pf: rename pf_state to pf_kstate

Indicate that this is a kernel-only structure, and make it easier to
distinguish from others used to communicate with userspace.

Reviewed by:	mjg
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31096
This commit is contained in:
Kristof Provost 2021-07-06 11:42:20 +02:00
parent e88c3b1b02
commit 211cddf9e3
7 changed files with 152 additions and 152 deletions

View File

@ -501,10 +501,10 @@ struct pf_state_key {
u_int8_t pad[2];
LIST_ENTRY(pf_state_key) entry;
TAILQ_HEAD(, pf_state) states[2];
TAILQ_HEAD(, pf_kstate) states[2];
};
/* Keep synced with struct pf_state. */
/* Keep synced with struct pf_kstate. */
struct pf_state_cmp {
u_int64_t id;
u_int32_t creatorid;
@ -521,16 +521,16 @@ struct pf_state_cmp {
#define PFSTATE_SETMASK (PFSTATE_SETPRIO)
#ifdef _KERNEL
struct pf_state {
struct pf_kstate {
u_int64_t id;
u_int32_t creatorid;
u_int8_t direction;
u_int8_t pad[3];
u_int refs;
TAILQ_ENTRY(pf_state) sync_list;
TAILQ_ENTRY(pf_state) key_list[2];
LIST_ENTRY(pf_state) entry;
TAILQ_ENTRY(pf_kstate) sync_list;
TAILQ_ENTRY(pf_kstate) key_list[2];
LIST_ENTRY(pf_kstate) entry;
struct pf_state_peer src;
struct pf_state_peer dst;
union pf_krule_ptr rule;
@ -562,7 +562,7 @@ struct pf_state {
/*
* Size <= fits 13 objects per page on LP64. Try to not grow the struct beyond that.
*/
_Static_assert(sizeof(struct pf_state) <= 312, "pf_state size crosses 312 bytes");
_Static_assert(sizeof(struct pf_kstate) <= 312, "pf_kstate size crosses 312 bytes");
#endif
/*
@ -623,11 +623,11 @@ struct pfsync_state {
#ifdef _KERNEL
/* pfsync */
typedef int pfsync_state_import_t(struct pfsync_state *, u_int8_t);
typedef void pfsync_insert_state_t(struct pf_state *);
typedef void pfsync_update_state_t(struct pf_state *);
typedef void pfsync_delete_state_t(struct pf_state *);
typedef void pfsync_insert_state_t(struct pf_kstate *);
typedef void pfsync_update_state_t(struct pf_kstate *);
typedef void pfsync_delete_state_t(struct pf_kstate *);
typedef void pfsync_clear_states_t(u_int32_t, const char *);
typedef int pfsync_defer_t(struct pf_state *, struct mbuf *);
typedef int pfsync_defer_t(struct pf_kstate *, struct mbuf *);
typedef void pfsync_detach_ifnet_t(struct ifnet *);
VNET_DECLARE(pfsync_state_import_t *, pfsync_state_import_ptr);
@ -645,7 +645,7 @@ VNET_DECLARE(pfsync_defer_t *, pfsync_defer_ptr);
extern pfsync_detach_ifnet_t *pfsync_detach_ifnet_ptr;
void pfsync_state_export(struct pfsync_state *,
struct pf_state *);
struct pf_kstate *);
/* pflog */
struct pf_kruleset;
@ -1474,7 +1474,7 @@ struct pf_keyhash {
};
struct pf_idhash {
LIST_HEAD(, pf_state) states;
LIST_HEAD(, pf_kstate) states;
struct mtx lock;
};
@ -1548,26 +1548,26 @@ extern void pf_unload_vnet_purge(void);
extern void pf_intr(void *);
extern void pf_purge_expired_src_nodes(void);
extern int pf_unlink_state(struct pf_state *, u_int);
extern int pf_unlink_state(struct pf_kstate *, u_int);
#define PF_ENTER_LOCKED 0x00000001
#define PF_RETURN_LOCKED 0x00000002
extern int pf_state_insert(struct pfi_kkif *,
struct pfi_kkif *,
struct pf_state_key *,
struct pf_state_key *,
struct pf_state *);
extern struct pf_state *pf_alloc_state(int);
extern void pf_free_state(struct pf_state *);
struct pf_kstate *);
extern struct pf_kstate *pf_alloc_state(int);
extern void pf_free_state(struct pf_kstate *);
static __inline void
pf_ref_state(struct pf_state *s)
pf_ref_state(struct pf_kstate *s)
{
refcount_acquire(&s->refs);
}
static __inline int
pf_release_state(struct pf_state *s)
pf_release_state(struct pf_kstate *s)
{
if (refcount_release(&s->refs)) {
@ -1578,7 +1578,7 @@ pf_release_state(struct pf_state *s)
}
static __inline int
pf_release_staten(struct pf_state *s, u_int n)
pf_release_staten(struct pf_kstate *s, u_int n)
{
if (refcount_releasen(&s->refs, n)) {
@ -1588,14 +1588,14 @@ pf_release_staten(struct pf_state *s, u_int n)
return (0);
}
extern struct pf_state *pf_find_state_byid(uint64_t, uint32_t);
extern struct pf_state *pf_find_state_all(struct pf_state_key_cmp *,
extern struct pf_kstate *pf_find_state_byid(uint64_t, uint32_t);
extern struct pf_kstate *pf_find_state_all(struct pf_state_key_cmp *,
u_int, int *);
extern struct pf_ksrc_node *pf_find_src_node(struct pf_addr *,
struct pf_krule *, sa_family_t, int);
extern void pf_unlink_src_node(struct pf_ksrc_node *);
extern u_int pf_free_src_nodes(struct pf_ksrc_node_list *);
extern void pf_print_state(struct pf_state *);
extern void pf_print_state(struct pf_kstate *);
extern void pf_print_flags(u_int8_t);
extern u_int16_t pf_cksum_fixup(u_int16_t, u_int16_t, u_int16_t,
u_int8_t);
@ -1626,7 +1626,7 @@ void pf_addr_inc(struct pf_addr *, sa_family_t);
int pf_refragment6(struct ifnet *, struct mbuf **, struct m_tag *);
#endif /* INET6 */
u_int32_t pf_new_isn(struct pf_state *);
u_int32_t pf_new_isn(struct pf_kstate *);
void *pf_pull_hdr(struct mbuf *, int, void *, int, u_short *, u_short *,
sa_family_t);
void pf_change_a(void *, u_int16_t *, u_int32_t, u_int8_t);
@ -1637,7 +1637,7 @@ void pf_patch_16_unaligned(struct mbuf *, u_int16_t *, void *, u_int16_t,
bool, u_int8_t);
void pf_patch_32_unaligned(struct mbuf *, u_int16_t *, void *, u_int32_t,
bool, u_int8_t);
void pf_send_deferred_syn(struct pf_state *);
void pf_send_deferred_syn(struct pf_kstate *);
int pf_match_addr(u_int8_t, struct pf_addr *, struct pf_addr *,
struct pf_addr *, sa_family_t);
int pf_match_addr_range(struct pf_addr *, struct pf_addr *,
@ -1648,14 +1648,14 @@ void pf_normalize_init(void);
void pf_normalize_cleanup(void);
int pf_normalize_tcp(int, struct pfi_kkif *, struct mbuf *, int, int, void *,
struct pf_pdesc *);
void pf_normalize_tcp_cleanup(struct pf_state *);
void pf_normalize_tcp_cleanup(struct pf_kstate *);
int pf_normalize_tcp_init(struct mbuf *, int, struct pf_pdesc *,
struct tcphdr *, struct pf_state_peer *, struct pf_state_peer *);
int pf_normalize_tcp_stateful(struct mbuf *, int, struct pf_pdesc *,
u_short *, struct tcphdr *, struct pf_state *,
u_short *, struct tcphdr *, struct pf_kstate *,
struct pf_state_peer *, struct pf_state_peer *, int *);
u_int32_t
pf_state_expires(const struct pf_state *);
pf_state_expires(const struct pf_kstate *);
void pf_purge_expired_fragments(void);
void pf_purge_fragments(uint32_t);
int pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kkif *,

View File

@ -115,7 +115,7 @@ struct pfsync_pkt {
u_int8_t flags;
};
static int pfsync_upd_tcp(struct pf_state *, struct pfsync_state_peer *,
static int pfsync_upd_tcp(struct pf_kstate *, struct pfsync_state_peer *,
struct pfsync_state_peer *);
static int pfsync_in_clr(struct pfsync_pkt *, struct mbuf *, int, int);
static int pfsync_in_ins(struct pfsync_pkt *, struct mbuf *, int, int);
@ -147,16 +147,16 @@ static int (*pfsync_acts[])(struct pfsync_pkt *, struct mbuf *, int, int) = {
};
struct pfsync_q {
void (*write)(struct pf_state *, void *);
void (*write)(struct pf_kstate *, void *);
size_t len;
u_int8_t action;
};
/* we have one of these for every PFSYNC_S_ */
static void pfsync_out_state(struct pf_state *, void *);
static void pfsync_out_iack(struct pf_state *, void *);
static void pfsync_out_upd_c(struct pf_state *, void *);
static void pfsync_out_del(struct pf_state *, void *);
static void pfsync_out_state(struct pf_kstate *, void *);
static void pfsync_out_iack(struct pf_kstate *, void *);
static void pfsync_out_upd_c(struct pf_kstate *, void *);
static void pfsync_out_del(struct pf_kstate *, void *);
static struct pfsync_q pfsync_qs[] = {
{ pfsync_out_state, sizeof(struct pfsync_state), PFSYNC_ACT_INS },
@ -166,10 +166,10 @@ static struct pfsync_q pfsync_qs[] = {
{ pfsync_out_del, sizeof(struct pfsync_del_c), PFSYNC_ACT_DEL_C }
};
static void pfsync_q_ins(struct pf_state *, int, bool);
static void pfsync_q_del(struct pf_state *, bool, struct pfsync_bucket *);
static void pfsync_q_ins(struct pf_kstate *, int, bool);
static void pfsync_q_del(struct pf_kstate *, bool, struct pfsync_bucket *);
static void pfsync_update_state(struct pf_state *);
static void pfsync_update_state(struct pf_kstate *);
struct pfsync_upd_req_item {
TAILQ_ENTRY(pfsync_upd_req_item) ur_entry;
@ -182,7 +182,7 @@ struct pfsync_deferral {
u_int pd_refs;
struct callout pd_tmo;
struct pf_state *pd_st;
struct pf_kstate *pd_st;
struct mbuf *pd_m;
};
@ -198,7 +198,7 @@ struct pfsync_bucket
#define PFSYNCF_BUCKET_PUSH 0x00000001
size_t b_len;
TAILQ_HEAD(, pf_state) b_qs[PFSYNC_S_COUNT];
TAILQ_HEAD(, pf_kstate) b_qs[PFSYNC_S_COUNT];
TAILQ_HEAD(, pfsync_upd_req_item) b_upd_req_list;
TAILQ_HEAD(, pfsync_deferral) b_deferrals;
u_int b_deferred;
@ -291,13 +291,13 @@ static int pfsyncoutput(struct ifnet *, struct mbuf *,
const struct sockaddr *, struct route *);
static int pfsyncioctl(struct ifnet *, u_long, caddr_t);
static int pfsync_defer(struct pf_state *, struct mbuf *);
static int pfsync_defer(struct pf_kstate *, struct mbuf *);
static void pfsync_undefer(struct pfsync_deferral *, int);
static void pfsync_undefer_state(struct pf_state *, int);
static void pfsync_undefer_state(struct pf_kstate *, int);
static void pfsync_defer_tmo(void *);
static void pfsync_request_update(u_int32_t, u_int64_t);
static bool pfsync_update_state_req(struct pf_state *);
static bool pfsync_update_state_req(struct pf_kstate *);
static void pfsync_drop(struct pfsync_softc *);
static void pfsync_sendout(int, int);
@ -313,7 +313,7 @@ static void pfsync_detach_ifnet(struct ifnet *);
static void pfsync_update_net_tdb(struct pfsync_tdb *);
#endif
static struct pfsync_bucket *pfsync_get_bucket(struct pfsync_softc *,
struct pf_state *);
struct pf_kstate *);
#define PFSYNC_MAX_BULKTRIES 12
@ -461,7 +461,7 @@ pfsync_state_import(struct pfsync_state *sp, u_int8_t flags)
struct pfsync_state_key key[2];
#endif
struct pfsync_state_key *kw, *ks;
struct pf_state *st = NULL;
struct pf_kstate *st = NULL;
struct pf_state_key *skw = NULL, *sks = NULL;
struct pf_krule *r = NULL;
struct pfi_kkif *kif;
@ -753,7 +753,7 @@ pfsync_in_clr(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count)
for (int i = 0; i <= pf_hashmask; i++) {
struct pf_idhash *ih = &V_pf_idhash[i];
struct pf_state *s;
struct pf_kstate *s;
relock:
PF_HASHROW_LOCK(ih);
LIST_FOREACH(s, &ih->states, entry) {
@ -812,7 +812,7 @@ static int
pfsync_in_iack(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count)
{
struct pfsync_ins_ack *ia, *iaa;
struct pf_state *st;
struct pf_kstate *st;
struct mbuf *mp;
int len = count * sizeof(*ia);
@ -846,7 +846,7 @@ pfsync_in_iack(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count)
}
static int
pfsync_upd_tcp(struct pf_state *st, struct pfsync_state_peer *src,
pfsync_upd_tcp(struct pf_kstate *st, struct pfsync_state_peer *src,
struct pfsync_state_peer *dst)
{
int sync = 0;
@ -884,7 +884,7 @@ pfsync_in_upd(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count)
{
struct pfsync_softc *sc = V_pfsyncif;
struct pfsync_state *sa, *sp;
struct pf_state *st;
struct pf_kstate *st;
int sync;
struct mbuf *mp;
@ -970,7 +970,7 @@ pfsync_in_upd_c(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count)
{
struct pfsync_softc *sc = V_pfsyncif;
struct pfsync_upd_c *ua, *up;
struct pf_state *st;
struct pf_kstate *st;
int len = count * sizeof(*up);
int sync;
struct mbuf *mp;
@ -1060,7 +1060,7 @@ pfsync_in_ureq(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count)
int len = count * sizeof(*ur);
int i, offp;
struct pf_state *st;
struct pf_kstate *st;
mp = m_pulldown(m, offset, len, &offp);
if (mp == NULL) {
@ -1098,7 +1098,7 @@ pfsync_in_del(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count)
{
struct mbuf *mp;
struct pfsync_state *sa, *sp;
struct pf_state *st;
struct pf_kstate *st;
int len = count * sizeof(*sp);
int offp, i;
@ -1129,7 +1129,7 @@ pfsync_in_del_c(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count)
{
struct mbuf *mp;
struct pfsync_del_c *sa, *sp;
struct pf_state *st;
struct pf_kstate *st;
int len = count * sizeof(*sp);
int offp, i;
@ -1480,7 +1480,7 @@ pfsyncioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
}
static void
pfsync_out_state(struct pf_state *st, void *buf)
pfsync_out_state(struct pf_kstate *st, void *buf)
{
struct pfsync_state *sp = buf;
@ -1488,7 +1488,7 @@ pfsync_out_state(struct pf_state *st, void *buf)
}
static void
pfsync_out_iack(struct pf_state *st, void *buf)
pfsync_out_iack(struct pf_kstate *st, void *buf)
{
struct pfsync_ins_ack *iack = buf;
@ -1497,7 +1497,7 @@ pfsync_out_iack(struct pf_state *st, void *buf)
}
static void
pfsync_out_upd_c(struct pf_state *st, void *buf)
pfsync_out_upd_c(struct pf_kstate *st, void *buf)
{
struct pfsync_upd_c *up = buf;
@ -1510,7 +1510,7 @@ pfsync_out_upd_c(struct pf_state *st, void *buf)
}
static void
pfsync_out_del(struct pf_state *st, void *buf)
pfsync_out_del(struct pf_kstate *st, void *buf)
{
struct pfsync_del_c *dp = buf;
@ -1522,7 +1522,7 @@ pfsync_out_del(struct pf_state *st, void *buf)
static void
pfsync_drop(struct pfsync_softc *sc)
{
struct pf_state *st, *next;
struct pf_kstate *st, *next;
struct pfsync_upd_req_item *ur;
struct pfsync_bucket *b;
int c, q;
@ -1562,7 +1562,7 @@ pfsync_sendout(int schedswi, int c)
struct ip *ip;
struct pfsync_header *ph;
struct pfsync_subheader *subh;
struct pf_state *st, *st_next;
struct pf_kstate *st, *st_next;
struct pfsync_upd_req_item *ur;
struct pfsync_bucket *b = &sc->sc_buckets[c];
int offset;
@ -1702,7 +1702,7 @@ pfsync_sendout(int schedswi, int c)
}
static void
pfsync_insert_state(struct pf_state *st)
pfsync_insert_state(struct pf_kstate *st)
{
struct pfsync_softc *sc = V_pfsyncif;
struct pfsync_bucket *b = pfsync_get_bucket(sc, st);
@ -1730,7 +1730,7 @@ pfsync_insert_state(struct pf_state *st)
}
static int
pfsync_defer(struct pf_state *st, struct mbuf *m)
pfsync_defer(struct pf_kstate *st, struct mbuf *m)
{
struct pfsync_softc *sc = V_pfsyncif;
struct pfsync_deferral *pd;
@ -1778,7 +1778,7 @@ pfsync_undefer(struct pfsync_deferral *pd, int drop)
{
struct pfsync_softc *sc = pd->pd_sc;
struct mbuf *m = pd->pd_m;
struct pf_state *st = pd->pd_st;
struct pf_kstate *st = pd->pd_st;
struct pfsync_bucket *b = pfsync_get_bucket(sc, st);
PFSYNC_BUCKET_LOCK_ASSERT(b);
@ -1804,7 +1804,7 @@ pfsync_defer_tmo(void *arg)
struct pfsync_deferral *pd = arg;
struct pfsync_softc *sc = pd->pd_sc;
struct mbuf *m = pd->pd_m;
struct pf_state *st = pd->pd_st;
struct pf_kstate *st = pd->pd_st;
struct pfsync_bucket *b = pfsync_get_bucket(sc, st);
PFSYNC_BUCKET_LOCK_ASSERT(b);
@ -1828,7 +1828,7 @@ pfsync_defer_tmo(void *arg)
}
static void
pfsync_undefer_state(struct pf_state *st, int drop)
pfsync_undefer_state(struct pf_kstate *st, int drop)
{
struct pfsync_softc *sc = V_pfsyncif;
struct pfsync_deferral *pd;
@ -1851,14 +1851,14 @@ pfsync_undefer_state(struct pf_state *st, int drop)
}
static struct pfsync_bucket*
pfsync_get_bucket(struct pfsync_softc *sc, struct pf_state *st)
pfsync_get_bucket(struct pfsync_softc *sc, struct pf_kstate *st)
{
int c = PF_IDHASH(st) % pfsync_buckets;
return &sc->sc_buckets[c];
}
static void
pfsync_update_state(struct pf_state *st)
pfsync_update_state(struct pf_kstate *st)
{
struct pfsync_softc *sc = V_pfsyncif;
bool sync = false, ref = true;
@ -1956,7 +1956,7 @@ pfsync_request_update(u_int32_t creatorid, u_int64_t id)
}
static bool
pfsync_update_state_req(struct pf_state *st)
pfsync_update_state_req(struct pf_kstate *st)
{
struct pfsync_softc *sc = V_pfsyncif;
bool ref = true, full = false;
@ -2003,7 +2003,7 @@ pfsync_update_state_req(struct pf_state *st)
}
static void
pfsync_delete_state(struct pf_state *st)
pfsync_delete_state(struct pf_kstate *st)
{
struct pfsync_softc *sc = V_pfsyncif;
struct pfsync_bucket *b = pfsync_get_bucket(sc, st);
@ -2067,7 +2067,7 @@ pfsync_clear_states(u_int32_t creatorid, const char *ifname)
}
static void
pfsync_q_ins(struct pf_state *st, int q, bool ref)
pfsync_q_ins(struct pf_kstate *st, int q, bool ref)
{
struct pfsync_softc *sc = V_pfsyncif;
size_t nlen = pfsync_qs[q].len;
@ -2097,7 +2097,7 @@ pfsync_q_ins(struct pf_state *st, int q, bool ref)
}
static void
pfsync_q_del(struct pf_state *st, bool unref, struct pfsync_bucket *b)
pfsync_q_del(struct pf_kstate *st, bool unref, struct pfsync_bucket *b)
{
int q = st->sync_state;
@ -2137,7 +2137,7 @@ static void
pfsync_bulk_update(void *arg)
{
struct pfsync_softc *sc = arg;
struct pf_state *s;
struct pf_kstate *s;
int i, sent = 0;
PFSYNC_BLOCK_ASSERT(sc);

View File

@ -115,12 +115,12 @@ __FBSDID("$FreeBSD$");
SDT_PROVIDER_DEFINE(pf);
SDT_PROBE_DEFINE4(pf, ip, test, done, "int", "int", "struct pf_krule *",
"struct pf_state *");
"struct pf_kstate *");
SDT_PROBE_DEFINE4(pf, ip, test6, done, "int", "int", "struct pf_krule *",
"struct pf_state *");
"struct pf_kstate *");
SDT_PROBE_DEFINE5(pf, ip, state, lookup, "struct pfi_kkif *",
"struct pf_state_key_cmp *", "int", "struct pf_pdesc *",
"struct pf_state *");
"struct pf_kstate *");
/*
* Global variables
@ -228,7 +228,7 @@ VNET_DEFINE(uint64_t, pf_stateid[MAXCPU]);
#define PFID_MAXID (~PFID_CPUMASK)
CTASSERT((1 << PFID_CPUBITS) >= MAXCPU);
static void pf_src_tree_remove_state(struct pf_state *);
static void pf_src_tree_remove_state(struct pf_kstate *);
static void pf_init_threshold(struct pf_threshold *, u_int32_t,
u_int32_t);
static void pf_add_threshold(struct pf_threshold *);
@ -251,13 +251,13 @@ static void pf_send_tcp(struct mbuf *,
u_int16_t, struct ifnet *);
static void pf_send_icmp(struct mbuf *, u_int8_t, u_int8_t,
sa_family_t, struct pf_krule *);
static void pf_detach_state(struct pf_state *);
static void pf_detach_state(struct pf_kstate *);
static int pf_state_key_attach(struct pf_state_key *,
struct pf_state_key *, struct pf_state *);
static void pf_state_key_detach(struct pf_state *, int);
struct pf_state_key *, struct pf_kstate *);
static void pf_state_key_detach(struct pf_kstate *, int);
static int pf_state_key_ctor(void *, int, void *, int);
static u_int32_t pf_tcp_iss(struct pf_pdesc *);
static int pf_test_rule(struct pf_krule **, struct pf_state **,
static int pf_test_rule(struct pf_krule **, struct pf_kstate **,
int, struct pfi_kkif *, struct mbuf *, int,
struct pf_pdesc *, struct pf_krule **,
struct pf_kruleset **, struct inpcb *);
@ -266,29 +266,29 @@ static int pf_create_state(struct pf_krule *, struct pf_krule *,
struct pf_ksrc_node *, struct pf_state_key *,
struct pf_state_key *, struct mbuf *, int,
u_int16_t, u_int16_t, int *, struct pfi_kkif *,
struct pf_state **, int, u_int16_t, u_int16_t,
struct pf_kstate **, int, u_int16_t, u_int16_t,
int);
static int pf_test_fragment(struct pf_krule **, int,
struct pfi_kkif *, struct mbuf *, void *,
struct pf_pdesc *, struct pf_krule **,
struct pf_kruleset **);
static int pf_tcp_track_full(struct pf_state_peer *,
struct pf_state_peer *, struct pf_state **,
struct pf_state_peer *, struct pf_kstate **,
struct pfi_kkif *, struct mbuf *, int,
struct pf_pdesc *, u_short *, int *);
static int pf_tcp_track_sloppy(struct pf_state_peer *,
struct pf_state_peer *, struct pf_state **,
struct pf_state_peer *, struct pf_kstate **,
struct pf_pdesc *, u_short *);
static int pf_test_state_tcp(struct pf_state **, int,
static int pf_test_state_tcp(struct pf_kstate **, int,
struct pfi_kkif *, struct mbuf *, int,
void *, struct pf_pdesc *, u_short *);
static int pf_test_state_udp(struct pf_state **, int,
static int pf_test_state_udp(struct pf_kstate **, int,
struct pfi_kkif *, struct mbuf *, int,
void *, struct pf_pdesc *);
static int pf_test_state_icmp(struct pf_state **, int,
static int pf_test_state_icmp(struct pf_kstate **, int,
struct pfi_kkif *, struct mbuf *, int,
void *, struct pf_pdesc *, u_short *);
static int pf_test_state_other(struct pf_state **, int,
static int pf_test_state_other(struct pf_kstate **, int,
struct pfi_kkif *, struct mbuf *, struct pf_pdesc *);
static u_int8_t pf_get_wscale(struct mbuf *, int, u_int16_t,
sa_family_t);
@ -298,15 +298,15 @@ static u_int16_t pf_calc_mss(struct pf_addr *, sa_family_t,
int, u_int16_t);
static int pf_check_proto_cksum(struct mbuf *, int, int,
u_int8_t, sa_family_t);
static void pf_print_state_parts(struct pf_state *,
static void pf_print_state_parts(struct pf_kstate *,
struct pf_state_key *, struct pf_state_key *);
static int pf_addr_wrap_neq(struct pf_addr_wrap *,
struct pf_addr_wrap *);
static void pf_patch_8(struct mbuf *, u_int16_t *, u_int8_t *, u_int8_t,
bool, u_int8_t);
static struct pf_state *pf_find_state(struct pfi_kkif *,
static struct pf_kstate *pf_find_state(struct pfi_kkif *,
struct pf_state_key_cmp *, u_int);
static int pf_src_connlimit(struct pf_state **);
static int pf_src_connlimit(struct pf_kstate **);
static void pf_overload_task(void *v, int pending);
static int pf_insert_src_node(struct pf_ksrc_node **,
struct pf_krule *, struct pf_addr *, sa_family_t);
@ -316,14 +316,14 @@ static int pf_mtag_uminit(void *, int, int);
static void pf_mtag_free(struct m_tag *);
#ifdef INET
static void pf_route(struct mbuf **, struct pf_krule *, int,
struct ifnet *, struct pf_state *,
struct ifnet *, struct pf_kstate *,
struct pf_pdesc *, struct inpcb *);
#endif /* INET */
#ifdef INET6
static void pf_change_a6(struct pf_addr *, u_int16_t *,
struct pf_addr *, u_int8_t);
static void pf_route6(struct mbuf **, struct pf_krule *, int,
struct ifnet *, struct pf_state *,
struct ifnet *, struct pf_kstate *,
struct pf_pdesc *, struct inpcb *);
#endif /* INET6 */
@ -480,7 +480,7 @@ pf_hashsrc(struct pf_addr *addr, sa_family_t af)
#ifdef ALTQ
static int
pf_state_hash(struct pf_state *s)
pf_state_hash(struct pf_kstate *s)
{
u_int32_t hv = (intptr_t)s / sizeof(*s);
@ -543,7 +543,7 @@ pf_check_threshold(struct pf_threshold *threshold)
}
static int
pf_src_connlimit(struct pf_state **state)
pf_src_connlimit(struct pf_kstate **state)
{
struct pf_overload_entry *pfoe;
int bad = 0;
@ -659,7 +659,7 @@ pf_overload_task(void *v, int pending)
for (int i = 0; i <= pf_hashmask; i++) {
struct pf_idhash *ih = &V_pf_idhash[i];
struct pf_state_key *sk;
struct pf_state *s;
struct pf_kstate *s;
PF_HASHROW_LOCK(ih);
LIST_FOREACH(s, &ih->states, entry) {
@ -844,7 +844,7 @@ pf_initialize()
V_pf_hashseed = arc4random();
/* States and state keys storage. */
V_pf_state_z = uma_zcreate("pf states", sizeof(struct pf_state),
V_pf_state_z = uma_zcreate("pf states", sizeof(struct pf_kstate),
NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
V_pf_limits[PF_LIMIT_STATES].zone = V_pf_state_z;
uma_zone_set_max(V_pf_state_z, PFSTATE_HIWAT);
@ -1007,11 +1007,11 @@ pf_get_mtag(struct mbuf *m)
static int
pf_state_key_attach(struct pf_state_key *skw, struct pf_state_key *sks,
struct pf_state *s)
struct pf_kstate *s)
{
struct pf_keyhash *khs, *khw, *kh;
struct pf_state_key *sk, *cur;
struct pf_state *si, *olds = NULL;
struct pf_kstate *si, *olds = NULL;
int idx;
KASSERT(s->refs == 0, ("%s: state not pristine", __func__));
@ -1172,7 +1172,7 @@ pf_state_key_attach(struct pf_state_key *skw, struct pf_state_key *sks,
}
static void
pf_detach_state(struct pf_state *s)
pf_detach_state(struct pf_kstate *s)
{
struct pf_state_key *sks = s->key[PF_SK_STACK];
struct pf_keyhash *kh;
@ -1203,7 +1203,7 @@ pf_detach_state(struct pf_state *s)
}
static void
pf_state_key_detach(struct pf_state *s, int idx)
pf_state_key_detach(struct pf_kstate *s, int idx)
{
struct pf_state_key *sk = s->key[idx];
#ifdef INVARIANTS
@ -1268,10 +1268,10 @@ pf_state_key_clone(struct pf_state_key *orig)
int
pf_state_insert(struct pfi_kkif *kif, struct pfi_kkif *orig_kif,
struct pf_state_key *skw, struct pf_state_key *sks, struct pf_state *s)
struct pf_state_key *skw, struct pf_state_key *sks, struct pf_kstate *s)
{
struct pf_idhash *ih;
struct pf_state *cur;
struct pf_kstate *cur;
int error;
KASSERT(TAILQ_EMPTY(&sks->states[0]) && TAILQ_EMPTY(&sks->states[1]),
@ -1328,11 +1328,11 @@ pf_state_insert(struct pfi_kkif *kif, struct pfi_kkif *orig_kif,
/*
* Find state by ID: returns with locked row on success.
*/
struct pf_state *
struct pf_kstate *
pf_find_state_byid(uint64_t id, uint32_t creatorid)
{
struct pf_idhash *ih;
struct pf_state *s;
struct pf_kstate *s;
counter_u64_add(V_pf_status.fcounters[FCNT_STATE_SEARCH], 1);
@ -1353,12 +1353,12 @@ pf_find_state_byid(uint64_t id, uint32_t creatorid)
* Find state by key.
* Returns with ID hash slot locked on success.
*/
static struct pf_state *
static struct pf_kstate *
pf_find_state(struct pfi_kkif *kif, struct pf_state_key_cmp *key, u_int dir)
{
struct pf_keyhash *kh;
struct pf_state_key *sk;
struct pf_state *s;
struct pf_kstate *s;
int idx;
counter_u64_add(V_pf_status.fcounters[FCNT_STATE_SEARCH], 1);
@ -1397,12 +1397,12 @@ pf_find_state(struct pfi_kkif *kif, struct pf_state_key_cmp *key, u_int dir)
return (NULL);
}
struct pf_state *
struct pf_kstate *
pf_find_state_all(struct pf_state_key_cmp *key, u_int dir, int *more)
{
struct pf_keyhash *kh;
struct pf_state_key *sk;
struct pf_state *s, *ret = NULL;
struct pf_kstate *s, *ret = NULL;
int idx, inout = 0;
counter_u64_add(V_pf_status.fcounters[FCNT_STATE_SEARCH], 1);
@ -1592,7 +1592,7 @@ pf_unload_vnet_purge(void)
}
u_int32_t
pf_state_expires(const struct pf_state *state)
pf_state_expires(const struct pf_kstate *state)
{
u_int32_t timeout;
u_int32_t start;
@ -1656,7 +1656,7 @@ pf_purge_expired_src_nodes()
}
static void
pf_src_tree_remove_state(struct pf_state *s)
pf_src_tree_remove_state(struct pf_kstate *s)
{
struct pf_ksrc_node *sn;
struct pf_srchash *sh;
@ -1693,7 +1693,7 @@ pf_src_tree_remove_state(struct pf_state *s)
* unlocked, since it needs to go through key hash locking.
*/
int
pf_unlink_state(struct pf_state *s, u_int flags)
pf_unlink_state(struct pf_kstate *s, u_int flags)
{
struct pf_idhash *ih = &V_pf_idhash[PF_IDHASH(s)];
@ -1740,7 +1740,7 @@ pf_unlink_state(struct pf_state *s, u_int flags)
return (pf_release_staten(s, 2));
}
struct pf_state *
struct pf_kstate *
pf_alloc_state(int flags)
{
@ -1748,7 +1748,7 @@ pf_alloc_state(int flags)
}
void
pf_free_state(struct pf_state *cur)
pf_free_state(struct pf_kstate *cur)
{
KASSERT(cur->refs == 0, ("%s: %p has refs", __func__, cur));
@ -1767,7 +1767,7 @@ static u_int
pf_purge_expired_states(u_int i, int maxcheck)
{
struct pf_idhash *ih;
struct pf_state *s;
struct pf_kstate *s;
V_pf_status.states = uma_zone_get_cur(V_pf_state_z);
@ -1925,13 +1925,13 @@ pf_print_host(struct pf_addr *addr, u_int16_t p, sa_family_t af)
}
void
pf_print_state(struct pf_state *s)
pf_print_state(struct pf_kstate *s)
{
pf_print_state_parts(s, NULL, NULL);
}
static void
pf_print_state_parts(struct pf_state *s,
pf_print_state_parts(struct pf_kstate *s,
struct pf_state_key *skwp, struct pf_state_key *sksp)
{
struct pf_state_key *skw, *sks;
@ -3330,7 +3330,7 @@ pf_tcp_iss(struct pf_pdesc *pd)
}
static int
pf_test_rule(struct pf_krule **rm, struct pf_state **sm, int direction,
pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, int direction,
struct pfi_kkif *kif, struct mbuf *m, int off, struct pf_pdesc *pd,
struct pf_krule **am, struct pf_kruleset **rsm, struct inpcb *inp)
{
@ -3707,10 +3707,10 @@ static int
pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a,
struct pf_pdesc *pd, struct pf_ksrc_node *nsn, struct pf_state_key *nk,
struct pf_state_key *sk, struct mbuf *m, int off, u_int16_t sport,
u_int16_t dport, int *rewrite, struct pfi_kkif *kif, struct pf_state **sm,
u_int16_t dport, int *rewrite, struct pfi_kkif *kif, struct pf_kstate **sm,
int tag, u_int16_t bproto_sum, u_int16_t bip_sum, int hdrlen)
{
struct pf_state *s = NULL;
struct pf_kstate *s = NULL;
struct pf_ksrc_node *sn = NULL;
struct tcphdr *th = &pd->hdr.tcp;
u_int16_t mss = V_tcp_mssdflt;
@ -4049,7 +4049,7 @@ pf_test_fragment(struct pf_krule **rm, int direction, struct pfi_kkif *kif,
static int
pf_tcp_track_full(struct pf_state_peer *src, struct pf_state_peer *dst,
struct pf_state **state, struct pfi_kkif *kif, struct mbuf *m, int off,
struct pf_kstate **state, struct pfi_kkif *kif, struct mbuf *m, int off,
struct pf_pdesc *pd, u_short *reason, int *copyback)
{
struct tcphdr *th = &pd->hdr.tcp;
@ -4375,7 +4375,7 @@ pf_tcp_track_full(struct pf_state_peer *src, struct pf_state_peer *dst,
static int
pf_tcp_track_sloppy(struct pf_state_peer *src, struct pf_state_peer *dst,
struct pf_state **state, struct pf_pdesc *pd, u_short *reason)
struct pf_kstate **state, struct pf_pdesc *pd, u_short *reason)
{
struct tcphdr *th = &pd->hdr.tcp;
@ -4445,7 +4445,7 @@ pf_tcp_track_sloppy(struct pf_state_peer *src, struct pf_state_peer *dst,
}
static int
pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kkif *kif,
pf_test_state_tcp(struct pf_kstate **state, int direction, struct pfi_kkif *kif,
struct mbuf *m, int off, void *h, struct pf_pdesc *pd,
u_short *reason)
{
@ -4613,7 +4613,7 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kkif *kif,
}
static int
pf_test_state_udp(struct pf_state **state, int direction, struct pfi_kkif *kif,
pf_test_state_udp(struct pf_kstate **state, int direction, struct pfi_kkif *kif,
struct mbuf *m, int off, void *h, struct pf_pdesc *pd)
{
struct pf_state_peer *src, *dst;
@ -4680,7 +4680,7 @@ pf_test_state_udp(struct pf_state **state, int direction, struct pfi_kkif *kif,
}
static int
pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kkif *kif,
pf_test_state_icmp(struct pf_kstate **state, int direction, struct pfi_kkif *kif,
struct mbuf *m, int off, void *h, struct pf_pdesc *pd, u_short *reason)
{
struct pf_addr *saddr = pd->src, *daddr = pd->dst;
@ -5284,7 +5284,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kkif *kif,
}
static int
pf_test_state_other(struct pf_state **state, int direction, struct pfi_kkif *kif,
pf_test_state_other(struct pf_kstate **state, int direction, struct pfi_kkif *kif,
struct mbuf *m, struct pf_pdesc *pd)
{
struct pf_state_peer *src, *dst;
@ -5456,7 +5456,7 @@ pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kkif *kif,
#ifdef INET
static void
pf_route(struct mbuf **m, struct pf_krule *r, int dir, struct ifnet *oifp,
struct pf_state *s, struct pf_pdesc *pd, struct inpcb *inp)
struct pf_kstate *s, struct pf_pdesc *pd, struct inpcb *inp)
{
struct mbuf *m0, *m1;
struct sockaddr_in dst;
@ -5644,7 +5644,7 @@ pf_route(struct mbuf **m, struct pf_krule *r, int dir, struct ifnet *oifp,
#ifdef INET6
static void
pf_route6(struct mbuf **m, struct pf_krule *r, int dir, struct ifnet *oifp,
struct pf_state *s, struct pf_pdesc *pd, struct inpcb *inp)
struct pf_kstate *s, struct pf_pdesc *pd, struct inpcb *inp)
{
struct mbuf *m0;
struct sockaddr_in6 dst;
@ -5933,7 +5933,7 @@ pf_test(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, struct inpcb *
struct ip *h = NULL;
struct m_tag *ipfwtag;
struct pf_krule *a = NULL, *r = &V_pf_default_rule, *tr, *nr;
struct pf_state *s = NULL;
struct pf_kstate *s = NULL;
struct pf_kruleset *ruleset = NULL;
struct pf_pdesc pd;
int off, dirndx, pqid = 0;
@ -6321,7 +6321,7 @@ pf_test6(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, struct inpcb
struct m_tag *mtag;
struct ip6_hdr *h = NULL;
struct pf_krule *a = NULL, *r = &V_pf_default_rule, *tr, *nr;
struct pf_state *s = NULL;
struct pf_kstate *s = NULL;
struct pf_kruleset *ruleset = NULL;
struct pf_pdesc pd;
int off, terminal = 0, dirndx, rh_cnt = 0, pqid = 0;

View File

@ -1957,7 +1957,7 @@ pf_label_match(const struct pf_krule *rule, const char *label)
static unsigned int
pf_kill_matching_state(struct pf_state_key_cmp *key, int dir)
{
struct pf_state *match;
struct pf_kstate *match;
int more = 0;
unsigned int killed = 0;
@ -1975,7 +1975,7 @@ pf_kill_matching_state(struct pf_state_key_cmp *key, int dir)
static int
pf_killstates_row(struct pf_kstate_kill *psk, struct pf_idhash *ih)
{
struct pf_state *s;
struct pf_kstate *s;
struct pf_state_key *sk;
struct pf_addr *srcaddr, *dstaddr;
struct pf_state_key_cmp match_key;
@ -2807,7 +2807,7 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
case DIOCGETSTATE: {
struct pfioc_state *ps = (struct pfioc_state *)addr;
struct pf_state *s;
struct pf_kstate *s;
s = pf_find_state_byid(ps->state.id, ps->state.creatorid);
if (s == NULL) {
@ -2827,7 +2827,7 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
case DIOCGETSTATES: {
struct pfioc_states *ps = (struct pfioc_states *)addr;
struct pf_state *s;
struct pf_kstate *s;
struct pfsync_state *pstore, *p;
int i, nr;
@ -2942,7 +2942,7 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
case DIOCNATLOOK: {
struct pfioc_natlook *pnl = (struct pfioc_natlook *)addr;
struct pf_state_key *sk;
struct pf_state *state;
struct pf_kstate *state;
struct pf_state_key_cmp key;
int m = 0, direction = pnl->direction;
int sidx, didx;
@ -4537,7 +4537,7 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
}
void
pfsync_state_export(struct pfsync_state *sp, struct pf_state *st)
pfsync_state_export(struct pfsync_state *sp, struct pf_kstate *st)
{
bzero(sp, sizeof(struct pfsync_state));
@ -4618,7 +4618,7 @@ pf_tbladdr_copyout(struct pf_addr_wrap *aw)
static void
pf_clear_all_states(void)
{
struct pf_state *s;
struct pf_kstate *s;
u_int i;
for (i = 0; i <= pf_hashmask; i++) {
@ -4653,7 +4653,7 @@ pf_clear_tables(void)
static void
pf_clear_srcnodes(struct pf_ksrc_node *n)
{
struct pf_state *s;
struct pf_kstate *s;
int i;
for (i = 0; i <= pf_hashmask; i++) {
@ -4717,7 +4717,7 @@ pf_kill_srcnodes(struct pfioc_src_node_kill *psnk)
for (int i = 0; i <= pf_hashmask; i++) {
struct pf_idhash *ih = &V_pf_idhash[i];
struct pf_state *s;
struct pf_kstate *s;
PF_HASHROW_LOCK(ih);
LIST_FOREACH(s, &ih->states, entry) {
@ -4771,7 +4771,7 @@ static unsigned int
pf_clear_states(const struct pf_kstate_kill *kill)
{
struct pf_state_key_cmp match_key;
struct pf_state *s;
struct pf_kstate *s;
struct pfi_kkif *kif;
int idx;
unsigned int killed = 0, dir;
@ -4837,7 +4837,7 @@ pf_clear_states(const struct pf_kstate_kill *kill)
static int
pf_killstates(struct pf_kstate_kill *kill, unsigned int *killed)
{
struct pf_state *s;
struct pf_kstate *s;
if (kill->psk_pfcmp.id) {
if (kill->psk_pfcmp.creatorid == 0)
@ -4976,11 +4976,11 @@ pf_clearstates_nv(struct pfioc_nv *nv)
static int
pf_getstate(struct pfioc_nv *nv)
{
nvlist_t *nvl = NULL, *nvls;
void *nvlpacked = NULL;
struct pf_state *s = NULL;
int error = 0;
uint64_t id, creatorid;
nvlist_t *nvl = NULL, *nvls;
void *nvlpacked = NULL;
struct pf_kstate *s = NULL;
int error = 0;
uint64_t id, creatorid;
#define ERROUT(x) ERROUT_FUNCTION(errout, x)
@ -5043,11 +5043,11 @@ pf_getstate(struct pfioc_nv *nv)
static int
pf_getstates(struct pfioc_nv *nv)
{
nvlist_t *nvl = NULL, *nvls;
void *nvlpacked = NULL;
struct pf_state *s = NULL;
int error = 0;
uint64_t count = 0;
nvlist_t *nvl = NULL, *nvls;
void *nvlpacked = NULL;
struct pf_kstate *s = NULL;
int error = 0;
uint64_t count = 0;
#define ERROUT(x) ERROUT_FUNCTION(errout, x)

View File

@ -1522,7 +1522,7 @@ pf_normalize_tcp_init(struct mbuf *m, int off, struct pf_pdesc *pd,
}
void
pf_normalize_tcp_cleanup(struct pf_state *state)
pf_normalize_tcp_cleanup(struct pf_kstate *state)
{
if (state->src.scrub)
uma_zfree(V_pf_state_scrub_z, state->src.scrub);
@ -1534,7 +1534,7 @@ pf_normalize_tcp_cleanup(struct pf_state *state)
int
pf_normalize_tcp_stateful(struct mbuf *m, int off, struct pf_pdesc *pd,
u_short *reason, struct tcphdr *th, struct pf_state *state,
u_short *reason, struct tcphdr *th, struct pf_kstate *state,
struct pf_state_peer *src, struct pf_state_peer *dst, int *writeback)
{
struct timeval uptime;

View File

@ -893,7 +893,7 @@ pf_state_peer_to_nvstate_peer(const struct pf_state_peer *peer)
}
nvlist_t *
pf_state_to_nvstate(const struct pf_state *s)
pf_state_to_nvstate(const struct pf_kstate *s)
{
nvlist_t *nvl, *tmp;
uint32_t expire, flags = 0;

View File

@ -81,6 +81,6 @@ nvlist_t *pf_krule_to_nvrule(const struct pf_krule *);
int pf_nvrule_to_krule(const nvlist_t *, struct pf_krule *);
int pf_nvstate_kill_to_kstate_kill(const nvlist_t *,
struct pf_kstate_kill *);
nvlist_t *pf_state_to_nvstate(const struct pf_state *);
nvlist_t *pf_state_to_nvstate(const struct pf_kstate *);
#endif