Date: Fri, 14 Apr 2017 12:38:31 +0200 From: "Kristof Provost" <kristof@sigsegv.be> To: Max <maximos@als.nnov.ru> Cc: freebsd-pf@FreeBSD.org Subject: Re: pfctl does not clear limit couters Message-ID: <C00CD0C6-4EEC-454C-80E3-DBB88D928BB0@sigsegv.be> In-Reply-To: <a0782621-b033-5f15-6d51-cafd86d3f559@als.nnov.ru> References: <a0782621-b033-5f15-6d51-cafd86d3f559@als.nnov.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On 14 Apr 2017, at 8:24, Max wrote:
> "pfctl -F info" command doesn't clear limit counters (shown in "pfctl
> -vsi" output).
>
> I think, should be
> --- sys/netpfil/pf/pf_ioctl.c.orig 2017-04-14 09:10:25.171380000
> +0300
> +++ sys/netpfil/pf/pf_ioctl.c 2017-04-14 09:13:21.553650000 +0300
> @@ -1835,16 +1835,18 @@
> case DIOCCLRSTATUS: {
> PF_RULES_WLOCK();
> for (int i = 0; i < PFRES_MAX; i++)
> counter_u64_zero(V_pf_status.counters[i]);
> for (int i = 0; i < FCNT_MAX; i++)
> counter_u64_zero(V_pf_status.fcounters[i]);
> for (int i = 0; i < SCNT_MAX; i++)
> counter_u64_zero(V_pf_status.scounters[i]);
> + for (int i = 0; i < LCNT_MAX; i++)
> + counter_u64_zero(V_pf_status.lcounters[i]);
> V_pf_status.since = time_second;
> if (*V_pf_status.ifname)
> pfi_update_status(V_pf_status.ifname, NULL);
> PF_RULES_WUNLOCK();
> break;
> }
>
> case DIOCNATLOOK: {
>
This looks reasonable, but interestingly OpenBSD also don’t clear
lcounters.
I’ll dig into it a bit more in the next few days.
Regards,
Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C00CD0C6-4EEC-454C-80E3-DBB88D928BB0>