summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/net/pf_ioctl.c23
-rw-r--r--sys/net/pfvar.h5
2 files changed, 20 insertions, 8 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 49bb601f10f..93aa298cfc8 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_ioctl.c,v 1.106 2004/02/19 07:41:45 kjc Exp $ */
+/* $OpenBSD: pf_ioctl.c,v 1.107 2004/02/19 21:29:51 cedric Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -1265,16 +1265,25 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
case DIOCCLRSTATES: {
- struct pf_state *state;
+ struct pf_state *state;
+ struct pfioc_state_kill *psk = (struct pfioc_state_kill *)addr;
+ int killed = 0;
s = splsoftnet();
- RB_FOREACH(state, pf_state_tree_id, &tree_id)
- state->timeout = PFTM_PURGE;
+ RB_FOREACH(state, pf_state_tree_id, &tree_id) {
+ if (!psk->psk_ifname[0] || !strcmp(psk->psk_ifname,
+ state->u.s.kif->pfik_name)) {
+ state->timeout = PFTM_PURGE;
+ killed++;
+ }
+ }
pf_purge_expired_states();
pf_status.states = 0;
splx(s);
+ psk->psk_af = killed;
#if NPFSYNC
- pfsync_clear_states(pf_status.hostid);
+ if (!psk->psk_ifname[0])
+ pfsync_clear_states(pf_status.hostid);
#endif
break;
}
@@ -1304,7 +1313,9 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
(psk->psk_dst.port_op == 0 ||
pf_match_port(psk->psk_dst.port_op,
psk->psk_dst.port[0], psk->psk_dst.port[1],
- state->ext.port))) {
+ state->ext.port)) &&
+ (!psk->psk_ifname[0] || !strcmp(psk->psk_ifname,
+ state->u.s.kif->pfik_name))) {
state->timeout = PFTM_PURGE;
killed++;
}
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 492074bba88..29e000285e0 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfvar.h,v 1.184 2004/02/19 07:41:45 kjc Exp $ */
+/* $OpenBSD: pfvar.h,v 1.185 2004/02/19 21:29:51 cedric Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -1069,6 +1069,7 @@ struct pfioc_state_kill {
int psk_proto;
struct pf_rule_addr psk_src;
struct pf_rule_addr psk_dst;
+ char psk_ifname[IFNAMSIZ];
};
struct pfioc_states {
@@ -1202,7 +1203,7 @@ struct pfioc_iface {
#define DIOCGETRULES _IOWR('D', 6, struct pfioc_rule)
#define DIOCGETRULE _IOWR('D', 7, struct pfioc_rule)
/* XXX cut 8 - 17 */
-#define DIOCCLRSTATES _IO ('D', 18)
+#define DIOCCLRSTATES _IOWR('D', 18, struct pfioc_state_kill)
#define DIOCGETSTATE _IOWR('D', 19, struct pfioc_state)
#define DIOCSETSTATUSIF _IOWR('D', 20, struct pfioc_if)
#define DIOCGETSTATUS _IOWR('D', 21, struct pf_status)
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-15 14:31:20 +0000