src - OpenBSD base system

diff options


context:
space:
mode:

author	Mike Belopuhov <mikeb@cvs.openbsd.org>	2015-10-30 11:33:56 +0000
committer	Mike Belopuhov <mikeb@cvs.openbsd.org>	2015-10-30 11:33:56 +0000
commit	873aec32d04d503f58cb91cbc1eb62772ce1e4c8 (patch)
tree	f9ba94c331ca03029bd3eb829f0ade1e3dee88d3 /sys/net
parent	4349f443d21b2ef4bab32588bf193e260bfadd26 (diff)

Clean up handling of 'clear states' pfsync packets.

If interface was specified in the packet only if-bound states attached to this interface must be purged. ok mpi, looked at by sasha@

Diffstat (limited to 'sys/net')

-rw-r--r--

sys/net/if_pfsync.c

-rw-r--r--

sys/net/pf_if.c

-rw-r--r--

sys/net/pfvar.h

3 files changed, 26 insertions, 35 deletions

diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c
index 7d633dbb977..779038ed07a 100644
--- a/sys/net/if_pfsync.c
+++ b/sys/net/if_pfsync.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: if_pfsync.c,v 1.220 2015/09/11 08:17:06 claudio Exp $ */

+/* $OpenBSD: if_pfsync.c,v 1.221 2015/10/30 11:33:55 mikeb Exp $ */

@@ -754,42 +754,25 @@ int

pfsync_in_clr(caddr_t buf, int len, int count, int flags)

{

struct pfsync_clr *clr;

- int i;

struct pf_state *st, *nexts;

- struct pf_state_key *sk, *nextsk;

- struct pf_state_item *si;

+ struct pfi_kif *kif;

u_int32_t creatorid;

+ int i;

for (i = 0; i < count; i++) {

clr = (struct pfsync_clr *)buf + len * i;

+ kif = NULL;

creatorid = clr->creatorid;

+ if (strlen(clr->ifname) &&

+ (kif = pfi_kif_find(clr->ifname)) == NULL)

+ continue;

- if (clr->ifname[0] == '\0') {

- for (st = RB_MIN(pf_state_tree_id, &tree_id);

- st; st = nexts) {

- nexts = RB_NEXT(pf_state_tree_id, &tree_id, st);

- if (st->creatorid == creatorid) {

- SET(st->state_flags, PFSTATE_NOSYNC);

- pf_unlink_state(st);

- }

- } else {

- if (pfi_kif_get(clr->ifname) == NULL)

- continue;

- /* XXX correct? */

- for (sk = RB_MIN(pf_state_tree, &pf_statetbl);

- sk; sk = nextsk) {

- nextsk = RB_NEXT(pf_state_tree,

- &pf_statetbl, sk);

- TAILQ_FOREACH(si, &sk->states, entry) {

- if (si->s->creatorid == creatorid) {

- SET(si->s->state_flags,

- PFSTATE_NOSYNC);

- pf_unlink_state(si->s);

- }

+ for (st = RB_MIN(pf_state_tree_id, &tree_id); st; st = nexts) {

+ nexts = RB_NEXT(pf_state_tree_id, &tree_id, st);

+ if (st->creatorid == creatorid &&

+ ((kif && st->kif == kif) || !kif)) {

+ SET(st->state_flags, PFSTATE_NOSYNC);

+ pf_unlink_state(st);

}

diff --git a/sys/net/pf_if.c b/sys/net/pf_if.c
index caaf9f9b9b9..25bf59347d6 100644
--- a/sys/net/pf_if.c
+++ b/sys/net/pf_if.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pf_if.c,v 1.80 2015/09/04 21:40:25 kettenis Exp $ */

+/* $OpenBSD: pf_if.c,v 1.81 2015/10/30 11:33:55 mikeb Exp $ */

@@ -99,14 +99,21 @@ pfi_initialize(void)

}

struct pfi_kif *

-pfi_kif_get(const char *kif_name)

+pfi_kif_find(const char *kif_name)

{

- struct pfi_kif *kif;

struct pfi_kif_cmp s;

bzero(&s, sizeof(s));

strlcpy(s.pfik_name, kif_name, sizeof(s.pfik_name));

- if ((kif = RB_FIND(pfi_ifhead, &pfi_ifs, (struct pfi_kif *)&s)) != NULL)

+ return (RB_FIND(pfi_ifhead, &pfi_ifs, (struct pfi_kif *)&s));

+struct pfi_kif *

+pfi_kif_get(const char *kif_name)

+ struct pfi_kif *kif;

+ if ((kif = pfi_kif_find(kif_name)))

return (kif);

/* create new one */

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index cdb2f7f1017..aad10865ed3 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: pfvar.h,v 1.421 2015/10/13 19:32:32 sashan Exp $ */

+/* $OpenBSD: pfvar.h,v 1.422 2015/10/30 11:33:55 mikeb Exp $ */

@@ -1810,6 +1810,7 @@ int pfr_ina_define(struct pfr_table *, struct pfr_addr *, int, int *,

extern struct pfi_kif *pfi_all;

void pfi_initialize(void);

+struct pfi_kif *pfi_kif_find(const char *);

struct pfi_kif *pfi_kif_get(const char *);

void pfi_kif_ref(struct pfi_kif *, enum pfi_kif_refs);

void pfi_kif_unref(struct pfi_kif *, enum pfi_kif_refs);