svn commit: r197936 - in user/eri/pf45/head/sys: contrib/pf/net i386/conf

Ermal Luçi eri at FreeBSD.org
Sat Oct 10 17:41:17 UTC 2009 

Author: eri
Date: Sat Oct 10 17:41:16 2009
New Revision: 197936
URL: http://svn.freebsd.org/changeset/base/197936

Log:
  * Make possible that pfsync(4) can be loaded as module.
  * Fix typos which unbreaks GENERIC builds.
  
  NOTE: As of now pf 4.5 is working on FreeBSD 8+.

Modified:
  user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c
  user/eri/pf45/head/sys/contrib/pf/net/pf.c
  user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c
  user/eri/pf45/head/sys/contrib/pf/net/pfvar.h
  user/eri/pf45/head/sys/i386/conf/GENERIC

Modified: user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c
==============================================================================
--- user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c	Sat Oct 10 16:08:05 2009	(r197935)
+++ user/eri/pf45/head/sys/contrib/pf/net/if_pfsync.c	Sat Oct 10 17:41:16 2009	(r197936)
@@ -308,13 +308,6 @@ SYSCTL_STRUCT(_net_inet_pfsync, 0, stats
     "PFSYNC statistics (struct pfsyncstats, net/if_pfsync.h)");
 #endif
 
-/* Macros to set/clear/test flags. */
-#ifdef _KERNEL
-#define SET(t, f)       ((t) |= (f))
-#define CLR(t, f)       ((t) &= ~(f))
-#define ISSET(t, f)     ((t) & (f))
-#endif
-
 static void	pfsyncintr(void *);
 struct pfsync_swi {
 	void *	pfsync_swi_cookie;
@@ -2604,7 +2597,7 @@ pfsync_q_ins(struct pf_state *st, int q)
 
 #ifdef __FreeBSD__
 	KASSERT(st->sync_state == PFSYNC_S_NONE,
-		("%s: st->sync_state == PFSYNC_S_NONE" __FUNCITON__));
+		("%s: st->sync_state == PFSYNC_S_NONE", __FUNCTION__));
 #else
 	KASSERT(st->sync_state == PFSYNC_S_NONE);
 #endif
@@ -2647,7 +2640,7 @@ pfsync_q_del(struct pf_state *st)
 
 #ifdef __FreeBSD__
 	KASSERT(st->sync_state != PFSYNC_S_NONE, 
-		("%s: st->sync_state != PFSYNC_S_NONE", __FUNCTION));
+		("%s: st->sync_state != PFSYNC_S_NONE", __FUNCTION__));
 #else
 	KASSERT(st->sync_state != PFSYNC_S_NONE);
 #endif
@@ -3049,6 +3042,12 @@ pfsync_modevent(module_t mod, int type, 
  			panic("%s: swi_add %d", __func__, error);
 		
 		pfsync_state_import_ptr = pfsync_state_import;
+		pfsync_up_ptr = pfsync_up;
+		pfsync_insert_state_ptr = pfsync_insert_state;
+		pfsync_update_state_ptr = pfsync_update_state;
+		pfsync_delete_state_ptr = pfsync_delete_state;
+		pfsync_clear_states_ptr = pfsync_clear_states;
+		pfsync_defer_ptr = pfsync_defer;
 #endif
 		break;
 	case MOD_UNLOAD:
@@ -3056,6 +3055,12 @@ pfsync_modevent(module_t mod, int type, 
 		swi_remove(pfsync_swi.pfsync_swi_cookie);
 		
 		pfsync_state_import_ptr = NULL;
+                pfsync_up_ptr = NULL;
+                pfsync_insert_state_ptr = NULL;
+                pfsync_update_state_ptr = NULL;
+                pfsync_delete_state_ptr = NULL;
+                pfsync_clear_states_ptr = NULL;
+		pfsync_defer_ptr = NULL;
 #endif
 		if_clone_detach(&pfsync_cloner);
 		break;

Modified: user/eri/pf45/head/sys/contrib/pf/net/pf.c
==============================================================================
--- user/eri/pf45/head/sys/contrib/pf/net/pf.c	Sat Oct 10 16:08:05 2009	(r197935)
+++ user/eri/pf45/head/sys/contrib/pf/net/pf.c	Sat Oct 10 17:41:16 2009	(r197936)
@@ -973,8 +973,13 @@ pf_state_insert(struct pfi_kif *kif, str
 	pf_status.states++;
 	pfi_kif_ref(kif, PFI_KIF_REF_STATE);
 #if NPFSYNC > 0
+#ifdef __FreeBSD__
+	if (pfsync_insert_state_ptr != NULL)
+		pfsync_insert_state_ptr(s);
+#else
 	pfsync_insert_state(s);
 #endif
+#endif
 	return (0);
 }
 
@@ -1336,8 +1341,13 @@ pf_unlink_state(struct pf_state *cur)
 		export_pflow(cur);
 #endif
 #if NPFSYNC > 0
+#ifdef __FreeBSD__
+	if (pfsync_delete_state_ptr != NULL)
+		pfsync_delete_state_ptr(cur);
+#else
 	pfsync_delete_state(cur);
 #endif
+#endif
 	cur->timeout = PFTM_UNLINKED;
 	pf_src_tree_remove_state(cur);
 	pf_detach_state(cur);
@@ -3407,14 +3417,23 @@ pf_test_rule(struct pf_rule **rm, struct
 
 #if NPFSYNC > 0
 	if (*sm != NULL && !ISSET((*sm)->state_flags, PFSTATE_NOSYNC) &&
+#ifdef __FreeBSD__
+	    direction == PF_OUT && pfsync_up_ptr != NULL && pfsync_up_ptr()) {
+#else
 	    direction == PF_OUT && pfsync_up()) {
+#endif
 		/*
 		 * We want the state created, but we dont
 		 * want to send this in case a partner
 		 * firewall has to know about it to allow
 		 * replies through it.
 		 */
+#ifdef __FreeBSD__
+		if (pfsync_defer_ptr != NULL)
+			pfsync_defer(*sm, m);
+#else
 		if (pfsync_defer(*sm, m))
+#endif
 			return (PF_DEFER);
 	}
 #endif
@@ -6293,7 +6312,12 @@ pf_test(int dir, struct ifnet *ifp, stru
 		    &reason);
 		if (action == PF_PASS) {
 #if NPFSYNC > 0
+#ifdef __FreeBSD__
+			if (pfsync_update_state_ptr != NULL)
+				pfsync_update_state_ptr(s);
+#else
 			pfsync_update_state(s);
+#endif
 #endif /* NPFSYNC */
 			r = s->rule.ptr;
 			a = s->anchor.ptr;
@@ -6328,7 +6352,12 @@ pf_test(int dir, struct ifnet *ifp, stru
 		action = pf_test_state_udp(&s, dir, kif, m, off, h, &pd);
 		if (action == PF_PASS) {
 #if NPFSYNC > 0
+#ifdef __FreeBSD__
+                        if (pfsync_update_state_ptr != NULL)
+                                pfsync_update_state_ptr(s);
+#else
 			pfsync_update_state(s);
+#endif
 #endif /* NPFSYNC */
 			r = s->rule.ptr;
 			a = s->anchor.ptr;
@@ -6357,7 +6386,12 @@ pf_test(int dir, struct ifnet *ifp, stru
 		    &reason);
 		if (action == PF_PASS) {
 #if NPFSYNC > 0
+#ifdef __FreeBSD__
+                        if (pfsync_update_state_ptr != NULL)
+                                pfsync_update_state_ptr(s);
+#else
 			pfsync_update_state(s);
+#endif
 #endif /* NPFSYNC */
 			r = s->rule.ptr;
 			a = s->anchor.ptr;
@@ -6386,7 +6420,12 @@ pf_test(int dir, struct ifnet *ifp, stru
 		action = pf_test_state_other(&s, dir, kif, m, &pd);
 		if (action == PF_PASS) {
 #if NPFSYNC > 0
+#ifdef __FreeBSD__
+                        if (pfsync_update_state_ptr != NULL)
+                                pfsync_update_state_ptr(s);
+#else
 			pfsync_update_state(s);
+#endif
 #endif /* NPFSYNC */
 			r = s->rule.ptr;
 			a = s->anchor.ptr;
@@ -6761,7 +6800,12 @@ pf_test6(int dir, struct ifnet *ifp, str
 		    &reason);
 		if (action == PF_PASS) {
 #if NPFSYNC > 0
+#ifdef __FreeBSD__
+                        if (pfsync_update_state_ptr != NULL)
+                                pfsync_update_state_ptr(s);
+#else
 			pfsync_update_state(s);
+#endif
 #endif /* NPFSYNC */
 			r = s->rule.ptr;
 			a = s->anchor.ptr;
@@ -6796,7 +6840,12 @@ pf_test6(int dir, struct ifnet *ifp, str
 		action = pf_test_state_udp(&s, dir, kif, m, off, h, &pd);
 		if (action == PF_PASS) {
 #if NPFSYNC > 0
+#ifdef __FreeBSD__
+                        if (pfsync_update_state_ptr != NULL)
+                                pfsync_update_state_ptr(s);
+#else
 			pfsync_update_state(s);
+#endif
 #endif /* NPFSYNC */
 			r = s->rule.ptr;
 			a = s->anchor.ptr;
@@ -6832,7 +6881,12 @@ pf_test6(int dir, struct ifnet *ifp, str
 		    m, off, h, &pd, &reason);
 		if (action == PF_PASS) {
 #if NPFSYNC > 0
+#ifdef __FreeBSD__
+                        if (pfsync_update_state_ptr != NULL)
+                                pfsync_update_state_ptr(s);
+#else
 			pfsync_update_state(s);
+#endif
 #endif /* NPFSYNC */
 			r = s->rule.ptr;
 			a = s->anchor.ptr;
@@ -6852,7 +6906,12 @@ pf_test6(int dir, struct ifnet *ifp, str
 		action = pf_test_state_other(&s, dir, kif, m, &pd);
 		if (action == PF_PASS) {
 #if NPFSYNC > 0
+#ifdef __FreeBSD__
+                        if (pfsync_update_state_ptr != NULL)
+                                pfsync_update_state_ptr(s);
+#else
 			pfsync_update_state(s);
+#endif
 #endif /* NPFSYNC */
 			r = s->rule.ptr;
 			a = s->anchor.ptr;

Modified: user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c
==============================================================================
--- user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c	Sat Oct 10 16:08:05 2009	(r197935)
+++ user/eri/pf45/head/sys/contrib/pf/net/pf_ioctl.c	Sat Oct 10 17:41:16 2009	(r197936)
@@ -250,7 +250,13 @@ static struct cdevsw pf_cdevsw = {
  int pf_end_threads = 0;
  struct mtx pf_task_mtx;
  #ifdef __FreeBSD__
- pfsync_state_import_t	*pfsync_state_import_ptr = NULL;
+ pfsync_state_import_t  *pfsync_state_import_ptr = NULL;
+ pfsync_up_t		*pfsync_up_ptr = NULL;
+ pfsync_insert_state_t  *pfsync_insert_state_ptr = NULL;
+ pfsync_update_state_t  *pfsync_update_state_ptr = NULL;
+ pfsync_delete_state_t  *pfsync_delete_state_ptr = NULL;
+ pfsync_clear_states_t  *pfsync_clear_states_ptr = NULL;
+ pfsync_defer_t		*pfsync_defer_ptr = NULL;
  #if NPFLOG >0
  pflog_packet_t *pflog_packet_ptr = NULL;
  #endif
@@ -1991,8 +1997,13 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a
 		}
 		psk->psk_killed = killed;
 #if NPFSYNC > 0
+#ifdef __FreeBSD__
+		if (pfsync_clear_states_ptr != NULL)
+			pfsync_clear_states_ptr(pf_status.hostid, psk->psk_ifname);
+#else
 		pfsync_clear_states(pf_status.hostid, psk->psk_ifname);
 #endif
+#endif
 		break;
 	}
 
@@ -2072,7 +2083,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a
 		}
 #ifdef __FreeBSD__
 		if (pfsync_state_import_ptr != NULL)
-			pfsync_state_import_ptr(sp, PFSYNC_SI_IOCTL);
+			error = pfsync_state_import_ptr(sp, PFSYNC_SI_IOCTL);
 #else
 		error = pfsync_state_import(sp, PFSYNC_SI_IOCTL);
 #endif
@@ -3526,7 +3537,7 @@ pfsync_state_export(struct pfsync_state 
                 state->timeout = PFTM_PURGE;
  #if NPFSYNC
                 /* don't send out individual delete messages */
-                state->sync_flags = PFSTATE_NOSYNC;
+                state->state_flags = PFSTATE_NOSYNC;
  #endif
                 pf_unlink_state(state);
         }

Modified: user/eri/pf45/head/sys/contrib/pf/net/pfvar.h
==============================================================================
--- user/eri/pf45/head/sys/contrib/pf/net/pfvar.h	Sat Oct 10 16:08:05 2009	(r197935)
+++ user/eri/pf45/head/sys/contrib/pf/net/pfvar.h	Sat Oct 10 17:41:16 2009	(r197936)
@@ -828,7 +828,7 @@ struct pf_state {
 	u_int8_t		 direction;
 #ifdef __FreeBSD__
 	u_int8_t		 pad[2];
-	u_int8_t	 local_flags;
+	u_int8_t		 local_flags;
 #define	PFSTATE_EXPIRING 0x01
 #else
 	u_int8_t		 pad[3];
@@ -930,9 +930,30 @@ struct pfsync_state {
 
 #ifdef __FreeBSD__
 typedef int     	pfsync_state_import_t(struct pfsync_state *, u_int8_t);
-extern pfsync_state_import_t  *pfsync_state_import_ptr;
+typedef	int		pfsync_up_t(void);
+typedef	void		pfsync_insert_state_t(struct pf_state *);
+typedef	void		pfsync_update_state_t(struct pf_state *);
+typedef	void		pfsync_delete_state_t(struct pf_state *);
+typedef void		pfsync_clear_states_t(u_int32_t, const char *);
+typedef int		pfsync_defer_t(struct pf_state *, struct mbuf *);
+
+extern pfsync_state_import_t	*pfsync_state_import_ptr;
+extern pfsync_up_t		*pfsync_up_ptr;
+extern pfsync_insert_state_t	*pfsync_insert_state_ptr;
+extern pfsync_update_state_t	*pfsync_update_state_ptr;
+extern pfsync_delete_state_t	*pfsync_delete_state_ptr;
+extern pfsync_clear_states_t	*pfsync_clear_states_ptr;
+extern pfsync_defer_t		*pfsync_defer_ptr;
+
 void                    pfsync_state_export(struct pfsync_state *,
                             struct pf_state *);
+
+/* Macros to set/clear/test flags. */
+#ifdef _KERNEL
+#define SET(t, f)       ((t) |= (f))
+#define CLR(t, f)       ((t) &= ~(f))
+#define ISSET(t, f)     ((t) & (f))
+#endif
 #endif
 
 #define PFSYNC_FLAG_SRCNODE	0x04

Modified: user/eri/pf45/head/sys/i386/conf/GENERIC
==============================================================================
--- user/eri/pf45/head/sys/i386/conf/GENERIC	Sat Oct 10 16:08:05 2009	(r197935)
+++ user/eri/pf45/head/sys/i386/conf/GENERIC	Sat Oct 10 17:41:16 2009	(r197936)
@@ -97,8 +97,6 @@ device		acpi
 device		eisa
 device		pci
 
-device		pfsync
-
 # Floppy drives
 device		fdc

More information about the svn-src-user mailing list