Date: Mon, 7 Mar 2022 13:35:23 GMT From: Cy Schubert <cy@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 8fbffd0b04fc - stable/12 - ipfilter: Print protocol when listing NAT table mappings Message-ID: <202203071335.227DZNYs073386@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/12 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=8fbffd0b04fc59d3ed547c03c132c45d0d77bea7 commit 8fbffd0b04fc59d3ed547c03c132c45d0d77bea7 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2022-02-28 19:43:33 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2022-03-07 13:34:56 +0000 ipfilter: Print protocol when listing NAT table mappings NAT table mappings list only the source and destination IP, the source and destinaion port numbers, and their mappings. But the protocol is not listed. Now that Facebook and Google use QUIC, seeing port 443 in in a list of active NAT sessions could mean 443/tcp or 443/udp. This patch adds the protocol to the listing to aid in determining whether HTTPS is TCP or QUIC in a NAT mapping listing. This also helps differentiatinete between other protocols such as ICMP, ESP, and AH in ipnat list of active sessions. (cherry picked from commit 9291d079d54b828b43d3714a5f19f0ffe92837b8) --- sbin/ipf/libipf/printactivenat.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/sbin/ipf/libipf/printactivenat.c b/sbin/ipf/libipf/printactivenat.c index fcef19a4efa7..3a6337ab0f7b 100644 --- a/sbin/ipf/libipf/printactivenat.c +++ b/sbin/ipf/libipf/printactivenat.c @@ -15,10 +15,17 @@ static const char rcsid[] = "@(#)$Id$"; #endif +static int proto_opened = 0; void printactivenat(nat_t *nat, int opts, u_long ticks) { + struct protoent *pproto; + + if (proto_opened == 0) { + proto_opened = 1; + setprotoent(1); + } PRINTF("%s", getnattype(nat)); @@ -55,6 +62,9 @@ printactivenat(nat_t *nat, int opts, u_long ticks) if ((nat->nat_flags & IPN_TCPUDP) != 0) PRINTF(" %-5hu", ntohs(nat->nat_ndport)); + pproto = getprotobynumber(nat->nat_pr[0]); + PRINTF(" %s", pproto->p_name); + } else if (nat->nat_dir == NAT_OUTBOUND) { printactiveaddress(nat->nat_v[0], "%-15s", &nat->nat_osrc6, nat->nat_ifnames[0]); @@ -76,6 +86,9 @@ printactivenat(nat_t *nat, int opts, u_long ticks) if ((nat->nat_flags & IPN_TCPUDP) != 0) PRINTF(" %hu", ntohs(nat->nat_odport)); PRINTF("]"); + + pproto = getprotobynumber(nat->nat_pr[1]); + PRINTF(" %s", pproto->p_name); } else { printactiveaddress(nat->nat_v[1], "%-15s", &nat->nat_ndst6, nat->nat_ifnames[0]); @@ -97,8 +110,12 @@ printactivenat(nat_t *nat, int opts, u_long ticks) if ((nat->nat_flags & IPN_TCPUDP) != 0) PRINTF(" %hu", ntohs(nat->nat_osport)); PRINTF("]"); + + pproto = getprotobynumber(nat->nat_pr[0]); + PRINTF(" %s", pproto->p_name); } + if (opts & OPT_VERBOSE) { PRINTF("\n\tttl %lu use %hu sumd %s/", nat->nat_age - ticks, nat->nat_use,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202203071335.227DZNYs073386>