Use corresponding macros to update statistics for AH, ESP, IPIP, IPCOMP,

PFKEY.

MFC after:	2 weeks

1 files changed, 25 insertions, 24 deletions

diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c
index 40ab951..8e8814a 100644
--- a/sys/netipsec/xform_ipcomp.c
+++ b/sys/netipsec/xform_ipcomp.c
@@ -152,7 +152,7 @@ ipcomp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
 	 * compression it means someone is playing tricks on us.
 	 */
 	if (m->m_len < skip + hlen && (m = m_pullup(m, skip + hlen)) == NULL) {
-		V_ipcompstat.ipcomps_hdrops++;		/*XXX*/
+		IPCOMPSTAT_INC(ipcomps_hdrops);		/*XXX*/
 		DPRINTF(("%s: m_pullup failed\n", __func__));
 		return (ENOBUFS);
 	}
@@ -160,7 +160,7 @@ ipcomp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
 	ipcomp = (struct ipcomp *)addr;
 	if (ipcomp->comp_nxt == IPPROTO_IPCOMP) {
 		m_freem(m);
-		V_ipcompstat.ipcomps_pdrops++;	/* XXX have our own stats? */
+		IPCOMPSTAT_INC(ipcomps_pdrops);	/* XXX have our own stats? */
 		DPRINTF(("%s: recursive compression detected\n", __func__));
 		return (EINVAL);
 	}
@@ -170,7 +170,7 @@ ipcomp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
 	if (crp == NULL) {
 		m_freem(m);
 		DPRINTF(("%s: no crypto descriptors\n", __func__));
-		V_ipcompstat.ipcomps_crypto++;
+		IPCOMPSTAT_INC(ipcomps_crypto);
 		return ENOBUFS;
 	}
 	/* Get IPsec-specific opaque pointer */
@@ -179,7 +179,7 @@ ipcomp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
 		m_freem(m);
 		crypto_freereq(crp);
 		DPRINTF(("%s: cannot allocate tdb_crypto\n", __func__));
-		V_ipcompstat.ipcomps_crypto++;
+		IPCOMPSTAT_INC(ipcomps_crypto);
 		return ENOBUFS;
 	}
 	crdc = crp->crp_desc;
@@ -256,19 +256,19 @@ ipcomp_input_cb(struct cryptop *crp)
 		if (crp->crp_etype == EAGAIN) {
 			return crypto_dispatch(crp);
 		}
-		V_ipcompstat.ipcomps_noxform++;
+		IPCOMPSTAT_INC(ipcomps_noxform);
 		DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
 		error = crp->crp_etype;
 		goto bad;
 	}
 	/* Shouldn't happen... */
 	if (m == NULL) {
-		V_ipcompstat.ipcomps_crypto++;
+		IPCOMPSTAT_INC(ipcomps_crypto);
 		DPRINTF(("%s: null mbuf returned from crypto\n", __func__));
 		error = EINVAL;
 		goto bad;
 	}
-	V_ipcompstat.ipcomps_hist[sav->alg_comp]++;
+	IPCOMPSTAT_INC(ipcomps_hist[sav->alg_comp]);
 
 	clen = crp->crp_olen;		/* Length of data after processing */
 
@@ -280,7 +280,7 @@ ipcomp_input_cb(struct cryptop *crp)
 	m->m_pkthdr.len = clen + hlen + skip;
 
 	if (m->m_len < skip + hlen && (m = m_pullup(m, skip + hlen)) == 0) {
-		V_ipcompstat.ipcomps_hdrops++;		/*XXX*/
+		IPCOMPSTAT_INC(ipcomps_hdrops);		/*XXX*/
 		DPRINTF(("%s: m_pullup failed\n", __func__));
 		error = EINVAL;				/*XXX*/
 		goto bad;
@@ -293,7 +293,7 @@ ipcomp_input_cb(struct cryptop *crp)
 	/* Remove the IPCOMP header */
 	error = m_striphdr(m, skip, hlen);
 	if (error) {
-		V_ipcompstat.ipcomps_hdrops++;
+		IPCOMPSTAT_INC(ipcomps_hdrops);
 		DPRINTF(("%s: bad mbuf chain, IPCA %s/%08lx\n", __func__,
 			 ipsec_address(&sav->sah->saidx.dst),
 			 (u_long) ntohl(sav->spi)));
@@ -364,12 +364,12 @@ ipcomp_output(
 	 * See RFC 3173, 2.2. Non-Expansion Policy.
 	 */
 	if (m->m_pkthdr.len <= ipcompx->minlen) {
-		V_ipcompstat.ipcomps_threshold++;
+		IPCOMPSTAT_INC(ipcomps_threshold);
 		return ipsec_process_done(m, isr);
 	}
 
 	ralen = m->m_pkthdr.len - skip;	/* Raw payload length before comp. */
-	V_ipcompstat.ipcomps_output++;
+	IPCOMPSTAT_INC(ipcomps_output);
 
 	/* Check for maximum packet size violations. */
 	switch (sav->sah->saidx.dst.sa.sa_family) {
@@ -384,7 +384,7 @@ ipcomp_output(
 		break;
 #endif /* INET6 */
 	default:
-		V_ipcompstat.ipcomps_nopf++;
+		IPCOMPSTAT_INC(ipcomps_nopf);
 		DPRINTF(("%s: unknown/unsupported protocol family %d, "
 		    "IPCA %s/%08lx\n", __func__,
 		    sav->sah->saidx.dst.sa.sa_family,
@@ -394,7 +394,7 @@ ipcomp_output(
 		goto bad;
 	}
 	if (ralen + skip + IPCOMP_HLENGTH > maxpacketsize) {
-		V_ipcompstat.ipcomps_toobig++;
+		IPCOMPSTAT_INC(ipcomps_toobig);
 		DPRINTF(("%s: packet in IPCA %s/%08lx got too big "
 		    "(len %u, max len %u)\n", __func__,
 		    ipsec_address(&sav->sah->saidx.dst),
@@ -405,11 +405,11 @@ ipcomp_output(
 	}
 
 	/* Update the counters */
-	V_ipcompstat.ipcomps_obytes += m->m_pkthdr.len - skip;
+	IPCOMPSTAT_ADD(ipcomps_obytes, m->m_pkthdr.len - skip);
 
 	m = m_unshare(m, M_NOWAIT);
 	if (m == NULL) {
-		V_ipcompstat.ipcomps_hdrops++;
+		IPCOMPSTAT_INC(ipcomps_hdrops);
 		DPRINTF(("%s: cannot clone mbuf chain, IPCA %s/%08lx\n",
 		    __func__, ipsec_address(&sav->sah->saidx.dst),
 		    (u_long) ntohl(sav->spi)));
@@ -422,7 +422,7 @@ ipcomp_output(
 	/* Get crypto descriptors */
 	crp = crypto_getreq(1);
 	if (crp == NULL) {
-		V_ipcompstat.ipcomps_crypto++;
+		IPCOMPSTAT_INC(ipcomps_crypto);
 		DPRINTF(("%s: failed to acquire crypto descriptor\n",__func__));
 		error = ENOBUFS;
 		goto bad;
@@ -442,7 +442,7 @@ ipcomp_output(
 	tc = (struct tdb_crypto *) malloc(sizeof(struct tdb_crypto),
 		M_XDATA, M_NOWAIT|M_ZERO);
 	if (tc == NULL) {
-		V_ipcompstat.ipcomps_crypto++;
+		IPCOMPSTAT_INC(ipcomps_crypto);
 		DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
 		crypto_freereq(crp);
 		error = ENOBUFS;
@@ -495,7 +495,7 @@ ipcomp_output_cb(struct cryptop *crp)
 	sav = tc->tc_sav;
 	/* With the isr lock released SA pointer can be updated. */
 	if (sav != isr->sav) {
-		V_ipcompstat.ipcomps_notdb++;
+		IPCOMPSTAT_INC(ipcomps_notdb);
 		DPRINTF(("%s: SA expired while in crypto\n", __func__));
 		error = ENOBUFS;		/*XXX*/
 		goto bad;
@@ -511,19 +511,19 @@ ipcomp_output_cb(struct cryptop *crp)
 			IPSECREQUEST_UNLOCK(isr);
 			return crypto_dispatch(crp);
 		}
-		V_ipcompstat.ipcomps_noxform++;
+		IPCOMPSTAT_INC(ipcomps_noxform);
 		DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
 		error = crp->crp_etype;
 		goto bad;
 	}
 	/* Shouldn't happen... */
 	if (m == NULL) {
-		V_ipcompstat.ipcomps_crypto++;
+		IPCOMPSTAT_INC(ipcomps_crypto);
 		DPRINTF(("%s: bogus return buffer from crypto\n", __func__));
 		error = EINVAL;
 		goto bad;
 	}
-	V_ipcompstat.ipcomps_hist[sav->alg_comp]++;
+	IPCOMPSTAT_INC(ipcomps_hist[sav->alg_comp]);
 
 	if (crp->crp_ilen - skip > crp->crp_olen) {
 		struct mbuf *mo;
@@ -534,7 +534,7 @@ ipcomp_output_cb(struct cryptop *crp)
 		/* Compression helped, inject IPCOMP header. */
 		mo = m_makespace(m, skip, IPCOMP_HLENGTH, &roff);
 		if (mo == NULL) {
-			V_ipcompstat.ipcomps_wrap++;
+			IPCOMPSTAT_INC(ipcomps_wrap);
 			DPRINTF(("%s: IPCOMP header inject failed for IPCA %s/%08lx\n",
 			    __func__, ipsec_address(&sav->sah->saidx.dst),
 			    (u_long) ntohl(sav->spi)));
@@ -579,7 +579,7 @@ ipcomp_output_cb(struct cryptop *crp)
 			break;
 #endif /* INET6 */
 		default:
-			V_ipcompstat.ipcomps_nopf++;
+			IPCOMPSTAT_INC(ipcomps_nopf);
 			DPRINTF(("%s: unknown/unsupported protocol "
 			    "family %d, IPCA %s/%08lx\n", __func__,
 			    sav->sah->saidx.dst.sa.sa_family,
@@ -590,7 +590,7 @@ ipcomp_output_cb(struct cryptop *crp)
 		}
 	} else {
 		/* Compression was useless, we have lost time. */
-		V_ipcompstat.ipcomps_uncompr++;
+		IPCOMPSTAT_INC(ipcomps_uncompr);
 		DPRINTF(("%s: compressions was useless %d - %d <= %d\n",
 		    __func__, crp->crp_ilen, skip, crp->crp_olen));
 		/* XXX remember state to not compress the next couple
@@ -636,6 +636,7 @@ static void
 vnet_ipcomp_attach(const void *unused __unused)
 {
 
+	/* XXX */
 	V_ipcompstat.version = IPCOMPSTAT_VERSION;
 }