Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/pf/pf.c
Show First 20 Lines • Show All 123 Lines • ▼ Show 20 Lines | |||||
SDT_PROBE_DEFINE4(pf, ip, test, done, "int", "int", "struct pf_krule *", | SDT_PROBE_DEFINE4(pf, ip, test, done, "int", "int", "struct pf_krule *", | ||||
"struct pf_kstate *"); | "struct pf_kstate *"); | ||||
SDT_PROBE_DEFINE4(pf, ip, test6, done, "int", "int", "struct pf_krule *", | SDT_PROBE_DEFINE4(pf, ip, test6, done, "int", "int", "struct pf_krule *", | ||||
"struct pf_kstate *"); | "struct pf_kstate *"); | ||||
SDT_PROBE_DEFINE5(pf, ip, state, lookup, "struct pfi_kkif *", | SDT_PROBE_DEFINE5(pf, ip, state, lookup, "struct pfi_kkif *", | ||||
"struct pf_state_key_cmp *", "int", "struct pf_pdesc *", | "struct pf_state_key_cmp *", "int", "struct pf_pdesc *", | ||||
"struct pf_kstate *"); | "struct pf_kstate *"); | ||||
SDT_PROBE_DEFINE3(pf, eth, test_rule, entry, "int", "struct ifnet *", | |||||
"struct mbuf *"); | |||||
SDT_PROBE_DEFINE2(pf, eth, test_rule, test, "int", "struct pf_keth_rule *"); | |||||
SDT_PROBE_DEFINE3(pf, eth, test_rule, mismatch, | |||||
"int", "struct pf_keth_rule *", "char *"); | |||||
SDT_PROBE_DEFINE2(pf, eth, test_rule, match, "int", "struct pf_keth_rule *"); | |||||
SDT_PROBE_DEFINE2(pf, eth, test_rule, final_match, | |||||
"int", "struct pf_keth_rule *"); | |||||
/* | /* | ||||
* Global variables | * Global variables | ||||
*/ | */ | ||||
/* state tables */ | /* state tables */ | ||||
VNET_DEFINE(struct pf_altqqueue, pf_altqs[4]); | VNET_DEFINE(struct pf_altqqueue, pf_altqs[4]); | ||||
VNET_DEFINE(struct pf_kpalist, pf_pabuf); | VNET_DEFINE(struct pf_kpalist, pf_pabuf); | ||||
VNET_DEFINE(struct pf_altqqueue *, pf_altqs_active); | VNET_DEFINE(struct pf_altqqueue *, pf_altqs_active); | ||||
▲ Show 20 Lines • Show All 3,575 Lines • ▼ Show 20 Lines | pf_test_eth_rule(int dir, struct pfi_kkif *kif, struct mbuf *m) | ||||
struct pf_keth_settings *settings; | struct pf_keth_settings *settings; | ||||
uint8_t action; | uint8_t action; | ||||
NET_EPOCH_ASSERT(); | NET_EPOCH_ASSERT(); | ||||
MPASS(kif->pfik_ifp->if_vnet == curvnet); | MPASS(kif->pfik_ifp->if_vnet == curvnet); | ||||
NET_EPOCH_ASSERT(); | NET_EPOCH_ASSERT(); | ||||
SDT_PROBE3(pf, eth, test_rule, entry, dir, kif->pfik_ifp, m); | |||||
e = mtod(m, struct ether_header *); | e = mtod(m, struct ether_header *); | ||||
settings = ck_pr_load_ptr(&V_pf_keth); | settings = ck_pr_load_ptr(&V_pf_keth); | ||||
r = TAILQ_FIRST(&settings->rules); | r = TAILQ_FIRST(&settings->rules); | ||||
rm = NULL; | rm = NULL; | ||||
while (r != NULL) { | while (r != NULL) { | ||||
counter_u64_add(r->evaluations, 1); | counter_u64_add(r->evaluations, 1); | ||||
if (pfi_kkif_match(r->kif, kif) == r->ifnot) | SDT_PROBE2(pf, eth, test_rule, test, r->nr, r); | ||||
if (pfi_kkif_match(r->kif, kif) == r->ifnot) { | |||||
SDT_PROBE3(pf, eth, test_rule, mismatch, r->nr, r, | |||||
"kif"); | |||||
r = r->skip[PFE_SKIP_IFP].ptr; | r = r->skip[PFE_SKIP_IFP].ptr; | ||||
else if (r->direction && r->direction != dir) | } | ||||
else if (r->direction && r->direction != dir) { | |||||
SDT_PROBE3(pf, eth, test_rule, mismatch, r->nr, r, | |||||
"dir"); | |||||
r = r->skip[PFE_SKIP_DIR].ptr; | r = r->skip[PFE_SKIP_DIR].ptr; | ||||
else if (r->proto && r->proto != ntohs(e->ether_type)) | } | ||||
else if (r->proto && r->proto != ntohs(e->ether_type)) { | |||||
SDT_PROBE3(pf, eth, test_rule, mismatch, r->nr, r, | |||||
"proto"); | |||||
r = r->skip[PFE_SKIP_PROTO].ptr; | r = r->skip[PFE_SKIP_PROTO].ptr; | ||||
else if (! pf_match_eth_addr(e->ether_shost, &r->src)) | } | ||||
else if (! pf_match_eth_addr(e->ether_shost, &r->src)) { | |||||
SDT_PROBE3(pf, eth, test_rule, mismatch, r->nr, r, | |||||
"src"); | |||||
r = r->skip[PFE_SKIP_SRC_ADDR].ptr; | r = r->skip[PFE_SKIP_SRC_ADDR].ptr; | ||||
} | |||||
else if (! pf_match_eth_addr(e->ether_dhost, &r->dst)) { | else if (! pf_match_eth_addr(e->ether_dhost, &r->dst)) { | ||||
SDT_PROBE3(pf, eth, test_rule, mismatch, r->nr, r, | |||||
"dst"); | |||||
r = TAILQ_NEXT(r, entries); | r = TAILQ_NEXT(r, entries); | ||||
} | } | ||||
else { | else { | ||||
/* Rule matches */ | /* Rule matches */ | ||||
rm = r; | rm = r; | ||||
SDT_PROBE2(pf, eth, test_rule, match, r->nr, r); | |||||
if (r->quick) | if (r->quick) | ||||
break; | break; | ||||
r = TAILQ_NEXT(r, entries); | r = TAILQ_NEXT(r, entries); | ||||
} | } | ||||
} | } | ||||
r = rm; | r = rm; | ||||
SDT_PROBE2(pf, eth, test_rule, final_match, (r != NULL ? r->nr : -1), r); | |||||
/* Default to pass. */ | /* Default to pass. */ | ||||
if (r == NULL) | if (r == NULL) | ||||
return (PF_PASS); | return (PF_PASS); | ||||
/* Execute action. */ | /* Execute action. */ | ||||
counter_u64_add(r->packets[dir == PF_OUT], 1); | counter_u64_add(r->packets[dir == PF_OUT], 1); | ||||
counter_u64_add(r->bytes[dir == PF_OUT], m_length(m, NULL)); | counter_u64_add(r->bytes[dir == PF_OUT], m_length(m, NULL)); | ||||
▲ Show 20 Lines • Show All 3,764 Lines • Show Last 20 Lines |