The branch stable/12 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=9f283b1ca6df02e798f51d4d891b0d34446d2fcc
commit 9f283b1ca6df02e798f51d4d891b0d34446d2fcc Author: Kristof Provost <[email protected]> AuthorDate: 2021-04-12 15:23:33 +0000 Commit: Kristof Provost <[email protected]> CommitDate: 2021-05-07 08:16:02 +0000 pfctl: Fix clearing rules counters After the migration to libpfctl for rule retrieval we accidentally lost support for clearing the rules counters. Introduce a get_clear variant of pfctl_get_rule() which allows rules counters to be cleared. MFC after: 4 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D29727 (cherry picked from commit 4eabfe468b6e80a0823523d83dc908c27ec823c7) --- lib/libpfctl/libpfctl.c | 11 +++++++++++ lib/libpfctl/libpfctl.h | 3 +++ sbin/pfctl/pfctl.c | 10 ++++------ 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index a487e5a20018..6d5397cb64b2 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -483,6 +483,14 @@ pfctl_add_rule(int dev, const struct pfctl_rule *r, const char *anchor, int pfctl_get_rule(int dev, u_int32_t nr, u_int32_t ticket, const char *anchor, u_int32_t ruleset, struct pfctl_rule *rule, char *anchor_call) +{ + return (pfctl_get_clear_rule(dev, nr, ticket, anchor, ruleset, rule, + anchor_call, false)); +} + +int pfctl_get_clear_rule(int dev, u_int32_t nr, u_int32_t ticket, + const char *anchor, u_int32_t ruleset, struct pfctl_rule *rule, + char *anchor_call, bool clear) { struct pfioc_nv nv; nvlist_t *nvl; @@ -498,6 +506,9 @@ pfctl_get_rule(int dev, u_int32_t nr, u_int32_t ticket, const char *anchor, nvlist_add_string(nvl, "anchor", anchor); nvlist_add_number(nvl, "ruleset", ruleset); + if (clear) + nvlist_add_bool(nvl, "clear_counter", true); + nvlpacked = nvlist_pack(nvl, &nv.len); if (nvlpacked == NULL) { nvlist_destroy(nvl); diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h index bc27c18cfbb6..38108de769f4 100644 --- a/lib/libpfctl/libpfctl.h +++ b/lib/libpfctl/libpfctl.h @@ -181,6 +181,9 @@ RB_PROTOTYPE(pfctl_anchor_node, pfctl_anchor, entry_node, int pfctl_get_rule(int dev, u_int32_t nr, u_int32_t ticket, const char *anchor, u_int32_t ruleset, struct pfctl_rule *rule, char *anchor_call); +int pfctl_get_clear_rule(int dev, u_int32_t nr, u_int32_t ticket, + const char *anchor, u_int32_t ruleset, struct pfctl_rule *rule, + char *anchor_call, bool clear); int pfctl_add_rule(int dev, const struct pfctl_rule *r, const char *anchor, const char *anchor_call, u_int32_t ticket, u_int32_t pool_ticket); diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index 879fc876826c..9f6b3d2e36ea 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -949,13 +949,11 @@ pfctl_show_rules(int dev, char *path, int opts, enum pfctl_show format, pfctl_print_title("LABEL COUNTERS:"); } mnr = pr.nr; - if (opts & PF_OPT_CLRRULECTRS) - pr.action = PF_GET_CLR_CNTR; for (nr = 0; nr < mnr; ++nr) { pr.nr = nr; - if (pfctl_get_rule(dev, nr, pr.ticket, path, PF_SCRUB, - &rule, pr.anchor_call)) { + if (pfctl_get_clear_rule(dev, nr, pr.ticket, path, PF_SCRUB, + &rule, pr.anchor_call, opts & PF_OPT_CLRRULECTRS)) { warn("DIOCGETRULENV"); goto error; } @@ -987,8 +985,8 @@ pfctl_show_rules(int dev, char *path, int opts, enum pfctl_show format, mnr = pr.nr; for (nr = 0; nr < mnr; ++nr) { pr.nr = nr; - if (pfctl_get_rule(dev, nr, pr.ticket, path, PF_PASS, - &rule, pr.anchor_call)) { + if (pfctl_get_clear_rule(dev, nr, pr.ticket, path, PF_PASS, + &rule, pr.anchor_call, opts & PF_OPT_CLRRULECTRS)) { warn("DIOCGETRULE"); goto error; } _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all To unsubscribe, send any mail to "[email protected]"
