D34970.id105324.diff
No OneTemporary
Actions

Size

7 KB

Referenced Files

None

Subscribers

None

D34970.id105324.diff
View Options

	Index: lib/libpfctl/libpfctl.h
	===================================================================
	--- lib/libpfctl/libpfctl.h
	+++ lib/libpfctl/libpfctl.h
	@@ -99,6 +99,7 @@
	uint64_t evaluations;
	uint64_t packets[2];
	uint64_t bytes[2];
	+ uint32_t last_active_timestamp;

	/* Action */
	char qname[PF_QNAME_SIZE];
	@@ -171,6 +172,7 @@
	uint64_t evaluations;
	uint64_t packets[2];
	uint64_t bytes[2];
	+ uint32_t last_active_timestamp;

	struct pfi_kif *kif;
	struct pfctl_anchor *anchor;
	Index: lib/libpfctl/libpfctl.c
	===================================================================
	--- lib/libpfctl/libpfctl.c
	+++ lib/libpfctl/libpfctl.c
	@@ -512,6 +512,10 @@
	pf_nvuint_64_array(nvl, "packets", 2, rule->packets, NULL);
	pf_nvuint_64_array(nvl, "bytes", 2, rule->bytes, NULL);

	+ if (nvlist_exists_number(nvl, "timestamp")) {
	+ rule->last_active_timestamp = nvlist_get_number(nvl, "timestamp");
	+ }
	+
	rule->os_fingerprint = nvlist_get_number(nvl, "os_fingerprint");

	rule->rtableid = nvlist_get_number(nvl, "rtableid");
	@@ -642,6 +646,10 @@
	rule->bytes[0] = nvlist_get_number(nvl, "bytes-in");
	rule->bytes[1] = nvlist_get_number(nvl, "bytes-out");

	+ if (nvlist_exists_number(nvl, "timestamp")) {
	+ rule->last_active_timestamp = nvlist_get_number(nvl, "timestamp");
	+ }
	+
	strlcpy(rule->qname, nvlist_get_string(nvl, "qname"), PF_QNAME_SIZE);
	strlcpy(rule->tagname, nvlist_get_string(nvl, "tagname"),
	PF_TAG_NAME_SIZE);
	@@ -737,7 +745,7 @@
	nvlist_add_number(nvl, "nr", nr);
	nvlist_add_bool(nvl, "clear", clear);

	- if ((ret = pfctl_do_ioctl(dev, DIOCGETETHRULE, 2048, &nvl)) != 0)
	+ if ((ret = pfctl_do_ioctl(dev, DIOCGETETHRULE, 4096, &nvl)) != 0)
	return (ret);

	pfctl_nveth_rule_to_eth_rule(nvl, rule);
	Index: sbin/pfctl/pfctl.c
	===================================================================
	--- sbin/pfctl/pfctl.c
	+++ sbin/pfctl/pfctl.c
	@@ -1016,6 +1016,18 @@
	(unsigned long long)(rule->bytes[0] +
	rule->bytes[1]));
	}
	+ if (opts & PF_OPT_VERBOSE2) {
	+ char timestr[30];
	+
	+ if (rule->last_active_timestamp != 0) {
	+ time_t last_active = rule->last_active_timestamp;
	+ bcopy(ctime(&last_active), timestr, sizeof(timestr));
	+ *strchr(timestr, '\n') = '\0';
	+ } else {
	+ snprintf(timestr, sizeof(timestr), "N/A");
	+ }
	+ printf(" [ Last Active Time: %s ]\n", timestr);
	+ }
	}

	void
	@@ -1055,6 +1067,17 @@
	(unsigned)rule->cuid, (unsigned)rule->cpid,
	(uintmax_t)rule->states_tot);
	}
	+ if (opts & PF_OPT_VERBOSE2) {
	+ char timestr[30];
	+ if (rule->last_active_timestamp != 0) {
	+ time_t last_active = rule->last_active_timestamp;
	+ bcopy(ctime(&last_active), timestr, sizeof(timestr));
	+ *strchr(timestr, '\n') = '\0';
	+ } else {
	+ snprintf(timestr, sizeof(timestr), "N/A");
	+ }
	+ printf(" [ Last Active Time: %s ]\n", timestr);
	+ }
	}

	void
	Index: sys/net/pfvar.h
	===================================================================
	--- sys/net/pfvar.h
	+++ sys/net/pfvar.h
	@@ -286,6 +286,26 @@
	}
	#endif

	+#define pf_get_timestamp(prule)({ \
	+ uint32_t _ts = 0; \
	+ uint32_t __ts; \
	+ int cpu; \
	+ CPU_FOREACH(cpu) { \
	+ __ts = *zpcpu_get_cpu(prule->timestamp, cpu); \
	+ if (__ts > _ts) \
	+ _ts = __ts; \
	+ } \
	+ _ts; \
	+})
	+
	+#define pf_update_timestamp(prule) \
	+ do { \
	+ critical_enter(); \
	+ *zpcpu_get((prule)->timestamp) = time_second; \
	+ critical_exit(); \
	+ } while (0)
	+
	+
	SYSCTL_DECL(_net_pf);
	MALLOC_DECLARE(M_PFHASH);

	@@ -657,6 +677,7 @@
	counter_u64_t evaluations;
	counter_u64_t packets[2];
	counter_u64_t bytes[2];
	+ uint32_t *timestamp;

	/* Action */
	char qname[PF_QNAME_SIZE];
	@@ -696,6 +717,7 @@
	struct pf_counter_u64 evaluations;
	struct pf_counter_u64 packets[2];
	struct pf_counter_u64 bytes[2];
	+ uint32_t *timestamp;

	struct pfi_kkif *kif;
	struct pf_kanchor *anchor;
	Index: sys/netpfil/pf/pf.c
	===================================================================
	--- sys/netpfil/pf/pf.c
	+++ sys/netpfil/pf/pf.c
	@@ -3971,6 +3971,7 @@
	/* Execute action. */
	counter_u64_add(r->packets[dir == PF_OUT], 1);
	counter_u64_add(r->bytes[dir == PF_OUT], m_length(m, NULL));
	+ pf_update_timestamp(r);

	/* Shortcut. Don't tag if we're just going to drop anyway. */
	if (r->action == PF_DROP) {
	@@ -7198,6 +7199,8 @@
	dirndx = (dir == PF_OUT);
	pf_counter_u64_add_protected(&r->packets[dirndx], 1);
	pf_counter_u64_add_protected(&r->bytes[dirndx], pd.tot_len);
	+ pf_update_timestamp(r);
	+
	if (a != NULL) {
	pf_counter_u64_add_protected(&a->packets[dirndx], 1);
	pf_counter_u64_add_protected(&a->bytes[dirndx], pd.tot_len);
	Index: sys/netpfil/pf/pf_ioctl.c
	===================================================================
	--- sys/netpfil/pf/pf_ioctl.c
	+++ sys/netpfil/pf/pf_ioctl.c
	@@ -344,6 +344,8 @@
	V_pf_default_rule.states_tot = counter_u64_alloc(M_WAITOK);
	V_pf_default_rule.src_nodes = counter_u64_alloc(M_WAITOK);

	+ V_pf_default_rule.timestamp = uma_zalloc_pcpu(pcpu_zone_4, M_WAITOK \| M_ZERO);
	+
	#ifdef PF_WANT_32_TO_64_COUNTER
	V_pf_kifmarker = malloc(sizeof(*V_pf_kifmarker), PFI_MTYPE, M_WAITOK \| M_ZERO);
	V_pf_rulemarker = malloc(sizeof(*V_pf_rulemarker), M_PFRULE, M_WAITOK \| M_ZERO);
	@@ -530,6 +532,7 @@
	counter_u64_free(rule->packets[i]);
	counter_u64_free(rule->bytes[i]);
	}
	+ uma_zfree_pcpu(pcpu_zone_4, rule->timestamp);
	pf_keth_anchor_remove(rule);

	free(rule, M_PFRULE);
	@@ -1801,6 +1804,7 @@
	counter_u64_free(rule->states_cur);
	counter_u64_free(rule->states_tot);
	counter_u64_free(rule->src_nodes);
	+ uma_zfree_pcpu(pcpu_zone_4, rule->timestamp);

	mtx_destroy(&rule->rpool.mtx);
	free(rule, M_PFRULE);
	@@ -2130,6 +2134,7 @@
	rule->states_cur = counter_u64_alloc(M_WAITOK);
	rule->states_tot = counter_u64_alloc(M_WAITOK);
	rule->src_nodes = counter_u64_alloc(M_WAITOK);
	+ rule->timestamp = uma_zalloc_pcpu(pcpu_zone_4, M_WAITOK \| M_ZERO);
	rule->cuid = td->td_ucred->cr_ruid;
	rule->cpid = td->td_proc ? td->td_proc->p_pid : 0;
	TAILQ_INIT(&rule->rpool.list);
	@@ -2832,6 +2837,7 @@
	rule = malloc(sizeof(*rule), M_PFRULE, M_WAITOK);
	if (rule == NULL)
	ERROUT(ENOMEM);
	+ rule->timestamp = NULL;

	error = pf_nveth_rule_to_keth_rule(nvl, rule);
	if (error != 0)
	@@ -2844,6 +2850,8 @@
	rule->packets[i] = counter_u64_alloc(M_WAITOK);
	rule->bytes[i] = counter_u64_alloc(M_WAITOK);
	}
	+ rule->timestamp = uma_zalloc_pcpu(pcpu_zone_4,
	+ M_WAITOK \| M_ZERO);

	PF_RULES_WLOCK();

	@@ -6697,6 +6705,7 @@
	counter_u64_free(V_pf_default_rule.states_cur);
	counter_u64_free(V_pf_default_rule.states_tot);
	counter_u64_free(V_pf_default_rule.src_nodes);
	+ uma_zfree_pcpu(pcpu_zone_4, V_pf_default_rule.timestamp);

	for (int i = 0; i < PFRES_MAX; i++)
	counter_u64_free(V_pf_status.counters[i]);
	Index: sys/netpfil/pf/pf_nv.c
	===================================================================
	--- sys/netpfil/pf/pf_nv.c
	+++ sys/netpfil/pf/pf_nv.c
	@@ -737,6 +737,7 @@
	nvlist_append_number_array(nvl, "bytes",
	pf_counter_u64_fetch(&rule->bytes[i]));
	}
	+ nvlist_add_number(nvl, "timestamp", pf_get_timestamp(rule));

	nvlist_add_number(nvl, "os_fingerprint", rule->os_fingerprint);

	@@ -1098,6 +1099,7 @@
	nvlist_add_number(nvl, "bytes-out",
	counter_u64_fetch(krule->bytes[1]));

	+ nvlist_add_number(nvl, "timestamp", pf_get_timestamp(krule));
	nvlist_add_string(nvl, "qname", krule->qname);
	nvlist_add_string(nvl, "tagname", krule->tagname);

File Metadata

Mime Type: text/plain
Expires: Tue, Apr 28, 11:56 AM (5 h, 6 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 32275410
Default Alt Text: D34970.id105324.diff (7 KB)

D34970.id105324.diffNo OneTemporaryActions

D34970.id105324.diffView Options

File Metadata

Event Timeline

D34970.id105324.diff
No OneTemporary
Actions

D34970.id105324.diff
View Options