diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2001-08-18 21:09:14 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2001-08-18 21:09:14 +0000 |
| commit | a2b4251cf4433ff7ff3616c4b52db4bf1868ff0c (patch) | |
| tree | 841042af150ee5b833c34c11defaaa4a1c2e6461 | |
| parent | bf1f8f839edfa6e8cfeab821d16b873eeac5d5f4 (diff) | |
make pfctl -s state SCREAM; frantzen is now happy
| -rw-r--r-- | sbin/pfctl/pfctl.c | 38 | ||||
| -rw-r--r-- | sys/net/pf.c | 49 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 13 |
3 files changed, 86 insertions, 14 deletions
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index b405e19d0f2..0475a66d634 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl.c,v 1.32 2001/08/11 12:05:00 dhartmei Exp $ */ +/* $OpenBSD: pfctl.c,v 1.33 2001/08/18 21:09:13 deraadt Exp $ */ /* * Copyright (c) 2001, Daniel Hartmeier @@ -220,13 +220,31 @@ pfctl_show_nat(int dev) int pfctl_show_states(int dev, u_int8_t proto) { - struct pfioc_state ps; - - ps.nr = 0; - while (!ioctl(dev, DIOCGETSTATE, &ps)) { - if (!proto || (ps.state.proto == proto)) - print_state(&ps.state); - ps.nr++; + struct pfioc_states ps; + struct pf_state *p; + char *inbuf = NULL; + int i, len = 0; + + while (1) { + ps.ps_len = len; + if (len) { + ps.ps_buf = inbuf = realloc(inbuf, len); + if (inbuf == NULL) + err(1, "malloc"); + } + if (ioctl(dev, DIOCGETSTATES, &ps) < 0) + err(1, "DIOCGETSTATES"); + if (ps.ps_len + sizeof(struct pfioc_state) < len) + break; + if (len == 0 && ps.ps_len != 0) + len = ps.ps_len; + len *= 2; + } + p = ps.ps_states; + for (i = 0; i < ps.ps_len; i += sizeof(*p)) { + if (!proto || (p->proto == proto)) + print_state(p); + p++; } return (0); } @@ -343,7 +361,6 @@ pfctl_nat(int dev, char *filename, int opts) if ((opts & PF_OPT_NOACTION) == 0) { if (ioctl(dev, DIOCBEGINNATS, &pn.ticket)) err(1, "DIOCBEGINNATS"); - if (ioctl(dev, DIOCBEGINRDRS, &pr.ticket)) err(1, "DIOCBEGINRDRS"); } @@ -376,7 +393,7 @@ pfctl_log(int dev, char *ifname, int opts) { struct pfioc_if pi; - strncpy(pi.ifname, ifname, 16); + strlcpy(pi.ifname, ifname, sizeof(pi.ifname)); if (ioctl(dev, DIOCSETSTATUSIF, &pi)) err(1, "DIOCSETSTATUSIF"); if ((opts & PF_OPT_QUIET) == 0) @@ -485,7 +502,6 @@ main(int argc, char *argv[]) error = 1; if (clearopt != NULL) { - switch (*clearopt) { case 'r': pfctl_clear_rules(dev, opts); diff --git a/sys/net/pf.c b/sys/net/pf.c index 909ab981a66..ef8ba7ad847 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,7 +1,7 @@ -/* $OpenBSD: pf.c,v 1.123 2001/08/11 12:05:00 dhartmei Exp $ */ +/* $OpenBSD: pf.c,v 1.124 2001/08/18 21:09:13 deraadt Exp $ */ /* - * Copyright (c) 2001, Daniel Hartmeier + * Copyright (c) 2001 Daniel Hartmeier * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -1117,6 +1117,50 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) break; } + case DIOCGETSTATES: { + struct pfioc_states *ps = (struct pfioc_states *)addr; + struct pf_tree_node *n; + struct pf_state *p, pstore; + u_int32_t nr = 0; + int space = ps->ps_len; + + if (space == 0) { + s = splsoftnet(); + n = pf_tree_first(tree_ext_gwy); + while (n != NULL) { + n = pf_tree_next(n); + nr++; + } + splx(s); + ps->ps_len = sizeof(struct pf_state) * nr; + return (0); + } + + microtime(&pftv); + s = splsoftnet(); + p = ps->ps_states; + n = pf_tree_first(tree_ext_gwy); + while (n && (nr + 1) * sizeof(*p) <= ps->ps_len) { + bcopy(n->state, &pstore, sizeof(pstore)); + pstore.creation = pftv.tv_sec - pstore.creation; + if (pstore.expire <= pftv.tv_sec) + pstore.expire = 0; + else + pstore.expire -= pftv.tv_sec; + error = copyout(&pstore, p, sizeof(*p)); + if (error) { + splx(s); + goto fail; + } + p++; + nr++; + n = pf_tree_next(n); + } + ps->ps_len = sizeof(struct pf_state) * nr; + splx(s); + break; + } + case DIOCSETSTATUSIF: { struct pfioc_if *pi = (struct pfioc_if *)addr; struct ifnet *ifp; @@ -1200,6 +1244,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) error = ENODEV; break; } +fail: return (error); } diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 2724ffdc7ce..65536ff80c1 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.39 2001/08/11 12:04:59 dhartmei Exp $ */ +/* $OpenBSD: pfvar.h,v 1.40 2001/08/18 21:09:13 deraadt Exp $ */ /* * Copyright (c) 2001, Daniel Hartmeier @@ -264,6 +264,16 @@ struct pfioc_state { struct pf_state state; }; +struct pfioc_states { + int ps_len; + union { + caddr_t psu_buf; + struct pf_state *psu_states; + } ps_u; +#define ps_buf ps_u.psu_buf +#define ps_states ps_u.psu_states +}; + struct pfioc_if { char ifname[IFNAMSIZ]; }; @@ -296,6 +306,7 @@ struct pfioc_if { #define DIOCCLRSTATUS _IO ('D', 22) #define DIOCNATLOOK _IOWR('D', 23, struct pf_natlook) #define DIOCSETDEBUG _IOWR('D', 24, u_int32_t) +#define DIOCGETSTATES _IOWR('D', 25, struct pfioc_states) #ifdef _KERNEL |