svn commit: r198000 - user/eri/pf45/head/sys/contrib/pf/net
Ermal Luçi
eri at FreeBSD.org
Mon Oct 12 19:41:57 UTC 2009
Author: eri
Date: Mon Oct 12 19:41:57 2009
New Revision: 198000
URL: http://svn.freebsd.org/changeset/base/198000
Log:
Prepend V_ to variables with the same name as their type.
Modified:
user/eri/pf45/head/sys/contrib/pf/net/if_pflog.h
user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c
user/eri/pf45/head/sys/contrib/pf/net/pf.c
user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c
user/eri/pf45/head/sys/contrib/pf/net/pf_lb.c
user/eri/pf45/head/sys/contrib/pf/net/pf_norm.c
user/eri/pf45/head/sys/contrib/pf/net/pf_osfp.c
user/eri/pf45/head/sys/contrib/pf/net/pf_ruleset.c
user/eri/pf45/head/sys/contrib/pf/net/pfvar.h
Modified: user/eri/pf45/head/sys/contrib/pf/net/if_pflog.h
==============================================================================
--- user/eri/pf45/head/sys/contrib/pf/net/if_pflog.h Mon Oct 12 19:19:08 2009 (r197999)
+++ user/eri/pf45/head/sys/contrib/pf/net/if_pflog.h Mon Oct 12 19:41:57 2009 (r198000)
@@ -80,10 +80,12 @@ struct old_pfloghdr {
struct pfi_kif;
struct pf_pdesc;
- typedef int pflog_packet_t(struct pfi_kif *, struct mbuf *, sa_family_t,
- u_int8_t, u_int8_t, struct pf_rule *, struct pf_rule *,
- struct pf_ruleset *, struct pf_pdesc *);
- extern pflog_packet_t *pflog_packet_ptr;
+#if 0
+typedef int pflog_packet_t(struct pfi_kif *, struct mbuf *, sa_family_t,
+ u_int8_t, u_int8_t, struct pf_rule *, struct pf_rule *,
+ struct pf_ruleset *, struct pf_pdesc *);
+extern pflog_packet_t *pflog_packet_ptr;
+#endif
#define PFLOG_PACKET(i,x,a,b,c,d,e,f,g,h) do { \
if (pflog_packet_ptr != NULL) \
pflog_packet_ptr(i,a,b,c,d,e,f,g,h); \
Modified: user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c
==============================================================================
--- user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c Mon Oct 12 19:19:08 2009 (r197999)
+++ user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c Mon Oct 12 19:41:57 2009 (r198000)
@@ -674,14 +674,22 @@ pfsync_state_import(struct pfsync_state
int pool_flags;
int error;
+#ifdef __FreeBSD__
+ if (sp->creatorid == 0 && V_pf_status.debug >= PF_DEBUG_MISC) {
+#else
if (sp->creatorid == 0 && pf_status.debug >= PF_DEBUG_MISC) {
+#endif
printf("pfsync_state_import: invalid creator id:"
" %08x\n", ntohl(sp->creatorid));
return (EINVAL);
}
if ((kif = pfi_kif_get(sp->ifname)) == NULL) {
+#ifdef __FreeBSD__
+ if (V_pf_status.debug >= PF_DEBUG_MISC)
+#else
if (pf_status.debug >= PF_DEBUG_MISC)
+#endif
printf("pfsync_state_import: "
"unknown interface: %s\n", sp->ifname);
if (flags & PFSYNC_SI_IOCTL)
@@ -845,7 +853,11 @@ pfsync_input(struct mbuf *m, ...)
pfsyncstats.pfsyncs_ipackets++;
/* verify that we have a sync interface configured */
+#ifdef __FreeBSD__
+ if (!sc || !sc->sc_sync_if || !V_pf_status.running)
+#else
if (!sc || !sc->sc_sync_if || !pf_status.running)
+#endif
goto done;
/* verify that the packet came in on the right interface */
@@ -900,7 +912,11 @@ pfsync_input(struct mbuf *m, ...)
pkt.src = ip->ip_src;
pkt.flags = 0;
+#ifdef __FreeBSD__
+ if (!bcmp(&ph->pfcksum, &V_pf_status.pf_chksum, PF_MD5_DIGEST_LENGTH))
+#else
if (!bcmp(&ph->pfcksum, &pf_status.pf_chksum, PF_MD5_DIGEST_LENGTH))
+#endif
pkt.flags |= PFSYNC_SI_CKSUM;
offset += sizeof(*ph);
@@ -1019,7 +1035,11 @@ pfsync_in_ins(struct pfsync_pkt *pkt, st
sp->dst.state > PF_TCPS_PROXY_DST ||
sp->direction > PF_OUT ||
(sp->af != AF_INET && sp->af != AF_INET6)) {
+#ifdef __FreeBSD__
+ if (V_pf_status.debug >= PF_DEBUG_MISC) {
+#else
if (pf_status.debug >= PF_DEBUG_MISC) {
+#endif
printf("pfsync_input: PFSYNC5_ACT_INS: "
"invalid value\n");
}
@@ -1154,7 +1174,11 @@ pfsync_in_upd(struct pfsync_pkt *pkt, st
if (sp->timeout >= PFTM_MAX ||
sp->src.state > PF_TCPS_PROXY_DST ||
sp->dst.state > PF_TCPS_PROXY_DST) {
+#ifdef __FreeBSD__
+ if (V_pf_status.debug >= PF_DEBUG_MISC) {
+#else
if (pf_status.debug >= PF_DEBUG_MISC) {
+#endif
printf("pfsync_input: PFSYNC_ACT_UPD: "
"invalid value\n");
}
@@ -1192,7 +1216,11 @@ pfsync_in_upd(struct pfsync_pkt *pkt, st
}
if (sfail) {
+#ifdef __FreeBSD__
+ if (V_pf_status.debug >= PF_DEBUG_MISC) {
+#else
if (pf_status.debug >= PF_DEBUG_MISC) {
+#endif
printf("pfsync: %s stale update (%d)"
" id: %016llx creatorid: %08x\n",
(sfail < 7 ? "ignoring" : "partial"),
@@ -1253,7 +1281,11 @@ pfsync_in_upd_c(struct pfsync_pkt *pkt,
if (up->timeout >= PFTM_MAX ||
up->src.state > PF_TCPS_PROXY_DST ||
up->dst.state > PF_TCPS_PROXY_DST) {
+#ifdef __FreeBSD__
+ if (V_pf_status.debug >= PF_DEBUG_MISC) {
+#else
if (pf_status.debug >= PF_DEBUG_MISC) {
+#endif
printf("pfsync_input: "
"PFSYNC_ACT_UPD_C: "
"invalid value\n");
@@ -1290,7 +1322,11 @@ pfsync_in_upd_c(struct pfsync_pkt *pkt,
}
if (sfail) {
+#ifdef __FreeBSD__
+ if (V_pf_status.debug >= PF_DEBUG_MISC) {
+#else
if (pf_status.debug >= PF_DEBUG_MISC) {
+#endif
printf("pfsync: ignoring stale update "
"(%d) id: %016llx "
"creatorid: %08x\n", sfail,
@@ -1481,7 +1517,11 @@ pfsync_in_bus(struct pfsync_pkt *pkt, st
pf_pool_limits[PF_LIMIT_STATES].limit /
(PFSYNC_BULKPACKETS * sc->sc_maxcount));
#endif
+#ifdef __FreeBSD__
+ if (V_pf_status.debug >= PF_DEBUG_MISC)
+#else
if (pf_status.debug >= PF_DEBUG_MISC)
+#endif
printf("pfsync: received bulk update start\n");
break;
@@ -1499,11 +1539,19 @@ pfsync_in_bus(struct pfsync_pkt *pkt, st
#endif
#endif
pfsync_sync_ok = 1;
+#ifdef __FreeBSD__
+ if (V_pf_status.debug >= PF_DEBUG_MISC)
+#else
if (pf_status.debug >= PF_DEBUG_MISC)
+#endif
printf("pfsync: received valid "
"bulk update end\n");
} else {
+#ifdef __FreeBSD__
+ if (V_pf_status.debug >= PF_DEBUG_MISC)
+#else
if (pf_status.debug >= PF_DEBUG_MISC)
+#endif
printf("pfsync: received invalid "
"bulk update end: bad timestamp\n");
}
@@ -1581,7 +1629,11 @@ pfsync_update_net_tdb(struct pfsync_tdb
return;
bad:
+#ifdef __FreeBSD__
+ if (V_pf_status.debug >= PF_DEBUG_MISC)
+#else
if (pf_status.debug >= PF_DEBUG_MISC)
+#endif
printf("pfsync_insert: PFSYNC_ACT_TDB_UPD: "
"invalid value\n");
pfsyncstats.pfsyncs_badstate++;
@@ -1827,7 +1879,11 @@ pfsyncioctl(struct ifnet *ifp, u_long cm
#endif
#endif
pfsync_sync_ok = 0;
+#ifdef __FreeBSD__
+ if (V_pf_status.debug >= PF_DEBUG_MISC)
+#else
if (pf_status.debug >= PF_DEBUG_MISC)
+#endif
printf("pfsync: requesting bulk update\n");
#ifdef __FreeBSD__
callout_reset(&sc->sc_bulkfail_tmo, 5 * hz,
@@ -2057,7 +2113,11 @@ pfsync_sendout(void)
ph->version = PFSYNC_VERSION;
ph->len = htons(sc->sc_len - sizeof(*ip));
+#ifdef __FreeBSD__
+ bcopy(V_pf_status.pf_chksum, ph->pfcksum, PF_MD5_DIGEST_LENGTH);
+#else
bcopy(pf_status.pf_chksum, ph->pfcksum, PF_MD5_DIGEST_LENGTH);
+#endif
/* walk the queues */
for (q = 0; q < PFSYNC_S_COUNT; q++) {
@@ -2751,7 +2811,11 @@ pfsync_bulk_start(void)
sc->sc_bulk_next = TAILQ_FIRST(&state_list);
sc->sc_bulk_last = sc->sc_bulk_next;
+#ifdef __FreeBSD__
+ if (V_pf_status.debug >= PF_DEBUG_MISC)
+#else
if (pf_status.debug >= PF_DEBUG_MISC)
+#endif
printf("pfsync: received bulk update request\n");
pfsync_bulk_status(PFSYNC_BUS_START);
@@ -2821,7 +2885,11 @@ pfsync_bulk_status(u_int8_t status)
r.subh.action = PFSYNC_ACT_BUS;
r.subh.count = htons(1);
+#ifdef __FreeBSD__
+ r.bus.creatorid = V_pf_status.hostid;
+#else
r.bus.creatorid = pf_status.hostid;
+#endif
r.bus.endtime = htonl(time_uptime - sc->sc_ureq_received);
r.bus.status = status;
@@ -2853,7 +2921,11 @@ pfsync_bulk_fail(void *arg)
#endif
#endif
pfsync_sync_ok = 1;
+#ifdef __FreeBSD__
+ if (V_pf_status.debug >= PF_DEBUG_MISC)
+#else
if (pf_status.debug >= PF_DEBUG_MISC)
+#endif
printf("pfsync: failed to receive bulk update\n");
}
}
Modified: user/eri/pf45/head/sys/contrib/pf/net/pf.c
==============================================================================
--- user/eri/pf45/head/sys/contrib/pf/net/pf.c Mon Oct 12 19:19:08 2009 (r197999)
+++ user/eri/pf45/head/sys/contrib/pf/net/pf.c Mon Oct 12 19:41:57 2009 (r198000)
@@ -171,7 +171,11 @@ extern int ip_optcopy(struct ip *, struc
VNET_DECLARE(int, debug_pfugidhack);
#endif
+#ifdef __FreeBSD__
+#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x
+#else
#define DPFPRINTF(n, x) if (pf_status.debug >= (n)) printf x
+#endif
/*
* Global variables
@@ -558,13 +562,21 @@ pf_src_connlimit(struct pf_state **state
if ((*state)->rule.ptr->max_src_conn &&
(*state)->rule.ptr->max_src_conn <
(*state)->src_node->conn) {
+#ifdef __FreeBSD__
+ V_pf_status.lcounters[LCNT_SRCCONN]++;
+#else
pf_status.lcounters[LCNT_SRCCONN]++;
+#endif
bad++;
}
if ((*state)->rule.ptr->max_src_conn_rate.limit &&
pf_check_threshold(&(*state)->src_node->conn_rate)) {
+#ifdef __FreeBSD__
+ V_pf_status.lcounters[LCNT_SRCCONNRATE]++;
+#else
pf_status.lcounters[LCNT_SRCCONNRATE]++;
+#endif
bad++;
}
@@ -575,8 +587,13 @@ pf_src_connlimit(struct pf_state **state
struct pfr_addr p;
u_int32_t killed = 0;
+#ifdef __FreeBSD__
+ V_pf_status.lcounters[LCNT_OVERLOAD_TABLE]++;
+ if (V_pf_status.debug >= PF_DEBUG_MISC) {
+#else
pf_status.lcounters[LCNT_OVERLOAD_TABLE]++;
if (pf_status.debug >= PF_DEBUG_MISC) {
+#endif
printf("pf_src_connlimit: blocking address ");
pf_print_host(&(*state)->src_node->addr, 0,
(*state)->key[PF_SK_WIRE]->af);
@@ -607,7 +624,11 @@ pf_src_connlimit(struct pf_state **state
struct pf_state_key *sk;
struct pf_state *st;
+#ifdef __FreeBSD__
+ V_pf_status.lcounters[LCNT_OVERLOAD_FLUSH]++;
+#else
pf_status.lcounters[LCNT_OVERLOAD_FLUSH]++;
+#endif
RB_FOREACH(st, pf_state_tree_id, &tree_id) {
sk = st->key[PF_SK_WIRE];
/*
@@ -632,10 +653,18 @@ pf_src_connlimit(struct pf_state **state
killed++;
}
}
+#ifdef __FreeBSD__
+ if (V_pf_status.debug >= PF_DEBUG_MISC)
+#else
if (pf_status.debug >= PF_DEBUG_MISC)
+#endif
printf(", %u states killed", killed);
}
+#ifdef __FreeBSD__
+ if (V_pf_status.debug >= PF_DEBUG_MISC)
+#else
if (pf_status.debug >= PF_DEBUG_MISC)
+#endif
printf("\n");
}
@@ -659,7 +688,11 @@ pf_insert_src_node(struct pf_src_node **
k.rule.ptr = rule;
else
k.rule.ptr = NULL;
+#ifdef __FreeBSD__
+ V_pf_status.scounters[SCNT_SRC_NODE_SEARCH]++;
+#else
pf_status.scounters[SCNT_SRC_NODE_SEARCH]++;
+#endif
*sn = RB_FIND(pf_src_tree, &tree_src_tracking, &k);
}
if (*sn == NULL) {
@@ -667,7 +700,11 @@ pf_insert_src_node(struct pf_src_node **
rule->src_nodes < rule->max_src_nodes)
(*sn) = pool_get(&pf_src_tree_pl, PR_NOWAIT | PR_ZERO);
else
+#ifdef __FreeBSD__
+ V_pf_status.lcounters[LCNT_SRCNODES]++;
+#else
pf_status.lcounters[LCNT_SRCNODES]++;
+#endif
if ((*sn) == NULL)
return (-1);
@@ -684,7 +721,11 @@ pf_insert_src_node(struct pf_src_node **
PF_ACPY(&(*sn)->addr, src, af);
if (RB_INSERT(pf_src_tree,
&tree_src_tracking, *sn) != NULL) {
+#ifdef __FreeBSD__
+ if (V_pf_status.debug >= PF_DEBUG_MISC) {
+#else
if (pf_status.debug >= PF_DEBUG_MISC) {
+#endif
printf("pf: src_tree insert failed: ");
pf_print_host(&(*sn)->addr, 0, af);
printf("\n");
@@ -696,12 +737,21 @@ pf_insert_src_node(struct pf_src_node **
(*sn)->ruletype = rule->action;
if ((*sn)->rule.ptr != NULL)
(*sn)->rule.ptr->src_nodes++;
+#ifdef __FreeBSD__
+ V_pf_status.scounters[SCNT_SRC_NODE_INSERT]++;
+ V_pf_status.src_nodes++;
+#else
pf_status.scounters[SCNT_SRC_NODE_INSERT]++;
pf_status.src_nodes++;
+#endif
} else {
if (rule->max_src_states &&
(*sn)->states >= rule->max_src_states) {
+#ifdef __FreeBSD__
+ V_pf_status.lcounters[LCNT_SRCSTATES]++;
+#else
pf_status.lcounters[LCNT_SRCSTATES]++;
+#endif
return (-1);
}
}
@@ -819,7 +869,11 @@ pf_state_key_attach(struct pf_state_key
/* unlink late or sks can go away */
olds = si->s;
} else {
+#ifdef __FreeBSD__
+ if (V_pf_status.debug >= PF_DEBUG_MISC) {
+#else
if (pf_status.debug >= PF_DEBUG_MISC) {
+#endif
printf("pf: %s key attach "
"failed on %s: ",
(idx == PF_SK_WIRE) ?
@@ -994,11 +1048,20 @@ pf_state_insert(struct pfi_kif *kif, str
}
if (s->id == 0 && s->creatorid == 0) {
+#ifdef __FreeBSD__
+ s->id = htobe64(V_pf_status.stateid++);
+ s->creatorid = V_pf_status.hostid;
+#else
s->id = htobe64(pf_status.stateid++);
s->creatorid = pf_status.hostid;
+#endif
}
if (RB_INSERT(pf_state_tree_id, &tree_id, s) != NULL) {
+#ifdef __FreeBSD__
+ if (V_pf_status.debug >= PF_DEBUG_MISC) {
+#else
if (pf_status.debug >= PF_DEBUG_MISC) {
+#endif
printf("pf: state insert failed: "
"id: %016llx creatorid: %08x",
betoh64(s->id), ntohl(s->creatorid));
@@ -1008,8 +1071,13 @@ pf_state_insert(struct pfi_kif *kif, str
return (-1);
}
TAILQ_INSERT_TAIL(&state_list, s, entry_list);
+#ifdef __FreeBSD__
+ V_pf_status.fcounters[FCNT_STATE_INSERT]++;
+ V_pf_status.states++;
+#else
pf_status.fcounters[FCNT_STATE_INSERT]++;
pf_status.states++;
+#endif
pfi_kif_ref(kif, PFI_KIF_REF_STATE);
#if NPFSYNC > 0
#ifdef __FreeBSD__
@@ -1025,7 +1093,11 @@ pf_state_insert(struct pfi_kif *kif, str
struct pf_state *
pf_find_state_byid(struct pf_state_cmp *key)
{
+#ifdef __FreeBSD__
+ V_pf_status.fcounters[FCNT_STATE_SEARCH]++;
+#else
pf_status.fcounters[FCNT_STATE_SEARCH]++;
+#endif
return (RB_FIND(pf_state_tree_id, &tree_id, (struct pf_state *)key));
}
@@ -1073,7 +1145,11 @@ pf_find_state(struct pfi_kif *kif, struc
struct pf_state_key *sk;
struct pf_state_item *si;
+#ifdef __FreeBSD__
+ V_pf_status.fcounters[FCNT_STATE_SEARCH]++;
+#else
pf_status.fcounters[FCNT_STATE_SEARCH]++;
+#endif
#ifdef __FreeBSD__
if (dir == PF_OUT && pftag->statekey &&
@@ -1132,7 +1208,11 @@ pf_find_state_all(struct pf_state_key_cm
struct pf_state_key *sk;
struct pf_state_item *si, *ret = NULL;
+#ifdef __FreeBSD__
+ V_pf_status.fcounters[FCNT_STATE_SEARCH]++;
+#else
pf_status.fcounters[FCNT_STATE_SEARCH]++;
+#endif
sk = RB_FIND(pf_state_tree, &pf_statetbl, (struct pf_state_key *)key);
@@ -1177,7 +1257,11 @@ pf_purge_thread(void *v)
sx_sunlock(&pf_consistency_lock);
sx_xlock(&pf_consistency_lock);
PF_LOCK();
+#ifdef __FreeBSD__
+ pf_purge_expired_states(V_pf_status.states, 1);
+#else
pf_purge_expired_states(pf_status.states, 1);
+#endif
pf_purge_expired_fragments();
pf_purge_expired_src_nodes(1);
pf_end_threads++;
@@ -1192,7 +1276,7 @@ pf_purge_thread(void *v)
/* process a fraction of the state table every second */
#ifdef __FreeBSD__
- if(!pf_purge_expired_states(1 + (pf_status.states
+ if(!pf_purge_expired_states(1 + (V_pf_status.states
/ pf_default_rule.timeout[PFTM_INTERVAL]), 0)) {
PF_UNLOCK();
sx_sunlock(&pf_consistency_lock);
@@ -1200,7 +1284,7 @@ pf_purge_thread(void *v)
PF_LOCK();
locked = 1;
- pf_purge_expired_states(1 + (pf_status.states
+ pf_purge_expired_states(1 + (V_pf_status.states
/ pf_default_rule.timeout[PFTM_INTERVAL]), 1);
}
#else
@@ -1258,7 +1342,11 @@ pf_state_expires(const struct pf_state *
} else {
start = pf_default_rule.timeout[PFTM_ADAPTIVE_START];
end = pf_default_rule.timeout[PFTM_ADAPTIVE_END];
+#ifdef __FreeBSD__
+ states = V_pf_status.states;
+#else
states = pf_status.states;
+#endif
}
if (end && states > start && start < end) {
if (states < end)
@@ -1303,8 +1391,13 @@ pf_purge_expired_src_nodes(int waslocked
pf_rm_rule(NULL, cur->rule.ptr);
}
RB_REMOVE(pf_src_tree, &tree_src_tracking, cur);
+#ifdef __FreeBSD__
+ V_pf_status.scounters[SCNT_SRC_NODE_REMOVALS]++;
+ V_pf_status.src_nodes--;
+#else
pf_status.scounters[SCNT_SRC_NODE_REMOVALS]++;
pf_status.src_nodes--;
+#endif
pool_put(&pf_src_tree_pl, cur);
}
}
@@ -1437,8 +1530,13 @@ pf_free_state(struct pf_state *cur)
if (cur->tag)
pf_tag_unref(cur->tag);
pool_put(&pf_state_pl, cur);
+#ifdef __FreeBSD__
+ V_pf_status.fcounters[FCNT_STATE_REMOVALS]++;
+ V_pf_status.states--;
+#else
pf_status.fcounters[FCNT_STATE_REMOVALS]++;
pf_status.states--;
+#endif
}
#ifdef __FreeBSD__
@@ -3513,7 +3611,11 @@ pf_create_state(struct pf_rule *r, struc
/* check maximums */
if (r->max_states && (r->states_cur >= r->max_states)) {
+#ifdef __FreeBSD__
+ V_pf_status.lcounters[LCNT_STATES]++;
+#else
pf_status.lcounters[LCNT_STATES]++;
+#endif
REASON_SET(&reason, PFRES_MAXSTATES);
return (PF_DROP);
}
@@ -3706,14 +3808,24 @@ csfailed:
if (sn != NULL && sn->states == 0 && sn->expire == 0) {
RB_REMOVE(pf_src_tree, &tree_src_tracking, sn);
+#ifdef __FreeBSD__
+ V_pf_status.scounters[SCNT_SRC_NODE_REMOVALS]++;
+ V_pf_status.src_nodes--;
+#else
pf_status.scounters[SCNT_SRC_NODE_REMOVALS]++;
pf_status.src_nodes--;
+#endif
pool_put(&pf_src_tree_pl, sn);
}
if (nsn != sn && nsn != NULL && nsn->states == 0 && nsn->expire == 0) {
RB_REMOVE(pf_src_tree, &tree_src_tracking, nsn);
+#ifdef __FreeBSD__
+ V_pf_status.scounters[SCNT_SRC_NODE_REMOVALS]++;
+ V_pf_status.src_nodes--;
+#else
pf_status.scounters[SCNT_SRC_NODE_REMOVALS]++;
pf_status.src_nodes--;
+#endif
pool_put(&pf_src_tree_pl, nsn);
}
return (PF_DROP);
@@ -4061,7 +4173,11 @@ pf_tcp_track_full(struct pf_state_peer *
* and keep updating the state TTL.
*/
+#ifdef __FreeBSD__
+ if (V_pf_status.debug >= PF_DEBUG_MISC) {
+#else
if (pf_status.debug >= PF_DEBUG_MISC) {
+#endif
printf("pf: loose state match: ");
pf_print_state(*state);
pf_print_flags(th->th_flags);
@@ -4120,7 +4236,11 @@ pf_tcp_track_full(struct pf_state_peer *
src->seqlo = 0;
src->seqhi = 1;
src->max_win = 1;
+#ifdef __FreeBSD__
+ } else if (V_pf_status.debug >= PF_DEBUG_MISC) {
+#else
} else if (pf_status.debug >= PF_DEBUG_MISC) {
+#endif
printf("pf: BAD state: ");
pf_print_state(*state);
pf_print_flags(th->th_flags);
@@ -4359,7 +4479,11 @@ pf_test_state_tcp(struct pf_state **stat
if (((th->th_flags & (TH_SYN|TH_ACK)) == TH_SYN) &&
dst->state >= TCPS_FIN_WAIT_2 &&
src->state >= TCPS_FIN_WAIT_2) {
+#ifdef __FreeBSD__
+ if (V_pf_status.debug >= PF_DEBUG_MISC) {
+#else
if (pf_status.debug >= PF_DEBUG_MISC) {
+#endif
printf("pf: state reuse ");
pf_print_state(*state);
pf_print_flags(th->th_flags);
@@ -4790,7 +4914,11 @@ pf_test_state_icmp(struct pf_state **sta
if (!((*state)->state_flags & PFSTATE_SLOPPY) &&
(!SEQ_GEQ(src->seqhi, seq) ||
!SEQ_GEQ(seq, src->seqlo - (dst->max_win << dws)))) {
+#ifdef __FreeBSD__
+ if (V_pf_status.debug >= PF_DEBUG_MISC) {
+#else
if (pf_status.debug >= PF_DEBUG_MISC) {
+#endif
printf("pf: BAD ICMP %d:%d ",
icmptype, pd->hdr.icmp->icmp_code);
pf_print_host(pd->src, 0, pd->af);
@@ -4803,7 +4931,11 @@ pf_test_state_icmp(struct pf_state **sta
REASON_SET(reason, PFRES_BADSTATE);
return (PF_DROP);
} else {
+#ifdef __FreeBSD__
+ if (V_pf_status.debug >= PF_DEBUG_MISC) {
+#else
if (pf_status.debug >= PF_DEBUG_MISC) {
+#endif
printf("pf: OK ICMP %d:%d ",
icmptype, pd->hdr.icmp->icmp_code);
pf_print_host(pd->src, 0, pd->af);
@@ -6230,15 +6362,14 @@ pf_test(int dir, struct ifnet *ifp, stru
#ifdef __FreeBSD__
PF_LOCK();
-#endif
- if (!pf_status.running)
- #ifdef __FreeBSD__
+ if (!V_pf_status.running)
{
PF_UNLOCK();
- #endif
return (PF_PASS);
- #ifdef __FreeBSD__
}
+ #else
+ if (!pf_status.running)
+ return (PF_PASS);
#endif
memset(&pd, 0, sizeof(pd));
@@ -6655,15 +6786,14 @@ pf_test6(int dir, struct ifnet *ifp, str
#ifdef __FreeBSD__
PF_LOCK();
- #endif
if (!pf_status.running)
- #ifdef __FreeBSD__
{
PF_UNLOCK();
- #endif
return (PF_PASS);
- #ifdef __FreeBSD__
}
+ #else
+ if (!pf_status.running)
+ return (PF_PASS);
#endif
memset(&pd, 0, sizeof(pd));
Modified: user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c
==============================================================================
--- user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c Mon Oct 12 19:19:08 2009 (r197999)
+++ user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c Mon Oct 12 19:41:57 2009 (r198000)
@@ -178,10 +178,8 @@ void pf_addr_copyout(struct pf_addr_w
#define TAGID_MAX 50000
#ifdef __FreeBSD__
-VNET_DEFINE(struct pf_rule, pf_default_rule);
-#define pf_default_rule VNET(pf_default_rule);
-VNET_DEFINE(struct sx, pf_consistency_lock);
-#define pf_consistency_lock VNET(pf_consistency_lock);
+VNET_DEFINE(struct pf_rule, pf_default_rule);
+VNET_DEFINE(struct sx, pf_consistency_lock);
SX_SYSINIT(pf_consistency_lock, &pf_consistency_lock,
"pf_statetbl_lock");
#ifdef ALTQ
@@ -191,9 +189,11 @@ static VNET_DEFINE(int, pf_altq_running)
TAILQ_HEAD(pf_tags, pf_tagname);
-VNET_DEFINE(struct pf_tags, pf_tags);
-#define pf_tags VNET(pf_tags)
-VNET_DEFINE(struct pf_tags, pf_qids);
+#define V_pf_tags VNET(pf_tags)
+VNET_DEFINE(struct pf_tags, pf_tags) =
+ TAILQ_HEAD_INITIALIZER(V_pf_tags);
+VNET_DEFINE(struct pf_tags, pf_qids) =
+ TAILQ_HEAD_INITIALIZER(pf_qids);
#define pf_qids VNET(pf_qids);
#else /* !__FreeBSD__ */
@@ -218,7 +218,11 @@ int pf_rtlabel_add(struct pf_addr_wra
void pf_rtlabel_remove(struct pf_addr_wrap *);
void pf_rtlabel_copyout(struct pf_addr_wrap *);
+#ifdef __FreeBSD__
+#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x
+#else
#define DPFPRINTF(n, x) if (pf_status.debug >= (n)) printf x
+#endif
#ifdef __FreeBSD__
static VNET_DEFINE(struct cdev, *pf_dev);
@@ -253,7 +257,11 @@ static int shutdown_pf(void
static int pf_load(void);
static int pf_unload(void);
-static VNET_DEFINE(struct cdevsw, pf_cdevsw);
+static VNET_DEFINE(struct cdevsw, pf_cdevsw) = {
+ .d_ioctl = pfioctl,
+ .d_name = PF_NAME,
+ .d_version = D_VERSION,
+};
#define pf_cdevsw VNET(pf_cdevsw)
static volatile VNET_DEFINE(int, pf_pfil_hooked);
@@ -412,13 +420,22 @@ pfattach(void)
my_timeout[PFTM_ADAPTIVE_END] = PFSTATE_ADAPT_END;
pf_normalize_init();
+#ifdef __FreeBSD__
+ bzero(&V_pf_status, sizeof(pf_status));
+ V_pf_status.debug = PF_DEBUG_URGENT;
+#else
bzero(&pf_status, sizeof(pf_status));
pf_status.debug = PF_DEBUG_URGENT;
+#endif
pf_pfil_hooked = 0;
/* XXX do our best to avoid a conflict */
+#ifdef __FreeBSD__
+ V_pf_status.hostid = arc4random();
+#else
pf_status.hostid = arc4random();
+#endif
if (kproc_create(pf_purge_thread, NULL, NULL, 0, 0, "pfpurge"))
return (ENXIO);
@@ -723,13 +740,21 @@ tag_unref(struct pf_tags *head, u_int16_
u_int16_t
pf_tagname2tag(char *tagname)
{
+#ifdef __FreeBSD__
+ return (tagname2tag(&V_pf_tags, tagname));
+#else
return (tagname2tag(&pf_tags, tagname));
+#endif
}
void
pf_tag2tagname(u_int16_t tagid, char *p)
{
+#ifdef __FreeBSD__
+ tag2tagname(&V_pf_tags, tagid, p);
+#else
tag2tagname(&pf_tags, tagid, p);
+#endif
}
void
@@ -737,7 +762,11 @@ pf_tag_ref(u_int16_t tag)
{
struct pf_tagname *t;
+#ifdef __FreeBSD__
+ TAILQ_FOREACH(t, &V_pf_tags, entries)
+#else
TAILQ_FOREACH(t, &pf_tags, entries)
+#endif
if (t->tag == tag)
break;
if (t != NULL)
@@ -747,7 +776,11 @@ pf_tag_ref(u_int16_t tag)
void
pf_tag_unref(u_int16_t tag)
{
+#ifdef __FreeBSD__
+ tag_unref(&V_pf_tags, tag);
+#else
tag_unref(&pf_tags, tag);
+#endif
}
int
@@ -1288,7 +1321,11 @@ pf_setup_pfsync_matching(struct pf_rules
}
MD5Final(digest, &ctx);
+#ifdef __FreeBSD__
+ memcpy(V_pf_status.pf_chksum, digest, sizeof(V_pf_status.pf_chksum));
+#else
memcpy(pf_status.pf_chksum, digest, sizeof(pf_status.pf_chksum));
+#endif
return (0);
}
@@ -1455,7 +1492,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a
switch (cmd) {
case DIOCSTART:
+#ifdef __FreeBSD__
+ if (V_pf_status.running)
+#else
if (pf_status.running)
+#endif
error = EEXIST;
else {
#ifdef __FreeBSD__
@@ -1467,33 +1508,48 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a
("pf: pfil registeration fail\n"));
break;
}
- #endif
+ V_pf_status.running = 1;
+ V_pf_status.since = time_second;
+
+ if (V_pf_status.stateid == 0) {
+ V_pf_status.stateid = time_second;
+ V_pf_status.stateid = V_pf_status.stateid << 32;
+ }
+#else
pf_status.running = 1;
pf_status.since = time_second;
+
if (pf_status.stateid == 0) {
pf_status.stateid = time_second;
pf_status.stateid = pf_status.stateid << 32;
}
+ #endif
DPFPRINTF(PF_DEBUG_MISC, ("pf: started\n"));
}
break;
case DIOCSTOP:
- if (!pf_status.running)
+#ifdef __FreeBSD__
+ if (!V_pf_status.running)
error = ENOENT;
else {
- pf_status.running = 0;
-#ifdef __FreeBSD__
+ V_pf_status.running = 0;
PF_UNLOCK();
error = dehook_pf();
PF_LOCK();
if (error) {
- pf_status.running = 1;
+ V_pf_status.running = 1;
DPFPRINTF(PF_DEBUG_MISC,
("pf: pfil unregisteration failed\n"));
}
- #endif
+ V_pf_status.since = time_second;
+#else
+ if (!pf_status.running)
+ error = ENOENT;
+ else {
+ pf_status.running = 0;
pf_status.since = time_second;
+#endif
DPFPRINTF(PF_DEBUG_MISC, ("pf: stopped\n"));
}
break;
@@ -2012,7 +2068,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a
#if NPFSYNC > 0
#ifdef __FreeBSD__
if (pfsync_clear_states_ptr != NULL)
- pfsync_clear_states_ptr(pf_status.hostid, psk->psk_ifname);
+ pfsync_clear_states_ptr(V_pf_status.hostid, psk->psk_ifname);
#else
pfsync_clear_states(pf_status.hostid, psk->psk_ifname);
#endif
@@ -2030,7 +2086,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a
if (psk->psk_pfcmp.id) {
if (psk->psk_pfcmp.creatorid == 0)
+#ifdef __FreeBSD__
+ psk->psk_pfcmp.creatorid = V_pf_status.hostid;
+#else
psk->psk_pfcmp.creatorid = pf_status.hostid;
+#endif
if ((s = pf_find_state_byid(&psk->psk_pfcmp))) {
pf_unlink_state(s);
psk->psk_killed = 1;
@@ -2128,7 +2188,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a
u_int32_t nr = 0;
if (ps->ps_len == 0) {
+#ifdef __FreeBSD__
+ nr = V_pf_status.states;
+#else
nr = pf_status.states;
+#endif
ps->ps_len = sizeof(struct pfsync_state) * nr;
break;
}
@@ -2172,7 +2236,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a
case DIOCGETSTATUS: {
struct pf_status *s = (struct pf_status *)addr;
+#ifdef __FreeBSD__
+ bcopy(&V_pf_status, s, sizeof(struct pf_status));
+#else
bcopy(&pf_status, s, sizeof(struct pf_status));
+#endif
pfi_update_status(s->ifname, s);
break;
}
@@ -2181,20 +2249,37 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a
struct pfioc_if *pi = (struct pfioc_if *)addr;
if (pi->ifname[0] == 0) {
+#ifdef __FreeBSD__
+ bzero(V_pf_status.ifname, IFNAMSIZ);
+#else
bzero(pf_status.ifname, IFNAMSIZ);
+#endif
break;
}
+#ifdef __FreeBSD__
+ strlcpy(V_pf_status.ifname, pi->ifname, IFNAMSIZ);
+#else
strlcpy(pf_status.ifname, pi->ifname, IFNAMSIZ);
+#endif
break;
}
case DIOCCLRSTATUS: {
+#ifdef __FreeBSD__
+ bzero(V_pf_status.counters, sizeof(V_pf_status.counters));
+ bzero(V_pf_status.fcounters, sizeof(V_pf_status.fcounters));
+ bzero(V_pf_status.scounters, sizeof(V_pf_status.scounters));
+ V_pf_status.since = time_second;
+ if (*V_pf_status.ifname)
+ pfi_update_status(V_pf_status.ifname, NULL);
+#else
bzero(pf_status.counters, sizeof(pf_status.counters));
bzero(pf_status.fcounters, sizeof(pf_status.fcounters));
bzero(pf_status.scounters, sizeof(pf_status.scounters));
pf_status.since = time_second;
if (*pf_status.ifname)
pfi_update_status(pf_status.ifname, NULL);
+#endif
break;
}
@@ -2309,7 +2394,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a
case DIOCSETDEBUG: {
u_int32_t *level = (u_int32_t *)addr;
+#ifdef __FreeBSD__
+ V_pf_status.debug = *level;
+#else
pf_status.debug = *level;
+#endif
break;
}
@@ -3178,18 +3267,18 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a
}
#ifdef __FreeBSD__
PF_UNLOCK();
- #endif
+#endif
ioe = malloc(sizeof(*ioe), M_TEMP, M_WAITOK);
table = malloc(sizeof(*table), M_TEMP, M_WAITOK);
#ifdef __FreeBSD__
PF_LOCK();
- #endif
+#endif
/* first makes sure everything will succeed */
for (i = 0; i < io->size; i++) {
#ifdef __FreeBSD__
PF_COPYIN(io->array+i, ioe, sizeof(*ioe), error);
if (error) {
- #else
+#else
if (copyin(io->array+i, ioe, sizeof(*ioe))) {
#endif
free(table, M_TEMP);
@@ -3371,7 +3460,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a
n->states = 0;
}
pf_purge_expired_src_nodes(1);
+#ifdef __FreeBSD__
+ V_pf_status.src_nodes = 0;
+#else
pf_status.src_nodes = 0;
+#endif
break;
}
@@ -3417,10 +3510,17 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a
case DIOCSETHOSTID: {
u_int32_t *hostid = (u_int32_t *)addr;
+#ifdef __FreeBSD__
+ if (*hostid == 0)
+ V_pf_status.hostid = arc4random();
+ else
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-user
mailing list