diff options
| author | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2020-07-28 16:47:43 +0000 |
|---|---|---|
| committer | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2020-07-28 16:47:43 +0000 |
| commit | b6459668a8100d664f5b2280ff6c3f96ef02e123 (patch) | |
| tree | f860e387c8a9357924228bc4c64c6e7d3f23a302 /sys | |
| parent | 83ecb4e00b9410abb28b8f0474ae39ac462dfc30 (diff) | |
Use the table on root always if current table is not active.
ok sashan
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/pf_lb.c | 42 | ||||
| -rw-r--r-- | sys/net/pf_table.c | 28 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 4 |
3 files changed, 42 insertions, 32 deletions
diff --git a/sys/net/pf_lb.c b/sys/net/pf_lb.c index 510795a4d0b..096f4ea596d 100644 --- a/sys/net/pf_lb.c +++ b/sys/net/pf_lb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_lb.c,v 1.65 2020/07/24 14:06:33 yasuoka Exp $ */ +/* $OpenBSD: pf_lb.c,v 1.66 2020/07/28 16:47:41 yasuoka Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -353,6 +353,7 @@ pf_map_addr(sa_family_t af, struct pf_rule *r, struct pf_addr *saddr, struct pf_addr faddr; struct pf_addr *raddr = &rpool->addr.v.a.addr; struct pf_addr *rmask = &rpool->addr.v.a.mask; + struct pfr_ktable *kt; struct pfi_kif *kif; u_int64_t states; u_int16_t weight; @@ -405,18 +406,17 @@ pf_map_addr(sa_family_t af, struct pf_rule *r, struct pf_addr *saddr, pf_poolmask(naddr, raddr, rmask, saddr, af); break; case PF_POOL_RANDOM: - if (rpool->addr.type == PF_ADDR_TABLE) { - cnt = rpool->addr.p.tbl->pfrkt_cnt; - if (cnt == 0) - rpool->tblidx = 0; + if (rpool->addr.type == PF_ADDR_TABLE || + rpool->addr.type == PF_ADDR_DYNIFTL) { + if (rpool->addr.type == PF_ADDR_TABLE) + kt = rpool->addr.p.tbl; else - rpool->tblidx = (int)arc4random_uniform(cnt); - memset(&rpool->counter, 0, sizeof(rpool->counter)); - if (pfr_pool_get(rpool, &raddr, &rmask, af)) + kt = rpool->addr.p.dyn->pfid_kt; + kt = pfr_ktable_select_active(kt); + if (kt == NULL) return (1); - pf_addrcpy(naddr, &rpool->counter, af); - } else if (rpool->addr.type == PF_ADDR_DYNIFTL) { - cnt = rpool->addr.p.dyn->pfid_kt->pfrkt_cnt; + + cnt = kt->pfrkt_cnt; if (cnt == 0) rpool->tblidx = 0; else @@ -462,18 +462,18 @@ pf_map_addr(sa_family_t af, struct pf_rule *r, struct pf_addr *saddr, case PF_POOL_SRCHASH: hashidx = pf_hash(saddr, (struct pf_addr *)&hash, &rpool->key, af); - if (rpool->addr.type == PF_ADDR_TABLE) { - cnt = rpool->addr.p.tbl->pfrkt_cnt; - if (cnt == 0) - rpool->tblidx = 0; + + if (rpool->addr.type == PF_ADDR_TABLE || + rpool->addr.type == PF_ADDR_DYNIFTL) { + if (rpool->addr.type == PF_ADDR_TABLE) + kt = rpool->addr.p.tbl; else - rpool->tblidx = (int)(hashidx % cnt); - memset(&rpool->counter, 0, sizeof(rpool->counter)); - if (pfr_pool_get(rpool, &raddr, &rmask, af)) + kt = rpool->addr.p.dyn->pfid_kt; + kt = pfr_ktable_select_active(kt); + if (kt == NULL) return (1); - pf_addrcpy(naddr, &rpool->counter, af); - } else if (rpool->addr.type == PF_ADDR_DYNIFTL) { - cnt = rpool->addr.p.dyn->pfid_kt->pfrkt_cnt; + + cnt = kt->pfrkt_cnt; if (cnt == 0) rpool->tblidx = 0; else diff --git a/sys/net/pf_table.c b/sys/net/pf_table.c index 07ec189a12f..6a92673644a 100644 --- a/sys/net/pf_table.c +++ b/sys/net/pf_table.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_table.c,v 1.133 2020/06/24 22:03:43 cheloha Exp $ */ +/* $OpenBSD: pf_table.c,v 1.134 2020/07/28 16:47:41 yasuoka Exp $ */ /* * Copyright (c) 2002 Cedric Berger @@ -2108,9 +2108,8 @@ pfr_kentry_byaddr(struct pfr_ktable *kt, struct pf_addr *a, sa_family_t af, struct sockaddr_in6 tmp6; #endif /* INET6 */ - if (!(kt->pfrkt_flags & PFR_TFLAG_ACTIVE) && kt->pfrkt_root != NULL) - kt = kt->pfrkt_root; - if (!(kt->pfrkt_flags & PFR_TFLAG_ACTIVE)) + kt = pfr_ktable_select_active(kt); + if (kt == NULL) return (0); switch (af) { @@ -2153,9 +2152,8 @@ pfr_update_stats(struct pfr_ktable *kt, struct pf_addr *a, struct pf_pdesc *pd, int dir_idx = (pd->dir == PF_OUT); int op_idx; - if (!(kt->pfrkt_flags & PFR_TFLAG_ACTIVE) && kt->pfrkt_root != NULL) - kt = kt->pfrkt_root; - if (!(kt->pfrkt_flags & PFR_TFLAG_ACTIVE)) + kt = pfr_ktable_select_active(kt); + if (kt == NULL) return; switch (af) { @@ -2308,9 +2306,8 @@ pfr_pool_get(struct pf_pool *rpool, struct pf_addr **raddr, kt = rpool->addr.p.dyn->pfid_kt; else return (-1); - if (!(kt->pfrkt_flags & PFR_TFLAG_ACTIVE) && kt->pfrkt_root != NULL) - kt = kt->pfrkt_root; - if (!(kt->pfrkt_flags & PFR_TFLAG_ACTIVE)) + kt = pfr_ktable_select_active(kt); + if (kt == NULL) return (-1); counter = &rpool->counter; @@ -2565,3 +2562,14 @@ pfr_ktable_winfo_update(struct pfr_ktable *kt, struct pfr_kentry *p) { kt->pfrkt_maxweight = weight; } } + +struct pfr_ktable * +pfr_ktable_select_active(struct pfr_ktable *kt) +{ + if (!(kt->pfrkt_flags & PFR_TFLAG_ACTIVE) && kt->pfrkt_root != NULL) + kt = kt->pfrkt_root; + if (!(kt->pfrkt_flags & PFR_TFLAG_ACTIVE)) + return (NULL); + + return (kt); +} diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 4cf8197fc85..7f0e9b22421 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.494 2020/07/21 14:10:51 henning Exp $ */ +/* $OpenBSD: pfvar.h,v 1.495 2020/07/28 16:47:42 yasuoka Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1845,6 +1845,8 @@ int pfr_ina_rollback(struct pfr_table *, u_int32_t, int *, int); int pfr_ina_commit(struct pfr_table *, u_int32_t, int *, int *, int); int pfr_ina_define(struct pfr_table *, struct pfr_addr *, int, int *, int *, u_int32_t, int); +struct pfr_ktable + *pfr_ktable_select_active(struct pfr_ktable *); extern struct pfi_kif *pfi_all; |