From owner-freebsd-net@FreeBSD.ORG Thu Jan 17 19:32:46 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 98D9E7E6 for ; Thu, 17 Jan 2013 19:32:46 +0000 (UTC) (envelope-from stevek@juniper.net) Received: from postoffice.novexsolutions.com (beastie.novexsolutions.com [204.109.60.25]) by mx1.freebsd.org (Postfix) with ESMTP id 707BCCF7 for ; Thu, 17 Jan 2013 19:32:46 +0000 (UTC) X-Authentication-Warning: webmail.novexsolutions.com: www set sender to stevek@juniper.net using -f To: Subject: Re: Proposal for changes to network device drivers and network stack (RFC) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Date: Thu, 17 Jan 2013 14:23:24 -0500 From: "Stephen J. Kiernan" Organization: Juniper Networks, Inc. In-Reply-To: References: Message-ID: X-Sender: stevek@juniper.net User-Agent: Roundcube Webmail/0.7.2 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jan 2013 19:32:46 -0000 The network stack as a module patch has been separated out and can be found in the following location: http://people.freebsd.org/~marcel/Juniper/netstack-v2.diff Details about these changes: 1. Network stack module support infrastructure kern/{kern_netstack.c,netstack_if.m,netstack.h} Network stack modules are declared using the NETSTACK_MODULE macro. Netstack classes are expected to be singletons. Currently, only a single network stack is allowed to be registered at a time. 2. Infrastructure to register UUID sources kern/kern_uuid.c net/netuuid.c sys/uuid.h: The uuid_node() function uses the node generated by first UUID source that returns with a success code, otherwise it generates a random multicast address. As part of these changes, selection of UUID based on MAC address has been moved to net/netuuid.c and it is registered as a UUID source. 3. Infrastructure to register IOCGROUPs in order to handle group-specific socket ioctls kern/sys_socket.c,net/{if.c,route.c} sys/socketvar.h This eliminates the explicit checks and calls for specific IOCGROUPs in soo_ioctl(). (Looking for comments about the naming, I'm not married to the name in any way and suggestions for better names is welcome.) Currently, the interface ioctl ('i') and route ioctl ('r') calls are registered using SO_IOCGROUP_SET. 4. Dynamically register the 'setfib' syscall kern/init_sysent.c net/route.c Registration of 'setfib' is done from net/route.c::route_init() instead of having an explicit entry in the sysent table. 5. Dynamically register SCTP syscalls kern/{init_sysent.c,uipc_syscalls.c} compat/freebsd32/freebsd32_sysent.c netinet/sctp_syscalls.c sys/socketvar.h Dynamically register the SCTP syscalls "sctp_peeloff", "sctp_generic_sendmsg", "sctp_generic_sendmsg_iov", and "sctp_generic_recvmsg" instead of having explicit entries in the sysent and freebsd32_sysent tables. Moved implementation of said syscalls from kern/uipc_syscalls.c to a new file named netinet/sctp_syscalls.c. Made getsock_cap() available outside of uipc_syscalls.c via socketvar.h (Junos network stack needs it, so making it available.) 6. Changes to kern_proc.c kern/kern_prot.c,netinet/in_prot.c,sys/systm.h Moved cr_canseeinpcb() to new file netinet/in_prot.c, as it is network stack related and only available when INET or INET6 is defined. Change the names for cr_seeotheruids() and cr_seeothergids() to cr_canseeotheruids() and cr_canseeothergids(), repectively, and make them available outside of kern_prot.c. 7. Create a netstack module kern/{uipc_socket.c,vfs_default.c,vfs_export.c} mk/bsd.own.mk modules/netstack net/{if_gre.c,netstack.c} netpfil/ipfw/ip_fw2.c netpfil/pf/pf_ioctl.c netinet/ip_gre.c Add SCTP to the MK_*_SUPPORT variables that need to be set. Add dependency on the netstack module. Added vfs_stdcheckexp() to kern/vfs_default.c which calls the netstack vfs_stdcheckexp method. Moved socket FIB assignment from the process to the netstack socreate method. Moved VFS "export" handling to netstack methods and changed vfs_export() and vfs_setpublicfs() to call the respective netstack methods. The netstack module includes INET, INET6, and SCTP support. Note: The only issue with including SCTP support, there is currently a dependency set on the crypto module. This is because SCTP needs SHA1 and SHA2-256 support. However, this could be provided by a number of different modules, so depending on crypto module might not be the best choice. Any thoughts on this? 8. Remove SO_SETFIB processing from sosetop and move it to ctloutput functions kern/uipc_socket.c net/route.[ch] netinet/{ip_output.c,raw_ip.c} netinet6/ip6_output.c Remove SO_SETFIB processing from sosetopt and move it instead to the ip_ctloutput(), ip6_ctloutput(), and rip_ctloutput() functions. Introduce the rtsosetfib() function to set so_fibnum, as appropriate. The *_ctloutput functions call the RT_SOSETFIB macro in order to call rtsosetfib() only when sockopt level is SOL_SOCKET and name is SO_SETFIB. 9. Define INET and INET6 in CFLAGS instead of relying on opt_inet.h and opt_inet6.h in modules modules/{carp,em,if_gre,ipdivert,ipfw,netstack,pf,pfsync,toecore}/Makefile Use CFLAGS to define INET and INET6 based on MK_INET_SUPPORT and MK_INET6_SUPPORT, respectively, instead of relying on opt_inet.h and opt_inet6.h. We need to do this in orer to be able to build NIC driver modules and the network stack as modules when the base kernel does not have netstack compiled in. 10. Make accept filters part of the standard files conf/files kern/{uipc_accf.c,uipc_socket.c} netinet/in_proto.c Make accept filters part of the standard files, as they could be used by things other than INET (and it eliminates a dependency on INET for uipc_socket.c) Move net.inet.accf.unloadable to net.accf.unloadable Add net.inet.accf node to in_proto.c in order to support existing accept filter sysctls. 11. Split IPv4 and IPv6-specific jail functions to netinet and netinet6, respectively. kern/kern_jail.c netinet/in_jail.c netinet6/in6_jail.c sys/jail.h Split IPv4 and IPv6-specific functions from kern/kern_jail.c into netinet/in_jail.c and netinet6/in6_jail.c, respectively. Change _prison_check_ipv[4|6]() to prison_check_ipv[4|6]_locked() and expose them via jail.h Change qcmp_v[4|6]() to prison_qcmp_v[4|6] and expose them via jail.h -- Stephen J. Kiernan Juniper Networks, Inc. stevek_at_juniper.net