Date: Mon, 12 Apr 2021 18:31:12 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 600bd6ce0639 - main - pfctl, libpfctl: introduce pfctl_pool Message-ID: <202104121831.13CIVC19026816@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=600bd6ce0639c84b763516477250df5964e8edf6 commit 600bd6ce0639c84b763516477250df5964e8edf6 Author: Kurosawa Takahiro <takahiro.kurosawa@gmail.com> AuthorDate: 2021-04-12 14:03:40 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2021-04-12 16:30:29 +0000 pfctl, libpfctl: introduce pfctl_pool Introduce pfctl_pool to be able to extend the pool part of the pf rule without breaking the ABI. Reviewed by: kp MFC after: 4 weeks Differential Revision: https://reviews.freebsd.org/D29721 --- lib/libpfctl/libpfctl.c | 4 ++-- lib/libpfctl/libpfctl.h | 12 +++++++++++- sbin/pfctl/pfctl.c | 10 +++++----- sbin/pfctl/pfctl_parser.c | 2 +- sbin/pfctl/pfctl_parser.h | 8 ++++---- 5 files changed, 23 insertions(+), 13 deletions(-) diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index 2a7b64f1cbc8..a487e5a20018 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -198,7 +198,7 @@ pf_nvrule_addr_to_rule_addr(const nvlist_t *nvl, struct pf_rule_addr *addr) static void pfctl_nv_add_pool(nvlist_t *nvparent, const char *name, - const struct pf_pool *pool) + const struct pfctl_pool *pool) { u_int64_t ports[2]; nvlist_t *nvl = nvlist_create(0); @@ -216,7 +216,7 @@ pfctl_nv_add_pool(nvlist_t *nvparent, const char *name, } static void -pf_nvpool_to_pool(const nvlist_t *nvl, struct pf_pool *pool) +pf_nvpool_to_pool(const nvlist_t *nvl, struct pfctl_pool *pool) { size_t len; const void *data; diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h index 95f6d4e3c77f..bc27c18cfbb6 100644 --- a/lib/libpfctl/libpfctl.h +++ b/lib/libpfctl/libpfctl.h @@ -38,6 +38,16 @@ struct pfctl_anchor; +struct pfctl_pool { + struct pf_palist list; + struct pf_pooladdr *cur; + struct pf_poolhashkey key; + struct pf_addr counter; + int tblidx; + u_int16_t proxy_port[2]; + u_int8_t opts; +}; + struct pfctl_rule { struct pf_rule_addr src; struct pf_rule_addr dst; @@ -52,7 +62,7 @@ struct pfctl_rule { char overload_tblname[PF_TABLE_NAME_SIZE]; TAILQ_ENTRY(pfctl_rule) entries; - struct pf_pool rpool; + struct pfctl_pool rpool; u_int64_t evaluations; u_int64_t packets[2]; diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index bc646ab335e1..879fc876826c 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -92,7 +92,7 @@ int pfctl_load_timeout(struct pfctl *, unsigned int, unsigned int); int pfctl_load_debug(struct pfctl *, unsigned int); int pfctl_load_logif(struct pfctl *, char *); int pfctl_load_hostid(struct pfctl *, u_int32_t); -int pfctl_get_pool(int, struct pf_pool *, u_int32_t, u_int32_t, int, +int pfctl_get_pool(int, struct pfctl_pool *, u_int32_t, u_int32_t, int, char *); void pfctl_print_rule_counters(struct pfctl_rule *, int); int pfctl_show_rules(int, char *, int, enum pfctl_show, char *, int); @@ -805,7 +805,7 @@ pfctl_id_kill_states(int dev, const char *iface, int opts) } int -pfctl_get_pool(int dev, struct pf_pool *pool, u_int32_t nr, +pfctl_get_pool(int dev, struct pfctl_pool *pool, u_int32_t nr, u_int32_t ticket, int r_action, char *anchorname) { struct pfioc_pooladdr pp; @@ -840,7 +840,7 @@ pfctl_get_pool(int dev, struct pf_pool *pool, u_int32_t nr, } void -pfctl_move_pool(struct pf_pool *src, struct pf_pool *dst) +pfctl_move_pool(struct pfctl_pool *src, struct pfctl_pool *dst) { struct pf_pooladdr *pa; @@ -851,7 +851,7 @@ pfctl_move_pool(struct pf_pool *src, struct pf_pool *dst) } void -pfctl_clear_pool(struct pf_pool *pool) +pfctl_clear_pool(struct pfctl_pool *pool) { struct pf_pooladdr *pa; @@ -1272,7 +1272,7 @@ pfctl_show_limits(int dev, int opts) /* callbacks for rule/nat/rdr/addr */ int -pfctl_add_pool(struct pfctl *pf, struct pf_pool *p, sa_family_t af) +pfctl_add_pool(struct pfctl *pf, struct pfctl_pool *p, sa_family_t af) { struct pf_pooladdr *pa; diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index 903ea88c4b15..e0dd04cb4c3d 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -412,7 +412,7 @@ print_fromto(struct pf_rule_addr *src, pf_osfp_t osfp, struct pf_rule_addr *dst, } void -print_pool(struct pf_pool *pool, u_int16_t p1, u_int16_t p2, +print_pool(struct pfctl_pool *pool, u_int16_t p1, u_int16_t p2, sa_family_t af, int id) { struct pf_pooladdr *pooladdr; diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h index f36e8f1d4ac8..43d8488dcab8 100644 --- a/sbin/pfctl/pfctl_parser.h +++ b/sbin/pfctl/pfctl_parser.h @@ -256,9 +256,9 @@ int pfctl_optimize_ruleset(struct pfctl *, struct pfctl_ruleset *); int pfctl_append_rule(struct pfctl *, struct pfctl_rule *, const char *); int pfctl_add_altq(struct pfctl *, struct pf_altq *); -int pfctl_add_pool(struct pfctl *, struct pf_pool *, sa_family_t); -void pfctl_move_pool(struct pf_pool *, struct pf_pool *); -void pfctl_clear_pool(struct pf_pool *); +int pfctl_add_pool(struct pfctl *, struct pfctl_pool *, sa_family_t); +void pfctl_move_pool(struct pfctl_pool *, struct pfctl_pool *); +void pfctl_clear_pool(struct pfctl_pool *); int pfctl_set_timeout(struct pfctl *, const char *, int, int); int pfctl_set_optimization(struct pfctl *, const char *); @@ -272,7 +272,7 @@ int parse_config(char *, struct pfctl *); int parse_flags(char *); int pfctl_load_anchors(int, struct pfctl *, struct pfr_buffer *); -void print_pool(struct pf_pool *, u_int16_t, u_int16_t, sa_family_t, int); +void print_pool(struct pfctl_pool *, u_int16_t, u_int16_t, sa_family_t, int); void print_src_node(struct pf_src_node *, int); void print_rule(struct pfctl_rule *, const char *, int, int); void print_tabledef(const char *, int, int, struct node_tinithead *);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202104121831.13CIVC19026816>