Page Menu
Home
FreeBSD
Search
Configure Global Search
Log In
Files
F102104013
D46590.id143178.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Flag For Later
Award Token
Size
8 KB
Referenced Files
None
Subscribers
None
D46590.id143178.diff
View Options
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -376,6 +376,10 @@
const struct pf_state_key_cmp *, u_int);
static int pf_src_connlimit(struct pf_kstate **);
static int pf_match_rcvif(struct mbuf *, struct pf_krule *);
+static void pf_counters_inc(int,
+ struct pf_pdesc *, struct pfi_kkif *,
+ struct pf_kstate *, struct pf_krule *,
+ struct pf_krule *);
static void pf_overload_task(void *v, int pending);
static u_short pf_insert_src_node(struct pf_ksrc_node **,
struct pf_krule *, struct pf_addr *, sa_family_t);
@@ -8843,6 +8847,85 @@
return (0);
}
+static void
+pf_counters_inc(int action, struct pf_pdesc *pd,
+ struct pfi_kkif *kif, struct pf_kstate *s,
+ struct pf_krule *r, struct pf_krule *a)
+{
+ struct pf_krule *tr, *nr;
+ int dir = pd->dir;
+ int dirndx;
+
+ pf_counter_u64_critical_enter();
+ pf_counter_u64_add_protected(
+ &kif->pfik_bytes[pd->af == AF_INET6][dir == PF_OUT][action != PF_PASS],
+ pd->tot_len);
+ pf_counter_u64_add_protected(
+ &kif->pfik_packets[pd->af == AF_INET6][dir == PF_OUT][action != PF_PASS],
+ 1);
+
+ if (action == PF_PASS || r->action == PF_DROP) {
+ dirndx = (dir == PF_OUT);
+ pf_counter_u64_add_protected(&r->packets[dirndx], 1);
+ pf_counter_u64_add_protected(&r->bytes[dirndx], pd->tot_len);
+ pf_update_timestamp(r);
+
+ if (a != NULL) {
+ pf_counter_u64_add_protected(&a->packets[dirndx], 1);
+ pf_counter_u64_add_protected(&a->bytes[dirndx], pd->tot_len);
+ }
+ if (s != NULL) {
+ struct pf_krule_item *ri;
+
+ if (s->nat_rule.ptr != NULL) {
+ pf_counter_u64_add_protected(&s->nat_rule.ptr->packets[dirndx],
+ 1);
+ pf_counter_u64_add_protected(&s->nat_rule.ptr->bytes[dirndx],
+ pd->tot_len);
+ }
+ if (s->src_node != NULL) {
+ counter_u64_add(s->src_node->packets[dirndx],
+ 1);
+ counter_u64_add(s->src_node->bytes[dirndx],
+ pd->tot_len);
+ }
+ if (s->nat_src_node != NULL) {
+ counter_u64_add(s->nat_src_node->packets[dirndx],
+ 1);
+ counter_u64_add(s->nat_src_node->bytes[dirndx],
+ pd->tot_len);
+ }
+ dirndx = (dir == s->direction) ? 0 : 1;
+ s->packets[dirndx]++;
+ s->bytes[dirndx] += pd->tot_len;
+
+ SLIST_FOREACH(ri, &s->match_rules, entry) {
+ pf_counter_u64_add_protected(&ri->r->packets[dirndx], 1);
+ pf_counter_u64_add_protected(&ri->r->bytes[dirndx], pd->tot_len);
+ }
+ }
+ tr = r;
+ nr = (s != NULL) ? s->nat_rule.ptr : pd->nat_rule;
+ if (nr != NULL && r == &V_pf_default_rule)
+ tr = nr;
+ if (tr->src.addr.type == PF_ADDR_TABLE)
+ pfr_update_stats(tr->src.addr.p.tbl,
+ (s == NULL) ? pd->src :
+ &s->key[(s->direction == PF_IN)]->
+ addr[(s->direction == PF_OUT)],
+ pd->af, pd->tot_len, dir == PF_OUT,
+ r->action == PF_PASS, tr->src.neg);
+ if (tr->dst.addr.type == PF_ADDR_TABLE)
+ pfr_update_stats(tr->dst.addr.p.tbl,
+ (s == NULL) ? pd->dst :
+ &s->key[(s->direction == PF_IN)]->
+ addr[(s->direction == PF_IN)],
+ pd->af, pd->tot_len, dir == PF_OUT,
+ r->action == PF_PASS, tr->dst.neg);
+ }
+ pf_counter_u64_critical_exit();
+}
+
#ifdef INET
int
pf_test(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0,
@@ -8853,11 +8936,11 @@
struct mbuf *m = *m0;
struct ip *h = NULL;
struct m_tag *mtag;
- struct pf_krule *a = NULL, *r = &V_pf_default_rule, *tr, *nr;
+ struct pf_krule *a = NULL, *r = &V_pf_default_rule;
struct pf_kstate *s = NULL;
struct pf_kruleset *ruleset = NULL;
struct pf_pdesc pd;
- int off, hdrlen, dirndx, use_2nd_queue = 0;
+ int off, hdrlen, use_2nd_queue = 0;
uint16_t tag;
uint8_t rt;
@@ -9245,71 +9328,7 @@
}
}
- pf_counter_u64_critical_enter();
- pf_counter_u64_add_protected(&kif->pfik_bytes[0][dir == PF_OUT][action != PF_PASS],
- pd.tot_len);
- pf_counter_u64_add_protected(&kif->pfik_packets[0][dir == PF_OUT][action != PF_PASS],
- 1);
-
- if (action == PF_PASS || r->action == PF_DROP) {
- dirndx = (dir == PF_OUT);
- pf_counter_u64_add_protected(&r->packets[dirndx], 1);
- pf_counter_u64_add_protected(&r->bytes[dirndx], pd.tot_len);
- pf_update_timestamp(r);
-
- if (a != NULL) {
- pf_counter_u64_add_protected(&a->packets[dirndx], 1);
- pf_counter_u64_add_protected(&a->bytes[dirndx], pd.tot_len);
- }
- if (s != NULL) {
- struct pf_krule_item *ri;
-
- if (s->nat_rule.ptr != NULL) {
- pf_counter_u64_add_protected(&s->nat_rule.ptr->packets[dirndx],
- 1);
- pf_counter_u64_add_protected(&s->nat_rule.ptr->bytes[dirndx],
- pd.tot_len);
- }
- if (s->src_node != NULL) {
- counter_u64_add(s->src_node->packets[dirndx],
- 1);
- counter_u64_add(s->src_node->bytes[dirndx],
- pd.tot_len);
- }
- if (s->nat_src_node != NULL) {
- counter_u64_add(s->nat_src_node->packets[dirndx],
- 1);
- counter_u64_add(s->nat_src_node->bytes[dirndx],
- pd.tot_len);
- }
- dirndx = (dir == s->direction) ? 0 : 1;
- s->packets[dirndx]++;
- s->bytes[dirndx] += pd.tot_len;
- SLIST_FOREACH(ri, &s->match_rules, entry) {
- pf_counter_u64_add_protected(&ri->r->packets[dirndx], 1);
- pf_counter_u64_add_protected(&ri->r->bytes[dirndx], pd.tot_len);
- }
- }
- tr = r;
- nr = (s != NULL) ? s->nat_rule.ptr : pd.nat_rule;
- if (nr != NULL && r == &V_pf_default_rule)
- tr = nr;
- if (tr->src.addr.type == PF_ADDR_TABLE)
- pfr_update_stats(tr->src.addr.p.tbl,
- (s == NULL) ? pd.src :
- &s->key[(s->direction == PF_IN)]->
- addr[(s->direction == PF_OUT)],
- pd.af, pd.tot_len, dir == PF_OUT,
- r->action == PF_PASS, tr->src.neg);
- if (tr->dst.addr.type == PF_ADDR_TABLE)
- pfr_update_stats(tr->dst.addr.p.tbl,
- (s == NULL) ? pd.dst :
- &s->key[(s->direction == PF_IN)]->
- addr[(s->direction == PF_IN)],
- pd.af, pd.tot_len, dir == PF_OUT,
- r->action == PF_PASS, tr->dst.neg);
- }
- pf_counter_u64_critical_exit();
+ pf_counters_inc(action, &pd, kif, s, r, a);
switch (action) {
case PF_SYNPROXY_DROP:
@@ -9364,11 +9383,11 @@
struct mbuf *m = *m0, *n = NULL;
struct m_tag *mtag;
struct ip6_hdr *h = NULL;
- struct pf_krule *a = NULL, *r = &V_pf_default_rule, *tr, *nr;
+ struct pf_krule *a = NULL, *r = &V_pf_default_rule;
struct pf_kstate *s = NULL;
struct pf_kruleset *ruleset = NULL;
struct pf_pdesc pd;
- int off, hdrlen, dirndx, use_2nd_queue = 0;
+ int off, hdrlen, use_2nd_queue = 0;
uint16_t tag;
uint8_t rt;
@@ -9708,61 +9727,7 @@
}
}
- pf_counter_u64_critical_enter();
- pf_counter_u64_add_protected(&kif->pfik_bytes[1][dir == PF_OUT][action != PF_PASS],
- pd.tot_len);
- pf_counter_u64_add_protected(&kif->pfik_packets[1][dir == PF_OUT][action != PF_PASS],
- 1);
-
- if (action == PF_PASS || r->action == PF_DROP) {
- dirndx = (dir == PF_OUT);
- pf_counter_u64_add_protected(&r->packets[dirndx], 1);
- pf_counter_u64_add_protected(&r->bytes[dirndx], pd.tot_len);
- if (a != NULL) {
- pf_counter_u64_add_protected(&a->packets[dirndx], 1);
- pf_counter_u64_add_protected(&a->bytes[dirndx], pd.tot_len);
- }
- if (s != NULL) {
- if (s->nat_rule.ptr != NULL) {
- pf_counter_u64_add_protected(&s->nat_rule.ptr->packets[dirndx],
- 1);
- pf_counter_u64_add_protected(&s->nat_rule.ptr->bytes[dirndx],
- pd.tot_len);
- }
- if (s->src_node != NULL) {
- counter_u64_add(s->src_node->packets[dirndx],
- 1);
- counter_u64_add(s->src_node->bytes[dirndx],
- pd.tot_len);
- }
- if (s->nat_src_node != NULL) {
- counter_u64_add(s->nat_src_node->packets[dirndx],
- 1);
- counter_u64_add(s->nat_src_node->bytes[dirndx],
- pd.tot_len);
- }
- dirndx = (dir == s->direction) ? 0 : 1;
- s->packets[dirndx]++;
- s->bytes[dirndx] += pd.tot_len;
- }
- tr = r;
- nr = (s != NULL) ? s->nat_rule.ptr : pd.nat_rule;
- if (nr != NULL && r == &V_pf_default_rule)
- tr = nr;
- if (tr->src.addr.type == PF_ADDR_TABLE)
- pfr_update_stats(tr->src.addr.p.tbl,
- (s == NULL) ? pd.src :
- &s->key[(s->direction == PF_IN)]->addr[0],
- pd.af, pd.tot_len, dir == PF_OUT,
- r->action == PF_PASS, tr->src.neg);
- if (tr->dst.addr.type == PF_ADDR_TABLE)
- pfr_update_stats(tr->dst.addr.p.tbl,
- (s == NULL) ? pd.dst :
- &s->key[(s->direction == PF_IN)]->addr[1],
- pd.af, pd.tot_len, dir == PF_OUT,
- r->action == PF_PASS, tr->dst.neg);
- }
- pf_counter_u64_critical_exit();
+ pf_counters_inc(action, &pd, kif, s, r, a);
switch (action) {
case PF_SYNPROXY_DROP:
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Fri, Nov 8, 4:07 PM (14 h, 29 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
11616579
Default Alt Text
D46590.id143178.diff (8 KB)
Attached To
Mode
D46590: pf: factor out rule counter update code
Attached
Detach File
Event Timeline
Log In to Comment