unbreak on >= 9.0

PR:		ports/155938
Submitted by:	Fabian Keil <fk@fabiankeil.de>
Approved by:	maintainer timeout (46 weeks)
This commit is contained in:
Florian Smeets 2012-02-14 17:07:07 +00:00
parent e8a67ded53
commit a1cde0a2c4
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=291351
7 changed files with 912 additions and 5 deletions

View file

@ -23,13 +23,18 @@ MANCOMPRESSED= no
.if ${OSVERSION} < 700049
MAKE_ARGS= LOCALBASE="${PREFIX}" OSLEVEL=37
CFLAGS+= -DHAVE_ALTQ=1
.else
.elif ${OSVERSION} < 900000
MAKE_ARGS= LOCALBASE="${PREFIX}" OSLEVEL=41
CFLAGS+= -DHAVE_ALTQ=1
.endif
.if ${OSVERSION} >= 900000
BROKEN= does not compile on 9.X
.else
MAKE_ARGS= LOCALBASE="${PREFIX}" OSLEVEL=45
CFLAGS+= -DHAVE_ALTQ=1 -DHAVE_SNPRINTF=1 -DHAVE_VSNPRINTF=1
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-cache.c \
${FILESDIR}/extra-patch-cache.h \
${FILESDIR}/extra-patch-config.h \
${FILESDIR}/extra-patch-engine.c \
${FILESDIR}/extra-patch-pftop.c \
${FILESDIR}/extra-patch-sf-gencode.c
.endif
MAKE_ENV+= __MAKE_CONF=/dev/null
@ -41,6 +46,7 @@ post-patch:
${WRKSRC}/engine.c
@${REINPLACE_CMD} -e 's|__dead|__dead2|g' ${WRKSRC}/sf-gencode.h
@${REINPLACE_CMD} -e 's|__dead|__dead2|g' ${WRKSRC}/sf-gencode.c
@${REINPLACE_CMD} -e 's|__inline__|static __inline__|g' ${WRKSRC}/pftop.c
@${REINPLACE_CMD} -e 's|#include <net/if_pflog.h>||g' \
${WRKSRC}/sf-gencode.c

View file

@ -0,0 +1,68 @@
$OpenBSD: patch-cache_c,v 1.1 2008/06/13 00:38:12 canacar Exp $
--- cache.c.orig Tue Nov 6 23:34:18 2007
+++ cache.c Wed Jun 11 19:50:07 2008
@@ -118,12 +118,17 @@ add_state(pf_state_t *st)
cache_size--;
+#ifdef HAVE_PFSYNC_STATE
+ ent->id[0] = st->id[0];
+ ent->id[1] = st->id[1];
+#else
ent->addr[0] = st->lan.addr;
ent->port[0] = st->lan.port;
ent->addr[1] = st->ext.addr;
ent->port[1] = st->ext.port;
ent->af = st->af;
ent->proto = st->proto;
+#endif
#ifdef HAVE_INOUT_COUNT
ent->bytes = COUNTER(st->bytes[0]) + COUNTER(st->bytes[1]);
#else
@@ -147,13 +152,17 @@ cache_state(pf_state_t *st)
if (cache_max == 0)
return (NULL);
+#ifdef HAVE_PFSYNC_STATE
+ ent.id[0] = st->id[0];
+ ent.id[1] = st->id[1];
+#else
ent.addr[0] = st->lan.addr;
ent.port[0] = st->lan.port;
ent.addr[1] = st->ext.addr;
ent.port[1] = st->ext.port;
ent.af = st->af;
ent.proto = st->proto;
-
+#endif
old = RB_FIND(sc_tree, &sctree, &ent);
if (old == NULL) {
@@ -210,8 +219,18 @@ cache_endupdate(void)
static __inline int
sc_cmp(struct sc_ent *a, struct sc_ent *b)
{
+#ifdef HAVE_PFSYNC_STATE
+ if (a->id[0] > b->id[0])
+ return (1);
+ if (a->id[0] < b->id[0])
+ return (-1);
+ if (a->id[1] > b->id[1])
+ return (1);
+ if (a->id[1] < b->id[1])
+ return (-1);
+#else
int diff;
-
+
if ((diff = a->proto - b->proto) != 0)
return (diff);
if ((diff = a->af - b->af) != 0)
@@ -269,6 +288,6 @@ sc_cmp(struct sc_ent *a, struct sc_ent *b)
return (diff);
if ((diff = a->port[1] - b->port[1]) != 0)
return (diff);
-
+#endif
return (0);
}

View file

@ -0,0 +1,24 @@
$OpenBSD: patch-cache_h,v 1.1 2008/06/13 00:38:12 canacar Exp $
--- cache.h.orig Tue Nov 6 23:34:18 2007
+++ cache.h Wed Jun 11 19:50:07 2008
@@ -31,14 +31,20 @@
struct sc_ent {
RB_ENTRY(sc_ent) tlink;
TAILQ_ENTRY(sc_ent) qlink;
+#ifdef HAVE_PFSYNC_STATE
+ u_int32_t id[2];
+#else
struct pf_addr addr[2];
+#endif
double peak;
double rate;
time_t t;
u_int32_t bytes;
+#ifndef HAVE_PFSYNC_STATE
u_int16_t port[2];
u_int8_t af;
u_int8_t proto;
+#endif
};
int cache_init(int);

View file

@ -0,0 +1,24 @@
$OpenBSD: patch-config_h,v 1.4 2008/12/20 04:36:11 canacar Exp $
--- config.h.orig Tue Nov 6 22:34:18 2007
+++ config.h Fri Dec 19 20:28:01 2008
@@ -74,11 +74,20 @@
#define HAVE_PFSYNC_STATE
#endif
+#if OS_LEVEL > 43
+#define HAVE_PFSYNC_KEY
+#define HAVE_NETWORK_ORDER
+#endif
+
#ifdef HAVE_PFSYNC_STATE
typedef struct pfsync_state pf_state_t;
typedef struct pfsync_state_host pf_state_host_t;
typedef struct pfsync_state_peer pf_state_peer_t;
+#ifdef HAVE_NETWORK_ORDER
+#define COUNTER(c) ((((u_int64_t) ntohl(c[0]))<<32) + ntohl(c[1]))
+#else
#define COUNTER(c) ((((u_int64_t) c[0])<<32) + c[1])
+#endif
#define pfs_ifname ifname
#else
typedef struct pf_state pf_state_t;

View file

@ -0,0 +1,13 @@
$OpenBSD: patch-engine_c,v 1.1 2008/06/13 00:38:12 canacar Exp $
--- engine.c.orig Tue Nov 6 23:35:44 2007
+++ engine.c Thu Jun 12 17:49:32 2008
@@ -809,6 +809,9 @@ next_order(void)
{
order_type *o, *oc;
+ if (curr_view->mgr->order_list == NULL)
+ return;
+
oc = curr_view->mgr->order_curr;
for (o = curr_view->mgr->order_list; o->name != NULL; o++) {

View file

@ -0,0 +1,420 @@
# One chunk of this OpenBSD patch has been removed
# as it's already part of patch-pftop.c
$OpenBSD: patch-pftop_c,v 1.12 2009/12/02 21:16:10 sthen Exp $
--- pftop.c.orig Wed Nov 7 06:36:46 2007
+++ pftop.c Wed Dec 2 21:14:56 2009
@@ -127,6 +127,13 @@
#define PT_NOROUTE(x) (0)
#endif
+#ifdef HAVE_NETWORK_ORDER
+#define PF_TSTAMP(x) ntohl(x)
+#else
+#define PF_TSTAMP(x) (x)
+#endif
+
+
/* view management */
int select_states(void);
int read_states(void);
@@ -445,11 +452,11 @@ sort_pkt_callback(const void *s1, const void *s2)
int
sort_age_callback(const void *s1, const void *s2)
{
- if (state_buf[* (u_int32_t *) s2].creation >
- state_buf[* (u_int32_t *) s1].creation)
+ if (PF_TSTAMP(state_buf[* (u_int32_t *) s2].creation) >
+ PF_TSTAMP(state_buf[* (u_int32_t *) s1].creation))
return sortdir;
- if (state_buf[* (u_int32_t *) s2].creation <
- state_buf[* (u_int32_t *) s1].creation)
+ if (PF_TSTAMP(state_buf[* (u_int32_t *) s2].creation) <
+ PF_TSTAMP(state_buf[* (u_int32_t *) s1].creation))
return -sortdir;
return 0;
}
@@ -457,11 +464,11 @@ sort_age_callback(const void *s1, const void *s2)
int
sort_exp_callback(const void *s1, const void *s2)
{
- if (state_buf[* (u_int32_t *) s2].expire >
- state_buf[* (u_int32_t *) s1].expire)
+ if (PF_TSTAMP(state_buf[* (u_int32_t *) s2].expire) >
+ PF_TSTAMP(state_buf[* (u_int32_t *) s1].expire))
return sortdir;
- if (state_buf[* (u_int32_t *) s2].expire <
- state_buf[* (u_int32_t *) s1].expire)
+ if (PF_TSTAMP(state_buf[* (u_int32_t *) s2].expire) <
+ PF_TSTAMP(state_buf[* (u_int32_t *) s1].expire))
return -sortdir;
return 0;
}
@@ -535,6 +542,8 @@ compare_addr(int af, const struct pf_addr *a, const st
return 0;
}
+#ifdef HAVE_PFSYNC_KEY
+
#ifdef __GNUC__
__inline__
#endif
@@ -542,6 +551,113 @@ int
sort_addr_callback(const pf_state_t *s1,
const pf_state_t *s2, int dir)
{
+ const struct pf_addr *aa, *ab;
+ u_int16_t pa, pb;
+ int af, ret, ii, io;
+
+ af = s1->af;
+
+
+ if (af > s2->af)
+ return sortdir;
+ if (af < s2->af)
+ return -sortdir;
+
+ ii = io = 0;
+
+ if (dir == PF_OUT) /* looking for source addr */
+ io = 1;
+ else /* looking for dest addr */
+ ii = 1;
+
+ if (s1->direction == PF_IN) {
+ aa = &s1->key[PF_SK_STACK].addr[ii];
+ pa = s1->key[PF_SK_STACK].port[ii];
+ } else {
+ aa = &s1->key[PF_SK_WIRE].addr[io];
+ pa = s1->key[PF_SK_WIRE].port[io];
+ }
+
+ if (s2->direction == PF_IN) {
+ ab = &s2->key[PF_SK_STACK].addr[ii];;
+ pb = s2->key[PF_SK_STACK].port[ii];
+ } else {
+ ab = &s2->key[PF_SK_WIRE].addr[io];;
+ pb = s2->key[PF_SK_WIRE].port[io];
+ }
+
+ ret = compare_addr(af, aa, ab);
+ if (ret)
+ return ret * sortdir;
+
+ if (ntohs(pa) > ntohs(pb))
+ return sortdir;
+ return -sortdir;
+}
+
+#ifdef __GNUC__
+__inline__
+#endif
+int
+sort_port_callback(const pf_state_t *s1,
+ const pf_state_t *s2, int dir)
+{
+ const struct pf_addr *aa, *ab;
+ u_int16_t pa, pb;
+ int af, ret, ii, io;
+
+ af = s1->af;
+
+
+ if (af > s2->af)
+ return sortdir;
+ if (af < s2->af)
+ return -sortdir;
+
+ ii = io = 0;
+
+ if (dir == PF_OUT) /* looking for source addr */
+ io = 1;
+ else /* looking for dest addr */
+ ii = 1;
+
+ if (s1->direction == PF_IN) {
+ aa = &s1->key[PF_SK_STACK].addr[ii];
+ pa = s1->key[PF_SK_STACK].port[ii];
+ } else {
+ aa = &s1->key[PF_SK_WIRE].addr[io];
+ pa = s1->key[PF_SK_WIRE].port[io];
+ }
+
+ if (s2->direction == PF_IN) {
+ ab = &s2->key[PF_SK_STACK].addr[ii];;
+ pb = s2->key[PF_SK_STACK].port[ii];
+ } else {
+ ab = &s2->key[PF_SK_WIRE].addr[io];;
+ pb = s2->key[PF_SK_WIRE].port[io];
+ }
+
+
+ if (ntohs(pa) > ntohs(pb))
+ return sortdir;
+ if (ntohs(pa) < ntohs(pb))
+ return - sortdir;
+
+ ret = compare_addr(af, aa, ab);
+ if (ret)
+ return ret * sortdir;
+ return -sortdir;
+}
+
+#else /* HAVE_PFSYNC_KEY */
+
+#ifdef __GNUC__
+__inline__
+#endif
+int
+sort_addr_callback(const pf_state_t *s1,
+ const pf_state_t *s2, int dir)
+{
const pf_state_host_t *a, *b;
int af, ret;
@@ -573,20 +689,6 @@ sort_addr_callback(const pf_state_t *s1,
return -sortdir;
}
-int sort_sa_callback(const void *p1, const void *p2)
-{
- pf_state_t *s1 = state_buf + (* (u_int32_t *) p1);
- pf_state_t *s2 = state_buf + (* (u_int32_t *) p2);
- return sort_addr_callback(s1, s2, PF_OUT);
-}
-
-int sort_da_callback(const void *p1, const void *p2)
-{
- pf_state_t *s1 = state_buf + (* (u_int32_t *) p1);
- pf_state_t *s2 = state_buf + (* (u_int32_t *) p2);
- return sort_addr_callback(s1, s2, PF_IN);
-}
-
#ifdef __GNUC__
__inline__
#endif
@@ -625,7 +727,22 @@ sort_port_callback(const pf_state_t *s1,
return sortdir;
return -sortdir;
}
+#endif /* HAVE_PFSYNC_KEY */
+int sort_sa_callback(const void *p1, const void *p2)
+{
+ pf_state_t *s1 = state_buf + (* (u_int32_t *) p1);
+ pf_state_t *s2 = state_buf + (* (u_int32_t *) p2);
+ return sort_addr_callback(s1, s2, PF_OUT);
+}
+
+int sort_da_callback(const void *p1, const void *p2)
+{
+ pf_state_t *s1 = state_buf + (* (u_int32_t *) p1);
+ pf_state_t *s2 = state_buf + (* (u_int32_t *) p2);
+ return sort_addr_callback(s1, s2, PF_IN);
+}
+
int
sort_sp_callback(const void *p1, const void *p2)
{
@@ -865,7 +982,48 @@ tb_print_addr(struct pf_addr * addr, struct pf_addr *
tbprintf("/%u", unmask(mask, af));
}
}
+#ifdef HAVE_PFSYNC_KEY
+void
+print_fld_host2(field_def *fld, struct pfsync_state_key *ks,
+ struct pfsync_state_key *kn, int idx, int af)
+{
+ struct pf_addr *as = &ks->addr[idx];
+ struct pf_addr *an = &kn->addr[idx];
+ u_int16_t ps = ntohs(ks->port[idx]);
+ u_int16_t pn = ntohs(kn->port[idx]);
+
+ if (fld == NULL)
+ return;
+
+ if (fld->width < 3) {
+ print_fld_str(fld, "*");
+ return;
+ }
+
+ tb_start();
+ tb_print_addr(as, NULL, af);
+
+ if (af == AF_INET)
+ tbprintf(":%u", ps);
+ else
+ tbprintf("[%u]", ps);
+
+ print_fld_tb(fld);
+
+ if (PF_ANEQ(as, an, af) || ps != pn) {
+ tb_start();
+ tb_print_addr(an, NULL, af);
+
+ if (af == AF_INET)
+ tbprintf(":%u", pn);
+ else
+ tbprintf("[%u]", pn);
+ print_fld_tb(FLD_GW);
+ }
+
+}
+#else
void
print_fld_host(field_def *fld, pf_state_host_t * h, int af)
{
@@ -889,6 +1047,7 @@ print_fld_host(field_def *fld, pf_state_host_t * h, in
print_fld_tb(fld);
}
+#endif
void
print_fld_state(field_def *fld, unsigned int proto,
@@ -960,7 +1119,20 @@ print_state(pf_state_t * s, struct sc_ent * ent)
else
print_fld_uint(FLD_PROTO, s->proto);
+#ifdef HAVE_PFSYNC_KEY
if (s->direction == PF_OUT) {
+ print_fld_host2(FLD_SRC, &s->key[PF_SK_WIRE],
+ &s->key[PF_SK_STACK], 1, s->af);
+ print_fld_host2(FLD_DEST, &s->key[PF_SK_WIRE],
+ &s->key[PF_SK_STACK], 0, s->af);
+ } else {
+ print_fld_host2(FLD_SRC, &s->key[PF_SK_STACK],
+ &s->key[PF_SK_WIRE], 0, s->af);
+ print_fld_host2(FLD_DEST, &s->key[PF_SK_STACK],
+ &s->key[PF_SK_WIRE], 1, s->af);
+ }
+#else
+ if (s->direction == PF_OUT) {
print_fld_host(FLD_SRC, &s->lan, s->af);
print_fld_host(FLD_DEST, &s->ext, s->af);
} else {
@@ -972,6 +1144,7 @@ print_state(pf_state_t * s, struct sc_ent * ent)
(s->lan.port != s->gwy.port)) {
print_fld_host(FLD_GW, &s->gwy, s->af);
}
+#endif
if (s->direction == PF_OUT)
print_fld_str(FLD_DIR, "Out");
@@ -979,8 +1152,8 @@ print_state(pf_state_t * s, struct sc_ent * ent)
print_fld_str(FLD_DIR, "In");
print_fld_state(FLD_STATE, s->proto, src->state, dst->state);
- print_fld_age(FLD_AGE, s->creation);
- print_fld_age(FLD_EXP, s->expire);
+ print_fld_age(FLD_AGE, PF_TSTAMP(s->creation));
+ print_fld_age(FLD_EXP, PF_TSTAMP(s->expire));
#ifdef HAVE_INOUT_COUNT
{
u_int64_t sz = COUNTER(s->bytes[0]) + COUNTER(s->bytes[1]);
@@ -988,14 +1161,14 @@ print_state(pf_state_t * s, struct sc_ent * ent)
print_fld_size(FLD_PKTS, COUNTER(s->packets[0]) +
COUNTER(s->packets[1]));
print_fld_size(FLD_BYTES, sz);
- print_fld_rate(FLD_SA, (s->creation > 0) ?
- ((double)sz/(double)s->creation) : -1);
+ print_fld_rate(FLD_SA, (s->creation) ?
+ ((double)sz/PF_TSTAMP((double)s->creation)) : -1);
}
#else
print_fld_size(FLD_PKTS, s->packets);
print_fld_size(FLD_BYTES, s->bytes);
- print_fld_rate(FLD_SA, (s->creation > 0) ?
- ((double)s->bytes/(double)s->creation) : -1);
+ print_fld_rate(FLD_SA, (s->creation) ?
+ ((double)s->bytes/PF_TSTAMP((double)s->creation)) : -1);
#endif
#ifdef HAVE_PFSYNC_STATE
@@ -1475,8 +1648,12 @@ print_rule(struct pf_rule *pr)
print_fld_str(FLD_LABEL, pr->label);
#endif
#ifdef HAVE_RULE_STATES
+#ifdef HAVE_PFSYNC_KEY
+ print_fld_size(FLD_STATS, pr->states_tot);
+#else
print_fld_size(FLD_STATS, pr->states);
#endif
+#endif
#ifdef HAVE_INOUT_COUNT_RULES
print_fld_size(FLD_PKTS, pr->packets[0] + pr->packets[1]);
@@ -1729,12 +1912,19 @@ pfctl_insert_altq_node(struct pf_altq_node **root,
prev->next = node;
}
}
- if (*root != node) {
- struct pf_altq_node *prev_flat = *root;
- while (prev_flat->next_flat != NULL) {
- prev_flat = prev_flat->next_flat;
- }
- prev_flat->next_flat = node;
+}
+
+void
+pfctl_set_next_flat(struct pf_altq_node *node, struct pf_altq_node *up)
+{
+ while (node) {
+ struct pf_altq_node *next = node->next ? node->next : up;
+ if (node->children) {
+ node->next_flat = node->children;
+ pfctl_set_next_flat(node->children, next);
+ } else
+ node->next_flat = next;
+ node = node->next;
}
}
@@ -1747,6 +1937,7 @@ pfctl_update_qstats(struct pf_altq_node **root, int *i
u_int32_t nr;
struct queue_stats qstats;
u_int32_t nr_queues;
+ int ret = 0;
*inserts = 0;
memset(&pa, 0, sizeof(pa));
@@ -1757,13 +1948,15 @@ pfctl_update_qstats(struct pf_altq_node **root, int *i
strerror(errno));
return (-1);
}
+
num_queues = nr_queues = pa.nr;
for (nr = 0; nr < nr_queues; ++nr) {
pa.nr = nr;
if (ioctl(pf_dev, DIOCGETALTQ, &pa)) {
msgprintf("Error Reading Queue (DIOCGETALTQ): %s",
strerror(errno));
- return (-1);
+ ret = -1;
+ break;
}
if (pa.altq.qid > 0) {
pq.nr = nr;
@@ -1773,7 +1966,8 @@ pfctl_update_qstats(struct pf_altq_node **root, int *i
if (ioctl(pf_dev, DIOCGETQSTATS, &pq)) {
msgprintf("Error Reading Queue (DIOCGETQSTATS): %s",
strerror(errno));
- return (-1);
+ ret = -1;
+ break;
}
qstats.valid = 1;
gettimeofday(&qstats.timestamp, NULL);
@@ -1794,7 +1988,10 @@ pfctl_update_qstats(struct pf_altq_node **root, int *i
else
--num_queues;
}
- return (0);
+
+ pfctl_set_next_flat(*root, NULL);
+
+ return (ret);
}
void

View file

@ -0,0 +1,352 @@
$OpenBSD: patch-sf-gencode_c,v 1.1 2008/06/13 00:38:12 canacar Exp $
--- sf-gencode.c.orig Tue Nov 6 23:34:18 2007
+++ sf-gencode.c Wed Jun 11 19:50:10 2008
@@ -474,9 +474,107 @@ gen_proto(int proto)
(bpf_int32)proto));
}
+#ifdef HAVE_PFSYNC_KEY
static struct block *
gen_hostop(bpf_u_int32 addr, bpf_u_int32 mask, int dir)
{
+ struct block *b0, *b1, *b2, *bi, *bo;
+ const static int isrc_off = offsetof(pf_state_t, key[PF_SK_STACK].addr[0].v4);
+ const static int osrc_off = offsetof(pf_state_t, key[PF_SK_WIRE].addr[1].v4);
+ const static int idst_off = offsetof(pf_state_t, key[PF_SK_STACK].addr[1].v4);
+ const static int odst_off = offsetof(pf_state_t, key[PF_SK_WIRE].addr[0].v4);
+
+ const static int igwy1_off = offsetof(pf_state_t, key[PF_SK_WIRE].addr[0].v4);
+ const static int ogwy1_off = offsetof(pf_state_t, key[PF_SK_STACK].addr[1].v4);
+ const static int igwy2_off = offsetof(pf_state_t, key[PF_SK_WIRE].addr[1].v4);
+ const static int ogwy2_off = offsetof(pf_state_t, key[PF_SK_STACK].addr[0].v4);
+
+ addr = ntohl(addr);
+ mask = ntohl(mask);
+
+ bi = gen_cmp(offsetof(pf_state_t, direction), BPF_B, (bpf_int32)PF_IN);
+ bo = gen_cmp(offsetof(pf_state_t, direction), BPF_B, (bpf_int32)PF_OUT);
+
+ switch (dir) {
+
+ case Q_SRC:
+ b1 = gen_mcmp(osrc_off, BPF_W, addr, mask);
+ gen_and(bo, b1);
+ b0 = gen_mcmp(isrc_off, BPF_W, addr, mask);
+ gen_and(bi, b0);
+ gen_or(b0, b1);
+ break;
+
+ case Q_DST:
+ b1 = gen_mcmp(odst_off, BPF_W, addr, mask);
+ gen_and(bo, b1);
+ b0 = gen_mcmp(idst_off, BPF_W, addr, mask);
+ gen_and(bi, b0);
+ gen_or(b0, b1);
+ break;
+
+ case Q_GATEWAY:
+ /* (in && (addr == igwy1 || addr == igwy2)) ||
+ (out && (addr == ogwy1 || addr == ogwy2)) phew! */
+ b1 = gen_mcmp(igwy1_off, BPF_W, addr, mask);
+ b0 = gen_mcmp(igwy2_off, BPF_W, addr, mask);
+ gen_or(b0, b1);
+ gen_and(bi, b1);
+ b2 = gen_mcmp(ogwy1_off, BPF_W, addr, mask);
+ b0 = gen_mcmp(ogwy2_off, BPF_W, addr, mask);
+ gen_or(b2, b0);
+ gen_and(bo, b0);
+ gen_or(b0, b1);
+ break;
+
+ case Q_AND:
+ b1 = gen_mcmp(isrc_off, BPF_W, addr, mask);
+ b0 = gen_mcmp(idst_off, BPF_W, addr, mask);
+ gen_and(b0, b1);
+ gen_and(bi, b1);
+ b2 = gen_mcmp(osrc_off, BPF_W, addr, mask);
+ b0 = gen_mcmp(odst_off, BPF_W, addr, mask);
+ gen_and(b2, b0);
+ gen_and(bo, b0);
+ gen_or(b0, b1);
+ break;
+
+ case Q_OR:
+ b1 = gen_mcmp(isrc_off, BPF_W, addr, mask);
+ b0 = gen_mcmp(idst_off, BPF_W, addr, mask);
+ gen_or(b0, b1);
+ gen_and(bi, b1);
+ b2 = gen_mcmp(osrc_off, BPF_W, addr, mask);
+ b0 = gen_mcmp(odst_off, BPF_W, addr, mask);
+ gen_or(b2, b0);
+ gen_and(bo, b0);
+ gen_or(b0, b1);
+ break;
+
+ case Q_DEFAULT:
+ b1 = gen_mcmp(isrc_off, BPF_W, addr, mask);
+ b0 = gen_mcmp(idst_off, BPF_W, addr, mask);
+ gen_or(b0, b1);
+ b0 = gen_mcmp(osrc_off, BPF_W, addr, mask);
+ gen_or(b0, b1);
+ b0 = gen_mcmp(odst_off, BPF_W, addr, mask);
+ gen_or(b0, b1);
+ break;
+
+ default:
+ sf_error("Internal error: Invalid direcion specifier: %d", dir);
+ }
+
+ b0 = gen_linktype(ETHERTYPE_IP);
+ gen_and(b0, b1);
+
+ return b1;
+}
+
+#else
+static struct block *
+gen_hostop(bpf_u_int32 addr, bpf_u_int32 mask, int dir)
+{
struct block *b0, *b1, *b2;
const static int lan_off = offsetof(pf_state_t, lan.addr.v4);
const static int gwy_off = offsetof(pf_state_t, gwy.addr.v4);
@@ -542,6 +640,7 @@ gen_hostop(bpf_u_int32 addr, bpf_u_int32 mask, int dir
return b1;
}
+#endif
static struct block *
gen_hostcmp6(u_int off, u_int32_t *a, u_int32_t *m)
@@ -560,9 +659,108 @@ gen_hostcmp6(u_int off, u_int32_t *a, u_int32_t *m)
return b1;
}
+#ifdef HAVE_PFSYNC_KEY
static struct block *
gen_hostop6(struct in6_addr *addr, struct in6_addr *mask, int dir)
+
{
+ struct block *b0, *b1, *b2, *bi, *bo;
+ u_int32_t *a, *m;
+ const static int isrc_off = offsetof(pf_state_t, key[PF_SK_STACK].addr[0].v6);
+ const static int osrc_off = offsetof(pf_state_t, key[PF_SK_WIRE].addr[1].v6);
+ const static int idst_off = offsetof(pf_state_t, key[PF_SK_STACK].addr[1].v6);
+ const static int odst_off = offsetof(pf_state_t, key[PF_SK_WIRE].addr[0].v6);
+
+ const static int igwy1_off = offsetof(pf_state_t, key[PF_SK_WIRE].addr[0].v6);
+ const static int ogwy1_off = offsetof(pf_state_t, key[PF_SK_STACK].addr[1].v6);
+ const static int igwy2_off = offsetof(pf_state_t, key[PF_SK_WIRE].addr[1].v6);
+ const static int ogwy2_off = offsetof(pf_state_t, key[PF_SK_STACK].addr[0].v6);
+
+ a = (u_int32_t *)addr;
+ m = (u_int32_t *)mask;
+
+ bi = gen_cmp(offsetof(pf_state_t, direction), BPF_B, (bpf_int32)PF_IN);
+ bo = gen_cmp(offsetof(pf_state_t, direction), BPF_B, (bpf_int32)PF_OUT);
+
+ switch (dir) {
+
+ case Q_SRC:
+ b1 = gen_hostcmp6(osrc_off, a, m);
+ gen_and(bo, b1);
+ b0 = gen_hostcmp6(isrc_off, a, m);
+ gen_and(bi, b0);
+ gen_or(b0, b1);
+ break;
+
+ case Q_DST:
+ b1 = gen_hostcmp6(odst_off, a, m);
+ gen_and(bo, b1);
+ b0 = gen_hostcmp6(idst_off, a, m);
+ gen_and(bi, b0);
+ gen_or(b0, b1);
+ break;
+
+ case Q_GATEWAY:
+ /* (in && (addr == igwy1 || addr == igwy2)) ||
+ (out && (addr == ogwy1 || addr == ogwy2)) phew! */
+ b1 = gen_hostcmp6(igwy1_off, a, m);
+ b0 = gen_hostcmp6(igwy2_off, a, m);
+ gen_or(b0, b1);
+ gen_and(bi, b1);
+ b2 = gen_hostcmp6(ogwy1_off, a, m);
+ b0 = gen_hostcmp6(ogwy2_off, a, m);
+ gen_or(b2, b0);
+ gen_and(bo, b0);
+ gen_or(b0, b1);
+ break;
+
+ case Q_AND:
+ b1 = gen_hostcmp6(isrc_off, a, m);
+ b0 = gen_hostcmp6(idst_off, a, m);
+ gen_and(b0, b1);
+ gen_and(bi, b1);
+ b2 = gen_hostcmp6(osrc_off, a, m);
+ b0 = gen_hostcmp6(odst_off, a, m);
+ gen_and(b2, b0);
+ gen_and(bo, b0);
+ gen_or(b0, b1);
+ break;
+
+ case Q_OR:
+ b1 = gen_hostcmp6(isrc_off, a, m);
+ b0 = gen_hostcmp6(idst_off, a, m);
+ gen_or(b0, b1);
+ gen_and(bi, b1);
+ b2 = gen_hostcmp6(osrc_off, a, m);
+ b0 = gen_hostcmp6(odst_off, a, m);
+ gen_or(b2, b0);
+ gen_and(bo, b0);
+ gen_or(b0, b1);
+ break;
+
+ case Q_DEFAULT:
+ b1 = gen_hostcmp6(isrc_off, a, m);
+ b0 = gen_hostcmp6(idst_off, a, m);
+ gen_or(b0, b1);
+ b0 = gen_hostcmp6(osrc_off, a, m);
+ gen_or(b0, b1);
+ b0 = gen_hostcmp6(odst_off, a, m);
+ gen_or(b0, b1);
+ break;
+
+ default:
+ sf_error("Internal error: Invalid direcion specifier: %d", dir);
+ }
+
+ b0 = gen_linktype(ETHERTYPE_IPV6);
+ gen_and(b0, b1);
+
+ return b1;
+}
+#else
+static struct block *
+gen_hostop6(struct in6_addr *addr, struct in6_addr *mask, int dir)
+{
struct block *b0, *b1, *b2;
u_int32_t *a, *m;
@@ -630,6 +828,7 @@ gen_hostop6(struct in6_addr *addr, struct in6_addr *ma
gen_and(b0, b1);
return b1;
}
+#endif
static const char *
get_modifier_by_id(int id)
@@ -748,9 +947,107 @@ gen_proto_abbrev(proto)
return b1;
}
+#ifdef HAVE_PFSYNC_KEY
struct block *
gen_portop(int port, int proto, int dir)
{
+ struct block *b0, *b1, *b2, *bi, *bo;
+ const static int isrc_off = offsetof(pf_state_t, key[PF_SK_STACK].port[0]);
+ const static int osrc_off = offsetof(pf_state_t, key[PF_SK_WIRE].port[1]);
+ const static int idst_off = offsetof(pf_state_t, key[PF_SK_STACK].port[1]);
+ const static int odst_off = offsetof(pf_state_t, key[PF_SK_WIRE].port[0]);
+
+ const static int igwy1_off = offsetof(pf_state_t, key[PF_SK_WIRE].port[0]);
+ const static int ogwy1_off = offsetof(pf_state_t, key[PF_SK_STACK].port[1]);
+ const static int igwy2_off = offsetof(pf_state_t, key[PF_SK_WIRE].port[1]);
+ const static int ogwy2_off = offsetof(pf_state_t, key[PF_SK_STACK].port[0]);
+
+ port = ntohs(port);
+
+ bi = gen_cmp(offsetof(pf_state_t, direction), BPF_B, (bpf_int32)PF_IN);
+ bo = gen_cmp(offsetof(pf_state_t, direction), BPF_B, (bpf_int32)PF_OUT);
+
+ switch (dir) {
+
+ case Q_SRC:
+ b1 = gen_cmp(osrc_off, BPF_H, (bpf_int32)port);
+ gen_and(bo, b1);
+ b0 = gen_cmp(isrc_off, BPF_H, (bpf_int32)port);
+ gen_and(bi, b0);
+ gen_or(b0, b1);
+ break;
+
+ case Q_DST:
+ b1 = gen_cmp(odst_off, BPF_H, (bpf_int32)port);
+ gen_and(bo, b1);
+ b0 = gen_cmp(idst_off, BPF_H, (bpf_int32)port);
+ gen_and(bi, b0);
+ gen_or(b0, b1);
+ break;
+
+ case Q_GATEWAY:
+ /* (in && (addr == igwy1 || addr == igwy2)) ||
+ (out && (addr == ogwy1 || addr == ogwy2)) phew! */
+ b1 = gen_cmp(igwy1_off, BPF_H, (bpf_int32)port);
+ b0 = gen_cmp(igwy2_off, BPF_H, (bpf_int32)port);
+ gen_or(b0, b1);
+ gen_and(bi, b1);
+ b2 = gen_cmp(ogwy1_off, BPF_H, (bpf_int32)port);
+ b0 = gen_cmp(ogwy2_off, BPF_H, (bpf_int32)port);
+ gen_or(b2, b0);
+ gen_and(bo, b0);
+ gen_or(b0, b1);
+ break;
+
+ case Q_AND:
+ b1 = gen_cmp(isrc_off, BPF_H, (bpf_int32)port);
+ b0 = gen_cmp(idst_off, BPF_H, (bpf_int32)port);
+ gen_and(b0, b1);
+ gen_and(bi, b1);
+ b2 = gen_cmp(osrc_off, BPF_H, (bpf_int32)port);
+ b0 = gen_cmp(odst_off, BPF_H, (bpf_int32)port);
+ gen_and(b2, b0);
+ gen_and(bo, b0);
+ gen_or(b0, b1);
+ break;
+
+ case Q_OR:
+ b1 = gen_cmp(isrc_off, BPF_H, (bpf_int32)port);
+ b0 = gen_cmp(idst_off, BPF_H, (bpf_int32)port);
+ gen_or(b0, b1);
+ gen_and(bi, b1);
+ b2 = gen_cmp(osrc_off, BPF_H, (bpf_int32)port);
+ b0 = gen_cmp(odst_off, BPF_H, (bpf_int32)port);
+ gen_or(b2, b0);
+ gen_and(bo, b0);
+ gen_or(b0, b1);
+ break;
+
+ case Q_DEFAULT:
+ b1 = gen_cmp(isrc_off, BPF_H, (bpf_int32)port);
+ b0 = gen_cmp(idst_off, BPF_H, (bpf_int32)port);
+ gen_or(b0, b1);
+ b0 = gen_cmp(osrc_off, BPF_H, (bpf_int32)port);
+ gen_or(b0, b1);
+ b0 = gen_cmp(odst_off, BPF_H, (bpf_int32)port);
+ gen_or(b0, b1);
+ break;
+
+ default:
+ sf_error("Internal error: Invalid direcion specifier: %d", dir);
+ }
+
+
+
+ b0 = gen_proto(proto);
+ gen_and(b0, b1);
+
+ return b1;
+}
+#else
+struct block *
+gen_portop(int port, int proto, int dir)
+{
struct block *b0, *b1, *b2;
const static int lan_off = offsetof(pf_state_t, lan.port);
const static int gwy_off = offsetof(pf_state_t, gwy.port);
@@ -815,6 +1112,7 @@ gen_portop(int port, int proto, int dir)
return b1;
}
+#endif
static struct block *
gen_port(int port, int ip_proto, int dir)