diff options
Diffstat (limited to 'sys/netipsec/xform_ipcomp.c')
| -rw-r--r-- | sys/netipsec/xform_ipcomp.c | 45 |
1 files changed, 23 insertions, 22 deletions
diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c index 97f4827..2882af8 100644 --- a/sys/netipsec/xform_ipcomp.c +++ b/sys/netipsec/xform_ipcomp.c @@ -41,6 +41,7 @@ #include <sys/kernel.h> #include <sys/protosw.h> #include <sys/sysctl.h> +#include <sys/vimage.h> #include <netinet/in.h> #include <netinet/in_systm.h> @@ -114,7 +115,7 @@ ipcomp_init(struct secasvar *sav, struct xformsw *xsp) bzero(&cric, sizeof (cric)); cric.cri_alg = sav->tdb_compalgxform->type; - return crypto_newsession(&sav->tdb_cryptoid, &cric, crypto_support); + return crypto_newsession(&sav->tdb_cryptoid, &cric, V_crypto_support); } /* @@ -146,7 +147,7 @@ ipcomp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) if (crp == NULL) { m_freem(m); DPRINTF(("%s: no crypto descriptors\n", __func__)); - ipcompstat.ipcomps_crypto++; + V_ipcompstat.ipcomps_crypto++; return ENOBUFS; } /* Get IPsec-specific opaque pointer */ @@ -155,7 +156,7 @@ ipcomp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) m_freem(m); crypto_freereq(crp); DPRINTF(("%s: cannot allocate tdb_crypto\n", __func__)); - ipcompstat.ipcomps_crypto++; + V_ipcompstat.ipcomps_crypto++; return ENOBUFS; } crdc = crp->crp_desc; @@ -228,7 +229,7 @@ ipcomp_input_cb(struct cryptop *crp) sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi); if (sav == NULL) { - ipcompstat.ipcomps_notdb++; + V_ipcompstat.ipcomps_notdb++; DPRINTF(("%s: SA expired while in crypto\n", __func__)); error = ENOBUFS; /*XXX*/ goto bad; @@ -251,19 +252,19 @@ ipcomp_input_cb(struct cryptop *crp) return error; } - ipcompstat.ipcomps_noxform++; + V_ipcompstat.ipcomps_noxform++; DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); error = crp->crp_etype; goto bad; } /* Shouldn't happen... */ if (m == NULL) { - ipcompstat.ipcomps_crypto++; + V_ipcompstat.ipcomps_crypto++; DPRINTF(("%s: null mbuf returned from crypto\n", __func__)); error = EINVAL; goto bad; } - ipcompstat.ipcomps_hist[sav->alg_comp]++; + V_ipcompstat.ipcomps_hist[sav->alg_comp]++; clen = crp->crp_olen; /* Length of data after processing */ @@ -275,7 +276,7 @@ ipcomp_input_cb(struct cryptop *crp) m->m_pkthdr.len = clen + hlen + skip; if (m->m_len < skip + hlen && (m = m_pullup(m, skip + hlen)) == 0) { - ipcompstat.ipcomps_hdrops++; /*XXX*/ + V_ipcompstat.ipcomps_hdrops++; /*XXX*/ DPRINTF(("%s: m_pullup failed\n", __func__)); error = EINVAL; /*XXX*/ goto bad; @@ -288,7 +289,7 @@ ipcomp_input_cb(struct cryptop *crp) /* Remove the IPCOMP header */ error = m_striphdr(m, skip, hlen); if (error) { - ipcompstat.ipcomps_hdrops++; + V_ipcompstat.ipcomps_hdrops++; DPRINTF(("%s: bad mbuf chain, IPCA %s/%08lx\n", __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); @@ -344,7 +345,7 @@ ipcomp_output( ralen = m->m_pkthdr.len - skip; /* Raw payload length before comp. */ hlen = IPCOMP_HLENGTH; - ipcompstat.ipcomps_output++; + V_ipcompstat.ipcomps_output++; /* Check for maximum packet size violations. */ switch (sav->sah->saidx.dst.sa.sa_family) { @@ -359,7 +360,7 @@ ipcomp_output( break; #endif /* INET6 */ default: - ipcompstat.ipcomps_nopf++; + V_ipcompstat.ipcomps_nopf++; DPRINTF(("%s: unknown/unsupported protocol family %d, " "IPCA %s/%08lx\n", __func__, sav->sah->saidx.dst.sa.sa_family, @@ -369,7 +370,7 @@ ipcomp_output( goto bad; } if (skip + hlen + ralen > maxpacketsize) { - ipcompstat.ipcomps_toobig++; + V_ipcompstat.ipcomps_toobig++; DPRINTF(("%s: packet in IPCA %s/%08lx got too big " "(len %u, max len %u)\n", __func__, ipsec_address(&sav->sah->saidx.dst), @@ -380,11 +381,11 @@ ipcomp_output( } /* Update the counters */ - ipcompstat.ipcomps_obytes += m->m_pkthdr.len - skip; + V_ipcompstat.ipcomps_obytes += m->m_pkthdr.len - skip; m = m_unshare(m, M_NOWAIT); if (m == NULL) { - ipcompstat.ipcomps_hdrops++; + V_ipcompstat.ipcomps_hdrops++; DPRINTF(("%s: cannot clone mbuf chain, IPCA %s/%08lx\n", __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); @@ -395,7 +396,7 @@ ipcomp_output( /* Inject IPCOMP header */ mo = m_makespace(m, skip, hlen, &roff); if (mo == NULL) { - ipcompstat.ipcomps_wrap++; + V_ipcompstat.ipcomps_wrap++; DPRINTF(("%s: IPCOMP header inject failed for IPCA %s/%08lx\n", __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); @@ -430,7 +431,7 @@ ipcomp_output( /* Get crypto descriptors */ crp = crypto_getreq(1); if (crp == NULL) { - ipcompstat.ipcomps_crypto++; + V_ipcompstat.ipcomps_crypto++; DPRINTF(("%s: failed to acquire crypto descriptor\n",__func__)); error = ENOBUFS; goto bad; @@ -450,7 +451,7 @@ ipcomp_output( tc = (struct tdb_crypto *) malloc(sizeof(struct tdb_crypto), M_XDATA, M_NOWAIT|M_ZERO); if (tc == NULL) { - ipcompstat.ipcomps_crypto++; + V_ipcompstat.ipcomps_crypto++; DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); crypto_freereq(crp); error = ENOBUFS; @@ -500,7 +501,7 @@ ipcomp_output_cb(struct cryptop *crp) IPSECREQUEST_LOCK(isr); sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi); if (sav == NULL) { - ipcompstat.ipcomps_notdb++; + V_ipcompstat.ipcomps_notdb++; DPRINTF(("%s: SA expired while in crypto\n", __func__)); error = ENOBUFS; /*XXX*/ goto bad; @@ -519,19 +520,19 @@ ipcomp_output_cb(struct cryptop *crp) error = crypto_dispatch(crp); return error; } - ipcompstat.ipcomps_noxform++; + V_ipcompstat.ipcomps_noxform++; DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); error = crp->crp_etype; goto bad; } /* Shouldn't happen... */ if (m == NULL) { - ipcompstat.ipcomps_crypto++; + V_ipcompstat.ipcomps_crypto++; DPRINTF(("%s: bogus return buffer from crypto\n", __func__)); error = EINVAL; goto bad; } - ipcompstat.ipcomps_hist[sav->alg_comp]++; + V_ipcompstat.ipcomps_hist[sav->alg_comp]++; if (rlen > crp->crp_olen) { /* Adjust the length in the IP header */ @@ -548,7 +549,7 @@ ipcomp_output_cb(struct cryptop *crp) break; #endif /* INET6 */ default: - ipcompstat.ipcomps_nopf++; + V_ipcompstat.ipcomps_nopf++; DPRINTF(("%s: unknown/unsupported protocol " "family %d, IPCA %s/%08lx\n", __func__, sav->sah->saidx.dst.sa.sa_family, |
