git: 84983bf36458 - stable/13 - snmp_pf: use libpfctl's pfctl_get_status() rather than DIOCGETSTATUS

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Kristof Provost <kp_at_FreeBSD.org>
Date: Thu, 07 Sep 2023 19:25:02 UTC
The branch stable/13 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=84983bf36458ea94a6e07492db4aab4a77e4bbed

commit 84983bf36458ea94a6e07492db4aab4a77e4bbed
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-08-29 15:16:19 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-09-07 19:23:07 +0000

    snmp_pf: use libpfctl's pfctl_get_status() rather than DIOCGETSTATUS
    
    Prefer libpfctl functions over direct access to the ioctl whenever
    possible. This will allow subsequent removal of DIOCGETSTATUS (in 15) as
    there already is an nvlist-based alternative.
    
    MFC after:      1 week
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D41650
    
    (cherry picked from commit 6fbb9fbf7d659574512d706912e8fd0576b13573)
---
 usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c | 74 ++++++++++++++++---------------
 1 file changed, 39 insertions(+), 35 deletions(-)

diff --git a/usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c b/usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c
index 134c05171749..a5786007d3f4 100644
--- a/usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c
+++ b/usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c
@@ -54,7 +54,7 @@ static int dev = -1;
 static int started;
 static uint64_t pf_tick;
 
-static struct pf_status pfs;
+static struct pfctl_status *pfs;
 
 enum { IN, OUT };
 enum { IPV4, IPV6 };
@@ -166,18 +166,18 @@ pf_status(struct snmp_context __unused *ctx, struct snmp_value *val,
 
 		switch (which) {
 			case LEAF_pfStatusRunning:
-			    val->v.uint32 = pfs.running;
+			    val->v.uint32 = pfs->running;
 			    break;
 			case LEAF_pfStatusRuntime:
-			    runtime = (pfs.since > 0) ?
-				time(NULL) - pfs.since : 0;
+			    runtime = (pfs->since > 0) ?
+				time(NULL) - pfs->since : 0;
 			    val->v.uint32 = runtime * 100;
 			    break;
 			case LEAF_pfStatusDebug:
-			    val->v.uint32 = pfs.debug;
+			    val->v.uint32 = pfs->debug;
 			    break;
 			case LEAF_pfStatusHostId:
-			    sprintf(str, "0x%08x", ntohl(pfs.hostid));
+			    sprintf(str, "0x%08x", ntohl(pfs->hostid));
 			    return (string_get(val, str, strlen(str)));
 
 			default:
@@ -205,22 +205,22 @@ pf_counter(struct snmp_context __unused *ctx, struct snmp_value *val,
 
 		switch (which) {
 			case LEAF_pfCounterMatch:
-				val->v.counter64 = pfs.counters[PFRES_MATCH];
+				val->v.counter64 = pfctl_status_counter(pfs, PFRES_MATCH);
 				break;
 			case LEAF_pfCounterBadOffset:
-				val->v.counter64 = pfs.counters[PFRES_BADOFF];
+				val->v.counter64 = pfctl_status_counter(pfs, PFRES_BADOFF);
 				break;
 			case LEAF_pfCounterFragment:
-				val->v.counter64 = pfs.counters[PFRES_FRAG];
+				val->v.counter64 = pfctl_status_counter(pfs, PFRES_FRAG);
 				break;
 			case LEAF_pfCounterShort:
-				val->v.counter64 = pfs.counters[PFRES_SHORT];
+				val->v.counter64 = pfctl_status_counter(pfs, PFRES_SHORT);
 				break;
 			case LEAF_pfCounterNormalize:
-				val->v.counter64 = pfs.counters[PFRES_NORM];
+				val->v.counter64 = pfctl_status_counter(pfs, PFRES_NORM);
 				break;
 			case LEAF_pfCounterMemDrop:
-				val->v.counter64 = pfs.counters[PFRES_MEMORY];
+				val->v.counter64 = pfctl_status_counter(pfs, PFRES_MEMORY);
 				break;
 
 			default:
@@ -248,19 +248,19 @@ pf_statetable(struct snmp_context __unused *ctx, struct snmp_value *val,
 
 		switch (which) {
 			case LEAF_pfStateTableCount:
-				val->v.uint32 = pfs.states;
+				val->v.uint32 = pfs->states;
 				break;
 			case LEAF_pfStateTableSearches:
 				val->v.counter64 =
-				    pfs.fcounters[FCNT_STATE_SEARCH];
+				    pfctl_status_fcounter(pfs, FCNT_STATE_SEARCH);
 				break;
 			case LEAF_pfStateTableInserts:
 				val->v.counter64 =
-				    pfs.fcounters[FCNT_STATE_INSERT];
+				    pfctl_status_fcounter(pfs, FCNT_STATE_INSERT);
 				break;
 			case LEAF_pfStateTableRemovals:
 				val->v.counter64 =
-				    pfs.fcounters[FCNT_STATE_REMOVALS];
+				    pfctl_status_fcounter(pfs, FCNT_STATE_REMOVALS);
 				break;
 
 			default:
@@ -288,19 +288,19 @@ pf_srcnodes(struct snmp_context __unused *ctx, struct snmp_value *val,
 
 		switch (which) {
 			case LEAF_pfSrcNodesCount:
-				val->v.uint32 = pfs.src_nodes;
+				val->v.uint32 = pfs->src_nodes;
 				break;
 			case LEAF_pfSrcNodesSearches:
 				val->v.counter64 =
-				    pfs.scounters[SCNT_SRC_NODE_SEARCH];
+				    pfctl_status_scounter(pfs, SCNT_SRC_NODE_SEARCH);
 				break;
 			case LEAF_pfSrcNodesInserts:
 				val->v.counter64 =
-				    pfs.scounters[SCNT_SRC_NODE_INSERT];
+				    pfctl_status_scounter(pfs, SCNT_SRC_NODE_INSERT);
 				break;
 			case LEAF_pfSrcNodesRemovals:
 				val->v.counter64 =
-				    pfs.scounters[SCNT_SRC_NODE_REMOVALS];
+				    pfctl_status_scounter(pfs, SCNT_SRC_NODE_REMOVALS);
 				break;
 
 			default:
@@ -461,51 +461,51 @@ pf_logif(struct snmp_context __unused *ctx, struct snmp_value *val,
 
 		switch (which) {
 	 		case LEAF_pfLogInterfaceName:
-				strlcpy(str, pfs.ifname, sizeof str);
+				strlcpy(str, pfs->ifname, sizeof str);
 				return (string_get(val, str, strlen(str)));
 			case LEAF_pfLogInterfaceIp4BytesIn:
-				val->v.counter64 = pfs.bcounters[IPV4][IN];
+				val->v.counter64 = pfs->bcounters[IPV4][IN];
 				break;
 			case LEAF_pfLogInterfaceIp4BytesOut:
-				val->v.counter64 = pfs.bcounters[IPV4][OUT];
+				val->v.counter64 = pfs->bcounters[IPV4][OUT];
 				break;
 			case LEAF_pfLogInterfaceIp4PktsInPass:
 				val->v.counter64 =
-				    pfs.pcounters[IPV4][IN][PF_PASS];
+				    pfs->pcounters[IPV4][IN][PF_PASS];
 				break;
 			case LEAF_pfLogInterfaceIp4PktsInDrop:
 				val->v.counter64 =
-				    pfs.pcounters[IPV4][IN][PF_DROP];
+				    pfs->pcounters[IPV4][IN][PF_DROP];
 				break;
 			case LEAF_pfLogInterfaceIp4PktsOutPass:
 				val->v.counter64 =
-				    pfs.pcounters[IPV4][OUT][PF_PASS];
+				    pfs->pcounters[IPV4][OUT][PF_PASS];
 				break;
 			case LEAF_pfLogInterfaceIp4PktsOutDrop:
 				val->v.counter64 =
-				    pfs.pcounters[IPV4][OUT][PF_DROP];
+				    pfs->pcounters[IPV4][OUT][PF_DROP];
 				break;
 			case LEAF_pfLogInterfaceIp6BytesIn:
-				val->v.counter64 = pfs.bcounters[IPV6][IN];
+				val->v.counter64 = pfs->bcounters[IPV6][IN];
 				break;
 			case LEAF_pfLogInterfaceIp6BytesOut:
-				val->v.counter64 = pfs.bcounters[IPV6][OUT];
+				val->v.counter64 = pfs->bcounters[IPV6][OUT];
 				break;
 			case LEAF_pfLogInterfaceIp6PktsInPass:
 				val->v.counter64 =
-				    pfs.pcounters[IPV6][IN][PF_PASS];
+				    pfs->pcounters[IPV6][IN][PF_PASS];
 				break;
 			case LEAF_pfLogInterfaceIp6PktsInDrop:
 				val->v.counter64 =
-				    pfs.pcounters[IPV6][IN][PF_DROP];
+				    pfs->pcounters[IPV6][IN][PF_DROP];
 				break;
 			case LEAF_pfLogInterfaceIp6PktsOutPass:
 				val->v.counter64 =
-				    pfs.pcounters[IPV6][OUT][PF_PASS];
+				    pfs->pcounters[IPV6][OUT][PF_PASS];
 				break;
 			case LEAF_pfLogInterfaceIp6PktsOutDrop:
 				val->v.counter64 =
-				    pfs.pcounters[IPV6][OUT][PF_DROP];
+				    pfs->pcounters[IPV6][OUT][PF_DROP];
 				break;
 
 			default:
@@ -1286,9 +1286,10 @@ pfs_refresh(void)
 	if (started && this_tick <= pf_tick)
 		return (0);
 
-	bzero(&pfs, sizeof(struct pf_status));
+	pfctl_free_status(pfs);
+	pfs = pfctl_get_status(dev);
 
-	if (ioctl(dev, DIOCGETSTATUS, &pfs)) {
+	if (pfs == NULL) {
 		syslog(LOG_ERR, "pfs_refresh(): ioctl(): %s",
 		    strerror(errno));
 		return (-1);
@@ -1755,6 +1756,9 @@ pf_fini(void)
 		l1 = l2;
 	}
 
+	pfctl_free_status(pfs);
+	pfs = NULL;
+
 	close(dev);
 	return (0);
 }