diff options
author | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2018-08-20 15:53:03 +0200 |
---|---|---|
committer | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2018-09-21 10:29:39 +0200 |
commit | 18fa92c2dcc6c52e0bf27d214d80f0c25a89b47d (patch) | |
tree | a3020ac5b1f366f2f0920941b589808e435dbcee /freebsd/sys/netpfil | |
parent | Update to FreeBSD head 2017-12-01 (diff) | |
download | rtems-libbsd-18fa92c2dcc6c52e0bf27d214d80f0c25a89b47d.tar.bz2 |
Update to FreeBSD head 2018-02-01
Git mirror commit d079ae0442af8fa3cfd6d7ede190d04e64a2c0d4.
Update #3472.
Diffstat (limited to 'freebsd/sys/netpfil')
-rw-r--r-- | freebsd/sys/netpfil/pf/if_pflog.c | 2 | ||||
-rw-r--r-- | freebsd/sys/netpfil/pf/in4_cksum.c | 2 | ||||
-rw-r--r-- | freebsd/sys/netpfil/pf/pf.c | 6 | ||||
-rw-r--r-- | freebsd/sys/netpfil/pf/pf.h | 2 | ||||
-rw-r--r-- | freebsd/sys/netpfil/pf/pf_ioctl.c | 132 | ||||
-rw-r--r-- | freebsd/sys/netpfil/pf/pf_norm.c | 11 | ||||
-rw-r--r-- | freebsd/sys/netpfil/pf/pf_osfp.c | 2 |
7 files changed, 127 insertions, 30 deletions
diff --git a/freebsd/sys/netpfil/pf/if_pflog.c b/freebsd/sys/netpfil/pf/if_pflog.c index 1ad6a774..53cf94c8 100644 --- a/freebsd/sys/netpfil/pf/if_pflog.c +++ b/freebsd/sys/netpfil/pf/if_pflog.c @@ -1,6 +1,8 @@ #include <machine/rtems-bsd-kernel-space.h> /*- + * SPDX-License-Identifier: ISC + * * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and * Niels Provos (provos@physnet.uni-hamburg.de). diff --git a/freebsd/sys/netpfil/pf/in4_cksum.c b/freebsd/sys/netpfil/pf/in4_cksum.c index 509c33cd..242909cc 100644 --- a/freebsd/sys/netpfil/pf/in4_cksum.c +++ b/freebsd/sys/netpfil/pf/in4_cksum.c @@ -5,7 +5,7 @@ /* $KAME: in4_cksum.c,v 1.10 2001/11/30 10:06:15 itojun Exp $ */ /* $NetBSD: in_cksum.c,v 1.13 1996/10/13 02:03:03 christos Exp $ */ -/* +/*- * SPDX-License-Identifier: BSD-3-Clause * * Copyright (C) 1999 WIDE Project. diff --git a/freebsd/sys/netpfil/pf/pf.c b/freebsd/sys/netpfil/pf/pf.c index d94966b9..a904a0db 100644 --- a/freebsd/sys/netpfil/pf/pf.c +++ b/freebsd/sys/netpfil/pf/pf.c @@ -1500,7 +1500,7 @@ pf_unload_vnet_purge(void) * Now purge everything. */ pf_purge_expired_states(0, pf_hashmask); - pf_purge_expired_fragments(); + pf_purge_fragments(UINT_MAX); pf_purge_expired_src_nodes(); /* @@ -1615,6 +1615,7 @@ int pf_unlink_state(struct pf_state *s, u_int flags) { struct pf_idhash *ih = &V_pf_idhash[PF_IDHASH(s)]; + int last; if ((flags & PF_ENTER_LOCKED) == 0) PF_HASHROW_LOCK(ih); @@ -1655,7 +1656,8 @@ pf_unlink_state(struct pf_state *s, u_int flags) PF_HASHROW_UNLOCK(ih); pf_detach_state(s); - refcount_release(&s->refs); + last = refcount_release(&s->refs); + KASSERT(last == 0, ("Incorrect state reference count")); return (pf_release_state(s)); } diff --git a/freebsd/sys/netpfil/pf/pf.h b/freebsd/sys/netpfil/pf/pf.h index 333faea3..69472782 100644 --- a/freebsd/sys/netpfil/pf/pf.h +++ b/freebsd/sys/netpfil/pf/pf.h @@ -1,4 +1,4 @@ -/* +/*- * SPDX-License-Identifier: BSD-2-Clause * * Copyright (c) 2001 Daniel Hartmeier diff --git a/freebsd/sys/netpfil/pf/pf_ioctl.c b/freebsd/sys/netpfil/pf/pf_ioctl.c index 98f190e7..a1b0b5e5 100644 --- a/freebsd/sys/netpfil/pf/pf_ioctl.c +++ b/freebsd/sys/netpfil/pf/pf_ioctl.c @@ -2543,7 +2543,12 @@ DIOCCHANGEADDR_error: break; } totlen = io->pfrio_size * sizeof(struct pfr_table); - pfrts = malloc(totlen, M_TEMP, M_WAITOK); + pfrts = mallocarray(io->pfrio_size, sizeof(struct pfr_table), + M_TEMP, M_WAITOK); + if (! pfrts) { + error = ENOMEM; + break; + } error = copyin(io->pfrio_buffer, pfrts, totlen); if (error) { free(pfrts, M_TEMP); @@ -2567,7 +2572,12 @@ DIOCCHANGEADDR_error: break; } totlen = io->pfrio_size * sizeof(struct pfr_table); - pfrts = malloc(totlen, M_TEMP, M_WAITOK); + pfrts = mallocarray(io->pfrio_size, sizeof(struct pfr_table), + M_TEMP, M_WAITOK); + if (! pfrts) { + error = ENOMEM; + break; + } error = copyin(io->pfrio_buffer, pfrts, totlen); if (error) { free(pfrts, M_TEMP); @@ -2591,7 +2601,12 @@ DIOCCHANGEADDR_error: break; } totlen = io->pfrio_size * sizeof(struct pfr_table); - pfrts = malloc(totlen, M_TEMP, M_WAITOK); + pfrts = mallocarray(io->pfrio_size, sizeof(struct pfr_table), + M_TEMP, M_WAITOK); + if (! pfrts) { + error = ENOMEM; + break; + } PF_RULES_RLOCK(); error = pfr_get_tables(&io->pfrio_table, pfrts, &io->pfrio_size, io->pfrio_flags | PFR_FLAG_USERIOCTL); @@ -2612,7 +2627,12 @@ DIOCCHANGEADDR_error: break; } totlen = io->pfrio_size * sizeof(struct pfr_tstats); - pfrtstats = malloc(totlen, M_TEMP, M_WAITOK); + pfrtstats = mallocarray(io->pfrio_size, + sizeof(struct pfr_tstats), M_TEMP, M_WAITOK); + if (! pfrtstats) { + error = ENOMEM; + break; + } PF_RULES_WLOCK(); error = pfr_get_tstats(&io->pfrio_table, pfrtstats, &io->pfrio_size, io->pfrio_flags | PFR_FLAG_USERIOCTL); @@ -2633,7 +2653,12 @@ DIOCCHANGEADDR_error: break; } totlen = io->pfrio_size * sizeof(struct pfr_table); - pfrts = malloc(totlen, M_TEMP, M_WAITOK); + pfrts = mallocarray(io->pfrio_size, sizeof(struct pfr_table), + M_TEMP, M_WAITOK); + if (! pfrts) { + error = ENOMEM; + break; + } error = copyin(io->pfrio_buffer, pfrts, totlen); if (error) { free(pfrts, M_TEMP); @@ -2657,7 +2682,12 @@ DIOCCHANGEADDR_error: break; } totlen = io->pfrio_size * sizeof(struct pfr_table); - pfrts = malloc(totlen, M_TEMP, M_WAITOK); + pfrts = mallocarray(io->pfrio_size, sizeof(struct pfr_table), + M_TEMP, M_WAITOK); + if (! pfrts) { + error = ENOMEM; + break; + } error = copyin(io->pfrio_buffer, pfrts, totlen); if (error) { free(pfrts, M_TEMP); @@ -2696,7 +2726,12 @@ DIOCCHANGEADDR_error: break; } totlen = io->pfrio_size * sizeof(struct pfr_addr); - pfras = malloc(totlen, M_TEMP, M_WAITOK); + pfras = mallocarray(io->pfrio_size, sizeof(struct pfr_addr), + M_TEMP, M_WAITOK); + if (! pfras) { + error = ENOMEM; + break; + } error = copyin(io->pfrio_buffer, pfras, totlen); if (error) { free(pfras, M_TEMP); @@ -2723,7 +2758,12 @@ DIOCCHANGEADDR_error: break; } totlen = io->pfrio_size * sizeof(struct pfr_addr); - pfras = malloc(totlen, M_TEMP, M_WAITOK); + pfras = mallocarray(io->pfrio_size, sizeof(struct pfr_addr), + M_TEMP, M_WAITOK); + if (! pfras) { + error = ENOMEM; + break; + } error = copyin(io->pfrio_buffer, pfras, totlen); if (error) { free(pfras, M_TEMP); @@ -2751,7 +2791,12 @@ DIOCCHANGEADDR_error: } count = max(io->pfrio_size, io->pfrio_size2); totlen = count * sizeof(struct pfr_addr); - pfras = malloc(totlen, M_TEMP, M_WAITOK); + pfras = mallocarray(count, sizeof(struct pfr_addr), M_TEMP, + M_WAITOK); + if (! pfras) { + error = ENOMEM; + break; + } error = copyin(io->pfrio_buffer, pfras, totlen); if (error) { free(pfras, M_TEMP); @@ -2779,7 +2824,12 @@ DIOCCHANGEADDR_error: break; } totlen = io->pfrio_size * sizeof(struct pfr_addr); - pfras = malloc(totlen, M_TEMP, M_WAITOK); + pfras = mallocarray(io->pfrio_size, sizeof(struct pfr_addr), + M_TEMP, M_WAITOK); + if (! pfras) { + error = ENOMEM; + break; + } PF_RULES_RLOCK(); error = pfr_get_addrs(&io->pfrio_table, pfras, &io->pfrio_size, io->pfrio_flags | PFR_FLAG_USERIOCTL); @@ -2800,7 +2850,12 @@ DIOCCHANGEADDR_error: break; } totlen = io->pfrio_size * sizeof(struct pfr_astats); - pfrastats = malloc(totlen, M_TEMP, M_WAITOK); + pfrastats = mallocarray(io->pfrio_size, + sizeof(struct pfr_astats), M_TEMP, M_WAITOK); + if (! pfrastats) { + error = ENOMEM; + break; + } PF_RULES_RLOCK(); error = pfr_get_astats(&io->pfrio_table, pfrastats, &io->pfrio_size, io->pfrio_flags | PFR_FLAG_USERIOCTL); @@ -2821,7 +2876,12 @@ DIOCCHANGEADDR_error: break; } totlen = io->pfrio_size * sizeof(struct pfr_addr); - pfras = malloc(totlen, M_TEMP, M_WAITOK); + pfras = mallocarray(io->pfrio_size, sizeof(struct pfr_addr), + M_TEMP, M_WAITOK); + if (! pfras) { + error = ENOMEM; + break; + } error = copyin(io->pfrio_buffer, pfras, totlen); if (error) { free(pfras, M_TEMP); @@ -2848,7 +2908,12 @@ DIOCCHANGEADDR_error: break; } totlen = io->pfrio_size * sizeof(struct pfr_addr); - pfras = malloc(totlen, M_TEMP, M_WAITOK); + pfras = mallocarray(io->pfrio_size, sizeof(struct pfr_addr), + M_TEMP, M_WAITOK); + if (! pfras) { + error = ENOMEM; + break; + } error = copyin(io->pfrio_buffer, pfras, totlen); if (error) { free(pfras, M_TEMP); @@ -2875,7 +2940,12 @@ DIOCCHANGEADDR_error: break; } totlen = io->pfrio_size * sizeof(struct pfr_addr); - pfras = malloc(totlen, M_TEMP, M_WAITOK); + pfras = mallocarray(io->pfrio_size, sizeof(struct pfr_addr), + M_TEMP, M_WAITOK); + if (! pfras) { + error = ENOMEM; + break; + } error = copyin(io->pfrio_buffer, pfras, totlen); if (error) { free(pfras, M_TEMP); @@ -2917,7 +2987,12 @@ DIOCCHANGEADDR_error: break; } totlen = sizeof(struct pfioc_trans_e) * io->size; - ioes = malloc(totlen, M_TEMP, M_WAITOK); + ioes = mallocarray(io->size, sizeof(struct pfioc_trans_e), + M_TEMP, M_WAITOK); + if (! ioes) { + error = ENOMEM; + break; + } error = copyin(io->array, ioes, totlen); if (error) { free(ioes, M_TEMP); @@ -2983,7 +3058,12 @@ DIOCCHANGEADDR_error: break; } totlen = sizeof(struct pfioc_trans_e) * io->size; - ioes = malloc(totlen, M_TEMP, M_WAITOK); + ioes = mallocarray(io->size, sizeof(struct pfioc_trans_e), + M_TEMP, M_WAITOK); + if (! ioes) { + error = ENOMEM; + break; + } error = copyin(io->array, ioes, totlen); if (error) { free(ioes, M_TEMP); @@ -3049,7 +3129,12 @@ DIOCCHANGEADDR_error: break; } totlen = sizeof(struct pfioc_trans_e) * io->size; - ioes = malloc(totlen, M_TEMP, M_WAITOK); + ioes = mallocarray(io->size, sizeof(struct pfioc_trans_e), + M_TEMP, M_WAITOK); + if (! ioes) { + error = ENOMEM; + break; + } error = copyin(io->array, ioes, totlen); if (error) { free(ioes, M_TEMP); @@ -3250,7 +3335,12 @@ DIOCCHANGEADDR_error: } bufsiz = io->pfiio_size * sizeof(struct pfi_kif); - ifstore = malloc(bufsiz, M_TEMP, M_WAITOK); + ifstore = mallocarray(io->pfiio_size, sizeof(struct pfi_kif), + M_TEMP, M_WAITOK); + if (! ifstore) { + error = ENOMEM; + break; + } PF_RULES_RLOCK(); pfi_get_ifaces(io->pfiio_name, ifstore, &io->pfiio_size); PF_RULES_RUNLOCK(); @@ -3845,12 +3935,6 @@ pf_modevent(module_t mod, int type, void *data) case MOD_LOAD: error = pf_load(); break; - case MOD_QUIESCE: - /* - * Module should not be unloaded due to race conditions. - */ - error = EBUSY; - break; case MOD_UNLOAD: /* Handled in SYSUNINIT(pf_unload) to ensure it's done after * the vnet_pf_uninit()s */ diff --git a/freebsd/sys/netpfil/pf/pf_norm.c b/freebsd/sys/netpfil/pf/pf_norm.c index e3a00971..4f0966ed 100644 --- a/freebsd/sys/netpfil/pf/pf_norm.c +++ b/freebsd/sys/netpfil/pf/pf_norm.c @@ -221,9 +221,16 @@ pf_frag_compare(struct pf_fragment *a, struct pf_fragment *b) void pf_purge_expired_fragments(void) { + u_int32_t expire = time_uptime - + V_pf_default_rule.timeout[PFTM_FRAG]; + + pf_purge_fragments(expire); +} + +void +pf_purge_fragments(uint32_t expire) +{ struct pf_fragment *frag; - u_int32_t expire = time_uptime - - V_pf_default_rule.timeout[PFTM_FRAG]; PF_FRAG_LOCK(); while ((frag = TAILQ_LAST(&V_pf_fragqueue, pf_fragqueue)) != NULL) { diff --git a/freebsd/sys/netpfil/pf/pf_osfp.c b/freebsd/sys/netpfil/pf/pf_osfp.c index 7b55d20a..1ee16df5 100644 --- a/freebsd/sys/netpfil/pf/pf_osfp.c +++ b/freebsd/sys/netpfil/pf/pf_osfp.c @@ -1,6 +1,8 @@ #include <machine/rtems-bsd-kernel-space.h> /*- + * SPDX-License-Identifier: ISC + * * Copyright (c) 2003 Mike Frantzen <frantzen@w4g.org> * * Permission to use, copy, modify, and distribute this software for any |