static void display_states(const struct pfioc_states *ps, int verbose __unused, FILE* f) { struct pfsync_state *p = NULL; struct pfsync_state_peer *src, *dst; struct protoent *proto; int nb_states; int i; uint64_t id; p = ps->ps_states; nb_states = ps->ps_len / sizeof(struct pfsync_state); for (i = 0; i < nb_states; i++, p++) { fprintf(f, "state %s ", p->direction == PF_OUT ? "out" : "in"); fprintf(f, "on %s ", p->ifname); if ((proto = getprotobynumber(p->proto)) != NULL) fprintf(f, "proto %s ", proto->p_name); else fprintf(f, "proto %u ", p->proto); if (PF_ANEQ(&p->lan.addr, &p->gwy.addr, p->af) || (p->lan.port != p->gwy.port)) { char buf1[64], buf2[64], buf3[64]; fprintf(f, "from %s to %s using %s", print_host(&p->lan, p->af, buf1, sizeof(buf1)), print_host(&p->ext, p->af, buf2, sizeof(buf2)), print_host(&p->gwy, p->af, buf3, sizeof(buf3))); } else { char buf1[64], buf2[64]; fprintf(f, "from %s to %s", print_host(&p->lan, p->af, buf1, sizeof(buf1)), print_host(&p->ext, p->af, buf2, sizeof(buf2))); } memcpy(&id, p->id, sizeof(p->id)); fprintf(f, " id %" PRIu64 " cid %" PRIu32 " expire %" PRIu32 " timeout %" PRIu8, id , p->creatorid, p->expire, p->timeout); if (p->direction == PF_OUT) { src = &p->src; dst = &p->dst; } else { src = &p->dst; dst = &p->src; } fprintf(f, " src "); print_peer(src, p->proto, f); fprintf(f, " dst "); print_peer(dst, p->proto, f); fprintf(f, "\n"); } }
void print_state(struct pfsync_state *s, int opts) { struct pfsync_state_peer *src, *dst; struct pfsync_state_key *sk, *nk; struct protoent *p; int min, sec; if (s->direction == PF_OUT) { src = &s->src; dst = &s->dst; sk = &s->key[PF_SK_STACK]; nk = &s->key[PF_SK_WIRE]; if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6) sk->port[0] = nk->port[0]; } else { src = &s->dst; dst = &s->src; sk = &s->key[PF_SK_WIRE]; nk = &s->key[PF_SK_STACK]; if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6) sk->port[1] = nk->port[1]; } printf("%s ", s->ifname); if ((p = getprotobynumber(s->proto)) != NULL) printf("%s ", p->p_name); else printf("%u ", s->proto); print_host(&nk->addr[1], nk->port[1], s->af, opts); if (PF_ANEQ(&nk->addr[1], &sk->addr[1], s->af) || nk->port[1] != sk->port[1]) { printf(" ("); print_host(&sk->addr[1], sk->port[1], s->af, opts); printf(")"); } if (s->direction == PF_OUT) printf(" -> "); else printf(" <- "); print_host(&nk->addr[0], nk->port[0], s->af, opts); if (PF_ANEQ(&nk->addr[0], &sk->addr[0], s->af) || nk->port[0] != sk->port[0]) { printf(" ("); print_host(&sk->addr[0], sk->port[0], s->af, opts); printf(")"); } printf(" "); if (s->proto == IPPROTO_TCP) { if (src->state <= TCPS_TIME_WAIT && dst->state <= TCPS_TIME_WAIT) printf(" %s:%s\n", tcpstates[src->state], tcpstates[dst->state]); else if (src->state == PF_TCPS_PROXY_SRC || dst->state == PF_TCPS_PROXY_SRC) printf(" PROXY:SRC\n"); else if (src->state == PF_TCPS_PROXY_DST || dst->state == PF_TCPS_PROXY_DST) printf(" PROXY:DST\n"); else printf(" <BAD STATE LEVELS %u:%u>\n", src->state, dst->state); if (opts & PF_OPT_VERBOSE) { printf(" "); print_seq(src); if (src->wscale && dst->wscale) printf(" wscale %u", src->wscale & PF_WSCALE_MASK); printf(" "); print_seq(dst); if (src->wscale && dst->wscale) printf(" wscale %u", dst->wscale & PF_WSCALE_MASK); printf("\n"); } } else if (s->proto == IPPROTO_UDP && src->state < PFUDPS_NSTATES && dst->state < PFUDPS_NSTATES) { const char *states[] = PFUDPS_NAMES; printf(" %s:%s\n", states[src->state], states[dst->state]); #ifndef INET6 } else if (s->proto != IPPROTO_ICMP && src->state < PFOTHERS_NSTATES && dst->state < PFOTHERS_NSTATES) { #else } else if (s->proto != IPPROTO_ICMP && s->proto != IPPROTO_ICMPV6 && src->state < PFOTHERS_NSTATES && dst->state < PFOTHERS_NSTATES) { #endif /* XXX ICMP doesn't really have state levels */ const char *states[] = PFOTHERS_NAMES; printf(" %s:%s\n", states[src->state], states[dst->state]); } else { printf(" %u:%u\n", src->state, dst->state); } if (opts & PF_OPT_VERBOSE) { u_int64_t packets[2]; u_int64_t bytes[2]; u_int32_t creation = ntohl(s->creation); u_int32_t expire = ntohl(s->expire); sec = creation % 60; creation /= 60; min = creation % 60; creation /= 60; printf(" age %.2u:%.2u:%.2u", creation, min, sec); sec = expire % 60; expire /= 60; min = expire % 60; expire /= 60; printf(", expires in %.2u:%.2u:%.2u", expire, min, sec); bcopy(s->packets[0], &packets[0], sizeof(u_int64_t)); bcopy(s->packets[1], &packets[1], sizeof(u_int64_t)); bcopy(s->bytes[0], &bytes[0], sizeof(u_int64_t)); bcopy(s->bytes[1], &bytes[1], sizeof(u_int64_t)); printf(", %ju:%ju pkts, %ju:%ju bytes", (uintmax_t )be64toh(packets[0]), (uintmax_t )be64toh(packets[1]), (uintmax_t )be64toh(bytes[0]), (uintmax_t )be64toh(bytes[1])); if (ntohl(s->anchor) != -1) printf(", anchor %u", ntohl(s->anchor)); if (ntohl(s->rule) != -1) printf(", rule %u", ntohl(s->rule)); if (s->state_flags & PFSTATE_SLOPPY) printf(", sloppy"); if (s->sync_flags & PFSYNC_FLAG_SRCNODE) printf(", source-track"); if (s->sync_flags & PFSYNC_FLAG_NATSRCNODE) printf(", sticky-address"); printf("\n"); } if (opts & PF_OPT_VERBOSE2) { u_int64_t id; bcopy(&s->id, &id, sizeof(u_int64_t)); printf(" id: %016jx creatorid: %08x", (uintmax_t )be64toh(id), ntohl(s->creatorid)); printf("\n"); } }
void print_state(struct pfsync_state *s, int opts) { struct pfsync_state_peer *src, *dst; struct pfsync_state_key *sk, *nk; struct protoent *p; int min, sec; if (s->direction == PF_OUT) { src = &s->src; dst = &s->dst; sk = &s->key[PF_SK_STACK]; nk = &s->key[PF_SK_WIRE]; if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6) sk->port[0] = nk->port[0]; } else { src = &s->dst; dst = &s->src; sk = &s->key[PF_SK_WIRE]; nk = &s->key[PF_SK_STACK]; if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6) sk->port[1] = nk->port[1]; } printf("%s ", s->ifname); if ((p = getprotobynumber(s->proto)) != NULL) printf("%s ", p->p_name); else printf("%u ", s->proto); print_host(&nk->addr[1], nk->port[1], s->af, opts); if (PF_ANEQ(&nk->addr[1], &sk->addr[1], s->af) || nk->port[1] != sk->port[1]) { printf(" ("); print_host(&sk->addr[1], sk->port[1], s->af, opts); printf(")"); } if (s->direction == PF_OUT) printf(" -> "); else printf(" <- "); print_host(&nk->addr[0], nk->port[0], s->af, opts); if (PF_ANEQ(&nk->addr[0], &sk->addr[0], s->af) || nk->port[0] != sk->port[0]) { printf(" ("); print_host(&sk->addr[0], sk->port[0], s->af, opts); printf(")"); } printf(" "); if (s->proto == IPPROTO_TCP) { if (src->state <= TCPS_TIME_WAIT && dst->state <= TCPS_TIME_WAIT) printf(" %s:%s\n", tcpstates[src->state], tcpstates[dst->state]); else if (src->state == PF_TCPS_PROXY_SRC || dst->state == PF_TCPS_PROXY_SRC) printf(" PROXY:SRC\n"); else if (src->state == PF_TCPS_PROXY_DST || dst->state == PF_TCPS_PROXY_DST) printf(" PROXY:DST\n"); else printf(" <BAD STATE LEVELS %u:%u>\n", src->state, dst->state); if (opts & PF_OPT_VERBOSE) { printf(" "); print_seq(src); if (src->wscale && dst->wscale) printf(" wscale %u", src->wscale & PF_WSCALE_MASK); printf(" "); print_seq(dst); if (src->wscale && dst->wscale) printf(" wscale %u", dst->wscale & PF_WSCALE_MASK); printf("\n"); } } else if (s->proto == IPPROTO_UDP && src->state < PFUDPS_NSTATES && dst->state < PFUDPS_NSTATES) { const char *states[] = PFUDPS_NAMES; printf(" %s:%s\n", states[src->state], states[dst->state]); } else if (s->proto != IPPROTO_ICMP && src->state < PFOTHERS_NSTATES && dst->state < PFOTHERS_NSTATES) { /* XXX ICMP doesn't really have state levels */ const char *states[] = PFOTHERS_NAMES; printf(" %s:%s\n", states[src->state], states[dst->state]); } else { printf(" %u:%u\n", src->state, dst->state); } if (opts & PF_OPT_VERBOSE) { u_int64_t packets[2]; u_int64_t bytes[2]; u_int32_t creation = ntohl(s->creation); u_int32_t expire = ntohl(s->expire); printf(" rule %u", ntohl(s->rule)); if (ntohl(s->anchor) != -1) printf(", anchor %u", ntohl(s->anchor)); printf(", flags:"); if (s->state_flags & PFSTATE_ALLOWOPTS) printf(" allowopts"); if (s->state_flags & PFSTATE_SLOPPY) printf(" sloppy"); if (s->state_flags & PFSTATE_STACK_GLOBAL) printf(" global"); if (s->state_flags & PFSTATE_CREATEINPROG) printf(" creating"); if (s->state_flags & PFSTATE_HALF_DUPLEX) printf(" (TRANSLATION COLLISION)"); if (s->sync_flags & PFSYNC_FLAG_SRCNODE) printf(" source-track"); if (s->sync_flags & PFSYNC_FLAG_NATSRCNODE) printf(" sticky-address"); switch(s->pickup_mode) { case PF_PICKUPS_UNSPECIFIED: break; case PF_PICKUPS_DISABLED: printf(" no-pickups"); break; case PF_PICKUPS_HASHONLY: printf(" hash-only"); break; case PF_PICKUPS_ENABLED: printf(" pickups"); break; } printf("\n"); sec = creation % 60; creation /= 60; min = creation % 60; creation /= 60; printf(" age %.2u:%.2u:%.2u", creation, min, sec); sec = expire % 60; expire /= 60; min = expire % 60; expire /= 60; printf(", expires in %.2u:%.2u:%.2u", expire, min, sec); bcopy(s->packets[0], &packets[0], sizeof(u_int64_t)); bcopy(s->packets[1], &packets[1], sizeof(u_int64_t)); bcopy(s->bytes[0], &bytes[0], sizeof(u_int64_t)); bcopy(s->bytes[1], &bytes[1], sizeof(u_int64_t)); printf(", %" PRIu64 ":%" PRIu64 " pkts, %" PRIu64 ":%" PRIu64 " bytes\n", be64toh(packets[0]), be64toh(packets[1]), be64toh(bytes[0]), be64toh(bytes[1])); } if (opts & PF_OPT_VERBOSE2) { u_int64_t id; bcopy(&s->id, &id, sizeof(u_int64_t)); printf(" id: %016jx creatorid: %08x cpuid: %-3d", be64toh(id), ntohl(s->creatorid), s->cpuid); printf("\n"); } }
static void print_state(netdissect_options *ndo, struct pfsync_state *s) { struct pfsync_state_peer *src, *dst; struct pfsync_state_key *sk, *nk; int min, sec; if (s->direction == PF_OUT) { src = &s->src; dst = &s->dst; sk = &s->key[PF_SK_STACK]; nk = &s->key[PF_SK_WIRE]; if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6) sk->port[0] = nk->port[0]; } else { src = &s->dst; dst = &s->src; sk = &s->key[PF_SK_WIRE]; nk = &s->key[PF_SK_STACK]; if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6) sk->port[1] = nk->port[1]; } ND_PRINT((ndo, "\t%s ", s->ifname)); ND_PRINT((ndo, "proto %u ", s->proto)); print_host(ndo, &nk->addr[1], nk->port[1], s->af, NULL); if (PF_ANEQ(&nk->addr[1], &sk->addr[1], s->af) || nk->port[1] != sk->port[1]) { ND_PRINT((ndo, " (")); print_host(ndo, &sk->addr[1], sk->port[1], s->af, NULL); ND_PRINT((ndo, ")")); } if (s->direction == PF_OUT) ND_PRINT((ndo, " -> ")); else ND_PRINT((ndo, " <- ")); print_host(ndo, &nk->addr[0], nk->port[0], s->af, NULL); if (PF_ANEQ(&nk->addr[0], &sk->addr[0], s->af) || nk->port[0] != sk->port[0]) { ND_PRINT((ndo, " (")); print_host(ndo, &sk->addr[0], sk->port[0], s->af, NULL); ND_PRINT((ndo, ")")); } print_src_dst(ndo, src, dst, s->proto); if (vflag > 1) { uint64_t packets[2]; uint64_t bytes[2]; uint32_t creation = ntohl(s->creation); uint32_t expire = ntohl(s->expire); sec = creation % 60; creation /= 60; min = creation % 60; creation /= 60; ND_PRINT((ndo, "\n\tage %.2u:%.2u:%.2u", creation, min, sec)); sec = expire % 60; expire /= 60; min = expire % 60; expire /= 60; ND_PRINT((ndo, ", expires in %.2u:%.2u:%.2u", expire, min, sec)); bcopy(s->packets[0], &packets[0], sizeof(uint64_t)); bcopy(s->packets[1], &packets[1], sizeof(uint64_t)); bcopy(s->bytes[0], &bytes[0], sizeof(uint64_t)); bcopy(s->bytes[1], &bytes[1], sizeof(uint64_t)); ND_PRINT((ndo, ", %ju:%ju pkts, %ju:%ju bytes", be64toh(packets[0]), be64toh(packets[1]), be64toh(bytes[0]), be64toh(bytes[1]))); if (s->anchor != ntohl(-1)) ND_PRINT((ndo, ", anchor %u", ntohl(s->anchor))); if (s->rule != ntohl(-1)) ND_PRINT((ndo, ", rule %u", ntohl(s->rule))); } if (vflag > 1) { uint64_t id; bcopy(&s->id, &id, sizeof(uint64_t)); ND_PRINT((ndo, "\n\tid: %016jx creatorid: %08x", (uintmax_t )be64toh(id), ntohl(s->creatorid))); } }
void print_state(struct pfsync_state *s, int opts) { struct pfsync_state_peer *src, *dst; struct pfsync_state_key *sk, *nk; int min, sec, sidx, didx; if (s->direction == PF_OUT) { src = &s->src; dst = &s->dst; sk = &s->key[PF_SK_STACK]; nk = &s->key[PF_SK_WIRE]; if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6) sk->port[0] = nk->port[0]; } else { src = &s->dst; dst = &s->src; sk = &s->key[PF_SK_WIRE]; nk = &s->key[PF_SK_STACK]; if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6) sk->port[1] = nk->port[1]; } printf("%s ", s->ifname); printf("%s ", ipproto_string(s->proto)); if (nk->af != sk->af) sidx = 1, didx = 0; else sidx = 0, didx = 1; print_host(&nk->addr[didx], nk->port[didx], nk->af, nk->rdomain, NULL, opts); if (nk->af != sk->af || PF_ANEQ(&nk->addr[1], &sk->addr[1], nk->af) || nk->port[1] != sk->port[1]) { printf(" ("); print_host(&sk->addr[1], sk->port[1], sk->af, sk->rdomain, NULL, opts); printf(")"); } if (s->direction == PF_OUT) printf(" -> "); else printf(" <- "); print_host(&nk->addr[sidx], nk->port[sidx], nk->af, nk->rdomain, NULL, opts); if (nk->af != sk->af || PF_ANEQ(&nk->addr[0], &sk->addr[0], nk->af) || nk->port[0] != sk->port[0]) { printf(" ("); print_host(&sk->addr[0], sk->port[0], sk->af, sk->rdomain, NULL, opts); printf(")"); } printf(" "); if (s->proto == IPPROTO_TCP) { if (src->state <= TCPS_TIME_WAIT && dst->state <= TCPS_TIME_WAIT) printf("\n %s:%s", tcpstates[src->state], tcpstates[dst->state]); else if (src->state == PF_TCPS_PROXY_SRC || dst->state == PF_TCPS_PROXY_SRC) printf("\n PROXY:SRC"); else if (src->state == PF_TCPS_PROXY_DST || dst->state == PF_TCPS_PROXY_DST) printf("\n PROXY:DST"); else printf("\n <BAD STATE LEVELS %u:%u>", src->state, dst->state); if (opts & PF_OPT_VERBOSE) { printf("\n "); print_seq(src); if (src->wscale && dst->wscale) printf(" wscale %u", src->wscale & PF_WSCALE_MASK); printf(" "); print_seq(dst); if (src->wscale && dst->wscale) printf(" wscale %u", dst->wscale & PF_WSCALE_MASK); } } else if (s->proto == IPPROTO_UDP && src->state < PFUDPS_NSTATES && dst->state < PFUDPS_NSTATES) { const char *states[] = PFUDPS_NAMES; printf(" %s:%s", states[src->state], states[dst->state]); } else if (s->proto != IPPROTO_ICMP && src->state < PFOTHERS_NSTATES && dst->state < PFOTHERS_NSTATES) { /* XXX ICMP doesn't really have state levels */ const char *states[] = PFOTHERS_NAMES; printf(" %s:%s", states[src->state], states[dst->state]); } else { printf(" %u:%u", src->state, dst->state); } if (opts & PF_OPT_VERBOSE) { u_int64_t packets[2]; u_int64_t bytes[2]; u_int32_t creation = ntohl(s->creation); u_int32_t expire = ntohl(s->expire); sec = creation % 60; creation /= 60; min = creation % 60; creation /= 60; printf("\n age %.2u:%.2u:%.2u", creation, min, sec); sec = expire % 60; expire /= 60; min = expire % 60; expire /= 60; printf(", expires in %.2u:%.2u:%.2u", expire, min, sec); bcopy(s->packets[0], &packets[0], sizeof(u_int64_t)); bcopy(s->packets[1], &packets[1], sizeof(u_int64_t)); bcopy(s->bytes[0], &bytes[0], sizeof(u_int64_t)); bcopy(s->bytes[1], &bytes[1], sizeof(u_int64_t)); printf(", %llu:%llu pkts, %llu:%llu bytes", betoh64(packets[0]), betoh64(packets[1]), betoh64(bytes[0]), betoh64(bytes[1])); if (s->anchor != -1) printf(", anchor %u", ntohl(s->anchor)); if (s->rule != -1) printf(", rule %u", ntohl(s->rule)); } if (opts & PF_OPT_VERBOSE2) { u_int64_t id; bcopy(&s->id, &id, sizeof(u_int64_t)); printf("\n id: %016llx creatorid: %08x", betoh64(id), ntohl(s->creatorid)); } }
void print_state(struct pf_state *s, int opts) { struct pf_state_peer *src, *dst; struct protoent *p; u_int8_t hrs, min, sec; if (s->direction == PF_OUT) { src = &s->src; dst = &s->dst; } else { src = &s->dst; dst = &s->src; } if ((p = getprotobynumber(s->proto)) != NULL) printf("%s ", p->p_name); else printf("%u ", s->proto); if (PF_ANEQ(&s->lan.addr, &s->gwy.addr, s->af) || (s->lan.port != s->gwy.port)) { print_host(&s->lan, s->af); if (s->direction == PF_OUT) printf(" -> "); else printf(" <- "); } print_host(&s->gwy, s->af); if (s->direction == PF_OUT) printf(" -> "); else printf(" <- "); print_host(&s->ext, s->af); printf(" "); if (s->proto == IPPROTO_TCP) { if (src->state <= TCPS_TIME_WAIT && dst->state <= TCPS_TIME_WAIT) { printf(" %s:%s\n", tcpstates[src->state], tcpstates[dst->state]); } else { printf(" <BAD STATE LEVELS>\n"); } if (opts & PF_OPT_VERBOSE) { printf(" "); print_seq(src); printf(" "); print_seq(dst); printf("\n"); } } else { printf(" %u:%u\n", src->state, dst->state); } if (opts & PF_OPT_VERBOSE) { sec = s->creation % 60; s->creation /= 60; min = s->creation % 60; s->creation /= 60; hrs = s->creation; printf(" age %.2u:%.2u:%.2u", hrs, min, sec); sec = s->expire % 60; s->expire /= 60; min = s->expire % 60; s->expire /= 60; hrs = s->expire; printf(", expires in %.2u:%.2u:%.2u", hrs, min, sec); printf(", %u pkts, %u bytes\n", s->packets, s->bytes); } }