From nobody Tue Oct 25 17:38:28 2022 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MxfLh6btZz4gRwm for ; Tue, 25 Oct 2022 17:38:52 +0000 (UTC) (envelope-from gb@unistra.fr) Received: from smr2.u-strasbg.fr (smr2.u-strasbg.fr [130.79.222.218]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4MxfLg2mWmz3DTN for ; Tue, 25 Oct 2022 17:38:51 +0000 (UTC) (envelope-from gb@unistra.fr) Received: from xenon.localdomain (mojito.u-strasbg.fr [130.79.116.2]) by smr2.u-strasbg.fr (Postfix) with ESMTP id 52ED61E1666 for ; Tue, 25 Oct 2022 19:38:47 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=unistra.fr; s=smr; t=1666719528; bh=w8BUrhL8aTlVEUlDWlDZREgj51oRNHDiAO5sRY6Fn3E=; h=Date:From:To:Subject:References:In-Reply-To:From; b=CDEQPh7uGYjjGp520KHJs+vkZjSLktmVzVaDNKckmpcI3Kw0XYo/AOReCEZTSA76M 8kPgJr1y8/sdTZg7e2426ny1K6Oj0r9tocmOwFxfVYgCPcbvm5kTWvkg35prqoXpt6 hpWZw24FoQRYtPD/f6R317PHb0Cy64k1TnRSHfLk= Received: by xenon.localdomain (Postfix, from userid 1001) id D70BA2C55F4; Tue, 25 Oct 2022 19:38:28 +0200 (CEST) Date: Tue, 25 Oct 2022 19:38:28 +0200 From: Guy Brand To: pf@freebsd.org Subject: Re: logging NAT sessions (connection tracking) Message-ID: References: <4fa4e31a-449d-5b79-5d59-12de4bbd7651@comcast.net> List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="HB3ry6+WaBysnelJ" Content-Disposition: inline In-Reply-To: <4fa4e31a-449d-5b79-5d59-12de4bbd7651@comcast.net> x-gpg-fingerprint: B716ABC5666A325219F3024D1622A7B686EFCC9D x-gpg-key: 0x1622A7B686EFCC9D X-Rspamd-Queue-Id: 4MxfLg2mWmz3DTN X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=unistra.fr header.s=smr header.b=CDEQPh7u; dmarc=none; spf=pass (mx1.freebsd.org: domain of gb@unistra.fr designates 130.79.222.218 as permitted sender) smtp.mailfrom=gb@unistra.fr X-Spamd-Result: default: False [-6.12 / 15.00]; DWL_DNSWL_MED(-2.00)[unistra.fr:dkim]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-0.97)[-0.966]; NEURAL_HAM_SHORT(-0.96)[-0.959]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; RCVD_IN_DNSWL_MED(-0.20)[130.79.222.218:from]; R_SPF_ALLOW(-0.20)[+ip4:130.79.222.208/28]; R_DKIM_ALLOW(-0.20)[unistra.fr:s=smr]; MIME_GOOD(-0.10)[multipart/mixed,text/plain]; DKIM_TRACE(0.00)[unistra.fr:+]; MLMMJ_DEST(0.00)[pf@freebsd.org]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:+,4:+]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[unistra.fr]; RCPT_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:2259, ipnet:130.79.0.0/16, country:EU]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; PREVIOUSLY_DELIVERED(0.00)[pf@freebsd.org]; HAS_ATTACHMENT(0.00)[]; TO_DN_NONE(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-ThisMailContainsUnwantedMimeParts: N --HB3ry6+WaBysnelJ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline On Oct 20, 2022 at 09:50 -0700, fddi wrote: Hi, > I would greatly appreciate to take a look at your modification if you are > keen to share it. Please find them attached. They should apply without conflict to commit 62105136d9037c. Best. -- Guy --HB3ry6+WaBysnelJ Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0003-Reformat-ouput.patch" Content-Transfer-Encoding: quoted-printable =46rom c134a81d26e67a88a744ad68a351f107aa1638a5 Mon Sep 17 00:00:00 2001 =46rom: John Doe Date: Wed, 18 Sep 2019 10:14:18 +0200 Subject: [PATCH 3/3] Reformat ouput - rewrite format function - Add DEBUG mode --- Makefile | 13 +++- pf_nattrack.c | 162 +++++++++++++++++++++++++++----------------------- pf_nattrack.h | 3 + 3 files changed, 102 insertions(+), 76 deletions(-) diff --git a/Makefile b/Makefile index 2db0e00..d8df33d 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,12 @@ CC =3D cc -CFLAGS =3D -g -DDEBUG +#CFLAGS =3D -g -DDEBUG +CFLAGS =3D -g=20 +CFLAGS =3D -O2 OBJS =3D pf_nattrack.o list.o hash.o +BIN =3D pf_nattrack +DST =3D /local/bin =20 -pf_nattrack:$(OBJS) +$(BIN):$(OBJS) $(CC) $(CFLAGS) -o $(.TARGET) $(.ALLSRC) =20 hash.o:hash.c @@ -11,5 +15,8 @@ list.o:list.c pf_nattrack.h =20 pf_nattrack.o:pf_nattrack.c pf_nattrack.h hash.h =20 +install: + mkdir -p $(DST) + cp $(BIN) $(DST) clean: - rm -f $(OBJS) + rm -f $(OBJS) $(BIN) diff --git a/pf_nattrack.c b/pf_nattrack.c index 83c73f1..3e45778 100644 --- a/pf_nattrack.c +++ b/pf_nattrack.c @@ -6,6 +6,7 @@ #include #include #include +#include =20 // network libs #include @@ -27,6 +28,9 @@ static uint32_t pf_hashseed; =20 struct pf_nattrack_hash *pfnt_hash; =20 +// Time between each loop +#define WAIT_INTERVAL PFTM_INTERVAL + /* * hashkey() * @@ -63,86 +67,95 @@ void initialize() { * * function used to print out an error message */ -static void -printerror(char *s) +static void printerror(char *s) { - char *msg; - msg =3D strerror(errno); - fprintf(stderr, "ERROR: %s: %s\n", s, msg); - return; + char *msg; + msg =3D strerror(errno); + fprintf(stderr, "ERROR: %s: %s\n", s, msg); + return; } =20 =20 +/* + * print_addr_port() + *=20 + * print field name, address (for given address family) and port number + */ +void format_addr_port(char *str, int size, sa_family_t af, struct pf_addr = *addr, u_int16_t port) { + char buf[MAXSTRSIZE]; + + bzero((void *)buf, MAXSTRSIZE); + snprintf(str , size , "%s:%d" + , ((inet_ntop(af, addr, buf, sizeof(buf)) =3D=3D NULL) ? "?" := buf) + , port + ); +} + /* * print_nattrack() * * print out the NAT tuple */ -void print_nattrack(struct pf_nattrack *nt, int opts) { - char buf[INET_ADDRSTRLEN]; - time_t rawtime; - struct tm * timeinfo; - char fmttime[80]; =20 - time (&rawtime); - timeinfo =3D localtime (&rawtime); - strftime(fmttime,80,"%Y-%m-%d,%H:%M:%S",timeinfo); +void print_nattrack(struct pf_nattrack *nt, int opts) { + char line[MAXLINESIZE]; + char osrc[MAXSTRSIZE], tsrc[MAXSTRSIZE], tdst[MAXSTRSIZE]; =20 if (!nt) return; + switch (nt->af) { - case AF_INET: - // date/time and protocol - printf("%s proto=3D%u", fmttime, nt->proto); - - // original source address and port - printf(" osrc=3D"); - if (inet_ntop(nt->af, &nt->c.osrc, buf, sizeof(buf)) =3D=3D NULL) - printf("?"); - else - printf("%s", buf); - printf(":%u", nt->c.osport); - - // translated source address and port - printf(" tsrc=3D"); - if (inet_ntop(nt->af, &nt->c.tsrc, buf, sizeof(buf)) =3D=3D NULL) - printf("?"); - else - printf("%s", buf); - printf(":%u", nt->c.tsport); - - // original destination address and port - printf(" odst=3D"); - if (inet_ntop(nt->af, &nt->c.odst, buf, sizeof(buf)) =3D=3D NULL) - printf("?"); - else - printf("%s", buf); - printf(":%u", nt->c.odport); - - // translated destination address and port - printf(" tdst=3D"); - if (inet_ntop(nt->af, &nt->c.tdst, buf, sizeof(buf)) =3D=3D NULL) - printf("?"); - else - printf("%s", buf); - printf(":%u", nt->c.tdport); - - printf(" duration=3D%u", nt->duration); - // TODO: should store interface? - - printf("\n"); - break; - default: - printf("ERROR: unknown or unsupportted address family\n"); + case AF_INET: + // original source address and port + format_addr_port(osrc, MAXSTRSIZE, nt->af, &nt->c.osrc, nt->c.osp= ort); + // translated source address and port + format_addr_port(tsrc, MAXSTRSIZE, nt->af, &nt->c.tsrc, nt->c.tsp= ort); + // translated destination address and port + format_addr_port(tdst, MAXSTRSIZE, nt->af, &nt->c.tdst, nt->c.tdp= ort); + + snprintf(line , MAXLINESIZE + , "proto=3D%u osrc=3D%s tsrc=3D%s tdst=3D%s duration=3D%u" + , nt->proto, osrc, tsrc, tdst, nt->duration + ); + // TODO: should store interface? + + //printf("%s\n",line); + syslog(LOG_DEBUG|LOG_LOCAL6, "%s", line); + break; + default: + printf("ERROR: unknown or unsupported address family\n"); } } =20 +/* + * Display and free each element=20 + */ void free_list(struct pf_nattrack_list **l) { struct pf_nattrack_list *item; struct pf_nattrack_hash *pfnth; + int count =3D 0; + double delay; + + // number of states to display =20 + item =3D *l; + while(item) { + count++; + item =3D item->next; + } + + if(count =3D=3D 0)=20 + return; + + // time to wait between each event sent + delay =3D ( (WAIT_INTERVAL) * 1.0E6 / count) ; + + // calculate pause to match sending rate =20 while(*l) { item =3D *l; + print_nattrack(item->nt, 0); + usleep(delay); + pfnth =3D &pfnt_hash[hashkey(item->nt)]; ldel(&pfnth->list, item->ref); ldel(l, item); @@ -153,10 +166,10 @@ void free_list(struct pf_nattrack_list **l) { } =20 uint8_t convert_state(struct pfsync_state *state, struct pf_nattrack *node= ) { - struct pfsync_state_key *orig, *trans; + struct pfsync_state_key *orig, *trans; uint8_t src, dst; =20 - if (state->direction =3D=3D PF_OUT) { + if (state->direction =3D=3D PF_OUT) { src =3D 1; dst =3D 0; orig =3D &state->key[PF_SK_STACK]; trans =3D &state->key[PF_SK_WIRE]; @@ -174,8 +187,10 @@ uint8_t convert_state(struct pfsync_state *state, stru= ct pf_nattrack *node) { PF_AEQ(&orig->addr[dst], &trans->addr[dst], state->af) && orig->port[src] =3D=3D trans->port[src] && orig->port[dst] =3D=3D trans->port[dst])) { - //printf("NO_NAT!\n"); - return 0; + #ifdef DEBUG + printf("NO_NAT!\n"); + #endif + return 0; } =20 memset(node, 0, sizeof(struct pf_nattrack)); @@ -195,10 +210,6 @@ uint8_t convert_state(struct pfsync_state *state, stru= ct pf_nattrack *node) { return 1; } =20 -/* -uint8_t pf_getstates(struct pf_nattrack *node) { -} -*/ =20 int main() { struct pf_nattrack_hash *pfnth =3D NULL; @@ -216,10 +227,11 @@ int main() { } =20 do { - //printf("\n\n=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D\n"); - //printf("Nova rodada\n"); - //printf("=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D\n"); - + #ifdef DEBUG + printf("\n\n=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D\n"); + printf("New turn\n"); + printf("=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D\n"); + #endif freelist =3D lastlist; lastlist =3D NULL; =20 @@ -251,7 +263,7 @@ int main() { if (len =3D=3D 0 && ps.ps_len !=3D 0) len =3D ps.ps_len; if (ps.ps_len =3D=3D 0) - goto done; /* no states */ + goto done; /* no states */ len *=3D 2; } p =3D ps.ps_states; @@ -263,12 +275,16 @@ int main() { item =3D lfind(pfnth->list, &node); =20 if (item) { - //printf("Item found! Deleting from freelist\n"); + #ifdef DEBUG + printf("Item found! Deleting from freelist\n"); + #endif item2 =3D item->ref; *(item2->nt) =3D node; ldel(&freelist, item2); } else { - //printf("Not found. Inserting...\n"); + #ifdef DEBUG + printf("Not found. Inserting...\n"); + #endif nodep =3D (struct pf_nattrack *)malloc(sizeof(struct pf_nattra= ck)); *nodep =3D node; item =3D (struct pf_nattrack_list *)malloc( @@ -287,7 +303,7 @@ done: free(inbuf); free_list(&freelist); =20 - sleep(PFTM_INTERVAL); + // sleep(PFTM_INTERVAL); } while(1); =20 free_list(&lastlist); diff --git a/pf_nattrack.h b/pf_nattrack.h index 97f95b2..8aadf8c 100644 --- a/pf_nattrack.h +++ b/pf_nattrack.h @@ -35,4 +35,7 @@ void ldel(struct pf_nattrack_list **head, struct pf_nattr= ack_list *no); struct pf_nattrack_list *lfind(struct pf_nattrack_list *head,=20 struct pf_nattrack *nt); =20 +#define MAXSTRSIZE 256 +#define MAXLINESIZE 2048 + #endif --=20 2.38.1 --HB3ry6+WaBysnelJ Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0002-Adding-a-makefile.patch" Content-Transfer-Encoding: quoted-printable =46rom bd431425d129177081754930485ba4461493f14e Mon Sep 17 00:00:00 2001 =46rom: John Doe Date: Mon, 25 Sep 2017 13:01:19 +0200 Subject: [PATCH 2/3] Adding a makefile --- Makefile | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 Makefile diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..2db0e00 --- /dev/null +++ b/Makefile @@ -0,0 +1,15 @@ +CC =3D cc +CFLAGS =3D -g -DDEBUG +OBJS =3D pf_nattrack.o list.o hash.o + +pf_nattrack:$(OBJS) + $(CC) $(CFLAGS) -o $(.TARGET) $(.ALLSRC) + +hash.o:hash.c + +list.o:list.c pf_nattrack.h + +pf_nattrack.o:pf_nattrack.c pf_nattrack.h hash.h + +clean: + rm -f $(OBJS) --=20 2.38.1 --HB3ry6+WaBysnelJ Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0001-Remove-function-reading-on-stdin.patch" Content-Transfer-Encoding: quoted-printable =46rom 7bc51eaab3ae53d753dbbb72ec0b82642130e4db Mon Sep 17 00:00:00 2001 =46rom: John Doe Date: Mon, 25 Sep 2017 13:01:07 +0200 Subject: [PATCH 1/3] Remove function reading on stdin --- pf_nattrack.c | 86 --------------------------------------------------- 1 file changed, 86 deletions(-) diff --git a/pf_nattrack.c b/pf_nattrack.c index 4b4290a..83c73f1 100644 --- a/pf_nattrack.c +++ b/pf_nattrack.c @@ -200,51 +200,6 @@ uint8_t pf_getstates(struct pf_nattrack *node) { } */ =20 -struct pf_nattrack * read_input(struct pf_nattrack *node) { - char osrc[30], tsrc[30], dst[30], dir[10]; - int o_sport, t_sport, dport; - - scanf("\n%[^:]:%d (%[^:]:%d) %s %[^:]:%d",osrc, &o_sport, tsrc, &t_spor= t, dir, dst, &dport); - //printf("osrc=3D%s o_sport=3D%d tsrc=3D%s t_sport=3D%d dst=3D%s dport= =3D%d\n", osrc, o_sport, tsrc, t_sport, dst, dport); - - memset(node, 0, sizeof(struct pf_nattrack)); - - // original source address and port - if (!inet_pton(AF_INET, osrc, &node->c.osrc.v4)) { - printf("ERROR: invalid v4 addr (osrc=3D%s)\n", osrc); - return NULL; - } - node->c.osport =3D o_sport; - - // translated source address and port - if (!inet_pton(AF_INET, tsrc, &node->c.tsrc.v4)) { - printf("ERROR: invalid v4 addr (osrc=3D%s)\n", tsrc); - return NULL; - } - node->c.tsport =3D t_sport; - - // original destination address and port - // TODO: change to odst - if (!inet_pton(AF_INET, dst, &node->c.odst.v4)) { - printf("ERROR: invalid v4 addr (odst=3D%s)\n", dst); - return NULL; - } - node->c.odport =3D dport; - - // translated destination address and port - // TODO: change to tdst - if (!inet_pton(AF_INET, dst, &node->c.tdst.v4)) { - printf("ERROR: invalid v4 addr (odst=3D%s)\n", dst); - return NULL; - } - node->c.tdport =3D dport; - - node->af =3D AF_INET; - - return node; -} - - int main() { struct pf_nattrack_hash *pfnth =3D NULL; struct pf_nattrack_list *item, *item2; @@ -334,47 +289,6 @@ done: =20 sleep(PFTM_INTERVAL); } while(1); - /* comentando para trabalhar com o get_states - while ( scanf("\n%d", &i) !=3D EOF && i !=3D 0) { - if (!read_input(&node)) continue; - - pfnth =3D &pfnt_hash[hashkey(&node)]; - - item =3D lfind(pfnth->list, &node); - - if (item) { - //printf("Item found! Deleting from freelist\n"); - item2 =3D item->ref; - ldel(&freelist, item2); - } else { - //printf("Not found. Inserting...\n"); - nodep =3D (struct pf_nattrack *)malloc(sizeof(struct pf_nattra= ck)); - *nodep =3D node; - item =3D (struct pf_nattrack_list *)malloc( - sizeof(struct pf_nattrack_list)); - item->nt =3D nodep; - item2 =3D (struct pf_nattrack_list *)malloc( - sizeof(struct pf_nattrack_list)); - item2->nt =3D nodep; - ladd(&pfnth->list, item); - item->ref =3D item2; - } - ladd(&lastlist, item2); - item2->ref =3D item; - } - //printf("done\n"); - //printf("-> removendo itens da freelist\n"); - free_list(&freelist); - //printf("-> items armazenados:\n"); - //for(i=3D0; i <=3D pf_hashmask; i++) { - // for(item=3Dpfnt_hash[i].list; item; item=3Ditem->next) { - // print_nattrack(item->nt, 0); - // } - //} - - //printf("Nova rodada? (1 =3D sim) "); - } while(scanf("\n%d", &i) !=3D EOF && i !=3D 0); - */ // comentando para get_states =20 free_list(&lastlist); free(pfnt_hash); --=20 2.38.1 --HB3ry6+WaBysnelJ--