Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 25 Jul 2020 14:27:12 +0000 (UTC)
From:      Cy Schubert <cy@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org
Subject:   svn commit: r363526 - in stable: 11/contrib/ipfilter/man 11/contrib/ipfilter/tools 12/contrib/ipfilter/man 12/contrib/ipfilter/tools
Message-ID:  <202007251427.06PERC23092322@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: cy
Date: Sat Jul 25 14:27:12 2020
New Revision: 363526
URL: https://svnweb.freebsd.org/changeset/base/363526

Log:
  MFC r363277-r363283
  
  r363277:
  Only use the use_inet6 variable when INET6 is a build option.
  
  This is a prerequisite to upcoming argument processing cleanups which
  will resolve consistency as was done with ippool previously.
  
  PR:		247952
  
  r363278:
  fr_family (the protocol family) must be AF_INET or AF_INET6, as in
  the kernel, not an arbitrary 4 or 6.
  
  This only affected printing ipfilter stats and rules from a kernel
  dump. (This is currently undocumented.)
  
  PR:		247952
  
  r363279:
  Historically ipfstat listings and stats only listed IPv4 or IPv6 output.
  ipfstat would list IPv4 outputs by default while -6 would produce IPv6
  outputs. This commit combines the ipfstat -i and -o outputs into one
  listing of IPv4 and IPv6 rules. The -4 option lists only IPv4 rules
  (as the default before) while -6 continues to list only rules that affect
  IPv6.
  
  PR:		247952
  Reported by:	joeb1@a1poweruser.com
  
  r363280:
  ipfstat -t defaults to IPv4 output. Make consistent with ipfstat -i
  and ipfstat -o where without an argument IPv4 and IPv6 states are
  shown. Use -4 and -6 to limit the display to IPv4 or IPv6 respectively.
  
  PR:		247952
  
  r363281:
  Make ipfstat -t header generic when IPv4 and IPv6 output are
  displayed in the same display.
  
  PR:		247952
  
  r363282:
  The output from usage() need not contain usage for -t when STATETOP
  is not compiled in.
  
  PR:		247952

Modified:
  stable/12/contrib/ipfilter/man/ipfstat.8
  stable/12/contrib/ipfilter/tools/ipfstat.c
Directory Properties:
  stable/12/   (props changed)

Changes in other areas also in this revision:
Modified:
  stable/11/contrib/ipfilter/man/ipfstat.8
  stable/11/contrib/ipfilter/tools/ipfstat.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/12/contrib/ipfilter/man/ipfstat.8
==============================================================================
--- stable/12/contrib/ipfilter/man/ipfstat.8	Sat Jul 25 11:57:39 2020	(r363525)
+++ stable/12/contrib/ipfilter/man/ipfstat.8	Sat Jul 25 14:27:12 2020	(r363526)
@@ -5,7 +5,7 @@ ipfstat \- reports on packet filter statistics and fil
 .SH SYNOPSIS
 .B ipfstat
 [
-.B \-6aAdfghIilnoRsv
+.B \-46aAdfghIilnoRsv
 ]
 .br
 .B ipfstat -t
@@ -35,6 +35,11 @@ is to retrieve and display the accumulated statistics 
 accumulated over time as the kernel has put packets through the filter.
 .SH OPTIONS
 .TP
+.B \-4
+Display filter lists and states for IPv4, if available. This is the default
+when displaying states.  \fB-4\fP and \fB-6\fP is the default when
+displaying lists.
+.TP
 .B \-6
 Display filter lists and states for IPv6, if available.
 .TP
@@ -190,4 +195,5 @@ more entries is to resize the screen.
 .SH SEE ALSO
 ipf(8)
 .SH BUGS
-none known.
+\fB-4\fP and \fB-6\fP are only valid with \fB-i\fP, \fB-o\fP, and \fB-t\fP.
+An error should result when used with other arguments.

Modified: stable/12/contrib/ipfilter/tools/ipfstat.c
==============================================================================
--- stable/12/contrib/ipfilter/tools/ipfstat.c	Sat Jul 25 11:57:39 2020	(r363525)
+++ stable/12/contrib/ipfilter/tools/ipfstat.c	Sat Jul 25 14:27:12 2020	(r363526)
@@ -57,7 +57,10 @@ static	wordtab_t	*state_fields = NULL;
 
 int	nohdrfields = 0;
 int	opts = 0;
+#ifdef	USE_INET6
+int	use_inet4 = 0;
 int	use_inet6 = 0;
+#endif
 int	live_kernel = 1;
 int	state_fd = -1;
 int	ipf_fd = -1;
@@ -163,16 +166,18 @@ static void usage(name)
 	char *name;
 {
 #ifdef  USE_INET6
-	fprintf(stderr, "Usage: %s [-6aAdfghIilnoRsv]\n", name);
+	fprintf(stderr, "Usage: %s [-46aAdfghIilnoRsv]\n", name);
 #else
-	fprintf(stderr, "Usage: %s [-aAdfghIilnoRsv]\n", name);
+	fprintf(stderr, "Usage: %s [-4aAdfghIilnoRsv]\n", name);
 #endif
 	fprintf(stderr, "       %s [-M corefile] [-N symbol-list]\n", name);
+#ifdef	STATETOP
 #ifdef	USE_INET6
-	fprintf(stderr, "       %s -t [-6C] ", name);
+	fprintf(stderr, "       %s -t [-46C] ", name);
 #else
-	fprintf(stderr, "       %s -t [-C] ", name);
+	fprintf(stderr, "       %s -t [-4C] ", name);
 #endif
+#endif
 	fprintf(stderr, "[-D destination address] [-P protocol] [-S source address] [-T refresh time]\n");
 	exit(1);
 }
@@ -206,9 +211,9 @@ int main(argc,argv)
 	u_32_t frf;
 
 #ifdef	USE_INET6
-	options = "6aACdfghIilnostvD:m:M:N:O:P:RS:T:";
+	options = "46aACdfghIilnostvD:m:M:N:O:P:RS:T:";
 #else
-	options = "aACdfghIilnostvD:m:M:N:O:P:RS:T:";
+	options = "4aACdfghIilnostvD:m:M:N:O:P:RS:T:";
 #endif
 
 	saddr.in4.s_addr = INADDR_ANY; 	/* default any v4 source addr */
@@ -283,6 +288,9 @@ int main(argc,argv)
 		switch (c)
 		{
 #ifdef	USE_INET6
+		case '4' :
+			use_inet4 = 1;
+			break;
 		case '6' :
 			use_inet6 = 1;
 			break;
@@ -385,6 +393,19 @@ int main(argc,argv)
 			break;
 		}
 	}
+#ifdef	USE_INET6
+	if ((use_inet4 || use_inet6) &&
+	   !(opts & (OPT_INQUE | OPT_OUTQUE | OPT_STATETOP))) {
+#ifdef	STATETOP
+		FPRINTF(stderr, "No -i, -o, or -t given with -4 or -6\n");
+#else
+		FPRINTF(stderr, "No -i or -o given with -4 or -6\n");
+#endif
+		exit(-2);
+	}
+	if (use_inet4 == 0 && use_inet6 == 0)
+		use_inet4 = use_inet6 = 1;
+#endif
 
 	if (live_kernel == 1) {
 		bzero((char *)&fio, sizeof(fio));
@@ -410,8 +431,13 @@ int main(argc,argv)
 #ifdef STATETOP
 	else if (opts & OPT_STATETOP)
 		topipstates(saddr, daddr, sport, dport, protocol,
-			    use_inet6 ? 6 : 4, refreshtime, topclosed, filter);
+#ifdef	USE_INET6
+		use_inet6 && use_inet4 ? 0 : use_inet6 && !use_inet4 ? 6 : 4,
+#else
+		4,
 #endif
+#endif
+			    refreshtime, topclosed, filter);
 	else if (opts & OPT_AUTHSTATS)
 		showauthstates(frauthstp);
 	else if (opts & OPT_GROUPS)
@@ -805,15 +831,21 @@ printlivelist(fiop, out, set, fp, group, comment)
 		if (rule.iri_rule == NULL)
 			break;
 #ifdef USE_INET6
-		if (use_inet6 != 0) {
+		if (use_inet6 != 0 && use_inet4 == 0) {
 			if (fp->fr_family != 0 && fp->fr_family != AF_INET6)
 				continue;
-		} else
+		} else if (use_inet4 != 0 && use_inet6 == 0) {
 #endif
-		{
 			if (fp->fr_family != 0 && fp->fr_family != AF_INET)
 				continue;
+#ifdef USE_INET6
+		} else {
+			if (fp->fr_family != 0 &&
+			   fp->fr_family != AF_INET && fp->fr_family != AF_INET6)
+				continue;
 		}
+#endif
+
 		if (fp->fr_data != NULL)
 			fp->fr_data = (char *)fp + fp->fr_size;
 
@@ -904,13 +936,21 @@ static void printdeadlist(fiop, out, set, fp, group, c
 			return;
 		}
 		fp = &fb;
-		if (use_inet6 != 0) {
-			if (fp->fr_family != 0 && fp->fr_family != 6)
+#ifdef	USE_INET6
+		if (use_inet6 != 0 && use_inet4 == 0) {
+			if (fp->fr_family != 0 && fp->fr_family != AF_INET6)
 				continue;
+		} else if (use_inet4 != 0 && use_inet6 == 0) {
+#endif
+			if (fp->fr_family != 0 && fp->fr_family != AF_INET)
+				continue;
+#ifdef	USE_INET6
 		} else {
-			if (fp->fr_family != 0 && fp->fr_family != 4)
+			if (fp->fr_family != 0 &&
+			   fp->fr_family != AF_INET && fp->fr_family != AF_INET6)
 				continue;
 		}
+#endif
 
 		data = NULL;
 		type = fb.fr_type & ~FR_T_BUILTIN;
@@ -1338,7 +1378,7 @@ static void topipstates(saddr, daddr, sport, dport, pr
 			if (ipsstp->iss_list == NULL)
 				break;
 
-			if (ips.is_v != ver)
+			if (ver != 0 && ips.is_v != ver)
 				continue;
 
 			if ((filter != NULL) &&
@@ -1906,7 +1946,7 @@ static void parse_ipportstr(argument, ip, port)
 		ok = 1;
 #ifdef	USE_INET6
 		ip->in6 = in6addr_any;
-	} else if (use_inet6 && inet_pton(AF_INET6, s, &ip->in6)) {
+	} else if (use_inet6 && !use_inet4 && inet_pton(AF_INET6, s, &ip->in6)) {
 		ok = 1;
 #endif
 	} else if (inet_aton(s, &ip->in4))
@@ -1944,6 +1984,9 @@ static char *getip(v, addr)
 	static char hostbuf[MAXHOSTNAMELEN+1];
 #endif
 
+	if (v == 0)
+		return ("any");
+
 	if (v == 4)
 		return inet_ntoa(addr->in4);
 
@@ -2047,7 +2090,7 @@ static int sort_srcip(a, b)
 	register const statetop_t *bp = b;
 
 #ifdef USE_INET6
-	if (use_inet6) {
+	if (use_inet6 && !use_inet4) {
 		if (IP6_EQ(&ap->st_src, &bp->st_src))
 			return 0;
 		else if (IP6_GT(&ap->st_src, &bp->st_src))
@@ -2087,7 +2130,7 @@ static int sort_dstip(a, b)
 	register const statetop_t *bp = b;
 
 #ifdef USE_INET6
-	if (use_inet6) {
+	if (use_inet6 && !use_inet4) {
 		if (IP6_EQ(&ap->st_dst, &bp->st_dst))
 			return 0;
 		else if (IP6_GT(&ap->st_dst, &bp->st_dst))



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202007251427.06PERC23092322>