diff --git a/Makefile.am b/Makefile.am
index 271a6c13..26fda233 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -31,7 +31,6 @@ EXTRA_DIST = bootstrap.sh LICENSE \
README-Xen Changelog kernel \
python-prefix.py revision.sh \
.version .version.date \
- packaging/bsd \
packaging/deb/compat \
packaging/deb/copyright \
packaging/deb/changelog \
@@ -55,7 +54,6 @@ MAINTAINERCLEANFILES = \
# don't include svn dirs in source tarball
dist-hook:
rm -rf `find $(distdir)/kernel -name .svn`
- rm -rf $(distdir)/packaging/bsd/.svn
# build a source RPM
.PHONY: rpm
diff --git a/bootstrap.sh b/bootstrap.sh
index d1c2f227..ab3d741c 100755
--- a/bootstrap.sh
+++ b/bootstrap.sh
@@ -7,16 +7,17 @@
# Bootstrap the autoconf system.
#
-if [ x$1 = x ]; then # PASS
+# PASS
+if [ x$1 = x ]; then
echo "Bootstrapping the autoconf system..."
-# echo " These autotools programs should be installed for this script to work:"
-# echo " aclocal, libtoolize, autoheader, automake, autoconf"
echo "(Messages below about copying and installing files are normal.)"
-elif [ x$1 = xclean ]; then # clean - take out the trash
+# clean - take out the trash
+elif [ x$1 = xclean ]; then
echo "Cleaning up the autoconf mess..."
- rm -rf autom4te.cache config BSDmakefile
+ rm -rf autom4te.cache config
exit 0;
-else # help text
+# help text
+else
echo "usage: $0 [clean]"
echo -n " Use this script to bootstrap the autoconf build system prior to "
echo "running the "
@@ -29,15 +30,6 @@ if ! [ -d "config" ]; then
mkdir config
fi
-# on FreeBSD, discourage use of make
-UNAME=`uname`
-if [ x${UNAME} = xFreeBSD ]; then
- echo "all:" > BSDmakefile
- echo ' @echo "Please use GNU make instead by typing:"' >> BSDmakefile
- echo ' @echo " gmake"' >> BSDmakefile
- echo ' @echo ""' >> BSDmakefile
-fi
-
# bootstrapping
echo "(1/4) Running aclocal..." && aclocal -I config \
&& echo "(2/4) Running autoheader..." && autoheader \
diff --git a/configure.ac b/configure.ac
index b309eb30..9bd21586 100644
--- a/configure.ac
+++ b/configure.ac
@@ -104,7 +104,6 @@ AC_ARG_ENABLE([daemon],
AC_SUBST(enable_daemon)
if test "x$enable_daemon" = "xno"; then
want_python=no
- want_bsd=no
want_linux_netns=no
fi
@@ -211,18 +210,9 @@ if test "x$enable_daemon" = "xyes" ; then
fi
# Host-specific detection
-want_linux_netns=no
-want_bsd=no
-if test `uname -s` = "FreeBSD"; then
- want_bsd=yes
- AC_CHECK_PROGS(gmake)
- # FreeBSD fix for linking libev port below
- CFLAGS="$CFLAGS -L/usr/local/lib"
-else
- want_linux_netns=yes
-fi
+want_linux_netns=yes
+
if test "x$want_python" = "xno"; then
- want_bsd=no
want_linux_netns=no
fi
@@ -283,17 +273,6 @@ if test "x$want_linux_netns" = "xyes"; then
AC_MSG_ERROR([Could not locate tc (from iproute package).])
fi
fi
-if test "x$want_bsd" = "xyes"; then
- if test "x$ifconfig_path" = "xno" ; then
- AC_MSG_ERROR([Could not locate the 'ifconfig' utility.])
- fi
- if test "x$ngctl_path" = "xno" ; then
- AC_MSG_ERROR([Could not locate the 'ngctl' utility.])
- fi
- if test "x$vimage_path" = "xno" ; then
- AC_MSG_ERROR([Could not locate the 'vimage' utility.])
- fi
-fi
AC_ARG_WITH([startup],
[AS_HELP_STRING([--with-startup=option],
@@ -306,7 +285,6 @@ AC_MSG_RESULT([using startup option $with_startup])
# Variable substitutions
AM_CONDITIONAL(WANT_GUI, test x$enable_gui = xyes)
AM_CONDITIONAL(WANT_DAEMON, test x$enable_daemon = xyes)
-AM_CONDITIONAL(WANT_BSD, test x$want_bsd = xyes)
AM_CONDITIONAL(WANT_DOCS, test x$want_docs = xyes)
AM_CONDITIONAL(WANT_PYTHON, test x$want_python = xyes)
AM_CONDITIONAL(WANT_NETNS, test x$want_linux_netns = xyes)
@@ -370,19 +348,15 @@ ${PACKAGE_STRING} Configuration:
Features to build:
Python bindings: ${want_python}
Linux Namespaces emulation: ${want_linux_netns}
- FreeBSD Jails emulation: ${want_bsd}
Documentation: ${want_docs}
------------------------------------------------------------------------"
-if test "x${want_bsd}" = "xyes" ; then
- # TODO: more sophisticated checks of gmake vs make
- echo ">>> NOTE: on FreeBSD you should use 'gmake' instead of 'make'
-------------------------------------------------------------------------"
-fi
+
if test "x${want_linux_netns}" = "xyes" ; then
echo "On this platform you should run core-gui as a normal user.
------------------------------------------------------------------------"
fi
+
if test "x${progs_missing}" != "x" ; then
echo ">>> NOTE: the following programs could not be found:"
echo " $progs_missing
diff --git a/daemon/core/bsd/__init__.py b/daemon/core/bsd/__init__.py
deleted file mode 100644
index e69de29b..00000000
diff --git a/daemon/core/bsd/netgraph.py b/daemon/core/bsd/netgraph.py
deleted file mode 100644
index 59e47238..00000000
--- a/daemon/core/bsd/netgraph.py
+++ /dev/null
@@ -1,89 +0,0 @@
-"""
-netgraph.py: Netgraph helper functions; for now these are wrappers around
-ngctl commands.
-"""
-
-import subprocess
-
-from core import constants
-from core.misc import utils
-
-utils.check_executables([constants.NGCTL_BIN])
-
-
-def createngnode(node_type, hookstr, name=None):
- """
- Create a new Netgraph node of type and optionally assign name. The
- hook string hookstr should contain two names. This is a string so
- other commands may be inserted after the two names.
- Return the name and netgraph ID of the new node.
-
- :param node_type: node type to create
- :param hookstr: hook string
- :param name: name
- :return: name and id
- :rtype: tuple
- """
- hook1 = hookstr.split()[0]
- ngcmd = "mkpeer %s %s \n show .%s" % (node_type, hookstr, hook1)
- cmd = [constants.NGCTL_BIN, "-f", "-"]
- cmdid = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
- # err will always be None
- result, err = cmdid.communicate(input=ngcmd)
- status = cmdid.wait()
- if status > 0:
- raise Exception("error creating Netgraph node %s (%s): %s" % (node_type, ngcmd, result))
- results = result.split()
- ngname = results[1]
- ngid = results[5]
- if name:
- subprocess.check_call([constants.NGCTL_BIN, "name", "[0x%s]:" % ngid, name])
- return ngname, ngid
-
-
-def destroyngnode(name):
- """
- Shutdown a Netgraph node having the given name.
-
- :param str name: node name
- :return: nothing
- """
- subprocess.check_call([constants.NGCTL_BIN, "shutdown", "%s:" % name])
-
-
-def connectngnodes(name1, name2, hook1, hook2):
- """
- Connect two hooks of two Netgraph nodes given by their names.
-
- :param str name1: name one
- :param str name2: name two
- :param str hook1: hook one
- :param str hook2: hook two
- :return: nothing
- """
- node1 = "%s:" % name1
- node2 = "%s:" % name2
- subprocess.check_call([constants.NGCTL_BIN, "connect", node1, node2, hook1, hook2])
-
-
-def ngmessage(name, msg):
- """
- Send a Netgraph message to the node named name.
-
- :param str name: node name
- :param list msg: message
- :return: nothing
- """
- cmd = [constants.NGCTL_BIN, "msg", "%s:" % name] + msg
- subprocess.check_call(cmd)
-
-
-def ngloadkernelmodule(name):
- """
- Load a kernel module by invoking kldstat. This is needed for the
- ng_ether module which automatically creates Netgraph nodes when loaded.
-
- :param str name: module name
- :return: nothing
- """
- utils.check_cmd(["kldload", name])
diff --git a/daemon/core/bsd/nodes.py b/daemon/core/bsd/nodes.py
deleted file mode 100644
index fc265ee6..00000000
--- a/daemon/core/bsd/nodes.py
+++ /dev/null
@@ -1,212 +0,0 @@
-"""
-nodes.py: definition of CoreNode classes and other node classes that inherit
-from the CoreNode, implementing specific node types.
-"""
-
-import socket
-import subprocess
-
-from core import constants
-from core import logger
-from core.api import coreapi
-from core.bsd.netgraph import connectngnodes
-from core.bsd.netgraph import ngloadkernelmodule
-from core.bsd.vnet import NetgraphNet
-from core.bsd.vnet import NetgraphPipeNet
-from core.bsd.vnode import JailNode
-from core.enumerations import LinkTlvs
-from core.enumerations import LinkTypes
-from core.enumerations import NodeTypes
-from core.enumerations import RegisterTlvs
-from core.misc import ipaddress
-from core.misc import utils
-
-utils.check_executables([constants.IFCONFIG_BIN])
-
-
-class CoreNode(JailNode):
- apitype = NodeTypes.DEFAULT.value
-
-
-class PtpNet(NetgraphPipeNet):
- def tonodemsg(self, flags):
- """
- Do not generate a Node Message for point-to-point links. They are
- built using a link message instead.
- """
- pass
-
- def tolinkmsgs(self, flags):
- """
- Build CORE API TLVs for a point-to-point link. One Link message
- describes this network.
- """
- tlvdata = ""
- if len(self._netif) != 2:
- return tlvdata
- (if1, if2) = self._netif.items()
- if1 = if1[1]
- if2 = if2[1]
- tlvdata += coreapi.CoreLinkTlv.pack(LinkTlvs.N1_NUMBER.value, if1.node.objid)
- tlvdata += coreapi.CoreLinkTlv.pack(LinkTlvs.N2_NUMBER.value, if2.node.objid)
- delay = if1.getparam("delay")
- bw = if1.getparam("bw")
- loss = if1.getparam("loss")
- duplicate = if1.getparam("duplicate")
- jitter = if1.getparam("jitter")
- if delay is not None:
- tlvdata += coreapi.CoreLinkTlv.pack(LinkTlvs.DELAY.value, delay)
- if bw is not None:
- tlvdata += coreapi.CoreLinkTlv.pack(LinkTlvs.BANDWIDTH.value, bw)
- if loss is not None:
- tlvdata += coreapi.CoreLinkTlv.pack(LinkTlvs.PER.value, str(loss))
- if duplicate is not None:
- tlvdata += coreapi.CoreLinkTlv.pack(LinkTlvs.DUP.value, str(duplicate))
- if jitter is not None:
- tlvdata += coreapi.CoreLinkTlv.pack(LinkTlvs.JITTER.value, jitter)
- tlvdata += coreapi.CoreLinkTlv.pack(LinkTlvs.TYPE.value, self.linktype)
-
- tlvdata += coreapi.CoreLinkTlv.pack(LinkTlvs.INTERFACE1_NUMBER.value, if1.node.getifindex(if1))
- if if1.hwaddr:
- tlvdata += coreapi.CoreLinkTlv.pack(LinkTlvs.INTERFACE1_MAC.value, if1.hwaddr)
- for addr in if1.addrlist:
- ip, sep, mask = addr.partition("/")
- mask = int(mask)
- if ipaddress.is_ipv4_address(ip):
- family = socket.AF_INET
- tlvtypeip = LinkTlvs.INTERFACE1_IP4.value
- tlvtypemask = LinkTlvs.INTERFACE1_IP4_MASK
- else:
- family = socket.AF_INET6
- tlvtypeip = LinkTlvs.INTERFACE1_IP6.value
- tlvtypemask = LinkTlvs.INTERFACE1_IP6_MASK.value
- ipl = socket.inet_pton(family, ip)
- tlvdata += coreapi.CoreLinkTlv.pack(tlvtypeip, ipaddress.IpAddress(af=family, address=ipl))
- tlvdata += coreapi.CoreLinkTlv.pack(tlvtypemask, mask)
-
- tlvdata += coreapi.CoreLinkTlv.pack(LinkTlvs.INTERFACE2_NUMBER.value, if2.node.getifindex(if2))
- if if2.hwaddr:
- tlvdata += coreapi.CoreLinkTlv.pack(LinkTlvs.INTERFACE2_MAC.value, if2.hwaddr)
- for addr in if2.addrlist:
- ip, sep, mask = addr.partition("/")
- mask = int(mask)
- if ipaddress.is_ipv4_address(ip):
- family = socket.AF_INET
- tlvtypeip = LinkTlvs.INTERFACE2_IP4.value
- tlvtypemask = LinkTlvs.INTERFACE2_IP4_MASK
- else:
- family = socket.AF_INET6
- tlvtypeip = LinkTlvs.INTERFACE2_IP6.value
- tlvtypemask = LinkTlvs.INTERFACE2_IP6_MASK.value
- ipl = socket.inet_pton(family, ip)
- tlvdata += coreapi.CoreLinkTlv.pack(tlvtypeip, ipaddress.IpAddress(af=family, address=ipl))
- tlvdata += coreapi.CoreLinkTlv.pack(tlvtypemask, mask)
-
- msg = coreapi.CoreLinkMessage.pack(flags, tlvdata)
- return [msg, ]
-
-
-class SwitchNode(NetgraphNet):
- ngtype = "bridge"
- nghooks = "link0 link0\nmsg .link0 setpersistent"
- apitype = NodeTypes.SWITCH.value
- policy = "ACCEPT"
-
-
-class HubNode(NetgraphNet):
- ngtype = "hub"
- nghooks = "link0 link0\nmsg .link0 setpersistent"
- apitype = NodeTypes.HUB.value
- policy = "ACCEPT"
-
-
-class WlanNode(NetgraphNet):
- ngtype = "wlan"
- nghooks = "anchor anchor"
- apitype = NodeTypes.WIRELESS_LAN.value
- linktype = LinkTypes.WIRELESS.value
- policy = "DROP"
-
- def __init__(self, session, objid=None, name=None, start=True, policy=None):
- NetgraphNet.__init__(self, session, objid, name, start, policy)
- # wireless model such as basic range
- self.model = None
- # mobility model such as scripted
- self.mobility = None
-
- def attach(self, netif):
- NetgraphNet.attach(self, netif)
- if self.model:
- netif.poshook = self.model.position_callback
- if netif.node is None:
- return
- x, y, z = netif.node.position.get()
- netif.poshook(netif, x, y, z)
-
- def setmodel(self, model, config):
- """
- Mobility and wireless model.
-
- :param core.mobility.WirelessModel.cls model: model to set
- :param dict config: configuration for model
- :return:
- """
- logger.info("adding model %s" % model.name)
- if model.config_type == RegisterTlvs.WIRELESS.value:
- self.model = model(session=self.session, objid=self.objid, values=config)
- if self.model.position_callback:
- for netif in self.netifs():
- netif.poshook = self.model.position_callback
- if netif.node is not None:
- x, y, z = netif.node.position.get()
- netif.poshook(netif, x, y, z)
- self.model.setlinkparams()
- elif model.config_type == RegisterTlvs.MOBILITY.value:
- self.mobility = model(session=self.session, objid=self.objid, values=config)
-
-
-class RJ45Node(NetgraphPipeNet):
- apitype = NodeTypes.RJ45.value
- policy = "ACCEPT"
-
- def __init__(self, session, objid, name, start=True):
- if start:
- ngloadkernelmodule("ng_ether")
- NetgraphPipeNet.__init__(self, session, objid, name, start)
- if start:
- self.setpromisc(True)
-
- def shutdown(self):
- self.setpromisc(False)
- NetgraphPipeNet.shutdown(self)
-
- def setpromisc(self, promisc):
- p = "promisc"
- if not promisc:
- p = "-" + p
- subprocess.check_call([constants.IFCONFIG_BIN, self.name, "up", p])
-
- def attach(self, netif):
- if len(self._netif) > 0:
- raise ValueError("RJ45 networks support at most 1 network interface")
- NetgraphPipeNet.attach(self, netif)
- connectngnodes(self.ngname, self.name, self.gethook(), "lower")
-
-
-class TunnelNode(NetgraphNet):
- ngtype = "pipe"
- nghooks = "upper lower"
- apitype = NodeTypes.TUNNEL.value
- policy = "ACCEPT"
-
-
-BSD_NODES = {
- NodeTypes.DEFAULT: CoreNode,
- NodeTypes.SWITCH: SwitchNode,
- NodeTypes.HUB: HubNode,
- NodeTypes.WIRELESS_LAN: WlanNode,
- NodeTypes.RJ45: RJ45Node,
- NodeTypes.TUNNEL: TunnelNode,
- NodeTypes.PEER_TO_PEER: PtpNet,
- NodeTypes.CONTROL_NET: None
-}
diff --git a/daemon/core/bsd/vnet.py b/daemon/core/bsd/vnet.py
deleted file mode 100644
index 5142cd7c..00000000
--- a/daemon/core/bsd/vnet.py
+++ /dev/null
@@ -1,206 +0,0 @@
-"""
-vnet.py: NetgraphNet and NetgraphPipeNet classes that implement virtual networks
-using the FreeBSD Netgraph subsystem.
-"""
-
-from core import logger
-from core.bsd.netgraph import connectngnodes
-from core.bsd.netgraph import createngnode
-from core.bsd.netgraph import destroyngnode
-from core.bsd.netgraph import ngmessage
-from core.coreobj import PyCoreNet
-
-
-class NetgraphNet(PyCoreNet):
- ngtype = None
- nghooks = ()
-
- def __init__(self, session, objid=None, name=None, start=True, policy=None):
- PyCoreNet.__init__(self, session, objid, name)
- if name is None:
- name = str(self.objid)
- if policy is not None:
- self.policy = policy
- self.name = name
- self.ngname = "n_%s_%s" % (str(self.objid), self.session.session_id)
- self.ngid = None
- self._netif = {}
- self._linked = {}
- self.up = False
- if start:
- self.startup()
-
- def startup(self):
- tmp, self.ngid = createngnode(node_type=self.ngtype, hookstr=self.nghooks, name=self.ngname)
- self.up = True
-
- def shutdown(self):
- if not self.up:
- return
- self.up = False
- while self._netif:
- k, netif = self._netif.popitem()
- if netif.pipe:
- pipe = netif.pipe
- netif.pipe = None
- pipe.shutdown()
- else:
- netif.shutdown()
- self._netif.clear()
- self._linked.clear()
- del self.session
- destroyngnode(self.ngname)
-
- def attach(self, netif):
- """
- Attach an interface to this netgraph node. Create a pipe between
- the interface and the hub/switch/wlan node.
- (Note that the PtpNet subclass overrides this method.)
- """
- if self.up:
- pipe = self.session.addobj(cls=NetgraphPipeNet, start=True)
- pipe.attach(netif)
- hook = "link%d" % len(self._netif)
- pipe.attachnet(self, hook)
- PyCoreNet.attach(self, netif)
-
- def detach(self, netif):
- PyCoreNet.detach(self, netif)
-
- def linked(self, netif1, netif2):
- # check if the network interfaces are attached to this network
- if self._netif[netif1] != netif1:
- raise ValueError("inconsistency for netif %s" % netif1.name)
- if self._netif[netif2] != netif2:
- raise ValueError("inconsistency for netif %s" % netif2.name)
-
- try:
- linked = self._linked[netif1][netif2]
- except KeyError:
- linked = False
- self._linked[netif1][netif2] = linked
-
- return linked
-
- def unlink(self, netif1, netif2):
- if not self.linked(netif1, netif2):
- return
- msg = ["unlink", "{", "node1=0x%s" % netif1.pipe.ngid]
- msg += ["node2=0x%s" % netif2.pipe.ngid, "}"]
- ngmessage(self.ngname, msg)
- self._linked[netif1][netif2] = False
-
- def link(self, netif1, netif2):
- if self.linked(netif1, netif2):
- return
- msg = ["link", "{", "node1=0x%s" % netif1.pipe.ngid]
- msg += ["node2=0x%s" % netif2.pipe.ngid, "}"]
- ngmessage(self.ngname, msg)
- self._linked[netif1][netif2] = True
-
- def linknet(self, net):
- """
- Link this bridge with another by creating a veth pair and installing
- each device into each bridge.
- """
- raise NotImplementedError
-
- def linkconfig(self, netif, bw=None, delay=None,
- loss=None, duplicate=None, jitter=None, netif2=None):
- """
- Set link effects by modifying the pipe connected to an interface.
- """
- if not netif.pipe:
- logger.warn("linkconfig for %s but interface %s has no pipe", self.name, netif.name)
- return
- return netif.pipe.linkconfig(netif, bw, delay, loss, duplicate, jitter, netif2)
-
-
-class NetgraphPipeNet(NetgraphNet):
- ngtype = "pipe"
- nghooks = "upper lower"
-
- def __init__(self, session, objid=None, name=None, start=True, policy=None):
- NetgraphNet.__init__(self, session, objid, name, start, policy)
- if start:
- # account for Ethernet header
- ngmessage(self.ngname, ["setcfg", "{", "header_offset=14", "}"])
-
- def attach(self, netif):
- """
- Attach an interface to this pipe node.
- The first interface is connected to the "upper" hook, the second
- connected to the "lower" hook.
- """
- if len(self._netif) > 1:
- raise ValueError("Netgraph pipes support at most 2 network interfaces")
- if self.up:
- hook = self.gethook()
- connectngnodes(self.ngname, netif.localname, hook, netif.hook)
- if netif.pipe:
- raise ValueError("Interface %s already attached to pipe %s" % (netif.name, netif.pipe.name))
- netif.pipe = self
- self._netif[netif] = netif
- self._linked[netif] = {}
-
- def attachnet(self, net, hook):
- """
- Attach another NetgraphNet to this pipe node.
- """
- localhook = self.gethook()
- connectngnodes(self.ngname, net.ngname, localhook, hook)
-
- def gethook(self):
- """
- Returns the first hook (e.g. "upper") then the second hook
- (e.g. "lower") based on the number of connections.
- """
- hooks = self.nghooks.split()
- if len(self._netif) == 0:
- return hooks[0]
- else:
- return hooks[1]
-
- def linkconfig(self, netif, bw=None, delay=None,
- loss=None, duplicate=None, jitter=None, netif2=None):
- """
- Set link effects by sending a Netgraph setcfg message to the pipe.
- """
- netif.setparam("bw", bw)
- netif.setparam("delay", delay)
- netif.setparam("loss", loss)
- netif.setparam("duplicate", duplicate)
- netif.setparam("jitter", jitter)
- if not self.up:
- return
- params = []
- upstream = []
- downstream = []
- if bw is not None:
- if str(bw) == "0":
- bw = "-1"
- params += ["bandwidth=%s" % bw, ]
- if delay is not None:
- if str(delay) == "0":
- delay = "-1"
- params += ["delay=%s" % delay, ]
- if loss is not None:
- if str(loss) == "0":
- loss = "-1"
- upstream += ["BER=%s" % loss, ]
- downstream += ["BER=%s" % loss, ]
- if duplicate is not None:
- if str(duplicate) == "0":
- duplicate = "-1"
- upstream += ["duplicate=%s" % duplicate, ]
- downstream += ["duplicate=%s" % duplicate, ]
- if jitter:
- logger.warn("jitter parameter ignored for link %s", self.name)
- if len(params) > 0 or len(upstream) > 0 or len(downstream) > 0:
- setcfg = ["setcfg", "{", ] + params
- if len(upstream) > 0:
- setcfg += ["upstream={", ] + upstream + ["}", ]
- if len(downstream) > 0:
- setcfg += ["downstream={", ] + downstream + ["}", ]
- setcfg += ["}", ]
- ngmessage(self.ngname, setcfg)
diff --git a/daemon/core/bsd/vnode.py b/daemon/core/bsd/vnode.py
deleted file mode 100644
index f4846d1c..00000000
--- a/daemon/core/bsd/vnode.py
+++ /dev/null
@@ -1,386 +0,0 @@
-"""
-vnode.py: SimpleJailNode and JailNode classes that implement the FreeBSD
-jail-based virtual node.
-"""
-
-import os
-import subprocess
-import threading
-
-from core import constants
-from core import logger
-from core.bsd.netgraph import createngnode
-from core.bsd.netgraph import destroyngnode
-from core.coreobj import PyCoreNetIf
-from core.coreobj import PyCoreNode
-from core.misc import utils
-
-utils.check_executables([constants.IFCONFIG_BIN, constants.VIMAGE_BIN])
-
-
-class VEth(PyCoreNetIf):
- def __init__(self, node, name, localname, mtu=1500, net=None,
- start=True):
- PyCoreNetIf.__init__(self, node=node, name=name, mtu=mtu)
- # name is the device name (e.g. ngeth0, ngeth1, etc.) before it is
- # installed in a node; the Netgraph name is renamed to localname
- # e.g. before install: name = ngeth0 localname = n0_0_123
- # after install: name = eth0 localname = n0_0_123
- self.localname = localname
- self.ngid = None
- self.net = None
- self.pipe = None
- self.addrlist = []
- self.hwaddr = None
- self.up = False
- self.hook = "ether"
- if start:
- self.startup()
-
- def startup(self):
- hookstr = "%s %s" % (self.hook, self.hook)
- ngname, ngid = createngnode(node_type="eiface", hookstr=hookstr, name=self.localname)
- self.name = ngname
- self.ngid = ngid
- subprocess.check_call([constants.IFCONFIG_BIN, ngname, "up"])
- self.up = True
-
- def shutdown(self):
- if not self.up:
- return
- destroyngnode(self.localname)
- self.up = False
-
- def attachnet(self, net):
- if self.net:
- self.detachnet()
- self.net = None
- net.attach(self)
- self.net = net
-
- def detachnet(self):
- if self.net is not None:
- self.net.detach(self)
-
- def addaddr(self, addr):
- self.addrlist.append(addr)
-
- def deladdr(self, addr):
- self.addrlist.remove(addr)
-
- def sethwaddr(self, addr):
- self.hwaddr = addr
-
-
-class TunTap(PyCoreNetIf):
- """
- TUN/TAP virtual device in TAP mode
- """
-
- def __init__(self, node, name, localname, mtu=None, net=None, start=True):
- raise NotImplementedError
-
-
-class SimpleJailNode(PyCoreNode):
- def __init__(self, session, objid=None, name=None, nodedir=None):
- PyCoreNode.__init__(self, session, objid, name)
- self.nodedir = nodedir
- self.pid = None
- self.up = False
- self.lock = threading.RLock()
- self._mounts = []
-
- def startup(self):
- if self.up:
- raise Exception("already up")
- vimg = [constants.VIMAGE_BIN, "-c", self.name]
- try:
- os.spawnlp(os.P_WAIT, constants.VIMAGE_BIN, *vimg)
- except OSError:
- raise Exception("vimage command not found while running: %s" % vimg)
- logger.info("bringing up loopback interface")
- self.cmd([constants.IFCONFIG_BIN, "lo0", "127.0.0.1"])
- logger.info("setting hostname: %s", self.name)
- self.cmd(["hostname", self.name])
- self.cmd([constants.SYSCTL_BIN, "vfs.morphing_symlinks=1"])
- self.up = True
-
- def shutdown(self):
- if not self.up:
- return
- for netif in self.netifs():
- netif.shutdown()
- self._netif.clear()
- del self.session
- vimg = [constants.VIMAGE_BIN, "-d", self.name]
- try:
- os.spawnlp(os.P_WAIT, constants.VIMAGE_BIN, *vimg)
- except OSError:
- raise Exception("vimage command not found while running: %s" % vimg)
- self.up = False
-
- def cmd(self, args, wait=True):
- if wait:
- mode = os.P_WAIT
- else:
- mode = os.P_NOWAIT
- tmp = subprocess.call([constants.VIMAGE_BIN, self.name] + args, cwd=self.nodedir)
- if not wait:
- tmp = None
- if tmp:
- logger.warn("cmd exited with status %s: %s", tmp, str(args))
- return tmp
-
- def cmdresult(self, args, wait=True):
- cmdid, cmdin, cmdout, cmderr = self.popen(args)
- result = cmdout.read()
- result += cmderr.read()
- cmdin.close()
- cmdout.close()
- cmderr.close()
- if wait:
- status = cmdid.wait()
- else:
- status = 0
- return status, result
-
- def popen(self, args):
- cmd = [constants.VIMAGE_BIN, self.name]
- cmd.extend(args)
- tmp = subprocess.Popen(cmd, stdin=subprocess.PIPE,
- stdout=subprocess.PIPE,
- stderr=subprocess.PIPE, cwd=self.nodedir)
- return tmp, tmp.stdin, tmp.stdout, tmp.stderr
-
- def icmd(self, args):
- return os.spawnlp(os.P_WAIT, constants.VIMAGE_BIN, constants.VIMAGE_BIN, self.name, *args)
-
- def term(self, sh="/bin/sh"):
- return os.spawnlp(os.P_WAIT, "xterm", "xterm", "-ut",
- "-title", self.name, "-e", constants.VIMAGE_BIN, self.name, sh)
-
- def termcmdstring(self, sh="/bin/sh"):
- """
- We add "sudo" to the command string because the GUI runs as a
- normal user.
- """
- return "cd %s && sudo %s %s %s" % (self.nodedir, constants.VIMAGE_BIN, self.name, sh)
-
- def shcmd(self, cmdstr, sh="/bin/sh"):
- return self.cmd([sh, "-c", cmdstr])
-
- def boot(self):
- pass
-
- def mount(self, source, target):
- source = os.path.abspath(source)
- logger.info("mounting %s at %s", source, target)
- self.addsymlink(path=target, file=None)
-
- def umount(self, target):
- logger.info("unmounting %s", target)
-
- def newveth(self, ifindex=None, ifname=None, net=None):
- self.lock.acquire()
- try:
- if ifindex is None:
- ifindex = self.newifindex()
- if ifname is None:
- ifname = "eth%d" % ifindex
- sessionid = self.session.short_session_id()
- name = "n%s_%s_%s" % (self.objid, ifindex, sessionid)
- localname = name
- ifclass = VEth
- veth = ifclass(node=self, name=name, localname=localname,
- mtu=1500, net=net, start=self.up)
- if self.up:
- # install into jail
- subprocess.check_call([constants.IFCONFIG_BIN, veth.name, "vnet", self.name])
-
- # rename from "ngeth0" to "eth0"
- self.cmd([constants.IFCONFIG_BIN, veth.name, "name", ifname])
-
- veth.name = ifname
- try:
- self.addnetif(veth, ifindex)
- except:
- veth.shutdown()
- del veth
- raise
- return ifindex
- finally:
- self.lock.release()
-
- def sethwaddr(self, ifindex, addr):
- self._netif[ifindex].sethwaddr(addr)
- if self.up:
- self.cmd([constants.IFCONFIG_BIN, self.ifname(ifindex), "link", str(addr)])
-
- def addaddr(self, ifindex, addr):
- if self.up:
- if ":" in addr:
- family = "inet6"
- else:
- family = "inet"
- self.cmd([constants.IFCONFIG_BIN, self.ifname(ifindex), family, "alias", str(addr)])
- self._netif[ifindex].addaddr(addr)
-
- def deladdr(self, ifindex, addr):
- try:
- self._netif[ifindex].deladdr(addr)
- except ValueError:
- logger.warn("trying to delete unknown address: %s", addr)
- if self.up:
- if ":" in addr:
- family = "inet6"
- else:
- family = "inet"
- self.cmd([constants.IFCONFIG_BIN, self.ifname(ifindex), family, "-alias",
- str(addr)])
-
- valid_deladdrtype = ("inet", "inet6", "inet6link")
-
- def delalladdr(self, ifindex, addrtypes=valid_deladdrtype):
- addr = self.getaddr(self.ifname(ifindex), rescan=True)
- for t in addrtypes:
- if t not in self.valid_deladdrtype:
- raise ValueError("addr type must be in: " + " ".join(self.valid_deladdrtype))
- for a in addr[t]:
- self.deladdr(ifindex, a)
- # update cached information
- self.getaddr(self.ifname(ifindex), rescan=True)
-
- def ifup(self, ifindex):
- if self.up:
- self.cmd([constants.IFCONFIG_BIN, self.ifname(ifindex), "up"])
-
- def newnetif(self, net=None, addrlist=[], hwaddr=None,
- ifindex=None, ifname=None):
- self.lock.acquire()
- try:
- ifindex = self.newveth(ifindex=ifindex, ifname=ifname, net=net)
- if net is not None:
- self.attachnet(ifindex, net)
- if hwaddr:
- self.sethwaddr(ifindex, hwaddr)
- for addr in utils.make_tuple(addrlist):
- self.addaddr(ifindex, addr)
- self.ifup(ifindex)
- return ifindex
- finally:
- self.lock.release()
-
- def attachnet(self, ifindex, net):
- self._netif[ifindex].attachnet(net)
-
- def detachnet(self, ifindex):
- self._netif[ifindex].detachnet()
-
- def addfile(self, srcname, filename):
- shcmd = 'mkdir -p $(dirname "%s") && mv "%s" "%s" && sync' % (filename, srcname, filename)
- self.shcmd(shcmd)
-
- def getaddr(self, ifname, rescan=False):
- return None
-
- def addsymlink(self, path, file):
- """
- Create a symbolic link from /path/name/file ->
- /tmp/pycore.nnnnn/@.conf/path.name/file
- """
- dirname = path
- if dirname and dirname[0] == "/":
- dirname = dirname[1:]
- dirname = dirname.replace("/", ".")
- if file:
- pathname = os.path.join(path, file)
- sym = os.path.join(self.session.session_dir, "@.conf", dirname, file)
- else:
- pathname = path
- sym = os.path.join(self.session.session_dir, "@.conf", dirname)
-
- if os.path.islink(pathname):
- if os.readlink(pathname) == sym:
- # this link already exists - silently return
- return
- os.unlink(pathname)
- else:
- if os.path.exists(pathname):
- logger.warn("did not create symlink for %s since path exists on host", pathname)
- return
- logger.info("creating symlink %s -> %s", pathname, sym)
- os.symlink(sym, pathname)
-
-
-class JailNode(SimpleJailNode):
- def __init__(self, session, objid=None, name=None, nodedir=None, bootsh="boot.sh", start=True):
- super(JailNode, self).__init__(session=session, objid=objid, name=name, nodedir=nodedir)
- self.bootsh = bootsh
- if not start:
- return
- # below here is considered node startup/instantiation code
- self.makenodedir()
- self.startup()
-
- def boot(self):
- self.session.services.bootnodeservices(self)
-
- def validate(self):
- self.session.services.validatenodeservices(self)
-
- def startup(self):
- self.lock.acquire()
- try:
- super(JailNode, self).startup()
- # self.privatedir("/var/run")
- # self.privatedir("/var/log")
- finally:
- self.lock.release()
-
- def shutdown(self):
- if not self.up:
- return
- self.lock.acquire()
- # services are instead stopped when session enters datacollect state
- # self.session.services.stopnodeservices(self)
- try:
- super(JailNode, self).shutdown()
- finally:
- self.rmnodedir()
- self.lock.release()
-
- def privatedir(self, path):
- if path[0] != "/":
- raise ValueError, "path not fully qualified: " + path
- hostpath = os.path.join(
- self.nodedir,
- os.path.normpath(path).strip("/").replace("/", ".")
- )
- try:
- os.mkdir(hostpath)
- except OSError:
- pass
- except Exception, e:
- raise Exception, e
- self.mount(hostpath, path)
-
- def opennodefile(self, filename, mode="w"):
- dirname, basename = os.path.split(filename)
- # self.addsymlink(path=dirname, file=basename)
- if not basename:
- raise ValueError("no basename for filename: %s" % filename)
- if dirname and dirname[0] == "/":
- dirname = dirname[1:]
- dirname = dirname.replace("/", ".")
- dirname = os.path.join(self.nodedir, dirname)
- if not os.path.isdir(dirname):
- os.makedirs(dirname, mode=0755)
- hostfilename = os.path.join(dirname, basename)
- return open(hostfilename, mode)
-
- def nodefile(self, filename, contents, mode=0644):
- f = self.opennodefile(filename, "w")
- f.write(contents)
- os.chmod(f.name, mode)
- f.close()
- logger.info("created nodefile: %s; mode: 0%o", f.name, mode)
diff --git a/daemon/core/service.py b/daemon/core/service.py
index c45cadf3..7956a573 100644
--- a/daemon/core/service.py
+++ b/daemon/core/service.py
@@ -87,9 +87,7 @@ class CoreServices(ConfigurableManager):
name = "services"
config_type = RegisterTlvs.UTILITY.value
- _invalid_custom_names = (
- 'core', 'api', 'bsd', 'emane', 'misc', 'netns', 'phys', 'services', 'xen'
- )
+ _invalid_custom_names = ('core', 'api', 'emane', 'misc', 'netns', 'phys', 'services', 'xen')
def __init__(self, session):
"""
@@ -763,7 +761,7 @@ class CoreServices(ConfigurableManager):
cfg = self.getservicefiledata(s, filename)
if cfg is None:
cfg = s.generateconfig(node, filename, services)
-
+
node.nodefile(filename, cfg)
fail_data = ""
diff --git a/daemon/core/services/nrl.py b/daemon/core/services/nrl.py
index a506f2d0..a2afbfba 100644
--- a/daemon/core/services/nrl.py
+++ b/daemon/core/services/nrl.py
@@ -298,8 +298,7 @@ class OlsrOrg(NrlService):
#######################################
### Linux specific OLSRd extensions ###
#######################################
-# these parameters are only working on linux at the moment, but might become
-# useful on BSD in the future
+# these parameters are only working on linux at the moment
# SrcIpRoutes tells OLSRd to set the Src flag of host routes to the originator-ip
# of the node. In addition to this an additional localhost device is created
@@ -516,7 +515,7 @@ LinkQualityFishEye 0
# - /lib, followed by /usr/lib
#
# the examples in this list are for linux, so check if the plugin is
-# available if you use windows/BSD.
+# available if you use windows.
# each plugin should have a README file in it's lib subfolder
# LoadPlugin "olsrd_txtinfo.dll"
diff --git a/daemon/core/services/utility.py b/daemon/core/services/utility.py
index 6049c9a5..c0d3a931 100644
--- a/daemon/core/services/utility.py
+++ b/daemon/core/services/utility.py
@@ -40,10 +40,8 @@ class IPForwardService(UtilService):
def generateconfig(cls, node, filename, services):
if os.uname()[0] == "Linux":
return cls.generateconfiglinux(node, filename, services)
- elif os.uname()[0] == "FreeBSD":
- return cls.generateconfigbsd(node, filename, services)
else:
- raise Exception, "unknown platform"
+ raise Exception("unknown platform")
@classmethod
def generateconfiglinux(cls, node, filename, services):
@@ -67,17 +65,6 @@ class IPForwardService(UtilService):
cfg += "%s -w net.ipv4.conf.%s.rp_filter=0\n" % (constants.SYSCTL_BIN, name)
return cfg
- @classmethod
- def generateconfigbsd(cls, node, filename, services):
- return """\
-#!/bin/sh
-# auto-generated by IPForward service (utility.py)
-%s -w net.inet.ip.forwarding=1
-%s -w net.inet6.ip6.forwarding=1
-%s -w net.inet.icmp.bmcastecho=1
-%s -w net.inet.icmp.icmplim=0
-""" % (constants.SYSCTL_BIN, constants.SYSCTL_BIN, constants.SYSCTL_BIN, constants.SYSCTL_BIN)
-
class DefaultRouteService(UtilService):
_name = "DefaultRoute"
@@ -108,10 +95,8 @@ class DefaultRouteService(UtilService):
else:
if os.uname()[0] == "Linux":
rtcmd = "ip route add default via"
- elif os.uname()[0] == "FreeBSD":
- rtcmd = "route add -%s" % fam
else:
- raise Exception, "unknown platform"
+ raise Exception("unknown platform")
return "%s %s" % (rtcmd, net.min_addr())
@@ -132,10 +117,8 @@ class DefaultMulticastRouteService(UtilService):
continue
if os.uname()[0] == "Linux":
rtcmd = "ip route add 224.0.0.0/4 dev"
- elif os.uname()[0] == "FreeBSD":
- rtcmd = "route add 224.0.0.0/4 -iface"
else:
- raise Exception, "unknown platform"
+ raise Exception("unknown platform")
cfg += "%s %s\n" % (rtcmd, ifc.name)
cfg += "\n"
break
@@ -176,21 +159,15 @@ class StaticRouteService(UtilService):
else:
if os.uname()[0] == "Linux":
rtcmd = "#/sbin/ip route add %s via" % dst
- elif os.uname()[0] == "FreeBSD":
- rtcmd = "#/sbin/route add -%s %s" % (fam, dst)
else:
- raise Exception, "unknown platform"
+ raise Exception("unknown platform")
return "%s %s" % (rtcmd, net.min_addr())
class SshService(UtilService):
_name = "SSH"
- if os.uname()[0] == "FreeBSD":
- _configs = ("startsshd.sh", "sshd_config",)
- _dirs = ()
- else:
- _configs = ("startsshd.sh", "/etc/ssh/sshd_config",)
- _dirs = ("/etc/ssh", "/var/run/sshd",)
+ _configs = ("startsshd.sh", "/etc/ssh/sshd_config",)
+ _dirs = ("/etc/ssh", "/var/run/sshd",)
_startup = ("sh startsshd.sh",)
_shutdown = ("killall sshd",)
_validate = ()
@@ -201,14 +178,9 @@ class SshService(UtilService):
Use a startup script for launching sshd in order to wait for host
key generation.
"""
- if os.uname()[0] == "FreeBSD":
- sshcfgdir = node.nodedir
- sshstatedir = node.nodedir
- sshlibdir = "/usr/libexec"
- else:
- sshcfgdir = cls._dirs[0]
- sshstatedir = cls._dirs[1]
- sshlibdir = "/usr/lib/openssh"
+ sshcfgdir = cls._dirs[0]
+ sshstatedir = cls._dirs[1]
+ sshlibdir = "/usr/lib/openssh"
if filename == "startsshd.sh":
return """\
#!/bin/sh
diff --git a/daemon/core/session.py b/daemon/core/session.py
index 342adc66..080db896 100644
--- a/daemon/core/session.py
+++ b/daemon/core/session.py
@@ -933,7 +933,7 @@ class Session(object):
"""
with self._objects_lock:
for obj in self.objects.itervalues():
- # TODO: PyCoreNode is not the type to check, but there are two types, due to bsd and netns
+ # TODO: PyCoreNode is not the type to check
if isinstance(obj, nodes.PyCoreNode) and not nodeutils.is_node(obj, NodeTypes.RJ45):
# add a control interface if configured
logger.info("booting node: %s - %s", obj.objid, obj.name)
diff --git a/daemon/sbin/core-daemon b/daemon/sbin/core-daemon
index d8e0a6e0..edee959b 100755
--- a/daemon/sbin/core-daemon
+++ b/daemon/sbin/core-daemon
@@ -319,12 +319,6 @@ if __name__ == "__main__":
nodeutils.update_node_map(OVS_NODES)
- # update with BSD based nodes
- if os.uname()[0] == "FreeBSD":
- from core.bsd.nodes import BSD_NODES
-
- nodeutils.update_node_map(BSD_NODES)
-
# load default services
services.load()
diff --git a/doc/constants.txt b/doc/constants.txt
index eaf63e5a..fea150c4 100644
--- a/doc/constants.txt
+++ b/doc/constants.txt
@@ -4,15 +4,13 @@
.. |CENTOSVERSION| replace:: 6.x or 7.x
-.. |BSDVERSION| replace:: 9.0
-
.. |CORERPM| replace:: 1.fc20.x86_64.rpm
.. |CORERPM2| replace:: 1.fc20.noarch.rpm
.. |COREDEB| replace:: 0ubuntu1_precise_amd64.deb
.. |COREDEB2| replace:: 0ubuntu1_precise_all.deb
.. |QVER| replace:: quagga-0.99.21mr2.2
-.. |QVERDEB| replace:: quagga-mr_0.99.21mr2.2_amd64.deb
+.. |QVERDEB| replace:: quagga-mr_0.99.21mr2.2_amd64.deb
.. |QVERRPM| replace:: quagga-0.99.21mr2.2-1.fc16.x86_64.rpm
.. |APTDEPS| replace:: bash bridge-utils ebtables iproute libev-dev python
@@ -20,6 +18,6 @@
.. |APTDEPS3| replace:: autoconf automake gcc libev-dev make python-dev libreadline-dev pkg-config imagemagick help2man
.. |YUMDEPS| replace:: bash bridge-utils ebtables iproute libev python procps-ng net-tools
-.. |YUMDEPS2| replace:: tcl tk tkimg
+.. |YUMDEPS2| replace:: tcl tk tkimg
.. |YUMDEPS3| replace:: autoconf automake make libev-devel python-devel ImageMagick help2man
diff --git a/doc/devguide.rst b/doc/devguide.rst
index a449ffd0..9b703cca 100644
--- a/doc/devguide.rst
+++ b/doc/devguide.rst
@@ -39,10 +39,6 @@ These are being actively developed as of CORE |version|:
* *doc* - Documentation for the manual lives here in reStructuredText format.
* *packaging* - Control files and script for building CORE packages are here.
-These directories are not so actively developed:
-
-* *kernel* - patches and modules mostly related to FreeBSD.
-
.. _The_CORE_API:
The CORE API
@@ -59,8 +55,7 @@ The GUI communicates with the CORE daemon using the API. One emulation server
communicates with another using the API. The API also allows other systems to
interact with the CORE emulation. The API allows another system to add, remove,
or modify nodes and links, and enables executing commands on the emulated
-systems. On FreeBSD, the API is used for enhancing the wireless LAN
-calculations. Wireless link parameters are updated on-the-fly based on node
+systems. Wireless link parameters are updated on-the-fly based on node
positions.
CORE listens on a local TCP port for API messages. The other system could be
@@ -88,7 +83,7 @@ The *vnoded* daemon is the program used to create a new namespace, and
listen on a control channel for commands that may instantiate other processes.
This daemon runs as PID 1 in the container. It is launched automatically by
the CORE daemon. The control channel is a UNIX domain socket usually named
-:file:`/tmp/pycore.23098/n3`, for node 3 running on CORE
+:file:`/tmp/pycore.23098/n3`, for node 3 running on CORE
session 23098, for example. Root privileges are required for creating a new
namespace.
@@ -107,13 +102,13 @@ using a command such as:
::
gnome-terminal -e vcmd -c /tmp/pycore.50160/n1 -- bash
-
+
Similarly, the IPv4 routes Observer Widget will run a command to display the routing table using a command such as:
::
vcmd -c /tmp/pycore.50160/n1 -- /sbin/ip -4 ro
-
+
.. index:: core-cleanup
@@ -139,7 +134,7 @@ network namespace emulation.
tc qdisc show
# view the rules that make the wireless LAN work
ebtables -L
-
+
Below is a transcript of creating two emulated nodes and connecting them together with a wired link:
@@ -179,156 +174,8 @@ Below is a transcript of creating two emulated nodes and connecting them togethe
# display connectivity and ping from node 1 to node 2
brctl show
vcmd -c /tmp/n1.ctl -- ping 10.0.0.2
-
+
The above example script can be found as :file:`twonodes.sh` in the
:file:`examples/netns` directory. Use *core-cleanup* to clean up after the
script.
-
-.. _FreeBSD_Commands:
-
-FreeBSD Commands
-================
-
-
-.. index:: vimage
-.. index:: ngctl
-.. index:: Netgraph
-.. _FreeBSD_Kernel_Commands:
-
-FreeBSD Kernel Commands
------------------------
-
-The FreeBSD kernel emulation controlled by CORE is realized through several
-userspace commands. The CORE GUI itself could be thought of as a glorified
-script that dispatches these commands to build and manage the kernel emulation.
-
-
-* **vimage** - the vimage command, short for "virtual image", is used to
- create lightweight virtual machines and execute commands within the virtual
- image context. On a FreeBSD CORE machine, see the *vimage(8)* man page for
- complete details. The vimage command comes from the VirtNet project which
- virtualizes the FreeBSD network stack.
-
-
-* **ngctl** - the ngctl command, short for "netgraph control", creates
- Netgraph nodes and hooks, connects them together, and allows for various
- interactions with the Netgraph nodes. See the *ngctl(8)* man page for
- complete details. The ngctl command is built-in to FreeBSD because the
- Netgraph system is part of the kernel.
-
-Both commands must be run as root.
-Some example usage of the *vimage* command follows below.
-::
-
- vimage # displays the current virtual image
- vimage -l # lists running virtual images
- vimage e0_n0 ps aux # list the processes running on node 0
- for i in 1 2 3 4 5
- do # execute a command on all nodes
- vimage e0_n$i sysctl -w net.inet.ip.redirect=0
- done
-
-
-The *ngctl* command is more complex, due to the variety of Netgraph nodes
-available and each of their options.
-::
-
- ngctl l # list active Netgraph nodes
- ngctl show e0_n8: # display node hook information
- ngctl msg e0_n0-n1: getstats # get pkt count statistics from a pipe node
- ngctl shutdown \\[0x0da3\\]: # shut down unnamed node using hex node ID
-
-
-There are many other combinations of commands not shown here. See the online
-manual (man) pages for complete details.
-
-Below is a transcript of creating two emulated nodes, `router0` and `router1`,
-and connecting them together with a link:
-
-.. index:: create nodes from command-line
-
-.. index:: command-line
-
-::
-
- # create node 0
- vimage -c e0_n0
- vimage e0_n0 hostname router0
- ngctl mkpeer eiface ether ether
- vimage -i e0_n0 ngeth0 eth0
- vimage e0_n0 ifconfig eth0 link 40:00:aa:aa:00:00
- vimage e0_n0 ifconfig lo0 inet localhost
- vimage e0_n0 sysctl net.inet.ip.forwarding=1
- vimage e0_n0 sysctl net.inet6.ip6.forwarding=1
- vimage e0_n0 ifconfig eth0 mtu 1500
-
- # create node 1
- vimage -c e0_n1
- vimage e0_n1 hostname router1
- ngctl mkpeer eiface ether ether
- vimage -i e0_n1 ngeth1 eth0
- vimage e0_n1 ifconfig eth0 link 40:00:aa:aa:0:1
- vimage e0_n1 ifconfig lo0 inet localhost
- vimage e0_n1 sysctl net.inet.ip.forwarding=1
- vimage e0_n1 sysctl net.inet6.ip6.forwarding=1
- vimage e0_n1 ifconfig eth0 mtu 1500
-
- # create a link between n0 and n1
- ngctl mkpeer eth0@e0_n0: pipe ether upper
- ngctl name eth0@e0_n0:ether e0_n0-n1
- ngctl connect e0_n0-n1: eth0@e0_n1: lower ether
- ngctl msg e0_n0-n1: setcfg \\
- {{ bandwidth=100000000 delay=0 upstream={ BER=0 dupl
- icate=0 } downstream={ BER=0 duplicate=0 } }}
- ngctl msg e0_n0-n1: setcfg {{ downstream={ fifo=1 } }}
- ngctl msg e0_n0-n1: setcfg {{ downstream={ droptail=1 } }}
- ngctl msg e0_n0-n1: setcfg {{ downstream={ queuelen=50 } }}
- ngctl msg e0_n0-n1: setcfg {{ upstream={ fifo=1 } }}
- ngctl msg e0_n0-n1: setcfg {{ upstream={ droptail=1 } }}
- ngctl msg e0_n0-n1: setcfg {{ upstream={ queuelen=50 } }}
-
-
-Other FreeBSD commands that may be of interest:
-.. index:: FreeBSD commands
-
-* **kldstat**, **kldload**, **kldunload** - list, load, and unload
- FreeBSD kernel modules
-* **sysctl** - display and modify various pieces of kernel state
-* **pkg_info**, **pkg_add**, **pkg_delete** - list, add, or remove
- FreeBSD software packages.
-* **vtysh** - start a Quagga CLI for router configuration
-
-Netgraph Nodes
---------------
-
-.. index:: Netgraph
-
-.. index:: Netgraph nodes
-
-Each Netgraph node implements a protocol or processes data in some well-defined
-manner (see the `netgraph(4)` man page). The netgraph source code is located
-in `/usr/src/sys/netgraph`. There you might discover additional nodes that
-implement some desired functionality, that have not yet been included in CORE.
-Using certain kernel commands, you can likely include these types of nodes into
-your CORE emulation.
-
-The following Netgraph nodes are used by CORE:
-
-* **ng_bridge** - switch node performs Ethernet bridging
-
-* **ng_cisco** - Cisco HDLC serial links
-
-* **ng_eiface** - virtual Ethernet interface that is assigned to each virtual machine
-
-* **ng_ether** - physical Ethernet devices, used by the RJ45 tool
-
-* **ng_hub** - hub node
-
-* **ng_pipe** - used for wired Ethernet links, imposes packet delay, bandwidth restrictions, and other link characteristics
-
-* **ng_socket** - socket used by *ngctl* utility
-
-* **ng_wlan** - wireless LAN node
-
-
diff --git a/doc/install.rst b/doc/install.rst
index f4b28c39..3a9346c1 100644
--- a/doc/install.rst
+++ b/doc/install.rst
@@ -9,14 +9,14 @@
Installation
************
-This chapter describes how to set up a CORE machine. Note that the easiest
+This chapter describes how to set up a CORE machine. Note that the easiest
way to install CORE is using a binary
package on Ubuntu or Fedora (deb or rpm) using the distribution's package
manager
to automatically install dependencies, see :ref:`Installing_from_Packages`.
Ubuntu and Fedora Linux are the recommended distributions for running CORE. Ubuntu |UBUNTUVERSION| and Fedora |FEDORAVERSION| ship with kernels with support for namespaces built-in. They support the latest hardware. However,
-these distributions are not strictly required. CORE will likely work on other
+these distributions are not strictly required. CORE will likely work on other
flavors of Linux, see :ref:`Installing_from_Source`.
The primary dependencies are Tcl/Tk (8.5 or newer) for the GUI, and Python 2.6 or 2.7 for the CORE daemon.
@@ -50,7 +50,7 @@ Prerequisites
.. index:: Prerequisites
-The Linux or FreeBSD operating system is required. The GUI uses the Tcl/Tk scripting toolkit, and the CORE daemon require Python. Details of the individual software packages required can be found in the installation steps.
+A Linux operating system is required. The GUI uses the Tcl/Tk scripting toolkit, and the CORE daemon requires Python. Details of the individual software packages required can be found in the installation steps.
.. _Required_Hardware:
@@ -61,7 +61,7 @@ Required Hardware
.. index:: System requirements
-Any computer capable of running Linux or FreeBSD should be able to run CORE. Since the physical machine will be hosting numerous virtual machines, as a general rule you should select a machine having as much RAM and CPU resources as possible.
+Any computer capable of running Linux should be able to run CORE. Since the physical machine will be hosting numerous virtual machines, as a general rule you should select a machine having as much RAM and CPU resources as possible.
A *general recommendation* would be:
@@ -70,9 +70,9 @@ A *general recommendation* would be:
* about 3 MB of free disk space (plus more for dependency packages such as Tcl/Tk)
* X11 for the GUI, or remote X11 over SSH
-The computer can be a laptop, desktop, or rack-mount server. A keyboard, mouse,
+The computer can be a laptop, desktop, or rack-mount server. A keyboard, mouse,
and monitor are not required if a network connection is available
-for remotely accessing the machine. A 3D accelerated graphics card
+for remotely accessing the machine. A 3D accelerated graphics card
is not required.
.. _Required_Software:
@@ -80,18 +80,13 @@ is not required.
Required Software
-----------------
-CORE requires the Linux or FreeBSD operating systems because it uses virtualization provided by the kernel. It does not run on the Windows or Mac OS X operating systems (unless it is running within a virtual machine guest.) There are two
-different virtualization technologies that CORE can currently use:
-Linux network namespaces and FreeBSD jails,
+CORE requires a Linux operating systems because it uses virtualization provided by the kernel. It does not run on the Windows or Mac OS X operating systems (unless it is running within a virtual machine guest.)
+The virtualization technology that CORE currently uses:
+Linux network namespaces,
see :ref:`How_Does_it_Work?` for virtualization details.
**Linux network namespaces is the recommended platform.** Development is focused here and it supports the latest features. It is the easiest to install because there is no need to patch, install, and run a special Linux kernel.
-FreeBSD |BSDVERSION|-RELEASE may offer the best scalability. If your
-applications run under FreeBSD and you are comfortable with that platform,
-this may be a good choice. Device and application support by BSD
-may not be as extensive as Linux.
-
The CORE GUI requires the X.Org X Window system (X11), or can run over a
remote X11 session. For specific Tcl/Tk, Python, and other libraries required
to run CORE, refer to the :ref:`Installation` section.
@@ -113,7 +108,7 @@ Installing from Packages
The easiest way to install CORE is using the pre-built packages. The package
managers on Ubuntu or Fedora will
-automatically install dependencies for you.
+automatically install dependencies for you.
You can obtain the CORE packages from the `CORE downloads `_ page
or `CORE GitHub `_.
@@ -143,7 +138,7 @@ First install the Ubuntu |UBUNTUVERSION| operating system.
to select which Quagga package to use.
-* **Optional:** install the prerequisite packages (otherwise skip this
+* **Optional:** install the prerequisite packages (otherwise skip this
step and have the package manager install them for you.)
.. parsed-literal::
@@ -152,13 +147,13 @@ First install the Ubuntu |UBUNTUVERSION| operating system.
# update-manager instead of apt-get update/dist-upgrade
sudo apt-get update
sudo apt-get dist-upgrade
- sudo apt-get install |APTDEPS| |APTDEPS2|
-
+ sudo apt-get install |APTDEPS| |APTDEPS2|
+
* Install Quagga for routing. If you plan on working with wireless
- networks, we recommend
+ networks, we recommend
installing
`OSPF MDR `__
- (replace `amd64` below with `i386` if needed
+ (replace `amd64` below with `i386` if needed
to match your architecture):
.. parsed-literal::
@@ -172,7 +167,7 @@ First install the Ubuntu |UBUNTUVERSION| operating system.
::
sudo apt-get install quagga
-
+
* Install the CORE deb packages for Ubuntu, using a GUI that automatically
resolves dependencies (note that the absolute path to the deb file
must be used with ``software-center``):
@@ -181,24 +176,24 @@ First install the Ubuntu |UBUNTUVERSION| operating system.
software-center /home/user/Downloads/core-daemon\_\ |version|-|COREDEB|
software-center /home/user/Downloads/core-gui\_\ |version|-|COREDEB2|
-
+
or install from command-line:
-
+
.. parsed-literal::
sudo dpkg -i core-daemon\_\ |version|-|COREDEB|
sudo dpkg -i core-gui\_\ |version|-|COREDEB2|
-
+
* Start the CORE daemon as root.
::
sudo /etc/init.d/core-daemon start
-
+
* Run the CORE GUI as a normal user:
::
core-gui
-
+
After running the ``core-gui`` command, a GUI should appear with a canvas
for drawing topologies. Messages will print out on the console about
@@ -217,7 +212,7 @@ examples below, replace with `i686` is using a 32-bit architecture. Also,
Fedora release number.
* **CentOS only:** in order to install the `libev` and `tkimg` prerequisite
- packages, you
+ packages, you
first need to install the `EPEL `_ repo
(Extra Packages for Enterprise Linux):
@@ -229,7 +224,7 @@ Fedora release number.
* **CentOS 7.x only:** as of this writing, the `tkimg` prerequisite package
is missing from EPEL 7.x, but the EPEL 6.x package can be manually installed
- from
+ from
`here `_
::
@@ -249,7 +244,7 @@ Fedora release number.
yum install |YUMDEPS| |YUMDEPS2|
-* **Optional (Fedora 17+):** Fedora 17 and newer have an additional
+* **Optional (Fedora 17+):** Fedora 17 and newer have an additional
prerequisite providing the required netem kernel modules (otherwise
skip this step and have the package manager install it for you.)
@@ -272,7 +267,7 @@ Fedora release number.
::
yum install quagga
-
+
* Install the CORE RPM packages for Fedora and automatically resolve
dependencies:
@@ -281,14 +276,14 @@ Fedora release number.
yum localinstall python-core_|service|-|version|-|CORERPM| --nogpgcheck
yum localinstall core-gui-|version|-|CORERPM2| --nogpgcheck
-
+
or install from the command-line:
.. parsed-literal::
rpm -ivh python-core_|service|-|version|-|CORERPM|
rpm -ivh core-gui-|version|-|CORERPM2|
-
+
* Turn off SELINUX by setting ``SELINUX=disabled`` in the :file:`/etc/sysconfig/selinux` file, and adding ``selinux=0`` to the kernel line in
your :file:`/etc/grub.conf` file; on Fedora 15 and newer, disable sandboxd using ``chkconfig sandbox off``;
@@ -304,12 +299,12 @@ Fedora release number.
systemctl start core-daemon.service
# or for CentOS:
/etc/init.d/core-daemon start
-
+
* Run the CORE GUI as a normal user:
::
core-gui
-
+
After running the ``core-gui`` command, a GUI should appear with a canvas
for drawing topologies. Messages will print out on the console about
@@ -335,11 +330,11 @@ These packages are not required for normal binary package installs.
sudo apt-get install |APTDEPS| \\
|APTDEPS2| \\
|APTDEPS3|
-
+
You can obtain the CORE source from the `CORE source `_ page. Choose either a stable release version or
-the development snapshot available in the `nightly_snapshots` directory.
-The ``-j8`` argument to ``make`` will run eight simultaneous jobs, to speed up
+the development snapshot available in the `nightly_snapshots` directory.
+The ``-j8`` argument to ``make`` will run eight simultaneous jobs, to speed up
builds on multi-core systems.
.. parsed-literal::
@@ -350,9 +345,9 @@ builds on multi-core systems.
./configure
make -j8
sudo make install
-
-The CORE Manual documentation is built separately from the :file:`doc/`
+
+The CORE Manual documentation is built separately from the :file:`doc/`
sub-directory in the source. It requires Sphinx:
.. parsed-literal::
@@ -376,16 +371,16 @@ These packages are not required for normal binary package installs.
yum install |YUMDEPS| \\
|YUMDEPS2| \\
|YUMDEPS3|
-
+
.. NOTE::
For a minimal X11 installation, also try these packages::
-
+
yum install xauth xterm urw-fonts
You can obtain the CORE source from the `CORE source `_ page. Choose either a stable release version or
the development snapshot available in the :file:`nightly_snapshots` directory.
-The ``-j8`` argument to ``make`` will run eight simultaneous jobs, to speed up
+The ``-j8`` argument to ``make`` will run eight simultaneous jobs, to speed up
builds on multi-core systems. Notice the ``configure`` flag to tell the build
system that a systemd service file should be installed under Fedora.
@@ -397,18 +392,12 @@ system that a systemd service file should be installed under Fedora.
./configure --with-startup=systemd
make -j8
sudo make install
-
-
-Note that the Linux RPM and Debian packages do not use the ``/usr/local``
-prefix, and files are instead installed to ``/usr/sbin``, and
-``/usr/lib``. This difference is a result of aligning with the directory
-structure of Linux packaging systems and FreeBSD ports packaging.
Another note is that the Python distutils in Fedora Linux will install the CORE
Python modules to :file:`/usr/lib/python2.7/site-packages/core`, instead of
using the :file:`dist-packages` directory.
-The CORE Manual documentation is built separately from the :file:`doc/`
+The CORE Manual documentation is built separately from the :file:`doc/`
sub-directory in the source. It requires Sphinx:
.. parsed-literal::
@@ -438,7 +427,7 @@ CentOS/EL6 does not use the systemd service file, so the `configure` option
`--with-startup=systemd` should be omitted:
::
-
+
./configure
@@ -448,12 +437,12 @@ CentOS/EL6 does not use the systemd service file, so the `configure` option
Installing from Source on SUSE
------------------------------
-To build CORE from source on SUSE or OpenSUSE,
+To build CORE from source on SUSE or OpenSUSE,
use the similar instructions shown in :ref:`Installing_from_Source_on_Fedora`,
except that the following `configure` option should be used:
::
-
+
./configure --with-startup=suse
This causes a separate init script to be installed that is tailored towards SUSE systems.
@@ -463,153 +452,6 @@ The `zypper` command is used instead of `yum`.
For OpenSUSE/Xen based installations, refer to the `README-Xen` file included
in the CORE source.
-
-.. _Installing_from_Source_on_FreeBSD:
-
-Installing from Source on FreeBSD
----------------------------------
-
-.. index:: kernel patch
-
-**Rebuilding the FreeBSD Kernel**
-
-
-The FreeBSD kernel requires a small patch to allow per-node directories in the
-filesystem. Also, the `VIMAGE` build option needs to be turned on to enable
-jail-based network stack virtualization. The source code for the FreeBSD
-kernel is located in :file:`/usr/src/sys`.
-
-Instructions below will use the :file:`/usr/src/sys/amd64` architecture
-directory, but the directory :file:`/usr/src/sys/i386` should be substituted
-if you are using a 32-bit architecture.
-
-The kernel patch is available from the CORE source tarball under core-|version|/kernel/symlinks-8.1-RELEASE.diff. This patch applies to the
-FreeBSD 8.x or 9.x kernels.
-
-.. parsed-literal::
-
- cd /usr/src/sys
- # first you can check if the patch applies cleanly using the '-C' option
- patch -p1 -C < ~/core-|version|/kernel/symlinks-8.1-RELEASE.diff
- # without '-C' applies the patch
- patch -p1 < ~/core-|version|/kernel/symlinks-8.1-RELEASE.diff
-
-
-A kernel configuration file named :file:`CORE` can be found within the source tarball: core-|version|/kernel/freebsd8-config-CORE. The config is valid for
-FreeBSD 8.x or 9.x kernels.
-
-The contents of this configuration file are shown below; you can edit it to suit your needs.
-
-::
-
- # this is the FreeBSD 9.x kernel configuration file for CORE
- include GENERIC
- ident CORE
-
- options VIMAGE
- nooptions SCTP
- options IPSEC
- device crypto
-
- options IPFIREWALL
- options IPFIREWALL_DEFAULT_TO_ACCEPT
-
-
-The kernel configuration file can be linked or copied to the kernel source directory. Use it to configure and build the kernel:
-
-.. parsed-literal::
-
- cd /usr/src/sys/amd64/conf
- cp ~/core-|version|/kernel/freebsd8-config-CORE CORE
- config CORE
- cd ../compile/CORE
- make cleandepend && make depend
- make -j8 && make install
-
-
-Change the number 8 above to match the number of CPU cores you have times two.
-Note that the ``make install`` step will move your existing kernel to
-``/boot/kernel.old`` and removes that directory if it already exists. Reboot to
-enable this new patched kernel.
-
-**Building CORE from Source on FreeBSD**
-
-Here are the prerequisite packages from the FreeBSD ports system:
-
-::
-
- pkg_add -r tk85
- pkg_add -r libimg
- pkg_add -r bash
- pkg_add -r libev
- pkg_add -r sudo
- pkg_add -r python
- pkg_add -r autotools
- pkg_add -r gmake
-
-
-Note that if you are installing to a bare FreeBSD system and want to SSH with X11 forwarding to that system, these packages will help:
-
-::
-
- pkg_add -r xauth
- pkg_add -r xorg-fonts
-
-
-The ``sudo`` package needs to be configured so a normal user can run the CORE
-GUI using the command ``core-gui`` (opening a shell window on a node uses a
-command such as ``sudo vimage n1``.)
-
-On FreeBSD, the CORE source is built using autotools and gmake:
-
-.. parsed-literal::
-
- tar xzf core-|version|.tar.gz
- cd core-|version|
- ./bootstrap.sh
- ./configure
- gmake -j8
- sudo gmake install
-
-
-Build and install the ``vimage`` utility for controlling virtual images. The source can be obtained from `FreeBSD SVN `_, or it is included with the CORE source for convenience:
-
-.. parsed-literal::
-
- cd core-|version|/kernel/vimage
- make
- make install
-
-
-.. index:: FreeBSD; kernel modules
-
-.. index:: kernel modules
-
-.. index:: ng_wlan and ng_pipe
-
-On FreeBSD you should also install the CORE kernel modules for wireless emulation. Perform this step after you have recompiled and installed FreeBSD kernel.
-
-.. parsed-literal::
-
- cd core-|version|/kernel/ng_pipe
- make
- sudo make install
- cd ../ng_wlan
- make
- sudo make install
-
-
-The :file:`ng_wlan` kernel module allows for the creation of WLAN nodes. This
-is a modified :file:`ng_hub` Netgraph module. Instead of packets being copied
-to every connected node, the WLAN maintains a hash table of connected node
-pairs. Furthermore, link parameters can be specified for node pairs, in
-addition to the on/off connectivity. The parameters are tagged to each packet
-and sent to the connected :file:`ng_pipe` module. The :file:`ng_pipe` has been
-modified to read any tagged parameters and apply them instead of its default
-link effects.
-
-The :file:`ng_wlan` also supports linking together multiple WLANs across different machines using the :file:`ng_ksocket` Netgraph node, for distributed emulation.
-
The Quagga routing suite is recommended for routing,
:ref:`Quagga_Routing_Software` for installation.
@@ -624,12 +466,12 @@ Virtual networks generally require some form of routing in order to work (e.g.
to automatically populate routing tables for routing packets from one subnet
to another.) CORE builds OSPF routing protocol
configurations by default when the blue router
-node type is used. The OSPF protocol is available
-from the `Quagga open source routing suite `_.
+node type is used. The OSPF protocol is available
+from the `Quagga open source routing suite `_.
Other routing protocols are available using different
node services, :ref:`Default_Services_and_Node_Types`.
-Quagga is not specified as a dependency for the CORE packages because
+Quagga is not specified as a dependency for the CORE packages because
there are two different Quagga packages that you may use:
* `Quagga `_ - the standard version of Quagga, suitable for static wired networks, and usually available via your distribution's package manager.
@@ -639,7 +481,7 @@ there are two different Quagga packages that you may use:
.. index:: MANET Designated Routers (MDR)
-*
+*
`OSPF MANET Designated Routers `_ (MDR) - the Quagga routing suite with a modified version of OSPFv3,
optimized for use with mobile wireless networks. The *mdr* node type (and the MDR service) requires this variant of Quagga.
@@ -651,26 +493,19 @@ otherwise install the standard version of Quagga using your package manager or f
Installing Quagga from Packages
-------------------------------
-To install the standard version of Quagga from packages, use your package
-manager (Linux) or the ports system (FreeBSD).
+To install the standard version of Quagga from packages, use your package manager (Linux).
Ubuntu users:
::
sudo apt-get install quagga
-
+
Fedora users:
::
yum install quagga
-
-FreeBSD users:
-::
- pkg_add -r quagga
-
-
-To install the Quagga variant having OSPFv3 MDR, first download the
+To install the Quagga variant having OSPFv3 MDR, first download the
appropriate package, and install using the package manager.
Ubuntu users:
@@ -709,7 +544,7 @@ To compile Quagga to work with CORE on Linux:
--localstatedir=/var/run/quagga
make
sudo make install
-
+
Note that the configuration directory :file:`/usr/local/etc/quagga` shown for
Quagga above could be :file:`/etc/quagga`, if you create a symbolic link from
@@ -723,26 +558,9 @@ If you try to run quagga after installing from source and get an error such as:
error while loading shared libraries libzebra.so.0
-this is usually a sign that you have to run `sudo ldconfig` to refresh the
+this is usually a sign that you have to run `sudo ldconfig` to refresh the
cache file.
-To compile Quagga to work with CORE on FreeBSD:
-
-.. parsed-literal::
-
- tar xzf |QVER|.tar.gz
- cd |QVER|
- ./configure --enable-user=root --enable-group=wheel \\
- --sysconfdir=/usr/local/etc/quagga --enable-vtysh \\
- --localstatedir=/var/run/quagga
- gmake
- gmake install
-
-
-On FreeBSD |BSDVERSION| you can use ``make`` or ``gmake``.
-You probably want to compile Quagga from the ports system in
-:file:`/usr/ports/net/quagga`.
-
VCORE
=====
diff --git a/doc/intro.rst b/doc/intro.rst
index d0ddc0c2..95c11f86 100644
--- a/doc/intro.rst
+++ b/doc/intro.rst
@@ -12,8 +12,8 @@ networks. As an emulator, CORE builds a representation of a real computer
network that runs in real time, as opposed to simulation, where abstract models
are used. The live-running emulation can be connected to physical networks and
routers. It provides an environment for running real applications and
-protocols, taking advantage of virtualization provided by the Linux or FreeBSD
-operating systems.
+protocols, taking advantage of virtualization provided by the Linux operating
+system.
Some of its key features are:
@@ -94,8 +94,7 @@ further control.
How Does it Work?
=================
-A CORE node is a lightweight virtual machine. The CORE framework runs on Linux
-and FreeBSD systems. The primary platform used for development is Linux.
+A CORE node is a lightweight virtual machine. The CORE framework runs on Linux.
.. index::
single: Linux; virtualization
@@ -104,8 +103,6 @@ and FreeBSD systems. The primary platform used for development is Linux.
single: network namespaces
* :ref:`Linux` CORE uses Linux network namespace virtualization to build virtual nodes, and ties them together with virtual networks using Linux Ethernet bridging.
-* :ref:`FreeBSD` CORE uses jails with a network stack virtualization kernel option to build virtual nodes, and ties them together with virtual networks using BSD's Netgraph system.
-
.. _Linux:
@@ -117,9 +114,9 @@ technique used by CORE. LXC has been part of the mainline Linux kernel since
2.6.24. Recent Linux distributions such as Fedora and Ubuntu have
namespaces-enabled kernels out of the box, so the kernel does not need to be
patched or recompiled.
-A namespace is created using the ``clone()`` system call. Similar
-to the BSD jails, each namespace has its own process environment and private
-network stack. Network namespaces share the same filesystem in CORE.
+A namespace is created using the ``clone()`` system call. Each namespace has
+its own process environment and private network stack. Network namespaces
+share the same filesystem in CORE.
.. index::
single: Linux; bridging
@@ -132,56 +129,6 @@ disciplines. Ebtables is Ethernet frame filtering on Linux bridges. Wireless
networks are emulated by controlling which interfaces can send and receive with
ebtables rules.
-
-.. _FreeBSD:
-
-FreeBSD
--------
-
-.. index::
- single: FreeBSD; Network stack virtualization
- single: FreeBSD; jails
- single: FreeBSD; vimages
-
-FreeBSD jails provide an isolated process space, a virtual environment for
-running programs. Starting with FreeBSD 8.0, a new `vimage` kernel option
-extends BSD jails so that each jail can have its own virtual network stack --
-its own networking variables such as addresses, interfaces, routes, counters,
-protocol state, socket information, etc. The existing networking algorithms and
-code paths are intact but operate on this virtualized state.
-
-Each jail plus network stack forms a lightweight virtual machine. These are
-named jails or *virtual images* (or *vimages*) and are created using a the
-``jail`` or ``vimage`` command. Unlike traditional virtual
-machines, vimages do not feature entire operating systems running on emulated
-hardware. All of the vimages will share the same processor, memory, clock, and
-other system resources. Because the actual hardware is not emulated and network
-packets can be passed by reference through the in-kernel Netgraph system,
-vimages are quite lightweight and a single system can accommodate numerous
-instances.
-
-Virtual network stacks in FreeBSD were historically available as a patch to the
-FreeBSD 4.11 and 7.0 kernels, and the VirtNet project [#f1]_ [#f2]_
-added this functionality to the
-mainline 8.0-RELEASE and newer kernels.
-
-.. index::
- single: FreeBSD; Netgraph
-
-The FreeBSD Operating System kernel features a graph-based
-networking subsystem named Netgraph. The netgraph(4) manual page quoted below
-best defines this system:
-
- The netgraph system provides a uniform and modular system for the
- implementation of kernel objects which perform various networking functions.
- The objects, known as nodes, can be arranged into arbitrarily complicated
- graphs. Nodes have hooks which are used to connect two nodes together,
- forming the edges in the graph. Nodes communicate along the edges to
- process data, implement protocols, etc.
-
- The aim of netgraph is to supplement rather than replace the existing
- kernel networking infrastructure.
-
.. index::
single: IMUNES
single: VirtNet
@@ -201,7 +148,7 @@ The Tcl/Tk CORE GUI was originally derived from the open source
project from the University of Zagreb
as a custom project within Boeing Research and Technology's Network
Technology research group in 2004. Since then they have developed the CORE
-framework to use not only FreeBSD but Linux virtualization, have developed a
+framework to use Linux virtualization, have developed a
Python framework, and made numerous user- and kernel-space developments, such
as support for wireless networks, IPsec, the ability to distribute emulations,
simulation integration, and more. The IMUNES project also consists of userspace
@@ -226,20 +173,16 @@ CORE has been released by Boeing to the open source community under the BSD
license. If you find CORE useful for your work, please contribute back to the
project. Contributions can be as simple as reporting a bug, dropping a line of
encouragement or technical suggestions to the mailing lists, or can also
-include submitting patches or maintaining aspects of the tool. For details on
-contributing to CORE, please visit the
-`wiki `_.
+include submitting patches or maintaining aspects of the tool. For contributing to
+CORE, please visit the
+`CORE GitHub `_.
Besides this manual, there are other additional resources available online:
* `CORE website `_ - main project page containing demos, downloads, and mailing list information.
-* `CORE supplemental website `_ - supplemental Google Code page with a quickstart guide, wiki, bug tracker, and screenshots.
.. index::
- single: wiki
- single: CORE; wiki
-
-The `CORE wiki `_ is a good place to check for the latest documentation and tips.
+ single: CORE
Goals
-----
@@ -255,10 +198,9 @@ Non-Goals
---------
This is a list of Non-Goals, specific things that people may be interested in but are not areas that we will pursue.
-
#. Reinventing the wheel - Where possible, CORE reuses existing open source components such as virtualization, Netgraph, netem, bridging, Quagga, etc.
#. 1,000,000 nodes - While the goal of CORE is to provide efficient, scalable network emulation, there is no set goal of N number of nodes. There are realistic limits on what a machine can handle as its resources are divided amongst virtual nodes. We will continue to make things more efficient and let the user determine the right number of nodes based on available hardware and the activities each node is performing.
-#. Solves every problem - CORE is about emulating networking layers 3-7 using virtual network stacks in the Linux or FreeBSD operating systems.
+#. Solves every problem - CORE is about emulating networking layers 3-7 using virtual network stacks in Linux operating systems.
#. Hardware-specific - CORE itself is not an instantiation of hardware, a testbed, or a specific laboratory setup; it should run on commodity laptop and desktop PCs, in addition to high-end server hardware.
diff --git a/doc/performance.rst b/doc/performance.rst
index fe51c685..24d483e1 100644
--- a/doc/performance.rst
+++ b/doc/performance.rst
@@ -19,7 +19,7 @@ The top question about the performance of CORE is often
* Hardware - the number and speed of processors in the computer, the available
processor cache, RAM memory, and front-side bus speed may greatly affect
overall performance.
-* Operating system version - Linux or FreeBSD, and the specific kernel versions
+* Operating system version - distribution of Linux and the specific kernel versions
used will affect overall performance.
* Active processes - all nodes share the same CPU resources, so if one or more
nodes is performing a CPU-intensive task, overall performance will suffer.
@@ -28,8 +28,8 @@ The top question about the performance of CORE is often
* GUI usage - widgets that run periodically, mobility scenarios, and other GUI
interactions generally consume CPU cycles that may be needed for emulation.
-On a typical single-CPU Xeon 3.0GHz server machine with 2GB RAM running FreeBSD
-|BSDVERSION|, we have found it reasonable to run 30-75 nodes running
+On a typical single-CPU Xeon 3.0GHz server machine with 2GB RAM running Linux,
+we have found it reasonable to run 30-75 nodes running
OSPFv2 and OSPFv3 routing. On this hardware CORE can instantiate 100 or more
nodes, but at that point it becomes critical as to what each of the nodes is
doing.
@@ -38,7 +38,7 @@ doing.
Because this software is primarily a network emulator, the more appropriate
question is *how much network traffic can it handle?* On the same 3.0GHz server
-described above, running FreeBSD 4.11, about 300,000 packets-per-second can be
+described above, running Linux, about 300,000 packets-per-second can be
pushed through the system. The number of hops and the size of the packets is
less important. The limiting factor is the number of times that the operating
system needs to handle a packet. The 300,000 pps figure represents the number
@@ -52,9 +52,9 @@ throughput seen on the full length of the network path.
For a more detailed study of performance in CORE, refer to the following publications:
-* J\. Ahrenholz, T. Goff, and B. Adamson, Integration of the CORE and EMANE Network Emulators, Proceedings of the IEEE Military Communications Conference 2011, November 2011.
+* J\. Ahrenholz, T. Goff, and B. Adamson, Integration of the CORE and EMANE Network Emulators, Proceedings of the IEEE Military Communications Conference 2011, November 2011.
-* Ahrenholz, J., Comparison of CORE Network Emulation Platforms, Proceedings of the IEEE Military Communications Conference 2010, pp. 864-869, November 2010.
+* Ahrenholz, J., Comparison of CORE Network Emulation Platforms, Proceedings of the IEEE Military Communications Conference 2010, pp. 864-869, November 2010.
-* J\. Ahrenholz, C. Danilov, T. Henderson, and J.H. Kim, CORE: A real-time network emulator, Proceedings of IEEE MILCOM Conference, 2008.
+* J\. Ahrenholz, C. Danilov, T. Henderson, and J.H. Kim, CORE: A real-time network emulator, Proceedings of IEEE MILCOM Conference, 2008.
diff --git a/doc/usage.rst b/doc/usage.rst
index ec6e6028..0312312f 100644
--- a/doc/usage.rst
+++ b/doc/usage.rst
@@ -11,9 +11,9 @@ Using the CORE GUI
.. index:: how to use CORE
-CORE can be used via the GUI or :ref:`Python_Scripting`.
-A typical emulation workflow is outlined in :ref:`emulation-workflow`.
-Often the GUI is used to draw nodes and network devices on the canvas.
+CORE can be used via the GUI or :ref:`Python_Scripting`.
+A typical emulation workflow is outlined in :ref:`emulation-workflow`.
+Often the GUI is used to draw nodes and network devices on the canvas.
A Python script could also be written, that imports the CORE Python module, to configure and instantiate nodes and networks. This chapter primarily covers usage of the CORE GUI.
.. _emulation-workflow:
@@ -24,7 +24,7 @@ A Python script could also be written, that imports the CORE Python module, to c
Emulation Workflow
-CORE can be customized to perform any action at each phase depicted in :ref:`emulation-workflow`. See the *Hooks...* entry on the
+CORE can be customized to perform any action at each phase depicted in :ref:`emulation-workflow`. See the *Hooks...* entry on the
:ref:`Session_Menu`
for details about when these session states are reached.
@@ -43,13 +43,13 @@ mode. Nodes are drawn on a blank canvas using the toolbar on the left and
configured from right-click menus or by double-clicking them. The GUI does not
need to be run as root.
-Once editing is complete, pressing the green `Start` button (or choosing `Execute` from the `Session` menu) instantiates the topology within the FreeBSD kernel and enters Execute mode. In execute mode, the user can interact with the running emulated machines by double-clicking or right-clicking on them. The editing toolbar disappears and is replaced by an execute toolbar, which provides tools while running the emulation. Pressing the red `Stop` button (or choosing `Terminate` from the `Session` menu) will destroy the running emulation and return CORE to Edit mode.
+Once editing is complete, pressing the green `Start` button (or choosing `Execute` from the `Session` menu) instantiates the topology within the Linux kernel and enters Execute mode. In execute mode, the user can interact with the running emulated machines by double-clicking or right-clicking on them. The editing toolbar disappears and is replaced by an execute toolbar, which provides tools while running the emulation. Pressing the red `Stop` button (or choosing `Terminate` from the `Session` menu) will destroy the running emulation and return CORE to Edit mode.
CORE can be started directly in Execute mode by specifying ``--start`` and a topology file on the command line:
::
core-gui --start ~/.core/configs/myfile.imn
-
+
Once the emulation is running, the GUI can be closed, and a prompt will appear asking if the emulation should be terminated. The emulation may be left running and the GUI can reconnect to an existing session at a later time.
@@ -62,8 +62,8 @@ There is also a **Batch** mode where CORE runs without the GUI and will instanti
::
core-gui --batch ~/.core/configs/myfile.imn
-
-A session running in batch mode can be accessed using the ``vcmd`` command (or ``vimage`` on FreeBSD), or the GUI can connect to the session.
+
+A session running in batch mode can be accessed using the ``vcmd`` command, or the GUI can connect to the session.
.. index:: closebatch
@@ -76,12 +76,12 @@ The session number is printed in the terminal when batch mode is started. This s
If you forget the session number, you can always start the CORE GUI and use :ref:`Session_Menu` CORE sessions dialog box.
.. NOTE::
- It is quite easy to have overlapping sessions when running in batch mode. This may become a problem when control networks are employed in these sessions as there could be addressing conflicts. See :ref:`Control_Network` for remedies.
-
+ It is quite easy to have overlapping sessions when running in batch mode. This may become a problem when control networks are employed in these sessions as there could be addressing conflicts. See :ref:`Control_Network` for remedies.
+
.. NOTE::
If you like to use batch mode, consider writing a
- CORE :ref:`Python script ` directly.
+ CORE :ref:`Python script ` directly.
This enables access to the full power of the Python API.
The :ref:`File_Menu` has a basic `Export Python Script` option for getting
started with a GUI-designed topology.
@@ -92,8 +92,7 @@ The session number is printed in the terminal when batch mode is started. This s
.. index:: root privileges
-The GUI can be run as a normal user on Linux. For FreeBSD, the GUI should be run
-as root in order to start an emulation.
+The GUI can be run as a normal user on Linux.
.. index:: port number
@@ -204,7 +203,7 @@ sub-menus, which appear when you click on their group icon.
wireless nodes based on the distance between them
* |rj45| *RJ45* - with the RJ45 Physical Interface Tool, emulated nodes can
- be linked to real physical interfaces on the Linux or FreeBSD machine;
+ be linked to real physical interfaces;
using this tool, real networks and devices can be physically connected to
the live-running emulation (:ref:`RJ45_Tool`)
@@ -330,7 +329,7 @@ File Menu
The File menu contains options for manipulating the :file:`.imn`
:ref:`Configuration_Files`. Generally, these menu items should not be used in
-Execute mode (:ref:`Modes_of_Operation`.)
+Execute mode (:ref:`Modes_of_Operation`.)
.. index:: New
@@ -340,7 +339,7 @@ Execute mode (:ref:`Modes_of_Operation`.)
* *Open* - invokes the File Open dialog box for selecting a new :file:`.imn`
or XML file to open. You can change the default path used for this dialog
- in the :ref:`Preferences` Dialog.
+ in the :ref:`Preferences` Dialog.
.. index:: Save
@@ -349,16 +348,16 @@ Execute mode (:ref:`Modes_of_Operation`.)
.. index:: Save As XML
-* *Save As XML* - invokes the Save As dialog box for selecting a new
+* *Save As XML* - invokes the Save As dialog box for selecting a new
:file:`.xml` file for saving the current configuration in the XML file.
- See :ref:`Configuration_Files`.
+ See :ref:`Configuration_Files`.
.. index:: Save As imn
* *Save As imn* - invokes the Save As dialog box for selecting a new
:file:`.imn`
topology file for saving the current configuration. Files are saved in the
- *IMUNES network configuration* file format described in
+ *IMUNES network configuration* file format described in
:ref:`Configuration_Files`.
.. index:: Export Python script
@@ -376,7 +375,7 @@ Execute mode (:ref:`Modes_of_Operation`.)
.. index:: Execute Python script with options
* *Execute Python script with options* - invokes a File Open dialog box for selecting a
- Python script to run and automatically connect to. After a selection is made,
+ Python script to run and automatically connect to. After a selection is made,
a Python Script Options dialog box is invoked to allow for command-line options to be added.
The Python script must create a new CORE Session and add this session to the daemon's list of sessions
in order for this to work; see :ref:`Python_Scripting`.
@@ -386,7 +385,7 @@ Execute mode (:ref:`Modes_of_Operation`.)
* *Open current file in editor* - this opens the current topology file in the
``vim`` text editor. First you need to save the file. Once the file has been
edited with a text editor, you will need to reload the file to see your
- changes. The text editor can be changed from the :ref:`Preferences` Dialog.
+ changes. The text editor can be changed from the :ref:`Preferences` Dialog.
.. index:: Print
.. index:: printing
@@ -434,7 +433,7 @@ Edit Menu
* *Cut*, *Copy*, *Paste* - used to cut, copy, and paste a selection. When nodes
are pasted, their node numbers are automatically incremented, and existing
links are preserved with new IP addresses assigned. Services and their
- customizations are copied to the new node, but care should be taken as
+ customizations are copied to the new node, but care should be taken as
node IP addresses have changed with possibly old addresses remaining in any
custom service configurations. Annotations may also be copied and pasted.
@@ -503,7 +502,7 @@ The canvas menu provides commands for adding, removing, changing, and switching
altitude reference point used to convert between geographic and Cartesian
coordinate systems. By clicking the *Save as default* option, all new
canvases will be created with these properties. The default canvas size can
- also be changed in the :ref:`Preferences` dialog box.
+ also be changed in the :ref:`Preferences` dialog box.
* *Wallpaper...* - used for setting the canvas background image,
:ref:`Customizing_your_Topology's_Look`.
@@ -538,12 +537,12 @@ canvas.
.. index:: hide nodes
* *Show hidden nodes* - reveal nodes that have been hidden. Nodes are hidden by
- selecting one or more nodes, right-clicking one and choosing *hide*.
+ selecting one or more nodes, right-clicking one and choosing *hide*.
.. index:: locked view
* *Locked* - toggles locked view; when the view is locked, nodes cannot be
- moved around on the canvas with the mouse. This could be useful when
+ moved around on the canvas with the mouse. This could be useful when
sharing the topology with someone and you do not expect them to change
things.
@@ -585,7 +584,7 @@ The tools menu lists different utility functions.
.. index:: autorearrange selected
* *Autorearrange selected* - automatically arranges the selected nodes on the
- canvas.
+ canvas.
.. index:: align to grid
@@ -710,7 +709,7 @@ Here are some standard widgets:
routing protocols. A line is drawn from each router halfway to the router ID
of an adjacent router. The color of the line is based on the OSPF adjacency
state such as Two-way or Full. To learn about the different colors, see the
- *Configure Adjacency...* menu item. The :file:`vtysh` command is used to
+ *Configure Adjacency...* menu item. The :file:`vtysh` command is used to
dump OSPF neighbor information.
Only half of the line is drawn because each
router may be in a different adjacency state with respect to the other.
@@ -724,11 +723,7 @@ Here are some standard widgets:
link. If the throughput exceeds a certain threshold, the link will become
highlighted. For wireless nodes which broadcast data to all nodes in range,
the throughput rate is displayed next to the node and the node will become
- circled if the threshold is exceeded. *Note: under FreeBSD, the
- Throughput Widget will
- display "0.0 kbps" on all links that have no configured link effects, because
- of the way link statistics are counted; to fix this, add a small delay or a
- bandwidth limit to each link.*
+ circled if the threshold is exceeded.
.. _Observer_Widgets:
@@ -810,7 +805,7 @@ and options.
of configured hooks, and buttons on the bottom left allow adding, editing,
and removing hook scripts. The new or edit button will open a hook script
editing window. A hook script is a shell script invoked on the host (not
- within a virtual node).
+ within a virtual node).
The script is started at the session state specified in the drop down:
@@ -818,14 +813,14 @@ and options.
* *configuration* - when the user presses the *Start* button, node, link, and
other configuration data is sent to the backend. This state is also
- reached when the user customizes a service.
+ reached when the user customizes a service.
* *instantiation* - after
- configuration data has been sent, just before the nodes are created.
+ configuration data has been sent, just before the nodes are created.
* *runtime* - all nodes and networks have been
- built and are running. (This is the same state at which
- the previously-named *global experiment script* was run.)
+ built and are running. (This is the same state at which
+ the previously-named *global experiment script* was run.)
* *datacollect* - the user has pressed the
*Stop* button, but before services have been stopped and nodes have been
@@ -837,18 +832,18 @@ and options.
* *Reset node positions* - if you have moved nodes around
using the mouse or by using a mobility module, choosing this item will reset
all nodes to their original position on the canvas. The node locations are
- remembered when you first press the Start button.
+ remembered when you first press the Start button.
* *Emulation servers...* - invokes the CORE emulation
servers dialog for configuring :ref:`Distributed_Emulation`.
-* *Change Sessions...* - invokes the Sessions dialog for switching between
+* *Change Sessions...* - invokes the Sessions dialog for switching between
different
running sessions. This dialog is presented during startup when one or
more sessions are already running.
* *Options...* - presents per-session options, such as the IPv4 prefix to be
- used, if any, for a control network
+ used, if any, for a control network
(see :ref:`Communicating_with_the_Host_Machine`); the ability to preserve
the session directory; and an on/off switch for SDT3D support.
@@ -871,7 +866,7 @@ Connecting with Physical Networks
CORE's emulated networks run in real time, so they can be connected to live
physical networks. The RJ45 tool and the Tunnel tool help with connecting to
-the real world. These tools are available from the *Link-layer nodes* menu.
+the real world. These tools are available from the *Link-layer nodes* menu.
When connecting two or more CORE emulations together, MAC address collisions
should be avoided. CORE automatically assigns MAC addresses to interfaces when
@@ -893,7 +888,7 @@ with the CORE nodes in real time.
The main drawback is that one physical interface is required for each
connection. When the physical interface is assigned to CORE, it may not be used
for anything else. Another consideration is that the computer or network that
-you are connecting to must be co-located with the CORE machine.
+you are connecting to must be co-located with the CORE machine.
To place an RJ45 connection, click on the *Link-layer nodes* toolbar and select
the *RJ45 Tool* from the submenu. Click on the canvas near the node you want to
@@ -904,8 +899,8 @@ physical interface. A list of available interfaces will be shown, and one may
be selected by double-clicking its name in the list, or an interface name may
be entered into the text box.
-.. NOTE::
- When you press the Start button to instantiate your topology, the
+.. NOTE::
+ When you press the Start button to instantiate your topology, the
interface assigned to the RJ45 will be connected to the CORE topology. The
interface can no longer be used by the system. For example, if there was an
IP address assigned to the physical interface before execution, the address
@@ -925,7 +920,7 @@ physical ports are available, but the (e.g. switching) hardware connected to
the physical port must support the VLAN tagging, and the available bandwidth
will be shared.
-You need to create separate VLAN virtual devices on the Linux or FreeBSD host,
+You need to create separate VLAN virtual devices on the Linux host,
and then assign these devices to RJ45 nodes inside of CORE. The VLANning is
actually performed outside of CORE, so when the CORE emulated node receives a
packet, the VLAN tag will already be removed.
@@ -953,15 +948,15 @@ Tunneling can be helpful when the number of physical interfaces is limited or
when the peer is located on a different network. Also a physical interface does
not need to be dedicated to CORE as with the RJ45 tool.
-The peer GRE tunnel endpoint may be another CORE machine or a (Linux, FreeBSD,
-etc.) host that supports GRE tunneling. When placing a Tunnel node, initially
+The peer GRE tunnel endpoint may be another CORE machine or another
+host that supports GRE tunneling. When placing a Tunnel node, initially
the node will display "UNASSIGNED". This text should be replaced with the IP
address of the tunnel peer. This is the IP address of the other CORE machine or
physical machine, not an IP address of another virtual node.
.. NOTE::
Be aware of possible MTU issues with GRE devices. The *gretap* device
- has an interface MTU of 1,458 bytes; when joined to a Linux bridge, the
+ has an interface MTU of 1,458 bytes; when joined to a Linux bridge, the
bridge's MTU
becomes 1,458 bytes. The Linux bridge will not perform fragmentation for
large packets if other bridge ports have a higher MTU such as 1,500 bytes.
@@ -977,7 +972,7 @@ used.
.. index:: ip link command
Here are example commands for building the other end of a tunnel on a Linux
-machine. In this example, a router in CORE has the virtual address
+machine. In this example, a router in CORE has the virtual address
``10.0.0.1/24`` and the CORE host machine has the (real) address
``198.51.100.34/24``. The Linux box
that will connect with the CORE machine is reachable over the (real) network
@@ -989,7 +984,7 @@ an address from the subnet of the virtual router node,
``10.0.0.2/24``.
::
-
+
# these commands are run on the tunnel peer
sudo ip link add gt0 type gretap remote 198.51.100.34 local 198.51.100.76 key 1
sudo ip addr add 10.0.0.2/24 dev gt0
@@ -1053,7 +1048,7 @@ the node, and SSH with X11 forwarding can be used from the host to the node:
ssh -X 172.16.0.5 xclock
Note that the :file:`coresendmsg` utility can be used for a node to send
-messages to the CORE daemon running on the host (if the ``listenaddr = 0.0.0.0``
+messages to the CORE daemon running on the host (if the ``listenaddr = 0.0.0.0``
is set in the :file:`/etc/core/core.conf` file) to interact with the running
emulation. For example, a node may move itself or other nodes, or change
its icon based on some node state.
@@ -1108,7 +1103,7 @@ Wired Networks
Wired networks are created using the *Link Tool* to draw a link between two
nodes. This automatically draws a red line representing an Ethernet link and
-creates new interfaces on network-layer nodes.
+creates new interfaces on network-layer nodes.
.. index:: link configuration
@@ -1124,12 +1119,11 @@ link, affecting its display.
.. index:: lanswitch
Link-layer nodes are provided for modeling wired networks. These do not create
-a separate network stack when instantiated, but are implemented using bridging
-(Linux) or Netgraph nodes (FreeBSD). These are the hub, switch, and wireless
-LAN nodes. The hub copies each packet from the incoming link to every connected
-link, while the switch behaves more like an Ethernet switch and keeps track of
-the Ethernet address of the connected peer, forwarding unicast traffic only to
-the appropriate ports.
+a separate network stack when instantiated, but are implemented using Linux bridging.
+These are the hub, switch, and wireless LAN nodes. The hub copies each packet from
+the incoming link to every connected link, while the switch behaves more like an
+Ethernet switch and keeps track of the Ethernet address of the connected peer,
+forwarding unicast traffic only to the appropriate ports.
The wireless LAN (WLAN) is covered in the next section.
@@ -1158,13 +1152,13 @@ on platform. See the table below for a brief overview of wireless model types.
============= ===================== ======== ==================================================================
Model Type Supported Platform(s) Fidelity Description
============= ===================== ======== ==================================================================
-Basic on/off Linux, FreeBSD Low Linux Ethernet bridging with ebtables (Linux) or ng_wlan (FreeBSD)
+Basic on/off Linux Low Linux Ethernet bridging with ebtables
EMANE Plug-in Linux High TAP device connected to EMANE emulator with pluggable MAC and PHY radio types
============= ===================== ======== ==================================================================
To quickly build a wireless network, you can first place several router nodes
-onto the canvas. If you have the
+onto the canvas. If you have the
:ref:`Quagga MDR software ` installed, it is
recommended that you use the *mdr* node type for reduced routing overhead. Next
choose the *wireless LAN* from the *Link-layer nodes* submenu. First set the
@@ -1198,8 +1192,6 @@ dragging them, and wireless links will be dynamically made or broken.
The *EMANE* tab lists available EMANE models to use for wireless networking.
See the :ref:`EMANE` chapter for details on using EMANE.
-On FreeBSD, the WLAN node is realized using the *ng_wlan* Netgraph node.
-
.. _Mobility_Scripting:
Mobility Scripting
@@ -1213,7 +1205,7 @@ Mobility Scripting
.. index:: mobility scripting
-CORE has a few ways to script mobility.
+CORE has a few ways to script mobility.
* ns-2 script - the script specifies either absolute positions
or waypoints with a velocity. Locations are given with Cartesian coordinates.
@@ -1226,7 +1218,7 @@ CORE has a few ways to script mobility.
For the first method, you can create a mobility script using a text
editor, or using a tool such as `BonnMotion `_, and associate the script with one of the wireless
-using the WLAN configuration dialog box. Click the *ns-2 mobility script...*
+using the WLAN configuration dialog box. Click the *ns-2 mobility script...*
button, and set the *mobility script file* field in the resulting *ns2script*
configuration dialog.
@@ -1254,11 +1246,11 @@ The format of an ns-2 mobility script looks like:
$node_(2) set Y_ 240.0
$node_(2) set Z_ 0.00
$ns_ at 1.00 "$node_(2) setdest 130.0 280.0 15.0"
-
+
The first three lines set an initial position for node 2. The last line in the
above example causes node 2 to move towards the destination `(130, 280)` at
-speed `15`. All units are screen coordinates, with speed in units per second.
+speed `15`. All units are screen coordinates, with speed in units per second.
The
total script time is learned after all nodes have reached their waypoints.
Initially, the time slider in the mobility script dialog will not be
@@ -1305,13 +1297,12 @@ Distributed Emulation
A large emulation scenario can be deployed on multiple emulation servers and
controlled by a single GUI. The GUI, representing the entire topology, can be
run on one of the emulation servers or on a separate machine. Emulations can be
-distributed on Linux, while tunneling support has not been added yet for
-FreeBSD.
+distributed on Linux.
Each machine that will act as an emulation server needs to have CORE installed.
It is not important to have the GUI component but the CORE Python daemon
:file:`core-daemon` needs to be installed. Set the ``listenaddr`` line in the
-:file:`/etc/core/core.conf` configuration file so that the CORE Python
+:file:`/etc/core/core.conf` configuration file so that the CORE Python
daemon will respond to commands from other servers:
::
@@ -1320,7 +1311,7 @@ daemon will respond to commands from other servers:
pidfile = /var/run/core-daemon.pid
logfile = /var/log/core-daemon.log
listenaddr = 0.0.0.0
-
+
The ``listenaddr`` should be set to the address of the interface that should
receive CORE API control commands from the other servers; setting ``listenaddr
@@ -1356,19 +1347,19 @@ Servers are configured by choosing *Emulation servers...* from the *Session*
menu. Servers parameters are configured in the list below and stored in a
*servers.conf* file for use in different scenarios. The IP address and port of
the server must be specified. The name of each server will be saved in the
-topology file as each node's location.
+topology file as each node's location.
.. NOTE::
The server that the GUI connects with
- is referred to as the master server.
+ is referred to as the master server.
The user needs to assign nodes to emulation servers in the scenario. Making no
-assignment means the node will be emulated on the master server
-In the configuration window of every node, a drop-down box located between
-the *Node name* and the *Image* button will select the name of the emulation
-server. By default, this menu shows *(none)*, indicating that the node will
-be emulated locally on the master. When entering Execute mode, the CORE GUI
+assignment means the node will be emulated on the master server
+In the configuration window of every node, a drop-down box located between
+the *Node name* and the *Image* button will select the name of the emulation
+server. By default, this menu shows *(none)*, indicating that the node will
+be emulated locally on the master. When entering Execute mode, the CORE GUI
will deploy the node on its assigned emulation server.
Another way to assign emulation servers is to select one or more nodes using
@@ -1395,7 +1386,7 @@ If there is a link between two nodes residing on different servers, the GUI
will draw the link with a dashed line, and automatically create necessary
tunnels between the nodes when executed. Care should be taken to arrange the
topology such that the number of tunnels is minimized. The tunnels carry data
-between servers to connect nodes as specified in the topology.
+between servers to connect nodes as specified in the topology.
These tunnels are created using GRE tunneling, similar to the
:ref:`Tunnel_Tool`.
@@ -1561,7 +1552,7 @@ service. Generally they send a kill signal to the running process using the
*kill* or *killall* commands. If the service does not terminate
the running processes using a shutdown command, the processes will be killed
when the *vnoded* daemon is terminated (with *kill -9*) and
-the namespace destroyed. It is a good practice to
+the namespace destroyed. It is a good practice to
specify shutdown commands, which will allow for proper process termination, and
for run-time control of stopping and restarting services.
@@ -1606,7 +1597,7 @@ in the :file:`/etc/core/core.conf` configuration file. A sample is provided in
the :file:`myservices/` directory.
.. NOTE::
- The directory name used in `custom_services_dir` should be unique and
+ The directory name used in `custom_services_dir` should be unique and
should not correspond to
any existing Python module name. For example, don't use the name `subprocess`
or `services`.
@@ -1641,7 +1632,7 @@ create a bridge or namespace, or the failure to launch EMANE processes for an
EMANE-based network.
Clicking on an exception displays details for that
-exception. If a node number is specified, that node is highlighted on the
+exception. If a node number is specified, that node is highlighted on the
canvas when the exception is selected. The exception source is a text string
to help trace where the exception occurred; "service:UserDefined" for example,
would appear for a failed validation command with the UserDefined service.
@@ -1654,7 +1645,7 @@ list and for viewing the CORE daemon and node log files.
.. index:: CEL batch mode
.. NOTE::
- In batch mode, exceptions received from the CORE daemon are displayed on
+ In batch mode, exceptions received from the CORE daemon are displayed on
the console.
.. _Configuration_Files:
@@ -1668,16 +1659,16 @@ Configuration Files
Configurations are saved to :file:`xml` or :file:`.imn` topology files using
the *File* menu. You
-can easily edit these files with a text editor.
+can easily edit these files with a text editor.
Any time you edit the topology
file, you will need to stop the emulation if it were running and reload the
file.
-The :file:`.xml` `file schema is specified by NRL `_ and there are two versions to date:
-version 0.0 and version 1.0,
-with 1.0 as the current default. CORE can open either XML version. However, the
-xmlfilever line in :file:`/etc/core/core.conf` controls the version of the XML file
-that CORE will create.
+The :file:`.xml` `file schema is specified by NRL `_ and there are two versions to date:
+version 0.0 and version 1.0,
+with 1.0 as the current default. CORE can open either XML version. However, the
+xmlfilever line in :file:`/etc/core/core.conf` controls the version of the XML file
+that CORE will create.
.. index:: Scenario Plan XML
@@ -1685,7 +1676,7 @@ In version 1.0, the XML file is also referred to as the Scenario Plan. The Scena
made up of the following:
-* `Network Plan` - describes nodes, hosts, interfaces, and the networks to
+* `Network Plan` - describes nodes, hosts, interfaces, and the networks to
which they belong.
* `Motion Plan` - describes position and motion patterns for nodes in an
emulation.
@@ -1694,7 +1685,7 @@ made up of the following:
* `Visualization Plan` - meta-data that is not part of the NRL XML schema but
used only by CORE. For example, GUI options, canvas and annotation info, etc.
are contained here.
-* `Test Bed Mappings` - describes mappings of nodes, interfaces and EMANE modules in the scenario to
+* `Test Bed Mappings` - describes mappings of nodes, interfaces and EMANE modules in the scenario to
test bed hardware.
CORE includes Test Bed Mappings in XML files that are saved while the scenario is running.
@@ -1710,7 +1701,7 @@ indentation is one tab character.
.. tip::
There are several topology examples included with CORE in
the :file:`configs/` directory.
- This directory can be found in :file:`~/.core/configs`, or
+ This directory can be found in :file:`~/.core/configs`, or
installed to the filesystem
under :file:`/usr[/local]/share/examples/configs`.
diff --git a/gui/Makefile.am b/gui/Makefile.am
index 25c494fd..65cf085b 100644
--- a/gui/Makefile.am
+++ b/gui/Makefile.am
@@ -33,8 +33,6 @@ CONFIG_FILES = configs/sample1.imn configs/sample1.scen \
configs/sample9-vpn.imn \
configs/sample10-kitchen-sink.imn
-OTHER_FILES = core-bsd-cleanup.sh
-
#
# CORE GUI script (/usr/local/bin/core-gui)
#
@@ -44,7 +42,7 @@ dist_bin_SCRIPTS = core-gui
# Tcl/Tk scripts (/usr/local/lib/core)
#
coredir = $(CORE_LIB_DIR)
-dist_core_DATA = $(TCL_FILES)
+dist_core_DATA = $(TCL_FILES)
dist_core_SCRIPTS = $(OTHER_FILES)
#
@@ -57,7 +55,7 @@ dist_coreaddons_DATA = $(ADDONS_FILES)
# Sample configs (/usr/local/share/core/examples/configs)
#
coreconfigsdir = $(datadir)/core/examples/configs
-dist_coreconfigs_DATA = $(CONFIG_FILES)
+dist_coreconfigs_DATA = $(CONFIG_FILES)
dist-hook:
rm -rf $(distdir)/addons/.svn
diff --git a/gui/api.tcl b/gui/api.tcl
index df6e611e..89b02605 100644
--- a/gui/api.tcl
+++ b/gui/api.tcl
@@ -135,7 +135,7 @@ proc receiveMessage { channel } {
#
# Open an API socket to the specified server:port, prompt user for retry
-# if specified; set the readable file event and parameters;
+# if specified; set the readable file event and parameters;
# returns the channel name or -1 on error.
#
proc openAPIChannel { server port retry } {
@@ -186,7 +186,7 @@ proc openAPIChannel { server port retry } {
# now we have a valid socket, set up encoding and receive event
fconfigure $s -blocking 0 -encoding binary -translation { binary binary } \
- -buffering full -buffersize 4096
+ -buffering full -buffersize 4096
fileevent $s readable [list receiveMessage $s]
return $s
}
@@ -299,7 +299,7 @@ proc parseNodeMessage { data len flags } {
# verbose debugging
#puts "tlv type=$type length=$length pad=$pad current=$current"
incr current 2
-
+
if {![info exists typenames($type)] } { ;# unknown TLV type
if { $prmsg } { puts -nonewline "unknown=$type," }
incr current $length
@@ -352,11 +352,11 @@ proc parseNodeMessage { data len flags } {
} else {
set exists true
}
-
+
if { $vals(name) == "" } {; # make sure there is a node name
set name $node
if { $exists } { set name [getNodeName $node] }
- array set vals [list name $name]
+ array set vals [list name $name]
}
if { $exists } {
if { $flags == 1 } {
@@ -384,9 +384,7 @@ proc parseNodeMessage { data len flags } {
set wlans_needing_update { }
if { $vals(emuid) != -1 } {
- # For Linux (FreeBSD populates ngnodeidmap in l3node.instantiate/
- # buildInterface when the netgraph ID is known)
- # populate ngnodeidmap for later use with wireless; it is treated as
+ # For Linux populate ngnodeidmap for later use with wireless; it is treated as
# a hex value string (without the leading "0x")
global ngnodeidmap
foreach wlan [findWlanNodes $node] {
@@ -484,7 +482,7 @@ proc apiNodeCreate { node vals_ref } {
return
}
set canv "c$canv"
- if { [lsearch $canvas_list $canv] < 0 && $canv == "c0" } {
+ if { [lsearch $canvas_list $canv] < 0 && $canv == "c0" } {
# special case -- support old imn files with Canvas0
global $canv
lappend canvas_list $canv
@@ -787,12 +785,12 @@ proc apiLinkAddModify { node1 node2 vals_ref add } {
updateLinkGuiAttr $wired_link $vals(guiattr)
return
# if add flag is set and a wired link already exists, assume wlan linkage
- # special case: rj45 model=1 means link via wireless
+ # special case: rj45 model=1 means link via wireless
} elseif {[nodeType $node1] == "rj45" || [nodeType $node2] == "rj45"} {
if { [nodeType $node1] == "rj45" } {
set rj45node $node1; set othernode $node2;
} else { set rj45node $node2; set othernode $node1; }
- if { [netconfFetchSection $rj45node model] == 1 } {
+ if { [netconfFetchSection $rj45node model] == 1 } {
set wlan [findWlanNodes $othernode]
if {$wlan != ""} {newGUILink $wlan $rj45node};# link rj4node to wlan
}
@@ -1034,7 +1032,7 @@ proc parseRegMessage { data len flags channel } {
# TLV header
if { [binary scan $data @${current}cc type length] != 2 } {
puts "TLV header error"
- break
+ break
}
set length [expr {$length & 0xFF}]; # convert signed to unsigned
if { $length == 0 } {
@@ -1078,9 +1076,9 @@ proc parseRegMessage { data len flags channel } {
if { $session != "" } {
# The channel passed to here is soon after discarded for
# sessions that are started from XML or Python scripts. This causes
- # an exception in the GUI when responding back to daemon if the
- # response is sent after the channel has been destroyed. Setting
- # the channel to -1 basically disables the GUI response to the daemon,
+ # an exception in the GUI when responding back to daemon if the
+ # response is sent after the channel has been destroyed. Setting
+ # the channel to -1 basically disables the GUI response to the daemon,
# but it turns out the daemon does not need the response anyway.
set channel -1
# assume session string only contains one session number
@@ -1432,7 +1430,7 @@ proc parseEventMessage { data len flags channel } {
2 {
incr current $pad
binary scan $data @${current}I eventtype
- if { $prmsg == 1} {
+ if { $prmsg == 1} {
set typestr ""
foreach t [array names eventtypes] {
if { $eventtypes($t) == $eventtype } {
@@ -1493,7 +1491,7 @@ proc parseEventMessage { data len flags channel } {
set name [lindex [getEmulPlugin "*"] 0]
if { [getAssignedRemoteServers] == "" } {
# start a new session if not distributed
- # otherwise we need to allow time for node delete messages
+ # otherwise we need to allow time for node delete messages
# from other servers
pluginConnect $name disconnect 1
pluginConnect $name connect 1
@@ -1529,7 +1527,7 @@ proc parseSessionMessage { data len flags channel } {
set typelength [parseTLVHeader $data current]
set type [lindex $typelength 0]
set length [lindex $typelength 1]
- if { $length == 0 || $length == "" } {
+ if { $length == 0 || $length == "" } {
puts "warning: zero-length TLV, discarding remainder of message!"
break
}
@@ -1737,7 +1735,7 @@ proc sendNodePosMessage { channel node nodeid x y wlanid force } {
if {$wlanid > -1} { incr len 8 }
if {$force == 1 } { set crit 0x4 } else { set crit 0x0 }
#puts "sending [expr $len+4] bytes: $nodeid $x $y $wlanid"
- if { $prmsg == 1 } {
+ if { $prmsg == 1 } {
puts -nonewline ">NODE(flags=$crit,$node,x=$x,y=$y" }
set msg [binary format ccSc2sIc2Sc2S \
1 $crit $len \
@@ -1805,8 +1803,8 @@ proc sendNodeAddMessage { channel node } {
} else {
set canv ""
}
-
- # services
+
+ # services
set svc [getNodeServices $node false]
set svc [join $svc "|"]
set svc_len [string length $svc]
@@ -1854,7 +1852,7 @@ proc sendNodeAddMessage { channel node } {
set mac [join [split $macstr ":"] ""]
puts -nonewline $channel [binary format c2x2W {0x5 8} 0x$mac]
}
-
+
# IPv6 address
if { $ipv6 != 0 } {
if { $prmsg == 1 } { puts -nonewline "$ipv6str," }
@@ -1943,7 +1941,7 @@ proc sendNodeDelMessage { channel node } {
proc sendLinkMessage { channel link type {sendboth true} } {
global showAPI
set prmsg $showAPI
-
+
set node1 [lindex [linkPeers $link] 0]
set node2 [lindex [linkPeers $link] 1]
set if1 [ifcByPeer $node1 $node2]; set if2 [ifcByPeer $node2 $node1]
@@ -2207,7 +2205,7 @@ proc getIfcAddrs { node ifc ipv4p ipv6p macp ipv4maskp ipv6maskp lenp } {
# IPv4 address
set ipv4str [getIfcIPv4addr $node $ifc]
- if {$ipv4str != ""} {
+ if {$ipv4str != ""} {
set ipv4 [lindex [split $ipv4str /] 0]
if { [info exists ipv4mask ] } {
set ipv4mask [lindex [split $ipv4str / ] 1]
@@ -2222,7 +2220,7 @@ proc getIfcAddrs { node ifc ipv4p ipv6p macp ipv4maskp ipv6maskp lenp } {
# IPv6 address
set ipv6str [getIfcIPv6addr $node $ifc]
- if {$ipv6str != ""} {
+ if {$ipv6str != ""} {
set ipv6 [lindex [split $ipv6str /] 0]
if { [info exists ipv6mask ] } {
set ipv6mask [lindex [split $ipv6str / ] 1]
@@ -2248,7 +2246,7 @@ proc getIfcAddrs { node ifc ipv4p ipv6p macp ipv4maskp ipv6maskp lenp } {
#
# Register Message: (registration types)
-# This is a simple Register Message, types is an array of
+# This is a simple Register Message, types is an array of
# tuples.
proc sendRegMessage { channel flags types_list } {
global showAPI regtypes
@@ -2361,7 +2359,7 @@ proc sendConfRequestMessage { channel node model flags netid opaque } {
set msg4 [binary format c2sI {0x23 4} 0 0x$netid ]
}
- #catch {puts -nonewline $channel $msg1$model$model_pad$msg2$msg3$msg4$msg5}
+ #catch {puts -nonewline $channel $msg1$model$model_pad$msg2$msg3$msg4$msg5}
puts -nonewline $channel $msg1$msg1b$msg1c$model$model_pad$msg2$msg3$msg4
if { $opaque_len > 0 } { puts -nonewline $channel $msgop }
@@ -2436,7 +2434,7 @@ proc sendConfReplyMessage { channel node model types values opaque } {
# session number
set msg3 ""
if { $session != "" } {
- incr len [expr {2 + $session_len + $session_pad_len }]
+ incr len [expr {2 + $session_len + $session_pad_len }]
set msg3 [binary format cc 0x0A $session_len]
set msg3 $msg3$session$session_pad
}
@@ -2472,7 +2470,7 @@ proc sendEventMessage { channel type nodenum name data flags } {
set data_pad_len [pad_32bit $data_len]
if { $data_len > 0 } { incr len [expr {2 + $data_len + $data_pad_len}] }
- if { $prmsg == 1 } {
+ if { $prmsg == 1 } {
puts -nonewline ">EVENT(flags=$flags," }
set msg [binary format ccS 8 $flags $len ] ;# message header
@@ -2481,7 +2479,7 @@ proc sendEventMessage { channel type nodenum name data flags } {
if { $prmsg == 1 } { puts -nonewline "node=$nodenum," }
set msg2 [binary format c2sI {0x01 4} 0 $nodenum]
}
- if { $prmsg == 1} {
+ if { $prmsg == 1} {
set typestr ""
foreach t [array names eventtypes] {
if { $eventtypes($t) == $type } { set typestr "-$t"; break }
@@ -2513,7 +2511,7 @@ proc sendEventMessage { channel type nodenum name data flags } {
# deploy working configuration using CORE API
-# Deploys a current working configuration. It creates all the
+# Deploys a current working configuration. It creates all the
# nodes and link as defined in configuration file.
proc deployCfgAPI { sock } {
global eid
@@ -2546,13 +2544,13 @@ proc deployCfgAPI { sock } {
sendSessionProperties $sock
- # this tells the CORE services that we are starting to send
+ # this tells the CORE services that we are starting to send
# configuration data
# clear any existing config
sendEventMessage $sock $eventtypes(definition_state) -1 "" "" 0
# inform CORE services about emulation servers, hook scripts, canvas info,
# and services
- sendEventMessage $sock $eventtypes(configuration_state) -1 "" "" 0
+ sendEventMessage $sock $eventtypes(configuration_state) -1 "" "" 0
sendEmulationServerInfo $sock 0
sendSessionOptions $sock
sendHooks $sock
@@ -2567,7 +2565,7 @@ proc deployCfgAPI { sock } {
set type [nodeType $node]
set name [getNodeName $node]
if { $type == "pseudo" } { continue }
-
+
statgraph inc 1
statline "Creating node $name"
if { [[typemodel $node].layer] == "NETWORK" } {
@@ -2611,7 +2609,7 @@ proc deployCfgAPI { sock } {
# status bar graph
statgraph off 0
statline "Network topology instantiated in [expr [clock seconds] - $t_start] seconds ([llength $node_list] nodes and [llength $link_list] links)."
-
+
# TODO: turn on tcpdump if enabled; customPostConfigCommands;
# addons 4 deployCfgHook
@@ -2628,8 +2626,8 @@ proc deployCfgAPI { sock } {
sendTrafficScripts $sock
# tell the CORE services that we are ready to instantiate
- sendEventMessage $sock $eventtypes(instantiation_state) -1 "" "" 0
-
+ sendEventMessage $sock $eventtypes(instantiation_state) -1 "" "" 0
+
set deployCfgAPI_lock 0 ;# unlock
statline "Network topology instantiated in [expr [clock seconds] - $t_start] seconds ([llength $node_list] nodes and [llength $link_list] links)."
@@ -2651,7 +2649,7 @@ proc shutdownSession {} {
set plugin [lindex [getEmulPlugin "*"] 0]
set sock [pluginConnect $plugin connect true]
- sendEventMessage $sock $eventtypes(datacollect_state) -1 "" "" 0
+ sendEventMessage $sock $eventtypes(datacollect_state) -1 "" "" 0
# shut down all links
foreach link $link_list {
@@ -2712,7 +2710,7 @@ proc sendNodeTypeInfo { sock reset } {
sendConfRequestMessage $sock -1 "all" 0x3 -1 ""
return
}
- # build a list of node types in use
+ # build a list of node types in use
set typesinuse ""
foreach node $node_list {
set type [nodeType $node]
@@ -2974,7 +2972,7 @@ proc sendFileMessage { channel node type f sf data data_len } {
set prmsg $showAPI
set node_num [string range $node 1 end]
-
+
set f_len [string length $f]
set f_pad_len [pad_32bit $f_len]
set f_pad [binary format x$f_pad_len]
@@ -3013,7 +3011,7 @@ proc sendFileMessage { channel node type f sf data data_len } {
if { $prmsg == 1 } {
puts -nonewline ">FILE(flags=$flags,$node,f=$f,"
if { $type != "" } { puts -nonewline "type=$type," }
- if { $sf != "" } { puts "src=$sf)"
+ if { $sf != "" } { puts "src=$sf)"
} else { puts "data=($data_len))" }
}
@@ -3077,7 +3075,7 @@ proc sendSessionMessage { channel flags num name sfile nodecount tf user } {
set user_pad_len [pad_32bit $user_len]
if { $user_len > 0 } { incr len [expr { 2 + $user_len + $user_pad_len }] }
- if { $prmsg == 1 } {
+ if { $prmsg == 1 } {
puts -nonewline ">SESSION(flags=$flags" }
set msgh [binary format ccS 0x09 $flags $len ] ;# message header
@@ -3089,7 +3087,7 @@ proc sendSessionMessage { channel flags num name sfile nodecount tf user } {
set msg2 ""
if { $name_len > 0 } {
if { $prmsg == 1 } { puts -nonewline ",name=$name" }
- # TODO: name_len > 255
+ # TODO: name_len > 255
set name_hdr [binary format cc 0x02 $name_len]
set name_pad [binary format x$name_pad_len]
set msg2 "$name_hdr$name$name_pad"
@@ -3097,7 +3095,7 @@ proc sendSessionMessage { channel flags num name sfile nodecount tf user } {
set msg3 ""
if { $sfile_len > 0 } {
if { $prmsg == 1 } { puts -nonewline ",file=$sfile" }
- # TODO: sfile_len > 255
+ # TODO: sfile_len > 255
set sfile_hdr [binary format cc 0x03 $sfile_len]
set sfile_pad [binary format x$sfile_pad_len]
set msg3 "$sfile_hdr$sfile$sfile_pad"
@@ -3150,11 +3148,11 @@ proc xmlFileLoadSave { cmd name } {
# inform daemon about nodes and links when saving in edit mode
if { $cmd == "save" && $oper_mode != "exec" } {
sendSessionProperties $sock
- # this tells the CORE services that we are starting to send
+ # this tells the CORE services that we are starting to send
# configuration data
# clear any existing config
sendEventMessage $sock $eventtypes(definition_state) -1 "" "" 0
- sendEventMessage $sock $eventtypes(configuration_state) -1 "" "" 0
+ sendEventMessage $sock $eventtypes(configuration_state) -1 "" "" 0
sendEmulationServerInfo $sock 0
sendSessionOptions $sock
sendHooks $sock
@@ -3246,7 +3244,7 @@ proc buildStringTLV { type data len_ref } {
}
if { $data_len > 255 } {
- set hdr [binary format ccS $type 0 $data_len]
+ set hdr [binary format ccS $type 0 $data_len]
set hdr_len 4
} else {
set hdr [binary format cc $type $data_len]
@@ -3274,7 +3272,7 @@ proc pad_32bit { len } {
proc macToString { mac_num } {
set mac_bytes ""
- # convert 64-bit integer into 12-digit hex string
+ # convert 64-bit integer into 12-digit hex string
set mac_num 0x[format "%.12lx" $mac_num]
while { $mac_num > 0 } {
# append 8-bit hex number to list
@@ -3295,7 +3293,7 @@ proc macToString { mac_num } {
set r {}
set i [llength $mac_bytes]
while { $i > 0 } { lappend r [lindex $mac_bytes [incr i -1]] }
-
+
return [join $r :]
}
diff --git a/gui/cfgparse.tcl b/gui/cfgparse.tcl
index ce84e81e..6e730886 100644
--- a/gui/cfgparse.tcl
+++ b/gui/cfgparse.tcl
@@ -35,24 +35,24 @@
# NAME
# cfgparse.tcl -- file used for parsing the configuration
# FUNCTION
-# This module is used for parsing the configuration, i.e. reading the
-# configuration from a file or a string and writing the configuration
-# to a file or a string. This module also contains a function for returning
+# This module is used for parsing the configuration, i.e. reading the
+# configuration from a file or a string and writing the configuration
+# to a file or a string. This module also contains a function for returning
# a new ID for nodes, links and canvases.
#****
#****f* nodecfg.tcl/dumpputs
# NAME
-# dumpputs -- puts a string to a file or a string configuration
+# dumpputs -- puts a string to a file or a string configuration
# SYNOPSIS
# dumpputs $method $destination $string
# FUNCTION
-# Puts a sting to the file or appends the string configuration (used for
+# Puts a sting to the file or appends the string configuration (used for
# undo functions), the choice depends on the value of method parameter.
# INPUTS
-# * method -- method used. Possiable values are file (if saving the string
+# * method -- method used. Possiable values are file (if saving the string
# to the file) and string (if appending the string configuration)
-# * dest -- destination used. File_id for files, and string name for string
+# * dest -- destination used. File_id for files, and string name for string
# configuration
# * string -- the string that is inserted to a file or appended to the string
# configuartion
@@ -73,7 +73,7 @@ proc dumpputs {method dest string} {
#****f* nodecfg.tcl/dumpCfg
# NAME
-# dumpCfg -- puts the current configuraton to a file or a string
+# dumpCfg -- puts the current configuraton to a file or a string
# SYNOPSIS
# dumpCfg $method $destination
# FUNCTION
@@ -81,7 +81,7 @@ proc dumpputs {method dest string} {
# INPUTS
# * method -- used method. Possiable values are file (saving current congif
# to the file) and string (saving current config in a string)
-# * dest -- destination used. File_id for files, and string name for string
+# * dest -- destination used. File_id for files, and string name for string
# configurations
#****
@@ -95,7 +95,7 @@ proc dumpCfg {method dest} {
dumpputs $method $dest "\}"
dumpputs $method $dest ""
}
-
+
foreach node $node_list {
global $node
upvar 0 $node lnode
@@ -129,7 +129,7 @@ proc dumpCfg {method dest} {
}
}
dumpputs $method $dest " \}"
- } elseif { "[lindex $element 0]" == "ipsec-config" } {
+ } elseif { "[lindex $element 0]" == "ipsec-config" } {
dumpputs $method $dest " ipsec-config \{"
foreach line [lindex $element 1] {
if { $line != {} } {
@@ -228,24 +228,24 @@ proc dumpGlobalOptions { method dest } {
global mac_addr_start
dumpputs $method $dest "option global \{"
- if {$showIfNames == 0} {
- dumpputs $method $dest " interface_names no"
+ if {$showIfNames == 0} {
+ dumpputs $method $dest " interface_names no"
} else {
dumpputs $method $dest " interface_names yes" }
- if {$showIfIPaddrs == 0} {
- dumpputs $method $dest " ip_addresses no"
+ if {$showIfIPaddrs == 0} {
+ dumpputs $method $dest " ip_addresses no"
} else {
dumpputs $method $dest " ip_addresses yes" }
- if {$showIfIPv6addrs == 0} {
- dumpputs $method $dest " ipv6_addresses no"
+ if {$showIfIPv6addrs == 0} {
+ dumpputs $method $dest " ipv6_addresses no"
} else {
dumpputs $method $dest " ipv6_addresses yes" }
- if {$showNodeLabels == 0} {
- dumpputs $method $dest " node_labels no"
+ if {$showNodeLabels == 0} {
+ dumpputs $method $dest " node_labels no"
} else {
dumpputs $method $dest " node_labels yes" }
- if {$showLinkLabels == 0} {
- dumpputs $method $dest " link_labels no"
+ if {$showLinkLabels == 0} {
+ dumpputs $method $dest " link_labels no"
} else {
dumpputs $method $dest " link_labels yes" }
if {$showAPI == 0} {
@@ -290,7 +290,7 @@ proc setGlobalOption { field value } {
global showIfIPaddrs showIfIPv6addrs
global showBkgImage showGrid showAnnotations
global showAPI
- global mac_addr_start
+ global mac_addr_start
global g_traffic_start_opt
global g_view_locked
@@ -400,8 +400,8 @@ proc cleanupGUIState {} {
# SYNOPSIS
# loadCfg $cfg
# FUNCTION
-# Loads the configuration written in the cfg string to a current
-# configuration.
+# Loads the configuration written in the cfg string to a current
+# configuration.
# INPUTS
# * cfg -- string containing the new working configuration.
#****
@@ -489,7 +489,7 @@ proc loadCfg { cfg } {
# consume first two list elements from line
set value [lindex $line 1]
set line [lreplace $line 0 1]
-
+
if {"$class" == "node"} {
switch -exact -- $field {
type {
@@ -561,7 +561,7 @@ proc loadCfg { cfg } {
}
ipsec-config {
set cfg ""
-
+
foreach zline [split $value {
}] {
if { [string index "$zline" 0] == " " } {
@@ -600,7 +600,8 @@ proc loadCfg { cfg } {
custom-pre-config-commands {
# Boeing - custom pre config commands
set cfg ""
- foreach zline [split $value {
}] {
+ foreach zline [split $value {
+}] {
if { [string index "$zline" 0] == " " } {
set zline [string replace "$zline" 0 0]
}
@@ -612,7 +613,8 @@ proc loadCfg { cfg } {
custom-post-config-commands {
# Boeing - custom post config commands
set cfg ""
- foreach zline [split $value {
}] {
+ foreach zline [split $value {
+}] {
if { [string index "$zline" 0] == " " } {
set zline [string replace "$zline" 0 0]
}
@@ -628,7 +630,8 @@ proc loadCfg { cfg } {
ine-config {
# Boeing - INE
set cfg ""
- foreach zline [split $value {
}] {
+ foreach zline [split $value {
+}] {
if { [string index "$zline" 0] == " " } {
set zline [string replace "$zline" 0 0]
}
@@ -682,7 +685,7 @@ proc loadCfg { cfg } {
switch -exact -- $field {
name {
lappend $object "name $value"
- }
+ }
height {
lappend $object "height $value"
}
@@ -695,10 +698,10 @@ proc loadCfg { cfg } {
y {
lappend $object "y $value"
}
- color {
+ color {
lappend $object "color $value"
- }
- }
+ }
+ }
} elseif {"$class" == "link"} {
switch -exact -- $field {
nodes {
@@ -863,20 +866,20 @@ proc loadCfg { cfg } {
#****f* nodecfg.tcl/newObjectId
# NAME
-# newObjectId -- new object Id
+# newObjectId -- new object Id
# SYNOPSIS
# set obj_id [newObjectId $type]
# FUNCTION
# Returns the Id for a new object of the defined type. Supported types
-# are node, link and canvas. The Id is in the form $mark$number. $mark is the
+# are node, link and canvas. The Id is in the form $mark$number. $mark is the
# first letter of the given type and $number is the first available number to
-# that can be used for id.
+# that can be used for id.
# INPUTS
# * type -- the type of the new object. Can be node, link or canvas.
# RESULT
-# * obj_id -- object Id in the form $mark$number. $mark is the
+# * obj_id -- object Id in the form $mark$number. $mark is the
# first letter of the given type and $number is the first available number to
-# that can be used for id.
+# that can be used for id.
#****
proc newObjectId { type } {
@@ -950,7 +953,7 @@ proc loadServersConf { } {
global CONFDIR exec_servers DEFAULT_API_PORT
set confname "$CONFDIR/servers.conf"
if { [catch { set f [open "$confname" r] } ] } {
- puts "Creating a default $confname"
+ puts "Creating a default $confname"
if { [catch { set f [open "$confname" w+] } ] } {
puts "***Warning: could not create a default $confname file."
return
@@ -1035,7 +1038,7 @@ proc popupPrefs {} {
-command "addFileToMrulist \"\""
pack $wi.dirs.mru.label $wi.dirs.mru.num $wi.dirs.mru.clear -side left
pack $wi.dirs.mru -side top -anchor w -padx 4 -pady 4
-
+
pack $wi.dirs -side top -fill x
#
@@ -1049,7 +1052,7 @@ proc popupPrefs {} {
-variable g_prefs(gui_save_size)
pack $wi.win.win.savepos $wi.win.win.savesiz -side left -anchor w -padx 4
pack $wi.win.win -side top -anchor w -padx 4 -pady 4
-
+
frame $wi.win.a
checkbutton $wi.win.a.snaptogrid -text "snap to grid" \
-variable g_prefs(gui_snap_grid)
@@ -1123,9 +1126,8 @@ proc initDefaultPrefs {} {
# variable expansions must be done here
array set g_prefs [list default_conf_path "$CONFDIR/configs"]
array set g_prefs [list gui_canvas_refpt "$DEFAULT_REFPT"]
- if { $tcl_platform(os) == "FreeBSD" } { set shell "/usr/local/bin/bash"
- } else { set shell "bash" }
- array set g_prefs [list shell $shell]
+ set shell "bash"
+ array set g_prefs [list shell $shell]
array set g_prefs [list gui_text_editor [get_text_editor true]]
array set g_prefs [list gui_term_prog [get_term_prog true]]
setDefaultAddrs ipv4
diff --git a/gui/configs/sample5-mgen.imn b/gui/configs/sample5-mgen.imn
index e27b55a7..d80a58a6 100644
--- a/gui/configs/sample5-mgen.imn
+++ b/gui/configs/sample5-mgen.imn
@@ -86,11 +86,7 @@ node n2 {
HN=`hostname`
SCRIPTDIR=$SESSION_DIR
LOGDIR=/var/log
-
- if [ `uname` = "FreeBSD" ]; then
- SCRIPTDIR=/tmp/e0_$HN
- LOGDIR=$SCRIPTDIR
- fi
+
cd $SCRIPTDIR
(
cat << 'EOF'
diff --git a/gui/editor.tcl b/gui/editor.tcl
index e558cda5..1195ee18 100644
--- a/gui/editor.tcl
+++ b/gui/editor.tcl
@@ -34,7 +34,7 @@
#****h* imunes/editor.tcl
# NAME
# editor.tcl -- file used for defining functions that can be used in
-# edit mode as well as all the functions which change the appearance
+# edit mode as well as all the functions which change the appearance
# of the imunes GUI.
# FUNCTION
# This module is used for defining all possible actions in imunes
@@ -71,8 +71,8 @@ proc animateCursor {} {
# split links and links connecting nodes on different canvases.
# INPUTS
# * link_id -- the link id
-# * atomic -- defines if the remove was atomic action or a part
-# of a composed, non-atomic action (relevant for updating log
+# * atomic -- defines if the remove was atomic action or a part
+# of a composed, non-atomic action (relevant for updating log
# for undo).
#****
@@ -137,7 +137,7 @@ proc removeGUINode { node } {
# SYNOPSIS
# updateUndoLog
# FUNCTION
-# Updates the undo log. Writes the current configuration to the
+# Updates the undo log. Writes the current configuration to the
# undolog array and updates the undolevel variable.
#****
@@ -161,7 +161,7 @@ proc updateUndoLog {} {
# NAME
# undo -- undo function
# SYNOPSIS
-# undo
+# undo
# FUNCTION
# Undo the change. Reads the undolog and updates the current
# configuration. Reduces the value of undolevel.
@@ -185,10 +185,10 @@ proc undo {} {
# SYNOPSIS
# redo
# FUNCTION
-# Redo the change if possible (redolevel is greater than
+# Redo the change if possible (redolevel is greater than
# undolevel). Reads the configuration from undolog and
-# updates the current configuration. Increases the value
-# of undolevel.
+# updates the current configuration. Increases the value
+# of undolevel.
#****
proc redo {} {
@@ -244,7 +244,7 @@ proc redrawAll {} {
"-$border -$border [expr {$e_sizex + $border}] \
[expr {$e_sizey + $border}]"
-
+
saveRestoreWlanLinks .c save
.c delete all
set background [.c create rectangle 0 0 $e_sizex $e_sizey \
@@ -264,7 +264,7 @@ proc redrawAll {} {
if { [getNodeCanvas $obj] == $curcanvas } {
drawAnnotation $obj
}
- }
+ }
}
# Grid
@@ -303,7 +303,7 @@ proc redrawAll {} {
}
}
- redrawAllThruplots
+ redrawAllThruplots
foreach link $link_list {
set nodes [linkPeers $link]
if { [getNodeCanvas [lindex $nodes 0]] != $curcanvas ||
@@ -330,7 +330,7 @@ proc redrawAll {} {
# Draws the specified node. Draws node's image (router pc
# host lanswitch rj45 hub pseudo) and label.
# The visibility of the label depends on the showNodeLabels
-# variable for all types of nodes and on invisible variable
+# variable for all types of nodes and on invisible variable
# for pseudo nodes.
# INPUTS
# * node_id -- node id
@@ -342,7 +342,7 @@ proc drawNode { c node } {
global curcanvas zoom
global wlan
if { $c == "" } { set c .c } ;# default canvas
-
+
set type [nodeType $node]
set coords [getNodeCoords $node]
set x [expr {[lindex $coords 0] * $zoom}]
@@ -361,7 +361,7 @@ proc drawNode { c node } {
if { $tmp != "" } { set cimg $tmp }
if { $cimg != "" } {
# name of global variable storing the image is the filename without path
- set img [file tail $cimg]
+ set img [file tail $cimg]
# create the variable if the image hasn't been loaded before
global [set img]
if { ![info exists $img] } {
@@ -433,9 +433,9 @@ proc drawNode { c node } {
# SYNOPSIS
# drawLink link_id
# FUNCTION
-# Draws the specified link. An arrow is displayed for links
+# Draws the specified link. An arrow is displayed for links
# connected to pseudo nodes. If the variable invisible
-# is specified link connecting a pseudo node stays hidden.
+# is specified link connecting a pseudo node stays hidden.
# INPUTS
# * link_id -- link id
#****
@@ -486,7 +486,7 @@ proc drawLink { link } {
}
foreach n [list $lnode1 $lnode2] {
if { [getNodeHidden $n] } {
- hideNode $n
+ hideNode $n
statline "Hidden node(s) exist."
}
}
@@ -535,7 +535,7 @@ proc drawWlanLink { node1 node2 wlan } {
# set ifcName [chooseIfName $lnode1 $lnode2]
# FUNCTION
# Choose intreface name. The name can be:
-# * eth -- for interface connecting pc, host and router
+# * eth -- for interface connecting pc, host and router
# * e -- for interface connecting hub and lanswitch
# INPUTS
# * link_id -- link id
@@ -564,7 +564,7 @@ proc chooseIfName { lnode1 lnode2 } {
return eth
}
rj45 {
- return
+ return
}
tunnel {
return e
@@ -589,8 +589,8 @@ proc chooseIfName { lnode1 lnode2 } {
# SYNOPSIS
# set l2peers [listLANNodes $l2node $l2peers]
# FUNCTION
-# Recursive function for finding all link layer nodes that are
-# connected to node l2node. Returns the list of all link layer
+# Recursive function for finding all link layer nodes that are
+# connected to node l2node. Returns the list of all link layer
# nodes that are on the same LAN as l2node.
# INPUTS
# * l2node -- node id of a link layer node
@@ -622,7 +622,7 @@ proc listLANnodes { l2node l2peers } {
# FUNCTION
# Calculates dx and dy variables of the calling function.
# INPUTS
-# * lnode -- node id of a node whose dx and dy coordinates are
+# * lnode -- node id of a node whose dx and dy coordinates are
# calculated
#****
@@ -680,8 +680,8 @@ proc calcDxDy { lnode } {
# address and IPv6 address.
# INPUTS
# * lnode1 -- node id of a node where the interface resides
-# * lnode2 -- node id of the node that is connected by this
-# interface.
+# * lnode2 -- node id of the node that is connected by this
+# interface.
#****
proc updateIfcLabel { lnode1 lnode2 } {
global showIfNames showIfIPaddrs showIfIPv6addrs
@@ -715,7 +715,7 @@ proc updateIfcLabel { lnode1 lnode2 } {
.c itemconfigure "interface && $lnode1 && $link" \
-text "$labelstr"
# Boeing: hide ifc label on wlans
- if { [nodeType $lnode1] == "wlan" } {
+ if { [nodeType $lnode1] == "wlan" } {
.c itemconfigure "interface && $lnode1 && $link" -state hidden
}
}
@@ -876,11 +876,11 @@ proc redrawWlanLink { link } {
#****f* editor.tcl/splitGUILink
# NAME
-# splitGUILink -- splits a links
+# splitGUILink -- splits a links
# SYNOPSIS
# splitGUILink $link
# FUNCTION
-# Splits the link and draws new links and new pseudo nodes
+# Splits the link and draws new links and new pseudo nodes
# on the canvas.
# INPUTS
# * link -- link id
@@ -925,7 +925,7 @@ proc splitGUILink { link } {
#****f* editor.tcl/selectNode
# NAME
-# selectNode -- select node
+# selectNode -- select node
# SYNOPSIS
# selectNode $c $obj
# FUNCTION
@@ -1019,11 +1019,11 @@ proc selectAdjacent {} {
#****f* editor.tcl/button3link
# NAME
-# button3link
+# button3link
# SYNOPSIS
# button3link $c $x $y
# FUNCTION
-# This procedure is called when a right mouse button is
+# This procedure is called when a right mouse button is
# clicked on the canvas. If there is a link on the place of
# mouse click this procedure creates and configures a popup
# menu. The options in the menu are:
@@ -1099,7 +1099,7 @@ proc button3link { c x y } {
#****f* editor.tcl/movetoCanvas
# NAME
-# movetoCanvas -- move to canvas
+# movetoCanvas -- move to canvas
# SYNOPSIS
# movetoCanvas $canvas
# FUNCTION
@@ -1176,7 +1176,7 @@ proc mergeGUINode { node } {
# SYNOPSIS
# button3node $c $x $y
# FUNCTION
-# This procedure is called when a right mouse button is
+# This procedure is called when a right mouse button is
# clicked on the canvas. Also called when double-clicking
# on a node during runtime.
# If there is a node on the place of
@@ -1190,18 +1190,18 @@ proc mergeGUINode { node } {
# that have mirror nodes on the same canvas (Pseudo nodes
# created by splitting a link).
# * Delete -- delete the node
-# * Shell window -- specifies the shell window to open in
-# exec mode. This option is available only to nodes on a
+# * Shell window -- specifies the shell window to open in
+# exec mode. This option is available only to nodes on a
# network layer
-# * Ethereal -- opens a Ethereal program for the specified
-# node and the specified interface. This option is available
+# * Ethereal -- opens a Ethereal program for the specified
+# node and the specified interface. This option is available
# only for network layer nodes in exec mode.
# INPUTS
# * c -- tk canvas
# * x -- x coordinate for popup menu
# * y -- y coordinate for popup menu
#****
-#old proc button3node { c x y }
+#old proc button3node { c x y }
#Boeing
proc button3node { c x y button } {
global oper_mode env eid canvas_list node_list curcanvas systype g_prefs
@@ -1242,7 +1242,7 @@ proc button3node { c x y button } {
if { $button == "shift" } { ;# normal bash shell
spawnShell $node $shell
} else { ;# right-click vtysh shell
- set cmd [[typemodel $node].shellcmd $node]
+ set cmd [[typemodel $node].shellcmd $node]
if { $cmd != "/bin/sh" && $cmd != "" } { spawnShell $node $cmd }
}
return ;# open shell, don't post a menu
@@ -1437,7 +1437,7 @@ proc button3node { c x y button } {
addInterfaceCommand $node .button3menu "Wireshark" "wireshark -k -i" \
$execstate 0
# wireshark on host veth pair -- need veth pair name
- #wireshark -k -i
+ #wireshark -k -i
if { [lindex $systype 0] == "Linux" } {
set name [getNodeName $node]
.button3menu add command -label "View log..." -state $execstate \
@@ -1464,7 +1464,7 @@ proc button3node { c x y button } {
# This procedure spawns a new shell for a specified node.
# The shell is specified in cmd parameter.
# INPUTS
-# * node -- node id of the node for which the shell
+# * node -- node id of the node for which the shell
# is spawned.
# * cmd -- the path to the shell.
#****
@@ -1527,9 +1527,9 @@ proc raiseAll {c} {
# SYNOPSIS
# button1 $c $x $y $button
# FUNCTION
-# This procedure is called when a left mouse button is
+# This procedure is called when a left mouse button is
# clicked on the canvas. This procedure selects a new
-# node or creates a new node, depending on the selected
+# node or creates a new node, depending on the selected
# tool.
# INPUTS
# * c -- tk canvas
@@ -1563,7 +1563,7 @@ proc button1 { c x y button } {
set curobj [$c find withtag current]
set curtype [lindex [$c gettags current] 0]
-
+
if { $curtype == "node" || \
$curtype == "oval" || $curtype == "rectangle" || $curtype == "text" \
|| ( $curtype == "nodelabel" && \
@@ -1613,7 +1613,7 @@ proc button1 { c x y button } {
if { $g_view_locked == 1 } { return }
if { $activetoolp == "routers" } {
if {$activetool != "OVS"} {
- set node [newNode router]
+ set node [newNode router]
} else {
set node [newNode OVS]}
setNodeModel $node $activetool
@@ -1666,7 +1666,7 @@ proc button1 { c x y button } {
set newlink [$c create line $lastX $lastY $x $y \
-fill $defLinkColor -width $defLinkWidth \
-tags "link"]
- # twonode tool support
+ # twonode tool support
} elseif {$g_twoNodeSelect != "" && $curtype == "node"} {
set curnode [lindex [$c gettags $curobj] 1]
selectTwoNode $curnode
@@ -1683,14 +1683,14 @@ proc setResizeMode { c x y } {
set isThruplot false
set type1 notset
- if {$c == ".c"} {
+ if {$c == ".c"} {
set t1 [$c gettags current]
set o1 [lindex $t1 1]
set type1 [nodeType $o1]
} else {
set o1 $c
set c .c
- set isThruplot true
+ set isThruplot true
}
#DYL
#puts "RESIZE NODETYPE = $type1"
@@ -1743,11 +1743,11 @@ proc setResizeMode { c x y } {
# NAME
# button1-motion
# SYNOPSIS
-# button1-motion $c $x $y
+# button1-motion $c $x $y
# FUNCTION
-# This procedure is called when a left mouse button is
-# pressed and the mouse is moved around the canvas.
-# This procedure creates new select box, moves the
+# This procedure is called when a left mouse button is
+# pressed and the mouse is moved around the canvas.
+# This procedure creates new select box, moves the
# selected nodes or draws a new link.
# INPUTS
# * c -- tk canvas
@@ -1767,8 +1767,8 @@ proc button1-motion { c x y } {
if {$thruPlotDragStart == "dragging"} {
#puts "active tool is $activetool"
- thruPlotDrag $c $thruPlotCur $x $y null true
- return
+ thruPlotDrag $c $thruPlotCur $x $y null true
+ return
}
# fix occasional error
@@ -1800,7 +1800,7 @@ proc button1-motion { c x y } {
set dx [expr {$x-$lastX} ]
set dy [expr {$y-$lastY} ]
# this provides smoother drawing
- if { $dx > $markersize || $dy > $markersize } {
+ if { $dx > $markersize || $dy > $markersize } {
set mark [$c create line $lastX $lastY $x $y \
-width $markersize -fill $markercolor -tags "marker"]
$c raise $mark \
@@ -1886,7 +1886,7 @@ proc button1-motion { c x y } {
}
# resizing an annotation
} elseif { $curtype == "selectmark" } {
- foreach o [$c find withtag "selected"] {
+ foreach o [$c find withtag "selected"] {
set node [lindex [$c gettags $o] 1]
set tagovi [$c gettags $o]
set koord [getNodeCoords $node]
@@ -1992,12 +1992,12 @@ proc button1-motion { c x y } {
#****f* editor.tcl/pseudo.layer
# NAME
-# pseudo.layer
+# pseudo.layer
# SYNOPSIS
# set layer [pseudo.layer]
# FUNCTION
# Returns the layer on which the pseudo node operates
-# i.e. returns no layer.
+# i.e. returns no layer.
# RESULT
# * layer -- returns an empty string
#****
@@ -2011,8 +2011,8 @@ proc pseudo.layer {} {
# SYNOPSIS
# newGUILink $lnode1 $lnode2
# FUNCTION
-# This procedure is called to create a new link between
-# nodes lnode1 and lnode2. Nodes can be on the same canvas
+# This procedure is called to create a new link between
+# nodes lnode1 and lnode2. Nodes can be on the same canvas
# or on different canvases. The result of this function
# is directly visible in GUI.
# INPUTS
@@ -2052,10 +2052,10 @@ proc newGUILink { lnode1 lnode2 } {
# NAME
# button1-release
# SYNOPSIS
-# button1-release $c $x $y
+# button1-release $c $x $y
# FUNCTION
-# This procedure is called when a left mouse button is
-# released.
+# This procedure is called when a left mouse button is
+# released.
# The result of this function depends on the actions
# during the button1-motion procedure.
# INPUTS
@@ -2202,7 +2202,7 @@ proc button1-release { c x y } {
nodeEnter $c
# $changed!=1
- } elseif {$activetool == "select" } {
+ } elseif {$activetool == "select" } {
if {$selectbox == ""} {
set x1 $x
set y1 $y
@@ -2243,10 +2243,10 @@ proc button1-release { c x y } {
} else {
# select tool resizing an object by dragging its handles
# DYL bugfix. if x,y does not change, do not resize!
- # fixes a bug where the object dissappears
- if { $x != $x1 || $y != $y1 } {
+ # fixes a bug where the object dissappears
+ if { $x != $x1 || $y != $y1 } {
setNodeCoords $resizeobj "$x $y $x1 $y1"
- }
+ }
set redrawNeeded 1
set resizemode false
}
@@ -2269,11 +2269,11 @@ proc button1-release { c x y } {
# SYNOPSIS
# nodeEnter $c
# FUNCTION
-# This procedure prints the node id, node name and
+# This procedure prints the node id, node name and
# node model (if exists), as well as all the interfaces
-# of the node in the status line.
+# of the node in the status line.
# Information is presented for the node above which is
-# the mouse pointer.
+# the mouse pointer.
# INPUTS
# * c -- tk canvas
#****
@@ -2314,7 +2314,7 @@ proc nodeEnter { c } {
# This procedure prints the link id, link bandwidth
# and link delay in the status line.
# Information is presented for the link above which is
-# the mouse pointer.
+# the mouse pointer.
# INPUTS
# * c -- tk canvas
#****
@@ -2351,13 +2351,13 @@ proc anyLeave {c} {
}
-#****f* editor.tcl/checkIntRange
+#****f* editor.tcl/checkIntRange
# NAME
# checkIntRange -- check integer range
# SYNOPSIS
# set check [checkIntRange $str $low $high]
# FUNCTION
-# This procedure checks the input string to see if it is
+# This procedure checks the input string to see if it is
# an integer between the low and high value.
# INPUTS
# str -- string to check
@@ -2407,14 +2407,14 @@ proc checkHostname { str } {
}
-#****f* editor.tcl/focusAndFlash
+#****f* editor.tcl/focusAndFlash
# NAME
# focusAndFlash -- focus and flash
# SYNOPSIS
# focusAndFlash $W $count
# FUNCTION
# This procedure sets the focus on the bad entry field
-# and on this filed it provides an effect of flashing
+# and on this filed it provides an effect of flashing
# for approximately 1 second.
# INPUTS
# * W -- textbox field that caused the bed entry
@@ -2454,7 +2454,7 @@ proc focusAndFlash {W {count 9}} {
# SYNOPSIS
# popupConfigDialog $c
# FUNCTION
-# Dynamically creates a popup dialog box for configuring
+# Dynamically creates a popup dialog box for configuring
# links or nodes in IMUNES.
# INPUTS
# * c -- canvas id
@@ -2540,10 +2540,10 @@ proc popupConfigDialog { c } {
$wi.ftop.name insert 0 [getNodeName $target]
set img [getNodeImage $target]
ttk::button $wi.ftop.img -image $img -command "popupCustomImage $target"
-
+
if { $type == "rj45" } {
rj45ifclist $wi $target 0
- }
+ }
# execution server
global exec_servers node_location
set node_location [getNodeLocation $target]
@@ -2556,7 +2556,7 @@ proc popupConfigDialog { c } {
# end Boeing
pack $wi.ftop -side top
if { $type == "router" || $type == "OVS"} {
-
+
ttk::frame $wi.model -borderwidth 4
ttk::label $wi.model.label -text "Type:"
set runstate "disabled"
@@ -2618,7 +2618,7 @@ proc popupConfigDialog { c } {
global conntype
set conntype [netconfFetchSection $target "tunnel-type"]
if { $conntype == "" } { set conntype "UDP" }
-
+
# TODO: clean this up
ttk::frame $wi.linfo
@@ -2804,7 +2804,7 @@ proc popupConfigDialog { c } {
ttk::frame $wi.unilabel -borderwidth 4
ttk::label $wi.unilabel.updown -text "Symmetric link effects:"
pack $wi.unilabel.updown -side left -anchor w
- pack $wi.unilabel -side top -anchor w
+ pack $wi.unilabel -side top -anchor w
ttk::frame $wi.bandwidth -borderwidth 4
ttk::label $wi.bandwidth.label -anchor e -text "Bandwidth (bps):"
@@ -2932,11 +2932,11 @@ proc popupConfigDialog { c } {
"popupConfigApply $wi $object_type $target 0"
focus $wi.butt.apply
# Boeing: remove range circles upon cancel
- if {$type == "wlan"} {
+ if {$type == "wlan"} {
set cancelcmd "set badentry -1 ; destroy $wi;"
- set cancelcmd "$cancelcmd updateRangeCircles $target 0"
+ set cancelcmd "$cancelcmd updateRangeCircles $target 0"
} else {
- set cancelcmd "set badentry -1 ; destroy $wi"
+ set cancelcmd "set badentry -1 ; destroy $wi"
}
ttk::button $wi.butt.cancel -text "Cancel" -command $cancelcmd
#end Boeing
@@ -3072,18 +3072,18 @@ proc macEntryHelper { wi ifc } {
# SYNOPSIS
# popupConfigApply $w $object_type $target $phase
# FUNCTION
-# This procedure is called when the button apply is pressed in
+# This procedure is called when the button apply is pressed in
# popup configuration dialog box. It reads different
# configuration parameters depending on the object_type.
# INPUTS
# * w -- widget
-# * object_type -- describes the object type that is currently
+# * object_type -- describes the object type that is currently
# configured. It can be either link or node.
# * target -- node id of the configured node or link id of the
# configured link
-# * phase -- This procedure is invoked in two diffenet phases
-# to enable validation of the entry that was the last made.
-# When calling this function always use the phase parameter
+# * phase -- This procedure is invoked in two diffenet phases
+# to enable validation of the entry that was the last made.
+# When calling this function always use the phase parameter
# set to 0.
#****
proc popupConfigApply { wi object_type target phase } {
@@ -3131,12 +3131,12 @@ proc popupConfigApply { wi object_type target phase } {
# Boeing - added wlan, remote, tunnel, ktunnel items
if { $type == "wlan" } {
- wlanConfigDialogHelper $wi $target 1
+ wlanConfigDialogHelper $wi $target 1
} elseif { $type == "tunnel" } {
#
# apply tunnel items
#
- set ipaddr "$name/24" ;# tunnel name == IP address of peer
+ set ipaddr "$name/24" ;# tunnel name == IP address of peer
set oldipaddr [getIfcIPv4addr $target e0]
if { $ipaddr != $oldipaddr } {
setIfcIPv4addr $target e0 $ipaddr
@@ -3176,7 +3176,7 @@ proc popupConfigApply { wi object_type target phase } {
if { $oldlocal != $local } {
netconfInsertSection $target [list "local-hook" $local]
}
-# Boeing changing to interface name for RJ45
+# Boeing changing to interface name for RJ45
# } elseif { $type == "rj45" } {
# #
# # apply rj45 items
@@ -3240,7 +3240,7 @@ proc popupConfigApply { wi object_type target phase } {
link {
global g_link_config_uni_state
set mirror [getLinkMirror $target]
-
+
if { [setIfChanged $target $mirror $wi "bandwidth" "LinkBandwidth"] } {
set changed 1
}
@@ -3314,7 +3314,7 @@ proc setIfChanged { target mirror wi ctl procname } {
# printCanvas $w
# FUNCTION
# This procedure is called when the print button in
-# print dialog box is pressed.
+# print dialog box is pressed.
# INPUTS
# * w -- print dialog widget
#****
@@ -3335,12 +3335,12 @@ proc printCanvas { w } {
# SYNOPSIS
# deleteSelection
# FUNCTION
-# By calling this procedure all the selected nodes in imunes will
+# By calling this procedure all the selected nodes in imunes will
# be deleted.
#****
proc deleteSelection { } {
global changed
- global background
+ global background
global viewid
catch {unset viewid}
.c config -cursor watch; update
@@ -3412,7 +3412,7 @@ proc align2grid {} {
# FUNCTION
# This procedure rearranges the position of nodes in imunes.
# It can be used to rearrange all the nodes or only the selected
-# nodes.
+# nodes.
# INPUTS
# * mode -- when set to "selected" only the selected nodes will be
# rearranged.
@@ -3594,16 +3594,16 @@ proc rearrange_off { } {
}
-#****f* editor.tcl/switchCanvas
+#****f* editor.tcl/switchCanvas
# NAME
# switchCanvas -- switch canvas
# SYNOPSIS
# switchCanvas $direction
# FUNCTION
-# This procedure switches the canvas in one of the defined
+# This procedure switches the canvas in one of the defined
# directions (previous, next, first and last).
# INPUTS
-# * direction -- the direction of switching canvas. Can be: prev --
+# * direction -- the direction of switching canvas. Can be: prev --
# previus, next -- next, first -- first, last -- last.
#****
proc switchCanvas { direction } {
@@ -3706,7 +3706,7 @@ proc resizeCanvasPopup {} {
labelframe $w.size -text "Size"
frame $w.size.pixels
- pack $w.size $w.size.pixels -side top -padx 4 -pady 4 -fill x
+ pack $w.size $w.size.pixels -side top -padx 4 -pady 4 -fill x
spinbox $w.size.pixels.x -bg white -width 5
$w.size.pixels.x insert 0 $x
$w.size.pixels.x configure -from 300 -to 5000 -increment 2
@@ -3717,10 +3717,10 @@ proc resizeCanvasPopup {} {
label $w.size.pixels.label2 -text "H pixels"
pack $w.size.pixels.x $w.size.pixels.label $w.size.pixels.y \
$w.size.pixels.label2 -side left -pady 2 -padx 2 -fill x
-
+
frame $w.size.meters
- pack $w.size.meters -side top -padx 4 -pady 4 -fill x
- spinbox $w.size.meters.x -bg white -width 7
+ pack $w.size.meters -side top -padx 4 -pady 4 -fill x
+ spinbox $w.size.meters.x -bg white -width 7
$w.size.meters.x configure -from 300 -to 10000 -increment 100
label $w.size.meters.label -text "x"
spinbox $w.size.meters.y -bg white -width 7
@@ -3789,7 +3789,7 @@ proc resizeCanvasPopup {} {
checkbutton $w.default.save -text "Save as default" \
-variable resize_canvas_save_default
pack $w.default.save -side left -pady 2 -padx 2 -fill x
- pack $w.default -side bottom -fill x
+ pack $w.default -side bottom -fill x
# update the size in meters based on pixels
syncSizeScale $w xp
@@ -3884,7 +3884,7 @@ proc resizeCanvasApply { w } {
# SYNOPSIS
# animate
# FUNCTION
-# This function animates the selectbox. The animation looks
+# This function animates the selectbox. The animation looks
# different for edit and exec mode.
#****
proc animate {} {
@@ -3929,7 +3929,7 @@ proc zoom { dir } {
set newzoom $z
}
}
- set zoom $newzoom
+ set zoom $newzoom
}
redrawAll
}
@@ -3945,7 +3945,7 @@ proc zoom { dir } {
break
}
}
- set zoom $newzoom
+ set zoom $newzoom
}
redrawAll
}
@@ -3965,7 +3965,7 @@ proc zoom { dir } {
# SYNOPSIS
# double1onGrid $c %x %y
# FUNCTION
-# As grid is layered above annotations this procedure is used to find
+# As grid is layered above annotations this procedure is used to find
# annotation object closest to cursor
#****
@@ -3977,7 +3977,7 @@ proc double1onGrid { c x y } {
return
}
# Is this really necessary?
- set coords [getNodeCoords $node]
+ set coords [getNodeCoords $node]
set x1 [lindex $coords 0]
set y1 [lindex $coords 1]
set x2 [lindex $coords 2]
@@ -4065,7 +4065,7 @@ proc configRemoteServers {} {
frame $wi.s -borderwidth 4
listbox $wi.s.servers -selectmode single -width 60 \
-yscrollcommand "$wi.s.servers_scroll set" -exportselection 0
- scrollbar $wi.s.servers_scroll -command "$wi.s.servers yview"
+ scrollbar $wi.s.servers_scroll -command "$wi.s.servers yview"
pack $wi.s.servers $wi.s.servers_scroll -fill both -side left
pack $wi.s -fill both -side top
# add scrollbar
@@ -4095,9 +4095,9 @@ proc configRemoteServers {} {
button $wi.c.c.add -image $plugin_img_add \
-command "configRemoteServersHelper $wi 1"
button $wi.c.c.mod -image $plugin_img_save \
- -command "configRemoteServersHelper $wi 2"
+ -command "configRemoteServersHelper $wi 2"
button $wi.c.c.del -image $plugin_img_del \
- -command "configRemoteServersHelper $wi 3"
+ -command "configRemoteServersHelper $wi 3"
pack $wi.c.c.add $wi.c.c.mod $wi.c.c.del -side left
pack $wi.c -fill x -side top
# assignment buttons
@@ -4134,7 +4134,7 @@ proc configRemoteServers {} {
# apply/cancel buttons
frame $wi.b -borderwidth 4
button $wi.b.apply -text "Apply" -command \
- "writeServersConf; redrawAll; destroy $wi"
+ "writeServersConf; redrawAll; destroy $wi"
button $wi.b.cancel -text "Cancel" -command "loadServersConf; destroy $wi"
pack $wi.b.cancel $wi.b.apply -side right
pack $wi.b -side bottom
@@ -4169,7 +4169,7 @@ proc configRemoteServersHelper { wi action } {
set newserver [$wi.c.c.name get]
$wi.s.servers insert $index $newserver
# update the array
- set conf [list [$wi.c.c.ip get] [$wi.c.c.port get]]
+ set conf [list [$wi.c.c.ip get] [$wi.c.c.port get]]
array set exec_servers [list $newserver $conf]
$wi.s.servers selection set $index
set last_server_selected $index
@@ -4183,7 +4183,7 @@ proc selectRemoteServer { wi } {
# clear entries
$wi.c.c.name delete 0 end; $wi.c.c.ip delete 0 end;
- $wi.c.c.port delete 0 end
+ $wi.c.c.port delete 0 end
set server [$wi.s.servers get $selected]
if { ![info exists exec_servers($server)] } { return }
@@ -4215,7 +4215,7 @@ proc popupCustomImage { node } {
set wi .customimagedialog
catch {destroy $wi}
toplevel $wi -takefocus 1
- wm transient $wi .popup
+ wm transient $wi .popup
wm resizable $wi 0 0
wm title $wi "[getNodeName $node] ($node) image"
grab $wi
@@ -4228,11 +4228,11 @@ proc popupCustomImage { node } {
global configwin
set configwin $wi
- button $wi.ftop.filebtn -text "..." -command {
+ button $wi.ftop.filebtn -text "..." -command {
global configwin g_imageFileTypes
set f [tk_getOpenFile -filetypes $g_imageFileTypes \
-initialdir "$CORE_DATA_DIR/icons/normal"]
- if { $f != "" } {
+ if { $f != "" } {
set node [string trim [lindex [wm title $configwin] 1] "()"]
$configwin.ftop.filename delete 0 end
$configwin.ftop.filename insert 0 $f
@@ -4271,7 +4271,7 @@ proc popupCustomImagePreview { wi node } {
setNodeCoords $node "150 50"
setNodeLabelCoords $node "150 78"
- if { $img_save != $img_new } { setCustomImage $node $img_new }
+ if { $img_save != $img_new } { setCustomImage $node $img_new }
$wi.fmid.c delete all
drawNode $wi.fmid.c $node
@@ -4363,9 +4363,9 @@ proc markerOptions { show } {
# Boeing: draw the marker sizes tool on a small canvas
proc drawMarkerSizes { c sel } {
# determine the coordinates of the selection box based on value of sel
- if { $sel == 1 } { set coords {0 0 16 16}
- } elseif { $sel == 2 } { set coords {16 0 32 16}
- } elseif { $sel == 3 } { set coords {0 16 16 32}
+ if { $sel == 1 } { set coords {0 0 16 16}
+ } elseif { $sel == 2 } { set coords {16 0 32 16}
+ } elseif { $sel == 3 } { set coords {0 16 16 32}
} else { set coords {16 16 32 32} }
# draw the selection box
$c create rectangle $coords -fill gray -tag square -width 0
@@ -4393,18 +4393,18 @@ proc markerSize { x y } {
drawMarkerSizes .left.markeropt.sizes $sel
}
-# Boeing: set canvas wallpaper
+# Boeing: set canvas wallpaper
proc wallpaperPopup {} {
global curcanvas
set w .wallpaperDlg
catch {destroy $w}
toplevel $w
-
+
wm transient $w .
wm title $w "Set Canvas Wallpaper"
grab $w
-
+
# preview
canvas $w.preview -background white -relief sunken -width 200 -height 100 \
-borderwidth 1
@@ -4421,7 +4421,7 @@ proc wallpaperPopup {} {
# file browse button
global configwin
set configwin $w
- button $w.f.filebtn -text "..." -command {
+ button $w.f.filebtn -text "..." -command {
global configwin showGrid adjustCanvas fileDialogBox_initial
global g_imageFileTypes
# use default conf file path upon first run
@@ -4443,7 +4443,7 @@ proc wallpaperPopup {} {
}
# clear wallpaper button
- button $w.f.clear -text "clear" -command {
+ button $w.f.clear -text "clear" -command {
global configwin wallpaperStyle
$configwin.f.file delete 0 end
$configwin.preview delete "wallpaper"
@@ -4493,11 +4493,11 @@ proc wallpaperPopup {} {
# buttons
frame $w.btns
- button $w.btns.apply -text "Apply" -command {
+ button $w.btns.apply -text "Apply" -command {
global configwin wallpaperStyle curcanvas adjustCanvas
set f [$configwin.f.file get]
- if {$adjustCanvas} {
- wallpaperAdjustCanvas $curcanvas $f $wallpaperStyle
+ if {$adjustCanvas} {
+ wallpaperAdjustCanvas $curcanvas $f $wallpaperStyle
}
setCanvasWallpaper $curcanvas $f $wallpaperStyle
redrawAll
@@ -4536,7 +4536,7 @@ proc wallpaperAdjustCanvas { c f style } {
#puts -nonewline "wallpaperAdjustCanvas img($imgx, $imgy) $cx, $cy -> "
- # For scaled and tiled styles, expand canvas x and y to a multiple of
+ # For scaled and tiled styles, expand canvas x and y to a multiple of
# imgx, imgy for better stretching. If the image is larger than the canvas,
# just increase the canvas size to accomodate it.
if {$style == "scaled" || $style == "tiled"} {
@@ -4605,13 +4605,13 @@ proc drawWallpaper { c f style } {
# grow image
if { $cx >= $imgx || $cy > $imgy } {
set x [expr 1+($cx / $imgx)]
- set y [expr 1+($cy / $imgy)]
+ set y [expr 1+($cy / $imgy)]
$img2 copy $img -zoom $x $y
# shrink image
} else {
$img2 copy $img -subsample \
[expr { int($imgx / $cx) }] \
- [expr { int($imgy / $cy) }]
+ [expr { int($imgy / $cy) }]
}
$c create image [expr 1+$cx/2] [expr 1+$cy/2] -image $img2 \
-tags "background wallpaper"
@@ -4635,7 +4635,7 @@ proc drawWallpaper { c f style } {
}
raiseAll $c
-
+
}
# helper for close/cancel buttons
@@ -4665,11 +4665,11 @@ proc rj45ifclist { wi node wasclicked } {
listbox $wi.ftop.ifc.ifc_list -height 4 -width 30 \
-selectmode browse -yscrollcommand "$wi.ftop.ifc.ifc_scroll set"
scrollbar $wi.ftop.ifc.ifc_scroll \
- -command "$wi.ftop.ifc.ifc_list yview"
+ -command "$wi.ftop.ifc.ifc_list yview"
set ifname ""
set ifip ""
- # this handles differences between Linux and FreeBSD ifconfig
+ # this handles differences between ifconfig
foreach line [split [nexec localnode ifconfig -a] "\n"] {
set char [string index $line 0]
if { $char != " " && $char != " " } {
@@ -4924,7 +4924,7 @@ proc popupHookScript { name } {
"genericOpenSaveButtonPress $c $wi.mid.script $wi.n.name"
}
ttk::combobox $wi.n.state -width 15 -state readonly -exportselection 0 \
- -values $CORE_STATES
+ -values $CORE_STATES
pack $wi.n.lab $wi.n.name -padx 4 -pady 4 -side left
pack $wi.n.open $wi.n.save -pady 4 -side left
pack $wi.n.state -padx 4 -pady 4 -side left
@@ -5081,7 +5081,7 @@ proc popupFileView { pathname } {
ttk::label $wi.top.fnl -text "File:"
ttk::entry $wi.top.fn
#ttk::entry $wi.top.fn -state readonly
- pack $wi.top.fnl -padx 4 -side left
+ pack $wi.top.fnl -padx 4 -side left
pack $wi.top.fn -padx 4 -side left -fill both -expand true
pack $wi.top -padx 4 -pady 4 -side top -fill both -expand true
$wi.top.fn insert 0 $pathname
diff --git a/gui/exec.tcl b/gui/exec.tcl
index 1e5eec76..2105ac35 100644
--- a/gui/exec.tcl
+++ b/gui/exec.tcl
@@ -38,10 +38,10 @@
# SYNOPSIS
# set result [nexec $args]
# FUNCTION
-# Executes the sting given in args variable. The sting is not executed
+# Executes the sting given in args variable. The sting is not executed
# if IMUNES is running in editor only mode. Execution of a string can
# be local or remote. If socket can not be opened in try of a remote
-# execution, mode is switched to editor only mode.
+# execution, mode is switched to editor only mode.
# INPUTS
# * args -- the string that should be executed localy or remotely.
# RESULT
@@ -80,7 +80,7 @@ proc acquireOperModeLock { mode } {
if { $mode == "exec" } {
set choice [tk_messageBox -type yesno -default no -icon warning \
-message "You have selected to start the session while the previous one is still shutting down. Are you sure you want to interrupt the shutdown? (not recommended)"]
- if { $choice == "no" } {
+ if { $choice == "no" } {
set activetool select
return; # return and allow previous setOperMode to finish...
}
@@ -88,7 +88,7 @@ proc acquireOperModeLock { mode } {
} elseif { $setOperMode_lock } { ;# mode == "edit"
set choice [tk_messageBox -type yesno -default no -icon warning \
-message "You are trying to stop the session while it is still starting. Are you sure you want to interrupt the startup? (not recommeded)"]
- if { $choice == "no" } {
+ if { $choice == "no" } {
set activetool select
return; # return and allow previous setOperMode to finish...
}
@@ -155,7 +155,7 @@ proc drawToolbar { mode } {
# add buttons when in edit mode
set imgf "$CORE_DATA_DIR/icons/tiny/$b.gif"
set image [image create photo -file $imgf]
- catch {
+ catch {
radiobutton .left.$b -indicatoron 0 \
-variable activetool -value $b -selectcolor $defSelectionColor \
-width 32 -height 32 -image $image \
@@ -163,7 +163,7 @@ proc drawToolbar { mode } {
leftToolTip $b .left
pack .left.$b -side top
}
- }
+ }
}
# popup toolbar buttons have submenus
set buttons {routers hubs bgobjs}
@@ -192,7 +192,7 @@ proc drawToolbar { mode } {
-borderwidth 1 -tearoff 0]
# create the child menutbuttons
drawToolbarSubmenu $b $menubuttons
- # tooltips for parent and submenu items
+ # tooltips for parent and submenu items
leftToolTip $b .left
bind $buttonmenu <> {leftToolTipSubMenu %W}
bind $buttonmenu {
@@ -206,7 +206,7 @@ proc drawToolbar { mode } {
}
}
- #
+ #
# Exec mode button bar
#
if { "$mode" == "edit" } {
@@ -267,7 +267,7 @@ proc drawToolbarSubmenu { b menubuttons } {
$buttonmenu add command -image $img -columnbreak 1 \
-command "popupMenuChoose $b $menubutton $imgf"
}
- # add an edit button to the end of the row
+ # add an edit button to the end of the row
if { $b == "routers" } {
set imgf "$CORE_DATA_DIR/icons/normal/document-properties.gif"
set img [createImageButton $imgf 0]
@@ -279,7 +279,7 @@ proc drawToolbarSubmenu { b menubuttons } {
proc setSessionStartStopMenu { mode } {
if { $mode == "exec" } {
catch {.menubar.session entryconfigure "Start" \
- -label "Stop" -command "startStopButton edit"}
+ -label "Stop" -command "startStopButton edit"}
} else {
catch {.menubar.session entryconfigure "Stop" \
-label "Start" -command "startStopButton exec"}
@@ -339,8 +339,8 @@ proc startStopButton { mode } {
# Sets imunes operating mode to the value of the parameter mode.
# The mode can be set only to edit or exec.
# When changing the mode to exec all the emulation interfaces are
-# checked (if they are nonexistent the message is displayed, and
-# mode is not changed), all the required buttons are disabled
+# checked (if they are nonexistent the message is displayed, and
+# mode is not changed), all the required buttons are disabled
# (except the simulation/Terminate button, that is enabled) and
# procedure deployCfg is called.
# When changing the mode to edit, all required buttons are enabled
@@ -387,7 +387,7 @@ proc setOperMode { mode { type "" } } {
#
# Start/stop the emulation
- #
+ #
### start button is pressed
if { "$mode" == "exec" } {
rearrange_off
@@ -395,11 +395,11 @@ proc setOperMode { mode { type "" } } {
resetAllNodeCoords save
clearExceptions "" ""
throwCEL true
-
- # Bind left mouse click to displaying the CPU usage in
+
+ # Bind left mouse click to displaying the CPU usage in
# a graph format
bind .bottom.cpu_load <1> {manageCPUwindow %X %Y 1}
-
+
monitor_loop
set plugin [lindex [getEmulPlugin "*"] 0]
set emul_sock [pluginConnect $plugin connect false]
@@ -422,7 +422,7 @@ proc setOperMode { mode { type "" } } {
clearWlanLinks ""
widgets_stop
set oper_mode edit
-
+
# Bind left mouse click to clearing the CPU graph
bind .bottom.cpu_load <1> {manageCPUwindow %X %Y 0}
manageCPUwindow %X %Y 0
@@ -438,7 +438,7 @@ proc setOperMode { mode { type "" } } {
# SYNOPSIS
# statline $line
# FUNCTION
-# Sets the string of the status line. If the execution mode is
+# Sets the string of the status line. If the execution mode is
# set to batch the line is just printed on the standard output.
# INPUTS
# * line -- line to be displayed
@@ -475,15 +475,15 @@ proc getNextMac {} {
# monitor_loop
# FUNCTION
# Calculates the usage of cpu, mbuffers and mbuf clusters.
-# The results are displayed in status line and updated
+# The results are displayed in status line and updated
# every two seconds.
#****
proc monitor_loop {} {
global oper_mode systype
global server_cpuusage
- global exec_servers
+ global exec_servers
+
-
if {$oper_mode != "exec"} {
.bottom.cpu_load config -text ""
.bottom.mbuf config -text ""
@@ -492,7 +492,7 @@ proc monitor_loop {} {
if { [lindex $systype 0] == "Linux" } {
set cpuusage [getCPUUsage]
-
+
#TODO: get the cpu usage on all the assigned server
# store usage history for each server stored in an array list
set assigned_servers [getAssignedRemoteServers]
@@ -509,22 +509,22 @@ proc monitor_loop {} {
# TODO: receive CPU usage from other servers
set cpuusageforserver 0
}
-
+
# append the latest cpu value to the end of list and
# only keep and display the last 20 values for each server
- set server_cpuusage($ip) [lappend server_cpuusage($ip) $cpuusageforserver]
+ set server_cpuusage($ip) [lappend server_cpuusage($ip) $cpuusageforserver]
if { [llength $server_cpuusage($ip)] > 20 } {
set server_cpuusage($ip) [lreplace $server_cpuusage($ip) 0 0]
- }
+ }
}
-
-
+
+
#plot the usage data if cpu windows already opened
# for all servers
if { [winfo exists .cpu]} {
plotCPUusage
}
-
+
set cputxt "CPU [lindex $cpuusage 0]% ("
set cpuusage [lreplace $cpuusage 0 0]
for { set n 0 } { $n < [llength $cpuusage] } { incr n } {
@@ -544,13 +544,8 @@ proc monitor_loop {} {
return
}
- if { $systype == "FreeBSD 4.11-RELEASE" } {
- set defaultname "default"
- set cpun 3
- } else {
- set defaultname "."
+ set defaultname "."
set cpun 4
- }
# CPU usage from `vimage -l`
set vimagetext [nexec localnode vimage -l $defaultname | xargs]
@@ -578,7 +573,7 @@ proc monitor_loop {} {
# SYNOPSIS
# execSetLinkParams $eid $link
# FUNCTION
-# Sets the link parameters during execution.
+# Sets the link parameters during execution.
# All the parameters are set at the same time.
# INPUTS
# eid -- experiment id
@@ -649,7 +644,7 @@ proc createImageButton { imgf style } {
}
}
return $img
-
+
}
# Boeing: status bar graph
@@ -689,7 +684,7 @@ proc statgraph { cmd n } {
}
}
}
-
+
proc popupConnectMessage { dst } {
global CORE_DATA_DIR execMode
@@ -751,21 +746,21 @@ proc manageCPUwindow {xpos ypos start} {
global exec_servers
global server_cpuusage
-
+
if {$start == 1} {
- if { ![winfo exists .cpu]} {
+ if { ![winfo exists .cpu]} {
toplevel .cpu
wm geometry .cpu 200x210+$xpos+$ypos
wm resizable .cpu 0 0
- wm title .cpu "CPU Usage"
- canvas .cpu.graph -width 200 -height 210
+ wm title .cpu "CPU Usage"
+ canvas .cpu.graph -width 200 -height 210
pack .cpu.graph
- }
+ }
} else {
if { [winfo exists .cpu]} {
destroy .cpu
set assigned_servers [getAssignedRemoteServers]
-
+
for {set i 0} {$i <= [llength $assigned_servers]} {incr i} {
if {$i == [llength $assigned_servers]} {
set ip [getMyIP]
@@ -774,7 +769,7 @@ proc manageCPUwindow {xpos ypos start} {
set srv [array get exec_servers $server]
if { $srv == "" } { continue }
set ip [lindex $srv 0]
- }
+ }
set server_cpuusage($ip) [lreplace $server_cpuusage($ip) 0 end]
}
}
@@ -789,7 +784,7 @@ proc getMyIP { } {
set myIP [lindex [fconfigure $theServer -sockname] 0]
close $theServer
return $myIP
-
+
}
# display all values stored in cpu usage history for each server
@@ -797,24 +792,24 @@ proc plotCPUusage { } {
global cpu_palettes
global exec_servers
global server_cpuusage
-
- .cpu.graph delete "all"
+
+ .cpu.graph delete "all"
.cpu.graph create line 0 100 200 100 -width 2
.cpu.graph create line 0 80 200 80 -width 1
.cpu.graph create line 0 60 200 60 -width 1
.cpu.graph create line 0 40 200 40 -width 1
.cpu.graph create line 0 20 200 20 -width 1
.cpu.graph create line 0 0 200 0 -width 1
-
+
.cpu.graph create line 40 0 40 100 -width 1
.cpu.graph create line 80 0 80 100 -width 1
.cpu.graph create line 120 0 120 100 -width 1
.cpu.graph create line 160 0 160 100 -width 1
.cpu.graph create line 200 0 200 100 -width 1
- # for each server create a plot of cpu usage
- set assigned_servers [getAssignedRemoteServers]
- for {set i 0} {$i <= [llength $assigned_servers]} {incr i} {
+ # for each server create a plot of cpu usage
+ set assigned_servers [getAssignedRemoteServers]
+ for {set i 0} {$i <= [llength $assigned_servers]} {incr i} {
if {$i == [llength $assigned_servers]} {
set ip [getMyIP]
} else {
@@ -823,9 +818,9 @@ proc plotCPUusage { } {
if { $srv == "" } { continue }
set ip [lindex $srv 0]
}
-
+
#need to add multiple cpuusgaehistory (array)
- for { set n 1 } { $n < [llength $server_cpuusage($ip)] } { incr n } {
+ for { set n 1 } { $n < [llength $server_cpuusage($ip)] } { incr n } {
set prevn [expr {$n - 1}]
set x1 [expr {$prevn * 10}]
set y1 [expr {100 - [lindex $server_cpuusage($ip) $prevn]}]
@@ -837,15 +832,15 @@ proc plotCPUusage { } {
.cpu.graph create line $x1 $y1 $x2 $y2 -fill [lindex $cpu_palettes end]
}
- #debug
- #puts " cpu $x1 $y1 $x2 $y2"
+ #debug
+ #puts " cpu $x1 $y1 $x2 $y2"
}
-
+
#for each server create a legend (limited to 8)
set legendtext $ip
append legendtext " " [lindex $server_cpuusage($ip) end] "%"
-
- set legendy [expr {($i * 10) + 120}]
+
+ set legendy [expr {($i * 10) + 120}]
set legendx 10
if {$i < [llength $cpu_palettes]} {
.cpu.graph create rectangle $legendx $legendy \
@@ -861,9 +856,9 @@ proc plotCPUusage { } {
.cpu.graph create text [expr {$legendx + 15}] [expr {$legendy + 4}]\
-text $legendtext -fill [lindex $cpu_palettes end] \
-anchor w -justify left
-
+
}
-
+
}
}
diff --git a/gui/filemgmt.tcl b/gui/filemgmt.tcl
index d6ba580e..e76874a7 100644
--- a/gui/filemgmt.tcl
+++ b/gui/filemgmt.tcl
@@ -36,41 +36,41 @@
# NAME
# filemgmt.tcl -- file used for manipulation with files
# FUNCTION
-# This module is used for all file manipulations. In this file
+# This module is used for all file manipulations. In this file
# a file is read, a new file opened or existing file saved.
# NOTES
# variables:
-#
+#
# currentFile
# relative or absolute path to the current configuration file
-#
+#
# fileTypes
-# types that will be displayed when opening new file
+# types that will be displayed when opening new file
#
# procedures used for loading and storing the configuration file:
#
-# newFile
+# newFile
# - creates an empty project
#
# openFile {filename}
# - loads configuration from filename
#
-# saveFile {selectedFile}
-# - saves current configuration to a file named selectedFile
+# saveFile {selectedFile}
+# - saves current configuration to a file named selectedFile
# unless the file name is an empty string
#
# fileOpenStartUp
# - opens the file named as command line argument
-#
+#
# fileNewDialogBox
-# - opens message box to optionally save the changes
+# - opens message box to optionally save the changes
#
# fileOpenDialogBox
# - opens dialog box for selecting a file to open
#
# fileSaveDialogBox
# - opens dialog box for saving a file under new name if there is no
-# current file
+# current file
#****
set currentFile ""
@@ -103,11 +103,6 @@ proc newFile {} {
set g_view_locked 0
# flush daemon configuration
- if { [llength [findWlanNodes ""]] > 0 } {
- if { [lindex $systype 0] == "FreeBSD" } {
- catch { exec ngctl config wlan_ctl: flush=all }
- }
- }
loadCfg ""
resetGlobalVars newfile
set curcanvas [lindex $canvas_list 0]
@@ -143,7 +138,7 @@ proc newFile {} {
# Loads the configuration from the file named $filename.
#****
proc openFile { filename } {
- global currentFile
+ global currentFile
global undolog activetool
global canvas_list curcanvas systype
global changed
@@ -190,11 +185,6 @@ proc openFile { filename } {
}
# flush daemon configuration
- if { [llength [findWlanNodes ""]] > 0 } {
- if { [lindex $systype 0] == "FreeBSD" } {
- catch { exec ngctl config wlan_ctl: flush=all }
- }
- }
set cfg ""
if { [catch { set fileId [open $currentFile r] } err] } {
puts "error opening file $currentFile: $err"
@@ -209,7 +199,7 @@ proc openFile { filename } {
loadCfg $cfg
switchCanvas none
- set undolog(0) $cfg
+ set undolog(0) $cfg
set activetool select
# remember opened files
@@ -236,11 +226,11 @@ proc resetGlobalVars { reason } {
# FUNCTION
# Loads the current configuration into the selectedFile file.
# INPUTS
-# * selectedFile -- the name of the file where current
+# * selectedFile -- the name of the file where current
# configuration is saved.
#****
proc saveFile { selectedFile } {
- global currentFile
+ global currentFile
global changed
if { $selectedFile == ""} {
@@ -275,7 +265,7 @@ proc saveFile { selectedFile } {
# SYNOPSIS
# fileOpenStartUp
# FUNCTION
-# Loads configuration from batch input file to the current
+# Loads configuration from batch input file to the current
# configuration.
#****
proc fileOpenStartUp {} {
@@ -310,7 +300,7 @@ proc fileNewDialogBox {} {
if {$changed != 0 } {
set choice [promptForSave]
}
-
+
if { $choice != "cancel"} {
newFile
}
@@ -370,7 +360,7 @@ proc fileSaveDialogBox { prompt } {
set ft [lreplace $ft 0 0]
set ft [linsert $ft 1 $imn]
}
-
+
set dir ""
# use default conf file path upon first run
if { $fileDialogBox_initial == 0} {
@@ -450,7 +440,7 @@ proc loadDotFile {} {
set isfile 0
if {[catch {set dotfile [open "$CONFDIR/prefs.conf" r]} ]} return
close $dotfile
-
+
if {[catch { source "$CONFDIR/prefs.conf" }]} {
puts "The $CONFDIR/prefs.conf preferences file is invalid, ignoring it."
#file delete "~/.core"
@@ -468,7 +458,7 @@ proc savePrefsFile { } {
# header
puts $dotfile "# CORE ${CORE_VERSION} GUI preference file"
-
+
# save the most-recently-used file list
puts $dotfile "set g_mrulist \"$g_mrulist\""
@@ -550,10 +540,6 @@ proc exit {} {
if { [popupStopSessionPrompt]=="cancel" } {
return
}
- # Flush daemon configuration
- if { [lindex $systype 0] == "FreeBSD" } {
- catch { exec ngctl config wlan_ctl: flush=all }
- }
# Prompt for save if file was changed
if { $changed != 0 && [promptForSave] == "cancel" } {
return
@@ -579,7 +565,7 @@ proc exit {} {
# save user preferences
savePrefsFile
-
+
exit.real
}
diff --git a/gui/linkcfg.tcl b/gui/linkcfg.tcl
index 3febc25e..adaa75bc 100644
--- a/gui/linkcfg.tcl
+++ b/gui/linkcfg.tcl
@@ -35,11 +35,11 @@
# NAME
# linkcfg.tcl -- file used for manipultaion with links in IMUNES
# FUNCTION
-# This module is used to define all the actions used for configuring
-# links in IMUNES.
+# This module is used to define all the actions used for configuring
+# links in IMUNES.
#
# NOTES
-#
+#
# linkPeers { link_id }
# Returns node_ids of link endpoints
#
@@ -53,7 +53,7 @@
# ... in bits per second
#
# getLinkBandwidthString { link_id }
-# ... as string
+# ... as string
#
# getLinkDelay { link_id }
# ... in microseconds
@@ -83,7 +83,7 @@
# INPUTS
# * link_id -- link id
# RESULT
-# * link_peers -- returns nodes_ids of a link endpoints
+# * link_peers -- returns nodes_ids of a link endpoints
# in a list {node1_id node2_id}
#****
@@ -100,14 +100,14 @@ proc linkPeers { link } {
# SYNOPSIS
# set link_id [linkByPeers $node1_id $node2_id]
# FUNCTION
-# Returns link_id whose peers are node1 and node2.
+# Returns link_id whose peers are node1 and node2.
# The order of input nodes is irrelevant.
# INPUTS
# * node1_id -- node id of the first node
# * node2_id -- node id of the second node
# RESULT
-# * link_id -- returns id of a link connecting endpoints
-# node1_id node2_id.
+# * link_id -- returns id of a link connecting endpoints
+# node1_id node2_id.
#****
proc linkByPeers { node1 node2 } {
@@ -144,7 +144,7 @@ proc linkByPeersMirror { node1 node2 } {
# removeLink $link_id
# FUNCTION
# Removes the link and related entries in peering node's configs.
-# Updates the default route for peer nodes.
+# Updates the default route for peer nodes.
# INPUTS
# * link_id -- link id
#****
@@ -199,7 +199,7 @@ proc getLinkBandwidth { link {dir "down"} } {
# INPUTS
# * link_id -- link id
# RESULT
-# * bandwidth_str -- The value of link bandwidth formated in a sting
+# * bandwidth_str -- The value of link bandwidth formated in a sting
# containing a measure unit.
#****
@@ -332,7 +332,7 @@ proc getLinkDelay { link {dir "down"} } {
# INPUTS
# * link_id -- link id
# RESULT
-# * delay -- The value of link delay formated in a string
+# * delay -- The value of link delay formated in a string
# containing a measure unit.
#****
@@ -437,7 +437,7 @@ proc getLinkBERString { link } {
if { $ber != "" } {
set berstr "$berstr$ber%"
}
- if { $berup != "" } {
+ if { $berup != "" } {
set berstr "$berstr / $berup%"
}
return $berstr
@@ -472,7 +472,7 @@ proc setLinkBER { link value } {
#****f* linkcfg.tcl/getLinkDup
# NAME
-# getLinkDup -- get link packet duplicate value
+# getLinkDup -- get link packet duplicate value
# SYNOPSIS
# set duplicate [getLinkDup $link_id]
# FUNCTION
@@ -508,7 +508,7 @@ proc getLinkDupString { link } {
#****f* linkcfg.tcl/setLinkDup
# NAME
-# setLinkDup -- set link packet duplicate value
+# setLinkDup -- set link packet duplicate value
# SYNOPSIS
# setLinkDup $link_id $value
# FUNCTION
@@ -547,7 +547,7 @@ proc isLinkUni { link } {
#****f* linkcfg.tcl/getLinkMirror
# NAME
-# getLinkMirror -- get link's mirror link
+# getLinkMirror -- get link's mirror link
# SYNOPSIS
# set mirror_link_id [getLinkMirror $link_id]
# FUNCTION
@@ -569,7 +569,7 @@ proc getLinkMirror { link } {
#****f* linkcfg.tcl/setLinkMirror
# NAME
-# setLinkMirror -- set link's mirror link
+# setLinkMirror -- set link's mirror link
# SYNOPSIS
# setLinkMirror $link_id $mirror_link_id
# FUNCTION
@@ -599,7 +599,7 @@ proc setLinkMirror { link value } {
# SYNOPSIS
# set nodes [splitLink $link_id $nodetype]
# FUNCTION
-# Splits the link in two parts. Each part of the split link is one
+# Splits the link in two parts. Each part of the split link is one
# pseudo link.
# INPUTS
# * link_id -- link id
@@ -674,7 +674,7 @@ proc splitLink { link nodetype } {
# SYNOPSIS
# set new_link_id [mergeLink $link_id]
# FUNCTION
-# Rebuilts a link from two pseudo link.
+# Rebuilts a link from two pseudo link.
# INPUTS
# * link_id -- pseudo link id
# RESULT
@@ -754,11 +754,11 @@ proc newLink { lnode1 lnode2 } {
global systype
if { ([nodeType $lnode1] == "lanswitch" ||[nodeType $lnode1] == "OVS") && \
[nodeType $lnode2] != "router" && \
- ([nodeType $lnode2] != "lanswitch" || [nodeType $lnode2] != "OVS") } {
+ ([nodeType $lnode2] != "lanswitch" || [nodeType $lnode2] != "OVS") } {
set regular no }
if { ([nodeType $lnode2] == "lanswitch" || [nodeType $lnode2] == "OVS") && \
[nodeType $lnode1] != "router" && \
- ([nodeType $lnode1] != "lanswitch" || [nodeType $lnode1] != "OVS" )} {
+ ([nodeType $lnode1] != "lanswitch" || [nodeType $lnode1] != "OVS" )} {
#Khaled: puts "connecting '$lnode1' (type: '[nodeType $lnode1]') to '$lnode2' (type: '[nodeType $lnode2]') "
set regular no }
if { [nodeType $lnode1] == "hub" && \
@@ -839,15 +839,11 @@ proc newLink { lnode1 lnode2 } {
if { [string range $model 0 6] == "coreapi" } {
set delay 0; # delay controlled by wireless module
} elseif {$delay != ""} {
- if { [lindex $systype 0] == "FreeBSD" } {
- lappend $link "delay [expr $delay/2]"
- } else {
lappend $link "delay $delay"
- }
- }
+ }
# Exclude OVS from network layer nodes IP address asignments
if { ([[typemodel $lnode2].layer] == "NETWORK") && ([nodeType $lnode2] != "OVS") } {
-
+
#Khaled: puts "Assigning '$lnode2' (type: '[nodeType $lnode2]') an automatic IP address"
if { $ipv4_addr2 == "" } { autoIPv4addr $lnode2 $ifname2 }
@@ -872,7 +868,7 @@ proc newLink { lnode1 lnode2 } {
if { [nodeType $lnode2] != "pseudo" &&
[nodeType $lnode1] != "wlan" &&
([[typemodel $lnode1].layer] == "NETWORK" && [nodeType $lnode1] != "OVS") } {
-
+
if { $ipv4_addr1 == "" && $do_auto_addressing } {
autoIPv4addr $lnode1 $ifname1
}
@@ -884,16 +880,16 @@ proc newLink { lnode1 lnode2 } {
if { [nodeType $lnode1] != "pseudo" &&
[nodeType $lnode1] != "wlan" &&
([[typemodel $lnode2].layer] == "NETWORK" && [nodeType $lnode2] != "OVS") } {
-
+
if { $ipv4_addr2 == "" && $do_auto_addressing } {
- autoIPv4addr $lnode2 $ifname2
+ autoIPv4addr $lnode2 $ifname2
}
if { $ipv6_addr2 == "" && $do_auto_addressing } {
autoIPv6addr $lnode2 $ifname2
}
}
- # tunnel address based on its name
+ # tunnel address based on its name
if { [nodeType $lnode1] == "tunnel" } {
set ipaddr "[getNodeName $lnode1]/24"
setIfcIPv4addr $lnode1 e0 $ipaddr
@@ -914,7 +910,7 @@ proc newLink { lnode1 lnode2 } {
# FUNCTION
# Returns the link id of the link connecting the node's interface
# INPUTS
-# * node_id -- node id
+# * node_id -- node id
# * ifc -- interface
# RESULT
# * link_id -- link id.
@@ -1021,7 +1017,7 @@ proc updateLinkGuiAttr { link attr } {
}
color {
setLinkColor $link $value
- .c itemconfigure "link && $link" -fill [getLinkColor $link]
+ .c itemconfigure "link && $link" -fill [getLinkColor $link]
}
dash {
.c itemconfigure "link && $link" -dash $value
diff --git a/gui/mobility.tcl b/gui/mobility.tcl
index 61e79508..67a0006c 100644
--- a/gui/mobility.tcl
+++ b/gui/mobility.tcl
@@ -6,7 +6,7 @@
# shows the Two-node Tool
proc popupTwoNodeDialog { } {
global twonodePID lastTwoNodeHop g_twoNodeSelect g_twoNodeSelectCallback
-
+
markerOptions off
set wi .twonodetool
catch {destroy $wi}
@@ -61,7 +61,7 @@ proc popupTwoNodeDialog { } {
# buttons on the bottom
frame $wi.butt -borderwidth 6
- button $wi.butt.run -text "Run" -command "runTwoNodeCommand $wi"
+ button $wi.butt.run -text "Run" -command "runTwoNodeCommand $wi"
button $wi.butt.cancel -text "Clear" -command "clearTwoNodeDialog $wi 0"
button $wi.butt.close -text "Close" -command "clearTwoNodeDialog $wi 1"
pack $wi.butt.run $wi.butt.cancel $wi.butt.close -side left
@@ -83,11 +83,7 @@ proc clearTwoNodeDialog { wi done} {
set emul [getEmulPlugin $node]
set emulation_type [lindex $emul 1]
catch {
- if { $os == "FreeBSD" } {
- exec sudo kill -9 $twonodePID 2> /dev/null
- } else {
- exec kill -9 $twonodePID 2> /dev/null
- }
+ exec kill -9 $twonodePID 2> /dev/null
}
set twonodePID 0
}
@@ -318,11 +314,11 @@ proc drawTwoNodeLine { node line type } {
# search for hops matching this nexthop address
set hops [findNextHops $lastTwoNodeHop $nexthop ""]
if {[llength $hops] == 0} {
- puts "Couldn't highlight next hop: $nexthop";
+ puts "Couldn't highlight next hop: $nexthop";
return
}
- # highlight the path
+ # highlight the path
set a $lastTwoNodeHop
foreach b $hops {
highlightLink $a $b
@@ -372,7 +368,7 @@ proc nodeHasAddr { node addr } {
if { $nodeaddr == $addr } {
return 1
}
- }
+ }
return 0
}
@@ -429,7 +425,7 @@ proc clearLinkHighlights { } {
# Boeing: shows the Two-node Tool
proc popupRunDialog { } {
global node_list activetool systype
-
+
set activetool select
markerOptions off
set wi .runtool
@@ -489,7 +485,7 @@ proc popupRunDialog { } {
# buttons on the bottom
frame $wi.butt -borderwidth 6
- button $wi.butt.run -text "Run" -command "runToolCommand $wi \"\""
+ button $wi.butt.run -text "Run" -command "runToolCommand $wi \"\""
button $wi.butt.close -text "Close" -command "destroy $wi"
pack $wi.butt.run $wi.butt.close -side left
pack $wi.butt -side bottom
@@ -504,7 +500,7 @@ proc runToolCommand { wi node } {
if { ![winfo exists $wi] } { return }; # user has closed window
# start running commands
- if { $node == "" } {
+ if { $node == "" } {
$wi.results.text delete 1.0 end
set selected [$wi.n.nodes.nodes curselection]
if { [llength $selected] == 0 } {
@@ -518,8 +514,8 @@ proc runToolCommand { wi node } {
set next ""
set getnext 0
- foreach i [$wi.n.nodes.nodes curselection] { ;# find the next node
- set n [lindex $node_list $i]
+ foreach i [$wi.n.nodes.nodes curselection] { ;# find the next node
+ set n [lindex $node_list $i]
if {$n == $node } {
set getnext 1
} elseif { $getnext == 1 } {
@@ -553,7 +549,7 @@ proc runToolCommand { wi node } {
# callback after receiving exec message response
proc exec_runtool_callback { node execnum cmd result status } {
set wi .runtool
-
+
if { ![winfo exists $wi] } { return }; # user has closed window
$wi.results.text insert end "> $node > $cmd:\n"
diff --git a/gui/util.tcl b/gui/util.tcl
index 204694b0..3052f73b 100644
--- a/gui/util.tcl
+++ b/gui/util.tcl
@@ -9,14 +9,13 @@ set g_imageFileTypes {{"images" {.gif}} {"images" {.jpg}} {"images" {.png}}
{"images" {.xbm}} {"All files" {*} }}
global execMode
-if { $execMode == "interactive"} {
+if { $execMode == "interactive"} {
if { [catch { package require Img }] } {
puts "warning: Tcl/Tk Img package not found"
puts " Thumbnails and other image types (JPG, PNG, etc.) will not be supported."
puts " Please install it with:"
puts " yum install tkimg (RedHat/Fedora)"
- puts " sudo apt-get install libtk-img (Debian/Ubuntu)"
- puts " pkg_add -r libimg (FreeBSD)\n"
+ puts " sudo apt-get install libtk-img (Debian/Ubuntu)\n"
set g_imageFileTypes {{"images" {.gif}} {"All files" {*} }}
}
}
@@ -51,7 +50,7 @@ proc checkOS {} {
set machine [exec uname -m]
set kernel [exec uname -v]
- set x11 0
+ set x11 0
catch { set x11 [winfo server .c] }
set os_ident "$os_name $os_ver"
@@ -203,7 +202,7 @@ proc upgradeNetworkConfigToServices { } {
puts "updating Quagga services on node $node"
} ;# end quagga services
#
- # convert static model to router
+ # convert static model to router
#
if { [getNodeModel $node] == "static" } {
setNodeModel $node "router"
@@ -223,7 +222,7 @@ proc upgradeNetworkConfigToServices { } {
setCustomConfig $node "service:UserDefined" "UserDefined" \
$statvals 0
setCustomConfig $node "service:UserDefined:$cfgname" $cfgname $cfg 0
- set services [getNodeServices $node true]
+ set services [getNodeServices $node true]
lappend services "UserDefined"
setNodeServices $node $services
puts "adding user-defined static routing service on node $node"
@@ -240,7 +239,7 @@ proc getCPUUsage { } {
}
array set cpu {}
-
+
while { [ gets $f line ] >= 0 } {
set cpun [lindex $line 0]
set user [lindex $line 1]; set nice [lindex $line 2]
@@ -264,14 +263,14 @@ proc getCPUUsage { } {
set usage_time [expr {($u-$lu) + ($n-$ln) + ($s-$ls)}]
set total_time [expr {$usage_time + ($i-$li)}]
- if { $total_time <= 0 } {
+ if { $total_time <= 0 } {
set cpuusage "" ;# avoid div by zero
} else {
set cpuusage [expr { 100 * $usage_time / $total_time }]
}
lappend cpuusages $cpuusage
}
- return $cpuusages
+ return $cpuusages
}
# Node selection dialog display given message 'msg' with initial node selection
@@ -294,7 +293,7 @@ proc popupSelectNodes { msg initsel callback } {
listbox $wi.nodes.fr.nodelist -width 40 \
-listvariable node_list -yscrollcommand "$wi.nodes.fr.scroll set" \
-activestyle dotbox -selectmode extended
- scrollbar $wi.nodes.fr.scroll -command "$wi.nodes.fr.nodelist yview"
+ scrollbar $wi.nodes.fr.scroll -command "$wi.nodes.fr.nodelist yview"
pack $wi.nodes.fr.nodelist -fill both -expand true -side left
pack $wi.nodes.fr.scroll -fill y -expand true -side left
pack $wi.nodes.label $wi.nodes.fr -side top -padx 4 -pady 4 \
@@ -352,7 +351,7 @@ proc popupRenumberNodes { } {
listbox $wi.nodes.left.fr.from -selectmode single -width 20 \
-listvariable node_list -yscrollcommand "$wi.nodes.left.fr.scroll set" \
-activestyle dotbox
- scrollbar $wi.nodes.left.fr.scroll -command "$wi.nodes.left.fr.from yview"
+ scrollbar $wi.nodes.left.fr.scroll -command "$wi.nodes.left.fr.from yview"
pack $wi.nodes.left.fr.from $wi.nodes.left.fr.scroll -fill y -side left
pack $wi.nodes.left.label $wi.nodes.left.fr -side top -padx 4 -pady 4 \
-anchor w
@@ -487,24 +486,16 @@ proc addStaticRoutesToConfig { node cfg_ref } {
upvar 1 $cfg_ref cfg
foreach statrte [getStatIPv4routes $node] {
- if {[lindex $systype 0] == "Linux" } { ;# Linux
set net [lindex [split $statrte] 0]
set gw [lindex [split $statrte] 1]
lappend cfg "/sbin/ip -4 route add $net via $gw"
- } else { ;# FreeBSD
- lappend cfg "route -q add -inet $statrte"
- }
}
foreach statrte [getStatIPv6routes $node] {
- if { [lindex $systype 0] == "Linux" } { ;# Linux
set net [lindex [split $statrte] 0]
set gw [lindex [split $statrte] 1]
if { $net == "::/0" } { set net "default" }
lappend cfg "/sbin/ip -6 route add $net via $gw"
- } else { ;# FreeBSD
- lappend cfg "route -q add -inet6 $statrte"
- }
}
}
@@ -514,11 +505,7 @@ proc getServiceStartString { } {
setSystype
- if { [lindex $systype 0] == "Linux" } { ;# Linux
return "/etc/init.d/core-daemon start"
- } else { ;# FreeBSD
- return "/usr/local/etc/rc.d/core onestart"
- }
}
proc popupBuildHostsFile { } {
@@ -540,7 +527,7 @@ proc popupBuildHostsFile { } {
pack $wi.top.help -side top -fill both -expand true
pack $wi.top -padx 4 -pady 4 -side top
- # text box
+ # text box
frame $wi.mid
text $wi.mid.hosts -relief sunken -bd 2 \
-yscrollcommand "$wi.mid.scroll set" -setgrid 1 -height 30 -undo 1 \
@@ -585,7 +572,7 @@ proc popupBuildHostsFile { } {
set wi .buildhostsdialog
set hosts [string trim [$wi.mid.hosts get 0.0 end]]
set filename [$wi.fil.filename get]
- set fileId [open $filename a]
+ set fileId [open $filename a]
puts $fileId $hosts
close $fileId
destroy $wi
@@ -707,7 +694,7 @@ proc addressConfigHelper { wi fam cmd } {
}
}
-# set the default addresses for automatic allocation in the g_prefs array
+# set the default addresses for automatic allocation in the g_prefs array
# for the given address family
proc setDefaultAddrs { fam } {
global g_prefs
@@ -737,8 +724,8 @@ proc popupMacAddressConfig { } {
frame $wi.top
set helptext "MAC addresses are automatically assigned starting with\n"
set helptext "$helptext 00:00:00:aa:00:nn, where nn starts with the below"
- set helptext "$helptext value.\n You should change this value when tunneling"
- set helptext "$helptext between \nemulations to prevent MAC address conflicts."
+ set helptext "$helptext value.\n You should change this value when tunneling"
+ set helptext "$helptext between \nemulations to prevent MAC address conflicts."
label $wi.top.help -text $helptext
pack $wi.top.help -side top -fill both -expand true
@@ -863,7 +850,7 @@ proc _launchBrowser url {
# helper for registering a callback with a tk_optionMenu variable, when a user
# clicks on the menu and changes the value; if the global variable var is
-# cleared, this callback is cancelled
+# cleared, this callback is cancelled
# NOTE: when closing the window that calls this, ensure that var is cleared
proc tkOptionMenuCallback { ctl var cb args } {
if { ![winfo exists $ctl] } { return }
@@ -1094,7 +1081,7 @@ proc get_text_editor { want_default } {
if { $want_default } {
return "EDITOR"
} else {
- return $ed
+ return $ed
}
}
# return the first installed editor from EDITORS global
@@ -1203,7 +1190,7 @@ proc delAddrsFromNodes { fam nodes } {
# fix for Tcl/Tk 8.5.8 and lower which doesn't have ttk::spinbox
# set spinbox [getspinbox]
# $spinbox $var -justify right -width 10 ...
-#
+#
proc getspinbox {} {
if { [info command ttk::spinbox] == "" } {
return spinbox
@@ -1308,7 +1295,7 @@ proc findButton { w } {
if { $first == "" } {
$tree insert {} end -id none -values [list "" "" "" "no results found"]
} else {
- $tree selection set $first
+ $tree selection set $first
}
. config -cursor left_ptr
diff --git a/gui/widget.tcl b/gui/widget.tcl
index 12c40499..ec1d48e7 100644
--- a/gui/widget.tcl
+++ b/gui/widget.tcl
@@ -22,19 +22,19 @@ if {$vtysh == ""} {
# widget array: name, {config, init, periodic, move}
#
array set widgets {
- "Throughput"
- { widget_thru_config widget_thru_init widget_thru_periodic widget_thru_move }
+ "Throughput"
+ { widget_thru_config widget_thru_init widget_thru_periodic widget_thru_move }
"Adjacency"
{ widget_adjacency_config widget_adjacency_init widget_adjacency_periodic widget_adjacency_move }
}
-# TODO: fix CPU Widget; it is disabled because Linux network namespaces and
-# FreeBSD jails do not have a CPU usage reporting mechanism right now
-# "CPU"
+# TODO: fix CPU Widget; it is disabled because Linux network namespaces
+# do not have a CPU usage reporting mechanism right now
+# "CPU"
# { widget_cpu_config widget_cpu_init widget_cpu_periodic widget_cpu_move }
# Common Observer Widget definitions
set widgets_obs_quagga [subst {
- 5
+ 5
{{OSPFv2 neighbors} {$vtysh -c {show ip ospf neighbor}}}
6
@@ -47,31 +47,6 @@ set widgets_obs_quagga [subst {
{{PIM neighbors} {$vtysh -c {show ip pim neighbor}}}
}]
-# Observer Widget definitions for FreeBSD
-array set widgets_obs_bsd $widgets_obs_quagga
-array set widgets_obs_bsd {
- 1
- { "processes" "ps ax" }
- 2
- { "ifconfig" "ifconfig" }
- 3
- { "IPv4 routes" "netstat -f inet -rn" }
- 4
- { "IPv6 routes" "netstat -f inet6 -rn" }
- 7
- { "IPv4 listening sockets" "sockstat -4l" }
- 8
- { "IPv6 listening sockets" "sockstat -6l" }
- 9
- { "IPv4 MFC entries" "ifmcstat -f inet" }
- 10
- { "IPv6 MFC entries" "ifmcstat -f inet6" }
- 11
- { "firewall rules" "ipfw -a list" }
- 12
- { "IPsec policies" "setkey -DP" }
-}
-
# Observer Widget definitions for Linux
array set widgets_obs_linux $widgets_obs_quagga
array set widgets_obs_linux {
@@ -104,17 +79,13 @@ set widget_loop_ID -1
#
proc init_default_widgets_obs {} {
global systype widgets widgets_obs widget_obs last_widgetObserveNode
- global widgets_obs_bsd widgets_obs_linux
+ global widgets_obs_linux
setSystype
array unset widgets_obs
- if { [lindex $systype 0] == "Linux" } {
set arrayname widgets_obs_linux
# this works, but we will instead reset all indices:
#array set widgets_obs [array get widgets_obs_linux]
- } else {
- set arrayname widgets_obs_bsd
- }
# this resets the array indices to be 1, 2, 3, etc.
set i 1
@@ -142,7 +113,7 @@ proc init_widget_menu {} {
foreach w [array names widgets] {
global enable_$w
set enable_$w 0
- # note that a more modular way to break out submenus would be nice here
+ # note that a more modular way to break out submenus would be nice here
if { $w == "Adjacency" } {
widget_adjacency_init_submenu .menubar.widgets
continue
@@ -374,9 +345,9 @@ proc configObsWidgets {} {
button $wi.c.c3.add -text "new" \
-command "configObsWidgetsHelper $wi 1"
button $wi.c.c3.mod -text "modify" \
- -command "configObsWidgetsHelper $wi 2"
+ -command "configObsWidgetsHelper $wi 2"
button $wi.c.c3.del -text "delete" \
- -command "configObsWidgetsHelper $wi 3"
+ -command "configObsWidgetsHelper $wi 3"
pack $wi.c.c3.del $wi.c.c3.mod $wi.c.c3.add -side right
pack $wi.c.c3 -fill x -side top
@@ -386,7 +357,7 @@ proc configObsWidgets {} {
frame $wi.s -borderwidth 4
listbox $wi.s.servers -selectmode single -width 50 \
-yscrollcommand "$wi.s.servers_scroll set" -exportselection 0
- scrollbar $wi.s.servers_scroll -command "$wi.s.servers yview"
+ scrollbar $wi.s.servers_scroll -command "$wi.s.servers yview"
pack $wi.s.servers $wi.s.servers_scroll -fill y -side left
pack $wi.s -fill x -side top
bind $wi.s.servers <> "selectObsWidgetConf $wi"
@@ -531,7 +502,7 @@ proc selectObsWidgetConf { wi } {
set selected [$wi.s.servers curselection]
# clear entries
- $wi.c.c.name delete 0 end
+ $wi.c.c.name delete 0 end
$wi.c.c2.cmd delete 0 end
set w [$wi.s.servers get $selected]
@@ -602,23 +573,18 @@ proc widget_thru_config {} {
checkbutton $wi.tlab.up \
-text "Include receptions" -variable thruConfig(up)
pack $wi.tlab.show_thru $wi.tlab.avg $wi.tlab.down \
- $wi.tlab.up -side top -anchor w -padx 4
+ $wi.tlab.up -side top -anchor w -padx 4
pack $wi.tlab -side top
frame $wi.msg -borderwidth 4
global systype
- if { [lindex $systype 0] == "FreeBSD" } {
- set lab1txt "Note: links with no impairments (bw, delay,\netc) "
- set lab1txt "${lab1txt}will display 0.0 throughput"
- } else {
set lab1txt ""
- }
label $wi.msg.lab1 -text $lab1txt
pack $wi.msg.lab1 -side top -padx 4 -pady 4
pack $wi.msg -side top
labelframe $wi.hi -padx 4 -pady 4 -text "Link highlighting"
-
+
# Threshold (set to zero to disable)
label $wi.hi.lab1 -text \
"Highlight link if throuhgput exceeds this "
@@ -632,7 +598,7 @@ proc widget_thru_config {} {
scale $wi.hi.threshscale -from 0.0 -to 1000.0 -orient horizontal \
-showvalue false -sliderrelief raised -variable thruConfig(thresh)
pack $wi.hi.threshscale -side top -fill x
-
+
frame $wi.hi.w
label $wi.hi.w.lab3 -text "Highlight link width:"
spinbox $wi.hi.w.width -bg white -width 8 -textvariable thruConfig(width) \
@@ -649,7 +615,7 @@ proc widget_thru_config {} {
pack $wi.hi.co.colbtn $wi.hi.co.color $wi.hi.co.lab1 \
-side right -padx 4 -pady 4
pack $wi.hi.co -side top
-
+
pack $wi.hi -side top
# OK button at bottom
@@ -748,7 +714,7 @@ proc ngctl_output_to_ifname { line } {
# Throughput widget periodic procedure
#
proc widget_thru_periodic { now } {
- global systype eid link_list
+ global systype eid link_list
global link_thru_stats link_thru_avg_stats link_thru_last_time thruConfig
global throughput_cache
@@ -759,7 +725,7 @@ proc widget_thru_periodic { now } {
set dt [expr { ($now - $link_thru_last_time)/1000.0 }]
set link_thru_last_time $now
if { $dt <= 0.0 } { return }
-
+
# keep wireless stats in an array
array set wireless_stats {}
@@ -820,7 +786,7 @@ proc widget_thru_periodic { now } {
set kbps [expr {$kbps + $kbps_down}]
}
#set kbps [expr {$kbps_down + $kbps_up}]
-
+
if { $thruConfig(avg) } {
if { ![info exists link_thru_avg_stats($key)] } {
set link_thru_avg_stats($key) $kbps
@@ -831,7 +797,7 @@ proc widget_thru_periodic { now } {
set kbps $s
}
}
- set kbps_str [format "%.3f" $kbps]
+ set kbps_str [format "%.3f" $kbps]
# wireless link - keep total of wireless throughput for this node
# (supports membership to multiple wlans)
@@ -855,14 +821,14 @@ proc widget_thru_periodic { now } {
}
.c itemconfigure "link && $link" -width $width -fill $color
}
- thruPlotUpdate .c $link $kbps
+ thruPlotUpdate .c $link $kbps
}; # end foreach link
# after summing all wireless link bandwidths, go back and perform
# highlighting and label updating
foreach node [array names wireless_stats] {
set kbps_str [format "%.3f" $wireless_stats($node)]
-
+
# erase any existing circles (otherwise we get duplicates)
.c delete -withtag "$node && rangecircles"
# wireless circle if exceeding threshold
@@ -897,13 +863,13 @@ proc widget_thru_periodic { now } {
# helper to convert ng_pipe stats into upstream/downstream bytes
proc getstats_bytes_netgraph { raw_input } {
# Rec'd response "getstats" (1) from "e0_n0-n1:":
- # Args: { downstream={ FwdOctets=416 FwdFrames=6 }
+ # Args: { downstream={ FwdOctets=416 FwdFrames=6 }
# upstream={ FwdOctets=416 FwdFrames=6 } }
set tmp [split $raw_input ":"]
if { [llength $tmp] != 4 } {
return [list 0 0]
}
-
+
set statline [lindex [lindex $tmp 3] 0]
set down [lindex $statline 1]
set up [lindex $statline 5]
@@ -952,8 +918,8 @@ proc getstats_bytes_proc { raw_input ifname } {
break
}
# match the ifname exactly
- } elseif { [string range $statline 0 $ifname_len] == "$ifname:" } {
- break
+ } elseif { [string range $statline 0 $ifname_len] == "$ifname:" } {
+ break
}
set statline ""
}
@@ -964,8 +930,8 @@ proc getstats_bytes_proc { raw_input ifname } {
set stats [lindex $statline 1]
set down_bytes [lindex $stats 0]
- set up_bytes [lindex $stats 8]
-
+ set up_bytes [lindex $stats 8]
+
if { $down_bytes == "" } { set down_bytes 0 }
if { $up_bytes == "" } { set up_bytes 0 }
@@ -979,43 +945,43 @@ proc widget_thru_move { c node done } {
# Create a new throughput plot.
proc thruPlot { c link x y height width isresize} {
- global widgets enable_Throughput thruPlotColor curPlotBgColor
+ global widgets enable_Throughput thruPlotColor curPlotBgColor
global plot_list
-
- # if thruplot is called from resize, $link will hold full name
+
+ # if thruplot is called from resize, $link will hold full name
if { $isresize == true } {
set g $link
# extract linkname from full path
regexp {l(.*)thruplot} $g match sub1
set link "l$sub1"
- } else {
- # if new thruplot is created create full name
+ } else {
+ # if new thruplot is created create full name
set g "$c.${link}thruplot"
}
# update plot_list
- # Plot info to be stored :
+ # Plot info to be stored :
# - canvas coords
- # - size (height, width)
- # - color scheme
- # - linkname
-
+ # - size (height, width)
+ # - color scheme
+ # - linkname
+
# global plot variable that stores all plot info
global ${link}thruplot
-
- # reset global variable
- if {[info exists ${link}thruplot]} { unset ${link}thruplot}
+
+ # reset global variable
+ if {[info exists ${link}thruplot]} { unset ${link}thruplot}
set ${link}thruplot {}
- lappend ${link}thruplot "name $g"
- lappend ${link}thruplot "height $height"
- lappend ${link}thruplot "width $width"
- lappend ${link}thruplot "x $x"
- lappend ${link}thruplot "y $y"
-
+ lappend ${link}thruplot "name $g"
+ lappend ${link}thruplot "height $height"
+ lappend ${link}thruplot "width $width"
+ lappend ${link}thruplot "x $x"
+ lappend ${link}thruplot "y $y"
- # if not in color dict, add and set to default (blue)
+
+ # if not in color dict, add and set to default (blue)
if {[dict exists $thruPlotColor $g] == 0} {
dict set thruPlotColor $g blue
set curPlotBgColor "#EEEEFF"
@@ -1025,11 +991,11 @@ proc thruPlot { c link x y height width isresize} {
thruPlotSetScheme $scheme
lappend ${link}thruplot "color $scheme"
}
-
- # add plot to global plot_list
- if {[lsearch $plot_list ${link}thruplot] eq -1} {
+
+ # add plot to global plot_list
+ if {[lsearch $plot_list ${link}thruplot] eq -1} {
lappend plot_list ${link}thruplot
- }
+ }
# set global
global $g
@@ -1040,7 +1006,7 @@ proc thruPlot { c link x y height width isresize} {
destroy $g # TODO: support multiple plots for the same link
}
- canvas $g -height $height -width $width -bg $curPlotBgColor
+ canvas $g -height $height -width $width -bg $curPlotBgColor
$c create window $x $y -window $g -tags "thruplot $g"
# set link interface title
@@ -1049,21 +1015,21 @@ proc thruPlot { c link x y height width isresize} {
set if1 [ifcByPeer $lnode1 $lnode2]
set if2 [ifcByPeer $lnode2 $lnode1]
-
- # if too narrow, bring title down
+
+ # if too narrow, bring title down
if {$width < 220} {
$g create text $width 20 -anchor ne -text "$if1@$lnode1 - $if2@$lnode2"
} else {
$g create text $width 0 -anchor ne -text "$if1@$lnode1 - $if2@$lnode2"
- }
+ }
# bind items
bind $g <1> "thruPlotClick $c $g %x %y none"
bind $g "thruPlotHandleB1Motion $c $g %x %y start"
- bind $g <3> "thruPlotPopup $g %x %y"
+ bind $g <3> "thruPlotPopup $g %x %y"
- #DYL trying to update cursor look
- bind $g "selectmarkEnter $g %x %y"
+ #DYL trying to update cursor look
+ bind $g "selectmarkEnter $g %x %y"
bind $g "selectmarkLeave $c %x %y"
bind $g "thruPlotHandleRelease $c $g %x %y done"
#TODO when we are inside the thruplot, the graph hides the cursor
@@ -1085,27 +1051,27 @@ proc thruPlotPopup {g xclick yclick } {
.button3menu delete 0 end
- .button3menu.color delete 0 end
+ .button3menu.color delete 0 end
.button3menu add cascade -label "Set Color" -menu .button3menu.color
-
- # color red
- .button3menu.color add command -label "Red" -command "setThruPlotColor $g red"
-
- # color blue
- .button3menu.color add command -label "Green" -command "setThruPlotColor $g green"
- # color green
+ # color red
+ .button3menu.color add command -label "Red" -command "setThruPlotColor $g red"
+
+ # color blue
+ .button3menu.color add command -label "Green" -command "setThruPlotColor $g green"
+
+ # color green
.button3menu.color add command -label "Blue" -command "setThruPlotColor $g blue"
# delete
.button3menu add command -label "Delete" -command "deletePlot $g"
-
+
set x [winfo pointerx .]
- set y [winfo pointery .]
+ set y [winfo pointery .]
tk_popup .button3menu $x $y
}
-# remove thruplot
+# remove thruplot
proc deletePlot { g } {
global plot_list
regexp {.c.(.*thruplot)} $g match plotname
@@ -1119,15 +1085,15 @@ proc deletePlot { g } {
# Mouse click on a throughput plot.
# check to see if resize
proc thruPlotClick { c g x y modifier } {
- global thruplotResize cursorToResizemode resizemode resizeobj thruPlotDragStart thruPlotCur
-
- set cursorMode [$c cget -cursor]
-
+ global thruplotResize cursorToResizemode resizemode resizeobj thruPlotDragStart thruPlotCur
+
+ set cursorMode [$c cget -cursor]
+
# check if resizeMode
if {$cursorMode != "left_ptr" && $cursorMode != "crosshair"} {
- global oldX1 oldY1 oldX2 oldY2
+ global oldX1 oldY1 oldX2 oldY2
- # save old top left and bottom right points
+ # save old top left and bottom right points
set bbox [$c bbox $g]
set oldX1 [lindex $bbox 0]
set oldY1 [lindex $bbox 1]
@@ -1135,28 +1101,28 @@ proc thruPlotClick { c g x y modifier } {
set oldY2 [lindex $bbox 3]
# set resizeobj and resize mode
- set resizeobj $g
+ set resizeobj $g
set resizemode [dict get $cursorToResizemode $cursorMode]
set thruplotResize true
} else {
# update cursor to drag (crosshair)
- $c configure -cursor crosshair
- set thruPlotDragStart true
- set thruPlotCur $g
+ $c configure -cursor crosshair
+ set thruPlotDragStart true
+ set thruPlotCur $g
}
-
+
}
-# Must handle either a resize or a drag
+# Must handle either a resize or a drag
# The plot canvas gets the B1-Motion event, not the parent canvas
proc thruPlotHandleB1Motion {c g x y what} {
- global thruplotResize resizemode resizeobj
+ global thruplotResize resizemode resizeobj
set cursorMode [$c cget -cursor]
- # check if drag (center is clicked)
+ # check if drag (center is clicked)
if {($cursorMode == "left_ptr" || $cursorMode == "crosshair") && $thruplotResize == false} {
thruPlotDrag $c $g $x $y $what false
} else {
- # resize was clicked
+ # resize was clicked
}
}
@@ -1168,30 +1134,30 @@ proc thruPlotHandleRelease { c g x y what} {
thruPlotDrag $c $g $x $y $what false
} else {
thruPlotRescale $c $g $x $y
- }
+ }
}
# redraw thruplot
# x y show coords relative to top left corner of thruplot
proc thruPlotRescale { c g x y } {
- global thruplotResize resizemode oldX1 oldY1 oldX2 oldY2
+ global thruplotResize resizemode oldX1 oldY1 oldX2 oldY2
# resize based on resize mode
switch $resizemode {
ld {
- # if the left bot corner is clicked just look at new x set new height
+ # if the left bot corner is clicked just look at new x set new height
lassign [calcDimensions [expr {$oldX1 + $x}] $oldY1 $oldX2 [expr {$oldY1 + $y}]] cx cy h w
- thruPlot $c $g $cx $cy $h $w true
+ thruPlot $c $g $cx $cy $h $w true
}
ru {
# if the right top corner is clicked just look at new x set new heigth
lassign [calcDimensions $oldX1 [expr {$oldY1 + $y}] [expr {$oldX1 + $x}] $oldY2] cx cy h w
- thruPlot $c $g $cx $cy $h $w true
+ thruPlot $c $g $cx $cy $h $w true
}
rd {
- # if the right bottom corner clicked
+ # if the right bottom corner clicked
lassign [calcDimensions $oldX1 $oldY1 [expr {$oldX1 + $x}] [expr {$oldY1 + $y}]] cx cy h w
- thruPlot $c $g $cx $cy $h $w true
+ thruPlot $c $g $cx $cy $h $w true
}
lu {
# if the left bottom corner clicked
@@ -1205,44 +1171,44 @@ proc thruPlotRescale { c g x y } {
}
l {
# if the left side is clicked just look at new x
- lassign [calcDimensions [expr {$oldX1 + $x}] $oldY1 $oldX2 $oldY2] cx cy h w
- thruPlot $c $g $cx $cy $h $w true
+ lassign [calcDimensions [expr {$oldX1 + $x}] $oldY1 $oldX2 $oldY2] cx cy h w
+ thruPlot $c $g $cx $cy $h $w true
}
u {
- # if the top side is click just look at new y
+ # if the top side is click just look at new y
lassign [calcDimensions $oldX1 [expr {$oldY1 + $y}] $oldX2 $oldY2] cx cy h w
- thruPlot $c $g $cx $cy $h $w true
+ thruPlot $c $g $cx $cy $h $w true
}
d {
# if the top side is click just look at new y
lassign [calcDimensions $oldX1 $oldY1 $oldX2 [expr {$oldY1 + $y}]] cx cy h w
- thruPlot $c $g $cx $cy $h $w true
+ thruPlot $c $g $cx $cy $h $w true
}
default {
- puts "ERROR: should not come here. resize mode is invalid."
- }
+ puts "ERROR: should not come here. resize mode is invalid."
+ }
}
# rescale is done reset rescale global variables
set cursor left_ptr
set thruplotResize false
- set resizemode false
+ set resizemode false
}
# Calculate center, height, width based on top left and bot right corners
proc calcDimensions { x1 y1 x2 y2 } {
- set h [expr {$y2 - $y1}]
+ set h [expr {$y2 - $y1}]
set w [expr {$x2 - $x1}]
# enforce min size
if {$h < 100} {
- set h 100
+ set h 100
}
if {$w < 100} {
set w 100
}
- list [expr {$x1 + ($w/2)}] [expr {$y1 + ($h/2)}] $h $w
+ list [expr {$x1 + ($w/2)}] [expr {$y1 + ($h/2)}] $h $w
}
# Mouse drag a throughput plot.
@@ -1250,67 +1216,67 @@ proc thruPlotDrag { c g x y what fromCanvas} {
global thruPlotDragStart thruPlotCur
global plot_list
set pad 60
- set maxjump 500
+ set maxjump 500
# this fixes a bug when thruplot is off screen
if {$fromCanvas == true} {
#puts "handling from canvas"
- $c coords $thruPlotCur [expr {$x - $pad}] [expr {$y- $pad}]
- return
+ $c coords $thruPlotCur [expr {$x - $pad}] [expr {$y- $pad}]
+ return
}
if {$thruPlotDragStart == false} {
if { [expr abs($x)] > $maxjump || [expr abs($y)] > $maxjump} {
puts "ERROR can not drag too far at one time"
- return
- }
- } else {
+ return
+ }
+ } else {
set curx [lindex [$c coords $g] 0]
set cury [lindex [$c coords $g] 1]
- # perform the actual drag
+ # perform the actual drag
set newx [expr {$x - $pad + $curx}]
- set newy [expr {$y- $pad + $cury}]
- $c coords $thruPlotCur $newx $newy
+ set newy [expr {$y- $pad + $cury}]
+ $c coords $thruPlotCur $newx $newy
# save new coords DYL
- regexp {.c.(l.*thruplot)} $g match name
- # global ${name}
+ regexp {.c.(l.*thruplot)} $g match name
+ # global ${name}
# find and replace x coord
- updatePlotAttr ${name} "x" $newx
- updatePlotAttr ${name} "y" $newy
+ updatePlotAttr ${name} "x" $newx
+ updatePlotAttr ${name} "y" $newy
set thruPlotDragStart dragging
- }
+ }
}
proc redrawAllThruplots {} {
global plot_list
foreach tp $plot_list {
- # extract the following properties from the thruplot :
+ # extract the following properties from the thruplot :
# full path
# height, width
# x,y coords,
# color scheme
set fp [getPlotAttr $tp name]
set height [getPlotAttr $tp height]
- set width [getPlotAttr $tp width]
+ set width [getPlotAttr $tp width]
set x [getPlotAttr $tp x]
set y [getPlotAttr $tp y]
set color [getPlotAttr $tp color]
- thruPlot .c $fp $x $y $height $width true
- setThruPlotColor $fp $color
- }
+ thruPlot .c $fp $x $y $height $width true
+ setThruPlotColor $fp $color
+ }
}
-# this will update an attribute of the global thruplot variable
+# this will update an attribute of the global thruplot variable
proc updatePlotAttr { plot attr val } {
# puts "updating $attr of ${plot} to $val"
global ${plot}
- # find and replace attribute
+ # find and replace attribute
set i [lsearch [set ${plot}] "$attr *"]
# puts " found at $i"
if { $i >= 0 } {
@@ -1320,7 +1286,7 @@ proc updatePlotAttr { plot attr val } {
}
}
-# this will return an attribute from the plotlist
+# this will return an attribute from the plotlist
proc getPlotAttr {plot attr} {
global ${plot}
@@ -1345,7 +1311,7 @@ proc setThruPlotColor { g color} {
# set global variables that determine color scheme
thruPlotSetScheme $color
- # update old data
+ # update old data
$g itemconfigure "filler" -fill $curPlotFillColor
$g itemconfigure "line" -fill $curPlotLineColor
$g configure -bg $curPlotBgColor
@@ -1372,15 +1338,15 @@ proc thruPlotSetScheme { color } {
set curPlotBgColor "#eeffee"
}
default {
- puts "ERROR: invalid plot color '$color'"
+ puts "ERROR: invalid plot color '$color'"
}
- }
+ }
}
# update a throughput plot with a new data point
proc thruPlotUpdate { c link kbps } {
set g "$c.${link}thruplot"
- global $g curPlotLineColor curPlotFillColor curPlotBgColor thruPlotColor thruPlotMaxKBPS
+ global $g curPlotLineColor curPlotFillColor curPlotBgColor thruPlotColor thruPlotMaxKBPS
# Check if window exists
if { ![winfo exists $g] } {
@@ -1389,10 +1355,10 @@ proc thruPlotUpdate { c link kbps } {
# lookup scheme for thruplot and set scheme
set scheme [dict get $thruPlotColor $g]
- thruPlotSetScheme $scheme
- # set bg to scheme
- $g configure -bg $curPlotBgColor
-
+ thruPlotSetScheme $scheme
+ # set bg to scheme
+ $g configure -bg $curPlotBgColor
+
set maxx [$g cget -width]
set maxy [$g cget -height]
set yscale [thruPlotAutoScale $g $kbps]
@@ -1400,7 +1366,7 @@ proc thruPlotUpdate { c link kbps } {
# shift graph to the left by dt pixels
set dt 5.0
$g move "data" -$dt 0.0
-
+
thruPlotDeleteOldData $g $dt
set last [$g find withtag "data && last"]
@@ -1416,8 +1382,8 @@ proc thruPlotUpdate { c link kbps } {
$g create polygon $x1 $y1 $x2 $y2 $x2 $maxy $x1 $maxy \
-tags "data filler" -fill $curPlotFillColor -width 2
-
- $g create line $x1 $y1 $x2 $y2 -tags "data last line" -fill $curPlotLineColor
+
+ $g create line $x1 $y1 $x2 $y2 -tags "data last line" -fill $curPlotLineColor
}
# return the existing y-value scale; if the given value is off the scale,
@@ -1426,21 +1392,21 @@ proc thruPlotAutoScale { g val } {
set yscale [lindex [$g itemcget "ticks && scalemax" -text] 0]
global thruPlotMaxKBPS
- # update global max
+ # update global max
if { $val > $thruPlotMaxKBPS} {
set thruPlotMaxKBPS $val
- } else {
+ } else {
set val $thruPlotMaxKBPS
}
- # default
+ # default
if { $yscale == "" || $yscale < 1.0 } {
set yscale 10.0
- }
+ }
if { $val < $yscale } {
return $yscale ;# value within bounds of existing scale
- }
+ }
set maxy [$g cget -height]
set newyscale [expr {ceil($val) + 5.0}]
@@ -1519,7 +1485,7 @@ proc thruPlotDrawScale { g max } {
proc thruPlotDeleteOldData { g dt } {
foreach i [$g find withtag "data"] {
if { [lindex [$g coords $i] 0] < [expr { -2.0 * $dt }] } {
- $g delete $i
+ $g delete $i
}
}
}
@@ -1571,7 +1537,7 @@ proc widget_cpu_config {} {
labelframe $wi.hi -padx 4 -pady 4 -text "Node highlighting"
-
+
# Threshold (set to zero to disable)
label $wi.hi.lab1 -text "Highlight node if CPU usage exceeds this "
pack $wi.hi.lab1 -side top -anchor w
@@ -1581,7 +1547,7 @@ proc widget_cpu_config {} {
label $wi.hi.t.lab2 -text "% CPU"
pack $wi.hi.t.lab2 $wi.hi.t.thresh $wi.hi.t.lab1 -side right -padx 4 -pady 4
pack $wi.hi.lab1 $wi.hi.t -side top
-
+
# Highlight color/width
frame $wi.hi.w
label $wi.hi.w.lab3 -text "radius:"
@@ -1597,7 +1563,7 @@ proc widget_cpu_config {} {
pack $wi.hi.w.colbtn $wi.hi.w.color $wi.hi.w.lab1 \
-side right -padx 4 -pady 4
pack $wi.hi.w -side top
-
+
pack $wi.hi -side top -fill x
# OK button at bottom
@@ -1642,13 +1608,8 @@ proc widget_cpu_init {command} {
#
proc widget_cpu_periodic { now } {
global systype
-
- if { [lindex $systype 0] == "FreeBSD" } {
- widget_cpu_periodic_vimage $now
- } else {
puts "warning: the CPU widget is not functional for this platform yet"
return
- }
}
proc widget_cpu_periodic_vimage { now } {
@@ -1664,10 +1625,10 @@ proc widget_cpu_periodic_vimage { now } {
set newtext [format "%.2f %%" $cpustats($eid\_$node)]
set coords [getCPUcoords $node]
- set x [lindex $coords 0]
- set y [lindex $coords 1]
- set basex [lindex $coords 2]
- set basey [lindex $coords 3]
+ set x [lindex $coords 0]
+ set y [lindex $coords 1]
+ set basex [lindex $coords 2]
+ set basey [lindex $coords 3]
set existing [.c find withtag "cpulabel && $node"]
if { [llength $existing] == 0 } { ;# create new label
@@ -1678,7 +1639,7 @@ proc widget_cpu_periodic_vimage { now } {
.c itemconfigure $cpulabel -text $newtext
}
.c raise $cpulabel
- # perform highlighting
+ # perform highlighting
set existing [.c find withtag "cpuhi && $node"]
if { $cpustats($eid\_$node) >= $cpuConfig(thresh) } {
if { [llength $existing] == 0 } {
@@ -1692,7 +1653,7 @@ proc widget_cpu_periodic_vimage { now } {
#.c raise "link && $node"
.c raise "node && $node"
}
-
+
} elseif { [llength $existing] > 0 } {
.c delete $existing
}
@@ -1726,7 +1687,7 @@ proc getstats_cpu_vimage { raw_input} {
if { $numlines <= 4 } {
return [list 0 0]
}
-
+
# add node_name/cpu to a list
set ret {}
set i 0
@@ -1756,7 +1717,7 @@ proc getstats_cpu_vestat { } {
global cpu_vestat_history; # remember previous jiffies
set Hertz 100.0; # from , varies per architecture
- # read /proc/vz/vestat
+ # read /proc/vz/vestat
if { [catch {set f [open "/proc/vz/vestat" r]} e] } {
puts "error opening /proc/vz/vestat: $e"
return
@@ -1784,8 +1745,8 @@ proc getstats_cpu_vestat { } {
array set cpu_vestat_history [list uptime $uptime_now]
set elapsed [expr {$uptime_now - $uptime_old}]
if { $elapsed == 0.0 } { set elapsed 1.0 }; # don't divide by zero
-
-
+
+
# add node_name/cpu to a list
set ret {}
for { set i 0 } { $i < [llength $lines] } { incr i } {
@@ -1943,7 +1904,7 @@ proc get_router_id {node} {
}
}
if {[lsearch [getNodeServices $node true] "OLSR"] != -1 } {
-
+
set sock [lindex [getEmulPlugin $node] 2]
set exec_num [newExecCallbackRequest adjacencyrouterid]
set name [getNodeName $node]
@@ -2008,7 +1969,7 @@ proc widget_adjacency_init {command} {
set enable_Adjacency_OSPFv3 0
set enable_Adjacency_OLSR 0
set adjacency_config(proto) "OLSRv2_proto"
- }
+ }
}
# Initialize
@@ -2017,7 +1978,7 @@ proc widget_adjacency_init {command} {
foreach node $node_list { ;# save router-id node pairs for later lookup
if { [nodeType $node] != "router" } { continue }
if {[lsearch [getNodeServices $node true] "zebra"] < 0 &&
- [lsearch [getNodeServices $node true] "OLSR"] < 0 &&
+ [lsearch [getNodeServices $node true] "OLSR"] < 0 &&
[lsearch [getNodeServices $node true] "OLSRv2"] < 0} {
continue
}
@@ -2107,16 +2068,16 @@ proc exec_adjacency_callback { node execnum cmd result status } {
global g_api_exec_num
set changed 0
set c .c
-
+
set proto $adjacency_config(proto)
array set colors $adjacency_config(colors)
if { $adjacency_config(offset) } { set o 5 } else { set o 0 }
- $c addtag adjdelete withtag "adjline && $node" ;# flag del all adjlines
+ $c addtag adjdelete withtag "adjline && $node" ;# flag del all adjlines
set adjs [getadj_from_neighbors $result $proto]
-
+
foreach adj $adjs {
-
+
set peer [lindex $adj 0]
set line [$c find withtag "adjline && $node && $peer"]
@@ -2193,7 +2154,7 @@ proc getadj_from_neighbors { raw_input proto } {
"LOST" { set state "Down" }
"MPR" { set state "Full" }
"PENDING" { set state "Init" }
- "INVALID" { set state "Down" }
+ "INVALID" { set state "Down" }
}
lappend ret [list $rtrid $state]
}
@@ -2205,7 +2166,7 @@ proc getadj_from_neighbors { raw_input proto } {
#10.0.0.2 1 00:00:06 Init/PointToPoint 00:00:00 eth0[PointToP
#10.0.0.2 1 00:00:06 Twoway/PointToPoint 00:00:00 eth0[PointToP
#10.0.0.2 1 00:00:06 Full/PointToPoint 00:00:38 eth0[PointToP
-#10.0.7.2 1 Full/Backup 37.240s 10.0.0.2 eth0:10.0.0.1
+#10.0.7.2 1 Full/Backup 37.240s 10.0.0.2 eth0:10.0.0.1
foreach line [split $raw_input "\n"] {
set rtrid [string trim [string range $line 0 14]]
if { $rtrid == "Neighbor ID" } { continue }
@@ -2284,17 +2245,17 @@ proc widget_adjacency_init_submenu { m } {
set enable_Adjacency_OSPFv2 0
$m.adj add checkbutton -label "OSPFv2" -variable enable_Adjacency_OSPFv2 \
-command "[lindex $widgets(Adjacency) 1] menu2"
-
+
global enable_Adjacency_OSPFv3
set enable_Adjacency_OSPFv3 0
$m.adj add checkbutton -label "OSPFv3" -variable enable_Adjacency_OSPFv3 \
-command "[lindex $widgets(Adjacency) 1] menu3"
-
+
global enable_Adjacency_OLSR
set enable_Adjacency_OLSR 0
$m.adj add checkbutton -label "OLSR" -variable enable_Adjacency_OLSR \
-command "[lindex $widgets(Adjacency) 1] menu4"
-
+
global enable_Adjacency_OLSRv2
set enable_Adjacency_OLSRv2 0
$m.adj add checkbutton -label "OLSRv2" -variable enable_Adjacency_OLSRv2 \
diff --git a/kernel/freebsd/4.11-R-CORE.diff b/kernel/freebsd/4.11-R-CORE.diff
deleted file mode 100644
index ab7329c6..00000000
--- a/kernel/freebsd/4.11-R-CORE.diff
+++ /dev/null
@@ -1,7150 +0,0 @@
-diff -urN sys/i386/conf/CORE sys.CORE/i386/conf/CORE
---- sys/i386/conf/CORE Wed Dec 31 16:00:00 1969
-+++ sys.CORE/i386/conf/CORE Wed Jan 31 16:02:43 2007
-@@ -0,0 +1,182 @@
-+machine i386
-+cpu I586_CPU
-+cpu I686_CPU
-+ident CORE
-+maxusers 0
-+
-+makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols
-+options DDB
-+
-+options INET #InterNETworking
-+options INET6 #IPv6 communications protocols
-+options IPSEC
-+options IPSEC_ESP
-+#options IPSEC_DEBUG
-+options FFS #Berkeley Fast Filesystem
-+options FFS_ROOT #FFS usable as root device [keep this!]
-+options SOFTUPDATES #Enable FFS soft updates support
-+options UFS_DIRHASH #Improve performance on big directories
-+options MFS #Memory Filesystem
-+options MD_ROOT #MD is a potential root device
-+options MSDOSFS #MSDOS Filesystem
-+options CD9660 #ISO 9660 Filesystem
-+options CD9660_ROOT #CD-ROM usable as root, CD9660 required
-+options PROCFS #Process filesystem
-+options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!]
-+options UCONSOLE #Allow users to grab the console
-+options USERCONFIG #boot -c editor
-+options VISUAL_USERCONFIG #visual boot -c editor
-+options KTRACE #ktrace(1) support
-+options SYSVSHM #SYSV-style shared memory
-+options SYSVMSG #SYSV-style message queues
-+options SYSVSEM #SYSV-style semaphores
-+options P1003_1B #Posix P1003_1B real-time extensions
-+options _KPOSIX_PRIORITY_SCHEDULING
-+options ICMP_BANDLIM #Rate limit bad replies
-+options KBD_INSTALL_CDEV # install a CDEV entry in /dev
-+
-+device isa
-+device pci
-+
-+# Floppy drives
-+device fdc0 at isa? port IO_FD1 irq 6 drq 2
-+device fd0 at fdc0 drive 0
-+
-+# ATA and ATAPI devices
-+device ata0 at isa? port IO_WD1 irq 14
-+device ata1 at isa? port IO_WD2 irq 15
-+device ata
-+device atadisk # ATA disk drives
-+device atapicd # ATAPI CDROM drives
-+device atapifd # ATAPI floppy drives
-+device atapist # ATAPI tape drives
-+options ATA_STATIC_ID #Static device numbering
-+
-+# SCSI peripherals
-+device scbus # SCSI bus (required)
-+device da # Direct Access (disks)
-+device sa # Sequential Access (tape etc)
-+device cd # CD
-+device pass # Passthrough device (direct SCSI access)
-+
-+# atkbdc0 controls both the keyboard and the PS/2 mouse
-+device atkbdc0 at isa? port IO_KBD
-+device atkbd0 at atkbdc? irq 1 flags 0x1
-+device psm0 at atkbdc? irq 12
-+
-+device vga0 at isa?
-+
-+# syscons is the default console driver, resembling an SCO console
-+device sc0 at isa? flags 0x100
-+
-+device agp # support several AGP chipsets
-+
-+# Floating point support - do not disable.
-+device npx0 at nexus? port IO_NPX irq 13
-+
-+# Power management support (see LINT for more options)
-+#device apm0 at nexus? #flags 0x20 # Advanced Power Management
-+
-+# PCCARD (PCMCIA) support
-+device card
-+device pcic0 at isa? irq 0 port 0x3e0 iomem 0xd0000
-+device pcic1 at isa? irq 0 port 0x3e2 iomem 0xd4000 disable
-+
-+# Serial (COM) ports
-+# jeffa: added debug flag
-+device sio0 at isa? port IO_COM1 flags 0x80 irq 4
-+#device sio0 at isa? port IO_COM1 flags 0x10 irq 4
-+device sio1 at isa? port IO_COM2 irq 3
-+
-+# PCI Ethernet NICs.
-+device de # DEC/Intel DC21x4x (``Tulip'')
-+device em # Intel PRO/1000 adapter Gigabit Ethernet Card (``Wiseman'')
-+device txp # 3Com 3cR990 (``Typhoon'')
-+device vx # 3Com 3c590, 3c595 (``Vortex'')
-+
-+# PCI Ethernet NICs that use the common MII bus controller code.
-+# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
-+device miibus # MII bus support
-+device dc # DEC/Intel 21143 and various workalikes
-+device fxp # Intel EtherExpress PRO/100B (82557, 82558)
-+device pcn # AMD Am79C97x PCI 10/100 NICs
-+device rl # RealTek 8129/8139
-+device sf # Adaptec AIC-6915 (``Starfire'')
-+device sis # Silicon Integrated Systems SiS 900/SiS 7016
-+device ste # Sundance ST201 (D-Link DFE-550TX)
-+device tl # Texas Instruments ThunderLAN
-+device tx # SMC EtherPower II (83c170 ``EPIC'')
-+device vr # VIA Rhine, Rhine II
-+device wb # Winbond W89C840F
-+device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'')
-+device bge # Broadcom BCM570x (``Tigon III'')
-+
-+# ISA Ethernet NICs.
-+# 'device ed' requires 'device miibus'
-+device ed0 at isa? disable port 0x280 irq 10 iomem 0xd8000
-+device ex
-+device ep
-+device fe0 at isa? disable port 0x300
-+# Xircom Ethernet
-+device xe
-+
-+# Wireless
-+#device awi
-+device wi
-+device an
-+
-+# The probe order of these is presently determined by i386/isa/isa_compat.c.
-+device ie0 at isa? disable port 0x300 irq 10 iomem 0xd0000
-+#device le0 at isa? disable port 0x300 irq 5 iomem 0xd0000
-+device lnc0 at isa? disable port 0x280 irq 10 drq 0
-+device cs0 at isa? disable port 0x300
-+device sn0 at isa? disable port 0x300 irq 10
-+
-+# Pseudo devices - the number indicates how many units to allocate.
-+pseudo-device loop # Network loopback
-+pseudo-device ether # Ethernet support
-+pseudo-device tun # Packet tunnel.
-+pseudo-device pty # Pseudo-ttys (telnet etc)
-+pseudo-device md # Memory "disks"
-+pseudo-device gif
-+pseudo-device gre
-+
-+# The `bpf' pseudo-device enables the Berkeley Packet Filter.
-+# Be aware of the administrative consequences of enabling this!
-+pseudo-device bpf #Berkeley packet filter
-+
-+# USB support
-+device uhci # UHCI PCI->USB interface
-+device ohci # OHCI PCI->USB interface
-+device usb # USB Bus (required)
-+device ugen # Generic
-+device uhid # "Human Interface Devices"
-+device ukbd # Keyboard
-+device ulpt # Printer
-+device umass # Disks/Mass storage - Requires scbus and da
-+device ums # Mouse
-+# USB Ethernet, requires mii
-+device aue # ADMtek USB ethernet
-+device cue # CATC USB ethernet
-+device kue # Kawasaki LSI USB ethernet
-+# USB com devices
-+device ucom
-+device uftdi
-+
-+# LIMUNES specific options
-+options ROOTDEVNAME=\"cd9660:acd0\"
-+options UNION # Is this really needed?
-+options EXT2FS # And this?
-+pseudo-device vn 15 # Vnode driver (turns a file into a device)
-+
-+options MROUTING # Multicast routing
-+options PIM # Protocol Independent Multicast
-+#options IPFIREWALL # firewall
-+#options IPFIREWALL_DEFAULT_TO_ACCEPT # allow everything by default
-+#options IPDIVERT # divert sockets
-+
-+options HZ=1000
-+#options AUTO_EOI_1
-+options CPU_ENABLE_SSE
-+options CPU_FASTER_5X86_FPU
-+makeoptions CONF_CFLAGS=-mpentiumpro
-diff -urN sys/kern/kern_vimage.c sys.CORE/kern/kern_vimage.c
---- sys/kern/kern_vimage.c Wed Jan 31 15:57:04 2007
-+++ sys.CORE/kern/kern_vimage.c Wed Jan 31 16:02:43 2007
-@@ -52,9 +52,13 @@
- #include
- #include
- #include
-+#include
- #include
-
- #include
-+#ifdef IPSEC
-+#include
-+#endif
-
- /* Arbitrary values */
- #define TCP_SYNCACHE_HASHSIZE 512
-@@ -107,6 +111,12 @@
- { "mrt6stat", V_NET, v_mrt6stat, sizeof (x_vnet->mrt6stat) },
- { "mf6ctable", V_NET, v_mf6ctable, sizeof (x_vnet->mf6ctable) },
- { "mif6table", V_NET, v_mif6table, sizeof (x_vnet->mif6table) },
-+#ifdef IPSEC
-+ { "ipsecstat", V_NET, v_ipsecstat, sizeof (x_vnet->ipsecstat) },
-+#ifdef INET6
-+ { "ipsec6stat", V_NET, v_ipsec6stat, sizeof (x_vnet->ipsec6stat) },
-+#endif /* INET6 */
-+#endif /* IPSEC */
- { NULL, 0, 0 , 0 }
- };
-
-@@ -742,7 +752,17 @@
- }
-
- rtable_init((void **)vnet->rt_tables, vnet);
-+#ifdef IPSEC
-+ if (vnet != vnet0)
-+ key_init(vnet);
-+#endif
- vi_loopattach(vnet);
-+ if (vnet != vnet0)
-+ gif_init(vnet);
-+
-+ /*Boeing IDC*/
-+ if (vnet != vnet0)
-+ gre_init(vnet);
-
- if (IPFW_LOADED)
- ip_fw_init_ptr(vnet);
-@@ -796,6 +816,15 @@
-
- free((caddr_t)vnet->ifnet_addrs, M_IFADDR);
- free((caddr_t)vnet->ifindex2ifnet, M_IFADDR);
-+
-+ while (!LIST_EMPTY(&vnet->gif_softc_list))
-+ gif_clone_destroy(&LIST_FIRST(&vnet->gif_softc_list)->gif_if);
-+ rman_fini(vnet->gifunits);
-+
-+ /*Boeing IDC*/
-+ while (!LIST_EMPTY(&vnet->gre_softc_list))
-+ gre_clone_destroy(&LIST_FIRST(&vnet->gre_softc_list)->sc_if);
-+ rman_fini(vnet->greunits);
-
- /* hopefully, we are finally clear to free the vnet container itself! */
- LIST_REMOVE(vnet, vnet_le);
-diff -urN sys/net/if.c sys.CORE/net/if.c
---- sys/net/if.c Wed Jan 31 15:57:05 2007
-+++ sys.CORE/net/if.c Wed Jan 31 16:19:58 2007
-@@ -276,6 +276,11 @@
- sdl->sdl_data[--namelen] = 0xff;
- TAILQ_INSERT_HEAD(&ifp->if_addrhead, ifa, ifa_link);
- }
-+#ifdef MROUTING
-+#ifdef PIM
-+ vnet->reg_vif_num = -1; /* XXX means VIFI_INVALID */
-+#endif
-+#endif
-
- /* Announce the interface. */
- rt_ifannouncemsg(ifp, IFAN_ARRIVAL);
-diff -urN sys/net/if_gif.c sys.CORE/net/if_gif.c
---- sys/net/if_gif.c Wed Jan 31 15:57:05 2007
-+++ sys.CORE/net/if_gif.c Wed Jan 31 16:02:43 2007
-@@ -90,7 +90,9 @@
- #define GIF_MAXUNIT 0x7fff /* ifp->if_unit is only 15 bits */
-
- static MALLOC_DEFINE(M_GIF, "gif", "Generic Tunnel Interface");
-+#ifdef MOVED_TO_VNET
- static struct rman gifunits[1];
-+#endif /* MOVED_TO_VNET */
-
- int gif_clone_create __P((struct if_clone *, int *, struct vnet *));
- void gif_clone_destroy __P((struct ifnet *));
-@@ -114,22 +116,26 @@
- */
- #define MAX_GIF_NEST 1
- #endif
-+#ifdef MOVED_TO_VNET
- static int max_gif_nesting = MAX_GIF_NEST;
--SYSCTL_INT(_net_link_gif, OID_AUTO, max_nesting, CTLFLAG_RW,
-- &max_gif_nesting, 0, "Max nested tunnels");
-+#endif /* MOVED_TO_VNET */
-+SYSCTL_V_INT(V_NET, _net_link_gif, OID_AUTO, max_nesting, CTLFLAG_RW,
-+ v_max_gif_nesting, 0, "Max nested tunnels");
-
- /*
- * By default, we disallow creation of multiple tunnels between the same
- * pair of addresses. Some applications require this functionality so
- * we allow control over this check here.
- */
-+#ifdef MOVED_TO_VNET
- #ifdef XBONEHACK
- static int parallel_tunnels = 1;
- #else
- static int parallel_tunnels = 0;
- #endif
--SYSCTL_INT(_net_link_gif, OID_AUTO, parallel_tunnels, CTLFLAG_RW,
-- ¶llel_tunnels, 0, "Allow parallel tunnels?");
-+#endif /* MOVED_TO_VNET */
-+SYSCTL_V_INT(V_NET, _net_link_gif, OID_AUTO, parallel_tunnels, CTLFLAG_RW,
-+ v_parallel_tunnels, 0, "Allow parallel tunnels?");
-
- int
- gif_clone_create(ifc, unit, vnet)
-@@ -140,17 +146,19 @@
- struct resource *r;
- struct gif_softc *sc;
-
-+ if (vnet == NULL)
-+ panic("gif_clone_create: NULL vnet was passed.");
- if (*unit > GIF_MAXUNIT)
- return (ENXIO);
-
- if (*unit < 0) {
-- r = rman_reserve_resource(gifunits, 0, GIF_MAXUNIT, 1,
-+ r = rman_reserve_resource(vnet->gifunits, 0, GIF_MAXUNIT, 1,
- RF_ALLOCATED | RF_ACTIVE, NULL);
- if (r == NULL)
- return (ENOSPC);
- *unit = rman_get_start(r);
- } else {
-- r = rman_reserve_resource(gifunits, *unit, *unit, 1,
-+ r = rman_reserve_resource(vnet->gifunits, *unit, *unit, 1,
- RF_ALLOCATED | RF_ACTIVE, NULL);
- if (r == NULL)
- return (EEXIST);
-@@ -202,6 +210,8 @@
- struct gif_softc *sc = ifp->if_softc;
- struct vnet *vnet = ifp->if_vnet;
-
-+ if (vnet == NULL)
-+ panic("gif_clone_destroy: NULL vnet from ifp.");
- gif_delete_tunnel(&sc->gif_if);
- LIST_REMOVE(sc, gif_list);
- #ifdef INET6
-@@ -226,31 +236,61 @@
- free(sc, M_GIF);
- }
-
-+/* Initialize gif vars for a single vnet */
-+int
-+gif_init(vnet)
-+ struct vnet *vnet;
-+{
-+ int err=0;
-+
-+ vnet->max_gif_nesting = MAX_GIF_NEST;
-+ vnet->parallel_tunnels = 0;
-+ vnet->gifunits->rm_type = RMAN_ARRAY;
-+ vnet->gifunits->rm_descr = "configurable if_gif units";
-+ err = rman_init(vnet->gifunits);
-+ if (err != 0)
-+ return (err);
-+ err = rman_manage_region(vnet->gifunits, 0, GIF_MAXUNIT);
-+ if (err != 0) {
-+ printf("%s: gifunits: rman_manage_region: Failed %d\n",
-+ GIFNAME, err);
-+ rman_fini(vnet->gifunits);
-+ return (err);
-+ }
-+ LIST_INIT(&vnet->gif_softc_list);
-+
-+ return 0;
-+}
-+
- static int
- gifmodevent(mod, type, data)
- module_t mod;
- int type;
- void *data;
- {
-- int err;
-+ int err=0;
- struct vnet *vnet;
-
- switch (type) {
- case MOD_LOAD:
-- gifunits->rm_type = RMAN_ARRAY;
-- gifunits->rm_descr = "configurable if_gif units";
-- err = rman_init(gifunits);
-+ LIST_FOREACH(vnet, &vnet_head, vnet_le)
-+ {
-+ vnet->max_gif_nesting = MAX_GIF_NEST;
-+ vnet->parallel_tunnels = 0;
-+ vnet->gifunits->rm_type = RMAN_ARRAY;
-+ vnet->gifunits->rm_descr = "configurable if_gif units";
-+ err = rman_init(vnet->gifunits);
- if (err != 0)
- return (err);
-- err = rman_manage_region(gifunits, 0, GIF_MAXUNIT);
-+ err = rman_manage_region(vnet->gifunits, 0, GIF_MAXUNIT);
- if (err != 0) {
- printf("%s: gifunits: rman_manage_region: Failed %d\n",
- GIFNAME, err);
-- rman_fini(gifunits);
-+ rman_fini(vnet->gifunits);
- return (err);
- }
-- LIST_FOREACH(vnet, &vnet_head, vnet_le)
-- LIST_INIT(&vnet->gif_softc_list);
-+ LIST_INIT(&vnet->gif_softc_list);
-+ }
- if_clone_attach(&gif_cloner);
-
- #ifdef INET6
-@@ -261,11 +301,12 @@
- case MOD_UNLOAD:
- if_clone_detach(&gif_cloner);
-
-- LIST_FOREACH(vnet, &vnet_head, vnet_le)
-+ LIST_FOREACH(vnet, &vnet_head, vnet_le) {
- while (!LIST_EMPTY(&vnet->gif_softc_list))
- gif_clone_destroy(&LIST_FIRST(&vnet->gif_softc_list)->gif_if);
-+ err = rman_fini(vnet->gifunits);
-+ }
-
-- err = rman_fini(gifunits);
- if (err != 0)
- return (err);
- #ifdef INET6
-@@ -295,6 +336,8 @@
- struct ip ip;
- struct gif_softc *sc;
-
-+ if (vnet == NULL)
-+ panic("gif_encapcheck: NULL vnet was passed.");
- sc = (struct gif_softc *)arg;
- if (sc == NULL)
- return 0;
-@@ -358,6 +401,11 @@
- struct gif_softc *sc = (struct gif_softc*)ifp;
- int error = 0;
- static int called = 0; /* XXX: MUTEX */
-+ struct vnet *vnet;
-+
-+ vnet = ifp->if_vnet;
-+ /*if (vnet == NULL)
-+ panic("gif_output: cannot find vnet.");*/
-
- /*
- * gif may cause infinite recursion calls when misconfigured.
-@@ -366,7 +414,7 @@
- * mutual exclusion of the variable CALLED, especially if we
- * use kernel thread.
- */
-- if (++called > max_gif_nesting) {
-+ if (++called > vnet->max_gif_nesting) {
- log(LOG_NOTICE,
- "gif_output: recursively called too many times(%d)\n",
- called);
-@@ -441,13 +489,16 @@
- int s, isr;
- struct p_ifqueue *p_ifq = NULL;
- struct ifqueue *ifq;
-- struct vnet *vnet = m->m_pkthdr.rcvif->if_vnet;
-+ struct vnet *vnet;
-
- if (ifp == NULL) {
- /* just in case */
- m_freem(m);
- return;
- }
-+ vnet = ifp->if_vnet;
-+ if (vnet == NULL)
-+ panic("gif_input: NULL vnet was passed.");
-
- m->m_pkthdr.rcvif = ifp;
-
-@@ -779,6 +830,8 @@
- int error = 0;
- struct vnet *vnet = sc->gif_vnet;
-
-+ if (vnet == NULL)
-+ panic("gif_set_tunnel: NULL vnet from sc->gif_vnet");
- s = splnet();
-
- LIST_FOREACH(sc2, &vnet->gif_softc_list, gif_list) {
-@@ -796,7 +849,7 @@
- * Disallow parallel tunnels unless instructed
- * otherwise.
- */
-- if (!parallel_tunnels &&
-+ if (!vnet->parallel_tunnels &&
- bcmp(sc2->gif_pdst, dst, dst->sa_len) == 0 &&
- bcmp(sc2->gif_psrc, src, src->sa_len) == 0) {
- error = EADDRNOTAVAIL;
-diff -urN sys/net/if_gif.h sys.CORE/net/if_gif.h
---- sys/net/if_gif.h Wed Jan 31 15:57:05 2007
-+++ sys.CORE/net/if_gif.h Wed Jan 31 16:02:43 2007
-@@ -75,6 +75,7 @@
- #define GIF_MTU_MAX (8192) /* Maximum MTU */
-
- /* Prototypes */
-+int gif_init(struct vnet *);
- void gifattach0 __P((struct gif_softc *));
- void gif_input __P((struct mbuf *, int, struct ifnet *));
- int gif_output __P((struct ifnet *, struct mbuf *,
-diff -urN sys/net/if_gre.c sys.CORE/net/if_gre.c
---- sys/net/if_gre.c Wed Jan 31 15:57:05 2007
-+++ sys.CORE/net/if_gre.c Wed Jan 31 16:02:43 2007
-@@ -97,10 +97,14 @@
- #define GRE_MAXUNIT 0x7fff
-
- static MALLOC_DEFINE(M_GRE, GRENAME, "Generic Routing Encapsulation");
-+#ifdef MOVED_TO_VNET
- static struct rman greunits[1];
-+#endif /* MOVED_TO_VNET */
-
--static int gre_clone_create(struct if_clone *, int *, struct vnet *);
--static void gre_clone_destroy(struct ifnet *);
-+/*Boeing IDC static int gre_clone_create(struct if_clone *, int *, struct vnet *);*/
-+/*Boeing IDC static void gre_clone_destroy(struct ifnet *);*/
-+int gre_clone_create __P((struct if_clone *, int *, struct vnet *));
-+void gre_clone_destroy __P((struct ifnet *));
- static int gre_ioctl(struct ifnet *, u_long, caddr_t);
- static int gre_output(struct ifnet *, struct mbuf *, struct sockaddr *,
- struct rtentry *rt);
-@@ -144,9 +148,11 @@
- */
- #define MAX_GRE_NEST 1
- #endif
-+#ifdef MOVED_TO_VNET
- static int max_gre_nesting = MAX_GRE_NEST;
--SYSCTL_INT(_net_link_gre, OID_AUTO, max_nesting, CTLFLAG_RW,
-- &max_gre_nesting, 0, "Max nested tunnels");
-+#endif /* MOVED_TO_VNET */
-+SYSCTL_V_INT(V_NET, _net_link_gre, OID_AUTO, max_nesting, CTLFLAG_RW,
-+ v_max_gre_nesting, 0, "Max nested tunnels");
-
- /* ARGSUSED */
- static void
-@@ -167,17 +173,20 @@
- struct resource *r;
- struct gre_softc *sc;
-
-+ if (vnet == NULL)
-+ panic("gre_clone_create: NULL vnet was passed.");
-+
- if (*unit > GRE_MAXUNIT)
- return (ENXIO);
-
- if (*unit < 0) {
-- r = rman_reserve_resource(greunits, 0, GRE_MAXUNIT, 1,
-+ r = rman_reserve_resource(vnet->greunits, 0, GRE_MAXUNIT, 1,
- RF_ALLOCATED | RF_ACTIVE, NULL);
- if (r == NULL)
- return (ENOSPC);
- *unit = rman_get_start(r);
- } else {
-- r = rman_reserve_resource(greunits, *unit, *unit, 1,
-+ r = rman_reserve_resource(vnet->greunits, *unit, *unit, 1,
- RF_ALLOCATED | RF_ACTIVE, NULL);
- if (r == NULL)
- return (EEXIST);
-@@ -211,12 +220,16 @@
- return (0);
- }
-
--static void
-+/*static*/
-+void
- gre_clone_destroy(ifp)
- struct ifnet *ifp;
- {
- int err;
- struct gre_softc *sc = ifp->if_softc;
-+ /*Boeing IDC copied from if_gif.c*/
-+ if (sc->g_vnet == NULL)
-+ panic("gre_clone_destroy: NULL vnet from ifp.");
-
- #ifdef INET
- if (sc->encap != NULL)
-@@ -232,6 +245,37 @@
- free(sc, M_GRE);
- }
-
-+
-+/*Boeing IDC*/
-+
-+/* Initialize gif vars for a single vnet */
-+int
-+gre_init(vnet)
-+ struct vnet *vnet;
-+{
-+ int err=0;
-+
-+ vnet->max_gre_nesting = MAX_GRE_NEST;
-+ vnet->parallel_tunnels = 0;
-+ vnet->greunits->rm_type = RMAN_ARRAY;
-+ vnet->gifunits->rm_descr = "configurable if_gre units";
-+ err = rman_init(vnet->greunits);
-+ if (err != 0)
-+ return (err);
-+ err = rman_manage_region(vnet->greunits, 0, GRE_MAXUNIT);
-+ if (err != 0) {
-+ printf("%s: greunits: rman_manage_region: Failed %d\n",
-+ GRENAME, err);
-+ rman_fini(vnet->greunits);
-+ return (err);
-+ }
-+ LIST_INIT(&vnet->gre_softc_list);
-+ return 0;
-+}
-+
-+
-+
-+
- /*
- * The output routine. Takes a packet and encapsulates it in the protocol
- * given by sc->g_proto. See also RFC 1701 and RFC 2004
-@@ -247,12 +291,14 @@
- u_char osrc;
- u_short etype = 0;
- struct mobile_h mob_h;
-+ struct vnet *vnet;
-
-+ vnet = ifp->if_vnet;
- /*
- * gre may cause infinite recursion calls when misconfigured.
- * We'll prevent this by introducing upper limit.
- */
-- if (++(sc->called) > max_gre_nesting) {
-+ if (++(sc->called) > vnet->max_gre_nesting) {
- printf("%s: gre_output: recursively called too many "
- "times(%d)\n", if_name(&sc->sc_if), sc->called);
- m_freem(m);
-@@ -780,31 +826,33 @@
-
- switch (type) {
- case MOD_LOAD:
-- greunits->rm_type = RMAN_ARRAY;
-- greunits->rm_descr = "configurable if_gre units";
-- err = rman_init(greunits);
-+ LIST_FOREACH(vnet, &vnet_head, vnet_le)
-+ {
-+ vnet->max_gre_nesting = MAX_GRE_NEST;
-+ vnet->greunits->rm_type = RMAN_ARRAY;
-+ vnet->greunits->rm_descr = "configurable if_gre units";
-+ err = rman_init(vnet->greunits);
- if (err != 0)
- return (err);
-- err = rman_manage_region(greunits, 0, GRE_MAXUNIT);
-+ err = rman_manage_region(vnet->greunits, 0, GRE_MAXUNIT);
- if (err != 0) {
-- printf("%s: greunits: rman_manage_region: Failed %d\n",
-- GRENAME, err);
-- rman_fini(greunits);
-- return (err);
-+ printf("%s: greunits: rman_manage_region: Failed %d\n",
-+ GRENAME, err);
-+ rman_fini(vnet->greunits);
-+ return (err);
-+ }
-+ greattach(vnet);
- }
--
-- LIST_FOREACH(vnet, &vnet_head, vnet_le)
-- greattach(vnet);
--
- break;
- case MOD_UNLOAD:
- if_clone_detach(&gre_cloner);
-
-- LIST_FOREACH(vnet, &vnet_head, vnet_le)
-+ err = 0;
-+ LIST_FOREACH(vnet, &vnet_head, vnet_le) {
- while (!LIST_EMPTY(&vnet->gre_softc_list))
- gre_clone_destroy(&LIST_FIRST(&vnet->gre_softc_list)->sc_if);
--
-- err = rman_fini(greunits);
-+ err += rman_fini(vnet->greunits);
-+ }
- if (err != 0)
- return (err);
-
-diff -urN sys/net/if_gre.h sys.CORE/net/if_gre.h
---- sys/net/if_gre.h Wed Jan 31 15:57:05 2007
-+++ sys.CORE/net/if_gre.h Wed Jan 31 16:02:43 2007
-@@ -172,4 +172,7 @@
- u_short gre_in_cksum(u_short *p, u_int len);
- #endif /* _KERNEL */
-
-+/* Prototypes */
-+int gre_init(struct vnet *);
-+
- #endif
-diff -urN sys/net/vnet.h sys.CORE/net/vnet.h
---- sys/net/vnet.h Wed Jan 31 15:57:05 2007
-+++ sys.CORE/net/vnet.h Wed Jan 31 16:02:43 2007
-@@ -83,6 +83,15 @@
- #include
- #include
-
-+/* IPsec support */
-+#include
-+#include
-+#include
-+#include
-+/* gif support */
-+#include
-+#include
-+
- #ifdef _KERNEL
-
- int vi_if_move(struct vi_req *, struct ifnet *, struct vimage *);
-@@ -131,6 +140,7 @@
-
- TAILQ_HEAD(dadq_head, dadq);
-
-+/**/
-
- struct vnet {
- LIST_ENTRY(vnet) vnet_le; /* linked list of all vnets */
-@@ -172,7 +182,8 @@
- struct ifnet loif; /* from net/if_loop.c */
- struct ifnet vipa; /* from net/if_loop.c */
-
-- struct gre_softc_head gre_softc_list;
-+ /*Boeing IDC struct gre_softc_head gre_softc_list;*/
-+ LIST_HEAD(, gre_softc) gre_softc_list;
- LIST_HEAD(, gif_softc) gif_softc_list;
-
- /* NETINET */
-@@ -370,6 +381,8 @@
- struct udpstat udpstat; /* from udp_usrreq.c */
- struct icmpstat icmpstat; /* from ip_icmp.c */
- struct igmpstat igmpstat; /* from igmp.c */
-+ struct pfkeystat pfkeystat; /* from keysock.c */
-+ struct _keystat { u_long getspi_count; } keystat;
-
- u_int rsvpdebug; /* from ip_mroute.c */
- u_int mrtdebug;
-@@ -571,6 +584,67 @@
-
- struct ip_fib_heap_entry ip_fib_heap[33];
- int ip_fib_heap_index;
-+
-+/* gif tunneling interface stuff */
-+ /*
-+ * from net/if_gif.c
-+ */
-+ struct rman gifunits[1];
-+ int max_gif_nesting;
-+ int parallel_tunnels;
-+ /*
-+ * from net/if_gre.c
-+ */
-+ struct rman greunits[1];
-+ int max_gre_nesting;
-+/* IPsec stuff */
-+/* Do not use #ifdef IPSEC here, or problems will occur! */
-+ /*
-+ * from netkey/key.c
-+ */
-+ u_int key_spi_trycnt;
-+ u_int32_t key_spi_minval;
-+ u_int32_t key_spi_maxval;
-+ u_int32_t policy_id;
-+ u_int key_int_random; /*interval to initialize randseed,1(m)*/
-+ u_int key_larval_lifetime; /* interval to expire acquiring, 30(s)*/
-+ int key_blockacq_count; /* counter for blocking SADB_ACQUIRE.*/
-+ int key_blockacq_lifetime; /* lifetime for blocking SADB_ACQUIRE.*/
-+ int key_preferred_oldsa; /* preferred old sa rather than new sa.*/
-+ u_int32_t acq_seq;
-+ int key_tick_init_random;
-+ LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX]; /* SPD */
-+ LIST_HEAD(_sahtree, secashead) sahtree; /* SAD */
-+ LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1]; /* regd list*/
-+ LIST_HEAD(_acqtree, secacq) acqtree; /* acquiring list */
-+ LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */
-+ struct key_cb key_cb;
-+
-+ /*
-+ * from netinet6/ipsec.c
-+ */
-+ /* int ipsec_debug; stays in ipsec.c to avoid unnecessary passing
-+ of vnet in simple functions that are printing */
-+ struct ipsecstat ipsecstat;
-+ int ip4_ah_cleartos;
-+ int ip4_ah_offsetmask; /* maybe IP_DF? */
-+ int ip4_ipsec_dfbit; /* DF bit on encap. 0: clear 1: set 2: copy */
-+ int ip4_esp_trans_deflev;
-+ int ip4_esp_net_deflev;
-+ int ip4_ah_trans_deflev;
-+ int ip4_ah_net_deflev;
-+ struct secpolicy ip4_def_policy;
-+ int ip4_ipsec_ecn; /* ECN ignore(-1)/forbidden(0)/allowed(1) */
-+ int ip4_esp_randpad;
-+ struct ipsecstat ipsec6stat;
-+ int ip6_esp_trans_deflev;
-+ int ip6_esp_net_deflev;
-+ int ip6_ah_trans_deflev;
-+ int ip6_ah_net_deflev;
-+ struct secpolicy ip6_def_policy;
-+ int ip6_ipsec_ecn; /* ECN ignore(-1)/forbidden(0)/allowed(1) */
-+ int ip6_esp_randpad;
-+
- };
-
- /*
-@@ -827,7 +901,41 @@
- #define v_rtq_reallyold6 offsetof(struct vnet, rtq_reallyold6)
- #define v_rtq_minreallyold6 offsetof(struct vnet, rtq_minreallyold6)
- #define v_rtq_toomany6 offsetof(struct vnet, rtq_toomany6)
--
-+#define v_max_gif_nesting offsetof(struct vnet, max_gif_nesting)
-+#define v_parallel_tunnels offsetof(struct vnet, parallel_tunnels)
-+#define v_max_gre_nesting offsetof(struct vnet, max_gre_nesting)
-+#define v_key_debug_level offsetof(struct vnet, key_debug_level)
-+#define v_key_spi_trycnt offsetof(struct vnet, key_spi_trycnt)
-+#define v_key_spi_minval offsetof(struct vnet, key_spi_minval)
-+#define v_key_spi_maxval offsetof(struct vnet, key_spi_maxval)
-+#define v_policy_id offsetof(struct vnet, policy_id)
-+#define v_key_int_random offsetof(struct vnet, key_int_random)
-+#define v_key_larval_lifetime offsetof(struct vnet, key_larval_lifetime)
-+#define v_key_blockacq_count offsetof(struct vnet, key_blockacq_count)
-+#define v_key_blockacq_lifetime offsetof(struct vnet, key_blockacq_lifetime)
-+#define v_key_preferred_oldsa offsetof(struct vnet, key_preferred_oldsa)
-+#define v_acq_seq offsetof(struct vnet, acq_seq)
-+#define v_key_tick_init_random offsetof(struct vnet, key_tick_init_random)
-+#define v_key_cb offsetof(struct vnet, key_cb)
-+#define v_ipsecstat offsetof(struct vnet, ipsecstat)
-+#define v_ip4_ah_cleartos offsetof(struct vnet, ip4_ah_cleartos)
-+#define v_ip4_ah_offsetmask offsetof(struct vnet, ip4_ah_offsetmask)
-+#define v_ip4_ipsec_dfbit offsetof(struct vnet, ip4_ipsec_dfbit)
-+#define v_ip4_esp_trans_deflev offsetof(struct vnet, ip4_esp_trans_deflev)
-+#define v_ip4_esp_net_deflev offsetof(struct vnet, ip4_esp_net_deflev)
-+#define v_ip4_ah_trans_deflev offsetof(struct vnet, ip4_ah_trans_deflev)
-+#define v_ip4_ah_net_deflev offsetof(struct vnet, ip4_ah_net_deflev)
-+#define v_ip4_def_policy offsetof(struct vnet, ip4_def_policy)
-+#define v_ip4_ipsec_ecn offsetof(struct vnet, ip4_ipsec_ecn)
-+#define v_ip4_esp_randpad offsetof(struct vnet, ip4_esp_randpad)
-+#define v_ipsec6stat offsetof(struct vnet, ipsec6stat)
-+#define v_ip6_esp_trans_deflev offsetof(struct vnet, ip6_esp_trans_deflev)
-+#define v_ip6_esp_net_deflev offsetof(struct vnet, ip6_esp_net_deflev)
-+#define v_ip6_ah_trans_deflev offsetof(struct vnet, ip6_ah_trans_deflev)
-+#define v_ip6_ah_net_deflev offsetof(struct vnet, ip6_ah_net_deflev)
-+#define v_ip6_def_policy offsetof(struct vnet, ip6_def_policy)
-+#define v_ip6_ipsec_ecn offsetof(struct vnet, ip6_ipsec_ecn)
-+#define v_ip6_esp_randpad offsetof(struct vnet, ip6_esp_randpad)
-
- #endif _KERNEL
-
-diff -urN sys/netinet/ip_encap.c sys.CORE/netinet/ip_encap.c
---- sys/netinet/ip_encap.c Wed Jan 31 15:57:05 2007
-+++ sys.CORE/netinet/ip_encap.c Wed Jan 31 16:02:43 2007
-@@ -151,6 +151,7 @@
-
- match = NULL;
- matchprio = 0;
-+
- for (ep = LIST_FIRST(&vnet->encaptab); ep; ep = LIST_NEXT(ep, chain)) {
- if (ep->af != AF_INET)
- continue;
-@@ -228,7 +229,7 @@
- const struct ip6protosw *psw;
- struct encaptab *ep, *match;
- int prio, matchprio;
-- struct vnet *vnet = m->m_pkthdr.rcvif->if_vnet;
-+ struct vnet *vnet = m->m_pkthdr.rcvif->if_vnet;
-
- ip6 = mtod(m, struct ip6_hdr *);
-
-@@ -378,7 +379,7 @@
- encap_attach_func(af, proto, func, psw, arg, vnet)
- int af;
- int proto;
-- int (*func) __P((const struct mbuf *, int, int, void *));
-+ int (*func) __P((const struct mbuf *, int, int, void *, struct vnet *));
- const struct protosw *psw;
- void *arg;
- struct vnet *vnet;
-@@ -450,6 +451,8 @@
- u_int8_t *r;
- int matchlen;
-
-+ char *inetadd;
-+
- if (sp->sa_len > sizeof(s) || dp->sa_len > sizeof(d))
- return 0;
- if (sp->sa_family != ep->af || dp->sa_family != ep->af)
-@@ -483,11 +486,24 @@
- d.ss_len = dp->sa_len;
- d.ss_family = dp->sa_family;
-
-- if (bcmp(&s, &ep->src, ep->src.ss_len) == 0 &&
-+ if (bcmp(&s, &ep->src, ep->src.ss_len) == 0 &&
- bcmp(&d, &ep->dst, ep->dst.ss_len) == 0) {
- return matchlen;
-- } else
-- return 0;
-+ /*Boeing IDC MTUN IPv4 case*/
-+ } else if ((ep->src.ss_family == AF_INET) &&
-+ (IN_MULTICAST(ntohl(((struct sockaddr_in*)&ep->dst)->sin_addr.s_addr ))) &&
-+ (IN_MULTICAST(ntohl(((struct sockaddr_in*)sp)->sin_addr.s_addr ))) &&
-+ (bcmp(&s, &ep->dst, ep->src.ss_len) == 0)) {
-+ return matchlen+1;
-+ /*Boeing IDC MTUN IPv6 case*/
-+ } else if ((ep->src.ss_family == AF_INET6) &&
-+ (IN6_IS_ADDR_MULTICAST(&(((struct sockaddr_in6*)&ep->dst)->sin6_addr))) &&
-+ (IN6_IS_ADDR_MULTICAST(&(((struct sockaddr_in6*)sp)->sin6_addr))) &&
-+ (bcmp(&s, &ep->dst, ep->src.ss_len) == 0)) {
-+ return matchlen+1;
-+ } else {
-+ return 0;
-+ }
- }
-
- static void
-diff -urN sys/netinet/ip_encap.h sys.CORE/netinet/ip_encap.h
---- sys/netinet/ip_encap.h Wed Jan 31 15:57:05 2007
-+++ sys.CORE/netinet/ip_encap.h Wed Jan 31 16:02:43 2007
-@@ -57,7 +57,7 @@
- const struct sockaddr *, const struct protosw *, void *,
- struct vnet *);
- const struct encaptab *encap_attach_func(int, int,
-- int (*)(const struct mbuf *, int, int, void *),
-+ int (*)(const struct mbuf *, int, int, void *, struct vnet *),
- const struct protosw *, void *, struct vnet *);
- int encap_detach(const struct encaptab *, struct vnet *);
- void *encap_getarg(struct mbuf *);
-diff -urN sys/netinet/ip_icmp.c sys.CORE/netinet/ip_icmp.c
---- sys/netinet/ip_icmp.c Wed Jan 31 15:57:05 2007
-+++ sys.CORE/netinet/ip_icmp.c Wed Jan 31 16:02:43 2007
-@@ -600,7 +600,7 @@
- (struct sockaddr *)&icmpgw, (struct rtentry **)0, vnet);
- pfctlinput(PRC_REDIRECT_HOST, (struct sockaddr *)&icmpsrc, vnet);
- #ifdef IPSEC
-- key_sa_routechange((struct sockaddr *)&icmpsrc);
-+ key_sa_routechange((struct sockaddr *)&icmpsrc, vnet);
- #endif
- break;
-
-diff -urN sys/netinet/ip_input.c sys.CORE/netinet/ip_input.c
---- sys/netinet/ip_input.c Wed Jan 31 15:57:05 2007
-+++ sys.CORE/netinet/ip_input.c Wed Jan 31 16:02:43 2007
-@@ -694,8 +694,8 @@
- /*
- * Enforce inbound IPsec SPD.
- */
-- if (ipsec4_in_reject(m, NULL)) {
-- ipsecstat.in_polvio++;
-+ if (ipsec4_in_reject(m, NULL, vnet)) {
-+ vnet->ipsecstat.in_polvio++;
- goto bad;
- }
- #endif /* IPSEC */
-@@ -903,8 +903,8 @@
- * code - like udp/tcp/raw ip.
- */
- if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0 &&
-- ipsec4_in_reject(m, NULL)) {
-- ipsecstat.in_polvio++;
-+ ipsec4_in_reject(m, NULL, vnet)) {
-+ vnet->ipsecstat.in_polvio++;
- goto bad;
- }
- #endif
-@@ -1970,7 +1970,7 @@
- sp = ipsec4_getpolicybyaddr(mcopy,
- IPSEC_DIR_OUTBOUND,
- IP_FORWARDING,
-- &ipsecerror);
-+ &ipsecerror, vnet);
-
- if (sp == NULL)
- destifp = vnet->ipforward_rt.ro_rt->rt_ifp;
-@@ -1978,7 +1978,7 @@
- /* count IPsec header size */
- ipsechdr = ipsec4_hdrsiz(mcopy,
- IPSEC_DIR_OUTBOUND,
-- NULL);
-+ NULL, vnet);
-
- /*
- * find the correct route for outer IPv4
-@@ -2029,7 +2029,7 @@
- /* count IPsec header size */
- ipsechdr = ipsec4_hdrsiz(mcopy,
- IPSEC_DIR_OUTBOUND,
-- NULL);
-+ NULL, vnet);
-
- /*
- * find the correct route for outer IPv4
-diff -urN sys/netinet/ip_output.c sys.CORE/netinet/ip_output.c
---- sys/netinet/ip_output.c Wed Jan 31 15:57:05 2007
-+++ sys.CORE/netinet/ip_output.c Wed Jan 31 16:02:43 2007
-@@ -320,14 +320,22 @@
- * See if the caller provided any multicast options
- */
- if (imo != NULL) {
-- ip->ip_ttl = imo->imo_multicast_ttl;
-+ /* Boeing IDC to handle divert re-injection
-+ * If you don't want the TTL to be modified then
-+ * set the multicast_ttl socket option to zero.
-+ */
-+ if (imo->imo_multicast_ttl != 0){
-+ ip->ip_ttl = imo->imo_multicast_ttl;
-+ }
- if (imo->imo_multicast_vif != -1)
- ip->ip_src.s_addr =
- ip_mcast_src ?
- ip_mcast_src(imo->imo_multicast_vif, vnet) :
- INADDR_ANY;
-- } else
-- ip->ip_ttl = IP_DEFAULT_MULTICAST_TTL;
-+ } else {
-+ ip->ip_ttl = IP_DEFAULT_MULTICAST_TTL;
-+ }
-+
- /*
- * Confirm that the outgoing interface supports multicast.
- */
-@@ -459,12 +467,12 @@
- #ifdef IPSEC
- /* get SP for this packet */
- if (so == NULL)
-- sp = ipsec4_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, flags, &error);
-+ sp = ipsec4_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, flags, &error, vnet);
- else
- sp = ipsec4_getpolicybysock(m, IPSEC_DIR_OUTBOUND, so, &error);
-
- if (sp == NULL) {
-- ipsecstat.out_inval++;
-+ vnet->ipsecstat.out_inval++;
- goto bad;
- }
-
-@@ -476,7 +484,7 @@
- /*
- * This packet is just discarded.
- */
-- ipsecstat.out_polvio++;
-+ vnet->ipsecstat.out_polvio++;
- goto bad;
-
- case IPSEC_POLICY_BYPASS:
-diff -urN sys/netinet/raw_ip.c sys.CORE/netinet/raw_ip.c
---- sys/netinet/raw_ip.c Wed Jan 31 15:57:05 2007
-+++ sys.CORE/netinet/raw_ip.c Wed Jan 31 16:02:43 2007
-@@ -184,9 +184,9 @@
-
- #ifdef IPSEC
- /* check AH/ESP integrity. */
-- if (n && ipsec4_in_reject_so(n, last->inp_socket)) {
-+ if (n && ipsec4_in_reject_so(n, last->inp_socket, vnet)) {
- m_freem(n);
-- ipsecstat.in_polvio++;
-+ vnet->ipsecstat.in_polvio++;
- /* do not inject data to pcb */
- } else
- #endif /*IPSEC*/
-@@ -217,9 +217,9 @@
- }
- #ifdef IPSEC
- /* check AH/ESP integrity. */
-- if (last && ipsec4_in_reject_so(m, last->inp_socket)) {
-+ if (last && ipsec4_in_reject_so(m, last->inp_socket, vnet)) {
- m_freem(m);
-- ipsecstat.in_polvio++;
-+ vnet->ipsecstat.in_polvio++;
- vnet->ipstat.ips_delivered--;
- /* do not inject data to pcb */
- } else
-diff -urN sys/netinet/tcp_input.c sys.CORE/netinet/tcp_input.c
---- sys/netinet/tcp_input.c Wed Jan 31 15:57:05 2007
-+++ sys.CORE/netinet/tcp_input.c Wed Jan 31 16:02:43 2007
-@@ -580,13 +580,15 @@
-
- #ifdef IPSEC
- if (isipv6) {
-- if (inp != NULL && ipsec6_in_reject_so(m, inp->inp_socket)) {
-- ipsec6stat.in_polvio++;
-+#ifdef INET6
-+ if (inp != NULL && ipsec6_in_reject_so(m, inp->inp_socket, vnet)) {
-+ vnet->ipsec6stat.in_polvio++;
- goto drop;
- }
-+#endif
- } else {
-- if (inp != NULL && ipsec4_in_reject_so(m, inp->inp_socket)) {
-- ipsecstat.in_polvio++;
-+ if (inp != NULL && ipsec4_in_reject_so(m, inp->inp_socket, vnet)) {
-+ vnet->ipsecstat.in_polvio++;
- goto drop;
- }
- }
-diff -urN sys/netinet/tcp_subr.c sys.CORE/netinet/tcp_subr.c
---- sys/netinet/tcp_subr.c Wed Jan 31 15:57:05 2007
-+++ sys.CORE/netinet/tcp_subr.c Wed Jan 31 16:02:43 2007
-@@ -1468,9 +1468,13 @@
- struct ip6_hdr *ip6;
- #endif /* INET6 */
- struct tcphdr *th;
-+ struct vnet *vnet;
-
- if ((tp == NULL) || ((inp = tp->t_inpcb) == NULL))
- return 0;
-+ vnet = tp->t_vnet;
-+ if (vnet == NULL)
-+ panic("ipsec_hdrsiz_tcp: NULL vnet was passed.");
- MGETHDR(m, M_DONTWAIT, MT_DATA);
- if (!m)
- return 0;
-@@ -1482,7 +1486,7 @@
- m->m_pkthdr.len = m->m_len =
- sizeof(struct ip6_hdr) + sizeof(struct tcphdr);
- tcp_fillheaders(tp, ip6, th);
-- hdrsiz = ipsec6_hdrsiz(m, IPSEC_DIR_OUTBOUND, inp);
-+ hdrsiz = ipsec6_hdrsiz(m, IPSEC_DIR_OUTBOUND, inp, vnet);
- } else
- #endif /* INET6 */
- {
-@@ -1490,7 +1494,7 @@
- th = (struct tcphdr *)(ip + 1);
- m->m_pkthdr.len = m->m_len = sizeof(struct tcpiphdr);
- tcp_fillheaders(tp, ip, th);
-- hdrsiz = ipsec4_hdrsiz(m, IPSEC_DIR_OUTBOUND, inp);
-+ hdrsiz = ipsec4_hdrsiz(m, IPSEC_DIR_OUTBOUND, inp, vnet);
- }
-
- m_free(m);
-diff -urN sys/netinet/udp_usrreq.c sys.CORE/netinet/udp_usrreq.c
---- sys/netinet/udp_usrreq.c Wed Jan 31 15:57:05 2007
-+++ sys.CORE/netinet/udp_usrreq.c Wed Jan 31 16:02:43 2007
-@@ -325,8 +325,8 @@
-
- #ifdef IPSEC
- /* check AH/ESP integrity. */
-- if (ipsec4_in_reject_so(m, last->inp_socket))
-- ipsecstat.in_polvio++;
-+ if (ipsec4_in_reject_so(m, last->inp_socket, vnet))
-+ vnet->ipsecstat.in_polvio++;
- /* do not inject data to pcb */
- else
- #endif /*IPSEC*/
-@@ -365,8 +365,8 @@
- }
- #ifdef IPSEC
- /* check AH/ESP integrity. */
-- if (ipsec4_in_reject_so(m, last->inp_socket)) {
-- ipsecstat.in_polvio++;
-+ if (ipsec4_in_reject_so(m, last->inp_socket, vnet)) {
-+ vnet->ipsecstat.in_polvio++;
- goto bad;
- }
- #endif /*IPSEC*/
-@@ -410,8 +410,8 @@
- return;
- }
- #ifdef IPSEC
-- if (ipsec4_in_reject_so(m, inp->inp_socket)) {
-- ipsecstat.in_polvio++;
-+ if (ipsec4_in_reject_so(m, inp->inp_socket, vnet)) {
-+ vnet->ipsecstat.in_polvio++;
- goto bad;
- }
- #endif /*IPSEC*/
-diff -urN sys/netinet6/ah.h sys.CORE/netinet6/ah.h
---- sys/netinet6/ah.h Sat Apr 27 22:40:26 2002
-+++ sys.CORE/netinet6/ah.h Wed Jan 31 16:02:43 2007
-@@ -86,9 +86,9 @@
-
- extern size_t ah_hdrsiz __P((struct ipsecrequest *));
- extern void ah4_input __P((struct mbuf *, ...));
--extern int ah4_output __P((struct mbuf *, struct ipsecrequest *));
-+extern int ah4_output __P((struct mbuf *, struct ipsecrequest *, struct vnet*));
- extern int ah4_calccksum __P((struct mbuf *, caddr_t, size_t,
-- const struct ah_algorithm *, struct secasvar *));
-+ const struct ah_algorithm *, struct secasvar *, struct vnet *));
- #endif /* _KERNEL */
-
- #endif /* _NETINET6_AH_H_ */
-diff -urN sys/netinet6/ah_core.c sys.CORE/netinet6/ah_core.c
---- sys/netinet6/ah_core.c Sat Apr 27 22:40:26 2002
-+++ sys.CORE/netinet6/ah_core.c Wed Jan 31 16:02:43 2007
-@@ -52,6 +52,7 @@
- #include
- #include
-
-+#include
- #include
- #include
-
-@@ -1181,12 +1182,13 @@
- * Don't use m_copy(), it will try to share cluster mbuf by using refcnt.
- */
- int
--ah4_calccksum(m, ahdat, len, algo, sav)
-+ah4_calccksum(m, ahdat, len, algo, sav, vnet)
- struct mbuf *m;
- caddr_t ahdat;
- size_t len;
- const struct ah_algorithm *algo;
- struct secasvar *sav;
-+ struct vnet *vnet;
- {
- int off;
- int hdrtype;
-@@ -1200,6 +1202,9 @@
- if ((m->m_flags & M_PKTHDR) == 0)
- return EINVAL;
-
-+ if (vnet == NULL)
-+ panic("ah4_calccksum: NULL vnet was passed.");
-+
- ahseen = 0;
- hdrtype = -1; /* dummy, it is called IPPROTO_IP */
-
-@@ -1231,9 +1236,9 @@
- #endif
- iphdr.ip_ttl = 0;
- iphdr.ip_sum = htons(0);
-- if (ip4_ah_cleartos)
-+ if (vnet->ip4_ah_cleartos)
- iphdr.ip_tos = 0;
-- iphdr.ip_off = htons(ntohs(iphdr.ip_off) & ip4_ah_offsetmask);
-+ iphdr.ip_off = htons(ntohs(iphdr.ip_off) & vnet->ip4_ah_offsetmask);
- (algo->update)(&algos, (caddr_t)&iphdr, sizeof(struct ip));
-
- if (hlen != sizeof(struct ip)) {
-diff -urN sys/netinet6/ah_input.c sys.CORE/netinet6/ah_input.c
---- sys/netinet6/ah_input.c Wed Jan 31 15:57:05 2007
-+++ sys.CORE/netinet6/ah_input.c Wed Jan 31 16:02:43 2007
-@@ -87,6 +87,8 @@
- #define KEYDEBUG(lev,arg)
- #endif
-
-+#include
-+
- #include
-
- #include
-@@ -120,19 +122,25 @@
- int off, proto;
- va_list ap;
- size_t stripsiz = 0;
-+ struct vnet *vnet;
-
- va_start(ap, m);
- off = va_arg(ap, int);
- proto = va_arg(ap, int);
- va_end(ap);
-
-+ if (m == NULL || m->m_pkthdr.rcvif == NULL)
-+ panic("ah4_input: cannot find vnet.");
-+ vnet = m->m_pkthdr.rcvif->if_vnet;
-+ if (vnet == NULL)
-+ panic("ah4_input: NULL vnet passed.");
- #ifndef PULLDOWN_TEST
- if (m->m_len < off + sizeof(struct newah)) {
- m = m_pullup(m, off + sizeof(struct newah));
- if (!m) {
- ipseclog((LOG_DEBUG, "IPv4 AH input: can't pullup;"
- "dropping the packet for simplicity\n"));
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto fail;
- }
- }
-@@ -145,7 +153,7 @@
- if (ah == NULL) {
- ipseclog((LOG_DEBUG, "IPv4 AH input: can't pullup;"
- "dropping the packet for simplicity\n"));
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto fail;
- }
- #endif
-@@ -161,11 +169,11 @@
-
- if ((sav = key_allocsa(AF_INET,
- (caddr_t)&ip->ip_src, (caddr_t)&ip->ip_dst,
-- IPPROTO_AH, spi)) == 0) {
-+ IPPROTO_AH, spi, vnet)) == 0) {
- ipseclog((LOG_WARNING,
- "IPv4 AH input: no key association found for spi %u\n",
- (u_int32_t)ntohl(spi)));
-- ipsecstat.in_nosa++;
-+ vnet->ipsecstat.in_nosa++;
- goto fail;
- }
- KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
-@@ -175,7 +183,7 @@
- ipseclog((LOG_DEBUG,
- "IPv4 AH input: non-mature/dying SA found for spi %u\n",
- (u_int32_t)ntohl(spi)));
-- ipsecstat.in_badspi++;
-+ vnet->ipsecstat.in_badspi++;
- goto fail;
- }
-
-@@ -184,7 +192,7 @@
- ipseclog((LOG_DEBUG, "IPv4 AH input: "
- "unsupported authentication algorithm for spi %u\n",
- (u_int32_t)ntohl(spi)));
-- ipsecstat.in_badspi++;
-+ vnet->ipsecstat.in_badspi++;
- goto fail;
- }
-
-@@ -225,7 +233,7 @@
- "(%lu, should be at least %lu): %s\n",
- (u_long)siz1, (u_long)siz,
- ipsec4_logpacketstr(ip, spi)));
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto fail;
- }
- if ((ah->ah_len << 2) - sizoff != siz1) {
-@@ -233,7 +241,7 @@
- "(%d should be %lu): %s\n",
- (ah->ah_len << 2) - sizoff, (u_long)siz1,
- ipsec4_logpacketstr(ip, spi)));
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto fail;
- }
-
-@@ -242,7 +250,7 @@
- m = m_pullup(m, off + sizeof(struct ah) + sizoff + siz1);
- if (!m) {
- ipseclog((LOG_DEBUG, "IPv4 AH input: can't pullup\n"));
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto fail;
- }
-
-@@ -254,7 +262,7 @@
- sizeof(struct ah) + sizoff + siz1);
- if (ah == NULL) {
- ipseclog((LOG_DEBUG, "IPv4 AH input: can't pullup\n"));
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto fail;
- }
- #endif
-@@ -267,7 +275,7 @@
- if (ipsec_chkreplay(ntohl(((struct newah *)ah)->ah_seq), sav))
- ; /* okey */
- else {
-- ipsecstat.in_ahreplay++;
-+ vnet->ipsecstat.in_ahreplay++;
- ipseclog((LOG_WARNING,
- "replay packet in IPv4 AH input: %s %s\n",
- ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));
-@@ -283,7 +291,7 @@
- if (!cksum) {
- ipseclog((LOG_DEBUG, "IPv4 AH input: "
- "couldn't alloc temporary region for cksum\n"));
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto fail;
- }
-
-@@ -293,12 +301,12 @@
- */
- ip->ip_len = htons(ip->ip_len + hlen);
- ip->ip_off = htons(ip->ip_off);
-- if (ah4_calccksum(m, (caddr_t)cksum, siz1, algo, sav)) {
-+ if (ah4_calccksum(m, (caddr_t)cksum, siz1, algo, sav, vnet)) {
- free(cksum, M_TEMP);
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto fail;
- }
-- ipsecstat.in_ahhist[sav->alg_auth]++;
-+ vnet->ipsecstat.in_ahhist[sav->alg_auth]++;
- /*
- * flip them back.
- */
-@@ -321,7 +329,7 @@
- "checksum mismatch in IPv4 AH input: %s %s\n",
- ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));
- free(cksum, M_TEMP);
-- ipsecstat.in_ahauthfail++;
-+ vnet->ipsecstat.in_ahauthfail++;
- goto fail;
- }
- }
-@@ -374,12 +382,12 @@
- ipseclog((LOG_DEBUG,
- "IPv4 AH input: authentication succeess\n"));
- #endif
-- ipsecstat.in_ahauthsucc++;
-+ vnet->ipsecstat.in_ahauthsucc++;
- } else {
- ipseclog((LOG_WARNING,
- "authentication failed in IPv4 AH input: %s %s\n",
- ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));
-- ipsecstat.in_ahauthfail++;
-+ vnet->ipsecstat.in_ahauthfail++;
- goto fail;
- }
-
-@@ -388,7 +396,7 @@
- */
- if ((sav->flags & SADB_X_EXT_OLD) == 0 && sav->replay) {
- if (ipsec_updatereplay(ntohl(((struct newah *)ah)->ah_seq), sav)) {
-- ipsecstat.in_ahreplay++;
-+ vnet->ipsecstat.in_ahreplay++;
- goto fail;
- }
- }
-@@ -416,19 +424,19 @@
- if (m->m_len < sizeof(*ip)) {
- m = m_pullup(m, sizeof(*ip));
- if (!m) {
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto fail;
- }
- }
- ip = mtod(m, struct ip *);
- /* ECN consideration. */
-- ip_ecn_egress(ip4_ipsec_ecn, &tos, &ip->ip_tos);
-+ ip_ecn_egress(vnet->ip4_ipsec_ecn, &tos, &ip->ip_tos);
- if (!key_checktunnelsanity(sav, AF_INET,
- (caddr_t)&ip->ip_src, (caddr_t)&ip->ip_dst)) {
- ipseclog((LOG_NOTICE, "ipsec tunnel address mismatch "
- "in IPv4 AH input: %s %s\n",
- ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto fail;
- }
-
-@@ -459,13 +467,13 @@
- key_sa_recordxfer(sav, m);
- if (ipsec_addhist(m, IPPROTO_AH, spi) != 0 ||
- ipsec_addhist(m, IPPROTO_IPV4, 0) != 0) {
-- ipsecstat.in_nomem++;
-+ vnet->ipsecstat.in_nomem++;
- goto fail;
- }
-
- s = splimp();
- if (IF_QFULL(&g_ipintrq)) {
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- splx(s);
- goto fail;
- }
-@@ -521,7 +529,7 @@
- if (m->m_len < sizeof(*ip)) {
- m = m_pullup(m, sizeof(*ip));
- if (m == NULL) {
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto fail;
- }
- }
-@@ -536,14 +544,14 @@
-
- key_sa_recordxfer(sav, m);
- if (ipsec_addhist(m, IPPROTO_AH, spi) != 0) {
-- ipsecstat.in_nomem++;
-+ vnet->ipsecstat.in_nomem++;
- goto fail;
- }
-
- if (nxt != IPPROTO_DONE) {
- if ((inetsw[ip_protox[nxt]].pr_flags & PR_LASTHDR) != 0 &&
-- ipsec4_in_reject(m, NULL)) {
-- ipsecstat.in_polvio++;
-+ ipsec4_in_reject(m, NULL, vnet)) {
-+ vnet->ipsecstat.in_polvio++;
- goto fail;
- }
- (*inetsw[ip_protox[nxt]].pr_input)(m, off, nxt);
-@@ -557,7 +565,7 @@
- printf("DP ah4_input call free SA:%p\n", sav));
- key_freesav(sav);
- }
-- ipsecstat.in_success++;
-+ vnet->ipsecstat.in_success++;
- return;
-
- fail:
-@@ -591,7 +599,12 @@
- u_int16_t nxt;
- int s;
- size_t stripsiz = 0;
-+ struct vnet *vnet;
-
-+ if (m == NULL || m->m_pkthdr.rcvif == NULL)
-+ panic("ah6_input: cannot find vnet.");
-+ vnet = m->m_pkthdr.rcvif->if_vnet;
-+ if (vnet == NULL)
- #ifndef PULLDOWN_TEST
- IP6_EXTHDR_CHECK(m, off, sizeof(struct ah), IPPROTO_DONE);
- ah = (struct ah *)(mtod(m, caddr_t) + off);
-@@ -599,7 +612,7 @@
- IP6_EXTHDR_GET(ah, struct ah *, m, off, sizeof(struct newah));
- if (ah == NULL) {
- ipseclog((LOG_DEBUG, "IPv6 AH input: can't pullup\n"));
-- ipsec6stat.in_inval++;
-+ vnet->ipsec6stat.in_inval++;
- return IPPROTO_DONE;
- }
- #endif
-@@ -612,17 +625,17 @@
- if (ntohs(ip6->ip6_plen) == 0) {
- ipseclog((LOG_ERR, "IPv6 AH input: "
- "AH with IPv6 jumbogram is not supported.\n"));
-- ipsec6stat.in_inval++;
-+ vnet->ipsec6stat.in_inval++;
- goto fail;
- }
-
- if ((sav = key_allocsa(AF_INET6,
- (caddr_t)&ip6->ip6_src, (caddr_t)&ip6->ip6_dst,
-- IPPROTO_AH, spi)) == 0) {
-+ IPPROTO_AH, spi, vnet)) == 0) {
- ipseclog((LOG_WARNING,
- "IPv6 AH input: no key association found for spi %u\n",
- (u_int32_t)ntohl(spi)));
-- ipsec6stat.in_nosa++;
-+ vnet->ipsec6stat.in_nosa++;
- goto fail;
- }
- KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
-@@ -632,7 +645,7 @@
- ipseclog((LOG_DEBUG,
- "IPv6 AH input: non-mature/dying SA found for spi %u; ",
- (u_int32_t)ntohl(spi)));
-- ipsec6stat.in_badspi++;
-+ vnet->ipsec6stat.in_badspi++;
- goto fail;
- }
-
-@@ -641,7 +654,7 @@
- ipseclog((LOG_DEBUG, "IPv6 AH input: "
- "unsupported authentication algorithm for spi %u\n",
- (u_int32_t)ntohl(spi)));
-- ipsec6stat.in_badspi++;
-+ vnet->ipsec6stat.in_badspi++;
- goto fail;
- }
-
-@@ -665,7 +678,7 @@
- "(%lu, should be at least %lu): %s\n",
- (u_long)siz1, (u_long)siz,
- ipsec6_logpacketstr(ip6, spi)));
-- ipsec6stat.in_inval++;
-+ vnet->ipsec6stat.in_inval++;
- goto fail;
- }
- if ((ah->ah_len << 2) - sizoff != siz1) {
-@@ -673,7 +686,7 @@
- "(%d should be %lu): %s\n",
- (ah->ah_len << 2) - sizoff, (u_long)siz1,
- ipsec6_logpacketstr(ip6, spi)));
-- ipsec6stat.in_inval++;
-+ vnet->ipsec6stat.in_inval++;
- goto fail;
- }
- #ifndef PULLDOWN_TEST
-@@ -683,7 +696,7 @@
- sizeof(struct ah) + sizoff + siz1);
- if (ah == NULL) {
- ipseclog((LOG_NOTICE, "couldn't pullup gather IPv6 AH checksum part"));
-- ipsec6stat.in_inval++;
-+ vnet->ipsec6stat.in_inval++;
- m = NULL;
- goto fail;
- }
-@@ -697,7 +710,7 @@
- if (ipsec_chkreplay(ntohl(((struct newah *)ah)->ah_seq), sav))
- ; /* okey */
- else {
-- ipsec6stat.in_ahreplay++;
-+ vnet->ipsec6stat.in_ahreplay++;
- ipseclog((LOG_WARNING,
- "replay packet in IPv6 AH input: %s %s\n",
- ipsec6_logpacketstr(ip6, spi),
-@@ -714,16 +727,16 @@
- if (!cksum) {
- ipseclog((LOG_DEBUG, "IPv6 AH input: "
- "couldn't alloc temporary region for cksum\n"));
-- ipsec6stat.in_inval++;
-+ vnet->ipsec6stat.in_inval++;
- goto fail;
- }
-
- if (ah6_calccksum(m, (caddr_t)cksum, siz1, algo, sav)) {
- free(cksum, M_TEMP);
-- ipsec6stat.in_inval++;
-+ vnet->ipsec6stat.in_inval++;
- goto fail;
- }
-- ipsec6stat.in_ahhist[sav->alg_auth]++;
-+ vnet->ipsec6stat.in_ahhist[sav->alg_auth]++;
-
- {
- caddr_t sumpos = NULL;
-@@ -741,7 +754,7 @@
- "checksum mismatch in IPv6 AH input: %s %s\n",
- ipsec6_logpacketstr(ip6, spi), ipsec_logsastr(sav)));
- free(cksum, M_TEMP);
-- ipsec6stat.in_ahauthfail++;
-+ vnet->ipsec6stat.in_ahauthfail++;
- goto fail;
- }
- }
-@@ -786,12 +799,12 @@
- ipseclog((LOG_DEBUG,
- "IPv6 AH input: authentication succeess\n"));
- #endif
-- ipsec6stat.in_ahauthsucc++;
-+ vnet->ipsec6stat.in_ahauthsucc++;
- } else {
- ipseclog((LOG_WARNING,
- "authentication failed in IPv6 AH input: %s %s\n",
- ipsec6_logpacketstr(ip6, spi), ipsec_logsastr(sav)));
-- ipsec6stat.in_ahauthfail++;
-+ vnet->ipsec6stat.in_ahauthfail++;
- goto fail;
- }
-
-@@ -800,7 +813,7 @@
- */
- if ((sav->flags & SADB_X_EXT_OLD) == 0 && sav->replay) {
- if (ipsec_updatereplay(ntohl(((struct newah *)ah)->ah_seq), sav)) {
-- ipsec6stat.in_ahreplay++;
-+ vnet->ipsec6stat.in_ahreplay++;
- goto fail;
- }
- }
-@@ -832,20 +845,20 @@
- */
- m = m_pullup(m, sizeof(*ip6));
- if (!m) {
-- ipsec6stat.in_inval++;
-+ vnet->ipsec6stat.in_inval++;
- goto fail;
- }
- }
- ip6 = mtod(m, struct ip6_hdr *);
- /* ECN consideration. */
-- ip6_ecn_egress(ip6_ipsec_ecn, &flowinfo, &ip6->ip6_flow);
-+ ip6_ecn_egress(vnet->ip6_ipsec_ecn, &flowinfo, &ip6->ip6_flow);
- if (!key_checktunnelsanity(sav, AF_INET6,
- (caddr_t)&ip6->ip6_src, (caddr_t)&ip6->ip6_dst)) {
- ipseclog((LOG_NOTICE, "ipsec tunnel address mismatch "
- "in IPv6 AH input: %s %s\n",
- ipsec6_logpacketstr(ip6, spi),
- ipsec_logsastr(sav)));
-- ipsec6stat.in_inval++;
-+ vnet->ipsec6stat.in_inval++;
- goto fail;
- }
-
-@@ -861,17 +874,17 @@
- key_sa_recordxfer(sav, m);
- if (ipsec_addhist(m, IPPROTO_AH, spi) != 0 ||
- ipsec_addhist(m, IPPROTO_IPV6, 0) != 0) {
-- ipsec6stat.in_nomem++;
-+ vnet->ipsec6stat.in_nomem++;
- goto fail;
- }
-
- s = splimp();
-- if (IF_QFULL(&ip6intrq)) {
-- ipsec6stat.in_inval++;
-+ if (IF_QFULL(&g_ip6intrq)) {
-+ vnet->ipsec6stat.in_inval++;
- splx(s);
- goto fail;
- }
-- IF_ENQUEUE(&ip6intrq, m);
-+ IF_ENQUEUE(&g_ip6intrq, m);
- m = NULL;
- schednetisr(NETISR_IPV6); /* can be skipped but to make sure */
- splx(s);
-@@ -934,7 +947,7 @@
-
- key_sa_recordxfer(sav, m);
- if (ipsec_addhist(m, IPPROTO_AH, spi) != 0) {
-- ipsec6stat.in_nomem++;
-+ vnet->ipsec6stat.in_nomem++;
- goto fail;
- }
- }
-@@ -947,7 +960,7 @@
- printf("DP ah6_input call free SA:%p\n", sav));
- key_freesav(sav);
- }
-- ipsec6stat.in_success++;
-+ vnet->ipsec6stat.in_success++;
- return nxt;
-
- fail:
-@@ -972,6 +985,7 @@
- struct secasvar *sav;
- struct ip6_hdr *ip6;
- struct mbuf *m;
-+ struct vnet *vnet = NULL;
- struct ip6ctlparam *ip6cp = NULL;
- int off;
- struct sockaddr_in6 *sa6_src, *sa6_dst;
-@@ -986,11 +1000,15 @@
- if (d != NULL) {
- ip6cp = (struct ip6ctlparam *)d;
- m = ip6cp->ip6c_m;
-+ if (m == NULL || m->m_pkthdr.rcvif == NULL)
-+ panic("ah6_ctlinput: cannot find vnet.");
-+ vnet = m->m_pkthdr.rcvif->if_vnet;
- ip6 = ip6cp->ip6c_ip6;
- off = ip6cp->ip6c_off;
- } else {
- m = NULL;
- ip6 = NULL;
-+ off = 0;
- }
-
- if (ip6) {
-@@ -1025,7 +1043,7 @@
- sav = key_allocsa(AF_INET6,
- (caddr_t)&sa6_src->sin6_addr,
- (caddr_t)&sa6_dst->sin6_addr,
-- IPPROTO_AH, ahp->ah_spi);
-+ IPPROTO_AH, ahp->ah_spi, vnet);
- if (sav) {
- if (sav->state == SADB_SASTATE_MATURE ||
- sav->state == SADB_SASTATE_DYING)
-@@ -1042,7 +1060,7 @@
- * corresponding routing entry, or
- * - ignore the MTU change notification.
- */
-- icmp6_mtudisc_update((struct ip6ctlparam *)d, valid);
-+ icmp6_mtudisc_update((struct ip6ctlparam *)d, valid, vnet);
- }
-
- /* we normally notify single pcb here */
-diff -urN sys/netinet6/ah_output.c sys.CORE/netinet6/ah_output.c
---- sys/netinet6/ah_output.c Mon May 5 23:46:58 2003
-+++ sys.CORE/netinet6/ah_output.c Wed Jan 31 16:02:43 2007
-@@ -75,6 +75,7 @@
- #include
-
- #include
-+#include
-
- #ifdef INET
- static struct in_addr *ah4_finaldst __P((struct mbuf *));
-@@ -142,9 +143,10 @@
- * the function does not modify m.
- */
- int
--ah4_output(m, isr)
-+ah4_output(m, isr, vnet)
- struct mbuf *m;
- struct ipsecrequest *isr;
-+ struct vnet *vnet;
- {
- struct secasvar *sav = isr->sav;
- const struct ah_algorithm *algo;
-@@ -159,6 +161,8 @@
- struct in_addr *finaldst;
- int error;
-
-+ if (vnet == NULL)
-+ panic("ah4_output: NULL vnet was passed.");
- /* sanity checks */
- if ((sav->flags & SADB_X_EXT_OLD) == 0 && !sav->replay) {
- struct ip *ip;
-@@ -169,7 +173,7 @@
- (u_int32_t)ntohl(ip->ip_src.s_addr),
- (u_int32_t)ntohl(ip->ip_dst.s_addr),
- (u_int32_t)ntohl(sav->spi)));
-- ipsecstat.out_inval++;
-+ vnet->ipsecstat.out_inval++;
- m_freem(m);
- return EINVAL;
- }
-@@ -178,7 +182,7 @@
- if (!algo) {
- ipseclog((LOG_ERR, "ah4_output: unsupported algorithm: "
- "SPI=%u\n", (u_int32_t)ntohl(sav->spi)));
-- ipsecstat.out_inval++;
-+ vnet->ipsecstat.out_inval++;
- m_freem(m);
- return EINVAL;
- }
-@@ -260,7 +264,7 @@
- ipseclog((LOG_WARNING,
- "replay counter overflowed. %s\n",
- ipsec_logsastr(sav)));
-- ipsecstat.out_inval++;
-+ vnet->ipsecstat.out_inval++;
- m_freem(m);
- return EINVAL;
- }
-@@ -282,7 +286,7 @@
- ip->ip_len = htons(ntohs(ip->ip_len) + ahlen);
- else {
- ipseclog((LOG_ERR, "IPv4 AH output: size exceeds limit\n"));
-- ipsecstat.out_inval++;
-+ vnet->ipsecstat.out_inval++;
- m_freem(m);
- return EMSGSIZE;
- }
-@@ -304,13 +308,13 @@
- * calcurate the checksum, based on security association
- * and the algorithm specified.
- */
-- error = ah4_calccksum(m, (caddr_t)ahsumpos, plen, algo, sav);
-+ error = ah4_calccksum(m, (caddr_t)ahsumpos, plen, algo, sav, vnet);
- if (error) {
- ipseclog((LOG_ERR,
- "error after ah4_calccksum, called from ah4_output"));
- m_freem(m);
- m = NULL;
-- ipsecstat.out_inval++;
-+ vnet->ipsecstat.out_inval++;
- return error;
- }
-
-@@ -318,8 +322,8 @@
- ip = mtod(m, struct ip *); /* just to make sure */
- ip->ip_dst.s_addr = dst.s_addr;
- }
-- ipsecstat.out_success++;
-- ipsecstat.out_ahhist[sav->alg_auth]++;
-+ vnet->ipsecstat.out_success++;
-+ vnet->ipsecstat.out_ahhist[sav->alg_auth]++;
- key_sa_recordxfer(sav, m);
-
- return 0;
-@@ -371,6 +375,11 @@
- int error = 0;
- int ahlen;
- struct ip6_hdr *ip6;
-+ struct vnet *vnet;
-+
-+ if (m == NULL || m->m_pkthdr.rcvif == NULL)
-+ panic("ah6_output: unable to find vnet.");
-+ vnet = m->m_pkthdr.rcvif->if_vnet;
-
- if (m->m_len < sizeof(struct ip6_hdr)) {
- ipseclog((LOG_DEBUG, "ah6_output: first mbuf too short\n"));
-@@ -422,7 +431,7 @@
- ipseclog((LOG_DEBUG, "ah6_output: internal error: "
- "sav->replay is null: SPI=%u\n",
- (u_int32_t)ntohl(sav->spi)));
-- ipsec6stat.out_inval++;
-+ vnet->ipsec6stat.out_inval++;
- m_freem(m);
- return EINVAL;
- }
-@@ -431,7 +440,7 @@
- if (!algo) {
- ipseclog((LOG_ERR, "ah6_output: unsupported algorithm: "
- "SPI=%u\n", (u_int32_t)ntohl(sav->spi)));
-- ipsec6stat.out_inval++;
-+ vnet->ipsec6stat.out_inval++;
- m_freem(m);
- return EINVAL;
- }
-@@ -467,7 +476,7 @@
- ipseclog((LOG_WARNING,
- "replay counter overflowed. %s\n",
- ipsec_logsastr(sav)));
-- ipsec6stat.out_inval++;
-+ vnet->ipsec6stat.out_inval++;
- m_freem(m);
- return EINVAL;
- }
-@@ -487,13 +496,13 @@
- */
- error = ah6_calccksum(m, (caddr_t)ahsumpos, plen, algo, sav);
- if (error) {
-- ipsec6stat.out_inval++;
-+ vnet->ipsec6stat.out_inval++;
- m_freem(m);
- } else {
-- ipsec6stat.out_success++;
-+ vnet->ipsec6stat.out_success++;
- key_sa_recordxfer(sav, m);
- }
-- ipsec6stat.out_ahhist[sav->alg_auth]++;
-+ vnet->ipsec6stat.out_ahhist[sav->alg_auth]++;
-
- return(error);
- }
-diff -urN sys/netinet6/esp.h sys.CORE/netinet6/esp.h
---- sys/netinet6/esp.h Sat Apr 27 22:40:26 2002
-+++ sys.CORE/netinet6/esp.h Wed Jan 31 16:02:43 2007
-@@ -97,7 +97,8 @@
- extern int esp_max_ivlen __P((void));
-
- /* crypt routines */
--extern int esp4_output __P((struct mbuf *, struct ipsecrequest *));
-+extern int esp4_output __P((struct mbuf *, struct ipsecrequest *,
-+ struct vnet *vnet));
- extern void esp4_input __P((struct mbuf *, ...));
- extern size_t esp_hdrsiz __P((struct ipsecrequest *));
-
-diff -urN sys/netinet6/esp6.h sys.CORE/netinet6/esp6.h
---- sys/netinet6/esp6.h Tue Jul 3 04:01:49 2001
-+++ sys.CORE/netinet6/esp6.h Wed Jan 31 16:02:43 2007
-@@ -39,10 +39,10 @@
-
- #ifdef _KERNEL
- extern int esp6_output __P((struct mbuf *, u_char *, struct mbuf *,
-- struct ipsecrequest *));
-+ struct ipsecrequest *, struct vnet *));
- extern int esp6_input __P((struct mbuf **, int *, int));
-
--extern void esp6_ctlinput __P((int, struct sockaddr *, void *));
-+extern void esp6_ctlinput __P((int, struct sockaddr *, void *, struct vnet *));
- #endif /*_KERNEL*/
-
- #endif /*_NETINET6_ESP6_H_*/
-diff -urN sys/netinet6/esp_input.c sys.CORE/netinet6/esp_input.c
---- sys/netinet6/esp_input.c Fri Nov 28 06:52:52 2003
-+++ sys.CORE/netinet6/esp_input.c Wed Jan 31 16:02:43 2007
-@@ -89,6 +89,7 @@
- #include
-
- #include
-+#include
-
- #define IPLEN_FLIPPED
-
-@@ -123,17 +124,21 @@
- int s;
- va_list ap;
- int off, proto;
-+ struct vnet *vnet;
-
- va_start(ap, m);
- off = va_arg(ap, int);
- proto = va_arg(ap, int);
- va_end(ap);
-
-+ if (m == NULL || m->m_pkthdr.rcvif == NULL)
-+ panic("esp4_input: cannot find vnet.");
-+ vnet = m->m_pkthdr.rcvif->if_vnet;
- /* sanity check for alignment. */
- if (off % 4 != 0 || m->m_pkthdr.len % 4 != 0) {
- ipseclog((LOG_ERR, "IPv4 ESP input: packet alignment problem "
- "(off=%d, pktlen=%d)\n", off, m->m_pkthdr.len));
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto bad;
- }
-
-@@ -142,7 +147,7 @@
- if (!m) {
- ipseclog((LOG_DEBUG,
- "IPv4 ESP input: can't pullup in esp4_input\n"));
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto bad;
- }
- }
-@@ -160,11 +165,11 @@
-
- if ((sav = key_allocsa(AF_INET,
- (caddr_t)&ip->ip_src, (caddr_t)&ip->ip_dst,
-- IPPROTO_ESP, spi)) == 0) {
-+ IPPROTO_ESP, spi, vnet)) == 0) {
- ipseclog((LOG_WARNING,
- "IPv4 ESP input: no key association found for spi %u\n",
- (u_int32_t)ntohl(spi)));
-- ipsecstat.in_nosa++;
-+ vnet->ipsecstat.in_nosa++;
- goto bad;
- }
- KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
-@@ -174,7 +179,7 @@
- ipseclog((LOG_DEBUG,
- "IPv4 ESP input: non-mature/dying SA found for spi %u\n",
- (u_int32_t)ntohl(spi)));
-- ipsecstat.in_badspi++;
-+ vnet->ipsecstat.in_badspi++;
- goto bad;
- }
- algo = esp_algorithm_lookup(sav->alg_enc);
-@@ -182,7 +187,7 @@
- ipseclog((LOG_DEBUG, "IPv4 ESP input: "
- "unsupported encryption algorithm for spi %u\n",
- (u_int32_t)ntohl(spi)));
-- ipsecstat.in_badspi++;
-+ vnet->ipsecstat.in_badspi++;
- goto bad;
- }
-
-@@ -191,7 +196,7 @@
- if (ivlen < 0) {
- ipseclog((LOG_ERR, "inproper ivlen in IPv4 ESP input: %s %s\n",
- ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto bad;
- }
-
-@@ -209,7 +214,7 @@
- if (ipsec_chkreplay(ntohl(((struct newesp *)esp)->esp_seq), sav))
- ; /* okey */
- else {
-- ipsecstat.in_espreplay++;
-+ vnet->ipsecstat.in_espreplay++;
- ipseclog((LOG_WARNING,
- "replay packet in IPv4 ESP input: %s %s\n",
- ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));
-@@ -228,14 +233,14 @@
- goto noreplaycheck;
- siz = (((*sumalgo->sumsiz)(sav) + 3) & ~(4 - 1));
- if (m->m_pkthdr.len < off + ESPMAXLEN + siz) {
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto bad;
- }
- if (AH_MAXSUMSIZE < siz) {
- ipseclog((LOG_DEBUG,
- "internal error: AH_MAXSUMSIZE must be larger than %lu\n",
- (u_long)siz));
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto bad;
- }
-
-@@ -244,14 +249,14 @@
- if (esp_auth(m, off, m->m_pkthdr.len - off - siz, sav, sum)) {
- ipseclog((LOG_WARNING, "auth fail in IPv4 ESP input: %s %s\n",
- ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));
-- ipsecstat.in_espauthfail++;
-+ vnet->ipsecstat.in_espauthfail++;
- goto bad;
- }
-
- if (bcmp(sum0, sum, siz) != 0) {
- ipseclog((LOG_WARNING, "auth fail in IPv4 ESP input: %s %s\n",
- ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));
-- ipsecstat.in_espauthfail++;
-+ vnet->ipsecstat.in_espauthfail++;
- goto bad;
- }
-
-@@ -264,7 +269,7 @@
- ip->ip_len = htons(ntohs(ip->ip_len) - siz);
- #endif
- m->m_flags |= M_AUTHIPDGM;
-- ipsecstat.in_espauthsucc++;
-+ vnet->ipsecstat.in_espauthsucc++;
- }
-
- /*
-@@ -272,7 +277,7 @@
- */
- if ((sav->flags & SADB_X_EXT_OLD) == 0 && sav->replay) {
- if (ipsec_updatereplay(ntohl(((struct newesp *)esp)->esp_seq), sav)) {
-- ipsecstat.in_espreplay++;
-+ vnet->ipsecstat.in_espreplay++;
- goto bad;
- }
- }
-@@ -294,7 +299,7 @@
- if (m->m_pkthdr.len < off + esplen + ivlen + sizeof(esptail)) {
- ipseclog((LOG_WARNING,
- "IPv4 ESP input: packet too short\n"));
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto bad;
- }
-
-@@ -303,7 +308,7 @@
- if (!m) {
- ipseclog((LOG_DEBUG,
- "IPv4 ESP input: can't pullup in esp4_input\n"));
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto bad;
- }
- }
-@@ -312,7 +317,7 @@
- * pre-compute and cache intermediate key
- */
- if (esp_schedule(algo, sav) != 0) {
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto bad;
- }
-
-@@ -326,10 +331,10 @@
- m = NULL;
- ipseclog((LOG_ERR, "decrypt fail in IPv4 ESP input: %s\n",
- ipsec_logsastr(sav)));
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto bad;
- }
-- ipsecstat.in_esphist[sav->alg_enc]++;
-+ vnet->ipsecstat.in_esphist[sav->alg_enc]++;
-
- m->m_flags |= M_DECRYPTED;
-
-@@ -346,7 +351,7 @@
- ipseclog((LOG_WARNING,
- "bad pad length in IPv4 ESP input: %s %s\n",
- ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto bad;
- }
-
-@@ -375,36 +380,36 @@
- if (m->m_len < sizeof(*ip)) {
- m = m_pullup(m, sizeof(*ip));
- if (!m) {
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto bad;
- }
- }
- ip = mtod(m, struct ip *);
- /* ECN consideration. */
-- ip_ecn_egress(ip4_ipsec_ecn, &tos, &ip->ip_tos);
-+ ip_ecn_egress(vnet->ip4_ipsec_ecn, &tos, &ip->ip_tos);
- if (!key_checktunnelsanity(sav, AF_INET,
- (caddr_t)&ip->ip_src, (caddr_t)&ip->ip_dst)) {
- ipseclog((LOG_ERR, "ipsec tunnel address mismatch "
- "in IPv4 ESP input: %s %s\n",
- ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto bad;
- }
-
- key_sa_recordxfer(sav, m);
- if (ipsec_addhist(m, IPPROTO_ESP, spi) != 0 ||
- ipsec_addhist(m, IPPROTO_IPV4, 0) != 0) {
-- ipsecstat.in_nomem++;
-+ vnet->ipsecstat.in_nomem++;
- goto bad;
- }
-
- s = splimp();
-- if (IF_QFULL(&ipintrq)) {
-- ipsecstat.in_inval++;
-+ if (IF_QFULL(&g_ipintrq)) {
-+ vnet->ipsecstat.in_inval++;
- splx(s);
- goto bad;
- }
-- IF_ENQUEUE(&ipintrq, m);
-+ IF_ENQUEUE(&g_ipintrq, m);
- m = NULL;
- schednetisr(NETISR_IP); /* can be skipped but to make sure */
- splx(s);
-@@ -435,14 +440,14 @@
-
- key_sa_recordxfer(sav, m);
- if (ipsec_addhist(m, IPPROTO_ESP, spi) != 0) {
-- ipsecstat.in_nomem++;
-+ vnet->ipsecstat.in_nomem++;
- goto bad;
- }
-
- if (nxt != IPPROTO_DONE) {
- if ((inetsw[ip_protox[nxt]].pr_flags & PR_LASTHDR) != 0 &&
-- ipsec4_in_reject(m, NULL)) {
-- ipsecstat.in_polvio++;
-+ ipsec4_in_reject(m, NULL, vnet)) {
-+ vnet->ipsecstat.in_polvio++;
- goto bad;
- }
- (*inetsw[ip_protox[nxt]].pr_input)(m, off, nxt);
-@@ -456,7 +461,7 @@
- printf("DP esp4_input call free SA:%p\n", sav));
- key_freesav(sav);
- }
-- ipsecstat.in_success++;
-+ vnet->ipsecstat.in_success++;
- return;
-
- bad:
-@@ -478,6 +483,7 @@
- int *offp, proto;
- {
- struct mbuf *m = *mp;
-+ struct vnet *vnet;
- int off = *offp;
- struct ip6_hdr *ip6;
- struct esp *esp;
-@@ -491,11 +497,14 @@
- size_t esplen;
- int s;
-
-+ if (m == NULL || m->m_pkthdr.rcvif == NULL)
-+ panic("esp6_input: cannot find vnet.");
-+ vnet = m->m_pkthdr.rcvif->if_vnet;
- /* sanity check for alignment. */
- if (off % 4 != 0 || m->m_pkthdr.len % 4 != 0) {
- ipseclog((LOG_ERR, "IPv6 ESP input: packet alignment problem "
- "(off=%d, pktlen=%d)\n", off, m->m_pkthdr.len));
-- ipsec6stat.in_inval++;
-+ vnet->ipsec6stat.in_inval++;
- goto bad;
- }
-
-@@ -505,7 +514,7 @@
- #else
- IP6_EXTHDR_GET(esp, struct esp *, m, off, ESPMAXLEN);
- if (esp == NULL) {
-- ipsec6stat.in_inval++;
-+ vnet->ipsec6stat.in_inval++;
- return IPPROTO_DONE;
- }
- #endif
-@@ -514,7 +523,7 @@
- if (ntohs(ip6->ip6_plen) == 0) {
- ipseclog((LOG_ERR, "IPv6 ESP input: "
- "ESP with IPv6 jumbogram is not supported.\n"));
-- ipsec6stat.in_inval++;
-+ vnet->ipsec6stat.in_inval++;
- goto bad;
- }
-
-@@ -523,11 +532,11 @@
-
- if ((sav = key_allocsa(AF_INET6,
- (caddr_t)&ip6->ip6_src, (caddr_t)&ip6->ip6_dst,
-- IPPROTO_ESP, spi)) == 0) {
-+ IPPROTO_ESP, spi, vnet)) == 0) {
- ipseclog((LOG_WARNING,
- "IPv6 ESP input: no key association found for spi %u\n",
- (u_int32_t)ntohl(spi)));
-- ipsec6stat.in_nosa++;
-+ vnet->ipsec6stat.in_nosa++;
- goto bad;
- }
- KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
-@@ -537,7 +546,7 @@
- ipseclog((LOG_DEBUG,
- "IPv6 ESP input: non-mature/dying SA found for spi %u\n",
- (u_int32_t)ntohl(spi)));
-- ipsec6stat.in_badspi++;
-+ vnet->ipsec6stat.in_badspi++;
- goto bad;
- }
- algo = esp_algorithm_lookup(sav->alg_enc);
-@@ -545,7 +554,7 @@
- ipseclog((LOG_DEBUG, "IPv6 ESP input: "
- "unsupported encryption algorithm for spi %u\n",
- (u_int32_t)ntohl(spi)));
-- ipsec6stat.in_badspi++;
-+ vnet->ipsec6stat.in_badspi++;
- goto bad;
- }
-
-@@ -554,7 +563,7 @@
- if (ivlen < 0) {
- ipseclog((LOG_ERR, "inproper ivlen in IPv6 ESP input: %s %s\n",
- ipsec6_logpacketstr(ip6, spi), ipsec_logsastr(sav)));
-- ipsec6stat.in_badspi++;
-+ vnet->ipsec6stat.in_badspi++;
- goto bad;
- }
-
-@@ -572,7 +581,7 @@
- if (ipsec_chkreplay(ntohl(((struct newesp *)esp)->esp_seq), sav))
- ; /* okey */
- else {
-- ipsec6stat.in_espreplay++;
-+ vnet->ipsec6stat.in_espreplay++;
- ipseclog((LOG_WARNING,
- "replay packet in IPv6 ESP input: %s %s\n",
- ipsec6_logpacketstr(ip6, spi), ipsec_logsastr(sav)));
-@@ -591,14 +600,14 @@
- goto noreplaycheck;
- siz = (((*sumalgo->sumsiz)(sav) + 3) & ~(4 - 1));
- if (m->m_pkthdr.len < off + ESPMAXLEN + siz) {
-- ipsec6stat.in_inval++;
-+ vnet->ipsec6stat.in_inval++;
- goto bad;
- }
- if (AH_MAXSUMSIZE < siz) {
- ipseclog((LOG_DEBUG,
- "internal error: AH_MAXSUMSIZE must be larger than %lu\n",
- (u_long)siz));
-- ipsec6stat.in_inval++;
-+ vnet->ipsec6stat.in_inval++;
- goto bad;
- }
-
-@@ -607,14 +616,14 @@
- if (esp_auth(m, off, m->m_pkthdr.len - off - siz, sav, sum)) {
- ipseclog((LOG_WARNING, "auth fail in IPv6 ESP input: %s %s\n",
- ipsec6_logpacketstr(ip6, spi), ipsec_logsastr(sav)));
-- ipsec6stat.in_espauthfail++;
-+ vnet->ipsec6stat.in_espauthfail++;
- goto bad;
- }
-
- if (bcmp(sum0, sum, siz) != 0) {
- ipseclog((LOG_WARNING, "auth fail in IPv6 ESP input: %s %s\n",
- ipsec6_logpacketstr(ip6, spi), ipsec_logsastr(sav)));
-- ipsec6stat.in_espauthfail++;
-+ vnet->ipsec6stat.in_espauthfail++;
- goto bad;
- }
-
-@@ -624,7 +633,7 @@
- ip6->ip6_plen = htons(ntohs(ip6->ip6_plen) - siz);
-
- m->m_flags |= M_AUTHIPDGM;
-- ipsec6stat.in_espauthsucc++;
-+ vnet->ipsec6stat.in_espauthsucc++;
- }
-
- /*
-@@ -632,7 +641,7 @@
- */
- if ((sav->flags & SADB_X_EXT_OLD) == 0 && sav->replay) {
- if (ipsec_updatereplay(ntohl(((struct newesp *)esp)->esp_seq), sav)) {
-- ipsec6stat.in_espreplay++;
-+ vnet->ipsec6stat.in_espreplay++;
- goto bad;
- }
- }
-@@ -654,7 +663,7 @@
- if (m->m_pkthdr.len < off + esplen + ivlen + sizeof(esptail)) {
- ipseclog((LOG_WARNING,
- "IPv6 ESP input: packet too short\n"));
-- ipsec6stat.in_inval++;
-+ vnet->ipsec6stat.in_inval++;
- goto bad;
- }
-
-@@ -663,7 +672,7 @@
- #else
- IP6_EXTHDR_GET(esp, struct esp *, m, off, esplen + ivlen);
- if (esp == NULL) {
-- ipsec6stat.in_inval++;
-+ vnet->ipsec6stat.in_inval++;
- m = NULL;
- goto bad;
- }
-@@ -674,7 +683,7 @@
- * pre-compute and cache intermediate key
- */
- if (esp_schedule(algo, sav) != 0) {
-- ipsec6stat.in_inval++;
-+ vnet->ipsec6stat.in_inval++;
- goto bad;
- }
-
-@@ -688,10 +697,10 @@
- m = NULL;
- ipseclog((LOG_ERR, "decrypt fail in IPv6 ESP input: %s\n",
- ipsec_logsastr(sav)));
-- ipsec6stat.in_inval++;
-+ vnet->ipsec6stat.in_inval++;
- goto bad;
- }
-- ipsec6stat.in_esphist[sav->alg_enc]++;
-+ vnet->ipsec6stat.in_esphist[sav->alg_enc]++;
-
- m->m_flags |= M_DECRYPTED;
-
-@@ -708,7 +717,7 @@
- ipseclog((LOG_WARNING,
- "bad pad length in IPv6 ESP input: %s %s\n",
- ipsec6_logpacketstr(ip6, spi), ipsec_logsastr(sav)));
-- ipsec6stat.in_inval++;
-+ vnet->ipsec6stat.in_inval++;
- goto bad;
- }
-
-@@ -740,37 +749,37 @@
- #endif
- m = m_pullup(m, sizeof(*ip6));
- if (!m) {
-- ipsec6stat.in_inval++;
-+ vnet->ipsec6stat.in_inval++;
- goto bad;
- }
- }
- ip6 = mtod(m, struct ip6_hdr *);
- /* ECN consideration. */
-- ip6_ecn_egress(ip6_ipsec_ecn, &flowinfo, &ip6->ip6_flow);
-+ ip6_ecn_egress(vnet->ip6_ipsec_ecn, &flowinfo, &ip6->ip6_flow);
- if (!key_checktunnelsanity(sav, AF_INET6,
- (caddr_t)&ip6->ip6_src, (caddr_t)&ip6->ip6_dst)) {
- ipseclog((LOG_ERR, "ipsec tunnel address mismatch "
- "in IPv6 ESP input: %s %s\n",
- ipsec6_logpacketstr(ip6, spi),
- ipsec_logsastr(sav)));
-- ipsec6stat.in_inval++;
-+ vnet->ipsec6stat.in_inval++;
- goto bad;
- }
-
- key_sa_recordxfer(sav, m);
- if (ipsec_addhist(m, IPPROTO_ESP, spi) != 0 ||
- ipsec_addhist(m, IPPROTO_IPV6, 0) != 0) {
-- ipsec6stat.in_nomem++;
-+ vnet->ipsec6stat.in_nomem++;
- goto bad;
- }
-
- s = splimp();
-- if (IF_QFULL(&ip6intrq)) {
-- ipsec6stat.in_inval++;
-+ if (IF_QFULL(&g_ip6intrq)) {
-+ vnet->ipsec6stat.in_inval++;
- splx(s);
- goto bad;
- }
-- IF_ENQUEUE(&ip6intrq, m);
-+ IF_ENQUEUE(&g_ip6intrq, m);
- m = NULL;
- schednetisr(NETISR_IPV6); /* can be skipped but to make sure */
- splx(s);
-@@ -864,7 +873,7 @@
-
- key_sa_recordxfer(sav, m);
- if (ipsec_addhist(m, IPPROTO_ESP, spi) != 0) {
-- ipsec6stat.in_nomem++;
-+ vnet->ipsec6stat.in_nomem++;
- goto bad;
- }
- }
-@@ -877,7 +886,7 @@
- printf("DP esp6_input call free SA:%p\n", sav));
- key_freesav(sav);
- }
-- ipsec6stat.in_success++;
-+ vnet->ipsec6stat.in_success++;
- return nxt;
-
- bad:
-@@ -892,10 +901,11 @@
- }
-
- void
--esp6_ctlinput(cmd, sa, d)
-+esp6_ctlinput(cmd, sa, d, vnet)
- int cmd;
- struct sockaddr *sa;
- void *d;
-+ struct vnet *vnet;
- {
- const struct newesp *espp;
- struct newesp esp;
-@@ -906,6 +916,8 @@
- int off;
- struct sockaddr_in6 *sa6_src, *sa6_dst;
-
-+ if (vnet == NULL)
-+ panic("esp6_ctlinput: NULL vnet was passed.");
- if (sa->sa_family != AF_INET6 ||
- sa->sa_len != sizeof(struct sockaddr_in6))
- return;
-@@ -921,6 +933,7 @@
- } else {
- m = NULL;
- ip6 = NULL;
-+ off = 0;
- }
-
- if (ip6) {
-@@ -939,7 +952,7 @@
- */
- bzero(&ip6cp1, sizeof(ip6cp1));
- ip6cp1.ip6c_src = ip6cp->ip6c_src;
-- pfctlinput2(cmd, sa, (void *)&ip6cp1);
-+ pfctlinput2(cmd, sa, (void *)&ip6cp1, vnet);
-
- /*
- * Then go to special cases that need ESP header information.
-@@ -973,7 +986,7 @@
- sav = key_allocsa(AF_INET6,
- (caddr_t)&sa6_src->sin6_addr,
- (caddr_t)&sa6_dst->sin6_addr,
-- IPPROTO_ESP, espp->esp_spi);
-+ IPPROTO_ESP, espp->esp_spi, vnet);
- if (sav) {
- if (sav->state == SADB_SASTATE_MATURE ||
- sav->state == SADB_SASTATE_DYING)
-@@ -990,7 +1003,7 @@
- * corresponding routing entry, or
- * - ignore the MTU change notification.
- */
-- icmp6_mtudisc_update((struct ip6ctlparam *)d, valid);
-+ icmp6_mtudisc_update((struct ip6ctlparam *)d, valid, vnet);
- }
- } else {
- /* we normally notify any pcb here */
-diff -urN sys/netinet6/esp_output.c sys.CORE/netinet6/esp_output.c
---- sys/netinet6/esp_output.c Fri Nov 28 06:54:26 2003
-+++ sys.CORE/netinet6/esp_output.c Wed Jan 31 16:02:43 2007
-@@ -78,9 +78,10 @@
- #include
-
- #include
-+#include
-
- static int esp_output __P((struct mbuf *, u_char *, struct mbuf *,
-- struct ipsecrequest *, int));
-+ struct ipsecrequest *, int, struct vnet *));
-
- /*
- * compute ESP header size.
-@@ -174,12 +175,13 @@
- * <-----------------> espoff
- */
- static int
--esp_output(m, nexthdrp, md, isr, af)
-+esp_output(m, nexthdrp, md, isr, af, vnet)
- struct mbuf *m;
- u_char *nexthdrp;
- struct mbuf *md;
- struct ipsecrequest *isr;
- int af;
-+ struct vnet *vnet;
- {
- struct mbuf *n;
- struct mbuf *mprev;
-@@ -197,17 +199,19 @@
- int error = 0;
- struct ipsecstat *stat;
-
-+ if (vnet == NULL)
-+ panic("esp6_output: NULL vnet was passed.");
- switch (af) {
- #ifdef INET
- case AF_INET:
- afnumber = 4;
-- stat = &ipsecstat;
-+ stat = &vnet->ipsecstat;
- break;
- #endif
- #ifdef INET6
- case AF_INET6:
- afnumber = 6;
-- stat = &ipsec6stat;
-+ stat = &vnet->ipsec6stat;
- break;
- #endif
- default:
-@@ -229,7 +233,7 @@
- (u_int32_t)ntohl(ip->ip_src.s_addr),
- (u_int32_t)ntohl(ip->ip_dst.s_addr),
- (u_int32_t)ntohl(sav->spi)));
-- ipsecstat.out_inval++;
-+ vnet->ipsecstat.out_inval++;
- break;
- }
- #endif /* INET */
-@@ -238,7 +242,7 @@
- ipseclog((LOG_DEBUG, "esp6_output: internal error: "
- "sav->replay is null: SPI=%u\n",
- (u_int32_t)ntohl(sav->spi)));
-- ipsec6stat.out_inval++;
-+ vnet->ipsec6stat.out_inval++;
- break;
- #endif /* INET6 */
- default:
-@@ -368,7 +372,7 @@
- else {
- ipseclog((LOG_ERR,
- "IPv4 ESP output: size exceeds limit\n"));
-- ipsecstat.out_inval++;
-+ vnet->ipsecstat.out_inval++;
- m_freem(m);
- error = EMSGSIZE;
- goto fail;
-@@ -435,12 +439,12 @@
- switch (af) {
- #ifdef INET
- case AF_INET:
-- randpadmax = ip4_esp_randpad;
-+ randpadmax = vnet->ip4_esp_randpad;
- break;
- #endif
- #ifdef INET6
- case AF_INET6:
-- randpadmax = ip6_esp_randpad;
-+ randpadmax = vnet->ip6_esp_randpad;
- break;
- #endif
- default:
-@@ -539,7 +543,7 @@
- else {
- ipseclog((LOG_ERR,
- "IPv4 ESP output: size exceeds limit\n"));
-- ipsecstat.out_inval++;
-+ vnet->ipsecstat.out_inval++;
- m_freem(m);
- error = EMSGSIZE;
- goto fail;
-@@ -651,7 +655,7 @@
- else {
- ipseclog((LOG_ERR,
- "IPv4 ESP output: size exceeds limit\n"));
-- ipsecstat.out_inval++;
-+ vnet->ipsecstat.out_inval++;
- m_freem(m);
- error = EMSGSIZE;
- goto fail;
-@@ -686,9 +690,10 @@
-
- #ifdef INET
- int
--esp4_output(m, isr)
-+esp4_output(m, isr, vnet)
- struct mbuf *m;
- struct ipsecrequest *isr;
-+ struct vnet *vnet;
- {
- struct ip *ip;
- if (m->m_len < sizeof(struct ip)) {
-@@ -698,23 +703,24 @@
- }
- ip = mtod(m, struct ip *);
- /* XXX assumes that m->m_next points to payload */
-- return esp_output(m, &ip->ip_p, m->m_next, isr, AF_INET);
-+ return esp_output(m, &ip->ip_p, m->m_next, isr, AF_INET, vnet);
- }
- #endif /* INET */
-
- #ifdef INET6
- int
--esp6_output(m, nexthdrp, md, isr)
-+esp6_output(m, nexthdrp, md, isr, vnet)
- struct mbuf *m;
- u_char *nexthdrp;
- struct mbuf *md;
- struct ipsecrequest *isr;
-+ struct vnet *vnet;
- {
- if (m->m_len < sizeof(struct ip6_hdr)) {
- ipseclog((LOG_DEBUG, "esp6_output: first mbuf too short\n"));
- m_freem(m);
- return 0;
- }
-- return esp_output(m, nexthdrp, md, isr, AF_INET6);
-+ return esp_output(m, nexthdrp, md, isr, AF_INET6, vnet);
- }
- #endif /* INET6 */
-diff -urN sys/netinet6/icmp6.c sys.CORE/netinet6/icmp6.c
---- sys/netinet6/icmp6.c Wed Jan 31 15:57:05 2007
-+++ sys.CORE/netinet6/icmp6.c Wed Jan 31 16:02:43 2007
-@@ -2416,7 +2416,7 @@
- bcopy(&reddst6, &sdst.sin6_addr, sizeof(struct in6_addr));
- pfctlinput(PRC_REDIRECT_HOST, (struct sockaddr *)&sdst, vnet);
- #ifdef IPSEC
-- key_sa_routechange((struct sockaddr *)&sdst);
-+ key_sa_routechange((struct sockaddr *)&sdst, vnet);
- #endif
- }
-
-diff -urN sys/netinet6/in6_ifattach.c sys.CORE/netinet6/in6_ifattach.c
---- sys/netinet6/in6_ifattach.c Wed Jan 31 15:57:05 2007
-+++ sys.CORE/netinet6/in6_ifattach.c Wed Jan 31 16:02:43 2007
-@@ -1032,6 +1032,8 @@
-
- bzero(nullbuf, sizeof(nullbuf));
- for (i = 1; i < vnet->if_index + 1; i++) {
-+ if (vnet->nd_ifinfo == NULL) /* nd6 not initialized yet! */
-+ continue;
- ndi = &vnet->nd_ifinfo[i];
- if (bcmp(ndi->randomid, nullbuf, sizeof(nullbuf)) != 0) {
- /*
-diff -urN sys/netinet6/in6_proto.c sys.CORE/netinet6/in6_proto.c
---- sys/netinet6/in6_proto.c Wed Jan 31 15:57:05 2007
-+++ sys.CORE/netinet6/in6_proto.c Wed Jan 31 16:02:43 2007
-@@ -209,7 +209,7 @@
- #ifdef IPSEC
- { SOCK_RAW, &inet6domain, IPPROTO_AH, PR_ATOMIC|PR_ADDR,
- ah6_input, 0, 0, 0,
-- 0,
-+ 0, 0,
- 0, 0, 0, 0,
- &nousrreqs,
- },
-@@ -218,14 +218,14 @@
- esp6_input, 0,
- esp6_ctlinput,
- 0,
-- 0,
-+ 0, 0,
- 0, 0, 0, 0,
- &nousrreqs,
- },
- #endif
- { SOCK_RAW, &inet6domain, IPPROTO_IPCOMP, PR_ATOMIC|PR_ADDR,
- ipcomp6_input, 0, 0, 0,
-- 0,
-+ 0, 0,
- 0, 0, 0, 0,
- &nousrreqs,
- },
-diff -urN sys/netinet6/ip6_forward.c sys.CORE/netinet6/ip6_forward.c
---- sys/netinet6/ip6_forward.c Wed Jan 31 15:57:05 2007
-+++ sys.CORE/netinet6/ip6_forward.c Wed Jan 31 16:02:43 2007
-@@ -122,9 +122,9 @@
- * Don't increment ip6s_cantforward because this is the check
- * before forwarding packet actually.
- */
-- if (ipsec6_in_reject(m, NULL)) {
-+ if (ipsec6_in_reject(m, NULL, vnet)) {
- #if !defined(FAST_IPSEC)
-- ipsec6stat.in_polvio++;
-+ vnet->ipsec6stat.in_polvio++;
- #endif
- m_freem(m);
- return;
-@@ -178,9 +178,9 @@
- #ifdef IPSEC
- /* get a security policy for this packet */
- sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, IP_FORWARDING,
-- &error);
-+ &error, vnet);
- if (sp == NULL) {
-- ipsec6stat.out_inval++;
-+ vnet->ipsec6stat.out_inval++;
- vnet->ip6stat.ip6s_cantforward++;
- if (mcopy) {
- #if 0
-@@ -201,7 +201,7 @@
- /*
- * This packet is just discarded.
- */
-- ipsec6stat.out_polvio++;
-+ vnet->ipsec6stat.out_polvio++;
- vnet->ip6stat.ip6s_cantforward++;
- key_freesp(sp);
- if (mcopy) {
-@@ -263,7 +263,7 @@
- state.ro = NULL; /* update at ipsec6_output_tunnel() */
- state.dst = NULL; /* update at ipsec6_output_tunnel() */
-
-- error = ipsec6_output_tunnel(&state, sp, 0);
-+ error = ipsec6_output_tunnel(&state, sp, 0, vnet);
-
- m = state.m;
- key_freesp(sp);
-@@ -401,10 +401,10 @@
- * encapsulated packet as "rt->rt_ifp".
- */
- sp = ipsec6_getpolicybyaddr(mcopy, IPSEC_DIR_OUTBOUND,
-- IP_FORWARDING, &ipsecerror);
-+ IP_FORWARDING, &ipsecerror, vnet);
- if (sp) {
- ipsechdrsiz = ipsec6_hdrsiz(mcopy,
-- IPSEC_DIR_OUTBOUND, NULL);
-+ IPSEC_DIR_OUTBOUND, NULL, vnet);
- if (ipsechdrsiz < mtu)
- mtu -= ipsechdrsiz;
- }
-diff -urN sys/netinet6/ip6_input.c sys.CORE/netinet6/ip6_input.c
---- sys/netinet6/ip6_input.c Wed Jan 31 15:57:05 2007
-+++ sys.CORE/netinet6/ip6_input.c Wed Jan 31 16:02:43 2007
-@@ -928,8 +928,8 @@
- * code - like udp/tcp/raw ip.
- */
- if ((inet6sw[ip6_protox[nxt]].pr_flags & PR_LASTHDR) != 0 &&
-- ipsec6_in_reject(m, NULL)) {
-- ipsec6stat.in_polvio++;
-+ ipsec6_in_reject(m, NULL, vnet)) {
-+ vnet->ipsec6stat.in_polvio++;
- goto bad;
- }
- #endif
-diff -urN sys/netinet6/ip6_output.c sys.CORE/netinet6/ip6_output.c
---- sys/netinet6/ip6_output.c Wed Jan 31 15:57:05 2007
-+++ sys.CORE/netinet6/ip6_output.c Wed Jan 31 16:02:43 2007
-@@ -193,6 +193,8 @@
- ip6 = mtod(m, struct ip6_hdr *);
- #endif /* FAST_IPSEC */
-
-+ if (vnet == NULL)
-+ panic("ip6_output: NULL vnet was passed.");
- #define MAKE_EXTHDR(hp, mp) \
- do { \
- if (hp) { \
-@@ -221,12 +223,12 @@
- #ifdef IPSEC
- /* get a security policy for this packet */
- if (so == NULL)
-- sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error);
-+ sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error, vnet);
- else
- sp = ipsec6_getpolicybysock(m, IPSEC_DIR_OUTBOUND, so, &error);
-
- if (sp == NULL) {
-- ipsec6stat.out_inval++;
-+ vnet->ipsec6stat.out_inval++;
- goto freehdrs;
- }
-
-@@ -238,7 +240,7 @@
- /*
- * This packet is just discarded.
- */
-- ipsec6stat.out_polvio++;
-+ vnet->ipsec6stat.out_polvio++;
- goto freehdrs;
-
- case IPSEC_POLICY_BYPASS:
-@@ -250,7 +252,7 @@
- case IPSEC_POLICY_IPSEC:
- if (sp->req == NULL) {
- /* acquire a policy */
-- error = key_spdacquire(sp);
-+ error = key_spdacquire(sp, vnet);
- goto freehdrs;
- }
- needipsec = 1;
-@@ -436,7 +438,7 @@
- bzero(&state, sizeof(state));
- state.m = m;
- error = ipsec6_output_trans(&state, nexthdrp, mprev, sp, flags,
-- &needipsectun);
-+ &needipsectun, vnet);
- m = state.m;
- if (error) {
- /* mbuf is already reclaimed in ipsec6_output_trans. */
-@@ -562,7 +564,7 @@
- state.ro = (struct route *)ro;
- state.dst = (struct sockaddr *)dst;
-
-- error = ipsec6_output_tunnel(&state, sp, flags);
-+ error = ipsec6_output_tunnel(&state, sp, flags, vnet);
-
- m = state.m;
- ro = (struct route_in6 *)state.ro;
-@@ -1337,6 +1339,8 @@
- int alwaysfrag = 0;
- int error = 0;
-
-+ if (vnet == NULL)
-+ panic("ip6_getpmtu: NULL vnet was passed.");
- if (ro_pmtu != ro) {
- /* The first hop and the final destination may differ. */
- struct sockaddr_in6 *sa6_dst =
-@@ -1416,6 +1420,8 @@
- int optlen;
- struct proc *p;
-
-+ if (vnet == NULL)
-+ panic("ip6_ctloutput: NULL vnet from socket.");
- if (sopt) {
- level = sopt->sopt_level;
- op = sopt->sopt_dir;
-@@ -1853,6 +1859,8 @@
- struct proc *p = sopt->sopt_p;
- int priv = 0;
-
-+ if (vnet == NULL)
-+ panic("ip6_pcbopts: NULL vnet from socket.");
- /* turn off any old options. */
- if (opt) {
- #ifdef DIAGNOSTIC
-@@ -2042,6 +2050,8 @@
- struct in6_multi_mship *imm;
- struct proc *p = curproc; /* XXX */
-
-+ if (vnet == NULL)
-+ panic("ip6_setmoptions: NULL vnet passed.");
- if (im6o == NULL) {
- /*
- * No multicast option buffer attached to the pcb;
-@@ -2326,6 +2336,8 @@
-
- *mp = m_get(M_WAIT, MT_HEADER); /* XXX */
-
-+ if (vnet == NULL)
-+ panic("ip6_getmoptions: NULL vnet was passed.");
- switch (optname) {
-
- case IPV6_MULTICAST_IF:
-diff -urN sys/netinet6/ipcomp_input.c sys.CORE/netinet6/ipcomp_input.c
---- sys/netinet6/ipcomp_input.c Sat Apr 27 22:40:27 2002
-+++ sys.CORE/netinet6/ipcomp_input.c Wed Jan 31 16:02:43 2007
-@@ -47,6 +47,7 @@
- #include
- #include
-
-+/*#include */
- #include
- #include
- #include
-@@ -79,6 +80,7 @@
- #include
-
- #include
-+#include
-
- #define IPLEN_FLIPPED
-
-@@ -106,6 +108,7 @@
- size_t newlen, olen;
- struct secasvar *sav = NULL;
- int off, proto;
-+ struct vnet *vnet;
- va_list ap;
-
- va_start(ap, m);
-@@ -113,10 +116,14 @@
- proto = va_arg(ap, int);
- va_end(ap);
-
-+ if (m == NULL || m->m_pkthdr.rcvif == NULL)
-+ panic("ipcomp_input: cannot find vnet.");
-+ vnet = m->m_pkthdr.rcvif->if_vnet;
-+
- if (m->m_pkthdr.len < off + sizeof(struct ipcomp)) {
- ipseclog((LOG_DEBUG, "IPv4 IPComp input: assumption failed "
- "(packet too short)\n"));
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto fail;
- }
-
-@@ -125,7 +132,7 @@
- m = NULL; /* already freed */
- ipseclog((LOG_DEBUG, "IPv4 IPComp input: assumption failed "
- "(pulldown failure)\n"));
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto fail;
- }
- ipcomp = mtod(md, struct ipcomp *);
-@@ -141,7 +148,7 @@
-
- if (cpi >= IPCOMP_CPI_NEGOTIATE_MIN) {
- sav = key_allocsa(AF_INET, (caddr_t)&ip->ip_src,
-- (caddr_t)&ip->ip_dst, IPPROTO_IPCOMP, htonl(cpi));
-+ (caddr_t)&ip->ip_dst, IPPROTO_IPCOMP, htonl(cpi), vnet);
- if (sav != NULL
- && (sav->state == SADB_SASTATE_MATURE
- || sav->state == SADB_SASTATE_DYING)) {
-@@ -153,7 +160,7 @@
- if (!algo) {
- ipseclog((LOG_WARNING, "IPv4 IPComp input: unknown cpi %u\n",
- cpi));
-- ipsecstat.in_nosa++;
-+ vnet->ipsecstat.in_nosa++;
- goto fail;
- }
-
-@@ -173,13 +180,13 @@
- error = (*algo->decompress)(m, m->m_next, &newlen);
- if (error != 0) {
- if (error == EINVAL)
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- else if (error == ENOBUFS)
-- ipsecstat.in_nomem++;
-+ vnet->ipsecstat.in_nomem++;
- m = NULL;
- goto fail;
- }
-- ipsecstat.in_comphist[cpi]++;
-+ vnet->ipsecstat.in_comphist[cpi]++;
-
- /*
- * returning decompressed packet onto icmp is meaningless.
-@@ -204,7 +211,7 @@
- len -= olen;
- if (len & ~0xffff) {
- /* packet too big after decompress */
-- ipsecstat.in_inval++;
-+ vnet->ipsecstat.in_inval++;
- goto fail;
- }
- #ifdef IPLEN_FLIPPED
-@@ -218,7 +225,7 @@
- if (sav) {
- key_sa_recordxfer(sav, m);
- if (ipsec_addhist(m, IPPROTO_IPCOMP, (u_int32_t)cpi) != 0) {
-- ipsecstat.in_nomem++;
-+ vnet->ipsecstat.in_nomem++;
- goto fail;
- }
- key_freesav(sav);
-@@ -227,8 +234,8 @@
-
- if (nxt != IPPROTO_DONE) {
- if ((inetsw[ip_protox[nxt]].pr_flags & PR_LASTHDR) != 0 &&
-- ipsec4_in_reject(m, NULL)) {
-- ipsecstat.in_polvio++;
-+ ipsec4_in_reject(m, NULL, vnet)) {
-+ vnet->ipsecstat.in_polvio++;
- goto fail;
- }
- (*inetsw[ip_protox[nxt]].pr_input)(m, off, nxt);
-@@ -236,7 +243,7 @@
- m_freem(m);
- m = NULL;
-
-- ipsecstat.in_success++;
-+ vnet->ipsecstat.in_success++;
- return;
-
- fail:
-@@ -265,16 +272,20 @@
- size_t newlen;
- struct secasvar *sav = NULL;
- char *prvnxtp;
-+ struct vnet *vnet = NULL;
-
- m = *mp;
- off = *offp;
-
-+ if (m == NULL || m->m_pkthdr.rcvif == NULL)
-+ panic("ipcomp6_input: unable to find vnet.");
-+ vnet = m->m_pkthdr.rcvif->if_vnet;
- md = m_pulldown(m, off, sizeof(*ipcomp), NULL);
- if (!m) {
- m = NULL; /* already freed */
- ipseclog((LOG_DEBUG, "IPv6 IPComp input: assumption failed "
- "(pulldown failure)\n"));
-- ipsec6stat.in_inval++;
-+ vnet->ipsec6stat.in_inval++;
- goto fail;
- }
- ipcomp = mtod(md, struct ipcomp *);
-@@ -285,7 +296,8 @@
-
- if (cpi >= IPCOMP_CPI_NEGOTIATE_MIN) {
- sav = key_allocsa(AF_INET6, (caddr_t)&ip6->ip6_src,
-- (caddr_t)&ip6->ip6_dst, IPPROTO_IPCOMP, htonl(cpi));
-+ (caddr_t)&ip6->ip6_dst, IPPROTO_IPCOMP, htonl(cpi),
-+ vnet);
- if (sav != NULL
- && (sav->state == SADB_SASTATE_MATURE
- || sav->state == SADB_SASTATE_DYING)) {
-@@ -297,7 +309,7 @@
- if (!algo) {
- ipseclog((LOG_WARNING, "IPv6 IPComp input: unknown cpi %u; "
- "dropping the packet for simplicity\n", cpi));
-- ipsec6stat.in_nosa++;
-+ vnet->ipsec6stat.in_nosa++;
- goto fail;
- }
-
-@@ -311,13 +323,13 @@
- error = (*algo->decompress)(m, md, &newlen);
- if (error != 0) {
- if (error == EINVAL)
-- ipsec6stat.in_inval++;
-+ vnet->ipsec6stat.in_inval++;
- else if (error == ENOBUFS)
-- ipsec6stat.in_nomem++;
-+ vnet->ipsec6stat.in_nomem++;
- m = NULL;
- goto fail;
- }
-- ipsec6stat.in_comphist[cpi]++;
-+ vnet->ipsec6stat.in_comphist[cpi]++;
- m->m_pkthdr.len = off + newlen;
-
- /*
-@@ -338,7 +350,7 @@
- if (sav) {
- key_sa_recordxfer(sav, m);
- if (ipsec_addhist(m, IPPROTO_IPCOMP, (u_int32_t)cpi) != 0) {
-- ipsec6stat.in_nomem++;
-+ vnet->ipsec6stat.in_nomem++;
- goto fail;
- }
- key_freesav(sav);
-@@ -346,7 +358,7 @@
- }
- *offp = off;
- *mp = m;
-- ipsec6stat.in_success++;
-+ vnet->ipsec6stat.in_success++;
- return nxt;
-
- fail:
-diff -urN sys/netinet6/ipcomp_output.c sys.CORE/netinet6/ipcomp_output.c
---- sys/netinet6/ipcomp_output.c Tue Apr 29 01:33:50 2003
-+++ sys.CORE/netinet6/ipcomp_output.c Wed Jan 31 16:02:43 2007
-@@ -80,6 +80,7 @@
- #include
-
- #include
-+#include
-
- static int ipcomp_output __P((struct mbuf *, u_char *, struct mbuf *,
- struct ipsecrequest *, int));
-@@ -123,18 +124,23 @@
- int afnumber;
- int error = 0;
- struct ipsecstat *stat;
-+ struct vnet *vnet;
-+
-+ if (m == NULL || m->m_pkthdr.rcvif == NULL)
-+ panic("ipcomp_output: unable to get vnet.");
-+ vnet = m->m_pkthdr.rcvif->if_vnet;
-
- switch (af) {
- #ifdef INET
- case AF_INET:
- afnumber = 4;
-- stat = &ipsecstat;
-+ stat = &vnet->ipsecstat;
- break;
- #endif
- #ifdef INET6
- case AF_INET6:
- afnumber = 6;
-- stat = &ipsec6stat;
-+ stat = &vnet->ipsec6stat;
- break;
- #endif
- default:
-@@ -309,7 +315,7 @@
- else {
- ipseclog((LOG_ERR,
- "IPv4 ESP output: size exceeds limit\n"));
-- ipsecstat.out_inval++;
-+ vnet->ipsecstat.out_inval++;
- m_freem(m);
- error = EMSGSIZE;
- goto fail;
-@@ -353,9 +359,14 @@
- struct ipsecrequest *isr;
- {
- struct ip *ip;
-+ struct vnet *vnet;
-+
-+ if (m == NULL || m->m_pkthdr.rcvif == NULL)
-+ panic("ipcomp4_output: unable to get vnet.");
-+ vnet = m->m_pkthdr.rcvif->if_vnet;
- if (m->m_len < sizeof(struct ip)) {
- ipseclog((LOG_DEBUG, "ipcomp4_output: first mbuf too short\n"));
-- ipsecstat.out_inval++;
-+ vnet->ipsecstat.out_inval++;
- m_freem(m);
- return 0;
- }
-@@ -373,9 +384,13 @@
- struct mbuf *md;
- struct ipsecrequest *isr;
- {
-+ struct vnet *vnet;
-+ if (m == NULL || m->m_pkthdr.rcvif == NULL)
-+ panic("ipcomp6_output: cannot find vnet.");
-+ vnet = m->m_pkthdr.rcvif->if_vnet;
- if (m->m_len < sizeof(struct ip6_hdr)) {
- ipseclog((LOG_DEBUG, "ipcomp6_output: first mbuf too short\n"));
-- ipsec6stat.out_inval++;
-+ vnet->ipsec6stat.out_inval++;
- m_freem(m);
- return 0;
- }
-diff -urN sys/netinet6/ipsec.c sys.CORE/netinet6/ipsec.c
---- sys/netinet6/ipsec.c Wed Jan 31 15:57:05 2007
-+++ sys.CORE/netinet6/ipsec.c Wed Jan 31 16:02:43 2007
-@@ -112,6 +112,7 @@
- int ipsec_debug = 0;
- #endif
-
-+#ifdef MOVED_TO_VNET
- struct ipsecstat ipsecstat;
- int ip4_ah_cleartos = 1;
- int ip4_ah_offsetmask = 0; /* maybe IP_DF? */
-@@ -123,6 +124,7 @@
- struct secpolicy ip4_def_policy;
- int ip4_ipsec_ecn = 0; /* ECN ignore(-1)/forbidden(0)/allowed(1) */
- int ip4_esp_randpad = -1;
-+#endif
-
- #ifdef SYSCTL_DECL
- SYSCTL_DECL(_net_inet_ipsec);
-@@ -132,32 +134,33 @@
- #endif
-
- /* net.inet.ipsec */
--SYSCTL_STRUCT(_net_inet_ipsec, IPSECCTL_STATS,
-- stats, CTLFLAG_RD, &ipsecstat, ipsecstat, "");
--SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_POLICY,
-- def_policy, CTLFLAG_RW, &ip4_def_policy.policy, 0, "");
--SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_ESP_TRANSLEV, esp_trans_deflev,
-- CTLFLAG_RW, &ip4_esp_trans_deflev, 0, "");
--SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_ESP_NETLEV, esp_net_deflev,
-- CTLFLAG_RW, &ip4_esp_net_deflev, 0, "");
--SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_AH_TRANSLEV, ah_trans_deflev,
-- CTLFLAG_RW, &ip4_ah_trans_deflev, 0, "");
--SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_AH_NETLEV, ah_net_deflev,
-- CTLFLAG_RW, &ip4_ah_net_deflev, 0, "");
--SYSCTL_INT(_net_inet_ipsec, IPSECCTL_AH_CLEARTOS,
-- ah_cleartos, CTLFLAG_RW, &ip4_ah_cleartos, 0, "");
--SYSCTL_INT(_net_inet_ipsec, IPSECCTL_AH_OFFSETMASK,
-- ah_offsetmask, CTLFLAG_RW, &ip4_ah_offsetmask, 0, "");
--SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DFBIT,
-- dfbit, CTLFLAG_RW, &ip4_ipsec_dfbit, 0, "");
--SYSCTL_INT(_net_inet_ipsec, IPSECCTL_ECN,
-- ecn, CTLFLAG_RW, &ip4_ipsec_ecn, 0, "");
-+SYSCTL_V_STRUCT(V_NET, _net_inet_ipsec, IPSECCTL_STATS,
-+ stats, CTLFLAG_RD, v_ipsecstat, ipsecstat, "");
-+SYSCTL_V_INT(V_NET, _net_inet_ipsec, IPSECCTL_DEF_POLICY,
-+ def_policy, CTLFLAG_RW, &((struct secpolicy*)v_ip4_def_policy)->policy, 0, "");
-+SYSCTL_V_INT(V_NET, _net_inet_ipsec, IPSECCTL_DEF_ESP_TRANSLEV,
-+ esp_trans_deflev, CTLFLAG_RW, v_ip4_esp_trans_deflev, 0, "");
-+SYSCTL_V_INT(V_NET, _net_inet_ipsec, IPSECCTL_DEF_ESP_NETLEV, esp_net_deflev,
-+ CTLFLAG_RW, v_ip4_esp_net_deflev, 0, "");
-+SYSCTL_V_INT(V_NET, _net_inet_ipsec, IPSECCTL_DEF_AH_TRANSLEV, ah_trans_deflev,
-+ CTLFLAG_RW, v_ip4_ah_trans_deflev, 0, "");
-+SYSCTL_V_INT(V_NET, _net_inet_ipsec, IPSECCTL_DEF_AH_NETLEV, ah_net_deflev,
-+ CTLFLAG_RW, v_ip4_ah_net_deflev, 0, "");
-+SYSCTL_V_INT(V_NET, _net_inet_ipsec, IPSECCTL_AH_CLEARTOS,
-+ ah_cleartos, CTLFLAG_RW, v_ip4_ah_cleartos, 0, "");
-+SYSCTL_V_INT(V_NET, _net_inet_ipsec, IPSECCTL_AH_OFFSETMASK,
-+ ah_offsetmask, CTLFLAG_RW, v_ip4_ah_offsetmask, 0, "");
-+SYSCTL_V_INT(V_NET, _net_inet_ipsec, IPSECCTL_DFBIT,
-+ dfbit, CTLFLAG_RW, v_ip4_ipsec_dfbit, 0, "");
-+SYSCTL_V_INT(V_NET, _net_inet_ipsec, IPSECCTL_ECN,
-+ ecn, CTLFLAG_RW, v_ip4_ipsec_ecn, 0, "");
- SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG,
- debug, CTLFLAG_RW, &ipsec_debug, 0, "");
--SYSCTL_INT(_net_inet_ipsec, IPSECCTL_ESP_RANDPAD,
-- esp_randpad, CTLFLAG_RW, &ip4_esp_randpad, 0, "");
-+SYSCTL_V_INT(V_NET, _net_inet_ipsec, IPSECCTL_ESP_RANDPAD,
-+ esp_randpad, CTLFLAG_RW, v_ip4_esp_randpad, 0, "");
-
- #ifdef INET6
-+#ifdef MOVED_TO_VNET
- struct ipsecstat ipsec6stat;
- int ip6_esp_trans_deflev = IPSEC_LEVEL_USE;
- int ip6_esp_net_deflev = IPSEC_LEVEL_USE;
-@@ -166,26 +169,27 @@
- struct secpolicy ip6_def_policy;
- int ip6_ipsec_ecn = 0; /* ECN ignore(-1)/forbidden(0)/allowed(1) */
- int ip6_esp_randpad = -1;
-+#endif /* MOVED_TO_VNET */
-
- /* net.inet6.ipsec6 */
--SYSCTL_STRUCT(_net_inet6_ipsec6, IPSECCTL_STATS,
-- stats, CTLFLAG_RD, &ipsec6stat, ipsecstat, "");
--SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_POLICY,
-- def_policy, CTLFLAG_RW, &ip6_def_policy.policy, 0, "");
--SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_ESP_TRANSLEV, esp_trans_deflev,
-- CTLFLAG_RW, &ip6_esp_trans_deflev, 0, "");
--SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_ESP_NETLEV, esp_net_deflev,
-- CTLFLAG_RW, &ip6_esp_net_deflev, 0, "");
--SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_AH_TRANSLEV, ah_trans_deflev,
-- CTLFLAG_RW, &ip6_ah_trans_deflev, 0, "");
--SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_AH_NETLEV, ah_net_deflev,
-- CTLFLAG_RW, &ip6_ah_net_deflev, 0, "");
--SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_ECN,
-- ecn, CTLFLAG_RW, &ip6_ipsec_ecn, 0, "");
-+SYSCTL_V_STRUCT(V_NET, _net_inet6_ipsec6, IPSECCTL_STATS,
-+ stats, CTLFLAG_RD, v_ipsec6stat, ipsecstat, "");
-+SYSCTL_V_INT(V_NET, _net_inet6_ipsec6, IPSECCTL_DEF_POLICY,
-+ def_policy, CTLFLAG_RW, &((struct secpolicy *)v_ip6_def_policy)->policy, 0, "");
-+SYSCTL_V_INT(V_NET, _net_inet6_ipsec6, IPSECCTL_DEF_ESP_TRANSLEV,
-+ esp_trans_deflev, CTLFLAG_RW, v_ip6_esp_trans_deflev, 0, "");
-+SYSCTL_V_INT(V_NET, _net_inet6_ipsec6, IPSECCTL_DEF_ESP_NETLEV, esp_net_deflev,
-+ CTLFLAG_RW, v_ip6_esp_net_deflev, 0, "");
-+SYSCTL_V_INT(V_NET, _net_inet6_ipsec6, IPSECCTL_DEF_AH_TRANSLEV,
-+ ah_trans_deflev, CTLFLAG_RW, v_ip6_ah_trans_deflev, 0, "");
-+SYSCTL_V_INT(V_NET, _net_inet6_ipsec6, IPSECCTL_DEF_AH_NETLEV, ah_net_deflev,
-+ CTLFLAG_RW, v_ip6_ah_net_deflev, 0, "");
-+SYSCTL_V_INT(V_NET, _net_inet6_ipsec6, IPSECCTL_ECN,
-+ ecn, CTLFLAG_RW, v_ip6_ipsec_ecn, 0, "");
- SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG,
- debug, CTLFLAG_RW, &ipsec_debug, 0, "");
--SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_ESP_RANDPAD,
-- esp_randpad, CTLFLAG_RW, &ip6_esp_randpad, 0, "");
-+SYSCTL_V_INT(V_NET, _net_inet6_ipsec6, IPSECCTL_ESP_RANDPAD,
-+ esp_randpad, CTLFLAG_RW, v_ip6_esp_randpad, 0, "");
- #endif /* INET6 */
-
- static int ipsec_setspidx_mbuf
-@@ -217,10 +221,10 @@
- static struct mbuf *ipsec6_splithdr __P((struct mbuf *));
- #endif
- #ifdef INET
--static int ipsec4_encapsulate __P((struct mbuf *, struct secasvar *));
-+static int ipsec4_encapsulate __P((struct mbuf *, struct secasvar *, struct vnet *));
- #endif
- #ifdef INET6
--static int ipsec6_encapsulate __P((struct mbuf *, struct secasvar *));
-+static int ipsec6_encapsulate __P((struct mbuf *, struct secasvar *, struct vnet *));
- #endif
-
- /*
-@@ -245,11 +249,15 @@
- struct inpcbpolicy *pcbsp = NULL;
- struct secpolicy *currsp = NULL; /* policy on socket */
- struct secpolicy *kernsp = NULL; /* policy on kernel */
-+ struct vnet *vnet;
-
- /* sanity check */
- if (m == NULL || so == NULL || error == NULL)
- panic("ipsec4_getpolicybysock: NULL pointer was passed.");
--
-+ vnet = so->so_vnet;
-+ if (vnet == NULL)
-+ panic("ipsec4_getpolicybysock: NULL vnet pointer.");
-+
- switch (so->so_proto->pr_domain->dom_family) {
- case AF_INET:
- /* set spidx in pcb */
-@@ -306,7 +314,7 @@
-
- case IPSEC_POLICY_ENTRUST:
- /* look for a policy in SPD */
-- kernsp = key_allocsp(&currsp->spidx, dir);
-+ kernsp = key_allocsp(&currsp->spidx, dir, vnet);
-
- /* SP found */
- if (kernsp != NULL) {
-@@ -318,16 +326,16 @@
- }
-
- /* no SP found */
-- if (ip4_def_policy.policy != IPSEC_POLICY_DISCARD
-- && ip4_def_policy.policy != IPSEC_POLICY_NONE) {
-+ if (vnet->ip4_def_policy.policy != IPSEC_POLICY_DISCARD
-+ && vnet->ip4_def_policy.policy != IPSEC_POLICY_NONE) {
- ipseclog((LOG_INFO,
- "fixed system default policy: %d->%d\n",
-- ip4_def_policy.policy, IPSEC_POLICY_NONE));
-- ip4_def_policy.policy = IPSEC_POLICY_NONE;
-+ vnet->ip4_def_policy.policy, IPSEC_POLICY_NONE));
-+ vnet->ip4_def_policy.policy = IPSEC_POLICY_NONE;
- }
-- ip4_def_policy.refcnt++;
-+ vnet->ip4_def_policy.refcnt++;
- *error = 0;
-- return &ip4_def_policy;
-+ return &vnet->ip4_def_policy;
-
- case IPSEC_POLICY_IPSEC:
- currsp->refcnt++;
-@@ -345,7 +353,7 @@
-
- /* when non-privilieged socket */
- /* look for a policy in SPD */
-- kernsp = key_allocsp(&currsp->spidx, dir);
-+ kernsp = key_allocsp(&currsp->spidx, dir, vnet);
-
- /* SP found */
- if (kernsp != NULL) {
-@@ -366,16 +374,16 @@
- return NULL;
-
- case IPSEC_POLICY_ENTRUST:
-- if (ip4_def_policy.policy != IPSEC_POLICY_DISCARD
-- && ip4_def_policy.policy != IPSEC_POLICY_NONE) {
-+ if (vnet->ip4_def_policy.policy != IPSEC_POLICY_DISCARD
-+ && vnet->ip4_def_policy.policy != IPSEC_POLICY_NONE) {
- ipseclog((LOG_INFO,
- "fixed system default policy: %d->%d\n",
-- ip4_def_policy.policy, IPSEC_POLICY_NONE));
-- ip4_def_policy.policy = IPSEC_POLICY_NONE;
-+ vnet->ip4_def_policy.policy, IPSEC_POLICY_NONE));
-+ vnet->ip4_def_policy.policy = IPSEC_POLICY_NONE;
- }
-- ip4_def_policy.refcnt++;
-+ vnet->ip4_def_policy.refcnt++;
- *error = 0;
-- return &ip4_def_policy;
-+ return &vnet->ip4_def_policy;
-
- case IPSEC_POLICY_IPSEC:
- currsp->refcnt++;
-@@ -402,17 +410,20 @@
- * others : error occured.
- */
- struct secpolicy *
--ipsec4_getpolicybyaddr(m, dir, flag, error)
-+ipsec4_getpolicybyaddr(m, dir, flag, error, vnet)
- struct mbuf *m;
- u_int dir;
- int flag;
- int *error;
-+ struct vnet *vnet;
- {
- struct secpolicy *sp = NULL;
-
- /* sanity check */
- if (m == NULL || error == NULL)
- panic("ipsec4_getpolicybyaddr: NULL pointer was passed.");
-+ if (vnet == NULL)
-+ panic("ipsec4_getpolicybyaddr: NULL vnet pointer was passed.");
-
- {
- struct secpolicyindex spidx;
-@@ -426,7 +437,7 @@
- if (*error != 0)
- return NULL;
-
-- sp = key_allocsp(&spidx, dir);
-+ sp = key_allocsp(&spidx, dir, vnet);
- }
-
- /* SP found */
-@@ -439,16 +450,16 @@
- }
-
- /* no SP found */
-- if (ip4_def_policy.policy != IPSEC_POLICY_DISCARD
-- && ip4_def_policy.policy != IPSEC_POLICY_NONE) {
-+ if (vnet->ip4_def_policy.policy != IPSEC_POLICY_DISCARD
-+ && vnet->ip4_def_policy.policy != IPSEC_POLICY_NONE) {
- ipseclog((LOG_INFO, "fixed system default policy:%d->%d\n",
-- ip4_def_policy.policy,
-+ vnet->ip4_def_policy.policy,
- IPSEC_POLICY_NONE));
-- ip4_def_policy.policy = IPSEC_POLICY_NONE;
-+ vnet->ip4_def_policy.policy = IPSEC_POLICY_NONE;
- }
-- ip4_def_policy.refcnt++;
-+ vnet->ip4_def_policy.refcnt++;
- *error = 0;
-- return &ip4_def_policy;
-+ return &vnet->ip4_def_policy;
- }
-
- #ifdef INET6
-@@ -472,10 +483,15 @@
- struct inpcbpolicy *pcbsp = NULL;
- struct secpolicy *currsp = NULL; /* policy on socket */
- struct secpolicy *kernsp = NULL; /* policy on kernel */
-+ struct vnet *vnet;
-
- /* sanity check */
- if (m == NULL || so == NULL || error == NULL)
- panic("ipsec6_getpolicybysock: NULL pointer was passed.");
-+ vnet = so->so_vnet;
-+ if (vnet == NULL)
-+ panic("ipsec6_getpolicybysock: NULL vnet pointer was passed.");
-+
-
- #ifdef DIAGNOSTIC
- if (so->so_proto->pr_domain->dom_family != AF_INET6)
-@@ -516,7 +532,7 @@
-
- case IPSEC_POLICY_ENTRUST:
- /* look for a policy in SPD */
-- kernsp = key_allocsp(&currsp->spidx, dir);
-+ kernsp = key_allocsp(&currsp->spidx, dir, vnet);
-
- /* SP found */
- if (kernsp != NULL) {
-@@ -528,16 +544,16 @@
- }
-
- /* no SP found */
-- if (ip6_def_policy.policy != IPSEC_POLICY_DISCARD
-- && ip6_def_policy.policy != IPSEC_POLICY_NONE) {
-+ if (vnet->ip6_def_policy.policy != IPSEC_POLICY_DISCARD
-+ && vnet->ip6_def_policy.policy != IPSEC_POLICY_NONE) {
- ipseclog((LOG_INFO,
- "fixed system default policy: %d->%d\n",
-- ip6_def_policy.policy, IPSEC_POLICY_NONE));
-- ip6_def_policy.policy = IPSEC_POLICY_NONE;
-+ vnet->ip6_def_policy.policy, IPSEC_POLICY_NONE));
-+ vnet->ip6_def_policy.policy = IPSEC_POLICY_NONE;
- }
-- ip6_def_policy.refcnt++;
-+ vnet->ip6_def_policy.refcnt++;
- *error = 0;
-- return &ip6_def_policy;
-+ return &vnet->ip6_def_policy;
-
- case IPSEC_POLICY_IPSEC:
- currsp->refcnt++;
-@@ -555,7 +571,7 @@
-
- /* when non-privilieged socket */
- /* look for a policy in SPD */
-- kernsp = key_allocsp(&currsp->spidx, dir);
-+ kernsp = key_allocsp(&currsp->spidx, dir, vnet);
-
- /* SP found */
- if (kernsp != NULL) {
-@@ -576,16 +592,16 @@
- return NULL;
-
- case IPSEC_POLICY_ENTRUST:
-- if (ip6_def_policy.policy != IPSEC_POLICY_DISCARD
-- && ip6_def_policy.policy != IPSEC_POLICY_NONE) {
-+ if (vnet->ip6_def_policy.policy != IPSEC_POLICY_DISCARD
-+ && vnet->ip6_def_policy.policy != IPSEC_POLICY_NONE) {
- ipseclog((LOG_INFO,
- "fixed system default policy: %d->%d\n",
-- ip6_def_policy.policy, IPSEC_POLICY_NONE));
-- ip6_def_policy.policy = IPSEC_POLICY_NONE;
-+ vnet->ip6_def_policy.policy, IPSEC_POLICY_NONE));
-+ vnet->ip6_def_policy.policy = IPSEC_POLICY_NONE;
- }
-- ip6_def_policy.refcnt++;
-+ vnet->ip6_def_policy.refcnt++;
- *error = 0;
-- return &ip6_def_policy;
-+ return &vnet->ip6_def_policy;
-
- case IPSEC_POLICY_IPSEC:
- currsp->refcnt++;
-@@ -619,17 +635,20 @@
- #endif
-
- struct secpolicy *
--ipsec6_getpolicybyaddr(m, dir, flag, error)
-+ipsec6_getpolicybyaddr(m, dir, flag, error, vnet)
- struct mbuf *m;
- u_int dir;
- int flag;
- int *error;
-+ struct vnet *vnet;
- {
- struct secpolicy *sp = NULL;
-
- /* sanity check */
- if (m == NULL || error == NULL)
- panic("ipsec6_getpolicybyaddr: NULL pointer was passed.");
-+ if (vnet == NULL)
-+ panic("ipsec6_getpolicybyaddr: NULL vnet pointer was passed.");
-
- {
- struct secpolicyindex spidx;
-@@ -643,7 +662,7 @@
- if (*error != 0)
- return NULL;
-
-- sp = key_allocsp(&spidx, dir);
-+ sp = key_allocsp(&spidx, dir, vnet);
- }
-
- /* SP found */
-@@ -656,15 +675,15 @@
- }
-
- /* no SP found */
-- if (ip6_def_policy.policy != IPSEC_POLICY_DISCARD
-- && ip6_def_policy.policy != IPSEC_POLICY_NONE) {
-+ if (vnet->ip6_def_policy.policy != IPSEC_POLICY_DISCARD
-+ && vnet->ip6_def_policy.policy != IPSEC_POLICY_NONE) {
- ipseclog((LOG_INFO, "fixed system default policy: %d->%d\n",
-- ip6_def_policy.policy, IPSEC_POLICY_NONE));
-- ip6_def_policy.policy = IPSEC_POLICY_NONE;
-+ vnet->ip6_def_policy.policy, IPSEC_POLICY_NONE));
-+ vnet->ip6_def_policy.policy = IPSEC_POLICY_NONE;
- }
-- ip6_def_policy.refcnt++;
-+ vnet->ip6_def_policy.refcnt++;
- *error = 0;
-- return &ip6_def_policy;
-+ return &vnet->ip6_def_policy;
- }
- #endif /* INET6 */
-
-@@ -1505,8 +1524,9 @@
- * Either IPSEC_LEVEL_USE or IPSEC_LEVEL_REQUIRE are always returned.
- */
- u_int
--ipsec_get_reqlevel(isr)
-+ipsec_get_reqlevel(isr, vnet)
- struct ipsecrequest *isr;
-+ struct vnet *vnet;
- {
- u_int level = 0;
- u_int esp_trans_deflev, esp_net_deflev, ah_trans_deflev, ah_net_deflev;
-@@ -1514,6 +1534,8 @@
- /* sanity check */
- if (isr == NULL || isr->sp == NULL)
- panic("ipsec_get_reqlevel: NULL pointer is passed.");
-+ if (vnet == NULL)
-+ panic("ipsec_get_reqlevel: NULL vnet is passed.");
- if (((struct sockaddr *)&isr->sp->spidx.src)->sa_family
- != ((struct sockaddr *)&isr->sp->spidx.dst)->sa_family)
- panic("ipsec_get_reqlevel: family mismatched.");
-@@ -1534,18 +1556,18 @@
- switch (((struct sockaddr *)&isr->sp->spidx.src)->sa_family) {
- #ifdef INET
- case AF_INET:
-- esp_trans_deflev = IPSEC_CHECK_DEFAULT(ip4_esp_trans_deflev);
-- esp_net_deflev = IPSEC_CHECK_DEFAULT(ip4_esp_net_deflev);
-- ah_trans_deflev = IPSEC_CHECK_DEFAULT(ip4_ah_trans_deflev);
-- ah_net_deflev = IPSEC_CHECK_DEFAULT(ip4_ah_net_deflev);
-+ esp_trans_deflev = IPSEC_CHECK_DEFAULT(vnet->ip4_esp_trans_deflev);
-+ esp_net_deflev = IPSEC_CHECK_DEFAULT(vnet->ip4_esp_net_deflev);
-+ ah_trans_deflev = IPSEC_CHECK_DEFAULT(vnet->ip4_ah_trans_deflev);
-+ ah_net_deflev = IPSEC_CHECK_DEFAULT(vnet->ip4_ah_net_deflev);
- break;
- #endif
- #ifdef INET6
- case AF_INET6:
-- esp_trans_deflev = IPSEC_CHECK_DEFAULT(ip6_esp_trans_deflev);
-- esp_net_deflev = IPSEC_CHECK_DEFAULT(ip6_esp_net_deflev);
-- ah_trans_deflev = IPSEC_CHECK_DEFAULT(ip6_ah_trans_deflev);
-- ah_net_deflev = IPSEC_CHECK_DEFAULT(ip6_ah_net_deflev);
-+ esp_trans_deflev = IPSEC_CHECK_DEFAULT(vnet->ip6_esp_trans_deflev);
-+ esp_net_deflev = IPSEC_CHECK_DEFAULT(vnet->ip6_esp_net_deflev);
-+ ah_trans_deflev = IPSEC_CHECK_DEFAULT(vnet->ip6_ah_trans_deflev);
-+ ah_net_deflev = IPSEC_CHECK_DEFAULT(vnet->ip6_ah_net_deflev);
- break;
- #endif /* INET6 */
- default:
-@@ -1614,10 +1636,16 @@
- struct ipsecrequest *isr;
- u_int level;
- int need_auth, need_conf, need_icv;
-+ struct vnet *vnet;
-
- KEYDEBUG(KEYDEBUG_IPSEC_DATA,
- printf("ipsec_in_reject: using SP\n");
- kdebug_secpolicy(sp));
-+ if (m == NULL || m->m_pkthdr.rcvif == NULL)
-+ panic("ipsec_in_reject(): unable to get vnet.");
-+ vnet = m->m_pkthdr.rcvif->if_vnet;
-+ if (vnet == NULL)
-+ panic("ipsec_in_reject(): NULL vnet was passed.");
-
- /* check policy */
- switch (sp->policy) {
-@@ -1644,7 +1672,7 @@
- for (isr = sp->req; isr != NULL; isr = isr->next) {
-
- /* get current level */
-- level = ipsec_get_reqlevel(isr);
-+ level = ipsec_get_reqlevel(isr, vnet);
-
- switch (isr->saidx.proto) {
- case IPPROTO_ESP:
-@@ -1691,9 +1719,10 @@
- * and {ah,esp}4_input for tunnel mode
- */
- int
--ipsec4_in_reject_so(m, so)
-+ipsec4_in_reject_so(m, so, vnet)
- struct mbuf *m;
- struct socket *so;
-+ struct vnet *vnet;
- {
- struct secpolicy *sp = NULL;
- int error;
-@@ -1708,7 +1737,7 @@
- * ipsec4_getpolicybyaddr() with IP_FORWARDING flag.
- */
- if (so == NULL)
-- sp = ipsec4_getpolicybyaddr(m, IPSEC_DIR_INBOUND, IP_FORWARDING, &error);
-+ sp = ipsec4_getpolicybyaddr(m, IPSEC_DIR_INBOUND, IP_FORWARDING, &error, vnet);
- else
- sp = ipsec4_getpolicybysock(m, IPSEC_DIR_INBOUND, so, &error);
-
-@@ -1725,14 +1754,15 @@
- }
-
- int
--ipsec4_in_reject(m, inp)
-+ipsec4_in_reject(m, inp, vnet)
- struct mbuf *m;
- struct inpcb *inp;
-+ struct vnet *vnet;
- {
- if (inp == NULL)
-- return ipsec4_in_reject_so(m, NULL);
-+ return ipsec4_in_reject_so(m, NULL, vnet);
- if (inp->inp_socket)
-- return ipsec4_in_reject_so(m, inp->inp_socket);
-+ return ipsec4_in_reject_so(m, inp->inp_socket, vnet);
- else
- panic("ipsec4_in_reject: invalid inpcb/socket");
- }
-@@ -1744,9 +1774,10 @@
- * and {ah,esp}6_input for tunnel mode
- */
- int
--ipsec6_in_reject_so(m, so)
-+ipsec6_in_reject_so(m, so, vnet)
- struct mbuf *m;
- struct socket *so;
-+ struct vnet *vnet;
- {
- struct secpolicy *sp = NULL;
- int error;
-@@ -1761,7 +1792,7 @@
- * ipsec6_getpolicybyaddr() with IP_FORWARDING flag.
- */
- if (so == NULL)
-- sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_INBOUND, IP_FORWARDING, &error);
-+ sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_INBOUND, IP_FORWARDING, &error, vnet);
- else
- sp = ipsec6_getpolicybysock(m, IPSEC_DIR_INBOUND, so, &error);
-
-@@ -1777,14 +1808,15 @@
- }
-
- int
--ipsec6_in_reject(m, in6p)
-+ipsec6_in_reject(m, in6p, vnet)
- struct mbuf *m;
- struct in6pcb *in6p;
-+ struct vnet *vnet;
- {
- if (in6p == NULL)
-- return ipsec6_in_reject_so(m, NULL);
-+ return ipsec6_in_reject_so(m, NULL, vnet);
- if (in6p->in6p_socket)
-- return ipsec6_in_reject_so(m, in6p->in6p_socket);
-+ return ipsec6_in_reject_so(m, in6p->in6p_socket, vnet);
- else
- panic("ipsec6_in_reject: invalid in6p/socket");
- }
-@@ -1868,10 +1900,11 @@
-
- /* This function is called from ip_forward() and ipsec4_hdrsize_tcp(). */
- size_t
--ipsec4_hdrsiz(m, dir, inp)
-+ipsec4_hdrsiz(m, dir, inp, vnet)
- struct mbuf *m;
- u_int dir;
- struct inpcb *inp;
-+ struct vnet *vnet;
- {
- struct secpolicy *sp = NULL;
- int error;
-@@ -1888,7 +1921,7 @@
- * ipsec4_getpolicybyaddr() with IP_FORWARDING flag.
- */
- if (inp == NULL)
-- sp = ipsec4_getpolicybyaddr(m, dir, IP_FORWARDING, &error);
-+ sp = ipsec4_getpolicybyaddr(m, dir, IP_FORWARDING, &error,vnet);
- else
- sp = ipsec4_getpolicybysock(m, dir, inp->inp_socket, &error);
-
-@@ -1910,10 +1943,11 @@
- * and maybe from ip6_forward.()
- */
- size_t
--ipsec6_hdrsiz(m, dir, in6p)
-+ipsec6_hdrsiz(m, dir, in6p, vnet)
- struct mbuf *m;
- u_int dir;
- struct in6pcb *in6p;
-+ struct vnet *vnet;
- {
- struct secpolicy *sp = NULL;
- int error;
-@@ -1928,7 +1962,7 @@
- /* get SP for this packet */
- /* XXX Is it right to call with IP_FORWARDING. */
- if (in6p == NULL)
-- sp = ipsec6_getpolicybyaddr(m, dir, IP_FORWARDING, &error);
-+ sp = ipsec6_getpolicybyaddr(m, dir, IP_FORWARDING, &error, vnet);
- else
- sp = ipsec6_getpolicybysock(m, dir, in6p->in6p_socket, &error);
-
-@@ -1951,9 +1985,10 @@
- * ip->ip_src must be fixed later on.
- */
- static int
--ipsec4_encapsulate(m, sav)
-+ipsec4_encapsulate(m, sav, vnet)
- struct mbuf *m;
- struct secasvar *sav;
-+ struct vnet *vnet;
- {
- struct ip *oip;
- struct ip *ip;
-@@ -1967,6 +2002,8 @@
- m_freem(m);
- return EINVAL;
- }
-+ if (vnet == NULL)
-+ panic("ipsec4_encapsulate(): vnet is NULL.");
- #if 0
- /* XXX if the dst is myself, perform nothing. */
- if (key_ismyaddr((struct sockaddr *)&sav->sah->saidx.dst)) {
-@@ -2030,7 +2067,7 @@
-
- /* construct new IPv4 header. see RFC 2401 5.1.2.1 */
- /* ECN consideration. */
-- ip_ecn_ingress(ip4_ipsec_ecn, &ip->ip_tos, &oip->ip_tos);
-+ ip_ecn_ingress(vnet->ip4_ipsec_ecn, &ip->ip_tos, &oip->ip_tos);
- #ifdef _IP_VHL
- ip->ip_vhl = IP_MAKE_VHL(IPVERSION, sizeof(struct ip) >> 2);
- #else
-@@ -2038,7 +2075,7 @@
- #endif
- ip->ip_off &= htons(~IP_OFFMASK);
- ip->ip_off &= htons(~IP_MF);
-- switch (ip4_ipsec_dfbit) {
-+ switch (vnet->ip4_ipsec_dfbit) {
- case 0: /* clear DF bit */
- ip->ip_off &= htons(~IP_DF);
- break;
-@@ -2058,7 +2095,7 @@
- #ifdef RANDOM_IP_ID
- ip->ip_id = ip_randomid();
- #else
-- ip->ip_id = htons(ip_id++);
-+ ip->ip_id = htons(vnet->ip_id++);
- #endif
- bcopy(&((struct sockaddr_in *)&sav->sah->saidx.src)->sin_addr,
- &ip->ip_src, sizeof(ip->ip_src));
-@@ -2074,14 +2111,18 @@
-
- #ifdef INET6
- static int
--ipsec6_encapsulate(m, sav)
-+ipsec6_encapsulate(m, sav, vnet)
- struct mbuf *m;
- struct secasvar *sav;
-+ struct vnet *vnet;
- {
- struct ip6_hdr *oip6;
- struct ip6_hdr *ip6;
- size_t plen;
-
-+ if (vnet == NULL)
-+ panic("ipsec6_encapsulate(): vnet is NULL.");
-+
- /* can't tunnel between different AFs */
- if (((struct sockaddr *)&sav->sah->saidx.src)->sa_family
- != ((struct sockaddr *)&sav->sah->saidx.dst)->sa_family
-@@ -2133,7 +2174,7 @@
-
- /* construct new IPv6 header. see RFC 2401 5.1.2.2 */
- /* ECN consideration. */
-- ip6_ecn_ingress(ip6_ipsec_ecn, &ip6->ip6_flow, &oip6->ip6_flow);
-+ ip6_ecn_ingress(vnet->ip6_ipsec_ecn, &ip6->ip6_flow, &oip6->ip6_flow);
- if (plen < IPV6_MAXPACKET - sizeof(struct ip6_hdr))
- ip6->ip6_plen = htons(plen);
- else {
-@@ -2493,6 +2534,8 @@
- panic("state->ro == NULL in ipsec4_output");
- if (!state->dst)
- panic("state->dst == NULL in ipsec4_output");
-+ if (vnet == NULL)
-+ panic("ipsec4_output: vnet is NULL.");
-
- KEYDEBUG(KEYDEBUG_IPSEC_DATA,
- printf("ipsec4_output: applyed SP\n");
-@@ -2541,13 +2584,13 @@
- * this packet because it is responsibility for
- * upper layer to retransmit the packet.
- */
-- ipsecstat.out_nosa++;
-+ vnet->ipsecstat.out_nosa++;
- goto bad;
- }
-
- /* validity check */
- if (isr->sav == NULL) {
-- switch (ipsec_get_reqlevel(isr)) {
-+ switch (ipsec_get_reqlevel(isr, vnet)) {
- case IPSEC_LEVEL_USE:
- continue;
- case IPSEC_LEVEL_REQUIRE:
-@@ -2565,7 +2608,7 @@
- */
- if (isr->sav->state != SADB_SASTATE_MATURE
- && isr->sav->state != SADB_SASTATE_DYING) {
-- ipsecstat.out_nosa++;
-+ vnet->ipsecstat.out_nosa++;
- error = EINVAL;
- goto bad;
- }
-@@ -2596,7 +2639,7 @@
- error = ENOMEM;
- goto bad;
- }
-- error = ipsec4_encapsulate(state->m, isr->sav);
-+ error = ipsec4_encapsulate(state->m, isr->sav, vnet);
- splx(s);
- if (error) {
- state->m = NULL;
-@@ -2641,7 +2684,7 @@
- switch (isr->saidx.proto) {
- case IPPROTO_ESP:
- #ifdef IPSEC_ESP
-- if ((error = esp4_output(state->m, isr)) != 0) {
-+ if ((error = esp4_output(state->m, isr, vnet)) != 0) {
- state->m = NULL;
- goto bad;
- }
-@@ -2653,7 +2696,7 @@
- goto bad;
- #endif
- case IPPROTO_AH:
-- if ((error = ah4_output(state->m, isr)) != 0) {
-+ if ((error = ah4_output(state->m, isr, vnet)) != 0) {
- state->m = NULL;
- goto bad;
- }
-@@ -2695,13 +2738,14 @@
- * IPsec output logic for IPv6, transport mode.
- */
- int
--ipsec6_output_trans(state, nexthdrp, mprev, sp, flags, tun)
-+ipsec6_output_trans(state, nexthdrp, mprev, sp, flags, tun, vnet)
- struct ipsec_output_state *state;
- u_char *nexthdrp;
- struct mbuf *mprev;
- struct secpolicy *sp;
- int flags;
- int *tun;
-+ struct vnet *vnet;
- {
- struct ip6_hdr *ip6;
- struct ipsecrequest *isr = NULL;
-@@ -2722,6 +2766,8 @@
- panic("sp == NULL in ipsec6_output_trans");
- if (!tun)
- panic("tun == NULL in ipsec6_output_trans");
-+ if (!vnet)
-+ panic("vnet == NULL in ipsec6_output_trans");
-
- KEYDEBUG(KEYDEBUG_IPSEC_DATA,
- printf("ipsec6_output_trans: applyed SP\n");
-@@ -2766,7 +2812,7 @@
- }
- }
-
-- if (key_checkrequest(isr, &saidx) == ENOENT) {
-+ if (key_checkrequest(isr, &saidx, vnet) == ENOENT) {
- /*
- * IPsec processing is required, but no SA found.
- * I assume that key_acquire() had been called
-@@ -2774,7 +2820,7 @@
- * this packet because it is responsibility for
- * upper layer to retransmit the packet.
- */
-- ipsec6stat.out_nosa++;
-+ vnet->ipsec6stat.out_nosa++;
- error = ENOENT;
-
- /*
-@@ -2793,7 +2839,7 @@
-
- /* validity check */
- if (isr->sav == NULL) {
-- switch (ipsec_get_reqlevel(isr)) {
-+ switch (ipsec_get_reqlevel(isr, vnet)) {
- case IPSEC_LEVEL_USE:
- continue;
- case IPSEC_LEVEL_REQUIRE:
-@@ -2808,7 +2854,7 @@
- */
- if (isr->sav->state != SADB_SASTATE_MATURE
- && isr->sav->state != SADB_SASTATE_DYING) {
-- ipsec6stat.out_nosa++;
-+ vnet->ipsec6stat.out_nosa++;
- error = EINVAL;
- goto bad;
- }
-@@ -2816,7 +2862,7 @@
- switch (isr->saidx.proto) {
- case IPPROTO_ESP:
- #ifdef IPSEC_ESP
-- error = esp6_output(state->m, nexthdrp, mprev->m_next, isr);
-+ error = esp6_output(state->m, nexthdrp, mprev->m_next, isr, vnet);
- #else
- m_freem(state->m);
- error = EINVAL;
-@@ -2832,7 +2878,7 @@
- ipseclog((LOG_ERR, "ipsec6_output_trans: "
- "unknown ipsec protocol %d\n", isr->saidx.proto));
- m_freem(state->m);
-- ipsec6stat.out_inval++;
-+ vnet->ipsec6stat.out_inval++;
- error = EINVAL;
- break;
- }
-@@ -2844,7 +2890,7 @@
- if (plen > IPV6_MAXPACKET) {
- ipseclog((LOG_ERR, "ipsec6_output_trans: "
- "IPsec with IPv6 jumbogram is not supported\n"));
-- ipsec6stat.out_inval++;
-+ vnet->ipsec6stat.out_inval++;
- error = EINVAL; /* XXX */
- goto bad;
- }
-@@ -2868,10 +2914,11 @@
- * IPsec output logic for IPv6, tunnel mode.
- */
- int
--ipsec6_output_tunnel(state, sp, flags)
-+ipsec6_output_tunnel(state, sp, flags, vnet)
- struct ipsec_output_state *state;
- struct secpolicy *sp;
- int flags;
-+ struct vnet *vnet;
- {
- struct ip6_hdr *ip6;
- struct ipsecrequest *isr = NULL;
-@@ -2887,6 +2934,8 @@
- panic("state->m == NULL in ipsec6_output_tunnel");
- if (!sp)
- panic("sp == NULL in ipsec6_output_tunnel");
-+ if (!vnet)
-+ panic("vnet == NULL in ipsec6_output_tunnel");
-
- KEYDEBUG(KEYDEBUG_IPSEC_DATA,
- printf("ipsec6_output_tunnel: applyed SP\n");
-@@ -2943,7 +2992,7 @@
- }
- }
-
-- if (key_checkrequest(isr, &saidx) == ENOENT) {
-+ if (key_checkrequest(isr, &saidx, vnet) == ENOENT) {
- /*
- * IPsec processing is required, but no SA found.
- * I assume that key_acquire() had been called
-@@ -2951,14 +3000,14 @@
- * this packet because it is responsibility for
- * upper layer to retransmit the packet.
- */
-- ipsec6stat.out_nosa++;
-+ vnet->ipsec6stat.out_nosa++;
- error = ENOENT;
- goto bad;
- }
-
- /* validity check */
- if (isr->sav == NULL) {
-- switch (ipsec_get_reqlevel(isr)) {
-+ switch (ipsec_get_reqlevel(isr, vnet)) {
- case IPSEC_LEVEL_USE:
- continue;
- case IPSEC_LEVEL_REQUIRE:
-@@ -2973,7 +3022,7 @@
- */
- if (isr->sav->state != SADB_SASTATE_MATURE
- && isr->sav->state != SADB_SASTATE_DYING) {
-- ipsec6stat.out_nosa++;
-+ vnet->ipsec6stat.out_nosa++;
- error = EINVAL;
- goto bad;
- }
-@@ -2994,7 +3043,7 @@
- "family mismatched between inner and outer, spi=%u\n",
- (u_int32_t)ntohl(isr->sav->spi)));
- splx(s);
-- ipsec6stat.out_inval++;
-+ vnet->ipsec6stat.out_inval++;
- error = EAFNOSUPPORT;
- goto bad;
- }
-@@ -3002,11 +3051,11 @@
- state->m = ipsec6_splithdr(state->m);
- if (!state->m) {
- splx(s);
-- ipsec6stat.out_nomem++;
-+ vnet->ipsec6stat.out_nomem++;
- error = ENOMEM;
- goto bad;
- }
-- error = ipsec6_encapsulate(state->m, isr->sav);
-+ error = ipsec6_encapsulate(state->m, isr->sav, vnet);
- splx(s);
- if (error) {
- state->m = 0;
-@@ -3028,11 +3077,11 @@
- dst6->sin6_family = AF_INET6;
- dst6->sin6_len = sizeof(*dst6);
- dst6->sin6_addr = ip6->ip6_dst;
-- rtalloc(state->ro);
-+ rtalloc(state->ro, vnet);
- }
- if (state->ro->ro_rt == 0) {
-- ip6stat.ip6s_noroute++;
-- ipsec6stat.out_noroute++;
-+ vnet->ip6stat.ip6s_noroute++;
-+ vnet->ipsec6stat.out_noroute++;
- error = EHOSTUNREACH;
- goto bad;
- }
-@@ -3047,7 +3096,7 @@
-
- state->m = ipsec6_splithdr(state->m);
- if (!state->m) {
-- ipsec6stat.out_nomem++;
-+ vnet->ipsec6stat.out_nomem++;
- error = ENOMEM;
- goto bad;
- }
-@@ -3055,7 +3104,7 @@
- switch (isr->saidx.proto) {
- case IPPROTO_ESP:
- #ifdef IPSEC_ESP
-- error = esp6_output(state->m, &ip6->ip6_nxt, state->m->m_next, isr);
-+ error = esp6_output(state->m, &ip6->ip6_nxt, state->m->m_next, isr, vnet);
- #else
- m_freem(state->m);
- error = EINVAL;
-@@ -3071,7 +3120,7 @@
- ipseclog((LOG_ERR, "ipsec6_output_tunnel: "
- "unknown ipsec protocol %d\n", isr->saidx.proto));
- m_freem(state->m);
-- ipsec6stat.out_inval++;
-+ vnet->ipsec6stat.out_inval++;
- error = EINVAL;
- break;
- }
-@@ -3083,7 +3132,7 @@
- if (plen > IPV6_MAXPACKET) {
- ipseclog((LOG_ERR, "ipsec6_output_tunnel: "
- "IPsec with IPv6 jumbogram is not supported\n"));
-- ipsec6stat.out_inval++;
-+ vnet->ipsec6stat.out_inval++;
- error = EINVAL; /* XXX */
- goto bad;
- }
-@@ -3193,7 +3242,11 @@
- int hlen;
- struct secpolicy *sp;
- struct ip *oip;
-+ struct vnet *vnet;
-
-+ if (m == NULL || m->m_pkthdr.rcvif == NULL)
-+ panic("ipsec4_tunnel_validate: cannot find vnet.");
-+ vnet = m->m_pkthdr.rcvif->if_vnet;
- #ifdef DIAGNOSTIC
- if (m->m_len < sizeof(struct ip))
- panic("too short mbuf on ipsec4_tunnel_validate");
-@@ -3260,7 +3313,7 @@
- */
-
- sp = key_gettunnel((struct sockaddr *)&osrc, (struct sockaddr *)&odst,
-- (struct sockaddr *)&isrc, (struct sockaddr *)&idst);
-+ (struct sockaddr *)&isrc, (struct sockaddr *)&idst, vnet);
- if (!sp)
- return 0;
- key_freesp(sp);
-@@ -3282,7 +3335,12 @@
- struct sockaddr_in6 osrc, odst, isrc, idst;
- struct secpolicy *sp;
- struct ip6_hdr *oip6;
-+ struct vnet *vnet;
-
-+ if (m == NULL || m->m_pkthdr.rcvif == NULL)
-+ panic("ipsec6_tunnel_validate: cannot find vnet.");
-+ vnet = m->m_pkthdr.rcvif->if_vnet;
-+
- #ifdef DIAGNOSTIC
- if (m->m_len < sizeof(struct ip6_hdr))
- panic("too short mbuf on ipsec6_tunnel_validate");
-@@ -3325,7 +3383,7 @@
- */
-
- sp = key_gettunnel((struct sockaddr *)&osrc, (struct sockaddr *)&odst,
-- (struct sockaddr *)&isrc, (struct sockaddr *)&idst);
-+ (struct sockaddr *)&isrc, (struct sockaddr *)&idst, vnet);
- /*
- * when there is no suitable inbound policy for the packet of the ipsec
- * tunnel mode, the kernel never decapsulate the tunneled packet
-diff -urN sys/netinet6/ipsec.h sys.CORE/netinet6/ipsec.h
---- sys/netinet6/ipsec.h Wed Jan 31 15:57:05 2007
-+++ sys.CORE/netinet6/ipsec.h Wed Jan 31 16:02:43 2007
-@@ -285,6 +285,7 @@
-
- extern int ipsec_debug;
-
-+#ifdef MOVED_TO_VNET
- extern struct ipsecstat ipsecstat;
- extern struct secpolicy ip4_def_policy;
- extern int ip4_esp_trans_deflev;
-@@ -296,34 +297,36 @@
- extern int ip4_ipsec_dfbit;
- extern int ip4_ipsec_ecn;
- extern int ip4_esp_randpad;
-+#endif
-
- #define ipseclog(x) do { if (ipsec_debug) log x; } while (0)
-
- extern struct secpolicy *ipsec4_getpolicybysock
- __P((struct mbuf *, u_int, struct socket *, int *));
- extern struct secpolicy *ipsec4_getpolicybyaddr
-- __P((struct mbuf *, u_int, int, int *));
-+ __P((struct mbuf *, u_int, int, int *, struct vnet *));
-
- struct inpcb;
- extern int ipsec_init_policy __P((struct socket *so, struct inpcbpolicy **));
- extern int ipsec_copy_policy
- __P((struct inpcbpolicy *, struct inpcbpolicy *));
--extern u_int ipsec_get_reqlevel __P((struct ipsecrequest *));
-+extern u_int ipsec_get_reqlevel __P((struct ipsecrequest *, struct vnet *));
-
- extern int ipsec4_set_policy __P((struct inpcb *inp, int optname,
- caddr_t request, size_t len, int priv));
- extern int ipsec4_get_policy __P((struct inpcb *inpcb, caddr_t request,
- size_t len, struct mbuf **mp));
- extern int ipsec4_delete_pcbpolicy __P((struct inpcb *));
--extern int ipsec4_in_reject_so __P((struct mbuf *, struct socket *));
--extern int ipsec4_in_reject __P((struct mbuf *, struct inpcb *));
-+extern int ipsec4_in_reject_so __P((struct mbuf *, struct socket *, struct vnet *));
-+extern int ipsec4_in_reject __P((struct mbuf *, struct inpcb *, struct vnet *));
-
- struct secas;
- struct tcpcb;
- extern int ipsec_chkreplay __P((u_int32_t, struct secasvar *));
- extern int ipsec_updatereplay __P((u_int32_t, struct secasvar *));
-
--extern size_t ipsec4_hdrsiz __P((struct mbuf *, u_int, struct inpcb *));
-+extern size_t ipsec4_hdrsiz __P((struct mbuf *, u_int, struct inpcb *,
-+ struct vnet *));
- extern size_t ipsec_hdrsiz_tcp __P((struct tcpcb *));
-
- struct ip;
-diff -urN sys/netinet6/ipsec6.h sys.CORE/netinet6/ipsec6.h
---- sys/netinet6/ipsec6.h Tue Jul 3 04:01:54 2001
-+++ sys.CORE/netinet6/ipsec6.h Wed Jan 31 16:02:43 2007
-@@ -53,29 +53,29 @@
- extern struct secpolicy *ipsec6_getpolicybysock
- __P((struct mbuf *, u_int, struct socket *, int *));
- extern struct secpolicy *ipsec6_getpolicybyaddr
-- __P((struct mbuf *, u_int, int, int *));
-+ __P((struct mbuf *, u_int, int, int *, struct vnet *));
-
- struct inpcb;
-
--extern int ipsec6_in_reject_so __P((struct mbuf *, struct socket *));
-+extern int ipsec6_in_reject_so __P((struct mbuf *, struct socket *, struct vnet *));
- extern int ipsec6_delete_pcbpolicy __P((struct inpcb *));
- extern int ipsec6_set_policy __P((struct inpcb *inp, int optname,
- caddr_t request, size_t len, int priv));
- extern int ipsec6_get_policy
- __P((struct inpcb *inp, caddr_t request, size_t len, struct mbuf **mp));
--extern int ipsec6_in_reject __P((struct mbuf *, struct inpcb *));
-+extern int ipsec6_in_reject __P((struct mbuf *, struct inpcb *, struct vnet *));
-
- struct tcp6cb;
-
--extern size_t ipsec6_hdrsiz __P((struct mbuf *, u_int, struct inpcb *));
-+extern size_t ipsec6_hdrsiz __P((struct mbuf *, u_int, struct inpcb *, struct vnet *vnet));
-
- struct ip6_hdr;
- extern const char *ipsec6_logpacketstr __P((struct ip6_hdr *, u_int32_t));
-
- extern int ipsec6_output_trans __P((struct ipsec_output_state *, u_char *,
-- struct mbuf *, struct secpolicy *, int, int *));
-+ struct mbuf *, struct secpolicy *, int, int *, struct vnet *));
- extern int ipsec6_output_tunnel __P((struct ipsec_output_state *,
-- struct secpolicy *, int));
-+ struct secpolicy *, int, struct vnet *));
- extern int ipsec6_tunnel_validate __P((struct mbuf *, int, u_int,
- struct secasvar *));
- #endif /*_KERNEL*/
-diff -urN sys/netinet6/raw_ip6.c sys.CORE/netinet6/raw_ip6.c
---- sys/netinet6/raw_ip6.c Wed Jan 31 15:57:05 2007
-+++ sys.CORE/netinet6/raw_ip6.c Wed Jan 31 16:02:43 2007
-@@ -168,9 +168,9 @@
- /*
- * Check AH/ESP integrity.
- */
-- if (n && ipsec6_in_reject_so(n, last->inp_socket)) {
-+ if (n && ipsec6_in_reject_so(n, last->inp_socket, vnet)) {
- m_freem(n);
-- ipsec6stat.in_polvio++;
-+ vnet->ipsec6stat.in_polvio++;
- /* do not inject data into pcb */
- } else
- #endif /*IPSEC*/
-@@ -207,10 +207,10 @@
- /*
- * Check AH/ESP integrity.
- */
-- if (last && ipsec6_in_reject_so(m, last->inp_socket)) {
-+ if (last && ipsec6_in_reject_so(m, last->inp_socket, vnet)) {
- m_freem(m);
-- ipsec6stat.in_polvio++;
-- ip6stat.ip6s_delivered--;
-+ vnet->ipsec6stat.in_polvio++;
-+ vnet->ip6stat.ip6s_delivered--;
- /* do not inject data into pcb */
- } else
- #endif /*IPSEC*/
-@@ -220,7 +220,7 @@
- */
- if (last && ipsec6_in_reject(m, last)) {
- m_freem(m);
-- ip6stat.ip6s_delivered--;
-+ vnet->ip6stat.ip6s_delivered--;
- /* do not inject data into pcb */
- } else
- #endif /*FAST_IPSEC*/
-diff -urN sys/netinet6/udp6_usrreq.c sys.CORE/netinet6/udp6_usrreq.c
---- sys/netinet6/udp6_usrreq.c Wed Jan 31 15:57:05 2007
-+++ sys.CORE/netinet6/udp6_usrreq.c Wed Jan 31 16:02:43 2007
-@@ -260,8 +260,8 @@
- /*
- * Check AH/ESP integrity.
- */
-- if (ipsec6_in_reject_so(m, last->inp_socket))
-- ipsec6stat.in_polvio++;
-+ if (ipsec6_in_reject_so(m, last->inp_socket, vnet))
-+ vnet->ipsec6stat.in_polvio++;
- /* do not inject data into pcb */
- else
- #endif /* IPSEC */
-@@ -327,8 +327,8 @@
- /*
- * Check AH/ESP integrity.
- */
-- if (ipsec6_in_reject_so(m, last->inp_socket)) {
-- ipsec6stat.in_polvio++;
-+ if (ipsec6_in_reject_so(m, last->inp_socket, vnet)) {
-+ vnet->ipsec6stat.in_polvio++;
- goto bad;
- }
- #endif /* IPSEC */
-@@ -383,8 +383,8 @@
- /*
- * Check AH/ESP integrity.
- */
-- if (ipsec6_in_reject_so(m, in6p->in6p_socket)) {
-- ipsec6stat.in_polvio++;
-+ if (ipsec6_in_reject_so(m, in6p->in6p_socket, vnet)) {
-+ vnet->ipsec6stat.in_polvio++;
- goto bad;
- }
- #endif /* IPSEC */
-diff -urN sys/netipsec/ipsec.c sys.CORE/netipsec/ipsec.c
---- sys/netipsec/ipsec.c Mon Jun 30 18:38:13 2003
-+++ sys.CORE/netipsec/ipsec.c Wed Jan 31 16:02:43 2007
-@@ -53,6 +53,7 @@
- #include
- #include
-
-+#include
- #include
- #include
-
-@@ -123,31 +124,31 @@
- SYSCTL_DECL(_net_inet_ipsec);
-
- /* net.inet.ipsec */
--SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_POLICY,
-+SYSCTL_V_INT(V_NET, _net_inet_ipsec, IPSECCTL_DEF_POLICY,
- def_policy, CTLFLAG_RW, &ip4_def_policy.policy, 0, "");
--SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_ESP_TRANSLEV, esp_trans_deflev,
-+SYSCTL_V_INT(V_NET, _net_inet_ipsec, IPSECCTL_DEF_ESP_TRANSLEV,esp_trans_deflev,
- CTLFLAG_RW, &ip4_esp_trans_deflev, 0, "");
--SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_ESP_NETLEV, esp_net_deflev,
-+SYSCTL_V_INT(V_NET, _net_inet_ipsec, IPSECCTL_DEF_ESP_NETLEV, esp_net_deflev,
- CTLFLAG_RW, &ip4_esp_net_deflev, 0, "");
--SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_AH_TRANSLEV, ah_trans_deflev,
-+SYSCTL_V_INT(V_NET, _net_inet_ipsec, IPSECCTL_DEF_AH_TRANSLEV, ah_trans_deflev,
- CTLFLAG_RW, &ip4_ah_trans_deflev, 0, "");
--SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_AH_NETLEV, ah_net_deflev,
-+SYSCTL_V_INT(V_NET, _net_inet_ipsec, IPSECCTL_DEF_AH_NETLEV, ah_net_deflev,
- CTLFLAG_RW, &ip4_ah_net_deflev, 0, "");
--SYSCTL_INT(_net_inet_ipsec, IPSECCTL_AH_CLEARTOS,
-+SYSCTL_V_INT(V_NET, _net_inet_ipsec, IPSECCTL_AH_CLEARTOS,
- ah_cleartos, CTLFLAG_RW, &ah_cleartos, 0, "");
--SYSCTL_INT(_net_inet_ipsec, IPSECCTL_AH_OFFSETMASK,
-+SYSCTL_V_INT(V_NET, _net_inet_ipsec, IPSECCTL_AH_OFFSETMASK,
- ah_offsetmask, CTLFLAG_RW, &ip4_ah_offsetmask, 0, "");
--SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DFBIT,
-+SYSCTL_V_INT(V_NET, _net_inet_ipsec, IPSECCTL_DFBIT,
- dfbit, CTLFLAG_RW, &ip4_ipsec_dfbit, 0, "");
--SYSCTL_INT(_net_inet_ipsec, IPSECCTL_ECN,
-+SYSCTL_V_INT(V_NET, _net_inet_ipsec, IPSECCTL_ECN,
- ecn, CTLFLAG_RW, &ip4_ipsec_ecn, 0, "");
--SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG,
-+SYSCTL_V_INT(V_NET, _net_inet_ipsec, IPSECCTL_DEBUG,
- debug, CTLFLAG_RW, &ipsec_debug, 0, "");
--SYSCTL_INT(_net_inet_ipsec, IPSECCTL_ESP_RANDPAD,
-+SYSCTL_V_INT(V_NET, _net_inet_ipsec, IPSECCTL_ESP_RANDPAD,
- esp_randpad, CTLFLAG_RW, &ip4_esp_randpad, 0, "");
--SYSCTL_INT(_net_inet_ipsec, OID_AUTO,
-+SYSCTL_V_INT(V_NET, _net_inet_ipsec, OID_AUTO,
- crypto_support, CTLFLAG_RW, &crypto_support,0, "");
--SYSCTL_STRUCT(_net_inet_ipsec, OID_AUTO,
-+SYSCTL_V_STRUCT(V_NET, _net_inet_ipsec, OID_AUTO,
- ipsecstats, CTLFLAG_RD, &newipsecstat, newipsecstat, "");
-
- #ifdef INET6
-@@ -165,21 +166,21 @@
- SYSCTL_OID(_net_inet6_ipsec6, IPSECCTL_STATS, stats, CTLFLAG_RD,
- 0,0, compat_ipsecstats_sysctl, "S", "");
- #endif /* COMPAT_KAME */
--SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_POLICY,
-+SYSCTL_V_INT(V_NET, _net_inet6_ipsec6, IPSECCTL_DEF_POLICY,
- def_policy, CTLFLAG_RW, &ip4_def_policy.policy, 0, "");
--SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_ESP_TRANSLEV, esp_trans_deflev,
-- CTLFLAG_RW, &ip6_esp_trans_deflev, 0, "");
--SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_ESP_NETLEV, esp_net_deflev,
-+SYSCTL_V_INT(V_NET, _net_inet6_ipsec6, IPSECCTL_DEF_ESP_TRANSLEV,
-+ esp_trans_deflev, CTLFLAG_RW, &ip6_esp_trans_deflev, 0, "");
-+SYSCTL_V_INT(V_NET, _net_inet6_ipsec6, IPSECCTL_DEF_ESP_NETLEV, esp_net_deflev,
- CTLFLAG_RW, &ip6_esp_net_deflev, 0, "");
--SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_AH_TRANSLEV, ah_trans_deflev,
-- CTLFLAG_RW, &ip6_ah_trans_deflev, 0, "");
--SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_AH_NETLEV, ah_net_deflev,
-+SYSCTL_V_INT(V_NET, _net_inet6_ipsec6, IPSECCTL_DEF_AH_TRANSLEV,
-+ ah_trans_deflev, CTLFLAG_RW, &ip6_ah_trans_deflev, 0, "");
-+SYSCTL_V_INT(V_NET, _net_inet6_ipsec6, IPSECCTL_DEF_AH_NETLEV, ah_net_deflev,
- CTLFLAG_RW, &ip6_ah_net_deflev, 0, "");
--SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_ECN,
-+SYSCTL_V_INT(V_NET, _net_inet6_ipsec6, IPSECCTL_ECN,
- ecn, CTLFLAG_RW, &ip6_ipsec_ecn, 0, "");
--SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG,
-+SYSCTL_V_INT(V_NET, _net_inet6_ipsec6, IPSECCTL_DEBUG,
- debug, CTLFLAG_RW, &ipsec_debug, 0, "");
--SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_ESP_RANDPAD,
-+SYSCTL_V_INT(V_NET, _net_inet6_ipsec6, IPSECCTL_ESP_RANDPAD,
- esp_randpad, CTLFLAG_RW, &ip6_esp_randpad, 0, "");
- #endif /* INET6 */
-
-diff -urN sys/netipsec/key.c sys.CORE/netipsec/key.c
---- sys/netipsec/key.c Sat Feb 14 14:23:23 2004
-+++ sys.CORE/netipsec/key.c Wed Jan 31 16:02:43 2007
-@@ -54,6 +54,7 @@
- #include
- #include
-
-+#include
- #include
- #include
- #include
-@@ -203,51 +204,51 @@
- SYSCTL_DECL(_net_key);
- #endif
-
--SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, CTLFLAG_RW, \
-+SYSCTL_V_INT(V_NET, _net_key, KEYCTL_DEBUG_LEVEL, debug, CTLFLAG_RW, \
- &key_debug_level, 0, "");
-
- /* max count of trial for the decision of spi value */
--SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW, \
-+SYSCTL_V_INT(V_NET, _net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW, \
- &key_spi_trycnt, 0, "");
-
- /* minimum spi value to allocate automatically. */
--SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW, \
-+SYSCTL_V_INT(V_NET, _net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW, \
- &key_spi_minval, 0, "");
-
- /* maximun spi value to allocate automatically. */
--SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW, \
-+SYSCTL_V_INT(V_NET, _net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW, \
- &key_spi_maxval, 0, "");
-
- /* interval to initialize randseed */
--SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW, \
-+SYSCTL_V_INT(V_NET, _net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW, \
- &key_int_random, 0, "");
-
- /* lifetime for larval SA */
--SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \
-+SYSCTL_V_INT(V_NET, _net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \
- &key_larval_lifetime, 0, "");
-
- /* counter for blocking to send SADB_ACQUIRE to IKEd */
--SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW, \
-+SYSCTL_V_INT(V_NET, _net_key, KEYCTL_BLOCKACQ_COUNT,blockacq_count,CTLFLAG_RW, \
- &key_blockacq_count, 0, "");
-
- /* lifetime for blocking to send SADB_ACQUIRE to IKEd */
--SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \
-+SYSCTL_V_INT(V_NET, _net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \
- &key_blockacq_lifetime, 0, "");
-
- /* ESP auth */
--SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, CTLFLAG_RW, \
-+SYSCTL_V_INT(V_NET, _net_key, KEYCTL_ESP_AUTH, esp_auth, CTLFLAG_RW, \
- &ipsec_esp_auth, 0, "");
-
- /* minimum ESP key length */
--SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW, \
-+SYSCTL_V_INT(V_NET, _net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW, \
- &ipsec_esp_keymin, 0, "");
-
- /* minimum AH key length */
--SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, CTLFLAG_RW, \
-+SYSCTL_V_INT(V_NET, _net_key, KEYCTL_AH_KEYMIN, ah_keymin, CTLFLAG_RW, \
- &ipsec_ah_keymin, 0, "");
-
- /* perfered old SA rather than new SA */
--SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, prefered_oldsa, CTLFLAG_RW,\
-+SYSCTL_V_INT(V_NET, _net_key, KEYCTL_PREFERED_OLDSA,prefered_oldsa, CTLFLAG_RW,\
- &key_prefered_oldsa, 0, "");
-
- #ifndef LIST_FOREACH
-@@ -349,12 +350,13 @@
- int extlen[SADB_EXT_MAX + 1];
- };
-
--static struct secasvar *key_allocsa_policy __P((const struct secasindex *));
-+static struct secasvar *key_allocsa_policy __P((const struct secasindex *,
-+ struct vnet *));
- static void key_freesp_so __P((struct secpolicy **));
- static struct secasvar *key_do_allocsa_policy __P((struct secashead *, u_int));
- static void key_delsp __P((struct secpolicy *));
--static struct secpolicy *key_getsp __P((struct secpolicyindex *));
--static struct secpolicy *key_getspbyid __P((u_int32_t));
-+static struct secpolicy *key_getsp __P((struct secpolicyindex *, struct vnet*));
-+static struct secpolicy *key_getspbyid __P((u_int32_t, struct vnet *));
- static u_int32_t key_newreqid __P((void));
- static struct mbuf *key_gather_mbuf __P((struct mbuf *,
- const struct sadb_msghdr *, int, int, ...));
-@@ -523,7 +525,7 @@
- * others: found and return the pointer.
- */
- struct secpolicy *
--key_allocsp(struct secpolicyindex *spidx, u_int dir, const char* where, int tag)
-+key_allocsp(struct secpolicyindex *spidx, u_int dir, const char* where, int tag, struct vnet *vnet)
- {
- struct secpolicy *sp;
- int s;
-@@ -541,7 +543,7 @@
- printf("*** objects\n");
- kdebug_secpolicyindex(spidx));
-
-- LIST_FOREACH(sp, &sptree[dir], chain) {
-+ LIST_FOREACH(sp, &vnet->sptree[dir], chain) {
- KEYDEBUG(KEYDEBUG_IPSEC_DATA,
- printf("*** in SPD\n");
- kdebug_secpolicyindex(&sp->spidx));
-@@ -580,7 +582,7 @@
- union sockaddr_union *dst,
- u_int8_t proto,
- u_int dir,
-- const char* where, int tag)
-+ const char* where, int tag, struct vnet *vnet)
- {
- struct secpolicy *sp;
- int s;
-@@ -599,7 +601,7 @@
- printf("spi %u proto %u dir %u\n", spi, proto, dir);
- kdebug_sockaddr(&dst->sa));
-
-- LIST_FOREACH(sp, &sptree[dir], chain) {
-+ LIST_FOREACH(sp, &vnet->sptree[dir], chain) {
- KEYDEBUG(KEYDEBUG_IPSEC_DATA,
- printf("*** in SPD\n");
- kdebug_secpolicyindex(&sp->spidx));
-@@ -642,7 +644,7 @@
- const struct sockaddr *odst,
- const struct sockaddr *isrc,
- const struct sockaddr *idst,
-- const char* where, int tag)
-+ const char* where, int tag, struct vnet *vnet)
- {
- struct secpolicy *sp;
- const int dir = IPSEC_DIR_INBOUND;
-@@ -661,7 +663,7 @@
- }
-
- s = splnet(); /*called from softclock()*/
-- LIST_FOREACH(sp, &sptree[dir], chain) {
-+ LIST_FOREACH(sp, &vnet->sptree[dir], chain) {
- if (sp->state == IPSEC_SPSTATE_DEAD)
- continue;
-
-@@ -817,7 +819,7 @@
- struct secasvar *sav;
- u_int stateidx, state;
-
-- LIST_FOREACH(sah, &sahtree, chain) {
-+ LIST_FOREACH(sah, &vnet->sahtree, chain) {
- if (sah->state == SADB_SASTATE_DEAD)
- continue;
- if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID))
-@@ -991,7 +993,7 @@
- union sockaddr_union *dst,
- u_int proto,
- u_int32_t spi,
-- const char* where, int tag)
-+ const char* where, int tag, struct vnet *vnet)
- {
- struct secashead *sah;
- struct secasvar *sav;
-@@ -1010,7 +1012,7 @@
- * encrypted so we can't check internal IP header.
- */
- s = splnet(); /*called from softclock()*/
-- LIST_FOREACH(sah, &sahtree, chain) {
-+ LIST_FOREACH(sah, &vnet->sahtree, chain) {
- /* search valid state */
- for (stateidx = 0;
- stateidx < _ARRAYLEN(saorder_state_valid);
-@@ -1213,13 +1215,13 @@
- * others : found, pointer to a SP.
- */
- static struct secpolicy *
--key_getsp(struct secpolicyindex *spidx)
-+key_getsp(struct secpolicyindex *spidx, struct vnet *vnet)
- {
- struct secpolicy *sp;
-
- KASSERT(spidx != NULL, ("key_getsp: null spidx"));
-
-- LIST_FOREACH(sp, &sptree[spidx->dir], chain) {
-+ LIST_FOREACH(sp, &vnet->sptree[spidx->dir], chain) {
- if (sp->state == IPSEC_SPSTATE_DEAD)
- continue;
- if (key_cmpspidx_exactly(spidx, &sp->spidx)) {
-@@ -1237,11 +1239,11 @@
- * others : found, pointer to a SP.
- */
- static struct secpolicy *
--key_getspbyid(u_int32_t id)
-+key_getspbyid(u_int32_t id, struct vnet *vnet)
- {
- struct secpolicy *sp;
-
-- LIST_FOREACH(sp, &sptree[IPSEC_DIR_INBOUND], chain) {
-+ LIST_FOREACH(sp, &vnet->sptree[IPSEC_DIR_INBOUND], chain) {
- if (sp->state == IPSEC_SPSTATE_DEAD)
- continue;
- if (sp->id == id) {
-@@ -1250,7 +1252,7 @@
- }
- }
-
-- LIST_FOREACH(sp, &sptree[IPSEC_DIR_OUTBOUND], chain) {
-+ LIST_FOREACH(sp, &vnet->sptree[IPSEC_DIR_OUTBOUND], chain) {
- if (sp->state == IPSEC_SPSTATE_DEAD)
- continue;
- if (sp->id == id) {
-@@ -7060,37 +7062,59 @@
- }
-
- void
--key_init()
-+key_init(vnet)
-+ struct vnet *vnet;
- {
- int i;
-
- for (i = 0; i < IPSEC_DIR_MAX; i++) {
-- LIST_INIT(&sptree[i]);
-+ LIST_INIT(&vnet->sptree[i]);
- }
-
-- LIST_INIT(&sahtree);
-+ LIST_INIT(&vnet->sahtree);
-
- for (i = 0; i <= SADB_SATYPE_MAX; i++) {
-- LIST_INIT(®tree[i]);
-+ LIST_INIT(&vnet->regtree[i]);
- }
-
- #ifndef IPSEC_NONBLOCK_ACQUIRE
-- LIST_INIT(&acqtree);
-+ LIST_INIT(&vnet->acqtree);
- #endif
-- LIST_INIT(&spacqtree);
-+ LIST_INIT(&vnet->spacqtree);
-
- /* system default */
-- ip4_def_policy.policy = IPSEC_POLICY_NONE;
-- ip4_def_policy.refcnt++; /*never reclaim this*/
-+ vnet->ip4_def_policy.policy = IPSEC_POLICY_NONE;
-+ vnet->ip4_def_policy.refcnt++; /*never reclaim this*/
-
- #ifndef IPSEC_DEBUG2
- timeout((void *)key_timehandler, (void *)0, hz);
- #endif /*IPSEC_DEBUG2*/
-
- /* initialize key statistics */
-- keystat.getspi_count = 1;
-+ vnet->keystat.getspi_count = 1;
-+
-+ /* initialize vars in struct vnet */
-+ vnet->acq_seq = 0;
-+ vnet->ip4_ah_offsetmask = 0;
-+ vnet->ip4_ipsec_dfbit = 0;
-+ vnet->ip4_esp_trans_deflev = IPSEC_LEVEL_USE;
-+ vnet->ip4_esp_net_deflev = IPSEC_LEVEL_USE;
-+ vnet->ip4_ah_trans_deflev = IPSEC_LEVEL_USE;
-+ vnet->ip4_ah_net_deflev = IPSEC_LEVEL_USE;
-+ vnet->ip4_ipsec_ecn = 0;
-+ vnet->ip4_esp_randpad = -1;
-+ vnet->crypto_support = 0;
-+#ifdef INET6
-+ vnet->ip6_esp_trans_deflev = IPSEC_LEVEL_USE;
-+ vnet->ip6_esp_net_deflev = IPSEC_LEVEL_USE;
-+ vnet->ip6_ah_trans_deflev = IPSEC_LEVEL_USE;
-+ vnet->ip6_ah_net_deflev = IPSEC_LEVEL_USE;
-+ vnet->ip6_ipsec_ecn = 0;
-+ vnet->ip6_esp_randpad = -1;
-+#endif
-
-- printf("IPsec: Initialized Security Association Processing.\n");
-+ if (vnet == vnet0)
-+ printf("IPsec: Initialized Security Association Processing.\n");
-
- return;
- }
-diff -urN sys/netipsec/keysock.c sys.CORE/netipsec/keysock.c
---- sys/netipsec/keysock.c Thu Jan 23 21:11:36 2003
-+++ sys.CORE/netipsec/keysock.c Wed Jan 31 16:02:43 2007
-@@ -592,10 +592,11 @@
- };
-
- static void
--key_init0(void)
-+key_init0(vnet)
-+ struct vnet *vnet;
- {
-- bzero((caddr_t)&key_cb, sizeof(key_cb));
-- key_init();
-+ bzero((caddr_t)&vnet->key_cb, sizeof(key_cb));
-+ key_init(vnet);
- }
-
- struct domain keydomain =
-diff -urN sys/netkey/key.c sys.CORE/netkey/key.c
---- sys/netkey/key.c Thu Jan 13 14:47:18 2005
-+++ sys.CORE/netkey/key.c Wed Jan 31 16:02:43 2007
-@@ -107,6 +107,8 @@
- #include
-
- #include
-+#include
-+#include
-
- #ifndef satosin
- #define satosin(s) ((struct sockaddr_in *)s)
-@@ -126,6 +128,7 @@
- */
-
- u_int32_t key_debug_level = 0;
-+#ifdef MOVED_TO_VNET
- static u_int key_spi_trycnt = 1000;
- static u_int32_t key_spi_minval = 0x100;
- static u_int32_t key_spi_maxval = 0x0fffffff; /* XXX */
-@@ -149,6 +152,7 @@
- static LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */
-
- struct key_cb key_cb;
-+#endif /* MOVED_TO_VNET */
-
- /* search order for SAs */
- static const u_int saorder_state_valid_prefer_old[] = {
-@@ -223,32 +227,32 @@
- &key_debug_level, 0, "");
-
- /* max count of trial for the decision of spi value */
--SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW, \
-- &key_spi_trycnt, 0, "");
-+SYSCTL_V_INT(V_NET, _net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW, \
-+ v_key_spi_trycnt, 0, "");
-
- /* minimum spi value to allocate automatically. */
--SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW, \
-- &key_spi_minval, 0, "");
-+SYSCTL_V_INT(V_NET, _net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW, \
-+ v_key_spi_minval, 0, "");
-
- /* maximun spi value to allocate automatically. */
--SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW, \
-- &key_spi_maxval, 0, "");
-+SYSCTL_V_INT(V_NET, _net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW, \
-+ v_key_spi_maxval, 0, "");
-
- /* interval to initialize randseed */
--SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW, \
-- &key_int_random, 0, "");
-+SYSCTL_V_INT(V_NET, _net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW, \
-+ v_key_int_random, 0, "");
-
- /* lifetime for larval SA */
--SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \
-- &key_larval_lifetime, 0, "");
-+SYSCTL_V_INT(V_NET, _net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \
-+ v_key_larval_lifetime, 0, "");
-
- /* counter for blocking to send SADB_ACQUIRE to IKEd */
--SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW, \
-- &key_blockacq_count, 0, "");
-+SYSCTL_V_INT(V_NET, _net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW, \
-+ v_key_blockacq_count, 0, "");
-
- /* lifetime for blocking to send SADB_ACQUIRE to IKEd */
--SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \
-- &key_blockacq_lifetime, 0, "");
-+SYSCTL_V_INT(V_NET, _net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \
-+ v_key_blockacq_lifetime, 0, "");
-
- /* ESP auth */
- SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, CTLFLAG_RW, \
-@@ -263,8 +267,8 @@
- &ipsec_ah_keymin, 0, "");
-
- /* perfered old SA rather than new SA */
--SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, prefered_oldsa, CTLFLAG_RW,\
-- &key_preferred_oldsa, 0, "");
-+SYSCTL_V_INT(V_NET, _net_key, KEYCTL_PREFERED_OLDSA, prefered_oldsa, CTLFLAG_RW,\
-+ v_key_preferred_oldsa, 0, "");
-
- #ifndef LIST_FOREACH
- #define LIST_FOREACH(elm, head, field) \
-@@ -352,9 +356,11 @@
- } while (0)
-
- /* key statistics */
-+#ifdef MOVED_TO_VNET
- struct _keystat {
- u_long getspi_count; /* the avarage of count to try to get new SPI */
- } keystat;
-+#endif
-
- struct sadb_msghdr {
- struct sadb_msg *msg;
-@@ -363,18 +369,20 @@
- int extlen[SADB_EXT_MAX + 1];
- };
-
--static struct secasvar *key_allocsa_policy __P((struct secasindex *));
-+static struct secasvar *key_allocsa_policy __P((struct secasindex *,
-+ struct vnet *));
- static void key_freesp_so __P((struct secpolicy **));
--static struct secasvar *key_do_allocsa_policy __P((struct secashead *, u_int));
-+static struct secasvar *key_do_allocsa_policy __P((struct secashead *, u_int,
-+ struct vnet *));
- static void key_delsp __P((struct secpolicy *));
--static struct secpolicy *key_getsp __P((struct secpolicyindex *));
--static struct secpolicy *key_getspbyid __P((u_int32_t));
-+static struct secpolicy *key_getsp __P((struct secpolicyindex *, struct vnet*));
-+static struct secpolicy *key_getspbyid __P((u_int32_t, struct vnet*));
- static u_int32_t key_newreqid __P((void));
- static struct mbuf *key_gather_mbuf __P((struct mbuf *,
- const struct sadb_msghdr *, int, int, ...));
- static int key_spdadd __P((struct socket *, struct mbuf *,
- const struct sadb_msghdr *));
--static u_int32_t key_getnewspid __P((void));
-+static u_int32_t key_getnewspid __P((struct vnet *));
- static int key_spddelete __P((struct socket *, struct mbuf *,
- const struct sadb_msghdr *));
- static int key_spddelete2 __P((struct socket *, struct mbuf *,
-@@ -388,14 +396,15 @@
- static struct mbuf *key_setdumpsp __P((struct secpolicy *,
- u_int8_t, u_int32_t, u_int32_t));
- static u_int key_getspreqmsglen __P((struct secpolicy *));
--static int key_spdexpire __P((struct secpolicy *));
--static struct secashead *key_newsah __P((struct secasindex *));
-+static int key_spdexpire __P((struct secpolicy *, struct vnet *));
-+static struct secashead *key_newsah __P((struct secasindex *, struct vnet *));
- static void key_delsah __P((struct secashead *));
- static struct secasvar *key_newsav __P((struct mbuf *,
- const struct sadb_msghdr *, struct secashead *, int *));
- static void key_delsav __P((struct secasvar *));
--static struct secashead *key_getsah __P((struct secasindex *));
--static struct secasvar *key_checkspidup __P((struct secasindex *, u_int32_t));
-+static struct secashead *key_getsah __P((struct secasindex *, struct vnet *));
-+static struct secasvar *key_checkspidup __P((struct secasindex *, u_int32_t,
-+ struct vnet *));
- static struct secasvar *key_getsavbyspi __P((struct secashead *, u_int32_t));
- static int key_setsaval __P((struct secasvar *, struct mbuf *,
- const struct sadb_msghdr *));
-@@ -416,7 +425,7 @@
- u_int32_t));
- static void *key_newbuf __P((const void *, u_int));
- #ifdef INET6
--static int key_ismyaddr6 __P((struct sockaddr_in6 *));
-+static int key_ismyaddr6 __P((struct sockaddr_in6 *, struct vnet *));
- #endif
-
- /* flags for key_cmpsaidx() */
-@@ -440,7 +449,8 @@
- static int key_getspi __P((struct socket *, struct mbuf *,
- const struct sadb_msghdr *));
- static u_int32_t key_do_getnewspi __P((struct sadb_spirange *,
-- struct secasindex *));
-+ struct secasindex *,
-+ struct vnet *));
- static int key_update __P((struct socket *, struct mbuf *,
- const struct sadb_msghdr *));
- #ifdef IPSEC_DOSEQCHECK
-@@ -465,19 +475,20 @@
- static struct mbuf *key_getcomb_ipcomp __P((void));
- static struct mbuf *key_getprop __P((const struct secasindex *));
-
--static int key_acquire __P((struct secasindex *, struct secpolicy *));
-+static int key_acquire __P((struct secasindex *, struct secpolicy *,
-+ struct vnet *));
- #ifndef IPSEC_NONBLOCK_ACQUIRE
--static struct secacq *key_newacq __P((struct secasindex *));
--static struct secacq *key_getacq __P((struct secasindex *));
--static struct secacq *key_getacqbyseq __P((u_int32_t));
-+static struct secacq *key_newacq __P((struct secasindex *, struct vnet *));
-+static struct secacq *key_getacq __P((struct secasindex *, struct vnet *));
-+static struct secacq *key_getacqbyseq __P((u_int32_t, struct vnet *));
- #endif
- static struct secspacq *key_newspacq __P((struct secpolicyindex *));
--static struct secspacq *key_getspacq __P((struct secpolicyindex *));
-+static struct secspacq *key_getspacq __P((struct secpolicyindex *, struct vnet *));
- static int key_acquire2 __P((struct socket *, struct mbuf *,
- const struct sadb_msghdr *));
- static int key_register __P((struct socket *, struct mbuf *,
- const struct sadb_msghdr *));
--static int key_expire __P((struct secasvar *));
-+static int key_expire __P((struct secasvar *, struct vnet *vnet));
- static int key_flush __P((struct socket *, struct mbuf *,
- const struct sadb_msghdr *));
- static int key_dump __P((struct socket *, struct mbuf *,
-@@ -486,7 +497,7 @@
- const struct sadb_msghdr *));
- static int key_senderror __P((struct socket *, struct mbuf *, int));
- static int key_validate_ext __P((const struct sadb_ext *, int));
--static int key_align __P((struct mbuf *, struct sadb_msghdr *));
-+static int key_align __P((struct mbuf *, struct sadb_msghdr *, struct vnet *));
- #if 0
- static const char *key_getfqdn __P((void));
- static const char *key_getuserfqdn __P((void));
-@@ -502,9 +513,10 @@
- * others: found and return the pointer.
- */
- struct secpolicy *
--key_allocsp(spidx, dir)
-+key_allocsp(spidx, dir, vnet)
- struct secpolicyindex *spidx;
- u_int dir;
-+ struct vnet *vnet;
- {
- struct secpolicy *sp;
- struct timeval tv;
-@@ -513,6 +525,8 @@
- /* sanity check */
- if (spidx == NULL)
- panic("key_allocsp: NULL pointer is passed.\n");
-+ if (vnet == NULL)
-+ panic("key_allocsp: NULL vnet is passed.\n");
-
- /* check direction */
- switch (dir) {
-@@ -529,7 +543,7 @@
- printf("*** objects\n");
- kdebug_secpolicyindex(spidx));
-
-- LIST_FOREACH(sp, &sptree[dir], chain) {
-+ LIST_FOREACH(sp, &vnet->sptree[dir], chain) {
- KEYDEBUG(KEYDEBUG_IPSEC_DATA,
- printf("*** in SPD\n");
- kdebug_secpolicyindex(&sp->spidx));
-@@ -564,8 +578,9 @@
- * XXX slow
- */
- struct secpolicy *
--key_gettunnel(osrc, odst, isrc, idst)
-+key_gettunnel(osrc, odst, isrc, idst, vnet)
- struct sockaddr *osrc, *odst, *isrc, *idst;
-+ struct vnet *vnet;
- {
- struct secpolicy *sp;
- const int dir = IPSEC_DIR_INBOUND;
-@@ -580,9 +595,11 @@
- isrc->sa_family, idst->sa_family));
- return NULL;
- }
-+ if (vnet == NULL)
-+ panic("key_gettunnel: NULL vnet is passed.\n");
-
- s = splnet(); /*called from softclock()*/
-- LIST_FOREACH(sp, &sptree[dir], chain) {
-+ LIST_FOREACH(sp, &vnet->sptree[dir], chain) {
- if (sp->state == IPSEC_SPSTATE_DEAD)
- continue;
-
-@@ -639,9 +656,10 @@
- * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
- */
- int
--key_checkrequest(isr, saidx)
-+key_checkrequest(isr, saidx, vnet)
- struct ipsecrequest *isr;
- struct secasindex *saidx;
-+ struct vnet *vnet;
- {
- u_int level;
- int error;
-@@ -649,6 +667,8 @@
- /* sanity check */
- if (isr == NULL || saidx == NULL)
- panic("key_checkrequest: NULL pointer is passed.\n");
-+ if (vnet == NULL)
-+ panic("key_checkrequest: NULL vnet is passed.\n");
-
- /* check mode */
- switch (saidx->mode) {
-@@ -661,7 +681,7 @@
- }
-
- /* get current level */
-- level = ipsec_get_reqlevel(isr);
-+ level = ipsec_get_reqlevel(isr, vnet);
-
- #if 0
- /*
-@@ -704,14 +724,14 @@
- * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
- */
- if (isr->sav == NULL)
-- isr->sav = key_allocsa_policy(saidx);
-+ isr->sav = key_allocsa_policy(saidx, vnet);
-
- /* When there is SA. */
- if (isr->sav != NULL)
- return 0;
-
- /* there is no SA */
-- if ((error = key_acquire(saidx, isr->sp)) != 0) {
-+ if ((error = key_acquire(saidx, isr->sp, vnet)) != 0) {
- /* XXX What should I do ? */
- ipseclog((LOG_DEBUG, "key_checkrequest: error %d returned "
- "from key_acquire.\n", error));
-@@ -728,8 +748,9 @@
- * others: found and return the pointer.
- */
- static struct secasvar *
--key_allocsa_policy(saidx)
-+key_allocsa_policy(saidx, vnet)
- struct secasindex *saidx;
-+ struct vnet *vnet;
- {
- struct secashead *sah;
- struct secasvar *sav;
-@@ -737,7 +758,9 @@
- const u_int *saorder_state_valid;
- int arraysize;
-
-- LIST_FOREACH(sah, &sahtree, chain) {
-+ if (vnet == NULL)
-+ panic("key_allocsa_policy: NULL vnet is passed.\n");
-+ LIST_FOREACH(sah, &vnet->sahtree, chain) {
- if (sah->state == SADB_SASTATE_DEAD)
- continue;
- if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID))
-@@ -752,7 +775,7 @@
- * search a valid state list for outbound packet.
- * This search order is important.
- */
-- if (key_preferred_oldsa) {
-+ if (vnet->key_preferred_oldsa) {
- saorder_state_valid = saorder_state_valid_prefer_old;
- arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
- } else {
-@@ -764,7 +787,7 @@
-
- state = saorder_state_valid[stateidx];
-
-- sav = key_do_allocsa_policy(sah, state);
-+ sav = key_do_allocsa_policy(sah, state, vnet);
- if (sav != NULL)
- return sav;
- }
-@@ -780,12 +803,15 @@
- * others : found, pointer to a SA.
- */
- static struct secasvar *
--key_do_allocsa_policy(sah, state)
-+key_do_allocsa_policy(sah, state, vnet)
- struct secashead *sah;
- u_int state;
-+ struct vnet *vnet;
- {
- struct secasvar *sav, *nextsav, *candidate, *d;
-
-+ if (vnet == NULL)
-+ panic("key_do_allocsa_policy: NULL vnet is passed.\n");
- /* initilize */
- candidate = NULL;
-
-@@ -812,7 +838,7 @@
- "lifetime_current is NULL.\n");
-
- /* What the best method is to compare ? */
-- if (key_preferred_oldsa) {
-+ if (vnet->key_preferred_oldsa) {
- if (candidate->lft_c->sadb_lifetime_addtime >
- sav->lft_c->sadb_lifetime_addtime) {
- candidate = sav;
-@@ -883,7 +909,7 @@
- PFKEY_UNIT64(result->m_pkthdr.len);
-
- if (key_sendup_mbuf(NULL, result,
-- KEY_SENDUP_REGISTERED))
-+ KEY_SENDUP_REGISTERED, vnet))
- goto msgfail;
- msgfail:
- key_freesav(d);
-@@ -916,10 +942,11 @@
- * keep source address in IPsec SA. We see a tricky situation here.
- */
- struct secasvar *
--key_allocsa(family, src, dst, proto, spi)
-+key_allocsa(family, src, dst, proto, spi, vnet)
- u_int family, proto;
- caddr_t src, dst;
- u_int32_t spi;
-+ struct vnet *vnet;
- {
- struct secashead *sah;
- struct secasvar *sav;
-@@ -933,12 +960,14 @@
- /* sanity check */
- if (src == NULL || dst == NULL)
- panic("key_allocsa: NULL pointer is passed.\n");
-+ if (vnet == NULL)
-+ panic("key_allocsa: NULL vnet is passed.\n");
-
- /*
- * when both systems employ similar strategy to use a SA.
- * the search order is important even in the inbound case.
- */
-- if (key_preferred_oldsa) {
-+ if (vnet->key_preferred_oldsa) {
- saorder_state_valid = saorder_state_valid_prefer_old;
- arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
- } else {
-@@ -953,7 +982,7 @@
- * encrypted so we can't check internal IP header.
- */
- s = splnet(); /*called from softclock()*/
-- LIST_FOREACH(sah, &sahtree, chain) {
-+ LIST_FOREACH(sah, &vnet->sahtree, chain) {
- /*
- * search a valid state list for inbound packet.
- * the search order is not important.
-@@ -1248,16 +1277,19 @@
- * others : found, pointer to a SP.
- */
- static struct secpolicy *
--key_getsp(spidx)
-+key_getsp(spidx, vnet)
- struct secpolicyindex *spidx;
-+ struct vnet *vnet;
- {
- struct secpolicy *sp;
-
- /* sanity check */
- if (spidx == NULL)
- panic("key_getsp: NULL pointer is passed.\n");
-+ if (vnet == NULL)
-+ panic("key_getsp: NULL vnet is passed.\n");
-
-- LIST_FOREACH(sp, &sptree[spidx->dir], chain) {
-+ LIST_FOREACH(sp, &vnet->sptree[spidx->dir], chain) {
- if (sp->state == IPSEC_SPSTATE_DEAD)
- continue;
- if (key_cmpspidx_exactly(spidx, &sp->spidx)) {
-@@ -1275,12 +1307,15 @@
- * others : found, pointer to a SP.
- */
- static struct secpolicy *
--key_getspbyid(id)
-+key_getspbyid(id, vnet)
- u_int32_t id;
-+ struct vnet *vnet;
- {
- struct secpolicy *sp;
-
-- LIST_FOREACH(sp, &sptree[IPSEC_DIR_INBOUND], chain) {
-+ if (vnet == NULL)
-+ panic("key_getspbyid: NULL vnet is passed.\n");
-+ LIST_FOREACH(sp, &vnet->sptree[IPSEC_DIR_INBOUND], chain) {
- if (sp->state == IPSEC_SPSTATE_DEAD)
- continue;
- if (sp->id == id) {
-@@ -1289,7 +1324,7 @@
- }
- }
-
-- LIST_FOREACH(sp, &sptree[IPSEC_DIR_OUTBOUND], chain) {
-+ LIST_FOREACH(sp, &vnet->sptree[IPSEC_DIR_OUTBOUND], chain) {
- if (sp->state == IPSEC_SPSTATE_DEAD)
- continue;
- if (sp->id == id) {
-@@ -1735,10 +1770,14 @@
- struct secpolicy *newsp;
- struct timeval tv;
- int error;
-+ struct vnet *vnet;
-
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("key_spdadd: NULL pointer is passed.\n");
-+ vnet = so->so_vnet;
-+ if (vnet == NULL)
-+ panic("key_spdadd: NULL vnet pointer.\n");
-
- if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
- mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
-@@ -1808,7 +1847,7 @@
- * If the type is either SPDADD or SPDSETIDX AND a SP is found,
- * then error.
- */
-- newsp = key_getsp(&spidx);
-+ newsp = key_getsp(&spidx, vnet);
- if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
- if (newsp) {
- newsp->state = IPSEC_SPSTATE_DEAD;
-@@ -1827,7 +1866,7 @@
- return key_senderror(so, m, error);
- }
-
-- if ((newsp->id = key_getnewspid()) == 0) {
-+ if ((newsp->id = key_getnewspid(vnet)) == 0) {
- keydb_delsecpolicy(newsp);
- return key_senderror(so, m, ENOBUFS);
- }
-@@ -1879,12 +1918,13 @@
-
- newsp->refcnt = 1; /* do not reclaim until I say I do */
- newsp->state = IPSEC_SPSTATE_ALIVE;
-- LIST_INSERT_TAIL(&sptree[newsp->spidx.dir], newsp, secpolicy, chain);
-+ LIST_INSERT_TAIL(&vnet->sptree[newsp->spidx.dir], newsp,
-+ secpolicy, chain);
-
- /* delete the entry in spacqtree */
- if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
- struct secspacq *spacq;
-- if ((spacq = key_getspacq(&spidx)) != NULL) {
-+ if ((spacq = key_getspacq(&spidx, vnet)) != NULL) {
- /* reset counter in order to deletion by timehandler. */
- microtime(&tv);
- spacq->created = tv.tv_sec;
-@@ -1934,7 +1974,7 @@
- xpl->sadb_x_policy_id = newsp->id;
-
- m_freem(m);
-- return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
-+ return key_sendup_mbuf(so, n, KEY_SENDUP_ALL, vnet);
- }
- }
-
-@@ -1945,17 +1985,22 @@
- * others: success.
- */
- static u_int32_t
--key_getnewspid()
-+key_getnewspid(vnet)
-+ struct vnet *vnet;
- {
- u_int32_t newid = 0;
-- int count = key_spi_trycnt; /* XXX */
-+ int count;
- struct secpolicy *sp;
-
-+ if (vnet == NULL)
-+ panic("key_getnewspid: NULL vnet was passed.");
-+ count = vnet->key_spi_trycnt; /* XXX */
- /* when requesting to allocate spi ranged */
- while (count--) {
-- newid = (policy_id = (policy_id == ~0 ? 1 : policy_id + 1));
-+ newid = (vnet->policy_id = (vnet->policy_id == ~0 ?
-+ 1 : vnet->policy_id+1));
-
-- if ((sp = key_getspbyid(newid)) == NULL)
-+ if ((sp = key_getspbyid(newid, vnet)) == NULL)
- break;
-
- key_freesp(sp);
-@@ -1991,10 +2036,14 @@
- struct sadb_x_policy *xpl0;
- struct secpolicyindex spidx;
- struct secpolicy *sp;
-+ struct vnet *vnet;
-
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("key_spddelete: NULL pointer is passed.\n");
-+ vnet = so->so_vnet;
-+ if (vnet == NULL)
-+ panic("key_spddelete: NULL vnet pointer.\n");
-
- if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
- mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
-@@ -2034,7 +2083,7 @@
- }
-
- /* Is there SP in SPD ? */
-- if ((sp = key_getsp(&spidx)) == NULL) {
-+ if ((sp = key_getsp(&spidx, vnet)) == NULL) {
- ipseclog((LOG_DEBUG, "key_spddelete: no SP found.\n"));
- return key_senderror(so, m, EINVAL);
- }
-@@ -2060,7 +2109,7 @@
- newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
-
- m_freem(m);
-- return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
-+ return key_sendup_mbuf(so, n, KEY_SENDUP_ALL, vnet);
- }
- }
-
-@@ -2084,10 +2133,14 @@
- {
- u_int32_t id;
- struct secpolicy *sp;
-+ struct vnet *vnet;
-
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("key_spddelete2: NULL pointer is passed.\n");
-+ vnet = so->so_vnet;
-+ if (vnet == NULL)
-+ panic("key_spddelete2: NULL vnet pointer.\n");
-
- if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
- mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
-@@ -2099,7 +2152,7 @@
- id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
-
- /* Is there SP in SPD ? */
-- if ((sp = key_getspbyid(id)) == NULL) {
-+ if ((sp = key_getspbyid(id, vnet)) == NULL) {
- ipseclog((LOG_DEBUG, "key_spddelete2: no SP found id:%u.\n", id));
- key_senderror(so, m, EINVAL);
- }
-@@ -2156,7 +2209,7 @@
- newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
-
- m_freem(m);
-- return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
-+ return key_sendup_mbuf(so, n, KEY_SENDUP_ALL, vnet);
- }
- }
-
-@@ -2181,10 +2234,14 @@
- u_int32_t id;
- struct secpolicy *sp;
- struct mbuf *n;
-+ struct vnet *vnet;
-
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("key_spdget: NULL pointer is passed.\n");
-+ vnet = so->so_vnet;
-+ if (vnet == NULL)
-+ panic("key_spdget: NULL vnet pointer.\n");
-
- if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
- mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
-@@ -2195,7 +2252,7 @@
- id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
-
- /* Is there SP in SPD ? */
-- if ((sp = key_getspbyid(id)) == NULL) {
-+ if ((sp = key_getspbyid(id, vnet)) == NULL) {
- ipseclog((LOG_DEBUG, "key_spdget: no SP found id:%u.\n", id));
- return key_senderror(so, m, ENOENT);
- }
-@@ -2203,7 +2260,7 @@
- n = key_setdumpsp(sp, SADB_X_SPDGET, 0, mhp->msg->sadb_msg_pid);
- if (n != NULL) {
- m_freem(m);
-- return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
-+ return key_sendup_mbuf(so, n, KEY_SENDUP_ONE, vnet);
- } else
- return key_senderror(so, m, ENOBUFS);
- }
-@@ -2224,8 +2281,9 @@
- * others: error number
- */
- int
--key_spdacquire(sp)
-+key_spdacquire(sp, vnet)
- struct secpolicy *sp;
-+ struct vnet *vnet;
- {
- struct mbuf *result = NULL, *m;
- struct secspacq *newspacq;
-@@ -2238,10 +2296,12 @@
- panic("key_spdacquire: called but there is request.\n");
- if (sp->policy != IPSEC_POLICY_IPSEC)
- panic("key_spdacquire: policy mismathed. IPsec is expected.\n");
-+ if (vnet == NULL)
-+ panic("key_spdacquire: NULL vnet is passed.\n");
-
- /* get a entry to check whether sent message or not. */
-- if ((newspacq = key_getspacq(&sp->spidx)) != NULL) {
-- if (key_blockacq_count < newspacq->count) {
-+ if ((newspacq = key_getspacq(&sp->spidx, vnet)) != NULL) {
-+ if (vnet->key_blockacq_count < newspacq->count) {
- /* reset counter and do send message. */
- newspacq->count = 0;
- } else {
-@@ -2255,7 +2315,7 @@
- return ENOBUFS;
-
- /* add to acqtree */
-- LIST_INSERT_HEAD(&spacqtree, newspacq, chain);
-+ LIST_INSERT_HEAD(&vnet->spacqtree, newspacq, chain);
- }
-
- /* create new sadb_msg to reply. */
-@@ -2273,7 +2333,7 @@
- mtod(result, struct sadb_msg *)->sadb_msg_len =
- PFKEY_UNIT64(result->m_pkthdr.len);
-
-- return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED);
-+ return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED, vnet);
-
- fail:
- if (result)
-@@ -2302,16 +2362,20 @@
- struct sadb_msg *newmsg;
- struct secpolicy *sp;
- u_int dir;
-+ struct vnet *vnet;
-
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("key_spdflush: NULL pointer is passed.\n");
-+ vnet = so->so_vnet;
-+ if (vnet == NULL)
-+ panic("key_spdflush: NULL vnet pointer.\n");
-
- if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
- return key_senderror(so, m, EINVAL);
-
- for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
-- LIST_FOREACH(sp, &sptree[dir], chain) {
-+ LIST_FOREACH(sp, &vnet->sptree[dir], chain) {
- sp->state = IPSEC_SPSTATE_DEAD;
- }
- }
-@@ -2329,7 +2393,7 @@
- newmsg->sadb_msg_errno = 0;
- newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
-
-- return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
-+ return key_sendup_mbuf(so, m, KEY_SENDUP_ALL, vnet);
- }
-
- /*
-@@ -2353,15 +2417,19 @@
- int cnt;
- u_int dir;
- struct mbuf *n;
-+ struct vnet *vnet;
-
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("key_spddump: NULL pointer is passed.\n");
-+ vnet = so->so_vnet;
-+ if (vnet == NULL)
-+ panic("key_spddump: NULL vnet pointer.\n");
-
- /* search SPD entry and get buffer size. */
- cnt = 0;
- for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
-- LIST_FOREACH(sp, &sptree[dir], chain) {
-+ LIST_FOREACH(sp, &vnet->sptree[dir], chain) {
- cnt++;
- }
- }
-@@ -2370,13 +2438,13 @@
- return key_senderror(so, m, ENOENT);
-
- for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
-- LIST_FOREACH(sp, &sptree[dir], chain) {
-+ LIST_FOREACH(sp, &vnet->sptree[dir], chain) {
- --cnt;
- n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt,
- mhp->msg->sadb_msg_pid);
-
- if (n)
-- key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
-+ key_sendup_mbuf(so, n, KEY_SENDUP_ONE, vnet);
- }
- }
-
-@@ -2481,8 +2549,9 @@
- * others : error number
- */
- static int
--key_spdexpire(sp)
-+key_spdexpire(sp, vnet)
- struct secpolicy *sp;
-+ struct vnet *vnet;
- {
- int s;
- struct mbuf *result = NULL, *m;
-@@ -2496,6 +2565,8 @@
- /* sanity check */
- if (sp == NULL)
- panic("key_spdexpire: NULL pointer is passed.\n");
-+ if (vnet == NULL)
-+ panic("key_spdexpire: NULL vnet is passed.\n");
-
- /* set msg header */
- m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0);
-@@ -2580,7 +2651,7 @@
- PFKEY_UNIT64(result->m_pkthdr.len);
-
- splx(s);
-- return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
-+ return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED, vnet);
-
- fail:
- if (result)
-@@ -2596,14 +2667,17 @@
- * others : pointer to new SA head.
- */
- static struct secashead *
--key_newsah(saidx)
-+key_newsah(saidx, vnet)
- struct secasindex *saidx;
-+ struct vnet *vnet;
- {
- struct secashead *newsah;
-
- /* sanity check */
- if (saidx == NULL)
- panic("key_newsaidx: NULL pointer is passed.\n");
-+ if (vnet == NULL)
-+ panic("key_newsaidx: NULL vnet is passed.\n");
-
- newsah = keydb_newsecashead();
- if (newsah == NULL)
-@@ -2613,7 +2687,7 @@
-
- /* add to saidxtree */
- newsah->state = SADB_SASTATE_MATURE;
-- LIST_INSERT_HEAD(&sahtree, newsah, chain);
-+ LIST_INSERT_HEAD(&vnet->sahtree, newsah, chain);
-
- return(newsah);
- }
-@@ -2846,12 +2920,15 @@
- * others : found, pointer to a SA.
- */
- static struct secashead *
--key_getsah(saidx)
-+key_getsah(saidx, vnet)
- struct secasindex *saidx;
-+ struct vnet *vnet;
- {
- struct secashead *sah;
-
-- LIST_FOREACH(sah, &sahtree, chain) {
-+ if (vnet == NULL)
-+ panic("key_getsah: NULL vnet was passed.");
-+ LIST_FOREACH(sah, &vnet->sahtree, chain) {
- if (sah->state == SADB_SASTATE_DEAD)
- continue;
- if (key_cmpsaidx(&sah->saidx, saidx, CMP_REQID))
-@@ -2869,13 +2946,16 @@
- * others : found, pointer to a SA.
- */
- static struct secasvar *
--key_checkspidup(saidx, spi)
-+key_checkspidup(saidx, spi, vnet)
- struct secasindex *saidx;
- u_int32_t spi;
-+ struct vnet *vnet;
- {
- struct secashead *sah;
- struct secasvar *sav;
-
-+ if (vnet == NULL)
-+ panic("key_checkspidup: NULL vnet was passed.");
- /* check address family */
- if (saidx->src.ss_family != saidx->dst.ss_family) {
- ipseclog((LOG_DEBUG, "key_checkspidup: address family mismatched.\n"));
-@@ -2883,8 +2963,8 @@
- }
-
- /* check all SAD */
-- LIST_FOREACH(sah, &sahtree, chain) {
-- if (!key_ismyaddr((struct sockaddr *)&sah->saidx.dst))
-+ LIST_FOREACH(sah, &vnet->sahtree, chain) {
-+ if (!key_ismyaddr((struct sockaddr *)&sah->saidx.dst, vnet))
- continue;
- sav = key_getsavbyspi(sah, spi);
- if (sav != NULL)
-@@ -3794,8 +3874,9 @@
- * 0: false
- */
- int
--key_ismyaddr(sa)
-+key_ismyaddr(sa, vnet)
- struct sockaddr *sa;
-+ struct vnet *vnet;
- {
- #ifdef INET
- struct sockaddr_in *sin;
-@@ -3805,12 +3886,14 @@
- /* sanity check */
- if (sa == NULL)
- panic("key_ismyaddr: NULL pointer is passed.\n");
-+ if (vnet == NULL)
-+ panic("key_ismyaddr: NULL vnet was passed.");
-
- switch (sa->sa_family) {
- #ifdef INET
- case AF_INET:
- sin = (struct sockaddr_in *)sa;
-- for (ia = in_ifaddrhead.tqh_first; ia;
-+ for (ia = vnet->in_ifaddrhead.tqh_first; ia;
- ia = ia->ia_link.tqe_next)
- {
- if (sin->sin_family == ia->ia_addr.sin_family &&
-@@ -3824,7 +3907,7 @@
- #endif
- #ifdef INET6
- case AF_INET6:
-- return key_ismyaddr6((struct sockaddr_in6 *)sa);
-+ return key_ismyaddr6((struct sockaddr_in6 *)sa, vnet);
- #endif
- }
-
-@@ -3841,13 +3924,16 @@
- #include
-
- static int
--key_ismyaddr6(sin6)
-+key_ismyaddr6(sin6, vnet)
- struct sockaddr_in6 *sin6;
-+ struct vnet *vnet;
- {
- struct in6_ifaddr *ia;
- struct in6_multi *in6m;
-
-- for (ia = in6_ifaddr; ia; ia = ia->ia_next) {
-+ if (vnet == NULL)
-+ panic("key_ismyaddr6: NULL vnet was passed.");
-+ for (ia = vnet->in6_ifaddr; ia; ia = ia->ia_next) {
- if (key_sockaddrcmp((struct sockaddr *)&sin6,
- (struct sockaddr *)&ia->ia_addr, 0) == 0)
- return 1;
-@@ -4178,17 +4264,22 @@
- u_int dir;
- int s;
- struct timeval tv;
-+ struct vnet *vnet;
-
- microtime(&tv);
-
- s = splnet(); /*called from softclock()*/
-
-+ /* This timer function is called once to step through every vnet. */
-+ LIST_FOREACH(vnet, &vnet_head, vnet_le)
-+ {
-+
- /* SPD */
- {
- struct secpolicy *sp, *nextsp;
-
- for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
-- for (sp = LIST_FIRST(&sptree[dir]);
-+ for (sp = LIST_FIRST(&vnet->sptree[dir]);
- sp != NULL;
- sp = nextsp) {
-
-@@ -4208,7 +4299,7 @@
- || (sp->validtime
- && tv.tv_sec - sp->lastused > sp->validtime)) {
- sp->state = IPSEC_SPSTATE_DEAD;
-- key_spdexpire(sp);
-+ key_spdexpire(sp, vnet);
- continue;
- }
- }
-@@ -4220,7 +4311,7 @@
- struct secashead *sah, *nextsah;
- struct secasvar *sav, *nextsav;
-
-- for (sah = LIST_FIRST(&sahtree);
-+ for (sah = LIST_FIRST(&vnet->sahtree);
- sah != NULL;
- sah = nextsah) {
-
-@@ -4239,7 +4330,7 @@
-
- nextsav = LIST_NEXT(sav, chain);
-
-- if (tv.tv_sec - sav->created > key_larval_lifetime) {
-+ if (tv.tv_sec - sav->created > vnet->key_larval_lifetime) {
- key_freesav(sav);
- }
- }
-@@ -4284,7 +4375,7 @@
- * message in the status of
- * DYING. Do remove below code.
- */
-- key_expire(sav);
-+ key_expire(sav, vnet);
- }
- }
-
-@@ -4303,7 +4394,7 @@
- * message in the status of
- * DYING. Do remove below code.
- */
-- key_expire(sav);
-+ key_expire(sav, vnet);
- }
- }
-
-@@ -4387,13 +4478,13 @@
- {
- struct secacq *acq, *nextacq;
-
-- for (acq = LIST_FIRST(&acqtree);
-+ for (acq = LIST_FIRST(&vnet->acqtree);
- acq != NULL;
- acq = nextacq) {
-
- nextacq = LIST_NEXT(acq, chain);
-
-- if (tv.tv_sec - acq->created > key_blockacq_lifetime
-+ if (tv.tv_sec - acq->created > vnet->key_blockacq_lifetime
- && __LIST_CHAINED(acq)) {
- LIST_REMOVE(acq, chain);
- KFREE(acq);
-@@ -4406,13 +4497,13 @@
- {
- struct secspacq *acq, *nextacq;
-
-- for (acq = LIST_FIRST(&spacqtree);
-+ for (acq = LIST_FIRST(&vnet->spacqtree);
- acq != NULL;
- acq = nextacq) {
-
- nextacq = LIST_NEXT(acq, chain);
-
-- if (tv.tv_sec - acq->created > key_blockacq_lifetime
-+ if (tv.tv_sec - acq->created > vnet->key_blockacq_lifetime
- && __LIST_CHAINED(acq)) {
- LIST_REMOVE(acq, chain);
- KFREE(acq);
-@@ -4421,11 +4512,13 @@
- }
-
- /* initialize random seed */
-- if (key_tick_init_random++ > key_int_random) {
-- key_tick_init_random = 0;
-+ if (vnet->key_tick_init_random++ > vnet->key_int_random) {
-+ vnet->key_tick_init_random = 0;
- key_srandom();
- }
-
-+ /* end LIST_FOREACH(vnet, ...) */
-+ }
- #ifndef IPSEC_DEBUG2
- /* do exchange to tick time !! */
- (void)timeout((void *)key_timehandler, (void *)0, hz);
-@@ -4562,10 +4655,14 @@
- u_int8_t mode;
- u_int32_t reqid;
- int error;
-+ struct vnet *vnet;
-
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("key_getspi: NULL pointer is passed.\n");
-+ vnet = so->so_vnet;
-+ if (vnet == NULL)
-+ panic("key_getspi: cannot find vnet.\n");
-
- if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
- mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
-@@ -4633,14 +4730,14 @@
-
- /* SPI allocation */
- spi = key_do_getnewspi((struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE],
-- &saidx);
-+ &saidx, vnet);
- if (spi == 0)
- return key_senderror(so, m, EINVAL);
-
- /* get a SA index */
-- if ((newsah = key_getsah(&saidx)) == NULL) {
-+ if ((newsah = key_getsah(&saidx, vnet)) == NULL) {
- /* create a new SA index */
-- if ((newsah = key_newsah(&saidx)) == NULL) {
-+ if ((newsah = key_newsah(&saidx, vnet)) == NULL) {
- ipseclog((LOG_DEBUG, "key_getspi: No more memory.\n"));
- return key_senderror(so, m, ENOBUFS);
- }
-@@ -4661,7 +4758,7 @@
- /* delete the entry in acqtree */
- if (mhp->msg->sadb_msg_seq != 0) {
- struct secacq *acq;
-- if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) {
-+ if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq, vnet)) != NULL) {
- /* reset counter in order to deletion by timehandler. */
- struct timeval tv;
- microtime(&tv);
-@@ -4722,7 +4819,7 @@
- if (n->m_len < sizeof(struct sadb_msg)) {
- n = m_pullup(n, sizeof(struct sadb_msg));
- if (n == NULL)
-- return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
-+ return key_sendup_mbuf(so, m, KEY_SENDUP_ONE, vnet);
- }
-
- n->m_pkthdr.len = 0;
-@@ -4735,7 +4832,7 @@
- newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
-
- m_freem(m);
-- return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
-+ return key_sendup_mbuf(so, n, KEY_SENDUP_ONE, vnet);
- }
- }
-
-@@ -4747,21 +4844,26 @@
- * others: success.
- */
- static u_int32_t
--key_do_getnewspi(spirange, saidx)
-+key_do_getnewspi(spirange, saidx, vnet)
- struct sadb_spirange *spirange;
- struct secasindex *saidx;
-+ struct vnet *vnet;
- {
- u_int32_t newspi;
- u_int32_t min, max;
-- int count = key_spi_trycnt;
-+ int count;
-+
-+ if (vnet == NULL)
-+ panic("key_do_getnewspi: NULL vnet was passed.");
-+ count = vnet->key_spi_trycnt;
-
- /* set spi range to allocate */
- if (spirange != NULL) {
- min = spirange->sadb_spirange_min;
- max = spirange->sadb_spirange_max;
- } else {
-- min = key_spi_minval;
-- max = key_spi_maxval;
-+ min = vnet->key_spi_minval;
-+ max = vnet->key_spi_maxval;
- }
- /* IPCOMP needs 2-byte SPI */
- if (saidx->proto == IPPROTO_IPCOMP) {
-@@ -4776,7 +4878,7 @@
- }
-
- if (min == max) {
-- if (key_checkspidup(saidx, min) != NULL) {
-+ if (key_checkspidup(saidx, min, vnet) != NULL) {
- ipseclog((LOG_DEBUG, "key_do_getnewspi: SPI %u exists already.\n", min));
- return 0;
- }
-@@ -4794,7 +4896,7 @@
- /* generate pseudo-random SPI value ranged. */
- newspi = min + (key_random() % (max - min + 1));
-
-- if (key_checkspidup(saidx, newspi) == NULL)
-+ if (key_checkspidup(saidx, newspi, vnet) == NULL)
- break;
- }
-
-@@ -4805,8 +4907,8 @@
- }
-
- /* statistics */
-- keystat.getspi_count =
-- (keystat.getspi_count + key_spi_trycnt - count) / 2;
-+ vnet->keystat.getspi_count =
-+ (vnet->keystat.getspi_count + vnet->key_spi_trycnt - count)/2;
-
- return newspi;
- }
-@@ -4839,10 +4941,14 @@
- u_int8_t mode;
- u_int32_t reqid;
- int error;
-+ struct vnet *vnet;
-
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("key_update: NULL pointer is passed.\n");
-+ vnet = so->so_vnet;
-+ if (vnet == NULL)
-+ panic("key_update: cannot find vnet.\n");
-
- /* map satype to proto */
- if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
-@@ -4887,7 +4993,7 @@
- KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
-
- /* get a SA header */
-- if ((sah = key_getsah(&saidx)) == NULL) {
-+ if ((sah = key_getsah(&saidx, vnet)) == NULL) {
- ipseclog((LOG_DEBUG, "key_update: no SA index found.\n"));
- return key_senderror(so, m, ENOENT);
- }
-@@ -4963,7 +5069,7 @@
- }
-
- m_freem(m);
-- return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
-+ return key_sendup_mbuf(so, n, KEY_SENDUP_ALL, vnet);
- }
- }
-
-@@ -5034,10 +5140,14 @@
- u_int8_t mode;
- u_int32_t reqid;
- int error;
-+ struct vnet *vnet;
-
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("key_add: NULL pointer is passed.\n");
-+ vnet = so->so_vnet;
-+ if (vnet == NULL)
-+ panic("key_add: NULL vnet pointer is passed.\n");
-
- /* map satype to proto */
- if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
-@@ -5082,9 +5192,9 @@
- KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
-
- /* get a SA header */
-- if ((newsah = key_getsah(&saidx)) == NULL) {
-+ if ((newsah = key_getsah(&saidx, vnet)) == NULL) {
- /* create a new SA header */
-- if ((newsah = key_newsah(&saidx)) == NULL) {
-+ if ((newsah = key_newsah(&saidx, vnet)) == NULL) {
- ipseclog((LOG_DEBUG, "key_add: No more memory.\n"));
- return key_senderror(so, m, ENOBUFS);
- }
-@@ -5130,7 +5240,7 @@
- }
-
- m_freem(m);
-- return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
-+ return key_sendup_mbuf(so, n, KEY_SENDUP_ALL, vnet);
- }
- }
-
-@@ -5265,10 +5375,14 @@
- struct secashead *sah;
- struct secasvar *sav = NULL;
- u_int16_t proto;
-+ struct vnet *vnet;
-
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("key_delete: NULL pointer is passed.\n");
-+ vnet = so->so_vnet;
-+ if (vnet == NULL)
-+ panic("key_delete: NULL vnet pointer is passed.\n");
-
- /* map satype to proto */
- if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
-@@ -5309,7 +5423,7 @@
- KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
-
- /* get a SA header */
-- LIST_FOREACH(sah, &sahtree, chain) {
-+ LIST_FOREACH(sah, &vnet->sahtree, chain) {
- if (sah->state == SADB_SASTATE_DEAD)
- continue;
- if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
-@@ -5349,7 +5463,7 @@
- newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
-
- m_freem(m);
-- return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
-+ return key_sendup_mbuf(so, n, KEY_SENDUP_ALL, vnet);
- }
- }
-
-@@ -5368,6 +5482,11 @@
- struct secashead *sah;
- struct secasvar *sav, *nextsav;
- u_int stateidx, state;
-+ struct vnet *vnet;
-+
-+ if (so == NULL || so->so_vnet == NULL)
-+ panic("key_delete_all: cannot find vnet.\n");
-+ vnet = so->so_vnet;
-
- src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
- dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
-@@ -5375,7 +5494,7 @@
- /* XXX boundary check against sa_len */
- KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
-
-- LIST_FOREACH(sah, &sahtree, chain) {
-+ LIST_FOREACH(sah, &vnet->sahtree, chain) {
- if (sah->state == SADB_SASTATE_DEAD)
- continue;
- if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
-@@ -5425,7 +5544,7 @@
- newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
-
- m_freem(m);
-- return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
-+ return key_sendup_mbuf(so, n, KEY_SENDUP_ALL, vnet);
- }
- }
-
-@@ -5453,10 +5572,14 @@
- struct secashead *sah;
- struct secasvar *sav = NULL;
- u_int16_t proto;
-+ struct vnet *vnet;
-
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("key_get: NULL pointer is passed.\n");
-+ vnet = so->so_vnet;
-+ if (vnet == NULL)
-+ panic("key_get: NULL vnet pointer is passed.\n");
-
- /* map satype to proto */
- if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
-@@ -5485,7 +5608,7 @@
- KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
-
- /* get a SA header */
-- LIST_FOREACH(sah, &sahtree, chain) {
-+ LIST_FOREACH(sah, &vnet->sahtree, chain) {
- if (sah->state == SADB_SASTATE_DEAD)
- continue;
- if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
-@@ -5518,7 +5641,7 @@
- return key_senderror(so, m, ENOBUFS);
-
- m_freem(m);
-- return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
-+ return key_sendup_mbuf(so, n, KEY_SENDUP_ONE, vnet);
- }
- }
-
-@@ -5795,9 +5918,10 @@
- * others: error number
- */
- static int
--key_acquire(saidx, sp)
-+key_acquire(saidx, sp, vnet)
- struct secasindex *saidx;
- struct secpolicy *sp;
-+ struct vnet *vnet;
- {
- struct mbuf *result = NULL, *m;
- #ifndef IPSEC_NONBLOCK_ACQUIRE
-@@ -5812,6 +5936,8 @@
- panic("key_acquire: NULL pointer is passed.\n");
- if ((satype = key_proto2satype(saidx->proto)) == 0)
- panic("key_acquire: invalid proto is passed.\n");
-+ if (vnet == NULL)
-+ panic("key_acquire: NULL vnet is passed.\n");
-
- #ifndef IPSEC_NONBLOCK_ACQUIRE
- /*
-@@ -5821,8 +5947,8 @@
- * managed with ACQUIRING list.
- */
- /* get a entry to check whether sending message or not. */
-- if ((newacq = key_getacq(saidx)) != NULL) {
-- if (key_blockacq_count < newacq->count) {
-+ if ((newacq = key_getacq(saidx, vnet)) != NULL) {
-+ if (vnet->key_blockacq_count < newacq->count) {
- /* reset counter and do send message. */
- newacq->count = 0;
- } else {
-@@ -5832,11 +5958,11 @@
- }
- } else {
- /* make new entry for blocking to send SADB_ACQUIRE. */
-- if ((newacq = key_newacq(saidx)) == NULL)
-+ if ((newacq = key_newacq(saidx, vnet)) == NULL)
- return ENOBUFS;
-
- /* add to acqtree */
-- LIST_INSERT_HEAD(&acqtree, newacq, chain);
-+ LIST_INSERT_HEAD(&vnet->acqtree, newacq, chain);
- }
- #endif
-
-@@ -5966,7 +6092,7 @@
- mtod(result, struct sadb_msg *)->sadb_msg_len =
- PFKEY_UNIT64(result->m_pkthdr.len);
-
-- return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
-+ return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED, vnet);
-
- fail:
- if (result)
-@@ -5976,12 +6102,15 @@
-
- #ifndef IPSEC_NONBLOCK_ACQUIRE
- static struct secacq *
--key_newacq(saidx)
-+key_newacq(saidx, vnet)
- struct secasindex *saidx;
-+ struct vnet *vnet;
- {
- struct secacq *newacq;
- struct timeval tv;
-
-+ if (vnet == NULL)
-+ panic("key_newacq: NULL vnet was passed.");
- /* get new entry */
- KMALLOC(newacq, struct secacq *, sizeof(struct secacq));
- if (newacq == NULL) {
-@@ -5992,7 +6121,7 @@
-
- /* copy secindex */
- bcopy(saidx, &newacq->saidx, sizeof(newacq->saidx));
-- newacq->seq = (acq_seq == ~0 ? 1 : ++acq_seq);
-+ newacq->seq = (vnet->acq_seq == ~0 ? 1 : ++vnet->acq_seq);
- microtime(&tv);
- newacq->created = tv.tv_sec;
- newacq->count = 0;
-@@ -6001,12 +6130,15 @@
- }
-
- static struct secacq *
--key_getacq(saidx)
-+key_getacq(saidx, vnet)
- struct secasindex *saidx;
-+ struct vnet *vnet;
- {
- struct secacq *acq;
-
-- LIST_FOREACH(acq, &acqtree, chain) {
-+ if (vnet == NULL)
-+ panic("key_getacq: NULL vnet was passed.");
-+ LIST_FOREACH(acq, &vnet->acqtree, chain) {
- if (key_cmpsaidx(saidx, &acq->saidx, CMP_EXACTLY))
- return acq;
- }
-@@ -6015,12 +6147,15 @@
- }
-
- static struct secacq *
--key_getacqbyseq(seq)
-+key_getacqbyseq(seq, vnet)
- u_int32_t seq;
-+ struct vnet *vnet;
- {
- struct secacq *acq;
-
-- LIST_FOREACH(acq, &acqtree, chain) {
-+ if (vnet == NULL)
-+ panic("key_getacqbyseq: NULL vnet was passed.");
-+ LIST_FOREACH(acq, &vnet->acqtree, chain) {
- if (acq->seq == seq)
- return acq;
- }
-@@ -6054,12 +6189,15 @@
- }
-
- static struct secspacq *
--key_getspacq(spidx)
-+key_getspacq(spidx, vnet)
- struct secpolicyindex *spidx;
-+ struct vnet *vnet;
- {
- struct secspacq *acq;
-
-- LIST_FOREACH(acq, &spacqtree, chain) {
-+ if (vnet == NULL)
-+ panic("key_getspacq: NULL vnet was passed.");
-+ LIST_FOREACH(acq, &vnet->spacqtree, chain) {
- if (key_cmpspidx_exactly(spidx, &acq->spidx))
- return acq;
- }
-@@ -6092,10 +6230,14 @@
- struct secashead *sah;
- u_int16_t proto;
- int error;
-+ struct vnet *vnet;
-
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("key_acquire2: NULL pointer is passed.\n");
-+ vnet = so->so_vnet;
-+ if (vnet == NULL)
-+ panic("key_acquire2: NULL vnet pointer is passed.\n");
-
- /*
- * Error message from KMd.
-@@ -6115,7 +6257,7 @@
- return 0;
- }
-
-- if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) == NULL) {
-+ if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq, vnet)) == NULL) {
- /*
- * the specified larval SA is already gone, or we got
- * a bogus sequence number. we can silently ignore it.
-@@ -6165,7 +6307,7 @@
- KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
-
- /* get a SA index */
-- LIST_FOREACH(sah, &sahtree, chain) {
-+ LIST_FOREACH(sah, &vnet->sahtree, chain) {
- if (sah->state == SADB_SASTATE_DEAD)
- continue;
- if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID))
-@@ -6176,14 +6318,14 @@
- return key_senderror(so, m, EEXIST);
- }
-
-- error = key_acquire(&saidx, NULL);
-+ error = key_acquire(&saidx, NULL, vnet);
- if (error != 0) {
- ipseclog((LOG_DEBUG, "key_acquire2: error %d returned "
- "from key_acquire.\n", mhp->msg->sadb_msg_errno));
- return key_senderror(so, m, error);
- }
-
-- return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED);
-+ return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED, vnet);
- }
-
- /*
-@@ -6206,13 +6348,17 @@
- const struct sadb_msghdr *mhp;
- {
- struct secreg *reg, *newreg = 0;
-+ struct vnet *vnet;
-
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("key_register: NULL pointer is passed.\n");
-+ vnet = so->so_vnet;
-+ if (vnet == NULL)
-+ panic("key_register: NULL vnet is passed.\n");
-
- /* check for invalid register message */
-- if (mhp->msg->sadb_msg_satype >= sizeof(regtree)/sizeof(regtree[0]))
-+ if (mhp->msg->sadb_msg_satype >= sizeof(vnet->regtree)/sizeof(vnet->regtree[0]))
- return key_senderror(so, m, EINVAL);
-
- /* When SATYPE_UNSPEC is specified, only return sabd_supported. */
-@@ -6220,7 +6366,7 @@
- goto setmsg;
-
- /* check whether existing or not */
-- LIST_FOREACH(reg, ®tree[mhp->msg->sadb_msg_satype], chain) {
-+ LIST_FOREACH(reg, &vnet->regtree[mhp->msg->sadb_msg_satype], chain) {
- if (reg->so == so) {
- ipseclog((LOG_DEBUG, "key_register: socket exists already.\n"));
- return key_senderror(so, m, EEXIST);
-@@ -6239,7 +6385,8 @@
- ((struct keycb *)sotorawcb(so))->kp_registered++;
-
- /* add regnode to regtree. */
-- LIST_INSERT_HEAD(®tree[mhp->msg->sadb_msg_satype], newreg, chain);
-+ LIST_INSERT_HEAD(&vnet->regtree[mhp->msg->sadb_msg_satype],
-+ newreg, chain);
-
- setmsg:
- {
-@@ -6355,7 +6502,7 @@
- #endif
-
- m_freem(m);
-- return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED);
-+ return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED, vnet);
- }
- }
-
-@@ -6369,10 +6516,14 @@
- {
- struct secreg *reg;
- int i;
-+ struct vnet *vnet;
-
- /* sanity check */
- if (so == NULL)
- panic("key_freereg: NULL pointer is passed.\n");
-+ vnet = so->so_vnet;
-+ if (vnet == NULL)
-+ panic("key_freereg: NULL vnet pointer is passed.\n");
-
- /*
- * check whether existing or not.
-@@ -6380,7 +6531,7 @@
- * one socket is registered to multiple type of SA.
- */
- for (i = 0; i <= SADB_SATYPE_MAX; i++) {
-- LIST_FOREACH(reg, ®tree[i], chain) {
-+ LIST_FOREACH(reg, &vnet->regtree[i], chain) {
- if (reg->so == so
- && __LIST_CHAINED(reg)) {
- LIST_REMOVE(reg, chain);
-@@ -6404,8 +6555,9 @@
- * others : error number
- */
- static int
--key_expire(sav)
-+key_expire(sav, vnet)
- struct secasvar *sav;
-+ struct vnet *vnet;
- {
- int s;
- int satype;
-@@ -6414,6 +6566,8 @@
- int error = -1;
- struct sadb_lifetime *lt;
-
-+ if (vnet == NULL)
-+ panic("key_expire: NULL vnet was passed.");
- /* XXX: Why do we lock ? */
- s = splnet(); /*called from softclock()*/
-
-@@ -6513,7 +6667,7 @@
- PFKEY_UNIT64(result->m_pkthdr.len);
-
- splx(s);
-- return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
-+ return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED, vnet);
-
- fail:
- if (result)
-@@ -6546,10 +6700,14 @@
- u_int16_t proto;
- u_int8_t state;
- u_int stateidx;
-+ struct vnet *vnet;
-
- /* sanity check */
- if (so == NULL || mhp == NULL || mhp->msg == NULL)
- panic("key_flush: NULL pointer is passed.\n");
-+ vnet = so->so_vnet;
-+ if (vnet == NULL)
-+ panic("key_flush: NULL vnet pointer is passed.\n");
-
- /* map satype to proto */
- if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
-@@ -6558,7 +6716,7 @@
- }
-
- /* no SATYPE specified, i.e. flushing all SA. */
-- for (sah = LIST_FIRST(&sahtree);
-+ for (sah = LIST_FIRST(&vnet->sahtree);
- sah != NULL;
- sah = nextsah) {
- nextsah = LIST_NEXT(sah, chain);
-@@ -6599,7 +6757,7 @@
- newmsg->sadb_msg_errno = 0;
- newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
-
-- return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
-+ return key_sendup_mbuf(so, m, KEY_SENDUP_ALL, vnet);
- }
-
- /*
-@@ -6629,10 +6787,12 @@
- int cnt;
- struct sadb_msg *newmsg;
- struct mbuf *n;
-+ struct vnet *vnet;
-
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("key_dump: NULL pointer is passed.\n");
-+ vnet = so->so_vnet;
-
- /* map satype to proto */
- if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
-@@ -6642,7 +6802,7 @@
-
- /* count sav entries to be sent to the userland. */
- cnt = 0;
-- LIST_FOREACH(sah, &sahtree, chain) {
-+ LIST_FOREACH(sah, &vnet->sahtree, chain) {
- if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
- && proto != sah->saidx.proto)
- continue;
-@@ -6662,7 +6822,7 @@
-
- /* send this to the userland, one at a time. */
- newmsg = NULL;
-- LIST_FOREACH(sah, &sahtree, chain) {
-+ LIST_FOREACH(sah, &vnet->sahtree, chain) {
- if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
- && proto != sah->saidx.proto)
- continue;
-@@ -6683,7 +6843,7 @@
- if (!n)
- return key_senderror(so, m, ENOBUFS);
-
-- key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
-+ key_sendup_mbuf(so, n, KEY_SENDUP_ONE, vnet);
- }
- }
- }
-@@ -6704,10 +6864,14 @@
- const struct sadb_msghdr *mhp;
- {
- int olen;
-+ struct vnet *vnet;
-
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("key_promisc: NULL pointer is passed.\n");
-+ vnet = so->so_vnet;
-+ if (vnet == NULL);
-+ panic("key_promisc: NULL vnet pointer is passed.\n");
-
- olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
-
-@@ -6736,14 +6900,14 @@
-
- /* send the original message back to everyone */
- mhp->msg->sadb_msg_errno = 0;
-- return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
-+ return key_sendup_mbuf(so, m, KEY_SENDUP_ALL, vnet);
- } else {
- /* send packet as is */
-
- m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg)));
-
- /* TODO: if sadb_msg_seq is specified, send to specific pid */
-- return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
-+ return key_sendup_mbuf(so, m, KEY_SENDUP_ALL, vnet);
- }
- }
-
-@@ -6790,6 +6954,7 @@
- struct mbuf *m;
- struct socket *so;
- {
-+ struct vnet *vnet;
- struct sadb_msg *msg;
- struct sadb_msghdr mh;
- u_int orglen;
-@@ -6799,6 +6964,9 @@
- /* sanity check */
- if (m == NULL || so == NULL)
- panic("key_parse: NULL pointer is passed.\n");
-+ vnet = so->so_vnet;
-+ if (vnet == NULL)
-+ panic("key_parse: NULL vnet is passed.\n");
-
- #if 0 /*kdebug_sadb assumes msg in linear buffer*/
- KEYDEBUG(KEYDEBUG_KEY_DUMP,
-@@ -6818,7 +6986,7 @@
- if ((m->m_flags & M_PKTHDR) == 0 ||
- m->m_pkthdr.len != m->m_pkthdr.len) {
- ipseclog((LOG_DEBUG, "key_parse: invalid message length.\n"));
-- pfkeystat.out_invlen++;
-+ vnet->pfkeystat.out_invlen++;
- error = EINVAL;
- goto senderror;
- }
-@@ -6827,7 +6995,7 @@
- ipseclog((LOG_DEBUG,
- "key_parse: PF_KEY version %u is mismatched.\n",
- msg->sadb_msg_version));
-- pfkeystat.out_invver++;
-+ vnet->pfkeystat.out_invver++;
- error = EINVAL;
- goto senderror;
- }
-@@ -6835,7 +7003,7 @@
- if (msg->sadb_msg_type > SADB_MAX) {
- ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
- msg->sadb_msg_type));
-- pfkeystat.out_invmsgtype++;
-+ vnet->pfkeystat.out_invmsgtype++;
- error = EINVAL;
- goto senderror;
- }
-@@ -6868,7 +7036,7 @@
- }
-
- /* align the mbuf chain so that extensions are in contiguous region. */
-- error = key_align(m, &mh);
-+ error = key_align(m, &mh, vnet);
- if (error)
- return error;
-
-@@ -6892,7 +7060,7 @@
- case SADB_EXPIRE:
- ipseclog((LOG_DEBUG, "key_parse: must specify satype "
- "when msg type=%u.\n", msg->sadb_msg_type));
-- pfkeystat.out_invsatype++;
-+ vnet->pfkeystat.out_invsatype++;
- error = EINVAL;
- goto senderror;
- }
-@@ -6911,7 +7079,7 @@
- case SADB_X_SPDDELETE2:
- ipseclog((LOG_DEBUG, "key_parse: illegal satype=%u\n",
- msg->sadb_msg_type));
-- pfkeystat.out_invsatype++;
-+ vnet->pfkeystat.out_invsatype++;
- error = EINVAL;
- goto senderror;
- }
-@@ -6922,7 +7090,7 @@
- case SADB_SATYPE_MIP:
- ipseclog((LOG_DEBUG, "key_parse: type %u isn't supported.\n",
- msg->sadb_msg_satype));
-- pfkeystat.out_invsatype++;
-+ vnet->pfkeystat.out_invsatype++;
- error = EOPNOTSUPP;
- goto senderror;
- case 1: /* XXX: What does it do? */
-@@ -6932,7 +7100,7 @@
- default:
- ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
- msg->sadb_msg_satype));
-- pfkeystat.out_invsatype++;
-+ vnet->pfkeystat.out_invsatype++;
- error = EINVAL;
- goto senderror;
- }
-@@ -6949,7 +7117,7 @@
- /* check upper layer protocol */
- if (src0->sadb_address_proto != dst0->sadb_address_proto) {
- ipseclog((LOG_DEBUG, "key_parse: upper layer protocol mismatched.\n"));
-- pfkeystat.out_invaddr++;
-+ vnet->pfkeystat.out_invaddr++;
- error = EINVAL;
- goto senderror;
- }
-@@ -6958,7 +7126,7 @@
- if (PFKEY_ADDR_SADDR(src0)->sa_family !=
- PFKEY_ADDR_SADDR(dst0)->sa_family) {
- ipseclog((LOG_DEBUG, "key_parse: address family mismatched.\n"));
-- pfkeystat.out_invaddr++;
-+ vnet->pfkeystat.out_invaddr++;
- error = EINVAL;
- goto senderror;
- }
-@@ -6966,7 +7134,7 @@
- PFKEY_ADDR_SADDR(dst0)->sa_len) {
- ipseclog((LOG_DEBUG,
- "key_parse: address struct size mismatched.\n"));
-- pfkeystat.out_invaddr++;
-+ vnet->pfkeystat.out_invaddr++;
- error = EINVAL;
- goto senderror;
- }
-@@ -6975,7 +7143,7 @@
- case AF_INET:
- if (PFKEY_ADDR_SADDR(src0)->sa_len !=
- sizeof(struct sockaddr_in)) {
-- pfkeystat.out_invaddr++;
-+ vnet->pfkeystat.out_invaddr++;
- error = EINVAL;
- goto senderror;
- }
-@@ -6983,7 +7151,7 @@
- case AF_INET6:
- if (PFKEY_ADDR_SADDR(src0)->sa_len !=
- sizeof(struct sockaddr_in6)) {
-- pfkeystat.out_invaddr++;
-+ vnet->pfkeystat.out_invaddr++;
- error = EINVAL;
- goto senderror;
- }
-@@ -6991,7 +7159,7 @@
- default:
- ipseclog((LOG_DEBUG,
- "key_parse: unsupported address family.\n"));
-- pfkeystat.out_invaddr++;
-+ vnet->pfkeystat.out_invaddr++;
- error = EAFNOSUPPORT;
- goto senderror;
- }
-@@ -7013,7 +7181,7 @@
- dst0->sadb_address_prefixlen > plen) {
- ipseclog((LOG_DEBUG,
- "key_parse: illegal prefixlen.\n"));
-- pfkeystat.out_invaddr++;
-+ vnet->pfkeystat.out_invaddr++;
- error = EINVAL;
- goto senderror;
- }
-@@ -7026,7 +7194,7 @@
-
- if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) ||
- key_typesw[msg->sadb_msg_type] == NULL) {
-- pfkeystat.out_invmsgtype++;
-+ vnet->pfkeystat.out_invmsgtype++;
- error = EINVAL;
- goto senderror;
- }
-@@ -7035,7 +7203,7 @@
-
- senderror:
- msg->sadb_msg_errno = error;
-- return key_sendup_mbuf(so, m, target);
-+ return key_sendup_mbuf(so, m, target, vnet);
- }
-
- static int
-@@ -7044,14 +7212,18 @@
- struct mbuf *m;
- int code;
- {
-+ struct vnet *vnet;
- struct sadb_msg *msg;
-
-+ if (so == NULL || so->so_vnet == NULL)
-+ panic("key_senderror: cannot find vnet");
-+ vnet = so->so_vnet;
- if (m->m_len < sizeof(struct sadb_msg))
- panic("invalid mbuf passed to key_senderror");
-
- msg = mtod(m, struct sadb_msg *);
- msg->sadb_msg_errno = code;
-- return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
-+ return key_sendup_mbuf(so, m, KEY_SENDUP_ONE, vnet);
- }
-
- /*
-@@ -7060,9 +7232,10 @@
- * XXX larger-than-MCLBYTES extension?
- */
- static int
--key_align(m, mhp)
-+key_align(m, mhp, vnet)
- struct mbuf *m;
- struct sadb_msghdr *mhp;
-+ struct vnet *vnet;
- {
- struct mbuf *n;
- struct sadb_ext *ext;
-@@ -7075,6 +7248,8 @@
- panic("key_align: NULL pointer is passed.\n");
- if (m->m_len < sizeof(struct sadb_msg))
- panic("invalid mbuf passed to key_align");
-+ if (vnet == NULL)
-+ panic("key_align: NULL vnet is passed.\n");
-
- /* initialize */
- bzero(mhp, sizeof(*mhp));
-@@ -7122,7 +7297,7 @@
- "key_align: duplicate ext_type %u "
- "is passed.\n", ext->sadb_ext_type));
- m_freem(m);
-- pfkeystat.out_dupext++;
-+ vnet->pfkeystat.out_dupext++;
- return EINVAL;
- }
- break;
-@@ -7131,7 +7306,7 @@
- "key_align: invalid ext_type %u is passed.\n",
- ext->sadb_ext_type));
- m_freem(m);
-- pfkeystat.out_invexttype++;
-+ vnet->pfkeystat.out_invexttype++;
- return EINVAL;
- }
-
-@@ -7139,7 +7314,7 @@
-
- if (key_validate_ext(ext, extlen)) {
- m_freem(m);
-- pfkeystat.out_invlen++;
-+ vnet->pfkeystat.out_invlen++;
- return EINVAL;
- }
-
-@@ -7157,7 +7332,7 @@
-
- if (off != end) {
- m_freem(m);
-- pfkeystat.out_invlen++;
-+ vnet->pfkeystat.out_invlen++;
- return EINVAL;
- }
-
-@@ -7224,49 +7399,97 @@
- }
-
- void
--key_init()
-+key_init(vnet)
-+ struct vnet *vnet;
- {
- int i;
-
-- bzero((caddr_t)&key_cb, sizeof(key_cb));
-+ if (vnet == NULL)
-+ panic("key_init: NULL vnet was passed.");
-+ bzero((caddr_t)&vnet->key_cb, sizeof(vnet->key_cb));
-
- for (i = 0; i < IPSEC_DIR_MAX; i++) {
-- LIST_INIT(&sptree[i]);
-+ LIST_INIT(&vnet->sptree[i]);
- }
-
-- LIST_INIT(&sahtree);
-+ LIST_INIT(&vnet->sahtree);
-
- for (i = 0; i <= SADB_SATYPE_MAX; i++) {
-- LIST_INIT(®tree[i]);
-+ LIST_INIT(&vnet->regtree[i]);
- }
-
- #ifndef IPSEC_NONBLOCK_ACQUIRE
-- LIST_INIT(&acqtree);
-+ LIST_INIT(&vnet->acqtree);
- #endif
-- LIST_INIT(&spacqtree);
-+ LIST_INIT(&vnet->spacqtree);
-
- /* system default */
- #ifdef INET
-- ip4_def_policy.policy = IPSEC_POLICY_NONE;
-- ip4_def_policy.refcnt++; /*never reclaim this*/
-+ vnet->ip4_def_policy.policy = IPSEC_POLICY_NONE;
-+ vnet->ip4_def_policy.refcnt++; /*never reclaim this*/
- #endif
- #ifdef INET6
-- ip6_def_policy.policy = IPSEC_POLICY_NONE;
-- ip6_def_policy.refcnt++; /*never reclaim this*/
-+ vnet->ip6_def_policy.policy = IPSEC_POLICY_NONE;
-+ vnet->ip6_def_policy.refcnt++; /*never reclaim this*/
- #endif
-
--#ifndef IPSEC_DEBUG2
-- timeout((void *)key_timehandler, (void *)0, hz);
--#endif /*IPSEC_DEBUG2*/
--
- /* initialize key statistics */
-- keystat.getspi_count = 1;
-+ vnet->keystat.getspi_count = 1;
-
-- printf("IPsec: Initialized Security Association Processing.\n");
-+ /* initalize vnet variables (normally static) */
-+ /* from netkey/key.c */
-+ vnet->key_spi_trycnt = 1000;
-+ vnet->key_spi_minval = 0x100;
-+ vnet->key_spi_maxval = 0x0fffffff; /* XXX */
-+ vnet->policy_id = 0;
-+ vnet->key_int_random = 60; /*interval to initialize randseed,1(m)*/
-+ vnet->key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/
-+ vnet->key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/
-+ vnet->key_blockacq_lifetime = 20;/* lifetime f/ blocking SADB_ACQUIRE.*/
-+ vnet->key_preferred_oldsa = 1; /* preferred old sa rather than new sa.*/
-+ vnet->acq_seq = 0;
-+ vnet->key_tick_init_random = 0;
-+
-+ /* from netinet6/ipsec.c */
-+ vnet->ip4_ah_cleartos = 1;
-+ vnet->ip4_ah_offsetmask = 0; /* maybe IP_DF? */
-+ vnet->ip4_ipsec_dfbit = 0;/* DF bit on encap. 0: clear 1: set 2: copy */
-+ vnet->ip4_esp_trans_deflev = IPSEC_LEVEL_USE;
-+ vnet->ip4_esp_net_deflev = IPSEC_LEVEL_USE;
-+ vnet->ip4_ah_trans_deflev = IPSEC_LEVEL_USE;
-+ vnet->ip4_ah_net_deflev = IPSEC_LEVEL_USE;
-+ vnet->ip4_ipsec_ecn = 0; /* ECN ignore(-1)/forbidden(0)/allowed(1) */
-+ vnet->ip4_esp_randpad = -1;
-+#ifdef INET6
-+ /* what about ipsec6stat? */
-+ vnet->ip6_esp_trans_deflev = IPSEC_LEVEL_USE;
-+ vnet->ip6_esp_net_deflev = IPSEC_LEVEL_USE;
-+ vnet->ip6_ah_trans_deflev = IPSEC_LEVEL_USE;
-+ vnet->ip6_ah_net_deflev = IPSEC_LEVEL_USE;
-+ vnet->ip6_ipsec_ecn = 0; /* ECN ignore(-1)/forbidden(0)/allowed(1) */
-+ vnet->ip6_esp_randpad = -1;
-+#endif
-+
-+/* net.inet6.ipsec6 */
-+
-+#ifndef IPSEC_DEBUG2
-+ if (vnet == vnet0) /* one timehandler iterates for all vnets */
-+ timeout((void *)key_timehandler, (void *)0, hz);
-+#endif /*IPSEC_DEBUG2*/
-+
-+ if (vnet == vnet0)
-+ printf("IPsec: Initialized Security Association Processing.\n");
-
- return;
- }
-
-+void
-+key_destroy(vnet)
-+struct vnet *vnet;
-+{
-+ /* XXX do nothing */
-+}
-+
- /*
- * XXX: maybe This function is called after INBOUND IPsec processing.
- *
-@@ -7406,13 +7629,16 @@
-
- /* dumb version */
- void
--key_sa_routechange(dst)
-+key_sa_routechange(dst, vnet)
- struct sockaddr *dst;
-+ struct vnet *vnet;
- {
- struct secashead *sah;
- struct route *ro;
-
-- LIST_FOREACH(sah, &sahtree, chain) {
-+ if (vnet == NULL)
-+ panic("key_sa_routechange: NULL vnet was passed.");
-+ LIST_FOREACH(sah, &vnet->sahtree, chain) {
- ro = &sah->sa_route;
- if (ro->ro_rt && dst->sa_len == ro->ro_dst.sa_len
- && bcmp(dst, &ro->ro_dst, dst->sa_len) == 0) {
-diff -urN sys/netkey/key.h sys.CORE/netkey/key.h
---- sys/netkey/key.h Wed Jan 31 15:57:05 2007
-+++ sys.CORE/netkey/key.h Wed Jan 31 16:02:43 2007
-@@ -35,7 +35,7 @@
-
- #ifdef _KERNEL
-
--extern struct key_cb key_cb;
-+/*extern struct key_cb key_cb;*/
-
- struct secpolicy;
- struct secpolicyindex;
-@@ -46,14 +46,15 @@
- struct sadb_msg;
- struct sadb_x_policy;
-
--extern struct secpolicy *key_allocsp __P((struct secpolicyindex *, u_int));
-+extern struct secpolicy *key_allocsp __P((struct secpolicyindex *, u_int,
-+ struct vnet*));
- extern struct secpolicy *key_gettunnel __P((struct sockaddr *,
-- struct sockaddr *, struct sockaddr *, struct sockaddr *));
-+ struct sockaddr *, struct sockaddr *, struct sockaddr *, struct vnet*));
- extern int key_checkrequest
- __P((struct ipsecrequest *isr, struct secasindex *,
- struct vnet *));
- extern struct secasvar *key_allocsa __P((u_int, caddr_t, caddr_t,
-- u_int, u_int32_t));
-+ u_int, u_int32_t, struct vnet *));
- extern void key_freesp __P((struct secpolicy *));
- extern void key_freeso __P((struct socket *));
- extern void key_freesav __P((struct secasvar *));
-@@ -68,11 +69,12 @@
- extern void key_randomfill __P((void *, size_t));
- extern void key_freereg __P((struct socket *));
- extern int key_parse __P((struct mbuf *, struct socket *));
--extern void key_init __P((void));
-+extern void key_init __P((struct vnet *));
-+extern void key_destroy __P((struct vnet *));
- extern int key_checktunnelsanity __P((struct secasvar *, u_int,
- caddr_t, caddr_t));
- extern void key_sa_recordxfer __P((struct secasvar *, struct mbuf *));
--extern void key_sa_routechange __P((struct sockaddr *));
-+extern void key_sa_routechange __P((struct sockaddr *, struct vnet *));
- extern void key_sa_stir_iv __P((struct secasvar *));
-
- #ifdef MALLOC_DECLARE
-diff -urN sys/netkey/keysock.c sys.CORE/netkey/keysock.c
---- sys/netkey/keysock.c Wed Jan 31 15:57:05 2007
-+++ sys.CORE/netkey/keysock.c Wed Jan 31 16:02:43 2007
-@@ -65,9 +65,7 @@
- struct sockaddr key_dst = { 2, PF_KEY, };
- struct sockaddr key_src = { 2, PF_KEY, };
-
--static int key_sendup0 __P((struct rawcb *, struct mbuf *, int));
--
--struct pfkeystat pfkeystat;
-+static int key_sendup0 __P((struct rawcb *, struct mbuf *, int, struct vnet*));
-
- /*
- * key_output()
-@@ -86,27 +84,31 @@
- int s;
- struct socket *so;
- va_list ap;
-+ struct vnet *vnet;
-
- va_start(ap, m);
- so = va_arg(ap, struct socket *);
-+ vnet = va_arg(ap, struct vnet *);
- va_end(ap);
-
- if (m == 0)
- panic("key_output: NULL pointer was passed.\n");
-+ if (vnet == NULL)
-+ panic("key_output: NULL vnet was passed.\n");
-
-- pfkeystat.out_total++;
-- pfkeystat.out_bytes += m->m_pkthdr.len;
-+ vnet->pfkeystat.out_total++;
-+ vnet->pfkeystat.out_bytes += m->m_pkthdr.len;
-
- len = m->m_pkthdr.len;
- if (len < sizeof(struct sadb_msg)) {
-- pfkeystat.out_tooshort++;
-+ vnet->pfkeystat.out_tooshort++;
- error = EINVAL;
- goto end;
- }
-
- if (m->m_len < sizeof(struct sadb_msg)) {
- if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) {
-- pfkeystat.out_nomem++;
-+ vnet->pfkeystat.out_nomem++;
- error = ENOBUFS;
- goto end;
- }
-@@ -118,9 +120,9 @@
- KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m));
-
- msg = mtod(m, struct sadb_msg *);
-- pfkeystat.out_msgtype[msg->sadb_msg_type]++;
-+ vnet->pfkeystat.out_msgtype[msg->sadb_msg_type]++;
- if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) {
-- pfkeystat.out_invlen++;
-+ vnet->pfkeystat.out_invlen++;
- error = EINVAL;
- goto end;
- }
-@@ -140,13 +142,17 @@
- * send message to the socket.
- */
- static int
--key_sendup0(rp, m, promisc)
-+key_sendup0(rp, m, promisc, vnet)
- struct rawcb *rp;
- struct mbuf *m;
- int promisc;
-+ struct vnet *vnet;
- {
- int error;
-
-+ if (vnet == NULL)
-+ panic("key_sendup0: NULL vnet was passed.\n");
-+
- if (promisc) {
- struct sadb_msg *pmsg;
-
-@@ -154,7 +160,7 @@
- if (m && m->m_len < sizeof(struct sadb_msg))
- m = m_pullup(m, sizeof(struct sadb_msg));
- if (!m) {
-- pfkeystat.in_nomem++;
-+ vnet->pfkeystat.in_nomem++;
- m_freem(m);
- return ENOBUFS;
- }
-@@ -167,12 +173,12 @@
- pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
- /* pid and seq? */
-
-- pfkeystat.in_msgtype[pmsg->sadb_msg_type]++;
-+ vnet->pfkeystat.in_msgtype[pmsg->sadb_msg_type]++;
- }
-
- if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src,
- m, NULL)) {
-- pfkeystat.in_nomem++;
-+ vnet->pfkeystat.in_nomem++;
- m_freem(m);
- error = ENOBUFS;
- } else
-@@ -196,6 +202,8 @@
- /* sanity check */
- if (so == 0 || msg == 0)
- panic("key_sendup: NULL pointer was passed.\n");
-+ if (vnet == NULL)
-+ panic("key_sendup: NULL vnet was passed.\n");
-
- KEYDEBUG(KEYDEBUG_KEY_DUMP,
- printf("key_sendup: \n");
-@@ -205,9 +213,9 @@
- * we increment statistics here, just in case we have ENOBUFS
- * in this function.
- */
-- pfkeystat.in_total++;
-- pfkeystat.in_bytes += len;
-- pfkeystat.in_msgtype[msg->sadb_msg_type]++;
-+ vnet->pfkeystat.in_total++;
-+ vnet->pfkeystat.in_bytes += len;
-+ vnet->pfkeystat.in_msgtype[msg->sadb_msg_type]++;
-
- /*
- * Get mbuf chain whenever possible (not clusters),
-@@ -229,7 +237,7 @@
- n->m_len = MLEN;
- }
- if (!n) {
-- pfkeystat.in_nomem++;
-+ vnet->pfkeystat.in_nomem++;
- return ENOBUFS;
- }
- if (tlen >= MCLBYTES) { /*XXX better threshold? */
-@@ -237,7 +245,7 @@
- if ((n->m_flags & M_EXT) == 0) {
- m_free(n);
- m_freem(m);
-- pfkeystat.in_nomem++;
-+ vnet->pfkeystat.in_nomem++;
- return ENOBUFS;
- }
- n->m_len = MCLBYTES;
-@@ -260,9 +268,9 @@
- m_copyback(m, 0, len, (caddr_t)msg);
-
- /* avoid duplicated statistics */
-- pfkeystat.in_total--;
-- pfkeystat.in_bytes -= len;
-- pfkeystat.in_msgtype[msg->sadb_msg_type]--;
-+ vnet->pfkeystat.in_total--;
-+ vnet->pfkeystat.in_bytes -= len;
-+ vnet->pfkeystat.in_msgtype[msg->sadb_msg_type]--;
-
- return key_sendup_mbuf(so, m, target, vnet);
- }
-@@ -285,14 +293,16 @@
- panic("key_sendup_mbuf: NULL pointer was passed.\n");
- if (so == NULL && target == KEY_SENDUP_ONE)
- panic("key_sendup_mbuf: NULL pointer was passed.\n");
-+ if (vnet == NULL)
-+ panic("key_sendup_mbuf: NULL vnet pointer was passed.\n");
-
-- pfkeystat.in_total++;
-- pfkeystat.in_bytes += m->m_pkthdr.len;
-+ vnet->pfkeystat.in_total++;
-+ vnet->pfkeystat.in_bytes += m->m_pkthdr.len;
- if (m->m_len < sizeof(struct sadb_msg)) {
- #if 1
- m = m_pullup(m, sizeof(struct sadb_msg));
- if (m == NULL) {
-- pfkeystat.in_nomem++;
-+ vnet->pfkeystat.in_nomem++;
- return ENOBUFS;
- }
- #else
-@@ -302,7 +312,7 @@
- if (m->m_len >= sizeof(struct sadb_msg)) {
- struct sadb_msg *msg;
- msg = mtod(m, struct sadb_msg *);
-- pfkeystat.in_msgtype[msg->sadb_msg_type]++;
-+ vnet->pfkeystat.in_msgtype[msg->sadb_msg_type]++;
- }
-
- LIST_FOREACH(rp, &vnet->rawcb_list, list)
-@@ -323,7 +333,7 @@
- */
- if (((struct keycb *)rp)->kp_promisc) {
- if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) {
-- (void)key_sendup0(rp, n, 1);
-+ (void)key_sendup0(rp, n, 1, vnet);
- n = NULL;
- }
- }
-@@ -347,18 +357,18 @@
- sendup++;
- break;
- }
-- pfkeystat.in_msgtarget[target]++;
-+ vnet->pfkeystat.in_msgtarget[target]++;
-
- if (!sendup)
- continue;
-
- if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) {
- m_freem(m);
-- pfkeystat.in_nomem++;
-+ vnet->pfkeystat.in_nomem++;
- return ENOBUFS;
- }
-
-- if ((error = key_sendup0(rp, n, 0)) != 0) {
-+ if ((error = key_sendup0(rp, n, 0, vnet)) != 0) {
- m_freem(m);
- return error;
- }
-@@ -367,7 +377,7 @@
- }
-
- if (so) {
-- error = key_sendup0(sotorawcb(so), m, 0);
-+ error = key_sendup0(sotorawcb(so), m, 0, vnet);
- m = NULL;
- } else {
- error = 0;
-@@ -397,9 +407,12 @@
- static int
- key_attach(struct socket *so, int proto, struct proc *p)
- {
-+ struct vnet *vnet = so->so_vnet;
- struct keycb *kp;
- int s, error;
-
-+ if (vnet == NULL)
-+ panic("key_attach: NULL vnet was passed.\n");
- if (sotorawcb(so) != 0)
- return EISCONN; /* XXX panic? */
- kp = (struct keycb *)malloc(sizeof *kp, M_PCB, M_WAITOK); /* XXX */
-@@ -428,8 +441,8 @@
- kp->kp_promisc = kp->kp_registered = 0;
-
- if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */
-- key_cb.key_count++;
-- key_cb.any_count++;
-+ vnet->key_cb.key_count++;
-+ vnet->key_cb.any_count++;
- kp->kp_raw.rcb_laddr = &key_src;
- kp->kp_raw.rcb_faddr = &key_dst;
- soisconnected(so);
-@@ -474,15 +487,18 @@
- static int
- key_detach(struct socket *so)
- {
-+ struct vnet *vnet = so->so_vnet;
- struct keycb *kp = (struct keycb *)sotorawcb(so);
- int s, error;
-
-+ if (vnet == NULL)
-+ panic("key_detach: NULL vnet from sock.");
- s = splnet();
- if (kp != 0) {
- if (kp->kp_raw.rcb_proto.sp_protocol
- == PF_KEY) /* XXX: AF_KEY */
-- key_cb.key_count--;
-- key_cb.any_count--;
-+ vnet->key_cb.key_count--;
-+ vnet->key_cb.any_count--;
-
- key_freereg(so);
- }
-@@ -585,13 +601,13 @@
- { SOCK_RAW, &keydomain, PF_KEY_V2, PR_ATOMIC|PR_ADDR,
- 0, key_output, raw_ctlinput, 0,
- 0,
-- raw_init, 0, 0, 0,
-+ raw_init, raw_destroy, 0, 0, 0,
- &key_usrreqs
- }
- };
-
- struct domain keydomain =
-- { PF_KEY, "key", key_init, 0, 0,
-+ { PF_KEY, "key", key_init, key_destroy, 0, 0,
- keysw, &keysw[sizeof(keysw)/sizeof(keysw[0])] };
-
- DOMAIN_SET(key);
-diff -urN sys/netkey/keysock.h sys.CORE/netkey/keysock.h
---- sys/netkey/keysock.h Wed Jan 31 15:57:05 2007
-+++ sys.CORE/netkey/keysock.h Wed Jan 31 16:02:43 2007
-@@ -69,8 +69,6 @@
- int kp_registered; /* registered socket */
- };
-
--extern struct pfkeystat pfkeystat;
--
- extern int key_output __P((struct mbuf *, ...));
- extern int key_usrreq __P((struct socket *,
- int, struct mbuf *, struct mbuf *, struct mbuf *));
diff --git a/kernel/freebsd/README.txt b/kernel/freebsd/README.txt
deleted file mode 100644
index f58d7f7b..00000000
--- a/kernel/freebsd/README.txt
+++ /dev/null
@@ -1,24 +0,0 @@
-CORE kernel patches
-
-For information on the kernel modules ng_pipe and ng_wlan, see the README files in their respective directories. You should run the make && make install from
-the module directories for CORE to work properly.
-
-FreeBSD 8.x requires the small patches to allow per-node directories.
-
-The FreeBSD 7.x version of CORE does not require the patch included here.
-Instead you should download the latest vimage_7 kernel from:
- http://imunes.net/virtnet/
-
-The FreeBSD 4.11 version of CORE requires the included patch to work. See the
-CORE manual for patching details.
-
-ng_pipe module you should install with FreeBSD 4.11 or 7.x
-ng_wlan module you should install with FreeBSD 4.11 or 7.x
-4.11-R-CORE.diff patch you should use with FreeBSD 4.11
-freebsd7-config-CORE config that you may use with vimage_7 kernels
-freebsd7-config-COREDEBUG debugging config for use with vimage_7 kernels
-vimage_7-CORE.diff patch to add multicast routing to vimage_7_20081015
-imunes-8.0-RELEASE.diff per-node directories, persistent hub/switch, and
- traffic snopping for wireshark for FreeBSD 8.0
-symlinks-8.1-RELEASE.diff per-node directories for FreeBSD 8.1
-
diff --git a/kernel/freebsd/freebsd7-config-CORE b/kernel/freebsd/freebsd7-config-CORE
deleted file mode 100644
index 6601c866..00000000
--- a/kernel/freebsd/freebsd7-config-CORE
+++ /dev/null
@@ -1,20 +0,0 @@
-#
-# VIMAGE - sample kernel configuration file with a virtualized network stack
-# configure.
-#
-# $FreeBSD$
-#
-include GENERIC
-ident CORE
-
-options IPSEC
-device crypto
-options VIMAGE
-options IPFIREWALL
-options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default
-
-#
-# Some kernel subsystems and functions don't yet compile with VIMAGE. Remove
-# from the configuration for now.
-#
-nooptions SCTP
diff --git a/kernel/freebsd/freebsd7-config-COREDEBUG b/kernel/freebsd/freebsd7-config-COREDEBUG
deleted file mode 100644
index b5314659..00000000
--- a/kernel/freebsd/freebsd7-config-COREDEBUG
+++ /dev/null
@@ -1,22 +0,0 @@
-#
-# VIMAGE - sample kernel configuration file with a virtualized network stack
-# configure.
-#
-# $FreeBSD$
-#
-include GENERIC
-ident COREDEBUG
-
-device crypto
-options IPSEC
-options VIMAGE
-options DDB
-options GDB
-options KDB
-options KDB_TRACE
-
-#
-# Some kernel subsystems and functions don't yet compile with VIMAGE. Remove
-# from the configuration for now.
-#
-nooptions SCTP
diff --git a/kernel/freebsd/freebsd8-config-CORE b/kernel/freebsd/freebsd8-config-CORE
deleted file mode 100644
index 06d4d606..00000000
--- a/kernel/freebsd/freebsd8-config-CORE
+++ /dev/null
@@ -1,11 +0,0 @@
-# this is the FreeBSD 8.x kernel configuration file for CORE
-include GENERIC
-ident CORE
-
-options VIMAGE
-nooptions SCTP
-options IPSEC
-device crypto
-
-options IPFIREWALL
-options IPFIREWALL_DEFAULT_TO_ACCEPT
diff --git a/kernel/freebsd/imunes-8.0-RELEASE.diff b/kernel/freebsd/imunes-8.0-RELEASE.diff
deleted file mode 100644
index 0492751b..00000000
--- a/kernel/freebsd/imunes-8.0-RELEASE.diff
+++ /dev/null
@@ -1,372 +0,0 @@
-# This patch is from http://imunes.net/imunes-8.0-RC3.diff
-#
-# This patch enables per-node directories, persistent hub/switch nodes, traffic
-# snooping for wireshark, and disallows vlan interfaces within a jail.
-diff -drup src-org/sys/kern/vfs_lookup.c src/sys/kern/vfs_lookup.c
---- src-org/sys/kern/vfs_lookup.c 2009-10-25 01:10:29.000000000 +0000
-+++ src/sys/kern/vfs_lookup.c 2009-11-11 12:46:02.000000000 +0000
-@@ -59,6 +59,8 @@ __FBSDID("$FreeBSD: src/sys/kern/vfs_loo
- #include
- #endif
-
-+#include
-+
- #include
- #include
-
-@@ -72,6 +74,19 @@ SDT_PROBE_DEFINE3(vfs, namei, lookup, en
- "unsigned long");
- SDT_PROBE_DEFINE2(vfs, namei, lookup, return, "int", "struct vnode *");
-
-+#ifdef VIMAGE
-+#define IMUNES_SYMLINK_HACK
-+#endif
-+
-+#ifdef IMUNES_SYMLINK_HACK
-+static VNET_DEFINE(int, morphing_symlinks);
-+#define V_morphing_symlinks VNET(morphing_symlinks)
-+
-+SYSCTL_VNET_INT(_vfs, OID_AUTO, morphing_symlinks, CTLFLAG_RW,
-+ &VNET_NAME(morphing_symlinks), 0,
-+ "Resolve @ to vimage name in symlinks");
-+#endif
-+
- /*
- * Allocation zone for namei
- */
-@@ -333,6 +348,44 @@ namei(struct nameidata *ndp)
- error = ENOENT;
- break;
- }
-+#ifdef IMUNES_SYMLINK_HACK
-+ /*
-+ * If the symbolic link includes a special character '@',
-+ * and V_morphing_symlinks is set, substitute the first
-+ * occurence of '@' with full path to jail / vimage name.
-+ * If the full path includes subhierarchies, s/./\// when
-+ * expanding '@' to jail / vimage name.
-+ *
-+ * XXX revisit buffer length checking.
-+ */
-+ CURVNET_SET_QUIET(TD_TO_VNET(curthread));
-+ if (V_morphing_symlinks) {
-+ char *sp = strchr(cp, '@');
-+
-+ if (sp) {
-+ char *vname = td->td_ucred->cr_prison->pr_name;
-+ int vnamelen = strlen(vname);
-+ int i;
-+
-+ if (vnamelen >= auio.uio_resid) {
-+ if (ndp->ni_pathlen > 1)
-+ uma_zfree(namei_zone, cp);
-+ error = ENAMETOOLONG;
-+ CURVNET_RESTORE();
-+ break;
-+ }
-+ bcopy(sp + 1, sp + vnamelen,
-+ linklen - (sp - cp));
-+ bcopy(td->td_ucred->cr_prison->pr_name,
-+ sp, vnamelen);
-+ linklen += (vnamelen - 1);
-+ for (i = 0; i < vnamelen; i++)
-+ if (sp[i] == '.')
-+ sp[i] = '/';
-+ }
-+ }
-+ CURVNET_RESTORE();
-+#endif
- if (linklen + ndp->ni_pathlen >= MAXPATHLEN) {
- if (ndp->ni_pathlen > 1)
- uma_zfree(namei_zone, cp);
-diff -drup src-org/sys/net/bpf.c src/sys/net/bpf.c
---- src-org/sys/net/bpf.c 2009-10-25 01:10:29.000000000 +0000
-+++ src/sys/net/bpf.c 2009-11-11 12:46:02.000000000 +0000
-@@ -44,6 +44,7 @@ __FBSDID("$FreeBSD: src/sys/net/bpf.c,v
- #include
- #include
- #include
-+#include
- #include
- #include
- #include
-@@ -1435,9 +1436,34 @@ bpf_setif(struct bpf_d *d, struct ifreq
- struct bpf_if *bp;
- struct ifnet *theywant;
-
-+#define XVNET_BPF_SNOOPING
-+#if defined(VIMAGE) && defined(XVNET_BPF_SNOOPING)
-+ struct vnet *target_vnet = curvnet;
-+ char *c;
-+
-+ /* Attempt to attach to an ifnet in a foreign vnet, specified as @ */
-+ c = rindex(ifr->ifr_name, '@');
-+ if ( c != NULL ) {
-+ struct prison *target_pr;
-+
-+ *c++ = 0;
-+ if (!isascii(*c) && !isdigit(*c))
-+ return ENXIO;
-+ target_pr = prison_find_name(curthread->td_ucred->cr_prison, c);
-+ if (target_pr == NULL)
-+ return ENXIO;
-+ target_vnet = target_pr->pr_vnet;
-+ }
-+ CURVNET_SET_QUIET(target_vnet);
-+#endif
-+
- theywant = ifunit(ifr->ifr_name);
-- if (theywant == NULL || theywant->if_bpf == NULL)
-+ if (theywant == NULL || theywant->if_bpf == NULL) {
-+#if defined(VIMAGE) && defined(XVNET_BPF_SNOOPING)
-+ CURVNET_RESTORE();
-+#endif
- return (ENXIO);
-+ }
-
- bp = theywant->if_bpf;
-
-@@ -1477,6 +1503,9 @@ bpf_setif(struct bpf_d *d, struct ifreq
- BPFD_LOCK(d);
- reset_d(d);
- BPFD_UNLOCK(d);
-+#if defined(VIMAGE) && defined(XVNET_BPF_SNOOPING)
-+ CURVNET_RESTORE();
-+#endif
- return (0);
- }
-
-diff -drup src-org/sys/net/if.c src/sys/net/if.c
---- src-org/sys/net/if.c 2009-10-25 01:10:29.000000000 +0000
-+++ src/sys/net/if.c 2009-11-11 12:46:02.000000000 +0000
-@@ -813,6 +813,14 @@ if_detach_internal(struct ifnet *ifp, in
- struct ifnet *iter;
- int found = 0;
-
-+ /*
-+ * Detach from any vlan, bridge or lagg ifnets linked to us.
-+ * A small though unlikely window for a race from here to ifp
-+ * unlinking from ifnet list is possible, hence we repeat the
-+ * procedure once again further bellow. XXX.
-+ */
-+ EVENTHANDLER_INVOKE(ifnet_departure_event, ifp);
-+
- IFNET_WLOCK();
- TAILQ_FOREACH(iter, &V_ifnet, if_link)
- if (iter == ifp) {
-diff -drup src-org/sys/net/if_llatbl.c src/sys/net/if_llatbl.c
---- src-org/sys/net/if_llatbl.c 2009-10-25 01:10:29.000000000 +0000
-+++ src/sys/net/if_llatbl.c 2009-11-11 12:53:49.000000000 +0000
-@@ -57,11 +57,14 @@ __FBSDID("$FreeBSD: src/sys/net/if_llatb
-
- MALLOC_DEFINE(M_LLTABLE, "lltable", "link level address tables");
-
--static SLIST_HEAD(, lltable) lltables = SLIST_HEAD_INITIALIZER(lltables);
-+static VNET_DEFINE(SLIST_HEAD(, lltable), lltables);
-+#define V_lltables VNET(lltables)
-
- extern void arprequest(struct ifnet *, struct in_addr *, struct in_addr *,
- u_char *);
-
-+static void vnet_lltable_init(void);
-+
- struct rwlock lltable_rwlock;
- RW_SYSINIT(lltable_rwlock, &lltable_rwlock, "lltable_rwlock");
-
-@@ -75,7 +78,7 @@ lltable_sysctl_dumparp(int af, struct sy
- int error = 0;
-
- LLTABLE_RLOCK();
-- SLIST_FOREACH(llt, &lltables, llt_link) {
-+ SLIST_FOREACH(llt, &V_lltables, llt_link) {
- if (llt->llt_af == af) {
- error = llt->llt_dump(llt, wr);
- if (error != 0)
-@@ -157,7 +160,7 @@ lltable_free(struct lltable *llt)
- KASSERT(llt != NULL, ("%s: llt is NULL", __func__));
-
- LLTABLE_WLOCK();
-- SLIST_REMOVE(&lltables, llt, lltable, llt_link);
-+ SLIST_REMOVE(&V_lltables, llt, lltable, llt_link);
- LLTABLE_WUNLOCK();
-
- for (i=0; i < LLTBL_HASHTBL_SIZE; i++) {
-@@ -180,7 +183,7 @@ lltable_drain(int af)
- register int i;
-
- LLTABLE_RLOCK();
-- SLIST_FOREACH(llt, &lltables, llt_link) {
-+ SLIST_FOREACH(llt, &V_lltables, llt_link) {
- if (llt->llt_af != af)
- continue;
-
-@@ -202,7 +205,7 @@ lltable_prefix_free(int af, struct socka
- struct lltable *llt;
-
- LLTABLE_RLOCK();
-- SLIST_FOREACH(llt, &lltables, llt_link) {
-+ SLIST_FOREACH(llt, &V_lltables, llt_link) {
- if (llt->llt_af != af)
- continue;
-
-@@ -232,7 +235,7 @@ lltable_init(struct ifnet *ifp, int af)
- LIST_INIT(&llt->lle_head[i]);
-
- LLTABLE_WLOCK();
-- SLIST_INSERT_HEAD(&lltables, llt, llt_link);
-+ SLIST_INSERT_HEAD(&V_lltables, llt, llt_link);
- LLTABLE_WUNLOCK();
-
- return (llt);
-@@ -302,7 +305,7 @@ lla_rt_output(struct rt_msghdr *rtm, str
-
- /* XXX linked list may be too expensive */
- LLTABLE_RLOCK();
-- SLIST_FOREACH(llt, &lltables, llt_link) {
-+ SLIST_FOREACH(llt, &V_lltables, llt_link) {
- if (llt->llt_af == dst->sa_family &&
- llt->llt_ifp == ifp)
- break;
-@@ -367,3 +370,12 @@ lla_rt_output(struct rt_msghdr *rtm, str
-
- return (error);
- }
-+
-+static void
-+vnet_lltable_init()
-+{
-+
-+ SLIST_INIT(&V_lltables);
-+}
-+VNET_SYSINIT(vnet_lltable_init, SI_SUB_PSEUDO, SI_ORDER_FIRST, vnet_lltable_init, NULL);
-+
-diff -drup src-org/sys/net/if_vlan.c src/sys/net/if_vlan.c
---- src-org/sys/net/if_vlan.c 2009-10-25 01:10:29.000000000 +0000
-+++ src/sys/net/if_vlan.c 2009-11-11 12:46:02.000000000 +0000
-@@ -1359,6 +1359,12 @@ vlan_ioctl(struct ifnet *ifp, u_long cmd
- error = copyin(ifr->ifr_data, &vlr, sizeof(vlr));
- if (error)
- break;
-+#ifdef VIMAGE
-+ if (ifp->if_home_vnet != ifp->if_vnet) {
-+ error = EPERM;
-+ break;
-+ }
-+#endif
- if (vlr.vlr_parent[0] == '\0') {
- vlan_unconfig(ifp);
- break;
-@@ -1386,6 +1392,12 @@ vlan_ioctl(struct ifnet *ifp, u_long cmd
-
- case SIOCGETVLAN:
- bzero(&vlr, sizeof(vlr));
-+#ifdef VIMAGE
-+ if (ifp->if_home_vnet != ifp->if_vnet) {
-+ error = EPERM;
-+ break;
-+ }
-+#endif
- VLAN_LOCK();
- if (TRUNK(ifv) != NULL) {
- strlcpy(vlr.vlr_parent, PARENT(ifv)->if_xname,
-diff -drup src-org/sys/netgraph/ng_bridge.c src/sys/netgraph/ng_bridge.c
---- src-org/sys/netgraph/ng_bridge.c 2009-10-25 01:10:29.000000000 +0000
-+++ src/sys/netgraph/ng_bridge.c 2009-11-11 12:46:02.000000000 +0000
-@@ -105,6 +105,7 @@ struct ng_bridge_private {
- u_int numBuckets; /* num buckets in table */
- u_int hashMask; /* numBuckets - 1 */
- int numLinks; /* num connected links */
-+ int persistent; /* can exist w/o any hooks */
- struct callout timer; /* one second periodic timer */
- };
- typedef struct ng_bridge_private *priv_p;
-@@ -345,13 +346,13 @@ static int
- ng_bridge_newhook(node_p node, hook_p hook, const char *name)
- {
- const priv_p priv = NG_NODE_PRIVATE(node);
-+ int linkNum = -1;
-
- /* Check for a link hook */
- if (strncmp(name, NG_BRIDGE_HOOK_LINK_PREFIX,
- strlen(NG_BRIDGE_HOOK_LINK_PREFIX)) == 0) {
- const char *cp;
- char *eptr;
-- u_long linkNum;
-
- cp = name + strlen(NG_BRIDGE_HOOK_LINK_PREFIX);
- if (!isdigit(*cp) || (cp[0] == '0' && cp[1] != '\0'))
-@@ -359,6 +360,12 @@ ng_bridge_newhook(node_p node, hook_p ho
- linkNum = strtoul(cp, &eptr, 10);
- if (*eptr != '\0' || linkNum >= NG_BRIDGE_MAX_LINKS)
- return (EINVAL);
-+ } else if (strcmp(name, "anchor") == 0) {
-+ linkNum = 0;
-+ priv->persistent = 1;
-+ }
-+
-+ if (linkNum >= 0 ) {
- if (priv->links[linkNum] != NULL)
- return (EISCONN);
- priv->links[linkNum] = malloc(sizeof(*priv->links[linkNum]),
-@@ -366,7 +373,7 @@ ng_bridge_newhook(node_p node, hook_p ho
- if (priv->links[linkNum] == NULL)
- return (ENOMEM);
- priv->links[linkNum]->hook = hook;
-- NG_HOOK_SET_PRIVATE(hook, (void *)linkNum);
-+ NG_HOOK_SET_PRIVATE(hook, (void *)(intptr_t)linkNum);
- priv->numLinks++;
- return (0);
- }
-@@ -799,7 +806,8 @@ ng_bridge_disconnect(hook_p hook)
-
- /* If no more hooks, go away */
- if ((NG_NODE_NUMHOOKS(NG_HOOK_NODE(hook)) == 0)
-- && (NG_NODE_IS_VALID(NG_HOOK_NODE(hook)))) {
-+ && (NG_NODE_IS_VALID(NG_HOOK_NODE(hook)))
-+ && !priv->persistent) {
- ng_rmnode_self(NG_HOOK_NODE(hook));
- }
- return (0);
-diff -drup src-org/sys/netgraph/ng_hub.c src/sys/netgraph/ng_hub.c
---- src-org/sys/netgraph/ng_hub.c 2009-10-25 01:10:29.000000000 +0000
-+++ src/sys/netgraph/ng_hub.c 2009-11-11 12:46:02.000000000 +0000
-@@ -37,6 +37,7 @@
- #include
-
- static ng_constructor_t ng_hub_constructor;
-+static ng_newhook_t ng_hub_newhook;
- static ng_rcvdata_t ng_hub_rcvdata;
- static ng_disconnect_t ng_hub_disconnect;
-
-@@ -44,6 +45,7 @@ static struct ng_type ng_hub_typestruct
- .version = NG_ABI_VERSION,
- .name = NG_HUB_NODE_TYPE,
- .constructor = ng_hub_constructor,
-+ .newhook = ng_hub_newhook,
- .rcvdata = ng_hub_rcvdata,
- .disconnect = ng_hub_disconnect,
- };
-@@ -57,6 +59,14 @@ ng_hub_constructor(node_p node)
- return (0);
- }
-
-+static int
-+ng_hub_newhook(node_p node, hook_p hook, const char *name)
-+{
-+ if (strcmp(name, "anchor") == 0)
-+ node->nd_private = (void *) 1;
-+ return (0);
-+}
-+
- static int
- ng_hub_rcvdata(hook_p hook, item_p item)
- {
-@@ -94,7 +104,7 @@ ng_hub_disconnect(hook_p hook)
- {
-
- if (NG_NODE_NUMHOOKS(NG_HOOK_NODE(hook)) == 0 &&
-- NG_NODE_IS_VALID(NG_HOOK_NODE(hook)))
-+ NG_NODE_IS_VALID(NG_HOOK_NODE(hook)) && !hook->hk_node->nd_private)
- ng_rmnode_self(NG_HOOK_NODE(hook));
- return (0);
- }
diff --git a/kernel/freebsd/ng_pipe/Makefile b/kernel/freebsd/ng_pipe/Makefile
deleted file mode 100644
index 561097c3..00000000
--- a/kernel/freebsd/ng_pipe/Makefile
+++ /dev/null
@@ -1,27 +0,0 @@
-#
-# (c)2008 the Boeing Company
-#
-# modified ng_pipe node
-#
-.if !defined(PLATFORM)
-#PLATFORM=i386
-PLATFORM=amd64
-.endif
-
-CFLAGS=-DBOEING_WLAN -I/usr/src/sys/${PLATFORM}/compile/CORE
-
-KMOD= ng_pipe
-
-SRCS= ng_pipe.c
-
-#MAN= ng_pipe.4
-
-# FreeBSD 4.11 is "FreeBSD" and 7.0 is "freebsd7.0"
-#.if defined(OSTYPE)
-#.if (${OSTYPE} == "FreeBSD")
-#CFLAGS+=-DFREEBSD411
-#SRCS= ng_pipe_freebsd4.c
-#.endif
-#.endif
-
-.include
diff --git a/kernel/freebsd/ng_pipe/README b/kernel/freebsd/ng_pipe/README
deleted file mode 100644
index 43e090de..00000000
--- a/kernel/freebsd/ng_pipe/README
+++ /dev/null
@@ -1,21 +0,0 @@
-
-ng_pipe FreeBSD kernel module
-
-See the copyright statement at the top of the source file.
-Copyright (c) 2004, 2005, 2007 University of Zagreb
-Copyright (c) 2007 FreeBSD Foundation
-(c) 2008 the Boeing Company
-modifications: Jeff Ahrenholz
-
-More complete documentation is available in the ng_pipe(4) man page.
-
-This version of ng_pipe has been modified as follows:
-- added burst rate (or burstiness) which is the probability that the next packet
- will be dropped given an error with the current packet, 0 to 100
-- added jitter effect, which randomizes the delay an additional amount from
- 0 to jitter microseconds
-- ng_wlan support added, to remove and read mbuf tags containing wlan link
- effect information
-- bugfix: random number generation improved from defective modulo algorithm
-- bugfix: fixed mbuf dangling pointer reference when ng_pipe has both duplicates
- and errors configured
diff --git a/kernel/freebsd/ng_pipe/ng_pipe.c b/kernel/freebsd/ng_pipe/ng_pipe.c
deleted file mode 100644
index 3adeaff7..00000000
--- a/kernel/freebsd/ng_pipe/ng_pipe.c
+++ /dev/null
@@ -1,1170 +0,0 @@
-/*
- * Copyright (c) 2004-2008 University of Zagreb
- * Copyright (c) 2007-2008 FreeBSD Foundation
- *
- * This software was developed by the University of Zagreb and the
- * FreeBSD Foundation under sponsorship by the Stichting NLnet and the
- * FreeBSD Foundation.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * This node permits simple traffic shaping by emulating bandwidth
- * and delay, as well as random packet losses.
- * The node has two hooks, upper and lower. Traffic flowing from upper to
- * lower hook is referenced as downstream, and vice versa. Parameters for
- * both directions can be set separately, except for delay.
- */
-
-
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-
-#include
-
-#include
-
-#include
-#include
-#include
-
-#include
-#include
-#include
-
-#ifdef BOEING_WLAN
-#include "ng_pipe.h"
-#include "../ng_wlan/ng_wlan.h"
-#include "../ng_wlan/ng_wlan_tag.h"
-#else
-#include
-#endif /* BOEING_WLAN */
-
-static MALLOC_DEFINE(M_NG_PIPE, "ng_pipe", "ng_pipe");
-
-struct mtx ng_pipe_giant;
-
-/* Packet header struct */
-struct ngp_hdr {
- TAILQ_ENTRY(ngp_hdr) ngp_link; /* next pkt in queue */
- struct timeval when; /* this packet's due time */
- struct mbuf *m; /* ptr to the packet data */
-};
-TAILQ_HEAD(p_head, ngp_hdr);
-
-/* FIFO queue struct */
-struct ngp_fifo {
- TAILQ_ENTRY(ngp_fifo) fifo_le; /* list of active queues only */
- struct p_head packet_head; /* FIFO queue head */
- u_int32_t hash; /* flow signature */
- struct timeval vtime; /* virtual time, for WFQ */
- u_int32_t rr_deficit; /* for DRR */
- u_int32_t packets; /* # of packets in this queue */
-};
-
-/* Per hook info */
-struct hookinfo {
- hook_p hook;
- int noqueue; /* bypass any processing */
- TAILQ_HEAD(, ngp_fifo) fifo_head; /* FIFO queues */
- TAILQ_HEAD(, ngp_hdr) qout_head; /* delay queue head */
- LIST_ENTRY(hookinfo) active_le; /* active hooks */
- struct timeval qin_utime;
- struct ng_pipe_hookcfg cfg;
- struct ng_pipe_hookrun run;
- struct ng_pipe_hookstat stats;
- uint64_t *ber_p; /* loss_p(BER,psize) map */
-};
-
-/* Per node info */
-struct node_priv {
- u_int64_t delay;
- u_int32_t overhead;
- u_int32_t header_offset;
- struct hookinfo lower;
- struct hookinfo upper;
-};
-typedef struct node_priv *priv_p;
-
-/* Macro for calculating the virtual time for packet dequeueing in WFQ */
-#define FIFO_VTIME_SORT(plen) \
- if (hinfo->cfg.wfq && hinfo->cfg.bandwidth) { \
- ngp_f->vtime.tv_usec = now->tv_usec + ((uint64_t) (plen) \
- + priv->overhead ) * hinfo->run.fifo_queues * \
- 8000000 / hinfo->cfg.bandwidth; \
- ngp_f->vtime.tv_sec = now->tv_sec + \
- ngp_f->vtime.tv_usec / 1000000; \
- ngp_f->vtime.tv_usec = ngp_f->vtime.tv_usec % 1000000; \
- TAILQ_FOREACH(ngp_f1, &hinfo->fifo_head, fifo_le) \
- if (ngp_f1->vtime.tv_sec > ngp_f->vtime.tv_sec || \
- (ngp_f1->vtime.tv_sec == ngp_f->vtime.tv_sec && \
- ngp_f1->vtime.tv_usec > ngp_f->vtime.tv_usec)) \
- break; \
- if (ngp_f1 == NULL) \
- TAILQ_INSERT_TAIL(&hinfo->fifo_head, ngp_f, fifo_le); \
- else \
- TAILQ_INSERT_BEFORE(ngp_f1, ngp_f, fifo_le); \
- } else \
- TAILQ_INSERT_TAIL(&hinfo->fifo_head, ngp_f, fifo_le); \
-
-
-static void parse_cfg(struct ng_pipe_hookcfg *, struct ng_pipe_hookcfg *,
- struct hookinfo *, priv_p);
-static void pipe_dequeue(struct hookinfo *, struct timeval *);
-static void pipe_scheduler(void *);
-static void pipe_poll(void);
-static int ngp_modevent(module_t, int, void *);
-
-/* linked list of active "pipe" hooks */
-static LIST_HEAD(, hookinfo) active_head;
-static int active_gen_id = 0;
-
-/* timeout handle for pipe_scheduler */
-static struct callout polling_timer;
-
-/* zone for storing ngp_hdr-s */
-static uma_zone_t ngp_zone;
-
-/* Netgraph methods */
-static ng_constructor_t ngp_constructor;
-static ng_rcvmsg_t ngp_rcvmsg;
-static ng_shutdown_t ngp_shutdown;
-static ng_newhook_t ngp_newhook;
-static ng_rcvdata_t ngp_rcvdata;
-static ng_disconnect_t ngp_disconnect;
-
-/* Parse type for struct ng_pipe_hookstat */
-static const struct ng_parse_struct_field
- ng_pipe_hookstat_type_fields[] = NG_PIPE_HOOKSTAT_INFO;
-static const struct ng_parse_type ng_pipe_hookstat_type = {
- &ng_parse_struct_type,
- &ng_pipe_hookstat_type_fields
-};
-
-/* Parse type for struct ng_pipe_stats */
-static const struct ng_parse_struct_field ng_pipe_stats_type_fields[] =
- NG_PIPE_STATS_INFO(&ng_pipe_hookstat_type);
-static const struct ng_parse_type ng_pipe_stats_type = {
- &ng_parse_struct_type,
- &ng_pipe_stats_type_fields
-};
-
-/* Parse type for struct ng_pipe_hookrun */
-static const struct ng_parse_struct_field
- ng_pipe_hookrun_type_fields[] = NG_PIPE_HOOKRUN_INFO;
-static const struct ng_parse_type ng_pipe_hookrun_type = {
- &ng_parse_struct_type,
- &ng_pipe_hookrun_type_fields
-};
-
-/* Parse type for struct ng_pipe_run */
-static const struct ng_parse_struct_field
- ng_pipe_run_type_fields[] = NG_PIPE_RUN_INFO(&ng_pipe_hookrun_type);
-static const struct ng_parse_type ng_pipe_run_type = {
- &ng_parse_struct_type,
- &ng_pipe_run_type_fields
-};
-
-/* Parse type for struct ng_pipe_hookcfg */
-static const struct ng_parse_struct_field
- ng_pipe_hookcfg_type_fields[] = NG_PIPE_HOOKCFG_INFO;
-static const struct ng_parse_type ng_pipe_hookcfg_type = {
- &ng_parse_struct_type,
- &ng_pipe_hookcfg_type_fields
-};
-
-/* Parse type for struct ng_pipe_cfg */
-static const struct ng_parse_struct_field
- ng_pipe_cfg_type_fields[] = NG_PIPE_CFG_INFO(&ng_pipe_hookcfg_type);
-static const struct ng_parse_type ng_pipe_cfg_type = {
- &ng_parse_struct_type,
- &ng_pipe_cfg_type_fields
-};
-
-/* List of commands and how to convert arguments to/from ASCII */
-static const struct ng_cmdlist ngp_cmds[] = {
- {
- .cookie = NGM_PIPE_COOKIE,
- .cmd = NGM_PIPE_GET_STATS,
- .name = "getstats",
- .respType = &ng_pipe_stats_type
- },
- {
- .cookie = NGM_PIPE_COOKIE,
- .cmd = NGM_PIPE_CLR_STATS,
- .name = "clrstats"
- },
- {
- .cookie = NGM_PIPE_COOKIE,
- .cmd = NGM_PIPE_GETCLR_STATS,
- .name = "getclrstats",
- .respType = &ng_pipe_stats_type
- },
- {
- .cookie = NGM_PIPE_COOKIE,
- .cmd = NGM_PIPE_GET_RUN,
- .name = "getrun",
- .respType = &ng_pipe_run_type
- },
- {
- .cookie = NGM_PIPE_COOKIE,
- .cmd = NGM_PIPE_GET_CFG,
- .name = "getcfg",
- .respType = &ng_pipe_cfg_type
- },
- {
- .cookie = NGM_PIPE_COOKIE,
- .cmd = NGM_PIPE_SET_CFG,
- .name = "setcfg",
- .mesgType = &ng_pipe_cfg_type,
- },
- { 0 }
-};
-
-/* Netgraph type descriptor */
-static struct ng_type ng_pipe_typestruct = {
- .version = NG_ABI_VERSION,
- .name = NG_PIPE_NODE_TYPE,
- .mod_event = ngp_modevent,
- .constructor = ngp_constructor,
- .shutdown = ngp_shutdown,
- .rcvmsg = ngp_rcvmsg,
- .newhook = ngp_newhook,
- .rcvdata = ngp_rcvdata,
- .disconnect = ngp_disconnect,
- .cmdlist = ngp_cmds
-};
-NETGRAPH_INIT(pipe, &ng_pipe_typestruct);
-
-/* Node constructor */
-static int
-ngp_constructor(node_p node)
-{
- priv_p priv;
-
- MALLOC(priv, priv_p, sizeof(*priv), M_NG_PIPE, M_ZERO | M_NOWAIT);
- if (priv == NULL)
- return (ENOMEM);
- NG_NODE_SET_PRIVATE(node, priv);
-
- return (0);
-}
-
-/* Add a hook */
-static int
-ngp_newhook(node_p node, hook_p hook, const char *name)
-{
- const priv_p priv = NG_NODE_PRIVATE(node);
- struct hookinfo *hinfo;
-
- if (strcmp(name, NG_PIPE_HOOK_UPPER) == 0) {
- bzero(&priv->upper, sizeof(priv->upper));
- priv->upper.hook = hook;
- NG_HOOK_SET_PRIVATE(hook, &priv->upper);
- } else if (strcmp(name, NG_PIPE_HOOK_LOWER) == 0) {
- bzero(&priv->lower, sizeof(priv->lower));
- priv->lower.hook = hook;
- NG_HOOK_SET_PRIVATE(hook, &priv->lower);
- } else
- return (EINVAL);
-
- /* Load non-zero initial cfg values */
- hinfo = NG_HOOK_PRIVATE(hook);
- hinfo->cfg.qin_size_limit = 50;
- hinfo->cfg.fifo = 1;
- hinfo->cfg.droptail = 1;
- TAILQ_INIT(&hinfo->fifo_head);
- TAILQ_INIT(&hinfo->qout_head);
- return (0);
-}
-
-/* Receive a control message */
-static int
-ngp_rcvmsg(node_p node, item_p item, hook_p lasthook)
-{
- const priv_p priv = NG_NODE_PRIVATE(node);
- struct ng_mesg *resp = NULL;
- struct ng_mesg *msg;
- struct ng_pipe_stats *stats;
- struct ng_pipe_run *run;
- struct ng_pipe_cfg *cfg;
- int error = 0;
-
- mtx_lock(&ng_pipe_giant);
-
- NGI_GET_MSG(item, msg);
- switch (msg->header.typecookie) {
- case NGM_PIPE_COOKIE:
- switch (msg->header.cmd) {
- case NGM_PIPE_GET_STATS:
- case NGM_PIPE_CLR_STATS:
- case NGM_PIPE_GETCLR_STATS:
- if (msg->header.cmd != NGM_PIPE_CLR_STATS) {
- NG_MKRESPONSE(resp, msg,
- sizeof(*stats), M_NOWAIT);
- if (resp == NULL) {
- error = ENOMEM;
- break;
- }
- stats = (struct ng_pipe_stats *)resp->data;
- bcopy(&priv->upper.stats, &stats->downstream,
- sizeof(stats->downstream));
- bcopy(&priv->lower.stats, &stats->upstream,
- sizeof(stats->upstream));
- }
- if (msg->header.cmd != NGM_PIPE_GET_STATS) {
- bzero(&priv->upper.stats,
- sizeof(priv->upper.stats));
- bzero(&priv->lower.stats,
- sizeof(priv->lower.stats));
- }
- break;
- case NGM_PIPE_GET_RUN:
- NG_MKRESPONSE(resp, msg, sizeof(*run), M_NOWAIT);
- if (resp == NULL) {
- error = ENOMEM;
- break;
- }
- run = (struct ng_pipe_run *)resp->data;
- bcopy(&priv->upper.run, &run->downstream,
- sizeof(run->downstream));
- bcopy(&priv->lower.run, &run->upstream,
- sizeof(run->upstream));
- break;
- case NGM_PIPE_GET_CFG:
- NG_MKRESPONSE(resp, msg, sizeof(*cfg), M_NOWAIT);
- if (resp == NULL) {
- error = ENOMEM;
- break;
- }
- cfg = (struct ng_pipe_cfg *)resp->data;
- bcopy(&priv->upper.cfg, &cfg->downstream,
- sizeof(cfg->downstream));
- bcopy(&priv->lower.cfg, &cfg->upstream,
- sizeof(cfg->upstream));
- cfg->delay = priv->delay;
- cfg->overhead = priv->overhead;
- cfg->header_offset = priv->header_offset;
- if (cfg->upstream.bandwidth ==
- cfg->downstream.bandwidth) {
- cfg->bandwidth = cfg->upstream.bandwidth;
- cfg->upstream.bandwidth = 0;
- cfg->downstream.bandwidth = 0;
- } else
- cfg->bandwidth = 0;
- break;
- case NGM_PIPE_SET_CFG:
- cfg = (struct ng_pipe_cfg *)msg->data;
- if (msg->header.arglen != sizeof(*cfg)) {
- error = EINVAL;
- break;
- }
-
- if (cfg->delay == -1)
- priv->delay = 0;
- else if (cfg->delay > 0 && cfg->delay < 10000000)
- priv->delay = cfg->delay;
-
- if (cfg->bandwidth == -1) {
- priv->upper.cfg.bandwidth = 0;
- priv->lower.cfg.bandwidth = 0;
- priv->overhead = 0;
- } else if (cfg->bandwidth >= 100 &&
- cfg->bandwidth <= 1000000000) {
- priv->upper.cfg.bandwidth = cfg->bandwidth;
- priv->lower.cfg.bandwidth = cfg->bandwidth;
- if (cfg->bandwidth >= 10000000)
- priv->overhead = 8+4+12; /* Ethernet */
- else
- priv->overhead = 10; /* HDLC */
- }
-
- if (cfg->overhead == -1)
- priv->overhead = 0;
- else if (cfg->overhead > 0 && cfg->overhead < 256)
- priv->overhead = cfg->overhead;
-
- if (cfg->header_offset == -1)
- priv->header_offset = 0;
- else if (cfg->header_offset > 0 &&
- cfg->header_offset < 64)
- priv->header_offset = cfg->header_offset;
-
- parse_cfg(&priv->upper.cfg, &cfg->downstream,
- &priv->upper, priv);
- parse_cfg(&priv->lower.cfg, &cfg->upstream,
- &priv->lower, priv);
- break;
- default:
- error = EINVAL;
- break;
- }
- break;
- default:
- error = EINVAL;
- break;
- }
- NG_RESPOND_MSG(error, node, item, resp);
- NG_FREE_MSG(msg);
-
- mtx_unlock(&ng_pipe_giant);
-
- return (error);
-}
-
-static void
-parse_cfg(struct ng_pipe_hookcfg *current, struct ng_pipe_hookcfg *new,
- struct hookinfo *hinfo, priv_p priv)
-{
-
- if (new->ber == -1) {
- current->ber = 0;
- if (hinfo->ber_p) {
- FREE(hinfo->ber_p, M_NG_PIPE);
- hinfo->ber_p = NULL;
- }
- } else if (new->ber >= 1 && new->ber <= 1000000000000) {
- static const uint64_t one = 0x1000000000000; /* = 2^48 */
- uint64_t p0, p;
- uint32_t fsize, i;
-
- if (hinfo->ber_p == NULL)
- MALLOC(hinfo->ber_p, uint64_t *, \
- (MAX_FSIZE + MAX_OHSIZE)*sizeof(uint64_t), \
- M_NG_PIPE, M_NOWAIT);
- current->ber = new->ber;
-
- /*
- * For given BER and each frame size N (in bytes) calculate
- * the probability P_OK that the frame is clean:
- *
- * P_OK(BER,N) = (1 - 1/BER)^(N*8)
- *
- * We use a 64-bit fixed-point format with decimal point
- * positioned between bits 47 and 48.
- */
- p0 = one - one / new->ber;
- p = one;
- for (fsize = 0; fsize < MAX_FSIZE + MAX_OHSIZE; fsize++) {
- hinfo->ber_p[fsize] = p;
- for (i=0; i<8; i++)
- p = (p*(p0&0xffff)>>48) + \
- (p*((p0>>16)&0xffff)>>32) + \
- (p*(p0>>32)>>16);
- }
- }
-
- if (new->qin_size_limit == -1)
- current->qin_size_limit = 0;
- else if (new->qin_size_limit >= 5)
- current->qin_size_limit = new->qin_size_limit;
-
- if (new->qout_size_limit == -1)
- current->qout_size_limit = 0;
- else if (new->qout_size_limit >= 5)
- current->qout_size_limit = new->qout_size_limit;
-
- if (new->duplicate == -1)
- current->duplicate = 0;
- else if (new->duplicate > 0 && new->duplicate <= 50)
- current->duplicate = new->duplicate;
-
- if (new->fifo) {
- current->fifo = 1;
- current->wfq = 0;
- current->drr = 0;
- }
-
- if (new->wfq) {
- current->fifo = 0;
- current->wfq = 1;
- current->drr = 0;
- }
-
- if (new->drr) {
- current->fifo = 0;
- current->wfq = 0;
- /* DRR quantum */
- if (new->drr >= 32)
- current->drr = new->drr;
- else
- current->drr = 2048; /* default quantum */
- }
-
- if (new->droptail) {
- current->droptail = 1;
- current->drophead = 0;
- }
-
- if (new->drophead) {
- current->droptail = 0;
- current->drophead = 1;
- }
-
- if (new->bandwidth == -1) {
- current->bandwidth = 0;
- current->fifo = 1;
- current->wfq = 0;
- current->drr = 0;
- } else if (new->bandwidth >= 100 && new->bandwidth <= 1000000000)
- current->bandwidth = new->bandwidth;
-
- if (current->bandwidth | priv->delay |
- current->duplicate | current->ber)
- hinfo->noqueue = 0;
- else
- hinfo->noqueue = 1;
-}
-
-/*
- * Compute a hash signature for a packet. This function suffers from the
- * NIH sindrome, so probably it would be wise to look around what other
- * folks have found out to be a good and efficient IP hash function...
- */
-static int ip_hash(struct mbuf *m, int offset)
-{
- u_int64_t i;
- struct ip *ip = (struct ip *)(mtod(m, u_char *) + offset);
-
- if (m->m_len < sizeof(struct ip) + offset ||
- ip->ip_v != 4 || ip->ip_hl << 2 != sizeof(struct ip))
- return 0;
-
- i = ((u_int64_t) ip->ip_src.s_addr ^
- ((u_int64_t) ip->ip_src.s_addr << 13) ^
- ((u_int64_t) ip->ip_dst.s_addr << 7) ^
- ((u_int64_t) ip->ip_dst.s_addr << 19));
- return (i ^ (i >> 32));
-}
-
-/*
- * Receive data on a hook - both in upstream and downstream direction.
- * We put the frame on the inbound queue, and try to initiate dequeuing
- * sequence immediately. If inbound queue is full, discard one frame
- * depending on dropping policy (from the head or from the tail of the
- * queue).
- */
-static int
-ngp_rcvdata(hook_p hook, item_p item)
-{
- struct hookinfo *const hinfo = NG_HOOK_PRIVATE(hook);
- const priv_p priv = NG_NODE_PRIVATE(NG_HOOK_NODE(hook));
- struct timeval uuptime;
- struct timeval *now = &uuptime;
- struct ngp_fifo *ngp_f = NULL, *ngp_f1;
- struct ngp_hdr *ngp_h = NULL;
- struct mbuf *m;
- int hash;
- int error = 0;
-
- if (hinfo->noqueue) {
- struct hookinfo *dest;
- if (hinfo == &priv->lower)
- dest = &priv->upper;
- else
- dest = &priv->lower;
- NG_FWD_ITEM_HOOK(error, item, dest->hook);
- return error;
- }
-
- mtx_lock(&ng_pipe_giant);
- microuptime(now);
-
- /*
- * Attach us to the list of active ng_pipes if this was an empty
- * one before, and also update the queue service deadline time.
- */
- if (hinfo->run.qin_frames == 0) {
- struct timeval *when = &hinfo->qin_utime;
- if (when->tv_sec < now->tv_sec || (when->tv_sec == now->tv_sec
- && when->tv_usec < now->tv_usec)) {
- when->tv_sec = now->tv_sec;
- when->tv_usec = now->tv_usec;
- }
- if (hinfo->run.qout_frames == 0)
- LIST_INSERT_HEAD(&active_head, hinfo, active_le);
- }
-
- /* Populate the packet header */
- ngp_h = uma_zalloc(ngp_zone, M_NOWAIT);
- KASSERT((ngp_h != NULL), ("ngp_h zalloc failed (1)"));
- NGI_GET_M(item, m);
- KASSERT(m != NULL, ("NGI_GET_M failed"));
- ngp_h->m = m;
- NG_FREE_ITEM(item);
-
- if (hinfo->cfg.fifo)
- hash = 0; /* all packets go into a single FIFO queue */
- else
- hash = ip_hash(m, priv->header_offset);
-
- /* Find the appropriate FIFO queue for the packet and enqueue it*/
- TAILQ_FOREACH(ngp_f, &hinfo->fifo_head, fifo_le)
- if (hash == ngp_f->hash)
- break;
- if (ngp_f == NULL) {
- ngp_f = uma_zalloc(ngp_zone, M_NOWAIT);
- KASSERT(ngp_h != NULL, ("ngp_h zalloc failed (2)"));
- TAILQ_INIT(&ngp_f->packet_head);
- ngp_f->hash = hash;
- ngp_f->packets = 1;
- ngp_f->rr_deficit = hinfo->cfg.drr; /* DRR quantum */
- hinfo->run.fifo_queues++;
- TAILQ_INSERT_TAIL(&ngp_f->packet_head, ngp_h, ngp_link);
- FIFO_VTIME_SORT(m->m_pkthdr.len);
- } else {
- TAILQ_INSERT_TAIL(&ngp_f->packet_head, ngp_h, ngp_link);
- ngp_f->packets++;
- }
- hinfo->run.qin_frames++;
- hinfo->run.qin_octets += m->m_pkthdr.len;
-
- /* Discard a frame if inbound queue limit has been reached */
- if (hinfo->run.qin_frames > hinfo->cfg.qin_size_limit) {
- struct mbuf *m1;
- int longest = 0;
-
- /* Find the longest queue */
- TAILQ_FOREACH(ngp_f1, &hinfo->fifo_head, fifo_le)
- if (ngp_f1->packets > longest) {
- longest = ngp_f1->packets;
- ngp_f = ngp_f1;
- }
-
- /* Drop a frame from the queue head/tail, depending on cfg */
- if (hinfo->cfg.drophead)
- ngp_h = TAILQ_FIRST(&ngp_f->packet_head);
- else
- ngp_h = TAILQ_LAST(&ngp_f->packet_head, p_head);
- TAILQ_REMOVE(&ngp_f->packet_head, ngp_h, ngp_link);
- m1 = ngp_h->m;
- uma_zfree(ngp_zone, ngp_h);
- hinfo->run.qin_octets -= m1->m_pkthdr.len;
- hinfo->stats.in_disc_octets += m1->m_pkthdr.len;
- m_freem(m1);
- if (--(ngp_f->packets) == 0) {
- TAILQ_REMOVE(&hinfo->fifo_head, ngp_f, fifo_le);
- uma_zfree(ngp_zone, ngp_f);
- hinfo->run.fifo_queues--;
- }
- hinfo->run.qin_frames--;
- hinfo->stats.in_disc_frames++;
- } else if (hinfo->run.qin_frames > hinfo->cfg.qin_size_limit) {
- struct mbuf *m1;
- int longest = 0;
-
- /* Find the longest queue */
- TAILQ_FOREACH(ngp_f1, &hinfo->fifo_head, fifo_le)
- if (ngp_f1->packets > longest) {
- longest = ngp_f1->packets;
- ngp_f = ngp_f1;
- }
-
- /* Drop a frame from the queue head/tail, depending on cfg */
- if (hinfo->cfg.drophead)
- ngp_h = TAILQ_FIRST(&ngp_f->packet_head);
- else
- ngp_h = TAILQ_LAST(&ngp_f->packet_head, p_head);
- TAILQ_REMOVE(&ngp_f->packet_head, ngp_h, ngp_link);
- m1 = ngp_h->m;
- uma_zfree(ngp_zone, ngp_h);
- hinfo->run.qin_octets -= m1->m_pkthdr.len;
- hinfo->stats.in_disc_octets += m1->m_pkthdr.len;
- m_freem(m1);
- if (--(ngp_f->packets) == 0) {
- TAILQ_REMOVE(&hinfo->fifo_head, ngp_f, fifo_le);
- uma_zfree(ngp_zone, ngp_f);
- hinfo->run.fifo_queues--;
- }
- hinfo->run.qin_frames--;
- hinfo->stats.in_disc_frames++;
- }
-
- /*
- * Try to start the dequeuing process immediately. We must
- * hold the ng_pipe_giant lock here and pipe_dequeue() will
- * release it
- */
- pipe_dequeue(hinfo, now);
-
- return (0);
-}
-
-#ifdef BOEING_WLAN
-/* generate a random integer between 1 and max */
-#define pipe_good_random(max) (1 + (random() % max))
-#if 0
-/* generate a good random integer between 1 and max */
-#define pipe_good_random(max) \
- (1 + (int) (max * (random() / (__ULONG_MAX + 1.0))))
-#endif
-#endif
-
-/*
- * Dequeueing sequence - we basically do the following:
- * 1) Try to extract the frame from the inbound (bandwidth) queue;
- * 2) In accordance to BER specified, discard the frame randomly;
- * 3) If the frame survives BER, prepend it with delay info and move it
- * to outbound (delay) queue;
- * 4) Loop to 2) until bandwidth quota for this timeslice is reached, or
- * inbound queue is flushed completely;
- * 5) Extract the first frame from the outbound queue, if it's time has
- * come. Queue the frame for transmission on the outbound hook;
- * 6) Loop to 5) until outbound queue is flushed completely, or the next
- * frame in the queue is not scheduled to be dequeued yet;
- * 7) Transimit all frames queued in 5)
- *
- * Note: the caller must hold the ng_pipe_giant lock; this function
- * returns with the lock released.
- */
-static void
-pipe_dequeue(struct hookinfo *hinfo, struct timeval *now) {
- static uint64_t rand, oldrand;
- const priv_p priv = NG_NODE_PRIVATE(NG_HOOK_NODE(hinfo->hook));
- struct hookinfo *dest;
- struct ngp_fifo *ngp_f, *ngp_f1;
- struct ngp_hdr *ngp_h;
- struct timeval *when;
- struct mbuf *q_head = NULL;
- struct mbuf *q_tail = NULL;
- struct mbuf *m;
- int error = 0;
-#ifdef BOEING_WLAN
- struct ngp_hdr *ngp_h1 = NULL;
- struct m_tag *tag = NULL;
- struct ng_wlan_tag wtag;
- static int was_lost = 0;
-#endif /* BOEING_WLAN */
-
- /* Which one is the destination hook? */
- if (hinfo == &priv->lower)
- dest = &priv->upper;
- else
- dest = &priv->lower;
-
- /* Bandwidth queue processing */
- while ((ngp_f = TAILQ_FIRST(&hinfo->fifo_head))) {
- when = &hinfo->qin_utime;
- if (when->tv_sec > now->tv_sec || (when->tv_sec == now->tv_sec
- && when->tv_usec > now->tv_usec))
- break;
-
- ngp_h = TAILQ_FIRST(&ngp_f->packet_head);
- m = ngp_h->m;
-
-#ifdef BOEING_WLAN
- /* Check the first mbuf tag for WLAN data, and remove it */
- tag = m_tag_first(m);
- if (tag && (tag->m_tag_cookie == NGM_WLAN_COOKIE) &&
- (tag->m_tag_id == NG_TAG_WLAN)) {
- WLAN_TAG_COPY( (&wtag), tag)
- /* enforce maximum parameters */
- if (wtag.delay > NG_WLAN_MAX_DELAY)
- wtag.delay = NG_WLAN_MAX_DELAY;
- if (wtag.duplicate > NG_WLAN_MAX_DUP)
- wtag.duplicate = NG_WLAN_MAX_DUP;
- if (wtag.jitter > NG_WLAN_MAX_JITTER)
- wtag.jitter = NG_WLAN_MAX_JITTER;
- m_tag_delete(m, tag);
- } else {
- WLAN_TAG_ZERO( (&wtag) );
- }
-#endif /* BOEING_WLAN */
- /* Deficit Round Robin (DRR) processing */
- if (hinfo->cfg.drr) {
- if (ngp_f->rr_deficit >= m->m_pkthdr.len) {
- ngp_f->rr_deficit -= m->m_pkthdr.len;
- } else {
- ngp_f->rr_deficit += hinfo->cfg.drr;
- TAILQ_REMOVE(&hinfo->fifo_head, ngp_f, fifo_le);
- TAILQ_INSERT_TAIL(&hinfo->fifo_head,
- ngp_f, fifo_le);
- continue;
- }
- }
-
- /*
- * Either create a duplicate and pass it on, or dequeue
- * the original packet...
- */
-#ifdef BOEING_WLAN
- if (wtag.duplicate &&
- pipe_good_random(100) <= wtag.duplicate) {
- ngp_h = uma_zalloc(ngp_zone, M_NOWAIT);
- KASSERT(ngp_h != NULL, ("ngp_h zalloc failed (3)"));
- ngp_h->m = m_dup(m, M_NOWAIT);
- KASSERT(ngp_h->m != NULL, ("m_dup failed"));
- m = ngp_h->m; /* Boeing: we are now working with copied
- mbuf, leaving original in the queue */
- } else
-#endif /* BOEING_WLAN */
- if (hinfo->cfg.duplicate &&
- pipe_good_random(100) <= hinfo->cfg.duplicate) {/*Boeing*/
- /* random() % 100 <= hinfo->cfg.duplicate) { */
- ngp_h = uma_zalloc(ngp_zone, M_NOWAIT);
- KASSERT(ngp_h != NULL, ("ngp_h zalloc failed (3)"));
- ngp_h->m = m_dup(m, M_NOWAIT);
- KASSERT(ngp_h->m != NULL, ("m_dup failed"));
- m = ngp_h->m; /* Boeing: we are now working with copied
- mbuf, leaving original in the queue */
- } else {
- TAILQ_REMOVE(&ngp_f->packet_head, ngp_h, ngp_link);
- hinfo->run.qin_frames--;
- hinfo->run.qin_octets -= m->m_pkthdr.len;
- ngp_f->packets--;
- }
- /* Boeing: now we have valid ngp_h and m pointers */
-
- /* Calculate the serialization delay */
-#ifdef BOEING_WLAN
- if (wtag.bandwidth) {
- hinfo->qin_utime.tv_usec += ((uint64_t) m->m_pkthdr.len
- + priv->overhead ) *
- 8000000 / wtag.bandwidth;
- hinfo->qin_utime.tv_sec +=
- hinfo->qin_utime.tv_usec / 1000000;
- hinfo->qin_utime.tv_usec =
- hinfo->qin_utime.tv_usec % 1000000;
- } else
-#endif /* BOEING_WLAN */
- if (hinfo->cfg.bandwidth) {
- hinfo->qin_utime.tv_usec += ((uint64_t) m->m_pkthdr.len
- + priv->overhead ) *
- 8000000 / hinfo->cfg.bandwidth;
- hinfo->qin_utime.tv_sec +=
- hinfo->qin_utime.tv_usec / 1000000;
- hinfo->qin_utime.tv_usec =
- hinfo->qin_utime.tv_usec % 1000000;
- }
- when = &ngp_h->when;
- when->tv_sec = hinfo->qin_utime.tv_sec;
- when->tv_usec = hinfo->qin_utime.tv_usec;
-
- /* Sort / rearrange inbound queues */
- if (ngp_f->packets) {
- if (hinfo->cfg.wfq) {
- TAILQ_REMOVE(&hinfo->fifo_head, ngp_f, fifo_le);
- FIFO_VTIME_SORT(TAILQ_FIRST(
- &ngp_f->packet_head)->m->m_pkthdr.len)
- }
- } else {
- TAILQ_REMOVE(&hinfo->fifo_head, ngp_f, fifo_le);
- uma_zfree(ngp_zone, ngp_f);
- hinfo->run.fifo_queues--;
- }
-
- /* Randomly discard the frame, according to BER setting */
-#ifdef BOEING_WLAN
- /* use specified Packet Error Rate setting for random discard */
- if (wtag.per) {
- u_int16_t burst, test;
- burst = wtag.burst;
- if (burst < wtag.per) burst = wtag.per;
- if (was_lost) {
- test = burst;
- } else if ((wtag.per >= 100) || (burst >= 100)) {
- test = 100;
- } else {
- test = wtag.per*(100-burst)/(100-wtag.per);
- }
- if (pipe_good_random(100) <= test) {
- was_lost = 1;
- hinfo->stats.out_disc_frames++;
- hinfo->stats.out_disc_octets += m->m_pkthdr.len;
- uma_zfree(ngp_zone, ngp_h);
- m_freem(m);
- continue;
- }
- was_lost = 0;
- } else
-#endif /* BOEING_WLAN */
- if (hinfo->cfg.ber &&
- ((oldrand = rand) ^ (rand = random())<<17) >=
- hinfo->ber_p[priv->overhead + m->m_pkthdr.len] ) {
- hinfo->stats.out_disc_frames++;
- hinfo->stats.out_disc_octets += m->m_pkthdr.len;
- uma_zfree(ngp_zone, ngp_h);
- m_freem(m);
- continue;
- }
-
- /* Discard frame if outbound queue size limit exceeded */
- if (hinfo->cfg.qout_size_limit &&
- hinfo->run.qout_frames>=hinfo->cfg.qout_size_limit) {
- hinfo->stats.out_disc_frames++;
- hinfo->stats.out_disc_octets += m->m_pkthdr.len;
- uma_zfree(ngp_zone, ngp_h);
- m_freem(m);
- continue;
- }
-
-#ifdef BOEING_WLAN
- /* Calculate the propagation delay including jitter */
- if (wtag.jitter) {
- when->tv_usec += pipe_good_random(wtag.jitter);
- /* overflow handled below... */
- }
- when->tv_usec += wtag.delay ? wtag.delay : priv->delay;
-#else
- /* Calculate the propagation delay */
- when->tv_usec += priv->delay;
-#endif /* BOEING_WLAN */
- when->tv_sec += when->tv_usec / 1000000;
- when->tv_usec = when->tv_usec % 1000000;
-
- /* Put the frame into the delay queue */
-#ifdef BOEING_WLAN
- /* Because WLAN packets may have varying dequeue times, we need to
- * perform sorted queueing; the dequeuing process expects packets in
- * the queue that are sorted by time.
- */
- TAILQ_FOREACH(ngp_h1, &hinfo->qout_head, ngp_link) {
- if (ngp_h1->when.tv_sec > ngp_h->when.tv_sec ||
- (ngp_h1->when.tv_sec == ngp_h->when.tv_sec &&
- ngp_h1->when.tv_usec > ngp_h->when.tv_usec))
- break;
- }
- if (ngp_h1 == NULL)
- TAILQ_INSERT_TAIL(&hinfo->qout_head, ngp_h, ngp_link);
- else
- TAILQ_INSERT_BEFORE(ngp_h1, ngp_h, ngp_link);
- /* The original code below just inserts the packet at the
- * tail of the queue because the delay time is constant. */
-#else /* BOEING_WLAN */
- TAILQ_INSERT_TAIL(&hinfo->qout_head, ngp_h, ngp_link);
-#endif /* BOEING_WLAN */
- hinfo->run.qout_frames++;
- hinfo->run.qout_octets += m->m_pkthdr.len;
- }
-
- /* Delay queue processing */
- while ((ngp_h = TAILQ_FIRST(&hinfo->qout_head))) {
- struct mbuf *m = ngp_h->m;
-
-/* BOEING_WLAN: this is why we have sorted the queue input */
- when = &ngp_h->when;
- if (when->tv_sec > now->tv_sec ||
- (when->tv_sec == now->tv_sec &&
- when->tv_usec > now->tv_usec))
- break;
-
- /* Update outbound queue stats */
- hinfo->stats.fwd_frames++;
- hinfo->stats.fwd_octets += m->m_pkthdr.len;
- hinfo->run.qout_frames--;
- hinfo->run.qout_octets -= m->m_pkthdr.len;
-
- /* Dequeue the packet from qout */
- TAILQ_REMOVE(&hinfo->qout_head, ngp_h, ngp_link);
- uma_zfree(ngp_zone, ngp_h);
-
- /* Enqueue locally for sending downstream */
- if (q_head == NULL)
- q_head = m;
- if (q_tail)
- q_tail->m_nextpkt = m;
- q_tail = m;
- m->m_nextpkt = NULL;
- }
-
- /* If both queues are empty detach us from the list of active queues */
- if (hinfo->run.qin_frames + hinfo->run.qout_frames == 0) {
- LIST_REMOVE(hinfo, active_le);
- active_gen_id++;
- }
-
- mtx_unlock(&ng_pipe_giant);
-
- while ((m = q_head) != NULL) {
- q_head = m->m_nextpkt;
- m->m_nextpkt = NULL;
- NG_SEND_DATA(error, dest->hook, m, meta);
- }
-}
-
-
-/*
- * This routine is called on every clock tick. We poll all nodes/hooks
- * for queued frames by calling pipe_dequeue().
- */
-static void
-pipe_scheduler(void *arg)
-{
- pipe_poll();
-
- /* Reschedule */
- callout_reset(&polling_timer, 1, &pipe_scheduler, NULL);
-}
-
-
-/*
- * Traverse the list of all active hooks and attempt to dequeue
- * some packets. Hooks with empty queues are not traversed since
- * they are not linked into this list.
- */
-static void
-pipe_poll(void)
-{
- struct hookinfo *hinfo;
- struct timeval now;
- int old_gen_id = active_gen_id;
-
- mtx_lock(&ng_pipe_giant);
- microuptime(&now);
- LIST_FOREACH(hinfo, &active_head, active_le) {
- CURVNET_SET(NG_HOOK_NODE(hinfo->hook)->nd_vnet);
- pipe_dequeue(hinfo, &now);
- CURVNET_RESTORE();
- mtx_lock(&ng_pipe_giant);
- if (old_gen_id != active_gen_id) {
- /* the list was updated; restart traversing */
- hinfo = LIST_FIRST(&active_head);
- if (hinfo == NULL)
- break;
- old_gen_id = active_gen_id;
- continue;
- }
- }
- mtx_unlock(&ng_pipe_giant);
-}
-
-
-/*
- * Shutdown processing
- *
- * This is tricky. If we have both a lower and upper hook, then we
- * probably want to extricate ourselves and leave the two peers
- * still linked to each other. Otherwise we should just shut down as
- * a normal node would.
- */
-static int
-ngp_shutdown(node_p node)
-{
- const priv_p priv = NG_NODE_PRIVATE(node);
-
- if (priv->lower.hook && priv->upper.hook)
- ng_bypass(priv->lower.hook, priv->upper.hook);
- else {
- if (priv->upper.hook != NULL)
- ng_rmhook_self(priv->upper.hook);
- if (priv->lower.hook != NULL)
- ng_rmhook_self(priv->lower.hook);
- }
- NG_NODE_UNREF(node);
- FREE(priv, M_NG_PIPE);
- return (0);
-}
-
-
-/*
- * Hook disconnection
- */
-static int
-ngp_disconnect(hook_p hook)
-{
- struct hookinfo *const hinfo = NG_HOOK_PRIVATE(hook);
- struct ngp_fifo *ngp_f;
- struct ngp_hdr *ngp_h;
- int removed = 0;
-
- mtx_lock(&ng_pipe_giant);
-
- KASSERT(hinfo != NULL, ("%s: null info", __FUNCTION__));
- hinfo->hook = NULL;
-
- /* Flush all fifo queues associated with the hook */
- while ((ngp_f = TAILQ_FIRST(&hinfo->fifo_head))) {
- while ((ngp_h = TAILQ_FIRST(&ngp_f->packet_head))) {
- TAILQ_REMOVE(&ngp_f->packet_head, ngp_h, ngp_link);
- m_freem(ngp_h->m);
- uma_zfree(ngp_zone, ngp_h);
- removed++;
- }
- TAILQ_REMOVE(&hinfo->fifo_head, ngp_f, fifo_le);
- uma_zfree(ngp_zone, ngp_f);
- }
-
- /* Flush the delay queue */
- while ((ngp_h = TAILQ_FIRST(&hinfo->qout_head))) {
- TAILQ_REMOVE(&hinfo->qout_head, ngp_h, ngp_link);
- m_freem(ngp_h->m);
- uma_zfree(ngp_zone, ngp_h);
- removed++;
- }
-
- /*
- * Both queues should be empty by now, so detach us from
- * the list of active queues
- */
- if (removed) {
- LIST_REMOVE(hinfo, active_le);
- active_gen_id++;
- }
- if (hinfo->run.qin_frames + hinfo->run.qout_frames != removed)
- printf("Mismatch: queued=%d but removed=%d !?!",
- hinfo->run.qin_frames + hinfo->run.qout_frames, removed);
-
- /* Release the packet loss probability table (BER) */
- if (hinfo->ber_p)
- FREE(hinfo->ber_p, M_NG_PIPE);
-
- mtx_unlock(&ng_pipe_giant);
-
- return (0);
-}
-
-static int
-ngp_modevent(module_t mod, int type, void *unused)
-{
- int error = 0;
-
- switch (type) {
- case MOD_LOAD:
- ngp_zone = uma_zcreate("ng_pipe", max(sizeof(struct ngp_hdr),
- sizeof (struct ngp_fifo)), NULL, NULL, NULL, NULL,
- UMA_ALIGN_PTR, 0);
- if (ngp_zone == NULL)
- panic("ng_pipe: couldn't allocate descriptor zone");
-
- mtx_init(&ng_pipe_giant, "ng_pipe_giant", NULL, MTX_DEF);
- LIST_INIT(&active_head);
- callout_init(&polling_timer, CALLOUT_MPSAFE);
- callout_reset(&polling_timer, 1, &pipe_scheduler, NULL);
- break;
- case MOD_UNLOAD:
- callout_drain(&polling_timer);
- uma_zdestroy(ngp_zone);
- mtx_destroy(&ng_pipe_giant);
- break;
- default:
- error = EOPNOTSUPP;
- break;
- }
-
- return (error);
-}
diff --git a/kernel/freebsd/ng_pipe/ng_pipe.h b/kernel/freebsd/ng_pipe/ng_pipe.h
deleted file mode 100644
index fd5f1acf..00000000
--- a/kernel/freebsd/ng_pipe/ng_pipe.h
+++ /dev/null
@@ -1,171 +0,0 @@
-/*
- * Copyright (c) 2004, 2007 University of Zagreb
- * Copyright (c) 2007 FreeBSD Foundation
- *
- * This software was developed by the University of Zagreb and the
- * FreeBSD Foundation under sponsorship by the Stichting NLnet and the
- * FreeBSD Foundation.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef _NETGRAPH_PIPE_H_
-#define _NETGRAPH_PIPE_H_
-
-/* Node type name and magic cookie */
-#define NG_PIPE_NODE_TYPE "pipe"
-#define NGM_PIPE_COOKIE 200708191
-
-/* Hook names */
-#define NG_PIPE_HOOK_UPPER "upper"
-#define NG_PIPE_HOOK_LOWER "lower"
-
-#define MAX_FSIZE 16384 /* Largest supported frame size, in bytes, for BER */
-#define MAX_OHSIZE 256 /* Largest supported dummy-framing size, in bytes */
-
-/* Statistics structure for one hook */
-struct ng_pipe_hookstat {
- u_int64_t fwd_octets;
- u_int64_t fwd_frames;
- u_int64_t in_disc_octets;
- u_int64_t in_disc_frames;
- u_int64_t out_disc_octets;
- u_int64_t out_disc_frames;
-};
-
-/* Keep this in sync with the above structure definition */
-#define NG_PIPE_HOOKSTAT_INFO { \
- { "FwdOctets", &ng_parse_uint64_type }, \
- { "FwdFrames", &ng_parse_uint64_type }, \
- { "queueDropOctets", &ng_parse_uint64_type }, \
- { "queueDropFrames", &ng_parse_uint64_type }, \
- { "delayDropOctets", &ng_parse_uint64_type }, \
- { "delayDropFrames", &ng_parse_uint64_type }, \
- { NULL }, \
-}
-
-/* Statistics structure returned by NGM_PIPE_GET_STATS */
-struct ng_pipe_stats {
- struct ng_pipe_hookstat downstream;
- struct ng_pipe_hookstat upstream;
-};
-
-/* Keep this in sync with the above structure definition */
-#define NG_PIPE_STATS_INFO(hstype) { \
- { "downstream", (hstype) }, \
- { "upstream", (hstype) }, \
- { NULL }, \
-}
-
-/* Runtime structure for one hook */
-struct ng_pipe_hookrun {
- u_int32_t fifo_queues;
- u_int32_t qin_octets;
- u_int32_t qin_frames;
- u_int32_t qout_octets;
- u_int32_t qout_frames;
-};
-
-/* Keep this in sync with the above structure definition */
-#define NG_PIPE_HOOKRUN_INFO { \
- { "queues", &ng_parse_uint32_type }, \
- { "queuedOctets", &ng_parse_uint32_type }, \
- { "queuedFrames", &ng_parse_uint32_type }, \
- { "delayedOctets", &ng_parse_uint32_type }, \
- { "delayedFrames", &ng_parse_uint32_type }, \
- { NULL }, \
-}
-
-/* Runtime structure returned by NGM_PIPE_GET_RUN */
-struct ng_pipe_run {
- struct ng_pipe_hookrun downstream;
- struct ng_pipe_hookrun upstream;
-};
-
-/* Keep this in sync with the above structure definition */
-#define NG_PIPE_RUN_INFO(hstype) { \
- { "downstream", (hstype) }, \
- { "upstream", (hstype) }, \
- { NULL }, \
-}
-
-/* Config structure for one hook */
-struct ng_pipe_hookcfg {
- u_int64_t bandwidth;
- u_int64_t ber;
- u_int32_t qin_size_limit;
- u_int32_t qout_size_limit;
- u_int32_t duplicate;
- u_int32_t fifo;
- u_int32_t drr;
- u_int32_t wfq;
- u_int32_t droptail;
- u_int32_t drophead;
-};
-
-/* Keep this in sync with the above structure definition */
-#define NG_PIPE_HOOKCFG_INFO { \
- { "bandwidth", &ng_parse_uint64_type }, \
- { "BER", &ng_parse_uint64_type }, \
- { "queuelen", &ng_parse_uint32_type }, \
- { "delaylen", &ng_parse_uint32_type }, \
- { "duplicate", &ng_parse_uint32_type }, \
- { "fifo", &ng_parse_uint32_type }, \
- { "drr", &ng_parse_uint32_type }, \
- { "wfq", &ng_parse_uint32_type }, \
- { "droptail", &ng_parse_uint32_type }, \
- { "drophead", &ng_parse_uint32_type }, \
- { NULL }, \
-}
-
-/* Config structure returned by NGM_PIPE_GET_CFG */
-struct ng_pipe_cfg {
- u_int64_t bandwidth;
- u_int64_t delay;
- u_int32_t header_offset;
- u_int32_t overhead;
- struct ng_pipe_hookcfg downstream;
- struct ng_pipe_hookcfg upstream;
-};
-
-/* Keep this in sync with the above structure definition */
-#define NG_PIPE_CFG_INFO(hstype) { \
- { "bandwidth", &ng_parse_uint64_type }, \
- { "delay", &ng_parse_uint64_type }, \
- { "header_offset", &ng_parse_uint32_type }, \
- { "overhead", &ng_parse_uint32_type }, \
- { "downstream", (hstype) }, \
- { "upstream", (hstype) }, \
- { NULL }, \
-}
-
-/* Netgraph commands */
-enum {
- NGM_PIPE_GET_STATS=1, /* get stats */
- NGM_PIPE_CLR_STATS, /* clear stats */
- NGM_PIPE_GETCLR_STATS, /* atomically get and clear stats */
- NGM_PIPE_GET_RUN, /* get current runtime status */
- NGM_PIPE_GET_CFG, /* get configurable parameters */
- NGM_PIPE_SET_CFG, /* set configurable parameters */
-};
-
-#endif /* _NETGRAPH_PIPE_H_ */
diff --git a/kernel/freebsd/ng_pipe/ng_pipe_freebsd4.c b/kernel/freebsd/ng_pipe/ng_pipe_freebsd4.c
deleted file mode 100644
index 6a3a2716..00000000
--- a/kernel/freebsd/ng_pipe/ng_pipe_freebsd4.c
+++ /dev/null
@@ -1,1277 +0,0 @@
-/*
- * ng_pipe.c
- *
- * Copyright (c) 2004 University of Zagreb, Croatia
- * Copyright (c) 1996-1999 Whistle Communications, Inc.
- * All rights reserved.
- *
- * Subject to the following obligations and disclaimer of warranty, use and
- * redistribution of this software, in source or object code forms, with or
- * without modifications are expressly permitted by Whistle Communications
- * and author; provided, however, that:
- * 1. Any and all reproductions of the source or object code must include the
- * copyright notice above and the following disclaimer of warranties; and
- * 2. No rights are granted, in any manner or form, to use Whistle
- * Communications, Inc. trademarks, including the mark "WHISTLE
- * COMMUNICATIONS" on advertising, endorsements, or otherwise except as
- * such appears in the above copyright notice or in the software.
- *
- * THIS SOFTWARE IS BEING PROVIDED BY BOTH AUTHOR AND WHISTLE COMMUNICATIONS
- * "AS IS", AND TO THE MAXIMUM EXTENT PERMITTED BY LAW, THEY MAKE NO
- * REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING THIS SOFTWARE,
- * INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
- * AUTHOR AND WHISTLE COMMUNICATIONS DO NOT WARRANT, GUARANTEE, OR MAKE
- * ANY REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS OF THE USE OF THIS
- * SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY, RELIABILITY OR OTHERWISE.
- * IN NO EVENT WILL AUTHOR OR WHISTLE COMMUNICATIONS BE LIABLE FOR ANY DAMAGES
- * RESULTING FROM OR ARISING OUT OF ANY USE OF THIS SOFTWARE, INCLUDING
- * WITHOUT LIMITATION, ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- * PUNITIVE, OR CONSEQUENTIAL DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES, LOSS OF USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF AUTHOR OR WHISTLE COMMUNICATIONS IS ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* v 1.15 2004/10/25 */
-
-/*
- * This node permits simple traffic shaping by emulating bandwidth
- * and delay, as well as random packet losses.
- * The node has two hooks, upper and lower. Traffic flowing from upper to
- * lower hook is referenced as downstream, and vice versa. Parameters for
- * both directions can be set separately, except for delay.
- */
-
-/*
- * TODO:
- *
- * - some splimp()s and extra checks are possibly pure paranoia,
- * if they prove to be redundant they should be removed.
- *
- * - update the manpage.
- */
-
-
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-
-#include
-
-#include
-#include
-#include
-#include
-
-#include
-#include
-#include
-
-#include "ng_pipe.h"
-
-#ifdef XCP
-#include "xcp_var.h"
-#endif
-
-#ifdef BOEING_WLAN
-#include "../ng_wlan/ng_wlan.h"
-#include "../ng_wlan/ng_wlan_tag.h"
-#endif /* BOEING_WLAN */
-
-typedef void idle_polling_t (void);
-extern idle_polling_t *idle_polling_h;
-extern int cpu_idle_hlt;
-
-/* Packet header struct */
-struct ngp_hdr {
- TAILQ_ENTRY(ngp_hdr) ngp_link; /* next pkt in queue */
- struct timeval when; /* when to dequeue this packet? */
- struct mbuf *m; /* ptr to the actual packet data */
-#ifdef BOEING_WLAN
- meta_p meta; /* optional metadata containing link effects from ng_wlan*/
-#endif
-};
-
-TAILQ_HEAD(p_head ,ngp_hdr);
-
-/* FIFO queue struct */
-struct ngp_fifo {
- TAILQ_ENTRY(ngp_fifo) fifo_le; /* list of active queues only */
- struct p_head packet_head; /* FIFO queue head */
- u_int32_t hash; /* flow signature */
- struct timeval vtime; /* virtual time, for WFQ */
- u_int32_t rr_deficit; /* for DRR */
- u_int32_t packets; /* # of packets in this queue */
-};
-
-/* Per hook info */
-struct hookinfo {
- hook_p hook;
- LIST_ENTRY(hookinfo) hook_le; /* all active ng_pipe instances */
- TAILQ_HEAD(, ngp_fifo) fifo_head; /* this hooks's FIFO queues */
- TAILQ_HEAD(, ngp_hdr) qout_head; /* delay queue head */
- struct timeval qin_utime;
- struct ng_pipe_hookcfg cfg;
- struct ng_pipe_hookrun run;
- struct ng_pipe_hookstat stats;
-#ifdef XCP
- struct xcp_router_state xcps;
-#endif
- uint64_t *ber_p;
-};
-
-/* Per node info */
-struct privdata {
- node_p node;
- LIST_ENTRY(privdata) node_le;
- u_int64_t delay;
- u_int32_t overhead;
- u_int32_t header_offset;
- struct hookinfo lower;
- struct hookinfo upper;
-};
-typedef struct privdata *sc_p;
-
-/* Macro for calculating the virtual time for packet dequeueing in WFQ */
-#define FIFO_VTIME_SORT(plen) \
- if (hinfo->cfg.wfq && hinfo->cfg.bandwidth) { \
- ngp_f->vtime.tv_usec = now->tv_usec + ((uint64_t) (plen) \
- + sc->overhead ) * hinfo->run.fifo_queues * \
- 8000000 / hinfo->cfg.bandwidth; \
- ngp_f->vtime.tv_sec = now->tv_sec + \
- ngp_f->vtime.tv_usec / 1000000; \
- ngp_f->vtime.tv_usec = ngp_f->vtime.tv_usec % 1000000; \
- TAILQ_FOREACH(ngp_f1, &hinfo->fifo_head, fifo_le) \
- if (ngp_f1->vtime.tv_sec > ngp_f->vtime.tv_sec || \
- (ngp_f1->vtime.tv_sec == ngp_f->vtime.tv_sec && \
- ngp_f1->vtime.tv_usec > ngp_f->vtime.tv_usec)) \
- break; \
- if (ngp_f1 == NULL) \
- TAILQ_INSERT_TAIL(&hinfo->fifo_head, ngp_f, fifo_le); \
- else \
- TAILQ_INSERT_BEFORE(ngp_f1, ngp_f, fifo_le); \
- } else \
- TAILQ_INSERT_TAIL(&hinfo->fifo_head, ngp_f, fifo_le); \
-
-
-static void parse_cfg(struct ng_pipe_hookcfg *, struct ng_pipe_hookcfg *,
- struct hookinfo *);
-static void pipe_dequeue(struct hookinfo *, struct timeval *);
-static void pipe_scheduler(void);
-static void pipe_poll(void);
-static int ngp_modevent(module_t, int, void *);
-
-/* linked list of all "pipe" nodes */
-LIST_HEAD(pipe_node_head, privdata) node_head;
-
-/* linked list of active "pipe" hooks */
-LIST_HEAD(pipe_hook_head, hookinfo) hook_head;
-
-/* timeout handle for pipe_scheduler */
-struct callout_handle ds_handle = { 0 };
-
-/* saved value of cpu_idle_hlt */
-static int old_cpu_idle_hlt = 0;
-
-/* VM zone for storing ngp_hdr-s */
-struct vm_zone *ngp_zone;
-
-/* Netgraph methods */
-static ng_constructor_t ngp_constructor;
-static ng_rcvmsg_t ngp_rcvmsg;
-static ng_shutdown_t ngp_rmnode;
-static ng_newhook_t ngp_newhook;
-static ng_rcvdata_t ngp_rcvdata;
-static ng_disconnect_t ngp_disconnect;
-
-/* Parse type for struct ng_pipe_hookstat */
-static const struct ng_parse_struct_field
- ng_pipe_hookstat_type_fields[] = NG_PIPE_HOOKSTAT_INFO;
-static const struct ng_parse_type ng_pipe_hookstat_type = {
- &ng_parse_struct_type,
- &ng_pipe_hookstat_type_fields
-};
-
-/* Parse type for struct ng_pipe_stats */
-static const struct ng_parse_struct_field ng_pipe_stats_type_fields[] =
- NG_PIPE_STATS_INFO(&ng_pipe_hookstat_type);
-static const struct ng_parse_type ng_pipe_stats_type = {
- &ng_parse_struct_type,
- &ng_pipe_stats_type_fields
-};
-
-/* Parse type for struct ng_pipe_hookrun */
-static const struct ng_parse_struct_field
- ng_pipe_hookrun_type_fields[] = NG_PIPE_HOOKRUN_INFO;
-static const struct ng_parse_type ng_pipe_hookrun_type = {
- &ng_parse_struct_type,
- &ng_pipe_hookrun_type_fields
-};
-
-/* Parse type for struct ng_pipe_run */
-static const struct ng_parse_struct_field
- ng_pipe_run_type_fields[] = NG_PIPE_RUN_INFO(&ng_pipe_hookrun_type);
-static const struct ng_parse_type ng_pipe_run_type = {
- &ng_parse_struct_type,
- &ng_pipe_run_type_fields
-};
-
-/* Parse type for struct ng_pipe_hookcfg */
-static const struct ng_parse_struct_field
- ng_pipe_hookcfg_type_fields[] = NG_PIPE_HOOKCFG_INFO;
-static const struct ng_parse_type ng_pipe_hookcfg_type = {
- &ng_parse_struct_type,
- &ng_pipe_hookcfg_type_fields
-};
-
-/* Parse type for struct ng_pipe_cfg */
-static const struct ng_parse_struct_field
- ng_pipe_cfg_type_fields[] = NG_PIPE_CFG_INFO(&ng_pipe_hookcfg_type);
-static const struct ng_parse_type ng_pipe_cfg_type = {
- &ng_parse_struct_type,
- &ng_pipe_cfg_type_fields
-};
-
-/* List of commands and how to convert arguments to/from ASCII */
-static const struct ng_cmdlist ng_pipe_cmds[] = {
- {
- NGM_PIPE_COOKIE,
- NGM_PIPE_GET_STATS,
- "getstats",
- NULL,
- &ng_pipe_stats_type
- },
- {
- NGM_PIPE_COOKIE,
- NGM_PIPE_CLR_STATS,
- "clrstats",
- NULL,
- NULL
- },
- {
- NGM_PIPE_COOKIE,
- NGM_PIPE_GETCLR_STATS,
- "getclrstats",
- NULL,
- &ng_pipe_stats_type
- },
- {
- NGM_PIPE_COOKIE,
- NGM_PIPE_GET_RUN,
- "getrun",
- NULL,
- &ng_pipe_run_type
- },
- {
- NGM_PIPE_COOKIE,
- NGM_PIPE_GET_CFG,
- "getcfg",
- NULL,
- &ng_pipe_cfg_type
- },
- {
- NGM_PIPE_COOKIE,
- NGM_PIPE_SET_CFG,
- "setcfg",
- &ng_pipe_cfg_type,
- NULL
- },
- { 0 }
-};
-
-/* Netgraph type descriptor */
-static struct ng_type ng_pipe_typestruct = {
- NG_VERSION,
- NG_PIPE_NODE_TYPE,
- ngp_modevent,
- ngp_constructor,
- ngp_rcvmsg,
- ngp_rmnode,
- ngp_newhook,
- NULL,
- NULL,
- ngp_rcvdata,
- ngp_rcvdata,
- ngp_disconnect,
- ng_pipe_cmds
-};
-NETGRAPH_INIT(pipe, &ng_pipe_typestruct);
-
-#ifdef BOEING_WLAN
-/* generate a random integer between 1 and max */
-#define pipe_good_random(max) (1 + (random() % max))
-#endif
-
-/*
- * Node constructor
- */
-static int
-ngp_constructor(node_p *nodep)
-{
- sc_p privdata;
- node_p node;
- int error = 0;
- int s;
-
- MALLOC(privdata, sc_p, sizeof(*privdata), M_NETGRAPH, M_NOWAIT);
- if (privdata == NULL)
- return (ENOMEM);
- bzero(privdata, sizeof(*privdata));
-
- if ((error = ng_make_node_common(&ng_pipe_typestruct, nodep))) {
- FREE(privdata, M_NETGRAPH);
- return (error);
- }
-
- node=*nodep;
- node->private = privdata;
- privdata->node = node;
-
- /* Add new node to the "all nodes" list */
- s=splimp();
- LIST_INSERT_HEAD(&node_head, privdata, node_le);
- splx(s);
-
- return (0);
-}
-
-
-/*
- * Add a hook
- */
-static int
-ngp_newhook(node_p node, hook_p hook, const char *name)
-{
- const sc_p sc = node->private;
- struct hookinfo *hinfo;
-
- if (strcmp(name, NG_PIPE_HOOK_UPPER) == 0) {
- bzero(&sc->upper, sizeof(sc->upper));
- sc->upper.hook = hook;
- hook->private = &sc->upper;
- } else if (strcmp(name, NG_PIPE_HOOK_LOWER) == 0) {
- bzero(&sc->lower, sizeof(sc->lower));
- sc->lower.hook = hook;
- hook->private = &sc->lower;
- } else
- return (EINVAL);
-
- /* Load non-zero initial cfg values */
- hinfo = (struct hookinfo *) hook->private;
- hinfo->cfg.qin_size_limit = 50;
- hinfo->cfg.fifo = 1;
- hinfo->cfg.droptail = 1;
- TAILQ_INIT(&hinfo->fifo_head);
- TAILQ_INIT(&hinfo->qout_head);
- return (0);
-}
-
-
-/*
- * Receive a control message
- */
-static int
-ngp_rcvmsg(node_p node, struct ng_mesg *msg, const char *retaddr,
- struct ng_mesg **rptr)
-{
- const sc_p sc = node->private;
- struct ng_mesg *resp = NULL;
- int error = 0;
-
- switch (msg->header.typecookie) {
- case NGM_PIPE_COOKIE:
- switch (msg->header.cmd) {
- case NGM_PIPE_GET_STATS:
- case NGM_PIPE_CLR_STATS:
- case NGM_PIPE_GETCLR_STATS:
- {
- struct ng_pipe_stats *stats;
-
- if (msg->header.cmd != NGM_PIPE_CLR_STATS) {
- NG_MKRESPONSE(resp, msg,
- sizeof(*stats), M_NOWAIT);
- if (resp == NULL) {
- error = ENOMEM;
- goto done;
- }
- stats=(struct ng_pipe_stats *)resp->data;
- bcopy(&sc->upper.stats, &stats->downstream,
- sizeof(stats->downstream));
- bcopy(&sc->lower.stats, &stats->upstream,
- sizeof(stats->upstream));
- }
- if (msg->header.cmd != NGM_PIPE_GET_STATS) {
- bzero(&sc->upper.stats,
- sizeof(sc->upper.stats));
- bzero(&sc->lower.stats,
- sizeof(sc->lower.stats));
- }
- break;
- }
- case NGM_PIPE_GET_RUN:
- {
- struct ng_pipe_run *run;
-
- NG_MKRESPONSE(resp, msg, sizeof(*run), M_NOWAIT);
- if (resp == NULL) {
- error = ENOMEM;
- goto done;
- }
- run = (struct ng_pipe_run *)resp->data;
- bcopy(&sc->upper.run, &run->downstream,
- sizeof(run->downstream));
- bcopy(&sc->lower.run, &run->upstream,
- sizeof(run->upstream));
- break;
- }
- case NGM_PIPE_GET_CFG:
- {
- struct ng_pipe_cfg *cfg;
-
- NG_MKRESPONSE(resp, msg, sizeof(*cfg), M_NOWAIT);
- if (resp == NULL) {
- error = ENOMEM;
- goto done;
- }
- cfg = (struct ng_pipe_cfg *)resp->data;
- bcopy(&sc->upper.cfg, &cfg->downstream,
- sizeof(cfg->downstream));
- bcopy(&sc->lower.cfg, &cfg->upstream,
- sizeof(cfg->upstream));
- cfg->delay = sc->delay;
- cfg->overhead = sc->overhead;
- cfg->header_offset = sc->header_offset;
- if (cfg->upstream.bandwidth ==
- cfg->downstream.bandwidth) {
- cfg->bandwidth = cfg->upstream.bandwidth;
- cfg->upstream.bandwidth = 0;
- cfg->downstream.bandwidth = 0;
- } else
- cfg->bandwidth = 0;
- break;
- }
- case NGM_PIPE_SET_CFG:
- {
- struct ng_pipe_cfg *cfg;
-
- cfg = (struct ng_pipe_cfg *)msg->data;
- if (msg->header.arglen != sizeof(*cfg)) {
- error = EINVAL;
- break;
- }
-
- if (cfg->delay == -1)
- sc->delay = 0;
- else if (cfg->delay > 0 && cfg->delay < 10000000)
- sc->delay = cfg->delay;
-
- if (cfg->bandwidth == -1) {
- sc->upper.cfg.bandwidth = 0;
- sc->lower.cfg.bandwidth = 0;
- sc->overhead = 0;
- } else if (cfg->bandwidth >= 100 &&
- cfg->bandwidth <= 1000000000) {
- sc->upper.cfg.bandwidth = cfg->bandwidth;
- sc->lower.cfg.bandwidth = cfg->bandwidth;
- if (cfg->bandwidth >= 10000000)
- sc->overhead = 8+4+12; /* Ethernet */
- else
- sc->overhead = 10; /* HDLC */
- }
-
- if (cfg->overhead == -1)
- sc->overhead = 0;
- else if (cfg->overhead > 0 && cfg->overhead < 256)
- sc->overhead = cfg->overhead;
-
- if (cfg->header_offset == -1)
- sc->header_offset = 0;
- else if (cfg->header_offset > 0 &&
- cfg->header_offset < 64)
- sc->header_offset = cfg->header_offset;
-
- parse_cfg(&sc->upper.cfg, &cfg->downstream, &sc->upper);
- parse_cfg(&sc->lower.cfg, &cfg->upstream, &sc->lower);
- break;
- }
-
- default:
- error = EINVAL;
- break;
- }
- break;
- default:
- error = EINVAL;
- break;
- }
- if (rptr)
- *rptr = resp;
- else if (resp)
- FREE(resp, M_NETGRAPH);
-
-done:
- FREE(msg, M_NETGRAPH);
- return (error);
-}
-
-
-static void
-parse_cfg(struct ng_pipe_hookcfg *current, struct ng_pipe_hookcfg *new,
- struct hookinfo *hinfo)
-{
-
- if (new->ber == -1) {
- current->ber = 0;
- if (hinfo->ber_p) {
- FREE(hinfo->ber_p, M_NETGRAPH);
- hinfo->ber_p = NULL;
- }
- }
- else if (new->ber >= 1 && new->ber <= 1000000000000) {
- static const uint64_t one = 0x1000000000000; /* = 2^48 */
- uint64_t p0, p;
- uint32_t fsize, i;
-
- if (hinfo->ber_p == NULL)
- MALLOC(hinfo->ber_p, uint64_t *, \
- (MAX_FSIZE + MAX_OHSIZE)*sizeof(uint64_t), \
- M_NETGRAPH, M_NOWAIT);
- current->ber = new->ber;
-
- /*
- * For given BER and each frame size N (in bytes) calculate
- * the probability P_OK that the frame is clean:
- *
- * P_OK(BER,N) = (1 - 1/BER)^(N*8)
- *
- * We use a 64-bit fixed-point format with decimal point
- * positioned between bits 47 and 48.
- */
- p0 = one - one / new->ber;
- p = one;
- for (fsize = 0; fsize < MAX_FSIZE + MAX_OHSIZE; fsize++) {
- hinfo->ber_p[fsize] = p;
- for (i=0; i<8; i++)
- p = (p*(p0&0xffff)>>48) + \
- (p*((p0>>16)&0xffff)>>32) + \
- (p*(p0>>32)>>16);
- }
- }
-
- if (new->qin_size_limit == 0xffff)
- current->qin_size_limit = 0;
- else if (new->qin_size_limit >= 5)
- current->qin_size_limit = new->qin_size_limit;
-
- if (new->qout_size_limit == 0xffff)
- current->qout_size_limit = 0;
- else if (new->qout_size_limit >= 5)
- current->qout_size_limit = new->qout_size_limit;
-
- if (new->duplicate == -1)
- current->duplicate = 0;
- else if (new->duplicate > 0 && new->duplicate <= 50)
- current->duplicate = new->duplicate;
-
- if (new->fifo) {
- current->fifo = 1;
- current->wfq = 0;
- current->drr = 0;
- }
-
- if (new->wfq) {
- current->fifo = 0;
- current->wfq = 1;
- current->drr = 0;
- }
-
- if (new->drr) {
- current->fifo = 0;
- current->wfq = 0;
- /* DRR quantum */
- if (new->drr >= 32)
- current->drr = new->drr;
- else
- current->drr = 2048; /* default quantum */
- }
-
- if (new->droptail) {
- current->droptail = 1;
- current->drophead = 0;
- }
-
- if (new->drophead) {
- current->droptail = 0;
- current->drophead = 1;
- }
-
- if (new->bandwidth == -1) {
- current->bandwidth = 0;
- current->fifo = 1;
- current->wfq = 0;
- current->drr = 0;
- } else if (new->bandwidth >= 100 && new->bandwidth <= 1000000000)
- current->bandwidth = new->bandwidth;
-
-#ifdef XCP
- init_xcp_state(&hinfo->xcps, 0, current->bandwidth / 1024);
-#endif
-}
-
-
-/*
- * Compute a hash signature for a packet. This function suffers from the
- * NIH sindrome, so probably it would be wise to look around what other
- * folks have found out to be a good and efficient IP hash function...
- */
-__inline static int ip_hash(struct mbuf *m, int offset)
-{
- u_int64_t i;
- struct ip *ip = (struct ip *)(mtod(m, u_char *) + offset);
- struct udphdr *udp = 0;
-
- if (m->m_len < sizeof(struct ip) + offset ||
- ip->ip_v != 4 || ip->ip_hl << 2 != sizeof(struct ip))
- return 0;
-
- if ((m->m_len >= sizeof(struct ip) + sizeof(struct udphdr) + offset) &&
- (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_UDP) &&
- !(ntohs(ip->ip_off) & IP_OFFMASK))
- udp = (struct udphdr *)((u_char *) ip + sizeof(struct ip));
-
-#if 0 /* an overkill IP hash, but could be too slow */
- i = 0;
- for ( j = (ip->ip_p & 0x1f) + 1; j ; j = j >> 2) {
- i ^= ((u_int64_t) ip->ip_src.s_addr
- + ((u_int64_t) ip->ip_dst.s_addr << 7)
- - ((u_int64_t) ip->ip_src.s_addr << 13)
- - ((u_int64_t) ip->ip_dst.s_addr << 19)
- + ((u_int64_t) ip->ip_p << 9)) << j;
- if (udp)
- i ^= (((u_int64_t) udp->uh_sport << (ip->ip_p + 5))
- - ((u_int64_t) udp->uh_dport << ip->ip_p)) << j;
- }
-#else /* a slightly faster yet less reliable version */
- i = ((u_int64_t) ip->ip_src.s_addr
- ^ ((u_int64_t) ip->ip_dst.s_addr << 7)
- ^ ((u_int64_t) ip->ip_src.s_addr << 13)
- ^ ((u_int64_t) ip->ip_dst.s_addr << 19)
- ^ ((u_int64_t) ip->ip_p << 9));
- if (udp)
- i ^= (((u_int64_t) udp->uh_sport << (ip->ip_p + 5))
- ^ ((u_int64_t) udp->uh_dport << ip->ip_p));
-#endif
- return (i ^ (i >> 32));
-}
-
-
-/*
- * Receive data on a hook - both in upstream and downstream direction.
- * We put the frame on the inbound queue, and try to initiate dequeuing
- * sequence immediately. If inbound queue is full, discard one frame
- * depending on dropping policy (from the head or from the tail of the
- * queue).
- */
-static int
-ngp_rcvdata(hook_p hook, struct mbuf *m, meta_p meta)
-{
- struct hookinfo *const hinfo = (struct hookinfo *) hook->private;
- const sc_p sc = hook->node->private;
- struct timeval uuptime;
- struct timeval *now = &uuptime;
- struct ngp_fifo *ngp_f = NULL, *ngp_f1;
- struct ngp_hdr *ngp_h = NULL;
- int hash;
- int s;
-
- microuptime(now);
- s = splimp();
-
-#ifdef BOEING_WLAN
- if (meta != NULL) {
- if ((meta->used_len != WLAN_META_SIZE) ||
- (meta->options[0].cookie != NGM_WLAN_COOKIE)) {
- /* metadata from elsewhere, not queued */
- NG_FREE_META(meta); /* sets meta = NULL */
- }/* else metadata from ng_wlan, contains tag */
- }
-#else
- NG_FREE_META(meta);
-#endif
-
- /*
- * Attach us to the list of active ng_pipes if this one was an empty
- * one before, and also update the queue service deadline time.
- */
- if (hinfo->run.qin_frames == 0) {
- struct timeval *when = &hinfo->qin_utime;
- if (when->tv_sec < now->tv_sec || (when->tv_sec == now->tv_sec
- && when->tv_usec < now->tv_usec)) {
- when->tv_sec = now->tv_sec;
- when->tv_usec = now->tv_usec;
- }
- if (hinfo->run.qout_frames == 0) {
- LIST_INSERT_HEAD(&hook_head, hinfo, hook_le);
- if (cpu_idle_hlt) {
- old_cpu_idle_hlt = cpu_idle_hlt;
- cpu_idle_hlt = 0;
- }
- }
- }
-
- /* Populate the packet header */
- ngp_h = zalloc(ngp_zone);
- ngp_h->m = m;
-#ifdef BOEING_WLAN
- ngp_h->meta = meta;
- meta = NULL; /* don't free elsewhere */
-#endif
-
- if (hinfo->cfg.fifo)
- hash = 0; /* all packets go into a single FIFO queue */
- else
- hash = ip_hash(m, sc->header_offset);
-
-#ifdef XCP
- if (do_xcp)
- xcp_forward(m, sc->header_offset, &hinfo->xcps);
-#endif
-
- /* Find the appropriate FIFO queue for the packet and enqueue it*/
- TAILQ_FOREACH(ngp_f, &hinfo->fifo_head, fifo_le)
- if (hash == ngp_f->hash)
- break;
- if (ngp_f == NULL) {
- ngp_f = zalloc(ngp_zone);
- TAILQ_INIT(&ngp_f->packet_head);
- ngp_f->hash = hash;
- ngp_f->packets = 1;
- ngp_f->rr_deficit = hinfo->cfg.drr; /* DRR quantum */
- hinfo->run.fifo_queues++;
- TAILQ_INSERT_TAIL(&ngp_f->packet_head, ngp_h, ngp_link);
- FIFO_VTIME_SORT(m->m_pkthdr.len);
- } else {
- TAILQ_INSERT_TAIL(&ngp_f->packet_head, ngp_h, ngp_link);
- ngp_f->packets++;
- }
- hinfo->run.qin_frames++;
- hinfo->run.qin_octets += m->m_pkthdr.len;
-
- /* Discard a frame if inbound queue limit has been reached */
- if (hinfo->run.qin_frames > hinfo->cfg.qin_size_limit) {
- struct mbuf *m1;
- int longest = 0;
-
- /* Find the longest queue */
- TAILQ_FOREACH(ngp_f1, &hinfo->fifo_head, fifo_le)
- if (ngp_f1->packets > longest) {
- longest = ngp_f1->packets;
- ngp_f = ngp_f1;
- }
-
- /* Drop a frame from the queue head/tail, depending on cfg */
- if (hinfo->cfg.drophead)
- ngp_h = TAILQ_FIRST(&ngp_f->packet_head);
- else
- ngp_h = TAILQ_LAST(&ngp_f->packet_head, p_head);
- TAILQ_REMOVE(&ngp_f->packet_head, ngp_h, ngp_link);
- m1 = ngp_h->m;
-#ifdef BOEING_WLAN
- NG_FREE_META(ngp_h->meta);
-#endif /* BOEING_WLAN */
- zfree(ngp_zone, ngp_h);
- hinfo->run.qin_octets -= m1->m_pkthdr.len;
- hinfo->stats.in_disc_octets += m1->m_pkthdr.len;
- m_freem(m1);
- if (--(ngp_f->packets) == 0) {
- TAILQ_REMOVE(&hinfo->fifo_head, ngp_f, fifo_le);
- zfree(ngp_zone, ngp_f);
- hinfo->run.fifo_queues--;
- }
- hinfo->run.qin_frames--;
- hinfo->stats.in_disc_frames++;
- }
-
- /* Try to start the dequeuing process immediately */
- pipe_dequeue(hinfo, now);
-
- splx(s);
- return (0);
-}
-
-
-/*
- * Dequeueing sequence - we basically do the following:
- * 1) Try to extract the frame from the inbound (bandwidth) queue;
- * 2) In accordance to BER specified, discard the frame randomly;
- * 3) If the frame survives BER, prepend it with delay info and move it
- * to outbound (delay) queue, or send directly to the outbound hook;
- * 4) Loop to 2) until bandwidth limit is reached, or inbound queue is
- * flushed completely;
- * 5) Extract the first frame from the outbound queue, if it's time has come.
- * Send this frame to the outbound hook;
- * 6) Loop to 6) until outbound queue is flushed completely, or the next
- * frame in the queue is not scheduled to be dequeued yet
- *
- * This routine must be called at splimp()!
- */
-static void
-pipe_dequeue(struct hookinfo *hinfo, struct timeval *now) {
- static uint64_t rand, oldrand;
- const sc_p sc = hinfo->hook->node->private;
- struct hookinfo *dest;
- struct ngp_fifo *ngp_f, *ngp_f1;
- struct ngp_hdr *ngp_h;
- struct timeval *when;
- meta_p meta = NULL;
- int error = 0;
- struct mbuf *m;
-#ifdef BOEING_WLAN
- struct ngp_hdr *ngp_h1 = NULL;
- struct ng_wlan_tag *tag, wtag;
- int need_free_meta;
-#endif /* BOEING_WLAN */
-
- /* Which one is the destination hook? */
- if (hinfo == &sc->lower)
- dest = &sc->upper;
- else
- dest = &sc->lower;
-
- /* Bandwidth queue processing */
- while ((ngp_f = TAILQ_FIRST(&hinfo->fifo_head))) {
- when = &hinfo->qin_utime;
- if (when->tv_sec > now->tv_sec || (when->tv_sec == now->tv_sec
- && when->tv_usec > now->tv_usec))
- break;
-
- ngp_h = TAILQ_FIRST(&ngp_f->packet_head);
- m = ngp_h->m;
-#ifdef BOEING_WLAN
- meta = ngp_h->meta;
- ngp_h->meta = NULL; /* keep ptr in meta*/
- need_free_meta = 0;
- if (meta != NULL) {
- need_free_meta = 1;
- tag = (struct ng_wlan_tag*)meta->options;
- WLAN_TAG_COPY( (&wtag), tag)
- /* enforce maximum parameters */
- if (wtag.delay > NG_WLAN_MAX_DELAY)
- wtag.delay = NG_WLAN_MAX_DELAY;
- if (wtag.duplicate > NG_WLAN_MAX_DUP)
- wtag.duplicate = NG_WLAN_MAX_DUP;
- if (wtag.jitter > NG_WLAN_MAX_JITTER)
- wtag.jitter = NG_WLAN_MAX_JITTER;
- } else {
- WLAN_TAG_ZERO( (&wtag) );
- }
-#endif /* BOEING_WLAN */
-
- /* Deficit Round Robin (DRR) processing */
- if (hinfo->cfg.drr) {
- if (ngp_f->rr_deficit >= m->m_pkthdr.len) {
- ngp_f->rr_deficit -= m->m_pkthdr.len;
- } else {
- ngp_f->rr_deficit += hinfo->cfg.drr;
- TAILQ_REMOVE(&hinfo->fifo_head, ngp_f, fifo_le);
- TAILQ_INSERT_TAIL(&hinfo->fifo_head, \
- ngp_f, fifo_le);
- /* BOEING_WLAN: need to free meta here? */
- continue;
- }
- }
-
- /*
- * Either create a duplicate and pass it on, or dequeue
- * the original packet...
- */
-#ifdef BOEING_WLAN
- if (wtag.duplicate &&
- pipe_good_random(100) <= wtag.duplicate) {
- ngp_h = zalloc(ngp_zone);
- KASSERT(ngp_h != NULL, ("ngp_h zalloc failed (3)"));
- ngp_h->m = m_dup(m, M_NOWAIT);
- ngp_h->meta = meta; /* reuse the old metadata instead of
- * allocating another */
- need_free_meta = 0;
- meta = NULL;
- KASSERT(ngp_h->m != NULL, ("m_dup failed"));
- m = ngp_h->m; /* Boeing: we are now working with copied
- mbuf, leaving original in the queue */
- } else
-#endif /* BOEING_WLAN */
- if (hinfo->cfg.duplicate &&
- random() % 100 <= hinfo->cfg.duplicate) {
- if ((m = m_dup(m, M_NOWAIT)))
- if ((ngp_h = zalloc(ngp_zone)))
- ngp_h->m = m;
- if ( m == NULL || ngp_h == NULL )
- panic("ng_pipe: m_dup or zalloc failed!");
- } else {
- TAILQ_REMOVE(&ngp_f->packet_head, ngp_h, ngp_link);
- hinfo->run.qin_frames--;
- hinfo->run.qin_octets -= m->m_pkthdr.len;
- ngp_f->packets--;
- }
-#ifdef BOEING_WLAN
- /* free the metadata if it was not re-used for the duplicate */
- if (need_free_meta)
- NG_FREE_META(meta);
-#endif /* BOEING_WLAN */
-
- /* Calculate the serialization delay */
-#ifdef BOEING_WLAN
- if (wtag.bandwidth) {
- hinfo->qin_utime.tv_usec += ((uint64_t) m->m_pkthdr.len
- + sc->overhead ) *
- 8000000 / wtag.bandwidth;
- hinfo->qin_utime.tv_sec +=
- hinfo->qin_utime.tv_usec / 1000000;
- hinfo->qin_utime.tv_usec =
- hinfo->qin_utime.tv_usec % 1000000;
- } else
-#endif /* BOEING_WLAN */
- if (hinfo->cfg.bandwidth) {
- hinfo->qin_utime.tv_usec += ((uint64_t) m->m_pkthdr.len
- + sc->overhead ) *
- 8000000 / hinfo->cfg.bandwidth;
- hinfo->qin_utime.tv_sec +=
- hinfo->qin_utime.tv_usec / 1000000;
- hinfo->qin_utime.tv_usec =
- hinfo->qin_utime.tv_usec % 1000000;
- }
- when = &ngp_h->when;
- when->tv_sec = hinfo->qin_utime.tv_sec;
- when->tv_usec = hinfo->qin_utime.tv_usec;
-
- /* Sort / rearrange inbound queues */
- if (ngp_f->packets) {
- if (hinfo->cfg.wfq) {
- TAILQ_REMOVE(&hinfo->fifo_head, ngp_f, fifo_le);
- FIFO_VTIME_SORT(TAILQ_FIRST(&ngp_f->packet_head)->m->m_pkthdr.len)
- }
- } else {
- TAILQ_REMOVE(&hinfo->fifo_head, ngp_f, fifo_le);
- zfree(ngp_zone, ngp_f);
- hinfo->run.fifo_queues--;
- }
-
- /* Randomly discard the frame, according to BER setting */
-#ifdef BOEING_WLAN
- /* use specified Packet Error Rate setting for random discard */
- if (wtag.per &&
- pipe_good_random(100) <= wtag.per) {
- hinfo->stats.out_disc_frames++;
- hinfo->stats.out_disc_octets += m->m_pkthdr.len;
- zfree(ngp_zone, ngp_h);
- m_freem(m);
- continue;
- } else
-#endif /* BOEING_WLAN */
- if (hinfo->cfg.ber &&
- ( (oldrand = rand) ^ (rand = random())<<17) >=
- hinfo->ber_p[sc->overhead + m->m_pkthdr.len] ) {
- hinfo->stats.out_disc_frames++;
- hinfo->stats.out_disc_octets += m->m_pkthdr.len;
- zfree(ngp_zone, ngp_h);
- m_freem(m);
- continue;
- }
-
- /* Discard frame if outbound queue size limit exceeded */
- if (hinfo->cfg.qout_size_limit &&
- hinfo->run.qout_frames>=hinfo->cfg.qout_size_limit) {
- hinfo->stats.out_disc_frames++;
- hinfo->stats.out_disc_octets += m->m_pkthdr.len;
- zfree(ngp_zone, ngp_h);
- m_freem(m);
- continue;
- }
-
-#ifdef BOEING_WLAN
- /* Calculate the propagation delay including jitter */
- if (wtag.jitter) {
- when->tv_usec += pipe_good_random(wtag.jitter);
- /* overflow handled below... */
- }
- when->tv_usec += wtag.delay ? wtag.delay : sc->delay;
-#else
- /* Calculate the propagation delay */
- when->tv_usec += sc->delay;
-#endif /* BOEING_WLAN */
- when->tv_sec += when->tv_usec / 1000000;
- when->tv_usec = when->tv_usec % 1000000;
-
- /* Put the frame into the delay queue */
-#ifdef BOEING_WLAN
- /* Because WLAN packets may have varying dequeue times, we need to
- * perform sorted queueing; the dequeuing process expects packets in
- * the queue that are sorted by time.
- */
- TAILQ_FOREACH(ngp_h1, &hinfo->qout_head, ngp_link) {
- if (ngp_h1->when.tv_sec > ngp_h->when.tv_sec ||
- (ngp_h1->when.tv_sec == ngp_h->when.tv_sec &&
- ngp_h1->when.tv_usec > ngp_h->when.tv_usec))
- break;
- }
- if (ngp_h1 == NULL)
- TAILQ_INSERT_TAIL(&hinfo->qout_head, ngp_h, ngp_link);
- else
- TAILQ_INSERT_BEFORE(ngp_h1, ngp_h, ngp_link);
- /* The original code below just inserts the packet at the
- * tail of the queue because the delay time is constant. */
-#else /* BOEING_WLAN */
- TAILQ_INSERT_TAIL(&hinfo->qout_head, ngp_h, ngp_link);
-#endif /* BOEING_WLAN */
- hinfo->run.qout_frames++;
- hinfo->run.qout_octets += m->m_pkthdr.len;
- }
-
- /* Delay queue processing */
- while ((ngp_h = TAILQ_FIRST(&hinfo->qout_head))) {
- struct mbuf *m = ngp_h->m;
-
-/* BOEING_WLAN: this is why we have sorted the queue input */
- when = &ngp_h->when;
- if (when->tv_sec > now->tv_sec ||
- (when->tv_sec == now->tv_sec &&
- when->tv_usec > now->tv_usec))
- break;
-
- /* Update outbound queue stats */
- hinfo->stats.fwd_frames++;
- hinfo->stats.fwd_octets += m->m_pkthdr.len;
- hinfo->run.qout_frames--;
- hinfo->run.qout_octets -= m->m_pkthdr.len;
-
- /* Dequeue/send the packet */
- TAILQ_REMOVE(&hinfo->qout_head, ngp_h, ngp_link);
- zfree(ngp_zone, ngp_h);
-#ifdef BOEING_WLAN
- NG_SEND_DATA_ONLY(error, dest->hook, m);
-#else
- NG_SEND_DATA(error, dest->hook, m, meta);
-#endif /* BOEING_WLAN */
- }
-
- /* If both queues are empty detach us from the list of active queues */
- if (hinfo->run.qin_frames + hinfo->run.qout_frames == 0)
- LIST_REMOVE(hinfo, hook_le);
-}
-
-
-/*
- * This routine is called on every clock tick. We poll all nodes/hooks
- * for queued frames by calling pipe_dequeue().
- */
-static void
-pipe_scheduler(void)
-{
- static struct timeval old;
- struct timeval new;
-
- microuptime(&new);
- if (old.tv_sec > new.tv_sec)
- printf ("ng_pipe: dsec=%ld\n", old.tv_sec - new.tv_sec);
- else if (old.tv_sec == new.tv_sec && old.tv_usec > new.tv_usec)
- printf ("ng_pipe: dusec=%ld\n", old.tv_usec - new.tv_usec);
- old.tv_sec = new.tv_sec;
- old.tv_usec = new.tv_usec;
-
- pipe_poll();
-
-#ifdef XCP
- if ( do_xcp ) {
- sc_p priv;
-
- /* Set off any XCP timers hooked to ng_pipe queues */
-
- LIST_FOREACH(priv, &node_head, node_le) {
- if ( --priv->upper.xcps.ticks_until_Te == 0 )
- xcp_Te_timeout(&priv->upper.xcps);
- if ( --priv->upper.xcps.ticks_until_Tq == 0 )
- xcp_Tq_timeout(&priv->upper.xcps);
- if ( --priv->lower.xcps.ticks_until_Te == 0 )
- xcp_Te_timeout(&priv->lower.xcps);
- if ( --priv->lower.xcps.ticks_until_Tq == 0 )
- xcp_Tq_timeout(&priv->lower.xcps);
- }
- }
-#endif
-
- /* Reschedule */
- ds_handle = timeout((timeout_t *) &pipe_scheduler, NULL, 1);
-}
-
-
-static void
-pipe_poll(void)
-{
- struct hookinfo *hinfo;
- int s;
- struct timeval now;
-
- s=splimp();
-
- microuptime(&now);
- LIST_FOREACH(hinfo, &hook_head, hook_le)
- pipe_dequeue(hinfo, &now);
- if (LIST_EMPTY(&hook_head) && cpu_idle_hlt == 0)
- cpu_idle_hlt = old_cpu_idle_hlt;
-
- splx(s);
-}
-
-
-/*
- * Shutdown processing
- *
- * This is tricky. If we have both a lower and upper hook, then we
- * probably want to extricate ourselves and leave the two peers
- * still linked to each other. Otherwise we should just shut down as
- * a normal node would. We run at splimp() in order to avoid race
- * condition with pipe_scheduler().
- */
-static int
-ngp_rmnode(node_p node)
-{
- const sc_p privdata = node->private;
- int s;
-
- s=splimp();
-
- node->flags |= NG_INVALID;
- if (privdata->lower.hook && privdata->upper.hook)
- ng_bypass(privdata->lower.hook, privdata->upper.hook);
- ng_cutlinks(node);
- ng_unname(node);
-
- /* unlink the node from the list */
- LIST_REMOVE(privdata, node_le);
-
- node->private = NULL;
- ng_unref(privdata->node);
- FREE(privdata, M_NETGRAPH);
-
- splx(s);
- return (0);
-}
-
-
-/*
- * Hook disconnection
- */
-static int
-ngp_disconnect(hook_p hook)
-{
- struct hookinfo *const hinfo = (struct hookinfo *) hook->private;
- struct ngp_fifo *ngp_f;
- struct ngp_hdr *ngp_h;
- int s, removed = 0;
-
- s=splimp();
-
- KASSERT(hinfo != NULL, ("%s: null info", __FUNCTION__));
- hinfo->hook = NULL;
-
- /* Flush all fifo queues associated with the hook */
- while ((ngp_f = TAILQ_FIRST(&hinfo->fifo_head))) {
- while ((ngp_h = TAILQ_FIRST(&ngp_f->packet_head))) {
- TAILQ_REMOVE(&ngp_f->packet_head, ngp_h, ngp_link);
- m_freem(ngp_h->m);
-#ifdef BOEING_WLAN
- NG_FREE_META(ngp_h->meta);
-#endif /* BOEING_WLAN */
- zfree(ngp_zone, ngp_h);
- removed++;
- }
- TAILQ_REMOVE(&hinfo->fifo_head, ngp_f, fifo_le);
- zfree(ngp_zone, ngp_f);
- }
-
- /* Flush the delay queue */
- while ((ngp_h = TAILQ_FIRST(&hinfo->qout_head))) {
- TAILQ_REMOVE(&hinfo->qout_head, ngp_h, ngp_link);
- m_freem(ngp_h->m);
-#ifdef BOEING_WLAN
- NG_FREE_META(ngp_h->meta);
-#endif /* BOEING_WLAN */
- zfree(ngp_zone, ngp_h);
- removed++;
- }
-
- /*
- * Both queues should be empty by now, so detach us from
- * the list of active queues
- */
- if (removed)
- LIST_REMOVE(hinfo, hook_le);
- if (hinfo->run.qin_frames + hinfo->run.qout_frames != removed)
- printf("Mismatch: queued=%d but removed=%d !?!",
- hinfo->run.qin_frames + hinfo->run.qout_frames,
- removed);
-
- /* Release the packet loss probability table (BER) */
- if (hinfo->ber_p)
- FREE(hinfo->ber_p, M_NETGRAPH);
-
- if (hook->node->numhooks == 0)
- ng_rmnode(hook->node);
-
- splx(s);
- return (0);
-}
-
-static int
-ngp_modevent(module_t mod, int type, void *unused)
-{
- sc_p priv;
- int error = 0;
- int s;
-
- switch (type) {
- case MOD_LOAD:
- if (ngp_zone)
- error = EEXIST;
- else {
- ngp_zone = zinit("ng_pipe",
- max(sizeof(struct ngp_hdr), sizeof (struct ngp_fifo)),
- nmbufs, ZONE_INTERRUPT, 0);
- if (ngp_zone == NULL) {
- error = ENOMEM;
- break;
- }
- LIST_INIT(&node_head);
- LIST_INIT(&hook_head);
- ds_handle = timeout((timeout_t *) &pipe_scheduler,
- NULL, 1);
- idle_polling_h = pipe_poll;
- }
- break;
- case MOD_UNLOAD:
- LIST_FOREACH(priv, &node_head, node_le)
- error = EBUSY;
-
- if (error == 0) {
- s = splimp();
- idle_polling_h = NULL;
- untimeout((timeout_t *) &pipe_scheduler, NULL,
- ds_handle);
- ds_handle.callout = NULL;
- zdestroy(ngp_zone);
- splx (s);
- }
- break;
- default:
- break;
- }
-
- return (error);
-}
diff --git a/kernel/freebsd/ng_wlan/Makefile b/kernel/freebsd/ng_wlan/Makefile
deleted file mode 100644
index 9d3136c7..00000000
--- a/kernel/freebsd/ng_wlan/Makefile
+++ /dev/null
@@ -1,27 +0,0 @@
-#
-# (c)2006-2011 the Boeing Company
-#
-# ng_wlan
-#
-.if !defined(PLATFORM)
-#PLATFORM=i386
-PLATFORM=amd64
-.endif
-
-CFLAGS+=-I/usr/src/sys/${PLATFORM}/compile/CORE -DMULTICAST_LOOKUPS
-# FreeBSD 4.11 is "FreeBSD" and 7.0 is "freebsd7.0"
-
-#.if defined(OSTYPE)
-#.if (${OSTYPE} == "FreeBSD")
-#CFLAGS+=-DFREEBSD411
-#.endif
-#.endif
-
-KMOD= ng_wlan
-
-SRCS= ng_wlan.c
-
-#MAN= ng_wlan.4
-
-.include
-
diff --git a/kernel/freebsd/ng_wlan/README b/kernel/freebsd/ng_wlan/README
deleted file mode 100644
index 97c1cbe4..00000000
--- a/kernel/freebsd/ng_wlan/README
+++ /dev/null
@@ -1,50 +0,0 @@
-
-ng_wlan FreeBSD kernel module
-
-(c) 2006-2011 the Boeing Company
-author: Jeff Ahrenholz
-
-
- The ng_wlan modules implements a netgraph node that models wireless
-LAN connectivity. ng_wlan extends the ng_hub node, only instead of sending
-packets to each connected peer, maintains a hash table of node connectivity,
-and sends packets between two nodes only when they are linked. By default all
-nodes are unlinked. Nodes can be linked and unlinked using "link" and
-"unlink" messages:
- ngctl msg e0_n2: link { node1=0x23 node2=0x0c }
-
-The node IDs of the two nodes are the parameters, as depicted above.
-
- Link effects between can also be specified for each node pair. If two nodes
-are linked and parameters are specified, an mbuf tag will be added to each data
-packet mbuf that specifies the effects. For FreeBSD 4.11, the metadata parameter
-is used instead of mbuf tags. Delay (microseconds), bandwidth
-(bits per second), PER (% packet errors), duplicates (%), jitter
-(microseconds), and burst (% burst errors) are supported. This tag is then
-removed by the ng_pipe node and the appropriate effects are applied. Link
-effects are specified with "set" and "unset" messages:
- ngctl msg e0_n2: set { node1=0x23 node2=0x0c delay=50000 bandwidth=54000000 per=0 duplicate=0 jitter=5000 burst=30 }
- ngctl msg e0_n2: unset { node1=0x23 node2=0x0c }
-
-Note that a special ng_pipe module is needed (the default one does not support
-the mbuf tags and some effects.)
-
-A separate error rate and burst rate affecting all multicast packets may be
-defined. Use the "mer" message:
- ngctl msg e0_n2: mer { mer=20 mburst=35 }
-The above example sets the multicast error rate to drop 20% of all multicast
-packets, with 35% burst errors.
-
-When MULTICAST_LOOKUPS is defined, a second lookup table is defined for each
-WLAN where multicast group, source, and node pair tuples can be linked or
-unlinked. This causes different forwarding behavior for multicast packets,
-where non-local groups are only forwarded if the node pair has been linked
-together for that group (and the normal node pair has been linked).
-Usage:
- ngctl msg e0_n2: mcastset { node1=0x23 node2=0x0c group=0xEF020364 source=0x0a000002 }
- ngctl msg e0_n2: mcastset { node1=0x23 node2=0x0c group=0xEF020364 source=0}
- ngctl msg e0_n2: mcastunset { node1=0x23 node2=0x0c group=0xEF020364 source=0 }
-Once the first mcastset/mcastunset message is received, that ng_wlan will drop
-all non-local multicast packets that do not have a matching source, group,
-node pair entry. The source address of zero matches any IP source.
-
diff --git a/kernel/freebsd/ng_wlan/ng_wlan.c b/kernel/freebsd/ng_wlan/ng_wlan.c
deleted file mode 100644
index f6d6b810..00000000
--- a/kernel/freebsd/ng_wlan/ng_wlan.c
+++ /dev/null
@@ -1,1315 +0,0 @@
-/*
- * Copyright (c) 2006-2011 the Boeing Company
- * ng_wlan is based on ng_hub, which is:
- * Copyright (c) 2004 Ruslan Ermilov
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-
-#include
-#include
-#include
-#include
-#include
-#include
-#ifdef MULTICAST_LOOKUPS
-#include /* in.h */
-#include /* IN_MULTICAST(), etc */
-#include /* struct ip */
-#include /* struct ether_header */
-#endif /* MULTICAST_LOOKUPS */
-
-#include
-#include
-#include
-/* #include */
-#include "ng_wlan.h"
-#include "ng_wlan_tag.h"
-
-#ifdef NG_SEPARATE_MALLOC
-MALLOC_DEFINE(M_NETGRAPH_WLAN, "netgraph_wlan", "netgraph WLAN node ");
-#else
-#define M_NETGRAPH_WLAN M_NETGRAPH
-#endif
-
-#ifdef WLAN_GIANT_LOCK
-struct mtx ng_wlan_giant;
-#endif
-
-#ifdef MULTICAST_LOOKUPS
-#define mtod_off(m,off,t) ((t)(mtod((m),caddr_t)+(off)))
-#define IP_MCAST_HDR_OFFSET ETHER_HDR_LEN
-#define IP_MCAST_MIN_LEN (IP_MCAST_HDR_OFFSET + sizeof(struct ip))
-#endif /* MULTICAST_LOOKUPS */
-
-/*
- * WLAN node data types
- */
-/* Hash table entry for wlan connectivity */
-struct ng_wlan_hent {
- ng_ID_t l_id;
- ng_ID_t g_id;
- int linked;
- u_int64_t delay;
- u_int64_t bandwidth;
- u_int16_t per;
- u_int16_t duplicate;
- u_int32_t jitter;
- u_int16_t burst;
- SLIST_ENTRY(ng_wlan_hent) next;
-};
-
-/* Hash table bucket declaration */
-/* struct ng_wlan_bucket {
- struct ng_wlan_hent *slh_first;
-};*/
-SLIST_HEAD(ng_wlan_bucket, ng_wlan_hent);
-
-#define MIN_BUCKETS 256
-#define HASH(a, b) ( ((a << 16) + b) % MIN_BUCKETS )
-
-#define IS_PEER_KSOCKET(h) \
- (NG_PEER_NODE(h) != NULL && \
- NG_PEER_NODE(h)->nd_type->name[0] == 'k' && \
- NG_PEER_NODE(h)->nd_type->name[1] == 's')
-
-/* WLAN node private data */
-struct ng_wlan_private {
- struct ng_wlan_bucket *tab;
-#ifndef FREEBSD411
- struct mtx ng_wlan_tab_lock;
-#ifdef MULTICAST_LOOKUPS
- struct ng_wlan_mcast_bucket *mcast_tab;
- struct mtx ng_wlan_mcast_tab_lock;
- int multicast_enabled;
-#endif
-#endif /* !FREEBSD411 */
- int persistent;
- u_int16_t mer; /* multicast error rate */
- u_int16_t mburst; /* multicast burst rate */
-};
-typedef struct ng_wlan_private *priv_p;
-
-/*
- * Local function declarations
- */
-static int ng_wlan_lookup(node_p node, hook_p hook1, hook_p hook2,
- struct ng_wlan_tag *tag);
-static int ng_wlan_unlink(node_p node, ng_ID_t node1, ng_ID_t node2);
-static int ng_wlan_link(node_p node, ng_ID_t node1, ng_ID_t node2,
- struct ng_wlan_set_data *data);
-
-#ifdef MULTICAST_LOOKUPS
-static int ng_wlan_mcast_lookup(node_p node, hook_p hook1, hook_p hook2,
- u_int32_t group, u_int32_t source);
-static int ng_wlan_mcast_link(node_p node, ng_ID_t node1, ng_ID_t node2,
- u_int32_t group, u_int32_t source, int unlink);
-
-/* Hash table entry for multicast connectivity */
-struct ng_wlan_mcast_hent {
- ng_ID_t l_id;
- ng_ID_t g_id;
- u_int32_t group;
- u_int32_t source;
- int linked;
- SLIST_ENTRY(ng_wlan_mcast_hent) next;
-};
-
-SLIST_HEAD(ng_wlan_mcast_bucket, ng_wlan_mcast_hent);
-#define MCAST_HASH(a, b, g) ( (((a << 16) + b) & g) % MIN_BUCKETS )
-#endif /* MULTICAST_LOOKUPS */
-
-/*
- * Netgraph node methods
- */
-#ifndef FREEBSD411
-static int ng_wlan_modevent(module_t mod, int type, void *unused);
-#endif
-static ng_constructor_t ng_wlan_constructor;
-static ng_rcvmsg_t ng_wlan_rcvmsg;
-static ng_shutdown_t ng_wlan_rmnode;
-static ng_newhook_t ng_wlan_newhook;
-static ng_rcvdata_t ng_wlan_rcvdata;
-#ifndef FREEBSD411
-static ng_rcvdata_t ng_wlan_rcvdata_ks;
-#endif
-static ng_disconnect_t ng_wlan_disconnect;
-
-/* Parse types */
-static const struct ng_parse_struct_field ng_wlan_link_type_fields[]
- = NG_WLAN_CONFIG_TYPE_INFO;
-static const struct ng_parse_type ng_wlan_link_type = {
- &ng_parse_struct_type,
- &ng_wlan_link_type_fields
-};
-static const struct ng_parse_struct_field ng_wlan_set_type_fields[]
- = NG_WLAN_SET_DATA_TYPE_INFO;
-static const struct ng_parse_type ng_wlan_set_type = {
- &ng_parse_struct_type,
- &ng_wlan_set_type_fields
-};
-static const struct ng_parse_struct_field ng_wlan_mer_type_fields[]
- = NG_WLAN_MER_TYPE_INFO;
-static const struct ng_parse_type ng_wlan_mer_type = {
- &ng_parse_struct_type,
- &ng_wlan_mer_type_fields
-};
-#ifdef MULTICAST_LOOKUPS
-static const struct ng_parse_struct_field ng_wlan_multicast_set_type_fields[]
- = NG_WLAN_MULTICAST_SET_DATA_TYPE_INFO;
-static const struct ng_parse_type ng_wlan_multicast_set_type = {
- &ng_parse_struct_type,
- &ng_wlan_multicast_set_type_fields
-};
-#endif /* MULTICAST_LOOKUPS */
-
-/* List of commands and how to convert arguments to/from ASCII */
-static const struct ng_cmdlist ng_wlan_cmdlist[] = {
- {
- NGM_WLAN_COOKIE,
- NGM_WLAN_LINK_NODES,
- "link",
- &ng_wlan_link_type,
- NULL
- },
- {
- NGM_WLAN_COOKIE,
- NGM_WLAN_UNLINK_NODES,
- "unlink",
- &ng_wlan_link_type,
- NULL
- },
- {
- NGM_WLAN_COOKIE,
- NGM_WLAN_NODES_SET,
- "set",
- &ng_wlan_set_type,
- NULL
- },
- {
- NGM_WLAN_COOKIE,
- NGM_WLAN_NODES_UNSET,
- "unset",
- &ng_wlan_link_type,
- NULL
- },
- {
- NGM_WLAN_COOKIE,
- NGM_WLAN_NODES_GET,
- "get",
- &ng_wlan_link_type,
- &ng_wlan_set_type
- },
- {
- NGM_WLAN_COOKIE,
- NGM_WLAN_MER,
- "mer",
- &ng_wlan_mer_type,
- NULL
- },
-#ifdef MULTICAST_LOOKUPS
- {
- NGM_WLAN_COOKIE,
- NGM_WLAN_MULTICAST_SET,
- "mcastset",
- &ng_wlan_multicast_set_type,
- NULL
- },
- {
- NGM_WLAN_COOKIE,
- NGM_WLAN_MULTICAST_UNSET,
- "mcastunset",
- &ng_wlan_multicast_set_type,
- NULL
- },
- {
- NGM_WLAN_COOKIE,
- NGM_WLAN_MULTICAST_GET,
- "mcastget",
- &ng_wlan_multicast_set_type,
- &ng_wlan_multicast_set_type
- },
-#endif /* MULTICAST_LOOKUPS */
- { 0 }
-};
-
-/*
- * Netgraph node type descriptor
- */
-static struct ng_type ng_wlan_typestruct = {
- .version = NG_ABI_VERSION,
- .name = NG_WLAN_NODE_TYPE,
-#ifndef FREEBSD411
- .mod_event = ng_wlan_modevent,
-#endif
- .constructor = ng_wlan_constructor,
- .rcvmsg = ng_wlan_rcvmsg,
- .shutdown = ng_wlan_rmnode,
- .newhook = ng_wlan_newhook,
- .rcvdata = ng_wlan_rcvdata,
- .disconnect = ng_wlan_disconnect,
- .cmdlist = ng_wlan_cmdlist,
-};
-NETGRAPH_INIT(wlan, &ng_wlan_typestruct);
-
-#ifndef FREEBSD411
-/*
- * Function implementations
- */
-static int
-ng_wlan_modevent(module_t mod, int type, void *unused)
-{
- int error = 0;
-
- switch (type) {
- case MOD_LOAD:
-#ifdef WLAN_GIANT_LOCK
- mtx_init(&ng_wlan_giant, "ng_wlan_giant", NULL, MTX_DEF);
-#endif
- break;
- case MOD_UNLOAD:
-#ifdef WLAN_GIANT_LOCK
- mtx_destroy(&ng_wlan_giant);
-#endif
- break;
- default:
- error = EOPNOTSUPP;
- break;
- }
-
- return (error);
-}
-#endif /* !FREEBSD411 */
-
-#ifdef FREEBSD411
-static int
-ng_wlan_constructor(node_p *nodep)
-#else
-static int
-ng_wlan_constructor(node_p node)
-#endif
-{
- priv_p priv;
-#ifdef FREEBSD411
- int error=0;
-#endif
-
- /* initialize the hash table */
- MALLOC( priv, priv_p,
- sizeof(struct ng_wlan_private),
- M_NETGRAPH_WLAN, M_NOWAIT | M_ZERO);
- if (priv == NULL)
- return (ENOMEM);
-
- MALLOC( priv->tab, struct ng_wlan_bucket *,
- MIN_BUCKETS * sizeof(struct ng_wlan_bucket),
- M_NETGRAPH_WLAN, M_NOWAIT | M_ZERO);
- if (priv->tab == NULL) {
- FREE(priv, M_NETGRAPH_WLAN);
- return (ENOMEM);
- }
-#ifdef FREEBSD411
- /* Call the generic node constructor. */
- if ((error=ng_make_node_common(&ng_wlan_typestruct, nodep))) {
- FREE(priv->tab, M_NETGRAPH_WLAN);
- FREE(priv, M_NETGRAPH_WLAN);
- return(error);
- }
- NG_NODE_SET_PRIVATE(*nodep, priv);
-#else /* FREEBSD411 */
-#ifdef MULTICAST_LOOKUPS
- priv->multicast_enabled = 0; /* turned off, until ng_wlan_mcast_link()*/
- /* initialize multicast hash table */
- MALLOC( priv->mcast_tab, struct ng_wlan_mcast_bucket *,
- MIN_BUCKETS * sizeof(struct ng_wlan_mcast_bucket),
- M_NETGRAPH_WLAN, M_NOWAIT | M_ZERO);
- if (priv->mcast_tab == NULL) {
- FREE(priv->tab, M_NETGRAPH_WLAN);
- FREE(priv, M_NETGRAPH_WLAN);
- return (ENOMEM);
- }
- mtx_init(&priv->ng_wlan_mcast_tab_lock, "ng_wlan_mcast_tab_lock", NULL,
- MTX_DEF);
-#endif /* MULTICAST_LOOKUPS */
- mtx_init(&priv->ng_wlan_tab_lock, "ng_wlan_tab_lock", NULL, MTX_DEF);
- NG_NODE_SET_PRIVATE(node, priv);
-#endif /* FREEBSD411 */
-
- return (0);
-}
-
-static int
-ng_wlan_newhook(node_p node, hook_p hook, const char *name)
-{
- const priv_p priv = NG_NODE_PRIVATE(node);
-
- /* ksocket hooks "ks0", "ks1", etc. get special receive function */
- if (name[0] == 'k' && name[1] == 's') {
-#ifndef FREEBSD411
- NG_HOOK_SET_RCVDATA(hook, ng_wlan_rcvdata_ks);
-#endif
- return 0;
- }
-
- if (strcmp(name, "anchor") == 0) {
- if (priv->persistent)
- return(EISCONN);
- priv->persistent = 1;
- }
- return 0;
-}
-
-/*
- * Receive a control message.
- */
-#ifdef FREEBSD411
-static int
-ng_wlan_rcvmsg(node_p node, struct ng_mesg *msg,
- const char *retaddr, struct ng_mesg **rptr)
-#else
-static int
-ng_wlan_rcvmsg(node_p node, item_p item, hook_p lasthook)
-#endif
-{
- const priv_p priv = NG_NODE_PRIVATE(node);
- struct ng_mesg *resp = NULL;
- int error = 0;
- struct ng_wlan_config *nodes;
- struct ng_wlan_set_data *set_data;
- struct ng_wlan_tag tag;
- u_int32_t node1, node2;
- struct ng_hook h1, h2;
- struct ng_node n1, n2;
-#ifndef FREEBSD411
- struct ng_mesg *msg;
-#ifdef MULTICAST_LOOKUPS
- struct ng_wlan_multicast_set_data *mcsd;
- u_int32_t group, src;
- int unlink;
-#endif /* MULTICAST_LOOKUPS */
-#endif
-
-#ifndef FREEBSD411
-#ifdef WLAN_GIANT_LOCK
- mtx_lock(&ng_wlan_giant);
-#else
- mtx_lock(&priv->ng_wlan_tab_lock);
-#ifdef MULTICAST_LOOKUPS
- mtx_lock(&priv->ng_wlan_mcast_tab_lock);
-#endif /* MULTICAST_LOOKUPS */
-#endif
- NGI_GET_MSG(item, msg);
-#endif /* !FREEBSD411 */
-
- switch (msg->header.typecookie) {
- case NGM_WLAN_COOKIE:
- switch (msg->header.cmd) {
- /* all of these messages take (node1=a,node2=b) param */
- case NGM_WLAN_LINK_NODES:
- case NGM_WLAN_UNLINK_NODES:
- case NGM_WLAN_NODES_UNSET:
- case NGM_WLAN_NODES_GET:
- if (msg->header.arglen
- != sizeof(struct ng_wlan_config)) {
- error = EINVAL;
- break;
- }
- nodes = (struct ng_wlan_config *)msg->data;
- node1 = nodes->node1;
- node2 = nodes->node2;
- if (msg->header.cmd == NGM_WLAN_NODES_GET) {
- NG_MKRESPONSE(resp, msg, sizeof(*set_data),
- M_NOWAIT);
- if (resp == NULL) {
- error = ENOMEM;
- break;
- }
- set_data = (struct ng_wlan_set_data*)resp->data;
- bzero(set_data, sizeof(*set_data));
- /* make fake peer/node structures for lookup */
-#ifdef FREEBSD411
- h1.peer = &h2; h2.peer = &h1;
- h1.node = &n1; h2.node = &n2;
- n1.ID = node1; n2.ID = node2;
-#else
- h1.hk_peer = &h2; h2.hk_peer = &h1;
- h1.hk_node = &n1; h2.hk_node = &n2;
- n1.nd_ID = node1; n2.nd_ID = node2;
-#endif
- if (ng_wlan_lookup(node, &h1, &h2, &tag)) {
- set_data->node1 = node1;
- set_data->node2 = node2;
- WLAN_TAG_COPY(set_data, (&tag));
- } /* if not found, node1/node2 will be zero */
- break;
- }
- if (msg->header.cmd == NGM_WLAN_LINK_NODES)
- error = ng_wlan_link(node, node1, node2, NULL);
- else
- error = ng_wlan_unlink(node, node1, node2);
- break;
- case NGM_WLAN_NODES_SET:
- if (msg->header.arglen
- != sizeof(struct ng_wlan_set_data)) {
- error = EINVAL;
- break;
- }
- set_data = (struct ng_wlan_set_data *)msg->data;
- node1 = set_data->node1;
- node2 = set_data->node2;
- if (set_data->delay > NG_WLAN_MAX_DELAY ||
- set_data->bandwidth > NG_WLAN_MAX_BW ||
- set_data->per > NG_WLAN_MAX_PER ||
- set_data->duplicate > NG_WLAN_MAX_DUP ||
- set_data->jitter > NG_WLAN_MAX_JITTER ||
- set_data->burst > NG_WLAN_MAX_BURST) {
- error = EINVAL;
- break;
- }
- error = ng_wlan_link(node, node1, node2, set_data);
- break;
- case NGM_WLAN_MER:
- if (msg->header.arglen != sizeof(struct ng_wlan_mer)) {
- error = EINVAL;
- break;
- }
- priv->mer = *((u_int16_t *)msg->data);
- priv->mburst = *((u_int16_t *)&msg->data[2]);
- break;
- case NGM_WLAN_MULTICAST_SET:
- case NGM_WLAN_MULTICAST_UNSET:
- case NGM_WLAN_MULTICAST_GET:
-#ifndef MULTICAST_LOOKUPS
- error = ENOTSUP;
- break;
-#else
- if (msg->header.arglen
- != sizeof(struct ng_wlan_multicast_set_data)) {
- error = EINVAL;
- break;
- }
- unlink = (msg->header.cmd == NGM_WLAN_MULTICAST_UNSET);
- mcsd = (struct ng_wlan_multicast_set_data *)msg->data;
- node1 = mcsd->node1;
- node2 = mcsd->node2;
- group = mcsd->group;
- src = mcsd->source;
- if (msg->header.cmd == NGM_WLAN_MULTICAST_GET) {
- NG_MKRESPONSE(resp, msg, sizeof(*mcsd),
- M_NOWAIT);
- if (resp == NULL) {
- error = ENOMEM;
- break;
- }
- mcsd = (struct ng_wlan_multicast_set_data*)
- resp->data;
- bzero(mcsd, sizeof(*mcsd));
- /* make fake peer/node structures for lookup */
-#ifdef FREEBSD411
- h1.peer = &h2; h2.peer = &h1;
- h1.node = &n1; h2.node = &n2;
- n1.ID = node1; n2.ID = node2;
-#else
- h1.hk_peer = &h2; h2.hk_peer = &h1;
- h1.hk_node = &n1; h2.hk_node = &n2;
- n1.nd_ID = node1; n2.nd_ID = node2;
-#endif
- if (ng_wlan_mcast_lookup(node, &h1, &h2, group,
- src)){
- mcsd->node1 = node1;
- mcsd->node2 = node2;
- mcsd->group = group;
- } /* if not found, node1/node2 will be zero */
- break;
- }
- error = ng_wlan_mcast_link(node, node1, node2, group,
- src, unlink);
- break;
-#endif /* MULTICAST_LOOKUPS */
- default:
- error = EINVAL;
- break;
- }
- break;
- default:
- error = EINVAL;
- break;
- }
-
-#ifndef FREEBSD411
- NG_RESPOND_MSG(error, node, item, resp);
-#endif
- NG_FREE_MSG(msg);
-
-#ifndef FREEBSD411
-#ifdef WLAN_GIANT_LOCK
- mtx_unlock(&ng_wlan_giant);
-#else
- mtx_unlock(&priv->ng_wlan_tab_lock);
-#ifdef MULTICAST_LOOKUPS
- mtx_unlock(&priv->ng_wlan_mcast_tab_lock);
-#endif /* MULTICAST_LOOKUPS */
-#endif
-#endif
- return(error);
-}
-
-
-#ifdef FREEBSD411
-/*
- * Handle incoming data from connected netgraph hooks.
- * FreeBSD 4.11 version uses netgraph metadata.
- * Does not support ksocket backchannel, multicast lookups.
- */
-static int
-ng_wlan_rcvdata(hook_p hook, struct mbuf *m, meta_p meta)
-{
- const node_p node = NG_HOOK_NODE(hook);
- const priv_p priv = NG_NODE_PRIVATE(node);
- int error = 0;
- hook_p hook2;
- struct mbuf *m2;
- int nhooks;
- struct ng_wlan_tag *tag = NULL;
-
- /* Checking for NG_INVALID flag fixes race upon shutdown */
- if ((NG_NODE_NOT_VALID(node)) ||
- ((nhooks = NG_NODE_NUMHOOKS(node)) == 1)) {
- NG_FREE_DATA(m, meta);
- return (0);
- }
-
- /* Meta information is not preserved by this node but replaced with
- * its own data. This sets meta = NULL */
- NG_FREE_META(meta);
-
- /* Count number of linked nodes, not just number of hooks */
- nhooks = 0;
- LIST_FOREACH(hook2, &node->hooks, hooks)
- {
- /* TODO: maintain a count of the number of linked nodes */
- if (hook2 == hook)
- continue;
- if (!ng_wlan_lookup(node, hook, hook2, NULL))
- continue;
- nhooks++;
- }
- if (nhooks==0) /* Nobody to receive the data */
- goto rcvdata_free_item_error;
- LIST_FOREACH(hook2, &node->hooks, hooks)
- {
- if (hook2 == hook)
- continue;
- /* Allocate a meta+tag for sending with the data, which may or
- may not be used. If used, the ptr is set to NULL for the
- next loop iteration; unused (non-NULL ptr) will be freed
- after loop.
- */
- if (!meta) {
- MALLOC(meta, meta_p, WLAN_META_SIZE,
- M_NETGRAPH, M_NOWAIT | M_ZERO);
- if (!meta) goto rcvdata_free_item_error_nobufs;
- meta->used_len = (u_short) WLAN_META_SIZE;
- meta->allocated_len = (u_short) WLAN_META_SIZE;
- meta->flags = 0;
- meta->priority = WLAN_META_PRIORITY;
- meta->discardability = -1;
- tag = (struct ng_wlan_tag*)meta->options;
- tag->meta_hdr.cookie = NGM_WLAN_COOKIE;
- tag->meta_hdr.type = NG_TAG_WLAN;
- tag->meta_hdr.len = sizeof(struct ng_wlan_tag);
- }
- WLAN_TAG_ZERO(tag);
-
- if ( !ng_wlan_lookup(node, hook, hook2, tag)) {
- /* determine if peers are connected, fill in tag data */
- continue;
- }
- if ((m->m_flags & M_MCAST) && (priv->mer > 0) && tag) {
- tag->per = priv->mer; /* use configured mcast error */
- tag->burst = priv->mburst; /* use conf mcast burst */
- }
-
- if (--nhooks == 0) { /* nhooks is really number of links */
- if (tag && TAG_HAS_DATA(tag)) {
- /* send metadata and set meta = NULL */
- NG_SEND_DATA(error, hook2, m, meta);
- tag = NULL; /* tag used */
- } else {
- /* Don't send any metadata */
- NG_SEND_DATA_ONLY(error, hook2, m);
- }
- break; /* no need to loop and malloc */
- } else {
- if ((m2 = m_dup(m, M_DONTWAIT)) == NULL)
- goto rcvdata_free_item_error_nobufs;
- if (tag && TAG_HAS_DATA(tag)) {
- /* send metadata and set meta = NULL */
- NG_SEND_DATA(error, hook2, m2, meta);
- tag = NULL; /* tag used */
- } else {
- /* Don't send any metadata */
- NG_SEND_DATA_ONLY(error, hook2, m2);
- if (error) /* XXX free mbuf? */
- continue; /* don't give up */
- }
- } /* end if nhooks==0 */
- } /* end FOREACH hook */
-
- if (meta) /* cleanup unused meta+tag */
- NG_FREE_META(meta);
-
- goto rcvdata_out;
-
-rcvdata_free_item_error_nobufs:
- error = ENOBUFS;
-rcvdata_free_item_error:
- NG_FREE_DATA(m, meta);
-
-rcvdata_out:
- return (error);
-}
-
-#else /* FREEBSD411 */
-/*
- * Handle incoming data from connected netgraph hooks.
- * FreeBSD 7.0 version uses mbuf tags; has additional features:
- * - ksocket backchannel for connecting two ng_wlans together
- * - multicast lookups for different forwarding behavior for multicast packets
- */
-static int
-ng_wlan_rcvdata(hook_p hook, item_p item)
-{
- const node_p node = NG_HOOK_NODE(hook);
- int error = 0;
- hook_p hook2;
- struct mbuf *m2;
- int nhooks;
- struct ng_wlan_tag *tag = NULL;
- struct mbuf *m;
- const priv_p priv = NG_NODE_PRIVATE(node);
- ng_ID_t srcid;
- node_p peer;
-#ifdef MULTICAST_LOOKUPS
- u_int32_t group, src;
- struct ip *ip;
- struct ether_header *eh;
-#endif /* MULTICAST_LOOKUPS */
-
- /* Checking for NG_INVALID flag fixes race upon shutdown */
- if ((NG_NODE_NOT_VALID(node)) ||
- ((nhooks = NG_NODE_NUMHOOKS(node)) == 1)) {
- NG_FREE_ITEM(item);
- return (0);
- }
-
-#ifdef WLAN_GIANT_LOCK
- mtx_lock(&ng_wlan_giant);
-#else
- mtx_lock(&priv->ng_wlan_tab_lock);
-#endif
- m = NGI_M(item); /* 'item' still owns it... we are peeking */
-
-#ifdef MULTICAST_LOOKUPS
- mtx_lock(&priv->ng_wlan_mcast_tab_lock);
- src = group = 0;
- if (priv->multicast_enabled &&
- (m->m_flags & M_MCAST) && (m->m_flags & M_PKTHDR)) {
- /* disassociate mbuf from item (now we must free it) */
- NGI_GET_M(item, m);
- /* Get group of packets sent to non-local multicast addresses */
- if ((m->m_pkthdr.len >= IP_MCAST_MIN_LEN) &&
- (m = m_pullup(m, IP_MCAST_MIN_LEN)) != NULL) {
- eh = mtod_off(m, 0, struct ether_header *);
- if (ETHER_IS_MULTICAST(eh->ether_dhost) &&
- ntohs(eh->ether_type) == ETHERTYPE_IP) {
- ip = mtod_off(m, IP_MCAST_HDR_OFFSET,
- struct ip *);
- if ((ip->ip_v == IPVERSION) &&
- IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) &&
- !(IN_LOCAL_GROUP(ntohl(ip->ip_dst.s_addr)))) {
- group = ntohl(ip->ip_dst.s_addr);
- src = NG_NODE_ID(NG_PEER_NODE(hook));
- }
- }
- } else if (!m) { /* m_pullup failed, free item and leave */
- error = EINVAL;
- goto rcvdata_free_item_error;
- }
- NGI_M(item) = m; /* give mbuf back to item */
- }
-#endif /* MULTICAST_LOOKUPS */
-
- /* Count number of linked nodes, not just number of hooks */
- nhooks = 0;
- LIST_FOREACH(hook2, &node->nd_hooks, hk_hooks)
- {
- /* TODO: maintain a count of the number of linked nodes */
- if (hook2 == hook)
- continue;
- if (IS_PEER_KSOCKET(hook2)) { /* count all ksockets */
- nhooks++;
- continue;
- }
-#ifdef MULTICAST_LOOKUPS
- /* count hook using multicast lookup if packet is multicast */
- if ( group > 0 ) {
- if (!ng_wlan_mcast_lookup(node, hook, hook2, group, src) ||
- !ng_wlan_lookup(node, hook, hook2, NULL))
- continue;
- /* use normal unicast lookup */
- } else
-#endif /* MULTICAST_LOOKUPS */
- if (!ng_wlan_lookup(node, hook, hook2, NULL))
- continue;
- nhooks++;
- }
- if (nhooks==0) /* Nobody to receive the data */
- goto rcvdata_free_item_error;
-
- LIST_FOREACH(hook2, &node->nd_hooks, hk_hooks)
- {
- if (hook2 == hook)
- continue;
- /* Allocate a tag for prepending to the mbuf, which may or
- may not be used. If used, the ptr is set to NULL for the
- next loop iteration; unused (non-NULL ptr) will be freed
- after loop.
- */
- if (!tag)
- tag = (struct ng_wlan_tag *)m_tag_alloc(NGM_WLAN_COOKIE,
- NG_TAG_WLAN, TAGSIZE, M_NOWAIT | M_ZERO);
- if (!tag) goto rcvdata_free_item_error_nobufs;
- WLAN_TAG_ZERO(tag);
-
- /* check for ksocket backchannel to another ng_wlan */
- srcid = 0;
- if (IS_PEER_KSOCKET(hook2)) {
- /* this hook is connected to a ksocket
- * set srcid for prepending the mbuf */
- peer = NG_PEER_NODE(hook2);
- srcid = (NG_NODE_ID(peer) << 8) +
- NG_NODE_ID(NG_PEER_NODE(hook));
- } else
-#ifdef MULTICAST_LOOKUPS
- if ( group > 0 ) {
- if (!ng_wlan_mcast_lookup(node, hook, hook2, group, src) ||
- !ng_wlan_lookup(node, hook, hook2, tag))
- continue; /* multicast lookup failed */
- /* multicast lookup success - tag data filled in */
- } else
-#endif /* MULTICAST_LOOKUPS */
- if ( !ng_wlan_lookup(node, hook, hook2, tag)) {
- /* determine if peers are connected, fill in tag data */
- continue;
- }
- if ((m->m_flags & M_MCAST) && (priv->mer > 0) && tag) {
- tag->per = priv->mer; /* use configured mcast error */
- tag->burst = priv->mburst; /* use conf mcast burst */
- }
-
- if (--nhooks == 0) { /* nhooks is really number of links */
- if (srcid > 0) { /* add srcid for ksockets */
- NGI_GET_M(item, m);
- M_PREPEND(m, sizeof(ng_ID_t), M_DONTWAIT);
- if (!m) goto rcvdata_free_item_error_nobufs;
- mtod(m, ng_ID_t*)[0] = htonl(srcid);
- NGI_M(item) = m;
- } else if (tag && TAG_HAS_DATA(tag)) {
- m_tag_prepend(m, &tag->tag);
- tag = NULL; /* tag used */
- }
- NG_FWD_ITEM_HOOK(error, item, hook2);
- break; /* no need to loop and malloc */
- } else {
- if ((m2 = m_dup(m, M_DONTWAIT)) == NULL)
- goto rcvdata_free_item_error_nobufs;
- if (srcid > 0) { /* add srcid for ksockets */
- M_PREPEND(m2, sizeof(ng_ID_t), M_DONTWAIT);
- if (!m2) goto rcvdata_free_item_error_nobufs;
- mtod(m2, ng_ID_t*)[0] = htonl(srcid);
- } else if (tag && TAG_HAS_DATA(tag)) {
- m_tag_prepend(m2, &tag->tag);
- tag = NULL; /* tag used */
- }
- NG_SEND_DATA_ONLY(error, hook2, m2);
- if (error) /* XXX free mbuf? */
- continue; /* don't give up */
- } /* end if nhooks==0 */
- } /* end FOREACH hook */
-
- if (tag) /* cleanup unused tag */
- m_tag_free(&tag->tag);
-
- /* assume item has been freed by fwd above (nhooks==0) */
- goto rcvdata_out;
-
-rcvdata_free_item_error_nobufs:
- error = ENOBUFS;
-rcvdata_free_item_error:
- NG_FREE_ITEM(item);
-
-rcvdata_out:
-#ifdef WLAN_GIANT_LOCK
- mtx_unlock(&ng_wlan_giant);
-#else
- mtx_unlock(&priv->ng_wlan_tab_lock);
-#ifdef MULTICAST_LOOKUPS
- mtx_unlock(&priv->ng_wlan_mcast_tab_lock);
-#endif /* MULTICAST_LOOKUPS */
-#endif
- return (error);
-}
-#endif /* FREEBSD411 */
-
-#ifndef FREEBSD411
-/*
- * Handle incoming data from hooks connected to kernel sockets
- */
-static int
-ng_wlan_rcvdata_ks(hook_p hook, item_p item)
-{
- const node_p node = NG_HOOK_NODE(hook);
- const priv_p priv = NG_NODE_PRIVATE(node);
- int error = 0;
- hook_p hook2;
- struct mbuf *m, *m2;
- int nhooks;
- struct ng_wlan_tag *tag = NULL;
- ng_ID_t srcid;
- struct ng_hook hooklookup, hooklookup2;
- struct ng_node nodelookup;
-
- /* Checking for NG_INVALID flag fixes race upon shutdown */
- if ((NG_NODE_NOT_VALID(node)) ||
- ((nhooks = NG_NODE_NUMHOOKS(node)) == 1)) {
- NG_FREE_ITEM(item);
- return (0);
- }
-
-#ifndef FREEBSD411
-#ifdef WLAN_GIANT_LOCK
- mtx_lock(&ng_wlan_giant);
-#else
- mtx_lock(&priv->ng_wlan_tab_lock);
-#endif
-#endif
- /* this packet came from another system, so we read the
- * netgraph ID from the mbuf for use in lookups */
- NGI_GET_M(item, m);
- if (m->m_pkthdr.len < sizeof(ng_ID_t)) { /* too short */
- error = EINVAL;
- goto rcvdata_ks_free_item_error;
- }
- if (m->m_len < sizeof(ng_ID_t) &&
- (m = m_pullup(m, sizeof(ng_ID_t))) == NULL) {
- goto rcvdata_ks_free_item_error_nobufs;
- }
- srcid = ntohl(*mtod(m, ng_ID_t*));
- m_adj(m, sizeof(ng_ID_t));
- NGI_M(item) = (m);
- /* build fake hooks/node for performing lookup */
- hooklookup2.hk_node = &nodelookup;
- hooklookup.hk_peer = &hooklookup2;
- nodelookup.nd_ID = srcid;
-
- /* Count number of linked nodes, not just number of hooks */
- nhooks = 0;
- LIST_FOREACH(hook2, &node->nd_hooks, hk_hooks) {
- /* TODO: maintain a count of the number of linked nodes */
- if (hook2 == hook)
- continue;
- /* ksockets not counted here -- they'll be skipped */
- if (!ng_wlan_lookup(node, &hooklookup, hook2, NULL))
- continue;
- nhooks++;
- }
- if (nhooks==0) /* Nobody to receive the data */
- goto rcvdata_ks_free_item_error;
-
-
- LIST_FOREACH(hook2, &node->nd_hooks, hk_hooks) {
- if (hook2 == hook)
- continue;
- /* Allocate a tag for prepending to the mbuf, which may or
- may not be used. If used, the ptr is set to NULL for the
- next loop iteration; unused (non-NULL ptr) will be freed
- after loop.
- */
- if (!tag)
- tag = (struct ng_wlan_tag *)m_tag_alloc(NGM_WLAN_COOKIE,
- NG_TAG_WLAN, TAGSIZE, M_NOWAIT | M_ZERO);
- if (!tag) goto rcvdata_ks_free_item_error_nobufs;
- WLAN_TAG_ZERO(tag);
-
- /* don't send data to other ksockets */
- if (IS_PEER_KSOCKET(hook2)) {
- continue;
- /* determine if peers are connected */
- } else if ( !ng_wlan_lookup(node, &hooklookup, hook2, tag)) {
- continue;
- }
-
- if (--nhooks == 0) { /* nhooks is really number of links */
- if (tag && TAG_HAS_DATA(tag)) {
- m_tag_prepend(m, &tag->tag);
- tag = NULL; /* tag used */
- }
- NG_FWD_ITEM_HOOK(error, item, hook2);
- } else {
- if ((m2 = m_dup(m, M_DONTWAIT)) == NULL)
- goto rcvdata_ks_free_item_error_nobufs;
- if (tag && TAG_HAS_DATA(tag)) {
- m_tag_prepend(m2, &tag->tag);
- tag = NULL; /* tag used */
- }
- NG_SEND_DATA_ONLY(error, hook2, m2);
- if (error) /* XXX free mbuf? */
- continue; /* don't give up */
- }
- }
- if (tag) /* cleanup unused tag */
- m_tag_free(&tag->tag);
-
- goto rcvdata_ks_out;
-
-rcvdata_ks_free_item_error_nobufs:
- error = ENOBUFS;
-rcvdata_ks_free_item_error:
- NG_FREE_ITEM(item);
-
-rcvdata_ks_out:
-#ifndef FREEBSD411
-#ifdef WLAN_GIANT_LOCK
- mtx_unlock(&ng_wlan_giant);
-#else
- mtx_unlock(&priv->ng_wlan_tab_lock);
-#endif
-#endif
- return (error);
-}
-#endif /* !FREEBSD411 */
-
-
-static int
-ng_wlan_disconnect(hook_p hook)
-{
-#ifdef FREEBSD411
- const priv_p priv = hook->node->private;
-#else
- const priv_p priv = hook->hk_node->nd_private;
-#endif
-
- if (NG_NODE_NUMHOOKS(NG_HOOK_NODE(hook)) == 0 &&
- NG_NODE_IS_VALID(NG_HOOK_NODE(hook)) && !priv->persistent)
-#ifdef FREEBSD411
- ng_rmnode(NG_HOOK_NODE(hook));
-#else
- ng_rmnode_self(NG_HOOK_NODE(hook));
-#endif
- return (0);
-}
-
-static int
-ng_wlan_rmnode(node_p node)
-{
- const priv_p priv = NG_NODE_PRIVATE(node);
- int b, s;
- struct ng_wlan_hent *tmp;
-#ifdef MULTICAST_LOOKUPS
- struct ng_wlan_mcast_hent *mtmp;
-#endif /* MULTICAST_LOOKUPS */
- s=splimp();
-
-#ifdef FREEBSD411
- node->flags |= NG_INVALID;
- ng_cutlinks(node);
- ng_unname(node);
-#else
- node->nd_flags |= NGF_INVALID;
-#endif
- NG_NODE_SET_PRIVATE(node, NULL);
- NG_NODE_UNREF(node);
- /* empty any link lists */
- for (b = 0; b < MIN_BUCKETS; b++) {
- tmp = SLIST_FIRST(&priv->tab[b]);
- while (tmp) {
- SLIST_REMOVE_HEAD(&priv->tab[b], next);
- FREE(tmp, M_NETGRAPH_WLAN);
- tmp = SLIST_FIRST(&priv->tab[b]);
- }
- }
- FREE(priv->tab, M_NETGRAPH_WLAN);
-#ifndef FREEBSD411
- mtx_destroy(&priv->ng_wlan_tab_lock);
-#endif
- priv->tab = NULL;
-#ifdef MULTICAST_LOOKUPS
- /* empty any multicast entry link lists */
- for (b = 0; b < MIN_BUCKETS; b++) {
- mtmp = SLIST_FIRST(&priv->mcast_tab[b]);
- while (mtmp) {
- SLIST_REMOVE_HEAD(&priv->mcast_tab[b], next);
- FREE(mtmp, M_NETGRAPH_WLAN);
- mtmp = SLIST_FIRST(&priv->mcast_tab[b]);
- }
- }
- FREE(priv->mcast_tab, M_NETGRAPH_WLAN);
- mtx_destroy(&priv->ng_wlan_mcast_tab_lock);
-#endif /* MULTICAST_LOOKUPS */
- FREE(priv, M_NETGRAPH_WLAN);
-
- splx(s);
- return 0;
-}
-
-/*********************************************************************
-* WLAN FUNCTIONS *
-**********************************************************************/
-
-#define NODE_SORT(a, b, l, g) do { \
- if (a > b) { \
- g = a; \
- l = b; \
- } else { \
- g = b; \
- l = a; \
- } \
-} while (0);
-
-/*
- * Returns 1 if peers are linked, 0 if unlinked (default).
- */
-static int
-ng_wlan_lookup(node_p node, hook_p hook1, hook_p hook2,
- struct ng_wlan_tag *tag)
-{
- const priv_p priv = NG_NODE_PRIVATE(node);
- struct ng_wlan_hent *hent;
- node_p node1, node2;
- ng_ID_t l_id, g_id;
- int bucket;
-
- if (!hook1 || !hook2)
- return 0;
- node1 = NG_PEER_NODE(hook1);
- node2 = NG_PEER_NODE(hook2);
- if (!node1 || !node2)
- return 0;
-
- NODE_SORT(NG_NODE_ID(node1), NG_NODE_ID(node2), l_id, g_id);
- bucket = HASH(l_id, g_id);
-
-/* mtx_lock(&priv->ng_wlan_tab_lock); */
- SLIST_FOREACH(hent, &priv->tab[bucket], next) {
- if ((hent->l_id == l_id) && (hent->g_id == g_id)) {
- /* optionally fill in tag with link data*/
- if (tag && hent->linked) {
- tag->delay = hent->delay;
- tag->bandwidth = hent->bandwidth;
- tag->per = hent->per;
- tag->duplicate = hent->duplicate;
- tag->jitter = hent->jitter;
- tag->burst = hent->burst;
- }
-/* mtx_unlock(&priv->ng_wlan_tab_lock); */
- return (hent->linked); /* linked or not linked flag */
- }
- }
-/* mtx_unlock(&priv->ng_wlan_tab_lock); */
- return 0; /* not linked (not found) */
-}
-
-#ifdef MULTICAST_LOOKUPS
-/*
- * Returns 1 if peers are linked for this multicast group,
- * 0 if unlinked (default).
- */
-static int
-ng_wlan_mcast_lookup(node_p node, hook_p hook1, hook_p hook2,
- u_int32_t group, u_int32_t source)
-{
- const priv_p priv = NG_NODE_PRIVATE(node);
- struct ng_wlan_mcast_hent *hent;
- node_p node1, node2;
- ng_ID_t l_id, g_id;
- int bucket;
-
- if (!hook1 || !hook2)
- return 0;
-
- node1 = NG_PEER_NODE(hook1);
- node2 = NG_PEER_NODE(hook2);
- if (!node1 || !node2)
- return 0;
-
- NODE_SORT(NG_NODE_ID(node1), NG_NODE_ID(node2), l_id, g_id);
- bucket = MCAST_HASH(l_id, g_id, group);
-
- SLIST_FOREACH(hent, &priv->mcast_tab[bucket], next) {
- if ((hent->l_id == l_id) && (hent->g_id == g_id) &&
- (hent->group == group) && (hent->source == source)) {
- return (hent->linked);
- }
- }
- return 0; /* not linked (not found) */
-}
-
-/*
- * Link/unlink to peers for a given multicast group.
- */
-static int
-ng_wlan_mcast_link(node_p node, ng_ID_t node1, ng_ID_t node2,
- u_int32_t group, u_int32_t source, int unlink)
-{
- const priv_p priv = NG_NODE_PRIVATE(node);
- ng_ID_t l_id, g_id;
- int bucket;
- struct ng_wlan_mcast_hent *hent;
-
- NODE_SORT(node1, node2, l_id, g_id);
- bucket = MCAST_HASH(l_id, g_id, group);
- priv->multicast_enabled = 1; /* turn on multicast lookups,
- this is never turned off */
-
- /* Look for existing entry */
- SLIST_FOREACH(hent, &priv->mcast_tab[bucket], next) {
- if ((hent->l_id == l_id) && (hent->g_id == g_id) &&
- (hent->group == group) && (hent->source == source))
- break;
- }
-
- /* Unlink called but no entry exists */
- if (!hent && unlink) {
- return 0;
- }
-
- /* Allocate and initialize a new hash table entry */
- if (!hent) {
- MALLOC( hent, struct ng_wlan_mcast_hent *,
- sizeof(*hent), M_NETGRAPH_WLAN, M_NOWAIT);
- if (hent == NULL) {
- return(ENOBUFS);
- }
- hent->l_id = l_id;
- hent->g_id = g_id;
- hent->group = group;
- hent->source = source;
- /* Add the new element to the hash bucket */
- SLIST_INSERT_HEAD(&priv->mcast_tab[bucket], hent, next);
- }
-
- if (unlink)
- hent->linked = 0;
- else
- hent->linked = 1;
- return 0;
-}
-#endif /* MULTICAST_LOOKUPS */
-
-/*
- * Link two peers together.
- * Once two peers have been linked together, the link can be flagged as
- * linked/unlinked in their hash table entry. Set link data if supplied.
- */
-static int
-ng_wlan_link(node_p node, ng_ID_t node1, ng_ID_t node2,
- struct ng_wlan_set_data *data)
-{
- const priv_p priv = NG_NODE_PRIVATE(node);
- ng_ID_t l_id, g_id;
- int bucket;
- struct ng_wlan_hent *hent;
-
- NODE_SORT(node1, node2, l_id, g_id);
- bucket = HASH(l_id, g_id);
-/* mtx_lock(&priv->ng_wlan_tab_lock); */
-
- /* Look for existing entry */
- SLIST_FOREACH(hent, &priv->tab[bucket], next) {
- if ((hent->l_id == l_id) && (hent->g_id == g_id))
- break;
- }
- /* Allocate and initialize a new hash table entry */
- if (!hent) {
- MALLOC( hent, struct ng_wlan_hent *,
- sizeof(*hent), M_NETGRAPH_WLAN, M_NOWAIT | M_ZERO);
- if (hent == NULL) {
-/* mtx_unlock(&priv->ng_wlan_tab_lock); */
- return(ENOBUFS);
- }
- hent->l_id = l_id;
- hent->g_id = g_id;
- /* Add the new element to the hash bucket */
- SLIST_INSERT_HEAD(&priv->tab[bucket], hent, next);
- }
-
- hent->linked = 1;
- if (data) {
- hent->delay = data->delay;
- hent->bandwidth = data->bandwidth;
- hent->per = data->per;
- hent->duplicate = data->duplicate;
- hent->jitter = data->jitter;
- hent->burst = data->burst;
- } else {
- WLAN_TAG_ZERO(hent);
- }
-/* mtx_unlock(&priv->ng_wlan_tab_lock); */
- return 0;
-}
-
-
-/*
- * Unlink two previously-linked peers.
- * because singly-linked list is not optimized for removals, we just
- * unset the "linked" flag. Link data is zeroed.
- */
-static int
-ng_wlan_unlink(node_p node, ng_ID_t node1, ng_ID_t node2)
-{
- const priv_p priv = NG_NODE_PRIVATE(node);
- ng_ID_t l_id, g_id;
- int bucket;
- struct ng_wlan_hent *hent;
-
- NODE_SORT(node1, node2, l_id, g_id);
- bucket = HASH(l_id, g_id);
-
- /* Look for existing entry */
-/* mtx_lock(&priv->ng_wlan_tab_lock); */
- SLIST_FOREACH(hent, &priv->tab[bucket], next) {
- /* entry exists in hash table, unset linked flag */
- if ((hent->l_id == l_id) && (hent->g_id == g_id)) {
- hent->linked = 0;
- WLAN_TAG_ZERO(hent);
-/* mtx_unlock(&priv->ng_wlan_tab_lock); */
- return(0);
- }
- }
- /* Entry does not exist in the hash table, do nothing. */
-/* mtx_unlock(&priv->ng_wlan_tab_lock); */
- return 0;
-}
-
diff --git a/kernel/freebsd/ng_wlan/ng_wlan.h b/kernel/freebsd/ng_wlan/ng_wlan.h
deleted file mode 100644
index 567a57a6..00000000
--- a/kernel/freebsd/ng_wlan/ng_wlan.h
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * Copyright (c) 2006-2011 the Boeing Company
- * ng_wlan is based on ng_hub, which is:
- * Copyright (c) 2004 Ruslan Ermilov
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-
-#ifndef _NETGRAPH_NG_WLAN_H_
-#define _NETGRAPH_NG_WLAN_H_
-
-/* Node type name and magic cookie. */
-#define NG_WLAN_NODE_TYPE "wlan"
-#define NGM_WLAN_COOKIE 1146673193
-
-/* Control message parse info */
-struct ng_wlan_config {
- u_int32_t node1;
- u_int32_t node2;
-};
-#define NG_WLAN_CONFIG_TYPE_INFO { \
- { "node1", &ng_parse_uint32_type }, \
- { "node2", &ng_parse_uint32_type }, \
- { NULL } \
-}
-
-struct ng_wlan_set_data {
- u_int32_t node1;
- u_int32_t node2;
- u_int64_t delay; /* keep these aligned with struct ng_wlan_tag */
- u_int64_t bandwidth;
- u_int16_t per;
- u_int16_t duplicate;
- u_int32_t jitter;
- u_int16_t burst;
-};
-#define NG_WLAN_SET_DATA_TYPE_INFO { \
- { "node1", &ng_parse_uint32_type }, \
- { "node2", &ng_parse_uint32_type }, \
- { "delay", &ng_parse_uint64_type }, \
- { "bandwidth", &ng_parse_uint64_type }, \
- { "per", &ng_parse_uint16_type }, \
- { "duplicate", &ng_parse_uint16_type }, \
- { "jitter", &ng_parse_uint32_type }, \
- { "burst", &ng_parse_uint16_type }, \
- { NULL } \
-}
-
-struct ng_wlan_mer {
- uint16_t mer;
- uint16_t mburst;
-};
-#define NG_WLAN_MER_TYPE_INFO { \
- { "mer", &ng_parse_uint16_type }, \
- { "mburst", &ng_parse_uint16_type }, \
- { NULL } \
-}
-
-#ifdef MULTICAST_LOOKUPS
-struct ng_wlan_multicast_set_data {
- u_int32_t node1;
- u_int32_t node2;
- u_int32_t group;
- u_int32_t source;
-};
-#define NG_WLAN_MULTICAST_SET_DATA_TYPE_INFO { \
- { "node1", &ng_parse_uint32_type }, \
- { "node2", &ng_parse_uint32_type }, \
- { "group", &ng_parse_uint32_type }, \
- { "source", &ng_parse_uint32_type }, \
- { NULL } \
-}
-#endif /* MULTICAST_LOOKUPS */
-
-/* List of supported Netgraph control messages */
-enum {
- NGM_WLAN_LINK_NODES = 1,
- NGM_WLAN_UNLINK_NODES,
- NGM_WLAN_NODES_SET,
- NGM_WLAN_NODES_UNSET,
- NGM_WLAN_NODES_GET,
- NGM_WLAN_MER, /* MULTICAST_ERR */
- NGM_WLAN_MULTICAST_SET, /* MULTICAST_LOOKUPS */
- NGM_WLAN_MULTICAST_UNSET, /* MULTICAST_LOOKUPS */
- NGM_WLAN_MULTICAST_GET, /* MULTICAST_LOOKUPS */
-};
-
-#endif /* _NETGRAPH_NG_WLAN_H_ */
diff --git a/kernel/freebsd/ng_wlan/ng_wlan_tag.h b/kernel/freebsd/ng_wlan/ng_wlan_tag.h
deleted file mode 100644
index cf52802d..00000000
--- a/kernel/freebsd/ng_wlan/ng_wlan_tag.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 2006-2011 the Boeing Company
- * All rights reserved.
- *
- * author: Jeff Ahrenholz
- */
-
-
-#define NG_TAG_WLAN 0x01
-#ifdef FREEBSD411
-#define WLAN_META_SIZE (sizeof(struct ng_meta))+(sizeof(struct ng_wlan_tag))
-#define WLAN_META_PRIORITY 0x01
-#define TAGSIZE (sizeof(struct ng_wlan_tag) - sizeof(struct meta_field_header))
-#else
-#define TAGSIZE (sizeof(struct ng_wlan_tag) - sizeof(struct m_tag))
-#endif
-
-#define NG_WLAN_MAX_DELAY 2000000 /* 2,000,000us = 2s */
-#define NG_WLAN_MAX_BW 1000000000 /* 1,000,000,000bps = 1000M */
-#define NG_WLAN_MAX_PER 100 /* 100% */
-#define NG_WLAN_MAX_DUP 50 /* 50% */
-#define NG_WLAN_MAX_JITTER NG_WLAN_MAX_DELAY
-#define NG_WLAN_MAX_BURST NG_WLAN_MAX_PER
-
-/* Tag data that is prepended to packets passing through the WLAN node.
- */
-struct ng_wlan_tag {
-#ifdef FREEBSD411
- struct meta_field_header meta_hdr;
-#else
- struct m_tag tag;
-#endif
- u_int64_t delay;
- u_int64_t bandwidth;
- u_int16_t per;
- u_int16_t duplicate;
- u_int32_t jitter;
- u_int16_t burst;
-};
-
-#define TAG_HAS_DATA(t) (t->delay || t->bandwidth || t->per || t->duplicate \
- || t->jitter || t->burst )
-
-#define WLAN_TAG_ZERO(t) do { \
- t->delay = 0; \
- t->bandwidth = 0; \
- t->per = 0; \
- t->duplicate = 0; \
- t->jitter = 0; \
- t->burst = 0; \
-} while(0);
-
-#define WLAN_TAG_COPY(a, b) do { \
- a->delay = ((struct ng_wlan_tag*)b)->delay; \
- a->bandwidth = ((struct ng_wlan_tag*)b)->bandwidth; \
- a->per = ((struct ng_wlan_tag*)b)->per; \
- a->duplicate = ((struct ng_wlan_tag*)b)->duplicate; \
- a->jitter = ((struct ng_wlan_tag*)b)->jitter; \
- a->burst = ((struct ng_wlan_tag*)b)->burst; \
-} while(0);
diff --git a/kernel/freebsd/symlinks-8.1-RELEASE.diff b/kernel/freebsd/symlinks-8.1-RELEASE.diff
deleted file mode 100644
index e713e76c..00000000
--- a/kernel/freebsd/symlinks-8.1-RELEASE.diff
+++ /dev/null
@@ -1,78 +0,0 @@
-Index: sys/kern/vfs_lookup.c
-===========================================================================
---- sys/kern/vfs_lookup.c 2010/06/17 19:18:00 #3
-+++ sys/kern/vfs_lookup.c 2010/06/17 19:18:00
-@@ -59,6 +59,8 @@
- #include
- #endif
-
-+#include
-+
- #include
- #include
-
-@@ -72,6 +74,19 @@
- "unsigned long");
- SDT_PROBE_DEFINE2(vfs, namei, lookup, return, "int", "struct vnode *");
-
-+#ifdef VIMAGE
-+#define IMUNES_SYMLINK_HACK
-+#endif
-+
-+#ifdef IMUNES_SYMLINK_HACK
-+static VNET_DEFINE(int, morphing_symlinks);
-+#define V_morphing_symlinks VNET(morphing_symlinks)
-+
-+SYSCTL_VNET_INT(_vfs, OID_AUTO, morphing_symlinks, CTLFLAG_RW,
-+ &VNET_NAME(morphing_symlinks), 0,
-+ "Resolve @ to vimage name in symlinks");
-+#endif
-+
- /*
- * Allocation zone for namei
- */
-@@ -333,6 +348,44 @@
- error = ENOENT;
- break;
- }
-+#ifdef IMUNES_SYMLINK_HACK
-+ /*
-+ * If the symbolic link includes a special character '@',
-+ * and V_morphing_symlinks is set, substitute the first
-+ * occurence of '@' with full path to jail / vimage name.
-+ * If the full path includes subhierarchies, s/./\// when
-+ * expanding '@' to jail / vimage name.
-+ *
-+ * XXX revisit buffer length checking.
-+ */
-+ CURVNET_SET_QUIET(TD_TO_VNET(curthread));
-+ if (V_morphing_symlinks) {
-+ char *sp = strchr(cp, '@');
-+
-+ if (sp) {
-+ char *vname = td->td_ucred->cr_prison->pr_name;
-+ int vnamelen = strlen(vname);
-+ int i;
-+
-+ if (vnamelen >= auio.uio_resid) {
-+ if (ndp->ni_pathlen > 1)
-+ uma_zfree(namei_zone, cp);
-+ error = ENAMETOOLONG;
-+ CURVNET_RESTORE();
-+ break;
-+ }
-+ bcopy(sp + 1, sp + vnamelen,
-+ linklen - (sp - cp));
-+ bcopy(td->td_ucred->cr_prison->pr_name,
-+ sp, vnamelen);
-+ linklen += (vnamelen - 1);
-+ for (i = 0; i < vnamelen; i++)
-+ if (sp[i] == '.')
-+ sp[i] = '/';
-+ }
-+ }
-+ CURVNET_RESTORE();
-+#endif
- if (linklen + ndp->ni_pathlen >= MAXPATHLEN) {
- if (ndp->ni_pathlen > 1)
- uma_zfree(namei_zone, cp);
diff --git a/kernel/freebsd/vimage/Makefile b/kernel/freebsd/vimage/Makefile
deleted file mode 100644
index 76c76179..00000000
--- a/kernel/freebsd/vimage/Makefile
+++ /dev/null
@@ -1,14 +0,0 @@
-# $FreeBSD$
-
-PROG= vimage
-LDADD= -ljail
-DPADD= ${LIBJAIL}
-
-WARNS?= 2
-CFLAGS+= -I../../../sys
-
-MAN= vimage.8
-
-BINDIR?= /usr/sbin
-
-.include
diff --git a/kernel/freebsd/vimage/vimage.8 b/kernel/freebsd/vimage/vimage.8
deleted file mode 100644
index d55bcba4..00000000
--- a/kernel/freebsd/vimage/vimage.8
+++ /dev/null
@@ -1,195 +0,0 @@
-.\" Copyright (c) 2002, 2003 Marko Zec
-.\" Copyright (c) 2009 University of Zagreb
-.\" Copyright (c) 2009 FreeBSD Foundation
-.\"
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $FreeBSD$
-.\"
-.Dd August 25, 2009
-.Dt VIMAGE 8
-.Os
-.Sh NAME
-.Nm vimage
-.Nd manage virtual network stacks
-.Sh SYNOPSIS
-.Nm
-.Op Fl c | m
-.Ar vname
-.Op Ar param=value ...
-.Nm
-.Fl d
-.Ar vname
-.Nm
-.Fl l
-.Op Fl rvj
-.Op Ar vname
-.Nm
-.Fl i
-.Ar vname ifname
-.Op Ar newifname
-.Nm
-.Ar vi_name
-.Op command ...
-.Sh DESCRIPTION
-The
-.Nm
-utility is an alternative user interface for controlling virtual network
-stacks in FreeBSD, aimed primarily at supporting legacy applications
-which are not yet converted to using
-.Xr jail 8 ,
-.Xr jexec 8 ,
-and
-.Xr jls 8 .
-.
-.Ss Overview
-A virtual image or vimage is a jail with its own independent network
-stack instance. Every process, socket and network interface present
-in the system is always attached to one, and only one, virtual network
-stack instance (vnet).
-During system bootup sequence a default vnet
-is created to which all the configured interfaces and user processes
-are initially attached.
-Assuming that enough system resources are
-are available, a user with sufficient privileges can create and manage
-a hierarchy of subordinated virtual images.
-The
-.Nm
-command allows for creation, deletion and monitoring of virtual images,
-as well as for execution of arbitrary processes in a targeted virtual
-image.
-.Ss Invocation
-If invoked with no modifiers, the
-.Nm
-command spawns a new interactive shell in virtual image
-.Ar vname .
-If optional additional arguments following
-.Ar vname
-are provided, the first of those will be executed in place of the
-interactive shell, and the rest of the arguments will be passed as
-arguments to the executed command.
-.Pp
-The following modifiers are available:
-.Bl -tag -width indent
-.It Fl c
-Create a new virtual image named
-.Ar vname .
-Additional arguments, if provided, may be used to specify operating
-parameters different from defaults, in format
-.Ar param=value .
-See
-.Xr jail 8
-for an extensive list of available parameters.
-.It Fl m
-Modify the parameters of a virtual image named
-.Ar vname ,
-using the same syntax as with the -c form of the command.
-.It Fl d
-Delete the virtual image
-.Ar vname .
-No processes and/or sockets should exist in the target virtual image
-in order for the delete request to succeed. Non-loopback interfaces
-residing in the target virtual image will be reassigned to the virtual
-image's parent.
-.It Fl l
-List the properties and statistics for virtual images one level
-below the current one in the hierarchy. If an optional argument
-.Ar vname
-is provided, only the information regarding the target virtual image
-.Ar vname
-is displayed.
-With the optional
-.Op Ar -r
-switch enabled the list will include all virtual images below the
-current level in the vimage hierarchy.
-Enabling the optional
-.Op Ar -v
-or
-.Op Ar -j
-switches results in a more detailed output.
-.It Fl i
-Move interface
-.Ar ifname
-to the target virtual image
-.Ar vname .
-Interfaces will be automatically renamed to
-.So
-ethXX
-.Sc ,
-unless an optional argument specifying the desired interface name
-.Op Ar newifname
-is provided.
-.El
-.Sh EXAMPLES
-Create a new virtual image named
-.So v1
-.Sc ,
-which is allowed to create and manage an own subhierarchy of vimages:
-.Pp
-.Dl vimage -c v1 children.max=100
-.Pp
-Execute the
-.So ifconfig
-.Sc command in the virtual image
-.So v1
-.Sc :
-.Pp
-.Dl vimage v1 ifconfig
-.Pp
-Move the interface
-.So vlan0
-.Sc to the virtual image
-.So v1
-.Sc while renaming the interface as
-.So
-ve0
-.Sc :
-.Pp
-.Dl vimage -i v1 vlan0 ve0
-.Pp
-Show the status information for virtual image
-.So v1
-.Sc :
-.Pp
-.Dl vimage -lv v1
-.Sh DIAGNOSTICS
-The
-.Nm
-command exits 0 on success, and >0 if an error occurs.
-.Sh SEE ALSO
-.Xr jail 8
-.Xr jexec 8
-.Xr jls 8
-.Sh HISTORY
-Network stack virtualization framework first appeared as a patchset
-against the FreeBSD 4.7 kernel in 2002, and was maintained outside
-of the main FreeBSD tree.
-As a result of a project sponsored by the FreeBSD Foundation and
-Stiching NLNet, integrated virtualized network stack first appeared
-in FreeBSD 8.0.
-.Sh BUGS
-Deletion of vimages / vnets is known to leak kernel memory and fail at
-stopping various timers, hence may lead to system crashes.
-.Sh AUTHOR
-.An "Marko Zec" Aq zec@fer.hr
diff --git a/kernel/freebsd/vimage/vimage.c b/kernel/freebsd/vimage/vimage.c
deleted file mode 100644
index e6655999..00000000
--- a/kernel/freebsd/vimage/vimage.c
+++ /dev/null
@@ -1,390 +0,0 @@
-/*
- * Copyright (c) 2002-2004 Marko Zec
- * Copyright (c) 2009 University of Zagreb
- * Copyright (c) 2009 FreeBSD Foundation
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $FreeBSD$
- */
-
-#include
-#include
-#include
-#include
-
-#include
-
-#include
-#include
-#include
-#include
-#include
-#include
-
-typedef enum {
- VI_SWITCHTO,
- VI_CREATE,
- VI_MODIFY,
- VI_DESTROY,
- VI_IFMOVE,
- VI_GET
-} vi_cmd_t;
-
-typedef struct vimage_status {
- char name[MAXPATHLEN]; /* Must be first field for strcmp(). */
- char path[MAXPATHLEN];
- char hostname[MAXPATHLEN];
- char domainname[MAXPATHLEN];
- int jid;
- int parentjid;
- int vnet;
- int childcnt;
- int childmax;
- int cpuset;
- int rawsock;
- int socket_af;
- int mount;
-} vstat_t;
-
-#define VST_SIZE_STEP 1024
-#define MAXPARAMS 32
-
-static int getjail(vstat_t *, int, int);
-
-static char *invocname;
-
-static void
-usage(void)
-{
-
- fprintf(stderr,
- "usage: %s [-c | -m] vname [param=value ...]\n"
- " %s -d vname\n"
- " %s -l[rvj] [vname]\n"
- " %s -i vname ifname [newifname]\n"
- " %s vname [command ...]\n",
- invocname, invocname, invocname, invocname, invocname);
- exit(1);
-}
-
-int
-main(int argc, char **argv)
-{
- struct jailparam params[MAXPARAMS];
- char ifname[IFNAMSIZ];
- struct ifreq ifreq;
- vi_cmd_t newcmd, cmd;
- int recurse = 0;
- int verbose = 0;
- int jid, i, s, namelen;
- int vst_size, vst_last;
- vstat_t *vst;
- char *str;
- char ch;
-
- invocname = argv[0];
-
- newcmd = cmd = VI_SWITCHTO; /* Default if no modifiers specified. */
- while ((ch = getopt(argc, argv, "cdijlmrv")) != -1) {
- switch (ch) {
- case 'c':
- newcmd = VI_CREATE;
- break;
- case 'm':
- newcmd = VI_MODIFY;
- break;
- case 'd':
- newcmd = VI_DESTROY;
- break;
- case 'l':
- newcmd = VI_GET;
- break;
- case 'i':
- newcmd = VI_IFMOVE;
- break;
- case 'r':
- recurse = 1;
- break;
- case 'v':
- verbose++;
- break;
- case 'j':
- verbose = 2;
- break;
- default:
- usage();
- }
- if (cmd == VI_SWITCHTO || cmd == newcmd)
- cmd = newcmd;
- else
- usage();
- }
- argc -= optind;
- argv += optind;
-
- if ((cmd != VI_GET && (argc == 0 || recurse != 0 || verbose != 0)) ||
- (cmd == VI_IFMOVE && (argc < 2 || argc > 3)) ||
- (cmd == VI_MODIFY && argc < 2) || argc >= MAXPARAMS)
- usage();
-
- switch (cmd) {
- case VI_GET:
- vst_last = 0;
- vst_size = VST_SIZE_STEP;
- if ((vst = malloc(vst_size * sizeof(*vst))) == NULL)
- break;
- if (argc == 1)
- namelen = strlen(argv[0]);
- else
- namelen = 0;
- jid = 0;
- while ((jid = getjail(&vst[vst_last], jid, verbose)) > 0) {
- /* Skip jails which do not own vnets. */
- if (vst[vst_last].vnet != 1)
- continue;
- /* Skip non-matching vnames / hierarchies. */
- if (namelen &&
- ((strlen(vst[vst_last].name) < namelen ||
- strncmp(vst[vst_last].name, argv[0], namelen) != 0)
- || (strlen(vst[vst_last].name) > namelen &&
- vst[vst_last].name[namelen] != '.')))
- continue;
- /* Skip any sub-trees if -r not requested. */
- if (!recurse &&
- (strlen(vst[vst_last].name) < namelen ||
- strchr(&vst[vst_last].name[namelen], '.') != NULL))
- continue;
- /* Grow vst table if necessary. */
- if (++vst_last == vst_size) {
- vst_size += VST_SIZE_STEP;
- vst = realloc(vst, vst_size * sizeof(*vst));
- if (vst == NULL)
- break;
- }
- }
- if (vst == NULL)
- break;
- /* Sort: the key is the 1st field in *vst, i.e. vimage name. */
- qsort(vst, vst_last, sizeof(*vst), (void *) strcmp);
- for (i = 0; i < vst_last; i++) {
- if (!verbose) {
- printf("%s\n", vst[i].name);
- continue;
- }
-
- printf("%s:\n", vst[i].name);
- printf(" Path: %s\n", vst[i].path);
- printf(" Hostname: %s\n", vst[i].hostname);
- printf(" Domainname: %s\n", vst[i].domainname);
- printf(" Children: %d\n", vst[i].childcnt);
-
- if (verbose < 2)
- continue;
-
- printf(" Children limit: %d\n", vst[i].childmax);
- printf(" CPUsetID: %d\n", vst[i].cpuset);
- printf(" JID: %d\n", vst[i].jid);
- printf(" PJID: %d\n", vst[i].parentjid);
- printf(" Raw sockets allowed: %d\n", vst[i].rawsock);
- printf(" All AF allowed: %d\n", vst[i].socket_af);
- printf(" Mount allowed: %d\n", vst[i].mount);
- }
- free(vst);
- exit(0);
-
- case VI_IFMOVE:
- if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
- break;
- if ((jid = jail_getid(argv[0])) < 0)
- break;
- ifreq.ifr_jid = jid;
- strncpy(ifreq.ifr_name, argv[1], sizeof(ifreq.ifr_name));
- if (ioctl(s, SIOCSIFVNET, (caddr_t)&ifreq) < 0)
- break;
- close(s);
- if (argc == 3)
- snprintf(ifname, sizeof(ifname), "%s", argv[2]);
- else
- snprintf(ifname, sizeof(ifname), "eth0");
- ifreq.ifr_data = ifname;
- /* Do we need to rename the ifnet? */
- if (strcmp(ifreq.ifr_name, ifname) != 0) {
- /* Switch to the context of the target vimage. */
- if (jail_attach(jid) < 0)
- break;
- if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
- break;
- for (namelen = 0; isalpha(ifname[namelen]); namelen++);
- i = 0;
- /* Search for a free ifunit in target vnet. Unsafe. */
- while (ioctl(s, SIOCSIFNAME, (caddr_t)&ifreq) < 0) {
- snprintf(&ifname[namelen],
- sizeof(ifname) - namelen, "%d", i);
- /* Emergency brake. */
- if (i++ == IF_MAXUNIT)
- break;
- }
- }
- if (i < IF_MAXUNIT)
- printf("%s@%s\n", ifname, argv[0]);
- else
- printf("%s@%s\n", ifreq.ifr_name, argv[0]);
- exit(0);
-
- case VI_CREATE:
- if (jail_setv(JAIL_CREATE,
- "name", argv[0],
- "vnet", NULL,
- "host", NULL,
- "persist", NULL,
- "allow.raw_sockets", "true",
- "allow.socket_af", "true",
- "allow.mount", "true",
- NULL) < 0)
- break;
- if (argc == 1)
- exit(0);
- /* Not done yet, proceed to apply non-default parameters. */
-
- case VI_MODIFY:
- jailparam_init(¶ms[0], "name");
- jailparam_import(¶ms[0], argv[0]);
- for (i = 1; i < argc; i++) {
- for (str = argv[i]; *str != '=' && *str != 0; str++) {
- /* Do nothing - search for '=' delimeter. */
- }
- if (*str == 0)
- break;
- *str++ = 0;
- if (*str == 0)
- break;
- jailparam_init(¶ms[i], argv[i]);
- jailparam_import(¶ms[i], str);
- }
- if (i != argc)
- break;
- if (jailparam_set(params, i, JAIL_UPDATE) < 0)
- break;
- exit(0);
-
- case VI_DESTROY:
- if ((jid = jail_getid(argv[0])) < 0)
- break;
- if (jail_remove(jid) < 0)
- break;
- exit(0);
-
- case VI_SWITCHTO:
- if ((jid = jail_getid(argv[0])) < 0)
- break;
- if (jail_attach(jid) < 0)
- break;
- if (argc == 1) {
- printf("Switched to vimage %s\n", argv[0]);
- if ((str = getenv("SHELL")) == NULL)
- execlp("/bin/sh", invocname, NULL);
- else
- execlp(str, invocname, NULL);
- } else
- execvp(argv[1], &argv[1]);
- break;
-
- default:
- /* Should be unreachable. */
- break;
- }
-
- if (jail_errmsg[0])
- fprintf(stderr, "Error: %s\n", jail_errmsg);
- else
- perror("Error");
- exit(1);
-}
-
-static int
-getjail(vstat_t *vs, int lastjid, int verbose)
-{
- struct jailparam params[32]; /* Must be > max(psize). */
- int psize = 0;
-
- bzero(params, sizeof(params));
- bzero(vs, sizeof(*vs));
-
- jailparam_init(¶ms[psize], "lastjid");
- jailparam_import_raw(¶ms[psize++], &lastjid, sizeof lastjid);
-
- jailparam_init(¶ms[psize], "vnet");
- jailparam_import_raw(¶ms[psize++], &vs->vnet, sizeof(vs->vnet));
-
- jailparam_init(¶ms[psize], "name");
- jailparam_import_raw(¶ms[psize++], &vs->name, sizeof(vs->name));
-
- if (verbose == 0)
- goto done;
-
- jailparam_init(¶ms[psize], "path");
- jailparam_import_raw(¶ms[psize++], &vs->path, sizeof(vs->path));
-
- jailparam_init(¶ms[psize], "host.hostname");
- jailparam_import_raw(¶ms[psize++], &vs->hostname,
- sizeof(vs->hostname));
-
- jailparam_init(¶ms[psize], "host.domainname");
- jailparam_import_raw(¶ms[psize++], &vs->domainname,
- sizeof(vs->domainname));
-
- jailparam_init(¶ms[psize], "children.cur");
- jailparam_import_raw(¶ms[psize++], &vs->childcnt,
- sizeof(vs->childcnt));
-
- if (verbose == 1)
- goto done;
-
- jailparam_init(¶ms[psize], "children.max");
- jailparam_import_raw(¶ms[psize++], &vs->childmax,
- sizeof(vs->childmax));
-
- jailparam_init(¶ms[psize], "cpuset.id");
- jailparam_import_raw(¶ms[psize++], &vs->cpuset,
- sizeof(vs->cpuset));
-
- jailparam_init(¶ms[psize], "parent");
- jailparam_import_raw(¶ms[psize++], &vs->parentjid,
- sizeof(vs->parentjid));
-
- jailparam_init(¶ms[psize], "allow.raw_sockets");
- jailparam_import_raw(¶ms[psize++], &vs->rawsock,
- sizeof(vs->rawsock));
-
- jailparam_init(¶ms[psize], "allow.socket_af");
- jailparam_import_raw(¶ms[psize++], &vs->socket_af,
- sizeof(vs->socket_af));
-
- jailparam_init(¶ms[psize], "allow.mount");
- jailparam_import_raw(¶ms[psize++], &vs->mount, sizeof(vs->mount));
-
-done:
- vs->jid = jailparam_get(params, psize, 0);
- jailparam_free(params, psize);
- return (vs->jid);
-}
diff --git a/kernel/freebsd/vimage_7-CORE.diff b/kernel/freebsd/vimage_7-CORE.diff
deleted file mode 100644
index c28bd1be..00000000
--- a/kernel/freebsd/vimage_7-CORE.diff
+++ /dev/null
@@ -1,3077 +0,0 @@
-diff -ur sys.20081015/netinet/ip_mroute.c sys/netinet/ip_mroute.c
---- sys.20081015/netinet/ip_mroute.c 2008-08-16 16:29:19.000000000 -0700
-+++ sys/netinet/ip_mroute.c 2008-11-05 16:30:04.000000000 -0800
-@@ -99,6 +99,7 @@
- #include
- #include
- #ifdef INET6
-+#include
- #include
- #include
- #include
-@@ -112,21 +113,30 @@
- * Control debugging code for rsvp and multicast routing code.
- * Can only set them with the debugger.
- */
-+#ifndef VIMAGE
- static u_int rsvpdebug; /* non-zero enables debugging */
-
- static u_int mrtdebug; /* any set of the flags below */
-+#endif /* !VIMAGE */
- #define DEBUG_MFC 0x02
- #define DEBUG_FORWARD 0x04
- #define DEBUG_EXPIRE 0x08
- #define DEBUG_XMIT 0x10
- #define DEBUG_PIM 0x20
-
-+#ifndef VIMAGE
- #define VIFI_INVALID ((vifi_t) -1)
-+#endif /* !VIMAGE */
-
- #define M_HASCL(m) ((m)->m_flags & M_EXT)
-
- static MALLOC_DEFINE(M_MRTABLE, "mroutetbl", "multicast routing tables");
-
-+static int vnet_mroute_iattach(const void *);
-+static int vnet_mroute_idetach(const void *);
-+
-+VNET_MOD_DECLARE(MROUTE, mroute, vnet_mroute_iattach, vnet_mroute_idetach, INET, NULL)
-+
- /*
- * Locking. We use two locks: one for the virtual interface table and
- * one for the forwarding table. These locks may be nested in which case
-@@ -140,48 +150,59 @@
- *
- */
-
-+#ifndef VIMAGE
- static struct mrtstat mrtstat;
--SYSCTL_STRUCT(_net_inet_ip, OID_AUTO, mrtstat, CTLFLAG_RW,
-- &mrtstat, mrtstat,
-+#endif /* !VIMAGE */
-+SYSCTL_V_STRUCT(V_NET, vnet_mroute, _net_inet_ip, OID_AUTO, mrtstat,
-+ CTLFLAG_RW, mrtstat, mrtstat,
- "Multicast Routing Statistics (struct mrtstat, netinet/ip_mroute.h)");
--
-+#ifndef VIMAGE
- static struct mfc *mfctable[MFCTBLSIZ];
--SYSCTL_OPAQUE(_net_inet_ip, OID_AUTO, mfctable, CTLFLAG_RD,
-- &mfctable, sizeof(mfctable), "S,*mfc[MFCTBLSIZ]",
-+SYSCTL_V_OID(V_NET, vnet_mroute, _net_inet_ip, CTLTYPE_OPAQUE|OID_AUTO,
-+ mfctable, CTLFLAG_RD, mfctable, sizeof(mfctable), sysctl_handle_opaque,
-+ "S,*mfc[MFCTBLSIZ]",
- "Multicast Forwarding Table (struct *mfc[MFCTBLSIZ], netinet/ip_mroute.h)");
-
- static struct mtx mrouter_mtx;
--#define MROUTER_LOCK() mtx_lock(&mrouter_mtx)
--#define MROUTER_UNLOCK() mtx_unlock(&mrouter_mtx)
--#define MROUTER_LOCK_ASSERT() mtx_assert(&mrouter_mtx, MA_OWNED)
-+#endif /* !VIMAGE */
-+#define MROUTER_LOCK() mtx_lock(&V_mrouter_mtx)
-+#define MROUTER_UNLOCK() mtx_unlock(&V_mrouter_mtx)
-+#define MROUTER_LOCK_ASSERT() mtx_assert(&V_mrouter_mtx, MA_OWNED)
- #define MROUTER_LOCK_INIT() \
-- mtx_init(&mrouter_mtx, "IPv4 multicast forwarding", NULL, MTX_DEF)
--#define MROUTER_LOCK_DESTROY() mtx_destroy(&mrouter_mtx)
-+ mtx_init(&V_mrouter_mtx, "IPv4 multicast forwarding", NULL, MTX_DEF)
-+#define MROUTER_LOCK_DESTROY() mtx_destroy(&V_mrouter_mtx)
-
-+#ifndef VIMAGE
- static struct mtx mfc_mtx;
--#define MFC_LOCK() mtx_lock(&mfc_mtx)
--#define MFC_UNLOCK() mtx_unlock(&mfc_mtx)
--#define MFC_LOCK_ASSERT() mtx_assert(&mfc_mtx, MA_OWNED)
--#define MFC_LOCK_INIT() mtx_init(&mfc_mtx, "mroute mfc table", NULL, MTX_DEF)
--#define MFC_LOCK_DESTROY() mtx_destroy(&mfc_mtx)
-+#endif /* !VIMAGE */
-+#define MFC_LOCK() mtx_lock(&V_mfc_mtx)
-+#define MFC_UNLOCK() mtx_unlock(&V_mfc_mtx)
-+#define MFC_LOCK_ASSERT() mtx_assert(&V_mfc_mtx, MA_OWNED)
-+#define MFC_LOCK_INIT() mtx_init(&V_mfc_mtx, "mroute mfc table", NULL, MTX_DEF)
-+#define MFC_LOCK_DESTROY() mtx_destroy(&V_mfc_mtx)
-
-+#ifndef VIMAGE
- static struct vif viftable[MAXVIFS];
--SYSCTL_OPAQUE(_net_inet_ip, OID_AUTO, viftable, CTLFLAG_RD,
-- &viftable, sizeof(viftable), "S,vif[MAXVIFS]",
-+SYSCTL_V_OID(V_NET, vnet_mroute, _net_inet_ip, CTLTYPE_OPAQUE|OID_AUTO, viftable,
-+ CTLFLAG_RD, viftable, sizeof(viftable), sysctl_handle_opaque,
-+ "S,vif[MAXVIFS]",
- "Multicast Virtual Interfaces (struct vif[MAXVIFS], netinet/ip_mroute.h)");
-
- static struct mtx vif_mtx;
--#define VIF_LOCK() mtx_lock(&vif_mtx)
--#define VIF_UNLOCK() mtx_unlock(&vif_mtx)
--#define VIF_LOCK_ASSERT() mtx_assert(&vif_mtx, MA_OWNED)
--#define VIF_LOCK_INIT() mtx_init(&vif_mtx, "mroute vif table", NULL, MTX_DEF)
--#define VIF_LOCK_DESTROY() mtx_destroy(&vif_mtx)
-+#endif /* !VIMAGE */
-+#define VIF_LOCK() mtx_lock(&V_vif_mtx)
-+#define VIF_UNLOCK() mtx_unlock(&V_vif_mtx)
-+#define VIF_LOCK_ASSERT() mtx_assert(&V_vif_mtx, MA_OWNED)
-+#define VIF_LOCK_INIT() mtx_init(&V_vif_mtx, "mroute vif table", NULL, MTX_DEF)
-+#define VIF_LOCK_DESTROY() mtx_destroy(&V_vif_mtx)
-
-+#ifndef VIMAGE
- static u_char nexpire[MFCTBLSIZ];
-
- static eventhandler_tag if_detach_event_tag = NULL;
-
- static struct callout expire_upcalls_ch;
-+#endif /* !VIMAGE */
-
- #define EXPIRE_TIMEOUT (hz / 4) /* 4x / second */
- #define UPCALL_EXPIRE 6 /* number of timeouts */
-@@ -196,25 +217,31 @@
- * Pending timeouts are stored in a hash table, the key being the
- * expiration time. Periodically, the entries are analysed and processed.
- */
-+#ifndef VIMAGE
- #define BW_METER_BUCKETS 1024
- static struct bw_meter *bw_meter_timers[BW_METER_BUCKETS];
--static struct callout bw_meter_ch;
-+static struct callout V_bw_meter_ch;
-+#endif /* !VIMAGE */
- #define BW_METER_PERIOD (hz) /* periodical handling of bw meters */
-
- /*
- * Pending upcalls are stored in a vector which is flushed when
- * full, or periodically
- */
-+#ifndef VIMAGE
- static struct bw_upcall bw_upcalls[BW_UPCALLS_MAX];
- static u_int bw_upcalls_n; /* # of pending upcalls */
- static struct callout bw_upcalls_ch;
-+#endif /* !VIMAGE */
- #define BW_UPCALLS_PERIOD (hz) /* periodical flush of bw upcalls */
-
-+#ifndef VIMAGE
- static struct pimstat pimstat;
-+#endif /* !VIMAGE */
-
- SYSCTL_NODE(_net_inet, IPPROTO_PIM, pim, CTLFLAG_RW, 0, "PIM");
--SYSCTL_STRUCT(_net_inet_pim, PIMCTL_STATS, stats, CTLFLAG_RD,
-- &pimstat, pimstat,
-+SYSCTL_V_STRUCT(V_NET, vnet_mroute, _net_inet_pim, PIMCTL_STATS, stats,
-+ CTLFLAG_RD, pimstat, pimstat,
- "PIM Statistics (struct pimstat, netinet/pim_var.h)");
-
- static u_long pim_squelch_wholepkt = 0;
-@@ -222,6 +249,7 @@
- &pim_squelch_wholepkt, 0,
- "Disable IGMP_WHOLEPKT notifications if rendezvous point is unspecified");
-
-+
- extern struct domain inetdomain;
- struct protosw in_pim_protosw = {
- .pr_type = SOCK_RAW,
-@@ -291,13 +319,17 @@
- 0 /* flags */
- };
-
-+#ifndef VIMAGE
- static struct ifnet multicast_register_if;
- static vifi_t reg_vif_num = VIFI_INVALID;
-+#endif /* !VIMAGE */
-
- /*
- * Private variables.
- */
-+#ifndef VIMAGE
- static vifi_t numvifs;
-+#endif /* !VIMAGE */
-
- static u_long X_ip_mcast_src(int vifi);
- static int X_ip_mforward(struct ip *ip, struct ifnet *ifp,
-@@ -337,7 +369,7 @@
- static void bw_upcalls_send(void);
- static void schedule_bw_meter(struct bw_meter *x, struct timeval *nowp);
- static void unschedule_bw_meter(struct bw_meter *x);
--static void bw_meter_process(void);
-+static void bw_meter_process(struct vnet *vnet);
- static void expire_bw_upcalls_send(void *);
- static void expire_bw_meter_process(void *);
-
-@@ -352,7 +384,9 @@
- /*
- * whether or not special PIM assert processing is enabled.
- */
-+#ifndef VIMAGE
- static int pim_assert;
-+#endif /* !VIMAGE */
- /*
- * Rate limit for assert notification messages, in usec
- */
-@@ -367,7 +401,9 @@
- MRT_MFC_FLAGS_BORDER_VIF |
- MRT_MFC_RP |
- MRT_MFC_BW_UPCALL);
-+#ifndef VIMAGE
- static uint32_t mrt_api_config = 0;
-+#endif /* !VIMAGE */
-
- /*
- * Hash function for a source, group entry
-@@ -383,11 +419,12 @@
- static struct mfc *
- mfc_find(in_addr_t o, in_addr_t g)
- {
-+ INIT_VNET_MROUTE(curvnet);
- struct mfc *rt;
-
- MFC_LOCK_ASSERT();
-
-- for (rt = mfctable[MFCHASH(o,g)]; rt; rt = rt->mfc_next)
-+ for (rt = V_mfctable[MFCHASH(o,g)]; rt; rt = rt->mfc_next)
- if ((rt->mfc_origin.s_addr == o) &&
- (rt->mfc_mcastgrp.s_addr == g) && (rt->mfc_stall == NULL))
- break;
-@@ -424,7 +461,8 @@
- static int
- X_ip_mrouter_set(struct socket *so, struct sockopt *sopt)
- {
-- INIT_VNET_INET(curvnet);
-+ INIT_VNET_INET(so->so_vnet);
-+ INIT_VNET_MROUTE(so->so_vnet);
- int error, optval;
- vifi_t vifi;
- struct vifctl vifc;
-@@ -468,7 +506,7 @@
- * select data size depending on API version.
- */
- if (sopt->sopt_name == MRT_ADD_MFC &&
-- mrt_api_config & MRT_API_FLAGS_ALL) {
-+ V_mrt_api_config & MRT_API_FLAGS_ALL) {
- error = sooptcopyin(sopt, &mfc, sizeof(struct mfcctl2),
- sizeof(struct mfcctl2));
- } else {
-@@ -525,6 +563,7 @@
- static int
- X_ip_mrouter_get(struct socket *so, struct sockopt *sopt)
- {
-+ INIT_VNET_MROUTE(so->so_vnet);
- int error;
- static int version = 0x0305; /* !!! why is this here? XXX */
-
-@@ -534,7 +573,7 @@
- break;
-
- case MRT_ASSERT:
-- error = sooptcopyout(sopt, &pim_assert, sizeof pim_assert);
-+ error = sooptcopyout(sopt, &V_pim_assert, sizeof V_pim_assert);
- break;
-
- case MRT_API_SUPPORT:
-@@ -542,7 +581,7 @@
- break;
-
- case MRT_API_CONFIG:
-- error = sooptcopyout(sopt, &mrt_api_config, sizeof mrt_api_config);
-+ error = sooptcopyout(sopt, &V_mrt_api_config, sizeof V_mrt_api_config);
- break;
-
- default:
-@@ -590,6 +629,7 @@
- static int
- get_sg_cnt(struct sioc_sg_req *req)
- {
-+ INIT_VNET_MROUTE(curvnet);
- struct mfc *rt;
-
- MFC_LOCK();
-@@ -612,18 +652,19 @@
- static int
- get_vif_cnt(struct sioc_vif_req *req)
- {
-+ INIT_VNET_MROUTE(curvnet);
- vifi_t vifi = req->vifi;
-
- VIF_LOCK();
-- if (vifi >= numvifs) {
-+ if (vifi >= V_numvifs) {
- VIF_UNLOCK();
- return EINVAL;
- }
-
-- req->icount = viftable[vifi].v_pkt_in;
-- req->ocount = viftable[vifi].v_pkt_out;
-- req->ibytes = viftable[vifi].v_bytes_in;
-- req->obytes = viftable[vifi].v_bytes_out;
-+ req->icount = V_viftable[vifi].v_pkt_in;
-+ req->ocount = V_viftable[vifi].v_pkt_out;
-+ req->ibytes = V_viftable[vifi].v_bytes_in;
-+ req->obytes = V_viftable[vifi].v_bytes_out;
- VIF_UNLOCK();
-
- return 0;
-@@ -632,24 +673,30 @@
- static void
- ip_mrouter_reset(void)
- {
-- bzero((caddr_t)mfctable, sizeof(mfctable));
-- bzero((caddr_t)nexpire, sizeof(nexpire));
--
-- pim_assert = 0;
-- mrt_api_config = 0;
--
-- callout_init(&expire_upcalls_ch, CALLOUT_MPSAFE);
--
-- bw_upcalls_n = 0;
-- bzero((caddr_t)bw_meter_timers, sizeof(bw_meter_timers));
-- callout_init(&bw_upcalls_ch, CALLOUT_MPSAFE);
-- callout_init(&bw_meter_ch, CALLOUT_MPSAFE);
-+ INIT_VNET_MROUTE(curvnet);
-+ bzero((caddr_t)V_mfctable, sizeof(V_mfctable));
-+ bzero((caddr_t)V_nexpire, sizeof(V_nexpire));
-+ if (V_reg_vif_num != VIFI_INVALID)
-+ IF_ADDR_LOCK_DESTROY(&V_multicast_register_if);
-+ bzero(&V_multicast_register_if, sizeof(V_multicast_register_if));
-+
-+ V_reg_vif_num = VIFI_INVALID;
-+ V_pim_assert = 0;
-+ V_mrt_api_config = 0;
-+
-+ callout_init(&V_expire_upcalls_ch, CALLOUT_MPSAFE);
-+
-+ V_bw_upcalls_n = 0;
-+ bzero((caddr_t)V_bw_meter_timers, sizeof(V_bw_meter_timers));
-+ callout_init(&V_bw_upcalls_ch, CALLOUT_MPSAFE);
-+ callout_init(&V_bw_meter_ch, CALLOUT_MPSAFE);
- }
-
- static void
- if_detached_event(void *arg __unused, struct ifnet *ifp)
- {
- INIT_VNET_INET(curvnet);
-+ INIT_VNET_MROUTE(curvnet);
- vifi_t vifi;
- int i;
- struct mfc *mfc;
-@@ -676,12 +723,12 @@
- */
- VIF_LOCK();
- MFC_LOCK();
-- for (vifi = 0; vifi < numvifs; vifi++) {
-- if (viftable[vifi].v_ifp != ifp)
-+ for (vifi = 0; vifi < V_numvifs; vifi++) {
-+ if (V_viftable[vifi].v_ifp != ifp)
- continue;
- for (i = 0; i < MFCTBLSIZ; i++) {
-- ppmfc = &mfctable[i];
-- for (mfc = mfctable[i]; mfc != NULL; ) {
-+ ppmfc = &V_mfctable[i];
-+ for (mfc = V_mfctable[i]; mfc != NULL; ) {
- nmfc = mfc->mfc_next;
- if (mfc->mfc_parent == vifi) {
- for (pq = mfc->mfc_stall; pq != NULL; ) {
-@@ -713,9 +760,10 @@
- static int
- ip_mrouter_init(struct socket *so, int version)
- {
-- INIT_VNET_INET(curvnet);
-+ INIT_VNET_INET(so->so_vnet);
-+ INIT_VNET_MROUTE(so->so_vnet);
-
-- if (mrtdebug)
-+ if (V_mrtdebug)
- log(LOG_DEBUG, "ip_mrouter_init: so_type = %d, pr_protocol = %d\n",
- so->so_type, so->so_proto->pr_protocol);
-
-@@ -732,24 +780,25 @@
- return EADDRINUSE;
- }
-
-- if_detach_event_tag = EVENTHANDLER_REGISTER(ifnet_departure_event,
-+ V_if_detach_event_tag = EVENTHANDLER_REGISTER(ifnet_departure_event,
- if_detached_event, NULL, EVENTHANDLER_PRI_ANY);
-- if (if_detach_event_tag == NULL) {
-+ if (V_if_detach_event_tag == NULL) {
- MROUTER_UNLOCK();
- return (ENOMEM);
- }
-
-- callout_reset(&expire_upcalls_ch, EXPIRE_TIMEOUT, expire_upcalls, NULL);
--
-- callout_reset(&bw_upcalls_ch, BW_UPCALLS_PERIOD,
-- expire_bw_upcalls_send, NULL);
-- callout_reset(&bw_meter_ch, BW_METER_PERIOD, expire_bw_meter_process, NULL);
-+ callout_reset(&V_expire_upcalls_ch, EXPIRE_TIMEOUT,
-+ expire_upcalls, (void *)so->so_vnet);
-+ callout_reset(&V_bw_upcalls_ch, BW_UPCALLS_PERIOD,
-+ expire_bw_upcalls_send, (void *)so->so_vnet);
-+ callout_reset(&V_bw_meter_ch, BW_METER_PERIOD,
-+ expire_bw_meter_process, (void *)so->so_vnet);
-
- V_ip_mrouter = so;
-
- MROUTER_UNLOCK();
-
-- if (mrtdebug)
-+ if (V_mrtdebug)
- log(LOG_DEBUG, "ip_mrouter_init\n");
-
- return 0;
-@@ -762,6 +811,7 @@
- X_ip_mrouter_done(void)
- {
- INIT_VNET_INET(curvnet);
-+ INIT_VNET_MROUTE(curvnet);
- vifi_t vifi;
- int i;
- struct ifnet *ifp;
-@@ -780,41 +830,41 @@
- * Detach/disable hooks to the reset of the system.
- */
- V_ip_mrouter = NULL;
-- mrt_api_config = 0;
-+ V_mrt_api_config = 0;
-
- VIF_LOCK();
- /*
- * For each phyint in use, disable promiscuous reception of all IP
- * multicasts.
- */
-- for (vifi = 0; vifi < numvifs; vifi++) {
-- if (viftable[vifi].v_lcl_addr.s_addr != 0 &&
-- !(viftable[vifi].v_flags & (VIFF_TUNNEL | VIFF_REGISTER))) {
-+ for (vifi = 0; vifi < V_numvifs; vifi++) {
-+ if (V_viftable[vifi].v_lcl_addr.s_addr != 0 &&
-+ !(V_viftable[vifi].v_flags & (VIFF_TUNNEL | VIFF_REGISTER))) {
- struct sockaddr_in *so = (struct sockaddr_in *)&(ifr.ifr_addr);
-
- so->sin_len = sizeof(struct sockaddr_in);
- so->sin_family = AF_INET;
- so->sin_addr.s_addr = INADDR_ANY;
-- ifp = viftable[vifi].v_ifp;
-+ ifp = V_viftable[vifi].v_ifp;
- if_allmulti(ifp, 0);
- }
- }
-- bzero((caddr_t)viftable, sizeof(viftable));
-- numvifs = 0;
-- pim_assert = 0;
-+ bzero((caddr_t)V_viftable, sizeof(V_viftable));
-+ V_numvifs = 0;
-+ V_pim_assert = 0;
- VIF_UNLOCK();
-- EVENTHANDLER_DEREGISTER(ifnet_departure_event, if_detach_event_tag);
-+ EVENTHANDLER_DEREGISTER(ifnet_departure_event, V_if_detach_event_tag);
-
- /*
- * Free all multicast forwarding cache entries.
- */
-- callout_stop(&expire_upcalls_ch);
-- callout_stop(&bw_upcalls_ch);
-- callout_stop(&bw_meter_ch);
-+ callout_stop(&V_expire_upcalls_ch);
-+ callout_stop(&V_bw_upcalls_ch);
-+ callout_stop(&V_bw_meter_ch);
-
- MFC_LOCK();
- for (i = 0; i < MFCTBLSIZ; i++) {
-- for (rt = mfctable[i]; rt != NULL; ) {
-+ for (rt = V_mfctable[i]; rt != NULL; ) {
- struct mfc *nr = rt->mfc_next;
-
- for (rte = rt->mfc_stall; rte != NULL; ) {
-@@ -829,17 +879,19 @@
- rt = nr;
- }
- }
-- bzero((caddr_t)mfctable, sizeof(mfctable));
-- bzero((caddr_t)nexpire, sizeof(nexpire));
-- bw_upcalls_n = 0;
-- bzero(bw_meter_timers, sizeof(bw_meter_timers));
-+ bzero((caddr_t)V_mfctable, sizeof(V_mfctable));
-+ bzero((caddr_t)V_nexpire, sizeof(V_nexpire));
-+ V_bw_upcalls_n = 0;
-+ bzero(V_bw_meter_timers, sizeof(V_bw_meter_timers));
- MFC_UNLOCK();
-
-- reg_vif_num = VIFI_INVALID;
-+ if (V_reg_vif_num != VIFI_INVALID)
-+ IF_ADDR_LOCK_DESTROY(&V_multicast_register_if);
-+ V_reg_vif_num = VIFI_INVALID;
-
- MROUTER_UNLOCK();
-
-- if (mrtdebug)
-+ if (V_mrtdebug)
- log(LOG_DEBUG, "ip_mrouter_done\n");
-
- return 0;
-@@ -851,10 +903,11 @@
- static int
- set_assert(int i)
- {
-+ INIT_VNET_MROUTE(curvnet);
- if ((i != 1) && (i != 0))
- return EINVAL;
-
-- pim_assert = i;
-+ V_pim_assert = i;
-
- return 0;
- }
-@@ -865,6 +918,7 @@
- int
- set_api_config(uint32_t *apival)
- {
-+ INIT_VNET_MROUTE(curvnet);
- int i;
-
- /*
-@@ -874,23 +928,23 @@
- * - pim_assert is not enabled
- * - the MFC table is empty
- */
-- if (numvifs > 0) {
-+ if (V_numvifs > 0) {
- *apival = 0;
- return EPERM;
- }
-- if (pim_assert) {
-+ if (V_pim_assert) {
- *apival = 0;
- return EPERM;
- }
- for (i = 0; i < MFCTBLSIZ; i++) {
-- if (mfctable[i] != NULL) {
-+ if (V_mfctable[i] != NULL) {
- *apival = 0;
- return EPERM;
- }
- }
-
-- mrt_api_config = *apival & mrt_api_support;
-- *apival = mrt_api_config;
-+ V_mrt_api_config = *apival & mrt_api_support;
-+ *apival = V_mrt_api_config;
-
- return 0;
- }
-@@ -901,7 +955,8 @@
- static int
- add_vif(struct vifctl *vifcp)
- {
-- struct vif *vifp = viftable + vifcp->vifc_vifi;
-+ INIT_VNET_MROUTE(curvnet);
-+ struct vif *vifp = V_viftable + vifcp->vifc_vifi;
- struct sockaddr_in sin = {sizeof sin, AF_INET};
- struct ifaddr *ifa;
- struct ifnet *ifp;
-@@ -950,14 +1005,19 @@
- VIF_UNLOCK();
- return EOPNOTSUPP;
- } else if (vifcp->vifc_flags & VIFF_REGISTER) {
-- ifp = &multicast_register_if;
-- if (mrtdebug)
-+ ifp = &V_multicast_register_if;
-+ if (V_mrtdebug)
- log(LOG_DEBUG, "Adding a register vif, ifp: %p\n",
-- (void *)&multicast_register_if);
-- if (reg_vif_num == VIFI_INVALID) {
-- if_initname(&multicast_register_if, "register_vif", 0);
-- multicast_register_if.if_flags = IFF_LOOPBACK;
-- reg_vif_num = vifcp->vifc_vifi;
-+ (void *)&V_multicast_register_if);
-+ if (V_reg_vif_num == VIFI_INVALID) {
-+ if_initname(&V_multicast_register_if, "register_vif", 0);
-+ V_multicast_register_if.if_flags = IFF_LOOPBACK;
-+ V_reg_vif_num = vifcp->vifc_vifi;
-+ IF_ADDR_LOCK_INIT(&V_multicast_register_if);
-+#ifdef VIMAGE
-+ V_multicast_register_if.if_vnet = curvnet;
-+ V_multicast_register_if.if_home_vnet = curvnet;
-+#endif /* VIMAGE */
- }
- } else { /* Make sure the interface supports multicast */
- if ((ifp->if_flags & IFF_MULTICAST) == 0) {
-@@ -988,11 +1048,11 @@
- bzero(&vifp->v_route, sizeof(vifp->v_route));
-
- /* Adjust numvifs up if the vifi is higher than numvifs */
-- if (numvifs <= vifcp->vifc_vifi) numvifs = vifcp->vifc_vifi + 1;
-+ if (V_numvifs <= vifcp->vifc_vifi) V_numvifs = vifcp->vifc_vifi + 1;
-
- VIF_UNLOCK();
-
-- if (mrtdebug)
-+ if (V_mrtdebug)
- log(LOG_DEBUG, "add_vif #%d, lcladdr %lx, %s %lx, thresh %x\n",
- vifcp->vifc_vifi,
- (u_long)ntohl(vifcp->vifc_lcl_addr.s_addr),
-@@ -1009,14 +1069,15 @@
- static int
- del_vif_locked(vifi_t vifi)
- {
-+ INIT_VNET_MROUTE(curvnet);
- struct vif *vifp;
-
- VIF_LOCK_ASSERT();
-
-- if (vifi >= numvifs) {
-+ if (vifi >= V_numvifs) {
- return EINVAL;
- }
-- vifp = &viftable[vifi];
-+ vifp = &V_viftable[vifi];
- if (vifp->v_lcl_addr.s_addr == INADDR_ANY) {
- return EADDRNOTAVAIL;
- }
-@@ -1024,19 +1085,22 @@
- if (!(vifp->v_flags & (VIFF_TUNNEL | VIFF_REGISTER)))
- if_allmulti(vifp->v_ifp, 0);
-
-- if (vifp->v_flags & VIFF_REGISTER)
-- reg_vif_num = VIFI_INVALID;
-+ if (vifp->v_flags & VIFF_REGISTER) {
-+ if (V_reg_vif_num != VIFI_INVALID)
-+ IF_ADDR_LOCK_DESTROY(&V_multicast_register_if);
-+ V_reg_vif_num = VIFI_INVALID;
-+ }
-
- bzero((caddr_t)vifp, sizeof (*vifp));
-
-- if (mrtdebug)
-- log(LOG_DEBUG, "del_vif %d, numvifs %d\n", vifi, numvifs);
-+ if (V_mrtdebug)
-+ log(LOG_DEBUG, "del_vif %d, numvifs %d\n", vifi, V_numvifs);
-
- /* Adjust numvifs down */
-- for (vifi = numvifs; vifi > 0; vifi--)
-- if (viftable[vifi-1].v_lcl_addr.s_addr != INADDR_ANY)
-+ for (vifi = V_numvifs; vifi > 0; vifi--)
-+ if (V_viftable[vifi-1].v_lcl_addr.s_addr != INADDR_ANY)
- break;
-- numvifs = vifi;
-+ V_numvifs = vifi;
-
- return 0;
- }
-@@ -1044,6 +1108,7 @@
- static int
- del_vif(vifi_t vifi)
- {
-+ INIT_VNET_MROUTE(curvnet);
- int cc;
-
- VIF_LOCK();
-@@ -1059,16 +1124,17 @@
- static void
- update_mfc_params(struct mfc *rt, struct mfcctl2 *mfccp)
- {
-+ INIT_VNET_MROUTE(curvnet);
- int i;
-
- rt->mfc_parent = mfccp->mfcc_parent;
-- for (i = 0; i < numvifs; i++) {
-+ for (i = 0; i < V_numvifs; i++) {
- rt->mfc_ttls[i] = mfccp->mfcc_ttls[i];
-- rt->mfc_flags[i] = mfccp->mfcc_flags[i] & mrt_api_config &
-+ rt->mfc_flags[i] = mfccp->mfcc_flags[i] & V_mrt_api_config &
- MRT_MFC_FLAGS_ALL;
- }
- /* set the RP address */
-- if (mrt_api_config & MRT_MFC_RP)
-+ if (V_mrt_api_config & MRT_MFC_RP)
- rt->mfc_rp = mfccp->mfcc_rp;
- else
- rt->mfc_rp.s_addr = INADDR_ANY;
-@@ -1099,6 +1165,7 @@
- static int
- add_mfc(struct mfcctl2 *mfccp)
- {
-+ INIT_VNET_MROUTE(curvnet);
- struct mfc *rt;
- u_long hash;
- struct rtdetq *rte;
-@@ -1111,7 +1178,7 @@
-
- /* If an entry already exists, just update the fields */
- if (rt) {
-- if (mrtdebug & DEBUG_MFC)
-+ if (V_mrtdebug & DEBUG_MFC)
- log(LOG_DEBUG,"add_mfc update o %lx g %lx p %x\n",
- (u_long)ntohl(mfccp->mfcc_origin.s_addr),
- (u_long)ntohl(mfccp->mfcc_mcastgrp.s_addr),
-@@ -1127,7 +1194,7 @@
- * Find the entry for which the upcall was made and update
- */
- hash = MFCHASH(mfccp->mfcc_origin.s_addr, mfccp->mfcc_mcastgrp.s_addr);
-- for (rt = mfctable[hash], nstl = 0; rt; rt = rt->mfc_next) {
-+ for (rt = V_mfctable[hash], nstl = 0; rt; rt = rt->mfc_next) {
-
- if ((rt->mfc_origin.s_addr == mfccp->mfcc_origin.s_addr) &&
- (rt->mfc_mcastgrp.s_addr == mfccp->mfcc_mcastgrp.s_addr) &&
-@@ -1140,7 +1207,7 @@
- (u_long)ntohl(mfccp->mfcc_mcastgrp.s_addr),
- mfccp->mfcc_parent, (void *)rt->mfc_stall);
-
-- if (mrtdebug & DEBUG_MFC)
-+ if (V_mrtdebug & DEBUG_MFC)
- log(LOG_DEBUG,"add_mfc o %lx g %lx p %x dbg %p\n",
- (u_long)ntohl(mfccp->mfcc_origin.s_addr),
- (u_long)ntohl(mfccp->mfcc_mcastgrp.s_addr),
-@@ -1149,7 +1216,7 @@
- init_mfc_params(rt, mfccp);
-
- rt->mfc_expire = 0; /* Don't clean this guy up */
-- nexpire[hash]--;
-+ V_nexpire[hash]--;
-
- /* free packets Qed at the end of this entry */
- for (rte = rt->mfc_stall; rte != NULL; ) {
-@@ -1168,18 +1235,18 @@
- * It is possible that an entry is being inserted without an upcall
- */
- if (nstl == 0) {
-- if (mrtdebug & DEBUG_MFC)
-+ if (V_mrtdebug & DEBUG_MFC)
- log(LOG_DEBUG,"add_mfc no upcall h %lu o %lx g %lx p %x\n",
- hash, (u_long)ntohl(mfccp->mfcc_origin.s_addr),
- (u_long)ntohl(mfccp->mfcc_mcastgrp.s_addr),
- mfccp->mfcc_parent);
-
-- for (rt = mfctable[hash]; rt != NULL; rt = rt->mfc_next) {
-+ for (rt = V_mfctable[hash]; rt != NULL; rt = rt->mfc_next) {
- if ((rt->mfc_origin.s_addr == mfccp->mfcc_origin.s_addr) &&
- (rt->mfc_mcastgrp.s_addr == mfccp->mfcc_mcastgrp.s_addr)) {
- init_mfc_params(rt, mfccp);
- if (rt->mfc_expire)
-- nexpire[hash]--;
-+ V_nexpire[hash]--;
- rt->mfc_expire = 0;
- break; /* XXX */
- }
-@@ -1198,8 +1265,8 @@
-
- rt->mfc_bw_meter = NULL;
- /* insert new entry at head of hash chain */
-- rt->mfc_next = mfctable[hash];
-- mfctable[hash] = rt;
-+ rt->mfc_next = V_mfctable[hash];
-+ V_mfctable[hash] = rt;
- }
- }
- MFC_UNLOCK();
-@@ -1213,6 +1280,7 @@
- static int
- del_mfc(struct mfcctl2 *mfccp)
- {
-+ INIT_VNET_MROUTE(curvnet);
- struct in_addr origin;
- struct in_addr mcastgrp;
- struct mfc *rt;
-@@ -1223,14 +1291,14 @@
- origin = mfccp->mfcc_origin;
- mcastgrp = mfccp->mfcc_mcastgrp;
-
-- if (mrtdebug & DEBUG_MFC)
-+ if (V_mrtdebug & DEBUG_MFC)
- log(LOG_DEBUG,"del_mfc orig %lx mcastgrp %lx\n",
- (u_long)ntohl(origin.s_addr), (u_long)ntohl(mcastgrp.s_addr));
-
- MFC_LOCK();
-
- hash = MFCHASH(origin.s_addr, mcastgrp.s_addr);
-- for (nptr = &mfctable[hash]; (rt = *nptr) != NULL; nptr = &rt->mfc_next)
-+ for (nptr = &V_mfctable[hash]; (rt = *nptr) != NULL; nptr = &rt->mfc_next)
- if (origin.s_addr == rt->mfc_origin.s_addr &&
- mcastgrp.s_addr == rt->mfc_mcastgrp.s_addr &&
- rt->mfc_stall == NULL)
-@@ -1294,11 +1362,12 @@
- struct ip_moptions *imo)
- {
- INIT_VNET_INET(curvnet);
-+ INIT_VNET_MROUTE(curvnet);
- struct mfc *rt;
- int error;
- vifi_t vifi;
-
-- if (mrtdebug & DEBUG_FORWARD)
-+ if (V_mrtdebug & DEBUG_FORWARD)
- log(LOG_DEBUG, "ip_mforward: src %lx, dst %lx, ifp %p\n",
- (u_long)ntohl(ip->ip_src.s_addr), (u_long)ntohl(ip->ip_dst.s_addr),
- (void *)ifp);
-@@ -1326,11 +1395,11 @@
-
- VIF_LOCK();
- MFC_LOCK();
-- if (imo && ((vifi = imo->imo_multicast_vif) < numvifs)) {
-+ if (imo && ((vifi = imo->imo_multicast_vif) < V_numvifs)) {
- if (ip->ip_ttl < MAXTTL)
- ip->ip_ttl++; /* compensate for -1 in *_send routines */
-- if (rsvpdebug && ip->ip_p == IPPROTO_RSVP) {
-- struct vif *vifp = viftable + vifi;
-+ if (V_rsvpdebug && ip->ip_p == IPPROTO_RSVP) {
-+ struct vif *vifp = V_viftable + vifi;
-
- printf("Sending IPPROTO_RSVP from %lx to %lx on vif %d (%s%s)\n",
- (long)ntohl(ip->ip_src.s_addr), (long)ntohl(ip->ip_dst.s_addr),
-@@ -1343,7 +1412,7 @@
- VIF_UNLOCK();
- return error;
- }
-- if (rsvpdebug && ip->ip_p == IPPROTO_RSVP) {
-+ if (V_rsvpdebug && ip->ip_p == IPPROTO_RSVP) {
- printf("Warning: IPPROTO_RSVP from %lx to %lx without vif option\n",
- (long)ntohl(ip->ip_src.s_addr), (long)ntohl(ip->ip_dst.s_addr));
- if (!imo)
-@@ -1363,7 +1432,7 @@
- /*
- * Determine forwarding vifs from the forwarding cache table
- */
-- ++mrtstat.mrts_mfc_lookups;
-+ ++V_mrtstat.mrts_mfc_lookups;
- rt = mfc_find(ip->ip_src.s_addr, ip->ip_dst.s_addr);
-
- /* Entry exists, so forward if necessary */
-@@ -1383,10 +1452,10 @@
- u_long hash;
- int hlen = ip->ip_hl << 2;
-
-- ++mrtstat.mrts_mfc_misses;
-+ ++V_mrtstat.mrts_mfc_misses;
-
-- mrtstat.mrts_no_route++;
-- if (mrtdebug & (DEBUG_FORWARD | DEBUG_MFC))
-+ V_mrtstat.mrts_no_route++;
-+ if (V_mrtdebug & (DEBUG_FORWARD | DEBUG_MFC))
- log(LOG_DEBUG, "ip_mforward: no rte s %lx g %lx\n",
- (u_long)ntohl(ip->ip_src.s_addr),
- (u_long)ntohl(ip->ip_dst.s_addr));
-@@ -1414,7 +1483,7 @@
-
- /* is there an upcall waiting for this flow ? */
- hash = MFCHASH(ip->ip_src.s_addr, ip->ip_dst.s_addr);
-- for (rt = mfctable[hash]; rt; rt = rt->mfc_next) {
-+ for (rt = V_mfctable[hash]; rt; rt = rt->mfc_next) {
- if ((ip->ip_src.s_addr == rt->mfc_origin.s_addr) &&
- (ip->ip_dst.s_addr == rt->mfc_mcastgrp.s_addr) &&
- (rt->mfc_stall != NULL))
-@@ -1431,9 +1500,9 @@
- * Locate the vifi for the incoming interface for this packet.
- * If none found, drop packet.
- */
-- for (vifi=0; vifi < numvifs && viftable[vifi].v_ifp != ifp; vifi++)
-+ for (vifi=0; vifi < V_numvifs && V_viftable[vifi].v_ifp != ifp; vifi++)
- ;
-- if (vifi >= numvifs) /* vif not found, drop packet */
-+ if (vifi >= V_numvifs) /* vif not found, drop packet */
- goto non_fatal;
-
- /* no upcall, so make a new entry */
-@@ -1455,12 +1524,12 @@
- im->im_mbz = 0;
- im->im_vif = vifi;
-
-- mrtstat.mrts_upcalls++;
-+ V_mrtstat.mrts_upcalls++;
-
- k_igmpsrc.sin_addr = ip->ip_src;
- if (socket_send(V_ip_mrouter, mm, &k_igmpsrc) < 0) {
- log(LOG_WARNING, "ip_mforward: ip_mrouter socket queue full\n");
-- ++mrtstat.mrts_upq_sockfull;
-+ ++V_mrtstat.mrts_upq_sockfull;
- fail1:
- free(rt, M_MRTABLE);
- fail:
-@@ -1475,8 +1544,8 @@
- rt->mfc_origin.s_addr = ip->ip_src.s_addr;
- rt->mfc_mcastgrp.s_addr = ip->ip_dst.s_addr;
- rt->mfc_expire = UPCALL_EXPIRE;
-- nexpire[hash]++;
-- for (i = 0; i < numvifs; i++) {
-+ V_nexpire[hash]++;
-+ for (i = 0; i < V_numvifs; i++) {
- rt->mfc_ttls[i] = 0;
- rt->mfc_flags[i] = 0;
- }
-@@ -1487,8 +1556,8 @@
- rt->mfc_bw_meter = NULL;
-
- /* link into table */
-- rt->mfc_next = mfctable[hash];
-- mfctable[hash] = rt;
-+ rt->mfc_next = V_mfctable[hash];
-+ V_mfctable[hash] = rt;
- rt->mfc_stall = rte;
-
- } else {
-@@ -1505,7 +1574,7 @@
- npkts++;
-
- if (npkts > MAX_UPQ) {
-- mrtstat.mrts_upq_ovflw++;
-+ V_mrtstat.mrts_upq_ovflw++;
- non_fatal:
- free(rte, M_MRTABLE);
- m_freem(mb0);
-@@ -1535,15 +1604,16 @@
- static void
- expire_upcalls(void *unused)
- {
-+ INIT_VNET_MROUTE( ((struct vnet *)unused) );
- struct rtdetq *rte;
- struct mfc *mfc, **nptr;
- int i;
-
- MFC_LOCK();
- for (i = 0; i < MFCTBLSIZ; i++) {
-- if (nexpire[i] == 0)
-+ if (V_nexpire[i] == 0)
- continue;
-- nptr = &mfctable[i];
-+ nptr = &V_mfctable[i];
- for (mfc = *nptr; mfc != NULL; mfc = *nptr) {
- /*
- * Skip real cache entries
-@@ -1552,7 +1622,7 @@
- */
- if (mfc->mfc_stall != NULL && mfc->mfc_expire != 0 &&
- --mfc->mfc_expire == 0) {
-- if (mrtdebug & DEBUG_EXPIRE)
-+ if (V_mrtdebug & DEBUG_EXPIRE)
- log(LOG_DEBUG, "expire_upcalls: expiring (%lx %lx)\n",
- (u_long)ntohl(mfc->mfc_origin.s_addr),
- (u_long)ntohl(mfc->mfc_mcastgrp.s_addr));
-@@ -1567,8 +1637,8 @@
- free(rte, M_MRTABLE);
- rte = n;
- }
-- ++mrtstat.mrts_cache_cleanups;
-- nexpire[i]--;
-+ ++V_mrtstat.mrts_cache_cleanups;
-+ V_nexpire[i]--;
-
- /*
- * free the bw_meter entries
-@@ -1587,9 +1657,8 @@
- }
- }
- }
-+ callout_reset(&V_expire_upcalls_ch, EXPIRE_TIMEOUT, expire_upcalls, unused);
- MFC_UNLOCK();
--
-- callout_reset(&expire_upcalls_ch, EXPIRE_TIMEOUT, expire_upcalls, NULL);
- }
-
- /*
-@@ -1599,6 +1668,7 @@
- ip_mdq(struct mbuf *m, struct ifnet *ifp, struct mfc *rt, vifi_t xmt_vif)
- {
- INIT_VNET_INET(curvnet);
-+ INIT_VNET_MROUTE(curvnet);
- struct ip *ip = mtod(m, struct ip *);
- vifi_t vifi;
- int plen = ip->ip_len;
-@@ -1610,11 +1680,11 @@
- *
- * (since vifi_t is u_short, -1 becomes MAXUSHORT, which > numvifs.)
- */
-- if (xmt_vif < numvifs) {
-- if (viftable[xmt_vif].v_flags & VIFF_REGISTER)
-- pim_register_send(ip, viftable + xmt_vif, m, rt);
-+ if (xmt_vif < V_numvifs) {
-+ if (V_viftable[xmt_vif].v_flags & VIFF_REGISTER)
-+ pim_register_send(ip, V_viftable + xmt_vif, m, rt);
- else
-- phyint_send(ip, viftable + xmt_vif, m);
-+ phyint_send(ip, V_viftable + xmt_vif, m);
- return 1;
- }
-
-@@ -1622,12 +1692,12 @@
- * Don't forward if it didn't arrive from the parent vif for its origin.
- */
- vifi = rt->mfc_parent;
-- if ((vifi >= numvifs) || (viftable[vifi].v_ifp != ifp)) {
-+ if ((vifi >= V_numvifs) || (V_viftable[vifi].v_ifp != ifp)) {
- /* came in the wrong interface */
-- if (mrtdebug & DEBUG_FORWARD)
-+ if (V_mrtdebug & DEBUG_FORWARD)
- log(LOG_DEBUG, "wrong if: ifp %p vifi %d vififp %p\n",
-- (void *)ifp, vifi, (void *)viftable[vifi].v_ifp);
-- ++mrtstat.mrts_wrong_if;
-+ (void *)ifp, vifi, (void *)V_viftable[vifi].v_ifp);
-+ ++V_mrtstat.mrts_wrong_if;
- ++rt->mfc_wrong_if;
- /*
- * If we are doing PIM assert processing, send a message
-@@ -1637,17 +1707,18 @@
- * can complete the SPT switch, regardless of the type
- * of the iif (broadcast media, GRE tunnel, etc).
- */
-- if (pim_assert && (vifi < numvifs) && viftable[vifi].v_ifp) {
-+ if (V_pim_assert && (vifi < V_numvifs) && V_viftable[vifi].v_ifp) {
- struct timeval now;
- u_long delta;
-
-- if (ifp == &multicast_register_if)
-- pimstat.pims_rcv_registers_wrongiif++;
-+ if (ifp == &V_multicast_register_if)
-+ V_pimstat.pims_rcv_registers_wrongiif++;
-
- /* Get vifi for the incoming packet */
-- for (vifi=0; vifi < numvifs && viftable[vifi].v_ifp != ifp; vifi++)
-+ for (vifi=0; vifi < V_numvifs && V_viftable[vifi].v_ifp != ifp;
-+ vifi++)
- ;
-- if (vifi >= numvifs)
-+ if (vifi >= V_numvifs)
- return 0; /* The iif is not found: ignore the packet. */
-
- if (rt->mfc_flags[vifi] & MRT_MFC_FLAGS_DISABLE_WRONGVIF)
-@@ -1675,13 +1746,13 @@
- im->im_mbz = 0;
- im->im_vif = vifi;
-
-- mrtstat.mrts_upcalls++;
-+ V_mrtstat.mrts_upcalls++;
-
- k_igmpsrc.sin_addr = im->im_src;
- if (socket_send(V_ip_mrouter, mm, &k_igmpsrc) < 0) {
- log(LOG_WARNING,
- "ip_mforward: ip_mrouter socket queue full\n");
-- ++mrtstat.mrts_upq_sockfull;
-+ ++V_mrtstat.mrts_upq_sockfull;
- return ENOBUFS;
- }
- }
-@@ -1690,12 +1761,12 @@
- }
-
- /* If I sourced this packet, it counts as output, else it was input. */
-- if (ip->ip_src.s_addr == viftable[vifi].v_lcl_addr.s_addr) {
-- viftable[vifi].v_pkt_out++;
-- viftable[vifi].v_bytes_out += plen;
-+ if (ip->ip_src.s_addr == V_viftable[vifi].v_lcl_addr.s_addr) {
-+ V_viftable[vifi].v_pkt_out++;
-+ V_viftable[vifi].v_bytes_out += plen;
- } else {
-- viftable[vifi].v_pkt_in++;
-- viftable[vifi].v_bytes_in += plen;
-+ V_viftable[vifi].v_pkt_in++;
-+ V_viftable[vifi].v_bytes_in += plen;
- }
- rt->mfc_pkt_cnt++;
- rt->mfc_byte_cnt += plen;
-@@ -1706,14 +1777,14 @@
- * - the ttl exceeds the vif's threshold
- * - there are group members downstream on interface
- */
-- for (vifi = 0; vifi < numvifs; vifi++)
-+ for (vifi = 0; vifi < V_numvifs; vifi++)
- if ((rt->mfc_ttls[vifi] > 0) && (ip->ip_ttl > rt->mfc_ttls[vifi])) {
-- viftable[vifi].v_pkt_out++;
-- viftable[vifi].v_bytes_out += plen;
-- if (viftable[vifi].v_flags & VIFF_REGISTER)
-- pim_register_send(ip, viftable + vifi, m, rt);
-+ V_viftable[vifi].v_pkt_out++;
-+ V_viftable[vifi].v_bytes_out += plen;
-+ if (V_viftable[vifi].v_flags & VIFF_REGISTER)
-+ pim_register_send(ip, V_viftable + vifi, m, rt);
- else
-- phyint_send(ip, viftable + vifi, m);
-+ phyint_send(ip, V_viftable + vifi, m);
- }
-
- /*
-@@ -1738,8 +1809,9 @@
- static int
- X_legal_vif_num(int vif)
- {
-+ INIT_VNET_MROUTE(curvnet);
- /* XXX unlocked, matter? */
-- return (vif >= 0 && vif < numvifs);
-+ return (vif >= 0 && vif < V_numvifs);
- }
-
- /*
-@@ -1748,9 +1820,10 @@
- static u_long
- X_ip_mcast_src(int vifi)
- {
-+ INIT_VNET_MROUTE(curvnet);
- /* XXX unlocked, matter? */
-- if (vifi >= 0 && vifi < numvifs)
-- return viftable[vifi].v_lcl_addr.s_addr;
-+ if (vifi >= 0 && vifi < V_numvifs)
-+ return V_viftable[vifi].v_lcl_addr.s_addr;
- else
- return INADDR_ANY;
- }
-@@ -1780,6 +1853,7 @@
- static void
- send_packet(struct vif *vifp, struct mbuf *m)
- {
-+ INIT_VNET_MROUTE(curvnet);
- struct ip_moptions imo;
- struct in_multi *imm[2];
- int error;
-@@ -1801,16 +1875,17 @@
- * the loopback interface, thus preventing looping.
- */
- error = ip_output(m, NULL, &vifp->v_route, IP_FORWARDING, &imo, NULL);
-- if (mrtdebug & DEBUG_XMIT) {
-+ if (V_mrtdebug & DEBUG_XMIT) {
- log(LOG_DEBUG, "phyint_send on vif %td err %d\n",
-- vifp - viftable, error);
-+ vifp - V_viftable, error);
- }
- }
-
- static int
- X_ip_rsvp_vif(struct socket *so, struct sockopt *sopt)
- {
-- INIT_VNET_INET(curvnet);
-+ INIT_VNET_INET(so->so_vnet);
-+ INIT_VNET_MROUTE(so->so_vnet);
- int error, vifi;
-
- if (so->so_type != SOCK_RAW || so->so_proto->pr_protocol != IPPROTO_RSVP)
-@@ -1822,39 +1897,39 @@
-
- VIF_LOCK();
-
-- if (vifi < 0 || vifi >= numvifs) { /* Error if vif is invalid */
-+ if (vifi < 0 || vifi >= V_numvifs) { /* Error if vif is invalid */
- VIF_UNLOCK();
- return EADDRNOTAVAIL;
- }
-
- if (sopt->sopt_name == IP_RSVP_VIF_ON) {
- /* Check if socket is available. */
-- if (viftable[vifi].v_rsvpd != NULL) {
-+ if (V_viftable[vifi].v_rsvpd != NULL) {
- VIF_UNLOCK();
- return EADDRINUSE;
- }
-
-- viftable[vifi].v_rsvpd = so;
-+ V_viftable[vifi].v_rsvpd = so;
- /* This may seem silly, but we need to be sure we don't over-increment
- * the RSVP counter, in case something slips up.
- */
-- if (!viftable[vifi].v_rsvp_on) {
-- viftable[vifi].v_rsvp_on = 1;
-+ if (!V_viftable[vifi].v_rsvp_on) {
-+ V_viftable[vifi].v_rsvp_on = 1;
- V_rsvp_on++;
- }
- } else { /* must be VIF_OFF */
- /*
- * XXX as an additional consistency check, one could make sure
-- * that viftable[vifi].v_rsvpd == so, otherwise passing so as
-+ * that V_viftable[vifi].v_rsvpd == so, otherwise passing so as
- * first parameter is pretty useless.
- */
-- viftable[vifi].v_rsvpd = NULL;
-+ V_viftable[vifi].v_rsvpd = NULL;
- /*
- * This may seem silly, but we need to be sure we don't over-decrement
- * the RSVP counter, in case something slips up.
- */
-- if (viftable[vifi].v_rsvp_on) {
-- viftable[vifi].v_rsvp_on = 0;
-+ if (V_viftable[vifi].v_rsvp_on) {
-+ V_viftable[vifi].v_rsvp_on = 0;
- V_rsvp_on--;
- }
- }
-@@ -1865,7 +1940,8 @@
- static void
- X_ip_rsvp_force_done(struct socket *so)
- {
-- INIT_VNET_INET(curvnet);
-+ INIT_VNET_INET(so->so_vnet);
-+ INIT_VNET_MROUTE(so->so_vnet);
- int vifi;
-
- /* Don't bother if it is not the right type of socket. */
-@@ -1877,14 +1953,14 @@
- /* The socket may be attached to more than one vif...this
- * is perfectly legal.
- */
-- for (vifi = 0; vifi < numvifs; vifi++) {
-- if (viftable[vifi].v_rsvpd == so) {
-- viftable[vifi].v_rsvpd = NULL;
-+ for (vifi = 0; vifi < V_numvifs; vifi++) {
-+ if (V_viftable[vifi].v_rsvpd == so) {
-+ V_viftable[vifi].v_rsvpd = NULL;
- /* This may seem silly, but we need to be sure we don't
- * over-decrement the RSVP counter, in case something slips up.
- */
-- if (viftable[vifi].v_rsvp_on) {
-- viftable[vifi].v_rsvp_on = 0;
-+ if (V_viftable[vifi].v_rsvp_on) {
-+ V_viftable[vifi].v_rsvp_on = 0;
- V_rsvp_on--;
- }
- }
-@@ -1897,12 +1973,13 @@
- X_rsvp_input(struct mbuf *m, int off)
- {
- INIT_VNET_INET(curvnet);
-+ INIT_VNET_MROUTE(curvnet);
- int vifi;
- struct ip *ip = mtod(m, struct ip *);
- struct sockaddr_in rsvp_src = { sizeof rsvp_src, AF_INET };
- struct ifnet *ifp;
-
-- if (rsvpdebug)
-+ if (V_rsvpdebug)
- printf("rsvp_input: rsvp_on %d\n", V_rsvp_on);
-
- /* Can still get packets with rsvp_on = 0 if there is a local member
-@@ -1914,7 +1991,7 @@
- return;
- }
-
-- if (rsvpdebug)
-+ if (V_rsvpdebug)
- printf("rsvp_input: check vifs\n");
-
- #ifdef DIAGNOSTIC
-@@ -1925,14 +2002,14 @@
-
- VIF_LOCK();
- /* Find which vif the packet arrived on. */
-- for (vifi = 0; vifi < numvifs; vifi++)
-- if (viftable[vifi].v_ifp == ifp)
-+ for (vifi = 0; vifi < V_numvifs; vifi++)
-+ if (V_viftable[vifi].v_ifp == ifp)
- break;
-
-- if (vifi == numvifs || viftable[vifi].v_rsvpd == NULL) {
-+ if (vifi == V_numvifs || V_viftable[vifi].v_rsvpd == NULL) {
- /*
- * Drop the lock here to avoid holding it across rip_input.
-- * This could make rsvpdebug printfs wrong. If you care,
-+ * This could make V_rsvpdebug printfs wrong. If you care,
- * record the state of stuff before dropping the lock.
- */
- VIF_UNLOCK();
-@@ -1942,13 +2019,13 @@
- * is no specific socket for this vif.
- */
- if (V_ip_rsvpd != NULL) {
-- if (rsvpdebug)
-+ if (V_rsvpdebug)
- printf("rsvp_input: Sending packet up old-style socket\n");
- rip_input(m, off); /* xxx */
- } else {
-- if (rsvpdebug && vifi == numvifs)
-+ if (V_rsvpdebug && vifi == V_numvifs)
- printf("rsvp_input: Can't find vif for packet.\n");
-- else if (rsvpdebug && viftable[vifi].v_rsvpd == NULL)
-+ else if (V_rsvpdebug && V_viftable[vifi].v_rsvpd == NULL)
- printf("rsvp_input: No socket defined for vif %d\n",vifi);
- m_freem(m);
- }
-@@ -1956,15 +2033,15 @@
- }
- rsvp_src.sin_addr = ip->ip_src;
-
-- if (rsvpdebug && m)
-+ if (V_rsvpdebug && m)
- printf("rsvp_input: m->m_len = %d, sbspace() = %ld\n",
-- m->m_len,sbspace(&(viftable[vifi].v_rsvpd->so_rcv)));
-+ m->m_len,sbspace(&(V_viftable[vifi].v_rsvpd->so_rcv)));
-
-- if (socket_send(viftable[vifi].v_rsvpd, m, &rsvp_src) < 0) {
-- if (rsvpdebug)
-+ if (socket_send(V_viftable[vifi].v_rsvpd, m, &rsvp_src) < 0) {
-+ if (V_rsvpdebug)
- printf("rsvp_input: Failed to append to socket\n");
- } else {
-- if (rsvpdebug)
-+ if (V_rsvpdebug)
- printf("rsvp_input: send packet up\n");
- }
- VIF_UNLOCK();
-@@ -2004,6 +2081,7 @@
- static int
- add_bw_upcall(struct bw_upcall *req)
- {
-+ INIT_VNET_MROUTE(curvnet);
- struct mfc *mfc;
- struct timeval delta = { BW_UPCALL_THRESHOLD_INTERVAL_MIN_SEC,
- BW_UPCALL_THRESHOLD_INTERVAL_MIN_USEC };
-@@ -2011,7 +2089,7 @@
- struct bw_meter *x;
- uint32_t flags;
-
-- if (!(mrt_api_config & MRT_MFC_BW_UPCALL))
-+ if (!(V_mrt_api_config & MRT_MFC_BW_UPCALL))
- return EOPNOTSUPP;
-
- /* Test if the flags are valid */
-@@ -2096,10 +2174,11 @@
- static int
- del_bw_upcall(struct bw_upcall *req)
- {
-+ INIT_VNET_MROUTE(curvnet);
- struct mfc *mfc;
- struct bw_meter *x;
-
-- if (!(mrt_api_config & MRT_MFC_BW_UPCALL))
-+ if (!(V_mrt_api_config & MRT_MFC_BW_UPCALL))
- return EOPNOTSUPP;
-
- MFC_LOCK();
-@@ -2252,6 +2331,7 @@
- static void
- bw_meter_prepare_upcall(struct bw_meter *x, struct timeval *nowp)
- {
-+ INIT_VNET_MROUTE(curvnet);
- struct timeval delta;
- struct bw_upcall *u;
-
-@@ -2266,13 +2346,13 @@
- /*
- * If there are too many pending upcalls, deliver them now
- */
-- if (bw_upcalls_n >= BW_UPCALLS_MAX)
-+ if (V_bw_upcalls_n >= BW_UPCALLS_MAX)
- bw_upcalls_send();
-
- /*
- * Set the bw_upcall entry
- */
-- u = &bw_upcalls[bw_upcalls_n++];
-+ u = &V_bw_upcalls[V_bw_upcalls_n++];
- u->bu_src = x->bm_mfc->mfc_origin;
- u->bu_dst = x->bm_mfc->mfc_mcastgrp;
- u->bu_threshold.b_time = x->bm_threshold.b_time;
-@@ -2299,8 +2379,9 @@
- bw_upcalls_send(void)
- {
- INIT_VNET_INET(curvnet);
-+ INIT_VNET_MROUTE(curvnet);
- struct mbuf *m;
-- int len = bw_upcalls_n * sizeof(bw_upcalls[0]);
-+ int len = V_bw_upcalls_n * sizeof(V_bw_upcalls[0]);
- struct sockaddr_in k_igmpsrc = { sizeof k_igmpsrc, AF_INET };
- static struct igmpmsg igmpmsg = { 0, /* unused1 */
- 0, /* unused2 */
-@@ -2313,10 +2394,10 @@
-
- MFC_LOCK_ASSERT();
-
-- if (bw_upcalls_n == 0)
-+ if (V_bw_upcalls_n == 0)
- return; /* No pending upcalls */
-
-- bw_upcalls_n = 0;
-+ V_bw_upcalls_n = 0;
-
- /*
- * Allocate a new mbuf, initialize it with the header and
-@@ -2330,16 +2411,16 @@
-
- m->m_len = m->m_pkthdr.len = 0;
- m_copyback(m, 0, sizeof(struct igmpmsg), (caddr_t)&igmpmsg);
-- m_copyback(m, sizeof(struct igmpmsg), len, (caddr_t)&bw_upcalls[0]);
-+ m_copyback(m, sizeof(struct igmpmsg), len, (caddr_t)&V_bw_upcalls[0]);
-
- /*
- * Send the upcalls
- * XXX do we need to set the address in k_igmpsrc ?
- */
-- mrtstat.mrts_upcalls++;
-+ V_mrtstat.mrts_upcalls++;
- if (socket_send(V_ip_mrouter, m, &k_igmpsrc) < 0) {
- log(LOG_WARNING, "bw_upcalls_send: ip_mrouter socket queue full\n");
-- ++mrtstat.mrts_upq_sockfull;
-+ ++V_mrtstat.mrts_upq_sockfull;
- }
- }
-
-@@ -2364,6 +2445,7 @@
- static void
- schedule_bw_meter(struct bw_meter *x, struct timeval *nowp)
- {
-+ INIT_VNET_MROUTE(curvnet);
- int time_hash;
-
- MFC_LOCK_ASSERT();
-@@ -2383,8 +2465,8 @@
- * Compute the timeout hash value and insert the entry
- */
- BW_METER_TIMEHASH(x, time_hash);
-- x->bm_time_next = bw_meter_timers[time_hash];
-- bw_meter_timers[time_hash] = x;
-+ x->bm_time_next = V_bw_meter_timers[time_hash];
-+ V_bw_meter_timers[time_hash] = x;
- x->bm_time_hash = time_hash;
- }
-
-@@ -2395,6 +2477,7 @@
- static void
- unschedule_bw_meter(struct bw_meter *x)
- {
-+ INIT_VNET_MROUTE(curvnet);
- int time_hash;
- struct bw_meter *prev, *tmp;
-
-@@ -2410,7 +2493,7 @@
- if (time_hash >= BW_METER_BUCKETS)
- return; /* Entry was not scheduled */
-
-- for (prev = NULL, tmp = bw_meter_timers[time_hash];
-+ for (prev = NULL, tmp = V_bw_meter_timers[time_hash];
- tmp != NULL; prev = tmp, tmp = tmp->bm_time_next)
- if (tmp == x)
- break;
-@@ -2421,7 +2504,7 @@
- if (prev != NULL)
- prev->bm_time_next = x->bm_time_next;
- else
-- bw_meter_timers[time_hash] = x->bm_time_next;
-+ V_bw_meter_timers[time_hash] = x->bm_time_next;
-
- x->bm_time_next = NULL;
- x->bm_time_hash = BW_METER_BUCKETS;
-@@ -2438,8 +2521,9 @@
- * looking at.
- */
- static void
--bw_meter_process()
-+bw_meter_process(struct vnet *vnet)
- {
-+ INIT_VNET_MROUTE(vnet);
- static uint32_t last_tv_sec; /* last time we processed this */
-
- uint32_t loops;
-@@ -2456,6 +2540,7 @@
- loops = BW_METER_BUCKETS;
-
- MFC_LOCK();
-+ CURVNET_SET(vnet);
- /*
- * Process all bins of bw_meter entries from the one after the last
- * processed to the current one. On entry, i points to the last bucket
-@@ -2468,8 +2553,8 @@
- i = 0;
-
- /* Disconnect the list of bw_meter entries from the bin */
-- tmp_list = bw_meter_timers[i];
-- bw_meter_timers[i] = NULL;
-+ tmp_list = V_bw_meter_timers[i];
-+ V_bw_meter_timers[i] = NULL;
-
- /* Process the list of bw_meter entries */
- while (tmp_list != NULL) {
-@@ -2492,8 +2577,8 @@
- if (++time_hash >= BW_METER_BUCKETS)
- time_hash = 0;
- }
-- x->bm_time_next = bw_meter_timers[time_hash];
-- bw_meter_timers[time_hash] = x;
-+ x->bm_time_next = V_bw_meter_timers[time_hash];
-+ V_bw_meter_timers[time_hash] = x;
- x->bm_time_hash = time_hash;
-
- continue;
-@@ -2520,6 +2605,7 @@
- /* Send all upcalls that are pending delivery */
- bw_upcalls_send();
-
-+ CURVNET_RESTORE();
- MFC_UNLOCK();
- }
-
-@@ -2529,12 +2615,14 @@
- static void
- expire_bw_upcalls_send(void *unused)
- {
-+ INIT_VNET_MROUTE( (struct vnet *)unused );
- MFC_LOCK();
-+ CURVNET_SET( (struct vnet*)unused );
- bw_upcalls_send();
-+ callout_reset(&V_bw_upcalls_ch, BW_UPCALLS_PERIOD,
-+ expire_bw_upcalls_send, unused);
-+ CURVNET_RESTORE();
- MFC_UNLOCK();
--
-- callout_reset(&bw_upcalls_ch, BW_UPCALLS_PERIOD,
-- expire_bw_upcalls_send, NULL);
- }
-
- /*
-@@ -2544,10 +2632,12 @@
- static void
- expire_bw_meter_process(void *unused)
- {
-- if (mrt_api_config & MRT_MFC_BW_UPCALL)
-- bw_meter_process();
-+ INIT_VNET_MROUTE( (struct vnet *)unused );
-+ if (V_mrt_api_config & MRT_MFC_BW_UPCALL)
-+ bw_meter_process( (struct vnet *)unused );
-
-- callout_reset(&bw_meter_ch, BW_METER_PERIOD, expire_bw_meter_process, NULL);
-+ callout_reset(&V_bw_meter_ch, BW_METER_PERIOD,
-+ expire_bw_meter_process, unused);
- }
-
- /*
-@@ -2562,16 +2652,17 @@
- pim_register_send(struct ip *ip, struct vif *vifp, struct mbuf *m,
- struct mfc *rt)
- {
-+ INIT_VNET_MROUTE(curvnet);
- struct mbuf *mb_copy, *mm;
-
-- if (mrtdebug & DEBUG_PIM)
-+ if (V_mrtdebug & DEBUG_PIM)
- log(LOG_DEBUG, "pim_register_send: ");
-
- /*
- * Do not send IGMP_WHOLEPKT notifications to userland, if the
- * rendezvous point was unspecified, and we were told not to.
- */
-- if (pim_squelch_wholepkt != 0 && (mrt_api_config & MRT_MFC_RP) &&
-+ if (pim_squelch_wholepkt != 0 && (V_mrt_api_config & MRT_MFC_RP) &&
- (rt->mfc_rp.s_addr == INADDR_ANY))
- return 0;
-
-@@ -2589,7 +2680,7 @@
- mm = m_pullup(mm, sizeof(struct ip));
- if (mm != NULL) {
- ip = mtod(mm, struct ip *);
-- if ((mrt_api_config & MRT_MFC_RP) &&
-+ if ((V_mrt_api_config & MRT_MFC_RP) &&
- (rt->mfc_rp.s_addr != INADDR_ANY)) {
- pim_register_send_rp(ip, vifp, mm, rt);
- } else {
-@@ -2660,6 +2751,7 @@
- struct mbuf *mb_copy, struct mfc *rt)
- {
- INIT_VNET_INET(curvnet);
-+ INIT_VNET_MROUTE(curvnet);
- struct mbuf *mb_first;
- int len = ntohs(ip->ip_len);
- struct igmpmsg *im;
-@@ -2684,25 +2776,25 @@
- im = mtod(mb_first, struct igmpmsg *);
- im->im_msgtype = IGMPMSG_WHOLEPKT;
- im->im_mbz = 0;
-- im->im_vif = vifp - viftable;
-+ im->im_vif = vifp - V_viftable;
- im->im_src = ip->ip_src;
- im->im_dst = ip->ip_dst;
-
- k_igmpsrc.sin_addr = ip->ip_src;
-
-- mrtstat.mrts_upcalls++;
-+ V_mrtstat.mrts_upcalls++;
-
- if (socket_send(V_ip_mrouter, mb_first, &k_igmpsrc) < 0) {
-- if (mrtdebug & DEBUG_PIM)
-+ if (V_mrtdebug & DEBUG_PIM)
- log(LOG_WARNING,
- "mcast: pim_register_send_upcall: ip_mrouter socket queue full");
-- ++mrtstat.mrts_upq_sockfull;
-+ ++V_mrtstat.mrts_upq_sockfull;
- return ENOBUFS;
- }
-
- /* Keep statistics */
-- pimstat.pims_snd_registers_msgs++;
-- pimstat.pims_snd_registers_bytes += len;
-+ V_pimstat.pims_snd_registers_msgs++;
-+ V_pimstat.pims_snd_registers_bytes += len;
-
- return 0;
- }
-@@ -2715,6 +2807,7 @@
- struct mfc *rt)
- {
- INIT_VNET_INET(curvnet);
-+ INIT_VNET_MROUTE(curvnet);
- struct mbuf *mb_first;
- struct ip *ip_outer;
- struct pim_encap_pimhdr *pimhdr;
-@@ -2723,7 +2816,7 @@
-
- VIF_LOCK_ASSERT();
-
-- if ((vifi >= numvifs) || (viftable[vifi].v_lcl_addr.s_addr == 0)) {
-+ if ((vifi >= V_numvifs) || (V_viftable[vifi].v_lcl_addr.s_addr == 0)) {
- m_freem(mb_copy);
- return EADDRNOTAVAIL; /* The iif vif is invalid */
- }
-@@ -2749,7 +2842,7 @@
- *ip_outer = pim_encap_iphdr;
- ip_outer->ip_id = ip_newid();
- ip_outer->ip_len = len + sizeof(pim_encap_iphdr) + sizeof(pim_encap_pimhdr);
-- ip_outer->ip_src = viftable[vifi].v_lcl_addr;
-+ ip_outer->ip_src = V_viftable[vifi].v_lcl_addr;
- ip_outer->ip_dst = rt->mfc_rp;
- /*
- * Copy the inner header TOS to the outer header, and take care of the
-@@ -2762,7 +2855,7 @@
- + sizeof(pim_encap_iphdr));
- *pimhdr = pim_encap_pimhdr;
- /* If the iif crosses a border, set the Border-bit */
-- if (rt->mfc_flags[vifi] & MRT_MFC_FLAGS_BORDER_VIF & mrt_api_config)
-+ if (rt->mfc_flags[vifi] & MRT_MFC_FLAGS_BORDER_VIF & V_mrt_api_config)
- pimhdr->flags |= htonl(PIM_BORDER_REGISTER);
-
- mb_first->m_data += sizeof(pim_encap_iphdr);
-@@ -2772,8 +2865,8 @@
- send_packet(vifp, mb_first);
-
- /* Keep statistics */
-- pimstat.pims_snd_registers_msgs++;
-- pimstat.pims_snd_registers_bytes += len;
-+ V_pimstat.pims_snd_registers_msgs++;
-+ V_pimstat.pims_snd_registers_bytes += len;
-
- return 0;
- }
-@@ -2807,6 +2900,7 @@
- void
- pim_input(struct mbuf *m, int off)
- {
-+ INIT_VNET_MROUTE(curvnet);
- struct ip *ip = mtod(m, struct ip *);
- struct pim *pim;
- int minlen;
-@@ -2815,14 +2909,14 @@
- int iphlen = off;
-
- /* Keep statistics */
-- pimstat.pims_rcv_total_msgs++;
-- pimstat.pims_rcv_total_bytes += datalen;
-+ V_pimstat.pims_rcv_total_msgs++;
-+ V_pimstat.pims_rcv_total_bytes += datalen;
-
- /*
- * Validate lengths
- */
- if (datalen < PIM_MINLEN) {
-- pimstat.pims_rcv_tooshort++;
-+ V_pimstat.pims_rcv_tooshort++;
- log(LOG_ERR, "pim_input: packet size too small %d from %lx\n",
- datalen, (u_long)ip->ip_src.s_addr);
- m_freem(m);
-@@ -2866,8 +2960,8 @@
- if (PIM_VT_T(pim->pim_vt) == PIM_REGISTER && in_cksum(m, PIM_MINLEN) == 0) {
- /* do nothing, checksum okay */
- } else if (in_cksum(m, datalen)) {
-- pimstat.pims_rcv_badsum++;
-- if (mrtdebug & DEBUG_PIM)
-+ V_pimstat.pims_rcv_badsum++;
-+ if (V_mrtdebug & DEBUG_PIM)
- log(LOG_DEBUG, "pim_input: invalid checksum");
- m_freem(m);
- return;
-@@ -2875,7 +2969,7 @@
-
- /* PIM version check */
- if (PIM_VT_V(pim->pim_vt) < PIM_VERSION) {
-- pimstat.pims_rcv_badversion++;
-+ V_pimstat.pims_rcv_badversion++;
- log(LOG_ERR, "pim_input: incorrect version %d, expecting %d\n",
- PIM_VT_V(pim->pim_vt), PIM_VERSION);
- m_freem(m);
-@@ -2899,24 +2993,24 @@
- struct ifnet *vifp;
-
- VIF_LOCK();
-- if ((reg_vif_num >= numvifs) || (reg_vif_num == VIFI_INVALID)) {
-+ if ((V_reg_vif_num >= V_numvifs) || (V_reg_vif_num == VIFI_INVALID)) {
- VIF_UNLOCK();
-- if (mrtdebug & DEBUG_PIM)
-+ if (V_mrtdebug & DEBUG_PIM)
- log(LOG_DEBUG,
-- "pim_input: register vif not set: %d\n", reg_vif_num);
-+ "pim_input: register vif not set: %d\n", V_reg_vif_num);
- m_freem(m);
- return;
- }
- /* XXX need refcnt? */
-- vifp = viftable[reg_vif_num].v_ifp;
-+ vifp = V_viftable[V_reg_vif_num].v_ifp;
- VIF_UNLOCK();
-
- /*
- * Validate length
- */
- if (datalen < PIM_REG_MINLEN) {
-- pimstat.pims_rcv_tooshort++;
-- pimstat.pims_rcv_badregisters++;
-+ V_pimstat.pims_rcv_tooshort++;
-+ V_pimstat.pims_rcv_badregisters++;
- log(LOG_ERR,
- "pim_input: register packet size too small %d from %lx\n",
- datalen, (u_long)ip->ip_src.s_addr);
-@@ -2927,7 +3021,7 @@
- reghdr = (u_int32_t *)(pim + 1);
- encap_ip = (struct ip *)(reghdr + 1);
-
-- if (mrtdebug & DEBUG_PIM) {
-+ if (V_mrtdebug & DEBUG_PIM) {
- log(LOG_DEBUG,
- "pim_input[register], encap_ip: %lx -> %lx, encap_ip len %d\n",
- (u_long)ntohl(encap_ip->ip_src.s_addr),
-@@ -2937,8 +3031,8 @@
-
- /* verify the version number of the inner packet */
- if (encap_ip->ip_v != IPVERSION) {
-- pimstat.pims_rcv_badregisters++;
-- if (mrtdebug & DEBUG_PIM) {
-+ V_pimstat.pims_rcv_badregisters++;
-+ if (V_mrtdebug & DEBUG_PIM) {
- log(LOG_DEBUG, "pim_input: invalid IP version (%d) "
- "of the inner packet\n", encap_ip->ip_v);
- }
-@@ -2948,8 +3042,8 @@
-
- /* verify the inner packet is destined to a mcast group */
- if (!IN_MULTICAST(ntohl(encap_ip->ip_dst.s_addr))) {
-- pimstat.pims_rcv_badregisters++;
-- if (mrtdebug & DEBUG_PIM)
-+ V_pimstat.pims_rcv_badregisters++;
-+ if (V_mrtdebug & DEBUG_PIM)
- log(LOG_DEBUG,
- "pim_input: inner packet of register is not "
- "multicast %lx\n",
-@@ -3000,21 +3094,21 @@
-
- /* Keep statistics */
- /* XXX: registers_bytes include only the encap. mcast pkt */
-- pimstat.pims_rcv_registers_msgs++;
-- pimstat.pims_rcv_registers_bytes += ntohs(encap_ip->ip_len);
-+ V_pimstat.pims_rcv_registers_msgs++;
-+ V_pimstat.pims_rcv_registers_bytes += ntohs(encap_ip->ip_len);
-
- /*
- * forward the inner ip packet; point m_data at the inner ip.
- */
- m_adj(m, iphlen + PIM_MINLEN);
-
-- if (mrtdebug & DEBUG_PIM) {
-+ if (V_mrtdebug & DEBUG_PIM) {
- log(LOG_DEBUG,
- "pim_input: forwarding decapsulated register: "
- "src %lx, dst %lx, vif %d\n",
- (u_long)ntohl(encap_ip->ip_src.s_addr),
- (u_long)ntohl(encap_ip->ip_dst.s_addr),
-- reg_vif_num);
-+ V_reg_vif_num);
- }
- /* NB: vifp was collected above; can it change on us? */
- if_simloop(vifp, m, dst.sin_family, 0);
-@@ -3037,6 +3131,41 @@
- return;
- }
-
-+#ifdef VIMAGE
-+/* initialization for multicast routing state */
-+static int
-+vnet_mroute_iattach(unused)
-+ const void *unused;
-+{
-+ INIT_VNET_MROUTE(curvnet);
-+
-+ V_reg_vif_num = VIFI_INVALID;
-+ MROUTER_LOCK_INIT();
-+ MFC_LOCK_INIT();
-+ VIF_LOCK_INIT();
-+ ip_mrouter_reset();
-+ return 0;
-+}
-+
-+/* de-initialization for multicast routing state */
-+static int
-+vnet_mroute_idetach(unused)
-+ const void *unused;
-+{
-+ INIT_VNET_MROUTE(curvnet);
-+
-+ X_ip_mrouter_done();
-+#ifdef INET6
-+ X_ip6_mrouter_done();
-+#endif
-+
-+ VIF_LOCK_DESTROY();
-+ MFC_LOCK_DESTROY();
-+ MROUTER_LOCK_DESTROY();
-+ return 0;
-+}
-+#endif /* VIMAGE */
-+
- /*
- * XXX: This is common code for dealing with initialization for both
- * the IPv4 and IPv6 multicast forwarding paths. It could do with cleanup.
-@@ -3045,12 +3174,15 @@
- ip_mroute_modevent(module_t mod, int type, void *unused)
- {
- INIT_VNET_INET(curvnet);
-+ INIT_VNET_INET6(curvnet);
-+ INIT_VNET_MROUTE(curvnet);
- switch (type) {
- case MOD_LOAD:
-- MROUTER_LOCK_INIT();
-- MFC_LOCK_INIT();
-- VIF_LOCK_INIT();
-- ip_mrouter_reset();
-+#ifdef VIMAGE
-+ vnet_mod_register(&vnet_mroute_modinfo);
-+#else
-+ vnet_mroute_iattach(NULL);
-+#endif
- TUNABLE_ULONG_FETCH("net.inet.pim.squelch_wholepkt",
- &pim_squelch_wholepkt);
-
-@@ -3113,17 +3245,21 @@
- */
- if (V_ip_mrouter
- #ifdef INET6
-- || ip6_mrouter
-+ || V_ip6_mrouter
- #endif
- )
- return EINVAL;
-
-+#ifdef VIMAGE
-+ vnet_mod_deregister(&vnet_mroute_modinfo);
-+#else
-+ vnet_mroute_idetach(NULL)
-+#endif
- #ifdef INET6
- if (pim6_encap_cookie) {
- encap_detach(pim6_encap_cookie);
- pim6_encap_cookie = NULL;
- }
-- X_ip6_mrouter_done();
- ip6_mforward = NULL;
- ip6_mrouter_done = NULL;
- ip6_mrouter_get = NULL;
-@@ -3135,7 +3271,6 @@
- encap_detach(pim_encap_cookie);
- pim_encap_cookie = NULL;
- }
-- X_ip_mrouter_done();
- ip_mcast_src = NULL;
- ip_mforward = NULL;
- ip_mrouter_done = NULL;
-@@ -3148,10 +3283,6 @@
- legal_vif_num = NULL;
- mrt_ioctl = NULL;
- rsvp_input_p = NULL;
--
-- VIF_LOCK_DESTROY();
-- MFC_LOCK_DESTROY();
-- MROUTER_LOCK_DESTROY();
- break;
-
- default:
-diff -ur sys.20081015/netinet/ip_mroute.h sys/netinet/ip_mroute.h
---- sys.20081015/netinet/ip_mroute.h 2008-08-16 16:29:19.000000000 -0700
-+++ sys/netinet/ip_mroute.h 2008-11-05 13:21:08.000000000 -0800
-@@ -52,6 +52,10 @@
- * bandwidth metering and signaling.
- */
-
-+#ifdef VIMAGE
-+#include /* struct pimstat */
-+#endif
-+
-
- /*
- * Multicast Routing set/getsockopt commands.
-@@ -80,6 +84,9 @@
- typedef u_long vifbitmap_t;
- typedef u_short vifi_t; /* type of a vif index */
- #define ALL_VIFS (vifi_t)-1
-+#ifdef VIMAGE
-+#define VIFI_INVALID ((vifi_t) -1)
-+#endif /* VIMAGE */
-
- #define VIFM_SET(n, m) ((m) |= (1 << (n)))
- #define VIFM_CLR(n, m) ((m) &= ~(1 << (n)))
-@@ -205,6 +212,10 @@
- #define BW_UPCALL_THRESHOLD_INTERVAL_MIN_SEC 3
- #define BW_UPCALL_THRESHOLD_INTERVAL_MIN_USEC 0
-
-+#ifdef VIMAGE
-+#define BW_METER_BUCKETS 1024
-+#endif /* VIMAGE */
-+
- /*
- * The kernel's multicast routing statistics.
- */
-@@ -361,6 +372,62 @@
- extern int (*ip_mrouter_done)(void);
- extern int (*mrt_ioctl)(int, caddr_t, int);
-
-+#ifdef VIMAGE
-+struct vnet_mroute {
-+ /* from ip_mroute.c */
-+ u_int _rsvpdebug;
-+ u_int _mrtdebug;
-+ struct mrtstat _mrtstat;
-+ struct mfc *_mfctable[MFCTBLSIZ];
-+ struct mtx _mrouter_mtx;
-+ struct mtx _mfc_mtx;
-+ struct vif _viftable[MAXVIFS];
-+ struct mtx _vif_mtx;
-+ u_char _nexpire[MFCTBLSIZ];
-+ eventhandler_tag _if_detach_event_tag;
-+ struct callout _expire_upcalls_ch;
-+ struct bw_meter *_bw_meter_timers[BW_METER_BUCKETS];
-+ struct callout _bw_meter_ch;
-+ struct bw_upcall _bw_upcalls[BW_UPCALLS_MAX];
-+ u_int _bw_upcalls_n;
-+ struct callout _bw_upcalls_ch;
-+ struct pimstat _pimstat;
-+ struct ifnet _multicast_register_if;
-+ vifi_t _reg_vif_num;
-+ vifi_t _numvifs;
-+ int _pim_assert;
-+ uint32_t _mrt_api_config;
-+};
-+#endif /* VIMAGE */
-+
-+#define INIT_VNET_MROUTE(vnet) \
-+ INIT_FROM_VNET(vnet, VNET_MOD_MROUTE, struct vnet_mroute, vnet_mroute)
-+
-+#define VNET_MROUTE(sym) VSYM(vnet_mroute, sym)
-+
-+#define V_rsvpdebug VNET_MROUTE(rsvpdebug)
-+#define V_mrtdebug VNET_MROUTE(mrtdebug)
-+#define V_mrtstat VNET_MROUTE(mrtstat)
-+#define V_mfctable VNET_MROUTE(mfctable)
-+#define V_mrouter_mtx VNET_MROUTE(mrouter_mtx)
-+#define V_mfc_mtx VNET_MROUTE(mfc_mtx)
-+#define V_viftable VNET_MROUTE(viftable)
-+#define V_vif_mtx VNET_MROUTE(vif_mtx)
-+#define V_nexpire VNET_MROUTE(nexpire)
-+#define V_if_detach_event_tag VNET_MROUTE(if_detach_event_tag)
-+#define V_expire_upcalls_ch VNET_MROUTE(expire_upcalls_ch)
-+#define V_bw_meter_timers VNET_MROUTE(bw_meter_timers)
-+#define V_bw_meter_ch VNET_MROUTE(bw_meter_ch)
-+#define V_bw_upcalls VNET_MROUTE(bw_upcalls)
-+#define V_bw_upcalls_n VNET_MROUTE(bw_upcalls_n)
-+#define V_bw_upcalls_ch VNET_MROUTE(bw_upcalls_ch)
-+#define V_pimstat VNET_MROUTE(pimstat)
-+#define V_multicast_register_if VNET_MROUTE(multicast_register_if)
-+#define V_reg_vif_num VNET_MROUTE(reg_vif_num)
-+#define V_numvifs VNET_MROUTE(numvifs)
-+#define V_pim_assert VNET_MROUTE(pim_assert)
-+#define V_mrt_api_config VNET_MROUTE(mrt_api_config)
-+
- #endif /* _KERNEL */
-
- #endif /* _NETINET_IP_MROUTE_H_ */
-diff -ur sys.20081015/netinet/pim_var.h sys/netinet/pim_var.h
---- sys.20081015/netinet/pim_var.h 2007-11-19 06:49:11.000000000 -0800
-+++ sys/netinet/pim_var.h 2008-10-28 20:01:22.000000000 -0700
-@@ -73,7 +73,9 @@
- #ifdef _KERNEL
-
- void pim_input(struct mbuf *, int);
-+#ifdef SYSCTL_DECL
- SYSCTL_DECL(_net_inet_pim);
- #endif
-+#endif
-
- #endif /* _NETINET_PIM_VAR_H_ */
-diff -ur sys.20081015/netinet/vinet.h sys/netinet/vinet.h
---- sys.20081015/netinet/vinet.h 2007-11-19 09:09:38.000000000 -0800
-+++ sys/netinet/vinet.h 2008-11-03 16:04:36.000000000 -0800
-@@ -53,6 +53,9 @@
- #include
- #include
- #include
-+#include
-+#include
-+#include
-
- struct vnet_inet {
- struct in_ifaddrhashhead *_in_ifaddrhashtbl;
-diff -ur sys.20081015/netinet6/ip6_input.c sys/netinet6/ip6_input.c
---- sys.20081015/netinet6/ip6_input.c 2008-10-15 08:25:28.000000000 -0700
-+++ sys/netinet6/ip6_input.c 2008-10-28 20:01:22.000000000 -0700
-@@ -192,6 +192,20 @@
- nd6_init();
- frag6_init();
-
-+ V_ip6_mrouter_ver = 0;
-+ V_ip6_mrouter = NULL;
-+ bzero(&V_mrt6stat, sizeof(V_mrt6stat));
-+ bzero((caddr_t)V_mf6ctable, sizeof(V_mf6ctable));
-+ bzero((caddr_t)V_n6expire, sizeof(V_n6expire));
-+ bzero((caddr_t)V_mif6table, sizeof(V_mif6table));
-+ V_mrt6debug = 0;
-+ V_multicast_register_if6 = NULL;
-+ V_nummifs = 0;
-+ V_reg_mif_num = (mifi_t)-1;
-+ bzero(&V_pim6stat, sizeof(V_pim6stat));
-+ V_pim6 = 0;
-+ bzero((caddr_t)V_upcall_data, sizeof(V_upcall_data));
-+
- #ifdef VIMAGE
- /* Skip global initialization stuff for non-default instances. */
- if (!IS_DEFAULT_VNET(curvnet))
-@@ -507,7 +521,7 @@
- IN6_LOOKUP_MULTI(ip6->ip6_dst, m->m_pkthdr.rcvif, in6m);
- if (in6m)
- ours = 1;
-- else if (!ip6_mrouter) {
-+ else if (!V_ip6_mrouter) {
- V_ip6stat.ip6s_notmember++;
- V_ip6stat.ip6s_cantforward++;
- in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard);
-@@ -768,7 +782,7 @@
- * ip6_mforward() returns a non-zero value, the packet
- * must be discarded, else it may be accepted below.
- */
-- if (ip6_mrouter && ip6_mforward &&
-+ if (V_ip6_mrouter && ip6_mforward &&
- ip6_mforward(ip6, m->m_pkthdr.rcvif, m)) {
- V_ip6stat.ip6s_cantforward++;
- m_freem(m);
-diff -ur sys.20081015/netinet6/ip6_mroute.c sys/netinet6/ip6_mroute.c
---- sys.20081015/netinet6/ip6_mroute.c 2008-10-15 08:25:28.000000000 -0700
-+++ sys/netinet6/ip6_mroute.c 2008-11-05 14:34:10.000000000 -0800
-@@ -160,14 +160,17 @@
- SYSCTL_DECL(_net_inet6_ip6);
- SYSCTL_NODE(_net_inet6, IPPROTO_PIM, pim, CTLFLAG_RW, 0, "PIM");
-
-+#ifndef VIMAGE
- static struct mrt6stat mrt6stat;
--SYSCTL_STRUCT(_net_inet6_ip6, OID_AUTO, mrt6stat, CTLFLAG_RW,
-- &mrt6stat, mrt6stat,
-+#endif /* !VIMAGE */
-+SYSCTL_V_STRUCT(V_NET, vnet_inet6, _net_inet6_ip6, OID_AUTO, mrt6stat,
-+ CTLFLAG_RW, mrt6stat, mrt6stat,
- "Multicast Routing Statistics (struct mrt6stat, netinet6/ip6_mroute.h)");
-
- #define NO_RTE_FOUND 0x1
- #define RTE_FOUND 0x2
-
-+#ifndef VIMAGE
- static struct mf6c *mf6ctable[MF6CTBLSIZ];
- SYSCTL_OPAQUE(_net_inet6_ip6, OID_AUTO, mf6ctable, CTLFLAG_RD,
- &mf6ctable, sizeof(mf6ctable), "S,*mf6ctable[MF6CTBLSIZ]",
-@@ -180,6 +183,7 @@
- SYSCTL_OPAQUE(_net_inet6_ip6, OID_AUTO, mif6table, CTLFLAG_RD,
- &mif6table, sizeof(mif6table), "S,vif[MAXMIFS]",
- "Multicast Interfaces (struct mif[MAXMIFS], netinet6/ip6_mroute.h)");
-+#endif /* !VIMAGE */
-
- #ifdef MRT6DEBUG
- #ifndef VIMAGE
-@@ -199,7 +203,9 @@
-
- #ifdef INET
- #ifdef MROUTING
-+#ifndef VIMAGE
- extern struct socket *ip_mrouter;
-+#endif /* !VIMAGE */
- #endif
- #endif
-
-@@ -214,19 +220,23 @@
- * only exist as a placeholder for multicast source
- * verification.
- */
-+#ifndef VIMAGE
- static struct ifnet *multicast_register_if6;
-+#endif /* !VIMAGE */
-
- #define ENCAP_HOPS 64
-
- /*
- * Private variables.
- */
-+#ifndef VIMAGE
- static mifi_t nummifs = 0;
- static mifi_t reg_mif_num = (mifi_t)-1;
-
- static struct pim6stat pim6stat;
--SYSCTL_STRUCT(_net_inet6_pim, PIM6CTL_STATS, stats, CTLFLAG_RD,
-- &pim6stat, pim6stat,
-+#endif /* !VIMAGE */
-+SYSCTL_V_STRUCT(V_NET, vnet_inet6, _net_inet6_pim, PIM6CTL_STATS, stats,
-+ CTLFLAG_RD, pim6stat, pim6stat,
- "PIM Statistics (struct pim6stat, netinet6/pim_var.h)");
-
- #ifndef VIMAGE
-@@ -245,9 +255,9 @@
- * Find a route for a given origin IPv6 address and Multicast group address.
- */
- #define MF6CFIND(o, g, rt) do { \
-- struct mf6c *_rt = mf6ctable[MF6CHASH(o,g)]; \
-+ struct mf6c *_rt = V_mf6ctable[MF6CHASH(o,g)]; \
- rt = NULL; \
-- mrt6stat.mrt6s_mfc_lookups++; \
-+ V_mrt6stat.mrt6s_mfc_lookups++; \
- while (_rt) { \
- if (IN6_ARE_ADDR_EQUAL(&_rt->mf6c_origin.sin6_addr, &(o)) && \
- IN6_ARE_ADDR_EQUAL(&_rt->mf6c_mcastgrp.sin6_addr, &(g)) && \
-@@ -258,7 +268,7 @@
- _rt = _rt->mf6c_next; \
- } \
- if (rt == NULL) { \
-- mrt6stat.mrt6s_mfc_misses++; \
-+ V_mrt6stat.mrt6s_mfc_misses++; \
- } \
- } while (/*CONSTCOND*/ 0)
-
-@@ -291,7 +301,9 @@
-
- #ifdef UPCALL_TIMING
- #define UPCALL_MAX 50
-+#ifndef VIMAGE
- static u_long upcall_data[UPCALL_MAX + 1];
-+#endif /* !VIMAGE */
- static void collate();
- #endif /* UPCALL_TIMING */
-
-@@ -303,7 +315,9 @@
- static int add_m6fc(struct mf6cctl *);
- static int del_m6fc(struct mf6cctl *);
-
--static struct callout expire_upcalls_ch;
-+#ifndef VIMAGE
-+static struct callout expire_upcalls_ch6;
-+#endif /* !VIMAGE */
-
- int X_ip6_mforward(struct ip6_hdr *ip6, struct ifnet *ifp, struct mbuf *m);
- int X_ip6_mrouter_done(void);
-@@ -311,19 +325,21 @@
- int X_ip6_mrouter_get(struct socket *so, struct sockopt *sopt);
- int X_mrt6_ioctl(int cmd, caddr_t data);
-
-+
- /*
- * Handle MRT setsockopt commands to modify the multicast routing tables.
- */
- int
- X_ip6_mrouter_set(struct socket *so, struct sockopt *sopt)
- {
-+ INIT_VNET_INET6(so->so_vnet);
- int error = 0;
- int optval;
- struct mif6ctl mifc;
- struct mf6cctl mfcc;
- mifi_t mifi;
-
-- if (so != ip6_mrouter && sopt->sopt_name != MRT6_INIT)
-+ if (so != V_ip6_mrouter && sopt->sopt_name != MRT6_INIT)
- return (EACCES);
-
- switch (sopt->sopt_name) {
-@@ -385,10 +401,10 @@
- int
- X_ip6_mrouter_get(struct socket *so, struct sockopt *sopt)
- {
-- INIT_VNET_INET6(curvnet);
-+ INIT_VNET_INET6(so->so_vnet);
- int error = 0;
-
-- if (so != ip6_mrouter)
-+ if (so != V_ip6_mrouter)
- return (EACCES);
-
- switch (sopt->sopt_name) {
-@@ -421,6 +437,7 @@
- static int
- get_sg_cnt(struct sioc_sg_req6 *req)
- {
-+ INIT_VNET_INET6(curvnet);
- struct mf6c *rt;
- int s;
-
-@@ -446,15 +463,16 @@
- static int
- get_mif6_cnt(struct sioc_mif_req6 *req)
- {
-+ INIT_VNET_INET6(curvnet);
- mifi_t mifi = req->mifi;
-
-- if (mifi >= nummifs)
-+ if (mifi >= V_nummifs)
- return (EINVAL);
-
-- req->icount = mif6table[mifi].m6_pkt_in;
-- req->ocount = mif6table[mifi].m6_pkt_out;
-- req->ibytes = mif6table[mifi].m6_bytes_in;
-- req->obytes = mif6table[mifi].m6_bytes_out;
-+ req->icount = V_mif6table[mifi].m6_pkt_in;
-+ req->ocount = V_mif6table[mifi].m6_pkt_out;
-+ req->ibytes = V_mif6table[mifi].m6_bytes_in;
-+ req->obytes = V_mif6table[mifi].m6_bytes_out;
-
- return (0);
- }
-@@ -477,9 +495,11 @@
- static int
- ip6_mrouter_init(struct socket *so, int v, int cmd)
- {
-- INIT_VNET_INET6(curvnet);
-+ INIT_VNET_INET6(so->so_vnet);
-
- V_ip6_mrouter_ver = 0;
-+ V_nummifs = 0;
-+ V_reg_mif_num = (mifi_t)-1;
-
- #ifdef MRT6DEBUG
- V_mrt6debug = 0;
-@@ -497,20 +517,20 @@
- if (v != 1)
- return (ENOPROTOOPT);
-
-- if (ip6_mrouter != NULL)
-+ if (V_ip6_mrouter != NULL)
- return (EADDRINUSE);
-
-- ip6_mrouter = so;
-+ V_ip6_mrouter = so;
- V_ip6_mrouter_ver = cmd;
-
-- bzero((caddr_t)mf6ctable, sizeof(mf6ctable));
-- bzero((caddr_t)n6expire, sizeof(n6expire));
-+ bzero((caddr_t)V_mf6ctable, sizeof(V_mf6ctable));
-+ bzero((caddr_t)V_n6expire, sizeof(V_n6expire));
-
- V_pim6 = 0;/* used for stubbing out/in pim stuff */
-
-- callout_init(&expire_upcalls_ch, 0);
-- callout_reset(&expire_upcalls_ch, EXPIRE_TIMEOUT,
-- expire_upcalls, NULL);
-+ callout_init(&V_expire_upcalls_ch6, 0);
-+ callout_reset(&V_expire_upcalls_ch6, EXPIRE_TIMEOUT,
-+ expire_upcalls, (void *)so->so_vnet);
-
- #ifdef MRT6DEBUG
- if (V_mrt6debug)
-@@ -547,29 +567,29 @@
- * XXX: there may be an interface in which the IPv4 multicast
- * daemon is not interested...
- */
-- if (!ip_mrouter)
-+ if (!V_ip_mrouter)
- #endif
- #endif
- {
-- for (mifi = 0; mifi < nummifs; mifi++) {
-- if (mif6table[mifi].m6_ifp &&
-- !(mif6table[mifi].m6_flags & MIFF_REGISTER)) {
-- if_allmulti(mif6table[mifi].m6_ifp, 0);
-+ for (mifi = 0; mifi < V_nummifs; mifi++) {
-+ if (V_mif6table[mifi].m6_ifp &&
-+ !(V_mif6table[mifi].m6_flags & MIFF_REGISTER)) {
-+ if_allmulti(V_mif6table[mifi].m6_ifp, 0);
- }
- }
- }
-- bzero((caddr_t)mif6table, sizeof(mif6table));
-- nummifs = 0;
-+ bzero((caddr_t)V_mif6table, sizeof(V_mif6table));
-+ V_nummifs = 0;
-
- V_pim6 = 0; /* used to stub out/in pim specific code */
-
-- callout_stop(&expire_upcalls_ch);
-+ callout_stop(&V_expire_upcalls_ch6);
-
- /*
- * Free all multicast forwarding cache entries.
- */
- for (i = 0; i < MF6CTBLSIZ; i++) {
-- rt = mf6ctable[i];
-+ rt = V_mf6ctable[i];
- while (rt) {
- struct mf6c *frt;
-
-@@ -586,19 +606,19 @@
- }
- }
-
-- bzero((caddr_t)mf6ctable, sizeof(mf6ctable));
-+ bzero((caddr_t)V_mf6ctable, sizeof(V_mf6ctable));
-
- /*
- * Reset register interface
- */
-- if (reg_mif_num != (mifi_t)-1 && multicast_register_if6 != NULL) {
-- if_detach(multicast_register_if6);
-- if_free(multicast_register_if6);
-- reg_mif_num = (mifi_t)-1;
-- multicast_register_if6 = NULL;
-+ if (V_reg_mif_num != (mifi_t)-1 && V_multicast_register_if6 != NULL) {
-+ if_detach(V_multicast_register_if6);
-+ if_free(V_multicast_register_if6);
-+ V_reg_mif_num = (mifi_t)-1;
-+ V_multicast_register_if6 = NULL;
- }
-
-- ip6_mrouter = NULL;
-+ V_ip6_mrouter = NULL;
- V_ip6_mrouter_ver = 0;
-
- splx(s);
-@@ -620,13 +640,14 @@
- add_m6if(struct mif6ctl *mifcp)
- {
- INIT_VNET_NET(curvnet);
-+ INIT_VNET_INET6(curvnet);
- struct mif6 *mifp;
- struct ifnet *ifp;
- int error, s;
-
- if (mifcp->mif6c_mifi >= MAXMIFS)
- return (EINVAL);
-- mifp = mif6table + mifcp->mif6c_mifi;
-+ mifp = V_mif6table + mifcp->mif6c_mifi;
- if (mifp->m6_ifp)
- return (EADDRINUSE); /* XXX: is it appropriate? */
- if (mifcp->mif6c_pifi == 0 || mifcp->mif6c_pifi > V_if_index)
-@@ -634,14 +655,14 @@
- ifp = ifnet_byindex(mifcp->mif6c_pifi);
-
- if (mifcp->mif6c_flags & MIFF_REGISTER) {
-- if (reg_mif_num == (mifi_t)-1) {
-+ if (V_reg_mif_num == (mifi_t)-1) {
- ifp = if_alloc(IFT_OTHER);
-
- if_initname(ifp, "register_mif", 0);
- ifp->if_flags |= IFF_LOOPBACK;
- if_attach(ifp);
-- multicast_register_if6 = ifp;
-- reg_mif_num = mifcp->mif6c_mifi;
-+ V_multicast_register_if6 = ifp;
-+ V_reg_mif_num = mifcp->mif6c_mifi;
- /*
- * it is impossible to guess the ifindex of the
- * register interface. So mif6c_pifi is automatically
-@@ -649,7 +670,7 @@
- */
- mifcp->mif6c_pifi = ifp->if_index;
- } else {
-- ifp = multicast_register_if6;
-+ ifp = V_multicast_register_if6;
- }
-
- } /* if REGISTER */
-@@ -676,9 +697,9 @@
- mifp->m6_bytes_out = 0;
- splx(s);
-
-- /* Adjust nummifs up if the mifi is higher than nummifs */
-- if (nummifs <= mifcp->mif6c_mifi)
-- nummifs = mifcp->mif6c_mifi + 1;
-+ /* Adjust V_nummifs up if the mifi is higher than V_nummifs */
-+ if (V_nummifs <= mifcp->mif6c_mifi)
-+ V_nummifs = mifcp->mif6c_mifi + 1;
-
- #ifdef MRT6DEBUG
- if (V_mrt6debug)
-@@ -697,12 +718,13 @@
- static int
- del_m6if(mifi_t *mifip)
- {
-- struct mif6 *mifp = mif6table + *mifip;
-+ INIT_VNET_INET6(curvnet);
-+ struct mif6 *mifp = V_mif6table + *mifip;
- mifi_t mifi;
- struct ifnet *ifp;
- int s;
-
-- if (*mifip >= nummifs)
-+ if (*mifip >= V_nummifs)
- return (EINVAL);
- if (mifp->m6_ifp == NULL)
- return (EINVAL);
-@@ -718,28 +740,28 @@
-
- if_allmulti(ifp, 0);
- } else {
-- if (reg_mif_num != (mifi_t)-1 &&
-- multicast_register_if6 != NULL) {
-- if_detach(multicast_register_if6);
-- if_free(multicast_register_if6);
-- reg_mif_num = (mifi_t)-1;
-- multicast_register_if6 = NULL;
-+ if (V_reg_mif_num != (mifi_t)-1 &&
-+ V_multicast_register_if6 != NULL) {
-+ if_detach(V_multicast_register_if6);
-+ if_free(V_multicast_register_if6);
-+ V_reg_mif_num = (mifi_t)-1;
-+ V_multicast_register_if6 = NULL;
- }
- }
-
- bzero((caddr_t)mifp, sizeof(*mifp));
-
-- /* Adjust nummifs down */
-- for (mifi = nummifs; mifi > 0; mifi--)
-- if (mif6table[mifi - 1].m6_ifp)
-+ /* Adjust V_nummifs down */
-+ for (mifi = V_nummifs; mifi > 0; mifi--)
-+ if (V_mif6table[mifi - 1].m6_ifp)
- break;
-- nummifs = mifi;
-+ V_nummifs = mifi;
-
- splx(s);
-
- #ifdef MRT6DEBUG
- if (V_mrt6debug)
-- log(LOG_DEBUG, "del_m6if %d, nummifs %d\n", *mifip, nummifs);
-+ log(LOG_DEBUG, "del_m6if %d, nummifs %d\n", *mifip, V_nummifs);
- #endif
-
- return (0);
-@@ -787,7 +809,7 @@
- s = splnet();
- hash = MF6CHASH(mfccp->mf6cc_origin.sin6_addr,
- mfccp->mf6cc_mcastgrp.sin6_addr);
-- for (rt = mf6ctable[hash], nstl = 0; rt; rt = rt->mf6c_next) {
-+ for (rt = V_mf6ctable[hash], nstl = 0; rt; rt = rt->mf6c_next) {
- if (IN6_ARE_ADDR_EQUAL(&rt->mf6c_origin.sin6_addr,
- &mfccp->mf6cc_origin.sin6_addr) &&
- IN6_ARE_ADDR_EQUAL(&rt->mf6c_mcastgrp.sin6_addr,
-@@ -825,7 +847,7 @@
- rt->mf6c_wrong_if = 0;
-
- rt->mf6c_expire = 0; /* Don't clean this guy up */
-- n6expire[hash]--;
-+ V_n6expire[hash]--;
-
- /* free packets Qed at the end of this entry */
- for (rte = rt->mf6c_stall; rte != NULL; ) {
-@@ -856,7 +878,7 @@
- mfccp->mf6cc_parent);
- #endif
-
-- for (rt = mf6ctable[hash]; rt; rt = rt->mf6c_next) {
-+ for (rt = V_mf6ctable[hash]; rt; rt = rt->mf6c_next) {
-
- if (IN6_ARE_ADDR_EQUAL(&rt->mf6c_origin.sin6_addr,
- &mfccp->mf6cc_origin.sin6_addr)&&
-@@ -873,7 +895,7 @@
- rt->mf6c_wrong_if = 0;
-
- if (rt->mf6c_expire)
-- n6expire[hash]--;
-+ V_n6expire[hash]--;
- rt->mf6c_expire = 0;
- }
- }
-@@ -899,8 +921,8 @@
- rt->mf6c_stall = NULL;
-
- /* link into table */
-- rt->mf6c_next = mf6ctable[hash];
-- mf6ctable[hash] = rt;
-+ rt->mf6c_next = V_mf6ctable[hash];
-+ V_mf6ctable[hash] = rt;
- }
- }
- splx(s);
-@@ -914,6 +936,7 @@
- static void
- collate(struct timeval *t)
- {
-+ INIT_VNET_INET6(curvnet);
- u_long d;
- struct timeval tp;
- u_long delta;
-@@ -928,7 +951,7 @@
- if (d > UPCALL_MAX)
- d = UPCALL_MAX;
-
-- ++upcall_data[d];
-+ ++V_upcall_data[d];
- }
- }
- #endif /* UPCALL_TIMING */
-@@ -962,7 +985,7 @@
-
- s = splnet();
-
-- nptr = &mf6ctable[hash];
-+ nptr = &V_mf6ctable[hash];
- while ((rt = *nptr) != NULL) {
- if (IN6_ARE_ADDR_EQUAL(&origin.sin6_addr,
- &rt->mf6c_origin.sin6_addr) &&
-@@ -1097,7 +1120,7 @@
- GET_TIME(tp);
- #endif /* UPCALL_TIMING */
-
-- mrt6stat.mrt6s_no_route++;
-+ V_mrt6stat.mrt6s_no_route++;
- #ifdef MRT6DEBUG
- if (V_mrt6debug & (DEBUG_FORWARD | DEBUG_MFC))
- log(LOG_DEBUG, "ip6_mforward: no rte s %s g %s\n",
-@@ -1131,7 +1154,7 @@
-
- /* is there an upcall waiting for this packet? */
- hash = MF6CHASH(ip6->ip6_src, ip6->ip6_dst);
-- for (rt = mf6ctable[hash]; rt; rt = rt->mf6c_next) {
-+ for (rt = V_mf6ctable[hash]; rt; rt = rt->mf6c_next) {
- if (IN6_ARE_ADDR_EQUAL(&ip6->ip6_src,
- &rt->mf6c_origin.sin6_addr) &&
- IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst,
-@@ -1205,8 +1228,8 @@
- "getting the iif info in the kernel\n");
- #endif
-
-- for (mifp = mif6table, mifi = 0;
-- mifi < nummifs && mifp->m6_ifp != ifp;
-+ for (mifp = V_mif6table, mifi = 0;
-+ mifi < V_nummifs && mifp->m6_ifp != ifp;
- mifp++, mifi++)
- ;
-
-@@ -1221,10 +1244,10 @@
- break;
- }
-
-- if (socket_send(ip6_mrouter, mm, &sin6) < 0) {
-+ if (socket_send(V_ip6_mrouter, mm, &sin6) < 0) {
- log(LOG_WARNING, "ip6_mforward: ip6_mrouter "
- "socket queue full\n");
-- mrt6stat.mrt6s_upq_sockfull++;
-+ V_mrt6stat.mrt6s_upq_sockfull++;
- free(rte, M_MRTABLE6);
- m_freem(mb0);
- free(rt, M_MRTABLE6);
-@@ -1232,7 +1255,7 @@
- return (ENOBUFS);
- }
-
-- mrt6stat.mrt6s_upcalls++;
-+ V_mrt6stat.mrt6s_upcalls++;
-
- /* insert new entry at head of hash chain */
- bzero(rt, sizeof(*rt));
-@@ -1243,12 +1266,12 @@
- rt->mf6c_mcastgrp.sin6_len = sizeof(struct sockaddr_in6);
- rt->mf6c_mcastgrp.sin6_addr = ip6->ip6_dst;
- rt->mf6c_expire = UPCALL_EXPIRE;
-- n6expire[hash]++;
-+ V_n6expire[hash]++;
- rt->mf6c_parent = MF6C_INCOMPLETE_PARENT;
-
- /* link into table */
-- rt->mf6c_next = mf6ctable[hash];
-- mf6ctable[hash] = rt;
-+ rt->mf6c_next = V_mf6ctable[hash];
-+ V_mf6ctable[hash] = rt;
- /* Add this entry to the end of the queue */
- rt->mf6c_stall = rte;
- } else {
-@@ -1258,7 +1281,7 @@
-
- for (p = &rt->mf6c_stall; *p != NULL; p = &(*p)->next)
- if (++npkts > MAX_UPQ6) {
-- mrt6stat.mrt6s_upq_ovflw++;
-+ V_mrt6stat.mrt6s_upq_ovflw++;
- free(rte, M_MRTABLE6);
- m_freem(mb0);
- splx(s);
-@@ -1289,7 +1312,7 @@
- static void
- expire_upcalls(void *unused)
- {
-- INIT_VNET_INET6(curvnet);
-+ INIT_VNET_INET6( (struct vnet*)unused );
- struct rtdetq *rte;
- struct mf6c *mfc, **nptr;
- int i;
-@@ -1297,9 +1320,9 @@
-
- s = splnet();
- for (i = 0; i < MF6CTBLSIZ; i++) {
-- if (n6expire[i] == 0)
-+ if (V_n6expire[i] == 0)
- continue;
-- nptr = &mf6ctable[i];
-+ nptr = &V_mf6ctable[i];
- while ((mfc = *nptr) != NULL) {
- rte = mfc->mf6c_stall;
- /*
-@@ -1329,8 +1352,8 @@
- free(rte, M_MRTABLE6);
- rte = n;
- } while (rte != NULL);
-- mrt6stat.mrt6s_cache_cleanups++;
-- n6expire[i]--;
-+ V_mrt6stat.mrt6s_cache_cleanups++;
-+ V_n6expire[i]--;
-
- *nptr = mfc->mf6c_next;
- free(mfc, M_MRTABLE6);
-@@ -1339,9 +1362,9 @@
- }
- }
- }
-+ callout_reset(&V_expire_upcalls_ch6, EXPIRE_TIMEOUT,
-+ expire_upcalls, unused);
- splx(s);
-- callout_reset(&expire_upcalls_ch, EXPIRE_TIMEOUT,
-- expire_upcalls, NULL);
- }
-
- /*
-@@ -1377,16 +1400,16 @@
- * for its origin.
- */
- mifi = rt->mf6c_parent;
-- if ((mifi >= nummifs) || (mif6table[mifi].m6_ifp != ifp)) {
-+ if ((mifi >= V_nummifs) || (V_mif6table[mifi].m6_ifp != ifp)) {
- /* came in the wrong interface */
- #ifdef MRT6DEBUG
- if (V_mrt6debug & DEBUG_FORWARD)
- log(LOG_DEBUG,
- "wrong if: ifid %d mifi %d mififid %x\n",
- ifp->if_index, mifi,
-- mif6table[mifi].m6_ifp->if_index);
-+ V_mif6table[mifi].m6_ifp->if_index);
- #endif
-- mrt6stat.mrt6s_wrong_if++;
-+ V_mrt6stat.mrt6s_wrong_if++;
- rt->mf6c_wrong_if++;
- /*
- * If we are doing PIM processing, and we are forwarding
-@@ -1394,7 +1417,7 @@
- * routing daemon.
- */
- /* have to make sure this is a valid mif */
-- if (mifi < nummifs && mif6table[mifi].m6_ifp)
-+ if (mifi < V_nummifs && V_mif6table[mifi].m6_ifp)
- if (V_pim6 && (m->m_flags & M_LOOP) == 0) {
- /*
- * Check the M_LOOP flag to avoid an
-@@ -1440,8 +1463,8 @@
- return (EINVAL);
- }
-
-- for (mifp = mif6table, iif = 0;
-- iif < nummifs && mifp &&
-+ for (mifp = V_mif6table, iif = 0;
-+ iif < V_nummifs && mifp &&
- mifp->m6_ifp != ifp;
- mifp++, iif++)
- ;
-@@ -1459,14 +1482,14 @@
- break;
- }
-
-- mrt6stat.mrt6s_upcalls++;
-+ V_mrt6stat.mrt6s_upcalls++;
-
-- if (socket_send(ip6_mrouter, mm, &sin6) < 0) {
-+ if (socket_send(V_ip6_mrouter, mm, &sin6) < 0) {
- #ifdef MRT6DEBUG
- if (V_mrt6debug)
- log(LOG_WARNING, "mdq, ip6_mrouter socket queue full\n");
- #endif
-- ++mrt6stat.mrt6s_upq_sockfull;
-+ ++V_mrt6stat.mrt6s_upq_sockfull;
- return (ENOBUFS);
- } /* if socket Q full */
- } /* if PIM */
-@@ -1476,11 +1499,11 @@
- /* If I sourced this packet, it counts as output, else it was input. */
- if (m->m_pkthdr.rcvif == NULL) {
- /* XXX: is rcvif really NULL when output?? */
-- mif6table[mifi].m6_pkt_out++;
-- mif6table[mifi].m6_bytes_out += plen;
-+ V_mif6table[mifi].m6_pkt_out++;
-+ V_mif6table[mifi].m6_bytes_out += plen;
- } else {
-- mif6table[mifi].m6_pkt_in++;
-- mif6table[mifi].m6_bytes_in += plen;
-+ V_mif6table[mifi].m6_pkt_in++;
-+ V_mif6table[mifi].m6_bytes_in += plen;
- }
- rt->mf6c_pkt_cnt++;
- rt->mf6c_byte_cnt += plen;
-@@ -1496,7 +1519,7 @@
- V_ip6stat.ip6s_badscope++;
- return (error);
- }
-- for (mifp = mif6table, mifi = 0; mifi < nummifs; mifp++, mifi++) {
-+ for (mifp = V_mif6table, mifi = 0; mifi < V_nummifs; mifp++, mifi++) {
- if (IF_ISSET(mifi, &rt->mf6c_ifset)) {
- /*
- * check if the outgoing packet is going to break
-@@ -1504,12 +1527,12 @@
- * XXX For packets through PIM register tunnel
- * interface, we believe a routing daemon.
- */
-- if (!(mif6table[rt->mf6c_parent].m6_flags &
-+ if (!(V_mif6table[rt->mf6c_parent].m6_flags &
- MIFF_REGISTER) &&
-- !(mif6table[mifi].m6_flags & MIFF_REGISTER)) {
-- if (in6_setscope(&src0, mif6table[mifi].m6_ifp,
-+ !(V_mif6table[mifi].m6_flags & MIFF_REGISTER)) {
-+ if (in6_setscope(&src0, V_mif6table[mifi].m6_ifp,
- &oszone) ||
-- in6_setscope(&dst0, mif6table[mifi].m6_ifp,
-+ in6_setscope(&dst0, V_mif6table[mifi].m6_ifp,
- &odzone) ||
- iszone != oszone ||
- idzone != odzone) {
-@@ -1575,7 +1598,7 @@
- #ifdef MRT6DEBUG
- if (V_mrt6debug & DEBUG_XMIT)
- log(LOG_DEBUG, "phyint_send on mif %d err %d\n",
-- mifp - mif6table, error);
-+ mifp - V_mif6table, error);
- #endif
- splx(s);
- return;
-@@ -1611,7 +1634,7 @@
- #ifdef MRT6DEBUG
- if (V_mrt6debug & DEBUG_XMIT)
- log(LOG_DEBUG, "phyint_send on mif %d err %d\n",
-- mifp - mif6table, error);
-+ mifp - V_mif6table, error);
- #endif
- } else {
- /*
-@@ -1659,7 +1682,7 @@
- ip6_sprintf(ip6bufd, &ip6->ip6_dst));
- }
- #endif
-- ++pim6stat.pim6s_snd_registers;
-+ ++V_pim6stat.pim6s_snd_registers;
-
- /* Make a copy of the packet to send to the user level process */
- MGETHDR(mm, M_DONTWAIT, MT_HEADER);
-@@ -1691,18 +1714,18 @@
- im6->im6_msgtype = MRT6MSG_WHOLEPKT;
- im6->im6_mbz = 0;
-
-- im6->im6_mif = mif - mif6table;
-+ im6->im6_mif = mif - V_mif6table;
-
- /* iif info is not given for reg. encap.n */
-- mrt6stat.mrt6s_upcalls++;
-+ V_mrt6stat.mrt6s_upcalls++;
-
-- if (socket_send(ip6_mrouter, mm, &sin6) < 0) {
-+ if (socket_send(V_ip6_mrouter, mm, &sin6) < 0) {
- #ifdef MRT6DEBUG
- if (V_mrt6debug)
- log(LOG_WARNING,
- "register_send: ip6_mrouter socket queue full\n");
- #endif
-- ++mrt6stat.mrt6s_upq_sockfull;
-+ ++V_mrt6stat.mrt6s_upq_sockfull;
- return (ENOBUFS);
- }
- return (0);
-@@ -1726,7 +1749,7 @@
- int minlen;
- int off = *offp;
-
-- ++pim6stat.pim6s_rcv_total;
-+ ++V_pim6stat.pim6s_rcv_total;
-
- ip6 = mtod(m, struct ip6_hdr *);
- pimlen = m->m_pkthdr.len - *offp;
-@@ -1735,7 +1758,7 @@
- * Validate lengths
- */
- if (pimlen < PIM_MINLEN) {
-- ++pim6stat.pim6s_rcv_tooshort;
-+ ++V_pim6stat.pim6s_rcv_tooshort;
- #ifdef MRT6DEBUG
- if (V_mrt6debug & DEBUG_PIM)
- log(LOG_DEBUG,"pim6_input: PIM packet too short\n");
-@@ -1768,7 +1791,7 @@
- #else
- IP6_EXTHDR_GET(pim, struct pim *, m, off, minlen);
- if (pim == NULL) {
-- pim6stat.pim6s_rcv_tooshort++;
-+ V_pim6stat.pim6s_rcv_tooshort++;
- return (IPPROTO_DONE);
- }
- #endif
-@@ -1788,7 +1811,7 @@
- cksumlen = pimlen;
-
- if (in6_cksum(m, IPPROTO_PIM, off, cksumlen)) {
-- ++pim6stat.pim6s_rcv_badsum;
-+ ++V_pim6stat.pim6s_rcv_badsum;
- #ifdef MRT6DEBUG
- if (V_mrt6debug & DEBUG_PIM)
- log(LOG_DEBUG,
-@@ -1802,7 +1825,7 @@
-
- /* PIM version check */
- if (pim->pim_ver != PIM_VERSION) {
-- ++pim6stat.pim6s_rcv_badversion;
-+ ++V_pim6stat.pim6s_rcv_badversion;
- #ifdef MRT6DEBUG
- log(LOG_ERR,
- "pim6_input: incorrect version %d, expecting %d\n",
-@@ -1828,14 +1851,14 @@
- char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
- #endif
-
-- ++pim6stat.pim6s_rcv_registers;
-+ ++V_pim6stat.pim6s_rcv_registers;
-
-- if ((reg_mif_num >= nummifs) || (reg_mif_num == (mifi_t) -1)) {
-+ if ((V_reg_mif_num >= V_nummifs) || (V_reg_mif_num == (mifi_t) -1)) {
- #ifdef MRT6DEBUG
- if (V_mrt6debug & DEBUG_PIM)
- log(LOG_DEBUG,
- "pim6_input: register mif not set: %d\n",
-- reg_mif_num);
-+ V_reg_mif_num);
- #endif
- m_freem(m);
- return (IPPROTO_DONE);
-@@ -1850,8 +1873,8 @@
- * Validate length
- */
- if (pimlen < PIM6_REG_MINLEN) {
-- ++pim6stat.pim6s_rcv_tooshort;
-- ++pim6stat.pim6s_rcv_badregisters;
-+ ++V_pim6stat.pim6s_rcv_tooshort;
-+ ++V_pim6stat.pim6s_rcv_badregisters;
- #ifdef MRT6DEBUG
- log(LOG_ERR,
- "pim6_input: register packet size too "
-@@ -1875,7 +1898,7 @@
-
- /* verify the version number of the inner packet */
- if ((eip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) {
-- ++pim6stat.pim6s_rcv_badregisters;
-+ ++V_pim6stat.pim6s_rcv_badregisters;
- #ifdef MRT6DEBUG
- log(LOG_DEBUG, "pim6_input: invalid IP version (%d) "
- "of the inner packet\n",
-@@ -1887,7 +1910,7 @@
-
- /* verify the inner packet is destined to a mcast group */
- if (!IN6_IS_ADDR_MULTICAST(&eip6->ip6_dst)) {
-- ++pim6stat.pim6s_rcv_badregisters;
-+ ++V_pim6stat.pim6s_rcv_badregisters;
- #ifdef MRT6DEBUG
- if (V_mrt6debug & DEBUG_PIM)
- log(LOG_DEBUG,
-@@ -1924,11 +1947,11 @@
- "src %s, dst %s, mif %d\n",
- ip6_sprintf(ip6bufs, &eip6->ip6_src),
- ip6_sprintf(ip6bufd, &eip6->ip6_dst),
-- reg_mif_num);
-+ V_reg_mif_num);
- }
- #endif
-
-- rc = if_simloop(mif6table[reg_mif_num].m6_ifp, m,
-+ rc = if_simloop(V_mif6table[V_reg_mif_num].m6_ifp, m,
- dst.sin6_family, 0);
-
- /* prepare the register head to send to the mrouting daemon */
-diff -ur sys.20081015/netinet6/ip6_mroute.h sys/netinet6/ip6_mroute.h
---- sys.20081015/netinet6/ip6_mroute.h 2008-10-15 08:25:28.000000000 -0700
-+++ sys/netinet6/ip6_mroute.h 2008-11-05 13:21:56.000000000 -0800
-@@ -266,6 +266,7 @@
- extern int (*ip6_mrouter_get)(struct socket *so, struct sockopt *sopt);
- extern int (*ip6_mrouter_done)(void);
- extern int (*mrt6_ioctl)(int, caddr_t);
-+
- #endif /* _KERNEL */
-
- #endif /* !_NETINET6_IP6_MROUTE_H_ */
-diff -ur sys.20081015/netinet6/ip6_output.c sys/netinet6/ip6_output.c
---- sys.20081015/netinet6/ip6_output.c 2008-10-15 08:25:28.000000000 -0700
-+++ sys/netinet6/ip6_output.c 2008-10-28 20:01:22.000000000 -0700
-@@ -744,7 +744,7 @@
- * above, will be forwarded by the ip6_input() routine,
- * if necessary.
- */
-- if (ip6_mrouter && (flags & IPV6_FORWARDING) == 0) {
-+ if (V_ip6_mrouter && (flags & IPV6_FORWARDING) == 0) {
- /*
- * XXX: ip6_mforward expects that rcvif is NULL
- * when it is called from the originating path.
-diff -ur sys.20081015/netinet6/ip6_var.h sys/netinet6/ip6_var.h
---- sys.20081015/netinet6/ip6_var.h 2008-10-15 08:25:28.000000000 -0700
-+++ sys/netinet6/ip6_var.h 2008-10-28 20:01:22.000000000 -0700
-@@ -292,8 +292,8 @@
- extern int ip6_v6only;
- #endif
-
--extern struct socket *ip6_mrouter; /* multicast routing daemon */
- #ifndef VIMAGE
-+extern struct socket *ip6_mrouter; /* multicast routing daemon */
- extern int ip6_sendredirects; /* send IP redirects when forwarding? */
- extern int ip6_maxfragpackets; /* Maximum packets in reassembly queue */
- extern int ip6_maxfrags; /* Maximum fragments in reassembly queue */
-diff -ur sys.20081015/netinet6/mld6.c sys/netinet6/mld6.c
---- sys.20081015/netinet6/mld6.c 2008-10-15 08:25:28.000000000 -0700
-+++ sys/netinet6/mld6.c 2008-10-28 20:01:22.000000000 -0700
-@@ -518,7 +518,7 @@
- * Request loopback of the report if we are acting as a multicast
- * router, so that the process-level routing daemon can hear it.
- */
-- im6o.im6o_multicast_loop = (ip6_mrouter != NULL);
-+ im6o.im6o_multicast_loop = (V_ip6_mrouter != NULL);
-
- /* increment output statictics */
- V_icmp6stat.icp6s_outhist[type]++;
-diff -ur sys.20081015/netinet6/raw_ip6.c sys/netinet6/raw_ip6.c
---- sys.20081015/netinet6/raw_ip6.c 2008-10-15 08:25:28.000000000 -0700
-+++ sys/netinet6/raw_ip6.c 2008-10-28 20:01:22.000000000 -0700
-@@ -129,7 +129,9 @@
- /*
- * Hooks for multicast forwarding.
- */
-+#ifndef VIMAGE
- struct socket *ip6_mrouter = NULL;
-+#endif
- int (*ip6_mrouter_set)(struct socket *, struct sockopt *);
- int (*ip6_mrouter_get)(struct socket *, struct sockopt *);
- int (*ip6_mrouter_done)(void);
-@@ -599,12 +601,13 @@
- rip6_detach(struct socket *so)
- {
- INIT_VNET_INET(so->so_vnet);
-+ INIT_VNET_INET6(so->so_vnet);
- struct inpcb *inp;
-
- inp = sotoinpcb(so);
- KASSERT(inp != NULL, ("rip6_detach: inp == NULL"));
-
-- if (so == ip6_mrouter && ip6_mrouter_done)
-+ if (so == V_ip6_mrouter && ip6_mrouter_done)
- ip6_mrouter_done();
- /* xxx: RSVP */
- INP_INFO_WLOCK(&V_ripcbinfo);
-diff -ur sys.20081015/netinet6/vinet6.h sys/netinet6/vinet6.h
---- sys.20081015/netinet6/vinet6.h 2008-10-15 08:25:28.000000000 -0700
-+++ sys/netinet6/vinet6.h 2008-10-29 12:58:52.000000000 -0700
-@@ -43,6 +43,8 @@
- #include
- #include
- #include
-+#include
-+#include /* struct pim6stat */
-
- #define INIT_VNET_INET6(vnet) \
- INIT_FROM_VNET(vnet, VNET_MOD_INET6, \
-@@ -95,6 +97,7 @@
- //int _icmp6_nodeinfo;
-
- int _ip6_forwarding;
-+ struct socket * _ip6_mrouter;
- int _ip6_sendredirects;
- int _ip6_defhlim;
- int _ip6_defmcasthlim;
-@@ -149,14 +152,25 @@
- u_int32_t _ip6_temp_preferred_lifetime;
- u_int32_t _ip6_temp_valid_lifetime;
-
-- int _ip6_mrouter_ver;
-- int _pim6;
-- u_int _mrt6debug;
--
- int _ip6_temp_regen_advance;
- int _ip6_use_defzone;
-
- struct ip6_pktopts _ip6_opts;
-+
-+ /* from ip6_mroute.c */
-+ int _ip6_mrouter_ver; /* = 0; */
-+ struct mrt6stat _mrt6stat;
-+ struct mf6c * _mf6ctable[MF6CTBLSIZ];
-+ u_char _n6expire[MF6CTBLSIZ];
-+ struct mif6 _mif6table[MAXMIFS];
-+ u_int _mrt6debug;
-+ struct ifnet * _multicast_register_if6;
-+ mifi_t _nummifs; /* = 0; */
-+ mifi_t _reg_mif_num; /* = (mifi_t)-1; */
-+ struct pim6stat _pim6stat;
-+ int _pim6;
-+ u_long _upcall_data[51];
-+ struct callout _expire_upcalls_ch6;
- };
- #endif
-
-@@ -206,6 +220,7 @@
- //#define V_icmp6_nodeinfo VNET_INET6(icmp6_nodeinfo)
-
- #define V_ip6_forwarding VNET_INET6(ip6_forwarding)
-+#define V_ip6_mrouter VNET_INET6(ip6_mrouter)
- #define V_ip6_sendredirects VNET_INET6(ip6_sendredirects)
- #define V_ip6_defhlim VNET_INET6(ip6_defhlim)
- #define V_ip6_defmcasthlim VNET_INET6(ip6_defmcasthlim)
-@@ -260,13 +275,24 @@
- #define V_ip6_temp_preferred_lifetime VNET_INET6(ip6_temp_preferred_lifetime)
- #define V_ip6_temp_valid_lifetime VNET_INET6(ip6_temp_valid_lifetime)
-
--#define V_ip6_mrouter_ver VNET_INET6(ip6_mrouter_ver)
--#define V_pim6 VNET_INET6(pim6)
--#define V_mrt6debug VNET_INET6(mrt6debug)
- #define V_ip6_temp_regen_advance VNET_INET6(ip6_temp_regen_advance)
-
- #define V_ip6_use_defzone VNET_INET6(ip6_use_defzone)
-
- #define V_ip6_opts VNET_INET6(ip6_opts)
-
-+#define V_ip6_mrouter_ver VNET_INET6(ip6_mrouter_ver)
-+#define V_mrt6stat VNET_INET6(mrt6stat)
-+#define V_mf6ctable VNET_INET6(mf6ctable)
-+#define V_n6expire VNET_INET6(n6expire)
-+#define V_mif6table VNET_INET6(mif6table)
-+#define V_mrt6debug VNET_INET6(mrt6debug)
-+#define V_multicast_register_if6 VNET_INET6(multicast_register_if6)
-+#define V_nummifs VNET_INET6(nummifs)
-+#define V_reg_mif_num VNET_INET6(reg_mif_num)
-+#define V_pim6stat VNET_INET6(pim6stat)
-+#define V_pim6 VNET_INET6(pim6)
-+#define V_upcall_data VNET_INET6(upcall_data)
-+#define V_expire_upcalls_ch6 VNET_INET6(expire_upcalls_ch6)
-+
- #endif /* !_NETINET6_VINET6_H_ */
-diff -ur sys.20081015/netipsec/keysock.c sys/netipsec/keysock.c
---- sys.20081015/netipsec/keysock.c 2008-10-15 08:25:29.000000000 -0700
-+++ sys/netipsec/keysock.c 2008-10-29 07:57:18.000000000 -0700
-@@ -429,8 +429,8 @@
- kp->kp_promisc = kp->kp_registered = 0;
-
- if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */
-- key_cb.key_count++;
-- key_cb.any_count++;
-+ V_key_cb.key_count++;
-+ V_key_cb.any_count++;
- soisconnected(so);
- so->so_options |= SO_USELOOPBACK;
-
-diff -ur sys.20081015/sys/vimage.h sys/sys/vimage.h
---- sys.20081015/sys/vimage.h 2008-10-15 08:25:30.000000000 -0700
-+++ sys/sys/vimage.h 2008-11-04 13:56:18.000000000 -0800
-@@ -77,6 +77,7 @@
- #define VNET_MOD_IPX 9
- #define VNET_MOD_ATALK 10
- #define VNET_MOD_DIVERT 11
-+#define VNET_MOD_MROUTE 12
- /* stateless modules */
- #define VNET_MOD_NG_WORMHOLE 19
- #define VNET_MOD_NG_ETHER 20
-@@ -103,6 +104,7 @@
- #define V_MOD_vnet_pf VNET_MOD_PF
- #define V_MOD_vnet_gif VNET_MOD_GIF
- #define V_MOD_vnet_ipsec VNET_MOD_IPSEC
-+#define V_MOD_vnet_mroute VNET_MOD_MROUTE
-
- #define V_MOD_vprocg 0
- #define V_MOD_vcpu 0
diff --git a/packaging/bsd/core-kernel-deinstall-4.11.sh b/packaging/bsd/core-kernel-deinstall-4.11.sh
deleted file mode 100755
index b52c96e2..00000000
--- a/packaging/bsd/core-kernel-deinstall-4.11.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-
-echo Restoring /kernel.old ...
-install -m 555 -o root -g wheel -fschg /kernel.old /kernel
-rm -rf /modules
-mv /modules.old /modules
-
diff --git a/packaging/bsd/core-kernel-deinstall-8.x.sh b/packaging/bsd/core-kernel-deinstall-8.x.sh
deleted file mode 100755
index 5b64141b..00000000
--- a/packaging/bsd/core-kernel-deinstall-8.x.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/sh
-PREV=""
-
-if [ ! -e "/boot/kernel.old" ] ; then
- if [ ! -e "/boot/GENERIC" ] ; then
- echo Previous kernel does not exist in /boot/kernel.old or /boot/GENERIC !
- exit 1;
- else
- PREV="/boot/GENERIC"
- fi;
-else
- PREV="/boot/kernel.old"
-fi;
-
-echo Removing current kernel...
-chflags -R noschg /boot/kernel
-rm -rf /boot/kernel
-echo Restoring previous kernel from $PREV...
-mv $PREV /boot/kernel
-
-exit 0;
diff --git a/packaging/bsd/core-kernel-pkgcreate.sh b/packaging/bsd/core-kernel-pkgcreate.sh
deleted file mode 100755
index 00f2bbac..00000000
--- a/packaging/bsd/core-kernel-pkgcreate.sh
+++ /dev/null
@@ -1,96 +0,0 @@
-#!/bin/sh
-VER=0.0
-
-# determine FreeBSD 4.11 or 8.x
-REL=`uname -r`
-case "$REL" in
- 9.*)
- echo "Using FreeBSD 9.x..."
- KERN=9.x
- SCRIPTVER=8.x
- ;;
- 8.*)
- echo "Using FreeBSD 8.x..."
- KERN=8.x
- SCRIPTVER=8.x
- ;;
- 4.11-RELEASE)
- echo "Using FreeBSD 4.11..."
- KERN=4.11
- SCRIPTVER=4.11
- ;;
- *)
- echo "What version of FreeBSD are you running (4.11/8.x) ?"
- exit 1
-esac
-
-if [ "a$1" = "a" ]
-then
- echo "usage: ./core-kernel-release.sh 20080228 [clean]"
- echo a version number is required
- exit 1;
-else
-VER=$1
-fi;
-
-if [ "a$2" = "aclean" ]
-then
- echo Cleaning up...
- rm -f core-kernel.pkglist.tmp
- rm -f core-kernel.pkglist
- rm -f core-kernel-${KERN}-${VER}.tbz
- exit
-fi;
-
-
-# check for /kernel.new on 4.11
-if [ ${KERN} = "4.11" ]
-then
-
-if [ -e "/kernel.new" ]
-then
- echo Note: proceeding using this kernel...
- ls -al /kernel.new
-else
- echo "error: first copy the desired kernel to /kernel.new"
- exit
-fi;
-
-fi;
-
-
-
-#
-# build the packing list
-#
-echo @comment ORIGIN:net/core-kernel > core-kernel.pkglist
-if [ ${KERN} = "4.11" ]
-# FreeBSD 4.11
-then
-echo @cwd / >> core-kernel.pkglist
-echo kernel.new >> core-kernel.pkglist
-find /modules \! -type d > core-kernel.pkglist.tmp
-find /sbin/vimage >> core-kernel.pkglist.tmp
-find /usr/share/man/man8/vimage.8.gz >> core-kernel.pkglist.tmp
-find /sbin/ngctl >> core-kernel.pkglist.tmp
-find /usr/share/man/man8/ngctl.8.gz >> core-kernel.pkglist.tmp
-# FreeBSD 8.x
-else
-echo @cwd /boot >> core-kernel.pkglist
-PWDOLD=${PWD}
-cd /boot
-find kernel \! -type d > ${PWDOLD}/core-kernel.pkglist.tmp
-cd ${PWDOLD}
-echo @cwd / >> core-kernel.pkglist.tmp
-find /usr/sbin/vimage >> core-kernel.pkglist.tmp
-find /usr/share/man/man8/vimage.8.gz >> core-kernel.pkglist.tmp
-fi;
-
-# remove leading '/' from lines
-sed -e "s,^/,," core-kernel.pkglist.tmp >> core-kernel.pkglist
-
-#
-# build the package
-#
-pkg_create -c core-kernel.pkgdesc -d core-kernel.pkgdesclong -f core-kernel.pkglist -i core-kernel-preinstall-${SCRIPTVER}.sh -K core-kernel-deinstall-${SCRIPTVER}.sh -v core-kernel-${KERN}-${VER}.tbz
-
diff --git a/packaging/bsd/core-kernel-preinstall-4.11.sh b/packaging/bsd/core-kernel-preinstall-4.11.sh
deleted file mode 100755
index b53ffee2..00000000
--- a/packaging/bsd/core-kernel-preinstall-4.11.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/sh
-
-if [ "x$2" = "xPOST-INSTALL" ]
-then
- install -m 555 -o root -g wheel -fschg /kernel.new /kernel
- rm -f /kernel.new
- echo Please reboot this machine to enable the new CORE kernel.
- exit 0;
-fi;
-
-install -m 555 -o root -g wheel -fschg /kernel /kernel.old
-if [ -e /modules.old ]
-then
- rm -rf /modules.old
-fi;
-
-mv /modules /modules.old
-exit 0;
diff --git a/packaging/bsd/core-kernel-preinstall-8.x.sh b/packaging/bsd/core-kernel-preinstall-8.x.sh
deleted file mode 100755
index 1a5dc2f3..00000000
--- a/packaging/bsd/core-kernel-preinstall-8.x.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/sh
-
-if [ "x$2" = "xPOST-INSTALL" ]
-then
- echo Please reboot this machine to enable the new CORE kernel.
- exit 0;
-fi;
-
-# PRE-INSTALL
-# save the GENERIC kernel
-OLDNAME=`strings /boot/kernel/kernel | tail -n 1`
-if [ "x$OLDNAME" = "xGENERIC" ]
-then
- chflags -R noschg /boot/kernel
- mv /boot/kernel /boot/GENERIC
- exit 0;
-fi;
-# get rid of /boot/kernel.old if it is in the way
-if [ -e "/boot/kernel.old" ] ; then
- chflags -R noschg /boot/kernel.old
- rm -rf /boot/kernel.old
-fi;
-
-chflags -R noschg /boot/kernel
-mv /boot/kernel /boot/kernel.old
-
-exit 0;
diff --git a/packaging/bsd/core-kernel.pkgdesc b/packaging/bsd/core-kernel.pkgdesc
deleted file mode 100644
index 9c9bcf63..00000000
--- a/packaging/bsd/core-kernel.pkgdesc
+++ /dev/null
@@ -1 +0,0 @@
-CORE FreeBSD kernel enables lightweight virtual machines
diff --git a/packaging/bsd/core-kernel.pkgdesclong b/packaging/bsd/core-kernel.pkgdesclong
deleted file mode 100644
index 83beefc9..00000000
--- a/packaging/bsd/core-kernel.pkgdesclong
+++ /dev/null
@@ -1 +0,0 @@
-This package contains the CORE FreeBSD kernel with kernel modules. Custom modules include ng_pipe and ng_wlan. Also contains the userspace utility program vimage. This package can be used along with the CORE GUI to build emulated networks. This kernel is based on the GENERIC kernel with the VIMAGE option turned on (per-jail network stack virtualization), and with a small patch to allow per-node filesystem access.
diff --git a/packaging/bsd/core-pkgcreate.sh b/packaging/bsd/core-pkgcreate.sh
deleted file mode 100755
index fd8233f0..00000000
--- a/packaging/bsd/core-pkgcreate.sh
+++ /dev/null
@@ -1,68 +0,0 @@
-#!/bin/sh
-
-VER=`grep -m 1 "set CORE_VERSION" ../../gui/version.tcl | awk '{ print $3 }'`
-ARCH=`uname -m`
-# determine FreeBSD 4.11 or 7.x
-REL=`uname -r`
-case "$REL" in
- 9.*)
- echo "Using FreeBSD 9.x..."
- KERN=9.x
- ;;
- 8.*)
- echo "Using FreeBSD 8.x..."
- KERN=8.x
- ;;
- 4.11-RELEASE)
- echo "Using FreeBSD 4.11..."
- KERN=4.11
- ;;
- *)
- echo "What version of FreeBSD are you running (4.11/8.x) ?"
- exit 1
-esac
-
-if [ "a$1" = "aclean" ]
-then
- echo Cleaning up...
- rm -f core.pkglist.tmp
- rm -f core.pkglist
- rm -f core-${KERN}-${VER}.tbz
- rm -rf /tmp/staging
- exit
-fi;
-
-
-#
-# build the packing list
-#
-echo @comment ORIGIN:net/core > core.pkglist
-echo @cwd /usr/local >> core.pkglist
-PKG_BASH=`pkg_info -E -x ^bash`
-# for 4.11 change this back to 8.4
-PKG_TCL=`pkg_info -E -x ^tcl-8.5`
-PKG_TK=`pkg_info -E -x ^tk-8.5`
-echo @pkgdep ${PKG_BASH} >> core.pkglist
-echo @comment DEPORIGIN:shells/bash >> core.pkglist
-echo @pkgdep ${PKG_TCL} >> core.pkglist
-echo @comment DEPORIGIN:lang/tcl85 >> core.pkglist
-echo @pkgdep ${PKG_TK} >> core.pkglist
-echo @comment DEPORIGIN:x11-toolkits/tk85 >> core.pkglist
-
-SAVEDIR=`pwd`
-cd ../..
-rm -rf /tmp/staging
-gmake DESTDIR=/tmp/staging install
-cd $SAVEDIR
-find /tmp/staging/usr/local \! -type d >> core.pkglist
-echo @cwd /etc >> core.pkglist
-find /tmp/staging/etc \! -type d >> core.pkglist
-sed -e "s,^/tmp/staging/usr/local/,," core.pkglist > core.pkglist.new1
-sed -e "s,^/tmp/staging/etc/,," core.pkglist.new1 > core.pkglist
-rm -f core.pkglist.new1
-
-#
-# build the package
-#
-pkg_create -c core.pkgdesc -d core.pkgdesclong -f core.pkglist -v core-${KERN}-${ARCH}-${VER}.tbz
-
diff --git a/packaging/bsd/core.pkgdesc b/packaging/bsd/core.pkgdesc
deleted file mode 100644
index c836d5cd..00000000
--- a/packaging/bsd/core.pkgdesc
+++ /dev/null
@@ -1 +0,0 @@
-Common Open Research Emulator userspace components
diff --git a/packaging/bsd/core.pkgdesclong b/packaging/bsd/core.pkgdesclong
deleted file mode 100644
index e8158147..00000000
--- a/packaging/bsd/core.pkgdesclong
+++ /dev/null
@@ -1,3 +0,0 @@
-The Common Open Research Emulator (CORE) is a tool that allows you to emulate entire networks on a FreeBSD or Linux machine. You can connect these emulated networks to live networks (or to additional emulated networks) via the machine's physical interfaces. This package contains CORE userspace components for easily drawing topologies that drive lightweight virutalized network stacks.
-
-WWW: http://www.nrl.navy.mil/itd/ncs/products/core
diff --git a/scripts/Makefile.am b/scripts/Makefile.am
index 95622585..3f6a4f44 100644
--- a/scripts/Makefile.am
+++ b/scripts/Makefile.am
@@ -24,15 +24,7 @@ dist-hook:
rm -rf $(distdir)/xen/.svn
# install startup scripts based on --with-startup=option configure option
-# FreeBSD, init.d (default), systemd, SUSE
-if WANT_BSD
-startupdir = /usr/local/etc/rc.d
-startup_SCRIPTS = core-daemon
-
-core-daemon: core-daemon-rc.d
- cp $< $@
-else
-
+# init.d (default), systemd, SUSE
if WANT_INITD
startupdir = /etc/init.d
startup_SCRIPTS = core-daemon
@@ -51,8 +43,6 @@ startup_SCRIPTS = core-daemon
core-daemon: core-daemon-init.d-SUSE
cp $< $@
endif
-# endif FreeBSD
-endif
# remove extra scripts and their directories if they are empty
uninstall-hook: