git: 881bf8814a25 - main - pf: export missing state information
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 21 Dec 2023 18:22:25 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=881bf8814a250477850b83ee6ebbb052303051c8
commit 881bf8814a250477850b83ee6ebbb052303051c8
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-12-21 17:20:37 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-12-21 18:21:17 +0000
pf: export missing state information
We did not export all of the information pfctl expected to print via the
new netlink code. This manifested as pfctl printing 'rtableid: 0', even
when there is no rtable set.
While we're addressing that also export other missing fields such as
dummynet, min_ttl, max_mss, ..
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
lib/libpfctl/libpfctl.c | 7 +++++++
sys/netpfil/pf/pf_nl.c | 8 ++++++++
sys/netpfil/pf/pf_nl.h | 7 +++++++
3 files changed, 22 insertions(+)
diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c
index 10a63f15e2f8..f915072c4ea1 100644
--- a/lib/libpfctl/libpfctl.c
+++ b/lib/libpfctl/libpfctl.c
@@ -1386,6 +1386,13 @@ static struct snl_attr_parser ap_state[] = {
{ .type = PF_ST_LOG, .off = _OUT(log), .cb = snl_attr_get_uint8 },
{ .type = PF_ST_STATE_FLAGS, .off = _OUT(state_flags), .cb = snl_attr_get_uint16 },
{ .type = PF_ST_SYNC_FLAGS, .off = _OUT(sync_flags), .cb = snl_attr_get_uint8 },
+ { .type = PF_ST_RTABLEID, .off = _OUT(rtableid), .cb = snl_attr_get_int32 },
+ { .type = PF_ST_MIN_TTL, .off = _OUT(min_ttl), .cb = snl_attr_get_uint8 },
+ { .type = PF_ST_MAX_MSS, .off = _OUT(max_mss), .cb = snl_attr_get_uint16 },
+ { .type = PF_ST_DNPIPE, .off = _OUT(dnpipe), .cb = snl_attr_get_uint16 },
+ { .type = PF_ST_DNRPIPE, .off = _OUT(dnrpipe), .cb = snl_attr_get_uint16 },
+ { .type = PF_ST_RT, .off = _OUT(rt), .cb = snl_attr_get_uint8 },
+ { .type = PF_ST_RT_IFNAME, .off = _OUT(rt_ifname), .cb = snl_attr_store_ifname },
};
static struct snl_field_parser fp_state[] = {
};
diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c
index 67a7392ae448..8fe12f3762b9 100644
--- a/sys/netpfil/pf/pf_nl.c
+++ b/sys/netpfil/pf/pf_nl.c
@@ -194,6 +194,14 @@ dump_state(struct nlpcb *nlp, const struct nlmsghdr *hdr, struct pf_kstate *s,
nlattr_add_u64(nw, PF_ST_PACKETS1, s->packets[1]);
nlattr_add_u64(nw, PF_ST_BYTES0, s->bytes[0]);
nlattr_add_u64(nw, PF_ST_BYTES1, s->bytes[1]);
+ nlattr_add_u32(nw, PF_ST_RTABLEID, s->act.rtableid);
+ nlattr_add_u8(nw, PF_ST_MIN_TTL, s->act.min_ttl);
+ nlattr_add_u16(nw, PF_ST_MAX_MSS, s->act.max_mss);
+ nlattr_add_u16(nw, PF_ST_DNPIPE, s->act.dnpipe);
+ nlattr_add_u16(nw, PF_ST_DNRPIPE, s->act.dnrpipe);
+ nlattr_add_u8(nw, PF_ST_RT, s->rt);
+ if (s->rt_kif != NULL)
+ nlattr_add_string(nw, PF_ST_RT_IFNAME, s->rt_kif->pfik_name);
if (!dump_state_peer(nw, PF_ST_PEER_SRC, &s->src))
goto enomem;
diff --git a/sys/netpfil/pf/pf_nl.h b/sys/netpfil/pf/pf_nl.h
index 3ae77ffd3790..d8b494a54cf7 100644
--- a/sys/netpfil/pf/pf_nl.h
+++ b/sys/netpfil/pf/pf_nl.h
@@ -100,6 +100,13 @@ enum pfstate_type_t {
PF_ST_VERSION = 28, /* u64 */
PF_ST_FILTER_ADDR = 29, /* in6_addr */
PF_ST_FILTER_MASK = 30, /* in6_addr */
+ PF_ST_RTABLEID = 31, /* i32 */
+ PF_ST_MIN_TTL = 32, /* u8 */
+ PF_ST_MAX_MSS = 33, /* u16 */
+ PF_ST_DNPIPE = 34, /* u16 */
+ PF_ST_DNRPIPE = 35, /* u16 */
+ PF_ST_RT = 36, /* u8 */
+ PF_ST_RT_IFNAME = 37, /* string */
};
enum pf_addr_type_t {