git: 1d090028d303 - main - pf: use time_to for timestamps

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Wed, 05 Oct 2022 16:14:42 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=1d090028d3037adffac6fde004b2ad035921bb49

commit 1d090028d3037adffac6fde004b2ad035921bb49
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-09-29 12:45:03 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-10-05 15:52:27 +0000

    pf: use time_to for timestamps
    
    Use time_t rather than uint32_t to represent the timestamps. That means
    we have 64 bits rather than 32 on all platforms except i386, avoiding
    the Y2K38 issues on most platforms.
    
    Reviewed by:    Zhenlei Huang
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D36837
---
 lib/libpfctl/libpfctl.h   |  4 ++--
 sbin/pfctl/pfctl.c        |  8 ++++----
 sys/net/pfvar.h           |  6 ++++--
 sys/netpfil/pf/pf_ioctl.c | 14 ++++++++------
 4 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h
index 261913e1873d..faccabd227a3 100644
--- a/lib/libpfctl/libpfctl.h
+++ b/lib/libpfctl/libpfctl.h
@@ -102,7 +102,7 @@ struct pfctl_eth_rule {
 	uint64_t		 evaluations;
 	uint64_t		 packets[2];
 	uint64_t		 bytes[2];
-	uint32_t		 last_active_timestamp;
+	time_t			 last_active_timestamp;
 
 	/* Action */
 	char			 qname[PF_QNAME_SIZE];
@@ -175,7 +175,7 @@ struct pfctl_rule {
 	uint64_t		 evaluations;
 	uint64_t		 packets[2];
 	uint64_t		 bytes[2];
-	uint32_t		 last_active_timestamp;
+	time_t			 last_active_timestamp;
 
 	struct pfi_kif		*kif;
 	struct pfctl_anchor	*anchor;
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index bc6f14e1c197..37c9625492b1 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1020,8 +1020,8 @@ pfctl_print_eth_rule_counters(struct pfctl_eth_rule *rule, int opts)
 		char timestr[30];
 
 		if (rule->last_active_timestamp != 0) {
-			time_t last_active = rule->last_active_timestamp;
-			bcopy(ctime(&last_active), timestr, sizeof(timestr));
+			bcopy(ctime(&rule->last_active_timestamp), timestr,
+			    sizeof(timestr));
 			*strchr(timestr, '\n') = '\0';
 		} else {
 			snprintf(timestr, sizeof(timestr), "N/A");
@@ -1070,8 +1070,8 @@ pfctl_print_rule_counters(struct pfctl_rule *rule, int opts)
 	if (opts & PF_OPT_VERBOSE2) {
 		char timestr[30];
 		if (rule->last_active_timestamp != 0) {
-			time_t last_active = rule->last_active_timestamp;
-			bcopy(ctime(&last_active), timestr, sizeof(timestr));
+			bcopy(ctime(&rule->last_active_timestamp), timestr,
+			    sizeof(timestr));
 			*strchr(timestr, '\n') = '\0';
 		} else {
 			snprintf(timestr, sizeof(timestr), "N/A");
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index ffec6764f6f8..16ee0b55e2e8 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -305,6 +305,8 @@ pf_counter_u64_zero(struct pf_counter_u64 *pfcu64)
 		critical_exit();					\
 	} while (0)
 
+#define pf_timestamp_pcpu_zone	(sizeof(time_t) == 4 ? pcpu_zone_4 : pcpu_zone_8)
+_Static_assert(sizeof(time_t) == 4 || sizeof(time_t) == 8, "unexpected time_t size");
 
 SYSCTL_DECL(_net_pf);
 MALLOC_DECLARE(M_PFHASH);
@@ -681,7 +683,7 @@ struct pf_keth_rule {
 	counter_u64_t		 evaluations;
 	counter_u64_t		 packets[2];
 	counter_u64_t		 bytes[2];
-	uint32_t		*timestamp;
+	time_t			*timestamp;
 
 	/* Action */
 	char			 qname[PF_QNAME_SIZE];
@@ -721,7 +723,7 @@ struct pf_krule {
 	struct pf_counter_u64	 evaluations;
 	struct pf_counter_u64	 packets[2];
 	struct pf_counter_u64	 bytes[2];
-	uint32_t		*timestamp;
+	time_t			*timestamp;
 
 	struct pfi_kkif		*kif;
 	struct pf_kanchor	*anchor;
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 13726880a894..67422cc43997 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -344,7 +344,8 @@ pfattach_vnet(void)
 	V_pf_default_rule.states_tot = counter_u64_alloc(M_WAITOK);
 	V_pf_default_rule.src_nodes = counter_u64_alloc(M_WAITOK);
 
-	V_pf_default_rule.timestamp = uma_zalloc_pcpu(pcpu_zone_4, M_WAITOK | M_ZERO);
+	V_pf_default_rule.timestamp = uma_zalloc_pcpu(pf_timestamp_pcpu_zone,
+	    M_WAITOK | M_ZERO);
 
 #ifdef PF_WANT_32_TO_64_COUNTER
 	V_pf_kifmarker = malloc(sizeof(*V_pf_kifmarker), PFI_MTYPE, M_WAITOK | M_ZERO);
@@ -534,7 +535,7 @@ pf_free_eth_rule(struct pf_keth_rule *rule)
 		counter_u64_free(rule->packets[i]);
 		counter_u64_free(rule->bytes[i]);
 	}
-	uma_zfree_pcpu(pcpu_zone_4, rule->timestamp);
+	uma_zfree_pcpu(pf_timestamp_pcpu_zone, rule->timestamp);
 	pf_keth_anchor_remove(rule);
 
 	free(rule, M_PFRULE);
@@ -1786,7 +1787,8 @@ pf_krule_alloc(void)
 
 	rule = malloc(sizeof(struct pf_krule), M_PFRULE, M_WAITOK | M_ZERO);
 	mtx_init(&rule->rpool.mtx, "pf_krule_pool", NULL, MTX_DEF);
-	rule->timestamp = uma_zalloc_pcpu(pcpu_zone_4, M_WAITOK | M_ZERO);
+	rule->timestamp = uma_zalloc_pcpu(pf_timestamp_pcpu_zone,
+	    M_WAITOK | M_ZERO);
 	return (rule);
 }
 
@@ -1820,7 +1822,7 @@ pf_krule_free(struct pf_krule *rule)
 	counter_u64_free(rule->states_cur);
 	counter_u64_free(rule->states_tot);
 	counter_u64_free(rule->src_nodes);
-	uma_zfree_pcpu(pcpu_zone_4, rule->timestamp);
+	uma_zfree_pcpu(pf_timestamp_pcpu_zone, rule->timestamp);
 
 	mtx_destroy(&rule->rpool.mtx);
 	free(rule, M_PFRULE);
@@ -2868,7 +2870,7 @@ DIOCGETETHRULE_error:
 			rule->packets[i] = counter_u64_alloc(M_WAITOK);
 			rule->bytes[i] = counter_u64_alloc(M_WAITOK);
 		}
-		rule->timestamp = uma_zalloc_pcpu(pcpu_zone_4,
+		rule->timestamp = uma_zalloc_pcpu(pf_timestamp_pcpu_zone,
 		    M_WAITOK | M_ZERO);
 
 		PF_RULES_WLOCK();
@@ -6769,7 +6771,7 @@ pf_unload_vnet(void)
 	counter_u64_free(V_pf_default_rule.states_cur);
 	counter_u64_free(V_pf_default_rule.states_tot);
 	counter_u64_free(V_pf_default_rule.src_nodes);
-	uma_zfree_pcpu(pcpu_zone_4, V_pf_default_rule.timestamp);
+	uma_zfree_pcpu(pf_timestamp_pcpu_zone, V_pf_default_rule.timestamp);
 
 	for (int i = 0; i < PFRES_MAX; i++)
 		counter_u64_free(V_pf_status.counters[i]);