227 	struct pfr_ktable	*kt;
235 	kt = pfr_lookup_table(tbl);
236 	if (kt == NULL || !(kt->pfrkt_flags & PFR_TFLAG_ACTIVE))
238 	if (kt->pfrkt_flags & PFR_TFLAG_CONST)
240 	pfr_enqueue_addrs(kt, &workq, ndel, 0);
243 		pfr_remove_kentries(kt, &workq);
244 		KASSERT(kt->pfrkt_cnt == 0, ("%s: non-null pfrkt_cnt", __func__));
253 	struct pfr_ktable	*kt, *tmpkt;
265 	kt = pfr_lookup_table(tbl);
266 	if (kt == NULL || !(kt->pfrkt_flags & PFR_TFLAG_ACTIVE))
268 	if (kt->pfrkt_flags & PFR_TFLAG_CONST)
277 		p = pfr_lookup_addr(kt, ad, 1);
291 			    (kt->pfrkt_flags & PFR_TFLAG_COUNTERS) != 0);
305 		pfr_insert_kentries(kt, &workq, tzero);
325 	struct pfr_ktable	*kt;
336 	kt = pfr_lookup_table(tbl);
337 	if (kt == NULL || !(kt->pfrkt_flags & PFR_TFLAG_ACTIVE))
339 	if (kt->pfrkt_flags & PFR_TFLAG_CONST)
352 	for (i = kt->pfrkt_cnt; i > 0; i >>= 1)
354 	if (size > kt->pfrkt_cnt/log) {
356 		pfr_mark_addrs(kt);
362 			p = pfr_lookup_addr(kt, ad, 1);
371 		p = pfr_lookup_addr(kt, ad, 1);
390 		pfr_remove_kentries(kt, &workq);
405 	struct pfr_ktable	*kt, *tmpkt;
418 	kt = pfr_lookup_table(tbl);
419 	if (kt == NULL || !(kt->pfrkt_flags & PFR_TFLAG_ACTIVE))
421 	if (kt->pfrkt_flags & PFR_TFLAG_CONST)
426 	pfr_mark_addrs(kt);
439 		p = pfr_lookup_addr(kt, &ad, 1);
458 			    (kt->pfrkt_flags & PFR_TFLAG_COUNTERS) != 0);
474 	pfr_enqueue_addrs(kt, &delq, &xdel, ENQUEUE_UNMARKED_ONLY);
490 		pfr_insert_kentries(kt, &addq, tzero);
491 		pfr_remove_kentries(kt, &delq);
492 		pfr_clstats_kentries(kt, &changeq, tzero, INVERT_NEG_FLAG);
518 	struct pfr_ktable	*kt;
528 	kt = pfr_lookup_table(tbl);
529 	if (kt == NULL || !(kt->pfrkt_flags & PFR_TFLAG_ACTIVE))
537 		p = pfr_lookup_addr(kt, ad, 0);
554 	struct pfr_ktable	*kt;
563 	kt = pfr_lookup_table(tbl);
564 	if (kt == NULL || !(kt->pfrkt_flags & PFR_TFLAG_ACTIVE))
566 	if (kt->pfrkt_cnt > *size) {
567 		*size = kt->pfrkt_cnt;
574 	w.pfrw_free = kt->pfrkt_cnt;
575 	rv = kt->pfrkt_ip4->rnh_walktree(&kt->pfrkt_ip4->rh, pfr_walktree, &w);
577 		rv = kt->pfrkt_ip6->rnh_walktree(&kt->pfrkt_ip6->rh,
585 	*size = kt->pfrkt_cnt;
593 	struct pfr_ktable	*kt;
605 	kt = pfr_lookup_table(tbl);
606 	if (kt == NULL || !(kt->pfrkt_flags & PFR_TFLAG_ACTIVE))
608 	if (kt->pfrkt_cnt > *size) {
609 		*size = kt->pfrkt_cnt;
616 	w.pfrw_free = kt->pfrkt_cnt;
623 	w.pfrw_flags = kt->pfrkt_flags;
624 	rv = kt->pfrkt_ip4->rnh_walktree(&kt->pfrkt_ip4->rh, pfr_walktree, &w);
626 		rv = kt->pfrkt_ip6->rnh_walktree(&kt->pfrkt_ip6->rh,
629 		pfr_enqueue_addrs(kt, &workq, NULL, 0);
630 		pfr_clstats_kentries(kt, &workq, tzero, 0);
640 	*size = kt->pfrkt_cnt;
648 	struct pfr_ktable	*kt;
659 	kt = pfr_lookup_table(tbl);
660 	if (kt == NULL || !(kt->pfrkt_flags & PFR_TFLAG_ACTIVE))
666 		p = pfr_lookup_addr(kt, ad, 1);
678 		pfr_clstats_kentries(kt, &workq, 0, 0);
723 pfr_enqueue_addrs(struct pfr_ktable *kt, struct pfr_kentryworkq *workq,
732 	if (kt->pfrkt_ip4 != NULL)
733 		if (kt->pfrkt_ip4->rnh_walktree(&kt->pfrkt_ip4->rh,
736 	if (kt->pfrkt_ip6 != NULL)
737 		if (kt->pfrkt_ip6->rnh_walktree(&kt->pfrkt_ip6->rh,
745 pfr_mark_addrs(struct pfr_ktable *kt)
751 	if (kt->pfrkt_ip4->rnh_walktree(&kt->pfrkt_ip4->rh, pfr_walktree, &w))
753 	if (kt->pfrkt_ip6->rnh_walktree(&kt->pfrkt_ip6->rh, pfr_walktree, &w))
758 pfr_lookup_addr(struct pfr_ktable *kt, struct pfr_addr *ad, int exact)
769 		head = &kt->pfrkt_ip4->rh;
772 		head = &kt->pfrkt_ip6->rh;
840 pfr_insert_kentries(struct pfr_ktable *kt,
847 		rv = pfr_route_kentry(kt, p);
856 	kt->pfrkt_cnt += n;
860 pfr_insert_kentry(struct pfr_ktable *kt, struct pfr_addr *ad, long tzero)
865 	p = pfr_lookup_addr(kt, ad, 1);
868 	p = pfr_create_kentry(ad, (kt->pfrkt_flags & PFR_TFLAG_COUNTERS) != 0);
872 	rv = pfr_route_kentry(kt, p);
877 	kt->pfrkt_cnt++;
883 pfr_remove_kentries(struct pfr_ktable *kt,
890 		pfr_unroute_kentry(kt, p);
893 	kt->pfrkt_cnt -= n;
898 pfr_clean_node_mask(struct pfr_ktable *kt,
904 		pfr_unroute_kentry(kt, p);
908 pfr_clstats_kentries(struct pfr_ktable *kt, struct pfr_kentryworkq *workq,
917 		if ((kt->pfrkt_flags & PFR_TFLAG_COUNTERS) != 0)
961 pfr_route_kentry(struct pfr_ktable *kt, struct pfr_kentry *ke)
971 		head = &kt->pfrkt_ip4->rh;
973 		head = &kt->pfrkt_ip6->rh;
985 pfr_unroute_kentry(struct pfr_ktable *kt, struct pfr_kentry *ke)
992 		head = &kt->pfrkt_ip4->rh;
994 		head = &kt->pfrkt_ip6->rh;
1469 	struct pfr_ktable	*kt, *rt, *shadow, key;
1488 	kt = RB_FIND(pfr_ktablehead, &V_pfr_ktables, (struct pfr_ktable *)tbl);
1489 	if (kt == NULL) {
1490 		kt = pfr_create_ktable(tbl, 0, 1);
1491 		if (kt == NULL)
1493 		SLIST_INSERT_HEAD(&tableq, kt, pfrkt_workq);
1503 			kt->pfrkt_root = rt;
1512 		kt->pfrkt_root = rt;
1513 	} else if (!(kt->pfrkt_flags & PFR_TFLAG_INACTIVE))
1539 		if (kt->pfrkt_shadow != NULL)
1540 			pfr_destroy_ktable(kt->pfrkt_shadow, 1);
1541 		kt->pfrkt_flags |= PFR_TFLAG_INACTIVE;
1545 		kt->pfrkt_shadow = shadow;
1643 pfr_commit_ktable(struct pfr_ktable *kt, long tzero)
1646 	struct pfr_ktable	*shadow = kt->pfrkt_shadow;
1652 		if (!(kt->pfrkt_flags & PFR_TFLAG_ACTIVE))
1653 			pfr_clstats_ktable(kt, tzero, 1);
1654 	} else if (kt->pfrkt_flags & PFR_TFLAG_ACTIVE) {
1655 		/* kt might contain addresses */
1661 		pfr_mark_addrs(kt);
1669 			q = pfr_lookup_addr(kt, &ad, 1);
1685 		pfr_enqueue_addrs(kt, &delq, NULL, ENQUEUE_UNMARKED_ONLY);
1686 		pfr_insert_kentries(kt, &addq, tzero);
1687 		pfr_remove_kentries(kt, &delq);
1688 		pfr_clstats_kentries(kt, &changeq, tzero, INVERT_NEG_FLAG);
1691 		/* kt cannot contain addresses */
1692 		SWAP(struct radix_node_head *, kt->pfrkt_ip4,
1694 		SWAP(struct radix_node_head *, kt->pfrkt_ip6,
1696 		SWAP(int, kt->pfrkt_cnt, shadow->pfrkt_cnt);
1697 		pfr_clstats_ktable(kt, tzero, 1);
1700 	    (kt->pfrkt_flags & PFR_TFLAG_SETMASK) | PFR_TFLAG_ACTIVE)
1703 	kt->pfrkt_shadow = NULL;
1704 	pfr_setflags_ktable(kt, nflags);
1774 pfr_skip_table(struct pfr_table *filter, struct pfr_ktable *kt, int flags)
1778 	if (strcmp(filter->pfrt_anchor, kt->pfrkt_anchor))
1793 pfr_insert_ktable(struct pfr_ktable *kt)
1798 	RB_INSERT(pfr_ktablehead, &V_pfr_ktables, kt);
1800 	if (kt->pfrkt_root != NULL)
1801 		if (!kt->pfrkt_root->pfrkt_refcnt[PFR_REFCNT_ANCHOR]++)
1802 			pfr_setflags_ktable(kt->pfrkt_root,
1803 			    kt->pfrkt_root->pfrkt_flags|PFR_TFLAG_REFDANCHOR);
1818 pfr_setflags_ktable(struct pfr_ktable *kt, int newf)
1831 		RB_REMOVE(pfr_ktablehead, &V_pfr_ktables, kt);
1832 		if (kt->pfrkt_root != NULL)
1833 			if (!--kt->pfrkt_root->pfrkt_refcnt[PFR_REFCNT_ANCHOR])
1834 				pfr_setflags_ktable(kt->pfrkt_root,
1835 				    kt->pfrkt_root->pfrkt_flags &
1837 		pfr_destroy_ktable(kt, 1);
1841 	if (!(newf & PFR_TFLAG_ACTIVE) && kt->pfrkt_cnt) {
1842 		pfr_enqueue_addrs(kt, &addrq, NULL, 0);
1843 		pfr_remove_kentries(kt, &addrq);
1845 	if (!(newf & PFR_TFLAG_INACTIVE) && kt->pfrkt_shadow != NULL) {
1846 		pfr_destroy_ktable(kt->pfrkt_shadow, 1);
1847 		kt->pfrkt_shadow = NULL;
1849 	kt->pfrkt_flags = newf;
1862 pfr_clstats_ktable(struct pfr_ktable *kt, long tzero, int recurse)
1868 		pfr_enqueue_addrs(kt, &addrq, NULL, 0);
1869 		pfr_clstats_kentries(kt, &addrq, tzero, 0);
1873 			counter_u64_zero(kt->pfrkt_packets[pfr_dir][pfr_op]);
1874 			counter_u64_zero(kt->pfrkt_bytes[pfr_dir][pfr_op]);
1877 	counter_u64_zero(kt->pfrkt_match);
1878 	counter_u64_zero(kt->pfrkt_nomatch);
1879 	kt->pfrkt_tzero = tzero;
1885 	struct pfr_ktable	*kt;
1891 	kt = malloc(sizeof(*kt), M_PFTABLE, M_NOWAIT|M_ZERO);
1892 	if (kt == NULL)
1894 	kt->pfrkt_t = *tbl;
1899 			pfr_destroy_ktable(kt, 0);
1902 		kt->pfrkt_rs = rs;
1908 			kt->pfrkt_packets[pfr_dir][pfr_op] =
1910 			if (! kt->pfrkt_packets[pfr_dir][pfr_op]) {
1911 				pfr_destroy_ktable(kt, 0);
1914 			kt->pfrkt_bytes[pfr_dir][pfr_op] =
1916 			if (! kt->pfrkt_bytes[pfr_dir][pfr_op]) {
1917 				pfr_destroy_ktable(kt, 0);
1922 	kt->pfrkt_match = counter_u64_alloc(M_NOWAIT);
1923 	if (! kt->pfrkt_match) {
1924 		pfr_destroy_ktable(kt, 0);
1928 	kt->pfrkt_nomatch = counter_u64_alloc(M_NOWAIT);
1929 	if (! kt->pfrkt_nomatch) {
1930 		pfr_destroy_ktable(kt, 0);
1934 	if (!rn_inithead((void **)&kt->pfrkt_ip4,
1936 	    !rn_inithead((void **)&kt->pfrkt_ip6,
1938 		pfr_destroy_ktable(kt, 0);
1941 	kt->pfrkt_tzero = tzero;
1943 	return (kt);
1958 pfr_destroy_ktable(struct pfr_ktable *kt, int flushaddr)
1964 		pfr_enqueue_addrs(kt, &addrq, NULL, 0);
1965 		pfr_clean_node_mask(kt, &addrq);
1968 	if (kt->pfrkt_ip4 != NULL)
1969 		rn_detachhead((void **)&kt->pfrkt_ip4);
1970 	if (kt->pfrkt_ip6 != NULL)
1971 		rn_detachhead((void **)&kt->pfrkt_ip6);
1972 	if (kt->pfrkt_shadow != NULL)
1973 		pfr_destroy_ktable(kt->pfrkt_shadow, flushaddr);
1974 	if (kt->pfrkt_rs != NULL) {
1975 		kt->pfrkt_rs->tables--;
1976 		pf_remove_if_empty_kruleset(kt->pfrkt_rs);
1980 			counter_u64_free(kt->pfrkt_packets[pfr_dir][pfr_op]);
1981 			counter_u64_free(kt->pfrkt_bytes[pfr_dir][pfr_op]);
1984 	counter_u64_free(kt->pfrkt_match);
1985 	counter_u64_free(kt->pfrkt_nomatch);
1987 	free(kt, M_PFTABLE);
2009 pfr_match_addr(struct pfr_ktable *kt, struct pf_addr *a, sa_family_t af)
2016 	if (!(kt->pfrkt_flags & PFR_TFLAG_ACTIVE) && kt->pfrkt_root != NULL)
2017 		kt = kt->pfrkt_root;
2018 	if (!(kt->pfrkt_flags & PFR_TFLAG_ACTIVE))
2031 		ke = (struct pfr_kentry *)rn_match(&sin, &kt->pfrkt_ip4->rh);
2046 		ke = (struct pfr_kentry *)rn_match(&sin6, &kt->pfrkt_ip6->rh);
2055 		counter_u64_add(kt->pfrkt_match, 1);
2057 		counter_u64_add(kt->pfrkt_nomatch, 1);
2062 pfr_update_stats(struct pfr_ktable *kt, struct pf_addr *a, sa_family_t af,
2067 	if (!(kt->pfrkt_flags & PFR_TFLAG_ACTIVE) && kt->pfrkt_root != NULL)
2068 		kt = kt->pfrkt_root;
2069 	if (!(kt->pfrkt_flags & PFR_TFLAG_ACTIVE))
2082 		ke = (struct pfr_kentry *)rn_match(&sin, &kt->pfrkt_ip4->rh);
2097 		ke = (struct pfr_kentry *)rn_match(&sin6, &kt->pfrkt_ip6->rh);
2112 	counter_u64_add(kt->pfrkt_packets[dir_out][op_pass], 1);
2113 	counter_u64_add(kt->pfrkt_bytes[dir_out][op_pass], len);
2115 	    (kt->pfrkt_flags & PFR_TFLAG_COUNTERS)) {
2126 	struct pfr_ktable	*kt, *rt;
2136 	kt = pfr_lookup_table(&tbl);
2137 	if (kt == NULL) {
2138 		kt = pfr_create_ktable(&tbl, time_second, 1);
2139 		if (kt == NULL)
2147 					pfr_destroy_ktable(kt, 0);
2152 			kt->pfrkt_root = rt;
2154 		pfr_insert_ktable(kt);
2156 	if (!kt->pfrkt_refcnt[PFR_REFCNT_RULE]++)
2157 		pfr_setflags_ktable(kt, kt->pfrkt_flags|PFR_TFLAG_REFERENCED);
2158 	return (kt);
2162 pfr_detach_table(struct pfr_ktable *kt)
2166 	KASSERT(kt->pfrkt_refcnt[PFR_REFCNT_RULE] > 0, ("%s: refcount %d\n",
2167 	    __func__, kt->pfrkt_refcnt[PFR_REFCNT_RULE]));
2169 	if (!--kt->pfrkt_refcnt[PFR_REFCNT_RULE])
2170 		pfr_setflags_ktable(kt, kt->pfrkt_flags&~PFR_TFLAG_REFERENCED);
2174 pfr_pool_get(struct pfr_ktable *kt, int *pidx, struct pf_addr *counter,
2194 	if (!(kt->pfrkt_flags & PFR_TFLAG_ACTIVE) && kt->pfrkt_root != NULL)
2195 		kt = kt->pfrkt_root;
2196 	if (!(kt->pfrkt_flags & PFR_TFLAG_ACTIVE))
2207 	ke = pfr_kentry_byidx(kt, idx, af);
2209 		counter_u64_add(kt->pfrkt_nomatch, 1);
2234 		counter_u64_add(kt->pfrkt_match, 1);
2242 			    &kt->pfrkt_ip4->rh);
2246 			    &kt->pfrkt_ip6->rh);
2254 			counter_u64_add(kt->pfrkt_match, 1);
2273 pfr_kentry_byidx(struct pfr_ktable *kt, int idx, int af)
2284 		kt->pfrkt_ip4->rnh_walktree(&kt->pfrkt_ip4->rh, pfr_walktree, &w);
2289 		kt->pfrkt_ip6->rnh_walktree(&kt->pfrkt_ip6->rh, pfr_walktree, &w);
2298 pfr_dynaddr_update(struct pfr_ktable *kt, struct pfi_dynaddr *dyn)
2309 		kt->pfrkt_ip4->rnh_walktree(&kt->pfrkt_ip4->rh, pfr_walktree, &w);
2311 		kt->pfrkt_ip6->rnh_walktree(&kt->pfrkt_ip6->rh, pfr_walktree, &w);

Indexes created Wed Jul 17 19:16:04 MDT 2024