Page MenuHomeFreeBSD
Files F115912099

D27760.diff
No OneTemporary
Actions

D27760.diff
View Options

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -315,9 +315,9 @@
TAILQ_ENTRY(pf_krule) entries;
struct pf_pool rpool;
- u_int64_t evaluations;
- u_int64_t packets[2];
- u_int64_t bytes[2];
+ counter_u64_t evaluations;
+ counter_u64_t packets[2];
+ counter_u64_t bytes[2];
struct pfi_kif *kif;
struct pf_kanchor *anchor;
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -3537,7 +3537,7 @@
}
while (r != NULL) {
- r->evaluations++;
+ counter_u64_add(r->evaluations, 1);
if (pfi_kif_match(r->kif, kif) == r->ifnot)
r = r->skip[PF_SKIP_IFP].ptr;
else if (r->direction && r->direction != direction)
@@ -3977,7 +3977,7 @@
r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_FILTER].active.ptr);
while (r != NULL) {
- r->evaluations++;
+ counter_u64_add(r->evaluations, 1);
if (pfi_kif_match(r->kif, kif) == r->ifnot)
r = r->skip[PF_SKIP_IFP].ptr;
else if (r->direction && r->direction != direction)
@@ -6201,16 +6201,18 @@
if (action == PF_PASS || r->action == PF_DROP) {
dirndx = (dir == PF_OUT);
- r->packets[dirndx]++;
- r->bytes[dirndx] += pd.tot_len;
+ counter_u64_add(r->packets[dirndx], 1);
+ counter_u64_add(r->bytes[dirndx], pd.tot_len);
if (a != NULL) {
- a->packets[dirndx]++;
- a->bytes[dirndx] += pd.tot_len;
+ counter_u64_add(a->packets[dirndx], 1);
+ counter_u64_add(a->bytes[dirndx], pd.tot_len);
}
if (s != NULL) {
if (s->nat_rule.ptr != NULL) {
- s->nat_rule.ptr->packets[dirndx]++;
- s->nat_rule.ptr->bytes[dirndx] += pd.tot_len;
+ counter_u64_add(s->nat_rule.ptr->packets[dirndx],
+ 1);
+ counter_u64_add(s->nat_rule.ptr->bytes[dirndx],
+ pd.tot_len);
}
if (s->src_node != NULL) {
counter_u64_add(s->src_node->packets[dirndx],
@@ -6601,16 +6603,18 @@
if (action == PF_PASS || r->action == PF_DROP) {
dirndx = (dir == PF_OUT);
- r->packets[dirndx]++;
- r->bytes[dirndx] += pd.tot_len;
+ counter_u64_add(r->packets[dirndx], 1);
+ counter_u64_add(r->bytes[dirndx], pd.tot_len);
if (a != NULL) {
- a->packets[dirndx]++;
- a->bytes[dirndx] += pd.tot_len;
+ counter_u64_add(a->packets[dirndx], 1);
+ counter_u64_add(a->bytes[dirndx], pd.tot_len);
}
if (s != NULL) {
if (s->nat_rule.ptr != NULL) {
- s->nat_rule.ptr->packets[dirndx]++;
- s->nat_rule.ptr->bytes[dirndx] += pd.tot_len;
+ counter_u64_add(s->nat_rule.ptr->packets[dirndx],
+ 1);
+ counter_u64_add(s->nat_rule.ptr->bytes[dirndx],
+ pd.tot_len);
}
if (s->src_node != NULL) {
counter_u64_add(s->src_node->packets[dirndx],
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -283,6 +283,11 @@
V_pf_default_rule.nr = -1;
V_pf_default_rule.rtableid = -1;
+ V_pf_default_rule.evaluations = counter_u64_alloc(M_WAITOK);
+ for (int i = 0; i < 2; i++) {
+ V_pf_default_rule.packets[i] = counter_u64_alloc(M_WAITOK);
+ V_pf_default_rule.bytes[i] = counter_u64_alloc(M_WAITOK);
+ }
V_pf_default_rule.states_cur = counter_u64_alloc(M_WAITOK);
V_pf_default_rule.states_tot = counter_u64_alloc(M_WAITOK);
V_pf_default_rule.src_nodes = counter_u64_alloc(M_WAITOK);
@@ -461,6 +466,11 @@
pfi_kif_unref(rule->kif);
pf_kanchor_remove(rule);
pf_empty_pool(&rule->rpool.list);
+ counter_u64_free(rule->evaluations);
+ for (int i = 0; i < 2; i++) {
+ counter_u64_free(rule->packets[i]);
+ counter_u64_free(rule->bytes[i]);
+ }
counter_u64_free(rule->states_cur);
counter_u64_free(rule->states_tot);
counter_u64_free(rule->src_nodes);
@@ -1453,10 +1463,10 @@
bcopy(&krule->rpool, &rule->rpool, sizeof(krule->rpool));
- rule->evaluations = krule->evaluations;
+ rule->evaluations = counter_u64_fetch(krule->evaluations);
for (int i = 0; i < 2; i++) {
- rule->packets[i] = krule->packets[i];
- rule->bytes[i] = krule->bytes[i];
+ rule->packets[i] = counter_u64_fetch(krule->packets[i]);
+ rule->bytes[i] = counter_u64_fetch(krule->bytes[i]);
}
/* kif, anchor, overload_tbl are not copied over. */
@@ -1808,6 +1818,11 @@
if (rule->ifname[0])
kif = malloc(sizeof(*kif), PFI_MTYPE, M_WAITOK);
+ rule->evaluations = counter_u64_alloc(M_WAITOK);
+ for (int i = 0; i < 2; i++) {
+ rule->packets[i] = counter_u64_alloc(M_WAITOK);
+ rule->bytes[i] = counter_u64_alloc(M_WAITOK);
+ }
rule->states_cur = counter_u64_alloc(M_WAITOK);
rule->states_tot = counter_u64_alloc(M_WAITOK);
rule->src_nodes = counter_u64_alloc(M_WAITOK);
@@ -1920,8 +1935,11 @@
}
rule->rpool.cur = TAILQ_FIRST(&rule->rpool.list);
- rule->evaluations = rule->packets[0] = rule->packets[1] =
- rule->bytes[0] = rule->bytes[1] = 0;
+ counter_u64_zero(rule->evaluations);
+ for (int i = 0; i < 2; i++) {
+ counter_u64_zero(rule->packets[i]);
+ counter_u64_zero(rule->bytes[i]);
+ }
TAILQ_INSERT_TAIL(ruleset->rules[rs_num].inactive.ptr,
rule, entries);
ruleset->rules[rs_num].inactive.rcount++;
@@ -1931,6 +1949,11 @@
#undef ERROUT
DIOCADDRULE_error:
PF_RULES_WUNLOCK();
+ counter_u64_free(rule->evaluations);
+ for (int i = 0; i < 2; i++) {
+ counter_u64_free(rule->packets[i]);
+ counter_u64_free(rule->bytes[i]);
+ }
counter_u64_free(rule->states_cur);
counter_u64_free(rule->states_tot);
counter_u64_free(rule->src_nodes);
@@ -2016,9 +2039,11 @@
pf_addr_copyout(&pr->rule.dst.addr);
if (pr->action == PF_GET_CLR_CNTR) {
- rule->evaluations = 0;
- rule->packets[0] = rule->packets[1] = 0;
- rule->bytes[0] = rule->bytes[1] = 0;
+ counter_u64_zero(rule->evaluations);
+ for (int i = 0; i < 2; i++) {
+ counter_u64_zero(rule->packets[i]);
+ counter_u64_zero(rule->bytes[i]);
+ }
counter_u64_zero(rule->states_tot);
}
PF_RULES_WUNLOCK();
@@ -2062,6 +2087,13 @@
if (newrule->ifname[0])
kif = malloc(sizeof(*kif), PFI_MTYPE, M_WAITOK);
+ newrule->evaluations = counter_u64_alloc(M_WAITOK);
+ for (int i = 0; i < 2; i++) {
+ newrule->packets[i] =
+ counter_u64_alloc(M_WAITOK);
+ newrule->bytes[i] =
+ counter_u64_alloc(M_WAITOK);
+ }
newrule->states_cur = counter_u64_alloc(M_WAITOK);
newrule->states_tot = counter_u64_alloc(M_WAITOK);
newrule->src_nodes = counter_u64_alloc(M_WAITOK);
@@ -2174,9 +2206,6 @@
}
newrule->rpool.cur = TAILQ_FIRST(&newrule->rpool.list);
- newrule->evaluations = 0;
- newrule->packets[0] = newrule->packets[1] = 0;
- newrule->bytes[0] = newrule->bytes[1] = 0;
}
pf_empty_pool(&V_pf_pabuf);
@@ -2236,6 +2265,11 @@
DIOCCHANGERULE_error:
PF_RULES_WUNLOCK();
if (newrule != NULL) {
+ counter_u64_free(newrule->evaluations);
+ for (int i = 0; i < 2; i++) {
+ counter_u64_free(newrule->packets[i]);
+ counter_u64_free(newrule->bytes[i]);
+ }
counter_u64_free(newrule->states_cur);
counter_u64_free(newrule->states_tot);
counter_u64_free(newrule->src_nodes);
@@ -2621,9 +2655,11 @@
PF_RULES_WLOCK();
TAILQ_FOREACH(rule,
ruleset->rules[PF_RULESET_FILTER].active.ptr, entries) {
- rule->evaluations = 0;
- rule->packets[0] = rule->packets[1] = 0;
- rule->bytes[0] = rule->bytes[1] = 0;
+ counter_u64_zero(rule->evaluations);
+ for (int i = 0; i < 2; i++) {
+ counter_u64_zero(rule->packets[i]);
+ counter_u64_zero(rule->bytes[i]);
+ }
}
PF_RULES_WUNLOCK();
break;
@@ -4650,6 +4686,11 @@
uma_zdestroy(V_pf_tag_z);
/* Free counters last as we updated them during shutdown. */
+ counter_u64_free(V_pf_default_rule.evaluations);
+ for (int i = 0; i < 2; i++) {
+ counter_u64_free(V_pf_default_rule.packets[i]);
+ counter_u64_free(V_pf_default_rule.bytes[i]);
+ }
counter_u64_free(V_pf_default_rule.states_cur);
counter_u64_free(V_pf_default_rule.states_tot);
counter_u64_free(V_pf_default_rule.src_nodes);
diff --git a/sys/netpfil/pf/pf_lb.c b/sys/netpfil/pf/pf_lb.c
--- a/sys/netpfil/pf/pf_lb.c
+++ b/sys/netpfil/pf/pf_lb.c
@@ -149,7 +149,7 @@
dst = &r->dst;
}
- r->evaluations++;
+ counter_u64_add(r->evaluations, 1);
if (pfi_kif_match(r->kif, kif) == r->ifnot)
r = r->skip[PF_SKIP_IFP].ptr;
else if (r->direction && r->direction != direction)
diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c
--- a/sys/netpfil/pf/pf_norm.c
+++ b/sys/netpfil/pf/pf_norm.c
@@ -1012,7 +1012,7 @@
r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_SCRUB].active.ptr);
while (r != NULL) {
- r->evaluations++;
+ counter_u64_add(r->evaluations, 1);
if (pfi_kif_match(r->kif, kif) == r->ifnot)
r = r->skip[PF_SKIP_IFP].ptr;
else if (r->direction && r->direction != dir)
@@ -1039,8 +1039,8 @@
if (r == NULL || r->action == PF_NOSCRUB)
return (PF_PASS);
else {
- r->packets[dir == PF_OUT]++;
- r->bytes[dir == PF_OUT] += pd->tot_len;
+ counter_u64_add(r->packets[dir == PF_OUT], 1);
+ counter_u64_add(r->bytes[dir == PF_OUT], pd->tot_len);
}
/* Check for illegal packets */
@@ -1155,7 +1155,7 @@
r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_SCRUB].active.ptr);
while (r != NULL) {
- r->evaluations++;
+ counter_u64_add(r->evaluations, 1);
if (pfi_kif_match(r->kif, kif) == r->ifnot)
r = r->skip[PF_SKIP_IFP].ptr;
else if (r->direction && r->direction != dir)
@@ -1181,8 +1181,8 @@
if (r == NULL || r->action == PF_NOSCRUB)
return (PF_PASS);
else {
- r->packets[dir == PF_OUT]++;
- r->bytes[dir == PF_OUT] += pd->tot_len;
+ counter_u64_add(r->packets[dir == PF_OUT], 1);
+ counter_u64_add(r->bytes[dir == PF_OUT], pd->tot_len);
}
/* Check for illegal packets */
@@ -1309,7 +1309,7 @@
r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_SCRUB].active.ptr);
while (r != NULL) {
- r->evaluations++;
+ counter_u64_add(r->evaluations, 1);
if (pfi_kif_match(r->kif, kif) == r->ifnot)
r = r->skip[PF_SKIP_IFP].ptr;
else if (r->direction && r->direction != dir)
@@ -1343,8 +1343,8 @@
if (rm == NULL || rm->action == PF_NOSCRUB)
return (PF_PASS);
else {
- r->packets[dir == PF_OUT]++;
- r->bytes[dir == PF_OUT] += pd->tot_len;
+ counter_u64_add(r->packets[dir == PF_OUT], 1);
+ counter_u64_add(r->bytes[dir == PF_OUT], pd->tot_len);
}
if (rm->rule_flag & PFRULE_REASSEMBLE_TCP)

File Metadata

Mime Type
text/plain
Expires
Thu, May 1, 8:05 AM (17 h, 11 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
17877029
Default Alt Text
D27760.diff (10 KB)

Event Timeline