1,2c1,2
< /* $FreeBSD: head/sys/contrib/pf/net/pf_table.c 127145 2004-03-17 21:11:02Z mlaier $ */
< /* $OpenBSD: pf_table.c,v 1.41 2003/08/22 15:19:23 henning Exp $ */
---
> /* $FreeBSD: head/sys/contrib/pf/net/pf_table.c 130613 2004-06-16 23:24:02Z mlaier $ */
> /* $OpenBSD: pf_table.c,v 1.47 2004/03/09 21:44:41 mcbride Exp $ */
63a64,112
> #ifdef __FreeBSD__
> static inline int
> _copyin(const void *uaddr, void *kaddr, size_t len)
> {
> int r;
>
> PF_UNLOCK();
> r = copyin(uaddr, kaddr, len);
> PF_LOCK();
>
> return (r);
> }
>
> static inline int
> _copyout(const void *uaddr, void *kaddr, size_t len)
> {
> int r;
>
> PF_UNLOCK();
> r = copyout(uaddr, kaddr, len);
> PF_LOCK();
>
> return (r);
> }
>
> #define COPYIN(from, to, size) \
> ((flags & PFR_FLAG_USERIOCTL) ? \
> _copyin((from), (to), (size)) : \
> (bcopy((from), (to), (size)), 0))
>
> #define COPYOUT(from, to, size) \
> ((flags & PFR_FLAG_USERIOCTL) ? \
> _copyout((from), (to), (size)) : \
> (bcopy((from), (to), (size)), 0))
>
> #else
>
> #define COPYIN(from, to, size) \
> ((flags & PFR_FLAG_USERIOCTL) ? \
> copyin((from), (to), (size)) : \
> (bcopy((from), (to), (size)), 0))
>
> #define COPYOUT(from, to, size) \
> ((flags & PFR_FLAG_USERIOCTL) ? \
> copyout((from), (to), (size)) : \
> (bcopy((from), (to), (size)), 0))
>
> #endif
>
86,87c135,136
< (struct pf_addr *)&(su)->sin.sin_addr : \
< (struct pf_addr *)&(su)->sin6.sin6_addr)
---
> (struct pf_addr *)&(su)->sin.sin_addr : \
> (struct pf_addr *)&(su)->sin6.sin6_addr)
106c155,156
< PFRW_POOL_GET
---
> PFRW_POOL_GET,
> PFRW_DYNADDR_UPDATE
112a163
> struct pfi_dynaddr *pfrw1_dyn;
114a166
> int pfrw_flags;
119a172
> #define pfrw_dyn pfrw_1.pfrw1_dyn
133c186
< union sockaddr_union pfr_mask;
---
> union sockaddr_union pfr_mask;
153c206
< void pfr_reset_feedback(struct pfr_addr *, int);
---
> void pfr_reset_feedback(struct pfr_addr *, int, int);
160c213
< int pfr_validate_table(struct pfr_table *, int);
---
> int pfr_validate_table(struct pfr_table *, int, int);
175c228
< void pfr_clean_node_mask(struct pfr_ktable *,
---
> void pfr_clean_node_mask(struct pfr_ktable *,
180c233
< struct pfr_kentry *pfr_kentry_byidx(struct pfr_ktable *, int, int);
---
> struct pfr_kentry *pfr_kentry_byidx(struct pfr_ktable *, int, int);
215c268
< if (pfr_validate_table(tbl, 0))
---
> if (pfr_validate_table(tbl, 0, flags & PFR_FLAG_USERIOCTL))
249d301
< int ec;
259c311
< if (pfr_validate_table(tbl, 0))
---
> if (pfr_validate_table(tbl, 0, flags & PFR_FLAG_USERIOCTL))
271,273c323
< #ifdef __FreeBSD__
< PF_COPYIN(addr+i, &ad, sizeof(ad), ec);
< if (ec)
---
> if (COPYIN(addr+i, &ad, sizeof(ad)))
275,278d324
< #else
< if (copyin(addr+i, &ad, sizeof(ad)))
< senderr(EFAULT);
< #endif
305d350
< #ifdef __FreeBSD__
307,308c352
< PF_COPYOUT(&ad, addr+i, sizeof(ad), ec);
< if (ec)
---
> if (COPYOUT(&ad, addr+i, sizeof(ad)))
311,315d354
< #else
< if (flags & PFR_FLAG_FEEDBACK)
< if (copyout(&ad, addr+i, sizeof(ad)))
< senderr(EFAULT);
< #endif
334c373
< pfr_reset_feedback(addr, size);
---
> pfr_reset_feedback(addr, size, flags);
348,350d386
< #ifdef __FreeBSD__
< int ec;
< #endif
353c389
< if (pfr_validate_table(tbl, 0))
---
> if (pfr_validate_table(tbl, 0, flags & PFR_FLAG_USERIOCTL))
363,365c399
< #ifdef __FreeBSD__
< PF_COPYIN(addr+i, &ad, sizeof(ad), ec);
< if (ec)
---
> if (COPYIN(addr+i, &ad, sizeof(ad)))
367,370d400
< #else
< if (copyin(addr+i, &ad, sizeof(ad)))
< senderr(EFAULT);
< #endif
390,396d419
< #ifdef __FreeBSD__
< if (flags & PFR_FLAG_FEEDBACK) {
< PF_COPYOUT(&ad, addr+i, sizeof(ad), ec);
< if (ec)
< senderr(EFAULT);
< }
< #else
398c421
< if (copyout(&ad, addr+i, sizeof(ad)))
---
> if (COPYOUT(&ad, addr+i, sizeof(ad)))
400d422
< #endif
414c436
< pfr_reset_feedback(addr, size);
---
> pfr_reset_feedback(addr, size, flags);
428d449
< int ec;
438c459
< if (pfr_validate_table(tbl, 0))
---
> if (pfr_validate_table(tbl, 0, flags & PFR_FLAG_USERIOCTL))
453,455c474
< #ifdef __FreeBSD__
< PF_COPYIN(addr+i, &ad, sizeof(ad), ec);
< if (ec)
---
> if (COPYIN(addr+i, &ad, sizeof(ad)))
457,460d475
< #else
< if (copyin(addr+i, &ad, sizeof(ad)))
< senderr(EFAULT);
< #endif
495,501d509
< #ifdef __FreeBSD__
< if (flags & PFR_FLAG_FEEDBACK) {
< PF_COPYOUT(&ad, addr+i, sizeof(ad), ec);
< if (ec)
< senderr(EFAULT);
< }
< #else
503c511
< if (copyout(&ad, addr+i, sizeof(ad)))
---
> if (COPYOUT(&ad, addr+i, sizeof(ad)))
505d512
< #endif
517,519c524
< #ifdef __FreeBSD__
< PF_COPYOUT(&ad, addr+size+i, sizeof(ad), ec);
< if (ec)
---
> if (COPYOUT(&ad, addr+size+i, sizeof(ad)))
521,524d525
< #else
< if (copyout(&ad, addr+size+i, sizeof(ad)))
< senderr(EFAULT);
< #endif
545c546
< if ((flags & PFR_FLAG_FEEDBACK) && *size2)
---
> if ((flags & PFR_FLAG_FEEDBACK) && size2)
553c554
< pfr_reset_feedback(addr, size);
---
> pfr_reset_feedback(addr, size, flags);
566,568d566
< #ifdef __FreeBSD__
< int ec;
< #endif
571c569
< if (pfr_validate_table(tbl, 0))
---
> if (pfr_validate_table(tbl, 0, 0))
578,580c576
< #ifdef __FreeBSD__
< PF_COPYIN(addr+i, &ad, sizeof(ad), ec);
< if (ec)
---
> if (COPYIN(addr+i, &ad, sizeof(ad)))
582,585d577
< #else
< if (copyin(addr+i, &ad, sizeof(ad)))
< return (EFAULT);
< #endif
597,599c589
< #ifdef __FreeBSD__
< PF_COPYOUT(&ad, addr+i, sizeof(ad), ec);
< if (ec)
---
> if (COPYOUT(&ad, addr+i, sizeof(ad)))
601,604d590
< #else
< if (copyout(&ad, addr+i, sizeof(ad)))
< return (EFAULT);
< #endif
620c606
< if (pfr_validate_table(tbl, 0))
---
> if (pfr_validate_table(tbl, 0, 0))
633a620
> w.pfrw_flags = flags;
676c663
< if (pfr_validate_table(tbl, 0))
---
> if (pfr_validate_table(tbl, 0, 0))
689a677
> w.pfrw_flags = flags;
731,733d718
< #ifdef __FreeBSD__
< int ec;
< #endif
736c721
< if (pfr_validate_table(tbl, 0))
---
> if (pfr_validate_table(tbl, 0, 0))
743,745c728
< #ifdef __FreeBSD__
< PF_COPYIN(addr+i, &ad, sizeof(ad), ec);
< if (ec)
---
> if (COPYIN(addr+i, &ad, sizeof(ad)))
747,750d729
< #else
< if (copyin(addr+i, &ad, sizeof(ad)))
< senderr(EFAULT);
< #endif
757,759c736
< #ifdef __FreeBSD__
< PF_COPYOUT(&ad, addr+i, sizeof(ad), ec);
< if (ec)
---
> if (COPYOUT(&ad, addr+i, sizeof(ad)))
761,764d737
< #else
< if (copyout(&ad, addr+i, sizeof(ad)))
< senderr(EFAULT);
< #endif
784c757
< pfr_reset_feedback(addr, size);
---
> pfr_reset_feedback(addr, size, flags);
985c958
< struct pfr_kentry *p;
---
> struct pfr_kentry *p;
987,988c960,961
< SLIST_FOREACH(p, workq, pfrke_workq)
< pfr_unroute_kentry(kt, p);
---
> SLIST_FOREACH(p, workq, pfrke_workq)
> pfr_unroute_kentry(kt, p);
1009c982
< pfr_reset_feedback(struct pfr_addr *addr, int size)
---
> pfr_reset_feedback(struct pfr_addr *addr, int size, int flags)
1013,1015d985
< #ifdef __FreeBSD__
< int ec;
< #endif
1018,1020c988
< #ifdef __FreeBSD__
< PF_COPYIN(addr+i, &ad, sizeof(ad), ec);
< if (ec)
---
> if (COPYIN(addr+i, &ad, sizeof(ad)))
1022,1025d989
< #else
< if (copyin(addr+i, &ad, sizeof(ad)))
< break;
< #endif
1027,1029c991
< #ifdef __FreeBSD__
< PF_COPYOUT(&ad, addr+i, sizeof(ad), ec);
< if (ec)
---
> if (COPYOUT(&ad, addr+i, sizeof(ad)))
1031,1034d992
< #else
< if (copyout(&ad, addr+i, sizeof(ad)))
< break;
< #endif
1148,1151c1106
< int s;
< #ifdef __FreeBSD__
< int ec;
< #endif
---
> int s, flags = w->pfrw_flags;
1160c1115
< /* fall trough */
---
> /* FALLTHROUGH */
1170,1174d1124
< #ifdef __FreeBSD__
< PF_COPYOUT(&ad, w->pfrw_addr, sizeof(ad), ec);
< if (ec)
< return (EFAULT);
< #else
1177d1126
< #endif
1195,1197c1144
< #ifdef __FreeBSD__
< PF_COPYOUT(&as, w->pfrw_astats, sizeof(as), ec);
< if (ec)
---
> if (COPYOUT(&as, w->pfrw_astats, sizeof(as)))
1199,1202d1145
< #else
< if (copyout(&as, w->pfrw_astats, sizeof(as)))
< return (EFAULT);
< #endif
1213a1157,1175
> case PFRW_DYNADDR_UPDATE:
> if (ke->pfrke_af == AF_INET) {
> if (w->pfrw_dyn->pfid_acnt4++ > 0)
> break;
> pfr_prepare_network(&pfr_mask, AF_INET, ke->pfrke_net);
> w->pfrw_dyn->pfid_addr4 = *SUNION2PF(
> &ke->pfrke_sa, AF_INET);
> w->pfrw_dyn->pfid_mask4 = *SUNION2PF(
> &pfr_mask, AF_INET);
> } else {
> if (w->pfrw_dyn->pfid_acnt6++ > 0)
> break;
> pfr_prepare_network(&pfr_mask, AF_INET6, ke->pfrke_net);
> w->pfrw_dyn->pfid_addr6 = *SUNION2PF(
> &ke->pfrke_sa, AF_INET6);
> w->pfrw_dyn->pfid_mask6 = *SUNION2PF(
> &pfr_mask, AF_INET6);
> }
> break;
1232a1195,1196
> if (!strcmp(p->pfrkt_anchor, PF_RESERVED_ANCHOR))
> continue;
1258d1221
< int ec;
1271,1273c1234
< #ifdef __FreeBSD__
< PF_COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t), ec);
< if (ec)
---
> if (COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t)))
1275,1279c1236,1237
< #else
< if (copyin(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t)))
< senderr(EFAULT);
< #endif
< if (pfr_validate_table(&key.pfrkt_t, PFR_TFLAG_USRMASK))
---
> if (pfr_validate_table(&key.pfrkt_t, PFR_TFLAG_USRMASK,
> flags & PFR_FLAG_USERIOCTL))
1351,1353d1308
< #ifdef __FreeBSD__
< int ec;
< #endif
1358,1360c1313
< #ifdef __FreeBSD__
< PF_COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t), ec);
< if (ec)
---
> if (COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t)))
1362,1366c1315,1316
< #else
< if (copyin(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t)))
< return (EFAULT);
< #endif
< if (pfr_validate_table(&key.pfrkt_t, 0))
---
> if (pfr_validate_table(&key.pfrkt_t, 0,
> flags & PFR_FLAG_USERIOCTL))
1399,1401d1348
< #ifdef __FreeBSD__
< int ec;
< #endif
1416,1418c1363
< #ifdef __FreeBSD__
< PF_COPYOUT(&p->pfrkt_t, tbl++, sizeof(*tbl), ec);
< if (ec)
---
> if (COPYOUT(&p->pfrkt_t, tbl++, sizeof(*tbl)))
1420,1423d1364
< #else
< if (copyout(&p->pfrkt_t, tbl++, sizeof(*tbl)))
< return (EFAULT);
< #endif
1441d1381
< int ec;
1469,1471c1409
< #ifdef __FreeBSD__
< PF_COPYOUT(&p->pfrkt_ts, tbl++, sizeof(*tbl), ec);
< if (ec) {
---
> if (COPYOUT(&p->pfrkt_ts, tbl++, sizeof(*tbl))) {
1475,1480d1412
< #else
< if (copyout(&p->pfrkt_ts, tbl++, sizeof(*tbl))) {
< splx(s);
< return (EFAULT);
< }
< #endif
1505d1436
< int ec;
1517,1519c1448
< #ifdef __FreeBSD__
< PF_COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t), ec);
< if (ec)
---
> if (COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t)))
1521,1525c1450
< #else
< if (copyin(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t)))
< return (EFAULT);
< #endif
< if (pfr_validate_table(&key.pfrkt_t, 0))
---
> if (pfr_validate_table(&key.pfrkt_t, 0, 0))
1552,1554d1476
< #ifdef __FreeBSD__
< int ec;
< #endif
1563,1565c1485
< #ifdef __FreeBSD__
< PF_COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t), ec);
< if (ec)
---
> if (COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t)))
1567,1571c1487,1488
< #else
< if (copyin(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t)))
< return (EFAULT);
< #endif
< if (pfr_validate_table(&key.pfrkt_t, 0))
---
> if (pfr_validate_table(&key.pfrkt_t, 0,
> flags & PFR_FLAG_USERIOCTL))
1651,1653d1567
< #ifdef __FreeBSD__
< int ec;
< #endif
1658c1572,1573
< if (pfr_validate_table(tbl, PFR_TFLAG_USRMASK))
---
> if (pfr_validate_table(tbl, PFR_TFLAG_USRMASK,
> flags & PFR_FLAG_USERIOCTL))
1700,1702c1615
< #ifdef __FreeBSD__
< PF_COPYIN(addr+i, &ad, sizeof(ad), ec);
< if (ec)
---
> if (COPYIN(addr+i, &ad, sizeof(ad)))
1704,1707d1616
< #else
< if (copyin(addr+i, &ad, sizeof(ad)))
< senderr(EFAULT);
< #endif
1748a1658,1688
> pfr_ina_rollback(struct pfr_table *trs, u_int32_t ticket, int *ndel, int flags)
> {
> struct pfr_ktableworkq workq;
> struct pfr_ktable *p;
> struct pf_ruleset *rs;
> int xdel = 0;
>
> ACCEPT_FLAGS(PFR_FLAG_DUMMY);
> rs = pf_find_ruleset(trs->pfrt_anchor, trs->pfrt_ruleset);
> if (rs == NULL || !rs->topen || ticket != rs->tticket)
> return (0);
> SLIST_INIT(&workq);
> RB_FOREACH(p, pfr_ktablehead, &pfr_ktables) {
> if (!(p->pfrkt_flags & PFR_TFLAG_INACTIVE) ||
> pfr_skip_table(trs, p, 0))
> continue;
> p->pfrkt_nflags = p->pfrkt_flags & ~PFR_TFLAG_INACTIVE;
> SLIST_INSERT_HEAD(&workq, p, pfrkt_workq);
> xdel++;
> }
> if (!(flags & PFR_FLAG_DUMMY)) {
> pfr_setflags_ktables(&workq);
> rs->topen = 0;
> pf_remove_if_empty_ruleset(rs);
> }
> if (ndel != NULL)
> *ndel = xdel;
> return (0);
> }
>
> int
1860c1800
< pfr_validate_table(struct pfr_table *tbl, int allowedflags)
---
> pfr_validate_table(struct pfr_table *tbl, int allowedflags, int no_reserved)
1865a1806,1807
> if (no_reserved && !strcmp(tbl->pfrt_anchor, PF_RESERVED_ANCHOR))
> return (-1);
2094,2095c2036,2037
< return strncmp(p->pfrkt_ruleset, q->pfrkt_ruleset,
< PF_RULESET_NAME_SIZE);
---
> return (strncmp(p->pfrkt_ruleset, q->pfrkt_ruleset,
> PF_RULESET_NAME_SIZE));
2102c2044,2045
< return RB_FIND(pfr_ktablehead, &pfr_ktables, (struct pfr_ktable *)tbl);
---
> return (RB_FIND(pfr_ktablehead, &pfr_ktables,
> (struct pfr_ktable *)tbl));
2114c2057
< return 0;
---
> return (0);
2219c2162
< return kt;
---
> return (kt);
2286c2229
< ke2 = (struct pfr_kentry *)(af == AF_INET ?
---
> ke2 = (struct pfr_kentry *)(af == AF_INET ?
2316,2318c2259,2261
< bzero(&w, sizeof(w));
< w.pfrw_op = PFRW_POOL_GET;
< w.pfrw_cnt = idx;
---
> bzero(&w, sizeof(w));
> w.pfrw_op = PFRW_POOL_GET;
> w.pfrw_cnt = idx;
2320c2263
< switch(af) {
---
> switch (af) {
2327c2270
< return w.pfrw_kentry;
---
> return (w.pfrw_kentry);
2334c2277
< return w.pfrw_kentry;
---
> return (w.pfrw_kentry);
2336c2279
< return NULL;
---
> return (NULL);
2338a2282,2309
>
> void
> pfr_dynaddr_update(struct pfr_ktable *kt, struct pfi_dynaddr *dyn)
> {
> struct pfr_walktree w;
> int s;
>
> bzero(&w, sizeof(w));
> w.pfrw_op = PFRW_DYNADDR_UPDATE;
> w.pfrw_dyn = dyn;
>
> s = splsoftnet();
> dyn->pfid_acnt4 = 0;
> dyn->pfid_acnt6 = 0;
> if (!dyn->pfid_af || dyn->pfid_af == AF_INET)
> #ifdef __FreeBSD__
> kt->pfrkt_ip4->rnh_walktree(kt->pfrkt_ip4, pfr_walktree, &w);
> #else
> rn_walktree(kt->pfrkt_ip4, pfr_walktree, &w);
> #endif
> if (!dyn->pfid_af || dyn->pfid_af == AF_INET6)
> #ifdef __FreeBSD__
> kt->pfrkt_ip6->rnh_walktree(kt->pfrkt_ip6, pfr_walktree, &w);
> #else
> rn_walktree(kt->pfrkt_ip6, pfr_walktree, &w);
> #endif
> splx(s);
> }
< /* $FreeBSD: head/sys/contrib/pf/net/pf_table.c 127145 2004-03-17 21:11:02Z mlaier $ */
< /* $OpenBSD: pf_table.c,v 1.41 2003/08/22 15:19:23 henning Exp $ */
---
> /* $FreeBSD: head/sys/contrib/pf/net/pf_table.c 130613 2004-06-16 23:24:02Z mlaier $ */
> /* $OpenBSD: pf_table.c,v 1.47 2004/03/09 21:44:41 mcbride Exp $ */
63a64,112
> #ifdef __FreeBSD__
> static inline int
> _copyin(const void *uaddr, void *kaddr, size_t len)
> {
> int r;
>
> PF_UNLOCK();
> r = copyin(uaddr, kaddr, len);
> PF_LOCK();
>
> return (r);
> }
>
> static inline int
> _copyout(const void *uaddr, void *kaddr, size_t len)
> {
> int r;
>
> PF_UNLOCK();
> r = copyout(uaddr, kaddr, len);
> PF_LOCK();
>
> return (r);
> }
>
> #define COPYIN(from, to, size) \
> ((flags & PFR_FLAG_USERIOCTL) ? \
> _copyin((from), (to), (size)) : \
> (bcopy((from), (to), (size)), 0))
>
> #define COPYOUT(from, to, size) \
> ((flags & PFR_FLAG_USERIOCTL) ? \
> _copyout((from), (to), (size)) : \
> (bcopy((from), (to), (size)), 0))
>
> #else
>
> #define COPYIN(from, to, size) \
> ((flags & PFR_FLAG_USERIOCTL) ? \
> copyin((from), (to), (size)) : \
> (bcopy((from), (to), (size)), 0))
>
> #define COPYOUT(from, to, size) \
> ((flags & PFR_FLAG_USERIOCTL) ? \
> copyout((from), (to), (size)) : \
> (bcopy((from), (to), (size)), 0))
>
> #endif
>
86,87c135,136
< (struct pf_addr *)&(su)->sin.sin_addr : \
< (struct pf_addr *)&(su)->sin6.sin6_addr)
---
> (struct pf_addr *)&(su)->sin.sin_addr : \
> (struct pf_addr *)&(su)->sin6.sin6_addr)
106c155,156
< PFRW_POOL_GET
---
> PFRW_POOL_GET,
> PFRW_DYNADDR_UPDATE
112a163
> struct pfi_dynaddr *pfrw1_dyn;
114a166
> int pfrw_flags;
119a172
> #define pfrw_dyn pfrw_1.pfrw1_dyn
133c186
< union sockaddr_union pfr_mask;
---
> union sockaddr_union pfr_mask;
153c206
< void pfr_reset_feedback(struct pfr_addr *, int);
---
> void pfr_reset_feedback(struct pfr_addr *, int, int);
160c213
< int pfr_validate_table(struct pfr_table *, int);
---
> int pfr_validate_table(struct pfr_table *, int, int);
175c228
< void pfr_clean_node_mask(struct pfr_ktable *,
---
> void pfr_clean_node_mask(struct pfr_ktable *,
180c233
< struct pfr_kentry *pfr_kentry_byidx(struct pfr_ktable *, int, int);
---
> struct pfr_kentry *pfr_kentry_byidx(struct pfr_ktable *, int, int);
215c268
< if (pfr_validate_table(tbl, 0))
---
> if (pfr_validate_table(tbl, 0, flags & PFR_FLAG_USERIOCTL))
249d301
< int ec;
259c311
< if (pfr_validate_table(tbl, 0))
---
> if (pfr_validate_table(tbl, 0, flags & PFR_FLAG_USERIOCTL))
271,273c323
< #ifdef __FreeBSD__
< PF_COPYIN(addr+i, &ad, sizeof(ad), ec);
< if (ec)
---
> if (COPYIN(addr+i, &ad, sizeof(ad)))
275,278d324
< #else
< if (copyin(addr+i, &ad, sizeof(ad)))
< senderr(EFAULT);
< #endif
305d350
< #ifdef __FreeBSD__
307,308c352
< PF_COPYOUT(&ad, addr+i, sizeof(ad), ec);
< if (ec)
---
> if (COPYOUT(&ad, addr+i, sizeof(ad)))
311,315d354
< #else
< if (flags & PFR_FLAG_FEEDBACK)
< if (copyout(&ad, addr+i, sizeof(ad)))
< senderr(EFAULT);
< #endif
334c373
< pfr_reset_feedback(addr, size);
---
> pfr_reset_feedback(addr, size, flags);
348,350d386
< #ifdef __FreeBSD__
< int ec;
< #endif
353c389
< if (pfr_validate_table(tbl, 0))
---
> if (pfr_validate_table(tbl, 0, flags & PFR_FLAG_USERIOCTL))
363,365c399
< #ifdef __FreeBSD__
< PF_COPYIN(addr+i, &ad, sizeof(ad), ec);
< if (ec)
---
> if (COPYIN(addr+i, &ad, sizeof(ad)))
367,370d400
< #else
< if (copyin(addr+i, &ad, sizeof(ad)))
< senderr(EFAULT);
< #endif
390,396d419
< #ifdef __FreeBSD__
< if (flags & PFR_FLAG_FEEDBACK) {
< PF_COPYOUT(&ad, addr+i, sizeof(ad), ec);
< if (ec)
< senderr(EFAULT);
< }
< #else
398c421
< if (copyout(&ad, addr+i, sizeof(ad)))
---
> if (COPYOUT(&ad, addr+i, sizeof(ad)))
400d422
< #endif
414c436
< pfr_reset_feedback(addr, size);
---
> pfr_reset_feedback(addr, size, flags);
428d449
< int ec;
438c459
< if (pfr_validate_table(tbl, 0))
---
> if (pfr_validate_table(tbl, 0, flags & PFR_FLAG_USERIOCTL))
453,455c474
< #ifdef __FreeBSD__
< PF_COPYIN(addr+i, &ad, sizeof(ad), ec);
< if (ec)
---
> if (COPYIN(addr+i, &ad, sizeof(ad)))
457,460d475
< #else
< if (copyin(addr+i, &ad, sizeof(ad)))
< senderr(EFAULT);
< #endif
495,501d509
< #ifdef __FreeBSD__
< if (flags & PFR_FLAG_FEEDBACK) {
< PF_COPYOUT(&ad, addr+i, sizeof(ad), ec);
< if (ec)
< senderr(EFAULT);
< }
< #else
503c511
< if (copyout(&ad, addr+i, sizeof(ad)))
---
> if (COPYOUT(&ad, addr+i, sizeof(ad)))
505d512
< #endif
517,519c524
< #ifdef __FreeBSD__
< PF_COPYOUT(&ad, addr+size+i, sizeof(ad), ec);
< if (ec)
---
> if (COPYOUT(&ad, addr+size+i, sizeof(ad)))
521,524d525
< #else
< if (copyout(&ad, addr+size+i, sizeof(ad)))
< senderr(EFAULT);
< #endif
545c546
< if ((flags & PFR_FLAG_FEEDBACK) && *size2)
---
> if ((flags & PFR_FLAG_FEEDBACK) && size2)
553c554
< pfr_reset_feedback(addr, size);
---
> pfr_reset_feedback(addr, size, flags);
566,568d566
< #ifdef __FreeBSD__
< int ec;
< #endif
571c569
< if (pfr_validate_table(tbl, 0))
---
> if (pfr_validate_table(tbl, 0, 0))
578,580c576
< #ifdef __FreeBSD__
< PF_COPYIN(addr+i, &ad, sizeof(ad), ec);
< if (ec)
---
> if (COPYIN(addr+i, &ad, sizeof(ad)))
582,585d577
< #else
< if (copyin(addr+i, &ad, sizeof(ad)))
< return (EFAULT);
< #endif
597,599c589
< #ifdef __FreeBSD__
< PF_COPYOUT(&ad, addr+i, sizeof(ad), ec);
< if (ec)
---
> if (COPYOUT(&ad, addr+i, sizeof(ad)))
601,604d590
< #else
< if (copyout(&ad, addr+i, sizeof(ad)))
< return (EFAULT);
< #endif
620c606
< if (pfr_validate_table(tbl, 0))
---
> if (pfr_validate_table(tbl, 0, 0))
633a620
> w.pfrw_flags = flags;
676c663
< if (pfr_validate_table(tbl, 0))
---
> if (pfr_validate_table(tbl, 0, 0))
689a677
> w.pfrw_flags = flags;
731,733d718
< #ifdef __FreeBSD__
< int ec;
< #endif
736c721
< if (pfr_validate_table(tbl, 0))
---
> if (pfr_validate_table(tbl, 0, 0))
743,745c728
< #ifdef __FreeBSD__
< PF_COPYIN(addr+i, &ad, sizeof(ad), ec);
< if (ec)
---
> if (COPYIN(addr+i, &ad, sizeof(ad)))
747,750d729
< #else
< if (copyin(addr+i, &ad, sizeof(ad)))
< senderr(EFAULT);
< #endif
757,759c736
< #ifdef __FreeBSD__
< PF_COPYOUT(&ad, addr+i, sizeof(ad), ec);
< if (ec)
---
> if (COPYOUT(&ad, addr+i, sizeof(ad)))
761,764d737
< #else
< if (copyout(&ad, addr+i, sizeof(ad)))
< senderr(EFAULT);
< #endif
784c757
< pfr_reset_feedback(addr, size);
---
> pfr_reset_feedback(addr, size, flags);
985c958
< struct pfr_kentry *p;
---
> struct pfr_kentry *p;
987,988c960,961
< SLIST_FOREACH(p, workq, pfrke_workq)
< pfr_unroute_kentry(kt, p);
---
> SLIST_FOREACH(p, workq, pfrke_workq)
> pfr_unroute_kentry(kt, p);
1009c982
< pfr_reset_feedback(struct pfr_addr *addr, int size)
---
> pfr_reset_feedback(struct pfr_addr *addr, int size, int flags)
1013,1015d985
< #ifdef __FreeBSD__
< int ec;
< #endif
1018,1020c988
< #ifdef __FreeBSD__
< PF_COPYIN(addr+i, &ad, sizeof(ad), ec);
< if (ec)
---
> if (COPYIN(addr+i, &ad, sizeof(ad)))
1022,1025d989
< #else
< if (copyin(addr+i, &ad, sizeof(ad)))
< break;
< #endif
1027,1029c991
< #ifdef __FreeBSD__
< PF_COPYOUT(&ad, addr+i, sizeof(ad), ec);
< if (ec)
---
> if (COPYOUT(&ad, addr+i, sizeof(ad)))
1031,1034d992
< #else
< if (copyout(&ad, addr+i, sizeof(ad)))
< break;
< #endif
1148,1151c1106
< int s;
< #ifdef __FreeBSD__
< int ec;
< #endif
---
> int s, flags = w->pfrw_flags;
1160c1115
< /* fall trough */
---
> /* FALLTHROUGH */
1170,1174d1124
< #ifdef __FreeBSD__
< PF_COPYOUT(&ad, w->pfrw_addr, sizeof(ad), ec);
< if (ec)
< return (EFAULT);
< #else
1177d1126
< #endif
1195,1197c1144
< #ifdef __FreeBSD__
< PF_COPYOUT(&as, w->pfrw_astats, sizeof(as), ec);
< if (ec)
---
> if (COPYOUT(&as, w->pfrw_astats, sizeof(as)))
1199,1202d1145
< #else
< if (copyout(&as, w->pfrw_astats, sizeof(as)))
< return (EFAULT);
< #endif
1213a1157,1175
> case PFRW_DYNADDR_UPDATE:
> if (ke->pfrke_af == AF_INET) {
> if (w->pfrw_dyn->pfid_acnt4++ > 0)
> break;
> pfr_prepare_network(&pfr_mask, AF_INET, ke->pfrke_net);
> w->pfrw_dyn->pfid_addr4 = *SUNION2PF(
> &ke->pfrke_sa, AF_INET);
> w->pfrw_dyn->pfid_mask4 = *SUNION2PF(
> &pfr_mask, AF_INET);
> } else {
> if (w->pfrw_dyn->pfid_acnt6++ > 0)
> break;
> pfr_prepare_network(&pfr_mask, AF_INET6, ke->pfrke_net);
> w->pfrw_dyn->pfid_addr6 = *SUNION2PF(
> &ke->pfrke_sa, AF_INET6);
> w->pfrw_dyn->pfid_mask6 = *SUNION2PF(
> &pfr_mask, AF_INET6);
> }
> break;
1232a1195,1196
> if (!strcmp(p->pfrkt_anchor, PF_RESERVED_ANCHOR))
> continue;
1258d1221
< int ec;
1271,1273c1234
< #ifdef __FreeBSD__
< PF_COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t), ec);
< if (ec)
---
> if (COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t)))
1275,1279c1236,1237
< #else
< if (copyin(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t)))
< senderr(EFAULT);
< #endif
< if (pfr_validate_table(&key.pfrkt_t, PFR_TFLAG_USRMASK))
---
> if (pfr_validate_table(&key.pfrkt_t, PFR_TFLAG_USRMASK,
> flags & PFR_FLAG_USERIOCTL))
1351,1353d1308
< #ifdef __FreeBSD__
< int ec;
< #endif
1358,1360c1313
< #ifdef __FreeBSD__
< PF_COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t), ec);
< if (ec)
---
> if (COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t)))
1362,1366c1315,1316
< #else
< if (copyin(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t)))
< return (EFAULT);
< #endif
< if (pfr_validate_table(&key.pfrkt_t, 0))
---
> if (pfr_validate_table(&key.pfrkt_t, 0,
> flags & PFR_FLAG_USERIOCTL))
1399,1401d1348
< #ifdef __FreeBSD__
< int ec;
< #endif
1416,1418c1363
< #ifdef __FreeBSD__
< PF_COPYOUT(&p->pfrkt_t, tbl++, sizeof(*tbl), ec);
< if (ec)
---
> if (COPYOUT(&p->pfrkt_t, tbl++, sizeof(*tbl)))
1420,1423d1364
< #else
< if (copyout(&p->pfrkt_t, tbl++, sizeof(*tbl)))
< return (EFAULT);
< #endif
1441d1381
< int ec;
1469,1471c1409
< #ifdef __FreeBSD__
< PF_COPYOUT(&p->pfrkt_ts, tbl++, sizeof(*tbl), ec);
< if (ec) {
---
> if (COPYOUT(&p->pfrkt_ts, tbl++, sizeof(*tbl))) {
1475,1480d1412
< #else
< if (copyout(&p->pfrkt_ts, tbl++, sizeof(*tbl))) {
< splx(s);
< return (EFAULT);
< }
< #endif
1505d1436
< int ec;
1517,1519c1448
< #ifdef __FreeBSD__
< PF_COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t), ec);
< if (ec)
---
> if (COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t)))
1521,1525c1450
< #else
< if (copyin(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t)))
< return (EFAULT);
< #endif
< if (pfr_validate_table(&key.pfrkt_t, 0))
---
> if (pfr_validate_table(&key.pfrkt_t, 0, 0))
1552,1554d1476
< #ifdef __FreeBSD__
< int ec;
< #endif
1563,1565c1485
< #ifdef __FreeBSD__
< PF_COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t), ec);
< if (ec)
---
> if (COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t)))
1567,1571c1487,1488
< #else
< if (copyin(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t)))
< return (EFAULT);
< #endif
< if (pfr_validate_table(&key.pfrkt_t, 0))
---
> if (pfr_validate_table(&key.pfrkt_t, 0,
> flags & PFR_FLAG_USERIOCTL))
1651,1653d1567
< #ifdef __FreeBSD__
< int ec;
< #endif
1658c1572,1573
< if (pfr_validate_table(tbl, PFR_TFLAG_USRMASK))
---
> if (pfr_validate_table(tbl, PFR_TFLAG_USRMASK,
> flags & PFR_FLAG_USERIOCTL))
1700,1702c1615
< #ifdef __FreeBSD__
< PF_COPYIN(addr+i, &ad, sizeof(ad), ec);
< if (ec)
---
> if (COPYIN(addr+i, &ad, sizeof(ad)))
1704,1707d1616
< #else
< if (copyin(addr+i, &ad, sizeof(ad)))
< senderr(EFAULT);
< #endif
1748a1658,1688
> pfr_ina_rollback(struct pfr_table *trs, u_int32_t ticket, int *ndel, int flags)
> {
> struct pfr_ktableworkq workq;
> struct pfr_ktable *p;
> struct pf_ruleset *rs;
> int xdel = 0;
>
> ACCEPT_FLAGS(PFR_FLAG_DUMMY);
> rs = pf_find_ruleset(trs->pfrt_anchor, trs->pfrt_ruleset);
> if (rs == NULL || !rs->topen || ticket != rs->tticket)
> return (0);
> SLIST_INIT(&workq);
> RB_FOREACH(p, pfr_ktablehead, &pfr_ktables) {
> if (!(p->pfrkt_flags & PFR_TFLAG_INACTIVE) ||
> pfr_skip_table(trs, p, 0))
> continue;
> p->pfrkt_nflags = p->pfrkt_flags & ~PFR_TFLAG_INACTIVE;
> SLIST_INSERT_HEAD(&workq, p, pfrkt_workq);
> xdel++;
> }
> if (!(flags & PFR_FLAG_DUMMY)) {
> pfr_setflags_ktables(&workq);
> rs->topen = 0;
> pf_remove_if_empty_ruleset(rs);
> }
> if (ndel != NULL)
> *ndel = xdel;
> return (0);
> }
>
> int
1860c1800
< pfr_validate_table(struct pfr_table *tbl, int allowedflags)
---
> pfr_validate_table(struct pfr_table *tbl, int allowedflags, int no_reserved)
1865a1806,1807
> if (no_reserved && !strcmp(tbl->pfrt_anchor, PF_RESERVED_ANCHOR))
> return (-1);
2094,2095c2036,2037
< return strncmp(p->pfrkt_ruleset, q->pfrkt_ruleset,
< PF_RULESET_NAME_SIZE);
---
> return (strncmp(p->pfrkt_ruleset, q->pfrkt_ruleset,
> PF_RULESET_NAME_SIZE));
2102c2044,2045
< return RB_FIND(pfr_ktablehead, &pfr_ktables, (struct pfr_ktable *)tbl);
---
> return (RB_FIND(pfr_ktablehead, &pfr_ktables,
> (struct pfr_ktable *)tbl));
2114c2057
< return 0;
---
> return (0);
2219c2162
< return kt;
---
> return (kt);
2286c2229
< ke2 = (struct pfr_kentry *)(af == AF_INET ?
---
> ke2 = (struct pfr_kentry *)(af == AF_INET ?
2316,2318c2259,2261
< bzero(&w, sizeof(w));
< w.pfrw_op = PFRW_POOL_GET;
< w.pfrw_cnt = idx;
---
> bzero(&w, sizeof(w));
> w.pfrw_op = PFRW_POOL_GET;
> w.pfrw_cnt = idx;
2320c2263
< switch(af) {
---
> switch (af) {
2327c2270
< return w.pfrw_kentry;
---
> return (w.pfrw_kentry);
2334c2277
< return w.pfrw_kentry;
---
> return (w.pfrw_kentry);
2336c2279
< return NULL;
---
> return (NULL);
2338a2282,2309
>
> void
> pfr_dynaddr_update(struct pfr_ktable *kt, struct pfi_dynaddr *dyn)
> {
> struct pfr_walktree w;
> int s;
>
> bzero(&w, sizeof(w));
> w.pfrw_op = PFRW_DYNADDR_UPDATE;
> w.pfrw_dyn = dyn;
>
> s = splsoftnet();
> dyn->pfid_acnt4 = 0;
> dyn->pfid_acnt6 = 0;
> if (!dyn->pfid_af || dyn->pfid_af == AF_INET)
> #ifdef __FreeBSD__
> kt->pfrkt_ip4->rnh_walktree(kt->pfrkt_ip4, pfr_walktree, &w);
> #else
> rn_walktree(kt->pfrkt_ip4, pfr_walktree, &w);
> #endif
> if (!dyn->pfid_af || dyn->pfid_af == AF_INET6)
> #ifdef __FreeBSD__
> kt->pfrkt_ip6->rnh_walktree(kt->pfrkt_ip6, pfr_walktree, &w);
> #else
> rn_walktree(kt->pfrkt_ip6, pfr_walktree, &w);
> #endif
> splx(s);
> }