FreeBSD/Linux Kernel Cross Reference
sys/netinet/ip_flow.c
1 /* $NetBSD: ip_flow.c,v 1.85 2021/02/19 14:51:59 christos Exp $ */
2
3 /*-
4 * Copyright (c) 1998 The NetBSD Foundation, Inc.
5 * All rights reserved.
6 *
7 * This code is derived from software contributed to The NetBSD Foundation
8 * by the 3am Software Foundry ("3am"). It was developed by Matt Thomas.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 * POSSIBILITY OF SUCH DAMAGE.
30 */
31
32 #include <sys/cdefs.h>
33 __KERNEL_RCSID(0, "$NetBSD: ip_flow.c,v 1.85 2021/02/19 14:51:59 christos Exp $");
34
35 #ifdef _KERNEL_OPT
36 #include "opt_net_mpsafe.h"
37 #endif
38
39 #include <sys/param.h>
40 #include <sys/systm.h>
41 #include <sys/malloc.h>
42 #include <sys/mbuf.h>
43 #include <sys/socketvar.h>
44 #include <sys/errno.h>
45 #include <sys/time.h>
46 #include <sys/kernel.h>
47 #include <sys/pool.h>
48 #include <sys/sysctl.h>
49 #include <sys/workqueue.h>
50 #include <sys/atomic.h>
51
52 #include <net/if.h>
53 #include <net/if_dl.h>
54 #include <net/route.h>
55 #include <net/pfil.h>
56
57 #include <netinet/in.h>
58 #include <netinet/in_systm.h>
59 #include <netinet/ip.h>
60 #include <netinet/in_pcb.h>
61 #include <netinet/in_var.h>
62 #include <netinet/ip_var.h>
63 #include <netinet/ip_private.h>
64
65 /*
66 * Similar code is very well commented in netinet6/ip6_flow.c
67 */
68
69 #define IPFLOW_HASHBITS 6 /* should not be a multiple of 8 */
70
71 static struct pool ipflow_pool;
72
73 TAILQ_HEAD(ipflowhead, ipflow);
74
75 #define IPFLOW_TIMER (5 * PR_SLOWHZ)
76 #define IPFLOW_DEFAULT_HASHSIZE (1 << IPFLOW_HASHBITS)
77
78 /*
79 * ip_flow.c internal lock.
80 * If we use softnet_lock, it would cause recursive lock.
81 *
82 * This is a tentative workaround.
83 * We should make it scalable somehow in the future.
84 */
85 static kmutex_t ipflow_lock;
86 static struct ipflowhead *ipflowtable = NULL;
87 static struct ipflowhead ipflowlist;
88 static int ipflow_inuse;
89
90 #define IPFLOW_INSERT(hashidx, ipf) \
91 do { \
92 (ipf)->ipf_hashidx = (hashidx); \
93 TAILQ_INSERT_HEAD(&ipflowtable[(hashidx)], (ipf), ipf_hash); \
94 TAILQ_INSERT_HEAD(&ipflowlist, (ipf), ipf_list); \
95 } while (/*CONSTCOND*/ 0)
96
97 #define IPFLOW_REMOVE(hashidx, ipf) \
98 do { \
99 TAILQ_REMOVE(&ipflowtable[(hashidx)], (ipf), ipf_hash); \
100 TAILQ_REMOVE(&ipflowlist, (ipf), ipf_list); \
101 } while (/*CONSTCOND*/ 0)
102
103 #ifndef IPFLOW_MAX
104 #define IPFLOW_MAX 256
105 #endif
106 static int ip_maxflows = IPFLOW_MAX;
107 static int ip_hashsize = IPFLOW_DEFAULT_HASHSIZE;
108
109 static struct ipflow *ipflow_reap(bool);
110 static void ipflow_sysctl_init(struct sysctllog **);
111
112 static void ipflow_slowtimo_work(struct work *, void *);
113 static struct workqueue *ipflow_slowtimo_wq;
114 static struct work ipflow_slowtimo_wk;
115
116 static size_t
117 ipflow_hash(const struct ip *ip)
118 {
119 size_t hash = ip->ip_tos;
120 size_t idx;
121
122 for (idx = 0; idx < 32; idx += IPFLOW_HASHBITS) {
123 hash += (ip->ip_dst.s_addr >> (32 - idx)) +
124 (ip->ip_src.s_addr >> idx);
125 }
126
127 return hash & (ip_hashsize-1);
128 }
129
130 static struct ipflow *
131 ipflow_lookup(const struct ip *ip)
132 {
133 size_t hash;
134 struct ipflow *ipf;
135
136 KASSERT(mutex_owned(&ipflow_lock));
137
138 hash = ipflow_hash(ip);
139
140 TAILQ_FOREACH(ipf, &ipflowtable[hash], ipf_hash) {
141 if (ip->ip_dst.s_addr == ipf->ipf_dst.s_addr
142 && ip->ip_src.s_addr == ipf->ipf_src.s_addr
143 && ip->ip_tos == ipf->ipf_tos)
144 break;
145 }
146 return ipf;
147 }
148
149 void
150 ipflow_poolinit(void)
151 {
152
153 pool_init(&ipflow_pool, sizeof(struct ipflow), 0, 0, 0, "ipflowpl",
154 NULL, IPL_NET);
155 }
156
157 static int
158 ipflow_reinit(int table_size)
159 {
160 struct ipflowhead *new_table;
161 size_t i;
162
163 KASSERT(mutex_owned(&ipflow_lock));
164
165 new_table = (struct ipflowhead *)malloc(sizeof(struct ipflowhead) *
166 table_size, M_RTABLE, M_NOWAIT);
167
168 if (new_table == NULL)
169 return 1;
170
171 if (ipflowtable != NULL)
172 free(ipflowtable, M_RTABLE);
173
174 ipflowtable = new_table;
175 ip_hashsize = table_size;
176
177 TAILQ_INIT(&ipflowlist);
178 for (i = 0; i < ip_hashsize; i++)
179 TAILQ_INIT(&ipflowtable[i]);
180
181 return 0;
182 }
183
184 void
185 ipflow_init(void)
186 {
187 int error;
188
189 error = workqueue_create(&ipflow_slowtimo_wq, "ipflow_slowtimo",
190 ipflow_slowtimo_work, NULL, PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE);
191 if (error != 0)
192 panic("%s: workqueue_create failed (%d)\n", __func__, error);
193
194 mutex_init(&ipflow_lock, MUTEX_DEFAULT, IPL_NONE);
195
196 mutex_enter(&ipflow_lock);
197 (void)ipflow_reinit(ip_hashsize);
198 mutex_exit(&ipflow_lock);
199 ipflow_sysctl_init(NULL);
200 }
201
202 int
203 ipflow_fastforward(struct mbuf *m)
204 {
205 struct ip *ip;
206 struct ip ip_store;
207 struct ipflow *ipf;
208 struct rtentry *rt = NULL;
209 const struct sockaddr *dst;
210 int error;
211 int iplen;
212 struct ifnet *ifp;
213 int s;
214 int ret = 0;
215
216 mutex_enter(&ipflow_lock);
217 /*
218 * Are we forwarding packets? Big enough for an IP packet?
219 */
220 if (!ipforwarding || ipflow_inuse == 0 || m->m_len < sizeof(struct ip))
221 goto out;
222
223 /*
224 * Was packet received as a link-level multicast or broadcast?
225 * If so, don't try to fast forward..
226 */
227 if ((m->m_flags & (M_BCAST|M_MCAST)) != 0)
228 goto out;
229
230 /*
231 * IP header with no option and valid version and length
232 */
233 ip = mtod(m, struct ip *);
234 if (!ACCESSIBLE_POINTER(ip, struct ip)) {
235 memcpy(&ip_store, mtod(m, const void *), sizeof(ip_store));
236 ip = &ip_store;
237 }
238 iplen = ntohs(ip->ip_len);
239 if (ip->ip_v != IPVERSION || ip->ip_hl != (sizeof(struct ip) >> 2) ||
240 iplen < sizeof(struct ip) || iplen > m->m_pkthdr.len)
241 goto out;
242 /*
243 * Find a flow.
244 */
245 if ((ipf = ipflow_lookup(ip)) == NULL)
246 goto out;
247
248 ifp = m_get_rcvif(m, &s);
249 if (__predict_false(ifp == NULL))
250 goto out_unref;
251 /*
252 * Verify the IP header checksum.
253 */
254 switch (m->m_pkthdr.csum_flags &
255 ((ifp->if_csum_flags_rx & M_CSUM_IPv4) |
256 M_CSUM_IPv4_BAD)) {
257 case M_CSUM_IPv4|M_CSUM_IPv4_BAD:
258 m_put_rcvif(ifp, &s);
259 goto out_unref;
260
261 case M_CSUM_IPv4:
262 /* Checksum was okay. */
263 break;
264
265 default:
266 /* Must compute it ourselves. */
267 if (in_cksum(m, sizeof(struct ip)) != 0) {
268 m_put_rcvif(ifp, &s);
269 goto out_unref;
270 }
271 break;
272 }
273 m_put_rcvif(ifp, &s);
274
275 /*
276 * Route and interface still up?
277 */
278 rt = rtcache_validate(&ipf->ipf_ro);
279 if (rt == NULL || (rt->rt_ifp->if_flags & IFF_UP) == 0 ||
280 (rt->rt_flags & (RTF_BLACKHOLE | RTF_BROADCAST)) != 0)
281 goto out_unref;
282
283 /*
284 * Packet size OK? TTL?
285 */
286 if (m->m_pkthdr.len > rt->rt_ifp->if_mtu || ip->ip_ttl <= IPTTLDEC)
287 goto out_unref;
288
289 /*
290 * Clear any in-bound checksum flags for this packet.
291 */
292 m->m_pkthdr.csum_flags = 0;
293
294 /*
295 * Everything checks out and so we can forward this packet.
296 * Modify the TTL and incrementally change the checksum.
297 *
298 * This method of adding the checksum works on either endian CPU.
299 * If htons() is inlined, all the arithmetic is folded; otherwise
300 * the htons()s are combined by CSE due to the const attribute.
301 *
302 * Don't bother using HW checksumming here -- the incremental
303 * update is pretty fast.
304 */
305 ip->ip_ttl -= IPTTLDEC;
306 if (ip->ip_sum >= (u_int16_t) ~htons(IPTTLDEC << 8))
307 ip->ip_sum -= ~htons(IPTTLDEC << 8);
308 else
309 ip->ip_sum += htons(IPTTLDEC << 8);
310
311 /*
312 * Done modifying the header; copy it back, if necessary.
313 *
314 * XXX Use m_copyback_cow(9) here? --dyoung
315 */
316 if (!ACCESSIBLE_POINTER(mtod(m, void *), struct ip))
317 memcpy(mtod(m, void *), &ip_store, sizeof(ip_store));
318
319 /*
320 * Trim the packet in case it's too long..
321 */
322 if (m->m_pkthdr.len > iplen) {
323 if (m->m_len == m->m_pkthdr.len) {
324 m->m_len = iplen;
325 m->m_pkthdr.len = iplen;
326 } else
327 m_adj(m, iplen - m->m_pkthdr.len);
328 }
329
330 /*
331 * Send the packet on its way. All we can get back is ENOBUFS
332 */
333 ipf->ipf_uses++;
334
335 #if 0
336 /*
337 * Sorting list is too heavy for fast path(packet processing path).
338 * It degrades about 10% performance. So, we does not sort ipflowtable,
339 * and then we use FIFO cache replacement instead fo LRU.
340 */
341 /* move to head (LRU) for ipflowlist. ipflowtable ooes not care LRU. */
342 TAILQ_REMOVE(&ipflowlist, ipf, ipf_list);
343 TAILQ_INSERT_HEAD(&ipflowlist, ipf, ipf_list);
344 #endif
345
346 PRT_SLOW_ARM(ipf->ipf_timer, IPFLOW_TIMER);
347
348 if (rt->rt_flags & RTF_GATEWAY)
349 dst = rt->rt_gateway;
350 else
351 dst = rtcache_getdst(&ipf->ipf_ro);
352
353 if ((error = if_output_lock(rt->rt_ifp, rt->rt_ifp, m, dst, rt)) != 0) {
354 if (error == ENOBUFS)
355 ipf->ipf_dropped++;
356 else
357 ipf->ipf_errors++;
358 }
359 ret = 1;
360 out_unref:
361 rtcache_unref(rt, &ipf->ipf_ro);
362 out:
363 mutex_exit(&ipflow_lock);
364 return ret;
365 }
366
367 static void
368 ipflow_addstats(struct ipflow *ipf)
369 {
370 struct rtentry *rt;
371 uint64_t *ips;
372
373 rt = rtcache_validate(&ipf->ipf_ro);
374 if (rt != NULL) {
375 rt->rt_use += ipf->ipf_uses;
376 rtcache_unref(rt, &ipf->ipf_ro);
377 }
378
379 ips = IP_STAT_GETREF();
380 ips[IP_STAT_CANTFORWARD] += ipf->ipf_errors + ipf->ipf_dropped;
381 ips[IP_STAT_TOTAL] += ipf->ipf_uses;
382 ips[IP_STAT_FORWARD] += ipf->ipf_uses;
383 ips[IP_STAT_FASTFORWARD] += ipf->ipf_uses;
384 IP_STAT_PUTREF();
385 }
386
387 static void
388 ipflow_free(struct ipflow *ipf)
389 {
390
391 KASSERT(mutex_owned(&ipflow_lock));
392
393 /*
394 * Remove the flow from the hash table (at elevated IPL).
395 * Once it's off the list, we can deal with it at normal
396 * network IPL.
397 */
398 IPFLOW_REMOVE(ipf->ipf_hashidx, ipf);
399
400 ipflow_addstats(ipf);
401 rtcache_free(&ipf->ipf_ro);
402 ipflow_inuse--;
403 pool_put(&ipflow_pool, ipf);
404 }
405
406 static struct ipflow *
407 ipflow_reap(bool just_one)
408 {
409 struct ipflow *ipf;
410
411 KASSERT(mutex_owned(&ipflow_lock));
412
413 /*
414 * This case must remove one ipflow. Furthermore, this case is used in
415 * fast path(packet processing path). So, simply remove TAILQ_LAST one.
416 */
417 if (just_one) {
418 ipf = TAILQ_LAST(&ipflowlist, ipflowhead);
419 KASSERT(ipf != NULL);
420
421 IPFLOW_REMOVE(ipf->ipf_hashidx, ipf);
422
423 ipflow_addstats(ipf);
424 rtcache_free(&ipf->ipf_ro);
425 return ipf;
426 }
427
428 /*
429 * This case is used in slow path(sysctl).
430 * At first, remove invalid rtcache ipflow, and then remove TAILQ_LAST
431 * ipflow if it is ensured least recently used by comparing last_uses.
432 */
433 while (ipflow_inuse > ip_maxflows) {
434 struct ipflow *maybe_ipf = TAILQ_LAST(&ipflowlist, ipflowhead);
435
436 TAILQ_FOREACH(ipf, &ipflowlist, ipf_list) {
437 struct rtentry *rt;
438 /*
439 * If this no longer points to a valid route
440 * reclaim it.
441 */
442 rt = rtcache_validate(&ipf->ipf_ro);
443 if (rt == NULL)
444 goto done;
445 rtcache_unref(rt, &ipf->ipf_ro);
446 /*
447 * choose the one that's been least recently
448 * used or has had the least uses in the
449 * last 1.5 intervals.
450 */
451 if (ipf->ipf_timer < maybe_ipf->ipf_timer
452 || ((ipf->ipf_timer == maybe_ipf->ipf_timer)
453 && (ipf->ipf_last_uses + ipf->ipf_uses
454 < maybe_ipf->ipf_last_uses + maybe_ipf->ipf_uses)))
455 maybe_ipf = ipf;
456 }
457 ipf = maybe_ipf;
458 done:
459 /*
460 * Remove the entry from the flow table.
461 */
462 IPFLOW_REMOVE(ipf->ipf_hashidx, ipf);
463
464 ipflow_addstats(ipf);
465 rtcache_free(&ipf->ipf_ro);
466 pool_put(&ipflow_pool, ipf);
467 ipflow_inuse--;
468 }
469 return NULL;
470 }
471
472 static unsigned int ipflow_work_enqueued = 0;
473
474 static void
475 ipflow_slowtimo_work(struct work *wk, void *arg)
476 {
477 struct rtentry *rt;
478 struct ipflow *ipf, *next_ipf;
479 uint64_t *ips;
480
481 /* We can allow enqueuing another work at this point */
482 atomic_swap_uint(&ipflow_work_enqueued, 0);
483
484 SOFTNET_KERNEL_LOCK_UNLESS_NET_MPSAFE();
485 mutex_enter(&ipflow_lock);
486 for (ipf = TAILQ_FIRST(&ipflowlist); ipf != NULL; ipf = next_ipf) {
487 next_ipf = TAILQ_NEXT(ipf, ipf_list);
488 if (PRT_SLOW_ISEXPIRED(ipf->ipf_timer) ||
489 (rt = rtcache_validate(&ipf->ipf_ro)) == NULL) {
490 ipflow_free(ipf);
491 } else {
492 ipf->ipf_last_uses = ipf->ipf_uses;
493 rt->rt_use += ipf->ipf_uses;
494 rtcache_unref(rt, &ipf->ipf_ro);
495 ips = IP_STAT_GETREF();
496 ips[IP_STAT_TOTAL] += ipf->ipf_uses;
497 ips[IP_STAT_FORWARD] += ipf->ipf_uses;
498 ips[IP_STAT_FASTFORWARD] += ipf->ipf_uses;
499 IP_STAT_PUTREF();
500 ipf->ipf_uses = 0;
501 }
502 }
503 mutex_exit(&ipflow_lock);
504 SOFTNET_KERNEL_UNLOCK_UNLESS_NET_MPSAFE();
505 }
506
507 void
508 ipflow_slowtimo(void)
509 {
510
511 /* Avoid enqueuing another work when one is already enqueued */
512 if (atomic_swap_uint(&ipflow_work_enqueued, 1) == 1)
513 return;
514
515 workqueue_enqueue(ipflow_slowtimo_wq, &ipflow_slowtimo_wk, NULL);
516 }
517
518 void
519 ipflow_create(struct route *ro, struct mbuf *m)
520 {
521 const struct ip *const ip = mtod(m, const struct ip *);
522 struct ipflow *ipf;
523 size_t hash;
524
525 KERNEL_LOCK_UNLESS_NET_MPSAFE();
526 mutex_enter(&ipflow_lock);
527
528 /*
529 * Don't create cache entries for ICMP messages.
530 */
531 if (ip_maxflows == 0 || ip->ip_p == IPPROTO_ICMP)
532 goto out;
533
534 /*
535 * See if an existing flow struct exists. If so remove it from its
536 * list and free the old route. If not, try to malloc a new one
537 * (if we aren't at our limit).
538 */
539 ipf = ipflow_lookup(ip);
540 if (ipf == NULL) {
541 if (ipflow_inuse >= ip_maxflows) {
542 ipf = ipflow_reap(true);
543 } else {
544 ipf = pool_get(&ipflow_pool, PR_NOWAIT);
545 if (ipf == NULL)
546 goto out;
547 ipflow_inuse++;
548 }
549 memset(ipf, 0, sizeof(*ipf));
550 } else {
551 IPFLOW_REMOVE(ipf->ipf_hashidx, ipf);
552
553 ipflow_addstats(ipf);
554 rtcache_free(&ipf->ipf_ro);
555 ipf->ipf_uses = ipf->ipf_last_uses = 0;
556 ipf->ipf_errors = ipf->ipf_dropped = 0;
557 }
558
559 /*
560 * Fill in the updated information.
561 */
562 rtcache_copy(&ipf->ipf_ro, ro);
563 ipf->ipf_dst = ip->ip_dst;
564 ipf->ipf_src = ip->ip_src;
565 ipf->ipf_tos = ip->ip_tos;
566 PRT_SLOW_ARM(ipf->ipf_timer, IPFLOW_TIMER);
567
568 /*
569 * Insert into the approriate bucket of the flow table.
570 */
571 hash = ipflow_hash(ip);
572 IPFLOW_INSERT(hash, ipf);
573
574 out:
575 mutex_exit(&ipflow_lock);
576 KERNEL_UNLOCK_UNLESS_NET_MPSAFE();
577 }
578
579 int
580 ipflow_invalidate_all(int new_size)
581 {
582 struct ipflow *ipf, *next_ipf;
583 int error;
584
585 error = 0;
586
587 mutex_enter(&ipflow_lock);
588
589 for (ipf = TAILQ_FIRST(&ipflowlist); ipf != NULL; ipf = next_ipf) {
590 next_ipf = TAILQ_NEXT(ipf, ipf_list);
591 ipflow_free(ipf);
592 }
593
594 if (new_size)
595 error = ipflow_reinit(new_size);
596
597 mutex_exit(&ipflow_lock);
598
599 return error;
600 }
601
602 /*
603 * sysctl helper routine for net.inet.ip.maxflows.
604 */
605 static int
606 sysctl_net_inet_ip_maxflows(SYSCTLFN_ARGS)
607 {
608 int error;
609
610 error = sysctl_lookup(SYSCTLFN_CALL(rnode));
611 if (error || newp == NULL)
612 return (error);
613
614 SOFTNET_KERNEL_LOCK_UNLESS_NET_MPSAFE();
615 mutex_enter(&ipflow_lock);
616
617 ipflow_reap(false);
618
619 mutex_exit(&ipflow_lock);
620 SOFTNET_KERNEL_UNLOCK_UNLESS_NET_MPSAFE();
621
622 return (0);
623 }
624
625 static int
626 sysctl_net_inet_ip_hashsize(SYSCTLFN_ARGS)
627 {
628 int error, tmp;
629 struct sysctlnode node;
630
631 node = *rnode;
632 tmp = ip_hashsize;
633 node.sysctl_data = &tmp;
634 error = sysctl_lookup(SYSCTLFN_CALL(&node));
635 if (error || newp == NULL)
636 return (error);
637
638 if ((tmp & (tmp - 1)) == 0 && tmp != 0) {
639 /*
640 * Can only fail due to malloc()
641 */
642 SOFTNET_KERNEL_LOCK_UNLESS_NET_MPSAFE();
643 error = ipflow_invalidate_all(tmp);
644 SOFTNET_KERNEL_UNLOCK_UNLESS_NET_MPSAFE();
645 } else {
646 /*
647 * EINVAL if not a power of 2
648 */
649 error = EINVAL;
650 }
651
652 return error;
653 }
654
655 static void
656 ipflow_sysctl_init(struct sysctllog **clog)
657 {
658 sysctl_createv(clog, 0, NULL, NULL,
659 CTLFLAG_PERMANENT,
660 CTLTYPE_NODE, "inet",
661 SYSCTL_DESCR("PF_INET related settings"),
662 NULL, 0, NULL, 0,
663 CTL_NET, PF_INET, CTL_EOL);
664 sysctl_createv(clog, 0, NULL, NULL,
665 CTLFLAG_PERMANENT,
666 CTLTYPE_NODE, "ip",
667 SYSCTL_DESCR("IPv4 related settings"),
668 NULL, 0, NULL, 0,
669 CTL_NET, PF_INET, IPPROTO_IP, CTL_EOL);
670
671 sysctl_createv(clog, 0, NULL, NULL,
672 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
673 CTLTYPE_INT, "maxflows",
674 SYSCTL_DESCR("Number of flows for fast forwarding"),
675 sysctl_net_inet_ip_maxflows, 0, &ip_maxflows, 0,
676 CTL_NET, PF_INET, IPPROTO_IP,
677 IPCTL_MAXFLOWS, CTL_EOL);
678 sysctl_createv(clog, 0, NULL, NULL,
679 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
680 CTLTYPE_INT, "hashsize",
681 SYSCTL_DESCR("Size of hash table for fast forwarding (IPv4)"),
682 sysctl_net_inet_ip_hashsize, 0, &ip_hashsize, 0,
683 CTL_NET, PF_INET, IPPROTO_IP,
684 CTL_CREATE, CTL_EOL);
685 }
Cache object: c6944131f32d2a32ca3dd23a9c83235a
|