git: 7fe42038b269 - main - pf: fix max-src-conn when rules are added via netlink

Fri, 27 Sep 2024 05:30:15 -0700 

The branch main has been updated by kp:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=7fe42038b2691bddd58fdf8783c1b92c527c2352

commit 7fe42038b2691bddd58fdf8783c1b92c527c2352
Author:     Kajetan Staszkiewicz <veg...@tuxpowered.net>
AuthorDate: 2024-09-27 08:21:10 +0000
Commit:     Kristof Provost <k...@freebsd.org>
CommitDate: 2024-09-27 12:29:20 +0000

    pf: fix max-src-conn when rules are added via netlink
    
    Reviewed by:    kp
    Differential Revision:  https://reviews.freebsd.org/D46797
---
 lib/libpfctl/libpfctl.c | 2 ++
 sys/netpfil/pf/pf_nl.c  | 2 ++
 sys/netpfil/pf/pf_nl.h  | 1 +
 3 files changed, 5 insertions(+)

diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c
index c8eeb913e912..36b83c480aa7 100644
--- a/lib/libpfctl/libpfctl.c
+++ b/lib/libpfctl/libpfctl.c
@@ -1233,6 +1233,7 @@ snl_add_msg_attr_pf_rule(struct snl_writer *nw, uint32_t 
type, const struct pfct
        snl_add_msg_attr_u32(nw, PF_RT_MAX_STATES, r->max_states);
        snl_add_msg_attr_u32(nw, PF_RT_MAX_SRC_NODES, r->max_src_nodes);
        snl_add_msg_attr_u32(nw, PF_RT_MAX_SRC_STATES, r->max_src_states);
+       snl_add_msg_attr_u32(nw, PF_RT_MAX_SRC_CONN, r->max_src_conn);
        snl_add_msg_attr_u32(nw, PF_RT_MAX_SRC_CONN_RATE_LIMIT, 
r->max_src_conn_rate.limit);
        snl_add_msg_attr_u32(nw, PF_RT_MAX_SRC_CONN_RATE_SECS, 
r->max_src_conn_rate.seconds);
 
@@ -1658,6 +1659,7 @@ static struct snl_attr_parser ap_getrule[] = {
        { .type = PF_RT_SRC_NODES, .off = _OUT(r.src_nodes), .cb = 
snl_attr_get_uint64 },
        { .type = PF_RT_ANCHOR_CALL, .off = _OUT(anchor_call), .arg = 
(void*)MAXPATHLEN, .cb = snl_attr_copy_string },
        { .type = PF_RT_RCV_IFNAME, .off = _OUT(r.rcv_ifname), .arg = 
(void*)IFNAMSIZ, .cb = snl_attr_copy_string },
+       { .type = PF_RT_MAX_SRC_CONN, .off = _OUT(r.max_src_conn), .cb = 
snl_attr_get_uint32 },
 };
 static struct snl_field_parser fp_getrule[] = {};
 #undef _OUT
diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c
index 62d5972c4abb..ca90e0b5b140 100644
--- a/sys/netpfil/pf/pf_nl.c
+++ b/sys/netpfil/pf/pf_nl.c
@@ -731,6 +731,7 @@ static const struct nlattr_parser nla_p_rule[] = {
        { .type = PF_RT_DIVERT_ADDRESS, .off = _OUT(divert.addr), .cb = 
nlattr_get_in6_addr },
        { .type = PF_RT_DIVERT_PORT, .off = _OUT(divert.port), .cb = 
nlattr_get_uint16 },
        { .type = PF_RT_RCV_IFNAME, .off = _OUT(rcv_ifname), .arg = (void 
*)IFNAMSIZ, .cb = nlattr_get_chara },
+       { .type = PF_RT_MAX_SRC_CONN, .off = _OUT(max_src_conn), .cb = 
nlattr_get_uint32 },
 };
 NL_DECLARE_ATTR_PARSER(rule_parser, nla_p_rule);
 #undef _OUT
@@ -921,6 +922,7 @@ pf_handle_getrule(struct nlmsghdr *hdr, struct nl_pstate 
*npt)
        nlattr_add_u32(nw, PF_RT_MAX_STATES, rule->max_states);
        nlattr_add_u32(nw, PF_RT_MAX_SRC_NODES, rule->max_src_nodes);
        nlattr_add_u32(nw, PF_RT_MAX_SRC_STATES, rule->max_src_states);
+       nlattr_add_u32(nw, PF_RT_MAX_SRC_CONN, rule->max_src_conn);
        nlattr_add_u32(nw, PF_RT_MAX_SRC_CONN_RATE_LIMIT, 
rule->max_src_conn_rate.limit);
        nlattr_add_u32(nw, PF_RT_MAX_SRC_CONN_RATE_SECS, 
rule->max_src_conn_rate.seconds);
 
diff --git a/sys/netpfil/pf/pf_nl.h b/sys/netpfil/pf/pf_nl.h
index bd173c0137ce..acb4b31320c0 100644
--- a/sys/netpfil/pf/pf_nl.h
+++ b/sys/netpfil/pf/pf_nl.h
@@ -258,6 +258,7 @@ enum pf_rule_type_t {
        PF_RT_SRC_NODES         = 71, /* u64 */
        PF_RT_ANCHOR_CALL       = 72, /* string */
        PF_RT_RCV_IFNAME        = 73, /* string */
+       PF_RT_MAX_SRC_CONN      = 74, /* u32 */
 };
 
 enum pf_addrule_type_t {

Reply via email to