src - FreeBSD source tree

diff options


context:
space:
mode:

author	Kristof Provost <kp@FreeBSD.org>	2023-10-10 15:20:12 +0000
committer	Kristof Provost <kp@FreeBSD.org>	2023-10-13 07:53:22 +0000
commit	81647eb60ee387b0b33ac42deacd25edace2661e (patch)
tree	8c4842ef13fb558c6485e84e6948e53a54d9a346 /sys/netpfil
parent	23cf27db2cc4b0208a35b009f873971a7bb4a6bb (diff)
download	src-81647eb60ee387b0b33ac42deacd25edace2661e.tar.gz src-81647eb60ee387b0b33ac42deacd25edace2661e.zip

Diffstat (limited to 'sys/netpfil')

-rw-r--r--

sys/netpfil/pf/pf_ioctl.c

-rw-r--r--

sys/netpfil/pf/pf_nl.c

-rw-r--r--

sys/netpfil/pf/pf_nl.h

3 files changed, 73 insertions, 25 deletions

diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 5a441c9723e3..38c09303a543 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c

@@ -2337,6 +2337,49 @@ relock_DIOCKILLSTATES:

return (killed);

}

+int

+pf_start(void)

+ int error = 0;

+ sx_xlock(&V_pf_ioctl_lock);

+ if (V_pf_status.running)

+ error = EEXIST;

+ else {

+ hook_pf();

+ if (! TAILQ_EMPTY(V_pf_keth->active.rules))

+ hook_pf_eth();

+ V_pf_status.running = 1;

+ V_pf_status.since = time_second;

+ new_unrhdr64(&V_pf_stateid, time_second);

+ DPFPRINTF(PF_DEBUG_MISC, ("pf: started\n"));

+ }

+ sx_xunlock(&V_pf_ioctl_lock);

+ return (error);

+int

+pf_stop(void)

+ int error = 0;

+ sx_xlock(&V_pf_ioctl_lock);

+ if (!V_pf_status.running)

+ error = ENOENT;

+ else {

+ V_pf_status.running = 0;

+ dehook_pf();

+ dehook_pf_eth();

+ V_pf_status.since = time_second;

+ DPFPRINTF(PF_DEBUG_MISC, ("pf: stopped\n"));

+ }

+ sx_xunlock(&V_pf_ioctl_lock);

+ return (error);

static int

pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td)

{

@@ -2479,34 +2522,15 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td

CURVNET_SET(TD_TO_VNET(td));

switch (cmd) {

+#ifdef COMPAT_FREEBSD14

case DIOCSTART:

- sx_xlock(&V_pf_ioctl_lock);

- if (V_pf_status.running)

- error = EEXIST;

- else {

- hook_pf();

- if (! TAILQ_EMPTY(V_pf_keth->active.rules))

- hook_pf_eth();

- V_pf_status.running = 1;

- V_pf_status.since = time_second;

- new_unrhdr64(&V_pf_stateid, time_second);

- DPFPRINTF(PF_DEBUG_MISC, ("pf: started\n"));

- }

+ error = pf_start();

break;

case DIOCSTOP:

- sx_xlock(&V_pf_ioctl_lock);

- if (!V_pf_status.running)

- error = ENOENT;

- else {

- V_pf_status.running = 0;

- dehook_pf();

- dehook_pf_eth();

- V_pf_status.since = time_second;

- DPFPRINTF(PF_DEBUG_MISC, ("pf: stopped\n"));

- }

+ error = pf_stop();

break;

+#endif

case DIOCGETETHRULES: {

struct pfioc_nv *nv = (struct pfioc_nv *)addr;

@@ -5416,8 +5440,6 @@ DIOCCHANGEADDR_error:

break;

}

fail:

- if (sx_xlocked(&V_pf_ioctl_lock))

- sx_xunlock(&V_pf_ioctl_lock);

CURVNET_RESTORE();

#undef ERROUT_IOCTL

diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c
index 459a5dc6507e..e079edcc166d 100644
--- a/sys/netpfil/pf/pf_nl.c
+++ b/sys/netpfil/pf/pf_nl.c

@@ -336,6 +336,18 @@ pf_handle_getcreators(struct nlmsghdr *hdr, struct nl_pstate *npt)

return (error);

}

+static int

+pf_handle_start(struct nlmsghdr *hdr __unused, struct nl_pstate *npt __unused)

+ return (pf_start());

+static int

+pf_handle_stop(struct nlmsghdr *hdr __unused, struct nl_pstate *npt __unused)

+ return (pf_stop());

static const struct nlhdr_parser *all_parsers[] = { &state_parser };

static int family_id;

@@ -353,6 +365,18 @@ static const struct genl_cmd pf_cmds[] = {

.cmd_cb = pf_handle_getcreators,

.cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_DUMP | GENL_CMD_CAP_HASPOL,

+ {

+ .cmd_num = PFNL_CMD_START,

+ .cmd_name = "START",

+ .cmd_cb = pf_handle_start,

+ .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL,

+ },

+ {

+ .cmd_num = PFNL_CMD_STOP,

+ .cmd_name = "STOP",

+ .cmd_cb = pf_handle_stop,

+ .cmd_flags = GENL_CMD_CAP_DO | GENL_CMD_CAP_HASPOL,

+ },

};

void

diff --git a/sys/netpfil/pf/pf_nl.h b/sys/netpfil/pf/pf_nl.h
index 98525641b43d..3c8c6d3b8ed4 100644
--- a/sys/netpfil/pf/pf_nl.h
+++ b/sys/netpfil/pf/pf_nl.h

@@ -38,6 +38,8 @@ enum {

PFNL_CMD_UNSPEC = 0,

PFNL_CMD_GETSTATES = 1,

PFNL_CMD_GETCREATORS = 2,

+ PFNL_CMD_START = 3,

+ PFNL_CMD_STOP = 4,

__PFNL_CMD_MAX,

};

#define PFNL_CMD_MAX (__PFNL_CMD_MAX -1)