FreeBSD's PF has a new interface so leverage libpfctl to access it so the right inter...

diff --git a/.cirrus.yml b/.cirrus.yml
index ac1c98869763cfd55a51fed28672b7b5cf7b57a3..a0a9a1b2ebfc89a09d92546f4cde51fe5667e690 100644 (file)
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -232,10 +232,14 @@ freebsd_task:
       autotools
       bison
       flex
+      libpfctl
       pkgconf
   configure_script:
     - ./build.sh
-    - ./configure --disable-perl
+    - >
+      ./configure --disable-perl
+      CPPFLAGS='-I/usr/local/include'
+      LIBS="-L/usr/local/lib"
   build_script:
     - make -j$(nproc) -sk
   tests_script:

diff --git a/Makefile.am b/Makefile.am
index 64c719c485c600663efd37d7a24798732e7c9aef..6b0e4b4ea98ed1c30c590fca0ef09fbce1e2cb94 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -1761,6 +1761,9 @@ if BUILD_PLUGIN_PF
 pkglib_LTLIBRARIES += pf.la
 pf_la_SOURCES = src/pf.c
 pf_la_LDFLAGS = $(PLUGIN_LDFLAGS)
+if BUILD_WITH_LIBPFCTL
+pf_la_LDFLAGS += -lpfctl
+endif
 endif
 
 if BUILD_PLUGIN_PINBA

diff --git a/configure.ac b/configure.ac
index dad27f53b07cd3dc724ed916be78172e6ff809f4..86d2378b93a0e03636de6e6d64f3b62c65d629ec 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -2040,6 +2040,20 @@ if test "x$with_kvm_openfiles" = "xyes"; then
   with_libkvm="yes"
 fi
 
+AC_CHECK_HEADERS([libpfctl.h],,,
+[
+  #include <sys/queue.h>
+  #include <sys/types.h>
+  #include <netinet/in.h>
+  #include <net/if.h>
+  #include <net/pfvar.h>
+])
+AC_CHECK_LIB([pfctl], [pfctl_status_counter],
+  [with_libpfctl="yes"],
+  [with_libpfctl="no"]
+)
+AM_CONDITIONAL([BUILD_WITH_LIBPFCTL], [test "x$with_libpfctl" = "xyes"])
+
 # --with-cuda {{{
 AC_ARG_WITH([cuda],
   [AS_HELP_STRING([--with-cuda@<:@=PREFIX@:>@], [Path to cuda.])],

diff --git a/src/pf.c b/src/pf.c
index 9681d366a1631b7b29d8074ee4a774f75218ace8..eae947a49195ab59f27fd070a987dd60bdf9bb42 100644 (file)
--- a/src/pf.c
+++ b/src/pf.c
@@ -35,6 +35,9 @@
 #endif
 
 #include <net/pfvar.h>
+#if HAVE_LIBPFCTL_H
+#include <libpfctl.h>
+#endif
 
 #ifndef FCNT_NAMES
 #if FCNT_MAX != 3
@@ -76,6 +79,56 @@ static void pf_submit(char const *type, char const *type_instance, uint64_t val,
   plugin_dispatch_values(&vl);
 } /* void pf_submit */
 
+#if HAVE_LIBPFCTL_H
+static int pf_read(void) {
+  struct pfctl_status *state;
+  int fd;
+
+  fd = open(pf_device, O_RDONLY);
+  if (fd < 0) {
+    ERROR("pf plugin: Unable to open %s: %s", pf_device, STRERRNO);
+    return -1;
+  }
+
+  if ((state = pfctl_get_status(fd)) == NULL) {
+    ERROR("pf plugin: ioctl(DIOCGETSTATUS) failed: %s", STRERRNO);
+    close(fd);
+    return -1;
+  }
+
+  close(fd);
+
+  if (!state->running) {
+    pfctl_free_status(state);
+    WARNING("pf plugin: PF is not running.");
+    return -1;
+  }
+
+  for (int i = 0; i < PFRES_MAX; i++) {
+    pf_submit("pf_counters", pf_reasons[i], pfctl_status_counter(state, i),
+              /* is gauge = */ false);
+  }
+  for (int i = 0; i < LCNT_MAX; i++) {
+    pf_submit("pf_limits", pf_lcounters[i], pfctl_status_lcounter(state, i),
+              /* is gauge = */ false);
+  }
+  for (int i = 0; i < FCNT_MAX; i++) {
+    pf_submit("pf_state", pf_fcounters[i], pfctl_status_fcounter(state, i),
+              /* is gauge = */ false);
+  }
+  for (int i = 0; i < SCNT_MAX; i++) {
+    pf_submit("pf_source", pf_scounters[i], pfctl_status_scounter(state, i),
+              /* is gauge = */ false);
+  }
+
+  pf_submit("pf_states", "current", (uint32_t)state->states,
+            /* is gauge = */ true);
+
+  pfctl_free_status(state);
+
+  return 0;
+} /* int pf_read */
+#else
 static int pf_read(void) {
   struct pf_status state;
   int fd;
@@ -119,5 +172,6 @@ static int pf_read(void) {
 
   return 0;
 } /* int pf_read */
+#endif
 
 void module_register(void) { plugin_register_read("pf", pf_read); }