--- //depot/vendor/freebsd_6/src/ObsoleteFiles.inc 2007/07/21 00:48:54 +++ //depot/user/mlaier/pf41_62/ObsoleteFiles.inc 2007/07/24 20:48:51 @@ -20,6 +20,8 @@ OLD_FILES+=etc/namedb/PROTO.localhost-v6.rev OLD_FILES+=etc/namedb/PROTO.localhost.rev OLD_FILES+=etc/namedb/make-localhost +# 20070703: pf 4.1 import +OLD_FILES+=usr/libexec/ftp-proxy # 20070423: rc.bluetooth (examples) removed OLD_FILES+=usr/share/examples/netgraph/bluetooth/rc.bluetooth # 20070212: kame.4 removed --- //depot/vendor/freebsd_6/src/UPDATING 2007/04/27 03:55:16 +++ //depot/user/mlaier/pf41_62/UPDATING 2007/07/10 23:19:13 @@ -14,6 +14,13 @@ milters). If you recompiled mail filters after the 20070411 note, it is not necessary to recompile them again. +20070702: + The packet filter (pf) code has been updated to OpenBSD 4.1 Please + note the changed syntax - keep state is now on by default. Also + note the fact that ftp-proxy(8) has been changed from bottom up and + has been moved from libexec to usr/sbin. Changes in the ALTQ + handling also affect users of IPFW's ALTQ capabilities. + 20070411: sendmail(8) has been updated to version 8.14.1. Mail filters (aka, milters) compiled against the libmilter included in the @@ -530,4 +537,4 @@ Contact Warner Losh if you have any questions about your use of this document. -$FreeBSD: src/UPDATING,v 1.416.2.32 2007/04/27 03:33:17 gshapiro Exp $ +$FreeBSD: src/UPDATING,v 1.500 2007/07/03 13:06:44 mlaier Exp $ --- //depot/vendor/freebsd_6/src/libexec/Makefile 2005/12/09 17:45:51 +++ //depot/user/mlaier/pf41_62/libexec/Makefile 2007/07/10 23:19:13 @@ -1,12 +1,13 @@ # @(#)Makefile 8.1 (Berkeley) 6/4/93 -# $FreeBSD: src/libexec/Makefile,v 1.75 2005/06/10 20:52:35 nectar Exp $ +# $FreeBSD: src/libexec/Makefile,v 1.77 2007/07/03 12:46:04 mlaier Exp $ + +.include SUBDIR= atrun \ bootpd \ comsat \ fingerd \ ftpd \ - ${_ftp-proxy} \ getty \ lukemftpd \ ${_mail.local} \ @@ -30,6 +31,7 @@ tcpd \ telnetd \ tftpd \ + ${_tftp-proxy} \ ${_ypxfr} .if !defined(NO_NIS) @@ -38,7 +40,7 @@ .endif .if !defined(NO_PF) -_ftp-proxy= ftp-proxy +_tftp-proxy= tftp-proxy .endif .if !defined(NO_PIC) --- //depot/vendor/freebsd_6/src/sbin/ifconfig/Makefile 2007/05/17 02:54:55 +++ //depot/user/mlaier/pf41_62/sbin/ifconfig/Makefile 2007/07/10 23:52:14 @@ -1,5 +1,7 @@ # From: @(#)Makefile 8.1 (Berkeley) 6/5/93 -# $FreeBSD: src/sbin/ifconfig/Makefile,v 1.29.2.1 2007/05/17 01:50:45 thompsa Exp $ +# $FreeBSD: src/sbin/ifconfig/Makefile,v 1.31 2006/06/19 22:20:44 mlaier Exp $ + +.include PROG= ifconfig @@ -24,6 +26,7 @@ SRCS+= ifieee80211.c # SIOC[GS]IEEE80211 support SRCS+= ifcarp.c # SIOC[GS]VH support +SRCS+= ifgroup.c # ... SRCS+= ifpfsync.c # pfsync(4) support SRCS+= ifbridge.c # bridge support --- //depot/vendor/freebsd_6/src/sbin/ifconfig/ifconfig.8 2007/05/17 02:54:55 +++ //depot/user/mlaier/pf41_62/sbin/ifconfig/ifconfig.8 2007/07/10 23:52:14 @@ -26,9 +26,9 @@ .\" SUCH DAMAGE. .\" .\" From: @(#)ifconfig.8 8.3 (Berkeley) 1/5/94 -.\" $FreeBSD: src/sbin/ifconfig/ifconfig.8,v 1.95.2.24 2007/05/17 01:50:45 thompsa Exp $ +.\" $FreeBSD: src/sbin/ifconfig/ifconfig.8,v 1.117 2006/06/19 22:20:44 mlaier Exp $ .\" -.Dd May 16, 2007 +.Dd April 12, 2006 .Dt IFCONFIG 8 .Os .Sh NAME @@ -71,6 +71,8 @@ .Op Fl u .Op Fl v .Op Fl C +.Nm +.Op Fl g Ar groupname .Sh DESCRIPTION The .Nm @@ -178,6 +180,8 @@ .Dq name unit , for example, .Dq Li ed0 . +.It Ar groupname +List the interfaces in the given group. .El .Pp The following parameters may be set with @@ -262,6 +266,22 @@ transmit messages through that interface. If possible, the interface will be reset to disable reception as well. This action does not automatically disable routes using the interface. +.It Cm group Ar group-name +Assign the interface to a +.Dq group . +Any interface can be in multiple groups. +.Pp +Cloned interfaces are members of their interface family group by default. +For example, a PPP interface such as +.Em ppp0 +is a member of the PPP interface family group, +.Em ppp . +.\" The interface(s) the default route(s) point to are members of the +.\" .Em egress +.\" interface group. +.It Cm -group Ar group-name +Remove the interface from the given +.Dq group . .It Cm eui64 (Inet6 only.) Fill interface index --- //depot/vendor/freebsd_6/src/sbin/pfctl/Makefile 2005/12/09 17:45:51 +++ //depot/user/mlaier/pf41_62/sbin/pfctl/Makefile 2007/07/10 23:19:13 @@ -1,6 +1,7 @@ -# $FreeBSD: src/sbin/pfctl/Makefile,v 1.5 2005/05/03 16:57:38 mlaier Exp $ +# $FreeBSD: src/sbin/pfctl/Makefile,v 1.7 2007/07/03 12:46:05 mlaier Exp $ .PATH: ${.CURDIR}/../../contrib/pf/pfctl +.PATH: ${.CURDIR}/../../sys/contrib/pf/net .PATH: ${.CURDIR}/../../contrib/pf/man PROG= pfctl @@ -9,6 +10,7 @@ SRCS = pfctl.c parse.y pfctl_parser.c pf_print_state.c pfctl_altq.c SRCS+= pfctl_osfp.c pfctl_radix.c pfctl_table.c pfctl_qstats.c SRCS+= pfctl_optimize.c +SRCS+= pf_ruleset.c CFLAGS+= -Wall -Wmissing-prototypes -Wno-uninitialized CFLAGS+= -Wstrict-prototypes -I${.CURDIR}/../../contrib/pf/pfctl --- //depot/vendor/freebsd_6/src/sys/conf/NOTES 2007/07/08 15:54:10 +++ //depot/user/mlaier/pf41_62/sys/conf/NOTES 2007/07/10 23:52:14 @@ -1,4 +1,4 @@ -# $FreeBSD: src/sys/conf/NOTES,v 1.1325.2.36 2007/07/08 15:30:28 rodrigc Exp $ +# $FreeBSD: src/sys/conf/NOTES,v 1.1367 2006/06/19 22:11:44 jhb Exp $ # # NOTES -- Lines that can be cut/pasted into kernel and hints configs. # @@ -1701,6 +1701,9 @@ # PCI and ISA varieties. # awi: Support for IEEE 802.11 PC Card devices using the AMD Am79C930 and # Harris (Intersil) Chipset with PCnetMobile firmware by AMD. +# bce: Broadcom NetXtreme II (BCM5706/BCM5708) PCI/PCIe Gigabit Ethernet +# adapters. +# bfe: Broadcom BCM4401 Ethernet adapter. # bge: Support for gigabit ethernet adapters based on the Broadcom # BCM570x family of controllers, including the 3Com 3c996-T, # the Netgear GA302T, the SysKonnect SK-9D21 and SK-9D41, and @@ -1838,17 +1841,24 @@ device xe # PCI Ethernet NICs that use the common MII bus controller code. +device bce # Broadcom BCM5706/BCM5708 Gigabit Ethernet +device bfe # Broadcom BCM440x 10/100 Ethernet +device bge # Broadcom BCM570xx Gigabit Ethernet device dc # DEC/Intel 21143 and various workalikes device fxp # Intel EtherExpress PRO/100B (82557, 82558) hint.fxp.0.prefer_iomap="0" device hme # Sun HME (Happy Meal Ethernet) +device lge # Level 1 LXT1001 gigabit Ethernet device my # Myson Fast Ethernet (MTD80X, MTD89X) +device nge # NatSemi DP83820 gigabit Ethernet device rl # RealTek 8129/8139 device pcn # AMD Am79C97x PCI 10/100 NICs device sf # Adaptec AIC-6915 (``Starfire'') device sbsh # Granch SBNI16 SHDSL modem device sis # Silicon Integrated Systems SiS 900/SiS 7016 +device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet device ste # Sundance ST201 (D-Link DFE-550TX) +device ti # Alteon Networks Tigon I/II gigabit Ethernet device tl # Texas Instruments ThunderLAN device tx # SMC EtherPower II (83c170 ``EPIC'') device vr # VIA Rhine, Rhine II --- //depot/vendor/freebsd_6/src/sys/conf/files 2007/07/08 15:54:10 +++ //depot/user/mlaier/pf41_62/sys/conf/files 2007/07/10 23:19:13 @@ -1,4 +1,4 @@ -# $FreeBSD: src/sys/conf/files,v 1.1031.2.64 2007/07/08 15:30:28 rodrigc Exp $ +# $FreeBSD: src/sys/conf/files,v 1.1230 2007/07/03 12:46:05 mlaier Exp $ # # The long compile-with and dependency lines are required because of # limitations in config: backslash-newline doesn't work in strings, and @@ -291,6 +291,7 @@ contrib/pf/net/pf_norm.c optional pf contrib/pf/net/pf_table.c optional pf contrib/pf/net/pf_osfp.c optional pf +contrib/pf/net/pf_ruleset.c optional pf contrib/pf/netinet/in4_cksum.c optional pf inet crypto/blowfish/bf_ecb.c optional ipsec ipsec_esp crypto/blowfish/bf_skey.c optional crypto --- //depot/vendor/freebsd_6/src/sys/contrib/altq/altq/altq_cbq.c 2005/12/09 17:45:51 +++ //depot/user/mlaier/pf41_62/sys/contrib/altq/altq/altq_cbq.c 2007/07/10 23:19:13 @@ -1,4 +1,4 @@ -/* $FreeBSD: src/sys/contrib/altq/altq/altq_cbq.c,v 1.2.8.1 2005/08/25 05:01:03 rwatson Exp $ */ +/* $FreeBSD: src/sys/contrib/altq/altq/altq_cbq.c,v 1.5 2007/07/03 12:46:05 mlaier Exp $ */ /* $KAME: altq_cbq.c,v 1.19 2003/09/17 14:23:25 kjc Exp $ */ /* @@ -500,7 +500,7 @@ { cbq_state_t *cbqp = (cbq_state_t *)ifq->altq_disc; struct rm_class *cl; - struct m_tag *t; + struct pf_mtag *t; int len; IFQ_LOCK_ASSERT(ifq); @@ -520,8 +520,8 @@ return (ENOBUFS); } cl = NULL; - if ((t = m_tag_find(m, PACKET_TAG_PF_QID, NULL)) != NULL) - cl = clh_to_clp(cbqp, ((struct altq_tag *)(t+1))->qid); + if ((t = pf_find_mtag(m)) != NULL) + cl = clh_to_clp(cbqp, t->qid); #ifdef ALTQ3_COMPAT else if ((ifq->altq_flags & ALTQF_CLASSIFY) && pktattr != NULL) cl = pktattr->pattr_class; --- //depot/vendor/freebsd_6/src/sys/contrib/altq/altq/altq_hfsc.c 2005/12/09 17:45:51 +++ //depot/user/mlaier/pf41_62/sys/contrib/altq/altq/altq_hfsc.c 2007/07/10 23:19:13 @@ -1,4 +1,4 @@ -/* $FreeBSD: src/sys/contrib/altq/altq/altq_hfsc.c,v 1.2 2004/06/12 00:57:20 mlaier Exp $ */ +/* $FreeBSD: src/sys/contrib/altq/altq/altq_hfsc.c,v 1.4 2007/07/03 12:46:05 mlaier Exp $ */ /* $KAME: altq_hfsc.c,v 1.24 2003/12/05 05:40:46 kjc Exp $ */ /* @@ -693,7 +693,7 @@ { struct hfsc_if *hif = (struct hfsc_if *)ifq->altq_disc; struct hfsc_class *cl; - struct m_tag *t; + struct pf_mtag *t; int len; IFQ_LOCK_ASSERT(ifq); @@ -713,8 +713,8 @@ return (ENOBUFS); } cl = NULL; - if ((t = m_tag_find(m, PACKET_TAG_PF_QID, NULL)) != NULL) - cl = clh_to_clp(hif, ((struct altq_tag *)(t+1))->qid); + if ((t = pf_find_mtag(m)) != NULL) + cl = clh_to_clp(hif, t->qid); #ifdef ALTQ3_COMPAT else if ((ifq->altq_flags & ALTQF_CLASSIFY) && pktattr != NULL) cl = pktattr->pattr_class; --- //depot/vendor/freebsd_6/src/sys/contrib/altq/altq/altq_priq.c 2005/12/09 17:45:51 +++ //depot/user/mlaier/pf41_62/sys/contrib/altq/altq/altq_priq.c 2007/07/10 23:19:13 @@ -1,4 +1,4 @@ -/* $FreeBSD: src/sys/contrib/altq/altq/altq_priq.c,v 1.2 2004/06/12 00:57:20 mlaier Exp $ */ +/* $FreeBSD: src/sys/contrib/altq/altq/altq_priq.c,v 1.4 2007/07/03 12:46:05 mlaier Exp $ */ /* $KAME: altq_priq.c,v 1.11 2003/09/17 14:23:25 kjc Exp $ */ /* * Copyright (C) 2000-2003 @@ -461,7 +461,7 @@ { struct priq_if *pif = (struct priq_if *)ifq->altq_disc; struct priq_class *cl; - struct m_tag *t; + struct pf_mtag *t; int len; IFQ_LOCK_ASSERT(ifq); @@ -481,8 +481,8 @@ return (ENOBUFS); } cl = NULL; - if ((t = m_tag_find(m, PACKET_TAG_PF_QID, NULL)) != NULL) - cl = clh_to_clp(pif, ((struct altq_tag *)(t+1))->qid); + if ((t = pf_find_mtag(m)) != NULL) + cl = clh_to_clp(pif, t->qid); #ifdef ALTQ3_COMPAT else if ((ifq->altq_flags & ALTQF_CLASSIFY) && pktattr != NULL) cl = pktattr->pattr_class; --- //depot/vendor/freebsd_6/src/sys/contrib/altq/altq/altq_red.c 2005/12/09 17:45:51 +++ //depot/user/mlaier/pf41_62/sys/contrib/altq/altq/altq_red.c 2007/07/10 23:19:13 @@ -1,4 +1,4 @@ -/* $FreeBSD: src/sys/contrib/altq/altq/altq_red.c,v 1.2 2004/06/12 00:57:20 mlaier Exp $ */ +/* $FreeBSD: src/sys/contrib/altq/altq/altq_red.c,v 1.4 2007/07/03 12:46:05 mlaier Exp $ */ /* $KAME: altq_red.c,v 1.18 2003/09/05 22:40:36 itojun Exp $ */ /* @@ -514,16 +514,12 @@ mark_ecn(struct mbuf *m, struct altq_pktattr *pktattr, int flags) { struct mbuf *m0; - struct m_tag *t; - struct altq_tag *at; + struct pf_mtag *at; void *hdr; int af; - t = m_tag_find(m, PACKET_TAG_PF_QID, NULL); - if (t != NULL) { - at = (struct altq_tag *)(t + 1); - if (at == NULL) - return (0); + at = pf_find_mtag(m); + if (at != NULL) { af = at->af; hdr = at->hdr; #ifdef ALTQ3_COMPAT --- //depot/vendor/freebsd/src/sys/contrib/pf/net/if_pflog.c 2007/07/03 12:23:32 +++ //depot/user/mlaier/pf41_62/sys/contrib/pf/net/if_pflog.c 2007/07/24 18:05:41 @@ -117,7 +117,7 @@ int pflogioctl(struct ifnet *, u_long, caddr_t); void pflogstart(struct ifnet *); #ifdef __FreeBSD__ -static int pflog_clone_create(struct if_clone *, int, caddr_t); +static int pflog_clone_create(struct if_clone *, int); static void pflog_clone_destroy(struct ifnet *); #else int pflog_clone_create(struct if_clone *, int); @@ -153,7 +153,7 @@ #ifdef __FreeBSD__ static int -pflog_clone_create(struct if_clone *ifc, int unit, caddr_t param) +pflog_clone_create(struct if_clone *ifc, int unit) #else int pflog_clone_create(struct if_clone *ifc, int unit) --- //depot/vendor/freebsd/src/sys/contrib/pf/net/if_pfsync.c 2007/07/03 12:23:32 +++ //depot/user/mlaier/pf41_62/sys/contrib/pf/net/if_pfsync.c 2007/07/24 18:05:41 @@ -56,9 +56,6 @@ #endif /* __FreeBSD__ */ #include -#ifdef __FreeBSD__ -#include -#endif #include #include #include @@ -138,7 +135,7 @@ void pfsyncattach(int); #ifdef __FreeBSD__ -int pfsync_clone_create(struct if_clone *, int, caddr_t); +int pfsync_clone_create(struct if_clone *, int); void pfsync_clone_destroy(struct ifnet *); #else int pfsync_clone_create(struct if_clone *, int); @@ -200,7 +197,7 @@ int #ifdef __FreeBSD__ -pfsync_clone_create(struct if_clone *ifc, int unit, caddr_t param) +pfsync_clone_create(struct if_clone *ifc, int unit) #else pfsync_clone_create(struct if_clone *ifc, int unit) #endif @@ -215,19 +212,8 @@ return (ENOMEM); bzero(pfsyncif, sizeof(*pfsyncif)); #ifdef __FreeBSD__ - if ((pfsyncif->sc_imo.imo_membership = (struct in_multi **)malloc( - (sizeof(struct in_multi *) * IP_MIN_MEMBERSHIPS), M_DEVBUF, - M_NOWAIT)) == NULL) { - free(pfsyncif, M_DEVBUF); - return (ENOSPC); - } - pfsyncif->sc_imo.imo_mfilters = NULL; - pfsyncif->sc_imo.imo_max_memberships = IP_MIN_MEMBERSHIPS; - pfsyncif->sc_imo.imo_multicast_vif = -1; - ifp = pfsyncif->sc_ifp = if_alloc(IFT_PFSYNC); if (ifp == NULL) { - free(pfsyncif->sc_imo.imo_membership, M_DEVBUF); free(pfsyncif, M_DEVBUF); return (ENOSPC); } @@ -237,7 +223,6 @@ pfsync_ifdetach, pfsyncif, EVENTHANDLER_PRI_ANY); if (pfsyncif->sc_detachtag == NULL) { if_free(ifp); - free(pfsyncif->sc_imo.imo_membership, M_DEVBUF); free(pfsyncif, M_DEVBUF); return (ENOSPC); } @@ -338,7 +323,6 @@ if_detach(ifp); #ifdef __FreeBSD__ if_free(ifp); - free(pfsyncif->sc_imo.imo_membership, M_DEVBUF); #endif free(pfsyncif, M_DEVBUF); pfsyncif = NULL; @@ -1149,7 +1133,7 @@ break; case SIOCSETPFSYNC: #ifdef __FreeBSD__ - if ((error = priv_check(curthread, PRIV_NETINET_PF)) != 0) + if ((error = suser(curthread))) #else if ((error = suser(p, p->p_acflag)) != 0) #endif --- //depot/vendor/freebsd/src/sys/contrib/pf/net/pf.c 2007/07/03 12:23:32 +++ //depot/user/mlaier/pf41_62/sys/contrib/pf/net/pf.c 2007/07/24 18:05:41 @@ -81,6 +81,7 @@ #include #include #ifdef __FreeBSD__ +#include #include #include #else @@ -144,7 +145,6 @@ #include #include #include -#include extern int ip_optcopy(struct ip *, struct ip *); extern int debug_pfugidhack; --- //depot/vendor/freebsd/src/sys/contrib/pf/net/pf_ruleset.c 2007/07/03 12:23:32 +++ //depot/user/mlaier/pf41_62/sys/contrib/pf/net/pf_ruleset.c 2007/07/24 18:05:41 @@ -71,6 +71,20 @@ #endif #define rs_free(x) free(x, M_TEMP) +#ifdef __FreeBSD__ +static __inline char * +strchr(const char *p, int ch) +{ + return (index(p, ch)); +} + +static __inline char * +strrchr(const char *p, int ch) +{ + return (rindex(p, ch)); +} +#endif + #else /* Userland equivalents so we can lend code to pfctl et al. */ --- //depot/vendor/freebsd_6/src/sys/modules/ipfw/Makefile 2006/09/30 00:09:34 +++ //depot/user/mlaier/pf41_62/sys/modules/ipfw/Makefile 2007/07/10 23:19:13 @@ -1,4 +1,6 @@ -# $FreeBSD: src/sys/modules/ipfw/Makefile,v 1.21.2.2 2006/09/19 15:45:21 csjp Exp $ +# $FreeBSD: src/sys/modules/ipfw/Makefile,v 1.26 2007/07/03 12:46:06 mlaier Exp $ + +.include .PATH: ${.CURDIR}/../../netinet @@ -7,6 +9,7 @@ SRCS+= opt_inet6.h opt_ipsec.h opt_mac.h CFLAGS+= -DIPFIREWALL +CFLAGS+= -I${.CURDIR}/../../contrib/pf # #If you want it verbose #CFLAGS+= -DIPFIREWALL_VERBOSE --- //depot/vendor/freebsd_6/src/sys/modules/pf/Makefile 2006/09/30 00:09:34 +++ //depot/user/mlaier/pf41_62/sys/modules/pf/Makefile 2007/07/10 23:19:13 @@ -1,10 +1,13 @@ -# $FreeBSD: src/sys/modules/pf/Makefile,v 1.7.2.3 2006/09/19 15:45:21 csjp Exp $ +# $FreeBSD: src/sys/modules/pf/Makefile,v 1.13 2007/07/03 12:46:06 mlaier Exp $ + +.include .PATH: ${.CURDIR}/../../contrib/pf/net .PATH: ${.CURDIR}/../../contrib/pf/netinet KMOD= pf SRCS = pf.c pf_if.c pf_subr.c pf_osfp.c pf_ioctl.c pf_norm.c pf_table.c \ + pf_ruleset.c \ in4_cksum.c \ opt_pf.h opt_inet.h opt_inet6.h opt_bpf.h opt_mac.h @@ -21,6 +24,11 @@ opt_bpf.h: echo "#define DEV_BPF 1" > opt_bpf.h + +# pflog can be loaded as a module, have the additional checks turned on +opt_pf.h: + echo "#define DEV_PF 1" > opt_pf.h + echo "#define DEF_PFLOG 1" >> opt_pf.h .endif .include --- //depot/vendor/freebsd_6/src/sys/net/if.c 2007/07/13 01:56:46 +++ //depot/user/mlaier/pf41_62/sys/net/if.c 2007/07/24 20:48:51 @@ -115,6 +115,8 @@ static int ifhwioctl(u_long, struct ifnet *, caddr_t, struct thread *); static void if_start_deferred(void *context, int pending); static void do_link_state_change(void *, int); +static int if_getgroup(struct ifgroupreq *, struct ifnet *); +static int if_getgroupmembers(struct ifgroupreq *); #ifdef INET6 /* * XXX: declare here to avoid to include many inet6 related files.. @@ -127,6 +129,7 @@ struct ifindex_entry *ifindex_table = NULL; int ifqmaxlen = IFQ_MAXLEN; struct ifnethead ifnet; /* depend on static init XXX */ +struct ifgrouphead ifg_head; struct mtx ifnet_lock; static if_com_alloc_t *if_com_alloc[256]; static if_com_free_t *if_com_free[256]; @@ -284,6 +287,7 @@ IFNET_LOCK_INIT(); TAILQ_INIT(&ifnet); + TAILQ_INIT(&ifg_head); knlist_init(&ifklist, NULL, NULL, NULL, NULL); if_grow(); /* create initial table */ ifdev_byindex(0) = make_dev(&net_cdevsw, 0, @@ -440,6 +444,10 @@ TAILQ_INIT(&ifp->if_addrhead); TAILQ_INIT(&ifp->if_prefixhead); TAILQ_INIT(&ifp->if_multiaddrs); + TAILQ_INIT(&ifp->if_groups); + + if_addgroup(ifp, IFG_ALL); + knlist_init(&ifp->if_klist, NULL, NULL, NULL, NULL); getmicrotime(&ifp->if_lastchange); ifp->if_data.ifi_epoch = time_uptime; @@ -719,6 +727,214 @@ } /* + * Add a group to an interface + */ +int +if_addgroup(struct ifnet *ifp, const char *groupname) +{ + struct ifg_list *ifgl; + struct ifg_group *ifg = NULL; + struct ifg_member *ifgm; + + if (groupname[0] && groupname[strlen(groupname) - 1] >= '0' && + groupname[strlen(groupname) - 1] <= '9') + return (EINVAL); + + IFNET_WLOCK(); + TAILQ_FOREACH(ifgl, &ifp->if_groups, ifgl_next) + if (!strcmp(ifgl->ifgl_group->ifg_group, groupname)) { + IFNET_WUNLOCK(); + return (EEXIST); + } + + if ((ifgl = (struct ifg_list *)malloc(sizeof(struct ifg_list), M_TEMP, + M_NOWAIT)) == NULL) { + IFNET_WUNLOCK(); + return (ENOMEM); + } + + if ((ifgm = (struct ifg_member *)malloc(sizeof(struct ifg_member), + M_TEMP, M_NOWAIT)) == NULL) { + free(ifgl, M_TEMP); + IFNET_WUNLOCK(); + return (ENOMEM); + } + + TAILQ_FOREACH(ifg, &ifg_head, ifg_next) + if (!strcmp(ifg->ifg_group, groupname)) + break; + + if (ifg == NULL) { + if ((ifg = (struct ifg_group *)malloc(sizeof(struct ifg_group), + M_TEMP, M_NOWAIT)) == NULL) { + free(ifgl, M_TEMP); + free(ifgm, M_TEMP); + IFNET_WUNLOCK(); + return (ENOMEM); + } + strlcpy(ifg->ifg_group, groupname, sizeof(ifg->ifg_group)); + ifg->ifg_refcnt = 0; + TAILQ_INIT(&ifg->ifg_members); + EVENTHANDLER_INVOKE(group_attach_event, ifg); + TAILQ_INSERT_TAIL(&ifg_head, ifg, ifg_next); + } + + ifg->ifg_refcnt++; + ifgl->ifgl_group = ifg; + ifgm->ifgm_ifp = ifp; + + IF_ADDR_LOCK(ifp); + TAILQ_INSERT_TAIL(&ifg->ifg_members, ifgm, ifgm_next); + TAILQ_INSERT_TAIL(&ifp->if_groups, ifgl, ifgl_next); + IF_ADDR_UNLOCK(ifp); + + IFNET_WUNLOCK(); + + EVENTHANDLER_INVOKE(group_change_event, groupname); + + return (0); +} + +/* + * Remove a group from an interface + */ +int +if_delgroup(struct ifnet *ifp, const char *groupname) +{ + struct ifg_list *ifgl; + struct ifg_member *ifgm; + + IFNET_WLOCK(); + TAILQ_FOREACH(ifgl, &ifp->if_groups, ifgl_next) + if (!strcmp(ifgl->ifgl_group->ifg_group, groupname)) + break; + if (ifgl == NULL) { + IFNET_WUNLOCK(); + return (ENOENT); + } + + IF_ADDR_LOCK(ifp); + TAILQ_REMOVE(&ifp->if_groups, ifgl, ifgl_next); + IF_ADDR_UNLOCK(ifp); + + TAILQ_FOREACH(ifgm, &ifgl->ifgl_group->ifg_members, ifgm_next) + if (ifgm->ifgm_ifp == ifp) + break; + + if (ifgm != NULL) { + TAILQ_REMOVE(&ifgl->ifgl_group->ifg_members, ifgm, ifgm_next); + free(ifgm, M_TEMP); + } + + if (--ifgl->ifgl_group->ifg_refcnt == 0) { + TAILQ_REMOVE(&ifg_head, ifgl->ifgl_group, ifg_next); + EVENTHANDLER_INVOKE(group_detach_event, ifgl->ifgl_group); + free(ifgl->ifgl_group, M_TEMP); + } + IFNET_WUNLOCK(); + + free(ifgl, M_TEMP); + + EVENTHANDLER_INVOKE(group_change_event, groupname); + + return (0); +} + +/* + * Stores all groups from an interface in memory pointed + * to by data + */ +static int +if_getgroup(struct ifgroupreq *data, struct ifnet *ifp) +{ + int len, error; + struct ifg_list *ifgl; + struct ifg_req ifgrq, *ifgp; + struct ifgroupreq *ifgr = data; + + if (ifgr->ifgr_len == 0) { + IF_ADDR_LOCK(ifp); + TAILQ_FOREACH(ifgl, &ifp->if_groups, ifgl_next) + ifgr->ifgr_len += sizeof(struct ifg_req); + IF_ADDR_UNLOCK(ifp); + return (0); + } + + len = ifgr->ifgr_len; + ifgp = ifgr->ifgr_groups; + /* XXX: wire */ + IF_ADDR_LOCK(ifp); + TAILQ_FOREACH(ifgl, &ifp->if_groups, ifgl_next) { + if (len < sizeof(ifgrq)) { + IF_ADDR_UNLOCK(ifp); + return (EINVAL); + } + bzero(&ifgrq, sizeof ifgrq); + strlcpy(ifgrq.ifgrq_group, ifgl->ifgl_group->ifg_group, + sizeof(ifgrq.ifgrq_group)); + if ((error = copyout(&ifgrq, ifgp, sizeof(struct ifg_req)))) { + IF_ADDR_UNLOCK(ifp); + return (error); + } + len -= sizeof(ifgrq); + ifgp++; + } + IF_ADDR_UNLOCK(ifp); + + return (0); +} + +/* + * Stores all members of a group in memory pointed to by data + */ +static int +if_getgroupmembers(struct ifgroupreq *data) +{ + struct ifgroupreq *ifgr = data; + struct ifg_group *ifg; + struct ifg_member *ifgm; + struct ifg_req ifgrq, *ifgp; + int len, error; + + IFNET_RLOCK(); + TAILQ_FOREACH(ifg, &ifg_head, ifg_next) + if (!strcmp(ifg->ifg_group, ifgr->ifgr_name)) + break; + if (ifg == NULL) { + IFNET_RUNLOCK(); + return (ENOENT); + } + + if (ifgr->ifgr_len == 0) { + TAILQ_FOREACH(ifgm, &ifg->ifg_members, ifgm_next) + ifgr->ifgr_len += sizeof(ifgrq); + IFNET_RUNLOCK(); + return (0); + } + + len = ifgr->ifgr_len; + ifgp = ifgr->ifgr_groups; + TAILQ_FOREACH(ifgm, &ifg->ifg_members, ifgm_next) { + if (len < sizeof(ifgrq)) { + IFNET_RUNLOCK(); + return (EINVAL); + } + bzero(&ifgrq, sizeof ifgrq); + strlcpy(ifgrq.ifgrq_member, ifgm->ifgm_ifp->if_xname, + sizeof(ifgrq.ifgrq_member)); + if ((error = copyout(&ifgrq, ifgp, sizeof(struct ifg_req)))) { + IFNET_RUNLOCK(); + return (error); + } + len -= sizeof(ifgrq); + ifgp++; + } + IFNET_RUNLOCK(); + + return (0); +} + +/* * Delete Routes for a Network Interface * * Called for each routing entry via the rnh->rnh_walktree() call above @@ -1516,6 +1732,35 @@ ifr->ifr_addr.sa_data, ifr->ifr_addr.sa_len); break; + case SIOCAIFGROUP: + { + struct ifgroupreq *ifgr = (struct ifgroupreq *)ifr; + + error = suser(td); + if (error) + return (error); + if ((error = if_addgroup(ifp, ifgr->ifgr_group))) + return (error); + break; + } + + case SIOCGIFGROUP: + if ((error = if_getgroup((struct ifgroupreq *)ifr, ifp))) + return (error); + break; + + case SIOCDIFGROUP: + { + struct ifgroupreq *ifgr = (struct ifgroupreq *)ifr; + + error = suser(td); + if (error) + return (error); + if ((error = if_delgroup(ifp, ifgr->ifgr_group))) + return (error); + break; + } + default: error = ENOIOCTL; break; @@ -1555,6 +1800,8 @@ case SIOCIFGCLONERS: return (if_clone_list((struct if_clonereq *)data)); + case SIOCGIFGMEMB: + return (if_getgroupmembers((struct ifgroupreq *)data)); } ifp = ifunit(ifr->ifr_name); --- //depot/vendor/freebsd_6/src/sys/net/if.h 2006/02/15 03:44:32 +++ //depot/user/mlaier/pf41_62/sys/net/if.h 2007/07/10 23:52:14 @@ -27,7 +27,7 @@ * SUCH DAMAGE. * * @(#)if.h 8.1 (Berkeley) 6/10/93 - * $FreeBSD: src/sys/net/if.h,v 1.96.2.4 2006/02/15 03:37:15 ps Exp $ + * $FreeBSD: src/sys/net/if.h,v 1.103 2006/06/19 22:20:44 mlaier Exp $ */ #ifndef _NET_IF_H_ @@ -358,6 +358,37 @@ #endif /* + * interface groups + */ + +#define IFG_ALL "all" /* group contains all interfaces */ +/* XXX: will we implement this? */ +#define IFG_EGRESS "egress" /* if(s) default route(s) point to */ + +struct ifg_req { + union { + char ifgrqu_group[IFNAMSIZ]; + char ifgrqu_member[IFNAMSIZ]; + } ifgrq_ifgrqu; +#define ifgrq_group ifgrq_ifgrqu.ifgrqu_group +#define ifgrq_member ifgrq_ifgrqu.ifgrqu_member +}; + +/* + * Used to lookup groups for an interface + */ +struct ifgroupreq { + char ifgr_name[IFNAMSIZ]; + u_int ifgr_len; + union { + char ifgru_group[IFNAMSIZ]; + struct ifg_req *ifgru_groups; + } ifgr_ifgru; +#define ifgr_group ifgr_ifgru.ifgru_group +#define ifgr_groups ifgr_ifgru.ifgru_groups +}; + +/* * Structure for SIOC[AGD]LIFADDR */ struct if_laddrreq { --- //depot/vendor/freebsd_6/src/sys/net/if_clone.c 2005/12/09 17:45:51 +++ //depot/user/mlaier/pf41_62/sys/net/if_clone.c 2007/07/24 18:05:41 @@ -27,7 +27,7 @@ * SUCH DAMAGE. * * @(#)if.c 8.5 (Berkeley) 1/9/95 - * $FreeBSD: src/sys/net/if_clone.c,v 1.6 2005/02/24 13:14:41 maxim Exp $ + * $FreeBSD: src/sys/net/if_clone.c,v 1.10 2006/06/19 22:20:44 mlaier Exp $ */ #include @@ -116,6 +116,7 @@ { int err; struct if_clone *ifc; + struct ifnet *ifp; if (ifunit(name) != NULL) return (EEXIST); @@ -134,7 +135,17 @@ return (EINVAL); err = (*ifc->ifc_create)(ifc, name, len); + + if (!err) { + ifp = ifunit(name); + if (ifp == NULL) + panic("%s: lookup failed for %s", __func__, name); + + if_addgroup(ifp, ifc->ifc_name); + } + IF_CLONE_REMREF(ifc); + return (err); } @@ -169,8 +180,13 @@ goto done; } + if_delgroup(ifp, ifc->ifc_name); + err = (*ifc->ifc_destroy)(ifc, ifp); + if (err != 0) + if_addgroup(ifp, ifc->ifc_name); + done: IF_CLONE_REMREF(ifc); return (err); --- //depot/vendor/freebsd_6/src/sys/net/if_ethersubr.c 2007/05/17 01:54:48 +++ //depot/user/mlaier/pf41_62/sys/net/if_ethersubr.c 2007/07/10 23:19:13 @@ -27,7 +27,7 @@ * SUCH DAMAGE. * * @(#)if_ethersubr.c 8.1 (Berkeley) 6/10/93 - * $FreeBSD: src/sys/net/if_ethersubr.c,v 1.193.2.14 2007/05/17 01:49:41 thompsa Exp $ + * $FreeBSD: src/sys/net/if_ethersubr.c,v 1.234 2007/07/03 12:46:06 mlaier Exp $ */ #include "opt_atalk.h" @@ -63,6 +63,7 @@ #include #include #include +#include #if defined(INET) || defined(INET6) #include @@ -155,6 +156,7 @@ int error, hdrcmplt = 0; u_char esrc[ETHER_ADDR_LEN], edst[ETHER_ADDR_LEN]; struct ether_header *eh; + struct pf_mtag *t; int loop_copy = 1; int hlen; /* link layer header length */ @@ -305,7 +307,7 @@ * reasons and compatibility with the original behavior. */ if ((ifp->if_flags & IFF_SIMPLEX) && loop_copy && - m_tag_find(m, PACKET_TAG_PF_ROUTED, NULL) == NULL) { + ((t = pf_find_mtag(m)) == NULL || !t->routed)) { int csum_flags = 0; if (m->m_pkthdr.csum_flags & CSUM_IP) --- //depot/vendor/freebsd_6/src/sys/net/if_var.h 2007/07/07 01:52:31 +++ //depot/user/mlaier/pf41_62/sys/net/if_var.h 2007/07/10 23:52:14 @@ -27,7 +27,7 @@ * SUCH DAMAGE. * * From: @(#)if.h 8.1 (Berkeley) 6/10/93 - * $FreeBSD: src/sys/net/if_var.h,v 1.98.2.8 2007/07/07 00:54:46 brian Exp $ + * $FreeBSD: src/sys/net/if_var.h,v 1.107 2006/06/19 22:20:44 mlaier Exp $ */ #ifndef _NET_IF_VAR_H_ @@ -90,6 +90,7 @@ TAILQ_HEAD(ifaddrhead, ifaddr); /* instantiation is preserved in the list */ TAILQ_HEAD(ifprefixhead, ifprefix); TAILQ_HEAD(ifmultihead, ifmultiaddr); +TAILQ_HEAD(ifgrouphead, ifg_group); /* * Structure defining a queue for a network interface. @@ -180,6 +181,9 @@ struct task if_starttask; /* task for IFF_NEEDSGIANT */ struct task if_linktask; /* task for link change events */ struct mtx if_addr_mtx; /* mutex to protect address lists */ + TAILQ_HEAD(, ifg_list) if_groups; /* linked list of groups per if */ + /* protected by if_addr_mtx */ + void *if_pf_kif; }; typedef void if_init_f_t(void *); @@ -316,6 +320,37 @@ typedef void (*ifnet_departure_event_handler_t)(void *, struct ifnet *); EVENTHANDLER_DECLARE(ifnet_departure_event, ifnet_departure_event_handler_t); +/* + * interface groups + */ +struct ifg_group { + char ifg_group[IFNAMSIZ]; + u_int ifg_refcnt; + void *ifg_pf_kif; + TAILQ_HEAD(, ifg_member) ifg_members; + TAILQ_ENTRY(ifg_group) ifg_next; +}; + +struct ifg_member { + TAILQ_ENTRY(ifg_member) ifgm_next; + struct ifnet *ifgm_ifp; +}; + +struct ifg_list { + struct ifg_group *ifgl_group; + TAILQ_ENTRY(ifg_list) ifgl_next; +}; + +/* group attach event */ +typedef void (*group_attach_event_handler_t)(void *, struct ifg_group *); +EVENTHANDLER_DECLARE(group_attach_event, group_attach_event_handler_t); +/* group detach event */ +typedef void (*group_detach_event_handler_t)(void *, struct ifg_group *); +EVENTHANDLER_DECLARE(group_detach_event, group_detach_event_handler_t); +/* group change event */ +typedef void (*group_change_event_handler_t)(void *, const char *); +EVENTHANDLER_DECLARE(group_change_event, group_change_event_handler_t); + #define IF_AFDATA_LOCK_INIT(ifp) \ mtx_init(&(ifp)->if_afdata_mtx, "if_afdata", NULL, MTX_DEF) #define IF_AFDATA_LOCK(ifp) mtx_lock(&(ifp)->if_afdata_mtx) @@ -623,6 +658,8 @@ extern struct ifnet *loif; /* first loopback interface */ extern int if_index; +int if_addgroup(struct ifnet *, const char *); +int if_delgroup(struct ifnet *, const char *); int if_addmulti(struct ifnet *, struct sockaddr *, struct ifmultiaddr **); int if_allmulti(struct ifnet *, int); struct ifnet* if_alloc(u_char); --- //depot/vendor/freebsd_6/src/sys/netinet/ip_fw2.c 2007/06/07 09:56:08 +++ //depot/user/mlaier/pf41_62/sys/netinet/ip_fw2.c 2007/07/10 23:19:13 @@ -22,7 +22,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/netinet/ip_fw2.c,v 1.106.2.40 2007/06/07 09:50:53 bz Exp $ + * $FreeBSD: src/sys/netinet/ip_fw2.c,v 1.169 2007/07/03 12:46:06 mlaier Exp $ */ #define DEB(x) @@ -64,6 +64,7 @@ #include #include #include +#include #include #include #include @@ -2896,24 +2897,21 @@ break; case O_ALTQ: { - struct altq_tag *at; + struct pf_mtag *at; ipfw_insn_altq *altq = (ipfw_insn_altq *)cmd; match = 1; - mtag = m_tag_find(m, PACKET_TAG_PF_QID, NULL); - if (mtag != NULL) + at = pf_find_mtag(m); + if (at != NULL && at->qid != 0) break; - mtag = m_tag_get(PACKET_TAG_PF_QID, - sizeof(struct altq_tag), - M_NOWAIT); - if (mtag == NULL) { + at = pf_get_mtag(m); + if (at == NULL) { /* * Let the packet fall back to the * default ALTQ. */ break; } - at = (struct altq_tag *)(mtag+1); at->qid = altq->qid; if (is_ipv4) at->af = AF_INET; --- //depot/vendor/freebsd_6/src/sys/netinet6/in6.h 2007/04/24 11:55:22 +++ //depot/user/mlaier/pf41_62/sys/netinet6/in6.h 2007/07/10 23:19:13 @@ -1,4 +1,4 @@ -/* $FreeBSD: src/sys/netinet6/in6.h,v 1.36.2.8 2007/04/24 11:42:42 gnn Exp $ */ +/* $FreeBSD: src/sys/netinet6/in6.h,v 1.48 2007/07/03 12:46:07 mlaier Exp $ */ /* $KAME: in6.h,v 1.89 2001/05/27 13:28:35 itojun Exp $ */ /*- @@ -350,6 +350,11 @@ #define IN6_IS_SCOPE_LINKLOCAL(a) \ ((IN6_IS_ADDR_LINKLOCAL(a)) || \ (IN6_IS_ADDR_MC_LINKLOCAL(a))) +#define IN6_IS_SCOPE_EMBED(a) \ + ((IN6_IS_ADDR_LINKLOCAL(a)) || \ + (IN6_IS_ADDR_MC_LINKLOCAL(a)) || \ + (IN6_IS_ADDR_MC_INTFACELOCAL(a))) + #define IFA6_IS_DEPRECATED(a) \ ((a)->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME && \ --- //depot/vendor/freebsd_6/src/sys/sys/mbuf.h 2007/02/11 03:51:58 +++ //depot/user/mlaier/pf41_62/sys/sys/mbuf.h 2007/07/10 23:19:13 @@ -27,7 +27,7 @@ * SUCH DAMAGE. * * @(#)mbuf.h 8.5 (Berkeley) 2/19/95 - * $FreeBSD: src/sys/sys/mbuf.h,v 1.170.2.7 2007/02/11 03:31:19 mohans Exp $ + * $FreeBSD: src/sys/sys/mbuf.h,v 1.214 2007/07/03 12:46:07 mlaier Exp $ */ #ifndef _SYS_MBUF_H_ @@ -778,12 +778,8 @@ #define PACKET_TAG_DIVERT 17 /* divert info */ #define PACKET_TAG_IPFORWARD 18 /* ipforward info */ #define PACKET_TAG_MACLABEL (19 | MTAG_PERSISTENT) /* MAC label */ -#define PACKET_TAG_PF_ROUTED 21 /* PF routed, avoid loops */ -#define PACKET_TAG_PF_FRAGCACHE 22 /* PF fragment cached */ -#define PACKET_TAG_PF_QID 23 /* PF ALTQ queue id */ -#define PACKET_TAG_PF_TAG 24 /* PF tagged */ +#define PACKET_TAG_PF 21 /* PF + ALTQ information */ #define PACKET_TAG_RTSOCKFAM 25 /* rtsock sa family */ -#define PACKET_TAG_PF_TRANSLATE_LOCALHOST 26 /* PF translate localhost */ #define PACKET_TAG_IPOPTIONS 27 /* Saved IP options */ #define PACKET_TAG_CARP 28 /* CARP info */ --- //depot/vendor/freebsd_6/src/sys/sys/sockio.h 2006/02/15 03:44:32 +++ //depot/user/mlaier/pf41_62/sys/sys/sockio.h 2007/07/10 23:52:14 @@ -27,7 +27,7 @@ * SUCH DAMAGE. * * @(#)sockio.h 8.1 (Berkeley) 3/28/94 - * $FreeBSD: src/sys/sys/sockio.h,v 1.28.2.1 2006/02/15 03:37:15 ps Exp $ + * $FreeBSD: src/sys/sys/sockio.h,v 1.30 2006/06/19 22:20:45 mlaier Exp $ */ #ifndef _SYS_SOCKIO_H_ @@ -117,4 +117,9 @@ #define SIOCIFDESTROY _IOW('i', 121, struct ifreq) /* destroy clone if */ #define SIOCIFGCLONERS _IOWR('i', 120, struct if_clonereq) /* get cloners */ +#define SIOCAIFGROUP _IOW('i', 135, struct ifgroupreq) /* add an ifgroup */ +#define SIOCGIFGROUP _IOWR('i', 136, struct ifgroupreq) /* get ifgroups */ +#define SIOCDIFGROUP _IOW('i', 137, struct ifgroupreq) /* delete ifgroup */ +#define SIOCGIFGMEMB _IOWR('i', 138, struct ifgroupreq) /* get members */ + #endif /* !_SYS_SOCKIO_H_ */ --- //depot/vendor/freebsd_6/src/usr.sbin/Makefile 2007/03/15 04:52:32 +++ //depot/user/mlaier/pf41_62/usr.sbin/Makefile 2007/07/24 18:05:41 @@ -1,5 +1,7 @@ # From: @(#)Makefile 5.20 (Berkeley) 6/12/93 -# $FreeBSD: src/usr.sbin/Makefile,v 1.332.2.7 2007/03/15 04:05:33 kmacy Exp $ +# $FreeBSD: src/usr.sbin/Makefile,v 1.369 2007/07/03 12:46:07 mlaier Exp $ + +.include # XXX MISSING: mkproto SUBDIR= ac \ @@ -55,6 +57,7 @@ fdwrite \ flowctl \ freebsd-update \ + ${_ftp-proxy} \ fwcontrol \ getfmac \ getpmac \ @@ -251,6 +254,7 @@ .if !defined(NO_PF) && !defined(NO_AUTHPF) _authpf= authpf +_ftp-proxy= ftp-proxy .endif .if !defined(NO_LPR) --- //depot/vendor/freebsd_6/src/usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c 2005/12/09 17:45:51 +++ //depot/user/mlaier/pf41_62/usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c 2007/07/10 23:19:13 @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c,v 1.5.2.2 2005/12/03 14:40:46 philip Exp $ + * $FreeBSD: src/usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c,v 1.8 2007/07/03 12:46:07 mlaier Exp $ */ #include @@ -60,7 +60,7 @@ #define PFI_IFTYPE_DETACHED 2 struct pfi_entry { - struct pfi_if pfi; + struct pfi_kif pfi; u_int index; TAILQ_ENTRY(pfi_entry) link; }; @@ -544,83 +544,83 @@ switch (which) { case LEAF_pfInterfacesIfDescr: - return (string_get(val, e->pfi.pfif_name, -1)); + return (string_get(val, e->pfi.pfik_name, -1)); case LEAF_pfInterfacesIfType: val->v.integer = PFI_IFTYPE_INSTANCE; break; case LEAF_pfInterfacesIfTZero: val->v.uint32 = - (time(NULL) - e->pfi.pfif_tzero) * 100; + (time(NULL) - e->pfi.pfik_tzero) * 100; break; case LEAF_pfInterfacesIfRefsState: - val->v.uint32 = e->pfi.pfif_states; + val->v.uint32 = e->pfi.pfik_states; break; case LEAF_pfInterfacesIfRefsRule: - val->v.uint32 = e->pfi.pfif_rules; + val->v.uint32 = e->pfi.pfik_rules; break; case LEAF_pfInterfacesIf4BytesInPass: val->v.counter64 = - e->pfi.pfif_bytes[IPV4][IN][PASS]; + e->pfi.pfik_bytes[IPV4][IN][PASS]; break; case LEAF_pfInterfacesIf4BytesInBlock: val->v.counter64 = - e->pfi.pfif_bytes[IPV4][IN][BLOCK]; + e->pfi.pfik_bytes[IPV4][IN][BLOCK]; break; case LEAF_pfInterfacesIf4BytesOutPass: val->v.counter64 = - e->pfi.pfif_bytes[IPV4][OUT][PASS]; + e->pfi.pfik_bytes[IPV4][OUT][PASS]; break; case LEAF_pfInterfacesIf4BytesOutBlock: val->v.counter64 = - e->pfi.pfif_bytes[IPV4][OUT][BLOCK]; + e->pfi.pfik_bytes[IPV4][OUT][BLOCK]; break; case LEAF_pfInterfacesIf4PktsInPass: val->v.counter64 = - e->pfi.pfif_packets[IPV4][IN][PASS]; + e->pfi.pfik_packets[IPV4][IN][PASS]; break; case LEAF_pfInterfacesIf4PktsInBlock: val->v.counter64 = - e->pfi.pfif_packets[IPV4][IN][BLOCK]; + e->pfi.pfik_packets[IPV4][IN][BLOCK]; break; case LEAF_pfInterfacesIf4PktsOutPass: val->v.counter64 = - e->pfi.pfif_packets[IPV4][OUT][PASS]; + e->pfi.pfik_packets[IPV4][OUT][PASS]; break; case LEAF_pfInterfacesIf4PktsOutBlock: val->v.counter64 = - e->pfi.pfif_packets[IPV4][OUT][BLOCK]; + e->pfi.pfik_packets[IPV4][OUT][BLOCK]; break; case LEAF_pfInterfacesIf6BytesInPass: val->v.counter64 = - e->pfi.pfif_bytes[IPV6][IN][PASS]; + e->pfi.pfik_bytes[IPV6][IN][PASS]; break; case LEAF_pfInterfacesIf6BytesInBlock: val->v.counter64 = - e->pfi.pfif_bytes[IPV6][IN][BLOCK]; + e->pfi.pfik_bytes[IPV6][IN][BLOCK]; break; case LEAF_pfInterfacesIf6BytesOutPass: val->v.counter64 = - e->pfi.pfif_bytes[IPV6][OUT][PASS]; + e->pfi.pfik_bytes[IPV6][OUT][PASS]; break; case LEAF_pfInterfacesIf6BytesOutBlock: val->v.counter64 = - e->pfi.pfif_bytes[IPV6][OUT][BLOCK]; + e->pfi.pfik_bytes[IPV6][OUT][BLOCK]; break; case LEAF_pfInterfacesIf6PktsInPass: val->v.counter64 = - e->pfi.pfif_packets[IPV6][IN][PASS]; + e->pfi.pfik_packets[IPV6][IN][PASS]; break; case LEAF_pfInterfacesIf6PktsInBlock: val->v.counter64 = - e->pfi.pfif_packets[IPV6][IN][BLOCK]; + e->pfi.pfik_packets[IPV6][IN][BLOCK]; break; case LEAF_pfInterfacesIf6PktsOutPass: val->v.counter64 = - e->pfi.pfif_packets[IPV6][OUT][PASS]; + e->pfi.pfik_packets[IPV6][OUT][PASS]; break; case LEAF_pfInterfacesIf6PktsOutBlock: val->v.counter64 = - e->pfi.pfif_packets[IPV6][OUT][BLOCK]; + e->pfi.pfik_packets[IPV6][OUT][BLOCK]; break; default: @@ -911,7 +911,7 @@ pfi_refresh(void) { struct pfioc_iface io; - struct pfi_if *p = NULL; + struct pfi_kif *p = NULL; struct pfi_entry *e; int i, numifs = 1; @@ -925,11 +925,10 @@ } bzero(&io, sizeof(io)); - io.pfiio_flags = PFI_FLAG_INSTANCE; - io.pfiio_esize = sizeof(struct pfi_if); + io.pfiio_esize = sizeof(struct pfi_kif); for (;;) { - p = reallocf(p, numifs * sizeof(struct pfi_if)); + p = reallocf(p, numifs * sizeof(struct pfi_kif)); if (p == NULL) { syslog(LOG_ERR, "pfi_refresh(): reallocf() numifs=%d: %s", numifs, strerror(errno)); @@ -955,7 +954,7 @@ if (e == NULL) goto err1; e->index = i + 1; - memcpy(&e->pfi, p+i, sizeof(struct pfi_if)); + memcpy(&e->pfi, p+i, sizeof(struct pfi_kif)); TAILQ_INSERT_TAIL(&pfi_table, e, link); }