pf: Introduce unhandled_af()

For cases where code conditionally does something based on an address family
and later assumes one of the paths was taken. This was initially just calls
to panic until

pf: Introduce unhandled_af()

For cases where code conditionally does something based on an address family
and later assumes one of the paths was taken. This was initially just calls
to panic until guenther suggested a function to reduce the amount of strings
needed.

This reduces the amount of noise with static analysers and acts as a sanity
check.

ok guenther@ bluhm@

Obtained from: OpenBSD, jsg <jsg@openbsd.org>, ba4138390b
Sponsored by: Rubicon Communications, LLC ("Netgate")

show more ...

pf: use time_t for storing time_t values

No change to the underlying type, so no ABI change.

We define __time_t as uint64_t if __LP64__, otherwise uint32_t,
and only define __LP64__ if long is 64 b

pf: use time_t for storing time_t values

No change to the underlying type, so no ABI change.

We define __time_t as uint64_t if __LP64__, otherwise uint32_t,
and only define __LP64__ if long is 64 bits.
In other words: __time_t == long.

ok henning@ deraadt@

Obtained from: OpenBSD, guenther <guenther@openbsd.org>, 6c1b69a0ff
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D48963

show more ...

pf: reset index if it's outside the table

when table content changes we need to reset index
to the initial value and do not use the counter;
reported by Sebastian Benoit and Daniel Krambrock,
tested

pf: reset index if it's outside the table

when table content changes we need to reset index
to the initial value and do not use the counter;
reported by Sebastian Benoit and Daniel Krambrock,
tested by Sebastian Benoit, ok henning zinke

Obtained from: OpenBSD, mikeb <mikeb@openbsd.org>, dba347c9d1
Sponsored by: Rubicon Communications, LLC ("Netgate")

show more ...

pf: fix address range handling in pfr_pool_get()

We did not fill out the address in uaddr before running the rn_match() lookup.
Change addr to a pointer into uaddr so that we do.

Sponsored by: Rubi

pf: fix address range handling in pfr_pool_get()

We did not fill out the address in uaddr before running the rn_match() lookup.
Change addr to a pointer into uaddr so that we do.

Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D48083

show more ...

pf: Set cleared time when zeroing stats for table addresses

Reviewed by: kp
Approved by: kp (mentor)
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D47697

pf: ensure that we won't enter an endless loop

ensure that we won't enter an endless loop while iterating over
an address pool. problem found and solution tested by claudio.
ok claudio, henning, "r

pf: ensure that we won't enter an endless loop

ensure that we won't enter an endless loop while iterating over
an address pool. problem found and solution tested by claudio.
ok claudio, henning, "reads fine" to zinke

Obtained from: OpenBSD, mikeb <mikeb@openbsd.org>, e4fc4bddb9
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46927

show more ...

pf: exclude link local address from the dynamic interface address pool

so that rules like "pass out on vr1 inet6 nat-to (vr1)" won't map
to the non routable ipv6 link local address; with suggestions

pf: exclude link local address from the dynamic interface address pool

so that rules like "pass out on vr1 inet6 nat-to (vr1)" won't map
to the non routable ipv6 link local address; with suggestions and
ok claudio, henning

Reviewed by: zlei
Obtained from: OpenBSD, mikeb <mikeb@openbsd.org>, e41548933f
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46594

show more ...

pf: remove incorrect SUNION2PF() macro

It casts in_addr to pf_addr, which is smaller, so this isn't quite right.
Replace it with a function that will only read the actual address.

Reported by: Cher

pf: remove incorrect SUNION2PF() macro

It casts in_addr to pf_addr, which is smaller, so this isn't quite right.
Replace it with a function that will only read the actual address.

Reported by: CheriBSD
Event: Kitchener-Waterloo Hackathon 202406

show more ...

sys: Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix

show more ...

pf: simplify structs with anonymous unions

Rather than playing preprocessor hacks use actual anonymous unions.
No functional change.

Sponsored by: Rubicon Communications, LLC ("Netgate")

pf: counter argument to pfr_pool_get() may never be NULL

Coverity points out that if counter was NULL when passed to
pfr_pool_get() we could potentially end up dereferencing it.
Happily all users of

pf: counter argument to pfr_pool_get() may never be NULL

Coverity points out that if counter was NULL when passed to
pfr_pool_get() we could potentially end up dereferencing it.
Happily all users of the function pass a non-NULL pointer. Enforce this
by assertion and remove the pointless NULL check.

Reported by: Coverity (CID 273309)
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")

show more ...

pf: allow the use of tables in ethernet rules

Allow tables to be used for the l3 source/destination matching.
This requires taking the PF_RULES read lock.

Sponsored by: Rubicon Communications, LLC

pf: allow the use of tables in ethernet rules

Allow tables to be used for the l3 source/destination matching.
This requires taking the PF_RULES read lock.

Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D34917

show more ...

pf: Initialize the table entry zone limit at initialization time

The limit may later be updated by the "set limit" directive in pf.conf.
UMA does not permit a limit to be set on a zone after any ite

pf: Initialize the table entry zone limit at initialization time

The limit may later be updated by the "set limit" directive in pf.conf.
UMA does not permit a limit to be set on a zone after any items have
been allocated from a zone.

Other UMA zones used by pf do not appear to be susceptible to this
problem: they either set a limit at zone creation time or never set one
at all.

PR: 260406
Reviewed by: kp
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34713

show more ...

pf: deal with tables gaining or losing counters

When we create a table without counters, add an entry and later
re-define the table to have counters we wound up trying to read
non-existent counters

pf: deal with tables gaining or losing counters

When we create a table without counters, add an entry and later
re-define the table to have counters we wound up trying to read
non-existent counters.

We now cope with this by attempting to add them if needed, removing them
when they're no longer needed and not trying to read from counters that
are not present.

MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D34131

show more ...

pf: Remove unneeded NULL check

pidx is never NULL, and is used unconditionally later on in the
function.
Add an assertion, as documentation for the requirement to provide an idx
pointer.

Reported b

pf: Remove unneeded NULL check

pidx is never NULL, and is used unconditionally later on in the
function.
Add an assertion, as documentation for the requirement to provide an idx
pointer.

Reported by: clang --analyze
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")

show more ...

pf: allow table stats clearing and reading with ruleset rlock

Instead serialize against these operations with a dedicated lock.

Prior to the change, When pushing 17 mln pps of traffic, calling
DIOC

pf: allow table stats clearing and reading with ruleset rlock

Instead serialize against these operations with a dedicated lock.

Prior to the change, When pushing 17 mln pps of traffic, calling
DIOCRGETTSTATS in a loop would restrict throughput to about 7 mln. With
the change there is no slowdown.

Reviewed by: kp (previous version)
Sponsored by: Rubicon Communications, LLC ("Netgate")

show more ...

pf: depessimize table handling

Creating tables and zeroing their counters induces excessive IPIs (14
per table), which in turns kills single- and multi-threaded performance.

Work around the problem

pf: depessimize table handling

Creating tables and zeroing their counters induces excessive IPIs (14
per table), which in turns kills single- and multi-threaded performance.

Work around the problem by extending per-CPU counters with a general
counter populated on "zeroing" requests -- it stores the currently found
sum. Then requests to report the current value are the sum of per-CPU
counters subtracted by the saved value.

Sample timings when loading a config with 100k tables on a 104-way box:

stock:

pfctl -f tables100000.conf 0.39s user 69.37s system 99% cpu 1:09.76 total
pfctl -f tables100000.conf 0.40s user 68.14s system 99% cpu 1:08.54 total

patched:

pfctl -f tables100000.conf 0.35s user 6.41s system 99% cpu 6.771 total
pfctl -f tables100000.conf 0.48s user 6.47s system 99% cpu 6.949 total

Reviewed by: kp (previous version)
Sponsored by: Rubicon Communications, LLC ("Netgate")

show more ...

pf: Avoid leaking pad bytes in struct pfr_astats when copying out

There is padding between pfr_astats.pfras_a and pfras_packets that was
not getting initialized.

Reported by: KMSAN
Reviewed by: kp,

pf: Avoid leaking pad bytes in struct pfr_astats when copying out

There is padding between pfr_astats.pfras_a and pfras_packets that was
not getting initialized.

Reported by: KMSAN
Reviewed by: kp, imp
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D30585

show more ...

pf: Split pf_rule into kernel and user space versions

No functional change intended.

MFC after: 2 weeks
Sponsored by: Orange Business Services
Differential Revision: https://reviews.freebsd.org/D27

pf: Split pf_rule into kernel and user space versions

No functional change intended.

MFC after: 2 weeks
Sponsored by: Orange Business Services
Differential Revision: https://reviews.freebsd.org/D27758

show more ...

pf: Fix table entry counter toggling

When updating a table, pf will keep existing table entry structures
corresponding to addresses that are in both of the old and new tables.
However, the update ma

pf: Fix table entry counter toggling

When updating a table, pf will keep existing table entry structures
corresponding to addresses that are in both of the old and new tables.
However, the update may also enable or disable per-entry counters which
are allocated separately. Thus when toggling PFR_TFLAG_COUNTERS, the
entries may be missing counters or may have unused counters allocated.

Fix the problem by modifying pfr_ina_commit() to transfer counters
from or to entries in the shadow table.

PR: 251414
Reported by: sigsys@gmail.com
Reviewed by: kp
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D27440

show more ...

net: clean up empty lines in .c and .h files

pf: Add a new zone for per-table entry counters.

Right now we optionally allocate 8 counters per table entry, so in
addition to memory consumed by counters, we require 8 pointers worth of
space in e

pf: Add a new zone for per-table entry counters.

Right now we optionally allocate 8 counters per table entry, so in
addition to memory consumed by counters, we require 8 pointers worth of
space in each entry even when counters are not allocated (the default).

Instead, define a UMA zone that returns contiguous per-CPU counter
arrays for use in table entries. On amd64 this reduces sizeof(struct
pfr_kentry) from 216 to 160. The smaller size also results in better
slab efficiency, so memory usage for large tables is reduced by about
28%.

Reviewed by: kp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D24843

show more ...

pf: Don't allocate per-table entry counters unless required.

pf by default does not do per-table address accounting unless the
"counters" keyword is specified in the corresponding pf.conf table
defi

pf: Don't allocate per-table entry counters unless required.

pf by default does not do per-table address accounting unless the
"counters" keyword is specified in the corresponding pf.conf table
definition. Yet, we always allocate 12 per-CPU counters per table. For
large tables this carries a lot of overhead, so only allocate counters
when they will actually be used.

A further enhancement might be to use a dedicated UMA zone to allocate
counter arrays for table entries, since close to half of the structure
size comes from counter pointers. A related issue is the cost of
zeroing counters, since counter_u64_zero() calls smp_rendezvous() on
some architectures.

Reported by: loos, Jim Pingle <jimp@netgate.com>
Reviewed by: kp
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC (Netgate)
Differential Revision: https://reviews.freebsd.org/D24803

show more ...

MFHead@r345275