freebsd-nq/sys/netipsec
Andrey V. Elsukov 6d8fdfa9d5 Rework IP encapsulation handling code.
Currently it has several disadvantages:
- it uses single mutex to protect internal structures. It is used by
  data- and control- path, thus there are no parallelism at all.
- it uses single list to keep encap handlers for both INET and INET6
  families.
- struct encaptab keeps unneeded information (src, dst, masks, protosw),
  that isn't used by code in the source tree.
- matches are prioritized and when many tunneling interfaces are
  registered, encapcheck handler of each interface is invoked for each
  packet. The search takes O(n) for n interfaces. All this work is done
  with exclusive lock held.

What this patch includes:
- the datapath is converted to be lockless using epoch(9) KPI.
- struct encaptab now linked using CK_LIST.
- all unused fields removed from struct encaptab. Several new fields
  addedr: min_length is the minimum packet length, that encapsulation
  handler expects to see; exact_match is maximum number of bits, that
  can return an encapsulation handler, when it wants to consume a packet.
- IPv6 and IPv4 handlers are stored in separate lists;
- added new "encap_lookup_t" method, that will be used later. It is
  targeted to speedup lookup of needed interface, when gif(4)/gre(4) have
  many interfaces.
- the need to use protosw structure is eliminated. The only pr_input
  method was used from this structure, so I don't see the need to keep
  using it.
- encap_input_t method changed to avoid using mbuf tags to store softc
  pointer. Now it is passed directly trough encap_input_t method.
  encap_getarg() funtions is removed.
- all sockaddr structures and code that uses them removed. We don't have
  any code in the tree that uses them. All consumers use encap_attach_func()
  method, that relies on invoking of encapcheck() to determine the needed
  handler.
- introduced struct encap_config, it contains parameters of encap handler
  that is going to be registered by encap_attach() function.
- encap handlers are stored in lists ordered by exact_match value, thus
  handlers that need more bits to match will be checked first, and if
  encapcheck method returns exact_match value, the search will be stopped.
- all current consumers changed to use new KPI.

Reviewed by:	mmacy
Sponsored by:	Yandex LLC
Differential Revision:	https://reviews.freebsd.org/D15617
2018-06-05 20:51:01 +00:00
..
ah_var.h
ah.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
esp_var.h
esp.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ipcomp_var.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ipcomp.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ipsec6.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ipsec_input.c Add inpcb pointer to struct ipsec_ctx_data and pass it to the pfil hook 2017-07-31 11:04:35 +00:00
ipsec_mbuf.c Merge r1.22-1.23 from NetBSD: 2018-04-26 12:23:31 +00:00
ipsec_mod.c
ipsec_output.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
ipsec_pcb.c Fix SP refcount leak. 2017-04-26 00:34:05 +00:00
ipsec_support.h
ipsec.c Remove unused variables and sysctl declaration. 2018-02-19 12:20:51 +00:00
ipsec.h Add a SPD cache to speed up lookups. 2018-05-22 15:54:25 +00:00
key_debug.c sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
key_debug.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
key_var.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
key.c Temporary disable SPDCACHE statistic accounting until proper fix will be 2018-05-28 09:23:28 +00:00
key.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
keydb.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
keysock.c Rework key_sendup_mbuf() a bit: 2018-03-11 19:14:01 +00:00
keysock.h Remove obsoleted and unused key_sendup() function. 2018-03-11 18:03:55 +00:00
subr_ipsec.c
udpencap.c Fix possible double releasing for SA reference. 2017-09-01 11:51:07 +00:00
xform_ah.c Correctly handle the padding for IPv6-AH, as specified by RFC4302 2018-06-04 18:51:06 +00:00
xform_esp.c Set the proper vnet in IPsec callback functions. 2018-03-20 17:05:23 +00:00
xform_ipcomp.c Rework IP encapsulation handling code. 2018-06-05 20:51:01 +00:00
xform_tcp.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
xform.h Set the proper vnet in IPsec callback functions. 2018-03-20 17:05:23 +00:00