Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 28 Aug 2023 12:03:18 GMT
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: fa0c6b66dc77 - stable/13 - pf: expose syncookie active/inactive status
Message-ID:  <202308281203.37SC3I9L030339@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/13 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=fa0c6b66dc77704fadc29832a8fea3d3d63c52ff

commit fa0c6b66dc77704fadc29832a8fea3d3d63c52ff
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-09-24 12:47:17 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-08-28 08:17:17 +0000

    pf: expose syncookie active/inactive status
    
    When syncookies are in adaptive mode they may be active or inactive.
    Expose this status to users.
    
    Suggested by:   Guido van Rooij
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    
    (cherry picked from commit 444a77ca85c78d02c19622a83a2798d0c5c2117b)
---
 lib/libpfctl/libpfctl.c   | 1 +
 lib/libpfctl/libpfctl.h   | 1 +
 sbin/pfctl/pfctl_parser.c | 2 ++
 sys/netpfil/pf/pf_ioctl.c | 2 ++
 4 files changed, 6 insertions(+)

diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c
index 2205e1da9c1d..ae0e63818335 100644
--- a/lib/libpfctl/libpfctl.c
+++ b/lib/libpfctl/libpfctl.c
@@ -224,6 +224,7 @@ pfctl_get_status(int dev)
 	status->hostid = ntohl(nvlist_get_number(nvl, "hostid"));
 	status->states = nvlist_get_number(nvl, "states");
 	status->src_nodes = nvlist_get_number(nvl, "src_nodes");
+	status->syncookies_active = nvlist_get_bool(nvl, "syncookies_active");
 
 	strlcpy(status->ifname, nvlist_get_string(nvl, "ifname"),
 	    IFNAMSIZ);
diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h
index 544dba4e07a3..bcf8644d112c 100644
--- a/lib/libpfctl/libpfctl.h
+++ b/lib/libpfctl/libpfctl.h
@@ -54,6 +54,7 @@ struct pfctl_status {
 	uint64_t	src_nodes;
 	char		ifname[IFNAMSIZ];
 	uint8_t		pf_chksum[PF_MD5_DIGEST_LENGTH];
+	bool		syncookies_active;
 
 	struct pfctl_status_counters	 counters;
 	struct pfctl_status_counters	 lcounters;
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index a1760b5a65c4..c850056216ec 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -620,6 +620,8 @@ print_status(struct pfctl_status *s, struct pfctl_syncookies *cookies, int opts)
 		assert(cookies->mode <= PFCTL_SYNCOOKIES_ADAPTIVE);
 		printf("  %-25s %s\n", "mode",
 		    PFCTL_SYNCOOKIES_MODE_NAMES[cookies->mode]);
+		printf("  %-25s %s\n", "active",
+		    s->syncookies_active ? "active" : "inactive");
 	}
 }
 
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index b0b5a361eb61..bd005893f7c8 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -4972,6 +4972,8 @@ pf_getstatus(struct pfioc_nv *nv)
 	nvlist_add_number(nvl, "hostid", V_pf_status.hostid);
 	nvlist_add_number(nvl, "states", V_pf_status.states);
 	nvlist_add_number(nvl, "src_nodes", V_pf_status.src_nodes);
+	nvlist_add_bool(nvl, "syncookies_active",
+	    V_pf_status.syncookies_active);
 
 	/* counters */
 	error = pf_add_status_counters(nvl, "counters", V_pf_status.counters,

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202308281203.37SC3I9L030339>