| pf_table.c (126259) | pf_table.c (126261) |
|---|---|
| 1/* $FreeBSD: head/sys/contrib/pf/net/pf_table.c 126261 2004-02-26 02:34:12Z mlaier $ */ |
|
| 1/* $OpenBSD: pf_table.c,v 1.41 2003/08/22 15:19:23 henning Exp $ */ 2 3/* 4 * Copyright (c) 2002 Cedric Berger 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions --- 16 unchanged lines hidden (view full) --- 25 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 26 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 28 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 * 31 */ 32 | 2/* $OpenBSD: pf_table.c,v 1.41 2003/08/22 15:19:23 henning Exp $ */ 3 4/* 5 * Copyright (c) 2002 Cedric Berger 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions --- 16 unchanged lines hidden (view full) --- 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 29 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 * 32 */ 33 |
| 34#if defined(__FreeBSD__) 35#include "opt_inet.h" 36#include "opt_inet6.h" 37#endif 38 |
|
| 33#include <sys/param.h> 34#include <sys/systm.h> 35#include <sys/socket.h> 36#include <sys/mbuf.h> 37#include <sys/kernel.h> | 39#include <sys/param.h> 40#include <sys/systm.h> 41#include <sys/socket.h> 42#include <sys/mbuf.h> 43#include <sys/kernel.h> |
| 44#if defined(__FreeBSD__) 45#include <sys/malloc.h> 46#endif |
|
| 38 39#include <net/if.h> 40#include <net/route.h> 41#include <netinet/in.h> | 47 48#include <net/if.h> 49#include <net/route.h> 50#include <netinet/in.h> |
| 51#if !defined(__FreeBSD__) |
|
| 42#include <netinet/ip_ipsp.h> | 52#include <netinet/ip_ipsp.h> |
| 53#endif 54 |
|
| 43#include <net/pfvar.h> 44 | 55#include <net/pfvar.h> 56 |
| 57#if defined(FreeBSD__) 58MALLOC_DECLARE(M_RTABLE); 59#endif 60 |
|
| 45#define ACCEPT_FLAGS(oklist) \ 46 do { \ 47 if ((flags & ~(oklist)) & \ 48 PFR_FLAG_ALLMASK) \ 49 return (EINVAL); \ 50 } while (0) 51 52#define FILLIN_SIN(sin, addr) \ --- 51 unchanged lines hidden (view full) --- 104#define pfrw_addr pfrw_1.pfrw1_addr 105#define pfrw_astats pfrw_1.pfrw1_astats 106#define pfrw_workq pfrw_1.pfrw1_workq 107#define pfrw_kentry pfrw_1.pfrw1_kentry 108#define pfrw_cnt pfrw_free 109 110#define senderr(e) do { rv = (e); goto _bad; } while (0) 111 | 61#define ACCEPT_FLAGS(oklist) \ 62 do { \ 63 if ((flags & ~(oklist)) & \ 64 PFR_FLAG_ALLMASK) \ 65 return (EINVAL); \ 66 } while (0) 67 68#define FILLIN_SIN(sin, addr) \ --- 51 unchanged lines hidden (view full) --- 120#define pfrw_addr pfrw_1.pfrw1_addr 121#define pfrw_astats pfrw_1.pfrw1_astats 122#define pfrw_workq pfrw_1.pfrw1_workq 123#define pfrw_kentry pfrw_1.pfrw1_kentry 124#define pfrw_cnt pfrw_free 125 126#define senderr(e) do { rv = (e); goto _bad; } while (0) 127 |
| 128#if defined(__FreeBSD__) 129uma_zone_t pfr_ktable_pl; 130uma_zone_t pfr_kentry_pl; 131#else |
|
| 112struct pool pfr_ktable_pl; 113struct pool pfr_kentry_pl; | 132struct pool pfr_ktable_pl; 133struct pool pfr_kentry_pl; |
| 134#endif |
|
| 114struct sockaddr_in pfr_sin; 115struct sockaddr_in6 pfr_sin6; 116union sockaddr_union pfr_mask; 117struct pf_addr pfr_ffaddr; 118 119void pfr_copyout_addr(struct pfr_addr *, 120 struct pfr_kentry *ke); 121int pfr_validate_addr(struct pfr_addr *); --- 28 unchanged lines hidden (view full) --- 150 int); 151void pfr_clstats_ktable(struct pfr_ktable *, long, int); 152struct pfr_ktable *pfr_create_ktable(struct pfr_table *, long, int); 153void pfr_destroy_ktables(struct pfr_ktableworkq *, int); 154void pfr_destroy_ktable(struct pfr_ktable *, int); 155int pfr_ktable_compare(struct pfr_ktable *, 156 struct pfr_ktable *); 157struct pfr_ktable *pfr_lookup_table(struct pfr_table *); | 135struct sockaddr_in pfr_sin; 136struct sockaddr_in6 pfr_sin6; 137union sockaddr_union pfr_mask; 138struct pf_addr pfr_ffaddr; 139 140void pfr_copyout_addr(struct pfr_addr *, 141 struct pfr_kentry *ke); 142int pfr_validate_addr(struct pfr_addr *); --- 28 unchanged lines hidden (view full) --- 171 int); 172void pfr_clstats_ktable(struct pfr_ktable *, long, int); 173struct pfr_ktable *pfr_create_ktable(struct pfr_table *, long, int); 174void pfr_destroy_ktables(struct pfr_ktableworkq *, int); 175void pfr_destroy_ktable(struct pfr_ktable *, int); 176int pfr_ktable_compare(struct pfr_ktable *, 177 struct pfr_ktable *); 178struct pfr_ktable *pfr_lookup_table(struct pfr_table *); |
| 158void pfr_clean_node_mask(struct pfr_ktable *, | 179void pfr_clean_node_mask(struct pfr_ktable *, |
| 159 struct pfr_kentryworkq *); 160int pfr_table_count(struct pfr_table *, int); 161int pfr_skip_table(struct pfr_table *, 162 struct pfr_ktable *, int); 163struct pfr_kentry *pfr_kentry_byidx(struct pfr_ktable *, int, int); 164 165RB_PROTOTYPE(pfr_ktablehead, pfr_ktable, pfrkt_tree, pfr_ktable_compare); 166RB_GENERATE(pfr_ktablehead, pfr_ktable, pfrkt_tree, pfr_ktable_compare); 167 168struct pfr_ktablehead pfr_ktables; 169struct pfr_table pfr_nulltable; 170int pfr_ktable_cnt; 171 172void 173pfr_initialize(void) 174{ | 180 struct pfr_kentryworkq *); 181int pfr_table_count(struct pfr_table *, int); 182int pfr_skip_table(struct pfr_table *, 183 struct pfr_ktable *, int); 184struct pfr_kentry *pfr_kentry_byidx(struct pfr_ktable *, int, int); 185 186RB_PROTOTYPE(pfr_ktablehead, pfr_ktable, pfrkt_tree, pfr_ktable_compare); 187RB_GENERATE(pfr_ktablehead, pfr_ktable, pfrkt_tree, pfr_ktable_compare); 188 189struct pfr_ktablehead pfr_ktables; 190struct pfr_table pfr_nulltable; 191int pfr_ktable_cnt; 192 193void 194pfr_initialize(void) 195{ |
| 196#if !defined(__FreeBSD__) |
|
| 175 pool_init(&pfr_ktable_pl, sizeof(struct pfr_ktable), 0, 0, 0, 176 "pfrktable", NULL); 177 pool_init(&pfr_kentry_pl, sizeof(struct pfr_kentry), 0, 0, 0, 178 "pfrkentry", NULL); | 197 pool_init(&pfr_ktable_pl, sizeof(struct pfr_ktable), 0, 0, 0, 198 "pfrktable", NULL); 199 pool_init(&pfr_kentry_pl, sizeof(struct pfr_kentry), 0, 0, 0, 200 "pfrkentry", NULL); |
| 201#endif |
|
| 179 180 pfr_sin.sin_len = sizeof(pfr_sin); 181 pfr_sin.sin_family = AF_INET; 182 pfr_sin6.sin6_len = sizeof(pfr_sin6); 183 pfr_sin6.sin6_family = AF_INET6; 184 185 memset(&pfr_ffaddr, 0xff, sizeof(pfr_ffaddr)); 186} --- 34 unchanged lines hidden (view full) --- 221pfr_add_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size, 222 int *nadd, int flags) 223{ 224 struct pfr_ktable *kt, *tmpkt; 225 struct pfr_kentryworkq workq; 226 struct pfr_kentry *p, *q; 227 struct pfr_addr ad; 228 int i, rv, s, xadd = 0; | 202 203 pfr_sin.sin_len = sizeof(pfr_sin); 204 pfr_sin.sin_family = AF_INET; 205 pfr_sin6.sin6_len = sizeof(pfr_sin6); 206 pfr_sin6.sin6_family = AF_INET6; 207 208 memset(&pfr_ffaddr, 0xff, sizeof(pfr_ffaddr)); 209} --- 34 unchanged lines hidden (view full) --- 244pfr_add_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size, 245 int *nadd, int flags) 246{ 247 struct pfr_ktable *kt, *tmpkt; 248 struct pfr_kentryworkq workq; 249 struct pfr_kentry *p, *q; 250 struct pfr_addr ad; 251 int i, rv, s, xadd = 0; |
| 252#if defined(__FreeBSD__) 253 int ec; 254 /* 255 * XXX Is it OK under LP64 environments? 256 */ 257 long tzero = (long)time_second; 258#else |
|
| 229 long tzero = time.tv_sec; | 259 long tzero = time.tv_sec; |
| 260#endif |
|
| 230 231 ACCEPT_FLAGS(PFR_FLAG_ATOMIC+PFR_FLAG_DUMMY+PFR_FLAG_FEEDBACK); 232 if (pfr_validate_table(tbl, 0)) 233 return (EINVAL); 234 kt = pfr_lookup_table(tbl); 235 if (kt == NULL || !(kt->pfrkt_flags & PFR_TFLAG_ACTIVE)) 236 return (ESRCH); 237 if (kt->pfrkt_flags & PFR_TFLAG_CONST) 238 return (EPERM); 239 tmpkt = pfr_create_ktable(&pfr_nulltable, 0, 0); 240 if (tmpkt == NULL) 241 return (ENOMEM); 242 SLIST_INIT(&workq); 243 for (i = 0; i < size; i++) { | 261 262 ACCEPT_FLAGS(PFR_FLAG_ATOMIC+PFR_FLAG_DUMMY+PFR_FLAG_FEEDBACK); 263 if (pfr_validate_table(tbl, 0)) 264 return (EINVAL); 265 kt = pfr_lookup_table(tbl); 266 if (kt == NULL || !(kt->pfrkt_flags & PFR_TFLAG_ACTIVE)) 267 return (ESRCH); 268 if (kt->pfrkt_flags & PFR_TFLAG_CONST) 269 return (EPERM); 270 tmpkt = pfr_create_ktable(&pfr_nulltable, 0, 0); 271 if (tmpkt == NULL) 272 return (ENOMEM); 273 SLIST_INIT(&workq); 274 for (i = 0; i < size; i++) { |
| 275#if defined(__FreeBSD__) 276 PF_COPYIN(addr+i, &ad, sizeof(ad), ec); 277 if (ec) 278 senderr(EFAULT); 279#else |
|
| 244 if (copyin(addr+i, &ad, sizeof(ad))) 245 senderr(EFAULT); | 280 if (copyin(addr+i, &ad, sizeof(ad))) 281 senderr(EFAULT); |
| 282#endif |
|
| 246 if (pfr_validate_addr(&ad)) 247 senderr(EINVAL); 248 p = pfr_lookup_addr(kt, &ad, 1); 249 q = pfr_lookup_addr(tmpkt, &ad, 1); 250 if (flags & PFR_FLAG_FEEDBACK) { 251 if (q != NULL) 252 ad.pfra_fback = PFR_FB_DUPLICATE; 253 else if (p == NULL) --- 10 unchanged lines hidden (view full) --- 264 if (pfr_route_kentry(tmpkt, p)) { 265 pfr_destroy_kentry(p); 266 ad.pfra_fback = PFR_FB_NONE; 267 } else { 268 SLIST_INSERT_HEAD(&workq, p, pfrke_workq); 269 xadd++; 270 } 271 } | 283 if (pfr_validate_addr(&ad)) 284 senderr(EINVAL); 285 p = pfr_lookup_addr(kt, &ad, 1); 286 q = pfr_lookup_addr(tmpkt, &ad, 1); 287 if (flags & PFR_FLAG_FEEDBACK) { 288 if (q != NULL) 289 ad.pfra_fback = PFR_FB_DUPLICATE; 290 else if (p == NULL) --- 10 unchanged lines hidden (view full) --- 301 if (pfr_route_kentry(tmpkt, p)) { 302 pfr_destroy_kentry(p); 303 ad.pfra_fback = PFR_FB_NONE; 304 } else { 305 SLIST_INSERT_HEAD(&workq, p, pfrke_workq); 306 xadd++; 307 } 308 } |
| 309#if defined(__FreeBSD__) 310 if (flags & PFR_FLAG_FEEDBACK) { 311 PF_COPYOUT(&ad, addr+i, sizeof(ad), ec); 312 if (ec) 313 senderr(EFAULT); 314 } 315#else |
|
| 272 if (flags & PFR_FLAG_FEEDBACK) 273 if (copyout(&ad, addr+i, sizeof(ad))) 274 senderr(EFAULT); | 316 if (flags & PFR_FLAG_FEEDBACK) 317 if (copyout(&ad, addr+i, sizeof(ad))) 318 senderr(EFAULT); |
| 319#endif |
|
| 275 } 276 pfr_clean_node_mask(tmpkt, &workq); 277 if (!(flags & PFR_FLAG_DUMMY)) { 278 if (flags & PFR_FLAG_ATOMIC) 279 s = splsoftnet(); 280 pfr_insert_kentries(kt, &workq, tzero); 281 if (flags & PFR_FLAG_ATOMIC) 282 splx(s); --- 16 unchanged lines hidden (view full) --- 299pfr_del_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size, 300 int *ndel, int flags) 301{ 302 struct pfr_ktable *kt; 303 struct pfr_kentryworkq workq; 304 struct pfr_kentry *p; 305 struct pfr_addr ad; 306 int i, rv, s, xdel = 0; | 320 } 321 pfr_clean_node_mask(tmpkt, &workq); 322 if (!(flags & PFR_FLAG_DUMMY)) { 323 if (flags & PFR_FLAG_ATOMIC) 324 s = splsoftnet(); 325 pfr_insert_kentries(kt, &workq, tzero); 326 if (flags & PFR_FLAG_ATOMIC) 327 splx(s); --- 16 unchanged lines hidden (view full) --- 344pfr_del_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size, 345 int *ndel, int flags) 346{ 347 struct pfr_ktable *kt; 348 struct pfr_kentryworkq workq; 349 struct pfr_kentry *p; 350 struct pfr_addr ad; 351 int i, rv, s, xdel = 0; |
| 352#if defined(__FreeBSD__) 353 int ec; 354#endif |
|
| 307 308 ACCEPT_FLAGS(PFR_FLAG_ATOMIC+PFR_FLAG_DUMMY+PFR_FLAG_FEEDBACK); 309 if (pfr_validate_table(tbl, 0)) 310 return (EINVAL); 311 kt = pfr_lookup_table(tbl); 312 if (kt == NULL || !(kt->pfrkt_flags & PFR_TFLAG_ACTIVE)) 313 return (ESRCH); 314 if (kt->pfrkt_flags & PFR_TFLAG_CONST) 315 return (EPERM); 316 pfr_mark_addrs(kt); 317 SLIST_INIT(&workq); 318 for (i = 0; i < size; i++) { | 355 356 ACCEPT_FLAGS(PFR_FLAG_ATOMIC+PFR_FLAG_DUMMY+PFR_FLAG_FEEDBACK); 357 if (pfr_validate_table(tbl, 0)) 358 return (EINVAL); 359 kt = pfr_lookup_table(tbl); 360 if (kt == NULL || !(kt->pfrkt_flags & PFR_TFLAG_ACTIVE)) 361 return (ESRCH); 362 if (kt->pfrkt_flags & PFR_TFLAG_CONST) 363 return (EPERM); 364 pfr_mark_addrs(kt); 365 SLIST_INIT(&workq); 366 for (i = 0; i < size; i++) { |
| 367#if defined(__FreeBSD__) 368 PF_COPYIN(addr+i, &ad, sizeof(ad), ec); 369 if (ec) 370 senderr(EFAULT); 371#else |
|
| 319 if (copyin(addr+i, &ad, sizeof(ad))) 320 senderr(EFAULT); | 372 if (copyin(addr+i, &ad, sizeof(ad))) 373 senderr(EFAULT); |
| 374#endif |
|
| 321 if (pfr_validate_addr(&ad)) 322 senderr(EINVAL); 323 p = pfr_lookup_addr(kt, &ad, 1); 324 if (flags & PFR_FLAG_FEEDBACK) { 325 if (p == NULL) 326 ad.pfra_fback = PFR_FB_NONE; 327 else if (p->pfrke_not != ad.pfra_not) 328 ad.pfra_fback = PFR_FB_CONFLICT; 329 else if (p->pfrke_mark) 330 ad.pfra_fback = PFR_FB_DUPLICATE; 331 else 332 ad.pfra_fback = PFR_FB_DELETED; 333 } 334 if (p != NULL && p->pfrke_not == ad.pfra_not && 335 !p->pfrke_mark) { 336 p->pfrke_mark = 1; 337 SLIST_INSERT_HEAD(&workq, p, pfrke_workq); 338 xdel++; 339 } | 375 if (pfr_validate_addr(&ad)) 376 senderr(EINVAL); 377 p = pfr_lookup_addr(kt, &ad, 1); 378 if (flags & PFR_FLAG_FEEDBACK) { 379 if (p == NULL) 380 ad.pfra_fback = PFR_FB_NONE; 381 else if (p->pfrke_not != ad.pfra_not) 382 ad.pfra_fback = PFR_FB_CONFLICT; 383 else if (p->pfrke_mark) 384 ad.pfra_fback = PFR_FB_DUPLICATE; 385 else 386 ad.pfra_fback = PFR_FB_DELETED; 387 } 388 if (p != NULL && p->pfrke_not == ad.pfra_not && 389 !p->pfrke_mark) { 390 p->pfrke_mark = 1; 391 SLIST_INSERT_HEAD(&workq, p, pfrke_workq); 392 xdel++; 393 } |
| 394#if defined(__FreeBSD__) 395 if (flags & PFR_FLAG_FEEDBACK) { 396 PF_COPYOUT(&ad, addr+i, sizeof(ad), ec); 397 if (ec) 398 senderr(EFAULT); 399 } 400#else |
|
| 340 if (flags & PFR_FLAG_FEEDBACK) 341 if (copyout(&ad, addr+i, sizeof(ad))) 342 senderr(EFAULT); | 401 if (flags & PFR_FLAG_FEEDBACK) 402 if (copyout(&ad, addr+i, sizeof(ad))) 403 senderr(EFAULT); |
| 404#endif |
|
| 343 } 344 if (!(flags & PFR_FLAG_DUMMY)) { 345 if (flags & PFR_FLAG_ATOMIC) 346 s = splsoftnet(); 347 pfr_remove_kentries(kt, &workq); 348 if (flags & PFR_FLAG_ATOMIC) 349 splx(s); 350 } --- 10 unchanged lines hidden (view full) --- 361pfr_set_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size, 362 int *size2, int *nadd, int *ndel, int *nchange, int flags) 363{ 364 struct pfr_ktable *kt, *tmpkt; 365 struct pfr_kentryworkq addq, delq, changeq; 366 struct pfr_kentry *p, *q; 367 struct pfr_addr ad; 368 int i, rv, s, xadd = 0, xdel = 0, xchange = 0; | 405 } 406 if (!(flags & PFR_FLAG_DUMMY)) { 407 if (flags & PFR_FLAG_ATOMIC) 408 s = splsoftnet(); 409 pfr_remove_kentries(kt, &workq); 410 if (flags & PFR_FLAG_ATOMIC) 411 splx(s); 412 } --- 10 unchanged lines hidden (view full) --- 423pfr_set_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size, 424 int *size2, int *nadd, int *ndel, int *nchange, int flags) 425{ 426 struct pfr_ktable *kt, *tmpkt; 427 struct pfr_kentryworkq addq, delq, changeq; 428 struct pfr_kentry *p, *q; 429 struct pfr_addr ad; 430 int i, rv, s, xadd = 0, xdel = 0, xchange = 0; |
| 431#if defined(__FreeBSD__) 432 int ec; 433 /* 434 * XXX Is it OK under LP64 environments? 435 */ 436 long tzero = (long)time_second; 437#else |
|
| 369 long tzero = time.tv_sec; | 438 long tzero = time.tv_sec; |
| 439#endif |
|
| 370 371 ACCEPT_FLAGS(PFR_FLAG_ATOMIC+PFR_FLAG_DUMMY+PFR_FLAG_FEEDBACK); 372 if (pfr_validate_table(tbl, 0)) 373 return (EINVAL); 374 kt = pfr_lookup_table(tbl); 375 if (kt == NULL || !(kt->pfrkt_flags & PFR_TFLAG_ACTIVE)) 376 return (ESRCH); 377 if (kt->pfrkt_flags & PFR_TFLAG_CONST) 378 return (EPERM); 379 tmpkt = pfr_create_ktable(&pfr_nulltable, 0, 0); 380 if (tmpkt == NULL) 381 return (ENOMEM); 382 pfr_mark_addrs(kt); 383 SLIST_INIT(&addq); 384 SLIST_INIT(&delq); 385 SLIST_INIT(&changeq); 386 for (i = 0; i < size; i++) { | 440 441 ACCEPT_FLAGS(PFR_FLAG_ATOMIC+PFR_FLAG_DUMMY+PFR_FLAG_FEEDBACK); 442 if (pfr_validate_table(tbl, 0)) 443 return (EINVAL); 444 kt = pfr_lookup_table(tbl); 445 if (kt == NULL || !(kt->pfrkt_flags & PFR_TFLAG_ACTIVE)) 446 return (ESRCH); 447 if (kt->pfrkt_flags & PFR_TFLAG_CONST) 448 return (EPERM); 449 tmpkt = pfr_create_ktable(&pfr_nulltable, 0, 0); 450 if (tmpkt == NULL) 451 return (ENOMEM); 452 pfr_mark_addrs(kt); 453 SLIST_INIT(&addq); 454 SLIST_INIT(&delq); 455 SLIST_INIT(&changeq); 456 for (i = 0; i < size; i++) { |
| 457#if defined(__FreeBSD__) 458 PF_COPYIN(addr+i, &ad, sizeof(ad), ec); 459 if (ec) 460 senderr(EFAULT); 461#else |
|
| 387 if (copyin(addr+i, &ad, sizeof(ad))) 388 senderr(EFAULT); | 462 if (copyin(addr+i, &ad, sizeof(ad))) 463 senderr(EFAULT); |
| 464#endif |
|
| 389 if (pfr_validate_addr(&ad)) 390 senderr(EINVAL); 391 ad.pfra_fback = PFR_FB_NONE; 392 p = pfr_lookup_addr(kt, &ad, 1); 393 if (p != NULL) { 394 if (p->pfrke_mark) { 395 ad.pfra_fback = PFR_FB_DUPLICATE; 396 goto _skip; --- 18 unchanged lines hidden (view full) --- 415 ad.pfra_fback = PFR_FB_NONE; 416 } else { 417 SLIST_INSERT_HEAD(&addq, p, pfrke_workq); 418 ad.pfra_fback = PFR_FB_ADDED; 419 xadd++; 420 } 421 } 422_skip: | 465 if (pfr_validate_addr(&ad)) 466 senderr(EINVAL); 467 ad.pfra_fback = PFR_FB_NONE; 468 p = pfr_lookup_addr(kt, &ad, 1); 469 if (p != NULL) { 470 if (p->pfrke_mark) { 471 ad.pfra_fback = PFR_FB_DUPLICATE; 472 goto _skip; --- 18 unchanged lines hidden (view full) --- 491 ad.pfra_fback = PFR_FB_NONE; 492 } else { 493 SLIST_INSERT_HEAD(&addq, p, pfrke_workq); 494 ad.pfra_fback = PFR_FB_ADDED; 495 xadd++; 496 } 497 } 498_skip: |
| 499#if defined(__FreeBSD__) 500 if (flags & PFR_FLAG_FEEDBACK) { 501 PF_COPYOUT(&ad, addr+i, sizeof(ad), ec); 502 if (ec) 503 senderr(EFAULT); 504 } 505#else |
|
| 423 if (flags & PFR_FLAG_FEEDBACK) 424 if (copyout(&ad, addr+i, sizeof(ad))) 425 senderr(EFAULT); | 506 if (flags & PFR_FLAG_FEEDBACK) 507 if (copyout(&ad, addr+i, sizeof(ad))) 508 senderr(EFAULT); |
| 509#endif |
|
| 426 } 427 pfr_enqueue_addrs(kt, &delq, &xdel, ENQUEUE_UNMARKED_ONLY); 428 if ((flags & PFR_FLAG_FEEDBACK) && *size2) { 429 if (*size2 < size+xdel) { 430 *size2 = size+xdel; 431 senderr(0); 432 } 433 i = 0; 434 SLIST_FOREACH(p, &delq, pfrke_workq) { 435 pfr_copyout_addr(&ad, p); 436 ad.pfra_fback = PFR_FB_DELETED; | 510 } 511 pfr_enqueue_addrs(kt, &delq, &xdel, ENQUEUE_UNMARKED_ONLY); 512 if ((flags & PFR_FLAG_FEEDBACK) && *size2) { 513 if (*size2 < size+xdel) { 514 *size2 = size+xdel; 515 senderr(0); 516 } 517 i = 0; 518 SLIST_FOREACH(p, &delq, pfrke_workq) { 519 pfr_copyout_addr(&ad, p); 520 ad.pfra_fback = PFR_FB_DELETED; |
| 521#if defined(__FreeBSD__) 522 PF_COPYOUT(&ad, addr+size+i, sizeof(ad), ec); 523 if (ec) 524 senderr(EFAULT); 525#else |
|
| 437 if (copyout(&ad, addr+size+i, sizeof(ad))) 438 senderr(EFAULT); | 526 if (copyout(&ad, addr+size+i, sizeof(ad))) 527 senderr(EFAULT); |
| 528#endif |
|
| 439 i++; 440 } 441 } 442 pfr_clean_node_mask(tmpkt, &addq); 443 if (!(flags & PFR_FLAG_DUMMY)) { 444 if (flags & PFR_FLAG_ATOMIC) 445 s = splsoftnet(); 446 pfr_insert_kentries(kt, &addq, tzero); --- 25 unchanged lines hidden (view full) --- 472int 473pfr_tst_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size, 474 int *nmatch, int flags) 475{ 476 struct pfr_ktable *kt; 477 struct pfr_kentry *p; 478 struct pfr_addr ad; 479 int i, xmatch = 0; | 529 i++; 530 } 531 } 532 pfr_clean_node_mask(tmpkt, &addq); 533 if (!(flags & PFR_FLAG_DUMMY)) { 534 if (flags & PFR_FLAG_ATOMIC) 535 s = splsoftnet(); 536 pfr_insert_kentries(kt, &addq, tzero); --- 25 unchanged lines hidden (view full) --- 562int 563pfr_tst_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size, 564 int *nmatch, int flags) 565{ 566 struct pfr_ktable *kt; 567 struct pfr_kentry *p; 568 struct pfr_addr ad; 569 int i, xmatch = 0; |
| 570#if defined(__FreeBSD__) 571 int ec; 572#endif |
|
| 480 481 ACCEPT_FLAGS(PFR_FLAG_REPLACE); 482 if (pfr_validate_table(tbl, 0)) 483 return (EINVAL); 484 kt = pfr_lookup_table(tbl); 485 if (kt == NULL || !(kt->pfrkt_flags & PFR_TFLAG_ACTIVE)) 486 return (ESRCH); 487 488 for (i = 0; i < size; i++) { | 573 574 ACCEPT_FLAGS(PFR_FLAG_REPLACE); 575 if (pfr_validate_table(tbl, 0)) 576 return (EINVAL); 577 kt = pfr_lookup_table(tbl); 578 if (kt == NULL || !(kt->pfrkt_flags & PFR_TFLAG_ACTIVE)) 579 return (ESRCH); 580 581 for (i = 0; i < size; i++) { |
| 582#if defined(__FreeBSD__) 583 PF_COPYIN(addr+i, &ad, sizeof(ad), ec); 584 if (ec) 585 return (EFAULT); 586#else |
|
| 489 if (copyin(addr+i, &ad, sizeof(ad))) 490 return (EFAULT); | 587 if (copyin(addr+i, &ad, sizeof(ad))) 588 return (EFAULT); |
| 589#endif |
|
| 491 if (pfr_validate_addr(&ad)) 492 return (EINVAL); 493 if (ADDR_NETWORK(&ad)) 494 return (EINVAL); 495 p = pfr_lookup_addr(kt, &ad, 0); 496 if (flags & PFR_FLAG_REPLACE) 497 pfr_copyout_addr(&ad, p); 498 ad.pfra_fback = (p == NULL) ? PFR_FB_NONE : 499 (p->pfrke_not ? PFR_FB_NOTMATCH : PFR_FB_MATCH); 500 if (p != NULL && !p->pfrke_not) 501 xmatch++; | 590 if (pfr_validate_addr(&ad)) 591 return (EINVAL); 592 if (ADDR_NETWORK(&ad)) 593 return (EINVAL); 594 p = pfr_lookup_addr(kt, &ad, 0); 595 if (flags & PFR_FLAG_REPLACE) 596 pfr_copyout_addr(&ad, p); 597 ad.pfra_fback = (p == NULL) ? PFR_FB_NONE : 598 (p->pfrke_not ? PFR_FB_NOTMATCH : PFR_FB_MATCH); 599 if (p != NULL && !p->pfrke_not) 600 xmatch++; |
| 601#if defined(__FreeBSD__) 602 PF_COPYOUT(&ad, addr+i, sizeof(ad), ec); 603 if (ec) 604 return (EFAULT); 605#else |
|
| 502 if (copyout(&ad, addr+i, sizeof(ad))) 503 return (EFAULT); | 606 if (copyout(&ad, addr+i, sizeof(ad))) 607 return (EFAULT); |
| 608#endif |
|
| 504 } 505 if (nmatch != NULL) 506 *nmatch = xmatch; 507 return (0); 508} 509 510int 511pfr_get_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int *size, --- 13 unchanged lines hidden (view full) --- 525 *size = kt->pfrkt_cnt; 526 return (0); 527 } 528 529 bzero(&w, sizeof(w)); 530 w.pfrw_op = PFRW_GET_ADDRS; 531 w.pfrw_addr = addr; 532 w.pfrw_free = kt->pfrkt_cnt; | 609 } 610 if (nmatch != NULL) 611 *nmatch = xmatch; 612 return (0); 613} 614 615int 616pfr_get_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int *size, --- 13 unchanged lines hidden (view full) --- 630 *size = kt->pfrkt_cnt; 631 return (0); 632 } 633 634 bzero(&w, sizeof(w)); 635 w.pfrw_op = PFRW_GET_ADDRS; 636 w.pfrw_addr = addr; 637 w.pfrw_free = kt->pfrkt_cnt; |
| 638#if defined(__FreeBSD__) 639 rv = kt->pfrkt_ip4->rnh_walktree(kt->pfrkt_ip4, pfr_walktree, &w); 640#else |
|
| 533 rv = rn_walktree(kt->pfrkt_ip4, pfr_walktree, &w); | 641 rv = rn_walktree(kt->pfrkt_ip4, pfr_walktree, &w); |
| 642#endif |
|
| 534 if (!rv) | 643 if (!rv) |
| 644#if defined(__FreeBSD__) 645 rv = kt->pfrkt_ip6->rnh_walktree(kt->pfrkt_ip6, pfr_walktree, 646 &w); 647#else |
|
| 535 rv = rn_walktree(kt->pfrkt_ip6, pfr_walktree, &w); | 648 rv = rn_walktree(kt->pfrkt_ip6, pfr_walktree, &w); |
| 649#endif |
|
| 536 if (rv) 537 return (rv); 538 539 if (w.pfrw_free) { 540 printf("pfr_get_addrs: corruption detected (%d).\n", 541 w.pfrw_free); 542 return (ENOTTY); 543 } --- 4 unchanged lines hidden (view full) --- 548int 549pfr_get_astats(struct pfr_table *tbl, struct pfr_astats *addr, int *size, 550 int flags) 551{ 552 struct pfr_ktable *kt; 553 struct pfr_walktree w; 554 struct pfr_kentryworkq workq; 555 int rv, s; | 650 if (rv) 651 return (rv); 652 653 if (w.pfrw_free) { 654 printf("pfr_get_addrs: corruption detected (%d).\n", 655 w.pfrw_free); 656 return (ENOTTY); 657 } --- 4 unchanged lines hidden (view full) --- 662int 663pfr_get_astats(struct pfr_table *tbl, struct pfr_astats *addr, int *size, 664 int flags) 665{ 666 struct pfr_ktable *kt; 667 struct pfr_walktree w; 668 struct pfr_kentryworkq workq; 669 int rv, s; |
| 670#if defined(__FreeBSD__) 671 /* 672 * XXX Is it OK under LP64 environments? 673 */ 674 long tzero = (long)time_second; 675#else |
|
| 556 long tzero = time.tv_sec; | 676 long tzero = time.tv_sec; |
| 677#endif |
|
| 557 558 ACCEPT_FLAGS(PFR_FLAG_ATOMIC); /* XXX PFR_FLAG_CLSTATS disabled */ 559 if (pfr_validate_table(tbl, 0)) 560 return (EINVAL); 561 kt = pfr_lookup_table(tbl); 562 if (kt == NULL || !(kt->pfrkt_flags & PFR_TFLAG_ACTIVE)) 563 return (ESRCH); 564 if (kt->pfrkt_cnt > *size) { 565 *size = kt->pfrkt_cnt; 566 return (0); 567 } 568 569 bzero(&w, sizeof(w)); 570 w.pfrw_op = PFRW_GET_ASTATS; 571 w.pfrw_astats = addr; 572 w.pfrw_free = kt->pfrkt_cnt; 573 if (flags & PFR_FLAG_ATOMIC) 574 s = splsoftnet(); | 678 679 ACCEPT_FLAGS(PFR_FLAG_ATOMIC); /* XXX PFR_FLAG_CLSTATS disabled */ 680 if (pfr_validate_table(tbl, 0)) 681 return (EINVAL); 682 kt = pfr_lookup_table(tbl); 683 if (kt == NULL || !(kt->pfrkt_flags & PFR_TFLAG_ACTIVE)) 684 return (ESRCH); 685 if (kt->pfrkt_cnt > *size) { 686 *size = kt->pfrkt_cnt; 687 return (0); 688 } 689 690 bzero(&w, sizeof(w)); 691 w.pfrw_op = PFRW_GET_ASTATS; 692 w.pfrw_astats = addr; 693 w.pfrw_free = kt->pfrkt_cnt; 694 if (flags & PFR_FLAG_ATOMIC) 695 s = splsoftnet(); |
| 696#if defined(__FreeBSD__) 697 rv = kt->pfrkt_ip4->rnh_walktree(kt->pfrkt_ip4, pfr_walktree, &w); 698#else |
|
| 575 rv = rn_walktree(kt->pfrkt_ip4, pfr_walktree, &w); | 699 rv = rn_walktree(kt->pfrkt_ip4, pfr_walktree, &w); |
| 700#endif |
|
| 576 if (!rv) | 701 if (!rv) |
| 702#if defined(__FreeBSD__) 703 rv = kt->pfrkt_ip6->rnh_walktree(kt->pfrkt_ip6, pfr_walktree, 704 &w); 705#else |
|
| 577 rv = rn_walktree(kt->pfrkt_ip6, pfr_walktree, &w); | 706 rv = rn_walktree(kt->pfrkt_ip6, pfr_walktree, &w); |
| 707#endif |
|
| 578 if (!rv && (flags & PFR_FLAG_CLSTATS)) { 579 pfr_enqueue_addrs(kt, &workq, NULL, 0); 580 pfr_clstats_kentries(&workq, tzero, 0); 581 } 582 if (flags & PFR_FLAG_ATOMIC) 583 splx(s); 584 if (rv) 585 return (rv); --- 11 unchanged lines hidden (view full) --- 597pfr_clr_astats(struct pfr_table *tbl, struct pfr_addr *addr, int size, 598 int *nzero, int flags) 599{ 600 struct pfr_ktable *kt; 601 struct pfr_kentryworkq workq; 602 struct pfr_kentry *p; 603 struct pfr_addr ad; 604 int i, rv, s, xzero = 0; | 708 if (!rv && (flags & PFR_FLAG_CLSTATS)) { 709 pfr_enqueue_addrs(kt, &workq, NULL, 0); 710 pfr_clstats_kentries(&workq, tzero, 0); 711 } 712 if (flags & PFR_FLAG_ATOMIC) 713 splx(s); 714 if (rv) 715 return (rv); --- 11 unchanged lines hidden (view full) --- 727pfr_clr_astats(struct pfr_table *tbl, struct pfr_addr *addr, int size, 728 int *nzero, int flags) 729{ 730 struct pfr_ktable *kt; 731 struct pfr_kentryworkq workq; 732 struct pfr_kentry *p; 733 struct pfr_addr ad; 734 int i, rv, s, xzero = 0; |
| 735#if defined(__FreeBSD__) 736 int ec; 737#endif |
|
| 605 606 ACCEPT_FLAGS(PFR_FLAG_ATOMIC+PFR_FLAG_DUMMY+PFR_FLAG_FEEDBACK); 607 if (pfr_validate_table(tbl, 0)) 608 return (EINVAL); 609 kt = pfr_lookup_table(tbl); 610 if (kt == NULL || !(kt->pfrkt_flags & PFR_TFLAG_ACTIVE)) 611 return (ESRCH); 612 SLIST_INIT(&workq); 613 for (i = 0; i < size; i++) { | 738 739 ACCEPT_FLAGS(PFR_FLAG_ATOMIC+PFR_FLAG_DUMMY+PFR_FLAG_FEEDBACK); 740 if (pfr_validate_table(tbl, 0)) 741 return (EINVAL); 742 kt = pfr_lookup_table(tbl); 743 if (kt == NULL || !(kt->pfrkt_flags & PFR_TFLAG_ACTIVE)) 744 return (ESRCH); 745 SLIST_INIT(&workq); 746 for (i = 0; i < size; i++) { |
| 747#if defined(__FreeBSD__) 748 PF_COPYIN(addr+i, &ad, sizeof(ad), ec); 749 if (ec) 750 senderr(EFAULT); 751#else |
|
| 614 if (copyin(addr+i, &ad, sizeof(ad))) 615 senderr(EFAULT); | 752 if (copyin(addr+i, &ad, sizeof(ad))) 753 senderr(EFAULT); |
| 754#endif |
|
| 616 if (pfr_validate_addr(&ad)) 617 senderr(EINVAL); 618 p = pfr_lookup_addr(kt, &ad, 1); 619 if (flags & PFR_FLAG_FEEDBACK) { 620 ad.pfra_fback = (p != NULL) ? 621 PFR_FB_CLEARED : PFR_FB_NONE; | 755 if (pfr_validate_addr(&ad)) 756 senderr(EINVAL); 757 p = pfr_lookup_addr(kt, &ad, 1); 758 if (flags & PFR_FLAG_FEEDBACK) { 759 ad.pfra_fback = (p != NULL) ? 760 PFR_FB_CLEARED : PFR_FB_NONE; |
| 761#if defined(__FreeBSD__) 762 PF_COPYOUT(&ad, addr+i, sizeof(ad), ec); 763 if (ec) 764 senderr(EFAULT); 765#else |
|
| 622 if (copyout(&ad, addr+i, sizeof(ad))) 623 senderr(EFAULT); | 766 if (copyout(&ad, addr+i, sizeof(ad))) 767 senderr(EFAULT); |
| 768#endif |
|
| 624 } 625 if (p != NULL) { 626 SLIST_INSERT_HEAD(&workq, p, pfrke_workq); 627 xzero++; 628 } 629 } 630 631 if (!(flags & PFR_FLAG_DUMMY)) { --- 48 unchanged lines hidden (view full) --- 680{ 681 struct pfr_walktree w; 682 683 SLIST_INIT(workq); 684 bzero(&w, sizeof(w)); 685 w.pfrw_op = sweep ? PFRW_SWEEP : PFRW_ENQUEUE; 686 w.pfrw_workq = workq; 687 if (kt->pfrkt_ip4 != NULL) | 769 } 770 if (p != NULL) { 771 SLIST_INSERT_HEAD(&workq, p, pfrke_workq); 772 xzero++; 773 } 774 } 775 776 if (!(flags & PFR_FLAG_DUMMY)) { --- 48 unchanged lines hidden (view full) --- 825{ 826 struct pfr_walktree w; 827 828 SLIST_INIT(workq); 829 bzero(&w, sizeof(w)); 830 w.pfrw_op = sweep ? PFRW_SWEEP : PFRW_ENQUEUE; 831 w.pfrw_workq = workq; 832 if (kt->pfrkt_ip4 != NULL) |
| 833#if defined(__FreeBSD__) 834 if (kt->pfrkt_ip4->rnh_walktree(kt->pfrkt_ip4, pfr_walktree, 835 &w)) 836#else |
|
| 688 if (rn_walktree(kt->pfrkt_ip4, pfr_walktree, &w)) | 837 if (rn_walktree(kt->pfrkt_ip4, pfr_walktree, &w)) |
| 838#endif |
|
| 689 printf("pfr_enqueue_addrs: IPv4 walktree failed.\n"); 690 if (kt->pfrkt_ip6 != NULL) | 839 printf("pfr_enqueue_addrs: IPv4 walktree failed.\n"); 840 if (kt->pfrkt_ip6 != NULL) |
| 841#if defined(__FreeBSD__) 842 if (kt->pfrkt_ip6->rnh_walktree(kt->pfrkt_ip6, pfr_walktree, 843 &w)) 844#else |
|
| 691 if (rn_walktree(kt->pfrkt_ip6, pfr_walktree, &w)) | 845 if (rn_walktree(kt->pfrkt_ip6, pfr_walktree, &w)) |
| 846#endif |
|
| 692 printf("pfr_enqueue_addrs: IPv6 walktree failed.\n"); 693 if (naddr != NULL) 694 *naddr = w.pfrw_cnt; 695} 696 697void 698pfr_mark_addrs(struct pfr_ktable *kt) 699{ 700 struct pfr_walktree w; 701 702 bzero(&w, sizeof(w)); 703 w.pfrw_op = PFRW_MARK; | 847 printf("pfr_enqueue_addrs: IPv6 walktree failed.\n"); 848 if (naddr != NULL) 849 *naddr = w.pfrw_cnt; 850} 851 852void 853pfr_mark_addrs(struct pfr_ktable *kt) 854{ 855 struct pfr_walktree w; 856 857 bzero(&w, sizeof(w)); 858 w.pfrw_op = PFRW_MARK; |
| 859#if defined(__FreeBSD__) 860 if (kt->pfrkt_ip4->rnh_walktree(kt->pfrkt_ip4, pfr_walktree, &w)) 861#else |
|
| 704 if (rn_walktree(kt->pfrkt_ip4, pfr_walktree, &w)) | 862 if (rn_walktree(kt->pfrkt_ip4, pfr_walktree, &w)) |
| 863#endif |
|
| 705 printf("pfr_mark_addrs: IPv4 walktree failed.\n"); | 864 printf("pfr_mark_addrs: IPv4 walktree failed.\n"); |
| 865#if defined(__FreeBSD__) 866 if (kt->pfrkt_ip6->rnh_walktree(kt->pfrkt_ip6, pfr_walktree, &w)) 867#else |
|
| 706 if (rn_walktree(kt->pfrkt_ip6, pfr_walktree, &w)) | 868 if (rn_walktree(kt->pfrkt_ip6, pfr_walktree, &w)) |
| 869#endif |
|
| 707 printf("pfr_mark_addrs: IPv6 walktree failed.\n"); 708} 709 710 711struct pfr_kentry * 712pfr_lookup_addr(struct pfr_ktable *kt, struct pfr_addr *ad, int exact) 713{ 714 union sockaddr_union sa, mask; --- 7 unchanged lines hidden (view full) --- 722 head = kt->pfrkt_ip4; 723 } else { 724 FILLIN_SIN6(sa.sin6, ad->pfra_ip6addr); 725 head = kt->pfrkt_ip6; 726 } 727 if (ADDR_NETWORK(ad)) { 728 pfr_prepare_network(&mask, ad->pfra_af, ad->pfra_net); 729 s = splsoftnet(); /* rn_lookup makes use of globals */ | 870 printf("pfr_mark_addrs: IPv6 walktree failed.\n"); 871} 872 873 874struct pfr_kentry * 875pfr_lookup_addr(struct pfr_ktable *kt, struct pfr_addr *ad, int exact) 876{ 877 union sockaddr_union sa, mask; --- 7 unchanged lines hidden (view full) --- 885 head = kt->pfrkt_ip4; 886 } else { 887 FILLIN_SIN6(sa.sin6, ad->pfra_ip6addr); 888 head = kt->pfrkt_ip6; 889 } 890 if (ADDR_NETWORK(ad)) { 891 pfr_prepare_network(&mask, ad->pfra_af, ad->pfra_net); 892 s = splsoftnet(); /* rn_lookup makes use of globals */ |
| 893#if defined(__FreeBSD__) && (__FreeBSD_version >= 500100) 894 RADIX_NODE_HEAD_LOCK(head); 895#endif |
|
| 730 ke = (struct pfr_kentry *)rn_lookup(&sa, &mask, head); | 896 ke = (struct pfr_kentry *)rn_lookup(&sa, &mask, head); |
| 897#if defined(__FreeBSD__) && (__FreeBSD_version >= 500100) 898 RADIX_NODE_HEAD_UNLOCK(head); 899#endif |
|
| 731 splx(s); 732 if (ke && KENTRY_RNF_ROOT(ke)) 733 ke = NULL; 734 } else { 735 ke = (struct pfr_kentry *)rn_match(&sa, head); 736 if (ke && KENTRY_RNF_ROOT(ke)) 737 ke = NULL; 738 if (exact && ke && KENTRY_NETWORK(ke)) --- 101 unchanged lines hidden (view full) --- 840 } 841} 842 843void 844pfr_reset_feedback(struct pfr_addr *addr, int size) 845{ 846 struct pfr_addr ad; 847 int i; | 900 splx(s); 901 if (ke && KENTRY_RNF_ROOT(ke)) 902 ke = NULL; 903 } else { 904 ke = (struct pfr_kentry *)rn_match(&sa, head); 905 if (ke && KENTRY_RNF_ROOT(ke)) 906 ke = NULL; 907 if (exact && ke && KENTRY_NETWORK(ke)) --- 101 unchanged lines hidden (view full) --- 1009 } 1010} 1011 1012void 1013pfr_reset_feedback(struct pfr_addr *addr, int size) 1014{ 1015 struct pfr_addr ad; 1016 int i; |
| 1017#if defined(__FreeBSD__) 1018 int ec; 1019#endif |
|
| 848 849 for (i = 0; i < size; i++) { | 1020 1021 for (i = 0; i < size; i++) { |
| 1022#if defined(__FreeBSD__) 1023 PF_COPYIN(addr+i, &ad, sizeof(ad), ec); 1024 if (ec) 1025 break; 1026#else |
|
| 850 if (copyin(addr+i, &ad, sizeof(ad))) 851 break; | 1027 if (copyin(addr+i, &ad, sizeof(ad))) 1028 break; |
| 1029#endif |
|
| 852 ad.pfra_fback = PFR_FB_NONE; | 1030 ad.pfra_fback = PFR_FB_NONE; |
| 1031#if defined(__FreeBSD__) 1032 PF_COPYOUT(&ad, addr+i, sizeof(ad), ec); 1033 if (ec) 1034 break; 1035#else |
|
| 853 if (copyout(&ad, addr+i, sizeof(ad))) 854 break; | 1036 if (copyout(&ad, addr+i, sizeof(ad))) 1037 break; |
| 1038#endif |
|
| 855 } 856} 857 858void 859pfr_prepare_network(union sockaddr_union *sa, int af, int net) 860{ 861 int i; 862 --- 27 unchanged lines hidden (view full) --- 890 891 bzero(ke->pfrke_node, sizeof(ke->pfrke_node)); 892 if (ke->pfrke_af == AF_INET) 893 head = kt->pfrkt_ip4; 894 else 895 head = kt->pfrkt_ip6; 896 897 s = splsoftnet(); | 1039 } 1040} 1041 1042void 1043pfr_prepare_network(union sockaddr_union *sa, int af, int net) 1044{ 1045 int i; 1046 --- 27 unchanged lines hidden (view full) --- 1074 1075 bzero(ke->pfrke_node, sizeof(ke->pfrke_node)); 1076 if (ke->pfrke_af == AF_INET) 1077 head = kt->pfrkt_ip4; 1078 else 1079 head = kt->pfrkt_ip6; 1080 1081 s = splsoftnet(); |
| 1082#if defined(__FreeBSD__) && (__FreeBSD_version >= 500100) 1083 RADIX_NODE_HEAD_LOCK(head); 1084#endif |
|
| 898 if (KENTRY_NETWORK(ke)) { 899 pfr_prepare_network(&mask, ke->pfrke_af, ke->pfrke_net); 900 rn = rn_addroute(&ke->pfrke_sa, &mask, head, ke->pfrke_node); 901 } else 902 rn = rn_addroute(&ke->pfrke_sa, NULL, head, ke->pfrke_node); | 1085 if (KENTRY_NETWORK(ke)) { 1086 pfr_prepare_network(&mask, ke->pfrke_af, ke->pfrke_net); 1087 rn = rn_addroute(&ke->pfrke_sa, &mask, head, ke->pfrke_node); 1088 } else 1089 rn = rn_addroute(&ke->pfrke_sa, NULL, head, ke->pfrke_node); |
| 1090#if defined(__FreeBSD__) && (__FreeBSD_version >= 500100) 1091 RADIX_NODE_HEAD_UNLOCK(head); 1092#endif |
|
| 903 splx(s); 904 905 return (rn == NULL ? -1 : 0); 906} 907 908int 909pfr_unroute_kentry(struct pfr_ktable *kt, struct pfr_kentry *ke) 910{ 911 union sockaddr_union mask; 912 struct radix_node *rn; 913 struct radix_node_head *head; 914 int s; 915 916 if (ke->pfrke_af == AF_INET) 917 head = kt->pfrkt_ip4; 918 else 919 head = kt->pfrkt_ip6; 920 921 s = splsoftnet(); | 1093 splx(s); 1094 1095 return (rn == NULL ? -1 : 0); 1096} 1097 1098int 1099pfr_unroute_kentry(struct pfr_ktable *kt, struct pfr_kentry *ke) 1100{ 1101 union sockaddr_union mask; 1102 struct radix_node *rn; 1103 struct radix_node_head *head; 1104 int s; 1105 1106 if (ke->pfrke_af == AF_INET) 1107 head = kt->pfrkt_ip4; 1108 else 1109 head = kt->pfrkt_ip6; 1110 1111 s = splsoftnet(); |
| 1112#if defined(__FreeBSD__) && (__FreeBSD_version >= 500100) 1113 RADIX_NODE_HEAD_LOCK(head); 1114#endif |
|
| 922 if (KENTRY_NETWORK(ke)) { 923 pfr_prepare_network(&mask, ke->pfrke_af, ke->pfrke_net); 924 rn = rn_delete(&ke->pfrke_sa, &mask, head); 925 } else 926 rn = rn_delete(&ke->pfrke_sa, NULL, head); | 1115 if (KENTRY_NETWORK(ke)) { 1116 pfr_prepare_network(&mask, ke->pfrke_af, ke->pfrke_net); 1117 rn = rn_delete(&ke->pfrke_sa, &mask, head); 1118 } else 1119 rn = rn_delete(&ke->pfrke_sa, NULL, head); |
| 1120#if defined(__FreeBSD__) && (__FreeBSD_version >= 500100) 1121 RADIX_NODE_HEAD_UNLOCK(head); 1122#endif |
|
| 927 splx(s); 928 929 if (rn == NULL) { 930 printf("pfr_unroute_kentry: delete failed.\n"); 931 return (-1); 932 } 933 return (0); 934} --- 14 unchanged lines hidden (view full) --- 949} 950 951int 952pfr_walktree(struct radix_node *rn, void *arg) 953{ 954 struct pfr_kentry *ke = (struct pfr_kentry *)rn; 955 struct pfr_walktree *w = arg; 956 int s; | 1123 splx(s); 1124 1125 if (rn == NULL) { 1126 printf("pfr_unroute_kentry: delete failed.\n"); 1127 return (-1); 1128 } 1129 return (0); 1130} --- 14 unchanged lines hidden (view full) --- 1145} 1146 1147int 1148pfr_walktree(struct radix_node *rn, void *arg) 1149{ 1150 struct pfr_kentry *ke = (struct pfr_kentry *)rn; 1151 struct pfr_walktree *w = arg; 1152 int s; |
| 1153#if defined(__FreeBSD__) 1154 int ec; 1155#endif |
|
| 957 958 switch (w->pfrw_op) { 959 case PFRW_MARK: 960 ke->pfrke_mark = 0; 961 break; 962 case PFRW_SWEEP: 963 if (ke->pfrke_mark) 964 break; 965 /* fall trough */ 966 case PFRW_ENQUEUE: 967 SLIST_INSERT_HEAD(w->pfrw_workq, ke, pfrke_workq); 968 w->pfrw_cnt++; 969 break; 970 case PFRW_GET_ADDRS: 971 if (w->pfrw_free-- > 0) { 972 struct pfr_addr ad; 973 974 pfr_copyout_addr(&ad, ke); | 1156 1157 switch (w->pfrw_op) { 1158 case PFRW_MARK: 1159 ke->pfrke_mark = 0; 1160 break; 1161 case PFRW_SWEEP: 1162 if (ke->pfrke_mark) 1163 break; 1164 /* fall trough */ 1165 case PFRW_ENQUEUE: 1166 SLIST_INSERT_HEAD(w->pfrw_workq, ke, pfrke_workq); 1167 w->pfrw_cnt++; 1168 break; 1169 case PFRW_GET_ADDRS: 1170 if (w->pfrw_free-- > 0) { 1171 struct pfr_addr ad; 1172 1173 pfr_copyout_addr(&ad, ke); |
| 1174#if defined(__FreeBSD__) 1175 PF_COPYOUT(&ad, w->pfrw_addr, sizeof(ad), ec); 1176 if (ec) 1177 return (EFAULT); 1178#else |
|
| 975 if (copyout(&ad, w->pfrw_addr, sizeof(ad))) 976 return (EFAULT); | 1179 if (copyout(&ad, w->pfrw_addr, sizeof(ad))) 1180 return (EFAULT); |
| 1181#endif |
|
| 977 w->pfrw_addr++; 978 } 979 break; 980 case PFRW_GET_ASTATS: 981 if (w->pfrw_free-- > 0) { 982 struct pfr_astats as; 983 984 pfr_copyout_addr(&as.pfras_a, ke); 985 986 s = splsoftnet(); 987 bcopy(ke->pfrke_packets, as.pfras_packets, 988 sizeof(as.pfras_packets)); 989 bcopy(ke->pfrke_bytes, as.pfras_bytes, 990 sizeof(as.pfras_bytes)); 991 splx(s); 992 as.pfras_tzero = ke->pfrke_tzero; 993 | 1182 w->pfrw_addr++; 1183 } 1184 break; 1185 case PFRW_GET_ASTATS: 1186 if (w->pfrw_free-- > 0) { 1187 struct pfr_astats as; 1188 1189 pfr_copyout_addr(&as.pfras_a, ke); 1190 1191 s = splsoftnet(); 1192 bcopy(ke->pfrke_packets, as.pfras_packets, 1193 sizeof(as.pfras_packets)); 1194 bcopy(ke->pfrke_bytes, as.pfras_bytes, 1195 sizeof(as.pfras_bytes)); 1196 splx(s); 1197 as.pfras_tzero = ke->pfrke_tzero; 1198 |
| 1199#if defined(__FreeBSD__) 1200 PF_COPYOUT(&as, w->pfrw_astats, sizeof(as), ec); 1201 if (ec) 1202 return (EFAULT); 1203#else |
|
| 994 if (copyout(&as, w->pfrw_astats, sizeof(as))) 995 return (EFAULT); | 1204 if (copyout(&as, w->pfrw_astats, sizeof(as))) 1205 return (EFAULT); |
| 1206#endif |
|
| 996 w->pfrw_astats++; 997 } 998 break; 999 case PFRW_POOL_GET: 1000 if (ke->pfrke_not) 1001 break; /* negative entries are ignored */ 1002 if (!w->pfrw_cnt--) { 1003 w->pfrw_kentry = ke; --- 38 unchanged lines hidden (view full) --- 1042} 1043 1044int 1045pfr_add_tables(struct pfr_table *tbl, int size, int *nadd, int flags) 1046{ 1047 struct pfr_ktableworkq addq, changeq; 1048 struct pfr_ktable *p, *q, *r, key; 1049 int i, rv, s, xadd = 0; | 1207 w->pfrw_astats++; 1208 } 1209 break; 1210 case PFRW_POOL_GET: 1211 if (ke->pfrke_not) 1212 break; /* negative entries are ignored */ 1213 if (!w->pfrw_cnt--) { 1214 w->pfrw_kentry = ke; --- 38 unchanged lines hidden (view full) --- 1253} 1254 1255int 1256pfr_add_tables(struct pfr_table *tbl, int size, int *nadd, int flags) 1257{ 1258 struct pfr_ktableworkq addq, changeq; 1259 struct pfr_ktable *p, *q, *r, key; 1260 int i, rv, s, xadd = 0; |
| 1261#if defined(__FreeBSD__) 1262 int ec; 1263 /* 1264 * XXX Is it OK under LP64 environments? 1265 */ 1266 long tzero = (long)time_second; 1267#else |
|
| 1050 long tzero = time.tv_sec; | 1268 long tzero = time.tv_sec; |
| 1269#endif |
|
| 1051 1052 ACCEPT_FLAGS(PFR_FLAG_ATOMIC+PFR_FLAG_DUMMY); 1053 SLIST_INIT(&addq); 1054 SLIST_INIT(&changeq); 1055 for (i = 0; i < size; i++) { | 1270 1271 ACCEPT_FLAGS(PFR_FLAG_ATOMIC+PFR_FLAG_DUMMY); 1272 SLIST_INIT(&addq); 1273 SLIST_INIT(&changeq); 1274 for (i = 0; i < size; i++) { |
| 1275#if defined(__FreeBSD__) 1276 PF_COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t), ec); 1277 if (ec) 1278 senderr(EFAULT); 1279#else |
|
| 1056 if (copyin(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t))) 1057 senderr(EFAULT); | 1280 if (copyin(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t))) 1281 senderr(EFAULT); |
| 1282#endif |
|
| 1058 if (pfr_validate_table(&key.pfrkt_t, PFR_TFLAG_USRMASK)) 1059 senderr(EINVAL); 1060 key.pfrkt_flags |= PFR_TFLAG_ACTIVE; 1061 p = RB_FIND(pfr_ktablehead, &pfr_ktables, &key); 1062 if (p == NULL) { 1063 p = pfr_create_ktable(&key.pfrkt_t, tzero, 1); 1064 if (p == NULL) 1065 senderr(ENOMEM); --- 56 unchanged lines hidden (view full) --- 1122} 1123 1124int 1125pfr_del_tables(struct pfr_table *tbl, int size, int *ndel, int flags) 1126{ 1127 struct pfr_ktableworkq workq; 1128 struct pfr_ktable *p, *q, key; 1129 int i, s, xdel = 0; | 1283 if (pfr_validate_table(&key.pfrkt_t, PFR_TFLAG_USRMASK)) 1284 senderr(EINVAL); 1285 key.pfrkt_flags |= PFR_TFLAG_ACTIVE; 1286 p = RB_FIND(pfr_ktablehead, &pfr_ktables, &key); 1287 if (p == NULL) { 1288 p = pfr_create_ktable(&key.pfrkt_t, tzero, 1); 1289 if (p == NULL) 1290 senderr(ENOMEM); --- 56 unchanged lines hidden (view full) --- 1347} 1348 1349int 1350pfr_del_tables(struct pfr_table *tbl, int size, int *ndel, int flags) 1351{ 1352 struct pfr_ktableworkq workq; 1353 struct pfr_ktable *p, *q, key; 1354 int i, s, xdel = 0; |
| 1355#if defined(__FreeBSD__) 1356 int ec; 1357#endif |
|
| 1130 1131 ACCEPT_FLAGS(PFR_FLAG_ATOMIC+PFR_FLAG_DUMMY); 1132 SLIST_INIT(&workq); 1133 for (i = 0; i < size; i++) { | 1358 1359 ACCEPT_FLAGS(PFR_FLAG_ATOMIC+PFR_FLAG_DUMMY); 1360 SLIST_INIT(&workq); 1361 for (i = 0; i < size; i++) { |
| 1362#if defined(__FreeBSD__) 1363 PF_COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t), ec); 1364 if (ec) 1365 return (EFAULT); 1366#else |
|
| 1134 if (copyin(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t))) 1135 return (EFAULT); | 1367 if (copyin(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t))) 1368 return (EFAULT); |
| 1369#endif |
|
| 1136 if (pfr_validate_table(&key.pfrkt_t, 0)) 1137 return (EINVAL); 1138 p = RB_FIND(pfr_ktablehead, &pfr_ktables, &key); 1139 if (p != NULL && (p->pfrkt_flags & PFR_TFLAG_ACTIVE)) { 1140 SLIST_FOREACH(q, &workq, pfrkt_workq) 1141 if (!pfr_ktable_compare(p, q)) 1142 goto _skip; 1143 p->pfrkt_nflags = p->pfrkt_flags & ~PFR_TFLAG_ACTIVE; --- 17 unchanged lines hidden (view full) --- 1161} 1162 1163int 1164pfr_get_tables(struct pfr_table *filter, struct pfr_table *tbl, int *size, 1165 int flags) 1166{ 1167 struct pfr_ktable *p; 1168 int n, nn; | 1370 if (pfr_validate_table(&key.pfrkt_t, 0)) 1371 return (EINVAL); 1372 p = RB_FIND(pfr_ktablehead, &pfr_ktables, &key); 1373 if (p != NULL && (p->pfrkt_flags & PFR_TFLAG_ACTIVE)) { 1374 SLIST_FOREACH(q, &workq, pfrkt_workq) 1375 if (!pfr_ktable_compare(p, q)) 1376 goto _skip; 1377 p->pfrkt_nflags = p->pfrkt_flags & ~PFR_TFLAG_ACTIVE; --- 17 unchanged lines hidden (view full) --- 1395} 1396 1397int 1398pfr_get_tables(struct pfr_table *filter, struct pfr_table *tbl, int *size, 1399 int flags) 1400{ 1401 struct pfr_ktable *p; 1402 int n, nn; |
| 1403#if defined(__FreeBSD__) 1404 int ec; 1405#endif |
|
| 1169 1170 ACCEPT_FLAGS(PFR_FLAG_ALLRSETS); 1171 n = nn = pfr_table_count(filter, flags); 1172 if (n < 0) 1173 return (ENOENT); 1174 if (n > *size) { 1175 *size = n; 1176 return (0); 1177 } 1178 RB_FOREACH(p, pfr_ktablehead, &pfr_ktables) { 1179 if (pfr_skip_table(filter, p, flags)) 1180 continue; 1181 if (n-- <= 0) 1182 continue; | 1406 1407 ACCEPT_FLAGS(PFR_FLAG_ALLRSETS); 1408 n = nn = pfr_table_count(filter, flags); 1409 if (n < 0) 1410 return (ENOENT); 1411 if (n > *size) { 1412 *size = n; 1413 return (0); 1414 } 1415 RB_FOREACH(p, pfr_ktablehead, &pfr_ktables) { 1416 if (pfr_skip_table(filter, p, flags)) 1417 continue; 1418 if (n-- <= 0) 1419 continue; |
| 1420#if defined(__FreeBSD__) 1421 PF_COPYOUT(&p->pfrkt_t, tbl++, sizeof(*tbl), ec); 1422 if (ec) 1423 return (EFAULT); 1424#else |
|
| 1183 if (copyout(&p->pfrkt_t, tbl++, sizeof(*tbl))) 1184 return (EFAULT); | 1425 if (copyout(&p->pfrkt_t, tbl++, sizeof(*tbl))) 1426 return (EFAULT); |
| 1427#endif |
|
| 1185 } 1186 if (n) { 1187 printf("pfr_get_tables: corruption detected (%d).\n", n); 1188 return (ENOTTY); 1189 } 1190 *size = nn; 1191 return (0); 1192} 1193 1194int 1195pfr_get_tstats(struct pfr_table *filter, struct pfr_tstats *tbl, int *size, 1196 int flags) 1197{ 1198 struct pfr_ktable *p; 1199 struct pfr_ktableworkq workq; 1200 int s, n, nn; | 1428 } 1429 if (n) { 1430 printf("pfr_get_tables: corruption detected (%d).\n", n); 1431 return (ENOTTY); 1432 } 1433 *size = nn; 1434 return (0); 1435} 1436 1437int 1438pfr_get_tstats(struct pfr_table *filter, struct pfr_tstats *tbl, int *size, 1439 int flags) 1440{ 1441 struct pfr_ktable *p; 1442 struct pfr_ktableworkq workq; 1443 int s, n, nn; |
| 1444#if defined(__FreeBSD__) 1445 int ec; 1446 /* 1447 * XXX Is it OK under LP64 environments? 1448 */ 1449 long tzero = (long)time_second; 1450#else |
|
| 1201 long tzero = time.tv_sec; | 1451 long tzero = time.tv_sec; |
| 1452#endif |
|
| 1202 1203 ACCEPT_FLAGS(PFR_FLAG_ATOMIC|PFR_FLAG_ALLRSETS); 1204 /* XXX PFR_FLAG_CLSTATS disabled */ 1205 n = nn = pfr_table_count(filter, flags); 1206 if (n < 0) 1207 return (ENOENT); 1208 if (n > *size) { 1209 *size = n; --- 4 unchanged lines hidden (view full) --- 1214 s = splsoftnet(); 1215 RB_FOREACH(p, pfr_ktablehead, &pfr_ktables) { 1216 if (pfr_skip_table(filter, p, flags)) 1217 continue; 1218 if (n-- <= 0) 1219 continue; 1220 if (!(flags & PFR_FLAG_ATOMIC)) 1221 s = splsoftnet(); | 1453 1454 ACCEPT_FLAGS(PFR_FLAG_ATOMIC|PFR_FLAG_ALLRSETS); 1455 /* XXX PFR_FLAG_CLSTATS disabled */ 1456 n = nn = pfr_table_count(filter, flags); 1457 if (n < 0) 1458 return (ENOENT); 1459 if (n > *size) { 1460 *size = n; --- 4 unchanged lines hidden (view full) --- 1465 s = splsoftnet(); 1466 RB_FOREACH(p, pfr_ktablehead, &pfr_ktables) { 1467 if (pfr_skip_table(filter, p, flags)) 1468 continue; 1469 if (n-- <= 0) 1470 continue; 1471 if (!(flags & PFR_FLAG_ATOMIC)) 1472 s = splsoftnet(); |
| 1473#if defined(__FreeBSD__) 1474 PF_COPYOUT(&p->pfrkt_ts, tbl++, sizeof(*tbl), ec); 1475 if (ec) { 1476 splx(s); 1477 return (EFAULT); 1478 } 1479#else |
|
| 1222 if (copyout(&p->pfrkt_ts, tbl++, sizeof(*tbl))) { 1223 splx(s); 1224 return (EFAULT); 1225 } | 1480 if (copyout(&p->pfrkt_ts, tbl++, sizeof(*tbl))) { 1481 splx(s); 1482 return (EFAULT); 1483 } |
| 1484#endif |
|
| 1226 if (!(flags & PFR_FLAG_ATOMIC)) 1227 splx(s); 1228 SLIST_INSERT_HEAD(&workq, p, pfrkt_workq); 1229 } 1230 if (flags & PFR_FLAG_CLSTATS) 1231 pfr_clstats_ktables(&workq, tzero, 1232 flags & PFR_FLAG_ADDRSTOO); 1233 if (flags & PFR_FLAG_ATOMIC) --- 7 unchanged lines hidden (view full) --- 1241} 1242 1243int 1244pfr_clr_tstats(struct pfr_table *tbl, int size, int *nzero, int flags) 1245{ 1246 struct pfr_ktableworkq workq; 1247 struct pfr_ktable *p, key; 1248 int i, s, xzero = 0; | 1485 if (!(flags & PFR_FLAG_ATOMIC)) 1486 splx(s); 1487 SLIST_INSERT_HEAD(&workq, p, pfrkt_workq); 1488 } 1489 if (flags & PFR_FLAG_CLSTATS) 1490 pfr_clstats_ktables(&workq, tzero, 1491 flags & PFR_FLAG_ADDRSTOO); 1492 if (flags & PFR_FLAG_ATOMIC) --- 7 unchanged lines hidden (view full) --- 1500} 1501 1502int 1503pfr_clr_tstats(struct pfr_table *tbl, int size, int *nzero, int flags) 1504{ 1505 struct pfr_ktableworkq workq; 1506 struct pfr_ktable *p, key; 1507 int i, s, xzero = 0; |
| 1508#if defined(__FreeBSD__) 1509 int ec; 1510 /* 1511 * XXX Is it OK under LP64 environments? 1512 */ 1513 long tzero = (long)time_second; 1514#else |
|
| 1249 long tzero = time.tv_sec; | 1515 long tzero = time.tv_sec; |
| 1516#endif |
|
| 1250 1251 ACCEPT_FLAGS(PFR_FLAG_ATOMIC+PFR_FLAG_DUMMY+PFR_FLAG_ADDRSTOO); 1252 SLIST_INIT(&workq); 1253 for (i = 0; i < size; i++) { | 1517 1518 ACCEPT_FLAGS(PFR_FLAG_ATOMIC+PFR_FLAG_DUMMY+PFR_FLAG_ADDRSTOO); 1519 SLIST_INIT(&workq); 1520 for (i = 0; i < size; i++) { |
| 1521#if defined(__FreeBSD__) 1522 PF_COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t), ec); 1523 if (ec) 1524 return (EFAULT); 1525#else |
|
| 1254 if (copyin(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t))) 1255 return (EFAULT); | 1526 if (copyin(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t))) 1527 return (EFAULT); |
| 1528#endif |
|
| 1256 if (pfr_validate_table(&key.pfrkt_t, 0)) 1257 return (EINVAL); 1258 p = RB_FIND(pfr_ktablehead, &pfr_ktables, &key); 1259 if (p != NULL) { 1260 SLIST_INSERT_HEAD(&workq, p, pfrkt_workq); 1261 xzero++; 1262 } 1263 } --- 11 unchanged lines hidden (view full) --- 1275 1276int 1277pfr_set_tflags(struct pfr_table *tbl, int size, int setflag, int clrflag, 1278 int *nchange, int *ndel, int flags) 1279{ 1280 struct pfr_ktableworkq workq; 1281 struct pfr_ktable *p, *q, key; 1282 int i, s, xchange = 0, xdel = 0; | 1529 if (pfr_validate_table(&key.pfrkt_t, 0)) 1530 return (EINVAL); 1531 p = RB_FIND(pfr_ktablehead, &pfr_ktables, &key); 1532 if (p != NULL) { 1533 SLIST_INSERT_HEAD(&workq, p, pfrkt_workq); 1534 xzero++; 1535 } 1536 } --- 11 unchanged lines hidden (view full) --- 1548 1549int 1550pfr_set_tflags(struct pfr_table *tbl, int size, int setflag, int clrflag, 1551 int *nchange, int *ndel, int flags) 1552{ 1553 struct pfr_ktableworkq workq; 1554 struct pfr_ktable *p, *q, key; 1555 int i, s, xchange = 0, xdel = 0; |
| 1556#if defined(__FreeBSD__) 1557 int ec; 1558#endif |
|
| 1283 1284 ACCEPT_FLAGS(PFR_FLAG_ATOMIC+PFR_FLAG_DUMMY); 1285 if ((setflag & ~PFR_TFLAG_USRMASK) || 1286 (clrflag & ~PFR_TFLAG_USRMASK) || 1287 (setflag & clrflag)) 1288 return (EINVAL); 1289 SLIST_INIT(&workq); 1290 for (i = 0; i < size; i++) { | 1559 1560 ACCEPT_FLAGS(PFR_FLAG_ATOMIC+PFR_FLAG_DUMMY); 1561 if ((setflag & ~PFR_TFLAG_USRMASK) || 1562 (clrflag & ~PFR_TFLAG_USRMASK) || 1563 (setflag & clrflag)) 1564 return (EINVAL); 1565 SLIST_INIT(&workq); 1566 for (i = 0; i < size; i++) { |
| 1567#if defined(__FreeBSD__) 1568 PF_COPYIN(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t), ec); 1569 if (ec) 1570 return (EFAULT); 1571#else |
|
| 1291 if (copyin(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t))) 1292 return (EFAULT); | 1572 if (copyin(tbl+i, &key.pfrkt_t, sizeof(key.pfrkt_t))) 1573 return (EFAULT); |
| 1574#endif |
|
| 1293 if (pfr_validate_table(&key.pfrkt_t, 0)) 1294 return (EINVAL); 1295 p = RB_FIND(pfr_ktablehead, &pfr_ktables, &key); 1296 if (p != NULL && (p->pfrkt_flags & PFR_TFLAG_ACTIVE)) { 1297 p->pfrkt_nflags = (p->pfrkt_flags | setflag) & 1298 ~clrflag; 1299 if (p->pfrkt_nflags == p->pfrkt_flags) 1300 goto _skip; --- 64 unchanged lines hidden (view full) --- 1365{ 1366 struct pfr_ktableworkq tableq; 1367 struct pfr_kentryworkq addrq; 1368 struct pfr_ktable *kt, *rt, *shadow, key; 1369 struct pfr_kentry *p; 1370 struct pfr_addr ad; 1371 struct pf_ruleset *rs; 1372 int i, rv, xadd = 0, xaddr = 0; | 1575 if (pfr_validate_table(&key.pfrkt_t, 0)) 1576 return (EINVAL); 1577 p = RB_FIND(pfr_ktablehead, &pfr_ktables, &key); 1578 if (p != NULL && (p->pfrkt_flags & PFR_TFLAG_ACTIVE)) { 1579 p->pfrkt_nflags = (p->pfrkt_flags | setflag) & 1580 ~clrflag; 1581 if (p->pfrkt_nflags == p->pfrkt_flags) 1582 goto _skip; --- 64 unchanged lines hidden (view full) --- 1647{ 1648 struct pfr_ktableworkq tableq; 1649 struct pfr_kentryworkq addrq; 1650 struct pfr_ktable *kt, *rt, *shadow, key; 1651 struct pfr_kentry *p; 1652 struct pfr_addr ad; 1653 struct pf_ruleset *rs; 1654 int i, rv, xadd = 0, xaddr = 0; |
| 1655#if defined(__FreeBSD__) 1656 int ec; 1657#endif |
|
| 1373 1374 ACCEPT_FLAGS(PFR_FLAG_DUMMY|PFR_FLAG_ADDRSTOO); 1375 if (size && !(flags & PFR_FLAG_ADDRSTOO)) 1376 return (EINVAL); 1377 if (pfr_validate_table(tbl, PFR_TFLAG_USRMASK)) 1378 return (EINVAL); 1379 rs = pf_find_ruleset(tbl->pfrt_anchor, tbl->pfrt_ruleset); 1380 if (rs == NULL || !rs->topen || ticket != rs->tticket) --- 30 unchanged lines hidden (view full) --- 1411_skip: 1412 shadow = pfr_create_ktable(tbl, 0, 0); 1413 if (shadow == NULL) { 1414 pfr_destroy_ktables(&tableq, 0); 1415 return (ENOMEM); 1416 } 1417 SLIST_INIT(&addrq); 1418 for (i = 0; i < size; i++) { | 1658 1659 ACCEPT_FLAGS(PFR_FLAG_DUMMY|PFR_FLAG_ADDRSTOO); 1660 if (size && !(flags & PFR_FLAG_ADDRSTOO)) 1661 return (EINVAL); 1662 if (pfr_validate_table(tbl, PFR_TFLAG_USRMASK)) 1663 return (EINVAL); 1664 rs = pf_find_ruleset(tbl->pfrt_anchor, tbl->pfrt_ruleset); 1665 if (rs == NULL || !rs->topen || ticket != rs->tticket) --- 30 unchanged lines hidden (view full) --- 1696_skip: 1697 shadow = pfr_create_ktable(tbl, 0, 0); 1698 if (shadow == NULL) { 1699 pfr_destroy_ktables(&tableq, 0); 1700 return (ENOMEM); 1701 } 1702 SLIST_INIT(&addrq); 1703 for (i = 0; i < size; i++) { |
| 1704#if defined(__FreeBSD__) 1705 PF_COPYIN(addr+i, &ad, sizeof(ad), ec); 1706 if (ec) 1707 senderr(EFAULT); 1708#else |
|
| 1419 if (copyin(addr+i, &ad, sizeof(ad))) 1420 senderr(EFAULT); | 1709 if (copyin(addr+i, &ad, sizeof(ad))) 1710 senderr(EFAULT); |
| 1711#endif |
|
| 1421 if (pfr_validate_addr(&ad)) 1422 senderr(EINVAL); 1423 if (pfr_lookup_addr(shadow, &ad, 1) != NULL) 1424 continue; 1425 p = pfr_create_kentry(&ad); 1426 if (p == NULL) 1427 senderr(ENOMEM); 1428 if (pfr_route_kentry(shadow, p)) { --- 32 unchanged lines hidden (view full) --- 1461int 1462pfr_ina_commit(struct pfr_table *trs, u_int32_t ticket, int *nadd, 1463 int *nchange, int flags) 1464{ 1465 struct pfr_ktable *p; 1466 struct pfr_ktableworkq workq; 1467 struct pf_ruleset *rs; 1468 int s, xadd = 0, xchange = 0; | 1712 if (pfr_validate_addr(&ad)) 1713 senderr(EINVAL); 1714 if (pfr_lookup_addr(shadow, &ad, 1) != NULL) 1715 continue; 1716 p = pfr_create_kentry(&ad); 1717 if (p == NULL) 1718 senderr(ENOMEM); 1719 if (pfr_route_kentry(shadow, p)) { --- 32 unchanged lines hidden (view full) --- 1752int 1753pfr_ina_commit(struct pfr_table *trs, u_int32_t ticket, int *nadd, 1754 int *nchange, int flags) 1755{ 1756 struct pfr_ktable *p; 1757 struct pfr_ktableworkq workq; 1758 struct pf_ruleset *rs; 1759 int s, xadd = 0, xchange = 0; |
| 1760#if defined(__FreeBSD__) 1761 /* 1762 * XXX Is it OK under LP64 environments? 1763 */ 1764 long tzero = (long)time_second; 1765#else |
|
| 1469 long tzero = time.tv_sec; | 1766 long tzero = time.tv_sec; |
| 1767#endif |
|
| 1470 1471 ACCEPT_FLAGS(PFR_FLAG_ATOMIC+PFR_FLAG_DUMMY); 1472 rs = pf_find_ruleset(trs->pfrt_anchor, trs->pfrt_ruleset); 1473 if (rs == NULL || !rs->topen || ticket != rs->tticket) 1474 return (EBUSY); 1475 1476 SLIST_INIT(&workq); 1477 RB_FOREACH(p, pfr_ktablehead, &pfr_ktables) { --- 278 unchanged lines hidden (view full) --- 1756{ 1757 struct pfr_kentryworkq addrq; 1758 1759 if (flushaddr) { 1760 pfr_enqueue_addrs(kt, &addrq, NULL, 0); 1761 pfr_clean_node_mask(kt, &addrq); 1762 pfr_destroy_kentries(&addrq); 1763 } | 1768 1769 ACCEPT_FLAGS(PFR_FLAG_ATOMIC+PFR_FLAG_DUMMY); 1770 rs = pf_find_ruleset(trs->pfrt_anchor, trs->pfrt_ruleset); 1771 if (rs == NULL || !rs->topen || ticket != rs->tticket) 1772 return (EBUSY); 1773 1774 SLIST_INIT(&workq); 1775 RB_FOREACH(p, pfr_ktablehead, &pfr_ktables) { --- 278 unchanged lines hidden (view full) --- 2054{ 2055 struct pfr_kentryworkq addrq; 2056 2057 if (flushaddr) { 2058 pfr_enqueue_addrs(kt, &addrq, NULL, 0); 2059 pfr_clean_node_mask(kt, &addrq); 2060 pfr_destroy_kentries(&addrq); 2061 } |
| 2062#if defined(__FreeBSD__) && (__FreeBSD_version >= 500100) 2063 if (kt->pfrkt_ip4 != NULL) { 2064 RADIX_NODE_HEAD_DESTROY(kt->pfrkt_ip4); 2065 free((caddr_t)kt->pfrkt_ip4, M_RTABLE); 2066 } 2067 if (kt->pfrkt_ip6 != NULL) { 2068 RADIX_NODE_HEAD_DESTROY(kt->pfrkt_ip6); 2069 free((caddr_t)kt->pfrkt_ip6, M_RTABLE); 2070 } 2071#else |
|
| 1764 if (kt->pfrkt_ip4 != NULL) 1765 free((caddr_t)kt->pfrkt_ip4, M_RTABLE); 1766 if (kt->pfrkt_ip6 != NULL) 1767 free((caddr_t)kt->pfrkt_ip6, M_RTABLE); | 2072 if (kt->pfrkt_ip4 != NULL) 2073 free((caddr_t)kt->pfrkt_ip4, M_RTABLE); 2074 if (kt->pfrkt_ip6 != NULL) 2075 free((caddr_t)kt->pfrkt_ip6, M_RTABLE); |
| 2076#endif |
|
| 1768 if (kt->pfrkt_shadow != NULL) 1769 pfr_destroy_ktable(kt->pfrkt_shadow, flushaddr); 1770 if (kt->pfrkt_rs != NULL) { 1771 kt->pfrkt_rs->tables--; 1772 if (kt->pfrkt_rs->anchor != NULL) 1773 kt->pfrkt_rs->anchor->tables--; 1774 pf_remove_if_empty_ruleset(kt->pfrkt_rs); 1775 } --- 102 unchanged lines hidden (view full) --- 1878 bzero(&tbl, sizeof(tbl)); 1879 strlcpy(tbl.pfrt_name, name, sizeof(tbl.pfrt_name)); 1880 if (ac != NULL) { 1881 strlcpy(tbl.pfrt_anchor, ac->name, sizeof(tbl.pfrt_anchor)); 1882 strlcpy(tbl.pfrt_ruleset, rs->name, sizeof(tbl.pfrt_ruleset)); 1883 } 1884 kt = pfr_lookup_table(&tbl); 1885 if (kt == NULL) { | 2077 if (kt->pfrkt_shadow != NULL) 2078 pfr_destroy_ktable(kt->pfrkt_shadow, flushaddr); 2079 if (kt->pfrkt_rs != NULL) { 2080 kt->pfrkt_rs->tables--; 2081 if (kt->pfrkt_rs->anchor != NULL) 2082 kt->pfrkt_rs->anchor->tables--; 2083 pf_remove_if_empty_ruleset(kt->pfrkt_rs); 2084 } --- 102 unchanged lines hidden (view full) --- 2187 bzero(&tbl, sizeof(tbl)); 2188 strlcpy(tbl.pfrt_name, name, sizeof(tbl.pfrt_name)); 2189 if (ac != NULL) { 2190 strlcpy(tbl.pfrt_anchor, ac->name, sizeof(tbl.pfrt_anchor)); 2191 strlcpy(tbl.pfrt_ruleset, rs->name, sizeof(tbl.pfrt_ruleset)); 2192 } 2193 kt = pfr_lookup_table(&tbl); 2194 if (kt == NULL) { |
| 2195#if defined(__FreeBSD__) 2196 /* 2197 * XXX Is it OK under LP64 environments? 2198 */ 2199 kt = pfr_create_ktable(&tbl, (long)time_second, 1); 2200#else |
|
| 1886 kt = pfr_create_ktable(&tbl, time.tv_sec, 1); | 2201 kt = pfr_create_ktable(&tbl, time.tv_sec, 1); |
| 2202#endif |
|
| 1887 if (kt == NULL) 1888 return (NULL); 1889 if (ac != NULL) { 1890 bzero(tbl.pfrt_anchor, sizeof(tbl.pfrt_anchor)); 1891 bzero(tbl.pfrt_ruleset, sizeof(tbl.pfrt_ruleset)); 1892 rt = pfr_lookup_table(&tbl); 1893 if (rt == NULL) { 1894 rt = pfr_create_ktable(&tbl, 0, 1); --- 17 unchanged lines hidden (view full) --- 1912{ 1913 if (kt->pfrkt_refcnt[PFR_REFCNT_RULE] <= 0) 1914 printf("pfr_detach_table: refcount = %d.\n", 1915 kt->pfrkt_refcnt[PFR_REFCNT_RULE]); 1916 else if (!--kt->pfrkt_refcnt[PFR_REFCNT_RULE]) 1917 pfr_setflags_ktable(kt, kt->pfrkt_flags&~PFR_TFLAG_REFERENCED); 1918} 1919 | 2203 if (kt == NULL) 2204 return (NULL); 2205 if (ac != NULL) { 2206 bzero(tbl.pfrt_anchor, sizeof(tbl.pfrt_anchor)); 2207 bzero(tbl.pfrt_ruleset, sizeof(tbl.pfrt_ruleset)); 2208 rt = pfr_lookup_table(&tbl); 2209 if (rt == NULL) { 2210 rt = pfr_create_ktable(&tbl, 0, 1); --- 17 unchanged lines hidden (view full) --- 2228{ 2229 if (kt->pfrkt_refcnt[PFR_REFCNT_RULE] <= 0) 2230 printf("pfr_detach_table: refcount = %d.\n", 2231 kt->pfrkt_refcnt[PFR_REFCNT_RULE]); 2232 else if (!--kt->pfrkt_refcnt[PFR_REFCNT_RULE]) 2233 pfr_setflags_ktable(kt, kt->pfrkt_flags&~PFR_TFLAG_REFERENCED); 2234} 2235 |
| 2236 |
|
| 1920int 1921pfr_pool_get(struct pfr_ktable *kt, int *pidx, struct pf_addr *counter, 1922 struct pf_addr **raddr, struct pf_addr **rmask, sa_family_t af) 1923{ 1924 struct pfr_kentry *ke, *ke2; 1925 struct pf_addr *addr; 1926 union sockaddr_union mask; 1927 int idx = -1, use_counter = 0; --- 73 unchanged lines hidden (view full) --- 2001 struct pfr_walktree w; 2002 2003 bzero(&w, sizeof(w)); 2004 w.pfrw_op = PFRW_POOL_GET; 2005 w.pfrw_cnt = idx; 2006 2007 switch(af) { 2008 case AF_INET: | 2237int 2238pfr_pool_get(struct pfr_ktable *kt, int *pidx, struct pf_addr *counter, 2239 struct pf_addr **raddr, struct pf_addr **rmask, sa_family_t af) 2240{ 2241 struct pfr_kentry *ke, *ke2; 2242 struct pf_addr *addr; 2243 union sockaddr_union mask; 2244 int idx = -1, use_counter = 0; --- 73 unchanged lines hidden (view full) --- 2318 struct pfr_walktree w; 2319 2320 bzero(&w, sizeof(w)); 2321 w.pfrw_op = PFRW_POOL_GET; 2322 w.pfrw_cnt = idx; 2323 2324 switch(af) { 2325 case AF_INET: |
| 2326#if defined(__FreeBSD__) 2327 kt->pfrkt_ip4->rnh_walktree(kt->pfrkt_ip4, pfr_walktree, &w); 2328#else |
|
| 2009 rn_walktree(kt->pfrkt_ip4, pfr_walktree, &w); | 2329 rn_walktree(kt->pfrkt_ip4, pfr_walktree, &w); |
| 2330#endif |
|
| 2010 return w.pfrw_kentry; 2011 case AF_INET6: | 2331 return w.pfrw_kentry; 2332 case AF_INET6: |
| 2333#if defined(__FreeBSD__) 2334 kt->pfrkt_ip6->rnh_walktree(kt->pfrkt_ip6, pfr_walktree, &w); 2335#else |
|
| 2012 rn_walktree(kt->pfrkt_ip6, pfr_walktree, &w); | 2336 rn_walktree(kt->pfrkt_ip6, pfr_walktree, &w); |
| 2337#endif |
|
| 2013 return w.pfrw_kentry; 2014 default: 2015 return NULL; 2016 } 2017} | 2338 return w.pfrw_kentry; 2339 default: 2340 return NULL; 2341 } 2342} |
| 2018 | |