Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 17 Jul 2007 11:45:14 GMT
From:      Marko Zec <zec@FreeBSD.org>
To:        Perforce Change Reviews <perforce@FreeBSD.org>
Subject:   PERFORCE change 123643 for review
Message-ID:  <200707171145.l6HBjEDI094585@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=123643

Change 123643 by zec@zec_tpx32 on 2007/07/17 11:45:12

	Fix missing references to a few virtualized ipsec symbols.

Affected files ...

.. //depot/projects/vimage/src/sys/netinet/tcp_input.c#18 edit
.. //depot/projects/vimage/src/sys/netinet6/ip6_forward.c#8 edit
.. //depot/projects/vimage/src/sys/netinet6/raw_ip6.c#13 edit
.. //depot/projects/vimage/src/sys/netinet6/udp6_usrreq.c#13 edit
.. //depot/projects/vimage/src/sys/netipsec/ipsec_output.c#8 edit
.. //depot/projects/vimage/src/sys/netipsec/xform_ipip.c#5 edit

Differences ...

==== //depot/projects/vimage/src/sys/netinet/tcp_input.c#18 (text+ko) ====

@@ -467,7 +467,7 @@
 #ifdef IPSEC
 #ifdef INET6
 	if (isipv6 && inp != NULL && ipsec6_in_reject(m, inp)) {
-		ipsec6stat.in_polvio++;
+		V_ipsec6stat.in_polvio++;
 		goto dropunlock;
 	} else
 #endif /* INET6 */

==== //depot/projects/vimage/src/sys/netinet6/ip6_forward.c#8 (text+ko) ====

@@ -72,6 +72,7 @@
 #include <netipsec/ipsec.h>
 #include <netipsec/ipsec6.h>
 #include <netipsec/key.h>
+#include <netipsec/vipsec.h>
 #endif /* IPSEC */
 
 #include <netinet6/ip6protosw.h>
@@ -105,6 +106,7 @@
 	u_int32_t inzone, outzone;
 	struct in6_addr src_in6, dst_in6;
 #ifdef IPSEC
+	INIT_VNET_IPSEC(curvnet);
 	struct secpolicy *sp = NULL;
 	int ipsecrt = 0;
 #endif
@@ -121,7 +123,7 @@
 	 * before forwarding packet actually.
 	 */
 	if (ipsec6_in_reject(m, NULL)) {
-		ipsec6stat.in_polvio++;
+		V_ipsec6stat.in_polvio++;
 		m_freem(m);
 		return;
 	}
@@ -183,7 +185,7 @@
 	sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND,
 	    IP_FORWARDING, &error);
 	if (sp == NULL) {
-		ipsec6stat.out_inval++;
+		V_ipsec6stat.out_inval++;
 		V_ip6stat.ip6s_cantforward++;
 		if (mcopy) {
 #if 0
@@ -204,7 +206,7 @@
 		/*
 		 * This packet is just discarded.
 		 */
-		ipsec6stat.out_polvio++;
+		V_ipsec6stat.out_polvio++;
 		V_ip6stat.ip6s_cantforward++;
 		KEY_FREESP(&sp);
 		if (mcopy) {

==== //depot/projects/vimage/src/sys/netinet6/raw_ip6.c#13 (text+ko) ====

@@ -103,6 +103,7 @@
 #ifdef IPSEC
 #include <netipsec/ipsec.h>
 #include <netipsec/ipsec6.h>
+#include <netipsec/vipsec.h>
 #endif /* IPSEC */
 
 #include <machine/stdarg.h>
@@ -143,6 +144,9 @@
 {
 	INIT_VNET_INET(curvnet);
 	INIT_VNET_INET6(curvnet);
+#ifdef IPSEC
+	INIT_VNET_IPSEC(curvnet);
+#endif
 	struct mbuf *m = *mp;
 	register struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
 	register struct inpcb *in6p;
@@ -194,7 +198,7 @@
 			 */
 			if (n && ipsec6_in_reject(n, last)) {
 				m_freem(n);
-				ipsec6stat.in_polvio++;
+				V_ipsec6stat.in_polvio++;
 				/* do not inject data into pcb */
 			} else
 #endif /* IPSEC */
@@ -225,7 +229,7 @@
 	 */
 	if (last && ipsec6_in_reject(m, last)) {
 		m_freem(m);
-		ipsec6stat.in_polvio++;
+		V_ipsec6stat.in_polvio++;
 		V_ip6stat.ip6s_delivered--;
 		/* do not inject data into pcb */
 		INP_UNLOCK(last);

==== //depot/projects/vimage/src/sys/netinet6/udp6_usrreq.c#13 (text+ko) ====

@@ -111,6 +111,7 @@
 #ifdef IPSEC
 #include <netipsec/ipsec.h>
 #include <netipsec/ipsec6.h>
+#include <netipsec/vipsec.h>
 #endif /* IPSEC */
 
 /*
@@ -134,8 +135,9 @@
 #ifdef IPSEC
 	/* Check AH/ESP integrity. */
 	if (ipsec6_in_reject(n, in6p)) {
+		INIT_VNET_IPSEC(in6p->inp_vnet);
 		m_freem(n);
-		ipsec6stat.in_polvio++;
+		V_ipsec6stat.in_polvio++;
 		return;
 	}
 #endif /* IPSEC */

==== //depot/projects/vimage/src/sys/netipsec/ipsec_output.c#8 (text+ko) ====

@@ -618,6 +618,7 @@
 static int
 ipsec6_encapsulate(struct mbuf *m, struct secasvar *sav)
 {
+	INIT_VNET_IPSEC(curvnet);
 	struct ip6_hdr *oip6;
 	struct ip6_hdr *ip6;
 	size_t plen;
@@ -665,7 +666,7 @@
 
 	/* construct new IPv6 header. see RFC 2401 5.1.2.2 */
 	/* ECN consideration. */
-	ip6_ecn_ingress(ip6_ipsec_ecn, &ip6->ip6_flow, &oip6->ip6_flow);
+	ip6_ecn_ingress(V_ip6_ipsec_ecn, &ip6->ip6_flow, &oip6->ip6_flow);
 	if (plen < IPV6_MAXPACKET - sizeof(struct ip6_hdr))
 		ip6->ip6_plen = htons(plen);
 	else {
@@ -732,14 +733,14 @@
 			ipseclog((LOG_ERR, "%s: family mismatched between "
 			    "inner and outer, spi=%u\n", __func__,
 			    ntohl(isr->sav->spi)));
-			ipsec6stat.ips_out_inval++;
+			V_ipsec6stat.ips_out_inval++;
 			error = EAFNOSUPPORT;
 			goto bad;
 		}
 
 		m = ipsec6_splithdr(m);
 		if (!m) {
-			ipsec6stat.ips_out_nomem++;
+			V_ipsec6stat.ips_out_nomem++;
 			error = ENOMEM;
 			goto bad;
 		}
@@ -768,7 +769,7 @@
 		}
 		if (state->ro->ro_rt == 0) {
 			V_ip6stat.ip6s_noroute++;
-			ipsec6stat.ips_out_noroute++;
+			V_ipsec6stat.ips_out_noroute++;
 			error = EHOSTUNREACH;
 			goto bad;
 		}
@@ -782,7 +783,7 @@
 
 	m = ipsec6_splithdr(m);
 	if (!m) {
-		ipsec6stat.ips_out_nomem++;
+		V_ipsec6stat.ips_out_nomem++;
 		error = ENOMEM;
 		goto bad;
 	}

==== //depot/projects/vimage/src/sys/netipsec/xform_ipip.c#5 (text+ko) ====

@@ -308,7 +308,7 @@
                 ip6 = (struct ip6_hdr *) ipo;
                 nxt = ip6->ip6_nxt;
 		itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
-		ip_ecn_egress(ip6_ipsec_ecn, &otos, &itos);
+		ip_ecn_egress(V_ip6_ipsec_ecn, &otos, &itos);
 		ip6->ip6_flow &= ~htonl(0xff << 20);
 		ip6->ip6_flow |= htonl((u_int32_t) itos << 20);
                 break;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707171145.l6HBjEDI094585>