Update to FreeBSD head 2018-09-17

Git mirror commit 6c2192b1ef8c50788c751f878552526800b1e319. Update #3472.
2025-10-14 10:27:12 +08:00 · 2018-08-22 14:59:50 +02:00
parent 3becda1fef
commit 3489e3b639
579 changed files with 26749 additions and 11388 deletions
--- a/freebsd/sbin/pfctl/pfctl.c
+++ b/freebsd/sbin/pfctl/pfctl.c
@@ -40,17 +40,21 @@
 *
 */

-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
 #ifdef __rtems__
 #define __need_getopt_newlib
 #include <getopt.h>
 #include <machine/rtems-bsd-program.h>
 #include <machine/rtems-bsd-commands.h>
+
+/* Provided by kernel-space modules */
 #define	pf_get_ruleset_number _bsd_pf_get_ruleset_number
 #define	pf_init_ruleset _bsd_pf_init_ruleset
 #endif /* __rtems__ */
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#define PFIOC_USE_LATEST
+
 #include <sys/types.h>
 #include <sys/ioctl.h>
 #include <sys/socket.h>
@@ -87,7 +91,7 @@ int	 pfctl_disable(int, int);
 int	 pfctl_clear_stats(int, int);
 int	 pfctl_get_skip_ifaces(void);
 int	 pfctl_check_skip_ifaces(char *);
-int	 pfctl_clear_skip_ifaces(struct pfctl *);
+int	 pfctl_adjust_skip_ifaces(struct pfctl *);
 int	 pfctl_clear_interface_flags(int, int);
 int	 pfctl_clear_rules(int, int, char *);
 int	 pfctl_clear_nat(int, int, char *);
@@ -114,6 +118,7 @@ int	 pfctl_show_nat(int, int, char *);
 int	 pfctl_show_src_nodes(int, int);
 int	 pfctl_show_states(int, const char *, int);
 int	 pfctl_show_status(int, int);
+int	 pfctl_show_running(int);
 int	 pfctl_show_timeouts(int, int);
 int	 pfctl_show_limits(int, int);
 void	 pfctl_debug(int, u_int32_t, int);
@@ -235,7 +240,7 @@ static const char * const clearopt_list[] = {
 static const char * const showopt_list[] = {
 	"nat", "queue", "rules", "Anchors", "Sources", "states", "info",
 	"Interfaces", "labels", "timeouts", "memory", "Tables", "osfp",
-	"all", NULL
+	"Running", "all", NULL
 };

 static const char * const tblcmdopt_list[] = {
@@ -340,21 +345,66 @@ int
 pfctl_check_skip_ifaces(char *ifname)
 {
 	struct pfi_kif		*p;
+	struct node_host	*h = NULL, *n = NULL;

-	PFRB_FOREACH(p, &skip_b)
-		if ((p->pfik_flags & PFI_IFLAG_SKIP) && !strcmp(ifname, p->pfik_name))
+	PFRB_FOREACH(p, &skip_b) {
+		if (!strcmp(ifname, p->pfik_name) &&
+		    (p->pfik_flags & PFI_IFLAG_SKIP))
 			p->pfik_flags &= ~PFI_IFLAG_SKIP;
+		if (!strcmp(ifname, p->pfik_name) && p->pfik_group != NULL) {
+			if ((h = ifa_grouplookup(p->pfik_name, 0)) == NULL)
+				continue;
+
+			for (n = h; n != NULL; n = n->next) {
+				if (p->pfik_ifp == NULL)
+					continue;
+				if (strncmp(p->pfik_name, ifname, IFNAMSIZ))
+					continue;
+
+				p->pfik_flags &= ~PFI_IFLAG_SKIP;
+			}
+		}
+	}
 	return (0);
 }

 int
-pfctl_clear_skip_ifaces(struct pfctl *pf)
+pfctl_adjust_skip_ifaces(struct pfctl *pf)
 {
-	struct pfi_kif		*p;
+	struct pfi_kif		*p, *pp;
+	struct node_host	*h = NULL, *n = NULL;
+
+	PFRB_FOREACH(p, &skip_b) {
+		if (p->pfik_group == NULL || !(p->pfik_flags & PFI_IFLAG_SKIP))
+			continue;
+
+		pfctl_set_interface_flags(pf, p->pfik_name, PFI_IFLAG_SKIP, 0);
+		if ((h = ifa_grouplookup(p->pfik_name, 0)) == NULL)
+			continue;
+
+		for (n = h; n != NULL; n = n->next)
+			PFRB_FOREACH(pp, &skip_b) {
+				if (pp->pfik_ifp == NULL)
+					continue;
+
+				if (strncmp(pp->pfik_name, n->ifname, IFNAMSIZ))
+					continue;
+
+				if (!(pp->pfik_flags & PFI_IFLAG_SKIP))
+					pfctl_set_interface_flags(pf,
+					    pp->pfik_name, PFI_IFLAG_SKIP, 1);
+				if (pp->pfik_flags & PFI_IFLAG_SKIP)
+					pp->pfik_flags &= ~PFI_IFLAG_SKIP;
+			}
+	}
+
+	PFRB_FOREACH(p, &skip_b) {
+		if (p->pfik_ifp == NULL || ! (p->pfik_flags & PFI_IFLAG_SKIP))
+			continue;
+
+		pfctl_set_interface_flags(pf, p->pfik_name, PFI_IFLAG_SKIP, 0);
+	}

-	PFRB_FOREACH(p, &skip_b)
-		if (p->pfik_flags & PFI_IFLAG_SKIP)
-			pfctl_set_interface_flags(pf, p->pfik_name, PFI_IFLAG_SKIP, 0);
 	return (0);
 }

@@ -1180,6 +1230,20 @@ pfctl_show_status(int dev, int opts)
 	return (0);
 }

+int
+pfctl_show_running(int dev)
+{
+	struct pf_status status;
+
+	if (ioctl(dev, DIOCGETSTATUS, &status)) {
+		warn("DIOCGETSTATUS");
+		return (-1);
+	}
+
+	print_running(&status);
+	return (!status.running);
+}
+
 int
 pfctl_show_timeouts(int dev, int opts)
 {
@@ -1490,6 +1554,7 @@ pfctl_rules(int dev, char *filename, int opts, int optimize,
 	}

 	memset(&pa, 0, sizeof(pa));
+	pa.version = PFIOC_ALTQ_VERSION;
 	memset(&pf, 0, sizeof(pf));
 	memset(&trs, 0, sizeof(trs));
 	if ((path = calloc(1, MAXPATHLEN)) == NULL)
@@ -1548,7 +1613,7 @@ pfctl_rules(int dev, char *filename, int opts, int optimize,
 			goto _error;
 	}
 	if (loadopt & PFCTL_FLAG_OPTION)
-		pfctl_clear_skip_ifaces(&pf);
+		pfctl_adjust_skip_ifaces(&pf);

 	if ((pf.loadopt & PFCTL_FLAG_FILTER &&
 	    (pfctl_load_ruleset(&pf, path, rs, PF_RULESET_SCRUB, 0))) ||
@@ -1998,6 +2063,7 @@ pfctl_test_altqsupport(int dev, int opts)
 {
 	struct pfioc_altq pa;

+	pa.version = PFIOC_ALTQ_VERSION;
 	if (ioctl(dev, DIOCGETALTQS, &pa)) {
 		if (errno == ENODEV) {
 			if (opts & PF_OPT_VERBOSE)
@@ -2332,6 +2398,9 @@ main(int argc, char *argv[])
 		case 'i':
 			pfctl_show_status(dev, opts);
 			break;
+		case 'R':
+			error = pfctl_show_running(dev);
+			break;
 		case 't':
 			pfctl_show_timeouts(dev, opts);
 			break;
@@ -2449,7 +2518,7 @@ main(int argc, char *argv[])
 	}

 	if ((rulesopt != NULL) && (loadopt & PFCTL_FLAG_OPTION) &&
-	    !anchorname[0])
+	    !anchorname[0] && !(opts & PF_OPT_NOACTION))
 		if (pfctl_get_skip_ifaces())
 			error = 1;