Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 10 Dec 2008 23:12:40 +0000 (UTC)
From:      Marko Zec <zec@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r185895 - in head/sys: conf contrib/pf/net kern net netgraph netinet netinet/libalias netinet6 netipsec sys
Message-ID:  <200812102312.mBANCeaE045870@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: zec
Date: Wed Dec 10 23:12:39 2008
New Revision: 185895
URL: http://svn.freebsd.org/changeset/base/185895

Log:
  Conditionally compile out V_ globals while instantiating the appropriate
  container structures, depending on VIMAGE_GLOBALS compile time option.
  
  Make VIMAGE_GLOBALS a new compile-time option, which by default will not
  be defined, resulting in instatiations of global variables selected for
  V_irtualization (enclosed in #ifdef VIMAGE_GLOBALS blocks) to be
  effectively compiled out.  Instantiate new global container structures
  to hold V_irtualized variables: vnet_net_0, vnet_inet_0, vnet_inet6_0,
  vnet_ipsec_0, vnet_netgraph_0, and vnet_gif_0.
  
  Update the VSYM() macro so that depending on VIMAGE_GLOBALS the V_
  macros resolve either to the original globals, or to fields inside
  container structures, i.e. effectively
  
  #ifdef VIMAGE_GLOBALS
  #define V_rt_tables rt_tables
  #else
  #define V_rt_tables vnet_net_0._rt_tables
  #endif
  
  Update SYSCTL_V_*() macros to operate either on globals or on fields
  inside container structs.
  
  Extend the internal kldsym() lookups with the ability to resolve
  selected fields inside the virtualization container structs.  This
  applies only to the fields which are explicitly registered for kldsym()
  visibility via VNET_MOD_DECLARE() and vnet_mod_register(), currently
  this is done only in sys/net/if.c.
  
  Fix a few broken instances of MODULE_GLOBAL() macro use in SCTP code,
  and modify the MODULE_GLOBAL() macro to resolve to V_ macros, which in
  turn result in proper code being generated depending on VIMAGE_GLOBALS.
  
  De-virtualize local static variables in sys/contrib/pf/net/pf_subr.c
  which were prematurely V_irtualized by automated V_ prepending scripts
  during earlier merging steps.  PF virtualization will be done
  separately, most probably after next PF import.
  
  Convert a few variable initializations at instantiation to
  initialization in init functions, most notably in ipfw.  Also convert
  TUNABLE_INT() initializers for V_ variables to TUNABLE_FETCH_INT() in
  initializer functions.
  
  Discussed at:	devsummit Strassburg
  Reviewed by:	bz, julian
  Approved by:	julian (mentor)
  Obtained from:	//depot/projects/vimage-commit2/...
  X-MFC after:	never
  Sponsored by:	NLnet Foundation, The FreeBSD Foundation

Added:
  head/sys/kern/kern_vimage.c   (contents, props changed)
Modified:
  head/sys/conf/files
  head/sys/conf/options
  head/sys/contrib/pf/net/pf_subr.c
  head/sys/kern/kern_linker.c
  head/sys/net/if.c
  head/sys/net/if_bridge.c
  head/sys/net/if_ethersubr.c
  head/sys/net/if_gif.c
  head/sys/net/if_gif.h
  head/sys/net/vnet.h
  head/sys/netgraph/netgraph.h
  head/sys/netgraph/ng_base.c
  head/sys/netgraph/ng_bridge.c
  head/sys/netgraph/ng_eiface.c
  head/sys/netgraph/ng_iface.c
  head/sys/netgraph/ng_ipfw.c
  head/sys/netinet/in_proto.c
  head/sys/netinet/ip_divert.c
  head/sys/netinet/ip_dummynet.c
  head/sys/netinet/ip_fw.h
  head/sys/netinet/ip_fw2.c
  head/sys/netinet/ip_fw_nat.c
  head/sys/netinet/ip_fw_pfil.c
  head/sys/netinet/ip_input.c
  head/sys/netinet/ip_output.c
  head/sys/netinet/ip_var.h
  head/sys/netinet/libalias/alias_db.c
  head/sys/netinet/raw_ip.c
  head/sys/netinet/sctp_os_bsd.h
  head/sys/netinet/sctp_pcb.c
  head/sys/netinet/tcp_sack.c
  head/sys/netinet/tcp_subr.c
  head/sys/netinet/udp_usrreq.c
  head/sys/netinet/vinet.h
  head/sys/netinet6/in6_proto.c
  head/sys/netinet6/ip6_input.c
  head/sys/netinet6/nd6.c
  head/sys/netinet6/vinet6.h
  head/sys/netipsec/ipsec.c
  head/sys/netipsec/vipsec.h
  head/sys/sys/kernel.h
  head/sys/sys/sysctl.h
  head/sys/sys/vimage.h

Modified: head/sys/conf/files
==============================================================================
--- head/sys/conf/files	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/conf/files	Wed Dec 10 23:12:39 2008	(r185895)
@@ -1953,6 +1953,7 @@ kern/kern_timeout.c		standard
 kern/kern_umtx.c		standard
 kern/kern_uuid.c		standard
 kern/kern_xxx.c			standard
+kern/kern_vimage.c		standard
 kern/link_elf.c			standard
 kern/linker_if.m		standard
 kern/md4c.c			optional netsmb

Modified: head/sys/conf/options
==============================================================================
--- head/sys/conf/options	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/conf/options	Wed Dec 10 23:12:39 2008	(r185895)
@@ -415,6 +415,7 @@ TCPDEBUG
 TCP_OFFLOAD_DISABLE	opt_inet.h #Disable code to dispatch tcp offloading
 TCP_SIGNATURE		opt_inet.h
 VLAN_ARRAY		opt_vlan.h
+VIMAGE_GLOBALS		opt_global.h
 XBONEHACK
 
 #

Modified: head/sys/contrib/pf/net/pf_subr.c
==============================================================================
--- head/sys/contrib/pf/net/pf_subr.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/contrib/pf/net/pf_subr.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -124,15 +124,14 @@ static MD5_CTX isn_ctx;
 u_int32_t
 pf_new_isn(struct pf_state *s)
 {
-	INIT_VNET_INET(curvnet);
 	u_int32_t md5_buffer[4];
 	u_int32_t new_isn;
 	struct pf_state_host *src, *dst;
 
 	/* Seed if this is the first use, reseed if requested. */
-	if (V_isn_last_reseed == 0) {
-		read_random(&V_isn_secret, sizeof(V_isn_secret));
-		V_isn_last_reseed = ticks;
+	if (isn_last_reseed == 0) {
+		read_random(&isn_secret, sizeof(isn_secret));
+		isn_last_reseed = ticks;
 	}
 
 	if (s->direction == PF_IN) {
@@ -144,28 +143,28 @@ pf_new_isn(struct pf_state *s)
 	}
 
 	/* Compute the md5 hash and return the ISN. */
-	MD5Init(&V_isn_ctx);
-	MD5Update(&V_isn_ctx, (u_char *) &dst->port, sizeof(u_short));
-	MD5Update(&V_isn_ctx, (u_char *) &src->port, sizeof(u_short));
+	MD5Init(&isn_ctx);
+	MD5Update(&isn_ctx, (u_char *) &dst->port, sizeof(u_short));
+	MD5Update(&isn_ctx, (u_char *) &src->port, sizeof(u_short));
 #ifdef INET6
 	if (s->af == AF_INET6) {
-		MD5Update(&V_isn_ctx, (u_char *) &dst->addr,
+		MD5Update(&isn_ctx, (u_char *) &dst->addr,
 			  sizeof(struct in6_addr));
-		MD5Update(&V_isn_ctx, (u_char *) &src->addr,
+		MD5Update(&isn_ctx, (u_char *) &src->addr,
 			  sizeof(struct in6_addr));
 	} else
 #endif
 	{
-		MD5Update(&V_isn_ctx, (u_char *) &dst->addr,
+		MD5Update(&isn_ctx, (u_char *) &dst->addr,
 			  sizeof(struct in_addr));
-		MD5Update(&V_isn_ctx, (u_char *) &src->addr,
+		MD5Update(&isn_ctx, (u_char *) &src->addr,
 			  sizeof(struct in_addr));
 	}
-	MD5Update(&V_isn_ctx, (u_char *) &V_isn_secret, sizeof(V_isn_secret));
-	MD5Final((u_char *) &md5_buffer, &V_isn_ctx);
+	MD5Update(&isn_ctx, (u_char *) &isn_secret, sizeof(isn_secret));
+	MD5Final((u_char *) &md5_buffer, &isn_ctx);
 	new_isn = (tcp_seq) md5_buffer[0];
-	V_isn_offset += ISN_STATIC_INCREMENT +
+	isn_offset += ISN_STATIC_INCREMENT +
 		(arc4random() & ISN_RANDOM_INCREMENT);
-	new_isn += V_isn_offset;
+	new_isn += isn_offset;
 	return (new_isn);
 }

Modified: head/sys/kern/kern_linker.c
==============================================================================
--- head/sys/kern/kern_linker.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/kern/kern_linker.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -51,6 +51,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/vnode.h>
 #include <sys/syscallsubr.h>
 #include <sys/sysctl.h>
+#include <sys/vimage.h>
 
 #include <security/mac/mac_framework.h>
 
@@ -1301,8 +1302,23 @@ kldsym(struct thread *td, struct kldsym_
 				break;
 			}
 		}
+#ifndef VIMAGE_GLOBALS
+		/*
+		 * If the symbol is not found in global namespace,
+		 * try to look it up in the current vimage namespace.
+		 */
+		if (lf == NULL) {
+			CURVNET_SET(TD_TO_VNET(td));
+			error = vi_symlookup(&lookup, symstr);
+			CURVNET_RESTORE();
+			if (error == 0)
+				error = copyout(&lookup, uap->data,
+						sizeof(lookup));
+		}
+#else
 		if (lf == NULL)
 			error = ENOENT;
+#endif
 	}
 	KLD_UNLOCK();
 out:

Added: head/sys/kern/kern_vimage.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sys/kern/kern_vimage.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -0,0 +1,98 @@
+/*-
+ * Copyright (c) 2004-2008 University of Zagreb
+ * Copyright (c) 2006-2008 FreeBSD Foundation
+ *
+ * This software was developed by the University of Zagreb and the
+ * FreeBSD Foundation under sponsorship by the Stichting NLnet and the
+ * FreeBSD Foundation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/kernel.h>
+#include <sys/linker.h>
+#include <sys/malloc.h>
+#include <sys/systm.h>
+#include <sys/vimage.h>
+
+#ifndef VIMAGE_GLOBALS
+
+MALLOC_DEFINE(M_VIMAGE, "vimage", "vimage resource container");
+
+static TAILQ_HEAD(vnet_modlink_head, vnet_modlink) vnet_modlink_head;
+
+void
+vnet_mod_register(const struct vnet_modinfo *vmi)
+{
+	struct vnet_modlink *vml, *vml_iter;
+	
+	/* Do not register the same module instance more than once. */
+	TAILQ_FOREACH(vml_iter, &vnet_modlink_head, vml_mod_le)
+		if (vml_iter->vml_modinfo == vmi)
+			panic("%s: %s", __func__, vmi->vmi_name);
+	vml = malloc(sizeof(struct vnet_modlink), M_VIMAGE, M_NOWAIT);
+	vml->vml_modinfo = vmi;
+	TAILQ_INSERT_TAIL(&vnet_modlink_head, vml, vml_mod_le);
+}
+
+/*
+ * vi_symlookup() attempts to resolve name to address queries for
+ * variables which have been moved from global namespace to virtualization
+ * container structures, but are still directly accessed from legacy
+ * userspace processes via kldsym(2) and kmem(4) interfaces.
+ */
+int
+vi_symlookup(struct kld_sym_lookup *lookup, char *symstr)
+{
+	struct vnet_modlink *vml;
+	struct vnet_symmap *mapentry;
+
+	TAILQ_FOREACH(vml, &vnet_modlink_head, vml_mod_le) {
+		if (vml->vml_modinfo->vmi_symmap == NULL)
+			continue;
+		for (mapentry = vml->vml_modinfo->vmi_symmap;
+		     mapentry->name != NULL; mapentry++) {
+			if (strcmp(symstr, mapentry->name) == 0) {
+				lookup->symvalue = (u_long) mapentry->base;
+				lookup->symsize = mapentry->size;
+				return (0);
+			}
+		}
+	}
+	return (ENOENT);
+}
+
+static void
+vi_init(void *unused)
+{
+
+	TAILQ_INIT(&vnet_modlink_head);
+}
+
+SYSINIT(vimage, SI_SUB_VIMAGE, SI_ORDER_FIRST, vi_init, NULL);
+
+#endif /* !VIMAGE_GLOBALS */

Modified: head/sys/net/if.c
==============================================================================
--- head/sys/net/if.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/net/if.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -90,6 +90,12 @@
 
 #include <security/mac/mac_framework.h>
 
+#ifndef VIMAGE
+#ifndef VIMAGE_GLOBALS
+struct vnet_net vnet_net_0;
+#endif
+#endif
+
 SYSCTL_NODE(_net, PF_LINK, link, CTLFLAG_RW, 0, "Link layers");
 SYSCTL_NODE(_net_link, 0, generic, CTLFLAG_RW, 0, "Generic link-management");
 
@@ -161,6 +167,19 @@ static int	filt_netdev(struct knote *kn,
 static struct filterops netdev_filtops =
     { 1, NULL, filt_netdetach, filt_netdev };
 
+#ifndef VIMAGE_GLOBALS
+static struct vnet_symmap vnet_net_symmap[] = {
+        VNET_SYMMAP(net, ifnet),
+        VNET_SYMMAP(net, rt_tables),
+        VNET_SYMMAP(net, rtstat),
+        VNET_SYMMAP(net, rttrash),
+        VNET_SYMMAP_END
+};
+
+VNET_MOD_DECLARE(NET, net, vnet_net_iattach, vnet_net_idetach,
+    NONE, vnet_net_symmap)
+#endif
+
 /*
  * System initialization
  */
@@ -361,6 +380,10 @@ if_init(void *dummy __unused)
 {
 	INIT_VNET_NET(curvnet);
 
+#ifndef VIMAGE_GLOBALS
+	vnet_mod_register(&vnet_net_modinfo);
+#endif
+
 	V_if_index = 0;
 	V_ifindex_table = NULL;
 	V_if_indexlim = 8;

Modified: head/sys/net/if_bridge.c
==============================================================================
--- head/sys/net/if_bridge.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/net/if_bridge.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -100,6 +100,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/proc.h>
 #include <sys/lock.h>
 #include <sys/mutex.h>
+#include <sys/rwlock.h>
 #include <sys/vimage.h>
 
 #include <net/bpf.h>
@@ -3041,7 +3042,7 @@ bridge_pfil(struct mbuf **mp, struct ifn
 	}
 
 	if (IPFW_LOADED && pfil_ipfw != 0 && dir == PFIL_OUT && ifp != NULL) {
-		INIT_VNET_IPFW(curvnet);
+		INIT_VNET_INET(curvnet);
 
 		error = -1;
 		args.rule = ip_dn_claim_rule(*mp);

Modified: head/sys/net/if_ethersubr.c
==============================================================================
--- head/sys/net/if_ethersubr.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/net/if_ethersubr.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -42,10 +42,12 @@
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/kernel.h>
+#include <sys/lock.h>
 #include <sys/malloc.h>
 #include <sys/module.h>
 #include <sys/mbuf.h>
 #include <sys/random.h>
+#include <sys/rwlock.h>
 #include <sys/socket.h>
 #include <sys/sockio.h>
 #include <sys/sysctl.h>
@@ -71,6 +73,7 @@
 #include <netinet/if_ether.h>
 #include <netinet/ip_fw.h>
 #include <netinet/ip_dummynet.h>
+#include <netinet/vinet.h>
 #endif
 #ifdef INET6
 #include <netinet6/nd6.h>
@@ -426,7 +429,7 @@ int
 ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst,
 	struct ip_fw **rule, int shared)
 {
-	INIT_VNET_IPFW(dst->if_vnet);
+	INIT_VNET_INET(dst->if_vnet);
 	struct ether_header *eh;
 	struct ether_header save_eh;
 	struct mbuf *m;

Modified: head/sys/net/if_gif.c
==============================================================================
--- head/sys/net/if_gif.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/net/if_gif.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -95,6 +95,12 @@
 static struct mtx gif_mtx;
 static MALLOC_DEFINE(M_GIF, "gif", "Generic Tunnel Interface");
 
+#ifndef VIMAGE
+#ifndef VIMAGE_GLOBALS
+struct vnet_gif vnet_gif_0;
+#endif
+#endif
+
 #ifdef VIMAGE_GLOBALS
 static LIST_HEAD(, gif_softc) gif_softc_list;
 static int max_gif_nesting;

Modified: head/sys/net/if_gif.h
==============================================================================
--- head/sys/net/if_gif.h	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/net/if_gif.h	Wed Dec 10 23:12:39 2008	(r185895)
@@ -113,7 +113,7 @@ int gif_encapcheck(const struct mbuf *, 
 /*
  * Virtualization support
  */
-#ifdef VIMAGE
+
 struct vnet_gif {
 	LIST_HEAD(, gif_softc) _gif_softc_list;
 	int	_max_gif_nesting;
@@ -121,6 +121,11 @@ struct vnet_gif {
 	int	_ip_gif_ttl;
 	int	_ip6_gif_hlim;
 };
+
+#ifndef VIMAGE
+#ifndef VIMAGE_GLOBALS
+extern struct vnet_gif vnet_gif_0;
+#endif
 #endif
 
 #define	INIT_VNET_GIF(vnet) \

Modified: head/sys/net/vnet.h
==============================================================================
--- head/sys/net/vnet.h	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/net/vnet.h	Wed Dec 10 23:12:39 2008	(r185895)
@@ -37,9 +37,7 @@
 
 #include <sys/param.h>
 #include <sys/systm.h>
-#include <sys/proc.h>
 #include <sys/protosw.h>
-#include <sys/socket.h>
 
 #include <net/if.h>
 #include <net/if_var.h>
@@ -67,6 +65,12 @@ struct vnet_net {
 	int	_ether_ipfw;
 };
 
+#ifndef VIMAGE
+#ifndef VIMAGE_GLOBALS
+extern struct vnet_net vnet_net_0;
+#endif
+#endif
+
 /*
  * Symbol translation macros
  */

Modified: head/sys/netgraph/netgraph.h
==============================================================================
--- head/sys/netgraph/netgraph.h	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netgraph/netgraph.h	Wed Dec 10 23:12:39 2008	(r185895)
@@ -1205,6 +1205,12 @@ struct vnet_netgraph {
 	struct unrhdr		*_ng_wormhole_unit;
 };
 
+#ifndef VIMAGE
+#ifndef VIMAGE_GLOBALS
+extern struct vnet_netgraph vnet_netgraph_0;
+#endif
+#endif
+
 /* Symbol translation macros */
 #define	V_nextID		VNET_NETGRAPH(nextID)
 #define	V_ng_ID_hash		VNET_NETGRAPH(ng_ID_hash)

Modified: head/sys/netgraph/ng_base.c
==============================================================================
--- head/sys/netgraph/ng_base.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netgraph/ng_base.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -72,6 +72,12 @@
 
 MODULE_VERSION(netgraph, NG_ABI_VERSION);
 
+#ifndef VIMAGE
+#ifndef VIMAGE_GLOBALS
+struct vnet_netgraph vnet_netgraph_0;
+#endif
+#endif
+
 /* Mutex to protect topology events. */
 static struct mtx	ng_topo_mtx;
 
@@ -167,7 +173,9 @@ static struct mtx	ng_typelist_mtx;
 
 /* Hash related definitions */
 /* XXX Don't need to initialise them because it's a LIST */
+#ifdef VIMAGE_GLOBALS
 static LIST_HEAD(, ng_node) ng_ID_hash[NG_ID_HASH_SIZE];
+#endif
 static struct mtx	ng_idhash_mtx;
 /* Method to find a node.. used twice so do it here */
 #define NG_IDHASH_FN(ID) ((ID) % (NG_ID_HASH_SIZE))
@@ -183,7 +191,9 @@ static struct mtx	ng_idhash_mtx;
 		}							\
 	} while (0)
 
+#ifdef VIMAGE_GLOBALS
 static LIST_HEAD(, ng_node) ng_name_hash[NG_NAME_HASH_SIZE];
+#endif
 static struct mtx	ng_namehash_mtx;
 #define NG_NAMEHASH(NAME, HASH)				\
 	do {						\
@@ -348,7 +358,9 @@ ng_alloc_node(void)
 #define TRAP_ERROR()
 #endif
 
-static	ng_ID_t nextID = 1;
+#ifdef VIMAGE_GLOBALS
+static	ng_ID_t nextID;
+#endif
 
 #ifdef INVARIANTS
 #define CHECK_DATA_MBUF(m)	do {					\
@@ -3063,6 +3075,7 @@ ngb_mod_event(module_t mod, int event, v
 	switch (event) {
 	case MOD_LOAD:
 		/* Initialize everything. */
+		V_nextID = 1;
 		NG_WORKLIST_LOCK_INIT();
 		mtx_init(&ng_typelist_mtx, "netgraph types mutex", NULL,
 		    MTX_DEF);

Modified: head/sys/netgraph/ng_bridge.c
==============================================================================
--- head/sys/netgraph/ng_bridge.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netgraph/ng_bridge.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -61,9 +61,11 @@
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/kernel.h>
+#include <sys/lock.h>
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
 #include <sys/errno.h>
+#include <sys/rwlock.h>
 #include <sys/syslog.h>
 #include <sys/socket.h>
 #include <sys/ctype.h>

Modified: head/sys/netgraph/ng_eiface.c
==============================================================================
--- head/sys/netgraph/ng_eiface.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netgraph/ng_eiface.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -113,7 +113,9 @@ static struct ng_type typestruct = {
 };
 NETGRAPH_INIT(eiface, &typestruct);
 
+#ifdef VIMAGE_GLOBALS
 static struct unrhdr	*ng_eiface_unit;
+#endif
 
 /************************************************************************
 			INTERFACE STUFF

Modified: head/sys/netgraph/ng_iface.c
==============================================================================
--- head/sys/netgraph/ng_iface.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netgraph/ng_iface.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -208,7 +208,9 @@ static struct ng_type typestruct = {
 };
 NETGRAPH_INIT(iface, &typestruct);
 
+#ifdef VIMAGE_GLOBALS
 static struct unrhdr	*ng_iface_unit;
+#endif
 
 /************************************************************************
 			HELPER STUFF

Modified: head/sys/netgraph/ng_ipfw.c
==============================================================================
--- head/sys/netgraph/ng_ipfw.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netgraph/ng_ipfw.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -29,10 +29,12 @@
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/kernel.h>
+#include <sys/lock.h>
 #include <sys/mbuf.h>
 #include <sys/malloc.h>
 #include <sys/ctype.h>
 #include <sys/errno.h>
+#include <sys/rwlock.h>
 #include <sys/socket.h>
 #include <sys/syslog.h>
 

Modified: head/sys/netinet/in_proto.c
==============================================================================
--- head/sys/netinet/in_proto.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netinet/in_proto.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -46,6 +46,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/kernel.h>
 #include <sys/socket.h>
 #include <sys/domain.h>
+#include <sys/proc.h>
 #include <sys/protosw.h>
 #include <sys/queue.h>
 #include <sys/sysctl.h>

Modified: head/sys/netinet/ip_divert.c
==============================================================================
--- head/sys/netinet/ip_divert.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netinet/ip_divert.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -52,6 +52,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/priv.h>
 #include <sys/proc.h>
 #include <sys/protosw.h>
+#include <sys/rwlock.h>
 #include <sys/signalvar.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
@@ -167,7 +168,7 @@ div_init(void)
 	V_divcbinfo.ipi_zone = uma_zcreate("divcb", sizeof(struct inpcb),
 	    NULL, NULL, div_inpcb_init, div_inpcb_fini, UMA_ALIGN_PTR,
 	    UMA_ZONE_NOFREE);
-	uma_zone_set_max(divcbinfo.ipi_zone, maxsockets);
+	uma_zone_set_max(V_divcbinfo.ipi_zone, maxsockets);
 	EVENTHANDLER_REGISTER(maxsockets_change, div_zone_change,
 		NULL, EVENTHANDLER_PRI_ANY);
 }

Modified: head/sys/netinet/ip_dummynet.c
==============================================================================
--- head/sys/netinet/ip_dummynet.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netinet/ip_dummynet.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -62,9 +62,11 @@ __FBSDID("$FreeBSD$");
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
 #include <sys/kernel.h>
+#include <sys/lock.h>
 #include <sys/module.h>
 #include <sys/priv.h>
 #include <sys/proc.h>
+#include <sys/rwlock.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
 #include <sys/time.h>

Modified: head/sys/netinet/ip_fw.h
==============================================================================
--- head/sys/netinet/ip_fw.h	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netinet/ip_fw.h	Wed Dec 10 23:12:39 2008	(r185895)
@@ -650,8 +650,6 @@ typedef	int ip_fw_chk_t(struct ip_fw_arg
 extern	ip_fw_chk_t	*ip_fw_chk_ptr;
 #define	IPFW_LOADED	(ip_fw_chk_ptr != NULL)
 
-#ifdef IPFW_INTERNAL
-
 struct ip_fw_chain {
 	struct ip_fw	*rules;		/* list of rules */
 	struct ip_fw	*reap;		/* list of rules to reap */
@@ -659,6 +657,9 @@ struct ip_fw_chain {
 	struct radix_node_head *tables[IPFW_TABLES_MAX];
 	struct rwlock	rwmtx;
 };
+
+#ifdef IPFW_INTERNAL
+
 #define	IPFW_LOCK_INIT(_chain) \
 	rw_init(&(_chain)->rwmtx, "IPFW static rules")
 #define	IPFW_LOCK_DESTROY(_chain)	rw_destroy(&(_chain)->rwmtx)
@@ -684,9 +685,7 @@ typedef int ipfw_nat_cfg_t(struct sockop
 /*
  * Stack virtualization support.
  */
-#ifdef VIMAGE
 struct vnet_ipfw {
-	int	_fw_one_pass;
 	int	_fw_enable;
 	int	_fw6_enable;
 	u_int32_t _set_disable;
@@ -716,6 +715,11 @@ struct vnet_ipfw {
 	struct callout _ipfw_timeout;
 	eventhandler_tag _ifaddr_event_tag;
 };
+
+#ifndef VIMAGE
+#ifndef VIMAGE_GLOBALS
+extern struct vnet_ipfw vnet_ipfw_0;
+#endif
 #endif
 
 /*
@@ -726,7 +730,6 @@ struct vnet_ipfw {
  
 #define	VNET_IPFW(sym)		VSYM(vnet_ipfw, sym)
  
-#define	V_fw_one_pass		VNET_IPFW(fw_one_pass)
 #define	V_fw_enable		VNET_IPFW(fw_enable)
 #define	V_fw6_enable		VNET_IPFW(fw6_enable)
 #define	V_set_disable		VNET_IPFW(set_disable)

Modified: head/sys/netinet/ip_fw2.c
==============================================================================
--- head/sys/netinet/ip_fw2.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netinet/ip_fw2.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -110,6 +110,12 @@ __FBSDID("$FreeBSD$");
 
 #include <security/mac/mac_framework.h>
 
+#ifndef VIMAGE
+#ifndef VIMAGE_GLOBALS
+struct vnet_ipfw vnet_ipfw_0;
+#endif
+#endif
+
 /*
  * set_disable contains one bit per set value (0..31).
  * If the bit is set, all rules with the corresponding set
@@ -118,12 +124,13 @@ __FBSDID("$FreeBSD$");
  * and CANNOT be disabled.
  * Rules in set RESVD_SET can only be deleted explicitly.
  */
+#ifdef VIMAGE_GLOBALS
 static u_int32_t set_disable;
-
 static int fw_verbose;
+static struct callout ipfw_timeout;
+#endif
 static int verbose_limit;
 
-static struct callout ipfw_timeout;
 static uma_zone_t ipfw_dyn_rule_zone;
 
 /*
@@ -159,8 +166,10 @@ struct table_entry {
 	u_int32_t		value;
 };
 
-static int fw_debug = 1;
-static int autoinc_step = 100; /* bounded to 1..1000 in add_rule() */
+#ifdef VIMAGE_GLOBALS
+static int fw_debug;
+static int autoinc_step;
+#endif
 
 extern int ipfw_chg_hook(SYSCTL_HANDLER_ARGS);
 
@@ -171,7 +180,7 @@ SYSCTL_V_PROC(V_NET, vnet_ipfw, _net_ine
     ipfw_chg_hook, "I", "Enable ipfw");
 SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, autoinc_step,
     CTLFLAG_RW, autoinc_step, 0, "Rule number autincrement step");
-SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, one_pass,
+SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip_fw, OID_AUTO, one_pass,
     CTLFLAG_RW | CTLFLAG_SECURE3, fw_one_pass, 0,
     "Only do a single pass through ipfw when using dummynet(4)");
 SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, debug, CTLFLAG_RW,
@@ -222,9 +231,11 @@ SYSCTL_UINT(_net_inet_ip_fw, OID_AUTO, t
  * obey the 'randomized match', and we do not do multiple
  * passes through the firewall. XXX check the latter!!!
  */
-static ipfw_dyn_rule **ipfw_dyn_v = NULL;
-static u_int32_t dyn_buckets = 256; /* must be power of 2 */
-static u_int32_t curr_dyn_buckets = 256; /* must be power of 2 */
+#ifdef VIMAGE_GLOBALS
+static ipfw_dyn_rule **ipfw_dyn_v;
+static u_int32_t dyn_buckets;
+static u_int32_t curr_dyn_buckets;
+#endif
 
 static struct mtx ipfw_dyn_mtx;		/* mutex guarding dynamic rules */
 #define	IPFW_DYN_LOCK_INIT() \
@@ -237,12 +248,13 @@ static struct mtx ipfw_dyn_mtx;		/* mute
 /*
  * Timeouts for various events in handing dynamic rules.
  */
-static u_int32_t dyn_ack_lifetime = 300;
-static u_int32_t dyn_syn_lifetime = 20;
-static u_int32_t dyn_fin_lifetime = 1;
-static u_int32_t dyn_rst_lifetime = 1;
-static u_int32_t dyn_udp_lifetime = 10;
-static u_int32_t dyn_short_lifetime = 5;
+#ifdef VIMAGE_GLOBALS
+static u_int32_t dyn_ack_lifetime;
+static u_int32_t dyn_syn_lifetime;
+static u_int32_t dyn_fin_lifetime;
+static u_int32_t dyn_rst_lifetime;
+static u_int32_t dyn_udp_lifetime;
+static u_int32_t dyn_short_lifetime;
 
 /*
  * Keepalives are sent if dyn_keepalive is set. They are sent every
@@ -252,14 +264,15 @@ static u_int32_t dyn_short_lifetime = 5;
  * than dyn_keepalive_period.
  */
 
-static u_int32_t dyn_keepalive_interval = 20;
-static u_int32_t dyn_keepalive_period = 5;
-static u_int32_t dyn_keepalive = 1;	/* do send keepalives */
+static u_int32_t dyn_keepalive_interval;
+static u_int32_t dyn_keepalive_period;
+static u_int32_t dyn_keepalive;
 
 static u_int32_t static_count;	/* # of static rules */
 static u_int32_t static_len;	/* size in bytes of static rules */
-static u_int32_t dyn_count;		/* # of dynamic rules */
-static u_int32_t dyn_max = 4096;	/* max # of dynamic rules */
+static u_int32_t dyn_count;	/* # of dynamic rules */
+static u_int32_t dyn_max;	/* max # of dynamic rules */
+#endif /* VIMAGE_GLOBALS */
 
 SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, dyn_buckets,
     CTLFLAG_RW, dyn_buckets, 0, "Number of dyn. buckets");
@@ -299,8 +312,9 @@ static struct sysctl_oid *ip6_fw_sysctl_
 #endif /* INET6 */
 #endif /* SYSCTL_NODE */
 
-static int fw_deny_unknown_exthdrs = 1;
-
+#ifdef VIMAGE_GLOBALS
+static int fw_deny_unknown_exthdrs;
+#endif
 
 /*
  * L3HDR maps an ipv4 pointer into a layer3 header pointer of type T
@@ -748,7 +762,9 @@ send_reject6(struct ip_fw_args *args, in
 
 #endif /* INET6 */
 
+#ifdef VIMAGE_GLOBALS
 static u_int64_t norule_counter;	/* counter for ipfw_log(NULL...) */
+#endif
 
 #define SNPARGS(buf, len) buf + len, sizeof(buf) > len ? sizeof(buf) - len : 0
 #define SNP(buf) buf, sizeof(buf)
@@ -4510,6 +4526,28 @@ ipfw_init(void)
 	struct ip_fw default_rule;
 	int error;
 
+	V_fw_debug = 1;
+	V_autoinc_step = 100;	/* bounded to 1..1000 in add_rule() */
+
+	V_ipfw_dyn_v = NULL;
+	V_dyn_buckets = 256;	/* must be power of 2 */
+	V_curr_dyn_buckets = 256; /* must be power of 2 */
+
+	V_dyn_ack_lifetime = 300;
+	V_dyn_syn_lifetime = 20;
+	V_dyn_fin_lifetime = 1;
+	V_dyn_rst_lifetime = 1;
+	V_dyn_udp_lifetime = 10;
+	V_dyn_short_lifetime = 5;
+
+	V_dyn_keepalive_interval = 20;
+	V_dyn_keepalive_period = 5;
+	V_dyn_keepalive = 1;	/* do send keepalives */
+
+	V_dyn_max = 4096;	/* max # of dynamic rules */
+
+	V_fw_deny_unknown_exthdrs = 1;
+
 #ifdef INET6
 	/* Setup IPv6 fw sysctl tree. */
 	sysctl_ctx_init(&ip6_fw_sysctl_ctx);

Modified: head/sys/netinet/ip_fw_nat.c
==============================================================================
--- head/sys/netinet/ip_fw_nat.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netinet/ip_fw_nat.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -71,7 +71,9 @@ MALLOC_DECLARE(M_IPFW);
 
 extern struct ip_fw_chain layer3_chain;
 
+#ifdef VIMAGE_GLOBALS
 static eventhandler_tag ifaddr_event_tag;
+#endif
 
 extern ipfw_nat_t *ipfw_nat_ptr;
 extern ipfw_nat_cfg_t *ipfw_nat_cfg_ptr;

Modified: head/sys/netinet/ip_fw_pfil.c
==============================================================================
--- head/sys/netinet/ip_fw_pfil.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netinet/ip_fw_pfil.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -43,6 +43,8 @@ __FBSDID("$FreeBSD$");
 #include <sys/mbuf.h>
 #include <sys/module.h>
 #include <sys/kernel.h>
+#include <sys/lock.h>
+#include <sys/rwlock.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
 #include <sys/sysctl.h>

Modified: head/sys/netinet/ip_input.c
==============================================================================
--- head/sys/netinet/ip_input.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netinet/ip_input.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -49,6 +49,8 @@ __FBSDID("$FreeBSD$");
 #include <sys/socket.h>
 #include <sys/time.h>
 #include <sys/kernel.h>
+#include <sys/lock.h>
+#include <sys/rwlock.h>
 #include <sys/syslog.h>
 #include <sys/sysctl.h>
 #include <sys/vimage.h>
@@ -91,6 +93,12 @@ __FBSDID("$FreeBSD$");
 CTASSERT(sizeof(struct ip) == 20);
 #endif
 
+#ifndef VIMAGE
+#ifndef VIMAGE_GLOBALS
+struct vnet_inet vnet_inet_0;
+#endif
+#endif
+
 #ifdef VIMAGE_GLOBALS
 static int	ipsendredirects;
 static int	ip_checkinterface;
@@ -170,7 +178,9 @@ SYSCTL_INT(_net_inet_ip, IPCTL_INTRQDROP
 SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_ip, IPCTL_STATS, stats, CTLFLAG_RW,
     ipstat, ipstat, "IP statistics (struct ipstat, netinet/ip_var.h)");
 
+#ifdef VIMAGE_GLOBALS
 static uma_zone_t ipq_zone;
+#endif
 static struct mtx ipqlock;
 
 #define	IPQ_LOCK()	mtx_lock(&ipqlock)
@@ -207,7 +217,9 @@ SYSCTL_V_INT(V_NET, vnet_inet, _net_inet
  */
 ip_fw_chk_t *ip_fw_chk_ptr = NULL;
 ip_dn_io_t *ip_dn_io_ptr = NULL;
-int fw_one_pass = 1;
+#ifdef VIMAGE_GLOBALS
+int fw_one_pass;
+#endif
 
 static void	ip_freef(struct ipqhead *, struct ipq *);
 
@@ -246,6 +258,8 @@ ip_init(void)
 	V_ipport_randomtime = 45;	/* user controlled via sysctl */
 	V_ipport_stoprandom = 0;	/* toggled by ipport_tick */
 
+	V_fw_one_pass = 1;
+
 #ifdef NOTYET
 	/* XXX global static but not instantiated in this file */
 	V_ipfastforward_active = 0;

Modified: head/sys/netinet/ip_output.c
==============================================================================
--- head/sys/netinet/ip_output.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netinet/ip_output.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -793,7 +793,6 @@ done:
 void
 in_delayed_cksum(struct mbuf *m)
 {
-	INIT_VNET_INET(curvnet);
 	struct ip *ip;
 	u_short csum, offset;
 

Modified: head/sys/netinet/ip_var.h
==============================================================================
--- head/sys/netinet/ip_var.h	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netinet/ip_var.h	Wed Dec 10 23:12:39 2008	(r185895)
@@ -177,6 +177,7 @@ struct sockopt;
 
 extern struct	ipstat	ipstat;
 extern u_short	ip_id;			/* ip packet ctr, for ids */
+extern int	ip_do_randomid;
 extern int	ip_defttl;		/* default IP ttl */
 extern int	ipforwarding;		/* ip forwarding */
 #ifdef IPSTEALTH

Modified: head/sys/netinet/libalias/alias_db.c
==============================================================================
--- head/sys/netinet/libalias/alias_db.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netinet/libalias/alias_db.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -146,7 +146,9 @@ __FBSDID("$FreeBSD$");
 #include <machine/stdarg.h>
 #include <sys/param.h>
 #include <sys/kernel.h>
+#include <sys/lock.h>
 #include <sys/module.h>
+#include <sys/rwlock.h>
 #include <sys/syslog.h>
 #else
 #include <stdarg.h>

Modified: head/sys/netinet/raw_ip.c
==============================================================================
--- head/sys/netinet/raw_ip.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netinet/raw_ip.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -46,6 +46,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/priv.h>
 #include <sys/proc.h>
 #include <sys/protosw.h>
+#include <sys/rwlock.h>
 #include <sys/signalvar.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>

Modified: head/sys/netinet/sctp_os_bsd.h
==============================================================================
--- head/sys/netinet/sctp_os_bsd.h	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netinet/sctp_os_bsd.h	Wed Dec 10 23:12:39 2008	(r185895)
@@ -68,6 +68,7 @@ __FBSDID("$FreeBSD$");
 #include <net/if_types.h>
 #include <net/if_var.h>
 #include <net/route.h>
+#include <net/vnet.h>
 
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
@@ -96,6 +97,7 @@ __FBSDID("$FreeBSD$");
 #include <netinet6/ip6protosw.h>
 #include <netinet6/nd6.h>
 #include <netinet6/scope6_var.h>
+#include <netinet6/vinet6.h>
 #endif				/* INET6 */
 
 
@@ -152,13 +154,8 @@ MALLOC_DECLARE(SCTP_M_SOCKOPT);
 #define MOD_IPSEC ipsec
 
 /* then define the macro(s) that hook into the vimage macros */
-#if defined(__FreeBSD__) && __FreeBSD_version >= 800044 && defined(VIMAGE)
-#if 0
-#define VSYMNAME(__MODULE) vnet_ ## __MODULE
-#define MODULE_GLOBAL(__MODULE, __SYMBOL) VSYM(VSYMNAME(__MODULE), __SYMBOL)
-#else
+#if defined(__FreeBSD__) && __FreeBSD_version >= 800056
 #define MODULE_GLOBAL(__MODULE, __SYMBOL) V_ ## __SYMBOL
-#endif
 #else
 #define MODULE_GLOBAL(__MODULE, __SYMBOL) (__SYMBOL)
 #endif

Modified: head/sys/netinet/sctp_pcb.c
==============================================================================
--- head/sys/netinet/sctp_pcb.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netinet/sctp_pcb.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -59,11 +59,11 @@ SCTP6_ARE_ADDR_EQUAL(struct sockaddr_in6
 	struct sockaddr_in6 tmp_a, tmp_b;
 
 	memcpy(&tmp_a, a, sizeof(struct sockaddr_in6));
-	if (sa6_embedscope(&tmp_a, MODULE_GLOBAL(MOD_INET6, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone))) != 0) {
+	if (sa6_embedscope(&tmp_a, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone)) != 0) {
 		return 0;
 	}
 	memcpy(&tmp_b, b, sizeof(struct sockaddr_in6));
-	if (sa6_embedscope(&tmp_b, MODULE_GLOBAL(MOD_INET6, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone))) != 0) {
+	if (sa6_embedscope(&tmp_b, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone)) != 0) {
 		return 0;
 	}
 	return (IN6_ARE_ADDR_EQUAL(&tmp_a.sin6_addr, &tmp_b.sin6_addr));
@@ -2008,7 +2008,7 @@ sctp_findassociation_addr(struct mbuf *m
 			/* Get the scopes in properly to the sin6 addr's */
 			/* we probably don't need these operations */
 			(void)sa6_recoverscope(from6);
-			sa6_embedscope(from6, MODULE_GLOBAL(MOD_INET6, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone)));
+			sa6_embedscope(from6, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone));
 			break;
 		}
 #endif
@@ -2049,7 +2049,7 @@ sctp_findassociation_addr(struct mbuf *m
 			/* Get the scopes in properly to the sin6 addr's */
 			/* we probably don't need these operations */
 			(void)sa6_recoverscope(to6);
-			sa6_embedscope(to6, MODULE_GLOBAL(MOD_INET6, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone)));
+			sa6_embedscope(to6, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone));
 			break;
 		}
 #endif

Modified: head/sys/netinet/tcp_sack.c
==============================================================================
--- head/sys/netinet/tcp_sack.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netinet/tcp_sack.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -135,7 +135,6 @@ int tcp_sack_globalholes;
 SYSCTL_NODE(_net_inet_tcp, OID_AUTO, sack, CTLFLAG_RW, 0, "TCP SACK");
 SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_sack, OID_AUTO, enable,
     CTLFLAG_RW, tcp_do_sack, 0, "Enable/Disable TCP SACK support");
-TUNABLE_INT("net.inet.tcp.sack.enable", &tcp_do_sack);
 
 SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_sack, OID_AUTO, maxholes,
     CTLFLAG_RW, tcp_sack_maxholes, 0, 

Modified: head/sys/netinet/tcp_subr.c
==============================================================================
--- head/sys/netinet/tcp_subr.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netinet/tcp_subr.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -203,7 +203,7 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, do_t
     "Enable tcp_drain routine for extra help when low on mbufs");
 
 SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, pcbcount,
-    CTLFLAG_RD, V_tcbinfo.ipi_count, 0, "Number of active PCBs");
+    CTLFLAG_RD, tcbinfo.ipi_count, 0, "Number of active PCBs");
 
 SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, icmp_may_rst,
     CTLFLAG_RW, icmp_may_rst, 0,
@@ -359,6 +359,8 @@ tcp_init(void)
 	V_tcp_inflight_rttthresh = TCPTV_INFLIGHT_RTTTHRESH;
 	tcp_finwait2_timeout = TCPTV_FINWAIT2_TIMEOUT;
 
+	TUNABLE_INT_FETCH("net.inet.tcp.sack.enable", &V_tcp_do_sack);
+
 	INP_INFO_LOCK_INIT(&V_tcbinfo, "tcp");
 	LIST_INIT(&V_tcb);
 	V_tcbinfo.ipi_listhead = &V_tcb;

Modified: head/sys/netinet/udp_usrreq.c
==============================================================================
--- head/sys/netinet/udp_usrreq.c	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netinet/udp_usrreq.c	Wed Dec 10 23:12:39 2008	(r185895)
@@ -1198,7 +1198,7 @@ udp_connect(struct socket *so, struct so
 	sin = (struct sockaddr_in *)nam;
 	if (prison_remote_ip4(td->td_ucred, &sin->sin_addr) != 0) {
 		INP_WUNLOCK(inp);
-		INP_INFO_WUNLOCK(&udbinfo);
+		INP_INFO_WUNLOCK(&V_udbinfo);
 		return (EAFNOSUPPORT);
 	}
 	error = in_pcbconnect(inp, nam, td->td_ucred);

Modified: head/sys/netinet/vinet.h
==============================================================================
--- head/sys/netinet/vinet.h	Wed Dec 10 22:50:11 2008	(r185894)
+++ head/sys/netinet/vinet.h	Wed Dec 10 23:12:39 2008	(r185895)
@@ -194,8 +194,16 @@ struct vnet_inet {
 	int	_icmp_rfi;
 	int	_icmp_quotelen;
 	int	_icmpbmcastecho;
+
+	int	_fw_one_pass;
 };
 
+#ifndef VIMAGE
+#ifndef VIMAGE_GLOBALS
+extern struct vnet_inet vnet_inet_0;
+#endif
+#endif
+
 /*
  * Symbol translation macros
  */
@@ -212,6 +220,7 @@ struct vnet_inet {
 #define	V_divcbinfo		VNET_INET(divcbinfo)

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812102312.mBANCeaE045870>