| pfctl_table.c (145840) | pfctl_table.c (171172) |
|---|---|
| 1/* $OpenBSD: pfctl_table.c,v 1.62 2004/12/22 17:17:55 dhartmei Exp $ */ | 1/* $OpenBSD: pfctl_table.c,v 1.66 2007/03/01 17:20:54 deraadt Exp $ */ |
| 2 3/* 4 * Copyright (c) 2002 Cedric Berger 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: --- 16 unchanged lines hidden (view full) --- 26 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 28 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 * 31 */ 32 33#include <sys/cdefs.h> | 2 3/* 4 * Copyright (c) 2002 Cedric Berger 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: --- 16 unchanged lines hidden (view full) --- 26 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 28 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 * 31 */ 32 33#include <sys/cdefs.h> |
| 34__FBSDID("$FreeBSD: head/contrib/pf/pfctl/pfctl_table.c 145840 2005-05-03 16:55:20Z mlaier $"); | 34__FBSDID("$FreeBSD: head/contrib/pf/pfctl/pfctl_table.c 171172 2007-07-03 12:30:03Z mlaier $"); |
| 35 36#include <sys/types.h> 37#include <sys/ioctl.h> 38#include <sys/socket.h> 39 40#include <net/if.h> 41#include <net/pfvar.h> 42#include <arpa/inet.h> --- 16 unchanged lines hidden (view full) --- 59 const char *, int); 60static void print_table(struct pfr_table *, int, int); 61static void print_tstats(struct pfr_tstats *, int); 62static int load_addr(struct pfr_buffer *, int, char *[], char *, int); 63static void print_addrx(struct pfr_addr *, struct pfr_addr *, int); 64static void print_astats(struct pfr_astats *, int); 65static void radix_perror(void); 66static void xprintf(int, const char *, ...); | 35 36#include <sys/types.h> 37#include <sys/ioctl.h> 38#include <sys/socket.h> 39 40#include <net/if.h> 41#include <net/pfvar.h> 42#include <arpa/inet.h> --- 16 unchanged lines hidden (view full) --- 59 const char *, int); 60static void print_table(struct pfr_table *, int, int); 61static void print_tstats(struct pfr_tstats *, int); 62static int load_addr(struct pfr_buffer *, int, char *[], char *, int); 63static void print_addrx(struct pfr_addr *, struct pfr_addr *, int); 64static void print_astats(struct pfr_astats *, int); 65static void radix_perror(void); 66static void xprintf(int, const char *, ...); |
| 67static void print_iface(struct pfi_if *, int); 68static void oprintf(int, int, const char *, int *, int); | 67static void print_iface(struct pfi_kif *, int); |
| 69 70static const char *stats_text[PFR_DIR_MAX][PFR_OP_TABLE_MAX] = { 71 { "In/Block:", "In/Pass:", "In/XPass:" }, 72 { "Out/Block:", "Out/Pass:", "Out/XPass:" } 73}; 74 75static const char *istats_text[2][2][2] = { 76 { { "In4/Pass:", "In4/Block:" }, { "Out4/Pass:", "Out4/Block:" } }, --- 96 unchanged lines hidden (view full) --- 173 b.pfrb_caddr, &b.pfrb_size, flags)); 174 else 175 RVTEST(pfr_get_tables(&table, 176 b.pfrb_caddr, &b.pfrb_size, flags)); 177 if (b.pfrb_size <= b.pfrb_msize) 178 break; 179 } 180 | 68 69static const char *stats_text[PFR_DIR_MAX][PFR_OP_TABLE_MAX] = { 70 { "In/Block:", "In/Pass:", "In/XPass:" }, 71 { "Out/Block:", "Out/Pass:", "Out/XPass:" } 72}; 73 74static const char *istats_text[2][2][2] = { 75 { { "In4/Pass:", "In4/Block:" }, { "Out4/Pass:", "Out4/Block:" } }, --- 96 unchanged lines hidden (view full) --- 172 b.pfrb_caddr, &b.pfrb_size, flags)); 173 else 174 RVTEST(pfr_get_tables(&table, 175 b.pfrb_caddr, &b.pfrb_size, flags)); 176 if (b.pfrb_size <= b.pfrb_msize) 177 break; 178 } 179 |
| 181 if (opts & PF_OPT_SHOWALL && b.pfrb_size > 0) | 180 if ((opts & PF_OPT_SHOWALL) && b.pfrb_size > 0) |
| 182 pfctl_print_title("TABLES:"); 183 184 PFRB_FOREACH(p, &b) 185 if (opts & PF_OPT_VERBOSE2) 186 print_tstats(p, opts & PF_OPT_DEBUG); 187 else 188 print_table(p, opts & PF_OPT_VERBOSE, 189 opts & PF_OPT_DEBUG); --- 62 unchanged lines hidden (view full) --- 252 xprintf(opts, "%d addresses changed", nchange); 253 if (!nadd && !ndel && !nchange) 254 xprintf(opts, "no changes"); 255 if (opts & PF_OPT_VERBOSE) 256 PFRB_FOREACH(a, &b) 257 if ((opts & PF_OPT_VERBOSE2) || a->pfra_fback) 258 print_addrx(a, NULL, 259 opts & PF_OPT_USEDNS); | 181 pfctl_print_title("TABLES:"); 182 183 PFRB_FOREACH(p, &b) 184 if (opts & PF_OPT_VERBOSE2) 185 print_tstats(p, opts & PF_OPT_DEBUG); 186 else 187 print_table(p, opts & PF_OPT_VERBOSE, 188 opts & PF_OPT_DEBUG); --- 62 unchanged lines hidden (view full) --- 251 xprintf(opts, "%d addresses changed", nchange); 252 if (!nadd && !ndel && !nchange) 253 xprintf(opts, "no changes"); 254 if (opts & PF_OPT_VERBOSE) 255 PFRB_FOREACH(a, &b) 256 if ((opts & PF_OPT_VERBOSE2) || a->pfra_fback) 257 print_addrx(a, NULL, 258 opts & PF_OPT_USEDNS); |
| 259 } else if (!strcmp(command, "expire")) { 260 const char *errstr; 261 u_int lifetime; 262 263 b.pfrb_type = PFRB_ASTATS; 264 b2.pfrb_type = PFRB_ADDRS; 265 if (argc != 1 || file != NULL) 266 usage(); 267 lifetime = strtonum(*argv, 0, UINT_MAX, &errstr); 268 if (errstr) 269 errx(1, "expiry time: %s", errstr); 270 for (;;) { 271 pfr_buf_grow(&b, b.pfrb_size); 272 b.pfrb_size = b.pfrb_msize; 273 RVTEST(pfr_get_astats(&table, b.pfrb_caddr, 274 &b.pfrb_size, flags)); 275 if (b.pfrb_size <= b.pfrb_msize) 276 break; 277 } 278 PFRB_FOREACH(p, &b) 279 if (time(NULL) - ((struct pfr_astats *)p)->pfras_tzero > 280 lifetime) 281 if (pfr_buf_add(&b2, 282 &((struct pfr_astats *)p)->pfras_a)) 283 err(1, "duplicate buffer"); 284 285 if (opts & PF_OPT_VERBOSE) 286 flags |= PFR_FLAG_FEEDBACK; 287 RVTEST(pfr_del_addrs(&table, b2.pfrb_caddr, b2.pfrb_size, 288 &ndel, flags)); 289 xprintf(opts, "%d/%d addresses expired", ndel, b2.pfrb_size); 290 if (opts & PF_OPT_VERBOSE) 291 PFRB_FOREACH(a, &b2) 292 if ((opts & PF_OPT_VERBOSE2) || a->pfra_fback) 293 print_addrx(a, NULL, 294 opts & PF_OPT_USEDNS); |
|
| 260 } else if (!strcmp(command, "show")) { 261 b.pfrb_type = (opts & PF_OPT_VERBOSE) ? 262 PFRB_ASTATS : PFRB_ADDRS; 263 if (argc || file != NULL) 264 usage(); 265 for (;;) { 266 pfr_buf_grow(&b, b.pfrb_size); 267 b.pfrb_size = b.pfrb_msize; --- 21 unchanged lines hidden (view full) --- 289 flags |= PFR_FLAG_REPLACE; 290 PFRB_FOREACH(a, &b) 291 if (pfr_buf_add(&b2, a)) 292 err(1, "duplicate buffer"); 293 } 294 RVTEST(pfr_tst_addrs(&table, b.pfrb_caddr, b.pfrb_size, 295 &nmatch, flags)); 296 xprintf(opts, "%d/%d addresses match", nmatch, b.pfrb_size); | 295 } else if (!strcmp(command, "show")) { 296 b.pfrb_type = (opts & PF_OPT_VERBOSE) ? 297 PFRB_ASTATS : PFRB_ADDRS; 298 if (argc || file != NULL) 299 usage(); 300 for (;;) { 301 pfr_buf_grow(&b, b.pfrb_size); 302 b.pfrb_size = b.pfrb_msize; --- 21 unchanged lines hidden (view full) --- 324 flags |= PFR_FLAG_REPLACE; 325 PFRB_FOREACH(a, &b) 326 if (pfr_buf_add(&b2, a)) 327 err(1, "duplicate buffer"); 328 } 329 RVTEST(pfr_tst_addrs(&table, b.pfrb_caddr, b.pfrb_size, 330 &nmatch, flags)); 331 xprintf(opts, "%d/%d addresses match", nmatch, b.pfrb_size); |
| 297 if (opts & PF_OPT_VERBOSE && !(opts & PF_OPT_VERBOSE2)) | 332 if ((opts & PF_OPT_VERBOSE) && !(opts & PF_OPT_VERBOSE2)) |
| 298 PFRB_FOREACH(a, &b) 299 if (a->pfra_fback == PFR_FB_MATCH) 300 print_addrx(a, NULL, 301 opts & PF_OPT_USEDNS); 302 if (opts & PF_OPT_VERBOSE2) { 303 a2 = NULL; 304 PFRB_FOREACH(a, &b) { 305 a2 = pfr_buf_next(&b2, a2); --- 231 unchanged lines hidden (view full) --- 537 538 539/* interface stuff */ 540 541int 542pfctl_show_ifaces(const char *filter, int opts) 543{ 544 struct pfr_buffer b; | 333 PFRB_FOREACH(a, &b) 334 if (a->pfra_fback == PFR_FB_MATCH) 335 print_addrx(a, NULL, 336 opts & PF_OPT_USEDNS); 337 if (opts & PF_OPT_VERBOSE2) { 338 a2 = NULL; 339 PFRB_FOREACH(a, &b) { 340 a2 = pfr_buf_next(&b2, a2); --- 231 unchanged lines hidden (view full) --- 572 573 574/* interface stuff */ 575 576int 577pfctl_show_ifaces(const char *filter, int opts) 578{ 579 struct pfr_buffer b; |
| 545 struct pfi_if *p; 546 int i = 0, f = PFI_FLAG_GROUP|PFI_FLAG_INSTANCE; | 580 struct pfi_kif *p; 581 int i = 0; |
| 547 | 582 |
| 548 if (filter != NULL && *filter && !isdigit(filter[strlen(filter)-1])) 549 f &= ~PFI_FLAG_INSTANCE; | |
| 550 bzero(&b, sizeof(b)); 551 b.pfrb_type = PFRB_IFACES; 552 for (;;) { 553 pfr_buf_grow(&b, b.pfrb_size); 554 b.pfrb_size = b.pfrb_msize; | 583 bzero(&b, sizeof(b)); 584 b.pfrb_type = PFRB_IFACES; 585 for (;;) { 586 pfr_buf_grow(&b, b.pfrb_size); 587 b.pfrb_size = b.pfrb_msize; |
| 555 if (pfi_get_ifaces(filter, b.pfrb_caddr, &b.pfrb_size, f)) { | 588 if (pfi_get_ifaces(filter, b.pfrb_caddr, &b.pfrb_size)) { |
| 556 radix_perror(); 557 return (1); 558 } 559 if (b.pfrb_size <= b.pfrb_msize) 560 break; 561 i++; 562 } 563 if (opts & PF_OPT_SHOWALL) 564 pfctl_print_title("INTERFACES:"); 565 PFRB_FOREACH(p, &b) 566 print_iface(p, opts); 567 return (0); 568} 569 570void | 589 radix_perror(); 590 return (1); 591 } 592 if (b.pfrb_size <= b.pfrb_msize) 593 break; 594 i++; 595 } 596 if (opts & PF_OPT_SHOWALL) 597 pfctl_print_title("INTERFACES:"); 598 PFRB_FOREACH(p, &b) 599 print_iface(p, opts); 600 return (0); 601} 602 603void |
| 571print_iface(struct pfi_if *p, int opts) | 604print_iface(struct pfi_kif *p, int opts) |
| 572{ | 605{ |
| 573 time_t tzero = p->pfif_tzero; 574 int flags = (opts & PF_OPT_VERBOSE) ? p->pfif_flags : 0; 575 int first = 1; | 606 time_t tzero = p->pfik_tzero; |
| 576 int i, af, dir, act; 577 | 607 int i, af, dir, act; 608 |
| 578 printf("%s", p->pfif_name); 579 oprintf(flags, PFI_IFLAG_INSTANCE, "instance", &first, 0); 580 oprintf(flags, PFI_IFLAG_GROUP, "group", &first, 0); 581 oprintf(flags, PFI_IFLAG_CLONABLE, "clonable", &first, 0); 582 oprintf(flags, PFI_IFLAG_DYNAMIC, "dynamic", &first, 0); 583 oprintf(flags, PFI_IFLAG_ATTACHED, "attached", &first, 0); 584 oprintf(flags, PFI_IFLAG_SKIP, "skipped", &first, 1); 585#ifdef __FreeBSD__ 586 first = 1; 587 oprintf(flags, PFI_IFLAG_PLACEHOLDER, "placeholder", &first, 1); 588#endif | 609 printf("%s", p->pfik_name); 610 if (opts & PF_OPT_VERBOSE) { 611 if (p->pfik_flags & PFI_IFLAG_SKIP) 612 printf(" (skip)"); 613 } |
| 589 printf("\n"); 590 591 if (!(opts & PF_OPT_VERBOSE2)) 592 return; 593 printf("\tCleared: %s", ctime(&tzero)); 594 printf("\tReferences: [ States: %-18d Rules: %-18d ]\n", | 614 printf("\n"); 615 616 if (!(opts & PF_OPT_VERBOSE2)) 617 return; 618 printf("\tCleared: %s", ctime(&tzero)); 619 printf("\tReferences: [ States: %-18d Rules: %-18d ]\n", |
| 595 p->pfif_states, p->pfif_rules); | 620 p->pfik_states, p->pfik_rules); |
| 596 for (i = 0; i < 8; i++) { 597 af = (i>>2) & 1; 598 dir = (i>>1) &1; 599 act = i & 1; 600 printf("\t%-12s [ Packets: %-18llu Bytes: %-18llu ]\n", 601 istats_text[af][dir][act], | 621 for (i = 0; i < 8; i++) { 622 af = (i>>2) & 1; 623 dir = (i>>1) &1; 624 act = i & 1; 625 printf("\t%-12s [ Packets: %-18llu Bytes: %-18llu ]\n", 626 istats_text[af][dir][act], |
| 602 (unsigned long long)p->pfif_packets[af][dir][act], 603 (unsigned long long)p->pfif_bytes[af][dir][act]); | 627 (unsigned long long)p->pfik_packets[af][dir][act], 628 (unsigned long long)p->pfik_bytes[af][dir][act]); |
| 604 } 605} | 629 } 630} |
| 606 607void 608oprintf(int flags, int flag, const char *s, int *first, int last) 609{ 610 if (flags & flag) { 611 printf(*first ? "\t(%s" : ", %s", s); 612 *first = 0; 613 } 614 if (last && !*first) 615 printf(")"); 616} 617 | |