From 3f6ecdcf7bf4d1a9f842f454e434a0f834bc9338 Mon Sep 17 00:00:00 2001 From: Ryan Thomas McBride Date: Mon, 15 Dec 2003 07:11:32 +0000 Subject: Add initial support for pf state synchronization over the network. Implemented as an in-kernel multicast IP protocol. Turn it on like this: # ifconfig pfsync0 up syncif fxp0 There is not yet any authentication on this protocol, so the syncif must be on a trusted network. ie, a crossover cable between the two firewalls. NOTABLE CHANGES: - A new index based on a unique (creatorid, stateid) tuple has been added to the state tree. - Updates now appear on the pfsync(4) interface; multiple updates may be compressed into a single update. - Applications which use bpf on pfsync(4) will need modification; packets on pfsync no longer contains regular pf_state structs, but pfsync_state structs which contain no pointers. Much more to come. ok deraadt@ --- usr.sbin/tcpdump/print-ip.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'usr.sbin/tcpdump/print-ip.c') diff --git a/usr.sbin/tcpdump/print-ip.c b/usr.sbin/tcpdump/print-ip.c index fd0bafde914..62ab0d1dbc7 100644 --- a/usr.sbin/tcpdump/print-ip.c +++ b/usr.sbin/tcpdump/print-ip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print-ip.c,v 1.19 2003/02/20 23:39:20 jason Exp $ */ +/* $OpenBSD: print-ip.c,v 1.20 2003/12/15 07:11:31 mcbride Exp $ */ /* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 @@ -23,7 +23,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/print-ip.c,v 1.19 2003/02/20 23:39:20 jason Exp $ (LBL)"; + "@(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/print-ip.c,v 1.20 2003/12/15 07:11:31 mcbride Exp $ (LBL)"; #endif #include @@ -557,6 +557,17 @@ ip_print(register const u_char *bp, register u_int length) vrrp_print(cp, len, ip->ip_ttl); break; +#ifndef IPPROTO_PFSYNC +#define IPPROTO_PFSYNC 136 +#endif + case IPPROTO_PFSYNC: + if (vflag) + (void)printf("pfsync %s > %s: ", + ipaddr_string(&ip->ip_src), + ipaddr_string(&ip->ip_dst)); + pfsync_ip_print(cp, len, (const u_char *)ip); + break; + default: (void)printf("%s > %s:", ipaddr_string(&ip->ip_src), ipaddr_string(&ip->ip_dst)); -- cgit v1.2.3