Date: Wed, 6 Jan 2021 05:50:51 +0100 From: "Hartmann, O." <o.hartmann@walstatt.org> To: Kristof Provost <kp@FreeBSD.org> Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: fda7daf06301 - main - pfctl: Stop sharing pf_ruleset.c with the kernel Message-ID: <20210106055051.51e28498@hermann.fritz.box> In-Reply-To: <202101052237.105MbsPa081440@gitrepo.freebsd.org> References: <202101052237.105MbsPa081440@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/hfzsmyUhBwP5pCfjizJvKl8 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Tue, 5 Jan 2021 22:37:54 GMT Kristof Provost <kp@FreeBSD.org> wrote: > The branch main has been updated by kp: >=20 > URL: https://cgit.FreeBSD.org/src/commit/?id=3Dfda7daf06301beef1bdad39891= 232a12c6925b22 >=20 > commit fda7daf06301beef1bdad39891232a12c6925b22 > Author: Kristof Provost <kp@FreeBSD.org> > AuthorDate: 2020-12-24 15:02:04 +0000 > Commit: Kristof Provost <kp@FreeBSD.org> > CommitDate: 2021-01-05 22:35:37 +0000 >=20 > pfctl: Stop sharing pf_ruleset.c with the kernel > =20 > Now that we've split up the datastructures used by the kernel and > userspace there's essentually no more overlap between the pf_ruleset.c > code used by userspace and kernelspace. > =20 > Copy the userspace bits to the pfctl directory and stop using the ker= nel > file. > =20 > Reviewed by: philip > MFC after: 2 weeks > Sponsored by: Orange Business Services > Differential Revision: https://reviews.freebsd.org/D27764 > --- > sbin/pfctl/Makefile | 3 - > sbin/pfctl/pf_ruleset.c | 343 ++++++++++++++++++++++++++++++++++++++= ++++++ > sys/netpfil/pf/pf_ruleset.c | 286 +----------------------------------- > 3 files changed, 349 insertions(+), 283 deletions(-) >=20 > diff --git a/sbin/pfctl/Makefile b/sbin/pfctl/Makefile > index 8ca3b5d86285..14dc83eb97b0 100644 > --- a/sbin/pfctl/Makefile > +++ b/sbin/pfctl/Makefile > @@ -2,9 +2,6 @@ > =20 > .include <src.opts.mk> > =20 > -# pf_ruleset.c is shared between kernel and pfctl > -.PATH: ${SRCTOP}/sys/netpfil/pf > - > PACKAGE=3Dpf > CONFS=3D pf.os > PROG=3D pfctl > diff --git a/sbin/pfctl/pf_ruleset.c b/sbin/pfctl/pf_ruleset.c > new file mode 100644 > index 000000000000..7c337d7a2da7 > --- /dev/null > +++ b/sbin/pfctl/pf_ruleset.c > @@ -0,0 +1,343 @@ > +/*- > + * SPDX-License-Identifier: BSD-2-Clause > + * > + * Copyright (c) 2001 Daniel Hartmeier > + * Copyright (c) 2002,2003 Henning Brauer > + * All rights reserved. > + * > + * Redistribution and use in source and binary forms, with or without > + * modification, are permitted provided that the following conditions > + * are met: > + * > + * - Redistributions of source code must retain the above copyright > + * notice, this list of conditions and the following disclaimer. > + * - Redistributions in binary form must reproduce the above > + * copyright notice, this list of conditions and the following > + * disclaimer in the documentation and/or other materials provided > + * with the distribution. > + * > + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS > + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE > + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, > + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, > + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; > + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER > + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT > + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN > + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE > + * POSSIBILITY OF SUCH DAMAGE. > + * > + * Effort sponsored in part by the Defense Advanced Research Projects > + * Agency (DARPA) and Air Force Research Laboratory, Air Force > + * Materiel Command, USAF, under agreement number F30602-01-2-0537. > + * > + * $OpenBSD: pf_ruleset.c,v 1.2 2008/12/18 15:31:37 dhill Exp $ > + */ > + > +#include <sys/cdefs.h> > +__FBSDID("$FreeBSD$"); > + > +#include <sys/param.h> > +#include <sys/socket.h> > +#include <sys/mbuf.h> > + > +#include <netinet/in.h> > +#include <netinet/in_systm.h> > +#include <netinet/ip.h> > +#include <netinet/tcp.h> > + > +#include <net/if.h> > +#include <net/vnet.h> > +#include <net/pfvar.h> > + > +#ifdef INET6 > +#include <netinet/ip6.h> > +#endif /* INET6 */ > + > +#include <arpa/inet.h> > +#include <errno.h> > +#include <stdio.h> > +#include <stdlib.h> > +#include <string.h> > +#define rs_malloc(x) calloc(1, x) > +#define rs_free(x) free(x) > + > +#ifdef PFDEBUG > +#include <sys/stdarg.h> > +#define DPFPRINTF(format, x...) fprintf(stderr, format , ##x) > +#else > +#define DPFPRINTF(format, x...) ((void)0) > +#endif /* PFDEBUG */ > + > +struct pf_anchor_global pf_anchors; > +struct pf_anchor pf_main_anchor; > +#undef V_pf_anchors > +#define V_pf_anchors pf_anchors > +#undef pf_main_ruleset > +#define pf_main_ruleset pf_main_anchor.ruleset > + > +static __inline int pf_anchor_compare(struct pf_anchor *, > + struct pf_anchor *); > +static struct pf_anchor *pf_find_anchor(const char *); > + > +RB_GENERATE(pf_anchor_global, pf_anchor, entry_global, pf_anchor_compare= ); > +RB_GENERATE(pf_anchor_node, pf_anchor, entry_node, pf_anchor_compare); > + > +static __inline int > +pf_anchor_compare(struct pf_anchor *a, struct pf_anchor *b) > +{ > + int c =3D strcmp(a->path, b->path); > + > + return (c ? (c < 0 ? -1 : 1) : 0); > +} > + > +int > +pf_get_ruleset_number(u_int8_t action) > +{ > + switch (action) { > + case PF_SCRUB: > + case PF_NOSCRUB: > + return (PF_RULESET_SCRUB); > + break; > + case PF_PASS: > + case PF_DROP: > + return (PF_RULESET_FILTER); > + break; > + case PF_NAT: > + case PF_NONAT: > + return (PF_RULESET_NAT); > + break; > + case PF_BINAT: > + case PF_NOBINAT: > + return (PF_RULESET_BINAT); > + break; > + case PF_RDR: > + case PF_NORDR: > + return (PF_RULESET_RDR); > + break; > + default: > + return (PF_RULESET_MAX); > + break; > + } > +} > + > +void > +pf_init_ruleset(struct pf_ruleset *ruleset) > +{ > + int i; > + > + memset(ruleset, 0, sizeof(struct pf_ruleset)); > + for (i =3D 0; i < PF_RULESET_MAX; i++) { > + TAILQ_INIT(&ruleset->rules[i].queues[0]); > + TAILQ_INIT(&ruleset->rules[i].queues[1]); > + ruleset->rules[i].active.ptr =3D &ruleset->rules[i].queues[0]; > + ruleset->rules[i].inactive.ptr =3D &ruleset->rules[i].queues[1]; > + } > +} > + > +static struct pf_anchor * > +pf_find_anchor(const char *path) > +{ > + struct pf_anchor *key, *found; > + > + key =3D (struct pf_anchor *)rs_malloc(sizeof(*key)); > + if (key =3D=3D NULL) > + return (NULL); > + strlcpy(key->path, path, sizeof(key->path)); > + found =3D RB_FIND(pf_anchor_global, &V_pf_anchors, key); > + rs_free(key); > + return (found); > +} > + > +struct pf_ruleset * > +pf_find_ruleset(const char *path) > +{ > + struct pf_anchor *anchor; > + > + while (*path =3D=3D '/') > + path++; > + if (!*path) > + return (&pf_main_ruleset); > + anchor =3D pf_find_anchor(path); > + if (anchor =3D=3D NULL) > + return (NULL); > + else > + return (&anchor->ruleset); > +} > + > +struct pf_ruleset * > +pf_find_or_create_ruleset(const char *path) > +{ > + char *p, *q, *r; > + struct pf_ruleset *ruleset; > + struct pf_anchor *anchor =3D NULL, *dup, *parent =3D NULL; > + > + if (path[0] =3D=3D 0) > + return (&pf_main_ruleset); > + while (*path =3D=3D '/') > + path++; > + ruleset =3D pf_find_ruleset(path); > + if (ruleset !=3D NULL) > + return (ruleset); > + p =3D (char *)rs_malloc(MAXPATHLEN); > + if (p =3D=3D NULL) > + return (NULL); > + strlcpy(p, path, MAXPATHLEN); > + while (parent =3D=3D NULL && (q =3D strrchr(p, '/')) !=3D NULL) { > + *q =3D 0; > + if ((ruleset =3D pf_find_ruleset(p)) !=3D NULL) { > + parent =3D ruleset->anchor; > + break; > + } > + } > + if (q =3D=3D NULL) > + q =3D p; > + else > + q++; > + strlcpy(p, path, MAXPATHLEN); > + if (!*q) { > + rs_free(p); > + return (NULL); > + } > + while ((r =3D strchr(q, '/')) !=3D NULL || *q) { > + if (r !=3D NULL) > + *r =3D 0; > + if (!*q || strlen(q) >=3D PF_ANCHOR_NAME_SIZE || > + (parent !=3D NULL && strlen(parent->path) >=3D > + MAXPATHLEN - PF_ANCHOR_NAME_SIZE - 1)) { > + rs_free(p); > + return (NULL); > + } > + anchor =3D (struct pf_anchor *)rs_malloc(sizeof(*anchor)); > + if (anchor =3D=3D NULL) { > + rs_free(p); > + return (NULL); > + } > + RB_INIT(&anchor->children); > + strlcpy(anchor->name, q, sizeof(anchor->name)); > + if (parent !=3D NULL) { > + strlcpy(anchor->path, parent->path, > + sizeof(anchor->path)); > + strlcat(anchor->path, "/", sizeof(anchor->path)); > + } > + strlcat(anchor->path, anchor->name, sizeof(anchor->path)); > + if ((dup =3D RB_INSERT(pf_anchor_global, &V_pf_anchors, anchor)) !=3D > + NULL) { > + printf("pf_find_or_create_ruleset: RB_INSERT1 " > + "'%s' '%s' collides with '%s' '%s'\n", > + anchor->path, anchor->name, dup->path, dup->name); > + rs_free(anchor); > + rs_free(p); > + return (NULL); > + } > + if (parent !=3D NULL) { > + anchor->parent =3D parent; > + if ((dup =3D RB_INSERT(pf_anchor_node, &parent->children, > + anchor)) !=3D NULL) { > + printf("pf_find_or_create_ruleset: " > + "RB_INSERT2 '%s' '%s' collides with " > + "'%s' '%s'\n", anchor->path, anchor->name, > + dup->path, dup->name); > + RB_REMOVE(pf_anchor_global, &V_pf_anchors, > + anchor); > + rs_free(anchor); > + rs_free(p); > + return (NULL); > + } > + } > + pf_init_ruleset(&anchor->ruleset); > + anchor->ruleset.anchor =3D anchor; > + parent =3D anchor; > + if (r !=3D NULL) > + q =3D r + 1; > + else > + *q =3D 0; > + } > + rs_free(p); > + return (&anchor->ruleset); > +} > + > +void > +pf_remove_if_empty_ruleset(struct pf_ruleset *ruleset) > +{ > + struct pf_anchor *parent; > + int i; > + > + while (ruleset !=3D NULL) { > + if (ruleset =3D=3D &pf_main_ruleset || ruleset->anchor =3D=3D NULL || > + !RB_EMPTY(&ruleset->anchor->children) || > + ruleset->anchor->refcnt > 0 || ruleset->tables > 0 || > + ruleset->topen) > + return; > + for (i =3D 0; i < PF_RULESET_MAX; ++i) > + if (!TAILQ_EMPTY(ruleset->rules[i].active.ptr) || > + !TAILQ_EMPTY(ruleset->rules[i].inactive.ptr) || > + ruleset->rules[i].inactive.open) > + return; > + RB_REMOVE(pf_anchor_global, &V_pf_anchors, ruleset->anchor); > + if ((parent =3D ruleset->anchor->parent) !=3D NULL) > + RB_REMOVE(pf_anchor_node, &parent->children, > + ruleset->anchor); > + rs_free(ruleset->anchor); > + if (parent =3D=3D NULL) > + return; > + ruleset =3D &parent->ruleset; > + } > +} > +int > +pf_anchor_setup(struct pf_rule *r, const struct pf_ruleset *s, > + const char *name) > +{ > + char *p, *path; > + struct pf_ruleset *ruleset; > + > + r->anchor =3D NULL; > + r->anchor_relative =3D 0; > + r->anchor_wildcard =3D 0; > + if (!name[0]) > + return (0); > + path =3D (char *)rs_malloc(MAXPATHLEN); > + if (path =3D=3D NULL) > + return (1); > + if (name[0] =3D=3D '/') > + strlcpy(path, name + 1, MAXPATHLEN); > + else { > + /* relative path */ > + r->anchor_relative =3D 1; > + if (s->anchor =3D=3D NULL || !s->anchor->path[0]) > + path[0] =3D 0; > + else > + strlcpy(path, s->anchor->path, MAXPATHLEN); > + while (name[0] =3D=3D '.' && name[1] =3D=3D '.' && name[2] =3D=3D '/')= { > + if (!path[0]) { > + printf("pf_anchor_setup: .. beyond root\n"); > + rs_free(path); > + return (1); > + } > + if ((p =3D strrchr(path, '/')) !=3D NULL) > + *p =3D 0; > + else > + path[0] =3D 0; > + r->anchor_relative++; > + name +=3D 3; > + } > + if (path[0]) > + strlcat(path, "/", MAXPATHLEN); > + strlcat(path, name, MAXPATHLEN); > + } > + if ((p =3D strrchr(path, '/')) !=3D NULL && !strcmp(p, "/*")) { > + r->anchor_wildcard =3D 1; > + *p =3D 0; > + } > + ruleset =3D pf_find_or_create_ruleset(path); > + rs_free(path); > + if (ruleset =3D=3D NULL || ruleset->anchor =3D=3D NULL) { > + printf("pf_anchor_setup: ruleset\n"); > + return (1); > + } > + r->anchor =3D ruleset->anchor; > + r->anchor->refcnt++; > + return (0); > +} > diff --git a/sys/netpfil/pf/pf_ruleset.c b/sys/netpfil/pf/pf_ruleset.c > index b2604795811a..31a4ed879937 100644 > --- a/sys/netpfil/pf/pf_ruleset.c > +++ b/sys/netpfil/pf/pf_ruleset.c > @@ -41,10 +41,8 @@ __FBSDID("$FreeBSD$"); > =20 > #include <sys/param.h> > #include <sys/socket.h> > -#ifdef _KERNEL > -# include <sys/systm.h> > -# include <sys/refcount.h> > -#endif /* _KERNEL */ > +#include <sys/systm.h> > +#include <sys/refcount.h> > #include <sys/mbuf.h> > =20 > #include <netinet/in.h> > @@ -60,71 +58,26 @@ __FBSDID("$FreeBSD$"); > #include <netinet/ip6.h> > #endif /* INET6 */ > =20 > -#ifdef _KERNEL > +#ifndef _KERNEL > +#error "Kernel only file. Please use sbin/pfctl/pf_ruleset.c instead." > +#endif > + > #define DPFPRINTF(format, x...) \ > if (V_pf_status.debug >=3D PF_DEBUG_NOISY) \ > printf(format , ##x) > #define rs_malloc(x) malloc(x, M_TEMP, M_NOWAIT|M_ZERO) > #define rs_free(x) free(x, M_TEMP) > =20 > -#else > -/* Userland equivalents so we can lend code to pfctl et al. */ > - > -#include <arpa/inet.h> > -#include <errno.h> > -#include <stdio.h> > -#include <stdlib.h> > -#include <string.h> > -#define rs_malloc(x) calloc(1, x) > -#define rs_free(x) free(x) > - > -#ifdef PFDEBUG > -#include <sys/stdarg.h> > -#define DPFPRINTF(format, x...) fprintf(stderr, format , ##x) > -#else > -#define DPFPRINTF(format, x...) ((void)0) > -#endif /* PFDEBUG */ > -#endif /* _KERNEL */ > - > -#ifdef _KERNEL > VNET_DEFINE(struct pf_kanchor_global, pf_anchors); > VNET_DEFINE(struct pf_kanchor, pf_main_anchor); > -#else /* ! _KERNEL */ > -struct pf_anchor_global pf_anchors; > -struct pf_anchor pf_main_anchor; > -#undef V_pf_anchors > -#define V_pf_anchors pf_anchors > -#undef pf_main_ruleset > -#define pf_main_ruleset pf_main_anchor.ruleset > -#endif /* _KERNEL */ > - > =20 > -#ifdef _KERNEL > static __inline int pf_kanchor_compare(struct pf_kanchor *, > struct pf_kanchor *); > static struct pf_kanchor *pf_find_kanchor(const char *); > =20 > RB_GENERATE(pf_kanchor_global, pf_kanchor, entry_global, pf_kanchor_comp= are); > RB_GENERATE(pf_kanchor_node, pf_kanchor, entry_node, pf_kanchor_compare); > -#else > -static __inline int pf_anchor_compare(struct pf_anchor *, > - struct pf_anchor *); > -static struct pf_anchor *pf_find_anchor(const char *); > =20 > -RB_GENERATE(pf_anchor_global, pf_anchor, entry_global, pf_anchor_compare= ); > -RB_GENERATE(pf_anchor_node, pf_anchor, entry_node, pf_anchor_compare); > -#endif > - > - > -#ifndef _KERNEL > -static __inline int > -pf_anchor_compare(struct pf_anchor *a, struct pf_anchor *b) > -{ > - int c =3D strcmp(a->path, b->path); > - > - return (c ? (c < 0 ? -1 : 1) : 0); > -} > -#else > static __inline int > pf_kanchor_compare(struct pf_kanchor *a, struct pf_kanchor *b) > { > @@ -132,7 +85,6 @@ pf_kanchor_compare(struct pf_kanchor *a, struct pf_kan= chor *b) > =20 > return (c ? (c < 0 ? -1 : 1) : 0); > } > -#endif > =20 > int > pf_get_ruleset_number(u_int8_t action) > @@ -164,35 +116,6 @@ pf_get_ruleset_number(u_int8_t action) > } > } > =20 > -#ifndef _KERNEL > -void > -pf_init_ruleset(struct pf_ruleset *ruleset) > -{ > - int i; > - > - memset(ruleset, 0, sizeof(struct pf_ruleset)); > - for (i =3D 0; i < PF_RULESET_MAX; i++) { > - TAILQ_INIT(&ruleset->rules[i].queues[0]); > - TAILQ_INIT(&ruleset->rules[i].queues[1]); > - ruleset->rules[i].active.ptr =3D &ruleset->rules[i].queues[0]; > - ruleset->rules[i].inactive.ptr =3D &ruleset->rules[i].queues[1]; > - } > -} > - > -static struct pf_anchor * > -pf_find_anchor(const char *path) > -{ > - struct pf_anchor *key, *found; > - > - key =3D (struct pf_anchor *)rs_malloc(sizeof(*key)); > - if (key =3D=3D NULL) > - return (NULL); > - strlcpy(key->path, path, sizeof(key->path)); > - found =3D RB_FIND(pf_anchor_global, &V_pf_anchors, key); > - rs_free(key); > - return (found); > -} > -#else > static struct pf_kanchor * > pf_find_kanchor(const char *path) > { > @@ -220,10 +143,7 @@ pf_init_kruleset(struct pf_kruleset *ruleset) > ruleset->rules[i].inactive.ptr =3D &ruleset->rules[i].queues[1]; > } > } > -#endif > =20 > - > -#ifdef _KERNEL > struct pf_kruleset * > pf_find_kruleset(const char *path) > { > @@ -476,197 +396,3 @@ pf_kanchor_remove(struct pf_krule *r) > pf_remove_if_empty_kruleset(&r->anchor->ruleset); > r->anchor =3D NULL; > } > - > -#else > - > -struct pf_ruleset * > -pf_find_ruleset(const char *path) > -{ > - struct pf_anchor *anchor; > - > - while (*path =3D=3D '/') > - path++; > - if (!*path) > - return (&pf_main_ruleset); > - anchor =3D pf_find_anchor(path); > - if (anchor =3D=3D NULL) > - return (NULL); > - else > - return (&anchor->ruleset); > -} > - > -struct pf_ruleset * > -pf_find_or_create_ruleset(const char *path) > -{ > - char *p, *q, *r; > - struct pf_ruleset *ruleset; > - struct pf_anchor *anchor =3D NULL, *dup, *parent =3D NULL; > - > - if (path[0] =3D=3D 0) > - return (&pf_main_ruleset); > - while (*path =3D=3D '/') > - path++; > - ruleset =3D pf_find_ruleset(path); > - if (ruleset !=3D NULL) > - return (ruleset); > - p =3D (char *)rs_malloc(MAXPATHLEN); > - if (p =3D=3D NULL) > - return (NULL); > - strlcpy(p, path, MAXPATHLEN); > - while (parent =3D=3D NULL && (q =3D strrchr(p, '/')) !=3D NULL) { > - *q =3D 0; > - if ((ruleset =3D pf_find_ruleset(p)) !=3D NULL) { > - parent =3D ruleset->anchor; > - break; > - } > - } > - if (q =3D=3D NULL) > - q =3D p; > - else > - q++; > - strlcpy(p, path, MAXPATHLEN); > - if (!*q) { > - rs_free(p); > - return (NULL); > - } > - while ((r =3D strchr(q, '/')) !=3D NULL || *q) { > - if (r !=3D NULL) > - *r =3D 0; > - if (!*q || strlen(q) >=3D PF_ANCHOR_NAME_SIZE || > - (parent !=3D NULL && strlen(parent->path) >=3D > - MAXPATHLEN - PF_ANCHOR_NAME_SIZE - 1)) { > - rs_free(p); > - return (NULL); > - } > - anchor =3D (struct pf_anchor *)rs_malloc(sizeof(*anchor)); > - if (anchor =3D=3D NULL) { > - rs_free(p); > - return (NULL); > - } > - RB_INIT(&anchor->children); > - strlcpy(anchor->name, q, sizeof(anchor->name)); > - if (parent !=3D NULL) { > - strlcpy(anchor->path, parent->path, > - sizeof(anchor->path)); > - strlcat(anchor->path, "/", sizeof(anchor->path)); > - } > - strlcat(anchor->path, anchor->name, sizeof(anchor->path)); > - if ((dup =3D RB_INSERT(pf_anchor_global, &V_pf_anchors, anchor)) !=3D > - NULL) { > - printf("pf_find_or_create_ruleset: RB_INSERT1 " > - "'%s' '%s' collides with '%s' '%s'\n", > - anchor->path, anchor->name, dup->path, dup->name); > - rs_free(anchor); > - rs_free(p); > - return (NULL); > - } > - if (parent !=3D NULL) { > - anchor->parent =3D parent; > - if ((dup =3D RB_INSERT(pf_anchor_node, &parent->children, > - anchor)) !=3D NULL) { > - printf("pf_find_or_create_ruleset: " > - "RB_INSERT2 '%s' '%s' collides with " > - "'%s' '%s'\n", anchor->path, anchor->name, > - dup->path, dup->name); > - RB_REMOVE(pf_anchor_global, &V_pf_anchors, > - anchor); > - rs_free(anchor); > - rs_free(p); > - return (NULL); > - } > - } > - pf_init_ruleset(&anchor->ruleset); > - anchor->ruleset.anchor =3D anchor; > - parent =3D anchor; > - if (r !=3D NULL) > - q =3D r + 1; > - else > - *q =3D 0; > - } > - rs_free(p); > - return (&anchor->ruleset); > -} > - > -void > -pf_remove_if_empty_ruleset(struct pf_ruleset *ruleset) > -{ > - struct pf_anchor *parent; > - int i; > - > - while (ruleset !=3D NULL) { > - if (ruleset =3D=3D &pf_main_ruleset || ruleset->anchor =3D=3D NULL || > - !RB_EMPTY(&ruleset->anchor->children) || > - ruleset->anchor->refcnt > 0 || ruleset->tables > 0 || > - ruleset->topen) > - return; > - for (i =3D 0; i < PF_RULESET_MAX; ++i) > - if (!TAILQ_EMPTY(ruleset->rules[i].active.ptr) || > - !TAILQ_EMPTY(ruleset->rules[i].inactive.ptr) || > - ruleset->rules[i].inactive.open) > - return; > - RB_REMOVE(pf_anchor_global, &V_pf_anchors, ruleset->anchor); > - if ((parent =3D ruleset->anchor->parent) !=3D NULL) > - RB_REMOVE(pf_anchor_node, &parent->children, > - ruleset->anchor); > - rs_free(ruleset->anchor); > - if (parent =3D=3D NULL) > - return; > - ruleset =3D &parent->ruleset; > - } > -} > -int > -pf_anchor_setup(struct pf_rule *r, const struct pf_ruleset *s, > - const char *name) > -{ > - char *p, *path; > - struct pf_ruleset *ruleset; > - > - r->anchor =3D NULL; > - r->anchor_relative =3D 0; > - r->anchor_wildcard =3D 0; > - if (!name[0]) > - return (0); > - path =3D (char *)rs_malloc(MAXPATHLEN); > - if (path =3D=3D NULL) > - return (1); > - if (name[0] =3D=3D '/') > - strlcpy(path, name + 1, MAXPATHLEN); > - else { > - /* relative path */ > - r->anchor_relative =3D 1; > - if (s->anchor =3D=3D NULL || !s->anchor->path[0]) > - path[0] =3D 0; > - else > - strlcpy(path, s->anchor->path, MAXPATHLEN); > - while (name[0] =3D=3D '.' && name[1] =3D=3D '.' && name[2] =3D=3D '/')= { > - if (!path[0]) { > - printf("pf_anchor_setup: .. beyond root\n"); > - rs_free(path); > - return (1); > - } > - if ((p =3D strrchr(path, '/')) !=3D NULL) > - *p =3D 0; > - else > - path[0] =3D 0; > - r->anchor_relative++; > - name +=3D 3; > - } > - if (path[0]) > - strlcat(path, "/", MAXPATHLEN); > - strlcat(path, name, MAXPATHLEN); > - } > - if ((p =3D strrchr(path, '/')) !=3D NULL && !strcmp(p, "/*")) { > - r->anchor_wildcard =3D 1; > - *p =3D 0; > - } > - ruleset =3D pf_find_or_create_ruleset(path); > - rs_free(path); > - if (ruleset =3D=3D NULL || ruleset->anchor =3D=3D NULL) { > - printf("pf_anchor_setup: ruleset\n"); > - return (1); > - } > - r->anchor =3D ruleset->anchor; > - r->anchor->refcnt++; > - return (0); > -} > -#endif > _______________________________________________ > dev-commits-src-main@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/dev-commits-src-main > To unsubscribe, send any mail to "dev-commits-src-main-unsubscribe@freebs= d.org" It seems that now make buildkernel fails (at least for me): [...] =3D=3D=3D> lib/libelftc (all) --- all_subdir_sbin --- /usr/src/sys/netpfil/pf/pf_ruleset.c:62:2: error: "Kernel only file. Please= use sbin/pfctl/pf_ruleset.c instead." #error "Kernel only file. Please use sbin/pfctl/pf_ruleset.c instead." ^ /usr/src/sys/netpfil/pf/pf_ruleset.c:71:39: warning: type specifier missing= , defaults to 'int' [-Wimplicit-int] VNET_DEFINE(struct pf_kanchor_global, pf_anchors); ^ /usr/src/sys/netpfil/pf/pf_ruleset.c:71:1: warning: type specifier missing,= defaults to 'int' [-Wimplicit-int] VNET_DEFINE(struct pf_kanchor_global, pf_anchors); ^ /usr/src/sys/netpfil/pf/pf_ruleset.c:72:33: warning: type specifier missing= , defaults to 'int' [-Wimplicit-int] VNET_DEFINE(struct pf_kanchor, pf_main_anch= or); ^ /usr/src/sys/netpfil/pf/pf_ruleset.c:72:1: warning: type specifier missing,= defaults to 'int' [-Wimplicit-int] VNET_DEFINE(struct pf_kanchor, pf_main_anch= or); ^ /usr/src/sys/netpfil/pf/pf_ruleset.c:72:1: error: conflicting types for 'VN= ET_DEFINE' /usr/src/sys/netpfil/pf/pf_ruleset.c:71:1: note: previous declaration is he= re VNET_DEFINE(struct pf_kanchor_global, pf_anchors); Regards, oh --Sig_/hfzsmyUhBwP5pCfjizJvKl8 Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQSy8IBxAPDkqVBaTJ44N1ZZPba5RwUCX/VBqwAKCRA4N1ZZPba5 RzOiAP9n0UxTD5m9a16A3HkyIlDIDUJ+VqboruGD9AVpzM7ggQEAzZBRJaZkWS3N TSwA/JkuIIOfQzzYjEX0AcQpDqGBZws= =PIiD -----END PGP SIGNATURE----- --Sig_/hfzsmyUhBwP5pCfjizJvKl8--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210106055051.51e28498>