summaryrefslogtreecommitdiff
path: root/pfctl/pf_print_state.c
diff options
context:
space:
mode:
Diffstat (limited to 'pfctl/pf_print_state.c')
-rw-r--r--pfctl/pf_print_state.c110
1 files changed, 69 insertions, 41 deletions
diff --git a/pfctl/pf_print_state.c b/pfctl/pf_print_state.c
index 8489c38c73a00..e95f2b04a063e 100644
--- a/pfctl/pf_print_state.c
+++ b/pfctl/pf_print_state.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_print_state.c,v 1.46 2007/08/30 09:28:49 dhartmei Exp $ */
+/* $OpenBSD: pf_print_state.c,v 1.51 2008/06/29 08:42:15 mcbride Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -165,17 +165,15 @@ print_name(struct pf_addr *addr, sa_family_t af)
}
void
-print_host(struct pfsync_state_host *h, sa_family_t af, int opts)
+print_host(struct pf_addr *addr, u_int16_t port, sa_family_t af, int opts)
{
- u_int16_t p = ntohs(h->port);
-
if (opts & PF_OPT_USEDNS)
- print_name(&h->addr, af);
+ print_name(addr, af);
else {
struct pf_addr_wrap aw;
memset(&aw, 0, sizeof(aw));
- aw.v.a.addr = h->addr;
+ aw.v.a.addr = *addr;
if (af == AF_INET)
aw.v.a.mask.addr32[0] = 0xffffffff;
else {
@@ -185,11 +183,11 @@ print_host(struct pfsync_state_host *h, sa_family_t af, int opts)
print_addr(&aw, af, opts & PF_OPT_VERBOSE2);
}
- if (p) {
+ if (port) {
if (af == AF_INET)
- printf(":%u", p);
+ printf(":%u", ntohs(port));
else
- printf("[%u]", p);
+ printf("[%u]", ntohs(port));
}
}
@@ -197,45 +195,60 @@ void
print_seq(struct pfsync_state_peer *p)
{
if (p->seqdiff)
- printf("[%u + %u](+%u)", p->seqlo, p->seqhi - p->seqlo,
- p->seqdiff);
+ printf("[%u + %u](+%u)", ntohl(p->seqlo),
+ ntohl(p->seqhi) - ntohl(p->seqlo), ntohl(p->seqdiff));
else
- printf("[%u + %u]", p->seqlo, p->seqhi - p->seqlo);
+ printf("[%u + %u]", ntohl(p->seqlo),
+ ntohl(p->seqhi) - ntohl(p->seqlo));
}
void
print_state(struct pfsync_state *s, int opts)
{
struct pfsync_state_peer *src, *dst;
+ struct pfsync_state_key *sk, *nk;
struct protoent *p;
int min, sec;
if (s->direction == PF_OUT) {
src = &s->src;
dst = &s->dst;
+ sk = &s->key[PF_SK_STACK];
+ nk = &s->key[PF_SK_WIRE];
+ if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6)
+ sk->port[0] = nk->port[0];
} else {
src = &s->dst;
dst = &s->src;
+ sk = &s->key[PF_SK_WIRE];
+ nk = &s->key[PF_SK_STACK];
+ if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6)
+ sk->port[1] = nk->port[1];
}
printf("%s ", s->ifname);
if ((p = getprotobynumber(s->proto)) != NULL)
printf("%s ", p->p_name);
else
printf("%u ", s->proto);
- if (PF_ANEQ(&s->lan.addr, &s->gwy.addr, s->af) ||
- (s->lan.port != s->gwy.port)) {
- print_host(&s->lan, s->af, opts);
- if (s->direction == PF_OUT)
- printf(" -> ");
- else
- printf(" <- ");
+
+ print_host(&nk->addr[1], nk->port[1], s->af, opts);
+ if (PF_ANEQ(&nk->addr[1], &sk->addr[1], s->af) ||
+ nk->port[1] != sk->port[1]) {
+ printf(" (");
+ print_host(&sk->addr[1], sk->port[1], s->af, opts);
+ printf(")");
}
- print_host(&s->gwy, s->af, opts);
if (s->direction == PF_OUT)
printf(" -> ");
else
printf(" <- ");
- print_host(&s->ext, s->af, opts);
+ print_host(&nk->addr[0], nk->port[0], s->af, opts);
+ if (PF_ANEQ(&nk->addr[0], &sk->addr[0], s->af) ||
+ nk->port[0] != sk->port[0]) {
+ printf(" (");
+ print_host(&sk->addr[0], sk->port[0], s->af, opts);
+ printf(")");
+ }
printf(" ");
if (s->proto == IPPROTO_TCP) {
@@ -281,25 +294,37 @@ print_state(struct pfsync_state *s, int opts)
}
if (opts & PF_OPT_VERBOSE) {
- sec = s->creation % 60;
- s->creation /= 60;
- min = s->creation % 60;
- s->creation /= 60;
- printf(" age %.2u:%.2u:%.2u", s->creation, min, sec);
- sec = s->expire % 60;
- s->expire /= 60;
+ u_int64_t packets[2];
+ u_int64_t bytes[2];
+ u_int32_t creation = ntohl(s->creation);
+ u_int32_t expire = ntohl(s->expire);
+
+ sec = creation % 60;
+ creation /= 60;
+ min = creation % 60;
+ creation /= 60;
+ printf(" age %.2u:%.2u:%.2u", creation, min, sec);
+ sec = expire % 60;
+ expire /= 60;
min = s->expire % 60;
- s->expire /= 60;
- printf(", expires in %.2u:%.2u:%.2u", s->expire, min, sec);
+ expire /= 60;
+ printf(", expires in %.2u:%.2u:%.2u", expire, min, sec);
+
+ bcopy(s->packets[0], &packets[0], sizeof(u_int64_t));
+ bcopy(s->packets[1], &packets[1], sizeof(u_int64_t));
+ bcopy(s->bytes[0], &bytes[0], sizeof(u_int64_t));
+ bcopy(s->bytes[1], &bytes[1], sizeof(u_int64_t));
printf(", %llu:%llu pkts, %llu:%llu bytes",
- pf_state_counter_from_pfsync(s->packets[0]),
- pf_state_counter_from_pfsync(s->packets[1]),
- pf_state_counter_from_pfsync(s->bytes[0]),
- pf_state_counter_from_pfsync(s->bytes[1]));
- if (s->anchor != -1)
- printf(", anchor %u", s->anchor);
- if (s->rule != -1)
- printf(", rule %u", s->rule);
+ betoh64(packets[0]),
+ betoh64(packets[1]),
+ betoh64(bytes[0]),
+ betoh64(bytes[1]));
+ if (ntohl(s->anchor) != -1)
+ printf(", anchor %u", ntohl(s->anchor));
+ if (ntohl(s->rule) != -1)
+ printf(", rule %u", ntohl(s->rule));
+ if (s->state_flags & PFSTATE_SLOPPY)
+ printf(", sloppy");
if (s->sync_flags & PFSYNC_FLAG_SRCNODE)
printf(", source-track");
if (s->sync_flags & PFSYNC_FLAG_NATSRCNODE)
@@ -307,9 +332,12 @@ print_state(struct pfsync_state *s, int opts)
printf("\n");
}
if (opts & PF_OPT_VERBOSE2) {
- printf(" id: %016llx creatorid: %08x%s\n",
- pf_state_counter_from_pfsync(s->id), ntohl(s->creatorid),
- ((s->sync_flags & PFSTATE_NOSYNC) ? " (no-sync)" : ""));
+ u_int64_t id;
+
+ bcopy(&s->id, &id, sizeof(u_int64_t));
+ printf(" id: %016llx creatorid: %08x",
+ betoh64(id), ntohl(s->creatorid));
+ printf("\n");
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-03 05:57:33 +0000