Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/pf/pf_lb.c
Show First 20 Lines • Show All 53 Lines • ▼ Show 20 Lines | |||||
#include <net/pfvar.h> | #include <net/pfvar.h> | ||||
#include <net/if_pflog.h> | #include <net/if_pflog.h> | ||||
#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x | #define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x | ||||
static void pf_hash(struct pf_addr *, struct pf_addr *, | static void pf_hash(struct pf_addr *, struct pf_addr *, | ||||
struct pf_poolhashkey *, sa_family_t); | struct pf_poolhashkey *, sa_family_t); | ||||
static struct pf_krule *pf_match_translation(struct pf_pdesc *, struct mbuf *, | static struct pf_krule *pf_match_translation(struct pf_pdesc *, struct mbuf *, | ||||
int, int, struct pfi_kif *, | int, int, struct pfi_kkif *, | ||||
struct pf_addr *, u_int16_t, struct pf_addr *, | struct pf_addr *, u_int16_t, struct pf_addr *, | ||||
uint16_t, int, struct pf_kanchor_stackframe *); | uint16_t, int, struct pf_kanchor_stackframe *); | ||||
static int pf_get_sport(sa_family_t, uint8_t, struct pf_krule *, | static int pf_get_sport(sa_family_t, uint8_t, struct pf_krule *, | ||||
struct pf_addr *, uint16_t, struct pf_addr *, uint16_t, struct pf_addr *, | struct pf_addr *, uint16_t, struct pf_addr *, uint16_t, struct pf_addr *, | ||||
uint16_t *, uint16_t, uint16_t, struct pf_ksrc_node **); | uint16_t *, uint16_t, uint16_t, struct pf_ksrc_node **); | ||||
#define mix(a,b,c) \ | #define mix(a,b,c) \ | ||||
do { \ | do { \ | ||||
▲ Show 20 Lines • Show All 49 Lines • ▼ Show 20 Lines | case AF_INET6: | ||||
hash->addr32[3] = c; | hash->addr32[3] = c; | ||||
break; | break; | ||||
#endif /* INET6 */ | #endif /* INET6 */ | ||||
} | } | ||||
} | } | ||||
static struct pf_krule * | static struct pf_krule * | ||||
pf_match_translation(struct pf_pdesc *pd, struct mbuf *m, int off, | pf_match_translation(struct pf_pdesc *pd, struct mbuf *m, int off, | ||||
int direction, struct pfi_kif *kif, struct pf_addr *saddr, u_int16_t sport, | int direction, struct pfi_kkif *kif, struct pf_addr *saddr, u_int16_t sport, | ||||
struct pf_addr *daddr, uint16_t dport, int rs_num, | struct pf_addr *daddr, uint16_t dport, int rs_num, | ||||
struct pf_kanchor_stackframe *anchor_stack) | struct pf_kanchor_stackframe *anchor_stack) | ||||
{ | { | ||||
struct pf_krule *r, *rm = NULL; | struct pf_krule *r, *rm = NULL; | ||||
struct pf_kruleset *ruleset = NULL; | struct pf_kruleset *ruleset = NULL; | ||||
int tag = -1; | int tag = -1; | ||||
int rtableid = -1; | int rtableid = -1; | ||||
int asd = 0; | int asd = 0; | ||||
r = TAILQ_FIRST(pf_main_ruleset.rules[rs_num].active.ptr); | r = TAILQ_FIRST(pf_main_ruleset.rules[rs_num].active.ptr); | ||||
while (r && rm == NULL) { | while (r && rm == NULL) { | ||||
struct pf_rule_addr *src = NULL, *dst = NULL; | struct pf_rule_addr *src = NULL, *dst = NULL; | ||||
struct pf_addr_wrap *xdst = NULL; | struct pf_addr_wrap *xdst = NULL; | ||||
if (r->action == PF_BINAT && direction == PF_IN) { | if (r->action == PF_BINAT && direction == PF_IN) { | ||||
src = &r->dst; | src = &r->dst; | ||||
if (r->rpool.cur != NULL) | if (r->rpool.cur != NULL) | ||||
xdst = &r->rpool.cur->addr; | xdst = &r->rpool.cur->addr; | ||||
} else { | } else { | ||||
src = &r->src; | src = &r->src; | ||||
dst = &r->dst; | dst = &r->dst; | ||||
} | } | ||||
counter_u64_add(r->evaluations, 1); | counter_u64_add(r->evaluations, 1); | ||||
if (pfi_kif_match(r->kif, kif) == r->ifnot) | if (pfi_kkif_match(r->kif, kif) == r->ifnot) | ||||
r = r->skip[PF_SKIP_IFP].ptr; | r = r->skip[PF_SKIP_IFP].ptr; | ||||
else if (r->direction && r->direction != direction) | else if (r->direction && r->direction != direction) | ||||
r = r->skip[PF_SKIP_DIR].ptr; | r = r->skip[PF_SKIP_DIR].ptr; | ||||
else if (r->af && r->af != pd->af) | else if (r->af && r->af != pd->af) | ||||
r = r->skip[PF_SKIP_AF].ptr; | r = r->skip[PF_SKIP_AF].ptr; | ||||
else if (r->proto && r->proto != pd->proto) | else if (r->proto && r->proto != pd->proto) | ||||
r = r->skip[PF_SKIP_PROTO].ptr; | r = r->skip[PF_SKIP_PROTO].ptr; | ||||
else if (PF_MISMATCHAW(&src->addr, saddr, pd->af, | else if (PF_MISMATCHAW(&src->addr, saddr, pd->af, | ||||
▲ Show 20 Lines • Show All 147 Lines • ▼ Show 20 Lines | pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_krule *r, | ||||
} while (! PF_AEQ(&init_addr, naddr, af) ); | } while (! PF_AEQ(&init_addr, naddr, af) ); | ||||
return (1); /* none available */ | return (1); /* none available */ | ||||
} | } | ||||
int | int | ||||
pf_map_addr(sa_family_t af, struct pf_krule *r, struct pf_addr *saddr, | pf_map_addr(sa_family_t af, struct pf_krule *r, struct pf_addr *saddr, | ||||
struct pf_addr *naddr, struct pf_addr *init_addr, struct pf_ksrc_node **sn) | struct pf_addr *naddr, struct pf_addr *init_addr, struct pf_ksrc_node **sn) | ||||
{ | { | ||||
struct pf_pool *rpool = &r->rpool; | struct pf_kpool *rpool = &r->rpool; | ||||
struct pf_addr *raddr = NULL, *rmask = NULL; | struct pf_addr *raddr = NULL, *rmask = NULL; | ||||
/* Try to find a src_node if none was given and this | /* Try to find a src_node if none was given and this | ||||
is a sticky-address rule. */ | is a sticky-address rule. */ | ||||
if (*sn == NULL && r->rpool.opts & PF_POOL_STICKYADDR && | if (*sn == NULL && r->rpool.opts & PF_POOL_STICKYADDR && | ||||
(r->rpool.opts & PF_POOL_TYPEMASK) != PF_POOL_NONE) | (r->rpool.opts & PF_POOL_TYPEMASK) != PF_POOL_NONE) | ||||
*sn = pf_find_src_node(saddr, r, af, 0); | *sn = pf_find_src_node(saddr, r, af, 0); | ||||
▲ Show 20 Lines • Show All 105 Lines • ▼ Show 20 Lines | case PF_POOL_SRCHASH: | ||||
unsigned char hash[16]; | unsigned char hash[16]; | ||||
pf_hash(saddr, (struct pf_addr *)&hash, &rpool->key, af); | pf_hash(saddr, (struct pf_addr *)&hash, &rpool->key, af); | ||||
PF_POOLMASK(naddr, raddr, rmask, (struct pf_addr *)&hash, af); | PF_POOLMASK(naddr, raddr, rmask, (struct pf_addr *)&hash, af); | ||||
break; | break; | ||||
} | } | ||||
case PF_POOL_ROUNDROBIN: | case PF_POOL_ROUNDROBIN: | ||||
{ | { | ||||
struct pf_pooladdr *acur = rpool->cur; | struct pf_kpooladdr *acur = rpool->cur; | ||||
/* | /* | ||||
* XXXGL: in the round-robin case we need to store | * XXXGL: in the round-robin case we need to store | ||||
* the round-robin machine state in the rule, thus | * the round-robin machine state in the rule, thus | ||||
* forwarding thread needs to modify rule. | * forwarding thread needs to modify rule. | ||||
* | * | ||||
* This is done w/o locking, because performance is assumed | * This is done w/o locking, because performance is assumed | ||||
* more important than round-robin precision. | * more important than round-robin precision. | ||||
▲ Show 20 Lines • Show All 69 Lines • ▼ Show 20 Lines | if (V_pf_status.debug >= PF_DEBUG_MISC && | ||||
printf("\n"); | printf("\n"); | ||||
} | } | ||||
return (0); | return (0); | ||||
} | } | ||||
struct pf_krule * | struct pf_krule * | ||||
pf_get_translation(struct pf_pdesc *pd, struct mbuf *m, int off, int direction, | pf_get_translation(struct pf_pdesc *pd, struct mbuf *m, int off, int direction, | ||||
struct pfi_kif *kif, struct pf_ksrc_node **sn, | struct pfi_kkif *kif, struct pf_ksrc_node **sn, | ||||
struct pf_state_key **skp, struct pf_state_key **nkp, | struct pf_state_key **skp, struct pf_state_key **nkp, | ||||
struct pf_addr *saddr, struct pf_addr *daddr, | struct pf_addr *saddr, struct pf_addr *daddr, | ||||
uint16_t sport, uint16_t dport, struct pf_kanchor_stackframe *anchor_stack) | uint16_t sport, uint16_t dport, struct pf_kanchor_stackframe *anchor_stack) | ||||
{ | { | ||||
struct pf_krule *r = NULL; | struct pf_krule *r = NULL; | ||||
struct pf_addr *naddr; | struct pf_addr *naddr; | ||||
uint16_t *nport; | uint16_t *nport; | ||||
▲ Show 20 Lines • Show All 159 Lines • Show Last 20 Lines |