From 70e6f14e44387c54e20403484badf917d9b74589 Mon Sep 17 00:00:00 2001 From: bz Date: Thu, 6 May 2010 06:44:19 +0000 Subject: MFC r207369: MFP4: @176978-176982, 176984, 176990-176994, 177441 "Whitspace" churn after the VIMAGE/VNET whirls. Remove the need for some "init" functions within the network stack, like pim6_init(), icmp_init() or significantly shorten others like ip6_init() and nd6_init(), using static initialization again where possible and formerly missed. Move (most) variables back to the place they used to be before the container structs and VIMAGE_GLOABLS (before r185088) and try to reduce the diff to stable/7 and earlier as good as possible, to help out-of-tree consumers to update from 6.x or 7.x to 8 or 9. This also removes some header file pollution for putatively static global variables. Revert VIMAGE specific changes in ipfilter::ip_auth.c, that are no longer needed. Reviewed by: jhb Discussed with: rwatson Sponsored by: The FreeBSD Foundation Sponsored by: CK Software GmbH --- sys/netipsec/ah_var.h | 5 +++-- sys/netipsec/esp_var.h | 3 ++- sys/netipsec/ipcomp_var.h | 3 ++- sys/netipsec/ipip_var.h | 3 ++- sys/netipsec/ipsec.c | 1 + sys/netipsec/ipsec.h | 44 ++++++++++++++++++++++---------------------- sys/netipsec/ipsec6.h | 11 ++++++----- sys/netipsec/key.c | 21 +++++++++++---------- sys/netipsec/xform_esp.c | 3 +-- 9 files changed, 50 insertions(+), 44 deletions(-) (limited to 'sys/netipsec') diff --git a/sys/netipsec/ah_var.h b/sys/netipsec/ah_var.h index b031a98..6145dba 100644 --- a/sys/netipsec/ah_var.h +++ b/sys/netipsec/ah_var.h @@ -72,10 +72,11 @@ struct ahstat { #ifdef _KERNEL VNET_DECLARE(int, ah_enable); -#define V_ah_enable VNET(ah_enable) VNET_DECLARE(int, ah_cleartos); -#define V_ah_cleartos VNET(ah_cleartos) VNET_DECLARE(struct ahstat, ahstat); + +#define V_ah_enable VNET(ah_enable) +#define V_ah_cleartos VNET(ah_cleartos) #define V_ahstat VNET(ahstat) #endif /* _KERNEL */ #endif /*_NETIPSEC_AH_VAR_H_*/ diff --git a/sys/netipsec/esp_var.h b/sys/netipsec/esp_var.h index dc1aad4..477dcbf 100644 --- a/sys/netipsec/esp_var.h +++ b/sys/netipsec/esp_var.h @@ -73,8 +73,9 @@ struct espstat { #ifdef _KERNEL VNET_DECLARE(int, esp_enable); -#define V_esp_enable VNET(esp_enable) VNET_DECLARE(struct espstat, espstat); + +#define V_esp_enable VNET(esp_enable) #define V_espstat VNET(espstat) #endif /* _KERNEL */ #endif /*_NETIPSEC_ESP_VAR_H_*/ diff --git a/sys/netipsec/ipcomp_var.h b/sys/netipsec/ipcomp_var.h index 78f1848..c99a3be 100644 --- a/sys/netipsec/ipcomp_var.h +++ b/sys/netipsec/ipcomp_var.h @@ -66,8 +66,9 @@ struct ipcompstat { #ifdef _KERNEL VNET_DECLARE(int, ipcomp_enable); -#define V_ipcomp_enable VNET(ipcomp_enable) VNET_DECLARE(struct ipcompstat, ipcompstat); + +#define V_ipcomp_enable VNET(ipcomp_enable) #define V_ipcompstat VNET(ipcompstat) #endif /* _KERNEL */ #endif /*_NETIPSEC_IPCOMP_VAR_H_*/ diff --git a/sys/netipsec/ipip_var.h b/sys/netipsec/ipip_var.h index a6e33e8..3c8c397 100644 --- a/sys/netipsec/ipip_var.h +++ b/sys/netipsec/ipip_var.h @@ -60,8 +60,9 @@ struct ipipstat #ifdef _KERNEL VNET_DECLARE(int, ipip_allow); -#define V_ipip_allow VNET(ipip_allow) VNET_DECLARE(struct ipipstat, ipipstat); + +#define V_ipip_allow VNET(ipip_allow) #define V_ipipstat VNET(ipipstat) #endif /* _KERNEL */ #endif /* _NETINET_IPIP_H_ */ diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c index 4b552c8..cd29848 100644 --- a/sys/netipsec/ipsec.c +++ b/sys/netipsec/ipsec.c @@ -102,6 +102,7 @@ VNET_DEFINE(int, ipsec_debug) = 1; #else VNET_DEFINE(int, ipsec_debug) = 0; #endif + /* NB: name changed so netstat doesn't use it. */ VNET_DEFINE(struct ipsecstat, ipsec4stat); VNET_DEFINE(int, ip4_ah_offsetmask) = 0; /* maybe IP_DF? */ diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h index 97756e5..a17b867 100644 --- a/sys/netipsec/ipsec.h +++ b/sys/netipsec/ipsec.h @@ -334,39 +334,39 @@ struct ipsec_history { VNET_DECLARE(int, ipsec_debug); #define V_ipsec_debug VNET(ipsec_debug) + +#ifdef REGRESSION +VNET_DECLARE(int, ipsec_replay); +VNET_DECLARE(int, ipsec_integrity); + +#define V_ipsec_replay VNET(ipsec_replay) +#define V_ipsec_integrity VNET(ipsec_integrity) +#endif + VNET_DECLARE(struct ipsecstat, ipsec4stat); -#define V_ipsec4stat VNET(ipsec4stat) +VNET_DECLARE(struct secpolicy, ip4_def_policy); +VNET_DECLARE(int, ip4_esp_trans_deflev); +VNET_DECLARE(int, ip4_esp_net_deflev); +VNET_DECLARE(int, ip4_ah_trans_deflev); +VNET_DECLARE(int, ip4_ah_net_deflev); VNET_DECLARE(int, ip4_ah_offsetmask); -#define V_ip4_ah_offsetmask VNET(ip4_ah_offsetmask) VNET_DECLARE(int, ip4_ipsec_dfbit); -#define V_ip4_ipsec_dfbit VNET(ip4_ipsec_dfbit) -VNET_DECLARE(int, ip4_esp_trans_deflev); +VNET_DECLARE(int, ip4_ipsec_ecn); +VNET_DECLARE(int, ip4_esp_randpad); +VNET_DECLARE(int, crypto_support); + +#define V_ipsec4stat VNET(ipsec4stat) +#define V_ip4_def_policy VNET(ip4_def_policy) #define V_ip4_esp_trans_deflev VNET(ip4_esp_trans_deflev) -VNET_DECLARE(int, ip4_esp_net_deflev); #define V_ip4_esp_net_deflev VNET(ip4_esp_net_deflev) -VNET_DECLARE(int, ip4_ah_trans_deflev); #define V_ip4_ah_trans_deflev VNET(ip4_ah_trans_deflev) -VNET_DECLARE(int, ip4_ah_net_deflev); #define V_ip4_ah_net_deflev VNET(ip4_ah_net_deflev) -VNET_DECLARE(struct secpolicy, ip4_def_policy); -#define V_ip4_def_policy VNET(ip4_def_policy) -VNET_DECLARE(int, ip4_ipsec_ecn); +#define V_ip4_ah_offsetmask VNET(ip4_ah_offsetmask) +#define V_ip4_ipsec_dfbit VNET(ip4_ipsec_dfbit) #define V_ip4_ipsec_ecn VNET(ip4_ipsec_ecn) -VNET_DECLARE(int, ip4_esp_randpad); #define V_ip4_esp_randpad VNET(ip4_esp_randpad) - -VNET_DECLARE(int, crypto_support); #define V_crypto_support VNET(crypto_support) -extern int ip4_ah_cleartos; - -#ifdef REGRESSION -VNET_DECLARE(int, ipsec_replay); -#define V_ipsec_replay VNET(ipsec_replay) -VNET_DECLARE(int, ipsec_integrity); -#define V_ipsec_integrity VNET(ipsec_integrity) -#endif - #define ipseclog(x) do { if (V_ipsec_debug) log x; } while (0) /* for openbsd compatibility */ #define DPRINTF(x) do { if (V_ipsec_debug) printf x; } while (0) diff --git a/sys/netipsec/ipsec6.h b/sys/netipsec/ipsec6.h index 030113f..c004220 100644 --- a/sys/netipsec/ipsec6.h +++ b/sys/netipsec/ipsec6.h @@ -42,16 +42,17 @@ #ifdef _KERNEL VNET_DECLARE(struct ipsecstat, ipsec6stat); -#define V_ipsec6stat VNET(ipsec6stat) VNET_DECLARE(int, ip6_esp_trans_deflev); -#define V_ip6_esp_trans_deflev VNET(ip6_esp_trans_deflev) VNET_DECLARE(int, ip6_esp_net_deflev); -#define V_ip6_esp_net_deflev VNET(ip6_esp_net_deflev) VNET_DECLARE(int, ip6_ah_trans_deflev); -#define V_ip6_ah_trans_deflev VNET(ip6_ah_trans_deflev) VNET_DECLARE(int, ip6_ah_net_deflev); -#define V_ip6_ah_net_deflev VNET(ip6_ah_net_deflev) VNET_DECLARE(int, ip6_ipsec_ecn); + +#define V_ipsec6stat VNET(ipsec6stat) +#define V_ip6_esp_trans_deflev VNET(ip6_esp_trans_deflev) +#define V_ip6_esp_net_deflev VNET(ip6_esp_net_deflev) +#define V_ip6_ah_trans_deflev VNET(ip6_ah_trans_deflev) +#define V_ip6_ah_net_deflev VNET(ip6_ah_net_deflev) #define V_ip6_ipsec_ecn VNET(ip6_ipsec_ecn) struct inpcb; diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index 5d08c9c..3a0a2ab 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -114,27 +114,27 @@ VNET_DEFINE(u_int32_t, key_debug_level) = 0; static VNET_DEFINE(u_int, key_spi_trycnt) = 1000; -#define V_key_spi_trycnt VNET(key_spi_trycnt) static VNET_DEFINE(u_int32_t, key_spi_minval) = 0x100; -#define V_key_spi_minval VNET(key_spi_minval) static VNET_DEFINE(u_int32_t, key_spi_maxval) = 0x0fffffff; /* XXX */ -#define V_key_spi_maxval VNET(key_spi_maxval) static VNET_DEFINE(u_int32_t, policy_id) = 0; -#define V_policy_id VNET(policy_id) /*interval to initialize randseed,1(m)*/ static VNET_DEFINE(u_int, key_int_random) = 60; -#define V_key_int_random VNET(key_int_random) /* interval to expire acquiring, 30(s)*/ static VNET_DEFINE(u_int, key_larval_lifetime) = 30; -#define V_key_larval_lifetime VNET(key_larval_lifetime) /* counter for blocking SADB_ACQUIRE.*/ static VNET_DEFINE(int, key_blockacq_count) = 10; -#define V_key_blockacq_count VNET(key_blockacq_count) /* lifetime for blocking SADB_ACQUIRE.*/ static VNET_DEFINE(int, key_blockacq_lifetime) = 20; -#define V_key_blockacq_lifetime VNET(key_blockacq_lifetime) /* preferred old sa rather than new sa.*/ static VNET_DEFINE(int, key_preferred_oldsa) = 1; +#define V_key_spi_trycnt VNET(key_spi_trycnt) +#define V_key_spi_minval VNET(key_spi_minval) +#define V_key_spi_maxval VNET(key_spi_maxval) +#define V_policy_id VNET(policy_id) +#define V_key_int_random VNET(key_int_random) +#define V_key_larval_lifetime VNET(key_larval_lifetime) +#define V_key_blockacq_count VNET(key_blockacq_count) +#define V_key_blockacq_lifetime VNET(key_blockacq_lifetime) #define V_key_preferred_oldsa VNET(key_preferred_oldsa) static VNET_DEFINE(u_int32_t, acq_seq) = 0; @@ -270,10 +270,11 @@ static const int maxsize[] = { }; static VNET_DEFINE(int, ipsec_esp_keymin) = 256; -#define V_ipsec_esp_keymin VNET(ipsec_esp_keymin) static VNET_DEFINE(int, ipsec_esp_auth) = 0; -#define V_ipsec_esp_auth VNET(ipsec_esp_auth) static VNET_DEFINE(int, ipsec_ah_keymin) = 128; + +#define V_ipsec_esp_keymin VNET(ipsec_esp_keymin) +#define V_ipsec_esp_auth VNET(ipsec_esp_auth) #define V_ipsec_ah_keymin VNET(ipsec_ah_keymin) #ifdef SYSCTL_DECL diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index 135be9d..a84f525 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -85,8 +85,7 @@ SYSCTL_VNET_INT(_net_inet_esp, OID_AUTO, SYSCTL_VNET_STRUCT(_net_inet_esp, IPSECCTL_STATS, stats, CTLFLAG_RD, &VNET_NAME(espstat), espstat, ""); -/* max iv length over all algorithms */ -static VNET_DEFINE(int, esp_max_ivlen) = 0; +static VNET_DEFINE(int, esp_max_ivlen); /* max iv length over all algorithms */ #define V_esp_max_ivlen VNET(esp_max_ivlen) static int esp_input_cb(struct cryptop *op); -- cgit v1.1