freebsd-nq/sys/netipsec
Marko Zec 21ca7b57bd Change the curvnet variable from a global const struct vnet *,
previously always pointing to the default vnet context, to a
dynamically changing thread-local one.  The currvnet context
should be set on entry to networking code via CURVNET_SET() macros,
and reverted to previous state via CURVNET_RESTORE().  Recursions
on curvnet are permitted, though strongly discuouraged.

This change should have no functional impact on nooptions VIMAGE
kernel builds, where CURVNET_* macros expand to whitespace.

The curthread->td_vnet (aka curvnet) variable's purpose is to be an
indicator of the vnet context in which the current network-related
operation takes place, in case we cannot deduce the current vnet
context from any other source, such as by looking at mbuf's
m->m_pkthdr.rcvif->if_vnet, sockets's so->so_vnet etc.  Moreover, so
far curvnet has turned out to be an invaluable consistency checking
aid: it helps to catch cases when sockets, ifnets or any other
vnet-aware structures may have leaked from one vnet to another.

The exact placement of the CURVNET_SET() / CURVNET_RESTORE() macros
was a result of an empirical iterative process, whith an aim to
reduce recursions on CURVNET_SET() to a minimum, while still reducing
the scope of CURVNET_SET() to networking only operations - the
alternative would be calling CURVNET_SET() on each system call entry.
In general, curvnet has to be set in three typicall cases: when
processing socket-related requests from userspace or from within the
kernel; when processing inbound traffic flowing from device drivers
to upper layers of the networking stack, and when executing
timer-driven networking functions.

This change also introduces a DDB subcommand to show the list of all
vnet instances.

Approved by:	julian (mentor)
2009-05-05 10:56:12 +00:00
..
ah_var.h
ah.h
esp_var.h
esp.h
ipcomp_var.h
ipcomp.h
ipip_var.h Second round of putting global variables, which were virtualized 2008-12-13 19:13:03 +00:00
ipsec6.h Try to remove/assimilate as much of formerly IPv4/6 specific 2009-02-08 09:27:07 +00:00
ipsec_input.c Rather than using hidden includes (with cicular dependencies), 2008-12-02 21:37:28 +00:00
ipsec_mbuf.c Remove remain <= MHLEN restriction in m_makespace(), 2009-01-28 10:41:10 +00:00
ipsec_output.c Use NULL rather than 0 when comparing pointers. 2009-01-30 20:17:08 +00:00
ipsec.c Permit buiding kernels with options VIMAGE, restricted to only a single 2009-04-30 13:36:26 +00:00
ipsec.h Try to remove/assimilate as much of formerly IPv4/6 specific 2009-02-08 09:27:07 +00:00
key_debug.c Shuffle the vimage.h includes or add where missing. 2009-02-27 13:22:26 +00:00
key_debug.h Commit step 1 of the vimage project, (network stack) 2008-08-17 23:27:27 +00:00
key_var.h First steps towards IPSec cleanup. 2006-03-25 13:38:52 +00:00
key.c Stub out IN6_LOOKUP_MULTI() for GETSPI requests, for now. 2009-04-29 11:15:58 +00:00
key.h key_gettunnel() has been unsued with FAST_IPSEC (now IPSEC). 2009-04-27 21:04:16 +00:00
keydb.h First steps towards IPSec cleanup. 2006-03-25 13:38:52 +00:00
keysock.c For all files including net/vnet.h directly include opt_route.h and 2009-02-27 14:12:05 +00:00
keysock.h Unhide declarations of network stack virtualization structs from 2008-11-28 23:30:51 +00:00
vipsec.h Make indentation more uniform accross vnet container structs. 2009-05-02 08:16:26 +00:00
xform_ah.c Introduce vnet module registration / initialization framework with 2009-04-11 05:58:58 +00:00
xform_esp.c Introduce vnet module registration / initialization framework with 2009-04-11 05:58:58 +00:00
xform_ipcomp.c Introduce vnet module registration / initialization framework with 2009-04-11 05:58:58 +00:00
xform_ipip.c Introduce vnet module registration / initialization framework with 2009-04-11 05:58:58 +00:00
xform_tcp.c Change the curvnet variable from a global const struct vnet *, 2009-05-05 10:56:12 +00:00
xform.h Add sysctls to if_enc(4) to control whether the firewalls or 2007-11-28 22:33:53 +00:00