diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2018-02-08 02:25:45 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2018-02-08 02:25:45 +0000 |
| commit | 4c2e2525b5c8a0fb232b86bd43d74a7d45801dd9 (patch) | |
| tree | 44b12e6835cc65a4f2263ccaf7b9dd895ea8ed48 | |
| parent | 19a83488d0a029e5c126712b77dda1abadcb28e7 (diff) | |
add DIOCGETSYNFLWATS to get current synflood detection watermarks,
ok claudio benno procter
| -rw-r--r-- | sys/net/pf_ioctl.c | 15 | ||||
| -rw-r--r-- | sys/net/pf_syncookies.c | 10 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 4 |
3 files changed, 25 insertions, 4 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 63f5c86ae45..078caeb71fa 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,8 +1,8 @@ -/* $OpenBSD: pf_ioctl.c,v 1.330 2018/02/07 06:11:43 henning Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.331 2018/02/08 02:25:44 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier - * Copyright (c) 2002 - 2013 Henning Brauer <henning@openbsd.org> + * Copyright (c) 2002 - 2018 Henning Brauer <henning@openbsd.org> * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -943,6 +943,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) case DIOCIGETIFACES: case DIOCSETIFFLAG: case DIOCCLRIFFLAG: + case DIOCGETSYNFLWATS: break; case DIOCRCLRTABLES: case DIOCRADDTABLES: @@ -978,6 +979,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) case DIOCOSFPGET: case DIOCGETSRCNODES: case DIOCIGETIFACES: + case DIOCGETSYNFLWATS: break; case DIOCRCLRTABLES: case DIOCRADDTABLES: @@ -2655,6 +2657,15 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) break; } + case DIOCGETSYNFLWATS: { + struct pfioc_synflwats *io = (struct pfioc_synflwats *)addr; + + PF_LOCK(); + error = pf_syncookies_getwats(io); + PF_UNLOCK(); + break; + } + case DIOCSETSYNCOOKIES: { u_int8_t *mode = (u_int8_t *)addr; diff --git a/sys/net/pf_syncookies.c b/sys/net/pf_syncookies.c index 2df85032dff..14becfb2b30 100644 --- a/sys/net/pf_syncookies.c +++ b/sys/net/pf_syncookies.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_syncookies.c,v 1.3 2018/02/07 05:48:47 henning Exp $ */ +/* $OpenBSD: pf_syncookies.c,v 1.4 2018/02/08 02:25:44 henning Exp $ */ /* Copyright (c) 2016,2017 Henning Brauer <henning@openbsd.org> * Copyright (c) 2016 Alexandr Nedvedicky <sashan@openbsd.org> @@ -166,6 +166,14 @@ pf_syncookies_setwats(u_int32_t hiwat, u_int32_t lowat) } int +pf_syncookies_getwats(struct pfioc_synflwats *wats) +{ + wats->hiwat = pf_syncookie_status.hiwat; + wats->lowat = pf_syncookie_status.lowat; + return (0); +} + +int pf_synflood_check(struct pf_pdesc *pd) { KASSERT (pd->proto == IPPROTO_TCP); diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index a62e7e2b860..7ec2d91da41 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.472 2018/02/07 05:48:47 henning Exp $ */ +/* $OpenBSD: pfvar.h,v 1.473 2018/02/08 02:25:44 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1650,6 +1650,7 @@ struct pfioc_synflwats { #define DIOCGETQSTATS _IOWR('D', 96, struct pfioc_qstats) #define DIOCSETSYNFLWATS _IOWR('D', 97, struct pfioc_synflwats) #define DIOCSETSYNCOOKIES _IOWR('D', 98, u_int8_t) +#define DIOCGETSYNFLWATS _IOWR('D', 99, struct pfioc_synflwats) #ifdef _KERNEL @@ -1945,6 +1946,7 @@ void pf_send_tcp(const struct pf_rule *, sa_family_t, void pf_syncookies_init(void); int pf_syncookies_setmode(u_int8_t); int pf_syncookies_setwats(u_int32_t, u_int32_t); +int pf_syncookies_getwats(struct pfioc_synflwats *); int pf_synflood_check(struct pf_pdesc *); void pf_syncookie_send(struct pf_pdesc *); u_int8_t pf_syncookie_validate(struct pf_pdesc *); |