diff options
-rw-r--r-- | sys/net/pf.c | 33 | ||||
-rw-r--r-- | sys/net/pf_ioctl.c | 137 | ||||
-rw-r--r-- | sys/net/pfvar.h | 7 |
3 files changed, 101 insertions, 76 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 17ee4ffcabd..5ab21c2402e 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.424 2004/02/10 22:42:57 dhartmei Exp $ */ +/* $OpenBSD: pf.c,v 1.425 2004/02/19 07:41:45 kjc Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -81,10 +81,6 @@ #include <netinet6/nd6.h> #endif /* INET6 */ -#ifdef ALTQ -#include <altq/if_altq.h> -#endif - #define DPFPRINTF(n, x) if (pf_status.debug >= (n)) printf x @@ -1058,33 +1054,6 @@ pf_addr_wrap_neq(struct pf_addr_wrap *aw1, struct pf_addr_wrap *aw2) } void -pf_rule_set_qid(struct pf_rulequeue *rules) -{ - struct pf_rule *rule; - - TAILQ_FOREACH(rule, rules, entries) - if (rule->qname[0] != 0) { - rule->qid = pf_qname_to_qid(rule->qname); - if (rule->pqname[0] != 0) - rule->pqid = pf_qname_to_qid(rule->pqname); - else - rule->pqid = rule->qid; - } -} - -u_int32_t -pf_qname_to_qid(char *qname) -{ - struct pf_altq *altq; - - TAILQ_FOREACH(altq, pf_altqs_active, entries) - if (!strcmp(altq->qname, qname)) - return (altq->qid); - - return (0); -} - -void pf_update_anchor_rules() { struct pf_rule *rule; diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 26229411077..49bb601f10f 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.105 2004/02/13 19:32:49 mpf Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.106 2004/02/19 07:41:45 kjc Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -96,7 +96,15 @@ extern struct timeout pf_expire_to; struct pf_rule pf_default_rule; #define TAGID_MAX 50000 -TAILQ_HEAD(pf_tags, pf_tagname) pf_tags = TAILQ_HEAD_INITIALIZER(pf_tags); +TAILQ_HEAD(pf_tags, pf_tagname) pf_tags = TAILQ_HEAD_INITIALIZER(pf_tags), + pf_qids = TAILQ_HEAD_INITIALIZER(pf_qids); + +#if (PF_QNAME_SIZE != PF_TAG_NAME_SIZE) +#error PF_QNAME_SIZE must be equal to PF_TAG_NAME_SIZE +#endif +static u_int16_t tagname2tag(struct pf_tags *, char *); +static void tag2tagname(struct pf_tags *, u_int16_t, char *); +static void tag_unref(struct pf_tags *, u_int16_t); #define DPFPRINTF(n, x) if (pf_status.debug >= (n)) printf x @@ -433,6 +441,11 @@ pf_rm_rule(struct pf_rulequeue *rulequeue, struct pf_rule *rule) return; pf_tag_unref(rule->tag); pf_tag_unref(rule->match_tag); +#ifdef ALTQ + if (rule->pqid != rule->qid) + pf_qid_unref(rule->pqid); + pf_qid_unref(rule->qid); +#endif pfi_dynaddr_remove(&rule->src.addr); pfi_dynaddr_remove(&rule->dst.addr); if (rulequeue == NULL) { @@ -444,13 +457,13 @@ pf_rm_rule(struct pf_rulequeue *rulequeue, struct pf_rule *rule) pool_put(&pf_rule_pl, rule); } -u_int16_t -pf_tagname2tag(char *tagname) +static u_int16_t +tagname2tag(struct pf_tags *head, char *tagname) { struct pf_tagname *tag, *p = NULL; u_int16_t new_tagid = 1; - TAILQ_FOREACH(tag, &pf_tags, entries) + TAILQ_FOREACH(tag, head, entries) if (strcmp(tagname, tag->name) == 0) { tag->ref++; return (tag->tag); @@ -463,8 +476,8 @@ pf_tagname2tag(char *tagname) */ /* new entry */ - if (!TAILQ_EMPTY(&pf_tags)) - for (p = TAILQ_FIRST(&pf_tags); p != NULL && + if (!TAILQ_EMPTY(head)) + for (p = TAILQ_FIRST(head); p != NULL && p->tag == new_tagid; p = TAILQ_NEXT(p, entries)) new_tagid = p->tag + 1; @@ -484,36 +497,36 @@ pf_tagname2tag(char *tagname) if (p != NULL) /* insert new entry before p */ TAILQ_INSERT_BEFORE(p, tag, entries); else /* either list empty or no free slot in between */ - TAILQ_INSERT_TAIL(&pf_tags, tag, entries); + TAILQ_INSERT_TAIL(head, tag, entries); return (tag->tag); } -void -pf_tag2tagname(u_int16_t tagid, char *p) +static void +tag2tagname(struct pf_tags *head, u_int16_t tagid, char *p) { struct pf_tagname *tag; - TAILQ_FOREACH(tag, &pf_tags, entries) + TAILQ_FOREACH(tag, head, entries) if (tag->tag == tagid) { strlcpy(p, tag->name, PF_TAG_NAME_SIZE); return; } } -void -pf_tag_unref(u_int16_t tag) +static void +tag_unref(struct pf_tags *head, u_int16_t tag) { struct pf_tagname *p, *next; if (tag == 0) return; - for (p = TAILQ_FIRST(&pf_tags); p != NULL; p = next) { + for (p = TAILQ_FIRST(head); p != NULL; p = next) { next = TAILQ_NEXT(p, entries); if (tag == p->tag) { if (--p->ref == 0) { - TAILQ_REMOVE(&pf_tags, p, entries); + TAILQ_REMOVE(head, p, entries); free(p, M_TEMP); } break; @@ -521,7 +534,43 @@ pf_tag_unref(u_int16_t tag) } } +u_int16_t +pf_tagname2tag(char *tagname) +{ + return (tagname2tag(&pf_tags, tagname)); +} + +void +pf_tag2tagname(u_int16_t tagid, char *p) +{ + return (tag2tagname(&pf_tags, tagid, p)); +} + +void +pf_tag_unref(u_int16_t tag) +{ + return (tag_unref(&pf_tags, tag)); +} + #ifdef ALTQ +u_int32_t +pf_qname2qid(char *qname) +{ + return ((u_int32_t)tagname2tag(&pf_qids, qname)); +} + +void +pf_qid2qname(u_int32_t qid, char *p) +{ + return (tag2tagname(&pf_qids, (u_int16_t)qid, p)); +} + +void +pf_qid_unref(u_int32_t qid) +{ + return (tag_unref(&pf_qids, (u_int16_t)qid)); +} + int pf_begin_altq(u_int32_t *ticket) { @@ -534,7 +583,8 @@ pf_begin_altq(u_int32_t *ticket) if (altq->qname[0] == 0) { /* detach and destroy the discipline */ error = altq_remove(altq); - } + } else + pf_qid_unref(altq->qid); pool_put(&pf_altq_pl, altq); } if (error) @@ -558,7 +608,8 @@ pf_rollback_altq(u_int32_t ticket) if (altq->qname[0] == 0) { /* detach and destroy the discipline */ error = altq_remove(altq); - } + } else + pf_qid_unref(altq->qid); pool_put(&pf_altq_pl, altq); } altqs_inactive_open = 0; @@ -570,8 +621,6 @@ pf_commit_altq(u_int32_t ticket) { struct pf_altqqueue *old_altqs; struct pf_altq *altq; - struct pf_anchor *anchor; - struct pf_ruleset *ruleset; int s, err, error = 0; if (!altqs_inactive_open || ticket != ticket_altqs_inactive) @@ -607,21 +656,12 @@ pf_commit_altq(u_int32_t ticket) err = altq_remove(altq); if (err != 0 && error == 0) error = err; - } + } else + pf_qid_unref(altq->qid); pool_put(&pf_altq_pl, altq); } splx(s); - /* update queue IDs */ - pf_rule_set_qid( - pf_main_ruleset.rules[PF_RULESET_FILTER].active.ptr); - TAILQ_FOREACH(anchor, &pf_anchors, entries) { - TAILQ_FOREACH(ruleset, &anchor->rulesets, entries) { - pf_rule_set_qid( - ruleset->rules[PF_RULESET_FILTER].active.ptr - ); - } - } altqs_inactive_open = 0; return (error); } @@ -678,12 +718,6 @@ pf_commit_rules(u_int32_t ticket, int rs_num, char *anchor, char *ruleset) ticket != rs->rules[rs_num].inactive.ticket) return (EBUSY); -#ifdef ALTQ - /* set queue IDs */ - if (rs_num == PF_RULESET_FILTER) - pf_rule_set_qid(rs->rules[rs_num].inactive.ptr); -#endif - /* Swap rules, keep the old. */ s = splsoftnet(); old_rules = rs->rules[rs_num].active.ptr; @@ -914,6 +948,19 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) } } +#ifdef ALTQ + /* set queue IDs */ + if (rule->qname[0] != 0) { + if ((rule->qid = pf_qname2qid(rule->qname)) == 0) + error = EBUSY; + else if (rule->pqname[0] != 0) { + if ((rule->pqid = + pf_qname2qid(rule->pqname)) == 0) + error = EBUSY; + } else + rule->pqid = rule->qid; + } +#endif if (rule->tagname[0]) if ((rule->tag = pf_tagname2tag(rule->tagname)) == 0) error = EBUSY; @@ -1116,11 +1163,14 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) #ifdef ALTQ /* set queue IDs */ if (newrule->qname[0] != 0) { - newrule->qid = pf_qname_to_qid(newrule->qname); - if (newrule->pqname[0] != 0) - newrule->pqid = - pf_qname_to_qid(newrule->pqname); - else + if ((newrule->qid = + pf_qname2qid(newrule->qname)) == 0) + error = EBUSY; + else if (newrule->pqname[0] != 0) { + if ((newrule->pqid = + pf_qname2qid(newrule->pqname)) == 0) + error = EBUSY; + } else newrule->pqid = newrule->qid; } #endif @@ -1654,6 +1704,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) * copy the necessary fields */ if (altq->qname[0] != 0) { + if ((altq->qid = pf_qname2qid(altq->qname)) == 0) { + error = EBUSY; + pool_put(&pf_altq_pl, altq); + break; + } TAILQ_FOREACH(a, pf_altqs_inactive, entries) { if (strncmp(a->ifname, altq->ifname, IFNAMSIZ) == 0 && a->qname[0] == 0) { diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 3788a43dac0..492074bba88 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.183 2004/02/10 22:42:57 dhartmei Exp $ */ +/* $OpenBSD: pfvar.h,v 1.184 2004/02/19 07:41:45 kjc Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1299,8 +1299,6 @@ extern int pf_tbladdr_setup(struct pf_ruleset *, extern void pf_tbladdr_remove(struct pf_addr_wrap *); extern void pf_tbladdr_copyout(struct pf_addr_wrap *); extern void pf_calc_skip_steps(struct pf_rulequeue *); -extern void pf_rule_set_qid(struct pf_rulequeue *); -extern u_int32_t pf_qname_to_qid(char *); extern void pf_update_anchor_rules(void); extern struct pool pf_src_tree_pl, pf_rule_pl; extern struct pool pf_state_pl, pf_altq_pl, pf_pooladdr_pl; @@ -1431,6 +1429,9 @@ u_int16_t pf_tagname2tag(char *); void pf_tag2tagname(u_int16_t, char *); void pf_tag_unref(u_int16_t); int pf_tag_packet(struct mbuf *, struct pf_tag *, int); +u_int32_t pf_qname2qid(char *); +void pf_qid2qname(u_int32_t, char *); +void pf_qid_unref(u_int32_t); extern struct pf_status pf_status; extern struct pool pf_frent_pl, pf_frag_pl; |