svn commit: r232340 - projects/pf/head/sys/contrib/pf/net
Gleb Smirnoff
glebius at FreeBSD.org
Thu Mar 1 14:42:07 UTC 2012
Author: glebius
Date: Thu Mar 1 14:42:06 2012
New Revision: 232340
URL: http://svn.freebsd.org/changeset/base/232340
Log:
o Axe intermediate struct pf_state_item, instead embed TAILQ_ENTRY
right into struct pf_state. Axe associated UMA zone.
- More PF_RULES_RASSERT.
- Minor unrelated nits.
Modified:
projects/pf/head/sys/contrib/pf/net/if_pfsync.c
projects/pf/head/sys/contrib/pf/net/pf.c
projects/pf/head/sys/contrib/pf/net/pf_ioctl.c
projects/pf/head/sys/contrib/pf/net/pfvar.h
Modified: projects/pf/head/sys/contrib/pf/net/if_pfsync.c
==============================================================================
--- projects/pf/head/sys/contrib/pf/net/if_pfsync.c Thu Mar 1 14:39:01 2012 (r232339)
+++ projects/pf/head/sys/contrib/pf/net/if_pfsync.c Thu Mar 1 14:42:06 2012 (r232340)
@@ -682,9 +682,8 @@ pfsync_in_clr(struct pfsync_pkt *pkt, st
int len = sizeof(*clr) * count;
int i, offp;
- struct pf_state *st, *nexts;
+ struct pf_state *si, *st, *nexts;
struct pf_state_key *sk, *nextsk;
- struct pf_state_item *si;
u_int32_t creatorid;
mp = m_pulldown(m, offset, len, &offp);
@@ -716,11 +715,11 @@ pfsync_in_clr(struct pfsync_pkt *pkt, st
sk; sk = nextsk) {
nextsk = RB_NEXT(pf_state_tree,
&V_pf_statetbl, sk);
- TAILQ_FOREACH(si, &sk->states, entry) {
- if (si->s->creatorid == creatorid) {
- SET(si->s->state_flags,
+ TAILQ_FOREACH(si, &sk->states, key_list) {
+ if (si->creatorid == creatorid) {
+ SET(si->state_flags,
PFSTATE_NOSYNC);
- pf_unlink_state(si->s);
+ pf_unlink_state(si);
}
}
}
Modified: projects/pf/head/sys/contrib/pf/net/pf.c
==============================================================================
--- projects/pf/head/sys/contrib/pf/net/pf.c Thu Mar 1 14:39:01 2012 (r232339)
+++ projects/pf/head/sys/contrib/pf/net/pf.c Thu Mar 1 14:42:06 2012 (r232340)
@@ -160,7 +160,6 @@ VNET_DEFINE(uma_zone_t, pf_rule_pl);
VNET_DEFINE(uma_zone_t, pf_pooladdr_pl);
VNET_DEFINE(uma_zone_t, pf_state_pl);
VNET_DEFINE(uma_zone_t, pf_state_key_pl);
-VNET_DEFINE(uma_zone_t, pf_state_item_pl);
VNET_DEFINE(uma_zone_t, pf_altq_pl);
static void pf_src_tree_remove_state(struct pf_state *);
@@ -678,24 +677,23 @@ pf_state_compare_id(struct pf_state *a,
static int
pf_state_key_attach(struct pf_state_key *sk, struct pf_state *s, int idx)
{
- struct pf_state_item *si;
struct pf_state_key *cur;
- struct pf_state *olds = NULL;
+ struct pf_state *si, *olds = NULL;
KASSERT(s->key[idx] == NULL, ("%s: key is null!", __func__));
if ((cur = RB_INSERT(pf_state_tree, &V_pf_statetbl, sk)) != NULL) {
/* key exists. check for same kif, if none, add to key */
- TAILQ_FOREACH(si, &cur->states, entry)
- if (si->s->kif == s->kif &&
- si->s->direction == s->direction) {
+ TAILQ_FOREACH(si, &cur->states, key_list)
+ if (si->kif == s->kif &&
+ si->direction == s->direction) {
if (sk->proto == IPPROTO_TCP &&
- si->s->src.state >= TCPS_FIN_WAIT_2 &&
- si->s->dst.state >= TCPS_FIN_WAIT_2) {
- si->s->src.state = si->s->dst.state =
+ si->src.state >= TCPS_FIN_WAIT_2 &&
+ si->dst.state >= TCPS_FIN_WAIT_2) {
+ si->src.state = si->dst.state =
TCPS_CLOSED;
/* unlink late or sks can go away */
- olds = si->s;
+ olds = si;
} else {
if (V_pf_status.debug >= PF_DEBUG_MISC) {
printf("pf: %s key attach "
@@ -709,7 +707,7 @@ pf_state_key_attach(struct pf_state_key
(idx == PF_SK_STACK) ?
sk : NULL);
printf(", existing: ");
- pf_print_state_parts(si->s,
+ pf_print_state_parts(si,
(idx == PF_SK_WIRE) ?
sk : NULL,
(idx == PF_SK_STACK) ?
@@ -725,17 +723,11 @@ pf_state_key_attach(struct pf_state_key
} else
s->key[idx] = sk;
- if ((si = uma_zalloc(V_pf_state_item_pl, M_NOWAIT)) == NULL) {
- pf_state_key_detach(s, idx);
- return (-1);
- }
- si->s = s;
-
/* list is sorted, if-bound states before floating */
if (s->kif == V_pfi_all)
- TAILQ_INSERT_TAIL(&s->key[idx]->states, si, entry);
+ TAILQ_INSERT_TAIL(&s->key[idx]->states, s, key_list);
else
- TAILQ_INSERT_HEAD(&s->key[idx]->states, si, entry);
+ TAILQ_INSERT_HEAD(&s->key[idx]->states, s, key_list);
if (olds)
pf_unlink_state(olds);
@@ -759,22 +751,19 @@ pf_detach_state(struct pf_state *s)
static void
pf_state_key_detach(struct pf_state *s, int idx)
{
- struct pf_state_item *si;
+ struct pf_state *si;
si = TAILQ_FIRST(&s->key[idx]->states);
- while (si && si->s != s)
- si = TAILQ_NEXT(si, entry);
+ while (si && si != s)
+ si = TAILQ_NEXT(si, key_list);
- if (si) {
- TAILQ_REMOVE(&s->key[idx]->states, si, entry);
- uma_zfree(V_pf_state_item_pl, si);
- }
+ if (si)
+ TAILQ_REMOVE(&s->key[idx]->states, si, key_list);
if (TAILQ_EMPTY(&s->key[idx]->states)) {
RB_REMOVE(pf_state_tree, &V_pf_statetbl, s->key[idx]);
if (s->key[idx]->reverse)
s->key[idx]->reverse->reverse = NULL;
- /* XXX: implement this */
uma_zfree(V_pf_state_key_pl, s->key[idx]);
}
s->key[idx] = NULL;
@@ -927,7 +916,7 @@ pf_find_state(struct pfi_kif *kif, struc
struct mbuf *m, struct pf_mtag *pftag)
{
struct pf_state_key *sk;
- struct pf_state_item *si;
+ struct pf_state *si;
V_pf_status.fcounters[FCNT_STATE_SEARCH]++;
@@ -951,11 +940,11 @@ pf_find_state(struct pfi_kif *kif, struc
pftag->statekey = NULL;
/* list is sorted, if-bound states before floating ones */
- TAILQ_FOREACH(si, &sk->states, entry)
- if ((si->s->kif == V_pfi_all || si->s->kif == kif) &&
- sk == (dir == PF_IN ? si->s->key[PF_SK_WIRE] :
- si->s->key[PF_SK_STACK]))
- return (si->s);
+ TAILQ_FOREACH(si, &sk->states, key_list)
+ if ((si->kif == V_pfi_all || si->kif == kif) &&
+ sk == (dir == PF_IN ? si->key[PF_SK_WIRE] :
+ si->key[PF_SK_STACK]))
+ return (si);
return (NULL);
}
@@ -964,26 +953,27 @@ struct pf_state *
pf_find_state_all(struct pf_state_key_cmp *key, u_int dir, int *more)
{
struct pf_state_key *sk;
- struct pf_state_item *si, *ret = NULL;
+ struct pf_state *s, *ret = NULL;
V_pf_status.fcounters[FCNT_STATE_SEARCH]++;
sk = RB_FIND(pf_state_tree, &V_pf_statetbl, (struct pf_state_key *)key);
if (sk != NULL) {
- TAILQ_FOREACH(si, &sk->states, entry)
+ TAILQ_FOREACH(s, &sk->states, key_list)
if (dir == PF_INOUT ||
- (sk == (dir == PF_IN ? si->s->key[PF_SK_WIRE] :
- si->s->key[PF_SK_STACK]))) {
+ (sk == (dir == PF_IN ? s->key[PF_SK_WIRE] :
+ s->key[PF_SK_STACK]))) {
if (more == NULL)
- return (si->s);
+ return (s);
if (ret)
(*more)++;
else
- ret = si;
+ ret = s;
}
}
- return (ret ? ret->s : NULL);
+
+ return (ret);
}
/* END state table stuff */
@@ -1157,9 +1147,6 @@ pf_src_tree_remove_state(struct pf_state
void
pf_unlink_state(struct pf_state *cur)
{
- if (cur->local_flags & PFSTATE_EXPIRING)
- return;
- cur->local_flags |= PFSTATE_EXPIRING;
if (cur->src.state == PF_TCPS_PROXY_DST) {
/* XXX wire key the right one? */
@@ -2206,6 +2193,8 @@ pf_step_into_anchor(int *depth, struct p
{
struct pf_anchor_stackframe *f;
+ PF_RULES_RASSERT();
+
(*r)->anchor->match = 0;
if (match)
*match = 0;
@@ -2242,6 +2231,8 @@ pf_step_out_of_anchor(int *depth, struct
struct pf_anchor_stackframe *f;
int quick = 0;
+ PF_RULES_RASSERT();
+
do {
if (*depth <= 0)
break;
@@ -3280,6 +3271,8 @@ pf_test_fragment(struct pf_rule **rm, in
int asd = 0;
int match = 0;
+ PF_RULES_RASSERT();
+
r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_FILTER].active.ptr);
while (r != NULL) {
r->evaluations++;
Modified: projects/pf/head/sys/contrib/pf/net/pf_ioctl.c
==============================================================================
--- projects/pf/head/sys/contrib/pf/net/pf_ioctl.c Thu Mar 1 14:39:01 2012 (r232339)
+++ projects/pf/head/sys/contrib/pf/net/pf_ioctl.c Thu Mar 1 14:42:06 2012 (r232340)
@@ -257,7 +257,6 @@ cleanup_pf_zone(void)
uma_zdestroy(V_pf_rule_pl);
uma_zdestroy(V_pf_state_pl);
uma_zdestroy(V_pf_state_key_pl);
- uma_zdestroy(V_pf_state_item_pl);
uma_zdestroy(V_pf_altq_pl);
uma_zdestroy(V_pf_pooladdr_pl);
uma_zdestroy(V_pfr_ktable_pl);
@@ -279,9 +278,6 @@ pfattach(void)
V_pf_state_key_pl = uma_zcreate("pfstatekeypl",
sizeof(struct pf_state_key), NULL, NULL, NULL, NULL,UMA_ALIGN_PTR,
0);
- V_pf_state_item_pl = uma_zcreate("pfstateitempl",
- sizeof(struct pf_state_item), NULL, NULL, NULL, NULL,
- UMA_ALIGN_PTR, 0);
V_pf_altq_pl = uma_zcreate("pfaltqpl", sizeof(struct pf_altq),
NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
V_pf_pooladdr_pl = uma_zcreate("pfpooladdrpl",
Modified: projects/pf/head/sys/contrib/pf/net/pfvar.h
==============================================================================
--- projects/pf/head/sys/contrib/pf/net/pfvar.h Thu Mar 1 14:39:01 2012 (r232339)
+++ projects/pf/head/sys/contrib/pf/net/pfvar.h Thu Mar 1 14:42:06 2012 (r232340)
@@ -764,13 +764,6 @@ struct pf_state_key_cmp {
u_int8_t pad[2];
};
-struct pf_state_item {
- TAILQ_ENTRY(pf_state_item) entry;
- struct pf_state *s;
-};
-
-TAILQ_HEAD(pf_statelisthead, pf_state_item);
-
struct pf_state_key {
struct pf_addr addr[2];
u_int16_t port[2];
@@ -779,7 +772,7 @@ struct pf_state_key {
u_int8_t pad[2];
RB_ENTRY(pf_state_key) entry;
- struct pf_statelisthead states;
+ TAILQ_HEAD(, pf_state) states;
struct pf_state_key *reverse;
struct inpcb *inp;
};
@@ -797,11 +790,9 @@ struct pf_state {
u_int32_t creatorid;
u_int8_t direction;
u_int8_t pad[2];
- u_int8_t local_flags;
-#define PFSTATE_EXPIRING 0x01
-
TAILQ_ENTRY(pf_state) sync_list;
TAILQ_ENTRY(pf_state) entry_list;
+ TAILQ_ENTRY(pf_state) key_list;
RB_ENTRY(pf_state) entry_id;
struct pf_state_peer src;
struct pf_state_peer dst;
@@ -882,9 +873,7 @@ struct pfsync_state {
sa_family_t af;
u_int8_t proto;
u_int8_t direction;
- u_int8_t local_flags;
-#define PFSTATE_EXPIRING 0x01
-
+ u_int8_t __spare;
u_int8_t log;
u_int8_t state_flags;
u_int8_t timeout;
@@ -1766,8 +1755,6 @@ VNET_DECLARE(uma_zone_t, pf_state_pl);
#define V_pf_state_pl VNET(pf_state_pl)
VNET_DECLARE(uma_zone_t, pf_state_key_pl);
#define V_pf_state_key_pl VNET(pf_state_key_pl)
-VNET_DECLARE(uma_zone_t, pf_state_item_pl);
-#define V_pf_state_item_pl VNET(pf_state_item_pl)
VNET_DECLARE(uma_zone_t, pf_altq_pl);
#define V_pf_altq_pl VNET(pf_altq_pl)
VNET_DECLARE(uma_zone_t, pf_pooladdr_pl);
More information about the svn-src-projects
mailing list