diff options
Diffstat (limited to 'sbin/pfctl')
| -rw-r--r-- | sbin/pfctl/pfctl.8 | 13 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl.c | 56 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl_parser.c | 17 |
3 files changed, 78 insertions, 8 deletions
diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8 index eb01bc71a6f..9fa525bdd20 100644 --- a/sbin/pfctl/pfctl.8 +++ b/sbin/pfctl/pfctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pfctl.8,v 1.26 2001/08/03 16:03:02 mpech Exp $ +.\" $OpenBSD: pfctl.8,v 1.27 2001/08/11 12:05:00 dhartmei Exp $ .\" .\" Copyright (c) 2001 Kjell Wooding. All rights reserved. .\" @@ -38,6 +38,7 @@ .Op Fl N Ar file .Op Fl R Ar file .Op Fl s Ar modifier +.Op Fl x Ar level .Sh DESCRIPTION The .Nm @@ -125,6 +126,16 @@ Show all of the above. .El .It Fl v Show rules as they are parsed. +.It Fl x Ar level +Set the debug level to one of the following. +Level names may be abbreviated: +.Bl -tag -width "x urgent " -compact +.It Fl x Ar none +Don't generate debug messages. +.It Fl x Ar urgent +Generate debug messages only for serious errors. +.It Fl x Ar misc +Generate debug messages for various errors. .El .Sh FILES .Bl -tag -width "/etc/nat.conf" -compact diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index 79edf2e06e4..b405e19d0f2 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl.c,v 1.31 2001/08/11 09:54:59 deraadt Exp $ */ +/* $OpenBSD: pfctl.c,v 1.32 2001/08/11 12:05:00 dhartmei Exp $ */ /* * Copyright (c) 2001, Daniel Hartmeier @@ -67,6 +67,7 @@ int pfctl_show_status(int); int pfctl_rules(int, char *, int); int pfctl_nat(int, char *, int); int pfctl_log(int, char *, int); +int pfctl_debug(int, u_int32_t, int); int opts = 0; char *clearopt; @@ -74,6 +75,7 @@ char *logopt; char *natopt; char *rulesopt; char *showopt; +char *debugopt; char *infile; @@ -84,7 +86,7 @@ usage() fprintf(stderr, "usage: %s [-dehnqv] [-F set] [-l interface] ", __progname); - fprintf(stderr, "[-N file] [-R file] [-s set]\n"); + fprintf(stderr, "[-N file] [-R file] [-s set] [-x level]\n"); exit(1); } @@ -383,6 +385,32 @@ pfctl_log(int dev, char *ifname, int opts) } int +pfctl_debug(int dev, u_int32_t level, int opts) +{ + if (ioctl(dev, DIOCSETDEBUG, &level)) + err(1, "DIOCSETDEBUG"); + if ((opts & PF_OPT_QUIET) == 0) { + printf("debug level set to '"); + switch (level) { + case PF_DEBUG_NONE: + printf("none"); + break; + case PF_DEBUG_URGENT: + printf("urgent"); + break; + case PF_DEBUG_MISC: + printf("misc"); + break; + default: + printf("<invalid>"); + break; + } + printf("'\n"); + } + return (0); +} + +int main(int argc, char *argv[]) { extern char *optarg; @@ -394,7 +422,7 @@ main(int argc, char *argv[]) if (argc < 2) usage(); - while ((ch = getopt(argc, argv, "deqF:hl:nN:R:s:v")) != -1) { + while ((ch = getopt(argc, argv, "deqF:hl:nN:R:s:vx:")) != -1) { switch (ch) { case 'd': opts |= PF_OPT_DISABLE; @@ -426,6 +454,9 @@ main(int argc, char *argv[]) case 'v': opts |= PF_OPT_VERBOSE; break; + case 'x': + debugopt = optarg; + break; case 'h': default: usage(); @@ -446,7 +477,7 @@ main(int argc, char *argv[]) } else { /* turn off options */ opts &= ~ (PF_OPT_DISABLE | PF_OPT_ENABLE); - clearopt = logopt = showopt = NULL; + clearopt = logopt = showopt = debugopt = NULL; } if (opts & PF_OPT_DISABLE) @@ -522,6 +553,23 @@ main(int argc, char *argv[]) if (pfctl_enable(dev, opts)) error = 1; + if (debugopt != NULL) { + switch (*debugopt) { + case 'n': + pfctl_debug(dev, PF_DEBUG_NONE, opts); + break; + case 'u': + pfctl_debug(dev, PF_DEBUG_URGENT, opts); + break; + case 'm': + pfctl_debug(dev, PF_DEBUG_MISC, opts); + break; + default: + warnx("Unknown debug level '%s'", debugopt); + error = 1; + } + } + close(dev); exit(error); diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index f9f4266eb92..1fff22a4774 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.39 2001/07/19 00:07:36 krw Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.40 2001/08/11 12:05:00 dhartmei Exp $ */ /* * Copyright (c) 2001, Daniel Hartmeier @@ -348,10 +348,21 @@ print_status(struct pf_status *s) time_t t = time(NULL); int i; - printf("Status: %s Time: %u Since: %u\n", + printf("Status: %s Time: %u Since: %u Debug: ", s->running ? "Enabled" : "Disabled", t, s->since); - printf("Bytes In: %-10llu Bytes Out: %-10llu\n", + switch (s->debug) { + case 0: + printf("None"); + break; + case 1: + printf("Urgent"); + break; + case 2: + printf("Misc"); + break; + } + printf("\nBytes In: %-10llu Bytes Out: %-10llu\n", s->bcounters[PF_IN], s->bcounters[PF_OUT]); printf("Inbound Packets: Passed: %-10llu Dropped: %-10llu\n", s->pcounters[PF_IN][PF_PASS], |