mirror of
https://github.com/freebsd/freebsd-src
synced 2024-09-06 17:18:32 +00:00
pf: use time_to for timestamps
Use time_t rather than uint32_t to represent the timestamps. That means
we have 64 bits rather than 32 on all platforms except i386, avoiding
the Y2K38 issues on most platforms.
Reviewed by: Zhenlei Huang
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D36837
This commit is contained in:
Kristof Provost
parent
1fc839f489
commit
1d090028d3
|
|
@ -102,7 +102,7 @@ struct pfctl_eth_rule {
|
||||||
uint64_t evaluations;
|
uint64_t evaluations;
|
||||||
uint64_t packets[2];
|
uint64_t packets[2];
|
||||||
uint64_t bytes[2];
|
uint64_t bytes[2];
|
||||||
uint32_t last_active_timestamp;
|
time_t last_active_timestamp;
|
||||||
|
|
||||||
/* Action */
|
/* Action */
|
||||||
char qname[PF_QNAME_SIZE];
|
char qname[PF_QNAME_SIZE];
|
||||||
|
|
@ -175,7 +175,7 @@ struct pfctl_rule {
|
||||||
uint64_t evaluations;
|
uint64_t evaluations;
|
||||||
uint64_t packets[2];
|
uint64_t packets[2];
|
||||||
uint64_t bytes[2];
|
uint64_t bytes[2];
|
||||||
uint32_t last_active_timestamp;
|
time_t last_active_timestamp;
|
||||||
|
|
||||||
struct pfi_kif *kif;
|
struct pfi_kif *kif;
|
||||||
struct pfctl_anchor *anchor;
|
struct pfctl_anchor *anchor;
|
||||||
|
|
|
||||||
|
|
@ -1020,8 +1020,8 @@ pfctl_print_eth_rule_counters(struct pfctl_eth_rule *rule, int opts)
|
||||||
char timestr[30];
|
char timestr[30];
|
||||||
|
|
||||||
if (rule->last_active_timestamp != 0) {
|
if (rule->last_active_timestamp != 0) {
|
||||||
time_t last_active = rule->last_active_timestamp;
|
bcopy(ctime(&rule->last_active_timestamp), timestr,
|
||||||
bcopy(ctime(&last_active), timestr, sizeof(timestr));
|
sizeof(timestr));
|
||||||
*strchr(timestr, '\n') = '\0';
|
*strchr(timestr, '\n') = '\0';
|
||||||
} else {
|
} else {
|
||||||
snprintf(timestr, sizeof(timestr), "N/A");
|
snprintf(timestr, sizeof(timestr), "N/A");
|
||||||
|
|
@ -1070,8 +1070,8 @@ pfctl_print_rule_counters(struct pfctl_rule *rule, int opts)
|
||||||
if (opts & PF_OPT_VERBOSE2) {
|
if (opts & PF_OPT_VERBOSE2) {
|
||||||
char timestr[30];
|
char timestr[30];
|
||||||
if (rule->last_active_timestamp != 0) {
|
if (rule->last_active_timestamp != 0) {
|
||||||
time_t last_active = rule->last_active_timestamp;
|
bcopy(ctime(&rule->last_active_timestamp), timestr,
|
||||||
bcopy(ctime(&last_active), timestr, sizeof(timestr));
|
sizeof(timestr));
|
||||||
*strchr(timestr, '\n') = '\0';
|
*strchr(timestr, '\n') = '\0';
|
||||||
} else {
|
} else {
|
||||||
snprintf(timestr, sizeof(timestr), "N/A");
|
snprintf(timestr, sizeof(timestr), "N/A");
|
||||||
|
|
|
||||||
|
|
@ -305,6 +305,8 @@ pf_counter_u64_zero(struct pf_counter_u64 *pfcu64)
|
||||||
critical_exit(); \
|
critical_exit(); \
|
||||||
} while (0)
|
} while (0)
|
||||||
|
|
||||||
|
#define pf_timestamp_pcpu_zone (sizeof(time_t) == 4 ? pcpu_zone_4 : pcpu_zone_8)
|
||||||
|
_Static_assert(sizeof(time_t) == 4 || sizeof(time_t) == 8, "unexpected time_t size");
|
||||||
|
|
||||||
SYSCTL_DECL(_net_pf);
|
SYSCTL_DECL(_net_pf);
|
||||||
MALLOC_DECLARE(M_PFHASH);
|
MALLOC_DECLARE(M_PFHASH);
|
||||||
|
|
@ -681,7 +683,7 @@ struct pf_keth_rule {
|
||||||
counter_u64_t evaluations;
|
counter_u64_t evaluations;
|
||||||
counter_u64_t packets[2];
|
counter_u64_t packets[2];
|
||||||
counter_u64_t bytes[2];
|
counter_u64_t bytes[2];
|
||||||
uint32_t *timestamp;
|
time_t *timestamp;
|
||||||
|
|
||||||
/* Action */
|
/* Action */
|
||||||
char qname[PF_QNAME_SIZE];
|
char qname[PF_QNAME_SIZE];
|
||||||
|
|
@ -721,7 +723,7 @@ struct pf_krule {
|
||||||
struct pf_counter_u64 evaluations;
|
struct pf_counter_u64 evaluations;
|
||||||
struct pf_counter_u64 packets[2];
|
struct pf_counter_u64 packets[2];
|
||||||
struct pf_counter_u64 bytes[2];
|
struct pf_counter_u64 bytes[2];
|
||||||
uint32_t *timestamp;
|
time_t *timestamp;
|
||||||
|
|
||||||
struct pfi_kkif *kif;
|
struct pfi_kkif *kif;
|
||||||
struct pf_kanchor *anchor;
|
struct pf_kanchor *anchor;
|
||||||
|
|
|
||||||
|
|
@ -344,7 +344,8 @@ pfattach_vnet(void)
|
||||||
V_pf_default_rule.states_tot = counter_u64_alloc(M_WAITOK);
|
V_pf_default_rule.states_tot = counter_u64_alloc(M_WAITOK);
|
||||||
V_pf_default_rule.src_nodes = counter_u64_alloc(M_WAITOK);
|
V_pf_default_rule.src_nodes = counter_u64_alloc(M_WAITOK);
|
||||||
|
|
||||||
V_pf_default_rule.timestamp = uma_zalloc_pcpu(pcpu_zone_4, M_WAITOK | M_ZERO);
|
V_pf_default_rule.timestamp = uma_zalloc_pcpu(pf_timestamp_pcpu_zone,
|
||||||
|
M_WAITOK | M_ZERO);
|
||||||
|
|
||||||
#ifdef PF_WANT_32_TO_64_COUNTER
|
#ifdef PF_WANT_32_TO_64_COUNTER
|
||||||
V_pf_kifmarker = malloc(sizeof(*V_pf_kifmarker), PFI_MTYPE, M_WAITOK | M_ZERO);
|
V_pf_kifmarker = malloc(sizeof(*V_pf_kifmarker), PFI_MTYPE, M_WAITOK | M_ZERO);
|
||||||
|
|
@ -534,7 +535,7 @@ pf_free_eth_rule(struct pf_keth_rule *rule)
|
||||||
counter_u64_free(rule->packets[i]);
|
counter_u64_free(rule->packets[i]);
|
||||||
counter_u64_free(rule->bytes[i]);
|
counter_u64_free(rule->bytes[i]);
|
||||||
}
|
}
|
||||||
uma_zfree_pcpu(pcpu_zone_4, rule->timestamp);
|
uma_zfree_pcpu(pf_timestamp_pcpu_zone, rule->timestamp);
|
||||||
pf_keth_anchor_remove(rule);
|
pf_keth_anchor_remove(rule);
|
||||||
|
|
||||||
free(rule, M_PFRULE);
|
free(rule, M_PFRULE);
|
||||||
|
|
@ -1786,7 +1787,8 @@ pf_krule_alloc(void)
|
||||||
|
|
||||||
rule = malloc(sizeof(struct pf_krule), M_PFRULE, M_WAITOK | M_ZERO);
|
rule = malloc(sizeof(struct pf_krule), M_PFRULE, M_WAITOK | M_ZERO);
|
||||||
mtx_init(&rule->rpool.mtx, "pf_krule_pool", NULL, MTX_DEF);
|
mtx_init(&rule->rpool.mtx, "pf_krule_pool", NULL, MTX_DEF);
|
||||||
rule->timestamp = uma_zalloc_pcpu(pcpu_zone_4, M_WAITOK | M_ZERO);
|
rule->timestamp = uma_zalloc_pcpu(pf_timestamp_pcpu_zone,
|
||||||
|
M_WAITOK | M_ZERO);
|
||||||
return (rule);
|
return (rule);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1820,7 +1822,7 @@ pf_krule_free(struct pf_krule *rule)
|
||||||
counter_u64_free(rule->states_cur);
|
counter_u64_free(rule->states_cur);
|
||||||
counter_u64_free(rule->states_tot);
|
counter_u64_free(rule->states_tot);
|
||||||
counter_u64_free(rule->src_nodes);
|
counter_u64_free(rule->src_nodes);
|
||||||
uma_zfree_pcpu(pcpu_zone_4, rule->timestamp);
|
uma_zfree_pcpu(pf_timestamp_pcpu_zone, rule->timestamp);
|
||||||
|
|
||||||
mtx_destroy(&rule->rpool.mtx);
|
mtx_destroy(&rule->rpool.mtx);
|
||||||
free(rule, M_PFRULE);
|
free(rule, M_PFRULE);
|
||||||
|
|
@ -2868,7 +2870,7 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
|
||||||
rule->packets[i] = counter_u64_alloc(M_WAITOK);
|
rule->packets[i] = counter_u64_alloc(M_WAITOK);
|
||||||
rule->bytes[i] = counter_u64_alloc(M_WAITOK);
|
rule->bytes[i] = counter_u64_alloc(M_WAITOK);
|
||||||
}
|
}
|
||||||
rule->timestamp = uma_zalloc_pcpu(pcpu_zone_4,
|
rule->timestamp = uma_zalloc_pcpu(pf_timestamp_pcpu_zone,
|
||||||
M_WAITOK | M_ZERO);
|
M_WAITOK | M_ZERO);
|
||||||
|
|
||||||
PF_RULES_WLOCK();
|
PF_RULES_WLOCK();
|
||||||
|
|
@ -6769,7 +6771,7 @@ pf_unload_vnet(void)
|
||||||
counter_u64_free(V_pf_default_rule.states_cur);
|
counter_u64_free(V_pf_default_rule.states_cur);
|
||||||
counter_u64_free(V_pf_default_rule.states_tot);
|
counter_u64_free(V_pf_default_rule.states_tot);
|
||||||
counter_u64_free(V_pf_default_rule.src_nodes);
|
counter_u64_free(V_pf_default_rule.src_nodes);
|
||||||
uma_zfree_pcpu(pcpu_zone_4, V_pf_default_rule.timestamp);
|
uma_zfree_pcpu(pf_timestamp_pcpu_zone, V_pf_default_rule.timestamp);
|
||||||
|
|
||||||
for (int i = 0; i < PFRES_MAX; i++)
|
for (int i = 0; i < PFRES_MAX; i++)
|
||||||
counter_u64_free(V_pf_status.counters[i]);
|
counter_u64_free(V_pf_status.counters[i]);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue