ip_htable.c revision 1.2
1 1.2 christos /* $NetBSD: ip_htable.c,v 1.2 2012/03/23 20:39:50 christos Exp $ */ 2 1.1 christos 3 1.1 christos /* 4 1.1 christos * Copyright (C) 2012 by Darren Reed. 5 1.1 christos * 6 1.1 christos * See the IPFILTER.LICENCE file for details on licencing. 7 1.1 christos */ 8 1.1 christos #if defined(KERNEL) || defined(_KERNEL) 9 1.1 christos # undef KERNEL 10 1.1 christos # undef _KERNEL 11 1.1 christos # define KERNEL 1 12 1.1 christos # define _KERNEL 1 13 1.1 christos #endif 14 1.1 christos #include <sys/param.h> 15 1.2 christos #if defined(__NetBSD__) 16 1.2 christos # if (NetBSD >= 199905) && !defined(IPFILTER_LKM) && defined(_KERNEL) 17 1.2 christos # include "opt_ipfilter.h" 18 1.2 christos # endif 19 1.2 christos #endif 20 1.1 christos #include <sys/types.h> 21 1.1 christos #include <sys/errno.h> 22 1.1 christos #include <sys/time.h> 23 1.1 christos #include <sys/file.h> 24 1.1 christos #if !defined(_KERNEL) 25 1.1 christos # include <stdlib.h> 26 1.1 christos # include <string.h> 27 1.1 christos # define _KERNEL 28 1.1 christos # ifdef __OpenBSD__ 29 1.1 christos struct file; 30 1.1 christos # endif 31 1.1 christos # include <sys/uio.h> 32 1.1 christos # undef _KERNEL 33 1.1 christos #endif 34 1.1 christos #include <sys/socket.h> 35 1.1 christos #if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000) 36 1.1 christos # include <sys/malloc.h> 37 1.1 christos #endif 38 1.1 christos #if defined(__FreeBSD__) 39 1.1 christos # include <sys/cdefs.h> 40 1.1 christos # include <sys/proc.h> 41 1.1 christos #endif 42 1.1 christos #if !defined(__svr4__) && !defined(__SVR4) && !defined(__hpux) && \ 43 1.1 christos !defined(linux) 44 1.1 christos # include <sys/mbuf.h> 45 1.1 christos #endif 46 1.1 christos #if defined(_KERNEL) 47 1.1 christos # include <sys/systm.h> 48 1.1 christos #else 49 1.1 christos # include "ipf.h" 50 1.1 christos #endif 51 1.1 christos #include <netinet/in.h> 52 1.1 christos #include <net/if.h> 53 1.1 christos 54 1.1 christos #include "netinet/ip_compat.h" 55 1.1 christos #include "netinet/ip_fil.h" 56 1.1 christos #include "netinet/ip_lookup.h" 57 1.1 christos #include "netinet/ip_htable.h" 58 1.1 christos /* END OF INCLUDES */ 59 1.1 christos 60 1.1 christos #if !defined(lint) 61 1.2 christos #if defined(__NetBSD__) 62 1.2 christos #include <sys/cdefs.h> 63 1.2 christos __KERNEL_RCSID(0, "$NetBSD: ip_htable.c,v 1.2 2012/03/23 20:39:50 christos Exp $"); 64 1.2 christos #else 65 1.2 christos static const char rcsid[] = "@(#)Id: ip_htable.c,v 2.64.2.11 2012/01/29 05:30:36 darrenr Exp"; 66 1.2 christos #endif 67 1.1 christos #endif 68 1.1 christos 69 1.1 christos # ifdef USE_INET6 70 1.2 christos static iphtent_t *ipf_iphmfind6(iphtable_t *, i6addr_t *); 71 1.1 christos # endif 72 1.2 christos static iphtent_t *ipf_iphmfind(iphtable_t *, struct in_addr *); 73 1.2 christos static int ipf_iphmfindip(ipf_main_softc_t *, void *, int, void *, u_int); 74 1.2 christos static int ipf_htable_clear(ipf_main_softc_t *, void *, iphtable_t *); 75 1.2 christos static int ipf_htable_create(ipf_main_softc_t *, void *, iplookupop_t *); 76 1.2 christos static int ipf_htable_deref(ipf_main_softc_t *, void *, void *); 77 1.2 christos static int ipf_htable_destroy(ipf_main_softc_t *, void *, int, char *); 78 1.2 christos static void *ipf_htable_exists(void *, int, char *); 79 1.2 christos static size_t ipf_htable_flush(ipf_main_softc_t *, void *, 80 1.2 christos iplookupflush_t *); 81 1.2 christos static void ipf_htable_free(void *, iphtable_t *); 82 1.2 christos static int ipf_htable_iter_deref(ipf_main_softc_t *, void *, int, 83 1.2 christos int, void *); 84 1.2 christos static int ipf_htable_iter_next(ipf_main_softc_t *, void *, ipftoken_t *, 85 1.2 christos ipflookupiter_t *); 86 1.2 christos static int ipf_htable_node_add(ipf_main_softc_t *, void *, 87 1.2 christos iplookupop_t *, int); 88 1.2 christos static int ipf_htable_node_del(ipf_main_softc_t *, void *, 89 1.2 christos iplookupop_t *, int); 90 1.2 christos static int ipf_htable_remove(ipf_main_softc_t *, void *, iphtable_t *); 91 1.2 christos static void *ipf_htable_soft_create(ipf_main_softc_t *); 92 1.2 christos static void ipf_htable_soft_destroy(ipf_main_softc_t *, void *); 93 1.2 christos static int ipf_htable_soft_init(ipf_main_softc_t *, void *); 94 1.2 christos static void ipf_htable_soft_fini(ipf_main_softc_t *, void *); 95 1.2 christos static int ipf_htable_stats_get(ipf_main_softc_t *, void *, 96 1.2 christos iplookupop_t *); 97 1.2 christos static int ipf_htable_table_add(ipf_main_softc_t *, void *, 98 1.2 christos iplookupop_t *); 99 1.2 christos static int ipf_htable_table_del(ipf_main_softc_t *, void *, 100 1.2 christos iplookupop_t *); 101 1.2 christos static int ipf_htent_deref(void *, iphtent_t *); 102 1.2 christos static iphtent_t *ipf_htent_find(iphtable_t *, iphtent_t *); 103 1.2 christos static int ipf_htent_insert(ipf_main_softc_t *, void *, iphtable_t *, 104 1.2 christos iphtent_t *); 105 1.2 christos static int ipf_htent_remove(ipf_main_softc_t *, void *, iphtable_t *, 106 1.2 christos iphtent_t *); 107 1.2 christos static void *ipf_htable_select_add_ref(void *, int, char *); 108 1.2 christos static void ipf_htable_expire(ipf_main_softc_t *, void *); 109 1.1 christos 110 1.1 christos 111 1.1 christos typedef struct ipf_htable_softc_s { 112 1.1 christos u_long ipht_nomem[LOOKUP_POOL_SZ]; 113 1.1 christos u_long ipf_nhtables[LOOKUP_POOL_SZ]; 114 1.1 christos u_long ipf_nhtnodes[LOOKUP_POOL_SZ]; 115 1.1 christos iphtable_t *ipf_htables[LOOKUP_POOL_SZ]; 116 1.1 christos iphtent_t *ipf_node_explist; 117 1.1 christos } ipf_htable_softc_t; 118 1.1 christos 119 1.1 christos ipf_lookup_t ipf_htable_backend = { 120 1.1 christos IPLT_HASH, 121 1.1 christos ipf_htable_soft_create, 122 1.1 christos ipf_htable_soft_destroy, 123 1.1 christos ipf_htable_soft_init, 124 1.1 christos ipf_htable_soft_fini, 125 1.1 christos ipf_iphmfindip, 126 1.1 christos ipf_htable_flush, 127 1.1 christos ipf_htable_iter_deref, 128 1.1 christos ipf_htable_iter_next, 129 1.1 christos ipf_htable_node_add, 130 1.1 christos ipf_htable_node_del, 131 1.1 christos ipf_htable_stats_get, 132 1.1 christos ipf_htable_table_add, 133 1.1 christos ipf_htable_table_del, 134 1.1 christos ipf_htable_deref, 135 1.1 christos ipf_htable_exists, 136 1.1 christos ipf_htable_select_add_ref, 137 1.1 christos NULL, 138 1.1 christos ipf_htable_expire, 139 1.1 christos NULL 140 1.1 christos }; 141 1.1 christos 142 1.1 christos 143 1.1 christos /* ------------------------------------------------------------------------ */ 144 1.1 christos /* Function: ipf_htable_soft_create */ 145 1.1 christos /* Returns: void * - NULL = failure, else pointer to local context */ 146 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 147 1.1 christos /* */ 148 1.1 christos /* Initialise the routing table data structures where required. */ 149 1.1 christos /* ------------------------------------------------------------------------ */ 150 1.1 christos static void * 151 1.2 christos ipf_htable_soft_create(ipf_main_softc_t *softc) 152 1.1 christos { 153 1.1 christos ipf_htable_softc_t *softh; 154 1.1 christos 155 1.1 christos KMALLOC(softh, ipf_htable_softc_t *); 156 1.1 christos if (softh == NULL) 157 1.1 christos return NULL; 158 1.1 christos 159 1.1 christos bzero((char *)softh, sizeof(*softh)); 160 1.1 christos 161 1.1 christos return softh; 162 1.1 christos } 163 1.1 christos 164 1.1 christos 165 1.1 christos /* ------------------------------------------------------------------------ */ 166 1.1 christos /* Function: ipf_htable_soft_destroy */ 167 1.1 christos /* Returns: Nil */ 168 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 169 1.1 christos /* arg(I) - pointer to local context to use */ 170 1.1 christos /* */ 171 1.1 christos /* Clean up the pool by free'ing the radix tree associated with it and free */ 172 1.1 christos /* up the pool context too. */ 173 1.1 christos /* ------------------------------------------------------------------------ */ 174 1.1 christos static void 175 1.2 christos ipf_htable_soft_destroy(ipf_main_softc_t *softc, void *arg) 176 1.1 christos { 177 1.1 christos ipf_htable_softc_t *softh = arg; 178 1.1 christos 179 1.1 christos KFREE(softh); 180 1.1 christos } 181 1.1 christos 182 1.1 christos 183 1.1 christos /* ------------------------------------------------------------------------ */ 184 1.1 christos /* Function: ipf_htable_soft_init */ 185 1.1 christos /* Returns: int - 0 = success, else error */ 186 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 187 1.1 christos /* arg(I) - pointer to local context to use */ 188 1.1 christos /* */ 189 1.1 christos /* Initialise the hash table ready for use. */ 190 1.1 christos /* ------------------------------------------------------------------------ */ 191 1.1 christos static int 192 1.2 christos ipf_htable_soft_init(ipf_main_softc_t *softc, void *arg) 193 1.1 christos { 194 1.1 christos ipf_htable_softc_t *softh = arg; 195 1.1 christos 196 1.1 christos bzero((char *)softh, sizeof(*softh)); 197 1.1 christos 198 1.1 christos return 0; 199 1.1 christos } 200 1.1 christos 201 1.1 christos 202 1.1 christos /* ------------------------------------------------------------------------ */ 203 1.1 christos /* Function: ipf_htable_soft_fini */ 204 1.1 christos /* Returns: Nil */ 205 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 206 1.1 christos /* arg(I) - pointer to local context to use */ 207 1.1 christos /* Locks: WRITE(ipf_global) */ 208 1.1 christos /* */ 209 1.1 christos /* Clean up all the pool data structures allocated and call the cleanup */ 210 1.1 christos /* function for the radix tree that supports the pools. ipf_pool_destroy is */ 211 1.1 christos /* used to delete the pools one by one to ensure they're properly freed up. */ 212 1.1 christos /* ------------------------------------------------------------------------ */ 213 1.1 christos static void 214 1.2 christos ipf_htable_soft_fini(ipf_main_softc_t *softc, void *arg) 215 1.1 christos { 216 1.1 christos iplookupflush_t fop; 217 1.1 christos 218 1.1 christos fop.iplf_type = IPLT_HASH; 219 1.1 christos fop.iplf_unit = IPL_LOGALL; 220 1.1 christos fop.iplf_arg = 0; 221 1.1 christos fop.iplf_count = 0; 222 1.1 christos *fop.iplf_name = '\0'; 223 1.1 christos ipf_htable_flush(softc, arg, &fop); 224 1.1 christos } 225 1.1 christos 226 1.1 christos 227 1.1 christos /* ------------------------------------------------------------------------ */ 228 1.1 christos /* Function: ipf_htable_stats_get */ 229 1.1 christos /* Returns: int - 0 = success, else error */ 230 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 231 1.1 christos /* arg(I) - pointer to local context to use */ 232 1.1 christos /* op(I) - pointer to lookup operation data */ 233 1.1 christos /* */ 234 1.1 christos /* Copy the relevant statistics out of internal structures and into the */ 235 1.1 christos /* structure used to export statistics. */ 236 1.1 christos /* ------------------------------------------------------------------------ */ 237 1.1 christos static int 238 1.2 christos ipf_htable_stats_get(ipf_main_softc_t *softc, void *arg, iplookupop_t *op) 239 1.1 christos { 240 1.1 christos ipf_htable_softc_t *softh = arg; 241 1.1 christos iphtstat_t stats; 242 1.1 christos int err; 243 1.1 christos 244 1.1 christos if (op->iplo_size != sizeof(stats)) { 245 1.1 christos IPFERROR(30001); 246 1.1 christos return EINVAL; 247 1.1 christos } 248 1.1 christos 249 1.1 christos stats.iphs_tables = softh->ipf_htables[op->iplo_unit + 1]; 250 1.1 christos stats.iphs_numtables = softh->ipf_nhtables[op->iplo_unit + 1]; 251 1.1 christos stats.iphs_numnodes = softh->ipf_nhtnodes[op->iplo_unit + 1]; 252 1.1 christos stats.iphs_nomem = softh->ipht_nomem[op->iplo_unit + 1]; 253 1.1 christos 254 1.1 christos err = COPYOUT(&stats, op->iplo_struct, sizeof(stats)); 255 1.1 christos if (err != 0) { 256 1.1 christos IPFERROR(30013); 257 1.1 christos return EFAULT; 258 1.1 christos } 259 1.1 christos return 0; 260 1.1 christos 261 1.1 christos } 262 1.1 christos 263 1.1 christos 264 1.1 christos /* ------------------------------------------------------------------------ */ 265 1.1 christos /* Function: ipf_htable_create */ 266 1.1 christos /* Returns: int - 0 = success, else error */ 267 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 268 1.1 christos /* arg(I) - pointer to local context to use */ 269 1.1 christos /* op(I) - pointer to lookup operation data */ 270 1.1 christos /* */ 271 1.1 christos /* Create a new hash table using the template passed. */ 272 1.1 christos /* ------------------------------------------------------------------------ */ 273 1.1 christos static int 274 1.2 christos ipf_htable_create(ipf_main_softc_t *softc, void *arg, iplookupop_t *op) 275 1.1 christos { 276 1.1 christos ipf_htable_softc_t *softh = arg; 277 1.1 christos iphtable_t *iph, *oiph; 278 1.1 christos char name[FR_GROUPLEN]; 279 1.1 christos int err, i, unit; 280 1.1 christos 281 1.1 christos unit = op->iplo_unit; 282 1.1 christos if ((op->iplo_arg & IPHASH_ANON) == 0) { 283 1.1 christos iph = ipf_htable_exists(softh, unit, op->iplo_name); 284 1.1 christos if (iph != NULL) { 285 1.1 christos if ((iph->iph_flags & IPHASH_DELETE) == 0) { 286 1.1 christos IPFERROR(30004); 287 1.1 christos return EEXIST; 288 1.1 christos } 289 1.1 christos iph->iph_flags &= ~IPHASH_DELETE; 290 1.1 christos iph->iph_ref++; 291 1.1 christos return 0; 292 1.1 christos } 293 1.1 christos } 294 1.1 christos 295 1.1 christos KMALLOC(iph, iphtable_t *); 296 1.1 christos if (iph == NULL) { 297 1.1 christos softh->ipht_nomem[op->iplo_unit + 1]++; 298 1.1 christos IPFERROR(30002); 299 1.1 christos return ENOMEM; 300 1.1 christos } 301 1.1 christos err = COPYIN(op->iplo_struct, iph, sizeof(*iph)); 302 1.1 christos if (err != 0) { 303 1.1 christos KFREE(iph); 304 1.1 christos IPFERROR(30003); 305 1.1 christos return EFAULT; 306 1.1 christos } 307 1.1 christos 308 1.1 christos if (iph->iph_unit != unit) { 309 1.1 christos IPFERROR(30005); 310 1.1 christos return EINVAL; 311 1.1 christos } 312 1.1 christos 313 1.1 christos if ((op->iplo_arg & IPHASH_ANON) != 0) { 314 1.1 christos i = IPHASH_ANON; 315 1.1 christos do { 316 1.1 christos i++; 317 1.1 christos #if defined(SNPRINTF) && defined(_KERNEL) 318 1.1 christos SNPRINTF(name, sizeof(name), "%u", i); 319 1.1 christos #else 320 1.1 christos (void)sprintf(name, "%u", i); 321 1.1 christos #endif 322 1.1 christos for (oiph = softh->ipf_htables[unit + 1]; oiph != NULL; 323 1.1 christos oiph = oiph->iph_next) 324 1.1 christos if (strncmp(oiph->iph_name, name, 325 1.1 christos sizeof(oiph->iph_name)) == 0) 326 1.1 christos break; 327 1.1 christos } while (oiph != NULL); 328 1.1 christos 329 1.1 christos (void)strncpy(iph->iph_name, name, sizeof(iph->iph_name)); 330 1.1 christos (void)strncpy(op->iplo_name, name, sizeof(op->iplo_name)); 331 1.1 christos iph->iph_type |= IPHASH_ANON; 332 1.1 christos } 333 1.1 christos 334 1.1 christos KMALLOCS(iph->iph_table, iphtent_t **, 335 1.1 christos iph->iph_size * sizeof(*iph->iph_table)); 336 1.1 christos if (iph->iph_table == NULL) { 337 1.1 christos KFREE(iph); 338 1.1 christos softh->ipht_nomem[unit + 1]++; 339 1.1 christos IPFERROR(30006); 340 1.1 christos return ENOMEM; 341 1.1 christos } 342 1.1 christos 343 1.1 christos bzero((char *)iph->iph_table, iph->iph_size * sizeof(*iph->iph_table)); 344 1.1 christos iph->iph_maskset[0] = 0; 345 1.1 christos iph->iph_maskset[1] = 0; 346 1.1 christos iph->iph_maskset[2] = 0; 347 1.1 christos iph->iph_maskset[3] = 0; 348 1.1 christos iph->iph_list = NULL; 349 1.1 christos 350 1.1 christos iph->iph_ref = 1; 351 1.1 christos iph->iph_next = softh->ipf_htables[unit + 1]; 352 1.1 christos iph->iph_pnext = &softh->ipf_htables[unit + 1]; 353 1.1 christos if (softh->ipf_htables[unit + 1] != NULL) 354 1.1 christos softh->ipf_htables[unit + 1]->iph_pnext = &iph->iph_next; 355 1.1 christos softh->ipf_htables[unit + 1] = iph; 356 1.1 christos 357 1.1 christos softh->ipf_nhtables[unit + 1]++; 358 1.1 christos 359 1.1 christos return 0; 360 1.1 christos } 361 1.1 christos 362 1.1 christos 363 1.1 christos /* ------------------------------------------------------------------------ */ 364 1.1 christos /* Function: ipf_htable_table_del */ 365 1.1 christos /* Returns: int - 0 = success, else error */ 366 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 367 1.1 christos /* arg(I) - pointer to local context to use */ 368 1.1 christos /* op(I) - pointer to lookup operation data */ 369 1.1 christos /* */ 370 1.1 christos /* ------------------------------------------------------------------------ */ 371 1.1 christos static int 372 1.2 christos ipf_htable_table_del(ipf_main_softc_t *softc, void *arg, iplookupop_t *op) 373 1.1 christos { 374 1.1 christos return ipf_htable_destroy(softc, arg, op->iplo_unit, op->iplo_name); 375 1.1 christos } 376 1.1 christos 377 1.1 christos 378 1.1 christos /* ------------------------------------------------------------------------ */ 379 1.1 christos /* Function: ipf_htable_destroy */ 380 1.1 christos /* Returns: int - 0 = success, else error */ 381 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 382 1.1 christos /* arg(I) - pointer to local context to use */ 383 1.1 christos /* op(I) - pointer to lookup operation data */ 384 1.1 christos /* */ 385 1.1 christos /* Find the hash table that belongs to the relevant part of ipfilter with a */ 386 1.1 christos /* matching name and attempt to destroy it. If it is in use, empty it out */ 387 1.1 christos /* and mark it for deletion so that when all the references disappear, it */ 388 1.1 christos /* can be removed. */ 389 1.1 christos /* ------------------------------------------------------------------------ */ 390 1.1 christos static int 391 1.2 christos ipf_htable_destroy(ipf_main_softc_t *softc, void *arg, int unit, char *name) 392 1.1 christos { 393 1.1 christos iphtable_t *iph; 394 1.1 christos 395 1.1 christos iph = ipf_htable_find(arg, unit, name); 396 1.1 christos if (iph == NULL) { 397 1.1 christos IPFERROR(30007); 398 1.1 christos return ESRCH; 399 1.1 christos } 400 1.1 christos 401 1.1 christos if (iph->iph_unit != unit) { 402 1.1 christos IPFERROR(30008); 403 1.1 christos return EINVAL; 404 1.1 christos } 405 1.1 christos 406 1.1 christos if (iph->iph_ref != 0) { 407 1.1 christos ipf_htable_clear(softc, arg, iph); 408 1.1 christos iph->iph_flags |= IPHASH_DELETE; 409 1.1 christos return 0; 410 1.1 christos } 411 1.1 christos 412 1.1 christos ipf_htable_remove(softc, arg, iph); 413 1.1 christos 414 1.1 christos return 0; 415 1.1 christos } 416 1.1 christos 417 1.1 christos 418 1.1 christos /* ------------------------------------------------------------------------ */ 419 1.1 christos /* Function: ipf_htable_clear */ 420 1.1 christos /* Returns: int - 0 = success, else error */ 421 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 422 1.1 christos /* arg(I) - pointer to local context to use */ 423 1.1 christos /* iph(I) - pointer to hash table to destroy */ 424 1.1 christos /* */ 425 1.1 christos /* Clean out the hash table by walking the list of entries and removing */ 426 1.1 christos /* each one, one by one. */ 427 1.1 christos /* ------------------------------------------------------------------------ */ 428 1.1 christos static int 429 1.2 christos ipf_htable_clear(ipf_main_softc_t *softc, void *arg, iphtable_t *iph) 430 1.1 christos { 431 1.1 christos iphtent_t *ipe; 432 1.1 christos 433 1.1 christos while ((ipe = iph->iph_list) != NULL) 434 1.1 christos if (ipf_htent_remove(softc, arg, iph, ipe) != 0) 435 1.1 christos return 1; 436 1.1 christos return 0; 437 1.1 christos } 438 1.1 christos 439 1.1 christos 440 1.1 christos /* ------------------------------------------------------------------------ */ 441 1.1 christos /* Function: ipf_htable_free */ 442 1.1 christos /* Returns: Nil */ 443 1.1 christos /* Parameters: arg(I) - pointer to local context to use */ 444 1.1 christos /* iph(I) - pointer to hash table to destroy */ 445 1.1 christos /* */ 446 1.1 christos /* ------------------------------------------------------------------------ */ 447 1.1 christos static void 448 1.2 christos ipf_htable_free(void *arg, iphtable_t *iph) 449 1.1 christos { 450 1.1 christos ipf_htable_softc_t *softh = arg; 451 1.1 christos 452 1.1 christos if (iph->iph_next != NULL) 453 1.1 christos iph->iph_next->iph_pnext = iph->iph_pnext; 454 1.1 christos if (iph->iph_pnext != NULL) 455 1.1 christos *iph->iph_pnext = iph->iph_next; 456 1.1 christos iph->iph_pnext = NULL; 457 1.1 christos iph->iph_next = NULL; 458 1.1 christos 459 1.1 christos softh->ipf_nhtables[iph->iph_unit + 1]--; 460 1.1 christos 461 1.1 christos KFREES(iph->iph_table, iph->iph_size * sizeof(*iph->iph_table)); 462 1.1 christos KFREE(iph); 463 1.1 christos } 464 1.1 christos 465 1.1 christos 466 1.1 christos /* ------------------------------------------------------------------------ */ 467 1.1 christos /* Function: ipf_htable_remove */ 468 1.1 christos /* Returns: int - 0 = success, else error */ 469 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 470 1.1 christos /* arg(I) - pointer to local context to use */ 471 1.1 christos /* iph(I) - pointer to hash table to destroy */ 472 1.1 christos /* */ 473 1.1 christos /* It is necessary to unlink here as well as free (called by deref) so that */ 474 1.1 christos /* the while loop in ipf_htable_flush() functions properly. */ 475 1.1 christos /* ------------------------------------------------------------------------ */ 476 1.1 christos static int 477 1.2 christos ipf_htable_remove(ipf_main_softc_t *softc, void *arg, iphtable_t *iph) 478 1.1 christos { 479 1.1 christos 480 1.1 christos if (ipf_htable_clear(softc, arg, iph) != 0) 481 1.1 christos return 1; 482 1.1 christos 483 1.1 christos if (iph->iph_pnext != NULL) 484 1.1 christos *iph->iph_pnext = iph->iph_next; 485 1.1 christos if (iph->iph_next != NULL) 486 1.1 christos iph->iph_next->iph_pnext = iph->iph_pnext; 487 1.1 christos iph->iph_pnext = NULL; 488 1.1 christos iph->iph_next = NULL; 489 1.1 christos 490 1.1 christos return ipf_htable_deref(softc, arg, iph); 491 1.1 christos } 492 1.1 christos 493 1.1 christos 494 1.1 christos /* ------------------------------------------------------------------------ */ 495 1.1 christos /* Function: ipf_htable_node_del */ 496 1.1 christos /* Returns: int - 0 = success, else error */ 497 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 498 1.1 christos /* arg(I) - pointer to local context to use */ 499 1.1 christos /* op(I) - pointer to lookup operation data */ 500 1.1 christos /* uid(I) - real uid of process doing operation */ 501 1.1 christos /* */ 502 1.1 christos /* ------------------------------------------------------------------------ */ 503 1.1 christos static int 504 1.2 christos ipf_htable_node_del(ipf_main_softc_t *softc, void *arg, iplookupop_t *op, 505 1.2 christos int uid) 506 1.1 christos { 507 1.1 christos iphtable_t *iph; 508 1.1 christos iphtent_t hte, *ent; 509 1.1 christos int err; 510 1.1 christos 511 1.1 christos if (op->iplo_size != sizeof(hte)) { 512 1.1 christos IPFERROR(30014); 513 1.1 christos return EINVAL; 514 1.1 christos } 515 1.1 christos 516 1.1 christos err = COPYIN(op->iplo_struct, &hte, sizeof(hte)); 517 1.1 christos if (err != 0) { 518 1.1 christos IPFERROR(30015); 519 1.1 christos return EFAULT; 520 1.1 christos } 521 1.1 christos 522 1.1 christos iph = ipf_htable_find(arg, op->iplo_unit, op->iplo_name); 523 1.1 christos if (iph == NULL) { 524 1.1 christos IPFERROR(30016); 525 1.1 christos return ESRCH; 526 1.1 christos } 527 1.1 christos 528 1.1 christos ent = ipf_htent_find(iph, &hte); 529 1.1 christos if (ent == NULL) { 530 1.1 christos IPFERROR(30022); 531 1.1 christos return ESRCH; 532 1.1 christos } 533 1.1 christos 534 1.1 christos if ((uid != 0) && (ent->ipe_uid != uid)) { 535 1.1 christos IPFERROR(30023); 536 1.1 christos return EACCES; 537 1.1 christos } 538 1.1 christos 539 1.1 christos err = ipf_htent_remove(softc, arg, iph, ent); 540 1.1 christos 541 1.1 christos return err; 542 1.1 christos } 543 1.1 christos 544 1.1 christos 545 1.1 christos /* ------------------------------------------------------------------------ */ 546 1.1 christos /* Function: ipf_htable_node_del */ 547 1.1 christos /* Returns: int - 0 = success, else error */ 548 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 549 1.1 christos /* arg(I) - pointer to local context to use */ 550 1.1 christos /* op(I) - pointer to lookup operation data */ 551 1.1 christos /* */ 552 1.1 christos /* ------------------------------------------------------------------------ */ 553 1.1 christos static int 554 1.2 christos ipf_htable_table_add(ipf_main_softc_t *softc, void *arg, iplookupop_t *op) 555 1.1 christos { 556 1.1 christos int err; 557 1.1 christos 558 1.1 christos if (ipf_htable_find(arg, op->iplo_unit, op->iplo_name) != NULL) { 559 1.1 christos IPFERROR(30017); 560 1.1 christos err = EEXIST; 561 1.1 christos } else { 562 1.1 christos err = ipf_htable_create(softc, arg, op); 563 1.1 christos } 564 1.1 christos 565 1.1 christos return err; 566 1.1 christos } 567 1.1 christos 568 1.1 christos 569 1.1 christos /* ------------------------------------------------------------------------ */ 570 1.1 christos /* Function: ipf_htent_remove */ 571 1.1 christos /* Returns: int - 0 = success, else error */ 572 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 573 1.1 christos /* arg(I) - pointer to local context to use */ 574 1.1 christos /* iph(I) - pointer to hash table */ 575 1.1 christos /* ipe(I) - pointer to hash table entry to remove */ 576 1.1 christos /* */ 577 1.1 christos /* Delete an entry from a hash table. */ 578 1.1 christos /* ------------------------------------------------------------------------ */ 579 1.1 christos static int 580 1.2 christos ipf_htent_remove(ipf_main_softc_t *softc, void *arg, iphtable_t *iph, 581 1.2 christos iphtent_t *ipe) 582 1.1 christos { 583 1.1 christos 584 1.1 christos if (ipe->ipe_hnext != NULL) 585 1.1 christos ipe->ipe_hnext->ipe_phnext = ipe->ipe_phnext; 586 1.1 christos if (ipe->ipe_phnext != NULL) 587 1.1 christos *ipe->ipe_phnext = ipe->ipe_hnext; 588 1.1 christos ipe->ipe_phnext = NULL; 589 1.1 christos ipe->ipe_hnext = NULL; 590 1.1 christos 591 1.1 christos if (ipe->ipe_dnext != NULL) 592 1.1 christos ipe->ipe_dnext->ipe_pdnext = ipe->ipe_pdnext; 593 1.1 christos if (ipe->ipe_pdnext != NULL) 594 1.1 christos *ipe->ipe_pdnext = ipe->ipe_dnext; 595 1.1 christos ipe->ipe_pdnext = NULL; 596 1.1 christos ipe->ipe_dnext = NULL; 597 1.1 christos 598 1.1 christos if (ipe->ipe_next != NULL) 599 1.1 christos ipe->ipe_next->ipe_pnext = ipe->ipe_pnext; 600 1.1 christos if (ipe->ipe_pnext != NULL) 601 1.1 christos *ipe->ipe_pnext = ipe->ipe_next; 602 1.1 christos ipe->ipe_pnext = NULL; 603 1.1 christos ipe->ipe_next = NULL; 604 1.1 christos 605 1.1 christos switch (iph->iph_type & ~IPHASH_ANON) 606 1.1 christos { 607 1.1 christos case IPHASH_GROUPMAP : 608 1.1 christos if (ipe->ipe_group != NULL) 609 1.1 christos ipf_group_del(softc, ipe->ipe_group, IPL_LOGIPF, 610 1.1 christos softc->ipf_active); 611 1.1 christos break; 612 1.1 christos 613 1.1 christos default : 614 1.1 christos ipe->ipe_ptr = NULL; 615 1.1 christos ipe->ipe_value = 0; 616 1.1 christos break; 617 1.1 christos } 618 1.1 christos 619 1.1 christos return ipf_htent_deref(arg, ipe); 620 1.1 christos } 621 1.1 christos 622 1.1 christos 623 1.1 christos /* ------------------------------------------------------------------------ */ 624 1.1 christos /* Function: ipf_htable_deref */ 625 1.1 christos /* Returns: int - 0 = success, else error */ 626 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 627 1.1 christos /* arg(I) - pointer to local context to use */ 628 1.1 christos /* object(I) - pointer to hash table */ 629 1.1 christos /* */ 630 1.1 christos /* ------------------------------------------------------------------------ */ 631 1.1 christos static int 632 1.2 christos ipf_htable_deref(ipf_main_softc_t *softc, void *arg, void *object) 633 1.1 christos { 634 1.1 christos ipf_htable_softc_t *softh = arg; 635 1.1 christos iphtable_t *iph = object; 636 1.1 christos int refs; 637 1.1 christos 638 1.1 christos iph->iph_ref--; 639 1.1 christos refs = iph->iph_ref; 640 1.1 christos 641 1.1 christos if (iph->iph_ref == 0) { 642 1.1 christos ipf_htable_free(softh, iph); 643 1.1 christos } 644 1.1 christos 645 1.1 christos return refs; 646 1.1 christos } 647 1.1 christos 648 1.1 christos 649 1.1 christos /* ------------------------------------------------------------------------ */ 650 1.1 christos /* Function: ipf_htent_deref */ 651 1.1 christos /* Parameters: arg(I) - pointer to local context to use */ 652 1.1 christos /* ipe(I) - */ 653 1.1 christos /* */ 654 1.1 christos /* ------------------------------------------------------------------------ */ 655 1.1 christos static int 656 1.2 christos ipf_htent_deref(void *arg, iphtent_t *ipe) 657 1.1 christos { 658 1.1 christos ipf_htable_softc_t *softh = arg; 659 1.1 christos 660 1.1 christos ipe->ipe_ref--; 661 1.1 christos if (ipe->ipe_ref == 0) { 662 1.1 christos softh->ipf_nhtnodes[ipe->ipe_unit + 1]--; 663 1.1 christos KFREE(ipe); 664 1.1 christos 665 1.1 christos return 0; 666 1.1 christos } 667 1.1 christos 668 1.1 christos return ipe->ipe_ref; 669 1.1 christos } 670 1.1 christos 671 1.1 christos 672 1.1 christos /* ------------------------------------------------------------------------ */ 673 1.1 christos /* Function: ipf_htable_exists */ 674 1.1 christos /* Parameters: arg(I) - pointer to local context to use */ 675 1.1 christos /* */ 676 1.1 christos /* ------------------------------------------------------------------------ */ 677 1.1 christos static void * 678 1.2 christos ipf_htable_exists(void *arg, int unit, char *name) 679 1.1 christos { 680 1.1 christos ipf_htable_softc_t *softh = arg; 681 1.1 christos iphtable_t *iph; 682 1.1 christos 683 1.1 christos if (unit == IPL_LOGALL) { 684 1.1 christos int i; 685 1.1 christos 686 1.1 christos for (i = 0; i <= LOOKUP_POOL_MAX; i++) { 687 1.1 christos for (iph = softh->ipf_htables[i]; iph != NULL; 688 1.1 christos iph = iph->iph_next) { 689 1.1 christos if (strncmp(iph->iph_name, name, 690 1.1 christos sizeof(iph->iph_name)) == 0) 691 1.1 christos break; 692 1.1 christos } 693 1.1 christos if (iph != NULL) 694 1.1 christos break; 695 1.1 christos } 696 1.1 christos } else { 697 1.1 christos for (iph = softh->ipf_htables[unit + 1]; iph != NULL; 698 1.1 christos iph = iph->iph_next) { 699 1.1 christos if (strncmp(iph->iph_name, name, 700 1.1 christos sizeof(iph->iph_name)) == 0) 701 1.1 christos break; 702 1.1 christos } 703 1.1 christos } 704 1.1 christos return iph; 705 1.1 christos } 706 1.1 christos 707 1.1 christos 708 1.1 christos /* ------------------------------------------------------------------------ */ 709 1.1 christos /* Function: ipf_htable_select_add_ref */ 710 1.1 christos /* Returns: void * - NULL = failure, else pointer to the hash table */ 711 1.1 christos /* Parameters: arg(I) - pointer to local context to use */ 712 1.1 christos /* unit(I) - ipfilter device to which we are working on */ 713 1.1 christos /* name(I) - name of the hash table */ 714 1.1 christos /* */ 715 1.1 christos /* ------------------------------------------------------------------------ */ 716 1.1 christos static void * 717 1.2 christos ipf_htable_select_add_ref(void *arg, int unit, char *name) 718 1.1 christos { 719 1.1 christos iphtable_t *iph; 720 1.1 christos 721 1.1 christos iph = ipf_htable_exists(arg, unit, name); 722 1.1 christos if (iph != NULL) { 723 1.1 christos ATOMIC_INC32(iph->iph_ref); 724 1.1 christos } 725 1.1 christos return iph; 726 1.1 christos } 727 1.1 christos 728 1.1 christos 729 1.1 christos /* ------------------------------------------------------------------------ */ 730 1.1 christos /* Function: ipf_htable_find */ 731 1.1 christos /* Returns: void * - NULL = failure, else pointer to the hash table */ 732 1.1 christos /* Parameters: arg(I) - pointer to local context to use */ 733 1.1 christos /* unit(I) - ipfilter device to which we are working on */ 734 1.1 christos /* name(I) - name of the hash table */ 735 1.1 christos /* */ 736 1.1 christos /* This function is exposed becaues it is used in the group-map feature. */ 737 1.1 christos /* ------------------------------------------------------------------------ */ 738 1.1 christos iphtable_t * 739 1.2 christos ipf_htable_find(void *arg, int unit, char *name) 740 1.1 christos { 741 1.1 christos iphtable_t *iph; 742 1.1 christos 743 1.1 christos iph = ipf_htable_exists(arg, unit, name); 744 1.1 christos if ((iph != NULL) && (iph->iph_flags & IPHASH_DELETE) == 0) 745 1.1 christos return iph; 746 1.1 christos 747 1.1 christos return NULL; 748 1.1 christos } 749 1.1 christos 750 1.1 christos 751 1.1 christos /* ------------------------------------------------------------------------ */ 752 1.1 christos /* Function: ipf_htable_flush */ 753 1.1 christos /* Returns: size_t - number of entries flushed */ 754 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 755 1.1 christos /* arg(I) - pointer to local context to use */ 756 1.1 christos /* op(I) - pointer to lookup operation data */ 757 1.1 christos /* */ 758 1.1 christos /* ------------------------------------------------------------------------ */ 759 1.1 christos static size_t 760 1.2 christos ipf_htable_flush(ipf_main_softc_t *softc, void *arg, iplookupflush_t *op) 761 1.1 christos { 762 1.1 christos ipf_htable_softc_t *softh = arg; 763 1.1 christos iphtable_t *iph; 764 1.1 christos size_t freed; 765 1.1 christos int i; 766 1.1 christos 767 1.1 christos freed = 0; 768 1.1 christos 769 1.1 christos for (i = -1; i <= IPL_LOGMAX; i++) { 770 1.1 christos if (op->iplf_unit == i || op->iplf_unit == IPL_LOGALL) { 771 1.1 christos while ((iph = softh->ipf_htables[i + 1]) != NULL) { 772 1.1 christos if (ipf_htable_remove(softc, arg, iph) == 0) { 773 1.1 christos freed++; 774 1.1 christos } else { 775 1.1 christos iph->iph_flags |= IPHASH_DELETE; 776 1.1 christos } 777 1.1 christos } 778 1.1 christos } 779 1.1 christos } 780 1.1 christos 781 1.1 christos return freed; 782 1.1 christos } 783 1.1 christos 784 1.1 christos 785 1.1 christos /* ------------------------------------------------------------------------ */ 786 1.1 christos /* Function: ipf_htable_node_add */ 787 1.1 christos /* Returns: int - 0 = success, else error */ 788 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 789 1.1 christos /* arg(I) - pointer to local context to use */ 790 1.1 christos /* op(I) - pointer to lookup operation data */ 791 1.1 christos /* uid(I) - real uid of process doing operation */ 792 1.1 christos /* */ 793 1.1 christos /* ------------------------------------------------------------------------ */ 794 1.1 christos static int 795 1.2 christos ipf_htable_node_add(ipf_main_softc_t *softc, void *arg, iplookupop_t *op, 796 1.2 christos int uid) 797 1.1 christos { 798 1.1 christos iphtable_t *iph; 799 1.1 christos iphtent_t hte; 800 1.1 christos int err; 801 1.1 christos 802 1.1 christos if (op->iplo_size != sizeof(hte)) { 803 1.1 christos IPFERROR(30018); 804 1.1 christos return EINVAL; 805 1.1 christos } 806 1.1 christos 807 1.1 christos err = COPYIN(op->iplo_struct, &hte, sizeof(hte)); 808 1.1 christos if (err != 0) { 809 1.1 christos IPFERROR(30019); 810 1.1 christos return EFAULT; 811 1.1 christos } 812 1.1 christos hte.ipe_uid = uid; 813 1.1 christos 814 1.1 christos iph = ipf_htable_find(arg, op->iplo_unit, op->iplo_name); 815 1.1 christos if (iph == NULL) { 816 1.1 christos IPFERROR(30020); 817 1.1 christos return ESRCH; 818 1.1 christos } 819 1.1 christos 820 1.1 christos if (ipf_htent_find(iph, &hte) != NULL) { 821 1.1 christos IPFERROR(30021); 822 1.1 christos return EEXIST; 823 1.1 christos } 824 1.1 christos 825 1.1 christos err = ipf_htent_insert(softc, arg, iph, &hte); 826 1.1 christos 827 1.1 christos return err; 828 1.1 christos } 829 1.1 christos 830 1.1 christos 831 1.1 christos /* ------------------------------------------------------------------------ */ 832 1.1 christos /* Function: ipf_htent_insert */ 833 1.1 christos /* Returns: int - 0 = success, -1 = error */ 834 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 835 1.1 christos /* arg(I) - pointer to local context to use */ 836 1.1 christos /* op(I) - pointer to lookup operation data */ 837 1.1 christos /* ipeo(I) - */ 838 1.1 christos /* */ 839 1.1 christos /* Add an entry to a hash table. */ 840 1.1 christos /* ------------------------------------------------------------------------ */ 841 1.1 christos static int 842 1.2 christos ipf_htent_insert(ipf_main_softc_t *softc, void *arg, iphtable_t *iph, 843 1.2 christos iphtent_t *ipeo) 844 1.1 christos { 845 1.1 christos ipf_htable_softc_t *softh = arg; 846 1.1 christos iphtent_t *ipe; 847 1.1 christos u_int hv; 848 1.1 christos int bits; 849 1.1 christos 850 1.1 christos KMALLOC(ipe, iphtent_t *); 851 1.1 christos if (ipe == NULL) 852 1.1 christos return -1; 853 1.1 christos 854 1.1 christos bcopy((char *)ipeo, (char *)ipe, sizeof(*ipe)); 855 1.1 christos ipe->ipe_addr.i6[0] &= ipe->ipe_mask.i6[0]; 856 1.1 christos ipe->ipe_addr.i6[1] &= ipe->ipe_mask.i6[1]; 857 1.1 christos ipe->ipe_addr.i6[2] &= ipe->ipe_mask.i6[2]; 858 1.1 christos ipe->ipe_addr.i6[3] &= ipe->ipe_mask.i6[3]; 859 1.1 christos if (ipe->ipe_family == AF_INET) { 860 1.1 christos bits = count4bits(ipe->ipe_mask.in4_addr); 861 1.1 christos ipe->ipe_addr.i6[0] = ntohl(ipe->ipe_addr.i6[0]); 862 1.1 christos ipe->ipe_mask.i6[0] = ntohl(ipe->ipe_mask.i6[0]); 863 1.1 christos ipe->ipe_addr.i6[1] = 0; 864 1.1 christos ipe->ipe_addr.i6[2] = 0; 865 1.1 christos ipe->ipe_addr.i6[3] = 0; 866 1.1 christos ipe->ipe_mask.i6[1] = 0; 867 1.1 christos ipe->ipe_mask.i6[2] = 0; 868 1.1 christos ipe->ipe_mask.i6[3] = 0; 869 1.1 christos hv = IPE_V4_HASH_FN(ipe->ipe_addr.in4_addr, 870 1.1 christos ipe->ipe_mask.in4_addr, iph->iph_size); 871 1.1 christos } else 872 1.1 christos #ifdef USE_INET6 873 1.1 christos if (ipe->ipe_family == AF_INET6) { 874 1.1 christos bits = count6bits(ipe->ipe_mask.i6); 875 1.1 christos ipe->ipe_addr.i6[0] = ntohl(ipe->ipe_addr.i6[0]); 876 1.1 christos ipe->ipe_addr.i6[1] = ntohl(ipe->ipe_addr.i6[1]); 877 1.1 christos ipe->ipe_addr.i6[2] = ntohl(ipe->ipe_addr.i6[2]); 878 1.1 christos ipe->ipe_addr.i6[3] = ntohl(ipe->ipe_addr.i6[3]); 879 1.1 christos ipe->ipe_mask.i6[0] = ntohl(ipe->ipe_mask.i6[0]); 880 1.1 christos ipe->ipe_mask.i6[1] = ntohl(ipe->ipe_mask.i6[1]); 881 1.1 christos ipe->ipe_mask.i6[2] = ntohl(ipe->ipe_mask.i6[2]); 882 1.1 christos ipe->ipe_mask.i6[3] = ntohl(ipe->ipe_mask.i6[3]); 883 1.1 christos hv = IPE_V6_HASH_FN(ipe->ipe_addr.i6, 884 1.1 christos ipe->ipe_mask.i6, iph->iph_size); 885 1.1 christos } else 886 1.1 christos #endif 887 1.1 christos { 888 1.1 christos KFREE(ipe); 889 1.1 christos return -1; 890 1.1 christos } 891 1.1 christos 892 1.1 christos ipe->ipe_owner = iph; 893 1.1 christos ipe->ipe_ref = 1; 894 1.1 christos ipe->ipe_hnext = iph->iph_table[hv]; 895 1.1 christos ipe->ipe_phnext = iph->iph_table + hv; 896 1.1 christos 897 1.1 christos if (iph->iph_table[hv] != NULL) 898 1.1 christos iph->iph_table[hv]->ipe_phnext = &ipe->ipe_hnext; 899 1.1 christos iph->iph_table[hv] = ipe; 900 1.1 christos 901 1.1 christos ipe->ipe_next = iph->iph_list; 902 1.1 christos ipe->ipe_pnext = &iph->iph_list; 903 1.1 christos if (ipe->ipe_next != NULL) 904 1.1 christos ipe->ipe_next->ipe_pnext = &ipe->ipe_next; 905 1.1 christos iph->iph_list = ipe; 906 1.1 christos 907 1.1 christos if (ipe->ipe_die != 0) { 908 1.1 christos /* 909 1.1 christos * If the new node has a given expiration time, insert it 910 1.1 christos * into the list of expiring nodes with the ones to be 911 1.1 christos * removed first added to the front of the list. The 912 1.1 christos * insertion is O(n) but it is kept sorted for quick scans 913 1.1 christos * at expiration interval checks. 914 1.1 christos */ 915 1.1 christos iphtent_t *n; 916 1.1 christos 917 1.1 christos ipe->ipe_die = softc->ipf_ticks + IPF_TTLVAL(ipe->ipe_die); 918 1.1 christos for (n = softh->ipf_node_explist; n != NULL; n = n->ipe_dnext) { 919 1.1 christos if (ipe->ipe_die < n->ipe_die) 920 1.1 christos break; 921 1.1 christos if (n->ipe_dnext == NULL) { 922 1.1 christos /* 923 1.1 christos * We've got to the last node and everything 924 1.1 christos * wanted to be expired before this new node, 925 1.1 christos * so we have to tack it on the end... 926 1.1 christos */ 927 1.1 christos n->ipe_dnext = ipe; 928 1.1 christos ipe->ipe_pdnext = &n->ipe_dnext; 929 1.1 christos n = NULL; 930 1.1 christos break; 931 1.1 christos } 932 1.1 christos } 933 1.1 christos 934 1.1 christos if (softh->ipf_node_explist == NULL) { 935 1.1 christos softh->ipf_node_explist = ipe; 936 1.1 christos ipe->ipe_pdnext = &softh->ipf_node_explist; 937 1.1 christos } else if (n != NULL) { 938 1.1 christos ipe->ipe_dnext = n; 939 1.1 christos ipe->ipe_pdnext = n->ipe_pdnext; 940 1.1 christos n->ipe_pdnext = &ipe->ipe_dnext; 941 1.1 christos } 942 1.1 christos } 943 1.1 christos 944 1.1 christos if (ipe->ipe_family == AF_INET) { 945 1.1 christos if ((bits >= 0) && (bits != 32)) 946 1.1 christos iph->iph_maskset[0] |= 1 << bits; 947 1.1 christos } 948 1.1 christos #ifdef USE_INET6 949 1.1 christos else if (ipe->ipe_family == AF_INET6) { 950 1.1 christos if ((bits >= 0) && (bits != 128)) { 951 1.1 christos if (bits >= 96) 952 1.1 christos iph->iph_maskset[3] |= 1 << (bits - 96); 953 1.1 christos else if (bits >= 64) 954 1.1 christos iph->iph_maskset[2] |= 1 << (bits - 64); 955 1.1 christos else if (bits >= 32) 956 1.1 christos iph->iph_maskset[1] |= 1 << (bits - 32); 957 1.1 christos else 958 1.1 christos iph->iph_maskset[0] |= 1 << bits; 959 1.1 christos } 960 1.1 christos } 961 1.1 christos #endif 962 1.1 christos 963 1.1 christos switch (iph->iph_type & ~IPHASH_ANON) 964 1.1 christos { 965 1.1 christos case IPHASH_GROUPMAP : 966 1.1 christos ipe->ipe_ptr = ipf_group_add(softc, ipe->ipe_group, NULL, 967 1.1 christos iph->iph_flags, IPL_LOGIPF, 968 1.1 christos softc->ipf_active); 969 1.1 christos break; 970 1.1 christos 971 1.1 christos default : 972 1.1 christos ipe->ipe_ptr = NULL; 973 1.1 christos ipe->ipe_value = 0; 974 1.1 christos break; 975 1.1 christos } 976 1.1 christos 977 1.1 christos ipe->ipe_unit = iph->iph_unit; 978 1.1 christos softh->ipf_nhtnodes[ipe->ipe_unit + 1]++; 979 1.1 christos 980 1.1 christos return 0; 981 1.1 christos } 982 1.1 christos 983 1.1 christos 984 1.1 christos /* ------------------------------------------------------------------------ */ 985 1.1 christos /* Function: ipf_htent_find */ 986 1.1 christos /* Returns: int - 0 = success, else error */ 987 1.1 christos /* Parameters: iph(I) - pointer to table to search */ 988 1.1 christos /* ipeo(I) - pointer to entry to find */ 989 1.1 christos /* */ 990 1.1 christos /* While it isn't absolutely necessary to for the address and mask to be */ 991 1.1 christos /* passed in through an iphtent_t structure, one is always present when it */ 992 1.1 christos /* is time to call this function, so it is just more convenient. */ 993 1.1 christos /* ------------------------------------------------------------------------ */ 994 1.1 christos static iphtent_t * 995 1.2 christos ipf_htent_find(iphtable_t *iph, iphtent_t *ipeo) 996 1.1 christos { 997 1.1 christos iphtent_t ipe, *ent; 998 1.1 christos u_int hv; 999 1.1 christos int bits; 1000 1.1 christos 1001 1.1 christos bcopy((char *)ipeo, (char *)&ipe, sizeof(ipe)); 1002 1.1 christos ipe.ipe_addr.i6[0] &= ipe.ipe_mask.i6[0]; 1003 1.1 christos ipe.ipe_addr.i6[1] &= ipe.ipe_mask.i6[1]; 1004 1.1 christos ipe.ipe_addr.i6[2] &= ipe.ipe_mask.i6[2]; 1005 1.1 christos ipe.ipe_addr.i6[3] &= ipe.ipe_mask.i6[3]; 1006 1.1 christos if (ipe.ipe_family == AF_INET) { 1007 1.1 christos bits = count4bits(ipe.ipe_mask.in4_addr); 1008 1.1 christos ipe.ipe_addr.i6[0] = ntohl(ipe.ipe_addr.i6[0]); 1009 1.1 christos ipe.ipe_mask.i6[0] = ntohl(ipe.ipe_mask.i6[0]); 1010 1.1 christos ipe.ipe_addr.i6[1] = 0; 1011 1.1 christos ipe.ipe_addr.i6[2] = 0; 1012 1.1 christos ipe.ipe_addr.i6[3] = 0; 1013 1.1 christos ipe.ipe_mask.i6[1] = 0; 1014 1.1 christos ipe.ipe_mask.i6[2] = 0; 1015 1.1 christos ipe.ipe_mask.i6[3] = 0; 1016 1.1 christos hv = IPE_V4_HASH_FN(ipe.ipe_addr.in4_addr, 1017 1.1 christos ipe.ipe_mask.in4_addr, iph->iph_size); 1018 1.1 christos } else 1019 1.1 christos #ifdef USE_INET6 1020 1.1 christos if (ipe.ipe_family == AF_INET6) { 1021 1.1 christos bits = count6bits(ipe.ipe_mask.i6); 1022 1.1 christos ipe.ipe_addr.i6[0] = ntohl(ipe.ipe_addr.i6[0]); 1023 1.1 christos ipe.ipe_addr.i6[1] = ntohl(ipe.ipe_addr.i6[1]); 1024 1.1 christos ipe.ipe_addr.i6[2] = ntohl(ipe.ipe_addr.i6[2]); 1025 1.1 christos ipe.ipe_addr.i6[3] = ntohl(ipe.ipe_addr.i6[3]); 1026 1.1 christos ipe.ipe_mask.i6[0] = ntohl(ipe.ipe_mask.i6[0]); 1027 1.1 christos ipe.ipe_mask.i6[1] = ntohl(ipe.ipe_mask.i6[1]); 1028 1.1 christos ipe.ipe_mask.i6[2] = ntohl(ipe.ipe_mask.i6[2]); 1029 1.1 christos ipe.ipe_mask.i6[3] = ntohl(ipe.ipe_mask.i6[3]); 1030 1.1 christos hv = IPE_V6_HASH_FN(ipe.ipe_addr.i6, 1031 1.1 christos ipe.ipe_mask.i6, iph->iph_size); 1032 1.1 christos } else 1033 1.1 christos #endif 1034 1.1 christos return NULL; 1035 1.1 christos 1036 1.1 christos for (ent = iph->iph_table[hv]; ent != NULL; ent = ent->ipe_hnext) { 1037 1.1 christos if (ent->ipe_family != ipe.ipe_family) 1038 1.1 christos continue; 1039 1.1 christos if (IP6_NEQ(&ipe.ipe_addr, &ent->ipe_addr)) 1040 1.1 christos continue; 1041 1.1 christos if (IP6_NEQ(&ipe.ipe_mask, &ent->ipe_mask)) 1042 1.1 christos continue; 1043 1.1 christos break; 1044 1.1 christos } 1045 1.1 christos 1046 1.1 christos return ent; 1047 1.1 christos } 1048 1.1 christos 1049 1.1 christos 1050 1.1 christos /* ------------------------------------------------------------------------ */ 1051 1.1 christos /* Function: ipf_iphmfindgroup */ 1052 1.1 christos /* Returns: int - 0 = success, else error */ 1053 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 1054 1.1 christos /* tptr(I) - */ 1055 1.1 christos /* aptr(I) - */ 1056 1.1 christos /* */ 1057 1.1 christos /* Search a hash table for a matching entry and return the pointer stored */ 1058 1.1 christos /* in it for use as the next group of rules to search. */ 1059 1.1 christos /* */ 1060 1.1 christos /* This function is exposed becaues it is used in the group-map feature. */ 1061 1.1 christos /* ------------------------------------------------------------------------ */ 1062 1.1 christos void * 1063 1.2 christos ipf_iphmfindgroup(ipf_main_softc_t *softc, void *tptr, void *aptr) 1064 1.1 christos { 1065 1.1 christos struct in_addr *addr; 1066 1.1 christos iphtable_t *iph; 1067 1.1 christos iphtent_t *ipe; 1068 1.1 christos void *rval; 1069 1.1 christos 1070 1.1 christos READ_ENTER(&softc->ipf_poolrw); 1071 1.1 christos iph = tptr; 1072 1.1 christos addr = aptr; 1073 1.1 christos 1074 1.1 christos ipe = ipf_iphmfind(iph, addr); 1075 1.1 christos if (ipe != NULL) 1076 1.1 christos rval = ipe->ipe_ptr; 1077 1.1 christos else 1078 1.1 christos rval = NULL; 1079 1.1 christos RWLOCK_EXIT(&softc->ipf_poolrw); 1080 1.1 christos return rval; 1081 1.1 christos } 1082 1.1 christos 1083 1.1 christos 1084 1.1 christos /* ------------------------------------------------------------------------ */ 1085 1.1 christos /* Function: ipf_iphmfindip */ 1086 1.1 christos /* Returns: int - 0 == +ve match, -1 == error, 1 == -ve/no match */ 1087 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 1088 1.1 christos /* tptr(I) - pointer to the pool to search */ 1089 1.1 christos /* ipversion(I) - IP protocol version (4 or 6) */ 1090 1.1 christos /* aptr(I) - pointer to address information */ 1091 1.1 christos /* bytes(I) - packet length */ 1092 1.1 christos /* */ 1093 1.1 christos /* Search the hash table for a given address and return a search result. */ 1094 1.1 christos /* ------------------------------------------------------------------------ */ 1095 1.1 christos static int 1096 1.2 christos ipf_iphmfindip(ipf_main_softc_t *softc, void *tptr, int ipversion, void *aptr, 1097 1.2 christos u_int bytes) 1098 1.1 christos { 1099 1.1 christos struct in_addr *addr; 1100 1.1 christos iphtable_t *iph; 1101 1.1 christos iphtent_t *ipe; 1102 1.1 christos int rval; 1103 1.1 christos 1104 1.1 christos if (tptr == NULL || aptr == NULL) 1105 1.1 christos return -1; 1106 1.1 christos 1107 1.1 christos iph = tptr; 1108 1.1 christos addr = aptr; 1109 1.1 christos 1110 1.1 christos READ_ENTER(&softc->ipf_poolrw); 1111 1.1 christos if (ipversion == 4) { 1112 1.1 christos ipe = ipf_iphmfind(iph, addr); 1113 1.1 christos #ifdef USE_INET6 1114 1.1 christos } else if (ipversion == 6) { 1115 1.1 christos ipe = ipf_iphmfind6(iph, (i6addr_t *)addr); 1116 1.1 christos #endif 1117 1.1 christos } else { 1118 1.1 christos ipe = NULL; 1119 1.1 christos } 1120 1.1 christos 1121 1.1 christos if (ipe != NULL) { 1122 1.1 christos rval = 0; 1123 1.1 christos ipe->ipe_hits++; 1124 1.1 christos ipe->ipe_bytes += bytes; 1125 1.1 christos } else { 1126 1.1 christos rval = 1; 1127 1.1 christos } 1128 1.1 christos RWLOCK_EXIT(&softc->ipf_poolrw); 1129 1.1 christos return rval; 1130 1.1 christos } 1131 1.1 christos 1132 1.1 christos 1133 1.1 christos /* ------------------------------------------------------------------------ */ 1134 1.1 christos /* Function: ipf_iphmfindip */ 1135 1.1 christos /* Parameters: iph(I) - pointer to hash table */ 1136 1.1 christos /* addr(I) - pointer to IPv4 address */ 1137 1.1 christos /* Locks: ipf_poolrw */ 1138 1.1 christos /* */ 1139 1.1 christos /* ------------------------------------------------------------------------ */ 1140 1.1 christos static iphtent_t * 1141 1.2 christos ipf_iphmfind(iphtable_t *iph, struct in_addr *addr) 1142 1.1 christos { 1143 1.1 christos u_32_t hmsk, msk, ips; 1144 1.1 christos iphtent_t *ipe; 1145 1.1 christos u_int hv; 1146 1.1 christos 1147 1.1 christos hmsk = iph->iph_maskset[0]; 1148 1.1 christos msk = 0xffffffff; 1149 1.1 christos maskloop: 1150 1.1 christos ips = ntohl(addr->s_addr) & msk; 1151 1.1 christos hv = IPE_V4_HASH_FN(ips, msk, iph->iph_size); 1152 1.1 christos for (ipe = iph->iph_table[hv]; (ipe != NULL); ipe = ipe->ipe_hnext) { 1153 1.1 christos if ((ipe->ipe_family != AF_INET) || 1154 1.1 christos (ipe->ipe_mask.in4_addr != msk) || 1155 1.1 christos (ipe->ipe_addr.in4_addr != ips)) { 1156 1.1 christos continue; 1157 1.1 christos } 1158 1.1 christos break; 1159 1.1 christos } 1160 1.1 christos 1161 1.1 christos if ((ipe == NULL) && (hmsk != 0)) { 1162 1.1 christos while (hmsk != 0) { 1163 1.1 christos msk <<= 1; 1164 1.1 christos if (hmsk & 0x80000000) 1165 1.1 christos break; 1166 1.1 christos hmsk <<= 1; 1167 1.1 christos } 1168 1.1 christos if (hmsk != 0) { 1169 1.1 christos hmsk <<= 1; 1170 1.1 christos goto maskloop; 1171 1.1 christos } 1172 1.1 christos } 1173 1.1 christos return ipe; 1174 1.1 christos } 1175 1.1 christos 1176 1.1 christos 1177 1.1 christos /* ------------------------------------------------------------------------ */ 1178 1.1 christos /* Function: ipf_htable_iter_next */ 1179 1.1 christos /* Returns: int - 0 = success, else error */ 1180 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 1181 1.1 christos /* arg(I) - pointer to local context to use */ 1182 1.1 christos /* token(I) - */ 1183 1.1 christos /* ilp(I) - */ 1184 1.1 christos /* */ 1185 1.1 christos /* ------------------------------------------------------------------------ */ 1186 1.1 christos static int 1187 1.2 christos ipf_htable_iter_next(ipf_main_softc_t *softc, void *arg, ipftoken_t *token, 1188 1.2 christos ipflookupiter_t *ilp) 1189 1.1 christos { 1190 1.1 christos ipf_htable_softc_t *softh = arg; 1191 1.1 christos iphtent_t *node, zn, *nextnode; 1192 1.1 christos iphtable_t *iph, zp, *nextiph; 1193 1.1 christos void *hnext; 1194 1.1 christos int err; 1195 1.1 christos 1196 1.1 christos err = 0; 1197 1.1 christos iph = NULL; 1198 1.1 christos node = NULL; 1199 1.1 christos nextiph = NULL; 1200 1.1 christos nextnode = NULL; 1201 1.1 christos 1202 1.1 christos READ_ENTER(&softc->ipf_poolrw); 1203 1.1 christos 1204 1.1 christos switch (ilp->ili_otype) 1205 1.1 christos { 1206 1.1 christos case IPFLOOKUPITER_LIST : 1207 1.1 christos iph = token->ipt_data; 1208 1.1 christos if (iph == NULL) { 1209 1.1 christos nextiph = softh->ipf_htables[(int)ilp->ili_unit + 1]; 1210 1.1 christos } else { 1211 1.1 christos nextiph = iph->iph_next; 1212 1.1 christos } 1213 1.1 christos 1214 1.1 christos if (nextiph != NULL) { 1215 1.1 christos ATOMIC_INC(nextiph->iph_ref); 1216 1.1 christos token->ipt_data = nextiph; 1217 1.1 christos } else { 1218 1.1 christos bzero((char *)&zp, sizeof(zp)); 1219 1.1 christos nextiph = &zp; 1220 1.1 christos token->ipt_data = NULL; 1221 1.1 christos } 1222 1.1 christos hnext = nextiph->iph_next; 1223 1.1 christos break; 1224 1.1 christos 1225 1.1 christos case IPFLOOKUPITER_NODE : 1226 1.1 christos node = token->ipt_data; 1227 1.1 christos if (node == NULL) { 1228 1.1 christos iph = ipf_htable_find(arg, ilp->ili_unit + 1, 1229 1.1 christos ilp->ili_name); 1230 1.1 christos if (iph == NULL) { 1231 1.1 christos IPFERROR(30009); 1232 1.1 christos err = ESRCH; 1233 1.1 christos } else { 1234 1.1 christos nextnode = iph->iph_list; 1235 1.1 christos } 1236 1.1 christos } else { 1237 1.1 christos nextnode = node->ipe_next; 1238 1.1 christos } 1239 1.1 christos 1240 1.1 christos if (nextnode != NULL) { 1241 1.1 christos ATOMIC_INC(nextnode->ipe_ref); 1242 1.1 christos token->ipt_data = nextnode; 1243 1.1 christos } else { 1244 1.1 christos bzero((char *)&zn, sizeof(zn)); 1245 1.1 christos nextnode = &zn; 1246 1.1 christos token->ipt_data = NULL; 1247 1.1 christos } 1248 1.1 christos hnext = nextnode->ipe_next; 1249 1.1 christos break; 1250 1.1 christos 1251 1.1 christos default : 1252 1.1 christos IPFERROR(30010); 1253 1.1 christos err = EINVAL; 1254 1.1 christos hnext = NULL; 1255 1.1 christos break; 1256 1.1 christos } 1257 1.1 christos 1258 1.1 christos RWLOCK_EXIT(&softc->ipf_poolrw); 1259 1.1 christos if (err != 0) 1260 1.1 christos return err; 1261 1.1 christos 1262 1.1 christos switch (ilp->ili_otype) 1263 1.1 christos { 1264 1.1 christos case IPFLOOKUPITER_LIST : 1265 1.1 christos err = COPYOUT(nextiph, ilp->ili_data, sizeof(*nextiph)); 1266 1.1 christos if (err != 0) { 1267 1.1 christos IPFERROR(30011); 1268 1.1 christos err = EFAULT; 1269 1.1 christos } 1270 1.1 christos if (iph != NULL) { 1271 1.1 christos WRITE_ENTER(&softc->ipf_poolrw); 1272 1.1 christos ipf_htable_deref(softc, softh, iph); 1273 1.1 christos RWLOCK_EXIT(&softc->ipf_poolrw); 1274 1.1 christos } 1275 1.1 christos break; 1276 1.1 christos 1277 1.1 christos case IPFLOOKUPITER_NODE : 1278 1.1 christos err = COPYOUT(nextnode, ilp->ili_data, sizeof(*nextnode)); 1279 1.1 christos if (err != 0) { 1280 1.1 christos IPFERROR(30012); 1281 1.1 christos err = EFAULT; 1282 1.1 christos } 1283 1.1 christos if (node != NULL) { 1284 1.1 christos WRITE_ENTER(&softc->ipf_poolrw); 1285 1.1 christos ipf_htent_deref(softc, node); 1286 1.1 christos RWLOCK_EXIT(&softc->ipf_poolrw); 1287 1.1 christos } 1288 1.1 christos break; 1289 1.1 christos } 1290 1.1 christos 1291 1.1 christos if (hnext != NULL) 1292 1.1 christos ipf_token_mark_complete(token); 1293 1.1 christos 1294 1.1 christos return err; 1295 1.1 christos } 1296 1.1 christos 1297 1.1 christos 1298 1.1 christos /* ------------------------------------------------------------------------ */ 1299 1.1 christos /* Function: ipf_htable_iter_deref */ 1300 1.1 christos /* Returns: int - 0 = success, else error */ 1301 1.1 christos /* Parameters: softc(I) - pointer to soft context main structure */ 1302 1.1 christos /* arg(I) - pointer to local context to use */ 1303 1.1 christos /* otype(I) - which data structure type is being walked */ 1304 1.1 christos /* unit(I) - ipfilter device to which we are working on */ 1305 1.1 christos /* data(I) - pointer to old data structure */ 1306 1.1 christos /* */ 1307 1.1 christos /* ------------------------------------------------------------------------ */ 1308 1.1 christos static int 1309 1.2 christos ipf_htable_iter_deref(ipf_main_softc_t *softc, void *arg, int otype, int unit, 1310 1.2 christos void *data) 1311 1.1 christos { 1312 1.1 christos 1313 1.1 christos if (data == NULL) 1314 1.1 christos return EFAULT; 1315 1.1 christos 1316 1.1 christos if (unit < -1 || unit > IPL_LOGMAX) 1317 1.1 christos return EINVAL; 1318 1.1 christos 1319 1.1 christos switch (otype) 1320 1.1 christos { 1321 1.1 christos case IPFLOOKUPITER_LIST : 1322 1.1 christos ipf_htable_deref(softc, arg, (iphtable_t *)data); 1323 1.1 christos break; 1324 1.1 christos 1325 1.1 christos case IPFLOOKUPITER_NODE : 1326 1.1 christos ipf_htent_deref(arg, (iphtent_t *)data); 1327 1.1 christos break; 1328 1.1 christos default : 1329 1.1 christos break; 1330 1.1 christos } 1331 1.1 christos 1332 1.1 christos return 0; 1333 1.1 christos } 1334 1.1 christos 1335 1.1 christos 1336 1.1 christos #ifdef USE_INET6 1337 1.1 christos /* ------------------------------------------------------------------------ */ 1338 1.1 christos /* Function: ipf_iphmfind6 */ 1339 1.1 christos /* Parameters: iph(I) - pointer to hash table */ 1340 1.1 christos /* addr(I) - pointer to IPv6 address */ 1341 1.1 christos /* Locks: ipf_poolrw */ 1342 1.1 christos /* */ 1343 1.1 christos /* ------------------------------------------------------------------------ */ 1344 1.1 christos static iphtent_t * 1345 1.2 christos ipf_iphmfind6(iphtable_t *iph, i6addr_t *addr) 1346 1.1 christos { 1347 1.1 christos i6addr_t msk, ips; 1348 1.1 christos iphtent_t *ipe; 1349 1.1 christos u_32_t hmsk; 1350 1.1 christos u_int hv; 1351 1.1 christos int i; 1352 1.1 christos 1353 1.1 christos for (i = 3, hmsk = iph->iph_maskset[3]; (hmsk == 0) && (i >= 0); i--) 1354 1.1 christos hmsk = iph->iph_maskset[i]; 1355 1.1 christos 1356 1.1 christos msk.i6[0] = 0xffffffff; 1357 1.1 christos msk.i6[1] = 0xffffffff; 1358 1.1 christos msk.i6[2] = 0xffffffff; 1359 1.1 christos msk.i6[3] = 0xffffffff; 1360 1.1 christos ips.i6[0] = ntohl(addr->i6[0]); 1361 1.1 christos ips.i6[1] = ntohl(addr->i6[1]); 1362 1.1 christos ips.i6[2] = ntohl(addr->i6[2]); 1363 1.1 christos ips.i6[3] = ntohl(addr->i6[3]); 1364 1.1 christos maskloop: 1365 1.1 christos if (i >= 0) 1366 1.1 christos ips.i6[i] = ntohl(addr->i6[i]) & msk.i6[i]; 1367 1.1 christos hv = IPE_V6_HASH_FN(ips.i6, msk.i6, iph->iph_size); 1368 1.1 christos for (ipe = iph->iph_table[hv]; (ipe != NULL); ipe = ipe->ipe_next) { 1369 1.1 christos if ((ipe->ipe_family != AF_INET6) || 1370 1.1 christos IP6_NEQ(&ipe->ipe_mask, &msk) || 1371 1.1 christos IP6_NEQ(&ipe->ipe_addr, &ips)) { 1372 1.1 christos continue; 1373 1.1 christos } 1374 1.1 christos break; 1375 1.1 christos } 1376 1.1 christos 1377 1.1 christos if ((ipe == NULL) && (i >= 0)) { 1378 1.1 christos nextmask: 1379 1.1 christos if (hmsk != 0) { 1380 1.1 christos while (hmsk != 0) { 1381 1.1 christos msk.i6[i] <<= 1; 1382 1.1 christos if (hmsk & 0x80000000) 1383 1.1 christos break; 1384 1.1 christos hmsk <<= 1; 1385 1.1 christos } 1386 1.1 christos if (hmsk != 0) { 1387 1.1 christos hmsk <<= 1; 1388 1.1 christos goto maskloop; 1389 1.1 christos } 1390 1.1 christos } else if (i >= 0) { 1391 1.1 christos ips.i6[i] = 0; 1392 1.1 christos msk.i6[i] = 0; 1393 1.1 christos i--; 1394 1.1 christos hmsk = iph->iph_maskset[i]; 1395 1.1 christos goto nextmask; 1396 1.1 christos } 1397 1.1 christos } 1398 1.1 christos return ipe; 1399 1.1 christos } 1400 1.1 christos #endif 1401 1.1 christos 1402 1.1 christos 1403 1.1 christos static void 1404 1.2 christos ipf_htable_expire(ipf_main_softc_t *softc, void *arg) 1405 1.1 christos { 1406 1.1 christos ipf_htable_softc_t *softh = arg; 1407 1.1 christos iphtent_t *n; 1408 1.1 christos 1409 1.1 christos while ((n = softh->ipf_node_explist) != NULL) { 1410 1.1 christos if (n->ipe_die > softc->ipf_ticks) 1411 1.1 christos break; 1412 1.1 christos 1413 1.1 christos ipf_htent_remove(softc, softh, n->ipe_owner, n); 1414 1.1 christos } 1415 1.1 christos } 1416 1.1 christos 1417 1.1 christos 1418 1.1 christos #ifndef _KERNEL 1419 1.1 christos 1420 1.1 christos /* ------------------------------------------------------------------------ */ 1421 1.1 christos /* */ 1422 1.1 christos /* ------------------------------------------------------------------------ */ 1423 1.1 christos void 1424 1.1 christos ipf_htable_dump(softc, arg) 1425 1.1 christos ipf_main_softc_t *softc; 1426 1.1 christos void *arg; 1427 1.1 christos { 1428 1.1 christos ipf_htable_softc_t *softh = arg; 1429 1.1 christos iphtable_t *iph; 1430 1.1 christos int i; 1431 1.1 christos 1432 1.1 christos printf("List of configured hash tables\n"); 1433 1.1 christos for (i = 0; i < IPL_LOGSIZE; i++) 1434 1.1 christos for (iph = softh->ipf_htables[i]; iph != NULL; 1435 1.1 christos iph = iph->iph_next) 1436 1.1 christos printhash(iph, bcopywrap, NULL, opts, NULL); 1437 1.1 christos 1438 1.1 christos } 1439 1.1 christos #endif 1440
Indexes created Thu Sep 25 16:09:42 GMT 2025