From nobody Mon Aug 28 12:03:18 2023 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RZ8Mp3JQmz4rT8s; Mon, 28 Aug 2023 12:03:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RZ8Mp2MLCz3dDD; Mon, 28 Aug 2023 12:03:18 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1693224198; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JA3VcQReQg7MwfV0VI14qFaGsYm86bvZksP9UdGuSaU=; b=F2PrZFTZA8uKyReO+XszcsQUvZxDBICfV7zpT7zSaKPjVnTTx3zRnUfQGVt8ltAfEA8MbQ ZFqvtgC99psxveQOofJPIdx8ypLNrk6R8S07VeS4bCNP92p5pipQ8kRJ+bw9AZkKqeRsGr 39WbdX2gdD20+sUhQdHLYwiFhlelz/VRWJonQs9TxlrCgn9f2OzBPzgyFwKmSXx/1YoEeq pAbqbCgy3YZjMDmPIr0AzIyfXe450N7p5FIbspJMjYbDnmBBJksP5zXwbt5gAPn8mfBeRp bw+Bn6kM8xiovuLDorXeRH+N7Mt6dllKWEKJSyVWW5wFUlPa1dU2cynxa1bzvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1693224198; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JA3VcQReQg7MwfV0VI14qFaGsYm86bvZksP9UdGuSaU=; b=S5pkGbRQMozlAiDmDdVx2ZlRrZzLNUL9+2WzMAiNpsLZjzWzcr9EZpQ7fXCPYSsLLHSYiq Mcy/kIAv4xxoEYjfb9OIQOfIA0zcoB2uU8jzlcuVTGIQlTzZOVYN2+Znh7IKItefUjwtby 5PO2lsh53diWqjiX0DJHVD6sqza8HR1PlnVA/PjF0j5NQAtL99rsn+zAEXBD4tFFGwzMgj lUZPVyj9cVDBJ5GP72p32UKRC/fCkK/YAJxUYy9SCKgaOdGjZwcYGd8RYcFH/97sP9iZgq K5o9b8KnNQGVj8z4RPFINVIBsfOTmi+UjcK/aOlOeEpaqHppKjL0736qL+D69g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1693224198; a=rsa-sha256; cv=none; b=MBZ1q1gJ29z5jVeVwsJTNK5P8ddVodzo7ENSSDycAbT1YNF0leMF26WKFahbxIDQNyTZXg jutEKfffA1NQaeDUPdPz7nBpeeNmCYlPVEG56eMzhBQ4i3B0FSb0y8p4/Pvi4n3Bdm3eeM KkQxPpxptZeYPcgvUvuI69XcFvp5IC8syRBU0VAbKvJ3PEe6n1fqer6wrYImlhvxxQkwNc amYt4v11KEDpXcOr7YzyzeUM8LAKxARLX6NP1tsRrJktbhbAeOx64rzdJFsYkB8cqs2VSN KGdXQC313kvRHS/v8Sfz1O74MWdq8/TcwB2afVbqzPNno26zthPu2Iiob9SxyQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RZ8Mp1QJVz16qg; Mon, 28 Aug 2023 12:03:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 37SC3Ito030342; Mon, 28 Aug 2023 12:03:18 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 37SC3I9L030339; Mon, 28 Aug 2023 12:03:18 GMT (envelope-from git) Date: Mon, 28 Aug 2023 12:03:18 GMT Message-Id: <202308281203.37SC3I9L030339@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: fa0c6b66dc77 - stable/13 - pf: expose syncookie active/inactive status List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: fa0c6b66dc77704fadc29832a8fea3d3d63c52ff Auto-Submitted: auto-generated The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=fa0c6b66dc77704fadc29832a8fea3d3d63c52ff commit fa0c6b66dc77704fadc29832a8fea3d3d63c52ff Author: Kristof Provost AuthorDate: 2022-09-24 12:47:17 +0000 Commit: Kristof Provost CommitDate: 2023-08-28 08:17:17 +0000 pf: expose syncookie active/inactive status When syncookies are in adaptive mode they may be active or inactive. Expose this status to users. Suggested by: Guido van Rooij Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 444a77ca85c78d02c19622a83a2798d0c5c2117b) --- lib/libpfctl/libpfctl.c | 1 + lib/libpfctl/libpfctl.h | 1 + sbin/pfctl/pfctl_parser.c | 2 ++ sys/netpfil/pf/pf_ioctl.c | 2 ++ 4 files changed, 6 insertions(+) diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index 2205e1da9c1d..ae0e63818335 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -224,6 +224,7 @@ pfctl_get_status(int dev) status->hostid = ntohl(nvlist_get_number(nvl, "hostid")); status->states = nvlist_get_number(nvl, "states"); status->src_nodes = nvlist_get_number(nvl, "src_nodes"); + status->syncookies_active = nvlist_get_bool(nvl, "syncookies_active"); strlcpy(status->ifname, nvlist_get_string(nvl, "ifname"), IFNAMSIZ); diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h index 544dba4e07a3..bcf8644d112c 100644 --- a/lib/libpfctl/libpfctl.h +++ b/lib/libpfctl/libpfctl.h @@ -54,6 +54,7 @@ struct pfctl_status { uint64_t src_nodes; char ifname[IFNAMSIZ]; uint8_t pf_chksum[PF_MD5_DIGEST_LENGTH]; + bool syncookies_active; struct pfctl_status_counters counters; struct pfctl_status_counters lcounters; diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index a1760b5a65c4..c850056216ec 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -620,6 +620,8 @@ print_status(struct pfctl_status *s, struct pfctl_syncookies *cookies, int opts) assert(cookies->mode <= PFCTL_SYNCOOKIES_ADAPTIVE); printf(" %-25s %s\n", "mode", PFCTL_SYNCOOKIES_MODE_NAMES[cookies->mode]); + printf(" %-25s %s\n", "active", + s->syncookies_active ? "active" : "inactive"); } } diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index b0b5a361eb61..bd005893f7c8 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -4972,6 +4972,8 @@ pf_getstatus(struct pfioc_nv *nv) nvlist_add_number(nvl, "hostid", V_pf_status.hostid); nvlist_add_number(nvl, "states", V_pf_status.states); nvlist_add_number(nvl, "src_nodes", V_pf_status.src_nodes); + nvlist_add_bool(nvl, "syncookies_active", + V_pf_status.syncookies_active); /* counters */ error = pf_add_status_counters(nvl, "counters", V_pf_status.counters,