On 14 Apr 2017, at 8:24, Max wrote:
"pfctl -F info" command doesn't clear limit counters (shown in "pfctl
-vsi" output).
I think, should be
--- sys/netpfil/pf/pf_ioctl.c.orig 2017-04-14 09:10:25.171380000
+0300
+++ sys/netpfil/pf/pf_ioctl.c 2017-04-14 09:13:21.553650000 +0300
@@ -1835,16 +1835,18 @@
case DIOCCLRSTATUS: {
PF_RULES_WLOCK();
for (int i = 0; i < PFRES_MAX; i++)
counter_u64_zero(V_pf_status.counters[i]);
for (int i = 0; i < FCNT_MAX; i++)
counter_u64_zero(V_pf_status.fcounters[i]);
for (int i = 0; i < SCNT_MAX; i++)
counter_u64_zero(V_pf_status.scounters[i]);
+ for (int i = 0; i < LCNT_MAX; i++)
+ counter_u64_zero(V_pf_status.lcounters[i]);
V_pf_status.since = time_second;
if (*V_pf_status.ifname)
pfi_update_status(V_pf_status.ifname, NULL);
PF_RULES_WUNLOCK();
break;
}
case DIOCNATLOOK: {
This looks reasonable, but interestingly OpenBSD also don’t clear
lcounters.
I’ll dig into it a bit more in the next few days.
Regards,
Kristof
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
