src - OpenBSD base system

diff options


context:
space:
mode:

author	Cedric Berger <cedric@cvs.openbsd.org>	2003-04-27 16:02:09 +0000
committer	Cedric Berger <cedric@cvs.openbsd.org>	2003-04-27 16:02:09 +0000
commit	e8b9c92fbb46a189fac040b985f1255bd798cfec (patch)
tree	4a991524256ce805fa3fcc349030aec25c3c1cc9 /sys/net
parent	39ad74194be9e3406f12dae5da823147d7e72bdf (diff)

Update the pfioc_table IOCTL structure.

Prepare for anchors, improve robustness. WARNING: need to sync kernel/userland. ok dhartmei@

Diffstat (limited to 'sys/net')

-rw-r--r--

sys/net/pf_ioctl.c

-rw-r--r--

sys/net/pf_table.c

-rw-r--r--

sys/net/pfvar.h

3 files changed, 89 insertions, 10 deletions

diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index da941a94575..1d7f7a3045b 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pf_ioctl.c,v 1.58 2003/04/11 14:40:57 henning Exp $ */

+/* $OpenBSD: pf_ioctl.c,v 1.59 2003/04/27 16:02:07 cedric Exp $ */

@@ -1780,6 +1780,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

case DIOCRCLRTABLES: {

struct pfioc_table *io = (struct pfioc_table *)addr;

+ if (io->pfrio_esize != 0) {

+ error = ENODEV;

+ break;

+ }

error = pfr_clr_tables(&io->pfrio_ndel, io->pfrio_flags);

break;

}

@@ -1787,6 +1791,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

case DIOCRADDTABLES: {

struct pfioc_table *io = (struct pfioc_table *)addr;

+ if (io->pfrio_esize != sizeof(struct pfr_table)) {

+ error = ENODEV;

+ break;

+ }

error = pfr_add_tables(io->pfrio_buffer, io->pfrio_size,

&io->pfrio_nadd, io->pfrio_flags);

break;

@@ -1795,6 +1803,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

case DIOCRDELTABLES: {

struct pfioc_table *io = (struct pfioc_table *)addr;

+ if (io->pfrio_esize != sizeof(struct pfr_table)) {

+ error = ENODEV;

+ break;

+ }

error = pfr_del_tables(io->pfrio_buffer, io->pfrio_size,

&io->pfrio_ndel, io->pfrio_flags);

break;

@@ -1803,6 +1815,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

case DIOCRGETTABLES: {

struct pfioc_table *io = (struct pfioc_table *)addr;

+ if (io->pfrio_esize != sizeof(struct pfr_table)) {

+ error = ENODEV;

+ break;

+ }

error = pfr_get_tables(io->pfrio_buffer, &io->pfrio_size,

io->pfrio_flags);

break;

@@ -1811,6 +1827,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

case DIOCRGETTSTATS: {

struct pfioc_table *io = (struct pfioc_table *)addr;

+ if (io->pfrio_esize != sizeof(struct pfr_tstats)) {

+ error = ENODEV;

+ break;

+ }

error = pfr_get_tstats(io->pfrio_buffer, &io->pfrio_size,

io->pfrio_flags);

break;

@@ -1819,6 +1839,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

case DIOCRCLRTSTATS: {

struct pfioc_table *io = (struct pfioc_table *)addr;

+ if (io->pfrio_esize != sizeof(struct pfr_table)) {

+ error = ENODEV;

+ break;

+ }

error = pfr_clr_tstats(io->pfrio_buffer, io->pfrio_size,

&io->pfrio_nzero, io->pfrio_flags);

break;

@@ -1827,6 +1851,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

case DIOCRSETTFLAGS: {

struct pfioc_table *io = (struct pfioc_table *)addr;

+ if (io->pfrio_esize != sizeof(struct pfr_table)) {

+ error = ENODEV;

+ break;

+ }

error = pfr_set_tflags(io->pfrio_buffer, io->pfrio_size,

io->pfrio_setflag, io->pfrio_clrflag, &io->pfrio_nchange,

&io->pfrio_ndel, io->pfrio_flags);

@@ -1836,6 +1864,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

case DIOCRCLRADDRS: {

struct pfioc_table *io = (struct pfioc_table *)addr;

+ if (io->pfrio_esize != 0) {

+ error = ENODEV;

+ break;

+ }

error = pfr_clr_addrs(&io->pfrio_table, &io->pfrio_ndel,

io->pfrio_flags);

break;

@@ -1844,6 +1876,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

case DIOCRADDADDRS: {

struct pfioc_table *io = (struct pfioc_table *)addr;

+ if (io->pfrio_esize != sizeof(struct pfr_addr)) {

+ error = ENODEV;

+ break;

+ }

error = pfr_add_addrs(&io->pfrio_table, io->pfrio_buffer,

io->pfrio_size, &io->pfrio_nadd, io->pfrio_flags);

break;

@@ -1852,6 +1888,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

case DIOCRDELADDRS: {

struct pfioc_table *io = (struct pfioc_table *)addr;

+ if (io->pfrio_esize != sizeof(struct pfr_addr)) {

+ error = ENODEV;

+ break;

+ }

error = pfr_del_addrs(&io->pfrio_table, io->pfrio_buffer,

io->pfrio_size, &io->pfrio_ndel, io->pfrio_flags);

break;

@@ -1860,6 +1900,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

case DIOCRSETADDRS: {

struct pfioc_table *io = (struct pfioc_table *)addr;

+ if (io->pfrio_esize != sizeof(struct pfr_addr)) {

+ error = ENODEV;

+ break;

+ }

error = pfr_set_addrs(&io->pfrio_table, io->pfrio_buffer,

io->pfrio_size, &io->pfrio_size2, &io->pfrio_nadd,

&io->pfrio_ndel, &io->pfrio_nchange, io->pfrio_flags);

@@ -1869,6 +1913,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

case DIOCRGETADDRS: {

struct pfioc_table *io = (struct pfioc_table *)addr;

+ if (io->pfrio_esize != sizeof(struct pfr_addr)) {

+ error = ENODEV;

+ break;

+ }

error = pfr_get_addrs(&io->pfrio_table, io->pfrio_buffer,

&io->pfrio_size, io->pfrio_flags);

break;

@@ -1877,6 +1925,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

case DIOCRGETASTATS: {

struct pfioc_table *io = (struct pfioc_table *)addr;

+ if (io->pfrio_esize != sizeof(struct pfr_astats)) {

+ error = ENODEV;

+ break;

+ }

error = pfr_get_astats(&io->pfrio_table, io->pfrio_buffer,

&io->pfrio_size, io->pfrio_flags);

break;

@@ -1885,6 +1937,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

case DIOCRCLRASTATS: {

struct pfioc_table *io = (struct pfioc_table *)addr;

+ if (io->pfrio_esize != sizeof(struct pfr_addr)) {

+ error = ENODEV;

+ break;

+ }

error = pfr_clr_astats(&io->pfrio_table, io->pfrio_buffer,

io->pfrio_size, &io->pfrio_nzero, io->pfrio_flags);

break;

@@ -1893,6 +1949,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

case DIOCRTSTADDRS: {

struct pfioc_table *io = (struct pfioc_table *)addr;

+ if (io->pfrio_esize != sizeof(struct pfr_addr)) {

+ error = ENODEV;

+ break;

+ }

error = pfr_tst_addrs(&io->pfrio_table, io->pfrio_buffer,

io->pfrio_size, &io->pfrio_nmatch, io->pfrio_flags);

break;

@@ -1901,6 +1961,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

case DIOCRINABEGIN: {

struct pfioc_table *io = (struct pfioc_table *)addr;

+ if (io->pfrio_esize != 0) {

+ error = ENODEV;

+ break;

+ }

error = pfr_ina_begin(&io->pfrio_ticket, &io->pfrio_ndel,

io->pfrio_flags);

break;

@@ -1909,6 +1973,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

case DIOCRINACOMMIT: {

struct pfioc_table *io = (struct pfioc_table *)addr;

+ if (io->pfrio_esize != 0) {

+ error = ENODEV;

+ break;

+ }

error = pfr_ina_commit(io->pfrio_ticket, &io->pfrio_nadd,

&io->pfrio_nchange, io->pfrio_flags);

break;

@@ -1917,6 +1985,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

case DIOCRINADEFINE: {

struct pfioc_table *io = (struct pfioc_table *)addr;

+ if (io->pfrio_esize != sizeof(struct pfr_addr)) {

+ error = ENODEV;

+ break;

+ }

error = pfr_ina_define(&io->pfrio_table, io->pfrio_buffer,

io->pfrio_size, &io->pfrio_nadd, &io->pfrio_naddr,

io->pfrio_ticket, io->pfrio_flags);

diff --git a/sys/net/pf_table.c b/sys/net/pf_table.c
index e92bf37307b..db2b8750da4 100644
--- a/sys/net/pf_table.c
+++ b/sys/net/pf_table.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pf_table.c,v 1.32 2003/04/04 01:46:04 deraadt Exp $ */

+/* $OpenBSD: pf_table.c,v 1.33 2003/04/27 16:02:08 cedric Exp $ */

@@ -1706,7 +1706,7 @@ pfr_attach_table(char *name)

return NULL;

pfr_insert_ktable(kt);

}

- if (!kt->pfrkt_refcnt++)

+ if (!kt->pfrkt_refcnt[PFR_REFCNT_RULE]++)

pfr_setflags_ktable(kt, kt->pfrkt_flags|PFR_TFLAG_REFERENCED);

return kt;

}

@@ -1714,9 +1714,9 @@ pfr_attach_table(char *name)

void

pfr_detach_table(struct pfr_ktable *kt)

{

- if (kt->pfrkt_refcnt <= 0)

+ if (kt->pfrkt_refcnt[PFR_REFCNT_RULE] <= 0)

printf("pfr_detach_table: refcount = %d.\n",

- kt->pfrkt_refcnt);

- else if (!--kt->pfrkt_refcnt)

+ kt->pfrkt_refcnt[PFR_REFCNT_RULE]);

+ else if (!--kt->pfrkt_refcnt[PFR_REFCNT_RULE])

pfr_setflags_ktable(kt, kt->pfrkt_flags&~PFR_TFLAG_REFERENCED);

}

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index c732bdf4174..3b537fbfee1 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: pfvar.h,v 1.140 2003/04/11 14:40:57 henning Exp $ */

+/* $OpenBSD: pfvar.h,v 1.141 2003/04/27 16:02:08 cedric Exp $ */

@@ -479,13 +479,17 @@ TAILQ_HEAD(pf_anchorqueue, pf_anchor);

#define PFR_TFLAG_ACTIVE 0x00000004

#define PFR_TFLAG_INACTIVE 0x00000008

#define PFR_TFLAG_REFERENCED 0x00000010

+#define PFR_TFLAG_REFDANCHOR 0x00000020

#define PFR_TFLAG_USRMASK 0x00000003

-#define PFR_TFLAG_SETMASK 0x0000001C

-#define PFR_TFLAG_ALLMASK 0x0000001F

+#define PFR_TFLAG_SETMASK 0x0000003C

+#define PFR_TFLAG_ALLMASK 0x0000003F

struct pfr_table {

+ char pfrt_anchor[PF_ANCHOR_NAME_SIZE];

+ char pfrt_ruleset[PF_RULESET_NAME_SIZE];

char pfrt_name[PF_TABLE_NAME_SIZE];

u_int32_t pfrt_flags;

+ u_int8_t pfrt_fback;

};

enum { PFR_FB_NONE, PFR_FB_MATCH, PFR_FB_ADDED, PFR_FB_DELETED,

@@ -516,6 +520,8 @@ struct pfr_astats {

long pfras_tzero;

};

+enum { PFR_REFCNT_RULE, PFR_REFCNT_ANCHOR, PFR_REFCNT_MAX };

struct pfr_tstats {

struct pfr_table pfrts_t;

u_int64_t pfrts_packets[PFR_DIR_MAX][PFR_OP_TABLE_MAX];

@@ -524,7 +530,7 @@ struct pfr_tstats {

u_int64_t pfrts_nomatch;

long pfrts_tzero;

int pfrts_cnt;

- int pfrts_refcnt;

+ int pfrts_refcnt[PFR_REFCNT_MAX];

};

#define pfrts_name pfrts_t.pfrt_name

#define pfrts_flags pfrts_t.pfrt_flags

@@ -850,6 +856,7 @@ struct pfioc_ruleset {

struct pfioc_table {

struct pfr_table pfrio_table;

void *pfrio_buffer;

+ int pfrio_esize;

int pfrio_size;

int pfrio_size2;

int pfrio_nadd;