The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=017690e509134422dbfa80316eab56d8d3f87065
commit 017690e509134422dbfa80316eab56d8d3f87065 Author: Ishan Agrawal <[email protected]> AuthorDate: 2026-06-01 12:24:05 +0000 Commit: Kristof Provost <[email protected]> CommitDate: 2026-06-03 08:52:06 +0000 netpfil: add PF netlink command decoding support Convert PFNL_CMD values in pf_nl.h from an enum to #define constants, add a pfnl_cmd table definition for mktable, and implement the corresponding command decoding helpers in libsysdecode. This allows mktable to generate PF netlink command lookup tables and enables symbolic decoding of PF netlink commands. Reviewed by: kp Signed-off-by: Ishan Agrawal <[email protected]> Sponsored by: Google LLC (GSoC 2026) --- lib/libsysdecode/flags.c | 8 ++++ lib/libsysdecode/mktables | 1 + lib/libsysdecode/sysdecode.h | 1 + sys/netpfil/pf/pf_nl.h | 103 +++++++++++++++++++++---------------------- 4 files changed, 61 insertions(+), 52 deletions(-) diff --git a/lib/libsysdecode/flags.c b/lib/libsysdecode/flags.c index f8e26e6a9dae..8009a7a2f97e 100644 --- a/lib/libsysdecode/flags.c +++ b/lib/libsysdecode/flags.c @@ -69,6 +69,7 @@ #include <netgraph/bluetooth/include/ng_hci.h> #include <netgraph/bluetooth/include/ng_l2cap.h> #include <netgraph/bluetooth/include/ng_btsocket.h> +#include <netpfil/pf/pf_nl.h> #include "support.h" @@ -1207,3 +1208,10 @@ sysdecode_itimer(int which) return (lookup_value(itimerwhich, which)); } + +const char * +sysdecode_pfnl_cmd(int cmd) +{ + + return (lookup_value(pfnl_cmd, cmd)); +} diff --git a/lib/libsysdecode/mktables b/lib/libsysdecode/mktables index 6b4f79402660..2bfbaf529f44 100644 --- a/lib/libsysdecode/mktables +++ b/lib/libsysdecode/mktables @@ -170,6 +170,7 @@ else fi gen_table "shmflags" "SHM_[A-Z_]+[[:space:]]+0x[0-9]+" "sys/mman.h" "SHM_ANON" gen_table "itimerwhich" "ITIMER_[A-Z]+[[:space:]]+[0-9]+" "sys/time.h" +gen_table "pfnl_cmd" "PFNL_CMD_[A-Z_]+[[:space:]]+[0-9]+" "netpfil/pf/pf_nl.h" # Generate a .depend file for our output file if [ -n "$output_file" ]; then diff --git a/lib/libsysdecode/sysdecode.h b/lib/libsysdecode/sysdecode.h index dad9d447478c..4675b1e3c463 100644 --- a/lib/libsysdecode/sysdecode.h +++ b/lib/libsysdecode/sysdecode.h @@ -66,6 +66,7 @@ const char *sysdecode_ipproto(int _protocol); void sysdecode_kevent_fflags(FILE *_fp, short _filter, int _fflags, int _base); const char *sysdecode_itimer(int _which); +const char *sysdecode_pfnl_cmd(int cmd); const char *sysdecode_kevent_filter(int _filter); bool sysdecode_kevent_flags(FILE *_fp, int _flags, int *_rem); const char *sysdecode_kldsym_cmd(int _cmd); diff --git a/sys/netpfil/pf/pf_nl.h b/sys/netpfil/pf/pf_nl.h index 4d0186ea86a5..34ad5be75917 100644 --- a/sys/netpfil/pf/pf_nl.h +++ b/sys/netpfil/pf/pf_nl.h @@ -34,58 +34,57 @@ #define PFNL_FAMILY_NAME "pfctl" /* available commands */ -enum { - PFNL_CMD_UNSPEC = 0, - PFNL_CMD_GETSTATES = 1, - PFNL_CMD_GETCREATORS = 2, - PFNL_CMD_START = 3, - PFNL_CMD_STOP = 4, - PFNL_CMD_ADDRULE = 5, - PFNL_CMD_GETRULES = 6, - PFNL_CMD_GETRULE = 7, - PFNL_CMD_CLRSTATES = 8, - PFNL_CMD_KILLSTATES = 9, - PFNL_CMD_SET_STATUSIF = 10, - PFNL_CMD_GET_STATUS = 11, - PFNL_CMD_CLEAR_STATUS = 12, - PFNL_CMD_NATLOOK = 13, - PFNL_CMD_SET_DEBUG = 14, - PFNL_CMD_SET_TIMEOUT = 15, - PFNL_CMD_GET_TIMEOUT = 16, - PFNL_CMD_SET_LIMIT = 17, - PFNL_CMD_GET_LIMIT = 18, - PFNL_CMD_BEGIN_ADDRS = 19, - PFNL_CMD_ADD_ADDR = 20, - PFNL_CMD_GET_ADDRS = 21, - PFNL_CMD_GET_ADDR = 22, - PFNL_CMD_GET_RULESETS = 23, - PFNL_CMD_GET_RULESET = 24, - PFNL_CMD_GET_SRCNODES = 25, - PFNL_CMD_CLEAR_TABLES = 26, - PFNL_CMD_ADD_TABLE = 27, - PFNL_CMD_DEL_TABLE = 28, - PFNL_CMD_GET_TSTATS = 29, - PFNL_CMD_CLR_TSTATS = 30, - PFNL_CMD_CLR_ADDRS = 31, - PFNL_CMD_TABLE_ADD_ADDR = 32, - PFNL_CMD_TABLE_DEL_ADDR = 33, - PFNL_CMD_TABLE_SET_ADDR = 34, - PFNL_CMD_TABLE_GET_ADDR = 35, - PFNL_CMD_TABLE_GET_ASTATS = 36, - PFNL_CMD_TABLE_CLEAR_ASTATS = 37, - PFNL_CMD_STATE_LIMITER_ADD = 38, - PFNL_CMD_STATE_LIMITER_GET = 39, - PFNL_CMD_STATE_LIMITER_NGET = 40, - PFNL_CMD_SOURCE_LIMITER_ADD = 41, - PFNL_CMD_SOURCE_LIMITER_GET = 42, - PFNL_CMD_SOURCE_LIMITER_NGET = 43, - PFNL_CMD_SOURCE_GET = 44, - PFNL_CMD_SOURCE_NGET = 45, - PFNL_CMD_SOURCE_CLEAR = 46, - PFNL_CMD_TABLE_TEST_ADDRS = 47, - __PFNL_CMD_MAX, -}; -#define PFNL_CMD_MAX (__PFNL_CMD_MAX -1) +#define PFNL_CMD_UNSPEC 0 +#define PFNL_CMD_GETSTATES 1 +#define PFNL_CMD_GETCREATORS 2 +#define PFNL_CMD_START 3 +#define PFNL_CMD_STOP 4 +#define PFNL_CMD_ADDRULE 5 +#define PFNL_CMD_GETRULES 6 +#define PFNL_CMD_GETRULE 7 +#define PFNL_CMD_CLRSTATES 8 +#define PFNL_CMD_KILLSTATES 9 +#define PFNL_CMD_SET_STATUSIF 10 +#define PFNL_CMD_GET_STATUS 11 +#define PFNL_CMD_CLEAR_STATUS 12 +#define PFNL_CMD_NATLOOK 13 +#define PFNL_CMD_SET_DEBUG 14 +#define PFNL_CMD_SET_TIMEOUT 15 +#define PFNL_CMD_GET_TIMEOUT 16 +#define PFNL_CMD_SET_LIMIT 17 +#define PFNL_CMD_GET_LIMIT 18 +#define PFNL_CMD_BEGIN_ADDRS 19 +#define PFNL_CMD_ADD_ADDR 20 +#define PFNL_CMD_GET_ADDRS 21 +#define PFNL_CMD_GET_ADDR 22 +#define PFNL_CMD_GET_RULESETS 23 +#define PFNL_CMD_GET_RULESET 24 +#define PFNL_CMD_GET_SRCNODES 25 +#define PFNL_CMD_CLEAR_TABLES 26 +#define PFNL_CMD_ADD_TABLE 27 +#define PFNL_CMD_DEL_TABLE 28 +#define PFNL_CMD_GET_TSTATS 29 +#define PFNL_CMD_CLR_TSTATS 30 +#define PFNL_CMD_CLR_ADDRS 31 +#define PFNL_CMD_TABLE_ADD_ADDR 32 +#define PFNL_CMD_TABLE_DEL_ADDR 33 +#define PFNL_CMD_TABLE_SET_ADDR 34 +#define PFNL_CMD_TABLE_GET_ADDR 35 +#define PFNL_CMD_TABLE_GET_ASTATS 36 +#define PFNL_CMD_TABLE_CLEAR_ASTATS 37 +#define PFNL_CMD_STATE_LIMITER_ADD 38 +#define PFNL_CMD_STATE_LIMITER_GET 39 +#define PFNL_CMD_STATE_LIMITER_NGET 40 +#define PFNL_CMD_SOURCE_LIMITER_ADD 41 +#define PFNL_CMD_SOURCE_LIMITER_GET 42 +#define PFNL_CMD_SOURCE_LIMITER_NGET 43 +#define PFNL_CMD_SOURCE_GET 44 +#define PFNL_CMD_SOURCE_NGET 45 +#define PFNL_CMD_SOURCE_CLEAR 46 +#define PFNL_CMD_TABLE_TEST_ADDRS 47 + +#define __PFNL_CMD_MAX 48 +#define PFNL_CMD_MAX (__PFNL_CMD_MAX - 1) enum pfstate_key_type_t { PF_STK_UNSPEC,
