Date: Tue, 25 Oct 2022 19:38:28 +0200 From: Guy Brand <gb@unistra.fr> To: pf@freebsd.org Subject: Re: logging NAT sessions (connection tracking) Message-ID: <Y1gfFIAQV60SN7cz@unistra.fr> In-Reply-To: <4fa4e31a-449d-5b79-5d59-12de4bbd7651@comcast.net> References: <bcf956ba-5024-3f3d-2142-c63208d55c27@comcast.net> <Y1D1FPs3Z/tgc9cn@unistra.fr> <4fa4e31a-449d-5b79-5d59-12de4bbd7651@comcast.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--HB3ry6+WaBysnelJ
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
On Oct 20, 2022 at 09:50 -0700, fddi wrote:
Hi,
> I would greatly appreciate to take a look at your modification if you are
> keen to share it.
Please find them attached. They should apply without conflict to commit
62105136d9037c.
Best.
--
Guy
--HB3ry6+WaBysnelJ
Content-Type: text/plain; charset=utf-8
Content-Disposition: attachment; filename="0003-Reformat-ouput.patch"
Content-Transfer-Encoding: quoted-printable
=46rom c134a81d26e67a88a744ad68a351f107aa1638a5 Mon Sep 17 00:00:00 2001
=46rom: John Doe <john@localhost>
Date: Wed, 18 Sep 2019 10:14:18 +0200
Subject: [PATCH 3/3] Reformat ouput
- rewrite format function
- Add DEBUG mode
---
Makefile | 13 +++-
pf_nattrack.c | 162 +++++++++++++++++++++++++++-----------------------
pf_nattrack.h | 3 +
3 files changed, 102 insertions(+), 76 deletions(-)
diff --git a/Makefile b/Makefile
index 2db0e00..d8df33d 100644
--- a/Makefile
+++ b/Makefile
@@ -1,8 +1,12 @@
CC =3D cc
-CFLAGS =3D -g -DDEBUG
+#CFLAGS =3D -g -DDEBUG
+CFLAGS =3D -g=20
+CFLAGS =3D -O2
OBJS =3D pf_nattrack.o list.o hash.o
+BIN =3D pf_nattrack
+DST =3D /local/bin
=20
-pf_nattrack:$(OBJS)
+$(BIN):$(OBJS)
$(CC) $(CFLAGS) -o $(.TARGET) $(.ALLSRC)
=20
hash.o:hash.c
@@ -11,5 +15,8 @@ list.o:list.c pf_nattrack.h
=20
pf_nattrack.o:pf_nattrack.c pf_nattrack.h hash.h
=20
+install:
+ mkdir -p $(DST)
+ cp $(BIN) $(DST)
clean:
- rm -f $(OBJS)
+ rm -f $(OBJS) $(BIN)
diff --git a/pf_nattrack.c b/pf_nattrack.c
index 83c73f1..3e45778 100644
--- a/pf_nattrack.c
+++ b/pf_nattrack.c
@@ -6,6 +6,7 @@
#include <unistd.h>
#include <sys/queue.h>
#include <sys/ioctl.h>
+#include <syslog.h>
=20
// network libs
#include <sys/socket.h>
@@ -27,6 +28,9 @@ static uint32_t pf_hashseed;
=20
struct pf_nattrack_hash *pfnt_hash;
=20
+// Time between each loop
+#define WAIT_INTERVAL PFTM_INTERVAL
+
/*
* hashkey()
*
@@ -63,86 +67,95 @@ void initialize() {
*
* function used to print out an error message
*/
-static void
-printerror(char *s)
+static void printerror(char *s)
{
- char *msg;
- msg =3D strerror(errno);
- fprintf(stderr, "ERROR: %s: %s\n", s, msg);
- return;
+ char *msg;
+ msg =3D strerror(errno);
+ fprintf(stderr, "ERROR: %s: %s\n", s, msg);
+ return;
}
=20
=20
+/*
+ * print_addr_port()
+ *=20
+ * print field name, address (for given address family) and port number
+ */
+void format_addr_port(char *str, int size, sa_family_t af, struct pf_addr =
*addr, u_int16_t port) {
+ char buf[MAXSTRSIZE];
+
+ bzero((void *)buf, MAXSTRSIZE);
+ snprintf(str , size , "%s:%d"
+ , ((inet_ntop(af, addr, buf, sizeof(buf)) =3D=3D NULL) ? "?" :=
buf)
+ , port
+ );
+}
+
/*
* print_nattrack()
*
* print out the NAT tuple
*/
-void print_nattrack(struct pf_nattrack *nt, int opts) {
- char buf[INET_ADDRSTRLEN];
- time_t rawtime;
- struct tm * timeinfo;
- char fmttime[80];
=20
- time (&rawtime);
- timeinfo =3D localtime (&rawtime);
- strftime(fmttime,80,"%Y-%m-%d,%H:%M:%S",timeinfo);
+void print_nattrack(struct pf_nattrack *nt, int opts) {
+ char line[MAXLINESIZE];
+ char osrc[MAXSTRSIZE], tsrc[MAXSTRSIZE], tdst[MAXSTRSIZE];
=20
if (!nt) return;
+
switch (nt->af) {
- case AF_INET:
- // date/time and protocol
- printf("%s proto=3D%u", fmttime, nt->proto);
-
- // original source address and port
- printf(" osrc=3D");
- if (inet_ntop(nt->af, &nt->c.osrc, buf, sizeof(buf)) =3D=3D NULL)
- printf("?");
- else
- printf("%s", buf);
- printf(":%u", nt->c.osport);
-
- // translated source address and port
- printf(" tsrc=3D");
- if (inet_ntop(nt->af, &nt->c.tsrc, buf, sizeof(buf)) =3D=3D NULL)
- printf("?");
- else
- printf("%s", buf);
- printf(":%u", nt->c.tsport);
-
- // original destination address and port
- printf(" odst=3D");
- if (inet_ntop(nt->af, &nt->c.odst, buf, sizeof(buf)) =3D=3D NULL)
- printf("?");
- else
- printf("%s", buf);
- printf(":%u", nt->c.odport);
-
- // translated destination address and port
- printf(" tdst=3D");
- if (inet_ntop(nt->af, &nt->c.tdst, buf, sizeof(buf)) =3D=3D NULL)
- printf("?");
- else
- printf("%s", buf);
- printf(":%u", nt->c.tdport);
-
- printf(" duration=3D%u", nt->duration);
- // TODO: should store interface?
-
- printf("\n");
- break;
- default:
- printf("ERROR: unknown or unsupportted address family\n");
+ case AF_INET:
+ // original source address and port
+ format_addr_port(osrc, MAXSTRSIZE, nt->af, &nt->c.osrc, nt->c.osp=
ort);
+ // translated source address and port
+ format_addr_port(tsrc, MAXSTRSIZE, nt->af, &nt->c.tsrc, nt->c.tsp=
ort);
+ // translated destination address and port
+ format_addr_port(tdst, MAXSTRSIZE, nt->af, &nt->c.tdst, nt->c.tdp=
ort);
+
+ snprintf(line , MAXLINESIZE
+ , "proto=3D%u osrc=3D%s tsrc=3D%s tdst=3D%s duration=3D%u"
+ , nt->proto, osrc, tsrc, tdst, nt->duration
+ );
+ // TODO: should store interface?
+
+ //printf("%s\n",line);
+ syslog(LOG_DEBUG|LOG_LOCAL6, "%s", line);
+ break;
+ default:
+ printf("ERROR: unknown or unsupported address family\n");
}
}
=20
+/*
+ * Display and free each element=20
+ */
void free_list(struct pf_nattrack_list **l) {
struct pf_nattrack_list *item;
struct pf_nattrack_hash *pfnth;
+ int count =3D 0;
+ double delay;
+
+ // number of states to display =20
+ item =3D *l;
+ while(item) {
+ count++;
+ item =3D item->next;
+ }
+
+ if(count =3D=3D 0)=20
+ return;
+
+ // time to wait between each event sent
+ delay =3D ( (WAIT_INTERVAL) * 1.0E6 / count) ;
+
+ // calculate pause to match sending rate
=20
while(*l) {
item =3D *l;
+
print_nattrack(item->nt, 0);
+ usleep(delay);
+
pfnth =3D &pfnt_hash[hashkey(item->nt)];
ldel(&pfnth->list, item->ref);
ldel(l, item);
@@ -153,10 +166,10 @@ void free_list(struct pf_nattrack_list **l) {
}
=20
uint8_t convert_state(struct pfsync_state *state, struct pf_nattrack *node=
) {
- struct pfsync_state_key *orig, *trans;
+ struct pfsync_state_key *orig, *trans;
uint8_t src, dst;
=20
- if (state->direction =3D=3D PF_OUT) {
+ if (state->direction =3D=3D PF_OUT) {
src =3D 1; dst =3D 0;
orig =3D &state->key[PF_SK_STACK];
trans =3D &state->key[PF_SK_WIRE];
@@ -174,8 +187,10 @@ uint8_t convert_state(struct pfsync_state *state, stru=
ct pf_nattrack *node) {
PF_AEQ(&orig->addr[dst], &trans->addr[dst], state->af) &&
orig->port[src] =3D=3D trans->port[src] &&
orig->port[dst] =3D=3D trans->port[dst])) {
- //printf("NO_NAT!\n");
- return 0;
+ #ifdef DEBUG
+ printf("NO_NAT!\n");
+ #endif
+ return 0;
}
=20
memset(node, 0, sizeof(struct pf_nattrack));
@@ -195,10 +210,6 @@ uint8_t convert_state(struct pfsync_state *state, stru=
ct pf_nattrack *node) {
return 1;
}
=20
-/*
-uint8_t pf_getstates(struct pf_nattrack *node) {
-}
-*/
=20
int main() {
struct pf_nattrack_hash *pfnth =3D NULL;
@@ -216,10 +227,11 @@ int main() {
}
=20
do {
- //printf("\n\n=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D\n");
- //printf("Nova rodada\n");
- //printf("=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D\n");
-
+ #ifdef DEBUG
+ printf("\n\n=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D\n");
+ printf("New turn\n");
+ printf("=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D\n");
+ #endif
freelist =3D lastlist;
lastlist =3D NULL;
=20
@@ -251,7 +263,7 @@ int main() {
if (len =3D=3D 0 && ps.ps_len !=3D 0)
len =3D ps.ps_len;
if (ps.ps_len =3D=3D 0)
- goto done; /* no states */
+ goto done; /* no states */
len *=3D 2;
}
p =3D ps.ps_states;
@@ -263,12 +275,16 @@ int main() {
item =3D lfind(pfnth->list, &node);
=20
if (item) {
- //printf("Item found! Deleting from freelist\n");
+ #ifdef DEBUG
+ printf("Item found! Deleting from freelist\n");
+ #endif
item2 =3D item->ref;
*(item2->nt) =3D node;
ldel(&freelist, item2);
} else {
- //printf("Not found. Inserting...\n");
+ #ifdef DEBUG
+ printf("Not found. Inserting...\n");
+ #endif
nodep =3D (struct pf_nattrack *)malloc(sizeof(struct pf_nattra=
ck));
*nodep =3D node;
item =3D (struct pf_nattrack_list *)malloc(
@@ -287,7 +303,7 @@ done:
free(inbuf);
free_list(&freelist);
=20
- sleep(PFTM_INTERVAL);
+ // sleep(PFTM_INTERVAL);
} while(1);
=20
free_list(&lastlist);
diff --git a/pf_nattrack.h b/pf_nattrack.h
index 97f95b2..8aadf8c 100644
--- a/pf_nattrack.h
+++ b/pf_nattrack.h
@@ -35,4 +35,7 @@ void ldel(struct pf_nattrack_list **head, struct pf_nattr=
ack_list *no);
struct pf_nattrack_list *lfind(struct pf_nattrack_list *head,=20
struct pf_nattrack *nt);
=20
+#define MAXSTRSIZE 256
+#define MAXLINESIZE 2048
+
#endif
--=20
2.38.1
--HB3ry6+WaBysnelJ
Content-Type: text/plain; charset=utf-8
Content-Disposition: attachment; filename="0002-Adding-a-makefile.patch"
Content-Transfer-Encoding: quoted-printable
=46rom bd431425d129177081754930485ba4461493f14e Mon Sep 17 00:00:00 2001
=46rom: John Doe <john@localhost>
Date: Mon, 25 Sep 2017 13:01:19 +0200
Subject: [PATCH 2/3] Adding a makefile
---
Makefile | 15 +++++++++++++++
1 file changed, 15 insertions(+)
create mode 100644 Makefile
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..2db0e00
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,15 @@
+CC =3D cc
+CFLAGS =3D -g -DDEBUG
+OBJS =3D pf_nattrack.o list.o hash.o
+
+pf_nattrack:$(OBJS)
+ $(CC) $(CFLAGS) -o $(.TARGET) $(.ALLSRC)
+
+hash.o:hash.c
+
+list.o:list.c pf_nattrack.h
+
+pf_nattrack.o:pf_nattrack.c pf_nattrack.h hash.h
+
+clean:
+ rm -f $(OBJS)
--=20
2.38.1
--HB3ry6+WaBysnelJ
Content-Type: text/plain; charset=utf-8
Content-Disposition: attachment;
filename="0001-Remove-function-reading-on-stdin.patch"
Content-Transfer-Encoding: quoted-printable
=46rom 7bc51eaab3ae53d753dbbb72ec0b82642130e4db Mon Sep 17 00:00:00 2001
=46rom: John Doe <john@localhost>
Date: Mon, 25 Sep 2017 13:01:07 +0200
Subject: [PATCH 1/3] Remove function reading on stdin
---
pf_nattrack.c | 86 ---------------------------------------------------
1 file changed, 86 deletions(-)
diff --git a/pf_nattrack.c b/pf_nattrack.c
index 4b4290a..83c73f1 100644
--- a/pf_nattrack.c
+++ b/pf_nattrack.c
@@ -200,51 +200,6 @@ uint8_t pf_getstates(struct pf_nattrack *node) {
}
*/
=20
-struct pf_nattrack * read_input(struct pf_nattrack *node) {
- char osrc[30], tsrc[30], dst[30], dir[10];
- int o_sport, t_sport, dport;
-
- scanf("\n%[^:]:%d (%[^:]:%d) %s %[^:]:%d",osrc, &o_sport, tsrc, &t_spor=
t, dir, dst, &dport);
- //printf("osrc=3D%s o_sport=3D%d tsrc=3D%s t_sport=3D%d dst=3D%s dport=
=3D%d\n", osrc, o_sport, tsrc, t_sport, dst, dport);
-
- memset(node, 0, sizeof(struct pf_nattrack));
-
- // original source address and port
- if (!inet_pton(AF_INET, osrc, &node->c.osrc.v4)) {
- printf("ERROR: invalid v4 addr (osrc=3D%s)\n", osrc);
- return NULL;
- }
- node->c.osport =3D o_sport;
-
- // translated source address and port
- if (!inet_pton(AF_INET, tsrc, &node->c.tsrc.v4)) {
- printf("ERROR: invalid v4 addr (osrc=3D%s)\n", tsrc);
- return NULL;
- }
- node->c.tsport =3D t_sport;
-
- // original destination address and port
- // TODO: change to odst
- if (!inet_pton(AF_INET, dst, &node->c.odst.v4)) {
- printf("ERROR: invalid v4 addr (odst=3D%s)\n", dst);
- return NULL;
- }
- node->c.odport =3D dport;
-
- // translated destination address and port
- // TODO: change to tdst
- if (!inet_pton(AF_INET, dst, &node->c.tdst.v4)) {
- printf("ERROR: invalid v4 addr (odst=3D%s)\n", dst);
- return NULL;
- }
- node->c.tdport =3D dport;
-
- node->af =3D AF_INET;
-
- return node;
-}
-
-
int main() {
struct pf_nattrack_hash *pfnth =3D NULL;
struct pf_nattrack_list *item, *item2;
@@ -334,47 +289,6 @@ done:
=20
sleep(PFTM_INTERVAL);
} while(1);
- /* comentando para trabalhar com o get_states
- while ( scanf("\n%d", &i) !=3D EOF && i !=3D 0) {
- if (!read_input(&node)) continue;
-
- pfnth =3D &pfnt_hash[hashkey(&node)];
-
- item =3D lfind(pfnth->list, &node);
-
- if (item) {
- //printf("Item found! Deleting from freelist\n");
- item2 =3D item->ref;
- ldel(&freelist, item2);
- } else {
- //printf("Not found. Inserting...\n");
- nodep =3D (struct pf_nattrack *)malloc(sizeof(struct pf_nattra=
ck));
- *nodep =3D node;
- item =3D (struct pf_nattrack_list *)malloc(
- sizeof(struct pf_nattrack_list));
- item->nt =3D nodep;
- item2 =3D (struct pf_nattrack_list *)malloc(
- sizeof(struct pf_nattrack_list));
- item2->nt =3D nodep;
- ladd(&pfnth->list, item);
- item->ref =3D item2;
- }
- ladd(&lastlist, item2);
- item2->ref =3D item;
- }
- //printf("done\n");
- //printf("-> removendo itens da freelist\n");
- free_list(&freelist);
- //printf("-> items armazenados:\n");
- //for(i=3D0; i <=3D pf_hashmask; i++) {
- // for(item=3Dpfnt_hash[i].list; item; item=3Ditem->next) {
- // print_nattrack(item->nt, 0);
- // }
- //}
-
- //printf("Nova rodada? (1 =3D sim) ");
- } while(scanf("\n%d", &i) !=3D EOF && i !=3D 0);
- */ // comentando para get_states
=20
free_list(&lastlist);
free(pfnt_hash);
--=20
2.38.1
--HB3ry6+WaBysnelJ--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Y1gfFIAQV60SN7cz>