From owner-svn-src-projects@FreeBSD.ORG Fri Feb 18 16:00:26 2011 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D09D7106566C; Fri, 18 Feb 2011 16:00:26 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id BD74C8FC15; Fri, 18 Feb 2011 16:00:26 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id p1IG0QoU063391; Fri, 18 Feb 2011 16:00:26 GMT (envelope-from bz@svn.freebsd.org) Received: (from bz@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id p1IG0QTt063389; Fri, 18 Feb 2011 16:00:26 GMT (envelope-from bz@svn.freebsd.org) Message-Id: <201102181600.p1IG0QTt063389@svn.freebsd.org> From: "Bjoern A. Zeeb" Date: Fri, 18 Feb 2011 16:00:26 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r218804 - projects/pf/pf45/sys/contrib/pf/net X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Feb 2011 16:00:26 -0000 Author: bz Date: Fri Feb 18 16:00:26 2011 New Revision: 218804 URL: http://svn.freebsd.org/changeset/base/218804 Log: Cleanup whitespace. Modified: projects/pf/pf45/sys/contrib/pf/net/pf.c Modified: projects/pf/pf45/sys/contrib/pf/net/pf.c ============================================================================== --- projects/pf/pf45/sys/contrib/pf/net/pf.c Fri Feb 18 15:52:57 2011 (r218803) +++ projects/pf/pf45/sys/contrib/pf/net/pf.c Fri Feb 18 16:00:26 2011 (r218804) @@ -48,27 +48,27 @@ __FBSDID("$FreeBSD$"); #include "opt_pf.h" #ifdef DEV_BPF -#define NBPFILTER DEV_BPF +#define NBPFILTER DEV_BPF #else -#define NBPFILTER 0 +#define NBPFILTER 0 #endif #ifdef DEV_PFLOG -#define NPFLOG DEV_PFLOG +#define NPFLOG DEV_PFLOG #else -#define NPFLOG 0 +#define NPFLOG 0 #endif #ifdef DEV_PFSYNC -#define NPFSYNC DEV_PFSYNC +#define NPFSYNC DEV_PFSYNC #else -#define NPFSYNC 0 +#define NPFSYNC 0 #endif #ifdef DEV_PFLOW -#define NPFLOW DEV_PFLOW +#define NPFLOW DEV_PFLOW #else -#define NPFLOW 0 +#define NPFLOW 0 #endif #else @@ -90,7 +90,7 @@ __FBSDID("$FreeBSD$"); #include #include #include -#define betoh64 be64toh +#define betoh64 be64toh #else #include #endif @@ -165,14 +165,14 @@ __FBSDID("$FreeBSD$"); #include #include #include - + extern int ip_optcopy(struct ip *, struct ip *); #endif #ifdef __FreeBSD__ -#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x +#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x #else -#define DPFPRINTF(n, x) if (pf_status.debug >= (n)) printf x +#define DPFPRINTF(n, x) if (pf_status.debug >= (n)) printf x #endif /* @@ -195,22 +195,22 @@ VNET_DEFINE(int, altqs_inactive_open) VNET_DEFINE(u_int32_t, ticket_pabuf); VNET_DEFINE(MD5_CTX, pf_tcp_secret_ctx); -#define V_pf_tcp_secret_ctx VNET(pf_tcp_secret_ctx) +#define V_pf_tcp_secret_ctx VNET(pf_tcp_secret_ctx) VNET_DEFINE(u_char, pf_tcp_secret[16]); -#define V_pf_tcp_secret VNET(pf_tcp_secret) +#define V_pf_tcp_secret VNET(pf_tcp_secret) VNET_DEFINE(int, pf_tcp_secret_init); -#define V_pf_tcp_secret_init VNET(pf_tcp_secret_init) +#define V_pf_tcp_secret_init VNET(pf_tcp_secret_init) VNET_DEFINE(int, pf_tcp_iss_off); -#define V_pf_tcp_iss_off VNET(pf_tcp_iss_off) +#define V_pf_tcp_iss_off VNET(pf_tcp_iss_off) struct pf_anchor_stackframe { - struct pf_ruleset *rs; - struct pf_rule *r; - struct pf_anchor_node *parent; - struct pf_anchor *child; + struct pf_ruleset *rs; + struct pf_rule *r; + struct pf_anchor_node *parent; + struct pf_anchor *child; }; VNET_DEFINE(struct pf_anchor_stackframe, pf_anchor_stack[64]); -#define V_pf_anchor_stack VNET(pf_anchor_stack) +#define V_pf_anchor_stack VNET(pf_anchor_stack) VNET_DEFINE(uma_zone_t, pf_src_tree_pl); VNET_DEFINE(uma_zone_t, pf_rule_pl); @@ -269,8 +269,8 @@ void pf_change_icmp(struct pf_addr *, u_int16_t *, u_int16_t *, u_int16_t *, u_int16_t *, u_int8_t, sa_family_t); #ifdef __FreeBSD__ - void pf_send_tcp(struct mbuf *, - const struct pf_rule *, sa_family_t, +void pf_send_tcp(struct mbuf *, + const struct pf_rule *, sa_family_t, #else void pf_send_tcp(const struct pf_rule *, sa_family_t, #endif @@ -363,9 +363,9 @@ int pf_check_congestion(struct ifqueu #ifdef __FreeBSD__ int in4_cksum(struct mbuf *m, u_int8_t nxt, int off, int len); - -VNET_DECLARE(int, pf_end_threads); - + +VNET_DECLARE(int, pf_end_threads); + VNET_DEFINE(struct pf_pool_limit, pf_pool_limits[PF_LIMIT_MAX]); #else extern struct pool pfr_ktable_pl; @@ -387,24 +387,24 @@ struct pf_pool_limit pf_pool_limits[PF_L #define PACKET_LOOPED() \ (pd.pf_mtag->flags & PF_PACKET_LOOPED) -#define STATE_LOOKUP(i, k, d, s, m, pt) \ - do { \ - s = pf_find_state(i, k, d, m, pt); \ - if (s == NULL || (s)->timeout == PFTM_PURGE) \ - return (PF_DROP); \ +#define STATE_LOOKUP(i, k, d, s, m, pt) \ + do { \ + s = pf_find_state(i, k, d, m, pt); \ + if (s == NULL || (s)->timeout == PFTM_PURGE) \ + return (PF_DROP); \ if (PPACKET_LOOPED()) \ return (PF_PASS); \ - if (d == PF_OUT && \ - (((s)->rule.ptr->rt == PF_ROUTETO && \ - (s)->rule.ptr->direction == PF_OUT) || \ - ((s)->rule.ptr->rt == PF_REPLYTO && \ - (s)->rule.ptr->direction == PF_IN)) && \ - (s)->rt_kif != NULL && \ - (s)->rt_kif != i) \ - return (PF_PASS); \ - } while (0) + if (d == PF_OUT && \ + (((s)->rule.ptr->rt == PF_ROUTETO && \ + (s)->rule.ptr->direction == PF_OUT) || \ + ((s)->rule.ptr->rt == PF_REPLYTO && \ + (s)->rule.ptr->direction == PF_IN)) && \ + (s)->rt_kif != NULL && \ + (s)->rt_kif != i) \ + return (PF_PASS); \ + } while (0) #else -#define STATE_LOOKUP(i, k, d, s, m) \ +#define STATE_LOOKUP(i, k, d, s, m) \ do { \ s = pf_find_state(i, k, d, m); \ if (s == NULL || (s)->timeout == PFTM_PURGE) \ @@ -421,14 +421,14 @@ struct pf_pool_limit pf_pool_limits[PF_L #endif #ifdef __FreeBSD__ -#define BOUND_IFACE(r, k) \ +#define BOUND_IFACE(r, k) \ ((r)->rule_flag & PFRULE_IFBOUND) ? (k) : V_pfi_all #else -#define BOUND_IFACE(r, k) \ +#define BOUND_IFACE(r, k) \ ((r)->rule_flag & PFRULE_IFBOUND) ? (k) : pfi_all #endif -#define STATE_INC_COUNTERS(s) \ +#define STATE_INC_COUNTERS(s) \ do { \ s->rule.ptr->states_cur++; \ s->rule.ptr->states_tot++; \ @@ -442,7 +442,7 @@ struct pf_pool_limit pf_pool_limits[PF_L } \ } while (0) -#define STATE_DEC_COUNTERS(s) \ +#define STATE_DEC_COUNTERS(s) \ do { \ if (s->nat_rule.ptr != NULL) \ s->nat_rule.ptr->states_cur--; \ @@ -1333,7 +1333,7 @@ pf_purge_thread(void *v) { int nloops = 0, s; #ifdef __FreeBSD__ - int locked; + int locked; #endif CURVNET_SET((struct vnet *)v); @@ -1342,42 +1342,42 @@ pf_purge_thread(void *v) tsleep(pf_purge_thread, PWAIT, "pftm", 1 * hz); #ifdef __FreeBSD__ - sx_slock(&V_pf_consistency_lock); - PF_LOCK(); - locked = 0; - - if (V_pf_end_threads) { - PF_UNLOCK(); - sx_sunlock(&V_pf_consistency_lock); - sx_xlock(&V_pf_consistency_lock); - PF_LOCK(); - - pf_purge_expired_states(V_pf_status.states, 1); - pf_purge_expired_fragments(); - pf_purge_expired_src_nodes(1); - V_pf_end_threads++; - - sx_xunlock(&V_pf_consistency_lock); - PF_UNLOCK(); - wakeup(pf_purge_thread); - kproc_exit(0); - } + sx_slock(&V_pf_consistency_lock); + PF_LOCK(); + locked = 0; + + if (V_pf_end_threads) { + PF_UNLOCK(); + sx_sunlock(&V_pf_consistency_lock); + sx_xlock(&V_pf_consistency_lock); + PF_LOCK(); + + pf_purge_expired_states(V_pf_status.states, 1); + pf_purge_expired_fragments(); + pf_purge_expired_src_nodes(1); + V_pf_end_threads++; + + sx_xunlock(&V_pf_consistency_lock); + PF_UNLOCK(); + wakeup(pf_purge_thread); + kproc_exit(0); + } #endif s = splsoftnet(); /* process a fraction of the state table every second */ #ifdef __FreeBSD__ - if(!pf_purge_expired_states(1 + (V_pf_status.states - / V_pf_default_rule.timeout[PFTM_INTERVAL]), 0)) { - PF_UNLOCK(); - sx_sunlock(&V_pf_consistency_lock); - sx_xlock(&V_pf_consistency_lock); - PF_LOCK(); - locked = 1; - - pf_purge_expired_states(1 + (V_pf_status.states - / V_pf_default_rule.timeout[PFTM_INTERVAL]), 1); - } + if (!pf_purge_expired_states(1 + (V_pf_status.states / + V_pf_default_rule.timeout[PFTM_INTERVAL]), 0)) { + PF_UNLOCK(); + sx_sunlock(&V_pf_consistency_lock); + sx_xlock(&V_pf_consistency_lock); + PF_LOCK(); + locked = 1; + + pf_purge_expired_states(1 + (V_pf_status.states / + V_pf_default_rule.timeout[PFTM_INTERVAL]), 1); + } #else pf_purge_expired_states(1 + (pf_status.states / pf_default_rule.timeout[PFTM_INTERVAL])); @@ -1395,13 +1395,13 @@ pf_purge_thread(void *v) } splx(s); - #ifdef __FreeBSD__ - PF_UNLOCK(); - if (locked) - sx_xunlock(&V_pf_consistency_lock); - else - sx_sunlock(&V_pf_consistency_lock); - #endif +#ifdef __FreeBSD__ + PF_UNLOCK(); + if (locked) + sx_xunlock(&V_pf_consistency_lock); + else + sx_sunlock(&V_pf_consistency_lock); +#endif } CURVNET_RESTORE(); } @@ -1419,12 +1419,12 @@ pf_state_expires(const struct pf_state * return (time_second); if (state->timeout == PFTM_UNTIL_PACKET) return (0); - #ifdef __FreeBSD__ - KASSERT(state->timeout != PFTM_UNLINKED, - ("pf_state_expires: timeout == PFTM_UNLINKED")); - KASSERT((state->timeout < PFTM_MAX), - ("pf_state_expires: timeout > PFTM_MAX")); - #else +#ifdef __FreeBSD__ + KASSERT(state->timeout != PFTM_UNLINKED, + ("pf_state_expires: timeout == PFTM_UNLINKED")); + KASSERT((state->timeout < PFTM_MAX), + ("pf_state_expires: timeout > PFTM_MAX")); +#else KASSERT(state->timeout != PFTM_UNLINKED); KASSERT(state->timeout < PFTM_MAX); #endif @@ -1481,10 +1481,10 @@ pf_purge_expired_src_nodes(int waslocked if (cur->states <= 0 && cur->expire <= time_second) { if (! locked) { - #ifdef __FreeBSD__ - if (!sx_try_upgrade(&V_pf_consistency_lock)) - return (0); - #else +#ifdef __FreeBSD__ + if (!sx_try_upgrade(&V_pf_consistency_lock)) + return (0); +#else rw_enter_write(&pf_consistency_lock); #endif next = RB_NEXT(pf_src_tree, @@ -1567,18 +1567,18 @@ void pf_unlink_state(struct pf_state *cur) { #ifdef __FreeBSD__ - if (cur->local_flags & PFSTATE_EXPIRING) - return; - cur->local_flags |= PFSTATE_EXPIRING; + if (cur->local_flags & PFSTATE_EXPIRING) + return; + cur->local_flags |= PFSTATE_EXPIRING; #else splassert(IPL_SOFTNET); - #endif +#endif if (cur->src.state == PF_TCPS_PROXY_DST) { /* XXX wire key the right one? */ - #ifdef __FreeBSD__ - pf_send_tcp(NULL, cur->rule.ptr, cur->key[PF_SK_WIRE]->af, - #else +#ifdef __FreeBSD__ + pf_send_tcp(NULL, cur->rule.ptr, cur->key[PF_SK_WIRE]->af, +#else pf_send_tcp(cur->rule.ptr, cur->key[PF_SK_WIRE]->af, #endif &cur->key[PF_SK_WIRE]->addr[1], @@ -1634,8 +1634,8 @@ pf_free_state(struct pf_state *cur) return; #endif #ifdef __FreeBSD__ - KASSERT(cur->timeout == PFTM_UNLINKED, - ("pf_free_state: cur->timeout != PFTM_UNLINKED")); + KASSERT(cur->timeout == PFTM_UNLINKED, + ("pf_free_state: cur->timeout != PFTM_UNLINKED")); #else KASSERT(cur->timeout == PFTM_UNLINKED); #endif @@ -1679,9 +1679,9 @@ pf_purge_expired_states(u_int32_t maxche { static struct pf_state *cur = NULL; struct pf_state *next; - #ifdef __FreeBSD__ - int locked = waslocked; - #else +#ifdef __FreeBSD__ + int locked = waslocked; +#else int locked = 0; #endif @@ -1703,10 +1703,10 @@ pf_purge_expired_states(u_int32_t maxche if (cur->timeout == PFTM_UNLINKED) { /* free unlinked state */ if (! locked) { - #ifdef __FreeBSD__ - if (!sx_try_upgrade(&V_pf_consistency_lock)) - return (0); - #else +#ifdef __FreeBSD__ + if (!sx_try_upgrade(&V_pf_consistency_lock)) + return (0); +#else rw_enter_write(&pf_consistency_lock); #endif locked = 1; @@ -1716,10 +1716,10 @@ pf_purge_expired_states(u_int32_t maxche /* unlink and free expired state */ pf_unlink_state(cur); if (! locked) { - #ifdef __FreeBSD__ - if (!sx_try_upgrade(&V_pf_consistency_lock)) - return (0); - #else +#ifdef __FreeBSD__ + if (!sx_try_upgrade(&V_pf_consistency_lock)) + return (0); +#else rw_enter_write(&pf_consistency_lock); #endif locked = 1; @@ -1729,12 +1729,12 @@ pf_purge_expired_states(u_int32_t maxche cur = next; } - #ifdef __FreeBSD__ - if (!waslocked && locked) - sx_downgrade(&V_pf_consistency_lock); - - return (1); - #else +#ifdef __FreeBSD__ + if (!waslocked && locked) + sx_downgrade(&V_pf_consistency_lock); + + return (1); +#else if (locked) rw_exit_write(&pf_consistency_lock); #endif @@ -2217,14 +2217,14 @@ pf_modulate_sack(struct mbuf *m, int off { int hlen = (th->th_off << 2) - sizeof(*th), thoptlen = hlen; #ifdef __FreeBSD__ - u_int8_t opts[TCP_MAXOLEN], *opt = opts; + u_int8_t opts[TCP_MAXOLEN], *opt = opts; #else u_int8_t opts[MAX_TCPOPTLEN], *opt = opts; #endif int copyback = 0, i, olen; struct sackblk sack; -#define TCPOLEN_SACKLEN (TCPOLEN_SACK + 2) +#define TCPOLEN_SACKLEN (TCPOLEN_SACK + 2) if (hlen < TCPOLEN_SACKLEN || !pf_pull_hdr(m, off + sizeof(*th), opts, hlen, NULL, NULL, pd->af)) return 0; @@ -2264,9 +2264,9 @@ pf_modulate_sack(struct mbuf *m, int off } if (copyback) - #ifdef __FreeBSD__ - m_copyback(m, off + sizeof(*th), thoptlen, (caddr_t)opts); - #else +#ifdef __FreeBSD__ + m_copyback(m, off + sizeof(*th), thoptlen, (caddr_t)opts); +#else m_copyback(m, off + sizeof(*th), thoptlen, opts); #endif return (copyback); @@ -2294,32 +2294,30 @@ pf_send_tcp(const struct pf_rule *r, sa_ struct tcphdr *th; char *opt; #ifdef __FreeBSD__ - struct pf_mtag *pf_mtag; -#endif - -#ifdef __FreeBSD__ - KASSERT( + struct pf_mtag *pf_mtag; + + KASSERT( #ifdef INET - af == AF_INET + af == AF_INET #else - 0 + 0 #endif - || + || #ifdef INET6 - af == AF_INET6 + af == AF_INET6 #else - 0 -#endif - , ("Unsupported AF %d", af)); - len = 0; - th = NULL; - #ifdef INET - h = NULL; - #endif - #ifdef INET6 - h6 = NULL; - #endif - #endif + 0 +#endif + , ("Unsupported AF %d", af)); + len = 0; + th = NULL; +#ifdef INET + h = NULL; +#endif +#ifdef INET6 + h6 = NULL; +#endif +#endif /* __FreeBSD__ */ /* maximum segment size tcp option */ tlen = sizeof(struct tcphdr); @@ -2343,10 +2341,10 @@ pf_send_tcp(const struct pf_rule *r, sa_ m = m_gethdr(M_DONTWAIT, MT_HEADER); if (m == NULL) return; - #ifdef __FreeBSD__ - #ifdef MAC +#ifdef __FreeBSD__ +#ifdef MAC mac_netinet_firewall_send(m); - #endif +#endif if ((pf_mtag = pf_get_mtag(m)) == NULL) { m_freem(m); return; @@ -2362,16 +2360,16 @@ pf_send_tcp(const struct pf_rule *r, sa_ #endif if (r != NULL && r->rtableid >= 0) - #ifdef __FreeBSD__ - { - M_SETFIB(m, r->rtableid); +#ifdef __FreeBSD__ + { + M_SETFIB(m, r->rtableid); pf_mtag->rtableid = r->rtableid; - #else +#else m->m_pkthdr.pf.rtableid = r->rtableid; - #endif +#endif #ifdef __FreeBSD__ - } - #endif + } +#endif #ifdef ALTQ if (r != NULL && r->qid) { @@ -2448,8 +2446,8 @@ pf_send_tcp(const struct pf_rule *r, sa_ h->ip_hl = sizeof(*h) >> 2; h->ip_tos = IPTOS_LOWDELAY; #ifdef __FreeBSD__ - h->ip_off = V_path_mtu_discovery ? IP_DF : 0; - h->ip_len = len; + h->ip_off = V_path_mtu_discovery ? IP_DF : 0; + h->ip_len = len; h->ip_ttl = ttl ? ttl : V_ip_defttl; #else h->ip_len = htons(len); @@ -2458,12 +2456,12 @@ pf_send_tcp(const struct pf_rule *r, sa_ #endif h->ip_sum = 0; if (eh == NULL) { - #ifdef __FreeBSD__ - PF_UNLOCK(); - ip_output(m, (void *)NULL, (void *)NULL, 0, - (void *)NULL, (void *)NULL); - PF_LOCK(); - #else /* ! __FreeBSD__ */ +#ifdef __FreeBSD__ + PF_UNLOCK(); + ip_output(m, (void *)NULL, (void *)NULL, 0, + (void *)NULL, (void *)NULL); + PF_LOCK(); +#else /* ! __FreeBSD__ */ ip_output(m, (void *)NULL, (void *)NULL, 0, (void *)NULL, (void *)NULL); #endif @@ -2483,13 +2481,13 @@ pf_send_tcp(const struct pf_rule *r, sa_ bcopy(eh->ether_dhost, e->ether_shost, ETHER_ADDR_LEN); bcopy(eh->ether_shost, e->ether_dhost, ETHER_ADDR_LEN); e->ether_type = eh->ether_type; - #ifdef __FreeBSD__ - PF_UNLOCK(); - /* XXX_IMPORT: later */ - ip_output(m, (void *)NULL, &ro, 0, - (void *)NULL, (void *)NULL); - PF_LOCK(); - #else /* ! __FreeBSD__ */ +#ifdef __FreeBSD__ + PF_UNLOCK(); + /* XXX_IMPORT: later */ + ip_output(m, (void *)NULL, &ro, 0, + (void *)NULL, (void *)NULL); + PF_LOCK(); +#else /* ! __FreeBSD__ */ ip_output(m, (void *)NULL, &ro, IP_ROUTETOETHER, (void *)NULL, (void *)NULL); #endif @@ -2505,11 +2503,11 @@ pf_send_tcp(const struct pf_rule *r, sa_ h6->ip6_vfc |= IPV6_VERSION; h6->ip6_hlim = IPV6_DEFHLIM; - #ifdef __FreeBSD__ - PF_UNLOCK(); - ip6_output(m, NULL, NULL, 0, NULL, NULL, NULL); - PF_LOCK(); - #else +#ifdef __FreeBSD__ + PF_UNLOCK(); + ip6_output(m, NULL, NULL, 0, NULL, NULL, NULL); + PF_LOCK(); +#else ip6_output(m, NULL, NULL, 0, NULL, NULL, NULL); #endif break; @@ -2523,14 +2521,14 @@ pf_send_icmp(struct mbuf *m, u_int8_t ty { struct mbuf *m0; #ifdef __FreeBSD__ - struct ip *ip; + struct ip *ip; struct pf_mtag *pf_mtag; #endif #ifdef __FreeBSD__ - m0 = m_copypacket(m, M_DONTWAIT); - if (m0 == NULL) - return; + m0 = m_copypacket(m, M_DONTWAIT); + if (m0 == NULL) + return; #else if ((m0 = m_copy(m, 0, M_COPYALL)) == NULL) return; @@ -2539,22 +2537,22 @@ pf_send_icmp(struct mbuf *m, u_int8_t ty #ifdef __FreeBSD__ if ((pf_mtag = pf_get_mtag(m0)) == NULL) return; - /* XXX: revisit */ - m0->m_flags |= M_SKIP_FIREWALL; + /* XXX: revisit */ + m0->m_flags |= M_SKIP_FIREWALL; #else m0->m_pkthdr.pf.flags |= PF_TAG_GENERATED; #endif if (r->rtableid >= 0) #ifdef __FreeBSD__ - { - M_SETFIB(m0, r->rtableid); + { + M_SETFIB(m0, r->rtableid); pf_mtag->rtableid = r->rtableid; #else m0->m_pkthdr.pf.rtableid = r->rtableid; #endif #ifdef __FreeBSD__ - } + } #endif #ifdef ALTQ @@ -2575,13 +2573,13 @@ pf_send_icmp(struct mbuf *m, u_int8_t ty #ifdef INET case AF_INET: #ifdef __FreeBSD__ - /* icmp_error() expects host byte ordering */ - ip = mtod(m0, struct ip *); - NTOHS(ip->ip_len); - NTOHS(ip->ip_off); - PF_UNLOCK(); - icmp_error(m0, type, code, 0, 0); - PF_LOCK(); + /* icmp_error() expects host byte ordering */ + ip = mtod(m0, struct ip *); + NTOHS(ip->ip_len); + NTOHS(ip->ip_off); + PF_UNLOCK(); + icmp_error(m0, type, code, 0, 0); + PF_LOCK(); #else icmp_error(m0, type, code, 0, 0); #endif @@ -2590,11 +2588,11 @@ pf_send_icmp(struct mbuf *m, u_int8_t ty #ifdef INET6 case AF_INET6: #ifdef __FreeBSD__ - PF_UNLOCK(); + PF_UNLOCK(); #endif icmp6_error(m0, type, code, 0); #ifdef __FreeBSD__ - PF_LOCK(); + PF_LOCK(); #endif break; #endif /* INET6 */ @@ -2768,7 +2766,7 @@ pf_tag_packet(struct mbuf *m, int tag, i if (tag > 0) #ifdef __FreeBSD__ - pf_mtag->tag = tag; + pf_mtag->tag = tag; #else m->m_pkthdr.pf.tag = tag; #endif @@ -2938,7 +2936,7 @@ pf_socket_lookup(int direction, struct p struct pf_addr *saddr, *daddr; u_int16_t sport, dport; #ifdef __FreeBSD__ - struct inpcbinfo *pi; + struct inpcbinfo *pi; #else struct inpcbtable *tb; #endif @@ -2950,14 +2948,14 @@ pf_socket_lookup(int direction, struct p pd->lookup.gid = GID_MAX; pd->lookup.pid = NO_PID; - #ifdef __FreeBSD__ - if (inp_arg != NULL) { - INP_LOCK_ASSERT(inp_arg); - pd->lookup.uid = inp_arg->inp_cred->cr_uid; - pd->lookup.gid = inp_arg->inp_cred->cr_groups[0]; - return (1); - } - #endif +#ifdef __FreeBSD__ + if (inp_arg != NULL) { + INP_LOCK_ASSERT(inp_arg); + pd->lookup.uid = inp_arg->inp_cred->cr_uid; + pd->lookup.gid = inp_arg->inp_cred->cr_groups[0]; + return (1); + } +#endif switch (pd->proto) { case IPPROTO_TCP: @@ -2965,9 +2963,9 @@ pf_socket_lookup(int direction, struct p return (-1); sport = pd->hdr.tcp->th_sport; dport = pd->hdr.tcp->th_dport; - #ifdef __FreeBSD__ - pi = &V_tcbinfo; - #else +#ifdef __FreeBSD__ + pi = &V_tcbinfo; +#else tb = &tcbtable; #endif break; @@ -2976,9 +2974,9 @@ pf_socket_lookup(int direction, struct p return (-1); sport = pd->hdr.udp->uh_sport; dport = pd->hdr.udp->uh_dport; - #ifdef __FreeBSD__ - pi = &V_udbinfo; - #else +#ifdef __FreeBSD__ + pi = &V_udbinfo; +#else tb = &udbtable; #endif break; @@ -3000,19 +2998,19 @@ pf_socket_lookup(int direction, struct p switch (pd->af) { #ifdef INET case AF_INET: - #ifdef __FreeBSD__ - INP_INFO_RLOCK(pi); /* XXX LOR */ - inp = in_pcblookup_hash(pi, saddr->v4, sport, daddr->v4, - dport, 0, NULL); - if (inp == NULL) { - inp = in_pcblookup_hash(pi, saddr->v4, sport, - daddr->v4, dport, INPLOOKUP_WILDCARD, NULL); - if(inp == NULL) { - INP_INFO_RUNLOCK(pi); - return (-1); - } - } - #else +#ifdef __FreeBSD__ + INP_INFO_RLOCK(pi); /* XXX LOR */ + inp = in_pcblookup_hash(pi, saddr->v4, sport, daddr->v4, + dport, 0, NULL); + if (inp == NULL) { + inp = in_pcblookup_hash(pi, saddr->v4, sport, + daddr->v4, dport, INPLOOKUP_WILDCARD, NULL); + if (inp == NULL) { + INP_INFO_RUNLOCK(pi); + return (-1); + } + } +#else inp = in_pcbhashlookup(tb, saddr->v4, sport, daddr->v4, dport); if (inp == NULL) { inp = in_pcblookup_listen(tb, daddr->v4, dport, 0, @@ -3025,19 +3023,19 @@ pf_socket_lookup(int direction, struct p #endif /* INET */ #ifdef INET6 case AF_INET6: - #ifdef __FreeBSD__ - INP_INFO_RLOCK(pi); - inp = in6_pcblookup_hash(pi, &saddr->v6, sport, - &daddr->v6, dport, 0, NULL); - if (inp == NULL) { - inp = in6_pcblookup_hash(pi, &saddr->v6, sport, - &daddr->v6, dport, INPLOOKUP_WILDCARD, NULL); - if (inp == NULL) { - INP_INFO_RUNLOCK(pi); - return (-1); - } - } - #else +#ifdef __FreeBSD__ + INP_INFO_RLOCK(pi); + inp = in6_pcblookup_hash(pi, &saddr->v6, sport, + &daddr->v6, dport, 0, NULL); + if (inp == NULL) { + inp = in6_pcblookup_hash(pi, &saddr->v6, sport, + &daddr->v6, dport, INPLOOKUP_WILDCARD, NULL); + if (inp == NULL) { + INP_INFO_RUNLOCK(pi); + return (-1); + } + } +#else inp = in6_pcbhashlookup(tb, &saddr->v6, sport, &daddr->v6, dport); if (inp == NULL) { @@ -3054,9 +3052,9 @@ pf_socket_lookup(int direction, struct p return (-1); } #ifdef __FreeBSD__ - pd->lookup.uid = inp->inp_cred->cr_uid; - pd->lookup.gid = inp->inp_cred->cr_groups[0]; - INP_INFO_RUNLOCK(pi); + pd->lookup.uid = inp->inp_cred->cr_uid; + pd->lookup.gid = inp->inp_cred->cr_groups[0]; + INP_INFO_RUNLOCK(pi); #else pd->lookup.uid = inp->inp_socket->so_euid; pd->lookup.gid = inp->inp_socket->so_egid; @@ -3176,13 +3174,13 @@ pf_calc_mss(struct pf_addr *addr, sa_fam dst->sin_family = AF_INET; dst->sin_len = sizeof(*dst); dst->sin_addr = addr->v4; - #ifdef __FreeBSD__ - #ifdef RTF_PRCLONING - rtalloc_ign(&ro, (RTF_CLONING | RTF_PRCLONING)); - #else /* !RTF_PRCLONING */ - in_rtalloc_ign(&ro, 0, 0); - #endif - #else /* ! __FreeBSD__ */ +#ifdef __FreeBSD__ +#ifdef RTF_PRCLONING + rtalloc_ign(&ro, (RTF_CLONING | RTF_PRCLONING)); +#else /* !RTF_PRCLONING */ + in_rtalloc_ign(&ro, 0, 0); +#endif +#else /* ! __FreeBSD__ */ rtalloc_noclone(&ro, NO_CLONING); #endif rt = ro.ro_rt; @@ -3196,14 +3194,14 @@ pf_calc_mss(struct pf_addr *addr, sa_fam dst6->sin6_family = AF_INET6; dst6->sin6_len = sizeof(*dst6); dst6->sin6_addr = addr->v6; - #ifdef __FreeBSD__ - #ifdef RTF_PRCLONING - rtalloc_ign((struct route *)&ro6, - (RTF_CLONING | RTF_PRCLONING)); - #else /* !RTF_PRCLONING */ - rtalloc_ign((struct route *)&ro6, 0); - #endif - #else /* ! __FreeBSD__ */ +#ifdef __FreeBSD__ +#ifdef RTF_PRCLONING + rtalloc_ign((struct route *)&ro6, + (RTF_CLONING | RTF_PRCLONING)); +#else /* !RTF_PRCLONING */ + rtalloc_ign((struct route *)&ro6, 0); +#endif +#else /* ! __FreeBSD__ */ rtalloc_noclone((struct route *)&ro6, NO_CLONING); #endif rt = ro6.ro_rt; @@ -3340,16 +3338,16 @@ pf_test_rule(struct pf_rule **rm, struct return (PF_DROP); } - #ifdef __FreeBSD__ - if (inp != NULL) - pd->lookup.done = pf_socket_lookup(direction, pd, inp); - else if (V_debug_pfugidhack) { - PF_UNLOCK(); - DPFPRINTF(PF_DEBUG_MISC, ("pf: unlocked lookup\n")); - pd->lookup.done = pf_socket_lookup(direction, pd, inp); - PF_LOCK(); - } - #endif +#ifdef __FreeBSD__ + if (inp != NULL) + pd->lookup.done = pf_socket_lookup(direction, pd, inp); + else if (V_debug_pfugidhack) { + PF_UNLOCK(); + DPFPRINTF(PF_DEBUG_MISC, ("pf: unlocked lookup\n")); + pd->lookup.done = pf_socket_lookup(direction, pd, inp); + PF_LOCK(); + } +#endif switch (pd->proto) { case IPPROTO_TCP: @@ -3571,9 +3569,9 @@ pf_test_rule(struct pf_rule **rm, struct r = TAILQ_NEXT(r, entries); /* tcp/udp only. uid.op always 0 in other cases */ else if (r->uid.op && (pd->lookup.done || (pd->lookup.done = - #ifdef __FreeBSD__ - pf_socket_lookup(direction, pd, inp), 1)) && - #else +#ifdef __FreeBSD__ + pf_socket_lookup(direction, pd, inp), 1)) && +#else pf_socket_lookup(direction, pd), 1)) && #endif !pf_match_uid(r->uid.op, r->uid.uid[0], r->uid.uid[1], @@ -3581,9 +3579,9 @@ pf_test_rule(struct pf_rule **rm, struct r = TAILQ_NEXT(r, entries); /* tcp/udp only. gid.op always 0 in other cases */ else if (r->gid.op && (pd->lookup.done || (pd->lookup.done = - #ifdef __FreeBSD__ - pf_socket_lookup(direction, pd, inp), 1)) && - #else +#ifdef __FreeBSD__ + pf_socket_lookup(direction, pd, inp), 1)) && +#else pf_socket_lookup(direction, pd), 1)) && #endif !pf_match_gid(r->gid.op, r->gid.gid[0], r->gid.gid[1], @@ -3686,9 +3684,9 @@ pf_test_rule(struct pf_rule **rm, struct ack++; if (th->th_flags & TH_FIN) ack++; - #ifdef __FreeBSD__ - pf_send_tcp(m, r, af, pd->dst, - #else +#ifdef __FreeBSD__ + pf_send_tcp(m, r, af, pd->dst, +#else pf_send_tcp(r, af, pd->dst, #endif pd->src, th->th_dport, th->th_sport, @@ -3995,9 +3993,9 @@ pf_create_state(struct pf_rule *r, struc mss = pf_calc_mss(pd->src, pd->af, mss); mss = pf_calc_mss(pd->dst, pd->af, mss); s->src.mss = mss; - #ifdef __FreeBSD__ +#ifdef __FreeBSD__ pf_send_tcp(NULL, r, pd->af, pd->dst, pd->src, th->th_dport, - #else +#else pf_send_tcp(r, pd->af, pd->dst, pd->src, th->th_dport, #endif th->th_sport, s->src.seqhi, ntohl(th->th_seq) + 1, @@ -4291,7 +4289,7 @@ pf_tcp_track_full(struct pf_state_peer * } -#define MAXACKWINDOW (0xffff + 1500) /* 1500 is an arbitrary fudge factor */ +#define MAXACKWINDOW (0xffff + 1500) /* 1500 is an arbitrary fudge factor */ if (SEQ_GEQ(src->seqhi, end) && /* Last octet inside other's window space */ SEQ_GEQ(seq, src->seqlo - (dst->max_win << dws)) && @@ -4786,9 +4784,9 @@ pf_test_state_udp(struct pf_state **stat } #ifdef __FreeBSD__ - STATE_LOOKUP(kif, &key, direction, *state, m, pd->pf_mtag); + STATE_LOOKUP(kif, &key, direction, *state, m, pd->pf_mtag); #else - STATE_LOOKUP(kif, &key, direction, *state, m); + STATE_LOOKUP(kif, &key, direction, *state, m); #endif if (direction == (*state)->direction) { @@ -5314,12 +5312,12 @@ pf_test_state_icmp(struct pf_state **sta m_copyback(m, off, sizeof(struct icmp6_hdr), #ifdef __FreeBSD__ - (caddr_t) + (caddr_t) #endif pd->hdr.icmp6); m_copyback(m, ipoff2, sizeof(h2_6), #ifdef __FreeBSD__ - (caddr_t) + (caddr_t) #endif &h2_6); break; @@ -5517,12 +5515,12 @@ pf_test_state_icmp(struct pf_state **sta *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***