On Thu, May 31, 2012 at 12:07:18AM -0400, Lawrence Teo wrote:
> pfctl's -P flag (introduced in OpenBSD 5.1) makes pfctl print ports
> using their names in /etc/services. It was originally intended to be
> used with -sr.
>
> The diff extends it to make it work with -ss.
>
> Example:
>
> # pfctl -P -ss
> all tcp 192.168.6.7:ssh (172.16.88.25:6688) <- 172.16.88.22:49622
> ESTABLISHED:ESTABLISHED
> all udp 172.16.88.25:37076 -> 8.8.8.8:domain MULTIPLE:SINGLE
> all udp 172.16.88.25:18253 -> 8.8.8.8:domain MULTIPLE:SINGLE
> all udp 172.16.88.25:36447 -> 8.8.8.8:domain MULTIPLE:SINGLE
> all udp 172.16.88.25:16927 -> 8.8.8.8:domain MULTIPLE:SINGLE
> all tcp 172.16.88.25:4461 -> 142.244.12.42:www FIN_WAIT_2:FIN_WAIT_2
> all udp 172.16.88.25:21053 -> 65.49.70.244:ntp MULTIPLE:MULTIPLE
> all tcp 2001:470:e3b6:1:20c:29ff:fe9b:22f7[28976] -> 2001:4860:800a::93[www]
> FIN_WAIT_2:FIN_WAIT_2
> all ipv6-icmp 2001:470:e3b6:1:20c:29ff:fe9b:22f7[135] <-
> 2001:470:e3b6:1::ff[30569] 0:0
Here's a revised diff. I have verified that this new version does not
break tcpdump and "make build". :)
BTW tcpdump's pf_print_state.c has diverged significantly from pfctl's,
so the change to tcpdump's pf_print_state.c is not exactly the same as
pfctl's.
Comments? ok?
Lawrence
Index: sbin/pfctl/pf_print_state.c
===================================================================
RCS file: /cvs/src/sbin/pfctl/pf_print_state.c,v
retrieving revision 1.61
diff -u -p -r1.61 pf_print_state.c
--- sbin/pfctl/pf_print_state.c 1 Jun 2012 08:35:45 -0000 1.61
+++ sbin/pfctl/pf_print_state.c 7 Jul 2012 17:23:35 -0000
@@ -166,8 +166,11 @@ print_name(struct pf_addr *addr, sa_fami
void
print_host(struct pf_addr *addr, u_int16_t port, sa_family_t af, u_int16_t
rdom,
- int opts)
+ const char *proto, int opts)
{
+ struct servent *s = NULL;
+ char ps[6];
+
if (rdom)
printf("(%u) ", ntohs(rdom));
@@ -188,10 +191,13 @@ print_host(struct pf_addr *addr, u_int16
}
if (port) {
+ snprintf(ps, sizeof(ps), "%u", ntohs(port));
+ if (opts & PF_OPT_PORTNAMES)
+ s = getservbyport(port, proto);
if (af == AF_INET)
- printf(":%u", ntohs(port));
+ printf(":%s", s ? s->s_name : ps);
else
- printf("[%u]", ntohs(port));
+ printf("[%s]", s ? s->s_name : ps);
}
}
@@ -212,6 +218,7 @@ print_state(struct pfsync_state *s, int
struct pfsync_state_peer *src, *dst;
struct pfsync_state_key *sk, *nk;
struct protoent *p;
+ char *pn = NULL;
int min, sec;
int afto = (s->key[PF_SK_STACK].af != s->key[PF_SK_WIRE].af);
int idx;
@@ -232,33 +239,34 @@ print_state(struct pfsync_state *s, int
sk->port[1] = nk->port[1];
}
printf("%s ", s->ifname);
- if ((p = getprotobynumber(s->proto)) != NULL)
- printf("%s ", p->p_name);
- else
+ if ((p = getprotobynumber(s->proto)) != NULL) {
+ pn = p->p_name;
+ printf("%s ", pn);
+ } else
printf("%u ", s->proto);
- print_host(&nk->addr[1], nk->port[1], nk->af, nk->rdomain, opts);
+ print_host(&nk->addr[1], nk->port[1], nk->af, nk->rdomain, pn, opts);
if (nk->af != sk->af || PF_ANEQ(&nk->addr[1], &sk->addr[1], nk->af) ||
nk->port[1] != sk->port[1] ||
nk->rdomain != sk->rdomain) {
idx = afto ? 0 : 1;
printf(" (");
print_host(&sk->addr[idx], sk->port[idx], sk->af,
- sk->rdomain, opts);
+ sk->rdomain, pn, opts);
printf(")");
}
if (s->direction == PF_OUT || (afto && s->direction == PF_IN))
printf(" -> ");
else
printf(" <- ");
- print_host(&nk->addr[0], nk->port[0], nk->af, nk->rdomain, opts);
+ print_host(&nk->addr[0], nk->port[0], nk->af, nk->rdomain, pn, opts);
if (nk->af != sk->af || PF_ANEQ(&nk->addr[0], &sk->addr[0], nk->af) ||
nk->port[0] != sk->port[0] ||
nk->rdomain != sk->rdomain) {
idx = afto ? 1 : 0;
printf(" (");
print_host(&sk->addr[idx], sk->port[idx], sk->af,
- sk->rdomain, opts);
+ sk->rdomain, pn, opts);
printf(")");
}
Index: sbin/pfctl/pfctl.h
===================================================================
RCS file: /cvs/src/sbin/pfctl/pfctl.h,v
retrieving revision 1.49
diff -u -p -r1.49 pfctl.h
--- sbin/pfctl/pfctl.h 1 Jun 2012 08:35:45 -0000 1.49
+++ sbin/pfctl/pfctl.h 7 Jul 2012 17:23:35 -0000
@@ -106,7 +106,7 @@ struct pf_altq *pfaltq_lookup(const char
char *rate2str(double);
void print_addr(struct pf_addr_wrap *, sa_family_t, int);
-void print_host(struct pf_addr *, u_int16_t p, sa_family_t, u_int16_t, int);
+void print_host(struct pf_addr *, u_int16_t p, sa_family_t, u_int16_t,
const char *, int);
void print_seq(struct pfsync_state_peer *);
void print_state(struct pfsync_state *, int);
int unmask(struct pf_addr *, sa_family_t);
Index: usr.sbin/tcpdump/pf_print_state.c
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/pf_print_state.c,v
retrieving revision 1.10
diff -u -p -r1.10 pf_print_state.c
--- usr.sbin/tcpdump/pf_print_state.c 13 Oct 2011 18:32:30 -0000 1.10
+++ usr.sbin/tcpdump/pf_print_state.c 7 Jul 2012 18:07:47 -0000
@@ -130,8 +130,11 @@ print_name(struct pf_addr *addr, sa_fami
void
print_host(struct pf_addr *addr, u_int16_t port, sa_family_t af, u_int16_t
rdom,
- int opts)
+ const char *proto, int opts)
{
+ struct servent *s = NULL;
+ char ps[6];
+
if (rdom)
printf("(%u) ", ntohs(rdom));
@@ -152,10 +155,13 @@ print_host(struct pf_addr *addr, u_int16
}
if (port) {
+ snprintf(ps, sizeof(ps), "%u", ntohs(port));
+ if (opts & PF_OPT_PORTNAMES)
+ s = getservbyport(port, proto);
if (af == AF_INET)
- printf(":%u", ntohs(port));
+ printf(":%s", s ? s->s_name : ps);
else
- printf("[%u]", ntohs(port));
+ printf("[%s]", s ? s->s_name : ps);
}
}
@@ -200,23 +206,24 @@ print_state(struct pfsync_state *s, int
else
sidx = 0, didx = 1;
- print_host(&nk->addr[didx], nk->port[didx], nk->af, nk->rdomain, opts);
+ print_host(&nk->addr[didx], nk->port[didx], nk->af, nk->rdomain, NULL,
opts);
if (nk->af != sk->af || PF_ANEQ(&nk->addr[1], &sk->addr[1], nk->af) ||
nk->port[1] != sk->port[1]) {
printf(" (");
print_host(&sk->addr[1], sk->port[1], sk->af, sk->rdomain,
- opts);
+ NULL, opts);
printf(")");
}
if (s->direction == PF_OUT)
printf(" -> ");
else
printf(" <- ");
- print_host(&nk->addr[sidx], nk->port[sidx], nk->af, nk->rdomain, opts);
+ print_host(&nk->addr[sidx], nk->port[sidx], nk->af, nk->rdomain, NULL,
+ opts);
if (nk->af != sk->af || PF_ANEQ(&nk->addr[0], &sk->addr[0], nk->af) ||
nk->port[0] != sk->port[0]) {
printf(" (");
- print_host(&sk->addr[0], sk->port[0], sk->af, sk->rdomain,
+ print_host(&sk->addr[0], sk->port[0], sk->af, sk->rdomain, NULL,
opts);
printf(")");
}
