1/* $OpenBSD: pfctl.c,v 1.188 2003/08/29 21:47:36 cedric Exp $ */
2
3/*
4 * Copyright (c) 2001 Daniel Hartmeier
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
--- 22 unchanged lines hidden (view full) ---
31 */
32
33#include <sys/types.h>
34#include <sys/ioctl.h>
35#include <sys/socket.h>
36
37#include <net/if.h>
38#include <netinet/in.h>
39#include <net/pfvar.h>
40#include <arpa/inet.h>
41#include <altq/altq.h>
42
43#include <err.h>
44#include <errno.h>
45#include <fcntl.h>
46#include <limits.h>
--- 142 unchanged lines hidden (view full) ---
189}
190
191int
192pfctl_enable(int dev, int opts)
193{
194 if (ioctl(dev, DIOCSTART)) {
195 if (errno == EEXIST)
196 errx(1, "pf already enabled");
197 else
198 err(1, "DIOCSTART");
199 }
200 if ((opts & PF_OPT_QUIET) == 0)
201 fprintf(stderr, "pf enabled\n");
202
203 if (altqsupport && ioctl(dev, DIOCSTARTALTQ))
204 if (errno != EEXIST)
--- 333 unchanged lines hidden (view full) ---
538 printf("%u ", rule->skip[i].nr);
539 }
540 printf("]\n");
541
542 printf(" [ queue: qname=%s qid=%u pqname=%s pqid=%u ]\n",
543 rule->qname, rule->qid, rule->pqname, rule->pqid);
544 }
545 if (opts & PF_OPT_VERBOSE)
546 printf(" [ Evaluations: %-8llu Packets: %-8llu "
547 "Bytes: %-10llu States: %-6u]\n",
548 rule->evaluations, rule->packets,
549 rule->bytes, rule->states);
550}
551
552int
553pfctl_show_rules(int dev, int opts, int format, char *anchorname,
554 char *rulesetname)
555{
--- 47 unchanged lines hidden (view full) ---
603 if (pfctl_get_pool(dev, &pr.rule.rpool,
604 nr, pr.ticket, PF_SCRUB, anchorname, rulesetname) != 0)
605 return (-1);
606
607 switch (format) {
608 case 1:
609 if (pr.rule.label[0]) {
610 printf("%s ", pr.rule.label);
611 printf("%llu %llu %llu\n",
612 pr.rule.evaluations, pr.rule.packets,
613 pr.rule.bytes);
614 }
615 break;
616 default:
617 print_rule(&pr.rule, rule_numbers);
618 pfctl_print_rule_counters(&pr.rule, opts);
619 }
--- 15 unchanged lines hidden (view full) ---
635 if (pfctl_get_pool(dev, &pr.rule.rpool,
636 nr, pr.ticket, PF_PASS, anchorname, rulesetname) != 0)
637 return (-1);
638
639 switch (format) {
640 case 1:
641 if (pr.rule.label[0]) {
642 printf("%s ", pr.rule.label);
643 printf("%llu %llu %llu\n",
644 pr.rule.evaluations, pr.rule.packets,
645 pr.rule.bytes);
646 }
647 break;
648 default:
649 print_rule(&pr.rule, rule_numbers);
650 pfctl_print_rule_counters(&pr.rule, opts);
651 }
--- 565 unchanged lines hidden (view full) ---
1217 if ((opts & PF_OPT_QUIET) == 0)
1218 fprintf(stderr, "pf: rule counters cleared\n");
1219 return (0);
1220}
1221
1222int
1223pfctl_test_altqsupport(int dev, int opts)
1224{
1225 struct pfioc_altq pa;
1226
1227 if (ioctl(dev, DIOCGETALTQS, &pa)) {
1228 if (errno == ENODEV) {
1229 if (!(opts & PF_OPT_QUIET))
1230 fprintf(stderr, "No ALTQ support in kernel\n"
1231 "ALTQ related functions disabled\n");
1232 return (0);
1233 } else
1234 err(1, "DIOCGETALTQS");
1235 }
1236 return (1);
1237}
1238
1239int
1240pfctl_show_anchors(int dev, int opts, char *anchorname)
1241{
1242 u_int32_t nr, mnr;
1243
1244 if (!*anchorname) {
--- 226 unchanged lines hidden (view full) ---
1471 dev = open("/dev/pf", mode);
1472 if (dev == -1)
1473 err(1, "/dev/pf");
1474 altqsupport = pfctl_test_altqsupport(dev, opts);
1475 } else {
1476 /* turn off options */
1477 opts &= ~ (PF_OPT_DISABLE | PF_OPT_ENABLE);
1478 clearopt = showopt = debugopt = NULL;
1479 altqsupport = 1;
1480 }
1481
1482 if (opts & PF_OPT_DISABLE)
1483 if (pfctl_disable(dev, opts))
1484 error = 1;
1485
1486 if (showopt != NULL) {
1487 switch (*showopt) {
--- 139 unchanged lines hidden ---
2
3/*
4 * Copyright (c) 2001 Daniel Hartmeier
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
--- 22 unchanged lines hidden (view full) ---
31 */
32
33#include <sys/types.h>
34#include <sys/ioctl.h>
35#include <sys/socket.h>
36
37#include <net/if.h>
38#include <netinet/in.h>
39#include <net/pfvar.h>
40#include <arpa/inet.h>
41#include <altq/altq.h>
42
43#include <err.h>
44#include <errno.h>
45#include <fcntl.h>
46#include <limits.h>
--- 142 unchanged lines hidden (view full) ---
189}
190
191int
192pfctl_enable(int dev, int opts)
193{
194 if (ioctl(dev, DIOCSTART)) {
195 if (errno == EEXIST)
196 errx(1, "pf already enabled");
197 else
198 err(1, "DIOCSTART");
199 }
200 if ((opts & PF_OPT_QUIET) == 0)
201 fprintf(stderr, "pf enabled\n");
202
203 if (altqsupport && ioctl(dev, DIOCSTARTALTQ))
204 if (errno != EEXIST)
--- 333 unchanged lines hidden (view full) ---
538 printf("%u ", rule->skip[i].nr);
539 }
540 printf("]\n");
541
542 printf(" [ queue: qname=%s qid=%u pqname=%s pqid=%u ]\n",
543 rule->qname, rule->qid, rule->pqname, rule->pqid);
544 }
545 if (opts & PF_OPT_VERBOSE)
546 printf(" [ Evaluations: %-8llu Packets: %-8llu "
547 "Bytes: %-10llu States: %-6u]\n",
548 rule->evaluations, rule->packets,
549 rule->bytes, rule->states);
550}
551
552int
553pfctl_show_rules(int dev, int opts, int format, char *anchorname,
554 char *rulesetname)
555{
--- 47 unchanged lines hidden (view full) ---
603 if (pfctl_get_pool(dev, &pr.rule.rpool,
604 nr, pr.ticket, PF_SCRUB, anchorname, rulesetname) != 0)
605 return (-1);
606
607 switch (format) {
608 case 1:
609 if (pr.rule.label[0]) {
610 printf("%s ", pr.rule.label);
611 printf("%llu %llu %llu\n",
612 pr.rule.evaluations, pr.rule.packets,
613 pr.rule.bytes);
614 }
615 break;
616 default:
617 print_rule(&pr.rule, rule_numbers);
618 pfctl_print_rule_counters(&pr.rule, opts);
619 }
--- 15 unchanged lines hidden (view full) ---
635 if (pfctl_get_pool(dev, &pr.rule.rpool,
636 nr, pr.ticket, PF_PASS, anchorname, rulesetname) != 0)
637 return (-1);
638
639 switch (format) {
640 case 1:
641 if (pr.rule.label[0]) {
642 printf("%s ", pr.rule.label);
643 printf("%llu %llu %llu\n",
644 pr.rule.evaluations, pr.rule.packets,
645 pr.rule.bytes);
646 }
647 break;
648 default:
649 print_rule(&pr.rule, rule_numbers);
650 pfctl_print_rule_counters(&pr.rule, opts);
651 }
--- 565 unchanged lines hidden (view full) ---
1217 if ((opts & PF_OPT_QUIET) == 0)
1218 fprintf(stderr, "pf: rule counters cleared\n");
1219 return (0);
1220}
1221
1222int
1223pfctl_test_altqsupport(int dev, int opts)
1224{
1225 struct pfioc_altq pa;
1226
1227 if (ioctl(dev, DIOCGETALTQS, &pa)) {
1228 if (errno == ENODEV) {
1229 if (!(opts & PF_OPT_QUIET))
1230 fprintf(stderr, "No ALTQ support in kernel\n"
1231 "ALTQ related functions disabled\n");
1232 return (0);
1233 } else
1234 err(1, "DIOCGETALTQS");
1235 }
1236 return (1);
1237}
1238
1239int
1240pfctl_show_anchors(int dev, int opts, char *anchorname)
1241{
1242 u_int32_t nr, mnr;
1243
1244 if (!*anchorname) {
--- 226 unchanged lines hidden (view full) ---
1471 dev = open("/dev/pf", mode);
1472 if (dev == -1)
1473 err(1, "/dev/pf");
1474 altqsupport = pfctl_test_altqsupport(dev, opts);
1475 } else {
1476 /* turn off options */
1477 opts &= ~ (PF_OPT_DISABLE | PF_OPT_ENABLE);
1478 clearopt = showopt = debugopt = NULL;
1479 altqsupport = 1;
1480 }
1481
1482 if (opts & PF_OPT_DISABLE)
1483 if (pfctl_disable(dev, opts))
1484 error = 1;
1485
1486 if (showopt != NULL) {
1487 switch (*showopt) {
--- 139 unchanged lines hidden ---