Page MenuHomeFreeBSD

D46590.id143178.diff
No OneTemporary

D46590.id143178.diff

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -376,6 +376,10 @@
const struct pf_state_key_cmp *, u_int);
static int pf_src_connlimit(struct pf_kstate **);
static int pf_match_rcvif(struct mbuf *, struct pf_krule *);
+static void pf_counters_inc(int,
+ struct pf_pdesc *, struct pfi_kkif *,
+ struct pf_kstate *, struct pf_krule *,
+ struct pf_krule *);
static void pf_overload_task(void *v, int pending);
static u_short pf_insert_src_node(struct pf_ksrc_node **,
struct pf_krule *, struct pf_addr *, sa_family_t);
@@ -8843,6 +8847,85 @@
return (0);
}
+static void
+pf_counters_inc(int action, struct pf_pdesc *pd,
+ struct pfi_kkif *kif, struct pf_kstate *s,
+ struct pf_krule *r, struct pf_krule *a)
+{
+ struct pf_krule *tr, *nr;
+ int dir = pd->dir;
+ int dirndx;
+
+ pf_counter_u64_critical_enter();
+ pf_counter_u64_add_protected(
+ &kif->pfik_bytes[pd->af == AF_INET6][dir == PF_OUT][action != PF_PASS],
+ pd->tot_len);
+ pf_counter_u64_add_protected(
+ &kif->pfik_packets[pd->af == AF_INET6][dir == PF_OUT][action != PF_PASS],
+ 1);
+
+ if (action == PF_PASS || r->action == PF_DROP) {
+ dirndx = (dir == PF_OUT);
+ pf_counter_u64_add_protected(&r->packets[dirndx], 1);
+ pf_counter_u64_add_protected(&r->bytes[dirndx], pd->tot_len);
+ pf_update_timestamp(r);
+
+ if (a != NULL) {
+ pf_counter_u64_add_protected(&a->packets[dirndx], 1);
+ pf_counter_u64_add_protected(&a->bytes[dirndx], pd->tot_len);
+ }
+ if (s != NULL) {
+ struct pf_krule_item *ri;
+
+ if (s->nat_rule.ptr != NULL) {
+ pf_counter_u64_add_protected(&s->nat_rule.ptr->packets[dirndx],
+ 1);
+ pf_counter_u64_add_protected(&s->nat_rule.ptr->bytes[dirndx],
+ pd->tot_len);
+ }
+ if (s->src_node != NULL) {
+ counter_u64_add(s->src_node->packets[dirndx],
+ 1);
+ counter_u64_add(s->src_node->bytes[dirndx],
+ pd->tot_len);
+ }
+ if (s->nat_src_node != NULL) {
+ counter_u64_add(s->nat_src_node->packets[dirndx],
+ 1);
+ counter_u64_add(s->nat_src_node->bytes[dirndx],
+ pd->tot_len);
+ }
+ dirndx = (dir == s->direction) ? 0 : 1;
+ s->packets[dirndx]++;
+ s->bytes[dirndx] += pd->tot_len;
+
+ SLIST_FOREACH(ri, &s->match_rules, entry) {
+ pf_counter_u64_add_protected(&ri->r->packets[dirndx], 1);
+ pf_counter_u64_add_protected(&ri->r->bytes[dirndx], pd->tot_len);
+ }
+ }
+ tr = r;
+ nr = (s != NULL) ? s->nat_rule.ptr : pd->nat_rule;
+ if (nr != NULL && r == &V_pf_default_rule)
+ tr = nr;
+ if (tr->src.addr.type == PF_ADDR_TABLE)
+ pfr_update_stats(tr->src.addr.p.tbl,
+ (s == NULL) ? pd->src :
+ &s->key[(s->direction == PF_IN)]->
+ addr[(s->direction == PF_OUT)],
+ pd->af, pd->tot_len, dir == PF_OUT,
+ r->action == PF_PASS, tr->src.neg);
+ if (tr->dst.addr.type == PF_ADDR_TABLE)
+ pfr_update_stats(tr->dst.addr.p.tbl,
+ (s == NULL) ? pd->dst :
+ &s->key[(s->direction == PF_IN)]->
+ addr[(s->direction == PF_IN)],
+ pd->af, pd->tot_len, dir == PF_OUT,
+ r->action == PF_PASS, tr->dst.neg);
+ }
+ pf_counter_u64_critical_exit();
+}
+
#ifdef INET
int
pf_test(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0,
@@ -8853,11 +8936,11 @@
struct mbuf *m = *m0;
struct ip *h = NULL;
struct m_tag *mtag;
- struct pf_krule *a = NULL, *r = &V_pf_default_rule, *tr, *nr;
+ struct pf_krule *a = NULL, *r = &V_pf_default_rule;
struct pf_kstate *s = NULL;
struct pf_kruleset *ruleset = NULL;
struct pf_pdesc pd;
- int off, hdrlen, dirndx, use_2nd_queue = 0;
+ int off, hdrlen, use_2nd_queue = 0;
uint16_t tag;
uint8_t rt;
@@ -9245,71 +9328,7 @@
}
}
- pf_counter_u64_critical_enter();
- pf_counter_u64_add_protected(&kif->pfik_bytes[0][dir == PF_OUT][action != PF_PASS],
- pd.tot_len);
- pf_counter_u64_add_protected(&kif->pfik_packets[0][dir == PF_OUT][action != PF_PASS],
- 1);
-
- if (action == PF_PASS || r->action == PF_DROP) {
- dirndx = (dir == PF_OUT);
- pf_counter_u64_add_protected(&r->packets[dirndx], 1);
- pf_counter_u64_add_protected(&r->bytes[dirndx], pd.tot_len);
- pf_update_timestamp(r);
-
- if (a != NULL) {
- pf_counter_u64_add_protected(&a->packets[dirndx], 1);
- pf_counter_u64_add_protected(&a->bytes[dirndx], pd.tot_len);
- }
- if (s != NULL) {
- struct pf_krule_item *ri;
-
- if (s->nat_rule.ptr != NULL) {
- pf_counter_u64_add_protected(&s->nat_rule.ptr->packets[dirndx],
- 1);
- pf_counter_u64_add_protected(&s->nat_rule.ptr->bytes[dirndx],
- pd.tot_len);
- }
- if (s->src_node != NULL) {
- counter_u64_add(s->src_node->packets[dirndx],
- 1);
- counter_u64_add(s->src_node->bytes[dirndx],
- pd.tot_len);
- }
- if (s->nat_src_node != NULL) {
- counter_u64_add(s->nat_src_node->packets[dirndx],
- 1);
- counter_u64_add(s->nat_src_node->bytes[dirndx],
- pd.tot_len);
- }
- dirndx = (dir == s->direction) ? 0 : 1;
- s->packets[dirndx]++;
- s->bytes[dirndx] += pd.tot_len;
- SLIST_FOREACH(ri, &s->match_rules, entry) {
- pf_counter_u64_add_protected(&ri->r->packets[dirndx], 1);
- pf_counter_u64_add_protected(&ri->r->bytes[dirndx], pd.tot_len);
- }
- }
- tr = r;
- nr = (s != NULL) ? s->nat_rule.ptr : pd.nat_rule;
- if (nr != NULL && r == &V_pf_default_rule)
- tr = nr;
- if (tr->src.addr.type == PF_ADDR_TABLE)
- pfr_update_stats(tr->src.addr.p.tbl,
- (s == NULL) ? pd.src :
- &s->key[(s->direction == PF_IN)]->
- addr[(s->direction == PF_OUT)],
- pd.af, pd.tot_len, dir == PF_OUT,
- r->action == PF_PASS, tr->src.neg);
- if (tr->dst.addr.type == PF_ADDR_TABLE)
- pfr_update_stats(tr->dst.addr.p.tbl,
- (s == NULL) ? pd.dst :
- &s->key[(s->direction == PF_IN)]->
- addr[(s->direction == PF_IN)],
- pd.af, pd.tot_len, dir == PF_OUT,
- r->action == PF_PASS, tr->dst.neg);
- }
- pf_counter_u64_critical_exit();
+ pf_counters_inc(action, &pd, kif, s, r, a);
switch (action) {
case PF_SYNPROXY_DROP:
@@ -9364,11 +9383,11 @@
struct mbuf *m = *m0, *n = NULL;
struct m_tag *mtag;
struct ip6_hdr *h = NULL;
- struct pf_krule *a = NULL, *r = &V_pf_default_rule, *tr, *nr;
+ struct pf_krule *a = NULL, *r = &V_pf_default_rule;
struct pf_kstate *s = NULL;
struct pf_kruleset *ruleset = NULL;
struct pf_pdesc pd;
- int off, hdrlen, dirndx, use_2nd_queue = 0;
+ int off, hdrlen, use_2nd_queue = 0;
uint16_t tag;
uint8_t rt;
@@ -9708,61 +9727,7 @@
}
}
- pf_counter_u64_critical_enter();
- pf_counter_u64_add_protected(&kif->pfik_bytes[1][dir == PF_OUT][action != PF_PASS],
- pd.tot_len);
- pf_counter_u64_add_protected(&kif->pfik_packets[1][dir == PF_OUT][action != PF_PASS],
- 1);
-
- if (action == PF_PASS || r->action == PF_DROP) {
- dirndx = (dir == PF_OUT);
- pf_counter_u64_add_protected(&r->packets[dirndx], 1);
- pf_counter_u64_add_protected(&r->bytes[dirndx], pd.tot_len);
- if (a != NULL) {
- pf_counter_u64_add_protected(&a->packets[dirndx], 1);
- pf_counter_u64_add_protected(&a->bytes[dirndx], pd.tot_len);
- }
- if (s != NULL) {
- if (s->nat_rule.ptr != NULL) {
- pf_counter_u64_add_protected(&s->nat_rule.ptr->packets[dirndx],
- 1);
- pf_counter_u64_add_protected(&s->nat_rule.ptr->bytes[dirndx],
- pd.tot_len);
- }
- if (s->src_node != NULL) {
- counter_u64_add(s->src_node->packets[dirndx],
- 1);
- counter_u64_add(s->src_node->bytes[dirndx],
- pd.tot_len);
- }
- if (s->nat_src_node != NULL) {
- counter_u64_add(s->nat_src_node->packets[dirndx],
- 1);
- counter_u64_add(s->nat_src_node->bytes[dirndx],
- pd.tot_len);
- }
- dirndx = (dir == s->direction) ? 0 : 1;
- s->packets[dirndx]++;
- s->bytes[dirndx] += pd.tot_len;
- }
- tr = r;
- nr = (s != NULL) ? s->nat_rule.ptr : pd.nat_rule;
- if (nr != NULL && r == &V_pf_default_rule)
- tr = nr;
- if (tr->src.addr.type == PF_ADDR_TABLE)
- pfr_update_stats(tr->src.addr.p.tbl,
- (s == NULL) ? pd.src :
- &s->key[(s->direction == PF_IN)]->addr[0],
- pd.af, pd.tot_len, dir == PF_OUT,
- r->action == PF_PASS, tr->src.neg);
- if (tr->dst.addr.type == PF_ADDR_TABLE)
- pfr_update_stats(tr->dst.addr.p.tbl,
- (s == NULL) ? pd.dst :
- &s->key[(s->direction == PF_IN)]->addr[1],
- pd.af, pd.tot_len, dir == PF_OUT,
- r->action == PF_PASS, tr->dst.neg);
- }
- pf_counter_u64_critical_exit();
+ pf_counters_inc(action, &pd, kif, s, r, a);
switch (action) {
case PF_SYNPROXY_DROP:

File Metadata

Mime Type
text/plain
Expires
Fri, Nov 8, 4:07 PM (14 h, 29 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
11616579
Default Alt Text
D46590.id143178.diff (8 KB)

Event Timeline