Attachment #255466 for bug #282984

Lines 24-30 Link Here

(-)b/sbin/pfctl/pfctl.8 (-1 / +3 lines)
24	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	24	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	25	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26	.\"	26	.\"
27	.Dd July 23, 2024	27	.Dd November 25, 2024
28	.Dt PFCTL 8	28	.Dt PFCTL 8
29	.Os	29	.Os
30	.Sh NAME	30	.Sh NAME
Lines 501-508 Automatically create a nonexisting table. Link Here
501	Show the content (addresses) of a table.	501	Show the content (addresses) of a table.
502	.It Fl T Cm test	502	.It Fl T Cm test
503	Test if the given addresses match a table.	503	Test if the given addresses match a table.
504	.It Fl T Cm zero Op Ar address ...	504	.It Fl T Cm zero Op Ar address ...
505	Clear all the statistics of a table, or only for specified addresses.	505	Clear all the statistics of a table, or only for specified addresses.
		506	.It Fl T Cm makezero
		507	Clear the statistics only for the addresses having non-zero counters.
506	.It Fl T Cm load	508	.It Fl T Cm load
507	Load only the table definitions from	509	Load only the table definitions from
508	.Xr pf.conf 5 .	510	.Xr pf.conf 5 .

Lines 238-244 static const char * const showopt_list[] = { Link Here

(-)b/sbin/pfctl/pfctl.c (-2 / +2 lines)
238		238
239	static const char * const tblcmdopt_list[] = {	239	static const char * const tblcmdopt_list[] = {
240	"kill", "flush", "add", "delete", "load", "replace", "show",	240	"kill", "flush", "add", "delete", "load", "replace", "show",
241	"test", "zero", "expire", NULL	241	"test", "zero", "expire", "makezero", NULL
242	};	242	};
243		243
244	static const char * const debugopt_list[] = {	244	static const char * const debugopt_list[] = {
Lines 3027-3033 main(int argc, char *argv[]) Link Here
3027	loadopt \|= PFCTL_FLAG_TABLE;	3027	loadopt \|= PFCTL_FLAG_TABLE;
3028	tblcmdopt = NULL;	3028	tblcmdopt = NULL;
3029	} else	3029	} else
3030	mode = strchr("acdefkrz", ch) ? O_RDWR : O_RDONLY;	3030	mode = strchr("acdefkmrz", ch) ? O_RDWR : O_RDONLY;
3031	} else if (argc != optind) {	3031	} else if (argc != optind) {
3032	warnx("unknown command line argument: %s ...", argv[optind]);	3032	warnx("unknown command line argument: %s ...", argv[optind]);
3033	usage();	3033	usage();




static void	print_tstats(struct pfr_tstats *, int);
static int	load_addr(struct pfr_buffer *, int, char *[], char *, int);
static void	print_addrx(struct pfr_addr *, struct pfr_addr *, int);
static int 	nonzero_astats(struct pfr_astats *);
static void	print_astats(struct pfr_astats *, int);
static void	radix_perror(void);
static void	xprintf(int, const char *, ...);

				if ((opts & PF_OPT_VERBOSE2) || a->pfra_fback)
					print_addrx(a, NULL,
					    opts & PF_OPT_USEDNS);
	} else if (!strcmp(command, "makezero")) {
		struct pfr_astats 	*as;
		b.pfrb_type = PFRB_ASTATS;
		b2.pfrb_type = PFRB_ADDRS;

		if (argc || file != NULL)
			usage();

		do {
			pfr_buf_grow(&b, b.pfrb_size);
			b.pfrb_size = b.pfrb_msize;
			RVTEST(pfr_get_astats(&table, b.pfrb_caddr,
			    &b.pfrb_size, flags));
		} while (b.pfrb_size > b.pfrb_msize);

		PFRB_FOREACH(as, &b)
			if (nonzero_astats(as))
				if (pfr_buf_add(&b2, &as->pfras_a))
					err(1, "duplicate buffer");

		if (opts & PF_OPT_VERBOSE)
			flags |= PFR_FLAG_FEEDBACK;
		if (b2.pfrb_size)
			RVTEST(pfr_clr_astats(&table, b2.pfrb_caddr,
			    b2.pfrb_size, &nzero, flags));
		else
			nzero = 0;
		xprintf(opts, "%d/%d addresses cleared", nzero, b.pfrb_size);
		if (opts & PF_OPT_VERBOSE)
			PFRB_FOREACH(a, &b2)
				if (opts & PF_OPT_VERBOSE2 ||
				    a->pfra_fback != PFR_FB_NONE)
					print_addrx(a, NULL,
					    opts & PF_OPT_USEDNS);
	} else if (!strcmp(command, "show")) {
		b.pfrb_type = (opts & PF_OPT_VERBOSE) ?
			PFRB_ASTATS : PFRB_ADDRS;

	printf("\n");
}

int
nonzero_astats(struct pfr_astats *as)
{
	u_int64_t s = 0;
	for (int dir = 0; dir < PFR_DIR_MAX; dir++)
		for (int op = 0; op < PFR_OP_ADDR_MAX; op++)
			s |= as->pfras_packets[dir][op] |
			     as->pfras_bytes[dir][op];
	return !!s;
}

void
print_astats(struct pfr_astats *as, int dns)
{

Return to bug 282984

Lines 61-66 static void print_table(struct pfr_table *, int, int); Link Here

(-)b/sbin/pfctl/pfctl_table.c (+46 lines)
61	static void print_tstats(struct pfr_tstats *, int);	61	static void print_tstats(struct pfr_tstats *, int);
62	static int load_addr(struct pfr_buffer , int, char [], char *, int);	62	static int load_addr(struct pfr_buffer , int, char [], char *, int);
63	static void print_addrx(struct pfr_addr , struct pfr_addr , int);	63	static void print_addrx(struct pfr_addr , struct pfr_addr , int);
		64	static int nonzero_astats(struct pfr_astats *);
64	static void print_astats(struct pfr_astats *, int);	65	static void print_astats(struct pfr_astats *, int);
65	static void radix_perror(void);	66	static void radix_perror(void);
66	static void xprintf(int, const char *, ...);	67	static void xprintf(int, const char *, ...);
Lines 294-299 pfctl_table(int argc, char argv[], char tname, const char *command, Link Here
294	if ((opts & PF_OPT_VERBOSE2) \|\| a->pfra_fback)	295	if ((opts & PF_OPT_VERBOSE2) \|\| a->pfra_fback)
295	print_addrx(a, NULL,	296	print_addrx(a, NULL,
296	opts & PF_OPT_USEDNS);	297	opts & PF_OPT_USEDNS);
		298	} else if (!strcmp(command, "makezero")) {
		299	struct pfr_astats *as;
		300	b.pfrb_type = PFRB_ASTATS;
		301	b2.pfrb_type = PFRB_ADDRS;
		302
		303	if (argc \|\| file != NULL)
		304	usage();
		305
		306	do {
		307	pfr_buf_grow(&b, b.pfrb_size);
		308	b.pfrb_size = b.pfrb_msize;
		309	RVTEST(pfr_get_astats(&table, b.pfrb_caddr,
		310	&b.pfrb_size, flags));
		311	} while (b.pfrb_size > b.pfrb_msize);
		312
		313	PFRB_FOREACH(as, &b)
		314	if (nonzero_astats(as))
		315	if (pfr_buf_add(&b2, &as->pfras_a))
		316	err(1, "duplicate buffer");
		317
		318	if (opts & PF_OPT_VERBOSE)
		319	flags \|= PFR_FLAG_FEEDBACK;
		320	if (b2.pfrb_size)
		321	RVTEST(pfr_clr_astats(&table, b2.pfrb_caddr,
		322	b2.pfrb_size, &nzero, flags));
		323	else
		324	nzero = 0;
		325	xprintf(opts, "%d/%d addresses cleared", nzero, b.pfrb_size);
		326	if (opts & PF_OPT_VERBOSE)
		327	PFRB_FOREACH(a, &b2)
		328	if (opts & PF_OPT_VERBOSE2 \|\|
		329	a->pfra_fback != PFR_FB_NONE)
		330	print_addrx(a, NULL,
		331	opts & PF_OPT_USEDNS);
297	} else if (!strcmp(command, "show")) {	332	} else if (!strcmp(command, "show")) {
298	b.pfrb_type = (opts & PF_OPT_VERBOSE) ?	333	b.pfrb_type = (opts & PF_OPT_VERBOSE) ?
299	PFRB_ASTATS : PFRB_ADDRS;	334	PFRB_ASTATS : PFRB_ADDRS;
Lines 472-477 print_addrx(struct pfr_addr ad, struct pfr_addr rad, int dns) Link Here
472	printf("\n");	520	printf("\n");
473	}	521	}
474		522
		523	int
		524	nonzero_astats(struct pfr_astats *as)
		525	{
		526	u_int64_t s = 0;
		527	for (int dir = 0; dir < PFR_DIR_MAX; dir++)
		528	for (int op = 0; op < PFR_OP_ADDR_MAX; op++)
		529	s \|= as->pfras_packets[dir][op] \|
		530	as->pfras_bytes[dir][op];
		531	return !!s;
		532	}
		533
475	void	534	void
476	print_astats(struct pfr_astats *as, int dns)	535	print_astats(struct pfr_astats *as, int dns)
477	{	536	{