From nobody Mon Jun 9 21:06:51 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bGPcX07S7z5yVKF; Mon, 09 Jun 2025 21:06:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bGPcW6jyRz3g6D; Mon, 09 Jun 2025 21:06:51 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1749503211; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=d9U8UIA5Ck3cwGbyfD/449aAlLS7mV/Abk2Dtvz2N08=; b=I0W4zaG5XlmmxZjsjw7cykJg58WiOdBglM32u59o/GZLC+gR3NjBccFd4p4no2764yBR8O fO6sNWw90vJzMzE/+m1ySCaRxsG5rUCaqKNUb2AgWCzUJ3N+/t98o20S9aNuOAUt9cTiSN ZRfln7koEub1bVqt1e25Dd9uBq6zL7uSrcG8g8+Cfw3ykP7xAPGtjgwy3Py2ITuWa2a6xn BvjG6JRcqZcJCGc2wo7gBuDUI5d0PrBn+IiiaqVx7PQMn/zhRNAbkFf9J6upaUDfHr2JW5 XLgOdet+7wlRkLrPEEpL4XtH29iL1h4AZFSqwae+PwNy/GNX3OtF4vSOWaDE0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1749503211; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=d9U8UIA5Ck3cwGbyfD/449aAlLS7mV/Abk2Dtvz2N08=; b=YSAzF+CjyZV0qYQPbWGP6GwUfGye8FmSvGvbbBAcQOqEzm7x2Xcevvq3Tl/cwVQEGAyV7T iZJDb/PGO/B1bSOG+1+aRqixPg+txT3Qk/m2XQsbxf0Sfus1iApfeWPBIkzfBekVh/FQDo vxx8IisIX7rcGzuYqjje9wF/fRNbg5ynKqPf1dMOrZQfsZrQ6lsbNfLxllvqq18H9BkUPS PcvS2gXjMoyn66GbUyAJNIuo8QwVkN0m5L8PbeuuHuFYkr+yzVe+zbj/o6Xq/4iQkCjW+l DNGYbNYRhi0XPeivpbpFxQfbLKM/S7isMrrI3Fax6ZR9uYfQzeDDIZaeUEXU+A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1749503212; a=rsa-sha256; cv=none; b=b2b9J1ZwRz3F/MbUi5AbyYL9xSG6idspARW1d/BBKR1oS9IdfJtHrJ928rDwrEied/ktz4 /s865wOWVJxqj12bGyljHSeP4a4rA1i2t5+ZbT0dbv+k+9ZaHxCT948Wl1MgvvxmzLZW9C se8U1EJLxECR6Pz5vsehCjJsLhywcGhPfN4nqXEbhAmBynFvRxu5Yc0bmbZTCQDfwJmcSS cdscTPTF+cWV0PtzFGVIe6sZfjTv2YtOCh1y8F6vhETsr3FbP8PiBLJ+7mLHn4Ls3gm524 xZEazkqCZqcJIQD32VMTah2hP1DmsQaI1gYeQrcYlKAgpOoaMQvnCdoZB5S4vg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bGPcW5ydwz19xc; Mon, 09 Jun 2025 21:06:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 559L6pE0089692; Mon, 9 Jun 2025 21:06:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 559L6p4j089689; Mon, 9 Jun 2025 21:06:51 GMT (envelope-from git) Date: Mon, 9 Jun 2025 21:06:51 GMT Message-Id: <202506092106.559L6p4j089689@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 67d1ea0cfeb4 - main - pf: use time_uptime rather than time_seconds List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 67d1ea0cfeb48e9cfb216ef87021604f9ec58e6f Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=67d1ea0cfeb48e9cfb216ef87021604f9ec58e6f commit 67d1ea0cfeb48e9cfb216ef87021604f9ec58e6f Author: Kristof Provost AuthorDate: 2025-05-28 12:18:07 +0000 Commit: Kristof Provost CommitDate: 2025-06-09 19:37:36 +0000 pf: use time_uptime rather than time_seconds Use time_uptime as value for when pf was enabled instead of time_second. Since time_second changes depending on the wall- clock time, time_second is not a reliable source for the status. We can even end up with a negative time delta. Thus, use the monotonically growing time_uptime and compute the correct wall clock time when userspace requests the status. ok bluhm@ mikeb@ Reviewed by: imp Obtained from: OpenBSD, patrick , 63b24bda99 Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D50722 --- sys/netpfil/pf/pf_ioctl.c | 12 ++++++++---- sys/netpfil/pf/pf_nl.c | 5 ++++- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index cfa17b9925aa..c8ad007e2e92 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -2439,7 +2439,7 @@ pf_start(void) if (! TAILQ_EMPTY(V_pf_keth->active.rules)) hook_pf_eth(); V_pf_status.running = 1; - V_pf_status.since = time_second; + V_pf_status.since = time_uptime; new_unrhdr64(&V_pf_stateid, time_second); DPFPRINTF(PF_DEBUG_MISC, ("pf: started\n")); @@ -2461,7 +2461,7 @@ pf_stop(void) V_pf_status.running = 0; dehook_pf(); dehook_pf_eth(); - V_pf_status.since = time_second; + V_pf_status.since = time_uptime; DPFPRINTF(PF_DEBUG_MISC, ("pf: stopped\n")); } sx_xunlock(&V_pf_ioctl_lock); @@ -2481,7 +2481,7 @@ pf_ioctl_clear_status(void) counter_u64_zero(V_pf_status.scounters[i]); for (int i = 0; i < KLCNT_MAX; i++) counter_u64_zero(V_pf_status.lcounters[i]); - V_pf_status.since = time_second; + V_pf_status.since = time_uptime; if (*V_pf_status.ifname) pfi_update_status(V_pf_status.ifname, NULL); PF_RULES_WUNLOCK(); @@ -5867,6 +5867,8 @@ pf_getstatus(struct pfioc_nv *nv) char *pf_reasons[PFRES_MAX+1] = PFRES_NAMES; char *pf_lcounter[KLCNT_MAX+1] = KLCNT_NAMES; char *pf_fcounter[FCNT_MAX+1] = FCNT_NAMES; + time_t since; + PF_RULES_RLOCK_TRACKER; #define ERROUT(x) ERROUT_FUNCTION(errout, x) @@ -5877,8 +5879,10 @@ pf_getstatus(struct pfioc_nv *nv) if (nvl == NULL) ERROUT(ENOMEM); + since = time_second - (time_uptime - V_pf_status.since); + nvlist_add_bool(nvl, "running", V_pf_status.running); - nvlist_add_number(nvl, "since", V_pf_status.since); + nvlist_add_number(nvl, "since", since); nvlist_add_number(nvl, "debug", V_pf_status.debug); nvlist_add_number(nvl, "hostid", V_pf_status.hostid); nvlist_add_number(nvl, "states", V_pf_status.states); diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c index fb1f5f1f470e..4d631568f991 100644 --- a/sys/netpfil/pf/pf_nl.c +++ b/sys/netpfil/pf/pf_nl.c @@ -1177,6 +1177,7 @@ pf_handle_get_status(struct nlmsghdr *hdr, struct nl_pstate *npt) char *pf_reasons[PFRES_MAX+1] = PFRES_NAMES; char *pf_lcounter[KLCNT_MAX+1] = KLCNT_NAMES; char *pf_fcounter[FCNT_MAX+1] = FCNT_NAMES; + time_t since; int error; PF_RULES_RLOCK_TRACKER; @@ -1189,11 +1190,13 @@ pf_handle_get_status(struct nlmsghdr *hdr, struct nl_pstate *npt) ghdr_new->version = 0; ghdr_new->reserved = 0; + since = time_second - (time_uptime - V_pf_status.since); + PF_RULES_RLOCK(); nlattr_add_string(nw, PF_GS_IFNAME, V_pf_status.ifname); nlattr_add_bool(nw, PF_GS_RUNNING, V_pf_status.running); - nlattr_add_u32(nw, PF_GS_SINCE, V_pf_status.since); + nlattr_add_u32(nw, PF_GS_SINCE, since); nlattr_add_u32(nw, PF_GS_DEBUG, V_pf_status.debug); nlattr_add_u32(nw, PF_GS_HOSTID, ntohl(V_pf_status.hostid)); nlattr_add_u32(nw, PF_GS_STATES, V_pf_status.states);