diff options
-rw-r--r-- | sbin/pfctl/pfctl.8 | 4 | ||||
-rw-r--r-- | sbin/pfctl/pfctl.c | 9 | ||||
-rw-r--r-- | sbin/pfctl/pfctl_parser.c | 61 | ||||
-rw-r--r-- | sbin/pfctl/pfctl_parser.h | 12 |
4 files changed, 68 insertions, 18 deletions
diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8 index 9e74d62a194..9865906e5de 100644 --- a/sbin/pfctl/pfctl.8 +++ b/sbin/pfctl/pfctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pfctl.8,v 1.41 2002/02/26 07:25:33 dhartmei Exp $ +.\" $OpenBSD: pfctl.8,v 1.42 2002/03/11 22:22:57 dhartmei Exp $ .\" .\" Copyright (c) 2001 Kjell Wooding. All rights reserved. .\" @@ -166,6 +166,8 @@ Currently the optimizations only encompass the state table timeouts but much more is planned in future revisions of the finite state machines (FSMs). .It Fl q Only print errors and warnings. +.It Fl r +Perform reverse DNS lookups on states when displaying them. .It Fl R Ar file Load a filter rules file into the filter. .It Fl s Ar modifier diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index cd649865409..9f52a11fc9a 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl.c,v 1.54 2002/02/28 15:51:17 dhartmei Exp $ */ +/* $OpenBSD: pfctl.c,v 1.55 2002/03/11 22:22:57 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -169,7 +169,7 @@ usage() { extern char *__progname; - fprintf(stderr, "usage: %s [-dehnqv] [-F set] [-l interface] ", + fprintf(stderr, "usage: %s [-dehnqrv] [-F set] [-l interface] ", __progname); fprintf(stderr, "[-N file] [-O level] [-R file] [-s set] [-t set] " "[-x level] [-z]\n"); @@ -817,7 +817,7 @@ main(int argc, char *argv[]) if (argc < 2) usage(); - while ((ch = getopt(argc, argv, "deqF:hl:m:nN:O:R:s:t:vx:z")) != -1) { + while ((ch = getopt(argc, argv, "deqF:hl:m:nN:O:rR:s:t:vx:z")) != -1) { switch (ch) { case 'd': opts |= PF_OPT_DISABLE; @@ -854,6 +854,9 @@ main(int argc, char *argv[]) hintopt = optarg; mode = O_RDWR; break; + case 'r': + opts |= PF_OPT_USEDNS; + break; case 'R': rulesopt = optarg; mode = O_RDWR; diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index e880980edd8..b1dac2b9d79 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.60 2002/01/09 11:30:53 dhartmei Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.61 2002/03/11 22:22:57 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -56,7 +56,7 @@ int unmask (struct pf_addr *, u_int8_t); void print_addr (struct pf_addr *, struct pf_addr *, u_int8_t); -void print_host (struct pf_state_host *, u_int8_t); +void print_host (struct pf_state_host *, u_int8_t, int); void print_seq (struct pf_state_peer *); void print_port (u_int8_t, u_int16_t, u_int16_t, char *); void print_flags (u_int8_t); @@ -291,11 +291,31 @@ print_addr(struct pf_addr *addr, struct pf_addr *mask, u_int8_t af) } void -print_host(struct pf_state_host *h, u_int8_t af) +print_name(struct pf_addr *addr, struct pf_addr *mask, int af) +{ + char buf[48]; + const char *bf; + struct hostent *hp; + + bf = inet_ntop(af, addr, buf, sizeof(buf)); + hp = getpfhostname(bf); + printf("%s", hp->h_name); + if (mask != NULL) { + if (!PF_AZERO(mask, af)) + printf("/%u", unmask(mask, af)); + } +} + +void +print_host(struct pf_state_host *h, u_int8_t af, int opts) { u_int16_t p = ntohs(h->port); - print_addr(&h->addr, NULL, af); + if (opts & PF_OPT_USEDNS) + print_name(&h->addr, NULL, af); + else + print_addr(&h->addr, NULL, af); + if (p) { if (af == AF_INET) printf(":%u", p); @@ -558,18 +578,18 @@ print_state(struct pf_state *s, int opts) printf("%u ", s->proto); if (PF_ANEQ(&s->lan.addr, &s->gwy.addr, s->af) || (s->lan.port != s->gwy.port)) { - print_host(&s->lan, s->af); + print_host(&s->lan, s->af, opts); if (s->direction == PF_OUT) printf(" -> "); else printf(" <- "); } - print_host(&s->gwy, s->af); + print_host(&s->gwy, s->af, opts); if (s->direction == PF_OUT) printf(" -> "); else printf(" <- "); - print_host(&s->ext, s->af); + print_host(&s->ext, s->af, opts); printf(" "); if (s->proto == IPPROTO_TCP) { @@ -630,8 +650,10 @@ print_rule(struct pf_rule *r) if (ic == NULL) printf("(%u) ", r->return_icmp & 255); - else if ((r->af != AF_INET6 && ic->code != ICMP_UNREACH_PORT) || - (r->af == AF_INET6 && ic->code != ICMP6_DST_UNREACH_NOPORT)) + else if ((r->af != AF_INET6 && ic->code != + ICMP_UNREACH_PORT) || + (r->af == AF_INET6 && ic->code != + ICMP6_DST_UNREACH_NOPORT)) printf("(%s) ", ic->name); else printf(" "); @@ -773,3 +795,24 @@ parse_flags(char *s) } return (f ? f : 63); } + +struct hostent * +getpfhostname(const char *addr_str) +{ + unsigned long addr_num; + struct hostent *hp; + static struct hostent myhp; + + addr_num = inet_addr(addr_str); + if (addr_num == INADDR_NONE) { + myhp.h_name = (char *)addr_str; + hp = &myhp; + return (hp); + } + hp = gethostbyaddr((char *)&addr_num, sizeof(addr_num), AF_INET); + if (hp == NULL) { + myhp.h_name = (char *)addr_str; + hp = &myhp; + } + return (hp); +} diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h index 5866092d9c8..4ad368366d4 100644 --- a/sbin/pfctl/pfctl_parser.h +++ b/sbin/pfctl/pfctl_parser.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.h,v 1.14 2002/02/27 18:11:45 dhartmei Exp $ */ +/* $OpenBSD: pfctl_parser.h,v 1.15 2002/03/11 22:22:57 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -39,6 +39,7 @@ #define PF_OPT_NOACTION 0x0008 #define PF_OPT_QUIET 0x0010 #define PF_OPT_CLRRULECTRS 0x0020 +#define PF_OPT_USEDNS 0x0040 struct pfctl { int dev; @@ -77,9 +78,10 @@ struct icmpcodeent { u_int8_t code; }; -struct icmptypeent *geticmptypebynumber(u_int8_t, u_int8_t); -struct icmptypeent *geticmptypebyname(char *, u_int8_t); -struct icmpcodeent *geticmpcodebynumber(u_int8_t, u_int8_t, u_int8_t); -struct icmpcodeent *geticmpcodebyname(u_long, char *, u_int8_t); +struct icmptypeent *geticmptypebynumber(u_int8_t, u_int8_t); +struct icmptypeent *geticmptypebyname(char *, u_int8_t); +struct icmpcodeent *geticmpcodebynumber(u_int8_t, u_int8_t, u_int8_t); +struct icmpcodeent *geticmpcodebyname(u_long, char *, u_int8_t); +struct hostent *getpfhostname(const char *); #endif /* _PFCTL_PARSER_H_ */ |