talexander
/
freebsd_amp_hwpstate
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pf: remove DIOCGETRULE and DIOCGETSTATUS 

These calls have nvlist variants that completely supersede them.
Remove the old code.

Reviewed by:	mjg
MFC after:	never
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D41651
This commit is contained in:
Kristof Provost 2023-08-29 17:17:24 +02:00
parent 6fbb9fbf7d
commit 8d49fd7331
2 changed files with 0 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/net/pfvar.h
View File

@ -1921,14 +1921,12 @@ struct pfioc_iface {
#define DIOCADDRULE _IOWR('D', 4, struct pfioc_rule) #define DIOCADDRULE _IOWR('D', 4, struct pfioc_rule)
#define DIOCADDRULENV _IOWR('D', 4, struct pfioc_nv) #define DIOCADDRULENV _IOWR('D', 4, struct pfioc_nv)
#define DIOCGETRULES _IOWR('D', 6, struct pfioc_rule) #define DIOCGETRULES _IOWR('D', 6, struct pfioc_rule)
#define DIOCGETRULE _IOWR('D', 7, struct pfioc_rule)
#define DIOCGETRULENV _IOWR('D', 7, struct pfioc_nv) #define DIOCGETRULENV _IOWR('D', 7, struct pfioc_nv)
/* XXX cut 8 - 17 */ /* XXX cut 8 - 17 */
#define DIOCCLRSTATESNV _IOWR('D', 18, struct pfioc_nv) #define DIOCCLRSTATESNV _IOWR('D', 18, struct pfioc_nv)
#define DIOCGETSTATE _IOWR('D', 19, struct pfioc_state) #define DIOCGETSTATE _IOWR('D', 19, struct pfioc_state)
#define DIOCGETSTATENV _IOWR('D', 19, struct pfioc_nv) #define DIOCGETSTATENV _IOWR('D', 19, struct pfioc_nv)
#define DIOCSETSTATUSIF _IOWR('D', 20, struct pfioc_if) #define DIOCSETSTATUSIF _IOWR('D', 20, struct pfioc_if)
#define DIOCGETSTATUS _IOWR('D', 21, struct pf_status)
#define DIOCGETSTATUSNV _IOWR('D', 21, struct pfioc_nv) #define DIOCGETSTATUSNV _IOWR('D', 21, struct pfioc_nv)
#define DIOCCLRSTATUS _IO ('D', 22) #define DIOCCLRSTATUS _IO ('D', 22)
#define DIOCNATLOOK _IOWR('D', 23, struct pfioc_natlook) #define DIOCNATLOOK _IOWR('D', 23, struct pfioc_natlook)

98
sys/netpfil/pf/pf_ioctl.c
View File

@ -2463,14 +2463,12 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
if (securelevel_gt(td->td_ucred, 2)) if (securelevel_gt(td->td_ucred, 2))
switch (cmd) { switch (cmd) {
case DIOCGETRULES: case DIOCGETRULES:
case DIOCGETRULE:
case DIOCGETRULENV: case DIOCGETRULENV:
case DIOCGETADDRS: case DIOCGETADDRS:
case DIOCGETADDR: case DIOCGETADDR:
case DIOCGETSTATE: case DIOCGETSTATE:
case DIOCGETSTATENV: case DIOCGETSTATENV:
case DIOCSETSTATUSIF: case DIOCSETSTATUSIF:
case DIOCGETSTATUS:
case DIOCGETSTATUSNV: case DIOCGETSTATUSNV:
case DIOCCLRSTATUS: case DIOCCLRSTATUS:
case DIOCNATLOOK: case DIOCNATLOOK:
@ -2532,7 +2530,6 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
case DIOCGETADDR: case DIOCGETADDR:
case DIOCGETSTATE: case DIOCGETSTATE:
case DIOCGETSTATENV: case DIOCGETSTATENV:
case DIOCGETSTATUS:
case DIOCGETSTATUSNV: case DIOCGETSTATUSNV:
case DIOCGETSTATES: case DIOCGETSTATES:
case DIOCGETSTATESV2: case DIOCGETSTATESV2:
@ -2579,11 +2576,6 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
break; /* dummy operation ok */ break; /* dummy operation ok */
} }
return (EACCES); return (EACCES);
case DIOCGETRULE:
if (((struct pfioc_rule *)addr)->action ==
PF_GET_CLR_CNTR)
return (EACCES);
break;
default: default:
return (EACCES); return (EACCES);
} }
@ -3228,63 +3220,6 @@ DIOCADDRULENV_error:
break; break;
} }
case DIOCGETRULE: {
struct pfioc_rule *pr = (struct pfioc_rule *)addr;
struct pf_kruleset *ruleset;
struct pf_krule *rule;
int rs_num;
pr->anchor[sizeof(pr->anchor) - 1] = 0;
PF_RULES_WLOCK();
ruleset = pf_find_kruleset(pr->anchor);
if (ruleset == NULL) {
PF_RULES_WUNLOCK();
error = EINVAL;
break;
}
rs_num = pf_get_ruleset_number(pr->rule.action);
if (rs_num >= PF_RULESET_MAX) {
PF_RULES_WUNLOCK();
error = EINVAL;
break;
}
if (pr->ticket != ruleset->rules[rs_num].active.ticket) {
PF_RULES_WUNLOCK();
error = EBUSY;
break;
}
rule = TAILQ_FIRST(ruleset->rules[rs_num].active.ptr);
while ((rule != NULL) && (rule->nr != pr->nr))
rule = TAILQ_NEXT(rule, entries);
if (rule == NULL) {
PF_RULES_WUNLOCK();
error = EBUSY;
break;
}
pf_krule_to_rule(rule, &pr->rule);
if (pf_kanchor_copyout(ruleset, rule, pr)) {
PF_RULES_WUNLOCK();
error = EBUSY;
break;
}
pf_addr_copyout(&pr->rule.src.addr);
pf_addr_copyout(&pr->rule.dst.addr);
if (pr->action == PF_GET_CLR_CNTR) {
pf_counter_u64_zero(&rule->evaluations);
for (int i = 0; i < 2; i++) {
pf_counter_u64_zero(&rule->packets[i]);
pf_counter_u64_zero(&rule->bytes[i]);
}
counter_u64_zero(rule->states_tot);
}
PF_RULES_WUNLOCK();
break;
}
case DIOCGETRULENV: { case DIOCGETRULENV: {
struct pfioc_nv *nv = (struct pfioc_nv *)addr; struct pfioc_nv *nv = (struct pfioc_nv *)addr;
nvlist_t *nvrule = NULL; nvlist_t *nvrule = NULL;
@ -3871,39 +3806,6 @@ DIOCGETSTATESV2_full:
break; break;
} }
case DIOCGETSTATUS: {
struct pf_status *s = (struct pf_status *)addr;
PF_RULES_RLOCK();
s->running = V_pf_status.running;
s->since = V_pf_status.since;
s->debug = V_pf_status.debug;
s->hostid = V_pf_status.hostid;
s->states = V_pf_status.states;
s->src_nodes = V_pf_status.src_nodes;
for (int i = 0; i < PFRES_MAX; i++)
s->counters[i] =
counter_u64_fetch(V_pf_status.counters[i]);
for (int i = 0; i < LCNT_MAX; i++)
s->lcounters[i] =
counter_u64_fetch(V_pf_status.lcounters[i]);
for (int i = 0; i < FCNT_MAX; i++)
s->fcounters[i] =
pf_counter_u64_fetch(&V_pf_status.fcounters[i]);
for (int i = 0; i < SCNT_MAX; i++)
s->scounters[i] =
counter_u64_fetch(V_pf_status.scounters[i]);
bcopy(V_pf_status.ifname, s->ifname, IFNAMSIZ);
bcopy(V_pf_status.pf_chksum, s->pf_chksum,
PF_MD5_DIGEST_LENGTH);
pfi_update_status(s->ifname, s);
PF_RULES_RUNLOCK();
break;
}
case DIOCGETSTATUSNV: { case DIOCGETSTATUSNV: {
error = pf_getstatus((struct pfioc_nv *)addr); error = pf_getstatus((struct pfioc_nv *)addr);
break; break;