pf: rename pf_state to pf_kstate
Indicate that this is a kernel-only structure, and make it easier to distinguish from others used to communicate with userspace. Reviewed by: mjg MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D31096
This commit is contained in:
parent
e88c3b1b02
commit
211cddf9e3
@ -501,10 +501,10 @@ struct pf_state_key {
|
||||
u_int8_t pad[2];
|
||||
|
||||
LIST_ENTRY(pf_state_key) entry;
|
||||
TAILQ_HEAD(, pf_state) states[2];
|
||||
TAILQ_HEAD(, pf_kstate) states[2];
|
||||
};
|
||||
|
||||
/* Keep synced with struct pf_state. */
|
||||
/* Keep synced with struct pf_kstate. */
|
||||
struct pf_state_cmp {
|
||||
u_int64_t id;
|
||||
u_int32_t creatorid;
|
||||
@ -521,16 +521,16 @@ struct pf_state_cmp {
|
||||
#define PFSTATE_SETMASK (PFSTATE_SETPRIO)
|
||||
|
||||
#ifdef _KERNEL
|
||||
struct pf_state {
|
||||
struct pf_kstate {
|
||||
u_int64_t id;
|
||||
u_int32_t creatorid;
|
||||
u_int8_t direction;
|
||||
u_int8_t pad[3];
|
||||
|
||||
u_int refs;
|
||||
TAILQ_ENTRY(pf_state) sync_list;
|
||||
TAILQ_ENTRY(pf_state) key_list[2];
|
||||
LIST_ENTRY(pf_state) entry;
|
||||
TAILQ_ENTRY(pf_kstate) sync_list;
|
||||
TAILQ_ENTRY(pf_kstate) key_list[2];
|
||||
LIST_ENTRY(pf_kstate) entry;
|
||||
struct pf_state_peer src;
|
||||
struct pf_state_peer dst;
|
||||
union pf_krule_ptr rule;
|
||||
@ -562,7 +562,7 @@ struct pf_state {
|
||||
/*
|
||||
* Size <= fits 13 objects per page on LP64. Try to not grow the struct beyond that.
|
||||
*/
|
||||
_Static_assert(sizeof(struct pf_state) <= 312, "pf_state size crosses 312 bytes");
|
||||
_Static_assert(sizeof(struct pf_kstate) <= 312, "pf_kstate size crosses 312 bytes");
|
||||
#endif
|
||||
|
||||
/*
|
||||
@ -623,11 +623,11 @@ struct pfsync_state {
|
||||
#ifdef _KERNEL
|
||||
/* pfsync */
|
||||
typedef int pfsync_state_import_t(struct pfsync_state *, u_int8_t);
|
||||
typedef void pfsync_insert_state_t(struct pf_state *);
|
||||
typedef void pfsync_update_state_t(struct pf_state *);
|
||||
typedef void pfsync_delete_state_t(struct pf_state *);
|
||||
typedef void pfsync_insert_state_t(struct pf_kstate *);
|
||||
typedef void pfsync_update_state_t(struct pf_kstate *);
|
||||
typedef void pfsync_delete_state_t(struct pf_kstate *);
|
||||
typedef void pfsync_clear_states_t(u_int32_t, const char *);
|
||||
typedef int pfsync_defer_t(struct pf_state *, struct mbuf *);
|
||||
typedef int pfsync_defer_t(struct pf_kstate *, struct mbuf *);
|
||||
typedef void pfsync_detach_ifnet_t(struct ifnet *);
|
||||
|
||||
VNET_DECLARE(pfsync_state_import_t *, pfsync_state_import_ptr);
|
||||
@ -645,7 +645,7 @@ VNET_DECLARE(pfsync_defer_t *, pfsync_defer_ptr);
|
||||
extern pfsync_detach_ifnet_t *pfsync_detach_ifnet_ptr;
|
||||
|
||||
void pfsync_state_export(struct pfsync_state *,
|
||||
struct pf_state *);
|
||||
struct pf_kstate *);
|
||||
|
||||
/* pflog */
|
||||
struct pf_kruleset;
|
||||
@ -1474,7 +1474,7 @@ struct pf_keyhash {
|
||||
};
|
||||
|
||||
struct pf_idhash {
|
||||
LIST_HEAD(, pf_state) states;
|
||||
LIST_HEAD(, pf_kstate) states;
|
||||
struct mtx lock;
|
||||
};
|
||||
|
||||
@ -1548,26 +1548,26 @@ extern void pf_unload_vnet_purge(void);
|
||||
extern void pf_intr(void *);
|
||||
extern void pf_purge_expired_src_nodes(void);
|
||||
|
||||
extern int pf_unlink_state(struct pf_state *, u_int);
|
||||
extern int pf_unlink_state(struct pf_kstate *, u_int);
|
||||
#define PF_ENTER_LOCKED 0x00000001
|
||||
#define PF_RETURN_LOCKED 0x00000002
|
||||
extern int pf_state_insert(struct pfi_kkif *,
|
||||
struct pfi_kkif *,
|
||||
struct pf_state_key *,
|
||||
struct pf_state_key *,
|
||||
struct pf_state *);
|
||||
extern struct pf_state *pf_alloc_state(int);
|
||||
extern void pf_free_state(struct pf_state *);
|
||||
struct pf_kstate *);
|
||||
extern struct pf_kstate *pf_alloc_state(int);
|
||||
extern void pf_free_state(struct pf_kstate *);
|
||||
|
||||
static __inline void
|
||||
pf_ref_state(struct pf_state *s)
|
||||
pf_ref_state(struct pf_kstate *s)
|
||||
{
|
||||
|
||||
refcount_acquire(&s->refs);
|
||||
}
|
||||
|
||||
static __inline int
|
||||
pf_release_state(struct pf_state *s)
|
||||
pf_release_state(struct pf_kstate *s)
|
||||
{
|
||||
|
||||
if (refcount_release(&s->refs)) {
|
||||
@ -1578,7 +1578,7 @@ pf_release_state(struct pf_state *s)
|
||||
}
|
||||
|
||||
static __inline int
|
||||
pf_release_staten(struct pf_state *s, u_int n)
|
||||
pf_release_staten(struct pf_kstate *s, u_int n)
|
||||
{
|
||||
|
||||
if (refcount_releasen(&s->refs, n)) {
|
||||
@ -1588,14 +1588,14 @@ pf_release_staten(struct pf_state *s, u_int n)
|
||||
return (0);
|
||||
}
|
||||
|
||||
extern struct pf_state *pf_find_state_byid(uint64_t, uint32_t);
|
||||
extern struct pf_state *pf_find_state_all(struct pf_state_key_cmp *,
|
||||
extern struct pf_kstate *pf_find_state_byid(uint64_t, uint32_t);
|
||||
extern struct pf_kstate *pf_find_state_all(struct pf_state_key_cmp *,
|
||||
u_int, int *);
|
||||
extern struct pf_ksrc_node *pf_find_src_node(struct pf_addr *,
|
||||
struct pf_krule *, sa_family_t, int);
|
||||
extern void pf_unlink_src_node(struct pf_ksrc_node *);
|
||||
extern u_int pf_free_src_nodes(struct pf_ksrc_node_list *);
|
||||
extern void pf_print_state(struct pf_state *);
|
||||
extern void pf_print_state(struct pf_kstate *);
|
||||
extern void pf_print_flags(u_int8_t);
|
||||
extern u_int16_t pf_cksum_fixup(u_int16_t, u_int16_t, u_int16_t,
|
||||
u_int8_t);
|
||||
@ -1626,7 +1626,7 @@ void pf_addr_inc(struct pf_addr *, sa_family_t);
|
||||
int pf_refragment6(struct ifnet *, struct mbuf **, struct m_tag *);
|
||||
#endif /* INET6 */
|
||||
|
||||
u_int32_t pf_new_isn(struct pf_state *);
|
||||
u_int32_t pf_new_isn(struct pf_kstate *);
|
||||
void *pf_pull_hdr(struct mbuf *, int, void *, int, u_short *, u_short *,
|
||||
sa_family_t);
|
||||
void pf_change_a(void *, u_int16_t *, u_int32_t, u_int8_t);
|
||||
@ -1637,7 +1637,7 @@ void pf_patch_16_unaligned(struct mbuf *, u_int16_t *, void *, u_int16_t,
|
||||
bool, u_int8_t);
|
||||
void pf_patch_32_unaligned(struct mbuf *, u_int16_t *, void *, u_int32_t,
|
||||
bool, u_int8_t);
|
||||
void pf_send_deferred_syn(struct pf_state *);
|
||||
void pf_send_deferred_syn(struct pf_kstate *);
|
||||
int pf_match_addr(u_int8_t, struct pf_addr *, struct pf_addr *,
|
||||
struct pf_addr *, sa_family_t);
|
||||
int pf_match_addr_range(struct pf_addr *, struct pf_addr *,
|
||||
@ -1648,14 +1648,14 @@ void pf_normalize_init(void);
|
||||
void pf_normalize_cleanup(void);
|
||||
int pf_normalize_tcp(int, struct pfi_kkif *, struct mbuf *, int, int, void *,
|
||||
struct pf_pdesc *);
|
||||
void pf_normalize_tcp_cleanup(struct pf_state *);
|
||||
void pf_normalize_tcp_cleanup(struct pf_kstate *);
|
||||
int pf_normalize_tcp_init(struct mbuf *, int, struct pf_pdesc *,
|
||||
struct tcphdr *, struct pf_state_peer *, struct pf_state_peer *);
|
||||
int pf_normalize_tcp_stateful(struct mbuf *, int, struct pf_pdesc *,
|
||||
u_short *, struct tcphdr *, struct pf_state *,
|
||||
u_short *, struct tcphdr *, struct pf_kstate *,
|
||||
struct pf_state_peer *, struct pf_state_peer *, int *);
|
||||
u_int32_t
|
||||
pf_state_expires(const struct pf_state *);
|
||||
pf_state_expires(const struct pf_kstate *);
|
||||
void pf_purge_expired_fragments(void);
|
||||
void pf_purge_fragments(uint32_t);
|
||||
int pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kkif *,
|
||||
|
@ -115,7 +115,7 @@ struct pfsync_pkt {
|
||||
u_int8_t flags;
|
||||
};
|
||||
|
||||
static int pfsync_upd_tcp(struct pf_state *, struct pfsync_state_peer *,
|
||||
static int pfsync_upd_tcp(struct pf_kstate *, struct pfsync_state_peer *,
|
||||
struct pfsync_state_peer *);
|
||||
static int pfsync_in_clr(struct pfsync_pkt *, struct mbuf *, int, int);
|
||||
static int pfsync_in_ins(struct pfsync_pkt *, struct mbuf *, int, int);
|
||||
@ -147,16 +147,16 @@ static int (*pfsync_acts[])(struct pfsync_pkt *, struct mbuf *, int, int) = {
|
||||
};
|
||||
|
||||
struct pfsync_q {
|
||||
void (*write)(struct pf_state *, void *);
|
||||
void (*write)(struct pf_kstate *, void *);
|
||||
size_t len;
|
||||
u_int8_t action;
|
||||
};
|
||||
|
||||
/* we have one of these for every PFSYNC_S_ */
|
||||
static void pfsync_out_state(struct pf_state *, void *);
|
||||
static void pfsync_out_iack(struct pf_state *, void *);
|
||||
static void pfsync_out_upd_c(struct pf_state *, void *);
|
||||
static void pfsync_out_del(struct pf_state *, void *);
|
||||
static void pfsync_out_state(struct pf_kstate *, void *);
|
||||
static void pfsync_out_iack(struct pf_kstate *, void *);
|
||||
static void pfsync_out_upd_c(struct pf_kstate *, void *);
|
||||
static void pfsync_out_del(struct pf_kstate *, void *);
|
||||
|
||||
static struct pfsync_q pfsync_qs[] = {
|
||||
{ pfsync_out_state, sizeof(struct pfsync_state), PFSYNC_ACT_INS },
|
||||
@ -166,10 +166,10 @@ static struct pfsync_q pfsync_qs[] = {
|
||||
{ pfsync_out_del, sizeof(struct pfsync_del_c), PFSYNC_ACT_DEL_C }
|
||||
};
|
||||
|
||||
static void pfsync_q_ins(struct pf_state *, int, bool);
|
||||
static void pfsync_q_del(struct pf_state *, bool, struct pfsync_bucket *);
|
||||
static void pfsync_q_ins(struct pf_kstate *, int, bool);
|
||||
static void pfsync_q_del(struct pf_kstate *, bool, struct pfsync_bucket *);
|
||||
|
||||
static void pfsync_update_state(struct pf_state *);
|
||||
static void pfsync_update_state(struct pf_kstate *);
|
||||
|
||||
struct pfsync_upd_req_item {
|
||||
TAILQ_ENTRY(pfsync_upd_req_item) ur_entry;
|
||||
@ -182,7 +182,7 @@ struct pfsync_deferral {
|
||||
u_int pd_refs;
|
||||
struct callout pd_tmo;
|
||||
|
||||
struct pf_state *pd_st;
|
||||
struct pf_kstate *pd_st;
|
||||
struct mbuf *pd_m;
|
||||
};
|
||||
|
||||
@ -198,7 +198,7 @@ struct pfsync_bucket
|
||||
#define PFSYNCF_BUCKET_PUSH 0x00000001
|
||||
|
||||
size_t b_len;
|
||||
TAILQ_HEAD(, pf_state) b_qs[PFSYNC_S_COUNT];
|
||||
TAILQ_HEAD(, pf_kstate) b_qs[PFSYNC_S_COUNT];
|
||||
TAILQ_HEAD(, pfsync_upd_req_item) b_upd_req_list;
|
||||
TAILQ_HEAD(, pfsync_deferral) b_deferrals;
|
||||
u_int b_deferred;
|
||||
@ -291,13 +291,13 @@ static int pfsyncoutput(struct ifnet *, struct mbuf *,
|
||||
const struct sockaddr *, struct route *);
|
||||
static int pfsyncioctl(struct ifnet *, u_long, caddr_t);
|
||||
|
||||
static int pfsync_defer(struct pf_state *, struct mbuf *);
|
||||
static int pfsync_defer(struct pf_kstate *, struct mbuf *);
|
||||
static void pfsync_undefer(struct pfsync_deferral *, int);
|
||||
static void pfsync_undefer_state(struct pf_state *, int);
|
||||
static void pfsync_undefer_state(struct pf_kstate *, int);
|
||||
static void pfsync_defer_tmo(void *);
|
||||
|
||||
static void pfsync_request_update(u_int32_t, u_int64_t);
|
||||
static bool pfsync_update_state_req(struct pf_state *);
|
||||
static bool pfsync_update_state_req(struct pf_kstate *);
|
||||
|
||||
static void pfsync_drop(struct pfsync_softc *);
|
||||
static void pfsync_sendout(int, int);
|
||||
@ -313,7 +313,7 @@ static void pfsync_detach_ifnet(struct ifnet *);
|
||||
static void pfsync_update_net_tdb(struct pfsync_tdb *);
|
||||
#endif
|
||||
static struct pfsync_bucket *pfsync_get_bucket(struct pfsync_softc *,
|
||||
struct pf_state *);
|
||||
struct pf_kstate *);
|
||||
|
||||
#define PFSYNC_MAX_BULKTRIES 12
|
||||
|
||||
@ -461,7 +461,7 @@ pfsync_state_import(struct pfsync_state *sp, u_int8_t flags)
|
||||
struct pfsync_state_key key[2];
|
||||
#endif
|
||||
struct pfsync_state_key *kw, *ks;
|
||||
struct pf_state *st = NULL;
|
||||
struct pf_kstate *st = NULL;
|
||||
struct pf_state_key *skw = NULL, *sks = NULL;
|
||||
struct pf_krule *r = NULL;
|
||||
struct pfi_kkif *kif;
|
||||
@ -753,7 +753,7 @@ pfsync_in_clr(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count)
|
||||
|
||||
for (int i = 0; i <= pf_hashmask; i++) {
|
||||
struct pf_idhash *ih = &V_pf_idhash[i];
|
||||
struct pf_state *s;
|
||||
struct pf_kstate *s;
|
||||
relock:
|
||||
PF_HASHROW_LOCK(ih);
|
||||
LIST_FOREACH(s, &ih->states, entry) {
|
||||
@ -812,7 +812,7 @@ static int
|
||||
pfsync_in_iack(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count)
|
||||
{
|
||||
struct pfsync_ins_ack *ia, *iaa;
|
||||
struct pf_state *st;
|
||||
struct pf_kstate *st;
|
||||
|
||||
struct mbuf *mp;
|
||||
int len = count * sizeof(*ia);
|
||||
@ -846,7 +846,7 @@ pfsync_in_iack(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count)
|
||||
}
|
||||
|
||||
static int
|
||||
pfsync_upd_tcp(struct pf_state *st, struct pfsync_state_peer *src,
|
||||
pfsync_upd_tcp(struct pf_kstate *st, struct pfsync_state_peer *src,
|
||||
struct pfsync_state_peer *dst)
|
||||
{
|
||||
int sync = 0;
|
||||
@ -884,7 +884,7 @@ pfsync_in_upd(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count)
|
||||
{
|
||||
struct pfsync_softc *sc = V_pfsyncif;
|
||||
struct pfsync_state *sa, *sp;
|
||||
struct pf_state *st;
|
||||
struct pf_kstate *st;
|
||||
int sync;
|
||||
|
||||
struct mbuf *mp;
|
||||
@ -970,7 +970,7 @@ pfsync_in_upd_c(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count)
|
||||
{
|
||||
struct pfsync_softc *sc = V_pfsyncif;
|
||||
struct pfsync_upd_c *ua, *up;
|
||||
struct pf_state *st;
|
||||
struct pf_kstate *st;
|
||||
int len = count * sizeof(*up);
|
||||
int sync;
|
||||
struct mbuf *mp;
|
||||
@ -1060,7 +1060,7 @@ pfsync_in_ureq(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count)
|
||||
int len = count * sizeof(*ur);
|
||||
int i, offp;
|
||||
|
||||
struct pf_state *st;
|
||||
struct pf_kstate *st;
|
||||
|
||||
mp = m_pulldown(m, offset, len, &offp);
|
||||
if (mp == NULL) {
|
||||
@ -1098,7 +1098,7 @@ pfsync_in_del(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count)
|
||||
{
|
||||
struct mbuf *mp;
|
||||
struct pfsync_state *sa, *sp;
|
||||
struct pf_state *st;
|
||||
struct pf_kstate *st;
|
||||
int len = count * sizeof(*sp);
|
||||
int offp, i;
|
||||
|
||||
@ -1129,7 +1129,7 @@ pfsync_in_del_c(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count)
|
||||
{
|
||||
struct mbuf *mp;
|
||||
struct pfsync_del_c *sa, *sp;
|
||||
struct pf_state *st;
|
||||
struct pf_kstate *st;
|
||||
int len = count * sizeof(*sp);
|
||||
int offp, i;
|
||||
|
||||
@ -1480,7 +1480,7 @@ pfsyncioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
|
||||
}
|
||||
|
||||
static void
|
||||
pfsync_out_state(struct pf_state *st, void *buf)
|
||||
pfsync_out_state(struct pf_kstate *st, void *buf)
|
||||
{
|
||||
struct pfsync_state *sp = buf;
|
||||
|
||||
@ -1488,7 +1488,7 @@ pfsync_out_state(struct pf_state *st, void *buf)
|
||||
}
|
||||
|
||||
static void
|
||||
pfsync_out_iack(struct pf_state *st, void *buf)
|
||||
pfsync_out_iack(struct pf_kstate *st, void *buf)
|
||||
{
|
||||
struct pfsync_ins_ack *iack = buf;
|
||||
|
||||
@ -1497,7 +1497,7 @@ pfsync_out_iack(struct pf_state *st, void *buf)
|
||||
}
|
||||
|
||||
static void
|
||||
pfsync_out_upd_c(struct pf_state *st, void *buf)
|
||||
pfsync_out_upd_c(struct pf_kstate *st, void *buf)
|
||||
{
|
||||
struct pfsync_upd_c *up = buf;
|
||||
|
||||
@ -1510,7 +1510,7 @@ pfsync_out_upd_c(struct pf_state *st, void *buf)
|
||||
}
|
||||
|
||||
static void
|
||||
pfsync_out_del(struct pf_state *st, void *buf)
|
||||
pfsync_out_del(struct pf_kstate *st, void *buf)
|
||||
{
|
||||
struct pfsync_del_c *dp = buf;
|
||||
|
||||
@ -1522,7 +1522,7 @@ pfsync_out_del(struct pf_state *st, void *buf)
|
||||
static void
|
||||
pfsync_drop(struct pfsync_softc *sc)
|
||||
{
|
||||
struct pf_state *st, *next;
|
||||
struct pf_kstate *st, *next;
|
||||
struct pfsync_upd_req_item *ur;
|
||||
struct pfsync_bucket *b;
|
||||
int c, q;
|
||||
@ -1562,7 +1562,7 @@ pfsync_sendout(int schedswi, int c)
|
||||
struct ip *ip;
|
||||
struct pfsync_header *ph;
|
||||
struct pfsync_subheader *subh;
|
||||
struct pf_state *st, *st_next;
|
||||
struct pf_kstate *st, *st_next;
|
||||
struct pfsync_upd_req_item *ur;
|
||||
struct pfsync_bucket *b = &sc->sc_buckets[c];
|
||||
int offset;
|
||||
@ -1702,7 +1702,7 @@ pfsync_sendout(int schedswi, int c)
|
||||
}
|
||||
|
||||
static void
|
||||
pfsync_insert_state(struct pf_state *st)
|
||||
pfsync_insert_state(struct pf_kstate *st)
|
||||
{
|
||||
struct pfsync_softc *sc = V_pfsyncif;
|
||||
struct pfsync_bucket *b = pfsync_get_bucket(sc, st);
|
||||
@ -1730,7 +1730,7 @@ pfsync_insert_state(struct pf_state *st)
|
||||
}
|
||||
|
||||
static int
|
||||
pfsync_defer(struct pf_state *st, struct mbuf *m)
|
||||
pfsync_defer(struct pf_kstate *st, struct mbuf *m)
|
||||
{
|
||||
struct pfsync_softc *sc = V_pfsyncif;
|
||||
struct pfsync_deferral *pd;
|
||||
@ -1778,7 +1778,7 @@ pfsync_undefer(struct pfsync_deferral *pd, int drop)
|
||||
{
|
||||
struct pfsync_softc *sc = pd->pd_sc;
|
||||
struct mbuf *m = pd->pd_m;
|
||||
struct pf_state *st = pd->pd_st;
|
||||
struct pf_kstate *st = pd->pd_st;
|
||||
struct pfsync_bucket *b = pfsync_get_bucket(sc, st);
|
||||
|
||||
PFSYNC_BUCKET_LOCK_ASSERT(b);
|
||||
@ -1804,7 +1804,7 @@ pfsync_defer_tmo(void *arg)
|
||||
struct pfsync_deferral *pd = arg;
|
||||
struct pfsync_softc *sc = pd->pd_sc;
|
||||
struct mbuf *m = pd->pd_m;
|
||||
struct pf_state *st = pd->pd_st;
|
||||
struct pf_kstate *st = pd->pd_st;
|
||||
struct pfsync_bucket *b = pfsync_get_bucket(sc, st);
|
||||
|
||||
PFSYNC_BUCKET_LOCK_ASSERT(b);
|
||||
@ -1828,7 +1828,7 @@ pfsync_defer_tmo(void *arg)
|
||||
}
|
||||
|
||||
static void
|
||||
pfsync_undefer_state(struct pf_state *st, int drop)
|
||||
pfsync_undefer_state(struct pf_kstate *st, int drop)
|
||||
{
|
||||
struct pfsync_softc *sc = V_pfsyncif;
|
||||
struct pfsync_deferral *pd;
|
||||
@ -1851,14 +1851,14 @@ pfsync_undefer_state(struct pf_state *st, int drop)
|
||||
}
|
||||
|
||||
static struct pfsync_bucket*
|
||||
pfsync_get_bucket(struct pfsync_softc *sc, struct pf_state *st)
|
||||
pfsync_get_bucket(struct pfsync_softc *sc, struct pf_kstate *st)
|
||||
{
|
||||
int c = PF_IDHASH(st) % pfsync_buckets;
|
||||
return &sc->sc_buckets[c];
|
||||
}
|
||||
|
||||
static void
|
||||
pfsync_update_state(struct pf_state *st)
|
||||
pfsync_update_state(struct pf_kstate *st)
|
||||
{
|
||||
struct pfsync_softc *sc = V_pfsyncif;
|
||||
bool sync = false, ref = true;
|
||||
@ -1956,7 +1956,7 @@ pfsync_request_update(u_int32_t creatorid, u_int64_t id)
|
||||
}
|
||||
|
||||
static bool
|
||||
pfsync_update_state_req(struct pf_state *st)
|
||||
pfsync_update_state_req(struct pf_kstate *st)
|
||||
{
|
||||
struct pfsync_softc *sc = V_pfsyncif;
|
||||
bool ref = true, full = false;
|
||||
@ -2003,7 +2003,7 @@ pfsync_update_state_req(struct pf_state *st)
|
||||
}
|
||||
|
||||
static void
|
||||
pfsync_delete_state(struct pf_state *st)
|
||||
pfsync_delete_state(struct pf_kstate *st)
|
||||
{
|
||||
struct pfsync_softc *sc = V_pfsyncif;
|
||||
struct pfsync_bucket *b = pfsync_get_bucket(sc, st);
|
||||
@ -2067,7 +2067,7 @@ pfsync_clear_states(u_int32_t creatorid, const char *ifname)
|
||||
}
|
||||
|
||||
static void
|
||||
pfsync_q_ins(struct pf_state *st, int q, bool ref)
|
||||
pfsync_q_ins(struct pf_kstate *st, int q, bool ref)
|
||||
{
|
||||
struct pfsync_softc *sc = V_pfsyncif;
|
||||
size_t nlen = pfsync_qs[q].len;
|
||||
@ -2097,7 +2097,7 @@ pfsync_q_ins(struct pf_state *st, int q, bool ref)
|
||||
}
|
||||
|
||||
static void
|
||||
pfsync_q_del(struct pf_state *st, bool unref, struct pfsync_bucket *b)
|
||||
pfsync_q_del(struct pf_kstate *st, bool unref, struct pfsync_bucket *b)
|
||||
{
|
||||
int q = st->sync_state;
|
||||
|
||||
@ -2137,7 +2137,7 @@ static void
|
||||
pfsync_bulk_update(void *arg)
|
||||
{
|
||||
struct pfsync_softc *sc = arg;
|
||||
struct pf_state *s;
|
||||
struct pf_kstate *s;
|
||||
int i, sent = 0;
|
||||
|
||||
PFSYNC_BLOCK_ASSERT(sc);
|
||||
|
@ -115,12 +115,12 @@ __FBSDID("$FreeBSD$");
|
||||
|
||||
SDT_PROVIDER_DEFINE(pf);
|
||||
SDT_PROBE_DEFINE4(pf, ip, test, done, "int", "int", "struct pf_krule *",
|
||||
"struct pf_state *");
|
||||
"struct pf_kstate *");
|
||||
SDT_PROBE_DEFINE4(pf, ip, test6, done, "int", "int", "struct pf_krule *",
|
||||
"struct pf_state *");
|
||||
"struct pf_kstate *");
|
||||
SDT_PROBE_DEFINE5(pf, ip, state, lookup, "struct pfi_kkif *",
|
||||
"struct pf_state_key_cmp *", "int", "struct pf_pdesc *",
|
||||
"struct pf_state *");
|
||||
"struct pf_kstate *");
|
||||
|
||||
/*
|
||||
* Global variables
|
||||
@ -228,7 +228,7 @@ VNET_DEFINE(uint64_t, pf_stateid[MAXCPU]);
|
||||
#define PFID_MAXID (~PFID_CPUMASK)
|
||||
CTASSERT((1 << PFID_CPUBITS) >= MAXCPU);
|
||||
|
||||
static void pf_src_tree_remove_state(struct pf_state *);
|
||||
static void pf_src_tree_remove_state(struct pf_kstate *);
|
||||
static void pf_init_threshold(struct pf_threshold *, u_int32_t,
|
||||
u_int32_t);
|
||||
static void pf_add_threshold(struct pf_threshold *);
|
||||
@ -251,13 +251,13 @@ static void pf_send_tcp(struct mbuf *,
|
||||
u_int16_t, struct ifnet *);
|
||||
static void pf_send_icmp(struct mbuf *, u_int8_t, u_int8_t,
|
||||
sa_family_t, struct pf_krule *);
|
||||
static void pf_detach_state(struct pf_state *);
|
||||
static void pf_detach_state(struct pf_kstate *);
|
||||
static int pf_state_key_attach(struct pf_state_key *,
|
||||
struct pf_state_key *, struct pf_state *);
|
||||
static void pf_state_key_detach(struct pf_state *, int);
|
||||
struct pf_state_key *, struct pf_kstate *);
|
||||
static void pf_state_key_detach(struct pf_kstate *, int);
|
||||
static int pf_state_key_ctor(void *, int, void *, int);
|
||||
static u_int32_t pf_tcp_iss(struct pf_pdesc *);
|
||||
static int pf_test_rule(struct pf_krule **, struct pf_state **,
|
||||
static int pf_test_rule(struct pf_krule **, struct pf_kstate **,
|
||||
int, struct pfi_kkif *, struct mbuf *, int,
|
||||
struct pf_pdesc *, struct pf_krule **,
|
||||
struct pf_kruleset **, struct inpcb *);
|
||||
@ -266,29 +266,29 @@ static int pf_create_state(struct pf_krule *, struct pf_krule *,
|
||||
struct pf_ksrc_node *, struct pf_state_key *,
|
||||
struct pf_state_key *, struct mbuf *, int,
|
||||
u_int16_t, u_int16_t, int *, struct pfi_kkif *,
|
||||
struct pf_state **, int, u_int16_t, u_int16_t,
|
||||
struct pf_kstate **, int, u_int16_t, u_int16_t,
|
||||
int);
|
||||
static int pf_test_fragment(struct pf_krule **, int,
|
||||
struct pfi_kkif *, struct mbuf *, void *,
|
||||
struct pf_pdesc *, struct pf_krule **,
|
||||
struct pf_kruleset **);
|
||||
static int pf_tcp_track_full(struct pf_state_peer *,
|
||||
struct pf_state_peer *, struct pf_state **,
|
||||
struct pf_state_peer *, struct pf_kstate **,
|
||||
struct pfi_kkif *, struct mbuf *, int,
|
||||
struct pf_pdesc *, u_short *, int *);
|
||||
static int pf_tcp_track_sloppy(struct pf_state_peer *,
|
||||
struct pf_state_peer *, struct pf_state **,
|
||||
struct pf_state_peer *, struct pf_kstate **,
|
||||
struct pf_pdesc *, u_short *);
|
||||
static int pf_test_state_tcp(struct pf_state **, int,
|
||||
static int pf_test_state_tcp(struct pf_kstate **, int,
|
||||
struct pfi_kkif *, struct mbuf *, int,
|
||||
void *, struct pf_pdesc *, u_short *);
|
||||
static int pf_test_state_udp(struct pf_state **, int,
|
||||
static int pf_test_state_udp(struct pf_kstate **, int,
|
||||
struct pfi_kkif *, struct mbuf *, int,
|
||||
void *, struct pf_pdesc *);
|
||||
static int pf_test_state_icmp(struct pf_state **, int,
|
||||
static int pf_test_state_icmp(struct pf_kstate **, int,
|
||||
struct pfi_kkif *, struct mbuf *, int,
|
||||
void *, struct pf_pdesc *, u_short *);
|
||||
static int pf_test_state_other(struct pf_state **, int,
|
||||
static int pf_test_state_other(struct pf_kstate **, int,
|
||||
struct pfi_kkif *, struct mbuf *, struct pf_pdesc *);
|
||||
static u_int8_t pf_get_wscale(struct mbuf *, int, u_int16_t,
|
||||
sa_family_t);
|
||||
@ -298,15 +298,15 @@ static u_int16_t pf_calc_mss(struct pf_addr *, sa_family_t,
|
||||
int, u_int16_t);
|
||||
static int pf_check_proto_cksum(struct mbuf *, int, int,
|
||||
u_int8_t, sa_family_t);
|
||||
static void pf_print_state_parts(struct pf_state *,
|
||||
static void pf_print_state_parts(struct pf_kstate *,
|
||||
struct pf_state_key *, struct pf_state_key *);
|
||||
static int pf_addr_wrap_neq(struct pf_addr_wrap *,
|
||||
struct pf_addr_wrap *);
|
||||
static void pf_patch_8(struct mbuf *, u_int16_t *, u_int8_t *, u_int8_t,
|
||||
bool, u_int8_t);
|
||||
static struct pf_state *pf_find_state(struct pfi_kkif *,
|
||||
static struct pf_kstate *pf_find_state(struct pfi_kkif *,
|
||||
struct pf_state_key_cmp *, u_int);
|
||||
static int pf_src_connlimit(struct pf_state **);
|
||||
static int pf_src_connlimit(struct pf_kstate **);
|
||||
static void pf_overload_task(void *v, int pending);
|
||||
static int pf_insert_src_node(struct pf_ksrc_node **,
|
||||
struct pf_krule *, struct pf_addr *, sa_family_t);
|
||||
@ -316,14 +316,14 @@ static int pf_mtag_uminit(void *, int, int);
|
||||
static void pf_mtag_free(struct m_tag *);
|
||||
#ifdef INET
|
||||
static void pf_route(struct mbuf **, struct pf_krule *, int,
|
||||
struct ifnet *, struct pf_state *,
|
||||
struct ifnet *, struct pf_kstate *,
|
||||
struct pf_pdesc *, struct inpcb *);
|
||||
#endif /* INET */
|
||||
#ifdef INET6
|
||||
static void pf_change_a6(struct pf_addr *, u_int16_t *,
|
||||
struct pf_addr *, u_int8_t);
|
||||
static void pf_route6(struct mbuf **, struct pf_krule *, int,
|
||||
struct ifnet *, struct pf_state *,
|
||||
struct ifnet *, struct pf_kstate *,
|
||||
struct pf_pdesc *, struct inpcb *);
|
||||
#endif /* INET6 */
|
||||
|
||||
@ -480,7 +480,7 @@ pf_hashsrc(struct pf_addr *addr, sa_family_t af)
|
||||
|
||||
#ifdef ALTQ
|
||||
static int
|
||||
pf_state_hash(struct pf_state *s)
|
||||
pf_state_hash(struct pf_kstate *s)
|
||||
{
|
||||
u_int32_t hv = (intptr_t)s / sizeof(*s);
|
||||
|
||||
@ -543,7 +543,7 @@ pf_check_threshold(struct pf_threshold *threshold)
|
||||
}
|
||||
|
||||
static int
|
||||
pf_src_connlimit(struct pf_state **state)
|
||||
pf_src_connlimit(struct pf_kstate **state)
|
||||
{
|
||||
struct pf_overload_entry *pfoe;
|
||||
int bad = 0;
|
||||
@ -659,7 +659,7 @@ pf_overload_task(void *v, int pending)
|
||||
for (int i = 0; i <= pf_hashmask; i++) {
|
||||
struct pf_idhash *ih = &V_pf_idhash[i];
|
||||
struct pf_state_key *sk;
|
||||
struct pf_state *s;
|
||||
struct pf_kstate *s;
|
||||
|
||||
PF_HASHROW_LOCK(ih);
|
||||
LIST_FOREACH(s, &ih->states, entry) {
|
||||
@ -844,7 +844,7 @@ pf_initialize()
|
||||
V_pf_hashseed = arc4random();
|
||||
|
||||
/* States and state keys storage. */
|
||||
V_pf_state_z = uma_zcreate("pf states", sizeof(struct pf_state),
|
||||
V_pf_state_z = uma_zcreate("pf states", sizeof(struct pf_kstate),
|
||||
NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
|
||||
V_pf_limits[PF_LIMIT_STATES].zone = V_pf_state_z;
|
||||
uma_zone_set_max(V_pf_state_z, PFSTATE_HIWAT);
|
||||
@ -1007,11 +1007,11 @@ pf_get_mtag(struct mbuf *m)
|
||||
|
||||
static int
|
||||
pf_state_key_attach(struct pf_state_key *skw, struct pf_state_key *sks,
|
||||
struct pf_state *s)
|
||||
struct pf_kstate *s)
|
||||
{
|
||||
struct pf_keyhash *khs, *khw, *kh;
|
||||
struct pf_state_key *sk, *cur;
|
||||
struct pf_state *si, *olds = NULL;
|
||||
struct pf_kstate *si, *olds = NULL;
|
||||
int idx;
|
||||
|
||||
KASSERT(s->refs == 0, ("%s: state not pristine", __func__));
|
||||
@ -1172,7 +1172,7 @@ pf_state_key_attach(struct pf_state_key *skw, struct pf_state_key *sks,
|
||||
}
|
||||
|
||||
static void
|
||||
pf_detach_state(struct pf_state *s)
|
||||
pf_detach_state(struct pf_kstate *s)
|
||||
{
|
||||
struct pf_state_key *sks = s->key[PF_SK_STACK];
|
||||
struct pf_keyhash *kh;
|
||||
@ -1203,7 +1203,7 @@ pf_detach_state(struct pf_state *s)
|
||||
}
|
||||
|
||||
static void
|
||||
pf_state_key_detach(struct pf_state *s, int idx)
|
||||
pf_state_key_detach(struct pf_kstate *s, int idx)
|
||||
{
|
||||
struct pf_state_key *sk = s->key[idx];
|
||||
#ifdef INVARIANTS
|
||||
@ -1268,10 +1268,10 @@ pf_state_key_clone(struct pf_state_key *orig)
|
||||
|
||||
int
|
||||
pf_state_insert(struct pfi_kkif *kif, struct pfi_kkif *orig_kif,
|
||||
struct pf_state_key *skw, struct pf_state_key *sks, struct pf_state *s)
|
||||
struct pf_state_key *skw, struct pf_state_key *sks, struct pf_kstate *s)
|
||||
{
|
||||
struct pf_idhash *ih;
|
||||
struct pf_state *cur;
|
||||
struct pf_kstate *cur;
|
||||
int error;
|
||||
|
||||
KASSERT(TAILQ_EMPTY(&sks->states[0]) && TAILQ_EMPTY(&sks->states[1]),
|
||||
@ -1328,11 +1328,11 @@ pf_state_insert(struct pfi_kkif *kif, struct pfi_kkif *orig_kif,
|
||||
/*
|
||||
* Find state by ID: returns with locked row on success.
|
||||
*/
|
||||
struct pf_state *
|
||||
struct pf_kstate *
|
||||
pf_find_state_byid(uint64_t id, uint32_t creatorid)
|
||||
{
|
||||
struct pf_idhash *ih;
|
||||
struct pf_state *s;
|
||||
struct pf_kstate *s;
|
||||
|
||||
counter_u64_add(V_pf_status.fcounters[FCNT_STATE_SEARCH], 1);
|
||||
|
||||
@ -1353,12 +1353,12 @@ pf_find_state_byid(uint64_t id, uint32_t creatorid)
|
||||
* Find state by key.
|
||||
* Returns with ID hash slot locked on success.
|
||||
*/
|
||||
static struct pf_state *
|
||||
static struct pf_kstate *
|
||||
pf_find_state(struct pfi_kkif *kif, struct pf_state_key_cmp *key, u_int dir)
|
||||
{
|
||||
struct pf_keyhash *kh;
|
||||
struct pf_state_key *sk;
|
||||
struct pf_state *s;
|
||||
struct pf_kstate *s;
|
||||
int idx;
|
||||
|
||||
counter_u64_add(V_pf_status.fcounters[FCNT_STATE_SEARCH], 1);
|
||||
@ -1397,12 +1397,12 @@ pf_find_state(struct pfi_kkif *kif, struct pf_state_key_cmp *key, u_int dir)
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
struct pf_state *
|
||||
struct pf_kstate *
|
||||
pf_find_state_all(struct pf_state_key_cmp *key, u_int dir, int *more)
|
||||
{
|
||||
struct pf_keyhash *kh;
|
||||
struct pf_state_key *sk;
|
||||
struct pf_state *s, *ret = NULL;
|
||||
struct pf_kstate *s, *ret = NULL;
|
||||
int idx, inout = 0;
|
||||
|
||||
counter_u64_add(V_pf_status.fcounters[FCNT_STATE_SEARCH], 1);
|
||||
@ -1592,7 +1592,7 @@ pf_unload_vnet_purge(void)
|
||||
}
|
||||
|
||||
u_int32_t
|
||||
pf_state_expires(const struct pf_state *state)
|
||||
pf_state_expires(const struct pf_kstate *state)
|
||||
{
|
||||
u_int32_t timeout;
|
||||
u_int32_t start;
|
||||
@ -1656,7 +1656,7 @@ pf_purge_expired_src_nodes()
|
||||
}
|
||||
|
||||
static void
|
||||
pf_src_tree_remove_state(struct pf_state *s)
|
||||
pf_src_tree_remove_state(struct pf_kstate *s)
|
||||
{
|
||||
struct pf_ksrc_node *sn;
|
||||
struct pf_srchash *sh;
|
||||
@ -1693,7 +1693,7 @@ pf_src_tree_remove_state(struct pf_state *s)
|
||||
* unlocked, since it needs to go through key hash locking.
|
||||
*/
|
||||
int
|
||||
pf_unlink_state(struct pf_state *s, u_int flags)
|
||||
pf_unlink_state(struct pf_kstate *s, u_int flags)
|
||||
{
|
||||
struct pf_idhash *ih = &V_pf_idhash[PF_IDHASH(s)];
|
||||
|
||||
@ -1740,7 +1740,7 @@ pf_unlink_state(struct pf_state *s, u_int flags)
|
||||
return (pf_release_staten(s, 2));
|
||||
}
|
||||
|
||||
struct pf_state *
|
||||
struct pf_kstate *
|
||||
pf_alloc_state(int flags)
|
||||
{
|
||||
|
||||
@ -1748,7 +1748,7 @@ pf_alloc_state(int flags)
|
||||
}
|
||||
|
||||
void
|
||||
pf_free_state(struct pf_state *cur)
|
||||
pf_free_state(struct pf_kstate *cur)
|
||||
{
|
||||
|
||||
KASSERT(cur->refs == 0, ("%s: %p has refs", __func__, cur));
|
||||
@ -1767,7 +1767,7 @@ static u_int
|
||||
pf_purge_expired_states(u_int i, int maxcheck)
|
||||
{
|
||||
struct pf_idhash *ih;
|
||||
struct pf_state *s;
|
||||
struct pf_kstate *s;
|
||||
|
||||
V_pf_status.states = uma_zone_get_cur(V_pf_state_z);
|
||||
|
||||
@ -1925,13 +1925,13 @@ pf_print_host(struct pf_addr *addr, u_int16_t p, sa_family_t af)
|
||||
}
|
||||
|
||||
void
|
||||
pf_print_state(struct pf_state *s)
|
||||
pf_print_state(struct pf_kstate *s)
|
||||
{
|
||||
pf_print_state_parts(s, NULL, NULL);
|
||||
}
|
||||
|
||||
static void
|
||||
pf_print_state_parts(struct pf_state *s,
|
||||
pf_print_state_parts(struct pf_kstate *s,
|
||||
struct pf_state_key *skwp, struct pf_state_key *sksp)
|
||||
{
|
||||
struct pf_state_key *skw, *sks;
|
||||
@ -3330,7 +3330,7 @@ pf_tcp_iss(struct pf_pdesc *pd)
|
||||
}
|
||||
|
||||
static int
|
||||
pf_test_rule(struct pf_krule **rm, struct pf_state **sm, int direction,
|
||||
pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, int direction,
|
||||
struct pfi_kkif *kif, struct mbuf *m, int off, struct pf_pdesc *pd,
|
||||
struct pf_krule **am, struct pf_kruleset **rsm, struct inpcb *inp)
|
||||
{
|
||||
@ -3707,10 +3707,10 @@ static int
|
||||
pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a,
|
||||
struct pf_pdesc *pd, struct pf_ksrc_node *nsn, struct pf_state_key *nk,
|
||||
struct pf_state_key *sk, struct mbuf *m, int off, u_int16_t sport,
|
||||
u_int16_t dport, int *rewrite, struct pfi_kkif *kif, struct pf_state **sm,
|
||||
u_int16_t dport, int *rewrite, struct pfi_kkif *kif, struct pf_kstate **sm,
|
||||
int tag, u_int16_t bproto_sum, u_int16_t bip_sum, int hdrlen)
|
||||
{
|
||||
struct pf_state *s = NULL;
|
||||
struct pf_kstate *s = NULL;
|
||||
struct pf_ksrc_node *sn = NULL;
|
||||
struct tcphdr *th = &pd->hdr.tcp;
|
||||
u_int16_t mss = V_tcp_mssdflt;
|
||||
@ -4049,7 +4049,7 @@ pf_test_fragment(struct pf_krule **rm, int direction, struct pfi_kkif *kif,
|
||||
|
||||
static int
|
||||
pf_tcp_track_full(struct pf_state_peer *src, struct pf_state_peer *dst,
|
||||
struct pf_state **state, struct pfi_kkif *kif, struct mbuf *m, int off,
|
||||
struct pf_kstate **state, struct pfi_kkif *kif, struct mbuf *m, int off,
|
||||
struct pf_pdesc *pd, u_short *reason, int *copyback)
|
||||
{
|
||||
struct tcphdr *th = &pd->hdr.tcp;
|
||||
@ -4375,7 +4375,7 @@ pf_tcp_track_full(struct pf_state_peer *src, struct pf_state_peer *dst,
|
||||
|
||||
static int
|
||||
pf_tcp_track_sloppy(struct pf_state_peer *src, struct pf_state_peer *dst,
|
||||
struct pf_state **state, struct pf_pdesc *pd, u_short *reason)
|
||||
struct pf_kstate **state, struct pf_pdesc *pd, u_short *reason)
|
||||
{
|
||||
struct tcphdr *th = &pd->hdr.tcp;
|
||||
|
||||
@ -4445,7 +4445,7 @@ pf_tcp_track_sloppy(struct pf_state_peer *src, struct pf_state_peer *dst,
|
||||
}
|
||||
|
||||
static int
|
||||
pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kkif *kif,
|
||||
pf_test_state_tcp(struct pf_kstate **state, int direction, struct pfi_kkif *kif,
|
||||
struct mbuf *m, int off, void *h, struct pf_pdesc *pd,
|
||||
u_short *reason)
|
||||
{
|
||||
@ -4613,7 +4613,7 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kkif *kif,
|
||||
}
|
||||
|
||||
static int
|
||||
pf_test_state_udp(struct pf_state **state, int direction, struct pfi_kkif *kif,
|
||||
pf_test_state_udp(struct pf_kstate **state, int direction, struct pfi_kkif *kif,
|
||||
struct mbuf *m, int off, void *h, struct pf_pdesc *pd)
|
||||
{
|
||||
struct pf_state_peer *src, *dst;
|
||||
@ -4680,7 +4680,7 @@ pf_test_state_udp(struct pf_state **state, int direction, struct pfi_kkif *kif,
|
||||
}
|
||||
|
||||
static int
|
||||
pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kkif *kif,
|
||||
pf_test_state_icmp(struct pf_kstate **state, int direction, struct pfi_kkif *kif,
|
||||
struct mbuf *m, int off, void *h, struct pf_pdesc *pd, u_short *reason)
|
||||
{
|
||||
struct pf_addr *saddr = pd->src, *daddr = pd->dst;
|
||||
@ -5284,7 +5284,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kkif *kif,
|
||||
}
|
||||
|
||||
static int
|
||||
pf_test_state_other(struct pf_state **state, int direction, struct pfi_kkif *kif,
|
||||
pf_test_state_other(struct pf_kstate **state, int direction, struct pfi_kkif *kif,
|
||||
struct mbuf *m, struct pf_pdesc *pd)
|
||||
{
|
||||
struct pf_state_peer *src, *dst;
|
||||
@ -5456,7 +5456,7 @@ pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kkif *kif,
|
||||
#ifdef INET
|
||||
static void
|
||||
pf_route(struct mbuf **m, struct pf_krule *r, int dir, struct ifnet *oifp,
|
||||
struct pf_state *s, struct pf_pdesc *pd, struct inpcb *inp)
|
||||
struct pf_kstate *s, struct pf_pdesc *pd, struct inpcb *inp)
|
||||
{
|
||||
struct mbuf *m0, *m1;
|
||||
struct sockaddr_in dst;
|
||||
@ -5644,7 +5644,7 @@ pf_route(struct mbuf **m, struct pf_krule *r, int dir, struct ifnet *oifp,
|
||||
#ifdef INET6
|
||||
static void
|
||||
pf_route6(struct mbuf **m, struct pf_krule *r, int dir, struct ifnet *oifp,
|
||||
struct pf_state *s, struct pf_pdesc *pd, struct inpcb *inp)
|
||||
struct pf_kstate *s, struct pf_pdesc *pd, struct inpcb *inp)
|
||||
{
|
||||
struct mbuf *m0;
|
||||
struct sockaddr_in6 dst;
|
||||
@ -5933,7 +5933,7 @@ pf_test(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, struct inpcb *
|
||||
struct ip *h = NULL;
|
||||
struct m_tag *ipfwtag;
|
||||
struct pf_krule *a = NULL, *r = &V_pf_default_rule, *tr, *nr;
|
||||
struct pf_state *s = NULL;
|
||||
struct pf_kstate *s = NULL;
|
||||
struct pf_kruleset *ruleset = NULL;
|
||||
struct pf_pdesc pd;
|
||||
int off, dirndx, pqid = 0;
|
||||
@ -6321,7 +6321,7 @@ pf_test6(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, struct inpcb
|
||||
struct m_tag *mtag;
|
||||
struct ip6_hdr *h = NULL;
|
||||
struct pf_krule *a = NULL, *r = &V_pf_default_rule, *tr, *nr;
|
||||
struct pf_state *s = NULL;
|
||||
struct pf_kstate *s = NULL;
|
||||
struct pf_kruleset *ruleset = NULL;
|
||||
struct pf_pdesc pd;
|
||||
int off, terminal = 0, dirndx, rh_cnt = 0, pqid = 0;
|
||||
|
@ -1957,7 +1957,7 @@ pf_label_match(const struct pf_krule *rule, const char *label)
|
||||
static unsigned int
|
||||
pf_kill_matching_state(struct pf_state_key_cmp *key, int dir)
|
||||
{
|
||||
struct pf_state *match;
|
||||
struct pf_kstate *match;
|
||||
int more = 0;
|
||||
unsigned int killed = 0;
|
||||
|
||||
@ -1975,7 +1975,7 @@ pf_kill_matching_state(struct pf_state_key_cmp *key, int dir)
|
||||
static int
|
||||
pf_killstates_row(struct pf_kstate_kill *psk, struct pf_idhash *ih)
|
||||
{
|
||||
struct pf_state *s;
|
||||
struct pf_kstate *s;
|
||||
struct pf_state_key *sk;
|
||||
struct pf_addr *srcaddr, *dstaddr;
|
||||
struct pf_state_key_cmp match_key;
|
||||
@ -2807,7 +2807,7 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
|
||||
|
||||
case DIOCGETSTATE: {
|
||||
struct pfioc_state *ps = (struct pfioc_state *)addr;
|
||||
struct pf_state *s;
|
||||
struct pf_kstate *s;
|
||||
|
||||
s = pf_find_state_byid(ps->state.id, ps->state.creatorid);
|
||||
if (s == NULL) {
|
||||
@ -2827,7 +2827,7 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
|
||||
|
||||
case DIOCGETSTATES: {
|
||||
struct pfioc_states *ps = (struct pfioc_states *)addr;
|
||||
struct pf_state *s;
|
||||
struct pf_kstate *s;
|
||||
struct pfsync_state *pstore, *p;
|
||||
int i, nr;
|
||||
|
||||
@ -2942,7 +2942,7 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
|
||||
case DIOCNATLOOK: {
|
||||
struct pfioc_natlook *pnl = (struct pfioc_natlook *)addr;
|
||||
struct pf_state_key *sk;
|
||||
struct pf_state *state;
|
||||
struct pf_kstate *state;
|
||||
struct pf_state_key_cmp key;
|
||||
int m = 0, direction = pnl->direction;
|
||||
int sidx, didx;
|
||||
@ -4537,7 +4537,7 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
|
||||
}
|
||||
|
||||
void
|
||||
pfsync_state_export(struct pfsync_state *sp, struct pf_state *st)
|
||||
pfsync_state_export(struct pfsync_state *sp, struct pf_kstate *st)
|
||||
{
|
||||
bzero(sp, sizeof(struct pfsync_state));
|
||||
|
||||
@ -4618,7 +4618,7 @@ pf_tbladdr_copyout(struct pf_addr_wrap *aw)
|
||||
static void
|
||||
pf_clear_all_states(void)
|
||||
{
|
||||
struct pf_state *s;
|
||||
struct pf_kstate *s;
|
||||
u_int i;
|
||||
|
||||
for (i = 0; i <= pf_hashmask; i++) {
|
||||
@ -4653,7 +4653,7 @@ pf_clear_tables(void)
|
||||
static void
|
||||
pf_clear_srcnodes(struct pf_ksrc_node *n)
|
||||
{
|
||||
struct pf_state *s;
|
||||
struct pf_kstate *s;
|
||||
int i;
|
||||
|
||||
for (i = 0; i <= pf_hashmask; i++) {
|
||||
@ -4717,7 +4717,7 @@ pf_kill_srcnodes(struct pfioc_src_node_kill *psnk)
|
||||
|
||||
for (int i = 0; i <= pf_hashmask; i++) {
|
||||
struct pf_idhash *ih = &V_pf_idhash[i];
|
||||
struct pf_state *s;
|
||||
struct pf_kstate *s;
|
||||
|
||||
PF_HASHROW_LOCK(ih);
|
||||
LIST_FOREACH(s, &ih->states, entry) {
|
||||
@ -4771,7 +4771,7 @@ static unsigned int
|
||||
pf_clear_states(const struct pf_kstate_kill *kill)
|
||||
{
|
||||
struct pf_state_key_cmp match_key;
|
||||
struct pf_state *s;
|
||||
struct pf_kstate *s;
|
||||
struct pfi_kkif *kif;
|
||||
int idx;
|
||||
unsigned int killed = 0, dir;
|
||||
@ -4837,7 +4837,7 @@ pf_clear_states(const struct pf_kstate_kill *kill)
|
||||
static int
|
||||
pf_killstates(struct pf_kstate_kill *kill, unsigned int *killed)
|
||||
{
|
||||
struct pf_state *s;
|
||||
struct pf_kstate *s;
|
||||
|
||||
if (kill->psk_pfcmp.id) {
|
||||
if (kill->psk_pfcmp.creatorid == 0)
|
||||
@ -4976,11 +4976,11 @@ pf_clearstates_nv(struct pfioc_nv *nv)
|
||||
static int
|
||||
pf_getstate(struct pfioc_nv *nv)
|
||||
{
|
||||
nvlist_t *nvl = NULL, *nvls;
|
||||
void *nvlpacked = NULL;
|
||||
struct pf_state *s = NULL;
|
||||
int error = 0;
|
||||
uint64_t id, creatorid;
|
||||
nvlist_t *nvl = NULL, *nvls;
|
||||
void *nvlpacked = NULL;
|
||||
struct pf_kstate *s = NULL;
|
||||
int error = 0;
|
||||
uint64_t id, creatorid;
|
||||
|
||||
#define ERROUT(x) ERROUT_FUNCTION(errout, x)
|
||||
|
||||
@ -5043,11 +5043,11 @@ pf_getstate(struct pfioc_nv *nv)
|
||||
static int
|
||||
pf_getstates(struct pfioc_nv *nv)
|
||||
{
|
||||
nvlist_t *nvl = NULL, *nvls;
|
||||
void *nvlpacked = NULL;
|
||||
struct pf_state *s = NULL;
|
||||
int error = 0;
|
||||
uint64_t count = 0;
|
||||
nvlist_t *nvl = NULL, *nvls;
|
||||
void *nvlpacked = NULL;
|
||||
struct pf_kstate *s = NULL;
|
||||
int error = 0;
|
||||
uint64_t count = 0;
|
||||
|
||||
#define ERROUT(x) ERROUT_FUNCTION(errout, x)
|
||||
|
||||
|
@ -1522,7 +1522,7 @@ pf_normalize_tcp_init(struct mbuf *m, int off, struct pf_pdesc *pd,
|
||||
}
|
||||
|
||||
void
|
||||
pf_normalize_tcp_cleanup(struct pf_state *state)
|
||||
pf_normalize_tcp_cleanup(struct pf_kstate *state)
|
||||
{
|
||||
if (state->src.scrub)
|
||||
uma_zfree(V_pf_state_scrub_z, state->src.scrub);
|
||||
@ -1534,7 +1534,7 @@ pf_normalize_tcp_cleanup(struct pf_state *state)
|
||||
|
||||
int
|
||||
pf_normalize_tcp_stateful(struct mbuf *m, int off, struct pf_pdesc *pd,
|
||||
u_short *reason, struct tcphdr *th, struct pf_state *state,
|
||||
u_short *reason, struct tcphdr *th, struct pf_kstate *state,
|
||||
struct pf_state_peer *src, struct pf_state_peer *dst, int *writeback)
|
||||
{
|
||||
struct timeval uptime;
|
||||
|
@ -893,7 +893,7 @@ pf_state_peer_to_nvstate_peer(const struct pf_state_peer *peer)
|
||||
}
|
||||
|
||||
nvlist_t *
|
||||
pf_state_to_nvstate(const struct pf_state *s)
|
||||
pf_state_to_nvstate(const struct pf_kstate *s)
|
||||
{
|
||||
nvlist_t *nvl, *tmp;
|
||||
uint32_t expire, flags = 0;
|
||||
|
@ -81,6 +81,6 @@ nvlist_t *pf_krule_to_nvrule(const struct pf_krule *);
|
||||
int pf_nvrule_to_krule(const nvlist_t *, struct pf_krule *);
|
||||
int pf_nvstate_kill_to_kstate_kill(const nvlist_t *,
|
||||
struct pf_kstate_kill *);
|
||||
nvlist_t *pf_state_to_nvstate(const struct pf_state *);
|
||||
nvlist_t *pf_state_to_nvstate(const struct pf_kstate *);
|
||||
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user