diff options
| author | glebius <glebius@FreeBSD.org> | 2014-03-11 15:43:06 +0000 |
|---|---|---|
| committer | glebius <glebius@FreeBSD.org> | 2014-03-11 15:43:06 +0000 |
| commit | 71d3a4f585b759a3740834be41625b7dc0e5fb24 (patch) | |
| tree | 21738f0e36adc0d336cb80148b7c296cd41323bf /sbin/pfctl | |
| parent | cbdb898ddfc732494e2b5679eac39b0b74443173 (diff) | |
| download | FreeBSD-src-71d3a4f585b759a3740834be41625b7dc0e5fb24.zip FreeBSD-src-71d3a4f585b759a3740834be41625b7dc0e5fb24.tar.gz | |
Merge r261882, r261898, r261937, r262760, r262799:
Once pf became not covered by a single mutex, many counters in it became
race prone. Some just gather statistics, but some are later used in
different calculations.
A real problem was the race provoked underflow of the states_cur counter
on a rule. Once it goes below zero, it wraps to UINT32_MAX. Later this
value is used in pf_state_expires() and any state created by this rule
is immediately expired.
Thus, make fields states_cur, states_tot and src_nodes of struct
pf_rule be counter(9)s.
Diffstat (limited to 'sbin/pfctl')
| -rw-r--r-- | sbin/pfctl/pfctl.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index 90a2bb5..64b4a05 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -55,6 +55,7 @@ __FBSDID("$FreeBSD$"); #include <fcntl.h> #include <limits.h> #include <netdb.h> +#include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -796,17 +797,17 @@ pfctl_print_rule_counters(struct pf_rule *rule, int opts) } if (opts & PF_OPT_VERBOSE) { printf(" [ Evaluations: %-8llu Packets: %-8llu " - "Bytes: %-10llu States: %-6u]\n", + "Bytes: %-10llu States: %-6ju]\n", (unsigned long long)rule->evaluations, (unsigned long long)(rule->packets[0] + rule->packets[1]), (unsigned long long)(rule->bytes[0] + - rule->bytes[1]), rule->states_cur); + rule->bytes[1]), (uintmax_t)rule->u_states_cur); if (!(opts & PF_OPT_DEBUG)) printf(" [ Inserted: uid %u pid %u " - "State Creations: %-6u]\n", + "State Creations: %-6ju]\n", (unsigned)rule->cuid, (unsigned)rule->cpid, - rule->states_tot); + (uintmax_t)rule->u_states_tot); } } @@ -908,7 +909,7 @@ pfctl_show_rules(int dev, char *path, int opts, enum pfctl_show format, case PFCTL_SHOW_LABELS: if (pr.rule.label[0]) { printf("%s %llu %llu %llu %llu" - " %llu %llu %llu %llu\n", + " %llu %llu %llu %ju\n", pr.rule.label, (unsigned long long)pr.rule.evaluations, (unsigned long long)(pr.rule.packets[0] + @@ -919,7 +920,7 @@ pfctl_show_rules(int dev, char *path, int opts, enum pfctl_show format, (unsigned long long)pr.rule.bytes[0], (unsigned long long)pr.rule.packets[1], (unsigned long long)pr.rule.bytes[1], - (unsigned long long)pr.rule.states_tot); + (uintmax_t)pr.rule.u_states_tot); } break; case PFCTL_SHOW_RULES: |
