diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2021-05-26 11:41:34 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2021-07-20 08:36:14 +0000 |
| commit | c69121c473d75abab55f9ade8e8138ac09c0942c (patch) | |
| tree | 791365b0e4a13a1451e62b343761ed8c51512692 /lib/libpfctl | |
| parent | 231e83d3422ff58fe94de8375a9532a1726056ed (diff) | |
Diffstat (limited to 'lib/libpfctl')
| -rw-r--r-- | lib/libpfctl/libpfctl.c | 57 | ||||
| -rw-r--r-- | lib/libpfctl/libpfctl.h | 11 |
2 files changed, 68 insertions, 0 deletions
diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index 6421a2c752a8..ced130820d7d 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -816,3 +816,60 @@ pfctl_kill_states(int dev, const struct pfctl_kill *kill, unsigned int *killed) { return (_pfctl_clear_states(dev, kill, killed, DIOCKILLSTATESNV)); } + +int +pfctl_set_syncookies(int dev, const struct pfctl_syncookies *s) +{ + struct pfioc_nv nv; + nvlist_t *nvl; + int ret; + + nvl = nvlist_create(0); + + nvlist_add_bool(nvl, "enabled", s->mode != PFCTL_SYNCOOKIES_NEVER); + nvlist_add_bool(nvl, "adaptive", false); /* XXX TODO */ + + nv.data = nvlist_pack(nvl, &nv.len); + nv.size = nv.len; + nvlist_destroy(nvl); + nvl = NULL; + + ret = ioctl(dev, DIOCSETSYNCOOKIES, &nv); + + free(nv.data); + return (ret); +} + +int +pfctl_get_syncookies(int dev, struct pfctl_syncookies *s) +{ + struct pfioc_nv nv; + nvlist_t *nvl; + bool enabled, adaptive; + + bzero(s, sizeof(*s)); + + nv.data = malloc(128); + nv.len = nv.size = 128; + + if (ioctl(dev, DIOCGETSYNCOOKIES, &nv)) { + free(nv.data); + return (errno); + } + + nvl = nvlist_unpack(nv.data, nv.len, 0); + free(nv.data); + if (nvl == NULL) { + free(nv.data); + return (EIO); + } + + enabled = nvlist_get_bool(nvl, "enabled"); + adaptive = nvlist_get_bool(nvl, "adaptive"); + + s->mode = enabled ? PFCTL_SYNCOOKIES_ALWAYS : PFCTL_SYNCOOKIES_NEVER; + + nvlist_destroy(nvl); + + return (0); +} diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h index 62866e17f904..d57241dd59fd 100644 --- a/lib/libpfctl/libpfctl.h +++ b/lib/libpfctl/libpfctl.h @@ -244,6 +244,15 @@ struct pfctl_states { size_t count; }; +enum pfctl_syncookies_mode { + PFCTL_SYNCOOKIES_NEVER, + PFCTL_SYNCOOKIES_ALWAYS +}; + +struct pfctl_syncookies { + enum pfctl_syncookies_mode mode; +}; + int pfctl_get_rule(int dev, u_int32_t nr, u_int32_t ticket, const char *anchor, u_int32_t ruleset, struct pfctl_rule *rule, char *anchor_call); @@ -260,5 +269,7 @@ int pfctl_clear_states(int dev, const struct pfctl_kill *kill, unsigned int *killed); int pfctl_kill_states(int dev, const struct pfctl_kill *kill, unsigned int *killed); +int pfctl_set_syncookies(int dev, const struct pfctl_syncookies *s); +int pfctl_get_syncookies(int dev, struct pfctl_syncookies *s); #endif |