Merge more of currently non-functional (i.e. resolving to

whitespace) macros from p4/vimage branch.

Do a better job at enclosing all instantiations of globals
scheduled for virtualization in #ifdef VIMAGE_GLOBALS blocks.

De-virtualize and mark as const saorder_state_alive and
saorder_state_any arrays from ipsec code, given that they are never
updated at runtime, so virtualizing them would be pointless.

Reviewed by:  bz, julian
Approved by:  julian (mentor)
Obtained from:        //depot/projects/vimage-commit2/...
X-MFC after:  never
Sponsored by: NLnet Foundation, The FreeBSD Foundation

4 files changed, 19 insertions, 27 deletions

diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c
index 262b302..c99ccca 100644
--- a/sys/netipsec/ipsec.c
+++ b/sys/netipsec/ipsec.c
@@ -2009,7 +2009,7 @@ static void
 ipsec_attach(void)
 {
 	SECPOLICY_LOCK_INIT(&V_ip4_def_policy);
-	ip4_def_policy.refcnt = 1;			/* NB: disallow free */
+	V_ip4_def_policy.refcnt = 1;			/* NB: disallow free */
 }
 SYSINIT(ipsec, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, ipsec_attach, NULL);
 
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index db79f59..3e2b4e0 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -189,11 +189,11 @@ static const u_int saorder_state_valid_prefer_old[] = {
 static const u_int saorder_state_valid_prefer_new[] = {
 	SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
 };
-static u_int saorder_state_alive[] = {
+static const u_int saorder_state_alive[] = {
 	/* except DEAD */
 	SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL
 };
-static u_int saorder_state_any[] = {
+static const u_int saorder_state_any[] = {
 	SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
 	SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD
 };
@@ -2699,9 +2699,9 @@ key_delsah(sah)
 
 	/* searching all SA registerd in the secindex. */
 	for (stateidx = 0;
-	     stateidx < _ARRAYLEN(V_saorder_state_any);
+	     stateidx < _ARRAYLEN(saorder_state_any);
 	     stateidx++) {
-		u_int state = V_saorder_state_any[stateidx];
+		u_int state = saorder_state_any[stateidx];
 		LIST_FOREACH_SAFE(sav, &sah->savtree[state], chain, nextsav) {
 			if (sav->refcnt == 0) {
 				/* sanity check */
@@ -2985,10 +2985,10 @@ key_getsavbyspi(sah, spi)
 	SAHTREE_LOCK_ASSERT();
 	/* search all status */
 	for (stateidx = 0;
-	     stateidx < _ARRAYLEN(V_saorder_state_alive);
+	     stateidx < _ARRAYLEN(saorder_state_alive);
 	     stateidx++) {
 
-		state = V_saorder_state_alive[stateidx];
+		state = saorder_state_alive[stateidx];
 		LIST_FOREACH(sav, &sah->savtree[state], chain) {
 
 			/* sanity check */
@@ -4336,6 +4336,7 @@ key_timehandler(void)
 	VNET_ITERATOR_DECL(vnet_iter);
 	time_t now = time_second;
 
+	VNET_LIST_RLOCK();
 	VNET_FOREACH(vnet_iter) {
 		CURVNET_SET(vnet_iter);
 		key_flush_spd(now);
@@ -4344,6 +4345,7 @@ key_timehandler(void)
 		key_flush_spacq(now);
 		CURVNET_RESTORE();
 	}
+	VNET_LIST_RUNLOCK();
 
 #ifndef IPSEC_DEBUG2
 	/* do exchange to tick time !! */
@@ -5313,9 +5315,9 @@ key_delete_all(so, m, mhp, proto)
 
 		/* Delete all non-LARVAL SAs. */
 		for (stateidx = 0;
-		     stateidx < _ARRAYLEN(V_saorder_state_alive);
+		     stateidx < _ARRAYLEN(saorder_state_alive);
 		     stateidx++) {
-			state = V_saorder_state_alive[stateidx];
+			state = saorder_state_alive[stateidx];
 			if (state == SADB_SASTATE_LARVAL)
 				continue;
 			for (sav = LIST_FIRST(&sah->savtree[state]);
@@ -6518,9 +6520,9 @@ key_flush(so, m, mhp)
 			continue;
 
 		for (stateidx = 0;
-		     stateidx < _ARRAYLEN(V_saorder_state_alive);
+		     stateidx < _ARRAYLEN(saorder_state_alive);
 		     stateidx++) {
-			state = V_saorder_state_any[stateidx];
+			state = saorder_state_any[stateidx];
 			for (sav = LIST_FIRST(&sah->savtree[state]);
 			     sav != NULL;
 			     sav = nextsav) {
@@ -6603,9 +6605,9 @@ key_dump(so, m, mhp)
 			continue;
 
 		for (stateidx = 0;
-		     stateidx < _ARRAYLEN(V_saorder_state_any);
+		     stateidx < _ARRAYLEN(saorder_state_any);
 		     stateidx++) {
-			state = V_saorder_state_any[stateidx];
+			state = saorder_state_any[stateidx];
 			LIST_FOREACH(sav, &sah->savtree[state], chain) {
 				cnt++;
 			}
@@ -6633,9 +6635,9 @@ key_dump(so, m, mhp)
 		}
 
 		for (stateidx = 0;
-		     stateidx < _ARRAYLEN(V_saorder_state_any);
+		     stateidx < _ARRAYLEN(saorder_state_any);
 		     stateidx++) {
-			state = V_saorder_state_any[stateidx];
+			state = saorder_state_any[stateidx];
 			LIST_FOREACH(sav, &sah->savtree[state], chain) {
 				n = key_setdumpsa(sav, SADB_DUMP, satype,
 				    --cnt, mhp->msg->sadb_msg_pid);
diff --git a/sys/netipsec/keysock.c b/sys/netipsec/keysock.c
index 6d5c4bc..ace6993 100644
--- a/sys/netipsec/keysock.c
+++ b/sys/netipsec/keysock.c
@@ -76,7 +76,7 @@ static struct key_cb key_cb;
 struct pfkeystat pfkeystat;
 #endif
 
-static struct sockaddr key_src = { 2, PF_KEY, };
+static struct sockaddr key_src = { 2, PF_KEY };
 
 static int key_sendup0 __P((struct rawcb *, struct mbuf *, int));
 
@@ -166,7 +166,7 @@ key_sendup0(rp, m, promisc)
 		V_pfkeystat.in_msgtype[pmsg->sadb_msg_type]++;
 	}
 
-	if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&V_key_src,
+	if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src,
 	    m, NULL)) {
 		V_pfkeystat.in_nomem++;
 		m_freem(m);
diff --git a/sys/netipsec/vipsec.h b/sys/netipsec/vipsec.h
index 5a007ce..2f5acf7 100644
--- a/sys/netipsec/vipsec.h
+++ b/sys/netipsec/vipsec.h
@@ -81,8 +81,6 @@ struct vnet_ipsec {
 	int			_key_preferred_oldsa;
 	u_int32_t		_acq_seq;
 
-	u_int			_saorder_state_alive[3];
-	u_int			_saorder_state_any[4];
 	int			_esp_enable;
 	struct espstat		_espstat;
 	int			_esp_max_ivlen;
@@ -98,7 +96,6 @@ struct vnet_ipsec {
 	int			_ip6_ah_trans_deflev;
 	int			_ip6_ah_net_deflev;
 	int			_ip6_ipsec_ecn;
-	int			_ip6_esp_randpad;
 
 	int			_ah_enable;
 	int			_ah_cleartos;
@@ -109,9 +106,6 @@ struct vnet_ipsec {
 
 	struct pfkeystat	_pfkeystat;
 	struct key_cb		_key_cb;
-	struct sockaddr		_key_dst;
-	struct sockaddr		_key_src;
-
 	LIST_HEAD(, secpolicy)	_sptree[IPSEC_DIR_MAX];
 	LIST_HEAD(, secashead)	_sahtree;
 	LIST_HEAD(, secreg)	_regtree[SADB_SATYPE_MAX + 1];
@@ -168,20 +162,16 @@ struct vnet_ipsec {
 #define	V_key_blockacq_lifetime		VNET_IPSEC(key_blockacq_lifetime)
 #define	V_key_cb			VNET_IPSEC(key_cb)
 #define	V_key_debug_level		VNET_IPSEC(key_debug_level)
-#define	V_key_dst			VNET_IPSEC(key_dst)
 #define	V_key_int_random		VNET_IPSEC(key_int_random)
 #define	V_key_larval_lifetime		VNET_IPSEC(key_larval_lifetime)
 #define	V_key_preferred_oldsa		VNET_IPSEC(key_preferred_oldsa)
 #define	V_key_spi_maxval		VNET_IPSEC(key_spi_maxval)	
 #define	V_key_spi_minval		VNET_IPSEC(key_spi_minval)
 #define	V_key_spi_trycnt		VNET_IPSEC(key_spi_trycnt)
-#define	V_key_src			VNET_IPSEC(key_src)
 #define	V_pfkeystat			VNET_IPSEC(pfkeystat)
 #define	V_policy_id			VNET_IPSEC(policy_id)
 #define	V_regtree			VNET_IPSEC(regtree)
 #define	V_sahtree			VNET_IPSEC(sahtree)
-#define	V_saorder_state_alive		VNET_IPSEC(saorder_state_alive)
-#define	V_saorder_state_any		VNET_IPSEC(saorder_state_any)
 #define	V_spacqtree			VNET_IPSEC(spacqtree)
 #define	V_sptree			VNET_IPSEC(sptree)