devel/php-pfSense-module: Correct pfSense_pf_cp_zerocnt. Fixes #13838

There are a few errors in pfSense_pf_cp_zerocnt: * In the loop resetting eth rule counters, the wrong structure 'info' was referenced for the number of rules and for the ticket. As a result, no eth rule statistics are cleared. This is corrected. * if_rulesets was indexed by the wrong counter nr, where nrs is the counter iterating over the number of elements of if_rulesets. This is corrected. * pfctl_get_clear_rule() used enums PF_RULESET_* to nominate rulesets to be cleared. On examining how pfctl clears counters using pfctl_get_clear_rule() it appears this is incorrect, and the user interface enums for identifying rulesets for zeroing are only PF_PASS and PF_SCRUB (which are the only rulesets which have counters at this time). pfSense_pf_cp_zerocnt() is modified to clear rulesets identified by these enums. There are currently no layer three counters associated with captive portal rule anchors, so this has no effect at this time but is corrected for future use.
pfsense · Jan 5, 2023 · 70c8081 · 70c8081
1 parent bcbc4bd
commit 70c8081
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 6 deletions.
diff --git a/devel/php-pfSense-module/Makefile b/devel/php-pfSense-module/Makefile
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	pfSense
-PORTVERSION=	0.89
+PORTVERSION=	0.90
 CATEGORIES=	devel
 MASTER_SITES=	#
 DISTFILES=	#

diff --git a/devel/php-pfSense-module/files/pfSense.c b/devel/php-pfSense-module/files/pfSense.c
@@ -3593,8 +3593,7 @@ PHP_FUNCTION(pfSense_pf_cp_zerocnt) {
 	struct pfctl_eth_rule erule;
 
 	char anchor_call[MAXPATHLEN];
-	uint32_t if_rulesets[] = {PF_RULESET_SCRUB, PF_RULESET_FILTER, PF_RULESET_NAT,PF_RULESET_BINAT, PF_RULESET_RDR,
-				  PF_RULESET_MAX};
+	uint32_t if_rulesets[] = { PF_SCRUB, PF_PASS };
 
 	int dev = 0;
 
@@ -3611,8 +3610,8 @@ PHP_FUNCTION(pfSense_pf_cp_zerocnt) {
 	/* Zero eth rule counters */
 	if (pfctl_get_eth_rules_info(dev, &einfo, path))
 		goto error_out;
-	for (int nr = 0; nr < info.nr; nr++) {
-		if (pfctl_get_eth_rule(dev, nr, info.ticket, path, &erule, true, anchor_call) != 0)
+	for (int nr = 0; nr < einfo.nr; nr++) {
+		if (pfctl_get_eth_rule(dev, nr, einfo.ticket, path, &erule, true, anchor_call) != 0)
 			goto error_out;
 	}
 
@@ -3621,7 +3620,7 @@ PHP_FUNCTION(pfSense_pf_cp_zerocnt) {
 		if (pfctl_get_rules_info(dev, &info, if_rulesets[nrs], path))
 			goto error_out;
 		for (int nr = 0; nr < info.nr; nr++) {
-			if (pfctl_get_clear_rule(dev, nr, info.ticket, path, if_rulesets[nr], &rule, anchor_call,
+			if (pfctl_get_clear_rule(dev, nr, info.ticket, path, if_rulesets[nrs], &rule, anchor_call,
 			    true) != 0)
 				goto error_out;
 		}