diff options
author | bz <bz@FreeBSD.org> | 2011-06-13 20:11:28 +0000 |
---|---|---|
committer | bz <bz@FreeBSD.org> | 2011-06-13 20:11:28 +0000 |
commit | 7ceffe8d596a6c4a956b1da3e5903b397b597c3d (patch) | |
tree | 3c5a69feff074c1eb883c9f6f87fca24aabb81a1 /contrib/pf/pfctl/pfctl_parser.c | |
parent | d33a1d3a06bc6927efb778d9ee040ca710e641e8 (diff) | |
download | FreeBSD-src-7ceffe8d596a6c4a956b1da3e5903b397b597c3d.zip FreeBSD-src-7ceffe8d596a6c4a956b1da3e5903b397b597c3d.tar.gz |
Add a new option -P to suppress getservbyport(3) calls when printing rules.
This allows one to force consistent printing of numeric port numbers like
we do with -n for other tools like netstat (just that -n was already taken)
rather than the service names.
-P is currently unused in OpenBSD so the change is eligible for upstreaming.
PR: misc/151015
Submitted by: Matt Koivisto (mkoivisto sandvine.com)
Sponsored by: Sandvine Incorporated
MFC after: 1 week
Diffstat (limited to 'contrib/pf/pfctl/pfctl_parser.c')
-rw-r--r-- | contrib/pf/pfctl/pfctl_parser.c | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/contrib/pf/pfctl/pfctl_parser.c b/contrib/pf/pfctl/pfctl_parser.c index c9b2e11..7dc0c59 100644 --- a/contrib/pf/pfctl/pfctl_parser.c +++ b/contrib/pf/pfctl/pfctl_parser.c @@ -64,11 +64,11 @@ __FBSDID("$FreeBSD$"); #include "pfctl.h" void print_op (u_int8_t, const char *, const char *); -void print_port (u_int8_t, u_int16_t, u_int16_t, const char *); +void print_port (u_int8_t, u_int16_t, u_int16_t, const char *, int); void print_ugid (u_int8_t, unsigned, unsigned, const char *, unsigned); void print_flags (u_int8_t); void print_fromto(struct pf_rule_addr *, pf_osfp_t, - struct pf_rule_addr *, u_int8_t, u_int8_t, int); + struct pf_rule_addr *, u_int8_t, u_int8_t, int, int); int ifa_skip_if(const char *filter, struct node_host *p); struct node_host *ifa_grouplookup(const char *, int); @@ -320,12 +320,15 @@ print_op(u_int8_t op, const char *a1, const char *a2) } void -print_port(u_int8_t op, u_int16_t p1, u_int16_t p2, const char *proto) +print_port(u_int8_t op, u_int16_t p1, u_int16_t p2, const char *proto, int numeric) { char a1[6], a2[6]; struct servent *s; - s = getservbyport(p1, proto); + if (!numeric) + s = getservbyport(p1, proto); + else + s = NULL; p1 = ntohs(p1); p2 = ntohs(p2); snprintf(a1, sizeof(a1), "%u", p1); @@ -363,7 +366,7 @@ print_flags(u_int8_t f) void print_fromto(struct pf_rule_addr *src, pf_osfp_t osfp, struct pf_rule_addr *dst, - sa_family_t af, u_int8_t proto, int verbose) + sa_family_t af, u_int8_t proto, int verbose, int numeric) { char buf[PF_OSFP_LEN*3]; if (src->addr.type == PF_ADDR_ADDRMASK && @@ -384,7 +387,8 @@ print_fromto(struct pf_rule_addr *src, pf_osfp_t osfp, struct pf_rule_addr *dst, if (src->port_op) print_port(src->port_op, src->port[0], src->port[1], - proto == IPPROTO_TCP ? "tcp" : "udp"); + proto == IPPROTO_TCP ? "tcp" : "udp", + numeric); if (osfp != PF_OSFP_ANY) printf(" os \"%s\"", pfctl_lookup_fingerprint(osfp, buf, sizeof(buf))); @@ -396,7 +400,8 @@ print_fromto(struct pf_rule_addr *src, pf_osfp_t osfp, struct pf_rule_addr *dst, if (dst->port_op) print_port(dst->port_op, dst->port[0], dst->port[1], - proto == IPPROTO_TCP ? "tcp" : "udp"); + proto == IPPROTO_TCP ? "tcp" : "udp", + numeric); } } @@ -673,7 +678,7 @@ print_src_node(struct pf_src_node *sn, int opts) } void -print_rule(struct pf_rule *r, const char *anchor_call, int verbose) +print_rule(struct pf_rule *r, const char *anchor_call, int verbose, int numeric) { static const char *actiontypes[] = { "pass", "block", "scrub", "no scrub", "nat", "no nat", "binat", "no binat", "rdr", "no rdr" }; @@ -800,7 +805,7 @@ print_rule(struct pf_rule *r, const char *anchor_call, int verbose) printf(" proto %u", r->proto); } print_fromto(&r->src, r->os_fingerprint, &r->dst, r->af, r->proto, - verbose); + verbose, numeric); if (r->uid.op) print_ugid(r->uid.op, r->uid.uid[0], r->uid.uid[1], "user", UID_MAX); |