svn commit: r252693 - stable/9/sys/netipsec
Andrey V. Elsukov
ae at FreeBSD.org
Thu Jul 4 08:59:37 UTC 2013
Author: ae
Date: Thu Jul 4 08:59:34 2013
New Revision: 252693
URL: http://svnweb.freebsd.org/changeset/base/252693
Log:
MFC r252028:
Use corresponding macros to update statistics for AH, ESP, IPIP, IPCOMP,
PFKEY.
Modified:
stable/9/sys/netipsec/ah_var.h
stable/9/sys/netipsec/esp_var.h
stable/9/sys/netipsec/ipcomp_var.h
stable/9/sys/netipsec/ipip_var.h
stable/9/sys/netipsec/ipsec_input.c
stable/9/sys/netipsec/ipsec_output.c
stable/9/sys/netipsec/key.c
stable/9/sys/netipsec/keysock.c
stable/9/sys/netipsec/keysock.h
stable/9/sys/netipsec/xform_ah.c
stable/9/sys/netipsec/xform_esp.c
stable/9/sys/netipsec/xform_ipcomp.c
stable/9/sys/netipsec/xform_ipip.c
Directory Properties:
stable/9/sys/ (props changed)
Modified: stable/9/sys/netipsec/ah_var.h
==============================================================================
--- stable/9/sys/netipsec/ah_var.h Thu Jul 4 08:57:13 2013 (r252692)
+++ stable/9/sys/netipsec/ah_var.h Thu Jul 4 08:59:34 2013 (r252693)
@@ -75,6 +75,8 @@ VNET_DECLARE(int, ah_enable);
VNET_DECLARE(int, ah_cleartos);
VNET_DECLARE(struct ahstat, ahstat);
+#define AHSTAT_ADD(name, val) V_ahstat.name += (val)
+#define AHSTAT_INC(name) AHSTAT_ADD(name, 1)
#define V_ah_enable VNET(ah_enable)
#define V_ah_cleartos VNET(ah_cleartos)
#define V_ahstat VNET(ahstat)
Modified: stable/9/sys/netipsec/esp_var.h
==============================================================================
--- stable/9/sys/netipsec/esp_var.h Thu Jul 4 08:57:13 2013 (r252692)
+++ stable/9/sys/netipsec/esp_var.h Thu Jul 4 08:59:34 2013 (r252693)
@@ -75,6 +75,8 @@ struct espstat {
VNET_DECLARE(int, esp_enable);
VNET_DECLARE(struct espstat, espstat);
+#define ESPSTAT_ADD(name, val) V_espstat.name += (val)
+#define ESPSTAT_INC(name) ESPSTAT_ADD(name, 1)
#define V_esp_enable VNET(esp_enable)
#define V_espstat VNET(espstat)
#endif /* _KERNEL */
Modified: stable/9/sys/netipsec/ipcomp_var.h
==============================================================================
--- stable/9/sys/netipsec/ipcomp_var.h Thu Jul 4 08:57:13 2013 (r252692)
+++ stable/9/sys/netipsec/ipcomp_var.h Thu Jul 4 08:59:34 2013 (r252693)
@@ -68,6 +68,8 @@ struct ipcompstat {
VNET_DECLARE(int, ipcomp_enable);
VNET_DECLARE(struct ipcompstat, ipcompstat);
+#define IPCOMPSTAT_ADD(name, val) V_ipcompstat.name += (val)
+#define IPCOMPSTAT_INC(name) IPCOMPSTAT_ADD(name, 1)
#define V_ipcomp_enable VNET(ipcomp_enable)
#define V_ipcompstat VNET(ipcompstat)
#endif /* _KERNEL */
Modified: stable/9/sys/netipsec/ipip_var.h
==============================================================================
--- stable/9/sys/netipsec/ipip_var.h Thu Jul 4 08:57:13 2013 (r252692)
+++ stable/9/sys/netipsec/ipip_var.h Thu Jul 4 08:59:34 2013 (r252693)
@@ -62,6 +62,8 @@ struct ipipstat
VNET_DECLARE(int, ipip_allow);
VNET_DECLARE(struct ipipstat, ipipstat);
+#define IPIPSTAT_ADD(name, val) V_ipipstat.name += (val)
+#define IPIPSTAT_INC(name) IPIPSTAT_ADD(name, 1)
#define V_ipip_allow VNET(ipip_allow)
#define V_ipipstat VNET(ipipstat)
#endif /* _KERNEL */
Modified: stable/9/sys/netipsec/ipsec_input.c
==============================================================================
--- stable/9/sys/netipsec/ipsec_input.c Thu Jul 4 08:57:13 2013 (r252692)
+++ stable/9/sys/netipsec/ipsec_input.c Thu Jul 4 08:59:34 2013 (r252693)
@@ -99,8 +99,14 @@
#endif
-#define IPSEC_ISTAT(p,x,y,z) ((p) == IPPROTO_ESP ? (x)++ : \
- (p) == IPPROTO_AH ? (y)++ : (z)++)
+#define IPSEC_ISTAT(proto, name) do { \
+ if ((proto) == IPPROTO_ESP) \
+ ESPSTAT_INC(esps_##name); \
+ else if ((proto) == IPPROTO_AH) \
+ AHSTAT_INC(ahs_##name); \
+ else \
+ IPCOMPSTAT_INC(ipcomps_##name); \
+} while (0)
#ifdef INET
static void ipsec4_common_ctlinput(int, struct sockaddr *, void *, int);
@@ -125,8 +131,7 @@ ipsec_common_input(struct mbuf *m, int s
#endif
#endif
- IPSEC_ISTAT(sproto, V_espstat.esps_input, V_ahstat.ahs_input,
- V_ipcompstat.ipcomps_input);
+ IPSEC_ISTAT(sproto, input);
IPSEC_ASSERT(m != NULL, ("null packet"));
@@ -138,15 +143,13 @@ ipsec_common_input(struct mbuf *m, int s
(sproto == IPPROTO_AH && !V_ah_enable) ||
(sproto == IPPROTO_IPCOMP && !V_ipcomp_enable)) {
m_freem(m);
- IPSEC_ISTAT(sproto, V_espstat.esps_pdrops, V_ahstat.ahs_pdrops,
- V_ipcompstat.ipcomps_pdrops);
+ IPSEC_ISTAT(sproto, pdrops);
return EOPNOTSUPP;
}
if (m->m_pkthdr.len - skip < 2 * sizeof (u_int32_t)) {
m_freem(m);
- IPSEC_ISTAT(sproto, V_espstat.esps_hdrops, V_ahstat.ahs_hdrops,
- V_ipcompstat.ipcomps_hdrops);
+ IPSEC_ISTAT(sproto, hdrops);
DPRINTF(("%s: packet too small\n", __func__));
return EINVAL;
}
@@ -197,8 +200,7 @@ ipsec_common_input(struct mbuf *m, int s
default:
DPRINTF(("%s: unsupported protocol family %u\n", __func__, af));
m_freem(m);
- IPSEC_ISTAT(sproto, V_espstat.esps_nopf, V_ahstat.ahs_nopf,
- V_ipcompstat.ipcomps_nopf);
+ IPSEC_ISTAT(sproto, nopf);
return EPFNOSUPPORT;
}
@@ -208,8 +210,7 @@ ipsec_common_input(struct mbuf *m, int s
DPRINTF(("%s: no key association found for SA %s/%08lx/%u\n",
__func__, ipsec_address(&dst_address),
(u_long) ntohl(spi), sproto));
- IPSEC_ISTAT(sproto, V_espstat.esps_notdb, V_ahstat.ahs_notdb,
- V_ipcompstat.ipcomps_notdb);
+ IPSEC_ISTAT(sproto, notdb);
m_freem(m);
return ENOENT;
}
@@ -218,8 +219,7 @@ ipsec_common_input(struct mbuf *m, int s
DPRINTF(("%s: attempted to use uninitialized SA %s/%08lx/%u\n",
__func__, ipsec_address(&dst_address),
(u_long) ntohl(spi), sproto));
- IPSEC_ISTAT(sproto, V_espstat.esps_noxform, V_ahstat.ahs_noxform,
- V_ipcompstat.ipcomps_noxform);
+ IPSEC_ISTAT(sproto, noxform);
KEY_FREESAV(&sav);
m_freem(m);
return ENXIO;
@@ -321,8 +321,7 @@ ipsec4_common_input_cb(struct mbuf *m, s
/* Sanity check */
if (m == NULL) {
DPRINTF(("%s: null mbuf", __func__));
- IPSEC_ISTAT(sproto, V_espstat.esps_badkcr, V_ahstat.ahs_badkcr,
- V_ipcompstat.ipcomps_badkcr);
+ IPSEC_ISTAT(sproto, badkcr);
KEY_FREESAV(&sav);
return EINVAL;
}
@@ -333,8 +332,7 @@ ipsec4_common_input_cb(struct mbuf *m, s
DPRINTF(("%s: processing failed for SA %s/%08lx\n",
__func__, ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
- IPSEC_ISTAT(sproto, V_espstat.esps_hdrops, V_ahstat.ahs_hdrops,
- V_ipcompstat.ipcomps_hdrops);
+ IPSEC_ISTAT(sproto, hdrops);
error = ENOBUFS;
goto bad;
}
@@ -355,9 +353,7 @@ ipsec4_common_input_cb(struct mbuf *m, s
struct ip ipn;
if (m->m_pkthdr.len - skip < sizeof(struct ip)) {
- IPSEC_ISTAT(sproto, V_espstat.esps_hdrops,
- V_ahstat.ahs_hdrops,
- V_ipcompstat.ipcomps_hdrops);
+ IPSEC_ISTAT(sproto, hdrops);
error = EINVAL;
goto bad;
}
@@ -386,9 +382,7 @@ ipsec4_common_input_cb(struct mbuf *m, s
ipsp_address(saidx->dst),
(u_long) ntohl(sav->spi)));
- IPSEC_ISTAT(sproto, V_espstat.esps_pdrops,
- V_ahstat.ahs_pdrops,
- V_ipcompstat.ipcomps_pdrops);
+ IPSEC_ISTAT(sproto, pdrops);
error = EACCES;
goto bad;
}
@@ -399,9 +393,7 @@ ipsec4_common_input_cb(struct mbuf *m, s
struct ip6_hdr ip6n;
if (m->m_pkthdr.len - skip < sizeof(struct ip6_hdr)) {
- IPSEC_ISTAT(sproto, V_espstat.esps_hdrops,
- V_ahstat.ahs_hdrops,
- V_ipcompstat.ipcomps_hdrops);
+ IPSEC_ISTAT(sproto, hdrops);
error = EINVAL;
goto bad;
}
@@ -428,9 +420,7 @@ ipsec4_common_input_cb(struct mbuf *m, s
ipsec_address(&saidx->dst),
(u_long) ntohl(sav->spi)));
- IPSEC_ISTAT(sproto, V_espstat.esps_pdrops,
- V_ahstat.ahs_pdrops,
- V_ipcompstat.ipcomps_pdrops);
+ IPSEC_ISTAT(sproto, pdrops);
error = EACCES;
goto bad;
}
@@ -451,8 +441,7 @@ ipsec4_common_input_cb(struct mbuf *m, s
sizeof(struct tdb_ident), M_NOWAIT);
if (mtag == NULL) {
DPRINTF(("%s: failed to get tag\n", __func__));
- IPSEC_ISTAT(sproto, V_espstat.esps_hdrops,
- V_ahstat.ahs_hdrops, V_ipcompstat.ipcomps_hdrops);
+ IPSEC_ISTAT(sproto, hdrops);
error = ENOMEM;
goto bad;
}
@@ -494,9 +483,7 @@ ipsec4_common_input_cb(struct mbuf *m, s
* Re-dispatch via software interrupt.
*/
if ((error = netisr_queue_src(NETISR_IP, (uintptr_t)sav->spi, m))) {
- IPSEC_ISTAT(sproto, V_espstat.esps_qfull, V_ahstat.ahs_qfull,
- V_ipcompstat.ipcomps_qfull);
-
+ IPSEC_ISTAT(sproto, qfull);
DPRINTF(("%s: queue full; proto %u packet dropped\n",
__func__, sproto));
return error;
@@ -548,9 +535,7 @@ ipsec6_common_input(struct mbuf **mp, in
if (protoff + l != *offp) {
DPRINTF(("%s: bad packet header chain, protoff %u, "
"l %u, off %u\n", __func__, protoff, l, *offp));
- IPSEC_ISTAT(proto, V_espstat.esps_hdrops,
- V_ahstat.ahs_hdrops,
- V_ipcompstat.ipcomps_hdrops);
+ IPSEC_ISTAT(proto, hdrops);
m_freem(*mp);
*mp = NULL;
return IPPROTO_DONE;
@@ -595,8 +580,7 @@ ipsec6_common_input_cb(struct mbuf *m, s
/* Sanity check */
if (m == NULL) {
DPRINTF(("%s: null mbuf", __func__));
- IPSEC_ISTAT(sproto, V_espstat.esps_badkcr, V_ahstat.ahs_badkcr,
- V_ipcompstat.ipcomps_badkcr);
+ IPSEC_ISTAT(sproto, badkcr);
error = EINVAL;
goto bad;
}
@@ -609,8 +593,7 @@ ipsec6_common_input_cb(struct mbuf *m, s
__func__, ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
- IPSEC_ISTAT(sproto, V_espstat.esps_hdrops, V_ahstat.ahs_hdrops,
- V_ipcompstat.ipcomps_hdrops);
+ IPSEC_ISTAT(sproto, hdrops);
error = EACCES;
goto bad;
}
@@ -628,9 +611,7 @@ ipsec6_common_input_cb(struct mbuf *m, s
struct ip ipn;
if (m->m_pkthdr.len - skip < sizeof(struct ip)) {
- IPSEC_ISTAT(sproto, V_espstat.esps_hdrops,
- V_ahstat.ahs_hdrops,
- V_ipcompstat.ipcomps_hdrops);
+ IPSEC_ISTAT(sproto, hdrops);
error = EINVAL;
goto bad;
}
@@ -655,8 +636,7 @@ ipsec6_common_input_cb(struct mbuf *m, s
ipsec_address(&saidx->dst),
(u_long) ntohl(sav->spi)));
- IPSEC_ISTATsproto, (V_espstat.esps_pdrops,
- V_ahstat.ahs_pdrops, V_ipcompstat.ipcomps_pdrops);
+ IPSEC_ISTAT(sproto, pdrops);
error = EACCES;
goto bad;
}
@@ -668,9 +648,7 @@ ipsec6_common_input_cb(struct mbuf *m, s
struct ip6_hdr ip6n;
if (m->m_pkthdr.len - skip < sizeof(struct ip6_hdr)) {
- IPSEC_ISTAT(sproto, V_espstat.esps_hdrops,
- V_ahstat.ahs_hdrops,
- V_ipcompstat.ipcomps_hdrops);
+ IPSEC_ISTAT(sproto, hdrops);
error = EINVAL;
goto bad;
}
@@ -697,8 +675,7 @@ ipsec6_common_input_cb(struct mbuf *m, s
ipsec_address(&saidx->dst),
(u_long) ntohl(sav->spi)));
- IPSEC_ISTAT(sproto, V_espstat.esps_pdrops,
- V_ahstat.ahs_pdrops, V_ipcompstat.ipcomps_pdrops);
+ IPSEC_ISTAT(sproto, pdrops);
error = EACCES;
goto bad;
}
@@ -718,8 +695,7 @@ ipsec6_common_input_cb(struct mbuf *m, s
sizeof(struct tdb_ident), M_NOWAIT);
if (mtag == NULL) {
DPRINTF(("%s: failed to get tag\n", __func__));
- IPSEC_ISTAT(sproto, V_espstat.esps_hdrops,
- V_ahstat.ahs_hdrops, V_ipcompstat.ipcomps_hdrops);
+ IPSEC_ISTAT(sproto, hdrops);
error = ENOMEM;
goto bad;
}
Modified: stable/9/sys/netipsec/ipsec_output.c
==============================================================================
--- stable/9/sys/netipsec/ipsec_output.c Thu Jul 4 08:57:13 2013 (r252692)
+++ stable/9/sys/netipsec/ipsec_output.c Thu Jul 4 08:59:34 2013 (r252693)
@@ -282,8 +282,14 @@ ipsec_nextisr(
int *error
)
{
-#define IPSEC_OSTAT(x,y,z) (isr->saidx.proto == IPPROTO_ESP ? (x)++ : \
- isr->saidx.proto == IPPROTO_AH ? (y)++ : (z)++)
+#define IPSEC_OSTAT(name) do { \
+ if (isr->saidx.proto == IPPROTO_ESP) \
+ ESPSTAT_INC(esps_##name); \
+ else if (isr->saidx.proto == IPPROTO_AH)\
+ AHSTAT_INC(ahs_##name); \
+ else \
+ IPCOMPSTAT_INC(ipcomps_##name); \
+} while (0)
struct secasvar *sav;
IPSECREQUEST_LOCK_ASSERT(isr);
@@ -391,8 +397,7 @@ again:
(isr->saidx.proto == IPPROTO_IPCOMP && !V_ipcomp_enable)) {
DPRINTF(("%s: IPsec outbound packet dropped due"
" to policy (check your sysctls)\n", __func__));
- IPSEC_OSTAT(V_espstat.esps_pdrops, V_ahstat.ahs_pdrops,
- V_ipcompstat.ipcomps_pdrops);
+ IPSEC_OSTAT(pdrops);
*error = EHOSTUNREACH;
goto bad;
}
@@ -403,8 +408,7 @@ again:
*/
if (sav->tdb_xform == NULL) {
DPRINTF(("%s: no transform for SA\n", __func__));
- IPSEC_OSTAT(V_espstat.esps_noxform, V_ahstat.ahs_noxform,
- V_ipcompstat.ipcomps_noxform);
+ IPSEC_OSTAT(noxform);
*error = EHOSTUNREACH;
goto bad;
}
Modified: stable/9/sys/netipsec/key.c
==============================================================================
--- stable/9/sys/netipsec/key.c Thu Jul 4 08:57:13 2013 (r252692)
+++ stable/9/sys/netipsec/key.c Thu Jul 4 08:59:34 2013 (r252693)
@@ -7340,7 +7340,7 @@ key_parse(m, so)
if ((m->m_flags & M_PKTHDR) == 0 ||
m->m_pkthdr.len != m->m_pkthdr.len) {
ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__));
- V_pfkeystat.out_invlen++;
+ PFKEYSTAT_INC(out_invlen);
error = EINVAL;
goto senderror;
}
@@ -7348,7 +7348,7 @@ key_parse(m, so)
if (msg->sadb_msg_version != PF_KEY_V2) {
ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n",
__func__, msg->sadb_msg_version));
- V_pfkeystat.out_invver++;
+ PFKEYSTAT_INC(out_invver);
error = EINVAL;
goto senderror;
}
@@ -7356,7 +7356,7 @@ key_parse(m, so)
if (msg->sadb_msg_type > SADB_MAX) {
ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n",
__func__, msg->sadb_msg_type));
- V_pfkeystat.out_invmsgtype++;
+ PFKEYSTAT_INC(out_invmsgtype);
error = EINVAL;
goto senderror;
}
@@ -7409,7 +7409,7 @@ key_parse(m, so)
ipseclog((LOG_DEBUG, "%s: must specify satype "
"when msg type=%u.\n", __func__,
msg->sadb_msg_type));
- V_pfkeystat.out_invsatype++;
+ PFKEYSTAT_INC(out_invsatype);
error = EINVAL;
goto senderror;
}
@@ -7429,7 +7429,7 @@ key_parse(m, so)
case SADB_X_SPDDELETE2:
ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n",
__func__, msg->sadb_msg_type));
- V_pfkeystat.out_invsatype++;
+ PFKEYSTAT_INC(out_invsatype);
error = EINVAL;
goto senderror;
}
@@ -7440,7 +7440,7 @@ key_parse(m, so)
case SADB_SATYPE_MIP:
ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n",
__func__, msg->sadb_msg_satype));
- V_pfkeystat.out_invsatype++;
+ PFKEYSTAT_INC(out_invsatype);
error = EOPNOTSUPP;
goto senderror;
case 1: /* XXX: What does it do? */
@@ -7450,7 +7450,7 @@ key_parse(m, so)
default:
ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n",
__func__, msg->sadb_msg_satype));
- V_pfkeystat.out_invsatype++;
+ PFKEYSTAT_INC(out_invsatype);
error = EINVAL;
goto senderror;
}
@@ -7468,7 +7468,7 @@ key_parse(m, so)
if (src0->sadb_address_proto != dst0->sadb_address_proto) {
ipseclog((LOG_DEBUG, "%s: upper layer protocol "
"mismatched.\n", __func__));
- V_pfkeystat.out_invaddr++;
+ PFKEYSTAT_INC(out_invaddr);
error = EINVAL;
goto senderror;
}
@@ -7478,7 +7478,7 @@ key_parse(m, so)
PFKEY_ADDR_SADDR(dst0)->sa_family) {
ipseclog((LOG_DEBUG, "%s: address family mismatched.\n",
__func__));
- V_pfkeystat.out_invaddr++;
+ PFKEYSTAT_INC(out_invaddr);
error = EINVAL;
goto senderror;
}
@@ -7486,7 +7486,7 @@ key_parse(m, so)
PFKEY_ADDR_SADDR(dst0)->sa_len) {
ipseclog((LOG_DEBUG, "%s: address struct size "
"mismatched.\n", __func__));
- V_pfkeystat.out_invaddr++;
+ PFKEYSTAT_INC(out_invaddr);
error = EINVAL;
goto senderror;
}
@@ -7495,7 +7495,7 @@ key_parse(m, so)
case AF_INET:
if (PFKEY_ADDR_SADDR(src0)->sa_len !=
sizeof(struct sockaddr_in)) {
- V_pfkeystat.out_invaddr++;
+ PFKEYSTAT_INC(out_invaddr);
error = EINVAL;
goto senderror;
}
@@ -7503,7 +7503,7 @@ key_parse(m, so)
case AF_INET6:
if (PFKEY_ADDR_SADDR(src0)->sa_len !=
sizeof(struct sockaddr_in6)) {
- V_pfkeystat.out_invaddr++;
+ PFKEYSTAT_INC(out_invaddr);
error = EINVAL;
goto senderror;
}
@@ -7511,7 +7511,7 @@ key_parse(m, so)
default:
ipseclog((LOG_DEBUG, "%s: unsupported address family\n",
__func__));
- V_pfkeystat.out_invaddr++;
+ PFKEYSTAT_INC(out_invaddr);
error = EAFNOSUPPORT;
goto senderror;
}
@@ -7533,7 +7533,7 @@ key_parse(m, so)
dst0->sadb_address_prefixlen > plen) {
ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n",
__func__));
- V_pfkeystat.out_invaddr++;
+ PFKEYSTAT_INC(out_invaddr);
error = EINVAL;
goto senderror;
}
@@ -7546,7 +7546,7 @@ key_parse(m, so)
if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) ||
key_typesw[msg->sadb_msg_type] == NULL) {
- V_pfkeystat.out_invmsgtype++;
+ PFKEYSTAT_INC(out_invmsgtype);
error = EINVAL;
goto senderror;
}
@@ -7648,7 +7648,7 @@ key_align(m, mhp)
ipseclog((LOG_DEBUG, "%s: duplicate ext_type "
"%u\n", __func__, ext->sadb_ext_type));
m_freem(m);
- V_pfkeystat.out_dupext++;
+ PFKEYSTAT_INC(out_dupext);
return EINVAL;
}
break;
@@ -7656,7 +7656,7 @@ key_align(m, mhp)
ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n",
__func__, ext->sadb_ext_type));
m_freem(m);
- V_pfkeystat.out_invexttype++;
+ PFKEYSTAT_INC(out_invexttype);
return EINVAL;
}
@@ -7664,7 +7664,7 @@ key_align(m, mhp)
if (key_validate_ext(ext, extlen)) {
m_freem(m);
- V_pfkeystat.out_invlen++;
+ PFKEYSTAT_INC(out_invlen);
return EINVAL;
}
@@ -7682,7 +7682,7 @@ key_align(m, mhp)
if (off != end) {
m_freem(m);
- V_pfkeystat.out_invlen++;
+ PFKEYSTAT_INC(out_invlen);
return EINVAL;
}
Modified: stable/9/sys/netipsec/keysock.c
==============================================================================
--- stable/9/sys/netipsec/keysock.c Thu Jul 4 08:57:13 2013 (r252692)
+++ stable/9/sys/netipsec/keysock.c Thu Jul 4 08:59:34 2013 (r252693)
@@ -91,19 +91,19 @@ key_output(struct mbuf *m, struct socket
if (m == 0)
panic("%s: NULL pointer was passed.\n", __func__);
- V_pfkeystat.out_total++;
- V_pfkeystat.out_bytes += m->m_pkthdr.len;
+ PFKEYSTAT_INC(out_total);
+ PFKEYSTAT_ADD(out_bytes, m->m_pkthdr.len);
len = m->m_pkthdr.len;
if (len < sizeof(struct sadb_msg)) {
- V_pfkeystat.out_tooshort++;
+ PFKEYSTAT_INC(out_tooshort);
error = EINVAL;
goto end;
}
if (m->m_len < sizeof(struct sadb_msg)) {
if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) {
- V_pfkeystat.out_nomem++;
+ PFKEYSTAT_INC(out_nomem);
error = ENOBUFS;
goto end;
}
@@ -114,9 +114,9 @@ key_output(struct mbuf *m, struct socket
KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m));
msg = mtod(m, struct sadb_msg *);
- V_pfkeystat.out_msgtype[msg->sadb_msg_type]++;
+ PFKEYSTAT_INC(out_msgtype[msg->sadb_msg_type]);
if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) {
- V_pfkeystat.out_invlen++;
+ PFKEYSTAT_INC(out_invlen);
error = EINVAL;
goto end;
}
@@ -147,7 +147,7 @@ key_sendup0(rp, m, promisc)
if (m && m->m_len < sizeof(struct sadb_msg))
m = m_pullup(m, sizeof(struct sadb_msg));
if (!m) {
- V_pfkeystat.in_nomem++;
+ PFKEYSTAT_INC(in_nomem);
m_freem(m);
return ENOBUFS;
}
@@ -160,12 +160,12 @@ key_sendup0(rp, m, promisc)
pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
/* pid and seq? */
- V_pfkeystat.in_msgtype[pmsg->sadb_msg_type]++;
+ PFKEYSTAT_INC(in_msgtype[pmsg->sadb_msg_type]);
}
if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src,
m, NULL)) {
- V_pfkeystat.in_nomem++;
+ PFKEYSTAT_INC(in_nomem);
m_freem(m);
error = ENOBUFS;
} else
@@ -197,9 +197,9 @@ key_sendup(so, msg, len, target)
* we increment statistics here, just in case we have ENOBUFS
* in this function.
*/
- V_pfkeystat.in_total++;
- V_pfkeystat.in_bytes += len;
- V_pfkeystat.in_msgtype[msg->sadb_msg_type]++;
+ PFKEYSTAT_INC(in_total);
+ PFKEYSTAT_ADD(in_bytes, len);
+ PFKEYSTAT_INC(in_msgtype[msg->sadb_msg_type]);
/*
* Get mbuf chain whenever possible (not clusters),
@@ -216,14 +216,14 @@ key_sendup(so, msg, len, target)
if (tlen == len) {
MGETHDR(n, M_DONTWAIT, MT_DATA);
if (n == NULL) {
- V_pfkeystat.in_nomem++;
+ PFKEYSTAT_INC(in_nomem);
return ENOBUFS;
}
n->m_len = MHLEN;
} else {
MGET(n, M_DONTWAIT, MT_DATA);
if (n == NULL) {
- V_pfkeystat.in_nomem++;
+ PFKEYSTAT_INC(in_nomem);
return ENOBUFS;
}
n->m_len = MLEN;
@@ -233,7 +233,7 @@ key_sendup(so, msg, len, target)
if ((n->m_flags & M_EXT) == 0) {
m_free(n);
m_freem(m);
- V_pfkeystat.in_nomem++;
+ PFKEYSTAT_INC(in_nomem);
return ENOBUFS;
}
n->m_len = MCLBYTES;
@@ -256,9 +256,9 @@ key_sendup(so, msg, len, target)
m_copyback(m, 0, len, (caddr_t)msg);
/* avoid duplicated statistics */
- V_pfkeystat.in_total--;
- V_pfkeystat.in_bytes -= len;
- V_pfkeystat.in_msgtype[msg->sadb_msg_type]--;
+ PFKEYSTAT_ADD(in_total, -1);
+ PFKEYSTAT_ADD(in_bytes, -len);
+ PFKEYSTAT_ADD(in_msgtype[msg->sadb_msg_type], -1);
return key_sendup_mbuf(so, m, target);
}
@@ -281,19 +281,19 @@ key_sendup_mbuf(so, m, target)
if (so == NULL && target == KEY_SENDUP_ONE)
panic("%s: NULL pointer was passed.\n", __func__);
- V_pfkeystat.in_total++;
- V_pfkeystat.in_bytes += m->m_pkthdr.len;
+ PFKEYSTAT_INC(in_total);
+ PFKEYSTAT_ADD(in_bytes, m->m_pkthdr.len);
if (m->m_len < sizeof(struct sadb_msg)) {
m = m_pullup(m, sizeof(struct sadb_msg));
if (m == NULL) {
- V_pfkeystat.in_nomem++;
+ PFKEYSTAT_INC(in_nomem);
return ENOBUFS;
}
}
if (m->m_len >= sizeof(struct sadb_msg)) {
struct sadb_msg *msg;
msg = mtod(m, struct sadb_msg *);
- V_pfkeystat.in_msgtype[msg->sadb_msg_type]++;
+ PFKEYSTAT_INC(in_msgtype[msg->sadb_msg_type]);
}
mtx_lock(&rawcb_mtx);
LIST_FOREACH(rp, &V_rawcb_list, list)
@@ -338,14 +338,14 @@ key_sendup_mbuf(so, m, target)
sendup++;
break;
}
- V_pfkeystat.in_msgtarget[target]++;
+ PFKEYSTAT_INC(in_msgtarget[target]);
if (!sendup)
continue;
if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) {
m_freem(m);
- V_pfkeystat.in_nomem++;
+ PFKEYSTAT_INC(in_nomem);
mtx_unlock(&rawcb_mtx);
return ENOBUFS;
}
Modified: stable/9/sys/netipsec/keysock.h
==============================================================================
--- stable/9/sys/netipsec/keysock.h Thu Jul 4 08:57:13 2013 (r252692)
+++ stable/9/sys/netipsec/keysock.h Thu Jul 4 08:59:34 2013 (r252693)
@@ -70,6 +70,8 @@ struct keycb {
};
VNET_DECLARE(struct pfkeystat, pfkeystat);
+#define PFKEYSTAT_ADD(name, val) V_pfkeystat.name += (val)
+#define PFKEYSTAT_INC(name) PFKEYSTAT_ADD(name, 1)
#define V_pfkeystat VNET(pfkeystat)
extern int key_output(struct mbuf *m, struct socket *so);
Modified: stable/9/sys/netipsec/xform_ah.c
==============================================================================
--- stable/9/sys/netipsec/xform_ah.c Thu Jul 4 08:57:13 2013 (r252692)
+++ stable/9/sys/netipsec/xform_ah.c Thu Jul 4 08:59:34 2013 (r252693)
@@ -596,14 +596,14 @@ ah_input(struct mbuf *m, struct secasvar
IP6_EXTHDR_GET(ah, struct newah *, m, skip, rplen);
if (ah == NULL) {
DPRINTF(("ah_input: cannot pullup header\n"));
- V_ahstat.ahs_hdrops++; /*XXX*/
+ AHSTAT_INC(ahs_hdrops); /*XXX*/
m_freem(m);
return ENOBUFS;
}
/* Check replay window, if applicable. */
if (sav->replay && !ipsec_chkreplay(ntohl(ah->ah_seq), sav)) {
- V_ahstat.ahs_replay++;
+ AHSTAT_INC(ahs_replay);
DPRINTF(("%s: packet replay failure: %s\n", __func__,
ipsec_logsastr(sav)));
m_freem(m);
@@ -620,17 +620,17 @@ ah_input(struct mbuf *m, struct secasvar
hl, (u_long) (authsize + rplen - sizeof (struct ah)),
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
- V_ahstat.ahs_badauthl++;
+ AHSTAT_INC(ahs_badauthl);
m_freem(m);
return EACCES;
}
- V_ahstat.ahs_ibytes += m->m_pkthdr.len - skip - hl;
+ AHSTAT_ADD(ahs_ibytes, m->m_pkthdr.len - skip - hl);
/* Get crypto descriptors. */
crp = crypto_getreq(1);
if (crp == NULL) {
DPRINTF(("%s: failed to acquire crypto descriptor\n",__func__));
- V_ahstat.ahs_crypto++;
+ AHSTAT_INC(ahs_crypto);
m_freem(m);
return ENOBUFS;
}
@@ -670,7 +670,7 @@ ah_input(struct mbuf *m, struct secasvar
}
if (tc == NULL) {
DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
- V_ahstat.ahs_crypto++;
+ AHSTAT_INC(ahs_crypto);
crypto_freereq(crp);
m_freem(m);
return ENOBUFS;
@@ -694,7 +694,7 @@ ah_input(struct mbuf *m, struct secasvar
skip, ahx->type, 0);
if (error != 0) {
/* NB: mbuf is free'd by ah_massage_headers */
- V_ahstat.ahs_hdrops++;
+ AHSTAT_INC(ahs_hdrops);
free(tc, M_XDATA);
crypto_freereq(crp);
return error;
@@ -775,19 +775,19 @@ ah_input_cb(struct cryptop *crp)
return error;
}
- V_ahstat.ahs_noxform++;
+ AHSTAT_INC(ahs_noxform);
DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
error = crp->crp_etype;
goto bad;
} else {
- V_ahstat.ahs_hist[sav->alg_auth]++;
+ AHSTAT_INC(ahs_hist[sav->alg_auth]);
crypto_freereq(crp); /* No longer needed. */
crp = NULL;
}
/* Shouldn't happen... */
if (m == NULL) {
- V_ahstat.ahs_crypto++;
+ AHSTAT_INC(ahs_crypto);
DPRINTF(("%s: bogus returned buffer from crypto\n", __func__));
error = EINVAL;
goto bad;
@@ -813,7 +813,7 @@ ah_input_cb(struct cryptop *crp)
"in SA %s/%08lx\n", __func__,
ipsec_address(&saidx->dst),
(u_long) ntohl(sav->spi)));
- V_ahstat.ahs_badauth++;
+ AHSTAT_INC(ahs_badauth);
error = EACCES;
goto bad;
}
@@ -844,7 +844,7 @@ ah_input_cb(struct cryptop *crp)
m_copydata(m, skip + offsetof(struct newah, ah_seq),
sizeof (seq), (caddr_t) &seq);
if (ipsec_updatereplay(ntohl(seq), sav)) {
- V_ahstat.ahs_replay++;
+ AHSTAT_INC(ahs_replay);
error = ENOBUFS; /*XXX as above*/
goto bad;
}
@@ -858,7 +858,7 @@ ah_input_cb(struct cryptop *crp)
DPRINTF(("%s: mangled mbuf chain for SA %s/%08lx\n", __func__,
ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi)));
- V_ahstat.ahs_hdrops++;
+ AHSTAT_INC(ahs_hdrops);
goto bad;
}
@@ -919,7 +919,7 @@ ah_output(
ahx = sav->tdb_authalgxform;
IPSEC_ASSERT(ahx != NULL, ("null authentication xform"));
- V_ahstat.ahs_output++;
+ AHSTAT_INC(ahs_output);
/* Figure out header size. */
rplen = HDRSIZE(sav);
@@ -942,7 +942,7 @@ ah_output(
sav->sah->saidx.dst.sa.sa_family,
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
- V_ahstat.ahs_nopf++;
+ AHSTAT_INC(ahs_nopf);
error = EPFNOSUPPORT;
goto bad;
}
@@ -953,20 +953,20 @@ ah_output(
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi),
rplen + authsize + m->m_pkthdr.len, maxpacketsize));
- V_ahstat.ahs_toobig++;
+ AHSTAT_INC(ahs_toobig);
error = EMSGSIZE;
goto bad;
}
/* Update the counters. */
- V_ahstat.ahs_obytes += m->m_pkthdr.len - skip;
+ AHSTAT_ADD(ahs_obytes, m->m_pkthdr.len - skip);
m = m_unshare(m, M_NOWAIT);
if (m == NULL) {
DPRINTF(("%s: cannot clone mbuf chain, SA %s/%08lx\n", __func__,
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
- V_ahstat.ahs_hdrops++;
+ AHSTAT_INC(ahs_hdrops);
error = ENOBUFS;
goto bad;
}
@@ -979,7 +979,7 @@ ah_output(
rplen + authsize,
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
- V_ahstat.ahs_hdrops++; /*XXX differs from openbsd */
+ AHSTAT_INC(ahs_hdrops); /*XXX differs from openbsd */
error = ENOBUFS;
goto bad;
}
@@ -1007,7 +1007,7 @@ ah_output(
__func__,
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
- V_ahstat.ahs_wrap++;
+ AHSTAT_INC(ahs_wrap);
error = EINVAL;
goto bad;
}
@@ -1024,7 +1024,7 @@ ah_output(
if (crp == NULL) {
DPRINTF(("%s: failed to acquire crypto descriptors\n",
__func__));
- V_ahstat.ahs_crypto++;
+ AHSTAT_INC(ahs_crypto);
error = ENOBUFS;
goto bad;
}
@@ -1046,7 +1046,7 @@ ah_output(
if (tc == NULL) {
crypto_freereq(crp);
DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
- V_ahstat.ahs_crypto++;
+ AHSTAT_INC(ahs_crypto);
error = ENOBUFS;
goto bad;
}
@@ -1151,7 +1151,7 @@ ah_output_cb(struct cryptop *crp)
sav = tc->tc_sav;
/* With the isr lock released SA pointer can be updated. */
if (sav != isr->sav) {
- V_ahstat.ahs_notdb++;
+ AHSTAT_INC(ahs_notdb);
DPRINTF(("%s: SA expired while in crypto\n", __func__));
error = ENOBUFS; /*XXX*/
goto bad;
@@ -1168,7 +1168,7 @@ ah_output_cb(struct cryptop *crp)
return error;
}
- V_ahstat.ahs_noxform++;
+ AHSTAT_INC(ahs_noxform);
DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
error = crp->crp_etype;
goto bad;
@@ -1176,12 +1176,12 @@ ah_output_cb(struct cryptop *crp)
/* Shouldn't happen... */
if (m == NULL) {
- V_ahstat.ahs_crypto++;
+ AHSTAT_INC(ahs_crypto);
DPRINTF(("%s: bogus returned buffer from crypto\n", __func__));
error = EINVAL;
goto bad;
}
- V_ahstat.ahs_hist[sav->alg_auth]++;
+ AHSTAT_INC(ahs_hist[sav->alg_auth]);
/*
* Copy original headers (with the new protocol number) back
Modified: stable/9/sys/netipsec/xform_esp.c
==============================================================================
--- stable/9/sys/netipsec/xform_esp.c Thu Jul 4 08:57:13 2013 (r252692)
+++ stable/9/sys/netipsec/xform_esp.c Thu Jul 4 08:59:34 2013 (r252693)
@@ -286,7 +286,7 @@ esp_input(struct mbuf *m, struct secasva
if ( (skip&3) || (m->m_pkthdr.len&3) ){
DPRINTF(("%s: misaligned packet, skip %u pkt len %u",
__func__, skip, m->m_pkthdr.len));
- V_espstat.esps_badilen++;
+ ESPSTAT_INC(esps_badilen);
m_freem(m);
return EINVAL;
}
@@ -332,7 +332,7 @@ esp_input(struct mbuf *m, struct secasva
plen, espx->blocksize,
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
- V_espstat.esps_badilen++;
+ ESPSTAT_INC(esps_badilen);
m_freem(m);
return EINVAL;
}
@@ -343,13 +343,13 @@ esp_input(struct mbuf *m, struct secasva
if (esph && sav->replay && !ipsec_chkreplay(ntohl(esp->esp_seq), sav)) {
DPRINTF(("%s: packet replay check for %s\n", __func__,
ipsec_logsastr(sav))); /*XXX*/
- V_espstat.esps_replay++;
+ ESPSTAT_INC(esps_replay);
m_freem(m);
return ENOBUFS; /*XXX*/
}
/* Update the counters */
- V_espstat.esps_ibytes += m->m_pkthdr.len - (skip + hlen + alen);
+ ESPSTAT_ADD(esps_ibytes, m->m_pkthdr.len - (skip + hlen + alen));
/* Find out if we've already done crypto */
for (mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_CRYPTO_DONE, NULL);
@@ -368,7 +368,7 @@ esp_input(struct mbuf *m, struct secasva
if (crp == NULL) {
DPRINTF(("%s: failed to acquire crypto descriptors\n",
__func__));
- V_espstat.esps_crypto++;
+ ESPSTAT_INC(esps_crypto);
m_freem(m);
return ENOBUFS;
}
@@ -383,7 +383,7 @@ esp_input(struct mbuf *m, struct secasva
if (tc == NULL) {
crypto_freereq(crp);
DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
- V_espstat.esps_crypto++;
+ ESPSTAT_INC(esps_crypto);
m_freem(m);
return ENOBUFS;
}
@@ -501,7 +501,7 @@ esp_input_cb(struct cryptop *crp)
return error;
}
- V_espstat.esps_noxform++;
+ ESPSTAT_INC(esps_noxform);
DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
error = crp->crp_etype;
goto bad;
@@ -509,12 +509,12 @@ esp_input_cb(struct cryptop *crp)
/* Shouldn't happen... */
if (m == NULL) {
- V_espstat.esps_crypto++;
+ ESPSTAT_INC(esps_crypto);
DPRINTF(("%s: bogus returned buffer from crypto\n", __func__));
error = EINVAL;
goto bad;
}
- V_espstat.esps_hist[sav->alg_enc]++;
+ ESPSTAT_INC(esps_hist[sav->alg_enc]);
/* If authentication was performed, check now. */
if (esph != NULL) {
@@ -533,7 +533,7 @@ esp_input_cb(struct cryptop *crp)
* the verification for us. Otherwise we need to
* check the authentication calculation.
*/
- V_ahstat.ahs_hist[sav->alg_auth]++;
+ AHSTAT_INC(ahs_hist[sav->alg_auth]);
if (mtag == NULL) {
/* Copy the authenticator from the packet */
m_copydata(m, m->m_pkthdr.len - alen,
@@ -548,7 +548,7 @@ esp_input_cb(struct cryptop *crp)
__func__,
ipsec_address(&saidx->dst),
(u_long) ntohl(sav->spi)));
- V_espstat.esps_badauth++;
+ ESPSTAT_INC(esps_badauth);
error = EACCES;
goto bad;
}
@@ -578,7 +578,7 @@ esp_input_cb(struct cryptop *crp)
if (ipsec_updatereplay(ntohl(seq), sav)) {
DPRINTF(("%s: packet replay check for %s\n", __func__,
ipsec_logsastr(sav)));
- V_espstat.esps_replay++;
+ ESPSTAT_INC(esps_replay);
error = ENOBUFS;
goto bad;
}
@@ -593,7 +593,7 @@ esp_input_cb(struct cryptop *crp)
/* Remove the ESP header and IV from the mbuf. */
error = m_striphdr(m, skip, hlen);
if (error) {
- V_espstat.esps_hdrops++;
+ ESPSTAT_INC(esps_hdrops);
DPRINTF(("%s: bad mbuf chain, SA %s/%08lx\n", __func__,
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-stable-9
mailing list