git: 8d49fd7331bc - main - pf: remove DIOCGETRULE and DIOCGETSTATUS
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 31 Aug 2023 08:56:46 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=8d49fd7331bc72671a14f1aac1d9cdea36672d19
commit 8d49fd7331bc72671a14f1aac1d9cdea36672d19
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-08-29 15:17:24 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-08-31 08:56:32 +0000
pf: remove DIOCGETRULE and DIOCGETSTATUS
These calls have nvlist variants that completely supersede them.
Remove the old code.
Reviewed by: mjg
MFC after: never
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D41651
---
sys/net/pfvar.h | 2 -
sys/netpfil/pf/pf_ioctl.c | 98 -----------------------------------------------
2 files changed, 100 deletions(-)
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index d21ef1517bb6..60c7136e267c 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1921,14 +1921,12 @@ struct pfioc_iface {
#define DIOCADDRULE _IOWR('D', 4, struct pfioc_rule)
#define DIOCADDRULENV _IOWR('D', 4, struct pfioc_nv)
#define DIOCGETRULES _IOWR('D', 6, struct pfioc_rule)
-#define DIOCGETRULE _IOWR('D', 7, struct pfioc_rule)
#define DIOCGETRULENV _IOWR('D', 7, struct pfioc_nv)
/* XXX cut 8 - 17 */
#define DIOCCLRSTATESNV _IOWR('D', 18, struct pfioc_nv)
#define DIOCGETSTATE _IOWR('D', 19, struct pfioc_state)
#define DIOCGETSTATENV _IOWR('D', 19, struct pfioc_nv)
#define DIOCSETSTATUSIF _IOWR('D', 20, struct pfioc_if)
-#define DIOCGETSTATUS _IOWR('D', 21, struct pf_status)
#define DIOCGETSTATUSNV _IOWR('D', 21, struct pfioc_nv)
#define DIOCCLRSTATUS _IO ('D', 22)
#define DIOCNATLOOK _IOWR('D', 23, struct pfioc_natlook)
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index e5601710bce1..44ede3dea6a3 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -2463,14 +2463,12 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
if (securelevel_gt(td->td_ucred, 2))
switch (cmd) {
case DIOCGETRULES:
- case DIOCGETRULE:
case DIOCGETRULENV:
case DIOCGETADDRS:
case DIOCGETADDR:
case DIOCGETSTATE:
case DIOCGETSTATENV:
case DIOCSETSTATUSIF:
- case DIOCGETSTATUS:
case DIOCGETSTATUSNV:
case DIOCCLRSTATUS:
case DIOCNATLOOK:
@@ -2532,7 +2530,6 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
case DIOCGETADDR:
case DIOCGETSTATE:
case DIOCGETSTATENV:
- case DIOCGETSTATUS:
case DIOCGETSTATUSNV:
case DIOCGETSTATES:
case DIOCGETSTATESV2:
@@ -2579,11 +2576,6 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
break; /* dummy operation ok */
}
return (EACCES);
- case DIOCGETRULE:
- if (((struct pfioc_rule *)addr)->action ==
- PF_GET_CLR_CNTR)
- return (EACCES);
- break;
default:
return (EACCES);
}
@@ -3228,63 +3220,6 @@ DIOCADDRULENV_error:
break;
}
- case DIOCGETRULE: {
- struct pfioc_rule *pr = (struct pfioc_rule *)addr;
- struct pf_kruleset *ruleset;
- struct pf_krule *rule;
- int rs_num;
-
- pr->anchor[sizeof(pr->anchor) - 1] = 0;
-
- PF_RULES_WLOCK();
- ruleset = pf_find_kruleset(pr->anchor);
- if (ruleset == NULL) {
- PF_RULES_WUNLOCK();
- error = EINVAL;
- break;
- }
- rs_num = pf_get_ruleset_number(pr->rule.action);
- if (rs_num >= PF_RULESET_MAX) {
- PF_RULES_WUNLOCK();
- error = EINVAL;
- break;
- }
- if (pr->ticket != ruleset->rules[rs_num].active.ticket) {
- PF_RULES_WUNLOCK();
- error = EBUSY;
- break;
- }
- rule = TAILQ_FIRST(ruleset->rules[rs_num].active.ptr);
- while ((rule != NULL) && (rule->nr != pr->nr))
- rule = TAILQ_NEXT(rule, entries);
- if (rule == NULL) {
- PF_RULES_WUNLOCK();
- error = EBUSY;
- break;
- }
-
- pf_krule_to_rule(rule, &pr->rule);
-
- if (pf_kanchor_copyout(ruleset, rule, pr)) {
- PF_RULES_WUNLOCK();
- error = EBUSY;
- break;
- }
- pf_addr_copyout(&pr->rule.src.addr);
- pf_addr_copyout(&pr->rule.dst.addr);
-
- if (pr->action == PF_GET_CLR_CNTR) {
- pf_counter_u64_zero(&rule->evaluations);
- for (int i = 0; i < 2; i++) {
- pf_counter_u64_zero(&rule->packets[i]);
- pf_counter_u64_zero(&rule->bytes[i]);
- }
- counter_u64_zero(rule->states_tot);
- }
- PF_RULES_WUNLOCK();
- break;
- }
-
case DIOCGETRULENV: {
struct pfioc_nv *nv = (struct pfioc_nv *)addr;
nvlist_t *nvrule = NULL;
@@ -3871,39 +3806,6 @@ DIOCGETSTATESV2_full:
break;
}
- case DIOCGETSTATUS: {
- struct pf_status *s = (struct pf_status *)addr;
-
- PF_RULES_RLOCK();
- s->running = V_pf_status.running;
- s->since = V_pf_status.since;
- s->debug = V_pf_status.debug;
- s->hostid = V_pf_status.hostid;
- s->states = V_pf_status.states;
- s->src_nodes = V_pf_status.src_nodes;
-
- for (int i = 0; i < PFRES_MAX; i++)
- s->counters[i] =
- counter_u64_fetch(V_pf_status.counters[i]);
- for (int i = 0; i < LCNT_MAX; i++)
- s->lcounters[i] =
- counter_u64_fetch(V_pf_status.lcounters[i]);
- for (int i = 0; i < FCNT_MAX; i++)
- s->fcounters[i] =
- pf_counter_u64_fetch(&V_pf_status.fcounters[i]);
- for (int i = 0; i < SCNT_MAX; i++)
- s->scounters[i] =
- counter_u64_fetch(V_pf_status.scounters[i]);
-
- bcopy(V_pf_status.ifname, s->ifname, IFNAMSIZ);
- bcopy(V_pf_status.pf_chksum, s->pf_chksum,
- PF_MD5_DIGEST_LENGTH);
-
- pfi_update_status(s->ifname, s);
- PF_RULES_RUNLOCK();
- break;
- }
-
case DIOCGETSTATUSNV: {
error = pf_getstatus((struct pfioc_nv *)addr);
break;