Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.310 retrieving revision 1.340 diff -u -p -r1.310 -r1.340 --- src/sys/netinet/ip_input.c 2014/03/19 08:27:21 1.310 +++ src/sys/netinet/ip_input.c 2016/08/31 09:14:47 1.340 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.310 2014/03/19 08:27:21 liamjfoy Exp $ */ +/* $NetBSD: ip_input.c,v 1.340 2016/08/31 09:14:47 ozaki-r Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,8 +91,9 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.310 2014/03/19 08:27:21 liamjfoy Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.340 2016/08/31 09:14:47 ozaki-r Exp $"); +#ifdef _KERNEL_OPT #include "opt_inet.h" #include "opt_compat_netbsd.h" #include "opt_gateway.h" @@ -100,9 +101,13 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v #include "opt_mrouting.h" #include "opt_mbuftrace.h" #include "opt_inet_csum.h" +#endif + +#include "arp.h" #include #include +#include #include #include #include @@ -118,6 +123,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v #include #include #include +#include #include #include @@ -210,28 +216,18 @@ int ip_do_randomid = 0; * to the loopback interface instead of the interface where the * packets for those addresses are received. */ -int ip_checkinterface = 0; - +static int ip_checkinterface __read_mostly = 0; struct rttimer_queue *ip_mtudisc_timeout_q = NULL; -u_long in_ifaddrhash; /* size of hash table - 1 */ -int in_ifaddrentries; /* total number of addrs */ -struct in_ifaddrhead in_ifaddrhead; -struct in_ifaddrhashhead *in_ifaddrhashtbl; -u_long in_multihash; /* size of hash table - 1 */ -int in_multientries; /* total number of addrs */ -struct in_multihashhead *in_multihashtbl; -struct ifqueue ipintrq; - -ipid_state_t * ip_ids; -uint16_t ip_id; +pktqueue_t * ip_pktq __read_mostly; +pfil_head_t * inet_pfil_hook __read_mostly; +ipid_state_t * ip_ids __read_mostly; +percpu_t * ipstat_percpu __read_mostly; -percpu_t *ipstat_percpu; +static percpu_t *ipforward_rt_percpu __cacheline_aligned; -pfil_head_t *inet_pfil_hook; - -struct pool inmulti_pool; +uint16_t ip_id; #ifdef INET_CSUM_COUNTERS #include @@ -262,7 +258,9 @@ EVCNT_ATTACH_STATIC(ip_swcsum); * maintenance when the remote end is on a network that is not known * to us. */ -int ip_nhops = 0; + +static int ip_nhops = 0; + static struct ip_srcrt { struct in_addr dst; /* final destination */ char nop; /* one NOP to align */ @@ -272,6 +270,11 @@ static struct ip_srcrt { static int ip_drainwanted; +struct sockaddr_in ipaddr = { + .sin_len = sizeof(ipaddr), + .sin_family = AF_INET, +}; + static void save_rte(u_char *, struct in_addr); #ifdef MBUFTRACE @@ -279,7 +282,21 @@ struct mowner ip_rx_mowner = MOWNER_INIT struct mowner ip_tx_mowner = MOWNER_INIT("internet", "tx"); #endif -static void sysctl_net_inet_ip_setup(struct sysctllog **); +static void ipintr(void *); +static void ip_input(struct mbuf *); +static void ip_forward(struct mbuf *, int, struct ifnet *); +static bool ip_dooptions(struct mbuf *); +static struct in_ifaddr *ip_rtaddr(struct in_addr); +static void sysctl_net_inet_ip_setup(struct sysctllog **); + +static struct in_ifaddr *ip_match_our_address(struct ifnet *, struct ip *, + int *); +static struct in_ifaddr *ip_match_our_address_broadcast(struct ifnet *, + struct ip *); + +/* XXX: Not yet enabled. */ +#define SOFTNET_LOCK() KASSERT(mutex_owned(softnet_lock)) +#define SOFTNET_UNLOCK() KASSERT(mutex_owned(softnet_lock)) /* * IP initialization: fill in IP protocol switch table. @@ -289,18 +306,19 @@ void ip_init(void) { const struct protosw *pr; - int i; + in_init(); sysctl_net_inet_ip_setup(NULL); - pool_init(&inmulti_pool, sizeof(struct in_multi), 0, 0, 0, "inmltpl", - NULL, IPL_SOFTNET); - pr = pffindproto(PF_INET, IPPROTO_RAW, SOCK_RAW); - if (pr == 0) - panic("ip_init"); - for (i = 0; i < IPPROTO_MAX; i++) + KASSERT(pr != NULL); + + ip_pktq = pktq_create(IFQ_MAXLEN, ipintr, NULL); + KASSERT(ip_pktq != NULL); + + for (u_int i = 0; i < IPPROTO_MAX; i++) { ip_protox[i] = pr - inetsw; + } for (pr = inetdomain.dom_protosw; pr < inetdomain.dom_protoswNPROTOSW; pr++) if (pr->pr_domain->dom_family == PF_INET && @@ -310,18 +328,11 @@ ip_init(void) ip_reass_init(); ip_ids = ip_id_init(); - ip_id = time_second & 0xfffff; + ip_id = time_uptime & 0xfffff; - ipintrq.ifq_maxlen = IFQ_MAXLEN; - - TAILQ_INIT(&in_ifaddrhead); - in_ifaddrhashtbl = hashinit(IN_IFADDR_HASH_SIZE, HASH_LIST, true, - &in_ifaddrhash); - in_multihashtbl = hashinit(IN_IFADDR_HASH_SIZE, HASH_LIST, true, - &in_multihash); ip_mtudisc_timeout_q = rt_timer_queue_create(ip_mtudisc_timeout); #ifdef GATEWAY - ipflow_init(ip_hashsize); + ipflow_init(); #endif /* Register our Packet Filter hook. */ @@ -334,78 +345,139 @@ ip_init(void) #endif /* MBUFTRACE */ ipstat_percpu = percpu_alloc(sizeof(uint64_t) * IP_NSTATS); + + ipforward_rt_percpu = percpu_alloc(sizeof(struct route)); + if (ipforward_rt_percpu == NULL) + panic("failed to allocate ipforward_rt_percpu"); } -struct sockaddr_in ipaddr = { - .sin_len = sizeof(ipaddr), - .sin_family = AF_INET, -}; -struct route ipforward_rt; +static struct in_ifaddr * +ip_match_our_address(struct ifnet *ifp, struct ip *ip, int *downmatch) +{ + struct in_ifaddr *ia = NULL; + int checkif; + + /* + * Enable a consistency check between the destination address + * and the arrival interface for a unicast packet (the RFC 1122 + * strong ES model) if IP forwarding is disabled and the packet + * is not locally generated. + * + * XXX - Checking also should be disabled if the destination + * address is ipnat'ed to a different interface. + * + * XXX - Checking is incompatible with IP aliases added + * to the loopback interface instead of the interface where + * the packets are received. + * + * XXX - We need to add a per ifaddr flag for this so that + * we get finer grain control. + */ + checkif = ip_checkinterface && (ipforwarding == 0) && + (ifp->if_flags & IFF_LOOPBACK) == 0; + + IN_ADDRHASH_READER_FOREACH(ia, ip->ip_dst.s_addr) { + if (in_hosteq(ia->ia_addr.sin_addr, ip->ip_dst)) { + if (ia->ia4_flags & IN_IFF_NOTREADY) + continue; + if (checkif && ia->ia_ifp != ifp) + continue; + if ((ia->ia_ifp->if_flags & IFF_UP) != 0) + break; + else + (*downmatch)++; + } + } + + return ia; +} + +static struct in_ifaddr * +ip_match_our_address_broadcast(struct ifnet *ifp, struct ip *ip) +{ + struct in_ifaddr *ia = NULL; + struct ifaddr *ifa; + + IFADDR_READER_FOREACH(ifa, ifp) { + if (ifa->ifa_addr->sa_family != AF_INET) + continue; + ia = ifatoia(ifa); + if (ia->ia4_flags & IN_IFF_NOTREADY) + continue; + if (in_hosteq(ip->ip_dst, ia->ia_broadaddr.sin_addr) || + in_hosteq(ip->ip_dst, ia->ia_netbroadcast) || + /* + * Look for all-0's host part (old broadcast addr), + * either for subnet or net. + */ + ip->ip_dst.s_addr == ia->ia_subnet || + ip->ip_dst.s_addr == ia->ia_net) + goto matched; + /* + * An interface with IP address zero accepts + * all packets that arrive on that interface. + */ + if (in_nullhost(ia->ia_addr.sin_addr)) + goto matched; + } + ia = NULL; + +matched: + return ia; +} /* - * IP software interrupt routine + * IP software interrupt routine. */ -void -ipintr(void) +static void +ipintr(void *arg __unused) { - int s; struct mbuf *m; - struct ifqueue lcl_intrq; - memset(&lcl_intrq, 0, sizeof(lcl_intrq)); + KASSERT(cpu_softintr_p()); mutex_enter(softnet_lock); - KERNEL_LOCK(1, NULL); - if (!IF_IS_EMPTY(&ipintrq)) { - s = splnet(); - - /* Take existing queue onto stack */ - lcl_intrq = ipintrq; - - /* Zero out global queue, preserving maxlen and drops */ - ipintrq.ifq_head = NULL; - ipintrq.ifq_tail = NULL; - ipintrq.ifq_len = 0; - ipintrq.ifq_maxlen = lcl_intrq.ifq_maxlen; - ipintrq.ifq_drops = lcl_intrq.ifq_drops; - - splx(s); - } - KERNEL_UNLOCK_ONE(NULL); - while (!IF_IS_EMPTY(&lcl_intrq)) { - IF_DEQUEUE(&lcl_intrq, m); - if (m == NULL) - break; + while ((m = pktq_dequeue(ip_pktq)) != NULL) { ip_input(m); } mutex_exit(softnet_lock); } /* - * Ip input routine. Checksum and byte swap header. If fragmented + * IP input routine. Checksum and byte swap header. If fragmented * try to reassemble. Process options. Pass to next level. */ -void +static void ip_input(struct mbuf *m) { struct ip *ip = NULL; - struct in_ifaddr *ia; - struct ifaddr *ifa; + struct in_ifaddr *ia = NULL; int hlen = 0, len; int downmatch; - int checkif; int srcrt = 0; + ifnet_t *ifp; + struct psref psref; + int s; + + KASSERTMSG(cpu_softintr_p(), "ip_input: not in the software " + "interrupt handler; synchronization assumptions violated"); MCLAIM(m, &ip_rx_mowner); KASSERT((m->m_flags & M_PKTHDR) != 0); + ifp = m_get_rcvif_psref(m, &psref); + if (__predict_false(ifp == NULL)) + goto out; + /* * If no IP addresses have been set yet but the interfaces * are receiving, can't do anything with incoming packets yet. + * Note: we pre-check without locks held. */ - if (TAILQ_FIRST(&in_ifaddrhead) == 0) - goto bad; + if (IN_ADDRLIST_READER_EMPTY()) + goto out; IP_STATINC(IP_STAT_TOTAL); + /* * If the IP header is not aligned, slurp it up into a new * mbuf with space for link headers, in the event we forward @@ -417,28 +489,28 @@ ip_input(struct mbuf *m) (max_linkhdr + 3) & ~3)) == NULL) { /* XXXJRT new stat, please */ IP_STATINC(IP_STAT_TOOSMALL); - return; + goto out; } } else if (__predict_false(m->m_len < sizeof (struct ip))) { if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { IP_STATINC(IP_STAT_TOOSMALL); - return; + goto out; } } ip = mtod(m, struct ip *); if (ip->ip_v != IPVERSION) { IP_STATINC(IP_STAT_BADVERS); - goto bad; + goto out; } hlen = ip->ip_hl << 2; if (hlen < sizeof(struct ip)) { /* minimum header length */ IP_STATINC(IP_STAT_BADHLEN); - goto bad; + goto out; } if (hlen > m->m_len) { if ((m = m_pullup(m, hlen)) == NULL) { IP_STATINC(IP_STAT_BADHLEN); - return; + goto out; } ip = mtod(m, struct ip *); } @@ -449,24 +521,25 @@ ip_input(struct mbuf *m) */ if (IN_MULTICAST(ip->ip_src.s_addr)) { IP_STATINC(IP_STAT_BADADDR); - goto bad; + goto out; } /* 127/8 must not appear on wire - RFC1122 */ if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET || (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) { - if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) { + if ((ifp->if_flags & IFF_LOOPBACK) == 0) { IP_STATINC(IP_STAT_BADADDR); - goto bad; + goto out; } } switch (m->m_pkthdr.csum_flags & - ((m->m_pkthdr.rcvif->if_csum_flags_rx & M_CSUM_IPv4) | + ((ifp->if_csum_flags_rx & M_CSUM_IPv4) | M_CSUM_IPv4_BAD)) { case M_CSUM_IPv4|M_CSUM_IPv4_BAD: INET_CSUM_COUNTER_INCR(&ip_hwcsum_bad); - goto badcsum; + IP_STATINC(IP_STAT_BADSUM); + goto out; case M_CSUM_IPv4: /* Checksum was okay. */ @@ -478,11 +551,13 @@ ip_input(struct mbuf *m) * Must compute it ourselves. Maybe skip checksum on * loopback interfaces. */ - if (__predict_true(!(m->m_pkthdr.rcvif->if_flags & - IFF_LOOPBACK) || ip_do_loopback_cksum)) { + if (__predict_true(!(ifp->if_flags & IFF_LOOPBACK) || + ip_do_loopback_cksum)) { INET_CSUM_COUNTER_INCR(&ip_swcsum); - if (in_cksum(m, hlen) != 0) - goto badcsum; + if (in_cksum(m, hlen) != 0) { + IP_STATINC(IP_STAT_BADSUM); + goto out; + } } break; } @@ -495,7 +570,7 @@ ip_input(struct mbuf *m) */ if (len < hlen) { IP_STATINC(IP_STAT_BADLEN); - goto bad; + goto out; } /* @@ -506,7 +581,7 @@ ip_input(struct mbuf *m) */ if (m->m_pkthdr.len < len) { IP_STATINC(IP_STAT_TOOSHORT); - goto bad; + goto out; } if (m->m_pkthdr.len > len) { if (m->m_len == m->m_pkthdr.len) { @@ -529,26 +604,24 @@ ip_input(struct mbuf *m) * Note that filters must _never_ set this flag, as another filter * in the list may have previously cleared it. */ - /* - * let ipfilter look at packet on the wire, - * not the decapsulated packet. - */ #if defined(IPSEC) - if (!ipsec_indone(m)) + if (!ipsec_used || !ipsec_indone(m)) #else if (1) #endif { - struct in_addr odst; + struct in_addr odst = ip->ip_dst; + bool freed; - odst = ip->ip_dst; - if (pfil_run_hooks(inet_pfil_hook, &m, m->m_pkthdr.rcvif, - PFIL_IN) != 0) - return; - if (m == NULL) - return; + SOFTNET_LOCK(); + freed = pfil_run_hooks(inet_pfil_hook, &m, ifp, PFIL_IN) != 0; + SOFTNET_UNLOCK(); + if (freed || m == NULL) { + goto out; + } ip = mtod(m, struct ip *); hlen = ip->ip_hl << 2; + /* * XXX The setting of "srcrt" here is to prevent ip_forward() * from generating ICMP redirects for packets that have @@ -568,9 +641,14 @@ ip_input(struct mbuf *m) #ifdef ALTQ /* XXX Temporary until ALTQ is changed to use a pfil hook */ - if (altq_input != NULL && (*altq_input)(m, AF_INET) == 0) { - /* packet dropped by traffic conditioner */ - return; + if (altq_input) { + SOFTNET_LOCK(); + if ((*altq_input)(m, AF_INET) == 0) { + /* Packet dropped by traffic conditioner. */ + SOFTNET_UNLOCK(); + goto out; + } + SOFTNET_UNLOCK(); } #endif @@ -582,72 +660,33 @@ ip_input(struct mbuf *m) */ ip_nhops = 0; /* for source routed packets */ if (hlen > sizeof (struct ip) && ip_dooptions(m)) - return; - - /* - * Enable a consistency check between the destination address - * and the arrival interface for a unicast packet (the RFC 1122 - * strong ES model) if IP forwarding is disabled and the packet - * is not locally generated. - * - * XXX - Checking also should be disabled if the destination - * address is ipnat'ed to a different interface. - * - * XXX - Checking is incompatible with IP aliases added - * to the loopback interface instead of the interface where - * the packets are received. - * - * XXX - We need to add a per ifaddr flag for this so that - * we get finer grain control. - */ - checkif = ip_checkinterface && (ipforwarding == 0) && - (m->m_pkthdr.rcvif != NULL) && - ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0); + goto out; /* * Check our list of addresses, to see if the packet is for us. * * Traditional 4.4BSD did not consult IFF_UP at all. * The behavior here is to treat addresses on !IFF_UP interface - * as not mine. + * or IN_IFF_NOTREADY addresses as not mine. */ downmatch = 0; - LIST_FOREACH(ia, &IN_IFADDR_HASH(ip->ip_dst.s_addr), ia_hash) { - if (in_hosteq(ia->ia_addr.sin_addr, ip->ip_dst)) { - if (checkif && ia->ia_ifp != m->m_pkthdr.rcvif) - continue; - if ((ia->ia_ifp->if_flags & IFF_UP) != 0) - break; - else - downmatch++; - } - } - if (ia != NULL) + s = pserialize_read_enter(); + ia = ip_match_our_address(ifp, ip, &downmatch); + if (ia != NULL) { + pserialize_read_exit(s); goto ours; - if (m->m_pkthdr.rcvif && m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) { - IFADDR_FOREACH(ifa, m->m_pkthdr.rcvif) { - if (ifa->ifa_addr->sa_family != AF_INET) - continue; - ia = ifatoia(ifa); - if (in_hosteq(ip->ip_dst, ia->ia_broadaddr.sin_addr) || - in_hosteq(ip->ip_dst, ia->ia_netbroadcast) || - /* - * Look for all-0's host part (old broadcast addr), - * either for subnet or net. - */ - ip->ip_dst.s_addr == ia->ia_subnet || - ip->ip_dst.s_addr == ia->ia_net) - goto ours; - /* - * An interface with IP address zero accepts - * all packets that arrive on that interface. - */ - if (in_nullhost(ia->ia_addr.sin_addr)) - goto ours; + } + + if (ifp->if_flags & IFF_BROADCAST) { + ia = ip_match_our_address_broadcast(ifp, ip); + if (ia != NULL) { + pserialize_read_exit(s); + goto ours; } } + pserialize_read_exit(s); + if (IN_MULTICAST(ip->ip_dst.s_addr)) { - struct in_multi *inm; #ifdef MROUTING extern struct socket *ip_mrouter; @@ -664,19 +703,22 @@ ip_input(struct mbuf *m) * as expected when ip_mforward() is called from * ip_output().) */ - if (ip_mforward(m, m->m_pkthdr.rcvif) != 0) { + SOFTNET_LOCK(); + if (ip_mforward(m, ifp) != 0) { + SOFTNET_UNLOCK(); IP_STATINC(IP_STAT_CANTFORWARD); - m_freem(m); - return; + goto out; } + SOFTNET_UNLOCK(); /* * The process-level routing demon needs to receive * all multicast IGMP packets, whether or not this * host belongs to their destination groups. */ - if (ip->ip_p == IPPROTO_IGMP) + if (ip->ip_p == IPPROTO_IGMP) { goto ours; + } IP_STATINC(IP_STAT_CANTFORWARD); } #endif @@ -684,11 +726,9 @@ ip_input(struct mbuf *m) * See if we belong to the destination multicast group on the * arrival interface. */ - IN_LOOKUP_MULTI(ip->ip_dst, m->m_pkthdr.rcvif, inm); - if (inm == NULL) { + if (!in_multi_group(ip->ip_dst, ifp, 0)) { IP_STATINC(IP_STAT_CANTFORWARD); - m_freem(m); - return; + goto out; } goto ours; } @@ -700,6 +740,7 @@ ip_input(struct mbuf *m) * Not for us; forward if possible and desirable. */ if (ipforwarding == 0) { + m_put_rcvif_psref(ifp, &psref); IP_STATINC(IP_STAT_CANTFORWARD); m_freem(m); } else { @@ -710,22 +751,32 @@ ip_input(struct mbuf *m) * forwarding loop till TTL goes to 0. */ if (downmatch) { + m_put_rcvif_psref(ifp, &psref); icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, 0, 0); IP_STATINC(IP_STAT_CANTFORWARD); return; } #ifdef IPSEC /* Perform IPsec, if any. */ - if (ipsec4_input(m, IP_FORWARDING | (ip_directedbcast ? - IP_ALLOWBROADCAST : 0)) != 0) { - goto bad; + if (ipsec_used) { + SOFTNET_LOCK(); + if (ipsec4_input(m, IP_FORWARDING | + (ip_directedbcast ? IP_ALLOWBROADCAST : 0)) != 0) { + SOFTNET_UNLOCK(); + goto out; + } + SOFTNET_UNLOCK(); } #endif - ip_forward(m, srcrt); + ip_forward(m, srcrt, ifp); + m_put_rcvif_psref(ifp, &psref); } return; ours: + m_put_rcvif_psref(ifp, &psref); + ifp = NULL; + /* * If offset or IP_MF are set, must reassemble. */ @@ -735,11 +786,11 @@ ours: */ if (ip_reass_packet(&m, ip) != 0) { /* Failed; invalid fragment(s) or packet. */ - goto bad; + goto out; } if (m == NULL) { /* More fragments should come; silently return. */ - return; + goto out; } /* * Reassembly is done, we have the final packet. @@ -755,10 +806,14 @@ ours: * Note that we do not visit this with protocols with PCB layer * code - like UDP/TCP/raw IP. */ - if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0) { + if (ipsec_used && + (inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0) { + SOFTNET_LOCK(); if (ipsec4_input(m, 0) != 0) { - goto bad; + SOFTNET_UNLOCK(); + goto out; } + SOFTNET_UNLOCK(); } #endif @@ -766,23 +821,31 @@ ours: * Switch out to protocol's input routine. */ #if IFA_STATS - if (ia && ip) - ia->ia_ifa.ifa_data.ifad_inbytes += ntohs(ip->ip_len); + if (ia && ip) { + struct in_ifaddr *_ia; + /* + * Keep a reference from ip_match_our_address with psref + * is expensive, so explore ia here again. + */ + s = pserialize_read_enter(); + _ia = in_get_ia(ip->ip_dst.s_addr); + _ia->ia_ifa.ifa_data.ifad_inbytes += ntohs(ip->ip_len); + pserialize_read_exit(s); + } #endif IP_STATINC(IP_STAT_DELIVERED); - { - int off = hlen, nh = ip->ip_p; + const int off = hlen, nh = ip->ip_p; + + SOFTNET_LOCK(); (*inetsw[ip_protox[nh]].pr_input)(m, off, nh); - return; - } -bad: - m_freem(m); + SOFTNET_UNLOCK(); return; -badcsum: - IP_STATINC(IP_STAT_BADSUM); - m_freem(m); +out: + m_put_rcvif_psref(ifp, &psref); + if (m != NULL) + m_freem(m); } /* @@ -814,13 +877,13 @@ ip_drain(void) } /* - * Do option processing on a datagram, - * possibly discarding it if bad options are encountered, - * or forwarding it if source-routed. - * Returns 1 if packet has been forwarded/freed, - * 0 if the packet should be processed further. + * ip_dooptions: perform option processing on a datagram, possibly discarding + * it if bad options are encountered, or forwarding it if source-routed. + * + * => Returns true if packet has been forwarded/freed. + * => Returns false if the packet should be processed further. */ -int +static bool ip_dooptions(struct mbuf *m) { struct ip *ip = mtod(m, struct ip *); @@ -830,6 +893,8 @@ ip_dooptions(struct mbuf *m) int opt, optlen, cnt, off, code, type = ICMP_PARAMPROB, forward = 0; struct in_addr dst; n_time ntime; + struct ifaddr *ifa; + int s; dst = ip->ip_dst; cp = (u_char *)(ip + 1); @@ -881,8 +946,11 @@ ip_dooptions(struct mbuf *m) goto bad; } ipaddr.sin_addr = ip->ip_dst; - ia = ifatoia(ifa_ifwithaddr(sintosa(&ipaddr))); - if (ia == 0) { + + s = pserialize_read_enter(); + ifa = ifa_ifwithaddr(sintosa(&ipaddr)); + if (ifa == NULL) { + pserialize_read_exit(s); if (opt == IPOPT_SSRR) { type = ICMP_UNREACH; code = ICMP_UNREACH_SRCFAIL; @@ -894,6 +962,8 @@ ip_dooptions(struct mbuf *m) */ break; } + pserialize_read_exit(s); + off--; /* 0 origin */ if ((off + sizeof(struct in_addr)) > optlen) { /* @@ -907,18 +977,26 @@ ip_dooptions(struct mbuf *m) */ memcpy((void *)&ipaddr.sin_addr, (void *)(cp + off), sizeof(ipaddr.sin_addr)); - if (opt == IPOPT_SSRR) - ia = ifatoia(ifa_ifwithladdr(sintosa(&ipaddr))); - else + s = pserialize_read_enter(); + if (opt == IPOPT_SSRR) { + ifa = ifa_ifwithladdr(sintosa(&ipaddr)); + if (ifa != NULL) + ia = ifatoia(ifa); + else + ia = NULL; + } else { ia = ip_rtaddr(ipaddr.sin_addr); - if (ia == 0) { + } + if (ia == NULL) { type = ICMP_UNREACH; code = ICMP_UNREACH_SRCFAIL; + pserialize_read_exit(s); goto bad; } ip->ip_dst = ipaddr.sin_addr; bcopy((void *)&ia->ia_addr.sin_addr, (void *)(cp + off), sizeof(struct in_addr)); + pserialize_read_exit(s); cp[IPOPT_OFFSET] += sizeof(struct in_addr); /* * Let ip_intr's mcast routing check handle mcast pkts @@ -947,15 +1025,22 @@ ip_dooptions(struct mbuf *m) * locate outgoing interface; if we're the destination, * use the incoming interface (should be same). */ - if ((ia = ifatoia(ifa_ifwithaddr(sintosa(&ipaddr)))) - == NULL && - (ia = ip_rtaddr(ipaddr.sin_addr)) == NULL) { - type = ICMP_UNREACH; - code = ICMP_UNREACH_HOST; - goto bad; + s = pserialize_read_enter(); + ifa = ifa_ifwithaddr(sintosa(&ipaddr)); + if (ifa == NULL) { + ia = ip_rtaddr(ipaddr.sin_addr); + if (ia == NULL) { + pserialize_read_exit(s); + type = ICMP_UNREACH; + code = ICMP_UNREACH_HOST; + goto bad; + } + } else { + ia = ifatoia(ifa); } bcopy((void *)&ia->ia_addr.sin_addr, (void *)(cp + off), sizeof(struct in_addr)); + pserialize_read_exit(s); cp[IPOPT_OFFSET] += sizeof(struct in_addr); break; @@ -984,7 +1069,10 @@ ip_dooptions(struct mbuf *m) case IPOPT_TS_TSONLY: break; - case IPOPT_TS_TSANDADDR: + case IPOPT_TS_TSANDADDR: { + struct ifnet *rcvif; + int _s, _ss; + if (ipt->ipt_ptr - 1 + sizeof(n_time) + sizeof(struct in_addr) > ipt->ipt_len) { code = (u_char *)&ipt->ipt_ptr - @@ -992,14 +1080,21 @@ ip_dooptions(struct mbuf *m) goto bad; } ipaddr.sin_addr = dst; - ia = ifatoia(ifaof_ifpforaddr(sintosa(&ipaddr), - m->m_pkthdr.rcvif)); - if (ia == 0) - continue; + _ss = pserialize_read_enter(); + rcvif = m_get_rcvif(m, &_s); + ifa = ifaof_ifpforaddr(sintosa(&ipaddr), rcvif); + m_put_rcvif(rcvif, &_s); + if (ifa == NULL) { + pserialize_read_exit(_ss); + break; + } + ia = ifatoia(ifa); bcopy(&ia->ia_addr.sin_addr, cp0, sizeof(struct in_addr)); + pserialize_read_exit(_ss); ipt->ipt_ptr += sizeof(struct in_addr); break; + } case IPOPT_TS_PRESPEC: if (ipt->ipt_ptr - 1 + sizeof(n_time) + @@ -1010,9 +1105,13 @@ ip_dooptions(struct mbuf *m) } memcpy(&ipaddr.sin_addr, cp0, sizeof(struct in_addr)); - if (ifatoia(ifa_ifwithaddr(sintosa(&ipaddr))) - == NULL) + s = pserialize_read_enter(); + ifa = ifa_ifwithaddr(sintosa(&ipaddr)); + if (ifa == NULL) { + pserialize_read_exit(s); continue; + } + pserialize_read_exit(s); ipt->ipt_ptr += sizeof(struct in_addr); break; @@ -1030,26 +1129,37 @@ ip_dooptions(struct mbuf *m) } } if (forward) { + struct ifnet *rcvif; + struct psref _psref; + if (ip_forwsrcrt == 0) { type = ICMP_UNREACH; code = ICMP_UNREACH_SRCFAIL; goto bad; } - ip_forward(m, 1); - return (1); + + rcvif = m_get_rcvif_psref(m, &_psref); + if (__predict_false(rcvif == NULL)) { + type = ICMP_UNREACH; + code = ICMP_UNREACH_HOST; + goto bad; + } + ip_forward(m, 1, rcvif); + m_put_rcvif_psref(rcvif, &_psref); + return true; } - return (0); + return false; bad: icmp_error(m, type, code, 0, 0); IP_STATINC(IP_STAT_BADOPTIONS); - return (1); + return true; } /* - * Given address of next destination (final or next hop), + * ip_rtaddr: given address of next destination (final or next hop), * return internet address info of interface to be used to get there. */ -struct in_ifaddr * +static struct in_ifaddr * ip_rtaddr(struct in_addr dst) { struct rtentry *rt; @@ -1057,29 +1167,31 @@ ip_rtaddr(struct in_addr dst) struct sockaddr dst; struct sockaddr_in dst4; } u; + struct route *ro; sockaddr_in_init(&u.dst4, &dst, 0); - if ((rt = rtcache_lookup(&ipforward_rt, &u.dst)) == NULL) + SOFTNET_LOCK(); + ro = percpu_getref(ipforward_rt_percpu); + rt = rtcache_lookup(ro, &u.dst); + percpu_putref(ipforward_rt_percpu); + SOFTNET_UNLOCK(); + if (rt == NULL) return NULL; return ifatoia(rt->rt_ifa); } /* - * Save incoming source route for use in replies, - * to be picked up later by ip_srcroute if the receiver is interested. + * save_rte: save incoming source route for use in replies, to be picked + * up later by ip_srcroute if the receiver is interested. */ -void +static void save_rte(u_char *option, struct in_addr dst) { unsigned olen; olen = option[IPOPT_OLEN]; -#ifdef DIAGNOSTIC - if (ipprintfs) - printf("save_rte: olen %d\n", olen); -#endif /* 0 */ if (olen > sizeof(ip_srcrt) - (1 + sizeof(dst))) return; memcpy((void *)ip_srcrt.srcopt, (void *)option, olen); @@ -1110,20 +1222,12 @@ ip_srcroute(void) /* length is (nhops+1)*sizeof(addr) + sizeof(nop + srcrt header) */ m->m_len = ip_nhops * sizeof(struct in_addr) + sizeof(struct in_addr) + OPTSIZ; -#ifdef DIAGNOSTIC - if (ipprintfs) - printf("ip_srcroute: nhops %d mlen %d", ip_nhops, m->m_len); -#endif /* * First save first hop for return route */ p = &ip_srcrt.route[ip_nhops - 1]; *(mtod(m, struct in_addr *)) = *p--; -#ifdef DIAGNOSTIC - if (ipprintfs) - printf(" hops %x", ntohl(mtod(m, struct in_addr *)->s_addr)); -#endif /* * Copy option fields and padding (nop) to mbuf. @@ -1140,20 +1244,12 @@ ip_srcroute(void) * reversing the path (pointers are now aligned). */ while (p >= ip_srcrt.route) { -#ifdef DIAGNOSTIC - if (ipprintfs) - printf(" %x", ntohl(q->s_addr)); -#endif *q++ = *p--; } /* * Last hop goes to final destination. */ *q = ip_srcrt.dst; -#ifdef DIAGNOSTIC - if (ipprintfs) - printf(" %x\n", ntohl(q->s_addr)); -#endif return (m); } @@ -1198,8 +1294,8 @@ ip_drainstub(void) * The srcrt parameter indicates whether the packet is being forwarded * via a source route. */ -void -ip_forward(struct mbuf *m, int srcrt) +static void +ip_forward(struct mbuf *m, int srcrt, struct ifnet *rcvif) { struct ip *ip = mtod(m, struct ip *); struct rtentry *rt; @@ -1210,6 +1306,11 @@ ip_forward(struct mbuf *m, int srcrt) struct sockaddr dst; struct sockaddr_in dst4; } u; + uint64_t *ips; + struct route *ro; + + KASSERTMSG(cpu_softintr_p(), "ip_forward: not in the software " + "interrupt handler; synchronization assumptions violated"); /* * We are now in the output path. @@ -1222,25 +1323,27 @@ ip_forward(struct mbuf *m, int srcrt) m->m_pkthdr.csum_flags = 0; dest = 0; -#ifdef DIAGNOSTIC - if (ipprintfs) { - printf("forward: src %s ", inet_ntoa(ip->ip_src)); - printf("dst %s ttl %x\n", inet_ntoa(ip->ip_dst), ip->ip_ttl); - } -#endif if (m->m_flags & (M_BCAST|M_MCAST) || in_canforward(ip->ip_dst) == 0) { IP_STATINC(IP_STAT_CANTFORWARD); m_freem(m); return; } + + SOFTNET_LOCK(); + if (ip->ip_ttl <= IPTTLDEC) { icmp_error(m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS, dest, 0); + SOFTNET_UNLOCK(); return; } sockaddr_in_init(&u.dst4, &ip->ip_dst, 0); - if ((rt = rtcache_lookup(&ipforward_rt, &u.dst)) == NULL) { + + ro = percpu_getref(ipforward_rt_percpu); + if ((rt = rtcache_lookup(ro, &u.dst)) == NULL) { + percpu_putref(ipforward_rt_percpu); icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_NET, dest, 0); + SOFTNET_UNLOCK(); return; } @@ -1263,7 +1366,7 @@ ip_forward(struct mbuf *m, int srcrt) * Also, don't send redirect if forwarding using a default route * or a route modified by a redirect. */ - if (rt->rt_ifp == m->m_pkthdr.rcvif && + if (rt->rt_ifp == rcvif && (rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0 && !in_nullhost(satocsin(rt_getkey(rt))->sin_addr) && ipsendredirects && !srcrt) { @@ -1280,40 +1383,47 @@ ip_forward(struct mbuf *m, int srcrt) */ type = ICMP_REDIRECT; code = ICMP_REDIRECT_HOST; -#ifdef DIAGNOSTIC - if (ipprintfs) - printf("redirect (%d) to %x\n", code, - (u_int32_t)dest); -#endif } } - error = ip_output(m, NULL, &ipforward_rt, + error = ip_output(m, NULL, ro, (IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)), NULL, NULL); - if (error) + if (error) { IP_STATINC(IP_STAT_CANTFORWARD); - else { - uint64_t *ips = IP_STAT_GETREF(); - ips[IP_STAT_FORWARD]++; - if (type) { - ips[IP_STAT_REDIRECTSENT]++; - IP_STAT_PUTREF(); - } else { - IP_STAT_PUTREF(); - if (mcopy) { + goto error; + } + + ips = IP_STAT_GETREF(); + ips[IP_STAT_FORWARD]++; + + if (type) { + ips[IP_STAT_REDIRECTSENT]++; + IP_STAT_PUTREF(); + goto redirect; + } + + IP_STAT_PUTREF(); + if (mcopy) { #ifdef GATEWAY - if (mcopy->m_flags & M_CANFASTFWD) - ipflow_create(&ipforward_rt, mcopy); + if (mcopy->m_flags & M_CANFASTFWD) + ipflow_create(ro, mcopy); #endif - m_freem(mcopy); - } - return; - } + m_freem(mcopy); } - if (mcopy == NULL) + + percpu_putref(ipforward_rt_percpu); + SOFTNET_UNLOCK(); + return; + +redirect: +error: + if (mcopy == NULL) { + percpu_putref(ipforward_rt_percpu); + SOFTNET_UNLOCK(); return; + } switch (error) { @@ -1334,49 +1444,56 @@ ip_forward(struct mbuf *m, int srcrt) type = ICMP_UNREACH; code = ICMP_UNREACH_NEEDFRAG; - if ((rt = rtcache_validate(&ipforward_rt)) != NULL) + if ((rt = rtcache_validate(ro)) != NULL) destmtu = rt->rt_ifp->if_mtu; #ifdef IPSEC - (void)ipsec4_forward(mcopy, &destmtu); + if (ipsec_used) + (void)ipsec4_forward(mcopy, &destmtu); #endif IP_STATINC(IP_STAT_CANTFRAG); break; case ENOBUFS: -#if 1 /* - * a router should not generate ICMP_SOURCEQUENCH as - * required in RFC1812 Requirements for IP Version 4 Routers. - * source quench could be a big problem under DoS attacks, - * or if the underlying interface is rate-limited. + * Do not generate ICMP_SOURCEQUENCH as required in RFC 1812, + * Requirements for IP Version 4 Routers. Source quench can + * big problem under DoS attacks or if the underlying + * interface is rate-limited. */ if (mcopy) m_freem(mcopy); + percpu_putref(ipforward_rt_percpu); + SOFTNET_UNLOCK(); return; -#else - type = ICMP_SOURCEQUENCH; - code = 0; - break; -#endif } icmp_error(mcopy, type, code, dest, destmtu); + percpu_putref(ipforward_rt_percpu); + SOFTNET_UNLOCK(); } void ip_savecontrol(struct inpcb *inp, struct mbuf **mp, struct ip *ip, struct mbuf *m) { + struct socket *so = inp->inp_socket; + ifnet_t *ifp; + int inpflags = inp->inp_flags; + struct psref psref; + + ifp = m_get_rcvif_psref(m, &psref); + if (__predict_false(ifp == NULL)) + return; /* XXX should report error? */ - if (inp->inp_socket->so_options & SO_TIMESTAMP + if (so->so_options & SO_TIMESTAMP #ifdef SO_OTIMESTAMP - || inp->inp_socket->so_options & SO_OTIMESTAMP + || so->so_options & SO_OTIMESTAMP #endif ) { struct timeval tv; microtime(&tv); #ifdef SO_OTIMESTAMP - if (inp->inp_socket->so_options & SO_OTIMESTAMP) { + if (so->so_options & SO_OTIMESTAMP) { struct timeval50 tv50; timeval_to_timeval50(&tv, &tv50); *mp = sbcreatecontrol((void *) &tv50, sizeof(tv50), @@ -1388,70 +1505,46 @@ ip_savecontrol(struct inpcb *inp, struct if (*mp) mp = &(*mp)->m_next; } - if (inp->inp_flags & INP_RECVDSTADDR) { + if (inpflags & INP_RECVDSTADDR) { *mp = sbcreatecontrol((void *) &ip->ip_dst, sizeof(struct in_addr), IP_RECVDSTADDR, IPPROTO_IP); if (*mp) mp = &(*mp)->m_next; } - if (inp->inp_flags & INP_RECVPKTINFO) { + if (inpflags & INP_RECVPKTINFO) { struct in_pktinfo ipi; ipi.ipi_addr = ip->ip_src; - ipi.ipi_ifindex = m->m_pkthdr.rcvif->if_index; + ipi.ipi_ifindex = ifp->if_index; *mp = sbcreatecontrol((void *) &ipi, sizeof(ipi), IP_RECVPKTINFO, IPPROTO_IP); if (*mp) mp = &(*mp)->m_next; } - if (inp->inp_flags & INP_PKTINFO) { + if (inpflags & INP_PKTINFO) { struct in_pktinfo ipi; ipi.ipi_addr = ip->ip_dst; - ipi.ipi_ifindex = m->m_pkthdr.rcvif->if_index; + ipi.ipi_ifindex = ifp->if_index; *mp = sbcreatecontrol((void *) &ipi, sizeof(ipi), IP_PKTINFO, IPPROTO_IP); if (*mp) mp = &(*mp)->m_next; } -#ifdef notyet - /* - * XXX - * Moving these out of udp_input() made them even more broken - * than they already were. - * - fenner@parc.xerox.com - */ - /* options were tossed already */ - if (inp->inp_flags & INP_RECVOPTS) { - *mp = sbcreatecontrol((void *) opts_deleted_above, - sizeof(struct in_addr), IP_RECVOPTS, IPPROTO_IP); - if (*mp) - mp = &(*mp)->m_next; - } - /* ip_srcroute doesn't do what we want here, need to fix */ - if (inp->inp_flags & INP_RECVRETOPTS) { - *mp = sbcreatecontrol((void *) ip_srcroute(), - sizeof(struct in_addr), IP_RECVRETOPTS, IPPROTO_IP); - if (*mp) - mp = &(*mp)->m_next; - } -#endif - if (inp->inp_flags & INP_RECVIF) { + if (inpflags & INP_RECVIF) { struct sockaddr_dl sdl; - sockaddr_dl_init(&sdl, sizeof(sdl), - (m->m_pkthdr.rcvif != NULL) - ? m->m_pkthdr.rcvif->if_index - : 0, - 0, NULL, 0, NULL, 0); + sockaddr_dl_init(&sdl, sizeof(sdl), ifp->if_index, 0, NULL, 0, + NULL, 0); *mp = sbcreatecontrol(&sdl, sdl.sdl_len, IP_RECVIF, IPPROTO_IP); if (*mp) mp = &(*mp)->m_next; } - if (inp->inp_flags & INP_RECVTTL) { + if (inpflags & INP_RECVTTL) { *mp = sbcreatecontrol((void *) &ip->ip_ttl, sizeof(uint8_t), IP_RECVTTL, IPPROTO_IP); if (*mp) mp = &(*mp)->m_next; } + m_put_rcvif_psref(ifp, &psref); } /* @@ -1509,66 +1602,6 @@ sysctl_net_inet_ip_pmtudto(SYSCTLFN_ARGS return (0); } -#ifdef GATEWAY -/* - * sysctl helper routine for net.inet.ip.maxflows. - */ -static int -sysctl_net_inet_ip_maxflows(SYSCTLFN_ARGS) -{ - int error; - - error = sysctl_lookup(SYSCTLFN_CALL(rnode)); - if (error || newp == NULL) - return (error); - - mutex_enter(softnet_lock); - KERNEL_LOCK(1, NULL); - - ipflow_reap(false); - - KERNEL_UNLOCK_ONE(NULL); - mutex_exit(softnet_lock); - - return (0); -} - -static int -sysctl_net_inet_ip_hashsize(SYSCTLFN_ARGS) -{ - int error, tmp; - struct sysctlnode node; - - node = *rnode; - tmp = ip_hashsize; - node.sysctl_data = &tmp; - error = sysctl_lookup(SYSCTLFN_CALL(&node)); - if (error || newp == NULL) - return (error); - - if ((tmp & (tmp - 1)) == 0 && tmp != 0) { - /* - * Can only fail due to malloc() - */ - mutex_enter(softnet_lock); - KERNEL_LOCK(1, NULL); - - error = ipflow_invalidate_all(tmp); - - KERNEL_UNLOCK_ONE(NULL); - mutex_exit(softnet_lock); - - } else { - /* - * EINVAL if not a power of 2 - */ - error = EINVAL; - } - - return error; -} -#endif /* GATEWAY */ - static int sysctl_net_inet_ip_stats(SYSCTLFN_ARGS) { @@ -1579,8 +1612,6 @@ sysctl_net_inet_ip_stats(SYSCTLFN_ARGS) static void sysctl_net_inet_ip_setup(struct sysctllog **clog) { - extern int subnetsarelocal, hostzeroisbroadcast; - sysctl_createv(clog, 0, NULL, NULL, CTLFLAG_PERMANENT, CTLTYPE_NODE, "inet", @@ -1646,14 +1677,7 @@ sysctl_net_inet_ip_setup(struct sysctllo NULL, 0, &ip_allowsrcrt, 0, CTL_NET, PF_INET, IPPROTO_IP, IPCTL_ALLOWSRCRT, CTL_EOL); - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "subnetsarelocal", - SYSCTL_DESCR("Whether logical subnets are considered " - "local"), - NULL, 0, &subnetsarelocal, 0, - CTL_NET, PF_INET, IPPROTO_IP, - IPCTL_SUBNETSARELOCAL, CTL_EOL); + sysctl_createv(clog, 0, NULL, NULL, CTLFLAG_PERMANENT|CTLFLAG_READWRITE, CTLTYPE_INT, "mtudisc", @@ -1682,38 +1706,6 @@ sysctl_net_inet_ip_setup(struct sysctllo sysctl_net_inet_ip_pmtudto, 0, (void *)&ip_mtudisc_timeout, 0, CTL_NET, PF_INET, IPPROTO_IP, IPCTL_MTUDISCTIMEOUT, CTL_EOL); -#ifdef GATEWAY - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "maxflows", - SYSCTL_DESCR("Number of flows for fast forwarding"), - sysctl_net_inet_ip_maxflows, 0, &ip_maxflows, 0, - CTL_NET, PF_INET, IPPROTO_IP, - IPCTL_MAXFLOWS, CTL_EOL); - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "hashsize", - SYSCTL_DESCR("Size of hash table for fast forwarding (IPv4)"), - sysctl_net_inet_ip_hashsize, 0, &ip_hashsize, 0, - CTL_NET, PF_INET, IPPROTO_IP, - CTL_CREATE, CTL_EOL); -#endif /* GATEWAY */ - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "hostzerobroadcast", - SYSCTL_DESCR("All zeroes address is broadcast address"), - NULL, 0, &hostzeroisbroadcast, 0, - CTL_NET, PF_INET, IPPROTO_IP, - IPCTL_HOSTZEROBROADCAST, CTL_EOL); -#if NGIF > 0 - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "gifttl", - SYSCTL_DESCR("Default TTL for a gif tunnel datagram"), - NULL, 0, &ip_gif_ttl, 0, - CTL_NET, PF_INET, IPPROTO_IP, - IPCTL_GIF_TTL, CTL_EOL); -#endif /* NGIF */ #ifndef IPNOPRIVPORTS sysctl_createv(clog, 0, NULL, NULL, CTLFLAG_PERMANENT|CTLFLAG_READWRITE, @@ -1770,6 +1762,16 @@ sysctl_net_inet_ip_setup(struct sysctllo sysctl_net_inet_ip_stats, 0, NULL, 0, CTL_NET, PF_INET, IPPROTO_IP, IPCTL_STATS, CTL_EOL); +#if NARP + sysctl_createv(clog, 0, NULL, NULL, + CTLFLAG_PERMANENT|CTLFLAG_READWRITE, + CTLTYPE_INT, "dad_count", + SYSCTL_DESCR("Number of Duplicate Address Detection " + "probes to send"), + NULL, 0, &ip_dad_count, 0, + CTL_NET, PF_INET, IPPROTO_IP, + IPCTL_DAD_COUNT, CTL_EOL); +#endif /* anonportalgo RFC6056 subtree */ const struct sysctlnode *portalgo_node;