FreeBSD Bugzilla – Attachment 255466 Details for
Bug 282984
[PATCH] pfctl: add -T `makezero` to touch pfras_tzero _only_ for non-zero entries
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
pfctl -T makezero patch
pfctl-makezero.patch (text/plain), 3.81 KB, created by
Leonid Evdokimov
on 2024-11-26 11:36:53 UTC
(
hide
)
Description:
pfctl -T makezero patch
Filename:
MIME Type:
Creator:
Leonid Evdokimov
Created:
2024-11-26 11:36:53 UTC
Size:
3.81 KB
patch
obsolete
>diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8 >index ac0106fb560..85445bd50d5 100644 >--- a/sbin/pfctl/pfctl.8 >+++ b/sbin/pfctl/pfctl.8 >@@ -24,7 +24,7 @@ > .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF > .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. > .\" >-.Dd July 23, 2024 >+.Dd November 25, 2024 > .Dt PFCTL 8 > .Os > .Sh NAME >@@ -501,8 +501,10 @@ Automatically create a nonexisting table. > Show the content (addresses) of a table. > .It Fl T Cm test > Test if the given addresses match a table. > .It Fl T Cm zero Op Ar address ... > Clear all the statistics of a table, or only for specified addresses. >+.It Fl T Cm makezero >+Clear the statistics only for the addresses having non-zero counters. > .It Fl T Cm load > Load only the table definitions from > .Xr pf.conf 5 . >diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c >index 621d97d6c55..e7df76ae460 100644 >--- a/sbin/pfctl/pfctl.c >+++ b/sbin/pfctl/pfctl.c >@@ -238,7 +238,7 @@ static const char * const showopt_list[] = { > > static const char * const tblcmdopt_list[] = { > "kill", "flush", "add", "delete", "load", "replace", "show", >- "test", "zero", "expire", NULL >+ "test", "zero", "expire", "makezero", NULL > }; > > static const char * const debugopt_list[] = { >@@ -3027,7 +3027,7 @@ main(int argc, char *argv[]) > loadopt |= PFCTL_FLAG_TABLE; > tblcmdopt = NULL; > } else >- mode = strchr("acdefkrz", ch) ? O_RDWR : O_RDONLY; >+ mode = strchr("acdefkmrz", ch) ? O_RDWR : O_RDONLY; > } else if (argc != optind) { > warnx("unknown command line argument: %s ...", argv[optind]); > usage(); >diff --git a/sbin/pfctl/pfctl_table.c b/sbin/pfctl/pfctl_table.c >index fe934a8d2ea..7f54c1edccb 100644 >--- a/sbin/pfctl/pfctl_table.c >+++ b/sbin/pfctl/pfctl_table.c >@@ -61,6 +61,7 @@ static void print_table(struct pfr_table *, int, int); > static void print_tstats(struct pfr_tstats *, int); > static int load_addr(struct pfr_buffer *, int, char *[], char *, int); > static void print_addrx(struct pfr_addr *, struct pfr_addr *, int); >+static int nonzero_astats(struct pfr_astats *); > static void print_astats(struct pfr_astats *, int); > static void radix_perror(void); > static void xprintf(int, const char *, ...); >@@ -294,6 +295,40 @@ pfctl_table(int argc, char *argv[], char *tname, const char *command, > if ((opts & PF_OPT_VERBOSE2) || a->pfra_fback) > print_addrx(a, NULL, > opts & PF_OPT_USEDNS); >+ } else if (!strcmp(command, "makezero")) { >+ struct pfr_astats *as; >+ b.pfrb_type = PFRB_ASTATS; >+ b2.pfrb_type = PFRB_ADDRS; >+ >+ if (argc || file != NULL) >+ usage(); >+ >+ do { >+ pfr_buf_grow(&b, b.pfrb_size); >+ b.pfrb_size = b.pfrb_msize; >+ RVTEST(pfr_get_astats(&table, b.pfrb_caddr, >+ &b.pfrb_size, flags)); >+ } while (b.pfrb_size > b.pfrb_msize); >+ >+ PFRB_FOREACH(as, &b) >+ if (nonzero_astats(as)) >+ if (pfr_buf_add(&b2, &as->pfras_a)) >+ err(1, "duplicate buffer"); >+ >+ if (opts & PF_OPT_VERBOSE) >+ flags |= PFR_FLAG_FEEDBACK; >+ if (b2.pfrb_size) >+ RVTEST(pfr_clr_astats(&table, b2.pfrb_caddr, >+ b2.pfrb_size, &nzero, flags)); >+ else >+ nzero = 0; >+ xprintf(opts, "%d/%d addresses cleared", nzero, b.pfrb_size); >+ if (opts & PF_OPT_VERBOSE) >+ PFRB_FOREACH(a, &b2) >+ if (opts & PF_OPT_VERBOSE2 || >+ a->pfra_fback != PFR_FB_NONE) >+ print_addrx(a, NULL, >+ opts & PF_OPT_USEDNS); > } else if (!strcmp(command, "show")) { > b.pfrb_type = (opts & PF_OPT_VERBOSE) ? > PFRB_ASTATS : PFRB_ADDRS; >@@ -472,6 +520,17 @@ print_addrx(struct pfr_addr *ad, struct pfr_addr *rad, int dns) > printf("\n"); > } > >+int >+nonzero_astats(struct pfr_astats *as) >+{ >+ u_int64_t s = 0; >+ for (int dir = 0; dir < PFR_DIR_MAX; dir++) >+ for (int op = 0; op < PFR_OP_ADDR_MAX; op++) >+ s |= as->pfras_packets[dir][op] | >+ as->pfras_bytes[dir][op]; >+ return !!s; >+} >+ > void > print_astats(struct pfr_astats *as, int dns) > {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=255466">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 282984
: 255466 |
255471