freebsd-dev/sys/netinet
Robert Watson 3de4046939 Continue work to optimize performance of "options MAC" when no MAC policy
modules are loaded by avoiding mbuf label lookups when policies aren't
loaded, pushing further socket locking into MAC policy modules, and
avoiding locking MAC ifnet locks when no policies are loaded:

- Check mac_policies_count before looking for mbuf MAC label m_tags in MAC
  Framework entry points.  We will still pay label lookup costs if MAC
  policies are present but don't require labels (typically a single mbuf
  header field read, but perhaps further indirection if IPSEC or other
  m_tag consumers are in use).

- Further push socket locking for socket-related access control checks and
  events into MAC policies from the MAC Framework, so that sockets are
  only locked if a policy specifically requires a lock to protect a label.
  This resolves lock order issues during sonewconn() and also in local
  domain socket cross-connect where multiple socket locks could not be
  held at once for the purposes of propagatig MAC labels across multiple
  sockets.  Eliminate mac_policy_count check in some entry points where it
  no longer avoids locking.

- Add mac_policy_count checking in some entry points relating to network
  interfaces that otherwise lock a global MAC ifnet lock used to protect
  ifnet labels.

Obtained from:	TrustedBSD Project
2009-06-03 18:46:28 +00:00
..
libalias What's the point of adjusting a checksum if we are going to toss the 2009-04-11 15:26:31 +00:00
accf_data.c Rework socket upcalls to close some races with setup/teardown of upcalls. 2009-06-01 21:17:03 +00:00
accf_dns.c Rework socket upcalls to close some races with setup/teardown of upcalls. 2009-06-01 21:17:03 +00:00
accf_http.c Rework socket upcalls to close some races with setup/teardown of upcalls. 2009-06-01 21:17:03 +00:00
icmp6.h Add MLDv2 prototypes and defines. 2009-04-29 10:20:17 +00:00
icmp_var.h Update stats in struct icmpstat and icmp6stat using four new 2009-04-12 13:22:33 +00:00
if_atm.c
if_atm.h
if_ether.c Reimplement the netisr framework in order to support parallel netisr 2009-06-01 10:41:38 +00:00
if_ether.h
igmp_var.h Update stats in struct igmpstat using two new macros: 2009-04-12 13:41:13 +00:00
igmp.c Merge fixes from p4: 2009-06-01 15:30:18 +00:00
igmp.h Comment IGMP_PIM as being very historic, as in, don't use. 2009-03-19 01:15:26 +00:00
in_cksum.c Add FBSDID to all files in netinet so that people can more 2007-10-07 20:44:24 +00:00
in_gif.c Update stats in struct ipstat using four new macros, IPSTAT_ADD(), 2009-04-11 23:35:20 +00:00
in_gif.h
in_mcast.c Cut over to KTR_INET for CTR. 2009-04-29 10:14:16 +00:00
in_pcb.c Continue work to optimize performance of "options MAC" when no MAC policy 2009-06-03 18:46:28 +00:00
in_pcb.h - Rename IP_NONLOCALOK IP socket option to IP_BINDANY, to be more consistent 2009-06-01 10:30:00 +00:00
in_proto.c
in_rmx.c Convert the two dimensional array to be malloced and introduce 2009-06-01 15:49:42 +00:00
in_systm.h
in_var.h Remove bogus comment. 2009-05-09 18:50:01 +00:00
in.c If including vnet.h one has to include opt_route.h as well. This is 2009-05-22 23:03:15 +00:00
in.h - Rename IP_NONLOCALOK IP socket option to IP_BINDANY, to be more consistent 2009-06-01 10:30:00 +00:00
ip6.h
ip_carp.c Bite the bullet, and make the IPv6 SSM and MLDv2 mega-commit: 2009-04-29 19:19:13 +00:00
ip_carp.h Update stats in struct carpstats using two new macros: CARPSTATS_ADD() 2009-04-12 14:19:37 +00:00
ip_divert.c Add internal 'mac_policy_count' counter to the MAC Framework, which is a 2009-06-02 18:26:17 +00:00
ip_divert.h
ip_dummynet.c Add emulation of delay profiles, which lets you model various 2009-04-09 12:46:00 +00:00
ip_dummynet.h Add emulation of delay profiles, which lets you model various 2009-04-09 12:46:00 +00:00
ip_ecn.c
ip_ecn.h
ip_encap.c
ip_encap.h /* -> /*- for license, minor formatting changes 2005-01-07 01:45:51 +00:00
ip_fastfwd.c Change if_output to take a struct route as its fourth argument in order 2009-04-16 20:30:28 +00:00
ip_fw2.c Revert the logical change of r192341. 2009-05-18 22:34:44 +00:00
ip_fw_nat.c Prefer actual field names (if_addrhead, ifa_link) to macros aliasing 2009-04-20 22:40:44 +00:00
ip_fw_pfil.c Permit buiding kernels with options VIMAGE, restricted to only a single 2009-04-30 13:36:26 +00:00
ip_fw.h Make indentation more uniform accross vnet container structs. 2009-05-02 08:16:26 +00:00
ip_gre.c
ip_gre.h Fix stack corruptions on amd64. 2006-01-21 10:44:34 +00:00
ip_icmp.c In icmp_reflect(), acquire the inteface address list lock when 2009-04-20 13:45:39 +00:00
ip_icmp.h Use uint32_t instead of n_long and n_time, and uint16_t instead of n_short. 2009-02-13 15:14:43 +00:00
ip_id.c Rather than using hidden includes (with cicular dependencies), 2008-12-02 21:37:28 +00:00
ip_input.c Reimplement the netisr framework in order to support parallel netisr 2009-06-01 10:41:38 +00:00
ip_ipsec.c Add sysctls to toggle the behaviour of the (former) IPSEC_FILTERTUNNEL 2009-05-23 16:42:38 +00:00
ip_ipsec.h Take the route mtu into account, if available, when sending an 2008-04-09 05:17:18 +00:00
ip_mroute.c Use KTR_INET for MROUTING CTRs. 2009-04-29 10:17:08 +00:00
ip_mroute.h Bracket struct mfc and struct rtdetq with #ifdef _KERNEL. 2009-04-21 12:47:09 +00:00
ip_options.c Update stats in struct ipstat using four new macros, IPSTAT_ADD(), 2009-04-11 23:35:20 +00:00
ip_options.h
ip_output.c - Rename IP_NONLOCALOK IP socket option to IP_BINDANY, to be more consistent 2009-06-01 10:30:00 +00:00
ip_var.h Update stats in struct ipstat using four new macros, IPSTAT_ADD(), 2009-04-11 23:35:20 +00:00
ip.h
pim_var.h Update stats in struct pimstat using two new macros: PIMSTAT_ADD() 2009-04-12 14:06:26 +00:00
pim.h
raw_ip.c - Rename IP_NONLOCALOK IP socket option to IP_BINDANY, to be more consistent 2009-06-01 10:30:00 +00:00
sctp_asconf.c Code from the hack-session known as the IETF (and a 2008-12-06 13:19:54 +00:00
sctp_asconf.h
sctp_auth.c
sctp_auth.h Code from the hack-session known as the IETF (and a 2008-12-06 13:19:54 +00:00
sctp_bsd_addr.c Add missing address lock when we look at the ifa list 2009-04-14 19:20:27 +00:00
sctp_bsd_addr.h
sctp_cc_functions.c - Macro-izes the packed declaration in all headers. 2008-06-14 07:58:05 +00:00
sctp_cc_functions.h
sctp_constants.h Fixes several PR-SCTP releated bugs. 2009-03-14 13:42:13 +00:00
sctp_crc32.c repository sync to multi-OS repo ... spaceing change 2009-05-07 16:43:49 +00:00
sctp_crc32.h
sctp_header.h
sctp_indata.c Move the flight size reduction to right after 2009-04-14 07:50:29 +00:00
sctp_indata.h
sctp_input.c Many bug fixes (from the IETF hack-fest): 2009-04-04 11:43:32 +00:00
sctp_input.h
sctp_lock_bsd.h
sctp_os_bsd.h Unbreak options VIMAGE kernel builds. 2009-05-06 08:49:39 +00:00
sctp_os.h
sctp_output.c Many bug fixes (from the IETF hack-fest): 2009-04-04 11:43:32 +00:00
sctp_output.h Fix the add stream feature of strm-reset to really work: 2009-02-27 20:54:45 +00:00
sctp_pcb.c Adds missing sysctl to manage the vtag_time_wait time. This will 2009-05-30 11:14:41 +00:00
sctp_pcb.h
sctp_peeloff.c - Macro-izes the packed declaration in all headers. 2008-06-14 07:58:05 +00:00
sctp_peeloff.h
sctp_structs.h add an llentry to struct route{_in6} to allow it to be passed around with 2009-04-15 20:34:19 +00:00
sctp_sysctl.c Adds missing sysctl to manage the vtag_time_wait time. This will 2009-05-30 11:14:41 +00:00
sctp_sysctl.h Adds missing sysctl to manage the vtag_time_wait time. This will 2009-05-30 11:14:41 +00:00
sctp_timer.c Fixes several PR-SCTP releated bugs. 2009-03-14 13:42:13 +00:00
sctp_timer.h
sctp_uio.h Make sctp_uio user to kernel structure match the 2009-05-30 10:50:40 +00:00
sctp_usrreq.c Many bug fixes (from the IETF hack-fest): 2009-04-04 11:43:32 +00:00
sctp_var.h Fixes several PR-SCTP releated bugs. 2009-03-14 13:42:13 +00:00
sctp.h Fixes several PR-SCTP releated bugs. 2009-03-14 13:42:13 +00:00
sctputil.c Fix a small memory leak from the nr-sack code - the mapping array 2009-05-30 10:56:27 +00:00
sctputil.h Fixes several PR-SCTP releated bugs. 2009-03-14 13:42:13 +00:00
tcp_debug.c
tcp_debug.h Use uint32_t instead of n_long and n_time, and uint16_t instead of n_short. 2009-02-13 15:14:43 +00:00
tcp_fsm.h
tcp_hostcache.c A NOP change: style / whitespace cleanup of the noise that slipped 2009-05-08 14:34:25 +00:00
tcp_hostcache.h
tcp_input.c Add internal 'mac_policy_count' counter to the MAC Framework, which is a 2009-06-02 18:26:17 +00:00
tcp_lro.c
tcp_lro.h
tcp_offload.c
tcp_offload.h
tcp_output.c Update stats in struct tcpstat using two new macros, TCPSTAT_ADD() and 2009-04-11 22:07:19 +00:00
tcp_reass.c Remove comment about moving tcp_reass() to its own file named tcp_reass.c, 2009-05-25 14:51:47 +00:00
tcp_sack.c Update stats in struct tcpstat using two new macros, TCPSTAT_ADD() and 2009-04-11 22:07:19 +00:00
tcp_seq.h
tcp_subr.c For UDP with introducing the UDP control block, the uma zone had to 2009-05-23 17:02:30 +00:00
tcp_syncache.c Add internal 'mac_policy_count' counter to the MAC Framework, which is a 2009-06-02 18:26:17 +00:00
tcp_syncache.h Permit buiding kernels with options VIMAGE, restricted to only a single 2009-04-30 13:36:26 +00:00
tcp_timer.c Update stats in struct tcpstat using two new macros, TCPSTAT_ADD() and 2009-04-11 22:07:19 +00:00
tcp_timer.h
tcp_timewait.c Unbreak options VIMAGE + nooptions INVARIANTS kernel builds. 2009-05-02 05:02:28 +00:00
tcp_usrreq.c Update stats in struct tcpstat using two new macros, TCPSTAT_ADD() and 2009-04-11 22:07:19 +00:00
tcp_var.h Permit buiding kernels with options VIMAGE, restricted to only a single 2009-04-30 13:36:26 +00:00
tcp.h add rcv_nxt, snd_nxt, and toe offload id to FreeBSD-specific 2008-05-05 20:13:31 +00:00
tcpip.h
toedev.h
udp_usrreq.c Add hierarchical jails. A jail may further virtualize its environment 2009-05-27 14:11:23 +00:00
udp_var.h Implement UDP control block support. 2009-05-23 16:51:13 +00:00
udp.h
vinet.h Implement UDP control block support. 2009-05-23 16:51:13 +00:00