diff options
| author | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2012-04-03 15:09:05 +0000 |
|---|---|---|
| committer | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2012-04-03 15:09:05 +0000 |
| commit | 20bb0d24c31a82d74e7b53f2d6dba080e50b52af (patch) | |
| tree | e8ec33691c630321d5360b1c8a62473202985ed6 /sys/net | |
| parent | b554ee34b2243e64b5e4477cdba01607d95bbabf (diff) | |
Fix kernel compilation with pf but without pfsync pseudo-device by
moving the state export functionality from pfsync code into pf.
Based on the initial diff diff by guenther, ok henning.
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/if_pfsync.c | 65 | ||||
| -rw-r--r-- | sys/net/pf.c | 71 | ||||
| -rw-r--r-- | sys/net/pf_ioctl.c | 8 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 4 |
4 files changed, 80 insertions, 68 deletions
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c index ad3193e3cc2..bb191010dac 100644 --- a/sys/net/if_pfsync.c +++ b/sys/net/if_pfsync.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.181 2012/02/03 01:57:50 bluhm Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.182 2012/04/03 15:09:03 mikeb Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -456,68 +456,7 @@ pfsync_alloc_scrub_memory(struct pfsync_state_peer *s, void pfsync_state_export(struct pfsync_state *sp, struct pf_state *st) { - bzero(sp, sizeof(struct pfsync_state)); - - /* copy from state key */ - sp->key[PF_SK_WIRE].addr[0] = st->key[PF_SK_WIRE]->addr[0]; - sp->key[PF_SK_WIRE].addr[1] = st->key[PF_SK_WIRE]->addr[1]; - sp->key[PF_SK_WIRE].port[0] = st->key[PF_SK_WIRE]->port[0]; - sp->key[PF_SK_WIRE].port[1] = st->key[PF_SK_WIRE]->port[1]; - sp->key[PF_SK_WIRE].rdomain = htons(st->key[PF_SK_WIRE]->rdomain); - sp->key[PF_SK_WIRE].af = st->key[PF_SK_WIRE]->af; - sp->key[PF_SK_STACK].addr[0] = st->key[PF_SK_STACK]->addr[0]; - sp->key[PF_SK_STACK].addr[1] = st->key[PF_SK_STACK]->addr[1]; - sp->key[PF_SK_STACK].port[0] = st->key[PF_SK_STACK]->port[0]; - sp->key[PF_SK_STACK].port[1] = st->key[PF_SK_STACK]->port[1]; - sp->key[PF_SK_STACK].rdomain = htons(st->key[PF_SK_STACK]->rdomain); - sp->key[PF_SK_STACK].af = st->key[PF_SK_STACK]->af; - sp->rtableid[PF_SK_WIRE] = htonl(st->rtableid[PF_SK_WIRE]); - sp->rtableid[PF_SK_STACK] = htonl(st->rtableid[PF_SK_STACK]); - sp->proto = st->key[PF_SK_WIRE]->proto; - sp->af = st->key[PF_SK_WIRE]->af; - - /* copy from state */ - strlcpy(sp->ifname, st->kif->pfik_name, sizeof(sp->ifname)); - bcopy(&st->rt_addr, &sp->rt_addr, sizeof(sp->rt_addr)); - sp->creation = htonl(time_uptime - st->creation); - sp->expire = pf_state_expires(st); - if (sp->expire <= time_second) - sp->expire = htonl(0); - else - sp->expire = htonl(sp->expire - time_second); - - sp->direction = st->direction; - sp->log = st->log; - sp->timeout = st->timeout; - /* XXX replace state_flags post 5.0 */ - sp->state_flags = st->state_flags; - sp->all_state_flags = htons(st->state_flags); - if (!SLIST_EMPTY(&st->src_nodes)) - sp->sync_flags |= PFSYNC_FLAG_SRCNODE; - - sp->id = st->id; - sp->creatorid = st->creatorid; - pf_state_peer_hton(&st->src, &sp->src); - pf_state_peer_hton(&st->dst, &sp->dst); - - if (st->rule.ptr == NULL) - sp->rule = htonl(-1); - else - sp->rule = htonl(st->rule.ptr->nr); - if (st->anchor.ptr == NULL) - sp->anchor = htonl(-1); - else - sp->anchor = htonl(st->anchor.ptr->nr); - sp->nat_rule = htonl(-1); /* left for compat, nat_rule is gone */ - - pf_state_counter_hton(st->packets[0], sp->packets[0]); - pf_state_counter_hton(st->packets[1], sp->packets[1]); - pf_state_counter_hton(st->bytes[0], sp->bytes[0]); - pf_state_counter_hton(st->bytes[1], sp->bytes[1]); - - sp->max_mss = htons(st->max_mss); - sp->min_ttl = st->min_ttl; - sp->set_tos = st->set_tos; + return (pf_state_export(sp, st)); } int diff --git a/sys/net/pf.c b/sys/net/pf.c index 29673646ede..02a6507a63d 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.802 2012/02/05 22:38:06 mikeb Exp $ */ +/* $OpenBSD: pf.c,v 1.803 2012/04/03 15:09:03 mikeb Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1077,6 +1077,73 @@ pf_find_state_all(struct pf_state_key_cmp *key, u_int dir, int *more) return (ret ? ret->s : NULL); } +void +pf_state_export(struct pfsync_state *sp, struct pf_state *st) +{ + bzero(sp, sizeof(struct pfsync_state)); + + /* copy from state key */ + sp->key[PF_SK_WIRE].addr[0] = st->key[PF_SK_WIRE]->addr[0]; + sp->key[PF_SK_WIRE].addr[1] = st->key[PF_SK_WIRE]->addr[1]; + sp->key[PF_SK_WIRE].port[0] = st->key[PF_SK_WIRE]->port[0]; + sp->key[PF_SK_WIRE].port[1] = st->key[PF_SK_WIRE]->port[1]; + sp->key[PF_SK_WIRE].rdomain = htons(st->key[PF_SK_WIRE]->rdomain); + sp->key[PF_SK_WIRE].af = st->key[PF_SK_WIRE]->af; + sp->key[PF_SK_STACK].addr[0] = st->key[PF_SK_STACK]->addr[0]; + sp->key[PF_SK_STACK].addr[1] = st->key[PF_SK_STACK]->addr[1]; + sp->key[PF_SK_STACK].port[0] = st->key[PF_SK_STACK]->port[0]; + sp->key[PF_SK_STACK].port[1] = st->key[PF_SK_STACK]->port[1]; + sp->key[PF_SK_STACK].rdomain = htons(st->key[PF_SK_STACK]->rdomain); + sp->key[PF_SK_STACK].af = st->key[PF_SK_STACK]->af; + sp->rtableid[PF_SK_WIRE] = htonl(st->rtableid[PF_SK_WIRE]); + sp->rtableid[PF_SK_STACK] = htonl(st->rtableid[PF_SK_STACK]); + sp->proto = st->key[PF_SK_WIRE]->proto; + sp->af = st->key[PF_SK_WIRE]->af; + + /* copy from state */ + strlcpy(sp->ifname, st->kif->pfik_name, sizeof(sp->ifname)); + bcopy(&st->rt_addr, &sp->rt_addr, sizeof(sp->rt_addr)); + sp->creation = htonl(time_uptime - st->creation); + sp->expire = pf_state_expires(st); + if (sp->expire <= time_second) + sp->expire = htonl(0); + else + sp->expire = htonl(sp->expire - time_second); + + sp->direction = st->direction; + sp->log = st->log; + sp->timeout = st->timeout; + /* XXX replace state_flags post 5.0 */ + sp->state_flags = st->state_flags; + sp->all_state_flags = htons(st->state_flags); + if (!SLIST_EMPTY(&st->src_nodes)) + sp->sync_flags |= PFSYNC_FLAG_SRCNODE; + + sp->id = st->id; + sp->creatorid = st->creatorid; + pf_state_peer_hton(&st->src, &sp->src); + pf_state_peer_hton(&st->dst, &sp->dst); + + if (st->rule.ptr == NULL) + sp->rule = htonl(-1); + else + sp->rule = htonl(st->rule.ptr->nr); + if (st->anchor.ptr == NULL) + sp->anchor = htonl(-1); + else + sp->anchor = htonl(st->anchor.ptr->nr); + sp->nat_rule = htonl(-1); /* left for compat, nat_rule is gone */ + + pf_state_counter_hton(st->packets[0], sp->packets[0]); + pf_state_counter_hton(st->packets[1], sp->packets[1]); + pf_state_counter_hton(st->bytes[0], sp->bytes[0]); + pf_state_counter_hton(st->bytes[1], sp->bytes[1]); + + sp->max_mss = htons(st->max_mss); + sp->min_ttl = st->min_ttl; + sp->set_tos = st->set_tos; +} + /* END state table stuff */ void @@ -3636,7 +3703,9 @@ pf_create_state(struct pf_pdesc *pd, struct pf_rule *r, struct pf_rule *a, s->set_tos = act->set_tos; s->max_mss = act->max_mss; s->state_flags |= act->flags; +#if NPFSYNC > 0 s->sync_state = PFSYNC_S_NONE; +#endif s->prio[0] = act->prio[0]; s->prio[1] = act->prio[1]; switch (pd->proto) { diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index df3d6ab2335..7e89346e96f 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.249 2012/03/28 19:41:05 claudio Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.250 2012/04/03 15:09:03 mikeb Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1390,6 +1390,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) break; } +#if NPFSYNC > 0 case DIOCADDSTATE: { struct pfioc_state *ps = (struct pfioc_state *)addr; struct pfsync_state *sp = &ps->state; @@ -1401,6 +1402,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) error = pfsync_state_import(sp, PFSYNC_SI_IOCTL); break; } +#endif case DIOCGETSTATE: { struct pfioc_state *ps = (struct pfioc_state *)addr; @@ -1417,7 +1419,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) break; } - pfsync_state_export(&ps->state, s); + pf_state_export(&ps->state, s); break; } @@ -1442,7 +1444,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) if (state->timeout != PFTM_UNLINKED) { if ((nr+1) * sizeof(*p) > (unsigned)ps->ps_len) break; - pfsync_state_export(pstore, state); + pf_state_export(pstore, state); error = copyout(pstore, p, sizeof(*p)); if (error) { free(pstore, M_TEMP); diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index f99a1891000..3d8f020a495 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.362 2012/02/03 01:57:51 bluhm Exp $ */ +/* $OpenBSD: pfvar.h,v 1.363 2012/04/03 15:09:04 mikeb Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1765,6 +1765,8 @@ void pf_state_rm_src_node(struct pf_state *, extern struct pf_state *pf_find_state_byid(struct pf_state_cmp *); extern struct pf_state *pf_find_state_all(struct pf_state_key_cmp *, u_int, int *); +extern void pf_state_export(struct pfsync_state *, + struct pf_state *); extern void pf_print_state(struct pf_state *); extern void pf_print_flags(u_int8_t); extern u_int16_t pf_cksum_fixup(u_int16_t, u_int16_t, u_int16_t, |