PERFORCE change 123978 for review
Ana Kukec
anchie at FreeBSD.org
Mon Jul 23 17:18:04 UTC 2007
http://perforce.freebsd.org/chv.cgi?CH=123978
Change 123978 by anchie at anchie_malimis on 2007/07/23 17:17:31
Added support for PF_KEY variables in vnets.
Affected files ...
.. //depot/projects/vimage/src/sys/netipsec/key.c#7 edit
.. //depot/projects/vimage/src/sys/netipsec/keysock.c#6 edit
.. //depot/projects/vimage/src/sys/netipsec/keysock.h#2 edit
.. //depot/projects/vimage/src/sys/netipsec/vipsec.h#6 edit
Differences ...
==== //depot/projects/vimage/src/sys/netipsec/key.c#7 (text+ko) ====
@@ -6742,7 +6742,7 @@
if ((m->m_flags & M_PKTHDR) == 0 ||
m->m_pkthdr.len != m->m_pkthdr.len) {
ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__));
- pfkeystat.out_invlen++;
+ V_pfkeystat.out_invlen++;
error = EINVAL;
goto senderror;
}
@@ -6750,7 +6750,7 @@
if (msg->sadb_msg_version != PF_KEY_V2) {
ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n",
__func__, msg->sadb_msg_version));
- pfkeystat.out_invver++;
+ V_pfkeystat.out_invver++;
error = EINVAL;
goto senderror;
}
@@ -6758,7 +6758,7 @@
if (msg->sadb_msg_type > SADB_MAX) {
ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n",
__func__, msg->sadb_msg_type));
- pfkeystat.out_invmsgtype++;
+ V_pfkeystat.out_invmsgtype++;
error = EINVAL;
goto senderror;
}
@@ -6811,7 +6811,7 @@
ipseclog((LOG_DEBUG, "%s: must specify satype "
"when msg type=%u.\n", __func__,
msg->sadb_msg_type));
- pfkeystat.out_invsatype++;
+ V_pfkeystat.out_invsatype++;
error = EINVAL;
goto senderror;
}
@@ -6831,7 +6831,7 @@
case SADB_X_SPDDELETE2:
ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n",
__func__, msg->sadb_msg_type));
- pfkeystat.out_invsatype++;
+ V_pfkeystat.out_invsatype++;
error = EINVAL;
goto senderror;
}
@@ -6842,7 +6842,7 @@
case SADB_SATYPE_MIP:
ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n",
__func__, msg->sadb_msg_satype));
- pfkeystat.out_invsatype++;
+ V_pfkeystat.out_invsatype++;
error = EOPNOTSUPP;
goto senderror;
case 1: /* XXX: What does it do? */
@@ -6852,7 +6852,7 @@
default:
ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n",
__func__, msg->sadb_msg_satype));
- pfkeystat.out_invsatype++;
+ V_pfkeystat.out_invsatype++;
error = EINVAL;
goto senderror;
}
@@ -6870,7 +6870,7 @@
if (src0->sadb_address_proto != dst0->sadb_address_proto) {
ipseclog((LOG_DEBUG, "%s: upper layer protocol "
"mismatched.\n", __func__));
- pfkeystat.out_invaddr++;
+ V_pfkeystat.out_invaddr++;
error = EINVAL;
goto senderror;
}
@@ -6880,7 +6880,7 @@
PFKEY_ADDR_SADDR(dst0)->sa_family) {
ipseclog((LOG_DEBUG, "%s: address family mismatched.\n",
__func__));
- pfkeystat.out_invaddr++;
+ V_pfkeystat.out_invaddr++;
error = EINVAL;
goto senderror;
}
@@ -6888,7 +6888,7 @@
PFKEY_ADDR_SADDR(dst0)->sa_len) {
ipseclog((LOG_DEBUG, "%s: address struct size "
"mismatched.\n", __func__));
- pfkeystat.out_invaddr++;
+ V_pfkeystat.out_invaddr++;
error = EINVAL;
goto senderror;
}
@@ -6897,7 +6897,7 @@
case AF_INET:
if (PFKEY_ADDR_SADDR(src0)->sa_len !=
sizeof(struct sockaddr_in)) {
- pfkeystat.out_invaddr++;
+ V_pfkeystat.out_invaddr++;
error = EINVAL;
goto senderror;
}
@@ -6905,7 +6905,7 @@
case AF_INET6:
if (PFKEY_ADDR_SADDR(src0)->sa_len !=
sizeof(struct sockaddr_in6)) {
- pfkeystat.out_invaddr++;
+ V_pfkeystat.out_invaddr++;
error = EINVAL;
goto senderror;
}
@@ -6913,7 +6913,7 @@
default:
ipseclog((LOG_DEBUG, "%s: unsupported address family\n",
__func__));
- pfkeystat.out_invaddr++;
+ V_pfkeystat.out_invaddr++;
error = EAFNOSUPPORT;
goto senderror;
}
@@ -6935,7 +6935,7 @@
dst0->sadb_address_prefixlen > plen) {
ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n",
__func__));
- pfkeystat.out_invaddr++;
+ V_pfkeystat.out_invaddr++;
error = EINVAL;
goto senderror;
}
@@ -6948,7 +6948,7 @@
if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) ||
key_typesw[msg->sadb_msg_type] == NULL) {
- pfkeystat.out_invmsgtype++;
+ V_pfkeystat.out_invmsgtype++;
error = EINVAL;
goto senderror;
}
@@ -7043,7 +7043,7 @@
ipseclog((LOG_DEBUG, "%s: duplicate ext_type "
"%u\n", __func__, ext->sadb_ext_type));
m_freem(m);
- pfkeystat.out_dupext++;
+ V_pfkeystat.out_dupext++;
return EINVAL;
}
break;
@@ -7051,7 +7051,7 @@
ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n",
__func__, ext->sadb_ext_type));
m_freem(m);
- pfkeystat.out_invexttype++;
+ V_pfkeystat.out_invexttype++;
return EINVAL;
}
@@ -7059,7 +7059,7 @@
if (key_validate_ext(ext, extlen)) {
m_freem(m);
- pfkeystat.out_invlen++;
+ V_pfkeystat.out_invlen++;
return EINVAL;
}
@@ -7077,7 +7077,7 @@
if (off != end) {
m_freem(m);
- pfkeystat.out_invlen++;
+ V_pfkeystat.out_invlen++;
return EINVAL;
}
==== //depot/projects/vimage/src/sys/netipsec/keysock.c#6 (text+ko) ====
@@ -65,9 +65,12 @@
#include <netipsec/key_debug.h>
#include <netipsec/keydb.h>
#include <netipsec/vipsec.h>
-
+#ifdef VIMAGE
+#include <netipsec/keysock.h>
+#endif
#include <machine/stdarg.h>
+#ifndef VIMAGE
struct key_cb {
int key_count;
int any_count;
@@ -76,10 +79,13 @@
static struct sockaddr key_dst = { 2, PF_KEY, };
static struct sockaddr key_src = { 2, PF_KEY, };
+#endif
static int key_sendup0 __P((struct rawcb *, struct mbuf *, int));
+#ifndef VIMAGE
struct pfkeystat pfkeystat;
+#endif
/*
* key_output()
@@ -94,19 +100,19 @@
if (m == 0)
panic("%s: NULL pointer was passed.\n", __func__);
- pfkeystat.out_total++;
- pfkeystat.out_bytes += m->m_pkthdr.len;
+ V_pfkeystat.out_total++;
+ V_pfkeystat.out_bytes += m->m_pkthdr.len;
len = m->m_pkthdr.len;
if (len < sizeof(struct sadb_msg)) {
- pfkeystat.out_tooshort++;
+ V_pfkeystat.out_tooshort++;
error = EINVAL;
goto end;
}
if (m->m_len < sizeof(struct sadb_msg)) {
if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) {
- pfkeystat.out_nomem++;
+ V_pfkeystat.out_nomem++;
error = ENOBUFS;
goto end;
}
@@ -117,9 +123,9 @@
KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m));
msg = mtod(m, struct sadb_msg *);
- pfkeystat.out_msgtype[msg->sadb_msg_type]++;
+ V_pfkeystat.out_msgtype[msg->sadb_msg_type]++;
if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) {
- pfkeystat.out_invlen++;
+ V_pfkeystat.out_invlen++;
error = EINVAL;
goto end;
}
@@ -141,6 +147,7 @@
struct mbuf *m;
int promisc;
{
+ INIT_VNET_IPSEC(curvnet);
int error;
if (promisc) {
@@ -150,7 +157,7 @@
if (m && m->m_len < sizeof(struct sadb_msg))
m = m_pullup(m, sizeof(struct sadb_msg));
if (!m) {
- pfkeystat.in_nomem++;
+ V_pfkeystat.in_nomem++;
m_freem(m);
return ENOBUFS;
}
@@ -163,12 +170,12 @@
pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
/* pid and seq? */
- pfkeystat.in_msgtype[pmsg->sadb_msg_type]++;
+ V_pfkeystat.in_msgtype[pmsg->sadb_msg_type]++;
}
- if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src,
+ if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&V_key_src,
m, NULL)) {
- pfkeystat.in_nomem++;
+ V_pfkeystat.in_nomem++;
m_freem(m);
error = ENOBUFS;
} else
@@ -201,9 +208,9 @@
* we increment statistics here, just in case we have ENOBUFS
* in this function.
*/
- pfkeystat.in_total++;
- pfkeystat.in_bytes += len;
- pfkeystat.in_msgtype[msg->sadb_msg_type]++;
+ V_pfkeystat.in_total++;
+ V_pfkeystat.in_bytes += len;
+ V_pfkeystat.in_msgtype[msg->sadb_msg_type]++;
/*
* Get mbuf chain whenever possible (not clusters),
@@ -220,14 +227,14 @@
if (tlen == len) {
MGETHDR(n, M_DONTWAIT, MT_DATA);
if (n == NULL) {
- pfkeystat.in_nomem++;
+ V_pfkeystat.in_nomem++;
return ENOBUFS;
}
n->m_len = MHLEN;
} else {
MGET(n, M_DONTWAIT, MT_DATA);
if (n == NULL) {
- pfkeystat.in_nomem++;
+ V_pfkeystat.in_nomem++;
return ENOBUFS;
}
n->m_len = MLEN;
@@ -237,7 +244,7 @@
if ((n->m_flags & M_EXT) == 0) {
m_free(n);
m_freem(m);
- pfkeystat.in_nomem++;
+ V_pfkeystat.in_nomem++;
return ENOBUFS;
}
n->m_len = MCLBYTES;
@@ -260,9 +267,9 @@
m_copyback(m, 0, len, (caddr_t)msg);
/* avoid duplicated statistics */
- pfkeystat.in_total--;
- pfkeystat.in_bytes -= len;
- pfkeystat.in_msgtype[msg->sadb_msg_type]--;
+ V_pfkeystat.in_total--;
+ V_pfkeystat.in_bytes -= len;
+ V_pfkeystat.in_msgtype[msg->sadb_msg_type]--;
return key_sendup_mbuf(so, m, target);
}
@@ -275,6 +282,7 @@
int target;
{
INIT_VNET_NET(curvnet);
+ INIT_VNET_IPSEC(curvnet);
struct mbuf *n;
struct keycb *kp;
int sendup;
@@ -286,19 +294,19 @@
if (so == NULL && target == KEY_SENDUP_ONE)
panic("%s: NULL pointer was passed.\n", __func__);
- pfkeystat.in_total++;
- pfkeystat.in_bytes += m->m_pkthdr.len;
+ V_pfkeystat.in_total++;
+ V_pfkeystat.in_bytes += m->m_pkthdr.len;
if (m->m_len < sizeof(struct sadb_msg)) {
m = m_pullup(m, sizeof(struct sadb_msg));
if (m == NULL) {
- pfkeystat.in_nomem++;
+ V_pfkeystat.in_nomem++;
return ENOBUFS;
}
}
if (m->m_len >= sizeof(struct sadb_msg)) {
struct sadb_msg *msg;
msg = mtod(m, struct sadb_msg *);
- pfkeystat.in_msgtype[msg->sadb_msg_type]++;
+ V_pfkeystat.in_msgtype[msg->sadb_msg_type]++;
}
mtx_lock(&rawcb_mtx);
LIST_FOREACH(rp, &V_rawcb_list, list)
@@ -343,14 +351,14 @@
sendup++;
break;
}
- pfkeystat.in_msgtarget[target]++;
+ V_pfkeystat.in_msgtarget[target]++;
if (!sendup)
continue;
if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) {
m_freem(m);
- pfkeystat.in_nomem++;
+ V_pfkeystat.in_nomem++;
mtx_unlock(&rawcb_mtx);
return ENOBUFS;
}
@@ -392,6 +400,7 @@
static int
key_attach(struct socket *so, int proto, struct thread *td)
{
+ INIT_VNET_IPSEC(curvnet);
struct keycb *kp;
int error;
@@ -414,10 +423,10 @@
kp->kp_promisc = kp->kp_registered = 0;
if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */
- key_cb.key_count++;
- key_cb.any_count++;
- kp->kp_raw.rcb_laddr = &key_src;
- kp->kp_raw.rcb_faddr = &key_dst;
+ V_key_cb.key_count++;
+ V_key_cb.any_count++;
+ kp->kp_raw.rcb_laddr = &V_key_src;
+ kp->kp_raw.rcb_faddr = &V_key_dst;
soisconnected(so);
so->so_options |= SO_USELOOPBACK;
@@ -462,13 +471,14 @@
static void
key_detach(struct socket *so)
{
+ INIT_VNET_IPSEC(curvnet);
struct keycb *kp = (struct keycb *)sotorawcb(so);
KASSERT(kp != NULL, ("key_detach: kp == NULL"));
if (kp->kp_raw.rcb_proto.sp_protocol
== PF_KEY) /* XXX: AF_KEY */
- key_cb.key_count--;
- key_cb.any_count--;
+ V_key_cb.key_count--;
+ V_key_cb.any_count--;
key_freereg(so);
raw_usrreqs.pru_detach(so);
@@ -564,7 +574,14 @@
static void
key_init0(void)
{
- bzero((caddr_t)&key_cb, sizeof(key_cb));
+ INIT_VNET_IPSEC(curvnet);
+
+ V_key_dst.sa_len = 2;
+ V_key_dst.sa_family = PF_KEY;
+ V_key_src.sa_len = 2;
+ V_key_src.sa_family = PF_KEY;
+
+ bzero((caddr_t)&V_key_cb, sizeof(V_key_cb));
key_init();
}
==== //depot/projects/vimage/src/sys/netipsec/keysock.h#2 (text+ko) ====
@@ -57,7 +57,12 @@
/* others */
u_quad_t sockerr; /* # of socket related errors */
};
-
+#ifdef VIMAGE
+struct key_cb {
+ int key_count;
+ int any_count;
+};
+#endif
#define KEY_SENDUP_ONE 0
#define KEY_SENDUP_ALL 1
#define KEY_SENDUP_REGISTERED 2
==== //depot/projects/vimage/src/sys/netipsec/vipsec.h#6 (text+ko) ====
@@ -50,6 +50,8 @@
#include <net/route.h>
#include <net/raw_cb.h>
+#include <netipsec/keysock.h>
+
struct vnet_ipsec {
struct vnet *parent_vnet;
@@ -107,6 +109,11 @@
int _ipcomp_enable;
struct ipcompstat _ipcompstat;
+
+ struct pfkeystat _pfkeystat;
+ struct key_cb _key_cb;
+ struct sockaddr _key_dst;
+ struct sockaddr _key_src;
};
#endif
@@ -165,4 +172,8 @@
#define V_ahstat VNET_IPSEC(ahstat)
#define V_ipcomp_enable VNET_IPSEC(ipcomp_enable)
#define V_ipcompstat VNET_IPSEC(ipcompstat)
+#define V_pfkeystat VNET_IPSEC(pfkeystat)
+#define V_key_cb VNET_IPSEC(key_cb)
+#define V_key_dst VNET_IPSEC(key_dst)
+#define V_key_src VNET_IPSEC(key_src)
#endif /* !_NETIPSEC_VIPSEC_H_ */
More information about the p4-projects
mailing list