Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.218.2.4 retrieving revision 1.219.2.2 diff -u -p -r1.218.2.4 -r1.219.2.2 --- src/sys/netinet/ip_input.c 2007/09/03 14:42:58 1.218.2.4 +++ src/sys/netinet/ip_input.c 2005/11/02 11:58:11 1.219.2.2 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.218.2.4 2007/09/03 14:42:58 yamt Exp $ */ +/* $NetBSD: ip_input.c,v 1.219.2.2 2005/11/02 11:58:11 yamt Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -98,7 +98,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.218.2.4 2007/09/03 14:42:58 yamt Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.219.2.2 2005/11/02 11:58:11 yamt Exp $"); #include "opt_inet.h" #include "opt_gateway.h" @@ -121,7 +121,6 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v #include #include #include -#include #include #include @@ -280,10 +279,10 @@ static u_int ip_reass_ttl_decr(u_int tic static void ip_reass_drophalf(void); -static inline int ipq_lock_try(void); -static inline void ipq_unlock(void); +static __inline int ipq_lock_try(void); +static __inline void ipq_unlock(void); -static inline int +static __inline int ipq_lock_try(void) { int s; @@ -302,7 +301,7 @@ ipq_lock_try(void) return (1); } -static inline void +static __inline void ipq_unlock(void) { int s; @@ -334,10 +333,8 @@ do { \ #define IPQ_UNLOCK() ipq_unlock() -POOL_INIT(inmulti_pool, sizeof(struct in_multi), 0, 0, 0, "inmltpl", NULL, - IPL_SOFTNET); -POOL_INIT(ipqent_pool, sizeof(struct ipqent), 0, 0, 0, "ipqepl", NULL, - IPL_VM); +POOL_INIT(inmulti_pool, sizeof(struct in_multi), 0, 0, 0, "inmltpl", NULL); +POOL_INIT(ipqent_pool, sizeof(struct ipqent), 0, 0, 0, "ipqepl", NULL); #ifdef INET_CSUM_COUNTERS #include @@ -379,8 +376,8 @@ static struct ip_srcrt { static void save_rte(u_char *, struct in_addr); #ifdef MBUFTRACE -struct mowner ip_rx_mowner = MOWNER_INIT("internet", "rx"); -struct mowner ip_tx_mowner = MOWNER_INIT("internet", "tx"); +struct mowner ip_rx_mowner = { "internet", "rx" }; +struct mowner ip_tx_mowner = { "internet", "tx" }; #endif /* @@ -417,7 +414,7 @@ ip_init(void) for (i = 0; i < IPREASS_NHASH; i++) LIST_INIT(&ipq[i]); - ip_id = time_second & 0xfffff; + ip_id = time.tv_sec & 0xfffff; ipintrq.ifq_maxlen = ipqmaxlen; ip_nmbclusters_changed(); @@ -429,7 +426,7 @@ ip_init(void) M_WAITOK, &in_multihash); ip_mtudisc_timeout_q = rt_timer_queue_create(ip_mtudisc_timeout); #ifdef GATEWAY - ipflow_init(ip_hashsize); + ipflow_init(); #endif #ifdef PFIL_HOOKS @@ -448,10 +445,7 @@ ip_init(void) #endif /* MBUFTRACE */ } -struct sockaddr_in ipaddr = { - .sin_len = sizeof(ipaddr), - .sin_family = AF_INET, -}; +struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET }; struct route ipforward_rt; /* @@ -463,7 +457,7 @@ ipintr(void) int s; struct mbuf *m; - while (!IF_IS_EMPTY(&ipintrq)) { + while (1) { s = splnet(); IF_DEQUEUE(&ipintrq, m); splx(s); @@ -490,13 +484,12 @@ ip_input(struct mbuf *m) int downmatch; int checkif; int srcrt = 0; - int s; u_int hash; #ifdef FAST_IPSEC struct m_tag *mtag; struct tdb_ident *tdbi; struct secpolicy *sp; - int error; + int s, error; #endif /* FAST_IPSEC */ MCLAIM(m, &ip_rx_mowner); @@ -518,7 +511,7 @@ ip_input(struct mbuf *m) * it. Otherwise, if it is aligned, make sure the entire * base IP header is in the first mbuf of the chain. */ - if (IP_HDR_ALIGNED_P(mtod(m, void *)) == 0) { + if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { if ((m = m_copyup(m, sizeof(struct ip), (max_linkhdr + 3) & ~3)) == NULL) { /* XXXJRT new stat, please */ @@ -739,7 +732,7 @@ ip_input(struct mbuf *m) } if (ia != NULL) goto ours; - if (m->m_pkthdr.rcvif && m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) { + if (m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) { IFADDR_FOREACH(ifa, m->m_pkthdr.rcvif) { if (ifa->ifa_addr->sa_family != AF_INET) continue; @@ -904,7 +897,9 @@ ours: */ IPQ_LOCK(); hash = IPREASS_HASH(ip->ip_src.s_addr, ip->ip_id); - LIST_FOREACH(fp, &ipq[hash], ipq_q) { + /* XXX LIST_FOREACH(fp, &ipq[hash], ipq_q) */ + for (fp = LIST_FIRST(&ipq[hash]); fp != NULL; + fp = LIST_NEXT(fp, ipq_q)) { if (ip->ip_id == fp->ipq_id && in_hosteq(ip->ip_src, fp->ipq_src) && in_hosteq(ip->ip_dst, fp->ipq_dst) && @@ -943,9 +938,7 @@ found: */ if (mff || ip->ip_off != htons(0)) { ipstat.ips_fragments++; - s = splvm(); ipqe = pool_get(&ipqent_pool, PR_NOWAIT); - splx(s); if (ipqe == NULL) { ipstat.ips_rcvmemdrop++; IPQ_UNLOCK(); @@ -981,7 +974,7 @@ found: goto bad; } #endif -#ifdef FAST_IPSEC +#if FAST_IPSEC /* * enforce IPsec policy checking if we are seeing last header. * note that we do not visit this with protocols with pcb layer @@ -1058,7 +1051,7 @@ ip_reass(struct ipqent *ipqe, struct ipq struct ip *ip; struct mbuf *t; int hlen = ipqe->ipqe_ip->ip_hl << 2; - int i, next, s; + int i, next; IPQ_LOCK_CHECK(); @@ -1163,9 +1156,7 @@ ip_reass(struct ipqent *ipqe, struct ipq nq = TAILQ_NEXT(q, ipqe_q); m_freem(q->ipqe_m); TAILQ_REMOVE(&fp->ipq_fragq, q, ipqe_q); - s = splvm(); pool_put(&ipqent_pool, q); - splx(s); fp->ipq_nfrags--; ip_nfrags--; } @@ -1206,15 +1197,11 @@ insert: m->m_next = 0; m_cat(m, t); nq = TAILQ_NEXT(q, ipqe_q); - s = splvm(); pool_put(&ipqent_pool, q); - splx(s); for (q = nq; q != NULL; q = nq) { t = q->ipqe_m; nq = TAILQ_NEXT(q, ipqe_q); - s = splvm(); pool_put(&ipqent_pool, q); - splx(s); m_cat(m, t); } ip_nfrags -= fp->ipq_nfrags; @@ -1249,9 +1236,7 @@ dropfrag: ip_nfrags--; ipstat.ips_fragdropped++; m_freem(m); - s = splvm(); pool_put(&ipqent_pool, ipqe); - splx(s); return (0); } @@ -1264,7 +1249,6 @@ ip_freef(struct ipq *fp) { struct ipqent *q, *p; u_int nfrags = 0; - int s; IPQ_LOCK_CHECK(); @@ -1273,9 +1257,7 @@ ip_freef(struct ipq *fp) m_freem(q->ipqe_m); nfrags++; TAILQ_REMOVE(&fp->ipq_fragq, q, ipqe_q); - s = splvm(); pool_put(&ipqent_pool, q); - splx(s); } if (nfrags != fp->ipq_nfrags) @@ -1407,6 +1389,9 @@ ip_slowtimo(void) dropscanidx = i; } IPQ_UNLOCK(); +#ifdef GATEWAY + ipflow_slowtimo(); +#endif splx(s); } @@ -1525,7 +1510,7 @@ ip_dooptions(struct mbuf *m) /* * locate outgoing interface */ - bcopy((void *)(cp + off), (void *)&ipaddr.sin_addr, + bcopy((caddr_t)(cp + off), (caddr_t)&ipaddr.sin_addr, sizeof(ipaddr.sin_addr)); if (opt == IPOPT_SSRR) ia = ifatoia(ifa_ifwithladdr(sintosa(&ipaddr))); @@ -1537,8 +1522,8 @@ ip_dooptions(struct mbuf *m) goto bad; } ip->ip_dst = ipaddr.sin_addr; - bcopy((void *)&ia->ia_addr.sin_addr, - (void *)(cp + off), sizeof(struct in_addr)); + bcopy((caddr_t)&ia->ia_addr.sin_addr, + (caddr_t)(cp + off), sizeof(struct in_addr)); cp[IPOPT_OFFSET] += sizeof(struct in_addr); /* * Let ip_intr's mcast routing check handle mcast pkts @@ -1561,7 +1546,7 @@ ip_dooptions(struct mbuf *m) off--; /* 0 origin */ if ((off + sizeof(struct in_addr)) > optlen) break; - bcopy((void *)(&ip->ip_dst), (void *)&ipaddr.sin_addr, + bcopy((caddr_t)(&ip->ip_dst), (caddr_t)&ipaddr.sin_addr, sizeof(ipaddr.sin_addr)); /* * locate outgoing interface; if we're the destination, @@ -1574,8 +1559,8 @@ ip_dooptions(struct mbuf *m) code = ICMP_UNREACH_HOST; goto bad; } - bcopy((void *)&ia->ia_addr.sin_addr, - (void *)(cp + off), sizeof(struct in_addr)); + bcopy((caddr_t)&ia->ia_addr.sin_addr, + (caddr_t)(cp + off), sizeof(struct in_addr)); cp[IPOPT_OFFSET] += sizeof(struct in_addr); break; @@ -1644,7 +1629,7 @@ ip_dooptions(struct mbuf *m) } ntime = iptime(); cp0 = (u_char *) &ntime; /* XXX grumble, GCC... */ - memmove((char *)cp + ipt->ipt_ptr - 1, cp0, + bcopy(cp0, (caddr_t)cp + ipt->ipt_ptr - 1, sizeof(n_time)); ipt->ipt_ptr += sizeof(n_time); } @@ -1672,18 +1657,24 @@ bad: struct in_ifaddr * ip_rtaddr(struct in_addr dst) { - struct rtentry *rt; - union { - struct sockaddr dst; - struct sockaddr_in dst4; - } u; + struct sockaddr_in *sin; - sockaddr_in_init(&u.dst4, &dst, 0); + sin = satosin(&ipforward_rt.ro_dst); - if ((rt = rtcache_lookup(&ipforward_rt, &u.dst)) == NULL) - return NULL; + if (ipforward_rt.ro_rt == 0 || !in_hosteq(dst, sin->sin_addr)) { + if (ipforward_rt.ro_rt) { + RTFREE(ipforward_rt.ro_rt); + ipforward_rt.ro_rt = 0; + } + sin->sin_family = AF_INET; + sin->sin_len = sizeof(*sin); + sin->sin_addr = dst; - return ifatoia(rt->rt_ifa); + rtalloc(&ipforward_rt); + } + if (ipforward_rt.ro_rt == 0) + return ((struct in_ifaddr *)0); + return (ifatoia(ipforward_rt.ro_rt->rt_ifa)); } /* @@ -1702,7 +1693,7 @@ save_rte(u_char *option, struct in_addr #endif /* 0 */ if (olen > sizeof(ip_srcrt) - (1 + sizeof(dst))) return; - bcopy((void *)option, (void *)ip_srcrt.srcopt, olen); + bcopy((caddr_t)option, (caddr_t)ip_srcrt.srcopt, olen); ip_nhops = (olen - IPOPT_OFFSET - 1) / sizeof(struct in_addr); ip_srcrt.dst = dst; } @@ -1719,10 +1710,10 @@ ip_srcroute(void) struct mbuf *m; if (ip_nhops == 0) - return NULL; + return ((struct mbuf *)0); m = m_get(M_DONTWAIT, MT_SOOPTS); if (m == 0) - return NULL; + return ((struct mbuf *)0); MCLAIM(m, &inetdomain.dom_mowner); #define OPTSIZ (sizeof(ip_srcrt.nop) + sizeof(ip_srcrt.srcopt)) @@ -1750,9 +1741,9 @@ ip_srcroute(void) */ ip_srcrt.nop = IPOPT_NOP; ip_srcrt.srcopt[IPOPT_OFFSET] = IPOPT_MINOFF; - memmove(mtod(m, char *) + sizeof(struct in_addr), &ip_srcrt.nop, - OPTSIZ); - q = (struct in_addr *)(mtod(m, char *) + + bcopy((caddr_t)&ip_srcrt.nop, + mtod(m, caddr_t) + sizeof(struct in_addr), OPTSIZ); + q = (struct in_addr *)(mtod(m, caddr_t) + sizeof(struct in_addr) + OPTSIZ); #undef OPTSIZ /* @@ -1789,13 +1780,13 @@ ip_stripoptions(struct mbuf *m, struct m { int i; struct ip *ip = mtod(m, struct ip *); - void *opts; + caddr_t opts; int olen; olen = (ip->ip_hl << 2) - sizeof (struct ip); - opts = (void *)(ip + 1); + opts = (caddr_t)(ip + 1); i = m->m_len - (sizeof (struct ip) + olen); - memmove(opts, (char *)opts + olen, (unsigned)i); + bcopy(opts + olen, opts, (unsigned)i); m->m_len -= olen; if (m->m_flags & M_PKTHDR) m->m_pkthdr.len -= olen; @@ -1830,14 +1821,11 @@ void ip_forward(struct mbuf *m, int srcrt) { struct ip *ip = mtod(m, struct ip *); + struct sockaddr_in *sin; struct rtentry *rt; int error, type = 0, code = 0, destmtu = 0; struct mbuf *mcopy; n_long dest; - union { - struct sockaddr dst; - struct sockaddr_in dst4; - } u; /* * We are now in the output path. @@ -1851,10 +1839,10 @@ ip_forward(struct mbuf *m, int srcrt) dest = 0; #ifdef DIAGNOSTIC - if (ipprintfs) { - printf("forward: src %s ", inet_ntoa(ip->ip_src)); - printf("dst %s ttl %x\n", inet_ntoa(ip->ip_dst), ip->ip_ttl); - } + if (ipprintfs) + printf("forward: src %2.2x dst %2.2x ttl %x\n", + ntohl(ip->ip_src.s_addr), + ntohl(ip->ip_dst.s_addr), ip->ip_ttl); #endif if (m->m_flags & (M_BCAST|M_MCAST) || in_canforward(ip->ip_dst) == 0) { ipstat.ips_cantforward++; @@ -1866,10 +1854,23 @@ ip_forward(struct mbuf *m, int srcrt) return; } - sockaddr_in_init(&u.dst4, &ip->ip_dst, 0); - if ((rt = rtcache_lookup(&ipforward_rt, &u.dst)) == NULL) { - icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_NET, dest, 0); - return; + sin = satosin(&ipforward_rt.ro_dst); + if ((rt = ipforward_rt.ro_rt) == 0 || + !in_hosteq(ip->ip_dst, sin->sin_addr)) { + if (ipforward_rt.ro_rt) { + RTFREE(ipforward_rt.ro_rt); + ipforward_rt.ro_rt = 0; + } + sin->sin_family = AF_INET; + sin->sin_len = sizeof(struct sockaddr_in); + sin->sin_addr = ip->ip_dst; + + rtalloc(&ipforward_rt); + if (ipforward_rt.ro_rt == 0) { + icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_NET, dest, 0); + return; + } + rt = ipforward_rt.ro_rt; } /* @@ -1893,7 +1894,7 @@ ip_forward(struct mbuf *m, int srcrt) */ if (rt->rt_ifp == m->m_pkthdr.rcvif && (rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0 && - !in_nullhost(satocsin(rt_getkey(rt))->sin_addr) && + !in_nullhost(satosin(rt_key(rt))->sin_addr) && ipsendredirects && !srcrt) { if (rt->rt_ifa && (ip->ip_src.s_addr & ifatoia(rt->rt_ifa)->ia_subnetmask) == @@ -1916,7 +1917,7 @@ ip_forward(struct mbuf *m, int srcrt) } } - error = ip_output(m, NULL, &ipforward_rt, + error = ip_output(m, (struct mbuf *)0, &ipforward_rt, (IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)), (struct ip_moptions *)NULL, (struct socket *)NULL); @@ -1959,7 +1960,7 @@ ip_forward(struct mbuf *m, int srcrt) type = ICMP_UNREACH; code = ICMP_UNREACH_NEEDFRAG; #if !defined(IPSEC) && !defined(FAST_IPSEC) - if (ipforward_rt.ro_rt != NULL) + if (ipforward_rt.ro_rt) destmtu = ipforward_rt.ro_rt->rt_ifp->if_mtu; #else /* @@ -1968,7 +1969,7 @@ ip_forward(struct mbuf *m, int srcrt) * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz * XXX quickhack!!! */ - if (ipforward_rt.ro_rt != NULL) { + if (ipforward_rt.ro_rt) { struct secpolicy *sp; int ipsecerror; size_t ipsechdr; @@ -2043,13 +2044,13 @@ ip_savecontrol(struct inpcb *inp, struct struct timeval tv; microtime(&tv); - *mp = sbcreatecontrol((void *) &tv, sizeof(tv), + *mp = sbcreatecontrol((caddr_t) &tv, sizeof(tv), SCM_TIMESTAMP, SOL_SOCKET); if (*mp) mp = &(*mp)->m_next; } if (inp->inp_flags & INP_RECVDSTADDR) { - *mp = sbcreatecontrol((void *) &ip->ip_dst, + *mp = sbcreatecontrol((caddr_t) &ip->ip_dst, sizeof(struct in_addr), IP_RECVDSTADDR, IPPROTO_IP); if (*mp) mp = &(*mp)->m_next; @@ -2063,14 +2064,14 @@ ip_savecontrol(struct inpcb *inp, struct */ /* options were tossed already */ if (inp->inp_flags & INP_RECVOPTS) { - *mp = sbcreatecontrol((void *) opts_deleted_above, + *mp = sbcreatecontrol((caddr_t) opts_deleted_above, sizeof(struct in_addr), IP_RECVOPTS, IPPROTO_IP); if (*mp) mp = &(*mp)->m_next; } /* ip_srcroute doesn't do what we want here, need to fix */ if (inp->inp_flags & INP_RECVRETOPTS) { - *mp = sbcreatecontrol((void *) ip_srcroute(), + *mp = sbcreatecontrol((caddr_t) ip_srcroute(), sizeof(struct in_addr), IP_RECVRETOPTS, IPPROTO_IP); if (*mp) mp = &(*mp)->m_next; @@ -2079,43 +2080,19 @@ ip_savecontrol(struct inpcb *inp, struct if (inp->inp_flags & INP_RECVIF) { struct sockaddr_dl sdl; - sockaddr_dl_init(&sdl, sizeof(sdl), - (m->m_pkthdr.rcvif != NULL) - ? m->m_pkthdr.rcvif->if_index - : 0, - 0, NULL, 0, NULL, 0); - *mp = sbcreatecontrol(&sdl, sdl.sdl_len, IP_RECVIF, IPPROTO_IP); + sdl.sdl_len = offsetof(struct sockaddr_dl, sdl_data[0]); + sdl.sdl_family = AF_LINK; + sdl.sdl_index = m->m_pkthdr.rcvif ? + m->m_pkthdr.rcvif->if_index : 0; + sdl.sdl_nlen = sdl.sdl_alen = sdl.sdl_slen = 0; + *mp = sbcreatecontrol((caddr_t) &sdl, sdl.sdl_len, + IP_RECVIF, IPPROTO_IP); if (*mp) mp = &(*mp)->m_next; } } /* - * sysctl helper routine for net.inet.ip.forwsrcrt. - */ -static int -sysctl_net_inet_ip_forwsrcrt(SYSCTLFN_ARGS) -{ - int error, tmp; - struct sysctlnode node; - - node = *rnode; - tmp = ip_forwsrcrt; - node.sysctl_data = &tmp; - error = sysctl_lookup(SYSCTLFN_CALL(&node)); - if (error || newp == NULL) - return (error); - - if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_FORWSRCRT, - 0, NULL, NULL, NULL)) - return (EPERM); - - ip_forwsrcrt = tmp; - - return (0); -} - -/* * sysctl helper routine for net.inet.ip.mtudisctimeout. checks the * range of the new value and tweaks timers if it changes. */ @@ -2142,7 +2119,8 @@ sysctl_net_inet_ip_pmtudto(SYSCTLFN_ARGS #ifdef GATEWAY /* - * sysctl helper routine for net.inet.ip.maxflows. + * sysctl helper routine for net.inet.ip.maxflows. apparently if + * maxflows is even looked up, we "reap flows". */ static int sysctl_net_inet_ip_maxflows(SYSCTLFN_ARGS) @@ -2150,7 +2128,7 @@ sysctl_net_inet_ip_maxflows(SYSCTLFN_ARG int s; s = sysctl_lookup(SYSCTLFN_CALL(rnode)); - if (s || newp == NULL) + if (s) return (s); s = splsoftnet(); @@ -2159,35 +2137,6 @@ sysctl_net_inet_ip_maxflows(SYSCTLFN_ARG return (0); } - -static int -sysctl_net_inet_ip_hashsize(SYSCTLFN_ARGS) -{ - int error, tmp; - struct sysctlnode node; - - node = *rnode; - tmp = ip_hashsize; - node.sysctl_data = &tmp; - error = sysctl_lookup(SYSCTLFN_CALL(&node)); - if (error || newp == NULL) - return (error); - - if ((tmp & (tmp - 1)) == 0 && tmp != 0) { - /* - * Can only fail due to malloc() - */ - if (ipflow_invalidate_all(tmp)) - return ENOMEM; - } else { - /* - * EINVAL if not a power of 2 - */ - return EINVAL; - } - - return (0); -} #endif /* GATEWAY */ @@ -2244,11 +2193,11 @@ SYSCTL_SETUP(sysctl_net_inet_ip_setup, " IPCTL_DEFMTU, CTL_EOL); #endif /* IPCTL_DEFMTU */ sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, + CTLFLAG_PERMANENT|CTLFLAG_READONLY1, CTLTYPE_INT, "forwsrcrt", SYSCTL_DESCR("Enable forwarding of source-routed " "datagrams"), - sysctl_net_inet_ip_forwsrcrt, 0, &ip_forwsrcrt, 0, + NULL, 0, &ip_forwsrcrt, 0, CTL_NET, PF_INET, IPPROTO_IP, IPCTL_FORWSRCRT, CTL_EOL); sysctl_createv(clog, 0, NULL, NULL, @@ -2309,13 +2258,6 @@ SYSCTL_SETUP(sysctl_net_inet_ip_setup, " sysctl_net_inet_ip_maxflows, 0, &ip_maxflows, 0, CTL_NET, PF_INET, IPPROTO_IP, IPCTL_MAXFLOWS, CTL_EOL); - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "hashsize", - SYSCTL_DESCR("Size of hash table for fast forwarding (IPv4)"), - sysctl_net_inet_ip_hashsize, 0, &ip_hashsize, 0, - CTL_NET, PF_INET, IPPROTO_IP, - CTL_CREATE, CTL_EOL); #endif /* GATEWAY */ sysctl_createv(clog, 0, NULL, NULL, CTLFLAG_PERMANENT|CTLFLAG_READWRITE,