Index: share/man/man4/pf.4 =================================================================== --- share/man/man4/pf.4 +++ share/man/man4/pf.4 @@ -334,35 +334,40 @@ fields of the .Va state structure from the state table. -.It Dv DIOCKILLSTATES Fa "struct pfioc_state_kill *psk" +.It Dv DIOCKILLSTATESNV Fa "struct pfioc_nv nv" Remove matching entries from the state table. This ioctl returns the number of killed states in -.Va psk_killed . +.Va "killed" . .Bd -literal -struct pfioc_state_kill { - struct pf_state_cmp psk_pfcmp; - sa_family_t psk_af; - int psk_proto; - struct pf_rule_addr psk_src; - struct pf_rule_addr psk_dst; - char psk_ifname[IFNAMSIZ]; - char psk_label[PF_RULE_LABEL_SIZE]; - u_int psk_killed; +nvlist pf_state_cmp { + number id; + number creatorid; + number direction; +}; + +nvlist pf_kill { + nvlist pf_state_cmp cmp; + number af; + number proto; + nvlist pf_rule_addr src; + nvlist pf_rule_addr dst; + string ifname[IFNAMSIZ]; + string label[PF_RULE_LABEL_SIZE]; }; .Ed -.It Dv DIOCCLRSTATES Fa "struct pfioc_state_kill *psk" +.It Dv DIOCCLRSTATESNV Fa "struct pfioc_state_kill *psk" Clear all states. It works like -.Dv DIOCKILLSTATES , +.Dv DIOCKILLSTATESNV , but ignores the -.Va psk_af , -.Va psk_proto , -.Va psk_src , +.Va af , +.Va proto , +.Va src , and -.Va psk_dst +.Va dst fields of the -.Vt pfioc_state_kill -structure. +.Vt pf_kill +nvlist. .It Dv DIOCSETSTATUSIF Fa "struct pfioc_if *pi" Specify the interface for which statistics are accumulated. .Bd -literal Index: sys/net/pfvar.h =================================================================== --- sys/net/pfvar.h +++ sys/net/pfvar.h @@ -1252,7 +1252,6 @@ #define DIOCGETRULE _IOWR('D', 7, struct pfioc_rule) #define DIOCGETRULENV _IOWR('D', 7, struct pfioc_nv) /* XXX cut 8 - 17 */ -#define DIOCCLRSTATES _IOWR('D', 18, struct pfioc_state_kill) #define DIOCCLRSTATESNV _IOWR('D', 18, struct pfioc_nv) #define DIOCGETSTATE _IOWR('D', 19, struct pfioc_state) #define DIOCSETSTATUSIF _IOWR('D', 20, struct pfioc_if) @@ -1269,7 +1268,6 @@ #define DIOCCLRRULECTRS _IO ('D', 38) #define DIOCGETLIMIT _IOWR('D', 39, struct pfioc_limit) #define DIOCSETLIMIT _IOWR('D', 40, struct pfioc_limit) -#define DIOCKILLSTATES _IOWR('D', 41, struct pfioc_state_kill) #define DIOCKILLSTATESNV _IOWR('D', 41, struct pfioc_nv) #define DIOCSTARTALTQ _IO ('D', 42) #define DIOCSTOPALTQ _IO ('D', 43) Index: sys/netpfil/pf/pf_ioctl.c =================================================================== --- sys/netpfil/pf/pf_ioctl.c +++ sys/netpfil/pf/pf_ioctl.c @@ -2402,23 +2402,6 @@ return (0); } -static int -pf_state_kill_to_kstate_kill(const struct pfioc_state_kill *psk, - struct pf_kstate_kill *kill) -{ - bzero(kill, sizeof(*kill)); - - bcopy(&psk->psk_pfcmp, &kill->psk_pfcmp, sizeof(kill->psk_pfcmp)); - kill->psk_af = psk->psk_af; - kill->psk_proto = psk->psk_proto; - bcopy(&psk->psk_src, &kill->psk_src, sizeof(kill->psk_src)); - bcopy(&psk->psk_dst, &kill->psk_dst, sizeof(kill->psk_dst)); - strlcpy(kill->psk_ifname, psk->psk_ifname, sizeof(kill->psk_ifname)); - strlcpy(kill->psk_label, psk->psk_label, sizeof(kill->psk_label)); - - return (0); -} - static int pf_nvstate_cmp_to_state_cmp(const nvlist_t *nvl, struct pf_state_cmp *cmp) { @@ -3377,36 +3360,11 @@ break; } - case DIOCCLRSTATES: { - struct pfioc_state_kill *psk = (struct pfioc_state_kill *)addr; - struct pf_kstate_kill kill; - - error = pf_state_kill_to_kstate_kill(psk, &kill); - if (error) - break; - - psk->psk_killed = pf_clear_states(&kill); - break; - } - case DIOCCLRSTATESNV: { error = pf_clearstates_nv((struct pfioc_nv *)addr); break; } - case DIOCKILLSTATES: { - struct pfioc_state_kill *psk = (struct pfioc_state_kill *)addr; - struct pf_kstate_kill kill; - - error = pf_state_kill_to_kstate_kill(psk, &kill); - if (error) - break; - - psk->psk_killed = 0; - error = pf_killstates(&kill, &psk->psk_killed); - break; - } - case DIOCKILLSTATESNV: { error = pf_killstates_nv((struct pfioc_nv *)addr); break;