diff options
| author |   henning <henning@openbsd.org> | 2007-02-09 11:20:39 +0000 |
|---|---|---|
| committer | henning <henning@openbsd.org> | 2007-02-09 11:20:39 +0000 |
| commit | 166ca96665e7687fad770902bb673e2bc8064145 (patch) | |
| tree | 6141e674414be2be14127b221431a78fe08f02d7 /sys/net | |
| parent | BUFFALO -> Buffalo; (diff) | |
| download | wireguard-openbsd-166ca96665e7687fad770902bb673e2bc8064145.tar.xz wireguard-openbsd-166ca96665e7687fad770902bb673e2bc8064145.zip | |
allow counters to be reset with DIOCGETRULES.
this allows an atomic read and reset counters, instead of read, reset in a
later ioctl and lose everything in between.
use the previously unused of pr->action. When it is set to PF_GET_CLR_CNTR,
the ioctl requires write permissions and counters are reset after they have
been copied out to userland.
obsoletes DIOCCLRRULECTRS, which only works for the main ruleset, but not
within anchors (yeah, that's how it all started)
ok dhartmei, mcbride and theo agree as well
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/pf_ioctl.c | 14 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 3 |
2 files changed, 14 insertions, 3 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index f41f6a93102..5e00fdc7dba 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.172 2006/11/20 14:25:11 mcbride Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.173 2007/02/09 11:20:39 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -935,7 +935,6 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) if (!(flags & FWRITE)) switch (cmd) { case DIOCGETRULES: - case DIOCGETRULE: case DIOCGETADDRS: case DIOCGETADDR: case DIOCGETSTATE: @@ -973,6 +972,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) break; /* dummy operation ok */ } return (EACCES); + case DIOCGETRULE: + if (((struct pfioc_rule *)addr)->action == PF_GET_CLR_CNTR) + return (EACCES); + break; default: return (EACCES); } @@ -1231,6 +1234,12 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) else pr->rule.skip[i].nr = rule->skip[i].ptr->nr; + + if (pr->action == PF_GET_CLR_CNTR) { + rule->evaluations = 0; + rule->packets[0] = rule->packets[1] = 0; + rule->bytes[0] = rule->bytes[1] = 0; + } break; } @@ -1811,6 +1820,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) } case DIOCCLRRULECTRS: { + /* obsoleted by DIOCGETRULE with action=PF_GET_CLR_CNTR */ struct pf_ruleset *ruleset = &pf_main_ruleset; struct pf_rule *rule; diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index b5f11fb9a0c..eea0d94d5d2 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.242 2006/12/13 05:10:15 itojun Exp $ */ +/* $OpenBSD: pfvar.h,v 1.243 2007/02/09 11:20:39 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -69,6 +69,7 @@ enum { PF_DEBUG_NONE, PF_DEBUG_URGENT, PF_DEBUG_MISC, PF_DEBUG_NOISY }; enum { PF_CHANGE_NONE, PF_CHANGE_ADD_HEAD, PF_CHANGE_ADD_TAIL, PF_CHANGE_ADD_BEFORE, PF_CHANGE_ADD_AFTER, PF_CHANGE_REMOVE, PF_CHANGE_GET_TICKET }; +enum { PF_GET_NONE, PF_GET_CLR_CNTR }; /* * Note about PFTM_*: real indices into pf_rule.timeout[] come before |