1*9ca24f65SCraig Rodrigues.\"- 2*9ca24f65SCraig Rodrigues.\" Copyright (c) 2010 The FreeBSD Foundation 3*9ca24f65SCraig Rodrigues.\" All rights reserved. 4*9ca24f65SCraig Rodrigues.\" 5*9ca24f65SCraig Rodrigues.\" This documentation was written by CK Software GmbH under sponsorship from 6*9ca24f65SCraig Rodrigues.\" the FreeBSD Foundation. 7*9ca24f65SCraig Rodrigues.\" 8*9ca24f65SCraig Rodrigues.\" Redistribution and use in source and binary forms, with or without 9*9ca24f65SCraig Rodrigues.\" modification, are permitted provided that the following conditions 10*9ca24f65SCraig Rodrigues.\" are met: 11*9ca24f65SCraig Rodrigues.\" 1. Redistributions of source code must retain the above copyright 12*9ca24f65SCraig Rodrigues.\" notice, this list of conditions and the following disclaimer. 13*9ca24f65SCraig Rodrigues.\" 2. Redistributions in binary form must reproduce the above copyright 14*9ca24f65SCraig Rodrigues.\" notice, this list of conditions and the following disclaimer in the 15*9ca24f65SCraig Rodrigues.\" documentation and/or other materials provided with the distribution. 16*9ca24f65SCraig Rodrigues.\" 17*9ca24f65SCraig Rodrigues.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18*9ca24f65SCraig Rodrigues.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19*9ca24f65SCraig Rodrigues.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20*9ca24f65SCraig Rodrigues.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21*9ca24f65SCraig Rodrigues.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22*9ca24f65SCraig Rodrigues.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23*9ca24f65SCraig Rodrigues.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24*9ca24f65SCraig Rodrigues.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25*9ca24f65SCraig Rodrigues.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26*9ca24f65SCraig Rodrigues.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27*9ca24f65SCraig Rodrigues.\" SUCH DAMAGE. 28*9ca24f65SCraig Rodrigues.\" 29*9ca24f65SCraig Rodrigues.\" $FreeBSD$ 30*9ca24f65SCraig Rodrigues.\" 31*9ca24f65SCraig Rodrigues.Dd November 20, 2014 32*9ca24f65SCraig Rodrigues.Dt VNET 9 33*9ca24f65SCraig Rodrigues.Os 34*9ca24f65SCraig Rodrigues.Sh NAME 35*9ca24f65SCraig Rodrigues.Nm VNET 36*9ca24f65SCraig Rodrigues.Nd "network subsystem virtualization infrastructure" 37*9ca24f65SCraig Rodrigues.Sh SYNOPSIS 38*9ca24f65SCraig Rodrigues.Cd "options VIMAGE" 39*9ca24f65SCraig Rodrigues.Cd "options VNET_DEBUG" 40*9ca24f65SCraig Rodrigues.Pp 41*9ca24f65SCraig Rodrigues.In sys/vnet.h 42*9ca24f65SCraig Rodrigues.Pp 43*9ca24f65SCraig Rodrigues.\"------------------------------------------------------------ 44*9ca24f65SCraig Rodrigues.Ss "Constants and Global Variables" 45*9ca24f65SCraig Rodrigues.\" 46*9ca24f65SCraig Rodrigues.Dv VNET_SETNAME 47*9ca24f65SCraig Rodrigues.\" "set_vnet" 48*9ca24f65SCraig Rodrigues.Dv VNET_SYMPREFIX 49*9ca24f65SCraig Rodrigues.\" "vnet_entry_" 50*9ca24f65SCraig Rodrigues.Vt extern struct vnet *vnet0; 51*9ca24f65SCraig Rodrigues.\"------------------------------------------------------------ 52*9ca24f65SCraig Rodrigues.Ss "Variable Declaration" 53*9ca24f65SCraig Rodrigues.Fo VNET 54*9ca24f65SCraig Rodrigues.Fa "name" 55*9ca24f65SCraig Rodrigues.Fc 56*9ca24f65SCraig Rodrigues.\" 57*9ca24f65SCraig Rodrigues.Fo VNET_NAME 58*9ca24f65SCraig Rodrigues.Fa "name" 59*9ca24f65SCraig Rodrigues.Fc 60*9ca24f65SCraig Rodrigues.\" 61*9ca24f65SCraig Rodrigues.Fo VNET_DECLARE 62*9ca24f65SCraig Rodrigues.Fa "type" "name" 63*9ca24f65SCraig Rodrigues.Fc 64*9ca24f65SCraig Rodrigues.\" 65*9ca24f65SCraig Rodrigues.Fo VNET_DEFINE 66*9ca24f65SCraig Rodrigues.Fa "type" "name" 67*9ca24f65SCraig Rodrigues.Fc 68*9ca24f65SCraig Rodrigues.\" 69*9ca24f65SCraig Rodrigues.Bd -literal 70*9ca24f65SCraig Rodrigues#define V_name VNET(name) 71*9ca24f65SCraig Rodrigues.Ed 72*9ca24f65SCraig Rodrigues.\" ------------------------------------------------------------ 73*9ca24f65SCraig Rodrigues.Ss "Virtual Instance Selection" 74*9ca24f65SCraig Rodrigues.\" 75*9ca24f65SCraig Rodrigues.Fo CRED_TO_VNET 76*9ca24f65SCraig Rodrigues.Fa "struct ucred *" 77*9ca24f65SCraig Rodrigues.Fc 78*9ca24f65SCraig Rodrigues.\" 79*9ca24f65SCraig Rodrigues.Fo TD_TO_VNET 80*9ca24f65SCraig Rodrigues.Fa "struct thread *" 81*9ca24f65SCraig Rodrigues.Fc 82*9ca24f65SCraig Rodrigues.\" 83*9ca24f65SCraig Rodrigues.Fo P_TO_VNET 84*9ca24f65SCraig Rodrigues.Fa "struct proc *" 85*9ca24f65SCraig Rodrigues.Fc 86*9ca24f65SCraig Rodrigues.\" 87*9ca24f65SCraig Rodrigues.Fo IS_DEFAULT_VNET 88*9ca24f65SCraig Rodrigues.Fa "struct vnet *" 89*9ca24f65SCraig Rodrigues.Fc 90*9ca24f65SCraig Rodrigues.\" 91*9ca24f65SCraig Rodrigues.Fo VNET_ASSERT 92*9ca24f65SCraig Rodrigues.Fa exp msg 93*9ca24f65SCraig Rodrigues.Fc 94*9ca24f65SCraig Rodrigues.\" 95*9ca24f65SCraig Rodrigues.Fo CURVNET_SET 96*9ca24f65SCraig Rodrigues.Fa "struct vnet *" 97*9ca24f65SCraig Rodrigues.Fc 98*9ca24f65SCraig Rodrigues.\" 99*9ca24f65SCraig Rodrigues.Fo CURVNET_SET_QUIET 100*9ca24f65SCraig Rodrigues.Fa "struct vnet *" 101*9ca24f65SCraig Rodrigues.Fc 102*9ca24f65SCraig Rodrigues.\" 103*9ca24f65SCraig Rodrigues.Fo CURVNET_RESTORE 104*9ca24f65SCraig Rodrigues.Fc 105*9ca24f65SCraig Rodrigues.\" 106*9ca24f65SCraig Rodrigues.Fo VNET_ITERATOR_DECL 107*9ca24f65SCraig Rodrigues.Fa "struct vnet *" 108*9ca24f65SCraig Rodrigues.Fc 109*9ca24f65SCraig Rodrigues.\" 110*9ca24f65SCraig Rodrigues.Fo VNET_FOREACH 111*9ca24f65SCraig Rodrigues.Fa "struct vnet *" 112*9ca24f65SCraig Rodrigues.Fc 113*9ca24f65SCraig Rodrigues.\" ------------------------------------------------------------ 114*9ca24f65SCraig Rodrigues.Ss "Locking" 115*9ca24f65SCraig Rodrigues.\" 116*9ca24f65SCraig Rodrigues.Fo VNET_LIST_RLOCK 117*9ca24f65SCraig Rodrigues.Fc 118*9ca24f65SCraig Rodrigues.Fo VNET_LIST_RUNLOCK 119*9ca24f65SCraig Rodrigues.Fc 120*9ca24f65SCraig Rodrigues.Fo VNET_LIST_RLOCK_NOSLEEP 121*9ca24f65SCraig Rodrigues.Fc 122*9ca24f65SCraig Rodrigues.Fo VNET_LIST_RUNLOCK_NOSLEEP 123*9ca24f65SCraig Rodrigues.Fc 124*9ca24f65SCraig Rodrigues.\" ------------------------------------------------------------ 125*9ca24f65SCraig Rodrigues.Ss "Startup and Teardown Functions" 126*9ca24f65SCraig Rodrigues.\" 127*9ca24f65SCraig Rodrigues.Ft "struct vnet *" 128*9ca24f65SCraig Rodrigues.Fo vnet_alloc 129*9ca24f65SCraig Rodrigues.Fa void 130*9ca24f65SCraig Rodrigues.Fc 131*9ca24f65SCraig Rodrigues.\" 132*9ca24f65SCraig Rodrigues.Ft void 133*9ca24f65SCraig Rodrigues.Fo vnet_destroy 134*9ca24f65SCraig Rodrigues.Fa "struct vnet *" 135*9ca24f65SCraig Rodrigues.Fc 136*9ca24f65SCraig Rodrigues.\" 137*9ca24f65SCraig Rodrigues.Fo VNET_SYSINIT 138*9ca24f65SCraig Rodrigues.Fa ident 139*9ca24f65SCraig Rodrigues.Fa "enum sysinit_sub_id subsystem" 140*9ca24f65SCraig Rodrigues.Fa "enum sysinit_elem_order order" 141*9ca24f65SCraig Rodrigues.Fa "sysinit_cfunc_t func" 142*9ca24f65SCraig Rodrigues.Fa "const void *arg" 143*9ca24f65SCraig Rodrigues.Fc 144*9ca24f65SCraig Rodrigues.\" 145*9ca24f65SCraig Rodrigues.Fo VNET_SYSUNINIT 146*9ca24f65SCraig Rodrigues.Fa ident 147*9ca24f65SCraig Rodrigues.Fa "enum sysinit_sub_id subsystem" 148*9ca24f65SCraig Rodrigues.Fa "enum sysinit_elem_order order" 149*9ca24f65SCraig Rodrigues.Fa "sysinit_cfunc_t func" 150*9ca24f65SCraig Rodrigues.Fa "const void *arg" 151*9ca24f65SCraig Rodrigues.Fc 152*9ca24f65SCraig Rodrigues.\" ------------------------------------------------------------ 153*9ca24f65SCraig Rodrigues.Ss "Eventhandlers" 154*9ca24f65SCraig Rodrigues.\" 155*9ca24f65SCraig Rodrigues.Fo VNET_GLOBAL_EVENTHANDLER_REGISTER 156*9ca24f65SCraig Rodrigues.Fa "const char *name" 157*9ca24f65SCraig Rodrigues.Fa "void *func" 158*9ca24f65SCraig Rodrigues.Fa "void *arg" 159*9ca24f65SCraig Rodrigues.Fa "int priority" 160*9ca24f65SCraig Rodrigues.Fc 161*9ca24f65SCraig Rodrigues.\" 162*9ca24f65SCraig Rodrigues.Fo VNET_GLOBAL_EVENTHANDLER_REGISTER_TAG 163*9ca24f65SCraig Rodrigues.Fa "eventhandler_tag tag" 164*9ca24f65SCraig Rodrigues.Fa "const char *name" 165*9ca24f65SCraig Rodrigues.Fa "void *func" 166*9ca24f65SCraig Rodrigues.Fa "void *arg" 167*9ca24f65SCraig Rodrigues.Fa "int priority" 168*9ca24f65SCraig Rodrigues.Fc 169*9ca24f65SCraig Rodrigues.\" ------------------------------------------------------------ 170*9ca24f65SCraig Rodrigues.Ss "Sysctl Handling" 171*9ca24f65SCraig Rodrigues.Fo SYSCTL_VNET_INT 172*9ca24f65SCraig Rodrigues.Fa parent nbr name access ptr val descr 173*9ca24f65SCraig Rodrigues.Fc 174*9ca24f65SCraig Rodrigues.Fo SYSCTL_VNET_PROC 175*9ca24f65SCraig Rodrigues.Fa parent nbr name access ptr arg handler fmt descr 176*9ca24f65SCraig Rodrigues.Fc 177*9ca24f65SCraig Rodrigues.Fo SYSCTL_VNET_STRING 178*9ca24f65SCraig Rodrigues.Fa parent nbr name access arg len descr 179*9ca24f65SCraig Rodrigues.Fc 180*9ca24f65SCraig Rodrigues.Fo SYSCTL_VNET_STRUCT 181*9ca24f65SCraig Rodrigues.Fa parent nbr name access ptr type descr 182*9ca24f65SCraig Rodrigues.Fc 183*9ca24f65SCraig Rodrigues.Fo SYSCTL_VNET_UINT 184*9ca24f65SCraig Rodrigues.Fa parent nbr name access ptr val descr 185*9ca24f65SCraig Rodrigues.Fc 186*9ca24f65SCraig Rodrigues.Fo VNET_SYSCTL_ARG 187*9ca24f65SCraig Rodrigues.Fa req arg1 188*9ca24f65SCraig Rodrigues.Fc 189*9ca24f65SCraig Rodrigues.\" ------------------------------------------------------------ 190*9ca24f65SCraig Rodrigues.Sh DESCRIPTION 191*9ca24f65SCraig Rodrigues.Nm 192*9ca24f65SCraig Rodriguesis the name of a technique to virtualize the network stack. 193*9ca24f65SCraig RodriguesThe basic idea is to change global resources most notably variables into 194*9ca24f65SCraig Rodriguesper network stack resources and have functions, sysctls, eventhandlers, 195*9ca24f65SCraig Rodriguesetc. access and handle them in the context of the correct instance. 196*9ca24f65SCraig RodriguesEach (virtual) network stack is attached to a 197*9ca24f65SCraig Rodrigues.Em prison , 198*9ca24f65SCraig Rodrigueswith 199*9ca24f65SCraig Rodrigues.Vt vnet0 200*9ca24f65SCraig Rodriguesbeing the unrestricted default network stack of the base system. 201*9ca24f65SCraig Rodrigues.Pp 202*9ca24f65SCraig RodriguesThe global defines for 203*9ca24f65SCraig Rodrigues.Dv VNET_SETNAME 204*9ca24f65SCraig Rodriguesand 205*9ca24f65SCraig Rodrigues.Dv VNET_SYMPREFIX 206*9ca24f65SCraig Rodriguesare shared with 207*9ca24f65SCraig Rodrigues.Xr kvm 3 208*9ca24f65SCraig Rodriguesto access internals for debugging reasons. 209*9ca24f65SCraig Rodrigues.\" ------------------------------------------------------------ 210*9ca24f65SCraig Rodrigues.Ss "Variable Declaration" 211*9ca24f65SCraig Rodrigues.\" 212*9ca24f65SCraig RodriguesVariables are virtualized by using the 213*9ca24f65SCraig Rodrigues.Fn VNET_DEFINE 214*9ca24f65SCraig Rodriguesmacro rather than writing them out as 215*9ca24f65SCraig Rodrigues.Em type name . 216*9ca24f65SCraig RodriguesOne can still use static initialization or storage class specifiers, e.g., 217*9ca24f65SCraig Rodrigues.Pp 218*9ca24f65SCraig Rodrigues.Dl Li static VNET_DEFINE(int, foo) = 1; 219*9ca24f65SCraig Rodriguesor 220*9ca24f65SCraig Rodrigues.Dl Li static VNET_DEFINE(SLIST_HEAD(, bar), bars); 221*9ca24f65SCraig Rodrigues.Pp 222*9ca24f65SCraig RodriguesStatic initialization is not possible when the virtualized variable 223*9ca24f65SCraig Rodrigueswould need to be referenced, e.g., with 224*9ca24f65SCraig Rodrigues.Dq TAILQ_HEAD_INITIALIZER() . 225*9ca24f65SCraig RodriguesIn that case a 226*9ca24f65SCraig Rodrigues.Fn VNET_SYSINIT 227*9ca24f65SCraig Rodriguesbased initialization function must be used. 228*9ca24f65SCraig Rodrigues.Pp 229*9ca24f65SCraig RodriguesExternal variables have to be declared using the 230*9ca24f65SCraig Rodrigues.Fn VNET_DECLARE 231*9ca24f65SCraig Rodriguesmacro. 232*9ca24f65SCraig RodriguesIn either case the convention is to define another macro, 233*9ca24f65SCraig Rodriguesthat is then used throughout the implementation to access that variable. 234*9ca24f65SCraig RodriguesThe variable name is usually prefixed by 235*9ca24f65SCraig Rodrigues.Em V_ 236*9ca24f65SCraig Rodriguesto express that it is virtualized. 237*9ca24f65SCraig RodriguesThe 238*9ca24f65SCraig Rodrigues.Fn VNET 239*9ca24f65SCraig Rodriguesmacro will then translate accesses to that variable to the copy of the 240*9ca24f65SCraig Rodriguescurrently selected instance (see the 241*9ca24f65SCraig Rodrigues.Sx "Virtual instance selection" 242*9ca24f65SCraig Rodriguessection): 243*9ca24f65SCraig Rodrigues.Pp 244*9ca24f65SCraig Rodrigues.Dl Li #define V_name VNET(name) 245*9ca24f65SCraig Rodrigues.Pp 246*9ca24f65SCraig Rodrigues.Em NOTE: 247*9ca24f65SCraig RodriguesDo not confuse this with the convention used by 248*9ca24f65SCraig Rodrigues.Xr VFS 9 . 249*9ca24f65SCraig Rodrigues.Pp 250*9ca24f65SCraig RodriguesThe 251*9ca24f65SCraig Rodrigues.Fn VNET_NAME 252*9ca24f65SCraig Rodriguesmacro returns the offset within the memory region of the virtual network 253*9ca24f65SCraig Rodriguesstack instance. 254*9ca24f65SCraig RodriguesIt is usually only used with 255*9ca24f65SCraig Rodrigues.Fn SYSCTL_VNET_* 256*9ca24f65SCraig Rodriguesmacros. 257*9ca24f65SCraig Rodrigues.\" ------------------------------------------------------------ 258*9ca24f65SCraig Rodrigues.Ss "Virtual Instance Selection" 259*9ca24f65SCraig Rodrigues.\" 260*9ca24f65SCraig RodriguesThere are three different places where the current virtual 261*9ca24f65SCraig Rodriguesnetwork stack pointer is stored and can be taken from: 262*9ca24f65SCraig Rodrigues.Bl -enum -offset indent 263*9ca24f65SCraig Rodrigues.It 264*9ca24f65SCraig Rodriguesa 265*9ca24f65SCraig Rodrigues.Em prison : 266*9ca24f65SCraig Rodrigues.Dl "(struct prison *)->pr_vnet" 267*9ca24f65SCraig Rodrigues.Pp 268*9ca24f65SCraig RodriguesFor convenience the following macros are provided: 269*9ca24f65SCraig Rodrigues.Bd -literal -compact -offset indent 270*9ca24f65SCraig Rodrigues.Fn CRED_TO_VNET "struct ucred *" 271*9ca24f65SCraig Rodrigues.Fn TD_TO_VNET "struct thread *" 272*9ca24f65SCraig Rodrigues.Fn P_TO_VNET "struct proc *" 273*9ca24f65SCraig Rodrigues.Ed 274*9ca24f65SCraig Rodrigues.It 275*9ca24f65SCraig Rodriguesa 276*9ca24f65SCraig Rodrigues.Em socket : 277*9ca24f65SCraig Rodrigues.Dl "(struct socket *)->so_vnet" 278*9ca24f65SCraig Rodrigues.It 279*9ca24f65SCraig Rodriguesan 280*9ca24f65SCraig Rodrigues.Em interface : 281*9ca24f65SCraig Rodrigues.Dl "(struct ifnet *)->if_vnet" 282*9ca24f65SCraig Rodrigues.El 283*9ca24f65SCraig Rodrigues.Pp 284*9ca24f65SCraig Rodrigues.\" 285*9ca24f65SCraig RodriguesIn addition the currently active instance is cached in 286*9ca24f65SCraig Rodrigues.Dq "curthread->td_vnet" 287*9ca24f65SCraig Rodrigueswhich is usually only accessed through the 288*9ca24f65SCraig Rodrigues.Dv curvnet 289*9ca24f65SCraig Rodriguesmacro. 290*9ca24f65SCraig Rodrigues.Pp 291*9ca24f65SCraig Rodrigues.\" 292*9ca24f65SCraig RodriguesTo set the correct context of the current virtual network instance, use the 293*9ca24f65SCraig Rodrigues.Fn CURVNET_SET 294*9ca24f65SCraig Rodriguesor 295*9ca24f65SCraig Rodrigues.Fn CURVNET_SET_QUIET 296*9ca24f65SCraig Rodriguesmacros. 297*9ca24f65SCraig RodriguesThe 298*9ca24f65SCraig Rodrigues.Fn CURVNET_SET_QUIET 299*9ca24f65SCraig Rodriguesversion will not record vnet recursions in case the kernel was compiled 300*9ca24f65SCraig Rodrigueswith 301*9ca24f65SCraig Rodrigues.Cd "options VNET_DEBUG" 302*9ca24f65SCraig Rodriguesand should thus only be used in well known cases, where recursion is 303*9ca24f65SCraig Rodriguesunavoidable. 304*9ca24f65SCraig RodriguesBoth macros will save the previous state on the stack and it must be restored 305*9ca24f65SCraig Rodrigueswith the 306*9ca24f65SCraig Rodrigues.Fn CURVNET_RESTORE 307*9ca24f65SCraig Rodriguesmacro. 308*9ca24f65SCraig Rodrigues.Pp 309*9ca24f65SCraig Rodrigues.Em NOTE: 310*9ca24f65SCraig RodriguesAs the previous state is saved on the stack, you cannot have multiple 311*9ca24f65SCraig Rodrigues.Fn CURVNET_SET 312*9ca24f65SCraig Rodriguescalls in the same block. 313*9ca24f65SCraig Rodrigues.Pp 314*9ca24f65SCraig Rodrigues.Em NOTE: 315*9ca24f65SCraig RodriguesAs the previous state is saved on the stack, a 316*9ca24f65SCraig Rodrigues.Fn CURVNET_RESTORE 317*9ca24f65SCraig Rodriguescall has to be in the same block as the 318*9ca24f65SCraig Rodrigues.Fn CURVNET_SET 319*9ca24f65SCraig Rodriguescall or in a subblock with the same idea of the saved instances as the 320*9ca24f65SCraig Rodriguesouter block. 321*9ca24f65SCraig Rodrigues.Pp 322*9ca24f65SCraig Rodrigues.Em NOTE: 323*9ca24f65SCraig RodriguesAs each macro is a set of operations and, as previously explained, cannot 324*9ca24f65SCraig Rodriguesbe put into its own block when defined, one cannot conditionally set 325*9ca24f65SCraig Rodriguesthe current vnet context. 326*9ca24f65SCraig RodriguesThe following will 327*9ca24f65SCraig Rodrigues.Em not 328*9ca24f65SCraig Rodrigueswork: 329*9ca24f65SCraig Rodrigues.Bd -literal -offset indent 330*9ca24f65SCraig Rodriguesif (condition) 331*9ca24f65SCraig Rodrigues CURVNET_SET(vnet); 332*9ca24f65SCraig Rodrigues.Ed 333*9ca24f65SCraig Rodrigues.Pp 334*9ca24f65SCraig Rodriguesnor would this work: 335*9ca24f65SCraig Rodrigues.Bd -literal -offset indent 336*9ca24f65SCraig Rodriguesif (condition) { 337*9ca24f65SCraig Rodrigues CURVNET_SET(vnet); 338*9ca24f65SCraig Rodrigues} 339*9ca24f65SCraig RodriguesCURVNET_RESTORE(); 340*9ca24f65SCraig Rodrigues.Ed 341*9ca24f65SCraig Rodrigues.Pp 342*9ca24f65SCraig Rodrigues.\" 343*9ca24f65SCraig RodriguesSometimes one needs to loop over all virtual instances, for example to update 344*9ca24f65SCraig Rodriguesvirtual from global state, to run a function from a 345*9ca24f65SCraig Rodrigues.Xr callout 9 346*9ca24f65SCraig Rodriguesfor each instance, etc. 347*9ca24f65SCraig RodriguesFor those cases the 348*9ca24f65SCraig Rodrigues.Fn VNET_ITERATOR_DECL 349*9ca24f65SCraig Rodriguesand 350*9ca24f65SCraig Rodrigues.Fn VNET_FOREACH 351*9ca24f65SCraig Rodriguesmacros are provided. 352*9ca24f65SCraig RodriguesThe former macro defines the variable that iterates over the loop, 353*9ca24f65SCraig Rodriguesand the latter loops over all of the virtual network stack instances. 354*9ca24f65SCraig RodriguesSee 355*9ca24f65SCraig Rodrigues.Sx "Locking" 356*9ca24f65SCraig Rodriguesfor how to savely traverse the list of all virtual instances. 357*9ca24f65SCraig Rodrigues.Pp 358*9ca24f65SCraig Rodrigues.\" 359*9ca24f65SCraig RodriguesThe 360*9ca24f65SCraig Rodrigues.Fn IS_DEFAULT_VNET 361*9ca24f65SCraig Rodriguesmacro provides a safe way to check whether the currently active instance is the 362*9ca24f65SCraig Rodriguesunrestricted default network stack of the base system 363*9ca24f65SCraig Rodrigues.Pq Vt vnet0 . 364*9ca24f65SCraig Rodrigues.Pp 365*9ca24f65SCraig Rodrigues.\" 366*9ca24f65SCraig RodriguesThe 367*9ca24f65SCraig Rodrigues.Fn VNET_ASSERT 368*9ca24f65SCraig Rodriguesmacro provides a way to conditionally add assertions that are only active with 369*9ca24f65SCraig Rodrigues.Cd "options VIMAGE" 370*9ca24f65SCraig Rodriguescompiled in and either 371*9ca24f65SCraig Rodrigues.Cd "options VNET_DEBUG" 372*9ca24f65SCraig Rodriguesor 373*9ca24f65SCraig Rodrigues.Cd "options INVARIANTS" 374*9ca24f65SCraig Rodriguesenabled as well. 375*9ca24f65SCraig RodriguesIt uses the same semantics as 376*9ca24f65SCraig Rodrigues.Xr KASSERT 9 . 377*9ca24f65SCraig Rodrigues.\" ------------------------------------------------------------ 378*9ca24f65SCraig Rodrigues.Ss "Locking" 379*9ca24f65SCraig Rodrigues.\" 380*9ca24f65SCraig RodriguesFor public access to the list of virtual network stack instances 381*9ca24f65SCraig Rodriguese.g., by the 382*9ca24f65SCraig Rodrigues.Fn VNET_FOREACH 383*9ca24f65SCraig Rodriguesmacro, read locks are provided. 384*9ca24f65SCraig RodriguesMacros are used to abstract from the actual type of the locks. 385*9ca24f65SCraig RodriguesIf a caller may sleep while traversing the list, it must use the 386*9ca24f65SCraig Rodrigues.Fn VNET_LIST_RLOCK 387*9ca24f65SCraig Rodriguesand 388*9ca24f65SCraig Rodrigues.Fn VNET_LIST_RUNLOCK 389*9ca24f65SCraig Rodriguesmacros. 390*9ca24f65SCraig RodriguesOtherwise, the caller can use 391*9ca24f65SCraig Rodrigues.Fn VNET_LIST_RLOCK_NOSLEEP 392*9ca24f65SCraig Rodriguesand 393*9ca24f65SCraig Rodrigues.Fn VNET_LIST_RUNLOCK_NOSLEEP . 394*9ca24f65SCraig Rodrigues.\" ------------------------------------------------------------ 395*9ca24f65SCraig Rodrigues.Ss "Startup and Teardown Functions" 396*9ca24f65SCraig Rodrigues.\" 397*9ca24f65SCraig RodriguesTo start or tear down a virtual network stack instance the internal 398*9ca24f65SCraig Rodriguesfunctions 399*9ca24f65SCraig Rodrigues.Fn vnet_alloc 400*9ca24f65SCraig Rodriguesand 401*9ca24f65SCraig Rodrigues.Fn vnet_destroy 402*9ca24f65SCraig Rodriguesare provided and called from the jail framework. 403*9ca24f65SCraig RodriguesThey run the publicly provided methods to handle network stack 404*9ca24f65SCraig Rodriguesstartup and teardown. 405*9ca24f65SCraig Rodrigues.Pp 406*9ca24f65SCraig RodriguesFor public control, the system startup interface has been enhanced 407*9ca24f65SCraig Rodriguesto not only handle a system boot but to also handle a virtual 408*9ca24f65SCraig Rodriguesnetwork stack startup and teardown. 409*9ca24f65SCraig RodriguesTo the base system the 410*9ca24f65SCraig Rodrigues.Fn VNET_SYSINIT 411*9ca24f65SCraig Rodriguesand 412*9ca24f65SCraig Rodrigues.Fn VNET_SYSUNINIT 413*9ca24f65SCraig Rodriguesmacros look exactly as if there were no virtual network stack. 414*9ca24f65SCraig RodriguesIn fact, if 415*9ca24f65SCraig Rodrigues.Cd "options VIMAGE" 416*9ca24f65SCraig Rodriguesis not compiled in they are compiled to the standard 417*9ca24f65SCraig Rodrigues.Fn SYSINIT 418*9ca24f65SCraig Rodriguesmacros. 419*9ca24f65SCraig RodriguesIn addition to that they are run for each virtual network stack 420*9ca24f65SCraig Rodrigueswhen starting or, in reverse order, when shutting down. 421*9ca24f65SCraig Rodrigues.\" ------------------------------------------------------------ 422*9ca24f65SCraig Rodrigues.Ss "Eventhandlers" 423*9ca24f65SCraig Rodrigues.\" 424*9ca24f65SCraig RodriguesEventhandlers can be handled in two ways: 425*9ca24f65SCraig Rodrigues.Pp 426*9ca24f65SCraig Rodrigues.Bl -enum -offset indent -compact 427*9ca24f65SCraig Rodrigues.It 428*9ca24f65SCraig Rodriguessave the 429*9ca24f65SCraig Rodrigues.Em tags 430*9ca24f65SCraig Rodriguesreturned in each virtual instance and properly free the eventhandlers 431*9ca24f65SCraig Rodrigueson teardown using those, or 432*9ca24f65SCraig Rodrigues.It 433*9ca24f65SCraig Rodriguesuse one eventhandler that will iterate over all virtual network 434*9ca24f65SCraig Rodriguesstack instances. 435*9ca24f65SCraig Rodrigues.El 436*9ca24f65SCraig Rodrigues.Pp 437*9ca24f65SCraig RodriguesFor the first case one can just use the normal 438*9ca24f65SCraig Rodrigues.Xr EVENTHANDLER 9 439*9ca24f65SCraig Rodriguesfunctions, while for the second case the 440*9ca24f65SCraig Rodrigues.Fn VNET_GLOBAL_EVENTHANDLER_REGISTER 441*9ca24f65SCraig Rodriguesand 442*9ca24f65SCraig Rodrigues.Fn VNET_GLOBAL_EVENTHANDLER_REGISTER_TAG 443*9ca24f65SCraig Rodriguesmacros are provided. 444*9ca24f65SCraig RodriguesThese differ in that 445*9ca24f65SCraig Rodrigues.Fn VNET_GLOBAL_EVENTHANDLER_REGISTER_TAG 446*9ca24f65SCraig Rodriguestakes an extra first argument that will carry the 447*9ca24f65SCraig Rodrigues.Fa "tag" 448*9ca24f65SCraig Rodriguesupon return. 449*9ca24f65SCraig RodriguesEventhandlers registered with either of these will not run 450*9ca24f65SCraig Rodrigues.Fa func 451*9ca24f65SCraig Rodriguesdirectly but 452*9ca24f65SCraig Rodrigues.Fa func 453*9ca24f65SCraig Rodrigueswill be called from an internal iterator function for each vnet. 454*9ca24f65SCraig RodriguesBoth macros can only be used for eventhandlers that do not take 455*9ca24f65SCraig Rodriguesadditional arguments, as the variadic arguments from an 456*9ca24f65SCraig Rodrigues.Xr EVENTHANDLER_INVOKE 9 457*9ca24f65SCraig Rodriguescall will be ignored. 458*9ca24f65SCraig Rodrigues.\" ------------------------------------------------------------ 459*9ca24f65SCraig Rodrigues.Ss "Sysctl Handling" 460*9ca24f65SCraig Rodrigues.\" 461*9ca24f65SCraig RodriguesA 462*9ca24f65SCraig Rodrigues.Xr sysctl 9 463*9ca24f65SCraig Rodriguescan be virtualized by using one of the 464*9ca24f65SCraig Rodrigues.Fn SYSCTL_VNET_* 465*9ca24f65SCraig Rodriguesmacros. 466*9ca24f65SCraig Rodrigues.Pp 467*9ca24f65SCraig RodriguesThey take the same arguments as the standard 468*9ca24f65SCraig Rodrigues.Xr sysctl 9 469*9ca24f65SCraig Rodriguesfunctions, with the only difference, that the 470*9ca24f65SCraig Rodrigues.Fa ptr 471*9ca24f65SCraig Rodriguesargument has to be passed as 472*9ca24f65SCraig Rodrigues.Ql &VNET_NAME(foo) 473*9ca24f65SCraig Rodriguesinstead of 474*9ca24f65SCraig Rodrigues.Ql &foo 475*9ca24f65SCraig Rodriguesso that the variable can be selected from the correct memory 476*9ca24f65SCraig Rodriguesregion of the virtual network stack instance of the caller. 477*9ca24f65SCraig Rodrigues.Pp 478*9ca24f65SCraig RodriguesFor the very rare case a sysctl handler function would want to 479*9ca24f65SCraig Rodrigueshandle 480*9ca24f65SCraig Rodrigues.Fa arg1 481*9ca24f65SCraig Rodriguesitself the 482*9ca24f65SCraig Rodrigues.Fn VNET_SYSCTL_ARG req arg1 483*9ca24f65SCraig Rodriguesis provided that will translate the 484*9ca24f65SCraig Rodrigues.Fa arg1 485*9ca24f65SCraig Rodriguesargument to the correct memory address in the virtual network stack 486*9ca24f65SCraig Rodriguescontext of the caller. 487*9ca24f65SCraig Rodrigues.\" ------------------------------------------------------------ 488*9ca24f65SCraig Rodrigues.Sh SEE ALSO 489*9ca24f65SCraig Rodrigues.Xr jail 2 , 490*9ca24f65SCraig Rodrigues.Xr kvm 3 , 491*9ca24f65SCraig Rodrigues.Xr EVENTHANDLER 9 , 492*9ca24f65SCraig Rodrigues.\" .Xr pcpu 9 , 493*9ca24f65SCraig Rodrigues.Xr KASSERT 9 , 494*9ca24f65SCraig Rodrigues.Xr sysctl 9 495*9ca24f65SCraig Rodrigues.\" .Xr SYSINIT 9 496*9ca24f65SCraig Rodrigues.Sh HISTORY 497*9ca24f65SCraig RodriguesThe virtual network stack implementation first appeared in 498*9ca24f65SCraig Rodrigues.Fx 8.0 . 499*9ca24f65SCraig Rodrigues.Sh AUTHORS 500*9ca24f65SCraig RodriguesThis manual page was written by 501*9ca24f65SCraig Rodrigues.An Bjoern A. Zeeb, CK Software GmbH, 502*9ca24f65SCraig Rodriguesunder sponsorship from the FreeBSD Foundation. 503