From owner-svn-src-all@freebsd.org Sat Jul 25 14:27:13 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 82A96366303; Sat, 25 Jul 2020 14:27:13 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BDT0x2xRPz4HmQ; Sat, 25 Jul 2020 14:27:13 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 483891D223; Sat, 25 Jul 2020 14:27:13 +0000 (UTC) (envelope-from cy@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 06PERDfp092324; Sat, 25 Jul 2020 14:27:13 GMT (envelope-from cy@FreeBSD.org) Received: (from cy@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 06PERC23092322; Sat, 25 Jul 2020 14:27:12 GMT (envelope-from cy@FreeBSD.org) Message-Id: <202007251427.06PERC23092322@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: cy set sender to cy@FreeBSD.org using -f From: Cy Schubert Date: Sat, 25 Jul 2020 14:27:12 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r363526 - in stable: 11/contrib/ipfilter/man 11/contrib/ipfilter/tools 12/contrib/ipfilter/man 12/contrib/ipfilter/tools X-SVN-Group: stable-12 X-SVN-Commit-Author: cy X-SVN-Commit-Paths: in stable: 11/contrib/ipfilter/man 11/contrib/ipfilter/tools 12/contrib/ipfilter/man 12/contrib/ipfilter/tools X-SVN-Commit-Revision: 363526 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Jul 2020 14:27:13 -0000 Author: cy Date: Sat Jul 25 14:27:12 2020 New Revision: 363526 URL: https://svnweb.freebsd.org/changeset/base/363526 Log: MFC r363277-r363283 r363277: Only use the use_inet6 variable when INET6 is a build option. This is a prerequisite to upcoming argument processing cleanups which will resolve consistency as was done with ippool previously. PR: 247952 r363278: fr_family (the protocol family) must be AF_INET or AF_INET6, as in the kernel, not an arbitrary 4 or 6. This only affected printing ipfilter stats and rules from a kernel dump. (This is currently undocumented.) PR: 247952 r363279: Historically ipfstat listings and stats only listed IPv4 or IPv6 output. ipfstat would list IPv4 outputs by default while -6 would produce IPv6 outputs. This commit combines the ipfstat -i and -o outputs into one listing of IPv4 and IPv6 rules. The -4 option lists only IPv4 rules (as the default before) while -6 continues to list only rules that affect IPv6. PR: 247952 Reported by: joeb1@a1poweruser.com r363280: ipfstat -t defaults to IPv4 output. Make consistent with ipfstat -i and ipfstat -o where without an argument IPv4 and IPv6 states are shown. Use -4 and -6 to limit the display to IPv4 or IPv6 respectively. PR: 247952 r363281: Make ipfstat -t header generic when IPv4 and IPv6 output are displayed in the same display. PR: 247952 r363282: The output from usage() need not contain usage for -t when STATETOP is not compiled in. PR: 247952 Modified: stable/12/contrib/ipfilter/man/ipfstat.8 stable/12/contrib/ipfilter/tools/ipfstat.c Directory Properties: stable/12/ (props changed) Changes in other areas also in this revision: Modified: stable/11/contrib/ipfilter/man/ipfstat.8 stable/11/contrib/ipfilter/tools/ipfstat.c Directory Properties: stable/11/ (props changed) Modified: stable/12/contrib/ipfilter/man/ipfstat.8 ============================================================================== --- stable/12/contrib/ipfilter/man/ipfstat.8 Sat Jul 25 11:57:39 2020 (r363525) +++ stable/12/contrib/ipfilter/man/ipfstat.8 Sat Jul 25 14:27:12 2020 (r363526) @@ -5,7 +5,7 @@ ipfstat \- reports on packet filter statistics and fil .SH SYNOPSIS .B ipfstat [ -.B \-6aAdfghIilnoRsv +.B \-46aAdfghIilnoRsv ] .br .B ipfstat -t @@ -35,6 +35,11 @@ is to retrieve and display the accumulated statistics accumulated over time as the kernel has put packets through the filter. .SH OPTIONS .TP +.B \-4 +Display filter lists and states for IPv4, if available. This is the default +when displaying states. \fB-4\fP and \fB-6\fP is the default when +displaying lists. +.TP .B \-6 Display filter lists and states for IPv6, if available. .TP @@ -190,4 +195,5 @@ more entries is to resize the screen. .SH SEE ALSO ipf(8) .SH BUGS -none known. +\fB-4\fP and \fB-6\fP are only valid with \fB-i\fP, \fB-o\fP, and \fB-t\fP. +An error should result when used with other arguments. Modified: stable/12/contrib/ipfilter/tools/ipfstat.c ============================================================================== --- stable/12/contrib/ipfilter/tools/ipfstat.c Sat Jul 25 11:57:39 2020 (r363525) +++ stable/12/contrib/ipfilter/tools/ipfstat.c Sat Jul 25 14:27:12 2020 (r363526) @@ -57,7 +57,10 @@ static wordtab_t *state_fields = NULL; int nohdrfields = 0; int opts = 0; +#ifdef USE_INET6 +int use_inet4 = 0; int use_inet6 = 0; +#endif int live_kernel = 1; int state_fd = -1; int ipf_fd = -1; @@ -163,16 +166,18 @@ static void usage(name) char *name; { #ifdef USE_INET6 - fprintf(stderr, "Usage: %s [-6aAdfghIilnoRsv]\n", name); + fprintf(stderr, "Usage: %s [-46aAdfghIilnoRsv]\n", name); #else - fprintf(stderr, "Usage: %s [-aAdfghIilnoRsv]\n", name); + fprintf(stderr, "Usage: %s [-4aAdfghIilnoRsv]\n", name); #endif fprintf(stderr, " %s [-M corefile] [-N symbol-list]\n", name); +#ifdef STATETOP #ifdef USE_INET6 - fprintf(stderr, " %s -t [-6C] ", name); + fprintf(stderr, " %s -t [-46C] ", name); #else - fprintf(stderr, " %s -t [-C] ", name); + fprintf(stderr, " %s -t [-4C] ", name); #endif +#endif fprintf(stderr, "[-D destination address] [-P protocol] [-S source address] [-T refresh time]\n"); exit(1); } @@ -206,9 +211,9 @@ int main(argc,argv) u_32_t frf; #ifdef USE_INET6 - options = "6aACdfghIilnostvD:m:M:N:O:P:RS:T:"; + options = "46aACdfghIilnostvD:m:M:N:O:P:RS:T:"; #else - options = "aACdfghIilnostvD:m:M:N:O:P:RS:T:"; + options = "4aACdfghIilnostvD:m:M:N:O:P:RS:T:"; #endif saddr.in4.s_addr = INADDR_ANY; /* default any v4 source addr */ @@ -283,6 +288,9 @@ int main(argc,argv) switch (c) { #ifdef USE_INET6 + case '4' : + use_inet4 = 1; + break; case '6' : use_inet6 = 1; break; @@ -385,6 +393,19 @@ int main(argc,argv) break; } } +#ifdef USE_INET6 + if ((use_inet4 || use_inet6) && + !(opts & (OPT_INQUE | OPT_OUTQUE | OPT_STATETOP))) { +#ifdef STATETOP + FPRINTF(stderr, "No -i, -o, or -t given with -4 or -6\n"); +#else + FPRINTF(stderr, "No -i or -o given with -4 or -6\n"); +#endif + exit(-2); + } + if (use_inet4 == 0 && use_inet6 == 0) + use_inet4 = use_inet6 = 1; +#endif if (live_kernel == 1) { bzero((char *)&fio, sizeof(fio)); @@ -410,8 +431,13 @@ int main(argc,argv) #ifdef STATETOP else if (opts & OPT_STATETOP) topipstates(saddr, daddr, sport, dport, protocol, - use_inet6 ? 6 : 4, refreshtime, topclosed, filter); +#ifdef USE_INET6 + use_inet6 && use_inet4 ? 0 : use_inet6 && !use_inet4 ? 6 : 4, +#else + 4, #endif +#endif + refreshtime, topclosed, filter); else if (opts & OPT_AUTHSTATS) showauthstates(frauthstp); else if (opts & OPT_GROUPS) @@ -805,15 +831,21 @@ printlivelist(fiop, out, set, fp, group, comment) if (rule.iri_rule == NULL) break; #ifdef USE_INET6 - if (use_inet6 != 0) { + if (use_inet6 != 0 && use_inet4 == 0) { if (fp->fr_family != 0 && fp->fr_family != AF_INET6) continue; - } else + } else if (use_inet4 != 0 && use_inet6 == 0) { #endif - { if (fp->fr_family != 0 && fp->fr_family != AF_INET) continue; +#ifdef USE_INET6 + } else { + if (fp->fr_family != 0 && + fp->fr_family != AF_INET && fp->fr_family != AF_INET6) + continue; } +#endif + if (fp->fr_data != NULL) fp->fr_data = (char *)fp + fp->fr_size; @@ -904,13 +936,21 @@ static void printdeadlist(fiop, out, set, fp, group, c return; } fp = &fb; - if (use_inet6 != 0) { - if (fp->fr_family != 0 && fp->fr_family != 6) +#ifdef USE_INET6 + if (use_inet6 != 0 && use_inet4 == 0) { + if (fp->fr_family != 0 && fp->fr_family != AF_INET6) continue; + } else if (use_inet4 != 0 && use_inet6 == 0) { +#endif + if (fp->fr_family != 0 && fp->fr_family != AF_INET) + continue; +#ifdef USE_INET6 } else { - if (fp->fr_family != 0 && fp->fr_family != 4) + if (fp->fr_family != 0 && + fp->fr_family != AF_INET && fp->fr_family != AF_INET6) continue; } +#endif data = NULL; type = fb.fr_type & ~FR_T_BUILTIN; @@ -1338,7 +1378,7 @@ static void topipstates(saddr, daddr, sport, dport, pr if (ipsstp->iss_list == NULL) break; - if (ips.is_v != ver) + if (ver != 0 && ips.is_v != ver) continue; if ((filter != NULL) && @@ -1906,7 +1946,7 @@ static void parse_ipportstr(argument, ip, port) ok = 1; #ifdef USE_INET6 ip->in6 = in6addr_any; - } else if (use_inet6 && inet_pton(AF_INET6, s, &ip->in6)) { + } else if (use_inet6 && !use_inet4 && inet_pton(AF_INET6, s, &ip->in6)) { ok = 1; #endif } else if (inet_aton(s, &ip->in4)) @@ -1944,6 +1984,9 @@ static char *getip(v, addr) static char hostbuf[MAXHOSTNAMELEN+1]; #endif + if (v == 0) + return ("any"); + if (v == 4) return inet_ntoa(addr->in4); @@ -2047,7 +2090,7 @@ static int sort_srcip(a, b) register const statetop_t *bp = b; #ifdef USE_INET6 - if (use_inet6) { + if (use_inet6 && !use_inet4) { if (IP6_EQ(&ap->st_src, &bp->st_src)) return 0; else if (IP6_GT(&ap->st_src, &bp->st_src)) @@ -2087,7 +2130,7 @@ static int sort_dstip(a, b) register const statetop_t *bp = b; #ifdef USE_INET6 - if (use_inet6) { + if (use_inet6 && !use_inet4) { if (IP6_EQ(&ap->st_dst, &bp->st_dst)) return 0; else if (IP6_GT(&ap->st_dst, &bp->st_dst))