Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed.
Sponsored by: Nginx, Inc.
This commit is contained in:
Gleb Smirnoff
parent
e6abef0918
commit
6df8a71067
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=274225
@ -180,8 +180,8 @@ static SYSCTL_NODE(_net_bpf, OID_AUTO, stats, CTLFLAG_MPSAFE | CTLFLAG_RW,
|
||||
|
||||
static VNET_DEFINE(int, bpf_optimize_writers) = 0;
|
||||
#define V_bpf_optimize_writers VNET(bpf_optimize_writers)
|
||||
SYSCTL_VNET_INT(_net_bpf, OID_AUTO, optimize_writers,
|
||||
CTLFLAG_RW, &VNET_NAME(bpf_optimize_writers), 0,
|
||||
SYSCTL_INT(_net_bpf, OID_AUTO, optimize_writers, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(bpf_optimize_writers), 0,
|
||||
"Do not send packets until BPF program is set");
|
||||
|
||||
static d_open_t bpfopen;
|
||||
|
||||
@ -171,7 +171,7 @@ static VNET_DEFINE(int, flowtable_enable) = 1;
|
||||
|
||||
static SYSCTL_NODE(_net, OID_AUTO, flowtable, CTLFLAG_RD, NULL,
|
||||
"flowtable");
|
||||
SYSCTL_VNET_INT(_net_flowtable, OID_AUTO, enable, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_flowtable, OID_AUTO, enable, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(flowtable_enable), 0, "enable flowtable caching.");
|
||||
SYSCTL_UMA_MAX(_net_flowtable, OID_AUTO, maxflows, CTLFLAG_RW,
|
||||
&flow_zone, "Maximum number of flows allowed");
|
||||
|
||||
@ -406,8 +406,8 @@ SYSCTL_INT(_net_link_bridge, OID_AUTO, inherit_mac,
|
||||
|
||||
static VNET_DEFINE(int, allow_llz_overlap) = 0;
|
||||
#define V_allow_llz_overlap VNET(allow_llz_overlap)
|
||||
SYSCTL_VNET_INT(_net_link_bridge, OID_AUTO, allow_llz_overlap,
|
||||
CTLFLAG_RW | CTLFLAG_VNET, &VNET_NAME(allow_llz_overlap), 0,
|
||||
SYSCTL_INT(_net_link_bridge, OID_AUTO, allow_llz_overlap,
|
||||
CTLFLAG_VNET | CTLFLAG_RW | CTLFLAG_VNET, &VNET_NAME(allow_llz_overlap), 0,
|
||||
"Allow overlap of link-local scope "
|
||||
"zones of a bridge interface and the member interfaces");
|
||||
|
||||
|
||||
@ -149,7 +149,7 @@ static SYSCTL_NODE(_net_link, IFT_GIF, gif, CTLFLAG_RW, 0,
|
||||
#endif
|
||||
static VNET_DEFINE(int, max_gif_nesting) = MAX_GIF_NEST;
|
||||
#define V_max_gif_nesting VNET(max_gif_nesting)
|
||||
SYSCTL_VNET_INT(_net_link_gif, OID_AUTO, max_nesting, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_link_gif, OID_AUTO, max_nesting, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(max_gif_nesting), 0, "Max nested tunnels");
|
||||
|
||||
/*
|
||||
@ -163,8 +163,9 @@ static VNET_DEFINE(int, parallel_tunnels) = 1;
|
||||
static VNET_DEFINE(int, parallel_tunnels) = 0;
|
||||
#endif
|
||||
#define V_parallel_tunnels VNET(parallel_tunnels)
|
||||
SYSCTL_VNET_INT(_net_link_gif, OID_AUTO, parallel_tunnels, CTLFLAG_RW,
|
||||
&VNET_NAME(parallel_tunnels), 0, "Allow parallel tunnels?");
|
||||
SYSCTL_INT(_net_link_gif, OID_AUTO, parallel_tunnels,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(parallel_tunnels), 0,
|
||||
"Allow parallel tunnels?");
|
||||
|
||||
/* copy from src/sys/net/if_ethersubr.c */
|
||||
static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] =
|
||||
|
||||
@ -67,9 +67,9 @@ SYSCTL_DECL(_net_link_generic);
|
||||
static SYSCTL_NODE(_net_link_generic, IFMIB_SYSTEM, system, CTLFLAG_RW, 0,
|
||||
"Variables global to all interfaces");
|
||||
|
||||
SYSCTL_VNET_INT(_net_link_generic_system, IFMIB_IFCOUNT, ifcount, CTLFLAG_RD,
|
||||
&VNET_NAME(if_index), 0,
|
||||
"Number of configured interfaces");
|
||||
SYSCTL_INT(_net_link_generic_system, IFMIB_IFCOUNT, ifcount,
|
||||
CTLFLAG_VNET | CTLFLAG_RD, &VNET_NAME(if_index), 0,
|
||||
"Number of configured interfaces");
|
||||
|
||||
static int
|
||||
sysctl_ifdata(SYSCTL_HANDLER_ARGS) /* XXX bad syntax! */
|
||||
|
||||
@ -119,6 +119,7 @@ vnet_##name##_uninit(const void *unused) \
|
||||
VNET_SYSUNINIT(vnet_ ## name ## _uninit, SI_SUB_PROTO_IFATTACHDOMAIN, \
|
||||
SI_ORDER_ANY, vnet_ ## name ## _uninit, NULL)
|
||||
|
||||
#ifdef SYSCTL_OID
|
||||
#define SYSCTL_VNET_PCPUSTAT(parent, nbr, name, type, array, desc) \
|
||||
static int \
|
||||
array##_sysctl(SYSCTL_HANDLER_ARGS) \
|
||||
@ -132,8 +133,9 @@ array##_sysctl(SYSCTL_HANDLER_ARGS) \
|
||||
sizeof(type) / sizeof(uint64_t)); \
|
||||
return (SYSCTL_OUT(req, &s, sizeof(type))); \
|
||||
} \
|
||||
SYSCTL_VNET_PROC(parent, nbr, name, CTLTYPE_OPAQUE | CTLFLAG_RW, NULL, \
|
||||
0, array ## _sysctl, "I", desc)
|
||||
SYSCTL_PROC(parent, nbr, name, CTLFLAG_VNET | CTLTYPE_OPAQUE | CTLFLAG_RW, \
|
||||
NULL, 0, array ## _sysctl, "I", desc)
|
||||
#endif /* SYSCTL_OID */
|
||||
|
||||
#ifdef VIMAGE
|
||||
#include <sys/lock.h>
|
||||
@ -282,48 +284,6 @@ void *vnet_data_alloc(int size);
|
||||
void vnet_data_copy(void *start, int size);
|
||||
void vnet_data_free(void *start_arg, int size);
|
||||
|
||||
/*
|
||||
* Sysctl variants for vnet-virtualized global variables. Include
|
||||
* <sys/sysctl.h> to expose these definitions.
|
||||
*
|
||||
* Note: SYSCTL_PROC() handler functions will need to resolve pointer
|
||||
* arguments themselves, if required.
|
||||
*/
|
||||
#ifdef SYSCTL_OID
|
||||
#define SYSCTL_VNET_INT(parent, nbr, name, access, ptr, val, descr) \
|
||||
SYSCTL_OID(parent, nbr, name, \
|
||||
CTLTYPE_INT|CTLFLAG_MPSAFE|CTLFLAG_VNET|(access), \
|
||||
ptr, val, sysctl_handle_int, "I", descr)
|
||||
#define SYSCTL_VNET_PROC(parent, nbr, name, access, ptr, arg, handler, \
|
||||
fmt, descr) \
|
||||
CTASSERT(((access) & CTLTYPE) != 0); \
|
||||
SYSCTL_OID(parent, nbr, name, CTLFLAG_VNET|(access), ptr, arg, \
|
||||
handler, fmt, descr)
|
||||
#define SYSCTL_VNET_OPAQUE(parent, nbr, name, access, ptr, len, fmt, \
|
||||
descr) \
|
||||
SYSCTL_OID(parent, nbr, name, \
|
||||
CTLTYPE_OPAQUE|CTLFLAG_VNET|(access), ptr, len, \
|
||||
sysctl_handle_opaque, fmt, descr)
|
||||
#define SYSCTL_VNET_STRING(parent, nbr, name, access, arg, len, descr) \
|
||||
SYSCTL_OID(parent, nbr, name, \
|
||||
CTLTYPE_STRING|CTLFLAG_VNET|(access), \
|
||||
arg, len, sysctl_handle_string, "A", descr)
|
||||
#define SYSCTL_VNET_STRUCT(parent, nbr, name, access, ptr, type, descr) \
|
||||
SYSCTL_OID(parent, nbr, name, \
|
||||
CTLTYPE_OPAQUE|CTLFLAG_VNET|(access), ptr, \
|
||||
sizeof(struct type), sysctl_handle_opaque, "S," #type, \
|
||||
descr)
|
||||
#define SYSCTL_VNET_UINT(parent, nbr, name, access, ptr, val, descr) \
|
||||
SYSCTL_OID(parent, nbr, name, \
|
||||
CTLTYPE_UINT|CTLFLAG_MPSAFE|CTLFLAG_VNET|(access), \
|
||||
ptr, val, sysctl_handle_int, "IU", descr)
|
||||
#define VNET_SYSCTL_ARG(req, arg1) do { \
|
||||
if (arg1 != NULL) \
|
||||
arg1 = (void *)(TD_TO_VNET((req)->td)->vnet_data_base + \
|
||||
(uintptr_t)(arg1)); \
|
||||
} while (0)
|
||||
#endif /* SYSCTL_OID */
|
||||
|
||||
/*
|
||||
* Virtual sysinit mechanism, allowing network stack components to declare
|
||||
* startup and shutdown methods to be run when virtual network stack
|
||||
@ -446,29 +406,6 @@ do { \
|
||||
#define VNET_PTR(n) (&(n))
|
||||
#define VNET(n) (n)
|
||||
|
||||
/*
|
||||
* When VIMAGE isn't compiled into the kernel, virtaulized SYSCTLs simply
|
||||
* become normal SYSCTLs.
|
||||
*/
|
||||
#ifdef SYSCTL_OID
|
||||
#define SYSCTL_VNET_INT(parent, nbr, name, access, ptr, val, descr) \
|
||||
SYSCTL_INT(parent, nbr, name, access, ptr, val, descr)
|
||||
#define SYSCTL_VNET_PROC(parent, nbr, name, access, ptr, arg, handler, \
|
||||
fmt, descr) \
|
||||
SYSCTL_PROC(parent, nbr, name, access, ptr, arg, handler, fmt, \
|
||||
descr)
|
||||
#define SYSCTL_VNET_OPAQUE(parent, nbr, name, access, ptr, len, fmt, \
|
||||
descr) \
|
||||
SYSCTL_OPAQUE(parent, nbr, name, access, ptr, len, fmt, descr)
|
||||
#define SYSCTL_VNET_STRING(parent, nbr, name, access, arg, len, descr) \
|
||||
SYSCTL_STRING(parent, nbr, name, access, arg, len, descr)
|
||||
#define SYSCTL_VNET_STRUCT(parent, nbr, name, access, ptr, type, descr) \
|
||||
SYSCTL_STRUCT(parent, nbr, name, access, ptr, type, descr)
|
||||
#define SYSCTL_VNET_UINT(parent, nbr, name, access, ptr, val, descr) \
|
||||
SYSCTL_UINT(parent, nbr, name, access, ptr, val, descr)
|
||||
#define VNET_SYSCTL_ARG(req, arg1)
|
||||
#endif /* SYSCTL_OID */
|
||||
|
||||
/*
|
||||
* When VIMAGE isn't compiled into the kernel, VNET_SYSINIT/VNET_SYSUNINIT
|
||||
* map into normal sysinits, which have the same ordering properties.
|
||||
|
||||
@ -318,7 +318,8 @@ SYSINIT(cc, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_FIRST, cc_init, NULL);
|
||||
SYSCTL_NODE(_net_inet_tcp, OID_AUTO, cc, CTLFLAG_RW, NULL,
|
||||
"congestion control related settings");
|
||||
|
||||
SYSCTL_VNET_PROC(_net_inet_tcp_cc, OID_AUTO, algorithm, CTLTYPE_STRING|CTLFLAG_RW,
|
||||
SYSCTL_PROC(_net_inet_tcp_cc, OID_AUTO, algorithm,
|
||||
CTLFLAG_VNET | CTLTYPE_STRING | CTLFLAG_RW,
|
||||
NULL, 0, cc_default_algo, "A", "default congestion control algorithm");
|
||||
|
||||
SYSCTL_PROC(_net_inet_tcp_cc, OID_AUTO, available, CTLTYPE_STRING|CTLFLAG_RD,
|
||||
|
||||
@ -659,39 +659,39 @@ SYSCTL_STRING(_net_inet_tcp_cc_cdg, OID_AUTO, version,
|
||||
CTLFLAG_RD, CDG_VERSION, sizeof(CDG_VERSION) - 1,
|
||||
"Current algorithm/implementation version number");
|
||||
|
||||
SYSCTL_VNET_UINT(_net_inet_tcp_cc_cdg, OID_AUTO, alpha_inc,
|
||||
CTLFLAG_RW, &VNET_NAME(cdg_alpha_inc), 0,
|
||||
SYSCTL_UINT(_net_inet_tcp_cc_cdg, OID_AUTO, alpha_inc,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(cdg_alpha_inc), 0,
|
||||
"Increment the window increase factor alpha by 1 MSS segment every "
|
||||
"alpha_inc RTTs during congestion avoidance mode.");
|
||||
|
||||
SYSCTL_VNET_PROC(_net_inet_tcp_cc_cdg, OID_AUTO, beta_delay,
|
||||
CTLTYPE_UINT|CTLFLAG_RW, &VNET_NAME(cdg_beta_delay), 70,
|
||||
SYSCTL_PROC(_net_inet_tcp_cc_cdg, OID_AUTO, beta_delay,
|
||||
CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW, &VNET_NAME(cdg_beta_delay), 70,
|
||||
&cdg_beta_handler, "IU",
|
||||
"Delay-based window decrease factor as a percentage "
|
||||
"(on delay-based backoff, w = w * beta_delay / 100)");
|
||||
|
||||
SYSCTL_VNET_PROC(_net_inet_tcp_cc_cdg, OID_AUTO, beta_loss,
|
||||
CTLTYPE_UINT|CTLFLAG_RW, &VNET_NAME(cdg_beta_loss), 50,
|
||||
SYSCTL_PROC(_net_inet_tcp_cc_cdg, OID_AUTO, beta_loss,
|
||||
CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW, &VNET_NAME(cdg_beta_loss), 50,
|
||||
&cdg_beta_handler, "IU",
|
||||
"Loss-based window decrease factor as a percentage "
|
||||
"(on loss-based backoff, w = w * beta_loss / 100)");
|
||||
|
||||
SYSCTL_VNET_PROC(_net_inet_tcp_cc_cdg, OID_AUTO, exp_backoff_scale,
|
||||
CTLTYPE_UINT|CTLFLAG_RW, &VNET_NAME(cdg_exp_backoff_scale), 2,
|
||||
&cdg_exp_backoff_scale_handler, "IU",
|
||||
SYSCTL_PROC(_net_inet_tcp_cc_cdg, OID_AUTO, exp_backoff_scale,
|
||||
CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW,
|
||||
&VNET_NAME(cdg_exp_backoff_scale), 2, &cdg_exp_backoff_scale_handler, "IU",
|
||||
"Scaling parameter for the probabilistic exponential backoff");
|
||||
|
||||
SYSCTL_VNET_UINT(_net_inet_tcp_cc_cdg, OID_AUTO, smoothing_factor,
|
||||
CTLFLAG_RW, &VNET_NAME(cdg_smoothing_factor), 8,
|
||||
SYSCTL_UINT(_net_inet_tcp_cc_cdg, OID_AUTO, smoothing_factor,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(cdg_smoothing_factor), 8,
|
||||
"Number of samples used for moving average smoothing (0 = no smoothing)");
|
||||
|
||||
SYSCTL_VNET_UINT(_net_inet_tcp_cc_cdg, OID_AUTO, loss_compete_consec_cong,
|
||||
CTLFLAG_RW, &VNET_NAME(cdg_consec_cong), 5,
|
||||
SYSCTL_UINT(_net_inet_tcp_cc_cdg, OID_AUTO, loss_compete_consec_cong,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(cdg_consec_cong), 5,
|
||||
"Number of consecutive delay-gradient based congestion episodes which will "
|
||||
"trigger loss based CC compatibility");
|
||||
|
||||
SYSCTL_VNET_UINT(_net_inet_tcp_cc_cdg, OID_AUTO, loss_compete_hold_backoff,
|
||||
CTLFLAG_RW, &VNET_NAME(cdg_hold_backoff), 5,
|
||||
SYSCTL_UINT(_net_inet_tcp_cc_cdg, OID_AUTO, loss_compete_hold_backoff,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(cdg_hold_backoff), 5,
|
||||
"Number of consecutive delay-gradient based congestion episodes to hold "
|
||||
"the window backoff for loss based CC compatibility");
|
||||
|
||||
|
||||
@ -471,24 +471,27 @@ SYSCTL_DECL(_net_inet_tcp_cc_chd);
|
||||
SYSCTL_NODE(_net_inet_tcp_cc, OID_AUTO, chd, CTLFLAG_RW, NULL,
|
||||
"CAIA Hamilton delay-based congestion control related settings");
|
||||
|
||||
SYSCTL_VNET_PROC(_net_inet_tcp_cc_chd, OID_AUTO, loss_fair,
|
||||
CTLTYPE_UINT|CTLFLAG_RW, &VNET_NAME(chd_loss_fair), 1, &chd_loss_fair_handler,
|
||||
SYSCTL_PROC(_net_inet_tcp_cc_chd, OID_AUTO, loss_fair,
|
||||
CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW,
|
||||
&VNET_NAME(chd_loss_fair), 1, &chd_loss_fair_handler,
|
||||
"IU", "Flag to enable shadow window functionality.");
|
||||
|
||||
SYSCTL_VNET_PROC(_net_inet_tcp_cc_chd, OID_AUTO, pmax,
|
||||
CTLTYPE_UINT|CTLFLAG_RW, &VNET_NAME(chd_pmax), 5, &chd_pmax_handler,
|
||||
SYSCTL_PROC(_net_inet_tcp_cc_chd, OID_AUTO, pmax,
|
||||
CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW,
|
||||
&VNET_NAME(chd_pmax), 5, &chd_pmax_handler,
|
||||
"IU", "Per RTT maximum backoff probability as a percentage");
|
||||
|
||||
SYSCTL_VNET_PROC(_net_inet_tcp_cc_chd, OID_AUTO, queue_threshold,
|
||||
CTLTYPE_UINT|CTLFLAG_RW, &VNET_NAME(chd_qthresh), 20, &chd_qthresh_handler,
|
||||
SYSCTL_PROC(_net_inet_tcp_cc_chd, OID_AUTO, queue_threshold,
|
||||
CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW,
|
||||
&VNET_NAME(chd_qthresh), 20, &chd_qthresh_handler,
|
||||
"IU", "Queueing congestion threshold in ticks");
|
||||
|
||||
SYSCTL_VNET_UINT(_net_inet_tcp_cc_chd, OID_AUTO, queue_min,
|
||||
CTLFLAG_RW, &VNET_NAME(chd_qmin), 5,
|
||||
SYSCTL_UINT(_net_inet_tcp_cc_chd, OID_AUTO, queue_min,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(chd_qmin), 5,
|
||||
"Minimum queueing delay threshold in ticks");
|
||||
|
||||
SYSCTL_VNET_UINT(_net_inet_tcp_cc_chd, OID_AUTO, use_max,
|
||||
CTLFLAG_RW, &VNET_NAME(chd_use_max), 1,
|
||||
SYSCTL_UINT(_net_inet_tcp_cc_chd, OID_AUTO, use_max,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(chd_use_max), 1,
|
||||
"Use the maximum RTT seen within the measurement period (RTT) "
|
||||
"as the basic delay measurement for the algorithm.");
|
||||
|
||||
|
||||
@ -238,17 +238,18 @@ SYSCTL_DECL(_net_inet_tcp_cc_hd);
|
||||
SYSCTL_NODE(_net_inet_tcp_cc, OID_AUTO, hd, CTLFLAG_RW, NULL,
|
||||
"Hamilton delay-based congestion control related settings");
|
||||
|
||||
SYSCTL_VNET_PROC(_net_inet_tcp_cc_hd, OID_AUTO, queue_threshold,
|
||||
CTLTYPE_UINT|CTLFLAG_RW, &VNET_NAME(hd_qthresh), 20, &hd_qthresh_handler,
|
||||
"IU", "queueing congestion threshold (qth) in ticks");
|
||||
SYSCTL_PROC(_net_inet_tcp_cc_hd, OID_AUTO, queue_threshold,
|
||||
CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW, &VNET_NAME(hd_qthresh), 20,
|
||||
&hd_qthresh_handler, "IU", "queueing congestion threshold (qth) in ticks");
|
||||
|
||||
SYSCTL_VNET_PROC(_net_inet_tcp_cc_hd, OID_AUTO, pmax,
|
||||
CTLTYPE_UINT|CTLFLAG_RW, &VNET_NAME(hd_pmax), 5, &hd_pmax_handler,
|
||||
"IU", "per packet maximum backoff probability as a percentage");
|
||||
SYSCTL_PROC(_net_inet_tcp_cc_hd, OID_AUTO, pmax,
|
||||
CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW, &VNET_NAME(hd_pmax), 5,
|
||||
&hd_pmax_handler, "IU",
|
||||
"per packet maximum backoff probability as a percentage");
|
||||
|
||||
SYSCTL_VNET_PROC(_net_inet_tcp_cc_hd, OID_AUTO, queue_min,
|
||||
CTLTYPE_UINT|CTLFLAG_RW, &VNET_NAME(hd_qmin), 5, &hd_qmin_handler,
|
||||
"IU", "minimum queueing delay threshold (qmin) in ticks");
|
||||
SYSCTL_PROC(_net_inet_tcp_cc_hd, OID_AUTO, queue_min,
|
||||
CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW, &VNET_NAME(hd_qmin), 5,
|
||||
&hd_qmin_handler, "IU", "minimum queueing delay threshold (qmin) in ticks");
|
||||
|
||||
DECLARE_CC_MODULE(hd, &hd_cc_algo);
|
||||
MODULE_DEPEND(hd, ertt, 1, 1, 1);
|
||||
|
||||
@ -512,9 +512,11 @@ htcp_ssthresh_update(struct cc_var *ccv)
|
||||
SYSCTL_DECL(_net_inet_tcp_cc_htcp);
|
||||
SYSCTL_NODE(_net_inet_tcp_cc, OID_AUTO, htcp, CTLFLAG_RW,
|
||||
NULL, "H-TCP related settings");
|
||||
SYSCTL_VNET_UINT(_net_inet_tcp_cc_htcp, OID_AUTO, adaptive_backoff, CTLFLAG_RW,
|
||||
&VNET_NAME(htcp_adaptive_backoff), 0, "enable H-TCP adaptive backoff");
|
||||
SYSCTL_VNET_UINT(_net_inet_tcp_cc_htcp, OID_AUTO, rtt_scaling, CTLFLAG_RW,
|
||||
&VNET_NAME(htcp_rtt_scaling), 0, "enable H-TCP RTT scaling");
|
||||
SYSCTL_UINT(_net_inet_tcp_cc_htcp, OID_AUTO, adaptive_backoff,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(htcp_adaptive_backoff), 0,
|
||||
"enable H-TCP adaptive backoff");
|
||||
SYSCTL_UINT(_net_inet_tcp_cc_htcp, OID_AUTO, rtt_scaling,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(htcp_rtt_scaling), 0,
|
||||
"enable H-TCP RTT scaling");
|
||||
|
||||
DECLARE_CC_MODULE(htcp, &htcp_cc_algo);
|
||||
|
||||
@ -295,13 +295,15 @@ SYSCTL_DECL(_net_inet_tcp_cc_vegas);
|
||||
SYSCTL_NODE(_net_inet_tcp_cc, OID_AUTO, vegas, CTLFLAG_RW, NULL,
|
||||
"Vegas related settings");
|
||||
|
||||
SYSCTL_VNET_PROC(_net_inet_tcp_cc_vegas, OID_AUTO, alpha,
|
||||
CTLTYPE_UINT|CTLFLAG_RW, &VNET_NAME(vegas_alpha), 1, &vegas_alpha_handler,
|
||||
"IU", "vegas alpha, specified as number of \"buffers\" (0 < alpha < beta)");
|
||||
SYSCTL_PROC(_net_inet_tcp_cc_vegas, OID_AUTO, alpha,
|
||||
CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW,
|
||||
&VNET_NAME(vegas_alpha), 1, &vegas_alpha_handler, "IU",
|
||||
"vegas alpha, specified as number of \"buffers\" (0 < alpha < beta)");
|
||||
|
||||
SYSCTL_VNET_PROC(_net_inet_tcp_cc_vegas, OID_AUTO, beta,
|
||||
CTLTYPE_UINT|CTLFLAG_RW, &VNET_NAME(vegas_beta), 3, &vegas_beta_handler,
|
||||
"IU", "vegas beta, specified as number of \"buffers\" (0 < alpha < beta)");
|
||||
SYSCTL_PROC(_net_inet_tcp_cc_vegas, OID_AUTO, beta,
|
||||
CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW,
|
||||
&VNET_NAME(vegas_beta), 3, &vegas_beta_handler, "IU",
|
||||
"vegas beta, specified as number of \"buffers\" (0 < alpha < beta)");
|
||||
|
||||
DECLARE_CC_MODULE(vegas, &vegas_cc_algo);
|
||||
MODULE_DEPEND(vegas, ertt, 1, 1, 1);
|
||||
|
||||
@ -103,21 +103,21 @@ static VNET_DEFINE(int, arp_maxhold) = 1;
|
||||
#define V_arp_proxyall VNET(arp_proxyall)
|
||||
#define V_arp_maxhold VNET(arp_maxhold)
|
||||
|
||||
SYSCTL_VNET_INT(_net_link_ether_inet, OID_AUTO, max_age, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_link_ether_inet, OID_AUTO, max_age, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(arpt_keep), 0,
|
||||
"ARP entry lifetime in seconds");
|
||||
SYSCTL_VNET_INT(_net_link_ether_inet, OID_AUTO, maxtries, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_link_ether_inet, OID_AUTO, maxtries, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(arp_maxtries), 0,
|
||||
"ARP resolution attempts before returning error");
|
||||
SYSCTL_VNET_INT(_net_link_ether_inet, OID_AUTO, proxyall, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_link_ether_inet, OID_AUTO, proxyall, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(arp_proxyall), 0,
|
||||
"Enable proxy ARP for all suitable requests");
|
||||
SYSCTL_VNET_INT(_net_link_ether_inet, OID_AUTO, wait, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_link_ether_inet, OID_AUTO, wait, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(arpt_down), 0,
|
||||
"Incomplete ARP entry lifetime in seconds");
|
||||
SYSCTL_VNET_PCPUSTAT(_net_link_ether_arp, OID_AUTO, stats, struct arpstat,
|
||||
arpstat, "ARP statistics (struct arpstat, net/if_arp.h)");
|
||||
SYSCTL_VNET_INT(_net_link_ether_inet, OID_AUTO, maxhold, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_link_ether_inet, OID_AUTO, maxhold, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(arp_maxhold), 0,
|
||||
"Number of packets to hold per ARP entry");
|
||||
|
||||
|
||||
@ -249,32 +249,32 @@ static VNET_DEFINE(int, igmp_default_version) = IGMP_VERSION_3;
|
||||
/*
|
||||
* Virtualized sysctls.
|
||||
*/
|
||||
SYSCTL_VNET_STRUCT(_net_inet_igmp, IGMPCTL_STATS, stats, CTLFLAG_RW,
|
||||
SYSCTL_STRUCT(_net_inet_igmp, IGMPCTL_STATS, stats, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(igmpstat), igmpstat, "");
|
||||
SYSCTL_VNET_INT(_net_inet_igmp, OID_AUTO, recvifkludge, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_igmp, OID_AUTO, recvifkludge, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(igmp_recvifkludge), 0,
|
||||
"Rewrite IGMPv1/v2 reports from 0.0.0.0 to contain subnet address");
|
||||
SYSCTL_VNET_INT(_net_inet_igmp, OID_AUTO, sendra, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_igmp, OID_AUTO, sendra, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(igmp_sendra), 0,
|
||||
"Send IP Router Alert option in IGMPv2/v3 messages");
|
||||
SYSCTL_VNET_INT(_net_inet_igmp, OID_AUTO, sendlocal, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_igmp, OID_AUTO, sendlocal, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(igmp_sendlocal), 0,
|
||||
"Send IGMP membership reports for 224.0.0.0/24 groups");
|
||||
SYSCTL_VNET_INT(_net_inet_igmp, OID_AUTO, v1enable, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_igmp, OID_AUTO, v1enable, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(igmp_v1enable), 0,
|
||||
"Enable backwards compatibility with IGMPv1");
|
||||
SYSCTL_VNET_INT(_net_inet_igmp, OID_AUTO, v2enable, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_igmp, OID_AUTO, v2enable, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(igmp_v2enable), 0,
|
||||
"Enable backwards compatibility with IGMPv2");
|
||||
SYSCTL_VNET_INT(_net_inet_igmp, OID_AUTO, legacysupp, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_igmp, OID_AUTO, legacysupp, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(igmp_legacysupp), 0,
|
||||
"Allow v1/v2 reports to suppress v3 group responses");
|
||||
SYSCTL_VNET_PROC(_net_inet_igmp, OID_AUTO, default_version,
|
||||
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
|
||||
SYSCTL_PROC(_net_inet_igmp, OID_AUTO, default_version,
|
||||
CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
|
||||
&VNET_NAME(igmp_default_version), 0, sysctl_igmp_default_version, "I",
|
||||
"Default version of IGMP to run on each interface");
|
||||
SYSCTL_VNET_PROC(_net_inet_igmp, OID_AUTO, gsrdelay,
|
||||
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
|
||||
SYSCTL_PROC(_net_inet_igmp, OID_AUTO, gsrdelay,
|
||||
CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
|
||||
&VNET_NAME(igmp_gsrdelay.tv_sec), 0, sysctl_igmp_gsr, "I",
|
||||
"Rate limit for IGMPv3 Group-and-Source queries in seconds");
|
||||
|
||||
|
||||
@ -76,7 +76,7 @@ static void in_purgemaddrs(struct ifnet *);
|
||||
|
||||
static VNET_DEFINE(int, nosameprefix);
|
||||
#define V_nosameprefix VNET(nosameprefix)
|
||||
SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, no_same_prefix, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_ip, OID_AUTO, no_same_prefix, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(nosameprefix), 0,
|
||||
"Refuse to create same prefixes on different interfaces");
|
||||
|
||||
|
||||
@ -85,7 +85,7 @@ struct protosw in_gif_protosw = {
|
||||
|
||||
VNET_DEFINE(int, ip_gif_ttl) = GIF_TTL;
|
||||
#define V_ip_gif_ttl VNET(ip_gif_ttl)
|
||||
SYSCTL_VNET_INT(_net_inet_ip, IPCTL_GIF_TTL, gifttl, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_ip, IPCTL_GIF_TTL, gifttl, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(ip_gif_ttl), 0, "");
|
||||
|
||||
int
|
||||
|
||||
@ -164,34 +164,38 @@ sysctl_net_ipport_check(SYSCTL_HANDLER_ARGS)
|
||||
static SYSCTL_NODE(_net_inet_ip, IPPROTO_IP, portrange, CTLFLAG_RW, 0,
|
||||
"IP Ports");
|
||||
|
||||
SYSCTL_VNET_PROC(_net_inet_ip_portrange, OID_AUTO, lowfirst,
|
||||
CTLTYPE_INT|CTLFLAG_RW, &VNET_NAME(ipport_lowfirstauto), 0,
|
||||
&sysctl_net_ipport_check, "I", "");
|
||||
SYSCTL_VNET_PROC(_net_inet_ip_portrange, OID_AUTO, lowlast,
|
||||
CTLTYPE_INT|CTLFLAG_RW, &VNET_NAME(ipport_lowlastauto), 0,
|
||||
&sysctl_net_ipport_check, "I", "");
|
||||
SYSCTL_VNET_PROC(_net_inet_ip_portrange, OID_AUTO, first,
|
||||
CTLTYPE_INT|CTLFLAG_RW, &VNET_NAME(ipport_firstauto), 0,
|
||||
&sysctl_net_ipport_check, "I", "");
|
||||
SYSCTL_VNET_PROC(_net_inet_ip_portrange, OID_AUTO, last,
|
||||
CTLTYPE_INT|CTLFLAG_RW, &VNET_NAME(ipport_lastauto), 0,
|
||||
&sysctl_net_ipport_check, "I", "");
|
||||
SYSCTL_VNET_PROC(_net_inet_ip_portrange, OID_AUTO, hifirst,
|
||||
CTLTYPE_INT|CTLFLAG_RW, &VNET_NAME(ipport_hifirstauto), 0,
|
||||
&sysctl_net_ipport_check, "I", "");
|
||||
SYSCTL_VNET_PROC(_net_inet_ip_portrange, OID_AUTO, hilast,
|
||||
CTLTYPE_INT|CTLFLAG_RW, &VNET_NAME(ipport_hilastauto), 0,
|
||||
&sysctl_net_ipport_check, "I", "");
|
||||
SYSCTL_VNET_INT(_net_inet_ip_portrange, OID_AUTO, reservedhigh,
|
||||
CTLFLAG_RW|CTLFLAG_SECURE, &VNET_NAME(ipport_reservedhigh), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet_ip_portrange, OID_AUTO, reservedlow,
|
||||
SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, lowfirst,
|
||||
CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW,
|
||||
&VNET_NAME(ipport_lowfirstauto), 0, &sysctl_net_ipport_check, "I", "");
|
||||
SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, lowlast,
|
||||
CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW,
|
||||
&VNET_NAME(ipport_lowlastauto), 0, &sysctl_net_ipport_check, "I", "");
|
||||
SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, first,
|
||||
CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW,
|
||||
&VNET_NAME(ipport_firstauto), 0, &sysctl_net_ipport_check, "I", "");
|
||||
SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, last,
|
||||
CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW,
|
||||
&VNET_NAME(ipport_lastauto), 0, &sysctl_net_ipport_check, "I", "");
|
||||
SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, hifirst,
|
||||
CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW,
|
||||
&VNET_NAME(ipport_hifirstauto), 0, &sysctl_net_ipport_check, "I", "");
|
||||
SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, hilast,
|
||||
CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW,
|
||||
&VNET_NAME(ipport_hilastauto), 0, &sysctl_net_ipport_check, "I", "");
|
||||
SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, reservedhigh,
|
||||
CTLFLAG_VNET | CTLFLAG_RW | CTLFLAG_SECURE,
|
||||
&VNET_NAME(ipport_reservedhigh), 0, "");
|
||||
SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, reservedlow,
|
||||
CTLFLAG_RW|CTLFLAG_SECURE, &VNET_NAME(ipport_reservedlow), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet_ip_portrange, OID_AUTO, randomized, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, randomized,
|
||||
CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(ipport_randomized), 0, "Enable random port allocation");
|
||||
SYSCTL_VNET_INT(_net_inet_ip_portrange, OID_AUTO, randomcps, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, randomcps,
|
||||
CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(ipport_randomcps), 0, "Maximum number of random port "
|
||||
"allocations before switching to a sequental one");
|
||||
SYSCTL_VNET_INT(_net_inet_ip_portrange, OID_AUTO, randomtime, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, randomtime,
|
||||
CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(ipport_randomtime), 0,
|
||||
"Minimum time to keep sequental port "
|
||||
"allocation before switching to a random one");
|
||||
|
||||
@ -134,21 +134,21 @@ in_matroute(void *v_arg, struct radix_node_head *head)
|
||||
|
||||
static VNET_DEFINE(int, rtq_reallyold) = 60*60; /* one hour is "really old" */
|
||||
#define V_rtq_reallyold VNET(rtq_reallyold)
|
||||
SYSCTL_VNET_INT(_net_inet_ip, IPCTL_RTEXPIRE, rtexpire, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_ip, IPCTL_RTEXPIRE, rtexpire, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(rtq_reallyold), 0,
|
||||
"Default expiration time on dynamically learned routes");
|
||||
|
||||
/* never automatically crank down to less */
|
||||
static VNET_DEFINE(int, rtq_minreallyold) = 10;
|
||||
#define V_rtq_minreallyold VNET(rtq_minreallyold)
|
||||
SYSCTL_VNET_INT(_net_inet_ip, IPCTL_RTMINEXPIRE, rtminexpire, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_ip, IPCTL_RTMINEXPIRE, rtminexpire, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(rtq_minreallyold), 0,
|
||||
"Minimum time to attempt to hold onto dynamically learned routes");
|
||||
|
||||
/* 128 cached routes is "too many" */
|
||||
static VNET_DEFINE(int, rtq_toomany) = 128;
|
||||
#define V_rtq_toomany VNET(rtq_toomany)
|
||||
SYSCTL_VNET_INT(_net_inet_ip, IPCTL_RTMAXCACHE, rtmaxcache, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_ip, IPCTL_RTMAXCACHE, rtmaxcache, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(rtq_toomany), 0,
|
||||
"Upper limit on dynamically learned routes");
|
||||
|
||||
|
||||
@ -216,18 +216,21 @@ static VNET_DEFINE(int, carp_ifdown_adj) = CARP_MAXSKEW;
|
||||
static int carp_demote_adj_sysctl(SYSCTL_HANDLER_ARGS);
|
||||
|
||||
SYSCTL_NODE(_net_inet, IPPROTO_CARP, carp, CTLFLAG_RW, 0, "CARP");
|
||||
SYSCTL_VNET_INT(_net_inet_carp, OID_AUTO, allow, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_carp, OID_AUTO, allow, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(carp_allow), 0, "Accept incoming CARP packets");
|
||||
SYSCTL_VNET_INT(_net_inet_carp, OID_AUTO, preempt, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_carp, OID_AUTO, preempt, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(carp_preempt), 0, "High-priority backup preemption mode");
|
||||
SYSCTL_VNET_INT(_net_inet_carp, OID_AUTO, log, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_carp, OID_AUTO, log, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(carp_log), 0, "CARP log level");
|
||||
SYSCTL_VNET_PROC(_net_inet_carp, OID_AUTO, demotion, CTLTYPE_INT|CTLFLAG_RW,
|
||||
SYSCTL_PROC(_net_inet_carp, OID_AUTO, demotion,
|
||||
CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW,
|
||||
0, 0, carp_demote_adj_sysctl, "I",
|
||||
"Adjust demotion factor (skew of advskew)");
|
||||
SYSCTL_VNET_INT(_net_inet_carp, OID_AUTO, senderr_demotion_factor, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_carp, OID_AUTO, senderr_demotion_factor,
|
||||
CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(carp_senderr_adj), 0, "Send error demotion factor adjustment");
|
||||
SYSCTL_VNET_INT(_net_inet_carp, OID_AUTO, ifdown_demotion_factor, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_carp, OID_AUTO, ifdown_demotion_factor,
|
||||
CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(carp_ifdown_adj), 0,
|
||||
"Interface down demotion factor adjustment");
|
||||
|
||||
|
||||
@ -111,7 +111,7 @@ __FBSDID("$FreeBSD$");
|
||||
static VNET_DEFINE(int, ipfastforward_active);
|
||||
#define V_ipfastforward_active VNET(ipfastforward_active)
|
||||
|
||||
SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, fastforwarding, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_ip, OID_AUTO, fastforwarding, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(ipfastforward_active), 0, "Enable fast IP forwarding");
|
||||
|
||||
static struct sockaddr_in *
|
||||
|
||||
@ -82,13 +82,13 @@ __FBSDID("$FreeBSD$");
|
||||
*/
|
||||
static VNET_DEFINE(int, icmplim) = 200;
|
||||
#define V_icmplim VNET(icmplim)
|
||||
SYSCTL_VNET_INT(_net_inet_icmp, ICMPCTL_ICMPLIM, icmplim, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_icmp, ICMPCTL_ICMPLIM, icmplim, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(icmplim), 0,
|
||||
"Maximum number of ICMP responses per second");
|
||||
|
||||
static VNET_DEFINE(int, icmplim_output) = 1;
|
||||
#define V_icmplim_output VNET(icmplim_output)
|
||||
SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, icmplim_output, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_icmp, OID_AUTO, icmplim_output, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(icmplim_output), 0,
|
||||
"Enable logging of ICMP response rate limiting");
|
||||
|
||||
@ -104,13 +104,13 @@ VNET_PCPUSTAT_SYSUNINIT(icmpstat);
|
||||
|
||||
static VNET_DEFINE(int, icmpmaskrepl) = 0;
|
||||
#define V_icmpmaskrepl VNET(icmpmaskrepl)
|
||||
SYSCTL_VNET_INT(_net_inet_icmp, ICMPCTL_MASKREPL, maskrepl, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_icmp, ICMPCTL_MASKREPL, maskrepl, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(icmpmaskrepl), 0,
|
||||
"Reply to ICMP Address Mask Request packets.");
|
||||
|
||||
static VNET_DEFINE(u_int, icmpmaskfake) = 0;
|
||||
#define V_icmpmaskfake VNET(icmpmaskfake)
|
||||
SYSCTL_VNET_UINT(_net_inet_icmp, OID_AUTO, maskfake, CTLFLAG_RW,
|
||||
SYSCTL_UINT(_net_inet_icmp, OID_AUTO, maskfake, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(icmpmaskfake), 0,
|
||||
"Fake reply to ICMP Address Mask Request packets.");
|
||||
|
||||
@ -118,25 +118,25 @@ VNET_DEFINE(int, drop_redirect) = 0;
|
||||
|
||||
static VNET_DEFINE(int, log_redirect) = 0;
|
||||
#define V_log_redirect VNET(log_redirect)
|
||||
SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, log_redirect, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_icmp, OID_AUTO, log_redirect, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(log_redirect), 0,
|
||||
"Log ICMP redirects to the console");
|
||||
|
||||
static VNET_DEFINE(char, reply_src[IFNAMSIZ]);
|
||||
#define V_reply_src VNET(reply_src)
|
||||
SYSCTL_VNET_STRING(_net_inet_icmp, OID_AUTO, reply_src, CTLFLAG_RW,
|
||||
SYSCTL_STRING(_net_inet_icmp, OID_AUTO, reply_src, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(reply_src), IFNAMSIZ,
|
||||
"icmp reply source for non-local packets.");
|
||||
|
||||
static VNET_DEFINE(int, icmp_rfi) = 0;
|
||||
#define V_icmp_rfi VNET(icmp_rfi)
|
||||
SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, reply_from_interface, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_icmp, OID_AUTO, reply_from_interface, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(icmp_rfi), 0,
|
||||
"ICMP reply from incoming interface for non-local packets");
|
||||
|
||||
static VNET_DEFINE(int, icmp_quotelen) = 8;
|
||||
#define V_icmp_quotelen VNET(icmp_quotelen)
|
||||
SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, quotelen, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_icmp, OID_AUTO, quotelen, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(icmp_quotelen), 0,
|
||||
"Number of bytes from original packet to quote in ICMP reply");
|
||||
|
||||
@ -145,7 +145,7 @@ SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, quotelen, CTLFLAG_RW,
|
||||
*/
|
||||
static VNET_DEFINE(int, icmpbmcastecho) = 0;
|
||||
#define V_icmpbmcastecho VNET(icmpbmcastecho)
|
||||
SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, bmcastecho, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_icmp, OID_AUTO, bmcastecho, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(icmpbmcastecho), 0,
|
||||
"");
|
||||
|
||||
@ -192,8 +192,8 @@ sysctl_net_icmp_drop_redir(SYSCTL_HANDLER_ARGS)
|
||||
return (error);
|
||||
}
|
||||
|
||||
SYSCTL_VNET_PROC(_net_inet_icmp, OID_AUTO, drop_redirect,
|
||||
CTLTYPE_INT|CTLFLAG_RW, 0, 0,
|
||||
SYSCTL_PROC(_net_inet_icmp, OID_AUTO, drop_redirect,
|
||||
CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW, 0, 0,
|
||||
sysctl_net_icmp_drop_redir, "I", "Ignore ICMP redirects");
|
||||
|
||||
/*
|
||||
|
||||
@ -94,30 +94,30 @@ RW_SYSINIT(in_ifaddr_lock, &in_ifaddr_lock, "in_ifaddr_lock");
|
||||
VNET_DEFINE(int, rsvp_on);
|
||||
|
||||
VNET_DEFINE(int, ipforwarding);
|
||||
SYSCTL_VNET_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(ipforwarding), 0,
|
||||
"Enable IP forwarding between interfaces");
|
||||
|
||||
static VNET_DEFINE(int, ipsendredirects) = 1; /* XXX */
|
||||
#define V_ipsendredirects VNET(ipsendredirects)
|
||||
SYSCTL_VNET_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(ipsendredirects), 0,
|
||||
"Enable sending IP redirects");
|
||||
|
||||
static VNET_DEFINE(int, ip_keepfaith);
|
||||
#define V_ip_keepfaith VNET(ip_keepfaith)
|
||||
SYSCTL_VNET_INT(_net_inet_ip, IPCTL_KEEPFAITH, keepfaith, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_ip, IPCTL_KEEPFAITH, keepfaith, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(ip_keepfaith), 0,
|
||||
"Enable packet capture for FAITH IPv4->IPv6 translater daemon");
|
||||
|
||||
static VNET_DEFINE(int, ip_sendsourcequench);
|
||||
#define V_ip_sendsourcequench VNET(ip_sendsourcequench)
|
||||
SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, sendsourcequench, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_ip, OID_AUTO, sendsourcequench, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(ip_sendsourcequench), 0,
|
||||
"Enable the transmission of source quench packets");
|
||||
|
||||
VNET_DEFINE(int, ip_do_randomid);
|
||||
SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, random_id, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_ip, OID_AUTO, random_id, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(ip_do_randomid), 0,
|
||||
"Assign random ip_id values");
|
||||
|
||||
@ -136,7 +136,7 @@ SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, random_id, CTLFLAG_RW,
|
||||
*/
|
||||
static VNET_DEFINE(int, ip_checkinterface);
|
||||
#define V_ip_checkinterface VNET(ip_checkinterface)
|
||||
SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, check_interface, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_ip, OID_AUTO, check_interface, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(ip_checkinterface), 0,
|
||||
"Verify packet arrives on correct interface");
|
||||
|
||||
@ -200,13 +200,13 @@ static VNET_DEFINE(int, maxnipq); /* Administrative limit on # reass queues. */
|
||||
static VNET_DEFINE(int, nipq); /* Total # of reass queues */
|
||||
#define V_maxnipq VNET(maxnipq)
|
||||
#define V_nipq VNET(nipq)
|
||||
SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, fragpackets, CTLFLAG_RD,
|
||||
SYSCTL_INT(_net_inet_ip, OID_AUTO, fragpackets, CTLFLAG_VNET | CTLFLAG_RD,
|
||||
&VNET_NAME(nipq), 0,
|
||||
"Current number of IPv4 fragment reassembly queue entries");
|
||||
|
||||
static VNET_DEFINE(int, maxfragsperpacket);
|
||||
#define V_maxfragsperpacket VNET(maxfragsperpacket)
|
||||
SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, maxfragsperpacket, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_ip, OID_AUTO, maxfragsperpacket, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(maxfragsperpacket), 0,
|
||||
"Maximum number of IPv4 fragments allowed per packet");
|
||||
|
||||
@ -217,7 +217,7 @@ SYSCTL_INT(_net_inet_ip, IPCTL_DEFMTU, mtu, CTLFLAG_RW,
|
||||
|
||||
#ifdef IPSTEALTH
|
||||
VNET_DEFINE(int, ipstealth);
|
||||
SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, stealth, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_ip, OID_AUTO, stealth, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(ipstealth), 0,
|
||||
"IP stealth mode, no TTL decrementation on forwarding");
|
||||
#endif
|
||||
|
||||
@ -77,8 +77,8 @@ static VNET_DEFINE(int, ip4_ipsec_filtertunnel) = 0;
|
||||
#define V_ip4_ipsec_filtertunnel VNET(ip4_ipsec_filtertunnel)
|
||||
|
||||
SYSCTL_DECL(_net_inet_ipsec);
|
||||
SYSCTL_VNET_INT(_net_inet_ipsec, OID_AUTO, filtertunnel,
|
||||
CTLFLAG_RW, &VNET_NAME(ip4_ipsec_filtertunnel), 0,
|
||||
SYSCTL_INT(_net_inet_ipsec, OID_AUTO, filtertunnel,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip4_ipsec_filtertunnel), 0,
|
||||
"If set filter packets from an IPsec tunnel.");
|
||||
|
||||
/*
|
||||
|
||||
@ -178,7 +178,7 @@ static VNET_DEFINE(vifi_t, numvifs);
|
||||
#define V_numvifs VNET(numvifs)
|
||||
static VNET_DEFINE(struct vif, viftable[MAXVIFS]);
|
||||
#define V_viftable VNET(viftable)
|
||||
SYSCTL_VNET_OPAQUE(_net_inet_ip, OID_AUTO, viftable, CTLFLAG_RD,
|
||||
SYSCTL_OPAQUE(_net_inet_ip, OID_AUTO, viftable, CTLFLAG_VNET | CTLFLAG_RD,
|
||||
&VNET_NAME(viftable), sizeof(V_viftable), "S,vif[MAXVIFS]",
|
||||
"IPv4 Multicast Interfaces (struct vif[MAXVIFS], netinet/ip_mroute.h)");
|
||||
|
||||
|
||||
@ -78,7 +78,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <security/mac/mac_framework.h>
|
||||
|
||||
VNET_DEFINE(int, ip_defttl) = IPDEFTTL;
|
||||
SYSCTL_VNET_INT(_net_inet_ip, IPCTL_DEFTTL, ttl, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_ip, IPCTL_DEFTTL, ttl, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(ip_defttl), 0,
|
||||
"Maximum TTL on IP packets");
|
||||
|
||||
|
||||
@ -122,31 +122,31 @@ static void tcp_hc_purge(void *);
|
||||
static SYSCTL_NODE(_net_inet_tcp, OID_AUTO, hostcache, CTLFLAG_RW, 0,
|
||||
"TCP Host cache");
|
||||
|
||||
SYSCTL_VNET_UINT(_net_inet_tcp_hostcache, OID_AUTO, cachelimit, CTLFLAG_RDTUN,
|
||||
SYSCTL_UINT(_net_inet_tcp_hostcache, OID_AUTO, cachelimit, CTLFLAG_VNET | CTLFLAG_RDTUN,
|
||||
&VNET_NAME(tcp_hostcache.cache_limit), 0,
|
||||
"Overall entry limit for hostcache");
|
||||
|
||||
SYSCTL_VNET_UINT(_net_inet_tcp_hostcache, OID_AUTO, hashsize, CTLFLAG_RDTUN,
|
||||
SYSCTL_UINT(_net_inet_tcp_hostcache, OID_AUTO, hashsize, CTLFLAG_VNET | CTLFLAG_RDTUN,
|
||||
&VNET_NAME(tcp_hostcache.hashsize), 0,
|
||||
"Size of TCP hostcache hashtable");
|
||||
|
||||
SYSCTL_VNET_UINT(_net_inet_tcp_hostcache, OID_AUTO, bucketlimit,
|
||||
CTLFLAG_RDTUN, &VNET_NAME(tcp_hostcache.bucket_limit), 0,
|
||||
SYSCTL_UINT(_net_inet_tcp_hostcache, OID_AUTO, bucketlimit,
|
||||
CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(tcp_hostcache.bucket_limit), 0,
|
||||
"Per-bucket hash limit for hostcache");
|
||||
|
||||
SYSCTL_VNET_UINT(_net_inet_tcp_hostcache, OID_AUTO, count, CTLFLAG_RD,
|
||||
SYSCTL_UINT(_net_inet_tcp_hostcache, OID_AUTO, count, CTLFLAG_VNET | CTLFLAG_RD,
|
||||
&VNET_NAME(tcp_hostcache.cache_count), 0,
|
||||
"Current number of entries in hostcache");
|
||||
|
||||
SYSCTL_VNET_INT(_net_inet_tcp_hostcache, OID_AUTO, expire, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp_hostcache, OID_AUTO, expire, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_hostcache.expire), 0,
|
||||
"Expire time of TCP hostcache entries");
|
||||
|
||||
SYSCTL_VNET_INT(_net_inet_tcp_hostcache, OID_AUTO, prune, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp_hostcache, OID_AUTO, prune, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_hostcache.prune), 0,
|
||||
"Time between purge runs");
|
||||
|
||||
SYSCTL_VNET_INT(_net_inet_tcp_hostcache, OID_AUTO, purge, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp_hostcache, OID_AUTO, purge, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_hostcache.purgeall), 0,
|
||||
"Expire all entires on next purge run");
|
||||
|
||||
|
||||
@ -130,29 +130,29 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_in_vain, CTLFLAG_RW,
|
||||
|
||||
VNET_DEFINE(int, blackhole) = 0;
|
||||
#define V_blackhole VNET(blackhole)
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, blackhole, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, blackhole, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(blackhole), 0,
|
||||
"Do not send RST on segments to closed ports");
|
||||
|
||||
VNET_DEFINE(int, tcp_delack_enabled) = 1;
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, delayed_ack, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, delayed_ack, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_delack_enabled), 0,
|
||||
"Delay ACK to try and piggyback it onto a data packet");
|
||||
|
||||
VNET_DEFINE(int, drop_synfin) = 0;
|
||||
#define V_drop_synfin VNET(drop_synfin)
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, drop_synfin, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, drop_synfin, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(drop_synfin), 0,
|
||||
"Drop TCP packets with SYN+FIN set");
|
||||
|
||||
VNET_DEFINE(int, tcp_do_rfc3042) = 1;
|
||||
#define V_tcp_do_rfc3042 VNET(tcp_do_rfc3042)
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, rfc3042, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, rfc3042, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_do_rfc3042), 0,
|
||||
"Enable RFC 3042 (Limited Transmit)");
|
||||
|
||||
VNET_DEFINE(int, tcp_do_rfc3390) = 1;
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, rfc3390, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, rfc3390, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_do_rfc3390), 0,
|
||||
"Enable RFC 3390 (Increasing TCP's Initial Congestion Window)");
|
||||
|
||||
@ -160,64 +160,64 @@ SYSCTL_NODE(_net_inet_tcp, OID_AUTO, experimental, CTLFLAG_RW, 0,
|
||||
"Experimental TCP extensions");
|
||||
|
||||
VNET_DEFINE(int, tcp_do_initcwnd10) = 1;
|
||||
SYSCTL_VNET_INT(_net_inet_tcp_experimental, OID_AUTO, initcwnd10, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp_experimental, OID_AUTO, initcwnd10, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_do_initcwnd10), 0,
|
||||
"Enable RFC 6928 (Increasing initial CWND to 10)");
|
||||
|
||||
VNET_DEFINE(int, tcp_do_rfc3465) = 1;
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, rfc3465, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, rfc3465, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_do_rfc3465), 0,
|
||||
"Enable RFC 3465 (Appropriate Byte Counting)");
|
||||
|
||||
VNET_DEFINE(int, tcp_abc_l_var) = 2;
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, abc_l_var, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, abc_l_var, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_abc_l_var), 2,
|
||||
"Cap the max cwnd increment during slow-start to this number of segments");
|
||||
|
||||
static SYSCTL_NODE(_net_inet_tcp, OID_AUTO, ecn, CTLFLAG_RW, 0, "TCP ECN");
|
||||
|
||||
VNET_DEFINE(int, tcp_do_ecn) = 0;
|
||||
SYSCTL_VNET_INT(_net_inet_tcp_ecn, OID_AUTO, enable, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp_ecn, OID_AUTO, enable, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_do_ecn), 0,
|
||||
"TCP ECN support");
|
||||
|
||||
VNET_DEFINE(int, tcp_ecn_maxretries) = 1;
|
||||
SYSCTL_VNET_INT(_net_inet_tcp_ecn, OID_AUTO, maxretries, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp_ecn, OID_AUTO, maxretries, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_ecn_maxretries), 0,
|
||||
"Max retries before giving up on ECN");
|
||||
|
||||
VNET_DEFINE(int, tcp_insecure_syn) = 0;
|
||||
#define V_tcp_insecure_syn VNET(tcp_insecure_syn)
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, insecure_syn, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, insecure_syn, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_insecure_syn), 0,
|
||||
"Follow RFC793 instead of RFC5961 criteria for accepting SYN packets");
|
||||
|
||||
VNET_DEFINE(int, tcp_insecure_rst) = 0;
|
||||
#define V_tcp_insecure_rst VNET(tcp_insecure_rst)
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, insecure_rst, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, insecure_rst, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_insecure_rst), 0,
|
||||
"Follow RFC793 instead of RFC5961 criteria for accepting RST packets");
|
||||
|
||||
VNET_DEFINE(int, tcp_recvspace) = 1024*64;
|
||||
#define V_tcp_recvspace VNET(tcp_recvspace)
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, TCPCTL_RECVSPACE, recvspace, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, TCPCTL_RECVSPACE, recvspace, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_recvspace), 0, "Initial receive socket buffer size");
|
||||
|
||||
VNET_DEFINE(int, tcp_do_autorcvbuf) = 1;
|
||||
#define V_tcp_do_autorcvbuf VNET(tcp_do_autorcvbuf)
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, recvbuf_auto, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, recvbuf_auto, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_do_autorcvbuf), 0,
|
||||
"Enable automatic receive buffer sizing");
|
||||
|
||||
VNET_DEFINE(int, tcp_autorcvbuf_inc) = 16*1024;
|
||||
#define V_tcp_autorcvbuf_inc VNET(tcp_autorcvbuf_inc)
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, recvbuf_inc, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, recvbuf_inc, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_autorcvbuf_inc), 0,
|
||||
"Incrementor step size of automatic receive buffer");
|
||||
|
||||
VNET_DEFINE(int, tcp_autorcvbuf_max) = 2*1024*1024;
|
||||
#define V_tcp_autorcvbuf_max VNET(tcp_autorcvbuf_max)
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, recvbuf_max, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, recvbuf_max, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_autorcvbuf_max), 0,
|
||||
"Max size of automatic receive buffer");
|
||||
|
||||
|
||||
@ -90,36 +90,36 @@ __FBSDID("$FreeBSD$");
|
||||
#include <security/mac/mac_framework.h>
|
||||
|
||||
VNET_DEFINE(int, path_mtu_discovery) = 1;
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, path_mtu_discovery, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, path_mtu_discovery, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(path_mtu_discovery), 1,
|
||||
"Enable Path MTU Discovery");
|
||||
|
||||
VNET_DEFINE(int, tcp_do_tso) = 1;
|
||||
#define V_tcp_do_tso VNET(tcp_do_tso)
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, tso, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, tso, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_do_tso), 0,
|
||||
"Enable TCP Segmentation Offload");
|
||||
|
||||
VNET_DEFINE(int, tcp_sendspace) = 1024*32;
|
||||
#define V_tcp_sendspace VNET(tcp_sendspace)
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, TCPCTL_SENDSPACE, sendspace, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, TCPCTL_SENDSPACE, sendspace, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_sendspace), 0, "Initial send socket buffer size");
|
||||
|
||||
VNET_DEFINE(int, tcp_do_autosndbuf) = 1;
|
||||
#define V_tcp_do_autosndbuf VNET(tcp_do_autosndbuf)
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, sendbuf_auto, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, sendbuf_auto, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_do_autosndbuf), 0,
|
||||
"Enable automatic send buffer sizing");
|
||||
|
||||
VNET_DEFINE(int, tcp_autosndbuf_inc) = 8*1024;
|
||||
#define V_tcp_autosndbuf_inc VNET(tcp_autosndbuf_inc)
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, sendbuf_inc, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, sendbuf_inc, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_autosndbuf_inc), 0,
|
||||
"Incrementor step size of automatic send buffer");
|
||||
|
||||
VNET_DEFINE(int, tcp_autosndbuf_max) = 2*1024*1024;
|
||||
#define V_tcp_autosndbuf_max VNET(tcp_autosndbuf_max)
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, sendbuf_max, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, sendbuf_max, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_autosndbuf_max), 0,
|
||||
"Max size of automatic send buffer");
|
||||
|
||||
|
||||
@ -129,24 +129,24 @@ VNET_DECLARE(struct uma_zone *, sack_hole_zone);
|
||||
SYSCTL_NODE(_net_inet_tcp, OID_AUTO, sack, CTLFLAG_RW, 0, "TCP SACK");
|
||||
VNET_DEFINE(int, tcp_do_sack) = 1;
|
||||
#define V_tcp_do_sack VNET(tcp_do_sack)
|
||||
SYSCTL_VNET_INT(_net_inet_tcp_sack, OID_AUTO, enable, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, enable, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_do_sack), 0, "Enable/Disable TCP SACK support");
|
||||
|
||||
VNET_DEFINE(int, tcp_sack_maxholes) = 128;
|
||||
#define V_tcp_sack_maxholes VNET(tcp_sack_maxholes)
|
||||
SYSCTL_VNET_INT(_net_inet_tcp_sack, OID_AUTO, maxholes, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, maxholes, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_sack_maxholes), 0,
|
||||
"Maximum number of TCP SACK holes allowed per connection");
|
||||
|
||||
VNET_DEFINE(int, tcp_sack_globalmaxholes) = 65536;
|
||||
#define V_tcp_sack_globalmaxholes VNET(tcp_sack_globalmaxholes)
|
||||
SYSCTL_VNET_INT(_net_inet_tcp_sack, OID_AUTO, globalmaxholes, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, globalmaxholes, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_sack_globalmaxholes), 0,
|
||||
"Global maximum number of TCP SACK holes");
|
||||
|
||||
VNET_DEFINE(int, tcp_sack_globalholes) = 0;
|
||||
#define V_tcp_sack_globalholes VNET(tcp_sack_globalholes)
|
||||
SYSCTL_VNET_INT(_net_inet_tcp_sack, OID_AUTO, globalholes, CTLFLAG_RD,
|
||||
SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, globalholes, CTLFLAG_VNET | CTLFLAG_RD,
|
||||
&VNET_NAME(tcp_sack_globalholes), 0,
|
||||
"Global number of TCP SACK holes currently allocated");
|
||||
|
||||
|
||||
@ -138,8 +138,8 @@ sysctl_net_inet_tcp_mss_check(SYSCTL_HANDLER_ARGS)
|
||||
return (error);
|
||||
}
|
||||
|
||||
SYSCTL_VNET_PROC(_net_inet_tcp, TCPCTL_MSSDFLT, mssdflt,
|
||||
CTLTYPE_INT|CTLFLAG_RW, &VNET_NAME(tcp_mssdflt), 0,
|
||||
SYSCTL_PROC(_net_inet_tcp, TCPCTL_MSSDFLT, mssdflt,
|
||||
CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW, &VNET_NAME(tcp_mssdflt), 0,
|
||||
&sysctl_net_inet_tcp_mss_check, "I",
|
||||
"Default TCP Maximum Segment Size");
|
||||
|
||||
@ -160,8 +160,8 @@ sysctl_net_inet_tcp_mss_v6_check(SYSCTL_HANDLER_ARGS)
|
||||
return (error);
|
||||
}
|
||||
|
||||
SYSCTL_VNET_PROC(_net_inet_tcp, TCPCTL_V6MSSDFLT, v6mssdflt,
|
||||
CTLTYPE_INT|CTLFLAG_RW, &VNET_NAME(tcp_v6mssdflt), 0,
|
||||
SYSCTL_PROC(_net_inet_tcp, TCPCTL_V6MSSDFLT, v6mssdflt,
|
||||
CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW, &VNET_NAME(tcp_v6mssdflt), 0,
|
||||
&sysctl_net_inet_tcp_mss_v6_check, "I",
|
||||
"Default TCP Maximum Segment Size for IPv6");
|
||||
#endif /* INET6 */
|
||||
@ -175,12 +175,12 @@ SYSCTL_VNET_PROC(_net_inet_tcp, TCPCTL_V6MSSDFLT, v6mssdflt,
|
||||
* checking. This setting prevents us from sending too small packets.
|
||||
*/
|
||||
VNET_DEFINE(int, tcp_minmss) = TCP_MINMSS;
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, minmss, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, minmss, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_minmss), 0,
|
||||
"Minimum TCP Maximum Segment Size");
|
||||
|
||||
VNET_DEFINE(int, tcp_do_rfc1323) = 1;
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_do_rfc1323), 0,
|
||||
"Enable rfc1323 (high performance TCP) extensions");
|
||||
|
||||
@ -196,18 +196,18 @@ static int do_tcpdrain = 1;
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, do_tcpdrain, CTLFLAG_RW, &do_tcpdrain, 0,
|
||||
"Enable tcp_drain routine for extra help when low on mbufs");
|
||||
|
||||
SYSCTL_VNET_UINT(_net_inet_tcp, OID_AUTO, pcbcount, CTLFLAG_RD,
|
||||
SYSCTL_UINT(_net_inet_tcp, OID_AUTO, pcbcount, CTLFLAG_VNET | CTLFLAG_RD,
|
||||
&VNET_NAME(tcbinfo.ipi_count), 0, "Number of active PCBs");
|
||||
|
||||
static VNET_DEFINE(int, icmp_may_rst) = 1;
|
||||
#define V_icmp_may_rst VNET(icmp_may_rst)
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, icmp_may_rst, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, icmp_may_rst, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(icmp_may_rst), 0,
|
||||
"Certain ICMP unreachable messages may abort connections in SYN_SENT");
|
||||
|
||||
static VNET_DEFINE(int, tcp_isn_reseed_interval) = 0;
|
||||
#define V_tcp_isn_reseed_interval VNET(tcp_isn_reseed_interval)
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, isn_reseed_interval, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, isn_reseed_interval, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_isn_reseed_interval), 0,
|
||||
"Seconds between reseeding of ISN secret");
|
||||
|
||||
@ -2316,8 +2316,8 @@ sysctl_drop(SYSCTL_HANDLER_ARGS)
|
||||
return (error);
|
||||
}
|
||||
|
||||
SYSCTL_VNET_PROC(_net_inet_tcp, TCPCTL_DROP, drop,
|
||||
CTLTYPE_STRUCT|CTLFLAG_WR|CTLFLAG_SKIP, NULL,
|
||||
SYSCTL_PROC(_net_inet_tcp, TCPCTL_DROP, drop,
|
||||
CTLFLAG_VNET | CTLTYPE_STRUCT | CTLFLAG_WR | CTLFLAG_SKIP, NULL,
|
||||
0, sysctl_drop, "", "Drop TCP connection");
|
||||
|
||||
/*
|
||||
|
||||
@ -105,13 +105,13 @@ __FBSDID("$FreeBSD$");
|
||||
|
||||
static VNET_DEFINE(int, tcp_syncookies) = 1;
|
||||
#define V_tcp_syncookies VNET(tcp_syncookies)
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, syncookies, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, syncookies, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_syncookies), 0,
|
||||
"Use TCP SYN cookies if the syncache overflows");
|
||||
|
||||
static VNET_DEFINE(int, tcp_syncookiesonly) = 0;
|
||||
#define V_tcp_syncookiesonly VNET(tcp_syncookiesonly)
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, syncookies_only, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, syncookies_only, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_syncookiesonly), 0,
|
||||
"Use only TCP SYN cookies");
|
||||
|
||||
@ -160,28 +160,28 @@ static VNET_DEFINE(struct tcp_syncache, tcp_syncache);
|
||||
static SYSCTL_NODE(_net_inet_tcp, OID_AUTO, syncache, CTLFLAG_RW, 0,
|
||||
"TCP SYN cache");
|
||||
|
||||
SYSCTL_VNET_UINT(_net_inet_tcp_syncache, OID_AUTO, bucketlimit, CTLFLAG_RDTUN,
|
||||
SYSCTL_UINT(_net_inet_tcp_syncache, OID_AUTO, bucketlimit, CTLFLAG_VNET | CTLFLAG_RDTUN,
|
||||
&VNET_NAME(tcp_syncache.bucket_limit), 0,
|
||||
"Per-bucket hash limit for syncache");
|
||||
|
||||
SYSCTL_VNET_UINT(_net_inet_tcp_syncache, OID_AUTO, cachelimit, CTLFLAG_RDTUN,
|
||||
SYSCTL_UINT(_net_inet_tcp_syncache, OID_AUTO, cachelimit, CTLFLAG_VNET | CTLFLAG_RDTUN,
|
||||
&VNET_NAME(tcp_syncache.cache_limit), 0,
|
||||
"Overall entry limit for syncache");
|
||||
|
||||
SYSCTL_UMA_CUR(_net_inet_tcp_syncache, OID_AUTO, count, CTLFLAG_VNET,
|
||||
&VNET_NAME(tcp_syncache.zone), "Current number of entries in syncache");
|
||||
|
||||
SYSCTL_VNET_UINT(_net_inet_tcp_syncache, OID_AUTO, hashsize, CTLFLAG_RDTUN,
|
||||
SYSCTL_UINT(_net_inet_tcp_syncache, OID_AUTO, hashsize, CTLFLAG_VNET | CTLFLAG_RDTUN,
|
||||
&VNET_NAME(tcp_syncache.hashsize), 0,
|
||||
"Size of TCP syncache hashtable");
|
||||
|
||||
SYSCTL_VNET_UINT(_net_inet_tcp_syncache, OID_AUTO, rexmtlimit, CTLFLAG_RW,
|
||||
SYSCTL_UINT(_net_inet_tcp_syncache, OID_AUTO, rexmtlimit, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(tcp_syncache.rexmt_limit), 0,
|
||||
"Limit on SYN/ACK retransmissions");
|
||||
|
||||
VNET_DEFINE(int, tcp_sc_rst_sock_fail) = 1;
|
||||
SYSCTL_VNET_INT(_net_inet_tcp_syncache, OID_AUTO, rst_on_sock_fail,
|
||||
CTLFLAG_RW, &VNET_NAME(tcp_sc_rst_sock_fail), 0,
|
||||
SYSCTL_INT(_net_inet_tcp_syncache, OID_AUTO, rst_on_sock_fail,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(tcp_sc_rst_sock_fail), 0,
|
||||
"Send reset on socket allocation failure");
|
||||
|
||||
static MALLOC_DEFINE(M_SYNCACHE, "syncache", "TCP syncache");
|
||||
|
||||
@ -169,7 +169,7 @@ SYSCTL_PROC(_net_inet_tcp, OID_AUTO, maxtcptw, CTLTYPE_INT|CTLFLAG_RW,
|
||||
|
||||
VNET_DEFINE(int, nolocaltimewait) = 0;
|
||||
#define V_nolocaltimewait VNET(nolocaltimewait)
|
||||
SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, nolocaltimewait, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_tcp, OID_AUTO, nolocaltimewait, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(nolocaltimewait), 0,
|
||||
"Do not create compressed TCP TIME_WAIT entries for local connections");
|
||||
|
||||
|
||||
@ -114,7 +114,7 @@ __FBSDID("$FreeBSD$");
|
||||
* cause problems (especially for NFS data blocks).
|
||||
*/
|
||||
VNET_DEFINE(int, udp_cksum) = 1;
|
||||
SYSCTL_VNET_INT(_net_inet_udp, UDPCTL_CHECKSUM, checksum, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_udp, UDPCTL_CHECKSUM, checksum, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(udp_cksum), 0, "compute udp checksum");
|
||||
|
||||
int udp_log_in_vain = 0;
|
||||
@ -122,7 +122,7 @@ SYSCTL_INT(_net_inet_udp, OID_AUTO, log_in_vain, CTLFLAG_RW,
|
||||
&udp_log_in_vain, 0, "Log all incoming UDP packets");
|
||||
|
||||
VNET_DEFINE(int, udp_blackhole) = 0;
|
||||
SYSCTL_VNET_INT(_net_inet_udp, OID_AUTO, blackhole, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet_udp, OID_AUTO, blackhole, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(udp_blackhole), 0,
|
||||
"Do not send port unreachables for refused connects");
|
||||
|
||||
|
||||
@ -78,7 +78,7 @@ VNET_DEFINE(int, ip6_gif_hlim) = GIF_HLIM;
|
||||
#define V_ip6_gif_hlim VNET(ip6_gif_hlim)
|
||||
|
||||
SYSCTL_DECL(_net_inet6_ip6);
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_GIF_HLIM, gifhlim, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_GIF_HLIM, gifhlim, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(ip6_gif_hlim), 0, "");
|
||||
|
||||
static int gif_validate6(const struct ip6_hdr *, struct gif_softc *,
|
||||
|
||||
@ -505,112 +505,115 @@ sysctl_ip6_tempvltime(SYSCTL_HANDLER_ARGS)
|
||||
return (error);
|
||||
}
|
||||
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_FORWARDING, forwarding, CTLFLAG_RW,
|
||||
&VNET_NAME(ip6_forwarding), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_SENDREDIRECTS, redirect, CTLFLAG_RW,
|
||||
&VNET_NAME(ip6_sendredirects), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_DEFHLIM, hlim, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_FORWARDING, forwarding,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_forwarding), 0, "");
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_SENDREDIRECTS, redirect,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_sendredirects), 0, "");
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFHLIM, hlim, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(ip6_defhlim), 0, "");
|
||||
SYSCTL_VNET_PCPUSTAT(_net_inet6_ip6, IPV6CTL_STATS, stats, struct ip6stat,
|
||||
ip6stat, "IP6 statistics (struct ip6stat, netinet6/ip6_var.h)");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGPACKETS, maxfragpackets,
|
||||
CTLFLAG_RW, &VNET_NAME(ip6_maxfragpackets), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_ACCEPT_RTADV, accept_rtadv,
|
||||
CTLFLAG_RW, &VNET_NAME(ip6_accept_rtadv), 0,
|
||||
ip6stat, "IP6 statistics (struct ip6stat, netinet6/ip6_var.h)");
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGPACKETS, maxfragpackets,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_maxfragpackets), 0, "");
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_ACCEPT_RTADV, accept_rtadv,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_accept_rtadv), 0,
|
||||
"Default value of per-interface flag for accepting ICMPv6 Router"
|
||||
"Advertisement messages");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_NO_RADR, no_radr,
|
||||
CTLFLAG_RW, &VNET_NAME(ip6_no_radr), 0,
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_NO_RADR, no_radr,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_no_radr), 0,
|
||||
"Default value of per-interface flag to control whether routers "
|
||||
"sending ICMPv6 RA messages on that interface are added into the "
|
||||
"default router list.");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_NORBIT_RAIF, norbit_raif, CTLFLAG_RW,
|
||||
&VNET_NAME(ip6_norbit_raif), 0,
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_NORBIT_RAIF, norbit_raif,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_norbit_raif), 0,
|
||||
"Always set 0 to R flag in ICMPv6 NA messages when accepting RA"
|
||||
" on the interface.");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_RFC6204W3, rfc6204w3,
|
||||
CTLFLAG_RW, &VNET_NAME(ip6_rfc6204w3), 0,
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RFC6204W3, rfc6204w3,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_rfc6204w3), 0,
|
||||
"Accept the default router list from ICMPv6 RA messages even "
|
||||
"when packet forwarding enabled.");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_KEEPFAITH, keepfaith, CTLFLAG_RW,
|
||||
&VNET_NAME(ip6_keepfaith), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_LOG_INTERVAL, log_interval,
|
||||
CTLFLAG_RW, &VNET_NAME(ip6_log_interval), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_HDRNESTLIMIT, hdrnestlimit,
|
||||
CTLFLAG_RW, &VNET_NAME(ip6_hdrnestlimit), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_DAD_COUNT, dad_count, CTLFLAG_RW,
|
||||
&VNET_NAME(ip6_dad_count), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_AUTO_FLOWLABEL, auto_flowlabel,
|
||||
CTLFLAG_RW, &VNET_NAME(ip6_auto_flowlabel), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_DEFMCASTHLIM, defmcasthlim,
|
||||
CTLFLAG_RW, &VNET_NAME(ip6_defmcasthlim), 0, "");
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_KEEPFAITH, keepfaith,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_keepfaith), 0, "");
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_LOG_INTERVAL, log_interval,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_log_interval), 0, "");
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_HDRNESTLIMIT, hdrnestlimit,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_hdrnestlimit), 0, "");
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DAD_COUNT, dad_count,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_dad_count), 0, "");
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_FLOWLABEL, auto_flowlabel,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_auto_flowlabel), 0, "");
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFMCASTHLIM, defmcasthlim,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_defmcasthlim), 0, "");
|
||||
SYSCTL_STRING(_net_inet6_ip6, IPV6CTL_KAME_VERSION, kame_version,
|
||||
CTLFLAG_RD, __KAME_VERSION, 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_USE_DEPRECATED, use_deprecated,
|
||||
CTLFLAG_RW, &VNET_NAME(ip6_use_deprecated), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_RR_PRUNE, rr_prune, CTLFLAG_RW,
|
||||
&VNET_NAME(ip6_rr_prune), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_USETEMPADDR, use_tempaddr,
|
||||
CTLFLAG_RW, &VNET_NAME(ip6_use_tempaddr), 0, "");
|
||||
SYSCTL_VNET_PROC(_net_inet6_ip6, IPV6CTL_TEMPPLTIME, temppltime,
|
||||
CTLTYPE_INT|CTLFLAG_RW, &VNET_NAME(ip6_temp_preferred_lifetime), 0,
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USE_DEPRECATED, use_deprecated,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_use_deprecated), 0, "");
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RR_PRUNE, rr_prune,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_rr_prune), 0, "");
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USETEMPADDR, use_tempaddr,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_use_tempaddr), 0, "");
|
||||
SYSCTL_PROC(_net_inet6_ip6, IPV6CTL_TEMPPLTIME, temppltime,
|
||||
CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW,
|
||||
&VNET_NAME(ip6_temp_preferred_lifetime), 0,
|
||||
sysctl_ip6_temppltime, "I", "");
|
||||
SYSCTL_VNET_PROC(_net_inet6_ip6, IPV6CTL_TEMPVLTIME, tempvltime,
|
||||
CTLTYPE_INT|CTLFLAG_RW, &VNET_NAME(ip6_temp_valid_lifetime), 0,
|
||||
SYSCTL_PROC(_net_inet6_ip6, IPV6CTL_TEMPVLTIME, tempvltime,
|
||||
CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW,
|
||||
&VNET_NAME(ip6_temp_valid_lifetime), 0,
|
||||
sysctl_ip6_tempvltime, "I", "");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_V6ONLY, v6only, CTLFLAG_RW,
|
||||
&VNET_NAME(ip6_v6only), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_AUTO_LINKLOCAL, auto_linklocal,
|
||||
CTLFLAG_RW, &VNET_NAME(ip6_auto_linklocal), 0,
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_V6ONLY, v6only,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_v6only), 0, "");
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_LINKLOCAL, auto_linklocal,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_auto_linklocal), 0,
|
||||
"Default value of per-interface flag for automatically adding an IPv6"
|
||||
" link-local address to interfaces when attached");
|
||||
SYSCTL_VNET_PCPUSTAT(_net_inet6_ip6, IPV6CTL_RIP6STATS, rip6stats,
|
||||
struct rip6stat, rip6stat,
|
||||
"Raw IP6 statistics (struct rip6stat, netinet6/raw_ip6.h)");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_PREFER_TEMPADDR, prefer_tempaddr,
|
||||
CTLFLAG_RW, &VNET_NAME(ip6_prefer_tempaddr), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_USE_DEFAULTZONE, use_defaultzone,
|
||||
CTLFLAG_RW, &VNET_NAME(ip6_use_defzone), 0,"");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGS, maxfrags, CTLFLAG_RW,
|
||||
&VNET_NAME(ip6_maxfrags), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_MCAST_PMTU, mcast_pmtu, CTLFLAG_RW,
|
||||
&VNET_NAME(ip6_mcast_pmtu), 0, "");
|
||||
struct rip6stat, rip6stat,
|
||||
"Raw IP6 statistics (struct rip6stat, netinet6/raw_ip6.h)");
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_PREFER_TEMPADDR, prefer_tempaddr,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_prefer_tempaddr), 0, "");
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USE_DEFAULTZONE, use_defaultzone,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_use_defzone), 0,"");
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGS, maxfrags,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_maxfrags), 0, "");
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MCAST_PMTU, mcast_pmtu,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_mcast_pmtu), 0, "");
|
||||
#ifdef IPSTEALTH
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_STEALTH, stealth, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_STEALTH, stealth, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(ip6stealth), 0, "");
|
||||
#endif
|
||||
|
||||
/* net.inet6.icmp6 */
|
||||
SYSCTL_VNET_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT, rediraccept,
|
||||
CTLFLAG_RW, &VNET_NAME(icmp6_rediraccept), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRTIMEOUT, redirtimeout,
|
||||
CTLFLAG_RW, &VNET_NAME(icmp6_redirtimeout), 0, "");
|
||||
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT, rediraccept,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(icmp6_rediraccept), 0, "");
|
||||
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRTIMEOUT, redirtimeout,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(icmp6_redirtimeout), 0, "");
|
||||
SYSCTL_VNET_PCPUSTAT(_net_inet6_icmp6, ICMPV6CTL_STATS, stats,
|
||||
struct icmp6stat, icmp6stat,
|
||||
"ICMPv6 statistics (struct icmp6stat, netinet/icmp6.h)");
|
||||
SYSCTL_VNET_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_PRUNE, nd6_prune, CTLFLAG_RW,
|
||||
&VNET_NAME(nd6_prune), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DELAY, nd6_delay, CTLFLAG_RW,
|
||||
&VNET_NAME(nd6_delay), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_UMAXTRIES, nd6_umaxtries,
|
||||
CTLFLAG_RW, &VNET_NAME(nd6_umaxtries), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MMAXTRIES, nd6_mmaxtries,
|
||||
CTLFLAG_RW, &VNET_NAME(nd6_mmaxtries), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_USELOOPBACK, nd6_useloopback,
|
||||
CTLFLAG_RW, &VNET_NAME(nd6_useloopback), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO, nodeinfo, CTLFLAG_RW,
|
||||
&VNET_NAME(icmp6_nodeinfo), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO_OLDMCPREFIX,
|
||||
nodeinfo_oldmcprefix, CTLFLAG_RW,
|
||||
struct icmp6stat, icmp6stat,
|
||||
"ICMPv6 statistics (struct icmp6stat, netinet/icmp6.h)");
|
||||
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_PRUNE, nd6_prune,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_prune), 0, "");
|
||||
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DELAY, nd6_delay,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_delay), 0, "");
|
||||
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_UMAXTRIES, nd6_umaxtries,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_umaxtries), 0, "");
|
||||
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MMAXTRIES, nd6_mmaxtries,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_mmaxtries), 0, "");
|
||||
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_USELOOPBACK, nd6_useloopback,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_useloopback), 0, "");
|
||||
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO, nodeinfo,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(icmp6_nodeinfo), 0, "");
|
||||
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO_OLDMCPREFIX,
|
||||
nodeinfo_oldmcprefix, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(icmp6_nodeinfo_oldmcprefix), 0,
|
||||
"Join old IPv6 NI group address in draft-ietf-ipngwg-icmp-name-lookup"
|
||||
" for compatibility with KAME implememtation.");
|
||||
SYSCTL_VNET_INT(_net_inet6_icmp6, ICMPV6CTL_ERRPPSLIMIT, errppslimit,
|
||||
CTLFLAG_RW, &VNET_NAME(icmp6errppslim), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXNUDHINT, nd6_maxnudhint,
|
||||
CTLFLAG_RW, &VNET_NAME(nd6_maxnudhint), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG, nd6_debug, CTLFLAG_RW,
|
||||
&VNET_NAME(nd6_debug), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861,
|
||||
nd6_onlink_ns_rfc4861, CTLFLAG_RW, &VNET_NAME(nd6_onlink_ns_rfc4861),
|
||||
0, "Accept 'on-link' nd6 NS in compliance with RFC 4861.");
|
||||
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ERRPPSLIMIT, errppslimit,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(icmp6errppslim), 0, "");
|
||||
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXNUDHINT, nd6_maxnudhint,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_maxnudhint), 0, "");
|
||||
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG, nd6_debug,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_debug), 0, "");
|
||||
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861,
|
||||
nd6_onlink_ns_rfc4861, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(nd6_onlink_ns_rfc4861), 0,
|
||||
"Accept 'on-link' nd6 NS in compliance with RFC 4861.");
|
||||
|
||||
@ -184,7 +184,7 @@ SYSCTL_DECL(_net_inet6_ip6);
|
||||
static VNET_DEFINE(int, rtq_toomany6) = 128;
|
||||
/* 128 cached routes is ``too many'' */
|
||||
#define V_rtq_toomany6 VNET(rtq_toomany6)
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_RTMAXCACHE, rtmaxcache, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RTMAXCACHE, rtmaxcache, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(rtq_toomany6) , 0, "");
|
||||
|
||||
struct rtqk_arg {
|
||||
|
||||
@ -90,8 +90,8 @@ static VNET_DEFINE(int, ip6_ipsec6_filtertunnel) = 0;
|
||||
#define V_ip6_ipsec6_filtertunnel VNET(ip6_ipsec6_filtertunnel)
|
||||
|
||||
SYSCTL_DECL(_net_inet6_ipsec6);
|
||||
SYSCTL_VNET_INT(_net_inet6_ipsec6, OID_AUTO,
|
||||
filtertunnel, CTLFLAG_RW, &VNET_NAME(ip6_ipsec6_filtertunnel), 0,
|
||||
SYSCTL_INT(_net_inet6_ipsec6, OID_AUTO, filtertunnel,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_ipsec6_filtertunnel), 0,
|
||||
"If set filter packets from an IPsec tunnel.");
|
||||
#endif /* IPSEC */
|
||||
#endif /* INET6 */
|
||||
|
||||
@ -225,8 +225,8 @@ SYSCTL_NODE(_net_inet6, OID_AUTO, mld, CTLFLAG_RW, 0,
|
||||
/*
|
||||
* Virtualized sysctls.
|
||||
*/
|
||||
SYSCTL_VNET_PROC(_net_inet6_mld, OID_AUTO, gsrdelay,
|
||||
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
|
||||
SYSCTL_PROC(_net_inet6_mld, OID_AUTO, gsrdelay,
|
||||
CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
|
||||
&VNET_NAME(mld_gsrdelay.tv_sec), 0, sysctl_mld_gsr, "I",
|
||||
"Rate limit for MLDv2 Group-and-Source queries in seconds");
|
||||
|
||||
|
||||
@ -2366,10 +2366,10 @@ SYSCTL_NODE(_net_inet6_icmp6, ICMPV6CTL_ND6_DRLIST, nd6_drlist,
|
||||
CTLFLAG_RD, nd6_sysctl_drlist, "");
|
||||
SYSCTL_NODE(_net_inet6_icmp6, ICMPV6CTL_ND6_PRLIST, nd6_prlist,
|
||||
CTLFLAG_RD, nd6_sysctl_prlist, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXQLEN, nd6_maxqueuelen,
|
||||
CTLFLAG_RW, &VNET_NAME(nd6_maxqueuelen), 1, "");
|
||||
SYSCTL_VNET_INT(_net_inet6_icmp6, OID_AUTO, nd6_gctimer,
|
||||
CTLFLAG_RW, &VNET_NAME(nd6_gctimer), (60 * 60 * 24), "");
|
||||
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXQLEN, nd6_maxqueuelen,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_maxqueuelen), 1, "");
|
||||
SYSCTL_INT(_net_inet6_icmp6, OID_AUTO, nd6_gctimer,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_gctimer), (60 * 60 * 24), "");
|
||||
|
||||
static int
|
||||
nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS)
|
||||
|
||||
@ -60,7 +60,7 @@ VNET_DEFINE(int, ip6_use_defzone) = 0;
|
||||
#endif
|
||||
VNET_DEFINE(int, deembed_scopeid) = 1;
|
||||
SYSCTL_DECL(_net_inet6_ip6);
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6, OID_AUTO, deembed_scopeid, CTLFLAG_RW,
|
||||
SYSCTL_INT(_net_inet6_ip6, OID_AUTO, deembed_scopeid, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(deembed_scopeid), 0,
|
||||
"Extract embedded zone ID and set it to sin6_scope_id in sockaddr_in6.");
|
||||
|
||||
|
||||
@ -141,38 +141,38 @@ FEATURE(ipsec_natt, "UDP Encapsulation of IPsec ESP Packets ('NAT-T')");
|
||||
SYSCTL_DECL(_net_inet_ipsec);
|
||||
|
||||
/* net.inet.ipsec */
|
||||
SYSCTL_VNET_INT(_net_inet_ipsec, IPSECCTL_DEF_POLICY, def_policy,
|
||||
CTLFLAG_RW, &VNET_NAME(ip4_def_policy).policy, 0,
|
||||
SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_POLICY, def_policy,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip4_def_policy).policy, 0,
|
||||
"IPsec default policy.");
|
||||
SYSCTL_VNET_INT(_net_inet_ipsec, IPSECCTL_DEF_ESP_TRANSLEV, esp_trans_deflev,
|
||||
CTLFLAG_RW, &VNET_NAME(ip4_esp_trans_deflev), 0,
|
||||
SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_ESP_TRANSLEV, esp_trans_deflev,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip4_esp_trans_deflev), 0,
|
||||
"Default ESP transport mode level");
|
||||
SYSCTL_VNET_INT(_net_inet_ipsec, IPSECCTL_DEF_ESP_NETLEV, esp_net_deflev,
|
||||
CTLFLAG_RW, &VNET_NAME(ip4_esp_net_deflev), 0,
|
||||
SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_ESP_NETLEV, esp_net_deflev,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip4_esp_net_deflev), 0,
|
||||
"Default ESP tunnel mode level.");
|
||||
SYSCTL_VNET_INT(_net_inet_ipsec, IPSECCTL_DEF_AH_TRANSLEV, ah_trans_deflev,
|
||||
CTLFLAG_RW, &VNET_NAME(ip4_ah_trans_deflev), 0,
|
||||
SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_AH_TRANSLEV, ah_trans_deflev,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip4_ah_trans_deflev), 0,
|
||||
"AH transfer mode default level.");
|
||||
SYSCTL_VNET_INT(_net_inet_ipsec, IPSECCTL_DEF_AH_NETLEV, ah_net_deflev,
|
||||
CTLFLAG_RW, &VNET_NAME(ip4_ah_net_deflev), 0,
|
||||
SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_AH_NETLEV, ah_net_deflev,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip4_ah_net_deflev), 0,
|
||||
"AH tunnel mode default level.");
|
||||
SYSCTL_VNET_INT(_net_inet_ipsec, IPSECCTL_AH_CLEARTOS, ah_cleartos,
|
||||
CTLFLAG_RW, &VNET_NAME(ah_cleartos), 0,
|
||||
SYSCTL_INT(_net_inet_ipsec, IPSECCTL_AH_CLEARTOS, ah_cleartos,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ah_cleartos), 0,
|
||||
"If set clear type-of-service field when doing AH computation.");
|
||||
SYSCTL_VNET_INT(_net_inet_ipsec, IPSECCTL_AH_OFFSETMASK, ah_offsetmask,
|
||||
CTLFLAG_RW, &VNET_NAME(ip4_ah_offsetmask), 0,
|
||||
SYSCTL_INT(_net_inet_ipsec, IPSECCTL_AH_OFFSETMASK, ah_offsetmask,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip4_ah_offsetmask), 0,
|
||||
"If not set clear offset field mask when doing AH computation.");
|
||||
SYSCTL_VNET_INT(_net_inet_ipsec, IPSECCTL_DFBIT, dfbit,
|
||||
CTLFLAG_RW, &VNET_NAME(ip4_ipsec_dfbit), 0,
|
||||
SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DFBIT, dfbit,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip4_ipsec_dfbit), 0,
|
||||
"Do not fragment bit on encap.");
|
||||
SYSCTL_VNET_INT(_net_inet_ipsec, IPSECCTL_ECN, ecn,
|
||||
CTLFLAG_RW, &VNET_NAME(ip4_ipsec_ecn), 0,
|
||||
SYSCTL_INT(_net_inet_ipsec, IPSECCTL_ECN, ecn,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip4_ipsec_ecn), 0,
|
||||
"Explicit Congestion Notification handling.");
|
||||
SYSCTL_VNET_INT(_net_inet_ipsec, IPSECCTL_DEBUG, debug,
|
||||
CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0,
|
||||
SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG, debug,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0,
|
||||
"Enable IPsec debugging output when set.");
|
||||
SYSCTL_VNET_INT(_net_inet_ipsec, OID_AUTO, crypto_support,
|
||||
CTLFLAG_RW, &VNET_NAME(crypto_support), 0,
|
||||
SYSCTL_INT(_net_inet_ipsec, OID_AUTO, crypto_support,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(crypto_support), 0,
|
||||
"Crypto driver selection.");
|
||||
SYSCTL_VNET_PCPUSTAT(_net_inet_ipsec, OID_AUTO, ipsecstats, struct ipsecstat,
|
||||
ipsec4stat, "IPsec IPv4 statistics.");
|
||||
@ -183,16 +183,16 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_ipsec, OID_AUTO, ipsecstats, struct ipsecstat,
|
||||
* This allows to verify if the other side has proper replay attacks detection.
|
||||
*/
|
||||
VNET_DEFINE(int, ipsec_replay) = 0;
|
||||
SYSCTL_VNET_INT(_net_inet_ipsec, OID_AUTO, test_replay,
|
||||
CTLFLAG_RW, &VNET_NAME(ipsec_replay), 0,
|
||||
SYSCTL_INT(_net_inet_ipsec, OID_AUTO, test_replay,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_replay), 0,
|
||||
"Emulate replay attack");
|
||||
/*
|
||||
* When set 1, IPsec will send packets with corrupted HMAC.
|
||||
* This allows to verify if the other side properly detects modified packets.
|
||||
*/
|
||||
VNET_DEFINE(int, ipsec_integrity) = 0;
|
||||
SYSCTL_VNET_INT(_net_inet_ipsec, OID_AUTO, test_integrity,
|
||||
CTLFLAG_RW, &VNET_NAME(ipsec_integrity), 0,
|
||||
SYSCTL_INT(_net_inet_ipsec, OID_AUTO, test_integrity,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_integrity), 0,
|
||||
"Emulate man-in-the-middle attack");
|
||||
#endif
|
||||
|
||||
@ -213,26 +213,26 @@ VNET_DEFINE(int, ip6_ipsec_ecn) = 0; /* ECN ignore(-1)/forbidden(0)/allowed(1) *
|
||||
SYSCTL_DECL(_net_inet6_ipsec6);
|
||||
|
||||
/* net.inet6.ipsec6 */
|
||||
SYSCTL_VNET_INT(_net_inet6_ipsec6, IPSECCTL_DEF_POLICY, def_policy, CTLFLAG_RW,
|
||||
&VNET_NAME(ip4_def_policy).policy, 0,
|
||||
SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_POLICY, def_policy,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip4_def_policy).policy, 0,
|
||||
"IPsec default policy.");
|
||||
SYSCTL_VNET_INT(_net_inet6_ipsec6, IPSECCTL_DEF_ESP_TRANSLEV,
|
||||
esp_trans_deflev, CTLFLAG_RW, &VNET_NAME(ip6_esp_trans_deflev), 0,
|
||||
SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_ESP_TRANSLEV, esp_trans_deflev,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_esp_trans_deflev), 0,
|
||||
"Default ESP transport mode level.");
|
||||
SYSCTL_VNET_INT(_net_inet6_ipsec6, IPSECCTL_DEF_ESP_NETLEV,
|
||||
esp_net_deflev, CTLFLAG_RW, &VNET_NAME(ip6_esp_net_deflev), 0,
|
||||
SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_ESP_NETLEV, esp_net_deflev,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_esp_net_deflev), 0,
|
||||
"Default ESP tunnel mode level.");
|
||||
SYSCTL_VNET_INT(_net_inet6_ipsec6, IPSECCTL_DEF_AH_TRANSLEV,
|
||||
ah_trans_deflev, CTLFLAG_RW, &VNET_NAME(ip6_ah_trans_deflev), 0,
|
||||
SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_AH_TRANSLEV, ah_trans_deflev,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_ah_trans_deflev), 0,
|
||||
"AH transfer mode default level.");
|
||||
SYSCTL_VNET_INT(_net_inet6_ipsec6, IPSECCTL_DEF_AH_NETLEV,
|
||||
ah_net_deflev, CTLFLAG_RW, &VNET_NAME(ip6_ah_net_deflev), 0,
|
||||
SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_AH_NETLEV, ah_net_deflev,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_ah_net_deflev), 0,
|
||||
"AH tunnel mode default level.");
|
||||
SYSCTL_VNET_INT(_net_inet6_ipsec6, IPSECCTL_ECN,
|
||||
ecn, CTLFLAG_RW, &VNET_NAME(ip6_ipsec_ecn), 0,
|
||||
SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_ECN, ecn,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_ipsec_ecn), 0,
|
||||
"Explicit Congestion Notification handling.");
|
||||
SYSCTL_VNET_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG, debug, CTLFLAG_RW,
|
||||
&VNET_NAME(ipsec_debug), 0,
|
||||
SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG, debug,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0,
|
||||
"Enable IPsec debugging output when set.");
|
||||
SYSCTL_VNET_PCPUSTAT(_net_inet6_ipsec6, IPSECCTL_STATS, ipsecstats,
|
||||
struct ipsecstat, ipsec6stat, "IPsec IPv6 statistics.");
|
||||
|
||||
@ -282,52 +282,52 @@ static VNET_DEFINE(int, ipsec_ah_keymin) = 128;
|
||||
SYSCTL_DECL(_net_key);
|
||||
#endif
|
||||
|
||||
SYSCTL_VNET_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug,
|
||||
CTLFLAG_RW, &VNET_NAME(key_debug_level), 0, "");
|
||||
SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_debug_level), 0, "");
|
||||
|
||||
/* max count of trial for the decision of spi value */
|
||||
SYSCTL_VNET_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt,
|
||||
CTLFLAG_RW, &VNET_NAME(key_spi_trycnt), 0, "");
|
||||
SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_trycnt), 0, "");
|
||||
|
||||
/* minimum spi value to allocate automatically. */
|
||||
SYSCTL_VNET_INT(_net_key, KEYCTL_SPI_MIN_VALUE,
|
||||
spi_minval, CTLFLAG_RW, &VNET_NAME(key_spi_minval), 0, "");
|
||||
SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_minval), 0, "");
|
||||
|
||||
/* maximun spi value to allocate automatically. */
|
||||
SYSCTL_VNET_INT(_net_key, KEYCTL_SPI_MAX_VALUE,
|
||||
spi_maxval, CTLFLAG_RW, &VNET_NAME(key_spi_maxval), 0, "");
|
||||
SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_maxval), 0, "");
|
||||
|
||||
/* interval to initialize randseed */
|
||||
SYSCTL_VNET_INT(_net_key, KEYCTL_RANDOM_INT,
|
||||
int_random, CTLFLAG_RW, &VNET_NAME(key_int_random), 0, "");
|
||||
SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_int_random), 0, "");
|
||||
|
||||
/* lifetime for larval SA */
|
||||
SYSCTL_VNET_INT(_net_key, KEYCTL_LARVAL_LIFETIME,
|
||||
larval_lifetime, CTLFLAG_RW, &VNET_NAME(key_larval_lifetime), 0, "");
|
||||
SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_larval_lifetime), 0, "");
|
||||
|
||||
/* counter for blocking to send SADB_ACQUIRE to IKEd */
|
||||
SYSCTL_VNET_INT(_net_key, KEYCTL_BLOCKACQ_COUNT,
|
||||
blockacq_count, CTLFLAG_RW, &VNET_NAME(key_blockacq_count), 0, "");
|
||||
SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_count), 0, "");
|
||||
|
||||
/* lifetime for blocking to send SADB_ACQUIRE to IKEd */
|
||||
SYSCTL_VNET_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME,
|
||||
blockacq_lifetime, CTLFLAG_RW, &VNET_NAME(key_blockacq_lifetime), 0, "");
|
||||
SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_lifetime), 0, "");
|
||||
|
||||
/* ESP auth */
|
||||
SYSCTL_VNET_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth,
|
||||
CTLFLAG_RW, &VNET_NAME(ipsec_esp_auth), 0, "");
|
||||
SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_auth), 0, "");
|
||||
|
||||
/* minimum ESP key length */
|
||||
SYSCTL_VNET_INT(_net_key, KEYCTL_ESP_KEYMIN,
|
||||
esp_keymin, CTLFLAG_RW, &VNET_NAME(ipsec_esp_keymin), 0, "");
|
||||
SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_keymin), 0, "");
|
||||
|
||||
/* minimum AH key length */
|
||||
SYSCTL_VNET_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin,
|
||||
CTLFLAG_RW, &VNET_NAME(ipsec_ah_keymin), 0, "");
|
||||
SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_ah_keymin), 0, "");
|
||||
|
||||
/* perfered old SA rather than new SA */
|
||||
SYSCTL_VNET_INT(_net_key, KEYCTL_PREFERED_OLDSA,
|
||||
preferred_oldsa, CTLFLAG_RW, &VNET_NAME(key_preferred_oldsa), 0, "");
|
||||
SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_preferred_oldsa), 0, "");
|
||||
|
||||
#define __LIST_CHAINED(elm) \
|
||||
(!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
|
||||
|
||||
@ -100,10 +100,10 @@ VNET_PCPUSTAT_SYSUNINIT(ahstat);
|
||||
|
||||
#ifdef INET
|
||||
SYSCTL_DECL(_net_inet_ah);
|
||||
SYSCTL_VNET_INT(_net_inet_ah, OID_AUTO,
|
||||
ah_enable, CTLFLAG_RW, &VNET_NAME(ah_enable), 0, "");
|
||||
SYSCTL_VNET_INT(_net_inet_ah, OID_AUTO,
|
||||
ah_cleartos, CTLFLAG_RW, &VNET_NAME(ah_cleartos), 0, "");
|
||||
SYSCTL_INT(_net_inet_ah, OID_AUTO, ah_enable,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ah_enable), 0, "");
|
||||
SYSCTL_INT(_net_inet_ah, OID_AUTO, ah_cleartos,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ah_cleartos), 0, "");
|
||||
SYSCTL_VNET_PCPUSTAT(_net_inet_ah, IPSECCTL_STATS, stats, struct ahstat,
|
||||
ahstat, "AH statistics (struct ahstat, netipsec/ah_var.h)");
|
||||
#endif
|
||||
|
||||
@ -87,8 +87,8 @@ VNET_PCPUSTAT_SYSUNINIT(espstat);
|
||||
#endif /* VIMAGE */
|
||||
|
||||
SYSCTL_DECL(_net_inet_esp);
|
||||
SYSCTL_VNET_INT(_net_inet_esp, OID_AUTO,
|
||||
esp_enable, CTLFLAG_RW, &VNET_NAME(esp_enable), 0, "");
|
||||
SYSCTL_INT(_net_inet_esp, OID_AUTO, esp_enable,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(esp_enable), 0, "");
|
||||
SYSCTL_VNET_PCPUSTAT(_net_inet_esp, IPSECCTL_STATS, stats,
|
||||
struct espstat, espstat,
|
||||
"ESP statistics (struct espstat, netipsec/esp_var.h");
|
||||
|
||||
@ -78,8 +78,8 @@ VNET_PCPUSTAT_SYSUNINIT(ipcompstat);
|
||||
#endif /* VIMAGE */
|
||||
|
||||
SYSCTL_DECL(_net_inet_ipcomp);
|
||||
SYSCTL_VNET_INT(_net_inet_ipcomp, OID_AUTO,
|
||||
ipcomp_enable, CTLFLAG_RW, &VNET_NAME(ipcomp_enable), 0, "");
|
||||
SYSCTL_INT(_net_inet_ipcomp, OID_AUTO, ipcomp_enable,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipcomp_enable), 0, "");
|
||||
SYSCTL_VNET_PCPUSTAT(_net_inet_ipcomp, IPSECCTL_STATS, stats,
|
||||
struct ipcompstat, ipcompstat,
|
||||
"IPCOMP statistics (struct ipcompstat, netipsec/ipcomp_var.h");
|
||||
|
||||
@ -97,8 +97,8 @@ VNET_PCPUSTAT_SYSUNINIT(ipipstat);
|
||||
#endif /* VIMAGE */
|
||||
|
||||
SYSCTL_DECL(_net_inet_ipip);
|
||||
SYSCTL_VNET_INT(_net_inet_ipip, OID_AUTO,
|
||||
ipip_allow, CTLFLAG_RW, &VNET_NAME(ipip_allow), 0, "");
|
||||
SYSCTL_INT(_net_inet_ipip, OID_AUTO, ipip_allow, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(ipip_allow), 0, "");
|
||||
SYSCTL_VNET_PCPUSTAT(_net_inet_ipip, IPSECCTL_STATS, stats,
|
||||
struct ipipstat, ipipstat,
|
||||
"IPIP statistics (struct ipipstat, netipsec/ipip_var.h)");
|
||||
|
||||
@ -173,43 +173,46 @@ static int sysctl_ipfw_tables_sets(SYSCTL_HANDLER_ARGS);
|
||||
SYSBEGIN(f3)
|
||||
|
||||
SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall");
|
||||
SYSCTL_VNET_INT(_net_inet_ip_fw, OID_AUTO, one_pass,
|
||||
CTLFLAG_RW | CTLFLAG_SECURE3, &VNET_NAME(fw_one_pass), 0,
|
||||
SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, one_pass,
|
||||
CTLFLAG_VNET | CTLFLAG_RW | CTLFLAG_SECURE3, &VNET_NAME(fw_one_pass), 0,
|
||||
"Only do a single pass through ipfw when using dummynet(4)");
|
||||
SYSCTL_VNET_INT(_net_inet_ip_fw, OID_AUTO, autoinc_step,
|
||||
CTLFLAG_RW, &VNET_NAME(autoinc_step), 0,
|
||||
SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, autoinc_step,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(autoinc_step), 0,
|
||||
"Rule number auto-increment step");
|
||||
SYSCTL_VNET_INT(_net_inet_ip_fw, OID_AUTO, verbose,
|
||||
CTLFLAG_RW | CTLFLAG_SECURE3, &VNET_NAME(fw_verbose), 0,
|
||||
SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose,
|
||||
CTLFLAG_VNET | CTLFLAG_RW | CTLFLAG_SECURE3, &VNET_NAME(fw_verbose), 0,
|
||||
"Log matches to ipfw rules");
|
||||
SYSCTL_VNET_INT(_net_inet_ip_fw, OID_AUTO, verbose_limit,
|
||||
CTLFLAG_RW, &VNET_NAME(verbose_limit), 0,
|
||||
SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose_limit,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(verbose_limit), 0,
|
||||
"Set upper limit of matches of ipfw rules logged");
|
||||
SYSCTL_UINT(_net_inet_ip_fw, OID_AUTO, default_rule, CTLFLAG_RD,
|
||||
&dummy_def, 0,
|
||||
"The default/max possible rule number.");
|
||||
SYSCTL_VNET_PROC(_net_inet_ip_fw, OID_AUTO, tables_max,
|
||||
CTLTYPE_UINT|CTLFLAG_RW, 0, 0, sysctl_ipfw_table_num, "IU",
|
||||
SYSCTL_PROC(_net_inet_ip_fw, OID_AUTO, tables_max,
|
||||
CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW, 0, 0, sysctl_ipfw_table_num, "IU",
|
||||
"Maximum number of concurrently used tables");
|
||||
SYSCTL_VNET_PROC(_net_inet_ip_fw, OID_AUTO, tables_sets,
|
||||
CTLTYPE_UINT|CTLFLAG_RW, 0, 0, sysctl_ipfw_tables_sets, "IU",
|
||||
SYSCTL_PROC(_net_inet_ip_fw, OID_AUTO, tables_sets,
|
||||
CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW,
|
||||
0, 0, sysctl_ipfw_tables_sets, "IU",
|
||||
"Use per-set namespace for tables");
|
||||
SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, default_to_accept, CTLFLAG_RDTUN,
|
||||
&default_to_accept, 0,
|
||||
"Make the default rule accept all packets.");
|
||||
TUNABLE_INT("net.inet.ip.fw.tables_max", (int *)&default_fw_tables);
|
||||
SYSCTL_VNET_INT(_net_inet_ip_fw, OID_AUTO, static_count,
|
||||
CTLFLAG_RD, &VNET_NAME(layer3_chain.n_rules), 0,
|
||||
SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, static_count,
|
||||
CTLFLAG_VNET | CTLFLAG_RD, &VNET_NAME(layer3_chain.n_rules), 0,
|
||||
"Number of static rules");
|
||||
|
||||
#ifdef INET6
|
||||
SYSCTL_DECL(_net_inet6_ip6);
|
||||
SYSCTL_NODE(_net_inet6_ip6, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6_fw, OID_AUTO, deny_unknown_exthdrs,
|
||||
CTLFLAG_RW | CTLFLAG_SECURE, &VNET_NAME(fw_deny_unknown_exthdrs), 0,
|
||||
SYSCTL_INT(_net_inet6_ip6_fw, OID_AUTO, deny_unknown_exthdrs,
|
||||
CTLFLAG_VNET | CTLFLAG_RW | CTLFLAG_SECURE,
|
||||
&VNET_NAME(fw_deny_unknown_exthdrs), 0,
|
||||
"Deny packets with unknown IPv6 Extension Headers");
|
||||
SYSCTL_VNET_INT(_net_inet6_ip6_fw, OID_AUTO, permit_single_frag6,
|
||||
CTLFLAG_RW | CTLFLAG_SECURE, &VNET_NAME(fw_permit_single_frag6), 0,
|
||||
SYSCTL_INT(_net_inet6_ip6_fw, OID_AUTO, permit_single_frag6,
|
||||
CTLFLAG_VNET | CTLFLAG_RW | CTLFLAG_SECURE,
|
||||
&VNET_NAME(fw_permit_single_frag6), 0,
|
||||
"Permit single packet IPv6 fragments");
|
||||
#endif /* INET6 */
|
||||
|
||||
|
||||
@ -206,41 +206,41 @@ static int sysctl_ipfw_dyn_max(SYSCTL_HANDLER_ARGS);
|
||||
SYSBEGIN(f2)
|
||||
|
||||
SYSCTL_DECL(_net_inet_ip_fw);
|
||||
SYSCTL_VNET_UINT(_net_inet_ip_fw, OID_AUTO, dyn_buckets,
|
||||
CTLFLAG_RW, &VNET_NAME(dyn_buckets_max), 0,
|
||||
SYSCTL_UINT(_net_inet_ip_fw, OID_AUTO, dyn_buckets,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(dyn_buckets_max), 0,
|
||||
"Max number of dyn. buckets");
|
||||
SYSCTL_VNET_UINT(_net_inet_ip_fw, OID_AUTO, curr_dyn_buckets,
|
||||
CTLFLAG_RD, &VNET_NAME(curr_dyn_buckets), 0,
|
||||
SYSCTL_UINT(_net_inet_ip_fw, OID_AUTO, curr_dyn_buckets,
|
||||
CTLFLAG_VNET | CTLFLAG_RD, &VNET_NAME(curr_dyn_buckets), 0,
|
||||
"Current Number of dyn. buckets");
|
||||
SYSCTL_VNET_PROC(_net_inet_ip_fw, OID_AUTO, dyn_count,
|
||||
CTLTYPE_UINT|CTLFLAG_RD, 0, 0, sysctl_ipfw_dyn_count, "IU",
|
||||
SYSCTL_PROC(_net_inet_ip_fw, OID_AUTO, dyn_count,
|
||||
CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RD, 0, 0, sysctl_ipfw_dyn_count, "IU",
|
||||
"Number of dyn. rules");
|
||||
SYSCTL_VNET_PROC(_net_inet_ip_fw, OID_AUTO, dyn_max,
|
||||
CTLTYPE_UINT|CTLFLAG_RW, 0, 0, sysctl_ipfw_dyn_max, "IU",
|
||||
SYSCTL_PROC(_net_inet_ip_fw, OID_AUTO, dyn_max,
|
||||
CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW, 0, 0, sysctl_ipfw_dyn_max, "IU",
|
||||
"Max number of dyn. rules");
|
||||
SYSCTL_VNET_UINT(_net_inet_ip_fw, OID_AUTO, dyn_ack_lifetime,
|
||||
CTLFLAG_RW, &VNET_NAME(dyn_ack_lifetime), 0,
|
||||
SYSCTL_UINT(_net_inet_ip_fw, OID_AUTO, dyn_ack_lifetime,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(dyn_ack_lifetime), 0,
|
||||
"Lifetime of dyn. rules for acks");
|
||||
SYSCTL_VNET_UINT(_net_inet_ip_fw, OID_AUTO, dyn_syn_lifetime,
|
||||
CTLFLAG_RW, &VNET_NAME(dyn_syn_lifetime), 0,
|
||||
SYSCTL_UINT(_net_inet_ip_fw, OID_AUTO, dyn_syn_lifetime,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(dyn_syn_lifetime), 0,
|
||||
"Lifetime of dyn. rules for syn");
|
||||
SYSCTL_VNET_UINT(_net_inet_ip_fw, OID_AUTO, dyn_fin_lifetime,
|
||||
CTLFLAG_RW, &VNET_NAME(dyn_fin_lifetime), 0,
|
||||
SYSCTL_UINT(_net_inet_ip_fw, OID_AUTO, dyn_fin_lifetime,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(dyn_fin_lifetime), 0,
|
||||
"Lifetime of dyn. rules for fin");
|
||||
SYSCTL_VNET_UINT(_net_inet_ip_fw, OID_AUTO, dyn_rst_lifetime,
|
||||
CTLFLAG_RW, &VNET_NAME(dyn_rst_lifetime), 0,
|
||||
SYSCTL_UINT(_net_inet_ip_fw, OID_AUTO, dyn_rst_lifetime,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(dyn_rst_lifetime), 0,
|
||||
"Lifetime of dyn. rules for rst");
|
||||
SYSCTL_VNET_UINT(_net_inet_ip_fw, OID_AUTO, dyn_udp_lifetime,
|
||||
CTLFLAG_RW, &VNET_NAME(dyn_udp_lifetime), 0,
|
||||
SYSCTL_UINT(_net_inet_ip_fw, OID_AUTO, dyn_udp_lifetime,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(dyn_udp_lifetime), 0,
|
||||
"Lifetime of dyn. rules for UDP");
|
||||
SYSCTL_VNET_UINT(_net_inet_ip_fw, OID_AUTO, dyn_short_lifetime,
|
||||
CTLFLAG_RW, &VNET_NAME(dyn_short_lifetime), 0,
|
||||
SYSCTL_UINT(_net_inet_ip_fw, OID_AUTO, dyn_short_lifetime,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(dyn_short_lifetime), 0,
|
||||
"Lifetime of dyn. rules for other situations");
|
||||
SYSCTL_VNET_UINT(_net_inet_ip_fw, OID_AUTO, dyn_keepalive,
|
||||
CTLFLAG_RW, &VNET_NAME(dyn_keepalive), 0,
|
||||
SYSCTL_UINT(_net_inet_ip_fw, OID_AUTO, dyn_keepalive,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(dyn_keepalive), 0,
|
||||
"Enable keepalives for dyn. rules");
|
||||
SYSCTL_VNET_UINT(_net_inet_ip_fw, OID_AUTO, dyn_keep_states,
|
||||
CTLFLAG_RW, &VNET_NAME(dyn_keep_states), 0,
|
||||
SYSCTL_UINT(_net_inet_ip_fw, OID_AUTO, dyn_keep_states,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(dyn_keep_states), 0,
|
||||
"Do not flush dynamic states on rule deletion");
|
||||
|
||||
SYSEND
|
||||
|
||||
@ -92,20 +92,21 @@ int ipfw_check_frame(void *, struct mbuf **, struct ifnet *, int,
|
||||
SYSBEGIN(f1)
|
||||
|
||||
SYSCTL_DECL(_net_inet_ip_fw);
|
||||
SYSCTL_VNET_PROC(_net_inet_ip_fw, OID_AUTO, enable,
|
||||
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3, &VNET_NAME(fw_enable), 0,
|
||||
ipfw_chg_hook, "I", "Enable ipfw");
|
||||
SYSCTL_PROC(_net_inet_ip_fw, OID_AUTO, enable,
|
||||
CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3,
|
||||
&VNET_NAME(fw_enable), 0, ipfw_chg_hook, "I", "Enable ipfw");
|
||||
#ifdef INET6
|
||||
SYSCTL_DECL(_net_inet6_ip6_fw);
|
||||
SYSCTL_VNET_PROC(_net_inet6_ip6_fw, OID_AUTO, enable,
|
||||
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3, &VNET_NAME(fw6_enable), 0,
|
||||
ipfw_chg_hook, "I", "Enable ipfw+6");
|
||||
SYSCTL_PROC(_net_inet6_ip6_fw, OID_AUTO, enable,
|
||||
CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3,
|
||||
&VNET_NAME(fw6_enable), 0, ipfw_chg_hook, "I", "Enable ipfw+6");
|
||||
#endif /* INET6 */
|
||||
|
||||
SYSCTL_DECL(_net_link_ether);
|
||||
SYSCTL_VNET_PROC(_net_link_ether, OID_AUTO, ipfw,
|
||||
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3, &VNET_NAME(fwlink_enable), 0,
|
||||
ipfw_chg_hook, "I", "Pass ether pkts through firewall");
|
||||
SYSCTL_PROC(_net_link_ether, OID_AUTO, ipfw,
|
||||
CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3,
|
||||
&VNET_NAME(fwlink_enable), 0, ipfw_chg_hook, "I",
|
||||
"Pass ether pkts through firewall");
|
||||
|
||||
SYSEND
|
||||
|
||||
|
||||
@ -247,7 +247,7 @@ static int pfsync_init(void);
|
||||
static void pfsync_uninit(void);
|
||||
|
||||
SYSCTL_NODE(_net, OID_AUTO, pfsync, CTLFLAG_RW, 0, "PFSYNC");
|
||||
SYSCTL_VNET_STRUCT(_net_pfsync, OID_AUTO, stats, CTLFLAG_RW,
|
||||
SYSCTL_STRUCT(_net_pfsync, OID_AUTO, stats, CTLFLAG_VNET | CTLFLAG_RW,
|
||||
&VNET_NAME(pfsyncstats), pfsyncstats,
|
||||
"PFSYNC statistics (struct pfsyncstats, net/if_pfsync.h)");
|
||||
SYSCTL_INT(_net_pfsync, OID_AUTO, carp_demotion_factor, CTLFLAG_RW,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user