Attachment #183243 for bug #219803




	u_int8_t	pad[1];
};

/* Keep synced with struct pf_udp_endpoint. */
struct pf_udp_endpoint_cmp {
	struct pf_addr	addr;
	u_int16_t	port;
	sa_family_t	af;
	u_int8_t	pad[1];
};

struct pf_udp_endpoint {
	struct pf_addr	addr;
	u_int16_t	port;
	sa_family_t	af;
	u_int8_t	pad[1];

	struct pf_udp_mapping *mapping;
	LIST_ENTRY(pf_udp_endpoint) entry;
};

struct pf_udp_mapping {
	struct pf_udp_endpoint endpoints[2];
	u_int refs;
};

/* Keep synced with struct pf_state_key. */
struct pf_state_key_cmp {
	struct pf_addr	 addr[2];

	union pf_rule_ptr	 nat_rule;
	struct pf_addr		 rt_addr;
	struct pf_state_key	*key[2];	/* addresses stack and wire  */
	struct pf_udp_mapping	*udp_mapping;
	struct pfi_kif		*kif;
	struct pfi_kif		*rt_kif;
	struct pf_src_node	*src_node;

	struct mtx			lock;
};

struct pf_udpendpointhash {
	LIST_HEAD(, pf_udp_endpoint)	endpoints;
	struct mtx			lock;
};

struct pf_keyhash {
	LIST_HEAD(, pf_state_key)	keys;
	struct mtx			lock;

extern u_long		pf_hashmask;
extern u_long		pf_srchashmask;
#define	PF_HASHSIZ	(32768)
VNET_DECLARE(struct pf_udpendpointhash *, pf_udpendpointhash);
VNET_DECLARE(struct pf_keyhash *, pf_keyhash);
VNET_DECLARE(struct pf_idhash *, pf_idhash);
#define V_pf_udpendpointhash	VNET(pf_udpendpointhash)
#define V_pf_keyhash	VNET(pf_keyhash)
#define	V_pf_idhash	VNET(pf_idhash)
VNET_DECLARE(struct pf_srchash *, pf_srchash);

#define	V_pf_state_z		 VNET(pf_state_z)
VNET_DECLARE(uma_zone_t,	 pf_state_key_z);
#define	V_pf_state_key_z	 VNET(pf_state_key_z)
VNET_DECLARE(uma_zone_t,	 pf_udp_mapping_z);
#define	V_pf_udp_mapping_z	 VNET(pf_udp_mapping_z)
VNET_DECLARE(uma_zone_t,	 pf_state_scrub_z);
#define	V_pf_state_scrub_z	 VNET(pf_state_scrub_z)


extern struct pf_state		*pf_find_state_byid(uint64_t, uint32_t);
extern struct pf_state		*pf_find_state_all(struct pf_state_key_cmp *,
				    u_int, int *);
extern struct pf_udp_mapping	*pf_udp_mapping_find(struct pf_udp_endpoint_cmp *endpoint);
extern struct pf_udp_mapping	*pf_udp_mapping_create(sa_family_t af,
				    struct pf_addr *src_addr, u_int16_t src_port,
				    struct pf_addr *nat_addr, u_int16_t nat_port);
extern int			 pf_udp_mapping_insert(struct pf_udp_mapping *mapping);
extern void			 pf_udp_mapping_release(struct pf_udp_mapping *mapping);


extern struct pf_src_node	*pf_find_src_node(struct pf_addr *,
				    struct pf_rule *, sa_family_t, int);
extern void			 pf_unlink_src_node(struct pf_src_node *);

			    int, int, struct pfi_kif *, struct pf_src_node **,
			    struct pf_state_key **, struct pf_state_key **,
			    struct pf_addr *, struct pf_addr *,
			    uint16_t, uint16_t, struct pf_anchor_stackframe *,
			    struct pf_udp_mapping **udp_mapping);

struct pf_state_key	*pf_state_key_setup(struct pf_pdesc *, struct pf_addr *,
			    struct pf_addr *, u_int16_t, u_int16_t);




uma_zone_t		pf_mtag_z;
VNET_DEFINE(uma_zone_t,	 pf_state_z);
VNET_DEFINE(uma_zone_t,	 pf_state_key_z);
VNET_DEFINE(uma_zone_t,	 pf_udp_mapping_z);

VNET_DEFINE(uint64_t, pf_stateid[MAXCPU]);
#define	PFID_CPUBITS	8

			    struct pf_state_key *, struct mbuf *, int,
			    u_int16_t, u_int16_t, int *, struct pfi_kif *,
			    struct pf_state **, int, u_int16_t, u_int16_t,
			    int, struct pf_udp_mapping *);
static int		 pf_test_fragment(struct pf_rule **, int,
			    struct pfi_kif *, struct mbuf *, void *,
			    struct pf_pdesc *, struct pf_rule **,

VNET_DEFINE(struct pf_keyhash *, pf_keyhash);
VNET_DEFINE(struct pf_idhash *, pf_idhash);
VNET_DEFINE(struct pf_srchash *, pf_srchash);
VNET_DEFINE(struct pf_udpendpointhash *, pf_udpendpointhash);

SYSCTL_NODE(_net, OID_AUTO, pf, CTLFLAG_RW, 0, "pf(4)");


}

static __inline uint32_t
pf_hashudpendpoint(struct pf_udp_endpoint *endpoint)
{
	uint32_t h;

	h = murmur3_32_hash32((uint32_t *)endpoint,
	    sizeof(struct pf_udp_endpoint_cmp)/sizeof(uint32_t),
	    V_pf_hashseed);

	return (h & pf_hashmask);
}

static __inline uint32_t
pf_hashsrc(struct pf_addr *addr, sa_family_t af)
{
	uint32_t h;

{
	struct pf_keyhash	*kh;
	struct pf_idhash	*ih;
	struct pf_udpendpointhash *uh;
	struct pf_srchash	*sh;
	u_int i;


	V_pf_state_key_z = uma_zcreate("pf state keys",
	    sizeof(struct pf_state_key), pf_state_key_ctor, NULL, NULL, NULL,
	    UMA_ALIGN_PTR, 0);
	V_pf_udp_mapping_z = uma_zcreate("pf UDP mappings",
	    sizeof(struct pf_udp_mapping), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
	V_pf_keyhash = malloc(pf_hashsize * sizeof(struct pf_keyhash),
	    M_PFHASH, M_WAITOK | M_ZERO);
	V_pf_idhash = malloc(pf_hashsize * sizeof(struct pf_idhash),
	    M_PFHASH, M_WAITOK | M_ZERO);
	V_pf_udpendpointhash = malloc(pf_hashsize * sizeof(struct pf_udpendpointhash),
	    M_PFHASH, M_WAITOK | M_ZERO);
	pf_hashmask = pf_hashsize - 1;
	for (i = 0, kh = V_pf_keyhash, ih = V_pf_idhash, uh=V_pf_udpendpointhash; i <= pf_hashmask;
	    i++, kh++, ih++, uh++) {
		mtx_init(&kh->lock, "pf_keyhash", NULL, MTX_DEF | MTX_DUPOK);
		mtx_init(&ih->lock, "pf_idhash", NULL, MTX_DEF);
		mtx_init(&uh->lock, "pf_udpendpointhash", NULL, MTX_DEF | MTX_DUPOK);
	}

	/* Source nodes. */

{
	struct pf_keyhash	*kh;
	struct pf_idhash	*ih;
	struct pf_udpendpointhash *uh;
	struct pf_srchash	*sh;
	struct pf_send_entry	*pfse, *next;
	u_int i;

	for (i = 0, kh = V_pf_keyhash, ih = V_pf_idhash, uh=V_pf_udpendpointhash; i <= pf_hashmask;
	    i++, kh++, ih++, uh++) {
		KASSERT(LIST_EMPTY(&kh->keys), ("%s: key hash not empty",
		    __func__));
		KASSERT(LIST_EMPTY(&ih->states), ("%s: id hash not empty",
		    __func__));
		KASSERT(LIST_EMPTY(&uh->endpoints), ("%s: udpendpoint hash not empty",
		    __func__));
		mtx_destroy(&kh->lock);
		mtx_destroy(&ih->lock);
		mtx_destroy(&uh->lock);
	}
	free(V_pf_keyhash, M_PFHASH);
	free(V_pf_idhash, M_PFHASH);
	free(V_pf_udpendpointhash, M_PFHASH);

	for (i = 0, sh = V_pf_srchash; i <= pf_srchashmask; i++, sh++) {
		KASSERT(LIST_EMPTY(&sh->nodes),

	uma_zdestroy(V_pf_sources_z);
	uma_zdestroy(V_pf_state_z);
	uma_zdestroy(V_pf_state_key_z);
	uma_zdestroy(V_pf_udp_mapping_z);
}

static int

	return (ret);
}

struct pf_udp_mapping*
pf_udp_mapping_create(sa_family_t af, struct pf_addr *src_addr, u_int16_t src_port,
    struct pf_addr *nat_addr, u_int16_t nat_port)
{
	struct pf_udp_mapping *mapping = uma_zalloc(V_pf_udp_mapping_z, M_NOWAIT | M_ZERO);
	if (mapping == NULL)
		return NULL;
	PF_ACPY(&mapping->endpoints[0].addr, src_addr, af);
	mapping->endpoints[0].port = src_port;
	mapping->endpoints[0].af = af;
	mapping->endpoints[0].mapping = mapping;
	PF_ACPY(&mapping->endpoints[1].addr, nat_addr, af);
	mapping->endpoints[1].port = nat_port;
	mapping->endpoints[1].af = af;
	mapping->endpoints[1].mapping = mapping;
	refcount_init(&mapping->refs, 1);
	return mapping;
}

int
pf_udp_mapping_insert(struct pf_udp_mapping *mapping)
{
	struct pf_udpendpointhash *h0, *h1;
	struct pf_udp_endpoint *endpoint;
	int ret = 1;

	h0 = &V_pf_udpendpointhash[pf_hashudpendpoint(&mapping->endpoints[0])];
	h1 = &V_pf_udpendpointhash[pf_hashudpendpoint(&mapping->endpoints[1])];
	if (h0 == h1) {
		PF_HASHROW_LOCK(h0);
	} else if (h0 < h1) {
		PF_HASHROW_LOCK(h0);
		PF_HASHROW_LOCK(h1);
	} else {
		PF_HASHROW_LOCK(h1);
		PF_HASHROW_LOCK(h0);
	}

	LIST_FOREACH(endpoint, &h0->endpoints, entry)
		if (bcmp(endpoint, &mapping->endpoints[0], sizeof(struct pf_udp_endpoint_cmp)) == 0)
			break;
	if (endpoint != NULL)
		goto cleanup;
	LIST_FOREACH(endpoint, &h1->endpoints, entry)
		if (bcmp(endpoint, &mapping->endpoints[1], sizeof(struct pf_udp_endpoint_cmp)) == 0)
			break;
	if (endpoint != NULL)
		goto cleanup;
	LIST_INSERT_HEAD(&h0->endpoints, &mapping->endpoints[0], entry);
	LIST_INSERT_HEAD(&h1->endpoints, &mapping->endpoints[1], entry);
	ret = 0;

cleanup:
	if (h0 != h1) {
		PF_HASHROW_UNLOCK(h0);
		PF_HASHROW_UNLOCK(h1);
	} else {
		PF_HASHROW_UNLOCK(h0);
	}
	return ret;
}

void
pf_udp_mapping_release(struct pf_udp_mapping *mapping)
{
	/* refcount is synchronized on the source endpoint's row lock */
	struct pf_udpendpointhash *h0, *h1;
	h0 = &V_pf_udpendpointhash[pf_hashudpendpoint(&mapping->endpoints[0])];
	PF_HASHROW_LOCK(h0);
	if (refcount_release(&mapping->refs)) {
		LIST_REMOVE(&mapping->endpoints[0], entry);
		PF_HASHROW_UNLOCK(h0);
		h1 = &V_pf_udpendpointhash[pf_hashudpendpoint(&mapping->endpoints[1])];
		PF_HASHROW_LOCK(h1);
		LIST_REMOVE(&mapping->endpoints[1], entry);
		PF_HASHROW_UNLOCK(h1);

		uma_zfree(V_pf_udp_mapping_z, mapping);
	} else {
		PF_HASHROW_UNLOCK(h0);
	}
}

struct pf_udp_mapping *
pf_udp_mapping_find(struct pf_udp_endpoint_cmp *key)
{
	struct pf_udpendpointhash *uh;
	struct pf_udp_endpoint *endpoint;

	uh = &V_pf_udpendpointhash[pf_hashudpendpoint((struct pf_udp_endpoint*)key)];

	PF_HASHROW_LOCK(uh);
	LIST_FOREACH(endpoint, &uh->endpoints, entry)
		if (bcmp(endpoint, key, sizeof(struct pf_udp_endpoint_cmp)) == 0 &&
				bcmp(endpoint, &endpoint->mapping->endpoints[0], sizeof(struct pf_udp_endpoint_cmp)) == 0)
			break;
	if (endpoint == NULL) {
		PF_HASHROW_UNLOCK(uh);
		return NULL;
	}
	refcount_acquire(&endpoint->mapping->refs);
	PF_HASHROW_UNLOCK(uh);
	return endpoint->mapping;
}

/* END state table stuff */

static void

	pf_detach_state(s);
	refcount_release(&s->refs);

	if (s->udp_mapping)
		pf_udp_mapping_release(s->udp_mapping);

	return (pf_release_state(s));
}


	u_int16_t		 bproto_sum = 0, bip_sum = 0;
	u_int8_t		 icmptype = 0, icmpcode = 0;
	struct pf_anchor_stackframe	anchor_stack[PF_ANCHOR_STACKSIZE];
	struct pf_udp_mapping	*udp_mapping = NULL;

	PF_RULES_RASSERT();



	/* check packet for BINAT/NAT/RDR */
	if ((nr = pf_get_translation(pd, m, off, direction, kif, &nsn, &sk,
	    &nk, saddr, daddr, sport, dport, anchor_stack, &udp_mapping)) != NULL) {
		KASSERT(sk != NULL, ("%s: null sk", __func__));
		KASSERT(nk != NULL, ("%s: null nk", __func__));


		int action;
		action = pf_create_state(r, nr, a, pd, nsn, nk, sk, m, off,
		    sport, dport, &rewrite, kif, sm, tag, bproto_sum, bip_sum,
		    hdrlen, udp_mapping);
		if (action != PF_PASS) {
			if (udp_mapping != NULL)
				pf_udp_mapping_release(udp_mapping);
			return (action);
		}
	} else {
		if (sk != NULL)
			uma_zfree(V_pf_state_key_z, sk);
		if (nk != NULL)
			uma_zfree(V_pf_state_key_z, nk);
		if (udp_mapping != NULL)
			pf_udp_mapping_release(udp_mapping);
	}

	/* copy back packet headers if we performed NAT operations */

		uma_zfree(V_pf_state_key_z, sk);
	if (nk != NULL)
		uma_zfree(V_pf_state_key_z, nk);
	if (udp_mapping != NULL)
		pf_udp_mapping_release(udp_mapping);
	return (PF_DROP);
}


    struct pf_pdesc *pd, struct pf_src_node *nsn, struct pf_state_key *nk,
    struct pf_state_key *sk, struct mbuf *m, int off, u_int16_t sport,
    u_int16_t dport, int *rewrite, struct pfi_kif *kif, struct pf_state **sm,
    int tag, u_int16_t bproto_sum, u_int16_t bip_sum, int hdrlen,
    struct pf_udp_mapping *udp_mapping)
{
	struct pf_state		*s = NULL;
	struct pf_src_node	*sn = NULL;

		REASON_SET(&reason, PFRES_SYNPROXY);
		return (PF_SYNPROXY_DROP);
	}
	s->udp_mapping = udp_mapping;

	return (PF_PASS);





			    uint16_t, int, struct pf_anchor_stackframe *);
static int pf_get_sport(sa_family_t, uint8_t, struct pf_rule *,
    struct pf_addr *, uint16_t, struct pf_addr *, uint16_t, struct pf_addr *,
    uint16_t *, uint16_t, uint16_t, struct pf_src_node **,
    struct pf_udp_mapping**);

#define mix(a,b,c) \
	do {					\

pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_rule *r,
    struct pf_addr *saddr, uint16_t sport, struct pf_addr *daddr,
    uint16_t dport, struct pf_addr *naddr, uint16_t *nport, uint16_t low,
    uint16_t high, struct pf_src_node **sn, struct pf_udp_mapping **udp_mapping)
{
	struct pf_state_key_cmp	key;
	struct pf_addr		init_addr;

	if (proto == IPPROTO_UDP) {
		struct pf_udp_endpoint_cmp udp_source;
		bzero(&udp_source, sizeof(udp_source));
		udp_source.af = af;
		PF_ACPY(&udp_source.addr, saddr, af);
		udp_source.port = sport;
		*udp_mapping = pf_udp_mapping_find(&udp_source);
		if (*udp_mapping) {
			PF_ACPY(naddr, &(*udp_mapping)->endpoints[1].addr, af);
			*nport = (*udp_mapping)->endpoints[1].port;
			/* as per pf_map_addr(): */
			if (*sn == NULL && r->rpool.opts & PF_POOL_STICKYADDR &&
			    (r->rpool.opts & PF_POOL_TYPEMASK) != PF_POOL_NONE)
				*sn = pf_find_src_node(saddr, r, af, 0);
			return (0);
		} else {
			*udp_mapping = pf_udp_mapping_create(af, saddr, sport, &init_addr, 0);
			if (*udp_mapping == NULL)
				return (1);
		}
	}

	bzero(&init_addr, sizeof(init_addr));
	if (pf_map_addr(af, r, saddr, naddr, &init_addr, sn))
		goto failed;

	if (proto == IPPROTO_ICMP) {
		low = 1;


	do {
		PF_ACPY(&key.addr[1], naddr, key.af);
		PF_ACPY(&(*udp_mapping)->endpoints[1].addr, naddr, af);

		/*
		 * port search; start random, step;

		} else if (low == high) {
			key.port[1] = htons(low);
			if (pf_find_state_all(&key, PF_IN, NULL) == NULL) {
				if (proto == IPPROTO_UDP) {
					(*udp_mapping)->endpoints[1].port = htons(low);
					if (pf_udp_mapping_insert(*udp_mapping) == 0) {
						*nport = htons(low);
						return (0);
					}
				} else {
					*nport = htons(low);
					return (0);
				}
			}
		} else {
			uint16_t tmp, cut;

			cut = arc4random() % (1 + high - low) + low;
			/* low <= cut <= high */
			for (tmp = cut; tmp <= high; ++(tmp)) {
				if (proto == IPPROTO_UDP) {
					(*udp_mapping)->endpoints[1].port = htons(tmp);
					if (pf_udp_mapping_insert(*udp_mapping) == 0) {
						*nport = htons(tmp);
						return (0);
					}
				} else {
					key.port[1] = htons(tmp);
					if (pf_find_state_all(&key, PF_IN, NULL) ==
					    NULL) {
						*nport = htons(tmp);
						return (0);
					}
				}
			}
			for (tmp = cut - 1; tmp >= low; --(tmp)) {
				if (proto == IPPROTO_UDP) {
					(*udp_mapping)->endpoints[1].port = htons(tmp);
					if (pf_udp_mapping_insert(*udp_mapping) == 0) {
						*nport = htons(tmp);
						return (0);
					}
				} else {
					key.port[1] = htons(tmp);
					if (pf_find_state_all(&key, PF_IN, NULL) ==
					    NULL) {
						*nport = htons(tmp);
						return (0);
					}
				}
			}
		}

			return (1);
		}
	} while (! PF_AEQ(&init_addr, naddr, af) );
	/* none available */
failed:
	if (*udp_mapping) {
		uma_zfree(V_pf_udp_mapping_z, *udp_mapping);
		*udp_mapping = NULL;
	}
	return (1);
}

int

    struct pfi_kif *kif, struct pf_src_node **sn,
    struct pf_state_key **skp, struct pf_state_key **nkp,
    struct pf_addr *saddr, struct pf_addr *daddr,
    uint16_t sport, uint16_t dport, struct pf_anchor_stackframe *anchor_stack,
    struct pf_udp_mapping **udp_mapping)
{
	struct pf_rule	*r = NULL;
	struct pf_addr	*naddr;

	case PF_NAT:
		if (pf_get_sport(pd->af, pd->proto, r, saddr, sport, daddr,
		    dport, naddr, nport, r->rpool.proxy_port[0],
		    r->rpool.proxy_port[1], sn, udp_mapping)) {
			DPFPRINTF(PF_DEBUG_MISC,
			    ("pf: NAT proxy port allocation (%u-%u) failed\n",
			    r->rpool.proxy_port[0], r->rpool.proxy_port[1]));

Return to bug 219803

Lines 683-688 struct pf_state_peer { Link Here

(-)b/sys/net/pfvar.h (-1 / +43 lines)
683	u_int8_t pad[1];	683	u_int8_t pad[1];
684	};	684	};
685		685
		686	/* Keep synced with struct pf_udp_endpoint. */
		687	struct pf_udp_endpoint_cmp {
		688	struct pf_addr addr;
		689	u_int16_t port;
		690	sa_family_t af;
		691	u_int8_t pad[1];
		692	};
		693
		694	struct pf_udp_endpoint {
		695	struct pf_addr addr;
		696	u_int16_t port;
		697	sa_family_t af;
		698	u_int8_t pad[1];
		699
		700	struct pf_udp_mapping *mapping;
		701	LIST_ENTRY(pf_udp_endpoint) entry;
		702	};
		703
		704	struct pf_udp_mapping {
		705	struct pf_udp_endpoint endpoints[2];
		706	u_int refs;
		707	};
		708
686	/* Keep synced with struct pf_state_key. */	709	/* Keep synced with struct pf_state_key. */
687	struct pf_state_key_cmp {	710	struct pf_state_key_cmp {
688	struct pf_addr addr[2];	711	struct pf_addr addr[2];
Lines 728-733 struct pf_state { Link Here
728	union pf_rule_ptr nat_rule;	751	union pf_rule_ptr nat_rule;
729	struct pf_addr rt_addr;	752	struct pf_addr rt_addr;
730	struct pf_state_key key[2]; / addresses stack and wire */	753	struct pf_state_key key[2]; / addresses stack and wire */
		754	struct pf_udp_mapping *udp_mapping;
731	struct pfi_kif *kif;	755	struct pfi_kif *kif;
732	struct pfi_kif *rt_kif;	756	struct pfi_kif *rt_kif;
733	struct pf_src_node *src_node;	757	struct pf_src_node *src_node;
Lines 1452-1457 struct pf_srchash { Link Here
1452	struct mtx lock;	1476	struct mtx lock;
1453	};	1477	};
1454		1478
		1479	struct pf_udpendpointhash {
		1480	LIST_HEAD(, pf_udp_endpoint) endpoints;
		1481	struct mtx lock;
		1482	};
		1483
1455	struct pf_keyhash {	1484	struct pf_keyhash {
1456	LIST_HEAD(, pf_state_key) keys;	1485	LIST_HEAD(, pf_state_key) keys;
1457	struct mtx lock;	1486	struct mtx lock;
Lines 1465-1472 struct pf_idhash { Link Here
1465	extern u_long pf_hashmask;	1494	extern u_long pf_hashmask;
1466	extern u_long pf_srchashmask;	1495	extern u_long pf_srchashmask;
1467	#define PF_HASHSIZ (32768)	1496	#define PF_HASHSIZ (32768)
		1497	VNET_DECLARE(struct pf_udpendpointhash *, pf_udpendpointhash);
1468	VNET_DECLARE(struct pf_keyhash *, pf_keyhash);	1498	VNET_DECLARE(struct pf_keyhash *, pf_keyhash);
1469	VNET_DECLARE(struct pf_idhash *, pf_idhash);	1499	VNET_DECLARE(struct pf_idhash *, pf_idhash);
		1500	#define V_pf_udpendpointhash VNET(pf_udpendpointhash)
1470	#define V_pf_keyhash VNET(pf_keyhash)	1501	#define V_pf_keyhash VNET(pf_keyhash)
1471	#define V_pf_idhash VNET(pf_idhash)	1502	#define V_pf_idhash VNET(pf_idhash)
1472	VNET_DECLARE(struct pf_srchash *, pf_srchash);	1503	VNET_DECLARE(struct pf_srchash *, pf_srchash);
Lines 1517-1522 VNET_DECLARE(uma_zone_t, pf_state_z); Link Here
1517	#define V_pf_state_z VNET(pf_state_z)	1548	#define V_pf_state_z VNET(pf_state_z)
1518	VNET_DECLARE(uma_zone_t, pf_state_key_z);	1549	VNET_DECLARE(uma_zone_t, pf_state_key_z);
1519	#define V_pf_state_key_z VNET(pf_state_key_z)	1550	#define V_pf_state_key_z VNET(pf_state_key_z)
		1551	VNET_DECLARE(uma_zone_t, pf_udp_mapping_z);
		1552	#define V_pf_udp_mapping_z VNET(pf_udp_mapping_z)
1520	VNET_DECLARE(uma_zone_t, pf_state_scrub_z);	1553	VNET_DECLARE(uma_zone_t, pf_state_scrub_z);
1521	#define V_pf_state_scrub_z VNET(pf_state_scrub_z)	1554	#define V_pf_state_scrub_z VNET(pf_state_scrub_z)
1522		1555
Lines 1555-1560 pf_release_state(struct pf_state *s) Link Here
1555	extern struct pf_state *pf_find_state_byid(uint64_t, uint32_t);	1588	extern struct pf_state *pf_find_state_byid(uint64_t, uint32_t);
1556	extern struct pf_state pf_find_state_all(struct pf_state_key_cmp ,	1589	extern struct pf_state pf_find_state_all(struct pf_state_key_cmp ,
1557	u_int, int *);	1590	u_int, int *);
		1591	extern struct pf_udp_mapping pf_udp_mapping_find(struct pf_udp_endpoint_cmp endpoint);
		1592	extern struct pf_udp_mapping *pf_udp_mapping_create(sa_family_t af,
		1593	struct pf_addr *src_addr, u_int16_t src_port,
		1594	struct pf_addr *nat_addr, u_int16_t nat_port);
		1595	extern int pf_udp_mapping_insert(struct pf_udp_mapping *mapping);
		1596	extern void pf_udp_mapping_release(struct pf_udp_mapping *mapping);
		1597
		1598
1558	extern struct pf_src_node pf_find_src_node(struct pf_addr ,	1599	extern struct pf_src_node pf_find_src_node(struct pf_addr ,
1559	struct pf_rule *, sa_family_t, int);	1600	struct pf_rule *, sa_family_t, int);
1560	extern void pf_unlink_src_node(struct pf_src_node *);	1601	extern void pf_unlink_src_node(struct pf_src_node *);
Lines 1749-1755 struct pf_rule pf_get_translation(struct pf_pdesc , struct mbuf *, Link Here
1749	int, int, struct pfi_kif , struct pf_src_node *,	1790	int, int, struct pfi_kif , struct pf_src_node *,
1750	struct pf_state_key , struct pf_state_key ,	1791	struct pf_state_key , struct pf_state_key ,
1751	struct pf_addr , struct pf_addr ,	1792	struct pf_addr , struct pf_addr ,
1752	uint16_t, uint16_t, struct pf_anchor_stackframe *);	1793	uint16_t, uint16_t, struct pf_anchor_stackframe *,
		1794	struct pf_udp_mapping **udp_mapping);
1753		1795
1754	struct pf_state_key pf_state_key_setup(struct pf_pdesc , struct pf_addr *,	1796	struct pf_state_key pf_state_key_setup(struct pf_pdesc , struct pf_addr *,
1755	struct pf_addr *, u_int16_t, u_int16_t);	1797	struct pf_addr *, u_int16_t, u_int16_t);

Lines 63-69 static struct pf_rule pf_match_translation(struct pf_pdesc , struct mbuf *, Link Here

(-)b/sys/netpfil/pf/pf_lb.c (-18 / +73 lines)
63	uint16_t, int, struct pf_anchor_stackframe *);	63	uint16_t, int, struct pf_anchor_stackframe *);
64	static int pf_get_sport(sa_family_t, uint8_t, struct pf_rule *,	64	static int pf_get_sport(sa_family_t, uint8_t, struct pf_rule *,
65	struct pf_addr , uint16_t, struct pf_addr , uint16_t, struct pf_addr *,	65	struct pf_addr , uint16_t, struct pf_addr , uint16_t, struct pf_addr *,
66	uint16_t , uint16_t, uint16_t, struct pf_src_node *);	66	uint16_t , uint16_t, uint16_t, struct pf_src_node *,
		67	struct pf_udp_mapping**);
67		68
68	#define mix(a,b,c) \	69	#define mix(a,b,c) \
69	do { \	70	do { \
Lines 214-227 static int Link Here
214	pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_rule *r,	215	pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_rule *r,
215	struct pf_addr saddr, uint16_t sport, struct pf_addr daddr,	216	struct pf_addr saddr, uint16_t sport, struct pf_addr daddr,
216	uint16_t dport, struct pf_addr naddr, uint16_t nport, uint16_t low,	217	uint16_t dport, struct pf_addr naddr, uint16_t nport, uint16_t low,
217	uint16_t high, struct pf_src_node **sn)	218	uint16_t high, struct pf_src_node sn, struct pf_udp_mapping udp_mapping)
218	{	219	{
219	struct pf_state_key_cmp key;	220	struct pf_state_key_cmp key;
220	struct pf_addr init_addr;	221	struct pf_addr init_addr;
221		222
		223	if (proto == IPPROTO_UDP) {
		224	struct pf_udp_endpoint_cmp udp_source;
		225	bzero(&udp_source, sizeof(udp_source));
		226	udp_source.af = af;
		227	PF_ACPY(&udp_source.addr, saddr, af);
		228	udp_source.port = sport;
		229	*udp_mapping = pf_udp_mapping_find(&udp_source);
		230	if (*udp_mapping) {
		231	PF_ACPY(naddr, &(*udp_mapping)->endpoints[1].addr, af);
		232	nport = (udp_mapping)->endpoints[1].port;
		233	/* as per pf_map_addr(): */
		234	if (*sn == NULL && r->rpool.opts & PF_POOL_STICKYADDR &&
		235	(r->rpool.opts & PF_POOL_TYPEMASK) != PF_POOL_NONE)
		236	*sn = pf_find_src_node(saddr, r, af, 0);
		237	return (0);
		238	} else {
		239	*udp_mapping = pf_udp_mapping_create(af, saddr, sport, &init_addr, 0);
		240	if (*udp_mapping == NULL)
		241	return (1);
		242	}
		243	}
		244
222	bzero(&init_addr, sizeof(init_addr));	245	bzero(&init_addr, sizeof(init_addr));
223	if (pf_map_addr(af, r, saddr, naddr, &init_addr, sn))	246	if (pf_map_addr(af, r, saddr, naddr, &init_addr, sn))
224	return (1);	247	goto failed;
225		248
226	if (proto == IPPROTO_ICMP) {	249	if (proto == IPPROTO_ICMP) {
227	low = 1;	250	low = 1;
Lines 236-241 pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_rule *r, Link Here
236		259
237	do {	260	do {
238	PF_ACPY(&key.addr[1], naddr, key.af);	261	PF_ACPY(&key.addr[1], naddr, key.af);
		262	PF_ACPY(&(*udp_mapping)->endpoints[1].addr, naddr, af);
239		263
240	/*	264	/*
241	* port search; start random, step;	265	* port search; start random, step;
Lines 255-262 pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_rule *r, Link Here
255	} else if (low == high) {	279	} else if (low == high) {
256	key.port[1] = htons(low);	280	key.port[1] = htons(low);
257	if (pf_find_state_all(&key, PF_IN, NULL) == NULL) {	281	if (pf_find_state_all(&key, PF_IN, NULL) == NULL) {
258	*nport = htons(low);	282	if (proto == IPPROTO_UDP) {
259	return (0);	283	(*udp_mapping)->endpoints[1].port = htons(low);
		284	if (pf_udp_mapping_insert(*udp_mapping) == 0) {
		285	*nport = htons(low);
		286	return (0);
		287	}
		288	} else {
		289	*nport = htons(low);
		290	return (0);
		291	}
260	}	292	}
261	} else {	293	} else {
262	uint16_t tmp, cut;	294	uint16_t tmp, cut;
Lines 270-288 pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_rule *r, Link Here
270	cut = arc4random() % (1 + high - low) + low;	302	cut = arc4random() % (1 + high - low) + low;
271	/* low <= cut <= high */	303	/* low <= cut <= high */
272	for (tmp = cut; tmp <= high; ++(tmp)) {	304	for (tmp = cut; tmp <= high; ++(tmp)) {
273	key.port[1] = htons(tmp);	305	if (proto == IPPROTO_UDP) {
274	if (pf_find_state_all(&key, PF_IN, NULL) ==	306	(*udp_mapping)->endpoints[1].port = htons(tmp);
275	NULL) {	307	if (pf_udp_mapping_insert(*udp_mapping) == 0) {
276	*nport = htons(tmp);	308	*nport = htons(tmp);
277	return (0);	309	return (0);
		310	}
		311	} else {
		312	key.port[1] = htons(tmp);
		313	if (pf_find_state_all(&key, PF_IN, NULL) ==
		314	NULL) {
		315	*nport = htons(tmp);
		316	return (0);
		317	}
278	}	318	}
279	}	319	}
280	for (tmp = cut - 1; tmp >= low; --(tmp)) {	320	for (tmp = cut - 1; tmp >= low; --(tmp)) {
281	key.port[1] = htons(tmp);	321	if (proto == IPPROTO_UDP) {
282	if (pf_find_state_all(&key, PF_IN, NULL) ==	322	(*udp_mapping)->endpoints[1].port = htons(tmp);
283	NULL) {	323	if (pf_udp_mapping_insert(*udp_mapping) == 0) {
284	*nport = htons(tmp);	324	*nport = htons(tmp);
285	return (0);	325	return (0);
		326	}
		327	} else {
		328	key.port[1] = htons(tmp);
		329	if (pf_find_state_all(&key, PF_IN, NULL) ==
		330	NULL) {
		331	*nport = htons(tmp);
		332	return (0);
		333	}
286	}	334	}
287	}	335	}
288	}	336	}
Lines 300-306 pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_rule *r, Link Here
300	return (1);	348	return (1);
301	}	349	}
302	} while (! PF_AEQ(&init_addr, naddr, af) );	350	} while (! PF_AEQ(&init_addr, naddr, af) );
303	return (1); /* none available */	351	/* none available */
		352	failed:
		353	if (*udp_mapping) {
		354	uma_zfree(V_pf_udp_mapping_z, *udp_mapping);
		355	*udp_mapping = NULL;
		356	}
		357	return (1);
304	}	358	}
305		359
306	int	360	int
Lines 512-518 pf_get_translation(struct pf_pdesc pd, struct mbuf m, int off, int direction, Link Here
512	struct pfi_kif kif, struct pf_src_node *sn,	566	struct pfi_kif kif, struct pf_src_node *sn,
513	struct pf_state_key skp, struct pf_state_key nkp,	567	struct pf_state_key skp, struct pf_state_key nkp,
514	struct pf_addr saddr, struct pf_addr daddr,	568	struct pf_addr saddr, struct pf_addr daddr,
515	uint16_t sport, uint16_t dport, struct pf_anchor_stackframe *anchor_stack)	569	uint16_t sport, uint16_t dport, struct pf_anchor_stackframe *anchor_stack,
		570	struct pf_udp_mapping **udp_mapping)
516	{	571	{
517	struct pf_rule *r = NULL;	572	struct pf_rule *r = NULL;
518	struct pf_addr *naddr;	573	struct pf_addr *naddr;
Lines 566-572 pf_get_translation(struct pf_pdesc pd, struct mbuf m, int off, int direction, Link Here
566	case PF_NAT:	621	case PF_NAT:
567	if (pf_get_sport(pd->af, pd->proto, r, saddr, sport, daddr,	622	if (pf_get_sport(pd->af, pd->proto, r, saddr, sport, daddr,
568	dport, naddr, nport, r->rpool.proxy_port[0],	623	dport, naddr, nport, r->rpool.proxy_port[0],
569	r->rpool.proxy_port[1], sn)) {	624	r->rpool.proxy_port[1], sn, udp_mapping)) {
570	DPFPRINTF(PF_DEBUG_MISC,	625	DPFPRINTF(PF_DEBUG_MISC,
571	("pf: NAT proxy port allocation (%u-%u) failed\n",	626	("pf: NAT proxy port allocation (%u-%u) failed\n",
572	r->rpool.proxy_port[0], r->rpool.proxy_port[1]));	627	r->rpool.proxy_port[0], r->rpool.proxy_port[1]));

Lines 194-199 static VNET_DEFINE(uma_zone_t, pf_sources_z); Link Here

(-)b/sys/netpfil/pf/pf.c (-9 / +153 lines)
194	uma_zone_t pf_mtag_z;	194	uma_zone_t pf_mtag_z;
195	VNET_DEFINE(uma_zone_t, pf_state_z);	195	VNET_DEFINE(uma_zone_t, pf_state_z);
196	VNET_DEFINE(uma_zone_t, pf_state_key_z);	196	VNET_DEFINE(uma_zone_t, pf_state_key_z);
		197	VNET_DEFINE(uma_zone_t, pf_udp_mapping_z);
197		198
198	VNET_DEFINE(uint64_t, pf_stateid[MAXCPU]);	199	VNET_DEFINE(uint64_t, pf_stateid[MAXCPU]);
199	#define PFID_CPUBITS 8	200	#define PFID_CPUBITS 8
Lines 241-247 static int pf_create_state(struct pf_rule , struct pf_rule , Link Here
241	struct pf_state_key , struct mbuf , int,	242	struct pf_state_key , struct mbuf , int,
242	u_int16_t, u_int16_t, int , struct pfi_kif ,	243	u_int16_t, u_int16_t, int , struct pfi_kif ,
243	struct pf_state **, int, u_int16_t, u_int16_t,	244	struct pf_state **, int, u_int16_t, u_int16_t,
244	int);	245	int, struct pf_udp_mapping *);
245	static int pf_test_fragment(struct pf_rule **, int,	246	static int pf_test_fragment(struct pf_rule **, int,
246	struct pfi_kif , struct mbuf , void *,	247	struct pfi_kif , struct mbuf , void *,
247	struct pf_pdesc , struct pf_rule *,	248	struct pf_pdesc , struct pf_rule *,
Lines 356-361 static MALLOC_DEFINE(M_PFHASH, "pf_hash", "pf(4) hash header structures"); Link Here
356	VNET_DEFINE(struct pf_keyhash *, pf_keyhash);	357	VNET_DEFINE(struct pf_keyhash *, pf_keyhash);
357	VNET_DEFINE(struct pf_idhash *, pf_idhash);	358	VNET_DEFINE(struct pf_idhash *, pf_idhash);
358	VNET_DEFINE(struct pf_srchash *, pf_srchash);	359	VNET_DEFINE(struct pf_srchash *, pf_srchash);
		360	VNET_DEFINE(struct pf_udpendpointhash *, pf_udpendpointhash);
359		361
360	SYSCTL_NODE(_net, OID_AUTO, pf, CTLFLAG_RW, 0, "pf(4)");	362	SYSCTL_NODE(_net, OID_AUTO, pf, CTLFLAG_RW, 0, "pf(4)");
361		363
Lines 426-431 pf_hashkey(struct pf_state_key *sk) Link Here
426	}	428	}
427		429
428	static __inline uint32_t	430	static __inline uint32_t
		431	pf_hashudpendpoint(struct pf_udp_endpoint *endpoint)
		432	{
		433	uint32_t h;
		434
		435	h = murmur3_32_hash32((uint32_t *)endpoint,
		436	sizeof(struct pf_udp_endpoint_cmp)/sizeof(uint32_t),
		437	V_pf_hashseed);
		438
		439	return (h & pf_hashmask);
		440	}
		441
		442	static __inline uint32_t
429	pf_hashsrc(struct pf_addr *addr, sa_family_t af)	443	pf_hashsrc(struct pf_addr *addr, sa_family_t af)
430	{	444	{
431	uint32_t h;	445	uint32_t h;
Lines 779-784 pf_initialize() Link Here
779	{	793	{
780	struct pf_keyhash *kh;	794	struct pf_keyhash *kh;
781	struct pf_idhash *ih;	795	struct pf_idhash *ih;
		796	struct pf_udpendpointhash *uh;
782	struct pf_srchash *sh;	797	struct pf_srchash *sh;
783	u_int i;	798	u_int i;
784		799
Lines 799-813 pf_initialize() Link Here
799	V_pf_state_key_z = uma_zcreate("pf state keys",	814	V_pf_state_key_z = uma_zcreate("pf state keys",
800	sizeof(struct pf_state_key), pf_state_key_ctor, NULL, NULL, NULL,	815	sizeof(struct pf_state_key), pf_state_key_ctor, NULL, NULL, NULL,
801	UMA_ALIGN_PTR, 0);	816	UMA_ALIGN_PTR, 0);
		817	V_pf_udp_mapping_z = uma_zcreate("pf UDP mappings",
		818	sizeof(struct pf_udp_mapping), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
802	V_pf_keyhash = malloc(pf_hashsize * sizeof(struct pf_keyhash),	819	V_pf_keyhash = malloc(pf_hashsize * sizeof(struct pf_keyhash),
803	M_PFHASH, M_WAITOK \| M_ZERO);	820	M_PFHASH, M_WAITOK \| M_ZERO);
804	V_pf_idhash = malloc(pf_hashsize * sizeof(struct pf_idhash),	821	V_pf_idhash = malloc(pf_hashsize * sizeof(struct pf_idhash),
805	M_PFHASH, M_WAITOK \| M_ZERO);	822	M_PFHASH, M_WAITOK \| M_ZERO);
		823	V_pf_udpendpointhash = malloc(pf_hashsize * sizeof(struct pf_udpendpointhash),
		824	M_PFHASH, M_WAITOK \| M_ZERO);
806	pf_hashmask = pf_hashsize - 1;	825	pf_hashmask = pf_hashsize - 1;
807	for (i = 0, kh = V_pf_keyhash, ih = V_pf_idhash; i <= pf_hashmask;	826	for (i = 0, kh = V_pf_keyhash, ih = V_pf_idhash, uh=V_pf_udpendpointhash; i <= pf_hashmask;
808	i++, kh++, ih++) {	827	i++, kh++, ih++, uh++) {
809	mtx_init(&kh->lock, "pf_keyhash", NULL, MTX_DEF \| MTX_DUPOK);	828	mtx_init(&kh->lock, "pf_keyhash", NULL, MTX_DEF \| MTX_DUPOK);
810	mtx_init(&ih->lock, "pf_idhash", NULL, MTX_DEF);	829	mtx_init(&ih->lock, "pf_idhash", NULL, MTX_DEF);
		830	mtx_init(&uh->lock, "pf_udpendpointhash", NULL, MTX_DEF \| MTX_DUPOK);
811	}	831	}
812		832
813	/* Source nodes. */	833	/* Source nodes. */
Lines 851-871 pf_cleanup() Link Here
851	{	871	{
852	struct pf_keyhash *kh;	872	struct pf_keyhash *kh;
853	struct pf_idhash *ih;	873	struct pf_idhash *ih;
		874	struct pf_udpendpointhash *uh;
854	struct pf_srchash *sh;	875	struct pf_srchash *sh;
855	struct pf_send_entry pfse, next;	876	struct pf_send_entry pfse, next;
856	u_int i;	877	u_int i;
857		878
858	for (i = 0, kh = V_pf_keyhash, ih = V_pf_idhash; i <= pf_hashmask;	879	for (i = 0, kh = V_pf_keyhash, ih = V_pf_idhash, uh=V_pf_udpendpointhash; i <= pf_hashmask;
859	i++, kh++, ih++) {	880	i++, kh++, ih++, uh++) {
860	KASSERT(LIST_EMPTY(&kh->keys), ("%s: key hash not empty",	881	KASSERT(LIST_EMPTY(&kh->keys), ("%s: key hash not empty",
861	__func__));	882	__func__));
862	KASSERT(LIST_EMPTY(&ih->states), ("%s: id hash not empty",	883	KASSERT(LIST_EMPTY(&ih->states), ("%s: id hash not empty",
863	__func__));	884	__func__));
		885	KASSERT(LIST_EMPTY(&uh->endpoints), ("%s: udpendpoint hash not empty",
		886	__func__));
864	mtx_destroy(&kh->lock);	887	mtx_destroy(&kh->lock);
865	mtx_destroy(&ih->lock);	888	mtx_destroy(&ih->lock);
		889	mtx_destroy(&uh->lock);
866	}	890	}
867	free(V_pf_keyhash, M_PFHASH);	891	free(V_pf_keyhash, M_PFHASH);
868	free(V_pf_idhash, M_PFHASH);	892	free(V_pf_idhash, M_PFHASH);
		893	free(V_pf_udpendpointhash, M_PFHASH);
869		894
870	for (i = 0, sh = V_pf_srchash; i <= pf_srchashmask; i++, sh++) {	895	for (i = 0, sh = V_pf_srchash; i <= pf_srchashmask; i++, sh++) {
871	KASSERT(LIST_EMPTY(&sh->nodes),	896	KASSERT(LIST_EMPTY(&sh->nodes),
Lines 882-887 pf_cleanup() Link Here
882	uma_zdestroy(V_pf_sources_z);	907	uma_zdestroy(V_pf_sources_z);
883	uma_zdestroy(V_pf_state_z);	908	uma_zdestroy(V_pf_state_z);
884	uma_zdestroy(V_pf_state_key_z);	909	uma_zdestroy(V_pf_state_key_z);
		910	uma_zdestroy(V_pf_udp_mapping_z);
885	}	911	}
886		912
887	static int	913	static int
Lines 1369-1374 second_run: Link Here
1369	return (ret);	1395	return (ret);
1370	}	1396	}
1371		1397
		1398	struct pf_udp_mapping*
		1399	pf_udp_mapping_create(sa_family_t af, struct pf_addr *src_addr, u_int16_t src_port,
		1400	struct pf_addr *nat_addr, u_int16_t nat_port)
		1401	{
		1402	struct pf_udp_mapping *mapping = uma_zalloc(V_pf_udp_mapping_z, M_NOWAIT \| M_ZERO);
		1403	if (mapping == NULL)
		1404	return NULL;
		1405	PF_ACPY(&mapping->endpoints[0].addr, src_addr, af);
		1406	mapping->endpoints[0].port = src_port;
		1407	mapping->endpoints[0].af = af;
		1408	mapping->endpoints[0].mapping = mapping;
		1409	PF_ACPY(&mapping->endpoints[1].addr, nat_addr, af);
		1410	mapping->endpoints[1].port = nat_port;
		1411	mapping->endpoints[1].af = af;
		1412	mapping->endpoints[1].mapping = mapping;
		1413	refcount_init(&mapping->refs, 1);
		1414	return mapping;
		1415	}
		1416
		1417	int
		1418	pf_udp_mapping_insert(struct pf_udp_mapping *mapping)
		1419	{
		1420	struct pf_udpendpointhash h0, h1;
		1421	struct pf_udp_endpoint *endpoint;
		1422	int ret = 1;
		1423
		1424	h0 = &V_pf_udpendpointhash[pf_hashudpendpoint(&mapping->endpoints[0])];
		1425	h1 = &V_pf_udpendpointhash[pf_hashudpendpoint(&mapping->endpoints[1])];
		1426	if (h0 == h1) {
		1427	PF_HASHROW_LOCK(h0);
		1428	} else if (h0 < h1) {
		1429	PF_HASHROW_LOCK(h0);
		1430	PF_HASHROW_LOCK(h1);
		1431	} else {
		1432	PF_HASHROW_LOCK(h1);
		1433	PF_HASHROW_LOCK(h0);
		1434	}
		1435
		1436	LIST_FOREACH(endpoint, &h0->endpoints, entry)
		1437	if (bcmp(endpoint, &mapping->endpoints[0], sizeof(struct pf_udp_endpoint_cmp)) == 0)
		1438	break;
		1439	if (endpoint != NULL)
		1440	goto cleanup;
		1441	LIST_FOREACH(endpoint, &h1->endpoints, entry)
		1442	if (bcmp(endpoint, &mapping->endpoints[1], sizeof(struct pf_udp_endpoint_cmp)) == 0)
		1443	break;
		1444	if (endpoint != NULL)
		1445	goto cleanup;
		1446	LIST_INSERT_HEAD(&h0->endpoints, &mapping->endpoints[0], entry);
		1447	LIST_INSERT_HEAD(&h1->endpoints, &mapping->endpoints[1], entry);
		1448	ret = 0;
		1449
		1450	cleanup:
		1451	if (h0 != h1) {
		1452	PF_HASHROW_UNLOCK(h0);
		1453	PF_HASHROW_UNLOCK(h1);
		1454	} else {
		1455	PF_HASHROW_UNLOCK(h0);
		1456	}
		1457	return ret;
		1458	}
		1459
		1460	void
		1461	pf_udp_mapping_release(struct pf_udp_mapping *mapping)
1462	{
1463	/* refcount is synchronized on the source endpoint's row lock */
1464	struct pf_udpendpointhash h0, h1;
1465	h0 = &V_pf_udpendpointhash[pf_hashudpendpoint(&mapping->endpoints[0])];
1466	PF_HASHROW_LOCK(h0);
1467	if (refcount_release(&mapping->refs)) {
1468	LIST_REMOVE(&mapping->endpoints[0], entry);
1469	PF_HASHROW_UNLOCK(h0);
1470	h1 = &V_pf_udpendpointhash[pf_hashudpendpoint(&mapping->endpoints[1])];
1471	PF_HASHROW_LOCK(h1);
1472	LIST_REMOVE(&mapping->endpoints[1], entry);
1473	PF_HASHROW_UNLOCK(h1);
1474
1475	uma_zfree(V_pf_udp_mapping_z, mapping);
1476	} else {
1477	PF_HASHROW_UNLOCK(h0);
1478	}
1479	}
1480
1481	struct pf_udp_mapping *
1482	pf_udp_mapping_find(struct pf_udp_endpoint_cmp *key)
1483	{
1484	struct pf_udpendpointhash *uh;
1485	struct pf_udp_endpoint *endpoint;
1486
1487	uh = &V_pf_udpendpointhash[pf_hashudpendpoint((struct pf_udp_endpoint*)key)];
1488
1489	PF_HASHROW_LOCK(uh);
1490	LIST_FOREACH(endpoint, &uh->endpoints, entry)
1491	if (bcmp(endpoint, key, sizeof(struct pf_udp_endpoint_cmp)) == 0 &&
1492	bcmp(endpoint, &endpoint->mapping->endpoints[0], sizeof(struct pf_udp_endpoint_cmp)) == 0)
1493	break;
1494	if (endpoint == NULL) {
1495	PF_HASHROW_UNLOCK(uh);
1496	return NULL;
1497	}
1498	refcount_acquire(&endpoint->mapping->refs);
1499	PF_HASHROW_UNLOCK(uh);
1500	return endpoint->mapping;
1501	}
1502
1372	/* END state table stuff */	1503	/* END state table stuff */
1373		1504
1374	static void	1505	static void
Lines 1650-1655 pf_unlink_state(struct pf_state *s, u_int flags) Link Here
1650	pf_detach_state(s);	1781	pf_detach_state(s);
1651	refcount_release(&s->refs);	1782	refcount_release(&s->refs);
1652		1783
		1784	if (s->udp_mapping)
		1785	pf_udp_mapping_release(s->udp_mapping);
		1786
1653	return (pf_release_state(s));	1787	return (pf_release_state(s));
1654	}	1788	}
1655		1789
Lines 3136-3141 pf_test_rule(struct pf_rule rm, struct pf_state sm, int direction, Link Here
3136	u_int16_t bproto_sum = 0, bip_sum = 0;	3270	u_int16_t bproto_sum = 0, bip_sum = 0;
3137	u_int8_t icmptype = 0, icmpcode = 0;	3271	u_int8_t icmptype = 0, icmpcode = 0;
3138	struct pf_anchor_stackframe anchor_stack[PF_ANCHOR_STACKSIZE];	3272	struct pf_anchor_stackframe anchor_stack[PF_ANCHOR_STACKSIZE];
		3273	struct pf_udp_mapping *udp_mapping = NULL;
3139		3274
3140	PF_RULES_RASSERT();	3275	PF_RULES_RASSERT();
3141		3276
Lines 3199-3205 pf_test_rule(struct pf_rule rm, struct pf_state sm, int direction, Link Here
3199		3334
3200	/* check packet for BINAT/NAT/RDR */	3335	/* check packet for BINAT/NAT/RDR */
3201	if ((nr = pf_get_translation(pd, m, off, direction, kif, &nsn, &sk,	3336	if ((nr = pf_get_translation(pd, m, off, direction, kif, &nsn, &sk,
3202	&nk, saddr, daddr, sport, dport, anchor_stack)) != NULL) {	3337	&nk, saddr, daddr, sport, dport, anchor_stack, &udp_mapping)) != NULL) {
3203	KASSERT(sk != NULL, ("%s: null sk", __func__));	3338	KASSERT(sk != NULL, ("%s: null sk", __func__));
3204	KASSERT(nk != NULL, ("%s: null nk", __func__));	3339	KASSERT(nk != NULL, ("%s: null nk", __func__));
3205		3340
Lines 3506-3519 pf_test_rule(struct pf_rule rm, struct pf_state sm, int direction, Link Here
3506	int action;	3641	int action;
3507	action = pf_create_state(r, nr, a, pd, nsn, nk, sk, m, off,	3642	action = pf_create_state(r, nr, a, pd, nsn, nk, sk, m, off,
3508	sport, dport, &rewrite, kif, sm, tag, bproto_sum, bip_sum,	3643	sport, dport, &rewrite, kif, sm, tag, bproto_sum, bip_sum,
3509	hdrlen);	3644	hdrlen, udp_mapping);
3510	if (action != PF_PASS)	3645	if (action != PF_PASS) {
		3646	if (udp_mapping != NULL)
		3647	pf_udp_mapping_release(udp_mapping);
3511	return (action);	3648	return (action);
		3649	}
3512	} else {	3650	} else {
3513	if (sk != NULL)	3651	if (sk != NULL)
3514	uma_zfree(V_pf_state_key_z, sk);	3652	uma_zfree(V_pf_state_key_z, sk);
3515	if (nk != NULL)	3653	if (nk != NULL)
3516	uma_zfree(V_pf_state_key_z, nk);	3654	uma_zfree(V_pf_state_key_z, nk);
		3655	if (udp_mapping != NULL)
		3656	pf_udp_mapping_release(udp_mapping);
3517	}	3657	}
3518		3658
3519	/* copy back packet headers if we performed NAT operations */	3659	/* copy back packet headers if we performed NAT operations */
Lines 3538-3543 cleanup: Link Here
3538	uma_zfree(V_pf_state_key_z, sk);	3678	uma_zfree(V_pf_state_key_z, sk);
3539	if (nk != NULL)	3679	if (nk != NULL)
3540	uma_zfree(V_pf_state_key_z, nk);	3680	uma_zfree(V_pf_state_key_z, nk);
		3681	if (udp_mapping != NULL)
		3682	pf_udp_mapping_release(udp_mapping);
3541	return (PF_DROP);	3683	return (PF_DROP);
3542	}	3684	}
3543		3685
Lines 3546-3552 pf_create_state(struct pf_rule r, struct pf_rule nr, struct pf_rule *a, Link Here
3546	struct pf_pdesc pd, struct pf_src_node nsn, struct pf_state_key *nk,	3688	struct pf_pdesc pd, struct pf_src_node nsn, struct pf_state_key *nk,
3547	struct pf_state_key sk, struct mbuf m, int off, u_int16_t sport,	3689	struct pf_state_key sk, struct mbuf m, int off, u_int16_t sport,
3548	u_int16_t dport, int rewrite, struct pfi_kif kif, struct pf_state **sm,	3690	u_int16_t dport, int rewrite, struct pfi_kif kif, struct pf_state **sm,
3549	int tag, u_int16_t bproto_sum, u_int16_t bip_sum, int hdrlen)	3691	int tag, u_int16_t bproto_sum, u_int16_t bip_sum, int hdrlen,
		3692	struct pf_udp_mapping *udp_mapping)
3550	{	3693	{
3551	struct pf_state *s = NULL;	3694	struct pf_state *s = NULL;
3552	struct pf_src_node *sn = NULL;	3695	struct pf_src_node *sn = NULL;
Lines 3752-3757 pf_create_state(struct pf_rule r, struct pf_rule nr, struct pf_rule *a, Link Here
3752	REASON_SET(&reason, PFRES_SYNPROXY);	3895	REASON_SET(&reason, PFRES_SYNPROXY);
3753	return (PF_SYNPROXY_DROP);	3896	return (PF_SYNPROXY_DROP);
3754	}	3897	}
		3898	s->udp_mapping = udp_mapping;
3755		3899
3756	return (PF_PASS);	3900	return (PF_PASS);
3757		3901