Step 1.5 of importing the network stack virtualization infrastructure

from the vimage project, as per plan established at devsummit 08/08: http://wiki.freebsd.org/Image/Notes200808DevSummit Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator macros, and CURVNET_SET() context setting macros, all currently resolving to NOPs. Prepare for virtualization of selected SYSCTL objects by introducing a family of SYSCTL_V_*() macros, currently resolving to their global counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT(). Move selected #defines from sys/sys/vimage.h to newly introduced header files specific to virtualized subsystems (sys/net/vnet.h, sys/netinet/vinet.h etc.). All the changes are verified to have zero functional impact at this point in time by doing MD5 comparision between pre- and post-change object files(*). (*) netipsec/keysock.c did not validate depending on compile time options. Implemented by: julian, bz, brooks, zec Reviewed by: julian, bz, brooks, kris, rwatson, ... Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation
author: zec <zec@FreeBSD.org> 2008-10-02 15:37:58 +0000
committer: zec <zec@FreeBSD.org> 2008-10-02 15:37:58 +0000
commit: 8797d4caecd5881e312923ee1d07be3de68755dc (patch)
tree: 53fef93d1ff076abec439159e0a765427992dee1 /sys/netipsec/ipsec.c
parent: e682bfadb0a191a81290af2b846d8610ef3aff5c (diff)
download: FreeBSD-src-8797d4caecd5881e312923ee1d07be3de68755dc.zip
FreeBSD-src-8797d4caecd5881e312923ee1d07be3de68755dc.tar.gz
1 files changed, 86 insertions, 52 deletions
diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c
index f973688..b752a67 100644
--- a/sys/netipsec/ipsec.c
+++ b/sys/netipsec/ipsec.c
@@ -126,36 +126,42 @@ int	crypto_support = CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE;
 SYSCTL_DECL(_net_inet_ipsec);
 
 /* net.inet.ipsec */
-SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_POLICY,
-    def_policy, CTLFLAG_RW, &ip4_def_policy.policy, 0,
-    "IPsec default policy.");
-SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_ESP_TRANSLEV, esp_trans_deflev,
-    CTLFLAG_RW, &ip4_esp_trans_deflev, 0, "Default ESP transport mode level");
-SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_ESP_NETLEV, esp_net_deflev,
-    CTLFLAG_RW, &ip4_esp_net_deflev, 0, "Default ESP tunnel mode level.");
-SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_AH_TRANSLEV, ah_trans_deflev,
-    CTLFLAG_RW, &ip4_ah_trans_deflev, 0, "AH transfer mode default level.");
-SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEF_AH_NETLEV, ah_net_deflev,
-    CTLFLAG_RW, &ip4_ah_net_deflev, 0, "AH tunnel mode default level.");
-SYSCTL_INT(_net_inet_ipsec, IPSECCTL_AH_CLEARTOS,
-    ah_cleartos, CTLFLAG_RW, &ah_cleartos, 0,
-    "If set clear type-of-service field when doing AH computation.");
-SYSCTL_INT(_net_inet_ipsec, IPSECCTL_AH_OFFSETMASK,
-    ah_offsetmask, CTLFLAG_RW, &ip4_ah_offsetmask, 0,
-    "If not set clear offset field mask when doing AH computation.");
-SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DFBIT,
-    dfbit, CTLFLAG_RW, &ip4_ipsec_dfbit, 0, "Do not fragment bit on encap.");
-SYSCTL_INT(_net_inet_ipsec, IPSECCTL_ECN,
-    ecn, CTLFLAG_RW, &ip4_ipsec_ecn, 0,
-    "Explicit Congestion Notification handling.");
-SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG,
-    debug, CTLFLAG_RW, &ipsec_debug, 0,
-    "Enable IPsec debugging output when set.");
-SYSCTL_INT(_net_inet_ipsec, OID_AUTO,
-    crypto_support, CTLFLAG_RW, &crypto_support, 0,
-    "Crypto driver selection.");
-SYSCTL_STRUCT(_net_inet_ipsec, OID_AUTO,
-    ipsecstats, CTLFLAG_RD, &ipsec4stat, ipsecstat, "IPsec IPv4 statistics.");
+SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_DEF_POLICY,
+	def_policy, CTLFLAG_RW, ip4_def_policy.policy,  0,
+	"IPsec default policy.");
+SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_DEF_ESP_TRANSLEV,
+	esp_trans_deflev, CTLFLAG_RW, ip4_esp_trans_deflev,	0,
+	"Default ESP transport mode level");
+SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_DEF_ESP_NETLEV,
+	esp_net_deflev, CTLFLAG_RW, ip4_esp_net_deflev,	0,
+	"Default ESP tunnel mode level.");
+SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_DEF_AH_TRANSLEV,
+	ah_trans_deflev, CTLFLAG_RW, ip4_ah_trans_deflev,	0,
+	"AH transfer mode default level.");
+SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_DEF_AH_NETLEV,
+	ah_net_deflev, CTLFLAG_RW, ip4_ah_net_deflev,	0,
+	"AH tunnel mode default level.");
+SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_AH_CLEARTOS,
+	ah_cleartos, CTLFLAG_RW,	ah_cleartos,	0,
+	"If set clear type-of-service field when doing AH computation.");
+SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_AH_OFFSETMASK,
+	ah_offsetmask, CTLFLAG_RW,	ip4_ah_offsetmask,	0,
+	"If not set clear offset field mask when doing AH computation.");
+SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_DFBIT,
+	dfbit, CTLFLAG_RW,	ip4_ipsec_dfbit,	0,
+	"Do not fragment bit on encap.");
+SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_ECN,
+	ecn, CTLFLAG_RW,	ip4_ipsec_ecn,	0,
+	"Explicit Congestion Notification handling.");
+SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, IPSECCTL_DEBUG,
+	debug, CTLFLAG_RW,	ipsec_debug,	0,
+	"Enable IPsec debugging output when set.");
+SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipsec, OID_AUTO,
+	crypto_support,	CTLFLAG_RW,	crypto_support,0,
+	"Crypto driver selection.");
+SYSCTL_V_STRUCT(V_NET, vnet_ipsec, _net_inet_ipsec, OID_AUTO,
+	ipsecstats,	CTLFLAG_RD,	ipsec4stat, ipsecstat,	
+	"IPsec IPv4 statistics.");
 
 #ifdef REGRESSION
 /*
@@ -163,15 +169,15 @@ SYSCTL_STRUCT(_net_inet_ipsec, OID_AUTO,
  * This allows to verify if the other side has proper replay attacks detection.
  */
 int ipsec_replay = 0;
-SYSCTL_INT(_net_inet_ipsec, OID_AUTO, test_replay, CTLFLAG_RW, &ipsec_replay, 0,
-    "Emulate replay attack");
+SYSCTL_V_INT(V_NET, vnet_ipsec,_net_inet_ipsec, OID_AUTO, test_replay,
+	CTLFLAG_RW, ipsec_replay, 0, "Emulate replay attack");
 /*
  * When set 1, IPsec will send packets with corrupted HMAC.
  * This allows to verify if the other side properly detects modified packets.
  */
 int ipsec_integrity = 0;
-SYSCTL_INT(_net_inet_ipsec, OID_AUTO, test_integrity, CTLFLAG_RW,
-    &ipsec_integrity, 0, "Emulate man-in-the-middle attack");
+SYSCTL_V_INT(V_NET, vnet_ipsec,_net_inet_ipsec, OID_AUTO, test_integrity,
+	CTLFLAG_RW, ipsec_integrity, 0, "Emulate man-in-the-middle attack");
 #endif
 
 #ifdef INET6 
@@ -189,24 +195,30 @@ SYSCTL_DECL(_net_inet6_ipsec6);
 SYSCTL_OID(_net_inet6_ipsec6, IPSECCTL_STATS, stats, CTLFLAG_RD,
     0, 0, compat_ipsecstats_sysctl, "S", "IPsec IPv6 statistics.");
 #endif /* COMPAT_KAME */
-SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_POLICY,
-    def_policy, CTLFLAG_RW, &ip4_def_policy.policy, 0, "IPsec default policy.");
-SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_ESP_TRANSLEV, esp_trans_deflev,
-    CTLFLAG_RW, &ip6_esp_trans_deflev, 0, "Default ESP transport mode level.");
-SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_ESP_NETLEV, esp_net_deflev,
-    CTLFLAG_RW, &ip6_esp_net_deflev, 0, "Default ESP tunnel mode level.");
-SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_AH_TRANSLEV, ah_trans_deflev,
-    CTLFLAG_RW, &ip6_ah_trans_deflev, 0, "AH transfer mode default level.");
-SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEF_AH_NETLEV, ah_net_deflev,
-    CTLFLAG_RW, &ip6_ah_net_deflev, 0, "AH tunnel mode default level.");
-SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_ECN,
-    ecn, CTLFLAG_RW, &ip6_ipsec_ecn, 0,
-    "Explicit Congestion Notification handling.");
-SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG,
-    debug, CTLFLAG_RW, &ipsec_debug, 0,
-    "Enable IPsec debugging output when set.");
-SYSCTL_STRUCT(_net_inet6_ipsec6, IPSECCTL_STATS,
-    ipsecstats, CTLFLAG_RD, &ipsec6stat, ipsecstat, "IPsec IPv6 statistics.");
+SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_DEF_POLICY,
+	def_policy, CTLFLAG_RW,	ip4_def_policy.policy,	0,
+	"IPsec default policy.");
+SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_DEF_ESP_TRANSLEV, 
+	esp_trans_deflev, CTLFLAG_RW, ip6_esp_trans_deflev,	0,
+	"Default ESP transport mode level.");
+SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_DEF_ESP_NETLEV, 
+	esp_net_deflev, CTLFLAG_RW, ip6_esp_net_deflev,	0,
+	"Default ESP tunnel mode level.");
+SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_DEF_AH_TRANSLEV, 
+	ah_trans_deflev, CTLFLAG_RW, ip6_ah_trans_deflev,	0,
+	"AH transfer mode default level.");
+SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_DEF_AH_NETLEV, 
+	ah_net_deflev, CTLFLAG_RW, ip6_ah_net_deflev,	0,
+	"AH tunnel mode default level.");
+SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_ECN,
+	ecn, CTLFLAG_RW, ip6_ipsec_ecn,	0,
+	"Explicit Congestion Notification handling.");
+SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_DEBUG,
+	debug, CTLFLAG_RW,	ipsec_debug,	0,
+	"Enable IPsec debugging output when set.");
+SYSCTL_V_STRUCT(V_NET, vnet_ipsec, _net_inet6_ipsec6, IPSECCTL_STATS,
+	ipsecstats, CTLFLAG_RD, ipsec6stat, ipsecstat,
+	"IPsec IPv6 statistics.");
 #endif /* INET6 */
 
 static int ipsec4_setspidx_inpcb __P((struct mbuf *, struct inpcb *pcb));
@@ -236,6 +248,7 @@ MALLOC_DEFINE(M_IPSEC_INPCB, "inpcbpolicy", "inpcb-resident ipsec policy");
 static struct secpolicy *
 key_allocsp_default(const char* where, int tag)
 {
+	INIT_VNET_IPSEC(curvnet);
 	struct secpolicy *sp;
 
 	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
@@ -305,6 +318,7 @@ ipsec_getpolicybysock(m, dir, inp, error)
 	struct inpcb *inp;
 	int *error;
 {
+	INIT_VNET_IPSEC(curvnet);
 	struct inpcbpolicy *pcbsp = NULL;
 	struct secpolicy *currsp = NULL;	/* policy on socket */
 	struct secpolicy *sp;
@@ -415,6 +429,7 @@ ipsec_getpolicybyaddr(m, dir, flag, error)
 	int flag;
 	int *error;
 {
+	INIT_VNET_IPSEC(curvnet);
 	struct secpolicyindex spidx;
 	struct secpolicy *sp;
 
@@ -450,6 +465,7 @@ ipsec4_checkpolicy(m, dir, flag, error, inp)
 	int *error;
 	struct inpcb *inp;
 {
+	INIT_VNET_IPSEC(curvnet);
 	struct secpolicy *sp;
 
 	*error = 0;
@@ -521,6 +537,7 @@ ipsec6_setspidx_in6pcb(m, pcb)
 	struct mbuf *m;
 	struct in6pcb *pcb;
 {
+	//INIT_VNET_IPSEC(curvnet);
 	struct secpolicyindex *spidx;
 	int error;
 
@@ -564,6 +581,7 @@ ipsec_setspidx(m, spidx, needport)
 	struct secpolicyindex *spidx;
 	int needport;
 {
+	INIT_VNET_IPSEC(curvnet);
 	struct ip *ip = NULL;
 	struct ip ipbuf;
 	u_int v;
@@ -757,6 +775,7 @@ ipsec6_get_ulp(m, spidx, needport)
 	struct secpolicyindex *spidx;
 	int needport;
 {
+	INIT_VNET_IPSEC(curvnet);
 	int off, nxt;
 	struct tcphdr th;
 	struct udphdr uh;
@@ -873,6 +892,7 @@ ipsec_init_policy(so, pcb_sp)
 	struct socket *so;
 	struct inpcbpolicy **pcb_sp;
 {
+	INIT_VNET_IPSEC(curvnet);
 	struct inpcbpolicy *new;
 
 	/* sanity check. */
@@ -1016,6 +1036,7 @@ ipsec_set_policy(pcb_sp, optname, request, len, cred)
 	size_t len;
 	struct ucred *cred;
 {
+	INIT_VNET_IPSEC(curvnet);
 	struct sadb_x_policy *xpl;
 	struct secpolicy *newsp = NULL;
 	int error;
@@ -1065,6 +1086,7 @@ ipsec_get_policy(pcb_sp, mp)
 	struct secpolicy *pcb_sp;
 	struct mbuf **mp;
 {
+	INIT_VNET_IPSEC(curvnet);
 
 	/* sanity check. */
 	if (pcb_sp == NULL || mp == NULL)
@@ -1091,6 +1113,7 @@ ipsec4_set_policy(inp, optname, request, len, cred)
 	size_t len;
 	struct ucred *cred;
 {
+	INIT_VNET_IPSEC(curvnet);
 	struct sadb_x_policy *xpl;
 	struct secpolicy **pcb_sp;
 
@@ -1125,6 +1148,7 @@ ipsec4_get_policy(inp, request, len, mp)
 	size_t len;
 	struct mbuf **mp;
 {
+	INIT_VNET_IPSEC(curvnet);
 	struct sadb_x_policy *xpl;
 	struct secpolicy *pcb_sp;
 
@@ -1184,6 +1208,7 @@ ipsec6_set_policy(in6p, optname, request, len, cred)
 	size_t len;
 	struct ucred *cred;
 {
+	INIT_VNET_IPSEC(curvnet);
 	struct sadb_x_policy *xpl;
 	struct secpolicy **pcb_sp;
 
@@ -1218,6 +1243,7 @@ ipsec6_get_policy(in6p, request, len, mp)
 	size_t len;
 	struct mbuf **mp;
 {
+	INIT_VNET_IPSEC(curvnet);
 	struct sadb_x_policy *xpl;
 	struct secpolicy *pcb_sp;
 
@@ -1276,6 +1302,7 @@ u_int
 ipsec_get_reqlevel(isr)
 	struct ipsecrequest *isr;
 {
+	INIT_VNET_IPSEC(curvnet);
 	u_int level = 0;
 	u_int esp_trans_deflev, esp_net_deflev;
 	u_int ah_trans_deflev, ah_net_deflev;
@@ -1380,6 +1407,7 @@ ipsec_get_reqlevel(isr)
 int
 ipsec_in_reject(struct secpolicy *sp, struct mbuf *m)
 {
+	INIT_VNET_IPSEC(curvnet);
 	struct ipsecrequest *isr;
 	int need_auth;
 
@@ -1455,6 +1483,7 @@ ipsec4_in_reject(m, inp)
 	struct mbuf *m;
 	struct inpcb *inp;
 {
+	INIT_VNET_IPSEC(curvnet);
 	struct secpolicy *sp;
 	int error;
 	int result;
@@ -1493,6 +1522,7 @@ ipsec6_in_reject(m, inp)
 	struct mbuf *m;
 	struct inpcb *inp;
 {
+	INIT_VNET_IPSEC(curvnet);
 	struct secpolicy *sp = NULL;
 	int error;
 	int result;
@@ -1530,6 +1560,7 @@ ipsec6_in_reject(m, inp)
 static size_t
 ipsec_hdrsiz(struct secpolicy *sp)
 {
+	INIT_VNET_IPSEC(curvnet);
 	struct ipsecrequest *isr;
 	size_t siz;
 
@@ -1592,6 +1623,7 @@ ipsec4_hdrsiz(m, dir, inp)
 	u_int dir;
 	struct inpcb *inp;
 {
+	INIT_VNET_IPSEC(curvnet);
 	struct secpolicy *sp;
 	int error;
 	size_t size;
@@ -1632,6 +1664,7 @@ ipsec6_hdrsiz(m, dir, in6p)
 	u_int dir;
 	struct in6pcb *in6p;
 {
+	INIT_VNET_IPSEC(curvnet);
 	struct secpolicy *sp;
 	int error;
 	size_t size;
@@ -1731,6 +1764,7 @@ ipsec_updatereplay(seq, sav)
 	u_int32_t seq;
 	struct secasvar *sav;
 {
+	INIT_VNET_IPSEC(curvnet);
 	struct secreplay *replay;
 	u_int32_t diff;
 	int fr;
author	zec <zec@FreeBSD.org>	2008-10-02 15:37:58 +0000
committer	zec <zec@FreeBSD.org>	2008-10-02 15:37:58 +0000
commit	8797d4caecd5881e312923ee1d07be3de68755dc (patch)
tree	53fef93d1ff076abec439159e0a765427992dee1 /sys/netipsec/ipsec.c
parent	e682bfadb0a191a81290af2b846d8610ef3aff5c (diff)
download	FreeBSD-src-8797d4caecd5881e312923ee1d07be3de68755dc.zip FreeBSD-src-8797d4caecd5881e312923ee1d07be3de68755dc.tar.gz