pass pf_pool directly to pfr_pool_get(); simplifies the API;

ok henning@, zinke@, mikeb@
author: markus <markus@openbsd.org> 2012-12-29 14:53:05 +0000
committer: markus <markus@openbsd.org> 2012-12-29 14:53:05 +0000
commit: 2b27abb2788e691bba44696bea82862cdaeb491a (patch)
tree: 4803b9a71030abb1b7c75156a255f9663266304e
parent: Make HUP to either one of the processes cause a restart that will (diff)
download: wireguard-openbsd-2b27abb2788e691bba44696bea82862cdaeb491a.tar.xz
wireguard-openbsd-2b27abb2788e691bba44696bea82862cdaeb491a.zip
3 files changed, 59 insertions, 95 deletions
diff --git a/sys/net/pf_lb.c b/sys/net/pf_lb.c
index 8f52fc6594f..7d0e0f0a946 100644
--- a/sys/net/pf_lb.c
+++ b/sys/net/pf_lb.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_lb.c,v 1.21 2012/07/09 15:20:57 zinke Exp $ */
+/*	$OpenBSD: pf_lb.c,v 1.22 2012/12/29 14:53:05 markus Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -106,7 +106,6 @@ int			 pf_get_sport(struct pf_pdesc *, struct pf_rule *,
 			    u_int16_t, struct pf_src_node **);
 int			 pf_get_transaddr_af(struct pf_rule *,
 			    struct pf_pdesc *, struct pf_src_node **);
-int			 pf_islinklocal(sa_family_t, struct pf_addr *);
 
 #define mix(a,b,c) \
 	do {					\
@@ -269,14 +268,6 @@ pf_get_sport(struct pf_pdesc *pd, struct pf_rule *r,
 }
 
 int
-pf_islinklocal(sa_family_t af, struct pf_addr *addr)
-{
-	if (af == AF_INET6 && IN6_IS_ADDR_LINKLOCAL(&addr->v6))
-		return (1);
-	return (0);
-}
-
-int
 pf_map_addr(sa_family_t af, struct pf_rule *r, struct pf_addr *saddr,
     struct pf_addr *naddr, struct pf_addr *init_addr, struct pf_src_node **sns,
     struct pf_pool *rpool, enum pf_sn_types type)
@@ -403,19 +394,9 @@ pf_map_addr(sa_family_t af, struct pf_rule *r, struct pf_addr *saddr,
 		PF_POOLMASK(naddr, raddr, rmask, (struct pf_addr *)&hash, af);
 		break;
 	case PF_POOL_ROUNDROBIN:
-		if (rpool->addr.type == PF_ADDR_TABLE) {
-			if (pfr_pool_get(rpool->addr.p.tbl,
-			    &rpool->tblidx, &rpool->counter,
-			    &raddr, &rmask, &rpool->kif,
-			    &rpool->states, &rpool->weight,
-			    &rpool->curweight, af, NULL))
-				return (1);
-		} else if (rpool->addr.type == PF_ADDR_DYNIFTL) {
-			if (pfr_pool_get(rpool->addr.p.dyn->pfid_kt,
-			    &rpool->tblidx, &rpool->counter,
-			    &raddr, &rmask, &rpool->kif,
-			    &rpool->states, &rpool->weight,
-			    &rpool->curweight, af, pf_islinklocal))
+		if (rpool->addr.type == PF_ADDR_TABLE ||
+		    rpool->addr.type == PF_ADDR_DYNIFTL) {
+			if (pfr_pool_get(rpool, &raddr, &rmask, af))
 				return (1);
 		} else if (pf_match_addr(0, raddr, rmask, &rpool->counter, af))
 			return (1);
@@ -426,21 +407,10 @@ pf_map_addr(sa_family_t af, struct pf_rule *r, struct pf_addr *saddr,
 		    (rpool->addr.type == PF_ADDR_DYNIFTL &&
 		    rpool->addr.p.dyn->pfid_kt->pfrkt_refcntcost > 0)) {
 			do {
-				if (rpool->addr.type == PF_ADDR_TABLE) {
-					if (pfr_pool_get(rpool->addr.p.tbl,
-					    &rpool->tblidx, &rpool->counter,
-					    &raddr, &rmask, &rpool->kif,
-					    &rpool->states, &rpool->weight,
-					    &rpool->curweight, af, NULL))
-						return (1);
-				} else if (rpool->addr.type == PF_ADDR_DYNIFTL) {
-					if (pfr_pool_get(
-					    rpool->addr.p.dyn->pfid_kt,
-					    &rpool->tblidx, &rpool->counter,
-					    &raddr, &rmask, &rpool->kif,
-					    &rpool->states, &rpool->weight,
-					    &rpool->curweight, af,
-					    pf_islinklocal))
+				if (rpool->addr.type == PF_ADDR_TABLE ||
+				    rpool->addr.type == PF_ADDR_DYNIFTL) {
+					if (pfr_pool_get(rpool,
+					    &raddr, &rmask, af))
 						return (1);
 				} else {
 					log(LOG_ERR, "pf: pf_map_addr: "
@@ -462,19 +432,9 @@ pf_map_addr(sa_family_t af, struct pf_rule *r, struct pf_addr *saddr,
 		break;
 	case PF_POOL_LEASTSTATES:
 		/* retrieve an address first */
-		if (rpool->addr.type == PF_ADDR_TABLE) {
-			if (pfr_pool_get(rpool->addr.p.tbl,
-			    &rpool->tblidx, &rpool->counter,
-			    &raddr, &rmask, &rpool->kif,
-			    &rpool->states, &rpool->weight,
-			    &rpool->curweight, af, NULL))
-				return (1);
-		} else if (rpool->addr.type == PF_ADDR_DYNIFTL) {
-			if (pfr_pool_get(rpool->addr.p.dyn->pfid_kt,
-			    &rpool->tblidx, &rpool->counter,
-			    &raddr, &rmask, &rpool->kif,
-			    &rpool->states, &rpool->weight,
-			    &rpool->curweight, af, pf_islinklocal))
+		if (rpool->addr.type == PF_ADDR_TABLE ||
+		    rpool->addr.type == PF_ADDR_DYNIFTL) {
+			if (pfr_pool_get(rpool, &raddr, &rmask, af))
 				return (1);
 		} else if (pf_match_addr(0, raddr, rmask, &rpool->counter, af))
 			return (1);
@@ -502,19 +462,9 @@ pf_map_addr(sa_family_t af, struct pf_rule *r, struct pf_addr *saddr,
 		 */
 		do  {
 			PF_AINC(&rpool->counter, af);
-			if (rpool->addr.type == PF_ADDR_TABLE) {
-				if (pfr_pool_get(rpool->addr.p.tbl,
-				    &rpool->tblidx, &rpool->counter,
-				    &raddr, &rmask, &rpool->kif,
-				    &rpool->states, &rpool->weight,
-				    &rpool->curweight, af, NULL))
-					return (1);
-			} else if (rpool->addr.type == PF_ADDR_DYNIFTL) {
-				if (pfr_pool_get(rpool->addr.p.dyn->pfid_kt,
-				    &rpool->tblidx, &rpool->counter,
-				    &raddr, &rmask, &rpool->kif,
-				    &rpool->states, &rpool->weight,
-				    &rpool->curweight, af, pf_islinklocal))
+			if (rpool->addr.type == PF_ADDR_TABLE ||
+			    rpool->addr.type == PF_ADDR_DYNIFTL) {
+				if (pfr_pool_get(rpool, &raddr, &rmask, af))
 					return (1);
 			} else if (pf_match_addr(0, raddr, rmask,
 			    &rpool->counter, af))
diff --git a/sys/net/pf_table.c b/sys/net/pf_table.c
index 3abf0d212a9..2b8145fcf1e 100644
--- a/sys/net/pf_table.c
+++ b/sys/net/pf_table.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_table.c,v 1.94 2012/01/26 11:30:39 mikeb Exp $	*/
+/*	$OpenBSD: pf_table.c,v 1.95 2012/12/29 14:53:05 markus Exp $	*/
 
 /*
  * Copyright (c) 2002 Cedric Berger
@@ -189,6 +189,7 @@ int			 pfr_table_count(struct pfr_table *, int);
 int			 pfr_skip_table(struct pfr_table *,
 			    struct pfr_ktable *, int);
 struct pfr_kentry	*pfr_kentry_byidx(struct pfr_ktable *, int, int);
+int			 pfr_islinklocal(sa_family_t, struct pf_addr *);
 
 RB_PROTOTYPE(pfr_ktablehead, pfr_ktable, pfrkt_tree, pfr_ktable_compare);
 RB_GENERATE(pfr_ktablehead, pfr_ktable, pfrkt_tree, pfr_ktable_compare);
@@ -2177,13 +2178,20 @@ pfr_detach_table(struct pfr_ktable *kt)
 }
 
 int
-pfr_pool_get(struct pfr_ktable *kt, int *pidx, struct pf_addr *counter,
-    struct pf_addr **raddr, struct pf_addr **rmask, struct pfi_kif **kif,
-    u_int64_t *states, u_int16_t *weight, int *curweight, sa_family_t af,
-    int (*filter)(sa_family_t, struct pf_addr *))
+pfr_islinklocal(sa_family_t af, struct pf_addr *addr)
 {
+	if (af == AF_INET6 && IN6_IS_ADDR_LINKLOCAL(&addr->v6))
+		return (1);
+	return (0);
+}
+
+int
+pfr_pool_get(struct pf_pool *rpool, struct pf_addr **raddr,
+    struct pf_addr **rmask, sa_family_t af)
+{
+	struct pfr_ktable	*kt;
 	struct pfr_kentry	*ke, *ke2;
-	struct pf_addr		*addr;
+	struct pf_addr		*addr, *counter;
 	union sockaddr_union	 mask;
 	int			 startidx, idx = -1, loop = 0, use_counter = 0;
 
@@ -2191,16 +2199,22 @@ pfr_pool_get(struct pfr_ktable *kt, int *pidx, struct pf_addr *counter,
 		addr = (struct pf_addr *)&pfr_sin.sin_addr;
 	else if (af == AF_INET6)
 		addr = (struct pf_addr *)&pfr_sin6.sin6_addr;
+	if (rpool->addr.type == PF_ADDR_TABLE)
+		kt = rpool->addr.p.tbl;
+	else if (rpool->addr.type == PF_ADDR_DYNIFTL)
+		kt = rpool->addr.p.dyn->pfid_kt;
+	else
+		return (-1);
 	if (!(kt->pfrkt_flags & PFR_TFLAG_ACTIVE) && kt->pfrkt_root != NULL)
 		kt = kt->pfrkt_root;
 	if (!(kt->pfrkt_flags & PFR_TFLAG_ACTIVE))
 		return (-1);
 
-	if (pidx != NULL)
-		idx = *pidx;
+	counter = &rpool->counter;
+	idx = rpool->tblidx;
 	if (idx < 0 || idx >= kt->pfrkt_cnt)
 		idx = 0;
-	else if (counter != NULL)
+	else
 		use_counter = 1;
 	startidx = idx;
 
@@ -2223,10 +2237,10 @@ pfr_pool_get(struct pfr_ktable *kt, int *pidx, struct pf_addr *counter,
 
 	/* Get current weight for weighted round-robin */
 	if (idx == 0 && use_counter == 1 && kt->pfrkt_refcntcost > 0) {
-		*curweight = *curweight - kt->pfrkt_gcdweight;
+		rpool->curweight = rpool->curweight - kt->pfrkt_gcdweight;
 
-		if (*curweight < 1)
-			*curweight = kt->pfrkt_maxweight;
+		if (rpool->curweight < 1)
+			rpool->curweight = kt->pfrkt_maxweight;
 	}
 
 	pfr_prepare_network(&pfr_mask, af, ke->pfrke_net);
@@ -2249,25 +2263,26 @@ pfr_pool_get(struct pfr_ktable *kt, int *pidx, struct pf_addr *counter,
 
 	if (!KENTRY_NETWORK(ke)) {
 		/* this is a single IP address - no possible nested block */
-		if (filter && filter(af, addr)) {
+		if (rpool->addr.type == PF_ADDR_DYNIFTL &&
+		    pfr_islinklocal(af, addr)) {
 			idx++;
 			goto _next_block;
 		}
 		PF_ACPY(counter, addr, af);
-		*pidx = idx;
+		rpool->tblidx = idx;
 		kt->pfrkt_match++;
-		*states = 0;
+		rpool->states = 0;
 		if (ke->pfrke_counters != NULL)
-			*states = ke->pfrke_counters->states;
+			rpool->states = ke->pfrke_counters->states;
 		switch (ke->pfrke_type) {
 		case PFRKE_COST:
-			*weight = ((struct pfr_kentry_cost *)ke)->weight;
+			rpool->weight = ((struct pfr_kentry_cost *)ke)->weight;
 			/* FALLTHROUGH */
 		case PFRKE_ROUTE:
-			*kif = ((struct pfr_kentry_route *)ke)->kif;
+			rpool->kif = ((struct pfr_kentry_route *)ke)->kif;
 			break;
 		default:
-			*weight = 1;
+			rpool->weight = 1;
 			break;
 		}
 		return (0);
@@ -2283,24 +2298,25 @@ pfr_pool_get(struct pfr_ktable *kt, int *pidx, struct pf_addr *counter,
 		/* no need to check KENTRY_RNF_ROOT() here */
 		if (ke2 == ke) {
 			/* lookup return the same block - perfect */
-			if (filter && filter(af, addr))
+			if (rpool->addr.type == PF_ADDR_DYNIFTL &&
+			    pfr_islinklocal(af, addr))
 				goto _next_entry;
 			PF_ACPY(counter, addr, af);
-			*pidx = idx;
+			rpool->tblidx = idx;
 			kt->pfrkt_match++;
-			*states = 0;
+			rpool->states = 0;
 			if (ke->pfrke_counters != NULL)
-				*states = ke->pfrke_counters->states;
+				rpool->states = ke->pfrke_counters->states;
 			switch (ke->pfrke_type) {
 			case PFRKE_COST:
-				*weight =
+				rpool->weight =
 				    ((struct pfr_kentry_cost *)ke)->weight;
 				/* FALLTHROUGH */
 			case PFRKE_ROUTE:
-				*kif = ((struct pfr_kentry_route *)ke)->kif;
+				rpool->kif = ((struct pfr_kentry_route *)ke)->kif;
 				break;
 			default:
-				*weight = 1;
+				rpool->weight = 1;
 				break;
 			}
 			return (0);
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 030f4fb0d58..1be9b9f894f 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.374 2012/11/06 12:32:41 henning Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.375 2012/12/29 14:53:06 markus Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -1840,10 +1840,8 @@ void	pfr_initialize(void);
 int	pfr_match_addr(struct pfr_ktable *, struct pf_addr *, sa_family_t);
 void	pfr_update_stats(struct pfr_ktable *, struct pf_addr *, sa_family_t,
 	    u_int64_t, int, int, int);
-int	pfr_pool_get(struct pfr_ktable *, int *, struct pf_addr *,
-	    struct pf_addr **, struct pf_addr **, struct pfi_kif **,
-	    u_int64_t *, u_int16_t *, int *,
-	    sa_family_t, int (*)(sa_family_t, struct pf_addr *));
+int	pfr_pool_get(struct pf_pool *, struct pf_addr **,
+	    struct pf_addr **, sa_family_t);
 int	pfr_states_increase(struct pfr_ktable *, struct pf_addr *, int);
 int	pfr_states_decrease(struct pfr_ktable *, struct pf_addr *, int);
 struct pfr_kentry *
author	markus <markus@openbsd.org>	2012-12-29 14:53:05 +0000
committer	markus <markus@openbsd.org>	2012-12-29 14:53:05 +0000
commit	2b27abb2788e691bba44696bea82862cdaeb491a (patch)
tree	4803b9a71030abb1b7c75156a255f9663266304e
parent	Make HUP to either one of the processes cause a restart that will (diff)
download	wireguard-openbsd-2b27abb2788e691bba44696bea82862cdaeb491a.tar.xz wireguard-openbsd-2b27abb2788e691bba44696bea82862cdaeb491a.zip