From owner-svn-src-user@FreeBSD.ORG Thu Jun 4 16:20:20 2009 Return-Path: Delivered-To: svn-src-user@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EBFFB1065675; Thu, 4 Jun 2009 16:20:20 +0000 (UTC) (envelope-from luigi@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id D6E8C8FC08; Thu, 4 Jun 2009 16:20:20 +0000 (UTC) (envelope-from luigi@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n54GKK3X097103; Thu, 4 Jun 2009 16:20:20 GMT (envelope-from luigi@svn.freebsd.org) Received: (from luigi@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n54GKKp1097083; Thu, 4 Jun 2009 16:20:20 GMT (envelope-from luigi@svn.freebsd.org) Message-Id: <200906041620.n54GKKp1097083@svn.freebsd.org> From: Luigi Rizzo Date: Thu, 4 Jun 2009 16:20:20 +0000 (UTC) To: src-committers@freebsd.org, svn-src-user@freebsd.org X-SVN-Group: user MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r193441 - in user/luigi/ipfw_80: sbin/ipfw sys/conf sys/modules/dummynet sys/modules/ipfw sys/modules/ipfw_nat sys/net sys/netgraph sys/netinet sys/netinet/ipfw X-BeenThere: svn-src-user@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the experimental " user" src tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2009 16:20:21 -0000 Author: luigi Date: Thu Jun 4 16:20:19 2009 New Revision: 193441 URL: http://svn.freebsd.org/changeset/base/193441 Log: Prepare to move ipfw and dummynet in a private subdir, and split headers to separate kernel and userland stuff. Submitted by: Marta Carbone (partly, for her gsoc project) Added: user/luigi/ipfw_80/sys/netinet/ipfw/ user/luigi/ipfw_80/sys/netinet/ipfw/ip_dummynet.c (contents, props changed) - copied, changed from r193385, user/luigi/ipfw_80/sys/netinet/ip_dummynet.c user/luigi/ipfw_80/sys/netinet/ipfw/ip_dummynet_var.h user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw2.c (contents, props changed) - copied, changed from r193385, user/luigi/ipfw_80/sys/netinet/ip_fw2.c user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw_nat.c (contents, props changed) - copied, changed from r193385, user/luigi/ipfw_80/sys/netinet/ip_fw_nat.c user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw_pfil.c (contents, props changed) - copied, changed from r193385, user/luigi/ipfw_80/sys/netinet/ip_fw_pfil.c user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw_var.h Deleted: user/luigi/ipfw_80/sys/netinet/ip_dummynet.c user/luigi/ipfw_80/sys/netinet/ip_fw2.c user/luigi/ipfw_80/sys/netinet/ip_fw_nat.c user/luigi/ipfw_80/sys/netinet/ip_fw_pfil.c Modified: user/luigi/ipfw_80/sbin/ipfw/dummynet.c user/luigi/ipfw_80/sys/conf/files user/luigi/ipfw_80/sys/modules/dummynet/Makefile user/luigi/ipfw_80/sys/modules/ipfw/Makefile user/luigi/ipfw_80/sys/modules/ipfw_nat/Makefile user/luigi/ipfw_80/sys/net/if_bridge.c user/luigi/ipfw_80/sys/net/if_ethersubr.c user/luigi/ipfw_80/sys/netgraph/ng_ipfw.c user/luigi/ipfw_80/sys/netinet/ip_divert.c user/luigi/ipfw_80/sys/netinet/ip_dummynet.h user/luigi/ipfw_80/sys/netinet/ip_fw.h user/luigi/ipfw_80/sys/netinet/ip_input.c user/luigi/ipfw_80/sys/netinet/ip_var.h user/luigi/ipfw_80/sys/netinet/raw_ip.c Modified: user/luigi/ipfw_80/sbin/ipfw/dummynet.c ============================================================================== --- user/luigi/ipfw_80/sbin/ipfw/dummynet.c Thu Jun 4 16:18:07 2009 (r193440) +++ user/luigi/ipfw_80/sbin/ipfw/dummynet.c Thu Jun 4 16:20:19 2009 (r193441) @@ -314,8 +314,10 @@ ipfw_list_pipes(void *data, uint nbytes, print_extra_delay_parms(p, prefix); print_flowset_parms(&(p->fs), prefix); +#if 0 if (co.verbose) printf(" V %20llu\n", align_uint64(&p->V) >> MY_M); +#endif q = (struct dn_flow_queue *)(p+1); list_queues(&(p->fs), q); Modified: user/luigi/ipfw_80/sys/conf/files ============================================================================== --- user/luigi/ipfw_80/sys/conf/files Thu Jun 4 16:18:07 2009 (r193440) +++ user/luigi/ipfw_80/sys/conf/files Thu Jun 4 16:20:19 2009 (r193441) @@ -2332,14 +2332,14 @@ netinet/in_proto.c optional inet \ compile-with "${NORMAL_C} -I$S/contrib/pf" netinet/in_rmx.c optional inet netinet/ip_divert.c optional ipdivert -netinet/ip_dummynet.c optional dummynet +netinet/ipfw/ip_dummynet.c optional dummynet netinet/ip_ecn.c optional inet | inet6 netinet/ip_encap.c optional inet | inet6 netinet/ip_fastfwd.c optional inet -netinet/ip_fw2.c optional ipfirewall \ +netinet/ipfw/ip_fw2.c optional ipfirewall \ compile-with "${NORMAL_C} -I$S/contrib/pf" -netinet/ip_fw_pfil.c optional ipfirewall -netinet/ip_fw_nat.c optional ipfirewall_nat +netinet/ipfw/ip_fw_pfil.c optional ipfirewall +netinet/ipfw/ip_fw_nat.c optional ipfirewall_nat netinet/ip_icmp.c optional inet netinet/ip_input.c optional inet netinet/ip_ipsec.c optional ipsec Modified: user/luigi/ipfw_80/sys/modules/dummynet/Makefile ============================================================================== --- user/luigi/ipfw_80/sys/modules/dummynet/Makefile Thu Jun 4 16:18:07 2009 (r193440) +++ user/luigi/ipfw_80/sys/modules/dummynet/Makefile Thu Jun 4 16:20:19 2009 (r193441) @@ -2,7 +2,7 @@ .include -.PATH: ${.CURDIR}/../../netinet +.PATH: ${.CURDIR}/../../netinet/ipfw KMOD= dummynet SRCS= ip_dummynet.c SRCS+= opt_inet6.h Modified: user/luigi/ipfw_80/sys/modules/ipfw/Makefile ============================================================================== --- user/luigi/ipfw_80/sys/modules/ipfw/Makefile Thu Jun 4 16:18:07 2009 (r193440) +++ user/luigi/ipfw_80/sys/modules/ipfw/Makefile Thu Jun 4 16:20:19 2009 (r193441) @@ -2,7 +2,7 @@ .include -.PATH: ${.CURDIR}/../../netinet +.PATH: ${.CURDIR}/../../netinet/ipfw KMOD= ipfw SRCS= ip_fw2.c ip_fw_pfil.c Modified: user/luigi/ipfw_80/sys/modules/ipfw_nat/Makefile ============================================================================== --- user/luigi/ipfw_80/sys/modules/ipfw_nat/Makefile Thu Jun 4 16:18:07 2009 (r193440) +++ user/luigi/ipfw_80/sys/modules/ipfw_nat/Makefile Thu Jun 4 16:20:19 2009 (r193441) @@ -1,6 +1,6 @@ # $FreeBSD$ -.PATH: ${.CURDIR}/../../netinet +.PATH: ${.CURDIR}/../../netinet/ipfw KMOD= ipfw_nat SRCS= ip_fw_nat.c Modified: user/luigi/ipfw_80/sys/net/if_bridge.c ============================================================================== --- user/luigi/ipfw_80/sys/net/if_bridge.c Thu Jun 4 16:18:07 2009 (r193440) +++ user/luigi/ipfw_80/sys/net/if_bridge.c Thu Jun 4 16:20:19 2009 (r193441) @@ -134,7 +134,9 @@ __FBSDID("$FreeBSD$"); #include #include +#include #include +#include /* * Size of the route hash table. Must be a power of two. Modified: user/luigi/ipfw_80/sys/net/if_ethersubr.c ============================================================================== --- user/luigi/ipfw_80/sys/net/if_ethersubr.c Thu Jun 4 16:18:07 2009 (r193440) +++ user/luigi/ipfw_80/sys/net/if_ethersubr.c Thu Jun 4 16:20:19 2009 (r193441) @@ -74,7 +74,9 @@ #include #include #include +#include #include +#include #include #endif #ifdef INET6 @@ -108,6 +110,8 @@ extern u_char aarp_org_code[3]; #include + + #ifdef CTASSERT CTASSERT(sizeof (struct ether_header) == ETHER_ADDR_LEN * 2 + 2); CTASSERT(sizeof (struct ether_addr) == ETHER_ADDR_LEN); Modified: user/luigi/ipfw_80/sys/netgraph/ng_ipfw.c ============================================================================== --- user/luigi/ipfw_80/sys/netgraph/ng_ipfw.c Thu Jun 4 16:18:07 2009 (r193440) +++ user/luigi/ipfw_80/sys/netgraph/ng_ipfw.c Thu Jun 4 16:20:19 2009 (r193441) @@ -44,6 +44,7 @@ #include #include #include +#include #include #include Modified: user/luigi/ipfw_80/sys/netinet/ip_divert.c ============================================================================== --- user/luigi/ipfw_80/sys/netinet/ip_divert.c Thu Jun 4 16:18:07 2009 (r193440) +++ user/luigi/ipfw_80/sys/netinet/ip_divert.c Thu Jun 4 16:20:19 2009 (r193441) @@ -76,6 +76,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #ifdef SCTP #include Modified: user/luigi/ipfw_80/sys/netinet/ip_dummynet.h ============================================================================== --- user/luigi/ipfw_80/sys/netinet/ip_dummynet.h Thu Jun 4 16:18:07 2009 (r193440) +++ user/luigi/ipfw_80/sys/netinet/ip_dummynet.h Thu Jun 4 16:20:19 2009 (r193441) @@ -1,5 +1,5 @@ /*- - * Copyright (c) 1998-2002 Luigi Rizzo, Universita` di Pisa + * Copyright (c) 1998-2009 Luigi Rizzo, Universita` di Pisa * Portions Copyright (c) 2000 Akamba Corp. * All rights reserved * @@ -37,40 +37,7 @@ * use here is pretty simple anyways. */ -/* - * We start with a heap, which is used in the scheduler to decide when - * to transmit packets etc. - * - * The key for the heap is used for two different values: - * - * 1. timer ticks- max 10K/second, so 32 bits are enough; - * - * 2. virtual times. These increase in steps of len/x, where len is the - * packet length, and x is either the weight of the flow, or the - * sum of all weights. - * If we limit to max 1000 flows and a max weight of 100, then - * x needs 17 bits. The packet size is 16 bits, so we can easily - * overflow if we do not allow errors. - * So we use a key "dn_key" which is 64 bits. Some macros are used to - * compare key values and handle wraparounds. - * MAX64 returns the largest of two key values. - * MY_M is used as a shift count when doing fixed point arithmetic - * (a better name would be useful...). - */ typedef u_int64_t dn_key ; /* sorting key */ -#define DN_KEY_LT(a,b) ((int64_t)((a)-(b)) < 0) -#define DN_KEY_LEQ(a,b) ((int64_t)((a)-(b)) <= 0) -#define DN_KEY_GT(a,b) ((int64_t)((a)-(b)) > 0) -#define DN_KEY_GEQ(a,b) ((int64_t)((a)-(b)) >= 0) -#define MAX64(x,y) (( (int64_t) ( (y)-(x) )) > 0 ) ? (y) : (x) -#define MY_M 16 /* number of left shift to obtain a larger precision */ - -/* - * XXX With this scaling, max 1000 flows, max weight 100, 1Gbit/s, the - * virtual time wraps every 15 days. - */ - - /* * The maximum hash table size for queues. This value must be a power * of 2. @@ -104,31 +71,6 @@ struct dn_heap { struct dn_heap_entry *p ; /* really an array of "size" entries */ } ; -#ifdef _KERNEL -/* - * Packets processed by dummynet have an mbuf tag associated with - * them that carries their dummynet state. This is used within - * the dummynet code as well as outside when checking for special - * processing requirements. - */ -struct dn_pkt_tag { - struct ip_fw *rule; /* matching rule */ - int dn_dir; /* action when packet comes out. */ -#define DN_TO_IP_OUT 1 -#define DN_TO_IP_IN 2 -/* Obsolete: #define DN_TO_BDG_FWD 3 */ -#define DN_TO_ETH_DEMUX 4 -#define DN_TO_ETH_OUT 5 -#define DN_TO_IP6_IN 6 -#define DN_TO_IP6_OUT 7 -#define DN_TO_IFB_FWD 8 - - dn_key output_time; /* when the pkt is due for delivery */ - struct ifnet *ifp; /* interface, for ip_output */ - struct _ip6dn_args ip6opt; /* XXX ipv6 options */ -}; -#endif /* _KERNEL */ - /* * Overall structure of dummynet (with WF2Q+): @@ -214,9 +156,9 @@ struct dn_flow_queue { * With large bandwidth and large delays, extra_bits (and also numbytes) * can become very large, so better play safe and use 64 bit */ - dn_key numbytes ; /* credit for transmission (dynamic queues) */ - dn_key extra_bits; /* extra bits simulating unavailable channel */ - + uint64_t numbytes ; /* credit for transmission (dynamic queues) */ + int64_t extra_bits; /* extra bits simulating unavailable channel */ + u_int64_t tot_pkts ; /* statistics counters */ u_int64_t tot_bytes ; u_int32_t drops ; @@ -338,7 +280,7 @@ struct dn_pipe { /* a pipe */ int sum; /* sum of weights of all active sessions */ /* Same as in dn_flow_queue, numbytes can become large */ - dn_key numbytes; /* bits I can transmit (more or less). */ + int64_t numbytes; /* bits I can transmit (more or less). */ dn_key sched_time ; /* time pipe was scheduled in ready_heap */ @@ -370,30 +312,4 @@ struct dn_pipe_max { int samples[ED_MAX_SAMPLES_NO]; }; -SLIST_HEAD(dn_pipe_head, dn_pipe); - -#ifdef _KERNEL -typedef int ip_dn_ctl_t(struct sockopt *); /* raw_ip.c */ -typedef void ip_dn_ruledel_t(void *); /* ip_fw.c */ -typedef int ip_dn_io_t(struct mbuf **m, int dir, struct ip_fw_args *fwa); -extern ip_dn_ctl_t *ip_dn_ctl_ptr; -extern ip_dn_ruledel_t *ip_dn_ruledel_ptr; -extern ip_dn_io_t *ip_dn_io_ptr; -#define DUMMYNET_LOADED (ip_dn_io_ptr != NULL) - -/* - * Return the IPFW rule associated with the dummynet tag; if any. - * Make sure that the dummynet tag is not reused by lower layers. - */ -static __inline struct ip_fw * -ip_dn_claim_rule(struct mbuf *m) -{ - struct m_tag *mtag = m_tag_find(m, PACKET_TAG_DUMMYNET, NULL); - if (mtag != NULL) { - mtag->m_tag_id = PACKET_TAG_NONE; - return (((struct dn_pkt_tag *)(mtag+1))->rule); - } else - return (NULL); -} -#endif #endif /* _IP_DUMMYNET_H */ Modified: user/luigi/ipfw_80/sys/netinet/ip_fw.h ============================================================================== --- user/luigi/ipfw_80/sys/netinet/ip_fw.h Thu Jun 4 16:18:07 2009 (r193440) +++ user/luigi/ipfw_80/sys/netinet/ip_fw.h Thu Jun 4 16:20:19 2009 (r193441) @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Luigi Rizzo, Universita` di Pisa + * Copyright (c) 2002-2009 Luigi Rizzo, Universita` di Pisa * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -29,6 +29,10 @@ #define _IPFW2_H /* + * User visible definitions related to ipfw, including instruction opcodes. + */ + +/* * The default rule number. By the design of ip_fw, the default rule * is the last one, so its number can also serve as the highest number * allowed for a rule. The ip_fw code relies on both meanings of this @@ -560,207 +564,4 @@ typedef struct _ipfw_table { #define IP_FW_TABLEARG 65535 -/* - * Main firewall chains definitions and global var's definitions. - */ -#ifdef _KERNEL - -/* Return values from ipfw_chk() */ -enum { - IP_FW_PASS = 0, - IP_FW_DENY, - IP_FW_DIVERT, - IP_FW_TEE, - IP_FW_DUMMYNET, - IP_FW_NETGRAPH, - IP_FW_NGTEE, - IP_FW_NAT, - IP_FW_REASS, -}; - -/* flags for divert mtag */ -#define IP_FW_DIVERT_LOOPBACK_FLAG 0x00080000 -#define IP_FW_DIVERT_OUTPUT_FLAG 0x00100000 - -/* - * Structure for collecting parameters to dummynet for ip6_output forwarding - */ -struct _ip6dn_args { - struct ip6_pktopts *opt_or; - struct route_in6 ro_or; - int flags_or; - struct ip6_moptions *im6o_or; - struct ifnet *origifp_or; - struct ifnet *ifp_or; - struct sockaddr_in6 dst_or; - u_long mtu_or; - struct route_in6 ro_pmtu_or; -}; - -/* - * Arguments for calling ipfw_chk() and dummynet_io(). We put them - * all into a structure because this way it is easier and more - * efficient to pass variables around and extend the interface. - */ -struct ip_fw_args { - struct mbuf *m; /* the mbuf chain */ - struct ifnet *oif; /* output interface */ - struct sockaddr_in *next_hop; /* forward address */ - struct ip_fw *rule; /* matching rule */ - struct ether_header *eh; /* for bridged packets */ - - struct ipfw_flow_id f_id; /* grabbed from IP header */ - u_int32_t cookie; /* a cookie depending on rule action */ - struct inpcb *inp; - - struct _ip6dn_args dummypar; /* dummynet->ip6_output */ - struct sockaddr_in hopstore; /* store here if cannot use a pointer */ -}; - -/* - * Function definitions. - */ - -/* Firewall hooks */ -struct sockopt; -struct dn_flow_set; - -int ipfw_check_in(void *, struct mbuf **, struct ifnet *, int, struct inpcb *inp); -int ipfw_check_out(void *, struct mbuf **, struct ifnet *, int, struct inpcb *inp); - -int ipfw_chk(struct ip_fw_args *); - -int ipfw_init(void); -void ipfw_destroy(void); -#ifdef NOTYET -void ipfw_nat_destroy(void); -#endif - -typedef int ip_fw_ctl_t(struct sockopt *); -extern ip_fw_ctl_t *ip_fw_ctl_ptr; - -#ifdef VIMAGE_GLOBALS -extern int fw_one_pass; -extern int fw_enable; -#ifdef INET6 -extern int fw6_enable; -#endif -#endif - -/* For kernel ipfw_ether and ipfw_bridge. */ -typedef int ip_fw_chk_t(struct ip_fw_args *args); -extern ip_fw_chk_t *ip_fw_chk_ptr; -#define IPFW_LOADED (ip_fw_chk_ptr != NULL) - -struct ip_fw_chain { - struct ip_fw *rules; /* list of rules */ - struct ip_fw *reap; /* list of rules to reap */ - LIST_HEAD(, cfg_nat) nat; /* list of nat entries */ - struct radix_node_head *tables[IPFW_TABLES_MAX]; - struct rwlock rwmtx; -}; - -#ifdef IPFW_INTERNAL - -#define IPFW_LOCK_INIT(_chain) \ - rw_init(&(_chain)->rwmtx, "IPFW static rules") -#define IPFW_LOCK_DESTROY(_chain) rw_destroy(&(_chain)->rwmtx) -#define IPFW_WLOCK_ASSERT(_chain) rw_assert(&(_chain)->rwmtx, RA_WLOCKED) - -#define IPFW_RLOCK(p) rw_rlock(&(p)->rwmtx) -#define IPFW_RUNLOCK(p) rw_runlock(&(p)->rwmtx) -#define IPFW_WLOCK(p) rw_wlock(&(p)->rwmtx) -#define IPFW_WUNLOCK(p) rw_wunlock(&(p)->rwmtx) - -#define LOOKUP_NAT(l, i, p) do { \ - LIST_FOREACH((p), &(l.nat), _next) { \ - if ((p)->id == (i)) { \ - break; \ - } \ - } \ - } while (0) - -typedef int ipfw_nat_t(struct ip_fw_args *, struct cfg_nat *, struct mbuf *); -typedef int ipfw_nat_cfg_t(struct sockopt *); -#endif - -struct eventhandler_entry; -/* - * Stack virtualization support. - */ -struct vnet_ipfw { - int _fw_enable; - int _fw6_enable; - u_int32_t _set_disable; - int _fw_deny_unknown_exthdrs; - int _fw_verbose; - int _verbose_limit; - int _autoinc_step; - ipfw_dyn_rule ** _ipfw_dyn_v; - uma_zone_t _ipfw_dyn_rule_zone; - struct ip_fw_chain _layer3_chain; - u_int32_t _dyn_buckets; - u_int32_t _curr_dyn_buckets; - u_int32_t _dyn_ack_lifetime; - u_int32_t _dyn_syn_lifetime; - u_int32_t _dyn_fin_lifetime; - u_int32_t _dyn_rst_lifetime; - u_int32_t _dyn_udp_lifetime; - u_int32_t _dyn_short_lifetime; - u_int32_t _dyn_keepalive_interval; - u_int32_t _dyn_keepalive_period; - u_int32_t _dyn_keepalive; - u_int32_t _static_count; - u_int32_t _static_len; - u_int32_t _dyn_count; - u_int32_t _dyn_max; - u_int64_t _norule_counter; - struct callout _ipfw_timeout; - struct eventhandler_entry *_ifaddr_event_tag; -}; - -#ifndef VIMAGE -#ifndef VIMAGE_GLOBALS -extern struct vnet_ipfw vnet_ipfw_0; -#endif -#endif - -/* - * Symbol translation macros - */ -#define INIT_VNET_IPFW(vnet) \ - INIT_FROM_VNET(vnet, VNET_MOD_IPFW, struct vnet_ipfw, vnet_ipfw) - -#define VNET_IPFW(sym) VSYM(vnet_ipfw, sym) - -#define V_fw_enable VNET_IPFW(fw_enable) -#define V_fw6_enable VNET_IPFW(fw6_enable) -#define V_set_disable VNET_IPFW(set_disable) -#define V_fw_deny_unknown_exthdrs VNET_IPFW(fw_deny_unknown_exthdrs) -#define V_fw_verbose VNET_IPFW(fw_verbose) -#define V_verbose_limit VNET_IPFW(verbose_limit) -#define V_autoinc_step VNET_IPFW(autoinc_step) -#define V_ipfw_dyn_v VNET_IPFW(ipfw_dyn_v) -#define V_ipfw_dyn_rule_zone VNET_IPFW(ipfw_dyn_rule_zone) -#define V_layer3_chain VNET_IPFW(layer3_chain) -#define V_dyn_buckets VNET_IPFW(dyn_buckets) -#define V_curr_dyn_buckets VNET_IPFW(curr_dyn_buckets) -#define V_dyn_ack_lifetime VNET_IPFW(dyn_ack_lifetime) -#define V_dyn_syn_lifetime VNET_IPFW(dyn_syn_lifetime) -#define V_dyn_fin_lifetime VNET_IPFW(dyn_fin_lifetime) -#define V_dyn_rst_lifetime VNET_IPFW(dyn_rst_lifetime) -#define V_dyn_udp_lifetime VNET_IPFW(dyn_udp_lifetime) -#define V_dyn_short_lifetime VNET_IPFW(dyn_short_lifetime) -#define V_dyn_keepalive_interval VNET_IPFW(dyn_keepalive_interval) -#define V_dyn_keepalive_period VNET_IPFW(dyn_keepalive_period) -#define V_dyn_keepalive VNET_IPFW(dyn_keepalive) -#define V_static_count VNET_IPFW(static_count) -#define V_static_len VNET_IPFW(static_len) -#define V_dyn_count VNET_IPFW(dyn_count) -#define V_dyn_max VNET_IPFW(dyn_max) -#define V_norule_counter VNET_IPFW(norule_counter) -#define V_ipfw_timeout VNET_IPFW(ipfw_timeout) -#define V_ifaddr_event_tag VNET_IPFW(ifaddr_event_tag) - -#endif /* _KERNEL */ #endif /* _IPFW2_H */ Modified: user/luigi/ipfw_80/sys/netinet/ip_input.c ============================================================================== --- user/luigi/ipfw_80/sys/netinet/ip_input.c Thu Jun 4 16:18:07 2009 (r193440) +++ user/luigi/ipfw_80/sys/netinet/ip_input.c Thu Jun 4 16:20:19 2009 (r193441) @@ -85,10 +85,6 @@ __FBSDID("$FreeBSD$"); #include -/* XXX: Temporary until ipfw_ether and ipfw_bridge are converted. */ -#include -#include - #include #ifdef CTASSERT Modified: user/luigi/ipfw_80/sys/netinet/ip_var.h ============================================================================== --- user/luigi/ipfw_80/sys/netinet/ip_var.h Thu Jun 4 16:18:07 2009 (r193440) +++ user/luigi/ipfw_80/sys/netinet/ip_var.h Thu Jun 4 16:20:19 2009 (r193441) @@ -173,7 +173,8 @@ extern int ipstealth; /* stealth forwar extern int rsvp_on; extern struct socket *ip_rsvpd; /* reservation protocol daemon */ extern struct socket *ip_mrouter; /* multicast routing daemon */ -#endif +#endif /* VIMAGE_GLOBALS */ + extern u_char ip_protox[]; extern int (*legal_vif_num)(int); extern u_long (*ip_mcast_src)(int); @@ -223,6 +224,24 @@ extern struct pfil_head inet_pfil_hook; void in_delayed_cksum(struct mbuf *m); +/* Prototypes for ipfw and dummynet hooks */ +typedef int ip_fw_ctl_t(struct sockopt *); +extern ip_fw_ctl_t *ip_fw_ctl_ptr; +/* For kernel ipfw_ether and ipfw_bridge. */ +struct ip_fw_args; +typedef int ip_fw_chk_t(struct ip_fw_args *args); +extern ip_fw_chk_t *ip_fw_chk_ptr; +#define IPFW_LOADED (ip_fw_chk_ptr != NULL) + +typedef int ip_dn_ctl_t(struct sockopt *); /* raw_ip.c */ +typedef void ip_dn_ruledel_t(void *); /* ip_fw.c */ +typedef int ip_dn_io_t(struct mbuf **m, int dir, struct ip_fw_args *fwa); +extern ip_dn_ctl_t *ip_dn_ctl_ptr; +extern ip_dn_ruledel_t *ip_dn_ruledel_ptr; +extern ip_dn_io_t *ip_dn_io_ptr; +#define DUMMYNET_LOADED (ip_dn_io_ptr != NULL) + + #endif /* _KERNEL */ #endif /* !_NETINET_IP_VAR_H_ */ Copied and modified: user/luigi/ipfw_80/sys/netinet/ipfw/ip_dummynet.c (from r193385, user/luigi/ipfw_80/sys/netinet/ip_dummynet.c) ============================================================================== --- user/luigi/ipfw_80/sys/netinet/ip_dummynet.c Wed Jun 3 16:10:08 2009 (r193385, copy source) +++ user/luigi/ipfw_80/sys/netinet/ipfw/ip_dummynet.c Thu Jun 4 16:20:19 2009 (r193441) @@ -77,7 +77,9 @@ __FBSDID("$FreeBSD$"); #include #include /* ip_len, ip_off */ #include +#include #include +#include #include /* ip_output(), IP_FORWARDING */ #include /* various ether_* routines */ Added: user/luigi/ipfw_80/sys/netinet/ipfw/ip_dummynet_var.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/luigi/ipfw_80/sys/netinet/ipfw/ip_dummynet_var.h Thu Jun 4 16:20:19 2009 (r193441) @@ -0,0 +1,322 @@ +/*- + * Copyright (c) 1998-2009 Luigi Rizzo, Universita` di Pisa + * Portions Copyright (c) 2000 Akamba Corp. + * All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: head/sys/netinet/ip_dummynet.h 193435 2009-06-04 12:27:57Z luigi $ + */ + +#ifndef _IP_DUMMYNET_VAR_H +#define _IP_DUMMYNET_VAR_H + +/* + * Kernel-visible parts of dummynet data structures. + * Users of this file will often also need netinet/ip_dummynet.h. + * Definition of dummynet data structures. In the structures, I decided + * not to use the macros in in the hope of making the code + * easier to port to other architectures. The type of lists and queue we + * use here is pretty simple anyways. + */ + +/* + * We start with a heap, which is used in the scheduler to decide when + * to transmit packets etc. + * + * The key for the heap is used for two different values: + * + * 1. timer ticks- max 10K/second, so 32 bits are enough; + * + * 2. virtual times. These increase in steps of len/x, where len is the + * packet length, and x is either the weight of the flow, or the + * sum of all weights. + * If we limit to max 1000 flows and a max weight of 100, then + * x needs 17 bits. The packet size is 16 bits, so we can easily + * overflow if we do not allow errors. + * So we use a key "dn_key" which is 64 bits. Some macros are used to + * compare key values and handle wraparounds. + * MAX64 returns the largest of two key values. + * MY_M is used as a shift count when doing fixed point arithmetic + * (a better name would be useful...). + */ +#define DN_KEY_LT(a,b) ((int64_t)((a)-(b)) < 0) +#define DN_KEY_LEQ(a,b) ((int64_t)((a)-(b)) <= 0) +#define DN_KEY_GT(a,b) ((int64_t)((a)-(b)) > 0) +#define DN_KEY_GEQ(a,b) ((int64_t)((a)-(b)) >= 0) +#define MAX64(x,y) (( (int64_t) ( (y)-(x) )) > 0 ) ? (y) : (x) +#define MY_M 16 /* number of left shift to obtain a larger precision */ + +/* + * XXX With this scaling, max 1000 flows, max weight 100, 1Gbit/s, the + * virtual time wraps every 15 days. + */ + + +/* + * The maximum hash table size for queues. This value must be a power + * of 2. + */ +#define DN_MAX_HASH_SIZE 65536 + +/* + * Packets processed by dummynet have an mbuf tag associated with + * them that carries their dummynet state. This is used within + * the dummynet code as well as outside when checking for special + * processing requirements. + */ +struct dn_pkt_tag { + struct ip_fw *rule; /* matching rule */ + int dn_dir; /* action when packet comes out. */ +#define DN_TO_IP_OUT 1 +#define DN_TO_IP_IN 2 +/* Obsolete: #define DN_TO_BDG_FWD 3 */ +#define DN_TO_ETH_DEMUX 4 +#define DN_TO_ETH_OUT 5 +#define DN_TO_IP6_IN 6 +#define DN_TO_IP6_OUT 7 +#define DN_TO_IFB_FWD 8 + + dn_key output_time; /* when the pkt is due for delivery */ + struct ifnet *ifp; /* interface, for ip_output */ + struct _ip6dn_args ip6opt; /* XXX ipv6 options */ +}; + +#if 0 +/* + * Stuff already defined in the userland visible part. + * We keep it here because when the userland representation changes, + * the in-kernel representation might remain the same. + */ + + +/* + * per flow queue. This contains the flow identifier, the queue + * of packets, counters, and parameters used to support both RED and + * WF2Q+. + * + * A dn_flow_queue is created and initialized whenever a packet for + * a new flow arrives. + */ +struct dn_flow_queue { + struct dn_flow_queue *next ; + struct ipfw_flow_id id ; + + struct mbuf *head, *tail ; /* queue of packets */ + u_int len ; + u_int len_bytes ; + + /* + * When we emulate MAC overheads, or channel unavailability due + * to other traffic on a shared medium, we augment the packet at + * the head of the queue with an 'extra_bits' field representsing + * the additional delay the packet will be subject to: + * extra_bits = bw*unavailable_time. + * With large bandwidth and large delays, extra_bits (and also numbytes) + * can become very large, so better play safe and use 64 bit + */ + uint64_t numbytes ; /* credit for transmission (dynamic queues) */ + int64_t extra_bits; /* extra bits simulating unavailable channel */ + + u_int64_t tot_pkts ; /* statistics counters */ + u_int64_t tot_bytes ; + u_int32_t drops ; + + int hash_slot ; /* debugging/diagnostic */ + + /* RED parameters */ + int avg ; /* average queue length est. (scaled) */ + int count ; /* arrivals since last RED drop */ + int random ; /* random value (scaled) */ + dn_key q_time; /* start of queue idle time */ + + /* WF2Q+ support */ + struct dn_flow_set *fs ; /* parent flow set */ + int heap_pos ; /* position (index) of struct in heap */ + dn_key sched_time ; /* current time when queue enters ready_heap */ + + dn_key S,F ; /* start time, finish time */ + /* + * Setting F < S means the timestamp is invalid. We only need + * to test this when the queue is empty. + */ +} ; + +/* + * flow_set descriptor. Contains the "template" parameters for the + * queue configuration, and pointers to the hash table of dn_flow_queue's. + * + * The hash table is an array of lists -- we identify the slot by + * hashing the flow-id, then scan the list looking for a match. + * The size of the hash table (buckets) is configurable on a per-queue + * basis. + * + * A dn_flow_set is created whenever a new queue or pipe is created (in the + * latter case, the structure is located inside the struct dn_pipe). + */ +struct dn_flow_set { + SLIST_ENTRY(dn_flow_set) next; /* linked list in a hash slot */ + + u_short fs_nr ; /* flow_set number */ + u_short flags_fs; +#define DN_HAVE_FLOW_MASK 0x0001 +#define DN_IS_RED 0x0002 +#define DN_IS_GENTLE_RED 0x0004 +#define DN_QSIZE_IS_BYTES 0x0008 /* queue size is measured in bytes */ +#define DN_NOERROR 0x0010 /* do not report ENOBUFS on drops */ +#define DN_HAS_PROFILE 0x0020 /* the pipe has a delay profile. */ +#define DN_IS_PIPE 0x4000 +#define DN_IS_QUEUE 0x8000 + + struct dn_pipe *pipe ; /* pointer to parent pipe */ + u_short parent_nr ; /* parent pipe#, 0 if local to a pipe */ + + int weight ; /* WFQ queue weight */ + int qsize ; /* queue size in slots or bytes */ + int plr ; /* pkt loss rate (2^31-1 means 100%) */ + + struct ipfw_flow_id flow_mask ; + + /* hash table of queues onto this flow_set */ + int rq_size ; /* number of slots */ + int rq_elements ; /* active elements */ + struct dn_flow_queue **rq; /* array of rq_size entries */ + + u_int32_t last_expired ; /* do not expire too frequently */ + int backlogged ; /* #active queues for this flowset */ + + /* RED parameters */ +#define SCALE_RED 16 +#define SCALE(x) ( (x) << SCALE_RED ) +#define SCALE_VAL(x) ( (x) >> SCALE_RED ) +#define SCALE_MUL(x,y) ( ( (x) * (y) ) >> SCALE_RED ) + int w_q ; /* queue weight (scaled) */ + int max_th ; /* maximum threshold for queue (scaled) */ + int min_th ; /* minimum threshold for queue (scaled) */ + int max_p ; /* maximum value for p_b (scaled) */ + u_int c_1 ; /* max_p/(max_th-min_th) (scaled) */ + u_int c_2 ; /* max_p*min_th/(max_th-min_th) (scaled) */ + u_int c_3 ; /* for GRED, (1-max_p)/max_th (scaled) */ + u_int c_4 ; /* for GRED, 1 - 2*max_p (scaled) */ + u_int * w_q_lookup ; /* lookup table for computing (1-w_q)^t */ + u_int lookup_depth ; /* depth of lookup table */ + int lookup_step ; /* granularity inside the lookup table */ + int lookup_weight ; /* equal to (1-w_q)^t / (1-w_q)^(t+1) */ + int avg_pkt_size ; /* medium packet size */ + int max_pkt_size ; /* max packet size */ +}; +SLIST_HEAD(dn_flow_set_head, dn_flow_set); + +/* + * Pipe descriptor. Contains global parameters, delay-line queue, + * and the flow_set used for fixed-rate queues. + * + * For WF2Q+ support it also has 3 heaps holding dn_flow_queue: + * not_eligible_heap, for queues whose start time is higher + * than the virtual time. Sorted by start time. + * scheduler_heap, for queues eligible for scheduling. Sorted by + * finish time. + * idle_heap, all flows that are idle and can be removed. We + * do that on each tick so we do not slow down too much + * operations during forwarding. + * + */ +struct dn_pipe { /* a pipe */ + SLIST_ENTRY(dn_pipe) next; /* linked list in a hash slot */ + + int pipe_nr ; /* number */ + int bandwidth; /* really, bytes/tick. */ + int delay ; /* really, ticks */ + + struct mbuf *head, *tail ; /* packets in delay line */ + + /* WF2Q+ */ + struct dn_heap scheduler_heap ; /* top extract - key Finish time*/ + struct dn_heap not_eligible_heap; /* top extract- key Start time */ + struct dn_heap idle_heap ; /* random extract - key Start=Finish time */ + + dn_key V ; /* virtual time */ + int sum; /* sum of weights of all active sessions */ + + /* Same as in dn_flow_queue, numbytes can become large */ + int64_t numbytes; /* bits I can transmit (more or less). */ + + dn_key sched_time ; /* time pipe was scheduled in ready_heap */ + + /* + * When the tx clock come from an interface (if_name[0] != '\0'), its name + * is stored below, whereas the ifp is filled when the rule is configured. + */ + char if_name[IFNAMSIZ]; + struct ifnet *ifp ; + int ready ; /* set if ifp != NULL and we got a signal from it */ + + struct dn_flow_set fs ; /* used with fixed-rate flows */ + + /* fields to simulate a delay profile */ + +#define ED_MAX_NAME_LEN 32 + char name[ED_MAX_NAME_LEN]; + int loss_level; + int samples_no; + int *samples; +}; + +/* dn_pipe_max is used to pass pipe configuration from userland onto + * kernel space and back + */ +#define ED_MAX_SAMPLES_NO 1024 +struct dn_pipe_max { + struct dn_pipe pipe; + int samples[ED_MAX_SAMPLES_NO]; +}; +#endif /* kernel version of pipes/queues, already defined in userland */ + +SLIST_HEAD(dn_pipe_head, dn_pipe); + +#if 0 +typedef int ip_dn_ctl_t(struct sockopt *); /* raw_ip.c */ +typedef void ip_dn_ruledel_t(void *); /* ip_fw.c */ +typedef int ip_dn_io_t(struct mbuf **m, int dir, struct ip_fw_args *fwa); +extern ip_dn_ctl_t *ip_dn_ctl_ptr; +extern ip_dn_ruledel_t *ip_dn_ruledel_ptr; +extern ip_dn_io_t *ip_dn_io_ptr; +#define DUMMYNET_LOADED (ip_dn_io_ptr != NULL) +#endif + +#ifdef _KERNEL +/* + * Return the IPFW rule associated with the dummynet tag; if any. + * Make sure that the dummynet tag is not reused by lower layers. + */ +static __inline struct ip_fw * +ip_dn_claim_rule(struct mbuf *m) +{ + struct m_tag *mtag = m_tag_find(m, PACKET_TAG_DUMMYNET, NULL); + if (mtag != NULL) { + mtag->m_tag_id = PACKET_TAG_NONE; + return (((struct dn_pkt_tag *)(mtag+1))->rule); + } else + return (NULL); +} +#endif +#endif /* _IP_DUMMYNET_VAR_H */ Copied and modified: user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw2.c (from r193385, user/luigi/ipfw_80/sys/netinet/ip_fw2.c) ============================================================================== --- user/luigi/ipfw_80/sys/netinet/ip_fw2.c Wed Jun 3 16:10:08 2009 (r193385, copy source) +++ user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw2.c Thu Jun 4 16:20:19 2009 (r193441) @@ -82,8 +82,10 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include +#include #include #include #include Copied and modified: user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw_nat.c (from r193385, user/luigi/ipfw_80/sys/netinet/ip_fw_nat.c) ============================================================================== --- user/luigi/ipfw_80/sys/netinet/ip_fw_nat.c Wed Jun 3 16:10:08 2009 (r193385, copy source) +++ user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw_nat.c Thu Jun 4 16:20:19 2009 (r193441) @@ -58,6 +58,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include Copied and modified: user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw_pfil.c (from r193385, user/luigi/ipfw_80/sys/netinet/ip_fw_pfil.c) ============================================================================== --- user/luigi/ipfw_80/sys/netinet/ip_fw_pfil.c Wed Jun 3 16:10:08 2009 (r193385, copy source) +++ user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw_pfil.c Thu Jun 4 16:20:19 2009 (r193441) @@ -60,8 +60,10 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include +#include #include #include Added: user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw_var.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw_var.h Thu Jun 4 16:20:19 2009 (r193441) @@ -0,0 +1,252 @@ +/*- + * Copyright (c) 2002-2009 Luigi Rizzo, Universita` di Pisa + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: user/luigi/ipfw_80/sys/netinet/ip_fw.h 191738 2009-05-02 08:16:26Z zec $ + */ + +#ifndef _IPFW2_VAR_H +#define _IPFW2_VAR_H + +/* + * Kernel side of ipfw data structures. + */ +/* + * The default rule number. By the design of ip_fw, the default rule + * is the last one, so its number can also serve as the highest number + * allowed for a rule. The ip_fw code relies on both meanings of this + * constant. + */ +#define IPFW_DEFAULT_RULE 65535 + +/* + * The number of ipfw tables. The maximum allowed table number is the + * (IPFW_TABLES_MAX - 1). + */ +#define IPFW_TABLES_MAX 128 + + +#define MTAG_IPFW 1148380143 /* IPFW-tagged cookie */ + +/* Apply ipv6 mask on ipv6 addr */ +#define APPLY_MASK(addr,mask) \ + (addr)->__u6_addr.__u6_addr32[0] &= (mask)->__u6_addr.__u6_addr32[0]; \ + (addr)->__u6_addr.__u6_addr32[1] &= (mask)->__u6_addr.__u6_addr32[1]; \ + (addr)->__u6_addr.__u6_addr32[2] &= (mask)->__u6_addr.__u6_addr32[2]; \ + (addr)->__u6_addr.__u6_addr32[3] &= (mask)->__u6_addr.__u6_addr32[3]; + + +/* + * Main firewall chains definitions and global var's definitions. + */ + +/* Return values from ipfw_chk() */ +enum { + IP_FW_PASS = 0, + IP_FW_DENY, + IP_FW_DIVERT, + IP_FW_TEE, + IP_FW_DUMMYNET, + IP_FW_NETGRAPH, + IP_FW_NGTEE, + IP_FW_NAT, + IP_FW_REASS, +}; + +/* flags for divert mtag */ +#define IP_FW_DIVERT_LOOPBACK_FLAG 0x00080000 +#define IP_FW_DIVERT_OUTPUT_FLAG 0x00100000 + +/* + * Structure for collecting parameters to dummynet for ip6_output forwarding + */ +struct _ip6dn_args { + struct ip6_pktopts *opt_or; + struct route_in6 ro_or; + int flags_or; + struct ip6_moptions *im6o_or; + struct ifnet *origifp_or; + struct ifnet *ifp_or; + struct sockaddr_in6 dst_or; + u_long mtu_or; + struct route_in6 ro_pmtu_or; *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***