freebsd-dev/sys/netipsec
Gleb Smirnoff b8a6e03fac Widen NET_EPOCH coverage.
When epoch(9) was introduced to network stack, it was basically
dropped in place of existing locking, which was mutexes and
rwlocks. For the sake of performance mutex covered areas were
as small as possible, so became epoch covered areas.

However, epoch doesn't introduce any contention, it just delays
memory reclaim. So, there is no point to minimise epoch covered
areas in sense of performance. Meanwhile entering/exiting epoch
also has non-zero CPU usage, so doing this less often is a win.

Not the least is also code maintainability. In the new paradigm
we can assume that at any stage of processing a packet, we are
inside network epoch. This makes coding both input and output
path way easier.

On output path we already enter epoch quite early - in the
ip_output(), in the ip6_output().

This patch does the same for the input path. All ISR processing,
network related callouts, other ways of packet injection to the
network stack shall be performed in net_epoch. Any leaf function
that walks network configuration now asserts epoch.

Tricky part is configuration code paths - ioctls, sysctls. They
also call into leaf functions, so some need to be changed.

This patch would introduce more epoch recursions (see EPOCH_TRACE)
than we had before. They will be cleaned up separately, as several
of them aren't trivial. Note, that unlike a lock recursion the
epoch recursion is safe and just wastes a bit of resources.

Reviewed by:	gallatin, hselasky, cy, adrian, kristof
Differential Revision:	https://reviews.freebsd.org/D19111
2019-10-07 22:40:05 +00:00
..
ah_var.h
ah.h
esp_var.h
esp.h
ipcomp_var.h
ipcomp.h
ipsec6.h
ipsec_input.c
ipsec_mbuf.c Merge r1.22-1.23 from NetBSD: 2018-04-26 12:23:31 +00:00
ipsec_mod.c
ipsec_output.c
ipsec_pcb.c Remove unused argument to priv_check_cred. 2018-12-11 19:32:16 +00:00
ipsec_support.h
ipsec.c Fix broken window replay check that will allow old packet to be accepted. 2019-09-06 14:30:23 +00:00
ipsec.h Make the warning intervals for deprecated crypto algorithms tunable. 2019-06-11 23:00:55 +00:00
key_debug.c r335795 build fix: make static functions static 2018-06-29 14:51:36 +00:00
key_debug.h
key_var.h
key.c Add missing new line in several log messages. 2019-08-09 08:58:09 +00:00
key.h Replace read_random(9) with more appropriate arc4rand(9) KPIs 2019-04-04 01:02:50 +00:00
keydb.h OCF: Add a typedef for session identifiers 2018-07-13 23:46:07 +00:00
keysock.c Use the new VNET_DEFINE_STATIC macro when we are defining static VNET 2018-07-24 16:35:52 +00:00
keysock.h
subr_ipsec.c Fix witness warning in xform_init(). 2018-09-26 14:47:51 +00:00
udpencap.c
xform_ah.c Make the warning intervals for deprecated crypto algorithms tunable. 2019-06-11 23:00:55 +00:00
xform_esp.c Make the warning intervals for deprecated crypto algorithms tunable. 2019-06-11 23:00:55 +00:00
xform_ipcomp.c Widen NET_EPOCH coverage. 2019-10-07 22:40:05 +00:00
xform_tcp.c fix locking within tcp_ipsec_pcbctl() to match ipsec4_pcbctl(), ipsec4_pcbctl() 2018-07-04 17:10:07 +00:00
xform.h Fix witness warning in xform_init(). 2018-09-26 14:47:51 +00:00