From nobody Mon Oct 31 17:14:27 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4N1KWl56d4z4gk8K; Mon, 31 Oct 2022 17:14:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4N1KWl4Sp3z3hBp; Mon, 31 Oct 2022 17:14:27 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1667236467; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3zxvqr6o2QuJSxwBYDTq9sfwydbEZGWc+bkQaSSDvzk=; b=YXUCrduJoFe/b8AlxXQWy9s2gcVZOQgAhwL+b/egKS1HdhRC2JgIiiC78sWxM/3Jo/p6Lw NDJP7E0hQ6d+xgUBkoAc0n+5AcXGihiPw5pj/xR7UycMDUCATlPYpHyopjmTgBWvl4BrNG As/UMqQw1i97xcNMDs/AWOXxN64CoNQWKLTYogfdVWPgBqLCSLEOB85NYHywGPofiQluM7 tWZ4fheAHrYXkfTTeuDsNRwMm9zGdeSiJG9kUSKGYUKRIaTxBRTkd9QUK1EmmOsP4xzkdm zzJ4GmhtKzMT8mNVKqD1daz7NgKNyn/wO0a508tMrxIoXNxFuy2cWyuvQrgIsQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4N1KWl3XcbzkPt; Mon, 31 Oct 2022 17:14:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 29VHERwO003251; Mon, 31 Oct 2022 17:14:27 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 29VHERs7003250; Mon, 31 Oct 2022 17:14:27 GMT (envelope-from git) Date: Mon, 31 Oct 2022 17:14:27 GMT Message-Id: <202210311714.29VHERs7003250@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 444a77ca85c7 - main - pf: expose syncookie active/inactive status List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 444a77ca85c78d02c19622a83a2798d0c5c2117b Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1667236467; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3zxvqr6o2QuJSxwBYDTq9sfwydbEZGWc+bkQaSSDvzk=; b=tDBffQHkMQ9ovYZ/5PLazYfZgY3Hn2GSoE5RUQG2kz9FOBhmI8ZWvmspcRKKrd2V96rhC+ A+nNn3fnZiC22sTcKerbGQgmL1Y8uNyr8qupUX0cMnZQnUJ4HJRn+wzQlQ7mPsl3osjPex q3cp4ApKV8mhjnD3E19XiQQrhBOu00BH3Fieyrn8V1VJD2GWmDXCh3GD4akT/JxHXGKfz4 hQimHbWN3HCtJtuCiDHZbGghmEK3PrSKIxsRd29wrKAKa8nnj2VYW6MVAy6KYP8pXQRFDa a3Nh5taxAYOwiS7snvYXeDmk8ReZ7WnLE6IY4hgQq1gO1VIXccLUHjL1PqgN9Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1667236467; a=rsa-sha256; cv=none; b=JglnPPySzu7Bnb6Yd7sgHhG/WWyfjTE26K+HiLckk6ychrAGCbYuzzaeA+9pUC1tNmCAiq 1nxdbG05SocQ2yQjm8wMMoFOow5mOdMFYieSfnJGZCyjn25Zb21w2JOlfMojCJoRqD0eqc nN2NZFg8nANejp1Y8l+NAPZTqJGopAd5z+B3sofE0PjdROM7gVecxuvaQ2t5rI4qZTIHOw sy/D+HsdIB0nrh9puGfvDK9K3jzoksHsNx/Hd9QnDidcrpIRB/bI0vFe1PMp9f0I1StVYA K2rHpoYVi+PffY7aL8H3x+Tnzfh80j1n3kgOAlRsYxrvnHdtf6WPG9rQy3HT9Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=444a77ca85c78d02c19622a83a2798d0c5c2117b commit 444a77ca85c78d02c19622a83a2798d0c5c2117b Author: Kristof Provost AuthorDate: 2022-09-24 12:47:17 +0000 Commit: Kristof Provost CommitDate: 2022-10-31 17:14:09 +0000 pf: expose syncookie active/inactive status When syncookies are in adaptive mode they may be active or inactive. Expose this status to users. Suggested by: Guido van Rooij Sponsored by: Rubicon Communications, LLC ("Netgate") --- lib/libpfctl/libpfctl.c | 1 + lib/libpfctl/libpfctl.h | 1 + sbin/pfctl/pfctl_parser.c | 2 ++ sys/netpfil/pf/pf_ioctl.c | 2 ++ 4 files changed, 6 insertions(+) diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index 5b93fd1043d6..451567402470 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -224,6 +224,7 @@ pfctl_get_status(int dev) status->hostid = ntohl(nvlist_get_number(nvl, "hostid")); status->states = nvlist_get_number(nvl, "states"); status->src_nodes = nvlist_get_number(nvl, "src_nodes"); + status->syncookies_active = nvlist_get_bool(nvl, "syncookies_active"); strlcpy(status->ifname, nvlist_get_string(nvl, "ifname"), IFNAMSIZ); diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h index faccabd227a3..933a3927ac26 100644 --- a/lib/libpfctl/libpfctl.h +++ b/lib/libpfctl/libpfctl.h @@ -57,6 +57,7 @@ struct pfctl_status { uint64_t src_nodes; char ifname[IFNAMSIZ]; uint8_t pf_chksum[PF_MD5_DIGEST_LENGTH]; + bool syncookies_active; struct pfctl_status_counters counters; struct pfctl_status_counters lcounters; diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index 260c754f7209..1ad895bede05 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -622,6 +622,8 @@ print_status(struct pfctl_status *s, struct pfctl_syncookies *cookies, int opts) assert(cookies->mode <= PFCTL_SYNCOOKIES_ADAPTIVE); printf(" %-25s %s\n", "mode", PFCTL_SYNCOOKIES_MODE_NAMES[cookies->mode]); + printf(" %-25s %s\n", "active", + s->syncookies_active ? "active" : "inactive"); } } diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 3ce74963a1e9..c1a098ff887f 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -5816,6 +5816,8 @@ pf_getstatus(struct pfioc_nv *nv) nvlist_add_number(nvl, "hostid", V_pf_status.hostid); nvlist_add_number(nvl, "states", V_pf_status.states); nvlist_add_number(nvl, "src_nodes", V_pf_status.src_nodes); + nvlist_add_bool(nvl, "syncookies_active", + V_pf_status.syncookies_active); /* counters */ error = pf_add_status_counters(nvl, "counters", V_pf_status.counters,