1 files changed, 29 insertions, 28 deletions

diff --git a/sys/netipsec/xform_ipip.c b/sys/netipsec/xform_ipip.c
index 4e8495b..cb9256d 100644
--- a/sys/netipsec/xform_ipip.c
+++ b/sys/netipsec/xform_ipip.c
@@ -50,6 +50,7 @@
 #include <sys/kernel.h>
 #include <sys/protosw.h>
 #include <sys/sysctl.h>
+#include <sys/vimage.h>
 
 #include <net/if.h>
 #include <net/pfil.h>
@@ -113,9 +114,9 @@ ip4_input6(struct mbuf **m, int *offp, int proto)
 {
 #if 0
 	/* If we do not accept IP-in-IP explicitly, drop.  */
-	if (!ipip_allow && ((*m)->m_flags & M_IPSEC) == 0) {
+	if (!V_ipip_allow && ((*m)->m_flags & M_IPSEC) == 0) {
 		DPRINTF(("%s: dropped due to policy\n", __func__));
-		ipipstat.ipips_pdrops++;
+		V_ipipstat.ipips_pdrops++;
 		m_freem(*m);
 		return IPPROTO_DONE;
 	}
@@ -134,9 +135,9 @@ ip4_input(struct mbuf *m, int off)
 {
 #if 0
 	/* If we do not accept IP-in-IP explicitly, drop.  */
-	if (!ipip_allow && (m->m_flags & M_IPSEC) == 0) {
+	if (!V_ipip_allow && (m->m_flags & M_IPSEC) == 0) {
 		DPRINTF(("%s: dropped due to policy\n", __func__));
-		ipipstat.ipips_pdrops++;
+		V_ipipstat.ipips_pdrops++;
 		m_freem(m);
 		return;
 	}
@@ -170,7 +171,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
 	u_int8_t v;
 	int hlen;
 
-	ipipstat.ipips_ipackets++;
+	V_ipipstat.ipips_ipackets++;
 
 	m_copydata(m, 0, 1, &v);
 
@@ -186,7 +187,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
 		break;
 #endif
         default:
-		ipipstat.ipips_family++;
+		V_ipipstat.ipips_family++;
 		m_freem(m);
 		return /* EAFNOSUPPORT */;
 	}
@@ -195,7 +196,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
 	if (m->m_len < hlen) {
 		if ((m = m_pullup(m, hlen)) == NULL) {
 			DPRINTF(("%s: m_pullup (1) failed\n", __func__));
-			ipipstat.ipips_hdrops++;
+			V_ipipstat.ipips_hdrops++;
 			return;
 		}
 	}
@@ -232,7 +233,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
 
 	/* Sanity check */
 	if (m->m_pkthdr.len < sizeof(struct ip))  {
-		ipipstat.ipips_hdrops++;
+		V_ipipstat.ipips_hdrops++;
 		m_freem(m);
 		return;
 	}
@@ -252,7 +253,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
 		break;
 #endif
 	default:
-		ipipstat.ipips_family++;
+		V_ipipstat.ipips_family++;
 		m_freem(m);
 		return; /* EAFNOSUPPORT */
 	}
@@ -263,7 +264,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
 	if (m->m_len < hlen) {
 		if ((m = m_pullup(m, hlen)) == NULL) {
 			DPRINTF(("%s: m_pullup (2) failed\n", __func__));
-			ipipstat.ipips_hdrops++;
+			V_ipipstat.ipips_hdrops++;
 			return;
 		}
 	}
@@ -280,7 +281,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
     	case 4:
                 ipo = mtod(m, struct ip *);
                 nxt = ipo->ip_p;
-		ip_ecn_egress(ip4_ipsec_ecn, &otos, &ipo->ip_tos);
+		ip_ecn_egress(V_ip4_ipsec_ecn, &otos, &ipo->ip_tos);
                 break;
 #endif /* INET */
 #ifdef INET6
@@ -288,7 +289,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
                 ip6 = (struct ip6_hdr *) ipo;
                 nxt = ip6->ip6_nxt;
 		itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
-		ip_ecn_egress(ip6_ipsec_ecn, &otos, &itos);
+		ip_ecn_egress(V_ip6_ipsec_ecn, &otos, &itos);
 		ip6->ip6_flow &= ~htonl(0xff << 20);
 		ip6->ip6_flow |= htonl((u_int32_t) itos << 20);
                 break;
@@ -300,9 +301,9 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
 	/* Check for local address spoofing. */
 	if ((m->m_pkthdr.rcvif == NULL ||
 	    !(m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK)) &&
-	    ipip_allow != 2) {
+	    V_ipip_allow != 2) {
 	    	IFNET_RLOCK();
-		TAILQ_FOREACH(ifp, &ifnet, if_link) {
+		TAILQ_FOREACH(ifp, &V_ifnet, if_link) {
 			TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
 #ifdef INET
 				if (ipo) {
@@ -314,7 +315,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
 
 					if (sin->sin_addr.s_addr ==
 					    ipo->ip_src.s_addr)	{
-						ipipstat.ipips_spoof++;
+						V_ipipstat.ipips_spoof++;
 						m_freem(m);
 						IFNET_RUNLOCK();
 						return;
@@ -331,7 +332,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
 					sin6 = (struct sockaddr_in6 *) ifa->ifa_addr;
 
 					if (IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &ip6->ip6_src)) {
-						ipipstat.ipips_spoof++;
+						V_ipipstat.ipips_spoof++;
 						m_freem(m);
 						IFNET_RUNLOCK();
 						return;
@@ -345,7 +346,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
 	}
 
 	/* Statistics */
-	ipipstat.ipips_ibytes += m->m_pkthdr.len - iphlen;
+	V_ipipstat.ipips_ibytes += m->m_pkthdr.len - iphlen;
 
 #ifdef DEV_ENC
 	switch (v >> 4) {
@@ -391,7 +392,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
 	}
 
 	if (netisr_queue(isr, m)) {	/* (0) on success. */
-		ipipstat.ipips_qfull++;
+		V_ipipstat.ipips_qfull++;
 		DPRINTF(("%s: packet dropped because of full queue\n",
 			__func__));
 	}
@@ -438,7 +439,7 @@ ipip_output(
 			    "address in SA %s/%08lx\n", __func__,
 			    ipsec_address(&saidx->dst),
 			    (u_long) ntohl(sav->spi)));
-			ipipstat.ipips_unspec++;
+			V_ipipstat.ipips_unspec++;
 			error = EINVAL;
 			goto bad;
 		}
@@ -446,7 +447,7 @@ ipip_output(
 		M_PREPEND(m, sizeof(struct ip), M_DONTWAIT);
 		if (m == 0) {
 			DPRINTF(("%s: M_PREPEND failed\n", __func__));
-			ipipstat.ipips_hdrops++;
+			V_ipipstat.ipips_hdrops++;
 			error = ENOBUFS;
 			goto bad;
 		}
@@ -456,7 +457,7 @@ ipip_output(
 		ipo->ip_v = IPVERSION;
 		ipo->ip_hl = 5;
 		ipo->ip_len = htons(m->m_pkthdr.len);
-		ipo->ip_ttl = ip_defttl;
+		ipo->ip_ttl = V_ip_defttl;
 		ipo->ip_sum = 0;
 		ipo->ip_src = saidx->src.sin.sin_addr;
 		ipo->ip_dst = saidx->dst.sin.sin_addr;
@@ -515,7 +516,7 @@ ipip_output(
 			    "address in SA %s/%08lx\n", __func__,
 			    ipsec_address(&saidx->dst),
 			    (u_long) ntohl(sav->spi)));
-			ipipstat.ipips_unspec++;
+			V_ipipstat.ipips_unspec++;
 			error = ENOBUFS;
 			goto bad;
 		}
@@ -530,7 +531,7 @@ ipip_output(
 		M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT);
 		if (m == 0) {
 			DPRINTF(("%s: M_PREPEND failed\n", __func__));
-			ipipstat.ipips_hdrops++;
+			V_ipipstat.ipips_hdrops++;
 			error = ENOBUFS;
 			goto bad;
 		}
@@ -541,7 +542,7 @@ ipip_output(
 		ip6o->ip6_vfc &= ~IPV6_VERSION_MASK;
 		ip6o->ip6_vfc |= IPV6_VERSION;
 		ip6o->ip6_plen = htons(m->m_pkthdr.len);
-		ip6o->ip6_hlim = ip_defttl;
+		ip6o->ip6_hlim = V_ip_defttl;
 		ip6o->ip6_dst = saidx->dst.sin6.sin6_addr;
 		ip6o->ip6_src = saidx->src.sin6.sin6_addr;
 
@@ -580,12 +581,12 @@ ipip_output(
 nofamily:
 		DPRINTF(("%s: unsupported protocol family %u\n", __func__,
 		    saidx->dst.sa.sa_family));
-		ipipstat.ipips_family++;
+		V_ipipstat.ipips_family++;
 		error = EAFNOSUPPORT;		/* XXX diffs from openbsd */
 		goto bad;
 	}
 
-	ipipstat.ipips_opackets++;
+	V_ipipstat.ipips_opackets++;
 	*mp = m;
 
 #ifdef INET
@@ -595,7 +596,7 @@ nofamily:
 			tdb->tdb_cur_bytes +=
 			    m->m_pkthdr.len - sizeof(struct ip);
 #endif
-		ipipstat.ipips_obytes += m->m_pkthdr.len - sizeof(struct ip);
+		V_ipipstat.ipips_obytes += m->m_pkthdr.len - sizeof(struct ip);
 	}
 #endif /* INET */
 
@@ -606,7 +607,7 @@ nofamily:
 			tdb->tdb_cur_bytes +=
 			    m->m_pkthdr.len - sizeof(struct ip6_hdr);
 #endif
-		ipipstat.ipips_obytes +=
+		V_ipipstat.ipips_obytes +=
 		    m->m_pkthdr.len - sizeof(struct ip6_hdr);
 	}
 #endif /* INET6 */