diff options
author | Bjoern A. Zeeb <bz@FreeBSD.org> | 2008-08-17 23:27:27 +0000 |
---|---|---|
committer | Bjoern A. Zeeb <bz@FreeBSD.org> | 2008-08-17 23:27:27 +0000 |
commit | 603724d3abed34351087e20b8cb363d8e02072c1 (patch) | |
tree | 1496da534aec03cf2f9d2d0735d80e4c1e3b5715 /sys/netipsec/xform_ipip.c | |
parent | ac2dcb729fc5b54bc829c23d239dec65a057bf49 (diff) | |
download | src-603724d3abed34351087e20b8cb363d8e02072c1.tar.gz src-603724d3abed34351087e20b8cb363d8e02072c1.zip |
Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course
of the next few weeks.
Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
Notes
Notes:
svn path=/head/; revision=181803
Diffstat (limited to 'sys/netipsec/xform_ipip.c')
-rw-r--r-- | sys/netipsec/xform_ipip.c | 57 |
1 files changed, 29 insertions, 28 deletions
diff --git a/sys/netipsec/xform_ipip.c b/sys/netipsec/xform_ipip.c index 4e8495b508ce..cb9256d15953 100644 --- a/sys/netipsec/xform_ipip.c +++ b/sys/netipsec/xform_ipip.c @@ -50,6 +50,7 @@ #include <sys/kernel.h> #include <sys/protosw.h> #include <sys/sysctl.h> +#include <sys/vimage.h> #include <net/if.h> #include <net/pfil.h> @@ -113,9 +114,9 @@ ip4_input6(struct mbuf **m, int *offp, int proto) { #if 0 /* If we do not accept IP-in-IP explicitly, drop. */ - if (!ipip_allow && ((*m)->m_flags & M_IPSEC) == 0) { + if (!V_ipip_allow && ((*m)->m_flags & M_IPSEC) == 0) { DPRINTF(("%s: dropped due to policy\n", __func__)); - ipipstat.ipips_pdrops++; + V_ipipstat.ipips_pdrops++; m_freem(*m); return IPPROTO_DONE; } @@ -134,9 +135,9 @@ ip4_input(struct mbuf *m, int off) { #if 0 /* If we do not accept IP-in-IP explicitly, drop. */ - if (!ipip_allow && (m->m_flags & M_IPSEC) == 0) { + if (!V_ipip_allow && (m->m_flags & M_IPSEC) == 0) { DPRINTF(("%s: dropped due to policy\n", __func__)); - ipipstat.ipips_pdrops++; + V_ipipstat.ipips_pdrops++; m_freem(m); return; } @@ -170,7 +171,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) u_int8_t v; int hlen; - ipipstat.ipips_ipackets++; + V_ipipstat.ipips_ipackets++; m_copydata(m, 0, 1, &v); @@ -186,7 +187,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) break; #endif default: - ipipstat.ipips_family++; + V_ipipstat.ipips_family++; m_freem(m); return /* EAFNOSUPPORT */; } @@ -195,7 +196,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) if (m->m_len < hlen) { if ((m = m_pullup(m, hlen)) == NULL) { DPRINTF(("%s: m_pullup (1) failed\n", __func__)); - ipipstat.ipips_hdrops++; + V_ipipstat.ipips_hdrops++; return; } } @@ -232,7 +233,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) /* Sanity check */ if (m->m_pkthdr.len < sizeof(struct ip)) { - ipipstat.ipips_hdrops++; + V_ipipstat.ipips_hdrops++; m_freem(m); return; } @@ -252,7 +253,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) break; #endif default: - ipipstat.ipips_family++; + V_ipipstat.ipips_family++; m_freem(m); return; /* EAFNOSUPPORT */ } @@ -263,7 +264,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) if (m->m_len < hlen) { if ((m = m_pullup(m, hlen)) == NULL) { DPRINTF(("%s: m_pullup (2) failed\n", __func__)); - ipipstat.ipips_hdrops++; + V_ipipstat.ipips_hdrops++; return; } } @@ -280,7 +281,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) case 4: ipo = mtod(m, struct ip *); nxt = ipo->ip_p; - ip_ecn_egress(ip4_ipsec_ecn, &otos, &ipo->ip_tos); + ip_ecn_egress(V_ip4_ipsec_ecn, &otos, &ipo->ip_tos); break; #endif /* INET */ #ifdef INET6 @@ -288,7 +289,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) ip6 = (struct ip6_hdr *) ipo; nxt = ip6->ip6_nxt; itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff; - ip_ecn_egress(ip6_ipsec_ecn, &otos, &itos); + ip_ecn_egress(V_ip6_ipsec_ecn, &otos, &itos); ip6->ip6_flow &= ~htonl(0xff << 20); ip6->ip6_flow |= htonl((u_int32_t) itos << 20); break; @@ -300,9 +301,9 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) /* Check for local address spoofing. */ if ((m->m_pkthdr.rcvif == NULL || !(m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK)) && - ipip_allow != 2) { + V_ipip_allow != 2) { IFNET_RLOCK(); - TAILQ_FOREACH(ifp, &ifnet, if_link) { + TAILQ_FOREACH(ifp, &V_ifnet, if_link) { TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { #ifdef INET if (ipo) { @@ -314,7 +315,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) if (sin->sin_addr.s_addr == ipo->ip_src.s_addr) { - ipipstat.ipips_spoof++; + V_ipipstat.ipips_spoof++; m_freem(m); IFNET_RUNLOCK(); return; @@ -331,7 +332,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) sin6 = (struct sockaddr_in6 *) ifa->ifa_addr; if (IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &ip6->ip6_src)) { - ipipstat.ipips_spoof++; + V_ipipstat.ipips_spoof++; m_freem(m); IFNET_RUNLOCK(); return; @@ -345,7 +346,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) } /* Statistics */ - ipipstat.ipips_ibytes += m->m_pkthdr.len - iphlen; + V_ipipstat.ipips_ibytes += m->m_pkthdr.len - iphlen; #ifdef DEV_ENC switch (v >> 4) { @@ -391,7 +392,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) } if (netisr_queue(isr, m)) { /* (0) on success. */ - ipipstat.ipips_qfull++; + V_ipipstat.ipips_qfull++; DPRINTF(("%s: packet dropped because of full queue\n", __func__)); } @@ -438,7 +439,7 @@ ipip_output( "address in SA %s/%08lx\n", __func__, ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); - ipipstat.ipips_unspec++; + V_ipipstat.ipips_unspec++; error = EINVAL; goto bad; } @@ -446,7 +447,7 @@ ipip_output( M_PREPEND(m, sizeof(struct ip), M_DONTWAIT); if (m == 0) { DPRINTF(("%s: M_PREPEND failed\n", __func__)); - ipipstat.ipips_hdrops++; + V_ipipstat.ipips_hdrops++; error = ENOBUFS; goto bad; } @@ -456,7 +457,7 @@ ipip_output( ipo->ip_v = IPVERSION; ipo->ip_hl = 5; ipo->ip_len = htons(m->m_pkthdr.len); - ipo->ip_ttl = ip_defttl; + ipo->ip_ttl = V_ip_defttl; ipo->ip_sum = 0; ipo->ip_src = saidx->src.sin.sin_addr; ipo->ip_dst = saidx->dst.sin.sin_addr; @@ -515,7 +516,7 @@ ipip_output( "address in SA %s/%08lx\n", __func__, ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); - ipipstat.ipips_unspec++; + V_ipipstat.ipips_unspec++; error = ENOBUFS; goto bad; } @@ -530,7 +531,7 @@ ipip_output( M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT); if (m == 0) { DPRINTF(("%s: M_PREPEND failed\n", __func__)); - ipipstat.ipips_hdrops++; + V_ipipstat.ipips_hdrops++; error = ENOBUFS; goto bad; } @@ -541,7 +542,7 @@ ipip_output( ip6o->ip6_vfc &= ~IPV6_VERSION_MASK; ip6o->ip6_vfc |= IPV6_VERSION; ip6o->ip6_plen = htons(m->m_pkthdr.len); - ip6o->ip6_hlim = ip_defttl; + ip6o->ip6_hlim = V_ip_defttl; ip6o->ip6_dst = saidx->dst.sin6.sin6_addr; ip6o->ip6_src = saidx->src.sin6.sin6_addr; @@ -580,12 +581,12 @@ ipip_output( nofamily: DPRINTF(("%s: unsupported protocol family %u\n", __func__, saidx->dst.sa.sa_family)); - ipipstat.ipips_family++; + V_ipipstat.ipips_family++; error = EAFNOSUPPORT; /* XXX diffs from openbsd */ goto bad; } - ipipstat.ipips_opackets++; + V_ipipstat.ipips_opackets++; *mp = m; #ifdef INET @@ -595,7 +596,7 @@ nofamily: tdb->tdb_cur_bytes += m->m_pkthdr.len - sizeof(struct ip); #endif - ipipstat.ipips_obytes += m->m_pkthdr.len - sizeof(struct ip); + V_ipipstat.ipips_obytes += m->m_pkthdr.len - sizeof(struct ip); } #endif /* INET */ @@ -606,7 +607,7 @@ nofamily: tdb->tdb_cur_bytes += m->m_pkthdr.len - sizeof(struct ip6_hdr); #endif - ipipstat.ipips_obytes += + V_ipipstat.ipips_obytes += m->m_pkthdr.len - sizeof(struct ip6_hdr); } #endif /* INET6 */ |