Proposal for changes to network device drivers and network stack (RFC)

Thu Jan 17 19:32:46 UTC 2013

The network stack as a module patch has been separated out and can be 
found in the following location:
http://people.freebsd.org/~marcel/Juniper/netstack-v2.diff

Details about these changes:

  1. Network stack module support infrastructure

     kern/{kern_netstack.c,netstack_if.m,netstack.h}

     Network stack modules are declared using the NETSTACK_MODULE macro.
     Netstack classes are expected to be singletons. Currently, only a 
single network stack is allowed to be registered at a time.

  2. Infrastructure to register UUID sources

     kern/kern_uuid.c
     net/netuuid.c
     sys/uuid.h:

     The uuid_node() function uses the node generated by first UUID 
source that returns with a success code, otherwise it generates a random 
multicast address.
     As part of these changes, selection of UUID based on MAC address 
has been moved to net/netuuid.c and it is registered as a UUID source.

  3. Infrastructure to register IOCGROUPs in order to handle 
group-specific socket ioctls

     kern/sys_socket.c,net/{if.c,route.c}
     sys/socketvar.h

     This eliminates the explicit checks and calls for specific 
IOCGROUPs in soo_ioctl().

     (Looking for comments about the naming, I'm not married to the name 
in any way and suggestions for better names is welcome.)

     Currently, the interface ioctl ('i') and route ioctl ('r') calls 
are registered using SO_IOCGROUP_SET.

  4. Dynamically register the 'setfib' syscall

     kern/init_sysent.c
     net/route.c

     Registration of 'setfib' is done from net/route.c::route_init() 
instead of having an explicit entry in the sysent table.

  5. Dynamically register SCTP syscalls

     kern/{init_sysent.c,uipc_syscalls.c}
     compat/freebsd32/freebsd32_sysent.c
     netinet/sctp_syscalls.c
     sys/socketvar.h

     Dynamically register the SCTP syscalls "sctp_peeloff", 
"sctp_generic_sendmsg", "sctp_generic_sendmsg_iov", and 
"sctp_generic_recvmsg" instead of having explicit entries in the sysent 
and freebsd32_sysent tables.

     Moved implementation of said syscalls from kern/uipc_syscalls.c to 
a new file named netinet/sctp_syscalls.c.

     Made getsock_cap() available outside of uipc_syscalls.c via 
socketvar.h (Junos network stack needs it, so making it available.)

  6. Changes to kern_proc.c

     kern/kern_prot.c,netinet/in_prot.c,sys/systm.h

     Moved cr_canseeinpcb() to new file netinet/in_prot.c, as it is 
network stack related and only available when INET or INET6 is defined.

     Change the names for cr_seeotheruids() and cr_seeothergids() to 
cr_canseeotheruids() and cr_canseeothergids(), repectively, and make 
them available outside of kern_prot.c.

  7. Create a netstack module

     kern/{uipc_socket.c,vfs_default.c,vfs_export.c}
     mk/bsd.own.mk
     modules/netstack
     net/{if_gre.c,netstack.c}
     netpfil/ipfw/ip_fw2.c
     netpfil/pf/pf_ioctl.c
     netinet/ip_gre.c

     Add SCTP to the MK_*_SUPPORT variables that need to be set.
     Add dependency on the netstack module.
     Added vfs_stdcheckexp() to kern/vfs_default.c which calls the 
netstack vfs_stdcheckexp method.
     Moved socket FIB assignment from the process to the netstack 
socreate method.
     Moved VFS "export" handling to netstack methods and changed 
vfs_export() and vfs_setpublicfs() to call the respective netstack 
methods.

     The netstack module includes INET, INET6, and SCTP support.

     Note: The only issue with including SCTP support, there is 
currently a dependency set on the crypto module. This is because SCTP 
needs SHA1 and SHA2-256 support. However, this could be provided by a 
number of different modules, so depending on crypto module might not be 
the best choice.
     Any thoughts on this?

  8. Remove SO_SETFIB processing from sosetop and move it to ctloutput 
functions

     kern/uipc_socket.c
     net/route.[ch]
     netinet/{ip_output.c,raw_ip.c}
     netinet6/ip6_output.c

     Remove SO_SETFIB processing from sosetopt and move it instead to 
the ip_ctloutput(), ip6_ctloutput(), and rip_ctloutput() functions.
     Introduce the rtsosetfib() function to set so_fibnum, as 
appropriate.
     The *_ctloutput functions call the RT_SOSETFIB macro in order to 
call rtsosetfib() only when sockopt level is SOL_SOCKET and name is 
SO_SETFIB.

  9. Define INET and INET6 in CFLAGS instead of relying on opt_inet.h 
and opt_inet6.h in modules

modules/{carp,em,if_gre,ipdivert,ipfw,netstack,pf,pfsync,toecore}/Makefile

     Use CFLAGS to define INET and INET6 based on MK_INET_SUPPORT and 
MK_INET6_SUPPORT, respectively, instead of relying on opt_inet.h and 
opt_inet6.h.
     We need to do this in orer to be able to build NIC driver modules 
and the network stack as modules when the base kernel does not have 
netstack compiled in.

10. Make accept filters part of the standard files

     conf/files
     kern/{uipc_accf.c,uipc_socket.c}
     netinet/in_proto.c

     Make accept filters part of the standard files, as they could be 
used by things other than INET (and it eliminates a dependency on INET 
for uipc_socket.c)
     Move net.inet.accf.unloadable to net.accf.unloadable
     Add net.inet.accf node to in_proto.c in order to support existing 
accept filter sysctls.

11. Split IPv4 and IPv6-specific jail functions to netinet and 
netinet6, respectively.

     kern/kern_jail.c
     netinet/in_jail.c
     netinet6/in6_jail.c
     sys/jail.h

     Split IPv4 and IPv6-specific functions from kern/kern_jail.c into 
netinet/in_jail.c and netinet6/in6_jail.c, respectively.

     Change _prison_check_ipv[4|6]() to prison_check_ipv[4|6]_locked() 
and expose them via jail.h
     Change qcmp_v[4|6]() to prison_qcmp_v[4|6] and expose them via 
jail.h

--
Stephen J. Kiernan
Juniper Networks, Inc.
stevek_at_juniper.net