Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 4 Dec 2013 15:29:21 +0100
From:      Kajetan Staszkiewicz <vegeta@tuxpowered.net>
To:        Gleb Smirnoff <glebius@freebsd.org>
Cc:        "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org>
Subject:   Re: [patch] Source entries removing is awfully slow.
Message-ID:  <201312041529.21788.vegeta@tuxpowered.net>
In-Reply-To: <20131202163927.GM48919@glebius.int.ru>
References:  <201303081419.17743.vegeta@tuxpowered.net> <201312021728.58010.vegeta@tuxpowered.net> <20131202163927.GM48919@glebius.int.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
Dnia poniedzia=C5=82ek, 2 grudnia 2013 o 17:39:27 Gleb Smirnoff napisa=C5=
=82(a):

> I won't object on any interface that is consistent and resides in the
> '-K' and '-k' namespace. As said before, I am against utilizing new
> letters for options to avoid clashing with pfctl syntax in OpenBSD.

I have a nice commandline parser working, but I got blocked by one problem.=
 As=20
the parser is quite big and most options are common for -K and -k, the pars=
er=20
is just one function for both operation modes (and a similar thing for the=
=20
loops going over IP addresses found by given host names). Unfortunately=20
DIOCKILLSTATES and DIOCKILLSRCNODES are using separate structures.

Whatever the parser reads, it puts the result in the following structure=20
(defined only inside pfctl, not kernel):

struct pfioc_universal_kill {
        sa_family_t             puk_af;
        int                     puk_proto;
        struct pf_rule_addr     puk_src;
        struct pf_rule_addr     puk_dst;
        struct pf_rule_addr     puk_rdr;
        struct pf_state_cmp     puk_pfcmp;
        char                    puk_ifname[IFNAMSIZ];
        char                    puk_label[PF_RULE_LABEL_SIZE];
        char                    puk_table[PF_TABLE_NAME_SIZE];
        u_int                   puk_killed_states;
        u_int                   puk_killed_src_nodes;
};

Which later gets translated for every ioctl to pfioc_src_node_kill or=20
pfioc_state_kill.

To have the most clean and simple code it would make the most sense to use =
the=20
aforementioned pfioc_universal_kill for both DIOCKILLSTATES and=20
DIOCKILLSRCNODES. But that would be a change of kernel api which I assume c=
an=20
not take place inside major release, so translation of structures is curren=
tly=20
the way to go. Please correct me if I am wrong.

=2D-=20
| pozdrawiam / greetings | powered by Debian, FreeBSD and CentOS |
|  Kajetan Staszkiewicz  | jabber,email: vegeta()tuxpowered net  |
|        Vegeta          | www: http://vegeta.tuxpowered.net     |
`------------------------^---------------------------------------'

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201312041529.21788.vegeta>