diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2023-12-21 17:20:37 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2023-12-21 18:21:17 +0000 |
| commit | 881bf8814a250477850b83ee6ebbb052303051c8 (patch) | |
| tree | e4ba7ee183e8f5d81b893118eb7687fafeacfb0b | |
| parent | 330089470f56d502c629352b85e11522691e3368 (diff) | |
| download | src-881bf8814a250477850b83ee6ebbb052303051c8.tar.gz src-881bf8814a250477850b83ee6ebbb052303051c8.zip | |
pf: export missing state information
We did not export all of the information pfctl expected to print via the
new netlink code. This manifested as pfctl printing 'rtableid: 0', even
when there is no rtable set.
While we're addressing that also export other missing fields such as
dummynet, min_ttl, max_mss, ..
Sponsored by: Rubicon Communications, LLC ("Netgate")
| -rw-r--r-- | lib/libpfctl/libpfctl.c | 7 | ||||
| -rw-r--r-- | sys/netpfil/pf/pf_nl.c | 8 | ||||
| -rw-r--r-- | sys/netpfil/pf/pf_nl.h | 7 |
3 files changed, 22 insertions, 0 deletions
diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index 10a63f15e2f8..f915072c4ea1 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -1386,6 +1386,13 @@ static struct snl_attr_parser ap_state[] = { { .type = PF_ST_LOG, .off = _OUT(log), .cb = snl_attr_get_uint8 }, { .type = PF_ST_STATE_FLAGS, .off = _OUT(state_flags), .cb = snl_attr_get_uint16 }, { .type = PF_ST_SYNC_FLAGS, .off = _OUT(sync_flags), .cb = snl_attr_get_uint8 }, + { .type = PF_ST_RTABLEID, .off = _OUT(rtableid), .cb = snl_attr_get_int32 }, + { .type = PF_ST_MIN_TTL, .off = _OUT(min_ttl), .cb = snl_attr_get_uint8 }, + { .type = PF_ST_MAX_MSS, .off = _OUT(max_mss), .cb = snl_attr_get_uint16 }, + { .type = PF_ST_DNPIPE, .off = _OUT(dnpipe), .cb = snl_attr_get_uint16 }, + { .type = PF_ST_DNRPIPE, .off = _OUT(dnrpipe), .cb = snl_attr_get_uint16 }, + { .type = PF_ST_RT, .off = _OUT(rt), .cb = snl_attr_get_uint8 }, + { .type = PF_ST_RT_IFNAME, .off = _OUT(rt_ifname), .cb = snl_attr_store_ifname }, }; static struct snl_field_parser fp_state[] = { }; diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c index 67a7392ae448..8fe12f3762b9 100644 --- a/sys/netpfil/pf/pf_nl.c +++ b/sys/netpfil/pf/pf_nl.c @@ -194,6 +194,14 @@ dump_state(struct nlpcb *nlp, const struct nlmsghdr *hdr, struct pf_kstate *s, nlattr_add_u64(nw, PF_ST_PACKETS1, s->packets[1]); nlattr_add_u64(nw, PF_ST_BYTES0, s->bytes[0]); nlattr_add_u64(nw, PF_ST_BYTES1, s->bytes[1]); + nlattr_add_u32(nw, PF_ST_RTABLEID, s->act.rtableid); + nlattr_add_u8(nw, PF_ST_MIN_TTL, s->act.min_ttl); + nlattr_add_u16(nw, PF_ST_MAX_MSS, s->act.max_mss); + nlattr_add_u16(nw, PF_ST_DNPIPE, s->act.dnpipe); + nlattr_add_u16(nw, PF_ST_DNRPIPE, s->act.dnrpipe); + nlattr_add_u8(nw, PF_ST_RT, s->rt); + if (s->rt_kif != NULL) + nlattr_add_string(nw, PF_ST_RT_IFNAME, s->rt_kif->pfik_name); if (!dump_state_peer(nw, PF_ST_PEER_SRC, &s->src)) goto enomem; diff --git a/sys/netpfil/pf/pf_nl.h b/sys/netpfil/pf/pf_nl.h index 3ae77ffd3790..d8b494a54cf7 100644 --- a/sys/netpfil/pf/pf_nl.h +++ b/sys/netpfil/pf/pf_nl.h @@ -100,6 +100,13 @@ enum pfstate_type_t { PF_ST_VERSION = 28, /* u64 */ PF_ST_FILTER_ADDR = 29, /* in6_addr */ PF_ST_FILTER_MASK = 30, /* in6_addr */ + PF_ST_RTABLEID = 31, /* i32 */ + PF_ST_MIN_TTL = 32, /* u8 */ + PF_ST_MAX_MSS = 33, /* u16 */ + PF_ST_DNPIPE = 34, /* u16 */ + PF_ST_DNRPIPE = 35, /* u16 */ + PF_ST_RT = 36, /* u8 */ + PF_ST_RT_IFNAME = 37, /* string */ }; enum pf_addr_type_t { |