From nobody Fri Sep 27 12:30:07 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XFVCz6DHqz5XxHm; Fri, 27 Sep 2024 12:30:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XFVCz5jkLz4pSP; Fri, 27 Sep 2024 12:30:07 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1727440207; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=76BLAtDFqq+/u8UqKoWUQ5cb5doLPow7qG05lB1Ir2Q=; b=kq+1LOH3RaAU8tdq2yaJpRTUAQSTcm6UnlmUV91YGUs4hZj16VlUenbYhk9RvgsD/y+71f D3n2Rhs54/j6oSl87oJKb1rRzkYXuXbheRtwojqrRKgmYpJ2zeZ29HMJDXWvSV6222VHLJ KjsooB2wpDslgk6CTjsPXMiSulw0IdAOzKOq7YiHQLb5mGMfmKLxlKjdqhCq7PMMZY62qX A0AZZRwxr0A/LGLOJrE2aua4UxrlF4UP1CZ66uAltVCwU7jXLlxtWjOvvX+pScOggJ0+hH oKWcRRczSL/dqkC/6Qy3pAtJzUkqB7pDObjkVeSWjZaQcc8qf867ktmeymjfAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1727440207; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=76BLAtDFqq+/u8UqKoWUQ5cb5doLPow7qG05lB1Ir2Q=; b=cel7met/NZVLQog20WRHUtjqsmQGPiq4y9F5KpZKXtXbs4QQYDN+ljRSbqhlyyqsPIR1QP R0+c8xzsTdgdP5pvPjAZfUzwzDFssk1SAqAKAWBoygTH8YqNsnUFp6sVOkeEv5nZ0xMXRR MxzLeLCjmvseAtK3zqv4M7BiuTfRsy5OT2wb/mXN/AD3rveaKFdnL/sl3YB6tlXwexTgez WsBTn2A6QI/+ew2jqzU3d5WYJblzuJEIGCW/KgWb5rMTI2IttdAUmNP1R24W7FxQuRstCg 1VQ7F6igDc4wZb5Caf6fuHZkcvwLeCqFP8oXAmajyjtTFdw9jVhnplH2IIpFVA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1727440207; a=rsa-sha256; cv=none; b=YHyKpVQyIqRYIfIpIoip9dHYZDNNCtxEHWWHyyEy8qgaWqvWZzVo4yj5GMr2arCHhhacB/ wS0ISu3y0YSheclFsA8btePRvLAAbof/uCcTbTZI101OSTKecpXzSM13loWFiQF2XyvBDR QSrZrXw2zd4sfcZ86bWFZtWOMslwAzlS4f8MQNVN9ycJPNzkNfxmc0e2lGmsK3EtzjSxIu DFJCm57WXzZ47d45/X1VceHQnEtaGXjbmp2wHYQgTb3k/j/GWJvy9NdWfYpDcMBRRpE0B9 fTdUSZcXF4ECvvFp+O6OtGMI12LPNsw8tAKOxW4VE4ZgUh9S/I9QFlKxbrCsYw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XFVCz5C7fzgPr; Fri, 27 Sep 2024 12:30:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 48RCU7t1040993; Fri, 27 Sep 2024 12:30:07 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 48RCU7CK040988; Fri, 27 Sep 2024 12:30:07 GMT (envelope-from git) Date: Fri, 27 Sep 2024 12:30:07 GMT Message-Id: <202409271230.48RCU7CK040988@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 7fe42038b269 - main - pf: fix max-src-conn when rules are added via netlink List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 7fe42038b2691bddd58fdf8783c1b92c527c2352 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=7fe42038b2691bddd58fdf8783c1b92c527c2352 commit 7fe42038b2691bddd58fdf8783c1b92c527c2352 Author: Kajetan Staszkiewicz AuthorDate: 2024-09-27 08:21:10 +0000 Commit: Kristof Provost CommitDate: 2024-09-27 12:29:20 +0000 pf: fix max-src-conn when rules are added via netlink Reviewed by: kp Differential Revision: https://reviews.freebsd.org/D46797 --- lib/libpfctl/libpfctl.c | 2 ++ sys/netpfil/pf/pf_nl.c | 2 ++ sys/netpfil/pf/pf_nl.h | 1 + 3 files changed, 5 insertions(+) diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index c8eeb913e912..36b83c480aa7 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -1233,6 +1233,7 @@ snl_add_msg_attr_pf_rule(struct snl_writer *nw, uint32_t type, const struct pfct snl_add_msg_attr_u32(nw, PF_RT_MAX_STATES, r->max_states); snl_add_msg_attr_u32(nw, PF_RT_MAX_SRC_NODES, r->max_src_nodes); snl_add_msg_attr_u32(nw, PF_RT_MAX_SRC_STATES, r->max_src_states); + snl_add_msg_attr_u32(nw, PF_RT_MAX_SRC_CONN, r->max_src_conn); snl_add_msg_attr_u32(nw, PF_RT_MAX_SRC_CONN_RATE_LIMIT, r->max_src_conn_rate.limit); snl_add_msg_attr_u32(nw, PF_RT_MAX_SRC_CONN_RATE_SECS, r->max_src_conn_rate.seconds); @@ -1658,6 +1659,7 @@ static struct snl_attr_parser ap_getrule[] = { { .type = PF_RT_SRC_NODES, .off = _OUT(r.src_nodes), .cb = snl_attr_get_uint64 }, { .type = PF_RT_ANCHOR_CALL, .off = _OUT(anchor_call), .arg = (void*)MAXPATHLEN, .cb = snl_attr_copy_string }, { .type = PF_RT_RCV_IFNAME, .off = _OUT(r.rcv_ifname), .arg = (void*)IFNAMSIZ, .cb = snl_attr_copy_string }, + { .type = PF_RT_MAX_SRC_CONN, .off = _OUT(r.max_src_conn), .cb = snl_attr_get_uint32 }, }; static struct snl_field_parser fp_getrule[] = {}; #undef _OUT diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c index 62d5972c4abb..ca90e0b5b140 100644 --- a/sys/netpfil/pf/pf_nl.c +++ b/sys/netpfil/pf/pf_nl.c @@ -731,6 +731,7 @@ static const struct nlattr_parser nla_p_rule[] = { { .type = PF_RT_DIVERT_ADDRESS, .off = _OUT(divert.addr), .cb = nlattr_get_in6_addr }, { .type = PF_RT_DIVERT_PORT, .off = _OUT(divert.port), .cb = nlattr_get_uint16 }, { .type = PF_RT_RCV_IFNAME, .off = _OUT(rcv_ifname), .arg = (void *)IFNAMSIZ, .cb = nlattr_get_chara }, + { .type = PF_RT_MAX_SRC_CONN, .off = _OUT(max_src_conn), .cb = nlattr_get_uint32 }, }; NL_DECLARE_ATTR_PARSER(rule_parser, nla_p_rule); #undef _OUT @@ -921,6 +922,7 @@ pf_handle_getrule(struct nlmsghdr *hdr, struct nl_pstate *npt) nlattr_add_u32(nw, PF_RT_MAX_STATES, rule->max_states); nlattr_add_u32(nw, PF_RT_MAX_SRC_NODES, rule->max_src_nodes); nlattr_add_u32(nw, PF_RT_MAX_SRC_STATES, rule->max_src_states); + nlattr_add_u32(nw, PF_RT_MAX_SRC_CONN, rule->max_src_conn); nlattr_add_u32(nw, PF_RT_MAX_SRC_CONN_RATE_LIMIT, rule->max_src_conn_rate.limit); nlattr_add_u32(nw, PF_RT_MAX_SRC_CONN_RATE_SECS, rule->max_src_conn_rate.seconds); diff --git a/sys/netpfil/pf/pf_nl.h b/sys/netpfil/pf/pf_nl.h index bd173c0137ce..acb4b31320c0 100644 --- a/sys/netpfil/pf/pf_nl.h +++ b/sys/netpfil/pf/pf_nl.h @@ -258,6 +258,7 @@ enum pf_rule_type_t { PF_RT_SRC_NODES = 71, /* u64 */ PF_RT_ANCHOR_CALL = 72, /* string */ PF_RT_RCV_IFNAME = 73, /* string */ + PF_RT_MAX_SRC_CONN = 74, /* u32 */ }; enum pf_addrule_type_t {