Author: glebius
Date: Wed Mar 12 10:45:58 2014
New Revision: 263086
URL: http://svnweb.freebsd.org/changeset/base/263086
Log:
Bulk sync of pf changes from head, in attempt to fixup broken build I
made in r263029.
Merge r257186,257215,257349,259736,261797.
These changesets split pfvar.h into several smaller headers and make
userland utilities to include only some of them.
Added:
stable/10/sys/netpfil/pf/pf.h
- copied, changed from r257215, head/sys/netpfil/pf/pf.h
stable/10/sys/netpfil/pf/pf_altq.h
- copied unchanged from r257215, head/sys/netpfil/pf/pf_altq.h
stable/10/sys/netpfil/pf/pf_mtag.h
- copied unchanged from r257215, head/sys/netpfil/pf/pf_mtag.h
Deleted:
stable/10/sys/net/pf_mtag.h
Modified:
stable/10/contrib/libpcap/grammar.y
stable/10/contrib/tcpdump/print-ip.c
stable/10/etc/mtree/BSD.include.dist
stable/10/include/Makefile
stable/10/sbin/ifconfig/Makefile
stable/10/sbin/ipfw/Makefile
stable/10/sbin/ipfw/ipfw2.h
stable/10/sys/contrib/altq/altq/altq_cbq.c
stable/10/sys/contrib/altq/altq/altq_cdnr.c
stable/10/sys/contrib/altq/altq/altq_hfsc.c
stable/10/sys/contrib/altq/altq/altq_priq.c
stable/10/sys/contrib/altq/altq/altq_red.c
stable/10/sys/contrib/altq/altq/altq_rio.c
stable/10/sys/contrib/altq/altq/altq_rmclass.c
stable/10/sys/contrib/altq/altq/altq_subr.c
stable/10/sys/net/if_ethersubr.c
stable/10/sys/net/pfvar.h
stable/10/sys/netpfil/ipfw/ip_fw2.c
stable/10/sys/netpfil/pf/pf.c
stable/10/sys/netpfil/pf/pf_lb.c
stable/10/sys/netpfil/pf/pf_norm.c
stable/10/usr.bin/kdump/Makefile
stable/10/usr.bin/kdump/mkioctls
stable/10/usr.bin/netstat/Makefile
stable/10/usr.bin/netstat/if.c
stable/10/usr.bin/netstat/main.c
stable/10/usr.sbin/bsnmpd/modules/Makefile
stable/10/usr.sbin/tcpdump/tcpdump/Makefile
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/contrib/libpcap/grammar.y
==============================================================================
--- stable/10/contrib/libpcap/grammar.y Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/contrib/libpcap/grammar.y Wed Mar 12 10:45:58 2014
(r263086)
@@ -56,7 +56,7 @@ struct rtentry;
#include "gencode.h"
#ifdef HAVE_NET_PFVAR_H
#include <net/if.h>
-#include <net/pfvar.h>
+#include <netpfil/pf/pf.h>
#include <net/if_pflog.h>
#endif
#include "ieee80211.h"
Modified: stable/10/contrib/tcpdump/print-ip.c
==============================================================================
--- stable/10/contrib/tcpdump/print-ip.c Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/contrib/tcpdump/print-ip.c Wed Mar 12 10:45:58 2014
(r263086)
@@ -483,9 +483,11 @@ again:
pgm_print(ipds->cp, ipds->len, (const u_char *)ipds->ip);
break;
+#if defined(HAVE_NET_PFVAR_H)
case IPPROTO_PFSYNC:
pfsync_ip_print(ipds->cp, ipds->len);
break;
+#endif
default:
if (ndo->ndo_nflag==0 && (proto = getprotobynumber(ipds->nh))
!= NULL)
Modified: stable/10/etc/mtree/BSD.include.dist
==============================================================================
--- stable/10/etc/mtree/BSD.include.dist Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/etc/mtree/BSD.include.dist Wed Mar 12 10:45:58 2014
(r263086)
@@ -287,6 +287,10 @@
sig
..
..
+ netpfil
+ pf
+ ..
+ ..
netsmb
..
nfs
Modified: stable/10/include/Makefile
==============================================================================
--- stable/10/include/Makefile Wed Mar 12 10:45:22 2014 (r263085)
+++ stable/10/include/Makefile Wed Mar 12 10:45:58 2014 (r263086)
@@ -280,6 +280,13 @@ symlinks:
${DESTDIR}${INCLUDEDIR}/netinet; \
done
.endif
+.if ${MK_PF} != "no"
+ cd ${.CURDIR}/../sys/netpfil/pf; \
+ for h in *.h; do \
+ ln -fs ../../../../sys/netpfil/pf/$$h \
+ ${DESTDIR}${INCLUDEDIR}/netpfil/pf; \
+ done
+.endif
cd ${.CURDIR}/../sys/crypto; \
for h in rijndael/rijndael.h; do \
ln -fs ../../../sys/crypto/$$h \
Modified: stable/10/sbin/ifconfig/Makefile
==============================================================================
--- stable/10/sbin/ifconfig/Makefile Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/sbin/ifconfig/Makefile Wed Mar 12 10:45:58 2014
(r263086)
@@ -40,7 +40,9 @@ LDADD+= -lbsdxml -lsbuf
SRCS+= carp.c # SIOC[GS]VH support
SRCS+= ifgroup.c # ...
+.if ${MK_PF} != "no"
SRCS+= ifpfsync.c # pfsync(4) support
+.endif
SRCS+= ifbridge.c # bridge support
SRCS+= iflagg.c # lagg support
Modified: stable/10/sbin/ipfw/Makefile
==============================================================================
--- stable/10/sbin/ipfw/Makefile Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/sbin/ipfw/Makefile Wed Mar 12 10:45:58 2014
(r263086)
@@ -1,8 +1,16 @@
# $FreeBSD$
+.include <bsd.own.mk>
+
PROG= ipfw
-SRCS= ipfw2.c dummynet.c ipv6.c main.c nat.c altq.c
+SRCS= ipfw2.c dummynet.c ipv6.c main.c nat.c
WARNS?= 2
+
+.if ${MK_PF} != "no"
+SRCS+= altq.c
+CFLAGS+=-DPF
+.endif
+
DPADD= ${LIBUTIL}
LDADD= -lutil
MAN= ipfw.8
Modified: stable/10/sbin/ipfw/ipfw2.h
==============================================================================
--- stable/10/sbin/ipfw/ipfw2.h Wed Mar 12 10:45:22 2014 (r263085)
+++ stable/10/sbin/ipfw/ipfw2.h Wed Mar 12 10:45:58 2014 (r263086)
@@ -266,11 +266,14 @@ void ipfw_flush(int force);
void ipfw_zero(int ac, char *av[], int optname);
void ipfw_list(int ac, char *av[], int show_counters);
+#ifdef PF
/* altq.c */
void altq_set_enabled(int enabled);
u_int32_t altq_name_to_qid(const char *name);
-
void print_altq_cmd(struct _ipfw_insn_altq *altqptr);
+#else
+#define NO_ALTQ
+#endif
/* dummynet.c */
void dummynet_list(int ac, char *av[], int show_counters);
Modified: stable/10/sys/contrib/altq/altq/altq_cbq.c
==============================================================================
--- stable/10/sys/contrib/altq/altq/altq_cbq.c Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/sys/contrib/altq/altq/altq_cbq.c Wed Mar 12 10:45:58 2014
(r263086)
@@ -54,9 +54,12 @@
#endif
#include <net/if.h>
+#include <net/if_var.h>
#include <netinet/in.h>
-#include <net/pfvar.h>
+#include <netpfil/pf/pf.h>
+#include <netpfil/pf/pf_altq.h>
+#include <netpfil/pf/pf_mtag.h>
#include <altq/altq.h>
#include <altq/altq_cbq.h>
#ifdef ALTQ3_COMPAT
Modified: stable/10/sys/contrib/altq/altq/altq_cdnr.c
==============================================================================
--- stable/10/sys/contrib/altq/altq/altq_cdnr.c Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/sys/contrib/altq/altq/altq_cdnr.c Wed Mar 12 10:45:58 2014
(r263086)
@@ -55,6 +55,7 @@
#include <netinet/ip6.h>
#endif
+#include <altq/if_altq.h>
#include <altq/altq.h>
#ifdef ALTQ3_COMPAT
#include <altq/altq_conf.h>
Modified: stable/10/sys/contrib/altq/altq/altq_hfsc.c
==============================================================================
--- stable/10/sys/contrib/altq/altq/altq_hfsc.c Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/sys/contrib/altq/altq/altq_hfsc.c Wed Mar 12 10:45:58 2014
(r263086)
@@ -66,9 +66,12 @@
#endif /* ALTQ3_COMPAT */
#include <net/if.h>
+#include <net/if_var.h>
#include <netinet/in.h>
-#include <net/pfvar.h>
+#include <netpfil/pf/pf.h>
+#include <netpfil/pf/pf_altq.h>
+#include <netpfil/pf/pf_mtag.h>
#include <altq/altq.h>
#include <altq/altq_hfsc.h>
#ifdef ALTQ3_COMPAT
Modified: stable/10/sys/contrib/altq/altq/altq_priq.c
==============================================================================
--- stable/10/sys/contrib/altq/altq/altq_priq.c Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/sys/contrib/altq/altq/altq_priq.c Wed Mar 12 10:45:58 2014
(r263086)
@@ -51,9 +51,12 @@
#include <sys/queue.h>
#include <net/if.h>
+#include <net/if_var.h>
#include <netinet/in.h>
-#include <net/pfvar.h>
+#include <netpfil/pf/pf.h>
+#include <netpfil/pf/pf_altq.h>
+#include <netpfil/pf/pf_mtag.h>
#include <altq/altq.h>
#ifdef ALTQ3_COMPAT
#include <altq/altq_conf.h>
Modified: stable/10/sys/contrib/altq/altq/altq_red.c
==============================================================================
--- stable/10/sys/contrib/altq/altq/altq_red.c Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/sys/contrib/altq/altq/altq_red.c Wed Mar 12 10:45:58 2014
(r263086)
@@ -86,6 +86,7 @@
#endif /* ALTQ3_COMPAT */
#include <net/if.h>
+#include <net/if_var.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
@@ -94,7 +95,9 @@
#include <netinet/ip6.h>
#endif
-#include <net/pfvar.h>
+#include <netpfil/pf/pf.h>
+#include <netpfil/pf/pf_altq.h>
+#include <netpfil/pf/pf_mtag.h>
#include <altq/altq.h>
#include <altq/altq_red.h>
#ifdef ALTQ3_COMPAT
Modified: stable/10/sys/contrib/altq/altq/altq_rio.c
==============================================================================
--- stable/10/sys/contrib/altq/altq/altq_rio.c Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/sys/contrib/altq/altq/altq_rio.c Wed Mar 12 10:45:58 2014
(r263086)
@@ -81,6 +81,7 @@
#endif
#include <net/if.h>
+#include <net/if_var.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
@@ -89,7 +90,8 @@
#include <netinet/ip6.h>
#endif
-#include <net/pfvar.h>
+#include <netpfil/pf/pf.h>
+#include <netpfil/pf/pf_altq.h>
#include <altq/altq.h>
#include <altq/altq_cdnr.h>
#include <altq/altq_red.h>
Modified: stable/10/sys/contrib/altq/altq/altq_rmclass.c
==============================================================================
--- stable/10/sys/contrib/altq/altq/altq_rmclass.c Wed Mar 12 10:45:22
2014 (r263085)
+++ stable/10/sys/contrib/altq/altq/altq_rmclass.c Wed Mar 12 10:45:58
2014 (r263086)
@@ -59,12 +59,14 @@
#endif
#include <net/if.h>
+#include <net/if_var.h>
#ifdef ALTQ3_COMPAT
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#endif
+#include <altq/if_altq.h>
#include <altq/altq.h>
#include <altq/altq_rmclass.h>
#include <altq/altq_rmclass_debug.h>
Modified: stable/10/sys/contrib/altq/altq/altq_subr.c
==============================================================================
--- stable/10/sys/contrib/altq/altq/altq_subr.c Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/sys/contrib/altq/altq/altq_subr.c Wed Mar 12 10:45:58 2014
(r263086)
@@ -49,6 +49,7 @@
#include <sys/queue.h>
#include <net/if.h>
+#include <net/if_var.h>
#include <net/if_dl.h>
#include <net/if_types.h>
#ifdef __FreeBSD__
@@ -64,7 +65,8 @@
#include <netinet/tcp.h>
#include <netinet/udp.h>
-#include <net/pfvar.h>
+#include <netpfil/pf/pf.h>
+#include <netpfil/pf/pf_altq.h>
#include <altq/altq.h>
#ifdef ALTQ3_COMPAT
#include <altq/altq_conf.h>
Modified: stable/10/sys/net/if_ethersubr.c
==============================================================================
--- stable/10/sys/net/if_ethersubr.c Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/sys/net/if_ethersubr.c Wed Mar 12 10:45:58 2014
(r263086)
@@ -62,10 +62,11 @@
#include <net/if_bridgevar.h>
#include <net/if_vlan_var.h>
#include <net/if_llatbl.h>
-#include <net/pf_mtag.h>
#include <net/pfil.h>
#include <net/vnet.h>
+#include <netpfil/pf/pf_mtag.h>
+
#if defined(INET) || defined(INET6)
#include <netinet/in.h>
#include <netinet/in_var.h>
Modified: stable/10/sys/net/pfvar.h
==============================================================================
--- stable/10/sys/net/pfvar.h Wed Mar 12 10:45:22 2014 (r263085)
+++ stable/10/sys/net/pfvar.h Wed Mar 12 10:45:58 2014 (r263086)
@@ -42,82 +42,9 @@
#include <net/radix.h>
#include <netinet/in.h>
-#include <net/pf_mtag.h>
-
-#define PF_TCPS_PROXY_SRC ((TCP_NSTATES)+0)
-#define PF_TCPS_PROXY_DST ((TCP_NSTATES)+1)
-
-#define PF_MD5_DIGEST_LENGTH 16
-#ifdef MD5_DIGEST_LENGTH
-#if PF_MD5_DIGEST_LENGTH != MD5_DIGEST_LENGTH
-#error
-#endif
-#endif
-
-enum { PF_INOUT, PF_IN, PF_OUT };
-enum { PF_PASS, PF_DROP, PF_SCRUB, PF_NOSCRUB, PF_NAT, PF_NONAT,
- PF_BINAT, PF_NOBINAT, PF_RDR, PF_NORDR, PF_SYNPROXY_DROP, PF_DEFER };
-enum { PF_RULESET_SCRUB, PF_RULESET_FILTER, PF_RULESET_NAT,
- PF_RULESET_BINAT, PF_RULESET_RDR, PF_RULESET_MAX };
-enum { PF_OP_NONE, PF_OP_IRG, PF_OP_EQ, PF_OP_NE, PF_OP_LT,
- PF_OP_LE, PF_OP_GT, PF_OP_GE, PF_OP_XRG, PF_OP_RRG };
-enum { PF_DEBUG_NONE, PF_DEBUG_URGENT, PF_DEBUG_MISC, PF_DEBUG_NOISY };
-enum { PF_CHANGE_NONE, PF_CHANGE_ADD_HEAD, PF_CHANGE_ADD_TAIL,
- PF_CHANGE_ADD_BEFORE, PF_CHANGE_ADD_AFTER,
- PF_CHANGE_REMOVE, PF_CHANGE_GET_TICKET };
-enum { PF_GET_NONE, PF_GET_CLR_CNTR };
-enum { PF_SK_WIRE, PF_SK_STACK, PF_SK_BOTH };
-
-/*
- * Note about PFTM_*: real indices into pf_rule.timeout[] come before
- * PFTM_MAX, special cases afterwards. See pf_state_expires().
- */
-enum { PFTM_TCP_FIRST_PACKET, PFTM_TCP_OPENING, PFTM_TCP_ESTABLISHED,
- PFTM_TCP_CLOSING, PFTM_TCP_FIN_WAIT, PFTM_TCP_CLOSED,
- PFTM_UDP_FIRST_PACKET, PFTM_UDP_SINGLE, PFTM_UDP_MULTIPLE,
- PFTM_ICMP_FIRST_PACKET, PFTM_ICMP_ERROR_REPLY,
- PFTM_OTHER_FIRST_PACKET, PFTM_OTHER_SINGLE,
- PFTM_OTHER_MULTIPLE, PFTM_FRAG, PFTM_INTERVAL,
- PFTM_ADAPTIVE_START, PFTM_ADAPTIVE_END, PFTM_SRC_NODE,
- PFTM_TS_DIFF, PFTM_MAX, PFTM_PURGE, PFTM_UNLINKED };
-
-/* PFTM default values */
-#define PFTM_TCP_FIRST_PACKET_VAL 120 /* First TCP packet */
-#define PFTM_TCP_OPENING_VAL 30 /* No response yet */
-#define PFTM_TCP_ESTABLISHED_VAL 24*60*60/* Established */
-#define PFTM_TCP_CLOSING_VAL 15 * 60 /* Half closed */
-#define PFTM_TCP_FIN_WAIT_VAL 45 /* Got both FINs */
-#define PFTM_TCP_CLOSED_VAL 90 /* Got a RST */
-#define PFTM_UDP_FIRST_PACKET_VAL 60 /* First UDP packet */
-#define PFTM_UDP_SINGLE_VAL 30 /* Unidirectional */
-#define PFTM_UDP_MULTIPLE_VAL 60 /* Bidirectional */
-#define PFTM_ICMP_FIRST_PACKET_VAL 20 /* First ICMP packet */
-#define PFTM_ICMP_ERROR_REPLY_VAL 10 /* Got error response */
-#define PFTM_OTHER_FIRST_PACKET_VAL 60 /* First packet */
-#define PFTM_OTHER_SINGLE_VAL 30 /* Unidirectional */
-#define PFTM_OTHER_MULTIPLE_VAL 60 /* Bidirectional */
-#define PFTM_FRAG_VAL 30 /* Fragment expire */
-#define PFTM_INTERVAL_VAL 10 /* Expire interval */
-#define PFTM_SRC_NODE_VAL 0 /* Source tracking */
-#define PFTM_TS_DIFF_VAL 30 /* Allowed TS diff */
-
-enum { PF_NOPFROUTE, PF_FASTROUTE, PF_ROUTETO, PF_DUPTO, PF_REPLYTO };
-enum { PF_LIMIT_STATES, PF_LIMIT_SRC_NODES, PF_LIMIT_FRAGS,
- PF_LIMIT_TABLE_ENTRIES, PF_LIMIT_MAX };
-#define PF_POOL_IDMASK 0x0f
-enum { PF_POOL_NONE, PF_POOL_BITMASK, PF_POOL_RANDOM,
- PF_POOL_SRCHASH, PF_POOL_ROUNDROBIN };
-enum { PF_ADDR_ADDRMASK, PF_ADDR_NOROUTE, PF_ADDR_DYNIFTL,
- PF_ADDR_TABLE, PF_ADDR_URPFFAILED,
- PF_ADDR_RANGE };
-#define PF_POOL_TYPEMASK 0x0f
-#define PF_POOL_STICKYADDR 0x20
-#define PF_WSCALE_FLAG 0x80
-#define PF_WSCALE_MASK 0x0f
-
-#define PF_LOG 0x01
-#define PF_LOG_ALL 0x02
-#define PF_LOG_SOCKET_LOOKUP 0x04
+#include <netpfil/pf/pf.h>
+#include <netpfil/pf/pf_altq.h>
+#include <netpfil/pf/pf_mtag.h>
struct pf_addr {
union {
@@ -134,8 +61,6 @@ struct pf_addr {
#define addr32 pfa.addr32
};
-#define PF_TABLE_NAME_SIZE 32
-
#define PFI_AFLAG_NETWORK 0x01
#define PFI_AFLAG_BROADCAST 0x02
#define PFI_AFLAG_PEER 0x04
@@ -564,7 +489,6 @@ struct pf_rule {
union pf_rule_ptr skip[PF_SKIP_COUNT];
#define PF_RULE_LABEL_SIZE 64
char label[PF_RULE_LABEL_SIZE];
-#define PF_QNAME_SIZE 64
char ifname[IFNAMSIZ];
char qname[PF_QNAME_SIZE];
char pqname[PF_QNAME_SIZE];
@@ -1199,43 +1123,6 @@ struct pf_pdesc {
#define PF_DPORT_RANGE 0x01 /* Dest port uses range */
#define PF_RPORT_RANGE 0x02 /* RDR'ed port uses range */
-/* Reasons code for passing/dropping a packet */
-#define PFRES_MATCH 0 /* Explicit match of a rule */
-#define PFRES_BADOFF 1 /* Bad offset for pull_hdr */
-#define PFRES_FRAG 2 /* Dropping following fragment */
-#define PFRES_SHORT 3 /* Dropping short packet */
-#define PFRES_NORM 4 /* Dropping by normalizer */
-#define PFRES_MEMORY 5 /* Dropped due to lacking mem */
-#define PFRES_TS 6 /* Bad TCP Timestamp (RFC1323) */
-#define PFRES_CONGEST 7 /* Congestion (of ipintrq) */
-#define PFRES_IPOPTIONS 8 /* IP option */
-#define PFRES_PROTCKSUM 9 /* Protocol checksum invalid */
-#define PFRES_BADSTATE 10 /* State mismatch */
-#define PFRES_STATEINS 11 /* State insertion failure */
-#define PFRES_MAXSTATES 12 /* State limit */
-#define PFRES_SRCLIMIT 13 /* Source node/conn limit */
-#define PFRES_SYNPROXY 14 /* SYN proxy */
-#define PFRES_MAX 15 /* total+1 */
-
-#define PFRES_NAMES { \
- "match", \
- "bad-offset", \
- "fragment", \
- "short", \
- "normalize", \
- "memory", \
- "bad-timestamp", \
- "congestion", \
- "ip-option", \
- "proto-cksum", \
- "state-mismatch", \
- "state-insert", \
- "state-limit", \
- "src-limit", \
- "synproxy", \
- NULL \
-}
-
/* Counters for other things we want to keep track of */
#define LCNT_STATES 0 /* states */
#define LCNT_SRCSTATES 1 /* max-src-states */
@@ -1326,69 +1213,6 @@ struct pf_status {
u_int8_t pf_chksum[PF_MD5_DIGEST_LENGTH];
};
-struct cbq_opts {
- u_int minburst;
- u_int maxburst;
- u_int pktsize;
- u_int maxpktsize;
- u_int ns_per_byte;
- u_int maxidle;
- int minidle;
- u_int offtime;
- int flags;
-};
-
-struct priq_opts {
- int flags;
-};
-
-struct hfsc_opts {
- /* real-time service curve */
- u_int rtsc_m1; /* slope of the 1st segment in bps */
- u_int rtsc_d; /* the x-projection of m1 in msec */
- u_int rtsc_m2; /* slope of the 2nd segment in bps */
- /* link-sharing service curve */
- u_int lssc_m1;
- u_int lssc_d;
- u_int lssc_m2;
- /* upper-limit service curve */
- u_int ulsc_m1;
- u_int ulsc_d;
- u_int ulsc_m2;
- int flags;
-};
-
-struct pf_altq {
- char ifname[IFNAMSIZ];
-
- void *altq_disc; /* discipline-specific state */
- TAILQ_ENTRY(pf_altq) entries;
-
- /* scheduler spec */
- u_int8_t scheduler; /* scheduler type */
- u_int16_t tbrsize; /* tokenbucket regulator size */
- u_int32_t ifbandwidth; /* interface bandwidth */
-
- /* queue spec */
- char qname[PF_QNAME_SIZE]; /* queue name */
- char parent[PF_QNAME_SIZE]; /* parent name */
- u_int32_t parent_qid; /* parent queue id */
- u_int32_t bandwidth; /* queue bandwidth */
- u_int8_t priority; /* priority */
- u_int8_t local_flags; /* dynamic interface */
-#define PFALTQ_FLAG_IF_REMOVED 0x01
-
- u_int16_t qlimit; /* queue size limit */
- u_int16_t flags; /* misc flags */
- union {
- struct cbq_opts cbq_opts;
- struct priq_opts priq_opts;
- struct hfsc_opts hfsc_opts;
- } pq_u;
-
- u_int32_t qid; /* return value */
-};
-
struct pf_divert {
union {
struct in_addr ipv4;
Modified: stable/10/sys/netpfil/ipfw/ip_fw2.c
==============================================================================
--- stable/10/sys/netpfil/ipfw/ip_fw2.c Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/sys/netpfil/ipfw/ip_fw2.c Wed Mar 12 10:45:58 2014
(r263086)
@@ -60,10 +60,11 @@ __FBSDID("$FreeBSD$");
#include <net/ethernet.h> /* for ETHERTYPE_IP */
#include <net/if.h>
#include <net/route.h>
-#include <net/pf_mtag.h>
#include <net/pfil.h>
#include <net/vnet.h>
+#include <netpfil/pf/pf_mtag.h>
+
#include <netinet/in.h>
#include <netinet/in_var.h>
#include <netinet/in_pcb.h>
Modified: stable/10/sys/netpfil/pf/pf.c
==============================================================================
--- stable/10/sys/netpfil/pf/pf.c Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/sys/netpfil/pf/pf.c Wed Mar 12 10:45:58 2014
(r263086)
@@ -67,7 +67,6 @@ __FBSDID("$FreeBSD$");
#include <net/vnet.h>
#include <net/pfvar.h>
-#include <net/pf_mtag.h>
#include <net/if_pflog.h>
#include <net/if_pfsync.h>
Copied and modified: stable/10/sys/netpfil/pf/pf.h (from r257215,
head/sys/netpfil/pf/pf.h)
==============================================================================
--- head/sys/netpfil/pf/pf.h Sun Oct 27 16:25:57 2013 (r257215, copy
source)
+++ stable/10/sys/netpfil/pf/pf.h Wed Mar 12 10:45:58 2014
(r263086)
@@ -31,7 +31,7 @@
*/
#ifndef _NET_PF_H_
-#define _NET_PFAR_H_
+#define _NET_PF_H_
#define PF_TCPS_PROXY_SRC ((TCP_NSTATES)+0)
#define PF_TCPS_PROXY_DST ((TCP_NSTATES)+1)
Copied: stable/10/sys/netpfil/pf/pf_altq.h (from r257215,
head/sys/netpfil/pf/pf_altq.h)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ stable/10/sys/netpfil/pf/pf_altq.h Wed Mar 12 10:45:58 2014
(r263086, copy of r257215, head/sys/netpfil/pf/pf_altq.h)
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 2001 Daniel Hartmeier
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * - Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * - Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $OpenBSD: pfvar.h,v 1.282 2009/01/29 15:12:28 pyr Exp $
+ * $FreeBSD$
+ */
+
+#ifndef _NET_PF_ALTQ_H_
+#define _NET_PF_ALTQ_H_
+
+struct cbq_opts {
+ u_int minburst;
+ u_int maxburst;
+ u_int pktsize;
+ u_int maxpktsize;
+ u_int ns_per_byte;
+ u_int maxidle;
+ int minidle;
+ u_int offtime;
+ int flags;
+};
+
+struct priq_opts {
+ int flags;
+};
+
+struct hfsc_opts {
+ /* real-time service curve */
+ u_int rtsc_m1; /* slope of the 1st segment in bps */
+ u_int rtsc_d; /* the x-projection of m1 in msec */
+ u_int rtsc_m2; /* slope of the 2nd segment in bps */
+ /* link-sharing service curve */
+ u_int lssc_m1;
+ u_int lssc_d;
+ u_int lssc_m2;
+ /* upper-limit service curve */
+ u_int ulsc_m1;
+ u_int ulsc_d;
+ u_int ulsc_m2;
+ int flags;
+};
+
+struct pf_altq {
+ char ifname[IFNAMSIZ];
+
+ void *altq_disc; /* discipline-specific state */
+ TAILQ_ENTRY(pf_altq) entries;
+
+ /* scheduler spec */
+ uint8_t scheduler; /* scheduler type */
+ uint16_t tbrsize; /* tokenbucket regulator size */
+ uint32_t ifbandwidth; /* interface bandwidth */
+
+ /* queue spec */
+ char qname[PF_QNAME_SIZE]; /* queue name */
+ char parent[PF_QNAME_SIZE]; /* parent name */
+ uint32_t parent_qid; /* parent queue id */
+ uint32_t bandwidth; /* queue bandwidth */
+ uint8_t priority; /* priority */
+ uint8_t local_flags; /* dynamic interface */
+#define PFALTQ_FLAG_IF_REMOVED 0x01
+
+ uint16_t qlimit; /* queue size limit */
+ uint16_t flags; /* misc flags */
+ union {
+ struct cbq_opts cbq_opts;
+ struct priq_opts priq_opts;
+ struct hfsc_opts hfsc_opts;
+ } pq_u;
+
+ uint32_t qid; /* return value */
+};
+
+#endif /* _NET_PF_ALTQ_H_ */
Modified: stable/10/sys/netpfil/pf/pf_lb.c
==============================================================================
--- stable/10/sys/netpfil/pf/pf_lb.c Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/sys/netpfil/pf/pf_lb.c Wed Mar 12 10:45:58 2014
(r263086)
@@ -48,7 +48,6 @@ __FBSDID("$FreeBSD$");
#include <net/if.h>
#include <net/pfvar.h>
#include <net/if_pflog.h>
-#include <net/pf_mtag.h>
#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x
Copied: stable/10/sys/netpfil/pf/pf_mtag.h (from r257215,
head/sys/netpfil/pf/pf_mtag.h)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ stable/10/sys/netpfil/pf/pf_mtag.h Wed Mar 12 10:45:58 2014
(r263086, copy of r257215, head/sys/netpfil/pf/pf_mtag.h)
@@ -0,0 +1,62 @@
+/* $FreeBSD$ */
+/*
+ * Copyright (c) 2001 Daniel Hartmeier
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * - Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * - Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef _NET_PF_MTAG_H_
+#define _NET_PF_MTAG_H_
+
+#ifdef _KERNEL
+
+#define PF_TAG_GENERATED 0x01
+#define PF_TAG_FRAGCACHE 0x02
+#define PF_TAG_TRANSLATE_LOCALHOST 0x04
+#define PF_PACKET_LOOPED 0x08
+#define PF_FASTFWD_OURS_PRESENT 0x10
+
+struct pf_mtag {
+ void *hdr; /* saved hdr pos in mbuf, for ECN */
+ u_int32_t qid; /* queue id */
+ u_int16_t tag; /* tag id */
+ u_int8_t flags;
+ u_int8_t routed;
+};
+
+static __inline struct pf_mtag *
+pf_find_mtag(struct mbuf *m)
+{
+ struct m_tag *mtag;
+
+ if ((mtag = m_tag_find(m, PACKET_TAG_PF, NULL)) == NULL)
+ return (NULL);
+
+ return ((struct pf_mtag *)(mtag + 1));
+}
+#endif /* _KERNEL */
+#endif /* _NET_PF_MTAG_H_ */
Modified: stable/10/sys/netpfil/pf/pf_norm.c
==============================================================================
--- stable/10/sys/netpfil/pf/pf_norm.c Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/sys/netpfil/pf/pf_norm.c Wed Mar 12 10:45:58 2014
(r263086)
@@ -43,7 +43,6 @@ __FBSDID("$FreeBSD$");
#include <net/if.h>
#include <net/vnet.h>
#include <net/pfvar.h>
-#include <net/pf_mtag.h>
#include <net/if_pflog.h>
#include <netinet/in.h>
Modified: stable/10/usr.bin/kdump/Makefile
==============================================================================
--- stable/10/usr.bin/kdump/Makefile Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/usr.bin/kdump/Makefile Wed Mar 12 10:45:58 2014
(r263086)
@@ -1,6 +1,8 @@
# @(#)Makefile 8.1 (Berkeley) 6/6/93
# $FreeBSD$
+.include <bsd.own.mk>
+
.if (${MACHINE_ARCH} == "amd64")
SFX= 32
.endif
@@ -12,6 +14,10 @@ SRCS= kdump_subr.c kdump.c ioctl.c subr
DPSRCS= kdump_subr.h
CFLAGS+= -I${.CURDIR}/../ktrace -I${.CURDIR} -I${.CURDIR}/../.. -I.
+.if ${MK_PF} != "no"
+CFLAGS+=-DPF
+.endif
+
.if ${MACHINE_ARCH} == "amd64" || ${MACHINE_ARCH} == "i386"
SRCS+= linux_syscalls.c
.endif
Modified: stable/10/usr.bin/kdump/mkioctls
==============================================================================
--- stable/10/usr.bin/kdump/mkioctls Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/usr.bin/kdump/mkioctls Wed Mar 12 10:45:58 2014
(r263086)
@@ -21,7 +21,8 @@ LC_ALL=C; export LC_ALL
# XXX should we use an ANSI cpp?
ioctl_includes=$(
cd $includedir
- find -H -s * -name '*.h' | grep -v '.*disk.*\.h' | \
+ find -H -s * -name '*.h' | \
+ egrep -v '(.*disk.*|net/pfvar|net/if_pfsync)\.h' | \
xargs egrep -l \
'^#[ ]*define[ ]+[A-Za-z_][A-Za-z0-9_]*[ ]+_IO[^a-z0-9_]' |
awk '{printf("#include <%s>\\n", $1)}'
@@ -54,7 +55,10 @@ BEGIN {
print "#include <net/ethernet.h>"
print "#include <net/if.h>"
print "#include <net/if_var.h>"
+ print "#ifdef PF"
print "#include <net/pfvar.h>"
+ print "#include <net/if_pfsync.h>"
+ print "#endif"
print "#include <net/route.h>"
print "#include <netinet/in.h>"
print "#include <netinet/ip_mroute.h>"
Modified: stable/10/usr.bin/netstat/Makefile
==============================================================================
--- stable/10/usr.bin/netstat/Makefile Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/usr.bin/netstat/Makefile Wed Mar 12 10:45:58 2014
(r263086)
@@ -27,6 +27,10 @@ CFLAGS+=-DINET6
CFLAGS+=-DSDP
.endif
+.if ${MK_PF} != "no"
+CFLAGS+=-DPF
+.endif
+
BINGRP= kmem
BINMODE=2555
DPADD= ${LIBKVM} ${LIBMEMSTAT} ${LIBUTIL}
Modified: stable/10/usr.bin/netstat/if.c
==============================================================================
--- stable/10/usr.bin/netstat/if.c Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/usr.bin/netstat/if.c Wed Mar 12 10:45:58 2014
(r263086)
@@ -49,13 +49,15 @@ __FBSDID("$FreeBSD$");
#include <net/if_dl.h>
#include <net/if_types.h>
#include <net/ethernet.h>
-#include <net/pfvar.h>
-#include <net/if_pfsync.h>
#include <netinet/in.h>
#include <netinet/in_var.h>
#include <netipx/ipx.h>
#include <netipx/ipx_if.h>
#include <arpa/inet.h>
+#ifdef PF
+#include <net/pfvar.h>
+#include <net/if_pfsync.h>
+#endif
#include <err.h>
#include <errno.h>
@@ -81,6 +83,7 @@ static void sidewaysintpr(int);
static char addr_buf[NI_MAXHOST]; /* for getnameinfo() */
#endif
+#ifdef PF
static const char* pfsyncacts[] = {
/* PFSYNC_ACT_CLR */ "clear all request",
/* PFSYNC_ACT_INS */ "state insert",
@@ -155,6 +158,7 @@ pfsync_stats(u_long off, const char *nam
p(pfsyncs_oerrors, "\t\t%ju send error%s\n");
#undef p
}
+#endif /* PF */
/*
* Display a formatted value, or a '-' in the same space.
Modified: stable/10/usr.bin/netstat/main.c
==============================================================================
--- stable/10/usr.bin/netstat/main.c Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/usr.bin/netstat/main.c Wed Mar 12 10:45:58 2014
(r263086)
@@ -214,8 +214,10 @@ struct protox {
pim_stats, NULL, "pim", 1, IPPROTO_PIM },
{ -1, N_CARPSTAT, 1, NULL,
carp_stats, NULL, "carp", 1, 0 },
+#ifdef PF
{ -1, N_PFSYNCSTAT, 1, NULL,
pfsync_stats, NULL, "pfsync", 1, 0 },
+#endif
{ -1, N_ARPSTAT, 1, NULL,
arp_stats, NULL, "arp", 1, 0 },
{ -1, -1, 0, NULL,
Modified: stable/10/usr.sbin/bsnmpd/modules/Makefile
==============================================================================
--- stable/10/usr.sbin/bsnmpd/modules/Makefile Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/usr.sbin/bsnmpd/modules/Makefile Wed Mar 12 10:45:58 2014
(r263086)
@@ -13,12 +13,15 @@ SUBDIR= ${_snmp_atm} \
snmp_hast \
snmp_hostres \
snmp_mibII \
- snmp_pf \
snmp_target \
snmp_usm \
snmp_vacm \
snmp_wlan
+.if ${MK_PF} != "no"
+SUBDIR+=snmp_pf
+.endif
+
.if ${MK_NETGRAPH_SUPPORT} != "no"
SUBDIR+=snmp_netgraph
.endif
Modified: stable/10/usr.sbin/tcpdump/tcpdump/Makefile
==============================================================================
--- stable/10/usr.sbin/tcpdump/tcpdump/Makefile Wed Mar 12 10:45:22 2014
(r263085)
+++ stable/10/usr.sbin/tcpdump/tcpdump/Makefile Wed Mar 12 10:45:58 2014
(r263086)
@@ -89,7 +89,6 @@ SRCS= addrtoname.c \
print-olsr.c \
print-ospf.c \
print-otv.c \
- print-pfsync.c \
print-pgm.c \
print-pim.c \
print-ppi.c \
@@ -171,7 +170,8 @@ CFLAGS+= -DHAVE_LIBCRYPTO -DHAVE_OPENSSL
.endif
.if ${MK_PF} != "no"
-SRCS+= print-pflog.c
+SRCS+= print-pflog.c \
+ print-pfsync.c
CFLAGS+= -DHAVE_NET_PFVAR_H
.endif
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
