From nobody Thu Aug 15 11:06:31 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wl2PM6hDLz5TQGh; Thu, 15 Aug 2024 11:06:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wl2PM69MKz4qlB; Thu, 15 Aug 2024 11:06:31 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723719991; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=feQj4IQ+h67+RefTjCJj4emoat8Cy201wxUmoVsBU2E=; b=cSA9bfmfjMciAP4bvHRD/SJ2jqpYPd/rBXLEadp0RB0d9hcZ4+7Wr3e4x9kvUeqt2gWuNr W6vQniaHeHUtRGabVY1yN0FTPu072Ag1h/bnV1hFDsO8p0fa90xXFyHtbCT83u0NB4jejy aXIfC1uE+Ythzq94yblvrXrlOKZWKXAbnPVUAyeWL/U/1Gc+4opupr3XMRXEd7/7TtbbGy UTftzb0tNDojhSbONTgigh6wYEzZqKz0KJM+yqGBL5Mu/+sNGg99tUp+f4UVHcZryrgRTP JUKQyLySpnfd9llBQ+82QaOT3bWjQKuUfMBaCHV2DNmivJCkJZny/+OYm+ddWA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723719991; a=rsa-sha256; cv=none; b=MddEq5qdK633JL3TBAiyd4oUeXN9XbpwFJGJ/YRaFSNb1HEF3GgX7HEG36oQqG639j+3vg as7tBhrb9UYV1dKiwzshFvqCirrCkU7zwQPe2wbPq1aq8ZnUnBKiHivH+1WUtL4u9F96av GacxjpicvBa1RcV4grLjPwOTnumO2Va2gtn+faOC20EFokpgtpAiBUoCI+OaqNDx/DxKOE naKa+8Sg1tEYj5Eb1MJpXSAZ4FEmv1Z+7nf1thDjxAUITLv1YB1qpSvStAXeHxZ8FRdeSx Qw4aYcLWN2MQDk+8zvaHwOIyGXekD7m6IHzNFSlm7W4J58A1qtl0ypdgn/BQtA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723719991; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=feQj4IQ+h67+RefTjCJj4emoat8Cy201wxUmoVsBU2E=; b=oc0G0OUWOIhRcBL/uDdc7Pcg+a6j+bXs0d2Y+KWWK8H83e3NFen/oj+qX53AbA5yXxQFFF QAsqDFb2ud5+dosRcgmlpgG3w6ABmDKlXH1l6qJUHyZwan+K3femrV3GYu490aGLr9T/Cb BnHVWCA+5SazEc5N210BJTW9IeFYWsVm4MJgYSUBznUBsnhifpmWgi49O2m0KIgS9/E4GV X4TXj8jRw2qZzvP5YtHl7NRmOkpXfMr6V8xxZXsYDIUmCC4VIjHy1pv8WkfkPMcWfnM2hX 13esXtsc7aImi6X4lu+tHn67Mafy8Os5lA7c6Il3oVGs6YBIEuOFQAJrYzVIMA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wl2PM5mg5zKrd; Thu, 15 Aug 2024 11:06:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 47FB6VGZ070891; Thu, 15 Aug 2024 11:06:31 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 47FB6Vc0070888; Thu, 15 Aug 2024 11:06:31 GMT (envelope-from git) Date: Thu, 15 Aug 2024 11:06:31 GMT Message-Id: <202408151106.47FB6Vc0070888@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 1fc0dac54cb4 - main - pf: Convert struct pf_addr_wrap before sending it over netlink List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 1fc0dac54cb444d6c22102d7bbc23545de459e0f Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=1fc0dac54cb444d6c22102d7bbc23545de459e0f commit 1fc0dac54cb444d6c22102d7bbc23545de459e0f Author: Kajetan Staszkiewicz AuthorDate: 2024-08-15 09:07:27 +0000 Commit: Kristof Provost CommitDate: 2024-08-15 09:11:59 +0000 pf: Convert struct pf_addr_wrap before sending it over netlink The struct pf_addr_wrap when used inside of kernel operates on pointers to tables or interfaces. When reading a ruleset the struct must contain counters calculated from the aforementioned tables and interfaces. Both the pointers and the resulting counters are stored in an union and thus can't be present in the struct at the same time. The original ioctl code handles this by making a copy of struct pf_addr_wrap for pool addresses, accessing the table or interface structures by their pointers, calculating the counter values and storing them in place of those pointers in the copy. Then this copy is sent over ioctl. Use this mechanism for netlink too. Create a copy of src/dst addresses. Use the existing function pf_addr_copyout() to convert pointers to counters both for src/dst and pool addresses. Reviewed by: kp Differential Revision: https://reviews.freebsd.org/D46291 --- sys/net/pfvar.h | 1 + sys/netpfil/pf/pf_ioctl.c | 3 +-- sys/netpfil/pf/pf_nl.c | 23 +++++++---------------- 3 files changed, 9 insertions(+), 18 deletions(-) diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index eeded1e900a6..863883c2d61e 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -2533,6 +2533,7 @@ int pf_ioctl_get_addr(struct pfioc_pooladdr *); void pf_krule_free(struct pf_krule *); void pf_krule_clear_counters(struct pf_krule *); +void pf_addr_copyout(struct pf_addr_wrap *); #endif /* The fingerprint functions can be linked into userland programs (tcpdump) */ diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 959ebdf94cd4..5467ebbed2eb 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -129,7 +129,6 @@ static void pf_hash_rule_addr(MD5_CTX *, struct pf_rule_addr *); static int pf_commit_rules(u_int32_t, int, char *); static int pf_addr_setup(struct pf_kruleset *, struct pf_addr_wrap *, sa_family_t); -static void pf_addr_copyout(struct pf_addr_wrap *); static void pf_src_node_copy(const struct pf_ksrc_node *, struct pf_src_node *); #ifdef ALTQ @@ -1525,7 +1524,7 @@ pf_addr_setup(struct pf_kruleset *ruleset, struct pf_addr_wrap *addr, return (error); } -static void +void pf_addr_copyout(struct pf_addr_wrap *addr) { diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c index 060cd5e39852..6e752159b4bd 100644 --- a/sys/netpfil/pf/pf_nl.c +++ b/sys/netpfil/pf/pf_nl.c @@ -416,7 +416,6 @@ static bool nlattr_add_addr_wrap(struct nl_writer *nw, int attrtype, struct pf_addr_wrap *a) { int off = nlattr_add_nested(nw, attrtype); - int num; nlattr_add_in6_addr(nw, PF_AT_ADDR, &a->v.a.addr.v6); nlattr_add_in6_addr(nw, PF_AT_MASK, &a->v.a.mask.v6); @@ -425,22 +424,10 @@ nlattr_add_addr_wrap(struct nl_writer *nw, int attrtype, struct pf_addr_wrap *a) if (a->type == PF_ADDR_DYNIFTL) { nlattr_add_string(nw, PF_AT_IFNAME, a->v.ifname); - num = 0; - if (a->p.dyn != NULL) - num = a->p.dyn->pfid_acnt4 + a->p.dyn->pfid_acnt6; - nlattr_add_u32(nw, PF_AT_DYNCNT, num); + nlattr_add_u32(nw, PF_AT_DYNCNT, a->p.dyncnt); } else if (a->type == PF_ADDR_TABLE) { - struct pfr_ktable *kt; - nlattr_add_string(nw, PF_AT_TABLENAME, a->v.tblname); - num = -1; - kt = a->p.tbl; - if ((kt->pfrkt_flags & PFR_TFLAG_ACTIVE) && - kt->pfrkt_root != NULL) - kt = kt->pfrkt_root; - if (kt->pfrkt_flags & PFR_TFLAG_ACTIVE) - num = kt->pfrkt_cnt; - nlattr_add_u32(nw, PF_AT_TBLCNT, num); + nlattr_add_u32(nw, PF_AT_TBLCNT, a->p.tblcnt); } nlattr_set_len(nw, off); @@ -462,9 +449,13 @@ NL_DECLARE_ATTR_PARSER(rule_addr_parser, nla_p_ruleaddr); static bool nlattr_add_rule_addr(struct nl_writer *nw, int attrtype, struct pf_rule_addr *r) { + struct pf_addr_wrap aw = {0}; int off = nlattr_add_nested(nw, attrtype); - nlattr_add_addr_wrap(nw, PF_RAT_ADDR, &r->addr); + bcopy(&(r->addr), &aw, sizeof(struct pf_addr_wrap)); + pf_addr_copyout(&aw); + + nlattr_add_addr_wrap(nw, PF_RAT_ADDR, &aw); nlattr_add_u16(nw, PF_RAT_SRC_PORT, r->port[0]); nlattr_add_u16(nw, PF_RAT_DST_PORT, r->port[1]); nlattr_add_u8(nw, PF_RAT_NEG, r->neg);