1 files changed, 31 insertions, 34 deletions

diff --git a/sys/netpfil/pf/pf_lb.c b/sys/netpfil/pf/pf_lb.c
index d4728f61dce8..ea0d6facf695 100644
--- a/sys/netpfil/pf/pf_lb.c
+++ b/sys/netpfil/pf/pf_lb.c
@@ -71,8 +71,6 @@
 #define	V_pf_rdr_srcport_rewrite_tries	VNET(pf_rdr_srcport_rewrite_tries)
 VNET_DEFINE_STATIC(int, pf_rdr_srcport_rewrite_tries) = 16;
 
-#define DPFPRINTF(n, x)	if (V_pf_status.debug >= (n)) printf x
-
 static uint64_t		 pf_hash(struct pf_addr *, struct pf_addr *,
 			    struct pf_poolhashkey *, sa_family_t);
 struct pf_krule		*pf_match_translation(int, struct pf_test_ctx *);
@@ -617,7 +615,7 @@ pf_map_addr(sa_family_t af, struct pf_krule *r, struct pf_addr *saddr,
 				rpool->tblidx = (int)arc4random_uniform(cnt);
 			memset(&rpool->counter, 0, sizeof(rpool->counter));
 			if (pfr_pool_get(kt, &rpool->tblidx, &rpool->counter,
-			    af, pf_islinklocal)) {
+			    af, pf_islinklocal, false)) {
 				reason = PFRES_MAPFAILED;
 				goto done_pool_mtx; /* unsupported */
 			}
@@ -684,7 +682,7 @@ pf_map_addr(sa_family_t af, struct pf_krule *r, struct pf_addr *saddr,
 				rpool->tblidx = (int)(hashidx % cnt);
 			memset(&rpool->counter, 0, sizeof(rpool->counter));
 			if (pfr_pool_get(kt, &rpool->tblidx, &rpool->counter,
-			    af, pf_islinklocal)) {
+			    af, pf_islinklocal, false)) {
 				reason = PFRES_MAPFAILED;
 				goto done_pool_mtx; /* unsupported */
 			}
@@ -701,11 +699,12 @@ pf_map_addr(sa_family_t af, struct pf_krule *r, struct pf_addr *saddr,
 
 		if (rpool->cur->addr.type == PF_ADDR_TABLE) {
 			if (!pfr_pool_get(rpool->cur->addr.p.tbl,
-			    &rpool->tblidx, &rpool->counter, af, NULL))
+			    &rpool->tblidx, &rpool->counter, af, NULL, true))
 				goto get_addr;
 		} else if (rpool->cur->addr.type == PF_ADDR_DYNIFTL) {
 			if (!pfr_pool_get(rpool->cur->addr.p.dyn->pfid_kt,
-			    &rpool->tblidx, &rpool->counter, af, pf_islinklocal))
+			    &rpool->tblidx, &rpool->counter, af, pf_islinklocal,
+			    true))
 				goto get_addr;
 		} else if (pf_match_addr(0, raddr, rmask, &rpool->counter, af))
 			goto get_addr;
@@ -715,9 +714,10 @@ pf_map_addr(sa_family_t af, struct pf_krule *r, struct pf_addr *saddr,
 			rpool->cur = TAILQ_FIRST(&rpool->list);
 		else
 			rpool->cur = TAILQ_NEXT(rpool->cur, entries);
+		rpool->tblidx = -1;
 		if (rpool->cur->addr.type == PF_ADDR_TABLE) {
 			if (pfr_pool_get(rpool->cur->addr.p.tbl,
-			    &rpool->tblidx, &rpool->counter, af, NULL)) {
+			    &rpool->tblidx, &rpool->counter, af, NULL, true)) {
 				/* table contains no address of type 'af' */
 				if (rpool->cur != acur)
 					goto try_next;
@@ -725,9 +725,9 @@ pf_map_addr(sa_family_t af, struct pf_krule *r, struct pf_addr *saddr,
 				goto done_pool_mtx;
 			}
 		} else if (rpool->cur->addr.type == PF_ADDR_DYNIFTL) {
-			rpool->tblidx = -1;
 			if (pfr_pool_get(rpool->cur->addr.p.dyn->pfid_kt,
-			    &rpool->tblidx, &rpool->counter, af, pf_islinklocal)) {
+			    &rpool->tblidx, &rpool->counter, af, pf_islinklocal,
+			    true)) {
 				/* table contains no address of type 'af' */
 				if (rpool->cur != acur)
 					goto try_next;
@@ -755,10 +755,6 @@ pf_map_addr(sa_family_t af, struct pf_krule *r, struct pf_addr *saddr,
 done_pool_mtx:
 	mtx_unlock(&rpool->mtx);
 
-	if (reason) {
-		counter_u64_add(V_pf_status.counters[reason], 1);
-	}
-
 	return (reason);
 }
 
@@ -793,7 +789,7 @@ pf_map_addr_sn(sa_family_t af, struct pf_krule *r, struct pf_addr *saddr,
 		if (nkif)
 			*nkif = sn->rkif;
 		if (V_pf_status.debug >= PF_DEBUG_NOISY) {
-			printf("pf_map_addr: src tracking maps ");
+			printf("%s: src tracking maps ", __func__);
 			pf_print_host(saddr, 0, af);
 			printf(" to ");
 			pf_print_host(naddr, 0, af);
@@ -808,14 +804,16 @@ pf_map_addr_sn(sa_family_t af, struct pf_krule *r, struct pf_addr *saddr,
 	 * Source node has not been found. Find a new address and store it
 	 * in variables given by the caller.
 	 */
-	if (pf_map_addr(af, r, saddr, naddr, nkif, init_addr, rpool) != 0) {
-		/* pf_map_addr() sets reason counters on its own */
+	if ((reason = pf_map_addr(af, r, saddr, naddr, nkif, init_addr,
+	    rpool)) != 0) {
+		if (V_pf_status.debug >= PF_DEBUG_MISC)
+			printf("%s: pf_map_addr has failed\n", __func__);
 		goto done;
 	}
 
 	if (V_pf_status.debug >= PF_DEBUG_NOISY &&
 	    (rpool->opts & PF_POOL_TYPEMASK) != PF_POOL_NONE) {
-		printf("pf_map_addr: selected address ");
+		printf("%s: selected address ", __func__);
 		pf_print_host(naddr, 0, af);
 		if (nkif)
 			printf("@%s", (*nkif)->pfik_name);
@@ -826,10 +824,6 @@ done:
 	if (sn != NULL)
 		PF_SRC_NODE_UNLOCK(sn);
 
-	if (reason) {
-		counter_u64_add(V_pf_status.counters[reason], 1);
-	}
-
 	return (reason);
 }
 
@@ -908,19 +902,19 @@ pf_get_transaddr(struct pf_test_ctx *ctx, struct pf_krule *r,
 			if (pf_get_mape_sport(pd, r, naddr, nportp,
 			    &ctx->udp_mapping, rpool)) {
 				DPFPRINTF(PF_DEBUG_MISC,
-				    ("pf: MAP-E port allocation (%u/%u/%u)"
-				    " failed\n",
+				    "pf: MAP-E port allocation (%u/%u/%u)"
+				    " failed",
 				    rpool->mape.offset,
 				    rpool->mape.psidlen,
-				    rpool->mape.psid));
+				    rpool->mape.psid);
 				reason = PFRES_MAPFAILED;
 				goto notrans;
 			}
 		} else if (pf_get_sport(pd, r, naddr, nportp, low, high,
 		    rpool, &ctx->udp_mapping, PF_SN_NAT)) {
 			DPFPRINTF(PF_DEBUG_MISC,
-			    ("pf: NAT proxy port allocation (%u-%u) failed\n",
-			    rpool->proxy_port[0], rpool->proxy_port[1]));
+			    "pf: NAT proxy port allocation (%u-%u) failed",
+			    rpool->proxy_port[0], rpool->proxy_port[1]);
 			reason = PFRES_MAPFAILED;
 			goto notrans;
 		}
@@ -1016,10 +1010,13 @@ pf_get_transaddr(struct pf_test_ctx *ctx, struct pf_krule *r,
 
 		if (rpool->proxy_port[1]) {
 			uint32_t	tmp_nport;
+			uint16_t	div;
+
+			div = r->rdr.proxy_port[1] - r->rdr.proxy_port[0] + 1;
+			div = (div == 0) ? 1 : div;
 
-			tmp_nport = ((ntohs(pd->ndport) - ntohs(r->dst.port[0])) %
-			    (rpool->proxy_port[1] - rpool->proxy_port[0] +
-			    1)) + rpool->proxy_port[0];
+			tmp_nport = ((ntohs(pd->ndport) - ntohs(r->dst.port[0])) % div) +
+			    rpool->proxy_port[0];
 
 			/* Wrap around if necessary. */
 			if (tmp_nport > 65535)
@@ -1086,13 +1083,13 @@ pf_get_transaddr(struct pf_test_ctx *ctx, struct pf_krule *r,
 		 * the state may be reused if the TCP state is terminal.
 		 */
 		DPFPRINTF(PF_DEBUG_MISC,
-		    ("pf: RDR source port allocation failed\n"));
+		    "pf: RDR source port allocation failed");
 		break;
 
 out:
 		DPFPRINTF(PF_DEBUG_MISC,
-		    ("pf: RDR source port allocation %u->%u\n",
-		    ntohs(pd->nsport), ntohs(ctx->nk->port[0])));
+		    "pf: RDR source port allocation %u->%u",
+		    ntohs(pd->nsport), ntohs(ctx->nk->port[0]));
 		break;
 	}
 	default:
@@ -1141,8 +1138,8 @@ pf_get_transaddr_af(struct pf_krule *r, struct pf_pdesc *pd)
 	if (pf_get_sport(pd, r, &nsaddr, &nport, r->nat.proxy_port[0],
 	    r->nat.proxy_port[1], &r->nat, NULL, PF_SN_NAT)) {
 		DPFPRINTF(PF_DEBUG_MISC,
-		    ("pf: af-to NAT proxy port allocation (%u-%u) failed",
-		    r->nat.proxy_port[0], r->nat.proxy_port[1]));
+		    "pf: af-to NAT proxy port allocation (%u-%u) failed",
+		    r->nat.proxy_port[0], r->nat.proxy_port[1]);
 		return (-1);
 	}