Page MenuHomeFreeBSD
Files F156844704

D30245.id.diff
No OneTemporary
Actions

D30245.id.diff
View Options

diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h
--- a/lib/libpfctl/libpfctl.h
+++ b/lib/libpfctl/libpfctl.h
@@ -237,6 +237,7 @@
struct pf_addr rt_addr;
struct pfctl_state_key key[2]; /* addresses stack and wire */
char ifname[IFNAMSIZ];
+ char orig_ifname[IFNAMSIZ];
uint64_t packets[2];
uint64_t bytes[2];
uint32_t creation;
diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c
--- a/lib/libpfctl/libpfctl.c
+++ b/lib/libpfctl/libpfctl.c
@@ -699,6 +699,8 @@
strlcpy(s->ifname, nvlist_get_string(nvl, "ifname"),
sizeof(s->ifname));
+ strlcpy(s->orig_ifname, nvlist_get_string(nvl, "orig_ifname"),
+ sizeof(s->orig_ifname));
pf_nvaddr_to_addr(nvlist_get_nvlist(nvl, "rt_addr"), &s->rt_addr);
s->rule = nvlist_get_number(nvl, "rule");
diff --git a/sbin/pfctl/pf_print_state.c b/sbin/pfctl/pf_print_state.c
--- a/sbin/pfctl/pf_print_state.c
+++ b/sbin/pfctl/pf_print_state.c
@@ -352,9 +352,12 @@
bcopy(&s->id, &id, sizeof(u_int64_t));
printf(" id: %016jx creatorid: %08x", id, s->creatorid);
- printf(" gateway: ");
+ printf(" gateway: ");
print_host(&s->rt_addr, 0, af, opts);
printf("\n");
+
+ if (strcmp(s->ifname, s->orig_ifname) != 0)
+ printf(" origif: %s\n", s->orig_ifname);
}
}
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -522,6 +522,7 @@
struct pf_addr rt_addr;
struct pf_state_key *key[2]; /* addresses stack and wire */
struct pfi_kkif *kif;
+ struct pfi_kkif *orig_kif; /* The real kif, even if we're a floating state (i.e. if == V_pfi_all). */
struct pfi_kkif *rt_kif;
struct pf_ksrc_node *src_node;
struct pf_ksrc_node *nat_src_node;
@@ -1475,6 +1476,7 @@
#define PF_ENTER_LOCKED 0x00000001
#define PF_RETURN_LOCKED 0x00000002
extern int pf_state_insert(struct pfi_kkif *,
+ struct pfi_kkif *,
struct pf_state_key *,
struct pf_state_key *,
struct pf_state *);
diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c
--- a/sys/netpfil/pf/if_pfsync.c
+++ b/sys/netpfil/pf/if_pfsync.c
@@ -593,7 +593,7 @@
if (!(flags & PFSYNC_SI_IOCTL))
st->state_flags |= PFSTATE_NOSYNC;
- if ((error = pf_state_insert(kif, skw, sks, st)) != 0)
+ if ((error = pf_state_insert(kif, kif, skw, sks, st)) != 0)
goto cleanup_state;
/* XXX when we have nat_rule/anchors, use STATE_INC_COUNTERS */
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -1263,8 +1263,8 @@
}
int
-pf_state_insert(struct pfi_kkif *kif, struct pf_state_key *skw,
- struct pf_state_key *sks, struct pf_state *s)
+pf_state_insert(struct pfi_kkif *kif, struct pfi_kkif *orig_kif,
+ struct pf_state_key *skw, struct pf_state_key *sks, struct pf_state *s)
{
struct pf_idhash *ih;
struct pf_state *cur;
@@ -1277,6 +1277,7 @@
KASSERT(s->refs == 0, ("%s: state not pristine", __func__));
s->kif = kif;
+ s->orig_kif = orig_kif;
if (s->id == 0 && s->creatorid == 0) {
/* XXX: should be atomic, but probability of collision low */
@@ -3877,7 +3878,7 @@
__func__, nr, sk, nk));
/* Swap sk/nk for PF_OUT. */
- if (pf_state_insert(BOUND_IFACE(r, kif),
+ if (pf_state_insert(BOUND_IFACE(r, kif), kif,
(pd->dir == PF_IN) ? sk : nk,
(pd->dir == PF_IN) ? nk : sk, s)) {
if (pd->proto == IPPROTO_TCP)
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -2562,6 +2562,7 @@
nvlist_add_number(nvl, "id", s->id);
nvlist_add_string(nvl, "ifname", s->kif->pfik_name);
+ nvlist_add_string(nvl, "orig_ifname", s->orig_kif->pfik_name);
tmp = pf_state_key_to_nvstate_key(s->key[PF_SK_STACK]);
if (tmp == NULL)

File Metadata

Mime Type
text/plain
Expires
Sun, May 17, 8:55 PM (1 h, 2 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
33209148
Default Alt Text
D30245.id.diff (3 KB)

Event Timeline