summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRyan Thomas McBride <mcbride@cvs.openbsd.org>2006-11-20 14:25:12 +0000
committerRyan Thomas McBride <mcbride@cvs.openbsd.org>2006-11-20 14:25:12 +0000
commit2a08eb329d34dbab9c8d2c46e0a242364325e19b (patch)
tree5211036ac042505e259107551a2fe06276685ad1
parentcf325c06e0ba4c2ac3fa08e05a3203ef06bc9b7b (diff)
ioctl to explicitly remove source tracking nodes,
diff from Berk D. Demir <bdd@mindcast.org> ok henning dhartmei
-rw-r--r--sys/net/pf_ioctl.c41
-rw-r--r--sys/net/pfvar.h10
2 files changed, 49 insertions, 2 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 6fa1b199cb8..f41f6a93102 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_ioctl.c,v 1.171 2006/10/27 13:56:51 mcbride Exp $ */
+/* $OpenBSD: pf_ioctl.c,v 1.172 2006/11/20 14:25:11 mcbride Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -2771,6 +2771,45 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
break;
}
+ case DIOCKILLSRCNODES: {
+ struct pf_src_node *sn;
+ struct pf_state *s;
+ struct pfioc_src_node_kill *psnk = \
+ (struct pfioc_src_node_kill *) addr;
+ int killed = 0;
+
+ RB_FOREACH(sn, pf_src_tree, &tree_src_tracking) {
+ if (PF_MATCHA(psnk->psnk_src.neg, \
+ &psnk->psnk_src.addr.v.a.addr, \
+ &psnk->psnk_src.addr.v.a.mask, \
+ &sn->addr, sn->af) &&
+ PF_MATCHA(psnk->psnk_dst.neg, \
+ &psnk->psnk_dst.addr.v.a.addr, \
+ &psnk->psnk_dst.addr.v.a.mask, \
+ &sn->raddr, sn->af)) {
+ /* Handle state to src_node linkage */
+ if (sn->states != 0) {
+ RB_FOREACH(s, pf_state_tree_id,
+ &tree_id) {
+ if (s->src_node == sn)
+ s->src_node = NULL;
+ if (s->nat_src_node == sn)
+ s->nat_src_node = NULL;
+ }
+ sn->states = 0;
+ }
+ sn->expire = 1;
+ killed++;
+ }
+ }
+
+ if (killed > 0)
+ pf_purge_expired_src_nodes(1);
+
+ psnk->psnk_af = killed;
+ break;
+ }
+
case DIOCSETHOSTID: {
u_int32_t *hostid = (u_int32_t *)addr;
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 67fb7badec4..3ca96a61b30 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfvar.h,v 1.240 2006/10/27 13:56:51 mcbride Exp $ */
+/* $OpenBSD: pfvar.h,v 1.241 2006/11/20 14:25:11 mcbride Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -1228,6 +1228,13 @@ struct pfioc_state {
struct pf_state state;
};
+struct pfioc_src_node_kill {
+ /* XXX returns the number of src nodes killed in psnk_af */
+ sa_family_t psnk_af;
+ struct pf_rule_addr psnk_src;
+ struct pf_rule_addr psnk_dst;
+};
+
struct pfioc_state_kill {
/* XXX returns the number of states killed in psk_af */
sa_family_t psk_af;
@@ -1415,6 +1422,7 @@ struct pfioc_iface {
#define DIOCIGETIFACES _IOWR('D', 87, struct pfioc_iface)
#define DIOCSETIFFLAG _IOWR('D', 89, struct pfioc_iface)
#define DIOCCLRIFFLAG _IOWR('D', 90, struct pfioc_iface)
+#define DIOCKILLSRCNODES _IOWR('D', 91, struct pfioc_src_node_kill)
#ifdef _KERNEL
RB_HEAD(pf_src_tree, pf_src_node);