PERFORCE change 123643 for review
Marko Zec
zec at FreeBSD.org
Tue Jul 17 11:45:16 UTC 2007
http://perforce.freebsd.org/chv.cgi?CH=123643
Change 123643 by zec at zec_tpx32 on 2007/07/17 11:45:12
Fix missing references to a few virtualized ipsec symbols.
Affected files ...
.. //depot/projects/vimage/src/sys/netinet/tcp_input.c#18 edit
.. //depot/projects/vimage/src/sys/netinet6/ip6_forward.c#8 edit
.. //depot/projects/vimage/src/sys/netinet6/raw_ip6.c#13 edit
.. //depot/projects/vimage/src/sys/netinet6/udp6_usrreq.c#13 edit
.. //depot/projects/vimage/src/sys/netipsec/ipsec_output.c#8 edit
.. //depot/projects/vimage/src/sys/netipsec/xform_ipip.c#5 edit
Differences ...
==== //depot/projects/vimage/src/sys/netinet/tcp_input.c#18 (text+ko) ====
@@ -467,7 +467,7 @@
#ifdef IPSEC
#ifdef INET6
if (isipv6 && inp != NULL && ipsec6_in_reject(m, inp)) {
- ipsec6stat.in_polvio++;
+ V_ipsec6stat.in_polvio++;
goto dropunlock;
} else
#endif /* INET6 */
==== //depot/projects/vimage/src/sys/netinet6/ip6_forward.c#8 (text+ko) ====
@@ -72,6 +72,7 @@
#include <netipsec/ipsec.h>
#include <netipsec/ipsec6.h>
#include <netipsec/key.h>
+#include <netipsec/vipsec.h>
#endif /* IPSEC */
#include <netinet6/ip6protosw.h>
@@ -105,6 +106,7 @@
u_int32_t inzone, outzone;
struct in6_addr src_in6, dst_in6;
#ifdef IPSEC
+ INIT_VNET_IPSEC(curvnet);
struct secpolicy *sp = NULL;
int ipsecrt = 0;
#endif
@@ -121,7 +123,7 @@
* before forwarding packet actually.
*/
if (ipsec6_in_reject(m, NULL)) {
- ipsec6stat.in_polvio++;
+ V_ipsec6stat.in_polvio++;
m_freem(m);
return;
}
@@ -183,7 +185,7 @@
sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND,
IP_FORWARDING, &error);
if (sp == NULL) {
- ipsec6stat.out_inval++;
+ V_ipsec6stat.out_inval++;
V_ip6stat.ip6s_cantforward++;
if (mcopy) {
#if 0
@@ -204,7 +206,7 @@
/*
* This packet is just discarded.
*/
- ipsec6stat.out_polvio++;
+ V_ipsec6stat.out_polvio++;
V_ip6stat.ip6s_cantforward++;
KEY_FREESP(&sp);
if (mcopy) {
==== //depot/projects/vimage/src/sys/netinet6/raw_ip6.c#13 (text+ko) ====
@@ -103,6 +103,7 @@
#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/ipsec6.h>
+#include <netipsec/vipsec.h>
#endif /* IPSEC */
#include <machine/stdarg.h>
@@ -143,6 +144,9 @@
{
INIT_VNET_INET(curvnet);
INIT_VNET_INET6(curvnet);
+#ifdef IPSEC
+ INIT_VNET_IPSEC(curvnet);
+#endif
struct mbuf *m = *mp;
register struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
register struct inpcb *in6p;
@@ -194,7 +198,7 @@
*/
if (n && ipsec6_in_reject(n, last)) {
m_freem(n);
- ipsec6stat.in_polvio++;
+ V_ipsec6stat.in_polvio++;
/* do not inject data into pcb */
} else
#endif /* IPSEC */
@@ -225,7 +229,7 @@
*/
if (last && ipsec6_in_reject(m, last)) {
m_freem(m);
- ipsec6stat.in_polvio++;
+ V_ipsec6stat.in_polvio++;
V_ip6stat.ip6s_delivered--;
/* do not inject data into pcb */
INP_UNLOCK(last);
==== //depot/projects/vimage/src/sys/netinet6/udp6_usrreq.c#13 (text+ko) ====
@@ -111,6 +111,7 @@
#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/ipsec6.h>
+#include <netipsec/vipsec.h>
#endif /* IPSEC */
/*
@@ -134,8 +135,9 @@
#ifdef IPSEC
/* Check AH/ESP integrity. */
if (ipsec6_in_reject(n, in6p)) {
+ INIT_VNET_IPSEC(in6p->inp_vnet);
m_freem(n);
- ipsec6stat.in_polvio++;
+ V_ipsec6stat.in_polvio++;
return;
}
#endif /* IPSEC */
==== //depot/projects/vimage/src/sys/netipsec/ipsec_output.c#8 (text+ko) ====
@@ -618,6 +618,7 @@
static int
ipsec6_encapsulate(struct mbuf *m, struct secasvar *sav)
{
+ INIT_VNET_IPSEC(curvnet);
struct ip6_hdr *oip6;
struct ip6_hdr *ip6;
size_t plen;
@@ -665,7 +666,7 @@
/* construct new IPv6 header. see RFC 2401 5.1.2.2 */
/* ECN consideration. */
- ip6_ecn_ingress(ip6_ipsec_ecn, &ip6->ip6_flow, &oip6->ip6_flow);
+ ip6_ecn_ingress(V_ip6_ipsec_ecn, &ip6->ip6_flow, &oip6->ip6_flow);
if (plen < IPV6_MAXPACKET - sizeof(struct ip6_hdr))
ip6->ip6_plen = htons(plen);
else {
@@ -732,14 +733,14 @@
ipseclog((LOG_ERR, "%s: family mismatched between "
"inner and outer, spi=%u\n", __func__,
ntohl(isr->sav->spi)));
- ipsec6stat.ips_out_inval++;
+ V_ipsec6stat.ips_out_inval++;
error = EAFNOSUPPORT;
goto bad;
}
m = ipsec6_splithdr(m);
if (!m) {
- ipsec6stat.ips_out_nomem++;
+ V_ipsec6stat.ips_out_nomem++;
error = ENOMEM;
goto bad;
}
@@ -768,7 +769,7 @@
}
if (state->ro->ro_rt == 0) {
V_ip6stat.ip6s_noroute++;
- ipsec6stat.ips_out_noroute++;
+ V_ipsec6stat.ips_out_noroute++;
error = EHOSTUNREACH;
goto bad;
}
@@ -782,7 +783,7 @@
m = ipsec6_splithdr(m);
if (!m) {
- ipsec6stat.ips_out_nomem++;
+ V_ipsec6stat.ips_out_nomem++;
error = ENOMEM;
goto bad;
}
==== //depot/projects/vimage/src/sys/netipsec/xform_ipip.c#5 (text+ko) ====
@@ -308,7 +308,7 @@
ip6 = (struct ip6_hdr *) ipo;
nxt = ip6->ip6_nxt;
itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
- ip_ecn_egress(ip6_ipsec_ecn, &otos, &itos);
+ ip_ecn_egress(V_ip6_ipsec_ecn, &otos, &itos);
ip6->ip6_flow &= ~htonl(0xff << 20);
ip6->ip6_flow |= htonl((u_int32_t) itos << 20);
break;
More information about the p4-projects
mailing list