pf: remove DIOCGETRULE and DIOCGETSTATUS
These calls have nvlist variants that completely supersede them. Remove the old code. Reviewed by: mjg MFC after: never Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D41651
This commit is contained in:
parent
6fbb9fbf7d
commit
8d49fd7331
|
@ -1921,14 +1921,12 @@ struct pfioc_iface {
|
|||
#define DIOCADDRULE _IOWR('D', 4, struct pfioc_rule)
|
||||
#define DIOCADDRULENV _IOWR('D', 4, struct pfioc_nv)
|
||||
#define DIOCGETRULES _IOWR('D', 6, struct pfioc_rule)
|
||||
#define DIOCGETRULE _IOWR('D', 7, struct pfioc_rule)
|
||||
#define DIOCGETRULENV _IOWR('D', 7, struct pfioc_nv)
|
||||
/* XXX cut 8 - 17 */
|
||||
#define DIOCCLRSTATESNV _IOWR('D', 18, struct pfioc_nv)
|
||||
#define DIOCGETSTATE _IOWR('D', 19, struct pfioc_state)
|
||||
#define DIOCGETSTATENV _IOWR('D', 19, struct pfioc_nv)
|
||||
#define DIOCSETSTATUSIF _IOWR('D', 20, struct pfioc_if)
|
||||
#define DIOCGETSTATUS _IOWR('D', 21, struct pf_status)
|
||||
#define DIOCGETSTATUSNV _IOWR('D', 21, struct pfioc_nv)
|
||||
#define DIOCCLRSTATUS _IO ('D', 22)
|
||||
#define DIOCNATLOOK _IOWR('D', 23, struct pfioc_natlook)
|
||||
|
|
|
@ -2463,14 +2463,12 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
|
|||
if (securelevel_gt(td->td_ucred, 2))
|
||||
switch (cmd) {
|
||||
case DIOCGETRULES:
|
||||
case DIOCGETRULE:
|
||||
case DIOCGETRULENV:
|
||||
case DIOCGETADDRS:
|
||||
case DIOCGETADDR:
|
||||
case DIOCGETSTATE:
|
||||
case DIOCGETSTATENV:
|
||||
case DIOCSETSTATUSIF:
|
||||
case DIOCGETSTATUS:
|
||||
case DIOCGETSTATUSNV:
|
||||
case DIOCCLRSTATUS:
|
||||
case DIOCNATLOOK:
|
||||
|
@ -2532,7 +2530,6 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
|
|||
case DIOCGETADDR:
|
||||
case DIOCGETSTATE:
|
||||
case DIOCGETSTATENV:
|
||||
case DIOCGETSTATUS:
|
||||
case DIOCGETSTATUSNV:
|
||||
case DIOCGETSTATES:
|
||||
case DIOCGETSTATESV2:
|
||||
|
@ -2579,11 +2576,6 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
|
|||
break; /* dummy operation ok */
|
||||
}
|
||||
return (EACCES);
|
||||
case DIOCGETRULE:
|
||||
if (((struct pfioc_rule *)addr)->action ==
|
||||
PF_GET_CLR_CNTR)
|
||||
return (EACCES);
|
||||
break;
|
||||
default:
|
||||
return (EACCES);
|
||||
}
|
||||
|
@ -3228,63 +3220,6 @@ DIOCADDRULENV_error:
|
|||
break;
|
||||
}
|
||||
|
||||
case DIOCGETRULE: {
|
||||
struct pfioc_rule *pr = (struct pfioc_rule *)addr;
|
||||
struct pf_kruleset *ruleset;
|
||||
struct pf_krule *rule;
|
||||
int rs_num;
|
||||
|
||||
pr->anchor[sizeof(pr->anchor) - 1] = 0;
|
||||
|
||||
PF_RULES_WLOCK();
|
||||
ruleset = pf_find_kruleset(pr->anchor);
|
||||
if (ruleset == NULL) {
|
||||
PF_RULES_WUNLOCK();
|
||||
error = EINVAL;
|
||||
break;
|
||||
}
|
||||
rs_num = pf_get_ruleset_number(pr->rule.action);
|
||||
if (rs_num >= PF_RULESET_MAX) {
|
||||
PF_RULES_WUNLOCK();
|
||||
error = EINVAL;
|
||||
break;
|
||||
}
|
||||
if (pr->ticket != ruleset->rules[rs_num].active.ticket) {
|
||||
PF_RULES_WUNLOCK();
|
||||
error = EBUSY;
|
||||
break;
|
||||
}
|
||||
rule = TAILQ_FIRST(ruleset->rules[rs_num].active.ptr);
|
||||
while ((rule != NULL) && (rule->nr != pr->nr))
|
||||
rule = TAILQ_NEXT(rule, entries);
|
||||
if (rule == NULL) {
|
||||
PF_RULES_WUNLOCK();
|
||||
error = EBUSY;
|
||||
break;
|
||||
}
|
||||
|
||||
pf_krule_to_rule(rule, &pr->rule);
|
||||
|
||||
if (pf_kanchor_copyout(ruleset, rule, pr)) {
|
||||
PF_RULES_WUNLOCK();
|
||||
error = EBUSY;
|
||||
break;
|
||||
}
|
||||
pf_addr_copyout(&pr->rule.src.addr);
|
||||
pf_addr_copyout(&pr->rule.dst.addr);
|
||||
|
||||
if (pr->action == PF_GET_CLR_CNTR) {
|
||||
pf_counter_u64_zero(&rule->evaluations);
|
||||
for (int i = 0; i < 2; i++) {
|
||||
pf_counter_u64_zero(&rule->packets[i]);
|
||||
pf_counter_u64_zero(&rule->bytes[i]);
|
||||
}
|
||||
counter_u64_zero(rule->states_tot);
|
||||
}
|
||||
PF_RULES_WUNLOCK();
|
||||
break;
|
||||
}
|
||||
|
||||
case DIOCGETRULENV: {
|
||||
struct pfioc_nv *nv = (struct pfioc_nv *)addr;
|
||||
nvlist_t *nvrule = NULL;
|
||||
|
@ -3871,39 +3806,6 @@ DIOCGETSTATESV2_full:
|
|||
break;
|
||||
}
|
||||
|
||||
case DIOCGETSTATUS: {
|
||||
struct pf_status *s = (struct pf_status *)addr;
|
||||
|
||||
PF_RULES_RLOCK();
|
||||
s->running = V_pf_status.running;
|
||||
s->since = V_pf_status.since;
|
||||
s->debug = V_pf_status.debug;
|
||||
s->hostid = V_pf_status.hostid;
|
||||
s->states = V_pf_status.states;
|
||||
s->src_nodes = V_pf_status.src_nodes;
|
||||
|
||||
for (int i = 0; i < PFRES_MAX; i++)
|
||||
s->counters[i] =
|
||||
counter_u64_fetch(V_pf_status.counters[i]);
|
||||
for (int i = 0; i < LCNT_MAX; i++)
|
||||
s->lcounters[i] =
|
||||
counter_u64_fetch(V_pf_status.lcounters[i]);
|
||||
for (int i = 0; i < FCNT_MAX; i++)
|
||||
s->fcounters[i] =
|
||||
pf_counter_u64_fetch(&V_pf_status.fcounters[i]);
|
||||
for (int i = 0; i < SCNT_MAX; i++)
|
||||
s->scounters[i] =
|
||||
counter_u64_fetch(V_pf_status.scounters[i]);
|
||||
|
||||
bcopy(V_pf_status.ifname, s->ifname, IFNAMSIZ);
|
||||
bcopy(V_pf_status.pf_chksum, s->pf_chksum,
|
||||
PF_MD5_DIGEST_LENGTH);
|
||||
|
||||
pfi_update_status(s->ifname, s);
|
||||
PF_RULES_RUNLOCK();
|
||||
break;
|
||||
}
|
||||
|
||||
case DIOCGETSTATUSNV: {
|
||||
error = pf_getstatus((struct pfioc_nv *)addr);
|
||||
break;
|
||||
|
|
Loading…
Reference in New Issue