diff options
| -rw-r--r-- | sys/net/if_pfsync.c | 5 | ||||
| -rw-r--r-- | sys/net/pf.c | 34 | ||||
| -rw-r--r-- | sys/net/pf_if.c | 14 | ||||
| -rw-r--r-- | sys/net/pf_ioctl.c | 4 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 56 |
5 files changed, 67 insertions, 46 deletions
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c index 5e6712f1cce..5814a17148d 100644 --- a/sys/net/if_pfsync.c +++ b/sys/net/if_pfsync.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.53 2005/08/16 11:22:43 pascoe Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.54 2005/08/18 10:28:13 pascoe Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -277,7 +277,8 @@ pfsync_input(struct mbuf *m, ...) struct ip *ip = mtod(m, struct ip *); struct pfsync_header *ph; struct pfsync_softc *sc = &pfsyncif; - struct pf_state *st, key; + struct pf_state *st; + struct pf_state_cmp key; struct pfsync_state *sp; struct pfsync_state_upd *up; struct pfsync_state_del *dp; diff --git a/sys/net/pf.c b/sys/net/pf.c index 178f80269c7..5551f492b0c 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.499 2005/08/11 05:09:29 joel Exp $ */ +/* $OpenBSD: pf.c,v 1.500 2005/08/18 10:28:13 pascoe Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -212,7 +212,7 @@ int pf_addr_wrap_neq(struct pf_addr_wrap *, struct pf_addr_wrap *); static int pf_add_mbuf_tag(struct mbuf *, u_int); struct pf_state *pf_find_state_recurse(struct pfi_kif *, - struct pf_state *, u_int8_t); + struct pf_state_cmp *, u_int8_t); int pf_src_connlimit(struct pf_state **); int pf_check_congestion(struct ifqueue *); @@ -524,14 +524,14 @@ pf_addrcpy(struct pf_addr *dst, struct pf_addr *src, sa_family_t af) #endif /* INET6 */ struct pf_state * -pf_find_state_byid(struct pf_state *key) +pf_find_state_byid(struct pf_state_cmp *key) { pf_status.fcounters[FCNT_STATE_SEARCH]++; - return (RB_FIND(pf_state_tree_id, &tree_id, key)); + return (RB_FIND(pf_state_tree_id, &tree_id, (struct pf_state *)key)); } struct pf_state * -pf_find_state_recurse(struct pfi_kif *kif, struct pf_state *key, u_int8_t tree) +pf_find_state_recurse(struct pfi_kif *kif, struct pf_state_cmp *key, u_int8_t tree) { struct pf_state *s; @@ -540,18 +540,18 @@ pf_find_state_recurse(struct pfi_kif *kif, struct pf_state *key, u_int8_t tree) switch (tree) { case PF_LAN_EXT: if ((s = RB_FIND(pf_state_tree_lan_ext, &kif->pfik_lan_ext, - key)) != NULL) + (struct pf_state *)key)) != NULL) return (s); if ((s = RB_FIND(pf_state_tree_lan_ext, &pfi_all->pfik_lan_ext, - key)) != NULL) + (struct pf_state *)key)) != NULL) return (s); return (NULL); case PF_EXT_GWY: if ((s = RB_FIND(pf_state_tree_ext_gwy, &kif->pfik_ext_gwy, - key)) != NULL) + (struct pf_state *)key)) != NULL) return (s); if ((s = RB_FIND(pf_state_tree_ext_gwy, &pfi_all->pfik_ext_gwy, - key)) != NULL) + (struct pf_state *)key)) != NULL) return (s); return (NULL); default: @@ -560,7 +560,7 @@ pf_find_state_recurse(struct pfi_kif *kif, struct pf_state *key, u_int8_t tree) } struct pf_state * -pf_find_state_all(struct pf_state *key, u_int8_t tree, int *more) +pf_find_state_all(struct pf_state_cmp *key, u_int8_t tree, int *more) { struct pf_state *s, *ss = NULL; struct pfi_kif *kif; @@ -571,7 +571,7 @@ pf_find_state_all(struct pf_state *key, u_int8_t tree, int *more) case PF_LAN_EXT: TAILQ_FOREACH(kif, &pfi_statehead, pfik_w_states) { s = RB_FIND(pf_state_tree_lan_ext, - &kif->pfik_lan_ext, key); + &kif->pfik_lan_ext, (struct pf_state *)key); if (s == NULL) continue; if (more == NULL) @@ -583,7 +583,7 @@ pf_find_state_all(struct pf_state *key, u_int8_t tree, int *more) case PF_EXT_GWY: TAILQ_FOREACH(kif, &pfi_statehead, pfik_w_states) { s = RB_FIND(pf_state_tree_ext_gwy, - &kif->pfik_ext_gwy, key); + &kif->pfik_ext_gwy, (struct pf_state *)key); if (s == NULL) continue; if (more == NULL) @@ -2153,7 +2153,7 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_rule *r, struct pf_addr *naddr, u_int16_t *nport, u_int16_t low, u_int16_t high, struct pf_src_node **sn) { - struct pf_state key; + struct pf_state_cmp key; struct pf_addr init_addr; u_int16_t cut; @@ -3978,7 +3978,7 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kif *kif, struct mbuf *m, int off, void *h, struct pf_pdesc *pd, u_short *reason) { - struct pf_state key; + struct pf_state_cmp key; struct tcphdr *th = pd->hdr.tcp; u_int16_t win = ntohs(th->th_win); u_int32_t ack, end, seq, orig_seq; @@ -4415,7 +4415,7 @@ pf_test_state_udp(struct pf_state **state, int direction, struct pfi_kif *kif, struct mbuf *m, int off, void *h, struct pf_pdesc *pd) { struct pf_state_peer *src, *dst; - struct pf_state key; + struct pf_state_cmp key; struct udphdr *uh = pd->hdr.udp; key.af = pd->af; @@ -4479,7 +4479,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif, u_int16_t icmpid, *icmpsum; u_int8_t icmptype; int state_icmp = 0; - struct pf_state key; + struct pf_state_cmp key; switch (pd->proto) { #ifdef INET @@ -5038,7 +5038,7 @@ pf_test_state_other(struct pf_state **state, int direction, struct pfi_kif *kif, struct pf_pdesc *pd) { struct pf_state_peer *src, *dst; - struct pf_state key; + struct pf_state_cmp key; key.af = pd->af; key.proto = pd->proto; diff --git a/sys/net/pf_if.c b/sys/net/pf_if.c index b2aeb1999a6..549182217a5 100644 --- a/sys/net/pf_if.c +++ b/sys/net/pf_if.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_if.c,v 1.42 2005/08/07 11:35:59 pascoe Exp $ */ +/* $OpenBSD: pf_if.c,v 1.43 2005/08/18 10:28:14 pascoe Exp $ */ /* * Copyright 2005 Henning Brauer <henning@openbsd.org> @@ -102,11 +102,12 @@ pfi_initialize(void) struct pfi_kif * pfi_kif_get(const char *kif_name) { - struct pfi_kif s, *kif; + struct pfi_kif *kif; + struct pfi_kif_cmp s; bzero(&s, sizeof(s)); strlcpy(s.pfik_name, kif_name, sizeof(s.pfik_name)); - if ((kif = RB_FIND(pfi_ifhead, &pfi_ifs, &s)) != NULL) + if ((kif = RB_FIND(pfi_ifhead, &pfi_ifs, (struct pfi_kif *)&s)) != NULL) return (kif); /* create new one */ @@ -606,12 +607,13 @@ pfi_if_compare(struct pfi_kif *p, struct pfi_kif *q) void pfi_fill_oldstatus(struct pf_status *pfs) { - struct pfi_kif *p, key; - int i, j, k, s; + struct pfi_kif *p; + struct pfi_kif_cmp key; + int i, j, k, s; strlcpy(key.pfik_name, pfs->ifname, sizeof(key.pfik_name)); s = splsoftnet(); - p = RB_FIND(pfi_ifhead, &pfi_ifs, &key); + p = RB_FIND(pfi_ifhead, &pfi_ifs, (struct pfi_kif *)&key); if (p == NULL) { splx(s); return; diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 6bfc497ce3b..af4001b162d 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.155 2005/08/12 04:15:38 pascoe Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.156 2005/08/18 10:28:14 pascoe Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1903,7 +1903,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) case DIOCNATLOOK: { struct pfioc_natlook *pnl = (struct pfioc_natlook *)addr; struct pf_state *state; - struct pf_state key; + struct pf_state_cmp key; int m = 0, direction = pnl->direction; key.af = pnl->af; diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 73bbc1610ef..d67b499c2fc 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.228 2005/08/11 05:09:30 joel Exp $ */ +/* $OpenBSD: pfvar.h,v 1.229 2005/08/18 10:28:14 pascoe Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -673,8 +673,36 @@ struct pf_state_peer { TAILQ_HEAD(pf_state_queue, pf_state); +/* keep synced with struct pf_state, used in RB_FIND */ +struct pf_state_cmp { + u_int64_t id; + u_int32_t creatorid; + struct pf_state_host lan; + struct pf_state_host gwy; + struct pf_state_host ext; + sa_family_t af; + u_int8_t proto; + u_int8_t direction; + u_int8_t pad; +}; + struct pf_state { u_int64_t id; + u_int32_t creatorid; + struct pf_state_host lan; + struct pf_state_host gwy; + struct pf_state_host ext; + sa_family_t af; + u_int8_t proto; + u_int8_t direction; + u_int8_t pad; + u_int8_t log; + u_int8_t allow_opts; + u_int8_t timeout; + u_int8_t sync_flags; +#define PFSTATE_NOSYNC 0x01 +#define PFSTATE_FROMSYNC 0x02 +#define PFSTATE_STALE 0x04 union { struct { RB_ENTRY(pf_state) entry_lan_ext; @@ -685,9 +713,6 @@ struct pf_state { } s; char ifname[IFNAMSIZ]; } u; - struct pf_state_host lan; - struct pf_state_host gwy; - struct pf_state_host ext; struct pf_state_peer src; struct pf_state_peer dst; union pf_rule_ptr rule; @@ -702,19 +727,7 @@ struct pf_state { u_int32_t pfsync_time; u_int32_t packets[2]; u_int32_t bytes[2]; - u_int32_t creatorid; u_int16_t tag; - sa_family_t af; - u_int8_t proto; - u_int8_t direction; - u_int8_t log; - u_int8_t allow_opts; - u_int8_t timeout; - u_int8_t sync_flags; -#define PFSTATE_NOSYNC 0x01 -#define PFSTATE_FROMSYNC 0x02 -#define PFSTATE_STALE 0x04 - u_int8_t pad; }; TAILQ_HEAD(pf_rulequeue, pf_rule); @@ -866,9 +879,14 @@ RB_PROTOTYPE(pf_state_tree_ext_gwy, pf_state, TAILQ_HEAD(pfi_statehead, pfi_kif); RB_HEAD(pfi_ifhead, pfi_kif); +/* keep synced with pfi_kif, used in RB_FIND */ +struct pfi_kif_cmp { + char pfik_name[IFNAMSIZ]; +}; + struct pfi_kif { - RB_ENTRY(pfi_kif) pfik_tree; char pfik_name[IFNAMSIZ]; + RB_ENTRY(pfi_kif) pfik_tree; u_int64_t pfik_packets[2][2][2]; u_int64_t pfik_bytes[2][2][2]; u_int32_t pfik_tzero; @@ -1416,8 +1434,8 @@ extern int pf_insert_src_node(struct pf_src_node **, struct pf_rule *, struct pf_addr *, sa_family_t); void pf_src_tree_remove_state(struct pf_state *); -extern struct pf_state *pf_find_state_byid(struct pf_state *); -extern struct pf_state *pf_find_state_all(struct pf_state *key, +extern struct pf_state *pf_find_state_byid(struct pf_state_cmp *); +extern struct pf_state *pf_find_state_all(struct pf_state_cmp *key, u_int8_t tree, int *more); extern void pf_print_state(struct pf_state *); extern void pf_print_flags(u_int8_t); |