summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorMike Belopuhov <mikeb@cvs.openbsd.org>2015-10-30 11:33:56 +0000
committerMike Belopuhov <mikeb@cvs.openbsd.org>2015-10-30 11:33:56 +0000
commit873aec32d04d503f58cb91cbc1eb62772ce1e4c8 (patch)
treef9ba94c331ca03029bd3eb829f0ade1e3dee88d3 /sys
parent4349f443d21b2ef4bab32588bf193e260bfadd26 (diff)
Clean up handling of 'clear states' pfsync packets.
If interface was specified in the packet only if-bound states attached to this interface must be purged. ok mpi, looked at by sasha@
Diffstat (limited to 'sys')
-rw-r--r--sys/net/if_pfsync.c43
-rw-r--r--sys/net/pf_if.c15
-rw-r--r--sys/net/pfvar.h3
3 files changed, 26 insertions, 35 deletions
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c
index 7d633dbb977..779038ed07a 100644
--- a/sys/net/if_pfsync.c
+++ b/sys/net/if_pfsync.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_pfsync.c,v 1.220 2015/09/11 08:17:06 claudio Exp $ */
+/* $OpenBSD: if_pfsync.c,v 1.221 2015/10/30 11:33:55 mikeb Exp $ */
/*
* Copyright (c) 2002 Michael Shalayeff
@@ -754,42 +754,25 @@ int
pfsync_in_clr(caddr_t buf, int len, int count, int flags)
{
struct pfsync_clr *clr;
- int i;
-
struct pf_state *st, *nexts;
- struct pf_state_key *sk, *nextsk;
- struct pf_state_item *si;
+ struct pfi_kif *kif;
u_int32_t creatorid;
+ int i;
for (i = 0; i < count; i++) {
clr = (struct pfsync_clr *)buf + len * i;
+ kif = NULL;
creatorid = clr->creatorid;
+ if (strlen(clr->ifname) &&
+ (kif = pfi_kif_find(clr->ifname)) == NULL)
+ continue;
- if (clr->ifname[0] == '\0') {
- for (st = RB_MIN(pf_state_tree_id, &tree_id);
- st; st = nexts) {
- nexts = RB_NEXT(pf_state_tree_id, &tree_id, st);
- if (st->creatorid == creatorid) {
- SET(st->state_flags, PFSTATE_NOSYNC);
- pf_unlink_state(st);
- }
- }
- } else {
- if (pfi_kif_get(clr->ifname) == NULL)
- continue;
-
- /* XXX correct? */
- for (sk = RB_MIN(pf_state_tree, &pf_statetbl);
- sk; sk = nextsk) {
- nextsk = RB_NEXT(pf_state_tree,
- &pf_statetbl, sk);
- TAILQ_FOREACH(si, &sk->states, entry) {
- if (si->s->creatorid == creatorid) {
- SET(si->s->state_flags,
- PFSTATE_NOSYNC);
- pf_unlink_state(si->s);
- }
- }
+ for (st = RB_MIN(pf_state_tree_id, &tree_id); st; st = nexts) {
+ nexts = RB_NEXT(pf_state_tree_id, &tree_id, st);
+ if (st->creatorid == creatorid &&
+ ((kif && st->kif == kif) || !kif)) {
+ SET(st->state_flags, PFSTATE_NOSYNC);
+ pf_unlink_state(st);
}
}
}
diff --git a/sys/net/pf_if.c b/sys/net/pf_if.c
index caaf9f9b9b9..25bf59347d6 100644
--- a/sys/net/pf_if.c
+++ b/sys/net/pf_if.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_if.c,v 1.80 2015/09/04 21:40:25 kettenis Exp $ */
+/* $OpenBSD: pf_if.c,v 1.81 2015/10/30 11:33:55 mikeb Exp $ */
/*
* Copyright 2005 Henning Brauer <henning@openbsd.org>
@@ -99,14 +99,21 @@ pfi_initialize(void)
}
struct pfi_kif *
-pfi_kif_get(const char *kif_name)
+pfi_kif_find(const char *kif_name)
{
- struct pfi_kif *kif;
struct pfi_kif_cmp s;
bzero(&s, sizeof(s));
strlcpy(s.pfik_name, kif_name, sizeof(s.pfik_name));
- if ((kif = RB_FIND(pfi_ifhead, &pfi_ifs, (struct pfi_kif *)&s)) != NULL)
+ return (RB_FIND(pfi_ifhead, &pfi_ifs, (struct pfi_kif *)&s));
+}
+
+struct pfi_kif *
+pfi_kif_get(const char *kif_name)
+{
+ struct pfi_kif *kif;
+
+ if ((kif = pfi_kif_find(kif_name)))
return (kif);
/* create new one */
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index cdb2f7f1017..aad10865ed3 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfvar.h,v 1.421 2015/10/13 19:32:32 sashan Exp $ */
+/* $OpenBSD: pfvar.h,v 1.422 2015/10/30 11:33:55 mikeb Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -1810,6 +1810,7 @@ int pfr_ina_define(struct pfr_table *, struct pfr_addr *, int, int *,
extern struct pfi_kif *pfi_all;
void pfi_initialize(void);
+struct pfi_kif *pfi_kif_find(const char *);
struct pfi_kif *pfi_kif_get(const char *);
void pfi_kif_ref(struct pfi_kif *, enum pfi_kif_refs);
void pfi_kif_unref(struct pfi_kif *, enum pfi_kif_refs);