V_pf_status
counter_u64_add(V_pf_status.counters[x], 1); \
if (V_pf_status.debug >= (n)) \
if (!bcmp(&ph->pfcksum, &V_pf_status.pf_chksum, PF_MD5_DIGEST_LENGTH))
if (!sc || !sc->sc_sync_if || !V_pf_status.running ||
if (!bcmp(&ph->pfcksum, &V_pf_status.pf_chksum, PF_MD5_DIGEST_LENGTH))
if (V_pf_status.debug >= PF_DEBUG_MISC)
if (V_pf_status.debug >= PF_DEBUG_MISC) {
if (V_pf_status.debug >= PF_DEBUG_MISC) {
if (V_pf_status.debug >= PF_DEBUG_MISC)
if (V_pf_status.debug >= PF_DEBUG_MISC)
if (V_pf_status.debug >= PF_DEBUG_MISC)
if (V_pf_status.debug >= PF_DEBUG_MISC)
bcopy(V_pf_status.pf_chksum, ph->pfcksum, PF_MD5_DIGEST_LENGTH);
if (V_pf_status.debug >= PF_DEBUG_MISC)
r.bus.creatorid = V_pf_status.hostid;
if (V_pf_status.debug >= PF_DEBUG_MISC)
if (V_pf_status.debug >= PF_DEBUG_MISC)
if (V_pf_status.debug >= PF_DEBUG_MISC)
if (V_pf_status.debug >= PF_DEBUG_MISC)
if (V_pf_status.debug >= PF_DEBUG_MISC)
if (!sc || !sc->sc_sync_if || !V_pf_status.running ||
if (s->creatorid == V_pf_status.hostid &&
atomic_add_32(&V_pf_status.states_halfopen, -1);
if (!V_pf_status.running)
counter_u64_add(V_pf_status.lcounters[LCNT_SRCCONN], 1);
counter_u64_add(V_pf_status.lcounters[LCNT_SRCCONNRATE], 1);
counter_u64_add(V_pf_status.lcounters[LCNT_OVERLOAD_TABLE], 1);
if (V_pf_status.debug >= PF_DEBUG_MISC) {
if (!V_pf_status.running)
V_pf_status.lcounters[LCNT_OVERLOAD_FLUSH], 1);
if (V_pf_status.debug >= PF_DEBUG_MISC)
counter_u64_add(V_pf_status.scounters[SCNT_SRC_NODE_SEARCH], 1);
counter_u64_add(V_pf_status.scounters[SCNT_SRC_NODE_SEARCH], 1);
counter_u64_add(V_pf_status.lcounters[LCNT_SRCNODES], 1);
counter_u64_add(V_pf_status.scounters[SCNT_SRC_NODE_INSERT], 1);
counter_u64_add(V_pf_status.lcounters[LCNT_SRCSTATES],
counter_u64_add(V_pf_status.scounters[SCNT_SRC_NODE_REMOVALS], count);
if (V_pf_status.debug >= PF_DEBUG_MISC) {
s->creatorid = V_pf_status.hostid;
if (V_pf_status.debug >= PF_DEBUG_MISC) {
pf_counter_u64_add(&V_pf_status.fcounters[FCNT_STATE_INSERT], 1);
pf_counter_u64_add(&V_pf_status.fcounters[FCNT_STATE_SEARCH], 1);
pf_counter_u64_add(&V_pf_status.fcounters[FCNT_STATE_SEARCH], 1);
pf_counter_u64_add(&V_pf_status.fcounters[FCNT_STATE_SEARCH], 1);
pf_counter_u64_periodic(&V_pf_status.fcounters[i]);
states = V_pf_status.states;
V_pf_status.src_nodes = uma_zone_get_cur(V_pf_sources_z);
pf_counter_u64_add(&V_pf_status.fcounters[FCNT_STATE_REMOVALS], 1);
V_pf_status.states = uma_zone_get_cur(V_pf_state_z);
V_pf_status.states -=
V_pf_status.states = uma_zone_get_cur(V_pf_state_z);
V_pf_status.states = uma_zone_get_cur(V_pf_state_z);
counter_u64_add(V_pf_status.counters[PFRES_MEMORY], 1);
counter_u64_add(V_pf_status.counters[PFRES_MEMORY], 1);
counter_u64_add(V_pf_status.counters[PFRES_MEMORY], 1);
counter_u64_add(V_pf_status.counters[PFRES_MEMORY], 1);
counter_u64_add(V_pf_status.lcounters[LCNT_STATES], 1);
atomic_add_32(&V_pf_status.states_halfopen, 1);
V_pf_status.scounters[SCNT_SRC_NODE_REMOVALS], 1);
if (V_pf_status.debug >= PF_DEBUG_MISC) {
} else if (V_pf_status.debug >= PF_DEBUG_MISC) {
if (V_pf_status.debug >= PF_DEBUG_MISC) {
if (V_pf_status.debug >= PF_DEBUG_MISC) {
if (V_pf_status.debug >= PF_DEBUG_MISC) {
if (V_pf_status.debug >= PF_DEBUG_MISC) {
if (V_pf_status.debug >= PF_DEBUG_MISC) {
if (V_pf_status.keep_counters && old_tree != NULL) {
memcpy(V_pf_status.pf_chksum, digest, sizeof(V_pf_status.pf_chksum));
bzero(&V_pf_status, sizeof(V_pf_status));
if (V_pf_status.running)
V_pf_status.running = 1;
V_pf_status.since = time_uptime;
if (!V_pf_status.running)
V_pf_status.running = 0;
V_pf_status.since = time_uptime;
counter_u64_zero(V_pf_status.counters[i]);
pf_counter_u64_zero(&V_pf_status.fcounters[i]);
counter_u64_zero(V_pf_status.scounters[i]);
counter_u64_zero(V_pf_status.ncounters[i]);
counter_u64_zero(V_pf_status.lcounters[i]);
V_pf_status.since = time_uptime;
if (*V_pf_status.ifname)
pfi_update_status(V_pf_status.ifname, NULL);
V_pf_status.debug = PF_DEBUG_URGENT;
V_pf_status.reass = 0;
V_pf_status.hostid = arc4random();
V_pf_status.counters[i] = counter_u64_alloc(M_WAITOK);
V_pf_status.lcounters[i] = counter_u64_alloc(M_WAITOK);
pf_counter_u64_init(&V_pf_status.fcounters[i], M_WAITOK);
V_pf_status.scounters[i] = counter_u64_alloc(M_WAITOK);
V_pf_status.ncounters[i] = counter_u64_alloc(M_WAITOK);
bzero(V_pf_status.ifname, IFNAMSIZ);
error = pf_user_strcpy(V_pf_status.ifname, pi->ifname, IFNAMSIZ);
V_pf_status.debug = *level;
V_pf_status.hostid = arc4random();
V_pf_status.hostid = *hostid;
V_pf_status.reass = *reass & (PF_REASS_ENABLED|PF_REASS_NODF);
if (!(V_pf_status.reass & PF_REASS_ENABLED))
V_pf_status.reass = 0;
since = time_second - (time_uptime - V_pf_status.since);
nvlist_add_bool(nvl, "running", V_pf_status.running);
nvlist_add_number(nvl, "debug", V_pf_status.debug);
nvlist_add_number(nvl, "hostid", V_pf_status.hostid);
nvlist_add_number(nvl, "states", V_pf_status.states);
nvlist_add_number(nvl, "src_nodes", V_pf_status.src_nodes);
nvlist_add_number(nvl, "reass", V_pf_status.reass);
V_pf_status.syncookies_active);
nvlist_add_number(nvl, "halfopen_states", V_pf_status.states_halfopen);
error = pf_add_status_counters(nvl, "counters", V_pf_status.counters,
error = pf_add_status_counters(nvl, "lcounters", V_pf_status.lcounters,
pf_counter_u64_fetch(&V_pf_status.fcounters[i]));
error = pf_add_status_counters(nvl, "scounters", V_pf_status.scounters,
nvlist_add_string(nvl, "ifname", V_pf_status.ifname);
nvlist_add_binary(nvl, "chksum", V_pf_status.pf_chksum,
pfi_update_status(V_pf_status.ifname, &s);
V_pf_status.keep_counters = nvlist_get_bool(nvl, "keep_counters");
V_pfsync_clear_states_ptr(V_pf_status.hostid, kill->psk_ifname);
kill->psk_pfcmp.creatorid = V_pf_status.hostid;
V_pf_status.running = 0;
counter_u64_free(V_pf_status.counters[i]);
counter_u64_free(V_pf_status.lcounters[i]);
pf_counter_u64_deinit(&V_pf_status.fcounters[i]);
counter_u64_free(V_pf_status.scounters[i]);
counter_u64_free(V_pf_status.ncounters[i]);
if (V_pf_status.debug >= PF_DEBUG_NOISY) {
if (V_pf_status.debug >= PF_DEBUG_MISC)
if (V_pf_status.debug >= PF_DEBUG_NOISY &&
if (V_pf_status.debug >= PF_DEBUG_MISC) {
if (V_pf_status.debug >= PF_DEBUG_MISC) {
if (V_pf_status.debug >= PF_DEBUG_NOISY) {
counter_u64_add(V_pf_status.scounters[SCNT_SRC_NODE_REMOVALS], 1);
strlcpy(V_pf_status.ifname, attrs.ifname, IFNAMSIZ);
since = time_second - (time_uptime - V_pf_status.since);
nlattr_add_string(nw, PF_GS_IFNAME, V_pf_status.ifname);
nlattr_add_bool(nw, PF_GS_RUNNING, V_pf_status.running);
nlattr_add_u32(nw, PF_GS_DEBUG, V_pf_status.debug);
nlattr_add_u32(nw, PF_GS_HOSTID, ntohl(V_pf_status.hostid));
nlattr_add_u32(nw, PF_GS_STATES, V_pf_status.states);
nlattr_add_u32(nw, PF_GS_SRC_NODES, V_pf_status.src_nodes);
nlattr_add_u32(nw, PF_GS_REASSEMBLE, V_pf_status.reass);
nlattr_add_u32(nw, PF_GS_SYNCOOKIES_ACTIVE, V_pf_status.syncookies_active);
V_pf_status.counters);
V_pf_status.lcounters);
V_pf_status.fcounters);
V_pf_status.scounters);
V_pf_status.ncounters);
pfi_update_status(V_pf_status.ifname, &s);
nlattr_add(nw, PF_GS_CHKSUM, PF_MD5_DIGEST_LENGTH, V_pf_status.pf_chksum);
V_pf_status.debug = attrs.level;
if (((!scrub_compat && V_pf_status.reass & PF_REASS_NODF) ||
if ((!scrub_compat && V_pf_status.reass) ||
if (V_pf_status.debug >= PF_DEBUG_MISC) {
if (V_pf_status.debug >= PF_DEBUG_MISC) {
if (V_pf_status.debug >= PF_DEBUG_MISC) {
if (V_pf_status.debug >= PF_DEBUG_MISC) {
if (V_pf_status.debug >= PF_DEBUG_MISC) {
if (V_pf_status.debug >= PF_DEBUG_MISC && dst->scrub &&
counter_u64_add(V_pf_status.ncounters[NCNT_FRAG_REMOVALS], 1);
counter_u64_add(V_pf_status.ncounters[NCNT_FRAG_SEARCH], 1);
counter_u64_add(V_pf_status.ncounters[NCNT_FRAG_INSERT], 1);
counter_u64_add(V_pf_status.ncounters[NCNT_FRAG_REMOVALS], 1);
counter_u64_add(V_pf_status.ncounters[NCNT_FRAG_REMOVALS], 1);
counter_u64_add(V_pf_status.ncounters[NCNT_FRAG_REMOVALS], 1);
V_pf_status.syncookies_mode != PF_SYNCOOKIES_NEVER);
V_pf_status.syncookies_mode == PF_SYNCOOKIES_ADAPTIVE);
atomic_load_32(&V_pf_status.states_halfopen));
if (V_pf_status.syncookies_mode == mode)
V_pf_status.syncookies_mode = mode;
if (V_pf_status.syncookies_mode == PF_SYNCOOKIES_ALWAYS) {
V_pf_status.syncookies_active = true;
if (V_pf_status.syncookies_mode != PF_SYNCOOKIES_ADAPTIVE)
return (V_pf_status.syncookies_mode);
if (!V_pf_status.syncookies_active &&
atomic_load_32(&V_pf_status.states_halfopen) >
V_pf_status.syncookies_active = true;
return (V_pf_status.syncookies_active);
counter_u64_add(V_pf_status.lcounters[KLCNT_SYNCOOKIES_SENT], 1);
atomic_add_64(&V_pf_status.syncookies_inflight[V_pf_syncookie_status.oddeven],
if (atomic_load_64(&V_pf_status.syncookies_inflight[cookie.flags.oddeven])
counter_u64_add(V_pf_status.lcounters[KLCNT_SYNCOOKIES_VALID], 1);
atomic_add_64(&V_pf_status.syncookies_inflight[cookie.flags.oddeven], -1);
if (V_pf_status.syncookies_active &&
((V_pf_status.syncookies_mode == PF_SYNCOOKIES_ADAPTIVE &&
(atomic_load_32(&V_pf_status.states_halfopen) +
atomic_load_64(&V_pf_status.syncookies_inflight[0]) +
atomic_load_64(&V_pf_status.syncookies_inflight[1])) <
V_pf_status.syncookies_mode == PF_SYNCOOKIES_NEVER)
V_pf_status.syncookies_active = false;
if (!V_pf_status.syncookies_active &&
atomic_load_64(&V_pf_status.syncookies_inflight[0]) == 0 &&
atomic_load_64(&V_pf_status.syncookies_inflight[1]) == 0) {
atomic_store_64(&V_pf_status.syncookies_inflight[V_pf_syncookie_status.oddeven], 0);