svn commit: r197935 - in user/eri/pf45/head/sys: contrib/pf/net
i386/conf modules/pfsync
Ermal Luçi
eri at FreeBSD.org
Sat Oct 10 16:08:06 UTC 2009
Author: eri
Date: Sat Oct 10 16:08:05 2009
New Revision: 197935
URL: http://svn.freebsd.org/changeset/base/197935
Log:
* Make pfsync(4) compile. OpenBSD TDB features are wrapped with notyet for now.
* Add Makefile under modules directory to allow pfsync(4) to be built/loaded as module.
* Remove dependency of pf(4) module from pfsync(4) internals.
Added:
user/eri/pf45/head/sys/modules/pfsync/
user/eri/pf45/head/sys/modules/pfsync/Makefile (contents, props changed)
Modified:
user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c
user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.h
user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c
user/eri/pf45/head/sys/contrib/pf/net/pfvar.h
user/eri/pf45/head/sys/i386/conf/GENERIC
Modified: user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c
==============================================================================
--- user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c Sat Oct 10 15:33:01 2009 (r197934)
+++ user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c Sat Oct 10 16:08:05 2009 (r197935)
@@ -42,20 +42,71 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef __FreeBSD__
+#include "opt_inet.h"
+#include "opt_inet6.h"
+#include "opt_bpf.h"
+#include "opt_pf.h"
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#ifdef DEV_BPF
+#define NBPFILTER DEV_BPF
+#else
+#define NBPFILTER 0
+#endif
+
+#ifdef DEV_PFSYNC
+#define NPFSYNC DEV_PFSYNC
+#else
+#define NPFSYNC 0
+#endif
+
+#ifdef DEV_CARP
+#define NCARP DEV_CARP
+#else
+#define NCARP 0
+#endif
+#endif /* __FreeBSD__ */
+
#include <sys/param.h>
+#ifdef __FreeBSD__
+#include <sys/bus.h>
+#include <sys/interrupt.h>
+#include <sys/priv.h>
+#endif
#include <sys/proc.h>
#include <sys/systm.h>
#include <sys/time.h>
#include <sys/mbuf.h>
#include <sys/socket.h>
+#ifdef __FreeBSD__
+#include <sys/endian.h>
+#include <sys/malloc.h>
+#include <sys/module.h>
+#include <sys/sockio.h>
+#include <sys/taskqueue.h>
+#include <sys/lock.h>
+#include <sys/mutex.h>
+#else
#include <sys/ioctl.h>
#include <sys/timeout.h>
+#endif
#include <sys/kernel.h>
#include <sys/sysctl.h>
+#ifndef __FreeBSD__
#include <sys/pool.h>
+#endif
#include <net/if.h>
+#ifdef __FreeBSD__
+#include <net/if_clone.h>
+#endif
#include <net/if_types.h>
+#ifdef __FreeBSD__
+#include <net/netisr.h>
+#endif
#include <net/route.h>
#include <net/bpf.h>
#include <net/netisr.h>
@@ -75,7 +126,9 @@
#include <netinet6/nd6.h>
#endif /* INET6 */
+#ifndef __FreeBSD__
#include "carp.h"
+#endif
#if NCARP > 0
#include <netinet/ip_carp.h>
#endif
@@ -83,8 +136,10 @@
#include <net/pfvar.h>
#include <net/if_pfsync.h>
+#ifndef __FreeBSD__
#include "bpfilter.h"
#include "pfsync.h"
+#endif
#define PFSYNC_MINPKT ( \
sizeof(struct ip) + \
@@ -166,20 +221,34 @@ struct pfsync_deferral {
TAILQ_ENTRY(pfsync_deferral) pd_entry;
struct pf_state *pd_st;
struct mbuf *pd_m;
+#ifdef __FreeBSD__
+ struct callout pd_tmo;
+#else
struct timeout pd_tmo;
+#endif
};
TAILQ_HEAD(pfsync_deferrals, pfsync_deferral);
#define PFSYNC_PLSIZE MAX(sizeof(struct pfsync_upd_req_item), \
sizeof(struct pfsync_deferral))
+#ifdef notyet
int pfsync_out_tdb(struct tdb *, struct mbuf *, int);
+#endif
struct pfsync_softc {
+#ifdef __FreeBSD__
+ struct ifnet *sc_ifp;
+#else
struct ifnet sc_if;
+#endif
struct ifnet *sc_sync_if;
+#ifdef __FreeBSD__
+ uma_zone_t sc_pool;
+#else
struct pool sc_pool;
+#endif
struct ip_moptions sc_imo;
@@ -201,29 +270,77 @@ struct pfsync_softc {
u_int32_t sc_ureq_sent;
int sc_bulk_tries;
+#ifdef __FreeBSD__
+ struct callout sc_bulkfail_tmo;
+#else
struct timeout sc_bulkfail_tmo;
+#endif
u_int32_t sc_ureq_received;
struct pf_state *sc_bulk_next;
struct pf_state *sc_bulk_last;
+#ifdef __FreeBSD__
+ struct callout sc_bulk_tmo;
+#else
struct timeout sc_bulk_tmo;
+#endif
TAILQ_HEAD(, tdb) sc_tdb_q;
+#ifdef __FreeBSD__
+ struct callout sc_tmo;
+#else
struct timeout sc_tmo;
+#endif
+#ifdef __FreeBSD__
+ eventhandler_tag sc_detachtag;
+#endif
+
};
struct pfsync_softc *pfsyncif = NULL;
struct pfsyncstats pfsyncstats;
+#ifdef __FreeBSD__
+#ifdef notyet
+SYSCTL_DECL(_net_inet_pfsync);
+SYSCTL_STRUCT(_net_inet_pfsync, 0, stats, CTLFLAG_RW,
+ &pfsyncstats, pfsyncstats,
+ "PFSYNC statistics (struct pfsyncstats, net/if_pfsync.h)");
+#endif
+
+/* Macros to set/clear/test flags. */
+#ifdef _KERNEL
+#define SET(t, f) ((t) |= (f))
+#define CLR(t, f) ((t) &= ~(f))
+#define ISSET(t, f) ((t) & (f))
+#endif
+
+static void pfsyncintr(void *);
+struct pfsync_swi {
+ void * pfsync_swi_cookie;
+};
+static struct pfsync_swi pfsync_swi;
+#define schednetisr(p) swi_sched(pfsync_swi.pfsync_swi_cookie, 0)
+#define NETISR_PFSYNC
+#endif
void pfsyncattach(int);
+#ifdef __FreeBSD__
+int pfsync_clone_create(struct if_clone *, int, caddr_t);
+void pfsync_clone_destroy(struct ifnet *);
+#else
int pfsync_clone_create(struct if_clone *, int);
int pfsync_clone_destroy(struct ifnet *);
+#endif
int pfsync_alloc_scrub_memory(struct pfsync_state_peer *,
struct pf_state_peer *);
void pfsync_update_net_tdb(struct pfsync_tdb *);
int pfsyncoutput(struct ifnet *, struct mbuf *, struct sockaddr *,
+#ifdef __FreeBSD__
+ struct route *);
+#else
struct rtentry *);
+#endif
int pfsyncioctl(struct ifnet *, u_long, caddr_t);
void pfsyncstart(struct ifnet *);
@@ -251,11 +368,23 @@ void pfsync_bulk_status(u_int8_t);
void pfsync_bulk_update(void *);
void pfsync_bulk_fail(void *);
+#ifdef __FreeBSD__
+void pfsync_ifdetach(void *, struct ifnet *);
+
+/* XXX: ugly */
+#define betoh64 (unsigned long long)be64toh
+#define timeout_del callout_stop
+#endif
+
#define PFSYNC_MAX_BULKTRIES 12
int pfsync_sync_ok;
+#ifdef __FreeBSD__
+IFC_SIMPLE_DECLARE(pfsync, 1);
+#else
struct if_clone pfsync_cloner =
IF_CLONE_INITIALIZER("pfsync", pfsync_clone_create, pfsync_clone_destroy);
+#endif
void
pfsyncattach(int npfsync)
@@ -263,7 +392,11 @@ pfsyncattach(int npfsync)
if_clone_attach(&pfsync_cloner);
}
int
+#ifdef __FreeBSD__
+pfsync_clone_create(struct if_clone *ifc, int unit, caddr_t param)
+#else
pfsync_clone_create(struct if_clone *ifc, int unit)
+#endif
{
struct pfsync_softc *sc;
struct ifnet *ifp;
@@ -274,14 +407,23 @@ pfsync_clone_create(struct if_clone *ifc
pfsync_sync_ok = 1;
- sc = malloc(sizeof(*pfsyncif), M_DEVBUF, M_NOWAIT | M_ZERO);
+ sc = malloc(sizeof(struct pfsync_softc), M_DEVBUF, M_NOWAIT | M_ZERO);
if (sc == NULL)
return (ENOMEM);
for (q = 0; q < PFSYNC_S_COUNT; q++)
TAILQ_INIT(&sc->sc_qs[q]);
+#ifdef __FreeBSD__
+ sc->sc_pool = uma_zcreate("pfsync", PFSYNC_PLSIZE,
+ NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
+ if (sc->sc_pool == NULL) {
+ free(sc, M_DEVBUF);
+ return (ENOMEM);
+ }
+#else
pool_init(&sc->sc_pool, PFSYNC_PLSIZE, 0, 0, 0, "pfsync", NULL);
+#endif
TAILQ_INIT(&sc->sc_upd_req_list);
TAILQ_INIT(&sc->sc_deferrals);
sc->sc_deferred = 0;
@@ -291,13 +433,42 @@ pfsync_clone_create(struct if_clone *ifc
sc->sc_len = PFSYNC_MINPKT;
sc->sc_maxupdates = 128;
+#ifdef __FreeBSD__
+ sc->sc_imo.imo_membership = (struct in_multi **)malloc(
+ (sizeof(struct in_multi *) * IP_MIN_MEMBERSHIPS), M_DEVBUF,
+ M_NOWAIT | M_ZERO);
+ sc->sc_imo.imo_max_memberships = IP_MIN_MEMBERSHIPS;
+ sc->sc_imo.imo_multicast_vif = -1;
+#else
sc->sc_imo.imo_membership = (struct in_multi **)malloc(
(sizeof(struct in_multi *) * IP_MIN_MEMBERSHIPS), M_IPMOPTS,
M_WAITOK | M_ZERO);
sc->sc_imo.imo_max_memberships = IP_MIN_MEMBERSHIPS;
+#endif
+#ifdef __FreeBSD__
+ ifp = sc->sc_ifp = if_alloc(IFT_PFSYNC);
+ if (ifp == NULL) {
+ free(sc->sc_imo.imo_membership, M_DEVBUF);
+ uma_zdestroy(sc->sc_pool);
+ free(sc, M_DEVBUF);
+ return (ENOSPC);
+ }
+ if_initname(ifp, ifc->ifc_name, unit);
+
+ sc->sc_detachtag = EVENTHANDLER_REGISTER(ifnet_departure_event,
+ pfsync_ifdetach, pfsyncif, EVENTHANDLER_PRI_ANY);
+ if (sc->sc_detachtag == NULL) {
+ if_free(ifp);
+ free(sc->sc_imo.imo_membership, M_DEVBUF);
+ uma_zdestroy(sc->sc_pool);
+ free(sc, M_DEVBUF);
+ return (ENOSPC);
+ }
+#else
ifp = &sc->sc_if;
snprintf(ifp->if_xname, sizeof ifp->if_xname, "pfsync%d", unit);
+#endif
ifp->if_softc = sc;
ifp->if_ioctl = pfsyncioctl;
ifp->if_output = pfsyncoutput;
@@ -306,38 +477,59 @@ pfsync_clone_create(struct if_clone *ifc
ifp->if_snd.ifq_maxlen = ifqmaxlen;
ifp->if_hdrlen = sizeof(struct pfsync_header);
ifp->if_mtu = 1500; /* XXX */
+#ifdef __FreeBSD__
+ callout_init(&sc->sc_tmo, CALLOUT_MPSAFE);
+ callout_init(&sc->sc_bulk_tmo, CALLOUT_MPSAFE);
+ callout_init(&sc->sc_bulkfail_tmo, CALLOUT_MPSAFE);
+#else
ifp->if_hardmtu = MCLBYTES; /* XXX */
timeout_set(&sc->sc_tmo, pfsync_timeout, sc);
timeout_set(&sc->sc_bulk_tmo, pfsync_bulk_update, sc);
timeout_set(&sc->sc_bulkfail_tmo, pfsync_bulk_fail, sc);
+#endif
if_attach(ifp);
+#ifndef __FreeBSD__
if_alloc_sadl(ifp);
+#endif
#if NCARP > 0
if_addgroup(ifp, "carp");
#endif
#if NBPFILTER > 0
+#ifdef __FreeBSD__
+ bpfattach(ifp, DLT_PFSYNC, PFSYNC_HDRLEN);
+#else
bpfattach(&sc->sc_if.if_bpf, ifp, DLT_PFSYNC, PFSYNC_HDRLEN);
#endif
+#endif
pfsyncif = sc;
return (0);
}
+#ifdef __FreeBSD__
+void
+#else
int
+#endif
pfsync_clone_destroy(struct ifnet *ifp)
{
struct pfsync_softc *sc = ifp->if_softc;
+#ifdef __FreeBSD__
+ EVENTHANDLER_DEREGISTER(ifnet_departure_event, sc->sc_detachtag);
+#endif
timeout_del(&sc->sc_bulk_tmo);
timeout_del(&sc->sc_tmo);
#if NCARP > 0
+#ifdef notyet
if (!pfsync_sync_ok)
carp_group_demote_adj(&sc->sc_if, -1);
#endif
+#endif
#if NBPFILTER > 0
bpfdetach(ifp);
#endif
@@ -348,24 +540,44 @@ pfsync_clone_destroy(struct ifnet *ifp)
while (sc->sc_deferred > 0)
pfsync_undefer(TAILQ_FIRST(&sc->sc_deferrals), 0);
+#ifdef __FreeBSD__
+ UMA_DESTROY(sc->sc_pool);
+#else
pool_destroy(&sc->sc_pool);
+#endif
+#ifdef __FreeBSD__
+ if_free(ifp);
+ free(sc->sc_imo.imo_membership, M_DEVBUF);
+#else
free(sc->sc_imo.imo_membership, M_IPMOPTS);
+#endif
free(sc, M_DEVBUF);
pfsyncif = NULL;
+#ifndef __FreeBSD__
return (0);
+#endif
}
struct mbuf *
pfsync_if_dequeue(struct ifnet *ifp)
{
struct mbuf *m;
+#ifndef __FreeBSD__
int s;
+#endif
+#ifdef __FreeBSD__
+ IF_LOCK(&ifp->if_snd);
+ _IF_DROP(&ifp->if_snd);
+ _IF_DEQUEUE(&ifp->if_snd, m);
+ IF_UNLOCK(&ifp->if_snd);
+#else
s = splnet();
IF_DEQUEUE(&ifp->if_snd, m);
splx(s);
+#endif
return (m);
}
@@ -379,7 +591,9 @@ pfsyncstart(struct ifnet *ifp)
struct mbuf *m;
while ((m = pfsync_if_dequeue(ifp)) != NULL) {
+#ifndef __FreeBSD__
IF_DROP(&ifp->if_snd);
+#endif
m_freem(m);
}
}
@@ -397,6 +611,7 @@ pfsync_alloc_scrub_memory(struct pfsync_
return (0);
}
+#ifndef __FreeBSD__
void
pfsync_state_export(struct pfsync_state *sp, struct pf_state *st)
{
@@ -457,6 +672,7 @@ pfsync_state_export(struct pfsync_state
pf_state_counter_hton(st->bytes[1], sp->bytes[1]);
}
+#endif
int
pfsync_state_import(struct pfsync_state *sp, u_int8_t flags)
@@ -498,10 +714,17 @@ pfsync_state_import(struct pfsync_state
if ((r->max_states && r->states_cur >= r->max_states))
goto cleanup;
+#ifdef __FreeBSD__
+ if (flags & PFSYNC_SI_IOCTL)
+ pool_flags = PR_WAITOK | PR_ZERO;
+ else
+ pool_flags = PR_ZERO;
+#else
if (flags & PFSYNC_SI_IOCTL)
pool_flags = PR_WAITOK | PR_LIMITFAIL | PR_ZERO;
else
pool_flags = PR_LIMITFAIL | PR_ZERO;
+#endif
if ((st = pool_get(&pf_state_pl, pool_flags)) == NULL)
goto cleanup;
@@ -614,7 +837,11 @@ pfsync_state_import(struct pfsync_state
}
void
+#ifdef __FreeBSD__
+pfsync_input(struct mbuf *m, __unused int off)
+#else
pfsync_input(struct mbuf *m, ...)
+#endif
{
struct pfsync_softc *sc = pfsyncif;
struct pfsync_pkt pkt;
@@ -637,9 +864,13 @@ pfsync_input(struct mbuf *m, ...)
goto done;
}
+#ifdef __FreeBSD__
+ sc->sc_ifp->if_ipackets++;
+ sc->sc_ifp->if_ibytes += m->m_pkthdr.len;
+#else
sc->sc_if.if_ipackets++;
sc->sc_if.if_ibytes += m->m_pkthdr.len;
-
+#endif
/* verify that the IP TTL is 255. */
if (ip->ip_ttl != PFSYNC_DFLTTL) {
pfsyncstats.pfsyncs_badttl++;
@@ -726,6 +957,9 @@ pfsync_in_clr(struct pfsync_pkt *pkt, st
clr = (struct pfsync_clr *)(mp->m_data + offp);
s = splsoftnet();
+#ifdef __FreeBSD__
+ PF_LOCK();
+#endif
for (i = 0; i < count; i++) {
creatorid = clr[i].creatorid;
@@ -757,6 +991,9 @@ pfsync_in_clr(struct pfsync_pkt *pkt, st
}
}
}
+#ifdef __FreeBSD__
+ PF_UNLOCK();
+#endif
splx(s);
return (len);
@@ -780,6 +1017,9 @@ pfsync_in_ins(struct pfsync_pkt *pkt, st
sa = (struct pfsync_state *)(mp->m_data + offp);
s = splsoftnet();
+#ifdef __FreeBSD__
+ PF_LOCK();
+#endif
for (i = 0; i < count; i++) {
sp = &sa[i];
@@ -802,6 +1042,9 @@ pfsync_in_ins(struct pfsync_pkt *pkt, st
break;
}
}
+#ifdef __FreeBSD__
+ PF_UNLOCK();
+#endif
splx(s);
return (len);
@@ -827,6 +1070,9 @@ pfsync_in_iack(struct pfsync_pkt *pkt, s
iaa = (struct pfsync_ins_ack *)(mp->m_data + offp);
s = splsoftnet();
+#ifdef __FreeBSD__
+ PF_LOCK();
+#endif
for (i = 0; i < count; i++) {
ia = &iaa[i];
@@ -840,6 +1086,9 @@ pfsync_in_iack(struct pfsync_pkt *pkt, s
if (ISSET(st->state_flags, PFSTATE_ACK))
pfsync_deferred(st, 0);
}
+#ifdef __FreeBSD__
+ PF_UNLOCK();
+#endif
splx(s);
/*
* XXX this is not yet implemented, but we know the size of the
@@ -905,6 +1154,9 @@ pfsync_in_upd(struct pfsync_pkt *pkt, st
sa = (struct pfsync_state *)(mp->m_data + offp);
s = splsoftnet();
+#ifdef __FreeBSD__
+ PF_LOCK();
+#endif
for (i = 0; i < count; i++) {
sp = &sa[i];
@@ -970,6 +1222,9 @@ pfsync_in_upd(struct pfsync_pkt *pkt, st
st->timeout = sp->timeout;
st->pfsync_time = time_second;
}
+#ifdef __FreeBSD__
+ PF_UNLOCK();
+#endif
splx(s);
return (len);
@@ -998,6 +1253,9 @@ pfsync_in_upd_c(struct pfsync_pkt *pkt,
ua = (struct pfsync_upd_c *)(mp->m_data + offp);
s = splsoftnet();
+#ifdef __FreeBSD__
+ PF_LOCK();
+#endif
for (i = 0; i < count; i++) {
up = &ua[i];
@@ -1062,6 +1320,9 @@ pfsync_in_upd_c(struct pfsync_pkt *pkt,
st->timeout = up->timeout;
st->pfsync_time = time_second;
}
+#ifdef __FreeBSD__
+ PF_UNLOCK();
+#endif
splx(s);
return (len);
@@ -1128,6 +1389,9 @@ pfsync_in_del(struct pfsync_pkt *pkt, st
sa = (struct pfsync_state *)(mp->m_data + offp);
s = splsoftnet();
+#ifdef __FreeBSD__
+ PF_LOCK();
+#endif
for (i = 0; i < count; i++) {
sp = &sa[i];
@@ -1142,6 +1406,9 @@ pfsync_in_del(struct pfsync_pkt *pkt, st
SET(st->state_flags, PFSTATE_NOSYNC);
pf_unlink_state(st);
}
+#ifdef __FreeBSD__
+ PF_UNLOCK();
+#endif
splx(s);
return (len);
@@ -1166,6 +1433,9 @@ pfsync_in_del_c(struct pfsync_pkt *pkt,
sa = (struct pfsync_del_c *)(mp->m_data + offp);
s = splsoftnet();
+#ifdef __FreeBSD__
+ PF_LOCK();
+#endif
for (i = 0; i < count; i++) {
sp = &sa[i];
@@ -1181,6 +1451,9 @@ pfsync_in_del_c(struct pfsync_pkt *pkt,
SET(st->state_flags, PFSTATE_NOSYNC);
pf_unlink_state(st);
}
+#ifdef __FreeBSD__
+ PF_LOCK();
+#endif
splx(s);
return (len);
@@ -1208,8 +1481,13 @@ pfsync_in_bus(struct pfsync_pkt *pkt, st
switch (bus->status) {
case PFSYNC_BUS_START:
+#ifdef __FreeBSD__
+ callout_reset(&sc->sc_bulkfail_tmo, 5 * hz, pfsync_bulk_fail,
+ pfsyncif);
+#else
timeout_add_sec(&sc->sc_bulkfail_tmo, 5); /* XXX magic */
-#if XXX
+#endif
+#ifdef XXX
pf_pool_limits[PF_LIMIT_STATES].limit /
(PFSYNC_BULKPACKETS * sc->sc_maxcount));
#endif
@@ -1225,9 +1503,11 @@ pfsync_in_bus(struct pfsync_pkt *pkt, st
sc->sc_bulk_tries = 0;
timeout_del(&sc->sc_bulkfail_tmo);
#if NCARP > 0
+#ifdef notyet
if (!pfsync_sync_ok)
carp_group_demote_adj(&sc->sc_if, -1);
#endif
+#endif
pfsync_sync_ok = 1;
if (pf_status.debug >= PF_DEBUG_MISC)
printf("pfsync: received valid "
@@ -1263,8 +1543,14 @@ pfsync_in_tdb(struct pfsync_pkt *pkt, st
tp = (struct pfsync_tdb *)(mp->m_data + offp);
s = splsoftnet();
+#ifdef __FreeBSD__
+ PF_LOCK();
+#endif
for (i = 0; i < count; i++)
pfsync_update_net_tdb(&tp[i]);
+#ifdef __FreeBSD__
+ PF_UNLOCK();
+#endif
splx(s);
#endif
@@ -1337,7 +1623,11 @@ pfsync_in_error(struct pfsync_pkt *pkt,
int
pfsyncoutput(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst,
+#ifdef __FreeBSD__
+ struct route *rt)
+#else
struct rtentry *rt)
+#endif
{
m_freem(m);
return (0);
@@ -1347,7 +1637,9 @@ pfsyncoutput(struct ifnet *ifp, struct m
int
pfsyncioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
{
+#ifndef __FreeBSD__
struct proc *p = curproc;
+#endif
struct pfsync_softc *sc = ifp->if_softc;
struct ifreq *ifr = (struct ifreq *)data;
struct ip_moptions *imo = &sc->sc_imo;
@@ -1363,10 +1655,17 @@ pfsyncioctl(struct ifnet *ifp, u_long cm
case SIOCSIFDSTADDR:
#endif
case SIOCSIFFLAGS:
+#ifdef __FreeBSD__
+ if (ifp->if_flags & IFF_UP)
+ ifp->if_drv_flags |= IFF_DRV_RUNNING;
+ else
+ ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
+#else
if (ifp->if_flags & IFF_UP)
ifp->if_flags |= IFF_RUNNING;
else
ifp->if_flags &= ~IFF_RUNNING;
+#endif
break;
case SIOCSIFMTU:
if (ifr->ifr_mtu <= PFSYNC_MINPKT)
@@ -1375,7 +1674,13 @@ pfsyncioctl(struct ifnet *ifp, u_long cm
ifr->ifr_mtu = MCLBYTES;
if (ifr->ifr_mtu < ifp->if_mtu) {
s = splnet();
+#ifdef __FreeBSD__
+ PF_LOCK();
+#endif
pfsync_sendout();
+#ifdef __FreeBSD__
+ PF_UNLOCK();
+#endif
splx(s);
}
ifp->if_mtu = ifr->ifr_mtu;
@@ -1391,23 +1696,44 @@ pfsyncioctl(struct ifnet *ifp, u_long cm
return (copyout(&pfsyncr, ifr->ifr_data, sizeof(pfsyncr)));
case SIOCSETPFSYNC:
+#ifdef __FreeBSD__
+ if ((error = priv_check(curthread, PRIV_NETINET_PF)) != 0)
+#else
if ((error = suser(p, p->p_acflag)) != 0)
+#endif
return (error);
if ((error = copyin(ifr->ifr_data, &pfsyncr, sizeof(pfsyncr))))
return (error);
+#ifdef __FreeBSD__
+ PF_LOCK();
+#endif
if (pfsyncr.pfsyncr_syncpeer.s_addr == 0)
+#ifdef __FreeBSD__
+ sc->sc_sync_peer.s_addr = htonl(INADDR_PFSYNC_GROUP);
+#else
sc->sc_sync_peer.s_addr = INADDR_PFSYNC_GROUP;
+#endif
else
sc->sc_sync_peer.s_addr =
pfsyncr.pfsyncr_syncpeer.s_addr;
if (pfsyncr.pfsyncr_maxupdates > 255)
+#ifdef __FreeBSD__
+ {
+ PF_UNLOCK();
+#endif
return (EINVAL);
+#ifdef __FreeBSD__
+ }
+#endif
sc->sc_maxupdates = pfsyncr.pfsyncr_maxupdates;
if (pfsyncr.pfsyncr_syncdev[0] == 0) {
sc->sc_sync_if = NULL;
+#ifdef __FreeBSD__
+ PF_UNLOCK();
+#endif
if (imo->imo_num_memberships > 0) {
in_delmulti(imo->imo_membership[
--imo->imo_num_memberships]);
@@ -1416,11 +1742,21 @@ pfsyncioctl(struct ifnet *ifp, u_long cm
break;
}
+#ifdef __FreeBSD__
+ PF_UNLOCK();
+#endif
if ((sifp = ifunit(pfsyncr.pfsyncr_syncdev)) == NULL)
return (EINVAL);
+#ifdef __FreeBSD__
+ PF_LOCK();
+#endif
s = splnet();
+#ifdef __FreeBSD__
+ if (sifp->if_mtu < sc->sc_ifp->if_mtu ||
+#else
if (sifp->if_mtu < sc->sc_if.if_mtu ||
+#endif
(sc->sc_sync_if != NULL &&
sifp->if_mtu < sc->sc_sync_if->if_mtu) ||
sifp->if_mtu < MCLBYTES - sizeof(struct ip))
@@ -1428,28 +1764,51 @@ pfsyncioctl(struct ifnet *ifp, u_long cm
sc->sc_sync_if = sifp;
if (imo->imo_num_memberships > 0) {
+#ifdef __FreeBSD__
+ PF_UNLOCK();
+#endif
in_delmulti(imo->imo_membership[--imo->imo_num_memberships]);
+#ifdef __FreeBSD__
+ PF_LOCK();
+#endif
imo->imo_multicast_ifp = NULL;
}
if (sc->sc_sync_if &&
+#ifdef __FreeBSD__
+ sc->sc_sync_peer.s_addr == htonl(INADDR_PFSYNC_GROUP)) {
+#else
sc->sc_sync_peer.s_addr == INADDR_PFSYNC_GROUP) {
+#endif
struct in_addr addr;
if (!(sc->sc_sync_if->if_flags & IFF_MULTICAST)) {
sc->sc_sync_if = NULL;
+#ifdef __FreeBSD__
+ PF_UNLOCK();
+#endif
splx(s);
return (EADDRNOTAVAIL);
}
+#ifdef __FreeBSD__
+ addr.s_addr = htonl(INADDR_PFSYNC_GROUP);
+#else
addr.s_addr = INADDR_PFSYNC_GROUP;
+#endif
+#ifdef __FreeBSD__
+ PF_UNLOCK();
+#endif
if ((imo->imo_membership[0] =
in_addmulti(&addr, sc->sc_sync_if)) == NULL) {
sc->sc_sync_if = NULL;
splx(s);
return (ENOBUFS);
}
+#ifdef __FreeBSD__
+ PF_LOCK();
+#endif
imo->imo_num_memberships++;
imo->imo_multicast_ifp = sc->sc_sync_if;
imo->imo_multicast_ttl = PFSYNC_DFLTTL;
@@ -1472,15 +1831,25 @@ pfsyncioctl(struct ifnet *ifp, u_long cm
/* Request a full state table update. */
sc->sc_ureq_sent = time_uptime;
#if NCARP > 0
+#ifdef notyet
if (pfsync_sync_ok)
carp_group_demote_adj(&sc->sc_if, 1);
#endif
+#endif
pfsync_sync_ok = 0;
if (pf_status.debug >= PF_DEBUG_MISC)
printf("pfsync: requesting bulk update\n");
+#ifdef __FreeBSD__
+ callout_reset(&sc->sc_bulkfail_tmo, 5 * hz,
+ pfsync_bulk_fail, pfsyncif);
+#else
timeout_add_sec(&sc->sc_bulkfail_tmo, 5);
+#endif
pfsync_request_update(0, 0);
}
+#ifdef __FreeBSD__
+ PF_UNLOCK();
+#endif
splx(s);
break;
@@ -1554,7 +1923,9 @@ pfsync_drop(struct pfsync_softc *sc)
{
struct pf_state *st;
struct pfsync_upd_req_item *ur;
+#ifdef notyet
struct tdb *t;
+#endif
int q;
for (q = 0; q < PFSYNC_S_COUNT; q++) {
@@ -1563,8 +1934,14 @@ pfsync_drop(struct pfsync_softc *sc)
TAILQ_FOREACH(st, &sc->sc_qs[q], sync_list) {
#ifdef PFSYNC_DEBUG
+#ifdef __FreeBSD__
+ KASSERT(st->sync_state == q,
+ ("%s: st->sync_state == q",
+ __FUNCTION__));
+#else
KASSERT(st->sync_state == q);
#endif
+#endif
st->sync_state = PFSYNC_S_NONE;
}
TAILQ_INIT(&sc->sc_qs[q]);
@@ -1577,12 +1954,14 @@ pfsync_drop(struct pfsync_softc *sc)
sc->sc_plus = NULL;
+#ifdef notyet
if (!TAILQ_EMPTY(&sc->sc_tdb_q)) {
TAILQ_FOREACH(t, &sc->sc_tdb_q, tdb_sync_entry)
CLR(t->tdb_flags, TDBF_PFSYNC);
TAILQ_INIT(&sc->sc_tdb_q);
}
+#endif
sc->sc_len = PFSYNC_MINPKT;
}
@@ -1592,20 +1971,32 @@ pfsync_sendout(void)
{
struct pfsync_softc *sc = pfsyncif;
#if NBPFILTER > 0
+#ifdef __FreeBSD__
+ struct ifnet *ifp = sc->sc_ifp;
+#else
struct ifnet *ifp = &sc->sc_if;
#endif
struct mbuf *m;
+#endif
struct ip *ip;
struct pfsync_header *ph;
struct pfsync_subheader *subh;
struct pf_state *st;
struct pfsync_upd_req_item *ur;
+#ifdef notyet
struct tdb *t;
-
+#endif
+#ifdef __FreeBSD__
+ size_t pktlen;
+#endif
int offset;
int q, count = 0;
+#ifdef __FreeBSD__
+ PF_ASSERT(MA_OWNED);
+#else
splassert(IPL_NET);
+#endif
if (sc == NULL || sc->sc_len == PFSYNC_MINPKT)
return;
@@ -1621,17 +2012,38 @@ pfsync_sendout(void)
MGETHDR(m, M_DONTWAIT, MT_DATA);
if (m == NULL) {
+#ifdef __FreeBSD__
+ sc->sc_ifp->if_oerrors++;
+#else
sc->sc_if.if_oerrors++;
+#endif
pfsyncstats.pfsyncs_onomem++;
pfsync_drop(sc);
return;
}
+#ifdef __FreeBSD__
+ pktlen = max_linkhdr + sc->sc_len;
+ if (pktlen > MHLEN) {
+ /* Find the right pool to allocate from. */
+ /* XXX: This is ugly. */
+ m_cljget(m, M_DONTWAIT, pktlen <= MSIZE ? MSIZE :
+ pktlen <= MCLBYTES ? MCLBYTES :
+#if MJUMPAGESIZE != MCLBYTES
+ pktlen <= MJUMPAGESIZE ? MJUMPAGESIZE :
+#endif
+ pktlen <= MJUM9BYTES ? MJUM9BYTES : MJUM16BYTES);
+#else
if (max_linkhdr + sc->sc_len > MHLEN) {
MCLGETI(m, M_DONTWAIT, NULL, max_linkhdr + sc->sc_len);
+#endif
if (!ISSET(m->m_flags, M_EXT)) {
m_free(m);
+#ifdef __FreeBSD__
+ sc->sc_ifp->if_oerrors++;
+#else
sc->sc_if.if_oerrors++;
+#endif
pfsyncstats.pfsyncs_onomem++;
pfsync_drop(sc);
return;
@@ -1668,8 +2080,14 @@ pfsync_sendout(void)
count = 0;
TAILQ_FOREACH(st, &sc->sc_qs[q], sync_list) {
#ifdef PFSYNC_DEBUG
+#ifdef __FreeBSD__
+ KASSERT(st->sync_state == q,
+ ("%s: st->sync_state == q",
+ __FUNCTION__));
+#else
KASSERT(st->sync_state == q);
#endif
+#endif
offset += pfsync_qs[q].write(st, m, offset);
st->sync_state = PFSYNC_S_NONE;
@@ -1712,6 +2130,7 @@ pfsync_sendout(void)
sc->sc_plus = NULL;
}
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-user
mailing list