Date: Thu, 20 Jun 2013 11:44:17 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r252028 - head/sys/netipsec Message-ID: <201306201144.r5KBiH1h096244@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Thu Jun 20 11:44:16 2013 New Revision: 252028 URL: http://svnweb.freebsd.org/changeset/base/252028 Log: Use corresponding macros to update statistics for AH, ESP, IPIP, IPCOMP, PFKEY. MFC after: 2 weeks Modified: head/sys/netipsec/ah_var.h head/sys/netipsec/esp_var.h head/sys/netipsec/ipcomp_var.h head/sys/netipsec/ipip_var.h head/sys/netipsec/ipsec_input.c head/sys/netipsec/ipsec_output.c head/sys/netipsec/key.c head/sys/netipsec/keysock.c head/sys/netipsec/keysock.h head/sys/netipsec/xform_ah.c head/sys/netipsec/xform_esp.c head/sys/netipsec/xform_ipcomp.c head/sys/netipsec/xform_ipip.c Modified: head/sys/netipsec/ah_var.h ============================================================================== --- head/sys/netipsec/ah_var.h Thu Jun 20 11:24:38 2013 (r252027) +++ head/sys/netipsec/ah_var.h Thu Jun 20 11:44:16 2013 (r252028) @@ -75,6 +75,8 @@ VNET_DECLARE(int, ah_enable); VNET_DECLARE(int, ah_cleartos); VNET_DECLARE(struct ahstat, ahstat); +#define AHSTAT_ADD(name, val) V_ahstat.name += (val) +#define AHSTAT_INC(name) AHSTAT_ADD(name, 1) #define V_ah_enable VNET(ah_enable) #define V_ah_cleartos VNET(ah_cleartos) #define V_ahstat VNET(ahstat) Modified: head/sys/netipsec/esp_var.h ============================================================================== --- head/sys/netipsec/esp_var.h Thu Jun 20 11:24:38 2013 (r252027) +++ head/sys/netipsec/esp_var.h Thu Jun 20 11:44:16 2013 (r252028) @@ -75,6 +75,8 @@ struct espstat { VNET_DECLARE(int, esp_enable); VNET_DECLARE(struct espstat, espstat); +#define ESPSTAT_ADD(name, val) V_espstat.name += (val) +#define ESPSTAT_INC(name) ESPSTAT_ADD(name, 1) #define V_esp_enable VNET(esp_enable) #define V_espstat VNET(espstat) #endif /* _KERNEL */ Modified: head/sys/netipsec/ipcomp_var.h ============================================================================== --- head/sys/netipsec/ipcomp_var.h Thu Jun 20 11:24:38 2013 (r252027) +++ head/sys/netipsec/ipcomp_var.h Thu Jun 20 11:44:16 2013 (r252028) @@ -68,6 +68,8 @@ struct ipcompstat { VNET_DECLARE(int, ipcomp_enable); VNET_DECLARE(struct ipcompstat, ipcompstat); +#define IPCOMPSTAT_ADD(name, val) V_ipcompstat.name += (val) +#define IPCOMPSTAT_INC(name) IPCOMPSTAT_ADD(name, 1) #define V_ipcomp_enable VNET(ipcomp_enable) #define V_ipcompstat VNET(ipcompstat) #endif /* _KERNEL */ Modified: head/sys/netipsec/ipip_var.h ============================================================================== --- head/sys/netipsec/ipip_var.h Thu Jun 20 11:24:38 2013 (r252027) +++ head/sys/netipsec/ipip_var.h Thu Jun 20 11:44:16 2013 (r252028) @@ -62,6 +62,8 @@ struct ipipstat VNET_DECLARE(int, ipip_allow); VNET_DECLARE(struct ipipstat, ipipstat); +#define IPIPSTAT_ADD(name, val) V_ipipstat.name += (val) +#define IPIPSTAT_INC(name) IPIPSTAT_ADD(name, 1) #define V_ipip_allow VNET(ipip_allow) #define V_ipipstat VNET(ipipstat) #endif /* _KERNEL */ Modified: head/sys/netipsec/ipsec_input.c ============================================================================== --- head/sys/netipsec/ipsec_input.c Thu Jun 20 11:24:38 2013 (r252027) +++ head/sys/netipsec/ipsec_input.c Thu Jun 20 11:44:16 2013 (r252028) @@ -99,8 +99,14 @@ #endif -#define IPSEC_ISTAT(p,x,y,z) ((p) == IPPROTO_ESP ? (x)++ : \ - (p) == IPPROTO_AH ? (y)++ : (z)++) +#define IPSEC_ISTAT(proto, name) do { \ + if ((proto) == IPPROTO_ESP) \ + ESPSTAT_INC(esps_##name); \ + else if ((proto) == IPPROTO_AH) \ + AHSTAT_INC(ahs_##name); \ + else \ + IPCOMPSTAT_INC(ipcomps_##name); \ +} while (0) #ifdef INET static void ipsec4_common_ctlinput(int, struct sockaddr *, void *, int); @@ -125,8 +131,7 @@ ipsec_common_input(struct mbuf *m, int s #endif #endif - IPSEC_ISTAT(sproto, V_espstat.esps_input, V_ahstat.ahs_input, - V_ipcompstat.ipcomps_input); + IPSEC_ISTAT(sproto, input); IPSEC_ASSERT(m != NULL, ("null packet")); @@ -138,15 +143,13 @@ ipsec_common_input(struct mbuf *m, int s (sproto == IPPROTO_AH && !V_ah_enable) || (sproto == IPPROTO_IPCOMP && !V_ipcomp_enable)) { m_freem(m); - IPSEC_ISTAT(sproto, V_espstat.esps_pdrops, V_ahstat.ahs_pdrops, - V_ipcompstat.ipcomps_pdrops); + IPSEC_ISTAT(sproto, pdrops); return EOPNOTSUPP; } if (m->m_pkthdr.len - skip < 2 * sizeof (u_int32_t)) { m_freem(m); - IPSEC_ISTAT(sproto, V_espstat.esps_hdrops, V_ahstat.ahs_hdrops, - V_ipcompstat.ipcomps_hdrops); + IPSEC_ISTAT(sproto, hdrops); DPRINTF(("%s: packet too small\n", __func__)); return EINVAL; } @@ -197,8 +200,7 @@ ipsec_common_input(struct mbuf *m, int s default: DPRINTF(("%s: unsupported protocol family %u\n", __func__, af)); m_freem(m); - IPSEC_ISTAT(sproto, V_espstat.esps_nopf, V_ahstat.ahs_nopf, - V_ipcompstat.ipcomps_nopf); + IPSEC_ISTAT(sproto, nopf); return EPFNOSUPPORT; } @@ -208,8 +210,7 @@ ipsec_common_input(struct mbuf *m, int s DPRINTF(("%s: no key association found for SA %s/%08lx/%u\n", __func__, ipsec_address(&dst_address), (u_long) ntohl(spi), sproto)); - IPSEC_ISTAT(sproto, V_espstat.esps_notdb, V_ahstat.ahs_notdb, - V_ipcompstat.ipcomps_notdb); + IPSEC_ISTAT(sproto, notdb); m_freem(m); return ENOENT; } @@ -218,8 +219,7 @@ ipsec_common_input(struct mbuf *m, int s DPRINTF(("%s: attempted to use uninitialized SA %s/%08lx/%u\n", __func__, ipsec_address(&dst_address), (u_long) ntohl(spi), sproto)); - IPSEC_ISTAT(sproto, V_espstat.esps_noxform, V_ahstat.ahs_noxform, - V_ipcompstat.ipcomps_noxform); + IPSEC_ISTAT(sproto, noxform); KEY_FREESAV(&sav); m_freem(m); return ENXIO; @@ -321,8 +321,7 @@ ipsec4_common_input_cb(struct mbuf *m, s /* Sanity check */ if (m == NULL) { DPRINTF(("%s: null mbuf", __func__)); - IPSEC_ISTAT(sproto, V_espstat.esps_badkcr, V_ahstat.ahs_badkcr, - V_ipcompstat.ipcomps_badkcr); + IPSEC_ISTAT(sproto, badkcr); KEY_FREESAV(&sav); return EINVAL; } @@ -336,8 +335,7 @@ ipsec4_common_input_cb(struct mbuf *m, s DPRINTF(("%s: processing failed for SA %s/%08lx\n", __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); - IPSEC_ISTAT(sproto, V_espstat.esps_hdrops, V_ahstat.ahs_hdrops, - V_ipcompstat.ipcomps_hdrops); + IPSEC_ISTAT(sproto, hdrops); error = ENOBUFS; goto bad; } @@ -357,9 +355,7 @@ ipsec4_common_input_cb(struct mbuf *m, s struct ip ipn; if (m->m_pkthdr.len - skip < sizeof(struct ip)) { - IPSEC_ISTAT(sproto, V_espstat.esps_hdrops, - V_ahstat.ahs_hdrops, - V_ipcompstat.ipcomps_hdrops); + IPSEC_ISTAT(sproto, hdrops); error = EINVAL; goto bad; } @@ -388,9 +384,7 @@ ipsec4_common_input_cb(struct mbuf *m, s ipsp_address(saidx->dst), (u_long) ntohl(sav->spi))); - IPSEC_ISTAT(sproto, V_espstat.esps_pdrops, - V_ahstat.ahs_pdrops, - V_ipcompstat.ipcomps_pdrops); + IPSEC_ISTAT(sproto, pdrops); error = EACCES; goto bad; } @@ -401,9 +395,7 @@ ipsec4_common_input_cb(struct mbuf *m, s struct ip6_hdr ip6n; if (m->m_pkthdr.len - skip < sizeof(struct ip6_hdr)) { - IPSEC_ISTAT(sproto, V_espstat.esps_hdrops, - V_ahstat.ahs_hdrops, - V_ipcompstat.ipcomps_hdrops); + IPSEC_ISTAT(sproto, hdrops); error = EINVAL; goto bad; } @@ -430,9 +422,7 @@ ipsec4_common_input_cb(struct mbuf *m, s ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); - IPSEC_ISTAT(sproto, V_espstat.esps_pdrops, - V_ahstat.ahs_pdrops, - V_ipcompstat.ipcomps_pdrops); + IPSEC_ISTAT(sproto, pdrops); error = EACCES; goto bad; } @@ -453,8 +443,7 @@ ipsec4_common_input_cb(struct mbuf *m, s sizeof(struct tdb_ident), M_NOWAIT); if (mtag == NULL) { DPRINTF(("%s: failed to get tag\n", __func__)); - IPSEC_ISTAT(sproto, V_espstat.esps_hdrops, - V_ahstat.ahs_hdrops, V_ipcompstat.ipcomps_hdrops); + IPSEC_ISTAT(sproto, hdrops); error = ENOMEM; goto bad; } @@ -494,9 +483,7 @@ ipsec4_common_input_cb(struct mbuf *m, s * Re-dispatch via software interrupt. */ if ((error = netisr_queue_src(NETISR_IP, (uintptr_t)sav->spi, m))) { - IPSEC_ISTAT(sproto, V_espstat.esps_qfull, V_ahstat.ahs_qfull, - V_ipcompstat.ipcomps_qfull); - + IPSEC_ISTAT(sproto, qfull); DPRINTF(("%s: queue full; proto %u packet dropped\n", __func__, sproto)); return error; @@ -548,9 +535,7 @@ ipsec6_common_input(struct mbuf **mp, in if (protoff + l != *offp) { DPRINTF(("%s: bad packet header chain, protoff %u, " "l %u, off %u\n", __func__, protoff, l, *offp)); - IPSEC_ISTAT(proto, V_espstat.esps_hdrops, - V_ahstat.ahs_hdrops, - V_ipcompstat.ipcomps_hdrops); + IPSEC_ISTAT(proto, hdrops); m_freem(*mp); *mp = NULL; return IPPROTO_DONE; @@ -595,8 +580,7 @@ ipsec6_common_input_cb(struct mbuf *m, s /* Sanity check */ if (m == NULL) { DPRINTF(("%s: null mbuf", __func__)); - IPSEC_ISTAT(sproto, V_espstat.esps_badkcr, V_ahstat.ahs_badkcr, - V_ipcompstat.ipcomps_badkcr); + IPSEC_ISTAT(sproto, badkcr); error = EINVAL; goto bad; } @@ -609,8 +593,7 @@ ipsec6_common_input_cb(struct mbuf *m, s __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); - IPSEC_ISTAT(sproto, V_espstat.esps_hdrops, V_ahstat.ahs_hdrops, - V_ipcompstat.ipcomps_hdrops); + IPSEC_ISTAT(sproto, hdrops); error = EACCES; goto bad; } @@ -628,9 +611,7 @@ ipsec6_common_input_cb(struct mbuf *m, s struct ip ipn; if (m->m_pkthdr.len - skip < sizeof(struct ip)) { - IPSEC_ISTAT(sproto, V_espstat.esps_hdrops, - V_ahstat.ahs_hdrops, - V_ipcompstat.ipcomps_hdrops); + IPSEC_ISTAT(sproto, hdrops); error = EINVAL; goto bad; } @@ -655,8 +636,7 @@ ipsec6_common_input_cb(struct mbuf *m, s ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); - IPSEC_ISTATsproto, (V_espstat.esps_pdrops, - V_ahstat.ahs_pdrops, V_ipcompstat.ipcomps_pdrops); + IPSEC_ISTAT(sproto, pdrops); error = EACCES; goto bad; } @@ -668,9 +648,7 @@ ipsec6_common_input_cb(struct mbuf *m, s struct ip6_hdr ip6n; if (m->m_pkthdr.len - skip < sizeof(struct ip6_hdr)) { - IPSEC_ISTAT(sproto, V_espstat.esps_hdrops, - V_ahstat.ahs_hdrops, - V_ipcompstat.ipcomps_hdrops); + IPSEC_ISTAT(sproto, hdrops); error = EINVAL; goto bad; } @@ -697,8 +675,7 @@ ipsec6_common_input_cb(struct mbuf *m, s ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); - IPSEC_ISTAT(sproto, V_espstat.esps_pdrops, - V_ahstat.ahs_pdrops, V_ipcompstat.ipcomps_pdrops); + IPSEC_ISTAT(sproto, pdrops); error = EACCES; goto bad; } @@ -718,8 +695,7 @@ ipsec6_common_input_cb(struct mbuf *m, s sizeof(struct tdb_ident), M_NOWAIT); if (mtag == NULL) { DPRINTF(("%s: failed to get tag\n", __func__)); - IPSEC_ISTAT(sproto, V_espstat.esps_hdrops, - V_ahstat.ahs_hdrops, V_ipcompstat.ipcomps_hdrops); + IPSEC_ISTAT(sproto, hdrops); error = ENOMEM; goto bad; } Modified: head/sys/netipsec/ipsec_output.c ============================================================================== --- head/sys/netipsec/ipsec_output.c Thu Jun 20 11:24:38 2013 (r252027) +++ head/sys/netipsec/ipsec_output.c Thu Jun 20 11:44:16 2013 (r252028) @@ -276,8 +276,14 @@ ipsec_nextisr( int *error ) { -#define IPSEC_OSTAT(x,y,z) (isr->saidx.proto == IPPROTO_ESP ? (x)++ : \ - isr->saidx.proto == IPPROTO_AH ? (y)++ : (z)++) +#define IPSEC_OSTAT(name) do { \ + if (isr->saidx.proto == IPPROTO_ESP) \ + ESPSTAT_INC(esps_##name); \ + else if (isr->saidx.proto == IPPROTO_AH)\ + AHSTAT_INC(ahs_##name); \ + else \ + IPCOMPSTAT_INC(ipcomps_##name); \ +} while (0) struct secasvar *sav; IPSECREQUEST_LOCK_ASSERT(isr); @@ -385,8 +391,7 @@ again: (isr->saidx.proto == IPPROTO_IPCOMP && !V_ipcomp_enable)) { DPRINTF(("%s: IPsec outbound packet dropped due" " to policy (check your sysctls)\n", __func__)); - IPSEC_OSTAT(V_espstat.esps_pdrops, V_ahstat.ahs_pdrops, - V_ipcompstat.ipcomps_pdrops); + IPSEC_OSTAT(pdrops); *error = EHOSTUNREACH; goto bad; } @@ -397,8 +402,7 @@ again: */ if (sav->tdb_xform == NULL) { DPRINTF(("%s: no transform for SA\n", __func__)); - IPSEC_OSTAT(V_espstat.esps_noxform, V_ahstat.ahs_noxform, - V_ipcompstat.ipcomps_noxform); + IPSEC_OSTAT(noxform); *error = EHOSTUNREACH; goto bad; } Modified: head/sys/netipsec/key.c ============================================================================== --- head/sys/netipsec/key.c Thu Jun 20 11:24:38 2013 (r252027) +++ head/sys/netipsec/key.c Thu Jun 20 11:44:16 2013 (r252028) @@ -7316,7 +7316,7 @@ key_parse(m, so) if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len != m->m_pkthdr.len) { ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__)); - V_pfkeystat.out_invlen++; + PFKEYSTAT_INC(out_invlen); error = EINVAL; goto senderror; } @@ -7324,7 +7324,7 @@ key_parse(m, so) if (msg->sadb_msg_version != PF_KEY_V2) { ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n", __func__, msg->sadb_msg_version)); - V_pfkeystat.out_invver++; + PFKEYSTAT_INC(out_invver); error = EINVAL; goto senderror; } @@ -7332,7 +7332,7 @@ key_parse(m, so) if (msg->sadb_msg_type > SADB_MAX) { ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", __func__, msg->sadb_msg_type)); - V_pfkeystat.out_invmsgtype++; + PFKEYSTAT_INC(out_invmsgtype); error = EINVAL; goto senderror; } @@ -7385,7 +7385,7 @@ key_parse(m, so) ipseclog((LOG_DEBUG, "%s: must specify satype " "when msg type=%u.\n", __func__, msg->sadb_msg_type)); - V_pfkeystat.out_invsatype++; + PFKEYSTAT_INC(out_invsatype); error = EINVAL; goto senderror; } @@ -7405,7 +7405,7 @@ key_parse(m, so) case SADB_X_SPDDELETE2: ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", __func__, msg->sadb_msg_type)); - V_pfkeystat.out_invsatype++; + PFKEYSTAT_INC(out_invsatype); error = EINVAL; goto senderror; } @@ -7416,7 +7416,7 @@ key_parse(m, so) case SADB_SATYPE_MIP: ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n", __func__, msg->sadb_msg_satype)); - V_pfkeystat.out_invsatype++; + PFKEYSTAT_INC(out_invsatype); error = EOPNOTSUPP; goto senderror; case 1: /* XXX: What does it do? */ @@ -7426,7 +7426,7 @@ key_parse(m, so) default: ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", __func__, msg->sadb_msg_satype)); - V_pfkeystat.out_invsatype++; + PFKEYSTAT_INC(out_invsatype); error = EINVAL; goto senderror; } @@ -7444,7 +7444,7 @@ key_parse(m, so) if (src0->sadb_address_proto != dst0->sadb_address_proto) { ipseclog((LOG_DEBUG, "%s: upper layer protocol " "mismatched.\n", __func__)); - V_pfkeystat.out_invaddr++; + PFKEYSTAT_INC(out_invaddr); error = EINVAL; goto senderror; } @@ -7454,7 +7454,7 @@ key_parse(m, so) PFKEY_ADDR_SADDR(dst0)->sa_family) { ipseclog((LOG_DEBUG, "%s: address family mismatched.\n", __func__)); - V_pfkeystat.out_invaddr++; + PFKEYSTAT_INC(out_invaddr); error = EINVAL; goto senderror; } @@ -7462,7 +7462,7 @@ key_parse(m, so) PFKEY_ADDR_SADDR(dst0)->sa_len) { ipseclog((LOG_DEBUG, "%s: address struct size " "mismatched.\n", __func__)); - V_pfkeystat.out_invaddr++; + PFKEYSTAT_INC(out_invaddr); error = EINVAL; goto senderror; } @@ -7471,7 +7471,7 @@ key_parse(m, so) case AF_INET: if (PFKEY_ADDR_SADDR(src0)->sa_len != sizeof(struct sockaddr_in)) { - V_pfkeystat.out_invaddr++; + PFKEYSTAT_INC(out_invaddr); error = EINVAL; goto senderror; } @@ -7479,7 +7479,7 @@ key_parse(m, so) case AF_INET6: if (PFKEY_ADDR_SADDR(src0)->sa_len != sizeof(struct sockaddr_in6)) { - V_pfkeystat.out_invaddr++; + PFKEYSTAT_INC(out_invaddr); error = EINVAL; goto senderror; } @@ -7487,7 +7487,7 @@ key_parse(m, so) default: ipseclog((LOG_DEBUG, "%s: unsupported address family\n", __func__)); - V_pfkeystat.out_invaddr++; + PFKEYSTAT_INC(out_invaddr); error = EAFNOSUPPORT; goto senderror; } @@ -7509,7 +7509,7 @@ key_parse(m, so) dst0->sadb_address_prefixlen > plen) { ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n", __func__)); - V_pfkeystat.out_invaddr++; + PFKEYSTAT_INC(out_invaddr); error = EINVAL; goto senderror; } @@ -7522,7 +7522,7 @@ key_parse(m, so) if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) || key_typesw[msg->sadb_msg_type] == NULL) { - V_pfkeystat.out_invmsgtype++; + PFKEYSTAT_INC(out_invmsgtype); error = EINVAL; goto senderror; } @@ -7624,7 +7624,7 @@ key_align(m, mhp) ipseclog((LOG_DEBUG, "%s: duplicate ext_type " "%u\n", __func__, ext->sadb_ext_type)); m_freem(m); - V_pfkeystat.out_dupext++; + PFKEYSTAT_INC(out_dupext); return EINVAL; } break; @@ -7632,7 +7632,7 @@ key_align(m, mhp) ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n", __func__, ext->sadb_ext_type)); m_freem(m); - V_pfkeystat.out_invexttype++; + PFKEYSTAT_INC(out_invexttype); return EINVAL; } @@ -7640,7 +7640,7 @@ key_align(m, mhp) if (key_validate_ext(ext, extlen)) { m_freem(m); - V_pfkeystat.out_invlen++; + PFKEYSTAT_INC(out_invlen); return EINVAL; } @@ -7658,7 +7658,7 @@ key_align(m, mhp) if (off != end) { m_freem(m); - V_pfkeystat.out_invlen++; + PFKEYSTAT_INC(out_invlen); return EINVAL; } Modified: head/sys/netipsec/keysock.c ============================================================================== --- head/sys/netipsec/keysock.c Thu Jun 20 11:24:38 2013 (r252027) +++ head/sys/netipsec/keysock.c Thu Jun 20 11:44:16 2013 (r252028) @@ -91,19 +91,19 @@ key_output(struct mbuf *m, struct socket if (m == 0) panic("%s: NULL pointer was passed.\n", __func__); - V_pfkeystat.out_total++; - V_pfkeystat.out_bytes += m->m_pkthdr.len; + PFKEYSTAT_INC(out_total); + PFKEYSTAT_ADD(out_bytes, m->m_pkthdr.len); len = m->m_pkthdr.len; if (len < sizeof(struct sadb_msg)) { - V_pfkeystat.out_tooshort++; + PFKEYSTAT_INC(out_tooshort); error = EINVAL; goto end; } if (m->m_len < sizeof(struct sadb_msg)) { if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) { - V_pfkeystat.out_nomem++; + PFKEYSTAT_INC(out_nomem); error = ENOBUFS; goto end; } @@ -114,9 +114,9 @@ key_output(struct mbuf *m, struct socket KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m)); msg = mtod(m, struct sadb_msg *); - V_pfkeystat.out_msgtype[msg->sadb_msg_type]++; + PFKEYSTAT_INC(out_msgtype[msg->sadb_msg_type]); if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) { - V_pfkeystat.out_invlen++; + PFKEYSTAT_INC(out_invlen); error = EINVAL; goto end; } @@ -147,7 +147,7 @@ key_sendup0(rp, m, promisc) if (m && m->m_len < sizeof(struct sadb_msg)) m = m_pullup(m, sizeof(struct sadb_msg)); if (!m) { - V_pfkeystat.in_nomem++; + PFKEYSTAT_INC(in_nomem); m_freem(m); return ENOBUFS; } @@ -160,12 +160,12 @@ key_sendup0(rp, m, promisc) pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); /* pid and seq? */ - V_pfkeystat.in_msgtype[pmsg->sadb_msg_type]++; + PFKEYSTAT_INC(in_msgtype[pmsg->sadb_msg_type]); } if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src, m, NULL)) { - V_pfkeystat.in_nomem++; + PFKEYSTAT_INC(in_nomem); m_freem(m); error = ENOBUFS; } else @@ -197,9 +197,9 @@ key_sendup(so, msg, len, target) * we increment statistics here, just in case we have ENOBUFS * in this function. */ - V_pfkeystat.in_total++; - V_pfkeystat.in_bytes += len; - V_pfkeystat.in_msgtype[msg->sadb_msg_type]++; + PFKEYSTAT_INC(in_total); + PFKEYSTAT_ADD(in_bytes, len); + PFKEYSTAT_INC(in_msgtype[msg->sadb_msg_type]); /* * Get mbuf chain whenever possible (not clusters), @@ -216,14 +216,14 @@ key_sendup(so, msg, len, target) if (tlen == len) { MGETHDR(n, M_NOWAIT, MT_DATA); if (n == NULL) { - V_pfkeystat.in_nomem++; + PFKEYSTAT_INC(in_nomem); return ENOBUFS; } n->m_len = MHLEN; } else { MGET(n, M_NOWAIT, MT_DATA); if (n == NULL) { - V_pfkeystat.in_nomem++; + PFKEYSTAT_INC(in_nomem); return ENOBUFS; } n->m_len = MLEN; @@ -233,7 +233,7 @@ key_sendup(so, msg, len, target) if ((n->m_flags & M_EXT) == 0) { m_free(n); m_freem(m); - V_pfkeystat.in_nomem++; + PFKEYSTAT_INC(in_nomem); return ENOBUFS; } n->m_len = MCLBYTES; @@ -256,9 +256,9 @@ key_sendup(so, msg, len, target) m_copyback(m, 0, len, (caddr_t)msg); /* avoid duplicated statistics */ - V_pfkeystat.in_total--; - V_pfkeystat.in_bytes -= len; - V_pfkeystat.in_msgtype[msg->sadb_msg_type]--; + PFKEYSTAT_ADD(in_total, -1); + PFKEYSTAT_ADD(in_bytes, -len); + PFKEYSTAT_ADD(in_msgtype[msg->sadb_msg_type], -1); return key_sendup_mbuf(so, m, target); } @@ -281,19 +281,19 @@ key_sendup_mbuf(so, m, target) if (so == NULL && target == KEY_SENDUP_ONE) panic("%s: NULL pointer was passed.\n", __func__); - V_pfkeystat.in_total++; - V_pfkeystat.in_bytes += m->m_pkthdr.len; + PFKEYSTAT_INC(in_total); + PFKEYSTAT_ADD(in_bytes, m->m_pkthdr.len); if (m->m_len < sizeof(struct sadb_msg)) { m = m_pullup(m, sizeof(struct sadb_msg)); if (m == NULL) { - V_pfkeystat.in_nomem++; + PFKEYSTAT_INC(in_nomem); return ENOBUFS; } } if (m->m_len >= sizeof(struct sadb_msg)) { struct sadb_msg *msg; msg = mtod(m, struct sadb_msg *); - V_pfkeystat.in_msgtype[msg->sadb_msg_type]++; + PFKEYSTAT_INC(in_msgtype[msg->sadb_msg_type]); } mtx_lock(&rawcb_mtx); LIST_FOREACH(rp, &V_rawcb_list, list) @@ -338,14 +338,14 @@ key_sendup_mbuf(so, m, target) sendup++; break; } - V_pfkeystat.in_msgtarget[target]++; + PFKEYSTAT_INC(in_msgtarget[target]); if (!sendup) continue; if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) { m_freem(m); - V_pfkeystat.in_nomem++; + PFKEYSTAT_INC(in_nomem); mtx_unlock(&rawcb_mtx); return ENOBUFS; } Modified: head/sys/netipsec/keysock.h ============================================================================== --- head/sys/netipsec/keysock.h Thu Jun 20 11:24:38 2013 (r252027) +++ head/sys/netipsec/keysock.h Thu Jun 20 11:44:16 2013 (r252028) @@ -70,6 +70,8 @@ struct keycb { }; VNET_DECLARE(struct pfkeystat, pfkeystat); +#define PFKEYSTAT_ADD(name, val) V_pfkeystat.name += (val) +#define PFKEYSTAT_INC(name) PFKEYSTAT_ADD(name, 1) #define V_pfkeystat VNET(pfkeystat) extern int key_output(struct mbuf *m, struct socket *so); Modified: head/sys/netipsec/xform_ah.c ============================================================================== --- head/sys/netipsec/xform_ah.c Thu Jun 20 11:24:38 2013 (r252027) +++ head/sys/netipsec/xform_ah.c Thu Jun 20 11:44:16 2013 (r252028) @@ -583,14 +583,14 @@ ah_input(struct mbuf *m, struct secasvar IP6_EXTHDR_GET(ah, struct newah *, m, skip, rplen); if (ah == NULL) { DPRINTF(("ah_input: cannot pullup header\n")); - V_ahstat.ahs_hdrops++; /*XXX*/ + AHSTAT_INC(ahs_hdrops); /*XXX*/ m_freem(m); return ENOBUFS; } /* Check replay window, if applicable. */ if (sav->replay && !ipsec_chkreplay(ntohl(ah->ah_seq), sav)) { - V_ahstat.ahs_replay++; + AHSTAT_INC(ahs_replay); DPRINTF(("%s: packet replay failure: %s\n", __func__, ipsec_logsastr(sav))); m_freem(m); @@ -607,17 +607,17 @@ ah_input(struct mbuf *m, struct secasvar hl, (u_long) (authsize + rplen - sizeof (struct ah)), ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); - V_ahstat.ahs_badauthl++; + AHSTAT_INC(ahs_badauthl); m_freem(m); return EACCES; } - V_ahstat.ahs_ibytes += m->m_pkthdr.len - skip - hl; + AHSTAT_ADD(ahs_ibytes, m->m_pkthdr.len - skip - hl); /* Get crypto descriptors. */ crp = crypto_getreq(1); if (crp == NULL) { DPRINTF(("%s: failed to acquire crypto descriptor\n",__func__)); - V_ahstat.ahs_crypto++; + AHSTAT_INC(ahs_crypto); m_freem(m); return ENOBUFS; } @@ -657,7 +657,7 @@ ah_input(struct mbuf *m, struct secasvar } if (tc == NULL) { DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); - V_ahstat.ahs_crypto++; + AHSTAT_INC(ahs_crypto); crypto_freereq(crp); m_freem(m); return ENOBUFS; @@ -681,7 +681,7 @@ ah_input(struct mbuf *m, struct secasvar skip, ahx->type, 0); if (error != 0) { /* NB: mbuf is free'd by ah_massage_headers */ - V_ahstat.ahs_hdrops++; + AHSTAT_INC(ahs_hdrops); free(tc, M_XDATA); crypto_freereq(crp); return error; @@ -760,19 +760,19 @@ ah_input_cb(struct cryptop *crp) if (crp->crp_etype == EAGAIN) return (crypto_dispatch(crp)); - V_ahstat.ahs_noxform++; + AHSTAT_INC(ahs_noxform); DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); error = crp->crp_etype; goto bad; } else { - V_ahstat.ahs_hist[sav->alg_auth]++; + AHSTAT_INC(ahs_hist[sav->alg_auth]); crypto_freereq(crp); /* No longer needed. */ crp = NULL; } /* Shouldn't happen... */ if (m == NULL) { - V_ahstat.ahs_crypto++; + AHSTAT_INC(ahs_crypto); DPRINTF(("%s: bogus returned buffer from crypto\n", __func__)); error = EINVAL; goto bad; @@ -798,7 +798,7 @@ ah_input_cb(struct cryptop *crp) "in SA %s/%08lx\n", __func__, ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); - V_ahstat.ahs_badauth++; + AHSTAT_INC(ahs_badauth); error = EACCES; goto bad; } @@ -829,7 +829,7 @@ ah_input_cb(struct cryptop *crp) m_copydata(m, skip + offsetof(struct newah, ah_seq), sizeof (seq), (caddr_t) &seq); if (ipsec_updatereplay(ntohl(seq), sav)) { - V_ahstat.ahs_replay++; + AHSTAT_INC(ahs_replay); error = ENOBUFS; /*XXX as above*/ goto bad; } @@ -843,7 +843,7 @@ ah_input_cb(struct cryptop *crp) DPRINTF(("%s: mangled mbuf chain for SA %s/%08lx\n", __func__, ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); - V_ahstat.ahs_hdrops++; + AHSTAT_INC(ahs_hdrops); goto bad; } @@ -904,7 +904,7 @@ ah_output( ahx = sav->tdb_authalgxform; IPSEC_ASSERT(ahx != NULL, ("null authentication xform")); - V_ahstat.ahs_output++; + AHSTAT_INC(ahs_output); /* Figure out header size. */ rplen = HDRSIZE(sav); @@ -927,7 +927,7 @@ ah_output( sav->sah->saidx.dst.sa.sa_family, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); - V_ahstat.ahs_nopf++; + AHSTAT_INC(ahs_nopf); error = EPFNOSUPPORT; goto bad; } @@ -938,20 +938,20 @@ ah_output( ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi), rplen + authsize + m->m_pkthdr.len, maxpacketsize)); - V_ahstat.ahs_toobig++; + AHSTAT_INC(ahs_toobig); error = EMSGSIZE; goto bad; } /* Update the counters. */ - V_ahstat.ahs_obytes += m->m_pkthdr.len - skip; + AHSTAT_ADD(ahs_obytes, m->m_pkthdr.len - skip); m = m_unshare(m, M_NOWAIT); if (m == NULL) { DPRINTF(("%s: cannot clone mbuf chain, SA %s/%08lx\n", __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); - V_ahstat.ahs_hdrops++; + AHSTAT_INC(ahs_hdrops); error = ENOBUFS; goto bad; } @@ -964,7 +964,7 @@ ah_output( rplen + authsize, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); - V_ahstat.ahs_hdrops++; /*XXX differs from openbsd */ + AHSTAT_INC(ahs_hdrops); /*XXX differs from openbsd */ error = ENOBUFS; goto bad; } @@ -992,7 +992,7 @@ ah_output( __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); - V_ahstat.ahs_wrap++; + AHSTAT_INC(ahs_wrap); error = EINVAL; goto bad; } @@ -1009,7 +1009,7 @@ ah_output( if (crp == NULL) { DPRINTF(("%s: failed to acquire crypto descriptors\n", __func__)); - V_ahstat.ahs_crypto++; + AHSTAT_INC(ahs_crypto); error = ENOBUFS; goto bad; } @@ -1031,7 +1031,7 @@ ah_output( if (tc == NULL) { crypto_freereq(crp); DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); - V_ahstat.ahs_crypto++; + AHSTAT_INC(ahs_crypto); error = ENOBUFS; goto bad; } @@ -1135,7 +1135,7 @@ ah_output_cb(struct cryptop *crp) sav = tc->tc_sav; /* With the isr lock released SA pointer can be updated. */ if (sav != isr->sav) { - V_ahstat.ahs_notdb++; + AHSTAT_INC(ahs_notdb); DPRINTF(("%s: SA expired while in crypto\n", __func__)); error = ENOBUFS; /*XXX*/ goto bad; @@ -1151,7 +1151,7 @@ ah_output_cb(struct cryptop *crp) return (crypto_dispatch(crp)); } - V_ahstat.ahs_noxform++; + AHSTAT_INC(ahs_noxform); DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); error = crp->crp_etype; goto bad; @@ -1159,12 +1159,12 @@ ah_output_cb(struct cryptop *crp) /* Shouldn't happen... */ if (m == NULL) { - V_ahstat.ahs_crypto++; + AHSTAT_INC(ahs_crypto); DPRINTF(("%s: bogus returned buffer from crypto\n", __func__)); error = EINVAL; goto bad; } - V_ahstat.ahs_hist[sav->alg_auth]++; + AHSTAT_INC(ahs_hist[sav->alg_auth]); /* * Copy original headers (with the new protocol number) back Modified: head/sys/netipsec/xform_esp.c ============================================================================== --- head/sys/netipsec/xform_esp.c Thu Jun 20 11:24:38 2013 (r252027) +++ head/sys/netipsec/xform_esp.c Thu Jun 20 11:44:16 2013 (r252028) @@ -279,7 +279,7 @@ esp_input(struct mbuf *m, struct secasva if ( (skip&3) || (m->m_pkthdr.len&3) ){ DPRINTF(("%s: misaligned packet, skip %u pkt len %u", __func__, skip, m->m_pkthdr.len)); - V_espstat.esps_badilen++; + ESPSTAT_INC(esps_badilen); m_freem(m); return EINVAL; } @@ -325,7 +325,7 @@ esp_input(struct mbuf *m, struct secasva plen, espx->blocksize, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); - V_espstat.esps_badilen++; + ESPSTAT_INC(esps_badilen); m_freem(m); return EINVAL; } @@ -336,13 +336,13 @@ esp_input(struct mbuf *m, struct secasva if (esph && sav->replay && !ipsec_chkreplay(ntohl(esp->esp_seq), sav)) { DPRINTF(("%s: packet replay check for %s\n", __func__, ipsec_logsastr(sav))); /*XXX*/ - V_espstat.esps_replay++; + ESPSTAT_INC(esps_replay); m_freem(m); return ENOBUFS; /*XXX*/ } /* Update the counters */ - V_espstat.esps_ibytes += m->m_pkthdr.len - (skip + hlen + alen); + ESPSTAT_ADD(esps_ibytes, m->m_pkthdr.len - (skip + hlen + alen)); /* Find out if we've already done crypto */ for (mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_CRYPTO_DONE, NULL); @@ -361,7 +361,7 @@ esp_input(struct mbuf *m, struct secasva if (crp == NULL) { DPRINTF(("%s: failed to acquire crypto descriptors\n", __func__)); - V_espstat.esps_crypto++; + ESPSTAT_INC(esps_crypto); m_freem(m); return ENOBUFS; } @@ -376,7 +376,7 @@ esp_input(struct mbuf *m, struct secasva if (tc == NULL) { crypto_freereq(crp); DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); - V_espstat.esps_crypto++; + ESPSTAT_INC(esps_crypto); m_freem(m); return ENOBUFS; } @@ -492,7 +492,7 @@ esp_input_cb(struct cryptop *crp) if (crp->crp_etype == EAGAIN) return (crypto_dispatch(crp)); - V_espstat.esps_noxform++; + ESPSTAT_INC(esps_noxform); DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); error = crp->crp_etype; goto bad; @@ -500,12 +500,12 @@ esp_input_cb(struct cryptop *crp) /* Shouldn't happen... */ if (m == NULL) { - V_espstat.esps_crypto++; + ESPSTAT_INC(esps_crypto); DPRINTF(("%s: bogus returned buffer from crypto\n", __func__)); error = EINVAL; goto bad; } - V_espstat.esps_hist[sav->alg_enc]++; + ESPSTAT_INC(esps_hist[sav->alg_enc]); /* If authentication was performed, check now. */ if (esph != NULL) { @@ -524,7 +524,7 @@ esp_input_cb(struct cryptop *crp) * the verification for us. Otherwise we need to * check the authentication calculation. */ - V_ahstat.ahs_hist[sav->alg_auth]++; + AHSTAT_INC(ahs_hist[sav->alg_auth]); if (mtag == NULL) { /* Copy the authenticator from the packet */ m_copydata(m, m->m_pkthdr.len - alen, @@ -539,7 +539,7 @@ esp_input_cb(struct cryptop *crp) __func__, ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); - V_espstat.esps_badauth++; + ESPSTAT_INC(esps_badauth); error = EACCES; goto bad; } @@ -569,7 +569,7 @@ esp_input_cb(struct cryptop *crp) if (ipsec_updatereplay(ntohl(seq), sav)) { DPRINTF(("%s: packet replay check for %s\n", __func__, ipsec_logsastr(sav))); - V_espstat.esps_replay++; + ESPSTAT_INC(esps_replay); error = ENOBUFS; goto bad; } @@ -584,7 +584,7 @@ esp_input_cb(struct cryptop *crp) /* Remove the ESP header and IV from the mbuf. */ error = m_striphdr(m, skip, hlen); if (error) { - V_espstat.esps_hdrops++; + ESPSTAT_INC(esps_hdrops); DPRINTF(("%s: bad mbuf chain, SA %s/%08lx\n", __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201306201144.r5KBiH1h096244>