diff options
| -rw-r--r-- | share/man/man4/pf.4 | 17 | ||||
| -rw-r--r-- | sys/net/pf_ioctl.c | 21 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 5 |
3 files changed, 21 insertions, 22 deletions
diff --git a/share/man/man4/pf.4 b/share/man/man4/pf.4 index 114f2037f06..e8ea3bfd1a3 100644 --- a/share/man/man4/pf.4 +++ b/share/man/man4/pf.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.4,v 1.59 2007/05/31 19:19:51 jmc Exp $ +.\" $OpenBSD: pf.4,v 1.60 2007/12/02 12:08:04 pascoe Exp $ .\" .\" Copyright (C) 2001, Kjell Wooding. All rights reserved. .\" @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: May 31 2007 $ +.Dd $Mdocdate: December 2 2007 $ .Dt PF 4 .Os .Sh NAME @@ -292,14 +292,17 @@ if another process is concurrently updating a ruleset. Add a state entry. .Bd -literal struct pfioc_state { - u_int32_t nr; - struct pf_state state; + struct pfsync_state state; }; .Ed .It Dv DIOCGETSTATE Fa "struct pfioc_state *ps" -Extract the entry with the specified number -.Va nr -from the state table. +Extract the entry identified by the +.Va id +and +.Va creatorid +fields of the +.Va state +structure from the state table. .It Dv DIOCKILLSTATES Fa "struct pfioc_state_kill *psk" Remove matching entries from the state table. This ioctl returns the number of killed states in diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index fdbdb45b226..9226258352b 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.192 2007/12/02 12:00:20 pascoe Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.193 2007/12/02 12:08:04 pascoe Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1633,7 +1633,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) case DIOCADDSTATE: { struct pfioc_state *ps = (struct pfioc_state *)addr; - struct pfsync_state *sp = (struct pfsync_state *)ps->state; + struct pfsync_state *sp = &ps->state; struct pf_state *s; struct pf_state_key *sk; struct pfi_kif *kif; @@ -1675,21 +1675,18 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) case DIOCGETSTATE: { struct pfioc_state *ps = (struct pfioc_state *)addr; struct pf_state *s; - u_int32_t nr; + struct pf_state_cmp id_key; - nr = 0; - RB_FOREACH(s, pf_state_tree_id, &tree_id) { - if (nr >= ps->nr) - break; - nr++; - } + bcopy(ps->state.id, &id_key.id, sizeof(id_key.id)); + id_key.creatorid = ps->state.creatorid; + + s = pf_find_state_byid(&id_key); if (s == NULL) { - error = EBUSY; + error = ENOENT; break; } - pf_state_export((struct pfsync_state *)ps->state, - s->state_key, s); + pf_state_export(&ps->state, s->state_key, s); break; } diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 260c6772ef6..7f2bf5e88ab 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.258 2007/09/27 22:24:05 mpf Exp $ */ +/* $OpenBSD: pfvar.h,v 1.259 2007/12/02 12:08:04 pascoe Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1332,8 +1332,7 @@ struct pfioc_natlook { }; struct pfioc_state { - u_int32_t nr; - void *state; + struct pfsync_state state; }; struct pfioc_src_node_kill { |