freebsd-nq/sys/netipsec
Marko Zec 21ca7b57bd Change the curvnet variable from a global const struct vnet *,
previously always pointing to the default vnet context, to a
dynamically changing thread-local one.  The currvnet context
should be set on entry to networking code via CURVNET_SET() macros,
and reverted to previous state via CURVNET_RESTORE().  Recursions
on curvnet are permitted, though strongly discuouraged.

This change should have no functional impact on nooptions VIMAGE
kernel builds, where CURVNET_* macros expand to whitespace.

The curthread->td_vnet (aka curvnet) variable's purpose is to be an
indicator of the vnet context in which the current network-related
operation takes place, in case we cannot deduce the current vnet
context from any other source, such as by looking at mbuf's
m->m_pkthdr.rcvif->if_vnet, sockets's so->so_vnet etc.  Moreover, so
far curvnet has turned out to be an invaluable consistency checking
aid: it helps to catch cases when sockets, ifnets or any other
vnet-aware structures may have leaked from one vnet to another.

The exact placement of the CURVNET_SET() / CURVNET_RESTORE() macros
was a result of an empirical iterative process, whith an aim to
reduce recursions on CURVNET_SET() to a minimum, while still reducing
the scope of CURVNET_SET() to networking only operations - the
alternative would be calling CURVNET_SET() on each system call entry.
In general, curvnet has to be set in three typicall cases: when
processing socket-related requests from userspace or from within the
kernel; when processing inbound traffic flowing from device drivers
to upper layers of the networking stack, and when executing
timer-driven networking functions.

This change also introduces a DDB subcommand to show the list of all
vnet instances.

Approved by:	julian (mentor)
2009-05-05 10:56:12 +00:00
..
ah_var.h
ah.h
esp_var.h
esp.h
ipcomp_var.h
ipcomp.h
ipip_var.h
ipsec6.h
ipsec_input.c
ipsec_mbuf.c
ipsec_output.c
ipsec.c Permit buiding kernels with options VIMAGE, restricted to only a single 2009-04-30 13:36:26 +00:00
ipsec.h
key_debug.c
key_debug.h
key_var.h
key.c Stub out IN6_LOOKUP_MULTI() for GETSPI requests, for now. 2009-04-29 11:15:58 +00:00
key.h key_gettunnel() has been unsued with FAST_IPSEC (now IPSEC). 2009-04-27 21:04:16 +00:00
keydb.h
keysock.c
keysock.h
vipsec.h Make indentation more uniform accross vnet container structs. 2009-05-02 08:16:26 +00:00
xform_ah.c
xform_esp.c
xform_ipcomp.c
xform_ipip.c
xform_tcp.c Change the curvnet variable from a global const struct vnet *, 2009-05-05 10:56:12 +00:00
xform.h