git: 600bd6ce0639 - main - pfctl, libpfctl: introduce pfctl_pool

Kristof Provost kp at FreeBSD.org
Mon Apr 12 18:31:12 UTC 2021 

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=600bd6ce0639c84b763516477250df5964e8edf6

commit 600bd6ce0639c84b763516477250df5964e8edf6
Author:     Kurosawa Takahiro <takahiro.kurosawa at gmail.com>
AuthorDate: 2021-04-12 14:03:40 +0000
Commit:     Kristof Provost <kp at FreeBSD.org>
CommitDate: 2021-04-12 16:30:29 +0000

    pfctl, libpfctl: introduce pfctl_pool
    
    Introduce pfctl_pool to be able to extend the pool part of the pf rule
    without breaking the ABI.
    
    Reviewed by:    kp
    MFC after:      4 weeks
    Differential Revision:  https://reviews.freebsd.org/D29721
---
 lib/libpfctl/libpfctl.c   |  4 ++--
 lib/libpfctl/libpfctl.h   | 12 +++++++++++-
 sbin/pfctl/pfctl.c        | 10 +++++-----
 sbin/pfctl/pfctl_parser.c |  2 +-
 sbin/pfctl/pfctl_parser.h |  8 ++++----
 5 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c
index 2a7b64f1cbc8..a487e5a20018 100644
--- a/lib/libpfctl/libpfctl.c
+++ b/lib/libpfctl/libpfctl.c
@@ -198,7 +198,7 @@ pf_nvrule_addr_to_rule_addr(const nvlist_t *nvl, struct pf_rule_addr *addr)
 
 static void
 pfctl_nv_add_pool(nvlist_t *nvparent, const char *name,
-    const struct pf_pool *pool)
+    const struct pfctl_pool *pool)
 {
 	u_int64_t ports[2];
 	nvlist_t *nvl = nvlist_create(0);
@@ -216,7 +216,7 @@ pfctl_nv_add_pool(nvlist_t *nvparent, const char *name,
 }
 
 static void
-pf_nvpool_to_pool(const nvlist_t *nvl, struct pf_pool *pool)
+pf_nvpool_to_pool(const nvlist_t *nvl, struct pfctl_pool *pool)
 {
 	size_t len;
 	const void *data;
diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h
index 95f6d4e3c77f..bc27c18cfbb6 100644
--- a/lib/libpfctl/libpfctl.h
+++ b/lib/libpfctl/libpfctl.h
@@ -38,6 +38,16 @@
 
 struct pfctl_anchor;
 
+struct pfctl_pool {
+	struct pf_palist	 list;
+	struct pf_pooladdr	*cur;
+	struct pf_poolhashkey	 key;
+	struct pf_addr		 counter;
+	int			 tblidx;
+	u_int16_t		 proxy_port[2];
+	u_int8_t		 opts;
+};
+
 struct pfctl_rule {
 	struct pf_rule_addr	 src;
 	struct pf_rule_addr	 dst;
@@ -52,7 +62,7 @@ struct pfctl_rule {
 	char			 overload_tblname[PF_TABLE_NAME_SIZE];
 
 	TAILQ_ENTRY(pfctl_rule)	 entries;
-	struct pf_pool		 rpool;
+	struct pfctl_pool	 rpool;
 
 	u_int64_t		 evaluations;
 	u_int64_t		 packets[2];
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index bc646ab335e1..879fc876826c 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -92,7 +92,7 @@ int	 pfctl_load_timeout(struct pfctl *, unsigned int, unsigned int);
 int	 pfctl_load_debug(struct pfctl *, unsigned int);
 int	 pfctl_load_logif(struct pfctl *, char *);
 int	 pfctl_load_hostid(struct pfctl *, u_int32_t);
-int	 pfctl_get_pool(int, struct pf_pool *, u_int32_t, u_int32_t, int,
+int	 pfctl_get_pool(int, struct pfctl_pool *, u_int32_t, u_int32_t, int,
 	    char *);
 void	 pfctl_print_rule_counters(struct pfctl_rule *, int);
 int	 pfctl_show_rules(int, char *, int, enum pfctl_show, char *, int);
@@ -805,7 +805,7 @@ pfctl_id_kill_states(int dev, const char *iface, int opts)
 }
 
 int
-pfctl_get_pool(int dev, struct pf_pool *pool, u_int32_t nr,
+pfctl_get_pool(int dev, struct pfctl_pool *pool, u_int32_t nr,
     u_int32_t ticket, int r_action, char *anchorname)
 {
 	struct pfioc_pooladdr pp;
@@ -840,7 +840,7 @@ pfctl_get_pool(int dev, struct pf_pool *pool, u_int32_t nr,
 }
 
 void
-pfctl_move_pool(struct pf_pool *src, struct pf_pool *dst)
+pfctl_move_pool(struct pfctl_pool *src, struct pfctl_pool *dst)
 {
 	struct pf_pooladdr *pa;
 
@@ -851,7 +851,7 @@ pfctl_move_pool(struct pf_pool *src, struct pf_pool *dst)
 }
 
 void
-pfctl_clear_pool(struct pf_pool *pool)
+pfctl_clear_pool(struct pfctl_pool *pool)
 {
 	struct pf_pooladdr *pa;
 
@@ -1272,7 +1272,7 @@ pfctl_show_limits(int dev, int opts)
 
 /* callbacks for rule/nat/rdr/addr */
 int
-pfctl_add_pool(struct pfctl *pf, struct pf_pool *p, sa_family_t af)
+pfctl_add_pool(struct pfctl *pf, struct pfctl_pool *p, sa_family_t af)
 {
 	struct pf_pooladdr *pa;
 
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index 903ea88c4b15..e0dd04cb4c3d 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -412,7 +412,7 @@ print_fromto(struct pf_rule_addr *src, pf_osfp_t osfp, struct pf_rule_addr *dst,
 }
 
 void
-print_pool(struct pf_pool *pool, u_int16_t p1, u_int16_t p2,
+print_pool(struct pfctl_pool *pool, u_int16_t p1, u_int16_t p2,
     sa_family_t af, int id)
 {
 	struct pf_pooladdr	*pooladdr;
diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h
index f36e8f1d4ac8..43d8488dcab8 100644
--- a/sbin/pfctl/pfctl_parser.h
+++ b/sbin/pfctl/pfctl_parser.h
@@ -256,9 +256,9 @@ int	pfctl_optimize_ruleset(struct pfctl *, struct pfctl_ruleset *);
 
 int	pfctl_append_rule(struct pfctl *, struct pfctl_rule *, const char *);
 int	pfctl_add_altq(struct pfctl *, struct pf_altq *);
-int	pfctl_add_pool(struct pfctl *, struct pf_pool *, sa_family_t);
-void	pfctl_move_pool(struct pf_pool *, struct pf_pool *);
-void	pfctl_clear_pool(struct pf_pool *);
+int	pfctl_add_pool(struct pfctl *, struct pfctl_pool *, sa_family_t);
+void	pfctl_move_pool(struct pfctl_pool *, struct pfctl_pool *);
+void	pfctl_clear_pool(struct pfctl_pool *);
 
 int	pfctl_set_timeout(struct pfctl *, const char *, int, int);
 int	pfctl_set_optimization(struct pfctl *, const char *);
@@ -272,7 +272,7 @@ int	parse_config(char *, struct pfctl *);
 int	parse_flags(char *);
 int	pfctl_load_anchors(int, struct pfctl *, struct pfr_buffer *);
 
-void	print_pool(struct pf_pool *, u_int16_t, u_int16_t, sa_family_t, int);
+void	print_pool(struct pfctl_pool *, u_int16_t, u_int16_t, sa_family_t, int);
 void	print_src_node(struct pf_src_node *, int);
 void	print_rule(struct pfctl_rule *, const char *, int, int);
 void	print_tabledef(const char *, int, int, struct node_tinithead *);

More information about the dev-commits-src-all mailing list