d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a74af3dc69
freebsd-dev/sys/netinet
History
Alexander V. Chernikov 74b22066b0 Make rule table kernel-index rewriting support any kind of objects. 
Currently we have tables identified by their names in userland
with internal kernel-assigned indices. This works the following way:

When userland wishes to communicate with kernel to add or change rule(s),
it makes indexed sorted array of table names
(internally ipfw_obj_ntlv entries), and refer to indices in that
array in rule manipulation.
Prior to committing new rule to the ruleset kernel
a) finds all referenced tables, bump their refcounts and change
 values inside the opcodes to be real kernel indices
b) auto-creates all referenced but not existing tables and then
 do a) for them.

Kernel does almost the same when exporting rules to userland:
 prepares array of used tables in all rules in range, and
 prepends it before the actual ruleset retaining actual in-kernel
 indexes for that.

There is also special translation layer for legacy clients which is
able to provide 'real' indices for table names (basically doing atoi()).

While it is arguable that every subsystem really needs names instead of
numbers, there are several things that should be noted:

1) every non-singleton subsystem needs to store its runtime state
somewhere inside ipfw chain (and be able to get it fast)
2) we can't assume object numbers provided by humans will be dense.

Existing nat implementation (O(n) access and LIST inside chain) is a
good example.

Hence the following:
* Convert table-centric rewrite code to be more generic, callback-based
* Move most of the code from ip_fw_table.c to ip_fw_sockopt.c
* Provide abstract API to permit subsystems convert their objects
  between userland string identifier and in-kernel index.
  (See struct opcode_obj_rewrite) for more details
* Create another per-chain index (in next commit) shared among all subsystems
* Convert current NAT44 implementation to use new API, O(1) lookups,
 shared index and names instead of numbers (in next commit).

Sponsored by:	Yandex LLC
2015-04-27 08:29:39 +00:00
..
cc DCTCP (Data Center TCP) implementation. 2015-01-12 08:33:04 +00:00
khelp
libalias mdoc: fix rendering issues 2015-04-26 11:39:25 +00:00
accf_data.c
accf_dns.c In preparation of merging projects/sendfile, transform bare access to 2014-11-12 09:57:15 +00:00
accf_http.c In preparation of merging projects/sendfile, transform bare access to 2014-11-12 09:57:15 +00:00
cc.h DCTCP (Data Center TCP) implementation. 2015-01-12 08:33:04 +00:00
icmp6.h Implement Enhanced DAD algorithm for IPv6 described in 2015-03-02 17:30:26 +00:00
icmp_var.h
if_atm.c
if_atm.h
if_ether.c lla_lookup() can directly call llentry_free() for static entries 2015-03-07 18:33:08 +00:00
if_ether.h Do not return unlocked/unreferenced lle in arpresolve/nd6_storelladdr - 2014-11-27 23:06:25 +00:00
igmp_var.h - Rename 'struct igmp_ifinfo' into 'struct igmp_ifsoftc', since it really 2015-02-19 22:35:23 +00:00
igmp.c Improve patch for SA-15:04.igmp to solve a potential buffer overflow. 2015-04-07 20:20:03 +00:00
igmp.h
in_cksum.c
in_debug.c
in_gif.c Extern declarations in C files loses compile-time checking that 2014-12-25 21:32:37 +00:00
in_kdtrace.c
in_kdtrace.h
in_mcast.c Fix build with KTR after r278978. 2015-02-19 15:41:23 +00:00
in_pcb.c Refactor / restructure the RSS code into generic, IPv4 and IPv6 specific 2015-01-18 18:06:40 +00:00
in_pcb.h Start process of removing the use of the deprecated "M_FLOWID" flag 2014-12-01 11:45:24 +00:00
in_pcbgroup.c Refactor / restructure the RSS code into generic, IPv4 and IPv6 specific 2015-01-18 18:06:40 +00:00
in_proto.c Finish r274118: remove useless fields from struct domain. 2014-11-06 14:39:04 +00:00
in_rmx.c Kill custom in_matroute() radix mathing function removing one rte mutex lock. 2014-11-11 02:52:40 +00:00
in_rss.c Correctly const-ify things. 2015-03-18 04:40:36 +00:00
in_rss.h Refactor / restructure the RSS code into generic, IPv4 and IPv6 specific 2015-01-18 18:06:40 +00:00
in_systm.h Where appropriate, use the modern terms for the one true time base 2014-12-21 05:07:11 +00:00
in_var.h Move all code related to IP fragment reassembly to ip_reass.c. Some 2015-04-10 06:02:37 +00:00
in.c Provide functions to determine presence of a given address 2015-04-17 11:57:06 +00:00
in.h Provide functions to determine presence of a given address 2015-04-17 11:57:06 +00:00
ip6.h Eliminate use of M_EXT in IP6_EXTHDR_CHECK() by trimming a redundant 2014-10-05 06:28:53 +00:00
ip_carp.c Improve carp(4) locking: 2015-04-21 20:25:12 +00:00
ip_carp.h
ip_divert.c Update ip_divert.ko to depend on version 3 of ipfw. 2014-10-11 16:08:54 +00:00
ip_divert.h
ip_dummynet.h
ip_ecn.c
ip_ecn.h
ip_encap.c
ip_encap.h
ip_fastfwd.c Remove incorrect layering violating code that: 2015-01-12 09:41:12 +00:00
ip_fw.h Make rule table kernel-index rewriting support any kind of objects. 2015-04-27 08:29:39 +00:00
ip_gre.c o Use new function ip_fillid() in all places throughout the kernel, 2015-04-01 22:26:39 +00:00
ip_icmp.c Where appropriate, use the modern terms for the one true time base 2014-12-21 05:07:11 +00:00
ip_icmp.h Where appropriate, use the modern terms for the one true time base 2014-12-21 05:07:11 +00:00
ip_id.c Provide a comment explaining issues with the counter(9) trick, so that 2015-04-02 14:22:59 +00:00
ip_input.c Attempt to fix build after 281351 by defining full prototype for the 2015-04-11 01:06:59 +00:00
ip_ipsec.c Remove now unneded KEY_FREESP() for case when ipsec[46]_process_packet() 2015-04-27 01:11:09 +00:00
ip_ipsec.h Remove flag/flags argument from the following functions: 2014-12-11 18:35:34 +00:00
ip_mroute.c o Use new function ip_fillid() in all places throughout the kernel, 2015-04-01 22:26:39 +00:00
ip_mroute.h
ip_options.c Use M_WRITABLE() and M_LEADINGSPACE() rather than checking M_EXT and 2015-01-06 14:32:28 +00:00
ip_options.h Make net.inet.ip.sourceroute, net.inet.ip.accept_sourceroute, and 2014-09-15 07:20:40 +00:00
ip_output.c Extend fixes made in r278103 and r38754 by copying the complete packet 2015-04-02 15:47:37 +00:00
ip_reass.c Fix RSS build - netisr input / NETISR_IP_DIRECT is used here. 2015-04-15 00:57:21 +00:00
ip_var.h o Use new function ip_fillid() in all places throughout the kernel, 2015-04-01 22:26:39 +00:00
ip.h Change struct attribute to avoid aligned operations mismatch 2015-02-24 12:57:03 +00:00
pim_var.h
pim.h
raw_ip.c o Use new function ip_fillid() in all places throughout the kernel, 2015-04-01 22:26:39 +00:00
sctp_asconf.c Add protection code to free memory in case of processing an address which 2015-01-18 20:53:20 +00:00
sctp_asconf.h
sctp_auth.c Make sure that we don't free an SCTP shared key too early. 2015-03-25 22:45:54 +00:00
sctp_auth.h Use a consistent type for the number of HMAC algorithms. 2014-09-16 14:20:33 +00:00
sctp_bsd_addr.c Minimize the usage of SCTP_BUF_IS_EXTENDED. 2015-01-10 20:49:57 +00:00
sctp_bsd_addr.h
sctp_cc_functions.c Add a SCTP socket option to limit the cwnd for each path. 2015-03-10 19:49:25 +00:00
sctp_constants.h Fix the handling of sysctl variables when used with VIMAGE. 2014-09-06 19:12:14 +00:00
sctp_crc32.c
sctp_crc32.h
sctp_dtrace_declare.h
sctp_dtrace_define.h
sctp_header.h Fix the reported streams in a SCTP_STREAM_RESET_EVENT, if a 2014-10-16 15:36:04 +00:00
sctp_indata.c Don't panic under INVARIANTS when receiving a SACK which cumacks 2015-04-26 21:47:15 +00:00
sctp_indata.h
sctp_input.c Add a SCTP socket option to limit the cwnd for each path. 2015-03-10 19:49:25 +00:00
sctp_input.h Fix the reported streams in a SCTP_STREAM_RESET_EVENT, if a 2014-10-16 15:36:04 +00:00
sctp_lock_bsd.h
sctp_os_bsd.h Update a comment to get it aligned with the code change. 2015-03-11 15:40:29 +00:00
sctp_os.h
sctp_output.c o Use new function ip_fillid() in all places throughout the kernel, 2015-04-01 22:26:39 +00:00
sctp_output.h Ensure that the list of streams sent in a stream reset parameter fits 2014-10-08 15:30:59 +00:00
sctp_pcb.c Fix two bugs which resulted in a screwed up end point list: 2015-03-24 21:12:45 +00:00
sctp_pcb.h Add a SCTP socket option to limit the cwnd for each path. 2015-03-10 19:49:25 +00:00
sctp_peeloff.c Add a SCTP socket option to limit the cwnd for each path. 2015-03-10 19:49:25 +00:00
sctp_peeloff.h
sctp_ss_functions.c
sctp_structs.h Improve the selection of the destination address of SACK chunks. 2015-03-26 22:05:31 +00:00
sctp_syscalls.c Replace struct filedesc argument in getsock_cap with struct thread 2015-04-11 16:00:33 +00:00
sctp_sysctl.c Remove comparisons which are not necessary. 2015-01-20 19:08:55 +00:00
sctp_sysctl.h Fix the handling of sysctl variables when used with VIMAGE. 2014-09-06 19:12:14 +00:00
sctp_timer.c Fix a typo. 2015-03-10 09:16:31 +00:00
sctp_timer.h
sctp_uio.h Add support for the SCTP_PR_STREAM_STATUS and SCTP_PR_ASSOC_STATUS 2014-08-13 15:50:16 +00:00
sctp_usrreq.c Use the reference count of the right SCTP inp. 2015-03-25 21:41:20 +00:00
sctp_var.h Do the renaming of sb_cc to sb_ccc in a way with less code changes by 2014-12-02 20:29:29 +00:00
sctp.h Add a SCTP socket option to limit the cwnd for each path. 2015-03-10 19:49:25 +00:00
sctputil.c Fix an accounting bug related to the per stream chunk counter. 2015-03-24 14:51:46 +00:00
sctputil.h Minimize the usage of SCTP_BUF_IS_EXTENDED. 2015-01-10 20:49:57 +00:00
siftr.c The addition of flowid and flowtype in r280233 and r280237 respectively forgot 2015-03-24 15:08:43 +00:00
tcp_debug.c
tcp_debug.h
tcp_fsm.h
tcp_hostcache.c Go back to using sbuf_new() with a preallocated large buffer, to avoid 2015-03-14 23:57:33 +00:00
tcp_hostcache.h Add scope zone id to the in_endpoints and hc_metrics structures. 2014-09-10 16:26:18 +00:00
tcp_input.c DCTCP (Data Center TCP) implementation. 2015-01-12 08:33:04 +00:00
tcp_lro.c
tcp_lro.h
tcp_offload.c
tcp_offload.h
tcp_output.c To ease changes to underlying mbuf structure and the mbuf allocator, reduce 2015-01-05 09:58:32 +00:00
tcp_reass.c Merge from projects/sendfile: extend protocols API to support 2014-11-30 13:24:21 +00:00
tcp_sack.c Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed. 2014-11-07 09:39:05 +00:00
tcp_seq.h
tcp_subr.c Fix possible reference leak. 2015-04-24 21:05:29 +00:00
tcp_syncache.c Make syncookie_mac() use 'tcp_seq irs' in computing hash. 2015-01-30 17:29:07 +00:00
tcp_syncache.h
tcp_timer.c Fix an old and well-documented use-after-free race condition in 2015-04-16 10:00:06 +00:00
tcp_timer.h Fix an old and well-documented use-after-free race condition in 2015-04-16 10:00:06 +00:00
tcp_timewait.c Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed. 2014-11-07 09:39:05 +00:00
tcp_usrreq.c In TCP, connect() can return incorrect error code EINVAL 2015-03-09 20:29:16 +00:00
tcp_var.h Fix an old and well-documented use-after-free race condition in 2015-04-16 10:00:06 +00:00
tcp.h
tcpip.h
toecore.c Do not return unlocked/unreferenced lle in arpresolve/nd6_storelladdr - 2014-11-27 23:06:25 +00:00
toecore.h
udp_usrreq.c Refactor / restructure the RSS code into generic, IPv4 and IPv6 specific 2015-01-18 18:06:40 +00:00
udp_var.h Add context pointer and source address to the UDP tunnel callback 2014-10-10 06:08:59 +00:00
udp.h
udplite.h