diff options
author | Marko Zec <zec@FreeBSD.org> | 2008-11-26 22:32:07 +0000 |
---|---|---|
committer | Marko Zec <zec@FreeBSD.org> | 2008-11-26 22:32:07 +0000 |
commit | 97021c246444967a8f441a90076fb4f7ef22fb3a (patch) | |
tree | 92dfba43d59635c80de0299501512e8472dbe130 /sys/netipsec | |
parent | 1b4822a4130eb584a8399818082234af5131fb34 (diff) | |
download | src-97021c246444967a8f441a90076fb4f7ef22fb3a.tar.gz src-97021c246444967a8f441a90076fb4f7ef22fb3a.zip |
Merge more of currently non-functional (i.e. resolving to
whitespace) macros from p4/vimage branch.
Do a better job at enclosing all instantiations of globals
scheduled for virtualization in #ifdef VIMAGE_GLOBALS blocks.
De-virtualize and mark as const saorder_state_alive and
saorder_state_any arrays from ipsec code, given that they are never
updated at runtime, so virtualizing them would be pointless.
Reviewed by: bz, julian
Approved by: julian (mentor)
Obtained from: //depot/projects/vimage-commit2/...
X-MFC after: never
Sponsored by: NLnet Foundation, The FreeBSD Foundation
Notes
Notes:
svn path=/head/; revision=185348
Diffstat (limited to 'sys/netipsec')
-rw-r--r-- | sys/netipsec/ipsec.c | 2 | ||||
-rw-r--r-- | sys/netipsec/key.c | 30 | ||||
-rw-r--r-- | sys/netipsec/keysock.c | 4 | ||||
-rw-r--r-- | sys/netipsec/vipsec.h | 10 |
4 files changed, 19 insertions, 27 deletions
diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c index 262b3026ed19..c99cccad1b69 100644 --- a/sys/netipsec/ipsec.c +++ b/sys/netipsec/ipsec.c @@ -2009,7 +2009,7 @@ static void ipsec_attach(void) { SECPOLICY_LOCK_INIT(&V_ip4_def_policy); - ip4_def_policy.refcnt = 1; /* NB: disallow free */ + V_ip4_def_policy.refcnt = 1; /* NB: disallow free */ } SYSINIT(ipsec, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, ipsec_attach, NULL); diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index db79f5995aee..3e2b4e093d67 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -189,11 +189,11 @@ static const u_int saorder_state_valid_prefer_old[] = { static const u_int saorder_state_valid_prefer_new[] = { SADB_SASTATE_MATURE, SADB_SASTATE_DYING, }; -static u_int saorder_state_alive[] = { +static const u_int saorder_state_alive[] = { /* except DEAD */ SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL }; -static u_int saorder_state_any[] = { +static const u_int saorder_state_any[] = { SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD }; @@ -2699,9 +2699,9 @@ key_delsah(sah) /* searching all SA registerd in the secindex. */ for (stateidx = 0; - stateidx < _ARRAYLEN(V_saorder_state_any); + stateidx < _ARRAYLEN(saorder_state_any); stateidx++) { - u_int state = V_saorder_state_any[stateidx]; + u_int state = saorder_state_any[stateidx]; LIST_FOREACH_SAFE(sav, &sah->savtree[state], chain, nextsav) { if (sav->refcnt == 0) { /* sanity check */ @@ -2985,10 +2985,10 @@ key_getsavbyspi(sah, spi) SAHTREE_LOCK_ASSERT(); /* search all status */ for (stateidx = 0; - stateidx < _ARRAYLEN(V_saorder_state_alive); + stateidx < _ARRAYLEN(saorder_state_alive); stateidx++) { - state = V_saorder_state_alive[stateidx]; + state = saorder_state_alive[stateidx]; LIST_FOREACH(sav, &sah->savtree[state], chain) { /* sanity check */ @@ -4336,6 +4336,7 @@ key_timehandler(void) VNET_ITERATOR_DECL(vnet_iter); time_t now = time_second; + VNET_LIST_RLOCK(); VNET_FOREACH(vnet_iter) { CURVNET_SET(vnet_iter); key_flush_spd(now); @@ -4344,6 +4345,7 @@ key_timehandler(void) key_flush_spacq(now); CURVNET_RESTORE(); } + VNET_LIST_RUNLOCK(); #ifndef IPSEC_DEBUG2 /* do exchange to tick time !! */ @@ -5313,9 +5315,9 @@ key_delete_all(so, m, mhp, proto) /* Delete all non-LARVAL SAs. */ for (stateidx = 0; - stateidx < _ARRAYLEN(V_saorder_state_alive); + stateidx < _ARRAYLEN(saorder_state_alive); stateidx++) { - state = V_saorder_state_alive[stateidx]; + state = saorder_state_alive[stateidx]; if (state == SADB_SASTATE_LARVAL) continue; for (sav = LIST_FIRST(&sah->savtree[state]); @@ -6518,9 +6520,9 @@ key_flush(so, m, mhp) continue; for (stateidx = 0; - stateidx < _ARRAYLEN(V_saorder_state_alive); + stateidx < _ARRAYLEN(saorder_state_alive); stateidx++) { - state = V_saorder_state_any[stateidx]; + state = saorder_state_any[stateidx]; for (sav = LIST_FIRST(&sah->savtree[state]); sav != NULL; sav = nextsav) { @@ -6603,9 +6605,9 @@ key_dump(so, m, mhp) continue; for (stateidx = 0; - stateidx < _ARRAYLEN(V_saorder_state_any); + stateidx < _ARRAYLEN(saorder_state_any); stateidx++) { - state = V_saorder_state_any[stateidx]; + state = saorder_state_any[stateidx]; LIST_FOREACH(sav, &sah->savtree[state], chain) { cnt++; } @@ -6633,9 +6635,9 @@ key_dump(so, m, mhp) } for (stateidx = 0; - stateidx < _ARRAYLEN(V_saorder_state_any); + stateidx < _ARRAYLEN(saorder_state_any); stateidx++) { - state = V_saorder_state_any[stateidx]; + state = saorder_state_any[stateidx]; LIST_FOREACH(sav, &sah->savtree[state], chain) { n = key_setdumpsa(sav, SADB_DUMP, satype, --cnt, mhp->msg->sadb_msg_pid); diff --git a/sys/netipsec/keysock.c b/sys/netipsec/keysock.c index 6d5c4bcfc791..ace6993951b7 100644 --- a/sys/netipsec/keysock.c +++ b/sys/netipsec/keysock.c @@ -76,7 +76,7 @@ static struct key_cb key_cb; struct pfkeystat pfkeystat; #endif -static struct sockaddr key_src = { 2, PF_KEY, }; +static struct sockaddr key_src = { 2, PF_KEY }; static int key_sendup0 __P((struct rawcb *, struct mbuf *, int)); @@ -166,7 +166,7 @@ key_sendup0(rp, m, promisc) V_pfkeystat.in_msgtype[pmsg->sadb_msg_type]++; } - if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&V_key_src, + if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src, m, NULL)) { V_pfkeystat.in_nomem++; m_freem(m); diff --git a/sys/netipsec/vipsec.h b/sys/netipsec/vipsec.h index 5a007ce0dadd..2f5acf7a25d0 100644 --- a/sys/netipsec/vipsec.h +++ b/sys/netipsec/vipsec.h @@ -81,8 +81,6 @@ struct vnet_ipsec { int _key_preferred_oldsa; u_int32_t _acq_seq; - u_int _saorder_state_alive[3]; - u_int _saorder_state_any[4]; int _esp_enable; struct espstat _espstat; int _esp_max_ivlen; @@ -98,7 +96,6 @@ struct vnet_ipsec { int _ip6_ah_trans_deflev; int _ip6_ah_net_deflev; int _ip6_ipsec_ecn; - int _ip6_esp_randpad; int _ah_enable; int _ah_cleartos; @@ -109,9 +106,6 @@ struct vnet_ipsec { struct pfkeystat _pfkeystat; struct key_cb _key_cb; - struct sockaddr _key_dst; - struct sockaddr _key_src; - LIST_HEAD(, secpolicy) _sptree[IPSEC_DIR_MAX]; LIST_HEAD(, secashead) _sahtree; LIST_HEAD(, secreg) _regtree[SADB_SATYPE_MAX + 1]; @@ -168,20 +162,16 @@ struct vnet_ipsec { #define V_key_blockacq_lifetime VNET_IPSEC(key_blockacq_lifetime) #define V_key_cb VNET_IPSEC(key_cb) #define V_key_debug_level VNET_IPSEC(key_debug_level) -#define V_key_dst VNET_IPSEC(key_dst) #define V_key_int_random VNET_IPSEC(key_int_random) #define V_key_larval_lifetime VNET_IPSEC(key_larval_lifetime) #define V_key_preferred_oldsa VNET_IPSEC(key_preferred_oldsa) #define V_key_spi_maxval VNET_IPSEC(key_spi_maxval) #define V_key_spi_minval VNET_IPSEC(key_spi_minval) #define V_key_spi_trycnt VNET_IPSEC(key_spi_trycnt) -#define V_key_src VNET_IPSEC(key_src) #define V_pfkeystat VNET_IPSEC(pfkeystat) #define V_policy_id VNET_IPSEC(policy_id) #define V_regtree VNET_IPSEC(regtree) #define V_sahtree VNET_IPSEC(sahtree) -#define V_saorder_state_alive VNET_IPSEC(saorder_state_alive) -#define V_saorder_state_any VNET_IPSEC(saorder_state_any) #define V_spacqtree VNET_IPSEC(spacqtree) #define V_sptree VNET_IPSEC(sptree) |