Conditionally compile out V_ globals while instantiating the appropriate

container structures, depending on VIMAGE_GLOBALS compile time option.

Make VIMAGE_GLOBALS a new compile-time option, which by default will not
be defined, resulting in instatiations of global variables selected for
V_irtualization (enclosed in #ifdef VIMAGE_GLOBALS blocks) to be
effectively compiled out.  Instantiate new global container structures
to hold V_irtualized variables: vnet_net_0, vnet_inet_0, vnet_inet6_0,
vnet_ipsec_0, vnet_netgraph_0, and vnet_gif_0.

Update the VSYM() macro so that depending on VIMAGE_GLOBALS the V_
macros resolve either to the original globals, or to fields inside
container structures, i.e. effectively

#ifdef VIMAGE_GLOBALS
#define V_rt_tables rt_tables
#else
#define V_rt_tables vnet_net_0._rt_tables
#endif

Update SYSCTL_V_*() macros to operate either on globals or on fields
inside container structs.

Extend the internal kldsym() lookups with the ability to resolve
selected fields inside the virtualization container structs.  This
applies only to the fields which are explicitly registered for kldsym()
visibility via VNET_MOD_DECLARE() and vnet_mod_register(), currently
this is done only in sys/net/if.c.

Fix a few broken instances of MODULE_GLOBAL() macro use in SCTP code,
and modify the MODULE_GLOBAL() macro to resolve to V_ macros, which in
turn result in proper code being generated depending on VIMAGE_GLOBALS.

De-virtualize local static variables in sys/contrib/pf/net/pf_subr.c
which were prematurely V_irtualized by automated V_ prepending scripts
during earlier merging steps.  PF virtualization will be done
separately, most probably after next PF import.

Convert a few variable initializations at instantiation to
initialization in init functions, most notably in ipfw.  Also convert
TUNABLE_INT() initializers for V_ variables to TUNABLE_FETCH_INT() in
initializer functions.

Discussed at:	devsummit Strassburg
Reviewed by:	bz, julian
Approved by:	julian (mentor)
Obtained from:	//depot/projects/vimage-commit2/...
X-MFC after:	never
Sponsored by:	NLnet Foundation, The FreeBSD Foundation

1 files changed, 14 insertions, 15 deletions

diff --git a/sys/contrib/pf/net/pf_subr.c b/sys/contrib/pf/net/pf_subr.c
index 3b680e3..1ac8b40 100644
--- a/sys/contrib/pf/net/pf_subr.c
+++ b/sys/contrib/pf/net/pf_subr.c
@@ -124,15 +124,14 @@ static MD5_CTX isn_ctx;
 u_int32_t
 pf_new_isn(struct pf_state *s)
 {
-	INIT_VNET_INET(curvnet);
 	u_int32_t md5_buffer[4];
 	u_int32_t new_isn;
 	struct pf_state_host *src, *dst;
 
 	/* Seed if this is the first use, reseed if requested. */
-	if (V_isn_last_reseed == 0) {
-		read_random(&V_isn_secret, sizeof(V_isn_secret));
-		V_isn_last_reseed = ticks;
+	if (isn_last_reseed == 0) {
+		read_random(&isn_secret, sizeof(isn_secret));
+		isn_last_reseed = ticks;
 	}
 
 	if (s->direction == PF_IN) {
@@ -144,28 +143,28 @@ pf_new_isn(struct pf_state *s)
 	}
 
 	/* Compute the md5 hash and return the ISN. */
-	MD5Init(&V_isn_ctx);
-	MD5Update(&V_isn_ctx, (u_char *) &dst->port, sizeof(u_short));
-	MD5Update(&V_isn_ctx, (u_char *) &src->port, sizeof(u_short));
+	MD5Init(&isn_ctx);
+	MD5Update(&isn_ctx, (u_char *) &dst->port, sizeof(u_short));
+	MD5Update(&isn_ctx, (u_char *) &src->port, sizeof(u_short));
 #ifdef INET6
 	if (s->af == AF_INET6) {
-		MD5Update(&V_isn_ctx, (u_char *) &dst->addr,
+		MD5Update(&isn_ctx, (u_char *) &dst->addr,
 			  sizeof(struct in6_addr));
-		MD5Update(&V_isn_ctx, (u_char *) &src->addr,
+		MD5Update(&isn_ctx, (u_char *) &src->addr,
 			  sizeof(struct in6_addr));
 	} else
 #endif
 	{
-		MD5Update(&V_isn_ctx, (u_char *) &dst->addr,
+		MD5Update(&isn_ctx, (u_char *) &dst->addr,
 			  sizeof(struct in_addr));
-		MD5Update(&V_isn_ctx, (u_char *) &src->addr,
+		MD5Update(&isn_ctx, (u_char *) &src->addr,
 			  sizeof(struct in_addr));
 	}
-	MD5Update(&V_isn_ctx, (u_char *) &V_isn_secret, sizeof(V_isn_secret));
-	MD5Final((u_char *) &md5_buffer, &V_isn_ctx);
+	MD5Update(&isn_ctx, (u_char *) &isn_secret, sizeof(isn_secret));
+	MD5Final((u_char *) &md5_buffer, &isn_ctx);
 	new_isn = (tcp_seq) md5_buffer[0];
-	V_isn_offset += ISN_STATIC_INCREMENT +
+	isn_offset += ISN_STATIC_INCREMENT +
 		(arc4random() & ISN_RANDOM_INCREMENT);
-	new_isn += V_isn_offset;
+	new_isn += isn_offset;
 	return (new_isn);
 }