Date: Wed, 14 Jul 2021 10:08:23 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 1fcecff2b3b5 - stable/13 - pf: rename pf_state to pf_kstate Message-ID: <202107141008.16EA8NQP005211@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=1fcecff2b3b52cd799eac0d83ff7cd5f9cd07212 commit 1fcecff2b3b52cd799eac0d83ff7cd5f9cd07212 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2021-07-06 09:42:20 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2021-07-14 05:55:54 +0000 pf: rename pf_state to pf_kstate Indicate that this is a kernel-only structure, and make it easier to distinguish from others used to communicate with userspace. Reviewed by: mjg MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D31096 (cherry picked from commit 211cddf9e3a1bc0d4b1b94bea7d16a47b5a17f49) --- sys/net/pfvar.h | 56 +++++++++++----------- sys/netpfil/pf/if_pfsync.c | 84 ++++++++++++++++----------------- sys/netpfil/pf/pf.c | 114 ++++++++++++++++++++++----------------------- sys/netpfil/pf/pf_ioctl.c | 42 ++++++++--------- sys/netpfil/pf/pf_norm.c | 4 +- sys/netpfil/pf/pf_nv.c | 2 +- sys/netpfil/pf/pf_nv.h | 2 +- 7 files changed, 152 insertions(+), 152 deletions(-) diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index b63f22e84bc0..5d4860ec981a 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -491,10 +491,10 @@ struct pf_state_key { u_int8_t pad[2]; LIST_ENTRY(pf_state_key) entry; - TAILQ_HEAD(, pf_state) states[2]; + TAILQ_HEAD(, pf_kstate) states[2]; }; -/* Keep synced with struct pf_state. */ +/* Keep synced with struct pf_kstate. */ struct pf_state_cmp { u_int64_t id; u_int32_t creatorid; @@ -511,16 +511,16 @@ struct pf_state_cmp { #define PFSTATE_SETMASK (PFSTATE_SETPRIO) #ifdef _KERNEL -struct pf_state { +struct pf_kstate { u_int64_t id; u_int32_t creatorid; u_int8_t direction; u_int8_t pad[3]; u_int refs; - TAILQ_ENTRY(pf_state) sync_list; - TAILQ_ENTRY(pf_state) key_list[2]; - LIST_ENTRY(pf_state) entry; + TAILQ_ENTRY(pf_kstate) sync_list; + TAILQ_ENTRY(pf_kstate) key_list[2]; + LIST_ENTRY(pf_kstate) entry; struct pf_state_peer src; struct pf_state_peer dst; union pf_krule_ptr rule; @@ -552,7 +552,7 @@ struct pf_state { /* * Size <= fits 13 objects per page on LP64. Try to not grow the struct beyond that. */ -_Static_assert(sizeof(struct pf_state) <= 312, "pf_state size crosses 312 bytes"); +_Static_assert(sizeof(struct pf_kstate) <= 312, "pf_kstate size crosses 312 bytes"); #endif /* @@ -613,11 +613,11 @@ struct pfsync_state { #ifdef _KERNEL /* pfsync */ typedef int pfsync_state_import_t(struct pfsync_state *, u_int8_t); -typedef void pfsync_insert_state_t(struct pf_state *); -typedef void pfsync_update_state_t(struct pf_state *); -typedef void pfsync_delete_state_t(struct pf_state *); +typedef void pfsync_insert_state_t(struct pf_kstate *); +typedef void pfsync_update_state_t(struct pf_kstate *); +typedef void pfsync_delete_state_t(struct pf_kstate *); typedef void pfsync_clear_states_t(u_int32_t, const char *); -typedef int pfsync_defer_t(struct pf_state *, struct mbuf *); +typedef int pfsync_defer_t(struct pf_kstate *, struct mbuf *); typedef void pfsync_detach_ifnet_t(struct ifnet *); VNET_DECLARE(pfsync_state_import_t *, pfsync_state_import_ptr); @@ -635,7 +635,7 @@ VNET_DECLARE(pfsync_defer_t *, pfsync_defer_ptr); extern pfsync_detach_ifnet_t *pfsync_detach_ifnet_ptr; void pfsync_state_export(struct pfsync_state *, - struct pf_state *); + struct pf_kstate *); /* pflog */ struct pf_kruleset; @@ -1410,7 +1410,7 @@ struct pf_keyhash { }; struct pf_idhash { - LIST_HEAD(, pf_state) states; + LIST_HEAD(, pf_kstate) states; struct mtx lock; }; @@ -1484,26 +1484,26 @@ extern void pf_unload_vnet_purge(void); extern void pf_intr(void *); extern void pf_purge_expired_src_nodes(void); -extern int pf_unlink_state(struct pf_state *, u_int); +extern int pf_unlink_state(struct pf_kstate *, u_int); #define PF_ENTER_LOCKED 0x00000001 #define PF_RETURN_LOCKED 0x00000002 extern int pf_state_insert(struct pfi_kkif *, struct pfi_kkif *, struct pf_state_key *, struct pf_state_key *, - struct pf_state *); -extern struct pf_state *pf_alloc_state(int); -extern void pf_free_state(struct pf_state *); + struct pf_kstate *); +extern struct pf_kstate *pf_alloc_state(int); +extern void pf_free_state(struct pf_kstate *); static __inline void -pf_ref_state(struct pf_state *s) +pf_ref_state(struct pf_kstate *s) { refcount_acquire(&s->refs); } static __inline int -pf_release_state(struct pf_state *s) +pf_release_state(struct pf_kstate *s) { if (refcount_release(&s->refs)) { @@ -1514,7 +1514,7 @@ pf_release_state(struct pf_state *s) } static __inline int -pf_release_staten(struct pf_state *s, u_int n) +pf_release_staten(struct pf_kstate *s, u_int n) { if (refcount_releasen(&s->refs, n)) { @@ -1524,14 +1524,14 @@ pf_release_staten(struct pf_state *s, u_int n) return (0); } -extern struct pf_state *pf_find_state_byid(uint64_t, uint32_t); -extern struct pf_state *pf_find_state_all(struct pf_state_key_cmp *, +extern struct pf_kstate *pf_find_state_byid(uint64_t, uint32_t); +extern struct pf_kstate *pf_find_state_all(struct pf_state_key_cmp *, u_int, int *); extern struct pf_ksrc_node *pf_find_src_node(struct pf_addr *, struct pf_krule *, sa_family_t, int); extern void pf_unlink_src_node(struct pf_ksrc_node *); extern u_int pf_free_src_nodes(struct pf_ksrc_node_list *); -extern void pf_print_state(struct pf_state *); +extern void pf_print_state(struct pf_kstate *); extern void pf_print_flags(u_int8_t); extern u_int16_t pf_cksum_fixup(u_int16_t, u_int16_t, u_int16_t, u_int8_t); @@ -1562,7 +1562,7 @@ void pf_addr_inc(struct pf_addr *, sa_family_t); int pf_refragment6(struct ifnet *, struct mbuf **, struct m_tag *); #endif /* INET6 */ -u_int32_t pf_new_isn(struct pf_state *); +u_int32_t pf_new_isn(struct pf_kstate *); void *pf_pull_hdr(struct mbuf *, int, void *, int, u_short *, u_short *, sa_family_t); void pf_change_a(void *, u_int16_t *, u_int32_t, u_int8_t); @@ -1573,7 +1573,7 @@ void pf_patch_16_unaligned(struct mbuf *, u_int16_t *, void *, u_int16_t, bool, u_int8_t); void pf_patch_32_unaligned(struct mbuf *, u_int16_t *, void *, u_int32_t, bool, u_int8_t); -void pf_send_deferred_syn(struct pf_state *); +void pf_send_deferred_syn(struct pf_kstate *); int pf_match_addr(u_int8_t, struct pf_addr *, struct pf_addr *, struct pf_addr *, sa_family_t); int pf_match_addr_range(struct pf_addr *, struct pf_addr *, @@ -1584,14 +1584,14 @@ void pf_normalize_init(void); void pf_normalize_cleanup(void); int pf_normalize_tcp(int, struct pfi_kkif *, struct mbuf *, int, int, void *, struct pf_pdesc *); -void pf_normalize_tcp_cleanup(struct pf_state *); +void pf_normalize_tcp_cleanup(struct pf_kstate *); int pf_normalize_tcp_init(struct mbuf *, int, struct pf_pdesc *, struct tcphdr *, struct pf_state_peer *, struct pf_state_peer *); int pf_normalize_tcp_stateful(struct mbuf *, int, struct pf_pdesc *, - u_short *, struct tcphdr *, struct pf_state *, + u_short *, struct tcphdr *, struct pf_kstate *, struct pf_state_peer *, struct pf_state_peer *, int *); u_int32_t - pf_state_expires(const struct pf_state *); + pf_state_expires(const struct pf_kstate *); void pf_purge_expired_fragments(void); void pf_purge_fragments(uint32_t); int pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kkif *, diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index 16878fe87750..7208444d65d7 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -115,7 +115,7 @@ struct pfsync_pkt { u_int8_t flags; }; -static int pfsync_upd_tcp(struct pf_state *, struct pfsync_state_peer *, +static int pfsync_upd_tcp(struct pf_kstate *, struct pfsync_state_peer *, struct pfsync_state_peer *); static int pfsync_in_clr(struct pfsync_pkt *, struct mbuf *, int, int); static int pfsync_in_ins(struct pfsync_pkt *, struct mbuf *, int, int); @@ -147,16 +147,16 @@ static int (*pfsync_acts[])(struct pfsync_pkt *, struct mbuf *, int, int) = { }; struct pfsync_q { - void (*write)(struct pf_state *, void *); + void (*write)(struct pf_kstate *, void *); size_t len; u_int8_t action; }; /* we have one of these for every PFSYNC_S_ */ -static void pfsync_out_state(struct pf_state *, void *); -static void pfsync_out_iack(struct pf_state *, void *); -static void pfsync_out_upd_c(struct pf_state *, void *); -static void pfsync_out_del(struct pf_state *, void *); +static void pfsync_out_state(struct pf_kstate *, void *); +static void pfsync_out_iack(struct pf_kstate *, void *); +static void pfsync_out_upd_c(struct pf_kstate *, void *); +static void pfsync_out_del(struct pf_kstate *, void *); static struct pfsync_q pfsync_qs[] = { { pfsync_out_state, sizeof(struct pfsync_state), PFSYNC_ACT_INS }, @@ -166,10 +166,10 @@ static struct pfsync_q pfsync_qs[] = { { pfsync_out_del, sizeof(struct pfsync_del_c), PFSYNC_ACT_DEL_C } }; -static void pfsync_q_ins(struct pf_state *, int, bool); -static void pfsync_q_del(struct pf_state *, bool, struct pfsync_bucket *); +static void pfsync_q_ins(struct pf_kstate *, int, bool); +static void pfsync_q_del(struct pf_kstate *, bool, struct pfsync_bucket *); -static void pfsync_update_state(struct pf_state *); +static void pfsync_update_state(struct pf_kstate *); struct pfsync_upd_req_item { TAILQ_ENTRY(pfsync_upd_req_item) ur_entry; @@ -182,7 +182,7 @@ struct pfsync_deferral { u_int pd_refs; struct callout pd_tmo; - struct pf_state *pd_st; + struct pf_kstate *pd_st; struct mbuf *pd_m; }; @@ -198,7 +198,7 @@ struct pfsync_bucket #define PFSYNCF_BUCKET_PUSH 0x00000001 size_t b_len; - TAILQ_HEAD(, pf_state) b_qs[PFSYNC_S_COUNT]; + TAILQ_HEAD(, pf_kstate) b_qs[PFSYNC_S_COUNT]; TAILQ_HEAD(, pfsync_upd_req_item) b_upd_req_list; TAILQ_HEAD(, pfsync_deferral) b_deferrals; u_int b_deferred; @@ -291,13 +291,13 @@ static int pfsyncoutput(struct ifnet *, struct mbuf *, const struct sockaddr *, struct route *); static int pfsyncioctl(struct ifnet *, u_long, caddr_t); -static int pfsync_defer(struct pf_state *, struct mbuf *); +static int pfsync_defer(struct pf_kstate *, struct mbuf *); static void pfsync_undefer(struct pfsync_deferral *, int); -static void pfsync_undefer_state(struct pf_state *, int); +static void pfsync_undefer_state(struct pf_kstate *, int); static void pfsync_defer_tmo(void *); static void pfsync_request_update(u_int32_t, u_int64_t); -static bool pfsync_update_state_req(struct pf_state *); +static bool pfsync_update_state_req(struct pf_kstate *); static void pfsync_drop(struct pfsync_softc *); static void pfsync_sendout(int, int); @@ -313,7 +313,7 @@ static void pfsync_detach_ifnet(struct ifnet *); static void pfsync_update_net_tdb(struct pfsync_tdb *); #endif static struct pfsync_bucket *pfsync_get_bucket(struct pfsync_softc *, - struct pf_state *); + struct pf_kstate *); #define PFSYNC_MAX_BULKTRIES 12 @@ -461,7 +461,7 @@ pfsync_state_import(struct pfsync_state *sp, u_int8_t flags) struct pfsync_state_key key[2]; #endif struct pfsync_state_key *kw, *ks; - struct pf_state *st = NULL; + struct pf_kstate *st = NULL; struct pf_state_key *skw = NULL, *sks = NULL; struct pf_krule *r = NULL; struct pfi_kkif *kif; @@ -753,7 +753,7 @@ pfsync_in_clr(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count) for (int i = 0; i <= pf_hashmask; i++) { struct pf_idhash *ih = &V_pf_idhash[i]; - struct pf_state *s; + struct pf_kstate *s; relock: PF_HASHROW_LOCK(ih); LIST_FOREACH(s, &ih->states, entry) { @@ -812,7 +812,7 @@ static int pfsync_in_iack(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count) { struct pfsync_ins_ack *ia, *iaa; - struct pf_state *st; + struct pf_kstate *st; struct mbuf *mp; int len = count * sizeof(*ia); @@ -846,7 +846,7 @@ pfsync_in_iack(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count) } static int -pfsync_upd_tcp(struct pf_state *st, struct pfsync_state_peer *src, +pfsync_upd_tcp(struct pf_kstate *st, struct pfsync_state_peer *src, struct pfsync_state_peer *dst) { int sync = 0; @@ -884,7 +884,7 @@ pfsync_in_upd(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count) { struct pfsync_softc *sc = V_pfsyncif; struct pfsync_state *sa, *sp; - struct pf_state *st; + struct pf_kstate *st; int sync; struct mbuf *mp; @@ -970,7 +970,7 @@ pfsync_in_upd_c(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count) { struct pfsync_softc *sc = V_pfsyncif; struct pfsync_upd_c *ua, *up; - struct pf_state *st; + struct pf_kstate *st; int len = count * sizeof(*up); int sync; struct mbuf *mp; @@ -1060,7 +1060,7 @@ pfsync_in_ureq(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count) int len = count * sizeof(*ur); int i, offp; - struct pf_state *st; + struct pf_kstate *st; mp = m_pulldown(m, offset, len, &offp); if (mp == NULL) { @@ -1098,7 +1098,7 @@ pfsync_in_del(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count) { struct mbuf *mp; struct pfsync_state *sa, *sp; - struct pf_state *st; + struct pf_kstate *st; int len = count * sizeof(*sp); int offp, i; @@ -1129,7 +1129,7 @@ pfsync_in_del_c(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count) { struct mbuf *mp; struct pfsync_del_c *sa, *sp; - struct pf_state *st; + struct pf_kstate *st; int len = count * sizeof(*sp); int offp, i; @@ -1480,7 +1480,7 @@ pfsyncioctl(struct ifnet *ifp, u_long cmd, caddr_t data) } static void -pfsync_out_state(struct pf_state *st, void *buf) +pfsync_out_state(struct pf_kstate *st, void *buf) { struct pfsync_state *sp = buf; @@ -1488,7 +1488,7 @@ pfsync_out_state(struct pf_state *st, void *buf) } static void -pfsync_out_iack(struct pf_state *st, void *buf) +pfsync_out_iack(struct pf_kstate *st, void *buf) { struct pfsync_ins_ack *iack = buf; @@ -1497,7 +1497,7 @@ pfsync_out_iack(struct pf_state *st, void *buf) } static void -pfsync_out_upd_c(struct pf_state *st, void *buf) +pfsync_out_upd_c(struct pf_kstate *st, void *buf) { struct pfsync_upd_c *up = buf; @@ -1510,7 +1510,7 @@ pfsync_out_upd_c(struct pf_state *st, void *buf) } static void -pfsync_out_del(struct pf_state *st, void *buf) +pfsync_out_del(struct pf_kstate *st, void *buf) { struct pfsync_del_c *dp = buf; @@ -1522,7 +1522,7 @@ pfsync_out_del(struct pf_state *st, void *buf) static void pfsync_drop(struct pfsync_softc *sc) { - struct pf_state *st, *next; + struct pf_kstate *st, *next; struct pfsync_upd_req_item *ur; struct pfsync_bucket *b; int c, q; @@ -1562,7 +1562,7 @@ pfsync_sendout(int schedswi, int c) struct ip *ip; struct pfsync_header *ph; struct pfsync_subheader *subh; - struct pf_state *st, *st_next; + struct pf_kstate *st, *st_next; struct pfsync_upd_req_item *ur; struct pfsync_bucket *b = &sc->sc_buckets[c]; int offset; @@ -1702,7 +1702,7 @@ pfsync_sendout(int schedswi, int c) } static void -pfsync_insert_state(struct pf_state *st) +pfsync_insert_state(struct pf_kstate *st) { struct pfsync_softc *sc = V_pfsyncif; struct pfsync_bucket *b = pfsync_get_bucket(sc, st); @@ -1730,7 +1730,7 @@ pfsync_insert_state(struct pf_state *st) } static int -pfsync_defer(struct pf_state *st, struct mbuf *m) +pfsync_defer(struct pf_kstate *st, struct mbuf *m) { struct pfsync_softc *sc = V_pfsyncif; struct pfsync_deferral *pd; @@ -1778,7 +1778,7 @@ pfsync_undefer(struct pfsync_deferral *pd, int drop) { struct pfsync_softc *sc = pd->pd_sc; struct mbuf *m = pd->pd_m; - struct pf_state *st = pd->pd_st; + struct pf_kstate *st = pd->pd_st; struct pfsync_bucket *b = pfsync_get_bucket(sc, st); PFSYNC_BUCKET_LOCK_ASSERT(b); @@ -1804,7 +1804,7 @@ pfsync_defer_tmo(void *arg) struct pfsync_deferral *pd = arg; struct pfsync_softc *sc = pd->pd_sc; struct mbuf *m = pd->pd_m; - struct pf_state *st = pd->pd_st; + struct pf_kstate *st = pd->pd_st; struct pfsync_bucket *b = pfsync_get_bucket(sc, st); PFSYNC_BUCKET_LOCK_ASSERT(b); @@ -1828,7 +1828,7 @@ pfsync_defer_tmo(void *arg) } static void -pfsync_undefer_state(struct pf_state *st, int drop) +pfsync_undefer_state(struct pf_kstate *st, int drop) { struct pfsync_softc *sc = V_pfsyncif; struct pfsync_deferral *pd; @@ -1851,14 +1851,14 @@ pfsync_undefer_state(struct pf_state *st, int drop) } static struct pfsync_bucket* -pfsync_get_bucket(struct pfsync_softc *sc, struct pf_state *st) +pfsync_get_bucket(struct pfsync_softc *sc, struct pf_kstate *st) { int c = PF_IDHASH(st) % pfsync_buckets; return &sc->sc_buckets[c]; } static void -pfsync_update_state(struct pf_state *st) +pfsync_update_state(struct pf_kstate *st) { struct pfsync_softc *sc = V_pfsyncif; bool sync = false, ref = true; @@ -1956,7 +1956,7 @@ pfsync_request_update(u_int32_t creatorid, u_int64_t id) } static bool -pfsync_update_state_req(struct pf_state *st) +pfsync_update_state_req(struct pf_kstate *st) { struct pfsync_softc *sc = V_pfsyncif; bool ref = true, full = false; @@ -2003,7 +2003,7 @@ pfsync_update_state_req(struct pf_state *st) } static void -pfsync_delete_state(struct pf_state *st) +pfsync_delete_state(struct pf_kstate *st) { struct pfsync_softc *sc = V_pfsyncif; struct pfsync_bucket *b = pfsync_get_bucket(sc, st); @@ -2067,7 +2067,7 @@ pfsync_clear_states(u_int32_t creatorid, const char *ifname) } static void -pfsync_q_ins(struct pf_state *st, int q, bool ref) +pfsync_q_ins(struct pf_kstate *st, int q, bool ref) { struct pfsync_softc *sc = V_pfsyncif; size_t nlen = pfsync_qs[q].len; @@ -2097,7 +2097,7 @@ pfsync_q_ins(struct pf_state *st, int q, bool ref) } static void -pfsync_q_del(struct pf_state *st, bool unref, struct pfsync_bucket *b) +pfsync_q_del(struct pf_kstate *st, bool unref, struct pfsync_bucket *b) { int q = st->sync_state; @@ -2137,7 +2137,7 @@ static void pfsync_bulk_update(void *arg) { struct pfsync_softc *sc = arg; - struct pf_state *s; + struct pf_kstate *s; int i, sent = 0; PFSYNC_BLOCK_ASSERT(sc); diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 6ac19c9ad5d3..04a62535f461 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -115,12 +115,12 @@ __FBSDID("$FreeBSD$"); SDT_PROVIDER_DEFINE(pf); SDT_PROBE_DEFINE4(pf, ip, test, done, "int", "int", "struct pf_krule *", - "struct pf_state *"); + "struct pf_kstate *"); SDT_PROBE_DEFINE4(pf, ip, test6, done, "int", "int", "struct pf_krule *", - "struct pf_state *"); + "struct pf_kstate *"); SDT_PROBE_DEFINE5(pf, ip, state, lookup, "struct pfi_kkif *", "struct pf_state_key_cmp *", "int", "struct pf_pdesc *", - "struct pf_state *"); + "struct pf_kstate *"); /* * Global variables @@ -224,7 +224,7 @@ VNET_DEFINE(uint64_t, pf_stateid[MAXCPU]); #define PFID_MAXID (~PFID_CPUMASK) CTASSERT((1 << PFID_CPUBITS) >= MAXCPU); -static void pf_src_tree_remove_state(struct pf_state *); +static void pf_src_tree_remove_state(struct pf_kstate *); static void pf_init_threshold(struct pf_threshold *, u_int32_t, u_int32_t); static void pf_add_threshold(struct pf_threshold *); @@ -247,13 +247,13 @@ static void pf_send_tcp(struct mbuf *, u_int16_t, struct ifnet *); static void pf_send_icmp(struct mbuf *, u_int8_t, u_int8_t, sa_family_t, struct pf_krule *); -static void pf_detach_state(struct pf_state *); +static void pf_detach_state(struct pf_kstate *); static int pf_state_key_attach(struct pf_state_key *, - struct pf_state_key *, struct pf_state *); -static void pf_state_key_detach(struct pf_state *, int); + struct pf_state_key *, struct pf_kstate *); +static void pf_state_key_detach(struct pf_kstate *, int); static int pf_state_key_ctor(void *, int, void *, int); static u_int32_t pf_tcp_iss(struct pf_pdesc *); -static int pf_test_rule(struct pf_krule **, struct pf_state **, +static int pf_test_rule(struct pf_krule **, struct pf_kstate **, int, struct pfi_kkif *, struct mbuf *, int, struct pf_pdesc *, struct pf_krule **, struct pf_kruleset **, struct inpcb *); @@ -262,29 +262,29 @@ static int pf_create_state(struct pf_krule *, struct pf_krule *, struct pf_ksrc_node *, struct pf_state_key *, struct pf_state_key *, struct mbuf *, int, u_int16_t, u_int16_t, int *, struct pfi_kkif *, - struct pf_state **, int, u_int16_t, u_int16_t, + struct pf_kstate **, int, u_int16_t, u_int16_t, int); static int pf_test_fragment(struct pf_krule **, int, struct pfi_kkif *, struct mbuf *, void *, struct pf_pdesc *, struct pf_krule **, struct pf_kruleset **); static int pf_tcp_track_full(struct pf_state_peer *, - struct pf_state_peer *, struct pf_state **, + struct pf_state_peer *, struct pf_kstate **, struct pfi_kkif *, struct mbuf *, int, struct pf_pdesc *, u_short *, int *); static int pf_tcp_track_sloppy(struct pf_state_peer *, - struct pf_state_peer *, struct pf_state **, + struct pf_state_peer *, struct pf_kstate **, struct pf_pdesc *, u_short *); -static int pf_test_state_tcp(struct pf_state **, int, +static int pf_test_state_tcp(struct pf_kstate **, int, struct pfi_kkif *, struct mbuf *, int, void *, struct pf_pdesc *, u_short *); -static int pf_test_state_udp(struct pf_state **, int, +static int pf_test_state_udp(struct pf_kstate **, int, struct pfi_kkif *, struct mbuf *, int, void *, struct pf_pdesc *); -static int pf_test_state_icmp(struct pf_state **, int, +static int pf_test_state_icmp(struct pf_kstate **, int, struct pfi_kkif *, struct mbuf *, int, void *, struct pf_pdesc *, u_short *); -static int pf_test_state_other(struct pf_state **, int, +static int pf_test_state_other(struct pf_kstate **, int, struct pfi_kkif *, struct mbuf *, struct pf_pdesc *); static u_int8_t pf_get_wscale(struct mbuf *, int, u_int16_t, sa_family_t); @@ -294,15 +294,15 @@ static u_int16_t pf_calc_mss(struct pf_addr *, sa_family_t, int, u_int16_t); static int pf_check_proto_cksum(struct mbuf *, int, int, u_int8_t, sa_family_t); -static void pf_print_state_parts(struct pf_state *, +static void pf_print_state_parts(struct pf_kstate *, struct pf_state_key *, struct pf_state_key *); static int pf_addr_wrap_neq(struct pf_addr_wrap *, struct pf_addr_wrap *); static void pf_patch_8(struct mbuf *, u_int16_t *, u_int8_t *, u_int8_t, bool, u_int8_t); -static struct pf_state *pf_find_state(struct pfi_kkif *, +static struct pf_kstate *pf_find_state(struct pfi_kkif *, struct pf_state_key_cmp *, u_int); -static int pf_src_connlimit(struct pf_state **); +static int pf_src_connlimit(struct pf_kstate **); static void pf_overload_task(void *v, int pending); static int pf_insert_src_node(struct pf_ksrc_node **, struct pf_krule *, struct pf_addr *, sa_family_t); @@ -312,14 +312,14 @@ static int pf_mtag_uminit(void *, int, int); static void pf_mtag_free(struct m_tag *); #ifdef INET static void pf_route(struct mbuf **, struct pf_krule *, int, - struct ifnet *, struct pf_state *, + struct ifnet *, struct pf_kstate *, struct pf_pdesc *, struct inpcb *); #endif /* INET */ #ifdef INET6 static void pf_change_a6(struct pf_addr *, u_int16_t *, struct pf_addr *, u_int8_t); static void pf_route6(struct mbuf **, struct pf_krule *, int, - struct ifnet *, struct pf_state *, + struct ifnet *, struct pf_kstate *, struct pf_pdesc *, struct inpcb *); #endif /* INET6 */ @@ -476,7 +476,7 @@ pf_hashsrc(struct pf_addr *addr, sa_family_t af) #ifdef ALTQ static int -pf_state_hash(struct pf_state *s) +pf_state_hash(struct pf_kstate *s) { u_int32_t hv = (intptr_t)s / sizeof(*s); @@ -539,7 +539,7 @@ pf_check_threshold(struct pf_threshold *threshold) } static int -pf_src_connlimit(struct pf_state **state) +pf_src_connlimit(struct pf_kstate **state) { struct pf_overload_entry *pfoe; int bad = 0; @@ -655,7 +655,7 @@ pf_overload_task(void *v, int pending) for (int i = 0; i <= pf_hashmask; i++) { struct pf_idhash *ih = &V_pf_idhash[i]; struct pf_state_key *sk; - struct pf_state *s; + struct pf_kstate *s; PF_HASHROW_LOCK(ih); LIST_FOREACH(s, &ih->states, entry) { @@ -840,7 +840,7 @@ pf_initialize() V_pf_hashseed = arc4random(); /* States and state keys storage. */ - V_pf_state_z = uma_zcreate("pf states", sizeof(struct pf_state), + V_pf_state_z = uma_zcreate("pf states", sizeof(struct pf_kstate), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); V_pf_limits[PF_LIMIT_STATES].zone = V_pf_state_z; uma_zone_set_max(V_pf_state_z, PFSTATE_HIWAT); @@ -1003,11 +1003,11 @@ pf_get_mtag(struct mbuf *m) static int pf_state_key_attach(struct pf_state_key *skw, struct pf_state_key *sks, - struct pf_state *s) + struct pf_kstate *s) { struct pf_keyhash *khs, *khw, *kh; struct pf_state_key *sk, *cur; - struct pf_state *si, *olds = NULL; + struct pf_kstate *si, *olds = NULL; int idx; KASSERT(s->refs == 0, ("%s: state not pristine", __func__)); @@ -1168,7 +1168,7 @@ stateattach: } static void -pf_detach_state(struct pf_state *s) +pf_detach_state(struct pf_kstate *s) { struct pf_state_key *sks = s->key[PF_SK_STACK]; struct pf_keyhash *kh; @@ -1199,7 +1199,7 @@ pf_detach_state(struct pf_state *s) } static void -pf_state_key_detach(struct pf_state *s, int idx) +pf_state_key_detach(struct pf_kstate *s, int idx) { struct pf_state_key *sk = s->key[idx]; #ifdef INVARIANTS @@ -1264,10 +1264,10 @@ pf_state_key_clone(struct pf_state_key *orig) int pf_state_insert(struct pfi_kkif *kif, struct pfi_kkif *orig_kif, - struct pf_state_key *skw, struct pf_state_key *sks, struct pf_state *s) + struct pf_state_key *skw, struct pf_state_key *sks, struct pf_kstate *s) { struct pf_idhash *ih; - struct pf_state *cur; + struct pf_kstate *cur; int error; KASSERT(TAILQ_EMPTY(&sks->states[0]) && TAILQ_EMPTY(&sks->states[1]), @@ -1324,11 +1324,11 @@ pf_state_insert(struct pfi_kkif *kif, struct pfi_kkif *orig_kif, /* * Find state by ID: returns with locked row on success. */ -struct pf_state * +struct pf_kstate * pf_find_state_byid(uint64_t id, uint32_t creatorid) { struct pf_idhash *ih; - struct pf_state *s; + struct pf_kstate *s; counter_u64_add(V_pf_status.fcounters[FCNT_STATE_SEARCH], 1); @@ -1349,12 +1349,12 @@ pf_find_state_byid(uint64_t id, uint32_t creatorid) * Find state by key. * Returns with ID hash slot locked on success. */ -static struct pf_state * +static struct pf_kstate * pf_find_state(struct pfi_kkif *kif, struct pf_state_key_cmp *key, u_int dir) { struct pf_keyhash *kh; struct pf_state_key *sk; - struct pf_state *s; + struct pf_kstate *s; int idx; counter_u64_add(V_pf_status.fcounters[FCNT_STATE_SEARCH], 1); @@ -1393,12 +1393,12 @@ pf_find_state(struct pfi_kkif *kif, struct pf_state_key_cmp *key, u_int dir) return (NULL); } -struct pf_state * +struct pf_kstate * pf_find_state_all(struct pf_state_key_cmp *key, u_int dir, int *more) { struct pf_keyhash *kh; struct pf_state_key *sk; - struct pf_state *s, *ret = NULL; + struct pf_kstate *s, *ret = NULL; int idx, inout = 0; counter_u64_add(V_pf_status.fcounters[FCNT_STATE_SEARCH], 1); @@ -1588,7 +1588,7 @@ pf_unload_vnet_purge(void) } u_int32_t -pf_state_expires(const struct pf_state *state) +pf_state_expires(const struct pf_kstate *state) { u_int32_t timeout; u_int32_t start; @@ -1652,7 +1652,7 @@ pf_purge_expired_src_nodes() } static void -pf_src_tree_remove_state(struct pf_state *s) +pf_src_tree_remove_state(struct pf_kstate *s) { struct pf_ksrc_node *sn; struct pf_srchash *sh; @@ -1689,7 +1689,7 @@ pf_src_tree_remove_state(struct pf_state *s) * unlocked, since it needs to go through key hash locking. */ int -pf_unlink_state(struct pf_state *s, u_int flags) +pf_unlink_state(struct pf_kstate *s, u_int flags) { struct pf_idhash *ih = &V_pf_idhash[PF_IDHASH(s)]; @@ -1736,7 +1736,7 @@ pf_unlink_state(struct pf_state *s, u_int flags) return (pf_release_staten(s, 2)); } -struct pf_state * +struct pf_kstate * pf_alloc_state(int flags) { @@ -1744,7 +1744,7 @@ pf_alloc_state(int flags) } void -pf_free_state(struct pf_state *cur) +pf_free_state(struct pf_kstate *cur) { KASSERT(cur->refs == 0, ("%s: %p has refs", __func__, cur)); @@ -1763,7 +1763,7 @@ static u_int pf_purge_expired_states(u_int i, int maxcheck) { struct pf_idhash *ih; - struct pf_state *s; + struct pf_kstate *s; V_pf_status.states = uma_zone_get_cur(V_pf_state_z); @@ -1921,13 +1921,13 @@ pf_print_host(struct pf_addr *addr, u_int16_t p, sa_family_t af) } void -pf_print_state(struct pf_state *s) +pf_print_state(struct pf_kstate *s) { pf_print_state_parts(s, NULL, NULL); } static void -pf_print_state_parts(struct pf_state *s, +pf_print_state_parts(struct pf_kstate *s, struct pf_state_key *skwp, struct pf_state_key *sksp) { struct pf_state_key *skw, *sks; @@ -3326,7 +3326,7 @@ pf_tcp_iss(struct pf_pdesc *pd) } static int -pf_test_rule(struct pf_krule **rm, struct pf_state **sm, int direction, +pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, int direction, struct pfi_kkif *kif, struct mbuf *m, int off, struct pf_pdesc *pd, struct pf_krule **am, struct pf_kruleset **rsm, struct inpcb *inp) { @@ -3703,10 +3703,10 @@ static int pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a, struct pf_pdesc *pd, struct pf_ksrc_node *nsn, struct pf_state_key *nk, struct pf_state_key *sk, struct mbuf *m, int off, u_int16_t sport, - u_int16_t dport, int *rewrite, struct pfi_kkif *kif, struct pf_state **sm, + u_int16_t dport, int *rewrite, struct pfi_kkif *kif, struct pf_kstate **sm, int tag, u_int16_t bproto_sum, u_int16_t bip_sum, int hdrlen) { - struct pf_state *s = NULL; + struct pf_kstate *s = NULL; struct pf_ksrc_node *sn = NULL; struct tcphdr *th = &pd->hdr.tcp; u_int16_t mss = V_tcp_mssdflt; @@ -4045,7 +4045,7 @@ pf_test_fragment(struct pf_krule **rm, int direction, struct pfi_kkif *kif, static int pf_tcp_track_full(struct pf_state_peer *src, struct pf_state_peer *dst, - struct pf_state **state, struct pfi_kkif *kif, struct mbuf *m, int off, + struct pf_kstate **state, struct pfi_kkif *kif, struct mbuf *m, int off, struct pf_pdesc *pd, u_short *reason, int *copyback) { struct tcphdr *th = &pd->hdr.tcp; @@ -4371,7 +4371,7 @@ pf_tcp_track_full(struct pf_state_peer *src, struct pf_state_peer *dst, static int pf_tcp_track_sloppy(struct pf_state_peer *src, struct pf_state_peer *dst, - struct pf_state **state, struct pf_pdesc *pd, u_short *reason) + struct pf_kstate **state, struct pf_pdesc *pd, u_short *reason) { struct tcphdr *th = &pd->hdr.tcp; @@ -4441,7 +4441,7 @@ pf_tcp_track_sloppy(struct pf_state_peer *src, struct pf_state_peer *dst, } static int -pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kkif *kif, +pf_test_state_tcp(struct pf_kstate **state, int direction, struct pfi_kkif *kif, struct mbuf *m, int off, void *h, struct pf_pdesc *pd, u_short *reason) { @@ -4609,7 +4609,7 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kkif *kif, } static int -pf_test_state_udp(struct pf_state **state, int direction, struct pfi_kkif *kif, +pf_test_state_udp(struct pf_kstate **state, int direction, struct pfi_kkif *kif, struct mbuf *m, int off, void *h, struct pf_pdesc *pd) { struct pf_state_peer *src, *dst; @@ -4676,7 +4676,7 @@ pf_test_state_udp(struct pf_state **state, int direction, struct pfi_kkif *kif, } static int -pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kkif *kif, +pf_test_state_icmp(struct pf_kstate **state, int direction, struct pfi_kkif *kif, struct mbuf *m, int off, void *h, struct pf_pdesc *pd, u_short *reason) { struct pf_addr *saddr = pd->src, *daddr = pd->dst; @@ -5280,7 +5280,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kkif *kif, } static int -pf_test_state_other(struct pf_state **state, int direction, struct pfi_kkif *kif, +pf_test_state_other(struct pf_kstate **state, int direction, struct pfi_kkif *kif, struct mbuf *m, struct pf_pdesc *pd) { struct pf_state_peer *src, *dst; @@ -5452,7 +5452,7 @@ pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kkif *kif, #ifdef INET static void pf_route(struct mbuf **m, struct pf_krule *r, int dir, struct ifnet *oifp, - struct pf_state *s, struct pf_pdesc *pd, struct inpcb *inp) + struct pf_kstate *s, struct pf_pdesc *pd, struct inpcb *inp) { struct mbuf *m0, *m1; struct sockaddr_in dst; @@ -5640,7 +5640,7 @@ bad: #ifdef INET6 static void pf_route6(struct mbuf **m, struct pf_krule *r, int dir, struct ifnet *oifp, - struct pf_state *s, struct pf_pdesc *pd, struct inpcb *inp) + struct pf_kstate *s, struct pf_pdesc *pd, struct inpcb *inp) { struct mbuf *m0; struct sockaddr_in6 dst; @@ -5929,7 +5929,7 @@ pf_test(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, struct inpcb * struct ip *h = NULL; struct m_tag *ipfwtag; struct pf_krule *a = NULL, *r = &V_pf_default_rule, *tr, *nr; - struct pf_state *s = NULL; + struct pf_kstate *s = NULL; struct pf_kruleset *ruleset = NULL; struct pf_pdesc pd; int off, dirndx, pqid = 0; @@ -6317,7 +6317,7 @@ pf_test6(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, struct inpcb struct m_tag *mtag; struct ip6_hdr *h = NULL; struct pf_krule *a = NULL, *r = &V_pf_default_rule, *tr, *nr; - struct pf_state *s = NULL; + struct pf_kstate *s = NULL; struct pf_kruleset *ruleset = NULL; struct pf_pdesc pd; int off, terminal = 0, dirndx, rh_cnt = 0, pqid = 0; diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 2e332156a488..4eebc8a43de8 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1783,7 +1783,7 @@ pf_label_match(const struct pf_krule *rule, const char *label) static unsigned int pf_kill_matching_state(struct pf_state_key_cmp *key, int dir) { - struct pf_state *match; + struct pf_kstate *match; int more = 0; unsigned int killed = 0; @@ -1801,7 +1801,7 @@ pf_kill_matching_state(struct pf_state_key_cmp *key, int dir) static int pf_killstates_row(struct pf_kstate_kill *psk, struct pf_idhash *ih) { *** 167 LINES SKIPPED ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202107141008.16EA8NQP005211>