Module Name: src
Committed By: ahoka
Date: Mon Apr 12 13:57:38 UTC 2010
Modified Files:
src/sys/dist/pf/net: if_pflog.c pf.c pf_if.c pf_ioctl.c pf_norm.c
pf_osfp.c pf_table.c pfvar.h
Log Message:
- Make the pf and pflog driver able to detach.
- Add code for module support.
Original patch from Jared McNeill
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 src/sys/dist/pf/net/if_pflog.c \
src/sys/dist/pf/net/pfvar.h
cvs rdiff -u -r1.62 -r1.63 src/sys/dist/pf/net/pf.c
cvs rdiff -u -r1.20 -r1.21 src/sys/dist/pf/net/pf_if.c
cvs rdiff -u -r1.37 -r1.38 src/sys/dist/pf/net/pf_ioctl.c
cvs rdiff -u -r1.21 -r1.22 src/sys/dist/pf/net/pf_norm.c
cvs rdiff -u -r1.9 -r1.10 src/sys/dist/pf/net/pf_osfp.c
cvs rdiff -u -r1.15 -r1.16 src/sys/dist/pf/net/pf_table.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dist/pf/net/if_pflog.c
diff -u src/sys/dist/pf/net/if_pflog.c:1.17 src/sys/dist/pf/net/if_pflog.c:1.18
--- src/sys/dist/pf/net/if_pflog.c:1.17 Mon Apr 5 07:22:22 2010
+++ src/sys/dist/pf/net/if_pflog.c Mon Apr 12 13:57:38 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: if_pflog.c,v 1.17 2010/04/05 07:22:22 joerg Exp $ */
+/* $NetBSD: if_pflog.c,v 1.18 2010/04/12 13:57:38 ahoka Exp $ */
/* $OpenBSD: if_pflog.c,v 1.24 2007/05/26 17:13:30 jason Exp $ */
/*
@@ -36,7 +36,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_pflog.c,v 1.17 2010/04/05 07:22:22 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_pflog.c,v 1.18 2010/04/12 13:57:38 ahoka Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -82,6 +82,9 @@
#endif
void pflogattach(int);
+#ifdef _MODULE
+void pflogdetach(void);
+#endif /* _MODULE */
int pflogoutput(struct ifnet *, struct mbuf *, const struct sockaddr *,
struct rtentry *);
int pflogioctl(struct ifnet *, u_long, void *);
@@ -106,6 +109,20 @@
if_clone_attach(&pflog_cloner);
}
+#ifdef _MODULE
+void
+pflogdetach(void)
+{
+ int i;
+
+ for (i = 0; i < PFLOGIFS_MAX; i++) {
+ if (pflogifs[i] != NULL)
+ pflog_clone_destroy(pflogifs[i]);
+ }
+ if_clone_detach(&pflog_cloner);
+}
+#endif /* _MODULE */
+
int
pflog_clone_create(struct if_clone *ifc, int unit)
{
Index: src/sys/dist/pf/net/pfvar.h
diff -u src/sys/dist/pf/net/pfvar.h:1.17 src/sys/dist/pf/net/pfvar.h:1.18
--- src/sys/dist/pf/net/pfvar.h:1.17 Tue Jul 28 18:15:26 2009
+++ src/sys/dist/pf/net/pfvar.h Mon Apr 12 13:57:38 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: pfvar.h,v 1.17 2009/07/28 18:15:26 minskim Exp $ */
+/* $NetBSD: pfvar.h,v 1.18 2010/04/12 13:57:38 ahoka Exp $ */
/* $OpenBSD: pfvar.h,v 1.254 2007/07/13 09:17:48 markus Exp $ */
/*
@@ -1641,6 +1641,9 @@
int pf_match_gid(u_int8_t, gid_t, gid_t, gid_t);
void pf_normalize_init(void);
+#ifdef _MODULE
+void pf_normalize_destroy(void);
+#endif /* _MODULE */
int pf_normalize_ip(struct mbuf **, int, struct pfi_kif *, u_short *,
struct pf_pdesc *);
int pf_normalize_ip6(struct mbuf **, int, struct pfi_kif *, u_short *,
@@ -1662,6 +1665,9 @@
struct pf_state_key *
pf_alloc_state_key(struct pf_state *);
void pfr_initialize(void);
+#ifdef _MODULE
+void pfr_destroy(void);
+#endif /* _MODULE */
int pfr_match_addr(struct pfr_ktable *, struct pf_addr *, sa_family_t);
void pfr_update_stats(struct pfr_ktable *, struct pf_addr *, sa_family_t,
u_int64_t, int, int, int);
@@ -1701,6 +1707,9 @@
extern struct pfi_kif *pfi_all;
void pfi_initialize(void);
+#ifdef _MODULE
+void pfi_destroy(void);
+#endif /* _MODULE */
struct pfi_kif *pfi_kif_get(const char *);
void pfi_kif_ref(struct pfi_kif *, enum pfi_kif_refs);
void pfi_kif_unref(struct pfi_kif *, enum pfi_kif_refs);
@@ -1803,6 +1812,9 @@
void pf_osfp_flush(void);
int pf_osfp_get(struct pf_osfp_ioctl *);
void pf_osfp_initialize(void);
+#ifdef _MODULE
+void pf_osfp_destroy(void);
+#endif /* _MODULE */
int pf_osfp_match(struct pf_osfp_enlist *, pf_osfp_t);
struct pf_os_fingerprint *
pf_osfp_validate(void);
Index: src/sys/dist/pf/net/pf.c
diff -u src/sys/dist/pf/net/pf.c:1.62 src/sys/dist/pf/net/pf.c:1.63
--- src/sys/dist/pf/net/pf.c:1.62 Mon Apr 12 06:56:19 2010
+++ src/sys/dist/pf/net/pf.c Mon Apr 12 13:57:38 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: pf.c,v 1.62 2010/04/12 06:56:19 skrll Exp $ */
+/* $NetBSD: pf.c,v 1.63 2010/04/12 13:57:38 ahoka Exp $ */
/* $OpenBSD: pf.c,v 1.552.2.1 2007/11/27 16:37:57 henning Exp $ */
/*
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: pf.c,v 1.62 2010/04/12 06:56:19 skrll Exp $");
+__KERNEL_RCSID(0, "$NetBSD: pf.c,v 1.63 2010/04/12 13:57:38 ahoka Exp $");
#include "pflog.h"
@@ -917,12 +917,24 @@
return (0);
}
+#ifdef _LKM
+volatile int pf_purge_thread_stop;
+volatile int pf_purge_thread_running;
+#endif
+
void
pf_purge_thread(void *v)
{
int nloops = 0, s;
+#ifdef _LKM
+ pf_purge_thread_running = 1;
+ pf_purge_thread_stop = 0;
+
+ while (!pf_purge_thread_stop) {
+#else
for (;;) {
+#endif /* !_LKM */
tsleep(pf_purge_thread, PWAIT, "pftm", 1 * hz);
s = splsoftnet();
@@ -940,6 +952,12 @@
splx(s);
}
+
+#ifdef _LKM
+ pf_purge_thread_running = 0;
+ wakeup(&pf_purge_thread_running);
+ kthread_exit(0);
+#endif /* _LKM */
}
u_int32_t
Index: src/sys/dist/pf/net/pf_if.c
diff -u src/sys/dist/pf/net/pf_if.c:1.20 src/sys/dist/pf/net/pf_if.c:1.21
--- src/sys/dist/pf/net/pf_if.c:1.20 Sun Dec 6 16:46:11 2009
+++ src/sys/dist/pf/net/pf_if.c Mon Apr 12 13:57:38 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: pf_if.c,v 1.20 2009/12/06 16:46:11 dsl Exp $ */
+/* $NetBSD: pf_if.c,v 1.21 2010/04/12 13:57:38 ahoka Exp $ */
/* $OpenBSD: pf_if.c,v 1.47 2007/07/13 09:17:48 markus Exp $ */
/*
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: pf_if.c,v 1.20 2009/12/06 16:46:11 dsl Exp $");
+__KERNEL_RCSID(0, "$NetBSD: pf_if.c,v 1.21 2010/04/12 13:57:38 ahoka Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -138,6 +138,37 @@
#endif /* __NetBSD__ */
}
+#ifdef _MODULE
+void
+pfi_destroy(void)
+{
+ struct pfi_kif *p;
+ int i;
+
+ pfil_remove_hook(pfil_ifaddr_wrapper, NULL, PFIL_IFADDR, &if_pfil);
+ pfil_remove_hook(pfil_ifnet_wrapper, NULL, PFIL_IFNET, &if_pfil);
+
+ for (i = 0; i < if_indexlim; i++) {
+ struct ifnet *ifp = ifindex2ifnet[i];
+
+ if (ifp != NULL) {
+ pfi_detach_ifnet(ifp);
+
+ pfi_destroy_groups(ifp);
+ }
+ }
+
+ while ((p = RB_MIN(pfi_ifhead, &pfi_ifs))) {
+ RB_REMOVE(pfi_ifhead, &pfi_ifs, p);
+ free(p, PFI_MTYPE);
+ }
+
+ pool_destroy(&pfi_addr_pl);
+
+ free(pfi_buffer, PFI_MTYPE);
+}
+#endif /* _MODULE */
+
struct pfi_kif *
pfi_kif_get(const char *kif_name)
{
Index: src/sys/dist/pf/net/pf_ioctl.c
diff -u src/sys/dist/pf/net/pf_ioctl.c:1.37 src/sys/dist/pf/net/pf_ioctl.c:1.38
--- src/sys/dist/pf/net/pf_ioctl.c:1.37 Sat Oct 3 00:37:02 2009
+++ src/sys/dist/pf/net/pf_ioctl.c Mon Apr 12 13:57:38 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: pf_ioctl.c,v 1.37 2009/10/03 00:37:02 elad Exp $ */
+/* $NetBSD: pf_ioctl.c,v 1.38 2010/04/12 13:57:38 ahoka Exp $ */
/* $OpenBSD: pf_ioctl.c,v 1.182 2007/06/24 11:17:13 mcbride Exp $ */
/*
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: pf_ioctl.c,v 1.37 2009/10/03 00:37:02 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: pf_ioctl.c,v 1.38 2010/04/12 13:57:38 ahoka Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -65,6 +65,7 @@
#include <sys/conf.h>
#include <sys/lwp.h>
#include <sys/kauth.h>
+#include <sys/module.h>
#endif /* __NetBSD__ */
#include <net/if.h>
@@ -104,6 +105,9 @@
#endif
void pfattach(int);
+#ifdef _MODULE
+void pfdetach(void);
+#endif /* _MODULE */
#ifndef __NetBSD__
void pf_thread_create(void *);
#endif /* !__NetBSD__ */
@@ -309,6 +313,98 @@
#endif /* __NetBSD__ */
}
+#ifdef _MODULE
+void
+pfdetach(void)
+{
+ extern int pf_purge_thread_running;
+ extern int pf_purge_thread_stop;
+ struct pf_anchor *anchor;
+ struct pf_state *state;
+ struct pf_src_node *node;
+ struct pfioc_table pt;
+ u_int32_t ticket;
+ int i;
+ char r = '\0';
+
+ pf_purge_thread_stop = 1;
+ wakeup(pf_purge_thread);
+
+ /* wait until the kthread exits */
+ while (pf_purge_thread_running)
+ tsleep(&pf_purge_thread_running, PWAIT, "pfdown", 0);
+
+ (void)pf_pfil_detach();
+
+ pf_status.running = 0;
+
+ /* clear the rulesets */
+ for (i = 0; i < PF_RULESET_MAX; i++)
+ if (pf_begin_rules(&ticket, i, &r) == 0)
+ pf_commit_rules(ticket, i, &r);
+#ifdef ALTQ
+ if (pf_begin_altq(&ticket) == 0)
+ pf_commit_altq(ticket);
+#endif /* ALTQ */
+
+ /* clear states */
+ RB_FOREACH(state, pf_state_tree_id, &tree_id) {
+ state->timeout = PFTM_PURGE;
+#if NPFSYNC > 0
+ state->sync_flags = PFSTATE_NOSYNC;
+#endif /* NPFSYNC > 0 */
+ }
+ pf_purge_expired_states(pf_status.states);
+#if NPFSYNC > 0
+ pfsync_clear_states(pf_status.hostid, NULL);
+#endif /* NPFSYNC > 0 */
+
+ /* clear source nodes */
+ RB_FOREACH(state, pf_state_tree_id, &tree_id) {
+ state->src_node = NULL;
+ state->nat_src_node = NULL;
+ }
+ RB_FOREACH(node, pf_src_tree, &tree_src_tracking) {
+ node->expire = 1;
+ node->states = 0;
+ }
+ pf_purge_expired_src_nodes(0);
+
+ /* clear tables */
+ memset(&pt, '\0', sizeof(pt));
+ pfr_clr_tables(&pt.pfrio_table, &pt.pfrio_ndel, pt.pfrio_flags);
+
+ /* destroy anchors */
+ while ((anchor = RB_MIN(pf_anchor_global, &pf_anchors)) != NULL) {
+ for (i = 0; i < PF_RULESET_MAX; i++)
+ if (pf_begin_rules(&ticket, i, anchor->name) == 0)
+ pf_commit_rules(ticket, i, anchor->name);
+ }
+
+ /* destroy main ruleset */
+ pf_remove_if_empty_ruleset(&pf_main_ruleset);
+
+ /* destroy the pools */
+ pool_destroy(&pf_pooladdr_pl);
+ pool_destroy(&pf_altq_pl);
+ pool_destroy(&pf_state_key_pl);
+ pool_destroy(&pf_state_pl);
+ pool_destroy(&pf_rule_pl);
+ pool_destroy(&pf_src_tree_pl);
+
+ rw_destroy(&pf_consistency_lock);
+
+ /* destroy subsystems */
+ pf_normalize_destroy();
+ pf_osfp_destroy();
+ pfr_destroy();
+ pfi_destroy();
+
+ /* cleanup kauth listener */
+ kauth_unlisten_scope(pf_listener);
+}
+#endif /* _MODULE */
+
#ifndef __NetBSD__
void
pf_thread_create(void *v)
@@ -3245,3 +3341,39 @@
return (0);
}
#endif /* __NetBSD__ */
+
+#if defined(__NetBSD__)
+MODULE(MODULE_CLASS_MISC, pf, "bpf");
+
+static int
+pf_modcmd(modcmd_t cmd, void *opaque)
+{
+#ifdef _MODULE
+ extern void pflogattach(int);
+ extern void pflogdetach(void);
+
+ devmajor_t cmajor = NODEVMAJOR, bmajor = NODEVMAJOR;
+ int err;
+
+ switch (cmd) {
+ case MODULE_CMD_INIT:
+ err = devsw_attach("pf", NULL, &bmajor, &pf_cdevsw, &cmajor);
+ if (err)
+ return err;
+ pfattach(1);
+ pflogattach(1);
+ return 0;
+ case MODULE_CMD_FINI:
+ pfdetach();
+ pflogdetach();
+ return devsw_detach(NULL, &pf_cdevsw);
+ default:
+ return ENOTTY;
+ }
+#else
+ if (cmd == MODULE_CMD_INIT)
+ return 0;
+ return ENOTTY;
+#endif
+}
+#endif
Index: src/sys/dist/pf/net/pf_norm.c
diff -u src/sys/dist/pf/net/pf_norm.c:1.21 src/sys/dist/pf/net/pf_norm.c:1.22
--- src/sys/dist/pf/net/pf_norm.c:1.21 Tue Jul 28 18:15:26 2009
+++ src/sys/dist/pf/net/pf_norm.c Mon Apr 12 13:57:38 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: pf_norm.c,v 1.21 2009/07/28 18:15:26 minskim Exp $ */
+/* $NetBSD: pf_norm.c,v 1.22 2010/04/12 13:57:38 ahoka Exp $ */
/* $OpenBSD: pf_norm.c,v 1.109 2007/05/28 17:16:39 henning Exp $ */
/*
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: pf_norm.c,v 1.21 2009/07/28 18:15:26 minskim Exp $");
+__KERNEL_RCSID(0, "$NetBSD: pf_norm.c,v 1.22 2010/04/12 13:57:38 ahoka Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -177,6 +177,18 @@
TAILQ_INIT(&pf_cachequeue);
}
+#ifdef _MODULE
+void
+pf_normalize_destroy(void)
+{
+ pool_destroy(&pf_state_scrub_pl);
+ pool_destroy(&pf_cent_pl);
+ pool_destroy(&pf_cache_pl);
+ pool_destroy(&pf_frag_pl);
+ pool_destroy(&pf_frent_pl);
+}
+#endif /* _MODULE */
+
static __inline int
pf_frag_compare(struct pf_fragment *a, struct pf_fragment *b)
{
Index: src/sys/dist/pf/net/pf_osfp.c
diff -u src/sys/dist/pf/net/pf_osfp.c:1.9 src/sys/dist/pf/net/pf_osfp.c:1.10
--- src/sys/dist/pf/net/pf_osfp.c:1.9 Tue Jul 28 18:15:26 2009
+++ src/sys/dist/pf/net/pf_osfp.c Mon Apr 12 13:57:38 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: pf_osfp.c,v 1.9 2009/07/28 18:15:26 minskim Exp $ */
+/* $NetBSD: pf_osfp.c,v 1.10 2010/04/12 13:57:38 ahoka Exp $ */
/* $OpenBSD: pf_osfp.c,v 1.12 2006/12/13 18:14:10 itojun Exp $ */
/*
@@ -19,7 +19,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: pf_osfp.c,v 1.9 2009/07/28 18:15:26 minskim Exp $");
+__KERNEL_RCSID(0, "$NetBSD: pf_osfp.c,v 1.10 2010/04/12 13:57:38 ahoka Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -315,6 +315,17 @@
SLIST_INIT(&pf_osfp_list);
}
+#ifdef _MODULE
+void
+pf_osfp_destroy(void)
+{
+ pf_osfp_flush();
+
+ pool_destroy(&pf_osfp_pl);
+ pool_destroy(&pf_osfp_entry_pl);
+}
+#endif /* _MODULE */
+
/* Flush the fingerprint list */
void
pf_osfp_flush(void)
Index: src/sys/dist/pf/net/pf_table.c
diff -u src/sys/dist/pf/net/pf_table.c:1.15 src/sys/dist/pf/net/pf_table.c:1.16
--- src/sys/dist/pf/net/pf_table.c:1.15 Tue Jul 28 18:15:26 2009
+++ src/sys/dist/pf/net/pf_table.c Mon Apr 12 13:57:38 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: pf_table.c,v 1.15 2009/07/28 18:15:26 minskim Exp $ */
+/* $NetBSD: pf_table.c,v 1.16 2010/04/12 13:57:38 ahoka Exp $ */
/* $OpenBSD: pf_table.c,v 1.70 2007/05/23 11:53:45 markus Exp $ */
/*
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: pf_table.c,v 1.15 2009/07/28 18:15:26 minskim Exp $");
+__KERNEL_RCSID(0, "$NetBSD: pf_table.c,v 1.16 2010/04/12 13:57:38 ahoka Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -222,6 +222,16 @@
memset(&pfr_ffaddr, 0xff, sizeof(pfr_ffaddr));
}
+#ifdef _MODULE
+void
+pfr_destroy(void)
+{
+ pool_destroy(&pfr_ktable_pl);
+ pool_destroy(&pfr_kentry_pl);
+ pool_destroy(&pfr_kentry_pl2);
+}
+#endif /* _MODULE */
+
int
pfr_clr_addrs(struct pfr_table *tbl, int *ndel, int flags)
{
