Date: Mon, 23 Jul 2007 17:18:03 GMT From: Ana Kukec <anchie@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 123978 for review Message-ID: <200707231718.l6NHI3cP095929@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=123978 Change 123978 by anchie@anchie_malimis on 2007/07/23 17:17:31 Added support for PF_KEY variables in vnets. Affected files ... .. //depot/projects/vimage/src/sys/netipsec/key.c#7 edit .. //depot/projects/vimage/src/sys/netipsec/keysock.c#6 edit .. //depot/projects/vimage/src/sys/netipsec/keysock.h#2 edit .. //depot/projects/vimage/src/sys/netipsec/vipsec.h#6 edit Differences ... ==== //depot/projects/vimage/src/sys/netipsec/key.c#7 (text+ko) ==== @@ -6742,7 +6742,7 @@ if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len != m->m_pkthdr.len) { ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__)); - pfkeystat.out_invlen++; + V_pfkeystat.out_invlen++; error = EINVAL; goto senderror; } @@ -6750,7 +6750,7 @@ if (msg->sadb_msg_version != PF_KEY_V2) { ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n", __func__, msg->sadb_msg_version)); - pfkeystat.out_invver++; + V_pfkeystat.out_invver++; error = EINVAL; goto senderror; } @@ -6758,7 +6758,7 @@ if (msg->sadb_msg_type > SADB_MAX) { ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", __func__, msg->sadb_msg_type)); - pfkeystat.out_invmsgtype++; + V_pfkeystat.out_invmsgtype++; error = EINVAL; goto senderror; } @@ -6811,7 +6811,7 @@ ipseclog((LOG_DEBUG, "%s: must specify satype " "when msg type=%u.\n", __func__, msg->sadb_msg_type)); - pfkeystat.out_invsatype++; + V_pfkeystat.out_invsatype++; error = EINVAL; goto senderror; } @@ -6831,7 +6831,7 @@ case SADB_X_SPDDELETE2: ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", __func__, msg->sadb_msg_type)); - pfkeystat.out_invsatype++; + V_pfkeystat.out_invsatype++; error = EINVAL; goto senderror; } @@ -6842,7 +6842,7 @@ case SADB_SATYPE_MIP: ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n", __func__, msg->sadb_msg_satype)); - pfkeystat.out_invsatype++; + V_pfkeystat.out_invsatype++; error = EOPNOTSUPP; goto senderror; case 1: /* XXX: What does it do? */ @@ -6852,7 +6852,7 @@ default: ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", __func__, msg->sadb_msg_satype)); - pfkeystat.out_invsatype++; + V_pfkeystat.out_invsatype++; error = EINVAL; goto senderror; } @@ -6870,7 +6870,7 @@ if (src0->sadb_address_proto != dst0->sadb_address_proto) { ipseclog((LOG_DEBUG, "%s: upper layer protocol " "mismatched.\n", __func__)); - pfkeystat.out_invaddr++; + V_pfkeystat.out_invaddr++; error = EINVAL; goto senderror; } @@ -6880,7 +6880,7 @@ PFKEY_ADDR_SADDR(dst0)->sa_family) { ipseclog((LOG_DEBUG, "%s: address family mismatched.\n", __func__)); - pfkeystat.out_invaddr++; + V_pfkeystat.out_invaddr++; error = EINVAL; goto senderror; } @@ -6888,7 +6888,7 @@ PFKEY_ADDR_SADDR(dst0)->sa_len) { ipseclog((LOG_DEBUG, "%s: address struct size " "mismatched.\n", __func__)); - pfkeystat.out_invaddr++; + V_pfkeystat.out_invaddr++; error = EINVAL; goto senderror; } @@ -6897,7 +6897,7 @@ case AF_INET: if (PFKEY_ADDR_SADDR(src0)->sa_len != sizeof(struct sockaddr_in)) { - pfkeystat.out_invaddr++; + V_pfkeystat.out_invaddr++; error = EINVAL; goto senderror; } @@ -6905,7 +6905,7 @@ case AF_INET6: if (PFKEY_ADDR_SADDR(src0)->sa_len != sizeof(struct sockaddr_in6)) { - pfkeystat.out_invaddr++; + V_pfkeystat.out_invaddr++; error = EINVAL; goto senderror; } @@ -6913,7 +6913,7 @@ default: ipseclog((LOG_DEBUG, "%s: unsupported address family\n", __func__)); - pfkeystat.out_invaddr++; + V_pfkeystat.out_invaddr++; error = EAFNOSUPPORT; goto senderror; } @@ -6935,7 +6935,7 @@ dst0->sadb_address_prefixlen > plen) { ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n", __func__)); - pfkeystat.out_invaddr++; + V_pfkeystat.out_invaddr++; error = EINVAL; goto senderror; } @@ -6948,7 +6948,7 @@ if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) || key_typesw[msg->sadb_msg_type] == NULL) { - pfkeystat.out_invmsgtype++; + V_pfkeystat.out_invmsgtype++; error = EINVAL; goto senderror; } @@ -7043,7 +7043,7 @@ ipseclog((LOG_DEBUG, "%s: duplicate ext_type " "%u\n", __func__, ext->sadb_ext_type)); m_freem(m); - pfkeystat.out_dupext++; + V_pfkeystat.out_dupext++; return EINVAL; } break; @@ -7051,7 +7051,7 @@ ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n", __func__, ext->sadb_ext_type)); m_freem(m); - pfkeystat.out_invexttype++; + V_pfkeystat.out_invexttype++; return EINVAL; } @@ -7059,7 +7059,7 @@ if (key_validate_ext(ext, extlen)) { m_freem(m); - pfkeystat.out_invlen++; + V_pfkeystat.out_invlen++; return EINVAL; } @@ -7077,7 +7077,7 @@ if (off != end) { m_freem(m); - pfkeystat.out_invlen++; + V_pfkeystat.out_invlen++; return EINVAL; } ==== //depot/projects/vimage/src/sys/netipsec/keysock.c#6 (text+ko) ==== @@ -65,9 +65,12 @@ #include <netipsec/key_debug.h> #include <netipsec/keydb.h> #include <netipsec/vipsec.h> - +#ifdef VIMAGE +#include <netipsec/keysock.h> +#endif #include <machine/stdarg.h> +#ifndef VIMAGE struct key_cb { int key_count; int any_count; @@ -76,10 +79,13 @@ static struct sockaddr key_dst = { 2, PF_KEY, }; static struct sockaddr key_src = { 2, PF_KEY, }; +#endif static int key_sendup0 __P((struct rawcb *, struct mbuf *, int)); +#ifndef VIMAGE struct pfkeystat pfkeystat; +#endif /* * key_output() @@ -94,19 +100,19 @@ if (m == 0) panic("%s: NULL pointer was passed.\n", __func__); - pfkeystat.out_total++; - pfkeystat.out_bytes += m->m_pkthdr.len; + V_pfkeystat.out_total++; + V_pfkeystat.out_bytes += m->m_pkthdr.len; len = m->m_pkthdr.len; if (len < sizeof(struct sadb_msg)) { - pfkeystat.out_tooshort++; + V_pfkeystat.out_tooshort++; error = EINVAL; goto end; } if (m->m_len < sizeof(struct sadb_msg)) { if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) { - pfkeystat.out_nomem++; + V_pfkeystat.out_nomem++; error = ENOBUFS; goto end; } @@ -117,9 +123,9 @@ KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m)); msg = mtod(m, struct sadb_msg *); - pfkeystat.out_msgtype[msg->sadb_msg_type]++; + V_pfkeystat.out_msgtype[msg->sadb_msg_type]++; if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) { - pfkeystat.out_invlen++; + V_pfkeystat.out_invlen++; error = EINVAL; goto end; } @@ -141,6 +147,7 @@ struct mbuf *m; int promisc; { + INIT_VNET_IPSEC(curvnet); int error; if (promisc) { @@ -150,7 +157,7 @@ if (m && m->m_len < sizeof(struct sadb_msg)) m = m_pullup(m, sizeof(struct sadb_msg)); if (!m) { - pfkeystat.in_nomem++; + V_pfkeystat.in_nomem++; m_freem(m); return ENOBUFS; } @@ -163,12 +170,12 @@ pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); /* pid and seq? */ - pfkeystat.in_msgtype[pmsg->sadb_msg_type]++; + V_pfkeystat.in_msgtype[pmsg->sadb_msg_type]++; } - if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src, + if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&V_key_src, m, NULL)) { - pfkeystat.in_nomem++; + V_pfkeystat.in_nomem++; m_freem(m); error = ENOBUFS; } else @@ -201,9 +208,9 @@ * we increment statistics here, just in case we have ENOBUFS * in this function. */ - pfkeystat.in_total++; - pfkeystat.in_bytes += len; - pfkeystat.in_msgtype[msg->sadb_msg_type]++; + V_pfkeystat.in_total++; + V_pfkeystat.in_bytes += len; + V_pfkeystat.in_msgtype[msg->sadb_msg_type]++; /* * Get mbuf chain whenever possible (not clusters), @@ -220,14 +227,14 @@ if (tlen == len) { MGETHDR(n, M_DONTWAIT, MT_DATA); if (n == NULL) { - pfkeystat.in_nomem++; + V_pfkeystat.in_nomem++; return ENOBUFS; } n->m_len = MHLEN; } else { MGET(n, M_DONTWAIT, MT_DATA); if (n == NULL) { - pfkeystat.in_nomem++; + V_pfkeystat.in_nomem++; return ENOBUFS; } n->m_len = MLEN; @@ -237,7 +244,7 @@ if ((n->m_flags & M_EXT) == 0) { m_free(n); m_freem(m); - pfkeystat.in_nomem++; + V_pfkeystat.in_nomem++; return ENOBUFS; } n->m_len = MCLBYTES; @@ -260,9 +267,9 @@ m_copyback(m, 0, len, (caddr_t)msg); /* avoid duplicated statistics */ - pfkeystat.in_total--; - pfkeystat.in_bytes -= len; - pfkeystat.in_msgtype[msg->sadb_msg_type]--; + V_pfkeystat.in_total--; + V_pfkeystat.in_bytes -= len; + V_pfkeystat.in_msgtype[msg->sadb_msg_type]--; return key_sendup_mbuf(so, m, target); } @@ -275,6 +282,7 @@ int target; { INIT_VNET_NET(curvnet); + INIT_VNET_IPSEC(curvnet); struct mbuf *n; struct keycb *kp; int sendup; @@ -286,19 +294,19 @@ if (so == NULL && target == KEY_SENDUP_ONE) panic("%s: NULL pointer was passed.\n", __func__); - pfkeystat.in_total++; - pfkeystat.in_bytes += m->m_pkthdr.len; + V_pfkeystat.in_total++; + V_pfkeystat.in_bytes += m->m_pkthdr.len; if (m->m_len < sizeof(struct sadb_msg)) { m = m_pullup(m, sizeof(struct sadb_msg)); if (m == NULL) { - pfkeystat.in_nomem++; + V_pfkeystat.in_nomem++; return ENOBUFS; } } if (m->m_len >= sizeof(struct sadb_msg)) { struct sadb_msg *msg; msg = mtod(m, struct sadb_msg *); - pfkeystat.in_msgtype[msg->sadb_msg_type]++; + V_pfkeystat.in_msgtype[msg->sadb_msg_type]++; } mtx_lock(&rawcb_mtx); LIST_FOREACH(rp, &V_rawcb_list, list) @@ -343,14 +351,14 @@ sendup++; break; } - pfkeystat.in_msgtarget[target]++; + V_pfkeystat.in_msgtarget[target]++; if (!sendup) continue; if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) { m_freem(m); - pfkeystat.in_nomem++; + V_pfkeystat.in_nomem++; mtx_unlock(&rawcb_mtx); return ENOBUFS; } @@ -392,6 +400,7 @@ static int key_attach(struct socket *so, int proto, struct thread *td) { + INIT_VNET_IPSEC(curvnet); struct keycb *kp; int error; @@ -414,10 +423,10 @@ kp->kp_promisc = kp->kp_registered = 0; if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */ - key_cb.key_count++; - key_cb.any_count++; - kp->kp_raw.rcb_laddr = &key_src; - kp->kp_raw.rcb_faddr = &key_dst; + V_key_cb.key_count++; + V_key_cb.any_count++; + kp->kp_raw.rcb_laddr = &V_key_src; + kp->kp_raw.rcb_faddr = &V_key_dst; soisconnected(so); so->so_options |= SO_USELOOPBACK; @@ -462,13 +471,14 @@ static void key_detach(struct socket *so) { + INIT_VNET_IPSEC(curvnet); struct keycb *kp = (struct keycb *)sotorawcb(so); KASSERT(kp != NULL, ("key_detach: kp == NULL")); if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */ - key_cb.key_count--; - key_cb.any_count--; + V_key_cb.key_count--; + V_key_cb.any_count--; key_freereg(so); raw_usrreqs.pru_detach(so); @@ -564,7 +574,14 @@ static void key_init0(void) { - bzero((caddr_t)&key_cb, sizeof(key_cb)); + INIT_VNET_IPSEC(curvnet); + + V_key_dst.sa_len = 2; + V_key_dst.sa_family = PF_KEY; + V_key_src.sa_len = 2; + V_key_src.sa_family = PF_KEY; + + bzero((caddr_t)&V_key_cb, sizeof(V_key_cb)); key_init(); } ==== //depot/projects/vimage/src/sys/netipsec/keysock.h#2 (text+ko) ==== @@ -57,7 +57,12 @@ /* others */ u_quad_t sockerr; /* # of socket related errors */ }; - +#ifdef VIMAGE +struct key_cb { + int key_count; + int any_count; +}; +#endif #define KEY_SENDUP_ONE 0 #define KEY_SENDUP_ALL 1 #define KEY_SENDUP_REGISTERED 2 ==== //depot/projects/vimage/src/sys/netipsec/vipsec.h#6 (text+ko) ==== @@ -50,6 +50,8 @@ #include <net/route.h> #include <net/raw_cb.h> +#include <netipsec/keysock.h> + struct vnet_ipsec { struct vnet *parent_vnet; @@ -107,6 +109,11 @@ int _ipcomp_enable; struct ipcompstat _ipcompstat; + + struct pfkeystat _pfkeystat; + struct key_cb _key_cb; + struct sockaddr _key_dst; + struct sockaddr _key_src; }; #endif @@ -165,4 +172,8 @@ #define V_ahstat VNET_IPSEC(ahstat) #define V_ipcomp_enable VNET_IPSEC(ipcomp_enable) #define V_ipcompstat VNET_IPSEC(ipcompstat) +#define V_pfkeystat VNET_IPSEC(pfkeystat) +#define V_key_cb VNET_IPSEC(key_cb) +#define V_key_dst VNET_IPSEC(key_dst) +#define V_key_src VNET_IPSEC(key_src) #endif /* !_NETIPSEC_VIPSEC_H_ */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707231718.l6NHI3cP095929>