pf: export missing state information

We did not export all of the information pfctl expected to print via the new netlink code. This manifested as pfctl printing 'rtableid: 0', even when there is no rtable set. While we're addressing that also export other missing fields such as dummynet, min_ttl, max_mss, .. Sponsored by: Rubicon Communications, LLC ("Netgate")
brooksdavis · Dec 21, 2023 · 881bf88 · 881bf88
1 parent 3300894
commit 881bf88
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 0 deletions.
diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c
@@ -1386,6 +1386,13 @@ static struct snl_attr_parser ap_state[] = {
 	{ .type = PF_ST_LOG, .off = _OUT(log), .cb = snl_attr_get_uint8 },
 	{ .type = PF_ST_STATE_FLAGS, .off = _OUT(state_flags), .cb = snl_attr_get_uint16 },
 	{ .type = PF_ST_SYNC_FLAGS, .off = _OUT(sync_flags), .cb = snl_attr_get_uint8 },
+	{ .type = PF_ST_RTABLEID, .off = _OUT(rtableid), .cb = snl_attr_get_int32 },
+	{ .type = PF_ST_MIN_TTL, .off = _OUT(min_ttl), .cb = snl_attr_get_uint8 },
+	{ .type = PF_ST_MAX_MSS, .off = _OUT(max_mss), .cb = snl_attr_get_uint16 },
+	{ .type = PF_ST_DNPIPE, .off = _OUT(dnpipe), .cb = snl_attr_get_uint16 },
+	{ .type = PF_ST_DNRPIPE, .off = _OUT(dnrpipe), .cb = snl_attr_get_uint16 },
+	{ .type = PF_ST_RT, .off = _OUT(rt), .cb = snl_attr_get_uint8 },
+	{ .type = PF_ST_RT_IFNAME, .off = _OUT(rt_ifname), .cb = snl_attr_store_ifname },
 };
 static struct snl_field_parser fp_state[] = {
 };

diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c
@@ -194,6 +194,14 @@ dump_state(struct nlpcb *nlp, const struct nlmsghdr *hdr, struct pf_kstate *s,
 	nlattr_add_u64(nw, PF_ST_PACKETS1, s->packets[1]);
 	nlattr_add_u64(nw, PF_ST_BYTES0, s->bytes[0]);
 	nlattr_add_u64(nw, PF_ST_BYTES1, s->bytes[1]);
+	nlattr_add_u32(nw, PF_ST_RTABLEID, s->act.rtableid);
+	nlattr_add_u8(nw, PF_ST_MIN_TTL, s->act.min_ttl);
+	nlattr_add_u16(nw, PF_ST_MAX_MSS, s->act.max_mss);
+	nlattr_add_u16(nw, PF_ST_DNPIPE, s->act.dnpipe);
+	nlattr_add_u16(nw, PF_ST_DNRPIPE, s->act.dnrpipe);
+	nlattr_add_u8(nw, PF_ST_RT, s->rt);
+	if (s->rt_kif != NULL)
+		nlattr_add_string(nw, PF_ST_RT_IFNAME, s->rt_kif->pfik_name);
 
 	if (!dump_state_peer(nw, PF_ST_PEER_SRC, &s->src))
 		goto enomem;

diff --git a/sys/netpfil/pf/pf_nl.h b/sys/netpfil/pf/pf_nl.h
@@ -100,6 +100,13 @@ enum pfstate_type_t {
 	PF_ST_VERSION		= 28, /* u64 */
 	PF_ST_FILTER_ADDR	= 29, /* in6_addr */
 	PF_ST_FILTER_MASK	= 30, /* in6_addr */
+	PF_ST_RTABLEID		= 31, /* i32 */
+	PF_ST_MIN_TTL		= 32, /* u8 */
+	PF_ST_MAX_MSS		= 33, /* u16 */
+	PF_ST_DNPIPE		= 34, /* u16 */
+	PF_ST_DNRPIPE		= 35, /* u16 */
+	PF_ST_RT		= 36, /* u8 */
+	PF_ST_RT_IFNAME		= 37, /* string */
 };
 
 enum pf_addr_type_t {