summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sys/net/pf.c71
-rw-r--r--sys/net/pfvar.h5
2 files changed, 37 insertions, 39 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index f1090497452..a7adc744738 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.36 2001/06/25 20:48:17 provos Exp $ */
+/* $OpenBSD: pf.c,v 1.37 2001/06/25 22:08:03 dhartmei Exp $ */
/*
* Copyright (c) 2001, Daniel Hartmeier
@@ -78,10 +78,9 @@ struct pf_tree_node {
* Global variables
*/
-struct pf_rule *pf_rulehead_active;
-struct pf_rule *pf_rulehead_inactive;
-struct pf_rule *pf_ruletail_active;
-struct pf_rule *pf_ruletail_inactive;
+TAILQ_HEAD(pf_rulequeue, pf_rule) pf_rules[2];
+struct pf_rulequeue *pf_rules_active;
+struct pf_rulequeue *pf_rules_inactive;
struct pf_nat *pf_nathead_active;
struct pf_nat *pf_nathead_inactive;
struct pf_rdr *pf_rdrhead_active;
@@ -545,6 +544,10 @@ pfattach(int num)
0, NULL, NULL, 0);
pool_init(&pf_state_pl, sizeof(struct pf_state), 0, 0, 0, "pfstatepl",
0, NULL, NULL, 0);
+ TAILQ_INIT(&pf_rules[0]);
+ TAILQ_INIT(&pf_rules[1]);
+ pf_rules_active = &pf_rules[0];
+ pf_rules_inactive = &pf_rules[1];
}
int
@@ -604,11 +607,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
case DIOCBEGINRULES: {
u_int32_t *ticket = (u_int32_t *)addr;
+ struct pf_rule *rule;
- while (pf_rulehead_inactive != NULL) {
- struct pf_rule *next = pf_rulehead_inactive->next;
- pool_put(&pf_rule_pl, pf_rulehead_inactive);
- pf_rulehead_inactive = next;
+ while ((rule = TAILQ_FIRST(pf_rules_inactive)) != NULL) {
+ TAILQ_REMOVE(pf_rules_inactive, rule, entries);
+ pool_put(&pf_rule_pl, rule);
}
*ticket = ++ticket_rules_inactive;
break;
@@ -637,18 +640,14 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
break;
}
}
- rule->next = NULL;
- if (pf_ruletail_inactive != NULL) {
- pf_ruletail_inactive->next = rule;
- pf_ruletail_inactive = rule;
- } else
- pf_rulehead_inactive = pf_ruletail_inactive = rule;
+ TAILQ_INSERT_TAIL(pf_rules_inactive, rule, entries);
break;
}
case DIOCCOMMITRULES: {
u_int32_t *ticket = (u_int32_t *)addr;
- struct pf_rule *old_rules;
+ struct pf_rulequeue *old_rules;
+ struct pf_rule *rule;
if (*ticket != ticket_rules_inactive) {
error = EBUSY;
@@ -657,22 +656,17 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
/* Swap rules, keep the old. */
s = splsoftnet();
- old_rules = pf_rulehead_active;
- pf_rulehead_active = pf_rulehead_inactive;
- pf_ruletail_active = pf_ruletail_inactive;
- pf_rulehead_inactive = NULL;
- pf_ruletail_inactive = NULL;
+ old_rules = pf_rules_active;
+ pf_rules_active = pf_rules_inactive;
+ pf_rules_inactive = old_rules;
ticket_rules_active = ticket_rules_inactive;
splx(s);
/* Purge the old rule list. */
- while (old_rules != NULL) {
- struct pf_rule *next = old_rules->next;
-
- pool_put(&pf_rule_pl, old_rules);
- old_rules = next;
+ while ((rule = TAILQ_FIRST(old_rules)) != NULL) {
+ TAILQ_REMOVE(old_rules, rule, entries);
+ pool_put(&pf_rule_pl, rule);
}
-
break;
}
@@ -681,11 +675,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
struct pf_rule *rule;
s = splsoftnet();
- rule = pf_rulehead_active;
pr->nr = 0;
+ rule = TAILQ_FIRST(pf_rules_active);
while (rule != NULL) {
pr->nr++;
- rule = rule->next;
+ rule = TAILQ_NEXT(rule, entries);
}
pr->ticket = ticket_rules_active;
splx(s);
@@ -702,10 +696,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
break;
}
s = splsoftnet();
- rule = pf_rulehead_active;
nr = 0;
+ rule = TAILQ_FIRST(pf_rules_active);
while ((rule != NULL) && (nr < pr->nr)) {
- rule = rule->next;
+ rule = TAILQ_NEXT(rule, entries);
nr++;
}
if (rule == NULL) {
@@ -1191,7 +1185,7 @@ pf_test_tcp(int direction, struct ifnet *ifp, struct mbuf **m, int off,
struct pf_rdr *rdr = NULL;
u_int32_t baddr;
u_int16_t bport;
- struct pf_rule *r = pf_rulehead_active, *rm = NULL;
+ struct pf_rule *r, *rm = NULL;
u_int16_t nr = 1, mnr = 0;
if (direction == PF_OUT) {
@@ -1214,6 +1208,7 @@ pf_test_tcp(int direction, struct ifnet *ifp, struct mbuf **m, int off,
}
}
+ r = TAILQ_FIRST(pf_rules_active);
while (r != NULL) {
if (r->direction == direction &&
(r->ifp == NULL || r->ifp == ifp) &&
@@ -1232,7 +1227,7 @@ pf_test_tcp(int direction, struct ifnet *ifp, struct mbuf **m, int off,
if (r->quick)
break;
}
- r = r->next;
+ r = TAILQ_NEXT(r, entries);
nr++;
}
@@ -1318,7 +1313,7 @@ pf_test_udp(int direction, struct ifnet *ifp, struct mbuf **m, int off,
struct pf_rdr *rdr = NULL;
u_int32_t baddr;
u_int16_t bport;
- struct pf_rule *r = pf_rulehead_active, *rm = NULL;
+ struct pf_rule *r, *rm = NULL;
u_int16_t nr = 1, mnr = 0;
if (direction == PF_OUT) {
@@ -1340,6 +1335,7 @@ pf_test_udp(int direction, struct ifnet *ifp, struct mbuf **m, int off,
}
}
+ r = TAILQ_FIRST(pf_rules_active);
while (r != NULL) {
if ((r->direction == direction) &&
((r->ifp == NULL) || (r->ifp == ifp)) &&
@@ -1357,7 +1353,7 @@ pf_test_udp(int direction, struct ifnet *ifp, struct mbuf **m, int off,
if (r->quick)
break;
}
- r = r->next;
+ r = TAILQ_NEXT(r, entries);
nr++;
}
@@ -1429,7 +1425,7 @@ pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf **m, int off,
{
struct pf_nat *nat = NULL;
u_int32_t baddr;
- struct pf_rule *r = pf_rulehead_active, *rm = NULL;
+ struct pf_rule *r, *rm = NULL;
u_int16_t nr = 1, mnr = 0;
if (direction == PF_OUT) {
@@ -1440,6 +1436,7 @@ pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf **m, int off,
}
}
+ r = TAILQ_FIRST(pf_rules_active);
while (r != NULL) {
if ((r->direction == direction) &&
((r->ifp == NULL) || (r->ifp == ifp)) &&
@@ -1455,7 +1452,7 @@ pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf **m, int off,
if (r->quick)
break;
}
- r = r->next;
+ r = TAILQ_NEXT(r, entries);
nr++;
}
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index af8a7f277cf..560a86e2472 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfvar.h,v 1.10 2001/06/25 17:17:03 dhartmei Exp $ */
+/* $OpenBSD: pfvar.h,v 1.11 2001/06/25 22:08:03 dhartmei Exp $ */
/*
* Copyright (c) 2001, Daniel Hartmeier
@@ -34,6 +34,7 @@
#define _NET_PFVAR_H_
#include <sys/types.h>
+#include <sys/queue.h>
enum { PF_IN=0, PF_OUT=1 };
enum { PF_PASS=0, PF_DROP=1, PF_DROP_RST=2 };
@@ -51,7 +52,7 @@ struct pf_rule {
struct ifnet *ifp;
struct pf_rule_addr src;
struct pf_rule_addr dst;
- struct pf_rule *next;
+ TAILQ_ENTRY(pf_rule) entries;
u_int8_t action;
u_int8_t direction;