git: 80078d9d38fd - main - pfctl: use libpfctl to retrieve pf status

Kristof Provost kp at FreeBSD.org
Sun Aug 29 13:27:02 UTC 2021


The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=80078d9d38fde6f146de28809640b2c7bff45a6c

commit 80078d9d38fde6f146de28809640b2c7bff45a6c
Author:     Kristof Provost <kp at FreeBSD.org>
AuthorDate: 2021-08-26 15:09:48 +0000
Commit:     Kristof Provost <kp at FreeBSD.org>
CommitDate: 2021-08-29 12:59:38 +0000

    pfctl: use libpfctl to retrieve pf status
    
    Rather than call DIOCGETSTATUS ourselves use the new libpfctl functions.
    
    MFC after:      1 week
    Sponsored by:   Modirum MDPay
    Differential Revision:  https://reviews.freebsd.org/D31697
---
 sbin/pfctl/pfctl.c        | 20 +++++++++++++-------
 sbin/pfctl/pfctl_parser.c | 46 ++++++++++++++++++----------------------------
 sbin/pfctl/pfctl_parser.h |  4 ++--
 3 files changed, 33 insertions(+), 37 deletions(-)

diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 016075058b21..8f3698e398f6 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1307,35 +1307,41 @@ pfctl_show_states(int dev, const char *iface, int opts)
 int
 pfctl_show_status(int dev, int opts)
 {
-	struct pf_status	status;
+	struct pfctl_status	*status;
 	struct pfctl_syncookies	cookies;
 
-	if (ioctl(dev, DIOCGETSTATUS, &status)) {
+	if ((status = pfctl_get_status(dev)) == NULL) {
 		warn("DIOCGETSTATUS");
 		return (-1);
 	}
 	if (pfctl_get_syncookies(dev, &cookies)) {
+		pfctl_free_status(status);
 		warn("DIOCGETSYNCOOKIES");
 		return (-1);
 	}
 	if (opts & PF_OPT_SHOWALL)
 		pfctl_print_title("INFO:");
-	print_status(&status, &cookies, opts);
+	print_status(status, &cookies, opts);
+	pfctl_free_status(status);
 	return (0);
 }
 
 int
 pfctl_show_running(int dev)
 {
-	struct pf_status status;
+	struct pfctl_status *status;
+	int running;
 
-	if (ioctl(dev, DIOCGETSTATUS, &status)) {
+	if ((status = pfctl_get_status(dev)) == NULL) {
 		warn("DIOCGETSTATUS");
 		return (-1);
 	}
 
-	print_running(&status);
-	return (!status.running);
+	running = status->running;
+
+	print_running(status);
+	pfctl_free_status(status);
+	return (!running);
 }
 
 int
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index 8991073ec693..e9a227630f28 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -60,6 +60,7 @@ __FBSDID("$FreeBSD$");
 #include <errno.h>
 #include <err.h>
 #include <ifaddrs.h>
+#include <inttypes.h>
 #include <unistd.h>
 
 #include "pfctl_parser.h"
@@ -497,8 +498,9 @@ const char	* const pf_fcounters[FCNT_MAX+1] = FCNT_NAMES;
 const char	* const pf_scounters[FCNT_MAX+1] = FCNT_NAMES;
 
 void
-print_status(struct pf_status *s, struct pfctl_syncookies *cookies, int opts)
+print_status(struct pfctl_status *s, struct pfctl_syncookies *cookies, int opts)
 {
+	struct pfctl_status_counter	*c;
 	char			statline[80], *running;
 	time_t			runtime;
 	int			i;
@@ -574,56 +576,44 @@ print_status(struct pf_status *s, struct pfctl_syncookies *cookies, int opts)
 		    (unsigned long long)s->pcounters[1][1][PF_DROP]);
 	}
 	printf("%-27s %14s %16s\n", "State Table", "Total", "Rate");
-	printf("  %-25s %14u %14s\n", "current entries", s->states, "");
-	for (i = 0; i < FCNT_MAX; i++) {
-		printf("  %-25s %14llu ", pf_fcounters[i],
-			    (unsigned long long)s->fcounters[i]);
+	printf("  %-25s %14" PRIu64 " %14s\n", "current entries", s->states, "");
+	TAILQ_FOREACH(c, &s->fcounters, entry) {
+		printf("  %-25s %14lu ", c->name, c->counter);
 		if (runtime > 0)
 			printf("%14.1f/s\n",
-			    (double)s->fcounters[i] / (double)runtime);
+			    (double)c->counter / (double)runtime);
 		else
 			printf("%14s\n", "");
 	}
 	if (opts & PF_OPT_VERBOSE) {
 		printf("Source Tracking Table\n");
-		printf("  %-25s %14u %14s\n", "current entries",
+		printf("  %-25s %14" PRIu64 " %14s\n", "current entries",
 		    s->src_nodes, "");
-		for (i = 0; i < SCNT_MAX; i++) {
-			printf("  %-25s %14lld ", pf_scounters[i],
-#ifdef __FreeBSD__
-				    (long long)s->scounters[i]);
-#else
-				    s->scounters[i]);
-#endif
+		TAILQ_FOREACH(c, &s->scounters, entry) {
+			printf("  %-25s %14lu ", c->name, c->counter);
 			if (runtime > 0)
 				printf("%14.1f/s\n",
-				    (double)s->scounters[i] / (double)runtime);
+				    (double)c->counter / (double)runtime);
 			else
 				printf("%14s\n", "");
 		}
 	}
 	printf("Counters\n");
-	for (i = 0; i < PFRES_MAX; i++) {
-		printf("  %-25s %14llu ", pf_reasons[i],
-		    (unsigned long long)s->counters[i]);
+	TAILQ_FOREACH(c, &s->counters, entry) {
+		printf("  %-25s %14" PRIu64 " ", c->name, c->counter);
 		if (runtime > 0)
 			printf("%14.1f/s\n",
-			    (double)s->counters[i] / (double)runtime);
+			    (double)c->counter / (double)runtime);
 		else
 			printf("%14s\n", "");
 	}
 	if (opts & PF_OPT_VERBOSE) {
 		printf("Limit Counters\n");
-		for (i = 0; i < LCNT_MAX; i++) {
-			printf("  %-25s %14lld ", pf_lcounters[i],
-#ifdef __FreeBSD__
-				    (unsigned long long)s->lcounters[i]);
-#else
-				    s->lcounters[i]);
-#endif
+		TAILQ_FOREACH(c, &s->lcounters, entry) {
+			printf("  %-25s %14" PRIu64 " ", c->name, c->counter);
 			if (runtime > 0)
 				printf("%14.1f/s\n",
-				    (double)s->lcounters[i] / (double)runtime);
+				    (double)c->counter / (double)runtime);
 			else
 				printf("%14s\n", "");
 		}
@@ -636,7 +626,7 @@ print_status(struct pf_status *s, struct pfctl_syncookies *cookies, int opts)
 }
 
 void
-print_running(struct pf_status *status)
+print_running(struct pfctl_status *status)
 {
 	printf("%s\n", status->running ? "Enabled" : "Disabled");
 }
diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h
index 0c64238ecefa..12a66e1ae710 100644
--- a/sbin/pfctl/pfctl_parser.h
+++ b/sbin/pfctl/pfctl_parser.h
@@ -279,8 +279,8 @@ void	print_pool(struct pfctl_pool *, u_int16_t, u_int16_t, sa_family_t, int);
 void	print_src_node(struct pf_src_node *, int);
 void	print_rule(struct pfctl_rule *, const char *, int, int);
 void	print_tabledef(const char *, int, int, struct node_tinithead *);
-void	print_status(struct pf_status *, struct pfctl_syncookies *, int);
-void	print_running(struct pf_status *);
+void	print_status(struct pfctl_status *, struct pfctl_syncookies *, int);
+void	print_running(struct pfctl_status *);
 
 int	eval_pfaltq(struct pfctl *, struct pf_altq *, struct node_queue_bw *,
 	    struct node_queue_opt *);


More information about the dev-commits-src-main mailing list