diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -66,7 +66,7 @@ struct pf_addr pfid_addr6; struct pf_addr pfid_mask6; struct pfr_ktable *pfid_kt; - struct pfi_kif *pfid_kif; + struct pfi_kkif *pfid_kif; int pfid_net; /* mask or 128 */ int pfid_acnt4; /* address count IPv4 */ int pfid_acnt6; /* address count IPv6 */ @@ -294,6 +294,25 @@ #ifdef _KERNEL +struct pf_kpooladdr { + struct pf_addr_wrap addr; + TAILQ_ENTRY(pf_kpooladdr) entries; + char ifname[IFNAMSIZ]; + struct pfi_kkif *kif; +}; + +TAILQ_HEAD(pf_kpalist, pf_kpooladdr); + +struct pf_kpool { + struct pf_kpalist list; + struct pf_kpooladdr *cur; + struct pf_poolhashkey key; + struct pf_addr counter; + int tblidx; + u_int16_t proxy_port[2]; + u_int8_t opts; +}; + union pf_krule_ptr { struct pf_krule *ptr; u_int32_t nr; @@ -313,13 +332,13 @@ char overload_tblname[PF_TABLE_NAME_SIZE]; TAILQ_ENTRY(pf_krule) entries; - struct pf_pool rpool; + struct pf_kpool rpool; counter_u64_t evaluations; counter_u64_t packets[2]; counter_u64_t bytes[2]; - struct pfi_kif *kif; + struct pfi_kkif *kif; struct pf_kanchor *anchor; struct pfr_ktable *overload_tbl; @@ -398,7 +417,7 @@ struct pf_addr addr; struct pf_addr raddr; union pf_krule_ptr rule; - struct pfi_kif *kif; + struct pfi_kkif *kif; counter_u64_t bytes[2]; counter_u64_t packets[2]; u_int32_t states; @@ -500,8 +519,8 @@ union pf_krule_ptr nat_rule; struct pf_addr rt_addr; struct pf_state_key *key[2]; /* addresses stack and wire */ - struct pfi_kif *kif; - struct pfi_kif *rt_kif; + struct pfi_kkif *kif; + struct pfi_kkif *rt_kif; struct pf_ksrc_node *src_node; struct pf_ksrc_node *nat_src_node; counter_u64_t packets[2]; @@ -606,7 +625,7 @@ /* pflog */ struct pf_kruleset; struct pf_pdesc; -typedef int pflog_packet_t(struct pfi_kif *, struct mbuf *, sa_family_t, +typedef int pflog_packet_t(struct pfi_kkif *, struct mbuf *, sa_family_t, u_int8_t, u_int8_t, struct pf_krule *, struct pf_krule *, struct pf_kruleset *, struct pf_pdesc *, int); extern pflog_packet_t *pflog_packet_ptr; @@ -851,16 +870,12 @@ #define pfrkt_tzero pfrkt_kts.pfrkts_tzero #endif -/* keep synced with pfi_kif, used in RB_FIND */ -struct pfi_kif_cmp { - char pfik_name[IFNAMSIZ]; -}; - -struct pfi_kif { +#ifdef _KERNEL +struct pfi_kkif { char pfik_name[IFNAMSIZ]; union { - RB_ENTRY(pfi_kif) _pfik_tree; - LIST_ENTRY(pfi_kif) _pfik_list; + RB_ENTRY(pfi_kkif) _pfik_tree; + LIST_ENTRY(pfi_kkif) _pfik_list; } _pfik_glue; #define pfik_tree _pfik_glue._pfik_tree #define pfik_list _pfik_glue._pfik_list @@ -873,6 +888,7 @@ u_int pfik_rulerefs; TAILQ_HEAD(, pfi_dynaddr) pfik_dynaddrs; }; +#endif #define PFI_IFLAG_REFS 0x0001 /* has state references */ #define PFI_IFLAG_SKIP 0x0100 /* skip filtering on interface */ @@ -1379,7 +1395,7 @@ TAILQ_HEAD(pf_altqqueue, pf_altq); VNET_DECLARE(struct pf_altqqueue, pf_altqs[4]); #define V_pf_altqs VNET(pf_altqs) -VNET_DECLARE(struct pf_palist, pf_pabuf); +VNET_DECLARE(struct pf_kpalist, pf_pabuf); #define V_pf_pabuf VNET(pf_pabuf) VNET_DECLARE(u_int32_t, ticket_altqs_active); @@ -1428,7 +1444,7 @@ extern int pf_unlink_state(struct pf_state *, u_int); #define PF_ENTER_LOCKED 0x00000001 #define PF_RETURN_LOCKED 0x00000002 -extern int pf_state_insert(struct pfi_kif *, +extern int pf_state_insert(struct pfi_kkif *, struct pf_state_key *, struct pf_state_key *, struct pf_state *); @@ -1476,13 +1492,13 @@ #ifdef INET int pf_test(int, int, struct ifnet *, struct mbuf **, struct inpcb *); -int pf_normalize_ip(struct mbuf **, int, struct pfi_kif *, u_short *, +int pf_normalize_ip(struct mbuf **, int, struct pfi_kkif *, u_short *, struct pf_pdesc *); #endif /* INET */ #ifdef INET6 int pf_test6(int, int, struct ifnet *, struct mbuf **, struct inpcb *); -int pf_normalize_ip6(struct mbuf **, int, struct pfi_kif *, u_short *, +int pf_normalize_ip6(struct mbuf **, int, struct pfi_kkif *, u_short *, struct pf_pdesc *); void pf_poolmask(struct pf_addr *, struct pf_addr*, struct pf_addr *, struct pf_addr *, u_int8_t); @@ -1510,7 +1526,7 @@ void pf_normalize_init(void); void pf_normalize_cleanup(void); -int pf_normalize_tcp(int, struct pfi_kif *, struct mbuf *, int, int, void *, +int pf_normalize_tcp(int, struct pfi_kkif *, struct mbuf *, int, int, void *, struct pf_pdesc *); void pf_normalize_tcp_cleanup(struct pf_state *); int pf_normalize_tcp_init(struct mbuf *, int, struct pf_pdesc *, @@ -1522,7 +1538,7 @@ pf_state_expires(const struct pf_state *); void pf_purge_expired_fragments(void); void pf_purge_fragments(uint32_t); -int pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kif *, +int pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kkif *, int); int pf_socket_lookup(int, struct pf_pdesc *, struct mbuf *); struct pf_state_key *pf_alloc_state_key(int); @@ -1565,19 +1581,19 @@ int *, u_int32_t, int); MALLOC_DECLARE(PFI_MTYPE); -VNET_DECLARE(struct pfi_kif *, pfi_all); +VNET_DECLARE(struct pfi_kkif *, pfi_all); #define V_pfi_all VNET(pfi_all) void pfi_initialize(void); void pfi_initialize_vnet(void); void pfi_cleanup(void); void pfi_cleanup_vnet(void); -void pfi_kif_ref(struct pfi_kif *); -void pfi_kif_unref(struct pfi_kif *); -struct pfi_kif *pfi_kif_find(const char *); -struct pfi_kif *pfi_kif_attach(struct pfi_kif *, const char *); -int pfi_kif_match(struct pfi_kif *, struct pfi_kif *); -void pfi_kif_purge(void); +void pfi_kkif_ref(struct pfi_kkif *); +void pfi_kkif_unref(struct pfi_kkif *); +struct pfi_kkif *pfi_kkif_find(const char *); +struct pfi_kkif *pfi_kkif_attach(struct pfi_kkif *, const char *); +int pfi_kkif_match(struct pfi_kkif *, struct pfi_kkif *); +void pfi_kkif_purge(void); int pfi_match_addr(struct pfi_dynaddr *, struct pf_addr *, sa_family_t); int pfi_dynaddr_setup(struct pf_addr_wrap *, sa_family_t); @@ -1651,7 +1667,7 @@ struct pf_addr *, struct pf_addr *, struct pf_addr *, struct pf_ksrc_node **); struct pf_krule *pf_get_translation(struct pf_pdesc *, struct mbuf *, - int, int, struct pfi_kif *, struct pf_ksrc_node **, + int, int, struct pfi_kkif *, struct pf_ksrc_node **, struct pf_state_key **, struct pf_state_key **, struct pf_addr *, struct pf_addr *, uint16_t, uint16_t, struct pf_kanchor_stackframe *); diff --git a/sys/netpfil/pf/if_pflog.c b/sys/netpfil/pf/if_pflog.c --- a/sys/netpfil/pf/if_pflog.c +++ b/sys/netpfil/pf/if_pflog.c @@ -201,7 +201,7 @@ } static int -pflog_packet(struct pfi_kif *kif, struct mbuf *m, sa_family_t af, u_int8_t dir, +pflog_packet(struct pfi_kkif *kif, struct mbuf *m, sa_family_t af, u_int8_t dir, u_int8_t reason, struct pf_krule *rm, struct pf_krule *am, struct pf_kruleset *ruleset, struct pf_pdesc *pd, int lookupsafe) { diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -464,7 +464,7 @@ struct pf_state *st = NULL; struct pf_state_key *skw = NULL, *sks = NULL; struct pf_krule *r = NULL; - struct pfi_kif *kif; + struct pfi_kkif *kif; int error; PF_RULES_RASSERT(); @@ -476,7 +476,7 @@ return (EINVAL); } - if ((kif = pfi_kif_find(sp->ifname)) == NULL) { + if ((kif = pfi_kkif_find(sp->ifname)) == NULL) { if (V_pf_status.debug >= PF_DEBUG_MISC) printf("%s: unknown interface: %s\n", __func__, sp->ifname); @@ -764,7 +764,7 @@ creatorid = clr[i].creatorid; if (clr[i].ifname[0] != '\0' && - pfi_kif_find(clr[i].ifname) == NULL) + pfi_kkif_find(clr[i].ifname) == NULL) continue; for (int i = 0; i <= pf_hashmask; i++) { diff --git a/sys/netpfil/pf/pf.h b/sys/netpfil/pf/pf.h --- a/sys/netpfil/pf/pf.h +++ b/sys/netpfil/pf/pf.h @@ -189,6 +189,29 @@ struct pf_rule; +/* keep synced with pfi_kif, used in RB_FIND */ +struct pfi_kif_cmp { + char pfik_name[IFNAMSIZ]; +}; + +struct pfi_kif { + char pfik_name[IFNAMSIZ]; + union { + RB_ENTRY(pfi_kif) _pfik_tree; + LIST_ENTRY(pfi_kif) _pfik_list; + } _pfik_glue; +#define pfik_tree _pfik_glue._pfik_tree +#define pfik_list _pfik_glue._pfik_list + u_int64_t pfik_packets[2][2][2]; + u_int64_t pfik_bytes[2][2][2]; + u_int32_t pfik_tzero; + u_int pfik_flags; + struct ifnet *pfik_ifp; + struct ifg_group *pfik_group; + u_int pfik_rulerefs; + TAILQ_HEAD(, pfi_dynaddr) pfik_dynaddrs; +}; + struct pf_status { uint64_t counters[PFRES_MAX]; uint64_t lcounters[LCNT_MAX]; diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -118,7 +118,7 @@ /* state tables */ VNET_DEFINE(struct pf_altqqueue, pf_altqs[4]); -VNET_DEFINE(struct pf_palist, pf_pabuf); +VNET_DEFINE(struct pf_kpalist, pf_pabuf); VNET_DEFINE(struct pf_altqqueue *, pf_altqs_active); VNET_DEFINE(struct pf_altqqueue *, pf_altq_ifs_active); VNET_DEFINE(struct pf_altqqueue *, pf_altqs_inactive); @@ -244,38 +244,38 @@ static int pf_state_key_ctor(void *, int, void *, int); static u_int32_t pf_tcp_iss(struct pf_pdesc *); static int pf_test_rule(struct pf_krule **, struct pf_state **, - int, struct pfi_kif *, struct mbuf *, int, + int, struct pfi_kkif *, struct mbuf *, int, struct pf_pdesc *, struct pf_krule **, struct pf_kruleset **, struct inpcb *); static int pf_create_state(struct pf_krule *, struct pf_krule *, struct pf_krule *, struct pf_pdesc *, struct pf_ksrc_node *, struct pf_state_key *, struct pf_state_key *, struct mbuf *, int, - u_int16_t, u_int16_t, int *, struct pfi_kif *, + u_int16_t, u_int16_t, int *, struct pfi_kkif *, struct pf_state **, int, u_int16_t, u_int16_t, int); static int pf_test_fragment(struct pf_krule **, int, - struct pfi_kif *, struct mbuf *, void *, + struct pfi_kkif *, struct mbuf *, void *, struct pf_pdesc *, struct pf_krule **, struct pf_kruleset **); static int pf_tcp_track_full(struct pf_state_peer *, struct pf_state_peer *, struct pf_state **, - struct pfi_kif *, struct mbuf *, int, + struct pfi_kkif *, struct mbuf *, int, struct pf_pdesc *, u_short *, int *); static int pf_tcp_track_sloppy(struct pf_state_peer *, struct pf_state_peer *, struct pf_state **, struct pf_pdesc *, u_short *); static int pf_test_state_tcp(struct pf_state **, int, - struct pfi_kif *, struct mbuf *, int, + struct pfi_kkif *, struct mbuf *, int, void *, struct pf_pdesc *, u_short *); static int pf_test_state_udp(struct pf_state **, int, - struct pfi_kif *, struct mbuf *, int, + struct pfi_kkif *, struct mbuf *, int, void *, struct pf_pdesc *); static int pf_test_state_icmp(struct pf_state **, int, - struct pfi_kif *, struct mbuf *, int, + struct pfi_kkif *, struct mbuf *, int, void *, struct pf_pdesc *, u_short *); static int pf_test_state_other(struct pf_state **, int, - struct pfi_kif *, struct mbuf *, struct pf_pdesc *); + struct pfi_kkif *, struct mbuf *, struct pf_pdesc *); static u_int8_t pf_get_wscale(struct mbuf *, int, u_int16_t, sa_family_t); static u_int16_t pf_get_mss(struct mbuf *, int, u_int16_t, @@ -290,7 +290,7 @@ struct pf_addr_wrap *); static void pf_patch_8(struct mbuf *, u_int16_t *, u_int8_t *, u_int8_t, bool, u_int8_t); -static struct pf_state *pf_find_state(struct pfi_kif *, +static struct pf_state *pf_find_state(struct pfi_kkif *, struct pf_state_key_cmp *, u_int); static int pf_src_connlimit(struct pf_state **); static void pf_overload_task(void *v, int pending); @@ -1255,7 +1255,7 @@ } int -pf_state_insert(struct pfi_kif *kif, struct pf_state_key *skw, +pf_state_insert(struct pfi_kkif *kif, struct pf_state_key *skw, struct pf_state_key *sks, struct pf_state *s) { struct pf_idhash *ih; @@ -1341,7 +1341,7 @@ * Returns with ID hash slot locked on success. */ static struct pf_state * -pf_find_state(struct pfi_kif *kif, struct pf_state_key_cmp *key, u_int dir) +pf_find_state(struct pfi_kkif *kif, struct pf_state_key_cmp *key, u_int dir) { struct pf_keyhash *kh; struct pf_state_key *sk; @@ -1538,7 +1538,7 @@ pf_purge_expired_fragments(); pf_purge_expired_src_nodes(); pf_purge_unlinked_rules(); - pfi_kif_purge(); + pfi_kkif_purge(); } CURVNET_RESTORE(); } @@ -1561,7 +1561,7 @@ * raise them, and then second run frees. */ pf_purge_unlinked_rules(); - pfi_kif_purge(); + pfi_kkif_purge(); /* * Now purge everything. @@ -1575,7 +1575,7 @@ * thus should be successfully freed. */ pf_purge_unlinked_rules(); - pfi_kif_purge(); + pfi_kkif_purge(); } u_int32_t @@ -2602,7 +2602,7 @@ static void pf_return(struct pf_krule *r, struct pf_krule *nr, struct pf_pdesc *pd, struct pf_state_key *sk, int off, struct mbuf *m, struct tcphdr *th, - struct pfi_kif *kif, u_int16_t bproto_sum, u_int16_t bip_sum, int hdrlen, + struct pfi_kkif *kif, u_int16_t bproto_sum, u_int16_t bip_sum, int hdrlen, u_short *reason) { struct pf_addr * const saddr = pd->src; @@ -3325,7 +3325,7 @@ static int pf_test_rule(struct pf_krule **rm, struct pf_state **sm, int direction, - struct pfi_kif *kif, struct mbuf *m, int off, struct pf_pdesc *pd, + struct pfi_kkif *kif, struct mbuf *m, int off, struct pf_pdesc *pd, struct pf_krule **am, struct pf_kruleset **rsm, struct inpcb *inp) { struct pf_krule *nr = NULL; @@ -3538,7 +3538,7 @@ while (r != NULL) { counter_u64_add(r->evaluations, 1); - if (pfi_kif_match(r->kif, kif) == r->ifnot) + if (pfi_kkif_match(r->kif, kif) == r->ifnot) r = r->skip[PF_SKIP_IFP].ptr; else if (r->direction && r->direction != direction) r = r->skip[PF_SKIP_DIR].ptr; @@ -3701,7 +3701,7 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a, struct pf_pdesc *pd, struct pf_ksrc_node *nsn, struct pf_state_key *nk, struct pf_state_key *sk, struct mbuf *m, int off, u_int16_t sport, - u_int16_t dport, int *rewrite, struct pfi_kif *kif, struct pf_state **sm, + u_int16_t dport, int *rewrite, struct pfi_kkif *kif, struct pf_state **sm, int tag, u_int16_t bproto_sum, u_int16_t bip_sum, int hdrlen) { struct pf_state *s = NULL; @@ -3960,7 +3960,7 @@ } static int -pf_test_fragment(struct pf_krule **rm, int direction, struct pfi_kif *kif, +pf_test_fragment(struct pf_krule **rm, int direction, struct pfi_kkif *kif, struct mbuf *m, void *h, struct pf_pdesc *pd, struct pf_krule **am, struct pf_kruleset **rsm) { @@ -3978,7 +3978,7 @@ r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_FILTER].active.ptr); while (r != NULL) { counter_u64_add(r->evaluations, 1); - if (pfi_kif_match(r->kif, kif) == r->ifnot) + if (pfi_kkif_match(r->kif, kif) == r->ifnot) r = r->skip[PF_SKIP_IFP].ptr; else if (r->direction && r->direction != direction) r = r->skip[PF_SKIP_DIR].ptr; @@ -4056,7 +4056,7 @@ static int pf_tcp_track_full(struct pf_state_peer *src, struct pf_state_peer *dst, - struct pf_state **state, struct pfi_kif *kif, struct mbuf *m, int off, + struct pf_state **state, struct pfi_kkif *kif, struct mbuf *m, int off, struct pf_pdesc *pd, u_short *reason, int *copyback) { struct tcphdr *th = pd->hdr.tcp; @@ -4453,7 +4453,7 @@ } static int -pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kif *kif, +pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kkif *kif, struct mbuf *m, int off, void *h, struct pf_pdesc *pd, u_short *reason) { @@ -4621,7 +4621,7 @@ } static int -pf_test_state_udp(struct pf_state **state, int direction, struct pfi_kif *kif, +pf_test_state_udp(struct pf_state **state, int direction, struct pfi_kkif *kif, struct mbuf *m, int off, void *h, struct pf_pdesc *pd) { struct pf_state_peer *src, *dst; @@ -4688,7 +4688,7 @@ } static int -pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif, +pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kkif *kif, struct mbuf *m, int off, void *h, struct pf_pdesc *pd, u_short *reason) { struct pf_addr *saddr = pd->src, *daddr = pd->dst; @@ -5292,7 +5292,7 @@ } static int -pf_test_state_other(struct pf_state **state, int direction, struct pfi_kif *kif, +pf_test_state_other(struct pf_state **state, int direction, struct pfi_kkif *kif, struct mbuf *m, struct pf_pdesc *pd) { struct pf_state_peer *src, *dst; @@ -5424,7 +5424,7 @@ } int -pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kif *kif, +pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kkif *kif, int rtableid) { struct ifnet *ifp; @@ -5888,7 +5888,7 @@ int pf_test(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp) { - struct pfi_kif *kif; + struct pfi_kkif *kif; u_short action, reason = 0, log = 0; struct mbuf *m = *m0; struct ip *h = NULL; @@ -5908,7 +5908,7 @@ memset(&pd, 0, sizeof(pd)); - kif = (struct pfi_kif *)ifp->if_pf_kif; + kif = (struct pfi_kkif *)ifp->if_pf_kif; if (kif == NULL) { DPFPRINTF(PF_DEBUG_URGENT, @@ -6280,7 +6280,7 @@ int pf_test6(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp) { - struct pfi_kif *kif; + struct pfi_kkif *kif; u_short action, reason = 0, log = 0; struct mbuf *m = *m0, *n = NULL; struct m_tag *mtag; @@ -6303,7 +6303,7 @@ if (pd.pf_mtag && pd.pf_mtag->flags & PF_TAG_GENERATED) return (PF_PASS); - kif = (struct pfi_kif *)ifp->if_pf_kif; + kif = (struct pfi_kkif *)ifp->if_pf_kif; if (kif == NULL) { DPFPRINTF(PF_DEBUG_URGENT, ("pf_test6: kif == NULL, if_xname %s\n", ifp->if_xname)); diff --git a/sys/netpfil/pf/pf_if.c b/sys/netpfil/pf/pf_if.c --- a/sys/netpfil/pf/pf_if.c +++ b/sys/netpfil/pf/pf_if.c @@ -54,7 +54,7 @@ #include #include -VNET_DEFINE(struct pfi_kif *, pfi_all); +VNET_DEFINE(struct pfi_kkif *, pfi_all); VNET_DEFINE_STATIC(long, pfi_update); #define V_pfi_update VNET(pfi_update) #define PFI_BUFFER_MAX 0x10000 @@ -76,17 +76,17 @@ eventhandler_tag pfi_detach_group_cookie; eventhandler_tag pfi_ifaddr_event_cookie; -static void pfi_attach_ifnet(struct ifnet *, struct pfi_kif *); -static void pfi_attach_ifgroup(struct ifg_group *, struct pfi_kif *); +static void pfi_attach_ifnet(struct ifnet *, struct pfi_kkif *); +static void pfi_attach_ifgroup(struct ifg_group *, struct pfi_kkif *); -static void pfi_kif_update(struct pfi_kif *); +static void pfi_kkif_update(struct pfi_kkif *); static void pfi_dynaddr_update(struct pfi_dynaddr *dyn); -static void pfi_table_update(struct pfr_ktable *, struct pfi_kif *, int, +static void pfi_table_update(struct pfr_ktable *, struct pfi_kkif *, int, int); static void pfi_instance_add(struct ifnet *, int, int); static void pfi_address_add(struct sockaddr *, int, int); -static int pfi_if_compare(struct pfi_kif *, struct pfi_kif *); -static int pfi_skip_if(const char *, struct pfi_kif *); +static int pfi_kkif_compare(struct pfi_kkif *, struct pfi_kkif *); +static int pfi_skip_if(const char *, struct pfi_kkif *); static int pfi_unmask(void *); static void pfi_attach_ifnet_event(void * __unused, struct ifnet *); static void pfi_detach_ifnet_event(void * __unused, struct ifnet *); @@ -95,16 +95,16 @@ static void pfi_detach_group_event(void * __unused, struct ifg_group *); static void pfi_ifaddr_event(void * __unused, struct ifnet *); -RB_HEAD(pfi_ifhead, pfi_kif); -static RB_PROTOTYPE(pfi_ifhead, pfi_kif, pfik_tree, pfi_if_compare); -static RB_GENERATE(pfi_ifhead, pfi_kif, pfik_tree, pfi_if_compare); +RB_HEAD(pfi_ifhead, pfi_kkif); +static RB_PROTOTYPE(pfi_ifhead, pfi_kkif, pfik_tree, pfi_kkif_compare); +static RB_GENERATE(pfi_ifhead, pfi_kkif, pfik_tree, pfi_kkif_compare); VNET_DEFINE_STATIC(struct pfi_ifhead, pfi_ifs); #define V_pfi_ifs VNET(pfi_ifs) #define PFI_BUFFER_MAX 0x10000 MALLOC_DEFINE(PFI_MTYPE, "pf_ifnet", "pf(4) interface database"); -LIST_HEAD(pfi_list, pfi_kif); +LIST_HEAD(pfi_list, pfi_kkif); VNET_DEFINE_STATIC(struct pfi_list, pfi_unlinked_kifs); #define V_pfi_unlinked_kifs VNET(pfi_unlinked_kifs) static struct mtx pfi_unlnkdkifs_mtx; @@ -116,7 +116,7 @@ { struct pfi_list kifs = LIST_HEAD_INITIALIZER(); struct epoch_tracker et; - struct pfi_kif *kif; + struct pfi_kkif *kif; struct ifg_group *ifg; struct ifnet *ifp; int nkifs; @@ -141,7 +141,7 @@ PF_RULES_WLOCK(); kif = LIST_FIRST(&kifs); LIST_REMOVE(kif, pfik_list); - V_pfi_all = pfi_kif_attach(kif, IFG_ALL); + V_pfi_all = pfi_kkif_attach(kif, IFG_ALL); CK_STAILQ_FOREACH(ifg, &V_ifg_head, ifg_next) { kif = LIST_FIRST(&kifs); LIST_REMOVE(kif, pfik_list); @@ -180,7 +180,7 @@ void pfi_cleanup_vnet(void) { - struct pfi_kif *kif; + struct pfi_kkif *kif; PF_RULES_WASSERT(); @@ -218,8 +218,8 @@ EVENTHANDLER_DEREGISTER(ifaddr_event, pfi_ifaddr_event_cookie); } -struct pfi_kif * -pfi_kif_find(const char *kif_name) +struct pfi_kkif * +pfi_kkif_find(const char *kif_name) { struct pfi_kif_cmp s; @@ -228,18 +228,18 @@ bzero(&s, sizeof(s)); strlcpy(s.pfik_name, kif_name, sizeof(s.pfik_name)); - return (RB_FIND(pfi_ifhead, &V_pfi_ifs, (struct pfi_kif *)&s)); + return (RB_FIND(pfi_ifhead, &V_pfi_ifs, (struct pfi_kkif *)&s)); } -struct pfi_kif * -pfi_kif_attach(struct pfi_kif *kif, const char *kif_name) +struct pfi_kkif * +pfi_kkif_attach(struct pfi_kkif *kif, const char *kif_name) { - struct pfi_kif *kif1; + struct pfi_kkif *kif1; PF_RULES_WASSERT(); KASSERT(kif != NULL, ("%s: null kif", __func__)); - kif1 = pfi_kif_find(kif_name); + kif1 = pfi_kkif_find(kif_name); if (kif1 != NULL) { free(kif, PFI_MTYPE); return (kif1); @@ -263,7 +263,7 @@ } void -pfi_kif_ref(struct pfi_kif *kif) +pfi_kkif_ref(struct pfi_kkif *kif) { PF_RULES_WASSERT(); @@ -271,7 +271,7 @@ } void -pfi_kif_unref(struct pfi_kif *kif) +pfi_kkif_unref(struct pfi_kkif *kif) { PF_RULES_WASSERT(); @@ -298,9 +298,9 @@ } void -pfi_kif_purge(void) +pfi_kkif_purge(void) { - struct pfi_kif *kif, *kif1; + struct pfi_kkif *kif, *kif1; /* * Do naive mark-and-sweep garbage collecting of old kifs. @@ -318,7 +318,7 @@ } int -pfi_kif_match(struct pfi_kif *rule_kif, struct pfi_kif *packet_kif) +pfi_kkif_match(struct pfi_kkif *rule_kif, struct pfi_kkif *packet_kif) { struct ifg_list *p; @@ -337,27 +337,27 @@ } static void -pfi_attach_ifnet(struct ifnet *ifp, struct pfi_kif *kif) +pfi_attach_ifnet(struct ifnet *ifp, struct pfi_kkif *kif) { PF_RULES_WASSERT(); V_pfi_update++; - kif = pfi_kif_attach(kif, ifp->if_xname); + kif = pfi_kkif_attach(kif, ifp->if_xname); if_ref(ifp); kif->pfik_ifp = ifp; ifp->if_pf_kif = kif; - pfi_kif_update(kif); + pfi_kkif_update(kif); } static void -pfi_attach_ifgroup(struct ifg_group *ifg, struct pfi_kif *kif) +pfi_attach_ifgroup(struct ifg_group *ifg, struct pfi_kkif *kif) { PF_RULES_WASSERT(); V_pfi_update++; - kif = pfi_kif_attach(kif, ifg->ifg_group); + kif = pfi_kkif_attach(kif, ifg->ifg_group); kif->pfik_group = ifg; ifg->ifg_pf_kif = kif; } @@ -404,7 +404,7 @@ struct pfi_dynaddr *dyn; char tblname[PF_TABLE_NAME_SIZE]; struct pf_kruleset *ruleset = NULL; - struct pfi_kif *kif; + struct pfi_kkif *kif; int rv = 0; PF_RULES_WASSERT(); @@ -421,10 +421,10 @@ } if (!strcmp(aw->v.ifname, "self")) - dyn->pfid_kif = pfi_kif_attach(kif, IFG_ALL); + dyn->pfid_kif = pfi_kkif_attach(kif, IFG_ALL); else - dyn->pfid_kif = pfi_kif_attach(kif, aw->v.ifname); - pfi_kif_ref(dyn->pfid_kif); + dyn->pfid_kif = pfi_kkif_attach(kif, aw->v.ifname); + pfi_kkif_ref(dyn->pfid_kif); dyn->pfid_net = pfi_unmask(&aw->v.a.mask); if (af == AF_INET && dyn->pfid_net == 32) @@ -458,7 +458,7 @@ TAILQ_INSERT_TAIL(&dyn->pfid_kif->pfik_dynaddrs, dyn, entry); aw->p.dyn = dyn; NET_EPOCH_ENTER(et); - pfi_kif_update(dyn->pfid_kif); + pfi_kkif_update(dyn->pfid_kif); NET_EPOCH_EXIT(et); return (0); @@ -469,19 +469,19 @@ if (ruleset != NULL) pf_remove_if_empty_kruleset(ruleset); if (dyn->pfid_kif != NULL) - pfi_kif_unref(dyn->pfid_kif); + pfi_kkif_unref(dyn->pfid_kif); free(dyn, PFI_MTYPE); return (rv); } static void -pfi_kif_update(struct pfi_kif *kif) +pfi_kkif_update(struct pfi_kkif *kif) { struct ifg_list *ifgl; struct ifg_member *ifgm; struct pfi_dynaddr *p; - struct pfi_kif *tmpkif; + struct pfi_kkif *tmpkif; NET_EPOCH_ASSERT(); PF_RULES_WASSERT(); @@ -494,7 +494,7 @@ if (kif->pfik_group != NULL) { CK_STAILQ_FOREACH(ifgm, &kif->pfik_group->ifg_members, ifgm_next) { - tmpkif = (struct pfi_kif *)ifgm->ifgm_ifp->if_pf_kif; + tmpkif = (struct pfi_kkif *)ifgm->ifgm_ifp->if_pf_kif; if (tmpkif == NULL) continue; @@ -505,7 +505,7 @@ /* again for all groups kif is member of */ if (kif->pfik_ifp != NULL) { CK_STAILQ_FOREACH(ifgl, &kif->pfik_ifp->if_groups, ifgl_next) - pfi_kif_update((struct pfi_kif *) + pfi_kkif_update((struct pfi_kkif *) ifgl->ifgl_group->ifg_pf_kif); } } @@ -513,7 +513,7 @@ static void pfi_dynaddr_update(struct pfi_dynaddr *dyn) { - struct pfi_kif *kif; + struct pfi_kkif *kif; struct pfr_ktable *kt; PF_RULES_WASSERT(); @@ -532,7 +532,7 @@ } static void -pfi_table_update(struct pfr_ktable *kt, struct pfi_kif *kif, int net, int flags) +pfi_table_update(struct pfr_ktable *kt, struct pfi_kkif *kif, int net, int flags) { int e, size2 = 0; struct ifg_member *ifgm; @@ -677,7 +677,7 @@ KASSERT(dyn->pfid_kt != NULL, ("%s: null pfid_kt", __func__)); TAILQ_REMOVE(&dyn->pfid_kif->pfik_dynaddrs, dyn, entry); - pfi_kif_unref(dyn->pfid_kif); + pfi_kkif_unref(dyn->pfid_kif); pfr_detach_table(dyn->pfid_kt); free(dyn, PFI_MTYPE); } @@ -695,7 +695,7 @@ } static int -pfi_if_compare(struct pfi_kif *p, struct pfi_kif *q) +pfi_kkif_compare(struct pfi_kkif *p, struct pfi_kkif *q) { return (strncmp(p->pfik_name, q->pfik_name, IFNAMSIZ)); } @@ -703,14 +703,14 @@ void pfi_update_status(const char *name, struct pf_status *pfs) { - struct pfi_kif *p; + struct pfi_kkif *p; struct pfi_kif_cmp key; struct ifg_member p_member, *ifgm; CK_STAILQ_HEAD(, ifg_member) ifg_members; int i, j, k; strlcpy(key.pfik_name, name, sizeof(key.pfik_name)); - p = RB_FIND(pfi_ifhead, &V_pfi_ifs, (struct pfi_kif *)&key); + p = RB_FIND(pfi_ifhead, &V_pfi_ifs, (struct pfi_kkif *)&key); if (p == NULL) return; @@ -731,7 +731,7 @@ CK_STAILQ_FOREACH(ifgm, &ifg_members, ifgm_next) { if (ifgm->ifgm_ifp == NULL || ifgm->ifgm_ifp->if_pf_kif == NULL) continue; - p = (struct pfi_kif *)ifgm->ifgm_ifp->if_pf_kif; + p = (struct pfi_kkif *)ifgm->ifgm_ifp->if_pf_kif; /* just clear statistics */ if (pfs == NULL) { @@ -751,11 +751,31 @@ } } +static void +pf_kkif_to_kif(const struct pfi_kkif *kkif, struct pfi_kif *kif) +{ + + bzero(kif, sizeof(*kif)); + strlcpy(kif->pfik_name, kkif->pfik_name, sizeof(kif->pfik_name)); + for (int i = 0; i < 2; i++) { + for (int j = 0; j < 2; j++) { + for (int k = 0; k < 2; k++) { + kif->pfik_packets[i][j][k] = + kkif->pfik_packets[i][j][k]; + kif->pfik_bytes[i][j][k] = + kkif->pfik_bytes[i][j][k]; + } + } + } + kif->pfik_tzero = kkif->pfik_tzero; + kif->pfik_rulerefs = kkif->pfik_rulerefs; +} + void pfi_get_ifaces(const char *name, struct pfi_kif *buf, int *size) { struct epoch_tracker et; - struct pfi_kif *p, *nextp; + struct pfi_kkif *p, *nextp; int n = 0; NET_EPOCH_ENTER(et); @@ -767,7 +787,7 @@ break; if (!p->pfik_tzero) p->pfik_tzero = time_second; - bcopy(p, buf++, sizeof(*buf)); + pf_kkif_to_kif(p, buf++); nextp = RB_NEXT(pfi_ifhead, &V_pfi_ifs, p); } *size = n; @@ -775,7 +795,7 @@ } static int -pfi_skip_if(const char *filter, struct pfi_kif *p) +pfi_skip_if(const char *filter, struct pfi_kkif *p) { struct ifg_list *i; int n; @@ -803,7 +823,7 @@ pfi_set_flags(const char *name, int flags) { struct epoch_tracker et; - struct pfi_kif *p, *kif; + struct pfi_kkif *p, *kif; kif = malloc(sizeof(*kif), PFI_MTYPE, M_NOWAIT); if (kif == NULL) @@ -811,7 +831,7 @@ NET_EPOCH_ENTER(et); - kif = pfi_kif_attach(kif, name); + kif = pfi_kkif_attach(kif, name); RB_FOREACH(p, pfi_ifhead, &V_pfi_ifs) { if (pfi_skip_if(name, p)) @@ -826,7 +846,7 @@ pfi_clear_flags(const char *name, int flags) { struct epoch_tracker et; - struct pfi_kif *p, *tmp; + struct pfi_kkif *p, *tmp; NET_EPOCH_ENTER(et); RB_FOREACH_SAFE(p, pfi_ifhead, &V_pfi_ifs, tmp) { @@ -869,7 +889,7 @@ pfi_attach_ifnet_event(void *arg __unused, struct ifnet *ifp) { struct epoch_tracker et; - struct pfi_kif *kif; + struct pfi_kkif *kif; if (V_pf_vnet_active == 0) { /* Avoid teardown race in the least expensive way. */ @@ -890,7 +910,7 @@ pfi_detach_ifnet_event(void *arg __unused, struct ifnet *ifp) { struct epoch_tracker et; - struct pfi_kif *kif = (struct pfi_kif *)ifp->if_pf_kif; + struct pfi_kkif *kif = (struct pfi_kkif *)ifp->if_pf_kif; if (pfsync_detach_ifnet_ptr) pfsync_detach_ifnet_ptr(ifp); @@ -906,7 +926,7 @@ NET_EPOCH_ENTER(et); PF_RULES_WLOCK(); V_pfi_update++; - pfi_kif_update(kif); + pfi_kkif_update(kif); if (kif->pfik_ifp) if_rele(kif->pfik_ifp); @@ -924,7 +944,7 @@ pfi_attach_group_event(void *arg __unused, struct ifg_group *ifg) { struct epoch_tracker et; - struct pfi_kif *kif; + struct pfi_kkif *kif; if (V_pf_vnet_active == 0) { /* Avoid teardown race in the least expensive way. */ @@ -942,7 +962,7 @@ pfi_change_group_event(void *arg __unused, char *gname) { struct epoch_tracker et; - struct pfi_kif *kif; + struct pfi_kkif *kif; if (V_pf_vnet_active == 0) { /* Avoid teardown race in the least expensive way. */ @@ -953,8 +973,8 @@ NET_EPOCH_ENTER(et); PF_RULES_WLOCK(); V_pfi_update++; - kif = pfi_kif_attach(kif, gname); - pfi_kif_update(kif); + kif = pfi_kkif_attach(kif, gname); + pfi_kkif_update(kif); PF_RULES_WUNLOCK(); NET_EPOCH_EXIT(et); } @@ -962,7 +982,7 @@ static void pfi_detach_group_event(void *arg __unused, struct ifg_group *ifg) { - struct pfi_kif *kif = (struct pfi_kif *)ifg->ifg_pf_kif; + struct pfi_kkif *kif = (struct pfi_kkif *)ifg->ifg_pf_kif; if (kif == NULL) return; @@ -998,7 +1018,7 @@ V_pfi_update++; NET_EPOCH_ENTER(et); - pfi_kif_update(ifp->if_pf_kif); + pfi_kkif_update(ifp->if_pf_kif); NET_EPOCH_EXIT(et); } PF_RULES_WUNLOCK(); diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -91,11 +91,11 @@ #include #endif -static struct pf_pool *pf_get_pool(char *, u_int32_t, u_int8_t, u_int32_t, +static struct pf_kpool *pf_get_kpool(char *, u_int32_t, u_int8_t, u_int32_t, u_int8_t, u_int8_t, u_int8_t); -static void pf_mv_pool(struct pf_palist *, struct pf_palist *); -static void pf_empty_pool(struct pf_palist *); +static void pf_mv_kpool(struct pf_kpalist *, struct pf_kpalist *); +static void pf_empty_kpool(struct pf_kpalist *); static int pfioctl(struct cdev *, u_long, caddr_t, int, struct thread *); #ifdef ALTQ @@ -337,8 +337,8 @@ return; } -static struct pf_pool * -pf_get_pool(char *anchor, u_int32_t ticket, u_int8_t rule_action, +static struct pf_kpool * +pf_get_kpool(char *anchor, u_int32_t ticket, u_int8_t rule_action, u_int32_t rule_number, u_int8_t r_last, u_int8_t active, u_int8_t check_ticket) { @@ -382,9 +382,9 @@ } static void -pf_mv_pool(struct pf_palist *poola, struct pf_palist *poolb) +pf_mv_kpool(struct pf_kpalist *poola, struct pf_kpalist *poolb) { - struct pf_pooladdr *mv_pool_pa; + struct pf_kpooladdr *mv_pool_pa; while ((mv_pool_pa = TAILQ_FIRST(poola)) != NULL) { TAILQ_REMOVE(poola, mv_pool_pa, entries); @@ -393,9 +393,9 @@ } static void -pf_empty_pool(struct pf_palist *poola) +pf_empty_kpool(struct pf_kpalist *poola) { - struct pf_pooladdr *pa; + struct pf_kpooladdr *pa; while ((pa = TAILQ_FIRST(poola)) != NULL) { switch (pa->addr.type) { @@ -409,7 +409,7 @@ break; } if (pa->kif) - pfi_kif_unref(pa->kif); + pfi_kkif_unref(pa->kif); TAILQ_REMOVE(poola, pa, entries); free(pa, M_PFRULE); } @@ -463,9 +463,9 @@ if (rule->overload_tbl) pfr_detach_table(rule->overload_tbl); if (rule->kif) - pfi_kif_unref(rule->kif); + pfi_kkif_unref(rule->kif); pf_kanchor_remove(rule); - pf_empty_pool(&rule->rpool.list); + pf_empty_kpool(&rule->rpool.list); counter_u64_free(rule->evaluations); for (int i = 0; i < 2; i++) { counter_u64_free(rule->packets[i]); @@ -1435,6 +1435,26 @@ } #endif /* ALTQ */ +static void +pf_kpooladdr_to_pooladdr(const struct pf_kpooladdr *kpool, + struct pf_pooladdr *pool) +{ + + bzero(pool, sizeof(*pool)); + bcopy(&kpool->addr, &pool->addr, sizeof(pool->addr)); + strlcpy(pool->ifname, kpool->ifname, sizeof(pool->ifname)); +} + +static void +pf_pooladdr_to_kpooladdr(const struct pf_pooladdr *pool, + struct pf_kpooladdr *kpool) +{ + + bzero(kpool, sizeof(*kpool)); + bcopy(&pool->addr, &kpool->addr, sizeof(kpool->addr)); + strlcpy(kpool->ifname, pool->ifname, sizeof(kpool->ifname)); +} + static void pf_krule_to_rule(const struct pf_krule *krule, struct pf_rule *rule) { @@ -1787,8 +1807,8 @@ struct pfioc_rule *pr = (struct pfioc_rule *)addr; struct pf_kruleset *ruleset; struct pf_krule *rule, *tail; - struct pf_pooladdr *pa; - struct pfi_kif *kif = NULL; + struct pf_kpooladdr *pa; + struct pfi_kkif *kif = NULL; int rs_num; if (pr->rule.return_icmp >> 8 > ICMP_MAXTYPE) { @@ -1859,8 +1879,8 @@ else rule->nr = 0; if (rule->ifname[0]) { - rule->kif = pfi_kif_attach(kif, rule->ifname); - pfi_kif_ref(rule->kif); + rule->kif = pfi_kkif_attach(kif, rule->ifname); + pfi_kkif_ref(rule->kif); } else rule->kif = NULL; @@ -1921,7 +1941,7 @@ PFR_TFLAG_ACTIVE; } - pf_mv_pool(&V_pf_pabuf, &rule->rpool.list); + pf_mv_kpool(&V_pf_pabuf, &rule->rpool.list); if (((((rule->action == PF_NAT) || (rule->action == PF_RDR) || (rule->action == PF_BINAT)) && rule->anchor == NULL) || (rule->rt > PF_NOPFROUTE)) && @@ -2054,8 +2074,8 @@ struct pfioc_rule *pcr = (struct pfioc_rule *)addr; struct pf_kruleset *ruleset; struct pf_krule *oldrule = NULL, *newrule = NULL; - struct pfi_kif *kif = NULL; - struct pf_pooladdr *pa; + struct pfi_kkif *kif = NULL; + struct pf_kpooladdr *pa; u_int32_t nr = 0; int rs_num; @@ -2126,9 +2146,9 @@ if (pcr->action != PF_CHANGE_REMOVE) { if (newrule->ifname[0]) { - newrule->kif = pfi_kif_attach(kif, + newrule->kif = pfi_kkif_attach(kif, newrule->ifname); - pfi_kif_ref(newrule->kif); + pfi_kkif_ref(newrule->kif); } else newrule->kif = NULL; @@ -2190,7 +2210,7 @@ PFR_TFLAG_ACTIVE; } - pf_mv_pool(&V_pf_pabuf, &newrule->rpool.list); + pf_mv_kpool(&V_pf_pabuf, &newrule->rpool.list); if (((((newrule->action == PF_NAT) || (newrule->action == PF_RDR) || (newrule->action == PF_BINAT) || @@ -2207,7 +2227,7 @@ newrule->rpool.cur = TAILQ_FIRST(&newrule->rpool.list); } - pf_empty_pool(&V_pf_pabuf); + pf_empty_kpool(&V_pf_pabuf); if (pcr->action == PF_CHANGE_ADD_HEAD) oldrule = TAILQ_FIRST( @@ -2876,7 +2896,7 @@ struct pfioc_pooladdr *pp = (struct pfioc_pooladdr *)addr; PF_RULES_WLOCK(); - pf_empty_pool(&V_pf_pabuf); + pf_empty_kpool(&V_pf_pabuf); pp->ticket = ++V_ticket_pabuf; PF_RULES_WUNLOCK(); break; @@ -2884,8 +2904,8 @@ case DIOCADDADDR: { struct pfioc_pooladdr *pp = (struct pfioc_pooladdr *)addr; - struct pf_pooladdr *pa; - struct pfi_kif *kif = NULL; + struct pf_kpooladdr *pa; + struct pfi_kkif *kif = NULL; #ifndef INET if (pp->af == AF_INET) { @@ -2910,7 +2930,7 @@ break; } pa = malloc(sizeof(*pa), M_PFRULE, M_WAITOK); - bcopy(&pp->addr, pa, sizeof(struct pf_pooladdr)); + pf_pooladdr_to_kpooladdr(&pp->addr, pa); if (pa->ifname[0]) kif = malloc(sizeof(*kif), PFI_MTYPE, M_WAITOK); PF_RULES_WLOCK(); @@ -2923,14 +2943,14 @@ break; } if (pa->ifname[0]) { - pa->kif = pfi_kif_attach(kif, pa->ifname); - pfi_kif_ref(pa->kif); + pa->kif = pfi_kkif_attach(kif, pa->ifname); + pfi_kkif_ref(pa->kif); } else pa->kif = NULL; if (pa->addr.type == PF_ADDR_DYNIFTL && ((error = pfi_dynaddr_setup(&pa->addr, pp->af)) != 0)) { if (pa->ifname[0]) - pfi_kif_unref(pa->kif); + pfi_kkif_unref(pa->kif); PF_RULES_WUNLOCK(); free(pa, M_PFRULE); break; @@ -2942,12 +2962,12 @@ case DIOCGETADDRS: { struct pfioc_pooladdr *pp = (struct pfioc_pooladdr *)addr; - struct pf_pool *pool; - struct pf_pooladdr *pa; + struct pf_kpool *pool; + struct pf_kpooladdr *pa; PF_RULES_RLOCK(); pp->nr = 0; - pool = pf_get_pool(pp->anchor, pp->ticket, pp->r_action, + pool = pf_get_kpool(pp->anchor, pp->ticket, pp->r_action, pp->r_num, 0, 1, 0); if (pool == NULL) { PF_RULES_RUNLOCK(); @@ -2962,12 +2982,12 @@ case DIOCGETADDR: { struct pfioc_pooladdr *pp = (struct pfioc_pooladdr *)addr; - struct pf_pool *pool; - struct pf_pooladdr *pa; + struct pf_kpool *pool; + struct pf_kpooladdr *pa; u_int32_t nr = 0; PF_RULES_RLOCK(); - pool = pf_get_pool(pp->anchor, pp->ticket, pp->r_action, + pool = pf_get_kpool(pp->anchor, pp->ticket, pp->r_action, pp->r_num, 0, 1, 1); if (pool == NULL) { PF_RULES_RUNLOCK(); @@ -2984,7 +3004,7 @@ error = EBUSY; break; } - bcopy(pa, &pp->addr, sizeof(struct pf_pooladdr)); + pf_kpooladdr_to_pooladdr(pa, &pp->addr); pf_addr_copyout(&pp->addr.addr); PF_RULES_RUNLOCK(); break; @@ -2992,10 +3012,10 @@ case DIOCCHANGEADDR: { struct pfioc_pooladdr *pca = (struct pfioc_pooladdr *)addr; - struct pf_pool *pool; - struct pf_pooladdr *oldpa = NULL, *newpa = NULL; + struct pf_kpool *pool; + struct pf_kpooladdr *oldpa = NULL, *newpa = NULL; struct pf_kruleset *ruleset; - struct pfi_kif *kif = NULL; + struct pfi_kkif *kif = NULL; if (pca->action < PF_CHANGE_ADD_HEAD || pca->action > PF_CHANGE_REMOVE) { @@ -3038,15 +3058,15 @@ if (ruleset == NULL) ERROUT(EBUSY); - pool = pf_get_pool(pca->anchor, pca->ticket, pca->r_action, + pool = pf_get_kpool(pca->anchor, pca->ticket, pca->r_action, pca->r_num, pca->r_last, 1, 1); if (pool == NULL) ERROUT(EBUSY); if (pca->action != PF_CHANGE_REMOVE) { if (newpa->ifname[0]) { - newpa->kif = pfi_kif_attach(kif, newpa->ifname); - pfi_kif_ref(newpa->kif); + newpa->kif = pfi_kkif_attach(kif, newpa->ifname); + pfi_kkif_ref(newpa->kif); kif = NULL; } @@ -3071,7 +3091,7 @@ oldpa = TAILQ_FIRST(&pool->list); break; case PF_CHANGE_ADD_TAIL: - oldpa = TAILQ_LAST(&pool->list, pf_palist); + oldpa = TAILQ_LAST(&pool->list, pf_kpalist); break; default: oldpa = TAILQ_FIRST(&pool->list); @@ -3093,7 +3113,7 @@ break; } if (oldpa->kif) - pfi_kif_unref(oldpa->kif); + pfi_kkif_unref(oldpa->kif); free(oldpa, M_PFRULE); } else { if (oldpa == NULL) @@ -3115,7 +3135,7 @@ DIOCCHANGEADDR_error: if (newpa != NULL) { if (newpa->kif) - pfi_kif_unref(newpa->kif); + pfi_kkif_unref(newpa->kif); free(newpa, M_PFRULE); } PF_RULES_WUNLOCK(); diff --git a/sys/netpfil/pf/pf_lb.c b/sys/netpfil/pf/pf_lb.c --- a/sys/netpfil/pf/pf_lb.c +++ b/sys/netpfil/pf/pf_lb.c @@ -59,7 +59,7 @@ static void pf_hash(struct pf_addr *, struct pf_addr *, struct pf_poolhashkey *, sa_family_t); static struct pf_krule *pf_match_translation(struct pf_pdesc *, struct mbuf *, - int, int, struct pfi_kif *, + int, int, struct pfi_kkif *, struct pf_addr *, u_int16_t, struct pf_addr *, uint16_t, int, struct pf_kanchor_stackframe *); static int pf_get_sport(sa_family_t, uint8_t, struct pf_krule *, @@ -125,7 +125,7 @@ static struct pf_krule * pf_match_translation(struct pf_pdesc *pd, struct mbuf *m, int off, - int direction, struct pfi_kif *kif, struct pf_addr *saddr, u_int16_t sport, + int direction, struct pfi_kkif *kif, struct pf_addr *saddr, u_int16_t sport, struct pf_addr *daddr, uint16_t dport, int rs_num, struct pf_kanchor_stackframe *anchor_stack) { @@ -150,7 +150,7 @@ } counter_u64_add(r->evaluations, 1); - if (pfi_kif_match(r->kif, kif) == r->ifnot) + if (pfi_kkif_match(r->kif, kif) == r->ifnot) r = r->skip[PF_SKIP_IFP].ptr; else if (r->direction && r->direction != direction) r = r->skip[PF_SKIP_DIR].ptr; @@ -314,7 +314,7 @@ pf_map_addr(sa_family_t af, struct pf_krule *r, struct pf_addr *saddr, struct pf_addr *naddr, struct pf_addr *init_addr, struct pf_ksrc_node **sn) { - struct pf_pool *rpool = &r->rpool; + struct pf_kpool *rpool = &r->rpool; struct pf_addr *raddr = NULL, *rmask = NULL; /* Try to find a src_node if none was given and this @@ -436,7 +436,7 @@ } case PF_POOL_ROUNDROBIN: { - struct pf_pooladdr *acur = rpool->cur; + struct pf_kpooladdr *acur = rpool->cur; /* * XXXGL: in the round-robin case we need to store @@ -522,7 +522,7 @@ struct pf_krule * pf_get_translation(struct pf_pdesc *pd, struct mbuf *m, int off, int direction, - struct pfi_kif *kif, struct pf_ksrc_node **sn, + struct pfi_kkif *kif, struct pf_ksrc_node **sn, struct pf_state_key **skp, struct pf_state_key **nkp, struct pf_addr *saddr, struct pf_addr *daddr, uint16_t sport, uint16_t dport, struct pf_kanchor_stackframe *anchor_stack) diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -993,7 +993,7 @@ #ifdef INET int -pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif, u_short *reason, +pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kkif *kif, u_short *reason, struct pf_pdesc *pd) { struct mbuf *m = *m0; @@ -1013,7 +1013,7 @@ r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_SCRUB].active.ptr); while (r != NULL) { counter_u64_add(r->evaluations, 1); - if (pfi_kif_match(r->kif, kif) == r->ifnot) + if (pfi_kkif_match(r->kif, kif) == r->ifnot) r = r->skip[PF_SKIP_IFP].ptr; else if (r->direction && r->direction != dir) r = r->skip[PF_SKIP_DIR].ptr; @@ -1134,7 +1134,7 @@ #ifdef INET6 int -pf_normalize_ip6(struct mbuf **m0, int dir, struct pfi_kif *kif, +pf_normalize_ip6(struct mbuf **m0, int dir, struct pfi_kkif *kif, u_short *reason, struct pf_pdesc *pd) { struct mbuf *m = *m0; @@ -1156,7 +1156,7 @@ r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_SCRUB].active.ptr); while (r != NULL) { counter_u64_add(r->evaluations, 1); - if (pfi_kif_match(r->kif, kif) == r->ifnot) + if (pfi_kkif_match(r->kif, kif) == r->ifnot) r = r->skip[PF_SKIP_IFP].ptr; else if (r->direction && r->direction != dir) r = r->skip[PF_SKIP_DIR].ptr; @@ -1295,7 +1295,7 @@ #endif /* INET6 */ int -pf_normalize_tcp(int dir, struct pfi_kif *kif, struct mbuf *m, int ipoff, +pf_normalize_tcp(int dir, struct pfi_kkif *kif, struct mbuf *m, int ipoff, int off, void *h, struct pf_pdesc *pd) { struct pf_krule *r, *rm = NULL; @@ -1310,7 +1310,7 @@ r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_SCRUB].active.ptr); while (r != NULL) { counter_u64_add(r->evaluations, 1); - if (pfi_kif_match(r->kif, kif) == r->ifnot) + if (pfi_kkif_match(r->kif, kif) == r->ifnot) r = r->skip[PF_SKIP_IFP].ptr; else if (r->direction && r->direction != dir) r = r->skip[PF_SKIP_DIR].ptr;