From owner-dev-commits-src-branches@freebsd.org Mon Sep 6 10:39:28 2021 Return-Path: Delivered-To: dev-commits-src-branches@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8FC1567225E; Mon, 6 Sep 2021 10:39:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4H34dr0C2Sz3KBh; Mon, 6 Sep 2021 10:39:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B94601D771; Mon, 6 Sep 2021 10:39:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 186AdRab039749; Mon, 6 Sep 2021 10:39:27 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 186AdRXQ039747; Mon, 6 Sep 2021 10:39:27 GMT (envelope-from git) Date: Mon, 6 Sep 2021 10:39:27 GMT Message-Id: <202109061039.186AdRXQ039747@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: d1d99d7575da - stable/13 - libpfctl: Implement DIOCGETSTATUS wrappers MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: d1d99d7575dac949030a065c952651514c8bf50f Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-branches@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commits to the stable branches of the FreeBSD src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Sep 2021 10:39:28 -0000 The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=d1d99d7575dac949030a065c952651514c8bf50f commit d1d99d7575dac949030a065c952651514c8bf50f Author: Kristof Provost AuthorDate: 2021-08-26 15:06:15 +0000 Commit: Kristof Provost CommitDate: 2021-09-06 08:06:33 +0000 libpfctl: Implement DIOCGETSTATUS wrappers MFC after: 1 week Sponsored by: Modirum MDPay Differential Revision: https://reviews.freebsd.org/D31696 (cherry picked from commit 46fb68b1de49c8d235024374b71c1249af9e62ef) --- lib/libpfctl/libpfctl.c | 115 ++++++++++++++++++++++++++++++++++++++++++++++++ lib/libpfctl/libpfctl.h | 30 +++++++++++++ 2 files changed, 145 insertions(+) diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index 7e6bc1b14a2a..3d52502f9ba8 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -121,6 +121,121 @@ pf_nvuint_64_array(const nvlist_t *nvl, const char *name, size_t maxelems, *nelems = elems; } +static void +_pfctl_get_status_counters(const nvlist_t *nvl, + struct pfctl_status_counters *counters) +{ + const uint64_t *ids, *counts; + const char *const *names; + size_t id_len, counter_len, names_len; + + ids = nvlist_get_number_array(nvl, "ids", &id_len); + counts = nvlist_get_number_array(nvl, "counters", &counter_len); + names = nvlist_get_string_array(nvl, "names", &names_len); + assert(id_len == counter_len); + assert(counter_len == names_len); + + TAILQ_INIT(counters); + + for (size_t i = 0; i < id_len; i++) { + struct pfctl_status_counter *c; + + c = malloc(sizeof(*c)); + + c->id = ids[i]; + c->counter = counts[i]; + c->name = strdup(names[i]); + + TAILQ_INSERT_TAIL(counters, c, entry); + } +} + +struct pfctl_status * +pfctl_get_status(int dev) +{ + struct pfioc_nv nv; + struct pfctl_status *status; + nvlist_t *nvl; + size_t len; + const void *chksum; + + status = calloc(1, sizeof(*status)); + if (status == NULL) + return (NULL); + + nv.data = malloc(4096); + nv.len = nv.size = 4096; + + if (ioctl(dev, DIOCGETSTATUSNV, &nv)) { + free(nv.data); + free(status); + return (NULL); + } + + nvl = nvlist_unpack(nv.data, nv.len, 0); + free(nv.data); + if (nvl == NULL) { + free(status); + return (NULL); + } + + status->running = nvlist_get_bool(nvl, "running"); + status->since = nvlist_get_number(nvl, "since"); + status->debug = nvlist_get_number(nvl, "debug"); + status->hostid = nvlist_get_number(nvl, "hostid"); + status->states = nvlist_get_number(nvl, "states"); + status->src_nodes = nvlist_get_number(nvl, "src_nodes"); + + strlcpy(status->ifname, nvlist_get_string(nvl, "ifname"), + IFNAMSIZ); + chksum = nvlist_get_binary(nvl, "chksum", &len); + assert(len == PF_MD5_DIGEST_LENGTH); + memcpy(status->pf_chksum, chksum, len); + + _pfctl_get_status_counters(nvlist_get_nvlist(nvl, "counters"), + &status->counters); + _pfctl_get_status_counters(nvlist_get_nvlist(nvl, "lcounters"), + &status->lcounters); + _pfctl_get_status_counters(nvlist_get_nvlist(nvl, "fcounters"), + &status->fcounters); + _pfctl_get_status_counters(nvlist_get_nvlist(nvl, "scounters"), + &status->scounters); + + pf_nvuint_64_array(nvl, "pcounters", 2 * 2 * 3, + (uint64_t *)status->pcounters, NULL); + pf_nvuint_64_array(nvl, "bcounters", 2 * 2, + (uint64_t *)status->bcounters, NULL); + + nvlist_destroy(nvl); + + return (status); +} + +void +pfctl_free_status(struct pfctl_status *status) +{ + struct pfctl_status_counter *c, *tmp; + + TAILQ_FOREACH_SAFE(c, &status->counters, entry, tmp) { + free(c->name); + free(c); + } + TAILQ_FOREACH_SAFE(c, &status->lcounters, entry, tmp) { + free(c->name); + free(c); + } + TAILQ_FOREACH_SAFE(c, &status->fcounters, entry, tmp) { + free(c->name); + free(c); + } + TAILQ_FOREACH_SAFE(c, &status->scounters, entry, tmp) { + free(c->name); + free(c); + } + + free(status); +} + static void pfctl_nv_add_addr(nvlist_t *nvparent, const char *name, const struct pf_addr *addr) diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h index d57241dd59fd..70de7627f0a6 100644 --- a/lib/libpfctl/libpfctl.h +++ b/lib/libpfctl/libpfctl.h @@ -38,6 +38,33 @@ struct pfctl_anchor; +struct pfctl_status_counter { + uint64_t id; + uint64_t counter; + char *name; + + TAILQ_ENTRY(pfctl_status_counter) entry; +}; +TAILQ_HEAD(pfctl_status_counters, pfctl_status_counter); + +struct pfctl_status { + bool running; + uint32_t since; + uint32_t debug; + uint32_t hostid; + uint64_t states; + uint64_t src_nodes; + char ifname[IFNAMSIZ]; + uint8_t pf_chksum[PF_MD5_DIGEST_LENGTH]; + + struct pfctl_status_counters counters; + struct pfctl_status_counters lcounters; + struct pfctl_status_counters fcounters; + struct pfctl_status_counters scounters; + uint64_t pcounters[2][2][3]; + uint64_t bcounters[2][2]; +}; + struct pfctl_pool { struct pf_palist list; struct pf_pooladdr *cur; @@ -253,6 +280,9 @@ struct pfctl_syncookies { enum pfctl_syncookies_mode mode; }; +struct pfctl_status* pfctl_get_status(int dev); +void pfctl_free_status(struct pfctl_status *status); + int pfctl_get_rule(int dev, u_int32_t nr, u_int32_t ticket, const char *anchor, u_int32_t ruleset, struct pfctl_rule *rule, char *anchor_call);