From nobody Tue May 30 12:29:25 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QVsCV1kdtz4XQmF; Tue, 30 May 2023 12:29:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QVsCV0fZvz4CgM; Tue, 30 May 2023 12:29:26 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1685449766; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GeQCyibVYyFt2wiTeO7Ux2PVnTvPN7ZViCSb2uulhgs=; b=xNlztZudnZhBLs8Vlbb1VS0pYOYSvENdBeNWyGsN5YKH1bTVrUzears7XNBJIZH+6o3L+v ufpclRG+8SD9M1qKSwHUgL+/evat2s3KNDtI0D3v5/cstpkTvg6VEZaZPbWVUup+zHiM8j L5hIn04Zr/KfWI9nmnhQE6PMobbV86XxTH/OLkok7kYyn6xvZtupUJnaV9iKVMbPZCnNEl kCOEp5xvLDOgN1JsxpAk+YLBh6FiwMfmdM/oOXAWjzhaOqXW5Hot6LlYrm0IhzU91EBDvP Vp7ScsKesx+HF8nXk7p7kxj6t0b2Pa0jIbL5hgwETSDpwRbb+A/aamJgTQHLlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1685449766; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GeQCyibVYyFt2wiTeO7Ux2PVnTvPN7ZViCSb2uulhgs=; b=UjbZkKxAGzJTMtmV93FPLE1QIKM5naoFviWUsaeiAY7x8rhOSdljNk/YYhnn3/UEDYDWY/ FXqdeBGq6YJ6lNPUB6KOi7lVmDGBZGD9x939idAHVczIN+OofGmOWwNy8vMUwFpQRWIj7J DdI1We/oL38SMaOUbQ/YNib8/KVfnaXhbItGtNKkOkovIx1JMRaPbAZzaMAvrgnDNWJZm/ DSe77Y0OjJuwTxm5e/vAUJ0ErPa0nQRvakEPXxfl/XY7+phssQdVL4t4Y1SaY7mYSZEg+j J1iiYndm+B9H57Qj2bQPjm30sAh5tcuWwHlnTMYrt+Hs4A4ACJFa3+PWBCRHGQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1685449766; a=rsa-sha256; cv=none; b=MlsKLlGmHUVKi3PNziPhr2dnItCXe8oYO6Hcb2KgWD7LPwTY+PTHDSthwK9QrhAtaHT5Zl 62jSgXTveOHwp5ws4rYJTij+yZl8diGzqXy8fWHM4UA0udL6HQ23YHii+uyXJyQE9gyVcp NI0iRryhJAaAVgm9fRKyc9XUD7pgkyz/Ebm+VrwA9I1sAX8d0cUbsbYJZEVUx/z1U9US7v cSmv6xjsgJN2RHq6EAPmHh4XiPwW+pcPrg/PgxEx2O9gSI9P6PKbhmW9j92/KllJ+01F8d E/O9b3ozzA0BViXpYTx6ydOWz8r0ghynrmnq7csFvMS8/ZH8X0vjjBNWrZCIlQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QVsCT53nXzsdw; Tue, 30 May 2023 12:29:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34UCTPEd051449; Tue, 30 May 2023 12:29:25 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34UCTP3C051448; Tue, 30 May 2023 12:29:25 GMT (envelope-from git) Date: Tue, 30 May 2023 12:29:25 GMT Message-Id: <202305301229.34UCTP3C051448@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: c45d6b0ec011 - main - pfctl: Add missing state parameters in DIOCGETSTATESV2 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: c45d6b0ec011d5c113e0f7dedfc0070e8464fbbc Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=c45d6b0ec011d5c113e0f7dedfc0070e8464fbbc commit c45d6b0ec011d5c113e0f7dedfc0070e8464fbbc Author: Kajetan Staszkiewicz AuthorDate: 2023-05-29 19:35:58 +0000 Commit: Kristof Provost CommitDate: 2023-05-30 12:28:57 +0000 pfctl: Add missing state parameters in DIOCGETSTATESV2 Reviewed by: kp Sponsored by: InnoGames GmbH Different Revision: https://reviews.freebsd.org/D40259 --- lib/libpfctl/libpfctl.c | 16 ++++++++++++++-- lib/libpfctl/libpfctl.h | 12 ++++++++++++ sbin/pfctl/pf_print_state.c | 45 ++++++++++++++++++++++++++++++++++++++++----- sys/net/pfvar.h | 15 +++++++++++++-- sys/netpfil/pf/pf_ioctl.c | 20 ++++++++++++++++++-- 5 files changed, 97 insertions(+), 11 deletions(-) diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index 4f251e92d9aa..28ec89cd2aed 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -1111,6 +1111,7 @@ pf_state_export_to_state(struct pfctl_state *ps, const struct pf_state_export *s ps->id = s->id; strlcpy(ps->ifname, s->ifname, sizeof(ps->ifname)); strlcpy(ps->orig_ifname, s->orig_ifname, sizeof(ps->orig_ifname)); + strlcpy(ps->rt_ifname, s->rt_ifname, sizeof(ps->rt_ifname)); pf_state_key_export_to_state_key(&ps->key[0], &s->key[0]); pf_state_key_export_to_state_key(&ps->key[1], &s->key[1]); pf_state_peer_export_to_state_peer(&ps->src, &s->src); @@ -1131,8 +1132,19 @@ pf_state_export_to_state(struct pfctl_state *ps, const struct pf_state_export *s ps->key[0].af = s->af; ps->key[1].af = s->af; ps->direction = s->direction; - ps->state_flags = s->state_flags; - ps->sync_flags = s->sync_flags; + ps->state_flags = ntohs(s->state_flags); + ps->sync_flags = ntohs(s->sync_flags); + ps->qid = ntohs(s->qid); + ps->pqid = ntohs(s->pqid); + ps->dnpipe = ntohs(s->dnpipe); + ps->dnrpipe = ntohs(s->dnrpipe); + ps->rtableid = ntohl(s->rtableid); + ps->min_ttl = s->min_ttl; + ps->set_tos = s->set_tos; + ps->max_mss = ntohs(s->max_mss); + ps->rt = s->rt; + ps->set_prio[0] = s->set_prio[0]; + ps->set_prio[1] = s->set_prio[1]; } int diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h index 064adafcf3ed..1a22cb5b853c 100644 --- a/lib/libpfctl/libpfctl.h +++ b/lib/libpfctl/libpfctl.h @@ -353,6 +353,18 @@ struct pfctl_state { uint32_t pfsync_time; uint16_t state_flags; uint32_t sync_flags; + uint16_t qid; + uint16_t pqid; + uint16_t dnpipe; + uint16_t dnrpipe; + uint8_t log; + int32_t rtableid; + uint8_t min_ttl; + uint8_t set_tos; + uint16_t max_mss; + uint8_t set_prio[2]; + uint8_t rt; + char rt_ifname[IFNAMSIZ]; }; TAILQ_HEAD(pfctl_statelist, pfctl_state); diff --git a/sbin/pfctl/pf_print_state.c b/sbin/pfctl/pf_print_state.c index d23a0154b70d..f0ad9a427006 100644 --- a/sbin/pfctl/pf_print_state.c +++ b/sbin/pfctl/pf_print_state.c @@ -350,17 +350,34 @@ print_state(struct pfctl_state *s, int opts) if (s->state_flags & PFSTATE_NODF) printf(", no-df"); if (s->state_flags & PFSTATE_SETTOS) - printf(", set-tos"); + printf(", set-tos 0x%2.2x", s->set_tos); if (s->state_flags & PFSTATE_RANDOMID) printf(", random-id"); if (s->state_flags & PFSTATE_SCRUB_TCP) - printf(", scrub-tcp"); + printf(", reassemble-tcp"); if (s->state_flags & PFSTATE_SETPRIO) - printf(", set-prio"); + printf(", set-prio (0x%02x 0x%02x)", + s->set_prio[0], s->set_prio[1]); + if (s->dnpipe || s->dnrpipe) { + if (s->state_flags & PFSTATE_DN_IS_PIPE) + printf(", dummynet pipe (%d %d)", + s->dnpipe, s->dnrpipe); + if (s->state_flags & PFSTATE_DN_IS_QUEUE) + printf(", dummynet queue (%d %d)", + s->dnpipe, s->dnrpipe); + } if (s->sync_flags & PFSYNC_FLAG_SRCNODE) printf(", source-track"); if (s->sync_flags & PFSYNC_FLAG_NATSRCNODE) printf(", sticky-address"); + if (s->log) + printf(", log"); + if (s->log & PF_LOG_ALL) + printf(" (all)"); + if (s->min_ttl) + printf(", min-ttl %d", s->min_ttl); + if (s->max_mss) + printf(", max-mss %d", s->max_mss); printf("\n"); } if (opts & PF_OPT_VERBOSE2) { @@ -368,8 +385,26 @@ print_state(struct pfctl_state *s, int opts) bcopy(&s->id, &id, sizeof(u_int64_t)); printf(" id: %016jx creatorid: %08x", id, s->creatorid); - printf(" gateway: "); - print_host(&s->rt_addr, 0, af, opts); + if (s->rt) { + switch (s->rt) { + case PF_ROUTETO: + printf(" route-to: "); + break; + case PF_DUPTO: + printf(" dup-to: "); + break; + case PF_REPLYTO: + printf(" reply-to: "); + break; + default: + printf(" gateway: "); + } + print_host(&s->rt_addr, 0, af, opts); + if (s->rt_ifname[0]) + printf("@%s", s->rt_ifname); + } + if (s->rtableid != -1) + printf(" rtable: %d", s->rtableid); printf("\n"); if (strcmp(s->ifname, s->orig_ifname) != 0) diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index c5923bc9abdf..2f2cc1632edc 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -976,7 +976,7 @@ _Static_assert(sizeof(struct pf_state_peer_export) == 32, "size incorrect"); struct pf_state_export { uint64_t version; -#define PF_STATE_VERSION 20210706 +#define PF_STATE_VERSION 20230404 uint64_t id; char ifname[IFNAMSIZ]; char orig_ifname[IFNAMSIZ]; @@ -1003,8 +1003,19 @@ struct pf_state_export { uint8_t sync_flags; uint8_t updates; uint16_t state_flags; + uint16_t qid; + uint16_t pqid; + uint16_t dnpipe; + uint16_t dnrpipe; + int32_t rtableid; + uint8_t min_ttl; + uint8_t set_tos; + uint16_t max_mss; + uint8_t set_prio[2]; + uint8_t rt; + char rt_ifname[IFNAMSIZ]; - uint8_t spare[110]; + uint8_t spare[72]; }; _Static_assert(sizeof(struct pf_state_export) == 384, "size incorrect"); diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 665213b07bfe..db88c7d2dc0e 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -5787,9 +5787,9 @@ pf_state_export(struct pf_state_export *sp, struct pf_kstate *st) sp->direction = st->direction; sp->log = st->log; sp->timeout = st->timeout; - /* 8 bits for old peers, 16 bits for new peers */ + /* 8 bits for the old libpfctl, 16 bits for the new libpfctl */ sp->state_flags_compat = st->state_flags; - sp->state_flags = st->state_flags; + sp->state_flags = htons(st->state_flags); if (st->src_node) sp->sync_flags |= PFSYNC_FLAG_SRCNODE; if (st->nat_src_node) @@ -5817,6 +5817,22 @@ pf_state_export(struct pf_state_export *sp, struct pf_kstate *st) sp->packets[1] = st->packets[1]; sp->bytes[0] = st->bytes[0]; sp->bytes[1] = st->bytes[1]; + + sp->qid = htons(st->qid); + sp->pqid = htons(st->pqid); + sp->dnpipe = htons(st->dnpipe); + sp->dnrpipe = htons(st->dnrpipe); + sp->rtableid = htonl(st->rtableid); + sp->min_ttl = st->min_ttl; + sp->set_tos = st->set_tos; + sp->max_mss = htons(st->max_mss); + sp->rt = st->rt; + if (st->rt_kif) + strlcpy(sp->rt_ifname, st->rt_kif->pfik_name, + sizeof(sp->rt_ifname)); + sp->set_prio[0] = st->set_prio[0]; + sp->set_prio[1] = st->set_prio[1]; + } static void