d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pfctl: use libpfctl to retrieve pf status

Browse Source 
Rather than call DIOCGETSTATUS ourselves use the new libpfctl functions.

MFC after:	1 week
Sponsored by:	Modirum MDPay
Differential Revision:	https://reviews.freebsd.org/D31697
This commit is contained in:
Kristof Provost 2021-08-26 17:09:48 +02:00
parent 46fb68b1de
commit 80078d9d38
3 changed files with 33 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
sbin/pfctl/pfctl.c
View File

@ -1307,35 +1307,41 @@ pfctl_show_states(int dev, const char *iface, int opts)
int
pfctl_show_status(int dev, int opts)
{
struct pf_status status;
struct pfctl_status *status;
struct pfctl_syncookies cookies;
if (ioctl(dev, DIOCGETSTATUS, &status)) {
if ((status = pfctl_get_status(dev)) == NULL) {
warn("DIOCGETSTATUS");
return (-1);
}
if (pfctl_get_syncookies(dev, &cookies)) {
pfctl_free_status(status);
warn("DIOCGETSYNCOOKIES");
return (-1);
}
if (opts & PF_OPT_SHOWALL)
pfctl_print_title("INFO:");
print_status(&status, &cookies, opts);
print_status(status, &cookies, opts);
pfctl_free_status(status);
return (0);
}
int
pfctl_show_running(int dev)
{
struct pf_status status;
struct pfctl_status *status;
int running;
if (ioctl(dev, DIOCGETSTATUS, &status)) {
if ((status = pfctl_get_status(dev)) == NULL) {
warn("DIOCGETSTATUS");
return (-1);
}
print_running(&status);
return (!status.running);
running = status->running;
print_running(status);
pfctl_free_status(status);
return (!running);
}
int

46
sbin/pfctl/pfctl_parser.c
View File

@ -60,6 +60,7 @@ __FBSDID("$FreeBSD$");
#include <errno.h>
#include <err.h>
#include <ifaddrs.h>
#include <inttypes.h>
#include <unistd.h>
#include "pfctl_parser.h"
@ -497,8 +498,9 @@ const char * const pf_fcounters[FCNT_MAX+1] = FCNT_NAMES;
const char * const pf_scounters[FCNT_MAX+1] = FCNT_NAMES;
void
print_status(struct pf_status *s, struct pfctl_syncookies *cookies, int opts)
print_status(struct pfctl_status *s, struct pfctl_syncookies *cookies, int opts)
{
struct pfctl_status_counter *c;
char statline[80], *running;
time_t runtime;
int i;
@ -574,56 +576,44 @@ print_status(struct pf_status *s, struct pfctl_syncookies *cookies, int opts)
(unsigned long long)s->pcounters[1][1][PF_DROP]);
}
printf("%-27s %14s %16s\n", "State Table", "Total", "Rate");
printf(" %-25s %14u %14s\n", "current entries", s->states, "");
for (i = 0; i < FCNT_MAX; i++) {
printf(" %-25s %14llu ", pf_fcounters[i],
(unsigned long long)s->fcounters[i]);
printf(" %-25s %14" PRIu64 " %14s\n", "current entries", s->states, "");
TAILQ_FOREACH(c, &s->fcounters, entry) {
printf(" %-25s %14lu ", c->name, c->counter);
if (runtime > 0)
printf("%14.1f/s\n",
(double)s->fcounters[i] / (double)runtime);
(double)c->counter / (double)runtime);
else
printf("%14s\n", "");
}
if (opts & PF_OPT_VERBOSE) {
printf("Source Tracking Table\n");
printf(" %-25s %14u %14s\n", "current entries",
printf(" %-25s %14" PRIu64 " %14s\n", "current entries",
s->src_nodes, "");
for (i = 0; i < SCNT_MAX; i++) {
printf(" %-25s %14lld ", pf_scounters[i],
#ifdef __FreeBSD__
(long long)s->scounters[i]);
#else
s->scounters[i]);
#endif
TAILQ_FOREACH(c, &s->scounters, entry) {
printf(" %-25s %14lu ", c->name, c->counter);
if (runtime > 0)
printf("%14.1f/s\n",
(double)s->scounters[i] / (double)runtime);
(double)c->counter / (double)runtime);
else
printf("%14s\n", "");
}
}
printf("Counters\n");
for (i = 0; i < PFRES_MAX; i++) {
printf(" %-25s %14llu ", pf_reasons[i],
(unsigned long long)s->counters[i]);
TAILQ_FOREACH(c, &s->counters, entry) {
printf(" %-25s %14" PRIu64 " ", c->name, c->counter);
if (runtime > 0)
printf("%14.1f/s\n",
(double)s->counters[i] / (double)runtime);
(double)c->counter / (double)runtime);
else
printf("%14s\n", "");
}
if (opts & PF_OPT_VERBOSE) {
printf("Limit Counters\n");
for (i = 0; i < LCNT_MAX; i++) {
printf(" %-25s %14lld ", pf_lcounters[i],
#ifdef __FreeBSD__
(unsigned long long)s->lcounters[i]);
#else
s->lcounters[i]);
#endif
TAILQ_FOREACH(c, &s->lcounters, entry) {
printf(" %-25s %14" PRIu64 " ", c->name, c->counter);
if (runtime > 0)
printf("%14.1f/s\n",
(double)s->lcounters[i] / (double)runtime);
(double)c->counter / (double)runtime);
else
printf("%14s\n", "");
}
@ -636,7 +626,7 @@ print_status(struct pf_status *s, struct pfctl_syncookies *cookies, int opts)
}
void
print_running(struct pf_status *status)
print_running(struct pfctl_status *status)
{
printf("%s\n", status->running ? "Enabled" : "Disabled");
}

4
sbin/pfctl/pfctl_parser.h
View File

@ -279,8 +279,8 @@ void print_pool(struct pfctl_pool *, u_int16_t, u_int16_t, sa_family_t, int);
void print_src_node(struct pf_src_node *, int);
void print_rule(struct pfctl_rule *, const char *, int, int);
void print_tabledef(const char *, int, int, struct node_tinithead *);
void print_status(struct pf_status *, struct pfctl_syncookies *, int);
void print_running(struct pf_status *);
void print_status(struct pfctl_status *, struct pfctl_syncookies *, int);
void print_running(struct pfctl_status *);
int eval_pfaltq(struct pfctl *, struct pf_altq *, struct node_queue_bw *,
struct node_queue_opt *);