1/* $OpenBSD: pfctl_table.c,v 1.66 2007/03/01 17:20:54 deraadt Exp $ */
2
3/*
4 * Copyright (c) 2002 Cedric Berger
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
--- 16 unchanged lines hidden (view full) ---
26 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
28 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 * POSSIBILITY OF SUCH DAMAGE.
30 *
31 */
32
33#include <sys/cdefs.h>
34__FBSDID("$FreeBSD: head/contrib/pf/pfctl/pfctl_table.c 171172 2007-07-03 12:30:03Z mlaier $");
35
36#include <sys/types.h>
37#include <sys/ioctl.h>
38#include <sys/socket.h>
39
40#include <net/if.h>
41#include <net/pfvar.h>
42#include <arpa/inet.h>
--- 16 unchanged lines hidden (view full) ---
59 const char *, int);
60static void print_table(struct pfr_table *, int, int);
61static void print_tstats(struct pfr_tstats *, int);
62static int load_addr(struct pfr_buffer *, int, char *[], char *, int);
63static void print_addrx(struct pfr_addr *, struct pfr_addr *, int);
64static void print_astats(struct pfr_astats *, int);
65static void radix_perror(void);
66static void xprintf(int, const char *, ...);
67static void print_iface(struct pfi_kif *, int);
68
69static const char *stats_text[PFR_DIR_MAX][PFR_OP_TABLE_MAX] = {
70 { "In/Block:", "In/Pass:", "In/XPass:" },
71 { "Out/Block:", "Out/Pass:", "Out/XPass:" }
72};
73
74static const char *istats_text[2][2][2] = {
75 { { "In4/Pass:", "In4/Block:" }, { "Out4/Pass:", "Out4/Block:" } },
--- 96 unchanged lines hidden (view full) ---
172 b.pfrb_caddr, &b.pfrb_size, flags));
173 else
174 RVTEST(pfr_get_tables(&table,
175 b.pfrb_caddr, &b.pfrb_size, flags));
176 if (b.pfrb_size <= b.pfrb_msize)
177 break;
178 }
179
180 if ((opts & PF_OPT_SHOWALL) && b.pfrb_size > 0)
181 pfctl_print_title("TABLES:");
182
183 PFRB_FOREACH(p, &b)
184 if (opts & PF_OPT_VERBOSE2)
185 print_tstats(p, opts & PF_OPT_DEBUG);
186 else
187 print_table(p, opts & PF_OPT_VERBOSE,
188 opts & PF_OPT_DEBUG);
--- 62 unchanged lines hidden (view full) ---
251 xprintf(opts, "%d addresses changed", nchange);
252 if (!nadd && !ndel && !nchange)
253 xprintf(opts, "no changes");
254 if (opts & PF_OPT_VERBOSE)
255 PFRB_FOREACH(a, &b)
256 if ((opts & PF_OPT_VERBOSE2) || a->pfra_fback)
257 print_addrx(a, NULL,
258 opts & PF_OPT_USEDNS);
259 } else if (!strcmp(command, "expire")) {
260 const char *errstr;
261 u_int lifetime;
262
263 b.pfrb_type = PFRB_ASTATS;
264 b2.pfrb_type = PFRB_ADDRS;
265 if (argc != 1 || file != NULL)
266 usage();
267 lifetime = strtonum(*argv, 0, UINT_MAX, &errstr);
268 if (errstr)
269 errx(1, "expiry time: %s", errstr);
270 for (;;) {
271 pfr_buf_grow(&b, b.pfrb_size);
272 b.pfrb_size = b.pfrb_msize;
273 RVTEST(pfr_get_astats(&table, b.pfrb_caddr,
274 &b.pfrb_size, flags));
275 if (b.pfrb_size <= b.pfrb_msize)
276 break;
277 }
278 PFRB_FOREACH(p, &b)
279 if (time(NULL) - ((struct pfr_astats *)p)->pfras_tzero >
280 lifetime)
281 if (pfr_buf_add(&b2,
282 &((struct pfr_astats *)p)->pfras_a))
283 err(1, "duplicate buffer");
284
285 if (opts & PF_OPT_VERBOSE)
286 flags |= PFR_FLAG_FEEDBACK;
287 RVTEST(pfr_del_addrs(&table, b2.pfrb_caddr, b2.pfrb_size,
288 &ndel, flags));
289 xprintf(opts, "%d/%d addresses expired", ndel, b2.pfrb_size);
290 if (opts & PF_OPT_VERBOSE)
291 PFRB_FOREACH(a, &b2)
292 if ((opts & PF_OPT_VERBOSE2) || a->pfra_fback)
293 print_addrx(a, NULL,
294 opts & PF_OPT_USEDNS);
295 } else if (!strcmp(command, "show")) {
296 b.pfrb_type = (opts & PF_OPT_VERBOSE) ?
297 PFRB_ASTATS : PFRB_ADDRS;
298 if (argc || file != NULL)
299 usage();
300 for (;;) {
301 pfr_buf_grow(&b, b.pfrb_size);
302 b.pfrb_size = b.pfrb_msize;
--- 21 unchanged lines hidden (view full) ---
324 flags |= PFR_FLAG_REPLACE;
325 PFRB_FOREACH(a, &b)
326 if (pfr_buf_add(&b2, a))
327 err(1, "duplicate buffer");
328 }
329 RVTEST(pfr_tst_addrs(&table, b.pfrb_caddr, b.pfrb_size,
330 &nmatch, flags));
331 xprintf(opts, "%d/%d addresses match", nmatch, b.pfrb_size);
332 if ((opts & PF_OPT_VERBOSE) && !(opts & PF_OPT_VERBOSE2))
333 PFRB_FOREACH(a, &b)
334 if (a->pfra_fback == PFR_FB_MATCH)
335 print_addrx(a, NULL,
336 opts & PF_OPT_USEDNS);
337 if (opts & PF_OPT_VERBOSE2) {
338 a2 = NULL;
339 PFRB_FOREACH(a, &b) {
340 a2 = pfr_buf_next(&b2, a2);
--- 231 unchanged lines hidden (view full) ---
572
573
574/* interface stuff */
575
576int
577pfctl_show_ifaces(const char *filter, int opts)
578{
579 struct pfr_buffer b;
580 struct pfi_kif *p;
581 int i = 0;
582
583 bzero(&b, sizeof(b));
584 b.pfrb_type = PFRB_IFACES;
585 for (;;) {
586 pfr_buf_grow(&b, b.pfrb_size);
587 b.pfrb_size = b.pfrb_msize;
588 if (pfi_get_ifaces(filter, b.pfrb_caddr, &b.pfrb_size)) {
589 radix_perror();
590 return (1);
591 }
592 if (b.pfrb_size <= b.pfrb_msize)
593 break;
594 i++;
595 }
596 if (opts & PF_OPT_SHOWALL)
597 pfctl_print_title("INTERFACES:");
598 PFRB_FOREACH(p, &b)
599 print_iface(p, opts);
600 return (0);
601}
602
603void
604print_iface(struct pfi_kif *p, int opts)
605{
606 time_t tzero = p->pfik_tzero;
607 int i, af, dir, act;
608
609 printf("%s", p->pfik_name);
610 if (opts & PF_OPT_VERBOSE) {
611 if (p->pfik_flags & PFI_IFLAG_SKIP)
612 printf(" (skip)");
613 }
614 printf("\n");
615
616 if (!(opts & PF_OPT_VERBOSE2))
617 return;
618 printf("\tCleared: %s", ctime(&tzero));
619 printf("\tReferences: [ States: %-18d Rules: %-18d ]\n",
620 p->pfik_states, p->pfik_rules);
621 for (i = 0; i < 8; i++) {
622 af = (i>>2) & 1;
623 dir = (i>>1) &1;
624 act = i & 1;
625 printf("\t%-12s [ Packets: %-18llu Bytes: %-18llu ]\n",
626 istats_text[af][dir][act],
627 (unsigned long long)p->pfik_packets[af][dir][act],
628 (unsigned long long)p->pfik_bytes[af][dir][act]);
629 }
630}
2
3/*
4 * Copyright (c) 2002 Cedric Berger
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
--- 16 unchanged lines hidden (view full) ---
26 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
28 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 * POSSIBILITY OF SUCH DAMAGE.
30 *
31 */
32
33#include <sys/cdefs.h>
34__FBSDID("$FreeBSD: head/contrib/pf/pfctl/pfctl_table.c 171172 2007-07-03 12:30:03Z mlaier $");
35
36#include <sys/types.h>
37#include <sys/ioctl.h>
38#include <sys/socket.h>
39
40#include <net/if.h>
41#include <net/pfvar.h>
42#include <arpa/inet.h>
--- 16 unchanged lines hidden (view full) ---
59 const char *, int);
60static void print_table(struct pfr_table *, int, int);
61static void print_tstats(struct pfr_tstats *, int);
62static int load_addr(struct pfr_buffer *, int, char *[], char *, int);
63static void print_addrx(struct pfr_addr *, struct pfr_addr *, int);
64static void print_astats(struct pfr_astats *, int);
65static void radix_perror(void);
66static void xprintf(int, const char *, ...);
67static void print_iface(struct pfi_kif *, int);
68
69static const char *stats_text[PFR_DIR_MAX][PFR_OP_TABLE_MAX] = {
70 { "In/Block:", "In/Pass:", "In/XPass:" },
71 { "Out/Block:", "Out/Pass:", "Out/XPass:" }
72};
73
74static const char *istats_text[2][2][2] = {
75 { { "In4/Pass:", "In4/Block:" }, { "Out4/Pass:", "Out4/Block:" } },
--- 96 unchanged lines hidden (view full) ---
172 b.pfrb_caddr, &b.pfrb_size, flags));
173 else
174 RVTEST(pfr_get_tables(&table,
175 b.pfrb_caddr, &b.pfrb_size, flags));
176 if (b.pfrb_size <= b.pfrb_msize)
177 break;
178 }
179
180 if ((opts & PF_OPT_SHOWALL) && b.pfrb_size > 0)
181 pfctl_print_title("TABLES:");
182
183 PFRB_FOREACH(p, &b)
184 if (opts & PF_OPT_VERBOSE2)
185 print_tstats(p, opts & PF_OPT_DEBUG);
186 else
187 print_table(p, opts & PF_OPT_VERBOSE,
188 opts & PF_OPT_DEBUG);
--- 62 unchanged lines hidden (view full) ---
251 xprintf(opts, "%d addresses changed", nchange);
252 if (!nadd && !ndel && !nchange)
253 xprintf(opts, "no changes");
254 if (opts & PF_OPT_VERBOSE)
255 PFRB_FOREACH(a, &b)
256 if ((opts & PF_OPT_VERBOSE2) || a->pfra_fback)
257 print_addrx(a, NULL,
258 opts & PF_OPT_USEDNS);
259 } else if (!strcmp(command, "expire")) {
260 const char *errstr;
261 u_int lifetime;
262
263 b.pfrb_type = PFRB_ASTATS;
264 b2.pfrb_type = PFRB_ADDRS;
265 if (argc != 1 || file != NULL)
266 usage();
267 lifetime = strtonum(*argv, 0, UINT_MAX, &errstr);
268 if (errstr)
269 errx(1, "expiry time: %s", errstr);
270 for (;;) {
271 pfr_buf_grow(&b, b.pfrb_size);
272 b.pfrb_size = b.pfrb_msize;
273 RVTEST(pfr_get_astats(&table, b.pfrb_caddr,
274 &b.pfrb_size, flags));
275 if (b.pfrb_size <= b.pfrb_msize)
276 break;
277 }
278 PFRB_FOREACH(p, &b)
279 if (time(NULL) - ((struct pfr_astats *)p)->pfras_tzero >
280 lifetime)
281 if (pfr_buf_add(&b2,
282 &((struct pfr_astats *)p)->pfras_a))
283 err(1, "duplicate buffer");
284
285 if (opts & PF_OPT_VERBOSE)
286 flags |= PFR_FLAG_FEEDBACK;
287 RVTEST(pfr_del_addrs(&table, b2.pfrb_caddr, b2.pfrb_size,
288 &ndel, flags));
289 xprintf(opts, "%d/%d addresses expired", ndel, b2.pfrb_size);
290 if (opts & PF_OPT_VERBOSE)
291 PFRB_FOREACH(a, &b2)
292 if ((opts & PF_OPT_VERBOSE2) || a->pfra_fback)
293 print_addrx(a, NULL,
294 opts & PF_OPT_USEDNS);
295 } else if (!strcmp(command, "show")) {
296 b.pfrb_type = (opts & PF_OPT_VERBOSE) ?
297 PFRB_ASTATS : PFRB_ADDRS;
298 if (argc || file != NULL)
299 usage();
300 for (;;) {
301 pfr_buf_grow(&b, b.pfrb_size);
302 b.pfrb_size = b.pfrb_msize;
--- 21 unchanged lines hidden (view full) ---
324 flags |= PFR_FLAG_REPLACE;
325 PFRB_FOREACH(a, &b)
326 if (pfr_buf_add(&b2, a))
327 err(1, "duplicate buffer");
328 }
329 RVTEST(pfr_tst_addrs(&table, b.pfrb_caddr, b.pfrb_size,
330 &nmatch, flags));
331 xprintf(opts, "%d/%d addresses match", nmatch, b.pfrb_size);
332 if ((opts & PF_OPT_VERBOSE) && !(opts & PF_OPT_VERBOSE2))
333 PFRB_FOREACH(a, &b)
334 if (a->pfra_fback == PFR_FB_MATCH)
335 print_addrx(a, NULL,
336 opts & PF_OPT_USEDNS);
337 if (opts & PF_OPT_VERBOSE2) {
338 a2 = NULL;
339 PFRB_FOREACH(a, &b) {
340 a2 = pfr_buf_next(&b2, a2);
--- 231 unchanged lines hidden (view full) ---
572
573
574/* interface stuff */
575
576int
577pfctl_show_ifaces(const char *filter, int opts)
578{
579 struct pfr_buffer b;
580 struct pfi_kif *p;
581 int i = 0;
582
583 bzero(&b, sizeof(b));
584 b.pfrb_type = PFRB_IFACES;
585 for (;;) {
586 pfr_buf_grow(&b, b.pfrb_size);
587 b.pfrb_size = b.pfrb_msize;
588 if (pfi_get_ifaces(filter, b.pfrb_caddr, &b.pfrb_size)) {
589 radix_perror();
590 return (1);
591 }
592 if (b.pfrb_size <= b.pfrb_msize)
593 break;
594 i++;
595 }
596 if (opts & PF_OPT_SHOWALL)
597 pfctl_print_title("INTERFACES:");
598 PFRB_FOREACH(p, &b)
599 print_iface(p, opts);
600 return (0);
601}
602
603void
604print_iface(struct pfi_kif *p, int opts)
605{
606 time_t tzero = p->pfik_tzero;
607 int i, af, dir, act;
608
609 printf("%s", p->pfik_name);
610 if (opts & PF_OPT_VERBOSE) {
611 if (p->pfik_flags & PFI_IFLAG_SKIP)
612 printf(" (skip)");
613 }
614 printf("\n");
615
616 if (!(opts & PF_OPT_VERBOSE2))
617 return;
618 printf("\tCleared: %s", ctime(&tzero));
619 printf("\tReferences: [ States: %-18d Rules: %-18d ]\n",
620 p->pfik_states, p->pfik_rules);
621 for (i = 0; i < 8; i++) {
622 af = (i>>2) & 1;
623 dir = (i>>1) &1;
624 act = i & 1;
625 printf("\t%-12s [ Packets: %-18llu Bytes: %-18llu ]\n",
626 istats_text[af][dir][act],
627 (unsigned long long)p->pfik_packets[af][dir][act],
628 (unsigned long long)p->pfik_bytes[af][dir][act]);
629 }
630}