$OpenBSD: patch-pftop_c,v 1.10 2008/06/13 00:38:12 canacar Exp $ --- pftop.c.orig Tue Nov 6 23:36:46 2007 +++ pftop.c Thu Jun 12 17:51:33 2008 @@ -535,6 +535,8 @@ compare_addr(int af, const struct pf_addr *a, const st return 0; } +#ifdef HAVE_PFSYNC_KEY + #ifdef __GNUC__ __inline__ #endif @@ -542,6 +544,113 @@ int sort_addr_callback(const pf_state_t *s1, const pf_state_t *s2, int dir) { + const struct pf_addr *aa, *ab; + u_int16_t pa, pb; + int af, ret, ii, io; + + af = s1->af; + + + if (af > s2->af) + return sortdir; + if (af < s2->af) + return -sortdir; + + ii = io = 0; + + if (dir == PF_OUT) /* looking for source addr */ + io = 1; + else /* looking for dest addr */ + ii = 1; + + if (s1->direction == PF_IN) { + aa = &s1->key[PF_SK_STACK].addr[ii]; + pa = s1->key[PF_SK_STACK].port[ii]; + } else { + aa = &s1->key[PF_SK_WIRE].addr[io]; + pa = s1->key[PF_SK_WIRE].port[io]; + } + + if (s2->direction == PF_IN) { + ab = &s2->key[PF_SK_STACK].addr[ii];; + pb = s2->key[PF_SK_STACK].port[ii]; + } else { + ab = &s2->key[PF_SK_WIRE].addr[io];; + pb = s2->key[PF_SK_WIRE].port[io]; + } + + ret = compare_addr(af, aa, ab); + if (ret) + return ret * sortdir; + + if (ntohs(pa) > ntohs(pb)) + return sortdir; + return -sortdir; +} + +#ifdef __GNUC__ +__inline__ +#endif +int +sort_port_callback(const pf_state_t *s1, + const pf_state_t *s2, int dir) +{ + const struct pf_addr *aa, *ab; + u_int16_t pa, pb; + int af, ret, ii, io; + + af = s1->af; + + + if (af > s2->af) + return sortdir; + if (af < s2->af) + return -sortdir; + + ii = io = 0; + + if (dir == PF_OUT) /* looking for source addr */ + io = 1; + else /* looking for dest addr */ + ii = 1; + + if (s1->direction == PF_IN) { + aa = &s1->key[PF_SK_STACK].addr[ii]; + pa = s1->key[PF_SK_STACK].port[ii]; + } else { + aa = &s1->key[PF_SK_WIRE].addr[io]; + pa = s1->key[PF_SK_WIRE].port[io]; + } + + if (s2->direction == PF_IN) { + ab = &s2->key[PF_SK_STACK].addr[ii];; + pb = s2->key[PF_SK_STACK].port[ii]; + } else { + ab = &s2->key[PF_SK_WIRE].addr[io];; + pb = s2->key[PF_SK_WIRE].port[io]; + } + + + if (ntohs(pa) > ntohs(pb)) + return sortdir; + if (ntohs(pa) < ntohs(pb)) + return - sortdir; + + ret = compare_addr(af, aa, ab); + if (ret) + return ret * sortdir; + return -sortdir; +} + +#else /* HAVE_PFSYNC_KEY */ + +#ifdef __GNUC__ +__inline__ +#endif +int +sort_addr_callback(const pf_state_t *s1, + const pf_state_t *s2, int dir) +{ const pf_state_host_t *a, *b; int af, ret; @@ -573,20 +682,6 @@ sort_addr_callback(const pf_state_t *s1, return -sortdir; } -int sort_sa_callback(const void *p1, const void *p2) -{ - pf_state_t *s1 = state_buf + (* (u_int32_t *) p1); - pf_state_t *s2 = state_buf + (* (u_int32_t *) p2); - return sort_addr_callback(s1, s2, PF_OUT); -} - -int sort_da_callback(const void *p1, const void *p2) -{ - pf_state_t *s1 = state_buf + (* (u_int32_t *) p1); - pf_state_t *s2 = state_buf + (* (u_int32_t *) p2); - return sort_addr_callback(s1, s2, PF_IN); -} - #ifdef __GNUC__ __inline__ #endif @@ -625,7 +720,22 @@ sort_port_callback(const pf_state_t *s1, return sortdir; return -sortdir; } +#endif /* HAVE_PFSYNC_KEY */ +int sort_sa_callback(const void *p1, const void *p2) +{ + pf_state_t *s1 = state_buf + (* (u_int32_t *) p1); + pf_state_t *s2 = state_buf + (* (u_int32_t *) p2); + return sort_addr_callback(s1, s2, PF_OUT); +} + +int sort_da_callback(const void *p1, const void *p2) +{ + pf_state_t *s1 = state_buf + (* (u_int32_t *) p1); + pf_state_t *s2 = state_buf + (* (u_int32_t *) p2); + return sort_addr_callback(s1, s2, PF_IN); +} + int sort_sp_callback(const void *p1, const void *p2) { @@ -865,7 +975,48 @@ tb_print_addr(struct pf_addr * addr, struct pf_addr * tbprintf("/%u", unmask(mask, af)); } } +#ifdef HAVE_PFSYNC_KEY +void +print_fld_host2(field_def *fld, struct pfsync_state_key *ks, + struct pfsync_state_key *kn, int idx, int af) +{ + struct pf_addr *as = &ks->addr[idx]; + struct pf_addr *an = &kn->addr[idx]; + u_int16_t ps = ntohs(ks->port[idx]); + u_int16_t pn = ntohs(kn->port[idx]); + + if (fld == NULL) + return; + + if (fld->width < 3) { + print_fld_str(fld, "*"); + return; + } + + tb_start(); + tb_print_addr(as, NULL, af); + + if (af == AF_INET) + tbprintf(":%u", ps); + else + tbprintf("[%u]", ps); + + print_fld_tb(fld); + + if (PF_ANEQ(as, an, af) || ps != pn) { + tb_start(); + tb_print_addr(an, NULL, af); + + if (af == AF_INET) + tbprintf(":%u", pn); + else + tbprintf("[%u]", pn); + print_fld_tb(FLD_GW); + } + +} +#else void print_fld_host(field_def *fld, pf_state_host_t * h, int af) { @@ -889,6 +1040,7 @@ print_fld_host(field_def *fld, pf_state_host_t * h, in print_fld_tb(fld); } +#endif void print_fld_state(field_def *fld, unsigned int proto, @@ -960,7 +1112,20 @@ print_state(pf_state_t * s, struct sc_ent * ent) else print_fld_uint(FLD_PROTO, s->proto); +#ifdef HAVE_PFSYNC_KEY if (s->direction == PF_OUT) { + print_fld_host2(FLD_SRC, &s->key[PF_SK_WIRE], + &s->key[PF_SK_STACK], 1, s->af); + print_fld_host2(FLD_DEST, &s->key[PF_SK_WIRE], + &s->key[PF_SK_STACK], 0, s->af); + } else { + print_fld_host2(FLD_SRC, &s->key[PF_SK_STACK], + &s->key[PF_SK_WIRE], 0, s->af); + print_fld_host2(FLD_DEST, &s->key[PF_SK_STACK], + &s->key[PF_SK_WIRE], 1, s->af); + } +#else + if (s->direction == PF_OUT) { print_fld_host(FLD_SRC, &s->lan, s->af); print_fld_host(FLD_DEST, &s->ext, s->af); } else { @@ -972,6 +1137,7 @@ print_state(pf_state_t * s, struct sc_ent * ent) (s->lan.port != s->gwy.port)) { print_fld_host(FLD_GW, &s->gwy, s->af); } +#endif if (s->direction == PF_OUT) print_fld_str(FLD_DIR, "Out"); @@ -1475,8 +1641,12 @@ print_rule(struct pf_rule *pr) print_fld_str(FLD_LABEL, pr->label); #endif #ifdef HAVE_RULE_STATES +#ifdef HAVE_PFSYNC_KEY + print_fld_size(FLD_STATS, pr->states_tot); +#else print_fld_size(FLD_STATS, pr->states); #endif +#endif #ifdef HAVE_INOUT_COUNT_RULES print_fld_size(FLD_PKTS, pr->packets[0] + pr->packets[1]); @@ -1486,7 +1656,13 @@ print_rule(struct pf_rule *pr) print_fld_size(FLD_BYTES, pr->bytes); #endif print_fld_uint(FLD_RULE, pr->nr); - print_fld_str(FLD_DIR, pr->direction == PF_OUT ? "Out" : "In"); + if (pr->direction == PF_OUT) + print_fld_str(FLD_DIR, "Out"); + else if (pr->direction == PF_IN) + print_fld_str(FLD_DIR, "In"); + else + print_fld_str(FLD_DIR, "Any"); + if (pr->quick) print_fld_str(FLD_QUICK, "Quick");