Date: Sat, 10 Oct 2009 17:41:16 +0000 (UTC) From: Ermal Luçi <eri@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r197936 - in user/eri/pf45/head/sys: contrib/pf/net i386/conf Message-ID: <200910101741.n9AHfGnt088331@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: eri Date: Sat Oct 10 17:41:16 2009 New Revision: 197936 URL: http://svn.freebsd.org/changeset/base/197936 Log: * Make possible that pfsync(4) can be loaded as module. * Fix typos which unbreaks GENERIC builds. NOTE: As of now pf 4.5 is working on FreeBSD 8+. Modified: user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c user/eri/pf45/head/sys/contrib/pf/net/pf.c user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c user/eri/pf45/head/sys/contrib/pf/net/pfvar.h user/eri/pf45/head/sys/i386/conf/GENERIC Modified: user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c ============================================================================== --- user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c Sat Oct 10 16:08:05 2009 (r197935) +++ user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c Sat Oct 10 17:41:16 2009 (r197936) @@ -308,13 +308,6 @@ SYSCTL_STRUCT(_net_inet_pfsync, 0, stats "PFSYNC statistics (struct pfsyncstats, net/if_pfsync.h)"); #endif -/* Macros to set/clear/test flags. */ -#ifdef _KERNEL -#define SET(t, f) ((t) |= (f)) -#define CLR(t, f) ((t) &= ~(f)) -#define ISSET(t, f) ((t) & (f)) -#endif - static void pfsyncintr(void *); struct pfsync_swi { void * pfsync_swi_cookie; @@ -2604,7 +2597,7 @@ pfsync_q_ins(struct pf_state *st, int q) #ifdef __FreeBSD__ KASSERT(st->sync_state == PFSYNC_S_NONE, - ("%s: st->sync_state == PFSYNC_S_NONE" __FUNCITON__)); + ("%s: st->sync_state == PFSYNC_S_NONE", __FUNCTION__)); #else KASSERT(st->sync_state == PFSYNC_S_NONE); #endif @@ -2647,7 +2640,7 @@ pfsync_q_del(struct pf_state *st) #ifdef __FreeBSD__ KASSERT(st->sync_state != PFSYNC_S_NONE, - ("%s: st->sync_state != PFSYNC_S_NONE", __FUNCTION)); + ("%s: st->sync_state != PFSYNC_S_NONE", __FUNCTION__)); #else KASSERT(st->sync_state != PFSYNC_S_NONE); #endif @@ -3049,6 +3042,12 @@ pfsync_modevent(module_t mod, int type, panic("%s: swi_add %d", __func__, error); pfsync_state_import_ptr = pfsync_state_import; + pfsync_up_ptr = pfsync_up; + pfsync_insert_state_ptr = pfsync_insert_state; + pfsync_update_state_ptr = pfsync_update_state; + pfsync_delete_state_ptr = pfsync_delete_state; + pfsync_clear_states_ptr = pfsync_clear_states; + pfsync_defer_ptr = pfsync_defer; #endif break; case MOD_UNLOAD: @@ -3056,6 +3055,12 @@ pfsync_modevent(module_t mod, int type, swi_remove(pfsync_swi.pfsync_swi_cookie); pfsync_state_import_ptr = NULL; + pfsync_up_ptr = NULL; + pfsync_insert_state_ptr = NULL; + pfsync_update_state_ptr = NULL; + pfsync_delete_state_ptr = NULL; + pfsync_clear_states_ptr = NULL; + pfsync_defer_ptr = NULL; #endif if_clone_detach(&pfsync_cloner); break; Modified: user/eri/pf45/head/sys/contrib/pf/net/pf.c ============================================================================== --- user/eri/pf45/head/sys/contrib/pf/net/pf.c Sat Oct 10 16:08:05 2009 (r197935) +++ user/eri/pf45/head/sys/contrib/pf/net/pf.c Sat Oct 10 17:41:16 2009 (r197936) @@ -973,8 +973,13 @@ pf_state_insert(struct pfi_kif *kif, str pf_status.states++; pfi_kif_ref(kif, PFI_KIF_REF_STATE); #if NPFSYNC > 0 +#ifdef __FreeBSD__ + if (pfsync_insert_state_ptr != NULL) + pfsync_insert_state_ptr(s); +#else pfsync_insert_state(s); #endif +#endif return (0); } @@ -1336,8 +1341,13 @@ pf_unlink_state(struct pf_state *cur) export_pflow(cur); #endif #if NPFSYNC > 0 +#ifdef __FreeBSD__ + if (pfsync_delete_state_ptr != NULL) + pfsync_delete_state_ptr(cur); +#else pfsync_delete_state(cur); #endif +#endif cur->timeout = PFTM_UNLINKED; pf_src_tree_remove_state(cur); pf_detach_state(cur); @@ -3407,14 +3417,23 @@ pf_test_rule(struct pf_rule **rm, struct #if NPFSYNC > 0 if (*sm != NULL && !ISSET((*sm)->state_flags, PFSTATE_NOSYNC) && +#ifdef __FreeBSD__ + direction == PF_OUT && pfsync_up_ptr != NULL && pfsync_up_ptr()) { +#else direction == PF_OUT && pfsync_up()) { +#endif /* * We want the state created, but we dont * want to send this in case a partner * firewall has to know about it to allow * replies through it. */ +#ifdef __FreeBSD__ + if (pfsync_defer_ptr != NULL) + pfsync_defer(*sm, m); +#else if (pfsync_defer(*sm, m)) +#endif return (PF_DEFER); } #endif @@ -6293,7 +6312,12 @@ pf_test(int dir, struct ifnet *ifp, stru &reason); if (action == PF_PASS) { #if NPFSYNC > 0 +#ifdef __FreeBSD__ + if (pfsync_update_state_ptr != NULL) + pfsync_update_state_ptr(s); +#else pfsync_update_state(s); +#endif #endif /* NPFSYNC */ r = s->rule.ptr; a = s->anchor.ptr; @@ -6328,7 +6352,12 @@ pf_test(int dir, struct ifnet *ifp, stru action = pf_test_state_udp(&s, dir, kif, m, off, h, &pd); if (action == PF_PASS) { #if NPFSYNC > 0 +#ifdef __FreeBSD__ + if (pfsync_update_state_ptr != NULL) + pfsync_update_state_ptr(s); +#else pfsync_update_state(s); +#endif #endif /* NPFSYNC */ r = s->rule.ptr; a = s->anchor.ptr; @@ -6357,7 +6386,12 @@ pf_test(int dir, struct ifnet *ifp, stru &reason); if (action == PF_PASS) { #if NPFSYNC > 0 +#ifdef __FreeBSD__ + if (pfsync_update_state_ptr != NULL) + pfsync_update_state_ptr(s); +#else pfsync_update_state(s); +#endif #endif /* NPFSYNC */ r = s->rule.ptr; a = s->anchor.ptr; @@ -6386,7 +6420,12 @@ pf_test(int dir, struct ifnet *ifp, stru action = pf_test_state_other(&s, dir, kif, m, &pd); if (action == PF_PASS) { #if NPFSYNC > 0 +#ifdef __FreeBSD__ + if (pfsync_update_state_ptr != NULL) + pfsync_update_state_ptr(s); +#else pfsync_update_state(s); +#endif #endif /* NPFSYNC */ r = s->rule.ptr; a = s->anchor.ptr; @@ -6761,7 +6800,12 @@ pf_test6(int dir, struct ifnet *ifp, str &reason); if (action == PF_PASS) { #if NPFSYNC > 0 +#ifdef __FreeBSD__ + if (pfsync_update_state_ptr != NULL) + pfsync_update_state_ptr(s); +#else pfsync_update_state(s); +#endif #endif /* NPFSYNC */ r = s->rule.ptr; a = s->anchor.ptr; @@ -6796,7 +6840,12 @@ pf_test6(int dir, struct ifnet *ifp, str action = pf_test_state_udp(&s, dir, kif, m, off, h, &pd); if (action == PF_PASS) { #if NPFSYNC > 0 +#ifdef __FreeBSD__ + if (pfsync_update_state_ptr != NULL) + pfsync_update_state_ptr(s); +#else pfsync_update_state(s); +#endif #endif /* NPFSYNC */ r = s->rule.ptr; a = s->anchor.ptr; @@ -6832,7 +6881,12 @@ pf_test6(int dir, struct ifnet *ifp, str m, off, h, &pd, &reason); if (action == PF_PASS) { #if NPFSYNC > 0 +#ifdef __FreeBSD__ + if (pfsync_update_state_ptr != NULL) + pfsync_update_state_ptr(s); +#else pfsync_update_state(s); +#endif #endif /* NPFSYNC */ r = s->rule.ptr; a = s->anchor.ptr; @@ -6852,7 +6906,12 @@ pf_test6(int dir, struct ifnet *ifp, str action = pf_test_state_other(&s, dir, kif, m, &pd); if (action == PF_PASS) { #if NPFSYNC > 0 +#ifdef __FreeBSD__ + if (pfsync_update_state_ptr != NULL) + pfsync_update_state_ptr(s); +#else pfsync_update_state(s); +#endif #endif /* NPFSYNC */ r = s->rule.ptr; a = s->anchor.ptr; Modified: user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c ============================================================================== --- user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c Sat Oct 10 16:08:05 2009 (r197935) +++ user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c Sat Oct 10 17:41:16 2009 (r197936) @@ -250,7 +250,13 @@ static struct cdevsw pf_cdevsw = { int pf_end_threads = 0; struct mtx pf_task_mtx; #ifdef __FreeBSD__ - pfsync_state_import_t *pfsync_state_import_ptr = NULL; + pfsync_state_import_t *pfsync_state_import_ptr = NULL; + pfsync_up_t *pfsync_up_ptr = NULL; + pfsync_insert_state_t *pfsync_insert_state_ptr = NULL; + pfsync_update_state_t *pfsync_update_state_ptr = NULL; + pfsync_delete_state_t *pfsync_delete_state_ptr = NULL; + pfsync_clear_states_t *pfsync_clear_states_ptr = NULL; + pfsync_defer_t *pfsync_defer_ptr = NULL; #if NPFLOG >0 pflog_packet_t *pflog_packet_ptr = NULL; #endif @@ -1991,8 +1997,13 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a } psk->psk_killed = killed; #if NPFSYNC > 0 +#ifdef __FreeBSD__ + if (pfsync_clear_states_ptr != NULL) + pfsync_clear_states_ptr(pf_status.hostid, psk->psk_ifname); +#else pfsync_clear_states(pf_status.hostid, psk->psk_ifname); #endif +#endif break; } @@ -2072,7 +2083,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a } #ifdef __FreeBSD__ if (pfsync_state_import_ptr != NULL) - pfsync_state_import_ptr(sp, PFSYNC_SI_IOCTL); + error = pfsync_state_import_ptr(sp, PFSYNC_SI_IOCTL); #else error = pfsync_state_import(sp, PFSYNC_SI_IOCTL); #endif @@ -3526,7 +3537,7 @@ pfsync_state_export(struct pfsync_state state->timeout = PFTM_PURGE; #if NPFSYNC /* don't send out individual delete messages */ - state->sync_flags = PFSTATE_NOSYNC; + state->state_flags = PFSTATE_NOSYNC; #endif pf_unlink_state(state); } Modified: user/eri/pf45/head/sys/contrib/pf/net/pfvar.h ============================================================================== --- user/eri/pf45/head/sys/contrib/pf/net/pfvar.h Sat Oct 10 16:08:05 2009 (r197935) +++ user/eri/pf45/head/sys/contrib/pf/net/pfvar.h Sat Oct 10 17:41:16 2009 (r197936) @@ -828,7 +828,7 @@ struct pf_state { u_int8_t direction; #ifdef __FreeBSD__ u_int8_t pad[2]; - u_int8_t local_flags; + u_int8_t local_flags; #define PFSTATE_EXPIRING 0x01 #else u_int8_t pad[3]; @@ -930,9 +930,30 @@ struct pfsync_state { #ifdef __FreeBSD__ typedef int pfsync_state_import_t(struct pfsync_state *, u_int8_t); -extern pfsync_state_import_t *pfsync_state_import_ptr; +typedef int pfsync_up_t(void); +typedef void pfsync_insert_state_t(struct pf_state *); +typedef void pfsync_update_state_t(struct pf_state *); +typedef void pfsync_delete_state_t(struct pf_state *); +typedef void pfsync_clear_states_t(u_int32_t, const char *); +typedef int pfsync_defer_t(struct pf_state *, struct mbuf *); + +extern pfsync_state_import_t *pfsync_state_import_ptr; +extern pfsync_up_t *pfsync_up_ptr; +extern pfsync_insert_state_t *pfsync_insert_state_ptr; +extern pfsync_update_state_t *pfsync_update_state_ptr; +extern pfsync_delete_state_t *pfsync_delete_state_ptr; +extern pfsync_clear_states_t *pfsync_clear_states_ptr; +extern pfsync_defer_t *pfsync_defer_ptr; + void pfsync_state_export(struct pfsync_state *, struct pf_state *); + +/* Macros to set/clear/test flags. */ +#ifdef _KERNEL +#define SET(t, f) ((t) |= (f)) +#define CLR(t, f) ((t) &= ~(f)) +#define ISSET(t, f) ((t) & (f)) +#endif #endif #define PFSYNC_FLAG_SRCNODE 0x04 Modified: user/eri/pf45/head/sys/i386/conf/GENERIC ============================================================================== --- user/eri/pf45/head/sys/i386/conf/GENERIC Sat Oct 10 16:08:05 2009 (r197935) +++ user/eri/pf45/head/sys/i386/conf/GENERIC Sat Oct 10 17:41:16 2009 (r197936) @@ -97,8 +97,6 @@ device acpi device eisa device pci -device pfsync - # Floppy drives device fdc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910101741.n9AHfGnt088331>