Page MenuHomeFreeBSD
Differential D30054 Diff 88433 sys/netpfil/pf/pf_ioctl.c

Changeset View

Standalone View

View Options

sys/netpfil/pf/pf_ioctl.c

Show First 20 LinesShow All 196 Lines▼ Show 20 Lines
struct cdev *pf_dev; struct cdev *pf_dev;
/* /*
* XXX - These are new and need to be checked when moveing to a new version * XXX - These are new and need to be checked when moveing to a new version
*/ */
static void pf_clear_all_states(void); static void pf_clear_all_states(void);
static unsigned int pf_clear_states(const struct pf_kstate_kill *); static unsigned int pf_clear_states(const struct pf_kstate_kill *);
static int pf_killstates(struct pf_kstate_kill *,
unsigned int *);
static int pf_killstates_row(struct pf_kstate_kill *,
struct pf_idhash *);
static int pf_killstates_nv(struct pfioc_nv *);
static int pf_clearstates_nv(struct pfioc_nv *); static int pf_clearstates_nv(struct pfioc_nv *);
static int pf_clear_tables(void); static int pf_clear_tables(void);
static void pf_clear_srcnodes(struct pf_ksrc_node *); static void pf_clear_srcnodes(struct pf_ksrc_node *);
static void pf_kill_srcnodes(struct pfioc_src_node_kill *); static void pf_kill_srcnodes(struct pfioc_src_node_kill *);
static int pf_keepcounters(struct pfioc_nv *); static int pf_keepcounters(struct pfioc_nv *);
static void pf_tbladdr_copyout(struct pf_addr_wrap *); static void pf_tbladdr_copyout(struct pf_addr_wrap *);
/* /*
▲ Show 20 LinesShow All 2,418 Lines▼ Show 20 Lines if (strcmp(rule->label[i], label) == 0)
return (true); return (true);
i++; i++;
} }
return (false); return (false);
} }
static int static int
pf_killstates_row(struct pfioc_state_kill *psk, struct pf_idhash *ih) pf_killstates_row(struct pf_kstate_kill *psk, struct pf_idhash *ih)
{ {
struct pf_state *s; struct pf_state *s;
struct pf_state_key *sk; struct pf_state_key *sk;
struct pf_addr *srcaddr, *dstaddr; struct pf_addr *srcaddr, *dstaddr;
int killed = 0; int killed = 0;
u_int16_t srcport, dstport; u_int16_t srcport, dstport;
relock_DIOCKILLSTATES: relock_DIOCKILLSTATES:
▲ Show 20 LinesShow All 737 Lines▼ Show 20 LinesDIOCCHANGERULE_error:
} }
case DIOCCLRSTATESNV: { case DIOCCLRSTATESNV: {
error = pf_clearstates_nv((struct pfioc_nv *)addr); error = pf_clearstates_nv((struct pfioc_nv *)addr);
break; break;
} }
case DIOCKILLSTATES: { case DIOCKILLSTATES: {
struct pf_state *s;
struct pfioc_state_kill *psk = (struct pfioc_state_kill *)addr; struct pfioc_state_kill *psk = (struct pfioc_state_kill *)addr;
u_int i, killed = 0; struct pf_kstate_kill kill;
if (psk->psk_pfcmp.id) { error = pf_state_kill_to_kstate_kill(psk, &kill);
if (psk->psk_pfcmp.creatorid == 0) if (error)
psk->psk_pfcmp.creatorid = V_pf_status.hostid;
if ((s = pf_find_state_byid(psk->psk_pfcmp.id,
psk->psk_pfcmp.creatorid))) {
pf_unlink_state(s, PF_ENTER_LOCKED);
psk->psk_killed = 1;
}
break; break;
psk->psk_killed = 0;
error = pf_killstates(&kill, &psk->psk_killed);
break;
} }
for (i = 0; i <= pf_hashmask; i++) case DIOCKILLSTATESNV: {
killed += pf_killstates_row(psk, &V_pf_idhash[i]); error = pf_killstates_nv((struct pfioc_nv *)addr);
psk->psk_killed = killed;
break; break;
} }
case DIOCADDSTATE: { case DIOCADDSTATE: {
struct pfioc_state *ps = (struct pfioc_state *)addr; struct pfioc_state *ps = (struct pfioc_state *)addr;
struct pfsync_state *sp = &ps->state; struct pfsync_state *sp = &ps->state;
if (sp->timeout >= PFTM_MAX) { if (sp->timeout >= PFTM_MAX) {
▲ Show 20 LinesShow All 2,035 Lines▼ Show 20 Lines LIST_FOREACH(s, &ih->states, entry)
} }
PF_HASHROW_UNLOCK(ih); PF_HASHROW_UNLOCK(ih);
} }
if (V_pfsync_clear_states_ptr != NULL) if (V_pfsync_clear_states_ptr != NULL)
V_pfsync_clear_states_ptr(V_pf_status.hostid, kill->psk_ifname); V_pfsync_clear_states_ptr(V_pf_status.hostid, kill->psk_ifname);
return (killed); return (killed);
}
static int
pf_killstates(struct pf_kstate_kill *kill, unsigned int *killed)
{
struct pf_state *s;
if (kill->psk_pfcmp.id) {
if (kill->psk_pfcmp.creatorid == 0)
kill->psk_pfcmp.creatorid = V_pf_status.hostid;
if ((s = pf_find_state_byid(kill->psk_pfcmp.id,
kill->psk_pfcmp.creatorid))) {
pf_unlink_state(s, PF_ENTER_LOCKED);
*killed = 1;
}
return (0);
}
for (unsigned int i = 0; i <= pf_hashmask; i++)
*killed += pf_killstates_row(kill, &V_pf_idhash[i]);
return (0);
}
static int
pf_killstates_nv(struct pfioc_nv *nv)
{
struct pf_kstate_kill kill;
nvlist_t *nvl = NULL;
void *nvlpacked = NULL;
int error = 0;
unsigned int killed = 0;
#define ERROUT(x) ERROUT_FUNCTION(on_error, x)
if (nv->len > pf_ioctl_maxcount)
ERROUT(ENOMEM);
nvlpacked = malloc(nv->len, M_TEMP, M_WAITOK);
if (nvlpacked == NULL)
ERROUT(ENOMEM);
error = copyin(nv->data, nvlpacked, nv->len);
if (error)
ERROUT(error);
nvl = nvlist_unpack(nvlpacked, nv->len, 0);
if (nvl == NULL)
ERROUT(EBADMSG);
error = pf_nvstate_kill_to_kstate_kill(nvl, &kill);
if (error)
ERROUT(error);
error = pf_killstates(&kill, &killed);
free(nvlpacked, M_TEMP);
nvlpacked = NULL;
nvlist_destroy(nvl);
nvl = nvlist_create(0);
if (nvl == NULL)
ERROUT(ENOMEM);
nvlist_add_number(nvl, "killed", killed);
nvlpacked = nvlist_pack(nvl, &nv->len);
if (nvlpacked == NULL)
ERROUT(ENOMEM);
if (nv->size == 0)
ERROUT(0);
else if (nv->size < nv->len)
ERROUT(ENOSPC);
error = copyout(nvlpacked, nv->data, nv->len);
on_error:
nvlist_destroy(nvl);
free(nvlpacked, M_TEMP);
return (error);
} }
static int static int
pf_clearstates_nv(struct pfioc_nv *nv) pf_clearstates_nv(struct pfioc_nv *nv)
{ {
struct pf_kstate_kill kill; struct pf_kstate_kill kill;
nvlist_t *nvl = NULL; nvlist_t *nvl = NULL;
void *nvlpacked = NULL; void *nvlpacked = NULL;
▲ Show 20 LinesShow All 461 LinesShow Last 20 Lines