diff options
author | glebius <glebius@FreeBSD.org> | 2014-08-25 15:40:37 +0000 |
---|---|---|
committer | glebius <glebius@FreeBSD.org> | 2014-08-25 15:40:37 +0000 |
commit | 3722b178a339818ea3e790b473390175f90cd06a (patch) | |
tree | de6bc234837eaf308240e4d4762782420a0e6853 /sys/netpfil/pf/pf.c | |
parent | ef25b335dfa5f1458d26fa26f56ab5c3a0fe939d (diff) | |
download | FreeBSD-src-3722b178a339818ea3e790b473390175f90cd06a.zip FreeBSD-src-3722b178a339818ea3e790b473390175f90cd06a.tar.gz |
Merge r269998 from head:
- Count global pf(4) statistics in counter(9).
- Do not count global number of states and of src_nodes,
use uma_zone_get_cur() to obtain values.
- Struct pf_status becomes merely an ioctl API structure,
and moves to netpfil/pf/pf.h with its constants.
- V_pf_status is now of type struct pf_kstatus.
Submitted by: Kajetan Staszkiewicz <vegeta tuxpowered.net>
Sponsored by: InnoGames GmbH
Diffstat (limited to 'sys/netpfil/pf/pf.c')
-rw-r--r-- | sys/netpfil/pf/pf.c | 39 |
1 files changed, 21 insertions, 18 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 980db13..3a087df 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -109,7 +109,7 @@ VNET_DEFINE(struct pf_altqqueue, pf_altqs[2]); VNET_DEFINE(struct pf_palist, pf_pabuf); VNET_DEFINE(struct pf_altqqueue *, pf_altqs_active); VNET_DEFINE(struct pf_altqqueue *, pf_altqs_inactive); -VNET_DEFINE(struct pf_status, pf_status); +VNET_DEFINE(struct pf_kstatus, pf_status); VNET_DEFINE(u_int32_t, ticket_altqs_active); VNET_DEFINE(u_int32_t, ticket_altqs_inactive); @@ -470,13 +470,13 @@ pf_src_connlimit(struct pf_state **state) if ((*state)->rule.ptr->max_src_conn && (*state)->rule.ptr->max_src_conn < (*state)->src_node->conn) { - V_pf_status.lcounters[LCNT_SRCCONN]++; + counter_u64_add(V_pf_status.lcounters[LCNT_SRCCONN], 1); bad++; } if ((*state)->rule.ptr->max_src_conn_rate.limit && pf_check_threshold(&(*state)->src_node->conn_rate)) { - V_pf_status.lcounters[LCNT_SRCCONNRATE]++; + counter_u64_add(V_pf_status.lcounters[LCNT_SRCCONNRATE], 1); bad++; } @@ -524,7 +524,7 @@ pf_overload_task(void *v, int pending) bzero(&p, sizeof(p)); SLIST_FOREACH(pfoe, &queue, next) { - V_pf_status.lcounters[LCNT_OVERLOAD_TABLE]++; + counter_u64_add(V_pf_status.lcounters[LCNT_OVERLOAD_TABLE], 1); if (V_pf_status.debug >= PF_DEBUG_MISC) { printf("%s: blocking address ", __func__); pf_print_host(&pfoe->addr, 0, pfoe->af); @@ -560,7 +560,8 @@ pf_overload_task(void *v, int pending) SLIST_REMOVE(&queue, pfoe, pf_overload_entry, next); free(pfoe, M_PFTEMP); } else - V_pf_status.lcounters[LCNT_OVERLOAD_FLUSH]++; + counter_u64_add( + V_pf_status.lcounters[LCNT_OVERLOAD_FLUSH], 1); /* If nothing to flush, return. */ if (SLIST_EMPTY(&queue)) { @@ -610,7 +611,7 @@ pf_find_src_node(struct pf_addr *src, struct pf_rule *rule, sa_family_t af, struct pf_srchash *sh; struct pf_src_node *n; - V_pf_status.scounters[SCNT_SRC_NODE_SEARCH]++; + counter_u64_add(V_pf_status.scounters[SCNT_SRC_NODE_SEARCH], 1); sh = &V_pf_srchash[pf_hashsrc(src, af)]; PF_HASHROW_LOCK(sh); @@ -646,7 +647,8 @@ pf_insert_src_node(struct pf_src_node **sn, struct pf_rule *rule, counter_u64_fetch(rule->src_nodes) < rule->max_src_nodes) (*sn) = uma_zalloc(V_pf_sources_z, M_NOWAIT | M_ZERO); else - V_pf_status.lcounters[LCNT_SRCNODES]++; + counter_u64_add(V_pf_status.lcounters[LCNT_SRCNODES], + 1); if ((*sn) == NULL) { PF_HASHROW_UNLOCK(sh); return (-1); @@ -665,12 +667,12 @@ pf_insert_src_node(struct pf_src_node **sn, struct pf_rule *rule, if ((*sn)->rule.ptr != NULL) counter_u64_add((*sn)->rule.ptr->src_nodes, 1); PF_HASHROW_UNLOCK(sh); - V_pf_status.scounters[SCNT_SRC_NODE_INSERT]++; - V_pf_status.src_nodes++; + counter_u64_add(V_pf_status.scounters[SCNT_SRC_NODE_INSERT], 1); } else { if (rule->max_src_states && (*sn)->states >= rule->max_src_states) { - V_pf_status.lcounters[LCNT_SRCSTATES]++; + counter_u64_add(V_pf_status.lcounters[LCNT_SRCSTATES], + 1); return (-1); } } @@ -689,8 +691,7 @@ pf_unlink_src_node_locked(struct pf_src_node *src) LIST_REMOVE(src, entry); if (src->rule.ptr) counter_u64_add(src->rule.ptr->src_nodes, -1); - V_pf_status.scounters[SCNT_SRC_NODE_REMOVALS]++; - V_pf_status.src_nodes--; + counter_u64_add(V_pf_status.scounters[SCNT_SRC_NODE_REMOVALS], 1); } void @@ -1206,7 +1207,7 @@ pf_state_insert(struct pfi_kif *kif, struct pf_state_key *skw, /* One for keys, one for ID hash. */ refcount_init(&s->refs, 2); - V_pf_status.fcounters[FCNT_STATE_INSERT]++; + counter_u64_add(V_pf_status.fcounters[FCNT_STATE_INSERT], 1); if (pfsync_insert_state_ptr != NULL) pfsync_insert_state_ptr(s); @@ -1223,7 +1224,7 @@ pf_find_state_byid(uint64_t id, uint32_t creatorid) struct pf_idhash *ih; struct pf_state *s; - V_pf_status.fcounters[FCNT_STATE_SEARCH]++; + counter_u64_add(V_pf_status.fcounters[FCNT_STATE_SEARCH], 1); ih = &V_pf_idhash[(be64toh(id) % (V_pf_hashmask + 1))]; @@ -1250,7 +1251,7 @@ pf_find_state(struct pfi_kif *kif, struct pf_state_key_cmp *key, u_int dir) struct pf_state *s; int idx; - V_pf_status.fcounters[FCNT_STATE_SEARCH]++; + counter_u64_add(V_pf_status.fcounters[FCNT_STATE_SEARCH], 1); kh = &V_pf_keyhash[pf_hashkey((struct pf_state_key *)key)]; @@ -1294,7 +1295,7 @@ pf_find_state_all(struct pf_state_key_cmp *key, u_int dir, int *more) struct pf_state *s, *ret = NULL; int idx, inout = 0; - V_pf_status.fcounters[FCNT_STATE_SEARCH]++; + counter_u64_add(V_pf_status.fcounters[FCNT_STATE_SEARCH], 1); kh = &V_pf_keyhash[pf_hashkey((struct pf_state_key *)key)]; @@ -1522,6 +1523,8 @@ pf_purge_expired_src_nodes() } pf_free_src_nodes(&freelist); + + V_pf_status.src_nodes = uma_zone_get_cur(V_pf_sources_z); } static void @@ -1616,7 +1619,7 @@ pf_free_state(struct pf_state *cur) pf_normalize_tcp_cleanup(cur); uma_zfree(V_pf_state_z, cur); - V_pf_status.fcounters[FCNT_STATE_REMOVALS]++; + counter_u64_add(V_pf_status.fcounters[FCNT_STATE_REMOVALS], 1); } /* @@ -3457,7 +3460,7 @@ pf_create_state(struct pf_rule *r, struct pf_rule *nr, struct pf_rule *a, /* check maximums */ if (r->max_states && (counter_u64_fetch(r->states_cur) >= r->max_states)) { - V_pf_status.lcounters[LCNT_STATES]++; + counter_u64_add(V_pf_status.lcounters[LCNT_STATES], 1); REASON_SET(&reason, PFRES_MAXSTATES); return (PF_DROP); } |