src/usr.sbin/bsnmpd/modules/snmp_pf, branch main FreeBSD source tree snmp_pf: remove errno usage after pfctl_get_status_h change 2025-12-26T10:50:37+00:00 Simon Wollwage rootnode+freebsd@wollwage.com 2025-12-26T10:47:26+00:00 eaa424e3bde88f005c91f87a799c1905f1a5ebf5 pfctl_get_status_h() does not set errno, so don't log it. PR: 291936 Reviewed by: kp 
pfctl_get_status_h() does not set errno, so don't log it.

PR:		291936
Reviewed by:	kp
snmp_pf: fix refresh 2025-12-18T13:39:27+00:00 Kristof Provost kp@FreeBSD.org 2025-12-17T13:22:05+00:00 a862e4b5a27c356e2584ee74fd9e211c18b1b125 Some refresh functions had two layers of 'do we need to refresh now?' checks, leading to inconsistent refreshes. Consolidate them. PR: 291725 Sponsored by: Rubicon Communications, LLC ("Netgate") 
Some refresh functions had two layers of 'do we need to refresh now?'
checks, leading to inconsistent refreshes.
Consolidate them.

PR:		291725
Sponsored by:	Rubicon Communications, LLC ("Netgate")
snmp_pf: use the libpfctl wrapper to retrieve astats 2025-12-05T12:24:52+00:00 Kristof Provost kp@FreeBSD.org 2025-12-05T10:23:45+00:00 f6aa57c86b6239e1f8c8ff50f28c9d0ed1af2ce3 Extend the test case to verify this works as expected. Sponsored by: Rubicon Communications, LLC ("Netgate") 
Extend the test case to verify this works as expected.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
snmp_pf: fix pfInterfacesIfRefsState 2025-03-20T04:29:53+00:00 Kristof Provost kp@FreeBSD.org 2025-03-19T06:08:55+00:00 712309a64512c7e4ebf0e10de8a5c59d5a185ae8 pfInterfacesIfRefsState was described as 'Null', which upset bsnmpwalk's attempt to resolve OIDs to symbolic names: > bsnmpwalk: Error adding leaf pfInterfacesIfRefsState to list This was done back in d6d3f01e0a339, because we don't return this value any more. Return it to 'Unsigned32', which fixes things, even if we still don't actually return this value. While here update the ORGANIZATION to reflect current ownership. Reviewed by: philip MFC after: 2 weeks Event: Tokyo Hackathon 202503 Differential Revision: https://reviews.freebsd.org/D49413 
pfInterfacesIfRefsState was described as 'Null', which upset bsnmpwalk's attempt
to resolve OIDs to symbolic names:

> bsnmpwalk: Error adding leaf pfInterfacesIfRefsState to list

This was done back in d6d3f01e0a339, because we don't return this value any
more. Return it to 'Unsigned32', which fixes things, even if we still don't
actually return this value.

While here update the ORGANIZATION to reflect current ownership.

Reviewed by:	philip
MFC after:	2 weeks
Event:		Tokyo Hackathon 202503
Differential Revision:	https://reviews.freebsd.org/D49413
pf: convert DIOCRGETTSTATS to netlink 2025-03-20T04:29:53+00:00 Kristof Provost kp@FreeBSD.org 2025-03-06T15:57:06+00:00 9e8d2962aad3af9bf1acd328a047f4745bb31086 Sponsored by: Rubicon Communications, LLC ("Netgate") 
Sponsored by:	Rubicon Communications, LLC ("Netgate")
snmp_pf: fix rules->label use 2025-02-21T08:49:06+00:00 Kristof Provost kp@FreeBSD.org 2025-02-21T08:49:06+00:00 08d01204175dae496742e9ccd570363b267284e8 We now support multiple lables on a rule, so 'rule' is an array of strings, not just one string. Adjust the check for 'is there a label?'. CID: 1471808 Sponsored by: Rubicon Communications, LLC ("Netgate") 
We now support multiple lables on a rule, so 'rule' is an array of strings, not
just one string. Adjust the check for 'is there a label?'.

CID:		1471808
Sponsored by:	Rubicon Communications, LLC ("Netgate")
snmp_pf: address Coverity remarks about time_t 2025-02-21T08:25:57+00:00 Kristof Provost kp@FreeBSD.org 2025-02-21T08:25:57+00:00 207f938bc56338e6ff41e10b16610a236e1c6270 On most platforms time_t is 64 bits wide, but we assign it to 32 bits variables. Unfortunately these are SNMP fields that are defined to be 32 bits wide, so we cannot change this. We are similarly unable to prevent the passage of time, meaning that time_t must remain 64 bits wide as well. Explicitly cast to tell Coverity that we're aware of these limitations and do not wish to be reminded of them. CID: 1553869 CID: 1557025 CID: 1592232 CID: 1592234 Sponsored by: Rubicon Communications, LLC ("Netgate") 
On most platforms time_t is 64 bits wide, but we assign it to 32 bits
variables. Unfortunately these are SNMP fields that are defined to be 32 bits
wide, so we cannot change this. We are similarly unable to prevent the passage
of time, meaning that time_t must remain 64 bits wide as well.

Explicitly cast to tell Coverity that we're aware of these limitations and do
not wish to be reminded of them.

CID:		1553869
CID:		1557025
CID:		1592232
CID:		1592234
Sponsored by:	Rubicon Communications, LLC ("Netgate")
pf: migrate DIOCGETLIMIT/DIOCSETLIMIT to netlink 2024-06-07T18:59:02+00:00 Kristof Provost kp@FreeBSD.org 2024-06-07T01:08:50+00:00 d9ab8999313845e87c67532437a0441d9cd57e72 Event: Kitchener-Waterloo Hackathon 202406 
Event:		Kitchener-Waterloo Hackathon 202406
libpfctl: add pfctl_get_rule_h() 2024-05-28T20:27:22+00:00 Kristof Provost kp@FreeBSD.org 2024-05-24T11:15:12+00:00 cd2054d48bc6d16edb0fdb84a7e4006620883c1e Add a handle variant of pfctl_get_rule(). This converts us from using the nvlist variant to the netlink variant, and also moves us closer to a world where all libpfctl functions take the handle. While here have pfctl use the new function. Sponsored by: Rubicon Communications, LLC ("Netgate") 
Add a handle variant of pfctl_get_rule(). This converts us from using
the nvlist variant to the netlink variant, and also moves us closer to a
world where all libpfctl functions take the handle.

While here have pfctl use the new function.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
libpfctl: fix file descriptor leak 2024-05-09T12:07:07+00:00 Kristof Provost kp@FreeBSD.org 2024-05-09T11:52:22+00:00 f1612e7087d7c3df766ff0bf58c48d02fb0e2f6d pfctl_get_rules_info() opened a netlink socket, but failed to close it again. Fix this by factoring out the netlink-based function into a _h variant that takes struct pfctl_handle, and implement pfctl_get_rules_info() based on that, remembering to close the fd. While here migrate all in-tree consumers to the _h variant. MFC after: 3 days Sponsored by: Rubicon Communications, LLC ("Netgate") 
pfctl_get_rules_info() opened a netlink socket, but failed to close it again.
Fix this by factoring out the netlink-based function into a _h variant that
takes struct pfctl_handle, and implement pfctl_get_rules_info() based on that,
remembering to close the fd.

While here migrate all in-tree consumers to the _h variant.

MFC after:	3 days
Sponsored by:	Rubicon Communications, LLC ("Netgate")