summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sys/net/pf_ioctl.c271
1 files changed, 132 insertions, 139 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 3d9ddb8088e..28c08ad989e 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_ioctl.c,v 1.27 2002/12/18 16:28:40 dhartmei Exp $ */
+/* $OpenBSD: pf_ioctl.c,v 1.28 2002/12/18 18:25:14 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -142,9 +142,10 @@ pf_get_pool(char *anchorname, char *rulesetname, u_int32_t ticket,
u_int8_t rule_action, u_int8_t rule_number, u_int8_t r_last,
u_int8_t active, u_int8_t check_ticket)
{
- struct pf_ruleset *ruleset;
- struct pf_rule *rule;
- int rs_num;
+ struct pf_ruleset *ruleset;
+ struct pf_rule *rule;
+ int rs_num;
+
ruleset = pf_find_ruleset(anchorname, rulesetname);
if (ruleset == NULL)
return (NULL);
@@ -181,7 +182,7 @@ pf_get_pool(char *anchorname, char *rulesetname, u_int32_t ticket,
int
pf_add_addr(struct pf_pool *pool, struct pf_pooladdr *addr, u_int8_t af)
{
- struct pf_pooladdr *pa;
+ struct pf_pooladdr *pa;
pa = pool_get(&pf_pooladdr_pl, PR_NOWAIT);
if (pa == NULL) {
@@ -239,7 +240,7 @@ pf_get_ruleset_number(u_int8_t action)
void
pf_init_ruleset(struct pf_ruleset *ruleset)
{
- int i;
+ int i;
memset(ruleset, 0, sizeof(struct pf_ruleset));
for(i = 0; i < PF_RULESET_MAX; i++) {
@@ -253,8 +254,8 @@ pf_init_ruleset(struct pf_ruleset *ruleset)
struct pf_anchor *
pf_find_anchor(const char *anchorname)
{
- struct pf_anchor *anchor;
- int n = -1;
+ struct pf_anchor *anchor;
+ int n = -1;
anchor = TAILQ_FIRST(&pf_anchors);
while (anchor != NULL && (n = strcmp(anchor->name, anchorname)) < 0)
@@ -268,8 +269,8 @@ pf_find_anchor(const char *anchorname)
struct pf_ruleset *
pf_find_ruleset(char *anchorname, char *rulesetname)
{
- struct pf_anchor *anchor;
- struct pf_ruleset *ruleset;
+ struct pf_anchor *anchor;
+ struct pf_ruleset *ruleset;
if (!anchorname[0] && !rulesetname[0])
return (&pf_main_ruleset);
@@ -292,8 +293,8 @@ pf_find_ruleset(char *anchorname, char *rulesetname)
struct pf_ruleset *
pf_find_or_create_ruleset(char *anchorname, char *rulesetname, int rs_num)
{
- struct pf_anchor *anchor, *a;
- struct pf_ruleset *ruleset, *r;
+ struct pf_anchor *anchor, *a;
+ struct pf_ruleset *ruleset, *r;
if (!anchorname[0] && !rulesetname[0])
return (&pf_main_ruleset);
@@ -341,7 +342,7 @@ pf_find_or_create_ruleset(char *anchorname, char *rulesetname, int rs_num)
void
pf_remove_if_empty_ruleset(struct pf_ruleset *ruleset)
{
- struct pf_anchor *anchor;
+ struct pf_anchor *anchor;
if (ruleset == NULL || ruleset->anchor == NULL ||
!TAILQ_EMPTY(ruleset->rules[0].active.ptr) ||
@@ -367,7 +368,7 @@ pf_remove_if_empty_ruleset(struct pf_ruleset *ruleset)
void
pf_mv_pool(struct pf_palist *poola, struct pf_palist *poolb)
{
- struct pf_pooladdr *mv_pool_pa;
+ struct pf_pooladdr *mv_pool_pa;
while ((mv_pool_pa = TAILQ_FIRST(poola)) != NULL) {
TAILQ_REMOVE(poola, mv_pool_pa, entries);
@@ -378,7 +379,7 @@ pf_mv_pool(struct pf_palist *poola, struct pf_palist *poolb)
void
pf_empty_pool(struct pf_palist *poola)
{
- struct pf_pooladdr *empty_pool_pa;
+ struct pf_pooladdr *empty_pool_pa;
while ((empty_pool_pa = TAILQ_FIRST(poola)) != NULL) {
pf_dynaddr_remove(&empty_pool_pa->addr.addr);
@@ -401,10 +402,10 @@ pf_rm_rule(struct pf_rulequeue *rulequeue, struct pf_rule *rule)
int
pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
{
- int error = 0;
- struct pf_pooladdr *pa = NULL;
- struct pf_pool *pool = NULL;
- int s;
+ struct pf_pooladdr *pa = NULL;
+ struct pf_pool *pool = NULL;
+ int s;
+ int error = 0;
/* XXX keep in sync with switch() below */
if (securelevel > 1)
@@ -486,10 +487,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
break;
case DIOCBEGINRULES: {
- struct pfioc_rule *pr = (struct pfioc_rule *)addr;
- struct pf_ruleset *ruleset;
- struct pf_rule *rule;
- int rs_num;
+ struct pfioc_rule *pr = (struct pfioc_rule *)addr;
+ struct pf_ruleset *ruleset;
+ struct pf_rule *rule;
+ int rs_num;
ruleset = pf_find_or_create_ruleset(pr->anchor,
pr->ruleset, rs_num);
@@ -506,10 +507,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCADDRULE: {
- struct pfioc_rule *pr = (struct pfioc_rule *)addr;
- struct pf_ruleset *ruleset;
- struct pf_rule *rule, *tail;
- int rs_num;
+ struct pfioc_rule *pr = (struct pfioc_rule *)addr;
+ struct pf_ruleset *ruleset;
+ struct pf_rule *rule, *tail;
+ int rs_num;
ruleset = pf_find_ruleset(pr->anchor, pr->ruleset);
if (ruleset == NULL) {
@@ -584,12 +585,12 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCCOMMITRULES: {
- struct pfioc_rule *pr = (struct pfioc_rule *)addr;
- struct pf_ruleset *ruleset;
- struct pf_rulequeue *old_rules;
- struct pf_rule *rule;
- struct pf_tree_node *n;
- int rs_num;
+ struct pfioc_rule *pr = (struct pfioc_rule *)addr;
+ struct pf_ruleset *ruleset;
+ struct pf_rulequeue *old_rules;
+ struct pf_rule *rule;
+ struct pf_tree_node *n;
+ int rs_num;
ruleset = pf_find_ruleset(pr->anchor, pr->ruleset);
if (ruleset == NULL) {
@@ -629,10 +630,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCGETRULES: {
- struct pfioc_rule *pr = (struct pfioc_rule *)addr;
- struct pf_ruleset *ruleset;
- struct pf_rule *tail;
- int rs_num;
+ struct pfioc_rule *pr = (struct pfioc_rule *)addr;
+ struct pf_ruleset *ruleset;
+ struct pf_rule *tail;
+ int rs_num;
ruleset = pf_find_ruleset(pr->anchor, pr->ruleset);
if (ruleset == NULL) {
@@ -653,10 +654,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCGETRULE: {
- struct pfioc_rule *pr = (struct pfioc_rule *)addr;
- struct pf_ruleset *ruleset;
- struct pf_rule *rule;
- int rs_num, i;
+ struct pfioc_rule *pr = (struct pfioc_rule *)addr;
+ struct pf_ruleset *ruleset;
+ struct pf_rule *rule;
+ int rs_num, i;
ruleset = pf_find_ruleset(pr->anchor, pr->ruleset);
if (ruleset == NULL) {
@@ -691,11 +692,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCCHANGERULE: {
- struct pfioc_rule *pcr = (struct pfioc_rule *)addr;
- struct pf_ruleset *ruleset;
- struct pf_rule *oldrule = NULL, *newrule = NULL;
- u_int32_t nr = 0;
- int rs_num;
+ struct pfioc_rule *pcr = (struct pfioc_rule *)addr;
+ struct pf_ruleset *ruleset;
+ struct pf_rule *oldrule = NULL, *newrule = NULL;
+ u_int32_t nr = 0;
+ int rs_num;
if (!(pcr->action == PF_CHANGE_REMOVE ||
pcr->action == PF_CHANGE_GET_TICKET) &&
@@ -793,7 +794,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
if (pcr->action == PF_CHANGE_REMOVE) {
- struct pf_tree_node *n;
+ struct pf_tree_node *n;
if (ruleset == &pf_main_ruleset) {
RB_FOREACH(n, pf_state_tree, &tree_ext_gwy)
@@ -830,7 +831,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCCLRSTATES: {
- struct pf_tree_node *n;
+ struct pf_tree_node *n;
s = splsoftnet();
RB_FOREACH(n, pf_state_tree, &tree_ext_gwy)
@@ -842,11 +843,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCKILLSTATES: {
- struct pf_tree_node *n;
- struct pf_state *st;
- struct pfioc_state_kill *psk =
- (struct pfioc_state_kill *)addr;
- int killed = 0;
+ struct pf_tree_node *n;
+ struct pf_state *st;
+ struct pfioc_state_kill *psk = (struct pfioc_state_kill *)addr;
+ int killed = 0;
s = splsoftnet();
RB_FOREACH(n, pf_state_tree, &tree_ext_gwy) {
@@ -876,8 +876,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCADDSTATE: {
- struct pfioc_state *ps = (struct pfioc_state *)addr;
- struct pf_state *state;
+ struct pfioc_state *ps = (struct pfioc_state *)addr;
+ struct pf_state *state;
state = pool_get(&pf_state_pl, PR_NOWAIT);
if (state == NULL) {
@@ -899,10 +899,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCGETSTATE: {
- struct pfioc_state *ps = (struct pfioc_state *)addr;
- struct pf_tree_node *n;
- u_int32_t nr;
- int secs;
+ struct pfioc_state *ps = (struct pfioc_state *)addr;
+ struct pf_tree_node *n;
+ u_int32_t nr;
+ int secs;
nr = 0;
s = splsoftnet();
@@ -932,11 +932,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCGETSTATES: {
- struct pfioc_states *ps = (struct pfioc_states *)addr;
- struct pf_tree_node *n;
- struct pf_state *p, pstore;
- u_int32_t nr = 0;
- int space = ps->ps_len;
+ struct pfioc_states *ps = (struct pfioc_states *)addr;
+ struct pf_tree_node *n;
+ struct pf_state *p, pstore;
+ u_int32_t nr = 0;
+ int space = ps->ps_len;
if (space == 0) {
s = splsoftnet();
@@ -950,7 +950,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
s = splsoftnet();
p = ps->ps_states;
RB_FOREACH(n, pf_state_tree, &tree_ext_gwy) {
- int secs = time.tv_sec;
+ int secs = time.tv_sec;
if ((nr + 1) * sizeof(*p) > (unsigned)ps->ps_len)
break;
@@ -979,8 +979,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCSETSTATUSIF: {
- struct pfioc_if *pi = (struct pfioc_if *)addr;
- struct ifnet *ifp;
+ struct pfioc_if *pi = (struct pfioc_if *)addr;
+ struct ifnet *ifp;
if (pi->ifname[0] == 0) {
status_ifp = NULL;
@@ -1003,10 +1003,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCCLRSTATUS: {
- u_int32_t running = pf_status.running;
- u_int32_t states = pf_status.states;
- u_int32_t since = pf_status.since;
- u_int32_t debug = pf_status.debug;
+ u_int32_t running = pf_status.running;
+ u_int32_t states = pf_status.states;
+ u_int32_t since = pf_status.since;
+ u_int32_t debug = pf_status.debug;
bzero(&pf_status, sizeof(struct pf_status));
pf_status.running = running;
@@ -1020,10 +1020,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCNATLOOK: {
- struct pfioc_natlook *pnl = (struct pfioc_natlook *)addr;
- struct pf_state *st;
- struct pf_tree_node key;
- int direction = pnl->direction;
+ struct pfioc_natlook *pnl = (struct pfioc_natlook *)addr;
+ struct pf_state *st;
+ struct pf_tree_node key;
+ int direction = pnl->direction;
key.af = pnl->af;
key.proto = pnl->proto;
@@ -1073,8 +1073,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCSETTIMEOUT: {
- struct pfioc_tm *pt = (struct pfioc_tm *)addr;
- int old;
+ struct pfioc_tm *pt = (struct pfioc_tm *)addr;
+ int old;
if (pt->timeout < 0 || pt->timeout >= PFTM_MAX ||
pt->seconds < 0) {
@@ -1088,7 +1088,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCGETTIMEOUT: {
- struct pfioc_tm *pt = (struct pfioc_tm *)addr;
+ struct pfioc_tm *pt = (struct pfioc_tm *)addr;
if (pt->timeout < 0 || pt->timeout >= PFTM_MAX) {
error = EINVAL;
@@ -1099,7 +1099,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCGETLIMIT: {
- struct pfioc_limit *pl = (struct pfioc_limit *)addr;
+ struct pfioc_limit *pl = (struct pfioc_limit *)addr;
if (pl->index < 0 || pl->index >= PF_LIMIT_MAX) {
error = EINVAL;
@@ -1110,8 +1110,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCSETLIMIT: {
- struct pfioc_limit *pl = (struct pfioc_limit *)addr;
- int old_limit;
+ struct pfioc_limit *pl = (struct pfioc_limit *)addr;
+ int old_limit;
if (pl->index < 0 || pl->index >= PF_LIMIT_MAX) {
error = EINVAL;
@@ -1129,14 +1129,15 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCSETDEBUG: {
- u_int32_t *level = (u_int32_t *)addr;
+ u_int32_t *level = (u_int32_t *)addr;
+
pf_status.debug = *level;
break;
}
case DIOCCLRRULECTRS: {
- struct pf_ruleset *ruleset = &pf_main_ruleset;
- struct pf_rule *rule;
+ struct pf_ruleset *ruleset = &pf_main_ruleset;
+ struct pf_rule *rule;
s = splsoftnet();
TAILQ_FOREACH(rule,
@@ -1149,9 +1150,9 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
#ifdef ALTQ
case DIOCSTARTALTQ: {
- struct pf_altq *altq;
- struct ifnet *ifp;
- struct tb_profile tb;
+ struct pf_altq *altq;
+ struct ifnet *ifp;
+ struct tb_profile tb;
/* enable all altq interfaces on active list */
s = splsoftnet();
@@ -1181,10 +1182,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCSTOPALTQ: {
- struct pf_altq *altq;
- struct ifnet *ifp;
- struct tb_profile tb;
- int err;
+ struct pf_altq *altq;
+ struct ifnet *ifp;
+ struct tb_profile tb;
+ int err;
/* disable all altq interfaces on active list */
s = splsoftnet();
@@ -1214,28 +1215,25 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCBEGINALTQS: {
- u_int32_t *ticket = (u_int32_t *)addr;
- struct pf_altq *altq;
+ u_int32_t *ticket = (u_int32_t *)addr;
+ struct pf_altq *altq;
/* Purge the old altq list */
while ((altq = TAILQ_FIRST(pf_altqs_inactive)) != NULL) {
TAILQ_REMOVE(pf_altqs_inactive, altq, entries);
-
if (altq->qname[0] == 0) {
/* detach and destroy the discipline */
error = altq_remove(altq);
}
-
pool_put(&pf_altq_pl, altq);
}
-
*ticket = ++ticket_altqs_inactive;
break;
}
case DIOCADDALTQ: {
- struct pfioc_altq *pa = (struct pfioc_altq *)addr;
- struct pf_altq *altq, *a;
+ struct pfioc_altq *pa = (struct pfioc_altq *)addr;
+ struct pf_altq *altq, *a;
if (pa->ticket != ticket_altqs_inactive) {
error = EBUSY;
@@ -1254,8 +1252,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
*/
if (altq->qname[0] != 0) {
TAILQ_FOREACH(a, pf_altqs_inactive, entries) {
- if (strncmp(a->ifname, altq->ifname, IFNAMSIZ)
- == 0 && a->qname[0] == 0) {
+ if (strncmp(a->ifname, altq->ifname,
+ IFNAMSIZ) == 0 && a->qname[0] == 0) {
altq->altq_disc = a->altq_disc;
break;
}
@@ -1263,23 +1261,21 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
error = altq_add(altq);
-
if (error) {
pool_put(&pf_altq_pl, altq);
break;
}
TAILQ_INSERT_TAIL(pf_altqs_inactive, altq, entries);
-
bcopy(altq, &pa->altq, sizeof(struct pf_altq));
break;
}
case DIOCCOMMITALTQS: {
- u_int32_t *ticket = (u_int32_t *)addr;
- struct pf_altqqueue *old_altqs;
- struct pf_altq *altq;
- int err;
+ u_int32_t *ticket = (u_int32_t *)addr;
+ struct pf_altqqueue *old_altqs;
+ struct pf_altq *altq;
+ int err;
if (*ticket != ticket_altqs_inactive) {
error = EBUSY;
@@ -1308,7 +1304,6 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
/* Purge the old altq list */
while ((altq = TAILQ_FIRST(pf_altqs_inactive)) != NULL) {
TAILQ_REMOVE(pf_altqs_inactive, altq, entries);
-
if (altq->qname[0] == 0) {
/* detach and destroy the discipline */
err = altq_pfdetach(altq);
@@ -1318,7 +1313,6 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
if (err != 0 && error == 0)
error = err;
}
-
pool_put(&pf_altq_pl, altq);
}
splx(s);
@@ -1326,8 +1320,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCGETALTQS: {
- struct pfioc_altq *pa = (struct pfioc_altq *)addr;
- struct pf_altq *altq;
+ struct pfioc_altq *pa = (struct pfioc_altq *)addr;
+ struct pf_altq *altq;
pa->nr = 0;
s = splsoftnet();
@@ -1339,9 +1333,9 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCGETALTQ: {
- struct pfioc_altq *pa = (struct pfioc_altq *)addr;
- struct pf_altq *altq;
- u_int32_t nr;
+ struct pfioc_altq *pa = (struct pfioc_altq *)addr;
+ struct pf_altq *altq;
+ u_int32_t nr;
if (pa->ticket != ticket_altqs_active) {
error = EBUSY;
@@ -1370,10 +1364,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
break;
case DIOCGETQSTATS: {
- struct pfioc_qstats *pq = (struct pfioc_qstats *)addr;
- struct pf_altq *altq;
- u_int32_t nr;
- int nbytes;
+ struct pfioc_qstats *pq = (struct pfioc_qstats *)addr;
+ struct pf_altq *altq;
+ u_int32_t nr;
+ int nbytes;
if (pq->ticket != ticket_altqs_active) {
error = EBUSY;
@@ -1403,7 +1397,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
#endif /* ALTQ */
case DIOCBEGINADDRS: {
- struct pfioc_pooladdr *pp = (struct pfioc_pooladdr *)addr;
+ struct pfioc_pooladdr *pp = (struct pfioc_pooladdr *)addr;
pf_empty_pool(&pf_pabuf[1]);
pp->ticket = ++ticket_pabuf;
@@ -1411,7 +1405,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCADDADDR: {
- struct pfioc_pooladdr *pp = (struct pfioc_pooladdr *)addr;
+ struct pfioc_pooladdr *pp = (struct pfioc_pooladdr *)addr;
#ifndef INET
if (pp->af == AF_INET) {
@@ -1446,12 +1440,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
break;
}
TAILQ_INSERT_TAIL(&pf_pabuf[0], pa, entries);
-
break;
}
case DIOCGETADDRS: {
- struct pfioc_pooladdr *pp = (struct pfioc_pooladdr *)addr;
+ struct pfioc_pooladdr *pp = (struct pfioc_pooladdr *)addr;
pp->nr = 0;
s = splsoftnet();
@@ -1469,8 +1462,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCGETADDR: {
- struct pfioc_pooladdr *pp = (struct pfioc_pooladdr *)addr;
- u_int32_t nr = 0;
+ struct pfioc_pooladdr *pp = (struct pfioc_pooladdr *)addr;
+ u_int32_t nr = 0;
s = splsoftnet();
pool = pf_get_pool(pp->anchor, pp->ruleset, pp->ticket,
@@ -1497,8 +1490,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCCHANGEADDR: {
- struct pfioc_pooladdr *pca = (struct pfioc_pooladdr *)addr;
- struct pf_pooladdr *oldpa = NULL, *newpa = NULL;
+ struct pfioc_pooladdr *pca = (struct pfioc_pooladdr *)addr;
+ struct pf_pooladdr *oldpa = NULL, *newpa = NULL;
if (pca->action < PF_CHANGE_ADD_HEAD ||
pca->action > PF_CHANGE_REMOVE) {
@@ -1557,7 +1550,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
else if (pca->action == PF_CHANGE_ADD_TAIL)
oldpa = TAILQ_LAST(&pool->list, pf_palist);
else {
- int i = 0;
+ int i = 0;
+
oldpa = TAILQ_FIRST(&pool->list);
while ((oldpa != NULL) && (i < pca->nr)) {
oldpa = TAILQ_NEXT(oldpa, entries);
@@ -1587,14 +1581,13 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
pool->cur = TAILQ_FIRST(&pool->list);
PF_ACPY(&pool->counter, &pool->cur->addr.addr.addr, pca->af);
-
splx(s);
break;
}
case DIOCGETANCHORS: {
- struct pfioc_anchor *pa = (struct pfioc_anchor *)addr;
- struct pf_anchor *anchor;
+ struct pfioc_anchor *pa = (struct pfioc_anchor *)addr;
+ struct pf_anchor *anchor;
pa->nr = 0;
TAILQ_FOREACH(anchor, &pf_anchors, entries)
@@ -1603,9 +1596,9 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCGETANCHOR: {
- struct pfioc_anchor *pa = (struct pfioc_anchor *)addr;
- struct pf_anchor *anchor;
- u_int32_t nr = 0;
+ struct pfioc_anchor *pa = (struct pfioc_anchor *)addr;
+ struct pf_anchor *anchor;
+ u_int32_t nr = 0;
anchor = TAILQ_FIRST(&pf_anchors);
while (anchor != NULL && nr < pa->nr) {
@@ -1620,9 +1613,9 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCGETRULESETS: {
- struct pfioc_ruleset *pr = (struct pfioc_ruleset *)addr;
- struct pf_anchor *anchor;
- struct pf_ruleset *ruleset;
+ struct pfioc_ruleset *pr = (struct pfioc_ruleset *)addr;
+ struct pf_anchor *anchor;
+ struct pf_ruleset *ruleset;
pr->anchor[PF_ANCHOR_NAME_SIZE-1] = 0;
if ((anchor = pf_find_anchor(pr->anchor)) == NULL) {
@@ -1636,10 +1629,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCGETRULESET: {
- struct pfioc_ruleset *pr = (struct pfioc_ruleset *)addr;
- struct pf_anchor *anchor;
- struct pf_ruleset *ruleset;
- u_int32_t nr = 0;
+ struct pfioc_ruleset *pr = (struct pfioc_ruleset *)addr;
+ struct pf_anchor *anchor;
+ struct pf_ruleset *ruleset;
+ u_int32_t nr = 0;
if ((anchor = pf_find_anchor(pr->anchor)) == NULL) {
error = EINVAL;