git: 096efeb658b5 - main - pfctl: follow rpool -> rdr rename
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 24 Jan 2025 10:24:58 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=096efeb658b5a6d63068bd90f3c6508f74767bba
commit 096efeb658b5a6d63068bd90f3c6508f74767bba
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-01-20 08:34:46 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-01-24 10:20:29 +0000
pfctl: follow rpool -> rdr rename
In e11dacbf8484adc7bbb61b20fee3ab8385745925 the redirect pool was renamed from
rpool to rdr. It included backwards compatibility support for libpfctl users,
but didn't fully implement the rename in our own code.
Do so now. No functional change.
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
contrib/pf/ftp-proxy/filter.c | 6 ++--
contrib/pf/tftp-proxy/filter.c | 6 ++--
sbin/pfctl/parse.y | 80 +++++++++++++++++++++---------------------
sbin/pfctl/pfctl.c | 18 +++++-----
sbin/pfctl/pfctl_optimize.c | 26 +++++++-------
sbin/pfctl/pfctl_parser.c | 6 ++--
6 files changed, 71 insertions(+), 71 deletions(-)
diff --git a/contrib/pf/ftp-proxy/filter.c b/contrib/pf/ftp-proxy/filter.c
index 7d6d3f1fa348..f29467c98d4c 100644
--- a/contrib/pf/ftp-proxy/filter.c
+++ b/contrib/pf/ftp-proxy/filter.c
@@ -107,8 +107,8 @@ add_nat(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
if (ioctl(pfctl_fd(pfh), DIOCADDADDR, &pfp) == -1)
return (-1);
- pfrule.rpool.proxy_port[0] = nat_range_low;
- pfrule.rpool.proxy_port[1] = nat_range_high;
+ pfrule.rdr.proxy_port[0] = nat_range_low;
+ pfrule.rdr.proxy_port[1] = nat_range_high;
if (pfctl_add_rule_h(pfh, &pfrule, pfanchor, pfanchor_call,
pfticket, pfpool_ticket))
return (-1);
@@ -141,7 +141,7 @@ add_rdr(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
if (ioctl(pfctl_fd(pfh), DIOCADDADDR, &pfp) == -1)
return (-1);
- pfrule.rpool.proxy_port[0] = rdr_port;
+ pfrule.rdr.proxy_port[0] = rdr_port;
if (pfctl_add_rule_h(pfh, &pfrule, pfanchor, pfanchor_call,
pfticket, pfpool_ticket))
return (-1);
diff --git a/contrib/pf/tftp-proxy/filter.c b/contrib/pf/tftp-proxy/filter.c
index 8d5dcc21badc..d462d159d779 100644
--- a/contrib/pf/tftp-proxy/filter.c
+++ b/contrib/pf/tftp-proxy/filter.c
@@ -111,8 +111,8 @@ add_nat(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
if (ioctl(pfctl_fd(pfh), DIOCADDADDR, &pfp) == -1)
return (-1);
- pfrule.rpool.proxy_port[0] = nat_range_low;
- pfrule.rpool.proxy_port[1] = nat_range_high;
+ pfrule.rdr.proxy_port[0] = nat_range_low;
+ pfrule.rdr.proxy_port[1] = nat_range_high;
if (pfctl_add_rule_h(pfh, &pfrule, pfanchor, pfanchor_call,
pfticket, pfpool_ticket))
return (-1);
@@ -145,7 +145,7 @@ add_rdr(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
if (ioctl(pfctl_fd(pfh), DIOCADDADDR, &pfp) == -1)
return (-1);
- pfrule.rpool.proxy_port[0] = rdr_port;
+ pfrule.rdr.proxy_port[0] = rdr_port;
if (pfctl_add_rule_h(pfh, &pfrule, pfanchor, pfanchor_call,
pfticket, pfpool_ticket))
return (-1);
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index 4a7bd3125372..2bd8e16b535b 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -2737,9 +2737,9 @@ pfrule : action dir logquick interface route af proto fromto
YYERROR;
}
r.rt = $5.rt;
- r.rpool.opts = $5.pool_opts;
+ r.rdr.opts = $5.pool_opts;
if ($5.key != NULL)
- memcpy(&r.rpool.key, $5.key,
+ memcpy(&r.rdr.key, $5.key,
sizeof(struct pf_poolhashkey));
}
if (r.rt) {
@@ -2750,26 +2750,26 @@ pfrule : action dir logquick interface route af proto fromto
"matching address family found.");
YYERROR;
}
- if ((r.rpool.opts & PF_POOL_TYPEMASK) ==
+ if ((r.rdr.opts & PF_POOL_TYPEMASK) ==
PF_POOL_NONE && ($5.host->next != NULL ||
$5.host->addr.type == PF_ADDR_TABLE ||
DYNIF_MULTIADDR($5.host->addr)))
- r.rpool.opts |= PF_POOL_ROUNDROBIN;
- if ((r.rpool.opts & PF_POOL_TYPEMASK) !=
+ r.rdr.opts |= PF_POOL_ROUNDROBIN;
+ if ((r.rdr.opts & PF_POOL_TYPEMASK) !=
PF_POOL_ROUNDROBIN &&
disallow_table($5.host, "tables are only "
"supported in round-robin routing pools"))
YYERROR;
- if ((r.rpool.opts & PF_POOL_TYPEMASK) !=
+ if ((r.rdr.opts & PF_POOL_TYPEMASK) !=
PF_POOL_ROUNDROBIN &&
disallow_alias($5.host, "interface (%s) "
"is only supported in round-robin "
"routing pools"))
YYERROR;
if ($5.host->next != NULL) {
- if ((r.rpool.opts & PF_POOL_TYPEMASK) !=
+ if ((r.rdr.opts & PF_POOL_TYPEMASK) !=
PF_POOL_ROUNDROBIN) {
- yyerror("r.rpool.opts must "
+ yyerror("r.rdr.opts must "
"be PF_POOL_ROUNDROBIN");
YYERROR;
}
@@ -4874,59 +4874,59 @@ natrule : nataction interface af proto fromto tag tagged rtable
if (check_netmask($9->host, r.af))
YYERROR;
- r.rpool.proxy_port[0] = ntohs($9->rport.a);
+ r.rdr.proxy_port[0] = ntohs($9->rport.a);
switch (r.action) {
case PF_RDR:
if (!$9->rport.b && $9->rport.t &&
$5.dst.port != NULL) {
- r.rpool.proxy_port[1] =
+ r.rdr.proxy_port[1] =
ntohs($9->rport.a) +
(ntohs(
$5.dst.port->port[1]) -
ntohs(
$5.dst.port->port[0]));
} else
- r.rpool.proxy_port[1] =
+ r.rdr.proxy_port[1] =
ntohs($9->rport.b);
break;
case PF_NAT:
- r.rpool.proxy_port[1] =
+ r.rdr.proxy_port[1] =
ntohs($9->rport.b);
- if (!r.rpool.proxy_port[0] &&
- !r.rpool.proxy_port[1]) {
- r.rpool.proxy_port[0] =
+ if (!r.rdr.proxy_port[0] &&
+ !r.rdr.proxy_port[1]) {
+ r.rdr.proxy_port[0] =
PF_NAT_PROXY_PORT_LOW;
- r.rpool.proxy_port[1] =
+ r.rdr.proxy_port[1] =
PF_NAT_PROXY_PORT_HIGH;
- } else if (!r.rpool.proxy_port[1])
- r.rpool.proxy_port[1] =
- r.rpool.proxy_port[0];
+ } else if (!r.rdr.proxy_port[1])
+ r.rdr.proxy_port[1] =
+ r.rdr.proxy_port[0];
break;
default:
break;
}
- r.rpool.opts = $10.type;
- if ((r.rpool.opts & PF_POOL_TYPEMASK) ==
+ r.rdr.opts = $10.type;
+ if ((r.rdr.opts & PF_POOL_TYPEMASK) ==
PF_POOL_NONE && ($9->host->next != NULL ||
$9->host->addr.type == PF_ADDR_TABLE ||
DYNIF_MULTIADDR($9->host->addr)))
- r.rpool.opts = PF_POOL_ROUNDROBIN;
- if ((r.rpool.opts & PF_POOL_TYPEMASK) !=
+ r.rdr.opts = PF_POOL_ROUNDROBIN;
+ if ((r.rdr.opts & PF_POOL_TYPEMASK) !=
PF_POOL_ROUNDROBIN &&
disallow_table($9->host, "tables are only "
"supported in round-robin redirection "
"pools"))
YYERROR;
- if ((r.rpool.opts & PF_POOL_TYPEMASK) !=
+ if ((r.rdr.opts & PF_POOL_TYPEMASK) !=
PF_POOL_ROUNDROBIN &&
disallow_alias($9->host, "interface (%s) "
"is only supported in round-robin "
"redirection pools"))
YYERROR;
if ($9->host->next != NULL) {
- if ((r.rpool.opts & PF_POOL_TYPEMASK) !=
+ if ((r.rdr.opts & PF_POOL_TYPEMASK) !=
PF_POOL_ROUNDROBIN) {
yyerror("only round-robin "
"valid for multiple "
@@ -4937,11 +4937,11 @@ natrule : nataction interface af proto fromto tag tagged rtable
}
if ($10.key != NULL)
- memcpy(&r.rpool.key, $10.key,
+ memcpy(&r.rdr.key, $10.key,
sizeof(struct pf_poolhashkey));
if ($10.opts)
- r.rpool.opts |= $10.opts;
+ r.rdr.opts |= $10.opts;
if ($10.staticport) {
if (r.action != PF_NAT) {
@@ -4949,17 +4949,17 @@ natrule : nataction interface af proto fromto tag tagged rtable
"only valid with nat rules");
YYERROR;
}
- if (r.rpool.proxy_port[0] !=
+ if (r.rdr.proxy_port[0] !=
PF_NAT_PROXY_PORT_LOW &&
- r.rpool.proxy_port[1] !=
+ r.rdr.proxy_port[1] !=
PF_NAT_PROXY_PORT_HIGH) {
yyerror("the 'static-port' option can't"
" be used when specifying a port"
" range");
YYERROR;
}
- r.rpool.proxy_port[0] = 0;
- r.rpool.proxy_port[1] = 0;
+ r.rdr.proxy_port[0] = 0;
+ r.rdr.proxy_port[1] = 0;
}
if ($10.mape.offset) {
@@ -4973,16 +4973,16 @@ natrule : nataction interface af proto fromto tag tagged rtable
" can't be used 'static-port'");
YYERROR;
}
- if (r.rpool.proxy_port[0] !=
+ if (r.rdr.proxy_port[0] !=
PF_NAT_PROXY_PORT_LOW &&
- r.rpool.proxy_port[1] !=
+ r.rdr.proxy_port[1] !=
PF_NAT_PROXY_PORT_HIGH) {
yyerror("the 'map-e-portset' option"
" can't be used when specifying"
" a port range");
YYERROR;
}
- r.rpool.mape = $10.mape;
+ r.rdr.mape = $10.mape;
}
o = keep_state_defaults;
@@ -5170,13 +5170,13 @@ binatrule : no BINAT natpasslog interface af proto FROM ipspec toipspec tag
YYERROR;
}
- TAILQ_INIT(&binat.rpool.list);
+ TAILQ_INIT(&binat.rdr.list);
pa = calloc(1, sizeof(struct pf_pooladdr));
if (pa == NULL)
err(1, "binat: calloc");
pa->addr = $13->host->addr;
pa->ifname[0] = 0;
- TAILQ_INSERT_TAIL(&binat.rpool.list,
+ TAILQ_INSERT_TAIL(&binat.rdr.list,
pa, entries);
free($13);
@@ -5521,7 +5521,7 @@ filter_consistent(struct pfctl_rule *r, int anchor_call)
problems++;
}
}
- if (r->rpool.opts & PF_POOL_STICKYADDR && !r->keep_state) {
+ if (r->rdr.opts & PF_POOL_STICKYADDR && !r->keep_state) {
yyerror("'sticky-address' requires 'keep state'");
problems++;
}
@@ -5549,8 +5549,8 @@ rdr_consistent(struct pfctl_rule *r)
yyerror("dst port only applies to tcp/udp/sctp");
problems++;
}
- if (r->rpool.proxy_port[0]) {
- yyerror("rpool port only applies to tcp/udp/sctp");
+ if (r->rdr.proxy_port[0]) {
+ yyerror("rdr port only applies to tcp/udp/sctp");
problems++;
}
}
@@ -6320,7 +6320,7 @@ expand_rule(struct pfctl_rule *r,
errx(1, "expand_rule: strlcpy");
} else
pa->ifname[0] = 0;
- TAILQ_INSERT_TAIL(&r->rpool.list, pa, entries);
+ TAILQ_INSERT_TAIL(&r->rdr.list, pa, entries);
}
TAILQ_INIT(&r->nat.list);
for (h = nat_hosts; h != NULL; h = h->next) {
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index ca374ca3295d..9da13daee063 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1302,7 +1302,7 @@ pfctl_show_rules(int dev, char *path, int opts, enum pfctl_show format,
goto error;
}
- if (pfctl_get_pool(dev, &rule.rpool,
+ if (pfctl_get_pool(dev, &rule.rdr,
nr, ri.ticket, PF_SCRUB, path, PF_RDR) != 0)
goto error;
@@ -1323,7 +1323,7 @@ pfctl_show_rules(int dev, char *path, int opts, enum pfctl_show format,
case PFCTL_SHOW_NOTHING:
break;
}
- pfctl_clear_pool(&rule.rpool);
+ pfctl_clear_pool(&rule.rdr);
}
ret = pfctl_get_rules_info_h(pfh, &ri, PF_PASS, path);
if (ret != 0) {
@@ -1337,7 +1337,7 @@ pfctl_show_rules(int dev, char *path, int opts, enum pfctl_show format,
goto error;
}
- if (pfctl_get_pool(dev, &rule.rpool,
+ if (pfctl_get_pool(dev, &rule.rdr,
nr, ri.ticket, PF_PASS, path, PF_RDR) != 0)
goto error;
@@ -1409,7 +1409,7 @@ pfctl_show_rules(int dev, char *path, int opts, enum pfctl_show format,
case PFCTL_SHOW_NOTHING:
break;
}
- pfctl_clear_pool(&rule.rpool);
+ pfctl_clear_pool(&rule.rdr);
}
error:
@@ -1498,7 +1498,7 @@ pfctl_show_nat(int dev, char *path, int opts, char *anchorname, int depth,
warnc(ret, "DIOCGETRULE");
return (-1);
}
- if (pfctl_get_pool(dev, &rule.rpool, nr,
+ if (pfctl_get_pool(dev, &rule.rdr, nr,
ri.ticket, nattype[i], path, PF_RDR) != 0)
return (-1);
if (pfctl_get_pool(dev, &rule.nat, nr,
@@ -1755,8 +1755,8 @@ pfctl_append_rule(struct pfctl *pf, struct pfctl_rule *r,
if ((rule = calloc(1, sizeof(*rule))) == NULL)
err(1, "calloc");
bcopy(r, rule, sizeof(*rule));
- TAILQ_INIT(&rule->rpool.list);
- pfctl_move_pool(&r->rpool, &rule->rpool);
+ TAILQ_INIT(&rule->rdr.list);
+ pfctl_move_pool(&r->rdr, &rule->rdr);
TAILQ_INSERT_TAIL(rs->rules[rs_num].active.ptr, rule, entries);
return (0);
@@ -2057,7 +2057,7 @@ pfctl_load_rule(struct pfctl *pf, char *path, struct pfctl_rule *r, int depth)
errc(1, error, "DIOCBEGINADDRS");
}
- if (pfctl_add_pool(pf, &r->rpool, r->af, PF_RDR))
+ if (pfctl_add_pool(pf, &r->rdr, r->af, PF_RDR))
return (1);
if (pfctl_add_pool(pf, &r->nat, r->naf ? r->naf : r->af, PF_NAT))
return (1);
@@ -2085,7 +2085,7 @@ pfctl_load_rule(struct pfctl *pf, char *path, struct pfctl_rule *r, int depth)
printf(" -- rule was already present");
}
path[len] = '\0';
- pfctl_clear_pool(&r->rpool);
+ pfctl_clear_pool(&r->rdr);
return (0);
}
diff --git a/sbin/pfctl/pfctl_optimize.c b/sbin/pfctl/pfctl_optimize.c
index a688fe484128..48b9a9caa82d 100644
--- a/sbin/pfctl/pfctl_optimize.c
+++ b/sbin/pfctl/pfctl_optimize.c
@@ -135,7 +135,7 @@ static struct pf_rule_field {
PF_RULE_FIELD(return_ttl, BREAK),
PF_RULE_FIELD(overload_tblname, BREAK),
PF_RULE_FIELD(flush, BREAK),
- PF_RULE_FIELD(rpool, BREAK),
+ PF_RULE_FIELD(rdr, BREAK),
PF_RULE_FIELD(logif, BREAK),
/*
@@ -290,12 +290,12 @@ pfctl_optimize_ruleset(struct pfctl *pf, struct pfctl_ruleset *rs)
if ((por = calloc(1, sizeof(*por))) == NULL)
err(1, "calloc");
memcpy(&por->por_rule, r, sizeof(*r));
- if (TAILQ_FIRST(&r->rpool.list) != NULL) {
- TAILQ_INIT(&por->por_rule.rpool.list);
- pfctl_move_pool(&r->rpool, &por->por_rule.rpool);
+ if (TAILQ_FIRST(&r->rdr.list) != NULL) {
+ TAILQ_INIT(&por->por_rule.rdr.list);
+ pfctl_move_pool(&r->rdr, &por->por_rule.rdr);
} else
- bzero(&por->por_rule.rpool,
- sizeof(por->por_rule.rpool));
+ bzero(&por->por_rule.rdr,
+ sizeof(por->por_rule.rdr));
TAILQ_INSERT_TAIL(&opt_queue, por, por_entry);
@@ -325,8 +325,8 @@ pfctl_optimize_ruleset(struct pfctl *pf, struct pfctl_ruleset *rs)
if ((r = calloc(1, sizeof(*r))) == NULL)
err(1, "calloc");
memcpy(r, &por->por_rule, sizeof(*r));
- TAILQ_INIT(&r->rpool.list);
- pfctl_move_pool(&por->por_rule.rpool, &r->rpool);
+ TAILQ_INIT(&r->rdr.list);
+ pfctl_move_pool(&por->por_rule.rdr, &r->rdr);
TAILQ_INSERT_TAIL(
rs->rules[PF_RULESET_FILTER].active.ptr,
r, entries);
@@ -912,14 +912,14 @@ load_feedback_profile(struct pfctl *pf, struct superblocks *superblocks)
memcpy(&por->por_rule, &rule, sizeof(por->por_rule));
rs = pf_find_or_create_ruleset(anchor_call);
por->por_rule.anchor = rs->anchor;
- if (TAILQ_EMPTY(&por->por_rule.rpool.list))
- memset(&por->por_rule.rpool, 0,
- sizeof(por->por_rule.rpool));
+ if (TAILQ_EMPTY(&por->por_rule.rdr.list))
+ memset(&por->por_rule.rdr, 0,
+ sizeof(por->por_rule.rdr));
TAILQ_INSERT_TAIL(&queue, por, por_entry);
- /* XXX pfctl_get_pool(pf->dev, &rule.rpool, nr, pr.ticket,
+ /* XXX pfctl_get_pool(pf->dev, &rule.rdr, nr, pr.ticket,
* PF_PASS, pf->anchor) ???
- * ... pfctl_clear_pool(&rule.rpool)
+ * ... pfctl_clear_pool(&rule.rdr)
*/
}
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index af10bdcf7e4b..85f1797e58e1 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -942,7 +942,7 @@ print_rule(struct pfctl_rule *r, const char *anchor_call, int verbose, int numer
else if (r->rt == PF_DUPTO)
printf(" dup-to");
printf(" ");
- print_pool(&r->rpool, 0, 0, r->af, PF_PASS);
+ print_pool(&r->rdr, 0, 0, r->af, PF_PASS);
}
if (r->af) {
if (r->af == AF_INET)
@@ -1253,8 +1253,8 @@ print_rule(struct pfctl_rule *r, const char *anchor_call, int verbose, int numer
(r->action == PF_NAT || r->action == PF_BINAT ||
r->action == PF_RDR)) {
printf(" -> ");
- print_pool(&r->rpool, r->rpool.proxy_port[0],
- r->rpool.proxy_port[1], r->af, r->action);
+ print_pool(&r->rdr, r->rdr.proxy_port[0],
+ r->rdr.proxy_port[1], r->af, r->action);
}
}