d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pf: Use counter_u64 in pf_src_node

Browse Source 
Reviewd by:	philip
MFC after:      2 weeks
Sponsored by:   Orange Business Services
Differential Revision:	https://reviews.freebsd.org/D27756
This commit is contained in:
Kristof Provost 2020-11-13 20:31:51 +01:00
parent 17ad7334ca
commit fbbf270eef
3 changed files with 48 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/net/pfvar.h
View File

@ -615,8 +615,8 @@ struct pf_ksrc_node {
struct pf_addr raddr;
union pf_rule_ptr rule;
struct pfi_kif *kif;
u_int64_t bytes[2];
u_int64_t packets[2];
counter_u64_t bytes[2];
counter_u64_t packets[2];
u_int32_t states;
u_int32_t conn;
struct pf_threshold conn_rate;

50
sys/netpfil/pf/pf.c
View File

@ -702,6 +702,19 @@ pf_find_src_node(struct pf_addr *src, struct pf_rule *rule, sa_family_t af,
return (n);
}
static void
pf_free_src_node(struct pf_ksrc_node *sn)
{
for (int i = 0; i < 2; i++) {
if (sn->bytes[i])
counter_u64_free(sn->bytes[i]);
if (sn->packets[i])
counter_u64_free(sn->packets[i]);
}
uma_zfree(V_pf_sources_z, sn);
}
static int
pf_insert_src_node(struct pf_ksrc_node **sn, struct pf_rule *rule,
struct pf_addr *src, sa_family_t af)
@ -730,6 +743,17 @@ pf_insert_src_node(struct pf_ksrc_node **sn, struct pf_rule *rule,
return (-1);
}
for (int i = 0; i < 2; i++) {
(*sn)->bytes[i] = counter_u64_alloc(M_NOWAIT);
(*sn)->packets[i] = counter_u64_alloc(M_NOWAIT);
if ((*sn)->bytes[i] == NULL || (*sn)->packets[i] == NULL) {
pf_free_src_node(*sn);
PF_HASHROW_UNLOCK(sh);
return (-1);
}
}
pf_init_threshold(&(*sn)->conn_rate,
rule->max_src_conn_rate.limit,
rule->max_src_conn_rate.seconds);
@ -773,7 +797,7 @@ pf_free_src_nodes(struct pf_ksrc_node_list *head)
u_int count = 0;
LIST_FOREACH_SAFE(sn, head, entry, tmp) {
uma_zfree(V_pf_sources_z, sn);
pf_free_src_node(sn);
count++;
}
@ -6189,12 +6213,16 @@ pf_test(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, struct inpcb *
s->nat_rule.ptr->bytes[dirndx] += pd.tot_len;
}
if (s->src_node != NULL) {
s->src_node->packets[dirndx]++;
s->src_node->bytes[dirndx] += pd.tot_len;
counter_u64_add(s->src_node->packets[dirndx],
1);
counter_u64_add(s->src_node->bytes[dirndx],
pd.tot_len);
}
if (s->nat_src_node != NULL) {
s->nat_src_node->packets[dirndx]++;
s->nat_src_node->bytes[dirndx] += pd.tot_len;
counter_u64_add(s->nat_src_node->packets[dirndx],
1);
counter_u64_add(s->nat_src_node->bytes[dirndx],
pd.tot_len);
}
dirndx = (dir == s->direction) ? 0 : 1;
counter_u64_add(s->packets[dirndx], 1);
@ -6585,12 +6613,16 @@ pf_test6(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, struct inpcb
s->nat_rule.ptr->bytes[dirndx] += pd.tot_len;
}
if (s->src_node != NULL) {
s->src_node->packets[dirndx]++;
s->src_node->bytes[dirndx] += pd.tot_len;
counter_u64_add(s->src_node->packets[dirndx],
1);
counter_u64_add(s->src_node->bytes[dirndx],
pd.tot_len);
}
if (s->nat_src_node != NULL) {
s->nat_src_node->packets[dirndx]++;
s->nat_src_node->bytes[dirndx] += pd.tot_len;
counter_u64_add(s->nat_src_node->packets[dirndx],
1);
counter_u64_add(s->nat_src_node->bytes[dirndx],
pd.tot_len);
}
dirndx = (dir == s->direction) ? 0 : 1;
counter_u64_add(s->packets[dirndx], 1);

7
sys/netpfil/pf/pf_ioctl.c
View File

@ -1161,8 +1161,11 @@ pf_src_node_copy(const struct pf_ksrc_node *in, struct pf_src_node *out)
if (in->rule.ptr != NULL)
out->rule.nr = in->rule.ptr->nr;
bcopy(&in->bytes, &out->bytes, sizeof(u_int64_t) * 2);
bcopy(&in->packets, &out->packets, sizeof(u_int64_t) * 2);
for (int i = 0; i < 2; i++) {
out->bytes[i] = counter_u64_fetch(in->bytes[i]);
out->packets[i] = counter_u64_fetch(in->packets[i]);
}
out->states = in->states;
out->conn = in->conn;
out->af = in->af;