D46809.diff
No OneTemporary
Actions

Size

29 KB

Referenced Files

None

Subscribers

None

D46809.diff
View Options

	diff --git a/sys/dev/qlxge/qls_hw.c b/sys/dev/qlxge/qls_hw.c
	--- a/sys/dev/qlxge/qls_hw.c
	+++ b/sys/dev/qlxge/qls_hw.c
	@@ -527,11 +527,13 @@
	{
	#if defined(INET) \|\| defined(INET6)
	struct ether_vlan_header *eh;
	+#if defined(INET)
	struct ip *ip;
	+ struct tcphdr *th;
	+#endif
	#if defined(INET6)
	struct ip6_hdr *ip6;
	#endif
	- struct tcphdr *th;
	uint32_t ehdrlen, ip_hlen;
	int ret = 0;
	uint16_t etype;
	diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
	--- a/sys/net/pfvar.h
	+++ b/sys/net/pfvar.h
	@@ -898,7 +898,7 @@
	struct pf_threshold conn_rate;
	u_int32_t creation;
	u_int32_t expire;
	- sa_family_t af;
	+ ip_af_t af;
	u_int8_t ruletype;
	struct mtx *lock;
	};
	@@ -942,18 +942,19 @@
	u_int8_t pad[1];
	};

	+#ifdef _KERNEL
	/* Keep synced with struct pf_udp_endpoint. */
	struct pf_udp_endpoint_cmp {
	struct pf_addr addr;
	uint16_t port;
	- sa_family_t af;
	+ ip_af_t af;
	uint8_t pad[1];
	};

	struct pf_udp_endpoint {
	struct pf_addr addr;
	uint16_t port;
	- sa_family_t af;
	+ ip_af_t af;
	uint8_t pad[1];

	struct pf_udp_mapping *mapping;
	@@ -969,7 +970,7 @@
	struct pf_state_key_cmp {
	struct pf_addr addr[2];
	u_int16_t port[2];
	- sa_family_t af;
	+ ip_af_t af;
	u_int8_t proto;
	u_int8_t pad[2];
	};
	@@ -977,13 +978,14 @@
	struct pf_state_key {
	struct pf_addr addr[2];
	u_int16_t port[2];
	- sa_family_t af;
	+ ip_af_t af;
	u_int8_t proto;
	u_int8_t pad[2];

	LIST_ENTRY(pf_state_key) entry;
	TAILQ_HEAD(, pf_kstate) states[2];
	};
	+#endif

	/* Keep synced with struct pf_kstate. */
	struct pf_state_cmp {
	@@ -1228,7 +1230,7 @@
	typedef int pfsync_defer_t(struct pf_kstate , struct mbuf );
	typedef void pfsync_detach_ifnet_t(struct ifnet *);
	typedef void pflow_export_state_t(const struct pf_kstate *);
	-typedef bool pf_addr_filter_func_t(const sa_family_t, const struct pf_addr *);
	+typedef bool pf_addr_filter_func_t(const ip_af_t, const struct pf_addr *);

	VNET_DECLARE(pfsync_state_import_t *, pfsync_state_import_ptr);
	#define V_pfsync_state_import_ptr VNET(pfsync_state_import_ptr)
	@@ -1619,7 +1621,7 @@
	* state code. Easier than tags */
	#define PFDESC_TCP_NORM 0x0001 /* TCP shall be statefully scrubbed */
	#define PFDESC_IP_REAS 0x0002 /* IP frags would've been reassembled */
	- sa_family_t af;
	+ ip_af_t af;
	u_int8_t proto;
	u_int8_t tos;
	u_int8_t dir; /* direction */
	@@ -2324,7 +2326,7 @@
	u_int);
	extern struct pf_udp_mapping *pf_udp_mapping_find(struct pf_udp_endpoint_cmp
	*endpoint);
	-extern struct pf_udp_mapping *pf_udp_mapping_create(sa_family_t af,
	+extern struct pf_udp_mapping *pf_udp_mapping_create(ip_af_t af,
	struct pf_addr *src_addr, uint16_t src_port,
	struct pf_addr *nat_addr, uint16_t nat_port);
	extern int pf_udp_mapping_insert(struct pf_udp_mapping
	@@ -2332,7 +2334,7 @@
	extern void pf_udp_mapping_release(struct pf_udp_mapping
	*mapping);
	extern struct pf_ksrc_node pf_find_src_node(struct pf_addr ,
	- struct pf_krule *, sa_family_t,
	+ struct pf_krule *, ip_af_t,
	struct pf_srchash **, bool);
	extern void pf_unlink_src_node(struct pf_ksrc_node *);
	extern u_int pf_free_src_nodes(struct pf_ksrc_node_list *);
	@@ -2350,9 +2352,9 @@
	VNET_DECLARE(struct pf_krule, pf_default_rule);
	#define V_pf_default_rule VNET(pf_default_rule)
	extern void pf_addrcpy(struct pf_addr , struct pf_addr ,
	- sa_family_t);
	+ ip_af_t);
	void pf_free_rule(struct pf_krule *);
	-int pf_setup_pdesc(sa_family_t, int,
	+int pf_setup_pdesc(ip_af_t, int,
	struct pf_pdesc , struct mbuf ,
	u_short , u_short , struct pfi_kkif *,
	struct pf_krule , struct pf_krule ,
	@@ -2362,7 +2364,7 @@
	int pf_test_eth(int, int, struct ifnet , struct mbuf , struct inpcb );
	int pf_scan_sctp(struct mbuf , int, struct pf_pdesc , struct pfi_kkif *);
	#if defined(INET) \|\| defined(INET6)
	-int pf_test(sa_family_t, int, int, struct ifnet , struct mbuf , struct inpcb ,
	+int pf_test(ip_af_t, int, int, struct ifnet , struct mbuf , struct inpcb ,
	struct pf_rule_actions *);
	#endif
	#ifdef INET
	@@ -2374,8 +2376,8 @@
	int pf_normalize_ip6(struct mbuf *, struct pfi_kkif , u_short *,
	struct pf_pdesc *);
	void pf_poolmask(struct pf_addr , struct pf_addr,
	- struct pf_addr , struct pf_addr , sa_family_t);
	-void pf_addr_inc(struct pf_addr *, sa_family_t);
	+ struct pf_addr , struct pf_addr , ip_af_t);
	+void pf_addr_inc(struct pf_addr *, ip_af_t);
	int pf_max_frag_size(struct mbuf *);
	int pf_refragment6(struct ifnet , struct mbuf , struct m_tag , bool);
	#endif /* INET6 */
	@@ -2387,7 +2389,7 @@

	u_int32_t pf_new_isn(struct pf_kstate *);
	void pf_pull_hdr(const struct mbuf , int, void , int, u_short , u_short *,
	- sa_family_t);
	+ ip_af_t);
	void pf_change_a(void , u_int16_t , u_int32_t, u_int8_t);
	void pf_change_proto_a(struct mbuf , void , u_int16_t *, u_int32_t,
	u_int8_t);
	@@ -2398,9 +2400,9 @@
	bool, u_int8_t);
	void pf_send_deferred_syn(struct pf_kstate *);
	int pf_match_addr(u_int8_t, struct pf_addr , struct pf_addr ,
	- struct pf_addr *, sa_family_t);
	+ struct pf_addr *, ip_af_t);
	int pf_match_addr_range(struct pf_addr , struct pf_addr ,
	- struct pf_addr *, sa_family_t);
	+ struct pf_addr *, ip_af_t);
	int pf_match_port(u_int8_t, u_int16_t, u_int16_t, u_int16_t);

	void pf_normalize_init(void);
	@@ -2421,16 +2423,16 @@
	pf_state_expires(const struct pf_kstate *);
	void pf_purge_expired_fragments(void);
	void pf_purge_fragments(uint32_t);
	-int pf_routable(struct pf_addr addr, sa_family_t af, struct pfi_kkif ,
	+int pf_routable(struct pf_addr addr, ip_af_t af, struct pfi_kkif ,
	int);
	int pf_socket_lookup(struct pf_pdesc , struct mbuf );
	struct pf_state_key *pf_alloc_state_key(int);
	void pfr_initialize(void);
	void pfr_cleanup(void);
	-int pfr_match_addr(struct pfr_ktable , struct pf_addr , sa_family_t);
	-void pfr_update_stats(struct pfr_ktable , struct pf_addr , sa_family_t,
	+int pfr_match_addr(struct pfr_ktable , struct pf_addr , ip_af_t);
	+void pfr_update_stats(struct pfr_ktable , struct pf_addr , ip_af_t,
	u_int64_t, int, int, int);
	-int pfr_pool_get(struct pfr_ktable , int , struct pf_addr *, sa_family_t,
	+int pfr_pool_get(struct pfr_ktable , int , struct pf_addr *, ip_af_t,
	pf_addr_filter_func_t);
	void pfr_dynaddr_update(struct pfr_ktable , struct pfi_dynaddr );
	struct pfr_ktable *
	@@ -2481,8 +2483,8 @@
	int pfi_kkif_match(struct pfi_kkif , struct pfi_kkif );
	void pfi_kkif_purge(void);
	int pfi_match_addr(struct pfi_dynaddr , struct pf_addr ,
	- sa_family_t);
	-int pfi_dynaddr_setup(struct pf_addr_wrap *, sa_family_t);
	+ ip_af_t);
	+int pfi_dynaddr_setup(struct pf_addr_wrap *, ip_af_t);
	void pfi_dynaddr_remove(struct pfi_dynaddr *);
	void pfi_dynaddr_copyout(struct pf_addr_wrap *);
	void pfi_update_status(const char , struct pf_status );
	@@ -2493,16 +2495,16 @@
	int pf_match_tag(struct mbuf , struct pf_krule , int *, int);
	int pf_tag_packet(struct mbuf , struct pf_pdesc , int);
	int pf_addr_cmp(struct pf_addr , struct pf_addr ,
	- sa_family_t);
	+ ip_af_t);

	-u_int16_t pf_get_mss(struct mbuf *, int, u_int16_t, sa_family_t);
	-u_int8_t pf_get_wscale(struct mbuf *, int, u_int16_t, sa_family_t);
	-struct mbuf pf_build_tcp(const struct pf_krule , sa_family_t,
	+u_int16_t pf_get_mss(struct mbuf *, int, u_int16_t, ip_af_t);
	+u_int8_t pf_get_wscale(struct mbuf *, int, u_int16_t, ip_af_t);
	+struct mbuf pf_build_tcp(const struct pf_krule , ip_af_t,
	const struct pf_addr , const struct pf_addr ,
	u_int16_t, u_int16_t, u_int32_t, u_int32_t,
	u_int8_t, u_int16_t, u_int16_t, u_int8_t, bool,
	u_int16_t, u_int16_t, int);
	-void pf_send_tcp(const struct pf_krule *, sa_family_t,
	+void pf_send_tcp(const struct pf_krule *, ip_af_t,
	const struct pf_addr , const struct pf_addr ,
	u_int16_t, u_int16_t, u_int32_t, u_int32_t,
	u_int8_t, u_int16_t, u_int16_t, u_int8_t, bool,
	@@ -2606,7 +2608,7 @@
	int pf_osfp_match(struct pf_osfp_enlist *, pf_osfp_t);

	#ifdef _KERNEL
	-void pf_print_host(struct pf_addr *, u_int16_t, sa_family_t);
	+void pf_print_host(struct pf_addr *, u_int16_t, ip_af_t);

	void pf_step_into_anchor(struct pf_kanchor_stackframe , int ,
	struct pf_kruleset , int, struct pf_krule ,
	diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
	--- a/sys/netpfil/pf/pf.c
	+++ b/sys/netpfil/pf/pf.c
	@@ -187,7 +187,7 @@
	struct pf_sctp_endpoint;
	RB_HEAD(pf_sctp_endpoints, pf_sctp_endpoint);
	struct pf_sctp_source {
	- sa_family_t af;
	+ ip_af_t af;
	struct pf_addr addr;
	TAILQ_ENTRY(pf_sctp_source) entry;
	};
	@@ -247,7 +247,7 @@
	struct pf_overload_entry {
	SLIST_ENTRY(pf_overload_entry) next;
	struct pf_addr addr;
	- sa_family_t af;
	+ ip_af_t af;
	uint8_t dir;
	struct pf_krule *rule;
	};
	@@ -293,7 +293,7 @@

	static void pf_change_ap(struct mbuf , struct pf_addr , u_int16_t *,
	u_int16_t , u_int16_t , struct pf_addr *,
	- u_int16_t, u_int8_t, sa_family_t);
	+ u_int16_t, u_int8_t, ip_af_t);
	static int pf_modulate_sack(struct mbuf , int, struct pf_pdesc ,
	struct tcphdr , struct pf_state_peer );
	int pf_icmp_mapping(struct pf_pdesc , u_int8_t, int ,
	@@ -301,9 +301,9 @@
	static void pf_change_icmp(struct pf_addr , u_int16_t ,
	struct pf_addr , struct pf_addr , u_int16_t,
	u_int16_t , u_int16_t , u_int16_t *,
	- u_int16_t *, u_int8_t, sa_family_t);
	+ u_int16_t *, u_int8_t, ip_af_t);
	static void pf_send_icmp(struct mbuf *, u_int8_t, u_int8_t,
	- sa_family_t, struct pf_krule *, int);
	+ ip_af_t, struct pf_krule *, int);
	static void pf_detach_state(struct pf_kstate *);
	static int pf_state_key_attach(struct pf_state_key *,
	struct pf_state_key , struct pf_kstate );
	@@ -362,10 +362,10 @@
	struct pf_pdesc , u_short );
	static int pf_test_state_other(struct pf_kstate **,
	struct pfi_kkif , struct mbuf , struct pf_pdesc *);
	-static u_int16_t pf_calc_mss(struct pf_addr *, sa_family_t,
	+static u_int16_t pf_calc_mss(struct pf_addr *, ip_af_t,
	int, u_int16_t);
	static int pf_check_proto_cksum(struct mbuf *, int, int,
	- u_int8_t, sa_family_t);
	+ u_int8_t, ip_af_t);
	static void pf_print_state_parts(struct pf_kstate *,
	struct pf_state_key , struct pf_state_key );
	static void pf_patch_8(struct mbuf , u_int16_t , u_int8_t *, u_int8_t,
	@@ -380,7 +380,7 @@
	struct pf_krule *);
	static void pf_overload_task(void *v, int pending);
	static u_short pf_insert_src_node(struct pf_ksrc_node **,
	- struct pf_krule , struct pf_addr , sa_family_t);
	+ struct pf_krule , struct pf_addr , ip_af_t);
	static u_int pf_purge_expired_states(u_int, int);
	static void pf_purge_unlinked_rules(void);
	static int pf_mtag_uminit(void *, int, int);
	@@ -545,7 +545,7 @@
	}

	int
	-pf_addr_cmp(struct pf_addr a, struct pf_addr b, sa_family_t af)
	+pf_addr_cmp(struct pf_addr a, struct pf_addr b, ip_af_t af)
	{

	switch (af) {
	@@ -577,22 +577,22 @@
	return (-1);
	break;
	#endif /* INET6 */
	- default:
	- panic("%s: unknown address family %u", __func__, af);
	}
	return (0);
	}

	static bool
	-pf_is_loopback(sa_family_t af, struct pf_addr *addr)
	+pf_is_loopback(ip_af_t af, struct pf_addr *addr)
	{
	switch (af) {
	+#ifdef INET
	case AF_INET:
	return IN_LOOPBACK(ntohl(addr->v4.s_addr));
	+#endif
	+#ifdef INET6
	case AF_INET6:
	return IN6_IS_ADDR_LOOPBACK(&addr->v6);
	- default:
	- panic("Unknown af %d", af);
	+#endif
	}
	}

	@@ -664,26 +664,34 @@
	default:
	if (PF_ANEQ(pd->src, &nk->addr[pd->sidx], pd->af)) {
	switch (pd->af) {
	+#ifdef INET
	case AF_INET:
	pf_change_a(&pd->src->v4.s_addr,
	pd->ip_sum, nk->addr[pd->sidx].v4.s_addr,
	0);
	break;
	+#endif
	+#ifdef INET6
	case AF_INET6:
	PF_ACPY(pd->src, &nk->addr[pd->sidx], pd->af);
	break;
	+#endif
	}
	}
	if (PF_ANEQ(pd->dst, &nk->addr[pd->didx], pd->af)) {
	switch (pd->af) {
	+#ifdef INET
	case AF_INET:
	pf_change_a(&pd->dst->v4.s_addr,
	pd->ip_sum, nk->addr[pd->didx].v4.s_addr,
	0);
	break;
	+#endif
	+#ifdef INET6
	case AF_INET6:
	PF_ACPY(pd->dst, &nk->addr[pd->didx], pd->af);
	break;
	+#endif
	}
	}
	break;
	@@ -703,21 +711,23 @@
	}

	static __inline uint32_t
	-pf_hashsrc(struct pf_addr *addr, sa_family_t af)
	+pf_hashsrc(struct pf_addr *addr, ip_af_t af)
	{
	uint32_t h;

	switch (af) {
	+#ifdef INET
	case AF_INET:
	h = murmur3_32_hash32((uint32_t *)&addr->v4,
	sizeof(addr->v4)/sizeof(uint32_t), V_pf_hashseed);
	break;
	+#endif
	+#ifdef INET6
	case AF_INET6:
	h = murmur3_32_hash32((uint32_t *)&addr->v6,
	sizeof(addr->v6)/sizeof(uint32_t), V_pf_hashseed);
	break;
	- default:
	- panic("%s: unknown address family %u", __func__, af);
	+#endif
	}

	return (h & V_pf_srchashmask);
	@@ -770,7 +780,7 @@

	#ifdef INET6
	void
	-pf_addrcpy(struct pf_addr dst, struct pf_addr src, sa_family_t af)
	+pf_addrcpy(struct pf_addr dst, struct pf_addr src, ip_af_t af)
	{
	switch (af) {
	#ifdef INET
	@@ -969,7 +979,7 @@
	* allocate and insert a new one.
	*/
	struct pf_ksrc_node *
	-pf_find_src_node(struct pf_addr src, struct pf_krule rule, sa_family_t af,
	+pf_find_src_node(struct pf_addr src, struct pf_krule rule, ip_af_t af,
	struct pf_srchash **sh, bool returnlocked)
	{
	struct pf_ksrc_node *n;
	@@ -1006,7 +1016,7 @@

	static u_short
	pf_insert_src_node(struct pf_ksrc_node *sn, struct pf_krule rule,
	- struct pf_addr *src, sa_family_t af)
	+ struct pf_addr *src, ip_af_t af)
	{
	u_short reason = 0;
	struct pf_srchash *sh = NULL;
	@@ -1882,7 +1892,7 @@
	}

	struct pf_udp_mapping *
	-pf_udp_mapping_create(sa_family_t af, struct pf_addr *src_addr, uint16_t src_port,
	+pf_udp_mapping_create(ip_af_t af, struct pf_addr *src_addr, uint16_t src_port,
	struct pf_addr *nat_addr, uint16_t nat_port)
	{
	struct pf_udp_mapping *mapping;
	@@ -2011,7 +2021,7 @@
	}

	static bool
	-pf_isforlocal(struct mbuf *m, int af)
	+pf_isforlocal(struct mbuf *m, ip_af_t af)
	{
	switch (af) {
	#ifdef INET
	@@ -2032,8 +2042,6 @@
	return (! (ia->ia6_flags & IN6_IFF_NOTREADY));
	}
	#endif
	- default:
	- panic("Unsupported af %d", af);
	}

	return (false);
	@@ -2759,7 +2767,7 @@
	}

	void
	-pf_print_host(struct pf_addr *addr, u_int16_t p, sa_family_t af)
	+pf_print_host(struct pf_addr *addr, u_int16_t p, ip_af_t af)
	{
	switch (af) {
	#ifdef INET
	@@ -3095,7 +3103,7 @@
	static void
	pf_change_ap(struct mbuf m, struct pf_addr a, u_int16_t p, u_int16_t ic,
	u_int16_t pc, struct pf_addr an, u_int16_t pn, u_int8_t u,
	- sa_family_t af)
	+ ip_af_t af)
	{
	struct pf_addr ao;
	u_int16_t po = *p;
	@@ -3201,7 +3209,7 @@
	static void
	pf_change_icmp(struct pf_addr ia, u_int16_t ip, struct pf_addr *oa,
	struct pf_addr na, u_int16_t np, u_int16_t pc, u_int16_t *h2c,
	- u_int16_t ic, u_int16_t hc, u_int8_t u, sa_family_t af)
	+ u_int16_t ic, u_int16_t hc, u_int8_t u, ip_af_t af)
	{
	struct pf_addr oia, ooa;

	@@ -3349,7 +3357,7 @@
	}

	struct mbuf *
	-pf_build_tcp(const struct pf_krule *r, sa_family_t af,
	+pf_build_tcp(const struct pf_krule *r, ip_af_t af,
	const struct pf_addr saddr, const struct pf_addr daddr,
	u_int16_t sport, u_int16_t dport, u_int32_t seq, u_int32_t ack,
	u_int8_t tcp_flags, u_int16_t win, u_int16_t mss, u_int8_t ttl,
	@@ -3386,8 +3394,6 @@
	len = sizeof(struct ip6_hdr) + tlen;
	break;
	#endif /* INET6 */
	- default:
	- panic("%s: unsupported af %d", __func__, af);
	}

	m = m_gethdr(M_NOWAIT, MT_DATA);
	@@ -3501,7 +3507,7 @@
	}

	static void
	-pf_send_sctp_abort(sa_family_t af, struct pf_pdesc *pd,
	+pf_send_sctp_abort(ip_af_t af, struct pf_pdesc *pd,
	uint8_t ttl, int rtableid)
	{
	struct mbuf *m;
	@@ -3615,7 +3621,7 @@
	}

	void
	-pf_send_tcp(const struct pf_krule *r, sa_family_t af,
	+pf_send_tcp(const struct pf_krule *r, ip_af_t af,
	const struct pf_addr saddr, const struct pf_addr daddr,
	u_int16_t sport, u_int16_t dport, u_int32_t seq, u_int32_t ack,
	u_int8_t tcp_flags, u_int16_t win, u_int16_t mss, u_int8_t ttl,
	@@ -3661,7 +3667,7 @@
	{
	struct pf_addr * const saddr = pd->src;
	struct pf_addr * const daddr = pd->dst;
	- sa_family_t af = pd->af;
	+ ip_af_t af = pd->af;

	/* undo NAT changes, if they have taken place */
	if (nr != NULL) {
	@@ -3765,7 +3771,7 @@
	}

	static void
	-pf_send_icmp(struct mbuf *m, u_int8_t type, u_int8_t code, sa_family_t af,
	+pf_send_icmp(struct mbuf *m, u_int8_t type, u_int8_t code, ip_af_t af,
	struct pf_krule *r, int rtableid)
	{
	struct pf_send_entry *pfse;
	@@ -3839,7 +3845,7 @@
	*/
	int
	pf_match_addr(u_int8_t n, struct pf_addr a, struct pf_addr m,
	- struct pf_addr *b, sa_family_t af)
	+ struct pf_addr *b, ip_af_t af)
	{
	int match = 0;

	@@ -3875,7 +3881,7 @@
	*/
	int
	pf_match_addr_range(struct pf_addr b, struct pf_addr e,
	- struct pf_addr *a, sa_family_t af)
	+ struct pf_addr *a, ip_af_t af)
	{
	switch (af) {
	#ifdef INET
	@@ -4218,7 +4224,7 @@
	#ifdef INET6
	void
	pf_poolmask(struct pf_addr naddr, struct pf_addr raddr,
	- struct pf_addr rmask, struct pf_addr saddr, sa_family_t af)
	+ struct pf_addr rmask, struct pf_addr saddr, ip_af_t af)
	{
	switch (af) {
	#ifdef INET
	@@ -4241,7 +4247,7 @@
	}

	void
	-pf_addr_inc(struct pf_addr *addr, sa_family_t af)
	+pf_addr_inc(struct pf_addr *addr, ip_af_t af)
	{
	switch (af) {
	#ifdef INET
	@@ -4382,9 +4388,6 @@
	}
	break;
	#endif /* INET6 */
	-
	- default:
	- return (-1);
	}
	INP_RLOCK_ASSERT(inp);
	pd->lookup.uid = inp->inp_cred->cr_uid;
	@@ -4395,7 +4398,7 @@
	}

	u_int8_t
	-pf_get_wscale(struct mbuf *m, int off, u_int16_t th_off, sa_family_t af)
	+pf_get_wscale(struct mbuf *m, int off, u_int16_t th_off, ip_af_t af)
	{
	int hlen;
	u_int8_t hdr[60];
	@@ -4435,7 +4438,7 @@
	}

	u_int16_t
	-pf_get_mss(struct mbuf *m, int off, u_int16_t th_off, sa_family_t af)
	+pf_get_mss(struct mbuf *m, int off, u_int16_t th_off, ip_af_t af)
	{
	int hlen;
	u_int8_t hdr[60];
	@@ -4473,7 +4476,7 @@
	}

	static u_int16_t
	-pf_calc_mss(struct pf_addr *addr, sa_family_t af, int rtableid, u_int16_t offer)
	+pf_calc_mss(struct pf_addr *addr, ip_af_t af, int rtableid, u_int16_t offer)
	{
	struct nhop_object *nh;
	#ifdef INET6
	@@ -4885,7 +4888,7 @@
	struct pf_krule *nr = NULL;
	struct pf_addr * const saddr = pd->src;
	struct pf_addr * const daddr = pd->dst;
	- sa_family_t af = pd->af;
	+ ip_af_t af = pd->af;
	struct pf_krule r, a = NULL;
	struct pf_kruleset *ruleset = NULL;
	struct pf_krule_slist match_rules;
	@@ -5604,7 +5607,7 @@
	struct pf_kruleset *ruleset = NULL;
	struct pf_krule_slist match_rules;
	struct pf_krule_item *ri;
	- sa_family_t af = pd->af;
	+ ip_af_t af = pd->af;
	u_short reason;
	int tag = -1;
	int asd = 0;
	@@ -7704,7 +7707,7 @@
	*/
	void *
	pf_pull_hdr(const struct mbuf m, int off, void p, int len,
	- u_short actionp, u_short reasonp, sa_family_t af)
	+ u_short actionp, u_short reasonp, ip_af_t af)
	{
	switch (af) {
	#ifdef INET
	@@ -7750,7 +7753,7 @@
	}

	int
	-pf_routable(struct pf_addr addr, sa_family_t af, struct pfi_kkif kif,
	+pf_routable(struct pf_addr addr, ip_af_t af, struct pfi_kkif kif,
	int rtableid)
	{
	struct ifnet *ifp;
	@@ -8249,7 +8252,7 @@
	* Also, set csum_data to 0xffff to force cksum validation.
	*/
	static int
	-pf_check_proto_cksum(struct mbuf *m, int off, int len, u_int8_t p, sa_family_t af)
	+pf_check_proto_cksum(struct mbuf *m, int off, int len, u_int8_t p, ip_af_t af)
	{
	u_int16_t sum = 0;
	int hw_assist = 0;
	@@ -8300,6 +8303,7 @@

	if (!hw_assist) {
	switch (af) {
	+#ifdef INET
	case AF_INET:
	if (p == IPPROTO_ICMP) {
	if (m->m_len < off)
	@@ -8315,6 +8319,7 @@
	sum = in4_cksum(m, p, off, len);
	}
	break;
	+#endif
	#ifdef INET6
	case AF_INET6:
	if (m->m_len < sizeof(struct ip6_hdr))
	@@ -8322,8 +8327,6 @@
	sum = in6_cksum(m, p, off, len);
	break;
	#endif /* INET6 */
	- default:
	- return (1);
	}
	}
	if (sum) {
	@@ -8410,20 +8413,21 @@
	dnflow->f_id.proto = pd->proto;
	dnflow->f_id.extra = dnflow->rule.info;
	switch (pd->af) {
	+#ifdef INET
	case AF_INET:
	dnflow->f_id.addr_type = 4;
	dnflow->f_id.src_ip = ntohl(pd->src->v4.s_addr);
	dnflow->f_id.dst_ip = ntohl(pd->dst->v4.s_addr);
	break;
	+#endif
	+#ifdef INET6
	case AF_INET6:
	dnflow->flags \|= IPFW_ARGS_IP6;
	dnflow->f_id.addr_type = 6;
	dnflow->f_id.src_ip6 = pd->src->v6;
	dnflow->f_id.dst_ip6 = pd->dst->v6;
	break;
	- default:
	- panic("Invalid AF");
	- break;
	+#endif
	}

	return (true);
	@@ -8556,7 +8560,7 @@
	}

	int
	-pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc pd, struct mbuf m,
	+pf_setup_pdesc(ip_af_t af, int dir, struct pf_pdesc pd, struct mbuf m,
	u_short action, u_short reason, struct pfi_kkif kif, struct pf_krule *a,
	struct pf_krule r, struct pf_kruleset ruleset, int off, int hdrlen,
	struct pf_rule_actions *default_actions)
	@@ -8697,8 +8701,6 @@
	break;
	}
	#endif
	- default:
	- panic("pf_setup_pdesc called with illegal af %u", af);
	}

	switch (pd->proto) {
	@@ -8889,14 +8891,18 @@

	#if defined(INET) \|\| defined(INET6)
	int
	-pf_test(sa_family_t af, int dir, int pflags, struct ifnet ifp, struct mbuf *m0,
	+pf_test(ip_af_t af, int dir, int pflags, struct ifnet ifp, struct mbuf *m0,
	struct inpcb inp, struct pf_rule_actions default_actions)
	{
	struct pfi_kkif *kif;
	u_short action, reason = 0;
	struct mbuf m = m0;
	+#ifdef INET
	struct ip *h = NULL;
	+#endif
	+#ifdef INET6
	struct ip6_hdr *h6 = NULL;
	+#endif
	struct m_tag *mtag;
	struct pf_krule a = NULL, r = &V_pf_default_rule;
	struct pf_kstate *s = NULL;
	@@ -8909,6 +8915,13 @@

	PF_RULES_RLOCK_TRACKER;
	KASSERT(dir == PF_IN \|\| dir == PF_OUT, ("%s: bad direction %d\n", __func__, dir));
	+#if defined(INET) && defined(INET6)
	+ KASSERT(af == AF_INET \|\| af == AF_INET6, ("Unsupported af %d", af));
	+#elif defined(INET)
	+ KASSERT(af == AF_INET, ("Unsupported af %d", af));
	+#elif defined(INET6)
	+ KASSERT(af == AF_INET6, ("Unsupported af %d", af));
	+#endif
	M_ASSERTPKTHDR(m);

	if (!V_pf_status.running)
	@@ -8997,8 +9010,6 @@
	ttl = h6->ip6_hlim;
	break;
	#endif
	- default:
	- panic("Unknown af %d", af);
	}

	if (pf_setup_pdesc(af, dir, &pd, m, &action, &reason, kif, &a, &r,
	@@ -9085,8 +9096,6 @@
	}
	break;
	#endif
	- default:
	- panic("Unknown af %d", af);
	}

	switch (pd.proto) {
	@@ -9294,10 +9303,18 @@
	else
	pd.pf_mtag->qid = pd.act.qid;
	/* Add hints for ecn. */
	- if (af == AF_INET)
	+ switch (af) {
	+#ifdef INET
	+ case AF_INET:
	pd.pf_mtag->hdr = h;
	- else
	+ break;
	+#endif
	+#ifdef INET6
	+ case AF_INET6:
	pd.pf_mtag->hdr = h6;
	+ break;
	+#endif
	+ }
	}
	}
	#endif /* ALTQ */
	@@ -9314,6 +9331,7 @@
	pf_is_loopback(af, pd.dst))
	m->m_flags \|= M_SKIP_FIREWALL;

	+#ifdef INET
	if (af == AF_INET && __predict_false(ip_divert_ptr != NULL) &&
	action == PF_PASS && r->divert.port && !PACKET_LOOPED(&pd)) {
	mtag = m_tag_alloc(MTAG_PF_DIVERT, 0,
	@@ -9356,9 +9374,12 @@
	("pf: failed to allocate divert tag\n"));
	}
	}
	+#endif
	+#ifdef INET6
	/* XXX: Anybody working on it?! */
	if (af == AF_INET6 && r->divert.port)
	printf("pf: divert(9) is not supported for IPv6\n");
	+#endif

	/* this flag will need revising if the pkt is forwarded */
	if (pd.pf_mtag)
	@@ -9413,8 +9434,6 @@
	pf_route6(m0, r, kif->pfik_ifp, s, &pd, inp);
	break;
	#endif
	- default:
	- panic("Unknown af %d", af);
	}
	goto out;
	}
	diff --git a/sys/netpfil/pf/pf_if.c b/sys/netpfil/pf/pf_if.c
	--- a/sys/netpfil/pf/pf_if.c
	+++ b/sys/netpfil/pf/pf_if.c
	@@ -465,7 +465,7 @@
	}

	int
	-pfi_match_addr(struct pfi_dynaddr dyn, struct pf_addr a, sa_family_t af)
	+pfi_match_addr(struct pfi_dynaddr dyn, struct pf_addr a, ip_af_t af)
	{
	switch (af) {
	#ifdef INET
	@@ -494,13 +494,11 @@
	}
	break;
	#endif /* INET6 */
	- default:
	- return (0);
	}
	}

	int
	-pfi_dynaddr_setup(struct pf_addr_wrap *aw, sa_family_t af)
	+pfi_dynaddr_setup(struct pf_addr_wrap *aw, ip_af_t af)
	{
	struct epoch_tracker et;
	struct pfi_dynaddr *dyn;
	diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
	--- a/sys/netpfil/pf/pf_ioctl.c
	+++ b/sys/netpfil/pf/pf_ioctl.c
	@@ -128,7 +128,7 @@
	static void pf_hash_rule_addr(MD5_CTX , struct pf_rule_addr );
	static int pf_commit_rules(u_int32_t, int, char *);
	static int pf_addr_setup(struct pf_kruleset *,
	- struct pf_addr_wrap *, sa_family_t);
	+ struct pf_addr_wrap *, ip_af_t);
	static void pf_src_node_copy(const struct pf_ksrc_node *,
	struct pf_src_node *);
	#ifdef ALTQ
	@@ -1509,7 +1509,7 @@

	static int
	pf_addr_setup(struct pf_kruleset ruleset, struct pf_addr_wrap addr,
	- sa_family_t af)
	+ ip_af_t af)
	{
	int error = 0;

	@@ -3759,9 +3759,9 @@

	#undef ERROUT
	DIOCCHANGERULE_error:
	+ pf_krule_free(newrule);
	PF_RULES_WUNLOCK();
	PF_CONFIG_UNLOCK();
	- pf_krule_free(newrule);
	pf_kkif_free(kif);
	break;
	}
	diff --git a/sys/netpfil/pf/pf_lb.c b/sys/netpfil/pf/pf_lb.c
	--- a/sys/netpfil/pf/pf_lb.c
	+++ b/sys/netpfil/pf/pf_lb.c
	@@ -71,7 +71,7 @@
	struct pf_addr , uint16_t, struct pf_addr , uint16_t, struct pf_addr *,
	uint16_t , uint16_t, uint16_t, struct pf_ksrc_node *,
	struct pf_udp_mapping **);
	-static bool pf_islinklocal(const sa_family_t, const struct pf_addr *);
	+static bool pf_islinklocal(const ip_af_t, const struct pf_addr *);

	#define mix(a,b,c) \
	do { \
	@@ -403,7 +403,7 @@
	}

	static bool
	-pf_islinklocal(const sa_family_t af, const struct pf_addr *addr)
	+pf_islinklocal(const ip_af_t af, const struct pf_addr *addr)
	{
	if (af == AF_INET6 && IN6_IS_ADDR_LINKLOCAL(&addr->v6))
	return (true);
	diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c
	--- a/sys/netpfil/pf/pf_nl.c
	+++ b/sys/netpfil/pf/pf_nl.c
	@@ -57,7 +57,7 @@
	uint32_t creatorid;
	char ifname[IFNAMSIZ];
	uint16_t proto;
	- sa_family_t af;
	+ ip_af_t af;
	struct pf_addr addr;
	struct pf_addr mask;
	};
	@@ -81,15 +81,19 @@
	NL_DECLARE_PARSER(state_parser, struct genlmsghdr, nlf_p_generic, nla_p_state);

	static void
	-dump_addr(struct nl_writer nw, int attr, const struct pf_addr addr, int af)
	+dump_addr(struct nl_writer nw, int attr, const struct pf_addr addr, ip_af_t af)
	{
	switch (af) {
	+#ifdef INET
	case AF_INET:
	nlattr_add(nw, attr, 4, &addr->v4);
	break;
	+#endif
	+#ifdef INET6
	case AF_INET6:
	nlattr_add(nw, attr, 16, &addr->v6);
	break;
	+#endif
	};
	}

	@@ -145,7 +149,7 @@
	{
	struct nl_writer *nw = npt->nw;
	int error = 0;
	- int af;
	+ ip_af_t af;
	struct pf_state_key *key;

	PF_STATE_LOCK_ASSERT(s);
	@@ -240,7 +244,7 @@

	PF_HASHROW_LOCK(ih);
	LIST_FOREACH(s, &ih->states, entry) {
	- sa_family_t af = s->key[PF_SK_WIRE]->af;
	+ ip_af_t af = s->key[PF_SK_WIRE]->af;

	if (s->timeout == PFTM_UNLINKED)
	continue;
	@@ -766,7 +770,9 @@

	error = nl_parse_nlmsg(hdr, &addrule_parser, npt, &attrs);
	if (error != 0) {
	+ PF_RULES_WLOCK();
	pf_free_rule(attrs.rule);
	+ PF_RULES_WUNLOCK();
	return (error);
	}

	diff --git a/sys/netpfil/pf/pf_nv.h b/sys/netpfil/pf/pf_nv.h
	--- a/sys/netpfil/pf/pf_nv.h
	+++ b/sys/netpfil/pf/pf_nv.h
	@@ -70,6 +70,7 @@
	PF_NV_DEF_UINT(uint64, uint64_t, UINT64_MAX);

	int pf_nvbool(const nvlist_t , const char , bool *);
	+int pf_nvipaf(const nvlist_t , const char , ip_af_t *);
	int pf_nvbinary(const nvlist_t , const char , void *, size_t);
	int pf_nvint(const nvlist_t , const char , int *);
	int pf_nvstring(const nvlist_t , const char , char *, size_t);
	diff --git a/sys/netpfil/pf/pf_syncookies.c b/sys/netpfil/pf/pf_syncookies.c
	--- a/sys/netpfil/pf/pf_syncookies.c
	+++ b/sys/netpfil/pf/pf_syncookies.c
	@@ -435,16 +435,18 @@
	SipHash_SetKey(&ctx, V_pf_syncookie_status.key[cookie.flags.oddeven]);

	switch (pd->af) {
	+#ifdef INET
	case AF_INET:
	SipHash_Update(&ctx, pd->src, sizeof(pd->src->v4));
	SipHash_Update(&ctx, pd->dst, sizeof(pd->dst->v4));
	break;
	+#endif
	+#ifdef INET6
	case AF_INET6:
	SipHash_Update(&ctx, pd->src, sizeof(pd->src->v6));
	SipHash_Update(&ctx, pd->dst, sizeof(pd->dst->v6));
	break;
	- default:
	- panic("unknown address family");
	+#endif
	}

	SipHash_Update(&ctx, pd->sport, sizeof(*pd->sport));
	diff --git a/sys/netpfil/pf/pf_table.c b/sys/netpfil/pf/pf_table.c
	--- a/sys/netpfil/pf/pf_table.c
	+++ b/sys/netpfil/pf/pf_table.c
	@@ -2036,7 +2036,7 @@
	}

	int
	-pfr_match_addr(struct pfr_ktable kt, struct pf_addr a, sa_family_t af)
	+pfr_match_addr(struct pfr_ktable kt, struct pf_addr a, ip_af_t af)
	{
	struct pfr_kentry *ke = NULL;
	int match;
	@@ -2089,7 +2089,7 @@
	}

	void
	-pfr_update_stats(struct pfr_ktable kt, struct pf_addr a, sa_family_t af,
	+pfr_update_stats(struct pfr_ktable kt, struct pf_addr a, ip_af_t af,
	u_int64_t len, int dir_out, int op_pass, int notrule)
	{
	struct pfr_kentry *ke = NULL;
	@@ -2240,7 +2240,7 @@

	int
	pfr_pool_get(struct pfr_ktable kt, int pidx, struct pf_addr *counter,
	- sa_family_t af, pf_addr_filter_func_t filter)
	+ ip_af_t af, pf_addr_filter_func_t filter)
	{
	struct pf_addr addr, cur, mask, umask_addr;
	union sockaddr_union uaddr, umask;
	@@ -2251,14 +2251,18 @@
	MPASS(counter != NULL);

	switch (af) {
	+#ifdef INET
	case AF_INET:
	uaddr.sin.sin_len = sizeof(struct sockaddr_in);
	uaddr.sin.sin_family = AF_INET;
	break;
	+#endif
	+#ifdef INET6
	case AF_INET6:
	uaddr.sin6.sin6_len = sizeof(struct sockaddr_in6);
	uaddr.sin6.sin6_family = AF_INET6;
	break;
	+#endif
	}
	pfr_sockaddr_to_pf_addr(&uaddr, &addr);

	@@ -2311,14 +2315,18 @@
	for (;;) {
	/* we don't want to use a nested block */
	switch (af) {
	+#ifdef INET
	case AF_INET:
	ke2 = (struct pfr_kentry *)rn_match(&uaddr,
	&kt->pfrkt_ip4->rh);
	break;
	+#endif
	+#ifdef INET6
	case AF_INET6:
	ke2 = (struct pfr_kentry *)rn_match(&uaddr,
	&kt->pfrkt_ip6->rh);
	break;
	+#endif
	}
	/* no need to check KENTRY_RNF_ROOT() here */
	if (ke2 == ke) {

File Metadata

Mime Type: text/plain
Expires: Sat, Nov 16, 12:59 PM (10 h, 44 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 14659022
Default Alt Text: D46809.diff (29 KB)

D46809.diffNo OneTemporaryActions

D46809.diffView Options

File Metadata

Event Timeline

D46809.diff
No OneTemporary
Actions

D46809.diff
View Options