src - OpenBSD base system

diff options


context:
space:
mode:

author	Ryan Thomas McBride <mcbride@cvs.openbsd.org>	2005-11-04 08:24:16 +0000
committer	Ryan Thomas McBride <mcbride@cvs.openbsd.org>	2005-11-04 08:24:16 +0000
commit	5e41b39a3485941001cdb7a8ee3a81d20df276a0 (patch)
tree	baced972cdcecf1063ebb47902c6c9e8c1b18445 /sys
parent	086343e525726acfced4e03c5abe185e9af29eb6 (diff)

crank pf_state and pf_src_node byte and packet counters to u_in64_t, since

we're breaking pfsync compatibility this cycle anyways. Requested by djm@, ok henning@, 'wheee!' deraadt@

Diffstat (limited to 'sys')

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

4 files changed, 30 insertions, 18 deletions

diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c
index 3143f754458..b72daed2958 100644
--- a/sys/net/if_pfsync.c
+++ b/sys/net/if_pfsync.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: if_pfsync.c,v 1.58 2005/11/01 06:26:52 pascoe Exp $ */

+/* $OpenBSD: if_pfsync.c,v 1.59 2005/11/04 08:24:14 mcbride Exp $ */

@@ -1135,10 +1135,10 @@ pfsync_pack_state(u_int8_t action, struct pf_state *st, int flags)

bcopy(&st->rt_addr, &sp->rt_addr, sizeof(sp->rt_addr));

sp->creation = htonl(secs - st->creation);

- sp->packets[0] = htonl(st->packets[0]);

- sp->packets[1] = htonl(st->packets[1]);

- sp->bytes[0] = htonl(st->bytes[0]);

- sp->bytes[1] = htonl(st->bytes[1]);

+ pf_state_counter_hton(st->packets[0], sp->packets[0]);

+ pf_state_counter_hton(st->packets[1], sp->packets[1]);

+ pf_state_counter_hton(st->bytes[0], sp->bytes[0]);

+ pf_state_counter_hton(st->bytes[1], sp->bytes[1]);

if ((r = st->rule.ptr) == NULL)

sp->rule = htonl(-1);

else

diff --git a/sys/net/if_pfsync.h b/sys/net/if_pfsync.h
index 70bd69666e1..62902ddc1dc 100644
--- a/sys/net/if_pfsync.h
+++ b/sys/net/if_pfsync.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: if_pfsync.h,v 1.27 2005/10/27 12:34:40 mcbride Exp $ */

+/* $OpenBSD: if_pfsync.h,v 1.28 2005/11/04 08:24:14 mcbride Exp $ */

@@ -72,8 +72,8 @@ struct pfsync_state {

u_int32_t nat_rule;

u_int32_t creation;

u_int32_t expire;

- u_int32_t packets[2];

- u_int32_t bytes[2];

+ u_int32_t packets[2][2];

+ u_int32_t bytes[2][2];

u_int32_t creatorid;

sa_family_t af;

u_int8_t proto;

@@ -295,6 +295,17 @@ struct pfsyncreq {

(d)->port = (s)->port; \

} while (0)

+#define pf_state_counter_hton(s,d) do { \

+ d[0] = htonl((s>>32)&0xffffffff); \

+ d[1] = htonl(s&0xffffffff); \

+} while (0)

+#define pf_state_counter_ntoh(s,d) do { \

+ d = ntohl(s[0]); \

+ d = d<<32; \

+ d += ntohl(s[1]); \

+} while (0)

#ifdef _KERNEL

void pfsync_input(struct mbuf *, ...);

int pfsync_clear_states(u_int32_t, char *);

diff --git a/sys/net/pf.c b/sys/net/pf.c
index 4d5847e7886..ccc577f2067 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pf.c,v 1.506 2005/10/26 03:47:33 mcbride Exp $ */

+/* $OpenBSD: pf.c,v 1.507 2005/11/04 08:24:15 mcbride Exp $ */

@@ -4384,8 +4384,8 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kif *kif,

printf("pf: loose state match: ");

pf_print_state(*state);

pf_print_flags(th->th_flags);

- printf(" seq=%u ack=%u len=%u ackskew=%d pkts=%d:%d\n",

- seq, ack, pd->p_len, ackskew,

+ printf(" seq=%u ack=%u len=%u ackskew=%d "

+ "pkts=%llu:%llu\n", seq, ack, pd->p_len, ackskew,

(*state)->packets[0], (*state)->packets[1]);

}

@@ -4436,8 +4436,9 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kif *kif,

printf("pf: BAD state: ");

pf_print_state(*state);

pf_print_flags(th->th_flags);

- printf(" seq=%u ack=%u len=%u ackskew=%d pkts=%d:%d "

- "dir=%s,%s\n", seq, ack, pd->p_len, ackskew,

+ printf(" seq=%u ack=%u len=%u ackskew=%d "

+ "pkts=%llu:%llu dir=%s,%s\n",

+ seq, ack, pd->p_len, ackskew,

(*state)->packets[0], (*state)->packets[1],

direction == PF_IN ? "in" : "out",

direction == (*state)->direction ? "fwd" : "rev");

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index fb1e653e589..50b387e1d26 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: pfvar.h,v 1.232 2005/10/27 12:34:40 mcbride Exp $ */

+/* $OpenBSD: pfvar.h,v 1.233 2005/11/04 08:24:15 mcbride Exp $ */

@@ -625,8 +625,8 @@ struct pf_src_node {

struct pf_addr raddr;

union pf_rule_ptr rule;

struct pfi_kif *kif;

- u_int32_t bytes[2];

- u_int32_t packets[2];

+ u_int64_t bytes[2];

+ u_int64_t packets[2];

u_int32_t states;

u_int32_t conn;

struct pf_threshold conn_rate;

@@ -724,11 +724,11 @@ struct pf_state {

struct pfi_kif *rt_kif;

struct pf_src_node *src_node;

struct pf_src_node *nat_src_node;

+ u_int64_t packets[2];

+ u_int64_t bytes[2];

u_int32_t creation;

u_int32_t expire;

u_int32_t pfsync_time;

- u_int32_t packets[2];

- u_int32_t bytes[2];

u_int16_t tag;

};