Proposal for changes to network device drivers and network stack (RFC)

Andre Oppermann oppermann at networx.ch
Thu Jan 17 21:11:40 UTC 2013 

On 17.01.2013 20:23, Stephen J. Kiernan wrote:
> The network stack as a module patch has been separated out and can be found in the following location:
> http://people.freebsd.org/~marcel/Juniper/netstack-v2.diff

This is quite some work and a lot of changes which will a moment to review.

Can you describe the concept and the terminology you're using here some more?
What is a netstack module and what is its scope?  How does it relate to VNET?
What is an IOCGROUP? etc.  All this is probably obvious to you but not yet for
us.

-- 
Andre

> Details about these changes:
>
>   1. Network stack module support infrastructure
>
>      kern/{kern_netstack.c,netstack_if.m,netstack.h}
>
>      Network stack modules are declared using the NETSTACK_MODULE macro.
>      Netstack classes are expected to be singletons. Currently, only a single network stack is
> allowed to be registered at a time.
>
>   2. Infrastructure to register UUID sources
>
>      kern/kern_uuid.c
>      net/netuuid.c
>      sys/uuid.h:
>
>      The uuid_node() function uses the node generated by first UUID source that returns with a
> success code, otherwise it generates a random multicast address.
>      As part of these changes, selection of UUID based on MAC address has been moved to
> net/netuuid.c and it is registered as a UUID source.
>
>   3. Infrastructure to register IOCGROUPs in order to handle group-specific socket ioctls
>
>      kern/sys_socket.c,net/{if.c,route.c}
>      sys/socketvar.h
>
>      This eliminates the explicit checks and calls for specific IOCGROUPs in soo_ioctl().
>
>      (Looking for comments about the naming, I'm not married to the name in any way and suggestions
> for better names is welcome.)
>
>      Currently, the interface ioctl ('i') and route ioctl ('r') calls are registered using
> SO_IOCGROUP_SET.
>
>   4. Dynamically register the 'setfib' syscall
>
>      kern/init_sysent.c
>      net/route.c
>
>      Registration of 'setfib' is done from net/route.c::route_init() instead of having an explicit
> entry in the sysent table.
>
>   5. Dynamically register SCTP syscalls
>
>      kern/{init_sysent.c,uipc_syscalls.c}
>      compat/freebsd32/freebsd32_sysent.c
>      netinet/sctp_syscalls.c
>      sys/socketvar.h
>
>      Dynamically register the SCTP syscalls "sctp_peeloff", "sctp_generic_sendmsg",
> "sctp_generic_sendmsg_iov", and "sctp_generic_recvmsg" instead of having explicit entries in the
> sysent and freebsd32_sysent tables.
>
>      Moved implementation of said syscalls from kern/uipc_syscalls.c to a new file named
> netinet/sctp_syscalls.c.
>
>      Made getsock_cap() available outside of uipc_syscalls.c via socketvar.h (Junos network stack
> needs it, so making it available.)
>
>   6. Changes to kern_proc.c
>
>      kern/kern_prot.c,netinet/in_prot.c,sys/systm.h
>
>      Moved cr_canseeinpcb() to new file netinet/in_prot.c, as it is network stack related and only
> available when INET or INET6 is defined.
>
>      Change the names for cr_seeotheruids() and cr_seeothergids() to cr_canseeotheruids() and
> cr_canseeothergids(), repectively, and make them available outside of kern_prot.c.
>
>   7. Create a netstack module
>
>      kern/{uipc_socket.c,vfs_default.c,vfs_export.c}
>      mk/bsd.own.mk
>      modules/netstack
>      net/{if_gre.c,netstack.c}
>      netpfil/ipfw/ip_fw2.c
>      netpfil/pf/pf_ioctl.c
>      netinet/ip_gre.c
>
>      Add SCTP to the MK_*_SUPPORT variables that need to be set.
>      Add dependency on the netstack module.
>      Added vfs_stdcheckexp() to kern/vfs_default.c which calls the netstack vfs_stdcheckexp method.
>      Moved socket FIB assignment from the process to the netstack socreate method.
>      Moved VFS "export" handling to netstack methods and changed vfs_export() and vfs_setpublicfs()
> to call the respective netstack methods.
>
>      The netstack module includes INET, INET6, and SCTP support.
>
>      Note: The only issue with including SCTP support, there is currently a dependency set on the
> crypto module. This is because SCTP needs SHA1 and SHA2-256 support. However, this could be provided
> by a number of different modules, so depending on crypto module might not be the best choice.
>      Any thoughts on this?
>
>   8. Remove SO_SETFIB processing from sosetop and move it to ctloutput functions
>
>      kern/uipc_socket.c
>      net/route.[ch]
>      netinet/{ip_output.c,raw_ip.c}
>      netinet6/ip6_output.c
>
>      Remove SO_SETFIB processing from sosetopt and move it instead to the ip_ctloutput(),
> ip6_ctloutput(), and rip_ctloutput() functions.
>      Introduce the rtsosetfib() function to set so_fibnum, as appropriate.
>      The *_ctloutput functions call the RT_SOSETFIB macro in order to call rtsosetfib() only when
> sockopt level is SOL_SOCKET and name is SO_SETFIB.
>
>   9. Define INET and INET6 in CFLAGS instead of relying on opt_inet.h and opt_inet6.h in modules
>
> modules/{carp,em,if_gre,ipdivert,ipfw,netstack,pf,pfsync,toecore}/Makefile
>
>      Use CFLAGS to define INET and INET6 based on MK_INET_SUPPORT and MK_INET6_SUPPORT,
> respectively, instead of relying on opt_inet.h and opt_inet6.h.
>      We need to do this in orer to be able to build NIC driver modules and the network stack as
> modules when the base kernel does not have netstack compiled in.
>
> 10. Make accept filters part of the standard files
>
>      conf/files
>      kern/{uipc_accf.c,uipc_socket.c}
>      netinet/in_proto.c
>
>      Make accept filters part of the standard files, as they could be used by things other than INET
> (and it eliminates a dependency on INET for uipc_socket.c)
>      Move net.inet.accf.unloadable to net.accf.unloadable
>      Add net.inet.accf node to in_proto.c in order to support existing accept filter sysctls.
>
> 11. Split IPv4 and IPv6-specific jail functions to netinet and netinet6, respectively.
>
>      kern/kern_jail.c
>      netinet/in_jail.c
>      netinet6/in6_jail.c
>      sys/jail.h
>
>      Split IPv4 and IPv6-specific functions from kern/kern_jail.c into netinet/in_jail.c and
> netinet6/in6_jail.c, respectively.
>
>      Change _prison_check_ipv[4|6]() to prison_check_ipv[4|6]_locked() and expose them via jail.h
>      Change qcmp_v[4|6]() to prison_qcmp_v[4|6] and expose them via jail.h
>
> --
> Stephen J. Kiernan
> Juniper Networks, Inc.
> stevek_at_juniper.net
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
>

More information about the freebsd-net mailing list