Date: Tue, 17 Jul 2007 11:45:14 GMT From: Marko Zec <zec@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 123643 for review Message-ID: <200707171145.l6HBjEDI094585@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=123643 Change 123643 by zec@zec_tpx32 on 2007/07/17 11:45:12 Fix missing references to a few virtualized ipsec symbols. Affected files ... .. //depot/projects/vimage/src/sys/netinet/tcp_input.c#18 edit .. //depot/projects/vimage/src/sys/netinet6/ip6_forward.c#8 edit .. //depot/projects/vimage/src/sys/netinet6/raw_ip6.c#13 edit .. //depot/projects/vimage/src/sys/netinet6/udp6_usrreq.c#13 edit .. //depot/projects/vimage/src/sys/netipsec/ipsec_output.c#8 edit .. //depot/projects/vimage/src/sys/netipsec/xform_ipip.c#5 edit Differences ... ==== //depot/projects/vimage/src/sys/netinet/tcp_input.c#18 (text+ko) ==== @@ -467,7 +467,7 @@ #ifdef IPSEC #ifdef INET6 if (isipv6 && inp != NULL && ipsec6_in_reject(m, inp)) { - ipsec6stat.in_polvio++; + V_ipsec6stat.in_polvio++; goto dropunlock; } else #endif /* INET6 */ ==== //depot/projects/vimage/src/sys/netinet6/ip6_forward.c#8 (text+ko) ==== @@ -72,6 +72,7 @@ #include <netipsec/ipsec.h> #include <netipsec/ipsec6.h> #include <netipsec/key.h> +#include <netipsec/vipsec.h> #endif /* IPSEC */ #include <netinet6/ip6protosw.h> @@ -105,6 +106,7 @@ u_int32_t inzone, outzone; struct in6_addr src_in6, dst_in6; #ifdef IPSEC + INIT_VNET_IPSEC(curvnet); struct secpolicy *sp = NULL; int ipsecrt = 0; #endif @@ -121,7 +123,7 @@ * before forwarding packet actually. */ if (ipsec6_in_reject(m, NULL)) { - ipsec6stat.in_polvio++; + V_ipsec6stat.in_polvio++; m_freem(m); return; } @@ -183,7 +185,7 @@ sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, IP_FORWARDING, &error); if (sp == NULL) { - ipsec6stat.out_inval++; + V_ipsec6stat.out_inval++; V_ip6stat.ip6s_cantforward++; if (mcopy) { #if 0 @@ -204,7 +206,7 @@ /* * This packet is just discarded. */ - ipsec6stat.out_polvio++; + V_ipsec6stat.out_polvio++; V_ip6stat.ip6s_cantforward++; KEY_FREESP(&sp); if (mcopy) { ==== //depot/projects/vimage/src/sys/netinet6/raw_ip6.c#13 (text+ko) ==== @@ -103,6 +103,7 @@ #ifdef IPSEC #include <netipsec/ipsec.h> #include <netipsec/ipsec6.h> +#include <netipsec/vipsec.h> #endif /* IPSEC */ #include <machine/stdarg.h> @@ -143,6 +144,9 @@ { INIT_VNET_INET(curvnet); INIT_VNET_INET6(curvnet); +#ifdef IPSEC + INIT_VNET_IPSEC(curvnet); +#endif struct mbuf *m = *mp; register struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); register struct inpcb *in6p; @@ -194,7 +198,7 @@ */ if (n && ipsec6_in_reject(n, last)) { m_freem(n); - ipsec6stat.in_polvio++; + V_ipsec6stat.in_polvio++; /* do not inject data into pcb */ } else #endif /* IPSEC */ @@ -225,7 +229,7 @@ */ if (last && ipsec6_in_reject(m, last)) { m_freem(m); - ipsec6stat.in_polvio++; + V_ipsec6stat.in_polvio++; V_ip6stat.ip6s_delivered--; /* do not inject data into pcb */ INP_UNLOCK(last); ==== //depot/projects/vimage/src/sys/netinet6/udp6_usrreq.c#13 (text+ko) ==== @@ -111,6 +111,7 @@ #ifdef IPSEC #include <netipsec/ipsec.h> #include <netipsec/ipsec6.h> +#include <netipsec/vipsec.h> #endif /* IPSEC */ /* @@ -134,8 +135,9 @@ #ifdef IPSEC /* Check AH/ESP integrity. */ if (ipsec6_in_reject(n, in6p)) { + INIT_VNET_IPSEC(in6p->inp_vnet); m_freem(n); - ipsec6stat.in_polvio++; + V_ipsec6stat.in_polvio++; return; } #endif /* IPSEC */ ==== //depot/projects/vimage/src/sys/netipsec/ipsec_output.c#8 (text+ko) ==== @@ -618,6 +618,7 @@ static int ipsec6_encapsulate(struct mbuf *m, struct secasvar *sav) { + INIT_VNET_IPSEC(curvnet); struct ip6_hdr *oip6; struct ip6_hdr *ip6; size_t plen; @@ -665,7 +666,7 @@ /* construct new IPv6 header. see RFC 2401 5.1.2.2 */ /* ECN consideration. */ - ip6_ecn_ingress(ip6_ipsec_ecn, &ip6->ip6_flow, &oip6->ip6_flow); + ip6_ecn_ingress(V_ip6_ipsec_ecn, &ip6->ip6_flow, &oip6->ip6_flow); if (plen < IPV6_MAXPACKET - sizeof(struct ip6_hdr)) ip6->ip6_plen = htons(plen); else { @@ -732,14 +733,14 @@ ipseclog((LOG_ERR, "%s: family mismatched between " "inner and outer, spi=%u\n", __func__, ntohl(isr->sav->spi))); - ipsec6stat.ips_out_inval++; + V_ipsec6stat.ips_out_inval++; error = EAFNOSUPPORT; goto bad; } m = ipsec6_splithdr(m); if (!m) { - ipsec6stat.ips_out_nomem++; + V_ipsec6stat.ips_out_nomem++; error = ENOMEM; goto bad; } @@ -768,7 +769,7 @@ } if (state->ro->ro_rt == 0) { V_ip6stat.ip6s_noroute++; - ipsec6stat.ips_out_noroute++; + V_ipsec6stat.ips_out_noroute++; error = EHOSTUNREACH; goto bad; } @@ -782,7 +783,7 @@ m = ipsec6_splithdr(m); if (!m) { - ipsec6stat.ips_out_nomem++; + V_ipsec6stat.ips_out_nomem++; error = ENOMEM; goto bad; } ==== //depot/projects/vimage/src/sys/netipsec/xform_ipip.c#5 (text+ko) ==== @@ -308,7 +308,7 @@ ip6 = (struct ip6_hdr *) ipo; nxt = ip6->ip6_nxt; itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff; - ip_ecn_egress(ip6_ipsec_ecn, &otos, &itos); + ip_ecn_egress(V_ip6_ipsec_ecn, &otos, &itos); ip6->ip6_flow &= ~htonl(0xff << 20); ip6->ip6_flow |= htonl((u_int32_t) itos << 20); break;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707171145.l6HBjEDI094585>