From owner-svn-src-all@FreeBSD.ORG Wed Mar 12 10:46:06 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F0B52D30; Wed, 12 Mar 2014 10:46:05 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id D8440A91; Wed, 12 Mar 2014 10:46:05 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s2CAk5gG025780; Wed, 12 Mar 2014 10:46:05 GMT (envelope-from glebius@svn.freebsd.org) Received: (from glebius@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s2CAjxnX025719; Wed, 12 Mar 2014 10:45:59 GMT (envelope-from glebius@svn.freebsd.org) Message-Id: <201403121045.s2CAjxnX025719@svn.freebsd.org> From: Gleb Smirnoff Date: Wed, 12 Mar 2014 10:45:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r263086 - in stable/10: contrib/libpcap contrib/tcpdump etc/mtree include sbin/ifconfig sbin/ipfw sys/contrib/altq/altq sys/net sys/netpfil/ipfw sys/netpfil/pf usr.bin/kdump usr.bin/net... X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Mar 2014 10:46:06 -0000 Author: glebius Date: Wed Mar 12 10:45:58 2014 New Revision: 263086 URL: http://svnweb.freebsd.org/changeset/base/263086 Log: Bulk sync of pf changes from head, in attempt to fixup broken build I made in r263029. Merge r257186,257215,257349,259736,261797. These changesets split pfvar.h into several smaller headers and make userland utilities to include only some of them. Added: stable/10/sys/netpfil/pf/pf.h - copied, changed from r257215, head/sys/netpfil/pf/pf.h stable/10/sys/netpfil/pf/pf_altq.h - copied unchanged from r257215, head/sys/netpfil/pf/pf_altq.h stable/10/sys/netpfil/pf/pf_mtag.h - copied unchanged from r257215, head/sys/netpfil/pf/pf_mtag.h Deleted: stable/10/sys/net/pf_mtag.h Modified: stable/10/contrib/libpcap/grammar.y stable/10/contrib/tcpdump/print-ip.c stable/10/etc/mtree/BSD.include.dist stable/10/include/Makefile stable/10/sbin/ifconfig/Makefile stable/10/sbin/ipfw/Makefile stable/10/sbin/ipfw/ipfw2.h stable/10/sys/contrib/altq/altq/altq_cbq.c stable/10/sys/contrib/altq/altq/altq_cdnr.c stable/10/sys/contrib/altq/altq/altq_hfsc.c stable/10/sys/contrib/altq/altq/altq_priq.c stable/10/sys/contrib/altq/altq/altq_red.c stable/10/sys/contrib/altq/altq/altq_rio.c stable/10/sys/contrib/altq/altq/altq_rmclass.c stable/10/sys/contrib/altq/altq/altq_subr.c stable/10/sys/net/if_ethersubr.c stable/10/sys/net/pfvar.h stable/10/sys/netpfil/ipfw/ip_fw2.c stable/10/sys/netpfil/pf/pf.c stable/10/sys/netpfil/pf/pf_lb.c stable/10/sys/netpfil/pf/pf_norm.c stable/10/usr.bin/kdump/Makefile stable/10/usr.bin/kdump/mkioctls stable/10/usr.bin/netstat/Makefile stable/10/usr.bin/netstat/if.c stable/10/usr.bin/netstat/main.c stable/10/usr.sbin/bsnmpd/modules/Makefile stable/10/usr.sbin/tcpdump/tcpdump/Makefile Directory Properties: stable/10/ (props changed) Modified: stable/10/contrib/libpcap/grammar.y ============================================================================== --- stable/10/contrib/libpcap/grammar.y Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/contrib/libpcap/grammar.y Wed Mar 12 10:45:58 2014 (r263086) @@ -56,7 +56,7 @@ struct rtentry; #include "gencode.h" #ifdef HAVE_NET_PFVAR_H #include -#include +#include #include #endif #include "ieee80211.h" Modified: stable/10/contrib/tcpdump/print-ip.c ============================================================================== --- stable/10/contrib/tcpdump/print-ip.c Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/contrib/tcpdump/print-ip.c Wed Mar 12 10:45:58 2014 (r263086) @@ -483,9 +483,11 @@ again: pgm_print(ipds->cp, ipds->len, (const u_char *)ipds->ip); break; +#if defined(HAVE_NET_PFVAR_H) case IPPROTO_PFSYNC: pfsync_ip_print(ipds->cp, ipds->len); break; +#endif default: if (ndo->ndo_nflag==0 && (proto = getprotobynumber(ipds->nh)) != NULL) Modified: stable/10/etc/mtree/BSD.include.dist ============================================================================== --- stable/10/etc/mtree/BSD.include.dist Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/etc/mtree/BSD.include.dist Wed Mar 12 10:45:58 2014 (r263086) @@ -287,6 +287,10 @@ sig .. .. + netpfil + pf + .. + .. netsmb .. nfs Modified: stable/10/include/Makefile ============================================================================== --- stable/10/include/Makefile Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/include/Makefile Wed Mar 12 10:45:58 2014 (r263086) @@ -280,6 +280,13 @@ symlinks: ${DESTDIR}${INCLUDEDIR}/netinet; \ done .endif +.if ${MK_PF} != "no" + cd ${.CURDIR}/../sys/netpfil/pf; \ + for h in *.h; do \ + ln -fs ../../../../sys/netpfil/pf/$$h \ + ${DESTDIR}${INCLUDEDIR}/netpfil/pf; \ + done +.endif cd ${.CURDIR}/../sys/crypto; \ for h in rijndael/rijndael.h; do \ ln -fs ../../../sys/crypto/$$h \ Modified: stable/10/sbin/ifconfig/Makefile ============================================================================== --- stable/10/sbin/ifconfig/Makefile Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/sbin/ifconfig/Makefile Wed Mar 12 10:45:58 2014 (r263086) @@ -40,7 +40,9 @@ LDADD+= -lbsdxml -lsbuf SRCS+= carp.c # SIOC[GS]VH support SRCS+= ifgroup.c # ... +.if ${MK_PF} != "no" SRCS+= ifpfsync.c # pfsync(4) support +.endif SRCS+= ifbridge.c # bridge support SRCS+= iflagg.c # lagg support Modified: stable/10/sbin/ipfw/Makefile ============================================================================== --- stable/10/sbin/ipfw/Makefile Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/sbin/ipfw/Makefile Wed Mar 12 10:45:58 2014 (r263086) @@ -1,8 +1,16 @@ # $FreeBSD$ +.include + PROG= ipfw -SRCS= ipfw2.c dummynet.c ipv6.c main.c nat.c altq.c +SRCS= ipfw2.c dummynet.c ipv6.c main.c nat.c WARNS?= 2 + +.if ${MK_PF} != "no" +SRCS+= altq.c +CFLAGS+=-DPF +.endif + DPADD= ${LIBUTIL} LDADD= -lutil MAN= ipfw.8 Modified: stable/10/sbin/ipfw/ipfw2.h ============================================================================== --- stable/10/sbin/ipfw/ipfw2.h Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/sbin/ipfw/ipfw2.h Wed Mar 12 10:45:58 2014 (r263086) @@ -266,11 +266,14 @@ void ipfw_flush(int force); void ipfw_zero(int ac, char *av[], int optname); void ipfw_list(int ac, char *av[], int show_counters); +#ifdef PF /* altq.c */ void altq_set_enabled(int enabled); u_int32_t altq_name_to_qid(const char *name); - void print_altq_cmd(struct _ipfw_insn_altq *altqptr); +#else +#define NO_ALTQ +#endif /* dummynet.c */ void dummynet_list(int ac, char *av[], int show_counters); Modified: stable/10/sys/contrib/altq/altq/altq_cbq.c ============================================================================== --- stable/10/sys/contrib/altq/altq/altq_cbq.c Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/sys/contrib/altq/altq/altq_cbq.c Wed Mar 12 10:45:58 2014 (r263086) @@ -54,9 +54,12 @@ #endif #include +#include #include -#include +#include +#include +#include #include #include #ifdef ALTQ3_COMPAT Modified: stable/10/sys/contrib/altq/altq/altq_cdnr.c ============================================================================== --- stable/10/sys/contrib/altq/altq/altq_cdnr.c Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/sys/contrib/altq/altq/altq_cdnr.c Wed Mar 12 10:45:58 2014 (r263086) @@ -55,6 +55,7 @@ #include #endif +#include #include #ifdef ALTQ3_COMPAT #include Modified: stable/10/sys/contrib/altq/altq/altq_hfsc.c ============================================================================== --- stable/10/sys/contrib/altq/altq/altq_hfsc.c Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/sys/contrib/altq/altq/altq_hfsc.c Wed Mar 12 10:45:58 2014 (r263086) @@ -66,9 +66,12 @@ #endif /* ALTQ3_COMPAT */ #include +#include #include -#include +#include +#include +#include #include #include #ifdef ALTQ3_COMPAT Modified: stable/10/sys/contrib/altq/altq/altq_priq.c ============================================================================== --- stable/10/sys/contrib/altq/altq/altq_priq.c Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/sys/contrib/altq/altq/altq_priq.c Wed Mar 12 10:45:58 2014 (r263086) @@ -51,9 +51,12 @@ #include #include +#include #include -#include +#include +#include +#include #include #ifdef ALTQ3_COMPAT #include Modified: stable/10/sys/contrib/altq/altq/altq_red.c ============================================================================== --- stable/10/sys/contrib/altq/altq/altq_red.c Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/sys/contrib/altq/altq/altq_red.c Wed Mar 12 10:45:58 2014 (r263086) @@ -86,6 +86,7 @@ #endif /* ALTQ3_COMPAT */ #include +#include #include #include @@ -94,7 +95,9 @@ #include #endif -#include +#include +#include +#include #include #include #ifdef ALTQ3_COMPAT Modified: stable/10/sys/contrib/altq/altq/altq_rio.c ============================================================================== --- stable/10/sys/contrib/altq/altq/altq_rio.c Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/sys/contrib/altq/altq/altq_rio.c Wed Mar 12 10:45:58 2014 (r263086) @@ -81,6 +81,7 @@ #endif #include +#include #include #include @@ -89,7 +90,8 @@ #include #endif -#include +#include +#include #include #include #include Modified: stable/10/sys/contrib/altq/altq/altq_rmclass.c ============================================================================== --- stable/10/sys/contrib/altq/altq/altq_rmclass.c Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/sys/contrib/altq/altq/altq_rmclass.c Wed Mar 12 10:45:58 2014 (r263086) @@ -59,12 +59,14 @@ #endif #include +#include #ifdef ALTQ3_COMPAT #include #include #include #endif +#include #include #include #include Modified: stable/10/sys/contrib/altq/altq/altq_subr.c ============================================================================== --- stable/10/sys/contrib/altq/altq/altq_subr.c Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/sys/contrib/altq/altq/altq_subr.c Wed Mar 12 10:45:58 2014 (r263086) @@ -49,6 +49,7 @@ #include #include +#include #include #include #ifdef __FreeBSD__ @@ -64,7 +65,8 @@ #include #include -#include +#include +#include #include #ifdef ALTQ3_COMPAT #include Modified: stable/10/sys/net/if_ethersubr.c ============================================================================== --- stable/10/sys/net/if_ethersubr.c Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/sys/net/if_ethersubr.c Wed Mar 12 10:45:58 2014 (r263086) @@ -62,10 +62,11 @@ #include #include #include -#include #include #include +#include + #if defined(INET) || defined(INET6) #include #include Modified: stable/10/sys/net/pfvar.h ============================================================================== --- stable/10/sys/net/pfvar.h Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/sys/net/pfvar.h Wed Mar 12 10:45:58 2014 (r263086) @@ -42,82 +42,9 @@ #include #include -#include - -#define PF_TCPS_PROXY_SRC ((TCP_NSTATES)+0) -#define PF_TCPS_PROXY_DST ((TCP_NSTATES)+1) - -#define PF_MD5_DIGEST_LENGTH 16 -#ifdef MD5_DIGEST_LENGTH -#if PF_MD5_DIGEST_LENGTH != MD5_DIGEST_LENGTH -#error -#endif -#endif - -enum { PF_INOUT, PF_IN, PF_OUT }; -enum { PF_PASS, PF_DROP, PF_SCRUB, PF_NOSCRUB, PF_NAT, PF_NONAT, - PF_BINAT, PF_NOBINAT, PF_RDR, PF_NORDR, PF_SYNPROXY_DROP, PF_DEFER }; -enum { PF_RULESET_SCRUB, PF_RULESET_FILTER, PF_RULESET_NAT, - PF_RULESET_BINAT, PF_RULESET_RDR, PF_RULESET_MAX }; -enum { PF_OP_NONE, PF_OP_IRG, PF_OP_EQ, PF_OP_NE, PF_OP_LT, - PF_OP_LE, PF_OP_GT, PF_OP_GE, PF_OP_XRG, PF_OP_RRG }; -enum { PF_DEBUG_NONE, PF_DEBUG_URGENT, PF_DEBUG_MISC, PF_DEBUG_NOISY }; -enum { PF_CHANGE_NONE, PF_CHANGE_ADD_HEAD, PF_CHANGE_ADD_TAIL, - PF_CHANGE_ADD_BEFORE, PF_CHANGE_ADD_AFTER, - PF_CHANGE_REMOVE, PF_CHANGE_GET_TICKET }; -enum { PF_GET_NONE, PF_GET_CLR_CNTR }; -enum { PF_SK_WIRE, PF_SK_STACK, PF_SK_BOTH }; - -/* - * Note about PFTM_*: real indices into pf_rule.timeout[] come before - * PFTM_MAX, special cases afterwards. See pf_state_expires(). - */ -enum { PFTM_TCP_FIRST_PACKET, PFTM_TCP_OPENING, PFTM_TCP_ESTABLISHED, - PFTM_TCP_CLOSING, PFTM_TCP_FIN_WAIT, PFTM_TCP_CLOSED, - PFTM_UDP_FIRST_PACKET, PFTM_UDP_SINGLE, PFTM_UDP_MULTIPLE, - PFTM_ICMP_FIRST_PACKET, PFTM_ICMP_ERROR_REPLY, - PFTM_OTHER_FIRST_PACKET, PFTM_OTHER_SINGLE, - PFTM_OTHER_MULTIPLE, PFTM_FRAG, PFTM_INTERVAL, - PFTM_ADAPTIVE_START, PFTM_ADAPTIVE_END, PFTM_SRC_NODE, - PFTM_TS_DIFF, PFTM_MAX, PFTM_PURGE, PFTM_UNLINKED }; - -/* PFTM default values */ -#define PFTM_TCP_FIRST_PACKET_VAL 120 /* First TCP packet */ -#define PFTM_TCP_OPENING_VAL 30 /* No response yet */ -#define PFTM_TCP_ESTABLISHED_VAL 24*60*60/* Established */ -#define PFTM_TCP_CLOSING_VAL 15 * 60 /* Half closed */ -#define PFTM_TCP_FIN_WAIT_VAL 45 /* Got both FINs */ -#define PFTM_TCP_CLOSED_VAL 90 /* Got a RST */ -#define PFTM_UDP_FIRST_PACKET_VAL 60 /* First UDP packet */ -#define PFTM_UDP_SINGLE_VAL 30 /* Unidirectional */ -#define PFTM_UDP_MULTIPLE_VAL 60 /* Bidirectional */ -#define PFTM_ICMP_FIRST_PACKET_VAL 20 /* First ICMP packet */ -#define PFTM_ICMP_ERROR_REPLY_VAL 10 /* Got error response */ -#define PFTM_OTHER_FIRST_PACKET_VAL 60 /* First packet */ -#define PFTM_OTHER_SINGLE_VAL 30 /* Unidirectional */ -#define PFTM_OTHER_MULTIPLE_VAL 60 /* Bidirectional */ -#define PFTM_FRAG_VAL 30 /* Fragment expire */ -#define PFTM_INTERVAL_VAL 10 /* Expire interval */ -#define PFTM_SRC_NODE_VAL 0 /* Source tracking */ -#define PFTM_TS_DIFF_VAL 30 /* Allowed TS diff */ - -enum { PF_NOPFROUTE, PF_FASTROUTE, PF_ROUTETO, PF_DUPTO, PF_REPLYTO }; -enum { PF_LIMIT_STATES, PF_LIMIT_SRC_NODES, PF_LIMIT_FRAGS, - PF_LIMIT_TABLE_ENTRIES, PF_LIMIT_MAX }; -#define PF_POOL_IDMASK 0x0f -enum { PF_POOL_NONE, PF_POOL_BITMASK, PF_POOL_RANDOM, - PF_POOL_SRCHASH, PF_POOL_ROUNDROBIN }; -enum { PF_ADDR_ADDRMASK, PF_ADDR_NOROUTE, PF_ADDR_DYNIFTL, - PF_ADDR_TABLE, PF_ADDR_URPFFAILED, - PF_ADDR_RANGE }; -#define PF_POOL_TYPEMASK 0x0f -#define PF_POOL_STICKYADDR 0x20 -#define PF_WSCALE_FLAG 0x80 -#define PF_WSCALE_MASK 0x0f - -#define PF_LOG 0x01 -#define PF_LOG_ALL 0x02 -#define PF_LOG_SOCKET_LOOKUP 0x04 +#include +#include +#include struct pf_addr { union { @@ -134,8 +61,6 @@ struct pf_addr { #define addr32 pfa.addr32 }; -#define PF_TABLE_NAME_SIZE 32 - #define PFI_AFLAG_NETWORK 0x01 #define PFI_AFLAG_BROADCAST 0x02 #define PFI_AFLAG_PEER 0x04 @@ -564,7 +489,6 @@ struct pf_rule { union pf_rule_ptr skip[PF_SKIP_COUNT]; #define PF_RULE_LABEL_SIZE 64 char label[PF_RULE_LABEL_SIZE]; -#define PF_QNAME_SIZE 64 char ifname[IFNAMSIZ]; char qname[PF_QNAME_SIZE]; char pqname[PF_QNAME_SIZE]; @@ -1199,43 +1123,6 @@ struct pf_pdesc { #define PF_DPORT_RANGE 0x01 /* Dest port uses range */ #define PF_RPORT_RANGE 0x02 /* RDR'ed port uses range */ -/* Reasons code for passing/dropping a packet */ -#define PFRES_MATCH 0 /* Explicit match of a rule */ -#define PFRES_BADOFF 1 /* Bad offset for pull_hdr */ -#define PFRES_FRAG 2 /* Dropping following fragment */ -#define PFRES_SHORT 3 /* Dropping short packet */ -#define PFRES_NORM 4 /* Dropping by normalizer */ -#define PFRES_MEMORY 5 /* Dropped due to lacking mem */ -#define PFRES_TS 6 /* Bad TCP Timestamp (RFC1323) */ -#define PFRES_CONGEST 7 /* Congestion (of ipintrq) */ -#define PFRES_IPOPTIONS 8 /* IP option */ -#define PFRES_PROTCKSUM 9 /* Protocol checksum invalid */ -#define PFRES_BADSTATE 10 /* State mismatch */ -#define PFRES_STATEINS 11 /* State insertion failure */ -#define PFRES_MAXSTATES 12 /* State limit */ -#define PFRES_SRCLIMIT 13 /* Source node/conn limit */ -#define PFRES_SYNPROXY 14 /* SYN proxy */ -#define PFRES_MAX 15 /* total+1 */ - -#define PFRES_NAMES { \ - "match", \ - "bad-offset", \ - "fragment", \ - "short", \ - "normalize", \ - "memory", \ - "bad-timestamp", \ - "congestion", \ - "ip-option", \ - "proto-cksum", \ - "state-mismatch", \ - "state-insert", \ - "state-limit", \ - "src-limit", \ - "synproxy", \ - NULL \ -} - /* Counters for other things we want to keep track of */ #define LCNT_STATES 0 /* states */ #define LCNT_SRCSTATES 1 /* max-src-states */ @@ -1326,69 +1213,6 @@ struct pf_status { u_int8_t pf_chksum[PF_MD5_DIGEST_LENGTH]; }; -struct cbq_opts { - u_int minburst; - u_int maxburst; - u_int pktsize; - u_int maxpktsize; - u_int ns_per_byte; - u_int maxidle; - int minidle; - u_int offtime; - int flags; -}; - -struct priq_opts { - int flags; -}; - -struct hfsc_opts { - /* real-time service curve */ - u_int rtsc_m1; /* slope of the 1st segment in bps */ - u_int rtsc_d; /* the x-projection of m1 in msec */ - u_int rtsc_m2; /* slope of the 2nd segment in bps */ - /* link-sharing service curve */ - u_int lssc_m1; - u_int lssc_d; - u_int lssc_m2; - /* upper-limit service curve */ - u_int ulsc_m1; - u_int ulsc_d; - u_int ulsc_m2; - int flags; -}; - -struct pf_altq { - char ifname[IFNAMSIZ]; - - void *altq_disc; /* discipline-specific state */ - TAILQ_ENTRY(pf_altq) entries; - - /* scheduler spec */ - u_int8_t scheduler; /* scheduler type */ - u_int16_t tbrsize; /* tokenbucket regulator size */ - u_int32_t ifbandwidth; /* interface bandwidth */ - - /* queue spec */ - char qname[PF_QNAME_SIZE]; /* queue name */ - char parent[PF_QNAME_SIZE]; /* parent name */ - u_int32_t parent_qid; /* parent queue id */ - u_int32_t bandwidth; /* queue bandwidth */ - u_int8_t priority; /* priority */ - u_int8_t local_flags; /* dynamic interface */ -#define PFALTQ_FLAG_IF_REMOVED 0x01 - - u_int16_t qlimit; /* queue size limit */ - u_int16_t flags; /* misc flags */ - union { - struct cbq_opts cbq_opts; - struct priq_opts priq_opts; - struct hfsc_opts hfsc_opts; - } pq_u; - - u_int32_t qid; /* return value */ -}; - struct pf_divert { union { struct in_addr ipv4; Modified: stable/10/sys/netpfil/ipfw/ip_fw2.c ============================================================================== --- stable/10/sys/netpfil/ipfw/ip_fw2.c Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/sys/netpfil/ipfw/ip_fw2.c Wed Mar 12 10:45:58 2014 (r263086) @@ -60,10 +60,11 @@ __FBSDID("$FreeBSD$"); #include /* for ETHERTYPE_IP */ #include #include -#include #include #include +#include + #include #include #include Modified: stable/10/sys/netpfil/pf/pf.c ============================================================================== --- stable/10/sys/netpfil/pf/pf.c Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/sys/netpfil/pf/pf.c Wed Mar 12 10:45:58 2014 (r263086) @@ -67,7 +67,6 @@ __FBSDID("$FreeBSD$"); #include #include -#include #include #include Copied and modified: stable/10/sys/netpfil/pf/pf.h (from r257215, head/sys/netpfil/pf/pf.h) ============================================================================== --- head/sys/netpfil/pf/pf.h Sun Oct 27 16:25:57 2013 (r257215, copy source) +++ stable/10/sys/netpfil/pf/pf.h Wed Mar 12 10:45:58 2014 (r263086) @@ -31,7 +31,7 @@ */ #ifndef _NET_PF_H_ -#define _NET_PFAR_H_ +#define _NET_PF_H_ #define PF_TCPS_PROXY_SRC ((TCP_NSTATES)+0) #define PF_TCPS_PROXY_DST ((TCP_NSTATES)+1) Copied: stable/10/sys/netpfil/pf/pf_altq.h (from r257215, head/sys/netpfil/pf/pf_altq.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/10/sys/netpfil/pf/pf_altq.h Wed Mar 12 10:45:58 2014 (r263086, copy of r257215, head/sys/netpfil/pf/pf_altq.h) @@ -0,0 +1,99 @@ +/* + * Copyright (c) 2001 Daniel Hartmeier + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * - Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * $OpenBSD: pfvar.h,v 1.282 2009/01/29 15:12:28 pyr Exp $ + * $FreeBSD$ + */ + +#ifndef _NET_PF_ALTQ_H_ +#define _NET_PF_ALTQ_H_ + +struct cbq_opts { + u_int minburst; + u_int maxburst; + u_int pktsize; + u_int maxpktsize; + u_int ns_per_byte; + u_int maxidle; + int minidle; + u_int offtime; + int flags; +}; + +struct priq_opts { + int flags; +}; + +struct hfsc_opts { + /* real-time service curve */ + u_int rtsc_m1; /* slope of the 1st segment in bps */ + u_int rtsc_d; /* the x-projection of m1 in msec */ + u_int rtsc_m2; /* slope of the 2nd segment in bps */ + /* link-sharing service curve */ + u_int lssc_m1; + u_int lssc_d; + u_int lssc_m2; + /* upper-limit service curve */ + u_int ulsc_m1; + u_int ulsc_d; + u_int ulsc_m2; + int flags; +}; + +struct pf_altq { + char ifname[IFNAMSIZ]; + + void *altq_disc; /* discipline-specific state */ + TAILQ_ENTRY(pf_altq) entries; + + /* scheduler spec */ + uint8_t scheduler; /* scheduler type */ + uint16_t tbrsize; /* tokenbucket regulator size */ + uint32_t ifbandwidth; /* interface bandwidth */ + + /* queue spec */ + char qname[PF_QNAME_SIZE]; /* queue name */ + char parent[PF_QNAME_SIZE]; /* parent name */ + uint32_t parent_qid; /* parent queue id */ + uint32_t bandwidth; /* queue bandwidth */ + uint8_t priority; /* priority */ + uint8_t local_flags; /* dynamic interface */ +#define PFALTQ_FLAG_IF_REMOVED 0x01 + + uint16_t qlimit; /* queue size limit */ + uint16_t flags; /* misc flags */ + union { + struct cbq_opts cbq_opts; + struct priq_opts priq_opts; + struct hfsc_opts hfsc_opts; + } pq_u; + + uint32_t qid; /* return value */ +}; + +#endif /* _NET_PF_ALTQ_H_ */ Modified: stable/10/sys/netpfil/pf/pf_lb.c ============================================================================== --- stable/10/sys/netpfil/pf/pf_lb.c Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/sys/netpfil/pf/pf_lb.c Wed Mar 12 10:45:58 2014 (r263086) @@ -48,7 +48,6 @@ __FBSDID("$FreeBSD$"); #include #include #include -#include #define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x Copied: stable/10/sys/netpfil/pf/pf_mtag.h (from r257215, head/sys/netpfil/pf/pf_mtag.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/10/sys/netpfil/pf/pf_mtag.h Wed Mar 12 10:45:58 2014 (r263086, copy of r257215, head/sys/netpfil/pf/pf_mtag.h) @@ -0,0 +1,62 @@ +/* $FreeBSD$ */ +/* + * Copyright (c) 2001 Daniel Hartmeier + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * - Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef _NET_PF_MTAG_H_ +#define _NET_PF_MTAG_H_ + +#ifdef _KERNEL + +#define PF_TAG_GENERATED 0x01 +#define PF_TAG_FRAGCACHE 0x02 +#define PF_TAG_TRANSLATE_LOCALHOST 0x04 +#define PF_PACKET_LOOPED 0x08 +#define PF_FASTFWD_OURS_PRESENT 0x10 + +struct pf_mtag { + void *hdr; /* saved hdr pos in mbuf, for ECN */ + u_int32_t qid; /* queue id */ + u_int16_t tag; /* tag id */ + u_int8_t flags; + u_int8_t routed; +}; + +static __inline struct pf_mtag * +pf_find_mtag(struct mbuf *m) +{ + struct m_tag *mtag; + + if ((mtag = m_tag_find(m, PACKET_TAG_PF, NULL)) == NULL) + return (NULL); + + return ((struct pf_mtag *)(mtag + 1)); +} +#endif /* _KERNEL */ +#endif /* _NET_PF_MTAG_H_ */ Modified: stable/10/sys/netpfil/pf/pf_norm.c ============================================================================== --- stable/10/sys/netpfil/pf/pf_norm.c Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/sys/netpfil/pf/pf_norm.c Wed Mar 12 10:45:58 2014 (r263086) @@ -43,7 +43,6 @@ __FBSDID("$FreeBSD$"); #include #include #include -#include #include #include Modified: stable/10/usr.bin/kdump/Makefile ============================================================================== --- stable/10/usr.bin/kdump/Makefile Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/usr.bin/kdump/Makefile Wed Mar 12 10:45:58 2014 (r263086) @@ -1,6 +1,8 @@ # @(#)Makefile 8.1 (Berkeley) 6/6/93 # $FreeBSD$ +.include + .if (${MACHINE_ARCH} == "amd64") SFX= 32 .endif @@ -12,6 +14,10 @@ SRCS= kdump_subr.c kdump.c ioctl.c subr DPSRCS= kdump_subr.h CFLAGS+= -I${.CURDIR}/../ktrace -I${.CURDIR} -I${.CURDIR}/../.. -I. +.if ${MK_PF} != "no" +CFLAGS+=-DPF +.endif + .if ${MACHINE_ARCH} == "amd64" || ${MACHINE_ARCH} == "i386" SRCS+= linux_syscalls.c .endif Modified: stable/10/usr.bin/kdump/mkioctls ============================================================================== --- stable/10/usr.bin/kdump/mkioctls Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/usr.bin/kdump/mkioctls Wed Mar 12 10:45:58 2014 (r263086) @@ -21,7 +21,8 @@ LC_ALL=C; export LC_ALL # XXX should we use an ANSI cpp? ioctl_includes=$( cd $includedir - find -H -s * -name '*.h' | grep -v '.*disk.*\.h' | \ + find -H -s * -name '*.h' | \ + egrep -v '(.*disk.*|net/pfvar|net/if_pfsync)\.h' | \ xargs egrep -l \ '^#[ ]*define[ ]+[A-Za-z_][A-Za-z0-9_]*[ ]+_IO[^a-z0-9_]' | awk '{printf("#include <%s>\\n", $1)}' @@ -54,7 +55,10 @@ BEGIN { print "#include " print "#include " print "#include " + print "#ifdef PF" print "#include " + print "#include " + print "#endif" print "#include " print "#include " print "#include " Modified: stable/10/usr.bin/netstat/Makefile ============================================================================== --- stable/10/usr.bin/netstat/Makefile Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/usr.bin/netstat/Makefile Wed Mar 12 10:45:58 2014 (r263086) @@ -27,6 +27,10 @@ CFLAGS+=-DINET6 CFLAGS+=-DSDP .endif +.if ${MK_PF} != "no" +CFLAGS+=-DPF +.endif + BINGRP= kmem BINMODE=2555 DPADD= ${LIBKVM} ${LIBMEMSTAT} ${LIBUTIL} Modified: stable/10/usr.bin/netstat/if.c ============================================================================== --- stable/10/usr.bin/netstat/if.c Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/usr.bin/netstat/if.c Wed Mar 12 10:45:58 2014 (r263086) @@ -49,13 +49,15 @@ __FBSDID("$FreeBSD$"); #include #include #include -#include -#include #include #include #include #include #include +#ifdef PF +#include +#include +#endif #include #include @@ -81,6 +83,7 @@ static void sidewaysintpr(int); static char addr_buf[NI_MAXHOST]; /* for getnameinfo() */ #endif +#ifdef PF static const char* pfsyncacts[] = { /* PFSYNC_ACT_CLR */ "clear all request", /* PFSYNC_ACT_INS */ "state insert", @@ -155,6 +158,7 @@ pfsync_stats(u_long off, const char *nam p(pfsyncs_oerrors, "\t\t%ju send error%s\n"); #undef p } +#endif /* PF */ /* * Display a formatted value, or a '-' in the same space. Modified: stable/10/usr.bin/netstat/main.c ============================================================================== --- stable/10/usr.bin/netstat/main.c Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/usr.bin/netstat/main.c Wed Mar 12 10:45:58 2014 (r263086) @@ -214,8 +214,10 @@ struct protox { pim_stats, NULL, "pim", 1, IPPROTO_PIM }, { -1, N_CARPSTAT, 1, NULL, carp_stats, NULL, "carp", 1, 0 }, +#ifdef PF { -1, N_PFSYNCSTAT, 1, NULL, pfsync_stats, NULL, "pfsync", 1, 0 }, +#endif { -1, N_ARPSTAT, 1, NULL, arp_stats, NULL, "arp", 1, 0 }, { -1, -1, 0, NULL, Modified: stable/10/usr.sbin/bsnmpd/modules/Makefile ============================================================================== --- stable/10/usr.sbin/bsnmpd/modules/Makefile Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/usr.sbin/bsnmpd/modules/Makefile Wed Mar 12 10:45:58 2014 (r263086) @@ -13,12 +13,15 @@ SUBDIR= ${_snmp_atm} \ snmp_hast \ snmp_hostres \ snmp_mibII \ - snmp_pf \ snmp_target \ snmp_usm \ snmp_vacm \ snmp_wlan +.if ${MK_PF} != "no" +SUBDIR+=snmp_pf +.endif + .if ${MK_NETGRAPH_SUPPORT} != "no" SUBDIR+=snmp_netgraph .endif Modified: stable/10/usr.sbin/tcpdump/tcpdump/Makefile ============================================================================== --- stable/10/usr.sbin/tcpdump/tcpdump/Makefile Wed Mar 12 10:45:22 2014 (r263085) +++ stable/10/usr.sbin/tcpdump/tcpdump/Makefile Wed Mar 12 10:45:58 2014 (r263086) @@ -89,7 +89,6 @@ SRCS= addrtoname.c \ print-olsr.c \ print-ospf.c \ print-otv.c \ - print-pfsync.c \ print-pgm.c \ print-pim.c \ print-ppi.c \ @@ -171,7 +170,8 @@ CFLAGS+= -DHAVE_LIBCRYPTO -DHAVE_OPENSSL .endif .if ${MK_PF} != "no" -SRCS+= print-pflog.c +SRCS+= print-pflog.c \ + print-pfsync.c CFLAGS+= -DHAVE_NET_PFVAR_H .endif