Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/dist/pf/net - Make the pf and pflog driver able to detach.
details: https://anonhg.NetBSD.org/src/rev/08ed4134d158
branches: trunk
changeset: 753845:08ed4134d158
user: ahoka <ahoka%NetBSD.org@localhost>
date: Mon Apr 12 13:57:38 2010 +0000
description:
- Make the pf and pflog driver able to detach.
- Add code for module support.
Original patch from Jared McNeill
diffstat:
sys/dist/pf/net/if_pflog.c | 21 ++++++-
sys/dist/pf/net/pf.c | 22 ++++++-
sys/dist/pf/net/pf_if.c | 35 ++++++++++-
sys/dist/pf/net/pf_ioctl.c | 136 ++++++++++++++++++++++++++++++++++++++++++++-
sys/dist/pf/net/pf_norm.c | 16 ++++-
sys/dist/pf/net/pf_osfp.c | 15 ++++-
sys/dist/pf/net/pf_table.c | 14 +++-
sys/dist/pf/net/pfvar.h | 14 ++++-
8 files changed, 258 insertions(+), 15 deletions(-)
diffs (truncated from 493 to 300 lines):
diff -r 9bcde26af450 -r 08ed4134d158 sys/dist/pf/net/if_pflog.c
--- a/sys/dist/pf/net/if_pflog.c Mon Apr 12 13:05:25 2010 +0000
+++ b/sys/dist/pf/net/if_pflog.c Mon Apr 12 13:57:38 2010 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: if_pflog.c,v 1.17 2010/04/05 07:22:22 joerg Exp $ */
+/* $NetBSD: if_pflog.c,v 1.18 2010/04/12 13:57:38 ahoka Exp $ */
/* $OpenBSD: if_pflog.c,v 1.24 2007/05/26 17:13:30 jason Exp $ */
/*
@@ -36,7 +36,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_pflog.c,v 1.17 2010/04/05 07:22:22 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_pflog.c,v 1.18 2010/04/12 13:57:38 ahoka Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -82,6 +82,9 @@
#endif
void pflogattach(int);
+#ifdef _MODULE
+void pflogdetach(void);
+#endif /* _MODULE */
int pflogoutput(struct ifnet *, struct mbuf *, const struct sockaddr *,
struct rtentry *);
int pflogioctl(struct ifnet *, u_long, void *);
@@ -106,6 +109,20 @@
if_clone_attach(&pflog_cloner);
}
+#ifdef _MODULE
+void
+pflogdetach(void)
+{
+ int i;
+
+ for (i = 0; i < PFLOGIFS_MAX; i++) {
+ if (pflogifs[i] != NULL)
+ pflog_clone_destroy(pflogifs[i]);
+ }
+ if_clone_detach(&pflog_cloner);
+}
+#endif /* _MODULE */
+
int
pflog_clone_create(struct if_clone *ifc, int unit)
{
diff -r 9bcde26af450 -r 08ed4134d158 sys/dist/pf/net/pf.c
--- a/sys/dist/pf/net/pf.c Mon Apr 12 13:05:25 2010 +0000
+++ b/sys/dist/pf/net/pf.c Mon Apr 12 13:57:38 2010 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pf.c,v 1.62 2010/04/12 06:56:19 skrll Exp $ */
+/* $NetBSD: pf.c,v 1.63 2010/04/12 13:57:38 ahoka Exp $ */
/* $OpenBSD: pf.c,v 1.552.2.1 2007/11/27 16:37:57 henning Exp $ */
/*
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: pf.c,v 1.62 2010/04/12 06:56:19 skrll Exp $");
+__KERNEL_RCSID(0, "$NetBSD: pf.c,v 1.63 2010/04/12 13:57:38 ahoka Exp $");
#include "pflog.h"
@@ -917,12 +917,24 @@
return (0);
}
+#ifdef _LKM
+volatile int pf_purge_thread_stop;
+volatile int pf_purge_thread_running;
+#endif
+
void
pf_purge_thread(void *v)
{
int nloops = 0, s;
+#ifdef _LKM
+ pf_purge_thread_running = 1;
+ pf_purge_thread_stop = 0;
+
+ while (!pf_purge_thread_stop) {
+#else
for (;;) {
+#endif /* !_LKM */
tsleep(pf_purge_thread, PWAIT, "pftm", 1 * hz);
s = splsoftnet();
@@ -940,6 +952,12 @@
splx(s);
}
+
+#ifdef _LKM
+ pf_purge_thread_running = 0;
+ wakeup(&pf_purge_thread_running);
+ kthread_exit(0);
+#endif /* _LKM */
}
u_int32_t
diff -r 9bcde26af450 -r 08ed4134d158 sys/dist/pf/net/pf_if.c
--- a/sys/dist/pf/net/pf_if.c Mon Apr 12 13:05:25 2010 +0000
+++ b/sys/dist/pf/net/pf_if.c Mon Apr 12 13:57:38 2010 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pf_if.c,v 1.20 2009/12/06 16:46:11 dsl Exp $ */
+/* $NetBSD: pf_if.c,v 1.21 2010/04/12 13:57:38 ahoka Exp $ */
/* $OpenBSD: pf_if.c,v 1.47 2007/07/13 09:17:48 markus Exp $ */
/*
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: pf_if.c,v 1.20 2009/12/06 16:46:11 dsl Exp $");
+__KERNEL_RCSID(0, "$NetBSD: pf_if.c,v 1.21 2010/04/12 13:57:38 ahoka Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -138,6 +138,37 @@
#endif /* __NetBSD__ */
}
+#ifdef _MODULE
+void
+pfi_destroy(void)
+{
+ struct pfi_kif *p;
+ int i;
+
+ pfil_remove_hook(pfil_ifaddr_wrapper, NULL, PFIL_IFADDR, &if_pfil);
+ pfil_remove_hook(pfil_ifnet_wrapper, NULL, PFIL_IFNET, &if_pfil);
+
+ for (i = 0; i < if_indexlim; i++) {
+ struct ifnet *ifp = ifindex2ifnet[i];
+
+ if (ifp != NULL) {
+ pfi_detach_ifnet(ifp);
+
+ pfi_destroy_groups(ifp);
+ }
+ }
+
+ while ((p = RB_MIN(pfi_ifhead, &pfi_ifs))) {
+ RB_REMOVE(pfi_ifhead, &pfi_ifs, p);
+ free(p, PFI_MTYPE);
+ }
+
+ pool_destroy(&pfi_addr_pl);
+
+ free(pfi_buffer, PFI_MTYPE);
+}
+#endif /* _MODULE */
+
struct pfi_kif *
pfi_kif_get(const char *kif_name)
{
diff -r 9bcde26af450 -r 08ed4134d158 sys/dist/pf/net/pf_ioctl.c
--- a/sys/dist/pf/net/pf_ioctl.c Mon Apr 12 13:05:25 2010 +0000
+++ b/sys/dist/pf/net/pf_ioctl.c Mon Apr 12 13:57:38 2010 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pf_ioctl.c,v 1.37 2009/10/03 00:37:02 elad Exp $ */
+/* $NetBSD: pf_ioctl.c,v 1.38 2010/04/12 13:57:38 ahoka Exp $ */
/* $OpenBSD: pf_ioctl.c,v 1.182 2007/06/24 11:17:13 mcbride Exp $ */
/*
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: pf_ioctl.c,v 1.37 2009/10/03 00:37:02 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: pf_ioctl.c,v 1.38 2010/04/12 13:57:38 ahoka Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -65,6 +65,7 @@
#include <sys/conf.h>
#include <sys/lwp.h>
#include <sys/kauth.h>
+#include <sys/module.h>
#endif /* __NetBSD__ */
#include <net/if.h>
@@ -104,6 +105,9 @@
#endif
void pfattach(int);
+#ifdef _MODULE
+void pfdetach(void);
+#endif /* _MODULE */
#ifndef __NetBSD__
void pf_thread_create(void *);
#endif /* !__NetBSD__ */
@@ -309,6 +313,98 @@
#endif /* __NetBSD__ */
}
+#ifdef _MODULE
+void
+pfdetach(void)
+{
+ extern int pf_purge_thread_running;
+ extern int pf_purge_thread_stop;
+ struct pf_anchor *anchor;
+ struct pf_state *state;
+ struct pf_src_node *node;
+ struct pfioc_table pt;
+ u_int32_t ticket;
+ int i;
+ char r = '\0';
+
+ pf_purge_thread_stop = 1;
+ wakeup(pf_purge_thread);
+
+ /* wait until the kthread exits */
+ while (pf_purge_thread_running)
+ tsleep(&pf_purge_thread_running, PWAIT, "pfdown", 0);
+
+ (void)pf_pfil_detach();
+
+ pf_status.running = 0;
+
+ /* clear the rulesets */
+ for (i = 0; i < PF_RULESET_MAX; i++)
+ if (pf_begin_rules(&ticket, i, &r) == 0)
+ pf_commit_rules(ticket, i, &r);
+#ifdef ALTQ
+ if (pf_begin_altq(&ticket) == 0)
+ pf_commit_altq(ticket);
+#endif /* ALTQ */
+
+ /* clear states */
+ RB_FOREACH(state, pf_state_tree_id, &tree_id) {
+ state->timeout = PFTM_PURGE;
+#if NPFSYNC > 0
+ state->sync_flags = PFSTATE_NOSYNC;
+#endif /* NPFSYNC > 0 */
+ }
+ pf_purge_expired_states(pf_status.states);
+#if NPFSYNC > 0
+ pfsync_clear_states(pf_status.hostid, NULL);
+#endif /* NPFSYNC > 0 */
+
+ /* clear source nodes */
+ RB_FOREACH(state, pf_state_tree_id, &tree_id) {
+ state->src_node = NULL;
+ state->nat_src_node = NULL;
+ }
+ RB_FOREACH(node, pf_src_tree, &tree_src_tracking) {
+ node->expire = 1;
+ node->states = 0;
+ }
+ pf_purge_expired_src_nodes(0);
+
+ /* clear tables */
+ memset(&pt, '\0', sizeof(pt));
+ pfr_clr_tables(&pt.pfrio_table, &pt.pfrio_ndel, pt.pfrio_flags);
+
+ /* destroy anchors */
+ while ((anchor = RB_MIN(pf_anchor_global, &pf_anchors)) != NULL) {
+ for (i = 0; i < PF_RULESET_MAX; i++)
+ if (pf_begin_rules(&ticket, i, anchor->name) == 0)
+ pf_commit_rules(ticket, i, anchor->name);
+ }
+
+ /* destroy main ruleset */
+ pf_remove_if_empty_ruleset(&pf_main_ruleset);
+
+ /* destroy the pools */
+ pool_destroy(&pf_pooladdr_pl);
+ pool_destroy(&pf_altq_pl);
+ pool_destroy(&pf_state_key_pl);
+ pool_destroy(&pf_state_pl);
+ pool_destroy(&pf_rule_pl);
+ pool_destroy(&pf_src_tree_pl);
+
+ rw_destroy(&pf_consistency_lock);
+
+ /* destroy subsystems */
+ pf_normalize_destroy();
+ pf_osfp_destroy();
+ pfr_destroy();
+ pfi_destroy();
+
+ /* cleanup kauth listener */
+ kauth_unlisten_scope(pf_listener);
+}
+#endif /* _MODULE */
+
#ifndef __NetBSD__
void
pf_thread_create(void *v)
@@ -3245,3 +3341,39 @@
return (0);
}
#endif /* __NetBSD__ */
Home |
Main Index |
Thread Index |
Old Index