From 70c8081dccdd8f64651c2c4680f9f0ae23323acf Mon Sep 17 00:00:00 2001 From: Reid Linnemann Date: Tue, 3 Jan 2023 17:03:11 -0700 Subject: [PATCH] devel/php-pfSense-module: Correct pfSense_pf_cp_zerocnt. Fixes #13838 There are a few errors in pfSense_pf_cp_zerocnt: * In the loop resetting eth rule counters, the wrong structure 'info' was referenced for the number of rules and for the ticket. As a result, no eth rule statistics are cleared. This is corrected. * if_rulesets was indexed by the wrong counter nr, where nrs is the counter iterating over the number of elements of if_rulesets. This is corrected. * pfctl_get_clear_rule() used enums PF_RULESET_* to nominate rulesets to be cleared. On examining how pfctl clears counters using pfctl_get_clear_rule() it appears this is incorrect, and the user interface enums for identifying rulesets for zeroing are only PF_PASS and PF_SCRUB (which are the only rulesets which have counters at this time). pfSense_pf_cp_zerocnt() is modified to clear rulesets identified by these enums. There are currently no layer three counters associated with captive portal rule anchors, so this has no effect at this time but is corrected for future use. --- devel/php-pfSense-module/Makefile | 2 +- devel/php-pfSense-module/files/pfSense.c | 9 ++++----- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/devel/php-pfSense-module/Makefile b/devel/php-pfSense-module/Makefile index be776e7f95ca..a98a7fe49299 100755 --- a/devel/php-pfSense-module/Makefile +++ b/devel/php-pfSense-module/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= pfSense -PORTVERSION= 0.89 +PORTVERSION= 0.90 CATEGORIES= devel MASTER_SITES= # DISTFILES= # diff --git a/devel/php-pfSense-module/files/pfSense.c b/devel/php-pfSense-module/files/pfSense.c index 52ecbf04c697..7c0f9c93ba10 100755 --- a/devel/php-pfSense-module/files/pfSense.c +++ b/devel/php-pfSense-module/files/pfSense.c @@ -3593,8 +3593,7 @@ PHP_FUNCTION(pfSense_pf_cp_zerocnt) { struct pfctl_eth_rule erule; char anchor_call[MAXPATHLEN]; - uint32_t if_rulesets[] = {PF_RULESET_SCRUB, PF_RULESET_FILTER, PF_RULESET_NAT,PF_RULESET_BINAT, PF_RULESET_RDR, - PF_RULESET_MAX}; + uint32_t if_rulesets[] = { PF_SCRUB, PF_PASS }; int dev = 0; @@ -3611,8 +3610,8 @@ PHP_FUNCTION(pfSense_pf_cp_zerocnt) { /* Zero eth rule counters */ if (pfctl_get_eth_rules_info(dev, &einfo, path)) goto error_out; - for (int nr = 0; nr < info.nr; nr++) { - if (pfctl_get_eth_rule(dev, nr, info.ticket, path, &erule, true, anchor_call) != 0) + for (int nr = 0; nr < einfo.nr; nr++) { + if (pfctl_get_eth_rule(dev, nr, einfo.ticket, path, &erule, true, anchor_call) != 0) goto error_out; } @@ -3621,7 +3620,7 @@ PHP_FUNCTION(pfSense_pf_cp_zerocnt) { if (pfctl_get_rules_info(dev, &info, if_rulesets[nrs], path)) goto error_out; for (int nr = 0; nr < info.nr; nr++) { - if (pfctl_get_clear_rule(dev, nr, info.ticket, path, if_rulesets[nr], &rule, anchor_call, + if (pfctl_get_clear_rule(dev, nr, info.ticket, path, if_rulesets[nrs], &rule, anchor_call, true) != 0) goto error_out; }