Date: Mon, 31 Oct 2022 17:14:27 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 444a77ca85c7 - main - pf: expose syncookie active/inactive status Message-ID: <202210311714.29VHERs7003250@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=444a77ca85c78d02c19622a83a2798d0c5c2117b commit 444a77ca85c78d02c19622a83a2798d0c5c2117b Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2022-09-24 12:47:17 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2022-10-31 17:14:09 +0000 pf: expose syncookie active/inactive status When syncookies are in adaptive mode they may be active or inactive. Expose this status to users. Suggested by: Guido van Rooij Sponsored by: Rubicon Communications, LLC ("Netgate") --- lib/libpfctl/libpfctl.c | 1 + lib/libpfctl/libpfctl.h | 1 + sbin/pfctl/pfctl_parser.c | 2 ++ sys/netpfil/pf/pf_ioctl.c | 2 ++ 4 files changed, 6 insertions(+) diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index 5b93fd1043d6..451567402470 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -224,6 +224,7 @@ pfctl_get_status(int dev) status->hostid = ntohl(nvlist_get_number(nvl, "hostid")); status->states = nvlist_get_number(nvl, "states"); status->src_nodes = nvlist_get_number(nvl, "src_nodes"); + status->syncookies_active = nvlist_get_bool(nvl, "syncookies_active"); strlcpy(status->ifname, nvlist_get_string(nvl, "ifname"), IFNAMSIZ); diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h index faccabd227a3..933a3927ac26 100644 --- a/lib/libpfctl/libpfctl.h +++ b/lib/libpfctl/libpfctl.h @@ -57,6 +57,7 @@ struct pfctl_status { uint64_t src_nodes; char ifname[IFNAMSIZ]; uint8_t pf_chksum[PF_MD5_DIGEST_LENGTH]; + bool syncookies_active; struct pfctl_status_counters counters; struct pfctl_status_counters lcounters; diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index 260c754f7209..1ad895bede05 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -622,6 +622,8 @@ print_status(struct pfctl_status *s, struct pfctl_syncookies *cookies, int opts) assert(cookies->mode <= PFCTL_SYNCOOKIES_ADAPTIVE); printf(" %-25s %s\n", "mode", PFCTL_SYNCOOKIES_MODE_NAMES[cookies->mode]); + printf(" %-25s %s\n", "active", + s->syncookies_active ? "active" : "inactive"); } } diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 3ce74963a1e9..c1a098ff887f 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -5816,6 +5816,8 @@ pf_getstatus(struct pfioc_nv *nv) nvlist_add_number(nvl, "hostid", V_pf_status.hostid); nvlist_add_number(nvl, "states", V_pf_status.states); nvlist_add_number(nvl, "src_nodes", V_pf_status.src_nodes); + nvlist_add_bool(nvl, "syncookies_active", + V_pf_status.syncookies_active); /* counters */ error = pf_add_status_counters(nvl, "counters", V_pf_status.counters,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202210311714.29VHERs7003250>