D34442.diff
No OneTemporary
Actions

Size

6 KB

Referenced Files

None

Subscribers

None

D34442.diff
View Options

	diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h
	--- a/lib/libpfctl/libpfctl.h
	+++ b/lib/libpfctl/libpfctl.h
	@@ -373,6 +373,9 @@
	unsigned int *killed);
	int pfctl_kill_states(int dev, const struct pfctl_kill *kill,
	unsigned int *killed);
	+int pfctl_clear_rules(int dev, const char *anchorname);
	+int pfctl_clear_nat(int dev, const char *anchorname);
	+int pfctl_clear_eth_rules(int dev, const char *anchorname);
	int pfctl_set_syncookies(int dev, const struct pfctl_syncookies *s);
	int pfctl_get_syncookies(int dev, struct pfctl_syncookies *s);

	diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c
	--- a/lib/libpfctl/libpfctl.c
	+++ b/lib/libpfctl/libpfctl.c
	@@ -1169,6 +1169,95 @@
	return (_pfctl_clear_states(dev, kill, killed, DIOCKILLSTATESNV));
	}

	+int
	+pfctl_clear_rules(int dev, const char *anchorname)
	+{
	+ struct pfioc_trans trans;
	+ struct pfioc_trans_e transe[2];
	+ int ret;
	+
	+ bzero(&trans, sizeof(trans));
	+ bzero(&transe, sizeof(transe));
	+
	+ transe[0].rs_num = PF_RULESET_SCRUB;
	+ if (strlcpy(transe[0].anchor, anchorname, sizeof(transe[0].anchor))
	+ >= sizeof(transe[0].anchor))
	+ return (E2BIG);
	+
	+ transe[1].rs_num = PF_RULESET_FILTER;
	+ if (strlcpy(transe[1].anchor, anchorname, sizeof(transe[1].anchor))
	+ >= sizeof(transe[1].anchor))
	+ return (E2BIG);
	+
	+ trans.size = 2;
	+ trans.esize = sizeof(transe[0]);
	+ trans.array = transe;
	+
	+ ret = ioctl(dev, DIOCXBEGIN, &trans);
	+ if (ret != 0)
	+ return (ret);
	+ return ioctl(dev, DIOCXCOMMIT, &trans);
	+}
	+
	+int
	+pfctl_clear_nat(int dev, const char *anchorname)
	+{
	+ struct pfioc_trans trans;
	+ struct pfioc_trans_e transe[3];
	+ int ret;
	+
	+ bzero(&trans, sizeof(trans));
	+ bzero(&transe, sizeof(transe));
	+
	+ transe[0].rs_num = PF_RULESET_NAT;
	+ if (strlcpy(transe[0].anchor, anchorname, sizeof(transe[0].anchor))
	+ >= sizeof(transe[0].anchor))
	+ return (E2BIG);
	+
	+ transe[1].rs_num = PF_RULESET_BINAT;
	+ if (strlcpy(transe[1].anchor, anchorname, sizeof(transe[1].anchor))
	+ >= sizeof(transe[0].anchor))
	+ return (E2BIG);
	+
	+ transe[2].rs_num = PF_RULESET_RDR;
	+ if (strlcpy(transe[2].anchor, anchorname, sizeof(transe[2].anchor))
	+ >= sizeof(transe[2].anchor))
	+ return (E2BIG);
	+
	+ trans.size = 3;
	+ trans.esize = sizeof(transe[0]);
	+ trans.array = transe;
	+
	+ ret = ioctl(dev, DIOCXBEGIN, &trans);
	+ if (ret != 0)
	+ return (ret);
	+ return ioctl(dev, DIOCXCOMMIT, &trans);
	+}
	+int
	+pfctl_clear_eth_rules(int dev, const char *anchorname)
	+{
	+ struct pfioc_trans trans;
	+ struct pfioc_trans_e transe;
	+ int ret;
	+
	+ bzero(&trans, sizeof(trans));
	+ bzero(&transe, sizeof(transe));
	+
	+ transe.rs_num = PF_RULESET_ETH;
	+ if (strlcpy(transe.anchor, anchorname, sizeof(transe.anchor))
	+ >= sizeof(transe.anchor))
	+ return (E2BIG);
	+
	+ trans.size = 1;
	+ trans.esize = sizeof(transe);
	+ trans.array = &transe;
	+
	+ ret = ioctl(dev, DIOCXBEGIN, &trans);
	+ if (ret != 0)
	+ return (ret);
	+ return ioctl(dev, DIOCXCOMMIT, &trans);
	+}
	+
	static int
	pfctl_get_limit(int dev, const int index, uint *limit)
	{
	diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
	--- a/sbin/pfctl/pfctl.c
	+++ b/sbin/pfctl/pfctl.c
	@@ -75,9 +75,9 @@
	int pfctl_check_skip_ifaces(char *);
	int pfctl_adjust_skip_ifaces(struct pfctl *);
	int pfctl_clear_interface_flags(int, int);
	-int pfctl_clear_eth_rules(int, int, char *);
	-int pfctl_clear_rules(int, int, char *);
	-int pfctl_clear_nat(int, int, char *);
	+int pfctl_flush_eth_rules(int, int, char *);
	+int pfctl_flush_rules(int, int, char *);
	+int pfctl_flush_nat(int, int, char *);
	int pfctl_clear_altq(int, int);
	int pfctl_clear_src_nodes(int, int);
	int pfctl_clear_iface_states(int, const char *, int);
	@@ -460,32 +460,27 @@
	}

	int
	-pfctl_clear_eth_rules(int dev, int opts, char *anchorname)
	+pfctl_flush_eth_rules(int dev, int opts, char *anchorname)
	{
	- struct pfr_buffer t;
	+ int ret;

	- memset(&t, 0, sizeof(t));
	- t.pfrb_type = PFRB_TRANS;
	- if (pfctl_add_trans(&t, PF_RULESET_ETH, anchorname) \|\|
	- pfctl_trans(dev, &t, DIOCXBEGIN, 0) \|\|
	- pfctl_trans(dev, &t, DIOCXCOMMIT, 0))
	+ ret = pfctl_clear_eth_rules(dev, anchorname);
	+ if (ret != 0)
	err(1, "pfctl_clear_eth_rules");
	+
	if ((opts & PF_OPT_QUIET) == 0)
	fprintf(stderr, "Ethernet rules cleared\n");
	- return (0);
	+
	+ return (ret);
	}

	int
	-pfctl_clear_rules(int dev, int opts, char *anchorname)
	+pfctl_flush_rules(int dev, int opts, char *anchorname)
	{
	- struct pfr_buffer t;
	+ int ret;

	- memset(&t, 0, sizeof(t));
	- t.pfrb_type = PFRB_TRANS;
	- if (pfctl_add_trans(&t, PF_RULESET_SCRUB, anchorname) \|\|
	- pfctl_add_trans(&t, PF_RULESET_FILTER, anchorname) \|\|
	- pfctl_trans(dev, &t, DIOCXBEGIN, 0) \|\|
	- pfctl_trans(dev, &t, DIOCXCOMMIT, 0))
	+ ret = pfctl_clear_rules(dev, anchorname);
	+ if (ret != 0)
	err(1, "pfctl_clear_rules");
	if ((opts & PF_OPT_QUIET) == 0)
	fprintf(stderr, "rules cleared\n");
	@@ -493,17 +488,12 @@
	}

	int
	-pfctl_clear_nat(int dev, int opts, char *anchorname)
	+pfctl_flush_nat(int dev, int opts, char *anchorname)
	{
	- struct pfr_buffer t;
	+ int ret;

	- memset(&t, 0, sizeof(t));
	- t.pfrb_type = PFRB_TRANS;
	- if (pfctl_add_trans(&t, PF_RULESET_NAT, anchorname) \|\|
	- pfctl_add_trans(&t, PF_RULESET_BINAT, anchorname) \|\|
	- pfctl_add_trans(&t, PF_RULESET_RDR, anchorname) \|\|
	- pfctl_trans(dev, &t, DIOCXBEGIN, 0) \|\|
	- pfctl_trans(dev, &t, DIOCXCOMMIT, 0))
	+ ret = pfctl_clear_nat(dev, anchorname);
	+ if (ret != 0)
	err(1, "pfctl_clear_nat");
	if ((opts & PF_OPT_QUIET) == 0)
	fprintf(stderr, "nat cleared\n");
	@@ -2926,13 +2916,13 @@

	switch (*clearopt) {
	case 'e':
	- pfctl_clear_eth_rules(dev, opts, anchorname);
	+ pfctl_flush_eth_rules(dev, opts, anchorname);
	break;
	case 'r':
	- pfctl_clear_rules(dev, opts, anchorname);
	+ pfctl_flush_rules(dev, opts, anchorname);
	break;
	case 'n':
	- pfctl_clear_nat(dev, opts, anchorname);
	+ pfctl_flush_nat(dev, opts, anchorname);
	break;
	case 'q':
	pfctl_clear_altq(dev, opts);
	@@ -2947,9 +2937,9 @@
	pfctl_clear_stats(dev, opts);
	break;
	case 'a':
	- pfctl_clear_eth_rules(dev, opts, anchorname);
	- pfctl_clear_rules(dev, opts, anchorname);
	- pfctl_clear_nat(dev, opts, anchorname);
	+ pfctl_flush_eth_rules(dev, opts, anchorname);
	+ pfctl_flush_rules(dev, opts, anchorname);
	+ pfctl_flush_nat(dev, opts, anchorname);
	pfctl_clear_tables(anchorname, opts);
	if (!*anchorname) {
	pfctl_clear_altq(dev, opts);

File Metadata

Mime Type: text/plain
Expires: Sun, Jan 12, 7:47 AM (21 h, 5 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 15763537
Default Alt Text: D34442.diff (6 KB)

D34442.diffNo OneTemporaryActions

D34442.diffView Options

File Metadata

Event Timeline

D34442.diff
No OneTemporary
Actions

D34442.diff
View Options