From owner-dev-commits-src-branches@freebsd.org Fri May 7 15:25:53 2021 Return-Path: Delivered-To: dev-commits-src-branches@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 62A596315A0; Fri, 7 May 2021 15:25:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FcDmd0lWMz4jqZ; Fri, 7 May 2021 15:25:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B7DB958F3; Fri, 7 May 2021 15:25:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 147FPonm026519; Fri, 7 May 2021 15:25:50 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 147FPoDZ026518; Fri, 7 May 2021 15:25:50 GMT (envelope-from git) Date: Fri, 7 May 2021 15:25:50 GMT Message-Id: <202105071525.147FPoDZ026518@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 55059f90750d - stable/13 - pfctl, libpfctl: introduce pfctl_pool MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 55059f90750dcba322e10b6221fd4823d849085b Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-branches@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commits to the stable branches of the FreeBSD src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 May 2021 15:25:53 -0000 The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=55059f90750dcba322e10b6221fd4823d849085b commit 55059f90750dcba322e10b6221fd4823d849085b Author: Kurosawa Takahiro AuthorDate: 2021-04-12 14:03:40 +0000 Commit: Kristof Provost CommitDate: 2021-05-07 08:15:42 +0000 pfctl, libpfctl: introduce pfctl_pool Introduce pfctl_pool to be able to extend the pool part of the pf rule without breaking the ABI. Reviewed by: kp MFC after: 4 weeks Differential Revision: https://reviews.freebsd.org/D29721 (cherry picked from commit 600bd6ce0639c84b763516477250df5964e8edf6) --- lib/libpfctl/libpfctl.c | 4 ++-- lib/libpfctl/libpfctl.h | 12 +++++++++++- sbin/pfctl/pfctl.c | 10 +++++----- sbin/pfctl/pfctl_parser.c | 2 +- sbin/pfctl/pfctl_parser.h | 8 ++++---- 5 files changed, 23 insertions(+), 13 deletions(-) diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index 2a7b64f1cbc8..a487e5a20018 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -198,7 +198,7 @@ pf_nvrule_addr_to_rule_addr(const nvlist_t *nvl, struct pf_rule_addr *addr) static void pfctl_nv_add_pool(nvlist_t *nvparent, const char *name, - const struct pf_pool *pool) + const struct pfctl_pool *pool) { u_int64_t ports[2]; nvlist_t *nvl = nvlist_create(0); @@ -216,7 +216,7 @@ pfctl_nv_add_pool(nvlist_t *nvparent, const char *name, } static void -pf_nvpool_to_pool(const nvlist_t *nvl, struct pf_pool *pool) +pf_nvpool_to_pool(const nvlist_t *nvl, struct pfctl_pool *pool) { size_t len; const void *data; diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h index 95f6d4e3c77f..bc27c18cfbb6 100644 --- a/lib/libpfctl/libpfctl.h +++ b/lib/libpfctl/libpfctl.h @@ -38,6 +38,16 @@ struct pfctl_anchor; +struct pfctl_pool { + struct pf_palist list; + struct pf_pooladdr *cur; + struct pf_poolhashkey key; + struct pf_addr counter; + int tblidx; + u_int16_t proxy_port[2]; + u_int8_t opts; +}; + struct pfctl_rule { struct pf_rule_addr src; struct pf_rule_addr dst; @@ -52,7 +62,7 @@ struct pfctl_rule { char overload_tblname[PF_TABLE_NAME_SIZE]; TAILQ_ENTRY(pfctl_rule) entries; - struct pf_pool rpool; + struct pfctl_pool rpool; u_int64_t evaluations; u_int64_t packets[2]; diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index bc646ab335e1..879fc876826c 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -92,7 +92,7 @@ int pfctl_load_timeout(struct pfctl *, unsigned int, unsigned int); int pfctl_load_debug(struct pfctl *, unsigned int); int pfctl_load_logif(struct pfctl *, char *); int pfctl_load_hostid(struct pfctl *, u_int32_t); -int pfctl_get_pool(int, struct pf_pool *, u_int32_t, u_int32_t, int, +int pfctl_get_pool(int, struct pfctl_pool *, u_int32_t, u_int32_t, int, char *); void pfctl_print_rule_counters(struct pfctl_rule *, int); int pfctl_show_rules(int, char *, int, enum pfctl_show, char *, int); @@ -805,7 +805,7 @@ pfctl_id_kill_states(int dev, const char *iface, int opts) } int -pfctl_get_pool(int dev, struct pf_pool *pool, u_int32_t nr, +pfctl_get_pool(int dev, struct pfctl_pool *pool, u_int32_t nr, u_int32_t ticket, int r_action, char *anchorname) { struct pfioc_pooladdr pp; @@ -840,7 +840,7 @@ pfctl_get_pool(int dev, struct pf_pool *pool, u_int32_t nr, } void -pfctl_move_pool(struct pf_pool *src, struct pf_pool *dst) +pfctl_move_pool(struct pfctl_pool *src, struct pfctl_pool *dst) { struct pf_pooladdr *pa; @@ -851,7 +851,7 @@ pfctl_move_pool(struct pf_pool *src, struct pf_pool *dst) } void -pfctl_clear_pool(struct pf_pool *pool) +pfctl_clear_pool(struct pfctl_pool *pool) { struct pf_pooladdr *pa; @@ -1272,7 +1272,7 @@ pfctl_show_limits(int dev, int opts) /* callbacks for rule/nat/rdr/addr */ int -pfctl_add_pool(struct pfctl *pf, struct pf_pool *p, sa_family_t af) +pfctl_add_pool(struct pfctl *pf, struct pfctl_pool *p, sa_family_t af) { struct pf_pooladdr *pa; diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index e75ef514d14a..bc06ac46787c 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -412,7 +412,7 @@ print_fromto(struct pf_rule_addr *src, pf_osfp_t osfp, struct pf_rule_addr *dst, } void -print_pool(struct pf_pool *pool, u_int16_t p1, u_int16_t p2, +print_pool(struct pfctl_pool *pool, u_int16_t p1, u_int16_t p2, sa_family_t af, int id) { struct pf_pooladdr *pooladdr; diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h index f36e8f1d4ac8..43d8488dcab8 100644 --- a/sbin/pfctl/pfctl_parser.h +++ b/sbin/pfctl/pfctl_parser.h @@ -256,9 +256,9 @@ int pfctl_optimize_ruleset(struct pfctl *, struct pfctl_ruleset *); int pfctl_append_rule(struct pfctl *, struct pfctl_rule *, const char *); int pfctl_add_altq(struct pfctl *, struct pf_altq *); -int pfctl_add_pool(struct pfctl *, struct pf_pool *, sa_family_t); -void pfctl_move_pool(struct pf_pool *, struct pf_pool *); -void pfctl_clear_pool(struct pf_pool *); +int pfctl_add_pool(struct pfctl *, struct pfctl_pool *, sa_family_t); +void pfctl_move_pool(struct pfctl_pool *, struct pfctl_pool *); +void pfctl_clear_pool(struct pfctl_pool *); int pfctl_set_timeout(struct pfctl *, const char *, int, int); int pfctl_set_optimization(struct pfctl *, const char *); @@ -272,7 +272,7 @@ int parse_config(char *, struct pfctl *); int parse_flags(char *); int pfctl_load_anchors(int, struct pfctl *, struct pfr_buffer *); -void print_pool(struct pf_pool *, u_int16_t, u_int16_t, sa_family_t, int); +void print_pool(struct pfctl_pool *, u_int16_t, u_int16_t, sa_family_t, int); void print_src_node(struct pf_src_node *, int); void print_rule(struct pfctl_rule *, const char *, int, int); void print_tabledef(const char *, int, int, struct node_tinithead *);