git: 2e8edbc285cf - main - pf: Remove DIOCCLRSTATES and DIOCKILLSTATES
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 29 Aug 2023 09:02:28 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=2e8edbc285cf1baff3f177c4bfc8c3564d394dad
commit 2e8edbc285cf1baff3f177c4bfc8c3564d394dad
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-08-28 13:30:50 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-08-29 09:01:51 +0000
pf: Remove DIOCCLRSTATES and DIOCKILLSTATES
These now have nvlist based alternatives, so remove them.
Reviewed by: mjg, Pau Amma <pauamma@gundo.com> (man page)
MFC after: never
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30056
---
share/man/man4/pf.4 | 45 +++++++++++++++++++++++-------------------
sys/net/pfvar.h | 2 --
sys/netpfil/pf/pf_ioctl.c | 50 -----------------------------------------------
3 files changed, 25 insertions(+), 72 deletions(-)
diff --git a/share/man/man4/pf.4 b/share/man/man4/pf.4
index 4055c66fbbce..0f7bde1031cb 100644
--- a/share/man/man4/pf.4
+++ b/share/man/man4/pf.4
@@ -26,7 +26,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd July 12, 2023
+.Dd August 28, 2023
.Dt PF 4
.Os
.Sh NAME
@@ -338,35 +338,40 @@ and
fields of the
.Va state
nvlist from the state table.
-.It Dv DIOCKILLSTATES Fa "struct pfioc_state_kill *psk"
+.It Dv DIOCKILLSTATESNV Fa "struct pfioc_nv nv"
Remove matching entries from the state table.
This ioctl returns the number of killed states in
-.Va psk_killed .
+.Va "killed" .
.Bd -literal
-struct pfioc_state_kill {
- struct pf_state_cmp psk_pfcmp;
- sa_family_t psk_af;
- int psk_proto;
- struct pf_rule_addr psk_src;
- struct pf_rule_addr psk_dst;
- char psk_ifname[IFNAMSIZ];
- char psk_label[PF_RULE_LABEL_SIZE];
- u_int psk_killed;
+nvlist pf_state_cmp {
+ number id;
+ number creatorid;
+ number direction;
+};
+
+nvlist pf_kill {
+ nvlist pf_state_cmp cmp;
+ number af;
+ number proto;
+ nvlist pf_rule_addr src;
+ nvlist pf_rule_addr dst;
+ string ifname[IFNAMSIZ];
+ string label[PF_RULE_LABEL_SIZE];
};
.Ed
-.It Dv DIOCCLRSTATES Fa "struct pfioc_state_kill *psk"
+.It Dv DIOCCLRSTATESNV Fa "struct pfioc_nv nv"
Clear all states.
It works like
-.Dv DIOCKILLSTATES ,
+.Dv DIOCKILLSTATESNV ,
but ignores the
-.Va psk_af ,
-.Va psk_proto ,
-.Va psk_src ,
+.Va af ,
+.Va proto ,
+.Va src ,
and
-.Va psk_dst
+.Va dst
fields of the
-.Vt pfioc_state_kill
-structure.
+.Vt pf_kill
+nvlist.
.It Dv DIOCSETSTATUSIF Fa "struct pfioc_if *pi"
Specify the interface for which statistics are accumulated.
.Bd -literal
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index f9cb45f696d3..d21ef1517bb6 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1924,7 +1924,6 @@ struct pfioc_iface {
#define DIOCGETRULE _IOWR('D', 7, struct pfioc_rule)
#define DIOCGETRULENV _IOWR('D', 7, struct pfioc_nv)
/* XXX cut 8 - 17 */
-#define DIOCCLRSTATES _IOWR('D', 18, struct pfioc_state_kill)
#define DIOCCLRSTATESNV _IOWR('D', 18, struct pfioc_nv)
#define DIOCGETSTATE _IOWR('D', 19, struct pfioc_state)
#define DIOCGETSTATENV _IOWR('D', 19, struct pfioc_nv)
@@ -1943,7 +1942,6 @@ struct pfioc_iface {
#define DIOCCLRRULECTRS _IO ('D', 38)
#define DIOCGETLIMIT _IOWR('D', 39, struct pfioc_limit)
#define DIOCSETLIMIT _IOWR('D', 40, struct pfioc_limit)
-#define DIOCKILLSTATES _IOWR('D', 41, struct pfioc_state_kill)
#define DIOCKILLSTATESNV _IOWR('D', 41, struct pfioc_nv)
#define DIOCSTARTALTQ _IO ('D', 42)
#define DIOCSTOPALTQ _IO ('D', 43)
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 65bab7195d46..e5601710bce1 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -2124,31 +2124,6 @@ pf_rule_to_krule(const struct pf_rule *rule, struct pf_krule *krule)
return (0);
}
-static int
-pf_state_kill_to_kstate_kill(const struct pfioc_state_kill *psk,
- struct pf_kstate_kill *kill)
-{
- int ret;
-
- bzero(kill, sizeof(*kill));
-
- bcopy(&psk->psk_pfcmp, &kill->psk_pfcmp, sizeof(kill->psk_pfcmp));
- kill->psk_af = psk->psk_af;
- kill->psk_proto = psk->psk_proto;
- bcopy(&psk->psk_src, &kill->psk_src, sizeof(kill->psk_src));
- bcopy(&psk->psk_dst, &kill->psk_dst, sizeof(kill->psk_dst));
- ret = pf_user_strcpy(kill->psk_ifname, psk->psk_ifname,
- sizeof(kill->psk_ifname));
- if (ret != 0)
- return (ret);
- ret = pf_user_strcpy(kill->psk_label, psk->psk_label,
- sizeof(kill->psk_label));
- if (ret != 0)
- return (ret);
-
- return (0);
-}
-
static int
pf_ioctl_addrule(struct pf_krule *rule, uint32_t ticket,
uint32_t pool_ticket, const char *anchor, const char *anchor_call,
@@ -3694,36 +3669,11 @@ DIOCCHANGERULE_error:
break;
}
- case DIOCCLRSTATES: {
- struct pfioc_state_kill *psk = (struct pfioc_state_kill *)addr;
- struct pf_kstate_kill kill;
-
- error = pf_state_kill_to_kstate_kill(psk, &kill);
- if (error)
- break;
-
- psk->psk_killed = pf_clear_states(&kill);
- break;
- }
-
case DIOCCLRSTATESNV: {
error = pf_clearstates_nv((struct pfioc_nv *)addr);
break;
}
- case DIOCKILLSTATES: {
- struct pfioc_state_kill *psk = (struct pfioc_state_kill *)addr;
- struct pf_kstate_kill kill;
-
- error = pf_state_kill_to_kstate_kill(psk, &kill);
- if (error)
- break;
-
- psk->psk_killed = 0;
- pf_killstates(&kill, &psk->psk_killed);
- break;
- }
-
case DIOCKILLSTATESNV: {
error = pf_killstates_nv((struct pfioc_nv *)addr);
break;