From owner-svn-src-all@freebsd.org Wed Jun 13 13:15:06 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 694731009E3D; Wed, 13 Jun 2018 13:15:06 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1CD92822CB; Wed, 13 Jun 2018 13:15:06 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id F19C819EA2; Wed, 13 Jun 2018 13:15:05 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w5DDF57H029591; Wed, 13 Jun 2018 13:15:05 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w5DDF40n029586; Wed, 13 Jun 2018 13:15:04 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201806131315.w5DDF40n029586@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Wed, 13 Jun 2018 13:15:04 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r335058 - in stable/11: etc/rc.d sbin/pfctl X-SVN-Group: stable-11 X-SVN-Commit-Author: kp X-SVN-Commit-Paths: in stable/11: etc/rc.d sbin/pfctl X-SVN-Commit-Revision: 335058 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jun 2018 13:15:06 -0000 Author: kp Date: Wed Jun 13 13:15:04 2018 New Revision: 335058 URL: https://svnweb.freebsd.org/changeset/base/335058 Log: MFC r334726: pf: Return non-zero from 'status' if pf is not enabled In the pf rc.d script the output of `/etc/rc.d/pf status` or `/etc/rc.d/pf onestatus` always provided an exit status of zero. This made it fiddly to programmatically determine if pf was running or not. Return a non-zero status if the pf module is not loaded, extend pfctl to have an option to return an error status if pf is not enabled. PR: 228632 Submitted by: James Park-Watt Modified: stable/11/etc/rc.d/pf stable/11/sbin/pfctl/pfctl.8 stable/11/sbin/pfctl/pfctl.c stable/11/sbin/pfctl/pfctl_parser.c stable/11/sbin/pfctl/pfctl_parser.h Directory Properties: stable/11/ (props changed) Modified: stable/11/etc/rc.d/pf ============================================================================== --- stable/11/etc/rc.d/pf Wed Jun 13 12:44:45 2018 (r335057) +++ stable/11/etc/rc.d/pf Wed Jun 13 13:15:04 2018 (r335058) @@ -66,8 +66,10 @@ pf_status() { if ! [ -c /dev/pf ] ; then echo "pf.ko is not loaded" + return 1 else $pf_program -s info + $pf_program -s Running >/dev/null fi } Modified: stable/11/sbin/pfctl/pfctl.8 ============================================================================== --- stable/11/sbin/pfctl/pfctl.8 Wed Jun 13 12:44:45 2018 (r335057) +++ stable/11/sbin/pfctl/pfctl.8 Wed Jun 13 13:15:04 2018 (r335058) @@ -412,6 +412,8 @@ Show filter information (statistics and counters). When used together with .Fl v , source tracking statistics are also shown. +.It Fl s Cm Running +Show the running status and provide a non-zero exit status when disabled. .It Fl s Cm labels Show per-rule statistics (label, evaluations, packets total, bytes total, packets in, bytes in, packets out, bytes out, state creations) of Modified: stable/11/sbin/pfctl/pfctl.c ============================================================================== --- stable/11/sbin/pfctl/pfctl.c Wed Jun 13 12:44:45 2018 (r335057) +++ stable/11/sbin/pfctl/pfctl.c Wed Jun 13 13:15:04 2018 (r335058) @@ -96,6 +96,7 @@ int pfctl_show_nat(int, int, char *); int pfctl_show_src_nodes(int, int); int pfctl_show_states(int, const char *, int); int pfctl_show_status(int, int); +int pfctl_show_running(int); int pfctl_show_timeouts(int, int); int pfctl_show_limits(int, int); void pfctl_debug(int, u_int32_t, int); @@ -217,7 +218,7 @@ static const char *clearopt_list[] = { static const char *showopt_list[] = { "nat", "queue", "rules", "Anchors", "Sources", "states", "info", "Interfaces", "labels", "timeouts", "memory", "Tables", "osfp", - "all", NULL + "Running", "all", NULL }; static const char *tblcmdopt_list[] = { @@ -1155,6 +1156,20 @@ pfctl_show_status(int dev, int opts) } int +pfctl_show_running(int dev) +{ + struct pf_status status; + + if (ioctl(dev, DIOCGETSTATUS, &status)) { + warn("DIOCGETSTATUS"); + return (-1); + } + + print_running(&status); + return (!status.running); +} + +int pfctl_show_timeouts(int dev, int opts) { struct pfioc_tm pt; @@ -2271,6 +2286,9 @@ main(int argc, char *argv[]) break; case 'i': pfctl_show_status(dev, opts); + break; + case 'R': + error = pfctl_show_running(dev); break; case 't': pfctl_show_timeouts(dev, opts); Modified: stable/11/sbin/pfctl/pfctl_parser.c ============================================================================== --- stable/11/sbin/pfctl/pfctl_parser.c Wed Jun 13 12:44:45 2018 (r335057) +++ stable/11/sbin/pfctl/pfctl_parser.c Wed Jun 13 13:15:04 2018 (r335058) @@ -615,6 +615,12 @@ print_status(struct pf_status *s, int opts) } void +print_running(struct pf_status *status) +{ + printf("%s\n", status->running ? "Enabled" : "Disabled"); +} + +void print_src_node(struct pf_src_node *sn, int opts) { struct pf_addr_wrap aw; Modified: stable/11/sbin/pfctl/pfctl_parser.h ============================================================================== --- stable/11/sbin/pfctl/pfctl_parser.h Wed Jun 13 12:44:45 2018 (r335057) +++ stable/11/sbin/pfctl/pfctl_parser.h Wed Jun 13 13:15:04 2018 (r335058) @@ -257,6 +257,7 @@ void print_src_node(struct pf_src_node *, int); void print_rule(struct pf_rule *, const char *, int, int); void print_tabledef(const char *, int, int, struct node_tinithead *); void print_status(struct pf_status *, int); +void print_running(struct pf_status *); int eval_pfaltq(struct pfctl *, struct pf_altq *, struct node_queue_bw *, struct node_queue_opt *);