git: 1d090028d303 - main - pf: use time_to for timestamps
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 05 Oct 2022 16:14:42 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=1d090028d3037adffac6fde004b2ad035921bb49
commit 1d090028d3037adffac6fde004b2ad035921bb49
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-09-29 12:45:03 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-10-05 15:52:27 +0000
pf: use time_to for timestamps
Use time_t rather than uint32_t to represent the timestamps. That means
we have 64 bits rather than 32 on all platforms except i386, avoiding
the Y2K38 issues on most platforms.
Reviewed by: Zhenlei Huang
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D36837
---
lib/libpfctl/libpfctl.h | 4 ++--
sbin/pfctl/pfctl.c | 8 ++++----
sys/net/pfvar.h | 6 ++++--
sys/netpfil/pf/pf_ioctl.c | 14 ++++++++------
4 files changed, 18 insertions(+), 14 deletions(-)
diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h
index 261913e1873d..faccabd227a3 100644
--- a/lib/libpfctl/libpfctl.h
+++ b/lib/libpfctl/libpfctl.h
@@ -102,7 +102,7 @@ struct pfctl_eth_rule {
uint64_t evaluations;
uint64_t packets[2];
uint64_t bytes[2];
- uint32_t last_active_timestamp;
+ time_t last_active_timestamp;
/* Action */
char qname[PF_QNAME_SIZE];
@@ -175,7 +175,7 @@ struct pfctl_rule {
uint64_t evaluations;
uint64_t packets[2];
uint64_t bytes[2];
- uint32_t last_active_timestamp;
+ time_t last_active_timestamp;
struct pfi_kif *kif;
struct pfctl_anchor *anchor;
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index bc6f14e1c197..37c9625492b1 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1020,8 +1020,8 @@ pfctl_print_eth_rule_counters(struct pfctl_eth_rule *rule, int opts)
char timestr[30];
if (rule->last_active_timestamp != 0) {
- time_t last_active = rule->last_active_timestamp;
- bcopy(ctime(&last_active), timestr, sizeof(timestr));
+ bcopy(ctime(&rule->last_active_timestamp), timestr,
+ sizeof(timestr));
*strchr(timestr, '\n') = '\0';
} else {
snprintf(timestr, sizeof(timestr), "N/A");
@@ -1070,8 +1070,8 @@ pfctl_print_rule_counters(struct pfctl_rule *rule, int opts)
if (opts & PF_OPT_VERBOSE2) {
char timestr[30];
if (rule->last_active_timestamp != 0) {
- time_t last_active = rule->last_active_timestamp;
- bcopy(ctime(&last_active), timestr, sizeof(timestr));
+ bcopy(ctime(&rule->last_active_timestamp), timestr,
+ sizeof(timestr));
*strchr(timestr, '\n') = '\0';
} else {
snprintf(timestr, sizeof(timestr), "N/A");
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index ffec6764f6f8..16ee0b55e2e8 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -305,6 +305,8 @@ pf_counter_u64_zero(struct pf_counter_u64 *pfcu64)
critical_exit(); \
} while (0)
+#define pf_timestamp_pcpu_zone (sizeof(time_t) == 4 ? pcpu_zone_4 : pcpu_zone_8)
+_Static_assert(sizeof(time_t) == 4 || sizeof(time_t) == 8, "unexpected time_t size");
SYSCTL_DECL(_net_pf);
MALLOC_DECLARE(M_PFHASH);
@@ -681,7 +683,7 @@ struct pf_keth_rule {
counter_u64_t evaluations;
counter_u64_t packets[2];
counter_u64_t bytes[2];
- uint32_t *timestamp;
+ time_t *timestamp;
/* Action */
char qname[PF_QNAME_SIZE];
@@ -721,7 +723,7 @@ struct pf_krule {
struct pf_counter_u64 evaluations;
struct pf_counter_u64 packets[2];
struct pf_counter_u64 bytes[2];
- uint32_t *timestamp;
+ time_t *timestamp;
struct pfi_kkif *kif;
struct pf_kanchor *anchor;
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 13726880a894..67422cc43997 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -344,7 +344,8 @@ pfattach_vnet(void)
V_pf_default_rule.states_tot = counter_u64_alloc(M_WAITOK);
V_pf_default_rule.src_nodes = counter_u64_alloc(M_WAITOK);
- V_pf_default_rule.timestamp = uma_zalloc_pcpu(pcpu_zone_4, M_WAITOK | M_ZERO);
+ V_pf_default_rule.timestamp = uma_zalloc_pcpu(pf_timestamp_pcpu_zone,
+ M_WAITOK | M_ZERO);
#ifdef PF_WANT_32_TO_64_COUNTER
V_pf_kifmarker = malloc(sizeof(*V_pf_kifmarker), PFI_MTYPE, M_WAITOK | M_ZERO);
@@ -534,7 +535,7 @@ pf_free_eth_rule(struct pf_keth_rule *rule)
counter_u64_free(rule->packets[i]);
counter_u64_free(rule->bytes[i]);
}
- uma_zfree_pcpu(pcpu_zone_4, rule->timestamp);
+ uma_zfree_pcpu(pf_timestamp_pcpu_zone, rule->timestamp);
pf_keth_anchor_remove(rule);
free(rule, M_PFRULE);
@@ -1786,7 +1787,8 @@ pf_krule_alloc(void)
rule = malloc(sizeof(struct pf_krule), M_PFRULE, M_WAITOK | M_ZERO);
mtx_init(&rule->rpool.mtx, "pf_krule_pool", NULL, MTX_DEF);
- rule->timestamp = uma_zalloc_pcpu(pcpu_zone_4, M_WAITOK | M_ZERO);
+ rule->timestamp = uma_zalloc_pcpu(pf_timestamp_pcpu_zone,
+ M_WAITOK | M_ZERO);
return (rule);
}
@@ -1820,7 +1822,7 @@ pf_krule_free(struct pf_krule *rule)
counter_u64_free(rule->states_cur);
counter_u64_free(rule->states_tot);
counter_u64_free(rule->src_nodes);
- uma_zfree_pcpu(pcpu_zone_4, rule->timestamp);
+ uma_zfree_pcpu(pf_timestamp_pcpu_zone, rule->timestamp);
mtx_destroy(&rule->rpool.mtx);
free(rule, M_PFRULE);
@@ -2868,7 +2870,7 @@ DIOCGETETHRULE_error:
rule->packets[i] = counter_u64_alloc(M_WAITOK);
rule->bytes[i] = counter_u64_alloc(M_WAITOK);
}
- rule->timestamp = uma_zalloc_pcpu(pcpu_zone_4,
+ rule->timestamp = uma_zalloc_pcpu(pf_timestamp_pcpu_zone,
M_WAITOK | M_ZERO);
PF_RULES_WLOCK();
@@ -6769,7 +6771,7 @@ pf_unload_vnet(void)
counter_u64_free(V_pf_default_rule.states_cur);
counter_u64_free(V_pf_default_rule.states_tot);
counter_u64_free(V_pf_default_rule.src_nodes);
- uma_zfree_pcpu(pcpu_zone_4, V_pf_default_rule.timestamp);
+ uma_zfree_pcpu(pf_timestamp_pcpu_zone, V_pf_default_rule.timestamp);
for (int i = 0; i < PFRES_MAX; i++)
counter_u64_free(V_pf_status.counters[i]);