Changeset View
Changeset View
Standalone View
Standalone View
pf_ioctl.c
Context not available. | |||||
#define ERROUT(x) { error = (x); goto DIOCADDRULE_error; } | #define ERROUT(x) { error = (x); goto DIOCADDRULE_error; } | ||||
PF_RULES_WLOCK(); | sx_xlock(&pf_ioctl_lock); | ||||
PF_RULES_RLOCK(); | |||||
pr->anchor[sizeof(pr->anchor) - 1] = 0; | pr->anchor[sizeof(pr->anchor) - 1] = 0; | ||||
ruleset = pf_find_ruleset(pr->anchor); | ruleset = pf_find_ruleset(pr->anchor); | ||||
if (ruleset == NULL) | if (ruleset == NULL) | ||||
Context not available. | |||||
if (error) { | if (error) { | ||||
pf_free_rule(rule); | pf_free_rule(rule); | ||||
PF_RULES_WUNLOCK(); | PF_RULES_RUNLOCK(); | ||||
sx_xunlock(&pf_ioctl_lock); | |||||
break; | break; | ||||
} | } | ||||
Context not available. | |||||
TAILQ_INSERT_TAIL(ruleset->rules[rs_num].inactive.ptr, | TAILQ_INSERT_TAIL(ruleset->rules[rs_num].inactive.ptr, | ||||
rule, entries); | rule, entries); | ||||
ruleset->rules[rs_num].inactive.rcount++; | ruleset->rules[rs_num].inactive.rcount++; | ||||
PF_RULES_WUNLOCK(); | PF_RULES_RUNLOCK(); | ||||
sx_xunlock(&pf_ioctl_lock); | |||||
break; | break; | ||||
#undef ERROUT | #undef ERROUT | ||||
DIOCADDRULE_error: | DIOCADDRULE_error: | ||||
PF_RULES_WUNLOCK(); | PF_RULES_RUNLOCK(); | ||||
sx_xunlock(&pf_ioctl_lock) | |||||
kp: You seem to be missing a semicolon here. | |||||
Not Done Inline ActionsIt's also not clear to me why this is safe. We only have the PF_RULES_RLOCK here, so other threads can be iterating ruleset->rules[rs_num].inactive.ptr (pf_get_pool() for example does this with the RLOCK held. kp: It's also not clear to me why this is safe.
We only have the PF_RULES_RLOCK here, so other… | |||||
counter_u64_free(rule->states_cur); | counter_u64_free(rule->states_cur); | ||||
counter_u64_free(rule->states_tot); | counter_u64_free(rule->states_tot); | ||||
counter_u64_free(rule->src_nodes); | counter_u64_free(rule->src_nodes); | ||||
Context not available. | |||||
struct pf_rule *tail; | struct pf_rule *tail; | ||||
int rs_num; | int rs_num; | ||||
PF_RULES_WLOCK(); | sx_slock(&pf_ioctl_lock); | ||||
PF_RULES_RLOCK(); | |||||
Not Done Inline ActionsI think it'd be best to set rule->kif to NULL after this. kp: I think it'd be best to set rule->kif to NULL after this. | |||||
pr->anchor[sizeof(pr->anchor) - 1] = 0; | pr->anchor[sizeof(pr->anchor) - 1] = 0; | ||||
ruleset = pf_find_ruleset(pr->anchor); | ruleset = pf_find_ruleset(pr->anchor); | ||||
if (ruleset == NULL) { | if (ruleset == NULL) { | ||||
PF_RULES_WUNLOCK(); | PF_RULES_RUNLOCK(); | ||||
sx_sunlock(&pf_ioctl_lock); | |||||
error = EINVAL; | error = EINVAL; | ||||
break; | break; | ||||
} | } | ||||
rs_num = pf_get_ruleset_number(pr->rule.action); | rs_num = pf_get_ruleset_number(pr->rule.action); | ||||
if (rs_num >= PF_RULESET_MAX) { | if (rs_num >= PF_RULESET_MAX) { | ||||
PF_RULES_WUNLOCK(); | PF_RULES_RUNLOCK(); | ||||
sx_sunlock(&pf_ioctl_lock); | |||||
error = EINVAL; | error = EINVAL; | ||||
break; | break; | ||||
} | } | ||||
Context not available. | |||||
else | else | ||||
pr->nr = 0; | pr->nr = 0; | ||||
pr->ticket = ruleset->rules[rs_num].active.ticket; | pr->ticket = ruleset->rules[rs_num].active.ticket; | ||||
PF_RULES_WUNLOCK(); | PF_RULES_RUNLOCK(); | ||||
sx_sunlock(&pf_ioctl_lock); | |||||
break; | break; | ||||
} | } | ||||
Context not available. | |||||
struct pf_rule *rule; | struct pf_rule *rule; | ||||
int rs_num, i; | int rs_num, i; | ||||
PF_RULES_WLOCK(); | sx_slock(&pf_ioctl_lock); | ||||
PF_RULES_RLOCK(); | |||||
pr->anchor[sizeof(pr->anchor) - 1] = 0; | pr->anchor[sizeof(pr->anchor) - 1] = 0; | ||||
ruleset = pf_find_ruleset(pr->anchor); | ruleset = pf_find_ruleset(pr->anchor); | ||||
if (ruleset == NULL) { | if (ruleset == NULL) { | ||||
PF_RULES_WUNLOCK(); | PF_RULES_RUNLOCK(); | ||||
sx_sunlock(&pf_ioctl_lock); | |||||
error = EINVAL; | error = EINVAL; | ||||
break; | break; | ||||
} | } | ||||
rs_num = pf_get_ruleset_number(pr->rule.action); | rs_num = pf_get_ruleset_number(pr->rule.action); | ||||
if (rs_num >= PF_RULESET_MAX) { | if (rs_num >= PF_RULESET_MAX) { | ||||
PF_RULES_WUNLOCK(); | PF_RULES_RUNLOCK(); | ||||
sx_sunlock(&pf_ioctl_lock); | |||||
error = EINVAL; | error = EINVAL; | ||||
break; | break; | ||||
} | } | ||||
if (pr->ticket != ruleset->rules[rs_num].active.ticket) { | if (pr->ticket != ruleset->rules[rs_num].active.ticket) { | ||||
PF_RULES_WUNLOCK(); | PF_RULES_RUNLOCK(); | ||||
sx_sunlock(&pf_ioctl_lock); | |||||
error = EBUSY; | error = EBUSY; | ||||
break; | break; | ||||
} | } | ||||
Context not available. | |||||
while ((rule != NULL) && (rule->nr != pr->nr)) | while ((rule != NULL) && (rule->nr != pr->nr)) | ||||
rule = TAILQ_NEXT(rule, entries); | rule = TAILQ_NEXT(rule, entries); | ||||
if (rule == NULL) { | if (rule == NULL) { | ||||
PF_RULES_WUNLOCK(); | PF_RULES_RUNLOCK(); | ||||
sx_sunlock(&pf_ioctl_lock); | |||||
error = EBUSY; | error = EBUSY; | ||||
break; | break; | ||||
} | } | ||||
Context not available. | |||||
pr->rule.u_states_tot = counter_u64_fetch(rule->states_tot); | pr->rule.u_states_tot = counter_u64_fetch(rule->states_tot); | ||||
pr->rule.u_src_nodes = counter_u64_fetch(rule->src_nodes); | pr->rule.u_src_nodes = counter_u64_fetch(rule->src_nodes); | ||||
if (pf_anchor_copyout(ruleset, rule, pr)) { | if (pf_anchor_copyout(ruleset, rule, pr)) { | ||||
PF_RULES_WUNLOCK(); | PF_RULES_RUNLOCK(); | ||||
sx_sunlock(&pf_ioctl_lock); | |||||
error = EBUSY; | error = EBUSY; | ||||
break; | break; | ||||
} | } | ||||
Context not available. | |||||
rule->bytes[0] = rule->bytes[1] = 0; | rule->bytes[0] = rule->bytes[1] = 0; | ||||
counter_u64_zero(rule->states_tot); | counter_u64_zero(rule->states_tot); | ||||
} | } | ||||
PF_RULES_WUNLOCK(); | PF_RULES_RUNLOCK(); | ||||
sx_sunlock(&pf_ioctl_lock); | |||||
break; | break; | ||||
} | } | ||||
Context not available. | |||||
bcopy(&pa->altq, altq, sizeof(struct pf_altq)); | bcopy(&pa->altq, altq, sizeof(struct pf_altq)); | ||||
altq->local_flags = 0; | altq->local_flags = 0; | ||||
PF_RULES_WLOCK(); | sx_xlock(&pf_ioctl_lock); | ||||
PF_RULES_RLOCK(); | |||||
if (pa->ticket != V_ticket_altqs_inactive) { | if (pa->ticket != V_ticket_altqs_inactive) { | ||||
PF_RULES_WUNLOCK(); | PF_RULES_RUNLOCK(); | ||||
sx_xunlock(&pf_ioctl_lock); | |||||
free(altq, M_PFALTQ); | free(altq, M_PFALTQ); | ||||
error = EBUSY; | error = EBUSY; | ||||
break; | break; | ||||
Context not available. | |||||
*/ | */ | ||||
if (altq->qname[0] != 0) { | if (altq->qname[0] != 0) { | ||||
if ((altq->qid = pf_qname2qid(altq->qname)) == 0) { | if ((altq->qid = pf_qname2qid(altq->qname)) == 0) { | ||||
PF_RULES_WUNLOCK(); | PF_RULES_RUNLOCK(); | ||||
sx_xunlock(&pf_ioctl_lock); | |||||
error = EBUSY; | error = EBUSY; | ||||
free(altq, M_PFALTQ); | free(altq, M_PFALTQ); | ||||
break; | break; | ||||
Context not available. | |||||
error = altq_add(altq); | error = altq_add(altq); | ||||
if (error) { | if (error) { | ||||
PF_RULES_WUNLOCK(); | PF_RULES_RUNLOCK(); | ||||
sx_xunlock(&pf_ioctl_lock); | |||||
free(altq, M_PFALTQ); | free(altq, M_PFALTQ); | ||||
break; | break; | ||||
} | } | ||||
Context not available. | |||||
TAILQ_INSERT_TAIL(V_pf_altqs_inactive, altq, entries); | TAILQ_INSERT_TAIL(V_pf_altqs_inactive, altq, entries); | ||||
bcopy(altq, &pa->altq, sizeof(struct pf_altq)); | bcopy(altq, &pa->altq, sizeof(struct pf_altq)); | ||||
PF_RULES_WUNLOCK(); | PF_RULES_RUNLOCK(); | ||||
sx_xunlock(&pf_ioctl_lock); | |||||
break; | break; | ||||
} | } | ||||
Context not available. | |||||
bcopy(&pp->addr, pa, sizeof(struct pf_pooladdr)); | bcopy(&pp->addr, pa, sizeof(struct pf_pooladdr)); | ||||
if (pa->ifname[0]) | if (pa->ifname[0]) | ||||
kif = malloc(sizeof(*kif), PFI_MTYPE, M_WAITOK); | kif = malloc(sizeof(*kif), PFI_MTYPE, M_WAITOK); | ||||
PF_RULES_WLOCK(); | sx_xlock(&pf_ioctl_lock); | ||||
PF_RULES_RLOCK(); | |||||
if (pp->ticket != V_ticket_pabuf) { | if (pp->ticket != V_ticket_pabuf) { | ||||
PF_RULES_WUNLOCK(); | PF_RULES_RUNLOCK(); | ||||
sx_xunlock(&pf_ioctl_lock); | |||||
if (pa->ifname[0]) | if (pa->ifname[0]) | ||||
free(kif, PFI_MTYPE); | free(kif, PFI_MTYPE); | ||||
free(pa, M_PFRULE); | free(pa, M_PFRULE); | ||||
Context not available. | |||||
pfi_dynaddr_setup(&pa->addr, pp->af)) != 0)) { | pfi_dynaddr_setup(&pa->addr, pp->af)) != 0)) { | ||||
if (pa->ifname[0]) | if (pa->ifname[0]) | ||||
pfi_kif_unref(pa->kif); | pfi_kif_unref(pa->kif); | ||||
PF_RULES_WUNLOCK(); | PF_RULES_RUNLOCK(); | ||||
sx_xunlock(&pf_ioctl_lock); | |||||
free(pa, M_PFRULE); | free(pa, M_PFRULE); | ||||
break; | break; | ||||
} | } | ||||
TAILQ_INSERT_TAIL(&V_pf_pabuf, pa, entries); | TAILQ_INSERT_TAIL(&V_pf_pabuf, pa, entries); | ||||
PF_RULES_WUNLOCK(); | PF_RULES_RUNLOCK(); | ||||
sx_xunlock(&pf_ioctl_lock); | |||||
break; | break; | ||||
} | } | ||||
Context not available. |
You seem to be missing a semicolon here.