freebsd-nq/sys/netinet
Robert Watson 3de4046939 Continue work to optimize performance of "options MAC" when no MAC policy
modules are loaded by avoiding mbuf label lookups when policies aren't
loaded, pushing further socket locking into MAC policy modules, and
avoiding locking MAC ifnet locks when no policies are loaded:

- Check mac_policies_count before looking for mbuf MAC label m_tags in MAC
  Framework entry points.  We will still pay label lookup costs if MAC
  policies are present but don't require labels (typically a single mbuf
  header field read, but perhaps further indirection if IPSEC or other
  m_tag consumers are in use).

- Further push socket locking for socket-related access control checks and
  events into MAC policies from the MAC Framework, so that sockets are
  only locked if a policy specifically requires a lock to protect a label.
  This resolves lock order issues during sonewconn() and also in local
  domain socket cross-connect where multiple socket locks could not be
  held at once for the purposes of propagatig MAC labels across multiple
  sockets.  Eliminate mac_policy_count check in some entry points where it
  no longer avoids locking.

- Add mac_policy_count checking in some entry points relating to network
  interfaces that otherwise lock a global MAC ifnet lock used to protect
  ifnet labels.

Obtained from:	TrustedBSD Project
2009-06-03 18:46:28 +00:00
..
libalias What's the point of adjusting a checksum if we are going to toss the 2009-04-11 15:26:31 +00:00
accf_data.c Rework socket upcalls to close some races with setup/teardown of upcalls. 2009-06-01 21:17:03 +00:00
accf_dns.c Rework socket upcalls to close some races with setup/teardown of upcalls. 2009-06-01 21:17:03 +00:00
accf_http.c Rework socket upcalls to close some races with setup/teardown of upcalls. 2009-06-01 21:17:03 +00:00
icmp6.h Add MLDv2 prototypes and defines. 2009-04-29 10:20:17 +00:00
icmp_var.h Update stats in struct icmpstat and icmp6stat using four new 2009-04-12 13:22:33 +00:00
if_atm.c This main goals of this project are: 2008-12-15 06:10:57 +00:00
if_atm.h
if_ether.c Reimplement the netisr framework in order to support parallel netisr 2009-06-01 10:41:38 +00:00
if_ether.h remove dependency on net/if.h of this header 2009-02-16 15:07:40 +00:00
igmp_var.h Update stats in struct igmpstat using two new macros: 2009-04-12 13:41:13 +00:00
igmp.c Merge fixes from p4: 2009-06-01 15:30:18 +00:00
igmp.h Comment IGMP_PIM as being very historic, as in, don't use. 2009-03-19 01:15:26 +00:00
in_cksum.c Add FBSDID to all files in netinet so that people can more 2007-10-07 20:44:24 +00:00
in_gif.c Update stats in struct ipstat using four new macros, IPSTAT_ADD(), 2009-04-11 23:35:20 +00:00
in_gif.h
in_mcast.c Cut over to KTR_INET for CTR. 2009-04-29 10:14:16 +00:00
in_pcb.c Continue work to optimize performance of "options MAC" when no MAC policy 2009-06-03 18:46:28 +00:00
in_pcb.h - Rename IP_NONLOCALOK IP socket option to IP_BINDANY, to be more consistent 2009-06-01 10:30:00 +00:00
in_proto.c Merge IGMPv3 and Source-Specific Multicast (SSM) to the FreeBSD 2009-03-09 17:53:05 +00:00
in_rmx.c Convert the two dimensional array to be malloced and introduce 2009-06-01 15:49:42 +00:00
in_systm.h Use uint32_t instead of n_long and n_time, and uint16_t instead of n_short. 2009-02-13 15:14:43 +00:00
in_var.h Remove bogus comment. 2009-05-09 18:50:01 +00:00
in.c If including vnet.h one has to include opt_route.h as well. This is 2009-05-22 23:03:15 +00:00
in.h - Rename IP_NONLOCALOK IP socket option to IP_BINDANY, to be more consistent 2009-06-01 10:30:00 +00:00
ip6.h Start removing IPv6 Type 0 Routing header code. 2009-03-03 13:12:12 +00:00
ip_carp.c Bite the bullet, and make the IPv6 SSM and MLDv2 mega-commit: 2009-04-29 19:19:13 +00:00
ip_carp.h Update stats in struct carpstats using two new macros: CARPSTATS_ADD() 2009-04-12 14:19:37 +00:00
ip_divert.c Add internal 'mac_policy_count' counter to the MAC Framework, which is a 2009-06-02 18:26:17 +00:00
ip_divert.h
ip_dummynet.c Add emulation of delay profiles, which lets you model various 2009-04-09 12:46:00 +00:00
ip_dummynet.h Add emulation of delay profiles, which lets you model various 2009-04-09 12:46:00 +00:00
ip_ecn.c Add FBSDID to all files in netinet so that people can more 2007-10-07 20:44:24 +00:00
ip_ecn.h
ip_encap.c Add FBSDID to all files in netinet so that people can more 2007-10-07 20:44:24 +00:00
ip_encap.h
ip_fastfwd.c Change if_output to take a struct route as its fourth argument in order 2009-04-16 20:30:28 +00:00
ip_fw2.c Revert the logical change of r192341. 2009-05-18 22:34:44 +00:00
ip_fw_nat.c Prefer actual field names (if_addrhead, ifa_link) to macros aliasing 2009-04-20 22:40:44 +00:00
ip_fw_pfil.c Permit buiding kernels with options VIMAGE, restricted to only a single 2009-04-30 13:36:26 +00:00
ip_fw.h Make indentation more uniform accross vnet container structs. 2009-05-02 08:16:26 +00:00
ip_gre.c Enqueue de-capsulated packet instead of performing direct dispatch. It's 2008-07-04 21:01:30 +00:00
ip_gre.h
ip_icmp.c In icmp_reflect(), acquire the inteface address list lock when 2009-04-20 13:45:39 +00:00
ip_icmp.h Use uint32_t instead of n_long and n_time, and uint16_t instead of n_short. 2009-02-13 15:14:43 +00:00
ip_id.c Rather than using hidden includes (with cicular dependencies), 2008-12-02 21:37:28 +00:00
ip_input.c Reimplement the netisr framework in order to support parallel netisr 2009-06-01 10:41:38 +00:00
ip_ipsec.c Add sysctls to toggle the behaviour of the (former) IPSEC_FILTERTUNNEL 2009-05-23 16:42:38 +00:00
ip_ipsec.h Take the route mtu into account, if available, when sending an 2008-04-09 05:17:18 +00:00
ip_mroute.c Use KTR_INET for MROUTING CTRs. 2009-04-29 10:17:08 +00:00
ip_mroute.h Bracket struct mfc and struct rtdetq with #ifdef _KERNEL. 2009-04-21 12:47:09 +00:00
ip_options.c Update stats in struct ipstat using four new macros, IPSTAT_ADD(), 2009-04-11 23:35:20 +00:00
ip_options.h Add function ip_checkrouteralert(), which will be used 2009-03-04 02:51:22 +00:00
ip_output.c - Rename IP_NONLOCALOK IP socket option to IP_BINDANY, to be more consistent 2009-06-01 10:30:00 +00:00
ip_var.h Update stats in struct ipstat using four new macros, IPSTAT_ADD(), 2009-04-11 23:35:20 +00:00
ip.h Use uint32_t instead of n_long and n_time, and uint16_t instead of n_short. 2009-02-13 15:14:43 +00:00
pim_var.h Update stats in struct pimstat using two new macros: PIMSTAT_ADD() 2009-04-12 14:06:26 +00:00
pim.h
raw_ip.c - Rename IP_NONLOCALOK IP socket option to IP_BINDANY, to be more consistent 2009-06-01 10:30:00 +00:00
sctp_asconf.c Code from the hack-session known as the IETF (and a 2008-12-06 13:19:54 +00:00
sctp_asconf.h Code from the hack-session known as the IETF (and a 2008-12-06 13:19:54 +00:00
sctp_auth.c - Cleanup checksum code. 2009-02-03 11:04:03 +00:00
sctp_auth.h Code from the hack-session known as the IETF (and a 2008-12-06 13:19:54 +00:00
sctp_bsd_addr.c Add missing address lock when we look at the ifa list 2009-04-14 19:20:27 +00:00
sctp_bsd_addr.h 1) Adds the rest of the VIMAGE change macros 2008-07-09 16:45:30 +00:00
sctp_cc_functions.c - Macro-izes the packed declaration in all headers. 2008-06-14 07:58:05 +00:00
sctp_cc_functions.h 1) Adds the rest of the VIMAGE change macros 2008-07-09 16:45:30 +00:00
sctp_constants.h Fixes several PR-SCTP releated bugs. 2009-03-14 13:42:13 +00:00
sctp_crc32.c repository sync to multi-OS repo ... spaceing change 2009-05-07 16:43:49 +00:00
sctp_crc32.h This commit fixes the issue with alias_sctp.c. No 2009-02-14 11:34:57 +00:00
sctp_header.h Add the add-stream capability. Still needs more 2009-02-20 15:03:54 +00:00
sctp_indata.c Move the flight size reduction to right after 2009-04-14 07:50:29 +00:00
sctp_indata.h Code from the hack-session known as the IETF (and a 2008-12-06 13:19:54 +00:00
sctp_input.c Many bug fixes (from the IETF hack-fest): 2009-04-04 11:43:32 +00:00
sctp_input.h 1) Adds the rest of the VIMAGE change macros 2008-07-09 16:45:30 +00:00
sctp_lock_bsd.h - Make strict-sacks be the default. 2008-08-28 09:44:07 +00:00
sctp_os_bsd.h Unbreak options VIMAGE kernel builds. 2009-05-06 08:49:39 +00:00
sctp_os.h - Fix address add handling to clear cached routes and source addresses 2007-08-24 00:53:53 +00:00
sctp_output.c Many bug fixes (from the IETF hack-fest): 2009-04-04 11:43:32 +00:00
sctp_output.h Fix the add stream feature of strm-reset to really work: 2009-02-27 20:54:45 +00:00
sctp_pcb.c Adds missing sysctl to manage the vtag_time_wait time. This will 2009-05-30 11:14:41 +00:00
sctp_pcb.h - Cleanup checksum code. 2009-02-03 11:04:03 +00:00
sctp_peeloff.c - Macro-izes the packed declaration in all headers. 2008-06-14 07:58:05 +00:00
sctp_peeloff.h - Copyright change, cisco's silly tool wants it to say: 2007-05-08 17:01:12 +00:00
sctp_structs.h add an llentry to struct route{_in6} to allow it to be passed around with 2009-04-15 20:34:19 +00:00
sctp_sysctl.c Adds missing sysctl to manage the vtag_time_wait time. This will 2009-05-30 11:14:41 +00:00
sctp_sysctl.h Adds missing sysctl to manage the vtag_time_wait time. This will 2009-05-30 11:14:41 +00:00
sctp_timer.c Fixes several PR-SCTP releated bugs. 2009-03-14 13:42:13 +00:00
sctp_timer.h Invariants changes that make more sense. 2008-10-27 13:53:31 +00:00
sctp_uio.h Make sctp_uio user to kernel structure match the 2009-05-30 10:50:40 +00:00
sctp_usrreq.c Many bug fixes (from the IETF hack-fest): 2009-04-04 11:43:32 +00:00
sctp_var.h Fixes several PR-SCTP releated bugs. 2009-03-14 13:42:13 +00:00
sctp.h Fixes several PR-SCTP releated bugs. 2009-03-14 13:42:13 +00:00
sctputil.c Fix a small memory leak from the nr-sack code - the mapping array 2009-05-30 10:56:27 +00:00
sctputil.h Fixes several PR-SCTP releated bugs. 2009-03-14 13:42:13 +00:00
tcp_debug.c To my reading there are no real consumers of ip6_plen (IPv6 2008-09-07 20:44:45 +00:00
tcp_debug.h Use uint32_t instead of n_long and n_time, and uint16_t instead of n_short. 2009-02-13 15:14:43 +00:00
tcp_fsm.h Make tcpstates[] static, and make sure TCPSTATES is defined before 2007-07-30 11:06:42 +00:00
tcp_hostcache.c A NOP change: style / whitespace cleanup of the noise that slipped 2009-05-08 14:34:25 +00:00
tcp_hostcache.h Add an essential .h file that skipped from the last commit (r185419). 2008-11-28 23:39:25 +00:00
tcp_input.c Add internal 'mac_policy_count' counter to the MAC Framework, which is a 2009-06-02 18:26:17 +00:00
tcp_lro.c Don't calculate checksum if it has already been validated 2008-08-24 02:31:09 +00:00
tcp_lro.h Add generic TCP LOR into netinet 2008-06-11 22:12:50 +00:00
tcp_offload.c Rather than using hidden includes (with cicular dependencies), 2008-12-02 21:37:28 +00:00
tcp_offload.h - Switch to INP_WLOCK macro from inp_wlock 2008-07-21 21:22:56 +00:00
tcp_output.c Update stats in struct tcpstat using two new macros, TCPSTAT_ADD() and 2009-04-11 22:07:19 +00:00
tcp_reass.c Remove comment about moving tcp_reass() to its own file named tcp_reass.c, 2009-05-25 14:51:47 +00:00
tcp_sack.c Update stats in struct tcpstat using two new macros, TCPSTAT_ADD() and 2009-04-11 22:07:19 +00:00
tcp_seq.h
tcp_subr.c For UDP with introducing the UDP control block, the uma zone had to 2009-05-23 17:02:30 +00:00
tcp_syncache.c Add internal 'mac_policy_count' counter to the MAC Framework, which is a 2009-06-02 18:26:17 +00:00
tcp_syncache.h Permit buiding kernels with options VIMAGE, restricted to only a single 2009-04-30 13:36:26 +00:00
tcp_timer.c Update stats in struct tcpstat using two new macros, TCPSTAT_ADD() and 2009-04-11 22:07:19 +00:00
tcp_timer.h Two changes: 2007-09-24 05:26:24 +00:00
tcp_timewait.c Unbreak options VIMAGE + nooptions INVARIANTS kernel builds. 2009-05-02 05:02:28 +00:00
tcp_usrreq.c Update stats in struct tcpstat using two new macros, TCPSTAT_ADD() and 2009-04-11 22:07:19 +00:00
tcp_var.h Permit buiding kernels with options VIMAGE, restricted to only a single 2009-04-30 13:36:26 +00:00
tcp.h add rcv_nxt, snd_nxt, and toe offload id to FreeBSD-specific 2008-05-05 20:13:31 +00:00
tcpip.h
toedev.h Don't check if an interface can do tcp offload if there are no offload devices registered on the system. 2008-09-01 05:30:22 +00:00
udp_usrreq.c Add hierarchical jails. A jail may further virtualize its environment 2009-05-27 14:11:23 +00:00
udp_var.h Implement UDP control block support. 2009-05-23 16:51:13 +00:00
udp.h
vinet.h Implement UDP control block support. 2009-05-23 16:51:13 +00:00