From nobody Wed Nov 01 09:06:08 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SL1MP4Pl7z503ct; Wed, 1 Nov 2023 09:06:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SL1MP1KYRz3K1K; Wed, 1 Nov 2023 09:06:09 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1698829569; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=HrIXukCsGxX8bHGMTjiQuzoJ7Xf6OPhoTf8SYI2Y0PE=; b=bz5psSnC4NmHQ3zHCqWd2hSkvDs3xpGpd4FqxN1uRzxhjbOAPe/kYHWfZOjcdp1ZDwutKr OIyGhOaZeXEHHuNbZIFRcGq1CjxY4v+p2TCz/4Mvkd1bNmhPvFaw4e1bOMcXNYscXgQCTP /mNCkGOp3FtFjSUBCXSPWmTNmye5lPSlWCyLF+xBoyx5e05A6eyuRgw+m1HUU3gGQH0mQx gITr1sZ/H5TMOULyP9pZo6XWoj30Q0bOn2iTAQGGqvj3lXnQkuo1kRpbQYYTF5z+hSHpzB 8y10ySnvB1WW5wngfDyF+nLkuJn2LU6n/L5q0rQmxuCFggllmJlyvFsAvHOo5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1698829569; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=HrIXukCsGxX8bHGMTjiQuzoJ7Xf6OPhoTf8SYI2Y0PE=; b=H/EvI3caSbaTzTgr2kV7/TciGVdo9uy5agO+z+sPg4Zti4eCiCRxljU5HXsYp2fQBc5Cm/ co1pgDv74znWC6oUriOXHB3X5Dz2wCVrcrgzjdf51Rj4XaZRbuzbxKVls4BF1RDhdIlKKv q4tdVv8DVW/9sSVUXdGSh867p4rqEIDpivUGsswDdYb3T6ihe9AtyjqPy4jXqXHZkTdX4H hrCXLr71R/bOfamqLeLogFqbQTZwkGUEQZPJX4c46tOTjFvGJL200xLK/m+fbdvz62wJYP f7xDIQNi9gEjrF8fGFgUxfhnKwTWw+KvL6rpbzzamKb3IKXiroyFVX0N8030vw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1698829569; a=rsa-sha256; cv=none; b=IxmWlMeuNmVRHHSJ/g/ZAXGMrVeAH1trgzQI7P9fxU/pJs0chKpYvV073owLcgFrorwMH3 XkXulpcU5xhIhAJYWTSzBU7kp11MYPsZUyQUQm8ZoUHMrg/OmQ7yNFRkp3euDYZbBG2f6n Uj4iQVcGaR6b4MndyE5YHL/eo8s6qiBOCbkDPGjQSLpoY9oc/g6nZnOXE0ERKfNqQNh9Ci rBssWa75NVEAyjS2p5nP8+vytyAz9oUNREM7fJ65667BMOn1OfRVREwWuy6xqBL2+AN10c 9cRweklhn4nU9pn9IpKrI0skwKzh4jQddf+aHmU1wocP4Y0rAk4/ASMFz3yZMQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SL1MN6gk5zfvP; Wed, 1 Nov 2023 09:06:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3A19684a065295; Wed, 1 Nov 2023 09:06:08 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3A1968Fo065287; Wed, 1 Nov 2023 09:06:08 GMT (envelope-from git) Date: Wed, 1 Nov 2023 09:06:08 GMT Message-Id: <202311010906.3A1968Fo065287@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 14cd670053ec - stable/14 - pf: update pf(4) man page to list DIOCGETSTATESV2 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 14cd670053eccc61b2930ed467bd0476d69fb9f7 Auto-Submitted: auto-generated The branch stable/14 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=14cd670053eccc61b2930ed467bd0476d69fb9f7 commit 14cd670053eccc61b2930ed467bd0476d69fb9f7 Author: Kristof Provost AuthorDate: 2023-10-23 15:11:15 +0000 Commit: Kristof Provost CommitDate: 2023-11-01 09:05:49 +0000 pf: update pf(4) man page to list DIOCGETSTATESV2 The nvlist based state retrieval ioctl has been replaced by an old-style ioctl for performance reasons. Document that one. Reported by: Michael Gmelin MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D42331 (cherry picked from commit 6869f90bf5bbb2f5ae5400e3a435b3680991321d) --- share/man/man4/pf.4 | 103 +++++++++++++++++++++++++--------------------------- 1 file changed, 49 insertions(+), 54 deletions(-) diff --git a/share/man/man4/pf.4 b/share/man/man4/pf.4 index 4f0ff50d3db5..b757376e0183 100644 --- a/share/man/man4/pf.4 +++ b/share/man/man4/pf.4 @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd July 12, 2023 +.Dd October 20, 2023 .Dt PF 4 .Os .Sh NAME @@ -419,65 +419,60 @@ Set the debug level. enum { PF_DEBUG_NONE, PF_DEBUG_URGENT, PF_DEBUG_MISC, PF_DEBUG_NOISY }; .Ed -.It Dv DIOCGETSTATESNV Fa "struct pfioc_nv *nv" +.It Dv DIOCGETSTATESV2 Fa "struct pfioc_states_v2 *ps" Get state table entries. .Bd -literal -nvlist pf_state_key { - nvlist pf_addr addr[2]; - number port[2]; - number af; - number proto; -}; - -nvlist pf_state_scrub { - bool timestamp; - number ttl; - number ts_mod; -}; - -nvlist pf_state_peer { - nvlist pf_state_scrub scrub; - number seqlo; - number seqhi; - number seqdiff; - number max_win; - number mss; - number state; - number wscale; -}; - -nvlist pf_state { - number id; - string ifname; - nvlist pf_state_key stack_key; - nvlist pf_state_key wire_key; - nvlist pf_state_peer src; - nvlist pf_state_peer dst; - nvlist pf_addr rt_addr; - number rule; - number anchor; - number nat_rule; - number expire; - number packets[2]; - number bytes[2]; - number creatorid; - number direction; - number log; - number state_flags; - number timeout; - number sync_flags; +struct pfioc_states_v2 { + int ps_len; + uint64_t ps_req_version; + union { + void *ps_buf; + struct pf_state_export *ps_states; + }; }; -nvlist pf_states { - number count; - nvlist pf_state states[]; +struct pf_state_export { + uint64_t version; + uint64_t id; + char ifname[IFNAMSIZ]; + char orig_ifname[IFNAMSIZ]; + struct pf_state_key_export key[2]; + struct pf_state_peer_export src; + struct pf_state_peer_export dst; + struct pf_addr rt_addr; + uint32_t rule; + uint32_t anchor; + uint32_t nat_rule; + uint32_t creation; + uint32_t expire; + uint32_t spare0; + uint64_t packets[2]; + uint64_t bytes[2]; + uint32_t creatorid; + uint32_t spare1; + sa_family_t af; + uint8_t proto; + uint8_t direction; + uint8_t log; + uint8_t state_flags_compat; + uint8_t timeout; + uint8_t sync_flags; + uint8_t updates; + uint16_t state_flags; + uint16_t qid; + uint16_t pqid; + uint16_t dnpipe; + uint16_t dnrpipe; + int32_t rtableid; + uint8_t min_ttl; + uint8_t set_tos; + uint16_t max_mss; + uint8_t set_prio[2]; + uint8_t rt; + char rt_ifname[IFNAMSIZ]; + uint8_t spare[72]; }; .Ed -.Pp -If -.Va pfioc_nv.size -is insufficiently large, as many states as possible that can fit into this -size will be copied into the supplied buffer. .It Dv DIOCCHANGERULE Fa "struct pfioc_rule *pcr" Add or remove the .Va rule