MFC r207369:

  MFP4: @176978-176982, 176984, 176990-176994, 177441

  "Whitspace" churn after the VIMAGE/VNET whirls.

  Remove the need for some "init" functions within the network
  stack, like pim6_init(), icmp_init() or significantly shorten
  others like ip6_init() and nd6_init(), using static initialization
  again where possible and formerly missed.

  Move (most) variables back to the place they used to be before the
  container structs and VIMAGE_GLOABLS (before r185088) and try to
  reduce the diff to stable/7 and earlier as good as possible,
  to help out-of-tree consumers to update from 6.x or 7.x to 8 or 9.

  This also removes some header file pollution for putatively
  static global variables.

  Revert VIMAGE specific changes in ipfilter::ip_auth.c, that are
  no longer needed.

  Reviewed by:	jhb
  Discussed with:	rwatson
  Sponsored by:	The FreeBSD Foundation
  Sponsored by:	CK Software GmbH

9 files changed, 50 insertions, 44 deletions

diff --git a/sys/netipsec/ah_var.h b/sys/netipsec/ah_var.h
index b031a98..6145dba 100644
--- a/sys/netipsec/ah_var.h
+++ b/sys/netipsec/ah_var.h
@@ -72,10 +72,11 @@ struct ahstat {
 
 #ifdef _KERNEL
 VNET_DECLARE(int, ah_enable);
-#define	V_ah_enable		VNET(ah_enable)
 VNET_DECLARE(int, ah_cleartos);
-#define	V_ah_cleartos		VNET(ah_cleartos)
 VNET_DECLARE(struct ahstat, ahstat);
+
+#define	V_ah_enable		VNET(ah_enable)
+#define	V_ah_cleartos		VNET(ah_cleartos)
 #define	V_ahstat		VNET(ahstat)
 #endif /* _KERNEL */
 #endif /*_NETIPSEC_AH_VAR_H_*/
diff --git a/sys/netipsec/esp_var.h b/sys/netipsec/esp_var.h
index dc1aad4..477dcbf 100644
--- a/sys/netipsec/esp_var.h
+++ b/sys/netipsec/esp_var.h
@@ -73,8 +73,9 @@ struct espstat {
 
 #ifdef _KERNEL
 VNET_DECLARE(int, esp_enable);
-#define	V_esp_enable	VNET(esp_enable)
 VNET_DECLARE(struct espstat, espstat);
+
+#define	V_esp_enable	VNET(esp_enable)
 #define	V_espstat	VNET(espstat)
 #endif /* _KERNEL */
 #endif /*_NETIPSEC_ESP_VAR_H_*/
diff --git a/sys/netipsec/ipcomp_var.h b/sys/netipsec/ipcomp_var.h
index 78f1848..c99a3be 100644
--- a/sys/netipsec/ipcomp_var.h
+++ b/sys/netipsec/ipcomp_var.h
@@ -66,8 +66,9 @@ struct ipcompstat {
 
 #ifdef _KERNEL
 VNET_DECLARE(int, ipcomp_enable);
-#define	V_ipcomp_enable		VNET(ipcomp_enable)
 VNET_DECLARE(struct ipcompstat, ipcompstat);
+
+#define	V_ipcomp_enable		VNET(ipcomp_enable)
 #define	V_ipcompstat		VNET(ipcompstat)
 #endif /* _KERNEL */
 #endif /*_NETIPSEC_IPCOMP_VAR_H_*/
diff --git a/sys/netipsec/ipip_var.h b/sys/netipsec/ipip_var.h
index a6e33e8..3c8c397 100644
--- a/sys/netipsec/ipip_var.h
+++ b/sys/netipsec/ipip_var.h
@@ -60,8 +60,9 @@ struct ipipstat
 
 #ifdef _KERNEL
 VNET_DECLARE(int, ipip_allow);
-#define	V_ipip_allow		VNET(ipip_allow)
 VNET_DECLARE(struct ipipstat, ipipstat);
+
+#define	V_ipip_allow		VNET(ipip_allow)
 #define	V_ipipstat		VNET(ipipstat)
 #endif /* _KERNEL */
 #endif /* _NETINET_IPIP_H_ */
diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c
index 4b552c8..cd29848 100644
--- a/sys/netipsec/ipsec.c
+++ b/sys/netipsec/ipsec.c
@@ -102,6 +102,7 @@ VNET_DEFINE(int, ipsec_debug) = 1;
 #else
 VNET_DEFINE(int, ipsec_debug) = 0;
 #endif
+
 /* NB: name changed so netstat doesn't use it. */
 VNET_DEFINE(struct ipsecstat, ipsec4stat);
 VNET_DEFINE(int, ip4_ah_offsetmask) = 0;	/* maybe IP_DF? */
diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h
index 97756e5..a17b867 100644
--- a/sys/netipsec/ipsec.h
+++ b/sys/netipsec/ipsec.h
@@ -334,39 +334,39 @@ struct ipsec_history {
 
 VNET_DECLARE(int, ipsec_debug);
 #define	V_ipsec_debug		VNET(ipsec_debug)
+
+#ifdef REGRESSION
+VNET_DECLARE(int, ipsec_replay);
+VNET_DECLARE(int, ipsec_integrity);
+
+#define	V_ipsec_replay		VNET(ipsec_replay)
+#define	V_ipsec_integrity	VNET(ipsec_integrity)
+#endif
+
 VNET_DECLARE(struct ipsecstat, ipsec4stat);
-#define	V_ipsec4stat		VNET(ipsec4stat)
+VNET_DECLARE(struct secpolicy, ip4_def_policy);
+VNET_DECLARE(int, ip4_esp_trans_deflev);
+VNET_DECLARE(int, ip4_esp_net_deflev);
+VNET_DECLARE(int, ip4_ah_trans_deflev);
+VNET_DECLARE(int, ip4_ah_net_deflev);
 VNET_DECLARE(int, ip4_ah_offsetmask);
-#define	V_ip4_ah_offsetmask	VNET(ip4_ah_offsetmask)
 VNET_DECLARE(int, ip4_ipsec_dfbit);
-#define	V_ip4_ipsec_dfbit	VNET(ip4_ipsec_dfbit)
-VNET_DECLARE(int, ip4_esp_trans_deflev);
+VNET_DECLARE(int, ip4_ipsec_ecn);
+VNET_DECLARE(int, ip4_esp_randpad);
+VNET_DECLARE(int, crypto_support);
+
+#define	V_ipsec4stat		VNET(ipsec4stat)
+#define	V_ip4_def_policy	VNET(ip4_def_policy)
 #define	V_ip4_esp_trans_deflev	VNET(ip4_esp_trans_deflev)
-VNET_DECLARE(int, ip4_esp_net_deflev);
 #define	V_ip4_esp_net_deflev	VNET(ip4_esp_net_deflev)
-VNET_DECLARE(int, ip4_ah_trans_deflev);
 #define	V_ip4_ah_trans_deflev	VNET(ip4_ah_trans_deflev)
-VNET_DECLARE(int, ip4_ah_net_deflev);
 #define	V_ip4_ah_net_deflev	VNET(ip4_ah_net_deflev)
-VNET_DECLARE(struct secpolicy, ip4_def_policy);
-#define	V_ip4_def_policy	VNET(ip4_def_policy)
-VNET_DECLARE(int, ip4_ipsec_ecn);
+#define	V_ip4_ah_offsetmask	VNET(ip4_ah_offsetmask)
+#define	V_ip4_ipsec_dfbit	VNET(ip4_ipsec_dfbit)
 #define	V_ip4_ipsec_ecn		VNET(ip4_ipsec_ecn)
-VNET_DECLARE(int, ip4_esp_randpad);
 #define	V_ip4_esp_randpad	VNET(ip4_esp_randpad)
-
-VNET_DECLARE(int, crypto_support);
 #define	V_crypto_support	VNET(crypto_support)
 
-extern int ip4_ah_cleartos;
-
-#ifdef REGRESSION
-VNET_DECLARE(int, ipsec_replay);
-#define	V_ipsec_replay		VNET(ipsec_replay)
-VNET_DECLARE(int, ipsec_integrity);
-#define	V_ipsec_integrity	VNET(ipsec_integrity)
-#endif
-
 #define ipseclog(x)	do { if (V_ipsec_debug) log x; } while (0)
 /* for openbsd compatibility */
 #define	DPRINTF(x)	do { if (V_ipsec_debug) printf x; } while (0)
diff --git a/sys/netipsec/ipsec6.h b/sys/netipsec/ipsec6.h
index 030113f..c004220 100644
--- a/sys/netipsec/ipsec6.h
+++ b/sys/netipsec/ipsec6.h
@@ -42,16 +42,17 @@
 
 #ifdef _KERNEL
 VNET_DECLARE(struct ipsecstat, ipsec6stat);
-#define	V_ipsec6stat		VNET(ipsec6stat)
 VNET_DECLARE(int, ip6_esp_trans_deflev);
-#define	V_ip6_esp_trans_deflev	VNET(ip6_esp_trans_deflev)
 VNET_DECLARE(int, ip6_esp_net_deflev);
-#define	V_ip6_esp_net_deflev	VNET(ip6_esp_net_deflev)
 VNET_DECLARE(int, ip6_ah_trans_deflev);
-#define	V_ip6_ah_trans_deflev	VNET(ip6_ah_trans_deflev)
 VNET_DECLARE(int, ip6_ah_net_deflev);
-#define	V_ip6_ah_net_deflev	VNET(ip6_ah_net_deflev)
 VNET_DECLARE(int, ip6_ipsec_ecn);
+
+#define	V_ipsec6stat		VNET(ipsec6stat)
+#define	V_ip6_esp_trans_deflev	VNET(ip6_esp_trans_deflev)
+#define	V_ip6_esp_net_deflev	VNET(ip6_esp_net_deflev)
+#define	V_ip6_ah_trans_deflev	VNET(ip6_ah_trans_deflev)
+#define	V_ip6_ah_net_deflev	VNET(ip6_ah_net_deflev)
 #define	V_ip6_ipsec_ecn		VNET(ip6_ipsec_ecn)
 
 struct inpcb;
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index 5d08c9c..3a0a2ab 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -114,27 +114,27 @@
 
 VNET_DEFINE(u_int32_t, key_debug_level) = 0;
 static VNET_DEFINE(u_int, key_spi_trycnt) = 1000;
-#define	V_key_spi_trycnt	VNET(key_spi_trycnt)
 static VNET_DEFINE(u_int32_t, key_spi_minval) = 0x100;
-#define	V_key_spi_minval	VNET(key_spi_minval)
 static VNET_DEFINE(u_int32_t, key_spi_maxval) = 0x0fffffff;	/* XXX */
-#define	V_key_spi_maxval	VNET(key_spi_maxval)
 static VNET_DEFINE(u_int32_t, policy_id) = 0;
-#define	V_policy_id		VNET(policy_id)
 /*interval to initialize randseed,1(m)*/
 static VNET_DEFINE(u_int, key_int_random) = 60;
-#define	V_key_int_random	VNET(key_int_random)
 /* interval to expire acquiring, 30(s)*/
 static VNET_DEFINE(u_int, key_larval_lifetime) = 30;
-#define	V_key_larval_lifetime	VNET(key_larval_lifetime)
 /* counter for blocking SADB_ACQUIRE.*/
 static VNET_DEFINE(int, key_blockacq_count) = 10;
-#define	V_key_blockacq_count	VNET(key_blockacq_count)
 /* lifetime for blocking SADB_ACQUIRE.*/
 static VNET_DEFINE(int, key_blockacq_lifetime) = 20;
-#define	V_key_blockacq_lifetime	VNET(key_blockacq_lifetime)
 /* preferred old sa rather than new sa.*/
 static VNET_DEFINE(int, key_preferred_oldsa) = 1;
+#define	V_key_spi_trycnt	VNET(key_spi_trycnt)
+#define	V_key_spi_minval	VNET(key_spi_minval)
+#define	V_key_spi_maxval	VNET(key_spi_maxval)
+#define	V_policy_id		VNET(policy_id)
+#define	V_key_int_random	VNET(key_int_random)
+#define	V_key_larval_lifetime	VNET(key_larval_lifetime)
+#define	V_key_blockacq_count	VNET(key_blockacq_count)
+#define	V_key_blockacq_lifetime	VNET(key_blockacq_lifetime)
 #define	V_key_preferred_oldsa	VNET(key_preferred_oldsa)
 
 static VNET_DEFINE(u_int32_t, acq_seq) = 0;
@@ -270,10 +270,11 @@ static const int maxsize[] = {
 };
 
 static VNET_DEFINE(int, ipsec_esp_keymin) = 256;
-#define	V_ipsec_esp_keymin	VNET(ipsec_esp_keymin)
 static VNET_DEFINE(int, ipsec_esp_auth) = 0;
-#define	V_ipsec_esp_auth	VNET(ipsec_esp_auth)
 static VNET_DEFINE(int, ipsec_ah_keymin) = 128;
+
+#define	V_ipsec_esp_keymin	VNET(ipsec_esp_keymin)
+#define	V_ipsec_esp_auth	VNET(ipsec_esp_auth)
 #define	V_ipsec_ah_keymin	VNET(ipsec_ah_keymin)
 
 #ifdef SYSCTL_DECL
diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c
index 135be9d..a84f525 100644
--- a/sys/netipsec/xform_esp.c
+++ b/sys/netipsec/xform_esp.c
@@ -85,8 +85,7 @@ SYSCTL_VNET_INT(_net_inet_esp, OID_AUTO,
 SYSCTL_VNET_STRUCT(_net_inet_esp, IPSECCTL_STATS,
 	stats,		CTLFLAG_RD,	&VNET_NAME(espstat),	espstat, "");
 
-/* max iv length over all algorithms */
-static VNET_DEFINE(int, esp_max_ivlen) = 0;
+static VNET_DEFINE(int, esp_max_ivlen);	/* max iv length over all algorithms */
 #define	V_esp_max_ivlen	VNET(esp_max_ivlen)
 
 static int esp_input_cb(struct cryptop *op);