From 1d090028d3037adffac6fde004b2ad035921bb49 Mon Sep 17 00:00:00 2001 From: Kristof Provost Date: Thu, 29 Sep 2022 14:45:03 +0200 Subject: [PATCH] pf: use time_to for timestamps Use time_t rather than uint32_t to represent the timestamps. That means we have 64 bits rather than 32 on all platforms except i386, avoiding the Y2K38 issues on most platforms. Reviewed by: Zhenlei Huang Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D36837 --- lib/libpfctl/libpfctl.h | 4 ++-- sbin/pfctl/pfctl.c | 8 ++++---- sys/net/pfvar.h | 6 ++++-- sys/netpfil/pf/pf_ioctl.c | 14 ++++++++------ 4 files changed, 18 insertions(+), 14 deletions(-) diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h index 261913e1873d..faccabd227a3 100644 --- a/lib/libpfctl/libpfctl.h +++ b/lib/libpfctl/libpfctl.h @@ -102,7 +102,7 @@ struct pfctl_eth_rule { uint64_t evaluations; uint64_t packets[2]; uint64_t bytes[2]; - uint32_t last_active_timestamp; + time_t last_active_timestamp; /* Action */ char qname[PF_QNAME_SIZE]; @@ -175,7 +175,7 @@ struct pfctl_rule { uint64_t evaluations; uint64_t packets[2]; uint64_t bytes[2]; - uint32_t last_active_timestamp; + time_t last_active_timestamp; struct pfi_kif *kif; struct pfctl_anchor *anchor; diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index bc6f14e1c197..37c9625492b1 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -1020,8 +1020,8 @@ pfctl_print_eth_rule_counters(struct pfctl_eth_rule *rule, int opts) char timestr[30]; if (rule->last_active_timestamp != 0) { - time_t last_active = rule->last_active_timestamp; - bcopy(ctime(&last_active), timestr, sizeof(timestr)); + bcopy(ctime(&rule->last_active_timestamp), timestr, + sizeof(timestr)); *strchr(timestr, '\n') = '\0'; } else { snprintf(timestr, sizeof(timestr), "N/A"); @@ -1070,8 +1070,8 @@ pfctl_print_rule_counters(struct pfctl_rule *rule, int opts) if (opts & PF_OPT_VERBOSE2) { char timestr[30]; if (rule->last_active_timestamp != 0) { - time_t last_active = rule->last_active_timestamp; - bcopy(ctime(&last_active), timestr, sizeof(timestr)); + bcopy(ctime(&rule->last_active_timestamp), timestr, + sizeof(timestr)); *strchr(timestr, '\n') = '\0'; } else { snprintf(timestr, sizeof(timestr), "N/A"); diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index ffec6764f6f8..16ee0b55e2e8 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -305,6 +305,8 @@ pf_counter_u64_zero(struct pf_counter_u64 *pfcu64) critical_exit(); \ } while (0) +#define pf_timestamp_pcpu_zone (sizeof(time_t) == 4 ? pcpu_zone_4 : pcpu_zone_8) +_Static_assert(sizeof(time_t) == 4 || sizeof(time_t) == 8, "unexpected time_t size"); SYSCTL_DECL(_net_pf); MALLOC_DECLARE(M_PFHASH); @@ -681,7 +683,7 @@ struct pf_keth_rule { counter_u64_t evaluations; counter_u64_t packets[2]; counter_u64_t bytes[2]; - uint32_t *timestamp; + time_t *timestamp; /* Action */ char qname[PF_QNAME_SIZE]; @@ -721,7 +723,7 @@ struct pf_krule { struct pf_counter_u64 evaluations; struct pf_counter_u64 packets[2]; struct pf_counter_u64 bytes[2]; - uint32_t *timestamp; + time_t *timestamp; struct pfi_kkif *kif; struct pf_kanchor *anchor; diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 13726880a894..67422cc43997 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -344,7 +344,8 @@ pfattach_vnet(void) V_pf_default_rule.states_tot = counter_u64_alloc(M_WAITOK); V_pf_default_rule.src_nodes = counter_u64_alloc(M_WAITOK); - V_pf_default_rule.timestamp = uma_zalloc_pcpu(pcpu_zone_4, M_WAITOK | M_ZERO); + V_pf_default_rule.timestamp = uma_zalloc_pcpu(pf_timestamp_pcpu_zone, + M_WAITOK | M_ZERO); #ifdef PF_WANT_32_TO_64_COUNTER V_pf_kifmarker = malloc(sizeof(*V_pf_kifmarker), PFI_MTYPE, M_WAITOK | M_ZERO); @@ -534,7 +535,7 @@ pf_free_eth_rule(struct pf_keth_rule *rule) counter_u64_free(rule->packets[i]); counter_u64_free(rule->bytes[i]); } - uma_zfree_pcpu(pcpu_zone_4, rule->timestamp); + uma_zfree_pcpu(pf_timestamp_pcpu_zone, rule->timestamp); pf_keth_anchor_remove(rule); free(rule, M_PFRULE); @@ -1786,7 +1787,8 @@ pf_krule_alloc(void) rule = malloc(sizeof(struct pf_krule), M_PFRULE, M_WAITOK | M_ZERO); mtx_init(&rule->rpool.mtx, "pf_krule_pool", NULL, MTX_DEF); - rule->timestamp = uma_zalloc_pcpu(pcpu_zone_4, M_WAITOK | M_ZERO); + rule->timestamp = uma_zalloc_pcpu(pf_timestamp_pcpu_zone, + M_WAITOK | M_ZERO); return (rule); } @@ -1820,7 +1822,7 @@ pf_krule_free(struct pf_krule *rule) counter_u64_free(rule->states_cur); counter_u64_free(rule->states_tot); counter_u64_free(rule->src_nodes); - uma_zfree_pcpu(pcpu_zone_4, rule->timestamp); + uma_zfree_pcpu(pf_timestamp_pcpu_zone, rule->timestamp); mtx_destroy(&rule->rpool.mtx); free(rule, M_PFRULE); @@ -2868,7 +2870,7 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td rule->packets[i] = counter_u64_alloc(M_WAITOK); rule->bytes[i] = counter_u64_alloc(M_WAITOK); } - rule->timestamp = uma_zalloc_pcpu(pcpu_zone_4, + rule->timestamp = uma_zalloc_pcpu(pf_timestamp_pcpu_zone, M_WAITOK | M_ZERO); PF_RULES_WLOCK(); @@ -6769,7 +6771,7 @@ pf_unload_vnet(void) counter_u64_free(V_pf_default_rule.states_cur); counter_u64_free(V_pf_default_rule.states_tot); counter_u64_free(V_pf_default_rule.src_nodes); - uma_zfree_pcpu(pcpu_zone_4, V_pf_default_rule.timestamp); + uma_zfree_pcpu(pf_timestamp_pcpu_zone, V_pf_default_rule.timestamp); for (int i = 0; i < PFRES_MAX; i++) counter_u64_free(V_pf_status.counters[i]);