system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-09-06 01:01:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

pf: expose more syncookie state information to userspace

Browse source 
Allow userspace to retrieve low and high water marks, as well as the
current number of half open states.

MFC after:	1 week
Sponsored by:	Modirum MDPay

(cherry picked from commit a6173e9463)
This commit is contained in:
Kristof Provost 2023-11-06 22:20:32 +01:00
parent 1e14798049
commit 221a60a426
5 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
lib/libpfctl/libpfctl.c
View file

@ -1145,6 +1145,7 @@ pfctl_get_syncookies(int dev, struct pfctl_syncookies *s)
s->highwater = nvlist_get_number(nvl, "highwater") * 100 / state_limit;
s->lowwater = nvlist_get_number(nvl, "lowwater") * 100 / state_limit;
s->halfopen_states = nvlist_get_number(nvl, "halfopen_states");
nvlist_destroy(nvl);

1
lib/libpfctl/libpfctl.h
View file

@ -286,6 +286,7 @@ struct pfctl_syncookies {
enum pfctl_syncookies_mode mode;
uint8_t highwater; /* Percent */
uint8_t lowwater; /* Percent */
uint32_t halfopen_states;
};
struct pfctl_status* pfctl_get_status(int dev);

5
sbin/pfctl/pfctl_parser.c
View file

@ -627,6 +627,11 @@ print_status(struct pfctl_status *s, struct pfctl_syncookies *cookies, int opts)
PFCTL_SYNCOOKIES_MODE_NAMES[cookies->mode]);
printf(" %-25s %s\n", "active",
s->syncookies_active ? "active" : "inactive");
if (opts & PF_OPT_VERBOSE2) {
printf(" %-25s %d %%\n", "highwater", cookies->highwater);
printf(" %-25s %d %%\n", "lowwater", cookies->lowwater);
printf(" %-25s %d\n", "halfopen states", cookies->halfopen_states);
}
}
}

1
sys/netpfil/pf/pf_ioctl.c
View file

@ -4979,6 +4979,7 @@ pf_getstatus(struct pfioc_nv *nv)
nvlist_add_number(nvl, "src_nodes", V_pf_status.src_nodes);
nvlist_add_bool(nvl, "syncookies_active",
V_pf_status.syncookies_active);
nvlist_add_number(nvl, "halfopen_states", V_pf_status.states_halfopen);
/* counters */
error = pf_add_status_counters(nvl, "counters", V_pf_status.counters,

2
sys/netpfil/pf/pf_syncookies.c
View file

@ -155,6 +155,8 @@ pf_get_syncookies(struct pfioc_nv *nv)
V_pf_status.syncookies_mode == PF_SYNCOOKIES_ADAPTIVE);
nvlist_add_number(nvl, "highwater", V_pf_syncookie_status.hiwat);
nvlist_add_number(nvl, "lowwater", V_pf_syncookie_status.lowat);
nvlist_add_number(nvl, "halfopen_states",
atomic_load_32(&V_pf_status.states_halfopen));
nvlpacked = nvlist_pack(nvl, &nv->len);
if (nvlpacked == NULL)