git: 9a538abd957c - main - pf: add 'translation' counter

Wed, 12 Feb 2025 01:38:59 -0800 

The branch main has been updated by kp:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=9a538abd957cd43bd09e3d72bc5fe6d0189ffaf8

commit 9a538abd957cd43bd09e3d72bc5fe6d0189ffaf8
Author:     Kristof Provost <[email protected]>
AuthorDate: 2025-02-05 10:58:57 +0000
Commit:     Kristof Provost <[email protected]>
CommitDate: 2025-02-12 08:29:09 +0000

    pf: add 'translation' counter
    
    Add a separate "translation" counter and use this rather than "memory"
    when address translation fails due to no free ports in the configured range.
    ok mikeb@
    
    Obtained from:  OpenBSD, sthen <[email protected]>, 70ff79155f
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/netpfil/pf/pf.c | 4 ++--
 sys/netpfil/pf/pf.h | 4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 4d8a0f2aba31..9963dc728302 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -5823,7 +5823,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm,
                                        pd->naf = r->naf;
                                if (pd->af != pd->naf) {
                                        if (pf_get_transaddr_af(r, pd) == -1) {
-                                               REASON_SET(&reason, 
PFRES_MEMORY);
+                                               REASON_SET(&reason, 
PFRES_TRANSLATE);
                                                goto cleanup;
                                        }
                                }
@@ -5863,7 +5863,7 @@ nextrule:
                pd->naf = r->naf;
        if (pd->af != pd->naf) {
                if (pf_get_transaddr_af(r, pd) == -1) {
-                       REASON_SET(&reason, PFRES_MEMORY);
+                       REASON_SET(&reason, PFRES_TRANSLATE);
                        goto cleanup;
                }
        }
diff --git a/sys/netpfil/pf/pf.h b/sys/netpfil/pf/pf.h
index 24249ead6ba2..01c1abc54602 100644
--- a/sys/netpfil/pf/pf.h
+++ b/sys/netpfil/pf/pf.h
@@ -156,7 +156,8 @@ enum        { PF_ADDR_ADDRMASK, PF_ADDR_NOROUTE, 
PF_ADDR_DYNIFTL,
 #define PFRES_SRCLIMIT 13              /* Source node/conn limit */
 #define PFRES_SYNPROXY 14              /* SYN proxy */
 #define PFRES_MAPFAILED        15              /* pf_map_addr() failed */
-#define PFRES_MAX      16              /* total+1 */
+#define PFRES_TRANSLATE        16              /* No translation address 
available */
+#define PFRES_MAX      17              /* total+1 */
 
 #define PFRES_NAMES { \
        "match", \
@@ -175,6 +176,7 @@ enum        { PF_ADDR_ADDRMASK, PF_ADDR_NOROUTE, 
PF_ADDR_DYNIFTL,
        "src-limit", \
        "synproxy", \
        "map-failed", \
+       "translate", \
        NULL \
 }

Reply via email to