in6_ifaddr * in6_ifawithifp(struct ifnet *ifp, struct in6_addr *dst) { + INIT_VNET_INET6(curvnet); int dst_scope = in6_addrscope(dst), blen = -1, tlen; struct ifaddr *ifa; struct in6_ifaddr *besta = 0; @@ -2148,6 +2156,8 @@ void in6_setmaxmtu(void) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET6(curvnet); unsigned long maxmtu = 0; struct ifnet *ifp; Index: sys/netinet6/in6_gif.c =========================================================================== --- sys/netinet6/in6_gif.c 2008/09/03 22:27:36 #28 +++ sys/netinet6/in6_gif.c 2008/09/03 22:27:36 @@ -87,6 +87,7 @@ int family, /* family of the packet to be encapsulate */ struct mbuf *m) { + INIT_VNET_GIF(ifp->if_vnet); struct gif_softc *sc = ifp->if_softc; struct sockaddr_in6 *dst = (struct sockaddr_in6 *)&sc->gif_ro6.ro_dst; struct sockaddr_in6 *sin6_src = (struct sockaddr_in6 *)sc->gif_psrc; @@ -246,6 +247,7 @@ int in6_gif_input(struct mbuf **mp, int *offp, int proto) { + INIT_VNET_INET6(curvnet); struct mbuf *m = *mp; struct ifnet *gifp = NULL; struct gif_softc *sc; Index: sys/netinet6/in6_ifattach.c =========================================================================== --- sys/netinet6/in6_ifattach.c 2008/09/03 22:27:36 #41 +++ sys/netinet6/in6_ifattach.c 2008/09/03 22:27:36 @@ -104,6 +104,7 @@ static int get_rand_ifid(struct ifnet *ifp, struct in6_addr *in6) { + INIT_VPROCG(TD_TO_VPROCG(curthread)); /* XXX V_hostname needs this */ MD5_CTX ctxt; u_int8_t digest[16]; int hostnamelen; @@ -139,6 +140,7 @@ static int generate_tmp_ifid(u_int8_t *seed0, const u_int8_t *seed1, u_int8_t *ret) { + INIT_VNET_INET6(curvnet); MD5_CTX ctxt; u_int8_t seed[16], digest[16], nullbuf[8]; u_int32_t val32; @@ -358,6 +360,8 @@ get_ifid(struct ifnet *ifp0, struct ifnet *altifp, struct in6_addr *in6) { + INIT_VNET_NET(ifp0->if_vnet); + INIT_VNET_INET6(ifp0->if_vnet); struct ifnet *ifp; /* first, try to get it from the interface itself */ @@ -421,6 +425,7 @@ static int in6_ifattach_linklocal(struct ifnet *ifp, struct ifnet *altifp) { + INIT_VNET_INET6(curvnet); struct in6_ifaddr *ia; struct in6_aliasreq ifra; struct nd_prefixctl pr0; @@ -537,6 +542,7 @@ static int in6_ifattach_loopback(struct ifnet *ifp) { + INIT_VNET_INET6(curvnet); struct in6_aliasreq ifra; int error; @@ -648,6 +654,7 @@ void in6_ifattach(struct ifnet *ifp, struct ifnet *altifp) { + INIT_VNET_INET6(ifp->if_vnet); struct in6_ifaddr *ia; struct in6_addr in6; @@ -730,6 +737,9 @@ void in6_ifdetach(struct ifnet *ifp) { + INIT_VNET_NET(ifp->if_vnet); + INIT_VNET_INET(ifp->if_vnet); + INIT_VNET_INET6(ifp->if_vnet); struct in6_ifaddr *ia, *oia; struct ifaddr *ifa, *next; struct rtentry *rt; @@ -865,6 +875,8 @@ void in6_tmpaddrtimer(void *ignored_arg) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET6(curvnet); struct nd_ifinfo *ndi; u_int8_t nullbuf[8]; struct ifnet *ifp; Index: sys/netinet6/in6_pcb.c =========================================================================== --- sys/netinet6/in6_pcb.c 2008/09/03 22:27:36 #79 +++ sys/netinet6/in6_pcb.c 2008/09/03 22:27:36 @@ -117,6 +117,8 @@ in6_pcbbind(register struct inpcb *inp, struct sockaddr *nam, struct ucred *cred) { + INIT_VNET_INET6(inp->inp_vnet); + INIT_VNET_INET(inp->inp_vnet); struct socket *so = inp->inp_socket; struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)NULL; struct inpcbinfo *pcbinfo = inp->inp_pcbinfo; @@ -284,6 +286,7 @@ in6_pcbladdr(register struct inpcb *inp, struct sockaddr *nam, struct in6_addr **plocal_addr6) { + INIT_VNET_INET6(inp->inp_vnet); register struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)nam; int error = 0; struct ifnet *ifp = NULL; Index: sys/netinet6/in6_proto.c =========================================================================== --- sys/netinet6/in6_proto.c 2008/09/03 22:27:36 #35 +++ sys/netinet6/in6_proto.c 2008/09/03 22:27:36 @@ -457,6 +457,7 @@ static int sysctl_ip6_temppltime(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET6(curvnet); int error = 0; int old; @@ -476,6 +477,7 @@ static int sysctl_ip6_tempvltime(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET6(curvnet); int error = 0; int old; @@ -491,88 +493,89 @@ return (error); } -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_FORWARDING, - forwarding, CTLFLAG_RW, &ip6_forwarding, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_SENDREDIRECTS, - redirect, CTLFLAG_RW, &ip6_sendredirects, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFHLIM, - hlim, CTLFLAG_RW, &ip6_defhlim, 0, ""); -SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_STATS, stats, CTLFLAG_RD, - &ip6stat, ip6stat, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGPACKETS, - maxfragpackets, CTLFLAG_RW, &ip6_maxfragpackets, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_ACCEPT_RTADV, - accept_rtadv, CTLFLAG_RW, &ip6_accept_rtadv, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_KEEPFAITH, - keepfaith, CTLFLAG_RW, &ip6_keepfaith, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_LOG_INTERVAL, - log_interval, CTLFLAG_RW, &ip6_log_interval, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_HDRNESTLIMIT, - hdrnestlimit, CTLFLAG_RW, &ip6_hdrnestlimit, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DAD_COUNT, - dad_count, CTLFLAG_RW, &ip6_dad_count, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_FLOWLABEL, - auto_flowlabel, CTLFLAG_RW, &ip6_auto_flowlabel, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFMCASTHLIM, - defmcasthlim, CTLFLAG_RW, &ip6_defmcasthlim, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_GIF_HLIM, - gifhlim, CTLFLAG_RW, &ip6_gif_hlim, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_FORWARDING, + forwarding, CTLFLAG_RW, ip6_forwarding, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_SENDREDIRECTS, + redirect, CTLFLAG_RW, ip6_sendredirects, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_DEFHLIM, + hlim, CTLFLAG_RW, ip6_defhlim, 0, ""); +SYSCTL_V_STRUCT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_STATS, stats, + CTLFLAG_RD, ip6stat, ip6stat, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_MAXFRAGPACKETS, + maxfragpackets, CTLFLAG_RW, ip6_maxfragpackets, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_ACCEPT_RTADV, + accept_rtadv, CTLFLAG_RW, ip6_accept_rtadv, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_KEEPFAITH, + keepfaith, CTLFLAG_RW, ip6_keepfaith, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_LOG_INTERVAL, + log_interval, CTLFLAG_RW, ip6_log_interval, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_HDRNESTLIMIT, + hdrnestlimit, CTLFLAG_RW, ip6_hdrnestlimit, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_DAD_COUNT, + dad_count, CTLFLAG_RW, ip6_dad_count, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_AUTO_FLOWLABEL, + auto_flowlabel, CTLFLAG_RW, ip6_auto_flowlabel, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_DEFMCASTHLIM, + defmcasthlim, CTLFLAG_RW, ip6_defmcasthlim, 0, ""); SYSCTL_STRING(_net_inet6_ip6, IPV6CTL_KAME_VERSION, kame_version, CTLFLAG_RD, __KAME_VERSION, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USE_DEPRECATED, - use_deprecated, CTLFLAG_RW, &ip6_use_deprecated, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RR_PRUNE, - rr_prune, CTLFLAG_RW, &ip6_rr_prune, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USETEMPADDR, - use_tempaddr, CTLFLAG_RW, &ip6_use_tempaddr, 0, ""); -SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPPLTIME, temppltime, - CTLTYPE_INT|CTLFLAG_RW, &ip6_temp_preferred_lifetime, 0, - sysctl_ip6_temppltime, "I", ""); -SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPVLTIME, tempvltime, - CTLTYPE_INT|CTLFLAG_RW, &ip6_temp_valid_lifetime, 0, - sysctl_ip6_tempvltime, "I", ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_V6ONLY, - v6only, CTLFLAG_RW, &ip6_v6only, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_USE_DEPRECATED, + use_deprecated, CTLFLAG_RW, ip6_use_deprecated, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_RR_PRUNE, + rr_prune, CTLFLAG_RW, ip6_rr_prune, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_USETEMPADDR, + use_tempaddr, CTLFLAG_RW, ip6_use_tempaddr, 0, ""); +SYSCTL_V_OID(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_TEMPPLTIME, temppltime, + CTLTYPE_INT|CTLFLAG_RW, ip6_temp_preferred_lifetime, 0, + sysctl_ip6_temppltime, "I", ""); +SYSCTL_V_OID(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_TEMPVLTIME, tempvltime, + CTLTYPE_INT|CTLFLAG_RW, ip6_temp_valid_lifetime, 0, + sysctl_ip6_tempvltime, "I", ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_V6ONLY, + v6only, CTLFLAG_RW, ip6_v6only, 0, ""); +#ifndef VIMAGE TUNABLE_INT("net.inet6.ip6.auto_linklocal", &ip6_auto_linklocal); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_LINKLOCAL, - auto_linklocal, CTLFLAG_RW, &ip6_auto_linklocal, 0, ""); -SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_RIP6STATS, rip6stats, CTLFLAG_RD, - &rip6stat, rip6stat, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_PREFER_TEMPADDR, - prefer_tempaddr, CTLFLAG_RW, &ip6_prefer_tempaddr, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USE_DEFAULTZONE, - use_defaultzone, CTLFLAG_RW, &ip6_use_defzone, 0,""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGS, - maxfrags, CTLFLAG_RW, &ip6_maxfrags, 0, ""); -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MCAST_PMTU, - mcast_pmtu, CTLFLAG_RW, &ip6_mcast_pmtu, 0, ""); +#endif +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_AUTO_LINKLOCAL, + auto_linklocal, CTLFLAG_RW, ip6_auto_linklocal, 0, ""); +SYSCTL_V_STRUCT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_RIP6STATS, + rip6stats, CTLFLAG_RD, rip6stat, rip6stat, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_PREFER_TEMPADDR, + prefer_tempaddr, CTLFLAG_RW, ip6_prefer_tempaddr, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_USE_DEFAULTZONE, + use_defaultzone, CTLFLAG_RW, ip6_use_defzone, 0,""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_MAXFRAGS, + maxfrags, CTLFLAG_RW, ip6_maxfrags, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_MCAST_PMTU, + mcast_pmtu, CTLFLAG_RW, ip6_mcast_pmtu, 0, ""); #ifdef IPSTEALTH -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_STEALTH, stealth, CTLFLAG_RW, - &ip6stealth, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_STEALTH, + stealth, CTLFLAG_RW, ip6stealth, 0, ""); #endif /* net.inet6.icmp6 */ -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT, - rediraccept, CTLFLAG_RW, &icmp6_rediraccept, 0, ""); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRTIMEOUT, - redirtimeout, CTLFLAG_RW, &icmp6_redirtimeout, 0, ""); -SYSCTL_STRUCT(_net_inet6_icmp6, ICMPV6CTL_STATS, stats, CTLFLAG_RD, - &icmp6stat, icmp6stat, ""); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_PRUNE, - nd6_prune, CTLFLAG_RW, &nd6_prune, 0, ""); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DELAY, - nd6_delay, CTLFLAG_RW, &nd6_delay, 0, ""); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_UMAXTRIES, - nd6_umaxtries, CTLFLAG_RW, &nd6_umaxtries, 0, ""); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MMAXTRIES, - nd6_mmaxtries, CTLFLAG_RW, &nd6_mmaxtries, 0, ""); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_USELOOPBACK, - nd6_useloopback, CTLFLAG_RW, &nd6_useloopback, 0, ""); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO, - nodeinfo, CTLFLAG_RW, &icmp6_nodeinfo, 0, ""); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ERRPPSLIMIT, - errppslimit, CTLFLAG_RW, &icmp6errppslim, 0, ""); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXNUDHINT, - nd6_maxnudhint, CTLFLAG_RW, &nd6_maxnudhint, 0, ""); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG, - nd6_debug, CTLFLAG_RW, &nd6_debug, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT, + rediraccept, CTLFLAG_RW, icmp6_rediraccept, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_REDIRTIMEOUT, + redirtimeout, CTLFLAG_RW, icmp6_redirtimeout, 0, ""); +SYSCTL_V_STRUCT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_STATS, + stats, CTLFLAG_RD, icmp6stat, icmp6stat, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ND6_PRUNE, + nd6_prune, CTLFLAG_RW, nd6_prune, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ND6_DELAY, + nd6_delay, CTLFLAG_RW, nd6_delay, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ND6_UMAXTRIES, + nd6_umaxtries, CTLFLAG_RW, nd6_umaxtries, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ND6_MMAXTRIES, + nd6_mmaxtries, CTLFLAG_RW, nd6_mmaxtries, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ND6_USELOOPBACK, + nd6_useloopback, CTLFLAG_RW, nd6_useloopback, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_NODEINFO, + nodeinfo, CTLFLAG_RW, icmp6_nodeinfo, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ERRPPSLIMIT, + errppslimit, CTLFLAG_RW, icmp6errppslim, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ND6_MAXNUDHINT, + nd6_maxnudhint, CTLFLAG_RW, nd6_maxnudhint, 0, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG, + nd6_debug, CTLFLAG_RW, nd6_debug, 0, ""); + Index: sys/netinet6/in6_rmx.c =========================================================================== --- sys/netinet6/in6_rmx.c 2008/09/03 22:27:36 #22 +++ sys/netinet6/in6_rmx.c 2008/09/03 22:27:36 @@ -329,6 +329,9 @@ in6_rtqtimo(void *rock) { struct radix_node_head *rnh = rock; + CURVNET_SET_QUIET((struct vnet *) rock); + INIT_VNET_NET((struct vnet *) rock); + INIT_VNET_INET6((struct vnet *) rock); struct rtqk_arg arg; struct timeval atv; static time_t last_adjusted_timeout = 0; @@ -372,6 +375,7 @@ atv.tv_usec = 0; atv.tv_sec = arg.nextstop - time_uptime; callout_reset(&V_rtq_timer6, tvtohz(&atv), in6_rtqtimo, rock); + CURVNET_RESTORE(); } /* @@ -411,6 +415,9 @@ in6_mtutimo(void *rock) { struct radix_node_head *rnh = rock; + CURVNET_SET_QUIET((struct vnet *) rock); + INIT_VNET_NET((struct vnet *) rock); + INIT_VNET_INET6((struct vnet *) rock); struct mtuex_arg arg; struct timeval atv; @@ -428,12 +435,14 @@ atv.tv_sec = 30; } callout_reset(&V_rtq_mtutimer, tvtohz(&atv), in6_mtutimo, rock); + CURVNET_RESTORE(); } #if 0 void in6_rtqdrain(void) { + INIT_VNET_NET(curvnet); struct radix_node_head *rnh = V_rt_tables[AF_INET6]; struct rtqk_arg arg; @@ -458,6 +467,7 @@ int in6_inithead(void **head, int off) { + INIT_VNET_INET6(curvnet); struct radix_node_head *rnh; if (!rn_inithead(head, offsetof(struct sockaddr_in6, sin6_addr) << 3)) Index: sys/netinet6/in6_src.c =========================================================================== --- sys/netinet6/in6_src.c 2008/09/03 22:27:36 #52 +++ sys/netinet6/in6_src.c 2008/09/03 22:27:36 @@ -174,6 +174,7 @@ struct inpcb *inp, struct route_in6 *ro, struct ucred *cred, struct ifnet **ifpp, int *errorp) { + INIT_VNET_INET6(curvnet); struct in6_addr dst; struct ifnet *ifp = NULL; struct in6_ifaddr *ia = NULL, *ia_best = NULL; @@ -456,6 +457,8 @@ struct ifnet **retifp, struct rtentry **retrt, int clone, int norouteok) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET6(curvnet); int error = 0; struct ifnet *ifp = NULL; struct rtentry *rt = NULL; @@ -735,6 +738,7 @@ int in6_selecthlim(struct in6pcb *in6p, struct ifnet *ifp) { + INIT_VNET_INET6(curvnet); if (in6p && in6p->in6p_hops >= 0) return (in6p->in6p_hops); @@ -767,6 +771,7 @@ int in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred) { + INIT_VNET_INET(curvnet); struct socket *so = inp->inp_socket; u_int16_t lport = 0, first, last, *lastport; int count, error = 0, wild = 0; @@ -863,6 +868,7 @@ { ADDRSEL_LOCK_INIT(); ADDRSEL_SXLOCK_INIT(); + INIT_VNET_INET6(curvnet); init_policy_queue(); @@ -874,6 +880,7 @@ static struct in6_addrpolicy * lookup_addrsel_policy(struct sockaddr_in6 *key) { + INIT_VNET_INET6(curvnet); struct in6_addrpolicy *match = NULL; ADDRSEL_LOCK(); @@ -965,6 +972,7 @@ static void init_policy_queue(void) { + INIT_VNET_INET6(curvnet); TAILQ_INIT(&V_addrsel_policytab); } @@ -972,6 +980,7 @@ static int add_addrsel_policyent(struct in6_addrpolicy *newpolicy) { + INIT_VNET_INET6(curvnet); struct addrsel_policyent *new, *pol; MALLOC(new, struct addrsel_policyent *, sizeof(*new), M_IFADDR, @@ -1007,6 +1016,7 @@ static int delete_addrsel_policyent(struct in6_addrpolicy *key) { + INIT_VNET_INET6(curvnet); struct addrsel_policyent *pol; ADDRSEL_XLOCK(); @@ -1038,6 +1048,7 @@ walk_addrsel_policy(int (*callback)(struct in6_addrpolicy *, void *), void *w) { + INIT_VNET_INET6(curvnet); struct addrsel_policyent *pol; int error = 0; @@ -1066,6 +1077,7 @@ static struct in6_addrpolicy * match_addrsel_policy(struct sockaddr_in6 *key) { + INIT_VNET_INET6(curvnet); struct addrsel_policyent *pent; struct in6_addrpolicy *bestpol = NULL, *pol; int matchlen, bestmatchlen = -1; Index: sys/netinet6/ip6_forward.c =========================================================================== --- sys/netinet6/ip6_forward.c 2008/09/03 22:27:36 #33 +++ sys/netinet6/ip6_forward.c 2008/09/03 22:27:36 @@ -93,6 +93,7 @@ void ip6_forward(struct mbuf *m, int srcrt) { + INIT_VNET_INET6(curvnet); struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); struct sockaddr_in6 *dst = NULL; struct rtentry *rt = NULL; @@ -102,6 +103,7 @@ u_int32_t inzone, outzone; struct in6_addr src_in6, dst_in6; #ifdef IPSEC + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp = NULL; int ipsecrt = 0; #endif Index: sys/netinet6/ip6_input.c =========================================================================== --- sys/netinet6/ip6_input.c 2008/09/03 22:27:36 #76 +++ sys/netinet6/ip6_input.c 2008/09/03 22:27:36 @@ -192,6 +192,7 @@ static void ip6_init2(void *dummy) { + INIT_VNET_INET6(curvnet); /* nd6_timer_init */ callout_init(&V_nd6_timer_ch, 0); @@ -214,6 +215,8 @@ void ip6_input(struct mbuf *m) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET6(curvnet); struct ip6_hdr *ip6; int off = sizeof(struct ip6_hdr), nest; u_int32_t plen; @@ -813,6 +816,7 @@ ip6_hopopts_input(u_int32_t *plenp, u_int32_t *rtalertp, struct mbuf **mp, int *offp) { + INIT_VNET_INET6(curvnet); struct mbuf *m = *mp; int off = *offp, hbhlen; struct ip6_hbh *hbh; @@ -868,6 +872,7 @@ ip6_process_hopopts(struct mbuf *m, u_int8_t *opthead, int hbhlen, u_int32_t *rtalertp, u_int32_t *plenp) { + INIT_VNET_INET6(curvnet); struct ip6_hdr *ip6; int optlen = 0; u_int8_t *opt = opthead; @@ -1000,6 +1005,7 @@ int ip6_unknown_opt(u_int8_t *optp, struct mbuf *m, int off) { + INIT_VNET_INET6(curvnet); struct ip6_hdr *ip6; switch (IP6OPT_TYPE(*optp)) { Index: sys/netinet6/ip6_ipsec.c =========================================================================== --- sys/netinet6/ip6_ipsec.c 2008/09/03 22:27:36 #12 +++ sys/netinet6/ip6_ipsec.c 2008/09/03 22:27:36 @@ -103,6 +103,8 @@ ip6_ipsec_fwd(struct mbuf *m) { #ifdef IPSEC + INIT_VNET_INET6(curvnet); + INIT_VNET_IPSEC(curvnet); struct m_tag *mtag; struct tdb_ident *tdbi; struct secpolicy *sp; @@ -148,6 +150,7 @@ ip6_ipsec_input(struct mbuf *m, int nxt) { #ifdef IPSEC + INIT_VNET_IPSEC(curvnet); struct m_tag *mtag; struct tdb_ident *tdbi; struct secpolicy *sp; Index: sys/netinet6/ip6_mroute.c =========================================================================== --- sys/netinet6/ip6_mroute.c 2008/09/03 22:27:36 #43 +++ sys/netinet6/ip6_mroute.c 2008/09/03 22:27:36 @@ -376,6 +376,7 @@ int X_ip6_mrouter_get(struct socket *so, struct sockopt *sopt) { + INIT_VNET_INET6(curvnet); int error = 0; if (so != ip6_mrouter) @@ -452,6 +453,7 @@ static int set_pim6(int *i) { + INIT_VNET_INET6(curvnet); if ((*i != 1) && (*i != 0)) return (EINVAL); @@ -466,6 +468,8 @@ static int ip6_mrouter_init(struct socket *so, int v, int cmd) { + INIT_VNET_INET6(curvnet); + #ifdef MRT6DEBUG if (V_mrt6debug) log(LOG_DEBUG, @@ -509,6 +513,7 @@ int X_ip6_mrouter_done(void) { + INIT_VNET_INET6(curvnet); mifi_t mifi; int i; struct mf6c *rt; @@ -601,6 +606,7 @@ static int add_m6if(struct mif6ctl *mifcp) { + INIT_VNET_NET(curvnet); struct mif6 *mifp; struct ifnet *ifp; int error, s; @@ -1002,6 +1008,7 @@ int X_ip6_mforward(struct ip6_hdr *ip6, struct ifnet *ifp, struct mbuf *m) { + INIT_VNET_INET6(curvnet); struct mf6c *rt; struct mif6 *mifp; struct mbuf *mm; @@ -1327,6 +1334,7 @@ static int ip6_mdq(struct mbuf *m, struct ifnet *ifp, struct mf6c *rt) { + INIT_VNET_INET6(curvnet); struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); mifi_t mifi, iif; struct mif6 *mifp; @@ -1505,6 +1513,7 @@ static void phyint_send(struct ip6_hdr *ip6, struct mif6 *mifp, struct mbuf *m) { + INIT_VNET_INET6(curvnet); struct mbuf *mb_copy; struct ifnet *ifp = mifp->m6_ifp; int error = 0; @@ -1692,6 +1701,7 @@ int pim6_input(struct mbuf **mp, int *offp, int proto) { + INIT_VNET_INET6(curvnet); struct pim *pim; /* pointer to a pim struct */ struct ip6_hdr *ip6; int pimlen; Index: sys/netinet6/ip6_output.c =========================================================================== --- sys/netinet6/ip6_output.c 2008/09/03 22:27:36 #91 +++ sys/netinet6/ip6_output.c 2008/09/03 22:27:36 @@ -189,6 +189,8 @@ struct route_in6 *ro, int flags, struct ip6_moptions *im6o, struct ifnet **ifpp, struct inpcb *inp) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET6(curvnet); struct ip6_hdr *ip6, *mhip6; struct ifnet *ifp, *origifp; struct mbuf *m = m0; @@ -2420,6 +2422,8 @@ static int ip6_setmoptions(int optname, struct ip6_moptions **im6op, struct mbuf *m) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET6(curvnet); int error = 0; u_int loop, ifindex; struct ipv6_mreq *mreq; @@ -2721,6 +2725,7 @@ static int ip6_getmoptions(int optname, struct ip6_moptions *im6o, struct mbuf **mp) { + INIT_VNET_INET6(curvnet); u_int *hlim, *loop, *ifindex; *mp = m_get(M_WAIT, MT_HEADER); /* XXX */ @@ -2850,6 +2855,8 @@ ip6_setpktopt(int optname, u_char *buf, int len, struct ip6_pktopts *opt, struct ucred *cred, int sticky, int cmsg, int uproto) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET6(curvnet); int minmtupolicy, preftemp; int error; Index: sys/netinet6/mld6.c =========================================================================== --- sys/netinet6/mld6.c 2008/09/03 22:27:36 #29 +++ sys/netinet6/mld6.c 2008/09/03 22:27:36 @@ -115,6 +115,7 @@ void mld6_init(void) { + INIT_VNET_INET6(curvnet); static u_int8_t hbh_buf[8]; struct ip6_hbh *hbh = (struct ip6_hbh *)hbh_buf; u_int16_t rtalert_code = htons((u_int16_t)IP6OPT_RTALERT_MLD); @@ -268,6 +269,7 @@ void mld6_input(struct mbuf *m, int off) { + INIT_VNET_INET6(curvnet); struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); struct mld_hdr *mldh; struct ifnet *ifp = m->m_pkthdr.rcvif; @@ -438,6 +440,7 @@ static void mld6_sendpkt(struct in6_multi *in6m, int type, const struct in6_addr *dst) { + INIT_VNET_INET6(curvnet); struct mbuf *mh, *md; struct mld_hdr *mldh; struct ip6_hdr *ip6; Index: sys/netinet6/nd6.c =========================================================================== --- sys/netinet6/nd6.c 2008/09/03 22:27:36 #79 +++ sys/netinet6/nd6.c 2008/09/03 22:27:36 @@ -198,6 +198,7 @@ void nd6_setmtu0(struct ifnet *ifp, struct nd_ifinfo *ndi) { + INIT_VNET_INET6(ifp->if_vnet); u_int32_t omaxmtu; omaxmtu = ndi->maxmtu; @@ -307,6 +308,7 @@ int nd6_options(union nd_opts *ndopts) { + INIT_VNET_INET6(curvnet); struct nd_opt_hdr *nd_opt; int i = 0; @@ -432,6 +434,9 @@ panic("ln->ln_rt->rt_ifp == NULL"); ndi = ND_IFINFO(ifp); + CURVNET_SET(ifp->if_vnet); + INIT_VNET_INET6(curvnet); + /* sanity check */ if (rt->rt_llinfo && (struct llinfo_nd6 *)rt->rt_llinfo != ln) panic("rt_llinfo(%p) is not equal to ln(%p)", @@ -531,6 +536,7 @@ void nd6_timer(void *ignored_arg) { + INIT_VNET_INET6((struct vnet *) arg); int s; struct nd_defrouter *dr; struct nd_prefix *pr; @@ -724,6 +730,7 @@ void nd6_purge(struct ifnet *ifp) { + INIT_VNET_INET6(ifp->if_vnet); struct llinfo_nd6 *ln, *nln; struct nd_defrouter *dr, *ndr; struct nd_prefix *pr, *npr; @@ -811,6 +818,7 @@ struct rtentry * nd6_lookup(struct in6_addr *addr6, int create, struct ifnet *ifp) { + INIT_VNET_INET6(curvnet); struct rtentry *rt; struct sockaddr_in6 sin6; char ip6buf[INET6_ADDRSTRLEN]; @@ -916,6 +924,7 @@ static int nd6_is_new_addr_neighbor(struct sockaddr_in6 *addr, struct ifnet *ifp) { + INIT_VNET_INET6(ifp->if_vnet); struct nd_prefix *pr; struct ifaddr *dstaddr; @@ -1013,6 +1022,7 @@ static struct llinfo_nd6 * nd6_free(struct rtentry *rt, int gc) { + INIT_VNET_INET6(curvnet); struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo, *next; struct in6_addr in6 = ((struct sockaddr_in6 *)rt_key(rt))->sin6_addr; struct nd_defrouter *dr; @@ -1122,6 +1132,7 @@ void nd6_nud_hint(struct rtentry *rt, struct in6_addr *dst6, int force) { + INIT_VNET_INET6(curvnet); struct llinfo_nd6 *ln; /* @@ -1175,6 +1186,8 @@ static struct sockaddr_dl null_sdl = {sizeof(null_sdl), AF_LINK}; struct ifnet *ifp = rt->rt_ifp; struct ifaddr *ifa; + INIT_VNET_NET(ifp->if_vnet); + INIT_VNET_INET6(ifp->if_vnet); RT_LOCK_ASSERT(rt); @@ -1415,6 +1428,7 @@ int nd6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp) { + INIT_VNET_INET6(ifp->if_vnet); struct in6_drlist *drl = (struct in6_drlist *)data; struct in6_oprlist *oprl = (struct in6_oprlist *)data; struct in6_ndireq *ndi = (struct in6_ndireq *)data; @@ -1653,6 +1667,7 @@ nd6_cache_lladdr(struct ifnet *ifp, struct in6_addr *from, char *lladdr, int lladdrlen, int type, int code) { + INIT_VNET_INET6(curvnet); struct rtentry *rt = NULL; struct llinfo_nd6 *ln = NULL; int is_newentry; @@ -1885,6 +1900,9 @@ static void nd6_slowtimo(void *ignored_arg) { + CURVNET_SET((struct vnet *) arg); + INIT_VNET_NET((struct vnet *) arg); + INIT_VNET_INET6((struct vnet *) arg); struct nd_ifinfo *nd6if; struct ifnet *ifp; @@ -1914,6 +1932,7 @@ nd6_output(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *m0, struct sockaddr_in6 *dst, struct rtentry *rt0) { + INIT_VNET_INET6(curvnet); struct mbuf *m = m0; struct rtentry *rt = rt0; struct sockaddr_in6 *gw6 = NULL; @@ -2264,12 +2283,13 @@ CTLFLAG_RD, nd6_sysctl_drlist, ""); SYSCTL_NODE(_net_inet6_icmp6, ICMPV6CTL_ND6_PRLIST, nd6_prlist, CTLFLAG_RD, nd6_sysctl_prlist, ""); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXQLEN, nd6_maxqueuelen, - CTLFLAG_RW, &nd6_maxqueuelen, 1, ""); +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ND6_MAXQLEN, + nd6_maxqueuelen, CTLFLAG_RW, nd6_maxqueuelen, 1, ""); static int nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET6(curvnet); int error; char buf[1024] __aligned(4); struct in6_defrouter *d, *de; @@ -2310,6 +2330,7 @@ static int nd6_sysctl_prlist(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET6(curvnet); int error; char buf[1024] __aligned(4); struct in6_prefix *p, *pe; Index: sys/netinet6/nd6_nbr.c =========================================================================== --- sys/netinet6/nd6_nbr.c 2008/09/03 22:27:36 #43 +++ sys/netinet6/nd6_nbr.c 2008/09/03 22:27:36 @@ -98,6 +98,7 @@ void nd6_ns_input(struct mbuf *m, int off, int icmp6len) { + INIT_VNET_INET6(curvnet); struct ifnet *ifp = m->m_pkthdr.rcvif; struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); struct nd_neighbor_solicit *nd_ns; @@ -359,6 +360,7 @@ nd6_ns_output(struct ifnet *ifp, const struct in6_addr *daddr6, const struct in6_addr *taddr6, struct llinfo_nd6 *ln, int dad) { + INIT_VNET_INET6(ifp->if_vnet); struct mbuf *m; struct ip6_hdr *ip6; struct nd_neighbor_solicit *nd_ns; @@ -564,6 +566,7 @@ void nd6_na_input(struct mbuf *m, int off, int icmp6len) { + INIT_VNET_INET6(curvnet); struct ifnet *ifp = m->m_pkthdr.rcvif; struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); struct nd_neighbor_advert *nd_na; @@ -876,6 +879,7 @@ const struct in6_addr *taddr6, u_long flags, int tlladdr, struct sockaddr *sdl0) { + INIT_VNET_INET6(ifp->if_vnet); struct mbuf *m; struct ip6_hdr *ip6; struct nd_neighbor_advert *nd_na; @@ -1080,6 +1084,7 @@ static struct dadq * nd6_dad_find(struct ifaddr *ifa) { + INIT_VNET_INET6(curvnet); struct dadq *dp; for (dp = V_dadq.tqh_first; dp; dp = dp->dad_list.tqe_next) { @@ -1110,6 +1115,7 @@ void nd6_dad_start(struct ifaddr *ifa, int delay) { + INIT_VNET_INET6(curvnet); struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; struct dadq *dp; char ip6buf[INET6_ADDRSTRLEN]; @@ -1192,6 +1198,7 @@ void nd6_dad_stop(struct ifaddr *ifa) { + INIT_VNET_INET6(curvnet); struct dadq *dp; if (!V_dad_init) @@ -1214,6 +1221,8 @@ nd6_dad_timer(struct ifaddr *ifa) { int s; + CURVNET_SET(dp->dad_vnet); + INIT_VNET_INET6(curvnet); struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; struct dadq *dp; char ip6buf[INET6_ADDRSTRLEN]; @@ -1312,11 +1321,13 @@ done: splx(s); + CURVNET_RESTORE(); } void nd6_dad_duplicated(struct ifaddr *ifa) { + INIT_VNET_INET6(curvnet); struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; struct ifnet *ifp; struct dadq *dp; @@ -1406,6 +1417,7 @@ static void nd6_dad_ns_input(struct ifaddr *ifa) { + INIT_VNET_INET6(curvnet); struct in6_ifaddr *ia; struct ifnet *ifp; const struct in6_addr *taddr6; Index: sys/netinet6/nd6_rtr.c =========================================================================== --- sys/netinet6/nd6_rtr.c 2008/09/03 22:27:36 #35 +++ sys/netinet6/nd6_rtr.c 2008/09/03 22:27:36 @@ -119,6 +119,7 @@ void nd6_rs_input(struct mbuf *m, int off, int icmp6len) { + INIT_VNET_INET6(curvnet); struct ifnet *ifp = m->m_pkthdr.rcvif; struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); struct nd_router_solicit *nd_rs; @@ -203,6 +204,7 @@ void nd6_ra_input(struct mbuf *m, int off, int icmp6len) { + INIT_VNET_INET6(curvnet); struct ifnet *ifp = m->m_pkthdr.rcvif; struct nd_ifinfo *ndi = ND_IFINFO(ifp); struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); @@ -483,6 +485,7 @@ struct nd_defrouter * defrouter_lookup(struct in6_addr *addr, struct ifnet *ifp) { + INIT_VNET_INET6(ifp->if_vnet); struct nd_defrouter *dr; for (dr = TAILQ_FIRST(&V_nd_defrouter); dr; @@ -531,6 +534,7 @@ void defrouter_reset(void) { + INIT_VNET_INET6(curvnet); struct nd_defrouter *dr; for (dr = TAILQ_FIRST(&V_nd_defrouter); dr; @@ -546,6 +550,7 @@ void defrtrlist_del(struct nd_defrouter *dr) { + INIT_VNET_INET6(curvnet); struct nd_defrouter *deldr = NULL; struct nd_prefix *pr; @@ -607,6 +612,7 @@ void defrouter_select(void) { + INIT_VNET_INET6(curvnet); int s = splnet(); struct nd_defrouter *dr, *selected_dr = NULL, *installed_dr = NULL; struct rtentry *rt = NULL; @@ -723,6 +729,7 @@ static struct nd_defrouter * defrtrlist_update(struct nd_defrouter *new) { + INIT_VNET_INET6(curvnet); struct nd_defrouter *dr, *n; int s = splnet(); @@ -844,6 +851,7 @@ struct nd_prefix * nd6_prefix_lookup(struct nd_prefixctl *key) { + INIT_VNET_INET6(curvnet); struct nd_prefix *search; for (search = V_nd_prefix.lh_first; @@ -863,6 +871,7 @@ nd6_prelist_add(struct nd_prefixctl *pr, struct nd_defrouter *dr, struct nd_prefix **newp) { + INIT_VNET_INET6(curvnet); struct nd_prefix *new = NULL; int error = 0; int i, s; @@ -921,6 +930,7 @@ void prelist_remove(struct nd_prefix *pr) { + INIT_VNET_INET6(curvnet); struct nd_pfxrouter *pfr, *next; int e, s; char ip6buf[INET6_ADDRSTRLEN]; @@ -973,6 +983,7 @@ prelist_update(struct nd_prefixctl *new, struct nd_defrouter *dr, struct mbuf *m, int mcast) { + INIT_VNET_INET6(curvnet); struct in6_ifaddr *ia6 = NULL, *ia6_match = NULL; struct ifaddr *ifa; struct ifnet *ifp = new->ndpr_ifp; @@ -1343,6 +1354,7 @@ void pfxlist_onlink_check() { + INIT_VNET_INET6(curvnet); struct nd_prefix *pr; struct in6_ifaddr *ifa; struct nd_defrouter *dr; @@ -1522,6 +1534,7 @@ int nd6_prefix_onlink(struct nd_prefix *pr) { + INIT_VNET_INET6(curvnet); struct ifaddr *ifa; struct ifnet *ifp = pr->ndpr_ifp; struct sockaddr_in6 mask6; @@ -1635,6 +1648,7 @@ int nd6_prefix_offlink(struct nd_prefix *pr) { + INIT_VNET_INET6(curvnet); int error = 0; struct ifnet *ifp = pr->ndpr_ifp; struct nd_prefix *opr; @@ -1726,6 +1740,7 @@ static struct in6_ifaddr * in6_ifadd(struct nd_prefixctl *pr, int mcast) { + INIT_VNET_INET6(curvnet); struct ifnet *ifp = pr->ndpr_ifp; struct ifaddr *ifa; struct in6_aliasreq ifra; @@ -1854,6 +1869,7 @@ int in6_tmpifadd(const struct in6_ifaddr *ia0, int forcegen, int delay) { + INIT_VNET_INET6(curvnet); struct ifnet *ifp = ia0->ia_ifa.ifa_ifp; struct in6_ifaddr *newia, *ia; struct in6_aliasreq ifra; @@ -2022,6 +2038,7 @@ rt6_flush(struct in6_addr *gateway, struct ifnet *ifp) { + INIT_VNET_NET(curvnet); struct radix_node_head *rnh = V_rt_tables[0][AF_INET6]; int s = splnet(); @@ -2074,6 +2091,8 @@ int nd6_setdefaultiface(int ifindex) { + INIT_VNET_NET(curvnet); + INIT_VNET_INET6(curvnet); int error = 0; if (ifindex < 0 || V_if_index < ifindex) Index: sys/netinet6/raw_ip6.c =========================================================================== --- sys/netinet6/raw_ip6.c 2008/09/03 22:27:36 #74 +++ sys/netinet6/raw_ip6.c 2008/09/03 22:27:36 @@ -136,6 +136,11 @@ int rip6_input(struct mbuf **mp, int *offp, int proto) { + INIT_VNET_INET(curvnet); + INIT_VNET_INET6(curvnet); +#ifdef IPSEC + INIT_VNET_IPSEC(curvnet); +#endif struct mbuf *m = *mp; register struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); register struct inpcb *in6p; @@ -258,6 +263,7 @@ void rip6_ctlinput(int cmd, struct sockaddr *sa, void *d) { + INIT_VNET_INET(curvnet); struct ip6_hdr *ip6; struct mbuf *m; int off = 0; @@ -313,6 +319,7 @@ va_dcl #endif { + INIT_VNET_INET6(curvnet); struct mbuf *control; struct socket *so; struct sockaddr_in6 *dstsock; @@ -544,6 +551,7 @@ static int rip6_attach(struct socket *so, int proto, struct thread *td) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; struct icmp6_filter *filter; int error; @@ -583,6 +591,7 @@ static void rip6_detach(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); @@ -640,6 +649,9 @@ static int rip6_bind(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_NET(so->so_vnet); + INIT_VNET_INET(so->so_vnet); + INIT_VNET_INET6(so->so_vnet); struct inpcb *inp; struct sockaddr_in6 *addr = (struct sockaddr_in6 *)nam; struct ifaddr *ia = NULL; @@ -675,6 +687,9 @@ static int rip6_connect(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_NET(so->so_vnet); + INIT_VNET_INET(so->so_vnet); + INIT_VNET_INET6(so->so_vnet); struct inpcb *inp; struct sockaddr_in6 *addr = (struct sockaddr_in6 *)nam; struct in6_addr *in6a = NULL; @@ -749,6 +764,7 @@ rip6_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam, struct mbuf *control, struct thread *td) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; struct sockaddr_in6 tmp; struct sockaddr_in6 *dst; Index: sys/netinet6/route6.c =========================================================================== --- sys/netinet6/route6.c 2008/09/03 22:27:36 #13 +++ sys/netinet6/route6.c 2008/09/03 22:27:36 @@ -65,6 +65,7 @@ int route6_input(struct mbuf **mp, int *offp, int proto) { + INIT_VNET_INET6(curvnet); struct ip6_hdr *ip6; struct mbuf *m = *mp; struct ip6_rthdr *rh; @@ -150,6 +151,7 @@ static int ip6_rthdr0(struct mbuf *m, struct ip6_hdr *ip6, struct ip6_rthdr0 *rh0) { + INIT_VNET_INET6(curvnet); int addrs, index; struct in6_addr *nextaddr, tmpaddr; struct in6_ifaddr *ifa; Index: sys/netinet6/scope6.c =========================================================================== --- sys/netinet6/scope6.c 2008/09/03 22:27:36 #18 +++ sys/netinet6/scope6.c 2008/09/03 22:27:36 @@ -45,6 +45,7 @@ #include #include +#include #include #include @@ -72,6 +73,7 @@ void scope6_init(void) { + INIT_VNET_INET6(curvnet); SCOPE6_LOCK_INIT(); bzero(&V_sid_default, sizeof(V_sid_default)); @@ -110,6 +112,7 @@ int scope6_set(struct ifnet *ifp, struct scope6_id *idlist) { + INIT_VNET_NET(ifp->if_vnet); int i; int error = 0; struct scope6_id *sid = NULL; @@ -264,6 +267,8 @@ void scope6_setdefault(struct ifnet *ifp) { + INIT_VNET_INET6(ifp->if_vnet); + /* * Currently, this function just sets the default "interfaces" * and "links" according to the given interface. @@ -286,6 +291,7 @@ int scope6_get_default(struct scope6_id *idlist) { + INIT_VNET_INET6(curvnet); SCOPE6_LOCK(); *idlist = V_sid_default; @@ -297,6 +303,7 @@ u_int32_t scope6_addr2default(struct in6_addr *addr) { + INIT_VNET_INET6(curvnet); u_int32_t id; /* @@ -327,6 +334,7 @@ int sa6_embedscope(struct sockaddr_in6 *sin6, int defaultok) { + INIT_VNET_NET(curvnet); struct ifnet *ifp; u_int32_t zoneid; @@ -363,6 +371,7 @@ int sa6_recoverscope(struct sockaddr_in6 *sin6) { + INIT_VNET_NET(curvnet); char ip6buf[INET6_ADDRSTRLEN]; u_int32_t zoneid; Index: sys/netinet6/udp6_usrreq.c =========================================================================== --- sys/netinet6/udp6_usrreq.c 2008/09/03 22:27:36 #78 +++ sys/netinet6/udp6_usrreq.c 2008/09/03 22:27:36 @@ -127,6 +127,7 @@ udp6_append(struct inpcb *inp, struct mbuf *n, int off, struct sockaddr_in6 *fromsa) { + INIT_VNET_INET(inp->inp_vnet); struct socket *so; struct mbuf *opts; @@ -135,6 +136,7 @@ #ifdef IPSEC /* Check AH/ESP integrity. */ if (ipsec6_in_reject(n, inp)) { + INIT_VNET_IPSEC(inp->inp_vnet); m_freem(n); V_ipsec6stat.in_polvio++; return; @@ -168,6 +170,8 @@ int udp6_input(struct mbuf **mp, int *offp, int proto) { + INIT_VNET_INET(curvnet); + INIT_VNET_INET6(curvnet); struct mbuf *m = *mp; struct ip6_hdr *ip6; struct udphdr *uh; @@ -361,6 +365,7 @@ void udp6_ctlinput(int cmd, struct sockaddr *sa, void *d) { + INIT_VNET_INET(curvnet); struct udphdr uh; struct ip6_hdr *ip6; struct mbuf *m; @@ -426,6 +431,8 @@ static int udp6_getcred(SYSCTL_HANDLER_ARGS) { + INIT_VNET_INET(curvnet); + INIT_VNET_INET6(curvnet); struct xucred xuc; struct sockaddr_in6 addrs[2]; struct inpcb *inp; @@ -477,6 +484,8 @@ udp6_output(struct inpcb *inp, struct mbuf *m, struct sockaddr *addr6, struct mbuf *control, struct thread *td) { + INIT_VNET_INET(curvnet); + INIT_VNET_INET6(curvnet); u_int32_t ulen = m->m_pkthdr.len; u_int32_t plen = sizeof(struct udphdr) + ulen; struct ip6_hdr *ip6; @@ -692,6 +701,7 @@ static void udp6_abort(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); @@ -721,6 +731,7 @@ static int udp6_attach(struct socket *so, int proto, struct thread *td) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; int error; @@ -759,6 +770,7 @@ static int udp6_bind(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; int error; @@ -798,6 +810,7 @@ static void udp6_close(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); @@ -826,6 +839,7 @@ static int udp6_connect(struct socket *so, struct sockaddr *nam, struct thread *td) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; int error; @@ -878,6 +892,7 @@ static void udp6_detach(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; inp = sotoinpcb(so); @@ -893,6 +908,7 @@ static int udp6_disconnect(struct socket *so) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; int error; @@ -931,6 +947,7 @@ udp6_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *addr, struct mbuf *control, struct thread *td) { + INIT_VNET_INET(so->so_vnet); struct inpcb *inp; int error = 0; Index: sys/netinet6/vinet6.h =========================================================================== *** /dev/null Wed Sep 3 22:22:00 2008 --- sys/netinet6/vinet6.h Wed Sep 3 22:27:40 2008 *************** *** 0 **** --- 1,275 ---- + /*- + * Copyright (c) 2006-2008 University of Zagreb + * Copyright (c) 2006-2008 FreeBSD Foundation + * + * This software was developed by the University of Zagreb and the + * FreeBSD Foundation under sponsorship by the Stichting NLnet and the + * FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + + #ifndef _NETINET6_VINET6_H_ + #define _NETINET6_VINET6_H_ + + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + + #define INIT_VNET_INET6(vnet) \ + INIT_FROM_VNET(vnet, VNET_MOD_INET6, \ + struct vnet_inet6, vnet_inet6) + + #define VNET_INET6(sym) VSYM(vnet_inet6, sym) + + + #ifdef VIMAGE + struct vnet_inet6 { + struct in6_ifaddr * _in6_ifaddr; + + u_int _frag6_nfragpackets; + u_int _frag6_nfrags; + struct ip6q _ip6q; + + struct route_in6 _ip6_forward_rt; + + struct in6_addrpolicy _defaultaddrpolicy; + TAILQ_HEAD(, addrsel_policyent) _addrsel_policytab; + u_int _in6_maxmtu; + int _ip6_auto_linklocal; + int _rtq_minreallyold6; + int _rtq_reallyold6; + int _rtq_toomany6; + + struct ip6stat _ip6stat; + struct rip6stat _rip6stat; + struct icmp6stat _icmp6stat; + + int _rtq_timeout6; + struct callout _rtq_timer6; + struct callout _rtq_mtutimer; + struct callout _nd6_slowtimo_ch; + struct callout _nd6_timer_ch; + struct callout _in6_tmpaddrtimer_ch; + + int _nd6_inuse; + int _nd6_allocated; + struct llinfo_nd6 _llinfo_nd6; + struct nd_drhead _nd_defrouter; + struct nd_prhead _nd_prefix; + struct ifnet * _nd6_defifp; + int _nd6_defifindex; + + struct scope6_id _sid_default; + + TAILQ_HEAD(, dadq) _dadq; + int _dad_init; + + int _icmp6errpps_count; + int _icmp6errppslim_last; + + int _ip6_forwarding; + int _ip6_sendredirects; + int _ip6_defhlim; + int _ip6_defmcasthlim; + int _ip6_accept_rtadv; + int _ip6_maxfragpackets; + int _ip6_maxfrags; + int _ip6_log_interval; + int _ip6_hdrnestlimit; + int _ip6_dad_count; + int _ip6_auto_flowlabel; + int _ip6_use_deprecated; + int _ip6_rr_prune; + int _ip6_mcast_pmtu; + int _ip6_v6only; + int _ip6_keepfaith; + int _ip6stealth; + time_t _ip6_log_time; + + int _pmtu_expire; + int _pmtu_probe; + u_long _rip6_sendspace; + u_long _rip6_recvspace; + int _icmp6_rediraccept; + int _icmp6_redirtimeout; + int _icmp6errppslim; + int _icmp6_nodeinfo; + int _udp6_sendspace; + int _udp6_recvspace; + int _ip6qmaxlen; + int _ip6_prefer_tempaddr; + int _ip6_forward_srcrt; + int _ip6_sourcecheck; + int _ip6_sourcecheck_interval; + int _ip6_ours_check_algorithm; + + int _nd6_prune; + int _nd6_delay; + int _nd6_umaxtries; + int _nd6_mmaxtries; + int _nd6_useloopback; + int _nd6_gctimer; + int _nd6_maxndopt; + int _nd6_maxnudhint; + int _nd6_maxqueuelen; + int _nd6_debug; + int _nd6_recalc_reachtm_interval; + int _dad_ignore_ns; + int _dad_maxtry; + int _ip6_use_tempaddr; + int _ip6_desync_factor; + u_int32_t _ip6_temp_preferred_lifetime; + u_int32_t _ip6_temp_valid_lifetime; + + int _ip6_mrouter_ver; + int _pim6; + u_int _mrt6debug; + + int _ip6_temp_regen_advance; + int _ip6_use_defzone; + + struct ip6_pktopts _ip6_opts; + }; + #endif + + + /* + * Symbol translation macros + */ + #define V_in6_ifaddr VNET_INET6(in6_ifaddr) + + #define V_frag6_nfragpackets VNET_INET6(frag6_nfragpackets) + #define V_frag6_nfrags VNET_INET6(frag6_nfrags) + #define V_ip6q VNET_INET6(ip6q) + + #define V_ip6_forward_rt VNET_INET6(ip6_forward_rt) + + #define V_defaultaddrpolicy VNET_INET6(defaultaddrpolicy) + #define V_addrsel_policytab VNET_INET6(addrsel_policytab) + #define V_in6_maxmtu VNET_INET6(in6_maxmtu) + #define V_ip6_auto_linklocal VNET_INET6(ip6_auto_linklocal) + + #define V_rtq_minreallyold6 VNET_INET6(rtq_minreallyold6) + #define V_rtq_reallyold6 VNET_INET6(rtq_reallyold6) + #define V_rtq_toomany6 VNET_INET6(rtq_toomany6) + + #define V_ip6stat VNET_INET6(ip6stat) + #define V_rip6stat VNET_INET6(rip6stat) + #define V_icmp6stat VNET_INET6(icmp6stat) + + #define V_rtq_timeout6 VNET_INET6(rtq_timeout6) + #define V_rtq_timer6 VNET_INET6(rtq_timer6) + #define V_rtq_mtutimer VNET_INET6(rtq_mtutimer) + #define V_nd6_slowtimo_ch VNET_INET6(nd6_slowtimo_ch) + #define V_nd6_timer_ch VNET_INET6(nd6_timer_ch) + #define V_in6_tmpaddrtimer_ch VNET_INET6(in6_tmpaddrtimer_ch) + + #define V_nd6_inuse VNET_INET6(nd6_inuse) + #define V_nd6_allocated VNET_INET6(nd6_allocated) + #define V_llinfo_nd6 VNET_INET6(llinfo_nd6) + #define V_nd_defrouter VNET_INET6(nd_defrouter) + #define V_nd_prefix VNET_INET6(nd_prefix) + #define V_nd6_defifp VNET_INET6(nd6_defifp) + #define V_nd6_defifindex VNET_INET6(nd6_defifindex) + + #define V_sid_default VNET_INET6(sid_default) + + #define V_dadq VNET_INET6(dadq) + #define V_dad_init VNET_INET6(dad_init) + + //#define V_icmp6errppslim VNET_INET6(icmp6errppslim) + #define V_icmp6errpps_count VNET_INET6(icmp6errpps_count) + //#define V_icmp6_nodeinfo VNET_INET6(icmp6_nodeinfo) + + #define V_ip6_forwarding VNET_INET6(ip6_forwarding) + #define V_ip6_sendredirects VNET_INET6(ip6_sendredirects) + #define V_ip6_defhlim VNET_INET6(ip6_defhlim) + #define V_ip6_defmcasthlim VNET_INET6(ip6_defmcasthlim) + #define V_ip6_accept_rtadv VNET_INET6(ip6_accept_rtadv) + #define V_ip6_maxfragpackets VNET_INET6(ip6_maxfragpackets) + #define V_ip6_maxfrags VNET_INET6(ip6_maxfrags) + #define V_ip6_log_interval VNET_INET6(ip6_log_interval) + #define V_ip6_hdrnestlimit VNET_INET6(ip6_hdrnestlimit) + #define V_ip6_dad_count VNET_INET6(ip6_dad_count) + #define V_ip6_auto_flowlabel VNET_INET6(ip6_auto_flowlabel) + #define V_ip6_use_deprecated VNET_INET6(ip6_use_deprecated) + #define V_ip6_rr_prune VNET_INET6(ip6_rr_prune) + #define V_ip6_mcast_pmtu VNET_INET6(ip6_mcast_pmtu) + #define V_ip6_v6only VNET_INET6(ip6_v6only) + #define V_ip6_keepfaith VNET_INET6(ip6_keepfaith) + #define V_ip6stealth VNET_INET6(ip6stealth) + #define V_ip6_log_time VNET_INET6(ip6_log_time) + + #define V_pmtu_expire VNET_INET6(pmtu_expire) + #define V_pmtu_probe VNET_INET6(pmtu_probe) + #define V_rip6_sendspace VNET_INET6(rip6_sendspace) + #define V_rip6_recvspace VNET_INET6(rip6_recvspace) + #define V_icmp6_rediraccept VNET_INET6(icmp6_rediraccept) + #define V_icmp6_redirtimeout VNET_INET6(icmp6_redirtimeout) + #define V_icmp6errppslim VNET_INET6(icmp6errppslim) + #define V_icmp6_nodeinfo VNET_INET6(icmp6_nodeinfo) + #define V_udp6_sendspace VNET_INET6(udp6_sendspace) + #define V_udp6_recvspace VNET_INET6(udp6_recvspace) + #define V_icmp6errppslim_last VNET_INET6(icmp6errppslim_last) + #define V_ip6_prefer_tempaddr VNET_INET6(ip6_prefer_tempaddr) + #define V_ip6qmaxlen VNET_INET6(ip6qmaxlen) + #define V_ip6_forward_srcrt VNET_INET6(ip6_forward_srcrt) + #define V_ip6_sourcecheck VNET_INET6(ip6_sourcecheck) + #define V_ip6_sourcecheck_interval VNET_INET6(ip6_sourcecheck_interval) + #define V_ip6_ours_check_algorithm VNET_INET6(ip6_ours_check_algorithm) + #define V_nd6_prune VNET_INET6(nd6_prune) + #define V_nd6_delay VNET_INET6(nd6_delay) + #define V_nd6_umaxtries VNET_INET6(nd6_umaxtries) + #define V_nd6_mmaxtries VNET_INET6(nd6_mmaxtries) + #define V_nd6_useloopback VNET_INET6(nd6_useloopback) + #define V_nd6_gctimer VNET_INET6(nd6_gctimer) + #define V_nd6_maxndopt VNET_INET6(nd6_maxndopt) + #define V_nd6_maxnudhint VNET_INET6(nd6_maxnudhint) + #define V_nd6_maxqueuelen VNET_INET6(nd6_maxqueuelen) + #define V_nd6_debug VNET_INET6(nd6_debug) + #define V_nd6_recalc_reachtm_interval VNET_INET6(nd6_recalc_reachtm_interval) + #define V_dad_ignore_ns VNET_INET6(dad_ignore_ns) + #define V_dad_maxtry VNET_INET6(dad_maxtry) + #define V_ip6_use_tempaddr VNET_INET6(ip6_use_tempaddr) + #define V_ip6_desync_factor VNET_INET6(ip6_desync_factor) + #define V_ip6_temp_preferred_lifetime VNET_INET6(ip6_temp_preferred_lifetime) + #define V_ip6_temp_valid_lifetime VNET_INET6(ip6_temp_valid_lifetime) + + #define V_ip6_mrouter_ver VNET_INET6(ip6_mrouter_ver) + #define V_pim6 VNET_INET6(pim6) + #define V_mrt6debug VNET_INET6(mrt6debug) + #define V_ip6_temp_regen_advance VNET_INET6(ip6_temp_regen_advance) + + #define V_ip6_use_defzone VNET_INET6(ip6_use_defzone) + + #define V_ip6_opts VNET_INET6(ip6_opts) + + #endif /* !_NETINET6_VINET6_H_ */ Index: sys/netipsec/ipsec.c =========================================================================== --- sys/netipsec/ipsec.c 2008/09/03 22:27:36 #31 +++ sys/netipsec/ipsec.c 2008/09/03 22:27:36 @@ -126,36 +126,42 @@ SYSCTL_DECL(_net_inet_ipsec); /* net.inet.ipsec */ -SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_POLICY, - def_policy, CTLFLAG_RW, &ip4_def_policy.policy, 0, - "IPsec default policy."); -SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_ESP_TRANSLEV, esp_trans_deflev, - CTLFLAG_RW, &ip4_esp_trans_deflev, 0, "Default ESP transport mode level"); -SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_ESP_NETLEV, esp_net_deflev, - CTLFLAG_RW, &ip4_esp_net_deflev, 0, "Default ESP tunnel mode level."); -SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_AH_TRANSLEV, ah_trans_deflev, - CTLFLAG_RW, &ip4_ah_trans_deflev, 0, "AH transfer mode default level."); -SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_AH_NETLEV, ah_net_deflev, - CTLFLAG_RW, &ip4_ah_net_deflev, 0, "AH tunnel mode default level."); -SYSCTL_INT(_net_inet_ipsec, IPSECCTL_AH_CLEARTOS, - ah_cleartos, CTLFLAG_RW, &ah_cleartos, 0, - "If set clear type-of-service field when doing AH computation."); -SYSCTL_INT(_net_inet_ipsec, IPSECCTL_AH_OFFSETMASK, - ah_offsetmask, CTLFLAG_RW, &ip4_ah_offsetmask, 0, - "If not set clear offset field mask when doing AH computation."); -SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DFBIT, - dfbit, CTLFLAG_RW, &ip4_ipsec_dfbit, 0, "Do not fragment bit on encap."); -SYSCTL_INT(_net_inet_ipsec, IPSECCTL_ECN, - ecn, CTLFLAG_RW, &ip4_ipsec_ecn, 0, - "Explicit Congestion Notification handling."); -SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG, - debug, CTLFLAG_RW, &ipsec_debug, 0, - "Enable IPsec debugging output when set."); -SYSCTL_INT(_net_inet_ipsec, OID_AUTO, - crypto_support, CTLFLAG_RW, &crypto_support, 0, - "Crypto driver selection."); -SYSCTL_STRUCT(_net_inet_ipsec, OID_AUTO, - ipsecstats, CTLFLAG_RD, &ipsec4stat, ipsecstat, "IPsec IPv4 statistics."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_DEF_POLICY, + def_policy, CTLFLAG_RW, ip4_def_policy.policy, 0, + "IPsec default policy."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_DEF_ESP_TRANSLEV, + esp_trans_deflev, CTLFLAG_RW, ip4_esp_trans_deflev, 0, + "Default ESP transport mode level"); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_DEF_ESP_NETLEV, + esp_net_deflev, CTLFLAG_RW, ip4_esp_net_deflev, 0, + "Default ESP tunnel mode level."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_DEF_AH_TRANSLEV, + ah_trans_deflev, CTLFLAG_RW, ip4_ah_trans_deflev, 0, + "AH transfer mode default level."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_DEF_AH_NETLEV, + ah_net_deflev, CTLFLAG_RW, ip4_ah_net_deflev, 0, + "AH tunnel mode default level."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_AH_CLEARTOS, + ah_cleartos, CTLFLAG_RW, ah_cleartos, 0, + "If set clear type-of-service field when doing AH computation."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_AH_OFFSETMASK, + ah_offsetmask, CTLFLAG_RW, ip4_ah_offsetmask, 0, + "If not set clear offset field mask when doing AH computation."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_DFBIT, + dfbit, CTLFLAG_RW, ip4_ipsec_dfbit, 0, + "Do not fragment bit on encap."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_ECN, + ecn, CTLFLAG_RW, ip4_ipsec_ecn, 0, + "Explicit Congestion Notification handling."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_DEBUG, + debug, CTLFLAG_RW, ipsec_debug, 0, + "Enable IPsec debugging output when set."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, OID_AUTO, + crypto_support, CTLFLAG_RW, crypto_support,0, + "Crypto driver selection."); +SYSCTL_V_STRUCT(V_NET, vnet_ipsec, _net_inet_ipsec, OID_AUTO, + ipsecstats, CTLFLAG_RD, ipsec4stat, ipsecstat, + "IPsec IPv4 statistics."); #ifdef REGRESSION /* @@ -163,15 +169,15 @@ * This allows to verify if the other side has proper replay attacks detection. */ int ipsec_replay = 0; -SYSCTL_INT(_net_inet_ipsec, OID_AUTO, test_replay, CTLFLAG_RW, &ipsec_replay, 0, - "Emulate replay attack"); +SYSCTL_V_INT(V_NET, vnet_ipsec,_net_inet_ipsec, OID_AUTO, test_replay, + CTLFLAG_RW, ipsec_replay, 0, "Emulate replay attack"); /* * When set 1, IPsec will send packets with corrupted HMAC. * This allows to verify if the other side properly detects modified packets. */ int ipsec_integrity = 0; -SYSCTL_INT(_net_inet_ipsec, OID_AUTO, test_integrity, CTLFLAG_RW, - &ipsec_integrity, 0, "Emulate man-in-the-middle attack"); +SYSCTL_V_INT(V_NET, vnet_ipsec,_net_inet_ipsec, OID_AUTO, test_integrity, + CTLFLAG_RW, ipsec_integrity, 0, "Emulate man-in-the-middle attack"); #endif #ifdef INET6 @@ -189,24 +195,30 @@ SYSCTL_OID(_net_inet6_ipsec6, IPSECCTL_STATS, stats, CTLFLAG_RD, 0, 0, compat_ipsecstats_sysctl, "S", "IPsec IPv6 statistics."); #endif /* COMPAT_KAME */ -SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_POLICY, - def_policy, CTLFLAG_RW, &ip4_def_policy.policy, 0, "IPsec default policy."); -SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_ESP_TRANSLEV, esp_trans_deflev, - CTLFLAG_RW, &ip6_esp_trans_deflev, 0, "Default ESP transport mode level."); -SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_ESP_NETLEV, esp_net_deflev, - CTLFLAG_RW, &ip6_esp_net_deflev, 0, "Default ESP tunnel mode level."); -SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_AH_TRANSLEV, ah_trans_deflev, - CTLFLAG_RW, &ip6_ah_trans_deflev, 0, "AH transfer mode default level."); -SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_AH_NETLEV, ah_net_deflev, - CTLFLAG_RW, &ip6_ah_net_deflev, 0, "AH tunnel mode default level."); -SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_ECN, - ecn, CTLFLAG_RW, &ip6_ipsec_ecn, 0, - "Explicit Congestion Notification handling."); -SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG, - debug, CTLFLAG_RW, &ipsec_debug, 0, - "Enable IPsec debugging output when set."); -SYSCTL_STRUCT(_net_inet6_ipsec6, IPSECCTL_STATS, - ipsecstats, CTLFLAG_RD, &ipsec6stat, ipsecstat, "IPsec IPv6 statistics."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_DEF_POLICY, + def_policy, CTLFLAG_RW, ip4_def_policy.policy, 0, + "IPsec default policy."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_DEF_ESP_TRANSLEV, + esp_trans_deflev, CTLFLAG_RW, ip6_esp_trans_deflev, 0, + "Default ESP transport mode level."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_DEF_ESP_NETLEV, + esp_net_deflev, CTLFLAG_RW, ip6_esp_net_deflev, 0, + "Default ESP tunnel mode level."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_DEF_AH_TRANSLEV, + ah_trans_deflev, CTLFLAG_RW, ip6_ah_trans_deflev, 0, + "AH transfer mode default level."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_DEF_AH_NETLEV, + ah_net_deflev, CTLFLAG_RW, ip6_ah_net_deflev, 0, + "AH tunnel mode default level."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_ECN, + ecn, CTLFLAG_RW, ip6_ipsec_ecn, 0, + "Explicit Congestion Notification handling."); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_DEBUG, + debug, CTLFLAG_RW, ipsec_debug, 0, + "Enable IPsec debugging output when set."); +SYSCTL_V_STRUCT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_STATS, + ipsecstats, CTLFLAG_RD, ipsec6stat, ipsecstat, + "IPsec IPv6 statistics."); #endif /* INET6 */ static int ipsec4_setspidx_inpcb __P((struct mbuf *, struct inpcb *pcb)); @@ -236,6 +248,7 @@ static struct secpolicy * key_allocsp_default(const char* where, int tag) { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp; KEYDEBUG(KEYDEBUG_IPSEC_STAMP, @@ -305,6 +318,7 @@ struct inpcb *inp; int *error; { + INIT_VNET_IPSEC(curvnet); struct inpcbpolicy *pcbsp = NULL; struct secpolicy *currsp = NULL; /* policy on socket */ struct secpolicy *sp; @@ -415,6 +429,7 @@ int flag; int *error; { + INIT_VNET_IPSEC(curvnet); struct secpolicyindex spidx; struct secpolicy *sp; @@ -450,6 +465,7 @@ int *error; struct inpcb *inp; { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp; *error = 0; @@ -521,6 +537,7 @@ struct mbuf *m; struct in6pcb *pcb; { + //INIT_VNET_IPSEC(curvnet); struct secpolicyindex *spidx; int error; @@ -564,6 +581,7 @@ struct secpolicyindex *spidx; int needport; { + INIT_VNET_IPSEC(curvnet); struct ip *ip = NULL; struct ip ipbuf; u_int v; @@ -757,6 +775,7 @@ struct secpolicyindex *spidx; int needport; { + INIT_VNET_IPSEC(curvnet); int off, nxt; struct tcphdr th; struct udphdr uh; @@ -873,6 +892,7 @@ struct socket *so; struct inpcbpolicy **pcb_sp; { + INIT_VNET_IPSEC(curvnet); struct inpcbpolicy *new; /* sanity check. */ @@ -1016,6 +1036,7 @@ size_t len; struct ucred *cred; { + INIT_VNET_IPSEC(curvnet); struct sadb_x_policy *xpl; struct secpolicy *newsp = NULL; int error; @@ -1065,6 +1086,7 @@ struct secpolicy *pcb_sp; struct mbuf **mp; { + INIT_VNET_IPSEC(curvnet); /* sanity check. */ if (pcb_sp == NULL || mp == NULL) @@ -1091,6 +1113,7 @@ size_t len; struct ucred *cred; { + INIT_VNET_IPSEC(curvnet); struct sadb_x_policy *xpl; struct secpolicy **pcb_sp; @@ -1125,6 +1148,7 @@ size_t len; struct mbuf **mp; { + INIT_VNET_IPSEC(curvnet); struct sadb_x_policy *xpl; struct secpolicy *pcb_sp; @@ -1184,6 +1208,7 @@ size_t len; struct ucred *cred; { + INIT_VNET_IPSEC(curvnet); struct sadb_x_policy *xpl; struct secpolicy **pcb_sp; @@ -1218,6 +1243,7 @@ size_t len; struct mbuf **mp; { + INIT_VNET_IPSEC(curvnet); struct sadb_x_policy *xpl; struct secpolicy *pcb_sp; @@ -1276,6 +1302,7 @@ ipsec_get_reqlevel(isr) struct ipsecrequest *isr; { + INIT_VNET_IPSEC(curvnet); u_int level = 0; u_int esp_trans_deflev, esp_net_deflev; u_int ah_trans_deflev, ah_net_deflev; @@ -1380,6 +1407,7 @@ int ipsec_in_reject(struct secpolicy *sp, struct mbuf *m) { + INIT_VNET_IPSEC(curvnet); struct ipsecrequest *isr; int need_auth; @@ -1455,6 +1483,7 @@ struct mbuf *m; struct inpcb *inp; { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp; int error; int result; @@ -1493,6 +1522,7 @@ struct mbuf *m; struct inpcb *inp; { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp = NULL; int error; int result; @@ -1530,6 +1560,7 @@ static size_t ipsec_hdrsiz(struct secpolicy *sp) { + INIT_VNET_IPSEC(curvnet); struct ipsecrequest *isr; size_t siz; @@ -1592,6 +1623,7 @@ u_int dir; struct inpcb *inp; { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp; int error; size_t size; @@ -1632,6 +1664,7 @@ u_int dir; struct in6pcb *in6p; { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp; int error; size_t size; @@ -1731,6 +1764,7 @@ u_int32_t seq; struct secasvar *sav; { + INIT_VNET_IPSEC(curvnet); struct secreplay *replay; u_int32_t diff; int fr; Index: sys/netipsec/ipsec.h =========================================================================== --- sys/netipsec/ipsec.h 2008/09/03 22:27:36 #18 +++ sys/netipsec/ipsec.h 2008/09/03 22:27:36 @@ -433,6 +433,9 @@ extern char *ipsec_dump_policy __P((caddr_t, char *)); extern const char *ipsec_strerror __P((void)); -#endif /* !_KERNEL */ + +#else +#include +#endif /* ! KERNEL */ #endif /* _NETIPSEC_IPSEC_H_ */ Index: sys/netipsec/ipsec_input.c =========================================================================== --- sys/netipsec/ipsec_input.c 2008/09/03 22:27:36 #22 +++ sys/netipsec/ipsec_input.c 2008/09/03 22:27:36 @@ -113,6 +113,7 @@ static int ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto) { + INIT_VNET_IPSEC(curvnet); union sockaddr_union dst_address; struct secasvar *sav; u_int32_t spi; @@ -282,6 +283,7 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int protoff, struct m_tag *mt) { + INIT_VNET_IPSEC(curvnet); int prot, af, sproto; struct ip *ip; struct m_tag *mtag; @@ -504,6 +506,7 @@ int ipsec6_common_input(struct mbuf **mp, int *offp, int proto) { + INIT_VNET_IPSEC(curvnet); int l = 0; int protoff; struct ip6_ext ip6e; @@ -554,6 +557,8 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int protoff, struct m_tag *mt) { + INIT_VNET_INET6(curvnet); + INIT_VNET_IPSEC(curvnet); int prot, af, sproto; struct ip6_hdr *ip6; struct m_tag *mtag; Index: sys/netipsec/ipsec_mbuf.c =========================================================================== --- sys/netipsec/ipsec_mbuf.c 2008/09/03 22:27:36 #14 +++ sys/netipsec/ipsec_mbuf.c 2008/09/03 22:27:36 @@ -54,6 +54,7 @@ struct mbuf * m_makespace(struct mbuf *m0, int skip, int hlen, int *off) { + INIT_VNET_IPSEC(curvnet); struct mbuf *m; unsigned remain; @@ -156,6 +157,7 @@ caddr_t m_pad(struct mbuf *m, int n) { + INIT_VNET_IPSEC(curvnet); register struct mbuf *m0, *m1; register int len, pad; caddr_t retval; @@ -228,6 +230,7 @@ int m_striphdr(struct mbuf *m, int skip, int hlen) { + INIT_VNET_IPSEC(curvnet); struct mbuf *m1; int roff; Index: sys/netipsec/ipsec_output.c =========================================================================== --- sys/netipsec/ipsec_output.c 2008/09/03 22:27:36 #21 +++ sys/netipsec/ipsec_output.c 2008/09/03 22:27:36 @@ -91,6 +91,7 @@ int ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr) { + INIT_VNET_IPSEC(curvnet); struct tdb_ident *tdbi; struct m_tag *mtag; struct secasvar *sav; @@ -205,6 +206,7 @@ int *error ) { + INIT_VNET_IPSEC(curvnet); #define IPSEC_OSTAT(x,y,z) (isr->saidx.proto == IPPROTO_ESP ? (x)++ : \ isr->saidx.proto == IPPROTO_AH ? (y)++ : (z)++) struct secasvar *sav; @@ -350,6 +352,7 @@ int flags, int tunalready) { + INIT_VNET_IPSEC(curvnet); struct secasindex saidx; struct secasvar *sav; struct ip *ip; @@ -563,6 +566,7 @@ int flags, int *tun) { + INIT_VNET_IPSEC(curvnet); struct ipsecrequest *isr; struct secasindex saidx; int error = 0; @@ -630,6 +634,7 @@ static int ipsec6_encapsulate(struct mbuf *m, struct secasvar *sav) { + INIT_VNET_IPSEC(curvnet); struct ip6_hdr *oip6; struct ip6_hdr *ip6; size_t plen; @@ -699,6 +704,8 @@ int ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, int flags) { + INIT_VNET_INET6(curvnet); + INIT_VNET_IPSEC(curvnet); struct ip6_hdr *ip6; struct ipsecrequest *isr; struct secasindex saidx; Index: sys/netipsec/key.c =========================================================================== --- sys/netipsec/key.c 2008/09/03 22:27:36 #35 +++ sys/netipsec/key.c 2008/09/03 22:27:36 @@ -56,6 +56,7 @@ #include #include #include +#include #include #include @@ -243,52 +244,51 @@ SYSCTL_DECL(_net_key); #endif -SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, CTLFLAG_RW, \ - &key_debug_level, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec,_net_key, KEYCTL_DEBUG_LEVEL, debug, + CTLFLAG_RW, key_debug_level, 0, ""); /* max count of trial for the decision of spi value */ -SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW, \ - &key_spi_trycnt, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec,_net_key, KEYCTL_SPI_TRY, spi_trycnt, + CTLFLAG_RW, key_spi_trycnt, 0, ""); /* minimum spi value to allocate automatically. */ -SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW, \ - &key_spi_minval, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_key, KEYCTL_SPI_MIN_VALUE, + spi_minval, CTLFLAG_RW, key_spi_minval, 0, ""); /* maximun spi value to allocate automatically. */ -SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW, \ - &key_spi_maxval, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_key, KEYCTL_SPI_MAX_VALUE, + spi_maxval, CTLFLAG_RW, key_spi_maxval, 0, ""); /* interval to initialize randseed */ -SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW, \ - &key_int_random, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_key, KEYCTL_RANDOM_INT, + int_random, CTLFLAG_RW, key_int_random, 0, ""); /* lifetime for larval SA */ -SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \ - &key_larval_lifetime, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_key, KEYCTL_LARVAL_LIFETIME, + larval_lifetime, CTLFLAG_RW, key_larval_lifetime, 0, ""); /* counter for blocking to send SADB_ACQUIRE to IKEd */ -SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW, \ - &key_blockacq_count, 0, ""); - +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_key, KEYCTL_BLOCKACQ_COUNT, + blockacq_count, CTLFLAG_RW, key_blockacq_count, 0, ""); /* lifetime for blocking to send SADB_ACQUIRE to IKEd */ -SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \ - &key_blockacq_lifetime, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_key, KEYCTL_BLOCKACQ_LIFETIME, + blockacq_lifetime, CTLFLAG_RW, key_blockacq_lifetime, 0, ""); /* ESP auth */ -SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, CTLFLAG_RW, \ - &ipsec_esp_auth, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_key, KEYCTL_ESP_AUTH, esp_auth, + CTLFLAG_RW, ipsec_esp_auth, 0, ""); /* minimum ESP key length */ -SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW, \ - &ipsec_esp_keymin, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_key, KEYCTL_ESP_KEYMIN, + esp_keymin, CTLFLAG_RW, ipsec_esp_keymin, 0, ""); /* minimum AH key length */ -SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, CTLFLAG_RW, \ - &ipsec_ah_keymin, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_key, KEYCTL_AH_KEYMIN, ah_keymin, + CTLFLAG_RW, ipsec_ah_keymin, 0, ""); /* perfered old SA rather than new SA */ -SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa, CTLFLAG_RW,\ - &key_preferred_oldsa, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_key, KEYCTL_PREFERED_OLDSA, + preferred_oldsa, CTLFLAG_RW, key_preferred_oldsa, 0, ""); #define __LIST_CHAINED(elm) \ (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL)) @@ -554,6 +554,7 @@ int key_havesp(u_int dir) { + INIT_VNET_IPSEC(curvnet); return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ? LIST_FIRST(&V_sptree[dir]) != NULL : 1); } @@ -568,6 +569,7 @@ struct secpolicy * key_allocsp(struct secpolicyindex *spidx, u_int dir, const char* where, int tag) { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp; IPSEC_ASSERT(spidx != NULL, ("null spidx")); @@ -624,6 +626,7 @@ u_int dir, const char* where, int tag) { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp; IPSEC_ASSERT(dst != NULL, ("null dst")); @@ -685,6 +688,7 @@ const struct sockaddr *idst, const char* where, int tag) { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp; const int dir = IPSEC_DIR_INBOUND; struct ipsecrequest *r1, *r2, *p; @@ -759,6 +763,7 @@ int key_checkrequest(struct ipsecrequest *isr, const struct secasindex *saidx) { + INIT_VNET_IPSEC(curvnet); u_int level; int error; @@ -853,6 +858,7 @@ static struct secasvar * key_allocsa_policy(const struct secasindex *saidx) { + INIT_VNET_IPSEC(curvnet); #define N(a) _ARRAYLEN(a) struct secashead *sah; struct secasvar *sav; @@ -901,6 +907,7 @@ static struct secasvar * key_do_allocsa_policy(struct secashead *sah, u_int state) { + INIT_VNET_IPSEC(curvnet); struct secasvar *sav, *nextsav, *candidate, *d; /* initilize */ @@ -1046,6 +1053,7 @@ u_int32_t spi, const char* where, int tag) { + INIT_VNET_IPSEC(curvnet); struct secashead *sah; struct secasvar *sav; u_int stateidx, arraysize, state; @@ -1115,6 +1123,7 @@ void _key_freesp(struct secpolicy **spp, const char* where, int tag) { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp = *spp; IPSEC_ASSERT(sp != NULL, ("null sp")); @@ -1140,6 +1149,7 @@ void key_freeso(struct socket *so) { + INIT_VNET_IPSEC(curvnet); IPSEC_ASSERT(so != NULL, ("null so")); switch (so->so_proto->pr_domain->dom_family) { @@ -1208,6 +1218,7 @@ void key_freesav(struct secasvar **psav, const char* where, int tag) { + INIT_VNET_IPSEC(curvnet); struct secasvar *sav = *psav; IPSEC_ASSERT(sav != NULL, ("null sav")); @@ -1266,6 +1277,7 @@ static struct secpolicy * key_getsp(struct secpolicyindex *spidx) { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp; IPSEC_ASSERT(spidx != NULL, ("null spidx")); @@ -1292,6 +1304,7 @@ static struct secpolicy * key_getspbyid(u_int32_t id) { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp; SPTREE_LOCK(); @@ -1321,6 +1334,7 @@ struct secpolicy * key_newsp(const char* where, int tag) { + INIT_VNET_IPSEC(curvnet); struct secpolicy *newsp = NULL; newsp = (struct secpolicy *) @@ -1355,6 +1369,7 @@ size_t len; int *error; { + INIT_VNET_IPSEC(curvnet); struct secpolicy *newsp; IPSEC_ASSERT(xpl0 != NULL, ("null xpl0")); @@ -1752,6 +1767,7 @@ struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct sadb_address *src0, *dst0; struct sadb_x_policy *xpl0, *xpl; struct sadb_lifetime *lft = NULL; @@ -1974,6 +1990,7 @@ static u_int32_t key_getnewspid() { + INIT_VNET_IPSEC(curvnet); u_int32_t newid = 0; int count = V_key_spi_trycnt; /* XXX */ struct secpolicy *sp; @@ -2015,6 +2032,7 @@ struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct sadb_address *src0, *dst0; struct sadb_x_policy *xpl0; struct secpolicyindex spidx; @@ -2113,6 +2131,7 @@ struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); u_int32_t id; struct secpolicy *sp; @@ -2205,6 +2224,7 @@ struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); u_int32_t id; struct secpolicy *sp; struct mbuf *n; @@ -2256,6 +2276,7 @@ key_spdacquire(sp) struct secpolicy *sp; { + INIT_VNET_IPSEC(curvnet); struct mbuf *result = NULL, *m; struct secspacq *newspacq; @@ -2318,6 +2339,7 @@ struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct sadb_msg *newmsg; struct secpolicy *sp; u_int dir; @@ -2370,6 +2392,7 @@ struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp; int cnt; u_int dir; @@ -2632,6 +2655,7 @@ key_newsah(saidx) struct secasindex *saidx; { + INIT_VNET_IPSEC(curvnet); struct secashead *newsah; IPSEC_ASSERT(saidx != NULL, ("null saidx")); @@ -2660,6 +2684,7 @@ key_delsah(sah) struct secashead *sah; { + INIT_VNET_IPSEC(curvnet); struct secasvar *sav, *nextsav; u_int stateidx; int zombie = 0; @@ -2716,6 +2741,7 @@ const char* where; int tag; { + INIT_VNET_IPSEC(curvnet); struct secasvar *newsav; const struct sadb_sa *xsa; @@ -2882,6 +2908,7 @@ key_getsah(saidx) struct secasindex *saidx; { + INIT_VNET_IPSEC(curvnet); struct secashead *sah; SAHTREE_LOCK(); @@ -2908,6 +2935,7 @@ struct secasindex *saidx; u_int32_t spi; { + INIT_VNET_IPSEC(curvnet); struct secashead *sah; struct secasvar *sav; @@ -2944,6 +2972,7 @@ struct secashead *sah; u_int32_t spi; { + INIT_VNET_IPSEC(curvnet); struct secasvar *sav; u_int stateidx, state; @@ -2987,6 +3016,7 @@ struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); int error = 0; IPSEC_ASSERT(m != NULL, ("null mbuf")); @@ -3219,6 +3249,7 @@ static int key_mature(struct secasvar *sav) { + INIT_VNET_IPSEC(curvnet); int error; /* check SPI value */ @@ -3649,6 +3680,7 @@ key_dup_keymsg(const struct sadb_key *src, u_int len, struct malloc_type *type) { + INIT_VNET_IPSEC(curvnet); struct seckey *dst; dst = (struct seckey *)malloc(sizeof(struct seckey), type, M_NOWAIT); if (dst != NULL) { @@ -3682,6 +3714,7 @@ key_dup_lifemsg(const struct sadb_lifetime *src, struct malloc_type *type) { + INIT_VNET_IPSEC(curvnet); struct seclifetime *dst = NULL; dst = (struct seclifetime *)malloc(sizeof(struct seclifetime), @@ -3707,6 +3740,7 @@ struct sockaddr *sa; { #ifdef INET + INIT_VNET_INET(curvnet); struct sockaddr_in *sin; struct in_ifaddr *ia; #endif @@ -3751,6 +3785,7 @@ key_ismyaddr6(sin6) struct sockaddr_in6 *sin6; { + INIT_VNET_INET6(curvnet); struct in6_ifaddr *ia; struct in6_multi *in6m; @@ -4072,6 +4107,7 @@ static void key_flush_spd(time_t now) { + INIT_VNET_IPSEC(curvnet); static u_int16_t sptree_scangen = 0; u_int16_t gen = sptree_scangen++; struct secpolicy *sp; @@ -4109,6 +4145,7 @@ static void key_flush_sad(time_t now) { + INIT_VNET_IPSEC(curvnet); struct secashead *sah, *nextsah; struct secasvar *sav, *nextsav; @@ -4247,6 +4284,7 @@ static void key_flush_acq(time_t now) { + INIT_VNET_IPSEC(curvnet); struct secacq *acq, *nextacq; /* ACQ tree */ @@ -4265,6 +4303,7 @@ static void key_flush_spacq(time_t now) { + INIT_VNET_IPSEC(curvnet); struct secspacq *acq, *nextacq; /* SP ACQ tree */ @@ -4291,10 +4330,12 @@ { time_t now = time_second; + VNET_ITERLOOP_BEGIN(); key_flush_spd(now); key_flush_sad(now); key_flush_acq(now); key_flush_spacq(now); + VNET_ITERLOOP_END(); #ifndef IPSEC_DEBUG2 /* do exchange to tick time !! */ @@ -4407,6 +4448,7 @@ struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct sadb_address *src0, *dst0; struct secasindex saidx; struct secashead *newsah; @@ -4601,6 +4643,7 @@ struct sadb_spirange *spirange; struct secasindex *saidx; { + INIT_VNET_IPSEC(curvnet); u_int32_t newspi; u_int32_t min, max; int count = V_key_spi_trycnt; @@ -4682,6 +4725,7 @@ struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct sadb_sa *sa0; struct sadb_address *src0, *dst0; struct secasindex saidx; @@ -4880,6 +4924,7 @@ struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct sadb_sa *sa0; struct sadb_address *src0, *dst0; struct secasindex saidx; @@ -5003,6 +5048,7 @@ struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); const struct sadb_ident *idsrc, *iddst; int idsrclen, iddstlen; @@ -5125,6 +5171,7 @@ struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct sadb_sa *sa0; struct sadb_address *src0, *dst0; struct secasindex saidx; @@ -5236,6 +5283,7 @@ const struct sadb_msghdr *mhp; u_int16_t proto; { + INIT_VNET_IPSEC(curvnet); struct sadb_address *src0, *dst0; struct secasindex saidx; struct secashead *sah; @@ -5321,6 +5369,7 @@ struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct sadb_sa *sa0; struct sadb_address *src0, *dst0; struct secasindex saidx; @@ -5426,6 +5475,7 @@ static struct mbuf * key_getcomb_esp() { + INIT_VNET_IPSEC(curvnet); struct sadb_comb *comb; struct enc_xform *algo; struct mbuf *result = NULL, *m, *n; @@ -5504,6 +5554,7 @@ u_int16_t* min, u_int16_t* max) { + INIT_VNET_IPSEC(curvnet); *min = *max = ah->keysize; if (ah->keysize == 0) { /* @@ -5528,6 +5579,7 @@ static struct mbuf * key_getcomb_ah() { + INIT_VNET_IPSEC(curvnet); struct sadb_comb *comb; struct auth_hash *algo; struct mbuf *m; @@ -5688,6 +5740,7 @@ static int key_acquire(const struct secasindex *saidx, struct secpolicy *sp) { + INIT_VNET_IPSEC(curvnet); struct mbuf *result = NULL, *m; struct secacq *newacq; u_int8_t satype; @@ -5853,6 +5906,7 @@ static struct secacq * key_newacq(const struct secasindex *saidx) { + INIT_VNET_IPSEC(curvnet); struct secacq *newacq; /* get new entry */ @@ -5879,6 +5933,7 @@ static struct secacq * key_getacq(const struct secasindex *saidx) { + INIT_VNET_IPSEC(curvnet); struct secacq *acq; ACQ_LOCK(); @@ -5895,6 +5950,7 @@ key_getacqbyseq(seq) u_int32_t seq; { + INIT_VNET_IPSEC(curvnet); struct secacq *acq; ACQ_LOCK(); @@ -5911,6 +5967,7 @@ key_newspacq(spidx) struct secpolicyindex *spidx; { + INIT_VNET_IPSEC(curvnet); struct secspacq *acq; /* get new entry */ @@ -5937,6 +5994,7 @@ key_getspacq(spidx) struct secpolicyindex *spidx; { + INIT_VNET_IPSEC(curvnet); struct secspacq *acq; SPACQ_LOCK(); @@ -5971,6 +6029,7 @@ struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); const struct sadb_address *src0, *dst0; struct secasindex saidx; struct secashead *sah; @@ -6092,6 +6151,7 @@ struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct secreg *reg, *newreg = 0; IPSEC_ASSERT(so != NULL, ("null socket")); @@ -6246,6 +6306,7 @@ void key_freereg(struct socket *so) { + INIT_VNET_IPSEC(curvnet); struct secreg *reg; int i; @@ -6417,6 +6478,7 @@ struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct sadb_msg *newmsg; struct secashead *sah, *nextsah; struct secasvar *sav, *nextsav; @@ -6500,6 +6562,7 @@ struct mbuf *m; const struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct secashead *sah; struct secasvar *sav; u_int16_t proto; @@ -6680,6 +6743,7 @@ struct mbuf *m; struct socket *so; { + INIT_VNET_IPSEC(curvnet); struct sadb_msg *msg; struct sadb_msghdr mh; u_int orglen; @@ -6951,6 +7015,7 @@ struct mbuf *m; struct sadb_msghdr *mhp; { + INIT_VNET_IPSEC(curvnet); struct mbuf *n; struct sadb_ext *ext; size_t off, end; @@ -7110,6 +7175,7 @@ void key_init(void) { + INIT_VNET_IPSEC(curvnet); int i; SPTREE_LOCK_INIT(); @@ -7215,6 +7281,7 @@ key_sa_routechange(dst) struct sockaddr *dst; { + INIT_VNET_IPSEC(curvnet); struct secashead *sah; struct route *ro; Index: sys/netipsec/keysock.c =========================================================================== --- sys/netipsec/keysock.c 2008/09/03 22:27:36 #22 +++ sys/netipsec/keysock.c 2008/09/03 22:27:36 @@ -52,13 +52,17 @@ #include #include +#include #include #include +#include + #include #include #include #include +#include #include @@ -80,6 +84,7 @@ int key_output(struct mbuf *m, struct socket *so) { + INIT_VNET_IPSEC(curvnet); struct sadb_msg *msg; int len, error = 0; @@ -133,6 +138,7 @@ struct mbuf *m; int promisc; { + INIT_VNET_IPSEC(curvnet); int error; if (promisc) { @@ -177,6 +183,7 @@ u_int len; int target; /*target of the resulting message*/ { + INIT_VNET_IPSEC(curvnet); struct mbuf *m, *n, *mprev; int tlen; @@ -265,6 +272,8 @@ struct mbuf *m; int target; { + INIT_VNET_NET(curvnet); + INIT_VNET_IPSEC(curvnet); struct mbuf *n; struct keycb *kp; int sendup; @@ -382,6 +391,7 @@ static int key_attach(struct socket *so, int proto, struct thread *td) { + INIT_VNET_IPSEC(curvnet); struct keycb *kp; int error; @@ -456,6 +466,7 @@ static void key_detach(struct socket *so) { + INIT_VNET_IPSEC(curvnet); struct keycb *kp = (struct keycb *)sotorawcb(so); KASSERT(kp != NULL, ("key_detach: kp == NULL")); @@ -558,6 +569,7 @@ static void key_init0(void) { + INIT_VNET_IPSEC(curvnet); bzero((caddr_t)&V_key_cb, sizeof(V_key_cb)); key_init(); } Index: sys/netipsec/vipsec.h =========================================================================== *** /dev/null Wed Sep 3 22:22:00 2008 --- sys/netipsec/vipsec.h Wed Sep 3 22:27:41 2008 *************** *** 0 **** --- 1,186 ---- + /* + * Copyright (c) 2007-2008 University of Zagreb + * Copyright (c) 2007-2008 FreeBSD Foundation + * + * This software was developed by the University of Zagreb and the + * FreeBSD Foundation under sponsorship by the Stichting NLnet and the + * FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + + #ifndef _NETIPSEC_VIPSEC_H_ + #define _NETIPSEC_VIPSEC_H_ + + + #ifdef VIMAGE + #include + #include + #include + + #include + #include + #include + #include + #include + + #include + #include + #include + #include + + #include + + struct vnet_ipsec { + int _ipsec_debug; + struct ipsecstat _ipsec4stat; + struct secpolicy _ip4_def_policy; + + int _ip4_esp_trans_deflev; + int _ip4_esp_net_deflev; + int _ip4_ah_trans_deflev; + int _ip4_ah_net_deflev; + int _ip4_ah_offsetmask; + int _ip4_ipsec_dfbit; + int _ip4_ipsec_ecn; + int _ip4_esp_randpad; + + int _ipsec_replay; + int _ipsec_integrity; + int _crypto_support; + + u_int32_t _key_debug_level; + u_int _key_spi_trycnt; + u_int32_t _key_spi_minval; + u_int32_t _key_spi_maxval; + u_int32_t _policy_id; + u_int _key_int_random; + u_int _key_larval_lifetime; + int _key_blockacq_count; + int _key_blockacq_lifetime; + int _key_preferred_oldsa; + u_int32_t _acq_seq; + + u_int _saorder_state_alive[3]; + u_int _saorder_state_any[4]; + int _esp_enable; + struct espstat _espstat; + int _esp_max_ivlen; + int _ipsec_esp_keymin; + int _ipsec_esp_auth; + int _ipsec_ah_keymin; + int _ipip_allow; + struct ipipstat _ipipstat; + + struct ipsecstat _ipsec6stat; + int _ip6_esp_trans_deflev; + int _ip6_esp_net_deflev; + int _ip6_ah_trans_deflev; + int _ip6_ah_net_deflev; + int _ip6_ipsec_ecn; + int _ip6_esp_randpad; + + int _ah_enable; + int _ah_cleartos; + struct ahstat _ahstat; + + int _ipcomp_enable; + struct ipcompstat _ipcompstat; + + struct pfkeystat _pfkeystat; + struct key_cb _key_cb; + struct sockaddr _key_dst; + struct sockaddr _key_src; + + LIST_HEAD(, secpolicy) _sptree[IPSEC_DIR_MAX]; + LIST_HEAD(, secashead) _sahtree; + LIST_HEAD(, secreg) _regtree[SADB_SATYPE_MAX + 1]; + LIST_HEAD(, secacq) _acqtree; + LIST_HEAD(, secspacq) _spacqtree; + }; + #endif + + /* + * Symbol translation macros + */ + #define INIT_VNET_IPSEC(vnet) \ + INIT_FROM_VNET(vnet, VNET_MOD_IPSEC, struct vnet_ipsec, vnet_ipsec) + + #define VNET_IPSEC(sym) VSYM(vnet_ipsec, sym) + + #define V_ipsec_debug VNET_IPSEC(ipsec_debug) + #define V_ipsec4stat VNET_IPSEC(ipsec4stat) + #define V_ip4_def_policy VNET_IPSEC(ip4_def_policy) + #define V_ip4_ah_offsetmask VNET_IPSEC(ip4_ah_offsetmask) + #define V_ip4_ipsec_dfbit VNET_IPSEC(ip4_ipsec_dfbit) + #define V_ip4_esp_trans_deflev VNET_IPSEC(ip4_esp_trans_deflev) + #define V_ip4_esp_net_deflev VNET_IPSEC(ip4_esp_net_deflev) + #define V_ip4_ah_trans_deflev VNET_IPSEC(ip4_ah_trans_deflev) + #define V_ip4_ah_net_deflev VNET_IPSEC(ip4_ah_net_deflev) + #define V_ip4_ipsec_ecn VNET_IPSEC(ip4_ipsec_ecn) + #define V_ip4_esp_randpad VNET_IPSEC(ip4_esp_randpad) + #define V_ipsec_replay VNET_IPSEC(ipsec_replay) + #define V_ipsec_integrity VNET_IPSEC(ipsec_integrity) + #define V_crypto_support VNET_IPSEC(crypto_support) + #define V_key_debug_level VNET_IPSEC(key_debug_level) + #define V_key_spi_trycnt VNET_IPSEC(key_spi_trycnt) + #define V_key_spi_minval VNET_IPSEC(key_spi_minval) + #define V_key_spi_maxval VNET_IPSEC(key_spi_maxval) + #define V_policy_id VNET_IPSEC(policy_id) + #define V_key_int_random VNET_IPSEC(key_int_random) + #define V_key_larval_lifetime VNET_IPSEC(key_larval_lifetime) + #define V_key_blockacq_count VNET_IPSEC(key_blockacq_count) + #define V_key_blockacq_lifetime VNET_IPSEC(key_blockacq_lifetime) + #define V_key_preferred_oldsa VNET_IPSEC(key_preferred_oldsa) + #define V_acq_seq VNET_IPSEC(acq_seq) + #define V_saorder_state_alive VNET_IPSEC(saorder_state_alive) + #define V_saorder_state_any VNET_IPSEC(saorder_state_any) + #define V_esp_enable VNET_IPSEC(esp_enable) + #define V_espstat VNET_IPSEC(espstat) + #define V_esp_max_ivlen VNET_IPSEC(esp_max_ivlen) + #define V_ipsec_esp_keymin VNET_IPSEC(ipsec_esp_keymin) + #define V_ipsec_esp_auth VNET_IPSEC(ipsec_esp_auth) + #define V_ipsec_ah_keymin VNET_IPSEC(ipsec_ah_keymin) + #define V_ipip_allow VNET_IPSEC(ipip_allow) + #define V_ipipstat VNET_IPSEC(ipipstat) + #define V_ipsec6stat VNET_IPSEC(ipsec6stat) + #define V_ip6_esp_trans_deflev VNET_IPSEC(ip6_esp_trans_deflev) + #define V_ip6_esp_net_deflev VNET_IPSEC(ip6_esp_net_deflev) + #define V_ip6_ah_trans_deflev VNET_IPSEC(ip6_ah_trans_deflev) + #define V_ip6_ah_net_deflev VNET_IPSEC(ip6_ah_net_deflev) + #define V_ip6_ipsec_ecn VNET_IPSEC(ip6_ipsec_ecn) + #define V_ip6_esp_randpad VNET_IPSEC(ip6_esp_randpad) + #define V_ah_enable VNET_IPSEC(ah_enable) + #define V_ah_cleartos VNET_IPSEC(ah_cleartos) + #define V_ahstat VNET_IPSEC(ahstat) + #define V_ipcomp_enable VNET_IPSEC(ipcomp_enable) + #define V_ipcompstat VNET_IPSEC(ipcompstat) + #define V_pfkeystat VNET_IPSEC(pfkeystat) + #define V_key_cb VNET_IPSEC(key_cb) + #define V_key_dst VNET_IPSEC(key_dst) + #define V_key_src VNET_IPSEC(key_src) + #define V_sptree VNET_IPSEC(sptree) + #define V_sahtree VNET_IPSEC(sahtree) + #define V_regtree VNET_IPSEC(regtree) + #define V_acqtree VNET_IPSEC(acqtree) + #define V_spacqtree VNET_IPSEC(spacqtree) + #endif /* !_NETIPSEC_VIPSEC_H_ */ Index: sys/netipsec/xform_ah.c =========================================================================== --- sys/netipsec/xform_ah.c 2008/09/03 22:27:36 #17 +++ sys/netipsec/xform_ah.c 2008/09/03 22:27:36 @@ -93,12 +93,12 @@ struct ahstat ahstat; SYSCTL_DECL(_net_inet_ah); -SYSCTL_INT(_net_inet_ah, OID_AUTO, - ah_enable, CTLFLAG_RW, &ah_enable, 0, ""); -SYSCTL_INT(_net_inet_ah, OID_AUTO, - ah_cleartos, CTLFLAG_RW, &ah_cleartos, 0, ""); -SYSCTL_STRUCT(_net_inet_ah, IPSECCTL_STATS, - stats, CTLFLAG_RD, &ahstat, ahstat, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ah, OID_AUTO, + ah_enable, CTLFLAG_RW, ah_enable, 0, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ah, OID_AUTO, + ah_cleartos, CTLFLAG_RW, ah_cleartos, 0, ""); +SYSCTL_V_STRUCT(V_NET, vnet_ipsec, _net_inet_ah, IPSECCTL_STATS, + stats, CTLFLAG_RD, ahstat, ahstat, ""); static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */ @@ -160,6 +160,7 @@ int ah_init0(struct secasvar *sav, struct xformsw *xsp, struct cryptoini *cria) { + INIT_VNET_IPSEC(curvnet); struct auth_hash *thash; int keylen; @@ -214,6 +215,7 @@ static int ah_init(struct secasvar *sav, struct xformsw *xsp) { + INIT_VNET_IPSEC(curvnet); struct cryptoini cria; int error; @@ -248,6 +250,7 @@ static int ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out) { + INIT_VNET_IPSEC(curvnet); struct mbuf *m = *m0; unsigned char *ptr; int off, count; @@ -552,6 +555,7 @@ static int ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) { + INIT_VNET_IPSEC(curvnet); struct auth_hash *ahx; struct tdb_ident *tdbi; struct tdb_crypto *tc; @@ -721,6 +725,7 @@ static int ah_input_cb(struct cryptop *crp) { + INIT_VNET_IPSEC(curvnet); int rplen, error, skip, protoff; unsigned char calc[AH_ALEN_MAX]; struct mbuf *m; @@ -883,6 +888,7 @@ int skip, int protoff) { + INIT_VNET_IPSEC(curvnet); struct secasvar *sav; struct auth_hash *ahx; struct cryptodesc *crda; @@ -1109,6 +1115,7 @@ static int ah_output_cb(struct cryptop *crp) { + INIT_VNET_IPSEC(curvnet); int skip, protoff, error; struct tdb_crypto *tc; struct ipsecrequest *isr; Index: sys/netipsec/xform_esp.c =========================================================================== --- sys/netipsec/xform_esp.c 2008/09/03 22:27:36 #22 +++ sys/netipsec/xform_esp.c 2008/09/03 22:27:36 @@ -80,11 +80,10 @@ struct espstat espstat; SYSCTL_DECL(_net_inet_esp); -SYSCTL_INT(_net_inet_esp, OID_AUTO, - esp_enable, CTLFLAG_RW, &esp_enable, 0, ""); -SYSCTL_STRUCT(_net_inet_esp, IPSECCTL_STATS, - stats, CTLFLAG_RD, &espstat, espstat, ""); - +SYSCTL_V_INT(V_NET, vnet_ipsec,_net_inet_esp, OID_AUTO, + esp_enable, CTLFLAG_RW, esp_enable, 0, ""); +SYSCTL_V_STRUCT(V_NET, vnet_ipsec, _net_inet_esp, IPSECCTL_STATS, + stats, CTLFLAG_RD, espstat, espstat, ""); static int esp_max_ivlen; /* max iv length over all algorithms */ static int esp_input_cb(struct cryptop *op); @@ -123,6 +122,7 @@ size_t esp_hdrsiz(struct secasvar *sav) { + INIT_VNET_IPSEC(curvnet); size_t size; if (sav != NULL) { @@ -157,6 +157,7 @@ static int esp_init(struct secasvar *sav, struct xformsw *xsp) { + INIT_VNET_IPSEC(curvnet); struct enc_xform *txform; struct cryptoini cria, crie; int keylen; @@ -267,6 +268,7 @@ static int esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) { + INIT_VNET_IPSEC(curvnet); struct auth_hash *esph; struct enc_xform *espx; struct tdb_ident *tdbi; @@ -449,6 +451,7 @@ static int esp_input_cb(struct cryptop *crp) { + INIT_VNET_IPSEC(curvnet); u_int8_t lastthree[3], aalg[AH_HMAC_HASHLEN]; int hlen, skip, protoff, error; struct mbuf *m; @@ -652,6 +655,7 @@ int protoff ) { + INIT_VNET_IPSEC(curvnet); struct enc_xform *espx; struct auth_hash *esph; int hlen, rlen, plen, padding, blks, alen, i, roff; @@ -882,6 +886,7 @@ static int esp_output_cb(struct cryptop *crp) { + INIT_VNET_IPSEC(curvnet); struct tdb_crypto *tc; struct ipsecrequest *isr; struct secasvar *sav; Index: sys/netipsec/xform_ipcomp.c =========================================================================== --- sys/netipsec/xform_ipcomp.c 2008/09/03 22:27:36 #13 +++ sys/netipsec/xform_ipcomp.c 2008/09/03 22:27:36 @@ -71,10 +71,10 @@ struct ipcompstat ipcompstat; SYSCTL_DECL(_net_inet_ipcomp); -SYSCTL_INT(_net_inet_ipcomp, OID_AUTO, - ipcomp_enable, CTLFLAG_RW, &ipcomp_enable, 0, ""); -SYSCTL_STRUCT(_net_inet_ipcomp, IPSECCTL_STATS, - stats, CTLFLAG_RD, &ipcompstat, ipcompstat, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipcomp, OID_AUTO, + ipcomp_enable, CTLFLAG_RW, ipcomp_enable, 0, ""); +SYSCTL_V_STRUCT(V_NET, vnet_ipsec, _net_inet_ipcomp, IPSECCTL_STATS, + stats, CTLFLAG_RD, ipcompstat, ipcompstat, ""); static int ipcomp_input_cb(struct cryptop *crp); static int ipcomp_output_cb(struct cryptop *crp); @@ -97,6 +97,7 @@ static int ipcomp_init(struct secasvar *sav, struct xformsw *xsp) { + INIT_VNET_IPSEC(curvnet); struct comp_algo *tcomp; struct cryptoini cric; @@ -137,6 +138,7 @@ static int ipcomp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) { + INIT_VNET_IPSEC(curvnet); struct tdb_crypto *tc; struct cryptodesc *crdc; struct cryptop *crp; @@ -207,6 +209,7 @@ static int ipcomp_input_cb(struct cryptop *crp) { + INIT_VNET_IPSEC(curvnet); struct cryptodesc *crd; struct tdb_crypto *tc; int skip, protoff; @@ -327,6 +330,7 @@ int protoff ) { + INIT_VNET_IPSEC(curvnet); struct secasvar *sav; struct comp_algo *ipcompx; int error, ralen, hlen, maxpacketsize, roff; @@ -485,6 +489,7 @@ static int ipcomp_output_cb(struct cryptop *crp) { + INIT_VNET_IPSEC(curvnet); struct tdb_crypto *tc; struct ipsecrequest *isr; struct secasvar *sav; Index: sys/netipsec/xform_ipip.c =========================================================================== --- sys/netipsec/xform_ipip.c 2008/09/03 22:27:36 #18 +++ sys/netipsec/xform_ipip.c 2008/09/03 22:27:36 @@ -95,10 +95,10 @@ struct ipipstat ipipstat; SYSCTL_DECL(_net_inet_ipip); -SYSCTL_INT(_net_inet_ipip, OID_AUTO, - ipip_allow, CTLFLAG_RW, &ipip_allow, 0, ""); -SYSCTL_STRUCT(_net_inet_ipip, IPSECCTL_STATS, - stats, CTLFLAG_RD, &ipipstat, ipipstat, ""); +SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipip, OID_AUTO, + ipip_allow, CTLFLAG_RW, ipip_allow, 0, ""); +SYSCTL_V_STRUCT(V_NET, vnet_ipsec, _net_inet_ipip, IPSECCTL_STATS, + stats, CTLFLAG_RD, ipipstat, ipipstat, ""); /* XXX IPCOMP */ #define M_IPSEC (M_AUTHIPHDR|M_AUTHIPDGM|M_DECRYPTED) @@ -156,6 +156,8 @@ static void _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) { + INIT_VNET_NET(curvnet); + INIT_VNET_IPSEC(curvnet); register struct sockaddr_in *sin; register struct ifnet *ifp; register struct ifaddr *ifa; @@ -407,6 +409,10 @@ int protoff ) { + INIT_VNET_IPSEC(curvnet); +#ifdef INET + INIT_VNET_INET(curvnet); +#endif /* INET */ struct secasvar *sav; u_int8_t tp, otos; struct secasindex *saidx; Index: sys/nfsclient/nfs_diskless.c =========================================================================== --- sys/nfsclient/nfs_diskless.c 2008/09/03 22:27:36 #20 +++ sys/nfsclient/nfs_diskless.c 2008/09/03 22:27:36 @@ -42,9 +42,9 @@ #include #include #include - #include #include + #include #include #include @@ -149,6 +149,7 @@ void nfs_setup_diskless(void) { + INIT_VNET_NET(curvnet); struct nfs_diskless *nd = &nfs_diskless; struct ifnet *ifp; struct ifaddr *ifa; Index: sys/nfsclient/nfs_vfsops.c =========================================================================== --- sys/nfsclient/nfs_vfsops.c 2008/09/03 22:27:36 #113 +++ sys/nfsclient/nfs_vfsops.c 2008/09/03 22:27:36 @@ -401,6 +401,7 @@ int nfs_mountroot(struct mount *mp, struct thread *td) { + INIT_VPROCG(TD_TO_VPROCG(td)); struct nfsv3_diskless *nd = &nfsv3_diskless; struct socket *so; struct vnode *vp; Index: sys/nfsclient/nfs_vnops.c =========================================================================== --- sys/nfsclient/nfs_vnops.c 2008/09/03 22:27:36 #117 +++ sys/nfsclient/nfs_vnops.c 2008/09/03 22:27:36 @@ -1388,15 +1388,18 @@ if (v3) { tl = nfsm_build(u_int32_t *, NFSX_UNSIGNED); if (fmode & O_EXCL) { + CURVNET_SET(VFSTONFS(dvp->v_mount)->nm_so->so_vnet); *tl = txdr_unsigned(NFSV3CREATE_EXCLUSIVE); tl = nfsm_build(u_int32_t *, NFSX_V3CREATEVERF); #ifdef INET + INIT_VNET_INET(curvnet); if (!TAILQ_EMPTY(&V_in_ifaddrhead)) *tl++ = IA_SIN(TAILQ_FIRST(&V_in_ifaddrhead))->sin_addr.s_addr; else #endif *tl++ = create_verf; *tl = ++create_verf; + CURVNET_RESTORE(); } else { *tl = txdr_unsigned(NFSV3CREATE_UNCHECKED); nfsm_v3attrbuild(vap, FALSE); Index: sys/rpc/authunix_prot.c =========================================================================== --- sys/rpc/authunix_prot.c 2008/09/03 22:27:36 #5 +++ sys/rpc/authunix_prot.c 2008/09/03 22:27:36 @@ -69,6 +69,8 @@ uint32_t namelen; uint32_t ngroups, i; uint32_t junk; +/* XXX VIMAGE */ + INIT_VPROCG(TD_TO_VPROCG(&thread0)); mtx_lock(&hostname_mtx); if (xdrs->x_op == XDR_ENCODE) { Index: sys/sys/sysctl.h =========================================================================== --- sys/sys/sysctl.h 2008/09/03 22:27:36 #65 +++ sys/sys/sysctl.h 2008/09/03 22:27:36 @@ -162,6 +162,8 @@ const char *oid_fmt; int oid_refcnt; const char *oid_descr; + short oid_v_subs; + short oid_v_mod; }; #define SYSCTL_IN(r, p, l) (r->newfunc)(r, p, l) @@ -175,6 +177,10 @@ int sysctl_handle_string(SYSCTL_HANDLER_ARGS); int sysctl_handle_opaque(SYSCTL_HANDLER_ARGS); +int sysctl_handle_v_int(SYSCTL_HANDLER_ARGS); +int sysctl_handle_v_string(SYSCTL_HANDLER_ARGS); +int sysctl_handle_v_opaque(SYSCTL_HANDLER_ARGS); + /* * These functions are used to add/remove an oid from the mib. */ @@ -219,6 +225,20 @@ a1, a2, #name, handler, fmt, 0, __DESCR(descr) }; \ DATA_SET(sysctl_set, sysctl__##parent##_##name) +#ifdef VIMAGE +#define SYSCTL_V_OID(subs, mod, parent, nbr, name, kind, a1, a2, \ + handler, fmt, descr) \ + static struct sysctl_oid sysctl__##parent##_##name = { \ + &sysctl_##parent##_children, { 0 }, nbr, kind, \ + (void *) offsetof(struct mod, _##a1), a2, #name, \ + handler, fmt, 0, __DESCR(descr), subs, V_MOD_##mod }; \ + DATA_SET(sysctl_set, sysctl__##parent##_##name) +#else +#define SYSCTL_V_OID(subs, mod, parent, nbr, name, kind, a1, a2, \ + handler, fmt, descr) \ + SYSCTL_OID(parent, nbr, name, kind, &a1, a2, handler, fmt, descr) +#endif + #define SYSCTL_ADD_OID(ctx, parent, nbr, name, kind, a1, a2, handler, fmt, descr) \ sysctl_add_oid(ctx, parent, nbr, name, kind, a1, a2, handler, fmt, __DESCR(descr)) @@ -237,6 +257,16 @@ SYSCTL_OID(parent, nbr, name, CTLTYPE_STRING|(access), \ arg, len, sysctl_handle_string, "A", descr) +#ifdef VIMAGE +#define SYSCTL_V_STRING(subs, mod, parent, nbr, name, access, sym, len, descr) \ + SYSCTL_V_OID(subs, mod, parent, nbr, name, CTLTYPE_STRING|(access), \ + sym, len, sysctl_handle_v_string, "A", descr) +#else +#define SYSCTL_V_STRING(subs, mod, parent, nbr, name, access, sym, len, descr) \ + SYSCTL_OID(parent, nbr, name, CTLTYPE_STRING|(access), \ + &sym, len, sysctl_handle_string, "A", descr) +#endif + #define SYSCTL_ADD_STRING(ctx, parent, nbr, name, access, arg, len, descr) \ sysctl_add_oid(ctx, parent, nbr, name, CTLTYPE_STRING|(access), \ arg, len, sysctl_handle_string, "A", __DESCR(descr)) @@ -246,6 +276,16 @@ SYSCTL_OID(parent, nbr, name, CTLTYPE_INT|(access), \ ptr, val, sysctl_handle_int, "I", descr) +#ifdef VIMAGE +#define SYSCTL_V_INT(subs, mod, parent, nbr, name, access, sym, val, descr) \ + SYSCTL_V_OID(subs, mod, parent, nbr, name, CTLTYPE_INT|(access), \ + sym, val, sysctl_handle_v_int, "I", descr) +#else +#define SYSCTL_V_INT(subs, mod, parent, nbr, name, access, sym, val, descr) \ + SYSCTL_OID(parent, nbr, name, CTLTYPE_INT|(access), \ + &sym, val, sysctl_handle_int, "I", descr) +#endif + #define SYSCTL_ADD_INT(ctx, parent, nbr, name, access, ptr, val, descr) \ sysctl_add_oid(ctx, parent, nbr, name, CTLTYPE_INT|(access), \ ptr, val, sysctl_handle_int, "I", __DESCR(descr)) @@ -317,6 +357,20 @@ ptr, sizeof(struct type), sysctl_handle_opaque, \ "S," #type, descr) +#ifdef VIMAGE +#define SYSCTL_V_STRUCT(subs, mod, parent, nbr, name, access, sym, \ + type, descr) \ + SYSCTL_V_OID(subs, mod, parent, nbr, name, CTLTYPE_OPAQUE|(access), \ + sym, sizeof(struct type), sysctl_handle_v_opaque, \ + "S," #type, descr) +#else +#define SYSCTL_V_STRUCT(subs, mod, parent, nbr, name, access, sym, \ + type, descr) \ + SYSCTL_OID(parent, nbr, name, CTLTYPE_OPAQUE|(access), \ + &sym, sizeof(struct type), sysctl_handle_opaque, \ + "S," #type, descr) +#endif + #define SYSCTL_ADD_STRUCT(ctx, parent, nbr, name, access, ptr, type, descr) \ sysctl_add_oid(ctx, parent, nbr, name, CTLTYPE_OPAQUE|(access), \ ptr, sizeof(struct type), sysctl_handle_opaque, "S," #type, __DESCR(descr)) @@ -326,6 +380,11 @@ SYSCTL_OID(parent, nbr, name, (access), \ ptr, arg, handler, fmt, descr) +#define SYSCTL_V_PROC(subs, mod, parent, nbr, name, access, sym, arg, \ + handler, fmt, descr) \ + SYSCTL_V_OID(subs, mod, parent, nbr, name, (access), \ + sym, arg, handler, fmt, descr) + #define SYSCTL_ADD_PROC(ctx, parent, nbr, name, access, ptr, arg, handler, fmt, descr) \ sysctl_add_oid(ctx, parent, nbr, name, (access), \ ptr, arg, handler, fmt, __DESCR(descr)) @@ -337,6 +396,30 @@ #define FEATURE(name, desc) \ SYSCTL_INT(_kern_features, OID_AUTO, name, CTLFLAG_RD, 0, 1, desc) +/* + * Resolve void *arg1 in a proper virtualization container. + */ +#ifdef VIMAGE +#define SYSCTL_RESOLVE_V_ARG1() do { \ + char *cp; \ + switch (oidp->oid_v_subs) { \ + case V_NET: \ + cp = (char *) \ + TD_TO_VNET(curthread)->mod_data[oidp->oid_v_mod]; \ + break; \ + case V_PROCG: \ + cp = (char *) TD_TO_VPROCG(curthread); \ + break; \ + case V_CPU: \ + cp = (char *) TD_TO_VCPU(curthread); \ + break; \ + default: \ + panic("unsupported module id %d", oidp->oid_v_subs); \ + } \ + arg1 = cp + (size_t) arg1; \ +} while (0) +#endif + #endif /* _KERNEL */ /* Index: sys/sys/vimage.h =========================================================================== --- sys/sys/vimage.h 2008/09/03 22:27:36 #4 +++ sys/sys/vimage.h 2008/09/03 22:27:36 @@ -33,317 +33,468 @@ #ifndef _SYS_VIMAGE_H_ #define _SYS_VIMAGE_H_ -#define V_hostname hostname -#define G_hostname hostname -#define V_domainname domainname -#define V_acq_seq acq_seq -#define V_acqtree acqtree -#define V_addrsel_policytab addrsel_policytab -#define V_ah_cleartos ah_cleartos -#define V_ah_enable ah_enable -#define V_ahstat ahstat -#define V_arp_maxtries arp_maxtries -#define V_arp_proxyall arp_proxyall -#define V_arpt_keep arpt_keep -#define V_autoinc_step autoinc_step -#define V_blackhole blackhole -#define V_crypto_support crypto_support -#define V_curr_dyn_buckets curr_dyn_buckets -#define V_dad_ignore_ns dad_ignore_ns -#define V_dad_init dad_init -#define V_dad_maxtry dad_maxtry -#define V_dadq dadq -#define V_defaultaddrpolicy defaultaddrpolicy -#define V_divcb divcb -#define V_divcbinfo divcbinfo -#define V_drop_synfin drop_synfin -#define V_dyn_ack_lifetime dyn_ack_lifetime -#define V_dyn_buckets dyn_buckets -#define V_dyn_count dyn_count -#define V_dyn_fin_lifetime dyn_fin_lifetime -#define V_dyn_keepalive dyn_keepalive -#define V_dyn_keepalive_interval dyn_keepalive_interval -#define V_dyn_keepalive_period dyn_keepalive_period -#define V_dyn_max dyn_max -#define V_dyn_rst_lifetime dyn_rst_lifetime -#define V_dyn_short_lifetime dyn_short_lifetime -#define V_dyn_syn_lifetime dyn_syn_lifetime -#define V_dyn_udp_lifetime dyn_udp_lifetime -#define V_esp_enable esp_enable -#define V_esp_max_ivlen esp_max_ivlen -#define V_espstat espstat -#define V_ether_ipfw ether_ipfw -#define V_frag6_nfragpackets frag6_nfragpackets -#define V_frag6_nfrags frag6_nfrags -#define V_fw6_enable fw6_enable -#define V_fw_debug fw_debug -#define V_fw_deny_unknown_exthdrs fw_deny_unknown_exthdrs -#define V_fw_enable fw_enable -#define V_fw_one_pass fw_one_pass -#define V_fw_verbose fw_verbose -#define V_gif_softc_list gif_softc_list -#define V_icmp6_nodeinfo icmp6_nodeinfo -#define V_icmp6_rediraccept icmp6_rediraccept -#define V_icmp6_redirtimeout icmp6_redirtimeout -#define V_icmp6errpps_count icmp6errpps_count -#define V_icmp6errppslim icmp6errppslim -#define V_icmp6errppslim_last icmp6errppslim_last -#define V_icmp6stat icmp6stat -#define V_icmp_may_rst icmp_may_rst -#define V_icmpstat icmpstat -#define V_if_index if_index -#define V_if_indexlim if_indexlim -#define V_ifaddr_event_tag ifaddr_event_tag -#define V_ifg_head ifg_head -#define V_ifindex_table ifindex_table -#define V_ifklist ifklist -#define V_ifnet ifnet -#define V_igmpstat igmpstat -#define V_in6_ifaddr in6_ifaddr -#define V_in6_maxmtu in6_maxmtu -#define V_in6_tmpaddrtimer_ch in6_tmpaddrtimer_ch -#define V_in_ifaddrhashtbl in_ifaddrhashtbl -#define V_in_ifaddrhead in_ifaddrhead -#define V_in_ifaddrhmask in_ifaddrhmask -#define V_in_multihead in_multihead -#define V_ip4_ah_net_deflev ip4_ah_net_deflev -#define V_ip4_ah_offsetmask ip4_ah_offsetmask -#define V_ip4_ah_trans_deflev ip4_ah_trans_deflev -#define V_ip4_def_policy ip4_def_policy -#define V_ip4_esp_net_deflev ip4_esp_net_deflev -#define V_ip4_esp_randpad ip4_esp_randpad -#define V_ip4_esp_trans_deflev ip4_esp_trans_deflev -#define V_ip4_ipsec_dfbit ip4_ipsec_dfbit -#define V_ip4_ipsec_ecn ip4_ipsec_ecn -#define V_ip6_accept_rtadv ip6_accept_rtadv -#define V_ip6_ah_net_deflev ip6_ah_net_deflev -#define V_ip6_ah_trans_deflev ip6_ah_trans_deflev -#define V_ip6_auto_flowlabel ip6_auto_flowlabel -#define V_ip6_auto_linklocal ip6_auto_linklocal -#define V_ip6_dad_count ip6_dad_count -#define V_ip6_defhlim ip6_defhlim -#define V_ip6_defmcasthlim ip6_defmcasthlim -#define V_ip6_desync_factor ip6_desync_factor -#define V_ip6_esp_net_deflev ip6_esp_net_deflev -#define V_ip6_esp_trans_deflev ip6_esp_trans_deflev -#define V_ip6_forward_rt ip6_forward_rt -#define V_ip6_forward_srcrt ip6_forward_srcrt -#define V_ip6_forwarding ip6_forwarding -#define V_ip6_gif_hlim ip6_gif_hlim -#define V_ip6_hdrnestlimit ip6_hdrnestlimit -#define V_ip6_ipsec_ecn ip6_ipsec_ecn -#define V_ip6_keepfaith ip6_keepfaith -#define V_ip6_log_interval ip6_log_interval -#define V_ip6_log_time ip6_log_time -#define V_ip6_maxfragpackets ip6_maxfragpackets -#define V_ip6_maxfrags ip6_maxfrags -#define V_ip6_mcast_pmtu ip6_mcast_pmtu -#define V_ip6_mrouter_ver ip6_mrouter_ver -#define V_ip6_opts ip6_opts -#define V_ip6_ours_check_algorithm ip6_ours_check_algorithm -#define V_ip6_prefer_tempaddr ip6_prefer_tempaddr -#define V_ip6_rr_prune ip6_rr_prune -#define V_ip6_sendredirects ip6_sendredirects -#define V_ip6_sourcecheck ip6_sourcecheck -#define V_ip6_sourcecheck_interval ip6_sourcecheck_interval -#define V_ip6_temp_preferred_lifetime ip6_temp_preferred_lifetime -#define V_ip6_temp_regen_advance ip6_temp_regen_advance -#define V_ip6_temp_valid_lifetime ip6_temp_valid_lifetime -#define V_ip6_use_defzone ip6_use_defzone -#define V_ip6_use_deprecated ip6_use_deprecated -#define V_ip6_use_tempaddr ip6_use_tempaddr -#define V_ip6_v6only ip6_v6only -#define V_ip6q ip6q -#define V_ip6qmaxlen ip6qmaxlen -#define V_ip6stat ip6stat -#define V_ip6stealth ip6stealth -#define V_ip_checkinterface ip_checkinterface -#define V_ip_defttl ip_defttl -#define V_ip_do_randomid ip_do_randomid -#define V_ip_gif_ttl ip_gif_ttl -#define V_ip_id ip_id -#define V_ip_keepfaith ip_keepfaith -#define V_ip_mrouter ip_mrouter -#define V_ip_rsvp_on ip_rsvp_on -#define V_ip_rsvpd ip_rsvpd -#define V_ip_sendsourcequench ip_sendsourcequench -#define V_ipcomp_enable ipcomp_enable -#define V_ipcompstat ipcompstat -#define V_ipfastforward_active ipfastforward_active -#define V_ipforwarding ipforwarding -#define V_ipfw_dyn_v ipfw_dyn_v -#define V_ipfw_timeout ipfw_timeout -#define V_ipip_allow ipip_allow -#define V_ipipstat ipipstat -#define V_ipport_firstauto ipport_firstauto -#define V_ipport_hifirstauto ipport_hifirstauto -#define V_ipport_hilastauto ipport_hilastauto -#define V_ipport_lastauto ipport_lastauto -#define V_ipport_lowfirstauto ipport_lowfirstauto -#define V_ipport_lowlastauto ipport_lowlastauto -#define V_ipport_randomcps ipport_randomcps -#define V_ipport_randomized ipport_randomized -#define V_ipport_randomtime ipport_randomtime -#define V_ipport_reservedhigh ipport_reservedhigh -#define V_ipport_reservedlow ipport_reservedlow -#define V_ipport_stoprandom ipport_stoprandom -#define V_ipport_tcpallocs ipport_tcpallocs -#define V_ipport_tcplastcount ipport_tcplastcount -#define V_ipq ipq -#define V_ipq_zone ipq_zone -#define V_ipsec4stat ipsec4stat -#define V_ipsec6stat ipsec6stat -#define V_ipsec_ah_keymin ipsec_ah_keymin -#define V_ipsec_debug ipsec_debug -#define V_ipsec_esp_auth ipsec_esp_auth -#define V_ipsec_esp_keymin ipsec_esp_keymin -#define V_ipsec_integrity ipsec_integrity -#define V_ipsec_replay ipsec_replay -#define V_ipsendredirects ipsendredirects -#define V_ipstat ipstat -#define V_ipstealth ipstealth -#define V_isn_ctx isn_ctx -#define V_isn_last_reseed isn_last_reseed -#define V_isn_offset isn_offset -#define V_isn_offset_old isn_offset_old -#define V_isn_secret isn_secret -#define V_key_blockacq_count key_blockacq_count -#define V_key_blockacq_lifetime key_blockacq_lifetime -#define V_key_cb key_cb -#define V_key_debug_level key_debug_level -#define V_key_int_random key_int_random -#define V_key_larval_lifetime key_larval_lifetime -#define V_key_preferred_oldsa key_preferred_oldsa -#define V_key_spi_maxval key_spi_maxval -#define V_key_spi_minval key_spi_minval -#define V_key_spi_trycnt key_spi_trycnt -#define V_key_src key_src -#define V_layer3_chain layer3_chain -#define V_llinfo_arp llinfo_arp -#define V_llinfo_nd6 llinfo_nd6 -#define V_lo_list lo_list -#define V_loif loif -#define V_max_gif_nesting max_gif_nesting -#define V_maxfragsperpacket maxfragsperpacket -#define V_maxnipq maxnipq -#define V_mrt6debug mrt6debug -#define V_nd6_allocated nd6_allocated -#define V_nd6_debug nd6_debug -#define V_nd6_defifindex nd6_defifindex -#define V_nd6_defifp nd6_defifp -#define V_nd6_delay nd6_delay -#define V_nd6_gctimer nd6_gctimer -#define V_nd6_inuse nd6_inuse -#define V_nd6_maxndopt nd6_maxndopt -#define V_nd6_maxnudhint nd6_maxnudhint -#define V_nd6_maxqueuelen nd6_maxqueuelen -#define V_nd6_mmaxtries nd6_mmaxtries -#define V_nd6_prune nd6_prune -#define V_nd6_recalc_reachtm_interval nd6_recalc_reachtm_interval -#define V_nd6_slowtimo_ch nd6_slowtimo_ch -#define V_nd6_timer_ch nd6_timer_ch -#define V_nd6_umaxtries nd6_umaxtries -#define V_nd6_useloopback nd6_useloopback -#define V_nd_defrouter nd_defrouter -#define V_nd_prefix nd_prefix -#define V_nextID nextID -#define V_ng_ID_hash ng_ID_hash -#define V_ng_eiface_unit ng_eiface_unit -#define V_ng_iface_unit ng_iface_unit -#define V_ng_name_hash ng_name_hash -#define V_nipq nipq -#define V_nolocaltimewait nolocaltimewait -#define V_norule_counter norule_counter -#define V_parallel_tunnels parallel_tunnels -#define V_path_mtu_discovery path_mtu_discovery -#define V_pfkeystat pfkeystat -#define V_pim6 pim6 -#define V_pmtu_expire pmtu_expire -#define V_pmtu_probe pmtu_probe -#define V_policy_id policy_id -#define V_rawcb_list rawcb_list -#define V_regtree regtree -#define V_rip6_recvspace rip6_recvspace -#define V_rip6_sendspace rip6_sendspace -#define V_rip6stat rip6stat -#define V_ripcb ripcb -#define V_ripcbinfo ripcbinfo -#define V_router_info_head router_info_head -#define V_rsvp_on rsvp_on -#define V_rt_tables rt_tables -#define V_rtq_minreallyold rtq_minreallyold -#define V_rtq_minreallyold6 rtq_minreallyold6 -#define V_rtq_mtutimer rtq_mtutimer -#define V_rtq_reallyold rtq_reallyold -#define V_rtq_reallyold6 rtq_reallyold6 -#define V_rtq_timeout rtq_timeout -#define V_rtq_timeout6 rtq_timeout6 -#define V_rtq_timer rtq_timer -#define V_rtq_timer6 rtq_timer6 -#define V_rtq_toomany rtq_toomany -#define V_rtq_toomany6 rtq_toomany6 -#define V_rtstat rtstat -#define V_rttrash rttrash -#define V_sahtree sahtree -#define V_sameprefixcarponly sameprefixcarponly -#define V_saorder_state_alive saorder_state_alive -#define V_saorder_state_any saorder_state_any -#define V_set_disable set_disable -#define V_sid_default sid_default -#define V_spacqtree spacqtree -#define V_sptree sptree -#define V_ss_fltsz ss_fltsz -#define V_ss_fltsz_local ss_fltsz_local -#define V_static_len static_len -#define V_static_count static_count -#define V_subnetsarelocal subnetsarelocal -#define V_tcb tcb -#define V_tcbinfo tcbinfo -#define V_tcp_autorcvbuf_inc tcp_autorcvbuf_inc -#define V_tcp_autorcvbuf_max tcp_autorcvbuf_max -#define V_tcp_autosndbuf_inc tcp_autosndbuf_inc -#define V_tcp_autosndbuf_max tcp_autosndbuf_max -#define V_tcp_delack_enabled tcp_delack_enabled -#define V_tcp_do_autorcvbuf tcp_do_autorcvbuf -#define V_tcp_do_autosndbuf tcp_do_autosndbuf -#define V_tcp_do_ecn tcp_do_ecn -#define V_tcp_do_newreno tcp_do_newreno -#define V_tcp_do_rfc1323 tcp_do_rfc1323 -#define V_tcp_do_rfc3042 tcp_do_rfc3042 -#define V_tcp_do_rfc3390 tcp_do_rfc3390 -#define V_tcp_do_sack tcp_do_sack -#define V_tcp_do_tso tcp_do_tso -#define V_tcp_hc_callout tcp_hc_callout -#define V_tcp_ecn_maxretries tcp_ecn_maxretries -#define V_tcp_hostcache tcp_hostcache -#define V_tcp_inflight_enable tcp_inflight_enable -#define V_tcp_inflight_max tcp_inflight_max -#define V_tcp_inflight_min tcp_inflight_min -#define V_tcp_inflight_rttthresh tcp_inflight_rttthresh -#define V_tcp_inflight_stab tcp_inflight_stab -#define V_tcp_insecure_rst tcp_insecure_rst -#define V_tcp_isn_reseed_interval tcp_isn_reseed_interval -#define V_tcp_minmss tcp_minmss -#define V_tcp_mssdflt tcp_mssdflt -#define V_tcp_reass_maxqlen tcp_reass_maxqlen -#define V_tcp_reass_maxseg tcp_reass_maxseg -#define V_tcp_reass_overflows tcp_reass_overflows -#define V_tcp_reass_qsize tcp_reass_qsize -#define V_tcp_sack_globalholes tcp_sack_globalholes -#define V_tcp_sack_globalmaxholes tcp_sack_globalmaxholes -#define V_tcp_sack_maxholes tcp_sack_maxholes -#define V_tcp_sc_rst_sock_fail tcp_sc_rst_sock_fail -#define V_tcp_syncache tcp_syncache -#define V_tcp_v6mssdflt tcp_v6mssdflt -#define V_tcpstat tcpstat -#define V_twq_2msl twq_2msl -#define V_udb udb -#define V_udbinfo udbinfo -#define V_udp_blackhole udp_blackhole -#define V_udp6_recvspace udp6_recvspace -#define V_udp6_sendspace udp6_sendspace -#define V_udpstat udpstat -#define V_useloopback useloopback -#define V_verbose_limit verbose_limit +#include +#include +#include +#include + +#ifdef INVARIANTS +#define VNET_DEBUG +#endif + +struct vimage; +struct vprocg; +struct vnet; +struct vi_req; +struct kld_sym_lookup; + +struct ifnet; /* XXX must go away */ + +#define curvnet curthread->td_vnet + +#define basevnet thread0.td_ucred->cr_vimage->v_net +#define basevprocg thread0.td_ucred->cr_vimage->v_procg +#define basevcpu thread0.td_ucred->cr_vimage->v_cpu + +typedef int vnet_attach_fn(const void *); +typedef int vnet_detach_fn(const void *); + + +#ifdef VIMAGE + +#define V_GLOBAL 0 +#define V_NET 1 +#define V_PROCG 2 +#define V_CPU 3 + +#define VNET_MOD_NONE -1 +/*statefull modules */ +#define VNET_MOD_NET 0 +#define VNET_MOD_NETGRAPH 1 +#define VNET_MOD_INET 2 +#define VNET_MOD_INET6 3 +#define VNET_MOD_IPSEC 4 +#define VNET_MOD_IPFW 5 +#define VNET_MOD_DUMMYNET 6 +#define VNET_MOD_PF 7 +#define VNET_MOD_ALTQ 8 +#define VNET_MOD_IPX 9 +#define VNET_MOD_ATALK 10 +/* stateless modules */ +#define VNET_MOD_NG_WORMHOLE 19 +#define VNET_MOD_NG_ETHER 20 +#define VNET_MOD_NG_IFACE 21 +#define VNET_MOD_NG_EIFACE 22 +#define VNET_MOD_ESP 23 +#define VNET_MOD_IPIP 24 +#define VNET_MOD_AH 25 +#define VNET_MOD_IPCOMP 26 +#define VNET_MOD_GIF 27 +#define VNET_MOD_ARP 28 +#define VNET_MOD_RTABLE 29 +#define VNET_MOD_LOIF 30 +#define VNET_MOD_DOMAIN 31 +#define VNET_MOD_DYNAMIC_START 32 +#define VNET_MOD_MAX 64 + +/* Needed for ugly sysctl virtualization macros */ +#define V_MOD_vnet_net VNET_MOD_NET +#define V_MOD_vnet_netgraph VNET_MOD_NETGRAPH +#define V_MOD_vnet_inet VNET_MOD_INET +#define V_MOD_vnet_inet6 VNET_MOD_INET6 +#define V_MOD_vnet_ipfw VNET_MOD_IPFW +#define V_MOD_vnet_pf VNET_MOD_PF +#define V_MOD_vnet_gif VNET_MOD_GIF +#define V_MOD_vnet_ipsec VNET_MOD_IPSEC + +#define V_MOD_vprocg 0 +#define V_MOD_vcpu 0 + +struct vnet { + void *mod_data[VNET_MOD_MAX]; + + u_int vnet_ref; /* reference count */ + LIST_ENTRY(vnet) vnet_le; /* all vnets list */ + u_int vnet_id; /* ID num */ + + u_int ifccnt; + u_int sockcnt; + + u_int vnet_magic_n; +}; + +struct vnet_symmap { + char *name; + size_t offset; + size_t size; +}; + +struct vnet_modinfo { + u_int vmi_id; + u_int vmi_dependson; + char *vmi_name; + vnet_attach_fn *vmi_iattach; + vnet_detach_fn *vmi_idetach; + size_t vmi_struct_size; + struct vnet_symmap *vmi_symmap; +}; + +struct vnet_modlink { + TAILQ_ENTRY(vnet_modlink) vml_mod_le; + const struct vnet_modinfo *vml_modinfo; + const void *vml_iarg; + const char *vml_iname; +}; + +#define VNET_MOD_DECLARE(m_name_uc, m_name_lc, m_iattach, m_idetach, \ + m_dependson, m_symmap) \ + static const struct vnet_modinfo vnet_##m_name_lc##_modinfo = { \ + .vmi_id = VNET_MOD_##m_name_uc, \ + .vmi_dependson = VNET_MOD_##m_dependson, \ + .vmi_name = #m_name_lc, \ + .vmi_iattach = m_iattach, \ + .vmi_idetach = m_idetach, \ + .vmi_struct_size = \ + sizeof(struct vnet_##m_name_lc), \ + .vmi_symmap = m_symmap \ +}; + +#define VNET_MOD_DECLARE_STATELESS(m_name_uc, m_name_lc, m_iattach, m_idetach, \ + m_dependson) \ + static const struct vnet_modinfo vnet_##m_name_lc##_modinfo = { \ + .vmi_id = VNET_MOD_##m_name_uc, \ + .vmi_dependson = VNET_MOD_##m_dependson, \ + .vmi_name = #m_name_lc, \ + .vmi_iattach = m_iattach, \ + .vmi_idetach = m_idetach \ +}; + +#define VSYM(base, sym) ((base)->_##sym) + +#define VNET_SYMMAP(mod, name) \ + { #name, offsetof(struct vnet_##mod, _##name), \ + sizeof(((struct vnet_##mod *) curthread)->_##name) } + +#define VNET_SYMMAP_END \ + { NULL, 0 } + +#define VNET_MAGIC_N 0x3e0d8f29 + + +#ifdef VNET_DEBUG + +#define VNET_ASSERT(condition) \ + if (!(condition)) { \ + printf("VNET_ASSERT @ %s:%d %s():\n", \ + __FILE__, __LINE__, __FUNCTION__); \ + panic(#condition); \ + } + +#define CURVNET_SET_QUIET(arg) \ + VNET_ASSERT((arg)->vnet_magic_n == VNET_MAGIC_N); \ + struct vnet *saved_vnet = curvnet; \ + const char *saved_vnet_lpush = curthread->td_vnet_lpush; \ + curvnet = arg; \ + curthread->td_vnet_lpush = __FUNCTION__; + +#define CURVNET_SET_VERBOSE(arg) \ + CURVNET_SET_QUIET(arg) \ + if (saved_vnet) \ + printf("curvnet_set(%p) in %s() on cpu %d, prev %p in %s()\n", \ + curvnet, curthread->td_vnet_lpush, curcpu, \ + saved_vnet, saved_vnet_lpush); + +#define CURVNET_SET(arg) CURVNET_SET_VERBOSE(arg) + +#define CURVNET_RESTORE() \ + VNET_ASSERT(saved_vnet == NULL || \ + saved_vnet->vnet_magic_n == VNET_MAGIC_N); \ + curvnet = saved_vnet; \ + curthread->td_vnet_lpush = saved_vnet_lpush; + +#define INIT_FROM_VNET(vnet, modindex, modtype, sym) \ + if (vnet != curvnet) \ + panic("in %s:%d %s()\n vnet=%p curvnet=%p", \ + __FILE__, __LINE__, __FUNCTION__, \ + vnet, curvnet); \ + modtype *sym = (vnet)->mod_data[modindex]; + +#define VNET_ITERLOOP_BEGIN() \ + struct vnet *vnet_iter; \ + VNET_LIST_REF(); \ + LIST_FOREACH(vnet_iter, &vnet_head, vnet_le) { \ + CURVNET_SET(vnet_iter); + +#define VNET_ITERLOOP_BEGIN_QUIET() \ + struct vnet *vnet_iter; \ + VNET_LIST_REF(); \ + LIST_FOREACH(vnet_iter, &vnet_head, vnet_le) { \ + CURVNET_SET_QUIET(vnet_iter); + +#define VNET_ITERLOOP_END() \ + CURVNET_RESTORE(); \ + } \ + VNET_LIST_UNREF(); + +#else /* !VNET_DEBUG */ + +#define VNET_ASSERT(condition) + +#define CURVNET_SET(arg) \ + struct vnet *saved_vnet = curvnet; \ + curvnet = arg; + +#define CURVNET_SET_VERBOSE(arg) CURVNET_SET(arg) +#define CURVNET_SET_QUIET(arg) CURVNET_SET(arg) + +#define CURVNET_RESTORE() \ + curvnet = saved_vnet; + +#define INIT_FROM_VNET(vnet, modindex, modtype, sym) \ + modtype *sym = (vnet)->mod_data[modindex]; + +#define VNET_ITERLOOP_BEGIN() \ + struct vnet *vnet_iter; \ + VNET_LIST_REF(); \ + LIST_FOREACH(vnet_iter, &vnet_head, vnet_le) { \ + CURVNET_SET(vnet_iter); + +#define VNET_ITERLOOP_BEGIN_QUIET() VNET_ITERLOOP_BEGIN() + +#define VNET_ITERLOOP_END() \ + CURVNET_RESTORE(); \ + } \ + VNET_LIST_UNREF(); + +#endif /* !VNET_DEBUG */ + +#define INIT_VPROCG(arg) struct vprocg *vprocg = (arg); + +#define VPROCG_ITERLOOP_BEGIN() \ + struct vprocg *vprocg_iter; \ + LIST_FOREACH(vprocg_iter, &vprocg_head, vprocg_le) { \ + +#define VPROCG_ITERLOOP_END() \ + } \ + +#define INIT_VCPU(arg) struct vcpu *vcpu = (arg); + +#define TD_TO_VIMAGE(td) (td)->td_ucred->cr_vimage +#define TD_TO_VNET(td) (td)->td_ucred->cr_vimage->v_net +#define TD_TO_VPROCG(td) (td)->td_ucred->cr_vimage->v_procg +#define TD_TO_VCPU(td) (td)->td_ucred->cr_vimage->v_cpu +#define P_TO_VIMAGE(p) (p)->p_ucred->cr_vimage +#define P_TO_VNET(p) (p)->p_ucred->cr_vimage->v_net +#define P_TO_VPROCG(p) (p)->p_ucred->cr_vimage->v_procg +#define P_TO_VCPU(p) (p)->p_ucred->cr_vimage->v_cpu + +#else /* !VIMAGE */ + +/* Non-VIMAGE null-macros */ +#define VNET_MOD_DECLARE(m_name_uc, m_name_lc, m_iattach, m_idetach, \ + m_dependson, m_symmap) +#define VNET_MOD_DECLARE_STATELESS(m_name_uc, m_name_lc, m_iattach, m_idetach, \ + m_dependson) +#define CURVNET_SET(arg) +#define CURVNET_SET_QUIET(arg) +#define CURVNET_RESTORE() +#define VNET_ASSERT(condition) +#define VSYM(base, sym) (sym) +#define INIT_FROM_VNET(vnet, modindex, modtype, sym) +#define VNET_ITERLOOP_BEGIN() +#define VNET_ITERLOOP_BEGIN_QUIET() +#define VNET_ITERLOOP_END() +#define INIT_VPROCG(arg) +#define VPROCG_ITERLOOP_BEGIN() +#define VPROCG_ITERLOOP_END() +#define INIT_VCPU(arg) +#define TD_TO_VIMAGE(td) +#define TD_TO_VNET(td) +#define TD_TO_VPROCG(td) +#define TD_TO_VCPU(td) +#define P_TO_VIMAGE(p) +#define P_TO_VNET(p) +#define P_TO_VPROCG(p) +#define P_TO_VCPU(p) + +#endif /* !VIMAGE */ + +/* XXX those defines bellow should probably go into vprocg.h and vcpu.h */ +#define VPROCG(sym) VSYM(vprocg, sym) +#define VCPU(sym) VSYM(vcpu, sym) + +#define V_hostname VPROCG(hostname) +#define G_hostname VSYM(basevprocg, hostname) /* global hostname */ +#define V_domainname VPROCG(domainname) +#define V_morphing_symlinks VPROCG(morphing_symlinks) + +#define V_acc_statcalls VCPU(acc_statcalls) +#define V_avg1_fixp VCPU(avg1_fixp) +#define V_avg2_fixp VCPU(avg2_fixp) + +#ifdef VIMAGE +void vnet_mod_register(const struct vnet_modinfo *); +void vnet_mod_deregister(const struct vnet_modinfo *); +void vnet_mod_register_multi(const struct vnet_modinfo *, void *, char *); +void vnet_mod_deregister_multi(const struct vnet_modinfo *, void *, char *); + +void printcpuinfo(struct vprocg *); +void vi_cpu_acct(void *); +int vi_td_ioctl(u_long, struct vi_req *, struct thread *); +int vi_if_move(struct vi_req *, struct ifnet *, struct vimage *); +void if_reassign_common(struct ifnet *, struct vnet *, const char *); + +int vi_symlookup(struct kld_sym_lookup *, char *); +struct vimage *vnet2vimage(struct vnet *); +struct vimage *vimage_by_name(struct vimage *, char *); +char *vnet_name(struct vnet *); +int vi_child_of(struct vimage *, struct vimage *); + +LIST_HEAD(vimage_list_head, vimage); +extern struct vimage_list_head vimage_head; + +LIST_HEAD(vprocg_list_head, vprocg); +extern struct vprocg_list_head vprocg_head; + +LIST_HEAD(vcpu_list_head, vcpu); +extern struct vcpu_list_head vcpu_head; + +LIST_HEAD(vnet_list_head, vnet); +extern struct vnet_list_head vnet_head; +extern int vnet_list_refc; +extern struct mtx vnet_list_refc_mtx; +extern struct cv vnet_list_condvar; +extern struct mtx vcpu_list_mtx; + +#define VNET_LIST_REF() \ + mtx_lock(&vnet_list_refc_mtx); \ + vnet_list_refc++; \ + mtx_unlock(&vnet_list_refc_mtx); + +#define VNET_LIST_UNREF() \ + mtx_lock(&vnet_list_refc_mtx); \ + vnet_list_refc--; \ + mtx_unlock(&vnet_list_refc_mtx); \ + cv_signal(&vnet_list_condvar); + +#define IS_DEFAULT_VIMAGE(arg) ((arg)->vi_id == 0) +#define IS_DEFAULT_VNET(arg) ((arg)->vnet_id == 0) + +struct vimage { + LIST_ENTRY(vimage) vi_le; /* all vimage list */ + LIST_ENTRY(vimage) vi_sibling; /* vimages with same parent */ + LIST_HEAD(, vimage) vi_child_head; /* direct offspring list */ + struct vimage *vi_parent; /* ptr to parent vimage */ + u_int vi_id; /* ID num */ + u_int vi_ucredrefc; /* refc of ucreds pointing to us */ + + char vi_name[MAXHOSTNAMELEN]; /* assigned by parent */ + + struct vprocg *v_procg; + struct vcpu *v_cpu; + struct vnet *v_net; +}; + +struct vprocg { + LIST_ENTRY(vprocg) vprocg_le; + u_int vprocg_ref; /* reference count */ + u_int vprocg_id; /* ID num */ + + u_int nprocs; + + char _hostname[MAXHOSTNAMELEN]; + char _domainname[MAXHOSTNAMELEN]; + + int _morphing_symlinks; + +#if 0 + long _cp_time[CPUSTATES]; + + struct loadavg _averunnable; /* from kern/kern_synch.c */ + int _sched_tdcnt; /* from kern/sched_4bsd.c */ + int _tdq_sysload[32]; /* XXX MAXCPUS from kern/sched_ule.c (SMP) */ + + u_int proc_limit; /* max. number of processes */ + + struct msgbuf *msgbufp; + int msgbuftrigger; + int msg_seqn; + + pid_t log_open_pid; + int log_sc_state; + struct selinfo log_sc_selp; + struct sigio *log_sc_sigio; + struct callout log_sc_callout; + + struct timeval boottime; + long boottdelta_sec; + + char chroot[MAXPATHLEN]; /* assigned/inherited from parent */ + + int big_brother; /* manage procs in all child vprocgs */ +#endif +}; + +struct vcpu { + LIST_ENTRY(vcpu) vcpu_le; + u_int vcpu_ref; /* reference count */ + u_int vcpu_id; /* ID num */ + + u_int _acc_statcalls; /* statclocks since last avg update*/ + u_int _avg1_fixp; /* "fast" avg in 16:16 bit fixedpoint */ + u_int _avg2_fixp; /* "slow" avg in 16:16 bit fixedpoint */ + +#if 0 + u_int cpu_min; /* Guaranteed CPU share */ + u_int cpu_max; /* Maximum average CPU usage */ + u_int intr_limit; /* Limit on CPU usage in intr ctx */ + u_int cpu_weight; /* Prop. share scheduling priority */ + u_int cpu_elimit; /* Dynamic soft CPU usage limit */ + u_int schedstamp; /* Prop. share scheduler tmp var */ + u_int forcedmin; /* Prop. share scheduler tmp var */ +#endif +}; + +#endif /* VIMAGE */ + +struct vi_req { + int req_action; /* What to do with this reqest? */ + u_int vi_cpu_min; /* Guaranteed CPU share */ + u_int vi_cpu_max; /* Maximum average CPU usage */ + u_int vi_cpu_weight; /* Prop. share scheduling priority */ + int vi_intr_limit; /* Limit on CPU usage in intr ctx */ + int vi_maxsockets; + u_short vi_proc_limit; /* max. number of processes */ + u_short vi_proc_count; /* current number of processes */ + u_short vi_child_limit; /* max. number of child vnets */ + u_short vi_child_count; /* current number of child vnets */ + int vi_if_count; /* current number network interfaces */ + int vi_sock_count; + char vi_name[MAXPATHLEN]; + char vi_chroot[MAXPATHLEN]; + char vi_if_xname[MAXPATHLEN]; /* XXX should be IFNAMSIZ */ + u_int cp_time_avg; + struct loadavg averunnable; +}; + +#define VI_CREATE 0x00000001 +#define VI_DESTROY 0x00000002 +#define VI_MODIFY 0x00000004 +#define VI_SWITCHTO 0x00000008 +#define VI_IFACE 0x00000010 + +#define VI_GET 0x00000100 +#define VI_GETNEXT 0x00000200 +#define VI_GETNEXT_RECURSE 0x00000300 + +#define VI_SET_CPU_MIN 0x00001000 +#define VI_SET_CPU_MAX 0x00002000 +#define VI_SET_CPU_WEIGHT 0x00004000 +#define VI_SET_INTR_LIMIT 0x00008000 +#define VI_SET_PROC_LIMIT 0x00010000 +#define VI_SET_CHILD_LIMIT 0x00020000 +#define VI_SET_SOCK_LIMIT 0x00040000 +#define VI_SET_NAME 0x00100000 +#define VI_SET_CHROOT 0x00200000 #endif /* !_SYS_VIMAGE_H_ */