diff options
-rw-r--r-- | sys/net/pf_ioctl.c | 4 | ||||
-rw-r--r-- | sys/net/pf_table.c | 53 | ||||
-rw-r--r-- | sys/net/pfvar.h | 12 |
3 files changed, 35 insertions, 34 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index b520be303ec..8f41ded176b 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.40 2003/01/02 11:34:59 mcbride Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.41 2003/01/03 10:39:09 cedric Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1838,7 +1838,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) struct pfioc_table *io = (struct pfioc_table *)addr; error = pfr_tst_addrs(&io->pfrio_table, io->pfrio_buffer, - io->pfrio_size, io->pfrio_flags); + io->pfrio_size, &io->pfrio_nmatch, io->pfrio_flags); break; } diff --git a/sys/net/pf_table.c b/sys/net/pf_table.c index 3d77e4b7f0d..05fcdf487fa 100644 --- a/sys/net/pf_table.c +++ b/sys/net/pf_table.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_table.c,v 1.9 2003/01/01 22:07:57 cedric Exp $ */ +/* $OpenBSD: pf_table.c,v 1.10 2003/01/03 10:39:09 cedric Exp $ */ /* * Copyright (c) 2002 Cedric Berger @@ -107,7 +107,7 @@ struct pfr_kentry *pfr_lookup_addr(struct pfr_ktable *, struct pfr_kentry *pfr_create_kentry(struct pfr_addr *, long); void pfr_destroy_kentry(struct pfr_kentry *); void pfr_destroy_kentries(struct pfr_kentryworkq *); -int pfr_insert_kentries(struct pfr_ktable *, +void pfr_insert_kentries(struct pfr_ktable *, struct pfr_kentryworkq *); void pfr_remove_kentries(struct pfr_ktable *, struct pfr_kentryworkq *); @@ -222,10 +222,7 @@ pfr_add_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size, if (!(flags & PFR_FLAG_DUMMY)) { if (flags & PFR_FLAG_ATOMIC) s = splsoftnet(); - if (pfr_insert_kentries(kt, &workq)) { - splx(s); - senderr(ENOMEM); - } + pfr_insert_kentries(kt, &workq); if (flags & PFR_FLAG_ATOMIC) splx(s); } @@ -396,11 +393,7 @@ _skip: if (!(flags & PFR_FLAG_DUMMY)) { if (flags & PFR_FLAG_ATOMIC) s = splsoftnet(); - if (pfr_insert_kentries(kt, &addq)) { - if (flags & PFR_FLAG_ATOMIC) - splx(s); - senderr(ENOMEM); - } + pfr_insert_kentries(kt, &addq); pfr_remove_kentries(kt, &delq); SLIST_FOREACH(p, &changeq, pfrke_workq) p->pfrke_not ^= 1; @@ -428,14 +421,14 @@ _bad: int pfr_tst_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size, - int flags) + int *nmatch, int flags) { struct pfr_ktable *kt; struct pfr_kentry *p; struct pfr_addr ad; - int i; + int i, xmatch = 0; - ACCEPT_FLAGS(0); + ACCEPT_FLAGS(PFR_FLAG_REPLACE); kt = pfr_lookup_table(tbl); if (kt == NULL) return (ESRCH); @@ -448,11 +441,17 @@ pfr_tst_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size, if (ADDR_NETWORK(&ad)) return (EINVAL); p = pfr_lookup_addr(kt, &ad, 0); - ad.pfra_fback = (p != NULL && !p->pfrke_not) ? - PFR_FB_MATCH : PFR_FB_NONE; + if (flags & PFR_FLAG_REPLACE) + pfr_copyout_addr(&ad, p); + ad.pfra_fback = (p == NULL) ? PFR_FB_NONE : + (p->pfrke_not ? PFR_FB_NOTMATCH : PFR_FB_MATCH); + if (p != NULL && !p->pfrke_not) + xmatch++; if (copyout(&ad, addr+i, sizeof(ad))) return (EFAULT); } + if (nmatch != NULL) + *nmatch = xmatch; return (0); } @@ -692,27 +691,23 @@ pfr_destroy_kentries(struct pfr_kentryworkq *workq) } } -int +void pfr_insert_kentries(struct pfr_ktable *kt, struct pfr_kentryworkq *workq) { - struct pfr_kentry *p, *q; - int n = 0; + struct pfr_kentry *p; + int rv, n = 0; SLIST_FOREACH(p, workq, pfrke_workq) { - if (pfr_route_kentry(kt, p)) { - /* bad luck - no memory for netmask */ - SLIST_FOREACH(q, workq, pfrke_workq) { - if (q == p) - break; - pfr_unroute_kentry(kt, q); - } - return (-1); + rv = pfr_route_kentry(kt, p); + if (rv) { + printf("pfr_insert_kentries: cannot route entry " + "(code=%d).\n", rv); + break; } n++; } kt->pfrkt_cnt += n; - return (0); } void @@ -847,6 +842,8 @@ void pfr_copyout_addr(struct pfr_addr *ad, struct pfr_kentry *ke) { bzero(ad, sizeof(*ad)); + if (ke == NULL) + return; ad->pfra_af = ke->pfrke_af; ad->pfra_net = ke->pfrke_net; ad->pfra_not = ke->pfrke_not; diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 844ec698762..a122a2dad4c 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.124 2003/01/02 11:43:20 mcbride Exp $ */ +/* $OpenBSD: pfvar.h,v 1.125 2003/01/03 10:39:09 cedric Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -448,7 +448,8 @@ struct pfr_table { }; enum { PFR_FB_NONE, PFR_FB_MATCH, PFR_FB_ADDED, PFR_FB_DELETED, - PFR_FB_CHANGED, PFR_FB_CLEARED, PFR_FB_DUPLICATE, PFR_FB_MAX }; + PFR_FB_CHANGED, PFR_FB_CLEARED, PFR_FB_DUPLICATE, + PFR_FB_NOTMATCH, PFR_FB_MAX }; struct pfr_addr { union { @@ -804,7 +805,8 @@ struct pfioc_ruleset { #define PFR_FLAG_FEEDBACK 0x00000004 #define PFR_FLAG_CLSTATS 0x00000008 #define PFR_FLAG_RECURSE 0x00000010 -#define PFR_FLAG_ALLMASK 0x0000001F +#define PFR_FLAG_REPLACE 0x00000020 +#define PFR_FLAG_ALLMASK 0x0000003F struct pfioc_table { struct pfr_table pfrio_table; @@ -818,6 +820,7 @@ struct pfioc_table { }; #define pfrio_exists pfrio_nadd #define pfrio_nzero pfrio_nadd +#define pfrio_nmatch pfrio_nadd #define pfrio_name pfrio_table.pfrt_name @@ -970,7 +973,8 @@ int pfr_get_addrs(struct pfr_table *, struct pfr_addr *, int *, int); int pfr_get_astats(struct pfr_table *, struct pfr_astats *, int *, int); int pfr_clr_astats(struct pfr_table *, struct pfr_addr *, int, int *, int); -int pfr_tst_addrs(struct pfr_table *, struct pfr_addr *, int, int); +int pfr_tst_addrs(struct pfr_table *, struct pfr_addr *, int, int *, + int); int pfr_wrap_table(struct pfr_table *, struct pf_addr_wrap *, int *, int); int pfr_unwrap_table(struct pfr_table *, struct pf_addr_wrap *, int); |