Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 31 Jul 2021 13:03:57 GMT
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: adde304e5348 - stable/13 - pf: fix ABI breakage
Message-ID:  <202107311303.16VD3vgs066659@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/13 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=adde304e53488bec9ec5ba4d589f365e9e0c4aad

commit adde304e53488bec9ec5ba4d589f365e9e0c4aad
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2021-07-28 09:24:44 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2021-07-31 08:12:20 +0000

    pf: fix ABI breakage
    
    The introduction of synproxy support changed the size of struct
    pf_status, which in turn broke the userspace ABI.
    
    Revert the relevant change. More work is needed on the synproxy code to
    keep and expose the counters, but in the mean time this restores the
    ABI.
    
    PR:             257469
    MFC after:      3 days
    Sponsored by:   Modirum MDPay
    
    (cherry picked from commit da8d8b22e69c72f1d001d55b5eff5acbb0265cfc)
---
 sys/netpfil/pf/pf.h            | 3 +--
 sys/netpfil/pf/pf_syncookies.c | 1 -
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/sys/netpfil/pf/pf.h b/sys/netpfil/pf/pf.h
index 245d68b4be45..e030f1e59de0 100644
--- a/sys/netpfil/pf/pf.h
+++ b/sys/netpfil/pf/pf.h
@@ -160,8 +160,7 @@ enum	{ PF_ADDR_ADDRMASK, PF_ADDR_NOROUTE, PF_ADDR_DYNIFTL,
 #define LCNT_SRCCONNRATE	4	/* max-src-conn-rate */
 #define LCNT_OVERLOAD_TABLE	5	/* entry added to overload table */
 #define LCNT_OVERLOAD_FLUSH	6	/* state entries flushed */
-#define LCNT_SYNCOOKIES_VALID	7	/* syncookies validated */ /* XXX TODO: Ensure no API breakage! */
-#define LCNT_MAX		8	/* total+1 */
+#define LCNT_MAX		7	/* total+1 */
 
 #define LCNT_NAMES { \
 	"max states per rule", \
diff --git a/sys/netpfil/pf/pf_syncookies.c b/sys/netpfil/pf/pf_syncookies.c
index 8699ae855ec8..744a12e4e21d 100644
--- a/sys/netpfil/pf/pf_syncookies.c
+++ b/sys/netpfil/pf/pf_syncookies.c
@@ -275,7 +275,6 @@ pf_syncookie_validate(struct pf_pdesc *pd)
 	if ((ack & ~0xff) != (hash & ~0xff))
 		return (0);
 
-	counter_u64_add(V_pf_status.lcounters[LCNT_SYNCOOKIES_VALID], 1);
 	return (1);
 }

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202107311303.16VD3vgs066659>