diff options
author | Henning Brauer <henning@cvs.openbsd.org> | 2009-12-14 12:31:46 +0000 |
---|---|---|
committer | Henning Brauer <henning@cvs.openbsd.org> | 2009-12-14 12:31:46 +0000 |
commit | 4f35e8f6a0e5a588652214cff0b402cdcddff9ad (patch) | |
tree | 2719c4331751ddb27b59edea2b6165cf3f0b5513 /sbin/pfctl | |
parent | 05813d26aa0af17535ea41acf9b69bfc2f3feefa (diff) |
fix sticky-address - by pretty much re-implementing it. still following
the original approach using a source tracking node.
the reimplementation i smore flexible than the original one, we now have an
slist of source tracking nodes per state. that is cheap because more than
one entry will be an absolute exception.
ok beck and jsg, also stress tested by Sebastian Benoit <benoit-lists at fb12.de>
Diffstat (limited to 'sbin/pfctl')
-rw-r--r-- | sbin/pfctl/pfctl_parser.c | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index 99c5b04164e..04c05d56ba8 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.252 2009/11/23 21:29:21 henning Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.253 2009/12/14 12:31:45 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -619,9 +619,20 @@ print_src_node(struct pf_src_node *sn, int opts) aw.v.a.addr = sn->addr; print_addr(&aw, sn->af, opts & PF_OPT_VERBOSE2); - printf(" -> "); - aw.v.a.addr = sn->raddr; - print_addr(&aw, sn->af, opts & PF_OPT_VERBOSE2); + + if (!PF_AZERO(&sn->raddr, sn->af)) { + if (sn->type == PF_SN_NAT) + printf(" nat-to "); + else if (sn->type == PF_SN_RDR) + printf(" rdr-to "); + else if (sn->type == PF_SN_ROUTE) + printf(" route-to "); + else + printf(" ??? (%u) ", sn->type); + aw.v.a.addr = sn->raddr; + print_addr(&aw, sn->af, opts & PF_OPT_VERBOSE2); + } + printf(" ( states %u, connections %u, rate %u.%u/%us )\n", sn->states, sn->conn, sn->conn_rate.count / 1000, (sn->conn_rate.count % 1000) / 100, sn->conn_rate.seconds); @@ -642,13 +653,8 @@ print_src_node(struct pf_src_node *sn, int opts) printf(", %llu pkts, %llu bytes", sn->packets[0] + sn->packets[1], sn->bytes[0] + sn->bytes[1]); - switch (sn->ruletype) { - case PF_PASS: - case PF_MATCH: - if (sn->rule.nr != -1) - printf(", filter rule %u", sn->rule.nr); - break; - } + if (sn->rule.nr != -1) + printf(", rule %u", sn->rule.nr); printf("\n"); } } |