summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Belopuhov <mikeb@cvs.openbsd.org>2012-04-03 15:09:05 +0000
committerMike Belopuhov <mikeb@cvs.openbsd.org>2012-04-03 15:09:05 +0000
commit20bb0d24c31a82d74e7b53f2d6dba080e50b52af (patch)
treee8ec33691c630321d5360b1c8a62473202985ed6
parentb554ee34b2243e64b5e4477cdba01607d95bbabf (diff)
Fix kernel compilation with pf but without pfsync pseudo-device by
moving the state export functionality from pfsync code into pf. Based on the initial diff diff by guenther, ok henning.
-rw-r--r--sys/net/if_pfsync.c65
-rw-r--r--sys/net/pf.c71
-rw-r--r--sys/net/pf_ioctl.c8
-rw-r--r--sys/net/pfvar.h4
4 files changed, 80 insertions, 68 deletions
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c
index ad3193e3cc2..bb191010dac 100644
--- a/sys/net/if_pfsync.c
+++ b/sys/net/if_pfsync.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_pfsync.c,v 1.181 2012/02/03 01:57:50 bluhm Exp $ */
+/* $OpenBSD: if_pfsync.c,v 1.182 2012/04/03 15:09:03 mikeb Exp $ */
/*
* Copyright (c) 2002 Michael Shalayeff
@@ -456,68 +456,7 @@ pfsync_alloc_scrub_memory(struct pfsync_state_peer *s,
void
pfsync_state_export(struct pfsync_state *sp, struct pf_state *st)
{
- bzero(sp, sizeof(struct pfsync_state));
-
- /* copy from state key */
- sp->key[PF_SK_WIRE].addr[0] = st->key[PF_SK_WIRE]->addr[0];
- sp->key[PF_SK_WIRE].addr[1] = st->key[PF_SK_WIRE]->addr[1];
- sp->key[PF_SK_WIRE].port[0] = st->key[PF_SK_WIRE]->port[0];
- sp->key[PF_SK_WIRE].port[1] = st->key[PF_SK_WIRE]->port[1];
- sp->key[PF_SK_WIRE].rdomain = htons(st->key[PF_SK_WIRE]->rdomain);
- sp->key[PF_SK_WIRE].af = st->key[PF_SK_WIRE]->af;
- sp->key[PF_SK_STACK].addr[0] = st->key[PF_SK_STACK]->addr[0];
- sp->key[PF_SK_STACK].addr[1] = st->key[PF_SK_STACK]->addr[1];
- sp->key[PF_SK_STACK].port[0] = st->key[PF_SK_STACK]->port[0];
- sp->key[PF_SK_STACK].port[1] = st->key[PF_SK_STACK]->port[1];
- sp->key[PF_SK_STACK].rdomain = htons(st->key[PF_SK_STACK]->rdomain);
- sp->key[PF_SK_STACK].af = st->key[PF_SK_STACK]->af;
- sp->rtableid[PF_SK_WIRE] = htonl(st->rtableid[PF_SK_WIRE]);
- sp->rtableid[PF_SK_STACK] = htonl(st->rtableid[PF_SK_STACK]);
- sp->proto = st->key[PF_SK_WIRE]->proto;
- sp->af = st->key[PF_SK_WIRE]->af;
-
- /* copy from state */
- strlcpy(sp->ifname, st->kif->pfik_name, sizeof(sp->ifname));
- bcopy(&st->rt_addr, &sp->rt_addr, sizeof(sp->rt_addr));
- sp->creation = htonl(time_uptime - st->creation);
- sp->expire = pf_state_expires(st);
- if (sp->expire <= time_second)
- sp->expire = htonl(0);
- else
- sp->expire = htonl(sp->expire - time_second);
-
- sp->direction = st->direction;
- sp->log = st->log;
- sp->timeout = st->timeout;
- /* XXX replace state_flags post 5.0 */
- sp->state_flags = st->state_flags;
- sp->all_state_flags = htons(st->state_flags);
- if (!SLIST_EMPTY(&st->src_nodes))
- sp->sync_flags |= PFSYNC_FLAG_SRCNODE;
-
- sp->id = st->id;
- sp->creatorid = st->creatorid;
- pf_state_peer_hton(&st->src, &sp->src);
- pf_state_peer_hton(&st->dst, &sp->dst);
-
- if (st->rule.ptr == NULL)
- sp->rule = htonl(-1);
- else
- sp->rule = htonl(st->rule.ptr->nr);
- if (st->anchor.ptr == NULL)
- sp->anchor = htonl(-1);
- else
- sp->anchor = htonl(st->anchor.ptr->nr);
- sp->nat_rule = htonl(-1); /* left for compat, nat_rule is gone */
-
- pf_state_counter_hton(st->packets[0], sp->packets[0]);
- pf_state_counter_hton(st->packets[1], sp->packets[1]);
- pf_state_counter_hton(st->bytes[0], sp->bytes[0]);
- pf_state_counter_hton(st->bytes[1], sp->bytes[1]);
-
- sp->max_mss = htons(st->max_mss);
- sp->min_ttl = st->min_ttl;
- sp->set_tos = st->set_tos;
+ return (pf_state_export(sp, st));
}
int
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 29673646ede..02a6507a63d 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.802 2012/02/05 22:38:06 mikeb Exp $ */
+/* $OpenBSD: pf.c,v 1.803 2012/04/03 15:09:03 mikeb Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -1077,6 +1077,73 @@ pf_find_state_all(struct pf_state_key_cmp *key, u_int dir, int *more)
return (ret ? ret->s : NULL);
}
+void
+pf_state_export(struct pfsync_state *sp, struct pf_state *st)
+{
+ bzero(sp, sizeof(struct pfsync_state));
+
+ /* copy from state key */
+ sp->key[PF_SK_WIRE].addr[0] = st->key[PF_SK_WIRE]->addr[0];
+ sp->key[PF_SK_WIRE].addr[1] = st->key[PF_SK_WIRE]->addr[1];
+ sp->key[PF_SK_WIRE].port[0] = st->key[PF_SK_WIRE]->port[0];
+ sp->key[PF_SK_WIRE].port[1] = st->key[PF_SK_WIRE]->port[1];
+ sp->key[PF_SK_WIRE].rdomain = htons(st->key[PF_SK_WIRE]->rdomain);
+ sp->key[PF_SK_WIRE].af = st->key[PF_SK_WIRE]->af;
+ sp->key[PF_SK_STACK].addr[0] = st->key[PF_SK_STACK]->addr[0];
+ sp->key[PF_SK_STACK].addr[1] = st->key[PF_SK_STACK]->addr[1];
+ sp->key[PF_SK_STACK].port[0] = st->key[PF_SK_STACK]->port[0];
+ sp->key[PF_SK_STACK].port[1] = st->key[PF_SK_STACK]->port[1];
+ sp->key[PF_SK_STACK].rdomain = htons(st->key[PF_SK_STACK]->rdomain);
+ sp->key[PF_SK_STACK].af = st->key[PF_SK_STACK]->af;
+ sp->rtableid[PF_SK_WIRE] = htonl(st->rtableid[PF_SK_WIRE]);
+ sp->rtableid[PF_SK_STACK] = htonl(st->rtableid[PF_SK_STACK]);
+ sp->proto = st->key[PF_SK_WIRE]->proto;
+ sp->af = st->key[PF_SK_WIRE]->af;
+
+ /* copy from state */
+ strlcpy(sp->ifname, st->kif->pfik_name, sizeof(sp->ifname));
+ bcopy(&st->rt_addr, &sp->rt_addr, sizeof(sp->rt_addr));
+ sp->creation = htonl(time_uptime - st->creation);
+ sp->expire = pf_state_expires(st);
+ if (sp->expire <= time_second)
+ sp->expire = htonl(0);
+ else
+ sp->expire = htonl(sp->expire - time_second);
+
+ sp->direction = st->direction;
+ sp->log = st->log;
+ sp->timeout = st->timeout;
+ /* XXX replace state_flags post 5.0 */
+ sp->state_flags = st->state_flags;
+ sp->all_state_flags = htons(st->state_flags);
+ if (!SLIST_EMPTY(&st->src_nodes))
+ sp->sync_flags |= PFSYNC_FLAG_SRCNODE;
+
+ sp->id = st->id;
+ sp->creatorid = st->creatorid;
+ pf_state_peer_hton(&st->src, &sp->src);
+ pf_state_peer_hton(&st->dst, &sp->dst);
+
+ if (st->rule.ptr == NULL)
+ sp->rule = htonl(-1);
+ else
+ sp->rule = htonl(st->rule.ptr->nr);
+ if (st->anchor.ptr == NULL)
+ sp->anchor = htonl(-1);
+ else
+ sp->anchor = htonl(st->anchor.ptr->nr);
+ sp->nat_rule = htonl(-1); /* left for compat, nat_rule is gone */
+
+ pf_state_counter_hton(st->packets[0], sp->packets[0]);
+ pf_state_counter_hton(st->packets[1], sp->packets[1]);
+ pf_state_counter_hton(st->bytes[0], sp->bytes[0]);
+ pf_state_counter_hton(st->bytes[1], sp->bytes[1]);
+
+ sp->max_mss = htons(st->max_mss);
+ sp->min_ttl = st->min_ttl;
+ sp->set_tos = st->set_tos;
+}
+
/* END state table stuff */
void
@@ -3636,7 +3703,9 @@ pf_create_state(struct pf_pdesc *pd, struct pf_rule *r, struct pf_rule *a,
s->set_tos = act->set_tos;
s->max_mss = act->max_mss;
s->state_flags |= act->flags;
+#if NPFSYNC > 0
s->sync_state = PFSYNC_S_NONE;
+#endif
s->prio[0] = act->prio[0];
s->prio[1] = act->prio[1];
switch (pd->proto) {
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index df3d6ab2335..7e89346e96f 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_ioctl.c,v 1.249 2012/03/28 19:41:05 claudio Exp $ */
+/* $OpenBSD: pf_ioctl.c,v 1.250 2012/04/03 15:09:03 mikeb Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -1390,6 +1390,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
break;
}
+#if NPFSYNC > 0
case DIOCADDSTATE: {
struct pfioc_state *ps = (struct pfioc_state *)addr;
struct pfsync_state *sp = &ps->state;
@@ -1401,6 +1402,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
error = pfsync_state_import(sp, PFSYNC_SI_IOCTL);
break;
}
+#endif
case DIOCGETSTATE: {
struct pfioc_state *ps = (struct pfioc_state *)addr;
@@ -1417,7 +1419,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
break;
}
- pfsync_state_export(&ps->state, s);
+ pf_state_export(&ps->state, s);
break;
}
@@ -1442,7 +1444,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
if (state->timeout != PFTM_UNLINKED) {
if ((nr+1) * sizeof(*p) > (unsigned)ps->ps_len)
break;
- pfsync_state_export(pstore, state);
+ pf_state_export(pstore, state);
error = copyout(pstore, p, sizeof(*p));
if (error) {
free(pstore, M_TEMP);
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index f99a1891000..3d8f020a495 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfvar.h,v 1.362 2012/02/03 01:57:51 bluhm Exp $ */
+/* $OpenBSD: pfvar.h,v 1.363 2012/04/03 15:09:04 mikeb Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -1765,6 +1765,8 @@ void pf_state_rm_src_node(struct pf_state *,
extern struct pf_state *pf_find_state_byid(struct pf_state_cmp *);
extern struct pf_state *pf_find_state_all(struct pf_state_key_cmp *,
u_int, int *);
+extern void pf_state_export(struct pfsync_state *,
+ struct pf_state *);
extern void pf_print_state(struct pf_state *);
extern void pf_print_flags(u_int8_t);
extern u_int16_t pf_cksum_fixup(u_int16_t, u_int16_t, u_int16_t,