Revert "Importing pfSense patch pf_static_tracker.diff"

This reverts commit 9068fb423dfecae0f8b611d4bc558dd6cb2e2bd7.

3 files changed, 2 insertions, 38 deletions

diff --git a/sys/netpfil/pf/if_pflog.c b/sys/netpfil/pf/if_pflog.c
index 5c22806..1efd5e2 100644
--- a/sys/netpfil/pf/if_pflog.c
+++ b/sys/netpfil/pf/if_pflog.c
@@ -209,7 +209,7 @@ pflog_packet(struct pfi_kif *kif, struct mbuf *m, sa_family_t af, u_int8_t dir,
 		return (0);
 
 	bzero(&hdr, sizeof(hdr));
-	hdr.length = PFLOG_HDRLEN;
+	hdr.length = PFLOG_REAL_HDRLEN;
 	hdr.af = af;
 	hdr.action = rm->action;
 	hdr.reason = reason;
@@ -218,16 +218,13 @@ pflog_packet(struct pfi_kif *kif, struct mbuf *m, sa_family_t af, u_int8_t dir,
 	if (am == NULL) {
 		hdr.rulenr = htonl(rm->nr);
 		hdr.subrulenr =  1;
-		hdr.ridentifier = rm->cuid;
 	} else {
 		hdr.rulenr = htonl(am->nr);
 		hdr.subrulenr = htonl(rm->nr);
-		hdr.ridentifier = rm->cuid;
 		if (ruleset != NULL && ruleset->anchor != NULL)
 			strlcpy(hdr.ruleset, ruleset->anchor->name,
 			    sizeof(hdr.ruleset));
 	}
-#ifdef PF_USER_INFO
 	/*
 	 * XXXGL: we avoid pf_socket_lookup() when we are holding
 	 * state lock, since this leads to unsafe LOR.
@@ -242,7 +239,6 @@ pflog_packet(struct pfi_kif *kif, struct mbuf *m, sa_family_t af, u_int8_t dir,
 	hdr.pid = NO_PID;
 	hdr.rule_uid = rm->cuid;
 	hdr.rule_pid = rm->cpid;
-#endif
 	hdr.dir = dir;
 
 #ifdef INET
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index eed1ac8..89a2716 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -2851,7 +2851,6 @@ pf_match_ieee8021q_pcp(u_int8_t op, u_int8_t pcp1, u_int8_t pcp2,
 	return (pf_match(op, pcp1, pcp2, mpcp));
 }
 
-#ifdef PF_USER_INFO
 static int
 pf_match_uid(u_int8_t op, uid_t a1, uid_t a2, uid_t u)
 {
@@ -2867,7 +2866,6 @@ pf_match_gid(u_int8_t op, gid_t a1, gid_t a2, gid_t g)
 		return (0);
 	return (pf_match(op, a1, a2, g));
 }
-#endif
 
 int
 pf_match_tag(struct mbuf *m, struct pf_rule *r, int *tag, int mtag)
@@ -3076,7 +3074,6 @@ pf_rule_to_actions(struct pf_rule *r, struct pf_rule_actions *a)
 		a->flags |= PFRULE_DN_IS_PIPE;
 }
 
-#ifdef PF_USER_INFO
 int
 pf_socket_lookup(int direction, struct pf_pdesc *pd, struct mbuf *m)
 {
@@ -3156,7 +3153,6 @@ pf_socket_lookup(int direction, struct pf_pdesc *pd, struct mbuf *m)
 
 	return (1);
 }
-#endif
 
 static u_int8_t
 pf_get_wscale(struct mbuf *m, int off, u_int16_t th_off, sa_family_t af)
@@ -3348,14 +3344,12 @@ pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction,
 
 	PF_RULES_RASSERT();
 
-#ifdef PF_USER_INFO
 	if (inp != NULL) {
 		INP_LOCK_ASSERT(inp);
 		pd->lookup.uid = inp->inp_cred->cr_uid;
 		pd->lookup.gid = inp->inp_cred->cr_groups[0];
 		pd->lookup.done = 1;
 	}
-#endif
 
 	switch (pd->proto) {
 	case IPPROTO_TCP:
@@ -3578,7 +3572,6 @@ pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction,
 		    (r->flagset & th->th_flags) != r->flags)
 			r = TAILQ_NEXT(r, entries);
 		/* tcp/udp only. uid.op always 0 in other cases */
-#ifdef PF_USER_INFO
 		else if (r->uid.op && (pd->lookup.done || (pd->lookup.done =
 		    pf_socket_lookup(direction, pd, m), 1)) &&
 		    !pf_match_uid(r->uid.op, r->uid.uid[0], r->uid.uid[1],
@@ -3590,7 +3583,6 @@ pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction,
 		    !pf_match_gid(r->gid.op, r->gid.gid[0], r->gid.gid[1],
 		    pd->lookup.gid))
 			r = TAILQ_NEXT(r, entries);
-#endif
 		else if (r->ieee8021q_pcp.op &&
 		    !pf_match_ieee8021q_pcp(r->ieee8021q_pcp.op,
 		    r->ieee8021q_pcp.pcp[0], r->ieee8021q_pcp.pcp[1], m))
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 146a56f..cacae58 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -1168,9 +1168,7 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
 		rule->states_cur = counter_u64_alloc(M_WAITOK);
 		rule->states_tot = counter_u64_alloc(M_WAITOK);
 		rule->src_nodes = counter_u64_alloc(M_WAITOK);
-#ifdef PF_USER_INFO
 		rule->cuid = td->td_ucred->cr_ruid;
-#endif
 		rule->cpid = td->td_proc ? td->td_proc->p_pid : 0;
 		TAILQ_INIT(&rule->rpool.list);
 
@@ -1196,6 +1194,7 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
 			    V_ticket_pabuf));
 			ERROUT(EBUSY);
 		}
+
 		tail = TAILQ_LAST(ruleset->rules[rs_num].inactive.ptr,
 		    pf_rulequeue);
 		if (tail)
@@ -1274,29 +1273,8 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
 		}
 
 		rule->rpool.cur = TAILQ_FIRST(&rule->rpool.list);
-#ifndef PF_USER_INFO
-		if (rule->cuid) {
-			tail = TAILQ_FIRST(ruleset->rules[rs_num].active.ptr);
-			while ((tail != NULL) && (tail->cuid != rule->cuid))
-				tail = TAILQ_NEXT(tail, entries);
-			if (tail != NULL) {
-				rule->evaluations = tail->evaluations;
-				rule->packets[0] = tail->packets[0];
-				rule->packets[1] = tail->packets[1];
-				rule->bytes[0] = tail->bytes[0];
-				rule->bytes[1] = tail->bytes[1];
-			} else {
-				rule->evaluations = rule->packets[0] = rule->packets[1] =
-				    rule->bytes[0] = rule->bytes[1] = 0;
-			}
-		} else {
-			rule->evaluations = rule->packets[0] = rule->packets[1] =
-			    rule->bytes[0] = rule->bytes[1] = 0;
-		}
-#else
 		rule->evaluations = rule->packets[0] = rule->packets[1] =
 		    rule->bytes[0] = rule->bytes[1] = 0;
-#endif
 		TAILQ_INSERT_TAIL(ruleset->rules[rs_num].inactive.ptr,
 		    rule, entries);
 		ruleset->rules[rs_num].inactive.rcount++;
@@ -1446,9 +1424,7 @@ DIOCADDRULE_error:
 			newrule->states_cur = counter_u64_alloc(M_WAITOK);
 			newrule->states_tot = counter_u64_alloc(M_WAITOK);
 			newrule->src_nodes = counter_u64_alloc(M_WAITOK);
-#ifdef PF_USER_INFO
 			newrule->cuid = td->td_ucred->cr_ruid;
-#endif
 			newrule->cpid = td->td_proc ? td->td_proc->p_pid : 0;
 			TAILQ_INIT(&newrule->rpool.list);
 		}