Differential D1944 Diff 5290 sys/netpfil/pf/pf_ioctl.c

Changeset View

Standalone View

sys/netpfil/pf/pf_ioctl.c

Context not available.
	#include <net/altq/altq.h>	#include <net/altq/altq.h>
	#endif	#endif

	static int pfattach(void);	static int pf_vnet_init(void);
		static int pf_vnet_uninit(void);
	static struct pf_pool pf_get_pool(char , u_int32_t, u_int8_t, u_int32_t,	static struct pf_pool pf_get_pool(char , u_int32_t, u_int8_t, u_int32_t,
	u_int8_t, u_int8_t, u_int8_t);	u_int8_t, u_int8_t, u_int8_t);

Context not available.
	#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x	#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x

	struct cdev *pf_dev;	struct cdev *pf_dev;
		int number_of_vnets = 0;

	/*	/*
	* XXX - These are new and need to be checked when moveing to a new version	* XXX - These are new and need to be checked when moveing to a new version
Context not available.
	pflog_packet_t *pflog_packet_ptr = NULL;	pflog_packet_t *pflog_packet_ptr = NULL;

	static int	static int
	pfattach(void)	pf_vnet_init(void)
	{	{
	u_int32_t *my_timeout = V_pf_default_rule.timeout;	u_int32_t *my_timeout = V_pf_default_rule.timeout;
	int error;	int error;

	if (IS_DEFAULT_VNET(curvnet))	number_of_vnets++;
	pf_mtag_initialize();	pf_vnet_initialize();
	pf_initialize();
	pfr_initialize();	pfr_initialize();
	pfi_initialize();	pfi_vnet_initialize();
	pf_normalize_init();	pf_vnet_normalize_init();

	V_pf_limits[PF_LIMIT_STATES].limit = PFSTATE_HIWAT;	V_pf_limits[PF_LIMIT_STATES].limit = PFSTATE_HIWAT;
	V_pf_limits[PF_LIMIT_SRC_NODES].limit = PFSNODE_HIWAT;	V_pf_limits[PF_LIMIT_SRC_NODES].limit = PFSNODE_HIWAT;
Context not available.

	return (0);	return (0);
	}	}
		VNET_SYSINIT(pf_vnet_init, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY - 255,
		pf_vnet_init, NULL);

		static int
		pf_vnet_uninit(void)
		{
		int error = 0;

		number_of_vnets--;
		KASSERT(number_of_vnets >= 0, ("number of vnets < 0"));

		PF_RULES_RLOCK();
		V_pf_end_threads++;
		PF_RULES_RUNLOCK();
		wakeup(pf_purge_thread);
		while (V_pf_end_threads < 2)
		pause("pfunld", hz / 9);

		V_pf_status.running = 0;
		swi_remove(V_pf_swi_cookie);
		error = dehook_pf();
		if (error) {
		/*
		* Should not happen!
		* XXX Due to error code ESRCH, kldunload will show
		* a message like 'No such process'.
		*/
		printf("%s : pfil unregisteration fail\n", __FUNCTION__);
		return error;
		}
		PF_RULES_WLOCK();
		shutdown_pf();
		pf_normalize_cleanup();
		pfi_cleanup();
		pfr_cleanup();
		kpAuthorUnsubmitted Not Done Inline Actions It's not clear to me why this is done here, rather than in pf_unload(). The initialisation is done in pf_load() after all. kp: It's not clear to me why this is done here, rather than in pf_unload(). The initialisation is…
		nvass-gmx.comUnsubmitted Not Done Inline Actions pf_unload is called before pf_vnet_unit, this is why we do very little things in pf_unload. We need everything until the last vnet is destroyed. nvass-gmx.com: pf_unload is called before pf_vnet_unit, this is why we do very little things in pf_unload. We…
		pf_osfp_flush();
		pf_cleanup();

		/*
		* For the last VNET we perform the final cleanup
		*/
		if (number_of_vnets == 0) {
		pf_uninit_eventhandlers();
		pf_mtag_cleanup();
		}
		PF_RULES_WUNLOCK();
		if (number_of_vnets == 0) {
		destroy_dev(pf_dev);
		rw_destroy(&pf_rules_lock);
		sx_destroy(&pf_ioctl_lock);
		}

		return (error);
		}
		VNET_SYSUNINIT(pf_vnet_uninit, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY - 255,
		pf_vnet_uninit, NULL);

	static struct pf_pool *	static struct pf_pool *
	pf_get_pool(char *anchor, u_int32_t ticket, u_int8_t rule_action,	pf_get_pool(char *anchor, u_int32_t ticket, u_int8_t rule_action,
	u_int32_t rule_number, u_int8_t r_last, u_int8_t active,	u_int32_t rule_number, u_int8_t r_last, u_int8_t active,
Context not available.
	static int	static int
	pf_load(void)	pf_load(void)
	{	{
	int error;

	VNET_ITERATOR_DECL(vnet_iter);

	VNET_LIST_RLOCK();
	VNET_FOREACH(vnet_iter) {
	CURVNET_SET(vnet_iter);
	V_pf_pfil_hooked = 0;
	V_pf_end_threads = 0;
	TAILQ_INIT(&V_pf_tags);
	TAILQ_INIT(&V_pf_qids);
	CURVNET_RESTORE();
	}
	VNET_LIST_RUNLOCK();

	rw_init(&pf_rules_lock, "pf rulesets");	rw_init(&pf_rules_lock, "pf rulesets");
	kpAuthorUnsubmitted Not Done Inline Actions Don't we still need to do all of this somewhere? kp: Don't we still need to do all of this somewhere?
	nvass-gmx.comUnsubmitted Not Done Inline Actions The patch includes per-VNET initialization, so this is not need anymore. pf_vnet_init() handles all per-VNET initialization, including DEFAULT_VNET. nvass-gmx.com: The patch includes per-VNET initialization, so this is not need anymore. pf_vnet_init() handles…
	sx_init(&pf_ioctl_lock, "pf ioctl");	sx_init(&pf_ioctl_lock, "pf ioctl");

	pf_dev = make_dev(&pf_cdevsw, 0, 0, 0, 0600, PF_NAME);	pf_dev = make_dev(&pf_cdevsw, 0, 0, 0, 0600, PF_NAME);
	if ((error = pfattach()) != 0)	pf_mtag_initialize();
	return (error);	pf_init_eventhandlers();

	return (0);	return (0);
	}	}
Context not available.
	static int	static int
	pf_unload(void)	pf_unload(void)
	{	{
	int error = 0;

	V_pf_status.running = 0;	return (0);
	swi_remove(V_pf_swi_cookie);
	error = dehook_pf();
	if (error) {
	/*
	* Should not happen!
	* XXX Due to error code ESRCH, kldunload will show
	* a message like 'No such process'.
	*/
	printf("%s : pfil unregisteration fail\n", __FUNCTION__);
	return error;
	}
	PF_RULES_WLOCK();
	shutdown_pf();
	V_pf_end_threads = 1;
	while (V_pf_end_threads < 2) {
	wakeup_one(pf_purge_thread);
	rw_sleep(pf_purge_thread, &pf_rules_lock, 0, "pftmo", 0);
	}
	pf_normalize_cleanup();
	pfi_cleanup();
	pfr_cleanup();
	pf_osfp_flush();
	pf_cleanup();
	if (IS_DEFAULT_VNET(curvnet))
	pf_mtag_cleanup();
	PF_RULES_WUNLOCK();
	destroy_dev(pf_dev);
	rw_destroy(&pf_rules_lock);
	sx_destroy(&pf_ioctl_lock);

	return (error);
	}	}

	static int	static int
Context not available.