Page MenuHomeFreeBSD
Files F112021097

D27761.id81712.diff
No OneTemporary
Actions

D27761.id81712.diff
View Options

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -66,7 +66,7 @@
struct pf_addr pfid_addr6;
struct pf_addr pfid_mask6;
struct pfr_ktable *pfid_kt;
- struct pfi_kif *pfid_kif;
+ struct pfi_kkif *pfid_kif;
int pfid_net; /* mask or 128 */
int pfid_acnt4; /* address count IPv4 */
int pfid_acnt6; /* address count IPv6 */
@@ -294,6 +294,25 @@
#ifdef _KERNEL
+struct pf_kpooladdr {
+ struct pf_addr_wrap addr;
+ TAILQ_ENTRY(pf_kpooladdr) entries;
+ char ifname[IFNAMSIZ];
+ struct pfi_kkif *kif;
+};
+
+TAILQ_HEAD(pf_kpalist, pf_kpooladdr);
+
+struct pf_kpool {
+ struct pf_kpalist list;
+ struct pf_kpooladdr *cur;
+ struct pf_poolhashkey key;
+ struct pf_addr counter;
+ int tblidx;
+ u_int16_t proxy_port[2];
+ u_int8_t opts;
+};
+
union pf_krule_ptr {
struct pf_krule *ptr;
u_int32_t nr;
@@ -313,13 +332,13 @@
char overload_tblname[PF_TABLE_NAME_SIZE];
TAILQ_ENTRY(pf_krule) entries;
- struct pf_pool rpool;
+ struct pf_kpool rpool;
counter_u64_t evaluations;
counter_u64_t packets[2];
counter_u64_t bytes[2];
- struct pfi_kif *kif;
+ struct pfi_kkif *kif;
struct pf_kanchor *anchor;
struct pfr_ktable *overload_tbl;
@@ -398,7 +417,7 @@
struct pf_addr addr;
struct pf_addr raddr;
union pf_krule_ptr rule;
- struct pfi_kif *kif;
+ struct pfi_kkif *kif;
counter_u64_t bytes[2];
counter_u64_t packets[2];
u_int32_t states;
@@ -500,8 +519,8 @@
union pf_krule_ptr nat_rule;
struct pf_addr rt_addr;
struct pf_state_key *key[2]; /* addresses stack and wire */
- struct pfi_kif *kif;
- struct pfi_kif *rt_kif;
+ struct pfi_kkif *kif;
+ struct pfi_kkif *rt_kif;
struct pf_ksrc_node *src_node;
struct pf_ksrc_node *nat_src_node;
counter_u64_t packets[2];
@@ -606,7 +625,7 @@
/* pflog */
struct pf_kruleset;
struct pf_pdesc;
-typedef int pflog_packet_t(struct pfi_kif *, struct mbuf *, sa_family_t,
+typedef int pflog_packet_t(struct pfi_kkif *, struct mbuf *, sa_family_t,
u_int8_t, u_int8_t, struct pf_krule *, struct pf_krule *,
struct pf_kruleset *, struct pf_pdesc *, int);
extern pflog_packet_t *pflog_packet_ptr;
@@ -851,16 +870,12 @@
#define pfrkt_tzero pfrkt_kts.pfrkts_tzero
#endif
-/* keep synced with pfi_kif, used in RB_FIND */
-struct pfi_kif_cmp {
- char pfik_name[IFNAMSIZ];
-};
-
-struct pfi_kif {
+#ifdef _KERNEL
+struct pfi_kkif {
char pfik_name[IFNAMSIZ];
union {
- RB_ENTRY(pfi_kif) _pfik_tree;
- LIST_ENTRY(pfi_kif) _pfik_list;
+ RB_ENTRY(pfi_kkif) _pfik_tree;
+ LIST_ENTRY(pfi_kkif) _pfik_list;
} _pfik_glue;
#define pfik_tree _pfik_glue._pfik_tree
#define pfik_list _pfik_glue._pfik_list
@@ -873,6 +888,7 @@
u_int pfik_rulerefs;
TAILQ_HEAD(, pfi_dynaddr) pfik_dynaddrs;
};
+#endif
#define PFI_IFLAG_REFS 0x0001 /* has state references */
#define PFI_IFLAG_SKIP 0x0100 /* skip filtering on interface */
@@ -1379,7 +1395,7 @@
TAILQ_HEAD(pf_altqqueue, pf_altq);
VNET_DECLARE(struct pf_altqqueue, pf_altqs[4]);
#define V_pf_altqs VNET(pf_altqs)
-VNET_DECLARE(struct pf_palist, pf_pabuf);
+VNET_DECLARE(struct pf_kpalist, pf_pabuf);
#define V_pf_pabuf VNET(pf_pabuf)
VNET_DECLARE(u_int32_t, ticket_altqs_active);
@@ -1428,7 +1444,7 @@
extern int pf_unlink_state(struct pf_state *, u_int);
#define PF_ENTER_LOCKED 0x00000001
#define PF_RETURN_LOCKED 0x00000002
-extern int pf_state_insert(struct pfi_kif *,
+extern int pf_state_insert(struct pfi_kkif *,
struct pf_state_key *,
struct pf_state_key *,
struct pf_state *);
@@ -1476,13 +1492,13 @@
#ifdef INET
int pf_test(int, int, struct ifnet *, struct mbuf **, struct inpcb *);
-int pf_normalize_ip(struct mbuf **, int, struct pfi_kif *, u_short *,
+int pf_normalize_ip(struct mbuf **, int, struct pfi_kkif *, u_short *,
struct pf_pdesc *);
#endif /* INET */
#ifdef INET6
int pf_test6(int, int, struct ifnet *, struct mbuf **, struct inpcb *);
-int pf_normalize_ip6(struct mbuf **, int, struct pfi_kif *, u_short *,
+int pf_normalize_ip6(struct mbuf **, int, struct pfi_kkif *, u_short *,
struct pf_pdesc *);
void pf_poolmask(struct pf_addr *, struct pf_addr*,
struct pf_addr *, struct pf_addr *, u_int8_t);
@@ -1510,7 +1526,7 @@
void pf_normalize_init(void);
void pf_normalize_cleanup(void);
-int pf_normalize_tcp(int, struct pfi_kif *, struct mbuf *, int, int, void *,
+int pf_normalize_tcp(int, struct pfi_kkif *, struct mbuf *, int, int, void *,
struct pf_pdesc *);
void pf_normalize_tcp_cleanup(struct pf_state *);
int pf_normalize_tcp_init(struct mbuf *, int, struct pf_pdesc *,
@@ -1522,7 +1538,7 @@
pf_state_expires(const struct pf_state *);
void pf_purge_expired_fragments(void);
void pf_purge_fragments(uint32_t);
-int pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kif *,
+int pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kkif *,
int);
int pf_socket_lookup(int, struct pf_pdesc *, struct mbuf *);
struct pf_state_key *pf_alloc_state_key(int);
@@ -1565,19 +1581,19 @@
int *, u_int32_t, int);
MALLOC_DECLARE(PFI_MTYPE);
-VNET_DECLARE(struct pfi_kif *, pfi_all);
+VNET_DECLARE(struct pfi_kkif *, pfi_all);
#define V_pfi_all VNET(pfi_all)
void pfi_initialize(void);
void pfi_initialize_vnet(void);
void pfi_cleanup(void);
void pfi_cleanup_vnet(void);
-void pfi_kif_ref(struct pfi_kif *);
-void pfi_kif_unref(struct pfi_kif *);
-struct pfi_kif *pfi_kif_find(const char *);
-struct pfi_kif *pfi_kif_attach(struct pfi_kif *, const char *);
-int pfi_kif_match(struct pfi_kif *, struct pfi_kif *);
-void pfi_kif_purge(void);
+void pfi_kkif_ref(struct pfi_kkif *);
+void pfi_kkif_unref(struct pfi_kkif *);
+struct pfi_kkif *pfi_kkif_find(const char *);
+struct pfi_kkif *pfi_kkif_attach(struct pfi_kkif *, const char *);
+int pfi_kkif_match(struct pfi_kkif *, struct pfi_kkif *);
+void pfi_kkif_purge(void);
int pfi_match_addr(struct pfi_dynaddr *, struct pf_addr *,
sa_family_t);
int pfi_dynaddr_setup(struct pf_addr_wrap *, sa_family_t);
@@ -1651,7 +1667,7 @@
struct pf_addr *, struct pf_addr *,
struct pf_addr *, struct pf_ksrc_node **);
struct pf_krule *pf_get_translation(struct pf_pdesc *, struct mbuf *,
- int, int, struct pfi_kif *, struct pf_ksrc_node **,
+ int, int, struct pfi_kkif *, struct pf_ksrc_node **,
struct pf_state_key **, struct pf_state_key **,
struct pf_addr *, struct pf_addr *,
uint16_t, uint16_t, struct pf_kanchor_stackframe *);
diff --git a/sys/netpfil/pf/if_pflog.c b/sys/netpfil/pf/if_pflog.c
--- a/sys/netpfil/pf/if_pflog.c
+++ b/sys/netpfil/pf/if_pflog.c
@@ -201,7 +201,7 @@
}
static int
-pflog_packet(struct pfi_kif *kif, struct mbuf *m, sa_family_t af, u_int8_t dir,
+pflog_packet(struct pfi_kkif *kif, struct mbuf *m, sa_family_t af, u_int8_t dir,
u_int8_t reason, struct pf_krule *rm, struct pf_krule *am,
struct pf_kruleset *ruleset, struct pf_pdesc *pd, int lookupsafe)
{
diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c
--- a/sys/netpfil/pf/if_pfsync.c
+++ b/sys/netpfil/pf/if_pfsync.c
@@ -464,7 +464,7 @@
struct pf_state *st = NULL;
struct pf_state_key *skw = NULL, *sks = NULL;
struct pf_krule *r = NULL;
- struct pfi_kif *kif;
+ struct pfi_kkif *kif;
int error;
PF_RULES_RASSERT();
@@ -476,7 +476,7 @@
return (EINVAL);
}
- if ((kif = pfi_kif_find(sp->ifname)) == NULL) {
+ if ((kif = pfi_kkif_find(sp->ifname)) == NULL) {
if (V_pf_status.debug >= PF_DEBUG_MISC)
printf("%s: unknown interface: %s\n", __func__,
sp->ifname);
@@ -764,7 +764,7 @@
creatorid = clr[i].creatorid;
if (clr[i].ifname[0] != '\0' &&
- pfi_kif_find(clr[i].ifname) == NULL)
+ pfi_kkif_find(clr[i].ifname) == NULL)
continue;
for (int i = 0; i <= pf_hashmask; i++) {
diff --git a/sys/netpfil/pf/pf.h b/sys/netpfil/pf/pf.h
--- a/sys/netpfil/pf/pf.h
+++ b/sys/netpfil/pf/pf.h
@@ -189,6 +189,29 @@
struct pf_rule;
+/* keep synced with pfi_kif, used in RB_FIND */
+struct pfi_kif_cmp {
+ char pfik_name[IFNAMSIZ];
+};
+
+struct pfi_kif {
+ char pfik_name[IFNAMSIZ];
+ union {
+ RB_ENTRY(pfi_kif) _pfik_tree;
+ LIST_ENTRY(pfi_kif) _pfik_list;
+ } _pfik_glue;
+#define pfik_tree _pfik_glue._pfik_tree
+#define pfik_list _pfik_glue._pfik_list
+ u_int64_t pfik_packets[2][2][2];
+ u_int64_t pfik_bytes[2][2][2];
+ u_int32_t pfik_tzero;
+ u_int pfik_flags;
+ struct ifnet *pfik_ifp;
+ struct ifg_group *pfik_group;
+ u_int pfik_rulerefs;
+ TAILQ_HEAD(, pfi_dynaddr) pfik_dynaddrs;
+};
+
struct pf_status {
uint64_t counters[PFRES_MAX];
uint64_t lcounters[LCNT_MAX];
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -118,7 +118,7 @@
/* state tables */
VNET_DEFINE(struct pf_altqqueue, pf_altqs[4]);
-VNET_DEFINE(struct pf_palist, pf_pabuf);
+VNET_DEFINE(struct pf_kpalist, pf_pabuf);
VNET_DEFINE(struct pf_altqqueue *, pf_altqs_active);
VNET_DEFINE(struct pf_altqqueue *, pf_altq_ifs_active);
VNET_DEFINE(struct pf_altqqueue *, pf_altqs_inactive);
@@ -244,38 +244,38 @@
static int pf_state_key_ctor(void *, int, void *, int);
static u_int32_t pf_tcp_iss(struct pf_pdesc *);
static int pf_test_rule(struct pf_krule **, struct pf_state **,
- int, struct pfi_kif *, struct mbuf *, int,
+ int, struct pfi_kkif *, struct mbuf *, int,
struct pf_pdesc *, struct pf_krule **,
struct pf_kruleset **, struct inpcb *);
static int pf_create_state(struct pf_krule *, struct pf_krule *,
struct pf_krule *, struct pf_pdesc *,
struct pf_ksrc_node *, struct pf_state_key *,
struct pf_state_key *, struct mbuf *, int,
- u_int16_t, u_int16_t, int *, struct pfi_kif *,
+ u_int16_t, u_int16_t, int *, struct pfi_kkif *,
struct pf_state **, int, u_int16_t, u_int16_t,
int);
static int pf_test_fragment(struct pf_krule **, int,
- struct pfi_kif *, struct mbuf *, void *,
+ struct pfi_kkif *, struct mbuf *, void *,
struct pf_pdesc *, struct pf_krule **,
struct pf_kruleset **);
static int pf_tcp_track_full(struct pf_state_peer *,
struct pf_state_peer *, struct pf_state **,
- struct pfi_kif *, struct mbuf *, int,
+ struct pfi_kkif *, struct mbuf *, int,
struct pf_pdesc *, u_short *, int *);
static int pf_tcp_track_sloppy(struct pf_state_peer *,
struct pf_state_peer *, struct pf_state **,
struct pf_pdesc *, u_short *);
static int pf_test_state_tcp(struct pf_state **, int,
- struct pfi_kif *, struct mbuf *, int,
+ struct pfi_kkif *, struct mbuf *, int,
void *, struct pf_pdesc *, u_short *);
static int pf_test_state_udp(struct pf_state **, int,
- struct pfi_kif *, struct mbuf *, int,
+ struct pfi_kkif *, struct mbuf *, int,
void *, struct pf_pdesc *);
static int pf_test_state_icmp(struct pf_state **, int,
- struct pfi_kif *, struct mbuf *, int,
+ struct pfi_kkif *, struct mbuf *, int,
void *, struct pf_pdesc *, u_short *);
static int pf_test_state_other(struct pf_state **, int,
- struct pfi_kif *, struct mbuf *, struct pf_pdesc *);
+ struct pfi_kkif *, struct mbuf *, struct pf_pdesc *);
static u_int8_t pf_get_wscale(struct mbuf *, int, u_int16_t,
sa_family_t);
static u_int16_t pf_get_mss(struct mbuf *, int, u_int16_t,
@@ -290,7 +290,7 @@
struct pf_addr_wrap *);
static void pf_patch_8(struct mbuf *, u_int16_t *, u_int8_t *, u_int8_t,
bool, u_int8_t);
-static struct pf_state *pf_find_state(struct pfi_kif *,
+static struct pf_state *pf_find_state(struct pfi_kkif *,
struct pf_state_key_cmp *, u_int);
static int pf_src_connlimit(struct pf_state **);
static void pf_overload_task(void *v, int pending);
@@ -1255,7 +1255,7 @@
}
int
-pf_state_insert(struct pfi_kif *kif, struct pf_state_key *skw,
+pf_state_insert(struct pfi_kkif *kif, struct pf_state_key *skw,
struct pf_state_key *sks, struct pf_state *s)
{
struct pf_idhash *ih;
@@ -1341,7 +1341,7 @@
* Returns with ID hash slot locked on success.
*/
static struct pf_state *
-pf_find_state(struct pfi_kif *kif, struct pf_state_key_cmp *key, u_int dir)
+pf_find_state(struct pfi_kkif *kif, struct pf_state_key_cmp *key, u_int dir)
{
struct pf_keyhash *kh;
struct pf_state_key *sk;
@@ -1538,7 +1538,7 @@
pf_purge_expired_fragments();
pf_purge_expired_src_nodes();
pf_purge_unlinked_rules();
- pfi_kif_purge();
+ pfi_kkif_purge();
}
CURVNET_RESTORE();
}
@@ -1561,7 +1561,7 @@
* raise them, and then second run frees.
*/
pf_purge_unlinked_rules();
- pfi_kif_purge();
+ pfi_kkif_purge();
/*
* Now purge everything.
@@ -1575,7 +1575,7 @@
* thus should be successfully freed.
*/
pf_purge_unlinked_rules();
- pfi_kif_purge();
+ pfi_kkif_purge();
}
u_int32_t
@@ -2602,7 +2602,7 @@
static void
pf_return(struct pf_krule *r, struct pf_krule *nr, struct pf_pdesc *pd,
struct pf_state_key *sk, int off, struct mbuf *m, struct tcphdr *th,
- struct pfi_kif *kif, u_int16_t bproto_sum, u_int16_t bip_sum, int hdrlen,
+ struct pfi_kkif *kif, u_int16_t bproto_sum, u_int16_t bip_sum, int hdrlen,
u_short *reason)
{
struct pf_addr * const saddr = pd->src;
@@ -3325,7 +3325,7 @@
static int
pf_test_rule(struct pf_krule **rm, struct pf_state **sm, int direction,
- struct pfi_kif *kif, struct mbuf *m, int off, struct pf_pdesc *pd,
+ struct pfi_kkif *kif, struct mbuf *m, int off, struct pf_pdesc *pd,
struct pf_krule **am, struct pf_kruleset **rsm, struct inpcb *inp)
{
struct pf_krule *nr = NULL;
@@ -3538,7 +3538,7 @@
while (r != NULL) {
counter_u64_add(r->evaluations, 1);
- if (pfi_kif_match(r->kif, kif) == r->ifnot)
+ if (pfi_kkif_match(r->kif, kif) == r->ifnot)
r = r->skip[PF_SKIP_IFP].ptr;
else if (r->direction && r->direction != direction)
r = r->skip[PF_SKIP_DIR].ptr;
@@ -3701,7 +3701,7 @@
pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a,
struct pf_pdesc *pd, struct pf_ksrc_node *nsn, struct pf_state_key *nk,
struct pf_state_key *sk, struct mbuf *m, int off, u_int16_t sport,
- u_int16_t dport, int *rewrite, struct pfi_kif *kif, struct pf_state **sm,
+ u_int16_t dport, int *rewrite, struct pfi_kkif *kif, struct pf_state **sm,
int tag, u_int16_t bproto_sum, u_int16_t bip_sum, int hdrlen)
{
struct pf_state *s = NULL;
@@ -3960,7 +3960,7 @@
}
static int
-pf_test_fragment(struct pf_krule **rm, int direction, struct pfi_kif *kif,
+pf_test_fragment(struct pf_krule **rm, int direction, struct pfi_kkif *kif,
struct mbuf *m, void *h, struct pf_pdesc *pd, struct pf_krule **am,
struct pf_kruleset **rsm)
{
@@ -3978,7 +3978,7 @@
r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_FILTER].active.ptr);
while (r != NULL) {
counter_u64_add(r->evaluations, 1);
- if (pfi_kif_match(r->kif, kif) == r->ifnot)
+ if (pfi_kkif_match(r->kif, kif) == r->ifnot)
r = r->skip[PF_SKIP_IFP].ptr;
else if (r->direction && r->direction != direction)
r = r->skip[PF_SKIP_DIR].ptr;
@@ -4056,7 +4056,7 @@
static int
pf_tcp_track_full(struct pf_state_peer *src, struct pf_state_peer *dst,
- struct pf_state **state, struct pfi_kif *kif, struct mbuf *m, int off,
+ struct pf_state **state, struct pfi_kkif *kif, struct mbuf *m, int off,
struct pf_pdesc *pd, u_short *reason, int *copyback)
{
struct tcphdr *th = pd->hdr.tcp;
@@ -4453,7 +4453,7 @@
}
static int
-pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kif *kif,
+pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kkif *kif,
struct mbuf *m, int off, void *h, struct pf_pdesc *pd,
u_short *reason)
{
@@ -4621,7 +4621,7 @@
}
static int
-pf_test_state_udp(struct pf_state **state, int direction, struct pfi_kif *kif,
+pf_test_state_udp(struct pf_state **state, int direction, struct pfi_kkif *kif,
struct mbuf *m, int off, void *h, struct pf_pdesc *pd)
{
struct pf_state_peer *src, *dst;
@@ -4688,7 +4688,7 @@
}
static int
-pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif,
+pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kkif *kif,
struct mbuf *m, int off, void *h, struct pf_pdesc *pd, u_short *reason)
{
struct pf_addr *saddr = pd->src, *daddr = pd->dst;
@@ -5292,7 +5292,7 @@
}
static int
-pf_test_state_other(struct pf_state **state, int direction, struct pfi_kif *kif,
+pf_test_state_other(struct pf_state **state, int direction, struct pfi_kkif *kif,
struct mbuf *m, struct pf_pdesc *pd)
{
struct pf_state_peer *src, *dst;
@@ -5424,7 +5424,7 @@
}
int
-pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kif *kif,
+pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kkif *kif,
int rtableid)
{
struct ifnet *ifp;
@@ -5888,7 +5888,7 @@
int
pf_test(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp)
{
- struct pfi_kif *kif;
+ struct pfi_kkif *kif;
u_short action, reason = 0, log = 0;
struct mbuf *m = *m0;
struct ip *h = NULL;
@@ -5908,7 +5908,7 @@
memset(&pd, 0, sizeof(pd));
- kif = (struct pfi_kif *)ifp->if_pf_kif;
+ kif = (struct pfi_kkif *)ifp->if_pf_kif;
if (kif == NULL) {
DPFPRINTF(PF_DEBUG_URGENT,
@@ -6280,7 +6280,7 @@
int
pf_test6(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp)
{
- struct pfi_kif *kif;
+ struct pfi_kkif *kif;
u_short action, reason = 0, log = 0;
struct mbuf *m = *m0, *n = NULL;
struct m_tag *mtag;
@@ -6303,7 +6303,7 @@
if (pd.pf_mtag && pd.pf_mtag->flags & PF_TAG_GENERATED)
return (PF_PASS);
- kif = (struct pfi_kif *)ifp->if_pf_kif;
+ kif = (struct pfi_kkif *)ifp->if_pf_kif;
if (kif == NULL) {
DPFPRINTF(PF_DEBUG_URGENT,
("pf_test6: kif == NULL, if_xname %s\n", ifp->if_xname));
diff --git a/sys/netpfil/pf/pf_if.c b/sys/netpfil/pf/pf_if.c
--- a/sys/netpfil/pf/pf_if.c
+++ b/sys/netpfil/pf/pf_if.c
@@ -54,7 +54,7 @@
#include <net/pfvar.h>
#include <net/route.h>
-VNET_DEFINE(struct pfi_kif *, pfi_all);
+VNET_DEFINE(struct pfi_kkif *, pfi_all);
VNET_DEFINE_STATIC(long, pfi_update);
#define V_pfi_update VNET(pfi_update)
#define PFI_BUFFER_MAX 0x10000
@@ -76,17 +76,17 @@
eventhandler_tag pfi_detach_group_cookie;
eventhandler_tag pfi_ifaddr_event_cookie;
-static void pfi_attach_ifnet(struct ifnet *, struct pfi_kif *);
-static void pfi_attach_ifgroup(struct ifg_group *, struct pfi_kif *);
+static void pfi_attach_ifnet(struct ifnet *, struct pfi_kkif *);
+static void pfi_attach_ifgroup(struct ifg_group *, struct pfi_kkif *);
-static void pfi_kif_update(struct pfi_kif *);
+static void pfi_kkif_update(struct pfi_kkif *);
static void pfi_dynaddr_update(struct pfi_dynaddr *dyn);
-static void pfi_table_update(struct pfr_ktable *, struct pfi_kif *, int,
+static void pfi_table_update(struct pfr_ktable *, struct pfi_kkif *, int,
int);
static void pfi_instance_add(struct ifnet *, int, int);
static void pfi_address_add(struct sockaddr *, int, int);
-static int pfi_if_compare(struct pfi_kif *, struct pfi_kif *);
-static int pfi_skip_if(const char *, struct pfi_kif *);
+static int pfi_kkif_compare(struct pfi_kkif *, struct pfi_kkif *);
+static int pfi_skip_if(const char *, struct pfi_kkif *);
static int pfi_unmask(void *);
static void pfi_attach_ifnet_event(void * __unused, struct ifnet *);
static void pfi_detach_ifnet_event(void * __unused, struct ifnet *);
@@ -95,16 +95,16 @@
static void pfi_detach_group_event(void * __unused, struct ifg_group *);
static void pfi_ifaddr_event(void * __unused, struct ifnet *);
-RB_HEAD(pfi_ifhead, pfi_kif);
-static RB_PROTOTYPE(pfi_ifhead, pfi_kif, pfik_tree, pfi_if_compare);
-static RB_GENERATE(pfi_ifhead, pfi_kif, pfik_tree, pfi_if_compare);
+RB_HEAD(pfi_ifhead, pfi_kkif);
+static RB_PROTOTYPE(pfi_ifhead, pfi_kkif, pfik_tree, pfi_kkif_compare);
+static RB_GENERATE(pfi_ifhead, pfi_kkif, pfik_tree, pfi_kkif_compare);
VNET_DEFINE_STATIC(struct pfi_ifhead, pfi_ifs);
#define V_pfi_ifs VNET(pfi_ifs)
#define PFI_BUFFER_MAX 0x10000
MALLOC_DEFINE(PFI_MTYPE, "pf_ifnet", "pf(4) interface database");
-LIST_HEAD(pfi_list, pfi_kif);
+LIST_HEAD(pfi_list, pfi_kkif);
VNET_DEFINE_STATIC(struct pfi_list, pfi_unlinked_kifs);
#define V_pfi_unlinked_kifs VNET(pfi_unlinked_kifs)
static struct mtx pfi_unlnkdkifs_mtx;
@@ -116,7 +116,7 @@
{
struct pfi_list kifs = LIST_HEAD_INITIALIZER();
struct epoch_tracker et;
- struct pfi_kif *kif;
+ struct pfi_kkif *kif;
struct ifg_group *ifg;
struct ifnet *ifp;
int nkifs;
@@ -141,7 +141,7 @@
PF_RULES_WLOCK();
kif = LIST_FIRST(&kifs);
LIST_REMOVE(kif, pfik_list);
- V_pfi_all = pfi_kif_attach(kif, IFG_ALL);
+ V_pfi_all = pfi_kkif_attach(kif, IFG_ALL);
CK_STAILQ_FOREACH(ifg, &V_ifg_head, ifg_next) {
kif = LIST_FIRST(&kifs);
LIST_REMOVE(kif, pfik_list);
@@ -180,7 +180,7 @@
void
pfi_cleanup_vnet(void)
{
- struct pfi_kif *kif;
+ struct pfi_kkif *kif;
PF_RULES_WASSERT();
@@ -218,8 +218,8 @@
EVENTHANDLER_DEREGISTER(ifaddr_event, pfi_ifaddr_event_cookie);
}
-struct pfi_kif *
-pfi_kif_find(const char *kif_name)
+struct pfi_kkif *
+pfi_kkif_find(const char *kif_name)
{
struct pfi_kif_cmp s;
@@ -228,18 +228,18 @@
bzero(&s, sizeof(s));
strlcpy(s.pfik_name, kif_name, sizeof(s.pfik_name));
- return (RB_FIND(pfi_ifhead, &V_pfi_ifs, (struct pfi_kif *)&s));
+ return (RB_FIND(pfi_ifhead, &V_pfi_ifs, (struct pfi_kkif *)&s));
}
-struct pfi_kif *
-pfi_kif_attach(struct pfi_kif *kif, const char *kif_name)
+struct pfi_kkif *
+pfi_kkif_attach(struct pfi_kkif *kif, const char *kif_name)
{
- struct pfi_kif *kif1;
+ struct pfi_kkif *kif1;
PF_RULES_WASSERT();
KASSERT(kif != NULL, ("%s: null kif", __func__));
- kif1 = pfi_kif_find(kif_name);
+ kif1 = pfi_kkif_find(kif_name);
if (kif1 != NULL) {
free(kif, PFI_MTYPE);
return (kif1);
@@ -263,7 +263,7 @@
}
void
-pfi_kif_ref(struct pfi_kif *kif)
+pfi_kkif_ref(struct pfi_kkif *kif)
{
PF_RULES_WASSERT();
@@ -271,7 +271,7 @@
}
void
-pfi_kif_unref(struct pfi_kif *kif)
+pfi_kkif_unref(struct pfi_kkif *kif)
{
PF_RULES_WASSERT();
@@ -298,9 +298,9 @@
}
void
-pfi_kif_purge(void)
+pfi_kkif_purge(void)
{
- struct pfi_kif *kif, *kif1;
+ struct pfi_kkif *kif, *kif1;
/*
* Do naive mark-and-sweep garbage collecting of old kifs.
@@ -318,7 +318,7 @@
}
int
-pfi_kif_match(struct pfi_kif *rule_kif, struct pfi_kif *packet_kif)
+pfi_kkif_match(struct pfi_kkif *rule_kif, struct pfi_kkif *packet_kif)
{
struct ifg_list *p;
@@ -337,27 +337,27 @@
}
static void
-pfi_attach_ifnet(struct ifnet *ifp, struct pfi_kif *kif)
+pfi_attach_ifnet(struct ifnet *ifp, struct pfi_kkif *kif)
{
PF_RULES_WASSERT();
V_pfi_update++;
- kif = pfi_kif_attach(kif, ifp->if_xname);
+ kif = pfi_kkif_attach(kif, ifp->if_xname);
if_ref(ifp);
kif->pfik_ifp = ifp;
ifp->if_pf_kif = kif;
- pfi_kif_update(kif);
+ pfi_kkif_update(kif);
}
static void
-pfi_attach_ifgroup(struct ifg_group *ifg, struct pfi_kif *kif)
+pfi_attach_ifgroup(struct ifg_group *ifg, struct pfi_kkif *kif)
{
PF_RULES_WASSERT();
V_pfi_update++;
- kif = pfi_kif_attach(kif, ifg->ifg_group);
+ kif = pfi_kkif_attach(kif, ifg->ifg_group);
kif->pfik_group = ifg;
ifg->ifg_pf_kif = kif;
}
@@ -404,7 +404,7 @@
struct pfi_dynaddr *dyn;
char tblname[PF_TABLE_NAME_SIZE];
struct pf_kruleset *ruleset = NULL;
- struct pfi_kif *kif;
+ struct pfi_kkif *kif;
int rv = 0;
PF_RULES_WASSERT();
@@ -421,10 +421,10 @@
}
if (!strcmp(aw->v.ifname, "self"))
- dyn->pfid_kif = pfi_kif_attach(kif, IFG_ALL);
+ dyn->pfid_kif = pfi_kkif_attach(kif, IFG_ALL);
else
- dyn->pfid_kif = pfi_kif_attach(kif, aw->v.ifname);
- pfi_kif_ref(dyn->pfid_kif);
+ dyn->pfid_kif = pfi_kkif_attach(kif, aw->v.ifname);
+ pfi_kkif_ref(dyn->pfid_kif);
dyn->pfid_net = pfi_unmask(&aw->v.a.mask);
if (af == AF_INET && dyn->pfid_net == 32)
@@ -458,7 +458,7 @@
TAILQ_INSERT_TAIL(&dyn->pfid_kif->pfik_dynaddrs, dyn, entry);
aw->p.dyn = dyn;
NET_EPOCH_ENTER(et);
- pfi_kif_update(dyn->pfid_kif);
+ pfi_kkif_update(dyn->pfid_kif);
NET_EPOCH_EXIT(et);
return (0);
@@ -469,19 +469,19 @@
if (ruleset != NULL)
pf_remove_if_empty_kruleset(ruleset);
if (dyn->pfid_kif != NULL)
- pfi_kif_unref(dyn->pfid_kif);
+ pfi_kkif_unref(dyn->pfid_kif);
free(dyn, PFI_MTYPE);
return (rv);
}
static void
-pfi_kif_update(struct pfi_kif *kif)
+pfi_kkif_update(struct pfi_kkif *kif)
{
struct ifg_list *ifgl;
struct ifg_member *ifgm;
struct pfi_dynaddr *p;
- struct pfi_kif *tmpkif;
+ struct pfi_kkif *tmpkif;
NET_EPOCH_ASSERT();
PF_RULES_WASSERT();
@@ -494,7 +494,7 @@
if (kif->pfik_group != NULL) {
CK_STAILQ_FOREACH(ifgm, &kif->pfik_group->ifg_members,
ifgm_next) {
- tmpkif = (struct pfi_kif *)ifgm->ifgm_ifp->if_pf_kif;
+ tmpkif = (struct pfi_kkif *)ifgm->ifgm_ifp->if_pf_kif;
if (tmpkif == NULL)
continue;
@@ -505,7 +505,7 @@
/* again for all groups kif is member of */
if (kif->pfik_ifp != NULL) {
CK_STAILQ_FOREACH(ifgl, &kif->pfik_ifp->if_groups, ifgl_next)
- pfi_kif_update((struct pfi_kif *)
+ pfi_kkif_update((struct pfi_kkif *)
ifgl->ifgl_group->ifg_pf_kif);
}
}
@@ -513,7 +513,7 @@
static void
pfi_dynaddr_update(struct pfi_dynaddr *dyn)
{
- struct pfi_kif *kif;
+ struct pfi_kkif *kif;
struct pfr_ktable *kt;
PF_RULES_WASSERT();
@@ -532,7 +532,7 @@
}
static void
-pfi_table_update(struct pfr_ktable *kt, struct pfi_kif *kif, int net, int flags)
+pfi_table_update(struct pfr_ktable *kt, struct pfi_kkif *kif, int net, int flags)
{
int e, size2 = 0;
struct ifg_member *ifgm;
@@ -677,7 +677,7 @@
KASSERT(dyn->pfid_kt != NULL, ("%s: null pfid_kt", __func__));
TAILQ_REMOVE(&dyn->pfid_kif->pfik_dynaddrs, dyn, entry);
- pfi_kif_unref(dyn->pfid_kif);
+ pfi_kkif_unref(dyn->pfid_kif);
pfr_detach_table(dyn->pfid_kt);
free(dyn, PFI_MTYPE);
}
@@ -695,7 +695,7 @@
}
static int
-pfi_if_compare(struct pfi_kif *p, struct pfi_kif *q)
+pfi_kkif_compare(struct pfi_kkif *p, struct pfi_kkif *q)
{
return (strncmp(p->pfik_name, q->pfik_name, IFNAMSIZ));
}
@@ -703,14 +703,14 @@
void
pfi_update_status(const char *name, struct pf_status *pfs)
{
- struct pfi_kif *p;
+ struct pfi_kkif *p;
struct pfi_kif_cmp key;
struct ifg_member p_member, *ifgm;
CK_STAILQ_HEAD(, ifg_member) ifg_members;
int i, j, k;
strlcpy(key.pfik_name, name, sizeof(key.pfik_name));
- p = RB_FIND(pfi_ifhead, &V_pfi_ifs, (struct pfi_kif *)&key);
+ p = RB_FIND(pfi_ifhead, &V_pfi_ifs, (struct pfi_kkif *)&key);
if (p == NULL)
return;
@@ -731,7 +731,7 @@
CK_STAILQ_FOREACH(ifgm, &ifg_members, ifgm_next) {
if (ifgm->ifgm_ifp == NULL || ifgm->ifgm_ifp->if_pf_kif == NULL)
continue;
- p = (struct pfi_kif *)ifgm->ifgm_ifp->if_pf_kif;
+ p = (struct pfi_kkif *)ifgm->ifgm_ifp->if_pf_kif;
/* just clear statistics */
if (pfs == NULL) {
@@ -751,11 +751,31 @@
}
}
+static void
+pf_kkif_to_kif(const struct pfi_kkif *kkif, struct pfi_kif *kif)
+{
+
+ bzero(kif, sizeof(*kif));
+ strlcpy(kif->pfik_name, kkif->pfik_name, sizeof(kif->pfik_name));
+ for (int i = 0; i < 2; i++) {
+ for (int j = 0; j < 2; j++) {
+ for (int k = 0; k < 2; k++) {
+ kif->pfik_packets[i][j][k] =
+ kkif->pfik_packets[i][j][k];
+ kif->pfik_bytes[i][j][k] =
+ kkif->pfik_bytes[i][j][k];
+ }
+ }
+ }
+ kif->pfik_tzero = kkif->pfik_tzero;
+ kif->pfik_rulerefs = kkif->pfik_rulerefs;
+}
+
void
pfi_get_ifaces(const char *name, struct pfi_kif *buf, int *size)
{
struct epoch_tracker et;
- struct pfi_kif *p, *nextp;
+ struct pfi_kkif *p, *nextp;
int n = 0;
NET_EPOCH_ENTER(et);
@@ -767,7 +787,7 @@
break;
if (!p->pfik_tzero)
p->pfik_tzero = time_second;
- bcopy(p, buf++, sizeof(*buf));
+ pf_kkif_to_kif(p, buf++);
nextp = RB_NEXT(pfi_ifhead, &V_pfi_ifs, p);
}
*size = n;
@@ -775,7 +795,7 @@
}
static int
-pfi_skip_if(const char *filter, struct pfi_kif *p)
+pfi_skip_if(const char *filter, struct pfi_kkif *p)
{
struct ifg_list *i;
int n;
@@ -803,7 +823,7 @@
pfi_set_flags(const char *name, int flags)
{
struct epoch_tracker et;
- struct pfi_kif *p, *kif;
+ struct pfi_kkif *p, *kif;
kif = malloc(sizeof(*kif), PFI_MTYPE, M_NOWAIT);
if (kif == NULL)
@@ -811,7 +831,7 @@
NET_EPOCH_ENTER(et);
- kif = pfi_kif_attach(kif, name);
+ kif = pfi_kkif_attach(kif, name);
RB_FOREACH(p, pfi_ifhead, &V_pfi_ifs) {
if (pfi_skip_if(name, p))
@@ -826,7 +846,7 @@
pfi_clear_flags(const char *name, int flags)
{
struct epoch_tracker et;
- struct pfi_kif *p, *tmp;
+ struct pfi_kkif *p, *tmp;
NET_EPOCH_ENTER(et);
RB_FOREACH_SAFE(p, pfi_ifhead, &V_pfi_ifs, tmp) {
@@ -869,7 +889,7 @@
pfi_attach_ifnet_event(void *arg __unused, struct ifnet *ifp)
{
struct epoch_tracker et;
- struct pfi_kif *kif;
+ struct pfi_kkif *kif;
if (V_pf_vnet_active == 0) {
/* Avoid teardown race in the least expensive way. */
@@ -890,7 +910,7 @@
pfi_detach_ifnet_event(void *arg __unused, struct ifnet *ifp)
{
struct epoch_tracker et;
- struct pfi_kif *kif = (struct pfi_kif *)ifp->if_pf_kif;
+ struct pfi_kkif *kif = (struct pfi_kkif *)ifp->if_pf_kif;
if (pfsync_detach_ifnet_ptr)
pfsync_detach_ifnet_ptr(ifp);
@@ -906,7 +926,7 @@
NET_EPOCH_ENTER(et);
PF_RULES_WLOCK();
V_pfi_update++;
- pfi_kif_update(kif);
+ pfi_kkif_update(kif);
if (kif->pfik_ifp)
if_rele(kif->pfik_ifp);
@@ -924,7 +944,7 @@
pfi_attach_group_event(void *arg __unused, struct ifg_group *ifg)
{
struct epoch_tracker et;
- struct pfi_kif *kif;
+ struct pfi_kkif *kif;
if (V_pf_vnet_active == 0) {
/* Avoid teardown race in the least expensive way. */
@@ -942,7 +962,7 @@
pfi_change_group_event(void *arg __unused, char *gname)
{
struct epoch_tracker et;
- struct pfi_kif *kif;
+ struct pfi_kkif *kif;
if (V_pf_vnet_active == 0) {
/* Avoid teardown race in the least expensive way. */
@@ -953,8 +973,8 @@
NET_EPOCH_ENTER(et);
PF_RULES_WLOCK();
V_pfi_update++;
- kif = pfi_kif_attach(kif, gname);
- pfi_kif_update(kif);
+ kif = pfi_kkif_attach(kif, gname);
+ pfi_kkif_update(kif);
PF_RULES_WUNLOCK();
NET_EPOCH_EXIT(et);
}
@@ -962,7 +982,7 @@
static void
pfi_detach_group_event(void *arg __unused, struct ifg_group *ifg)
{
- struct pfi_kif *kif = (struct pfi_kif *)ifg->ifg_pf_kif;
+ struct pfi_kkif *kif = (struct pfi_kkif *)ifg->ifg_pf_kif;
if (kif == NULL)
return;
@@ -998,7 +1018,7 @@
V_pfi_update++;
NET_EPOCH_ENTER(et);
- pfi_kif_update(ifp->if_pf_kif);
+ pfi_kkif_update(ifp->if_pf_kif);
NET_EPOCH_EXIT(et);
}
PF_RULES_WUNLOCK();
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -91,11 +91,11 @@
#include <net/altq/altq.h>
#endif
-static struct pf_pool *pf_get_pool(char *, u_int32_t, u_int8_t, u_int32_t,
+static struct pf_kpool *pf_get_kpool(char *, u_int32_t, u_int8_t, u_int32_t,
u_int8_t, u_int8_t, u_int8_t);
-static void pf_mv_pool(struct pf_palist *, struct pf_palist *);
-static void pf_empty_pool(struct pf_palist *);
+static void pf_mv_kpool(struct pf_kpalist *, struct pf_kpalist *);
+static void pf_empty_kpool(struct pf_kpalist *);
static int pfioctl(struct cdev *, u_long, caddr_t, int,
struct thread *);
#ifdef ALTQ
@@ -337,8 +337,8 @@
return;
}
-static struct pf_pool *
-pf_get_pool(char *anchor, u_int32_t ticket, u_int8_t rule_action,
+static struct pf_kpool *
+pf_get_kpool(char *anchor, u_int32_t ticket, u_int8_t rule_action,
u_int32_t rule_number, u_int8_t r_last, u_int8_t active,
u_int8_t check_ticket)
{
@@ -382,9 +382,9 @@
}
static void
-pf_mv_pool(struct pf_palist *poola, struct pf_palist *poolb)
+pf_mv_kpool(struct pf_kpalist *poola, struct pf_kpalist *poolb)
{
- struct pf_pooladdr *mv_pool_pa;
+ struct pf_kpooladdr *mv_pool_pa;
while ((mv_pool_pa = TAILQ_FIRST(poola)) != NULL) {
TAILQ_REMOVE(poola, mv_pool_pa, entries);
@@ -393,9 +393,9 @@
}
static void
-pf_empty_pool(struct pf_palist *poola)
+pf_empty_kpool(struct pf_kpalist *poola)
{
- struct pf_pooladdr *pa;
+ struct pf_kpooladdr *pa;
while ((pa = TAILQ_FIRST(poola)) != NULL) {
switch (pa->addr.type) {
@@ -409,7 +409,7 @@
break;
}
if (pa->kif)
- pfi_kif_unref(pa->kif);
+ pfi_kkif_unref(pa->kif);
TAILQ_REMOVE(poola, pa, entries);
free(pa, M_PFRULE);
}
@@ -463,9 +463,9 @@
if (rule->overload_tbl)
pfr_detach_table(rule->overload_tbl);
if (rule->kif)
- pfi_kif_unref(rule->kif);
+ pfi_kkif_unref(rule->kif);
pf_kanchor_remove(rule);
- pf_empty_pool(&rule->rpool.list);
+ pf_empty_kpool(&rule->rpool.list);
counter_u64_free(rule->evaluations);
for (int i = 0; i < 2; i++) {
counter_u64_free(rule->packets[i]);
@@ -1435,6 +1435,26 @@
}
#endif /* ALTQ */
+static void
+pf_kpooladdr_to_pooladdr(const struct pf_kpooladdr *kpool,
+ struct pf_pooladdr *pool)
+{
+
+ bzero(pool, sizeof(*pool));
+ bcopy(&kpool->addr, &pool->addr, sizeof(pool->addr));
+ strlcpy(pool->ifname, kpool->ifname, sizeof(pool->ifname));
+}
+
+static void
+pf_pooladdr_to_kpooladdr(const struct pf_pooladdr *pool,
+ struct pf_kpooladdr *kpool)
+{
+
+ bzero(kpool, sizeof(*kpool));
+ bcopy(&pool->addr, &kpool->addr, sizeof(kpool->addr));
+ strlcpy(kpool->ifname, pool->ifname, sizeof(kpool->ifname));
+}
+
static void
pf_krule_to_rule(const struct pf_krule *krule, struct pf_rule *rule)
{
@@ -1787,8 +1807,8 @@
struct pfioc_rule *pr = (struct pfioc_rule *)addr;
struct pf_kruleset *ruleset;
struct pf_krule *rule, *tail;
- struct pf_pooladdr *pa;
- struct pfi_kif *kif = NULL;
+ struct pf_kpooladdr *pa;
+ struct pfi_kkif *kif = NULL;
int rs_num;
if (pr->rule.return_icmp >> 8 > ICMP_MAXTYPE) {
@@ -1859,8 +1879,8 @@
else
rule->nr = 0;
if (rule->ifname[0]) {
- rule->kif = pfi_kif_attach(kif, rule->ifname);
- pfi_kif_ref(rule->kif);
+ rule->kif = pfi_kkif_attach(kif, rule->ifname);
+ pfi_kkif_ref(rule->kif);
} else
rule->kif = NULL;
@@ -1921,7 +1941,7 @@
PFR_TFLAG_ACTIVE;
}
- pf_mv_pool(&V_pf_pabuf, &rule->rpool.list);
+ pf_mv_kpool(&V_pf_pabuf, &rule->rpool.list);
if (((((rule->action == PF_NAT) || (rule->action == PF_RDR) ||
(rule->action == PF_BINAT)) && rule->anchor == NULL) ||
(rule->rt > PF_NOPFROUTE)) &&
@@ -2054,8 +2074,8 @@
struct pfioc_rule *pcr = (struct pfioc_rule *)addr;
struct pf_kruleset *ruleset;
struct pf_krule *oldrule = NULL, *newrule = NULL;
- struct pfi_kif *kif = NULL;
- struct pf_pooladdr *pa;
+ struct pfi_kkif *kif = NULL;
+ struct pf_kpooladdr *pa;
u_int32_t nr = 0;
int rs_num;
@@ -2126,9 +2146,9 @@
if (pcr->action != PF_CHANGE_REMOVE) {
if (newrule->ifname[0]) {
- newrule->kif = pfi_kif_attach(kif,
+ newrule->kif = pfi_kkif_attach(kif,
newrule->ifname);
- pfi_kif_ref(newrule->kif);
+ pfi_kkif_ref(newrule->kif);
} else
newrule->kif = NULL;
@@ -2190,7 +2210,7 @@
PFR_TFLAG_ACTIVE;
}
- pf_mv_pool(&V_pf_pabuf, &newrule->rpool.list);
+ pf_mv_kpool(&V_pf_pabuf, &newrule->rpool.list);
if (((((newrule->action == PF_NAT) ||
(newrule->action == PF_RDR) ||
(newrule->action == PF_BINAT) ||
@@ -2207,7 +2227,7 @@
newrule->rpool.cur = TAILQ_FIRST(&newrule->rpool.list);
}
- pf_empty_pool(&V_pf_pabuf);
+ pf_empty_kpool(&V_pf_pabuf);
if (pcr->action == PF_CHANGE_ADD_HEAD)
oldrule = TAILQ_FIRST(
@@ -2876,7 +2896,7 @@
struct pfioc_pooladdr *pp = (struct pfioc_pooladdr *)addr;
PF_RULES_WLOCK();
- pf_empty_pool(&V_pf_pabuf);
+ pf_empty_kpool(&V_pf_pabuf);
pp->ticket = ++V_ticket_pabuf;
PF_RULES_WUNLOCK();
break;
@@ -2884,8 +2904,8 @@
case DIOCADDADDR: {
struct pfioc_pooladdr *pp = (struct pfioc_pooladdr *)addr;
- struct pf_pooladdr *pa;
- struct pfi_kif *kif = NULL;
+ struct pf_kpooladdr *pa;
+ struct pfi_kkif *kif = NULL;
#ifndef INET
if (pp->af == AF_INET) {
@@ -2910,7 +2930,7 @@
break;
}
pa = malloc(sizeof(*pa), M_PFRULE, M_WAITOK);
- bcopy(&pp->addr, pa, sizeof(struct pf_pooladdr));
+ pf_pooladdr_to_kpooladdr(&pp->addr, pa);
if (pa->ifname[0])
kif = malloc(sizeof(*kif), PFI_MTYPE, M_WAITOK);
PF_RULES_WLOCK();
@@ -2923,14 +2943,14 @@
break;
}
if (pa->ifname[0]) {
- pa->kif = pfi_kif_attach(kif, pa->ifname);
- pfi_kif_ref(pa->kif);
+ pa->kif = pfi_kkif_attach(kif, pa->ifname);
+ pfi_kkif_ref(pa->kif);
} else
pa->kif = NULL;
if (pa->addr.type == PF_ADDR_DYNIFTL && ((error =
pfi_dynaddr_setup(&pa->addr, pp->af)) != 0)) {
if (pa->ifname[0])
- pfi_kif_unref(pa->kif);
+ pfi_kkif_unref(pa->kif);
PF_RULES_WUNLOCK();
free(pa, M_PFRULE);
break;
@@ -2942,12 +2962,12 @@
case DIOCGETADDRS: {
struct pfioc_pooladdr *pp = (struct pfioc_pooladdr *)addr;
- struct pf_pool *pool;
- struct pf_pooladdr *pa;
+ struct pf_kpool *pool;
+ struct pf_kpooladdr *pa;
PF_RULES_RLOCK();
pp->nr = 0;
- pool = pf_get_pool(pp->anchor, pp->ticket, pp->r_action,
+ pool = pf_get_kpool(pp->anchor, pp->ticket, pp->r_action,
pp->r_num, 0, 1, 0);
if (pool == NULL) {
PF_RULES_RUNLOCK();
@@ -2962,12 +2982,12 @@
case DIOCGETADDR: {
struct pfioc_pooladdr *pp = (struct pfioc_pooladdr *)addr;
- struct pf_pool *pool;
- struct pf_pooladdr *pa;
+ struct pf_kpool *pool;
+ struct pf_kpooladdr *pa;
u_int32_t nr = 0;
PF_RULES_RLOCK();
- pool = pf_get_pool(pp->anchor, pp->ticket, pp->r_action,
+ pool = pf_get_kpool(pp->anchor, pp->ticket, pp->r_action,
pp->r_num, 0, 1, 1);
if (pool == NULL) {
PF_RULES_RUNLOCK();
@@ -2984,7 +3004,7 @@
error = EBUSY;
break;
}
- bcopy(pa, &pp->addr, sizeof(struct pf_pooladdr));
+ pf_kpooladdr_to_pooladdr(pa, &pp->addr);
pf_addr_copyout(&pp->addr.addr);
PF_RULES_RUNLOCK();
break;
@@ -2992,10 +3012,10 @@
case DIOCCHANGEADDR: {
struct pfioc_pooladdr *pca = (struct pfioc_pooladdr *)addr;
- struct pf_pool *pool;
- struct pf_pooladdr *oldpa = NULL, *newpa = NULL;
+ struct pf_kpool *pool;
+ struct pf_kpooladdr *oldpa = NULL, *newpa = NULL;
struct pf_kruleset *ruleset;
- struct pfi_kif *kif = NULL;
+ struct pfi_kkif *kif = NULL;
if (pca->action < PF_CHANGE_ADD_HEAD ||
pca->action > PF_CHANGE_REMOVE) {
@@ -3038,15 +3058,15 @@
if (ruleset == NULL)
ERROUT(EBUSY);
- pool = pf_get_pool(pca->anchor, pca->ticket, pca->r_action,
+ pool = pf_get_kpool(pca->anchor, pca->ticket, pca->r_action,
pca->r_num, pca->r_last, 1, 1);
if (pool == NULL)
ERROUT(EBUSY);
if (pca->action != PF_CHANGE_REMOVE) {
if (newpa->ifname[0]) {
- newpa->kif = pfi_kif_attach(kif, newpa->ifname);
- pfi_kif_ref(newpa->kif);
+ newpa->kif = pfi_kkif_attach(kif, newpa->ifname);
+ pfi_kkif_ref(newpa->kif);
kif = NULL;
}
@@ -3071,7 +3091,7 @@
oldpa = TAILQ_FIRST(&pool->list);
break;
case PF_CHANGE_ADD_TAIL:
- oldpa = TAILQ_LAST(&pool->list, pf_palist);
+ oldpa = TAILQ_LAST(&pool->list, pf_kpalist);
break;
default:
oldpa = TAILQ_FIRST(&pool->list);
@@ -3093,7 +3113,7 @@
break;
}
if (oldpa->kif)
- pfi_kif_unref(oldpa->kif);
+ pfi_kkif_unref(oldpa->kif);
free(oldpa, M_PFRULE);
} else {
if (oldpa == NULL)
@@ -3115,7 +3135,7 @@
DIOCCHANGEADDR_error:
if (newpa != NULL) {
if (newpa->kif)
- pfi_kif_unref(newpa->kif);
+ pfi_kkif_unref(newpa->kif);
free(newpa, M_PFRULE);
}
PF_RULES_WUNLOCK();
diff --git a/sys/netpfil/pf/pf_lb.c b/sys/netpfil/pf/pf_lb.c
--- a/sys/netpfil/pf/pf_lb.c
+++ b/sys/netpfil/pf/pf_lb.c
@@ -59,7 +59,7 @@
static void pf_hash(struct pf_addr *, struct pf_addr *,
struct pf_poolhashkey *, sa_family_t);
static struct pf_krule *pf_match_translation(struct pf_pdesc *, struct mbuf *,
- int, int, struct pfi_kif *,
+ int, int, struct pfi_kkif *,
struct pf_addr *, u_int16_t, struct pf_addr *,
uint16_t, int, struct pf_kanchor_stackframe *);
static int pf_get_sport(sa_family_t, uint8_t, struct pf_krule *,
@@ -125,7 +125,7 @@
static struct pf_krule *
pf_match_translation(struct pf_pdesc *pd, struct mbuf *m, int off,
- int direction, struct pfi_kif *kif, struct pf_addr *saddr, u_int16_t sport,
+ int direction, struct pfi_kkif *kif, struct pf_addr *saddr, u_int16_t sport,
struct pf_addr *daddr, uint16_t dport, int rs_num,
struct pf_kanchor_stackframe *anchor_stack)
{
@@ -150,7 +150,7 @@
}
counter_u64_add(r->evaluations, 1);
- if (pfi_kif_match(r->kif, kif) == r->ifnot)
+ if (pfi_kkif_match(r->kif, kif) == r->ifnot)
r = r->skip[PF_SKIP_IFP].ptr;
else if (r->direction && r->direction != direction)
r = r->skip[PF_SKIP_DIR].ptr;
@@ -314,7 +314,7 @@
pf_map_addr(sa_family_t af, struct pf_krule *r, struct pf_addr *saddr,
struct pf_addr *naddr, struct pf_addr *init_addr, struct pf_ksrc_node **sn)
{
- struct pf_pool *rpool = &r->rpool;
+ struct pf_kpool *rpool = &r->rpool;
struct pf_addr *raddr = NULL, *rmask = NULL;
/* Try to find a src_node if none was given and this
@@ -436,7 +436,7 @@
}
case PF_POOL_ROUNDROBIN:
{
- struct pf_pooladdr *acur = rpool->cur;
+ struct pf_kpooladdr *acur = rpool->cur;
/*
* XXXGL: in the round-robin case we need to store
@@ -522,7 +522,7 @@
struct pf_krule *
pf_get_translation(struct pf_pdesc *pd, struct mbuf *m, int off, int direction,
- struct pfi_kif *kif, struct pf_ksrc_node **sn,
+ struct pfi_kkif *kif, struct pf_ksrc_node **sn,
struct pf_state_key **skp, struct pf_state_key **nkp,
struct pf_addr *saddr, struct pf_addr *daddr,
uint16_t sport, uint16_t dport, struct pf_kanchor_stackframe *anchor_stack)
diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c
--- a/sys/netpfil/pf/pf_norm.c
+++ b/sys/netpfil/pf/pf_norm.c
@@ -993,7 +993,7 @@
#ifdef INET
int
-pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif, u_short *reason,
+pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kkif *kif, u_short *reason,
struct pf_pdesc *pd)
{
struct mbuf *m = *m0;
@@ -1013,7 +1013,7 @@
r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_SCRUB].active.ptr);
while (r != NULL) {
counter_u64_add(r->evaluations, 1);
- if (pfi_kif_match(r->kif, kif) == r->ifnot)
+ if (pfi_kkif_match(r->kif, kif) == r->ifnot)
r = r->skip[PF_SKIP_IFP].ptr;
else if (r->direction && r->direction != dir)
r = r->skip[PF_SKIP_DIR].ptr;
@@ -1134,7 +1134,7 @@
#ifdef INET6
int
-pf_normalize_ip6(struct mbuf **m0, int dir, struct pfi_kif *kif,
+pf_normalize_ip6(struct mbuf **m0, int dir, struct pfi_kkif *kif,
u_short *reason, struct pf_pdesc *pd)
{
struct mbuf *m = *m0;
@@ -1156,7 +1156,7 @@
r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_SCRUB].active.ptr);
while (r != NULL) {
counter_u64_add(r->evaluations, 1);
- if (pfi_kif_match(r->kif, kif) == r->ifnot)
+ if (pfi_kkif_match(r->kif, kif) == r->ifnot)
r = r->skip[PF_SKIP_IFP].ptr;
else if (r->direction && r->direction != dir)
r = r->skip[PF_SKIP_DIR].ptr;
@@ -1295,7 +1295,7 @@
#endif /* INET6 */
int
-pf_normalize_tcp(int dir, struct pfi_kif *kif, struct mbuf *m, int ipoff,
+pf_normalize_tcp(int dir, struct pfi_kkif *kif, struct mbuf *m, int ipoff,
int off, void *h, struct pf_pdesc *pd)
{
struct pf_krule *r, *rm = NULL;
@@ -1310,7 +1310,7 @@
r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_SCRUB].active.ptr);
while (r != NULL) {
counter_u64_add(r->evaluations, 1);
- if (pfi_kif_match(r->kif, kif) == r->ifnot)
+ if (pfi_kkif_match(r->kif, kif) == r->ifnot)
r = r->skip[PF_SKIP_IFP].ptr;
else if (r->direction && r->direction != dir)
r = r->skip[PF_SKIP_DIR].ptr;

File Metadata

Mime Type
text/plain
Expires
Wed, Mar 12, 4:38 PM (2 h, 22 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
17122751
Default Alt Text
D27761.id81712.diff (43 KB)

Event Timeline