Date: Sat, 10 Oct 2009 16:08:05 +0000 (UTC) From: Ermal Luçi <eri@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r197935 - in user/eri/pf45/head/sys: contrib/pf/net i386/conf modules/pfsync Message-ID: <200910101608.n9AG85L2086484@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: eri Date: Sat Oct 10 16:08:05 2009 New Revision: 197935 URL: http://svn.freebsd.org/changeset/base/197935 Log: * Make pfsync(4) compile. OpenBSD TDB features are wrapped with notyet for now. * Add Makefile under modules directory to allow pfsync(4) to be built/loaded as module. * Remove dependency of pf(4) module from pfsync(4) internals. Added: user/eri/pf45/head/sys/modules/pfsync/ user/eri/pf45/head/sys/modules/pfsync/Makefile (contents, props changed) Modified: user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.h user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c user/eri/pf45/head/sys/contrib/pf/net/pfvar.h user/eri/pf45/head/sys/i386/conf/GENERIC Modified: user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c ============================================================================== --- user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c Sat Oct 10 15:33:01 2009 (r197934) +++ user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c Sat Oct 10 16:08:05 2009 (r197935) @@ -42,20 +42,71 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#ifdef __FreeBSD__ +#include "opt_inet.h" +#include "opt_inet6.h" +#include "opt_bpf.h" +#include "opt_pf.h" + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#ifdef DEV_BPF +#define NBPFILTER DEV_BPF +#else +#define NBPFILTER 0 +#endif + +#ifdef DEV_PFSYNC +#define NPFSYNC DEV_PFSYNC +#else +#define NPFSYNC 0 +#endif + +#ifdef DEV_CARP +#define NCARP DEV_CARP +#else +#define NCARP 0 +#endif +#endif /* __FreeBSD__ */ + #include <sys/param.h> +#ifdef __FreeBSD__ +#include <sys/bus.h> +#include <sys/interrupt.h> +#include <sys/priv.h> +#endif #include <sys/proc.h> #include <sys/systm.h> #include <sys/time.h> #include <sys/mbuf.h> #include <sys/socket.h> +#ifdef __FreeBSD__ +#include <sys/endian.h> +#include <sys/malloc.h> +#include <sys/module.h> +#include <sys/sockio.h> +#include <sys/taskqueue.h> +#include <sys/lock.h> +#include <sys/mutex.h> +#else #include <sys/ioctl.h> #include <sys/timeout.h> +#endif #include <sys/kernel.h> #include <sys/sysctl.h> +#ifndef __FreeBSD__ #include <sys/pool.h> +#endif #include <net/if.h> +#ifdef __FreeBSD__ +#include <net/if_clone.h> +#endif #include <net/if_types.h> +#ifdef __FreeBSD__ +#include <net/netisr.h> +#endif #include <net/route.h> #include <net/bpf.h> #include <net/netisr.h> @@ -75,7 +126,9 @@ #include <netinet6/nd6.h> #endif /* INET6 */ +#ifndef __FreeBSD__ #include "carp.h" +#endif #if NCARP > 0 #include <netinet/ip_carp.h> #endif @@ -83,8 +136,10 @@ #include <net/pfvar.h> #include <net/if_pfsync.h> +#ifndef __FreeBSD__ #include "bpfilter.h" #include "pfsync.h" +#endif #define PFSYNC_MINPKT ( \ sizeof(struct ip) + \ @@ -166,20 +221,34 @@ struct pfsync_deferral { TAILQ_ENTRY(pfsync_deferral) pd_entry; struct pf_state *pd_st; struct mbuf *pd_m; +#ifdef __FreeBSD__ + struct callout pd_tmo; +#else struct timeout pd_tmo; +#endif }; TAILQ_HEAD(pfsync_deferrals, pfsync_deferral); #define PFSYNC_PLSIZE MAX(sizeof(struct pfsync_upd_req_item), \ sizeof(struct pfsync_deferral)) +#ifdef notyet int pfsync_out_tdb(struct tdb *, struct mbuf *, int); +#endif struct pfsync_softc { +#ifdef __FreeBSD__ + struct ifnet *sc_ifp; +#else struct ifnet sc_if; +#endif struct ifnet *sc_sync_if; +#ifdef __FreeBSD__ + uma_zone_t sc_pool; +#else struct pool sc_pool; +#endif struct ip_moptions sc_imo; @@ -201,29 +270,77 @@ struct pfsync_softc { u_int32_t sc_ureq_sent; int sc_bulk_tries; +#ifdef __FreeBSD__ + struct callout sc_bulkfail_tmo; +#else struct timeout sc_bulkfail_tmo; +#endif u_int32_t sc_ureq_received; struct pf_state *sc_bulk_next; struct pf_state *sc_bulk_last; +#ifdef __FreeBSD__ + struct callout sc_bulk_tmo; +#else struct timeout sc_bulk_tmo; +#endif TAILQ_HEAD(, tdb) sc_tdb_q; +#ifdef __FreeBSD__ + struct callout sc_tmo; +#else struct timeout sc_tmo; +#endif +#ifdef __FreeBSD__ + eventhandler_tag sc_detachtag; +#endif + }; struct pfsync_softc *pfsyncif = NULL; struct pfsyncstats pfsyncstats; +#ifdef __FreeBSD__ +#ifdef notyet +SYSCTL_DECL(_net_inet_pfsync); +SYSCTL_STRUCT(_net_inet_pfsync, 0, stats, CTLFLAG_RW, + &pfsyncstats, pfsyncstats, + "PFSYNC statistics (struct pfsyncstats, net/if_pfsync.h)"); +#endif + +/* Macros to set/clear/test flags. */ +#ifdef _KERNEL +#define SET(t, f) ((t) |= (f)) +#define CLR(t, f) ((t) &= ~(f)) +#define ISSET(t, f) ((t) & (f)) +#endif + +static void pfsyncintr(void *); +struct pfsync_swi { + void * pfsync_swi_cookie; +}; +static struct pfsync_swi pfsync_swi; +#define schednetisr(p) swi_sched(pfsync_swi.pfsync_swi_cookie, 0) +#define NETISR_PFSYNC +#endif void pfsyncattach(int); +#ifdef __FreeBSD__ +int pfsync_clone_create(struct if_clone *, int, caddr_t); +void pfsync_clone_destroy(struct ifnet *); +#else int pfsync_clone_create(struct if_clone *, int); int pfsync_clone_destroy(struct ifnet *); +#endif int pfsync_alloc_scrub_memory(struct pfsync_state_peer *, struct pf_state_peer *); void pfsync_update_net_tdb(struct pfsync_tdb *); int pfsyncoutput(struct ifnet *, struct mbuf *, struct sockaddr *, +#ifdef __FreeBSD__ + struct route *); +#else struct rtentry *); +#endif int pfsyncioctl(struct ifnet *, u_long, caddr_t); void pfsyncstart(struct ifnet *); @@ -251,11 +368,23 @@ void pfsync_bulk_status(u_int8_t); void pfsync_bulk_update(void *); void pfsync_bulk_fail(void *); +#ifdef __FreeBSD__ +void pfsync_ifdetach(void *, struct ifnet *); + +/* XXX: ugly */ +#define betoh64 (unsigned long long)be64toh +#define timeout_del callout_stop +#endif + #define PFSYNC_MAX_BULKTRIES 12 int pfsync_sync_ok; +#ifdef __FreeBSD__ +IFC_SIMPLE_DECLARE(pfsync, 1); +#else struct if_clone pfsync_cloner = IF_CLONE_INITIALIZER("pfsync", pfsync_clone_create, pfsync_clone_destroy); +#endif void pfsyncattach(int npfsync) @@ -263,7 +392,11 @@ pfsyncattach(int npfsync) if_clone_attach(&pfsync_cloner); } int +#ifdef __FreeBSD__ +pfsync_clone_create(struct if_clone *ifc, int unit, caddr_t param) +#else pfsync_clone_create(struct if_clone *ifc, int unit) +#endif { struct pfsync_softc *sc; struct ifnet *ifp; @@ -274,14 +407,23 @@ pfsync_clone_create(struct if_clone *ifc pfsync_sync_ok = 1; - sc = malloc(sizeof(*pfsyncif), M_DEVBUF, M_NOWAIT | M_ZERO); + sc = malloc(sizeof(struct pfsync_softc), M_DEVBUF, M_NOWAIT | M_ZERO); if (sc == NULL) return (ENOMEM); for (q = 0; q < PFSYNC_S_COUNT; q++) TAILQ_INIT(&sc->sc_qs[q]); +#ifdef __FreeBSD__ + sc->sc_pool = uma_zcreate("pfsync", PFSYNC_PLSIZE, + NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); + if (sc->sc_pool == NULL) { + free(sc, M_DEVBUF); + return (ENOMEM); + } +#else pool_init(&sc->sc_pool, PFSYNC_PLSIZE, 0, 0, 0, "pfsync", NULL); +#endif TAILQ_INIT(&sc->sc_upd_req_list); TAILQ_INIT(&sc->sc_deferrals); sc->sc_deferred = 0; @@ -291,13 +433,42 @@ pfsync_clone_create(struct if_clone *ifc sc->sc_len = PFSYNC_MINPKT; sc->sc_maxupdates = 128; +#ifdef __FreeBSD__ + sc->sc_imo.imo_membership = (struct in_multi **)malloc( + (sizeof(struct in_multi *) * IP_MIN_MEMBERSHIPS), M_DEVBUF, + M_NOWAIT | M_ZERO); + sc->sc_imo.imo_max_memberships = IP_MIN_MEMBERSHIPS; + sc->sc_imo.imo_multicast_vif = -1; +#else sc->sc_imo.imo_membership = (struct in_multi **)malloc( (sizeof(struct in_multi *) * IP_MIN_MEMBERSHIPS), M_IPMOPTS, M_WAITOK | M_ZERO); sc->sc_imo.imo_max_memberships = IP_MIN_MEMBERSHIPS; +#endif +#ifdef __FreeBSD__ + ifp = sc->sc_ifp = if_alloc(IFT_PFSYNC); + if (ifp == NULL) { + free(sc->sc_imo.imo_membership, M_DEVBUF); + uma_zdestroy(sc->sc_pool); + free(sc, M_DEVBUF); + return (ENOSPC); + } + if_initname(ifp, ifc->ifc_name, unit); + + sc->sc_detachtag = EVENTHANDLER_REGISTER(ifnet_departure_event, + pfsync_ifdetach, pfsyncif, EVENTHANDLER_PRI_ANY); + if (sc->sc_detachtag == NULL) { + if_free(ifp); + free(sc->sc_imo.imo_membership, M_DEVBUF); + uma_zdestroy(sc->sc_pool); + free(sc, M_DEVBUF); + return (ENOSPC); + } +#else ifp = &sc->sc_if; snprintf(ifp->if_xname, sizeof ifp->if_xname, "pfsync%d", unit); +#endif ifp->if_softc = sc; ifp->if_ioctl = pfsyncioctl; ifp->if_output = pfsyncoutput; @@ -306,38 +477,59 @@ pfsync_clone_create(struct if_clone *ifc ifp->if_snd.ifq_maxlen = ifqmaxlen; ifp->if_hdrlen = sizeof(struct pfsync_header); ifp->if_mtu = 1500; /* XXX */ +#ifdef __FreeBSD__ + callout_init(&sc->sc_tmo, CALLOUT_MPSAFE); + callout_init(&sc->sc_bulk_tmo, CALLOUT_MPSAFE); + callout_init(&sc->sc_bulkfail_tmo, CALLOUT_MPSAFE); +#else ifp->if_hardmtu = MCLBYTES; /* XXX */ timeout_set(&sc->sc_tmo, pfsync_timeout, sc); timeout_set(&sc->sc_bulk_tmo, pfsync_bulk_update, sc); timeout_set(&sc->sc_bulkfail_tmo, pfsync_bulk_fail, sc); +#endif if_attach(ifp); +#ifndef __FreeBSD__ if_alloc_sadl(ifp); +#endif #if NCARP > 0 if_addgroup(ifp, "carp"); #endif #if NBPFILTER > 0 +#ifdef __FreeBSD__ + bpfattach(ifp, DLT_PFSYNC, PFSYNC_HDRLEN); +#else bpfattach(&sc->sc_if.if_bpf, ifp, DLT_PFSYNC, PFSYNC_HDRLEN); #endif +#endif pfsyncif = sc; return (0); } +#ifdef __FreeBSD__ +void +#else int +#endif pfsync_clone_destroy(struct ifnet *ifp) { struct pfsync_softc *sc = ifp->if_softc; +#ifdef __FreeBSD__ + EVENTHANDLER_DEREGISTER(ifnet_departure_event, sc->sc_detachtag); +#endif timeout_del(&sc->sc_bulk_tmo); timeout_del(&sc->sc_tmo); #if NCARP > 0 +#ifdef notyet if (!pfsync_sync_ok) carp_group_demote_adj(&sc->sc_if, -1); #endif +#endif #if NBPFILTER > 0 bpfdetach(ifp); #endif @@ -348,24 +540,44 @@ pfsync_clone_destroy(struct ifnet *ifp) while (sc->sc_deferred > 0) pfsync_undefer(TAILQ_FIRST(&sc->sc_deferrals), 0); +#ifdef __FreeBSD__ + UMA_DESTROY(sc->sc_pool); +#else pool_destroy(&sc->sc_pool); +#endif +#ifdef __FreeBSD__ + if_free(ifp); + free(sc->sc_imo.imo_membership, M_DEVBUF); +#else free(sc->sc_imo.imo_membership, M_IPMOPTS); +#endif free(sc, M_DEVBUF); pfsyncif = NULL; +#ifndef __FreeBSD__ return (0); +#endif } struct mbuf * pfsync_if_dequeue(struct ifnet *ifp) { struct mbuf *m; +#ifndef __FreeBSD__ int s; +#endif +#ifdef __FreeBSD__ + IF_LOCK(&ifp->if_snd); + _IF_DROP(&ifp->if_snd); + _IF_DEQUEUE(&ifp->if_snd, m); + IF_UNLOCK(&ifp->if_snd); +#else s = splnet(); IF_DEQUEUE(&ifp->if_snd, m); splx(s); +#endif return (m); } @@ -379,7 +591,9 @@ pfsyncstart(struct ifnet *ifp) struct mbuf *m; while ((m = pfsync_if_dequeue(ifp)) != NULL) { +#ifndef __FreeBSD__ IF_DROP(&ifp->if_snd); +#endif m_freem(m); } } @@ -397,6 +611,7 @@ pfsync_alloc_scrub_memory(struct pfsync_ return (0); } +#ifndef __FreeBSD__ void pfsync_state_export(struct pfsync_state *sp, struct pf_state *st) { @@ -457,6 +672,7 @@ pfsync_state_export(struct pfsync_state pf_state_counter_hton(st->bytes[1], sp->bytes[1]); } +#endif int pfsync_state_import(struct pfsync_state *sp, u_int8_t flags) @@ -498,10 +714,17 @@ pfsync_state_import(struct pfsync_state if ((r->max_states && r->states_cur >= r->max_states)) goto cleanup; +#ifdef __FreeBSD__ + if (flags & PFSYNC_SI_IOCTL) + pool_flags = PR_WAITOK | PR_ZERO; + else + pool_flags = PR_ZERO; +#else if (flags & PFSYNC_SI_IOCTL) pool_flags = PR_WAITOK | PR_LIMITFAIL | PR_ZERO; else pool_flags = PR_LIMITFAIL | PR_ZERO; +#endif if ((st = pool_get(&pf_state_pl, pool_flags)) == NULL) goto cleanup; @@ -614,7 +837,11 @@ pfsync_state_import(struct pfsync_state } void +#ifdef __FreeBSD__ +pfsync_input(struct mbuf *m, __unused int off) +#else pfsync_input(struct mbuf *m, ...) +#endif { struct pfsync_softc *sc = pfsyncif; struct pfsync_pkt pkt; @@ -637,9 +864,13 @@ pfsync_input(struct mbuf *m, ...) goto done; } +#ifdef __FreeBSD__ + sc->sc_ifp->if_ipackets++; + sc->sc_ifp->if_ibytes += m->m_pkthdr.len; +#else sc->sc_if.if_ipackets++; sc->sc_if.if_ibytes += m->m_pkthdr.len; - +#endif /* verify that the IP TTL is 255. */ if (ip->ip_ttl != PFSYNC_DFLTTL) { pfsyncstats.pfsyncs_badttl++; @@ -726,6 +957,9 @@ pfsync_in_clr(struct pfsync_pkt *pkt, st clr = (struct pfsync_clr *)(mp->m_data + offp); s = splsoftnet(); +#ifdef __FreeBSD__ + PF_LOCK(); +#endif for (i = 0; i < count; i++) { creatorid = clr[i].creatorid; @@ -757,6 +991,9 @@ pfsync_in_clr(struct pfsync_pkt *pkt, st } } } +#ifdef __FreeBSD__ + PF_UNLOCK(); +#endif splx(s); return (len); @@ -780,6 +1017,9 @@ pfsync_in_ins(struct pfsync_pkt *pkt, st sa = (struct pfsync_state *)(mp->m_data + offp); s = splsoftnet(); +#ifdef __FreeBSD__ + PF_LOCK(); +#endif for (i = 0; i < count; i++) { sp = &sa[i]; @@ -802,6 +1042,9 @@ pfsync_in_ins(struct pfsync_pkt *pkt, st break; } } +#ifdef __FreeBSD__ + PF_UNLOCK(); +#endif splx(s); return (len); @@ -827,6 +1070,9 @@ pfsync_in_iack(struct pfsync_pkt *pkt, s iaa = (struct pfsync_ins_ack *)(mp->m_data + offp); s = splsoftnet(); +#ifdef __FreeBSD__ + PF_LOCK(); +#endif for (i = 0; i < count; i++) { ia = &iaa[i]; @@ -840,6 +1086,9 @@ pfsync_in_iack(struct pfsync_pkt *pkt, s if (ISSET(st->state_flags, PFSTATE_ACK)) pfsync_deferred(st, 0); } +#ifdef __FreeBSD__ + PF_UNLOCK(); +#endif splx(s); /* * XXX this is not yet implemented, but we know the size of the @@ -905,6 +1154,9 @@ pfsync_in_upd(struct pfsync_pkt *pkt, st sa = (struct pfsync_state *)(mp->m_data + offp); s = splsoftnet(); +#ifdef __FreeBSD__ + PF_LOCK(); +#endif for (i = 0; i < count; i++) { sp = &sa[i]; @@ -970,6 +1222,9 @@ pfsync_in_upd(struct pfsync_pkt *pkt, st st->timeout = sp->timeout; st->pfsync_time = time_second; } +#ifdef __FreeBSD__ + PF_UNLOCK(); +#endif splx(s); return (len); @@ -998,6 +1253,9 @@ pfsync_in_upd_c(struct pfsync_pkt *pkt, ua = (struct pfsync_upd_c *)(mp->m_data + offp); s = splsoftnet(); +#ifdef __FreeBSD__ + PF_LOCK(); +#endif for (i = 0; i < count; i++) { up = &ua[i]; @@ -1062,6 +1320,9 @@ pfsync_in_upd_c(struct pfsync_pkt *pkt, st->timeout = up->timeout; st->pfsync_time = time_second; } +#ifdef __FreeBSD__ + PF_UNLOCK(); +#endif splx(s); return (len); @@ -1128,6 +1389,9 @@ pfsync_in_del(struct pfsync_pkt *pkt, st sa = (struct pfsync_state *)(mp->m_data + offp); s = splsoftnet(); +#ifdef __FreeBSD__ + PF_LOCK(); +#endif for (i = 0; i < count; i++) { sp = &sa[i]; @@ -1142,6 +1406,9 @@ pfsync_in_del(struct pfsync_pkt *pkt, st SET(st->state_flags, PFSTATE_NOSYNC); pf_unlink_state(st); } +#ifdef __FreeBSD__ + PF_UNLOCK(); +#endif splx(s); return (len); @@ -1166,6 +1433,9 @@ pfsync_in_del_c(struct pfsync_pkt *pkt, sa = (struct pfsync_del_c *)(mp->m_data + offp); s = splsoftnet(); +#ifdef __FreeBSD__ + PF_LOCK(); +#endif for (i = 0; i < count; i++) { sp = &sa[i]; @@ -1181,6 +1451,9 @@ pfsync_in_del_c(struct pfsync_pkt *pkt, SET(st->state_flags, PFSTATE_NOSYNC); pf_unlink_state(st); } +#ifdef __FreeBSD__ + PF_LOCK(); +#endif splx(s); return (len); @@ -1208,8 +1481,13 @@ pfsync_in_bus(struct pfsync_pkt *pkt, st switch (bus->status) { case PFSYNC_BUS_START: +#ifdef __FreeBSD__ + callout_reset(&sc->sc_bulkfail_tmo, 5 * hz, pfsync_bulk_fail, + pfsyncif); +#else timeout_add_sec(&sc->sc_bulkfail_tmo, 5); /* XXX magic */ -#if XXX +#endif +#ifdef XXX pf_pool_limits[PF_LIMIT_STATES].limit / (PFSYNC_BULKPACKETS * sc->sc_maxcount)); #endif @@ -1225,9 +1503,11 @@ pfsync_in_bus(struct pfsync_pkt *pkt, st sc->sc_bulk_tries = 0; timeout_del(&sc->sc_bulkfail_tmo); #if NCARP > 0 +#ifdef notyet if (!pfsync_sync_ok) carp_group_demote_adj(&sc->sc_if, -1); #endif +#endif pfsync_sync_ok = 1; if (pf_status.debug >= PF_DEBUG_MISC) printf("pfsync: received valid " @@ -1263,8 +1543,14 @@ pfsync_in_tdb(struct pfsync_pkt *pkt, st tp = (struct pfsync_tdb *)(mp->m_data + offp); s = splsoftnet(); +#ifdef __FreeBSD__ + PF_LOCK(); +#endif for (i = 0; i < count; i++) pfsync_update_net_tdb(&tp[i]); +#ifdef __FreeBSD__ + PF_UNLOCK(); +#endif splx(s); #endif @@ -1337,7 +1623,11 @@ pfsync_in_error(struct pfsync_pkt *pkt, int pfsyncoutput(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, +#ifdef __FreeBSD__ + struct route *rt) +#else struct rtentry *rt) +#endif { m_freem(m); return (0); @@ -1347,7 +1637,9 @@ pfsyncoutput(struct ifnet *ifp, struct m int pfsyncioctl(struct ifnet *ifp, u_long cmd, caddr_t data) { +#ifndef __FreeBSD__ struct proc *p = curproc; +#endif struct pfsync_softc *sc = ifp->if_softc; struct ifreq *ifr = (struct ifreq *)data; struct ip_moptions *imo = &sc->sc_imo; @@ -1363,10 +1655,17 @@ pfsyncioctl(struct ifnet *ifp, u_long cm case SIOCSIFDSTADDR: #endif case SIOCSIFFLAGS: +#ifdef __FreeBSD__ + if (ifp->if_flags & IFF_UP) + ifp->if_drv_flags |= IFF_DRV_RUNNING; + else + ifp->if_drv_flags &= ~IFF_DRV_RUNNING; +#else if (ifp->if_flags & IFF_UP) ifp->if_flags |= IFF_RUNNING; else ifp->if_flags &= ~IFF_RUNNING; +#endif break; case SIOCSIFMTU: if (ifr->ifr_mtu <= PFSYNC_MINPKT) @@ -1375,7 +1674,13 @@ pfsyncioctl(struct ifnet *ifp, u_long cm ifr->ifr_mtu = MCLBYTES; if (ifr->ifr_mtu < ifp->if_mtu) { s = splnet(); +#ifdef __FreeBSD__ + PF_LOCK(); +#endif pfsync_sendout(); +#ifdef __FreeBSD__ + PF_UNLOCK(); +#endif splx(s); } ifp->if_mtu = ifr->ifr_mtu; @@ -1391,23 +1696,44 @@ pfsyncioctl(struct ifnet *ifp, u_long cm return (copyout(&pfsyncr, ifr->ifr_data, sizeof(pfsyncr))); case SIOCSETPFSYNC: +#ifdef __FreeBSD__ + if ((error = priv_check(curthread, PRIV_NETINET_PF)) != 0) +#else if ((error = suser(p, p->p_acflag)) != 0) +#endif return (error); if ((error = copyin(ifr->ifr_data, &pfsyncr, sizeof(pfsyncr)))) return (error); +#ifdef __FreeBSD__ + PF_LOCK(); +#endif if (pfsyncr.pfsyncr_syncpeer.s_addr == 0) +#ifdef __FreeBSD__ + sc->sc_sync_peer.s_addr = htonl(INADDR_PFSYNC_GROUP); +#else sc->sc_sync_peer.s_addr = INADDR_PFSYNC_GROUP; +#endif else sc->sc_sync_peer.s_addr = pfsyncr.pfsyncr_syncpeer.s_addr; if (pfsyncr.pfsyncr_maxupdates > 255) +#ifdef __FreeBSD__ + { + PF_UNLOCK(); +#endif return (EINVAL); +#ifdef __FreeBSD__ + } +#endif sc->sc_maxupdates = pfsyncr.pfsyncr_maxupdates; if (pfsyncr.pfsyncr_syncdev[0] == 0) { sc->sc_sync_if = NULL; +#ifdef __FreeBSD__ + PF_UNLOCK(); +#endif if (imo->imo_num_memberships > 0) { in_delmulti(imo->imo_membership[ --imo->imo_num_memberships]); @@ -1416,11 +1742,21 @@ pfsyncioctl(struct ifnet *ifp, u_long cm break; } +#ifdef __FreeBSD__ + PF_UNLOCK(); +#endif if ((sifp = ifunit(pfsyncr.pfsyncr_syncdev)) == NULL) return (EINVAL); +#ifdef __FreeBSD__ + PF_LOCK(); +#endif s = splnet(); +#ifdef __FreeBSD__ + if (sifp->if_mtu < sc->sc_ifp->if_mtu || +#else if (sifp->if_mtu < sc->sc_if.if_mtu || +#endif (sc->sc_sync_if != NULL && sifp->if_mtu < sc->sc_sync_if->if_mtu) || sifp->if_mtu < MCLBYTES - sizeof(struct ip)) @@ -1428,28 +1764,51 @@ pfsyncioctl(struct ifnet *ifp, u_long cm sc->sc_sync_if = sifp; if (imo->imo_num_memberships > 0) { +#ifdef __FreeBSD__ + PF_UNLOCK(); +#endif in_delmulti(imo->imo_membership[--imo->imo_num_memberships]); +#ifdef __FreeBSD__ + PF_LOCK(); +#endif imo->imo_multicast_ifp = NULL; } if (sc->sc_sync_if && +#ifdef __FreeBSD__ + sc->sc_sync_peer.s_addr == htonl(INADDR_PFSYNC_GROUP)) { +#else sc->sc_sync_peer.s_addr == INADDR_PFSYNC_GROUP) { +#endif struct in_addr addr; if (!(sc->sc_sync_if->if_flags & IFF_MULTICAST)) { sc->sc_sync_if = NULL; +#ifdef __FreeBSD__ + PF_UNLOCK(); +#endif splx(s); return (EADDRNOTAVAIL); } +#ifdef __FreeBSD__ + addr.s_addr = htonl(INADDR_PFSYNC_GROUP); +#else addr.s_addr = INADDR_PFSYNC_GROUP; +#endif +#ifdef __FreeBSD__ + PF_UNLOCK(); +#endif if ((imo->imo_membership[0] = in_addmulti(&addr, sc->sc_sync_if)) == NULL) { sc->sc_sync_if = NULL; splx(s); return (ENOBUFS); } +#ifdef __FreeBSD__ + PF_LOCK(); +#endif imo->imo_num_memberships++; imo->imo_multicast_ifp = sc->sc_sync_if; imo->imo_multicast_ttl = PFSYNC_DFLTTL; @@ -1472,15 +1831,25 @@ pfsyncioctl(struct ifnet *ifp, u_long cm /* Request a full state table update. */ sc->sc_ureq_sent = time_uptime; #if NCARP > 0 +#ifdef notyet if (pfsync_sync_ok) carp_group_demote_adj(&sc->sc_if, 1); #endif +#endif pfsync_sync_ok = 0; if (pf_status.debug >= PF_DEBUG_MISC) printf("pfsync: requesting bulk update\n"); +#ifdef __FreeBSD__ + callout_reset(&sc->sc_bulkfail_tmo, 5 * hz, + pfsync_bulk_fail, pfsyncif); +#else timeout_add_sec(&sc->sc_bulkfail_tmo, 5); +#endif pfsync_request_update(0, 0); } +#ifdef __FreeBSD__ + PF_UNLOCK(); +#endif splx(s); break; @@ -1554,7 +1923,9 @@ pfsync_drop(struct pfsync_softc *sc) { struct pf_state *st; struct pfsync_upd_req_item *ur; +#ifdef notyet struct tdb *t; +#endif int q; for (q = 0; q < PFSYNC_S_COUNT; q++) { @@ -1563,8 +1934,14 @@ pfsync_drop(struct pfsync_softc *sc) TAILQ_FOREACH(st, &sc->sc_qs[q], sync_list) { #ifdef PFSYNC_DEBUG +#ifdef __FreeBSD__ + KASSERT(st->sync_state == q, + ("%s: st->sync_state == q", + __FUNCTION__)); +#else KASSERT(st->sync_state == q); #endif +#endif st->sync_state = PFSYNC_S_NONE; } TAILQ_INIT(&sc->sc_qs[q]); @@ -1577,12 +1954,14 @@ pfsync_drop(struct pfsync_softc *sc) sc->sc_plus = NULL; +#ifdef notyet if (!TAILQ_EMPTY(&sc->sc_tdb_q)) { TAILQ_FOREACH(t, &sc->sc_tdb_q, tdb_sync_entry) CLR(t->tdb_flags, TDBF_PFSYNC); TAILQ_INIT(&sc->sc_tdb_q); } +#endif sc->sc_len = PFSYNC_MINPKT; } @@ -1592,20 +1971,32 @@ pfsync_sendout(void) { struct pfsync_softc *sc = pfsyncif; #if NBPFILTER > 0 +#ifdef __FreeBSD__ + struct ifnet *ifp = sc->sc_ifp; +#else struct ifnet *ifp = &sc->sc_if; #endif struct mbuf *m; +#endif struct ip *ip; struct pfsync_header *ph; struct pfsync_subheader *subh; struct pf_state *st; struct pfsync_upd_req_item *ur; +#ifdef notyet struct tdb *t; - +#endif +#ifdef __FreeBSD__ + size_t pktlen; +#endif int offset; int q, count = 0; +#ifdef __FreeBSD__ + PF_ASSERT(MA_OWNED); +#else splassert(IPL_NET); +#endif if (sc == NULL || sc->sc_len == PFSYNC_MINPKT) return; @@ -1621,17 +2012,38 @@ pfsync_sendout(void) MGETHDR(m, M_DONTWAIT, MT_DATA); if (m == NULL) { +#ifdef __FreeBSD__ + sc->sc_ifp->if_oerrors++; +#else sc->sc_if.if_oerrors++; +#endif pfsyncstats.pfsyncs_onomem++; pfsync_drop(sc); return; } +#ifdef __FreeBSD__ + pktlen = max_linkhdr + sc->sc_len; + if (pktlen > MHLEN) { + /* Find the right pool to allocate from. */ + /* XXX: This is ugly. */ + m_cljget(m, M_DONTWAIT, pktlen <= MSIZE ? MSIZE : + pktlen <= MCLBYTES ? MCLBYTES : +#if MJUMPAGESIZE != MCLBYTES + pktlen <= MJUMPAGESIZE ? MJUMPAGESIZE : +#endif + pktlen <= MJUM9BYTES ? MJUM9BYTES : MJUM16BYTES); +#else if (max_linkhdr + sc->sc_len > MHLEN) { MCLGETI(m, M_DONTWAIT, NULL, max_linkhdr + sc->sc_len); +#endif if (!ISSET(m->m_flags, M_EXT)) { m_free(m); +#ifdef __FreeBSD__ + sc->sc_ifp->if_oerrors++; +#else sc->sc_if.if_oerrors++; +#endif pfsyncstats.pfsyncs_onomem++; pfsync_drop(sc); return; @@ -1668,8 +2080,14 @@ pfsync_sendout(void) count = 0; TAILQ_FOREACH(st, &sc->sc_qs[q], sync_list) { #ifdef PFSYNC_DEBUG +#ifdef __FreeBSD__ + KASSERT(st->sync_state == q, + ("%s: st->sync_state == q", + __FUNCTION__)); +#else KASSERT(st->sync_state == q); #endif +#endif offset += pfsync_qs[q].write(st, m, offset); st->sync_state = PFSYNC_S_NONE; @@ -1712,6 +2130,7 @@ pfsync_sendout(void) sc->sc_plus = NULL; } *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910101608.n9AG85L2086484>