Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/pf/pf_ioctl.c
| Show First 20 Lines • Show All 1,831 Lines • ▼ Show 20 Lines | if (pr->rule.af == AF_INET6) { | ||||
| break; | break; | ||||
| } | } | ||||
| #endif /* INET6 */ | #endif /* INET6 */ | ||||
| rule = malloc(sizeof(*rule), M_PFRULE, M_WAITOK); | rule = malloc(sizeof(*rule), M_PFRULE, M_WAITOK); | ||||
| pf_rule_to_krule(&pr->rule, rule); | pf_rule_to_krule(&pr->rule, rule); | ||||
| if (rule->ifname[0]) | if (rule->ifname[0]) | ||||
| kif = malloc(sizeof(*kif), PFI_MTYPE, M_WAITOK); | kif = pf_kkif_create(M_WAITOK); | ||||
| rule->evaluations = counter_u64_alloc(M_WAITOK); | rule->evaluations = counter_u64_alloc(M_WAITOK); | ||||
| for (int i = 0; i < 2; i++) { | for (int i = 0; i < 2; i++) { | ||||
| rule->packets[i] = counter_u64_alloc(M_WAITOK); | rule->packets[i] = counter_u64_alloc(M_WAITOK); | ||||
| rule->bytes[i] = counter_u64_alloc(M_WAITOK); | rule->bytes[i] = counter_u64_alloc(M_WAITOK); | ||||
| } | } | ||||
| rule->states_cur = counter_u64_alloc(M_WAITOK); | rule->states_cur = counter_u64_alloc(M_WAITOK); | ||||
| rule->states_tot = counter_u64_alloc(M_WAITOK); | rule->states_tot = counter_u64_alloc(M_WAITOK); | ||||
| rule->src_nodes = counter_u64_alloc(M_WAITOK); | rule->src_nodes = counter_u64_alloc(M_WAITOK); | ||||
| ▲ Show 20 Lines • Show All 125 Lines • ▼ Show 20 Lines | for (int i = 0; i < 2; i++) { | ||||
| counter_u64_free(rule->packets[i]); | counter_u64_free(rule->packets[i]); | ||||
| counter_u64_free(rule->bytes[i]); | counter_u64_free(rule->bytes[i]); | ||||
| } | } | ||||
| counter_u64_free(rule->states_cur); | counter_u64_free(rule->states_cur); | ||||
| counter_u64_free(rule->states_tot); | counter_u64_free(rule->states_tot); | ||||
| counter_u64_free(rule->src_nodes); | counter_u64_free(rule->src_nodes); | ||||
| free(rule, M_PFRULE); | free(rule, M_PFRULE); | ||||
| if (kif) | if (kif) | ||||
| free(kif, PFI_MTYPE); | pf_kkif_free(kif); | ||||
| break; | break; | ||||
| } | } | ||||
| case DIOCGETRULES: { | case DIOCGETRULES: { | ||||
| struct pfioc_rule *pr = (struct pfioc_rule *)addr; | struct pfioc_rule *pr = (struct pfioc_rule *)addr; | ||||
| struct pf_kruleset *ruleset; | struct pf_kruleset *ruleset; | ||||
| struct pf_krule *tail; | struct pf_krule *tail; | ||||
| int rs_num; | int rs_num; | ||||
| ▲ Show 20 Lines • Show All 110 Lines • ▼ Show 20 Lines | #ifndef INET6 | ||||
| error = EAFNOSUPPORT; | error = EAFNOSUPPORT; | ||||
| break; | break; | ||||
| } | } | ||||
| #endif /* INET6 */ | #endif /* INET6 */ | ||||
| newrule = malloc(sizeof(*newrule), M_PFRULE, M_WAITOK); | newrule = malloc(sizeof(*newrule), M_PFRULE, M_WAITOK); | ||||
| pf_rule_to_krule(&pcr->rule, newrule); | pf_rule_to_krule(&pcr->rule, newrule); | ||||
| if (newrule->ifname[0]) | if (newrule->ifname[0]) | ||||
| kif = malloc(sizeof(*kif), PFI_MTYPE, M_WAITOK); | kif = pf_kkif_create(M_WAITOK); | ||||
| newrule->evaluations = counter_u64_alloc(M_WAITOK); | newrule->evaluations = counter_u64_alloc(M_WAITOK); | ||||
| for (int i = 0; i < 2; i++) { | for (int i = 0; i < 2; i++) { | ||||
| newrule->packets[i] = | newrule->packets[i] = | ||||
| counter_u64_alloc(M_WAITOK); | counter_u64_alloc(M_WAITOK); | ||||
| newrule->bytes[i] = | newrule->bytes[i] = | ||||
| counter_u64_alloc(M_WAITOK); | counter_u64_alloc(M_WAITOK); | ||||
| } | } | ||||
| newrule->states_cur = counter_u64_alloc(M_WAITOK); | newrule->states_cur = counter_u64_alloc(M_WAITOK); | ||||
| ▲ Show 20 Lines • Show All 173 Lines • ▼ Show 20 Lines | if (newrule != NULL) { | ||||
| counter_u64_free(newrule->bytes[i]); | counter_u64_free(newrule->bytes[i]); | ||||
| } | } | ||||
| counter_u64_free(newrule->states_cur); | counter_u64_free(newrule->states_cur); | ||||
| counter_u64_free(newrule->states_tot); | counter_u64_free(newrule->states_tot); | ||||
| counter_u64_free(newrule->src_nodes); | counter_u64_free(newrule->src_nodes); | ||||
| free(newrule, M_PFRULE); | free(newrule, M_PFRULE); | ||||
| } | } | ||||
| if (kif != NULL) | if (kif != NULL) | ||||
| free(kif, PFI_MTYPE); | pf_kkif_free(kif); | ||||
| break; | break; | ||||
| } | } | ||||
| case DIOCCLRSTATES: { | case DIOCCLRSTATES: { | ||||
| struct pf_state *s; | struct pf_state *s; | ||||
| struct pfioc_state_kill *psk = (struct pfioc_state_kill *)addr; | struct pfioc_state_kill *psk = (struct pfioc_state_kill *)addr; | ||||
| u_int i, killed = 0; | u_int i, killed = 0; | ||||
| ▲ Show 20 Lines • Show All 619 Lines • ▼ Show 20 Lines | #endif /* INET6 */ | ||||
| } | } | ||||
| if (pp->addr.addr.p.dyn != NULL) { | if (pp->addr.addr.p.dyn != NULL) { | ||||
| error = EINVAL; | error = EINVAL; | ||||
| break; | break; | ||||
| } | } | ||||
| pa = malloc(sizeof(*pa), M_PFRULE, M_WAITOK); | pa = malloc(sizeof(*pa), M_PFRULE, M_WAITOK); | ||||
| pf_pooladdr_to_kpooladdr(&pp->addr, pa); | pf_pooladdr_to_kpooladdr(&pp->addr, pa); | ||||
| if (pa->ifname[0]) | if (pa->ifname[0]) | ||||
| kif = malloc(sizeof(*kif), PFI_MTYPE, M_WAITOK); | kif = pf_kkif_create(M_WAITOK); | ||||
| PF_RULES_WLOCK(); | PF_RULES_WLOCK(); | ||||
| if (pp->ticket != V_ticket_pabuf) { | if (pp->ticket != V_ticket_pabuf) { | ||||
| PF_RULES_WUNLOCK(); | PF_RULES_WUNLOCK(); | ||||
| if (pa->ifname[0]) | if (pa->ifname[0]) | ||||
| free(kif, PFI_MTYPE); | pf_kkif_free(kif); | ||||
| free(pa, M_PFRULE); | free(pa, M_PFRULE); | ||||
| error = EBUSY; | error = EBUSY; | ||||
| break; | break; | ||||
| } | } | ||||
| if (pa->ifname[0]) { | if (pa->ifname[0]) { | ||||
| pa->kif = pfi_kkif_attach(kif, pa->ifname); | pa->kif = pfi_kkif_attach(kif, pa->ifname); | ||||
| pfi_kkif_ref(pa->kif); | pfi_kkif_ref(pa->kif); | ||||
| } else | } else | ||||
| ▲ Show 20 Lines • Show All 95 Lines • ▼ Show 20 Lines | #ifndef INET6 | ||||
| if (pca->af == AF_INET6) { | if (pca->af == AF_INET6) { | ||||
| error = EAFNOSUPPORT; | error = EAFNOSUPPORT; | ||||
| break; | break; | ||||
| } | } | ||||
| #endif /* INET6 */ | #endif /* INET6 */ | ||||
| newpa = malloc(sizeof(*newpa), M_PFRULE, M_WAITOK); | newpa = malloc(sizeof(*newpa), M_PFRULE, M_WAITOK); | ||||
| bcopy(&pca->addr, newpa, sizeof(struct pf_pooladdr)); | bcopy(&pca->addr, newpa, sizeof(struct pf_pooladdr)); | ||||
| if (newpa->ifname[0]) | if (newpa->ifname[0]) | ||||
| kif = malloc(sizeof(*kif), PFI_MTYPE, M_WAITOK); | kif = pf_kkif_create(M_WAITOK); | ||||
| newpa->kif = NULL; | newpa->kif = NULL; | ||||
| } | } | ||||
| #define ERROUT(x) { error = (x); goto DIOCCHANGEADDR_error; } | #define ERROUT(x) { error = (x); goto DIOCCHANGEADDR_error; } | ||||
| PF_RULES_WLOCK(); | PF_RULES_WLOCK(); | ||||
| ruleset = pf_find_kruleset(pca->anchor); | ruleset = pf_find_kruleset(pca->anchor); | ||||
| if (ruleset == NULL) | if (ruleset == NULL) | ||||
| ERROUT(EBUSY); | ERROUT(EBUSY); | ||||
| ▲ Show 20 Lines • Show All 74 Lines • ▼ Show 20 Lines | |||||
| DIOCCHANGEADDR_error: | DIOCCHANGEADDR_error: | ||||
| if (newpa != NULL) { | if (newpa != NULL) { | ||||
| if (newpa->kif) | if (newpa->kif) | ||||
| pfi_kkif_unref(newpa->kif); | pfi_kkif_unref(newpa->kif); | ||||
| free(newpa, M_PFRULE); | free(newpa, M_PFRULE); | ||||
| } | } | ||||
| PF_RULES_WUNLOCK(); | PF_RULES_WUNLOCK(); | ||||
| if (kif != NULL) | if (kif != NULL) | ||||
| free(kif, PFI_MTYPE); | pf_kkif_free(kif); | ||||
| break; | break; | ||||
| } | } | ||||
| case DIOCGETRULESETS: { | case DIOCGETRULESETS: { | ||||
| struct pfioc_ruleset *pr = (struct pfioc_ruleset *)addr; | struct pfioc_ruleset *pr = (struct pfioc_ruleset *)addr; | ||||
| struct pf_kruleset *ruleset; | struct pf_kruleset *ruleset; | ||||
| struct pf_kanchor *anchor; | struct pf_kanchor *anchor; | ||||
| ▲ Show 20 Lines • Show All 1,646 Lines • Show Last 20 Lines | |||||