> On 23. Jul 2020, at 13:23, YASUOKA Masahiko <yasu...@openbsd.org> wrote:
>
> The diff fixes 2 problems of "least-states":
>
> - states whose address is selected by sticky-address is not counted
> for the number of states.
> - interface is not selected properly if selected table entry specifies
> an interface.
>
> ok?
Good catch, diff looks good to me.
ok jung@
> Increase state counter for least-states when the address is selected
> by sticky-address. Also fix the problem that the interface which is
> specified by the selected table entry is not used properly.
>
> Index: sys/net/pf_lb.c
> ===================================================================
> RCS file: /disk/cvs/openbsd/src/sys/net/pf_lb.c,v
> retrieving revision 1.64
> diff -u -p -r1.64 pf_lb.c
> --- sys/net/pf_lb.c 2 Jul 2019 09:04:53 -0000 1.64
> +++ sys/net/pf_lb.c 23 Jul 2020 11:06:05 -0000
> @@ -97,6 +97,8 @@ u_int64_t pf_hash(struct pf_addr *, st
> int pf_get_sport(struct pf_pdesc *, struct pf_rule *,
> struct pf_addr *, u_int16_t *, u_int16_t,
> u_int16_t, struct pf_src_node **);
> +int pf_map_addr_states_increase(sa_family_t,
> + struct pf_pool *, struct pf_addr *);
> int pf_get_transaddr_af(struct pf_rule *,
> struct pf_pdesc *, struct pf_src_node **);
> int pf_map_addr_sticky(sa_family_t, struct pf_rule *,
> @@ -319,6 +321,12 @@ pf_map_addr_sticky(sa_family_t af, struc
> sns[type] = NULL;
> return (-1);
> }
> +
> + if ((rpool->opts & PF_POOL_TYPEMASK) == PF_POOL_LEASTSTATES) {
> + if (pf_map_addr_states_increase(af, rpool, naddr) == -1)
> + return (-1);
> + }
> +
> if (!PF_AZERO(cached, af))
> pf_addrcpy(naddr, cached, af);
> if (pf_status.debug >= LOG_DEBUG) {
> @@ -345,6 +353,7 @@ pf_map_addr(sa_family_t af, struct pf_ru
> struct pf_addr faddr;
> struct pf_addr *raddr = &rpool->addr.v.a.addr;
> struct pf_addr *rmask = &rpool->addr.v.a.mask;
> + struct pfi_kif *kif;
> u_int64_t states;
> u_int16_t weight;
> u_int64_t load;
> @@ -539,6 +548,7 @@ pf_map_addr(sa_family_t af, struct pf_ru
>
> states = rpool->states;
> weight = rpool->weight;
> + kif = rpool->kif;
>
> if ((rpool->addr.type == PF_ADDR_TABLE &&
> rpool->addr.p.tbl->pfrkt_refcntcost > 0) ||
> @@ -581,6 +591,7 @@ pf_map_addr(sa_family_t af, struct pf_ru
> if (cload < load) {
> states = rpool->states;
> weight = rpool->weight;
> + kif = rpool->kif;
> load = cload;
>
> pf_addrcpy(naddr, &rpool->counter, af);
> @@ -591,29 +602,10 @@ pf_map_addr(sa_family_t af, struct pf_ru
> } while (pf_match_addr(1, &faddr, rmask, &rpool->counter, af) &&
> (states > 0));
>
> - if (rpool->addr.type == PF_ADDR_TABLE) {
> - if (pfr_states_increase(rpool->addr.p.tbl,
> - naddr, af) == -1) {
> - if (pf_status.debug >= LOG_DEBUG) {
> - log(LOG_DEBUG,"pf: pf_map_addr: "
> - "selected address ");
> - pf_print_host(naddr, 0, af);
> - addlog(". Failed to increase count!\n");
> - }
> - return (1);
> - }
> - } else if (rpool->addr.type == PF_ADDR_DYNIFTL) {
> - if (pfr_states_increase(rpool->addr.p.dyn->pfid_kt,
> - naddr, af) == -1) {
> - if (pf_status.debug >= LOG_DEBUG) {
> - log(LOG_DEBUG, "pf: pf_map_addr: "
> - "selected address ");
> - pf_print_host(naddr, 0, af);
> - addlog(". Failed to increase count!\n");
> - }
> - return (1);
> - }
> - }
> + if (pf_map_addr_states_increase(af, rpool, naddr) == -1)
> + return (1);
> + /* revert the kif which was set by pfr_pool_get() */
> + rpool->kif = kif;
> break;
> }
>
> @@ -642,6 +634,38 @@ pf_map_addr(sa_family_t af, struct pf_ru
> addlog("\n");
> }
>
> + return (0);
> +}
> +
> +int
> +pf_map_addr_states_increase(sa_family_t af, struct pf_pool *rpool,
> + struct pf_addr *naddr)
> +{
> + if (rpool->addr.type == PF_ADDR_TABLE) {
> + if (pfr_states_increase(rpool->addr.p.tbl,
> + naddr, af) == -1) {
> + if (pf_status.debug >= LOG_DEBUG) {
> + log(LOG_DEBUG,
> + "pf: pf_map_addr_states_increase: "
> + "selected address ");
> + pf_print_host(naddr, 0, af);
> + addlog(". Failed to increase count!\n");
> + }
> + return (1);
> + }
> + } else if (rpool->addr.type == PF_ADDR_DYNIFTL) {
> + if (pfr_states_increase(rpool->addr.p.dyn->pfid_kt,
> + naddr, af) == -1) {
> + if (pf_status.debug >= LOG_DEBUG) {
> + log(LOG_DEBUG,
> + "pf: pf_map_addr_states_increase: "
> + "selected address ");
> + pf_print_host(naddr, 0, af);
> + addlog(". Failed to increase count!\n");
> + }
> + return (1);
> + }
> + }
> return (0);
> }
>
>
