2005-01-07 01:45:51 +00:00
|
|
|
/*-
|
1994-05-24 10:09:53 +00:00
|
|
|
* Copyright (c) 1988, 1991, 1993
|
|
|
|
* The Regents of the University of California. All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 4. Neither the name of the University nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*
|
2001-10-17 11:23:59 +00:00
|
|
|
* @(#)rtsock.c 8.7 (Berkeley) 10/12/95
|
1999-08-28 01:08:13 +00:00
|
|
|
* $FreeBSD$
|
1994-05-24 10:09:53 +00:00
|
|
|
*/
|
2010-04-25 16:42:47 +00:00
|
|
|
#include "opt_compat.h"
|
This patch provides the back end support for equal-cost multi-path
(ECMP) for both IPv4 and IPv6. Previously, multipath route insertion
is disallowed. For example,
route add -net 192.103.54.0/24 10.9.44.1
route add -net 192.103.54.0/24 10.9.44.2
The second route insertion will trigger an error message of
"add net 192.103.54.0/24: gateway 10.2.5.2: route already in table"
Multiple default routes can also be inserted. Here is the netstat
output:
default 10.2.5.1 UGS 0 3074 bge0 =>
default 10.2.5.2 UGS 0 0 bge0
When multipath routes exist, the "route delete" command requires
a specific gateway to be specified or else an error message would
be displayed. For example,
route delete default
would fail and trigger the following error message:
"route: writing to routing socket: No such process"
"delete net default: not in table"
On the other hand,
route delete default 10.2.5.2
would be successful: "delete net default: gateway 10.2.5.2"
One does not have to specify a gateway if there is only a single
route for a particular destination.
I need to perform more testings on address aliases and multiple
interfaces that have the same IP prefixes. This patch as it
stands today is not yet ready for prime time. Therefore, the ECMP
code fragments are fully guarded by the RADIX_MPATH macro.
Include the "options RADIX_MPATH" in the kernel configuration
to enable this feature.
Reviewed by: robert, sam, gnn, julian, kmacy
2008-04-13 05:45:14 +00:00
|
|
|
#include "opt_mpath.h"
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#include "opt_inet.h"
|
|
|
|
#include "opt_inet6.h"
|
This patch provides the back end support for equal-cost multi-path
(ECMP) for both IPv4 and IPv6. Previously, multipath route insertion
is disallowed. For example,
route add -net 192.103.54.0/24 10.9.44.1
route add -net 192.103.54.0/24 10.9.44.2
The second route insertion will trigger an error message of
"add net 192.103.54.0/24: gateway 10.2.5.2: route already in table"
Multiple default routes can also be inserted. Here is the netstat
output:
default 10.2.5.1 UGS 0 3074 bge0 =>
default 10.2.5.2 UGS 0 0 bge0
When multipath routes exist, the "route delete" command requires
a specific gateway to be specified or else an error message would
be displayed. For example,
route delete default
would fail and trigger the following error message:
"route: writing to routing socket: No such process"
"delete net default: not in table"
On the other hand,
route delete default 10.2.5.2
would be successful: "delete net default: gateway 10.2.5.2"
One does not have to specify a gateway if there is only a single
route for a particular destination.
I need to perform more testings on address aliases and multiple
interfaces that have the same IP prefixes. This patch as it
stands today is not yet ready for prime time. Therefore, the ECMP
code fragments are fully guarded by the RADIX_MPATH macro.
Include the "options RADIX_MPATH" in the kernel configuration
to enable this feature.
Reviewed by: robert, sam, gnn, julian, kmacy
2008-04-13 05:45:14 +00:00
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
#include <sys/param.h>
|
2002-04-30 01:54:54 +00:00
|
|
|
#include <sys/jail.h>
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#include <sys/kernel.h>
|
Introduce and use a sysinit-based initialization scheme for virtual
network stacks, VNET_SYSINIT:
- Add VNET_SYSINIT and VNET_SYSUNINIT macros to declare events that will
occur each time a network stack is instantiated and destroyed. In the
!VIMAGE case, these are simply mapped into regular SYSINIT/SYSUNINIT.
For the VIMAGE case, we instead use SYSINIT's to track their order and
properties on registration, using them for each vnet when created/
destroyed, or immediately on module load for already-started vnets.
- Remove vnet_modinfo mechanism that existed to serve this purpose
previously, as well as its dependency scheme: we now just use the
SYSINIT ordering scheme.
- Implement VNET_DOMAIN_SET() to allow protocol domains to declare that
they want init functions to be called for each virtual network stack
rather than just once at boot, compiling down to DOMAIN_SET() in the
non-VIMAGE case.
- Walk all virtualized kernel subsystems and make use of these instead
of modinfo or DOMAIN_SET() for init/uninit events. In some cases,
convert modular components from using modevent to using sysinit (where
appropriate). In some cases, do minor rejuggling of SYSINIT ordering
to make room for or better manage events.
Portions submitted by: jhb (VNET_SYSINIT), bz (cleanup)
Discussed with: jhb, bz, julian, zec
Reviewed by: bz
Approved by: re (VIMAGE blanket)
2009-07-23 20:46:49 +00:00
|
|
|
#include <sys/domain.h>
|
2008-12-08 00:28:21 +00:00
|
|
|
#include <sys/lock.h>
|
1997-09-02 01:19:47 +00:00
|
|
|
#include <sys/malloc.h>
|
1994-05-24 10:09:53 +00:00
|
|
|
#include <sys/mbuf.h>
|
2006-11-06 13:42:10 +00:00
|
|
|
#include <sys/priv.h>
|
2002-04-30 01:54:54 +00:00
|
|
|
#include <sys/proc.h>
|
|
|
|
#include <sys/protosw.h>
|
2008-12-07 21:15:43 +00:00
|
|
|
#include <sys/rwlock.h>
|
2002-04-30 01:54:54 +00:00
|
|
|
#include <sys/signalvar.h>
|
1994-05-24 10:09:53 +00:00
|
|
|
#include <sys/socket.h>
|
|
|
|
#include <sys/socketvar.h>
|
2002-04-30 01:54:54 +00:00
|
|
|
#include <sys/sysctl.h>
|
|
|
|
#include <sys/systm.h>
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
#include <net/if.h>
|
2013-10-26 17:58:36 +00:00
|
|
|
#include <net/if_var.h>
|
2008-12-26 19:45:24 +00:00
|
|
|
#include <net/if_dl.h>
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
#include <net/if_llatbl.h>
|
2010-05-25 20:42:35 +00:00
|
|
|
#include <net/if_types.h>
|
Introduce a netisr to deliver kernel-generated routing, avoiding
recursive entering of the socket code from the routing code:
- Modify rt_dispatch() to bundle up the sockaddr family, if any,
associated with a pending mbuf to dispatch to routing sockets, in
an m_tag on the mbuf.
- Allocate NETISR_ROUTE for use by routing sockets.
- Introduce rtsintrq, an ifqueue to be used by the netisr, and
introduce rts_input(), a function to unbundle the tagged sockaddr
and inject the mbuf and address into raw_input(), which previously
occurred in rt_dispatch().
- Introduce rts_init() to initialize rtsintrq, its mutex, and
register the netisr. Perform this at the same point in system
initialization as setup of the domains.
This change introduces asynchrony between the generation of a
pending routing socket message and delivery to sockets for use
by userspace. It avoids socket->routing->rtsock->socket use and
helps to avoid lock order reversals between the routing code and
socket code (in particular, raw socket control blocks), as route
locks are held over calls to rt_dispatch().
Reviewed by: "George V.Neville-Neil" <gnn@neville-neil.com>
Conceptual head nod by: sam
2004-06-09 02:48:23 +00:00
|
|
|
#include <net/netisr.h>
|
1994-05-24 10:09:53 +00:00
|
|
|
#include <net/raw_cb.h>
|
2002-04-30 01:54:54 +00:00
|
|
|
#include <net/route.h>
|
2008-12-02 21:37:28 +00:00
|
|
|
#include <net/vnet.h>
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2004-04-26 19:46:52 +00:00
|
|
|
#include <netinet/in.h>
|
2009-12-30 21:35:34 +00:00
|
|
|
#include <netinet/if_ether.h>
|
A major overhaul of the CARP implementation. The ip_carp.c was started
from scratch, copying needed functionality from the old implemenation
on demand, with a thorough review of all code. The main change is that
interface layer has been removed from the CARP. Now redundant addresses
are configured exactly on the interfaces, they run on.
The CARP configuration itself is, as before, configured and read via
SIOCSVH/SIOCGVH ioctls. A new prefix created with SIOCAIFADDR or
SIOCAIFADDR_IN6 may now be configured to a particular virtual host id,
which makes the prefix redundant.
ifconfig(8) semantics has been changed too: now one doesn't need
to clone carpXX interface, he/she should directly configure a vhid
on a Ethernet interface.
To supply vhid data from the kernel to an application the getifaddrs(8)
function had been changed to pass ifam_data with each address. [1]
The new implementation definitely closes all PRs related to carp(4)
being an interface, and may close several others. It also allows
to run a single redundant IP per interface.
Big thanks to Bjoern Zeeb for his help with inet6 part of patch, for
idea on using ifam_data and for several rounds of reviewing!
PR: kern/117000, kern/126945, kern/126714, kern/120130, kern/117448
Reviewed by: bz
Submitted by: bz [1]
2011-12-16 12:16:56 +00:00
|
|
|
#include <netinet/ip_carp.h>
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#ifdef INET6
|
2012-12-05 19:45:24 +00:00
|
|
|
#include <netinet6/ip6_var.h>
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#include <netinet6/scope6_var.h>
|
|
|
|
#endif
|
2004-04-26 19:46:52 +00:00
|
|
|
|
2010-04-25 16:42:47 +00:00
|
|
|
#ifdef COMPAT_FREEBSD32
|
|
|
|
#include <sys/mount.h>
|
|
|
|
#include <compat/freebsd32/freebsd32.h>
|
|
|
|
|
|
|
|
struct if_msghdr32 {
|
|
|
|
uint16_t ifm_msglen;
|
|
|
|
uint8_t ifm_version;
|
|
|
|
uint8_t ifm_type;
|
|
|
|
int32_t ifm_addrs;
|
|
|
|
int32_t ifm_flags;
|
|
|
|
uint16_t ifm_index;
|
2014-03-13 03:42:24 +00:00
|
|
|
struct if_data ifm_data;
|
2010-04-25 16:42:47 +00:00
|
|
|
};
|
2012-02-11 06:02:16 +00:00
|
|
|
|
|
|
|
struct if_msghdrl32 {
|
|
|
|
uint16_t ifm_msglen;
|
|
|
|
uint8_t ifm_version;
|
|
|
|
uint8_t ifm_type;
|
|
|
|
int32_t ifm_addrs;
|
|
|
|
int32_t ifm_flags;
|
|
|
|
uint16_t ifm_index;
|
|
|
|
uint16_t _ifm_spare1;
|
|
|
|
uint16_t ifm_len;
|
|
|
|
uint16_t ifm_data_off;
|
2014-03-13 03:42:24 +00:00
|
|
|
struct if_data ifm_data;
|
2012-02-11 06:02:16 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
struct ifa_msghdrl32 {
|
|
|
|
uint16_t ifam_msglen;
|
|
|
|
uint8_t ifam_version;
|
|
|
|
uint8_t ifam_type;
|
|
|
|
int32_t ifam_addrs;
|
|
|
|
int32_t ifam_flags;
|
|
|
|
uint16_t ifam_index;
|
|
|
|
uint16_t _ifam_spare1;
|
|
|
|
uint16_t ifam_len;
|
|
|
|
uint16_t ifam_data_off;
|
|
|
|
int32_t ifam_metric;
|
2014-03-13 03:42:24 +00:00
|
|
|
struct if_data ifam_data;
|
2012-02-11 06:02:16 +00:00
|
|
|
};
|
|
|
|
#endif /* COMPAT_FREEBSD32 */
|
2010-04-25 16:42:47 +00:00
|
|
|
|
1997-10-12 20:26:33 +00:00
|
|
|
MALLOC_DEFINE(M_RTABLE, "routetbl", "routing tables");
|
|
|
|
|
2003-10-03 18:15:54 +00:00
|
|
|
/* NB: these are not modified */
|
1995-11-16 19:00:27 +00:00
|
|
|
static struct sockaddr route_src = { 2, PF_ROUTE, };
|
1997-07-18 11:44:24 +00:00
|
|
|
static struct sockaddr sa_zero = { sizeof(sa_zero), AF_INET, };
|
2003-10-03 18:15:54 +00:00
|
|
|
|
A major overhaul of the CARP implementation. The ip_carp.c was started
from scratch, copying needed functionality from the old implemenation
on demand, with a thorough review of all code. The main change is that
interface layer has been removed from the CARP. Now redundant addresses
are configured exactly on the interfaces, they run on.
The CARP configuration itself is, as before, configured and read via
SIOCSVH/SIOCGVH ioctls. A new prefix created with SIOCAIFADDR or
SIOCAIFADDR_IN6 may now be configured to a particular virtual host id,
which makes the prefix redundant.
ifconfig(8) semantics has been changed too: now one doesn't need
to clone carpXX interface, he/she should directly configure a vhid
on a Ethernet interface.
To supply vhid data from the kernel to an application the getifaddrs(8)
function had been changed to pass ifam_data with each address. [1]
The new implementation definitely closes all PRs related to carp(4)
being an interface, and may close several others. It also allows
to run a single redundant IP per interface.
Big thanks to Bjoern Zeeb for his help with inet6 part of patch, for
idea on using ifam_data and for several rounds of reviewing!
PR: kern/117000, kern/126945, kern/126714, kern/120130, kern/117448
Reviewed by: bz
Submitted by: bz [1]
2011-12-16 12:16:56 +00:00
|
|
|
/* These are external hooks for CARP. */
|
|
|
|
int (*carp_get_vhid_p)(struct ifaddr *);
|
|
|
|
|
2011-09-28 13:48:36 +00:00
|
|
|
/*
|
|
|
|
* Used by rtsock/raw_input callback code to decide whether to filter the update
|
|
|
|
* notification to a socket bound to a particular FIB.
|
|
|
|
*/
|
|
|
|
#define RTS_FILTER_FIB M_PROTO8
|
|
|
|
|
2014-02-19 08:29:07 +00:00
|
|
|
typedef struct {
|
2004-08-24 08:47:15 +00:00
|
|
|
int ip_count; /* attached w/ AF_INET */
|
2003-10-03 18:15:54 +00:00
|
|
|
int ip6_count; /* attached w/ AF_INET6 */
|
|
|
|
int any_count; /* total attached */
|
2014-02-19 08:29:07 +00:00
|
|
|
} route_cb_t;
|
|
|
|
static VNET_DEFINE(route_cb_t, route_cb);
|
|
|
|
#define V_route_cb VNET(route_cb)
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2003-10-03 18:27:02 +00:00
|
|
|
struct mtx rtsock_mtx;
|
|
|
|
MTX_SYSINIT(rtsock, &rtsock_mtx, "rtsock route_cb lock", MTX_DEF);
|
|
|
|
|
|
|
|
#define RTSOCK_LOCK() mtx_lock(&rtsock_mtx)
|
|
|
|
#define RTSOCK_UNLOCK() mtx_unlock(&rtsock_mtx)
|
|
|
|
#define RTSOCK_LOCK_ASSERT() mtx_assert(&rtsock_mtx, MA_OWNED)
|
|
|
|
|
2011-11-07 15:43:11 +00:00
|
|
|
static SYSCTL_NODE(_net, OID_AUTO, route, CTLFLAG_RD, 0, "");
|
2004-08-21 21:20:06 +00:00
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
struct walkarg {
|
1995-11-16 19:00:27 +00:00
|
|
|
int w_tmemsize;
|
|
|
|
int w_op, w_arg;
|
|
|
|
caddr_t w_tmem;
|
|
|
|
struct sysctl_req *w_req;
|
1994-05-24 10:09:53 +00:00
|
|
|
};
|
|
|
|
|
Introduce a netisr to deliver kernel-generated routing, avoiding
recursive entering of the socket code from the routing code:
- Modify rt_dispatch() to bundle up the sockaddr family, if any,
associated with a pending mbuf to dispatch to routing sockets, in
an m_tag on the mbuf.
- Allocate NETISR_ROUTE for use by routing sockets.
- Introduce rtsintrq, an ifqueue to be used by the netisr, and
introduce rts_input(), a function to unbundle the tagged sockaddr
and inject the mbuf and address into raw_input(), which previously
occurred in rt_dispatch().
- Introduce rts_init() to initialize rtsintrq, its mutex, and
register the netisr. Perform this at the same point in system
initialization as setup of the domains.
This change introduces asynchrony between the generation of a
pending routing socket message and delivery to sockets for use
by userspace. It avoids socket->routing->rtsock->socket use and
helps to avoid lock order reversals between the routing code and
socket code (in particular, raw socket control blocks), as route
locks are held over calls to rt_dispatch().
Reviewed by: "George V.Neville-Neil" <gnn@neville-neil.com>
Conceptual head nod by: sam
2004-06-09 02:48:23 +00:00
|
|
|
static void rts_input(struct mbuf *m);
|
2014-05-08 13:54:57 +00:00
|
|
|
static struct mbuf *rtsock_msg_mbuf(int type, struct rt_addrinfo *rtinfo);
|
2014-04-27 17:41:18 +00:00
|
|
|
static int rtsock_msg_buffer(int type, struct rt_addrinfo *rtinfo,
|
|
|
|
struct walkarg *w, int *plen);
|
2004-04-18 00:56:44 +00:00
|
|
|
static int rt_xaddrs(caddr_t cp, caddr_t cplim,
|
|
|
|
struct rt_addrinfo *rtinfo);
|
2002-03-19 21:54:18 +00:00
|
|
|
static int sysctl_dumpentry(struct radix_node *rn, void *vw);
|
|
|
|
static int sysctl_iflist(int af, struct walkarg *w);
|
2003-11-14 18:48:15 +00:00
|
|
|
static int sysctl_ifmalist(int af, struct walkarg *w);
|
2014-08-15 02:43:02 +00:00
|
|
|
static int route_output(struct mbuf *m, struct socket *so, ...);
|
2014-03-05 01:17:47 +00:00
|
|
|
static void rt_getmetrics(const struct rtentry *rt, struct rt_metrics *out);
|
2011-11-03 18:33:30 +00:00
|
|
|
static void rt_dispatch(struct mbuf *, sa_family_t);
|
Fix incorrect netmasks being passed via rtsock.
Since radix has been ignoring sa_family in passed sockaddrs,
no one ever has bothered filling valid sa_family in netmasks.
Additionally, radix adjusts sa_len field in every netmask not to
compare zero bytes at all.
This leads us to rt_mask with sa_family of AF_UNSPEC (-1) and
arbitrary sa_len field (0 for default route, for example).
However, rtsock have been passing that rt_mask intact for ages,
requiring all rtsock consumers to make ther own local hacks.
We even have unfixed on in base:
do `route -n monitor` in one window and issue `route -n get addr`
for some directly-connected address. You will probably see the following:
got message of size 304 on Thu May 8 15:06:06 2014
RTM_GET: Report Metrics: len 304, pid: 30493, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 (255) ffff ffff ff em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
after the change:
got message of size 312 on Thu May 8 15:44:07 2014
RTM_GET: Report Metrics: len 312, pid: 2895, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 255.255.255.0 em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
Sponsored by: Yandex LLC
MFC after: 1 month
2014-05-08 11:56:06 +00:00
|
|
|
static struct sockaddr *rtsock_fix_netmask(struct sockaddr *dst,
|
|
|
|
struct sockaddr *smask, struct sockaddr_storage *dmask);
|
1994-05-24 10:09:53 +00:00
|
|
|
|
Reimplement the netisr framework in order to support parallel netisr
threads:
- Support up to one netisr thread per CPU, each processings its own
workstream, or set of per-protocol queues. Threads may be bound
to specific CPUs, or allowed to migrate, based on a global policy.
In the future it would be desirable to support topology-centric
policies, such as "one netisr per package".
- Allow each protocol to advertise an ordering policy, which can
currently be one of:
NETISR_POLICY_SOURCE: packets must maintain ordering with respect to
an implicit or explicit source (such as an interface or socket).
NETISR_POLICY_FLOW: make use of mbuf flow identifiers to place work,
as well as allowing protocols to provide a flow generation function
for mbufs without flow identifers (m2flow). Falls back on
NETISR_POLICY_SOURCE if now flow ID is available.
NETISR_POLICY_CPU: allow protocols to inspect and assign a CPU for
each packet handled by netisr (m2cpuid).
- Provide utility functions for querying the number of workstreams
being used, as well as a mapping function from workstream to CPU ID,
which protocols may use in work placement decisions.
- Add explicit interfaces to get and set per-protocol queue limits, and
get and clear drop counters, which query data or apply changes across
all workstreams.
- Add a more extensible netisr registration interface, in which
protocols declare 'struct netisr_handler' structures for each
registered NETISR_ type. These include name, handler function,
optional mbuf to flow ID function, optional mbuf to CPU ID function,
queue limit, and ordering policy. Padding is present to allow these
to be expanded in the future. If no queue limit is declared, then
a default is used.
- Queue limits are now per-workstream, and raised from the previous
IFQ_MAXLEN default of 50 to 256.
- All protocols are updated to use the new registration interface, and
with the exception of netnatm, default queue limits. Most protocols
register as NETISR_POLICY_SOURCE, except IPv4 and IPv6, which use
NETISR_POLICY_FLOW, and will therefore take advantage of driver-
generated flow IDs if present.
- Formalize a non-packet based interface between interface polling and
the netisr, rather than having polling pretend to be two protocols.
Provide two explicit hooks in the netisr worker for start and end
events for runs: netisr_poll() and netisr_pollmore(), as well as a
function, netisr_sched_poll(), to allow the polling code to schedule
netisr execution. DEVICE_POLLING still embeds single-netisr
assumptions in its implementation, so for now if it is compiled into
the kernel, a single and un-bound netisr thread is enforced
regardless of tunable configuration.
In the default configuration, the new netisr implementation maintains
the same basic assumptions as the previous implementation: a single,
un-bound worker thread processes all deferred work, and direct dispatch
is enabled by default wherever possible.
Performance measurement shows a marginal performance improvement over
the old implementation due to the use of batched dequeue.
An rmlock is used to synchronize use and registration/unregistration
using the framework; currently, synchronized use is disabled
(replicating current netisr policy) due to a measurable 3%-6% hit in
ping-pong micro-benchmarking. It will be enabled once further rmlock
optimization has taken place. However, in practice, netisrs are
rarely registered or unregistered at runtime.
A new man page for netisr will follow, but since one doesn't currently
exist, it hasn't been updated.
This change is not appropriate for MFC, although the polling shutdown
handler should be merged to 7-STABLE.
Bump __FreeBSD_version.
Reviewed by: bz
2009-06-01 10:41:38 +00:00
|
|
|
static struct netisr_handler rtsock_nh = {
|
|
|
|
.nh_name = "rtsock",
|
|
|
|
.nh_handler = rts_input,
|
|
|
|
.nh_proto = NETISR_ROUTE,
|
|
|
|
.nh_policy = NETISR_POLICY_SOURCE,
|
|
|
|
};
|
|
|
|
|
|
|
|
static int
|
|
|
|
sysctl_route_netisr_maxqlen(SYSCTL_HANDLER_ARGS)
|
|
|
|
{
|
|
|
|
int error, qlimit;
|
|
|
|
|
|
|
|
netisr_getqlimit(&rtsock_nh, &qlimit);
|
|
|
|
error = sysctl_handle_int(oidp, &qlimit, 0, req);
|
|
|
|
if (error || !req->newptr)
|
|
|
|
return (error);
|
|
|
|
if (qlimit < 1)
|
|
|
|
return (EINVAL);
|
|
|
|
return (netisr_setqlimit(&rtsock_nh, qlimit));
|
|
|
|
}
|
|
|
|
SYSCTL_PROC(_net_route, OID_AUTO, netisr_maxqlen, CTLTYPE_INT|CTLFLAG_RW,
|
|
|
|
0, 0, sysctl_route_netisr_maxqlen, "I",
|
|
|
|
"maximum routing socket dispatch queue length");
|
|
|
|
|
Introduce a netisr to deliver kernel-generated routing, avoiding
recursive entering of the socket code from the routing code:
- Modify rt_dispatch() to bundle up the sockaddr family, if any,
associated with a pending mbuf to dispatch to routing sockets, in
an m_tag on the mbuf.
- Allocate NETISR_ROUTE for use by routing sockets.
- Introduce rtsintrq, an ifqueue to be used by the netisr, and
introduce rts_input(), a function to unbundle the tagged sockaddr
and inject the mbuf and address into raw_input(), which previously
occurred in rt_dispatch().
- Introduce rts_init() to initialize rtsintrq, its mutex, and
register the netisr. Perform this at the same point in system
initialization as setup of the domains.
This change introduces asynchrony between the generation of a
pending routing socket message and delivery to sockets for use
by userspace. It avoids socket->routing->rtsock->socket use and
helps to avoid lock order reversals between the routing code and
socket code (in particular, raw socket control blocks), as route
locks are held over calls to rt_dispatch().
Reviewed by: "George V.Neville-Neil" <gnn@neville-neil.com>
Conceptual head nod by: sam
2004-06-09 02:48:23 +00:00
|
|
|
static void
|
|
|
|
rts_init(void)
|
|
|
|
{
|
2004-08-21 21:45:40 +00:00
|
|
|
int tmp;
|
Introduce a netisr to deliver kernel-generated routing, avoiding
recursive entering of the socket code from the routing code:
- Modify rt_dispatch() to bundle up the sockaddr family, if any,
associated with a pending mbuf to dispatch to routing sockets, in
an m_tag on the mbuf.
- Allocate NETISR_ROUTE for use by routing sockets.
- Introduce rtsintrq, an ifqueue to be used by the netisr, and
introduce rts_input(), a function to unbundle the tagged sockaddr
and inject the mbuf and address into raw_input(), which previously
occurred in rt_dispatch().
- Introduce rts_init() to initialize rtsintrq, its mutex, and
register the netisr. Perform this at the same point in system
initialization as setup of the domains.
This change introduces asynchrony between the generation of a
pending routing socket message and delivery to sockets for use
by userspace. It avoids socket->routing->rtsock->socket use and
helps to avoid lock order reversals between the routing code and
socket code (in particular, raw socket control blocks), as route
locks are held over calls to rt_dispatch().
Reviewed by: "George V.Neville-Neil" <gnn@neville-neil.com>
Conceptual head nod by: sam
2004-06-09 02:48:23 +00:00
|
|
|
|
2004-08-21 21:45:40 +00:00
|
|
|
if (TUNABLE_INT_FETCH("net.route.netisr_maxqlen", &tmp))
|
Reimplement the netisr framework in order to support parallel netisr
threads:
- Support up to one netisr thread per CPU, each processings its own
workstream, or set of per-protocol queues. Threads may be bound
to specific CPUs, or allowed to migrate, based on a global policy.
In the future it would be desirable to support topology-centric
policies, such as "one netisr per package".
- Allow each protocol to advertise an ordering policy, which can
currently be one of:
NETISR_POLICY_SOURCE: packets must maintain ordering with respect to
an implicit or explicit source (such as an interface or socket).
NETISR_POLICY_FLOW: make use of mbuf flow identifiers to place work,
as well as allowing protocols to provide a flow generation function
for mbufs without flow identifers (m2flow). Falls back on
NETISR_POLICY_SOURCE if now flow ID is available.
NETISR_POLICY_CPU: allow protocols to inspect and assign a CPU for
each packet handled by netisr (m2cpuid).
- Provide utility functions for querying the number of workstreams
being used, as well as a mapping function from workstream to CPU ID,
which protocols may use in work placement decisions.
- Add explicit interfaces to get and set per-protocol queue limits, and
get and clear drop counters, which query data or apply changes across
all workstreams.
- Add a more extensible netisr registration interface, in which
protocols declare 'struct netisr_handler' structures for each
registered NETISR_ type. These include name, handler function,
optional mbuf to flow ID function, optional mbuf to CPU ID function,
queue limit, and ordering policy. Padding is present to allow these
to be expanded in the future. If no queue limit is declared, then
a default is used.
- Queue limits are now per-workstream, and raised from the previous
IFQ_MAXLEN default of 50 to 256.
- All protocols are updated to use the new registration interface, and
with the exception of netnatm, default queue limits. Most protocols
register as NETISR_POLICY_SOURCE, except IPv4 and IPv6, which use
NETISR_POLICY_FLOW, and will therefore take advantage of driver-
generated flow IDs if present.
- Formalize a non-packet based interface between interface polling and
the netisr, rather than having polling pretend to be two protocols.
Provide two explicit hooks in the netisr worker for start and end
events for runs: netisr_poll() and netisr_pollmore(), as well as a
function, netisr_sched_poll(), to allow the polling code to schedule
netisr execution. DEVICE_POLLING still embeds single-netisr
assumptions in its implementation, so for now if it is compiled into
the kernel, a single and un-bound netisr thread is enforced
regardless of tunable configuration.
In the default configuration, the new netisr implementation maintains
the same basic assumptions as the previous implementation: a single,
un-bound worker thread processes all deferred work, and direct dispatch
is enabled by default wherever possible.
Performance measurement shows a marginal performance improvement over
the old implementation due to the use of batched dequeue.
An rmlock is used to synchronize use and registration/unregistration
using the framework; currently, synchronized use is disabled
(replicating current netisr policy) due to a measurable 3%-6% hit in
ping-pong micro-benchmarking. It will be enabled once further rmlock
optimization has taken place. However, in practice, netisrs are
rarely registered or unregistered at runtime.
A new man page for netisr will follow, but since one doesn't currently
exist, it hasn't been updated.
This change is not appropriate for MFC, although the polling shutdown
handler should be merged to 7-STABLE.
Bump __FreeBSD_version.
Reviewed by: bz
2009-06-01 10:41:38 +00:00
|
|
|
rtsock_nh.nh_qlimit = tmp;
|
|
|
|
netisr_register(&rtsock_nh);
|
Introduce a netisr to deliver kernel-generated routing, avoiding
recursive entering of the socket code from the routing code:
- Modify rt_dispatch() to bundle up the sockaddr family, if any,
associated with a pending mbuf to dispatch to routing sockets, in
an m_tag on the mbuf.
- Allocate NETISR_ROUTE for use by routing sockets.
- Introduce rtsintrq, an ifqueue to be used by the netisr, and
introduce rts_input(), a function to unbundle the tagged sockaddr
and inject the mbuf and address into raw_input(), which previously
occurred in rt_dispatch().
- Introduce rts_init() to initialize rtsintrq, its mutex, and
register the netisr. Perform this at the same point in system
initialization as setup of the domains.
This change introduces asynchrony between the generation of a
pending routing socket message and delivery to sockets for use
by userspace. It avoids socket->routing->rtsock->socket use and
helps to avoid lock order reversals between the routing code and
socket code (in particular, raw socket control blocks), as route
locks are held over calls to rt_dispatch().
Reviewed by: "George V.Neville-Neil" <gnn@neville-neil.com>
Conceptual head nod by: sam
2004-06-09 02:48:23 +00:00
|
|
|
}
|
2008-03-16 10:58:09 +00:00
|
|
|
SYSINIT(rtsock, SI_SUB_PROTO_DOMAIN, SI_ORDER_THIRD, rts_init, 0);
|
Introduce a netisr to deliver kernel-generated routing, avoiding
recursive entering of the socket code from the routing code:
- Modify rt_dispatch() to bundle up the sockaddr family, if any,
associated with a pending mbuf to dispatch to routing sockets, in
an m_tag on the mbuf.
- Allocate NETISR_ROUTE for use by routing sockets.
- Introduce rtsintrq, an ifqueue to be used by the netisr, and
introduce rts_input(), a function to unbundle the tagged sockaddr
and inject the mbuf and address into raw_input(), which previously
occurred in rt_dispatch().
- Introduce rts_init() to initialize rtsintrq, its mutex, and
register the netisr. Perform this at the same point in system
initialization as setup of the domains.
This change introduces asynchrony between the generation of a
pending routing socket message and delivery to sockets for use
by userspace. It avoids socket->routing->rtsock->socket use and
helps to avoid lock order reversals between the routing code and
socket code (in particular, raw socket control blocks), as route
locks are held over calls to rt_dispatch().
Reviewed by: "George V.Neville-Neil" <gnn@neville-neil.com>
Conceptual head nod by: sam
2004-06-09 02:48:23 +00:00
|
|
|
|
2011-09-28 13:48:36 +00:00
|
|
|
static int
|
|
|
|
raw_input_rts_cb(struct mbuf *m, struct sockproto *proto, struct sockaddr *src,
|
|
|
|
struct rawcb *rp)
|
|
|
|
{
|
|
|
|
int fibnum;
|
|
|
|
|
|
|
|
KASSERT(m != NULL, ("%s: m is NULL", __func__));
|
|
|
|
KASSERT(proto != NULL, ("%s: proto is NULL", __func__));
|
|
|
|
KASSERT(rp != NULL, ("%s: rp is NULL", __func__));
|
|
|
|
|
|
|
|
/* No filtering requested. */
|
|
|
|
if ((m->m_flags & RTS_FILTER_FIB) == 0)
|
|
|
|
return (0);
|
|
|
|
|
|
|
|
/* Check if it is a rts and the fib matches the one of the socket. */
|
|
|
|
fibnum = M_GETFIB(m);
|
|
|
|
if (proto->sp_family != PF_ROUTE ||
|
|
|
|
rp->rcb_socket == NULL ||
|
|
|
|
rp->rcb_socket->so_fibnum == fibnum)
|
|
|
|
return (0);
|
|
|
|
|
|
|
|
/* Filtering requested and no match, the socket shall be skipped. */
|
|
|
|
return (1);
|
|
|
|
}
|
|
|
|
|
Introduce a netisr to deliver kernel-generated routing, avoiding
recursive entering of the socket code from the routing code:
- Modify rt_dispatch() to bundle up the sockaddr family, if any,
associated with a pending mbuf to dispatch to routing sockets, in
an m_tag on the mbuf.
- Allocate NETISR_ROUTE for use by routing sockets.
- Introduce rtsintrq, an ifqueue to be used by the netisr, and
introduce rts_input(), a function to unbundle the tagged sockaddr
and inject the mbuf and address into raw_input(), which previously
occurred in rt_dispatch().
- Introduce rts_init() to initialize rtsintrq, its mutex, and
register the netisr. Perform this at the same point in system
initialization as setup of the domains.
This change introduces asynchrony between the generation of a
pending routing socket message and delivery to sockets for use
by userspace. It avoids socket->routing->rtsock->socket use and
helps to avoid lock order reversals between the routing code and
socket code (in particular, raw socket control blocks), as route
locks are held over calls to rt_dispatch().
Reviewed by: "George V.Neville-Neil" <gnn@neville-neil.com>
Conceptual head nod by: sam
2004-06-09 02:48:23 +00:00
|
|
|
static void
|
|
|
|
rts_input(struct mbuf *m)
|
|
|
|
{
|
|
|
|
struct sockproto route_proto;
|
|
|
|
unsigned short *family;
|
|
|
|
struct m_tag *tag;
|
|
|
|
|
|
|
|
route_proto.sp_family = PF_ROUTE;
|
|
|
|
tag = m_tag_find(m, PACKET_TAG_RTSOCKFAM, NULL);
|
|
|
|
if (tag != NULL) {
|
|
|
|
family = (unsigned short *)(tag + 1);
|
|
|
|
route_proto.sp_protocol = *family;
|
|
|
|
m_tag_delete(m, tag);
|
|
|
|
} else
|
|
|
|
route_proto.sp_protocol = 0;
|
|
|
|
|
2011-09-28 13:48:36 +00:00
|
|
|
raw_input_ext(m, &route_proto, &route_src, raw_input_rts_cb);
|
Introduce a netisr to deliver kernel-generated routing, avoiding
recursive entering of the socket code from the routing code:
- Modify rt_dispatch() to bundle up the sockaddr family, if any,
associated with a pending mbuf to dispatch to routing sockets, in
an m_tag on the mbuf.
- Allocate NETISR_ROUTE for use by routing sockets.
- Introduce rtsintrq, an ifqueue to be used by the netisr, and
introduce rts_input(), a function to unbundle the tagged sockaddr
and inject the mbuf and address into raw_input(), which previously
occurred in rt_dispatch().
- Introduce rts_init() to initialize rtsintrq, its mutex, and
register the netisr. Perform this at the same point in system
initialization as setup of the domains.
This change introduces asynchrony between the generation of a
pending routing socket message and delivery to sockets for use
by userspace. It avoids socket->routing->rtsock->socket use and
helps to avoid lock order reversals between the routing code and
socket code (in particular, raw socket control blocks), as route
locks are held over calls to rt_dispatch().
Reviewed by: "George V.Neville-Neil" <gnn@neville-neil.com>
Conceptual head nod by: sam
2004-06-09 02:48:23 +00:00
|
|
|
}
|
|
|
|
|
1997-04-27 20:01:29 +00:00
|
|
|
/*
|
|
|
|
* It really doesn't make any sense at all for this code to share much
|
|
|
|
* with raw_usrreq.c, since its functionality is so restricted. XXX
|
|
|
|
*/
|
2006-04-01 15:15:05 +00:00
|
|
|
static void
|
1997-04-27 20:01:29 +00:00
|
|
|
rts_abort(struct socket *so)
|
|
|
|
{
|
2005-08-25 13:30:04 +00:00
|
|
|
|
2006-04-01 15:15:05 +00:00
|
|
|
raw_usrreqs.pru_abort(so);
|
1997-04-27 20:01:29 +00:00
|
|
|
}
|
|
|
|
|
2006-07-21 17:11:15 +00:00
|
|
|
static void
|
|
|
|
rts_close(struct socket *so)
|
|
|
|
{
|
|
|
|
|
|
|
|
raw_usrreqs.pru_close(so);
|
|
|
|
}
|
|
|
|
|
1997-04-27 20:01:29 +00:00
|
|
|
/* pru_accept is EOPNOTSUPP */
|
|
|
|
|
1995-11-16 19:00:27 +00:00
|
|
|
static int
|
2001-09-12 08:38:13 +00:00
|
|
|
rts_attach(struct socket *so, int proto, struct thread *td)
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
1997-04-27 20:01:29 +00:00
|
|
|
struct rawcb *rp;
|
2012-10-18 13:57:24 +00:00
|
|
|
int error;
|
1997-04-27 20:01:29 +00:00
|
|
|
|
Chance protocol switch method pru_detach() so that it returns void
rather than an error. Detaches do not "fail", they other occur or
the protocol flags SS_PROTOREF to take ownership of the socket.
soclose() no longer looks at so_pcb to see if it's NULL, relying
entirely on the protocol to decide whether it's time to free the
socket or not using SS_PROTOREF. so_pcb is now entirely owned and
managed by the protocol code. Likewise, no longer test so_pcb in
other socket functions, such as soreceive(), which have no business
digging into protocol internals.
Protocol detach routines no longer try to free the socket on detach,
this is performed in the socket code if the protocol permits it.
In rts_detach(), no longer test for rp != NULL in detach, and
likewise in other protocols that don't permit a NULL so_pcb, reduce
the incidence of testing for it during detach.
netinet and netinet6 are not fully updated to this change, which
will be in an upcoming commit. In their current state they may leak
memory or panic.
MFC after: 3 months
2006-04-01 15:42:02 +00:00
|
|
|
KASSERT(so->so_pcb == NULL, ("rts_attach: so_pcb != NULL"));
|
|
|
|
|
2000-12-08 21:51:06 +00:00
|
|
|
/* XXX */
|
2008-10-23 15:53:51 +00:00
|
|
|
rp = malloc(sizeof *rp, M_PCB, M_WAITOK | M_ZERO);
|
2004-04-18 00:56:44 +00:00
|
|
|
if (rp == NULL)
|
1997-04-27 20:01:29 +00:00
|
|
|
return ENOBUFS;
|
|
|
|
|
|
|
|
so->so_pcb = (caddr_t)rp;
|
Add code to allow the system to handle multiple routing tables.
This particular implementation is designed to be fully backwards compatible
and to be MFC-able to 7.x (and 6.x)
Currently the only protocol that can make use of the multiple tables is IPv4
Similar functionality exists in OpenBSD and Linux.
From my notes:
-----
One thing where FreeBSD has been falling behind, and which by chance I
have some time to work on is "policy based routing", which allows
different
packet streams to be routed by more than just the destination address.
Constraints:
------------
I want to make some form of this available in the 6.x tree
(and by extension 7.x) , but FreeBSD in general needs it so I might as
well do it in -current and back port the portions I need.
One of the ways that this can be done is to have the ability to
instantiate multiple kernel routing tables (which I will now
refer to as "Forwarding Information Bases" or "FIBs" for political
correctness reasons). Which FIB a particular packet uses to make
the next hop decision can be decided by a number of mechanisms.
The policies these mechanisms implement are the "Policies" referred
to in "Policy based routing".
One of the constraints I have if I try to back port this work to
6.x is that it must be implemented as a EXTENSION to the existing
ABIs in 6.x so that third party applications do not need to be
recompiled in timespan of the branch.
This first version will not have some of the bells and whistles that
will come with later versions. It will, for example, be limited to 16
tables in the first commit.
Implementation method, Compatible version. (part 1)
-------------------------------
For this reason I have implemented a "sufficient subset" of a
multiple routing table solution in Perforce, and back-ported it
to 6.x. (also in Perforce though not always caught up with what I
have done in -current/P4). The subset allows a number of FIBs
to be defined at compile time (8 is sufficient for my purposes in 6.x)
and implements the changes needed to allow IPV4 to use them. I have not
done the changes for ipv6 simply because I do not need it, and I do not
have enough knowledge of ipv6 (e.g. neighbor discovery) needed to do it.
Other protocol families are left untouched and should there be
users with proprietary protocol families, they should continue to work
and be oblivious to the existence of the extra FIBs.
To understand how this is done, one must know that the current FIB
code starts everything off with a single dimensional array of
pointers to FIB head structures (One per protocol family), each of
which in turn points to the trie of routes available to that family.
The basic change in the ABI compatible version of the change is to
extent that array to be a 2 dimensional array, so that
instead of protocol family X looking at rt_tables[X] for the
table it needs, it looks at rt_tables[Y][X] when for all
protocol families except ipv4 Y is always 0.
Code that is unaware of the change always just sees the first row
of the table, which of course looks just like the one dimensional
array that existed before.
The entry points rtrequest(), rtalloc(), rtalloc1(), rtalloc_ign()
are all maintained, but refer only to the first row of the array,
so that existing callers in proprietary protocols can continue to
do the "right thing".
Some new entry points are added, for the exclusive use of ipv4 code
called in_rtrequest(), in_rtalloc(), in_rtalloc1() and in_rtalloc_ign(),
which have an extra argument which refers the code to the correct row.
In addition, there are some new entry points (currently called
rtalloc_fib() and friends) that check the Address family being
looked up and call either rtalloc() (and friends) if the protocol
is not IPv4 forcing the action to row 0 or to the appropriate row
if it IS IPv4 (and that info is available). These are for calling
from code that is not specific to any particular protocol. The way
these are implemented would change in the non ABI preserving code
to be added later.
One feature of the first version of the code is that for ipv4,
the interface routes show up automatically on all the FIBs, so
that no matter what FIB you select you always have the basic
direct attached hosts available to you. (rtinit() does this
automatically).
You CAN delete an interface route from one FIB should you want
to but by default it's there. ARP information is also available
in each FIB. It's assumed that the same machine would have the
same MAC address, regardless of which FIB you are using to get
to it.
This brings us as to how the correct FIB is selected for an outgoing
IPV4 packet.
Firstly, all packets have a FIB associated with them. if nothing
has been done to change it, it will be FIB 0. The FIB is changed
in the following ways.
Packets fall into one of a number of classes.
1/ locally generated packets, coming from a socket/PCB.
Such packets select a FIB from a number associated with the
socket/PCB. This in turn is inherited from the process,
but can be changed by a socket option. The process in turn
inherits it on fork. I have written a utility call setfib
that acts a bit like nice..
setfib -3 ping target.example.com # will use fib 3 for ping.
It is an obvious extension to make it a property of a jail
but I have not done so. It can be achieved by combining the setfib and
jail commands.
2/ packets received on an interface for forwarding.
By default these packets would use table 0,
(or possibly a number settable in a sysctl(not yet)).
but prior to routing the firewall can inspect them (see below).
(possibly in the future you may be able to associate a FIB
with packets received on an interface.. An ifconfig arg, but not yet.)
3/ packets inspected by a packet classifier, which can arbitrarily
associate a fib with it on a packet by packet basis.
A fib assigned to a packet by a packet classifier
(such as ipfw) would over-ride a fib associated by
a more default source. (such as cases 1 or 2).
4/ a tcp listen socket associated with a fib will generate
accept sockets that are associated with that same fib.
5/ Packets generated in response to some other packet (e.g. reset
or icmp packets). These should use the FIB associated with the
packet being reponded to.
6/ Packets generated during encapsulation.
gif, tun and other tunnel interfaces will encapsulate using the FIB
that was in effect withthe proces that set up the tunnel.
thus setfib 1 ifconfig gif0 [tunnel instructions]
will set the fib for the tunnel to use to be fib 1.
Routing messages would be associated with their
process, and thus select one FIB or another.
messages from the kernel would be associated with the fib they
refer to and would only be received by a routing socket associated
with that fib. (not yet implemented)
In addition Netstat has been edited to be able to cope with the
fact that the array is now 2 dimensional. (It looks in system
memory using libkvm (!)). Old versions of netstat see only the first FIB.
In addition two sysctls are added to give:
a) the number of FIBs compiled in (active)
b) the default FIB of the calling process.
Early testing experience:
-------------------------
Basically our (IronPort's) appliance does this functionality already
using ipfw fwd but that method has some drawbacks.
For example,
It can't fully simulate a routing table because it can't influence the
socket's choice of local address when a connect() is done.
Testing during the generating of these changes has been
remarkably smooth so far. Multiple tables have co-existed
with no notable side effects, and packets have been routes
accordingly.
ipfw has grown 2 new keywords:
setfib N ip from anay to any
count ip from any to any fib N
In pf there seems to be a requirement to be able to give symbolic names to the
fibs but I do not have that capacity. I am not sure if it is required.
SCTP has interestingly enough built in support for this, called VRFs
in Cisco parlance. it will be interesting to see how that handles it
when it suddenly actually does something.
Where to next:
--------------------
After committing the ABI compatible version and MFCing it, I'd
like to proceed in a forward direction in -current. this will
result in some roto-tilling in the routing code.
Firstly: the current code's idea of having a separate tree per
protocol family, all of the same format, and pointed to by the
1 dimensional array is a bit silly. Especially when one considers that
there is code that makes assumptions about every protocol having the
same internal structures there. Some protocols don't WANT that
sort of structure. (for example the whole idea of a netmask is foreign
to appletalk). This needs to be made opaque to the external code.
My suggested first change is to add routing method pointers to the
'domain' structure, along with information pointing the data.
instead of having an array of pointers to uniform structures,
there would be an array pointing to the 'domain' structures
for each protocol address domain (protocol family),
and the methods this reached would be called. The methods would have
an argument that gives FIB number, but the protocol would be free
to ignore it.
When the ABI can be changed it raises the possibilty of the
addition of a fib entry into the "struct route". Currently,
the structure contains the sockaddr of the desination, and the resulting
fib entry. To make this work fully, one could add a fib number
so that given an address and a fib, one can find the third element, the
fib entry.
Interaction with the ARP layer/ LL layer would need to be
revisited as well. Qing Li has been working on this already.
This work was sponsored by Ironport Systems/Cisco
Reviewed by: several including rwatson, bz and mlair (parts each)
Obtained from: Ironport systems/Cisco
2008-05-09 23:03:00 +00:00
|
|
|
so->so_fibnum = td->td_proc->p_fibnum;
|
2001-08-31 12:31:09 +00:00
|
|
|
error = raw_attach(so, proto);
|
1997-04-27 20:01:29 +00:00
|
|
|
rp = sotorawcb(so);
|
|
|
|
if (error) {
|
2001-08-02 19:56:29 +00:00
|
|
|
so->so_pcb = NULL;
|
1997-04-27 20:01:29 +00:00
|
|
|
free(rp, M_PCB);
|
|
|
|
return error;
|
|
|
|
}
|
2003-10-03 18:27:02 +00:00
|
|
|
RTSOCK_LOCK();
|
1997-04-27 20:01:29 +00:00
|
|
|
switch(rp->rcb_proto.sp_protocol) {
|
|
|
|
case AF_INET:
|
2014-02-19 08:29:07 +00:00
|
|
|
V_route_cb.ip_count++;
|
1997-04-27 20:01:29 +00:00
|
|
|
break;
|
2000-01-28 20:10:51 +00:00
|
|
|
case AF_INET6:
|
2014-02-19 08:29:07 +00:00
|
|
|
V_route_cb.ip6_count++;
|
2000-01-28 20:10:51 +00:00
|
|
|
break;
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
2014-02-19 08:29:07 +00:00
|
|
|
V_route_cb.any_count++;
|
2003-10-03 18:27:02 +00:00
|
|
|
RTSOCK_UNLOCK();
|
2002-06-18 07:42:02 +00:00
|
|
|
soisconnected(so);
|
1997-04-27 20:01:29 +00:00
|
|
|
so->so_options |= SO_USELOOPBACK;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2001-09-12 08:38:13 +00:00
|
|
|
rts_bind(struct socket *so, struct sockaddr *nam, struct thread *td)
|
1997-04-27 20:01:29 +00:00
|
|
|
{
|
2005-08-25 13:30:04 +00:00
|
|
|
|
|
|
|
return (raw_usrreqs.pru_bind(so, nam, td)); /* xxx just EINVAL */
|
1997-04-27 20:01:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2001-09-12 08:38:13 +00:00
|
|
|
rts_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
|
1997-04-27 20:01:29 +00:00
|
|
|
{
|
2005-08-25 13:30:04 +00:00
|
|
|
|
|
|
|
return (raw_usrreqs.pru_connect(so, nam, td)); /* XXX just EINVAL */
|
1997-04-27 20:01:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* pru_connect2 is EOPNOTSUPP */
|
|
|
|
/* pru_control is EOPNOTSUPP */
|
|
|
|
|
Chance protocol switch method pru_detach() so that it returns void
rather than an error. Detaches do not "fail", they other occur or
the protocol flags SS_PROTOREF to take ownership of the socket.
soclose() no longer looks at so_pcb to see if it's NULL, relying
entirely on the protocol to decide whether it's time to free the
socket or not using SS_PROTOREF. so_pcb is now entirely owned and
managed by the protocol code. Likewise, no longer test so_pcb in
other socket functions, such as soreceive(), which have no business
digging into protocol internals.
Protocol detach routines no longer try to free the socket on detach,
this is performed in the socket code if the protocol permits it.
In rts_detach(), no longer test for rp != NULL in detach, and
likewise in other protocols that don't permit a NULL so_pcb, reduce
the incidence of testing for it during detach.
netinet and netinet6 are not fully updated to this change, which
will be in an upcoming commit. In their current state they may leak
memory or panic.
MFC after: 3 months
2006-04-01 15:42:02 +00:00
|
|
|
static void
|
1997-04-27 20:01:29 +00:00
|
|
|
rts_detach(struct socket *so)
|
|
|
|
{
|
|
|
|
struct rawcb *rp = sotorawcb(so);
|
|
|
|
|
Chance protocol switch method pru_detach() so that it returns void
rather than an error. Detaches do not "fail", they other occur or
the protocol flags SS_PROTOREF to take ownership of the socket.
soclose() no longer looks at so_pcb to see if it's NULL, relying
entirely on the protocol to decide whether it's time to free the
socket or not using SS_PROTOREF. so_pcb is now entirely owned and
managed by the protocol code. Likewise, no longer test so_pcb in
other socket functions, such as soreceive(), which have no business
digging into protocol internals.
Protocol detach routines no longer try to free the socket on detach,
this is performed in the socket code if the protocol permits it.
In rts_detach(), no longer test for rp != NULL in detach, and
likewise in other protocols that don't permit a NULL so_pcb, reduce
the incidence of testing for it during detach.
netinet and netinet6 are not fully updated to this change, which
will be in an upcoming commit. In their current state they may leak
memory or panic.
MFC after: 3 months
2006-04-01 15:42:02 +00:00
|
|
|
KASSERT(rp != NULL, ("rts_detach: rp == NULL"));
|
|
|
|
|
|
|
|
RTSOCK_LOCK();
|
|
|
|
switch(rp->rcb_proto.sp_protocol) {
|
|
|
|
case AF_INET:
|
2014-02-19 08:29:07 +00:00
|
|
|
V_route_cb.ip_count--;
|
Chance protocol switch method pru_detach() so that it returns void
rather than an error. Detaches do not "fail", they other occur or
the protocol flags SS_PROTOREF to take ownership of the socket.
soclose() no longer looks at so_pcb to see if it's NULL, relying
entirely on the protocol to decide whether it's time to free the
socket or not using SS_PROTOREF. so_pcb is now entirely owned and
managed by the protocol code. Likewise, no longer test so_pcb in
other socket functions, such as soreceive(), which have no business
digging into protocol internals.
Protocol detach routines no longer try to free the socket on detach,
this is performed in the socket code if the protocol permits it.
In rts_detach(), no longer test for rp != NULL in detach, and
likewise in other protocols that don't permit a NULL so_pcb, reduce
the incidence of testing for it during detach.
netinet and netinet6 are not fully updated to this change, which
will be in an upcoming commit. In their current state they may leak
memory or panic.
MFC after: 3 months
2006-04-01 15:42:02 +00:00
|
|
|
break;
|
|
|
|
case AF_INET6:
|
2014-02-19 08:29:07 +00:00
|
|
|
V_route_cb.ip6_count--;
|
Chance protocol switch method pru_detach() so that it returns void
rather than an error. Detaches do not "fail", they other occur or
the protocol flags SS_PROTOREF to take ownership of the socket.
soclose() no longer looks at so_pcb to see if it's NULL, relying
entirely on the protocol to decide whether it's time to free the
socket or not using SS_PROTOREF. so_pcb is now entirely owned and
managed by the protocol code. Likewise, no longer test so_pcb in
other socket functions, such as soreceive(), which have no business
digging into protocol internals.
Protocol detach routines no longer try to free the socket on detach,
this is performed in the socket code if the protocol permits it.
In rts_detach(), no longer test for rp != NULL in detach, and
likewise in other protocols that don't permit a NULL so_pcb, reduce
the incidence of testing for it during detach.
netinet and netinet6 are not fully updated to this change, which
will be in an upcoming commit. In their current state they may leak
memory or panic.
MFC after: 3 months
2006-04-01 15:42:02 +00:00
|
|
|
break;
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
2014-02-19 08:29:07 +00:00
|
|
|
V_route_cb.any_count--;
|
Chance protocol switch method pru_detach() so that it returns void
rather than an error. Detaches do not "fail", they other occur or
the protocol flags SS_PROTOREF to take ownership of the socket.
soclose() no longer looks at so_pcb to see if it's NULL, relying
entirely on the protocol to decide whether it's time to free the
socket or not using SS_PROTOREF. so_pcb is now entirely owned and
managed by the protocol code. Likewise, no longer test so_pcb in
other socket functions, such as soreceive(), which have no business
digging into protocol internals.
Protocol detach routines no longer try to free the socket on detach,
this is performed in the socket code if the protocol permits it.
In rts_detach(), no longer test for rp != NULL in detach, and
likewise in other protocols that don't permit a NULL so_pcb, reduce
the incidence of testing for it during detach.
netinet and netinet6 are not fully updated to this change, which
will be in an upcoming commit. In their current state they may leak
memory or panic.
MFC after: 3 months
2006-04-01 15:42:02 +00:00
|
|
|
RTSOCK_UNLOCK();
|
|
|
|
raw_usrreqs.pru_detach(so);
|
1997-04-27 20:01:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
rts_disconnect(struct socket *so)
|
|
|
|
{
|
2005-08-25 13:30:04 +00:00
|
|
|
|
|
|
|
return (raw_usrreqs.pru_disconnect(so));
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
|
1997-04-27 20:01:29 +00:00
|
|
|
/* pru_listen is EOPNOTSUPP */
|
|
|
|
|
|
|
|
static int
|
1997-08-16 19:16:27 +00:00
|
|
|
rts_peeraddr(struct socket *so, struct sockaddr **nam)
|
1997-04-27 20:01:29 +00:00
|
|
|
{
|
2005-08-25 13:30:04 +00:00
|
|
|
|
|
|
|
return (raw_usrreqs.pru_peeraddr(so, nam));
|
1997-04-27 20:01:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* pru_rcvd is EOPNOTSUPP */
|
|
|
|
/* pru_rcvoob is EOPNOTSUPP */
|
|
|
|
|
|
|
|
static int
|
1997-08-16 19:16:27 +00:00
|
|
|
rts_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam,
|
2001-09-12 08:38:13 +00:00
|
|
|
struct mbuf *control, struct thread *td)
|
1997-04-27 20:01:29 +00:00
|
|
|
{
|
2005-08-25 13:30:04 +00:00
|
|
|
|
|
|
|
return (raw_usrreqs.pru_send(so, flags, m, nam, control, td));
|
1997-04-27 20:01:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* pru_sense is null */
|
|
|
|
|
|
|
|
static int
|
|
|
|
rts_shutdown(struct socket *so)
|
|
|
|
{
|
2005-08-25 13:30:04 +00:00
|
|
|
|
|
|
|
return (raw_usrreqs.pru_shutdown(so));
|
1997-04-27 20:01:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
1997-08-16 19:16:27 +00:00
|
|
|
rts_sockaddr(struct socket *so, struct sockaddr **nam)
|
1997-04-27 20:01:29 +00:00
|
|
|
{
|
2005-08-25 13:30:04 +00:00
|
|
|
|
|
|
|
return (raw_usrreqs.pru_sockaddr(so, nam));
|
1997-04-27 20:01:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static struct pr_usrreqs route_usrreqs = {
|
2004-11-08 14:44:54 +00:00
|
|
|
.pru_abort = rts_abort,
|
|
|
|
.pru_attach = rts_attach,
|
|
|
|
.pru_bind = rts_bind,
|
|
|
|
.pru_connect = rts_connect,
|
|
|
|
.pru_detach = rts_detach,
|
|
|
|
.pru_disconnect = rts_disconnect,
|
|
|
|
.pru_peeraddr = rts_peeraddr,
|
|
|
|
.pru_send = rts_send,
|
|
|
|
.pru_shutdown = rts_shutdown,
|
|
|
|
.pru_sockaddr = rts_sockaddr,
|
2006-07-21 17:11:15 +00:00
|
|
|
.pru_close = rts_close,
|
1997-04-27 20:01:29 +00:00
|
|
|
};
|
|
|
|
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#ifndef _SOCKADDR_UNION_DEFINED
|
|
|
|
#define _SOCKADDR_UNION_DEFINED
|
|
|
|
/*
|
|
|
|
* The union of all possible address formats we handle.
|
|
|
|
*/
|
|
|
|
union sockaddr_union {
|
|
|
|
struct sockaddr sa;
|
|
|
|
struct sockaddr_in sin;
|
|
|
|
struct sockaddr_in6 sin6;
|
|
|
|
};
|
|
|
|
#endif /* _SOCKADDR_UNION_DEFINED */
|
|
|
|
|
|
|
|
static int
|
|
|
|
rtm_get_jailed(struct rt_addrinfo *info, struct ifnet *ifp,
|
|
|
|
struct rtentry *rt, union sockaddr_union *saun, struct ucred *cred)
|
|
|
|
{
|
|
|
|
|
2009-02-05 14:58:16 +00:00
|
|
|
/* First, see if the returned address is part of the jail. */
|
|
|
|
if (prison_if(cred, rt->rt_ifa->ifa_addr) == 0) {
|
|
|
|
info->rti_info[RTAX_IFA] = rt->rt_ifa->ifa_addr;
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
switch (info->rti_info[RTAX_DST]->sa_family) {
|
|
|
|
#ifdef INET
|
|
|
|
case AF_INET:
|
|
|
|
{
|
|
|
|
struct in_addr ia;
|
2009-02-05 14:58:16 +00:00
|
|
|
struct ifaddr *ifa;
|
|
|
|
int found;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2009-02-05 14:58:16 +00:00
|
|
|
found = 0;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
/*
|
2009-02-05 14:58:16 +00:00
|
|
|
* Try to find an address on the given outgoing interface
|
|
|
|
* that belongs to the jail.
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*/
|
2012-01-05 19:00:36 +00:00
|
|
|
IF_ADDR_RLOCK(ifp);
|
2009-02-05 14:58:16 +00:00
|
|
|
TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
|
|
|
|
struct sockaddr *sa;
|
|
|
|
sa = ifa->ifa_addr;
|
|
|
|
if (sa->sa_family != AF_INET)
|
|
|
|
continue;
|
|
|
|
ia = ((struct sockaddr_in *)sa)->sin_addr;
|
|
|
|
if (prison_check_ip4(cred, &ia) == 0) {
|
|
|
|
found = 1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2012-01-05 19:00:36 +00:00
|
|
|
IF_ADDR_RUNLOCK(ifp);
|
2009-02-05 14:58:16 +00:00
|
|
|
if (!found) {
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
/*
|
2009-02-05 14:58:16 +00:00
|
|
|
* As a last resort return the 'default' jail address.
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*/
|
2009-05-27 14:11:23 +00:00
|
|
|
ia = ((struct sockaddr_in *)rt->rt_ifa->ifa_addr)->
|
|
|
|
sin_addr;
|
2009-02-05 14:58:16 +00:00
|
|
|
if (prison_get_ip4(cred, &ia) != 0)
|
|
|
|
return (ESRCH);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
2009-02-05 14:58:16 +00:00
|
|
|
bzero(&saun->sin, sizeof(struct sockaddr_in));
|
|
|
|
saun->sin.sin_len = sizeof(struct sockaddr_in);
|
|
|
|
saun->sin.sin_family = AF_INET;
|
|
|
|
saun->sin.sin_addr.s_addr = ia.s_addr;
|
|
|
|
info->rti_info[RTAX_IFA] = (struct sockaddr *)&saun->sin;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
|
|
|
case AF_INET6:
|
|
|
|
{
|
|
|
|
struct in6_addr ia6;
|
2009-02-05 14:58:16 +00:00
|
|
|
struct ifaddr *ifa;
|
|
|
|
int found;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2009-02-05 14:58:16 +00:00
|
|
|
found = 0;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
/*
|
2009-02-05 14:58:16 +00:00
|
|
|
* Try to find an address on the given outgoing interface
|
|
|
|
* that belongs to the jail.
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*/
|
2012-01-05 19:00:36 +00:00
|
|
|
IF_ADDR_RLOCK(ifp);
|
2009-02-05 14:58:16 +00:00
|
|
|
TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
|
|
|
|
struct sockaddr *sa;
|
|
|
|
sa = ifa->ifa_addr;
|
|
|
|
if (sa->sa_family != AF_INET6)
|
|
|
|
continue;
|
|
|
|
bcopy(&((struct sockaddr_in6 *)sa)->sin6_addr,
|
|
|
|
&ia6, sizeof(struct in6_addr));
|
|
|
|
if (prison_check_ip6(cred, &ia6) == 0) {
|
|
|
|
found = 1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2012-01-05 19:00:36 +00:00
|
|
|
IF_ADDR_RUNLOCK(ifp);
|
2009-02-05 14:58:16 +00:00
|
|
|
if (!found) {
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
/*
|
2009-02-05 14:58:16 +00:00
|
|
|
* As a last resort return the 'default' jail address.
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*/
|
2009-05-27 14:11:23 +00:00
|
|
|
ia6 = ((struct sockaddr_in6 *)rt->rt_ifa->ifa_addr)->
|
|
|
|
sin6_addr;
|
2009-02-05 14:58:16 +00:00
|
|
|
if (prison_get_ip6(cred, &ia6) != 0)
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
return (ESRCH);
|
|
|
|
}
|
2009-02-05 14:58:16 +00:00
|
|
|
bzero(&saun->sin6, sizeof(struct sockaddr_in6));
|
|
|
|
saun->sin6.sin6_len = sizeof(struct sockaddr_in6);
|
|
|
|
saun->sin6.sin6_family = AF_INET6;
|
|
|
|
bcopy(&ia6, &saun->sin6.sin6_addr, sizeof(struct in6_addr));
|
|
|
|
if (sa6_recoverscope(&saun->sin6) != 0)
|
|
|
|
return (ESRCH);
|
|
|
|
info->rti_info[RTAX_IFA] = (struct sockaddr *)&saun->sin6;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
default:
|
|
|
|
return (ESRCH);
|
|
|
|
}
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
/*ARGSUSED*/
|
1995-11-16 19:00:27 +00:00
|
|
|
static int
|
2014-08-15 02:43:02 +00:00
|
|
|
route_output(struct mbuf *m, struct socket *so, ...)
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
2004-04-18 00:56:44 +00:00
|
|
|
struct rt_msghdr *rtm = NULL;
|
|
|
|
struct rtentry *rt = NULL;
|
1995-05-10 16:48:52 +00:00
|
|
|
struct radix_node_head *rnh;
|
1994-05-24 10:09:53 +00:00
|
|
|
struct rt_addrinfo info;
|
2012-12-05 19:45:24 +00:00
|
|
|
struct sockaddr_storage ss;
|
Fix incorrect netmasks being passed via rtsock.
Since radix has been ignoring sa_family in passed sockaddrs,
no one ever has bothered filling valid sa_family in netmasks.
Additionally, radix adjusts sa_len field in every netmask not to
compare zero bytes at all.
This leads us to rt_mask with sa_family of AF_UNSPEC (-1) and
arbitrary sa_len field (0 for default route, for example).
However, rtsock have been passing that rt_mask intact for ages,
requiring all rtsock consumers to make ther own local hacks.
We even have unfixed on in base:
do `route -n monitor` in one window and issue `route -n get addr`
for some directly-connected address. You will probably see the following:
got message of size 304 on Thu May 8 15:06:06 2014
RTM_GET: Report Metrics: len 304, pid: 30493, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 (255) ffff ffff ff em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
after the change:
got message of size 312 on Thu May 8 15:44:07 2014
RTM_GET: Report Metrics: len 312, pid: 2895, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 255.255.255.0 em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
Sponsored by: Yandex LLC
MFC after: 1 month
2014-05-08 11:56:06 +00:00
|
|
|
#ifdef INET6
|
2012-11-17 20:19:00 +00:00
|
|
|
struct sockaddr_in6 *sin6;
|
2012-12-05 19:45:24 +00:00
|
|
|
int i, rti_need_deembed = 0;
|
2012-11-17 20:19:00 +00:00
|
|
|
#endif
|
2014-04-27 17:41:18 +00:00
|
|
|
int alloc_len = 0, len, error = 0, fibnum;
|
2004-04-18 00:56:44 +00:00
|
|
|
struct ifnet *ifp = NULL;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
union sockaddr_union saun;
|
2011-11-03 18:33:30 +00:00
|
|
|
sa_family_t saf = AF_UNSPEC;
|
2014-04-27 10:20:37 +00:00
|
|
|
struct rawcb *rp = NULL;
|
2014-04-27 17:41:18 +00:00
|
|
|
struct walkarg w;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2014-04-27 02:20:09 +00:00
|
|
|
fibnum = so->so_fibnum;
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
#define senderr(e) { error = e; goto flush;}
|
2004-04-18 00:56:44 +00:00
|
|
|
if (m == NULL || ((m->m_len < sizeof(long)) &&
|
|
|
|
(m = m_pullup(m, sizeof(long))) == NULL))
|
1994-05-24 10:09:53 +00:00
|
|
|
return (ENOBUFS);
|
|
|
|
if ((m->m_flags & M_PKTHDR) == 0)
|
|
|
|
panic("route_output");
|
|
|
|
len = m->m_pkthdr.len;
|
|
|
|
if (len < sizeof(*rtm) ||
|
2014-04-27 10:43:48 +00:00
|
|
|
len != mtod(m, struct rt_msghdr *)->rtm_msglen)
|
1994-05-24 10:09:53 +00:00
|
|
|
senderr(EINVAL);
|
2014-04-27 10:43:48 +00:00
|
|
|
|
2014-04-27 17:41:18 +00:00
|
|
|
/*
|
|
|
|
* Most of current messages are in range 200-240 bytes,
|
2014-04-29 19:48:11 +00:00
|
|
|
* minimize possible re-allocation on reply using larger size
|
|
|
|
* buffer aligned on 1k boundaty.
|
2014-04-27 17:41:18 +00:00
|
|
|
*/
|
2014-04-29 19:48:11 +00:00
|
|
|
alloc_len = roundup2(len, 1024);
|
|
|
|
if ((rtm = malloc(alloc_len, M_TEMP, M_NOWAIT)) == NULL)
|
|
|
|
senderr(ENOBUFS);
|
2014-04-27 17:41:18 +00:00
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
m_copydata(m, 0, len, (caddr_t)rtm);
|
2014-04-27 10:43:48 +00:00
|
|
|
bzero(&info, sizeof(info));
|
2014-04-27 17:41:18 +00:00
|
|
|
bzero(&w, sizeof(w));
|
2014-04-27 10:43:48 +00:00
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
if (rtm->rtm_version != RTM_VERSION) {
|
2014-04-27 10:43:48 +00:00
|
|
|
/* Do not touch message since format is unknown */
|
2014-04-29 19:48:11 +00:00
|
|
|
free(rtm, M_TEMP);
|
2014-04-27 10:43:48 +00:00
|
|
|
rtm = NULL;
|
1994-05-24 10:09:53 +00:00
|
|
|
senderr(EPROTONOSUPPORT);
|
|
|
|
}
|
2014-04-27 10:43:48 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Starting from here, it is possible
|
|
|
|
* to alter original message and insert
|
|
|
|
* caller PID and error value.
|
|
|
|
*/
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
rtm->rtm_pid = curproc->p_pid;
|
|
|
|
info.rti_addrs = rtm->rtm_addrs;
|
2014-04-29 19:14:42 +00:00
|
|
|
|
|
|
|
info.rti_mflags = rtm->rtm_inits;
|
|
|
|
info.rti_rmx = &rtm->rtm_rmx;
|
|
|
|
|
2012-12-05 19:45:24 +00:00
|
|
|
/*
|
|
|
|
* rt_xaddrs() performs s6_addr[2] := sin6_scope_id for AF_INET6
|
|
|
|
* link-local address because rtrequest requires addresses with
|
|
|
|
* embedded scope id.
|
|
|
|
*/
|
2014-04-27 10:43:48 +00:00
|
|
|
if (rt_xaddrs((caddr_t)(rtm + 1), len + (caddr_t)rtm, &info))
|
1997-07-18 11:44:24 +00:00
|
|
|
senderr(EINVAL);
|
2014-04-27 10:43:48 +00:00
|
|
|
|
2001-10-17 18:07:05 +00:00
|
|
|
info.rti_flags = rtm->rtm_flags;
|
2004-04-18 00:56:44 +00:00
|
|
|
if (info.rti_info[RTAX_DST] == NULL ||
|
2003-10-03 18:15:54 +00:00
|
|
|
info.rti_info[RTAX_DST]->sa_family >= AF_MAX ||
|
2004-04-18 00:56:44 +00:00
|
|
|
(info.rti_info[RTAX_GATEWAY] != NULL &&
|
2003-10-03 18:15:54 +00:00
|
|
|
info.rti_info[RTAX_GATEWAY]->sa_family >= AF_MAX))
|
1994-05-24 10:09:53 +00:00
|
|
|
senderr(EINVAL);
|
2011-11-03 18:33:30 +00:00
|
|
|
saf = info.rti_info[RTAX_DST]->sa_family;
|
2001-08-31 12:31:09 +00:00
|
|
|
/*
|
|
|
|
* Verify that the caller has the appropriate privilege; RTM_GET
|
|
|
|
* is the only operation the non-superuser is allowed.
|
|
|
|
*/
|
2006-11-06 13:42:10 +00:00
|
|
|
if (rtm->rtm_type != RTM_GET) {
|
|
|
|
error = priv_check(curthread, PRIV_NET_ROUTE);
|
|
|
|
if (error)
|
|
|
|
senderr(error);
|
|
|
|
}
|
2001-08-31 12:31:09 +00:00
|
|
|
|
2009-08-28 07:01:09 +00:00
|
|
|
/*
|
|
|
|
* The given gateway address may be an interface address.
|
|
|
|
* For example, issuing a "route change" command on a route
|
|
|
|
* entry that was created from a tunnel, and the gateway
|
|
|
|
* address given is the local end point. In this case the
|
|
|
|
* RTF_GATEWAY flag must be cleared or the destination will
|
|
|
|
* not be reachable even though there is no error message.
|
|
|
|
*/
|
|
|
|
if (info.rti_info[RTAX_GATEWAY] != NULL &&
|
|
|
|
info.rti_info[RTAX_GATEWAY]->sa_family != AF_LINK) {
|
|
|
|
struct route gw_ro;
|
|
|
|
|
|
|
|
bzero(&gw_ro, sizeof(gw_ro));
|
|
|
|
gw_ro.ro_dst = *info.rti_info[RTAX_GATEWAY];
|
2014-04-26 22:32:04 +00:00
|
|
|
rtalloc_ign_fib(&gw_ro, 0, fibnum);
|
2009-08-28 07:01:09 +00:00
|
|
|
/*
|
|
|
|
* A host route through the loopback interface is
|
|
|
|
* installed for each interface adddress. In pre 8.0
|
|
|
|
* releases the interface address of a PPP link type
|
|
|
|
* is not reachable locally. This behavior is fixed as
|
|
|
|
* part of the new L2/L3 redesign and rewrite work. The
|
|
|
|
* signature of this interface address route is the
|
|
|
|
* AF_LINK sa_family type of the rt_gateway, and the
|
|
|
|
* rt_ifp has the IFF_LOOPBACK flag set.
|
|
|
|
*/
|
|
|
|
if (gw_ro.ro_rt != NULL &&
|
|
|
|
gw_ro.ro_rt->rt_gateway->sa_family == AF_LINK &&
|
2013-06-25 00:10:49 +00:00
|
|
|
gw_ro.ro_rt->rt_ifp->if_flags & IFF_LOOPBACK) {
|
2009-08-28 07:01:09 +00:00
|
|
|
info.rti_flags &= ~RTF_GATEWAY;
|
2013-06-25 00:10:49 +00:00
|
|
|
info.rti_flags |= RTF_GWFLAG_COMPAT;
|
|
|
|
}
|
2009-08-28 07:01:09 +00:00
|
|
|
if (gw_ro.ro_rt != NULL)
|
|
|
|
RTFREE(gw_ro.ro_rt);
|
|
|
|
}
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
switch (rtm->rtm_type) {
|
2003-10-03 18:15:54 +00:00
|
|
|
struct rtentry *saved_nrt;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
case RTM_ADD:
|
2014-04-26 21:03:41 +00:00
|
|
|
case RTM_CHANGE:
|
2004-04-18 00:56:44 +00:00
|
|
|
if (info.rti_info[RTAX_GATEWAY] == NULL)
|
1994-05-24 10:09:53 +00:00
|
|
|
senderr(EINVAL);
|
2004-04-18 00:56:44 +00:00
|
|
|
saved_nrt = NULL;
|
2008-12-26 19:45:24 +00:00
|
|
|
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
/* support for new ARP code */
|
2008-12-26 19:45:24 +00:00
|
|
|
if (info.rti_info[RTAX_GATEWAY]->sa_family == AF_LINK &&
|
|
|
|
(rtm->rtm_flags & RTF_LLDATA) != 0) {
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
error = lla_rt_output(rtm, &info);
|
2012-12-05 19:45:24 +00:00
|
|
|
#ifdef INET6
|
|
|
|
if (error == 0)
|
|
|
|
rti_need_deembed = (V_deembed_scopeid) ? 1 : 0;
|
|
|
|
#endif
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
break;
|
|
|
|
}
|
2014-04-26 21:03:41 +00:00
|
|
|
error = rtrequest1_fib(rtm->rtm_type, &info, &saved_nrt,
|
2014-04-26 22:32:04 +00:00
|
|
|
fibnum);
|
2014-04-26 21:03:41 +00:00
|
|
|
if (error == 0 && saved_nrt != NULL) {
|
2012-12-05 19:45:24 +00:00
|
|
|
#ifdef INET6
|
|
|
|
rti_need_deembed = (V_deembed_scopeid) ? 1 : 0;
|
|
|
|
#endif
|
2003-10-04 03:44:50 +00:00
|
|
|
RT_LOCK(saved_nrt);
|
2006-03-15 19:39:09 +00:00
|
|
|
rtm->rtm_index = saved_nrt->rt_ifp->if_index;
|
2003-11-08 23:36:32 +00:00
|
|
|
RT_REMREF(saved_nrt);
|
2003-10-04 03:44:50 +00:00
|
|
|
RT_UNLOCK(saved_nrt);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case RTM_DELETE:
|
2004-04-18 00:56:44 +00:00
|
|
|
saved_nrt = NULL;
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
/* support for new ARP code */
|
|
|
|
if (info.rti_info[RTAX_GATEWAY] &&
|
2008-12-26 19:45:24 +00:00
|
|
|
(info.rti_info[RTAX_GATEWAY]->sa_family == AF_LINK) &&
|
|
|
|
(rtm->rtm_flags & RTF_LLDATA) != 0) {
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
error = lla_rt_output(rtm, &info);
|
2012-12-05 19:45:24 +00:00
|
|
|
#ifdef INET6
|
|
|
|
if (error == 0)
|
|
|
|
rti_need_deembed = (V_deembed_scopeid) ? 1 : 0;
|
|
|
|
#endif
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
break;
|
|
|
|
}
|
2014-04-26 22:32:04 +00:00
|
|
|
error = rtrequest1_fib(RTM_DELETE, &info, &saved_nrt, fibnum);
|
1995-05-10 16:48:52 +00:00
|
|
|
if (error == 0) {
|
2003-10-04 03:44:50 +00:00
|
|
|
RT_LOCK(saved_nrt);
|
2002-12-25 10:21:02 +00:00
|
|
|
rt = saved_nrt;
|
1995-05-10 16:48:52 +00:00
|
|
|
goto report;
|
|
|
|
}
|
2012-12-05 19:45:24 +00:00
|
|
|
#ifdef INET6
|
|
|
|
/* rt_msg2() will not be used when RTM_DELETE fails. */
|
|
|
|
rti_need_deembed = (V_deembed_scopeid) ? 1 : 0;
|
|
|
|
#endif
|
1994-05-24 10:09:53 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case RTM_GET:
|
2014-04-26 22:32:04 +00:00
|
|
|
rnh = rt_tables_get_rnh(fibnum, saf);
|
2004-04-18 00:56:44 +00:00
|
|
|
if (rnh == NULL)
|
1995-05-10 16:48:52 +00:00
|
|
|
senderr(EAFNOSUPPORT);
|
2014-01-04 22:25:26 +00:00
|
|
|
|
2008-12-07 21:15:43 +00:00
|
|
|
RADIX_NODE_HEAD_RLOCK(rnh);
|
2014-01-04 22:25:26 +00:00
|
|
|
|
|
|
|
if (info.rti_info[RTAX_NETMASK] == NULL &&
|
|
|
|
rtm->rtm_type == RTM_GET) {
|
|
|
|
/*
|
|
|
|
* Provide logest prefix match for
|
|
|
|
* address lookup (no mask).
|
|
|
|
* 'route -n get addr'
|
|
|
|
*/
|
|
|
|
rt = (struct rtentry *) rnh->rnh_matchaddr(
|
|
|
|
info.rti_info[RTAX_DST], rnh);
|
|
|
|
} else
|
|
|
|
rt = (struct rtentry *) rnh->rnh_lookup(
|
|
|
|
info.rti_info[RTAX_DST],
|
|
|
|
info.rti_info[RTAX_NETMASK], rnh);
|
|
|
|
|
|
|
|
if (rt == NULL) {
|
2008-12-07 21:15:43 +00:00
|
|
|
RADIX_NODE_HEAD_RUNLOCK(rnh);
|
1994-05-24 10:09:53 +00:00
|
|
|
senderr(ESRCH);
|
2005-08-11 08:26:31 +00:00
|
|
|
}
|
This patch provides the back end support for equal-cost multi-path
(ECMP) for both IPv4 and IPv6. Previously, multipath route insertion
is disallowed. For example,
route add -net 192.103.54.0/24 10.9.44.1
route add -net 192.103.54.0/24 10.9.44.2
The second route insertion will trigger an error message of
"add net 192.103.54.0/24: gateway 10.2.5.2: route already in table"
Multiple default routes can also be inserted. Here is the netstat
output:
default 10.2.5.1 UGS 0 3074 bge0 =>
default 10.2.5.2 UGS 0 0 bge0
When multipath routes exist, the "route delete" command requires
a specific gateway to be specified or else an error message would
be displayed. For example,
route delete default
would fail and trigger the following error message:
"route: writing to routing socket: No such process"
"delete net default: not in table"
On the other hand,
route delete default 10.2.5.2
would be successful: "delete net default: gateway 10.2.5.2"
One does not have to specify a gateway if there is only a single
route for a particular destination.
I need to perform more testings on address aliases and multiple
interfaces that have the same IP prefixes. This patch as it
stands today is not yet ready for prime time. Therefore, the ECMP
code fragments are fully guarded by the RADIX_MPATH macro.
Include the "options RADIX_MPATH" in the kernel configuration
to enable this feature.
Reviewed by: robert, sam, gnn, julian, kmacy
2008-04-13 05:45:14 +00:00
|
|
|
#ifdef RADIX_MPATH
|
|
|
|
/*
|
|
|
|
* for RTM_CHANGE/LOCK, if we got multipath routes,
|
|
|
|
* we require users to specify a matching RTAX_GATEWAY.
|
|
|
|
*
|
|
|
|
* for RTM_GET, gate is optional even with multipath.
|
|
|
|
* if gate == NULL the first match is returned.
|
|
|
|
* (no need to call rt_mpath_matchgate if gate == NULL)
|
|
|
|
*/
|
|
|
|
if (rn_mpath_capable(rnh) &&
|
|
|
|
(rtm->rtm_type != RTM_GET || info.rti_info[RTAX_GATEWAY])) {
|
|
|
|
rt = rt_mpath_matchgate(rt, info.rti_info[RTAX_GATEWAY]);
|
|
|
|
if (!rt) {
|
2008-12-07 21:15:43 +00:00
|
|
|
RADIX_NODE_HEAD_RUNLOCK(rnh);
|
This patch provides the back end support for equal-cost multi-path
(ECMP) for both IPv4 and IPv6. Previously, multipath route insertion
is disallowed. For example,
route add -net 192.103.54.0/24 10.9.44.1
route add -net 192.103.54.0/24 10.9.44.2
The second route insertion will trigger an error message of
"add net 192.103.54.0/24: gateway 10.2.5.2: route already in table"
Multiple default routes can also be inserted. Here is the netstat
output:
default 10.2.5.1 UGS 0 3074 bge0 =>
default 10.2.5.2 UGS 0 0 bge0
When multipath routes exist, the "route delete" command requires
a specific gateway to be specified or else an error message would
be displayed. For example,
route delete default
would fail and trigger the following error message:
"route: writing to routing socket: No such process"
"delete net default: not in table"
On the other hand,
route delete default 10.2.5.2
would be successful: "delete net default: gateway 10.2.5.2"
One does not have to specify a gateway if there is only a single
route for a particular destination.
I need to perform more testings on address aliases and multiple
interfaces that have the same IP prefixes. This patch as it
stands today is not yet ready for prime time. Therefore, the ECMP
code fragments are fully guarded by the RADIX_MPATH macro.
Include the "options RADIX_MPATH" in the kernel configuration
to enable this feature.
Reviewed by: robert, sam, gnn, julian, kmacy
2008-04-13 05:45:14 +00:00
|
|
|
senderr(ESRCH);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
2009-12-30 21:35:34 +00:00
|
|
|
/*
|
|
|
|
* If performing proxied L2 entry insertion, and
|
|
|
|
* the actual PPP host entry is found, perform
|
|
|
|
* another search to retrieve the prefix route of
|
|
|
|
* the local end point of the PPP link.
|
|
|
|
*/
|
2010-05-25 20:42:35 +00:00
|
|
|
if (rtm->rtm_flags & RTF_ANNOUNCE) {
|
2009-12-30 21:35:34 +00:00
|
|
|
struct sockaddr laddr;
|
2010-05-25 20:42:35 +00:00
|
|
|
|
|
|
|
if (rt->rt_ifp != NULL &&
|
|
|
|
rt->rt_ifp->if_type == IFT_PROPVIRTUAL) {
|
|
|
|
struct ifaddr *ifa;
|
|
|
|
|
2014-09-11 20:21:03 +00:00
|
|
|
ifa = ifa_ifwithnet(info.rti_info[RTAX_DST], 1,
|
|
|
|
RT_ALL_FIBS);
|
2010-05-25 20:42:35 +00:00
|
|
|
if (ifa != NULL)
|
|
|
|
rt_maskedcopy(ifa->ifa_addr,
|
|
|
|
&laddr,
|
|
|
|
ifa->ifa_netmask);
|
|
|
|
} else
|
|
|
|
rt_maskedcopy(rt->rt_ifa->ifa_addr,
|
|
|
|
&laddr,
|
|
|
|
rt->rt_ifa->ifa_netmask);
|
2009-12-30 21:35:34 +00:00
|
|
|
/*
|
|
|
|
* refactor rt and no lock operation necessary
|
|
|
|
*/
|
|
|
|
rt = (struct rtentry *)rnh->rnh_matchaddr(&laddr, rnh);
|
|
|
|
if (rt == NULL) {
|
|
|
|
RADIX_NODE_HEAD_RUNLOCK(rnh);
|
|
|
|
senderr(ESRCH);
|
|
|
|
}
|
|
|
|
}
|
2003-10-04 03:44:50 +00:00
|
|
|
RT_LOCK(rt);
|
2003-11-08 23:36:32 +00:00
|
|
|
RT_ADDREF(rt);
|
2008-12-07 21:15:43 +00:00
|
|
|
RADIX_NODE_HEAD_RUNLOCK(rnh);
|
2002-12-24 03:03:39 +00:00
|
|
|
|
2014-04-26 21:03:41 +00:00
|
|
|
report:
|
|
|
|
RT_LOCK_ASSERT(rt);
|
|
|
|
if ((rt->rt_flags & RTF_HOST) == 0
|
|
|
|
? jailed_without_vnet(curthread->td_ucred)
|
|
|
|
: prison_if(curthread->td_ucred,
|
|
|
|
rt_key(rt)) != 0) {
|
|
|
|
RT_UNLOCK(rt);
|
|
|
|
senderr(ESRCH);
|
|
|
|
}
|
|
|
|
info.rti_info[RTAX_DST] = rt_key(rt);
|
|
|
|
info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
|
Fix incorrect netmasks being passed via rtsock.
Since radix has been ignoring sa_family in passed sockaddrs,
no one ever has bothered filling valid sa_family in netmasks.
Additionally, radix adjusts sa_len field in every netmask not to
compare zero bytes at all.
This leads us to rt_mask with sa_family of AF_UNSPEC (-1) and
arbitrary sa_len field (0 for default route, for example).
However, rtsock have been passing that rt_mask intact for ages,
requiring all rtsock consumers to make ther own local hacks.
We even have unfixed on in base:
do `route -n monitor` in one window and issue `route -n get addr`
for some directly-connected address. You will probably see the following:
got message of size 304 on Thu May 8 15:06:06 2014
RTM_GET: Report Metrics: len 304, pid: 30493, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 (255) ffff ffff ff em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
after the change:
got message of size 312 on Thu May 8 15:44:07 2014
RTM_GET: Report Metrics: len 312, pid: 2895, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 255.255.255.0 em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
Sponsored by: Yandex LLC
MFC after: 1 month
2014-05-08 11:56:06 +00:00
|
|
|
info.rti_info[RTAX_NETMASK] = rtsock_fix_netmask(rt_key(rt),
|
|
|
|
rt_mask(rt), &ss);
|
2014-04-26 21:03:41 +00:00
|
|
|
info.rti_info[RTAX_GENMASK] = 0;
|
|
|
|
if (rtm->rtm_addrs & (RTA_IFP | RTA_IFA)) {
|
|
|
|
ifp = rt->rt_ifp;
|
|
|
|
if (ifp) {
|
|
|
|
info.rti_info[RTAX_IFP] =
|
|
|
|
ifp->if_addr->ifa_addr;
|
|
|
|
error = rtm_get_jailed(&info, ifp, rt,
|
|
|
|
&saun, curthread->td_ucred);
|
2008-12-10 09:21:52 +00:00
|
|
|
if (error != 0) {
|
2007-03-22 10:51:03 +00:00
|
|
|
RT_UNLOCK(rt);
|
|
|
|
senderr(error);
|
|
|
|
}
|
2014-04-26 21:03:41 +00:00
|
|
|
if (ifp->if_flags & IFF_POINTOPOINT)
|
|
|
|
info.rti_info[RTAX_BRD] =
|
|
|
|
rt->rt_ifa->ifa_dstaddr;
|
|
|
|
rtm->rtm_index = ifp->if_index;
|
|
|
|
} else {
|
|
|
|
info.rti_info[RTAX_IFP] = NULL;
|
|
|
|
info.rti_info[RTAX_IFA] = NULL;
|
2003-10-03 18:15:54 +00:00
|
|
|
}
|
2014-04-26 21:03:41 +00:00
|
|
|
} else if ((ifp = rt->rt_ifp) != NULL) {
|
|
|
|
rtm->rtm_index = ifp->if_index;
|
|
|
|
}
|
2014-04-27 17:41:18 +00:00
|
|
|
|
|
|
|
/* Check if we need to realloc storage */
|
|
|
|
rtsock_msg_buffer(rtm->rtm_type, &info, NULL, &len);
|
|
|
|
if (len > alloc_len) {
|
2014-04-26 21:03:41 +00:00
|
|
|
struct rt_msghdr *new_rtm;
|
2014-04-27 17:41:18 +00:00
|
|
|
new_rtm = malloc(len, M_TEMP, M_NOWAIT);
|
2014-04-26 21:03:41 +00:00
|
|
|
if (new_rtm == NULL) {
|
|
|
|
RT_UNLOCK(rt);
|
|
|
|
senderr(ENOBUFS);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
2014-04-26 21:03:41 +00:00
|
|
|
bcopy(rtm, new_rtm, rtm->rtm_msglen);
|
2014-04-27 17:41:18 +00:00
|
|
|
free(rtm, M_TEMP);
|
|
|
|
rtm = new_rtm;
|
|
|
|
alloc_len = len;
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
2014-04-27 17:41:18 +00:00
|
|
|
|
|
|
|
w.w_tmem = (caddr_t)rtm;
|
|
|
|
w.w_tmemsize = alloc_len;
|
|
|
|
rtsock_msg_buffer(rtm->rtm_type, &info, &w, &len);
|
|
|
|
|
2014-04-26 21:03:41 +00:00
|
|
|
if (rt->rt_flags & RTF_GWFLAG_COMPAT)
|
|
|
|
rtm->rtm_flags = RTF_GATEWAY |
|
|
|
|
(rt->rt_flags & ~RTF_GWFLAG_COMPAT);
|
|
|
|
else
|
|
|
|
rtm->rtm_flags = rt->rt_flags;
|
|
|
|
rt_getmetrics(rt, &rtm->rtm_rmx);
|
|
|
|
rtm->rtm_addrs = info.rti_addrs;
|
|
|
|
|
2003-10-04 03:44:50 +00:00
|
|
|
RT_UNLOCK(rt);
|
1994-05-24 10:09:53 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
senderr(EOPNOTSUPP);
|
|
|
|
}
|
|
|
|
|
|
|
|
flush:
|
2014-04-27 10:20:37 +00:00
|
|
|
if (rt != NULL)
|
2003-10-03 18:15:54 +00:00
|
|
|
RTFREE(rt);
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
|
|
|
* Check to see if we don't want our own messages.
|
|
|
|
*/
|
|
|
|
if ((so->so_options & SO_USELOOPBACK) == 0) {
|
2014-02-19 08:29:07 +00:00
|
|
|
if (V_route_cb.any_count <= 1) {
|
2014-04-29 19:48:11 +00:00
|
|
|
if (rtm != NULL)
|
2014-04-27 17:41:18 +00:00
|
|
|
free(rtm, M_TEMP);
|
1994-05-24 10:09:53 +00:00
|
|
|
m_freem(m);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
/* There is another listener, so construct message */
|
|
|
|
rp = sotorawcb(so);
|
2002-05-31 11:52:35 +00:00
|
|
|
}
|
2014-04-27 10:20:37 +00:00
|
|
|
|
2014-04-27 09:49:35 +00:00
|
|
|
if (rtm != NULL) {
|
2012-12-05 19:45:24 +00:00
|
|
|
#ifdef INET6
|
|
|
|
if (rti_need_deembed) {
|
|
|
|
/* sin6_scope_id is recovered before sending rtm. */
|
2013-07-28 20:02:41 +00:00
|
|
|
sin6 = (struct sockaddr_in6 *)&ss;
|
2012-12-05 19:45:24 +00:00
|
|
|
for (i = 0; i < RTAX_MAX; i++) {
|
|
|
|
if (info.rti_info[i] == NULL)
|
|
|
|
continue;
|
|
|
|
if (info.rti_info[i]->sa_family != AF_INET6)
|
|
|
|
continue;
|
|
|
|
bcopy(info.rti_info[i], sin6, sizeof(*sin6));
|
|
|
|
if (sa6_recoverscope(sin6) == 0)
|
|
|
|
bcopy(sin6, info.rti_info[i],
|
|
|
|
sizeof(*sin6));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
2014-04-27 10:20:37 +00:00
|
|
|
if (error != 0)
|
|
|
|
rtm->rtm_errno = error;
|
|
|
|
else
|
|
|
|
rtm->rtm_flags |= RTF_DONE;
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
m_copyback(m, 0, rtm->rtm_msglen, (caddr_t)rtm);
|
2001-07-04 11:29:55 +00:00
|
|
|
if (m->m_pkthdr.len < rtm->rtm_msglen) {
|
|
|
|
m_freem(m);
|
|
|
|
m = NULL;
|
|
|
|
} else if (m->m_pkthdr.len > rtm->rtm_msglen)
|
|
|
|
m_adj(m, rtm->rtm_msglen - m->m_pkthdr.len);
|
2014-04-27 17:41:18 +00:00
|
|
|
|
2014-04-29 19:48:11 +00:00
|
|
|
free(rtm, M_TEMP);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
2014-04-27 10:20:37 +00:00
|
|
|
if (m != NULL) {
|
2014-04-26 22:32:04 +00:00
|
|
|
M_SETFIB(m, fibnum);
|
2011-09-28 13:48:36 +00:00
|
|
|
m->m_flags |= RTS_FILTER_FIB;
|
2003-10-03 18:15:54 +00:00
|
|
|
if (rp) {
|
|
|
|
/*
|
|
|
|
* XXX insure we don't get a copy by
|
|
|
|
* invalidating our protocol
|
|
|
|
*/
|
|
|
|
unsigned short family = rp->rcb_proto.sp_family;
|
|
|
|
rp->rcb_proto.sp_family = 0;
|
2011-11-03 18:33:30 +00:00
|
|
|
rt_dispatch(m, saf);
|
2003-10-03 18:15:54 +00:00
|
|
|
rp->rcb_proto.sp_family = family;
|
|
|
|
} else
|
2011-11-03 18:33:30 +00:00
|
|
|
rt_dispatch(m, saf);
|
2003-10-03 18:15:54 +00:00
|
|
|
}
|
2014-04-27 10:20:37 +00:00
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2003-11-20 20:07:39 +00:00
|
|
|
static void
|
2014-03-05 01:17:47 +00:00
|
|
|
rt_getmetrics(const struct rtentry *rt, struct rt_metrics *out)
|
2003-11-20 20:07:39 +00:00
|
|
|
{
|
2014-03-05 01:17:47 +00:00
|
|
|
|
2003-11-20 20:07:39 +00:00
|
|
|
bzero(out, sizeof(*out));
|
2014-03-05 01:17:47 +00:00
|
|
|
out->rmx_mtu = rt->rt_mtu;
|
|
|
|
out->rmx_weight = rt->rt_weight;
|
|
|
|
out->rmx_pksent = counter_u64_fetch(rt->rt_pksent);
|
2006-07-06 00:24:36 +00:00
|
|
|
/* Kernel -> userland timebase conversion. */
|
2014-03-05 01:17:47 +00:00
|
|
|
out->rmx_expire = rt->rt_expire ?
|
|
|
|
rt->rt_expire - time_uptime + time_second : 0;
|
2003-11-20 20:07:39 +00:00
|
|
|
}
|
|
|
|
|
1997-07-15 23:25:32 +00:00
|
|
|
/*
|
|
|
|
* Extract the addresses of the passed sockaddrs.
|
|
|
|
* Do a little sanity checking so as to avoid bad memory references.
|
1997-07-18 11:44:24 +00:00
|
|
|
* This data is derived straight from userland.
|
1997-07-15 23:25:32 +00:00
|
|
|
*/
|
1997-07-18 11:44:24 +00:00
|
|
|
static int
|
2003-10-03 18:15:54 +00:00
|
|
|
rt_xaddrs(caddr_t cp, caddr_t cplim, struct rt_addrinfo *rtinfo)
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
2004-04-13 11:22:22 +00:00
|
|
|
struct sockaddr *sa;
|
|
|
|
int i;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2003-10-03 18:15:54 +00:00
|
|
|
for (i = 0; i < RTAX_MAX && cp < cplim; i++) {
|
1994-05-24 10:09:53 +00:00
|
|
|
if ((rtinfo->rti_addrs & (1 << i)) == 0)
|
|
|
|
continue;
|
1997-07-16 14:55:14 +00:00
|
|
|
sa = (struct sockaddr *)cp;
|
1997-07-15 23:25:32 +00:00
|
|
|
/*
|
1997-07-18 11:44:24 +00:00
|
|
|
* It won't fit.
|
1997-07-15 23:25:32 +00:00
|
|
|
*/
|
2003-10-03 18:15:54 +00:00
|
|
|
if (cp + sa->sa_len > cplim)
|
1997-07-18 11:44:24 +00:00
|
|
|
return (EINVAL);
|
1997-07-15 23:25:32 +00:00
|
|
|
/*
|
|
|
|
* there are no more.. quit now
|
|
|
|
* If there are more bits, they are in error.
|
|
|
|
* I've seen this. route(1) can evidently generate these.
|
|
|
|
* This causes kernel to core dump.
|
1997-07-18 11:44:24 +00:00
|
|
|
* for compatibility, If we see this, point to a safe address.
|
1997-07-15 23:25:32 +00:00
|
|
|
*/
|
1997-07-18 11:44:24 +00:00
|
|
|
if (sa->sa_len == 0) {
|
|
|
|
rtinfo->rti_info[i] = &sa_zero;
|
|
|
|
return (0); /* should be EINVAL but for compat */
|
|
|
|
}
|
|
|
|
/* accept it */
|
2012-12-05 19:45:24 +00:00
|
|
|
#ifdef INET6
|
|
|
|
if (sa->sa_family == AF_INET6)
|
|
|
|
sa6_embedscope((struct sockaddr_in6 *)sa,
|
|
|
|
V_ip6_use_defzone);
|
|
|
|
#endif
|
1997-07-18 11:44:24 +00:00
|
|
|
rtinfo->rti_info[i] = sa;
|
2004-04-13 11:22:22 +00:00
|
|
|
cp += SA_SIZE(sa);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
1997-07-18 11:44:24 +00:00
|
|
|
return (0);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
|
Fix incorrect netmasks being passed via rtsock.
Since radix has been ignoring sa_family in passed sockaddrs,
no one ever has bothered filling valid sa_family in netmasks.
Additionally, radix adjusts sa_len field in every netmask not to
compare zero bytes at all.
This leads us to rt_mask with sa_family of AF_UNSPEC (-1) and
arbitrary sa_len field (0 for default route, for example).
However, rtsock have been passing that rt_mask intact for ages,
requiring all rtsock consumers to make ther own local hacks.
We even have unfixed on in base:
do `route -n monitor` in one window and issue `route -n get addr`
for some directly-connected address. You will probably see the following:
got message of size 304 on Thu May 8 15:06:06 2014
RTM_GET: Report Metrics: len 304, pid: 30493, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 (255) ffff ffff ff em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
after the change:
got message of size 312 on Thu May 8 15:44:07 2014
RTM_GET: Report Metrics: len 312, pid: 2895, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 255.255.255.0 em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
Sponsored by: Yandex LLC
MFC after: 1 month
2014-05-08 11:56:06 +00:00
|
|
|
/*
|
|
|
|
* Fill in @dmask with valid netmask leaving original @smask
|
|
|
|
* intact. Mostly used with radix netmasks.
|
|
|
|
*/
|
|
|
|
static struct sockaddr *
|
|
|
|
rtsock_fix_netmask(struct sockaddr *dst, struct sockaddr *smask,
|
|
|
|
struct sockaddr_storage *dmask)
|
|
|
|
{
|
|
|
|
if (dst == NULL || smask == NULL)
|
|
|
|
return (NULL);
|
|
|
|
|
|
|
|
memset(dmask, 0, dst->sa_len);
|
|
|
|
memcpy(dmask, smask, smask->sa_len);
|
|
|
|
dmask->ss_len = dst->sa_len;
|
|
|
|
dmask->ss_family = dst->sa_family;
|
|
|
|
|
|
|
|
return ((struct sockaddr *)dmask);
|
|
|
|
}
|
|
|
|
|
2012-02-11 06:02:16 +00:00
|
|
|
/*
|
2014-05-08 13:54:57 +00:00
|
|
|
* Writes information related to @rtinfo object to newly-allocated mbuf.
|
|
|
|
* Assumes MCLBYTES is enough to construct any message.
|
|
|
|
* Used for OS notifications of vaious events (if/ifa announces,etc)
|
|
|
|
*
|
|
|
|
* Returns allocated mbuf or NULL on failure.
|
2012-02-11 06:02:16 +00:00
|
|
|
*/
|
1994-05-24 10:09:53 +00:00
|
|
|
static struct mbuf *
|
2014-05-08 13:54:57 +00:00
|
|
|
rtsock_msg_mbuf(int type, struct rt_addrinfo *rtinfo)
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
2004-04-18 00:56:44 +00:00
|
|
|
struct rt_msghdr *rtm;
|
|
|
|
struct mbuf *m;
|
|
|
|
int i;
|
|
|
|
struct sockaddr *sa;
|
2012-11-17 20:19:00 +00:00
|
|
|
#ifdef INET6
|
|
|
|
struct sockaddr_storage ss;
|
|
|
|
struct sockaddr_in6 *sin6;
|
|
|
|
#endif
|
1994-05-24 10:09:53 +00:00
|
|
|
int len, dlen;
|
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
|
|
|
|
case RTM_DELADDR:
|
|
|
|
case RTM_NEWADDR:
|
|
|
|
len = sizeof(struct ifa_msghdr);
|
|
|
|
break;
|
|
|
|
|
1997-01-13 21:26:53 +00:00
|
|
|
case RTM_DELMADDR:
|
|
|
|
case RTM_NEWMADDR:
|
|
|
|
len = sizeof(struct ifma_msghdr);
|
|
|
|
break;
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
case RTM_IFINFO:
|
|
|
|
len = sizeof(struct if_msghdr);
|
|
|
|
break;
|
|
|
|
|
2002-01-18 14:33:04 +00:00
|
|
|
case RTM_IFANNOUNCE:
|
2004-10-05 19:48:33 +00:00
|
|
|
case RTM_IEEE80211:
|
2002-01-18 14:33:04 +00:00
|
|
|
len = sizeof(struct if_announcemsghdr);
|
|
|
|
break;
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
default:
|
|
|
|
len = sizeof(struct rt_msghdr);
|
|
|
|
}
|
2013-03-15 12:52:59 +00:00
|
|
|
|
|
|
|
/* XXXGL: can we use MJUMPAGESIZE cluster here? */
|
|
|
|
KASSERT(len <= MCLBYTES, ("%s: message too big", __func__));
|
|
|
|
if (len > MHLEN)
|
|
|
|
m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
|
|
|
|
else
|
|
|
|
m = m_gethdr(M_NOWAIT, MT_DATA);
|
2004-04-18 00:56:44 +00:00
|
|
|
if (m == NULL)
|
2001-06-11 12:39:29 +00:00
|
|
|
return (m);
|
2013-03-15 12:52:59 +00:00
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
m->m_pkthdr.len = m->m_len = len;
|
|
|
|
rtm = mtod(m, struct rt_msghdr *);
|
|
|
|
bzero((caddr_t)rtm, len);
|
|
|
|
for (i = 0; i < RTAX_MAX; i++) {
|
|
|
|
if ((sa = rtinfo->rti_info[i]) == NULL)
|
|
|
|
continue;
|
|
|
|
rtinfo->rti_addrs |= (1 << i);
|
2004-04-13 11:22:22 +00:00
|
|
|
dlen = SA_SIZE(sa);
|
2012-11-17 20:19:00 +00:00
|
|
|
#ifdef INET6
|
2012-12-04 17:12:23 +00:00
|
|
|
if (V_deembed_scopeid && sa->sa_family == AF_INET6) {
|
2012-11-17 20:19:00 +00:00
|
|
|
sin6 = (struct sockaddr_in6 *)&ss;
|
|
|
|
bcopy(sa, sin6, sizeof(*sin6));
|
|
|
|
if (sa6_recoverscope(sin6) == 0)
|
|
|
|
sa = (struct sockaddr *)sin6;
|
|
|
|
}
|
|
|
|
#endif
|
1994-05-24 10:09:53 +00:00
|
|
|
m_copyback(m, len, dlen, (caddr_t)sa);
|
|
|
|
len += dlen;
|
|
|
|
}
|
|
|
|
if (m->m_pkthdr.len != len) {
|
|
|
|
m_freem(m);
|
|
|
|
return (NULL);
|
|
|
|
}
|
|
|
|
rtm->rtm_msglen = len;
|
|
|
|
rtm->rtm_version = RTM_VERSION;
|
|
|
|
rtm->rtm_type = type;
|
|
|
|
return (m);
|
|
|
|
}
|
|
|
|
|
2012-02-11 06:02:16 +00:00
|
|
|
/*
|
2014-04-27 17:41:18 +00:00
|
|
|
* Writes information related to @rtinfo object to preallocated buffer.
|
|
|
|
* Stores needed size in @plen. If @w is NULL, calculates size without
|
|
|
|
* writing.
|
|
|
|
* Used for sysctl dumps and rtsock answers (RTM_DEL/RTM_GET) generation.
|
|
|
|
*
|
|
|
|
* Returns 0 on success.
|
|
|
|
*
|
2012-02-11 06:02:16 +00:00
|
|
|
*/
|
1994-05-24 10:09:53 +00:00
|
|
|
static int
|
2014-04-27 17:41:18 +00:00
|
|
|
rtsock_msg_buffer(int type, struct rt_addrinfo *rtinfo, struct walkarg *w, int *plen)
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
2004-04-18 00:56:44 +00:00
|
|
|
int i;
|
2014-04-27 17:41:18 +00:00
|
|
|
int len, buflen = 0, dlen;
|
2014-04-27 21:17:54 +00:00
|
|
|
caddr_t cp = NULL;
|
2014-04-27 17:41:18 +00:00
|
|
|
struct rt_msghdr *rtm = NULL;
|
2012-11-17 20:19:00 +00:00
|
|
|
#ifdef INET6
|
|
|
|
struct sockaddr_storage ss;
|
|
|
|
struct sockaddr_in6 *sin6;
|
|
|
|
#endif
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
|
|
|
|
case RTM_DELADDR:
|
|
|
|
case RTM_NEWADDR:
|
2012-02-11 06:02:16 +00:00
|
|
|
if (w != NULL && w->w_op == NET_RT_IFLISTL) {
|
|
|
|
#ifdef COMPAT_FREEBSD32
|
|
|
|
if (w->w_req->flags & SCTL_MASK32)
|
|
|
|
len = sizeof(struct ifa_msghdrl32);
|
|
|
|
else
|
|
|
|
#endif
|
|
|
|
len = sizeof(struct ifa_msghdrl);
|
|
|
|
} else
|
|
|
|
len = sizeof(struct ifa_msghdr);
|
1994-05-24 10:09:53 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case RTM_IFINFO:
|
2010-04-25 16:42:47 +00:00
|
|
|
#ifdef COMPAT_FREEBSD32
|
|
|
|
if (w != NULL && w->w_req->flags & SCTL_MASK32) {
|
2012-02-11 06:02:16 +00:00
|
|
|
if (w->w_op == NET_RT_IFLISTL)
|
|
|
|
len = sizeof(struct if_msghdrl32);
|
|
|
|
else
|
|
|
|
len = sizeof(struct if_msghdr32);
|
2010-04-25 16:42:47 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
#endif
|
2012-02-11 06:02:16 +00:00
|
|
|
if (w != NULL && w->w_op == NET_RT_IFLISTL)
|
|
|
|
len = sizeof(struct if_msghdrl);
|
|
|
|
else
|
|
|
|
len = sizeof(struct if_msghdr);
|
1994-05-24 10:09:53 +00:00
|
|
|
break;
|
|
|
|
|
2003-11-14 18:48:15 +00:00
|
|
|
case RTM_NEWMADDR:
|
|
|
|
len = sizeof(struct ifma_msghdr);
|
|
|
|
break;
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
default:
|
|
|
|
len = sizeof(struct rt_msghdr);
|
|
|
|
}
|
2014-04-27 17:41:18 +00:00
|
|
|
|
|
|
|
if (w != NULL) {
|
|
|
|
rtm = (struct rt_msghdr *)w->w_tmem;
|
|
|
|
buflen = w->w_tmemsize - len;
|
|
|
|
cp = (caddr_t)w->w_tmem + len;
|
|
|
|
}
|
|
|
|
|
|
|
|
rtinfo->rti_addrs = 0;
|
1994-05-24 10:09:53 +00:00
|
|
|
for (i = 0; i < RTAX_MAX; i++) {
|
2004-04-18 00:56:44 +00:00
|
|
|
struct sockaddr *sa;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2004-04-18 00:56:44 +00:00
|
|
|
if ((sa = rtinfo->rti_info[i]) == NULL)
|
1994-05-24 10:09:53 +00:00
|
|
|
continue;
|
|
|
|
rtinfo->rti_addrs |= (1 << i);
|
2004-04-13 11:22:22 +00:00
|
|
|
dlen = SA_SIZE(sa);
|
2014-04-27 17:41:18 +00:00
|
|
|
if (cp != NULL && buflen >= dlen) {
|
2012-11-17 20:19:00 +00:00
|
|
|
#ifdef INET6
|
2012-12-05 19:45:24 +00:00
|
|
|
if (V_deembed_scopeid && sa->sa_family == AF_INET6) {
|
|
|
|
sin6 = (struct sockaddr_in6 *)&ss;
|
|
|
|
bcopy(sa, sin6, sizeof(*sin6));
|
|
|
|
if (sa6_recoverscope(sin6) == 0)
|
|
|
|
sa = (struct sockaddr *)sin6;
|
|
|
|
}
|
2012-11-17 20:19:00 +00:00
|
|
|
#endif
|
1994-05-24 10:09:53 +00:00
|
|
|
bcopy((caddr_t)sa, cp, (unsigned)dlen);
|
|
|
|
cp += dlen;
|
2014-04-27 17:41:18 +00:00
|
|
|
buflen -= dlen;
|
|
|
|
} else if (cp != NULL) {
|
|
|
|
/*
|
|
|
|
* Buffer too small. Count needed size
|
|
|
|
* and return with error.
|
|
|
|
*/
|
|
|
|
cp = NULL;
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
2014-04-27 17:41:18 +00:00
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
len += dlen;
|
|
|
|
}
|
2014-04-27 17:41:18 +00:00
|
|
|
|
|
|
|
if (cp != NULL) {
|
|
|
|
dlen = ALIGN(len) - len;
|
|
|
|
if (buflen < dlen)
|
|
|
|
cp = NULL;
|
|
|
|
else
|
|
|
|
buflen -= dlen;
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
2014-04-27 17:41:18 +00:00
|
|
|
len = ALIGN(len);
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2014-04-27 17:41:18 +00:00
|
|
|
if (cp != NULL) {
|
|
|
|
/* fill header iff buffer is large enough */
|
1994-05-24 10:09:53 +00:00
|
|
|
rtm->rtm_version = RTM_VERSION;
|
|
|
|
rtm->rtm_type = type;
|
|
|
|
rtm->rtm_msglen = len;
|
|
|
|
}
|
2014-04-27 17:41:18 +00:00
|
|
|
|
|
|
|
*plen = len;
|
|
|
|
|
|
|
|
if (w != NULL && cp == NULL)
|
|
|
|
return (ENOBUFS);
|
|
|
|
|
|
|
|
return (0);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This routine is called to generate a message from the routing
|
|
|
|
* socket indicating that a redirect has occured, a routing lookup
|
|
|
|
* has failed, or that a protocol has detected timeouts to a particular
|
|
|
|
* destination.
|
|
|
|
*/
|
|
|
|
void
|
2011-09-28 13:48:36 +00:00
|
|
|
rt_missmsg_fib(int type, struct rt_addrinfo *rtinfo, int flags, int error,
|
|
|
|
int fibnum)
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
2003-10-03 18:15:54 +00:00
|
|
|
struct rt_msghdr *rtm;
|
|
|
|
struct mbuf *m;
|
1994-05-24 10:09:53 +00:00
|
|
|
struct sockaddr *sa = rtinfo->rti_info[RTAX_DST];
|
|
|
|
|
2014-02-19 08:29:07 +00:00
|
|
|
if (V_route_cb.any_count == 0)
|
1994-05-24 10:09:53 +00:00
|
|
|
return;
|
2014-05-08 13:54:57 +00:00
|
|
|
m = rtsock_msg_mbuf(type, rtinfo);
|
2004-04-18 00:56:44 +00:00
|
|
|
if (m == NULL)
|
1994-05-24 10:09:53 +00:00
|
|
|
return;
|
2011-09-28 13:48:36 +00:00
|
|
|
|
2014-01-08 23:09:02 +00:00
|
|
|
if (fibnum != RT_ALL_FIBS) {
|
2011-09-28 13:48:36 +00:00
|
|
|
KASSERT(fibnum >= 0 && fibnum < rt_numfibs, ("%s: fibnum out "
|
|
|
|
"of range 0 <= %d < %d", __func__, fibnum, rt_numfibs));
|
|
|
|
M_SETFIB(m, fibnum);
|
|
|
|
m->m_flags |= RTS_FILTER_FIB;
|
|
|
|
}
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
rtm = mtod(m, struct rt_msghdr *);
|
|
|
|
rtm->rtm_flags = RTF_DONE | flags;
|
|
|
|
rtm->rtm_errno = error;
|
|
|
|
rtm->rtm_addrs = rtinfo->rti_addrs;
|
2011-11-03 18:33:30 +00:00
|
|
|
rt_dispatch(m, sa ? sa->sa_family : AF_UNSPEC);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
|
2011-09-28 13:48:36 +00:00
|
|
|
void
|
|
|
|
rt_missmsg(int type, struct rt_addrinfo *rtinfo, int flags, int error)
|
|
|
|
{
|
|
|
|
|
2014-01-08 23:09:02 +00:00
|
|
|
rt_missmsg_fib(type, rtinfo, flags, error, RT_ALL_FIBS);
|
2011-09-28 13:48:36 +00:00
|
|
|
}
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
|
|
|
* This routine is called to generate a message from the routing
|
|
|
|
* socket indicating that the status of a network interface has changed.
|
|
|
|
*/
|
|
|
|
void
|
2003-10-03 18:15:54 +00:00
|
|
|
rt_ifmsg(struct ifnet *ifp)
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
2003-10-03 18:15:54 +00:00
|
|
|
struct if_msghdr *ifm;
|
1994-05-24 10:09:53 +00:00
|
|
|
struct mbuf *m;
|
|
|
|
struct rt_addrinfo info;
|
|
|
|
|
2014-02-19 08:29:07 +00:00
|
|
|
if (V_route_cb.any_count == 0)
|
1994-05-24 10:09:53 +00:00
|
|
|
return;
|
|
|
|
bzero((caddr_t)&info, sizeof(info));
|
2014-05-08 13:54:57 +00:00
|
|
|
m = rtsock_msg_mbuf(RTM_IFINFO, &info);
|
2004-04-18 00:56:44 +00:00
|
|
|
if (m == NULL)
|
1994-05-24 10:09:53 +00:00
|
|
|
return;
|
|
|
|
ifm = mtod(m, struct if_msghdr *);
|
|
|
|
ifm->ifm_index = ifp->if_index;
|
Rename IFF_RUNNING to IFF_DRV_RUNNING, IFF_OACTIVE to IFF_DRV_OACTIVE,
and move both flags from ifnet.if_flags to ifnet.if_drv_flags, making
and documenting the locking of these flags the responsibility of the
device driver, not the network stack. The flags for these two fields
will be mutually exclusive so that they can be exposed to user space as
though they were stored in the same variable.
Provide #defines to provide the old names #ifndef _KERNEL, so that user
applications (such as ifconfig) can use the old flag names. Using the
old names in a device driver will result in a compile error in order to
help device driver writers adopt the new model.
When exposing the interface flags to user space, via interface ioctls
or routing sockets, or the two fields together. Since the driver flags
cannot currently be set for user space, no new logic is currently
required to handle this case.
Add some assertions that general purpose network stack routines, such
as if_setflags(), are not improperly used on driver-owned flags.
With this change, a large number of very minor network stack races are
closed, subject to correct device driver locking. Most were likely
never triggered.
Driver sweep to follow; many thanks to pjd and bz for the line-by-line
review they gave this patch.
Reviewed by: pjd, bz
MFC after: 7 days
2005-08-09 10:16:17 +00:00
|
|
|
ifm->ifm_flags = ifp->if_flags | ifp->if_drv_flags;
|
2014-08-31 06:46:21 +00:00
|
|
|
if_data_copy(ifp, &ifm->ifm_data);
|
1994-05-24 10:09:53 +00:00
|
|
|
ifm->ifm_addrs = 0;
|
2011-11-03 18:33:30 +00:00
|
|
|
rt_dispatch(m, AF_UNSPEC);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2014-01-09 18:13:25 +00:00
|
|
|
* Announce interface address arrival/withdraw.
|
|
|
|
* Please do not call directly, use rt_addrmsg().
|
|
|
|
* Assume input data to be valid.
|
|
|
|
* Returns 0 on success.
|
1994-05-24 10:09:53 +00:00
|
|
|
*/
|
2014-01-09 18:13:25 +00:00
|
|
|
int
|
|
|
|
rtsock_addrmsg(int cmd, struct ifaddr *ifa, int fibnum)
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
|
|
|
struct rt_addrinfo info;
|
2014-01-09 18:13:25 +00:00
|
|
|
struct sockaddr *sa;
|
|
|
|
int ncmd;
|
|
|
|
struct mbuf *m;
|
|
|
|
struct ifa_msghdr *ifam;
|
1994-05-24 10:09:53 +00:00
|
|
|
struct ifnet *ifp = ifa->ifa_ifp;
|
Fix incorrect netmasks being passed via rtsock.
Since radix has been ignoring sa_family in passed sockaddrs,
no one ever has bothered filling valid sa_family in netmasks.
Additionally, radix adjusts sa_len field in every netmask not to
compare zero bytes at all.
This leads us to rt_mask with sa_family of AF_UNSPEC (-1) and
arbitrary sa_len field (0 for default route, for example).
However, rtsock have been passing that rt_mask intact for ages,
requiring all rtsock consumers to make ther own local hacks.
We even have unfixed on in base:
do `route -n monitor` in one window and issue `route -n get addr`
for some directly-connected address. You will probably see the following:
got message of size 304 on Thu May 8 15:06:06 2014
RTM_GET: Report Metrics: len 304, pid: 30493, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 (255) ffff ffff ff em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
after the change:
got message of size 312 on Thu May 8 15:44:07 2014
RTM_GET: Report Metrics: len 312, pid: 2895, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 255.255.255.0 em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
Sponsored by: Yandex LLC
MFC after: 1 month
2014-05-08 11:56:06 +00:00
|
|
|
struct sockaddr_storage ss;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2014-02-19 08:29:07 +00:00
|
|
|
if (V_route_cb.any_count == 0)
|
2014-01-09 18:13:25 +00:00
|
|
|
return (0);
|
1995-05-30 08:16:23 +00:00
|
|
|
|
2014-01-09 18:13:25 +00:00
|
|
|
ncmd = cmd == RTM_ADD ? RTM_NEWADDR : RTM_DELADDR;
|
|
|
|
|
|
|
|
bzero((caddr_t)&info, sizeof(info));
|
|
|
|
info.rti_info[RTAX_IFA] = sa = ifa->ifa_addr;
|
|
|
|
info.rti_info[RTAX_IFP] = ifp->if_addr->ifa_addr;
|
Fix incorrect netmasks being passed via rtsock.
Since radix has been ignoring sa_family in passed sockaddrs,
no one ever has bothered filling valid sa_family in netmasks.
Additionally, radix adjusts sa_len field in every netmask not to
compare zero bytes at all.
This leads us to rt_mask with sa_family of AF_UNSPEC (-1) and
arbitrary sa_len field (0 for default route, for example).
However, rtsock have been passing that rt_mask intact for ages,
requiring all rtsock consumers to make ther own local hacks.
We even have unfixed on in base:
do `route -n monitor` in one window and issue `route -n get addr`
for some directly-connected address. You will probably see the following:
got message of size 304 on Thu May 8 15:06:06 2014
RTM_GET: Report Metrics: len 304, pid: 30493, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 (255) ffff ffff ff em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
after the change:
got message of size 312 on Thu May 8 15:44:07 2014
RTM_GET: Report Metrics: len 312, pid: 2895, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 255.255.255.0 em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
Sponsored by: Yandex LLC
MFC after: 1 month
2014-05-08 11:56:06 +00:00
|
|
|
info.rti_info[RTAX_NETMASK] = rtsock_fix_netmask(
|
|
|
|
info.rti_info[RTAX_IFP], ifa->ifa_netmask, &ss);
|
2014-01-09 18:13:25 +00:00
|
|
|
info.rti_info[RTAX_BRD] = ifa->ifa_dstaddr;
|
2014-05-08 13:54:57 +00:00
|
|
|
if ((m = rtsock_msg_mbuf(ncmd, &info)) == NULL)
|
2014-01-09 18:13:25 +00:00
|
|
|
return (ENOBUFS);
|
|
|
|
ifam = mtod(m, struct ifa_msghdr *);
|
|
|
|
ifam->ifam_index = ifp->if_index;
|
2014-07-29 15:01:29 +00:00
|
|
|
ifam->ifam_metric = ifa->ifa_ifp->if_metric;
|
2014-01-09 18:13:25 +00:00
|
|
|
ifam->ifam_flags = ifa->ifa_flags;
|
|
|
|
ifam->ifam_addrs = info.rti_addrs;
|
|
|
|
|
|
|
|
if (fibnum != RT_ALL_FIBS) {
|
|
|
|
M_SETFIB(m, fibnum);
|
|
|
|
m->m_flags |= RTS_FILTER_FIB;
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
2014-01-09 18:13:25 +00:00
|
|
|
|
|
|
|
rt_dispatch(m, sa ? sa->sa_family : AF_UNSPEC);
|
|
|
|
|
|
|
|
return (0);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
|
2014-01-09 18:13:25 +00:00
|
|
|
/*
|
|
|
|
* Announce route addition/removal.
|
|
|
|
* Please do not call directly, use rt_routemsg().
|
|
|
|
* Note that @rt data MAY be inconsistent/invalid:
|
|
|
|
* if some userland app sends us "invalid" route message (invalid mask,
|
|
|
|
* no dst, wrong address families, etc...) we need to pass it back
|
|
|
|
* to app (and any other rtsock consumers) with rtm_errno field set to
|
|
|
|
* non-zero value.
|
|
|
|
*
|
|
|
|
* Returns 0 on success.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
rtsock_routemsg(int cmd, struct ifnet *ifp, int error, struct rtentry *rt,
|
|
|
|
int fibnum)
|
2011-09-28 13:48:36 +00:00
|
|
|
{
|
2014-01-09 18:13:25 +00:00
|
|
|
struct rt_addrinfo info;
|
|
|
|
struct sockaddr *sa;
|
|
|
|
struct mbuf *m;
|
|
|
|
struct rt_msghdr *rtm;
|
Fix incorrect netmasks being passed via rtsock.
Since radix has been ignoring sa_family in passed sockaddrs,
no one ever has bothered filling valid sa_family in netmasks.
Additionally, radix adjusts sa_len field in every netmask not to
compare zero bytes at all.
This leads us to rt_mask with sa_family of AF_UNSPEC (-1) and
arbitrary sa_len field (0 for default route, for example).
However, rtsock have been passing that rt_mask intact for ages,
requiring all rtsock consumers to make ther own local hacks.
We even have unfixed on in base:
do `route -n monitor` in one window and issue `route -n get addr`
for some directly-connected address. You will probably see the following:
got message of size 304 on Thu May 8 15:06:06 2014
RTM_GET: Report Metrics: len 304, pid: 30493, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 (255) ffff ffff ff em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
after the change:
got message of size 312 on Thu May 8 15:44:07 2014
RTM_GET: Report Metrics: len 312, pid: 2895, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 255.255.255.0 em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
Sponsored by: Yandex LLC
MFC after: 1 month
2014-05-08 11:56:06 +00:00
|
|
|
struct sockaddr_storage ss;
|
2014-01-09 18:13:25 +00:00
|
|
|
|
2014-02-19 08:29:07 +00:00
|
|
|
if (V_route_cb.any_count == 0)
|
2014-01-09 18:13:25 +00:00
|
|
|
return (0);
|
2011-09-28 13:48:36 +00:00
|
|
|
|
2014-01-09 18:13:25 +00:00
|
|
|
bzero((caddr_t)&info, sizeof(info));
|
|
|
|
info.rti_info[RTAX_DST] = sa = rt_key(rt);
|
Fix incorrect netmasks being passed via rtsock.
Since radix has been ignoring sa_family in passed sockaddrs,
no one ever has bothered filling valid sa_family in netmasks.
Additionally, radix adjusts sa_len field in every netmask not to
compare zero bytes at all.
This leads us to rt_mask with sa_family of AF_UNSPEC (-1) and
arbitrary sa_len field (0 for default route, for example).
However, rtsock have been passing that rt_mask intact for ages,
requiring all rtsock consumers to make ther own local hacks.
We even have unfixed on in base:
do `route -n monitor` in one window and issue `route -n get addr`
for some directly-connected address. You will probably see the following:
got message of size 304 on Thu May 8 15:06:06 2014
RTM_GET: Report Metrics: len 304, pid: 30493, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 (255) ffff ffff ff em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
after the change:
got message of size 312 on Thu May 8 15:44:07 2014
RTM_GET: Report Metrics: len 312, pid: 2895, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 255.255.255.0 em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
Sponsored by: Yandex LLC
MFC after: 1 month
2014-05-08 11:56:06 +00:00
|
|
|
info.rti_info[RTAX_NETMASK] = rtsock_fix_netmask(sa, rt_mask(rt), &ss);
|
2014-01-09 18:13:25 +00:00
|
|
|
info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
|
2014-05-08 13:54:57 +00:00
|
|
|
if ((m = rtsock_msg_mbuf(cmd, &info)) == NULL)
|
2014-01-09 18:13:25 +00:00
|
|
|
return (ENOBUFS);
|
|
|
|
rtm = mtod(m, struct rt_msghdr *);
|
|
|
|
rtm->rtm_index = ifp->if_index;
|
|
|
|
rtm->rtm_flags |= rt->rt_flags;
|
|
|
|
rtm->rtm_errno = error;
|
|
|
|
rtm->rtm_addrs = info.rti_addrs;
|
|
|
|
|
|
|
|
if (fibnum != RT_ALL_FIBS) {
|
|
|
|
M_SETFIB(m, fibnum);
|
|
|
|
m->m_flags |= RTS_FILTER_FIB;
|
|
|
|
}
|
|
|
|
|
|
|
|
rt_dispatch(m, sa ? sa->sa_family : AF_UNSPEC);
|
|
|
|
|
|
|
|
return (0);
|
2011-09-28 13:48:36 +00:00
|
|
|
}
|
|
|
|
|
1997-01-13 21:26:53 +00:00
|
|
|
/*
|
|
|
|
* This is the analogue to the rt_newaddrmsg which performs the same
|
|
|
|
* function but for multicast group memberhips. This is easier since
|
|
|
|
* there is no route state to worry about.
|
|
|
|
*/
|
|
|
|
void
|
2003-10-03 18:15:54 +00:00
|
|
|
rt_newmaddrmsg(int cmd, struct ifmultiaddr *ifma)
|
1997-01-13 21:26:53 +00:00
|
|
|
{
|
|
|
|
struct rt_addrinfo info;
|
2004-04-18 00:56:44 +00:00
|
|
|
struct mbuf *m = NULL;
|
1997-01-13 21:26:53 +00:00
|
|
|
struct ifnet *ifp = ifma->ifma_ifp;
|
|
|
|
struct ifma_msghdr *ifmam;
|
|
|
|
|
2014-02-19 08:29:07 +00:00
|
|
|
if (V_route_cb.any_count == 0)
|
1997-01-13 21:26:53 +00:00
|
|
|
return;
|
|
|
|
|
|
|
|
bzero((caddr_t)&info, sizeof(info));
|
2003-10-03 18:15:54 +00:00
|
|
|
info.rti_info[RTAX_IFA] = ifma->ifma_addr;
|
2005-11-11 16:04:59 +00:00
|
|
|
info.rti_info[RTAX_IFP] = ifp ? ifp->if_addr->ifa_addr : NULL;
|
1997-01-13 21:26:53 +00:00
|
|
|
/*
|
|
|
|
* If a link-layer address is present, present it as a ``gateway''
|
|
|
|
* (similarly to how ARP entries, e.g., are presented).
|
|
|
|
*/
|
2003-10-03 18:15:54 +00:00
|
|
|
info.rti_info[RTAX_GATEWAY] = ifma->ifma_lladdr;
|
2014-05-08 13:54:57 +00:00
|
|
|
m = rtsock_msg_mbuf(cmd, &info);
|
2003-10-03 18:15:54 +00:00
|
|
|
if (m == NULL)
|
1997-01-13 21:26:53 +00:00
|
|
|
return;
|
|
|
|
ifmam = mtod(m, struct ifma_msghdr *);
|
2007-03-27 16:11:28 +00:00
|
|
|
KASSERT(ifp != NULL, ("%s: link-layer multicast address w/o ifp\n",
|
|
|
|
__func__));
|
1997-01-13 21:26:53 +00:00
|
|
|
ifmam->ifmam_index = ifp->if_index;
|
|
|
|
ifmam->ifmam_addrs = info.rti_addrs;
|
2011-11-03 18:33:30 +00:00
|
|
|
rt_dispatch(m, ifma->ifma_addr ? ifma->ifma_addr->sa_family : AF_UNSPEC);
|
1997-01-13 21:26:53 +00:00
|
|
|
}
|
1995-11-16 19:00:27 +00:00
|
|
|
|
2004-10-05 19:48:33 +00:00
|
|
|
static struct mbuf *
|
|
|
|
rt_makeifannouncemsg(struct ifnet *ifp, int type, int what,
|
|
|
|
struct rt_addrinfo *info)
|
|
|
|
{
|
|
|
|
struct if_announcemsghdr *ifan;
|
|
|
|
struct mbuf *m;
|
|
|
|
|
2014-02-19 08:29:07 +00:00
|
|
|
if (V_route_cb.any_count == 0)
|
2004-10-05 19:48:33 +00:00
|
|
|
return NULL;
|
|
|
|
bzero((caddr_t)info, sizeof(*info));
|
2014-05-08 13:54:57 +00:00
|
|
|
m = rtsock_msg_mbuf(type, info);
|
2004-10-05 19:48:33 +00:00
|
|
|
if (m != NULL) {
|
|
|
|
ifan = mtod(m, struct if_announcemsghdr *);
|
|
|
|
ifan->ifan_index = ifp->if_index;
|
|
|
|
strlcpy(ifan->ifan_name, ifp->if_xname,
|
|
|
|
sizeof(ifan->ifan_name));
|
|
|
|
ifan->ifan_what = what;
|
|
|
|
}
|
|
|
|
return m;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This is called to generate routing socket messages indicating
|
|
|
|
* IEEE80211 wireless events.
|
|
|
|
* XXX we piggyback on the RTM_IFANNOUNCE msg format in a clumsy way.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
rt_ieee80211msg(struct ifnet *ifp, int what, void *data, size_t data_len)
|
|
|
|
{
|
|
|
|
struct mbuf *m;
|
|
|
|
struct rt_addrinfo info;
|
|
|
|
|
|
|
|
m = rt_makeifannouncemsg(ifp, RTM_IEEE80211, what, &info);
|
|
|
|
if (m != NULL) {
|
|
|
|
/*
|
|
|
|
* Append the ieee80211 data. Try to stick it in the
|
|
|
|
* mbuf containing the ifannounce msg; otherwise allocate
|
|
|
|
* a new mbuf and append.
|
|
|
|
*
|
|
|
|
* NB: we assume m is a single mbuf.
|
|
|
|
*/
|
|
|
|
if (data_len > M_TRAILINGSPACE(m)) {
|
|
|
|
struct mbuf *n = m_get(M_NOWAIT, MT_DATA);
|
|
|
|
if (n == NULL) {
|
|
|
|
m_freem(m);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
bcopy(data, mtod(n, void *), data_len);
|
|
|
|
n->m_len = data_len;
|
|
|
|
m->m_next = n;
|
|
|
|
} else if (data_len > 0) {
|
|
|
|
bcopy(data, mtod(m, u_int8_t *) + m->m_len, data_len);
|
|
|
|
m->m_len += data_len;
|
|
|
|
}
|
|
|
|
if (m->m_flags & M_PKTHDR)
|
|
|
|
m->m_pkthdr.len += data_len;
|
|
|
|
mtod(m, struct if_announcemsghdr *)->ifan_msglen += data_len;
|
2011-11-03 18:33:30 +00:00
|
|
|
rt_dispatch(m, AF_UNSPEC);
|
2004-10-05 19:48:33 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2002-01-18 14:33:04 +00:00
|
|
|
/*
|
|
|
|
* This is called to generate routing socket messages indicating
|
|
|
|
* network interface arrival and departure.
|
|
|
|
*/
|
|
|
|
void
|
2003-10-03 18:15:54 +00:00
|
|
|
rt_ifannouncemsg(struct ifnet *ifp, int what)
|
2002-01-18 14:33:04 +00:00
|
|
|
{
|
|
|
|
struct mbuf *m;
|
|
|
|
struct rt_addrinfo info;
|
|
|
|
|
2004-10-05 19:48:33 +00:00
|
|
|
m = rt_makeifannouncemsg(ifp, RTM_IFANNOUNCE, what, &info);
|
|
|
|
if (m != NULL)
|
2011-11-03 18:33:30 +00:00
|
|
|
rt_dispatch(m, AF_UNSPEC);
|
2004-10-05 19:48:33 +00:00
|
|
|
}
|
2002-01-18 14:33:04 +00:00
|
|
|
|
2003-10-03 18:15:54 +00:00
|
|
|
static void
|
2011-11-03 18:33:30 +00:00
|
|
|
rt_dispatch(struct mbuf *m, sa_family_t saf)
|
2003-10-03 18:15:54 +00:00
|
|
|
{
|
Introduce a netisr to deliver kernel-generated routing, avoiding
recursive entering of the socket code from the routing code:
- Modify rt_dispatch() to bundle up the sockaddr family, if any,
associated with a pending mbuf to dispatch to routing sockets, in
an m_tag on the mbuf.
- Allocate NETISR_ROUTE for use by routing sockets.
- Introduce rtsintrq, an ifqueue to be used by the netisr, and
introduce rts_input(), a function to unbundle the tagged sockaddr
and inject the mbuf and address into raw_input(), which previously
occurred in rt_dispatch().
- Introduce rts_init() to initialize rtsintrq, its mutex, and
register the netisr. Perform this at the same point in system
initialization as setup of the domains.
This change introduces asynchrony between the generation of a
pending routing socket message and delivery to sockets for use
by userspace. It avoids socket->routing->rtsock->socket use and
helps to avoid lock order reversals between the routing code and
socket code (in particular, raw socket control blocks), as route
locks are held over calls to rt_dispatch().
Reviewed by: "George V.Neville-Neil" <gnn@neville-neil.com>
Conceptual head nod by: sam
2004-06-09 02:48:23 +00:00
|
|
|
struct m_tag *tag;
|
2003-10-03 18:15:54 +00:00
|
|
|
|
Introduce a netisr to deliver kernel-generated routing, avoiding
recursive entering of the socket code from the routing code:
- Modify rt_dispatch() to bundle up the sockaddr family, if any,
associated with a pending mbuf to dispatch to routing sockets, in
an m_tag on the mbuf.
- Allocate NETISR_ROUTE for use by routing sockets.
- Introduce rtsintrq, an ifqueue to be used by the netisr, and
introduce rts_input(), a function to unbundle the tagged sockaddr
and inject the mbuf and address into raw_input(), which previously
occurred in rt_dispatch().
- Introduce rts_init() to initialize rtsintrq, its mutex, and
register the netisr. Perform this at the same point in system
initialization as setup of the domains.
This change introduces asynchrony between the generation of a
pending routing socket message and delivery to sockets for use
by userspace. It avoids socket->routing->rtsock->socket use and
helps to avoid lock order reversals between the routing code and
socket code (in particular, raw socket control blocks), as route
locks are held over calls to rt_dispatch().
Reviewed by: "George V.Neville-Neil" <gnn@neville-neil.com>
Conceptual head nod by: sam
2004-06-09 02:48:23 +00:00
|
|
|
/*
|
|
|
|
* Preserve the family from the sockaddr, if any, in an m_tag for
|
|
|
|
* use when injecting the mbuf into the routing socket buffer from
|
|
|
|
* the netisr.
|
|
|
|
*/
|
2011-11-03 18:33:30 +00:00
|
|
|
if (saf != AF_UNSPEC) {
|
Introduce a netisr to deliver kernel-generated routing, avoiding
recursive entering of the socket code from the routing code:
- Modify rt_dispatch() to bundle up the sockaddr family, if any,
associated with a pending mbuf to dispatch to routing sockets, in
an m_tag on the mbuf.
- Allocate NETISR_ROUTE for use by routing sockets.
- Introduce rtsintrq, an ifqueue to be used by the netisr, and
introduce rts_input(), a function to unbundle the tagged sockaddr
and inject the mbuf and address into raw_input(), which previously
occurred in rt_dispatch().
- Introduce rts_init() to initialize rtsintrq, its mutex, and
register the netisr. Perform this at the same point in system
initialization as setup of the domains.
This change introduces asynchrony between the generation of a
pending routing socket message and delivery to sockets for use
by userspace. It avoids socket->routing->rtsock->socket use and
helps to avoid lock order reversals between the routing code and
socket code (in particular, raw socket control blocks), as route
locks are held over calls to rt_dispatch().
Reviewed by: "George V.Neville-Neil" <gnn@neville-neil.com>
Conceptual head nod by: sam
2004-06-09 02:48:23 +00:00
|
|
|
tag = m_tag_get(PACKET_TAG_RTSOCKFAM, sizeof(unsigned short),
|
|
|
|
M_NOWAIT);
|
|
|
|
if (tag == NULL) {
|
|
|
|
m_freem(m);
|
|
|
|
return;
|
|
|
|
}
|
2011-11-03 18:33:30 +00:00
|
|
|
*(unsigned short *)(tag + 1) = saf;
|
Introduce a netisr to deliver kernel-generated routing, avoiding
recursive entering of the socket code from the routing code:
- Modify rt_dispatch() to bundle up the sockaddr family, if any,
associated with a pending mbuf to dispatch to routing sockets, in
an m_tag on the mbuf.
- Allocate NETISR_ROUTE for use by routing sockets.
- Introduce rtsintrq, an ifqueue to be used by the netisr, and
introduce rts_input(), a function to unbundle the tagged sockaddr
and inject the mbuf and address into raw_input(), which previously
occurred in rt_dispatch().
- Introduce rts_init() to initialize rtsintrq, its mutex, and
register the netisr. Perform this at the same point in system
initialization as setup of the domains.
This change introduces asynchrony between the generation of a
pending routing socket message and delivery to sockets for use
by userspace. It avoids socket->routing->rtsock->socket use and
helps to avoid lock order reversals between the routing code and
socket code (in particular, raw socket control blocks), as route
locks are held over calls to rt_dispatch().
Reviewed by: "George V.Neville-Neil" <gnn@neville-neil.com>
Conceptual head nod by: sam
2004-06-09 02:48:23 +00:00
|
|
|
m_tag_prepend(m, tag);
|
|
|
|
}
|
Change the curvnet variable from a global const struct vnet *,
previously always pointing to the default vnet context, to a
dynamically changing thread-local one. The currvnet context
should be set on entry to networking code via CURVNET_SET() macros,
and reverted to previous state via CURVNET_RESTORE(). Recursions
on curvnet are permitted, though strongly discuouraged.
This change should have no functional impact on nooptions VIMAGE
kernel builds, where CURVNET_* macros expand to whitespace.
The curthread->td_vnet (aka curvnet) variable's purpose is to be an
indicator of the vnet context in which the current network-related
operation takes place, in case we cannot deduce the current vnet
context from any other source, such as by looking at mbuf's
m->m_pkthdr.rcvif->if_vnet, sockets's so->so_vnet etc. Moreover, so
far curvnet has turned out to be an invaluable consistency checking
aid: it helps to catch cases when sockets, ifnets or any other
vnet-aware structures may have leaked from one vnet to another.
The exact placement of the CURVNET_SET() / CURVNET_RESTORE() macros
was a result of an empirical iterative process, whith an aim to
reduce recursions on CURVNET_SET() to a minimum, while still reducing
the scope of CURVNET_SET() to networking only operations - the
alternative would be calling CURVNET_SET() on each system call entry.
In general, curvnet has to be set in three typicall cases: when
processing socket-related requests from userspace or from within the
kernel; when processing inbound traffic flowing from device drivers
to upper layers of the networking stack, and when executing
timer-driven networking functions.
This change also introduces a DDB subcommand to show the list of all
vnet instances.
Approved by: julian (mentor)
2009-05-05 10:56:12 +00:00
|
|
|
#ifdef VIMAGE
|
|
|
|
if (V_loif)
|
|
|
|
m->m_pkthdr.rcvif = V_loif;
|
|
|
|
else {
|
|
|
|
m_freem(m);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
#endif
|
2004-08-27 18:33:08 +00:00
|
|
|
netisr_queue(NETISR_ROUTE, m); /* mbuf is free'd on failure. */
|
2003-10-03 18:15:54 +00:00
|
|
|
}
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
|
|
|
* This is used in dumping the kernel table via sysctl().
|
|
|
|
*/
|
2002-09-28 17:15:38 +00:00
|
|
|
static int
|
2003-10-03 18:15:54 +00:00
|
|
|
sysctl_dumpentry(struct radix_node *rn, void *vw)
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
2003-10-03 18:15:54 +00:00
|
|
|
struct walkarg *w = vw;
|
|
|
|
struct rtentry *rt = (struct rtentry *)rn;
|
1994-05-24 10:09:53 +00:00
|
|
|
int error = 0, size;
|
|
|
|
struct rt_addrinfo info;
|
Fix incorrect netmasks being passed via rtsock.
Since radix has been ignoring sa_family in passed sockaddrs,
no one ever has bothered filling valid sa_family in netmasks.
Additionally, radix adjusts sa_len field in every netmask not to
compare zero bytes at all.
This leads us to rt_mask with sa_family of AF_UNSPEC (-1) and
arbitrary sa_len field (0 for default route, for example).
However, rtsock have been passing that rt_mask intact for ages,
requiring all rtsock consumers to make ther own local hacks.
We even have unfixed on in base:
do `route -n monitor` in one window and issue `route -n get addr`
for some directly-connected address. You will probably see the following:
got message of size 304 on Thu May 8 15:06:06 2014
RTM_GET: Report Metrics: len 304, pid: 30493, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 (255) ffff ffff ff em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
after the change:
got message of size 312 on Thu May 8 15:44:07 2014
RTM_GET: Report Metrics: len 312, pid: 2895, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 255.255.255.0 em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
Sponsored by: Yandex LLC
MFC after: 1 month
2014-05-08 11:56:06 +00:00
|
|
|
struct sockaddr_storage ss;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
if (w->w_op == NET_RT_FLAGS && !(rt->rt_flags & w->w_arg))
|
|
|
|
return 0;
|
2009-02-05 14:06:09 +00:00
|
|
|
if ((rt->rt_flags & RTF_HOST) == 0
|
2009-12-13 13:57:32 +00:00
|
|
|
? jailed_without_vnet(w->w_req->td->td_ucred)
|
2009-02-05 14:06:09 +00:00
|
|
|
: prison_if(w->w_req->td->td_ucred, rt_key(rt)) != 0)
|
2009-01-09 21:57:49 +00:00
|
|
|
return (0);
|
1994-05-24 10:09:53 +00:00
|
|
|
bzero((caddr_t)&info, sizeof(info));
|
2003-10-03 18:15:54 +00:00
|
|
|
info.rti_info[RTAX_DST] = rt_key(rt);
|
|
|
|
info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
|
Fix incorrect netmasks being passed via rtsock.
Since radix has been ignoring sa_family in passed sockaddrs,
no one ever has bothered filling valid sa_family in netmasks.
Additionally, radix adjusts sa_len field in every netmask not to
compare zero bytes at all.
This leads us to rt_mask with sa_family of AF_UNSPEC (-1) and
arbitrary sa_len field (0 for default route, for example).
However, rtsock have been passing that rt_mask intact for ages,
requiring all rtsock consumers to make ther own local hacks.
We even have unfixed on in base:
do `route -n monitor` in one window and issue `route -n get addr`
for some directly-connected address. You will probably see the following:
got message of size 304 on Thu May 8 15:06:06 2014
RTM_GET: Report Metrics: len 304, pid: 30493, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 (255) ffff ffff ff em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
after the change:
got message of size 312 on Thu May 8 15:44:07 2014
RTM_GET: Report Metrics: len 312, pid: 2895, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 255.255.255.0 em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
Sponsored by: Yandex LLC
MFC after: 1 month
2014-05-08 11:56:06 +00:00
|
|
|
info.rti_info[RTAX_NETMASK] = rtsock_fix_netmask(rt_key(rt),
|
|
|
|
rt_mask(rt), &ss);
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
info.rti_info[RTAX_GENMASK] = 0;
|
2001-10-17 11:23:59 +00:00
|
|
|
if (rt->rt_ifp) {
|
2005-11-11 16:04:59 +00:00
|
|
|
info.rti_info[RTAX_IFP] = rt->rt_ifp->if_addr->ifa_addr;
|
2003-10-03 18:15:54 +00:00
|
|
|
info.rti_info[RTAX_IFA] = rt->rt_ifa->ifa_addr;
|
2001-10-17 11:23:59 +00:00
|
|
|
if (rt->rt_ifp->if_flags & IFF_POINTOPOINT)
|
2003-10-03 18:15:54 +00:00
|
|
|
info.rti_info[RTAX_BRD] = rt->rt_ifa->ifa_dstaddr;
|
2001-10-17 11:23:59 +00:00
|
|
|
}
|
2014-04-27 17:41:18 +00:00
|
|
|
if ((error = rtsock_msg_buffer(RTM_GET, &info, w, &size)) != 0)
|
|
|
|
return (error);
|
1995-11-16 19:00:27 +00:00
|
|
|
if (w->w_req && w->w_tmem) {
|
2003-10-03 18:15:54 +00:00
|
|
|
struct rt_msghdr *rtm = (struct rt_msghdr *)w->w_tmem;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2013-06-25 00:10:49 +00:00
|
|
|
if (rt->rt_flags & RTF_GWFLAG_COMPAT)
|
|
|
|
rtm->rtm_flags = RTF_GATEWAY |
|
|
|
|
(rt->rt_flags & ~RTF_GWFLAG_COMPAT);
|
|
|
|
else
|
|
|
|
rtm->rtm_flags = rt->rt_flags;
|
2014-03-05 01:17:47 +00:00
|
|
|
rt_getmetrics(rt, &rtm->rtm_rmx);
|
1994-05-24 10:09:53 +00:00
|
|
|
rtm->rtm_index = rt->rt_ifp->if_index;
|
|
|
|
rtm->rtm_errno = rtm->rtm_pid = rtm->rtm_seq = 0;
|
|
|
|
rtm->rtm_addrs = info.rti_addrs;
|
1995-11-16 19:00:27 +00:00
|
|
|
error = SYSCTL_OUT(w->w_req, (caddr_t)rtm, size);
|
|
|
|
return (error);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2012-02-11 06:02:16 +00:00
|
|
|
static int
|
|
|
|
sysctl_iflist_ifml(struct ifnet *ifp, struct rt_addrinfo *info,
|
|
|
|
struct walkarg *w, int len)
|
|
|
|
{
|
|
|
|
struct if_msghdrl *ifm;
|
2014-03-13 03:42:24 +00:00
|
|
|
struct if_data *ifd;
|
|
|
|
|
|
|
|
ifm = (struct if_msghdrl *)w->w_tmem;
|
2012-02-11 06:02:16 +00:00
|
|
|
|
|
|
|
#ifdef COMPAT_FREEBSD32
|
|
|
|
if (w->w_req->flags & SCTL_MASK32) {
|
|
|
|
struct if_msghdrl32 *ifm32;
|
|
|
|
|
2014-03-13 03:42:24 +00:00
|
|
|
ifm32 = (struct if_msghdrl32 *)ifm;
|
2012-02-11 06:02:16 +00:00
|
|
|
ifm32->ifm_addrs = info->rti_addrs;
|
|
|
|
ifm32->ifm_flags = ifp->if_flags | ifp->if_drv_flags;
|
|
|
|
ifm32->ifm_index = ifp->if_index;
|
|
|
|
ifm32->_ifm_spare1 = 0;
|
|
|
|
ifm32->ifm_len = sizeof(*ifm32);
|
|
|
|
ifm32->ifm_data_off = offsetof(struct if_msghdrl32, ifm_data);
|
2014-03-13 03:42:24 +00:00
|
|
|
ifd = &ifm32->ifm_data;
|
|
|
|
} else
|
2012-02-11 06:02:16 +00:00
|
|
|
#endif
|
2014-03-13 03:42:24 +00:00
|
|
|
{
|
|
|
|
ifm->ifm_addrs = info->rti_addrs;
|
|
|
|
ifm->ifm_flags = ifp->if_flags | ifp->if_drv_flags;
|
|
|
|
ifm->ifm_index = ifp->if_index;
|
|
|
|
ifm->_ifm_spare1 = 0;
|
|
|
|
ifm->ifm_len = sizeof(*ifm);
|
|
|
|
ifm->ifm_data_off = offsetof(struct if_msghdrl, ifm_data);
|
|
|
|
ifd = &ifm->ifm_data;
|
|
|
|
}
|
|
|
|
|
2014-08-31 06:46:21 +00:00
|
|
|
if_data_copy(ifp, ifd);
|
2012-02-11 06:02:16 +00:00
|
|
|
|
|
|
|
return (SYSCTL_OUT(w->w_req, (caddr_t)ifm, len));
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
sysctl_iflist_ifm(struct ifnet *ifp, struct rt_addrinfo *info,
|
|
|
|
struct walkarg *w, int len)
|
|
|
|
{
|
|
|
|
struct if_msghdr *ifm;
|
2014-03-13 03:42:24 +00:00
|
|
|
struct if_data *ifd;
|
|
|
|
|
|
|
|
ifm = (struct if_msghdr *)w->w_tmem;
|
2012-02-11 06:02:16 +00:00
|
|
|
|
|
|
|
#ifdef COMPAT_FREEBSD32
|
|
|
|
if (w->w_req->flags & SCTL_MASK32) {
|
|
|
|
struct if_msghdr32 *ifm32;
|
|
|
|
|
2014-03-13 03:42:24 +00:00
|
|
|
ifm32 = (struct if_msghdr32 *)ifm;
|
2012-02-11 06:02:16 +00:00
|
|
|
ifm32->ifm_addrs = info->rti_addrs;
|
|
|
|
ifm32->ifm_flags = ifp->if_flags | ifp->if_drv_flags;
|
|
|
|
ifm32->ifm_index = ifp->if_index;
|
2014-03-13 03:42:24 +00:00
|
|
|
ifd = &ifm32->ifm_data;
|
|
|
|
} else
|
2012-02-11 06:02:16 +00:00
|
|
|
#endif
|
2014-03-13 03:42:24 +00:00
|
|
|
{
|
|
|
|
ifm->ifm_addrs = info->rti_addrs;
|
|
|
|
ifm->ifm_flags = ifp->if_flags | ifp->if_drv_flags;
|
|
|
|
ifm->ifm_index = ifp->if_index;
|
|
|
|
ifd = &ifm->ifm_data;
|
|
|
|
}
|
2012-02-11 06:02:16 +00:00
|
|
|
|
2014-08-31 06:46:21 +00:00
|
|
|
if_data_copy(ifp, ifd);
|
2014-03-19 06:08:03 +00:00
|
|
|
|
2012-02-11 06:02:16 +00:00
|
|
|
return (SYSCTL_OUT(w->w_req, (caddr_t)ifm, len));
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
sysctl_iflist_ifaml(struct ifaddr *ifa, struct rt_addrinfo *info,
|
|
|
|
struct walkarg *w, int len)
|
|
|
|
{
|
|
|
|
struct ifa_msghdrl *ifam;
|
2014-03-13 03:42:24 +00:00
|
|
|
struct if_data *ifd;
|
|
|
|
|
|
|
|
ifam = (struct ifa_msghdrl *)w->w_tmem;
|
2012-02-11 06:02:16 +00:00
|
|
|
|
|
|
|
#ifdef COMPAT_FREEBSD32
|
|
|
|
if (w->w_req->flags & SCTL_MASK32) {
|
|
|
|
struct ifa_msghdrl32 *ifam32;
|
|
|
|
|
2014-03-13 03:42:24 +00:00
|
|
|
ifam32 = (struct ifa_msghdrl32 *)ifam;
|
2012-02-11 06:02:16 +00:00
|
|
|
ifam32->ifam_addrs = info->rti_addrs;
|
|
|
|
ifam32->ifam_flags = ifa->ifa_flags;
|
|
|
|
ifam32->ifam_index = ifa->ifa_ifp->if_index;
|
|
|
|
ifam32->_ifam_spare1 = 0;
|
|
|
|
ifam32->ifam_len = sizeof(*ifam32);
|
|
|
|
ifam32->ifam_data_off =
|
|
|
|
offsetof(struct ifa_msghdrl32, ifam_data);
|
2014-07-29 15:01:29 +00:00
|
|
|
ifam32->ifam_metric = ifa->ifa_ifp->if_metric;
|
2014-03-13 03:42:24 +00:00
|
|
|
ifd = &ifam32->ifam_data;
|
|
|
|
} else
|
2012-02-11 06:02:16 +00:00
|
|
|
#endif
|
2014-03-13 03:42:24 +00:00
|
|
|
{
|
|
|
|
ifam->ifam_addrs = info->rti_addrs;
|
|
|
|
ifam->ifam_flags = ifa->ifa_flags;
|
|
|
|
ifam->ifam_index = ifa->ifa_ifp->if_index;
|
|
|
|
ifam->_ifam_spare1 = 0;
|
|
|
|
ifam->ifam_len = sizeof(*ifam);
|
|
|
|
ifam->ifam_data_off = offsetof(struct ifa_msghdrl, ifam_data);
|
2014-07-29 15:01:29 +00:00
|
|
|
ifam->ifam_metric = ifa->ifa_ifp->if_metric;
|
2014-03-13 03:42:24 +00:00
|
|
|
ifd = &ifam->ifam_data;
|
|
|
|
}
|
2012-02-11 06:02:16 +00:00
|
|
|
|
2014-03-13 03:42:24 +00:00
|
|
|
bzero(ifd, sizeof(*ifd));
|
|
|
|
ifd->ifi_datalen = sizeof(struct if_data);
|
|
|
|
ifd->ifi_ipackets = counter_u64_fetch(ifa->ifa_ipackets);
|
|
|
|
ifd->ifi_opackets = counter_u64_fetch(ifa->ifa_opackets);
|
|
|
|
ifd->ifi_ibytes = counter_u64_fetch(ifa->ifa_ibytes);
|
|
|
|
ifd->ifi_obytes = counter_u64_fetch(ifa->ifa_obytes);
|
2013-10-15 11:37:57 +00:00
|
|
|
|
2012-02-11 06:02:16 +00:00
|
|
|
/* Fixup if_data carp(4) vhid. */
|
|
|
|
if (carp_get_vhid_p != NULL)
|
2014-03-13 03:42:24 +00:00
|
|
|
ifd->ifi_vhid = (*carp_get_vhid_p)(ifa);
|
2012-02-11 06:02:16 +00:00
|
|
|
|
|
|
|
return (SYSCTL_OUT(w->w_req, w->w_tmem, len));
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
sysctl_iflist_ifam(struct ifaddr *ifa, struct rt_addrinfo *info,
|
|
|
|
struct walkarg *w, int len)
|
|
|
|
{
|
|
|
|
struct ifa_msghdr *ifam;
|
|
|
|
|
|
|
|
ifam = (struct ifa_msghdr *)w->w_tmem;
|
|
|
|
ifam->ifam_addrs = info->rti_addrs;
|
|
|
|
ifam->ifam_flags = ifa->ifa_flags;
|
|
|
|
ifam->ifam_index = ifa->ifa_ifp->if_index;
|
2014-07-29 15:01:29 +00:00
|
|
|
ifam->ifam_metric = ifa->ifa_ifp->if_metric;
|
2012-02-11 06:02:16 +00:00
|
|
|
|
|
|
|
return (SYSCTL_OUT(w->w_req, w->w_tmem, len));
|
|
|
|
}
|
|
|
|
|
2002-09-28 17:15:38 +00:00
|
|
|
static int
|
2003-10-03 18:15:54 +00:00
|
|
|
sysctl_iflist(int af, struct walkarg *w)
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
2003-10-03 18:15:54 +00:00
|
|
|
struct ifnet *ifp;
|
|
|
|
struct ifaddr *ifa;
|
|
|
|
struct rt_addrinfo info;
|
|
|
|
int len, error = 0;
|
Fix incorrect netmasks being passed via rtsock.
Since radix has been ignoring sa_family in passed sockaddrs,
no one ever has bothered filling valid sa_family in netmasks.
Additionally, radix adjusts sa_len field in every netmask not to
compare zero bytes at all.
This leads us to rt_mask with sa_family of AF_UNSPEC (-1) and
arbitrary sa_len field (0 for default route, for example).
However, rtsock have been passing that rt_mask intact for ages,
requiring all rtsock consumers to make ther own local hacks.
We even have unfixed on in base:
do `route -n monitor` in one window and issue `route -n get addr`
for some directly-connected address. You will probably see the following:
got message of size 304 on Thu May 8 15:06:06 2014
RTM_GET: Report Metrics: len 304, pid: 30493, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 (255) ffff ffff ff em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
after the change:
got message of size 312 on Thu May 8 15:44:07 2014
RTM_GET: Report Metrics: len 312, pid: 2895, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 255.255.255.0 em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
Sponsored by: Yandex LLC
MFC after: 1 month
2014-05-08 11:56:06 +00:00
|
|
|
struct sockaddr_storage ss;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
bzero((caddr_t)&info, sizeof(info));
|
2012-12-04 17:12:23 +00:00
|
|
|
IFNET_RLOCK_NOSLEEP();
|
Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course
of the next few weeks.
Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
2008-08-17 23:27:27 +00:00
|
|
|
TAILQ_FOREACH(ifp, &V_ifnet, if_link) {
|
1994-05-24 10:09:53 +00:00
|
|
|
if (w->w_arg && w->w_arg != ifp->if_index)
|
|
|
|
continue;
|
2012-01-05 19:00:36 +00:00
|
|
|
IF_ADDR_RLOCK(ifp);
|
2005-11-11 16:04:59 +00:00
|
|
|
ifa = ifp->if_addr;
|
2003-10-03 18:15:54 +00:00
|
|
|
info.rti_info[RTAX_IFP] = ifa->ifa_addr;
|
2014-04-27 17:41:18 +00:00
|
|
|
error = rtsock_msg_buffer(RTM_IFINFO, &info, w, &len);
|
|
|
|
if (error != 0)
|
|
|
|
goto done;
|
2004-04-18 00:56:44 +00:00
|
|
|
info.rti_info[RTAX_IFP] = NULL;
|
1995-11-16 19:00:27 +00:00
|
|
|
if (w->w_req && w->w_tmem) {
|
2012-02-11 06:02:16 +00:00
|
|
|
if (w->w_op == NET_RT_IFLISTL)
|
|
|
|
error = sysctl_iflist_ifml(ifp, &info, w, len);
|
|
|
|
else
|
|
|
|
error = sysctl_iflist_ifm(ifp, &info, w, len);
|
1994-10-08 22:38:27 +00:00
|
|
|
if (error)
|
2001-09-29 05:08:04 +00:00
|
|
|
goto done;
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
2004-04-18 00:56:44 +00:00
|
|
|
while ((ifa = TAILQ_NEXT(ifa, ifa_link)) != NULL) {
|
1994-05-24 10:09:53 +00:00
|
|
|
if (af && af != ifa->ifa_addr->sa_family)
|
|
|
|
continue;
|
2009-02-05 14:06:09 +00:00
|
|
|
if (prison_if(w->w_req->td->td_ucred,
|
|
|
|
ifa->ifa_addr) != 0)
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
continue;
|
2003-10-03 18:15:54 +00:00
|
|
|
info.rti_info[RTAX_IFA] = ifa->ifa_addr;
|
Fix incorrect netmasks being passed via rtsock.
Since radix has been ignoring sa_family in passed sockaddrs,
no one ever has bothered filling valid sa_family in netmasks.
Additionally, radix adjusts sa_len field in every netmask not to
compare zero bytes at all.
This leads us to rt_mask with sa_family of AF_UNSPEC (-1) and
arbitrary sa_len field (0 for default route, for example).
However, rtsock have been passing that rt_mask intact for ages,
requiring all rtsock consumers to make ther own local hacks.
We even have unfixed on in base:
do `route -n monitor` in one window and issue `route -n get addr`
for some directly-connected address. You will probably see the following:
got message of size 304 on Thu May 8 15:06:06 2014
RTM_GET: Report Metrics: len 304, pid: 30493, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 (255) ffff ffff ff em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
after the change:
got message of size 312 on Thu May 8 15:44:07 2014
RTM_GET: Report Metrics: len 312, pid: 2895, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 255.255.255.0 em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
Sponsored by: Yandex LLC
MFC after: 1 month
2014-05-08 11:56:06 +00:00
|
|
|
info.rti_info[RTAX_NETMASK] = rtsock_fix_netmask(
|
|
|
|
ifa->ifa_addr, ifa->ifa_netmask, &ss);
|
2003-10-03 18:15:54 +00:00
|
|
|
info.rti_info[RTAX_BRD] = ifa->ifa_dstaddr;
|
2014-04-27 17:41:18 +00:00
|
|
|
error = rtsock_msg_buffer(RTM_NEWADDR, &info, w, &len);
|
|
|
|
if (error != 0)
|
|
|
|
goto done;
|
1995-11-16 19:00:27 +00:00
|
|
|
if (w->w_req && w->w_tmem) {
|
2012-02-11 06:02:16 +00:00
|
|
|
if (w->w_op == NET_RT_IFLISTL)
|
|
|
|
error = sysctl_iflist_ifaml(ifa, &info,
|
|
|
|
w, len);
|
|
|
|
else
|
|
|
|
error = sysctl_iflist_ifam(ifa, &info,
|
|
|
|
w, len);
|
1994-10-08 22:38:27 +00:00
|
|
|
if (error)
|
2001-09-29 05:08:04 +00:00
|
|
|
goto done;
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
}
|
2012-01-05 19:00:36 +00:00
|
|
|
IF_ADDR_RUNLOCK(ifp);
|
Fix incorrect netmasks being passed via rtsock.
Since radix has been ignoring sa_family in passed sockaddrs,
no one ever has bothered filling valid sa_family in netmasks.
Additionally, radix adjusts sa_len field in every netmask not to
compare zero bytes at all.
This leads us to rt_mask with sa_family of AF_UNSPEC (-1) and
arbitrary sa_len field (0 for default route, for example).
However, rtsock have been passing that rt_mask intact for ages,
requiring all rtsock consumers to make ther own local hacks.
We even have unfixed on in base:
do `route -n monitor` in one window and issue `route -n get addr`
for some directly-connected address. You will probably see the following:
got message of size 304 on Thu May 8 15:06:06 2014
RTM_GET: Report Metrics: len 304, pid: 30493, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 (255) ffff ffff ff em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
after the change:
got message of size 312 on Thu May 8 15:44:07 2014
RTM_GET: Report Metrics: len 312, pid: 2895, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
10.0.0.0 link#1 255.255.255.0 em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^
Sponsored by: Yandex LLC
MFC after: 1 month
2014-05-08 11:56:06 +00:00
|
|
|
info.rti_info[RTAX_IFA] = NULL;
|
|
|
|
info.rti_info[RTAX_NETMASK] = NULL;
|
|
|
|
info.rti_info[RTAX_BRD] = NULL;
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
2001-09-29 05:08:04 +00:00
|
|
|
done:
|
2010-10-16 19:25:27 +00:00
|
|
|
if (ifp != NULL)
|
2012-01-05 19:00:36 +00:00
|
|
|
IF_ADDR_RUNLOCK(ifp);
|
2012-12-04 17:12:23 +00:00
|
|
|
IFNET_RUNLOCK_NOSLEEP();
|
2001-09-29 05:08:04 +00:00
|
|
|
return (error);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
|
2009-01-09 16:22:32 +00:00
|
|
|
static int
|
2004-04-16 08:14:34 +00:00
|
|
|
sysctl_ifmalist(int af, struct walkarg *w)
|
2003-11-14 18:48:15 +00:00
|
|
|
{
|
2004-04-16 08:14:34 +00:00
|
|
|
struct ifnet *ifp;
|
2003-11-14 18:48:15 +00:00
|
|
|
struct ifmultiaddr *ifma;
|
|
|
|
struct rt_addrinfo info;
|
|
|
|
int len, error = 0;
|
2004-04-16 08:14:34 +00:00
|
|
|
struct ifaddr *ifa;
|
2003-11-14 18:48:15 +00:00
|
|
|
|
|
|
|
bzero((caddr_t)&info, sizeof(info));
|
2012-12-04 17:12:23 +00:00
|
|
|
IFNET_RLOCK_NOSLEEP();
|
Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course
of the next few weeks.
Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
2008-08-17 23:27:27 +00:00
|
|
|
TAILQ_FOREACH(ifp, &V_ifnet, if_link) {
|
2003-11-14 18:48:15 +00:00
|
|
|
if (w->w_arg && w->w_arg != ifp->if_index)
|
|
|
|
continue;
|
2005-11-11 16:04:59 +00:00
|
|
|
ifa = ifp->if_addr;
|
2004-04-17 15:09:36 +00:00
|
|
|
info.rti_info[RTAX_IFP] = ifa ? ifa->ifa_addr : NULL;
|
2012-01-05 19:00:36 +00:00
|
|
|
IF_ADDR_RLOCK(ifp);
|
2003-11-14 18:48:15 +00:00
|
|
|
TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) {
|
|
|
|
if (af && af != ifma->ifma_addr->sa_family)
|
|
|
|
continue;
|
2009-02-05 14:06:09 +00:00
|
|
|
if (prison_if(w->w_req->td->td_ucred,
|
|
|
|
ifma->ifma_addr) != 0)
|
2003-11-14 18:48:15 +00:00
|
|
|
continue;
|
|
|
|
info.rti_info[RTAX_IFA] = ifma->ifma_addr;
|
2004-04-17 15:09:36 +00:00
|
|
|
info.rti_info[RTAX_GATEWAY] =
|
|
|
|
(ifma->ifma_addr->sa_family != AF_LINK) ?
|
|
|
|
ifma->ifma_lladdr : NULL;
|
2014-05-03 17:57:06 +00:00
|
|
|
error = rtsock_msg_buffer(RTM_NEWMADDR, &info, w, &len);
|
2014-04-27 17:41:18 +00:00
|
|
|
if (error != 0)
|
|
|
|
goto done;
|
2003-11-14 18:48:15 +00:00
|
|
|
if (w->w_req && w->w_tmem) {
|
2004-04-16 08:14:34 +00:00
|
|
|
struct ifma_msghdr *ifmam;
|
2003-11-14 18:48:15 +00:00
|
|
|
|
|
|
|
ifmam = (struct ifma_msghdr *)w->w_tmem;
|
|
|
|
ifmam->ifmam_index = ifma->ifma_ifp->if_index;
|
|
|
|
ifmam->ifmam_flags = 0;
|
|
|
|
ifmam->ifmam_addrs = info.rti_addrs;
|
|
|
|
error = SYSCTL_OUT(w->w_req, w->w_tmem, len);
|
2005-09-10 15:12:24 +00:00
|
|
|
if (error) {
|
2012-01-05 19:00:36 +00:00
|
|
|
IF_ADDR_RUNLOCK(ifp);
|
2003-11-14 18:48:15 +00:00
|
|
|
goto done;
|
2005-09-10 15:12:24 +00:00
|
|
|
}
|
2003-11-14 18:48:15 +00:00
|
|
|
}
|
|
|
|
}
|
2012-01-05 19:00:36 +00:00
|
|
|
IF_ADDR_RUNLOCK(ifp);
|
2003-11-14 18:48:15 +00:00
|
|
|
}
|
|
|
|
done:
|
2012-12-04 17:12:23 +00:00
|
|
|
IFNET_RUNLOCK_NOSLEEP();
|
2003-11-14 18:48:15 +00:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
1995-11-16 19:00:27 +00:00
|
|
|
static int
|
2000-07-04 11:25:35 +00:00
|
|
|
sysctl_rtsock(SYSCTL_HANDLER_ARGS)
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
1995-11-16 19:00:27 +00:00
|
|
|
int *name = (int *)arg1;
|
|
|
|
u_int namelen = arg2;
|
2009-06-01 15:49:42 +00:00
|
|
|
struct radix_node_head *rnh = NULL; /* silence compiler. */
|
2005-09-10 15:12:24 +00:00
|
|
|
int i, lim, error = EINVAL;
|
2013-07-12 12:36:12 +00:00
|
|
|
int fib = 0;
|
2004-04-12 20:26:01 +00:00
|
|
|
u_char af;
|
1994-05-24 10:09:53 +00:00
|
|
|
struct walkarg w;
|
|
|
|
|
1995-11-16 19:00:27 +00:00
|
|
|
name ++;
|
|
|
|
namelen--;
|
|
|
|
if (req->newptr)
|
1994-05-24 10:09:53 +00:00
|
|
|
return (EPERM);
|
2013-07-12 12:36:12 +00:00
|
|
|
if (name[1] == NET_RT_DUMP) {
|
|
|
|
if (namelen == 3)
|
|
|
|
fib = req->td->td_proc->p_fibnum;
|
|
|
|
else if (namelen == 4)
|
2014-01-08 23:09:02 +00:00
|
|
|
fib = (name[3] == RT_ALL_FIBS) ?
|
2013-07-12 12:36:12 +00:00
|
|
|
req->td->td_proc->p_fibnum : name[3];
|
|
|
|
else
|
|
|
|
return ((namelen < 3) ? EISDIR : ENOTDIR);
|
|
|
|
if (fib < 0 || fib >= rt_numfibs)
|
|
|
|
return (EINVAL);
|
|
|
|
} else if (namelen != 3)
|
2002-01-25 00:50:49 +00:00
|
|
|
return ((namelen < 3) ? EISDIR : ENOTDIR);
|
1994-05-24 10:09:53 +00:00
|
|
|
af = name[0];
|
2002-12-25 10:51:20 +00:00
|
|
|
if (af > AF_MAX)
|
|
|
|
return (EINVAL);
|
2004-04-18 11:47:04 +00:00
|
|
|
bzero(&w, sizeof(w));
|
1994-05-24 10:09:53 +00:00
|
|
|
w.w_op = name[1];
|
|
|
|
w.w_arg = name[2];
|
1995-11-16 19:00:27 +00:00
|
|
|
w.w_req = req;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2005-09-10 15:12:24 +00:00
|
|
|
error = sysctl_wire_old_buffer(req, 0);
|
|
|
|
if (error)
|
|
|
|
return (error);
|
2014-04-27 17:41:18 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Allocate reply buffer in advance.
|
|
|
|
* All rtsock messages has maximum length of u_short.
|
|
|
|
*/
|
|
|
|
w.w_tmemsize = 65536;
|
|
|
|
w.w_tmem = malloc(w.w_tmemsize, M_TEMP, M_WAITOK);
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
switch (w.w_op) {
|
|
|
|
|
|
|
|
case NET_RT_DUMP:
|
|
|
|
case NET_RT_FLAGS:
|
2004-04-12 20:26:01 +00:00
|
|
|
if (af == 0) { /* dump all tables */
|
|
|
|
i = 1;
|
|
|
|
lim = AF_MAX;
|
|
|
|
} else /* dump only one table */
|
|
|
|
i = lim = af;
|
2008-12-26 19:45:24 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* take care of llinfo entries, the caller must
|
|
|
|
* specify an AF
|
|
|
|
*/
|
2009-01-12 11:24:32 +00:00
|
|
|
if (w.w_op == NET_RT_FLAGS &&
|
2009-01-16 09:01:45 +00:00
|
|
|
(w.w_arg == 0 || w.w_arg & RTF_LLINFO)) {
|
2008-12-26 19:45:24 +00:00
|
|
|
if (af != 0)
|
|
|
|
error = lltable_sysctl_dumparp(af, w.w_req);
|
|
|
|
else
|
|
|
|
error = EINVAL;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
* take care of routing entries
|
|
|
|
*/
|
2009-08-13 09:29:52 +00:00
|
|
|
for (error = 0; error == 0 && i <= lim; i++) {
|
2013-07-12 12:36:12 +00:00
|
|
|
rnh = rt_tables_get_rnh(fib, i);
|
2009-06-01 15:49:42 +00:00
|
|
|
if (rnh != NULL) {
|
2012-04-22 16:13:23 +00:00
|
|
|
RADIX_NODE_HEAD_RLOCK(rnh);
|
2002-12-24 03:03:39 +00:00
|
|
|
error = rnh->rnh_walktree(rnh,
|
2005-09-10 15:12:24 +00:00
|
|
|
sysctl_dumpentry, &w);
|
2012-04-22 16:13:23 +00:00
|
|
|
RADIX_NODE_HEAD_RUNLOCK(rnh);
|
2004-04-12 20:26:01 +00:00
|
|
|
} else if (af != 0)
|
2002-12-24 03:03:39 +00:00
|
|
|
error = EAFNOSUPPORT;
|
2009-08-13 09:29:52 +00:00
|
|
|
}
|
1994-05-24 10:09:53 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case NET_RT_IFLIST:
|
2012-02-11 06:02:16 +00:00
|
|
|
case NET_RT_IFLISTL:
|
1994-05-24 10:09:53 +00:00
|
|
|
error = sysctl_iflist(af, &w);
|
2003-11-14 18:48:15 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case NET_RT_IFMALIST:
|
|
|
|
error = sysctl_ifmalist(af, &w);
|
|
|
|
break;
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
2014-04-27 17:41:18 +00:00
|
|
|
|
|
|
|
free(w.w_tmem, M_TEMP);
|
1994-05-24 10:09:53 +00:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2011-11-07 15:43:11 +00:00
|
|
|
static SYSCTL_NODE(_net, PF_ROUTE, routetable, CTLFLAG_RD, sysctl_rtsock, "");
|
1995-11-16 19:00:27 +00:00
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
|
|
|
* Definitions of protocols supported in the ROUTE domain.
|
|
|
|
*/
|
|
|
|
|
2005-09-07 10:06:14 +00:00
|
|
|
static struct domain routedomain; /* or at least forward */
|
1994-05-24 10:09:53 +00:00
|
|
|
|
1995-11-16 19:00:27 +00:00
|
|
|
static struct protosw routesw[] = {
|
2005-11-09 13:29:16 +00:00
|
|
|
{
|
|
|
|
.pr_type = SOCK_RAW,
|
|
|
|
.pr_domain = &routedomain,
|
|
|
|
.pr_flags = PR_ATOMIC|PR_ADDR,
|
|
|
|
.pr_output = route_output,
|
|
|
|
.pr_ctlinput = raw_ctlinput,
|
|
|
|
.pr_init = raw_init,
|
|
|
|
.pr_usrreqs = &route_usrreqs
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
};
|
|
|
|
|
2005-11-09 13:29:16 +00:00
|
|
|
static struct domain routedomain = {
|
|
|
|
.dom_family = PF_ROUTE,
|
|
|
|
.dom_name = "route",
|
|
|
|
.dom_protosw = routesw,
|
|
|
|
.dom_protoswNPROTOSW = &routesw[sizeof(routesw)/sizeof(routesw[0])]
|
|
|
|
};
|
1995-05-10 16:48:52 +00:00
|
|
|
|
Introduce and use a sysinit-based initialization scheme for virtual
network stacks, VNET_SYSINIT:
- Add VNET_SYSINIT and VNET_SYSUNINIT macros to declare events that will
occur each time a network stack is instantiated and destroyed. In the
!VIMAGE case, these are simply mapped into regular SYSINIT/SYSUNINIT.
For the VIMAGE case, we instead use SYSINIT's to track their order and
properties on registration, using them for each vnet when created/
destroyed, or immediately on module load for already-started vnets.
- Remove vnet_modinfo mechanism that existed to serve this purpose
previously, as well as its dependency scheme: we now just use the
SYSINIT ordering scheme.
- Implement VNET_DOMAIN_SET() to allow protocol domains to declare that
they want init functions to be called for each virtual network stack
rather than just once at boot, compiling down to DOMAIN_SET() in the
non-VIMAGE case.
- Walk all virtualized kernel subsystems and make use of these instead
of modinfo or DOMAIN_SET() for init/uninit events. In some cases,
convert modular components from using modevent to using sysinit (where
appropriate). In some cases, do minor rejuggling of SYSINIT ordering
to make room for or better manage events.
Portions submitted by: jhb (VNET_SYSINIT), bz (cleanup)
Discussed with: jhb, bz, julian, zec
Reviewed by: bz
Approved by: re (VIMAGE blanket)
2009-07-23 20:46:49 +00:00
|
|
|
VNET_DOMAIN_SET(route);
|