summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sys/net/pf_ioctl.c4
-rw-r--r--sys/net/pf_table.c53
-rw-r--r--sys/net/pfvar.h12
3 files changed, 35 insertions, 34 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index b520be303ec..8f41ded176b 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_ioctl.c,v 1.40 2003/01/02 11:34:59 mcbride Exp $ */
+/* $OpenBSD: pf_ioctl.c,v 1.41 2003/01/03 10:39:09 cedric Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -1838,7 +1838,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
struct pfioc_table *io = (struct pfioc_table *)addr;
error = pfr_tst_addrs(&io->pfrio_table, io->pfrio_buffer,
- io->pfrio_size, io->pfrio_flags);
+ io->pfrio_size, &io->pfrio_nmatch, io->pfrio_flags);
break;
}
diff --git a/sys/net/pf_table.c b/sys/net/pf_table.c
index 3d77e4b7f0d..05fcdf487fa 100644
--- a/sys/net/pf_table.c
+++ b/sys/net/pf_table.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_table.c,v 1.9 2003/01/01 22:07:57 cedric Exp $ */
+/* $OpenBSD: pf_table.c,v 1.10 2003/01/03 10:39:09 cedric Exp $ */
/*
* Copyright (c) 2002 Cedric Berger
@@ -107,7 +107,7 @@ struct pfr_kentry *pfr_lookup_addr(struct pfr_ktable *,
struct pfr_kentry *pfr_create_kentry(struct pfr_addr *, long);
void pfr_destroy_kentry(struct pfr_kentry *);
void pfr_destroy_kentries(struct pfr_kentryworkq *);
-int pfr_insert_kentries(struct pfr_ktable *,
+void pfr_insert_kentries(struct pfr_ktable *,
struct pfr_kentryworkq *);
void pfr_remove_kentries(struct pfr_ktable *,
struct pfr_kentryworkq *);
@@ -222,10 +222,7 @@ pfr_add_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
if (!(flags & PFR_FLAG_DUMMY)) {
if (flags & PFR_FLAG_ATOMIC)
s = splsoftnet();
- if (pfr_insert_kentries(kt, &workq)) {
- splx(s);
- senderr(ENOMEM);
- }
+ pfr_insert_kentries(kt, &workq);
if (flags & PFR_FLAG_ATOMIC)
splx(s);
}
@@ -396,11 +393,7 @@ _skip:
if (!(flags & PFR_FLAG_DUMMY)) {
if (flags & PFR_FLAG_ATOMIC)
s = splsoftnet();
- if (pfr_insert_kentries(kt, &addq)) {
- if (flags & PFR_FLAG_ATOMIC)
- splx(s);
- senderr(ENOMEM);
- }
+ pfr_insert_kentries(kt, &addq);
pfr_remove_kentries(kt, &delq);
SLIST_FOREACH(p, &changeq, pfrke_workq)
p->pfrke_not ^= 1;
@@ -428,14 +421,14 @@ _bad:
int
pfr_tst_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
- int flags)
+ int *nmatch, int flags)
{
struct pfr_ktable *kt;
struct pfr_kentry *p;
struct pfr_addr ad;
- int i;
+ int i, xmatch = 0;
- ACCEPT_FLAGS(0);
+ ACCEPT_FLAGS(PFR_FLAG_REPLACE);
kt = pfr_lookup_table(tbl);
if (kt == NULL)
return (ESRCH);
@@ -448,11 +441,17 @@ pfr_tst_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
if (ADDR_NETWORK(&ad))
return (EINVAL);
p = pfr_lookup_addr(kt, &ad, 0);
- ad.pfra_fback = (p != NULL && !p->pfrke_not) ?
- PFR_FB_MATCH : PFR_FB_NONE;
+ if (flags & PFR_FLAG_REPLACE)
+ pfr_copyout_addr(&ad, p);
+ ad.pfra_fback = (p == NULL) ? PFR_FB_NONE :
+ (p->pfrke_not ? PFR_FB_NOTMATCH : PFR_FB_MATCH);
+ if (p != NULL && !p->pfrke_not)
+ xmatch++;
if (copyout(&ad, addr+i, sizeof(ad)))
return (EFAULT);
}
+ if (nmatch != NULL)
+ *nmatch = xmatch;
return (0);
}
@@ -692,27 +691,23 @@ pfr_destroy_kentries(struct pfr_kentryworkq *workq)
}
}
-int
+void
pfr_insert_kentries(struct pfr_ktable *kt,
struct pfr_kentryworkq *workq)
{
- struct pfr_kentry *p, *q;
- int n = 0;
+ struct pfr_kentry *p;
+ int rv, n = 0;
SLIST_FOREACH(p, workq, pfrke_workq) {
- if (pfr_route_kentry(kt, p)) {
- /* bad luck - no memory for netmask */
- SLIST_FOREACH(q, workq, pfrke_workq) {
- if (q == p)
- break;
- pfr_unroute_kentry(kt, q);
- }
- return (-1);
+ rv = pfr_route_kentry(kt, p);
+ if (rv) {
+ printf("pfr_insert_kentries: cannot route entry "
+ "(code=%d).\n", rv);
+ break;
}
n++;
}
kt->pfrkt_cnt += n;
- return (0);
}
void
@@ -847,6 +842,8 @@ void
pfr_copyout_addr(struct pfr_addr *ad, struct pfr_kentry *ke)
{
bzero(ad, sizeof(*ad));
+ if (ke == NULL)
+ return;
ad->pfra_af = ke->pfrke_af;
ad->pfra_net = ke->pfrke_net;
ad->pfra_not = ke->pfrke_not;
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 844ec698762..a122a2dad4c 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfvar.h,v 1.124 2003/01/02 11:43:20 mcbride Exp $ */
+/* $OpenBSD: pfvar.h,v 1.125 2003/01/03 10:39:09 cedric Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -448,7 +448,8 @@ struct pfr_table {
};
enum { PFR_FB_NONE, PFR_FB_MATCH, PFR_FB_ADDED, PFR_FB_DELETED,
- PFR_FB_CHANGED, PFR_FB_CLEARED, PFR_FB_DUPLICATE, PFR_FB_MAX };
+ PFR_FB_CHANGED, PFR_FB_CLEARED, PFR_FB_DUPLICATE,
+ PFR_FB_NOTMATCH, PFR_FB_MAX };
struct pfr_addr {
union {
@@ -804,7 +805,8 @@ struct pfioc_ruleset {
#define PFR_FLAG_FEEDBACK 0x00000004
#define PFR_FLAG_CLSTATS 0x00000008
#define PFR_FLAG_RECURSE 0x00000010
-#define PFR_FLAG_ALLMASK 0x0000001F
+#define PFR_FLAG_REPLACE 0x00000020
+#define PFR_FLAG_ALLMASK 0x0000003F
struct pfioc_table {
struct pfr_table pfrio_table;
@@ -818,6 +820,7 @@ struct pfioc_table {
};
#define pfrio_exists pfrio_nadd
#define pfrio_nzero pfrio_nadd
+#define pfrio_nmatch pfrio_nadd
#define pfrio_name pfrio_table.pfrt_name
@@ -970,7 +973,8 @@ int pfr_get_addrs(struct pfr_table *, struct pfr_addr *, int *, int);
int pfr_get_astats(struct pfr_table *, struct pfr_astats *, int *, int);
int pfr_clr_astats(struct pfr_table *, struct pfr_addr *, int, int *,
int);
-int pfr_tst_addrs(struct pfr_table *, struct pfr_addr *, int, int);
+int pfr_tst_addrs(struct pfr_table *, struct pfr_addr *, int, int *,
+ int);
int pfr_wrap_table(struct pfr_table *, struct pf_addr_wrap *, int *,
int);
int pfr_unwrap_table(struct pfr_table *, struct pf_addr_wrap *, int);