diff options
| author |   mpf <mpf@openbsd.org> | 2008-05-06 03:45:21 +0000 |
|---|---|---|
| committer | mpf <mpf@openbsd.org> | 2008-05-06 03:45:21 +0000 |
| commit | 95959bd1d5f2c50d6f23d886b22dc2fa88f9223f (patch) | |
| tree | da15c80c30eab73672c968c94e175e52874a7312 /sys/net/pf_ioctl.c | |
| parent | Labels in the sockaddr are stored like on the wire so shift and byte swap (diff) | |
| download | wireguard-openbsd-95959bd1d5f2c50d6f23d886b22dc2fa88f9223f.tar.xz wireguard-openbsd-95959bd1d5f2c50d6f23d886b22dc2fa88f9223f.zip | |
Add a counter to record how many states have been created by a rule.
It shows up in pfctl verbose mode and in the 7th field of the labels
output. Also remove the label printing for scrub rules, as they
do not support labels.
OK dhartmei@ (on an earlier version), henning@, mcbride@
Diffstat (limited to 'sys/net/pf_ioctl.c')
| -rw-r--r-- | sys/net/pf_ioctl.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 16032abb727..50b319a9b9f 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.194 2008/05/06 03:24:25 weingart Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.195 2008/05/06 03:45:22 mpf Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -309,7 +309,7 @@ void pf_rm_rule(struct pf_rulequeue *rulequeue, struct pf_rule *rule) { if (rulequeue != NULL) { - if (rule->states <= 0) { + if (rule->states_cur <= 0) { /* * XXX - we need to remove the table *before* detaching * the rule to make sure the table code does not delete @@ -325,7 +325,7 @@ pf_rm_rule(struct pf_rulequeue *rulequeue, struct pf_rule *rule) rule->nr = -1; } - if (rule->states > 0 || rule->src_nodes > 0 || + if (rule->states_cur > 0 || rule->src_nodes > 0 || rule->entries.tqe_prev != NULL) return; pf_tag_unref(rule->tag); @@ -1148,7 +1148,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) rule->kif = NULL; TAILQ_INIT(&rule->rpool.list); /* initialize refcounting */ - rule->states = 0; + rule->states_cur = 0; rule->src_nodes = 0; rule->entries.tqe_prev = NULL; #ifndef INET @@ -1335,6 +1335,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) rule->evaluations = 0; rule->packets[0] = rule->packets[1] = 0; rule->bytes[0] = rule->bytes[1] = 0; + rule->states_tot = 0; } break; } @@ -1395,7 +1396,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) newrule->cpid = p->p_pid; TAILQ_INIT(&newrule->rpool.list); /* initialize refcounting */ - newrule->states = 0; + newrule->states_cur = 0; newrule->entries.tqe_prev = NULL; #ifndef INET if (newrule->af == AF_INET) { @@ -1668,7 +1669,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) error = EEXIST; break; } - pf_default_rule.states++; + pf_default_rule.states_cur++; break; } |