diff options
author | bz <bz@FreeBSD.org> | 2008-08-17 23:27:27 +0000 |
---|---|---|
committer | bz <bz@FreeBSD.org> | 2008-08-17 23:27:27 +0000 |
commit | 1021d43b569bfc8d2c5544bde2f540fa432b011f (patch) | |
tree | 1496da534aec03cf2f9d2d0735d80e4c1e3b5715 /sys/netipsec/ipsec_output.c | |
parent | 7fc341305a3e341fca7f202fc1219358f8d9dbbd (diff) | |
download | FreeBSD-src-1021d43b569bfc8d2c5544bde2f540fa432b011f.zip FreeBSD-src-1021d43b569bfc8d2c5544bde2f540fa432b011f.tar.gz |
Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course
of the next few weeks.
Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
Diffstat (limited to 'sys/netipsec/ipsec_output.c')
-rw-r--r-- | sys/netipsec/ipsec_output.c | 35 |
1 files changed, 18 insertions, 17 deletions
diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c index 72840c2..88ff2f6 100644 --- a/sys/netipsec/ipsec_output.c +++ b/sys/netipsec/ipsec_output.c @@ -42,6 +42,7 @@ #include <sys/socket.h> #include <sys/errno.h> #include <sys/syslog.h> +#include <sys/vimage.h> #include <net/if.h> #include <net/pfil.h> @@ -159,7 +160,7 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr) * doing further processing. */ if (isr->next) { - ipsec4stat.ips_out_bundlesa++; + V_ipsec4stat.ips_out_bundlesa++; return ipsec4_process_packet(m, isr->next, 0, 0); } key_sa_recordxfer(sav, m); /* record data transfer */ @@ -284,7 +285,7 @@ again: * this packet because it is responsibility for * upper layer to retransmit the packet. */ - ipsec4stat.ips_out_nosa++; + V_ipsec4stat.ips_out_nosa++; goto bad; } sav = isr->sav; @@ -308,13 +309,13 @@ again: /* * Check system global policy controls. */ - if ((isr->saidx.proto == IPPROTO_ESP && !esp_enable) || - (isr->saidx.proto == IPPROTO_AH && !ah_enable) || - (isr->saidx.proto == IPPROTO_IPCOMP && !ipcomp_enable)) { + if ((isr->saidx.proto == IPPROTO_ESP && !V_esp_enable) || + (isr->saidx.proto == IPPROTO_AH && !V_ah_enable) || + (isr->saidx.proto == IPPROTO_IPCOMP && !V_ipcomp_enable)) { DPRINTF(("%s: IPsec outbound packet dropped due" " to policy (check your sysctls)\n", __func__)); - IPSEC_OSTAT(espstat.esps_pdrops, ahstat.ahs_pdrops, - ipcompstat.ipcomps_pdrops); + IPSEC_OSTAT(V_espstat.esps_pdrops, V_ahstat.ahs_pdrops, + V_ipcompstat.ipcomps_pdrops); *error = EHOSTUNREACH; goto bad; } @@ -325,8 +326,8 @@ again: */ if (sav->tdb_xform == NULL) { DPRINTF(("%s: no transform for SA\n", __func__)); - IPSEC_OSTAT(espstat.esps_noxform, ahstat.ahs_noxform, - ipcompstat.ipcomps_noxform); + IPSEC_OSTAT(V_espstat.esps_noxform, V_ahstat.ahs_noxform, + V_ipcompstat.ipcomps_noxform); *error = EHOSTUNREACH; goto bad; } @@ -394,10 +395,10 @@ ipsec4_process_packet( } ip = mtod(m, struct ip *); /* Honor system-wide control of how to handle IP_DF */ - switch (ip4_ipsec_dfbit) { + switch (V_ip4_ipsec_dfbit) { case 0: /* clear in outer header */ case 1: /* set in outer header */ - setdf = ip4_ipsec_dfbit; + setdf = V_ip4_ipsec_dfbit; break; default: /* propagate to outer header */ setdf = ntohs(ip->ip_off & IP_DF); @@ -676,7 +677,7 @@ ipsec6_encapsulate(struct mbuf *m, struct secasvar *sav) /* construct new IPv6 header. see RFC 2401 5.1.2.2 */ /* ECN consideration. */ - ip6_ecn_ingress(ip6_ipsec_ecn, &ip6->ip6_flow, &oip6->ip6_flow); + ip6_ecn_ingress(V_ip6_ipsec_ecn, &ip6->ip6_flow, &oip6->ip6_flow); if (plen < IPV6_MAXPACKET - sizeof(struct ip6_hdr)) ip6->ip6_plen = htons(plen); else { @@ -755,14 +756,14 @@ ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, int ipseclog((LOG_ERR, "%s: family mismatched between " "inner and outer, spi=%u\n", __func__, ntohl(isr->sav->spi))); - ipsec6stat.ips_out_inval++; + V_ipsec6stat.ips_out_inval++; error = EAFNOSUPPORT; goto bad; } m = ipsec6_splithdr(m); if (!m) { - ipsec6stat.ips_out_nomem++; + V_ipsec6stat.ips_out_nomem++; error = ENOMEM; goto bad; } @@ -790,8 +791,8 @@ ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, int rtalloc(state->ro); } if (state->ro->ro_rt == 0) { - ip6stat.ip6s_noroute++; - ipsec6stat.ips_out_noroute++; + V_ip6stat.ip6s_noroute++; + V_ipsec6stat.ips_out_noroute++; error = EHOSTUNREACH; goto bad; } @@ -805,7 +806,7 @@ ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, int m = ipsec6_splithdr(m); if (!m) { - ipsec6stat.ips_out_nomem++; + V_ipsec6stat.ips_out_nomem++; error = ENOMEM; goto bad; } |