From 7b573d1496799fd4543bfa925fd691d650b3c628 Mon Sep 17 00:00:00 2001 From: zec Date: Wed, 10 Dec 2008 23:12:39 +0000 Subject: Conditionally compile out V_ globals while instantiating the appropriate container structures, depending on VIMAGE_GLOBALS compile time option. Make VIMAGE_GLOBALS a new compile-time option, which by default will not be defined, resulting in instatiations of global variables selected for V_irtualization (enclosed in #ifdef VIMAGE_GLOBALS blocks) to be effectively compiled out. Instantiate new global container structures to hold V_irtualized variables: vnet_net_0, vnet_inet_0, vnet_inet6_0, vnet_ipsec_0, vnet_netgraph_0, and vnet_gif_0. Update the VSYM() macro so that depending on VIMAGE_GLOBALS the V_ macros resolve either to the original globals, or to fields inside container structures, i.e. effectively #ifdef VIMAGE_GLOBALS #define V_rt_tables rt_tables #else #define V_rt_tables vnet_net_0._rt_tables #endif Update SYSCTL_V_*() macros to operate either on globals or on fields inside container structs. Extend the internal kldsym() lookups with the ability to resolve selected fields inside the virtualization container structs. This applies only to the fields which are explicitly registered for kldsym() visibility via VNET_MOD_DECLARE() and vnet_mod_register(), currently this is done only in sys/net/if.c. Fix a few broken instances of MODULE_GLOBAL() macro use in SCTP code, and modify the MODULE_GLOBAL() macro to resolve to V_ macros, which in turn result in proper code being generated depending on VIMAGE_GLOBALS. De-virtualize local static variables in sys/contrib/pf/net/pf_subr.c which were prematurely V_irtualized by automated V_ prepending scripts during earlier merging steps. PF virtualization will be done separately, most probably after next PF import. Convert a few variable initializations at instantiation to initialization in init functions, most notably in ipfw. Also convert TUNABLE_INT() initializers for V_ variables to TUNABLE_FETCH_INT() in initializer functions. Discussed at: devsummit Strassburg Reviewed by: bz, julian Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation --- sys/contrib/pf/net/pf_subr.c | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) (limited to 'sys/contrib/pf') diff --git a/sys/contrib/pf/net/pf_subr.c b/sys/contrib/pf/net/pf_subr.c index 3b680e3..1ac8b40 100644 --- a/sys/contrib/pf/net/pf_subr.c +++ b/sys/contrib/pf/net/pf_subr.c @@ -124,15 +124,14 @@ static MD5_CTX isn_ctx; u_int32_t pf_new_isn(struct pf_state *s) { - INIT_VNET_INET(curvnet); u_int32_t md5_buffer[4]; u_int32_t new_isn; struct pf_state_host *src, *dst; /* Seed if this is the first use, reseed if requested. */ - if (V_isn_last_reseed == 0) { - read_random(&V_isn_secret, sizeof(V_isn_secret)); - V_isn_last_reseed = ticks; + if (isn_last_reseed == 0) { + read_random(&isn_secret, sizeof(isn_secret)); + isn_last_reseed = ticks; } if (s->direction == PF_IN) { @@ -144,28 +143,28 @@ pf_new_isn(struct pf_state *s) } /* Compute the md5 hash and return the ISN. */ - MD5Init(&V_isn_ctx); - MD5Update(&V_isn_ctx, (u_char *) &dst->port, sizeof(u_short)); - MD5Update(&V_isn_ctx, (u_char *) &src->port, sizeof(u_short)); + MD5Init(&isn_ctx); + MD5Update(&isn_ctx, (u_char *) &dst->port, sizeof(u_short)); + MD5Update(&isn_ctx, (u_char *) &src->port, sizeof(u_short)); #ifdef INET6 if (s->af == AF_INET6) { - MD5Update(&V_isn_ctx, (u_char *) &dst->addr, + MD5Update(&isn_ctx, (u_char *) &dst->addr, sizeof(struct in6_addr)); - MD5Update(&V_isn_ctx, (u_char *) &src->addr, + MD5Update(&isn_ctx, (u_char *) &src->addr, sizeof(struct in6_addr)); } else #endif { - MD5Update(&V_isn_ctx, (u_char *) &dst->addr, + MD5Update(&isn_ctx, (u_char *) &dst->addr, sizeof(struct in_addr)); - MD5Update(&V_isn_ctx, (u_char *) &src->addr, + MD5Update(&isn_ctx, (u_char *) &src->addr, sizeof(struct in_addr)); } - MD5Update(&V_isn_ctx, (u_char *) &V_isn_secret, sizeof(V_isn_secret)); - MD5Final((u_char *) &md5_buffer, &V_isn_ctx); + MD5Update(&isn_ctx, (u_char *) &isn_secret, sizeof(isn_secret)); + MD5Final((u_char *) &md5_buffer, &isn_ctx); new_isn = (tcp_seq) md5_buffer[0]; - V_isn_offset += ISN_STATIC_INCREMENT + + isn_offset += ISN_STATIC_INCREMENT + (arc4random() & ISN_RANDOM_INCREMENT); - new_isn += V_isn_offset; + new_isn += isn_offset; return (new_isn); } -- cgit v1.1