Changeset View
Changeset View
Standalone View
Standalone View
sbin/pfctl/pf_print_state.c
| Show First 20 Lines • Show All 190 Lines • ▼ Show 20 Lines | if (port) { | ||||
| if (af == AF_INET) | if (af == AF_INET) | ||||
| printf(":%u", ntohs(port)); | printf(":%u", ntohs(port)); | ||||
| else | else | ||||
| printf("[%u]", ntohs(port)); | printf("[%u]", ntohs(port)); | ||||
| } | } | ||||
| } | } | ||||
| void | void | ||||
| print_seq(struct pfsync_state_peer *p) | print_seq(struct pfctl_state_peer *p) | ||||
| { | { | ||||
| if (p->seqdiff) | if (p->seqdiff) | ||||
| printf("[%u + %u](+%u)", ntohl(p->seqlo), | printf("[%u + %u](+%u)", p->seqlo, | ||||
| ntohl(p->seqhi) - ntohl(p->seqlo), ntohl(p->seqdiff)); | p->seqhi - p->seqlo, p->seqdiff); | ||||
| else | else | ||||
| printf("[%u + %u]", ntohl(p->seqlo), | printf("[%u + %u]", p->seqlo, | ||||
| ntohl(p->seqhi) - ntohl(p->seqlo)); | p->seqhi - p->seqlo); | ||||
| } | } | ||||
| void | void | ||||
| print_state(struct pfsync_state *s, int opts) | print_state(struct pfctl_state *s, int opts) | ||||
| { | { | ||||
| struct pfsync_state_peer *src, *dst; | struct pfctl_state_peer *src, *dst; | ||||
| struct pfsync_state_key *key, *sk, *nk; | struct pfctl_state_key *key, *sk, *nk; | ||||
| struct protoent *p; | struct protoent *p; | ||||
| int min, sec; | int min, sec; | ||||
| sa_family_t af; | |||||
| uint8_t proto; | |||||
| #ifndef __NO_STRICT_ALIGNMENT | #ifndef __NO_STRICT_ALIGNMENT | ||||
| struct pfsync_state_key aligned_key[2]; | struct pfctl_state_key aligned_key[2]; | ||||
| bcopy(&s->key, aligned_key, sizeof(aligned_key)); | bcopy(&s->key, aligned_key, sizeof(aligned_key)); | ||||
| key = aligned_key; | key = aligned_key; | ||||
| #else | #else | ||||
| key = s->key; | key = s->key; | ||||
| #endif | #endif | ||||
| af = s->key[PF_SK_WIRE].af; | |||||
| proto = s->key[PF_SK_WIRE].proto; | |||||
| if (s->direction == PF_OUT) { | if (s->direction == PF_OUT) { | ||||
| src = &s->src; | src = &s->src; | ||||
| dst = &s->dst; | dst = &s->dst; | ||||
| sk = &key[PF_SK_STACK]; | sk = &key[PF_SK_STACK]; | ||||
| nk = &key[PF_SK_WIRE]; | nk = &key[PF_SK_WIRE]; | ||||
| if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6) | if (proto == IPPROTO_ICMP || proto == IPPROTO_ICMPV6) | ||||
| sk->port[0] = nk->port[0]; | sk->port[0] = nk->port[0]; | ||||
| } else { | } else { | ||||
| src = &s->dst; | src = &s->dst; | ||||
| dst = &s->src; | dst = &s->src; | ||||
| sk = &key[PF_SK_WIRE]; | sk = &key[PF_SK_WIRE]; | ||||
| nk = &key[PF_SK_STACK]; | nk = &key[PF_SK_STACK]; | ||||
| if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6) | if (proto == IPPROTO_ICMP || proto == IPPROTO_ICMPV6) | ||||
| sk->port[1] = nk->port[1]; | sk->port[1] = nk->port[1]; | ||||
| } | } | ||||
| printf("%s ", s->ifname); | printf("%s ", s->ifname); | ||||
| if ((p = getprotobynumber(s->proto)) != NULL) | if ((p = getprotobynumber(proto)) != NULL) | ||||
| printf("%s ", p->p_name); | printf("%s ", p->p_name); | ||||
| else | else | ||||
| printf("%u ", s->proto); | printf("%u ", proto); | ||||
| print_host(&nk->addr[1], nk->port[1], s->af, opts); | print_host(&nk->addr[1], nk->port[1], af, opts); | ||||
| if (PF_ANEQ(&nk->addr[1], &sk->addr[1], s->af) || | if (PF_ANEQ(&nk->addr[1], &sk->addr[1], af) || | ||||
| nk->port[1] != sk->port[1]) { | nk->port[1] != sk->port[1]) { | ||||
| printf(" ("); | printf(" ("); | ||||
| print_host(&sk->addr[1], sk->port[1], s->af, opts); | print_host(&sk->addr[1], sk->port[1], af, opts); | ||||
| printf(")"); | printf(")"); | ||||
| } | } | ||||
| if (s->direction == PF_OUT) | if (s->direction == PF_OUT) | ||||
| printf(" -> "); | printf(" -> "); | ||||
| else | else | ||||
| printf(" <- "); | printf(" <- "); | ||||
| print_host(&nk->addr[0], nk->port[0], s->af, opts); | print_host(&nk->addr[0], nk->port[0], af, opts); | ||||
| if (PF_ANEQ(&nk->addr[0], &sk->addr[0], s->af) || | if (PF_ANEQ(&nk->addr[0], &sk->addr[0], af) || | ||||
| nk->port[0] != sk->port[0]) { | nk->port[0] != sk->port[0]) { | ||||
| printf(" ("); | printf(" ("); | ||||
| print_host(&sk->addr[0], sk->port[0], s->af, opts); | print_host(&sk->addr[0], sk->port[0], af, opts); | ||||
| printf(")"); | printf(")"); | ||||
| } | } | ||||
| printf(" "); | printf(" "); | ||||
| if (s->proto == IPPROTO_TCP) { | if (proto == IPPROTO_TCP) { | ||||
| if (src->state <= TCPS_TIME_WAIT && | if (src->state <= TCPS_TIME_WAIT && | ||||
| dst->state <= TCPS_TIME_WAIT) | dst->state <= TCPS_TIME_WAIT) | ||||
| printf(" %s:%s\n", tcpstates[src->state], | printf(" %s:%s\n", tcpstates[src->state], | ||||
| tcpstates[dst->state]); | tcpstates[dst->state]); | ||||
| else if (src->state == PF_TCPS_PROXY_SRC || | else if (src->state == PF_TCPS_PROXY_SRC || | ||||
| dst->state == PF_TCPS_PROXY_SRC) | dst->state == PF_TCPS_PROXY_SRC) | ||||
| printf(" PROXY:SRC\n"); | printf(" PROXY:SRC\n"); | ||||
| else if (src->state == PF_TCPS_PROXY_DST || | else if (src->state == PF_TCPS_PROXY_DST || | ||||
| Show All 10 Lines | if (opts & PF_OPT_VERBOSE) { | ||||
| src->wscale & PF_WSCALE_MASK); | src->wscale & PF_WSCALE_MASK); | ||||
| printf(" "); | printf(" "); | ||||
| print_seq(dst); | print_seq(dst); | ||||
| if (src->wscale && dst->wscale) | if (src->wscale && dst->wscale) | ||||
| printf(" wscale %u", | printf(" wscale %u", | ||||
| dst->wscale & PF_WSCALE_MASK); | dst->wscale & PF_WSCALE_MASK); | ||||
| printf("\n"); | printf("\n"); | ||||
| } | } | ||||
| } else if (s->proto == IPPROTO_UDP && src->state < PFUDPS_NSTATES && | } else if (proto == IPPROTO_UDP && src->state < PFUDPS_NSTATES && | ||||
| dst->state < PFUDPS_NSTATES) { | dst->state < PFUDPS_NSTATES) { | ||||
| const char *states[] = PFUDPS_NAMES; | const char *states[] = PFUDPS_NAMES; | ||||
| printf(" %s:%s\n", states[src->state], states[dst->state]); | printf(" %s:%s\n", states[src->state], states[dst->state]); | ||||
| #ifndef INET6 | #ifndef INET6 | ||||
| } else if (s->proto != IPPROTO_ICMP && src->state < PFOTHERS_NSTATES && | } else if (proto != IPPROTO_ICMP && src->state < PFOTHERS_NSTATES && | ||||
| dst->state < PFOTHERS_NSTATES) { | dst->state < PFOTHERS_NSTATES) { | ||||
| #else | #else | ||||
| } else if (s->proto != IPPROTO_ICMP && s->proto != IPPROTO_ICMPV6 && | } else if (proto != IPPROTO_ICMP && proto != IPPROTO_ICMPV6 && | ||||
| src->state < PFOTHERS_NSTATES && dst->state < PFOTHERS_NSTATES) { | src->state < PFOTHERS_NSTATES && dst->state < PFOTHERS_NSTATES) { | ||||
| #endif | #endif | ||||
| /* XXX ICMP doesn't really have state levels */ | /* XXX ICMP doesn't really have state levels */ | ||||
| const char *states[] = PFOTHERS_NAMES; | const char *states[] = PFOTHERS_NAMES; | ||||
| printf(" %s:%s\n", states[src->state], states[dst->state]); | printf(" %s:%s\n", states[src->state], states[dst->state]); | ||||
| } else { | } else { | ||||
| printf(" %u:%u\n", src->state, dst->state); | printf(" %u:%u\n", src->state, dst->state); | ||||
| } | } | ||||
| if (opts & PF_OPT_VERBOSE) { | if (opts & PF_OPT_VERBOSE) { | ||||
| u_int64_t packets[2]; | u_int32_t creation = s->creation; | ||||
| u_int64_t bytes[2]; | u_int32_t expire = s->expire; | ||||
| u_int32_t creation = ntohl(s->creation); | |||||
| u_int32_t expire = ntohl(s->expire); | |||||
| sec = creation % 60; | sec = creation % 60; | ||||
| creation /= 60; | creation /= 60; | ||||
| min = creation % 60; | min = creation % 60; | ||||
| creation /= 60; | creation /= 60; | ||||
| printf(" age %.2u:%.2u:%.2u", creation, min, sec); | printf(" age %.2u:%.2u:%.2u", creation, min, sec); | ||||
| sec = expire % 60; | sec = expire % 60; | ||||
| expire /= 60; | expire /= 60; | ||||
| min = expire % 60; | min = expire % 60; | ||||
| expire /= 60; | expire /= 60; | ||||
| printf(", expires in %.2u:%.2u:%.2u", expire, min, sec); | printf(", expires in %.2u:%.2u:%.2u", expire, min, sec); | ||||
| bcopy(s->packets[0], &packets[0], sizeof(u_int64_t)); | |||||
| bcopy(s->packets[1], &packets[1], sizeof(u_int64_t)); | |||||
| bcopy(s->bytes[0], &bytes[0], sizeof(u_int64_t)); | |||||
| bcopy(s->bytes[1], &bytes[1], sizeof(u_int64_t)); | |||||
| printf(", %ju:%ju pkts, %ju:%ju bytes", | printf(", %ju:%ju pkts, %ju:%ju bytes", | ||||
| (uintmax_t )be64toh(packets[0]), | s->packets[0], | ||||
| (uintmax_t )be64toh(packets[1]), | s->packets[1], | ||||
| (uintmax_t )be64toh(bytes[0]), | s->bytes[0], | ||||
| (uintmax_t )be64toh(bytes[1])); | s->bytes[1]); | ||||
| if (ntohl(s->anchor) != -1) | if (s->anchor != -1) | ||||
| printf(", anchor %u", ntohl(s->anchor)); | printf(", anchor %u", s->anchor); | ||||
| if (ntohl(s->rule) != -1) | if (s->rule != -1) | ||||
| printf(", rule %u", ntohl(s->rule)); | printf(", rule %u", s->rule); | ||||
| if (s->state_flags & PFSTATE_SLOPPY) | if (s->state_flags & PFSTATE_SLOPPY) | ||||
| printf(", sloppy"); | printf(", sloppy"); | ||||
| if (s->sync_flags & PFSYNC_FLAG_SRCNODE) | if (s->sync_flags & PFSYNC_FLAG_SRCNODE) | ||||
| printf(", source-track"); | printf(", source-track"); | ||||
| if (s->sync_flags & PFSYNC_FLAG_NATSRCNODE) | if (s->sync_flags & PFSYNC_FLAG_NATSRCNODE) | ||||
| printf(", sticky-address"); | printf(", sticky-address"); | ||||
| printf("\n"); | printf("\n"); | ||||
| } | } | ||||
| if (opts & PF_OPT_VERBOSE2) { | if (opts & PF_OPT_VERBOSE2) { | ||||
| u_int64_t id; | u_int64_t id; | ||||
| bcopy(&s->id, &id, sizeof(u_int64_t)); | bcopy(&s->id, &id, sizeof(u_int64_t)); | ||||
| printf(" id: %016jx creatorid: %08x", | printf(" id: %016jx creatorid: %08x", id, s->creatorid); | ||||
| (uintmax_t )be64toh(id), ntohl(s->creatorid)); | |||||
| printf(" gateway: "); | printf(" gateway: "); | ||||
| print_host(&s->rt_addr, 0, s->af, opts); | print_host(&s->rt_addr, 0, af, opts); | ||||
| printf("\n"); | printf("\n"); | ||||
| } | } | ||||
| } | } | ||||
| int | int | ||||
| unmask(struct pf_addr *m, sa_family_t af) | unmask(struct pf_addr *m, sa_family_t af) | ||||
| { | { | ||||
| int i = 31, j = 0, b = 0; | int i = 31, j = 0, b = 0; | ||||
| Show All 13 Lines | |||||