pf_ioctl.c source code [xnu/bsd/net/pf_ioctl.c]

1	/*
2	* Copyright (c) 2007-2015 Apple Inc. All rights reserved.
3	*
4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5	*
6	* This file contains Original Code and/or Modifications of Original Code
7	* as defined in and that are subject to the Apple Public Source License
8	* Version 2.0 (the 'License'). You may not use this file except in
9	* compliance with the License. The rights granted to you under the License
10	* may not be used to create, or enable the creation or redistribution of,
11	* unlawful or unlicensed copies of an Apple operating system, or to
12	* circumvent, violate, or enable the circumvention or violation of, any
13	* terms of an Apple operating system software license agreement.
14	*
15	* Please obtain a copy of the License at
16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
17	*
18	* The Original Code and all software distributed under the License are
19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23	* Please see the License for the specific language governing rights and
24	* limitations under the License.
25	*
26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27	*/
28
29	/ $apfw: git commit b6bf13f8321283cd7ee82b1795e86506084b1b95 $ /
30	/ $OpenBSD: pf_ioctl.c,v 1.175 2007/02/26 22:47:43 deraadt Exp $ /
31
32	/*
33	* Copyright (c) 2001 Daniel Hartmeier
34	* Copyright (c) 2002,2003 Henning Brauer
35	* All rights reserved.
36	*
37	* Redistribution and use in source and binary forms, with or without
38	* modification, are permitted provided that the following conditions
39	* are met:
40	*
41	* - Redistributions of source code must retain the above copyright
42	* notice, this list of conditions and the following disclaimer.
43	* - Redistributions in binary form must reproduce the above
44	* copyright notice, this list of conditions and the following
45	* disclaimer in the documentation and/or other materials provided
46	* with the distribution.
47	*
48	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
49	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
50	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
51	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
52	* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
53	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
54	* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
55	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
56	* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
57	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
58	* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
59	* POSSIBILITY OF SUCH DAMAGE.
60	*
61	* Effort sponsored in part by the Defense Advanced Research Projects
62	* Agency (DARPA) and Air Force Research Laboratory, Air Force
63	* Materiel Command, USAF, under agreement number F30602-01-2-0537.
64	*
65	*/
66
67	#include <machine/endian.h>
68	#include <sys/param.h>
69	#include <sys/systm.h>
70	#include <sys/mbuf.h>
71	#include <sys/filio.h>
72	#include <sys/fcntl.h>
73	#include <sys/socket.h>
74	#include <sys/socketvar.h>
75	#include <sys/kernel.h>
76	#include <sys/time.h>
77	#include <sys/proc_internal.h>
78	#include <sys/malloc.h>
79	#include <sys/kauth.h>
80	#include <sys/conf.h>
81	#include <sys/mcache.h>
82	#include <sys/queue.h>
83
84	#include <mach/vm_param.h>
85
86	#include <net/dlil.h>
87	#include <net/if.h>
88	#include <net/if_types.h>
89	#include <net/net_api_stats.h>
90	#include <net/route.h>
91
92	#include <netinet/in.h>
93	#include <netinet/in_var.h>
94	#include <netinet/in_systm.h>
95	#include <netinet/ip.h>
96	#include <netinet/ip_var.h>
97	#include <netinet/ip_icmp.h>
98	#include <netinet/if_ether.h>
99
100	#if DUMMYNET
101	#include <netinet/ip_dummynet.h>
102	#else
103	struct ip_fw_args;
104	#endif /* DUMMYNET */
105
106	#include <libkern/crypto/md5.h>
107
108	#include <machine/machine_routines.h>
109
110	#include <miscfs/devfs/devfs.h>
111
112	#include <net/pfvar.h>
113
114	#if NPFSYNC
115	#include <net/if_pfsync.h>
116	#endif /* NPFSYNC */
117
118	#if PFLOG
119	#include <net/if_pflog.h>
120	#endif /* PFLOG */
121
122	#if INET6
123	#include <netinet/ip6.h>
124	#include <netinet/in_pcb.h>
125	#endif /* INET6 */
126
127	#include <dev/random/randomdev.h>
128
129	#if 0
130	static void pfdetach(void);
131	#endif
132	static int pfopen(dev_t, int, int, struct proc *);
133	static int pfclose(dev_t, int, int, struct proc *);
134	static int pfioctl(dev_t, u_long, caddr_t, int, struct proc *);
135	static int pfioctl_ioc_table(u_long, struct pfioc_table_32 *,
136	struct pfioc_table_64 , struct* proc *);
137	static int pfioctl_ioc_tokens(u_long, struct pfioc_tokens_32 *,
138	struct pfioc_tokens_64 , struct* proc *);
139	static int pfioctl_ioc_rule(u_long, int, struct pfioc_rule , struct* proc *);
140	static int pfioctl_ioc_state_kill(u_long, struct pfioc_state_kill *,
141	struct proc *);
142	static int pfioctl_ioc_state(u_long, struct pfioc_state , struct* proc *);
143	static int pfioctl_ioc_states(u_long, struct pfioc_states_32 *,
144	struct pfioc_states_64 , struct* proc *);
145	static int pfioctl_ioc_natlook(u_long, struct pfioc_natlook , struct* proc *);
146	static int pfioctl_ioc_tm(u_long, struct pfioc_tm , struct* proc *);
147	static int pfioctl_ioc_limit(u_long, struct pfioc_limit , struct* proc *);
148	static int pfioctl_ioc_pooladdr(u_long, struct pfioc_pooladdr , struct* proc *);
149	static int pfioctl_ioc_ruleset(u_long, struct pfioc_ruleset , struct* proc *);
150	static int pfioctl_ioc_trans(u_long, struct pfioc_trans_32 *,
151	struct pfioc_trans_64 , struct* proc *);
152	static int pfioctl_ioc_src_nodes(u_long, struct pfioc_src_nodes_32 *,
153	struct pfioc_src_nodes_64 , struct* proc *);
154	static int pfioctl_ioc_src_node_kill(u_long, struct pfioc_src_node_kill *,
155	struct proc *);
156	static int pfioctl_ioc_iface(u_long, struct pfioc_iface_32 *,
157	struct pfioc_iface_64 , struct* proc *);
158	static struct pf_pool pf_get_pool(char* *, u_int32_t, u_int8_t, u_int32_t,
159	u_int8_t, u_int8_t, u_int8_t);
160	static void pf_mv_pool(struct pf_palist , struct* pf_palist *);
161	static void pf_empty_pool(struct pf_palist *);
162	static int pf_begin_rules(u_int32_t , int, const* char *);
163	static int pf_rollback_rules(u_int32_t, int, char *);
164	static int pf_setup_pfsync_matching(struct pf_ruleset *);
165	static void pf_hash_rule(MD5_CTX , struct* pf_rule *);
166	static void pf_hash_rule_addr(MD5_CTX , struct* pf_rule_addr *, u_int8_t);
167	static int pf_commit_rules(u_int32_t, int, char *);
168	static void pf_rule_copyin(struct pf_rule , struct* pf_rule , struct* proc *,
169	int);
170	static void pf_rule_copyout(struct pf_rule , struct* pf_rule *);
171	static void pf_state_export(struct pfsync_state , struct* pf_state_key *,
172	struct pf_state *);
173	static void pf_state_import(struct pfsync_state , struct* pf_state_key *,
174	struct pf_state *);
175	static void pf_pooladdr_copyin(struct pf_pooladdr , struct* pf_pooladdr *);
176	static void pf_pooladdr_copyout(struct pf_pooladdr , struct* pf_pooladdr *);
177	static void pf_expire_states_and_src_nodes(struct pf_rule *);
178	static void pf_delete_rule_from_ruleset(struct pf_ruleset *,
179	int, struct pf_rule *);
180	static void pf_addrwrap_setup(struct pf_addr_wrap *);
181	static int pf_rule_setup(struct pfioc_rule , struct* pf_rule *,
182	struct pf_ruleset *);
183	static void pf_delete_rule_by_owner(char *, u_int32_t);
184	static int pf_delete_rule_by_ticket(struct pfioc_rule *, u_int32_t);
185	static void pf_ruleset_cleanup(struct pf_ruleset , int*);
186	static void pf_deleterule_anchor_step_out(struct pf_ruleset **,
187	int, struct pf_rule **);
188
189	#define PF_CDEV_MAJOR (-1)
190
191	static struct cdevsw pf_cdevsw = {
192	/ open / pfopen,
193	/ close / pfclose,
194	/ read / eno_rdwrt,
195	/ write / eno_rdwrt,
196	/ ioctl / pfioctl,
197	/ stop / eno_stop,
198	/ reset / eno_reset,
199	/ tty / NULL,
200	/ select / eno_select,
201	/ mmap / eno_mmap,
202	/ strategy / eno_strat,
203	/ getc / eno_getc,
204	/ putc / eno_putc,
205	/ type / `0`
206	};
207
208	static void pf_attach_hooks(void);
209	#if 0
210	/ currently unused along with pfdetach() /
211	static void pf_detach_hooks(void);
212	#endif
213
214	/*
215	* This is set during DIOCSTART/DIOCSTOP with pf_perim_lock held as writer,
216	* and used in pf_af_hook() for performance optimization, such that packets
217	* will enter pf_test() or pf_test6() only when PF is running.
218	*/
219	int pf_is_enabled = `0`;
220
221	u_int32_t pf_hash_seed;
222	int16_t pf_nat64_configured = `0`;
223
224	/*
225	* These are the pf enabled reference counting variables
226	*/
227	static u_int64_t pf_enabled_ref_count;
228	static u_int32_t nr_tokens = `0`;
229	static u_int64_t pffwrules;
230	static u_int32_t pfdevcnt;
231
232	SLIST_HEAD(list_head, pfioc_kernel_token);
233	static struct list_head token_list_head;
234
235	struct pf_rule pf_default_rule;
236
237	#define TAGID_MAX 50000
238	static TAILQ_HEAD(pf_tags, pf_tagname) pf_tags =
239	TAILQ_HEAD_INITIALIZER(pf_tags);
240
241	#if (PF_QNAME_SIZE != PF_TAG_NAME_SIZE)
242	#error PF_QNAME_SIZE must be equal to PF_TAG_NAME_SIZE
243	#endif
244	static u_int16_t tagname2tag(struct pf_tags , char* *);
245	static void tag2tagname(struct pf_tags , u_int16_t, char* *);
246	static void tag_unref(struct pf_tags *, u_int16_t);
247	static int pf_rtlabel_add(struct pf_addr_wrap *);
248	static void pf_rtlabel_remove(struct pf_addr_wrap *);
249	static void pf_rtlabel_copyout(struct pf_addr_wrap *);
250
251	#if INET
252	static int pf_inet_hook(struct ifnet , struct* mbuf *, int*,
253	struct ip_fw_args *);
254	#endif /* INET */
255	#if INET6
256	static int pf_inet6_hook(struct ifnet , struct* mbuf *, int*,
257	struct ip_fw_args *);
258	#endif /* INET6 */
259
260	#define DPFPRINTF(n, x) if (pf_status.debug >= (n)) printf x
261
262	/*
263	* Helper macros for ioctl structures which vary in size (32-bit vs. 64-bit)
264	*/
265	#define PFIOCX_STRUCT_DECL(s) \
266	struct { \
267	union { \
268	struct s##_32 _s##_32; \
269	struct s##_64 _s##_64; \
270	} _u; \
271	} *s##_un = NULL \
272
273	#define PFIOCX_STRUCT_BEGIN(a, s, _action) { \
274	VERIFY(s##_un == NULL); \
275	s##_un = _MALLOC(sizeof (*s##_un), M_TEMP, M_WAITOK\|M_ZERO); \
276	if (s##_un == NULL) { \
277	_action \
278	} else { \
279	if (p64) \
280	bcopy(a, &s##_un->_u._s##_64, \
281	sizeof (struct s##_64)); \
282	else \
283	bcopy(a, &s##_un->_u._s##_32, \
284	sizeof (struct s##_32)); \
285	} \
286	}
287
288	#define PFIOCX_STRUCT_END(s, a) { \
289	VERIFY(s##_un != NULL); \
290	if (p64) \
291	bcopy(&s##_un->_u._s##_64, a, sizeof (struct s##_64)); \
292	else \
293	bcopy(&s##_un->_u._s##_32, a, sizeof (struct s##_32)); \
294	_FREE(s##_un, M_TEMP); \
295	s##_un = NULL; \
296	}
297
298	#define PFIOCX_STRUCT_ADDR32(s) (&s##_un->_u._s##_32)
299	#define PFIOCX_STRUCT_ADDR64(s) (&s##_un->_u._s##_64)
300
301	/*
302	* Helper macros for regular ioctl structures.
303	*/
304	#define PFIOC_STRUCT_BEGIN(a, v, _action) { \
305	VERIFY((v) == NULL); \
306	(v) = _MALLOC(sizeof (*(v)), M_TEMP, M_WAITOK\|M_ZERO); \
307	if ((v) == NULL) { \
308	_action \
309	} else { \
310	bcopy(a, v, sizeof (*(v))); \
311	} \
312	}
313
314	#define PFIOC_STRUCT_END(v, a) { \
315	VERIFY((v) != NULL); \
316	bcopy(v, a, sizeof (*(v))); \
317	_FREE(v, M_TEMP); \
318	(v) = NULL; \
319	}
320
321	#define PFIOC_STRUCT_ADDR32(s) (&s##_un->_u._s##_32)
322	#define PFIOC_STRUCT_ADDR64(s) (&s##_un->_u._s##_64)
323
324	static lck_attr_t *pf_perim_lock_attr;
325	static lck_grp_t *pf_perim_lock_grp;
326	static lck_grp_attr_t *pf_perim_lock_grp_attr;
327
328	static lck_attr_t *pf_lock_attr;
329	static lck_grp_t *pf_lock_grp;
330	static lck_grp_attr_t *pf_lock_grp_attr;
331
332	struct thread *pf_purge_thread;
333
334	extern void pfi_kifaddr_update(void *);
335
336	/ pf enable ref-counting helper functions /
337	static u_int64_t generate_token(struct proc *);
338	static int remove_token(struct pfioc_remove_token *);
339	static void invalidate_all_tokens(void);
340
341	static u_int64_t
342	generate_token(struct proc *p)
343	{
344	u_int64_t token_value;
345	struct pfioc_kernel_token *new_token;
346
347	new_token = _MALLOC(sizeof (struct pfioc_kernel_token), M_TEMP,
348	M_WAITOK\|M_ZERO);
349
350	LCK_MTX_ASSERT(pf_lock, LCK_MTX_ASSERT_OWNED);
351
352	if (new_token == NULL) {
353	/ malloc failed! bail! /
354	printf("%s: unable to allocate pf token structure!", __func__);
355	return (`0`);
356	}
357
358	token_value = VM_KERNEL_ADDRPERM((u_int64_t)(uintptr_t)new_token);
359
360	new_token->token.token_value = token_value;
361	new_token->token.pid = proc_pid(p);
362	proc_name(new_token->token.pid, new_token->token.proc_name,
363	sizeof (new_token->token.proc_name));
364	new_token->token.timestamp = pf_calendar_time_second();
365
366	SLIST_INSERT_HEAD(&token_list_head, new_token, next);
367	nr_tokens++;
368
369	return (token_value);
370	}
371
372	static int
373	remove_token(struct pfioc_remove_token *tok)
374	{
375	struct pfioc_kernel_token entry, tmp;
376
377	LCK_MTX_ASSERT(pf_lock, LCK_MTX_ASSERT_OWNED);
378
379	SLIST_FOREACH_SAFE(entry, &token_list_head, next, tmp) {
380	if (tok->token_value == entry->token.token_value) {
381	SLIST_REMOVE(&token_list_head, entry,
382	pfioc_kernel_token, next);
383	_FREE(entry, M_TEMP);
384	nr_tokens--;
385	return (`0`); / success /
386	}
387	}
388
389	printf("pf : remove failure\n");
390	return (ESRCH); / failure /
391	}
392
393	static void
394	invalidate_all_tokens(void)
395	{
396	struct pfioc_kernel_token entry, tmp;
397
398	LCK_MTX_ASSERT(pf_lock, LCK_MTX_ASSERT_OWNED);
399
400	SLIST_FOREACH_SAFE(entry, &token_list_head, next, tmp) {
401	SLIST_REMOVE(&token_list_head, entry, pfioc_kernel_token, next);
402	_FREE(entry, M_TEMP);
403	}
404
405	nr_tokens = `0`;
406	}
407
408	void
409	pfinit(void)
410	{
411	u_int32_t *t = pf_default_rule.timeout;
412	int maj;
413
414	pf_perim_lock_grp_attr = lck_grp_attr_alloc_init();
415	pf_perim_lock_grp = lck_grp_alloc_init("pf_perim",
416	pf_perim_lock_grp_attr);
417	pf_perim_lock_attr = lck_attr_alloc_init();
418	lck_rw_init(pf_perim_lock, pf_perim_lock_grp, pf_perim_lock_attr);
419
420	pf_lock_grp_attr = lck_grp_attr_alloc_init();
421	pf_lock_grp = lck_grp_alloc_init("pf", pf_lock_grp_attr);
422	pf_lock_attr = lck_attr_alloc_init();
423	lck_mtx_init(pf_lock, pf_lock_grp, pf_lock_attr);
424
425	pool_init(&pf_rule_pl, sizeof (struct pf_rule), `0`, `0`, `0`, "pfrulepl",
426	NULL);
427	pool_init(&pf_src_tree_pl, sizeof (struct pf_src_node), `0`, `0`, `0`,
428	"pfsrctrpl", NULL);
429	pool_init(&pf_state_pl, sizeof (struct pf_state), `0`, `0`, `0`, "pfstatepl",
430	NULL);
431	pool_init(&pf_state_key_pl, sizeof (struct pf_state_key), `0`, `0`, `0`,
432	"pfstatekeypl", NULL);
433	pool_init(&pf_app_state_pl, sizeof (struct pf_app_state), `0`, `0`, `0`,
434	"pfappstatepl", NULL);
435	pool_init(&pf_pooladdr_pl, sizeof (struct pf_pooladdr), `0`, `0`, `0`,
436	"pfpooladdrpl", NULL);
437	pfr_initialize();
438	pfi_initialize();
439	pf_osfp_initialize();
440
441	pool_sethardlimit(pf_pool_limits[PF_LIMIT_STATES].pp,
442	pf_pool_limits[PF_LIMIT_STATES].limit, NULL, `0`);
443
444	if (max_mem <= `256``1024``1024`)
445	pf_pool_limits[PF_LIMIT_TABLE_ENTRIES].limit =
446	PFR_KENTRY_HIWAT_SMALL;
447
448	RB_INIT(&tree_src_tracking);
449	RB_INIT(&pf_anchors);
450	pf_init_ruleset(&pf_main_ruleset);
451	TAILQ_INIT(&pf_pabuf);
452	TAILQ_INIT(&state_list);
453
454	_CASSERT((SC_BE & SCIDX_MASK) == SCIDX_BE);
455	_CASSERT((SC_BK_SYS & SCIDX_MASK) == SCIDX_BK_SYS);
456	_CASSERT((SC_BK & SCIDX_MASK) == SCIDX_BK);
457	_CASSERT((SC_RD & SCIDX_MASK) == SCIDX_RD);
458	_CASSERT((SC_OAM & SCIDX_MASK) == SCIDX_OAM);
459	_CASSERT((SC_AV & SCIDX_MASK) == SCIDX_AV);
460	_CASSERT((SC_RV & SCIDX_MASK) == SCIDX_RV);
461	_CASSERT((SC_VI & SCIDX_MASK) == SCIDX_VI);
462	_CASSERT((SC_SIG & SCIDX_MASK) == SCIDX_SIG);
463	_CASSERT((SC_VO & SCIDX_MASK) == SCIDX_VO);
464	_CASSERT((SC_CTL & SCIDX_MASK) == SCIDX_CTL);
465
466	/ default rule should never be garbage collected /
467	pf_default_rule.entries.tqe_prev = &pf_default_rule.entries.tqe_next;
468	pf_default_rule.action = PF_PASS;
469	pf_default_rule.nr = -`1`;
470	pf_default_rule.rtableid = IFSCOPE_NONE;
471
472	/ initialize default timeouts /
473	t[PFTM_TCP_FIRST_PACKET] = PFTM_TCP_FIRST_PACKET_VAL;
474	t[PFTM_TCP_OPENING] = PFTM_TCP_OPENING_VAL;
475	t[PFTM_TCP_ESTABLISHED] = PFTM_TCP_ESTABLISHED_VAL;
476	t[PFTM_TCP_CLOSING] = PFTM_TCP_CLOSING_VAL;
477	t[PFTM_TCP_FIN_WAIT] = PFTM_TCP_FIN_WAIT_VAL;
478	t[PFTM_TCP_CLOSED] = PFTM_TCP_CLOSED_VAL;
479	t[PFTM_UDP_FIRST_PACKET] = PFTM_UDP_FIRST_PACKET_VAL;
480	t[PFTM_UDP_SINGLE] = PFTM_UDP_SINGLE_VAL;
481	t[PFTM_UDP_MULTIPLE] = PFTM_UDP_MULTIPLE_VAL;
482	t[PFTM_ICMP_FIRST_PACKET] = PFTM_ICMP_FIRST_PACKET_VAL;
483	t[PFTM_ICMP_ERROR_REPLY] = PFTM_ICMP_ERROR_REPLY_VAL;
484	t[PFTM_GREv1_FIRST_PACKET] = PFTM_GREv1_FIRST_PACKET_VAL;
485	t[PFTM_GREv1_INITIATING] = PFTM_GREv1_INITIATING_VAL;
486	t[PFTM_GREv1_ESTABLISHED] = PFTM_GREv1_ESTABLISHED_VAL;
487	t[PFTM_ESP_FIRST_PACKET] = PFTM_ESP_FIRST_PACKET_VAL;
488	t[PFTM_ESP_INITIATING] = PFTM_ESP_INITIATING_VAL;
489	t[PFTM_ESP_ESTABLISHED] = PFTM_ESP_ESTABLISHED_VAL;
490	t[PFTM_OTHER_FIRST_PACKET] = PFTM_OTHER_FIRST_PACKET_VAL;
491	t[PFTM_OTHER_SINGLE] = PFTM_OTHER_SINGLE_VAL;
492	t[PFTM_OTHER_MULTIPLE] = PFTM_OTHER_MULTIPLE_VAL;
493	t[PFTM_FRAG] = PFTM_FRAG_VAL;
494	t[PFTM_INTERVAL] = PFTM_INTERVAL_VAL;
495	t[PFTM_SRC_NODE] = PFTM_SRC_NODE_VAL;
496	t[PFTM_TS_DIFF] = PFTM_TS_DIFF_VAL;
497	t[PFTM_ADAPTIVE_START] = PFSTATE_ADAPT_START;
498	t[PFTM_ADAPTIVE_END] = PFSTATE_ADAPT_END;
499
500	pf_normalize_init();
501	bzero(&pf_status, sizeof (pf_status));
502	pf_status.debug = PF_DEBUG_URGENT;
503	pf_hash_seed = RandomULong();
504
505	/ XXX do our best to avoid a conflict /
506	pf_status.hostid = random();
507
508	if (kernel_thread_start(pf_purge_thread_fn, NULL,
509	&pf_purge_thread) != `0`) {
510	printf("%s: unable to start purge thread!", __func__);
511	return;
512	}
513
514	maj = cdevsw_add(PF_CDEV_MAJOR, &pf_cdevsw);
515	if (maj == -`1`) {
516	printf("%s: failed to allocate major number!\n", __func__);
517	return;
518	}
519	(void) devfs_make_node(makedev(maj, PFDEV_PF), DEVFS_CHAR,
520	UID_ROOT, GID_WHEEL, `0600`, "pf", `0`);
521
522	(void) devfs_make_node(makedev(maj, PFDEV_PFM), DEVFS_CHAR,
523	UID_ROOT, GID_WHEEL, `0600`, "pfm", `0`);
524
525	pf_attach_hooks();
526	#if DUMMYNET
527	dummynet_init();
528	#endif
529	}
530
531	#if 0
532	static void
533	pfdetach(void)
534	{
535	struct pf_anchor *anchor;
536	struct pf_state *state;
537	struct pf_src_node *node;
538	struct pfioc_table pt;
539	u_int32_t ticket;
540	int i;
541	char r = `'\0'`;
542
543	pf_detach_hooks();
544
545	pf_status.running = `0`;
546	wakeup(pf_purge_thread_fn);
547
548	/ clear the rulesets /
549	for (i = `0`; i < PF_RULESET_MAX; i++)
550	if (pf_begin_rules(&ticket, i, &r) == `0`)
551	pf_commit_rules(ticket, i, &r);
552
553	/ clear states /
554	RB_FOREACH(state, pf_state_tree_id, &tree_id) {
555	state->timeout = PFTM_PURGE;
556	#if NPFSYNC
557	state->sync_flags = PFSTATE_NOSYNC;
558	#endif
559	}
560	pf_purge_expired_states(pf_status.states);
561
562	#if NPFSYNC
563	pfsync_clear_states(pf_status.hostid, NULL);
564	#endif
565
566	/ clear source nodes /
567	RB_FOREACH(state, pf_state_tree_id, &tree_id) {
568	state->src_node = NULL;
569	state->nat_src_node = NULL;
570	}
571	RB_FOREACH(node, pf_src_tree, &tree_src_tracking) {
572	node->expire = `1`;
573	node->states = `0`;
574	}
575	pf_purge_expired_src_nodes();
576
577	/ clear tables /
578	memset(&pt, `'\0'`, sizeof (pt));
579	pfr_clr_tables(&pt.pfrio_table, &pt.pfrio_ndel, pt.pfrio_flags);
580
581	/ destroy anchors /
582	while ((anchor = RB_MIN(pf_anchor_global, &pf_anchors)) != NULL) {
583	for (i = `0`; i < PF_RULESET_MAX; i++)
584	if (pf_begin_rules(&ticket, i, anchor->name) == `0`)
585	pf_commit_rules(ticket, i, anchor->name);
586	}
587
588	/ destroy main ruleset /
589	pf_remove_if_empty_ruleset(&pf_main_ruleset);
590
591	/ destroy the pools /
592	pool_destroy(&pf_pooladdr_pl);
593	pool_destroy(&pf_state_pl);
594	pool_destroy(&pf_rule_pl);
595	pool_destroy(&pf_src_tree_pl);
596
597	/ destroy subsystems /
598	pf_normalize_destroy();
599	pf_osfp_destroy();
600	pfr_destroy();
601	pfi_destroy();
602	}
603	#endif
604
605	static int
606	pfopen(dev_t dev, int flags, int fmt, struct proc *p)
607	{
608	#pragma unused(flags, fmt, p)
609	if (minor(dev) >= PFDEV_MAX)
610	return (ENXIO);
611
612	if (minor(dev) == PFDEV_PFM) {
613	lck_mtx_lock(pf_lock);
614	if (pfdevcnt != `0`) {
615	lck_mtx_unlock(pf_lock);
616	return (EBUSY);
617	}
618	pfdevcnt++;
619	lck_mtx_unlock(pf_lock);
620	}
621	return (`0`);
622	}
623
624	static int
625	pfclose(dev_t dev, int flags, int fmt, struct proc *p)
626	{
627	#pragma unused(flags, fmt, p)
628	if (minor(dev) >= PFDEV_MAX)
629	return (ENXIO);
630
631	if (minor(dev) == PFDEV_PFM) {
632	lck_mtx_lock(pf_lock);
633	VERIFY(pfdevcnt > `0`);
634	pfdevcnt--;
635	lck_mtx_unlock(pf_lock);
636	}
637	return (`0`);
638	}
639
640	static struct pf_pool *
641	pf_get_pool(char *anchor, u_int32_t ticket, u_int8_t rule_action,
642	u_int32_t rule_number, u_int8_t r_last, u_int8_t active,
643	u_int8_t check_ticket)
644	{
645	struct pf_ruleset *ruleset;
646	struct pf_rule *rule;
647	int rs_num;
648
649	ruleset = pf_find_ruleset(anchor);
650	if (ruleset == NULL)
651	return (NULL);
652	rs_num = pf_get_ruleset_number(rule_action);
653	if (rs_num >= PF_RULESET_MAX)
654	return (NULL);
655	if (active) {
656	if (check_ticket && ticket !=
657	ruleset->rules[rs_num].active.ticket)
658	return (NULL);
659	if (r_last)
660	rule = TAILQ_LAST(ruleset->rules[rs_num].active.ptr,
661	pf_rulequeue);
662	else
663	rule = TAILQ_FIRST(ruleset->rules[rs_num].active.ptr);
664	} else {
665	if (check_ticket && ticket !=
666	ruleset->rules[rs_num].inactive.ticket)
667	return (NULL);
668	if (r_last)
669	rule = TAILQ_LAST(ruleset->rules[rs_num].inactive.ptr,
670	pf_rulequeue);
671	else
672	rule = TAILQ_FIRST(ruleset->rules[rs_num].inactive.ptr);
673	}
674	if (!r_last) {
675	while ((rule != NULL) && (rule->nr != rule_number))
676	rule = TAILQ_NEXT(rule, entries);
677	}
678	if (rule == NULL)
679	return (NULL);
680
681	return (&rule->rpool);
682	}
683
684	static void
685	pf_mv_pool(struct pf_palist poola, struct* pf_palist *poolb)
686	{
687	struct pf_pooladdr *mv_pool_pa;
688
689	while ((mv_pool_pa = TAILQ_FIRST(poola)) != NULL) {
690	TAILQ_REMOVE(poola, mv_pool_pa, entries);
691	TAILQ_INSERT_TAIL(poolb, mv_pool_pa, entries);
692	}
693	}
694
695	static void
696	pf_empty_pool(struct pf_palist *poola)
697	{
698	struct pf_pooladdr *empty_pool_pa;
699
700	while ((empty_pool_pa = TAILQ_FIRST(poola)) != NULL) {
701	pfi_dynaddr_remove(&empty_pool_pa->addr);
702	pf_tbladdr_remove(&empty_pool_pa->addr);
703	pfi_kif_unref(empty_pool_pa->kif, PFI_KIF_REF_RULE);
704	TAILQ_REMOVE(poola, empty_pool_pa, entries);
705	pool_put(&pf_pooladdr_pl, empty_pool_pa);
706	}
707	}
708
709	void
710	pf_rm_rule(struct pf_rulequeue rulequeue, struct* pf_rule *rule)
711	{
712	if (rulequeue != NULL) {
713	if (rule->states <= `0`) {
714	/*
715	* XXX - we need to remove the table before detaching
716	* the rule to make sure the table code does not delete
717	* the anchor under our feet.
718	*/
719	pf_tbladdr_remove(&rule->src.addr);
720	pf_tbladdr_remove(&rule->dst.addr);
721	if (rule->overload_tbl)
722	pfr_detach_table(rule->overload_tbl);
723	}
724	TAILQ_REMOVE(rulequeue, rule, entries);
725	rule->entries.tqe_prev = NULL;
726	rule->nr = -`1`;
727	}
728
729	if (rule->states > `0` \|\| rule->src_nodes > `0` \|\|
730	rule->entries.tqe_prev != NULL)
731	return;
732	pf_tag_unref(rule->tag);
733	pf_tag_unref(rule->match_tag);
734	pf_rtlabel_remove(&rule->src.addr);
735	pf_rtlabel_remove(&rule->dst.addr);
736	pfi_dynaddr_remove(&rule->src.addr);
737	pfi_dynaddr_remove(&rule->dst.addr);
738	if (rulequeue == NULL) {
739	pf_tbladdr_remove(&rule->src.addr);
740	pf_tbladdr_remove(&rule->dst.addr);
741	if (rule->overload_tbl)
742	pfr_detach_table(rule->overload_tbl);
743	}
744	pfi_kif_unref(rule->kif, PFI_KIF_REF_RULE);
745	pf_anchor_remove(rule);
746	pf_empty_pool(&rule->rpool.list);
747	pool_put(&pf_rule_pl, rule);
748	}
749
750	static u_int16_t
751	tagname2tag(struct pf_tags head, char* *tagname)
752	{
753	struct pf_tagname tag, p = NULL;
754	u_int16_t new_tagid = `1`;
755
756	TAILQ_FOREACH(tag, head, entries)
757	if (strcmp(tagname, tag->name) == `0`) {
758	tag->ref++;
759	return (tag->tag);
760	}
761
762	/*
763	* to avoid fragmentation, we do a linear search from the beginning
764	* and take the first free slot we find. if there is none or the list
765	* is empty, append a new entry at the end.
766	*/
767
768	/ new entry /
769	if (!TAILQ_EMPTY(head))
770	for (p = TAILQ_FIRST(head); p != NULL &&
771	p->tag == new_tagid; p = TAILQ_NEXT(p, entries))
772	new_tagid = p->tag + `1`;
773
774	if (new_tagid > TAGID_MAX)
775	return (`0`);
776
777	/ allocate and fill new struct pf_tagname /
778	tag = _MALLOC(sizeof (*tag), M_TEMP, M_WAITOK\|M_ZERO);
779	if (tag == NULL)
780	return (`0`);
781	strlcpy(tag->name, tagname, sizeof (tag->name));
782	tag->tag = new_tagid;
783	tag->ref++;
784
785	if (p != NULL) / insert new entry before p /
786	TAILQ_INSERT_BEFORE(p, tag, entries);
787	else / either list empty or no free slot in between /
788	TAILQ_INSERT_TAIL(head, tag, entries);
789
790	return (tag->tag);
791	}
792
793	static void
794	tag2tagname(struct pf_tags head, u_int16_t tagid, char* *p)
795	{
796	struct pf_tagname *tag;
797
798	TAILQ_FOREACH(tag, head, entries)
799	if (tag->tag == tagid) {
800	strlcpy(p, tag->name, PF_TAG_NAME_SIZE);
801	return;
802	}
803	}
804
805	static void
806	tag_unref(struct pf_tags *head, u_int16_t tag)
807	{
808	struct pf_tagname p, next;
809
810	if (tag == `0`)
811	return;
812
813	for (p = TAILQ_FIRST(head); p != NULL; p = next) {
814	next = TAILQ_NEXT(p, entries);
815	if (tag == p->tag) {
816	if (--p->ref == `0`) {
817	TAILQ_REMOVE(head, p, entries);
818	_FREE(p, M_TEMP);
819	}
820	break;
821	}
822	}
823	}
824
825	u_int16_t
826	pf_tagname2tag(char *tagname)
827	{
828	return (tagname2tag(&pf_tags, tagname));
829	}
830
831	void
832	pf_tag2tagname(u_int16_t tagid, char *p)
833	{
834	tag2tagname(&pf_tags, tagid, p);
835	}
836
837	void
838	pf_tag_ref(u_int16_t tag)
839	{
840	struct pf_tagname *t;
841
842	TAILQ_FOREACH(t, &pf_tags, entries)
843	if (t->tag == tag)
844	break;
845	if (t != NULL)
846	t->ref++;
847	}
848
849	void
850	pf_tag_unref(u_int16_t tag)
851	{
852	tag_unref(&pf_tags, tag);
853	}
854
855	static int
856	pf_rtlabel_add(struct pf_addr_wrap *a)
857	{
858	#pragma unused(a)
859	return (`0`);
860	}
861
862	static void
863	pf_rtlabel_remove(struct pf_addr_wrap *a)
864	{
865	#pragma unused(a)
866	}
867
868	static void
869	pf_rtlabel_copyout(struct pf_addr_wrap *a)
870	{
871	#pragma unused(a)
872	}
873
874	static int
875	pf_begin_rules(u_int32_t ticket, int* rs_num, const char *anchor)
876	{
877	struct pf_ruleset *rs;
878	struct pf_rule *rule;
879
880	if (rs_num < `0` \|\| rs_num >= PF_RULESET_MAX)
881	return (EINVAL);
882	rs = pf_find_or_create_ruleset(anchor);
883	if (rs == NULL)
884	return (EINVAL);
885	while ((rule = TAILQ_FIRST(rs->rules[rs_num].inactive.ptr)) != NULL) {
886	pf_rm_rule(rs->rules[rs_num].inactive.ptr, rule);
887	rs->rules[rs_num].inactive.rcount--;
888	}
889	*ticket = ++rs->rules[rs_num].inactive.ticket;
890	rs->rules[rs_num].inactive.open = `1`;
891	return (`0`);
892	}
893
894	static int
895	pf_rollback_rules(u_int32_t ticket, int rs_num, char *anchor)
896	{
897	struct pf_ruleset *rs;
898	struct pf_rule *rule;
899
900	if (rs_num < `0` \|\| rs_num >= PF_RULESET_MAX)
901	return (EINVAL);
902	rs = pf_find_ruleset(anchor);
903	if (rs == NULL \|\| !rs->rules[rs_num].inactive.open \|\|
904	rs->rules[rs_num].inactive.ticket != ticket)
905	return (`0`);
906	while ((rule = TAILQ_FIRST(rs->rules[rs_num].inactive.ptr)) != NULL) {
907	pf_rm_rule(rs->rules[rs_num].inactive.ptr, rule);
908	rs->rules[rs_num].inactive.rcount--;
909	}
910	rs->rules[rs_num].inactive.open = `0`;
911	return (`0`);
912	}
913
914	#define PF_MD5_UPD(st, elm) \
915	MD5Update(ctx, (u_int8_t *)&(st)->elm, sizeof ((st)->elm))
916
917	#define PF_MD5_UPD_STR(st, elm) \
918	MD5Update(ctx, (u_int8_t *)(st)->elm, strlen((st)->elm))
919
920	#define PF_MD5_UPD_HTONL(st, elm, stor) do { \
921	(stor) = htonl((st)->elm); \
922	MD5Update(ctx, (u_int8_t *)&(stor), sizeof (u_int32_t)); \
923	} while (0)
924
925	#define PF_MD5_UPD_HTONS(st, elm, stor) do { \
926	(stor) = htons((st)->elm); \
927	MD5Update(ctx, (u_int8_t *)&(stor), sizeof (u_int16_t)); \
928	} while (0)
929
930	static void
931	pf_hash_rule_addr(MD5_CTX ctx, struct* pf_rule_addr *pfr, u_int8_t proto)
932	{
933	PF_MD5_UPD(pfr, addr.type);
934	switch (pfr->addr.type) {
935	case PF_ADDR_DYNIFTL:
936	PF_MD5_UPD(pfr, addr.v.ifname);
937	PF_MD5_UPD(pfr, addr.iflags);
938	break;
939	case PF_ADDR_TABLE:
940	PF_MD5_UPD(pfr, addr.v.tblname);
941	break;
942	case PF_ADDR_ADDRMASK:
943	/ XXX ignore af? /
944	PF_MD5_UPD(pfr, addr.v.a.addr.addr32);
945	PF_MD5_UPD(pfr, addr.v.a.mask.addr32);
946	break;
947	case PF_ADDR_RTLABEL:
948	PF_MD5_UPD(pfr, addr.v.rtlabelname);
949	break;
950	}
951
952	switch (proto) {
953	case IPPROTO_TCP:
954	case IPPROTO_UDP:
955	PF_MD5_UPD(pfr, xport.range.port[`0`]);
956	PF_MD5_UPD(pfr, xport.range.port[`1`]);
957	PF_MD5_UPD(pfr, xport.range.op);
958	break;
959
960	default:
961	break;
962	}
963
964	PF_MD5_UPD(pfr, neg);
965	}
966
967	static void
968	pf_hash_rule(MD5_CTX ctx, struct* pf_rule *rule)
969	{
970	u_int16_t x;
971	u_int32_t y;
972
973	pf_hash_rule_addr(ctx, &rule->src, rule->proto);
974	pf_hash_rule_addr(ctx, &rule->dst, rule->proto);
975	PF_MD5_UPD_STR(rule, label);
976	PF_MD5_UPD_STR(rule, ifname);
977	PF_MD5_UPD_STR(rule, match_tagname);
978	PF_MD5_UPD_HTONS(rule, match_tag, x); / dup? /
979	PF_MD5_UPD_HTONL(rule, os_fingerprint, y);
980	PF_MD5_UPD_HTONL(rule, prob, y);
981	PF_MD5_UPD_HTONL(rule, uid.uid[`0`], y);
982	PF_MD5_UPD_HTONL(rule, uid.uid[`1`], y);
983	PF_MD5_UPD(rule, uid.op);
984	PF_MD5_UPD_HTONL(rule, gid.gid[`0`], y);
985	PF_MD5_UPD_HTONL(rule, gid.gid[`1`], y);
986	PF_MD5_UPD(rule, gid.op);
987	PF_MD5_UPD_HTONL(rule, rule_flag, y);
988	PF_MD5_UPD(rule, action);
989	PF_MD5_UPD(rule, direction);
990	PF_MD5_UPD(rule, af);
991	PF_MD5_UPD(rule, quick);
992	PF_MD5_UPD(rule, ifnot);
993	PF_MD5_UPD(rule, match_tag_not);
994	PF_MD5_UPD(rule, natpass);
995	PF_MD5_UPD(rule, keep_state);
996	PF_MD5_UPD(rule, proto);
997	PF_MD5_UPD(rule, type);
998	PF_MD5_UPD(rule, code);
999	PF_MD5_UPD(rule, flags);
1000	PF_MD5_UPD(rule, flagset);
1001	PF_MD5_UPD(rule, allow_opts);
1002	PF_MD5_UPD(rule, rt);
1003	PF_MD5_UPD(rule, tos);
1004	}
1005
1006	static int
1007	pf_commit_rules(u_int32_t ticket, int rs_num, char *anchor)
1008	{
1009	struct pf_ruleset *rs;
1010	struct pf_rule rule, old_array, r;
1011	struct pf_rulequeue *old_rules;
1012	int error;
1013	u_int32_t old_rcount;
1014
1015	LCK_MTX_ASSERT(pf_lock, LCK_MTX_ASSERT_OWNED);
1016
1017	if (rs_num < `0` \|\| rs_num >= PF_RULESET_MAX)
1018	return (EINVAL);
1019	rs = pf_find_ruleset(anchor);
1020	if (rs == NULL \|\| !rs->rules[rs_num].inactive.open \|\|
1021	ticket != rs->rules[rs_num].inactive.ticket)
1022	return (EBUSY);
1023
1024	/ Calculate checksum for the main ruleset /
1025	if (rs == &pf_main_ruleset) {
1026	error = pf_setup_pfsync_matching(rs);
1027	if (error != `0`)
1028	return (error);
1029	}
1030
1031	/ Swap rules, keep the old. /
1032	old_rules = rs->rules[rs_num].active.ptr;
1033	old_rcount = rs->rules[rs_num].active.rcount;
1034	old_array = rs->rules[rs_num].active.ptr_array;
1035
1036	if(old_rcount != `0`) {
1037	r = TAILQ_FIRST(rs->rules[rs_num].active.ptr);
1038	while (r) {
1039	if (r->rule_flag & PFRULE_PFM)
1040	pffwrules--;
1041	r = TAILQ_NEXT(r, entries);
1042	}
1043	}
1044
1045
1046	rs->rules[rs_num].active.ptr =
1047	rs->rules[rs_num].inactive.ptr;
1048	rs->rules[rs_num].active.ptr_array =
1049	rs->rules[rs_num].inactive.ptr_array;
1050	rs->rules[rs_num].active.rcount =
1051	rs->rules[rs_num].inactive.rcount;
1052	rs->rules[rs_num].inactive.ptr = old_rules;
1053	rs->rules[rs_num].inactive.ptr_array = old_array;
1054	rs->rules[rs_num].inactive.rcount = old_rcount;
1055
1056	rs->rules[rs_num].active.ticket =
1057	rs->rules[rs_num].inactive.ticket;
1058	pf_calc_skip_steps(rs->rules[rs_num].active.ptr);
1059
1060
1061	/ Purge the old rule list. /
1062	while ((rule = TAILQ_FIRST(old_rules)) != NULL)
1063	pf_rm_rule(old_rules, rule);
1064	if (rs->rules[rs_num].inactive.ptr_array)
1065	_FREE(rs->rules[rs_num].inactive.ptr_array, M_TEMP);
1066	rs->rules[rs_num].inactive.ptr_array = NULL;
1067	rs->rules[rs_num].inactive.rcount = `0`;
1068	rs->rules[rs_num].inactive.open = `0`;
1069	pf_remove_if_empty_ruleset(rs);
1070	return (`0`);
1071	}
1072
1073	static void
1074	pf_rule_copyin(struct pf_rule src, struct* pf_rule dst, struct* proc *p,
1075	int minordev)
1076	{
1077	bcopy(src, dst, sizeof (struct pf_rule));
1078
1079	dst->label[sizeof (dst->label) - `1`] = `'\0'`;
1080	dst->ifname[sizeof (dst->ifname) - `1`] = `'\0'`;
1081	dst->qname[sizeof (dst->qname) - `1`] = `'\0'`;
1082	dst->pqname[sizeof (dst->pqname) - `1`] = `'\0'`;
1083	dst->tagname[sizeof (dst->tagname) - `1`] = `'\0'`;
1084	dst->match_tagname[sizeof (dst->match_tagname) - `1`] = `'\0'`;
1085	dst->overload_tblname[sizeof (dst->overload_tblname) - `1`] = `'\0'`;
1086
1087	dst->cuid = kauth_cred_getuid(p->p_ucred);
1088	dst->cpid = p->p_pid;
1089
1090	dst->anchor = NULL;
1091	dst->kif = NULL;
1092	dst->overload_tbl = NULL;
1093
1094	TAILQ_INIT(&dst->rpool.list);
1095	dst->rpool.cur = NULL;
1096
1097	/ initialize refcounting /
1098	dst->states = `0`;
1099	dst->src_nodes = `0`;
1100
1101	dst->entries.tqe_prev = NULL;
1102	dst->entries.tqe_next = NULL;
1103	if ((uint8_t)minordev == PFDEV_PFM)
1104	dst->rule_flag \|= PFRULE_PFM;
1105	}
1106
1107	static void
1108	pf_rule_copyout(struct pf_rule src, struct* pf_rule *dst)
1109	{
1110	bcopy(src, dst, sizeof (struct pf_rule));
1111
1112	dst->anchor = NULL;
1113	dst->kif = NULL;
1114	dst->overload_tbl = NULL;
1115
1116	TAILQ_INIT(&dst->rpool.list);
1117	dst->rpool.cur = NULL;
1118
1119	dst->entries.tqe_prev = NULL;
1120	dst->entries.tqe_next = NULL;
1121	}
1122
1123	static void
1124	pf_state_export(struct pfsync_state sp, struct* pf_state_key *sk,
1125	struct pf_state *s)
1126	{
1127	uint64_t secs = pf_time_second();
1128	bzero(sp, sizeof (struct pfsync_state));
1129
1130	/ copy from state key /
1131	sp->lan.addr = sk->lan.addr;
1132	sp->lan.xport = sk->lan.xport;
1133	sp->gwy.addr = sk->gwy.addr;
1134	sp->gwy.xport = sk->gwy.xport;
1135	sp->ext_lan.addr = sk->ext_lan.addr;
1136	sp->ext_lan.xport = sk->ext_lan.xport;
1137	sp->ext_gwy.addr = sk->ext_gwy.addr;
1138	sp->ext_gwy.xport = sk->ext_gwy.xport;
1139	sp->proto_variant = sk->proto_variant;
1140	sp->tag = s->tag;
1141	sp->proto = sk->proto;
1142	sp->af_lan = sk->af_lan;
1143	sp->af_gwy = sk->af_gwy;
1144	sp->direction = sk->direction;
1145	sp->flowhash = sk->flowhash;
1146
1147	/ copy from state /
1148	memcpy(&sp->id, &s->id, sizeof (sp->id));
1149	sp->creatorid = s->creatorid;
1150	strlcpy(sp->ifname, s->kif->pfik_name, sizeof (sp->ifname));
1151	pf_state_peer_to_pfsync(&s->src, &sp->src);
1152	pf_state_peer_to_pfsync(&s->dst, &sp->dst);
1153
1154	sp->rule = s->rule.ptr->nr;
1155	sp->nat_rule = (s->nat_rule.ptr == NULL) ?
1156	(unsigned)-`1` : s->nat_rule.ptr->nr;
1157	sp->anchor = (s->anchor.ptr == NULL) ?
1158	(unsigned)-`1` : s->anchor.ptr->nr;
1159
1160	pf_state_counter_to_pfsync(s->bytes[`0`], sp->bytes[`0`]);
1161	pf_state_counter_to_pfsync(s->bytes[`1`], sp->bytes[`1`]);
1162	pf_state_counter_to_pfsync(s->packets[`0`], sp->packets[`0`]);
1163	pf_state_counter_to_pfsync(s->packets[`1`], sp->packets[`1`]);
1164	sp->creation = secs - s->creation;
1165	sp->expire = pf_state_expires(s);
1166	sp->log = s->log;
1167	sp->allow_opts = s->allow_opts;
1168	sp->timeout = s->timeout;
1169
1170	if (s->src_node)
1171	sp->sync_flags \|= PFSYNC_FLAG_SRCNODE;
1172	if (s->nat_src_node)
1173	sp->sync_flags \|= PFSYNC_FLAG_NATSRCNODE;
1174
1175	if (sp->expire > secs)
1176	sp->expire -= secs;
1177	else
1178	sp->expire = `0`;
1179
1180	}
1181
1182	static void
1183	pf_state_import(struct pfsync_state sp, struct* pf_state_key *sk,
1184	struct pf_state *s)
1185	{
1186	/ copy to state key /
1187	sk->lan.addr = sp->lan.addr;
1188	sk->lan.xport = sp->lan.xport;
1189	sk->gwy.addr = sp->gwy.addr;
1190	sk->gwy.xport = sp->gwy.xport;
1191	sk->ext_lan.addr = sp->ext_lan.addr;
1192	sk->ext_lan.xport = sp->ext_lan.xport;
1193	sk->ext_gwy.addr = sp->ext_gwy.addr;
1194	sk->ext_gwy.xport = sp->ext_gwy.xport;
1195	sk->proto_variant = sp->proto_variant;
1196	s->tag = sp->tag;
1197	sk->proto = sp->proto;
1198	sk->af_lan = sp->af_lan;
1199	sk->af_gwy = sp->af_gwy;
1200	sk->direction = sp->direction;
1201	sk->flowhash = pf_calc_state_key_flowhash(sk);
1202
1203	/ copy to state /
1204	memcpy(&s->id, &sp->id, sizeof (sp->id));
1205	s->creatorid = sp->creatorid;
1206	pf_state_peer_from_pfsync(&sp->src, &s->src);
1207	pf_state_peer_from_pfsync(&sp->dst, &s->dst);
1208
1209	s->rule.ptr = &pf_default_rule;
1210	s->nat_rule.ptr = NULL;
1211	s->anchor.ptr = NULL;
1212	s->rt_kif = NULL;
1213	s->creation = pf_time_second();
1214	s->expire = pf_time_second();
1215	if (sp->expire > `0`)
1216	s->expire -= pf_default_rule.timeout[sp->timeout] - sp->expire;
1217	s->pfsync_time = `0`;
1218	s->packets[`0`] = s->packets[`1`] = `0`;
1219	s->bytes[`0`] = s->bytes[`1`] = `0`;
1220	}
1221
1222	static void
1223	pf_pooladdr_copyin(struct pf_pooladdr src, struct* pf_pooladdr *dst)
1224	{
1225	bcopy(src, dst, sizeof (struct pf_pooladdr));
1226
1227	dst->entries.tqe_prev = NULL;
1228	dst->entries.tqe_next = NULL;
1229	dst->ifname[sizeof (dst->ifname) - `1`] = `'\0'`;
1230	dst->kif = NULL;
1231	}
1232
1233	static void
1234	pf_pooladdr_copyout(struct pf_pooladdr src, struct* pf_pooladdr *dst)
1235	{
1236	bcopy(src, dst, sizeof (struct pf_pooladdr));
1237
1238	dst->entries.tqe_prev = NULL;
1239	dst->entries.tqe_next = NULL;
1240	dst->kif = NULL;
1241	}
1242
1243	static int
1244	pf_setup_pfsync_matching(struct pf_ruleset *rs)
1245	{
1246	MD5_CTX ctx;
1247	struct pf_rule *rule;
1248	int rs_cnt;
1249	u_int8_t digest[PF_MD5_DIGEST_LENGTH];
1250
1251	MD5Init(&ctx);
1252	for (rs_cnt = `0`; rs_cnt < PF_RULESET_MAX; rs_cnt++) {
1253	/ XXX PF_RULESET_SCRUB as well? /
1254	if (rs_cnt == PF_RULESET_SCRUB)
1255	continue;
1256
1257	if (rs->rules[rs_cnt].inactive.ptr_array)
1258	_FREE(rs->rules[rs_cnt].inactive.ptr_array, M_TEMP);
1259	rs->rules[rs_cnt].inactive.ptr_array = NULL;
1260
1261	if (rs->rules[rs_cnt].inactive.rcount) {
1262	rs->rules[rs_cnt].inactive.ptr_array =
1263	_MALLOC(sizeof (caddr_t) *
1264	rs->rules[rs_cnt].inactive.rcount,
1265	M_TEMP, M_WAITOK);
1266
1267	if (!rs->rules[rs_cnt].inactive.ptr_array)
1268	return (ENOMEM);
1269	}
1270
1271	TAILQ_FOREACH(rule, rs->rules[rs_cnt].inactive.ptr,
1272	entries) {
1273	pf_hash_rule(&ctx, rule);
1274	(rs->rules[rs_cnt].inactive.ptr_array)[rule->nr] = rule;
1275	}
1276	}
1277
1278	MD5Final(digest, &ctx);
1279	memcpy(pf_status.pf_chksum, digest, sizeof (pf_status.pf_chksum));
1280	return (`0`);
1281	}
1282
1283	static void
1284	pf_start(void)
1285	{
1286	LCK_MTX_ASSERT(pf_lock, LCK_MTX_ASSERT_OWNED);
1287
1288	VERIFY(pf_is_enabled == `0`);
1289
1290	pf_is_enabled = `1`;
1291	pf_status.running = `1`;
1292	pf_status.since = pf_calendar_time_second();
1293	if (pf_status.stateid == `0`) {
1294	pf_status.stateid = pf_time_second();
1295	pf_status.stateid = pf_status.stateid << `32`;
1296	}
1297	wakeup(pf_purge_thread_fn);
1298	DPFPRINTF(PF_DEBUG_MISC, ("pf: started\n"));
1299	}
1300
1301	static void
1302	pf_stop(void)
1303	{
1304	LCK_MTX_ASSERT(pf_lock, LCK_MTX_ASSERT_OWNED);
1305
1306	VERIFY(pf_is_enabled);
1307
1308	pf_status.running = `0`;
1309	pf_is_enabled = `0`;
1310	pf_status.since = pf_calendar_time_second();
1311	wakeup(pf_purge_thread_fn);
1312	DPFPRINTF(PF_DEBUG_MISC, ("pf: stopped\n"));
1313	}
1314
1315	static int
1316	pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
1317	{
1318	#pragma unused(dev)
1319	int p64 = proc_is64bit(p);
1320	int error = `0`;
1321	int minordev = minor(dev);
1322
1323	if (kauth_cred_issuser(kauth_cred_get()) == `0`)
1324	return (EPERM);
1325
1326	/ XXX keep in sync with switch() below /
1327	if (securelevel > `1`)
1328	switch (cmd) {
1329	case DIOCGETRULES:
1330	case DIOCGETRULE:
1331	case DIOCGETADDRS:
1332	case DIOCGETADDR:
1333	case DIOCGETSTATE:
1334	case DIOCSETSTATUSIF:
1335	case DIOCGETSTATUS:
1336	case DIOCCLRSTATUS:
1337	case DIOCNATLOOK:
1338	case DIOCSETDEBUG:
1339	case DIOCGETSTATES:
1340	case DIOCINSERTRULE:
1341	case DIOCDELETERULE:
1342	case DIOCGETTIMEOUT:
1343	case DIOCCLRRULECTRS:
1344	case DIOCGETLIMIT:
1345	case DIOCGETALTQS:
1346	case DIOCGETALTQ:
1347	case DIOCGETQSTATS:
1348	case DIOCGETRULESETS:
1349	case DIOCGETRULESET:
1350	case DIOCRGETTABLES:
1351	case DIOCRGETTSTATS:
1352	case DIOCRCLRTSTATS:
1353	case DIOCRCLRADDRS:
1354	case DIOCRADDADDRS:
1355	case DIOCRDELADDRS:
1356	case DIOCRSETADDRS:
1357	case DIOCRGETADDRS:
1358	case DIOCRGETASTATS:
1359	case DIOCRCLRASTATS:
1360	case DIOCRTSTADDRS:
1361	case DIOCOSFPGET:
1362	case DIOCGETSRCNODES:
1363	case DIOCCLRSRCNODES:
1364	case DIOCIGETIFACES:
1365	case DIOCGIFSPEED:
1366	case DIOCSETIFFLAG:
1367	case DIOCCLRIFFLAG:
1368	break;
1369	case DIOCRCLRTABLES:
1370	case DIOCRADDTABLES:
1371	case DIOCRDELTABLES:
1372	case DIOCRSETTFLAGS: {
1373	int pfrio_flags;
1374
1375	bcopy(&((struct pfioc_table )(void* *)addr)->
1376	pfrio_flags, &pfrio_flags, sizeof (pfrio_flags));
1377
1378	if (pfrio_flags & PFR_FLAG_DUMMY)
1379	break; / dummy operation ok /
1380	return (EPERM);
1381	}
1382	default:
1383	return (EPERM);
1384	}
1385
1386	if (!(flags & FWRITE))
1387	switch (cmd) {
1388	case DIOCSTART:
1389	case DIOCSTARTREF:
1390	case DIOCSTOP:
1391	case DIOCSTOPREF:
1392	case DIOCGETSTARTERS:
1393	case DIOCGETRULES:
1394	case DIOCGETADDRS:
1395	case DIOCGETADDR:
1396	case DIOCGETSTATE:
1397	case DIOCGETSTATUS:
1398	case DIOCGETSTATES:
1399	case DIOCINSERTRULE:
1400	case DIOCDELETERULE:
1401	case DIOCGETTIMEOUT:
1402	case DIOCGETLIMIT:
1403	case DIOCGETALTQS:
1404	case DIOCGETALTQ:
1405	case DIOCGETQSTATS:
1406	case DIOCGETRULESETS:
1407	case DIOCGETRULESET:
1408	case DIOCNATLOOK:
1409	case DIOCRGETTABLES:
1410	case DIOCRGETTSTATS:
1411	case DIOCRGETADDRS:
1412	case DIOCRGETASTATS:
1413	case DIOCRTSTADDRS:
1414	case DIOCOSFPGET:
1415	case DIOCGETSRCNODES:
1416	case DIOCIGETIFACES:
1417	case DIOCGIFSPEED:
1418	break;
1419	case DIOCRCLRTABLES:
1420	case DIOCRADDTABLES:
1421	case DIOCRDELTABLES:
1422	case DIOCRCLRTSTATS:
1423	case DIOCRCLRADDRS:
1424	case DIOCRADDADDRS:
1425	case DIOCRDELADDRS:
1426	case DIOCRSETADDRS:
1427	case DIOCRSETTFLAGS: {
1428	int pfrio_flags;
1429
1430	bcopy(&((struct pfioc_table )(void* *)addr)->
1431	pfrio_flags, &pfrio_flags, sizeof (pfrio_flags));
1432
1433	if (pfrio_flags & PFR_FLAG_DUMMY) {
1434	flags \|= FWRITE; / need write lock for dummy /
1435	break; / dummy operation ok /
1436	}
1437	return (EACCES);
1438	}
1439	case DIOCGETRULE: {
1440	u_int32_t action;
1441
1442	bcopy(&((struct pfioc_rule )(void* *)addr)->action,
1443	&action, sizeof (action));
1444
1445	if (action == PF_GET_CLR_CNTR)
1446	return (EACCES);
1447	break;
1448	}
1449	default:
1450	return (EACCES);
1451	}
1452
1453	if (flags & FWRITE)
1454	lck_rw_lock_exclusive(pf_perim_lock);
1455	else
1456	lck_rw_lock_shared(pf_perim_lock);
1457
1458	lck_mtx_lock(pf_lock);
1459
1460	switch (cmd) {
1461
1462	case DIOCSTART:
1463	if (pf_status.running) {
1464	/*
1465	* Increment the reference for a simple -e enable, so
1466	* that even if other processes drop their references,
1467	* pf will still be available to processes that turned
1468	* it on without taking a reference
1469	*/
1470	if (nr_tokens == pf_enabled_ref_count) {
1471	pf_enabled_ref_count++;
1472	VERIFY(pf_enabled_ref_count != `0`);
1473	}
1474	error = EEXIST;
1475	} else if (pf_purge_thread == NULL) {
1476	error = ENOMEM;
1477	} else {
1478	pf_start();
1479	pf_enabled_ref_count++;
1480	VERIFY(pf_enabled_ref_count != `0`);
1481	}
1482	break;
1483
1484	case DIOCSTARTREF: / u_int64_t /
1485	if (pf_purge_thread == NULL) {
1486	error = ENOMEM;
1487	} else {
1488	u_int64_t token;
1489
1490	/ small enough to be on stack /
1491	if ((token = generate_token(p)) != `0`) {
1492	if (pf_is_enabled == `0`) {
1493	pf_start();
1494	}
1495	pf_enabled_ref_count++;
1496	VERIFY(pf_enabled_ref_count != `0`);
1497	} else {
1498	error = ENOMEM;
1499	DPFPRINTF(PF_DEBUG_URGENT,
1500	("pf: unable to generate token\n"));
1501	}
1502	bcopy(&token, addr, sizeof (token));
1503	}
1504	break;
1505
1506	case DIOCSTOP:
1507	if (!pf_status.running) {
1508	error = ENOENT;
1509	} else {
1510	pf_stop();
1511	pf_enabled_ref_count = `0`;
1512	invalidate_all_tokens();
1513	}
1514	break;
1515
1516	case DIOCSTOPREF: / struct pfioc_remove_token /
1517	if (!pf_status.running) {
1518	error = ENOENT;
1519	} else {
1520	struct pfioc_remove_token pfrt;
1521
1522	/ small enough to be on stack /
1523	bcopy(addr, &pfrt, sizeof (pfrt));
1524	if ((error = remove_token(&pfrt)) == `0`) {
1525	VERIFY(pf_enabled_ref_count != `0`);
1526	pf_enabled_ref_count--;
1527	/ return currently held references /
1528	pfrt.refcount = pf_enabled_ref_count;
1529	DPFPRINTF(PF_DEBUG_MISC,
1530	("pf: enabled refcount decremented\n"));
1531	} else {
1532	error = EINVAL;
1533	DPFPRINTF(PF_DEBUG_URGENT,
1534	("pf: token mismatch\n"));
1535	}
1536	bcopy(&pfrt, addr, sizeof (pfrt));
1537
1538	if (error == `0` && pf_enabled_ref_count == `0`)
1539	pf_stop();
1540	}
1541	break;
1542
1543	case DIOCGETSTARTERS: { / struct pfioc_tokens /
1544	PFIOCX_STRUCT_DECL(pfioc_tokens);
1545
1546	PFIOCX_STRUCT_BEGIN(addr, pfioc_tokens, error = ENOMEM; break;);
1547	error = pfioctl_ioc_tokens(cmd,
1548	PFIOCX_STRUCT_ADDR32(pfioc_tokens),
1549	PFIOCX_STRUCT_ADDR64(pfioc_tokens), p);
1550	PFIOCX_STRUCT_END(pfioc_tokens, addr);
1551	break;
1552	}
1553
1554	case DIOCADDRULE: / struct pfioc_rule /
1555	case DIOCGETRULES: / struct pfioc_rule /
1556	case DIOCGETRULE: / struct pfioc_rule /
1557	case DIOCCHANGERULE: / struct pfioc_rule /
1558	case DIOCINSERTRULE: / struct pfioc_rule /
1559	case DIOCDELETERULE: { / struct pfioc_rule /
1560	struct pfioc_rule *pr = NULL;
1561
1562	PFIOC_STRUCT_BEGIN(addr, pr, error = ENOMEM; break;);
1563	error = pfioctl_ioc_rule(cmd, minordev, pr, p);
1564	PFIOC_STRUCT_END(pr, addr);
1565	break;
1566	}
1567
1568	case DIOCCLRSTATES: / struct pfioc_state_kill /
1569	case DIOCKILLSTATES: { / struct pfioc_state_kill /
1570	struct pfioc_state_kill *psk = NULL;
1571
1572	PFIOC_STRUCT_BEGIN(addr, psk, error = ENOMEM; break;);
1573	error = pfioctl_ioc_state_kill(cmd, psk, p);
1574	PFIOC_STRUCT_END(psk, addr);
1575	break;
1576	}
1577
1578	case DIOCADDSTATE: / struct pfioc_state /
1579	case DIOCGETSTATE: { / struct pfioc_state /
1580	struct pfioc_state *ps = NULL;
1581
1582	PFIOC_STRUCT_BEGIN(addr, ps, error = ENOMEM; break;);
1583	error = pfioctl_ioc_state(cmd, ps, p);
1584	PFIOC_STRUCT_END(ps, addr);
1585	break;
1586	}
1587
1588	case DIOCGETSTATES: { / struct pfioc_states /
1589	PFIOCX_STRUCT_DECL(pfioc_states);
1590
1591	PFIOCX_STRUCT_BEGIN(addr, pfioc_states, error = ENOMEM; break;);
1592	error = pfioctl_ioc_states(cmd,
1593	PFIOCX_STRUCT_ADDR32(pfioc_states),
1594	PFIOCX_STRUCT_ADDR64(pfioc_states), p);
1595	PFIOCX_STRUCT_END(pfioc_states, addr);
1596	break;
1597	}
1598
1599	case DIOCGETSTATUS: { / struct pf_status /
1600	struct pf_status *s = NULL;
1601
1602	PFIOC_STRUCT_BEGIN(&pf_status, s, error = ENOMEM; break;);
1603	pfi_update_status(s->ifname, s);
1604	PFIOC_STRUCT_END(s, addr);
1605	break;
1606	}
1607
1608	case DIOCSETSTATUSIF: { / struct pfioc_if /
1609	struct pfioc_if pi = (struct* pfioc_if )(void* *)addr;
1610
1611	/ OK for unaligned accesses /
1612	if (pi->ifname[`0`] == `0`) {
1613	bzero(pf_status.ifname, IFNAMSIZ);
1614	break;
1615	}
1616	strlcpy(pf_status.ifname, pi->ifname, IFNAMSIZ);
1617	break;
1618	}
1619
1620	case DIOCCLRSTATUS: {
1621	bzero(pf_status.counters, sizeof (pf_status.counters));
1622	bzero(pf_status.fcounters, sizeof (pf_status.fcounters));
1623	bzero(pf_status.scounters, sizeof (pf_status.scounters));
1624	pf_status.since = pf_calendar_time_second();
1625	if (*pf_status.ifname)
1626	pfi_update_status(pf_status.ifname, NULL);
1627	break;
1628	}
1629
1630	case DIOCNATLOOK: { / struct pfioc_natlook /
1631	struct pfioc_natlook *pnl = NULL;
1632
1633	PFIOC_STRUCT_BEGIN(addr, pnl, error = ENOMEM; break;);
1634	error = pfioctl_ioc_natlook(cmd, pnl, p);
1635	PFIOC_STRUCT_END(pnl, addr);
1636	break;
1637	}
1638
1639	case DIOCSETTIMEOUT: / struct pfioc_tm /
1640	case DIOCGETTIMEOUT: { / struct pfioc_tm /
1641	struct pfioc_tm pt;
1642
1643	/ small enough to be on stack /
1644	bcopy(addr, &pt, sizeof (pt));
1645	error = pfioctl_ioc_tm(cmd, &pt, p);
1646	bcopy(&pt, addr, sizeof (pt));
1647	break;
1648	}
1649
1650	case DIOCGETLIMIT: / struct pfioc_limit /
1651	case DIOCSETLIMIT: { / struct pfioc_limit /
1652	struct pfioc_limit pl;
1653
1654	/ small enough to be on stack /
1655	bcopy(addr, &pl, sizeof (pl));
1656	error = pfioctl_ioc_limit(cmd, &pl, p);
1657	bcopy(&pl, addr, sizeof (pl));
1658	break;
1659	}
1660
1661	case DIOCSETDEBUG: { / u_int32_t /
1662	bcopy(addr, &pf_status.debug, sizeof (u_int32_t));
1663	break;
1664	}
1665
1666	case DIOCCLRRULECTRS: {
1667	/ obsoleted by DIOCGETRULE with action=PF_GET_CLR_CNTR /
1668	struct pf_ruleset *ruleset = &pf_main_ruleset;
1669	struct pf_rule *rule;
1670
1671	TAILQ_FOREACH(rule,
1672	ruleset->rules[PF_RULESET_FILTER].active.ptr, entries) {
1673	rule->evaluations = `0`;
1674	rule->packets[`0`] = rule->packets[`1`] = `0`;
1675	rule->bytes[`0`] = rule->bytes[`1`] = `0`;
1676	}
1677	break;
1678	}
1679
1680	case DIOCGIFSPEED: {
1681	struct pf_ifspeed psp = (struct* pf_ifspeed )(void* *)addr;
1682	struct pf_ifspeed ps;
1683	struct ifnet *ifp;
1684	u_int64_t baudrate;
1685
1686	if (psp->ifname[`0`] != `'\0'`) {
1687	/ Can we completely trust user-land? /
1688	strlcpy(ps.ifname, psp->ifname, IFNAMSIZ);
1689	ps.ifname[IFNAMSIZ - `1`] = `'\0'`;
1690	ifp = ifunit(ps.ifname);
1691	if (ifp != NULL) {
1692	baudrate = ifp->if_output_bw.max_bw;
1693	bcopy(&baudrate, &psp->baudrate,
1694	sizeof (baudrate));
1695	} else {
1696	error = EINVAL;
1697	}
1698	} else {
1699	error = EINVAL;
1700	}
1701	break;
1702	}
1703
1704	case DIOCBEGINADDRS: / struct pfioc_pooladdr /
1705	case DIOCADDADDR: / struct pfioc_pooladdr /
1706	case DIOCGETADDRS: / struct pfioc_pooladdr /
1707	case DIOCGETADDR: / struct pfioc_pooladdr /
1708	case DIOCCHANGEADDR: { / struct pfioc_pooladdr /
1709	struct pfioc_pooladdr *pp = NULL;
1710
1711	PFIOC_STRUCT_BEGIN(addr, pp, error = ENOMEM; break;)
1712	error = pfioctl_ioc_pooladdr(cmd, pp, p);
1713	PFIOC_STRUCT_END(pp, addr);
1714	break;
1715	}
1716
1717	case DIOCGETRULESETS: / struct pfioc_ruleset /
1718	case DIOCGETRULESET: { / struct pfioc_ruleset /
1719	struct pfioc_ruleset *pr = NULL;
1720
1721	PFIOC_STRUCT_BEGIN(addr, pr, error = ENOMEM; break;);
1722	error = pfioctl_ioc_ruleset(cmd, pr, p);
1723	PFIOC_STRUCT_END(pr, addr);
1724	break;
1725	}
1726
1727	case DIOCRCLRTABLES: / struct pfioc_table /
1728	case DIOCRADDTABLES: / struct pfioc_table /
1729	case DIOCRDELTABLES: / struct pfioc_table /
1730	case DIOCRGETTABLES: / struct pfioc_table /
1731	case DIOCRGETTSTATS: / struct pfioc_table /
1732	case DIOCRCLRTSTATS: / struct pfioc_table /
1733	case DIOCRSETTFLAGS: / struct pfioc_table /
1734	case DIOCRCLRADDRS: / struct pfioc_table /
1735	case DIOCRADDADDRS: / struct pfioc_table /
1736	case DIOCRDELADDRS: / struct pfioc_table /
1737	case DIOCRSETADDRS: / struct pfioc_table /
1738	case DIOCRGETADDRS: / struct pfioc_table /
1739	case DIOCRGETASTATS: / struct pfioc_table /
1740	case DIOCRCLRASTATS: / struct pfioc_table /
1741	case DIOCRTSTADDRS: / struct pfioc_table /
1742	case DIOCRINADEFINE: { / struct pfioc_table /
1743	PFIOCX_STRUCT_DECL(pfioc_table);
1744
1745	PFIOCX_STRUCT_BEGIN(addr, pfioc_table, error = ENOMEM; break;);
1746	error = pfioctl_ioc_table(cmd,
1747	PFIOCX_STRUCT_ADDR32(pfioc_table),
1748	PFIOCX_STRUCT_ADDR64(pfioc_table), p);
1749	PFIOCX_STRUCT_END(pfioc_table, addr);
1750	break;
1751	}
1752
1753	case DIOCOSFPADD: / struct pf_osfp_ioctl /
1754	case DIOCOSFPGET: { / struct pf_osfp_ioctl /
1755	struct pf_osfp_ioctl *io = NULL;
1756
1757	PFIOC_STRUCT_BEGIN(addr, io, error = ENOMEM; break;);
1758	if (cmd == DIOCOSFPADD) {
1759	error = pf_osfp_add(io);
1760	} else {
1761	VERIFY(cmd == DIOCOSFPGET);
1762	error = pf_osfp_get(io);
1763	}
1764	PFIOC_STRUCT_END(io, addr);
1765	break;
1766	}
1767
1768	case DIOCXBEGIN: / struct pfioc_trans /
1769	case DIOCXROLLBACK: / struct pfioc_trans /
1770	case DIOCXCOMMIT: { / struct pfioc_trans /
1771	PFIOCX_STRUCT_DECL(pfioc_trans);
1772
1773	PFIOCX_STRUCT_BEGIN(addr, pfioc_trans, error = ENOMEM; break;);
1774	error = pfioctl_ioc_trans(cmd,
1775	PFIOCX_STRUCT_ADDR32(pfioc_trans),
1776	PFIOCX_STRUCT_ADDR64(pfioc_trans), p);
1777	PFIOCX_STRUCT_END(pfioc_trans, addr);
1778	break;
1779	}
1780
1781	case DIOCGETSRCNODES: { / struct pfioc_src_nodes /
1782	PFIOCX_STRUCT_DECL(pfioc_src_nodes);
1783
1784	PFIOCX_STRUCT_BEGIN(addr, pfioc_src_nodes,
1785	error = ENOMEM; break;);
1786	error = pfioctl_ioc_src_nodes(cmd,
1787	PFIOCX_STRUCT_ADDR32(pfioc_src_nodes),
1788	PFIOCX_STRUCT_ADDR64(pfioc_src_nodes), p);
1789	PFIOCX_STRUCT_END(pfioc_src_nodes, addr);
1790	break;
1791	}
1792
1793	case DIOCCLRSRCNODES: {
1794	struct pf_src_node *n;
1795	struct pf_state *state;
1796
1797	RB_FOREACH(state, pf_state_tree_id, &tree_id) {
1798	state->src_node = NULL;
1799	state->nat_src_node = NULL;
1800	}
1801	RB_FOREACH(n, pf_src_tree, &tree_src_tracking) {
1802	n->expire = `1`;
1803	n->states = `0`;
1804	}
1805	pf_purge_expired_src_nodes();
1806	pf_status.src_nodes = `0`;
1807	break;
1808	}
1809
1810	case DIOCKILLSRCNODES: { / struct pfioc_src_node_kill /
1811	struct pfioc_src_node_kill *psnk = NULL;
1812
1813	PFIOC_STRUCT_BEGIN(addr, psnk, error = ENOMEM; break;);
1814	error = pfioctl_ioc_src_node_kill(cmd, psnk, p);
1815	PFIOC_STRUCT_END(psnk, addr);
1816	break;
1817	}
1818
1819	case DIOCSETHOSTID: { / u_int32_t /
1820	u_int32_t hid;
1821
1822	/ small enough to be on stack /
1823	bcopy(addr, &hid, sizeof (hid));
1824	if (hid == `0`)
1825	pf_status.hostid = random();
1826	else
1827	pf_status.hostid = hid;
1828	break;
1829	}
1830
1831	case DIOCOSFPFLUSH:
1832	pf_osfp_flush();
1833	break;
1834
1835	case DIOCIGETIFACES: / struct pfioc_iface /
1836	case DIOCSETIFFLAG: / struct pfioc_iface /
1837	case DIOCCLRIFFLAG: { / struct pfioc_iface /
1838	PFIOCX_STRUCT_DECL(pfioc_iface);
1839
1840	PFIOCX_STRUCT_BEGIN(addr, pfioc_iface, error = ENOMEM; break;);
1841	error = pfioctl_ioc_iface(cmd,
1842	PFIOCX_STRUCT_ADDR32(pfioc_iface),
1843	PFIOCX_STRUCT_ADDR64(pfioc_iface), p);
1844	PFIOCX_STRUCT_END(pfioc_iface, addr);
1845	break;
1846	}
1847
1848	default:
1849	error = ENODEV;
1850	break;
1851	}
1852
1853	lck_mtx_unlock(pf_lock);
1854	lck_rw_done(pf_perim_lock);
1855
1856	return (error);
1857	}
1858
1859	static int
1860	pfioctl_ioc_table(u_long cmd, struct pfioc_table_32 *io32,
1861	struct pfioc_table_64 io64, struct* proc *p)
1862	{
1863	int p64 = proc_is64bit(p);
1864	int error = `0`;
1865
1866	if (!p64)
1867	goto struct32;
1868
1869	/*
1870	* 64-bit structure processing
1871	*/
1872	switch (cmd) {
1873	case DIOCRCLRTABLES:
1874	if (io64->pfrio_esize != `0`) {
1875	error = ENODEV;
1876	break;
1877	}
1878	pfr_table_copyin_cleanup(&io64->pfrio_table);
1879	error = pfr_clr_tables(&io64->pfrio_table, &io64->pfrio_ndel,
1880	io64->pfrio_flags \| PFR_FLAG_USERIOCTL);
1881	break;
1882
1883	case DIOCRADDTABLES:
1884	if (io64->pfrio_esize != sizeof (struct pfr_table)) {
1885	error = ENODEV;
1886	break;
1887	}
1888	error = pfr_add_tables(io64->pfrio_buffer, io64->pfrio_size,
1889	&io64->pfrio_nadd, io64->pfrio_flags \| PFR_FLAG_USERIOCTL);
1890	break;
1891
1892	case DIOCRDELTABLES:
1893	if (io64->pfrio_esize != sizeof (struct pfr_table)) {
1894	error = ENODEV;
1895	break;
1896	}
1897	error = pfr_del_tables(io64->pfrio_buffer, io64->pfrio_size,
1898	&io64->pfrio_ndel, io64->pfrio_flags \| PFR_FLAG_USERIOCTL);
1899	break;
1900
1901	case DIOCRGETTABLES:
1902	if (io64->pfrio_esize != sizeof (struct pfr_table)) {
1903	error = ENODEV;
1904	break;
1905	}
1906	pfr_table_copyin_cleanup(&io64->pfrio_table);
1907	error = pfr_get_tables(&io64->pfrio_table, io64->pfrio_buffer,
1908	&io64->pfrio_size, io64->pfrio_flags \| PFR_FLAG_USERIOCTL);
1909	break;
1910
1911	case DIOCRGETTSTATS:
1912	if (io64->pfrio_esize != sizeof (struct pfr_tstats)) {
1913	error = ENODEV;
1914	break;
1915	}
1916	pfr_table_copyin_cleanup(&io64->pfrio_table);
1917	error = pfr_get_tstats(&io64->pfrio_table, io64->pfrio_buffer,
1918	&io64->pfrio_size, io64->pfrio_flags \| PFR_FLAG_USERIOCTL);
1919	break;
1920
1921	case DIOCRCLRTSTATS:
1922	if (io64->pfrio_esize != sizeof (struct pfr_table)) {
1923	error = ENODEV;
1924	break;
1925	}
1926	error = pfr_clr_tstats(io64->pfrio_buffer, io64->pfrio_size,
1927	&io64->pfrio_nzero, io64->pfrio_flags \| PFR_FLAG_USERIOCTL);
1928	break;
1929
1930	case DIOCRSETTFLAGS:
1931	if (io64->pfrio_esize != sizeof (struct pfr_table)) {
1932	error = ENODEV;
1933	break;
1934	}
1935	error = pfr_set_tflags(io64->pfrio_buffer, io64->pfrio_size,
1936	io64->pfrio_setflag, io64->pfrio_clrflag,
1937	&io64->pfrio_nchange, &io64->pfrio_ndel,
1938	io64->pfrio_flags \| PFR_FLAG_USERIOCTL);
1939	break;
1940
1941	case DIOCRCLRADDRS:
1942	if (io64->pfrio_esize != `0`) {
1943	error = ENODEV;
1944	break;
1945	}
1946	pfr_table_copyin_cleanup(&io64->pfrio_table);
1947	error = pfr_clr_addrs(&io64->pfrio_table, &io64->pfrio_ndel,
1948	io64->pfrio_flags \| PFR_FLAG_USERIOCTL);
1949	break;
1950
1951	case DIOCRADDADDRS:
1952	if (io64->pfrio_esize != sizeof (struct pfr_addr)) {
1953	error = ENODEV;
1954	break;
1955	}
1956	pfr_table_copyin_cleanup(&io64->pfrio_table);
1957	error = pfr_add_addrs(&io64->pfrio_table, io64->pfrio_buffer,
1958	io64->pfrio_size, &io64->pfrio_nadd, io64->pfrio_flags \|
1959	PFR_FLAG_USERIOCTL);
1960	break;
1961
1962	case DIOCRDELADDRS:
1963	if (io64->pfrio_esize != sizeof (struct pfr_addr)) {
1964	error = ENODEV;
1965	break;
1966	}
1967	pfr_table_copyin_cleanup(&io64->pfrio_table);
1968	error = pfr_del_addrs(&io64->pfrio_table, io64->pfrio_buffer,
1969	io64->pfrio_size, &io64->pfrio_ndel, io64->pfrio_flags \|
1970	PFR_FLAG_USERIOCTL);
1971	break;
1972
1973	case DIOCRSETADDRS:
1974	if (io64->pfrio_esize != sizeof (struct pfr_addr)) {
1975	error = ENODEV;
1976	break;
1977	}
1978	pfr_table_copyin_cleanup(&io64->pfrio_table);
1979	error = pfr_set_addrs(&io64->pfrio_table, io64->pfrio_buffer,
1980	io64->pfrio_size, &io64->pfrio_size2, &io64->pfrio_nadd,
1981	&io64->pfrio_ndel, &io64->pfrio_nchange, io64->pfrio_flags \|
1982	PFR_FLAG_USERIOCTL, `0`);
1983	break;
1984
1985	case DIOCRGETADDRS:
1986	if (io64->pfrio_esize != sizeof (struct pfr_addr)) {
1987	error = ENODEV;
1988	break;
1989	}
1990	pfr_table_copyin_cleanup(&io64->pfrio_table);
1991	error = pfr_get_addrs(&io64->pfrio_table, io64->pfrio_buffer,
1992	&io64->pfrio_size, io64->pfrio_flags \| PFR_FLAG_USERIOCTL);
1993	break;
1994
1995	case DIOCRGETASTATS:
1996	if (io64->pfrio_esize != sizeof (struct pfr_astats)) {
1997	error = ENODEV;
1998	break;
1999	}
2000	pfr_table_copyin_cleanup(&io64->pfrio_table);
2001	error = pfr_get_astats(&io64->pfrio_table, io64->pfrio_buffer,
2002	&io64->pfrio_size, io64->pfrio_flags \| PFR_FLAG_USERIOCTL);
2003	break;
2004
2005	case DIOCRCLRASTATS:
2006	if (io64->pfrio_esize != sizeof (struct pfr_addr)) {
2007	error = ENODEV;
2008	break;
2009	}
2010	pfr_table_copyin_cleanup(&io64->pfrio_table);
2011	error = pfr_clr_astats(&io64->pfrio_table, io64->pfrio_buffer,
2012	io64->pfrio_size, &io64->pfrio_nzero, io64->pfrio_flags \|
2013	PFR_FLAG_USERIOCTL);
2014	break;
2015
2016	case DIOCRTSTADDRS:
2017	if (io64->pfrio_esize != sizeof (struct pfr_addr)) {
2018	error = ENODEV;
2019	break;
2020	}
2021	pfr_table_copyin_cleanup(&io64->pfrio_table);
2022	error = pfr_tst_addrs(&io64->pfrio_table, io64->pfrio_buffer,
2023	io64->pfrio_size, &io64->pfrio_nmatch, io64->pfrio_flags \|
2024	PFR_FLAG_USERIOCTL);
2025	break;
2026
2027	case DIOCRINADEFINE:
2028	if (io64->pfrio_esize != sizeof (struct pfr_addr)) {
2029	error = ENODEV;
2030	break;
2031	}
2032	pfr_table_copyin_cleanup(&io64->pfrio_table);
2033	error = pfr_ina_define(&io64->pfrio_table, io64->pfrio_buffer,
2034	io64->pfrio_size, &io64->pfrio_nadd, &io64->pfrio_naddr,
2035	io64->pfrio_ticket, io64->pfrio_flags \| PFR_FLAG_USERIOCTL);
2036	break;
2037
2038	default:
2039	VERIFY(`0`);
2040	/ NOTREACHED /
2041	}
2042	goto done;
2043
2044	struct32:
2045	/*
2046	* 32-bit structure processing
2047	*/
2048	switch (cmd) {
2049	case DIOCRCLRTABLES:
2050	if (io32->pfrio_esize != `0`) {
2051	error = ENODEV;
2052	break;
2053	}
2054	pfr_table_copyin_cleanup(&io32->pfrio_table);
2055	error = pfr_clr_tables(&io32->pfrio_table, &io32->pfrio_ndel,
2056	io32->pfrio_flags \| PFR_FLAG_USERIOCTL);
2057	break;
2058
2059	case DIOCRADDTABLES:
2060	if (io32->pfrio_esize != sizeof (struct pfr_table)) {
2061	error = ENODEV;
2062	break;
2063	}
2064	error = pfr_add_tables(io32->pfrio_buffer, io32->pfrio_size,
2065	&io32->pfrio_nadd, io32->pfrio_flags \| PFR_FLAG_USERIOCTL);
2066	break;
2067
2068	case DIOCRDELTABLES:
2069	if (io32->pfrio_esize != sizeof (struct pfr_table)) {
2070	error = ENODEV;
2071	break;
2072	}
2073	error = pfr_del_tables(io32->pfrio_buffer, io32->pfrio_size,
2074	&io32->pfrio_ndel, io32->pfrio_flags \| PFR_FLAG_USERIOCTL);
2075	break;
2076
2077	case DIOCRGETTABLES:
2078	if (io32->pfrio_esize != sizeof (struct pfr_table)) {
2079	error = ENODEV;
2080	break;
2081	}
2082	pfr_table_copyin_cleanup(&io32->pfrio_table);
2083	error = pfr_get_tables(&io32->pfrio_table, io32->pfrio_buffer,
2084	&io32->pfrio_size, io32->pfrio_flags \| PFR_FLAG_USERIOCTL);
2085	break;
2086
2087	case DIOCRGETTSTATS:
2088	if (io32->pfrio_esize != sizeof (struct pfr_tstats)) {
2089	error = ENODEV;
2090	break;
2091	}
2092	pfr_table_copyin_cleanup(&io32->pfrio_table);
2093	error = pfr_get_tstats(&io32->pfrio_table, io32->pfrio_buffer,
2094	&io32->pfrio_size, io32->pfrio_flags \| PFR_FLAG_USERIOCTL);
2095	break;
2096
2097	case DIOCRCLRTSTATS:
2098	if (io32->pfrio_esize != sizeof (struct pfr_table)) {
2099	error = ENODEV;
2100	break;
2101	}
2102	error = pfr_clr_tstats(io32->pfrio_buffer, io32->pfrio_size,
2103	&io32->pfrio_nzero, io32->pfrio_flags \| PFR_FLAG_USERIOCTL);
2104	break;
2105
2106	case DIOCRSETTFLAGS:
2107	if (io32->pfrio_esize != sizeof (struct pfr_table)) {
2108	error = ENODEV;
2109	break;
2110	}
2111	error = pfr_set_tflags(io32->pfrio_buffer, io32->pfrio_size,
2112	io32->pfrio_setflag, io32->pfrio_clrflag,
2113	&io32->pfrio_nchange, &io32->pfrio_ndel,
2114	io32->pfrio_flags \| PFR_FLAG_USERIOCTL);
2115	break;
2116
2117	case DIOCRCLRADDRS:
2118	if (io32->pfrio_esize != `0`) {
2119	error = ENODEV;
2120	break;
2121	}
2122	pfr_table_copyin_cleanup(&io32->pfrio_table);
2123	error = pfr_clr_addrs(&io32->pfrio_table, &io32->pfrio_ndel,
2124	io32->pfrio_flags \| PFR_FLAG_USERIOCTL);
2125	break;
2126
2127	case DIOCRADDADDRS:
2128	if (io32->pfrio_esize != sizeof (struct pfr_addr)) {
2129	error = ENODEV;
2130	break;
2131	}
2132	pfr_table_copyin_cleanup(&io32->pfrio_table);
2133	error = pfr_add_addrs(&io32->pfrio_table, io32->pfrio_buffer,
2134	io32->pfrio_size, &io32->pfrio_nadd, io32->pfrio_flags \|
2135	PFR_FLAG_USERIOCTL);
2136	break;
2137
2138	case DIOCRDELADDRS:
2139	if (io32->pfrio_esize != sizeof (struct pfr_addr)) {
2140	error = ENODEV;
2141	break;
2142	}
2143	pfr_table_copyin_cleanup(&io32->pfrio_table);
2144	error = pfr_del_addrs(&io32->pfrio_table, io32->pfrio_buffer,
2145	io32->pfrio_size, &io32->pfrio_ndel, io32->pfrio_flags \|
2146	PFR_FLAG_USERIOCTL);
2147	break;
2148
2149	case DIOCRSETADDRS:
2150	if (io32->pfrio_esize != sizeof (struct pfr_addr)) {
2151	error = ENODEV;
2152	break;
2153	}
2154	pfr_table_copyin_cleanup(&io32->pfrio_table);
2155	error = pfr_set_addrs(&io32->pfrio_table, io32->pfrio_buffer,
2156	io32->pfrio_size, &io32->pfrio_size2, &io32->pfrio_nadd,
2157	&io32->pfrio_ndel, &io32->pfrio_nchange, io32->pfrio_flags \|
2158	PFR_FLAG_USERIOCTL, `0`);
2159	break;
2160
2161	case DIOCRGETADDRS:
2162	if (io32->pfrio_esize != sizeof (struct pfr_addr)) {
2163	error = ENODEV;
2164	break;
2165	}
2166	pfr_table_copyin_cleanup(&io32->pfrio_table);
2167	error = pfr_get_addrs(&io32->pfrio_table, io32->pfrio_buffer,
2168	&io32->pfrio_size, io32->pfrio_flags \| PFR_FLAG_USERIOCTL);
2169	break;
2170
2171	case DIOCRGETASTATS:
2172	if (io32->pfrio_esize != sizeof (struct pfr_astats)) {
2173	error = ENODEV;
2174	break;
2175	}
2176	pfr_table_copyin_cleanup(&io32->pfrio_table);
2177	error = pfr_get_astats(&io32->pfrio_table, io32->pfrio_buffer,
2178	&io32->pfrio_size, io32->pfrio_flags \| PFR_FLAG_USERIOCTL);
2179	break;
2180
2181	case DIOCRCLRASTATS:
2182	if (io32->pfrio_esize != sizeof (struct pfr_addr)) {
2183	error = ENODEV;
2184	break;
2185	}
2186	pfr_table_copyin_cleanup(&io32->pfrio_table);
2187	error = pfr_clr_astats(&io32->pfrio_table, io32->pfrio_buffer,
2188	io32->pfrio_size, &io32->pfrio_nzero, io32->pfrio_flags \|
2189	PFR_FLAG_USERIOCTL);
2190	break;
2191
2192	case DIOCRTSTADDRS:
2193	if (io32->pfrio_esize != sizeof (struct pfr_addr)) {
2194	error = ENODEV;
2195	break;
2196	}
2197	pfr_table_copyin_cleanup(&io32->pfrio_table);
2198	error = pfr_tst_addrs(&io32->pfrio_table, io32->pfrio_buffer,
2199	io32->pfrio_size, &io32->pfrio_nmatch, io32->pfrio_flags \|
2200	PFR_FLAG_USERIOCTL);
2201	break;
2202
2203	case DIOCRINADEFINE:
2204	if (io32->pfrio_esize != sizeof (struct pfr_addr)) {
2205	error = ENODEV;
2206	break;
2207	}
2208	pfr_table_copyin_cleanup(&io32->pfrio_table);
2209	error = pfr_ina_define(&io32->pfrio_table, io32->pfrio_buffer,
2210	io32->pfrio_size, &io32->pfrio_nadd, &io32->pfrio_naddr,
2211	io32->pfrio_ticket, io32->pfrio_flags \| PFR_FLAG_USERIOCTL);
2212	break;
2213
2214	default:
2215	VERIFY(`0`);
2216	/ NOTREACHED /
2217	}
2218
2219	done:
2220	return (error);
2221	}
2222
2223	static int
2224	pfioctl_ioc_tokens(u_long cmd, struct pfioc_tokens_32 *tok32,
2225	struct pfioc_tokens_64 tok64, struct* proc *p)
2226	{
2227	struct pfioc_token *tokens;
2228	struct pfioc_kernel_token entry, tmp;
2229	user_addr_t token_buf;
2230	int ocnt, cnt, error = `0`, p64 = proc_is64bit(p);
2231	char *ptr;
2232
2233	switch (cmd) {
2234	case DIOCGETSTARTERS: {
2235	int size;
2236
2237	if (nr_tokens == `0`) {
2238	error = ENOENT;
2239	break;
2240	}
2241
2242	size = sizeof (struct pfioc_token) * nr_tokens;
2243	ocnt = cnt = (p64 ? tok64->size : tok32->size);
2244	if (cnt == `0`) {
2245	if (p64)
2246	tok64->size = size;
2247	else
2248	tok32->size = size;
2249	break;
2250	}
2251
2252	token_buf = (p64 ? tok64->pgt_buf : tok32->pgt_buf);
2253	tokens = _MALLOC(size, M_TEMP, M_WAITOK\|M_ZERO);
2254	if (tokens == NULL) {
2255	error = ENOMEM;
2256	break;
2257	}
2258
2259	ptr = (void *)tokens;
2260	SLIST_FOREACH_SAFE(entry, &token_list_head, next, tmp) {
2261	struct pfioc_token *t;
2262
2263	if ((unsigned)cnt < sizeof (*tokens))
2264	break; / no more buffer space left /
2265
2266	t = (struct pfioc_token )(void* *)ptr;
2267	t->token_value = entry->token.token_value;
2268	t->timestamp = entry->token.timestamp;
2269	t->pid = entry->token.pid;
2270	bcopy(entry->token.proc_name, t->proc_name,
2271	PFTOK_PROCNAME_LEN);
2272	ptr += sizeof (struct pfioc_token);
2273
2274	cnt -= sizeof (struct pfioc_token);
2275	}
2276
2277	if (cnt < ocnt)
2278	error = copyout(tokens, token_buf, ocnt - cnt);
2279
2280	if (p64)
2281	tok64->size = ocnt - cnt;
2282	else
2283	tok32->size = ocnt - cnt;
2284
2285	_FREE(tokens, M_TEMP);
2286	break;
2287	}
2288
2289	default:
2290	VERIFY(`0`);
2291	/ NOTREACHED /
2292	}
2293
2294	return (error);
2295	}
2296
2297	static void
2298	pf_expire_states_and_src_nodes(struct pf_rule *rule)
2299	{
2300	struct pf_state *state;
2301	struct pf_src_node *sn;
2302	int killed = `0`;
2303
2304	/ expire the states /
2305	state = TAILQ_FIRST(&state_list);
2306	while (state) {
2307	if (state->rule.ptr == rule)
2308	state->timeout = PFTM_PURGE;
2309	state = TAILQ_NEXT(state, entry_list);
2310	}
2311	pf_purge_expired_states(pf_status.states);
2312
2313	/ expire the src_nodes /
2314	RB_FOREACH(sn, pf_src_tree, &tree_src_tracking) {
2315	if (sn->rule.ptr != rule)
2316	continue;
2317	if (sn->states != `0`) {
2318	RB_FOREACH(state, pf_state_tree_id,
2319	&tree_id) {
2320	if (state->src_node == sn)
2321	state->src_node = NULL;
2322	if (state->nat_src_node == sn)
2323	state->nat_src_node = NULL;
2324	}
2325	sn->states = `0`;
2326	}
2327	sn->expire = `1`;
2328	killed++;
2329	}
2330	if (killed)
2331	pf_purge_expired_src_nodes();
2332	}
2333
2334	static void
2335	pf_delete_rule_from_ruleset(struct pf_ruleset ruleset, int* rs_num,
2336	struct pf_rule *rule)
2337	{
2338	struct pf_rule *r;
2339	int nr = `0`;
2340
2341	pf_expire_states_and_src_nodes(rule);
2342
2343	pf_rm_rule(ruleset->rules[rs_num].active.ptr, rule);
2344	if (ruleset->rules[rs_num].active.rcount-- == `0`)
2345	panic("%s: rcount value broken!", __func__);
2346	r = TAILQ_FIRST(ruleset->rules[rs_num].active.ptr);
2347
2348	while (r) {
2349	r->nr = nr++;
2350	r = TAILQ_NEXT(r, entries);
2351	}
2352	}
2353
2354
2355	static void
2356	pf_ruleset_cleanup(struct pf_ruleset ruleset, int* rs)
2357	{
2358	pf_calc_skip_steps(ruleset->rules[rs].active.ptr);
2359	ruleset->rules[rs].active.ticket =
2360	++ruleset->rules[rs].inactive.ticket;
2361	}
2362
2363	/*
2364	* req_dev encodes the PF interface. Currently, possible values are
2365	* 0 or PFRULE_PFM
2366	*/
2367	static int
2368	pf_delete_rule_by_ticket(struct pfioc_rule *pr, u_int32_t req_dev)
2369	{
2370	struct pf_ruleset *ruleset;
2371	struct pf_rule *rule = NULL;
2372	int is_anchor;
2373	int error;
2374	int i;
2375
2376	is_anchor = (pr->anchor_call[`0`] != `'\0'`);
2377	if ((ruleset = pf_find_ruleset_with_owner(pr->anchor,
2378	pr->rule.owner, is_anchor, &error)) == NULL)
2379	return (error);
2380
2381	for (i = `0`; i < PF_RULESET_MAX && rule == NULL; i++) {
2382	rule = TAILQ_FIRST(ruleset->rules[i].active.ptr);
2383	while (rule && (rule->ticket != pr->rule.ticket))
2384	rule = TAILQ_NEXT(rule, entries);
2385	}
2386	if (rule == NULL)
2387	return (ENOENT);
2388	else
2389	i--;
2390
2391	if (strcmp(rule->owner, pr->rule.owner))
2392	return (EACCES);
2393
2394	delete_rule:
2395	if (rule->anchor && (ruleset != &pf_main_ruleset) &&
2396	((strcmp(ruleset->anchor->owner, "")) == `0`) &&
2397	((ruleset->rules[i].active.rcount - `1`) == `0`)) {
2398	/ set rule & ruleset to parent and repeat /
2399	struct pf_rule *delete_rule = rule;
2400	struct pf_ruleset *delete_ruleset = ruleset;
2401
2402	#define parent_ruleset ruleset->anchor->parent->ruleset
2403	if (ruleset->anchor->parent == NULL)
2404	ruleset = &pf_main_ruleset;
2405	else
2406	ruleset = &parent_ruleset;
2407
2408	rule = TAILQ_FIRST(ruleset->rules[i].active.ptr);
2409	while (rule &&
2410	(rule->anchor != delete_ruleset->anchor))
2411	rule = TAILQ_NEXT(rule, entries);
2412	if (rule == NULL)
2413	panic("%s: rule not found!", __func__);
2414
2415	/*
2416	* if reqest device != rule's device, bail :
2417	* with error if ticket matches;
2418	* without error if ticket doesn't match (i.e. its just cleanup)
2419	*/
2420	if ((rule->rule_flag & PFRULE_PFM) ^ req_dev) {
2421	if (rule->ticket != pr->rule.ticket) {
2422	return (`0`);
2423	} else {
2424	return EACCES;
2425	}
2426	}
2427
2428	if (delete_rule->rule_flag & PFRULE_PFM) {
2429	pffwrules--;
2430	}
2431
2432	pf_delete_rule_from_ruleset(delete_ruleset,
2433	i, delete_rule);
2434	delete_ruleset->rules[i].active.ticket =
2435	++delete_ruleset->rules[i].inactive.ticket;
2436	goto delete_rule;
2437	} else {
2438	/*
2439	* process deleting rule only if device that added the
2440	* rule matches device that issued the request
2441	*/
2442	if ((rule->rule_flag & PFRULE_PFM) ^ req_dev)
2443	return EACCES;
2444	if (rule->rule_flag & PFRULE_PFM)
2445	pffwrules--;
2446	pf_delete_rule_from_ruleset(ruleset, i,
2447	rule);
2448	pf_ruleset_cleanup(ruleset, i);
2449	}
2450
2451	return (`0`);
2452	}
2453
2454	/*
2455	* req_dev encodes the PF interface. Currently, possible values are
2456	* 0 or PFRULE_PFM
2457	*/
2458	static void
2459	pf_delete_rule_by_owner(char *owner, u_int32_t req_dev)
2460	{
2461	struct pf_ruleset *ruleset;
2462	struct pf_rule rule, next;
2463	int deleted = `0`;
2464
2465	for (int rs = `0`; rs < PF_RULESET_MAX; rs++) {
2466	rule = TAILQ_FIRST(pf_main_ruleset.rules[rs].active.ptr);
2467	ruleset = &pf_main_ruleset;
2468	while (rule) {
2469	next = TAILQ_NEXT(rule, entries);
2470	/*
2471	* process deleting rule only if device that added the
2472	* rule matches device that issued the request
2473	*/
2474	if ((rule->rule_flag & PFRULE_PFM) ^ req_dev) {
2475	rule = next;
2476	continue;
2477	}
2478	if (rule->anchor) {
2479	if (((strcmp(rule->owner, owner)) == `0`) \|\|
2480	((strcmp(rule->owner, "")) == `0`)) {
2481	if (rule->anchor->ruleset.rules[rs].active.rcount > `0`) {
2482	if (deleted) {
2483	pf_ruleset_cleanup(ruleset, rs);
2484	deleted = `0`;
2485	}
2486	/ step into anchor /
2487	ruleset =
2488	&rule->anchor->ruleset;
2489	rule = TAILQ_FIRST(ruleset->rules[rs].active.ptr);
2490	continue;
2491	} else {
2492	if (rule->rule_flag &
2493	PFRULE_PFM)
2494	pffwrules--;
2495	pf_delete_rule_from_ruleset(ruleset, rs, rule);
2496	deleted = `1`;
2497	rule = next;
2498	}
2499	} else
2500	rule = next;
2501	} else {
2502	if (((strcmp(rule->owner, owner)) == `0`)) {
2503	/ delete rule /
2504	if (rule->rule_flag & PFRULE_PFM)
2505	pffwrules--;
2506	pf_delete_rule_from_ruleset(ruleset,
2507	rs, rule);
2508	deleted = `1`;
2509	}
2510	rule = next;
2511	}
2512	if (rule == NULL) {
2513	if (deleted) {
2514	pf_ruleset_cleanup(ruleset, rs);
2515	deleted = `0`;
2516	}
2517	if (ruleset != &pf_main_ruleset)
2518	pf_deleterule_anchor_step_out(&ruleset,
2519	rs, &rule);
2520	}
2521	}
2522	}
2523	}
2524
2525	static void
2526	pf_deleterule_anchor_step_out(struct pf_ruleset **ruleset_ptr,
2527	int rs, struct pf_rule **rule_ptr)
2528	{
2529	struct pf_ruleset ruleset = ruleset_ptr;
2530	struct pf_rule rule = rule_ptr;
2531
2532	/ step out of anchor /
2533	struct pf_ruleset *rs_copy = ruleset;
2534	ruleset = ruleset->anchor->parent?
2535	&ruleset->anchor->parent->ruleset:&pf_main_ruleset;
2536
2537	rule = TAILQ_FIRST(ruleset->rules[rs].active.ptr);
2538	while (rule && (rule->anchor != rs_copy->anchor))
2539	rule = TAILQ_NEXT(rule, entries);
2540	if (rule == NULL)
2541	panic("%s: parent rule of anchor not found!", __func__);
2542	if (rule->anchor->ruleset.rules[rs].active.rcount > `0`)
2543	rule = TAILQ_NEXT(rule, entries);
2544
2545	*ruleset_ptr = ruleset;
2546	*rule_ptr = rule;
2547	}
2548
2549	static void
2550	pf_addrwrap_setup(struct pf_addr_wrap *aw)
2551	{
2552	VERIFY(aw);
2553	bzero(&aw->p, sizeof aw->p);
2554	}
2555
2556	static int
2557	pf_rule_setup(struct pfioc_rule pr, struct* pf_rule *rule,
2558	struct pf_ruleset *ruleset) {
2559	struct pf_pooladdr *apa;
2560	int error = `0`;
2561
2562	if (rule->ifname[`0`]) {
2563	rule->kif = pfi_kif_get(rule->ifname);
2564	if (rule->kif == NULL) {
2565	pool_put(&pf_rule_pl, rule);
2566	return (EINVAL);
2567	}
2568	pfi_kif_ref(rule->kif, PFI_KIF_REF_RULE);
2569	}
2570	if (rule->tagname[`0`])
2571	if ((rule->tag = pf_tagname2tag(rule->tagname)) == `0`)
2572	error = EBUSY;
2573	if (rule->match_tagname[`0`])
2574	if ((rule->match_tag =
2575	pf_tagname2tag(rule->match_tagname)) == `0`)
2576	error = EBUSY;
2577	if (rule->rt && !rule->direction)
2578	error = EINVAL;
2579	#if PFLOG
2580	if (!rule->log)
2581	rule->logif = `0`;
2582	if (rule->logif >= PFLOGIFS_MAX)
2583	error = EINVAL;
2584	#endif /* PFLOG */
2585	pf_addrwrap_setup(&rule->src.addr);
2586	pf_addrwrap_setup(&rule->dst.addr);
2587	if (pf_rtlabel_add(&rule->src.addr) \|\|
2588	pf_rtlabel_add(&rule->dst.addr))
2589	error = EBUSY;
2590	if (pfi_dynaddr_setup(&rule->src.addr, rule->af))
2591	error = EINVAL;
2592	if (pfi_dynaddr_setup(&rule->dst.addr, rule->af))
2593	error = EINVAL;
2594	if (pf_tbladdr_setup(ruleset, &rule->src.addr))
2595	error = EINVAL;
2596	if (pf_tbladdr_setup(ruleset, &rule->dst.addr))
2597	error = EINVAL;
2598	if (pf_anchor_setup(rule, ruleset, pr->anchor_call))
2599	error = EINVAL;
2600	TAILQ_FOREACH(apa, &pf_pabuf, entries)
2601	if (pf_tbladdr_setup(ruleset, &apa->addr))
2602	error = EINVAL;
2603
2604	if (rule->overload_tblname[`0`]) {
2605	if ((rule->overload_tbl = pfr_attach_table(ruleset,
2606	rule->overload_tblname)) == NULL)
2607	error = EINVAL;
2608	else
2609	rule->overload_tbl->pfrkt_flags \|=
2610	PFR_TFLAG_ACTIVE;
2611	}
2612
2613	pf_mv_pool(&pf_pabuf, &rule->rpool.list);
2614
2615	if (((((rule->action == PF_NAT) \|\| (rule->action == PF_RDR) \|\|
2616	(rule->action == PF_BINAT) \|\| (rule->action == PF_NAT64)) &&
2617	rule->anchor == NULL) \|\|
2618	(rule->rt > PF_FASTROUTE)) &&
2619	(TAILQ_FIRST(&rule->rpool.list) == NULL))
2620	error = EINVAL;
2621
2622	if (error) {
2623	pf_rm_rule(NULL, rule);
2624	return (error);
2625	}
2626	/ For a NAT64 rule the rule's address family is AF_INET6 whereas*
2627	* the address pool's family will be AF_INET
2628	*/
2629	rule->rpool.af = (rule->action == PF_NAT64) ? AF_INET: rule->af;
2630	rule->rpool.cur = TAILQ_FIRST(&rule->rpool.list);
2631	rule->evaluations = rule->packets[`0`] = rule->packets[`1`] =
2632	rule->bytes[`0`] = rule->bytes[`1`] = `0`;
2633
2634	return (`0`);
2635	}
2636
2637	static int
2638	pfioctl_ioc_rule(u_long cmd, int minordev, struct pfioc_rule pr, struct* proc *p)
2639	{
2640	int error = `0`;
2641	u_int32_t req_dev = `0`;
2642
2643	switch (cmd) {
2644	case DIOCADDRULE: {
2645	struct pf_ruleset *ruleset;
2646	struct pf_rule rule, tail;
2647	int rs_num;
2648
2649	pr->anchor[sizeof (pr->anchor) - `1`] = `'\0'`;
2650	pr->anchor_call[sizeof (pr->anchor_call) - `1`] = `'\0'`;
2651	ruleset = pf_find_ruleset(pr->anchor);
2652	if (ruleset == NULL) {
2653	error = EINVAL;
2654	break;
2655	}
2656	rs_num = pf_get_ruleset_number(pr->rule.action);
2657	if (rs_num >= PF_RULESET_MAX) {
2658	error = EINVAL;
2659	break;
2660	}
2661	if (pr->rule.return_icmp >> `8` > ICMP_MAXTYPE) {
2662	error = EINVAL;
2663	break;
2664	}
2665	if (pr->ticket != ruleset->rules[rs_num].inactive.ticket) {
2666	error = EBUSY;
2667	break;
2668	}
2669	if (pr->pool_ticket != ticket_pabuf) {
2670	error = EBUSY;
2671	break;
2672	}
2673	rule = pool_get(&pf_rule_pl, PR_WAITOK);
2674	if (rule == NULL) {
2675	error = ENOMEM;
2676	break;
2677	}
2678	pf_rule_copyin(&pr->rule, rule, p, minordev);
2679	#if !INET
2680	if (rule->af == AF_INET) {
2681	pool_put(&pf_rule_pl, rule);
2682	error = EAFNOSUPPORT;
2683	break;
2684	}
2685	#endif /* INET */
2686	#if !INET6
2687	if (rule->af == AF_INET6) {
2688	pool_put(&pf_rule_pl, rule);
2689	error = EAFNOSUPPORT;
2690	break;
2691	}
2692	#endif /* INET6 */
2693	tail = TAILQ_LAST(ruleset->rules[rs_num].inactive.ptr,
2694	pf_rulequeue);
2695	if (tail)
2696	rule->nr = tail->nr + `1`;
2697	else
2698	rule->nr = `0`;
2699
2700	if ((error = pf_rule_setup(pr, rule, ruleset)))
2701	break;
2702
2703	TAILQ_INSERT_TAIL(ruleset->rules[rs_num].inactive.ptr,
2704	rule, entries);
2705	ruleset->rules[rs_num].inactive.rcount++;
2706	if (rule->rule_flag & PFRULE_PFM)
2707	pffwrules++;
2708
2709	if (rule->action == PF_NAT64)
2710	atomic_add_16(&pf_nat64_configured, `1`);
2711
2712	if (pr->anchor_call[`0`] == `'\0'`) {
2713	INC_ATOMIC_INT64_LIM(net_api_stats.nas_pf_addrule_total);
2714	if (rule->rule_flag & PFRULE_PFM) {
2715	INC_ATOMIC_INT64_LIM(net_api_stats.nas_pf_addrule_os);
2716	}
2717	}
2718
2719	#if DUMMYNET
2720	if (rule->action == PF_DUMMYNET) {
2721	struct dummynet_event dn_event;
2722	uint32_t direction = DN_INOUT;;
2723	bzero(&dn_event, sizeof(dn_event));
2724
2725	dn_event.dn_event_code = DUMMYNET_RULE_CONFIG;
2726
2727	if (rule->direction == PF_IN)
2728	direction = DN_IN;
2729	else if (rule->direction == PF_OUT)
2730	direction = DN_OUT;
2731
2732	dn_event.dn_event_rule_config.dir = direction;
2733	dn_event.dn_event_rule_config.af = rule->af;
2734	dn_event.dn_event_rule_config.proto = rule->proto;
2735	dn_event.dn_event_rule_config.src_port = rule->src.xport.range.port[`0`];
2736	dn_event.dn_event_rule_config.dst_port = rule->dst.xport.range.port[`0`];
2737	strlcpy(dn_event.dn_event_rule_config.ifname, rule->ifname,
2738	sizeof(dn_event.dn_event_rule_config.ifname));
2739
2740	dummynet_event_enqueue_nwk_wq_entry(&dn_event);
2741	}
2742	#endif
2743	break;
2744	}
2745
2746	case DIOCGETRULES: {
2747	struct pf_ruleset *ruleset;
2748	struct pf_rule *tail;
2749	int rs_num;
2750
2751	pr->anchor[sizeof (pr->anchor) - `1`] = `'\0'`;
2752	pr->anchor_call[sizeof (pr->anchor_call) - `1`] = `'\0'`;
2753	ruleset = pf_find_ruleset(pr->anchor);
2754	if (ruleset == NULL) {
2755	error = EINVAL;
2756	break;
2757	}
2758	rs_num = pf_get_ruleset_number(pr->rule.action);
2759	if (rs_num >= PF_RULESET_MAX) {
2760	error = EINVAL;
2761	break;
2762	}
2763	tail = TAILQ_LAST(ruleset->rules[rs_num].active.ptr,
2764	pf_rulequeue);
2765	if (tail)
2766	pr->nr = tail->nr + `1`;
2767	else
2768	pr->nr = `0`;
2769	pr->ticket = ruleset->rules[rs_num].active.ticket;
2770	break;
2771	}
2772
2773	case DIOCGETRULE: {
2774	struct pf_ruleset *ruleset;
2775	struct pf_rule *rule;
2776	int rs_num, i;
2777
2778	pr->anchor[sizeof (pr->anchor) - `1`] = `'\0'`;
2779	pr->anchor_call[sizeof (pr->anchor_call) - `1`] = `'\0'`;
2780	ruleset = pf_find_ruleset(pr->anchor);
2781	if (ruleset == NULL) {
2782	error = EINVAL;
2783	break;
2784	}
2785	rs_num = pf_get_ruleset_number(pr->rule.action);
2786	if (rs_num >= PF_RULESET_MAX) {
2787	error = EINVAL;
2788	break;
2789	}
2790	if (pr->ticket != ruleset->rules[rs_num].active.ticket) {
2791	error = EBUSY;
2792	break;
2793	}
2794	rule = TAILQ_FIRST(ruleset->rules[rs_num].active.ptr);
2795	while ((rule != NULL) && (rule->nr != pr->nr))
2796	rule = TAILQ_NEXT(rule, entries);
2797	if (rule == NULL) {
2798	error = EBUSY;
2799	break;
2800	}
2801	pf_rule_copyout(rule, &pr->rule);
2802	if (pf_anchor_copyout(ruleset, rule, pr)) {
2803	error = EBUSY;
2804	break;
2805	}
2806	pfi_dynaddr_copyout(&pr->rule.src.addr);
2807	pfi_dynaddr_copyout(&pr->rule.dst.addr);
2808	pf_tbladdr_copyout(&pr->rule.src.addr);
2809	pf_tbladdr_copyout(&pr->rule.dst.addr);
2810	pf_rtlabel_copyout(&pr->rule.src.addr);
2811	pf_rtlabel_copyout(&pr->rule.dst.addr);
2812	for (i = `0`; i < PF_SKIP_COUNT; ++i)
2813	if (rule->skip[i].ptr == NULL)
2814	pr->rule.skip[i].nr = -`1`;
2815	else
2816	pr->rule.skip[i].nr =
2817	rule->skip[i].ptr->nr;
2818
2819	if (pr->action == PF_GET_CLR_CNTR) {
2820	rule->evaluations = `0`;
2821	rule->packets[`0`] = rule->packets[`1`] = `0`;
2822	rule->bytes[`0`] = rule->bytes[`1`] = `0`;
2823	}
2824	break;
2825	}
2826
2827	case DIOCCHANGERULE: {
2828	struct pfioc_rule *pcr = pr;
2829	struct pf_ruleset *ruleset;
2830	struct pf_rule oldrule = NULL, newrule = NULL;
2831	struct pf_pooladdr *pa;
2832	u_int32_t nr = `0`;
2833	int rs_num;
2834
2835	if (!(pcr->action == PF_CHANGE_REMOVE \|\|
2836	pcr->action == PF_CHANGE_GET_TICKET) &&
2837	pcr->pool_ticket != ticket_pabuf) {
2838	error = EBUSY;
2839	break;
2840	}
2841
2842	if (pcr->action < PF_CHANGE_ADD_HEAD \|\|
2843	pcr->action > PF_CHANGE_GET_TICKET) {
2844	error = EINVAL;
2845	break;
2846	}
2847	pcr->anchor[sizeof (pcr->anchor) - `1`] = `'\0'`;
2848	pcr->anchor_call[sizeof (pcr->anchor_call) - `1`] = `'\0'`;
2849	ruleset = pf_find_ruleset(pcr->anchor);
2850	if (ruleset == NULL) {
2851	error = EINVAL;
2852	break;
2853	}
2854	rs_num = pf_get_ruleset_number(pcr->rule.action);
2855	if (rs_num >= PF_RULESET_MAX) {
2856	error = EINVAL;
2857	break;
2858	}
2859
2860	if (pcr->action == PF_CHANGE_GET_TICKET) {
2861	pcr->ticket = ++ruleset->rules[rs_num].active.ticket;
2862	break;
2863	} else {
2864	if (pcr->ticket !=
2865	ruleset->rules[rs_num].active.ticket) {
2866	error = EINVAL;
2867	break;
2868	}
2869	if (pcr->rule.return_icmp >> `8` > ICMP_MAXTYPE) {
2870	error = EINVAL;
2871	break;
2872	}
2873	}
2874
2875	if (pcr->action != PF_CHANGE_REMOVE) {
2876	newrule = pool_get(&pf_rule_pl, PR_WAITOK);
2877	if (newrule == NULL) {
2878	error = ENOMEM;
2879	break;
2880	}
2881	pf_rule_copyin(&pcr->rule, newrule, p, minordev);
2882	#if !INET
2883	if (newrule->af == AF_INET) {
2884	pool_put(&pf_rule_pl, newrule);
2885	error = EAFNOSUPPORT;
2886	break;
2887	}
2888	#endif /* INET */
2889	#if !INET6
2890	if (newrule->af == AF_INET6) {
2891	pool_put(&pf_rule_pl, newrule);
2892	error = EAFNOSUPPORT;
2893	break;
2894	}
2895	#endif /* INET6 */
2896	if (newrule->ifname[`0`]) {
2897	newrule->kif = pfi_kif_get(newrule->ifname);
2898	if (newrule->kif == NULL) {
2899	pool_put(&pf_rule_pl, newrule);
2900	error = EINVAL;
2901	break;
2902	}
2903	pfi_kif_ref(newrule->kif, PFI_KIF_REF_RULE);
2904	} else
2905	newrule->kif = NULL;
2906
2907	if (newrule->tagname[`0`])
2908	if ((newrule->tag =
2909	pf_tagname2tag(newrule->tagname)) == `0`)
2910	error = EBUSY;
2911	if (newrule->match_tagname[`0`])
2912	if ((newrule->match_tag = pf_tagname2tag(
2913	newrule->match_tagname)) == `0`)
2914	error = EBUSY;
2915	if (newrule->rt && !newrule->direction)
2916	error = EINVAL;
2917	#if PFLOG
2918	if (!newrule->log)
2919	newrule->logif = `0`;
2920	if (newrule->logif >= PFLOGIFS_MAX)
2921	error = EINVAL;
2922	#endif /* PFLOG */
2923	pf_addrwrap_setup(&newrule->src.addr);
2924	pf_addrwrap_setup(&newrule->dst.addr);
2925	if (pf_rtlabel_add(&newrule->src.addr) \|\|
2926	pf_rtlabel_add(&newrule->dst.addr))
2927	error = EBUSY;
2928	if (pfi_dynaddr_setup(&newrule->src.addr, newrule->af))
2929	error = EINVAL;
2930	if (pfi_dynaddr_setup(&newrule->dst.addr, newrule->af))
2931	error = EINVAL;
2932	if (pf_tbladdr_setup(ruleset, &newrule->src.addr))
2933	error = EINVAL;
2934	if (pf_tbladdr_setup(ruleset, &newrule->dst.addr))
2935	error = EINVAL;
2936	if (pf_anchor_setup(newrule, ruleset, pcr->anchor_call))
2937	error = EINVAL;
2938	TAILQ_FOREACH(pa, &pf_pabuf, entries)
2939	if (pf_tbladdr_setup(ruleset, &pa->addr))
2940	error = EINVAL;
2941
2942	if (newrule->overload_tblname[`0`]) {
2943	if ((newrule->overload_tbl = pfr_attach_table(
2944	ruleset, newrule->overload_tblname)) ==
2945	NULL)
2946	error = EINVAL;
2947	else
2948	newrule->overload_tbl->pfrkt_flags \|=
2949	PFR_TFLAG_ACTIVE;
2950	}
2951
2952	pf_mv_pool(&pf_pabuf, &newrule->rpool.list);
2953	if (((((newrule->action == PF_NAT) \|\|
2954	(newrule->action == PF_RDR) \|\|
2955	(newrule->action == PF_BINAT) \|\|
2956	(newrule->rt > PF_FASTROUTE)) &&
2957	!newrule->anchor)) &&
2958	(TAILQ_FIRST(&newrule->rpool.list) == NULL))
2959	error = EINVAL;
2960
2961	if (error) {
2962	pf_rm_rule(NULL, newrule);
2963	break;
2964	}
2965	newrule->rpool.cur = TAILQ_FIRST(&newrule->rpool.list);
2966	newrule->evaluations = `0`;
2967	newrule->packets[`0`] = newrule->packets[`1`] = `0`;
2968	newrule->bytes[`0`] = newrule->bytes[`1`] = `0`;
2969	}
2970	pf_empty_pool(&pf_pabuf);
2971
2972	if (pcr->action == PF_CHANGE_ADD_HEAD)
2973	oldrule = TAILQ_FIRST(
2974	ruleset->rules[rs_num].active.ptr);
2975	else if (pcr->action == PF_CHANGE_ADD_TAIL)
2976	oldrule = TAILQ_LAST(
2977	ruleset->rules[rs_num].active.ptr, pf_rulequeue);
2978	else {
2979	oldrule = TAILQ_FIRST(
2980	ruleset->rules[rs_num].active.ptr);
2981	while ((oldrule != NULL) && (oldrule->nr != pcr->nr))
2982	oldrule = TAILQ_NEXT(oldrule, entries);
2983	if (oldrule == NULL) {
2984	if (newrule != NULL)
2985	pf_rm_rule(NULL, newrule);
2986	error = EINVAL;
2987	break;
2988	}
2989	}
2990
2991	if (pcr->action == PF_CHANGE_REMOVE) {
2992	pf_rm_rule(ruleset->rules[rs_num].active.ptr, oldrule);
2993	ruleset->rules[rs_num].active.rcount--;
2994	} else {
2995	if (oldrule == NULL)
2996	TAILQ_INSERT_TAIL(
2997	ruleset->rules[rs_num].active.ptr,
2998	newrule, entries);
2999	else if (pcr->action == PF_CHANGE_ADD_HEAD \|\|
3000	pcr->action == PF_CHANGE_ADD_BEFORE)
3001	TAILQ_INSERT_BEFORE(oldrule, newrule, entries);
3002	else
3003	TAILQ_INSERT_AFTER(
3004	ruleset->rules[rs_num].active.ptr,
3005	oldrule, newrule, entries);
3006	ruleset->rules[rs_num].active.rcount++;
3007	}
3008
3009	nr = `0`;
3010	TAILQ_FOREACH(oldrule,
3011	ruleset->rules[rs_num].active.ptr, entries)
3012	oldrule->nr = nr++;
3013
3014	ruleset->rules[rs_num].active.ticket++;
3015
3016	pf_calc_skip_steps(ruleset->rules[rs_num].active.ptr);
3017	pf_remove_if_empty_ruleset(ruleset);
3018
3019	break;
3020	}
3021
3022	case DIOCINSERTRULE: {
3023	struct pf_ruleset *ruleset;
3024	struct pf_rule rule, tail, *r;
3025	int rs_num;
3026	int is_anchor;
3027
3028	pr->anchor[sizeof (pr->anchor) - `1`] = `'\0'`;
3029	pr->anchor_call[sizeof (pr->anchor_call) - `1`] = `'\0'`;
3030	is_anchor = (pr->anchor_call[`0`] != `'\0'`);
3031
3032	if ((ruleset = pf_find_ruleset_with_owner(pr->anchor,
3033	pr->rule.owner, is_anchor, &error)) == NULL)
3034	break;
3035
3036	rs_num = pf_get_ruleset_number(pr->rule.action);
3037	if (rs_num >= PF_RULESET_MAX) {
3038	error = EINVAL;
3039	break;
3040	}
3041	if (pr->rule.return_icmp >> `8` > ICMP_MAXTYPE) {
3042	error = EINVAL;
3043	break;
3044	}
3045
3046	/ make sure this anchor rule doesn't exist already /
3047	if (is_anchor) {
3048	r = TAILQ_FIRST(ruleset->rules[rs_num].active.ptr);
3049	while (r) {
3050	if (r->anchor &&
3051	((strcmp(r->anchor->name,
3052	pr->anchor_call)) == `0`)) {
3053	if (((strcmp(pr->rule.owner,
3054	r->owner)) == `0`) \|\|
3055	((strcmp(r->owner, "")) == `0`))
3056	error = EEXIST;
3057	else
3058	error = EPERM;
3059	break;
3060	}
3061	r = TAILQ_NEXT(r, entries);
3062	}
3063	if (error != `0`)
3064	return (error);
3065	}
3066
3067	rule = pool_get(&pf_rule_pl, PR_WAITOK);
3068	if (rule == NULL) {
3069	error = ENOMEM;
3070	break;
3071	}
3072	pf_rule_copyin(&pr->rule, rule, p, minordev);
3073	#if !INET
3074	if (rule->af == AF_INET) {
3075	pool_put(&pf_rule_pl, rule);
3076	error = EAFNOSUPPORT;
3077	break;
3078	}
3079	#endif /* INET */
3080	#if !INET6
3081	if (rule->af == AF_INET6) {
3082	pool_put(&pf_rule_pl, rule);
3083	error = EAFNOSUPPORT;
3084	break;
3085	}
3086
3087	#endif /* INET6 */
3088	r = TAILQ_FIRST(ruleset->rules[rs_num].active.ptr);
3089	while ((r != NULL) && (rule->priority >= (unsigned)r->priority))
3090	r = TAILQ_NEXT(r, entries);
3091	if (r == NULL) {
3092	if ((tail =
3093	TAILQ_LAST(ruleset->rules[rs_num].active.ptr,
3094	pf_rulequeue)) != NULL)
3095	rule->nr = tail->nr + `1`;
3096	else
3097	rule->nr = `0`;
3098	} else {
3099	rule->nr = r->nr;
3100	}
3101
3102	if ((error = pf_rule_setup(pr, rule, ruleset)))
3103	break;
3104
3105	if (rule->anchor != NULL)
3106	strlcpy(rule->anchor->owner, rule->owner,
3107	PF_OWNER_NAME_SIZE);
3108
3109	if (r) {
3110	TAILQ_INSERT_BEFORE(r, rule, entries);
3111	while (r && ++r->nr)
3112	r = TAILQ_NEXT(r, entries);
3113	} else
3114	TAILQ_INSERT_TAIL(ruleset->rules[rs_num].active.ptr,
3115	rule, entries);
3116	ruleset->rules[rs_num].active.rcount++;
3117
3118	/ Calculate checksum for the main ruleset /
3119	if (ruleset == &pf_main_ruleset)
3120	error = pf_setup_pfsync_matching(ruleset);
3121
3122	pf_ruleset_cleanup(ruleset, rs_num);
3123	rule->ticket = VM_KERNEL_ADDRPERM((u_int64_t)(uintptr_t)rule);
3124
3125	pr->rule.ticket = rule->ticket;
3126	pf_rule_copyout(rule, &pr->rule);
3127	if (rule->rule_flag & PFRULE_PFM)
3128	pffwrules++;
3129	if (rule->action == PF_NAT64)
3130	atomic_add_16(&pf_nat64_configured, `1`);
3131
3132	if (pr->anchor_call[`0`] == `'\0'`) {
3133	INC_ATOMIC_INT64_LIM(net_api_stats.nas_pf_addrule_total);
3134	if (rule->rule_flag & PFRULE_PFM) {
3135	INC_ATOMIC_INT64_LIM(net_api_stats.nas_pf_addrule_os);
3136	}
3137	}
3138	break;
3139	}
3140
3141	case DIOCDELETERULE: {
3142	pr->anchor[sizeof (pr->anchor) - `1`] = `'\0'`;
3143	pr->anchor_call[sizeof (pr->anchor_call) - `1`] = `'\0'`;
3144
3145	if (pr->rule.return_icmp >> `8` > ICMP_MAXTYPE) {
3146	error = EINVAL;
3147	break;
3148	}
3149
3150	/ get device through which request is made /
3151	if ((uint8_t)minordev == PFDEV_PFM)
3152	req_dev \|= PFRULE_PFM;
3153
3154	if (pr->rule.ticket) {
3155	if ((error = pf_delete_rule_by_ticket(pr, req_dev)))
3156	break;
3157	} else
3158	pf_delete_rule_by_owner(pr->rule.owner, req_dev);
3159	pr->nr = pffwrules;
3160	if (pr->rule.action == PF_NAT64)
3161	atomic_add_16(&pf_nat64_configured, -`1`);
3162	break;
3163	}
3164
3165	default:
3166	VERIFY(`0`);
3167	/ NOTREACHED /
3168	}
3169
3170	return (error);
3171	}
3172
3173	static int
3174	pfioctl_ioc_state_kill(u_long cmd, struct pfioc_state_kill psk, struct* proc *p)
3175	{
3176	#pragma unused(p)
3177	int error = `0`;
3178
3179	psk->psk_ifname[sizeof (psk->psk_ifname) - `1`] = `'\0'`;
3180	psk->psk_ownername[sizeof(psk->psk_ownername) - `1`] = `'\0'`;
3181
3182	bool ifname_matched = true;
3183	bool owner_matched = true;
3184
3185	switch (cmd) {
3186	case DIOCCLRSTATES: {
3187	struct pf_state s, nexts;
3188	int killed = `0`;
3189
3190	for (s = RB_MIN(pf_state_tree_id, &tree_id); s; s = nexts) {
3191	nexts = RB_NEXT(pf_state_tree_id, &tree_id, s);
3192	/*
3193	* Purge all states only when neither ifname
3194	* or owner is provided. If any of these are provided
3195	* we purge only the states with meta data that match
3196	*/
3197	bool unlink_state = false;
3198	ifname_matched = true;
3199	owner_matched = true;
3200
3201	if (psk->psk_ifname[`0`] &&
3202	strcmp(psk->psk_ifname, s->kif->pfik_name)) {
3203	ifname_matched = false;
3204	}
3205
3206	if (psk->psk_ownername[`0`] &&
3207	((NULL == s->rule.ptr) \|\|
3208	strcmp(psk->psk_ownername, s->rule.ptr->owner))) {
3209	owner_matched = false;
3210	}
3211
3212	unlink_state = ifname_matched && owner_matched;
3213
3214	if (unlink_state) {
3215	#if NPFSYNC
3216	/ don't send out individual delete messages /
3217	s->sync_flags = PFSTATE_NOSYNC;
3218	#endif
3219	pf_unlink_state(s);
3220	killed++;
3221	}
3222	}
3223	psk->psk_af = killed;
3224	#if NPFSYNC
3225	pfsync_clear_states(pf_status.hostid, psk->psk_ifname);
3226	#endif
3227	break;
3228	}
3229
3230	case DIOCKILLSTATES: {
3231	struct pf_state s, nexts;
3232	struct pf_state_key *sk;
3233	struct pf_state_host src, dst;
3234	int killed = `0`;
3235
3236	for (s = RB_MIN(pf_state_tree_id, &tree_id); s;
3237	s = nexts) {
3238	nexts = RB_NEXT(pf_state_tree_id, &tree_id, s);
3239	sk = s->state_key;
3240	ifname_matched = true;
3241	owner_matched = true;
3242
3243	if (psk->psk_ifname[`0`] &&
3244	strcmp(psk->psk_ifname, s->kif->pfik_name)) {
3245	ifname_matched = false;
3246	}
3247
3248	if (psk->psk_ownername[`0`] &&
3249	((NULL == s->rule.ptr) \|\|
3250	strcmp(psk->psk_ownername, s->rule.ptr->owner))) {
3251	owner_matched = false;
3252	}
3253
3254	if (sk->direction == PF_OUT) {
3255	src = &sk->lan;
3256	dst = &sk->ext_lan;
3257	} else {
3258	src = &sk->ext_lan;
3259	dst = &sk->lan;
3260	}
3261	if ((!psk->psk_af \|\| sk->af_lan == psk->psk_af) &&
3262	(!psk->psk_proto \|\| psk->psk_proto == sk->proto) &&
3263	PF_MATCHA(psk->psk_src.neg,
3264	&psk->psk_src.addr.v.a.addr,
3265	&psk->psk_src.addr.v.a.mask,
3266	&src->addr, sk->af_lan) &&
3267	PF_MATCHA(psk->psk_dst.neg,
3268	&psk->psk_dst.addr.v.a.addr,
3269	&psk->psk_dst.addr.v.a.mask,
3270	&dst->addr, sk->af_lan) &&
3271	(pf_match_xport(psk->psk_proto,
3272	psk->psk_proto_variant, &psk->psk_src.xport,
3273	&src->xport)) &&
3274	(pf_match_xport(psk->psk_proto,
3275	psk->psk_proto_variant, &psk->psk_dst.xport,
3276	&dst->xport)) &&
3277	ifname_matched &&
3278	owner_matched) {
3279	#if NPFSYNC
3280	/ send immediate delete of state /
3281	pfsync_delete_state(s);
3282	s->sync_flags \|= PFSTATE_NOSYNC;
3283	#endif
3284	pf_unlink_state(s);
3285	killed++;
3286	}
3287	}
3288	psk->psk_af = killed;
3289	break;
3290	}
3291
3292	default:
3293	VERIFY(`0`);
3294	/ NOTREACHED /
3295	}
3296
3297	return (error);
3298	}
3299
3300	static int
3301	pfioctl_ioc_state(u_long cmd, struct pfioc_state ps, struct* proc *p)
3302	{
3303	#pragma unused(p)
3304	int error = `0`;
3305
3306	switch (cmd) {
3307	case DIOCADDSTATE: {
3308	struct pfsync_state *sp = &ps->state;
3309	struct pf_state *s;
3310	struct pf_state_key *sk;
3311	struct pfi_kif *kif;
3312
3313	if (sp->timeout >= PFTM_MAX) {
3314	error = EINVAL;
3315	break;
3316	}
3317	s = pool_get(&pf_state_pl, PR_WAITOK);
3318	if (s == NULL) {
3319	error = ENOMEM;
3320	break;
3321	}
3322	bzero(s, sizeof (struct pf_state));
3323	if ((sk = pf_alloc_state_key(s, NULL)) == NULL) {
3324	pool_put(&pf_state_pl, s);
3325	error = ENOMEM;
3326	break;
3327	}
3328	pf_state_import(sp, sk, s);
3329	kif = pfi_kif_get(sp->ifname);
3330	if (kif == NULL) {
3331	pool_put(&pf_state_pl, s);
3332	pool_put(&pf_state_key_pl, sk);
3333	error = ENOENT;
3334	break;
3335	}
3336	TAILQ_INIT(&s->unlink_hooks);
3337	s->state_key->app_state = `0`;
3338	if (pf_insert_state(kif, s)) {
3339	pfi_kif_unref(kif, PFI_KIF_REF_NONE);
3340	pool_put(&pf_state_pl, s);
3341	error = EEXIST;
3342	break;
3343	}
3344	pf_default_rule.states++;
3345	VERIFY(pf_default_rule.states != `0`);
3346	break;
3347	}
3348
3349	case DIOCGETSTATE: {
3350	struct pf_state *s;
3351	struct pf_state_cmp id_key;
3352
3353	bcopy(ps->state.id, &id_key.id, sizeof (id_key.id));
3354	id_key.creatorid = ps->state.creatorid;
3355
3356	s = pf_find_state_byid(&id_key);
3357	if (s == NULL) {
3358	error = ENOENT;
3359	break;
3360	}
3361
3362	pf_state_export(&ps->state, s->state_key, s);
3363	break;
3364	}
3365
3366	default:
3367	VERIFY(`0`);
3368	/ NOTREACHED /
3369	}
3370
3371	return (error);
3372	}
3373
3374	static int
3375	pfioctl_ioc_states(u_long cmd, struct pfioc_states_32 *ps32,
3376	struct pfioc_states_64 ps64, struct* proc *p)
3377	{
3378	int p64 = proc_is64bit(p);
3379	int error = `0`;
3380
3381	switch (cmd) {
3382	case DIOCGETSTATES: { / struct pfioc_states /
3383	struct pf_state *state;
3384	struct pfsync_state *pstore;
3385	user_addr_t buf;
3386	u_int32_t nr = `0`;
3387	int len, size;
3388
3389	len = (p64 ? ps64->ps_len : ps32->ps_len);
3390	if (len == `0`) {
3391	size = sizeof (struct pfsync_state) * pf_status.states;
3392	if (p64)
3393	ps64->ps_len = size;
3394	else
3395	ps32->ps_len = size;
3396	break;
3397	}
3398
3399	pstore = _MALLOC(sizeof (*pstore), M_TEMP, M_WAITOK \| M_ZERO);
3400	if (pstore == NULL) {
3401	error = ENOMEM;
3402	break;
3403	}
3404	buf = (p64 ? ps64->ps_buf : ps32->ps_buf);
3405
3406	state = TAILQ_FIRST(&state_list);
3407	while (state) {
3408	if (state->timeout != PFTM_UNLINKED) {
3409	if ((nr + `1`) * sizeof (pstore) > (unsigned*)len)
3410	break;
3411
3412	pf_state_export(pstore,
3413	state->state_key, state);
3414	error = copyout(pstore, buf, sizeof (*pstore));
3415	if (error) {
3416	_FREE(pstore, M_TEMP);
3417	goto fail;
3418	}
3419	buf += sizeof (*pstore);
3420	nr++;
3421	}
3422	state = TAILQ_NEXT(state, entry_list);
3423	}
3424
3425	size = sizeof (struct pfsync_state) * nr;
3426	if (p64)
3427	ps64->ps_len = size;
3428	else
3429	ps32->ps_len = size;
3430
3431	_FREE(pstore, M_TEMP);
3432	break;
3433	}
3434
3435	default:
3436	VERIFY(`0`);
3437	/ NOTREACHED /
3438	}
3439	fail:
3440	return (error);
3441	}
3442
3443	static int
3444	pfioctl_ioc_natlook(u_long cmd, struct pfioc_natlook pnl, struct* proc *p)
3445	{
3446	#pragma unused(p)
3447	int error = `0`;
3448
3449	switch (cmd) {
3450	case DIOCNATLOOK: {
3451	struct pf_state_key *sk;
3452	struct pf_state *state;
3453	struct pf_state_key_cmp key;
3454	int m = `0`, direction = pnl->direction;
3455
3456	key.proto = pnl->proto;
3457	key.proto_variant = pnl->proto_variant;
3458
3459	if (!pnl->proto \|\|
3460	PF_AZERO(&pnl->saddr, pnl->af) \|\|
3461	PF_AZERO(&pnl->daddr, pnl->af) \|\|
3462	((pnl->proto == IPPROTO_TCP \|\|
3463	pnl->proto == IPPROTO_UDP) &&
3464	(!pnl->dxport.port \|\| !pnl->sxport.port)))
3465	error = EINVAL;
3466	else {
3467	/*
3468	* userland gives us source and dest of connection,
3469	* reverse the lookup so we ask for what happens with
3470	* the return traffic, enabling us to find it in the
3471	* state tree.
3472	*/
3473	if (direction == PF_IN) {
3474	key.af_gwy = pnl->af;
3475	PF_ACPY(&key.ext_gwy.addr, &pnl->daddr,
3476	pnl->af);
3477	memcpy(&key.ext_gwy.xport, &pnl->dxport,
3478	sizeof (key.ext_gwy.xport));
3479	PF_ACPY(&key.gwy.addr, &pnl->saddr, pnl->af);
3480	memcpy(&key.gwy.xport, &pnl->sxport,
3481	sizeof (key.gwy.xport));
3482	state = pf_find_state_all(&key, PF_IN, &m);
3483	} else {
3484	key.af_lan = pnl->af;
3485	PF_ACPY(&key.lan.addr, &pnl->daddr, pnl->af);
3486	memcpy(&key.lan.xport, &pnl->dxport,
3487	sizeof (key.lan.xport));
3488	PF_ACPY(&key.ext_lan.addr, &pnl->saddr,
3489	pnl->af);
3490	memcpy(&key.ext_lan.xport, &pnl->sxport,
3491	sizeof (key.ext_lan.xport));
3492	state = pf_find_state_all(&key, PF_OUT, &m);
3493	}
3494	if (m > `1`)
3495	error = E2BIG; / more than one state /
3496	else if (state != NULL) {
3497	sk = state->state_key;
3498	if (direction == PF_IN) {
3499	PF_ACPY(&pnl->rsaddr, &sk->lan.addr,
3500	sk->af_lan);
3501	memcpy(&pnl->rsxport, &sk->lan.xport,
3502	sizeof (pnl->rsxport));
3503	PF_ACPY(&pnl->rdaddr, &pnl->daddr,
3504	pnl->af);
3505	memcpy(&pnl->rdxport, &pnl->dxport,
3506	sizeof (pnl->rdxport));
3507	} else {
3508	PF_ACPY(&pnl->rdaddr, &sk->gwy.addr,
3509	sk->af_gwy);
3510	memcpy(&pnl->rdxport, &sk->gwy.xport,
3511	sizeof (pnl->rdxport));
3512	PF_ACPY(&pnl->rsaddr, &pnl->saddr,
3513	pnl->af);
3514	memcpy(&pnl->rsxport, &pnl->sxport,
3515	sizeof (pnl->rsxport));
3516	}
3517	} else
3518	error = ENOENT;
3519	}
3520	break;
3521	}
3522
3523	default:
3524	VERIFY(`0`);
3525	/ NOTREACHED /
3526	}
3527
3528	return (error);
3529	}
3530
3531	static int
3532	pfioctl_ioc_tm(u_long cmd, struct pfioc_tm pt, struct* proc *p)
3533	{
3534	#pragma unused(p)
3535	int error = `0`;
3536
3537	switch (cmd) {
3538	case DIOCSETTIMEOUT: {
3539	int old;
3540
3541	if (pt->timeout < `0` \|\| pt->timeout >= PFTM_MAX \|\|
3542	pt->seconds < `0`) {
3543	error = EINVAL;
3544	goto fail;
3545	}
3546	old = pf_default_rule.timeout[pt->timeout];
3547	if (pt->timeout == PFTM_INTERVAL && pt->seconds == `0`)
3548	pt->seconds = `1`;
3549	pf_default_rule.timeout[pt->timeout] = pt->seconds;
3550	if (pt->timeout == PFTM_INTERVAL && pt->seconds < old)
3551	wakeup(pf_purge_thread_fn);
3552	pt->seconds = old;
3553	break;
3554	}
3555
3556	case DIOCGETTIMEOUT: {
3557	if (pt->timeout < `0` \|\| pt->timeout >= PFTM_MAX) {
3558	error = EINVAL;
3559	goto fail;
3560	}
3561	pt->seconds = pf_default_rule.timeout[pt->timeout];
3562	break;
3563	}
3564
3565	default:
3566	VERIFY(`0`);
3567	/ NOTREACHED /
3568	}
3569	fail:
3570	return (error);
3571	}
3572
3573	static int
3574	pfioctl_ioc_limit(u_long cmd, struct pfioc_limit pl, struct* proc *p)
3575	{
3576	#pragma unused(p)
3577	int error = `0`;
3578
3579	switch (cmd) {
3580	case DIOCGETLIMIT: {
3581
3582	if (pl->index < `0` \|\| pl->index >= PF_LIMIT_MAX) {
3583	error = EINVAL;
3584	goto fail;
3585	}
3586	pl->limit = pf_pool_limits[pl->index].limit;
3587	break;
3588	}
3589
3590	case DIOCSETLIMIT: {
3591	int old_limit;
3592
3593	if (pl->index < `0` \|\| pl->index >= PF_LIMIT_MAX \|\|
3594	pf_pool_limits[pl->index].pp == NULL) {
3595	error = EINVAL;
3596	goto fail;
3597	}
3598	pool_sethardlimit(pf_pool_limits[pl->index].pp,
3599	pl->limit, NULL, `0`);
3600	old_limit = pf_pool_limits[pl->index].limit;
3601	pf_pool_limits[pl->index].limit = pl->limit;
3602	pl->limit = old_limit;
3603	break;
3604	}
3605
3606	default:
3607	VERIFY(`0`);
3608	/ NOTREACHED /
3609	}
3610	fail:
3611	return (error);
3612	}
3613
3614	static int
3615	pfioctl_ioc_pooladdr(u_long cmd, struct pfioc_pooladdr pp, struct* proc *p)
3616	{
3617	#pragma unused(p)
3618	struct pf_pooladdr *pa = NULL;
3619	struct pf_pool *pool = NULL;
3620	int error = `0`;
3621
3622	switch (cmd) {
3623	case DIOCBEGINADDRS: {
3624	pf_empty_pool(&pf_pabuf);
3625	pp->ticket = ++ticket_pabuf;
3626	break;
3627	}
3628
3629	case DIOCADDADDR: {
3630	pp->anchor[sizeof (pp->anchor) - `1`] = `'\0'`;
3631	if (pp->ticket != ticket_pabuf) {
3632	error = EBUSY;
3633	break;
3634	}
3635	#if !INET
3636	if (pp->af == AF_INET) {
3637	error = EAFNOSUPPORT;
3638	break;
3639	}
3640	#endif /* INET */
3641	#if !INET6
3642	if (pp->af == AF_INET6) {
3643	error = EAFNOSUPPORT;
3644	break;
3645	}
3646	#endif /* INET6 */
3647	if (pp->addr.addr.type != PF_ADDR_ADDRMASK &&
3648	pp->addr.addr.type != PF_ADDR_DYNIFTL &&
3649	pp->addr.addr.type != PF_ADDR_TABLE) {
3650	error = EINVAL;
3651	break;
3652	}
3653	pa = pool_get(&pf_pooladdr_pl, PR_WAITOK);
3654	if (pa == NULL) {
3655	error = ENOMEM;
3656	break;
3657	}
3658	pf_pooladdr_copyin(&pp->addr, pa);
3659	if (pa->ifname[`0`]) {
3660	pa->kif = pfi_kif_get(pa->ifname);
3661	if (pa->kif == NULL) {
3662	pool_put(&pf_pooladdr_pl, pa);
3663	error = EINVAL;
3664	break;
3665	}
3666	pfi_kif_ref(pa->kif, PFI_KIF_REF_RULE);
3667	}
3668	pf_addrwrap_setup(&pa->addr);
3669	if (pfi_dynaddr_setup(&pa->addr, pp->af)) {
3670	pfi_dynaddr_remove(&pa->addr);
3671	pfi_kif_unref(pa->kif, PFI_KIF_REF_RULE);
3672	pool_put(&pf_pooladdr_pl, pa);
3673	error = EINVAL;
3674	break;
3675	}
3676	TAILQ_INSERT_TAIL(&pf_pabuf, pa, entries);
3677	break;
3678	}
3679
3680	case DIOCGETADDRS: {
3681	pp->nr = `0`;
3682	pp->anchor[sizeof (pp->anchor) - `1`] = `'\0'`;
3683	pool = pf_get_pool(pp->anchor, pp->ticket, pp->r_action,
3684	pp->r_num, `0`, `1`, `0`);
3685	if (pool == NULL) {
3686	error = EBUSY;
3687	break;
3688	}
3689	TAILQ_FOREACH(pa, &pool->list, entries)
3690	pp->nr++;
3691	break;
3692	}
3693
3694	case DIOCGETADDR: {
3695	u_int32_t nr = `0`;
3696
3697	pp->anchor[sizeof (pp->anchor) - `1`] = `'\0'`;
3698	pool = pf_get_pool(pp->anchor, pp->ticket, pp->r_action,
3699	pp->r_num, `0`, `1`, `1`);
3700	if (pool == NULL) {
3701	error = EBUSY;
3702	break;
3703	}
3704	pa = TAILQ_FIRST(&pool->list);
3705	while ((pa != NULL) && (nr < pp->nr)) {
3706	pa = TAILQ_NEXT(pa, entries);
3707	nr++;
3708	}
3709	if (pa == NULL) {
3710	error = EBUSY;
3711	break;
3712	}
3713	pf_pooladdr_copyout(pa, &pp->addr);
3714	pfi_dynaddr_copyout(&pp->addr.addr);
3715	pf_tbladdr_copyout(&pp->addr.addr);
3716	pf_rtlabel_copyout(&pp->addr.addr);
3717	break;
3718	}
3719
3720	case DIOCCHANGEADDR: {
3721	struct pfioc_pooladdr *pca = pp;
3722	struct pf_pooladdr oldpa = NULL, newpa = NULL;
3723	struct pf_ruleset *ruleset;
3724
3725	if (pca->action < PF_CHANGE_ADD_HEAD \|\|
3726	pca->action > PF_CHANGE_REMOVE) {
3727	error = EINVAL;
3728	break;
3729	}
3730	if (pca->addr.addr.type != PF_ADDR_ADDRMASK &&
3731	pca->addr.addr.type != PF_ADDR_DYNIFTL &&
3732	pca->addr.addr.type != PF_ADDR_TABLE) {
3733	error = EINVAL;
3734	break;
3735	}
3736
3737	pca->anchor[sizeof (pca->anchor) - `1`] = `'\0'`;
3738	ruleset = pf_find_ruleset(pca->anchor);
3739	if (ruleset == NULL) {
3740	error = EBUSY;
3741	break;
3742	}
3743	pool = pf_get_pool(pca->anchor, pca->ticket, pca->r_action,
3744	pca->r_num, pca->r_last, `1`, `1`);
3745	if (pool == NULL) {
3746	error = EBUSY;
3747	break;
3748	}
3749	if (pca->action != PF_CHANGE_REMOVE) {
3750	newpa = pool_get(&pf_pooladdr_pl, PR_WAITOK);
3751	if (newpa == NULL) {
3752	error = ENOMEM;
3753	break;
3754	}
3755	pf_pooladdr_copyin(&pca->addr, newpa);
3756	#if !INET
3757	if (pca->af == AF_INET) {
3758	pool_put(&pf_pooladdr_pl, newpa);
3759	error = EAFNOSUPPORT;
3760	break;
3761	}
3762	#endif /* INET */
3763	#if !INET6
3764	if (pca->af == AF_INET6) {
3765	pool_put(&pf_pooladdr_pl, newpa);
3766	error = EAFNOSUPPORT;
3767	break;
3768	}
3769	#endif /* INET6 */
3770	if (newpa->ifname[`0`]) {
3771	newpa->kif = pfi_kif_get(newpa->ifname);
3772	if (newpa->kif == NULL) {
3773	pool_put(&pf_pooladdr_pl, newpa);
3774	error = EINVAL;
3775	break;
3776	}
3777	pfi_kif_ref(newpa->kif, PFI_KIF_REF_RULE);
3778	} else
3779	newpa->kif = NULL;
3780	pf_addrwrap_setup(&newpa->addr);
3781	if (pfi_dynaddr_setup(&newpa->addr, pca->af) \|\|
3782	pf_tbladdr_setup(ruleset, &newpa->addr)) {
3783	pfi_dynaddr_remove(&newpa->addr);
3784	pfi_kif_unref(newpa->kif, PFI_KIF_REF_RULE);
3785	pool_put(&pf_pooladdr_pl, newpa);
3786	error = EINVAL;
3787	break;
3788	}
3789	}
3790
3791	if (pca->action == PF_CHANGE_ADD_HEAD)
3792	oldpa = TAILQ_FIRST(&pool->list);
3793	else if (pca->action == PF_CHANGE_ADD_TAIL)
3794	oldpa = TAILQ_LAST(&pool->list, pf_palist);
3795	else {
3796	int i = `0`;
3797
3798	oldpa = TAILQ_FIRST(&pool->list);
3799	while ((oldpa != NULL) && (i < (int)pca->nr)) {
3800	oldpa = TAILQ_NEXT(oldpa, entries);
3801	i++;
3802	}
3803	if (oldpa == NULL) {
3804	error = EINVAL;
3805	break;
3806	}
3807	}
3808
3809	if (pca->action == PF_CHANGE_REMOVE) {
3810	TAILQ_REMOVE(&pool->list, oldpa, entries);
3811	pfi_dynaddr_remove(&oldpa->addr);
3812	pf_tbladdr_remove(&oldpa->addr);
3813	pfi_kif_unref(oldpa->kif, PFI_KIF_REF_RULE);
3814	pool_put(&pf_pooladdr_pl, oldpa);
3815	} else {
3816	if (oldpa == NULL)
3817	TAILQ_INSERT_TAIL(&pool->list, newpa, entries);
3818	else if (pca->action == PF_CHANGE_ADD_HEAD \|\|
3819	pca->action == PF_CHANGE_ADD_BEFORE)
3820	TAILQ_INSERT_BEFORE(oldpa, newpa, entries);
3821	else
3822	TAILQ_INSERT_AFTER(&pool->list, oldpa,
3823	newpa, entries);
3824	}
3825
3826	pool->cur = TAILQ_FIRST(&pool->list);
3827	PF_ACPY(&pool->counter, &pool->cur->addr.v.a.addr,
3828	pca->af);
3829	break;
3830	}
3831
3832	default:
3833	VERIFY(`0`);
3834	/ NOTREACHED /
3835	}
3836
3837	return (error);
3838	}
3839
3840	static int
3841	pfioctl_ioc_ruleset(u_long cmd, struct pfioc_ruleset pr, struct* proc *p)
3842	{
3843	#pragma unused(p)
3844	int error = `0`;
3845
3846	switch (cmd) {
3847	case DIOCGETRULESETS: {
3848	struct pf_ruleset *ruleset;
3849	struct pf_anchor *anchor;
3850
3851	pr->path[sizeof (pr->path) - `1`] = `'\0'`;
3852	pr->name[sizeof (pr->name) - `1`] = `'\0'`;
3853	if ((ruleset = pf_find_ruleset(pr->path)) == NULL) {
3854	error = EINVAL;
3855	break;
3856	}
3857	pr->nr = `0`;
3858	if (ruleset->anchor == NULL) {
3859	/ XXX kludge for pf_main_ruleset /
3860	RB_FOREACH(anchor, pf_anchor_global, &pf_anchors)
3861	if (anchor->parent == NULL)
3862	pr->nr++;
3863	} else {
3864	RB_FOREACH(anchor, pf_anchor_node,
3865	&ruleset->anchor->children)
3866	pr->nr++;
3867	}
3868	break;
3869	}
3870
3871	case DIOCGETRULESET: {
3872	struct pf_ruleset *ruleset;
3873	struct pf_anchor *anchor;
3874	u_int32_t nr = `0`;
3875
3876	pr->path[sizeof (pr->path) - `1`] = `'\0'`;
3877	if ((ruleset = pf_find_ruleset(pr->path)) == NULL) {
3878	error = EINVAL;
3879	break;
3880	}
3881	pr->name[`0`] = `0`;
3882	if (ruleset->anchor == NULL) {
3883	/ XXX kludge for pf_main_ruleset /
3884	RB_FOREACH(anchor, pf_anchor_global, &pf_anchors)
3885	if (anchor->parent == NULL && nr++ == pr->nr) {
3886	strlcpy(pr->name, anchor->name,
3887	sizeof (pr->name));
3888	break;
3889	}
3890	} else {
3891	RB_FOREACH(anchor, pf_anchor_node,
3892	&ruleset->anchor->children)
3893	if (nr++ == pr->nr) {
3894	strlcpy(pr->name, anchor->name,
3895	sizeof (pr->name));
3896	break;
3897	}
3898	}
3899	if (!pr->name[`0`])
3900	error = EBUSY;
3901	break;
3902	}
3903
3904	default:
3905	VERIFY(`0`);
3906	/ NOTREACHED /
3907	}
3908
3909	return (error);
3910	}
3911
3912	static int
3913	pfioctl_ioc_trans(u_long cmd, struct pfioc_trans_32 *io32,
3914	struct pfioc_trans_64 io64, struct* proc *p)
3915	{
3916	int p64 = proc_is64bit(p);
3917	int error = `0`, esize, size;
3918	user_addr_t buf;
3919
3920	esize = (p64 ? io64->esize : io32->esize);
3921	size = (p64 ? io64->size : io32->size);
3922	buf = (p64 ? io64->array : io32->array);
3923
3924	switch (cmd) {
3925	case DIOCXBEGIN: {
3926	struct pfioc_trans_e *ioe;
3927	struct pfr_table *table;
3928	int i;
3929
3930	if (esize != sizeof (*ioe)) {
3931	error = ENODEV;
3932	goto fail;
3933	}
3934	ioe = _MALLOC(sizeof (*ioe), M_TEMP, M_WAITOK);
3935	table = _MALLOC(sizeof (*table), M_TEMP, M_WAITOK);
3936	for (i = `0`; i < size; i++, buf += sizeof (*ioe)) {
3937	if (copyin(buf, ioe, sizeof (*ioe))) {
3938	_FREE(table, M_TEMP);
3939	_FREE(ioe, M_TEMP);
3940	error = EFAULT;
3941	goto fail;
3942	}
3943	ioe->anchor[sizeof (ioe->anchor) - `1`] = `'\0'`;
3944	switch (ioe->rs_num) {
3945	case PF_RULESET_ALTQ:
3946	break;
3947	case PF_RULESET_TABLE:
3948	bzero(table, sizeof (*table));
3949	strlcpy(table->pfrt_anchor, ioe->anchor,
3950	sizeof (table->pfrt_anchor));
3951	if ((error = pfr_ina_begin(table,
3952	&ioe->ticket, NULL, `0`))) {
3953	_FREE(table, M_TEMP);
3954	_FREE(ioe, M_TEMP);
3955	goto fail;
3956	}
3957	break;
3958	default:
3959	if ((error = pf_begin_rules(&ioe->ticket,
3960	ioe->rs_num, ioe->anchor))) {
3961	_FREE(table, M_TEMP);
3962	_FREE(ioe, M_TEMP);
3963	goto fail;
3964	}
3965	break;
3966	}
3967	if (copyout(ioe, buf, sizeof (*ioe))) {
3968	_FREE(table, M_TEMP);
3969	_FREE(ioe, M_TEMP);
3970	error = EFAULT;
3971	goto fail;
3972	}
3973	}
3974	_FREE(table, M_TEMP);
3975	_FREE(ioe, M_TEMP);
3976	break;
3977	}
3978
3979	case DIOCXROLLBACK: {
3980	struct pfioc_trans_e *ioe;
3981	struct pfr_table *table;
3982	int i;
3983
3984	if (esize != sizeof (*ioe)) {
3985	error = ENODEV;
3986	goto fail;
3987	}
3988	ioe = _MALLOC(sizeof (*ioe), M_TEMP, M_WAITOK);
3989	table = _MALLOC(sizeof (*table), M_TEMP, M_WAITOK);
3990	for (i = `0`; i < size; i++, buf += sizeof (*ioe)) {
3991	if (copyin(buf, ioe, sizeof (*ioe))) {
3992	_FREE(table, M_TEMP);
3993	_FREE(ioe, M_TEMP);
3994	error = EFAULT;
3995	goto fail;
3996	}
3997	ioe->anchor[sizeof (ioe->anchor) - `1`] = `'\0'`;
3998	switch (ioe->rs_num) {
3999	case PF_RULESET_ALTQ:
4000	break;
4001	case PF_RULESET_TABLE:
4002	bzero(table, sizeof (*table));
4003	strlcpy(table->pfrt_anchor, ioe->anchor,
4004	sizeof (table->pfrt_anchor));
4005	if ((error = pfr_ina_rollback(table,
4006	ioe->ticket, NULL, `0`))) {
4007	_FREE(table, M_TEMP);
4008	_FREE(ioe, M_TEMP);
4009	goto fail; / really bad /
4010	}
4011	break;
4012	default:
4013	if ((error = pf_rollback_rules(ioe->ticket,
4014	ioe->rs_num, ioe->anchor))) {
4015	_FREE(table, M_TEMP);
4016	_FREE(ioe, M_TEMP);
4017	goto fail; / really bad /
4018	}
4019	break;
4020	}
4021	}
4022	_FREE(table, M_TEMP);
4023	_FREE(ioe, M_TEMP);
4024	break;
4025	}
4026
4027	case DIOCXCOMMIT: {
4028	struct pfioc_trans_e *ioe;
4029	struct pfr_table *table;
4030	struct pf_ruleset *rs;
4031	user_addr_t _buf = buf;
4032	int i;
4033
4034	if (esize != sizeof (*ioe)) {
4035	error = ENODEV;
4036	goto fail;
4037	}
4038	ioe = _MALLOC(sizeof (*ioe), M_TEMP, M_WAITOK);
4039	table = _MALLOC(sizeof (*table), M_TEMP, M_WAITOK);
4040	/ first makes sure everything will succeed /
4041	for (i = `0`; i < size; i++, buf += sizeof (*ioe)) {
4042	if (copyin(buf, ioe, sizeof (*ioe))) {
4043	_FREE(table, M_TEMP);
4044	_FREE(ioe, M_TEMP);
4045	error = EFAULT;
4046	goto fail;
4047	}
4048	ioe->anchor[sizeof (ioe->anchor) - `1`] = `'\0'`;
4049	switch (ioe->rs_num) {
4050	case PF_RULESET_ALTQ:
4051	break;
4052	case PF_RULESET_TABLE:
4053	rs = pf_find_ruleset(ioe->anchor);
4054	if (rs == NULL \|\| !rs->topen \|\| ioe->ticket !=
4055	rs->tticket) {
4056	_FREE(table, M_TEMP);
4057	_FREE(ioe, M_TEMP);
4058	error = EBUSY;
4059	goto fail;
4060	}
4061	break;
4062	default:
4063	if (ioe->rs_num < `0` \|\| ioe->rs_num >=
4064	PF_RULESET_MAX) {
4065	_FREE(table, M_TEMP);
4066	_FREE(ioe, M_TEMP);
4067	error = EINVAL;
4068	goto fail;
4069	}
4070	rs = pf_find_ruleset(ioe->anchor);
4071	if (rs == NULL \|\|
4072	!rs->rules[ioe->rs_num].inactive.open \|\|
4073	rs->rules[ioe->rs_num].inactive.ticket !=
4074	ioe->ticket) {
4075	_FREE(table, M_TEMP);
4076	_FREE(ioe, M_TEMP);
4077	error = EBUSY;
4078	goto fail;
4079	}
4080	break;
4081	}
4082	}
4083	buf = _buf;
4084	/ now do the commit - no errors should happen here /
4085	for (i = `0`; i < size; i++, buf += sizeof (*ioe)) {
4086	if (copyin(buf, ioe, sizeof (*ioe))) {
4087	_FREE(table, M_TEMP);
4088	_FREE(ioe, M_TEMP);
4089	error = EFAULT;
4090	goto fail;
4091	}
4092	ioe->anchor[sizeof (ioe->anchor) - `1`] = `'\0'`;
4093	switch (ioe->rs_num) {
4094	case PF_RULESET_ALTQ:
4095	break;
4096	case PF_RULESET_TABLE:
4097	bzero(table, sizeof (*table));
4098	strlcpy(table->pfrt_anchor, ioe->anchor,
4099	sizeof (table->pfrt_anchor));
4100	if ((error = pfr_ina_commit(table, ioe->ticket,
4101	NULL, NULL, `0`))) {
4102	_FREE(table, M_TEMP);
4103	_FREE(ioe, M_TEMP);
4104	goto fail; / really bad /
4105	}
4106	break;
4107	default:
4108	if ((error = pf_commit_rules(ioe->ticket,
4109	ioe->rs_num, ioe->anchor))) {
4110	_FREE(table, M_TEMP);
4111	_FREE(ioe, M_TEMP);
4112	goto fail; / really bad /
4113	}
4114	break;
4115	}
4116	}
4117	_FREE(table, M_TEMP);
4118	_FREE(ioe, M_TEMP);
4119	break;
4120	}
4121
4122	default:
4123	VERIFY(`0`);
4124	/ NOTREACHED /
4125	}
4126	fail:
4127	return (error);
4128	}
4129
4130	static int
4131	pfioctl_ioc_src_nodes(u_long cmd, struct pfioc_src_nodes_32 *psn32,
4132	struct pfioc_src_nodes_64 psn64, struct* proc *p)
4133	{
4134	int p64 = proc_is64bit(p);
4135	int error = `0`;
4136
4137	switch (cmd) {
4138	case DIOCGETSRCNODES: {
4139	struct pf_src_node n, pstore;
4140	user_addr_t buf;
4141	u_int32_t nr = `0`;
4142	int space, size;
4143
4144	space = (p64 ? psn64->psn_len : psn32->psn_len);
4145	if (space == `0`) {
4146	RB_FOREACH(n, pf_src_tree, &tree_src_tracking)
4147	nr++;
4148
4149	size = sizeof (struct pf_src_node) * nr;
4150	if (p64)
4151	psn64->psn_len = size;
4152	else
4153	psn32->psn_len = size;
4154	break;
4155	}
4156
4157	pstore = _MALLOC(sizeof (*pstore), M_TEMP, M_WAITOK);
4158	if (pstore == NULL) {
4159	error = ENOMEM;
4160	break;
4161	}
4162	buf = (p64 ? psn64->psn_buf : psn32->psn_buf);
4163
4164	RB_FOREACH(n, pf_src_tree, &tree_src_tracking) {
4165	uint64_t secs = pf_time_second(), diff;
4166
4167	if ((nr + `1`) * sizeof (pstore) > (unsigned*)space)
4168	break;
4169
4170	bcopy(n, pstore, sizeof (*pstore));
4171	if (n->rule.ptr != NULL)
4172	pstore->rule.nr = n->rule.ptr->nr;
4173	pstore->creation = secs - pstore->creation;
4174	if (pstore->expire > secs)
4175	pstore->expire -= secs;
4176	else
4177	pstore->expire = `0`;
4178
4179	/ adjust the connection rate estimate /
4180	diff = secs - n->conn_rate.last;
4181	if (diff >= n->conn_rate.seconds)
4182	pstore->conn_rate.count = `0`;
4183	else
4184	pstore->conn_rate.count -=
4185	n->conn_rate.count * diff /
4186	n->conn_rate.seconds;
4187
4188	_RB_PARENT(pstore, entry) = NULL;
4189	RB_LEFT(pstore, entry) = RB_RIGHT(pstore, entry) = NULL;
4190	pstore->kif = NULL;
4191
4192	error = copyout(pstore, buf, sizeof (*pstore));
4193	if (error) {
4194	_FREE(pstore, M_TEMP);
4195	goto fail;
4196	}
4197	buf += sizeof (*pstore);
4198	nr++;
4199	}
4200
4201	size = sizeof (struct pf_src_node) * nr;
4202	if (p64)
4203	psn64->psn_len = size;
4204	else
4205	psn32->psn_len = size;
4206
4207	_FREE(pstore, M_TEMP);
4208	break;
4209	}
4210
4211	default:
4212	VERIFY(`0`);
4213	/ NOTREACHED /
4214	}
4215	fail:
4216	return (error);
4217
4218	}
4219
4220	static int
4221	pfioctl_ioc_src_node_kill(u_long cmd, struct pfioc_src_node_kill *psnk,
4222	struct proc *p)
4223	{
4224	#pragma unused(p)
4225	int error = `0`;
4226
4227	switch (cmd) {
4228	case DIOCKILLSRCNODES: {
4229	struct pf_src_node *sn;
4230	struct pf_state *s;
4231	int killed = `0`;
4232
4233	RB_FOREACH(sn, pf_src_tree, &tree_src_tracking) {
4234	if (PF_MATCHA(psnk->psnk_src.neg,
4235	&psnk->psnk_src.addr.v.a.addr,
4236	&psnk->psnk_src.addr.v.a.mask,
4237	&sn->addr, sn->af) &&
4238	PF_MATCHA(psnk->psnk_dst.neg,
4239	&psnk->psnk_dst.addr.v.a.addr,
4240	&psnk->psnk_dst.addr.v.a.mask,
4241	&sn->raddr, sn->af)) {
4242	/ Handle state to src_node linkage /
4243	if (sn->states != `0`) {
4244	RB_FOREACH(s, pf_state_tree_id,
4245	&tree_id) {
4246	if (s->src_node == sn)
4247	s->src_node = NULL;
4248	if (s->nat_src_node == sn)
4249	s->nat_src_node = NULL;
4250	}
4251	sn->states = `0`;
4252	}
4253	sn->expire = `1`;
4254	killed++;
4255	}
4256	}
4257
4258	if (killed > `0`)
4259	pf_purge_expired_src_nodes();
4260
4261	psnk->psnk_af = killed;
4262	break;
4263	}
4264
4265	default:
4266	VERIFY(`0`);
4267	/ NOTREACHED /
4268	}
4269
4270	return (error);
4271	}
4272
4273	static int
4274	pfioctl_ioc_iface(u_long cmd, struct pfioc_iface_32 *io32,
4275	struct pfioc_iface_64 io64, struct* proc *p)
4276	{
4277	int p64 = proc_is64bit(p);
4278	int error = `0`;
4279
4280	switch (cmd) {
4281	case DIOCIGETIFACES: {
4282	user_addr_t buf;
4283	int esize;
4284
4285	buf = (p64 ? io64->pfiio_buffer : io32->pfiio_buffer);
4286	esize = (p64 ? io64->pfiio_esize : io32->pfiio_esize);
4287
4288	/ esize must be that of the user space version of pfi_kif /
4289	if (esize != sizeof (struct pfi_uif)) {
4290	error = ENODEV;
4291	break;
4292	}
4293	if (p64)
4294	io64->pfiio_name[sizeof (io64->pfiio_name) - `1`] = `'\0'`;
4295	else
4296	io32->pfiio_name[sizeof (io32->pfiio_name) - `1`] = `'\0'`;
4297	error = pfi_get_ifaces(
4298	p64 ? io64->pfiio_name : io32->pfiio_name, buf,
4299	p64 ? &io64->pfiio_size : &io32->pfiio_size);
4300	break;
4301	}
4302
4303	case DIOCSETIFFLAG: {
4304	if (p64)
4305	io64->pfiio_name[sizeof (io64->pfiio_name) - `1`] = `'\0'`;
4306	else
4307	io32->pfiio_name[sizeof (io32->pfiio_name) - `1`] = `'\0'`;
4308
4309	error = pfi_set_flags(
4310	p64 ? io64->pfiio_name : io32->pfiio_name,
4311	p64 ? io64->pfiio_flags : io32->pfiio_flags);
4312	break;
4313	}
4314
4315	case DIOCCLRIFFLAG: {
4316	if (p64)
4317	io64->pfiio_name[sizeof (io64->pfiio_name) - `1`] = `'\0'`;
4318	else
4319	io32->pfiio_name[sizeof (io32->pfiio_name) - `1`] = `'\0'`;
4320
4321	error = pfi_clear_flags(
4322	p64 ? io64->pfiio_name : io32->pfiio_name,
4323	p64 ? io64->pfiio_flags : io32->pfiio_flags);
4324	break;
4325	}
4326
4327	default:
4328	VERIFY(`0`);
4329	/ NOTREACHED /
4330	}
4331
4332	return (error);
4333	}
4334
4335	int
4336	pf_af_hook(struct ifnet ifp, struct* mbuf mppn, struct mbuf mp,
4337	unsigned int af, int input, struct ip_fw_args *fwa)
4338	{
4339	int error = `0`;
4340	struct mbuf *nextpkt;
4341	net_thread_marks_t marks;
4342	struct ifnet * pf_ifp = ifp;
4343
4344	/ Always allow traffic on co-processor interfaces. /
4345	if (!intcoproc_unrestricted && ifp && IFNET_IS_INTCOPROC(ifp))
4346	return (`0`);
4347
4348	marks = net_thread_marks_push(NET_THREAD_HELD_PF);
4349
4350	if (marks != net_thread_marks_none) {
4351	lck_rw_lock_shared(pf_perim_lock);
4352	if (!pf_is_enabled)
4353	goto done;
4354	lck_mtx_lock(pf_lock);
4355	}
4356
4357	if (mppn != NULL && *mppn != NULL)
4358	VERIFY(mppn == mp);
4359	if ((nextpkt = (*mp)->m_nextpkt) != NULL)
4360	(*mp)->m_nextpkt = NULL;
4361
4362	/*
4363	* For packets destined to locally hosted IP address
4364	* ip_output_list sets Mbuf's pkt header's rcvif to
4365	* the interface hosting the IP address.
4366	* While on the output path ifp passed to pf_af_hook
4367	* to such local communication is the loopback interface,
4368	* the input path derives ifp from mbuf packet header's
4369	* rcvif.
4370	* This asymmetry caues issues with PF.
4371	* To handle that case, we have a limited change here to
4372	* pass interface as loopback if packets are looped in.
4373	*/
4374	if (input && ((*mp)->m_pkthdr.pkt_flags & PKTF_LOOP)) {
4375	pf_ifp = lo_ifp;
4376	}
4377
4378	switch (af) {
4379	#if INET
4380	case AF_INET: {
4381	error = pf_inet_hook(pf_ifp, mp, input, fwa);
4382	break;
4383	}
4384	#endif /* INET */
4385	#if INET6
4386	case AF_INET6:
4387	error = pf_inet6_hook(pf_ifp, mp, input, fwa);
4388	break;
4389	#endif /* INET6 */
4390	default:
4391	break;
4392	}
4393
4394	/ When packet valid, link to the next packet /
4395	if (*mp != NULL && nextpkt != NULL) {
4396	struct mbuf m = mp;
4397	while (m->m_nextpkt != NULL)
4398	m = m->m_nextpkt;
4399	m->m_nextpkt = nextpkt;
4400	}
4401	/ Fix up linkage of previous packet in the chain /
4402	if (mppn != NULL) {
4403	if (*mp != NULL)
4404	mppn = mp;
4405	else
4406	*mppn = nextpkt;
4407	}
4408
4409	if (marks != net_thread_marks_none)
4410	lck_mtx_unlock(pf_lock);
4411
4412	done:
4413	if (marks != net_thread_marks_none)
4414	lck_rw_done(pf_perim_lock);
4415
4416	net_thread_marks_pop(marks);
4417	return (error);
4418	}
4419
4420
4421	#if INET
4422	static int
4423	pf_inet_hook(struct ifnet ifp, struct* mbuf *mp, int* input,
4424	struct ip_fw_args *fwa)
4425	{
4426	struct mbuf m = mp;
4427	#if BYTE_ORDER != BIG_ENDIAN
4428	struct ip ip = mtod(m, struct* ip *);
4429	#endif
4430	int error = `0`;
4431
4432	/*
4433	* If the packet is outbound, is originated locally, is flagged for
4434	* delayed UDP/TCP checksum calculation, and is about to be processed
4435	* for an interface that doesn't support the appropriate checksum
4436	* offloading, then calculated the checksum here so that PF can adjust
4437	* it properly.
4438	*/
4439	if (!input && m->m_pkthdr.rcvif == NULL) {
4440	static const int mask = CSUM_DELAY_DATA;
4441	const int flags = m->m_pkthdr.csum_flags &
4442	~IF_HWASSIST_CSUM_FLAGS(ifp->if_hwassist);
4443
4444	if (flags & mask) {
4445	in_delayed_cksum(m);
4446	m->m_pkthdr.csum_flags &= ~mask;
4447	}
4448	}
4449
4450	#if BYTE_ORDER != BIG_ENDIAN
4451	HTONS(ip->ip_len);
4452	HTONS(ip->ip_off);
4453	#endif
4454	if (pf_test_mbuf(input ? PF_IN : PF_OUT, ifp, mp, NULL, fwa) != PF_PASS) {
4455	if (*mp != NULL) {
4456	m_freem(*mp);
4457	*mp = NULL;
4458	error = EHOSTUNREACH;
4459	} else {
4460	error = ENOBUFS;
4461	}
4462	}
4463	#if BYTE_ORDER != BIG_ENDIAN
4464	else {
4465	if (*mp != NULL) {
4466	ip = mtod(mp, struct* ip *);
4467	NTOHS(ip->ip_len);
4468	NTOHS(ip->ip_off);
4469	}
4470	}
4471	#endif
4472	return (error);
4473	}
4474	#endif /* INET */
4475
4476	#if INET6
4477	int
4478	pf_inet6_hook(struct ifnet ifp, struct* mbuf *mp, int* input,
4479	struct ip_fw_args *fwa)
4480	{
4481	int error = `0`;
4482
4483	/*
4484	* If the packet is outbound, is originated locally, is flagged for
4485	* delayed UDP/TCP checksum calculation, and is about to be processed
4486	* for an interface that doesn't support the appropriate checksum
4487	* offloading, then calculated the checksum here so that PF can adjust
4488	* it properly.
4489	*/
4490	if (!input && (*mp)->m_pkthdr.rcvif == NULL) {
4491	static const int mask = CSUM_DELAY_IPV6_DATA;
4492	const int flags = (*mp)->m_pkthdr.csum_flags &
4493	~IF_HWASSIST_CSUM_FLAGS(ifp->if_hwassist);
4494
4495	if (flags & mask) {
4496	/*
4497	* Checksum offload should not have been enabled
4498	* when extension headers exist, thus 0 for optlen.
4499	*/
4500	in6_delayed_cksum(*mp);
4501	(*mp)->m_pkthdr.csum_flags &= ~mask;
4502	}
4503	}
4504
4505	if (pf_test6_mbuf(input ? PF_IN : PF_OUT, ifp, mp, NULL, fwa) != PF_PASS) {
4506	if (*mp != NULL) {
4507	m_freem(*mp);
4508	*mp = NULL;
4509	error = EHOSTUNREACH;
4510	} else {
4511	error = ENOBUFS;
4512	}
4513	}
4514	return (error);
4515	}
4516	#endif /* INET6 */
4517
4518	int
4519	pf_ifaddr_hook(struct ifnet *ifp)
4520	{
4521	struct pfi_kif *kif = ifp->if_pf_kif;
4522
4523	if (kif != NULL) {
4524	lck_rw_lock_shared(pf_perim_lock);
4525	lck_mtx_lock(pf_lock);
4526
4527	pfi_kifaddr_update(kif);
4528
4529	lck_mtx_unlock(pf_lock);
4530	lck_rw_done(pf_perim_lock);
4531	}
4532	return (`0`);
4533	}
4534
4535	/*
4536	* Caller acquires dlil lock as writer (exclusive)
4537	*/
4538	void
4539	pf_ifnet_hook(struct ifnet ifp, int* attach)
4540	{
4541	lck_rw_lock_shared(pf_perim_lock);
4542	lck_mtx_lock(pf_lock);
4543	if (attach)
4544	pfi_attach_ifnet(ifp);
4545	else
4546	pfi_detach_ifnet(ifp);
4547	lck_mtx_unlock(pf_lock);
4548	lck_rw_done(pf_perim_lock);
4549	}
4550
4551	static void
4552	pf_attach_hooks(void)
4553	{
4554	ifnet_head_lock_shared();
4555	/*
4556	* Check against ifnet_addrs[] before proceeding, in case this
4557	* is called very early on, e.g. during dlil_init() before any
4558	* network interface is attached.
4559	*/
4560	if (ifnet_addrs != NULL) {
4561	int i;
4562
4563	for (i = `0`; i <= if_index; i++) {
4564	struct ifnet *ifp = ifindex2ifnet[i];
4565	if (ifp != NULL) {
4566	pfi_attach_ifnet(ifp);
4567	}
4568	}
4569	}
4570	ifnet_head_done();
4571	}
4572
4573	#if 0
4574	/ currently unused along with pfdetach() /
4575	static void
4576	pf_detach_hooks(void)
4577	{
4578	ifnet_head_lock_shared();
4579	if (ifnet_addrs != NULL) {
4580	for (i = `0`; i <= if_index; i++) {
4581	int i;
4582
4583	struct ifnet *ifp = ifindex2ifnet[i];
4584	if (ifp != NULL && ifp->if_pf_kif != NULL) {
4585	pfi_detach_ifnet(ifp);
4586	}
4587	}
4588	}
4589	ifnet_head_done();
4590	}
4591	#endif
4592
4593	/*
4594	* 'D' group ioctls.
4595	*
4596	* The switch statement below does nothing at runtime, as it serves as a
4597	* compile time check to ensure that all of the socket 'D' ioctls (those
4598	* in the 'D' group going thru soo_ioctl) that are made available by the
4599	* networking stack is unique. This works as long as this routine gets
4600	* updated each time a new interface ioctl gets added.
4601	*
4602	* Any failures at compile time indicates duplicated ioctl values.
4603	*/
4604	static __attribute__((unused)) void
4605	pfioctl_cassert(void)
4606	{
4607	/*
4608	* This is equivalent to _CASSERT() and the compiler wouldn't
4609	* generate any instructions, thus for compile time only.
4610	*/
4611	switch ((u_long)`0`) {
4612	case `0`:
4613
4614	/ bsd/net/pfvar.h /
4615	case DIOCSTART:
4616	case DIOCSTOP:
4617	case DIOCADDRULE:
4618	case DIOCGETSTARTERS:
4619	case DIOCGETRULES:
4620	case DIOCGETRULE:
4621	case DIOCSTARTREF:
4622	case DIOCSTOPREF:
4623	case DIOCCLRSTATES:
4624	case DIOCGETSTATE:
4625	case DIOCSETSTATUSIF:
4626	case DIOCGETSTATUS:
4627	case DIOCCLRSTATUS:
4628	case DIOCNATLOOK:
4629	case DIOCSETDEBUG:
4630	case DIOCGETSTATES:
4631	case DIOCCHANGERULE:
4632	case DIOCINSERTRULE:
4633	case DIOCDELETERULE:
4634	case DIOCSETTIMEOUT:
4635	case DIOCGETTIMEOUT:
4636	case DIOCADDSTATE:
4637	case DIOCCLRRULECTRS:
4638	case DIOCGETLIMIT:
4639	case DIOCSETLIMIT:
4640	case DIOCKILLSTATES:
4641	case DIOCSTARTALTQ:
4642	case DIOCSTOPALTQ:
4643	case DIOCADDALTQ:
4644	case DIOCGETALTQS:
4645	case DIOCGETALTQ:
4646	case DIOCCHANGEALTQ:
4647	case DIOCGETQSTATS:
4648	case DIOCBEGINADDRS:
4649	case DIOCADDADDR:
4650	case DIOCGETADDRS:
4651	case DIOCGETADDR:
4652	case DIOCCHANGEADDR:
4653	case DIOCGETRULESETS:
4654	case DIOCGETRULESET:
4655	case DIOCRCLRTABLES:
4656	case DIOCRADDTABLES:
4657	case DIOCRDELTABLES:
4658	case DIOCRGETTABLES:
4659	case DIOCRGETTSTATS:
4660	case DIOCRCLRTSTATS:
4661	case DIOCRCLRADDRS:
4662	case DIOCRADDADDRS:
4663	case DIOCRDELADDRS:
4664	case DIOCRSETADDRS:
4665	case DIOCRGETADDRS:
4666	case DIOCRGETASTATS:
4667	case DIOCRCLRASTATS:
4668	case DIOCRTSTADDRS:
4669	case DIOCRSETTFLAGS:
4670	case DIOCRINADEFINE:
4671	case DIOCOSFPFLUSH:
4672	case DIOCOSFPADD:
4673	case DIOCOSFPGET:
4674	case DIOCXBEGIN:
4675	case DIOCXCOMMIT:
4676	case DIOCXROLLBACK:
4677	case DIOCGETSRCNODES:
4678	case DIOCCLRSRCNODES:
4679	case DIOCSETHOSTID:
4680	case DIOCIGETIFACES:
4681	case DIOCSETIFFLAG:
4682	case DIOCCLRIFFLAG:
4683	case DIOCKILLSRCNODES:
4684	case DIOCGIFSPEED:
4685	;
4686	}
4687	}
4688

Browse the source code of xnu/bsd/net/pf_ioctl.c