Date: Mon, 12 Oct 2009 19:41:57 +0000 (UTC) From: Ermal Luçi <eri@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r198000 - user/eri/pf45/head/sys/contrib/pf/net Message-ID: <200910121941.n9CJfvdX083653@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: eri Date: Mon Oct 12 19:41:57 2009 New Revision: 198000 URL: http://svn.freebsd.org/changeset/base/198000 Log: Prepend V_ to variables with the same name as their type. Modified: user/eri/pf45/head/sys/contrib/pf/net/if_pflog.h user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c user/eri/pf45/head/sys/contrib/pf/net/pf.c user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c user/eri/pf45/head/sys/contrib/pf/net/pf_lb.c user/eri/pf45/head/sys/contrib/pf/net/pf_norm.c user/eri/pf45/head/sys/contrib/pf/net/pf_osfp.c user/eri/pf45/head/sys/contrib/pf/net/pf_ruleset.c user/eri/pf45/head/sys/contrib/pf/net/pfvar.h Modified: user/eri/pf45/head/sys/contrib/pf/net/if_pflog.h ============================================================================== --- user/eri/pf45/head/sys/contrib/pf/net/if_pflog.h Mon Oct 12 19:19:08 2009 (r197999) +++ user/eri/pf45/head/sys/contrib/pf/net/if_pflog.h Mon Oct 12 19:41:57 2009 (r198000) @@ -80,10 +80,12 @@ struct old_pfloghdr { struct pfi_kif; struct pf_pdesc; - typedef int pflog_packet_t(struct pfi_kif *, struct mbuf *, sa_family_t, - u_int8_t, u_int8_t, struct pf_rule *, struct pf_rule *, - struct pf_ruleset *, struct pf_pdesc *); - extern pflog_packet_t *pflog_packet_ptr; +#if 0 +typedef int pflog_packet_t(struct pfi_kif *, struct mbuf *, sa_family_t, + u_int8_t, u_int8_t, struct pf_rule *, struct pf_rule *, + struct pf_ruleset *, struct pf_pdesc *); +extern pflog_packet_t *pflog_packet_ptr; +#endif #define PFLOG_PACKET(i,x,a,b,c,d,e,f,g,h) do { \ if (pflog_packet_ptr != NULL) \ pflog_packet_ptr(i,a,b,c,d,e,f,g,h); \ Modified: user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c ============================================================================== --- user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c Mon Oct 12 19:19:08 2009 (r197999) +++ user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c Mon Oct 12 19:41:57 2009 (r198000) @@ -674,14 +674,22 @@ pfsync_state_import(struct pfsync_state int pool_flags; int error; +#ifdef __FreeBSD__ + if (sp->creatorid == 0 && V_pf_status.debug >= PF_DEBUG_MISC) { +#else if (sp->creatorid == 0 && pf_status.debug >= PF_DEBUG_MISC) { +#endif printf("pfsync_state_import: invalid creator id:" " %08x\n", ntohl(sp->creatorid)); return (EINVAL); } if ((kif = pfi_kif_get(sp->ifname)) == NULL) { +#ifdef __FreeBSD__ + if (V_pf_status.debug >= PF_DEBUG_MISC) +#else if (pf_status.debug >= PF_DEBUG_MISC) +#endif printf("pfsync_state_import: " "unknown interface: %s\n", sp->ifname); if (flags & PFSYNC_SI_IOCTL) @@ -845,7 +853,11 @@ pfsync_input(struct mbuf *m, ...) pfsyncstats.pfsyncs_ipackets++; /* verify that we have a sync interface configured */ +#ifdef __FreeBSD__ + if (!sc || !sc->sc_sync_if || !V_pf_status.running) +#else if (!sc || !sc->sc_sync_if || !pf_status.running) +#endif goto done; /* verify that the packet came in on the right interface */ @@ -900,7 +912,11 @@ pfsync_input(struct mbuf *m, ...) pkt.src = ip->ip_src; pkt.flags = 0; +#ifdef __FreeBSD__ + if (!bcmp(&ph->pfcksum, &V_pf_status.pf_chksum, PF_MD5_DIGEST_LENGTH)) +#else if (!bcmp(&ph->pfcksum, &pf_status.pf_chksum, PF_MD5_DIGEST_LENGTH)) +#endif pkt.flags |= PFSYNC_SI_CKSUM; offset += sizeof(*ph); @@ -1019,7 +1035,11 @@ pfsync_in_ins(struct pfsync_pkt *pkt, st sp->dst.state > PF_TCPS_PROXY_DST || sp->direction > PF_OUT || (sp->af != AF_INET && sp->af != AF_INET6)) { +#ifdef __FreeBSD__ + if (V_pf_status.debug >= PF_DEBUG_MISC) { +#else if (pf_status.debug >= PF_DEBUG_MISC) { +#endif printf("pfsync_input: PFSYNC5_ACT_INS: " "invalid value\n"); } @@ -1154,7 +1174,11 @@ pfsync_in_upd(struct pfsync_pkt *pkt, st if (sp->timeout >= PFTM_MAX || sp->src.state > PF_TCPS_PROXY_DST || sp->dst.state > PF_TCPS_PROXY_DST) { +#ifdef __FreeBSD__ + if (V_pf_status.debug >= PF_DEBUG_MISC) { +#else if (pf_status.debug >= PF_DEBUG_MISC) { +#endif printf("pfsync_input: PFSYNC_ACT_UPD: " "invalid value\n"); } @@ -1192,7 +1216,11 @@ pfsync_in_upd(struct pfsync_pkt *pkt, st } if (sfail) { +#ifdef __FreeBSD__ + if (V_pf_status.debug >= PF_DEBUG_MISC) { +#else if (pf_status.debug >= PF_DEBUG_MISC) { +#endif printf("pfsync: %s stale update (%d)" " id: %016llx creatorid: %08x\n", (sfail < 7 ? "ignoring" : "partial"), @@ -1253,7 +1281,11 @@ pfsync_in_upd_c(struct pfsync_pkt *pkt, if (up->timeout >= PFTM_MAX || up->src.state > PF_TCPS_PROXY_DST || up->dst.state > PF_TCPS_PROXY_DST) { +#ifdef __FreeBSD__ + if (V_pf_status.debug >= PF_DEBUG_MISC) { +#else if (pf_status.debug >= PF_DEBUG_MISC) { +#endif printf("pfsync_input: " "PFSYNC_ACT_UPD_C: " "invalid value\n"); @@ -1290,7 +1322,11 @@ pfsync_in_upd_c(struct pfsync_pkt *pkt, } if (sfail) { +#ifdef __FreeBSD__ + if (V_pf_status.debug >= PF_DEBUG_MISC) { +#else if (pf_status.debug >= PF_DEBUG_MISC) { +#endif printf("pfsync: ignoring stale update " "(%d) id: %016llx " "creatorid: %08x\n", sfail, @@ -1481,7 +1517,11 @@ pfsync_in_bus(struct pfsync_pkt *pkt, st pf_pool_limits[PF_LIMIT_STATES].limit / (PFSYNC_BULKPACKETS * sc->sc_maxcount)); #endif +#ifdef __FreeBSD__ + if (V_pf_status.debug >= PF_DEBUG_MISC) +#else if (pf_status.debug >= PF_DEBUG_MISC) +#endif printf("pfsync: received bulk update start\n"); break; @@ -1499,11 +1539,19 @@ pfsync_in_bus(struct pfsync_pkt *pkt, st #endif #endif pfsync_sync_ok = 1; +#ifdef __FreeBSD__ + if (V_pf_status.debug >= PF_DEBUG_MISC) +#else if (pf_status.debug >= PF_DEBUG_MISC) +#endif printf("pfsync: received valid " "bulk update end\n"); } else { +#ifdef __FreeBSD__ + if (V_pf_status.debug >= PF_DEBUG_MISC) +#else if (pf_status.debug >= PF_DEBUG_MISC) +#endif printf("pfsync: received invalid " "bulk update end: bad timestamp\n"); } @@ -1581,7 +1629,11 @@ pfsync_update_net_tdb(struct pfsync_tdb return; bad: +#ifdef __FreeBSD__ + if (V_pf_status.debug >= PF_DEBUG_MISC) +#else if (pf_status.debug >= PF_DEBUG_MISC) +#endif printf("pfsync_insert: PFSYNC_ACT_TDB_UPD: " "invalid value\n"); pfsyncstats.pfsyncs_badstate++; @@ -1827,7 +1879,11 @@ pfsyncioctl(struct ifnet *ifp, u_long cm #endif #endif pfsync_sync_ok = 0; +#ifdef __FreeBSD__ + if (V_pf_status.debug >= PF_DEBUG_MISC) +#else if (pf_status.debug >= PF_DEBUG_MISC) +#endif printf("pfsync: requesting bulk update\n"); #ifdef __FreeBSD__ callout_reset(&sc->sc_bulkfail_tmo, 5 * hz, @@ -2057,7 +2113,11 @@ pfsync_sendout(void) ph->version = PFSYNC_VERSION; ph->len = htons(sc->sc_len - sizeof(*ip)); +#ifdef __FreeBSD__ + bcopy(V_pf_status.pf_chksum, ph->pfcksum, PF_MD5_DIGEST_LENGTH); +#else bcopy(pf_status.pf_chksum, ph->pfcksum, PF_MD5_DIGEST_LENGTH); +#endif /* walk the queues */ for (q = 0; q < PFSYNC_S_COUNT; q++) { @@ -2751,7 +2811,11 @@ pfsync_bulk_start(void) sc->sc_bulk_next = TAILQ_FIRST(&state_list); sc->sc_bulk_last = sc->sc_bulk_next; +#ifdef __FreeBSD__ + if (V_pf_status.debug >= PF_DEBUG_MISC) +#else if (pf_status.debug >= PF_DEBUG_MISC) +#endif printf("pfsync: received bulk update request\n"); pfsync_bulk_status(PFSYNC_BUS_START); @@ -2821,7 +2885,11 @@ pfsync_bulk_status(u_int8_t status) r.subh.action = PFSYNC_ACT_BUS; r.subh.count = htons(1); +#ifdef __FreeBSD__ + r.bus.creatorid = V_pf_status.hostid; +#else r.bus.creatorid = pf_status.hostid; +#endif r.bus.endtime = htonl(time_uptime - sc->sc_ureq_received); r.bus.status = status; @@ -2853,7 +2921,11 @@ pfsync_bulk_fail(void *arg) #endif #endif pfsync_sync_ok = 1; +#ifdef __FreeBSD__ + if (V_pf_status.debug >= PF_DEBUG_MISC) +#else if (pf_status.debug >= PF_DEBUG_MISC) +#endif printf("pfsync: failed to receive bulk update\n"); } } Modified: user/eri/pf45/head/sys/contrib/pf/net/pf.c ============================================================================== --- user/eri/pf45/head/sys/contrib/pf/net/pf.c Mon Oct 12 19:19:08 2009 (r197999) +++ user/eri/pf45/head/sys/contrib/pf/net/pf.c Mon Oct 12 19:41:57 2009 (r198000) @@ -171,7 +171,11 @@ extern int ip_optcopy(struct ip *, struc VNET_DECLARE(int, debug_pfugidhack); #endif +#ifdef __FreeBSD__ +#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x +#else #define DPFPRINTF(n, x) if (pf_status.debug >= (n)) printf x +#endif /* * Global variables @@ -558,13 +562,21 @@ pf_src_connlimit(struct pf_state **state if ((*state)->rule.ptr->max_src_conn && (*state)->rule.ptr->max_src_conn < (*state)->src_node->conn) { +#ifdef __FreeBSD__ + V_pf_status.lcounters[LCNT_SRCCONN]++; +#else pf_status.lcounters[LCNT_SRCCONN]++; +#endif bad++; } if ((*state)->rule.ptr->max_src_conn_rate.limit && pf_check_threshold(&(*state)->src_node->conn_rate)) { +#ifdef __FreeBSD__ + V_pf_status.lcounters[LCNT_SRCCONNRATE]++; +#else pf_status.lcounters[LCNT_SRCCONNRATE]++; +#endif bad++; } @@ -575,8 +587,13 @@ pf_src_connlimit(struct pf_state **state struct pfr_addr p; u_int32_t killed = 0; +#ifdef __FreeBSD__ + V_pf_status.lcounters[LCNT_OVERLOAD_TABLE]++; + if (V_pf_status.debug >= PF_DEBUG_MISC) { +#else pf_status.lcounters[LCNT_OVERLOAD_TABLE]++; if (pf_status.debug >= PF_DEBUG_MISC) { +#endif printf("pf_src_connlimit: blocking address "); pf_print_host(&(*state)->src_node->addr, 0, (*state)->key[PF_SK_WIRE]->af); @@ -607,7 +624,11 @@ pf_src_connlimit(struct pf_state **state struct pf_state_key *sk; struct pf_state *st; +#ifdef __FreeBSD__ + V_pf_status.lcounters[LCNT_OVERLOAD_FLUSH]++; +#else pf_status.lcounters[LCNT_OVERLOAD_FLUSH]++; +#endif RB_FOREACH(st, pf_state_tree_id, &tree_id) { sk = st->key[PF_SK_WIRE]; /* @@ -632,10 +653,18 @@ pf_src_connlimit(struct pf_state **state killed++; } } +#ifdef __FreeBSD__ + if (V_pf_status.debug >= PF_DEBUG_MISC) +#else if (pf_status.debug >= PF_DEBUG_MISC) +#endif printf(", %u states killed", killed); } +#ifdef __FreeBSD__ + if (V_pf_status.debug >= PF_DEBUG_MISC) +#else if (pf_status.debug >= PF_DEBUG_MISC) +#endif printf("\n"); } @@ -659,7 +688,11 @@ pf_insert_src_node(struct pf_src_node ** k.rule.ptr = rule; else k.rule.ptr = NULL; +#ifdef __FreeBSD__ + V_pf_status.scounters[SCNT_SRC_NODE_SEARCH]++; +#else pf_status.scounters[SCNT_SRC_NODE_SEARCH]++; +#endif *sn = RB_FIND(pf_src_tree, &tree_src_tracking, &k); } if (*sn == NULL) { @@ -667,7 +700,11 @@ pf_insert_src_node(struct pf_src_node ** rule->src_nodes < rule->max_src_nodes) (*sn) = pool_get(&pf_src_tree_pl, PR_NOWAIT | PR_ZERO); else +#ifdef __FreeBSD__ + V_pf_status.lcounters[LCNT_SRCNODES]++; +#else pf_status.lcounters[LCNT_SRCNODES]++; +#endif if ((*sn) == NULL) return (-1); @@ -684,7 +721,11 @@ pf_insert_src_node(struct pf_src_node ** PF_ACPY(&(*sn)->addr, src, af); if (RB_INSERT(pf_src_tree, &tree_src_tracking, *sn) != NULL) { +#ifdef __FreeBSD__ + if (V_pf_status.debug >= PF_DEBUG_MISC) { +#else if (pf_status.debug >= PF_DEBUG_MISC) { +#endif printf("pf: src_tree insert failed: "); pf_print_host(&(*sn)->addr, 0, af); printf("\n"); @@ -696,12 +737,21 @@ pf_insert_src_node(struct pf_src_node ** (*sn)->ruletype = rule->action; if ((*sn)->rule.ptr != NULL) (*sn)->rule.ptr->src_nodes++; +#ifdef __FreeBSD__ + V_pf_status.scounters[SCNT_SRC_NODE_INSERT]++; + V_pf_status.src_nodes++; +#else pf_status.scounters[SCNT_SRC_NODE_INSERT]++; pf_status.src_nodes++; +#endif } else { if (rule->max_src_states && (*sn)->states >= rule->max_src_states) { +#ifdef __FreeBSD__ + V_pf_status.lcounters[LCNT_SRCSTATES]++; +#else pf_status.lcounters[LCNT_SRCSTATES]++; +#endif return (-1); } } @@ -819,7 +869,11 @@ pf_state_key_attach(struct pf_state_key /* unlink late or sks can go away */ olds = si->s; } else { +#ifdef __FreeBSD__ + if (V_pf_status.debug >= PF_DEBUG_MISC) { +#else if (pf_status.debug >= PF_DEBUG_MISC) { +#endif printf("pf: %s key attach " "failed on %s: ", (idx == PF_SK_WIRE) ? @@ -994,11 +1048,20 @@ pf_state_insert(struct pfi_kif *kif, str } if (s->id == 0 && s->creatorid == 0) { +#ifdef __FreeBSD__ + s->id = htobe64(V_pf_status.stateid++); + s->creatorid = V_pf_status.hostid; +#else s->id = htobe64(pf_status.stateid++); s->creatorid = pf_status.hostid; +#endif } if (RB_INSERT(pf_state_tree_id, &tree_id, s) != NULL) { +#ifdef __FreeBSD__ + if (V_pf_status.debug >= PF_DEBUG_MISC) { +#else if (pf_status.debug >= PF_DEBUG_MISC) { +#endif printf("pf: state insert failed: " "id: %016llx creatorid: %08x", betoh64(s->id), ntohl(s->creatorid)); @@ -1008,8 +1071,13 @@ pf_state_insert(struct pfi_kif *kif, str return (-1); } TAILQ_INSERT_TAIL(&state_list, s, entry_list); +#ifdef __FreeBSD__ + V_pf_status.fcounters[FCNT_STATE_INSERT]++; + V_pf_status.states++; +#else pf_status.fcounters[FCNT_STATE_INSERT]++; pf_status.states++; +#endif pfi_kif_ref(kif, PFI_KIF_REF_STATE); #if NPFSYNC > 0 #ifdef __FreeBSD__ @@ -1025,7 +1093,11 @@ pf_state_insert(struct pfi_kif *kif, str struct pf_state * pf_find_state_byid(struct pf_state_cmp *key) { +#ifdef __FreeBSD__ + V_pf_status.fcounters[FCNT_STATE_SEARCH]++; +#else pf_status.fcounters[FCNT_STATE_SEARCH]++; +#endif return (RB_FIND(pf_state_tree_id, &tree_id, (struct pf_state *)key)); } @@ -1073,7 +1145,11 @@ pf_find_state(struct pfi_kif *kif, struc struct pf_state_key *sk; struct pf_state_item *si; +#ifdef __FreeBSD__ + V_pf_status.fcounters[FCNT_STATE_SEARCH]++; +#else pf_status.fcounters[FCNT_STATE_SEARCH]++; +#endif #ifdef __FreeBSD__ if (dir == PF_OUT && pftag->statekey && @@ -1132,7 +1208,11 @@ pf_find_state_all(struct pf_state_key_cm struct pf_state_key *sk; struct pf_state_item *si, *ret = NULL; +#ifdef __FreeBSD__ + V_pf_status.fcounters[FCNT_STATE_SEARCH]++; +#else pf_status.fcounters[FCNT_STATE_SEARCH]++; +#endif sk = RB_FIND(pf_state_tree, &pf_statetbl, (struct pf_state_key *)key); @@ -1177,7 +1257,11 @@ pf_purge_thread(void *v) sx_sunlock(&pf_consistency_lock); sx_xlock(&pf_consistency_lock); PF_LOCK(); +#ifdef __FreeBSD__ + pf_purge_expired_states(V_pf_status.states, 1); +#else pf_purge_expired_states(pf_status.states, 1); +#endif pf_purge_expired_fragments(); pf_purge_expired_src_nodes(1); pf_end_threads++; @@ -1192,7 +1276,7 @@ pf_purge_thread(void *v) /* process a fraction of the state table every second */ #ifdef __FreeBSD__ - if(!pf_purge_expired_states(1 + (pf_status.states + if(!pf_purge_expired_states(1 + (V_pf_status.states / pf_default_rule.timeout[PFTM_INTERVAL]), 0)) { PF_UNLOCK(); sx_sunlock(&pf_consistency_lock); @@ -1200,7 +1284,7 @@ pf_purge_thread(void *v) PF_LOCK(); locked = 1; - pf_purge_expired_states(1 + (pf_status.states + pf_purge_expired_states(1 + (V_pf_status.states / pf_default_rule.timeout[PFTM_INTERVAL]), 1); } #else @@ -1258,7 +1342,11 @@ pf_state_expires(const struct pf_state * } else { start = pf_default_rule.timeout[PFTM_ADAPTIVE_START]; end = pf_default_rule.timeout[PFTM_ADAPTIVE_END]; +#ifdef __FreeBSD__ + states = V_pf_status.states; +#else states = pf_status.states; +#endif } if (end && states > start && start < end) { if (states < end) @@ -1303,8 +1391,13 @@ pf_purge_expired_src_nodes(int waslocked pf_rm_rule(NULL, cur->rule.ptr); } RB_REMOVE(pf_src_tree, &tree_src_tracking, cur); +#ifdef __FreeBSD__ + V_pf_status.scounters[SCNT_SRC_NODE_REMOVALS]++; + V_pf_status.src_nodes--; +#else pf_status.scounters[SCNT_SRC_NODE_REMOVALS]++; pf_status.src_nodes--; +#endif pool_put(&pf_src_tree_pl, cur); } } @@ -1437,8 +1530,13 @@ pf_free_state(struct pf_state *cur) if (cur->tag) pf_tag_unref(cur->tag); pool_put(&pf_state_pl, cur); +#ifdef __FreeBSD__ + V_pf_status.fcounters[FCNT_STATE_REMOVALS]++; + V_pf_status.states--; +#else pf_status.fcounters[FCNT_STATE_REMOVALS]++; pf_status.states--; +#endif } #ifdef __FreeBSD__ @@ -3513,7 +3611,11 @@ pf_create_state(struct pf_rule *r, struc /* check maximums */ if (r->max_states && (r->states_cur >= r->max_states)) { +#ifdef __FreeBSD__ + V_pf_status.lcounters[LCNT_STATES]++; +#else pf_status.lcounters[LCNT_STATES]++; +#endif REASON_SET(&reason, PFRES_MAXSTATES); return (PF_DROP); } @@ -3706,14 +3808,24 @@ csfailed: if (sn != NULL && sn->states == 0 && sn->expire == 0) { RB_REMOVE(pf_src_tree, &tree_src_tracking, sn); +#ifdef __FreeBSD__ + V_pf_status.scounters[SCNT_SRC_NODE_REMOVALS]++; + V_pf_status.src_nodes--; +#else pf_status.scounters[SCNT_SRC_NODE_REMOVALS]++; pf_status.src_nodes--; +#endif pool_put(&pf_src_tree_pl, sn); } if (nsn != sn && nsn != NULL && nsn->states == 0 && nsn->expire == 0) { RB_REMOVE(pf_src_tree, &tree_src_tracking, nsn); +#ifdef __FreeBSD__ + V_pf_status.scounters[SCNT_SRC_NODE_REMOVALS]++; + V_pf_status.src_nodes--; +#else pf_status.scounters[SCNT_SRC_NODE_REMOVALS]++; pf_status.src_nodes--; +#endif pool_put(&pf_src_tree_pl, nsn); } return (PF_DROP); @@ -4061,7 +4173,11 @@ pf_tcp_track_full(struct pf_state_peer * * and keep updating the state TTL. */ +#ifdef __FreeBSD__ + if (V_pf_status.debug >= PF_DEBUG_MISC) { +#else if (pf_status.debug >= PF_DEBUG_MISC) { +#endif printf("pf: loose state match: "); pf_print_state(*state); pf_print_flags(th->th_flags); @@ -4120,7 +4236,11 @@ pf_tcp_track_full(struct pf_state_peer * src->seqlo = 0; src->seqhi = 1; src->max_win = 1; +#ifdef __FreeBSD__ + } else if (V_pf_status.debug >= PF_DEBUG_MISC) { +#else } else if (pf_status.debug >= PF_DEBUG_MISC) { +#endif printf("pf: BAD state: "); pf_print_state(*state); pf_print_flags(th->th_flags); @@ -4359,7 +4479,11 @@ pf_test_state_tcp(struct pf_state **stat if (((th->th_flags & (TH_SYN|TH_ACK)) == TH_SYN) && dst->state >= TCPS_FIN_WAIT_2 && src->state >= TCPS_FIN_WAIT_2) { +#ifdef __FreeBSD__ + if (V_pf_status.debug >= PF_DEBUG_MISC) { +#else if (pf_status.debug >= PF_DEBUG_MISC) { +#endif printf("pf: state reuse "); pf_print_state(*state); pf_print_flags(th->th_flags); @@ -4790,7 +4914,11 @@ pf_test_state_icmp(struct pf_state **sta if (!((*state)->state_flags & PFSTATE_SLOPPY) && (!SEQ_GEQ(src->seqhi, seq) || !SEQ_GEQ(seq, src->seqlo - (dst->max_win << dws)))) { +#ifdef __FreeBSD__ + if (V_pf_status.debug >= PF_DEBUG_MISC) { +#else if (pf_status.debug >= PF_DEBUG_MISC) { +#endif printf("pf: BAD ICMP %d:%d ", icmptype, pd->hdr.icmp->icmp_code); pf_print_host(pd->src, 0, pd->af); @@ -4803,7 +4931,11 @@ pf_test_state_icmp(struct pf_state **sta REASON_SET(reason, PFRES_BADSTATE); return (PF_DROP); } else { +#ifdef __FreeBSD__ + if (V_pf_status.debug >= PF_DEBUG_MISC) { +#else if (pf_status.debug >= PF_DEBUG_MISC) { +#endif printf("pf: OK ICMP %d:%d ", icmptype, pd->hdr.icmp->icmp_code); pf_print_host(pd->src, 0, pd->af); @@ -6230,15 +6362,14 @@ pf_test(int dir, struct ifnet *ifp, stru #ifdef __FreeBSD__ PF_LOCK(); -#endif - if (!pf_status.running) - #ifdef __FreeBSD__ + if (!V_pf_status.running) { PF_UNLOCK(); - #endif return (PF_PASS); - #ifdef __FreeBSD__ } + #else + if (!pf_status.running) + return (PF_PASS); #endif memset(&pd, 0, sizeof(pd)); @@ -6655,15 +6786,14 @@ pf_test6(int dir, struct ifnet *ifp, str #ifdef __FreeBSD__ PF_LOCK(); - #endif if (!pf_status.running) - #ifdef __FreeBSD__ { PF_UNLOCK(); - #endif return (PF_PASS); - #ifdef __FreeBSD__ } + #else + if (!pf_status.running) + return (PF_PASS); #endif memset(&pd, 0, sizeof(pd)); Modified: user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c ============================================================================== --- user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c Mon Oct 12 19:19:08 2009 (r197999) +++ user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c Mon Oct 12 19:41:57 2009 (r198000) @@ -178,10 +178,8 @@ void pf_addr_copyout(struct pf_addr_w #define TAGID_MAX 50000 #ifdef __FreeBSD__ -VNET_DEFINE(struct pf_rule, pf_default_rule); -#define pf_default_rule VNET(pf_default_rule); -VNET_DEFINE(struct sx, pf_consistency_lock); -#define pf_consistency_lock VNET(pf_consistency_lock); +VNET_DEFINE(struct pf_rule, pf_default_rule); +VNET_DEFINE(struct sx, pf_consistency_lock); SX_SYSINIT(pf_consistency_lock, &pf_consistency_lock, "pf_statetbl_lock"); #ifdef ALTQ @@ -191,9 +189,11 @@ static VNET_DEFINE(int, pf_altq_running) TAILQ_HEAD(pf_tags, pf_tagname); -VNET_DEFINE(struct pf_tags, pf_tags); -#define pf_tags VNET(pf_tags) -VNET_DEFINE(struct pf_tags, pf_qids); +#define V_pf_tags VNET(pf_tags) +VNET_DEFINE(struct pf_tags, pf_tags) = + TAILQ_HEAD_INITIALIZER(V_pf_tags); +VNET_DEFINE(struct pf_tags, pf_qids) = + TAILQ_HEAD_INITIALIZER(pf_qids); #define pf_qids VNET(pf_qids); #else /* !__FreeBSD__ */ @@ -218,7 +218,11 @@ int pf_rtlabel_add(struct pf_addr_wra void pf_rtlabel_remove(struct pf_addr_wrap *); void pf_rtlabel_copyout(struct pf_addr_wrap *); +#ifdef __FreeBSD__ +#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x +#else #define DPFPRINTF(n, x) if (pf_status.debug >= (n)) printf x +#endif #ifdef __FreeBSD__ static VNET_DEFINE(struct cdev, *pf_dev); @@ -253,7 +257,11 @@ static int shutdown_pf(void static int pf_load(void); static int pf_unload(void); -static VNET_DEFINE(struct cdevsw, pf_cdevsw); +static VNET_DEFINE(struct cdevsw, pf_cdevsw) = { + .d_ioctl = pfioctl, + .d_name = PF_NAME, + .d_version = D_VERSION, +}; #define pf_cdevsw VNET(pf_cdevsw) static volatile VNET_DEFINE(int, pf_pfil_hooked); @@ -412,13 +420,22 @@ pfattach(void) my_timeout[PFTM_ADAPTIVE_END] = PFSTATE_ADAPT_END; pf_normalize_init(); +#ifdef __FreeBSD__ + bzero(&V_pf_status, sizeof(pf_status)); + V_pf_status.debug = PF_DEBUG_URGENT; +#else bzero(&pf_status, sizeof(pf_status)); pf_status.debug = PF_DEBUG_URGENT; +#endif pf_pfil_hooked = 0; /* XXX do our best to avoid a conflict */ +#ifdef __FreeBSD__ + V_pf_status.hostid = arc4random(); +#else pf_status.hostid = arc4random(); +#endif if (kproc_create(pf_purge_thread, NULL, NULL, 0, 0, "pfpurge")) return (ENXIO); @@ -723,13 +740,21 @@ tag_unref(struct pf_tags *head, u_int16_ u_int16_t pf_tagname2tag(char *tagname) { +#ifdef __FreeBSD__ + return (tagname2tag(&V_pf_tags, tagname)); +#else return (tagname2tag(&pf_tags, tagname)); +#endif } void pf_tag2tagname(u_int16_t tagid, char *p) { +#ifdef __FreeBSD__ + tag2tagname(&V_pf_tags, tagid, p); +#else tag2tagname(&pf_tags, tagid, p); +#endif } void @@ -737,7 +762,11 @@ pf_tag_ref(u_int16_t tag) { struct pf_tagname *t; +#ifdef __FreeBSD__ + TAILQ_FOREACH(t, &V_pf_tags, entries) +#else TAILQ_FOREACH(t, &pf_tags, entries) +#endif if (t->tag == tag) break; if (t != NULL) @@ -747,7 +776,11 @@ pf_tag_ref(u_int16_t tag) void pf_tag_unref(u_int16_t tag) { +#ifdef __FreeBSD__ + tag_unref(&V_pf_tags, tag); +#else tag_unref(&pf_tags, tag); +#endif } int @@ -1288,7 +1321,11 @@ pf_setup_pfsync_matching(struct pf_rules } MD5Final(digest, &ctx); +#ifdef __FreeBSD__ + memcpy(V_pf_status.pf_chksum, digest, sizeof(V_pf_status.pf_chksum)); +#else memcpy(pf_status.pf_chksum, digest, sizeof(pf_status.pf_chksum)); +#endif return (0); } @@ -1455,7 +1492,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a switch (cmd) { case DIOCSTART: +#ifdef __FreeBSD__ + if (V_pf_status.running) +#else if (pf_status.running) +#endif error = EEXIST; else { #ifdef __FreeBSD__ @@ -1467,33 +1508,48 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a ("pf: pfil registeration fail\n")); break; } - #endif + V_pf_status.running = 1; + V_pf_status.since = time_second; + + if (V_pf_status.stateid == 0) { + V_pf_status.stateid = time_second; + V_pf_status.stateid = V_pf_status.stateid << 32; + } +#else pf_status.running = 1; pf_status.since = time_second; + if (pf_status.stateid == 0) { pf_status.stateid = time_second; pf_status.stateid = pf_status.stateid << 32; } + #endif DPFPRINTF(PF_DEBUG_MISC, ("pf: started\n")); } break; case DIOCSTOP: - if (!pf_status.running) +#ifdef __FreeBSD__ + if (!V_pf_status.running) error = ENOENT; else { - pf_status.running = 0; -#ifdef __FreeBSD__ + V_pf_status.running = 0; PF_UNLOCK(); error = dehook_pf(); PF_LOCK(); if (error) { - pf_status.running = 1; + V_pf_status.running = 1; DPFPRINTF(PF_DEBUG_MISC, ("pf: pfil unregisteration failed\n")); } - #endif + V_pf_status.since = time_second; +#else + if (!pf_status.running) + error = ENOENT; + else { + pf_status.running = 0; pf_status.since = time_second; +#endif DPFPRINTF(PF_DEBUG_MISC, ("pf: stopped\n")); } break; @@ -2012,7 +2068,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a #if NPFSYNC > 0 #ifdef __FreeBSD__ if (pfsync_clear_states_ptr != NULL) - pfsync_clear_states_ptr(pf_status.hostid, psk->psk_ifname); + pfsync_clear_states_ptr(V_pf_status.hostid, psk->psk_ifname); #else pfsync_clear_states(pf_status.hostid, psk->psk_ifname); #endif @@ -2030,7 +2086,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a if (psk->psk_pfcmp.id) { if (psk->psk_pfcmp.creatorid == 0) +#ifdef __FreeBSD__ + psk->psk_pfcmp.creatorid = V_pf_status.hostid; +#else psk->psk_pfcmp.creatorid = pf_status.hostid; +#endif if ((s = pf_find_state_byid(&psk->psk_pfcmp))) { pf_unlink_state(s); psk->psk_killed = 1; @@ -2128,7 +2188,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a u_int32_t nr = 0; if (ps->ps_len == 0) { +#ifdef __FreeBSD__ + nr = V_pf_status.states; +#else nr = pf_status.states; +#endif ps->ps_len = sizeof(struct pfsync_state) * nr; break; } @@ -2172,7 +2236,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a case DIOCGETSTATUS: { struct pf_status *s = (struct pf_status *)addr; +#ifdef __FreeBSD__ + bcopy(&V_pf_status, s, sizeof(struct pf_status)); +#else bcopy(&pf_status, s, sizeof(struct pf_status)); +#endif pfi_update_status(s->ifname, s); break; } @@ -2181,20 +2249,37 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a struct pfioc_if *pi = (struct pfioc_if *)addr; if (pi->ifname[0] == 0) { +#ifdef __FreeBSD__ + bzero(V_pf_status.ifname, IFNAMSIZ); +#else bzero(pf_status.ifname, IFNAMSIZ); +#endif break; } +#ifdef __FreeBSD__ + strlcpy(V_pf_status.ifname, pi->ifname, IFNAMSIZ); +#else strlcpy(pf_status.ifname, pi->ifname, IFNAMSIZ); +#endif break; } case DIOCCLRSTATUS: { +#ifdef __FreeBSD__ + bzero(V_pf_status.counters, sizeof(V_pf_status.counters)); + bzero(V_pf_status.fcounters, sizeof(V_pf_status.fcounters)); + bzero(V_pf_status.scounters, sizeof(V_pf_status.scounters)); + V_pf_status.since = time_second; + if (*V_pf_status.ifname) + pfi_update_status(V_pf_status.ifname, NULL); +#else bzero(pf_status.counters, sizeof(pf_status.counters)); bzero(pf_status.fcounters, sizeof(pf_status.fcounters)); bzero(pf_status.scounters, sizeof(pf_status.scounters)); pf_status.since = time_second; if (*pf_status.ifname) pfi_update_status(pf_status.ifname, NULL); +#endif break; } @@ -2309,7 +2394,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a case DIOCSETDEBUG: { u_int32_t *level = (u_int32_t *)addr; +#ifdef __FreeBSD__ + V_pf_status.debug = *level; +#else pf_status.debug = *level; +#endif break; } @@ -3178,18 +3267,18 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a } #ifdef __FreeBSD__ PF_UNLOCK(); - #endif +#endif ioe = malloc(sizeof(*ioe), M_TEMP, M_WAITOK); table = malloc(sizeof(*table), M_TEMP, M_WAITOK); #ifdef __FreeBSD__ PF_LOCK(); - #endif +#endif /* first makes sure everything will succeed */ for (i = 0; i < io->size; i++) { #ifdef __FreeBSD__ PF_COPYIN(io->array+i, ioe, sizeof(*ioe), error); if (error) { - #else +#else if (copyin(io->array+i, ioe, sizeof(*ioe))) { #endif free(table, M_TEMP); @@ -3371,7 +3460,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a n->states = 0; } pf_purge_expired_src_nodes(1); +#ifdef __FreeBSD__ + V_pf_status.src_nodes = 0; +#else pf_status.src_nodes = 0; +#endif break; } @@ -3417,10 +3510,17 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a case DIOCSETHOSTID: { u_int32_t *hostid = (u_int32_t *)addr; +#ifdef __FreeBSD__ + if (*hostid == 0) + V_pf_status.hostid = arc4random(); + else *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910121941.n9CJfvdX083653>