diff options
| author | zec <zec@FreeBSD.org> | 2008-11-19 09:39:34 +0000 |
|---|---|---|
| committer | zec <zec@FreeBSD.org> | 2008-11-19 09:39:34 +0000 |
| commit | 815d52c5df6a76286604478e5223d2f2c87b2c04 (patch) | |
| tree | 3d398563f1e14b804a0558dd3dda1de9a42b9970 /sys/netipsec/key.c | |
| parent | 881f5acc93790d49318ffde65d52c6f45ca9c1f8 (diff) | |
| download | FreeBSD-src-815d52c5df6a76286604478e5223d2f2c87b2c04.zip FreeBSD-src-815d52c5df6a76286604478e5223d2f2c87b2c04.tar.gz | |
Change the initialization methodology for global variables scheduled
for virtualization.
Instead of initializing the affected global variables at instatiation,
assign initial values to them in initializer functions. As a rule,
initialization at instatiation for such variables should never be
introduced again from now on. Furthermore, enclose all instantiations
of such global variables in #ifdef VIMAGE_GLOBALS blocks.
Essentialy, this change should have zero functional impact. In the next
phase of merging network stack virtualization infrastructure from
p4/vimage branch, the new initialization methology will allow us to
switch between using global variables and their counterparts residing in
virtualization containers with minimum code churn, and in the long run
allow us to intialize multiple instances of such container structures.
Discussed at: devsummit Strassburg
Reviewed by: bz, julian
Approved by: julian (mentor)
Obtained from: //depot/projects/vimage-commit2/...
X-MFC after: never
Sponsored by: NLnet Foundation, The FreeBSD Foundation
Diffstat (limited to 'sys/netipsec/key.c')
| -rw-r--r-- | sys/netipsec/key.c | 60 |
1 files changed, 40 insertions, 20 deletions
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index c3cba60..db79f59 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -113,20 +113,31 @@ * field hits 0 (= no external reference other than from SA header. */ -u_int32_t key_debug_level = 0; -static u_int key_spi_trycnt = 1000; -static u_int32_t key_spi_minval = 0x100; -static u_int32_t key_spi_maxval = 0x0fffffff; /* XXX */ -static u_int32_t policy_id = 0; -static u_int key_int_random = 60; /*interval to initialize randseed,1(m)*/ -static u_int key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/ -static int key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/ -static int key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/ -static int key_preferred_oldsa = 1; /* preferred old sa rather than new sa.*/ - -static u_int32_t acq_seq = 0; +#ifdef VIMAGE_GLOBALS +u_int32_t key_debug_level; +static u_int key_spi_trycnt; +static u_int32_t key_spi_minval; +static u_int32_t key_spi_maxval; +static u_int32_t policy_id; +static u_int key_int_random; +static u_int key_larval_lifetime; +static int key_blockacq_count; +static int key_blockacq_lifetime; +static int key_preferred_oldsa; + +static u_int32_t acq_seq; + +static int ipsec_esp_keymin; +static int ipsec_esp_auth; +static int ipsec_ah_keymin; static LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX]; /* SPD */ +static LIST_HEAD(_sahtree, secashead) sahtree; /* SAD */ +static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1]; +static LIST_HEAD(_acqtree, secacq) acqtree; /* acquiring list */ +static LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */ +#endif /* VIMAGE_GLOBALS */ + static struct mtx sptree_lock; #define SPTREE_LOCK_INIT() \ mtx_init(&sptree_lock, "sptree", \ @@ -136,7 +147,6 @@ static struct mtx sptree_lock; #define SPTREE_UNLOCK() mtx_unlock(&sptree_lock) #define SPTREE_LOCK_ASSERT() mtx_assert(&sptree_lock, MA_OWNED) -static LIST_HEAD(_sahtree, secashead) sahtree; /* SAD */ static struct mtx sahtree_lock; #define SAHTREE_LOCK_INIT() \ mtx_init(&sahtree_lock, "sahtree", \ @@ -147,7 +157,6 @@ static struct mtx sahtree_lock; #define SAHTREE_LOCK_ASSERT() mtx_assert(&sahtree_lock, MA_OWNED) /* registed list */ -static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1]; static struct mtx regtree_lock; #define REGTREE_LOCK_INIT() \ mtx_init(®tree_lock, "regtree", "fast ipsec regtree", MTX_DEF) @@ -156,7 +165,6 @@ static struct mtx regtree_lock; #define REGTREE_UNLOCK() mtx_unlock(®tree_lock) #define REGTREE_LOCK_ASSERT() mtx_assert(®tree_lock, MA_OWNED) -static LIST_HEAD(_acqtree, secacq) acqtree; /* acquiring list */ static struct mtx acq_lock; #define ACQ_LOCK_INIT() \ mtx_init(&acq_lock, "acqtree", "fast ipsec acquire list", MTX_DEF) @@ -165,7 +173,6 @@ static struct mtx acq_lock; #define ACQ_UNLOCK() mtx_unlock(&acq_lock) #define ACQ_LOCK_ASSERT() mtx_assert(&acq_lock, MA_OWNED) -static LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */ static struct mtx spacq_lock; #define SPACQ_LOCK_INIT() \ mtx_init(&spacq_lock, "spacqtree", \ @@ -236,10 +243,6 @@ static const int maxsize[] = { sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ }; -static int ipsec_esp_keymin = 256; -static int ipsec_esp_auth = 0; -static int ipsec_ah_keymin = 128; - #ifdef SYSCTL_DECL SYSCTL_DECL(_net_key); #endif @@ -7184,6 +7187,23 @@ key_init(void) INIT_VNET_IPSEC(curvnet); int i; + V_key_debug_level = 0; + V_key_spi_trycnt = 1000; + V_key_spi_minval = 0x100; + V_key_spi_maxval = 0x0fffffff; /* XXX */ + V_policy_id = 0; + V_key_int_random = 60; /*interval to initialize randseed,1(m)*/ + V_key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/ + V_key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/ + V_key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/ + V_key_preferred_oldsa = 1; /* preferred old sa rather than new sa*/ + + V_acq_seq = 0; + + V_ipsec_esp_keymin = 256; + V_ipsec_esp_auth = 0; + V_ipsec_ah_keymin = 128; + SPTREE_LOCK_INIT(); REGTREE_LOCK_INIT(); SAHTREE_LOCK_INIT(); |
