From nobody Thu Nov 21 14:28:05 2024
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XvLDj3shPz5d7y4;
	Thu, 21 Nov 2024 14:28:05 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4XvLDj2pygz44pq;
	Thu, 21 Nov 2024 14:28:05 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1732199285;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Rw9em5EhitXvQQTelDBscRmsWAeqFWL7YKlyDxN/4+E=;
	b=JyDjOclb7bkBSHjKsd2tT6MJe57BkLgQdSOhUk5Pmz6xvL7mntVL5c7C7z/kRurnyOyL65
	BJouXc0wyHypqkr/YZgeMASW7Hx3ou6H6YLWm9prEsPdH9e+VEPX7UCsp25qp9kQFM0vVA
	2HwUgU3ocTbuo8FHQ7A9EaGg07gcwDCxeMy9yCra+W8rfdmKTmfKp5BNBwNz9kV6PwqErz
	d0M4OGilCcZLGfRGi66LK0T8nGo/xESVwzm1G00aFf7NpcAjU8FUev7ALao2x39tYJh6Op
	laznB+Pc0AP/y6dZGtLuQo5xQ32rURHlu5/BkUrqrM751azjjOGK9FJa16lhWw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1732199285;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Rw9em5EhitXvQQTelDBscRmsWAeqFWL7YKlyDxN/4+E=;
	b=i6n21VQuYsmiIWcAi1Ksjj3TAJ9V2VeZRrXd/tmgUKxlNP5DKKAFq++xIIvAXJp5FGQoyP
	92lbBW/2nlj5KN78/7CgbKWQVX5AoQwzff7Tq2KI++FIXbbjWjXCGmAJziYSmKXmEjaAF9
	ZGCac7YAf+Xj14jqaL7IuwQPa2WHd4cv+WEPyLn7Zqlg9t2iNMSbeZdzDfVypFSzmrkkBu
	dAAz3TU3MisLhW/M6GOEAsYox6zSf1naDyTzhINFd3g2qNtb945DM4IO1CNIhsq5WypkD5
	NWrXdnhat2R6r2bGmRHYmZd6AQ6bW3Fvr2IW1pIx0SXHBASNNBLwY250FiM7DA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1732199285; a=rsa-sha256; cv=none;
	b=Ma+/+OkzwLbCRmifTZaydFpsi2bkbv/c4jeIG2YeUT5pD4zh8HfMBGQrh9TmGrE2EdXGbA
	t48cCt65u8Hh96JH/BgJ6rYFAHHzIXxyby5y3BP8Xfi154VgvKaolqj2vPmnWrdhZmeKpV
	gzpx1GDlKSsOVEI82CNCtuO793C7Y5Ne1MlmyJwJ3lO5RgKNwxySByTDTkkCObiKRJmY+K
	vEp4AsYsJm/8qY3pEjQGLdZB/roQmtWWaQ7owz1Ttw51TNi5P/Ria9lB4P8V3BJ4p+Wxzl
	RZYNO+17HIBxsrkke3kLJutt0tuw/SqFiU1btl9x2LApjm3CNUBhWe/X26yf3Q==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XvLDj2QBLzk9h;
	Thu, 21 Nov 2024 14:28:05 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4ALES55d010871;
	Thu, 21 Nov 2024 14:28:05 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4ALES56v010868;
	Thu, 21 Nov 2024 14:28:05 GMT
	(envelope-from git)
Date: Thu, 21 Nov 2024 14:28:05 GMT
Message-Id: <202411211428.4ALES56v010868@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Kajetan Staszkiewicz <ks@FreeBSD.org>
Subject: git: 7d929a444587 - main - pf: Fix timestamps and connection
  rate in source node export
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ks
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 7d929a444587540205e27caacf72377169611cdf
Auto-Submitted: auto-generated

The branch main has been updated by ks:

URL: https://cgit.FreeBSD.org/src/commit/?id=7d929a444587540205e27caacf72377169611cdf

commit 7d929a444587540205e27caacf72377169611cdf
Author:     Kajetan Staszkiewicz <ks@FreeBSD.org>
AuthorDate: 2024-11-21 14:23:42 +0000
Commit:     Kajetan Staszkiewicz <ks@FreeBSD.org>
CommitDate: 2024-11-21 14:27:32 +0000

    pf: Fix timestamps and connection rate in source node export
    
    When copying struct pf_ksrc_node into a netlink message some fields
    change their meaning. In kernel creation and expire fields are storing
    number of seconds since boot.
    
    Add conversion to number of seconds relative to moment of exporting the
    source node via netlink, as this is what pfctl expects. Add conversion
    of connection rate count.
    
    Reviewed by:            kp
    Approved by:            kp (mentor)
    Sponsored by:           InnoGames GmbH
    Differential Revision:  https://reviews.freebsd.org/D47321
---
 sys/netpfil/pf/pf_nl.c | 31 +++++++++++++++++++++++++------
 1 file changed, 25 insertions(+), 6 deletions(-)

diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c
index 7a54ee78c684..bdfa9a60faa4 100644
--- a/sys/netpfil/pf/pf_nl.c
+++ b/sys/netpfil/pf/pf_nl.c
@@ -1714,13 +1714,23 @@ pf_handle_get_ruleset(struct nlmsghdr *hdr, struct nl_pstate *npt)
 }
 
 static bool
-nlattr_add_pf_threshold(struct nl_writer *nw, int attrtype, struct pf_threshold *t)
+nlattr_add_pf_threshold(struct nl_writer *nw, int attrtype,
+    struct pf_threshold *t, int secs)
 {
-	int off = nlattr_add_nested(nw, attrtype);
+	int	 off = nlattr_add_nested(nw, attrtype);
+	int	 diff, conn_rate_count;
+
+	/* Adjust the connection rate estimate. */
+	conn_rate_count = t->count;
+	diff = secs - t->last;
+	if (diff >= t->seconds)
+		conn_rate_count = 0;
+	else
+		conn_rate_count -= t->count * diff / t->seconds;
 
 	nlattr_add_u32(nw, PF_TH_LIMIT, t->limit);
 	nlattr_add_u32(nw, PF_TH_SECONDS, t->seconds);
-	nlattr_add_u32(nw, PF_TH_COUNT, t->count);
+	nlattr_add_u32(nw, PF_TH_COUNT, conn_rate_count);
 	nlattr_add_u32(nw, PF_TH_LAST, t->last);
 
 	nlattr_set_len(nw, off);
@@ -1736,6 +1746,7 @@ pf_handle_get_srcnodes(struct nlmsghdr *hdr, struct nl_pstate *npt)
 	struct pf_ksrc_node	*n;
 	struct pf_srchash	*sh;
 	int			 i;
+	int			 secs;
 
 	hdr->nlmsg_flags |= NLM_F_MULTI;
 
@@ -1746,6 +1757,8 @@ pf_handle_get_srcnodes(struct nlmsghdr *hdr, struct nl_pstate *npt)
 			continue;
 
 		PF_HASHROW_LOCK(sh);
+		secs = time_uptime;
+
 		LIST_FOREACH(n, &sh->nodes, entry) {
 			if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr))) {
 				nlmsg_abort(nw);
@@ -1768,9 +1781,15 @@ pf_handle_get_srcnodes(struct nlmsghdr *hdr, struct nl_pstate *npt)
 			nlattr_add_u32(nw, PF_SN_CONNECTIONS, n->conn);
 			nlattr_add_u8(nw, PF_SN_AF, n->af);
 			nlattr_add_u8(nw, PF_SN_RULE_TYPE, n->ruletype);
-			nlattr_add_u64(nw, PF_SN_CREATION, n->creation);
-			nlattr_add_u64(nw, PF_SN_EXPIRE, n->expire);
-			nlattr_add_pf_threshold(nw, PF_SN_CONNECTION_RATE, &n->conn_rate);
+
+			nlattr_add_u64(nw, PF_SN_CREATION, secs - n->creation);
+			if (n->expire > secs)
+				nlattr_add_u64(nw, PF_SN_EXPIRE, n->expire - secs);
+			else
+				nlattr_add_u64(nw, PF_SN_EXPIRE, 0);
+
+			nlattr_add_pf_threshold(nw, PF_SN_CONNECTION_RATE,
+			    &n->conn_rate, secs);
 
 			if (!nlmsg_end(nw)) {
 				PF_HASHROW_UNLOCK(sh);