From nobody Thu Aug 31 08:56:46 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Rbw5B5MSwz4rw5f; Thu, 31 Aug 2023 08:56:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Rbw5B4p5Tz4Z6Z; Thu, 31 Aug 2023 08:56:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1693472206; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=58s2rX37vlZm0Sz5m/572A6P6kzYfQ0x5pG58xP+/2s=; b=Sqcz0YDxFSCp6ciYlFHv8VatuxFuqtHNX4+cx10vqvXVRXMBTeVu3A5MAjhqQIcV9HVU5Z wr2hYYt78okA9zHWmt2q+xEZSStI+ovPafuLXqiLU49iIjFIopEpZRG22H3O4rDd5gwe9O IdnoEq83nOQWjvYzq92rDXaLTlxYfhrn8Hlw5CP18xP2TF6ww3+uAynzctigjn24iUHpTW QDaLmIjILOiDFkhMmJ/0tdc3f9009TO7DrvK2zvIM67WVlgiRgey/56KlQsEwkPSSJd2uD A4kbvoNrtOQQMwf7sIDfT+M1tojywN62utJrfqCsCwrIloVM9bSIGZZDRt1aZg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1693472206; a=rsa-sha256; cv=none; b=ee7Gj2ew/xeAWuYzw6dfkRddO4C7ArhG/ECW2M4t2s8Tuc98l+c9kPyicY05V+mJ9SxWxO gCfjfzSVnBvOea7FwpnOmSvuq2ma3Nl3pvUfJ2wPUmuhLV3IMTtl/b/KVvTRJBoDhAHIHL VVYARtyWI7IUBAwInNPv2+AKYw0B2s/f1UgZ2s4SJiANSoaJxqbizzuboblVdrTArOJOkZ v7icKNoLioAa62itVfw/CUMH4dTGhcHkRoChnvLO2zGJj35RPaPjemlZ8HSvTcLikOIZeQ VmyxaEm19X8MK5GuoRAxjWT6NnDwHxy147damOagFbAfubMoYlBhPHaAdE5wgA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1693472206; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=58s2rX37vlZm0Sz5m/572A6P6kzYfQ0x5pG58xP+/2s=; b=YZdvRIAuXXdrkM9cpXRKWinB+b2uEDb4Qjjo6HGNh38tgQHRt03nymhiXhwBZa5mJofYbu LYHClmWqReqLgIB04y/fhTRJteBXVt9b3J0Jn0z/xWF8O25V11fyn3DX8zYuj5UPOB5CLX gdsytfA2fwJW6mDdB+USHYL6h5RNdgSR2eNnTTGmYKQEDbrpGw4ClDBxCjJsSXMNXu9z6b OySSVWOxZzoy8TEsNDK4VMm7K5U1/io4k4vQP2FLsnezc9415i8d/YUGBU5oTwTcHzKd68 yyBjq2e+VQ2oYFOQU7aJ73DJUMUuQKHp2cxYhW38FMUoCWzN+Zcre+E+2ZVmlQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Rbw5B3dK3z19dM; Thu, 31 Aug 2023 08:56:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 37V8ukM7083336; Thu, 31 Aug 2023 08:56:46 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 37V8ukEC083333; Thu, 31 Aug 2023 08:56:46 GMT (envelope-from git) Date: Thu, 31 Aug 2023 08:56:46 GMT Message-Id: <202308310856.37V8ukEC083333@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 8d49fd7331bc - main - pf: remove DIOCGETRULE and DIOCGETSTATUS List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 8d49fd7331bc72671a14f1aac1d9cdea36672d19 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=8d49fd7331bc72671a14f1aac1d9cdea36672d19 commit 8d49fd7331bc72671a14f1aac1d9cdea36672d19 Author: Kristof Provost AuthorDate: 2023-08-29 15:17:24 +0000 Commit: Kristof Provost CommitDate: 2023-08-31 08:56:32 +0000 pf: remove DIOCGETRULE and DIOCGETSTATUS These calls have nvlist variants that completely supersede them. Remove the old code. Reviewed by: mjg MFC after: never Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D41651 --- sys/net/pfvar.h | 2 - sys/netpfil/pf/pf_ioctl.c | 98 ----------------------------------------------- 2 files changed, 100 deletions(-) diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index d21ef1517bb6..60c7136e267c 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1921,14 +1921,12 @@ struct pfioc_iface { #define DIOCADDRULE _IOWR('D', 4, struct pfioc_rule) #define DIOCADDRULENV _IOWR('D', 4, struct pfioc_nv) #define DIOCGETRULES _IOWR('D', 6, struct pfioc_rule) -#define DIOCGETRULE _IOWR('D', 7, struct pfioc_rule) #define DIOCGETRULENV _IOWR('D', 7, struct pfioc_nv) /* XXX cut 8 - 17 */ #define DIOCCLRSTATESNV _IOWR('D', 18, struct pfioc_nv) #define DIOCGETSTATE _IOWR('D', 19, struct pfioc_state) #define DIOCGETSTATENV _IOWR('D', 19, struct pfioc_nv) #define DIOCSETSTATUSIF _IOWR('D', 20, struct pfioc_if) -#define DIOCGETSTATUS _IOWR('D', 21, struct pf_status) #define DIOCGETSTATUSNV _IOWR('D', 21, struct pfioc_nv) #define DIOCCLRSTATUS _IO ('D', 22) #define DIOCNATLOOK _IOWR('D', 23, struct pfioc_natlook) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index e5601710bce1..44ede3dea6a3 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -2463,14 +2463,12 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td if (securelevel_gt(td->td_ucred, 2)) switch (cmd) { case DIOCGETRULES: - case DIOCGETRULE: case DIOCGETRULENV: case DIOCGETADDRS: case DIOCGETADDR: case DIOCGETSTATE: case DIOCGETSTATENV: case DIOCSETSTATUSIF: - case DIOCGETSTATUS: case DIOCGETSTATUSNV: case DIOCCLRSTATUS: case DIOCNATLOOK: @@ -2532,7 +2530,6 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td case DIOCGETADDR: case DIOCGETSTATE: case DIOCGETSTATENV: - case DIOCGETSTATUS: case DIOCGETSTATUSNV: case DIOCGETSTATES: case DIOCGETSTATESV2: @@ -2579,11 +2576,6 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td break; /* dummy operation ok */ } return (EACCES); - case DIOCGETRULE: - if (((struct pfioc_rule *)addr)->action == - PF_GET_CLR_CNTR) - return (EACCES); - break; default: return (EACCES); } @@ -3228,63 +3220,6 @@ DIOCADDRULENV_error: break; } - case DIOCGETRULE: { - struct pfioc_rule *pr = (struct pfioc_rule *)addr; - struct pf_kruleset *ruleset; - struct pf_krule *rule; - int rs_num; - - pr->anchor[sizeof(pr->anchor) - 1] = 0; - - PF_RULES_WLOCK(); - ruleset = pf_find_kruleset(pr->anchor); - if (ruleset == NULL) { - PF_RULES_WUNLOCK(); - error = EINVAL; - break; - } - rs_num = pf_get_ruleset_number(pr->rule.action); - if (rs_num >= PF_RULESET_MAX) { - PF_RULES_WUNLOCK(); - error = EINVAL; - break; - } - if (pr->ticket != ruleset->rules[rs_num].active.ticket) { - PF_RULES_WUNLOCK(); - error = EBUSY; - break; - } - rule = TAILQ_FIRST(ruleset->rules[rs_num].active.ptr); - while ((rule != NULL) && (rule->nr != pr->nr)) - rule = TAILQ_NEXT(rule, entries); - if (rule == NULL) { - PF_RULES_WUNLOCK(); - error = EBUSY; - break; - } - - pf_krule_to_rule(rule, &pr->rule); - - if (pf_kanchor_copyout(ruleset, rule, pr)) { - PF_RULES_WUNLOCK(); - error = EBUSY; - break; - } - pf_addr_copyout(&pr->rule.src.addr); - pf_addr_copyout(&pr->rule.dst.addr); - - if (pr->action == PF_GET_CLR_CNTR) { - pf_counter_u64_zero(&rule->evaluations); - for (int i = 0; i < 2; i++) { - pf_counter_u64_zero(&rule->packets[i]); - pf_counter_u64_zero(&rule->bytes[i]); - } - counter_u64_zero(rule->states_tot); - } - PF_RULES_WUNLOCK(); - break; - } - case DIOCGETRULENV: { struct pfioc_nv *nv = (struct pfioc_nv *)addr; nvlist_t *nvrule = NULL; @@ -3871,39 +3806,6 @@ DIOCGETSTATESV2_full: break; } - case DIOCGETSTATUS: { - struct pf_status *s = (struct pf_status *)addr; - - PF_RULES_RLOCK(); - s->running = V_pf_status.running; - s->since = V_pf_status.since; - s->debug = V_pf_status.debug; - s->hostid = V_pf_status.hostid; - s->states = V_pf_status.states; - s->src_nodes = V_pf_status.src_nodes; - - for (int i = 0; i < PFRES_MAX; i++) - s->counters[i] = - counter_u64_fetch(V_pf_status.counters[i]); - for (int i = 0; i < LCNT_MAX; i++) - s->lcounters[i] = - counter_u64_fetch(V_pf_status.lcounters[i]); - for (int i = 0; i < FCNT_MAX; i++) - s->fcounters[i] = - pf_counter_u64_fetch(&V_pf_status.fcounters[i]); - for (int i = 0; i < SCNT_MAX; i++) - s->scounters[i] = - counter_u64_fetch(V_pf_status.scounters[i]); - - bcopy(V_pf_status.ifname, s->ifname, IFNAMSIZ); - bcopy(V_pf_status.pf_chksum, s->pf_chksum, - PF_MD5_DIGEST_LENGTH); - - pfi_update_status(s->ifname, s); - PF_RULES_RUNLOCK(); - break; - } - case DIOCGETSTATUSNV: { error = pf_getstatus((struct pfioc_nv *)addr); break;