Add -r to reverse lookup addresses when displaying states.

From John Kerbawy.

4 files changed, 68 insertions, 18 deletions

diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8
index 9e74d62a194..9865906e5de 100644
--- a/sbin/pfctl/pfctl.8
+++ b/sbin/pfctl/pfctl.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pfctl.8,v 1.41 2002/02/26 07:25:33 dhartmei Exp $
+.\" $OpenBSD: pfctl.8,v 1.42 2002/03/11 22:22:57 dhartmei Exp $
 .\"
 .\" Copyright (c) 2001 Kjell Wooding.  All rights reserved.
 .\"
@@ -166,6 +166,8 @@ Currently the optimizations only encompass the state table timeouts but much
 more is planned in future revisions of the finite state machines (FSMs).
 .It Fl q
 Only print errors and warnings.
+.It Fl r
+Perform reverse DNS lookups on states when displaying them.
 .It Fl R Ar file
 Load a filter rules file into the filter.
 .It Fl s Ar modifier
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index cd649865409..9f52a11fc9a 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl.c,v 1.54 2002/02/28 15:51:17 dhartmei Exp $ */
+/*	$OpenBSD: pfctl.c,v 1.55 2002/03/11 22:22:57 dhartmei Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -169,7 +169,7 @@ usage()
 {
 	extern char *__progname;
 
-	fprintf(stderr, "usage: %s [-dehnqv] [-F set] [-l interface] ",
+	fprintf(stderr, "usage: %s [-dehnqrv] [-F set] [-l interface] ",
 	    __progname);
 	fprintf(stderr, "[-N file] [-O level] [-R file] [-s set] [-t set] "
 	    "[-x level] [-z]\n");
@@ -817,7 +817,7 @@ main(int argc, char *argv[])
 	if (argc < 2)
 		usage();
 
-	while ((ch = getopt(argc, argv, "deqF:hl:m:nN:O:R:s:t:vx:z")) != -1) {
+	while ((ch = getopt(argc, argv, "deqF:hl:m:nN:O:rR:s:t:vx:z")) != -1) {
 		switch (ch) {
 		case 'd':
 			opts |= PF_OPT_DISABLE;
@@ -854,6 +854,9 @@ main(int argc, char *argv[])
 			hintopt = optarg;
 			mode = O_RDWR;
 			break;
+		case 'r':
+			opts |= PF_OPT_USEDNS;
+			break;
 		case 'R':
 			rulesopt = optarg;
 			mode = O_RDWR;
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index e880980edd8..b1dac2b9d79 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl_parser.c,v 1.60 2002/01/09 11:30:53 dhartmei Exp $ */
+/*	$OpenBSD: pfctl_parser.c,v 1.61 2002/03/11 22:22:57 dhartmei Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -56,7 +56,7 @@
 
 int		 unmask (struct pf_addr *, u_int8_t);
 void		 print_addr (struct pf_addr *, struct pf_addr *, u_int8_t);
-void		 print_host (struct pf_state_host *, u_int8_t);
+void		 print_host (struct pf_state_host *, u_int8_t, int);
 void		 print_seq (struct pf_state_peer *);
 void		 print_port (u_int8_t, u_int16_t, u_int16_t, char *);
 void		 print_flags (u_int8_t);
@@ -291,11 +291,31 @@ print_addr(struct pf_addr *addr, struct pf_addr *mask, u_int8_t af)
 }
 
 void
-print_host(struct pf_state_host *h, u_int8_t af)
+print_name(struct pf_addr *addr, struct pf_addr *mask, int af)
+{
+	char buf[48];
+	const char *bf;
+	struct hostent *hp;
+
+	bf = inet_ntop(af, addr, buf, sizeof(buf));
+	hp = getpfhostname(bf); 
+	printf("%s", hp->h_name);
+	if (mask != NULL) {
+		if (!PF_AZERO(mask, af))
+			printf("/%u", unmask(mask, af));
+	}
+}
+
+void
+print_host(struct pf_state_host *h, u_int8_t af, int opts)
 {
 	u_int16_t p = ntohs(h->port);
 
-	print_addr(&h->addr, NULL, af);
+	if (opts & PF_OPT_USEDNS)
+		print_name(&h->addr, NULL, af);
+	else
+		print_addr(&h->addr, NULL, af);
+
 	if (p) {
 		if (af == AF_INET)
 			printf(":%u", p);
@@ -558,18 +578,18 @@ print_state(struct pf_state *s, int opts)
 		printf("%u ", s->proto);
 	if (PF_ANEQ(&s->lan.addr, &s->gwy.addr, s->af) ||
 	    (s->lan.port != s->gwy.port)) {
-		print_host(&s->lan, s->af);
+		print_host(&s->lan, s->af, opts);
 		if (s->direction == PF_OUT)
 			printf(" -> ");
 		else
 			printf(" <- ");
 	}
-	print_host(&s->gwy, s->af);
+	print_host(&s->gwy, s->af, opts);
 	if (s->direction == PF_OUT)
 		printf(" -> ");
 	else
 		printf(" <- ");
-	print_host(&s->ext, s->af);
+	print_host(&s->ext, s->af, opts);
 
 	printf("    ");
 	if (s->proto == IPPROTO_TCP) {
@@ -630,8 +650,10 @@ print_rule(struct pf_rule *r)
 
 			if (ic == NULL)
 				printf("(%u) ", r->return_icmp & 255);
-			else if ((r->af != AF_INET6 && ic->code != ICMP_UNREACH_PORT) ||
-			    (r->af == AF_INET6 && ic->code != ICMP6_DST_UNREACH_NOPORT))
+			else if ((r->af != AF_INET6 && ic->code !=
+			    ICMP_UNREACH_PORT) ||
+			    (r->af == AF_INET6 && ic->code !=
+			    ICMP6_DST_UNREACH_NOPORT))
 				printf("(%s) ", ic->name);
 			else
 				printf(" ");
@@ -773,3 +795,24 @@ parse_flags(char *s)
 	}
 	return (f ? f : 63);
 }
+
+struct hostent *
+getpfhostname(const char *addr_str)
+{
+	unsigned long		 addr_num;
+	struct hostent		*hp;
+	static struct hostent	 myhp;
+
+	addr_num = inet_addr(addr_str);
+	if (addr_num == INADDR_NONE) {
+		myhp.h_name = (char *)addr_str;
+		hp = &myhp;
+		return (hp);
+	}
+	hp = gethostbyaddr((char *)&addr_num, sizeof(addr_num), AF_INET);
+	if (hp == NULL) {
+		myhp.h_name = (char *)addr_str;
+		hp = &myhp;
+	}
+	return (hp);
+}
diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h
index 5866092d9c8..4ad368366d4 100644
--- a/sbin/pfctl/pfctl_parser.h
+++ b/sbin/pfctl/pfctl_parser.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl_parser.h,v 1.14 2002/02/27 18:11:45 dhartmei Exp $ */
+/*	$OpenBSD: pfctl_parser.h,v 1.15 2002/03/11 22:22:57 dhartmei Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -39,6 +39,7 @@
 #define PF_OPT_NOACTION		0x0008
 #define PF_OPT_QUIET		0x0010
 #define PF_OPT_CLRRULECTRS	0x0020
+#define PF_OPT_USEDNS		0x0040
 
 struct pfctl {
 	int dev;
@@ -77,9 +78,10 @@ struct icmpcodeent {
 	u_int8_t code;
 };
 
-struct icmptypeent *geticmptypebynumber(u_int8_t, u_int8_t);
-struct icmptypeent *geticmptypebyname(char *, u_int8_t);
-struct icmpcodeent *geticmpcodebynumber(u_int8_t, u_int8_t, u_int8_t);
-struct icmpcodeent *geticmpcodebyname(u_long, char *, u_int8_t);
+struct icmptypeent	 *geticmptypebynumber(u_int8_t, u_int8_t);
+struct icmptypeent	 *geticmptypebyname(char *, u_int8_t);
+struct icmpcodeent	 *geticmpcodebynumber(u_int8_t, u_int8_t, u_int8_t);
+struct icmpcodeent	 *geticmpcodebyname(u_long, char *, u_int8_t);
+struct hostent		 *getpfhostname(const char *);
 
 #endif /* _PFCTL_PARSER_H_ */