Attachment #132480 for bug #176763

Lines 1517-1522 Link Here

(-)sys/contrib/pf/net/pf.c (+38 lines)
1517	u_int32_t timeout;	1517	u_int32_t timeout;
1518		1518
1519	if (s->src_node != NULL) {	1519	if (s->src_node != NULL) {
		1520
		1521	/* Remove this pf_state from the list of states linked to pf_src_node */
		1522	if (s->prev_state) /* not the first pf_state in list */
		1523	s->prev_state->next_state = s->next_state;
		1524	else /* the fist pf_state in the list, modify list head in pf_src_node */
		1525	s->src_node->linked_states = s->next_state;
		1526
		1527	if (s->next_state) /* not the last pf_state in list */
		1528	s->next_state->prev_state = s->prev_state;
		1529
		1530	s->prev_state = NULL;
		1531	s->next_state = NULL;
		1532
1520	if (s->src.tcp_est)	1533	if (s->src.tcp_est)
1521	--s->src_node->conn;	1534	--s->src_node->conn;
1522	if (--s->src_node->states <= 0) {	1535	if (--s->src_node->states <= 0) {
Lines 1532-1537 Link Here
1532	}	1545	}
1533	}	1546	}
1534	if (s->nat_src_node != s->src_node && s->nat_src_node != NULL) {	1547	if (s->nat_src_node != s->src_node && s->nat_src_node != NULL) {
		1548
		1549	/* Remove this pf_state from the list of states linked to pf_src_node */
		1550	if (s->prev_state) /* not the first pf_state in list */
		1551	s->prev_state->next_state = s->next_state;
		1552	else /* the fist pf_state in the list, modify list head in pf_src_node */
		1553	s->nat_src_node->linked_states = s->next_state;
		1554
		1555	if (s->next_state) /* not the last pf_state in list */
		1556	s->next_state->prev_state = s->prev_state;
		1557
		1558	s->prev_state = NULL;
		1559	s->next_state = NULL;
		1560
1535	if (--s->nat_src_node->states <= 0) {	1561	if (--s->nat_src_node->states <= 0) {
1536	timeout = s->rule.ptr->timeout[PFTM_SRC_NODE];	1562	timeout = s->rule.ptr->timeout[PFTM_SRC_NODE];
1537	if (!timeout)	1563	if (!timeout)
Lines 3895-3906 Link Here
3895	if (sn != NULL) {	3921	if (sn != NULL) {
3896	s->src_node = sn;	3922	s->src_node = sn;
3897	s->src_node->states++;	3923	s->src_node->states++;
		3924
		3925	/* attach this state to head of list */
		3926	s->next_state = sn->linked_states;
		3927	if (s->next_state)
		3928	s->next_state->prev_state = s;
		3929	sn->linked_states = s;
3898	}	3930	}
3899	if (nsn != NULL) {	3931	if (nsn != NULL) {
3900	/* XXX We only modify one side for now. */	3932	/* XXX We only modify one side for now. */
3901	PF_ACPY(&nsn->raddr, &nk->addr[1], pd->af);	3933	PF_ACPY(&nsn->raddr, &nk->addr[1], pd->af);
3902	s->nat_src_node = nsn;	3934	s->nat_src_node = nsn;
3903	s->nat_src_node->states++;	3935	s->nat_src_node->states++;
		3936
		3937	/* attach this state to head of list */
		3938	s->next_state = nsn->linked_states;
		3939	if (s->next_state)
		3940	s->next_state->prev_state = s;
		3941	nsn->linked_states = s;
3904	}	3942	}
3905	if (pd->proto == IPPROTO_TCP) {	3943	if (pd->proto == IPPROTO_TCP) {
3906	if ((pd->flags & PFDESC_TCP_NORM) && pf_normalize_tcp_init(m,	3944	if ((pd->flags & PFDESC_TCP_NORM) && pf_normalize_tcp_init(m,




	case DIOCKILLSRCNODES: {
		struct pf_src_node	*sn;
		struct pf_state		*s;
		struct pf_state		**pns; /* pointer to next_state of previous state */
		struct pfioc_src_node_kill *psnk =
		    (struct pfioc_src_node_kill *)addr;
		u_int			killed = 0;

				&psnk->psnk_dst.addr.v.a.mask,
				&sn->raddr, sn->af)) {
				/* Handle state to src_node linkage */
				s = NULL; /* make gcc happy */
				pns = &sn->linked_states;
				for (s = sn->linked_states; s != NULL; s = s->next_state) {
					s->src_node = NULL;
					s->nat_src_node = NULL;
					*pns = NULL;
					s->prev_state = NULL;
					pns = &s->next_state;
							s->src_node = NULL;
						if (s->nat_src_node == sn)
							s->nat_src_node = NULL;
					}
					sn->states = 0;
				}
				*pns = NULL;
				sn->states = 0;
				sn->expire = 1;
				killed++;
			}

Lines 748-753 Link Here

(-)sys/contrib/pf/net/pfvar.h (+3 lines)
748	u_int32_t expire;	748	u_int32_t expire;
749	sa_family_t af;	749	sa_family_t af;
750	u_int8_t ruletype;	750	u_int8_t ruletype;
		751	struct pf_state *linked_states;
751	};	752	};
752		753
753	#define PFSNODE_HIWAT 10000 /* default source node table size */	754	#define PFSNODE_HIWAT 10000 /* default source node table size */
Lines 852-857 Link Here
852	struct pfi_kif *rt_kif;	853	struct pfi_kif *rt_kif;
853	struct pf_src_node *src_node;	854	struct pf_src_node *src_node;
854	struct pf_src_node *nat_src_node;	855	struct pf_src_node *nat_src_node;
		856	struct pf_state *prev_state;
		857	struct pf_state *next_state;
855	u_int64_t packets[2];	858	u_int64_t packets[2];
856	u_int64_t bytes[2];	859	u_int64_t bytes[2];
857	u_int32_t creation;	860	u_int32_t creation;

Return to bug 176763

Lines 3790-3795 Link Here

(-)sys/contrib/pf/net/pf_ioctl.c (-13 / +11 lines)
3790	case DIOCKILLSRCNODES: {	3790	case DIOCKILLSRCNODES: {
3791	struct pf_src_node *sn;	3791	struct pf_src_node *sn;
3792	struct pf_state *s;	3792	struct pf_state *s;
		3793	struct pf_state *pns; / pointer to next_state of previous state */
3793	struct pfioc_src_node_kill *psnk =	3794	struct pfioc_src_node_kill *psnk =
3794	(struct pfioc_src_node_kill *)addr;	3795	(struct pfioc_src_node_kill *)addr;
3795	u_int killed = 0;	3796	u_int killed = 0;
Lines 3808-3827 Link Here
3808	&psnk->psnk_dst.addr.v.a.mask,	3809	&psnk->psnk_dst.addr.v.a.mask,
3809	&sn->raddr, sn->af)) {	3810	&sn->raddr, sn->af)) {
3810	/* Handle state to src_node linkage */	3811	/* Handle state to src_node linkage */
3811	if (sn->states != 0) {	3812	s = NULL; /* make gcc happy */
3812	RB_FOREACH(s, pf_state_tree_id,	3813	pns = &sn->linked_states;
3813	#ifdef __FreeBSD__	3814	for (s = sn->linked_states; s != NULL; s = s->next_state) {
3814	&V_tree_id) {	3815	s->src_node = NULL;
3815	#else	3816	s->nat_src_node = NULL;
3816	&tree_id) {	3817	*pns = NULL;
3817	#endif	3818	s->prev_state = NULL;
3818	if (s->src_node == sn)	3819	pns = &s->next_state;
3819	s->src_node = NULL;
3820	if (s->nat_src_node == sn)
3821	s->nat_src_node = NULL;
3822	}
3823	sn->states = 0;
3824	}	3820	}
		3821	*pns = NULL;
		3822	sn->states = 0;
3825	sn->expire = 1;	3823	sn->expire = 1;
3826	killed++;	3824	killed++;
3827	}	3825	}