From owner-svn-src-all@FreeBSD.ORG Thu Jul 4 08:59:37 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 33CE8E05; Thu, 4 Jul 2013 08:59:37 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 25839186B; Thu, 4 Jul 2013 08:59:37 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r648xbXi029930; Thu, 4 Jul 2013 08:59:37 GMT (envelope-from ae@svn.freebsd.org) Received: (from ae@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r648xYoG029912; Thu, 4 Jul 2013 08:59:34 GMT (envelope-from ae@svn.freebsd.org) Message-Id: <201307040859.r648xYoG029912@svn.freebsd.org> From: "Andrey V. Elsukov" Date: Thu, 4 Jul 2013 08:59:34 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r252693 - stable/9/sys/netipsec X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jul 2013 08:59:37 -0000 Author: ae Date: Thu Jul 4 08:59:34 2013 New Revision: 252693 URL: http://svnweb.freebsd.org/changeset/base/252693 Log: MFC r252028: Use corresponding macros to update statistics for AH, ESP, IPIP, IPCOMP, PFKEY. Modified: stable/9/sys/netipsec/ah_var.h stable/9/sys/netipsec/esp_var.h stable/9/sys/netipsec/ipcomp_var.h stable/9/sys/netipsec/ipip_var.h stable/9/sys/netipsec/ipsec_input.c stable/9/sys/netipsec/ipsec_output.c stable/9/sys/netipsec/key.c stable/9/sys/netipsec/keysock.c stable/9/sys/netipsec/keysock.h stable/9/sys/netipsec/xform_ah.c stable/9/sys/netipsec/xform_esp.c stable/9/sys/netipsec/xform_ipcomp.c stable/9/sys/netipsec/xform_ipip.c Directory Properties: stable/9/sys/ (props changed) Modified: stable/9/sys/netipsec/ah_var.h ============================================================================== --- stable/9/sys/netipsec/ah_var.h Thu Jul 4 08:57:13 2013 (r252692) +++ stable/9/sys/netipsec/ah_var.h Thu Jul 4 08:59:34 2013 (r252693) @@ -75,6 +75,8 @@ VNET_DECLARE(int, ah_enable); VNET_DECLARE(int, ah_cleartos); VNET_DECLARE(struct ahstat, ahstat); +#define AHSTAT_ADD(name, val) V_ahstat.name += (val) +#define AHSTAT_INC(name) AHSTAT_ADD(name, 1) #define V_ah_enable VNET(ah_enable) #define V_ah_cleartos VNET(ah_cleartos) #define V_ahstat VNET(ahstat) Modified: stable/9/sys/netipsec/esp_var.h ============================================================================== --- stable/9/sys/netipsec/esp_var.h Thu Jul 4 08:57:13 2013 (r252692) +++ stable/9/sys/netipsec/esp_var.h Thu Jul 4 08:59:34 2013 (r252693) @@ -75,6 +75,8 @@ struct espstat { VNET_DECLARE(int, esp_enable); VNET_DECLARE(struct espstat, espstat); +#define ESPSTAT_ADD(name, val) V_espstat.name += (val) +#define ESPSTAT_INC(name) ESPSTAT_ADD(name, 1) #define V_esp_enable VNET(esp_enable) #define V_espstat VNET(espstat) #endif /* _KERNEL */ Modified: stable/9/sys/netipsec/ipcomp_var.h ============================================================================== --- stable/9/sys/netipsec/ipcomp_var.h Thu Jul 4 08:57:13 2013 (r252692) +++ stable/9/sys/netipsec/ipcomp_var.h Thu Jul 4 08:59:34 2013 (r252693) @@ -68,6 +68,8 @@ struct ipcompstat { VNET_DECLARE(int, ipcomp_enable); VNET_DECLARE(struct ipcompstat, ipcompstat); +#define IPCOMPSTAT_ADD(name, val) V_ipcompstat.name += (val) +#define IPCOMPSTAT_INC(name) IPCOMPSTAT_ADD(name, 1) #define V_ipcomp_enable VNET(ipcomp_enable) #define V_ipcompstat VNET(ipcompstat) #endif /* _KERNEL */ Modified: stable/9/sys/netipsec/ipip_var.h ============================================================================== --- stable/9/sys/netipsec/ipip_var.h Thu Jul 4 08:57:13 2013 (r252692) +++ stable/9/sys/netipsec/ipip_var.h Thu Jul 4 08:59:34 2013 (r252693) @@ -62,6 +62,8 @@ struct ipipstat VNET_DECLARE(int, ipip_allow); VNET_DECLARE(struct ipipstat, ipipstat); +#define IPIPSTAT_ADD(name, val) V_ipipstat.name += (val) +#define IPIPSTAT_INC(name) IPIPSTAT_ADD(name, 1) #define V_ipip_allow VNET(ipip_allow) #define V_ipipstat VNET(ipipstat) #endif /* _KERNEL */ Modified: stable/9/sys/netipsec/ipsec_input.c ============================================================================== --- stable/9/sys/netipsec/ipsec_input.c Thu Jul 4 08:57:13 2013 (r252692) +++ stable/9/sys/netipsec/ipsec_input.c Thu Jul 4 08:59:34 2013 (r252693) @@ -99,8 +99,14 @@ #endif -#define IPSEC_ISTAT(p,x,y,z) ((p) == IPPROTO_ESP ? (x)++ : \ - (p) == IPPROTO_AH ? (y)++ : (z)++) +#define IPSEC_ISTAT(proto, name) do { \ + if ((proto) == IPPROTO_ESP) \ + ESPSTAT_INC(esps_##name); \ + else if ((proto) == IPPROTO_AH) \ + AHSTAT_INC(ahs_##name); \ + else \ + IPCOMPSTAT_INC(ipcomps_##name); \ +} while (0) #ifdef INET static void ipsec4_common_ctlinput(int, struct sockaddr *, void *, int); @@ -125,8 +131,7 @@ ipsec_common_input(struct mbuf *m, int s #endif #endif - IPSEC_ISTAT(sproto, V_espstat.esps_input, V_ahstat.ahs_input, - V_ipcompstat.ipcomps_input); + IPSEC_ISTAT(sproto, input); IPSEC_ASSERT(m != NULL, ("null packet")); @@ -138,15 +143,13 @@ ipsec_common_input(struct mbuf *m, int s (sproto == IPPROTO_AH && !V_ah_enable) || (sproto == IPPROTO_IPCOMP && !V_ipcomp_enable)) { m_freem(m); - IPSEC_ISTAT(sproto, V_espstat.esps_pdrops, V_ahstat.ahs_pdrops, - V_ipcompstat.ipcomps_pdrops); + IPSEC_ISTAT(sproto, pdrops); return EOPNOTSUPP; } if (m->m_pkthdr.len - skip < 2 * sizeof (u_int32_t)) { m_freem(m); - IPSEC_ISTAT(sproto, V_espstat.esps_hdrops, V_ahstat.ahs_hdrops, - V_ipcompstat.ipcomps_hdrops); + IPSEC_ISTAT(sproto, hdrops); DPRINTF(("%s: packet too small\n", __func__)); return EINVAL; } @@ -197,8 +200,7 @@ ipsec_common_input(struct mbuf *m, int s default: DPRINTF(("%s: unsupported protocol family %u\n", __func__, af)); m_freem(m); - IPSEC_ISTAT(sproto, V_espstat.esps_nopf, V_ahstat.ahs_nopf, - V_ipcompstat.ipcomps_nopf); + IPSEC_ISTAT(sproto, nopf); return EPFNOSUPPORT; } @@ -208,8 +210,7 @@ ipsec_common_input(struct mbuf *m, int s DPRINTF(("%s: no key association found for SA %s/%08lx/%u\n", __func__, ipsec_address(&dst_address), (u_long) ntohl(spi), sproto)); - IPSEC_ISTAT(sproto, V_espstat.esps_notdb, V_ahstat.ahs_notdb, - V_ipcompstat.ipcomps_notdb); + IPSEC_ISTAT(sproto, notdb); m_freem(m); return ENOENT; } @@ -218,8 +219,7 @@ ipsec_common_input(struct mbuf *m, int s DPRINTF(("%s: attempted to use uninitialized SA %s/%08lx/%u\n", __func__, ipsec_address(&dst_address), (u_long) ntohl(spi), sproto)); - IPSEC_ISTAT(sproto, V_espstat.esps_noxform, V_ahstat.ahs_noxform, - V_ipcompstat.ipcomps_noxform); + IPSEC_ISTAT(sproto, noxform); KEY_FREESAV(&sav); m_freem(m); return ENXIO; @@ -321,8 +321,7 @@ ipsec4_common_input_cb(struct mbuf *m, s /* Sanity check */ if (m == NULL) { DPRINTF(("%s: null mbuf", __func__)); - IPSEC_ISTAT(sproto, V_espstat.esps_badkcr, V_ahstat.ahs_badkcr, - V_ipcompstat.ipcomps_badkcr); + IPSEC_ISTAT(sproto, badkcr); KEY_FREESAV(&sav); return EINVAL; } @@ -333,8 +332,7 @@ ipsec4_common_input_cb(struct mbuf *m, s DPRINTF(("%s: processing failed for SA %s/%08lx\n", __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); - IPSEC_ISTAT(sproto, V_espstat.esps_hdrops, V_ahstat.ahs_hdrops, - V_ipcompstat.ipcomps_hdrops); + IPSEC_ISTAT(sproto, hdrops); error = ENOBUFS; goto bad; } @@ -355,9 +353,7 @@ ipsec4_common_input_cb(struct mbuf *m, s struct ip ipn; if (m->m_pkthdr.len - skip < sizeof(struct ip)) { - IPSEC_ISTAT(sproto, V_espstat.esps_hdrops, - V_ahstat.ahs_hdrops, - V_ipcompstat.ipcomps_hdrops); + IPSEC_ISTAT(sproto, hdrops); error = EINVAL; goto bad; } @@ -386,9 +382,7 @@ ipsec4_common_input_cb(struct mbuf *m, s ipsp_address(saidx->dst), (u_long) ntohl(sav->spi))); - IPSEC_ISTAT(sproto, V_espstat.esps_pdrops, - V_ahstat.ahs_pdrops, - V_ipcompstat.ipcomps_pdrops); + IPSEC_ISTAT(sproto, pdrops); error = EACCES; goto bad; } @@ -399,9 +393,7 @@ ipsec4_common_input_cb(struct mbuf *m, s struct ip6_hdr ip6n; if (m->m_pkthdr.len - skip < sizeof(struct ip6_hdr)) { - IPSEC_ISTAT(sproto, V_espstat.esps_hdrops, - V_ahstat.ahs_hdrops, - V_ipcompstat.ipcomps_hdrops); + IPSEC_ISTAT(sproto, hdrops); error = EINVAL; goto bad; } @@ -428,9 +420,7 @@ ipsec4_common_input_cb(struct mbuf *m, s ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); - IPSEC_ISTAT(sproto, V_espstat.esps_pdrops, - V_ahstat.ahs_pdrops, - V_ipcompstat.ipcomps_pdrops); + IPSEC_ISTAT(sproto, pdrops); error = EACCES; goto bad; } @@ -451,8 +441,7 @@ ipsec4_common_input_cb(struct mbuf *m, s sizeof(struct tdb_ident), M_NOWAIT); if (mtag == NULL) { DPRINTF(("%s: failed to get tag\n", __func__)); - IPSEC_ISTAT(sproto, V_espstat.esps_hdrops, - V_ahstat.ahs_hdrops, V_ipcompstat.ipcomps_hdrops); + IPSEC_ISTAT(sproto, hdrops); error = ENOMEM; goto bad; } @@ -494,9 +483,7 @@ ipsec4_common_input_cb(struct mbuf *m, s * Re-dispatch via software interrupt. */ if ((error = netisr_queue_src(NETISR_IP, (uintptr_t)sav->spi, m))) { - IPSEC_ISTAT(sproto, V_espstat.esps_qfull, V_ahstat.ahs_qfull, - V_ipcompstat.ipcomps_qfull); - + IPSEC_ISTAT(sproto, qfull); DPRINTF(("%s: queue full; proto %u packet dropped\n", __func__, sproto)); return error; @@ -548,9 +535,7 @@ ipsec6_common_input(struct mbuf **mp, in if (protoff + l != *offp) { DPRINTF(("%s: bad packet header chain, protoff %u, " "l %u, off %u\n", __func__, protoff, l, *offp)); - IPSEC_ISTAT(proto, V_espstat.esps_hdrops, - V_ahstat.ahs_hdrops, - V_ipcompstat.ipcomps_hdrops); + IPSEC_ISTAT(proto, hdrops); m_freem(*mp); *mp = NULL; return IPPROTO_DONE; @@ -595,8 +580,7 @@ ipsec6_common_input_cb(struct mbuf *m, s /* Sanity check */ if (m == NULL) { DPRINTF(("%s: null mbuf", __func__)); - IPSEC_ISTAT(sproto, V_espstat.esps_badkcr, V_ahstat.ahs_badkcr, - V_ipcompstat.ipcomps_badkcr); + IPSEC_ISTAT(sproto, badkcr); error = EINVAL; goto bad; } @@ -609,8 +593,7 @@ ipsec6_common_input_cb(struct mbuf *m, s __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); - IPSEC_ISTAT(sproto, V_espstat.esps_hdrops, V_ahstat.ahs_hdrops, - V_ipcompstat.ipcomps_hdrops); + IPSEC_ISTAT(sproto, hdrops); error = EACCES; goto bad; } @@ -628,9 +611,7 @@ ipsec6_common_input_cb(struct mbuf *m, s struct ip ipn; if (m->m_pkthdr.len - skip < sizeof(struct ip)) { - IPSEC_ISTAT(sproto, V_espstat.esps_hdrops, - V_ahstat.ahs_hdrops, - V_ipcompstat.ipcomps_hdrops); + IPSEC_ISTAT(sproto, hdrops); error = EINVAL; goto bad; } @@ -655,8 +636,7 @@ ipsec6_common_input_cb(struct mbuf *m, s ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); - IPSEC_ISTATsproto, (V_espstat.esps_pdrops, - V_ahstat.ahs_pdrops, V_ipcompstat.ipcomps_pdrops); + IPSEC_ISTAT(sproto, pdrops); error = EACCES; goto bad; } @@ -668,9 +648,7 @@ ipsec6_common_input_cb(struct mbuf *m, s struct ip6_hdr ip6n; if (m->m_pkthdr.len - skip < sizeof(struct ip6_hdr)) { - IPSEC_ISTAT(sproto, V_espstat.esps_hdrops, - V_ahstat.ahs_hdrops, - V_ipcompstat.ipcomps_hdrops); + IPSEC_ISTAT(sproto, hdrops); error = EINVAL; goto bad; } @@ -697,8 +675,7 @@ ipsec6_common_input_cb(struct mbuf *m, s ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); - IPSEC_ISTAT(sproto, V_espstat.esps_pdrops, - V_ahstat.ahs_pdrops, V_ipcompstat.ipcomps_pdrops); + IPSEC_ISTAT(sproto, pdrops); error = EACCES; goto bad; } @@ -718,8 +695,7 @@ ipsec6_common_input_cb(struct mbuf *m, s sizeof(struct tdb_ident), M_NOWAIT); if (mtag == NULL) { DPRINTF(("%s: failed to get tag\n", __func__)); - IPSEC_ISTAT(sproto, V_espstat.esps_hdrops, - V_ahstat.ahs_hdrops, V_ipcompstat.ipcomps_hdrops); + IPSEC_ISTAT(sproto, hdrops); error = ENOMEM; goto bad; } Modified: stable/9/sys/netipsec/ipsec_output.c ============================================================================== --- stable/9/sys/netipsec/ipsec_output.c Thu Jul 4 08:57:13 2013 (r252692) +++ stable/9/sys/netipsec/ipsec_output.c Thu Jul 4 08:59:34 2013 (r252693) @@ -282,8 +282,14 @@ ipsec_nextisr( int *error ) { -#define IPSEC_OSTAT(x,y,z) (isr->saidx.proto == IPPROTO_ESP ? (x)++ : \ - isr->saidx.proto == IPPROTO_AH ? (y)++ : (z)++) +#define IPSEC_OSTAT(name) do { \ + if (isr->saidx.proto == IPPROTO_ESP) \ + ESPSTAT_INC(esps_##name); \ + else if (isr->saidx.proto == IPPROTO_AH)\ + AHSTAT_INC(ahs_##name); \ + else \ + IPCOMPSTAT_INC(ipcomps_##name); \ +} while (0) struct secasvar *sav; IPSECREQUEST_LOCK_ASSERT(isr); @@ -391,8 +397,7 @@ again: (isr->saidx.proto == IPPROTO_IPCOMP && !V_ipcomp_enable)) { DPRINTF(("%s: IPsec outbound packet dropped due" " to policy (check your sysctls)\n", __func__)); - IPSEC_OSTAT(V_espstat.esps_pdrops, V_ahstat.ahs_pdrops, - V_ipcompstat.ipcomps_pdrops); + IPSEC_OSTAT(pdrops); *error = EHOSTUNREACH; goto bad; } @@ -403,8 +408,7 @@ again: */ if (sav->tdb_xform == NULL) { DPRINTF(("%s: no transform for SA\n", __func__)); - IPSEC_OSTAT(V_espstat.esps_noxform, V_ahstat.ahs_noxform, - V_ipcompstat.ipcomps_noxform); + IPSEC_OSTAT(noxform); *error = EHOSTUNREACH; goto bad; } Modified: stable/9/sys/netipsec/key.c ============================================================================== --- stable/9/sys/netipsec/key.c Thu Jul 4 08:57:13 2013 (r252692) +++ stable/9/sys/netipsec/key.c Thu Jul 4 08:59:34 2013 (r252693) @@ -7340,7 +7340,7 @@ key_parse(m, so) if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len != m->m_pkthdr.len) { ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__)); - V_pfkeystat.out_invlen++; + PFKEYSTAT_INC(out_invlen); error = EINVAL; goto senderror; } @@ -7348,7 +7348,7 @@ key_parse(m, so) if (msg->sadb_msg_version != PF_KEY_V2) { ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n", __func__, msg->sadb_msg_version)); - V_pfkeystat.out_invver++; + PFKEYSTAT_INC(out_invver); error = EINVAL; goto senderror; } @@ -7356,7 +7356,7 @@ key_parse(m, so) if (msg->sadb_msg_type > SADB_MAX) { ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", __func__, msg->sadb_msg_type)); - V_pfkeystat.out_invmsgtype++; + PFKEYSTAT_INC(out_invmsgtype); error = EINVAL; goto senderror; } @@ -7409,7 +7409,7 @@ key_parse(m, so) ipseclog((LOG_DEBUG, "%s: must specify satype " "when msg type=%u.\n", __func__, msg->sadb_msg_type)); - V_pfkeystat.out_invsatype++; + PFKEYSTAT_INC(out_invsatype); error = EINVAL; goto senderror; } @@ -7429,7 +7429,7 @@ key_parse(m, so) case SADB_X_SPDDELETE2: ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", __func__, msg->sadb_msg_type)); - V_pfkeystat.out_invsatype++; + PFKEYSTAT_INC(out_invsatype); error = EINVAL; goto senderror; } @@ -7440,7 +7440,7 @@ key_parse(m, so) case SADB_SATYPE_MIP: ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n", __func__, msg->sadb_msg_satype)); - V_pfkeystat.out_invsatype++; + PFKEYSTAT_INC(out_invsatype); error = EOPNOTSUPP; goto senderror; case 1: /* XXX: What does it do? */ @@ -7450,7 +7450,7 @@ key_parse(m, so) default: ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", __func__, msg->sadb_msg_satype)); - V_pfkeystat.out_invsatype++; + PFKEYSTAT_INC(out_invsatype); error = EINVAL; goto senderror; } @@ -7468,7 +7468,7 @@ key_parse(m, so) if (src0->sadb_address_proto != dst0->sadb_address_proto) { ipseclog((LOG_DEBUG, "%s: upper layer protocol " "mismatched.\n", __func__)); - V_pfkeystat.out_invaddr++; + PFKEYSTAT_INC(out_invaddr); error = EINVAL; goto senderror; } @@ -7478,7 +7478,7 @@ key_parse(m, so) PFKEY_ADDR_SADDR(dst0)->sa_family) { ipseclog((LOG_DEBUG, "%s: address family mismatched.\n", __func__)); - V_pfkeystat.out_invaddr++; + PFKEYSTAT_INC(out_invaddr); error = EINVAL; goto senderror; } @@ -7486,7 +7486,7 @@ key_parse(m, so) PFKEY_ADDR_SADDR(dst0)->sa_len) { ipseclog((LOG_DEBUG, "%s: address struct size " "mismatched.\n", __func__)); - V_pfkeystat.out_invaddr++; + PFKEYSTAT_INC(out_invaddr); error = EINVAL; goto senderror; } @@ -7495,7 +7495,7 @@ key_parse(m, so) case AF_INET: if (PFKEY_ADDR_SADDR(src0)->sa_len != sizeof(struct sockaddr_in)) { - V_pfkeystat.out_invaddr++; + PFKEYSTAT_INC(out_invaddr); error = EINVAL; goto senderror; } @@ -7503,7 +7503,7 @@ key_parse(m, so) case AF_INET6: if (PFKEY_ADDR_SADDR(src0)->sa_len != sizeof(struct sockaddr_in6)) { - V_pfkeystat.out_invaddr++; + PFKEYSTAT_INC(out_invaddr); error = EINVAL; goto senderror; } @@ -7511,7 +7511,7 @@ key_parse(m, so) default: ipseclog((LOG_DEBUG, "%s: unsupported address family\n", __func__)); - V_pfkeystat.out_invaddr++; + PFKEYSTAT_INC(out_invaddr); error = EAFNOSUPPORT; goto senderror; } @@ -7533,7 +7533,7 @@ key_parse(m, so) dst0->sadb_address_prefixlen > plen) { ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n", __func__)); - V_pfkeystat.out_invaddr++; + PFKEYSTAT_INC(out_invaddr); error = EINVAL; goto senderror; } @@ -7546,7 +7546,7 @@ key_parse(m, so) if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) || key_typesw[msg->sadb_msg_type] == NULL) { - V_pfkeystat.out_invmsgtype++; + PFKEYSTAT_INC(out_invmsgtype); error = EINVAL; goto senderror; } @@ -7648,7 +7648,7 @@ key_align(m, mhp) ipseclog((LOG_DEBUG, "%s: duplicate ext_type " "%u\n", __func__, ext->sadb_ext_type)); m_freem(m); - V_pfkeystat.out_dupext++; + PFKEYSTAT_INC(out_dupext); return EINVAL; } break; @@ -7656,7 +7656,7 @@ key_align(m, mhp) ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n", __func__, ext->sadb_ext_type)); m_freem(m); - V_pfkeystat.out_invexttype++; + PFKEYSTAT_INC(out_invexttype); return EINVAL; } @@ -7664,7 +7664,7 @@ key_align(m, mhp) if (key_validate_ext(ext, extlen)) { m_freem(m); - V_pfkeystat.out_invlen++; + PFKEYSTAT_INC(out_invlen); return EINVAL; } @@ -7682,7 +7682,7 @@ key_align(m, mhp) if (off != end) { m_freem(m); - V_pfkeystat.out_invlen++; + PFKEYSTAT_INC(out_invlen); return EINVAL; } Modified: stable/9/sys/netipsec/keysock.c ============================================================================== --- stable/9/sys/netipsec/keysock.c Thu Jul 4 08:57:13 2013 (r252692) +++ stable/9/sys/netipsec/keysock.c Thu Jul 4 08:59:34 2013 (r252693) @@ -91,19 +91,19 @@ key_output(struct mbuf *m, struct socket if (m == 0) panic("%s: NULL pointer was passed.\n", __func__); - V_pfkeystat.out_total++; - V_pfkeystat.out_bytes += m->m_pkthdr.len; + PFKEYSTAT_INC(out_total); + PFKEYSTAT_ADD(out_bytes, m->m_pkthdr.len); len = m->m_pkthdr.len; if (len < sizeof(struct sadb_msg)) { - V_pfkeystat.out_tooshort++; + PFKEYSTAT_INC(out_tooshort); error = EINVAL; goto end; } if (m->m_len < sizeof(struct sadb_msg)) { if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) { - V_pfkeystat.out_nomem++; + PFKEYSTAT_INC(out_nomem); error = ENOBUFS; goto end; } @@ -114,9 +114,9 @@ key_output(struct mbuf *m, struct socket KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m)); msg = mtod(m, struct sadb_msg *); - V_pfkeystat.out_msgtype[msg->sadb_msg_type]++; + PFKEYSTAT_INC(out_msgtype[msg->sadb_msg_type]); if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) { - V_pfkeystat.out_invlen++; + PFKEYSTAT_INC(out_invlen); error = EINVAL; goto end; } @@ -147,7 +147,7 @@ key_sendup0(rp, m, promisc) if (m && m->m_len < sizeof(struct sadb_msg)) m = m_pullup(m, sizeof(struct sadb_msg)); if (!m) { - V_pfkeystat.in_nomem++; + PFKEYSTAT_INC(in_nomem); m_freem(m); return ENOBUFS; } @@ -160,12 +160,12 @@ key_sendup0(rp, m, promisc) pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); /* pid and seq? */ - V_pfkeystat.in_msgtype[pmsg->sadb_msg_type]++; + PFKEYSTAT_INC(in_msgtype[pmsg->sadb_msg_type]); } if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src, m, NULL)) { - V_pfkeystat.in_nomem++; + PFKEYSTAT_INC(in_nomem); m_freem(m); error = ENOBUFS; } else @@ -197,9 +197,9 @@ key_sendup(so, msg, len, target) * we increment statistics here, just in case we have ENOBUFS * in this function. */ - V_pfkeystat.in_total++; - V_pfkeystat.in_bytes += len; - V_pfkeystat.in_msgtype[msg->sadb_msg_type]++; + PFKEYSTAT_INC(in_total); + PFKEYSTAT_ADD(in_bytes, len); + PFKEYSTAT_INC(in_msgtype[msg->sadb_msg_type]); /* * Get mbuf chain whenever possible (not clusters), @@ -216,14 +216,14 @@ key_sendup(so, msg, len, target) if (tlen == len) { MGETHDR(n, M_DONTWAIT, MT_DATA); if (n == NULL) { - V_pfkeystat.in_nomem++; + PFKEYSTAT_INC(in_nomem); return ENOBUFS; } n->m_len = MHLEN; } else { MGET(n, M_DONTWAIT, MT_DATA); if (n == NULL) { - V_pfkeystat.in_nomem++; + PFKEYSTAT_INC(in_nomem); return ENOBUFS; } n->m_len = MLEN; @@ -233,7 +233,7 @@ key_sendup(so, msg, len, target) if ((n->m_flags & M_EXT) == 0) { m_free(n); m_freem(m); - V_pfkeystat.in_nomem++; + PFKEYSTAT_INC(in_nomem); return ENOBUFS; } n->m_len = MCLBYTES; @@ -256,9 +256,9 @@ key_sendup(so, msg, len, target) m_copyback(m, 0, len, (caddr_t)msg); /* avoid duplicated statistics */ - V_pfkeystat.in_total--; - V_pfkeystat.in_bytes -= len; - V_pfkeystat.in_msgtype[msg->sadb_msg_type]--; + PFKEYSTAT_ADD(in_total, -1); + PFKEYSTAT_ADD(in_bytes, -len); + PFKEYSTAT_ADD(in_msgtype[msg->sadb_msg_type], -1); return key_sendup_mbuf(so, m, target); } @@ -281,19 +281,19 @@ key_sendup_mbuf(so, m, target) if (so == NULL && target == KEY_SENDUP_ONE) panic("%s: NULL pointer was passed.\n", __func__); - V_pfkeystat.in_total++; - V_pfkeystat.in_bytes += m->m_pkthdr.len; + PFKEYSTAT_INC(in_total); + PFKEYSTAT_ADD(in_bytes, m->m_pkthdr.len); if (m->m_len < sizeof(struct sadb_msg)) { m = m_pullup(m, sizeof(struct sadb_msg)); if (m == NULL) { - V_pfkeystat.in_nomem++; + PFKEYSTAT_INC(in_nomem); return ENOBUFS; } } if (m->m_len >= sizeof(struct sadb_msg)) { struct sadb_msg *msg; msg = mtod(m, struct sadb_msg *); - V_pfkeystat.in_msgtype[msg->sadb_msg_type]++; + PFKEYSTAT_INC(in_msgtype[msg->sadb_msg_type]); } mtx_lock(&rawcb_mtx); LIST_FOREACH(rp, &V_rawcb_list, list) @@ -338,14 +338,14 @@ key_sendup_mbuf(so, m, target) sendup++; break; } - V_pfkeystat.in_msgtarget[target]++; + PFKEYSTAT_INC(in_msgtarget[target]); if (!sendup) continue; if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) { m_freem(m); - V_pfkeystat.in_nomem++; + PFKEYSTAT_INC(in_nomem); mtx_unlock(&rawcb_mtx); return ENOBUFS; } Modified: stable/9/sys/netipsec/keysock.h ============================================================================== --- stable/9/sys/netipsec/keysock.h Thu Jul 4 08:57:13 2013 (r252692) +++ stable/9/sys/netipsec/keysock.h Thu Jul 4 08:59:34 2013 (r252693) @@ -70,6 +70,8 @@ struct keycb { }; VNET_DECLARE(struct pfkeystat, pfkeystat); +#define PFKEYSTAT_ADD(name, val) V_pfkeystat.name += (val) +#define PFKEYSTAT_INC(name) PFKEYSTAT_ADD(name, 1) #define V_pfkeystat VNET(pfkeystat) extern int key_output(struct mbuf *m, struct socket *so); Modified: stable/9/sys/netipsec/xform_ah.c ============================================================================== --- stable/9/sys/netipsec/xform_ah.c Thu Jul 4 08:57:13 2013 (r252692) +++ stable/9/sys/netipsec/xform_ah.c Thu Jul 4 08:59:34 2013 (r252693) @@ -596,14 +596,14 @@ ah_input(struct mbuf *m, struct secasvar IP6_EXTHDR_GET(ah, struct newah *, m, skip, rplen); if (ah == NULL) { DPRINTF(("ah_input: cannot pullup header\n")); - V_ahstat.ahs_hdrops++; /*XXX*/ + AHSTAT_INC(ahs_hdrops); /*XXX*/ m_freem(m); return ENOBUFS; } /* Check replay window, if applicable. */ if (sav->replay && !ipsec_chkreplay(ntohl(ah->ah_seq), sav)) { - V_ahstat.ahs_replay++; + AHSTAT_INC(ahs_replay); DPRINTF(("%s: packet replay failure: %s\n", __func__, ipsec_logsastr(sav))); m_freem(m); @@ -620,17 +620,17 @@ ah_input(struct mbuf *m, struct secasvar hl, (u_long) (authsize + rplen - sizeof (struct ah)), ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); - V_ahstat.ahs_badauthl++; + AHSTAT_INC(ahs_badauthl); m_freem(m); return EACCES; } - V_ahstat.ahs_ibytes += m->m_pkthdr.len - skip - hl; + AHSTAT_ADD(ahs_ibytes, m->m_pkthdr.len - skip - hl); /* Get crypto descriptors. */ crp = crypto_getreq(1); if (crp == NULL) { DPRINTF(("%s: failed to acquire crypto descriptor\n",__func__)); - V_ahstat.ahs_crypto++; + AHSTAT_INC(ahs_crypto); m_freem(m); return ENOBUFS; } @@ -670,7 +670,7 @@ ah_input(struct mbuf *m, struct secasvar } if (tc == NULL) { DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); - V_ahstat.ahs_crypto++; + AHSTAT_INC(ahs_crypto); crypto_freereq(crp); m_freem(m); return ENOBUFS; @@ -694,7 +694,7 @@ ah_input(struct mbuf *m, struct secasvar skip, ahx->type, 0); if (error != 0) { /* NB: mbuf is free'd by ah_massage_headers */ - V_ahstat.ahs_hdrops++; + AHSTAT_INC(ahs_hdrops); free(tc, M_XDATA); crypto_freereq(crp); return error; @@ -775,19 +775,19 @@ ah_input_cb(struct cryptop *crp) return error; } - V_ahstat.ahs_noxform++; + AHSTAT_INC(ahs_noxform); DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); error = crp->crp_etype; goto bad; } else { - V_ahstat.ahs_hist[sav->alg_auth]++; + AHSTAT_INC(ahs_hist[sav->alg_auth]); crypto_freereq(crp); /* No longer needed. */ crp = NULL; } /* Shouldn't happen... */ if (m == NULL) { - V_ahstat.ahs_crypto++; + AHSTAT_INC(ahs_crypto); DPRINTF(("%s: bogus returned buffer from crypto\n", __func__)); error = EINVAL; goto bad; @@ -813,7 +813,7 @@ ah_input_cb(struct cryptop *crp) "in SA %s/%08lx\n", __func__, ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); - V_ahstat.ahs_badauth++; + AHSTAT_INC(ahs_badauth); error = EACCES; goto bad; } @@ -844,7 +844,7 @@ ah_input_cb(struct cryptop *crp) m_copydata(m, skip + offsetof(struct newah, ah_seq), sizeof (seq), (caddr_t) &seq); if (ipsec_updatereplay(ntohl(seq), sav)) { - V_ahstat.ahs_replay++; + AHSTAT_INC(ahs_replay); error = ENOBUFS; /*XXX as above*/ goto bad; } @@ -858,7 +858,7 @@ ah_input_cb(struct cryptop *crp) DPRINTF(("%s: mangled mbuf chain for SA %s/%08lx\n", __func__, ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); - V_ahstat.ahs_hdrops++; + AHSTAT_INC(ahs_hdrops); goto bad; } @@ -919,7 +919,7 @@ ah_output( ahx = sav->tdb_authalgxform; IPSEC_ASSERT(ahx != NULL, ("null authentication xform")); - V_ahstat.ahs_output++; + AHSTAT_INC(ahs_output); /* Figure out header size. */ rplen = HDRSIZE(sav); @@ -942,7 +942,7 @@ ah_output( sav->sah->saidx.dst.sa.sa_family, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); - V_ahstat.ahs_nopf++; + AHSTAT_INC(ahs_nopf); error = EPFNOSUPPORT; goto bad; } @@ -953,20 +953,20 @@ ah_output( ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi), rplen + authsize + m->m_pkthdr.len, maxpacketsize)); - V_ahstat.ahs_toobig++; + AHSTAT_INC(ahs_toobig); error = EMSGSIZE; goto bad; } /* Update the counters. */ - V_ahstat.ahs_obytes += m->m_pkthdr.len - skip; + AHSTAT_ADD(ahs_obytes, m->m_pkthdr.len - skip); m = m_unshare(m, M_NOWAIT); if (m == NULL) { DPRINTF(("%s: cannot clone mbuf chain, SA %s/%08lx\n", __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); - V_ahstat.ahs_hdrops++; + AHSTAT_INC(ahs_hdrops); error = ENOBUFS; goto bad; } @@ -979,7 +979,7 @@ ah_output( rplen + authsize, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); - V_ahstat.ahs_hdrops++; /*XXX differs from openbsd */ + AHSTAT_INC(ahs_hdrops); /*XXX differs from openbsd */ error = ENOBUFS; goto bad; } @@ -1007,7 +1007,7 @@ ah_output( __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); - V_ahstat.ahs_wrap++; + AHSTAT_INC(ahs_wrap); error = EINVAL; goto bad; } @@ -1024,7 +1024,7 @@ ah_output( if (crp == NULL) { DPRINTF(("%s: failed to acquire crypto descriptors\n", __func__)); - V_ahstat.ahs_crypto++; + AHSTAT_INC(ahs_crypto); error = ENOBUFS; goto bad; } @@ -1046,7 +1046,7 @@ ah_output( if (tc == NULL) { crypto_freereq(crp); DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); - V_ahstat.ahs_crypto++; + AHSTAT_INC(ahs_crypto); error = ENOBUFS; goto bad; } @@ -1151,7 +1151,7 @@ ah_output_cb(struct cryptop *crp) sav = tc->tc_sav; /* With the isr lock released SA pointer can be updated. */ if (sav != isr->sav) { - V_ahstat.ahs_notdb++; + AHSTAT_INC(ahs_notdb); DPRINTF(("%s: SA expired while in crypto\n", __func__)); error = ENOBUFS; /*XXX*/ goto bad; @@ -1168,7 +1168,7 @@ ah_output_cb(struct cryptop *crp) return error; } - V_ahstat.ahs_noxform++; + AHSTAT_INC(ahs_noxform); DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); error = crp->crp_etype; goto bad; @@ -1176,12 +1176,12 @@ ah_output_cb(struct cryptop *crp) /* Shouldn't happen... */ if (m == NULL) { - V_ahstat.ahs_crypto++; + AHSTAT_INC(ahs_crypto); DPRINTF(("%s: bogus returned buffer from crypto\n", __func__)); error = EINVAL; goto bad; } - V_ahstat.ahs_hist[sav->alg_auth]++; + AHSTAT_INC(ahs_hist[sav->alg_auth]); /* * Copy original headers (with the new protocol number) back Modified: stable/9/sys/netipsec/xform_esp.c ============================================================================== --- stable/9/sys/netipsec/xform_esp.c Thu Jul 4 08:57:13 2013 (r252692) +++ stable/9/sys/netipsec/xform_esp.c Thu Jul 4 08:59:34 2013 (r252693) @@ -286,7 +286,7 @@ esp_input(struct mbuf *m, struct secasva if ( (skip&3) || (m->m_pkthdr.len&3) ){ DPRINTF(("%s: misaligned packet, skip %u pkt len %u", __func__, skip, m->m_pkthdr.len)); - V_espstat.esps_badilen++; + ESPSTAT_INC(esps_badilen); m_freem(m); return EINVAL; } @@ -332,7 +332,7 @@ esp_input(struct mbuf *m, struct secasva plen, espx->blocksize, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); - V_espstat.esps_badilen++; + ESPSTAT_INC(esps_badilen); m_freem(m); return EINVAL; } @@ -343,13 +343,13 @@ esp_input(struct mbuf *m, struct secasva if (esph && sav->replay && !ipsec_chkreplay(ntohl(esp->esp_seq), sav)) { DPRINTF(("%s: packet replay check for %s\n", __func__, ipsec_logsastr(sav))); /*XXX*/ - V_espstat.esps_replay++; + ESPSTAT_INC(esps_replay); m_freem(m); return ENOBUFS; /*XXX*/ } /* Update the counters */ - V_espstat.esps_ibytes += m->m_pkthdr.len - (skip + hlen + alen); + ESPSTAT_ADD(esps_ibytes, m->m_pkthdr.len - (skip + hlen + alen)); /* Find out if we've already done crypto */ for (mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_CRYPTO_DONE, NULL); @@ -368,7 +368,7 @@ esp_input(struct mbuf *m, struct secasva if (crp == NULL) { DPRINTF(("%s: failed to acquire crypto descriptors\n", __func__)); - V_espstat.esps_crypto++; + ESPSTAT_INC(esps_crypto); m_freem(m); return ENOBUFS; } @@ -383,7 +383,7 @@ esp_input(struct mbuf *m, struct secasva if (tc == NULL) { crypto_freereq(crp); DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); - V_espstat.esps_crypto++; + ESPSTAT_INC(esps_crypto); m_freem(m); return ENOBUFS; } @@ -501,7 +501,7 @@ esp_input_cb(struct cryptop *crp) return error; } - V_espstat.esps_noxform++; + ESPSTAT_INC(esps_noxform); DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); error = crp->crp_etype; goto bad; @@ -509,12 +509,12 @@ esp_input_cb(struct cryptop *crp) /* Shouldn't happen... */ if (m == NULL) { - V_espstat.esps_crypto++; + ESPSTAT_INC(esps_crypto); DPRINTF(("%s: bogus returned buffer from crypto\n", __func__)); error = EINVAL; goto bad; } - V_espstat.esps_hist[sav->alg_enc]++; + ESPSTAT_INC(esps_hist[sav->alg_enc]); /* If authentication was performed, check now. */ if (esph != NULL) { @@ -533,7 +533,7 @@ esp_input_cb(struct cryptop *crp) * the verification for us. Otherwise we need to * check the authentication calculation. */ - V_ahstat.ahs_hist[sav->alg_auth]++; + AHSTAT_INC(ahs_hist[sav->alg_auth]); if (mtag == NULL) { /* Copy the authenticator from the packet */ m_copydata(m, m->m_pkthdr.len - alen, @@ -548,7 +548,7 @@ esp_input_cb(struct cryptop *crp) __func__, ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); - V_espstat.esps_badauth++; + ESPSTAT_INC(esps_badauth); error = EACCES; goto bad; } @@ -578,7 +578,7 @@ esp_input_cb(struct cryptop *crp) if (ipsec_updatereplay(ntohl(seq), sav)) { DPRINTF(("%s: packet replay check for %s\n", __func__, ipsec_logsastr(sav))); - V_espstat.esps_replay++; + ESPSTAT_INC(esps_replay); error = ENOBUFS; goto bad; } @@ -593,7 +593,7 @@ esp_input_cb(struct cryptop *crp) /* Remove the ESP header and IV from the mbuf. */ error = m_striphdr(m, skip, hlen); if (error) { - V_espstat.esps_hdrops++; + ESPSTAT_INC(esps_hdrops); DPRINTF(("%s: bad mbuf chain, SA %s/%08lx\n", __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***