From owner-svn-src-head@freebsd.org Fri Jul 17 19:07:43 2020 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 767A436C61E; Fri, 17 Jul 2020 19:07:43 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B7gcH1PtXz4Pk0; Fri, 17 Jul 2020 19:07:42 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6851F1DEC8; Fri, 17 Jul 2020 19:07:41 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 06HJ7fbs015833; Fri, 17 Jul 2020 19:07:41 GMT (envelope-from cy@FreeBSD.org) Received: (from cy@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 06HJ7fsB015831; Fri, 17 Jul 2020 19:07:41 GMT (envelope-from cy@FreeBSD.org) Message-Id: <202007171907.06HJ7fsB015831@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: cy set sender to cy@FreeBSD.org using -f From: Cy Schubert Date: Fri, 17 Jul 2020 19:07:41 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r363279 - in head/contrib/ipfilter: man tools X-SVN-Group: head X-SVN-Commit-Author: cy X-SVN-Commit-Paths: in head/contrib/ipfilter: man tools X-SVN-Commit-Revision: 363279 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jul 2020 19:07:43 -0000 Author: cy Date: Fri Jul 17 19:07:40 2020 New Revision: 363279 URL: https://svnweb.freebsd.org/changeset/base/363279 Log: Historically ipfstat listings and stats only listed IPv4 or IPv6 output. ipfstat would list IPv4 outputs by default while -6 would produce IPv6 outputs. This commit combines the ipfstat -i and -o outputs into one listing of IPv4 and IPv6 rules. The -4 option lists only IPv4 rules (as the default before) while -6 continues to list only rules that affect IPv6. PR: 247952 Reported by: joeb1@a1poweruser.com MFC after: 1 week Modified: head/contrib/ipfilter/man/ipfstat.8 head/contrib/ipfilter/tools/ipfstat.c Modified: head/contrib/ipfilter/man/ipfstat.8 ============================================================================== --- head/contrib/ipfilter/man/ipfstat.8 Fri Jul 17 19:07:37 2020 (r363278) +++ head/contrib/ipfilter/man/ipfstat.8 Fri Jul 17 19:07:40 2020 (r363279) @@ -5,7 +5,7 @@ ipfstat \- reports on packet filter statistics and fil .SH SYNOPSIS .B ipfstat [ -.B \-6aAdfghIilnoRsv +.B \-46aAdfghIilnoRsv ] .br .B ipfstat -t @@ -35,6 +35,11 @@ is to retrieve and display the accumulated statistics accumulated over time as the kernel has put packets through the filter. .SH OPTIONS .TP +.B \-4 +Display filter lists and states for IPv4, if available. This is the default +when displaying states. \fB-4\fP and \fB-6\fP is the default when +displaying lists. +.TP .B \-6 Display filter lists and states for IPv6, if available. .TP @@ -190,4 +195,4 @@ more entries is to resize the screen. .SH SEE ALSO ipf(8) .SH BUGS -none known. +\fB-4\fP and \fB-6\fP should also be the default when displaying states. Modified: head/contrib/ipfilter/tools/ipfstat.c ============================================================================== --- head/contrib/ipfilter/tools/ipfstat.c Fri Jul 17 19:07:37 2020 (r363278) +++ head/contrib/ipfilter/tools/ipfstat.c Fri Jul 17 19:07:40 2020 (r363279) @@ -58,6 +58,7 @@ static wordtab_t *state_fields = NULL; int nohdrfields = 0; int opts = 0; #ifdef USE_INET6 +int use_inet4 = 0; int use_inet6 = 0; #endif int live_kernel = 1; @@ -165,15 +166,15 @@ static void usage(name) char *name; { #ifdef USE_INET6 - fprintf(stderr, "Usage: %s [-6aAdfghIilnoRsv]\n", name); + fprintf(stderr, "Usage: %s [-46aAdfghIilnoRsv]\n", name); #else - fprintf(stderr, "Usage: %s [-aAdfghIilnoRsv]\n", name); + fprintf(stderr, "Usage: %s [-4aAdfghIilnoRsv]\n", name); #endif fprintf(stderr, " %s [-M corefile] [-N symbol-list]\n", name); #ifdef USE_INET6 - fprintf(stderr, " %s -t [-6C] ", name); + fprintf(stderr, " %s -t [-46C] ", name); #else - fprintf(stderr, " %s -t [-C] ", name); + fprintf(stderr, " %s -t [-4C] ", name); #endif fprintf(stderr, "[-D destination address] [-P protocol] [-S source address] [-T refresh time]\n"); exit(1); @@ -208,9 +209,9 @@ int main(argc,argv) u_32_t frf; #ifdef USE_INET6 - options = "6aACdfghIilnostvD:m:M:N:O:P:RS:T:"; + options = "46aACdfghIilnostvD:m:M:N:O:P:RS:T:"; #else - options = "aACdfghIilnostvD:m:M:N:O:P:RS:T:"; + options = "4aACdfghIilnostvD:m:M:N:O:P:RS:T:"; #endif saddr.in4.s_addr = INADDR_ANY; /* default any v4 source addr */ @@ -285,6 +286,9 @@ int main(argc,argv) switch (c) { #ifdef USE_INET6 + case '4' : + use_inet4 = 1; + break; case '6' : use_inet6 = 1; break; @@ -387,6 +391,10 @@ int main(argc,argv) break; } } +#ifdef USE_INET6 + if (use_inet4 == 0 && use_inet6 == 0) + use_inet4 = use_inet6 = 1; +#endif if (live_kernel == 1) { bzero((char *)&fio, sizeof(fio)); @@ -413,7 +421,7 @@ int main(argc,argv) else if (opts & OPT_STATETOP) topipstates(saddr, daddr, sport, dport, protocol, #ifdef USE_INET6 - use_inet6 ? 6 : 4, + use_inet6 && !use_inet4 ? 6 : 4, #else 4, #endif @@ -812,15 +820,21 @@ printlivelist(fiop, out, set, fp, group, comment) if (rule.iri_rule == NULL) break; #ifdef USE_INET6 - if (use_inet6 != 0) { + if (use_inet6 != 0 && use_inet4 == 0) { if (fp->fr_family != 0 && fp->fr_family != AF_INET6) continue; - } else + } else if (use_inet4 != 0 && use_inet6 == 0) { #endif - { if (fp->fr_family != 0 && fp->fr_family != AF_INET) continue; +#ifdef USE_INET6 + } else { + if (fp->fr_family != 0 && + fp->fr_family != AF_INET && fp->fr_family != AF_INET6) + continue; } +#endif + if (fp->fr_data != NULL) fp->fr_data = (char *)fp + fp->fr_size; @@ -912,15 +926,20 @@ static void printdeadlist(fiop, out, set, fp, group, c } fp = &fb; #ifdef USE_INET6 - if (use_inet6 != 0) { + if (use_inet6 != 0 && use_inet4 == 0) { if (fp->fr_family != 0 && fp->fr_family != AF_INET6) continue; - } else + } else if (use_inet4 != 0 && use_inet6 == 0) { #endif - { if (fp->fr_family != 0 && fp->fr_family != AF_INET) continue; +#ifdef USE_INET6 + } else { + if (fp->fr_family != 0 && + fp->fr_family != AF_INET && fp->fr_family != AF_INET6) + continue; } +#endif data = NULL; type = fb.fr_type & ~FR_T_BUILTIN; @@ -1916,7 +1935,7 @@ static void parse_ipportstr(argument, ip, port) ok = 1; #ifdef USE_INET6 ip->in6 = in6addr_any; - } else if (use_inet6 && inet_pton(AF_INET6, s, &ip->in6)) { + } else if (use_inet6 && !use_inet4 && inet_pton(AF_INET6, s, &ip->in6)) { ok = 1; #endif } else if (inet_aton(s, &ip->in4)) @@ -2057,7 +2076,7 @@ static int sort_srcip(a, b) register const statetop_t *bp = b; #ifdef USE_INET6 - if (use_inet6) { + if (use_inet6 && !use_inet4) { if (IP6_EQ(&ap->st_src, &bp->st_src)) return 0; else if (IP6_GT(&ap->st_src, &bp->st_src)) @@ -2097,7 +2116,7 @@ static int sort_dstip(a, b) register const statetop_t *bp = b; #ifdef USE_INET6 - if (use_inet6) { + if (use_inet6 && !use_inet4) { if (IP6_EQ(&ap->st_dst, &bp->st_dst)) return 0; else if (IP6_GT(&ap->st_dst, &bp->st_dst))