From nobody Wed Mar 02 16:00:52 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B716019E0F20; Wed, 2 Mar 2022 16:00:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4K7zP159n4z3NW1; Wed, 2 Mar 2022 16:00:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1646236854; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=39cdshXDyBttnUnOBmVs2LlvP8SRjJL7LLyXbJN+OG0=; b=Z8Wf0K7gnoP8zuWZvy93lQlLKwkGNGXQwBPje5l2wOR+y5aGJGtSRXlk0gpje2xcAr6UJk q+nDKo3tX8+GW83ykrHBNJRjzaiK4zxIyvmCUc3EGddZ3tS1Q8ynBEP+c8xaYDU6v74fG1 trOdU86FvslMJu+s4LPyqsRi5BKuFWWq/4LxYMjWWg16n7KkchcTTKPTJwZHztNH/6f0WW FEN/D9QYFyGbhcoyNyK+cusweHW3myngY2/tQvuVR3tvpNXrpWaBPqllD84aNn523kpIT4 10I65jYlkHJ0C6+BG4nORPlfjJJIoM3flYM5+Imfv0TJhEzREmm4FBwR5AxtfQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A9A4E264E7; Wed, 2 Mar 2022 16:00:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 222G0q2W091205; Wed, 2 Mar 2022 16:00:52 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 222G0qNo091204; Wed, 2 Mar 2022 16:00:52 GMT (envelope-from git) Date: Wed, 2 Mar 2022 16:00:52 GMT Message-Id: <202203021600.222G0qNo091204@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 30087aa2e00a - main - pf: Support clearing ether counters List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 30087aa2e00ac8ba7cc487ddc9fccfdd2cd330ea Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1646236854; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=39cdshXDyBttnUnOBmVs2LlvP8SRjJL7LLyXbJN+OG0=; b=Dm7sbpMFeM4kXy7SBrVQBk5di6NpvD5J/mkgAsIi+x6JRuoCCn5S+ffHr1FP7GU19dBHrN j+085kVSMwCeA4qHDYjDauB0m9BwLgYhj2+AETye36ZUhvhNUsFELB4gTYHWpbkBAMpP3e NDv8JbGgq5k81ZtTNxR1JSSSaUBNHWOYjaLmWBMpQ9fYX+LSF7Unm2ngZjx4EwQ4gJl/f3 f5hA1icM2S0alt7siLJP5uP+egMPKHvsT/KANLrla5T4SxjDJziqDJ4Scch0Xm4GCk2a/x 5gpSEnUWuPYDlZUxRiY/dUSz5KF0Vdfpv8hLvMPcGTg4eLnaI1q/RE7V3S4FGQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1646236854; a=rsa-sha256; cv=none; b=Ig17qi9AGSa6l5/MimM/RqKx7A+cPYTSgqgFQ8c/Mdhzxm0QadR3WuMO1hM0DooQPnrWwh Bk61PS0EiFEKm7MzBl3o0Ohn2zkNpTcJJJ1HRcHRcSn71TmCGwpQo/S27ozvhqHS+Ls0z0 ktGgudBmgBWY4KRtRT4wNFafxlOBfl3TXffCV1y+TCNJ5Hrozt/OCVk173TG59dlFxIkuN Zwr7lJozIkx76JkjtObSr1zIeida/Rqk9QB+rrk1dyV4HLH3I2YLSZOIZAURsxct7LRH7O X5Gjh3Zpfkd08qoeuQcAf9UEKSxYuMEaEbCxZczFCAMR2Y2OjDEScP7Gt8OUGA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=30087aa2e00ac8ba7cc487ddc9fccfdd2cd330ea commit 30087aa2e00ac8ba7cc487ddc9fccfdd2cd330ea Author: Kristof Provost AuthorDate: 2021-02-17 16:24:05 +0000 Commit: Kristof Provost CommitDate: 2022-03-02 16:00:05 +0000 pf: Support clearing ether counters Allow the evaluations/packets/bytes counters on Ethernet rules to be cleared. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D31748 --- sbin/pfctl/pfctl.c | 16 +++++++++------- sys/netpfil/pf/pf_ioctl.c | 14 ++++++++++++++ 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index 83b3c1db0613..f825ef834ac4 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -98,7 +98,7 @@ int pfctl_get_pool(int, struct pfctl_pool *, u_int32_t, u_int32_t, int, char *); void pfctl_print_eth_rule_counters(struct pfctl_eth_rule *, int); void pfctl_print_rule_counters(struct pfctl_rule *, int); -int pfctl_show_eth_rules(int, int); +int pfctl_show_eth_rules(int, int, enum pfctl_show); int pfctl_show_rules(int, char *, int, enum pfctl_show, char *, int); int pfctl_show_nat(int, int, char *); int pfctl_show_src_nodes(int, int); @@ -1052,7 +1052,7 @@ pfctl_print_title(char *title) } int -pfctl_show_eth_rules(int dev, int opts) +pfctl_show_eth_rules(int dev, int opts, enum pfctl_show format) { struct pfctl_eth_rules_info info; struct pfctl_eth_rule rule; @@ -1063,8 +1063,8 @@ pfctl_show_eth_rules(int dev, int opts) return (-1); } for (int nr = 0; nr < info.nr; nr++) { - if (pfctl_get_eth_rule(dev, nr, info.ticket, &rule, false) - != 0) { + if (pfctl_get_eth_rule(dev, nr, info.ticket, &rule, + opts & PF_OPT_CLRRULECTRS) != 0) { warn("DIOCGETETHRULE"); return (-1); } @@ -2640,13 +2640,13 @@ main(int argc, char *argv[]) pfctl_show_limits(dev, opts); break; case 'e': - pfctl_show_eth_rules(dev, opts); + pfctl_show_eth_rules(dev, opts, 0); break; case 'a': opts |= PF_OPT_SHOWALL; pfctl_load_fingerprints(dev, opts); - pfctl_show_eth_rules(dev, opts); + pfctl_show_eth_rules(dev, opts, 0); pfctl_show_nat(dev, opts, anchorname); pfctl_show_rules(dev, path, opts, 0, anchorname, 0); @@ -2673,9 +2673,11 @@ main(int argc, char *argv[]) } } - if ((opts & PF_OPT_CLRRULECTRS) && showopt == NULL) + if ((opts & PF_OPT_CLRRULECTRS) && showopt == NULL) { + pfctl_show_eth_rules(dev, opts, PFCTL_SHOW_NOTHING); pfctl_show_rules(dev, path, opts, PFCTL_SHOW_NOTHING, anchorname, 0); + } if (clearopt != NULL) { if (anchorname[0] == '_' || strstr(anchorname, "/_") != NULL) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index b116d6e91a7b..7e14d0cf405c 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -2555,6 +2555,7 @@ DIOCGETETHRULES_error: void *nvlpacked = NULL; struct pf_keth_rule *rule = NULL; u_int32_t ticket, nr; + bool clear = false; #define ERROUT(x) do { error = (x); goto DIOCGETETHRULE_error; } while (0) @@ -2571,6 +2572,12 @@ DIOCGETETHRULES_error: ERROUT(EBADMSG); ticket = nvlist_get_number(nvl, "ticket"); + if (nvlist_exists_bool(nvl, "clear")) + clear = nvlist_get_bool(nvl, "clear"); + + if (clear && !(flags & FWRITE)) + ERROUT(EACCES); + if (! nvlist_exists_number(nvl, "nr")) ERROUT(EBADMSG); nr = nvlist_get_number(nvl, "nr"); @@ -2612,6 +2619,13 @@ DIOCGETETHRULES_error: ERROUT(ENOSPC); error = copyout(nvlpacked, nv->data, nv->len); + if (error == 0 && clear) { + counter_u64_zero(rule->evaluations); + for (int i = 0; i < 2; i++) { + counter_u64_zero(rule->packets[i]); + counter_u64_zero(rule->bytes[i]); + } + } #undef ERROUT DIOCGETETHRULE_error: