#include <sys/module.h>
#include <sys/sockio.h>
#include <sys/thread2.h>
-#include <vm/vm_zone.h>
#include <net/if.h>
#include <net/if_types.h>
#include <sys/module.h>
#include <sys/sockio.h>
#include <sys/thread2.h>
-#include <vm/vm_zone.h>
#include <machine/inttypes.h>
struct pf_state_peer *d)
{
if (s->scrub.scrub_flag && d->scrub == NULL) {
- d->scrub = pool_get(&pf_state_scrub_pl, PR_NOWAIT | PR_ZERO);
+ d->scrub = kmalloc(sizeof(struct pf_state_scrub), M_PFSYNC, M_NOWAIT|M_ZERO);
+
if (d->scrub == NULL)
return (ENOMEM);
}
goto cleanup;
if (flags & PFSYNC_SI_IOCTL)
- pool_flags = PR_WAITOK | PR_LIMITFAIL | PR_ZERO;
+ pool_flags = M_WAITOK | M_NULLOK | M_ZERO;
else
- pool_flags = PR_LIMITFAIL | PR_ZERO;
+ pool_flags = M_WAITOK | M_ZERO;
- if ((st = pool_get(&pf_state_pl, pool_flags)) == NULL)
+ if ((st = kmalloc(sizeof(struct pf_state), M_PFSYNC, pool_flags)) == NULL)
goto cleanup;
if ((skw = pf_alloc_state_key(pool_flags)) == NULL)
if (skw == sks)
sks = NULL;
if (skw != NULL)
- pool_put(&pf_state_key_pl, skw);
+ kfree(skw, M_PFSYNC);
if (sks != NULL)
- pool_put(&pf_state_key_pl, sks);
+ kfree(sks, M_PFSYNC);
cleanup_state: /* pf_state_insert frees the state keys */
if (st) {
if (st->dst.scrub)
- pool_put(&pf_state_scrub_pl, st->dst.scrub);
+ kfree(st->dst.scrub, M_PFSYNC);
if (st->src.scrub)
- pool_put(&pf_state_scrub_pl, st->src.scrub);
- pool_put(&pf_state_pl, st);
+ kfree(st->src.scrub, M_PFSYNC);
+ kfree(st, M_PFSYNC);
}
return (error);
}
#include <sys/time.h>
#include <sys/sysctl.h>
#include <sys/endian.h>
-#include <vm/vm_zone.h>
#include <sys/proc.h>
#include <sys/kthread.h>
struct pf_anchor *child;
} pf_anchor_stack[64];
-vm_zone_t pf_src_tree_pl, pf_rule_pl, pf_pooladdr_pl;
-vm_zone_t pf_state_pl, pf_state_key_pl, pf_state_item_pl;
-vm_zone_t pf_altq_pl;
+struct malloc_type *pf_src_tree_pl, *pf_rule_pl, *pf_pooladdr_pl;
+struct malloc_type *pf_state_pl, *pf_state_key_pl, *pf_state_item_pl;
+struct malloc_type *pf_altq_pl;
void pf_print_host(struct pf_addr *, u_int16_t, u_int8_t);
s->rule.ptr->states_cur--; \
} while (0)
+static MALLOC_DEFINE(M_PFSTATEPL, "pfstatepl", "pf state pool list");
+static MALLOC_DEFINE(M_PFSRCTREEPL, "pfsrctpl", "pf source tree pool list");
+static MALLOC_DEFINE(M_PFSTATEKEYPL, "pfstatekeypl", "pf state key pool list");
+static MALLOC_DEFINE(M_PFSTATEITEMPL, "pfstateitempl", "pf state item pool list");
+
static __inline int pf_src_compare(struct pf_src_node *, struct pf_src_node *);
static __inline int pf_state_compare_key(struct pf_state_key *,
struct pf_state_key *);
if (*sn == NULL) {
if (!rule->max_src_nodes ||
rule->src_nodes < rule->max_src_nodes)
- (*sn) = pool_get(&pf_src_tree_pl, PR_NOWAIT | PR_ZERO);
+ (*sn) = kmalloc(sizeof(struct pf_src_node), M_PFSRCTREEPL, M_NOWAIT|M_ZERO);
else
pf_status.lcounters[LCNT_SRCNODES]++;
if ((*sn) == NULL)
pf_print_host(&(*sn)->addr, 0, af);
kprintf("\n");
}
- pool_put(&pf_src_tree_pl, *sn);
+ kfree(*sn, M_PFSRCTREEPL);
return (-1);
}
(*sn)->creation = time_second;
(idx == PF_SK_STACK) ? sk : NULL);
kprintf("\n");
}
- pool_put(&pf_state_key_pl, sk);
+ kfree(sk, M_PFSTATEKEYPL);
return (-1); /* collision! */
}
- pool_put(&pf_state_key_pl, sk);
+ kfree(sk, M_PFSTATEKEYPL);
+
s->key[idx] = cur;
} else
s->key[idx] = sk;
- if ((si = pool_get(&pf_state_item_pl, PR_NOWAIT)) == NULL) {
+ if ((si = kmalloc(sizeof(struct pf_state_item), M_PFSTATEITEMPL, M_NOWAIT)) == NULL) {
pf_state_key_detach(s, idx);
return (-1);
}
pf_state_key_detach(struct pf_state *s, int idx)
{
struct pf_state_item *si;
-
si = TAILQ_FIRST(&s->key[idx]->states);
while (si && si->s != s)
si = TAILQ_NEXT(si, entry);
if (si) {
TAILQ_REMOVE(&s->key[idx]->states, si, entry);
- pool_put(&pf_state_item_pl, si);
+ kfree(si, M_PFSTATEITEMPL);
}
if (TAILQ_EMPTY(&s->key[idx]->states)) {
s->key[idx]->reverse->reverse = NULL;
if (s->key[idx]->inp)
s->key[idx]->inp->inp_pf_sk = NULL;
- pool_put(&pf_state_key_pl, s->key[idx]);
+ kfree(s->key[idx], M_PFSTATEKEYPL);
}
s->key[idx] = NULL;
}
{
struct pf_state_key *sk;
- if ((sk = pool_get(&pf_state_key_pl, pool_flags)) == NULL)
- return (NULL);
+ if ((sk = kmalloc(sizeof(struct pf_state_key), M_PFSTATEKEYPL, pool_flags)) == NULL)
+ return (NULL);
TAILQ_INIT(&sk->states);
return (sk);
{
KKASSERT((*skp == NULL && *nkp == NULL));
- if ((*skp = pf_alloc_state_key(PR_NOWAIT | PR_ZERO)) == NULL)
+ if ((*skp = pf_alloc_state_key(M_NOWAIT | M_ZERO)) == NULL)
return (ENOMEM);
PF_ACPY(&(*skp)->addr[pd->sidx], saddr, pd->af);
(*skp)->af = pd->af;
if (nr != NULL) {
- if ((*nkp = pf_alloc_state_key(PR_NOWAIT | PR_ZERO)) == NULL)
+ if ((*nkp = pf_alloc_state_key(M_NOWAIT | M_ZERO)) == NULL)
return (ENOMEM); /* caller must handle cleanup */
/* XXX maybe just bcopy and TAILQ_INIT(&(*nkp)->states) */
s->key[PF_SK_STACK] = s->key[PF_SK_WIRE];
} else {
if (pf_state_key_attach(skw, s, PF_SK_WIRE)) {
- pool_put(&pf_state_key_pl, sks);
+ kfree(sks, M_PFSTATEKEYPL);
return (-1);
}
if (pf_state_key_attach(sks, s, PF_SK_STACK)) {
RB_REMOVE(pf_src_tree, &tree_src_tracking, cur);
pf_status.scounters[SCNT_SRC_NODE_REMOVALS]++;
pf_status.src_nodes--;
- pool_put(&pf_src_tree_pl, cur);
+ kfree(cur, M_PFSRCTREEPL);
}
}
TAILQ_REMOVE(&state_list, cur, entry_list);
if (cur->tag)
pf_tag_unref(cur->tag);
- pool_put(&pf_state_pl, cur);
+ kfree(cur, M_PFSTATEPL);
pf_status.fcounters[FCNT_STATE_REMOVALS]++;
pf_status.states--;
}
cleanup:
if (sk != NULL)
- pool_put(&pf_state_key_pl, sk);
+ kfree(sk, M_PFSTATEKEYPL);
if (nk != NULL)
- pool_put(&pf_state_key_pl, nk);
+ kfree(nk, M_PFSTATEKEYPL);
return (PF_DROP);
}
REASON_SET(&reason, PFRES_SRCLIMIT);
goto csfailed;
}
- s = pool_get(&pf_state_pl, PR_NOWAIT | PR_ZERO);
+ s = kmalloc(sizeof(struct pf_state), M_PFSTATEPL, M_NOWAIT|M_ZERO);
if (s == NULL) {
REASON_SET(&reason, PFRES_MEMORY);
goto csfailed;
REASON_SET(&reason, PFRES_MEMORY);
pf_src_tree_remove_state(s);
STATE_DEC_COUNTERS(s);
- pool_put(&pf_state_pl, s);
+ kfree(s, M_PFSTATEPL);
return (PF_DROP);
}
if ((pd->flags & PFDESC_TCP_NORM) && s->src.scrub &&
pf_normalize_tcp_cleanup(s);
pf_src_tree_remove_state(s);
STATE_DEC_COUNTERS(s);
- pool_put(&pf_state_pl, s);
+ kfree(s, M_PFSTATEPL);
return (PF_DROP);
}
}
REASON_SET(&reason, PFRES_STATEINS);
pf_src_tree_remove_state(s);
STATE_DEC_COUNTERS(s);
- pool_put(&pf_state_pl, s);
+ kfree(s, M_PFSTATEPL);
return (PF_DROP);
} else
*sm = s;
csfailed:
if (sk != NULL)
- pool_put(&pf_state_key_pl, sk);
+ kfree(sk, M_PFSTATEKEYPL);
if (nk != NULL)
- pool_put(&pf_state_key_pl, nk);
+ kfree(nk, M_PFSTATEKEYPL);
if (sn != NULL && sn->states == 0 && sn->expire == 0) {
RB_REMOVE(pf_src_tree, &tree_src_tracking, sn);
pf_status.scounters[SCNT_SRC_NODE_REMOVALS]++;
pf_status.src_nodes--;
- pool_put(&pf_src_tree_pl, sn);
+ kfree(sn, M_PFSRCTREEPL);
}
if (nsn != sn && nsn != NULL && nsn->states == 0 && nsn->expire == 0) {
RB_REMOVE(pf_src_tree, &tree_src_tracking, nsn);
pf_status.scounters[SCNT_SRC_NODE_REMOVALS]++;
pf_status.src_nodes--;
- pool_put(&pf_src_tree_pl, nsn);
+ kfree(nsn, M_PFSRCTREEPL);
}
return (PF_DROP);
}
#include <sys/kernel.h>
#include <sys/thread2.h>
#include <sys/time.h>
-#include <vm/vm_zone.h>
#include <net/if.h>
#include <net/if_types.h>
#endif /* INET6 */
struct pfi_kif *pfi_all = NULL;
-vm_zone_t pfi_addr_pl;
struct pfi_ifhead pfi_ifs;
long pfi_update = 1;
struct pfr_addr *pfi_buffer;
#define PFI_BUFFER_MAX 0x10000
MALLOC_DEFINE(PFI_MTYPE, "pf_if", "pf interface table");
+static MALLOC_DEFINE(M_PFIADDRPL, "pfiaddrpl", "pf interface address pool list");
+
void
pfi_initialize(void)
if (aw->type != PF_ADDR_DYNIFTL)
return (0);
- if ((dyn = pool_get(&pfi_addr_pl, PR_WAITOK | PR_LIMITFAIL | PR_ZERO))
+ if ((dyn = kmalloc(sizeof(struct pfi_dynaddr), M_PFIADDRPL, M_WAITOK|M_NULLOK|M_ZERO))
== NULL)
return (1);
pf_remove_if_empty_ruleset(ruleset);
if (dyn->pfid_kif != NULL)
pfi_kif_unref(dyn->pfid_kif, PFI_KIF_REF_RULE);
- pool_put(&pfi_addr_pl, dyn);
+ kfree(dyn, M_PFIADDRPL);
crit_exit();
return (rv);
}
aw->p.dyn->pfid_kif = NULL;
pfr_detach_table(aw->p.dyn->pfid_kt);
aw->p.dyn->pfid_kt = NULL;
- pool_put(&pfi_addr_pl, aw->p.dyn);
+ kfree(aw->p.dyn, M_PFIADDRPL);
aw->p.dyn = NULL;
crit_exit();
}
#include <sys/proc.h>
#include <sys/malloc.h>
#include <sys/module.h>
-#include <vm/vm_zone.h>
#include <sys/lock.h>
#include <sys/thread2.h>
u_int rt_numfibs = RT_NUMFIBS;
-void init_zone_var(void);
-void cleanup_pf_zone(void);
-int pfattach(void);
+void pfattach(void);
struct pf_pool *pf_get_pool(char *, u_int32_t, u_int8_t, u_int32_t,
u_int8_t, u_int8_t, u_int8_t);
static cdev_t pf_dev;
+static MALLOC_DEFINE(M_PFRULEPL, "pfrulepl", "pf rule pool list");
+static MALLOC_DEFINE(M_PFALTQPL, "pfaltqpl", "pf altq pool list");
+static MALLOC_DEFINE(M_PFPOOLADDRPL, "pfpooladdrpl", "pf pool address pool list");
+static MALLOC_DEFINE(M_PFFRENTPL, "pffrent", "pf frent pool list");
+
+
/*
* XXX - These are new and need to be checked when moveing to a new version
*/
"Enable/disable pf user/group rules mpsafe hack");
void
-init_zone_var(void)
-{
- pf_src_tree_pl = pf_rule_pl = NULL;
- pf_state_pl = pf_altq_pl = pf_pooladdr_pl = NULL;
- pf_frent_pl = pf_frag_pl = pf_cache_pl = pf_cent_pl = NULL;
- pf_state_scrub_pl = NULL;
- pfr_ktable_pl = pfr_kentry_pl = NULL;
-}
-
-void
-cleanup_pf_zone(void)
-{
- ZONE_DESTROY(pf_src_tree_pl);
- ZONE_DESTROY(pf_rule_pl);
- ZONE_DESTROY(pf_state_pl);
- ZONE_DESTROY(pf_altq_pl);
- ZONE_DESTROY(pf_pooladdr_pl);
- ZONE_DESTROY(pf_frent_pl);
- ZONE_DESTROY(pf_frag_pl);
- ZONE_DESTROY(pf_cache_pl);
- ZONE_DESTROY(pf_cent_pl);
- ZONE_DESTROY(pfr_ktable_pl);
- ZONE_DESTROY(pfr_kentry_pl);
- ZONE_DESTROY(pfr_kentry_pl2);
- ZONE_DESTROY(pf_state_scrub_pl);
- ZONE_DESTROY(pfi_addr_pl);
-}
-
-int
pfattach(void)
{
u_int32_t *my_timeout = pf_default_rule.timeout;
- int error = 1;
+
if (!rn_inithead((void **)&pf_maskhead, NULL, 0)) {
kprintf("pf mask radix tree create failed\n");
return ENOMEM;
}
-
- do {
- ZONE_CREATE(pf_src_tree_pl,struct pf_src_node, "pfsrctrpl");
- ZONE_CREATE(pf_rule_pl, struct pf_rule, "pfrulepl");
- ZONE_CREATE(pf_state_pl, struct pf_state, "pfstatepl");
- ZONE_CREATE(pf_state_key_pl, struct pf_state_key, "pfstatekeypl");
- ZONE_CREATE(pf_state_item_pl, struct pf_state_item, "pfstateitempl");
- ZONE_CREATE(pf_altq_pl, struct pf_altq, "pfaltqpl");
- ZONE_CREATE(pf_pooladdr_pl,struct pf_pooladdr, "pfpooladdrpl");
- ZONE_CREATE(pfr_ktable_pl, struct pfr_ktable, "pfrktable");
- ZONE_CREATE(pfr_kentry_pl, struct pfr_kentry, "pfrkentry");
- ZONE_CREATE(pfr_kentry_pl2, struct pfr_kentry, "pfrkentry2");
- ZONE_CREATE(pf_frent_pl, struct pf_frent, "pffrent");
- ZONE_CREATE(pf_frag_pl, struct pf_fragment, "pffrag");
- ZONE_CREATE(pf_cache_pl, struct pf_fragment, "pffrcache");
- ZONE_CREATE(pf_cent_pl, struct pf_frcache, "pffrcent");
- ZONE_CREATE(pf_state_scrub_pl, struct pf_state_scrub,
- "pfstatescrub");
- ZONE_CREATE(pfi_addr_pl, struct pfi_dynaddr, "pfiaddrpl");
- error = 0;
- } while(0);
- if (error) {
- cleanup_pf_zone();
- return (error);
- }
+ kmalloc_create(&pf_state_pl, "pf state pool list");
+ kmalloc_raise_limit(pf_state_pl, 0);
+ kmalloc_create(&pf_frent_pl, "pf fragment pool list");
+ kmalloc_raise_limit(pf_frent_pl, 0);
+ kmalloc_create(&pf_cent_pl, "pf cent pool list");
+ kmalloc_raise_limit(pf_cent_pl, 0);
+
pfr_initialize();
pfi_initialize();
- error = pf_osfp_initialize();
- if (error) {
- cleanup_pf_zone();
- pf_osfp_cleanup();
- return (error);
- }
+ pf_osfp_initialize();
pf_pool_limits[PF_LIMIT_STATES].pp = pf_state_pl;
pf_pool_limits[PF_LIMIT_STATES].limit = PFSTATE_HIWAT;
pf_pool_limits[PF_LIMIT_FRAGS].pp = pf_frent_pl;
pf_pool_limits[PF_LIMIT_FRAGS].limit = PFFRAG_FRENT_HIWAT;
- /* XXX uma_zone_set_max(pf_pool_limits[PF_LIMIT_STATES].pp,
- pf_pool_limits[PF_LIMIT_STATES].limit);
- */
if (ctob(physmem) <= 100*1024*1024)
pf_pool_limits[PF_LIMIT_TABLE_ENTRIES].limit =
PFR_KENTRY_HIWAT_SMALL;
pf_normalize_init();
bzero(&pf_status, sizeof(pf_status));
pf_status.debug = PF_DEBUG_URGENT;
-
/* XXX do our best to avoid a conflict */
pf_status.hostid = karc4random();
if (kthread_create(pf_purge_thread, NULL, NULL, "pfpurge"))
panic("pfpurge thread");
-
- return (error);
}
int
pf_tbladdr_remove(&empty_pool_pa->addr);
pfi_kif_unref(empty_pool_pa->kif, PFI_KIF_REF_RULE);
TAILQ_REMOVE(poola, empty_pool_pa, entries);
- pool_put(&pf_pooladdr_pl, empty_pool_pa);
+ kfree(empty_pool_pa, M_PFPOOLADDRPL);
}
}
pfi_kif_unref(rule->kif, PFI_KIF_REF_RULE);
pf_anchor_remove(rule);
pf_empty_pool(&rule->rpool.list);
- pool_put(&pf_rule_pl, rule);
+ kfree(rule, M_PFRULEPL);
}
u_int16_t
error = altq_remove(altq);
} else
pf_qid_unref(altq->qid);
- pool_put(&pf_altq_pl, altq);
+ kfree(altq, M_PFALTQPL);
}
if (error)
return (error);
error = altq_remove(altq);
} else
pf_qid_unref(altq->qid);
- pool_put(&pf_altq_pl, altq);
+ kfree(altq, M_PFALTQPL);
}
altqs_inactive_open = 0;
return (error);
error = err;
} else
pf_qid_unref(altq->qid);
- pool_put(&pf_altq_pl, altq);
+ kfree(altq, M_PFALTQPL);
}
crit_exit();
error = EBUSY;
break;
}
- rule = pool_get(&pf_rule_pl, PR_WAITOK|PR_LIMITFAIL);
+ rule = kmalloc(sizeof(struct pf_rule), M_PFRULEPL,M_WAITOK);
if (rule == NULL) {
error = ENOMEM;
break;
rule->entries.tqe_prev = NULL;
#ifndef INET
if (rule->af == AF_INET) {
- pool_put(&pf_rule_pl, rule);
+ kfree(rule, M_PFRULEPL);
error = EAFNOSUPPORT;
break;
}
#endif /* INET */
#ifndef INET6
if (rule->af == AF_INET6) {
- pool_put(&pf_rule_pl, rule);
+ kfree(rule, M_PFRULEPL);
error = EAFNOSUPPORT;
break;
}
if (rule->ifname[0]) {
rule->kif = pfi_kif_get(rule->ifname);
if (rule->kif == NULL) {
- pool_put(&pf_rule_pl, rule);
+ kfree(rule, M_PFRULEPL);
error = EINVAL;
break;
}
}
if (pcr->action != PF_CHANGE_REMOVE) {
- newrule = pool_get(&pf_rule_pl, PR_WAITOK|PR_LIMITFAIL);
+ newrule = kmalloc(sizeof(struct pf_rule), M_PFRULEPL, M_WAITOK|M_NULLOK);
if (newrule == NULL) {
error = ENOMEM;
break;
newrule->entries.tqe_prev = NULL;
#ifndef INET
if (newrule->af == AF_INET) {
- pool_put(&pf_rule_pl, newrule);
+ kfree(newrule, M_PFRULEPL);
error = EAFNOSUPPORT;
break;
}
#endif /* INET */
#ifndef INET6
if (newrule->af == AF_INET6) {
- pool_put(&pf_rule_pl, newrule);
+ kfree(newrule, M_PFRULEPL);
error = EAFNOSUPPORT;
break;
}
if (newrule->ifname[0]) {
newrule->kif = pfi_kif_get(newrule->ifname);
if (newrule->kif == NULL) {
- pool_put(&pf_rule_pl, newrule);
+ kfree(newrule, M_PFRULEPL);
error = EINVAL;
break;
}
error = EBUSY;
break;
}
- altq = pool_get(&pf_altq_pl, PR_WAITOK|PR_LIMITFAIL);
+ altq = kmalloc(sizeof(struct pf_altq), M_PFALTQPL, M_WAITOK|M_NULLOK);
if (altq == NULL) {
error = ENOMEM;
break;
if (altq->qname[0] != 0) {
if ((altq->qid = pf_qname2qid(altq->qname)) == 0) {
error = EBUSY;
- pool_put(&pf_altq_pl, altq);
+ kfree(altq, M_PFALTQPL);
break;
}
altq->altq_disc = NULL;
error = altq_add(altq);
if (error) {
- pool_put(&pf_altq_pl, altq);
+ kfree(altq, M_PFALTQPL);
break;
}
error = EINVAL;
break;
}
- pa = pool_get(&pf_pooladdr_pl, PR_WAITOK|PR_LIMITFAIL);
+ pa = kmalloc(sizeof(struct pf_altq), M_PFPOOLADDRPL, M_WAITOK|M_NULLOK);
if (pa == NULL) {
error = ENOMEM;
break;
if (pa->ifname[0]) {
pa->kif = pfi_kif_get(pa->ifname);
if (pa->kif == NULL) {
- pool_put(&pf_pooladdr_pl, pa);
+ kfree(ap, M_PFPOOLADDRPL);
error = EINVAL;
break;
}
if (pfi_dynaddr_setup(&pa->addr, pp->af)) {
pfi_dynaddr_remove(&pa->addr);
pfi_kif_unref(pa->kif, PFI_KIF_REF_RULE);
- pool_put(&pf_pooladdr_pl, pa);
+ kfree(pa, M_PFPOOLADDRPL);
error = EINVAL;
break;
}
break;
}
if (pca->action != PF_CHANGE_REMOVE) {
- newpa = pool_get(&pf_pooladdr_pl,
- PR_WAITOK|PR_LIMITFAIL);
+ newpa = kmalloc(sizeof(struct pf_pooladdr),
+ M_PFPOOLADDRPL, M_WAITOK|M_NULLOK);
if (newpa == NULL) {
error = ENOMEM;
break;
bcopy(&pca->addr, newpa, sizeof(struct pf_pooladdr));
#ifndef INET
if (pca->af == AF_INET) {
- pool_put(&pf_pooladdr_pl, newpa);
+ kfree(newpa, M_PFPOOLADDRPL);
error = EAFNOSUPPORT;
break;
}
#endif /* INET */
#ifndef INET6
if (pca->af == AF_INET6) {
- pool_put(&pf_pooladdr_pl, newpa);
+ kfree(newpa, M_PFPOOLADDRPL);
error = EAFNOSUPPORT;
break;
}
if (newpa->ifname[0]) {
newpa->kif = pfi_kif_get(newpa->ifname);
if (newpa->kif == NULL) {
- pool_put(&pf_pooladdr_pl, newpa);
+ kfree(newpa, M_PFPOOLADDRPL);
error = EINVAL;
break;
}
pf_tbladdr_setup(ruleset, &newpa->addr)) {
pfi_dynaddr_remove(&newpa->addr);
pfi_kif_unref(newpa->kif, PFI_KIF_REF_RULE);
- pool_put(&pf_pooladdr_pl, newpa);
+ kfree(newpa, M_PFPOOLADDRPL);
error = EINVAL;
break;
}
pfi_dynaddr_remove(&oldpa->addr);
pf_tbladdr_remove(&oldpa->addr);
pfi_kif_unref(oldpa->kif, PFI_KIF_REF_RULE);
- pool_put(&pf_pooladdr_pl, oldpa);
+ kfree(oldpa, M_PFPOOLADDRPL);
} else {
if (oldpa == NULL)
TAILQ_INSERT_TAIL(&pool->list, newpa, entries);
static void
pf_clear_states(void)
{
- struct pf_state *state;
+ struct pf_state *s, *nexts;
+ u_int killed = 0;
+
+ for (s = RB_MIN(pf_state_tree_id, &tree_id); s; s = nexts) {
+ nexts = RB_NEXT(pf_state_tree_id, &tree_id, s);
- RB_FOREACH(state, pf_state_tree_id, &tree_id) {
- state->timeout = PFTM_PURGE;
/* don't send out individual delete messages */
- state->sync_flags = PFSTATE_NOSYNC;
- pf_unlink_state(state);
+ s->sync_flags = PFSTATE_NOSYNC;
+ pf_unlink_state(s);
+ killed++;
+
}
- pf_status.states = 0;
+
#if 0 /* PFSYNC */
/*
* XXX This is called on module unload, we do not want to sync that over? */
pf_purge_expired_src_nodes(0);
pf_status.src_nodes = 0;
}
+
/*
* XXX - Check for version missmatch!!!
*/
pf_status.running = 0;
+ error = dehook_pf();
+ if (error) {
+ pf_status.running = 1;
+ DPFPRINTF(PF_DEBUG_MISC,
+ ("pf: pfil unregistration failed\n"));
+ return(error);
+ }
do {
if ((error = pf_begin_rules(&t[0], PF_RULESET_SCRUB, &nn)) != 0) {
DPFPRINTF(PF_DEBUG_MISC, ("shutdown_pf: SCRUB\n"));
pf_commit_altq(t[0]);
#endif
pf_clear_states();
-
pf_clear_srcnodes();
/* status does not use malloced mem so no need to cleanup */
/* fingerprints and interfaces have their own cleanup code */
} while(0);
-
return (error);
}
lwkt_gettoken(&pf_token);
- init_zone_var();
lockinit(&pf_mod_lck, "pf task lck", 0, LK_CANRECURSE);
pf_dev = make_dev(&pf_ops, 0, 0, 0, 0600, PF_NAME);
- error = pfattach();
- if (error) {
- dev_ops_remove_all(&pf_ops);
- lockuninit(&pf_mod_lck);
- lwkt_reltoken(&pf_token);
- return (error);
- }
+ pfattach();
lockinit(&pf_consistency_lock, "pfconslck", 0, LK_CANRECURSE);
lwkt_reltoken(&pf_token);
return (0);
}
pfi_cleanup();
pf_osfp_flush();
- pf_osfp_cleanup();
- cleanup_pf_zone();
dev_ops_remove_all(&pf_ops);
lockuninit(&pf_consistency_lock);
lockuninit(&pf_mod_lck);
Free(pf_maskhead);
pf_maskhead = NULL;
}
+ kmalloc_destroy(&pf_state_pl);
+ kmalloc_destroy(&pf_frent_pl);
+ kmalloc_destroy(&pf_cent_pl);
return 0;
}
#include <sys/socket.h>
#include <sys/kernel.h>
#include <sys/time.h>
-#include <vm/vm_zone.h>
#include <net/if.h>
#include <net/if_types.h>
} \
} while(0)
+static MALLOC_DEFINE(M_PFFRAGPL, "pffrag", "pf fragment pool list");
+static MALLOC_DEFINE(M_PFCACHEPL, "pffrcache", "pf fragment cache pool list");
+static MALLOC_DEFINE(M_PFFRENTPL, "pffrent", "pf frent pool list");
+static MALLOC_DEFINE(M_PFCENTPL, "pffrcent", "pf fragment cent pool list");
+static MALLOC_DEFINE(M_PFSTATESCRUBPL, "pfstatescrub", "pf state scrub pool list");
+
/* Globals */
-vm_zone_t pf_frent_pl, pf_frag_pl, pf_cache_pl, pf_cent_pl;
-vm_zone_t pf_state_scrub_pl;
+struct malloc_type *pf_frent_pl, *pf_frag_pl, *pf_cache_pl, *pf_cent_pl;
+struct malloc_type *pf_state_scrub_pl;
int pf_nfrents, pf_ncache;
void
LIST_REMOVE(frent, fr_next);
m_freem(frent->fr_m);
- pool_put(&pf_frent_pl, frent);
+ kfree(frent, M_PFFRENTPL);
pf_nfrents--;
}
} else {
("! (LIST_EMPTY() || LIST_FIRST()->fr_off >"
" frcache->fr_end): %s", __func__));
- pool_put(&pf_cent_pl, frcache);
+ kfree(frcache, M_PFCENTPL);
pf_ncache--;
}
}
if (BUFFER_FRAGMENTS(frag)) {
RB_REMOVE(pf_frag_tree, &pf_frag_tree, frag);
TAILQ_REMOVE(&pf_fragqueue, frag, frag_next);
- pool_put(&pf_frag_pl, frag);
+ kfree(frag, M_PFFRAGPL);
} else {
RB_REMOVE(pf_frag_tree, &pf_cache_tree, frag);
TAILQ_REMOVE(&pf_cachequeue, frag, frag_next);
- pool_put(&pf_cache_pl, frag);
+ kfree(frag, M_PFCACHEPL);
}
}
/* Create a new reassembly queue for this packet */
if (*frag == NULL) {
- *frag = pool_get(&pf_frag_pl, PR_NOWAIT);
+ *frag = kmalloc(sizeof(struct pf_fragment), M_PFFRAGPL, M_NOWAIT);
if (*frag == NULL) {
pf_flush_fragments();
- *frag = pool_get(&pf_frag_pl, PR_NOWAIT);
+ *frag = kmalloc(sizeof(struct pf_fragment), M_PFFRAGPL, M_NOWAIT);
if (*frag == NULL)
goto drop_fragment;
}
next = LIST_NEXT(frea, fr_next);
m_freem(frea->fr_m);
LIST_REMOVE(frea, fr_next);
- pool_put(&pf_frent_pl, frea);
+ kfree(frea, M_PFFRENTPL);
pf_nfrents--;
}
m2 = m->m_next;
m->m_next = NULL;
m_cat(m, m2);
- pool_put(&pf_frent_pl, frent);
+ kfree(frent, M_PFFRENTPL);
pf_nfrents--;
for (frent = next; frent != NULL; frent = next) {
next = LIST_NEXT(frent, fr_next);
m2 = frent->fr_m;
- pool_put(&pf_frent_pl, frent);
+ kfree(frent, M_PFFRENTPL);
pf_nfrents--;
m_cat(m, m2);
}
drop_fragment:
/* Oops - fail safe - drop packet */
- pool_put(&pf_frent_pl, frent);
+ kfree(frent, M_PFFRENTPL);
pf_nfrents--;
m_freem(m);
return (NULL);
/* Create a new range queue for this packet */
if (*frag == NULL) {
- *frag = pool_get(&pf_cache_pl, PR_NOWAIT);
+ *frag = kmalloc(sizeof(struct pf_fragment), M_PFCACHEPL, M_NOWAIT);
if (*frag == NULL) {
pf_flush_fragments();
- *frag = pool_get(&pf_cache_pl, PR_NOWAIT);
+ *frag = kmalloc(sizeof(struct pf_fragment), M_PFCACHEPL, M_NOWAIT);
if (*frag == NULL)
goto no_mem;
}
/* Get an entry for the queue */
- cur = pool_get(&pf_cent_pl, PR_NOWAIT);
+ cur = kmalloc(sizeof(struct pf_frcache), M_PFCENTPL, M_NOWAIT);
if (cur == NULL) {
- pool_put(&pf_cache_pl, *frag);
+ kfree(*frag, M_PFCACHEPL);
*frag = NULL;
goto no_mem;
}
h->ip_id, -precut, frp->fr_off, frp->fr_end, off,
max));
- cur = pool_get(&pf_cent_pl, PR_NOWAIT);
+ cur = kmalloc(sizeof(struct pf_frcache), M_PFCENTPL, M_NOWAIT);
if (cur == NULL)
goto no_mem;
pf_ncache++;
h->ip_id, -aftercut, off, max, fra->fr_off,
fra->fr_end));
- cur = pool_get(&pf_cent_pl, PR_NOWAIT);
+ cur = kmalloc(sizeof(struct pf_frcache), M_PFCENTPL, M_NOWAIT);
if (cur == NULL)
goto no_mem;
pf_ncache++;
max, fra->fr_off, fra->fr_end));
fra->fr_off = cur->fr_off;
LIST_REMOVE(cur, fr_next);
- pool_put(&pf_cent_pl, cur);
+ kfree(cur, M_PFCENTPL);
pf_ncache--;
cur = NULL;
max, fra->fr_off, fra->fr_end));
fra->fr_off = frp->fr_off;
LIST_REMOVE(frp, fr_next);
- pool_put(&pf_cent_pl, frp);
+ kfree(frp, M_PFCENTPL);
pf_ncache--;
frp = NULL;
goto bad;
/* Get an entry for the fragment queue */
- frent = pool_get(&pf_frent_pl, PR_NOWAIT);
+ frent = kmalloc(sizeof(struct pf_frent), M_PFFRENTPL, M_NOWAIT);
if (frent == NULL) {
REASON_SET(reason, PFRES_MEMORY);
return (PF_DROP);
KASSERT((src->scrub == NULL),
("pf_normalize_tcp_init: src->scrub != NULL"));
- src->scrub = pool_get(&pf_state_scrub_pl, PR_NOWAIT);
+ src->scrub = kmalloc(sizeof(struct pf_state_scrub), M_PFSTATESCRUBPL, M_NOWAIT);
if (src->scrub == NULL)
return (1);
bzero(src->scrub, sizeof(*src->scrub));
pf_normalize_tcp_cleanup(struct pf_state *state)
{
if (state->src.scrub)
- pool_put(&pf_state_scrub_pl, state->src.scrub);
+ kfree(state->src.scrub, M_PFSTATESCRUBPL);
if (state->dst.scrub)
- pool_put(&pf_state_scrub_pl, state->dst.scrub);
+ kfree(state->dst.scrub, M_PFSTATESCRUBPL);
/* Someday... flush the TCP segment reassembly descriptors. */
}
#include <sys/param.h>
#include <sys/socket.h>
#ifdef _KERNEL
-# include <sys/systm.h>
+#include <sys/systm.h>
#endif /* _KERNEL */
#include <sys/mbuf.h>
# define DPFPRINTF(format, x...) \
if (pf_status.debug >= PF_DEBUG_NOISY) \
kprintf(format , ##x)
-typedef vm_zone_t pool_t;
#else
/* Userland equivalents so we can lend code to tcpdump et al. */
# include <stdlib.h>
# include <string.h>
# include <netdb.h>
-# define pool_t int
-# define pool_get(pool, flags) malloc(*(pool))
-# define pool_put(pool, item) free(item)
-# define pool_init(pool, size, a, ao, f, m, p) (*(pool)) = (size)
# ifdef PFDEBUG
# include <sys/stdarg.h>
# endif /* PFDEBUG */
#endif /* _KERNEL */
+static MALLOC_DEFINE(M_PFOSFPENTRYPL, "pfospfen", "pf OS finger printing pool list");
+static MALLOC_DEFINE(M_PFOSFPPL, "pfosfp", "pf OS finger printing pool list");
SLIST_HEAD(pf_osfp_list, pf_os_fingerprint) pf_osfp_list;
-pool_t pf_osfp_entry_pl;
-pool_t pf_osfp_pl;
struct pf_os_fingerprint *pf_osfp_find(struct pf_osfp_list *,
struct pf_os_fingerprint *, u_int8_t);
}
/* Initialize the OS fingerprint system */
-int
+void
pf_osfp_initialize(void)
{
- int error = 0;
-
-#ifdef _KERNEL
- do {
- error = ENOMEM;
- pf_osfp_entry_pl = pf_osfp_pl = NULL;
- ZONE_CREATE(pf_osfp_entry_pl, struct pf_osfp_entry, "pfospfen");
- ZONE_CREATE(pf_osfp_pl, struct pf_os_fingerprint, "pfosfp");
- error = 0;
- } while(0);
-#else
- pool_init(&pf_osfp_entry_pl, sizeof(struct pf_osfp_entry), 0, 0, 0,
- "pfosfpen", NULL);
- pool_init(&pf_osfp_pl, sizeof(struct pf_os_fingerprint), 0, 0, 0,
- "pfosfp", NULL);
-#endif
SLIST_INIT(&pf_osfp_list);
-
- return (error);
}
-#ifdef _KERNEL
-void
-pf_osfp_cleanup(void)
-{
- ZONE_DESTROY(pf_osfp_entry_pl);
- ZONE_DESTROY(pf_osfp_pl);
-}
-#endif
-
/* Flush the fingerprint list */
void
pf_osfp_flush(void)
SLIST_REMOVE_HEAD(&pf_osfp_list, fp_next);
while ((entry = SLIST_FIRST(&fp->fp_oses))) {
SLIST_REMOVE_HEAD(&fp->fp_oses, fp_entry);
- pool_put(&pf_osfp_entry_pl, entry);
+ kfree(entry, M_PFOSFPENTRYPL);
}
- pool_put(&pf_osfp_pl, fp);
+ kfree(fp, M_PFOSFPPL);
}
}
if (PF_OSFP_ENTRY_EQ(entry, &fpioc->fp_os))
return (EEXIST);
}
- if ((entry = pool_get(&pf_osfp_entry_pl,
- PR_WAITOK|PR_LIMITFAIL)) == NULL)
+ if ((entry = kmalloc(sizeof(struct pf_osfp_entry),
+ M_PFOSFPENTRYPL, M_WAITOK|M_NULLOK)) == NULL)
return (ENOMEM);
} else {
- if ((fp = pool_get(&pf_osfp_pl,
- PR_WAITOK|PR_LIMITFAIL)) == NULL)
+ if ((fp = kmalloc(sizeof(struct pf_os_fingerprint),
+ M_PFOSFPPL, M_WAITOK|M_NULLOK)) == NULL)
return (ENOMEM);
memset(fp, 0, sizeof(*fp));
fp->fp_tcpopts = fpioc->fp_tcpopts;
fp->fp_wscale = fpioc->fp_wscale;
fp->fp_ttl = fpioc->fp_ttl;
SLIST_INIT(&fp->fp_oses);
- if ((entry = pool_get(&pf_osfp_entry_pl,
- PR_WAITOK|PR_LIMITFAIL)) == NULL) {
- pool_put(&pf_osfp_pl, fp);
+ if ((entry = kmalloc(sizeof(struct pf_osfp_entry),
+ M_PFOSFPENTRYPL, M_WAITOK|M_NULLOK)) == NULL) {
+ kfree(fp, M_PFOSFPPL);
return (ENOMEM);
}
pf_osfp_insert(&pf_osfp_list, fp);
# define DPFPRINTF(format, x...) \
if (pf_status.debug >= PF_DEBUG_NOISY) \
kprintf(format , ##x)
-#define rs_malloc(x) kmalloc(x, M_TEMP, M_WAITOK)
-#define rs_free(x) kfree(x, M_TEMP)
+#define rs_malloc(x) kmalloc(x, M_PFRS, M_WAITOK)
+#define rs_free(x) kfree(x, M_PFRS)
#define printf kprintf
+
+static MALLOC_DEFINE(M_PFRS, "pfrulesetpl", "pf ruleset pool list");
+
#else
/* Userland equivalents so we can lend code to pfctl et al. */
# endif /* PFDEBUG */
#endif /* _KERNEL */
-
struct pf_anchor_global pf_anchors;
struct pf_anchor pf_main_anchor;
#include <sys/queue.h>
#include <sys/kernel.h>
#include <sys/resourcevar.h>
-#include <vm/vm_zone.h>
#include <net/if.h>
#define ISN_BYTES_PER_SECOND 1048576
#define ISN_STATIC_INCREMENT 4096
#define ISN_RANDOM_INCREMENT (4096 - 1)
-
-/* wrapper functions for pool_* */
-void *
-pool_get(vm_zone_t *pp, int flags)
-{
- void *retval;
- retval = zalloc(*(pp));
-
- if (flags & PR_ZERO)
- bzero(retval, (*pp)->zsize);
-
- return retval;
-}
#include <sys/kernel.h>
#include <sys/malloc.h>
#include <sys/thread2.h>
-#include <vm/vm_zone.h>
#include <net/if.h>
#include <net/route.h>
#define ENQUEUE_UNMARKED_ONLY (1)
#define INVERT_NEG_FLAG (1)
+static MALLOC_DEFINE(M_PFRKTABLEPL, "pfrktable", "pf radix table pool list");
+static MALLOC_DEFINE(M_PFRKENTRYPL, "pfrkentry", "pf radix entry pool list");
+static MALLOC_DEFINE(M_PFRKENTRYPL2, "pfrkentry2", "pf radix entry 2 pool list");
+static MALLOC_DEFINE(M_PFRKCOUNTERSPL, "pfrkcounters", "pf radix counters");
+
struct pfr_walktree {
enum pfrw_op {
PFRW_MARK,
#define pfrw_cnt pfrw_free
#define senderr(e) do { rv = (e); goto _bad; } while (0)
-
-vm_zone_t pfr_ktable_pl;
-vm_zone_t pfr_kentry_pl;
-vm_zone_t pfr_kentry_pl2;
-vm_zone_t pfr_kcounters_pl;
+struct malloc_type *pfr_ktable_pl;
+struct malloc_type *pfr_kentry_pl;
+struct malloc_type *pfr_kentry_pl2;
struct sockaddr_in pfr_sin;
struct sockaddr_in6 pfr_sin6;
union sockaddr_union pfr_mask;
struct pfr_kentry *ke;
if (intr)
- ke = pool_get(&pfr_kentry_pl2, PR_NOWAIT | PR_ZERO);
+ ke = kmalloc(sizeof(struct pfr_kentry), M_PFRKENTRYPL2, M_NOWAIT|M_ZERO);
else
- ke = pool_get(&pfr_kentry_pl, PR_NOWAIT|PR_ZERO|PR_LIMITFAIL);
+ ke = kmalloc(sizeof(struct pfr_kentry), M_PFRKENTRYPL, M_NOWAIT|M_ZERO|M_NULLOK);
if (ke == NULL)
return (NULL);
pfr_destroy_kentry(struct pfr_kentry *ke)
{
if (ke->pfrke_counters)
- pool_put(&pfr_kcounters_pl, ke->pfrke_counters);
+ kfree(ke->pfrke_counters, M_PFRKCOUNTERSPL);
if (ke->pfrke_intrpool)
- pool_put(&pfr_kentry_pl2, ke);
+ kfree(ke, M_PFRKENTRYPL2);
else
- pool_put(&pfr_kentry_pl, ke);
+ kfree(ke, M_PFRKENTRYPL);
}
void
if (negchange)
p->pfrke_not = !p->pfrke_not;
if (p->pfrke_counters) {
- pool_put(&pfr_kcounters_pl, p->pfrke_counters);
+ kfree(p->pfrke_counters, M_PFRKCOUNTERSPL);
p->pfrke_counters = NULL;
}
crit_exit();
struct pfr_ktable *kt;
struct pf_ruleset *rs;
- kt = pool_get(&pfr_ktable_pl, PR_NOWAIT| PR_ZERO | PR_LIMITFAIL);
+ kt = kmalloc(sizeof(struct pfr_ktable), M_PFRKTABLEPL, M_NOWAIT|M_ZERO|M_NULLOK);
if (kt == NULL)
return (NULL);
kt->pfrkt_t = *tbl;
kt->pfrkt_rs->tables--;
pf_remove_if_empty_ruleset(kt->pfrkt_rs);
}
- pool_put(&pfr_ktable_pl, kt);
+ kfree(kt, M_PFRKTABLEPL);
}
int
if (ke != NULL && op_pass != PFR_OP_XPASS &&
(kt->pfrkt_flags & PFR_TFLAG_COUNTERS)) {
if (ke->pfrke_counters == NULL)
- ke->pfrke_counters = pool_get(&pfr_kcounters_pl,
- PR_NOWAIT | PR_ZERO);
+ ke->pfrke_counters = kmalloc(sizeof(struct pfr_kcounters),
+ M_PFRKCOUNTERSPL, M_NOWAIT|M_ZERO);
if (ke->pfrke_counters != NULL) {
ke->pfrke_counters->pfrkc_packets[dir_out][op_pass]++;
ke->pfrke_counters->pfrkc_bytes[dir_out][op_pass] += len;
#include <netinet/in.h>
#include <netinet/in_pcb.h>
-#ifdef _KERNEL
-#include <vm/vm_zone.h>
-#endif
/*
* XXX
* Address manipulation macros
*/
-/* XXX correct values for zinit? */
-#define ZONE_CREATE(var, type, desc) \
- var = zinit(desc, sizeof(type), 1, ZONE_DESTROYABLE, 1); \
- if (var == NULL) break
-#define ZONE_DESTROY(a) zdestroy(a)
-
-/* #define pool_get(p, f) zalloc(*(p)) */
-#define pool_put(p, o) zfree(*(p), (o))
-
#define NTOHS(x) (x) = ntohs((__uint16_t)(x))
#define HTONS(x) (x) = htons((__uint16_t)(x))
void *hook_establish(struct hook_desc_head *, int, void (*)(void *), void *);
void hook_disestablish(struct hook_desc_head *, void *);
void dohooks(struct hook_desc_head *, int);
-void *pool_get (vm_zone_t *, int);
#define HOOK_REMOVE 0x01
#define HOOK_FREE 0x02
(neg) \
)
-
struct pf_rule_uid {
uid_t uid[2];
u_int8_t op;
extern void pf_tbladdr_remove(struct pf_addr_wrap *);
extern void pf_tbladdr_copyout(struct pf_addr_wrap *);
extern void pf_calc_skip_steps(struct pf_rulequeue *);
-extern vm_zone_t pf_src_tree_pl, pf_rule_pl;
-extern vm_zone_t pf_state_pl, pf_state_key_pl, pf_state_item_pl,
- pf_altq_pl, pf_pooladdr_pl;
-extern vm_zone_t pfr_ktable_pl, pfr_kentry_pl;
-extern vm_zone_t pfr_kentry_pl2;
-extern vm_zone_t pf_cache_pl, pf_cent_pl;
-extern vm_zone_t pf_state_scrub_pl;
-extern vm_zone_t pfi_addr_pl;
+extern struct malloc_type *pf_src_tree_pl, *pf_rule_pl;
+extern struct malloc_type *pf_state_pl, *pf_state_key_pl, *pf_state_item_pl,
+ *pf_altq_pl, *pf_pooladdr_pl;
+extern struct malloc_type *pfr_ktable_pl, *pfr_kentry_pl;
+extern struct malloc_type *pfr_kentry_pl2;
+extern struct malloc_type *pf_cache_pl, *pf_cent_pl;
+extern struct malloc_type *pf_state_scrub_pl;
+extern struct malloc_type *pfi_addr_pl;
extern void pf_purge_thread(void *);
extern int pf_purge_expired_src_nodes(int);
extern int pf_purge_expired_states(u_int32_t, int);
void pf_qid_unref(u_int32_t);
extern struct pf_status pf_status;
-extern vm_zone_t pf_frent_pl, pf_frag_pl;
+extern struct malloc_type *pf_frent_pl, *pf_frag_pl;
extern struct lock pf_consistency_lock;
struct pf_pool_limit {
const struct tcphdr *);
void pf_osfp_flush(void);
int pf_osfp_get(struct pf_osfp_ioctl *);
-int pf_osfp_initialize(void);
-void pf_osfp_cleanup(void);
+void pf_osfp_initialize(void);
int pf_osfp_match(struct pf_osfp_enlist *, pf_osfp_t);
struct pf_os_fingerprint *
pf_osfp_validate(void);
lentferj's projects / dragonfly.git / commitdiff