aboutsummaryrefslogtreecommitdiff
path: root/sys/netipsec/xform_ipip.c
diff options
context:
space:
mode:
authorBjoern A. Zeeb <bz@FreeBSD.org>2008-08-17 23:27:27 +0000
committerBjoern A. Zeeb <bz@FreeBSD.org>2008-08-17 23:27:27 +0000
commit603724d3abed34351087e20b8cb363d8e02072c1 (patch)
tree1496da534aec03cf2f9d2d0735d80e4c1e3b5715 /sys/netipsec/xform_ipip.c
parentac2dcb729fc5b54bc829c23d239dec65a057bf49 (diff)
downloadsrc-603724d3abed34351087e20b8cb363d8e02072c1.tar.gz
src-603724d3abed34351087e20b8cb363d8e02072c1.zip
Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@). This is the first in a series of commits over the course of the next few weeks. Mark all uses of global variables to be virtualized with a V_ prefix. Use macros to map them back to their global names for now, so this is a NOP change only. We hope to have caught at least 85-90% of what is needed so we do not invalidate a lot of outstanding patches again. Obtained from: //depot/projects/vimage-commit2/... Reviewed by: brooks, des, ed, mav, julian, jamie, kris, rwatson, zec, ... (various people I forgot, different versions) md5 (with a bit of help) Sponsored by: NLnet Foundation, The FreeBSD Foundation X-MFC after: never V_Commit_Message_Reviewed_By: more people than the patch
Notes
Notes: svn path=/head/; revision=181803
Diffstat (limited to 'sys/netipsec/xform_ipip.c')
-rw-r--r--sys/netipsec/xform_ipip.c57
1 files changed, 29 insertions, 28 deletions
diff --git a/sys/netipsec/xform_ipip.c b/sys/netipsec/xform_ipip.c
index 4e8495b508ce..cb9256d15953 100644
--- a/sys/netipsec/xform_ipip.c
+++ b/sys/netipsec/xform_ipip.c
@@ -50,6 +50,7 @@
#include <sys/kernel.h>
#include <sys/protosw.h>
#include <sys/sysctl.h>
+#include <sys/vimage.h>
#include <net/if.h>
#include <net/pfil.h>
@@ -113,9 +114,9 @@ ip4_input6(struct mbuf **m, int *offp, int proto)
{
#if 0
/* If we do not accept IP-in-IP explicitly, drop. */
- if (!ipip_allow && ((*m)->m_flags & M_IPSEC) == 0) {
+ if (!V_ipip_allow && ((*m)->m_flags & M_IPSEC) == 0) {
DPRINTF(("%s: dropped due to policy\n", __func__));
- ipipstat.ipips_pdrops++;
+ V_ipipstat.ipips_pdrops++;
m_freem(*m);
return IPPROTO_DONE;
}
@@ -134,9 +135,9 @@ ip4_input(struct mbuf *m, int off)
{
#if 0
/* If we do not accept IP-in-IP explicitly, drop. */
- if (!ipip_allow && (m->m_flags & M_IPSEC) == 0) {
+ if (!V_ipip_allow && (m->m_flags & M_IPSEC) == 0) {
DPRINTF(("%s: dropped due to policy\n", __func__));
- ipipstat.ipips_pdrops++;
+ V_ipipstat.ipips_pdrops++;
m_freem(m);
return;
}
@@ -170,7 +171,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
u_int8_t v;
int hlen;
- ipipstat.ipips_ipackets++;
+ V_ipipstat.ipips_ipackets++;
m_copydata(m, 0, 1, &v);
@@ -186,7 +187,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
break;
#endif
default:
- ipipstat.ipips_family++;
+ V_ipipstat.ipips_family++;
m_freem(m);
return /* EAFNOSUPPORT */;
}
@@ -195,7 +196,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
if (m->m_len < hlen) {
if ((m = m_pullup(m, hlen)) == NULL) {
DPRINTF(("%s: m_pullup (1) failed\n", __func__));
- ipipstat.ipips_hdrops++;
+ V_ipipstat.ipips_hdrops++;
return;
}
}
@@ -232,7 +233,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
/* Sanity check */
if (m->m_pkthdr.len < sizeof(struct ip)) {
- ipipstat.ipips_hdrops++;
+ V_ipipstat.ipips_hdrops++;
m_freem(m);
return;
}
@@ -252,7 +253,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
break;
#endif
default:
- ipipstat.ipips_family++;
+ V_ipipstat.ipips_family++;
m_freem(m);
return; /* EAFNOSUPPORT */
}
@@ -263,7 +264,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
if (m->m_len < hlen) {
if ((m = m_pullup(m, hlen)) == NULL) {
DPRINTF(("%s: m_pullup (2) failed\n", __func__));
- ipipstat.ipips_hdrops++;
+ V_ipipstat.ipips_hdrops++;
return;
}
}
@@ -280,7 +281,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
case 4:
ipo = mtod(m, struct ip *);
nxt = ipo->ip_p;
- ip_ecn_egress(ip4_ipsec_ecn, &otos, &ipo->ip_tos);
+ ip_ecn_egress(V_ip4_ipsec_ecn, &otos, &ipo->ip_tos);
break;
#endif /* INET */
#ifdef INET6
@@ -288,7 +289,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
ip6 = (struct ip6_hdr *) ipo;
nxt = ip6->ip6_nxt;
itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
- ip_ecn_egress(ip6_ipsec_ecn, &otos, &itos);
+ ip_ecn_egress(V_ip6_ipsec_ecn, &otos, &itos);
ip6->ip6_flow &= ~htonl(0xff << 20);
ip6->ip6_flow |= htonl((u_int32_t) itos << 20);
break;
@@ -300,9 +301,9 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
/* Check for local address spoofing. */
if ((m->m_pkthdr.rcvif == NULL ||
!(m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK)) &&
- ipip_allow != 2) {
+ V_ipip_allow != 2) {
IFNET_RLOCK();
- TAILQ_FOREACH(ifp, &ifnet, if_link) {
+ TAILQ_FOREACH(ifp, &V_ifnet, if_link) {
TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
#ifdef INET
if (ipo) {
@@ -314,7 +315,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
if (sin->sin_addr.s_addr ==
ipo->ip_src.s_addr) {
- ipipstat.ipips_spoof++;
+ V_ipipstat.ipips_spoof++;
m_freem(m);
IFNET_RUNLOCK();
return;
@@ -331,7 +332,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
sin6 = (struct sockaddr_in6 *) ifa->ifa_addr;
if (IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &ip6->ip6_src)) {
- ipipstat.ipips_spoof++;
+ V_ipipstat.ipips_spoof++;
m_freem(m);
IFNET_RUNLOCK();
return;
@@ -345,7 +346,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
}
/* Statistics */
- ipipstat.ipips_ibytes += m->m_pkthdr.len - iphlen;
+ V_ipipstat.ipips_ibytes += m->m_pkthdr.len - iphlen;
#ifdef DEV_ENC
switch (v >> 4) {
@@ -391,7 +392,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
}
if (netisr_queue(isr, m)) { /* (0) on success. */
- ipipstat.ipips_qfull++;
+ V_ipipstat.ipips_qfull++;
DPRINTF(("%s: packet dropped because of full queue\n",
__func__));
}
@@ -438,7 +439,7 @@ ipip_output(
"address in SA %s/%08lx\n", __func__,
ipsec_address(&saidx->dst),
(u_long) ntohl(sav->spi)));
- ipipstat.ipips_unspec++;
+ V_ipipstat.ipips_unspec++;
error = EINVAL;
goto bad;
}
@@ -446,7 +447,7 @@ ipip_output(
M_PREPEND(m, sizeof(struct ip), M_DONTWAIT);
if (m == 0) {
DPRINTF(("%s: M_PREPEND failed\n", __func__));
- ipipstat.ipips_hdrops++;
+ V_ipipstat.ipips_hdrops++;
error = ENOBUFS;
goto bad;
}
@@ -456,7 +457,7 @@ ipip_output(
ipo->ip_v = IPVERSION;
ipo->ip_hl = 5;
ipo->ip_len = htons(m->m_pkthdr.len);
- ipo->ip_ttl = ip_defttl;
+ ipo->ip_ttl = V_ip_defttl;
ipo->ip_sum = 0;
ipo->ip_src = saidx->src.sin.sin_addr;
ipo->ip_dst = saidx->dst.sin.sin_addr;
@@ -515,7 +516,7 @@ ipip_output(
"address in SA %s/%08lx\n", __func__,
ipsec_address(&saidx->dst),
(u_long) ntohl(sav->spi)));
- ipipstat.ipips_unspec++;
+ V_ipipstat.ipips_unspec++;
error = ENOBUFS;
goto bad;
}
@@ -530,7 +531,7 @@ ipip_output(
M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT);
if (m == 0) {
DPRINTF(("%s: M_PREPEND failed\n", __func__));
- ipipstat.ipips_hdrops++;
+ V_ipipstat.ipips_hdrops++;
error = ENOBUFS;
goto bad;
}
@@ -541,7 +542,7 @@ ipip_output(
ip6o->ip6_vfc &= ~IPV6_VERSION_MASK;
ip6o->ip6_vfc |= IPV6_VERSION;
ip6o->ip6_plen = htons(m->m_pkthdr.len);
- ip6o->ip6_hlim = ip_defttl;
+ ip6o->ip6_hlim = V_ip_defttl;
ip6o->ip6_dst = saidx->dst.sin6.sin6_addr;
ip6o->ip6_src = saidx->src.sin6.sin6_addr;
@@ -580,12 +581,12 @@ ipip_output(
nofamily:
DPRINTF(("%s: unsupported protocol family %u\n", __func__,
saidx->dst.sa.sa_family));
- ipipstat.ipips_family++;
+ V_ipipstat.ipips_family++;
error = EAFNOSUPPORT; /* XXX diffs from openbsd */
goto bad;
}
- ipipstat.ipips_opackets++;
+ V_ipipstat.ipips_opackets++;
*mp = m;
#ifdef INET
@@ -595,7 +596,7 @@ nofamily:
tdb->tdb_cur_bytes +=
m->m_pkthdr.len - sizeof(struct ip);
#endif
- ipipstat.ipips_obytes += m->m_pkthdr.len - sizeof(struct ip);
+ V_ipipstat.ipips_obytes += m->m_pkthdr.len - sizeof(struct ip);
}
#endif /* INET */
@@ -606,7 +607,7 @@ nofamily:
tdb->tdb_cur_bytes +=
m->m_pkthdr.len - sizeof(struct ip6_hdr);
#endif
- ipipstat.ipips_obytes +=
+ V_ipipstat.ipips_obytes +=
m->m_pkthdr.len - sizeof(struct ip6_hdr);
}
#endif /* INET6 */