Bug Summary

File:net/if_pflow.c
Warning:line 428, column 21
Access to field 'sa_family' results in a dereference of a null pointer (loaded from field 'sc_flowdst')

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name if_pflow.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model static -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -ffreestanding -mcmodel=kernel -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -target-feature -sse2 -target-feature -sse -target-feature -3dnow -target-feature -mmx -target-feature +save-args -disable-red-zone -no-implicit-float -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -nostdsysteminc -nobuiltininc -resource-dir /usr/local/lib/clang/13.0.0 -I /usr/src/sys -I /usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -I /usr/src/sys/arch -I /usr/src/sys/dev/pci/drm/include -I /usr/src/sys/dev/pci/drm/include/uapi -I /usr/src/sys/dev/pci/drm/amd/include/asic_reg -I /usr/src/sys/dev/pci/drm/amd/include -I /usr/src/sys/dev/pci/drm/amd/amdgpu -I /usr/src/sys/dev/pci/drm/amd/display -I /usr/src/sys/dev/pci/drm/amd/display/include -I /usr/src/sys/dev/pci/drm/amd/display/dc -I /usr/src/sys/dev/pci/drm/amd/display/amdgpu_dm -I /usr/src/sys/dev/pci/drm/amd/pm/inc -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/smu11 -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/smu12 -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay/hwmgr -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay/smumgr -I /usr/src/sys/dev/pci/drm/amd/display/dc/inc -I /usr/src/sys/dev/pci/drm/amd/display/dc/inc/hw -I /usr/src/sys/dev/pci/drm/amd/display/dc/clk_mgr -I /usr/src/sys/dev/pci/drm/amd/display/modules/inc -I /usr/src/sys/dev/pci/drm/amd/display/modules/hdcp -I /usr/src/sys/dev/pci/drm/amd/display/dmub/inc -I /usr/src/sys/dev/pci/drm/i915 -D DDB -D DIAGNOSTIC -D KTRACE -D ACCOUNTING -D KMEMSTATS -D PTRACE -D POOL_DEBUG -D CRYPTO -D SYSVMSG -D SYSVSEM -D SYSVSHM -D UVM_SWAP_ENCRYPT -D FFS -D FFS2 -D FFS_SOFTUPDATES -D UFS_DIRHASH -D QUOTA -D EXT2FS -D MFS -D NFSCLIENT -D NFSSERVER -D CD9660 -D UDF -D MSDOSFS -D FIFO -D FUSE -D SOCKET_SPLICE -D TCP_ECN -D TCP_SIGNATURE -D INET6 -D IPSEC -D PPP_BSDCOMP -D PPP_DEFLATE -D PIPEX -D MROUTING -D MPLS -D BOOT_CONFIG -D USER_PCICONF -D APERTURE -D MTRR -D NTFS -D HIBERNATE -D PCIVERBOSE -D USBVERBOSE -D WSDISPLAY_COMPAT_USL -D WSDISPLAY_COMPAT_RAWKBD -D WSDISPLAY_DEFAULTSCREENS=6 -D X86EMU -D ONEWIREVERBOSE -D MULTIPROCESSOR -D MAXUSERS=80 -D _KERNEL -D CONFIG_DRM_AMD_DC_DCN3_0 -O2 -Wno-pointer-sign -Wno-address-of-packed-member -Wno-constant-conversion -Wno-unused-but-set-variable -Wno-gnu-folding-constant -fdebug-compilation-dir=/usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -o /usr/obj/sys/arch/amd64/compile/GENERIC.MP/scan-build/2022-01-12-131800-47421-1 -x c /usr/src/sys/net/if_pflow.c
1/* $OpenBSD: if_pflow.c,v 1.93 2020/08/21 22:59:27 kn Exp $ */
2
3/*
4 * Copyright (c) 2011 Florian Obser <florian@narrans.de>
5 * Copyright (c) 2011 Sebastian Benoit <benoit-lists@fb12.de>
6 * Copyright (c) 2008 Henning Brauer <henning@openbsd.org>
7 * Copyright (c) 2008 Joerg Goltermann <jg@osn.de>
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN
18 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
19 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 */
21
22#include <sys/param.h>
23#include <sys/malloc.h>
24#include <sys/systm.h>
25#include <sys/mbuf.h>
26#include <sys/socket.h>
27#include <sys/timeout.h>
28#include <sys/ioctl.h>
29#include <sys/kernel.h>
30#include <sys/socket.h>
31#include <sys/socketvar.h>
32#include <sys/sysctl.h>
33
34#include <net/if.h>
35#include <net/if_types.h>
36#include <net/bpf.h>
37#include <net/route.h>
38#include <netinet/in.h>
39#include <netinet/if_ether.h>
40#include <netinet/tcp.h>
41
42#include <netinet/ip.h>
43#include <netinet/ip_var.h>
44#include <netinet/udp.h>
45#include <netinet/udp_var.h>
46#include <netinet/in_pcb.h>
47
48#include <net/pfvar.h>
49#include <net/if_pflow.h>
50
51#include "bpfilter.h"
52#include "pflow.h"
53
54#define PFLOW_MINMTU(sizeof(struct pflow_header) + sizeof(struct pflow_flow)) \
55 (sizeof(struct pflow_header) + sizeof(struct pflow_flow))
56
57#ifdef PFLOWDEBUG
58#define DPRINTF(x) do { printf x ; } while (0)
59#else
60#define DPRINTF(x)
61#endif
62
63SLIST_HEAD(, pflow_softc)struct { struct pflow_softc *slh_first; } pflowif_list;
64struct pflowstats pflowstats;
65
66void pflowattach(int);
67int pflow_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst,
68 struct rtentry *rt);
69void pflow_output_process(void *);
70int pflow_clone_create(struct if_clone *, int);
71int pflow_clone_destroy(struct ifnet *);
72int pflow_set(struct pflow_softc *, struct pflowreq *);
73void pflow_init_timeouts(struct pflow_softc *);
74int pflow_calc_mtu(struct pflow_softc *, int, int);
75void pflow_setmtu(struct pflow_softc *, int);
76int pflowvalidsockaddr(const struct sockaddr *, int);
77int pflowioctl(struct ifnet *, u_long, caddr_t);
78
79struct mbuf *pflow_get_mbuf(struct pflow_softc *, u_int16_t);
80void pflow_flush(struct pflow_softc *);
81int pflow_sendout_v5(struct pflow_softc *);
82int pflow_sendout_ipfix(struct pflow_softc *, sa_family_t);
83int pflow_sendout_ipfix_tmpl(struct pflow_softc *);
84int pflow_sendout_mbuf(struct pflow_softc *, struct mbuf *);
85void pflow_timeout(void *);
86void pflow_timeout6(void *);
87void pflow_timeout_tmpl(void *);
88void copy_flow_data(struct pflow_flow *, struct pflow_flow *,
89 struct pf_state *, struct pf_state_key *, int, int);
90void copy_flow_ipfix_4_data(struct pflow_ipfix_flow4 *,
91 struct pflow_ipfix_flow4 *, struct pf_state *, struct pf_state_key *,
92 struct pflow_softc *, int, int);
93void copy_flow_ipfix_6_data(struct pflow_ipfix_flow6 *,
94 struct pflow_ipfix_flow6 *, struct pf_state *, struct pf_state_key *,
95 struct pflow_softc *, int, int);
96int pflow_pack_flow(struct pf_state *, struct pf_state_key *,
97 struct pflow_softc *);
98int pflow_pack_flow_ipfix(struct pf_state *, struct pf_state_key *,
99 struct pflow_softc *);
100int export_pflow_if(struct pf_state*, struct pf_state_key *,
101 struct pflow_softc *);
102int copy_flow_to_m(struct pflow_flow *flow, struct pflow_softc *sc);
103int copy_flow_ipfix_4_to_m(struct pflow_ipfix_flow4 *flow,
104 struct pflow_softc *sc);
105int copy_flow_ipfix_6_to_m(struct pflow_ipfix_flow6 *flow,
106 struct pflow_softc *sc);
107
108struct if_clone pflow_cloner =
109 IF_CLONE_INITIALIZER("pflow", pflow_clone_create,{ .ifc_list = { ((void *)0), ((void *)0) }, .ifc_name = "pflow"
, .ifc_namelen = sizeof("pflow") - 1, .ifc_create = pflow_clone_create
, .ifc_destroy = pflow_clone_destroy, }
110 pflow_clone_destroy){ .ifc_list = { ((void *)0), ((void *)0) }, .ifc_name = "pflow"
, .ifc_namelen = sizeof("pflow") - 1, .ifc_create = pflow_clone_create
, .ifc_destroy = pflow_clone_destroy, };
111
112void
113pflowattach(int npflow)
114{
115 SLIST_INIT(&pflowif_list){ ((&pflowif_list)->slh_first) = ((void *)0); };
116 if_clone_attach(&pflow_cloner);
117}
118
119int
120pflow_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst,
121 struct rtentry *rt)
122{
123 m_freem(m); /* drop packet */
124 return (EAFNOSUPPORT47);
125}
126
127void
128pflow_output_process(void *arg)
129{
130 struct mbuf_list ml;
131 struct pflow_softc *sc = arg;
132 struct mbuf *m;
133
134 mq_delist(&sc->sc_outputqueue, &ml);
135 KERNEL_LOCK()_kernel_lock();
136 while ((m = ml_dequeue(&ml)) != NULL((void *)0)) {
137 pflow_sendout_mbuf(sc, m);
138 }
139 KERNEL_UNLOCK()_kernel_unlock();
140}
141
142int
143pflow_clone_create(struct if_clone *ifc, int unit)
144{
145 struct ifnet *ifp;
146 struct pflow_softc *pflowif;
147
148 pflowif = malloc(sizeof(*pflowif), M_DEVBUF2, M_WAITOK0x0001|M_ZERO0x0008);
149 MGET(pflowif->send_nam, M_WAIT, MT_SONAME)pflowif->send_nam = m_get((0x0001), (3));
150 pflowif->sc_version = PFLOW_PROTO_DEFAULT5;
151
152 /* ipfix template init */
153 bzero(&pflowif->sc_tmpl_ipfix,sizeof(pflowif->sc_tmpl_ipfix))__builtin_bzero((&pflowif->sc_tmpl_ipfix), (sizeof(pflowif
->sc_tmpl_ipfix)));
154 pflowif->sc_tmpl_ipfix.set_header.set_id =
155 htons(PFLOW_IPFIX_TMPL_SET_ID)(__uint16_t)(__builtin_constant_p(2) ? (__uint16_t)(((__uint16_t
)(2) & 0xffU) << 8 | ((__uint16_t)(2) & 0xff00U
) >> 8) : __swap16md(2));
156 pflowif->sc_tmpl_ipfix.set_header.set_length =
157 htons(sizeof(struct pflow_ipfix_tmpl))(__uint16_t)(__builtin_constant_p(sizeof(struct pflow_ipfix_tmpl
)) ? (__uint16_t)(((__uint16_t)(sizeof(struct pflow_ipfix_tmpl
)) & 0xffU) << 8 | ((__uint16_t)(sizeof(struct pflow_ipfix_tmpl
)) & 0xff00U) >> 8) : __swap16md(sizeof(struct pflow_ipfix_tmpl
)));
158
159 /* ipfix IPv4 template */
160 pflowif->sc_tmpl_ipfix.ipv4_tmpl.h.tmpl_id =
161 htons(PFLOW_IPFIX_TMPL_IPV4_ID)(__uint16_t)(__builtin_constant_p(256) ? (__uint16_t)(((__uint16_t
)(256) & 0xffU) << 8 | ((__uint16_t)(256) & 0xff00U
) >> 8) : __swap16md(256));
162 pflowif->sc_tmpl_ipfix.ipv4_tmpl.h.field_count
163 = htons(PFLOW_IPFIX_TMPL_IPV4_FIELD_COUNT)(__uint16_t)(__builtin_constant_p(12) ? (__uint16_t)(((__uint16_t
)(12) & 0xffU) << 8 | ((__uint16_t)(12) & 0xff00U
) >> 8) : __swap16md(12));
164 pflowif->sc_tmpl_ipfix.ipv4_tmpl.src_ip.field_id =
165 htons(PFIX_IE_sourceIPv4Address)(__uint16_t)(__builtin_constant_p(8) ? (__uint16_t)(((__uint16_t
)(8) & 0xffU) << 8 | ((__uint16_t)(8) & 0xff00U
) >> 8) : __swap16md(8));
166 pflowif->sc_tmpl_ipfix.ipv4_tmpl.src_ip.len = htons(4)(__uint16_t)(__builtin_constant_p(4) ? (__uint16_t)(((__uint16_t
)(4) & 0xffU) << 8 | ((__uint16_t)(4) & 0xff00U
) >> 8) : __swap16md(4));
167 pflowif->sc_tmpl_ipfix.ipv4_tmpl.dest_ip.field_id =
168 htons(PFIX_IE_destinationIPv4Address)(__uint16_t)(__builtin_constant_p(12) ? (__uint16_t)(((__uint16_t
)(12) & 0xffU) << 8 | ((__uint16_t)(12) & 0xff00U
) >> 8) : __swap16md(12));
169 pflowif->sc_tmpl_ipfix.ipv4_tmpl.dest_ip.len = htons(4)(__uint16_t)(__builtin_constant_p(4) ? (__uint16_t)(((__uint16_t
)(4) & 0xffU) << 8 | ((__uint16_t)(4) & 0xff00U
) >> 8) : __swap16md(4));
170 pflowif->sc_tmpl_ipfix.ipv4_tmpl.if_index_in.field_id =
171 htons(PFIX_IE_ingressInterface)(__uint16_t)(__builtin_constant_p(10) ? (__uint16_t)(((__uint16_t
)(10) & 0xffU) << 8 | ((__uint16_t)(10) & 0xff00U
) >> 8) : __swap16md(10));
172 pflowif->sc_tmpl_ipfix.ipv4_tmpl.if_index_in.len = htons(4)(__uint16_t)(__builtin_constant_p(4) ? (__uint16_t)(((__uint16_t
)(4) & 0xffU) << 8 | ((__uint16_t)(4) & 0xff00U
) >> 8) : __swap16md(4));
173 pflowif->sc_tmpl_ipfix.ipv4_tmpl.if_index_out.field_id =
174 htons(PFIX_IE_egressInterface)(__uint16_t)(__builtin_constant_p(14) ? (__uint16_t)(((__uint16_t
)(14) & 0xffU) << 8 | ((__uint16_t)(14) & 0xff00U
) >> 8) : __swap16md(14));
175 pflowif->sc_tmpl_ipfix.ipv4_tmpl.if_index_out.len = htons(4)(__uint16_t)(__builtin_constant_p(4) ? (__uint16_t)(((__uint16_t
)(4) & 0xffU) << 8 | ((__uint16_t)(4) & 0xff00U
) >> 8) : __swap16md(4));
176 pflowif->sc_tmpl_ipfix.ipv4_tmpl.packets.field_id =
177 htons(PFIX_IE_packetDeltaCount)(__uint16_t)(__builtin_constant_p(2) ? (__uint16_t)(((__uint16_t
)(2) & 0xffU) << 8 | ((__uint16_t)(2) & 0xff00U
) >> 8) : __swap16md(2));
178 pflowif->sc_tmpl_ipfix.ipv4_tmpl.packets.len = htons(8)(__uint16_t)(__builtin_constant_p(8) ? (__uint16_t)(((__uint16_t
)(8) & 0xffU) << 8 | ((__uint16_t)(8) & 0xff00U
) >> 8) : __swap16md(8));
179 pflowif->sc_tmpl_ipfix.ipv4_tmpl.octets.field_id =
180 htons(PFIX_IE_octetDeltaCount)(__uint16_t)(__builtin_constant_p(1) ? (__uint16_t)(((__uint16_t
)(1) & 0xffU) << 8 | ((__uint16_t)(1) & 0xff00U
) >> 8) : __swap16md(1));
181 pflowif->sc_tmpl_ipfix.ipv4_tmpl.octets.len = htons(8)(__uint16_t)(__builtin_constant_p(8) ? (__uint16_t)(((__uint16_t
)(8) & 0xffU) << 8 | ((__uint16_t)(8) & 0xff00U
) >> 8) : __swap16md(8));
182 pflowif->sc_tmpl_ipfix.ipv4_tmpl.start.field_id =
183 htons(PFIX_IE_flowStartMilliseconds)(__uint16_t)(__builtin_constant_p(152) ? (__uint16_t)(((__uint16_t
)(152) & 0xffU) << 8 | ((__uint16_t)(152) & 0xff00U
) >> 8) : __swap16md(152));
184 pflowif->sc_tmpl_ipfix.ipv4_tmpl.start.len = htons(8)(__uint16_t)(__builtin_constant_p(8) ? (__uint16_t)(((__uint16_t
)(8) & 0xffU) << 8 | ((__uint16_t)(8) & 0xff00U
) >> 8) : __swap16md(8));
185 pflowif->sc_tmpl_ipfix.ipv4_tmpl.finish.field_id =
186 htons(PFIX_IE_flowEndMilliseconds)(__uint16_t)(__builtin_constant_p(153) ? (__uint16_t)(((__uint16_t
)(153) & 0xffU) << 8 | ((__uint16_t)(153) & 0xff00U
) >> 8) : __swap16md(153));
187 pflowif->sc_tmpl_ipfix.ipv4_tmpl.finish.len = htons(8)(__uint16_t)(__builtin_constant_p(8) ? (__uint16_t)(((__uint16_t
)(8) & 0xffU) << 8 | ((__uint16_t)(8) & 0xff00U
) >> 8) : __swap16md(8));
188 pflowif->sc_tmpl_ipfix.ipv4_tmpl.src_port.field_id =
189 htons(PFIX_IE_sourceTransportPort)(__uint16_t)(__builtin_constant_p(7) ? (__uint16_t)(((__uint16_t
)(7) & 0xffU) << 8 | ((__uint16_t)(7) & 0xff00U
) >> 8) : __swap16md(7));
190 pflowif->sc_tmpl_ipfix.ipv4_tmpl.src_port.len = htons(2)(__uint16_t)(__builtin_constant_p(2) ? (__uint16_t)(((__uint16_t
)(2) & 0xffU) << 8 | ((__uint16_t)(2) & 0xff00U
) >> 8) : __swap16md(2));
191 pflowif->sc_tmpl_ipfix.ipv4_tmpl.dest_port.field_id =
192 htons(PFIX_IE_destinationTransportPort)(__uint16_t)(__builtin_constant_p(11) ? (__uint16_t)(((__uint16_t
)(11) & 0xffU) << 8 | ((__uint16_t)(11) & 0xff00U
) >> 8) : __swap16md(11));
193 pflowif->sc_tmpl_ipfix.ipv4_tmpl.dest_port.len = htons(2)(__uint16_t)(__builtin_constant_p(2) ? (__uint16_t)(((__uint16_t
)(2) & 0xffU) << 8 | ((__uint16_t)(2) & 0xff00U
) >> 8) : __swap16md(2));
194 pflowif->sc_tmpl_ipfix.ipv4_tmpl.tos.field_id =
195 htons(PFIX_IE_ipClassOfService)(__uint16_t)(__builtin_constant_p(5) ? (__uint16_t)(((__uint16_t
)(5) & 0xffU) << 8 | ((__uint16_t)(5) & 0xff00U
) >> 8) : __swap16md(5));
196 pflowif->sc_tmpl_ipfix.ipv4_tmpl.tos.len = htons(1)(__uint16_t)(__builtin_constant_p(1) ? (__uint16_t)(((__uint16_t
)(1) & 0xffU) << 8 | ((__uint16_t)(1) & 0xff00U
) >> 8) : __swap16md(1));
197 pflowif->sc_tmpl_ipfix.ipv4_tmpl.protocol.field_id =
198 htons(PFIX_IE_protocolIdentifier)(__uint16_t)(__builtin_constant_p(4) ? (__uint16_t)(((__uint16_t
)(4) & 0xffU) << 8 | ((__uint16_t)(4) & 0xff00U
) >> 8) : __swap16md(4));
199 pflowif->sc_tmpl_ipfix.ipv4_tmpl.protocol.len = htons(1)(__uint16_t)(__builtin_constant_p(1) ? (__uint16_t)(((__uint16_t
)(1) & 0xffU) << 8 | ((__uint16_t)(1) & 0xff00U
) >> 8) : __swap16md(1));
200
201 /* ipfix IPv6 template */
202 pflowif->sc_tmpl_ipfix.ipv6_tmpl.h.tmpl_id =
203 htons(PFLOW_IPFIX_TMPL_IPV6_ID)(__uint16_t)(__builtin_constant_p(257) ? (__uint16_t)(((__uint16_t
)(257) & 0xffU) << 8 | ((__uint16_t)(257) & 0xff00U
) >> 8) : __swap16md(257));
204 pflowif->sc_tmpl_ipfix.ipv6_tmpl.h.field_count =
205 htons(PFLOW_IPFIX_TMPL_IPV6_FIELD_COUNT)(__uint16_t)(__builtin_constant_p(12) ? (__uint16_t)(((__uint16_t
)(12) & 0xffU) << 8 | ((__uint16_t)(12) & 0xff00U
) >> 8) : __swap16md(12));
206 pflowif->sc_tmpl_ipfix.ipv6_tmpl.src_ip.field_id =
207 htons(PFIX_IE_sourceIPv6Address)(__uint16_t)(__builtin_constant_p(27) ? (__uint16_t)(((__uint16_t
)(27) & 0xffU) << 8 | ((__uint16_t)(27) & 0xff00U
) >> 8) : __swap16md(27));
208 pflowif->sc_tmpl_ipfix.ipv6_tmpl.src_ip.len = htons(16)(__uint16_t)(__builtin_constant_p(16) ? (__uint16_t)(((__uint16_t
)(16) & 0xffU) << 8 | ((__uint16_t)(16) & 0xff00U
) >> 8) : __swap16md(16));
209 pflowif->sc_tmpl_ipfix.ipv6_tmpl.dest_ip.field_id =
210 htons(PFIX_IE_destinationIPv6Address)(__uint16_t)(__builtin_constant_p(28) ? (__uint16_t)(((__uint16_t
)(28) & 0xffU) << 8 | ((__uint16_t)(28) & 0xff00U
) >> 8) : __swap16md(28));
211 pflowif->sc_tmpl_ipfix.ipv6_tmpl.dest_ip.len = htons(16)(__uint16_t)(__builtin_constant_p(16) ? (__uint16_t)(((__uint16_t
)(16) & 0xffU) << 8 | ((__uint16_t)(16) & 0xff00U
) >> 8) : __swap16md(16));
212 pflowif->sc_tmpl_ipfix.ipv6_tmpl.if_index_in.field_id =
213 htons(PFIX_IE_ingressInterface)(__uint16_t)(__builtin_constant_p(10) ? (__uint16_t)(((__uint16_t
)(10) & 0xffU) << 8 | ((__uint16_t)(10) & 0xff00U
) >> 8) : __swap16md(10));
214 pflowif->sc_tmpl_ipfix.ipv6_tmpl.if_index_in.len = htons(4)(__uint16_t)(__builtin_constant_p(4) ? (__uint16_t)(((__uint16_t
)(4) & 0xffU) << 8 | ((__uint16_t)(4) & 0xff00U
) >> 8) : __swap16md(4));
215 pflowif->sc_tmpl_ipfix.ipv6_tmpl.if_index_out.field_id =
216 htons(PFIX_IE_egressInterface)(__uint16_t)(__builtin_constant_p(14) ? (__uint16_t)(((__uint16_t
)(14) & 0xffU) << 8 | ((__uint16_t)(14) & 0xff00U
) >> 8) : __swap16md(14));
217 pflowif->sc_tmpl_ipfix.ipv6_tmpl.if_index_out.len = htons(4)(__uint16_t)(__builtin_constant_p(4) ? (__uint16_t)(((__uint16_t
)(4) & 0xffU) << 8 | ((__uint16_t)(4) & 0xff00U
) >> 8) : __swap16md(4));
218 pflowif->sc_tmpl_ipfix.ipv6_tmpl.packets.field_id =
219 htons(PFIX_IE_packetDeltaCount)(__uint16_t)(__builtin_constant_p(2) ? (__uint16_t)(((__uint16_t
)(2) & 0xffU) << 8 | ((__uint16_t)(2) & 0xff00U
) >> 8) : __swap16md(2));
220 pflowif->sc_tmpl_ipfix.ipv6_tmpl.packets.len = htons(8)(__uint16_t)(__builtin_constant_p(8) ? (__uint16_t)(((__uint16_t
)(8) & 0xffU) << 8 | ((__uint16_t)(8) & 0xff00U
) >> 8) : __swap16md(8));
221 pflowif->sc_tmpl_ipfix.ipv6_tmpl.octets.field_id =
222 htons(PFIX_IE_octetDeltaCount)(__uint16_t)(__builtin_constant_p(1) ? (__uint16_t)(((__uint16_t
)(1) & 0xffU) << 8 | ((__uint16_t)(1) & 0xff00U
) >> 8) : __swap16md(1));
223 pflowif->sc_tmpl_ipfix.ipv6_tmpl.octets.len = htons(8)(__uint16_t)(__builtin_constant_p(8) ? (__uint16_t)(((__uint16_t
)(8) & 0xffU) << 8 | ((__uint16_t)(8) & 0xff00U
) >> 8) : __swap16md(8));
224 pflowif->sc_tmpl_ipfix.ipv6_tmpl.start.field_id =
225 htons(PFIX_IE_flowStartMilliseconds)(__uint16_t)(__builtin_constant_p(152) ? (__uint16_t)(((__uint16_t
)(152) & 0xffU) << 8 | ((__uint16_t)(152) & 0xff00U
) >> 8) : __swap16md(152));
226 pflowif->sc_tmpl_ipfix.ipv6_tmpl.start.len = htons(8)(__uint16_t)(__builtin_constant_p(8) ? (__uint16_t)(((__uint16_t
)(8) & 0xffU) << 8 | ((__uint16_t)(8) & 0xff00U
) >> 8) : __swap16md(8));
227 pflowif->sc_tmpl_ipfix.ipv6_tmpl.finish.field_id =
228 htons(PFIX_IE_flowEndMilliseconds)(__uint16_t)(__builtin_constant_p(153) ? (__uint16_t)(((__uint16_t
)(153) & 0xffU) << 8 | ((__uint16_t)(153) & 0xff00U
) >> 8) : __swap16md(153));
229 pflowif->sc_tmpl_ipfix.ipv6_tmpl.finish.len = htons(8)(__uint16_t)(__builtin_constant_p(8) ? (__uint16_t)(((__uint16_t
)(8) & 0xffU) << 8 | ((__uint16_t)(8) & 0xff00U
) >> 8) : __swap16md(8));
230 pflowif->sc_tmpl_ipfix.ipv6_tmpl.src_port.field_id =
231 htons(PFIX_IE_sourceTransportPort)(__uint16_t)(__builtin_constant_p(7) ? (__uint16_t)(((__uint16_t
)(7) & 0xffU) << 8 | ((__uint16_t)(7) & 0xff00U
) >> 8) : __swap16md(7));
232 pflowif->sc_tmpl_ipfix.ipv6_tmpl.src_port.len = htons(2)(__uint16_t)(__builtin_constant_p(2) ? (__uint16_t)(((__uint16_t
)(2) & 0xffU) << 8 | ((__uint16_t)(2) & 0xff00U
) >> 8) : __swap16md(2));
233 pflowif->sc_tmpl_ipfix.ipv6_tmpl.dest_port.field_id =
234 htons(PFIX_IE_destinationTransportPort)(__uint16_t)(__builtin_constant_p(11) ? (__uint16_t)(((__uint16_t
)(11) & 0xffU) << 8 | ((__uint16_t)(11) & 0xff00U
) >> 8) : __swap16md(11));
235 pflowif->sc_tmpl_ipfix.ipv6_tmpl.dest_port.len = htons(2)(__uint16_t)(__builtin_constant_p(2) ? (__uint16_t)(((__uint16_t
)(2) & 0xffU) << 8 | ((__uint16_t)(2) & 0xff00U
) >> 8) : __swap16md(2));
236 pflowif->sc_tmpl_ipfix.ipv6_tmpl.tos.field_id =
237 htons(PFIX_IE_ipClassOfService)(__uint16_t)(__builtin_constant_p(5) ? (__uint16_t)(((__uint16_t
)(5) & 0xffU) << 8 | ((__uint16_t)(5) & 0xff00U
) >> 8) : __swap16md(5));
238 pflowif->sc_tmpl_ipfix.ipv6_tmpl.tos.len = htons(1)(__uint16_t)(__builtin_constant_p(1) ? (__uint16_t)(((__uint16_t
)(1) & 0xffU) << 8 | ((__uint16_t)(1) & 0xff00U
) >> 8) : __swap16md(1));
239 pflowif->sc_tmpl_ipfix.ipv6_tmpl.protocol.field_id =
240 htons(PFIX_IE_protocolIdentifier)(__uint16_t)(__builtin_constant_p(4) ? (__uint16_t)(((__uint16_t
)(4) & 0xffU) << 8 | ((__uint16_t)(4) & 0xff00U
) >> 8) : __swap16md(4));
241 pflowif->sc_tmpl_ipfix.ipv6_tmpl.protocol.len = htons(1)(__uint16_t)(__builtin_constant_p(1) ? (__uint16_t)(((__uint16_t
)(1) & 0xffU) << 8 | ((__uint16_t)(1) & 0xff00U
) >> 8) : __swap16md(1));
242
243 ifp = &pflowif->sc_if;
244 snprintf(ifp->if_xname, sizeof ifp->if_xname, "pflow%d", unit);
245 ifp->if_softc = pflowif;
246 ifp->if_ioctl = pflowioctl;
247 ifp->if_output = pflow_output;
248 ifp->if_start = NULL((void *)0);
249 ifp->if_xflags = IFXF_CLONED0x2;
250 ifp->if_typeif_data.ifi_type = IFT_PFLOW0xf9;
251 ifp->if_hdrlenif_data.ifi_hdrlen = PFLOW_HDRLENsizeof(struct pflow_header);
252 ifp->if_flags = IFF_UP0x1;
253 ifp->if_flags &= ~IFF_RUNNING0x40; /* not running, need receiver */
254 mq_init(&pflowif->sc_outputqueue, 8192, IPL_SOFTNET0x5);
255 pflow_setmtu(pflowif, ETHERMTU(1518 - ((6 * 2) + 2) - 4));
256 pflow_init_timeouts(pflowif);
257 if_attach(ifp);
258 if_alloc_sadl(ifp);
259
260 task_set(&pflowif->sc_outputtask, pflow_output_process, pflowif);
261
262 /* Insert into list of pflows */
263 NET_LOCK()do { rw_enter_write(&netlock); } while (0);
264 SLIST_INSERT_HEAD(&pflowif_list, pflowif, sc_next)do { (pflowif)->sc_next.sle_next = (&pflowif_list)->
slh_first; (&pflowif_list)->slh_first = (pflowif); } while
(0);
265 NET_UNLOCK()do { rw_exit_write(&netlock); } while (0);
266 return (0);
267}
268
269int
270pflow_clone_destroy(struct ifnet *ifp)
271{
272 struct pflow_softc *sc = ifp->if_softc;
273 int error;
274
275 error = 0;
276
277 if (timeout_initialized(&sc->sc_tmo)((&sc->sc_tmo)->to_flags & 0x04))
278 timeout_del(&sc->sc_tmo);
279 if (timeout_initialized(&sc->sc_tmo6)((&sc->sc_tmo6)->to_flags & 0x04))
280 timeout_del(&sc->sc_tmo6);
281 if (timeout_initialized(&sc->sc_tmo_tmpl)((&sc->sc_tmo_tmpl)->to_flags & 0x04))
282 timeout_del(&sc->sc_tmo_tmpl);
283 pflow_flush(sc);
284 task_del(net_tq(ifp->if_index), &sc->sc_outputtask);
285 mq_purge(&sc->sc_outputqueue);
286 m_freem(sc->send_nam);
287 if (sc->so != NULL((void *)0)) {
288 error = soclose(sc->so, MSG_DONTWAIT0x80);
289 sc->so = NULL((void *)0);
290 }
291 if (sc->sc_flowdst != NULL((void *)0))
292 free(sc->sc_flowdst, M_DEVBUF2, sc->sc_flowdst->sa_len);
293 if (sc->sc_flowsrc != NULL((void *)0))
294 free(sc->sc_flowsrc, M_DEVBUF2, sc->sc_flowsrc->sa_len);
295 if_detach(ifp);
296 NET_LOCK()do { rw_enter_write(&netlock); } while (0);
297 SLIST_REMOVE(&pflowif_list, sc, pflow_softc, sc_next)do { if ((&pflowif_list)->slh_first == (sc)) { do { ((
&pflowif_list))->slh_first = ((&pflowif_list))->
slh_first->sc_next.sle_next; } while (0); } else { struct pflow_softc
*curelm = (&pflowif_list)->slh_first; while (curelm->
sc_next.sle_next != (sc)) curelm = curelm->sc_next.sle_next
; curelm->sc_next.sle_next = curelm->sc_next.sle_next->
sc_next.sle_next; } ((sc)->sc_next.sle_next) = ((void *)-1
); } while (0);
298 NET_UNLOCK()do { rw_exit_write(&netlock); } while (0);
299 free(sc, M_DEVBUF2, sizeof(*sc));
300 return (error);
301}
302
303int
304pflowvalidsockaddr(const struct sockaddr *sa, int ignore_port)
305{
306 struct sockaddr_in6 *sin6;
307 struct sockaddr_in *sin;
308
309 if (sa == NULL((void *)0))
310 return (0);
311 switch(sa->sa_family) {
312 case AF_INET2:
313 sin = (struct sockaddr_in*) sa;
314 return (sin->sin_addr.s_addr != INADDR_ANY((u_int32_t) (__uint32_t)(__builtin_constant_p((u_int32_t)(0x00000000
)) ? (__uint32_t)(((__uint32_t)((u_int32_t)(0x00000000)) &
0xff) << 24 | ((__uint32_t)((u_int32_t)(0x00000000)) &
0xff00) << 8 | ((__uint32_t)((u_int32_t)(0x00000000)) &
0xff0000) >> 8 | ((__uint32_t)((u_int32_t)(0x00000000)
) & 0xff000000) >> 24) : __swap32md((u_int32_t)(0x00000000
)))) &&
315 (ignore_port || sin->sin_port != 0));
316 case AF_INET624:
317 sin6 = (struct sockaddr_in6*) sa;
318 return (!IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)((*(const u_int32_t *)(const void *)(&(&sin6->sin6_addr
)->__u6_addr.__u6_addr8[0]) == 0) && (*(const u_int32_t
*)(const void *)(&(&sin6->sin6_addr)->__u6_addr
.__u6_addr8[4]) == 0) && (*(const u_int32_t *)(const void
*)(&(&sin6->sin6_addr)->__u6_addr.__u6_addr8[8
]) == 0) && (*(const u_int32_t *)(const void *)(&
(&sin6->sin6_addr)->__u6_addr.__u6_addr8[12]) == 0)
) &&
319 (ignore_port || sin6->sin6_port != 0));
320 default:
321 return (0);
322 }
323}
324
325int
326pflow_set(struct pflow_softc *sc, struct pflowreq *pflowr)
327{
328 struct proc *p = curproc({struct cpu_info *__ci; asm volatile("movq %%gs:%P1,%0" : "=r"
(__ci) :"n" (__builtin_offsetof(struct cpu_info, ci_self)));
__ci;})->ci_curproc;
329 struct socket *so;
330 struct sockaddr *sa;
331 int error = 0;
332
333 if (pflowr->addrmask & PFLOW_MASK_VERSION0x04) {
8
Assuming the condition is false
9
Taking false branch
334 switch(pflowr->version) {
335 case PFLOW_PROTO_55:
336 case PFLOW_PROTO_1010:
337 break;
338 default:
339 return(EINVAL22);
340 }
341 }
342
343 pflow_flush(sc);
10
Calling 'pflow_flush'
14
Returning from 'pflow_flush'
344
345 if (pflowr->addrmask & PFLOW_MASK_DSTIP0x02) {
15
Assuming the condition is true
16
Taking true branch
346 if (sc->sc_flowdst != NULL((void *)0) &&
17
Assuming field 'sc_flowdst' is equal to NULL
347 sc->sc_flowdst->sa_family != pflowr->flowdst.ss_family) {
348 free(sc->sc_flowdst, M_DEVBUF2, sc->sc_flowdst->sa_len);
349 sc->sc_flowdst = NULL((void *)0);
350 if (sc->so != NULL((void *)0)) {
351 soclose(sc->so, MSG_DONTWAIT0x80);
352 sc->so = NULL((void *)0);
353 }
354 }
355
356 switch (pflowr->flowdst.ss_family) {
18
Control jumps to the 'default' case at line 381
357 case AF_INET2:
358 if (sc->sc_flowdst == NULL((void *)0)) {
359 if ((sc->sc_flowdst = malloc(
360 sizeof(struct sockaddr_in),
361 M_DEVBUF2, M_NOWAIT0x0002)) == NULL((void *)0))
362 return (ENOMEM12);
363 }
364 memcpy(sc->sc_flowdst, &pflowr->flowdst,__builtin_memcpy((sc->sc_flowdst), (&pflowr->flowdst
), (sizeof(struct sockaddr_in)))
365 sizeof(struct sockaddr_in))__builtin_memcpy((sc->sc_flowdst), (&pflowr->flowdst
), (sizeof(struct sockaddr_in)));
366 sc->sc_flowdst->sa_len = sizeof(struct
367 sockaddr_in);
368 break;
369 case AF_INET624:
370 if (sc->sc_flowdst == NULL((void *)0)) {
371 if ((sc->sc_flowdst = malloc(
372 sizeof(struct sockaddr_in6),
373 M_DEVBUF2, M_NOWAIT0x0002)) == NULL((void *)0))
374 return (ENOMEM12);
375 }
376 memcpy(sc->sc_flowdst, &pflowr->flowdst,__builtin_memcpy((sc->sc_flowdst), (&pflowr->flowdst
), (sizeof(struct sockaddr_in6)))
377 sizeof(struct sockaddr_in6))__builtin_memcpy((sc->sc_flowdst), (&pflowr->flowdst
), (sizeof(struct sockaddr_in6)));
378 sc->sc_flowdst->sa_len = sizeof(struct
379 sockaddr_in6);
380 break;
381 default:
382 break;
19
 Execution continues on line 385
383 }
384
385 if (sc->sc_flowdst
19.1
Field 'sc_flowdst' is equal to NULL
 != NULL((void *)0)) {
20
Taking false branch
386 sc->send_nam->m_lenm_hdr.mh_len = sc->sc_flowdst->sa_len;
387 sa = mtod(sc->send_nam, struct sockaddr *)((struct sockaddr *)((sc->send_nam)->m_hdr.mh_data));
388 memcpy(sa, sc->sc_flowdst, sc->sc_flowdst->sa_len)__builtin_memcpy((sa), (sc->sc_flowdst), (sc->sc_flowdst
->sa_len));
389 }
390 }
391
392 if (pflowr->addrmask & PFLOW_MASK_SRCIP0x01) {
21
Assuming the condition is false
22
Taking false branch
393 if (sc->sc_flowsrc != NULL((void *)0))
394 free(sc->sc_flowsrc, M_DEVBUF2, sc->sc_flowsrc->sa_len);
395 sc->sc_flowsrc = NULL((void *)0);
396 if (sc->so != NULL((void *)0)) {
397 soclose(sc->so, MSG_DONTWAIT0x80);
398 sc->so = NULL((void *)0);
399 }
400 switch(pflowr->flowsrc.ss_family) {
401 case AF_INET2:
402 if ((sc->sc_flowsrc = malloc(
403 sizeof(struct sockaddr_in),
404 M_DEVBUF2, M_NOWAIT0x0002)) == NULL((void *)0))
405 return (ENOMEM12);
406 memcpy(sc->sc_flowsrc, &pflowr->flowsrc,__builtin_memcpy((sc->sc_flowsrc), (&pflowr->flowsrc
), (sizeof(struct sockaddr_in)))
407 sizeof(struct sockaddr_in))__builtin_memcpy((sc->sc_flowsrc), (&pflowr->flowsrc
), (sizeof(struct sockaddr_in)));
408 sc->sc_flowsrc->sa_len = sizeof(struct
409 sockaddr_in);
410 break;
411 case AF_INET624:
412 if ((sc->sc_flowsrc = malloc(
413 sizeof(struct sockaddr_in6),
414 M_DEVBUF2, M_NOWAIT0x0002)) == NULL((void *)0))
415 return (ENOMEM12);
416 memcpy(sc->sc_flowsrc, &pflowr->flowsrc,__builtin_memcpy((sc->sc_flowsrc), (&pflowr->flowsrc
), (sizeof(struct sockaddr_in6)))
417 sizeof(struct sockaddr_in6))__builtin_memcpy((sc->sc_flowsrc), (&pflowr->flowsrc
), (sizeof(struct sockaddr_in6)));
418 sc->sc_flowsrc->sa_len = sizeof(struct
419 sockaddr_in6);
420 break;
421 default:
422 break;
423 }
424 }
425
426 if (sc->so == NULL((void *)0)) {
23
Assuming field 'so' is equal to NULL
24
Taking true branch
427 if (pflowvalidsockaddr(sc->sc_flowdst, 0)) {
25
Assuming the condition is true
26
Taking true branch
428 error = socreate(sc->sc_flowdst->sa_family,
27
Access to field 'sa_family' results in a dereference of a null pointer (loaded from field 'sc_flowdst')
429 &so, SOCK_DGRAM2, 0);
430 if (error)
431 return (error);
432 if (pflowvalidsockaddr(sc->sc_flowsrc, 1)) {
433 struct mbuf *m;
434 int s;
435
436 MGET(m, M_WAIT, MT_SONAME)m = m_get((0x0001), (3));
437 m->m_lenm_hdr.mh_len = sc->sc_flowsrc->sa_len;
438 sa = mtod(m, struct sockaddr *)((struct sockaddr *)((m)->m_hdr.mh_data));
439 memcpy(sa, sc->sc_flowsrc,__builtin_memcpy((sa), (sc->sc_flowsrc), (sc->sc_flowsrc
->sa_len))
440 sc->sc_flowsrc->sa_len)__builtin_memcpy((sa), (sc->sc_flowsrc), (sc->sc_flowsrc
->sa_len));
441
442 s = solock(so);
443 error = sobind(so, m, p);
444 sounlock(so, s);
445 m_freem(m);
446 if (error) {
447 soclose(so, MSG_DONTWAIT0x80);
448 return (error);
449 }
450 }
451 sc->so = so;
452 }
453 } else if (!pflowvalidsockaddr(sc->sc_flowdst, 0)) {
454 soclose(sc->so, MSG_DONTWAIT0x80);
455 sc->so = NULL((void *)0);
456 }
457
458 /* error check is above */
459 if (pflowr->addrmask & PFLOW_MASK_VERSION0x04)
460 sc->sc_version = pflowr->version;
461
462 pflow_setmtu(sc, ETHERMTU(1518 - ((6 * 2) + 2) - 4));
463 pflow_init_timeouts(sc);
464
465 return (0);
466}
467
468int
469pflowioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
470{
471 struct proc *p = curproc({struct cpu_info *__ci; asm volatile("movq %%gs:%P1,%0" : "=r"
(__ci) :"n" (__builtin_offsetof(struct cpu_info, ci_self)));
__ci;})->ci_curproc;
472 struct pflow_softc *sc = ifp->if_softc;
473 struct ifreq *ifr = (struct ifreq *)data;
474 struct pflowreq pflowr;
475 int error;
476
477 switch (cmd) {
1
Control jumps to 'case 2149607933:' at line 516
478 case SIOCSIFADDR((unsigned long)0x80000000 | ((sizeof(struct ifreq) & 0x1fff
) << 16) | ((('i')) << 8) | ((12))):
479 case SIOCSIFDSTADDR((unsigned long)0x80000000 | ((sizeof(struct ifreq) & 0x1fff
) << 16) | ((('i')) << 8) | ((14))):
480 case SIOCSIFFLAGS((unsigned long)0x80000000 | ((sizeof(struct ifreq) & 0x1fff
) << 16) | ((('i')) << 8) | ((16))):
481 if ((ifp->if_flags & IFF_UP0x1) && sc->so != NULL((void *)0)) {
482 ifp->if_flags |= IFF_RUNNING0x40;
483 sc->sc_gcounter=pflowstats.pflow_flows;
484 /* send templates on startup */
485 if (sc->sc_version == PFLOW_PROTO_1010)
486 pflow_sendout_ipfix_tmpl(sc);
487 } else
488 ifp->if_flags &= ~IFF_RUNNING0x40;
489 break;
490 case SIOCSIFMTU((unsigned long)0x80000000 | ((sizeof(struct ifreq) & 0x1fff
) << 16) | ((('i')) << 8) | ((127))):
491 if (ifr->ifr_mtuifr_ifru.ifru_metric < PFLOW_MINMTU(sizeof(struct pflow_header) + sizeof(struct pflow_flow)))
492 return (EINVAL22);
493 if (ifr->ifr_mtuifr_ifru.ifru_metric > MCLBYTES(1 << 11))
494 ifr->ifr_mtuifr_ifru.ifru_metric = MCLBYTES(1 << 11);
495 if (ifr->ifr_mtuifr_ifru.ifru_metric < ifp->if_mtuif_data.ifi_mtu)
496 pflow_flush(sc);
497 pflow_setmtu(sc, ifr->ifr_mtuifr_ifru.ifru_metric);
498 break;
499
500 case SIOCGETPFLOW(((unsigned long)0x80000000|(unsigned long)0x40000000) | ((sizeof
(struct ifreq) & 0x1fff) << 16) | ((('i')) <<
8) | ((254))):
501 bzero(&pflowr, sizeof(pflowr))__builtin_bzero((&pflowr), (sizeof(pflowr)));
502
503 if (sc->sc_flowsrc != NULL((void *)0))
504 memcpy(&pflowr.flowsrc, sc->sc_flowsrc,__builtin_memcpy((&pflowr.flowsrc), (sc->sc_flowsrc), (
sc->sc_flowsrc->sa_len))
505 sc->sc_flowsrc->sa_len)__builtin_memcpy((&pflowr.flowsrc), (sc->sc_flowsrc), (
sc->sc_flowsrc->sa_len));
506 if (sc->sc_flowdst != NULL((void *)0))
507 memcpy(&pflowr.flowdst, sc->sc_flowdst,__builtin_memcpy((&pflowr.flowdst), (sc->sc_flowdst), (
sc->sc_flowdst->sa_len))
508 sc->sc_flowdst->sa_len)__builtin_memcpy((&pflowr.flowdst), (sc->sc_flowdst), (
sc->sc_flowdst->sa_len));
509 pflowr.version = sc->sc_version;
510
511 if ((error = copyout(&pflowr, ifr->ifr_dataifr_ifru.ifru_data,
512 sizeof(pflowr))))
513 return (error);
514 break;
515
516 case SIOCSETPFLOW((unsigned long)0x80000000 | ((sizeof(struct ifreq) & 0x1fff
) << 16) | ((('i')) << 8) | ((253))):
517 if ((error = suser(p)) != 0)
2
Assuming the condition is false
3
Taking false branch
518 return (error);
519 if ((error = copyin(ifr->ifr_dataifr_ifru.ifru_data, &pflowr,
4
Assuming 'error' is 0
5
Taking false branch
520 sizeof(pflowr))))
521 return (error);
522
523 /* XXXSMP breaks atomicity */
524 NET_UNLOCK()do { rw_exit_write(&netlock); } while (0);
6
Loop condition is false. Exiting loop
525 error = pflow_set(sc, &pflowr);
7
Calling 'pflow_set'
526 NET_LOCK()do { rw_enter_write(&netlock); } while (0);
527 if (error != 0)
528 return (error);
529
530 if ((ifp->if_flags & IFF_UP0x1) && sc->so != NULL((void *)0)) {
531 ifp->if_flags |= IFF_RUNNING0x40;
532 sc->sc_gcounter=pflowstats.pflow_flows;
533 if (sc->sc_version == PFLOW_PROTO_1010)
534 pflow_sendout_ipfix_tmpl(sc);
535 } else
536 ifp->if_flags &= ~IFF_RUNNING0x40;
537
538 break;
539
540 default:
541 return (ENOTTY25);
542 }
543 return (0);
544}
545
546void
547pflow_init_timeouts(struct pflow_softc *sc)
548{
549 switch (sc->sc_version) {
550 case PFLOW_PROTO_55:
551 if (timeout_initialized(&sc->sc_tmo6)((&sc->sc_tmo6)->to_flags & 0x04))
552 timeout_del(&sc->sc_tmo6);
553 if (timeout_initialized(&sc->sc_tmo_tmpl)((&sc->sc_tmo_tmpl)->to_flags & 0x04))
554 timeout_del(&sc->sc_tmo_tmpl);
555 if (!timeout_initialized(&sc->sc_tmo)((&sc->sc_tmo)->to_flags & 0x04))
556 timeout_set_proc(&sc->sc_tmo, pflow_timeout, sc);
557 break;
558 case PFLOW_PROTO_1010:
559 if (!timeout_initialized(&sc->sc_tmo_tmpl)((&sc->sc_tmo_tmpl)->to_flags & 0x04))
560 timeout_set_proc(&sc->sc_tmo_tmpl, pflow_timeout_tmpl,
561 sc);
562 if (!timeout_initialized(&sc->sc_tmo)((&sc->sc_tmo)->to_flags & 0x04))
563 timeout_set_proc(&sc->sc_tmo, pflow_timeout, sc);
564 if (!timeout_initialized(&sc->sc_tmo6)((&sc->sc_tmo6)->to_flags & 0x04))
565 timeout_set_proc(&sc->sc_tmo6, pflow_timeout6, sc);
566
567 timeout_add_sec(&sc->sc_tmo_tmpl, PFLOW_TMPL_TIMEOUT30);
568 break;
569 default: /* NOTREACHED */
570 break;
571 }
572}
573
574int
575pflow_calc_mtu(struct pflow_softc *sc, int mtu, int hdrsz)
576{
577
578 sc->sc_maxcount4 = (mtu - hdrsz -
579 sizeof(struct udpiphdr)) / sizeof(struct pflow_ipfix_flow4);
580 sc->sc_maxcount6 = (mtu - hdrsz -
581 sizeof(struct udpiphdr)) / sizeof(struct pflow_ipfix_flow6);
582 if (sc->sc_maxcount4 > PFLOW_MAXFLOWS30)
583 sc->sc_maxcount4 = PFLOW_MAXFLOWS30;
584 if (sc->sc_maxcount6 > PFLOW_MAXFLOWS30)
585 sc->sc_maxcount6 = PFLOW_MAXFLOWS30;
586 return (hdrsz + sizeof(struct udpiphdr) +
587 MIN(sc->sc_maxcount4 * sizeof(struct pflow_ipfix_flow4),(((sc->sc_maxcount4 * sizeof(struct pflow_ipfix_flow4))<
(sc->sc_maxcount6 * sizeof(struct pflow_ipfix_flow6)))?(sc
->sc_maxcount4 * sizeof(struct pflow_ipfix_flow4)):(sc->
sc_maxcount6 * sizeof(struct pflow_ipfix_flow6)))
588 sc->sc_maxcount6 * sizeof(struct pflow_ipfix_flow6))(((sc->sc_maxcount4 * sizeof(struct pflow_ipfix_flow4))<
(sc->sc_maxcount6 * sizeof(struct pflow_ipfix_flow6)))?(sc
->sc_maxcount4 * sizeof(struct pflow_ipfix_flow4)):(sc->
sc_maxcount6 * sizeof(struct pflow_ipfix_flow6))));
589}
590
591void
592pflow_setmtu(struct pflow_softc *sc, int mtu_req)
593{
594 int mtu;
595
596 if (sc->sc_pflow_ifp && sc->sc_pflow_ifp->if_mtuif_data.ifi_mtu < mtu_req)
597 mtu = sc->sc_pflow_ifp->if_mtuif_data.ifi_mtu;
598 else
599 mtu = mtu_req;
600
601 switch (sc->sc_version) {
602 case PFLOW_PROTO_55:
603 sc->sc_maxcount = (mtu - sizeof(struct pflow_header) -
604 sizeof(struct udpiphdr)) / sizeof(struct pflow_flow);
605 if (sc->sc_maxcount > PFLOW_MAXFLOWS30)
606 sc->sc_maxcount = PFLOW_MAXFLOWS30;
607 sc->sc_if.if_mtuif_data.ifi_mtu = sizeof(struct pflow_header) +
608 sizeof(struct udpiphdr) +
609 sc->sc_maxcount * sizeof(struct pflow_flow);
610 break;
611 case PFLOW_PROTO_1010:
612 sc->sc_if.if_mtuif_data.ifi_mtu =
613 pflow_calc_mtu(sc, mtu, sizeof(struct pflow_v10_header));
614 break;
615 default: /* NOTREACHED */
616 break;
617 }
618}
619
620struct mbuf *
621pflow_get_mbuf(struct pflow_softc *sc, u_int16_t set_id)
622{
623 struct pflow_set_header set_hdr;
624 struct pflow_header h;
625 struct mbuf *m;
626
627 MGETHDR(m, M_DONTWAIT, MT_DATA)m = m_gethdr((0x0002), (1));
628 if (m == NULL((void *)0)) {
629 pflowstats.pflow_onomem++;
630 return (NULL((void *)0));
631 }
632
633 MCLGET(m, M_DONTWAIT)(void) m_clget((m), (0x0002), (1 << 11));
634 if ((m->m_flagsm_hdr.mh_flags & M_EXT0x0001) == 0) {
635 m_free(m);
636 pflowstats.pflow_onomem++;
637 return (NULL((void *)0));
638 }
639
640 m->m_lenm_hdr.mh_len = m->m_pkthdrM_dat.MH.MH_pkthdr.len = 0;
641 m->m_pkthdrM_dat.MH.MH_pkthdr.ph_ifidx = 0;
642
643 if (sc == NULL((void *)0)) /* get only a new empty mbuf */
644 return (m);
645
646 switch (sc->sc_version) {
647 case PFLOW_PROTO_55:
648 /* populate pflow_header */
649 h.reserved1 = 0;
650 h.reserved2 = 0;
651 h.count = 0;
652 h.version = htons(PFLOW_PROTO_5)(__uint16_t)(__builtin_constant_p(5) ? (__uint16_t)(((__uint16_t
)(5) & 0xffU) << 8 | ((__uint16_t)(5) & 0xff00U
) >> 8) : __swap16md(5));
653 h.flow_sequence = htonl(sc->sc_gcounter)(__uint32_t)(__builtin_constant_p(sc->sc_gcounter) ? (__uint32_t
)(((__uint32_t)(sc->sc_gcounter) & 0xff) << 24 |
((__uint32_t)(sc->sc_gcounter) & 0xff00) << 8 |
((__uint32_t)(sc->sc_gcounter) & 0xff0000) >> 8
| ((__uint32_t)(sc->sc_gcounter) & 0xff000000) >>
24) : __swap32md(sc->sc_gcounter));
654 h.engine_type = PFLOW_ENGINE_TYPE42;
655 h.engine_id = PFLOW_ENGINE_ID42;
656 m_copyback(m, 0, PFLOW_HDRLENsizeof(struct pflow_header), &h, M_NOWAIT0x0002);
657
658 sc->sc_count = 0;
659 timeout_add_sec(&sc->sc_tmo, PFLOW_TIMEOUT30);
660 break;
661 case PFLOW_PROTO_1010:
662 /* populate pflow_set_header */
663 set_hdr.set_length = 0;
664 set_hdr.set_id = htons(set_id)(__uint16_t)(__builtin_constant_p(set_id) ? (__uint16_t)(((__uint16_t
)(set_id) & 0xffU) << 8 | ((__uint16_t)(set_id) &
0xff00U) >> 8) : __swap16md(set_id));
665 m_copyback(m, 0, PFLOW_SET_HDRLENsizeof(struct pflow_set_header), &set_hdr, M_NOWAIT0x0002);
666 break;
667 default: /* NOTREACHED */
668 break;
669 }
670
671 return (m);
672}
673
674void
675copy_flow_data(struct pflow_flow *flow1, struct pflow_flow *flow2,
676 struct pf_state *st, struct pf_state_key *sk, int src, int dst)
677{
678 flow1->src_ip = flow2->dest_ip = sk->addr[src].v4pfa.v4.s_addr;
679 flow1->src_port = flow2->dest_port = sk->port[src];
680 flow1->dest_ip = flow2->src_ip = sk->addr[dst].v4pfa.v4.s_addr;
681 flow1->dest_port = flow2->src_port = sk->port[dst];
682
683 flow1->dest_as = flow2->src_as =
684 flow1->src_as = flow2->dest_as = 0;
685 flow1->if_index_in = htons(st->if_index_in)(__uint16_t)(__builtin_constant_p(st->if_index_in) ? (__uint16_t
)(((__uint16_t)(st->if_index_in) & 0xffU) << 8 |
((__uint16_t)(st->if_index_in) & 0xff00U) >> 8)
: __swap16md(st->if_index_in));
686 flow1->if_index_out = htons(st->if_index_out)(__uint16_t)(__builtin_constant_p(st->if_index_out) ? (__uint16_t
)(((__uint16_t)(st->if_index_out) & 0xffU) << 8 |
((__uint16_t)(st->if_index_out) & 0xff00U) >> 8
) : __swap16md(st->if_index_out));
687 flow2->if_index_in = htons(st->if_index_out)(__uint16_t)(__builtin_constant_p(st->if_index_out) ? (__uint16_t
)(((__uint16_t)(st->if_index_out) & 0xffU) << 8 |
((__uint16_t)(st->if_index_out) & 0xff00U) >> 8
) : __swap16md(st->if_index_out));
688 flow2->if_index_out = htons(st->if_index_in)(__uint16_t)(__builtin_constant_p(st->if_index_in) ? (__uint16_t
)(((__uint16_t)(st->if_index_in) & 0xffU) << 8 |
((__uint16_t)(st->if_index_in) & 0xff00U) >> 8)
: __swap16md(st->if_index_in));
689 flow1->dest_mask = flow2->src_mask =
690 flow1->src_mask = flow2->dest_mask = 0;
691
692 flow1->flow_packets = htonl(st->packets[0])(__uint32_t)(__builtin_constant_p(st->packets[0]) ? (__uint32_t
)(((__uint32_t)(st->packets[0]) & 0xff) << 24 | (
(__uint32_t)(st->packets[0]) & 0xff00) << 8 | ((
__uint32_t)(st->packets[0]) & 0xff0000) >> 8 | (
(__uint32_t)(st->packets[0]) & 0xff000000) >> 24
) : __swap32md(st->packets[0]));
693 flow2->flow_packets = htonl(st->packets[1])(__uint32_t)(__builtin_constant_p(st->packets[1]) ? (__uint32_t
)(((__uint32_t)(st->packets[1]) & 0xff) << 24 | (
(__uint32_t)(st->packets[1]) & 0xff00) << 8 | ((
__uint32_t)(st->packets[1]) & 0xff0000) >> 8 | (
(__uint32_t)(st->packets[1]) & 0xff000000) >> 24
) : __swap32md(st->packets[1]));
694 flow1->flow_octets = htonl(st->bytes[0])(__uint32_t)(__builtin_constant_p(st->bytes[0]) ? (__uint32_t
)(((__uint32_t)(st->bytes[0]) & 0xff) << 24 | ((
__uint32_t)(st->bytes[0]) & 0xff00) << 8 | ((__uint32_t
)(st->bytes[0]) & 0xff0000) >> 8 | ((__uint32_t)
(st->bytes[0]) & 0xff000000) >> 24) : __swap32md
(st->bytes[0]));
695 flow2->flow_octets = htonl(st->bytes[1])(__uint32_t)(__builtin_constant_p(st->bytes[1]) ? (__uint32_t
)(((__uint32_t)(st->bytes[1]) & 0xff) << 24 | ((
__uint32_t)(st->bytes[1]) & 0xff00) << 8 | ((__uint32_t
)(st->bytes[1]) & 0xff0000) >> 8 | ((__uint32_t)
(st->bytes[1]) & 0xff000000) >> 24) : __swap32md
(st->bytes[1]));
696
697 /*
698 * Pretend the flow was created or expired when the machine came up
699 * when creation is in the future of the last time a package was seen
700 * or was created / expired before this machine came up due to pfsync.
701 */
702 flow1->flow_start = flow2->flow_start = st->creation < 0 ||
703 st->creation > st->expire ? htonl(0)(__uint32_t)(__builtin_constant_p(0) ? (__uint32_t)(((__uint32_t
)(0) & 0xff) << 24 | ((__uint32_t)(0) & 0xff00)
<< 8 | ((__uint32_t)(0) & 0xff0000) >> 8 | (
(__uint32_t)(0) & 0xff000000) >> 24) : __swap32md(0
)) : htonl(st->creation * 1000)(__uint32_t)(__builtin_constant_p(st->creation * 1000) ? (
__uint32_t)(((__uint32_t)(st->creation * 1000) & 0xff)
<< 24 | ((__uint32_t)(st->creation * 1000) & 0xff00
) << 8 | ((__uint32_t)(st->creation * 1000) & 0xff0000
) >> 8 | ((__uint32_t)(st->creation * 1000) & 0xff000000
) >> 24) : __swap32md(st->creation * 1000));
704 flow1->flow_finish = flow2->flow_finish = st->expire < 0 ? htonl(0)(__uint32_t)(__builtin_constant_p(0) ? (__uint32_t)(((__uint32_t
)(0) & 0xff) << 24 | ((__uint32_t)(0) & 0xff00)
<< 8 | ((__uint32_t)(0) & 0xff0000) >> 8 | (
(__uint32_t)(0) & 0xff000000) >> 24) : __swap32md(0
)) :
705 htonl(st->expire * 1000)(__uint32_t)(__builtin_constant_p(st->expire * 1000) ? (__uint32_t
)(((__uint32_t)(st->expire * 1000) & 0xff) << 24
| ((__uint32_t)(st->expire * 1000) & 0xff00) <<
8 | ((__uint32_t)(st->expire * 1000) & 0xff0000) >>
8 | ((__uint32_t)(st->expire * 1000) & 0xff000000) >>
24) : __swap32md(st->expire * 1000));
706 flow1->tcp_flags = flow2->tcp_flags = 0;
707 flow1->protocol = flow2->protocol = sk->proto;
708 flow1->tos = flow2->tos = st->rule.ptr->tos;
709}
710
711void
712copy_flow_ipfix_4_data(struct pflow_ipfix_flow4 *flow1,
713 struct pflow_ipfix_flow4 *flow2, struct pf_state *st,
714 struct pf_state_key *sk, struct pflow_softc *sc, int src, int dst)
715{
716 flow1->src_ip = flow2->dest_ip = sk->addr[src].v4pfa.v4.s_addr;
717 flow1->src_port = flow2->dest_port = sk->port[src];
718 flow1->dest_ip = flow2->src_ip = sk->addr[dst].v4pfa.v4.s_addr;
719 flow1->dest_port = flow2->src_port = sk->port[dst];
720
721 flow1->if_index_in = htonl(st->if_index_in)(__uint32_t)(__builtin_constant_p(st->if_index_in) ? (__uint32_t
)(((__uint32_t)(st->if_index_in) & 0xff) << 24 |
((__uint32_t)(st->if_index_in) & 0xff00) << 8 |
((__uint32_t)(st->if_index_in) & 0xff0000) >> 8
| ((__uint32_t)(st->if_index_in) & 0xff000000) >>
24) : __swap32md(st->if_index_in));
722 flow1->if_index_out = htonl(st->if_index_out)(__uint32_t)(__builtin_constant_p(st->if_index_out) ? (__uint32_t
)(((__uint32_t)(st->if_index_out) & 0xff) << 24 |
((__uint32_t)(st->if_index_out) & 0xff00) << 8 |
((__uint32_t)(st->if_index_out) & 0xff0000) >> 8
| ((__uint32_t)(st->if_index_out) & 0xff000000) >>
24) : __swap32md(st->if_index_out));
723 flow2->if_index_in = htonl(st->if_index_out)(__uint32_t)(__builtin_constant_p(st->if_index_out) ? (__uint32_t
)(((__uint32_t)(st->if_index_out) & 0xff) << 24 |
((__uint32_t)(st->if_index_out) & 0xff00) << 8 |
((__uint32_t)(st->if_index_out) & 0xff0000) >> 8
| ((__uint32_t)(st->if_index_out) & 0xff000000) >>
24) : __swap32md(st->if_index_out));
724 flow2->if_index_out = htonl(st->if_index_in)(__uint32_t)(__builtin_constant_p(st->if_index_in) ? (__uint32_t
)(((__uint32_t)(st->if_index_in) & 0xff) << 24 |
((__uint32_t)(st->if_index_in) & 0xff00) << 8 |
((__uint32_t)(st->if_index_in) & 0xff0000) >> 8
| ((__uint32_t)(st->if_index_in) & 0xff000000) >>
24) : __swap32md(st->if_index_in));
725
726 flow1->flow_packets = htobe64(st->packets[0])(__uint64_t)(__builtin_constant_p(st->packets[0]) ? (__uint64_t
)((((__uint64_t)(st->packets[0]) & 0xff) << 56) |
((__uint64_t)(st->packets[0]) & 0xff00ULL) << 40
| ((__uint64_t)(st->packets[0]) & 0xff0000ULL) <<
24 | ((__uint64_t)(st->packets[0]) & 0xff000000ULL) <<
8 | ((__uint64_t)(st->packets[0]) & 0xff00000000ULL) >>
8 | ((__uint64_t)(st->packets[0]) & 0xff0000000000ULL
) >> 24 | ((__uint64_t)(st->packets[0]) & 0xff000000000000ULL
) >> 40 | ((__uint64_t)(st->packets[0]) & 0xff00000000000000ULL
) >> 56) : __swap64md(st->packets[0]));
727 flow2->flow_packets = htobe64(st->packets[1])(__uint64_t)(__builtin_constant_p(st->packets[1]) ? (__uint64_t
)((((__uint64_t)(st->packets[1]) & 0xff) << 56) |
((__uint64_t)(st->packets[1]) & 0xff00ULL) << 40
| ((__uint64_t)(st->packets[1]) & 0xff0000ULL) <<
24 | ((__uint64_t)(st->packets[1]) & 0xff000000ULL) <<
8 | ((__uint64_t)(st->packets[1]) & 0xff00000000ULL) >>
8 | ((__uint64_t)(st->packets[1]) & 0xff0000000000ULL
) >> 24 | ((__uint64_t)(st->packets[1]) & 0xff000000000000ULL
) >> 40 | ((__uint64_t)(st->packets[1]) & 0xff00000000000000ULL
) >> 56) : __swap64md(st->packets[1]));
728 flow1->flow_octets = htobe64(st->bytes[0])(__uint64_t)(__builtin_constant_p(st->bytes[0]) ? (__uint64_t
)((((__uint64_t)(st->bytes[0]) & 0xff) << 56) | (
(__uint64_t)(st->bytes[0]) & 0xff00ULL) << 40 | (
(__uint64_t)(st->bytes[0]) & 0xff0000ULL) << 24 |
((__uint64_t)(st->bytes[0]) & 0xff000000ULL) <<
8 | ((__uint64_t)(st->bytes[0]) & 0xff00000000ULL) >>
8 | ((__uint64_t)(st->bytes[0]) & 0xff0000000000ULL) >>
24 | ((__uint64_t)(st->bytes[0]) & 0xff000000000000ULL
) >> 40 | ((__uint64_t)(st->bytes[0]) & 0xff00000000000000ULL
) >> 56) : __swap64md(st->bytes[0]));
729 flow2->flow_octets = htobe64(st->bytes[1])(__uint64_t)(__builtin_constant_p(st->bytes[1]) ? (__uint64_t
)((((__uint64_t)(st->bytes[1]) & 0xff) << 56) | (
(__uint64_t)(st->bytes[1]) & 0xff00ULL) << 40 | (
(__uint64_t)(st->bytes[1]) & 0xff0000ULL) << 24 |
((__uint64_t)(st->bytes[1]) & 0xff000000ULL) <<
8 | ((__uint64_t)(st->bytes[1]) & 0xff00000000ULL) >>
8 | ((__uint64_t)(st->bytes[1]) & 0xff0000000000ULL) >>
24 | ((__uint64_t)(st->bytes[1]) & 0xff000000000000ULL
) >> 40 | ((__uint64_t)(st->bytes[1]) & 0xff00000000000000ULL
) >> 56) : __swap64md(st->bytes[1]));
730
731 /*
732 * Pretend the flow was created when the machine came up when creation
733 * is in the future of the last time a package was seen due to pfsync.
734 */
735 if (st->creation > st->expire)
736 flow1->flow_start = flow2->flow_start = htobe64((gettime() -(__uint64_t)(__builtin_constant_p((gettime() - getuptime())*1000
) ? (__uint64_t)((((__uint64_t)((gettime() - getuptime())*1000
) & 0xff) << 56) | ((__uint64_t)((gettime() - getuptime
())*1000) & 0xff00ULL) << 40 | ((__uint64_t)((gettime
() - getuptime())*1000) & 0xff0000ULL) << 24 | ((__uint64_t
)((gettime() - getuptime())*1000) & 0xff000000ULL) <<
8 | ((__uint64_t)((gettime() - getuptime())*1000) & 0xff00000000ULL
) >> 8 | ((__uint64_t)((gettime() - getuptime())*1000) &
0xff0000000000ULL) >> 24 | ((__uint64_t)((gettime() - getuptime
())*1000) & 0xff000000000000ULL) >> 40 | ((__uint64_t
)((gettime() - getuptime())*1000) & 0xff00000000000000ULL
) >> 56) : __swap64md((gettime() - getuptime())*1000))
737 getuptime())*1000)(__uint64_t)(__builtin_constant_p((gettime() - getuptime())*1000
) ? (__uint64_t)((((__uint64_t)((gettime() - getuptime())*1000
) & 0xff) << 56) | ((__uint64_t)((gettime() - getuptime
())*1000) & 0xff00ULL) << 40 | ((__uint64_t)((gettime
() - getuptime())*1000) & 0xff0000ULL) << 24 | ((__uint64_t
)((gettime() - getuptime())*1000) & 0xff000000ULL) <<
8 | ((__uint64_t)((gettime() - getuptime())*1000) & 0xff00000000ULL
) >> 8 | ((__uint64_t)((gettime() - getuptime())*1000) &
0xff0000000000ULL) >> 24 | ((__uint64_t)((gettime() - getuptime
())*1000) & 0xff000000000000ULL) >> 40 | ((__uint64_t
)((gettime() - getuptime())*1000) & 0xff00000000000000ULL
) >> 56) : __swap64md((gettime() - getuptime())*1000));
738 else
739 flow1->flow_start = flow2->flow_start = htobe64((gettime() -(__uint64_t)(__builtin_constant_p((gettime() - (getuptime() -
st->creation))*1000) ? (__uint64_t)((((__uint64_t)((gettime
() - (getuptime() - st->creation))*1000) & 0xff) <<
56) | ((__uint64_t)((gettime() - (getuptime() - st->creation
))*1000) & 0xff00ULL) << 40 | ((__uint64_t)((gettime
() - (getuptime() - st->creation))*1000) & 0xff0000ULL
) << 24 | ((__uint64_t)((gettime() - (getuptime() - st->
creation))*1000) & 0xff000000ULL) << 8 | ((__uint64_t
)((gettime() - (getuptime() - st->creation))*1000) & 0xff00000000ULL
) >> 8 | ((__uint64_t)((gettime() - (getuptime() - st->
creation))*1000) & 0xff0000000000ULL) >> 24 | ((__uint64_t
)((gettime() - (getuptime() - st->creation))*1000) & 0xff000000000000ULL
) >> 40 | ((__uint64_t)((gettime() - (getuptime() - st->
creation))*1000) & 0xff00000000000000ULL) >> 56) : __swap64md
((gettime() - (getuptime() - st->creation))*1000))
740 (getuptime() - st->creation))*1000)(__uint64_t)(__builtin_constant_p((gettime() - (getuptime() -
st->creation))*1000) ? (__uint64_t)((((__uint64_t)((gettime
() - (getuptime() - st->creation))*1000) & 0xff) <<
56) | ((__uint64_t)((gettime() - (getuptime() - st->creation
))*1000) & 0xff00ULL) << 40 | ((__uint64_t)((gettime
() - (getuptime() - st->creation))*1000) & 0xff0000ULL
) << 24 | ((__uint64_t)((gettime() - (getuptime() - st->
creation))*1000) & 0xff000000ULL) << 8 | ((__uint64_t
)((gettime() - (getuptime() - st->creation))*1000) & 0xff00000000ULL
) >> 8 | ((__uint64_t)((gettime() - (getuptime() - st->
creation))*1000) & 0xff0000000000ULL) >> 24 | ((__uint64_t
)((gettime() - (getuptime() - st->creation))*1000) & 0xff000000000000ULL
) >> 40 | ((__uint64_t)((gettime() - (getuptime() - st->
creation))*1000) & 0xff00000000000000ULL) >> 56) : __swap64md
((gettime() - (getuptime() - st->creation))*1000));
741 flow1->flow_finish = flow2->flow_finish = htobe64((gettime() -(__uint64_t)(__builtin_constant_p((gettime() - (getuptime() -
st->expire))*1000) ? (__uint64_t)((((__uint64_t)((gettime
() - (getuptime() - st->expire))*1000) & 0xff) <<
56) | ((__uint64_t)((gettime() - (getuptime() - st->expire
))*1000) & 0xff00ULL) << 40 | ((__uint64_t)((gettime
() - (getuptime() - st->expire))*1000) & 0xff0000ULL) <<
24 | ((__uint64_t)((gettime() - (getuptime() - st->expire
))*1000) & 0xff000000ULL) << 8 | ((__uint64_t)((gettime
() - (getuptime() - st->expire))*1000) & 0xff00000000ULL
) >> 8 | ((__uint64_t)((gettime() - (getuptime() - st->
expire))*1000) & 0xff0000000000ULL) >> 24 | ((__uint64_t
)((gettime() - (getuptime() - st->expire))*1000) & 0xff000000000000ULL
) >> 40 | ((__uint64_t)((gettime() - (getuptime() - st->
expire))*1000) & 0xff00000000000000ULL) >> 56) : __swap64md
((gettime() - (getuptime() - st->expire))*1000))
742 (getuptime() - st->expire))*1000)(__uint64_t)(__builtin_constant_p((gettime() - (getuptime() -
st->expire))*1000) ? (__uint64_t)((((__uint64_t)((gettime
() - (getuptime() - st->expire))*1000) & 0xff) <<
56) | ((__uint64_t)((gettime() - (getuptime() - st->expire
))*1000) & 0xff00ULL) << 40 | ((__uint64_t)((gettime
() - (getuptime() - st->expire))*1000) & 0xff0000ULL) <<
24 | ((__uint64_t)((gettime() - (getuptime() - st->expire
))*1000) & 0xff000000ULL) << 8 | ((__uint64_t)((gettime
() - (getuptime() - st->expire))*1000) & 0xff00000000ULL
) >> 8 | ((__uint64_t)((gettime() - (getuptime() - st->
expire))*1000) & 0xff0000000000ULL) >> 24 | ((__uint64_t
)((gettime() - (getuptime() - st->expire))*1000) & 0xff000000000000ULL
) >> 40 | ((__uint64_t)((gettime() - (getuptime() - st->
expire))*1000) & 0xff00000000000000ULL) >> 56) : __swap64md
((gettime() - (getuptime() - st->expire))*1000));
743
744 flow1->protocol = flow2->protocol = sk->proto;
745 flow1->tos = flow2->tos = st->rule.ptr->tos;
746}
747
748void
749copy_flow_ipfix_6_data(struct pflow_ipfix_flow6 *flow1,
750 struct pflow_ipfix_flow6 *flow2, struct pf_state *st,
751 struct pf_state_key *sk, struct pflow_softc *sc, int src, int dst)
752{
753 bcopy(&sk->addr[src].v6pfa.v6, &flow1->src_ip, sizeof(flow1->src_ip));
754 bcopy(&sk->addr[src].v6pfa.v6, &flow2->dest_ip, sizeof(flow2->dest_ip));
755 flow1->src_port = flow2->dest_port = sk->port[src];
756 bcopy(&sk->addr[dst].v6pfa.v6, &flow1->dest_ip, sizeof(flow1->dest_ip));
757 bcopy(&sk->addr[dst].v6pfa.v6, &flow2->src_ip, sizeof(flow2->src_ip));
758 flow1->dest_port = flow2->src_port = sk->port[dst];
759
760 flow1->if_index_in = htonl(st->if_index_in)(__uint32_t)(__builtin_constant_p(st->if_index_in) ? (__uint32_t
)(((__uint32_t)(st->if_index_in) & 0xff) << 24 |
((__uint32_t)(st->if_index_in) & 0xff00) << 8 |
((__uint32_t)(st->if_index_in) & 0xff0000) >> 8
| ((__uint32_t)(st->if_index_in) & 0xff000000) >>
24) : __swap32md(st->if_index_in));
761 flow1->if_index_out = htonl(st->if_index_out)(__uint32_t)(__builtin_constant_p(st->if_index_out) ? (__uint32_t
)(((__uint32_t)(st->if_index_out) & 0xff) << 24 |
((__uint32_t)(st->if_index_out) & 0xff00) << 8 |
((__uint32_t)(st->if_index_out) & 0xff0000) >> 8
| ((__uint32_t)(st->if_index_out) & 0xff000000) >>
24) : __swap32md(st->if_index_out));
762 flow2->if_index_in = htonl(st->if_index_out)(__uint32_t)(__builtin_constant_p(st->if_index_out) ? (__uint32_t
)(((__uint32_t)(st->if_index_out) & 0xff) << 24 |
((__uint32_t)(st->if_index_out) & 0xff00) << 8 |
((__uint32_t)(st->if_index_out) & 0xff0000) >> 8
| ((__uint32_t)(st->if_index_out) & 0xff000000) >>
24) : __swap32md(st->if_index_out));
763 flow2->if_index_out = htonl(st->if_index_in)(__uint32_t)(__builtin_constant_p(st->if_index_in) ? (__uint32_t
)(((__uint32_t)(st->if_index_in) & 0xff) << 24 |
((__uint32_t)(st->if_index_in) & 0xff00) << 8 |
((__uint32_t)(st->if_index_in) & 0xff0000) >> 8
| ((__uint32_t)(st->if_index_in) & 0xff000000) >>
24) : __swap32md(st->if_index_in));
764
765 flow1->flow_packets = htobe64(st->packets[0])(__uint64_t)(__builtin_constant_p(st->packets[0]) ? (__uint64_t
)((((__uint64_t)(st->packets[0]) & 0xff) << 56) |
((__uint64_t)(st->packets[0]) & 0xff00ULL) << 40
| ((__uint64_t)(st->packets[0]) & 0xff0000ULL) <<
24 | ((__uint64_t)(st->packets[0]) & 0xff000000ULL) <<
8 | ((__uint64_t)(st->packets[0]) & 0xff00000000ULL) >>
8 | ((__uint64_t)(st->packets[0]) & 0xff0000000000ULL
) >> 24 | ((__uint64_t)(st->packets[0]) & 0xff000000000000ULL
) >> 40 | ((__uint64_t)(st->packets[0]) & 0xff00000000000000ULL
) >> 56) : __swap64md(st->packets[0]));
766 flow2->flow_packets = htobe64(st->packets[1])(__uint64_t)(__builtin_constant_p(st->packets[1]) ? (__uint64_t
)((((__uint64_t)(st->packets[1]) & 0xff) << 56) |
((__uint64_t)(st->packets[1]) & 0xff00ULL) << 40
| ((__uint64_t)(st->packets[1]) & 0xff0000ULL) <<
24 | ((__uint64_t)(st->packets[1]) & 0xff000000ULL) <<
8 | ((__uint64_t)(st->packets[1]) & 0xff00000000ULL) >>
8 | ((__uint64_t)(st->packets[1]) & 0xff0000000000ULL
) >> 24 | ((__uint64_t)(st->packets[1]) & 0xff000000000000ULL
) >> 40 | ((__uint64_t)(st->packets[1]) & 0xff00000000000000ULL
) >> 56) : __swap64md(st->packets[1]));
767 flow1->flow_octets = htobe64(st->bytes[0])(__uint64_t)(__builtin_constant_p(st->bytes[0]) ? (__uint64_t
)((((__uint64_t)(st->bytes[0]) & 0xff) << 56) | (
(__uint64_t)(st->bytes[0]) & 0xff00ULL) << 40 | (
(__uint64_t)(st->bytes[0]) & 0xff0000ULL) << 24 |
((__uint64_t)(st->bytes[0]) & 0xff000000ULL) <<
8 | ((__uint64_t)(st->bytes[0]) & 0xff00000000ULL) >>
8 | ((__uint64_t)(st->bytes[0]) & 0xff0000000000ULL) >>
24 | ((__uint64_t)(st->bytes[0]) & 0xff000000000000ULL
) >> 40 | ((__uint64_t)(st->bytes[0]) & 0xff00000000000000ULL
) >> 56) : __swap64md(st->bytes[0]));
768 flow2->flow_octets = htobe64(st->bytes[1])(__uint64_t)(__builtin_constant_p(st->bytes[1]) ? (__uint64_t
)((((__uint64_t)(st->bytes[1]) & 0xff) << 56) | (
(__uint64_t)(st->bytes[1]) & 0xff00ULL) << 40 | (
(__uint64_t)(st->bytes[1]) & 0xff0000ULL) << 24 |
((__uint64_t)(st->bytes[1]) & 0xff000000ULL) <<
8 | ((__uint64_t)(st->bytes[1]) & 0xff00000000ULL) >>
8 | ((__uint64_t)(st->bytes[1]) & 0xff0000000000ULL) >>
24 | ((__uint64_t)(st->bytes[1]) & 0xff000000000000ULL
) >> 40 | ((__uint64_t)(st->bytes[1]) & 0xff00000000000000ULL
) >> 56) : __swap64md(st->bytes[1]));
769
770 /*
771 * Pretend the flow was created when the machine came up when creation
772 * is in the future of the last time a package was seen due to pfsync.
773 */
774 if (st->creation > st->expire)
775 flow1->flow_start = flow2->flow_start = htobe64((gettime() -(__uint64_t)(__builtin_constant_p((gettime() - getuptime())*1000
) ? (__uint64_t)((((__uint64_t)((gettime() - getuptime())*1000
) & 0xff) << 56) | ((__uint64_t)((gettime() - getuptime
())*1000) & 0xff00ULL) << 40 | ((__uint64_t)((gettime
() - getuptime())*1000) & 0xff0000ULL) << 24 | ((__uint64_t
)((gettime() - getuptime())*1000) & 0xff000000ULL) <<
8 | ((__uint64_t)((gettime() - getuptime())*1000) & 0xff00000000ULL
) >> 8 | ((__uint64_t)((gettime() - getuptime())*1000) &
0xff0000000000ULL) >> 24 | ((__uint64_t)((gettime() - getuptime
())*1000) & 0xff000000000000ULL) >> 40 | ((__uint64_t
)((gettime() - getuptime())*1000) & 0xff00000000000000ULL
) >> 56) : __swap64md((gettime() - getuptime())*1000))
776 getuptime())*1000)(__uint64_t)(__builtin_constant_p((gettime() - getuptime())*1000
) ? (__uint64_t)((((__uint64_t)((gettime() - getuptime())*1000
) & 0xff) << 56) | ((__uint64_t)((gettime() - getuptime
())*1000) & 0xff00ULL) << 40 | ((__uint64_t)((gettime
() - getuptime())*1000) & 0xff0000ULL) << 24 | ((__uint64_t
)((gettime() - getuptime())*1000) & 0xff000000ULL) <<
8 | ((__uint64_t)((gettime() - getuptime())*1000) & 0xff00000000ULL
) >> 8 | ((__uint64_t)((gettime() - getuptime())*1000) &
0xff0000000000ULL) >> 24 | ((__uint64_t)((gettime() - getuptime
())*1000) & 0xff000000000000ULL) >> 40 | ((__uint64_t
)((gettime() - getuptime())*1000) & 0xff00000000000000ULL
) >> 56) : __swap64md((gettime() - getuptime())*1000));
777 else
778 flow1->flow_start = flow2->flow_start = htobe64((gettime() -(__uint64_t)(__builtin_constant_p((gettime() - (getuptime() -
st->creation))*1000) ? (__uint64_t)((((__uint64_t)((gettime
() - (getuptime() - st->creation))*1000) & 0xff) <<
56) | ((__uint64_t)((gettime() - (getuptime() - st->creation
))*1000) & 0xff00ULL) << 40 | ((__uint64_t)((gettime
() - (getuptime() - st->creation))*1000) & 0xff0000ULL
) << 24 | ((__uint64_t)((gettime() - (getuptime() - st->
creation))*1000) & 0xff000000ULL) << 8 | ((__uint64_t
)((gettime() - (getuptime() - st->creation))*1000) & 0xff00000000ULL
) >> 8 | ((__uint64_t)((gettime() - (getuptime() - st->
creation))*1000) & 0xff0000000000ULL) >> 24 | ((__uint64_t
)((gettime() - (getuptime() - st->creation))*1000) & 0xff000000000000ULL
) >> 40 | ((__uint64_t)((gettime() - (getuptime() - st->
creation))*1000) & 0xff00000000000000ULL) >> 56) : __swap64md
((gettime() - (getuptime() - st->creation))*1000))
779 (getuptime() - st->creation))*1000)(__uint64_t)(__builtin_constant_p((gettime() - (getuptime() -
st->creation))*1000) ? (__uint64_t)((((__uint64_t)((gettime
() - (getuptime() - st->creation))*1000) & 0xff) <<
56) | ((__uint64_t)((gettime() - (getuptime() - st->creation
))*1000) & 0xff00ULL) << 40 | ((__uint64_t)((gettime
() - (getuptime() - st->creation))*1000) & 0xff0000ULL
) << 24 | ((__uint64_t)((gettime() - (getuptime() - st->
creation))*1000) & 0xff000000ULL) << 8 | ((__uint64_t
)((gettime() - (getuptime() - st->creation))*1000) & 0xff00000000ULL
) >> 8 | ((__uint64_t)((gettime() - (getuptime() - st->
creation))*1000) & 0xff0000000000ULL) >> 24 | ((__uint64_t
)((gettime() - (getuptime() - st->creation))*1000) & 0xff000000000000ULL
) >> 40 | ((__uint64_t)((gettime() - (getuptime() - st->
creation))*1000) & 0xff00000000000000ULL) >> 56) : __swap64md
((gettime() - (getuptime() - st->creation))*1000));
780 flow1->flow_finish = flow2->flow_finish = htobe64((gettime() -(__uint64_t)(__builtin_constant_p((gettime() - (getuptime() -
st->expire))*1000) ? (__uint64_t)((((__uint64_t)((gettime
() - (getuptime() - st->expire))*1000) & 0xff) <<
56) | ((__uint64_t)((gettime() - (getuptime() - st->expire
))*1000) & 0xff00ULL) << 40 | ((__uint64_t)((gettime
() - (getuptime() - st->expire))*1000) & 0xff0000ULL) <<
24 | ((__uint64_t)((gettime() - (getuptime() - st->expire
))*1000) & 0xff000000ULL) << 8 | ((__uint64_t)((gettime
() - (getuptime() - st->expire))*1000) & 0xff00000000ULL
) >> 8 | ((__uint64_t)((gettime() - (getuptime() - st->
expire))*1000) & 0xff0000000000ULL) >> 24 | ((__uint64_t
)((gettime() - (getuptime() - st->expire))*1000) & 0xff000000000000ULL
) >> 40 | ((__uint64_t)((gettime() - (getuptime() - st->
expire))*1000) & 0xff00000000000000ULL) >> 56) : __swap64md
((gettime() - (getuptime() - st->expire))*1000))
781 (getuptime() - st->expire))*1000)(__uint64_t)(__builtin_constant_p((gettime() - (getuptime() -
st->expire))*1000) ? (__uint64_t)((((__uint64_t)((gettime
() - (getuptime() - st->expire))*1000) & 0xff) <<
56) | ((__uint64_t)((gettime() - (getuptime() - st->expire
))*1000) & 0xff00ULL) << 40 | ((__uint64_t)((gettime
() - (getuptime() - st->expire))*1000) & 0xff0000ULL) <<
24 | ((__uint64_t)((gettime() - (getuptime() - st->expire
))*1000) & 0xff000000ULL) << 8 | ((__uint64_t)((gettime
() - (getuptime() - st->expire))*1000) & 0xff00000000ULL
) >> 8 | ((__uint64_t)((gettime() - (getuptime() - st->
expire))*1000) & 0xff0000000000ULL) >> 24 | ((__uint64_t
)((gettime() - (getuptime() - st->expire))*1000) & 0xff000000000000ULL
) >> 40 | ((__uint64_t)((gettime() - (getuptime() - st->
expire))*1000) & 0xff00000000000000ULL) >> 56) : __swap64md
((gettime() - (getuptime() - st->expire))*1000));
782
783 flow1->protocol = flow2->protocol = sk->proto;
784 flow1->tos = flow2->tos = st->rule.ptr->tos;
785}
786
787int
788export_pflow(struct pf_state *st)
789{
790 struct pflow_softc *sc = NULL((void *)0);
791 struct pf_state_key *sk;
792
793 sk = st->key[st->direction == PF_IN ? PF_SK_WIRE : PF_SK_STACK];
794
795 SLIST_FOREACH(sc, &pflowif_list, sc_next)for((sc) = ((&pflowif_list)->slh_first); (sc) != ((void
*)0); (sc) = ((sc)->sc_next.sle_next)) {
796 switch (sc->sc_version) {
797 case PFLOW_PROTO_55:
798 if( sk->af == AF_INET2 )
799 export_pflow_if(st, sk, sc);
800 break;
801 case PFLOW_PROTO_1010:
802 if( sk->af == AF_INET2 || sk->af == AF_INET624 )
803 export_pflow_if(st, sk, sc);
804 break;
805 default: /* NOTREACHED */
806 break;
807 }
808 }
809
810 return (0);
811}
812
813int
814export_pflow_if(struct pf_state *st, struct pf_state_key *sk,
815 struct pflow_softc *sc)
816{
817 struct pf_state pfs_copy;
818 struct ifnet *ifp = &sc->sc_if;
819 u_int64_t bytes[2];
820 int ret = 0;
821
822 if (!(ifp->if_flags & IFF_RUNNING0x40))
823 return (0);
824
825 if (sc->sc_version == PFLOW_PROTO_1010)
826 return (pflow_pack_flow_ipfix(st, sk, sc));
827
828 /* PFLOW_PROTO_5 */
829 if ((st->bytes[0] < (u_int64_t)PFLOW_MAXBYTES0xffffffff)
830 && (st->bytes[1] < (u_int64_t)PFLOW_MAXBYTES0xffffffff))
831 return (pflow_pack_flow(st, sk, sc));
832
833 /* flow > PFLOW_MAXBYTES need special handling */
834 bcopy(st, &pfs_copy, sizeof(pfs_copy));
835 bytes[0] = pfs_copy.bytes[0];
836 bytes[1] = pfs_copy.bytes[1];
837
838 while (bytes[0] > PFLOW_MAXBYTES0xffffffff) {
839 pfs_copy.bytes[0] = PFLOW_MAXBYTES0xffffffff;
840 pfs_copy.bytes[1] = 0;
841
842 if ((ret = pflow_pack_flow(&pfs_copy, sk, sc)) != 0)
843 return (ret);
844 if ((bytes[0] - PFLOW_MAXBYTES0xffffffff) > 0)
845 bytes[0] -= PFLOW_MAXBYTES0xffffffff;
846 }
847
848 while (bytes[1] > (u_int64_t)PFLOW_MAXBYTES0xffffffff) {
849 pfs_copy.bytes[1] = PFLOW_MAXBYTES0xffffffff;
850 pfs_copy.bytes[0] = 0;
851
852 if ((ret = pflow_pack_flow(&pfs_copy, sk, sc)) != 0)
853 return (ret);
854 if ((bytes[1] - PFLOW_MAXBYTES0xffffffff) > 0)
855 bytes[1] -= PFLOW_MAXBYTES0xffffffff;
856 }
857
858 pfs_copy.bytes[0] = bytes[0];
859 pfs_copy.bytes[1] = bytes[1];
860
861 return (pflow_pack_flow(&pfs_copy, sk, sc));
862}
863
864int
865copy_flow_to_m(struct pflow_flow *flow, struct pflow_softc *sc)
866{
867 int ret = 0;
868
869 if (sc->sc_mbuf == NULL((void *)0)) {
870 if ((sc->sc_mbuf = pflow_get_mbuf(sc, 0)) == NULL((void *)0))
871 return (ENOBUFS55);
872 }
873 m_copyback(sc->sc_mbuf, PFLOW_HDRLENsizeof(struct pflow_header) +
874 (sc->sc_count * sizeof(struct pflow_flow)),
875 sizeof(struct pflow_flow), flow, M_NOWAIT0x0002);
876
877 if (pflowstats.pflow_flows == sc->sc_gcounter)
878 pflowstats.pflow_flows++;
879 sc->sc_gcounter++;
880 sc->sc_count++;
881
882 if (sc->sc_count >= sc->sc_maxcount)
883 ret = pflow_sendout_v5(sc);
884
885 return(ret);
886}
887
888int
889copy_flow_ipfix_4_to_m(struct pflow_ipfix_flow4 *flow, struct pflow_softc *sc)
890{
891 int ret = 0;
892
893 if (sc->sc_mbuf == NULL((void *)0)) {
894 if ((sc->sc_mbuf =
895 pflow_get_mbuf(sc, PFLOW_IPFIX_TMPL_IPV4_ID256)) == NULL((void *)0)) {
896 return (ENOBUFS55);
897 }
898 sc->sc_count4 = 0;
899 timeout_add_sec(&sc->sc_tmo, PFLOW_TIMEOUT30);
900 }
901 m_copyback(sc->sc_mbuf, PFLOW_SET_HDRLENsizeof(struct pflow_set_header) +
902 (sc->sc_count4 * sizeof(struct pflow_ipfix_flow4)),
903 sizeof(struct pflow_ipfix_flow4), flow, M_NOWAIT0x0002);
904
905 if (pflowstats.pflow_flows == sc->sc_gcounter)
906 pflowstats.pflow_flows++;
907 sc->sc_gcounter++;
908 sc->sc_count4++;
909
910 if (sc->sc_count4 >= sc->sc_maxcount4)
911 ret = pflow_sendout_ipfix(sc, AF_INET2);
912 return(ret);
913}
914
915int
916copy_flow_ipfix_6_to_m(struct pflow_ipfix_flow6 *flow, struct pflow_softc *sc)
917{
918 int ret = 0;
919
920 if (sc->sc_mbuf6 == NULL((void *)0)) {
921 if ((sc->sc_mbuf6 =
922 pflow_get_mbuf(sc, PFLOW_IPFIX_TMPL_IPV6_ID257)) == NULL((void *)0)) {
923 return (ENOBUFS55);
924 }
925 sc->sc_count6 = 0;
926 timeout_add_sec(&sc->sc_tmo6, PFLOW_TIMEOUT30);
927 }
928 m_copyback(sc->sc_mbuf6, PFLOW_SET_HDRLENsizeof(struct pflow_set_header) +
929 (sc->sc_count6 * sizeof(struct pflow_ipfix_flow6)),
930 sizeof(struct pflow_ipfix_flow6), flow, M_NOWAIT0x0002);
931
932 if (pflowstats.pflow_flows == sc->sc_gcounter)
933 pflowstats.pflow_flows++;
934 sc->sc_gcounter++;
935 sc->sc_count6++;
936
937 if (sc->sc_count6 >= sc->sc_maxcount6)
938 ret = pflow_sendout_ipfix(sc, AF_INET624);
939
940 return(ret);
941}
942
943int
944pflow_pack_flow(struct pf_state *st, struct pf_state_key *sk,
945 struct pflow_softc *sc)
946{
947 struct pflow_flow flow1;
948 struct pflow_flow flow2;
949 int ret = 0;
950
951 bzero(&flow1, sizeof(flow1))__builtin_bzero((&flow1), (sizeof(flow1)));
952 bzero(&flow2, sizeof(flow2))__builtin_bzero((&flow2), (sizeof(flow2)));
953
954 if (st->direction == PF_OUT)
955 copy_flow_data(&flow1, &flow2, st, sk, 1, 0);
956 else
957 copy_flow_data(&flow1, &flow2, st, sk, 0, 1);
958
959 if (st->bytes[0] != 0) /* first flow from state */
960 ret = copy_flow_to_m(&flow1, sc);
961
962 if (st->bytes[1] != 0) /* second flow from state */
963 ret = copy_flow_to_m(&flow2, sc);
964
965 return (ret);
966}
967
968int
969pflow_pack_flow_ipfix(struct pf_state *st, struct pf_state_key *sk,
970 struct pflow_softc *sc)
971{
972 struct pflow_ipfix_flow4 flow4_1, flow4_2;
973 struct pflow_ipfix_flow6 flow6_1, flow6_2;
974 int ret = 0;
975 if (sk->af == AF_INET2) {
976 bzero(&flow4_1, sizeof(flow4_1))__builtin_bzero((&flow4_1), (sizeof(flow4_1)));
977 bzero(&flow4_2, sizeof(flow4_2))__builtin_bzero((&flow4_2), (sizeof(flow4_2)));
978
979 if (st->direction == PF_OUT)
980 copy_flow_ipfix_4_data(&flow4_1, &flow4_2, st, sk, sc,
981 1, 0);
982 else
983 copy_flow_ipfix_4_data(&flow4_1, &flow4_2, st, sk, sc,
984 0, 1);
985
986 if (st->bytes[0] != 0) /* first flow from state */
987 ret = copy_flow_ipfix_4_to_m(&flow4_1, sc);
988
989 if (st->bytes[1] != 0) /* second flow from state */
990 ret = copy_flow_ipfix_4_to_m(&flow4_2, sc);
991 } else if (sk->af == AF_INET624) {
992 bzero(&flow6_1, sizeof(flow6_1))__builtin_bzero((&flow6_1), (sizeof(flow6_1)));
993 bzero(&flow6_2, sizeof(flow6_2))__builtin_bzero((&flow6_2), (sizeof(flow6_2)));
994
995 if (st->direction == PF_OUT)
996 copy_flow_ipfix_6_data(&flow6_1, &flow6_2, st, sk, sc,
997 1, 0);
998 else
999 copy_flow_ipfix_6_data(&flow6_1, &flow6_2, st, sk, sc,
1000 0, 1);
1001
1002 if (st->bytes[0] != 0) /* first flow from state */
1003 ret = copy_flow_ipfix_6_to_m(&flow6_1, sc);
1004
1005 if (st->bytes[1] != 0) /* second flow from state */
1006 ret = copy_flow_ipfix_6_to_m(&flow6_2, sc);
1007 }
1008 return (ret);
1009}
1010
1011void
1012pflow_timeout(void *v)
1013{
1014 struct pflow_softc *sc = v;
1015
1016 switch (sc->sc_version) {
1017 case PFLOW_PROTO_55:
1018 pflow_sendout_v5(sc);
1019 break;
1020 case PFLOW_PROTO_1010:
1021 pflow_sendout_ipfix(sc, AF_INET2);
1022 break;
1023 default: /* NOTREACHED */
1024 break;
1025 }
1026}
1027
1028void
1029pflow_timeout6(void *v)
1030{
1031 struct pflow_softc *sc = v;
1032
1033 pflow_sendout_ipfix(sc, AF_INET624);
1034}
1035
1036void
1037pflow_timeout_tmpl(void *v)
1038{
1039 struct pflow_softc *sc = v;
1040
1041 pflow_sendout_ipfix_tmpl(sc);
1042}
1043
1044void
1045pflow_flush(struct pflow_softc *sc)
1046{
1047 switch (sc->sc_version) {
11
Control jumps to 'case 5:' at line 1048
1048 case PFLOW_PROTO_55:
1049 pflow_sendout_v5(sc);
12
Value assigned to field 'sc_flowdst'
1050 break;
13
 Execution continues on line 1049
1051 case PFLOW_PROTO_1010:
1052 pflow_sendout_ipfix(sc, AF_INET2);
1053 pflow_sendout_ipfix(sc, AF_INET624);
1054 break;
1055 default: /* NOTREACHED */
1056 break;
1057 }
1058}
1059
1060int
1061pflow_sendout_v5(struct pflow_softc *sc)
1062{
1063 struct mbuf *m = sc->sc_mbuf;
1064 struct pflow_header *h;
1065 struct ifnet *ifp = &sc->sc_if;
1066 struct timespec tv;
1067
1068 timeout_del(&sc->sc_tmo);
1069
1070 if (m == NULL((void *)0))
1071 return (0);
1072
1073 sc->sc_mbuf = NULL((void *)0);
1074 if (!(ifp->if_flags & IFF_RUNNING0x40)) {
1075 m_freem(m);
1076 return (0);
1077 }
1078
1079 pflowstats.pflow_packets++;
1080 h = mtod(m, struct pflow_header *)((struct pflow_header *)((m)->m_hdr.mh_data));
1081 h->count = htons(sc->sc_count)(__uint16_t)(__builtin_constant_p(sc->sc_count) ? (__uint16_t
)(((__uint16_t)(sc->sc_count) & 0xffU) << 8 | ((
__uint16_t)(sc->sc_count) & 0xff00U) >> 8) : __swap16md
(sc->sc_count));
1082
1083 /* populate pflow_header */
1084 h->uptime_ms = htonl(getuptime() * 1000)(__uint32_t)(__builtin_constant_p(getuptime() * 1000) ? (__uint32_t
)(((__uint32_t)(getuptime() * 1000) & 0xff) << 24 |
((__uint32_t)(getuptime() * 1000) & 0xff00) << 8 |
((__uint32_t)(getuptime() * 1000) & 0xff0000) >> 8
| ((__uint32_t)(getuptime() * 1000) & 0xff000000) >>
24) : __swap32md(getuptime() * 1000));
1085
1086 getnanotime(&tv);
1087 h->time_sec = htonl(tv.tv_sec)(__uint32_t)(__builtin_constant_p(tv.tv_sec) ? (__uint32_t)((
(__uint32_t)(tv.tv_sec) & 0xff) << 24 | ((__uint32_t
)(tv.tv_sec) & 0xff00) << 8 | ((__uint32_t)(tv.tv_sec
) & 0xff0000) >> 8 | ((__uint32_t)(tv.tv_sec) &
0xff000000) >> 24) : __swap32md(tv.tv_sec)); /* XXX 2038 */
1088 h->time_nanosec = htonl(tv.tv_nsec)(__uint32_t)(__builtin_constant_p(tv.tv_nsec) ? (__uint32_t)(
((__uint32_t)(tv.tv_nsec) & 0xff) << 24 | ((__uint32_t
)(tv.tv_nsec) & 0xff00) << 8 | ((__uint32_t)(tv.tv_nsec
) & 0xff0000) >> 8 | ((__uint32_t)(tv.tv_nsec) &
0xff000000) >> 24) : __swap32md(tv.tv_nsec));
1089 if (mq_enqueue(&sc->sc_outputqueue, m) == 0)
1090 task_add(net_tq(ifp->if_index), &sc->sc_outputtask);
1091 return (0);
1092}
1093
1094int
1095pflow_sendout_ipfix(struct pflow_softc *sc, sa_family_t af)
1096{
1097 struct mbuf *m;
1098 struct pflow_v10_header *h10;
1099 struct pflow_set_header *set_hdr;
1100 struct ifnet *ifp = &sc->sc_if;
1101 u_int32_t count;
1102 int set_length;
1103
1104 switch (af) {
1105 case AF_INET2:
1106 m = sc->sc_mbuf;
1107 timeout_del(&sc->sc_tmo);
1108 if (m == NULL((void *)0))
1109 return (0);
1110 sc->sc_mbuf = NULL((void *)0);
1111 count = sc->sc_count4;
1112 set_length = sizeof(struct pflow_set_header)
1113 + sc->sc_count4 * sizeof(struct pflow_ipfix_flow4);
1114 break;
1115 case AF_INET624:
1116 m = sc->sc_mbuf6;
1117 timeout_del(&sc->sc_tmo6);
1118 if (m == NULL((void *)0))
1119 return (0);
1120 sc->sc_mbuf6 = NULL((void *)0);
1121 count = sc->sc_count6;
1122 set_length = sizeof(struct pflow_set_header)
1123 + sc->sc_count6 * sizeof(struct pflow_ipfix_flow6);
1124 break;
1125 default:
1126 unhandled_af(af);
1127 }
1128
1129 if (!(ifp->if_flags & IFF_RUNNING0x40)) {
1130 m_freem(m);
1131 return (0);
1132 }
1133
1134 pflowstats.pflow_packets++;
1135 set_hdr = mtod(m, struct pflow_set_header *)((struct pflow_set_header *)((m)->m_hdr.mh_data));
1136 set_hdr->set_length = htons(set_length)(__uint16_t)(__builtin_constant_p(set_length) ? (__uint16_t)(
((__uint16_t)(set_length) & 0xffU) << 8 | ((__uint16_t
)(set_length) & 0xff00U) >> 8) : __swap16md(set_length
));
1137
1138 /* populate pflow_header */
1139 M_PREPEND(m, sizeof(struct pflow_v10_header), M_DONTWAIT)(m) = m_prepend((m), (sizeof(struct pflow_v10_header)), (0x0002
));
1140 if (m == NULL((void *)0)) {
1141 pflowstats.pflow_onomem++;
1142 return (ENOBUFS55);
1143 }
1144 h10 = mtod(m, struct pflow_v10_header *)((struct pflow_v10_header *)((m)->m_hdr.mh_data));
1145 h10->version = htons(PFLOW_PROTO_10)(__uint16_t)(__builtin_constant_p(10) ? (__uint16_t)(((__uint16_t
)(10) & 0xffU) << 8 | ((__uint16_t)(10) & 0xff00U
) >> 8) : __swap16md(10));
1146 h10->length = htons(PFLOW_IPFIX_HDRLEN + set_length)(__uint16_t)(__builtin_constant_p(sizeof(struct pflow_v10_header
) + set_length) ? (__uint16_t)(((__uint16_t)(sizeof(struct pflow_v10_header
) + set_length) & 0xffU) << 8 | ((__uint16_t)(sizeof
(struct pflow_v10_header) + set_length) & 0xff00U) >>
8) : __swap16md(sizeof(struct pflow_v10_header) + set_length
));
1147 h10->time_sec = htonl(gettime())(__uint32_t)(__builtin_constant_p(gettime()) ? (__uint32_t)((
(__uint32_t)(gettime()) & 0xff) << 24 | ((__uint32_t
)(gettime()) & 0xff00) << 8 | ((__uint32_t)(gettime
()) & 0xff0000) >> 8 | ((__uint32_t)(gettime()) &
0xff000000) >> 24) : __swap32md(gettime())); /* XXX 2038 */
1148 h10->flow_sequence = htonl(sc->sc_sequence)(__uint32_t)(__builtin_constant_p(sc->sc_sequence) ? (__uint32_t
)(((__uint32_t)(sc->sc_sequence) & 0xff) << 24 |
((__uint32_t)(sc->sc_sequence) & 0xff00) << 8 |
((__uint32_t)(sc->sc_sequence) & 0xff0000) >> 8
| ((__uint32_t)(sc->sc_sequence) & 0xff000000) >>
24) : __swap32md(sc->sc_sequence));
1149 sc->sc_sequence += count;
1150 h10->observation_dom = htonl(PFLOW_ENGINE_TYPE)(__uint32_t)(__builtin_constant_p(42) ? (__uint32_t)(((__uint32_t
)(42) & 0xff) << 24 | ((__uint32_t)(42) & 0xff00
) << 8 | ((__uint32_t)(42) & 0xff0000) >> 8 |
((__uint32_t)(42) & 0xff000000) >> 24) : __swap32md
(42));
1151 if (mq_enqueue(&sc->sc_outputqueue, m) == 0)
1152 task_add(net_tq(ifp->if_index), &sc->sc_outputtask);
1153 return (0);
1154}
1155
1156int
1157pflow_sendout_ipfix_tmpl(struct pflow_softc *sc)
1158{
1159 struct mbuf *m;
1160 struct pflow_v10_header *h10;
1161 struct ifnet *ifp = &sc->sc_if;
1162
1163 timeout_del(&sc->sc_tmo_tmpl);
1164
1165 if (!(ifp->if_flags & IFF_RUNNING0x40)) {
1166 return (0);
1167 }
1168 m = pflow_get_mbuf(NULL((void *)0), 0);
1169 if (m == NULL((void *)0))
1170 return (0);
1171 if (m_copyback(m, 0, sizeof(struct pflow_ipfix_tmpl),
1172 &sc->sc_tmpl_ipfix, M_NOWAIT0x0002)) {
1173 m_freem(m);
1174 return (0);
1175 }
1176 pflowstats.pflow_packets++;
1177
1178 /* populate pflow_header */
1179 M_PREPEND(m, sizeof(struct pflow_v10_header), M_DONTWAIT)(m) = m_prepend((m), (sizeof(struct pflow_v10_header)), (0x0002
));
1180 if (m == NULL((void *)0)) {
1181 pflowstats.pflow_onomem++;
1182 return (ENOBUFS55);
1183 }
1184 h10 = mtod(m, struct pflow_v10_header *)((struct pflow_v10_header *)((m)->m_hdr.mh_data));
1185 h10->version = htons(PFLOW_PROTO_10)(__uint16_t)(__builtin_constant_p(10) ? (__uint16_t)(((__uint16_t
)(10) & 0xffU) << 8 | ((__uint16_t)(10) & 0xff00U
) >> 8) : __swap16md(10));
1186 h10->length = htons(PFLOW_IPFIX_HDRLEN + sizeof(struct(__uint16_t)(__builtin_constant_p(sizeof(struct pflow_v10_header
) + sizeof(struct pflow_ipfix_tmpl)) ? (__uint16_t)(((__uint16_t
)(sizeof(struct pflow_v10_header) + sizeof(struct pflow_ipfix_tmpl
)) & 0xffU) << 8 | ((__uint16_t)(sizeof(struct pflow_v10_header
) + sizeof(struct pflow_ipfix_tmpl)) & 0xff00U) >> 8
) : __swap16md(sizeof(struct pflow_v10_header) + sizeof(struct
pflow_ipfix_tmpl)))
1187 pflow_ipfix_tmpl))(__uint16_t)(__builtin_constant_p(sizeof(struct pflow_v10_header
) + sizeof(struct pflow_ipfix_tmpl)) ? (__uint16_t)(((__uint16_t
)(sizeof(struct pflow_v10_header) + sizeof(struct pflow_ipfix_tmpl
)) & 0xffU) << 8 | ((__uint16_t)(sizeof(struct pflow_v10_header
) + sizeof(struct pflow_ipfix_tmpl)) & 0xff00U) >> 8
) : __swap16md(sizeof(struct pflow_v10_header) + sizeof(struct
pflow_ipfix_tmpl)));
1188 h10->time_sec = htonl(gettime())(__uint32_t)(__builtin_constant_p(gettime()) ? (__uint32_t)((
(__uint32_t)(gettime()) & 0xff) << 24 | ((__uint32_t
)(gettime()) & 0xff00) << 8 | ((__uint32_t)(gettime
()) & 0xff0000) >> 8 | ((__uint32_t)(gettime()) &
0xff000000) >> 24) : __swap32md(gettime())); /* XXX 2038 */
1189 h10->flow_sequence = htonl(sc->sc_sequence)(__uint32_t)(__builtin_constant_p(sc->sc_sequence) ? (__uint32_t
)(((__uint32_t)(sc->sc_sequence) & 0xff) << 24 |
((__uint32_t)(sc->sc_sequence) & 0xff00) << 8 |
((__uint32_t)(sc->sc_sequence) & 0xff0000) >> 8
| ((__uint32_t)(sc->sc_sequence) & 0xff000000) >>
24) : __swap32md(sc->sc_sequence));
1190 h10->observation_dom = htonl(PFLOW_ENGINE_TYPE)(__uint32_t)(__builtin_constant_p(42) ? (__uint32_t)(((__uint32_t
)(42) & 0xff) << 24 | ((__uint32_t)(42) & 0xff00
) << 8 | ((__uint32_t)(42) & 0xff0000) >> 8 |
((__uint32_t)(42) & 0xff000000) >> 24) : __swap32md
(42));
1191
1192 timeout_add_sec(&sc->sc_tmo_tmpl, PFLOW_TMPL_TIMEOUT30);
1193 if (mq_enqueue(&sc->sc_outputqueue, m) == 0)
1194 task_add(net_tq(ifp->if_index), &sc->sc_outputtask);
1195 return (0);
1196}
1197
1198int
1199pflow_sendout_mbuf(struct pflow_softc *sc, struct mbuf *m)
1200{
1201 sc->sc_if.if_opacketsif_data.ifi_opackets++;
1202 sc->sc_if.if_obytesif_data.ifi_obytes += m->m_pkthdrM_dat.MH.MH_pkthdr.len;
1203
1204 if (sc->so == NULL((void *)0)) {
1205 m_freem(m);
1206 return (EINVAL22);
1207 }
1208 return (sosend(sc->so, sc->send_nam, NULL((void *)0), m, NULL((void *)0), 0));
1209}
1210
1211int
1212pflow_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp,
1213 void *newp, size_t newlen)
1214{
1215 if (namelen != 1)
1216 return (ENOTDIR20);
1217
1218 switch (name[0]) {
1219 case NET_PFLOW_STATS1:
1220 if (newp != NULL((void *)0))
1221 return (EPERM1);
1222 return (sysctl_struct(oldp, oldlenp, newp, newlen,
1223 &pflowstats, sizeof(pflowstats)));
1224 default:
1225 return (EOPNOTSUPP45);
1226 }
1227 return (0);
1228}