Date: Fri, 5 Dec 2008 07:41:53 +0000 (UTC) From: Kip Macy <kmacy@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r185628 - user/kmacy/HEAD_fast_multi_xmit/sys/netinet6 Message-ID: <200812050741.mB57fr9Y046902@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kmacy Date: Fri Dec 5 07:41:53 2008 New Revision: 185628 URL: http://svn.freebsd.org/changeset/base/185628 Log: IFC 184756:185625 part 3 Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/dest6.c user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/frag6.c user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/icmp6.c user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6.c user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_gif.c user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_ifattach.c user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_pcb.c user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_pcb.h user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_proto.c user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_rmx.c user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_src.c user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/ip6_forward.c user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/ip6_input.c user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/ip6_ipsec.c user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/ip6_mroute.c user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/ip6_output.c user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/mld6.c user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/nd6.c user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/nd6_nbr.c user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/nd6_rtr.c user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/raw_ip6.c user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/route6.c user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/scope6.c user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/udp6_usrreq.c user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/vinet6.h Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/dest6.c ============================================================================== --- user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/dest6.c Fri Dec 5 07:40:52 2008 (r185627) +++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/dest6.c Fri Dec 5 07:41:53 2008 (r185628) @@ -55,6 +55,7 @@ __FBSDID("$FreeBSD$"); #include <netinet/ip6.h> #include <netinet6/ip6_var.h> #include <netinet/icmp6.h> +#include <netinet6/vinet6.h> /* * Destination options header processing. Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/frag6.c ============================================================================== --- user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/frag6.c Fri Dec 5 07:40:52 2008 (r185627) +++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/frag6.c Fri Dec 5 07:41:53 2008 (r185628) @@ -57,6 +57,7 @@ __FBSDID("$FreeBSD$"); #include <netinet/icmp6.h> #include <netinet/in_systm.h> /* for ECN definitions */ #include <netinet/ip.h> /* for ECN definitions */ +#include <netinet6/vinet6.h> #include <security/mac/mac_framework.h> @@ -77,9 +78,11 @@ static struct mtx ip6qlock; /* * These fields all protected by ip6qlock. */ +#ifdef VIMAGE_GLOBALS static u_int frag6_nfragpackets; static u_int frag6_nfrags; static struct ip6q ip6q; /* ip6 reassemble queue */ +#endif #define IP6Q_LOCK_INIT() mtx_init(&ip6qlock, "ip6qlock", NULL, MTX_DEF); #define IP6Q_LOCK() mtx_lock(&ip6qlock) Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/icmp6.c ============================================================================== --- user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/icmp6.c Fri Dec 5 07:40:52 2008 (r185627) +++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/icmp6.c Fri Dec 5 07:41:53 2008 (r185628) @@ -87,6 +87,7 @@ __FBSDID("$FreeBSD$"); #include <net/if_dl.h> #include <net/if_types.h> #include <net/route.h> +#include <net/vnet.h> #include <netinet/in.h> #include <netinet/in_pcb.h> @@ -94,6 +95,8 @@ __FBSDID("$FreeBSD$"); #include <netinet/ip6.h> #include <netinet/icmp6.h> #include <netinet/tcp_var.h> +#include <netinet/vinet.h> + #include <netinet6/in6_ifattach.h> #include <netinet6/in6_pcb.h> #include <netinet6/ip6protosw.h> @@ -101,6 +104,7 @@ __FBSDID("$FreeBSD$"); #include <netinet6/scope6_var.h> #include <netinet6/mld6_var.h> #include <netinet6/nd6.h> +#include <netinet6/vinet6.h> #ifdef IPSEC #include <netipsec/ipsec.h> @@ -109,15 +113,17 @@ __FBSDID("$FreeBSD$"); extern struct domain inet6domain; -struct icmp6stat icmp6stat; - +#ifdef VIMAGE_GLOBALS extern struct inpcbinfo ripcbinfo; extern struct inpcbhead ripcb; extern int icmp6errppslim; -static int icmp6errpps_count = 0; -static struct timeval icmp6errppslim_last; extern int icmp6_nodeinfo; +struct icmp6stat icmp6stat; +static int icmp6errpps_count; +static struct timeval icmp6errppslim_last; +#endif + static void icmp6_errcount(struct icmp6errstat *, int, int); static int icmp6_rip6_input(struct mbuf **, int); static int icmp6_ratelimit(const struct in6_addr *, const int, const int); @@ -138,6 +144,8 @@ icmp6_init(void) { INIT_VNET_INET6(curvnet); + V_icmp6errpps_count = 0; + mld6_init(); } Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6.c ============================================================================== --- user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6.c Fri Dec 5 07:40:52 2008 (r185627) +++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6.c Fri Dec 5 07:41:53 2008 (r185628) @@ -84,6 +84,7 @@ __FBSDID("$FreeBSD$"); #include <net/if_types.h> #include <net/route.h> #include <net/if_dl.h> +#include <net/vnet.h> #include <netinet/in.h> #include <netinet/in_var.h> @@ -100,6 +101,7 @@ __FBSDID("$FreeBSD$"); #include <netinet6/in6_ifattach.h> #include <netinet6/scope6_var.h> #include <netinet6/in6_pcb.h> +#include <netinet6/vinet6.h> MALLOC_DEFINE(M_IP6MADDR, "in6_multi", "internet multicast address"); Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_gif.c ============================================================================== --- user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_gif.c Fri Dec 5 07:40:52 2008 (r185627) +++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_gif.c Fri Dec 5 07:41:53 2008 (r185628) @@ -66,6 +66,7 @@ __FBSDID("$FreeBSD$"); #include <netinet/ip_ecn.h> #ifdef INET6 #include <netinet6/ip6_ecn.h> +#include <netinet6/vinet6.h> #endif #include <net/if_gif.h> Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_ifattach.c ============================================================================== --- user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_ifattach.c Fri Dec 5 07:40:52 2008 (r185627) +++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_ifattach.c Fri Dec 5 07:41:53 2008 (r185628) @@ -46,11 +46,13 @@ __FBSDID("$FreeBSD$"); #include <net/if_dl.h> #include <net/if_types.h> #include <net/route.h> +#include <net/vnet.h> #include <netinet/in.h> #include <netinet/in_var.h> #include <netinet/if_ether.h> #include <netinet/in_pcb.h> +#include <netinet/vinet.h> #include <netinet/ip6.h> #include <netinet6/ip6_var.h> @@ -60,19 +62,14 @@ __FBSDID("$FreeBSD$"); #include <netinet6/ip6_var.h> #include <netinet6/nd6.h> #include <netinet6/scope6_var.h> +#include <netinet6/vinet6.h> -unsigned long in6_maxmtu = 0; - -#ifdef IP6_AUTO_LINKLOCAL -int ip6_auto_linklocal = IP6_AUTO_LINKLOCAL; -#else -int ip6_auto_linklocal = 1; /* enable by default */ -#endif - +#ifdef VIMAGE_GLOBALS +unsigned long in6_maxmtu; +int ip6_auto_linklocal; struct callout in6_tmpaddrtimer_ch; - -extern struct inpcbinfo udbinfo; extern struct inpcbinfo ripcbinfo; +#endif static int get_rand_ifid(struct ifnet *, struct in6_addr *); static int generate_tmp_ifid(u_int8_t *, const u_int8_t *, u_int8_t *); Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_pcb.c ============================================================================== --- user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_pcb.c Fri Dec 5 07:40:52 2008 (r185627) +++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_pcb.c Fri Dec 5 07:41:53 2008 (r185628) @@ -96,18 +96,14 @@ __FBSDID("$FreeBSD$"); #include <netinet/tcp_var.h> #include <netinet/ip6.h> #include <netinet/ip_var.h> +#include <netinet/vinet.h> #include <netinet6/ip6_var.h> #include <netinet6/nd6.h> #include <netinet/in_pcb.h> #include <netinet6/in6_pcb.h> #include <netinet6/scope6_var.h> - -#ifdef IPSEC -#include <netipsec/ipsec.h> -#include <netipsec/ipsec6.h> -#include <netipsec/key.h> -#endif /* IPSEC */ +#include <netinet6/vinet6.h> #include <security/mac/mac_framework.h> @@ -149,6 +145,10 @@ in6_pcbbind(register struct inpcb *inp, if ((error = sa6_embedscope(sin6, V_ip6_use_defzone)) != 0) return(error); + if (prison_local_ip6(cred, &sin6->sin6_addr, + ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) + return (EINVAL); + lport = sin6->sin6_port; if (IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { /* @@ -223,6 +223,9 @@ in6_pcbbind(register struct inpcb *inp, return (EADDRINUSE); } } + if (prison_local_ip6(cred, &sin6->sin6_addr, + ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) + return (EADDRNOTAVAIL); t = in6_pcblookup_local(pcbinfo, &sin6->sin6_addr, lport, wild, cred); if (t && (reuseport & ((t->inp_vflag & INP_TIMEWAIT) ? @@ -255,6 +258,9 @@ in6_pcbbind(register struct inpcb *inp, } inp->in6p_laddr = sin6->sin6_addr; } + if (prison_local_ip6(cred, &inp->in6p_laddr, + ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) + return (EINVAL); if (lport == 0) { int e; if ((e = in6_pcbsetport(&inp->in6p_laddr, inp, cred)) != 0) @@ -314,6 +320,8 @@ in6_pcbladdr(register struct inpcb *inp, if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) sin6->sin6_addr = in6addr_loopback; } + if (prison_remote_ip6(inp->inp_cred, &sin6->sin6_addr) != 0) + return (EADDRNOTAVAIL); /* * XXX: in6_selectsrc might replace the bound local address @@ -410,45 +418,6 @@ in6_pcbdisconnect(struct inpcb *inp) in_pcbrehash(inp); } -void -in6_pcbdetach(struct inpcb *inp) -{ - - KASSERT(inp->inp_socket != NULL, ("in6_pcbdetach: inp_socket == NULL")); - inp->inp_socket->so_pcb = NULL; - inp->inp_socket = NULL; -} - -void -in6_pcbfree(struct inpcb *inp) -{ - struct inpcbinfo *ipi = inp->inp_pcbinfo; - - KASSERT(inp->inp_socket == NULL, ("in6_pcbfree: inp_socket != NULL")); - INP_INFO_WLOCK_ASSERT(inp->inp_pcbinfo); - INP_WLOCK_ASSERT(inp); - -#ifdef IPSEC - if (inp->in6p_sp != NULL) - ipsec6_delete_pcbpolicy(inp); -#endif /* IPSEC */ - inp->inp_gencnt = ++ipi->ipi_gencnt; - in_pcbremlists(inp); - ip6_freepcbopts(inp->in6p_outputopts); - ip6_freemoptions(inp->in6p_moptions); - /* Check and free IPv4 related resources in case of mapped addr */ - if (inp->inp_options) - (void)m_free(inp->inp_options); - if (inp->inp_moptions != NULL) - inp_freemoptions(inp->inp_moptions); - inp->inp_vflag = 0; -#ifdef MAC - mac_inpcb_destroy(inp); -#endif - INP_WUNLOCK(inp); - uma_zfree(ipi->ipi_zone, inp); -} - struct sockaddr * in6_sockaddr(in_port_t port, struct in6_addr *addr_p) { @@ -694,15 +663,16 @@ in6_pcblookup_local(struct inpcbinfo *pc head = &pcbinfo->ipi_hashbase[INP_PCBHASH(INADDR_ANY, lport, 0, pcbinfo->ipi_hashmask)]; LIST_FOREACH(inp, head, inp_hash) { + /* XXX inp locking */ if ((inp->inp_vflag & INP_IPV6) == 0) continue; if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr) && IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, laddr) && inp->inp_lport == lport) { - /* - * Found. - */ - return (inp); + /* Found. */ + if (cred == NULL || + inp->inp_cred->cr_prison == cred->cr_prison) + return (inp); } } /* @@ -732,6 +702,10 @@ in6_pcblookup_local(struct inpcbinfo *pc */ LIST_FOREACH(inp, &phd->phd_pcblist, inp_portlist) { wildcard = 0; + if (cred != NULL && + inp->inp_cred->cr_prison != cred->cr_prison) + continue; + /* XXX inp locking */ if ((inp->inp_vflag & INP_IPV6) == 0) continue; if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) @@ -741,7 +715,7 @@ in6_pcblookup_local(struct inpcbinfo *pc if (IN6_IS_ADDR_UNSPECIFIED(laddr)) wildcard++; else if (!IN6_ARE_ADDR_EQUAL( - &inp->in6p_laddr, laddr)) + &inp->in6p_laddr, laddr)) continue; } else { if (!IN6_IS_ADDR_UNSPECIFIED(laddr)) @@ -750,9 +724,8 @@ in6_pcblookup_local(struct inpcbinfo *pc if (wildcard < matchwild) { match = inp; matchwild = wildcard; - if (matchwild == 0) { + if (matchwild == 0) break; - } } } } @@ -835,11 +808,11 @@ in6_rtchange(struct inpcb *inp, int errn */ struct inpcb * in6_pcblookup_hash(struct inpcbinfo *pcbinfo, struct in6_addr *faddr, - u_int fport_arg, struct in6_addr *laddr, u_int lport_arg, - int wildcard, struct ifnet *ifp) + u_int fport_arg, struct in6_addr *laddr, u_int lport_arg, int wildcard, + struct ifnet *ifp) { struct inpcbhead *head; - register struct inpcb *inp; + struct inpcb *inp, *tmpinp; u_short fport = fport_arg, lport = lport_arg; int faith; @@ -853,10 +826,12 @@ in6_pcblookup_hash(struct inpcbinfo *pcb /* * First look for an exact match. */ + tmpinp = NULL; head = &pcbinfo->ipi_hashbase[ INP_PCBHASH(faddr->s6_addr32[3] /* XXX */, lport, fport, pcbinfo->ipi_hashmask)]; LIST_FOREACH(inp, head, inp_hash) { + /* XXX inp locking */ if ((inp->inp_vflag & INP_IPV6) == 0) continue; if (IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr, faddr) && @@ -864,32 +839,79 @@ in6_pcblookup_hash(struct inpcbinfo *pcb inp->inp_fport == fport && inp->inp_lport == lport) { /* - * Found. + * XXX We should be able to directly return + * the inp here, without any checks. + * Well unless both bound with SO_REUSEPORT? */ - return (inp); + if (jailed(inp->inp_cred)) + return (inp); + if (tmpinp == NULL) + tmpinp = inp; } } - if (wildcard) { - struct inpcb *local_wild = NULL; + if (tmpinp != NULL) + return (tmpinp); + + /* + * Then look for a wildcard match, if requested. + */ + if (wildcard == INPLOOKUP_WILDCARD) { + struct inpcb *local_wild = NULL, *local_exact = NULL; + struct inpcb *jail_wild = NULL; + int injail; + /* + * Order of socket selection - we always prefer jails. + * 1. jailed, non-wild. + * 2. jailed, wild. + * 3. non-jailed, non-wild. + * 4. non-jailed, wild. + */ head = &pcbinfo->ipi_hashbase[INP_PCBHASH(INADDR_ANY, lport, 0, pcbinfo->ipi_hashmask)]; LIST_FOREACH(inp, head, inp_hash) { + /* XXX inp locking */ if ((inp->inp_vflag & INP_IPV6) == 0) continue; - if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr) && - inp->inp_lport == lport) { - if (faith && (inp->inp_flags & INP_FAITH) == 0) + + if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr) || + inp->inp_lport != lport) { + continue; + } + + /* XXX inp locking */ + if (faith && (inp->inp_flags & INP_FAITH) == 0) + continue; + + injail = jailed(inp->inp_cred); + if (injail) { + if (!prison_check_ip6(inp->inp_cred, laddr)) + continue; + } else { + if (local_exact != NULL) continue; - if (IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, - laddr)) + } + + if (IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, laddr)) { + if (injail) return (inp); - else if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) + else + local_exact = inp; + } else if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) { + if (injail) + jail_wild = inp; + else local_wild = inp; } - } - return (local_wild); - } + } /* LIST_FOREACH */ + + if (jail_wild != NULL) + return (jail_wild); + if (local_exact != NULL) + return (local_exact); + if (local_wild != NULL) + return (local_wild); + } /* if (wildcard == INPLOOKUP_WILDCARD) */ /* * Not found. Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_pcb.h ============================================================================== --- user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_pcb.h Fri Dec 5 07:40:52 2008 (r185627) +++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_pcb.h Fri Dec 5 07:41:53 2008 (r185628) @@ -73,9 +73,7 @@ void in6_pcbpurgeif0 __P((struct inpcbin void in6_losing __P((struct inpcb *)); int in6_pcbbind __P((struct inpcb *, struct sockaddr *, struct ucred *)); int in6_pcbconnect __P((struct inpcb *, struct sockaddr *, struct ucred *)); -void in6_pcbdetach __P((struct inpcb *)); void in6_pcbdisconnect __P((struct inpcb *)); -void in6_pcbfree __P((struct inpcb *)); int in6_pcbladdr __P((struct inpcb *, struct sockaddr *, struct in6_addr **)); struct inpcb * Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_proto.c ============================================================================== --- user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_proto.c Fri Dec 5 07:40:52 2008 (r185627) +++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_proto.c Fri Dec 5 07:41:53 2008 (r185628) @@ -128,6 +128,7 @@ __FBSDID("$FreeBSD$"); #endif /* IPSEC */ #include <netinet6/ip6protosw.h> +#include <netinet6/vinet6.h> /* * TCP/IP protocol family: IP6, ICMP6, UDP, TCP. @@ -368,73 +369,56 @@ DOMAIN_SET(inet6); /* * Internet configuration info */ -#ifndef IPV6FORWARDING -#ifdef GATEWAY6 -#define IPV6FORWARDING 1 /* forward IP6 packets not for us */ -#else -#define IPV6FORWARDING 0 /* don't forward IP6 packets not for us */ -#endif /* GATEWAY6 */ -#endif /* !IPV6FORWARDING */ - -#ifndef IPV6_SENDREDIRECTS -#define IPV6_SENDREDIRECTS 1 +#ifdef VIMAGE_GLOBALS +int ip6_forwarding; +int ip6_sendredirects; +int ip6_defhlim; +int ip6_defmcasthlim; +int ip6_accept_rtadv; +int ip6_maxfragpackets; +int ip6_maxfrags; +int ip6_log_interval; +int ip6_hdrnestlimit; +int ip6_dad_count; +int ip6_auto_flowlabel; +int ip6_use_deprecated; +int ip6_rr_prune; +int ip6_mcast_pmtu; +int ip6_v6only; +int ip6_keepfaith; +time_t ip6_log_time; +int ip6stealth; +int nd6_onlink_ns_rfc4861; #endif -int ip6_forwarding = IPV6FORWARDING; /* act as router? */ -int ip6_sendredirects = IPV6_SENDREDIRECTS; -int ip6_defhlim = IPV6_DEFHLIM; -int ip6_defmcasthlim = IPV6_DEFAULT_MULTICAST_HOPS; -int ip6_accept_rtadv = 0; /* "IPV6FORWARDING ? 0 : 1" is dangerous */ -int ip6_maxfragpackets; /* initialized in frag6.c:frag6_init() */ -int ip6_maxfrags; /* initialized in frag6.c:frag6_init() */ -int ip6_log_interval = 5; -int ip6_hdrnestlimit = 15; /* How many header options will we process? */ -int ip6_dad_count = 1; /* DupAddrDetectionTransmits */ -int ip6_auto_flowlabel = 1; -int ip6_gif_hlim = 0; -int ip6_use_deprecated = 1; /* allow deprecated addr (RFC2462 5.5.4) */ -int ip6_rr_prune = 5; /* router renumbering prefix - * walk list every 5 sec. */ -int ip6_mcast_pmtu = 0; /* enable pMTU discovery for multicast? */ -int ip6_v6only = 1; - -int ip6_keepfaith = 0; -time_t ip6_log_time = (time_t)0L; -#ifdef IPSTEALTH -int ip6stealth = 0; -#endif -int nd6_onlink_ns_rfc4861 = 0; /* allow 'on-link' nd6 NS (as in RFC 4861) */ - +#ifdef VIMAGE_GLOBALS /* icmp6 */ /* * BSDI4 defines these variables in in_proto.c... * XXX: what if we don't define INET? Should we define pmtu6_expire * or so? (jinmei@kame.net 19990310) */ -int pmtu_expire = 60*10; -int pmtu_probe = 60*2; +int pmtu_expire; +int pmtu_probe; /* raw IP6 parameters */ /* * Nominal space allocated to a raw ip socket. */ -#define RIPV6SNDQ 8192 -#define RIPV6RCVQ 8192 - -u_long rip6_sendspace = RIPV6SNDQ; -u_long rip6_recvspace = RIPV6RCVQ; +u_long rip6_sendspace; +u_long rip6_recvspace; /* ICMPV6 parameters */ -int icmp6_rediraccept = 1; /* accept and process redirects */ -int icmp6_redirtimeout = 10 * 60; /* 10 minutes */ -int icmp6errppslim = 100; /* 100pps */ +int icmp6_rediraccept; +int icmp6_redirtimeout; +int icmp6errppslim; /* control how to respond to NI queries */ -int icmp6_nodeinfo = (ICMP6_NODEINFO_FQDNOK|ICMP6_NODEINFO_NODEADDROK); +int icmp6_nodeinfo; /* UDP on IP6 parameters */ -int udp6_sendspace = 9216; /* really max datagram size */ -int udp6_recvspace = 40 * (1024 + sizeof(struct sockaddr_in6)); - /* 40 1K datagrams */ +int udp6_sendspace; +int udp6_recvspace; +#endif /* VIMAGE_GLOBALS */ /* * sysctl related items. @@ -580,6 +564,6 @@ SYSCTL_V_INT(V_NET, vnet_inet6, _net_ine SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG, nd6_debug, CTLFLAG_RW, nd6_debug, 0, ""); -SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861, - nd6_onlink_ns_rfc4861, CTLFLAG_RW, &nd6_onlink_ns_rfc4861, 0, +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861, + nd6_onlink_ns_rfc4861, CTLFLAG_RW, nd6_onlink_ns_rfc4861, 0, "Accept 'on-link' nd6 NS in compliance with RFC 4861."); Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_rmx.c ============================================================================== --- user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_rmx.c Fri Dec 5 07:40:52 2008 (r185627) +++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_rmx.c Fri Dec 5 07:41:53 2008 (r185628) @@ -89,6 +89,8 @@ __FBSDID("$FreeBSD$"); #include <net/if.h> #include <net/route.h> +#include <net/vnet.h> + #include <netinet/in.h> #include <netinet/ip_var.h> #include <netinet/in_var.h> @@ -98,6 +100,7 @@ __FBSDID("$FreeBSD$"); #include <netinet/icmp6.h> #include <netinet6/nd6.h> +#include <netinet6/vinet6.h> #include <netinet/tcp.h> #include <netinet/tcp_seq.h> @@ -219,20 +222,20 @@ in6_matroute(void *v_arg, struct radix_n SYSCTL_DECL(_net_inet6_ip6); -static int rtq_reallyold6 = 60*60; - /* one hour is ``really old'' */ -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RTEXPIRE, rtexpire, - CTLFLAG_RW, &rtq_reallyold6 , 0, ""); - -static int rtq_minreallyold6 = 10; - /* never automatically crank down to less */ -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RTMINEXPIRE, rtminexpire, - CTLFLAG_RW, &rtq_minreallyold6 , 0, ""); - -static int rtq_toomany6 = 128; - /* 128 cached routes is ``too many'' */ -SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RTMAXCACHE, rtmaxcache, - CTLFLAG_RW, &rtq_toomany6 , 0, ""); +#ifdef VIMAGE_GLOBALS +static int rtq_reallyold6; +static int rtq_minreallyold6; +static int rtq_toomany6; +#endif + +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_RTEXPIRE, + rtexpire, CTLFLAG_RW, rtq_reallyold6 , 0, ""); + +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_RTMINEXPIRE, + rtminexpire, CTLFLAG_RW, rtq_minreallyold6 , 0, ""); + +SYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_ip6, IPV6CTL_RTMAXCACHE, + rtmaxcache, CTLFLAG_RW, rtq_toomany6 , 0, ""); /* @@ -324,8 +327,10 @@ in6_rtqkill(struct radix_node *rn, void } #define RTQ_TIMEOUT 60*10 /* run no less than once every ten minutes */ -static int rtq_timeout6 = RTQ_TIMEOUT; +#ifdef VIMAGE_GLOBALS +static int rtq_timeout6; static struct callout rtq_timer6; +#endif static void in6_rtqtimo(void *rock) @@ -387,7 +392,9 @@ struct mtuex_arg { struct radix_node_head *rnh; time_t nextstop; }; +#ifdef VIMAGE_GLOBALS static struct callout rtq_mtutimer; +#endif static int in6_mtuexpire(struct radix_node *rn, void *rock) @@ -478,6 +485,11 @@ in6_inithead(void **head, int off) if (off == 0) /* See above */ return 1; /* only do the rest for the real thing */ + V_rtq_reallyold6 = 60*60; /* one hour is ``really old'' */ + V_rtq_minreallyold6 = 10; /* never automatically crank down to less */ + V_rtq_toomany6 = 128; /* 128 cached routes is ``too many'' */ + V_rtq_timeout6 = RTQ_TIMEOUT; + rnh = *head; rnh->rnh_addaddr = in6_addroute; rnh->rnh_matchaddr = in6_matroute; Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_src.c ============================================================================== --- user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_src.c Fri Dec 5 07:40:52 2008 (r185627) +++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/in6_src.c Fri Dec 5 07:41:53 2008 (r185628) @@ -80,6 +80,7 @@ __FBSDID("$FreeBSD$"); #include <sys/sysctl.h> #include <sys/errno.h> #include <sys/time.h> +#include <sys/jail.h> #include <sys/kernel.h> #include <sys/sx.h> #include <sys/vimage.h> @@ -98,12 +99,15 @@ __FBSDID("$FreeBSD$"); #include <netinet/ip_var.h> #include <netinet/udp.h> #include <netinet/udp_var.h> +#include <netinet/vinet.h> + #include <netinet6/in6_var.h> #include <netinet/ip6.h> #include <netinet6/in6_pcb.h> #include <netinet6/ip6_var.h> #include <netinet6/scope6_var.h> #include <netinet6/nd6.h> +#include <netinet6/vinet6.h> static struct mtx addrsel_lock; #define ADDRSEL_LOCK_INIT() mtx_init(&addrsel_lock, "addrsel_lock", NULL, MTX_DEF) @@ -119,9 +123,11 @@ static struct sx addrsel_sxlock; #define ADDRSEL_XUNLOCK() sx_xunlock(&addrsel_sxlock) #define ADDR_LABEL_NOTAPP (-1) -struct in6_addrpolicy defaultaddrpolicy; -int ip6_prefer_tempaddr = 0; +#ifdef VIMAGE_GLOBALS +struct in6_addrpolicy defaultaddrpolicy; +int ip6_prefer_tempaddr; +#endif static int selectroute __P((struct sockaddr_in6 *, struct ip6_pktopts *, struct ip6_moptions *, struct route_in6 *, struct ifnet **, @@ -233,6 +239,11 @@ in6_selectsrc(struct sockaddr_in6 *dstso if (*errorp != 0) return (NULL); } + if (cred != NULL && prison_local_ip6(cred, &srcsock.sin6_addr, + (inp != NULL && (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) { + *errorp = EADDRNOTAVAIL; + return (NULL); + } ia6 = (struct in6_ifaddr *)ifa_ifwithaddr((struct sockaddr *)(&srcsock)); if (ia6 == NULL || @@ -250,6 +261,11 @@ in6_selectsrc(struct sockaddr_in6 *dstso * Otherwise, if the socket has already bound the source, just use it. */ if (inp != NULL && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) { + if (cred != NULL && prison_local_ip6(cred, &inp->in6p_laddr, + ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) { + *errorp = EADDRNOTAVAIL; + return (NULL); + } return (&inp->in6p_laddr); } @@ -301,6 +317,12 @@ in6_selectsrc(struct sockaddr_in6 *dstso if (!V_ip6_use_deprecated && IFA6_IS_DEPRECATED(ia)) continue; + if (cred != NULL && + prison_local_ip6(cred, &ia->ia_addr.sin6_addr, + (inp != NULL && + (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) + continue; + /* Rule 1: Prefer same address */ if (IN6_ARE_ADDR_EQUAL(&dst, &ia->ia_addr.sin6_addr)) { ia_best = ia; @@ -460,7 +482,6 @@ selectroute(struct sockaddr_in6 *dstsock struct ifnet **retifp, struct rtentry **retrt, int clone, int norouteok) { - INIT_VNET_NET(curvnet); INIT_VNET_INET6(curvnet); int error = 0; struct ifnet *ifp = NULL; @@ -783,6 +804,10 @@ in6_pcbsetport(struct in6_addr *laddr, s INP_INFO_WLOCK_ASSERT(pcbinfo); INP_WLOCK_ASSERT(inp); + if (prison_local_ip6(cred, laddr, + ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) + return(EINVAL); + /* XXX: this is redundant when called from in6_pcbbind */ if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0) wild = INPLOOKUP_WILDCARD; @@ -875,6 +900,8 @@ addrsel_policy_init(void) ADDRSEL_SXLOCK_INIT(); INIT_VNET_INET6(curvnet); + V_ip6_prefer_tempaddr = 0; + init_policy_queue(); /* initialize the "last resort" policy */ @@ -972,7 +999,9 @@ struct addrsel_policyent { TAILQ_HEAD(addrsel_policyhead, addrsel_policyent); +#ifdef VIMAGE_GLOBALS struct addrsel_policyhead addrsel_policytab; +#endif static void init_policy_queue(void) Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/ip6_forward.c ============================================================================== --- user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/ip6_forward.c Fri Dec 5 07:40:52 2008 (r185627) +++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/ip6_forward.c Fri Dec 5 07:41:53 2008 (r185628) @@ -65,6 +65,7 @@ __FBSDID("$FreeBSD$"); #include <netinet6/scope6_var.h> #include <netinet/icmp6.h> #include <netinet6/nd6.h> +#include <netinet6/vinet6.h> #include <netinet/in_pcb.h> @@ -76,7 +77,9 @@ __FBSDID("$FreeBSD$"); #include <netinet6/ip6protosw.h> +#ifdef VIMAGE_GLOBALS struct route_in6 ip6_forward_rt; +#endif /* * Forward a packet. If some error occurs return the sender Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/ip6_input.c ============================================================================== --- user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/ip6_input.c Fri Dec 5 07:40:52 2008 (r185627) +++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/ip6_input.c Fri Dec 5 07:41:53 2008 (r185628) @@ -88,12 +88,14 @@ __FBSDID("$FreeBSD$"); #include <net/route.h> #include <net/netisr.h> #include <net/pfil.h> +#include <net/vnet.h> #include <netinet/in.h> #include <netinet/in_systm.h> #ifdef INET #include <netinet/ip.h> #include <netinet/ip_icmp.h> +#include <netinet/vinet.h> #endif /* INET */ #include <netinet/ip6.h> #include <netinet6/in6_var.h> @@ -103,6 +105,7 @@ __FBSDID("$FreeBSD$"); #include <netinet6/scope6_var.h> #include <netinet6/in6_ifattach.h> #include <netinet6/nd6.h> +#include <netinet6/vinet6.h> #ifdef IPSEC #include <netipsec/ipsec.h> @@ -116,21 +119,34 @@ extern struct domain inet6domain; u_char ip6_protox[IPPROTO_MAX]; static struct ifqueue ip6intrq; -static int ip6qmaxlen = IFQ_MAXLEN; + +#ifdef VIMAGE_GLOBALS +static int ip6qmaxlen; struct in6_ifaddr *in6_ifaddr; +struct ip6stat ip6stat; +#endif extern struct callout in6_tmpaddrtimer_ch; +extern int dad_init; +extern int pmtu_expire; +extern int pmtu_probe; +extern u_long rip6_sendspace; +extern u_long rip6_recvspace; +extern int icmp6errppslim; +extern int icmp6_nodeinfo; +extern int udp6_sendspace; +extern int udp6_recvspace; + +#ifdef VIMAGE_GLOBALS int ip6_forward_srcrt; /* XXX */ int ip6_sourcecheck; /* XXX */ int ip6_sourcecheck_interval; /* XXX */ - int ip6_ours_check_algorithm; +#endif struct pfil_head inet6_pfil_hook; -struct ip6stat ip6stat; - static void ip6_init2(void *); static struct ip6aux *ip6_setdstifaddr(struct mbuf *, struct in6_ifaddr *); static int ip6_hopopts_input(u_int32_t *, u_int32_t *, struct mbuf **, int *); @@ -149,6 +165,72 @@ ip6_init(void) struct ip6protosw *pr; int i; + V_ip6qmaxlen = IFQ_MAXLEN; + V_in6_maxmtu = 0; +#ifdef IP6_AUTO_LINKLOCAL + V_ip6_auto_linklocal = IP6_AUTO_LINKLOCAL; +#else + V_ip6_auto_linklocal = 1; /* enable by default */ +#endif + +#ifndef IPV6FORWARDING +#ifdef GATEWAY6 +#define IPV6FORWARDING 1 /* forward IP6 packets not for us */ +#else +#define IPV6FORWARDING 0 /* don't forward IP6 packets not for us */ +#endif /* GATEWAY6 */ +#endif /* !IPV6FORWARDING */ + +#ifndef IPV6_SENDREDIRECTS +#define IPV6_SENDREDIRECTS 1 +#endif + + V_ip6_forwarding = IPV6FORWARDING; /* act as router? */ + V_ip6_sendredirects = IPV6_SENDREDIRECTS; + V_ip6_defhlim = IPV6_DEFHLIM; + V_ip6_defmcasthlim = IPV6_DEFAULT_MULTICAST_HOPS; + V_ip6_accept_rtadv = 0; /* "IPV6FORWARDING ? 0 : 1" is dangerous */ + V_ip6_log_interval = 5; + V_ip6_hdrnestlimit = 15; /* How many header options will we process? */ + V_ip6_dad_count = 1; /* DupAddrDetectionTransmits */ + V_ip6_auto_flowlabel = 1; + V_ip6_use_deprecated = 1;/* allow deprecated addr (RFC2462 5.5.4) */ + V_ip6_rr_prune = 5; /* router renumbering prefix + * walk list every 5 sec. */ + V_ip6_mcast_pmtu = 0; /* enable pMTU discovery for multicast? */ + V_ip6_v6only = 1; + V_ip6_keepfaith = 0; + V_ip6_log_time = (time_t)0L; +#ifdef IPSTEALTH + V_ip6stealth = 0; +#endif + V_nd6_onlink_ns_rfc4861 = 0; /* allow 'on-link' nd6 NS (RFC 4861) */ + + V_pmtu_expire = 60*10; + V_pmtu_probe = 60*2; + + /* raw IP6 parameters */ + /* + * Nominal space allocated to a raw ip socket. + */ +#define RIPV6SNDQ 8192 +#define RIPV6RCVQ 8192 + V_rip6_sendspace = RIPV6SNDQ; + V_rip6_recvspace = RIPV6RCVQ; + + /* ICMPV6 parameters */ + V_icmp6_rediraccept = 1; /* accept and process redirects */ + V_icmp6_redirtimeout = 10 * 60; /* 10 minutes */ + V_icmp6errppslim = 100; /* 100pps */ + /* control how to respond to NI queries */ + V_icmp6_nodeinfo = (ICMP6_NODEINFO_FQDNOK|ICMP6_NODEINFO_NODEADDROK); + + /* UDP on IP6 parameters */ + V_udp6_sendspace = 9216; /* really max datagram size */ + V_udp6_recvspace = 40 * (1024 + sizeof(struct sockaddr_in6)); + /* 40 1K datagrams */ + V_dad_init = 0; + #ifdef DIAGNOSTIC if (sizeof(struct protosw) != sizeof(struct ip6protosw)) panic("sizeof(protosw) != sizeof(ip6protosw)"); Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/ip6_ipsec.c ============================================================================== --- user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/ip6_ipsec.c Fri Dec 5 07:40:52 2008 (r185627) +++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/ip6_ipsec.c Fri Dec 5 07:41:53 2008 (r185628) @@ -72,6 +72,7 @@ __FBSDID("$FreeBSD$"); #include <netinet6/ip6_ipsec.h> #include <netinet6/ip6_var.h> +#include <netinet6/vinet6.h> extern struct protosw inet6sw[]; Modified: user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/ip6_mroute.c ============================================================================== --- user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/ip6_mroute.c Fri Dec 5 07:40:52 2008 (r185627) +++ user/kmacy/HEAD_fast_multi_xmit/sys/netinet6/ip6_mroute.c Fri Dec 5 07:41:53 2008 (r185628) @@ -107,10 +107,12 @@ __FBSDID("$FreeBSD$"); #include <net/if_types.h> #include <net/raw_cb.h> #include <net/route.h> +#include <net/vnet.h> #include <netinet/in.h> #include <netinet/in_var.h> #include <netinet/icmp6.h> +#include <netinet/vinet.h> #include <netinet/ip6.h> #include <netinet6/ip6_var.h> @@ -120,6 +122,7 @@ __FBSDID("$FreeBSD$"); #include <netinet6/ip6protosw.h> #include <netinet6/pim6.h> #include <netinet6/pim6_var.h> +#include <netinet6/vinet6.h> static MALLOC_DEFINE(M_MRTABLE6, "mf6c", "multicast forwarding cache entry"); @@ -129,6 +132,7 @@ static MALLOC_DEFINE(M_MRTABLE6, "mf6c", static int ip6_mdq(struct mbuf *, struct ifnet *, struct mf6c *); static void phyint_send(struct ip6_hdr *, struct mif6 *, struct mbuf *); +static void pim6_init(void); static int set_pim6(int *); static int socket_send __P((struct socket *, struct mbuf *, struct sockaddr_in6 *)); @@ -146,10 +150,13 @@ struct ip6protosw in6_pim_protosw = { .pr_input = pim6_input, .pr_output = rip6_output, .pr_ctloutput = rip6_ctloutput, + .pr_init = pim6_init, .pr_usrreqs = &rip6_usrreqs }; -static int ip6_mrouter_ver = 0; +#ifdef VIMAGE_GLOBALS +static int ip6_mrouter_ver; +#endif SYSCTL_DECL(_net_inet6); SYSCTL_DECL(_net_inet6_ip6); @@ -177,7 +184,9 @@ SYSCTL_OPAQUE(_net_inet6_ip6, OID_AUTO, "Multicast Interfaces (struct mif[MAXMIFS], netinet6/ip6_mroute.h)"); #ifdef MRT6DEBUG +#ifdef VIMAGE_GLOBALS static u_int mrt6debug = 0; /* debug level */ *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812050741.mB57fr9Y046902>