Re: pfctl does not clear limit couters

2017-04-14 Thread Kristof Provost 

On 14 Apr 2017, at 8:24, Max wrote:
"pfctl -F info" command doesn't clear limit counters (shown in "pfctl 
-vsi" output).


I think, should be
--- sys/netpfil/pf/pf_ioctl.c.orig  2017-04-14 09:10:25.17138 
+0300

+++ sys/netpfil/pf/pf_ioctl.c   2017-04-14 09:13:21.55365 +0300
@@ -1835,16 +1835,18 @@
case DIOCCLRSTATUS: {
PF_RULES_WLOCK();
for (int i = 0; i < PFRES_MAX; i++)
counter_u64_zero(V_pf_status.counters[i]);
for (int i = 0; i < FCNT_MAX; i++)
counter_u64_zero(V_pf_status.fcounters[i]);
for (int i = 0; i < SCNT_MAX; i++)
counter_u64_zero(V_pf_status.scounters[i]);
+   for (int i = 0; i < LCNT_MAX; i++)
+   counter_u64_zero(V_pf_status.lcounters[i]);
V_pf_status.since = time_second;
if (*V_pf_status.ifname)
pfi_update_status(V_pf_status.ifname, NULL);
PF_RULES_WUNLOCK();
break;
}

case DIOCNATLOOK: {

This looks reasonable, but interestingly OpenBSD also don’t clear 
lcounters.

I’ll dig into it a bit more in the next few days.

Regards,
Kristof
___
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"

Re: pfctl -ss -a anchorName uinterruptable wait

2017-04-14 Thread Max 
After a quick look it seems that "show states" doesn't care about 
anchors (-a option). "pfctl -vss" should print anchor reference.


Can you post a sample ruleset and FreeBSD version?


11.04.2017 12:45, Özkan KIRIK пишет:

Hello,

I'm trying to get states belongs to an anchor.
but pfctl -ss -a anchorName command waits, Ctrl+C and Ctrl+Z doesnt work.
ps ax  gives D+ state. and kill -9 doesnt work.

When pfctl is in D+ state, I run pfctl -d. pf becomes disabled but the
process has D+ state still in same state.

This is a repeatable problem. I think there is lock in kernel.

Regards
___
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"


___
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"

pfctl does not clear limit couters

2017-04-14 Thread Max 
"pfctl -F info" command doesn't clear limit counters (shown in "pfctl 
-vsi" output).


I think, should be
--- sys/netpfil/pf/pf_ioctl.c.orig  2017-04-14 09:10:25.17138 +0300
+++ sys/netpfil/pf/pf_ioctl.c   2017-04-14 09:13:21.55365 +0300
@@ -1835,16 +1835,18 @@
case DIOCCLRSTATUS: {
PF_RULES_WLOCK();
for (int i = 0; i < PFRES_MAX; i++)
counter_u64_zero(V_pf_status.counters[i]);
for (int i = 0; i < FCNT_MAX; i++)
counter_u64_zero(V_pf_status.fcounters[i]);
for (int i = 0; i < SCNT_MAX; i++)
counter_u64_zero(V_pf_status.scounters[i]);
+   for (int i = 0; i < LCNT_MAX; i++)
+   counter_u64_zero(V_pf_status.lcounters[i]);
V_pf_status.since = time_second;
if (*V_pf_status.ifname)
pfi_update_status(V_pf_status.ifname, NULL);
PF_RULES_WUNLOCK();
break;
}

case DIOCNATLOOK: {

___
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"