summaryrefslogtreecommitdiffstats
path: root/contrib/pf/pfctl/pfctl_table.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/pf/pfctl/pfctl_table.c')
-rw-r--r--contrib/pf/pfctl/pfctl_table.c93
1 files changed, 53 insertions, 40 deletions
diff --git a/contrib/pf/pfctl/pfctl_table.c b/contrib/pf/pfctl/pfctl_table.c
index ecdd7e2..3d54466 100644
--- a/contrib/pf/pfctl/pfctl_table.c
+++ b/contrib/pf/pfctl/pfctl_table.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl_table.c,v 1.62 2004/12/22 17:17:55 dhartmei Exp $ */
+/* $OpenBSD: pfctl_table.c,v 1.66 2007/03/01 17:20:54 deraadt Exp $ */
/*
* Copyright (c) 2002 Cedric Berger
@@ -64,8 +64,7 @@ static void print_addrx(struct pfr_addr *, struct pfr_addr *, int);
static void print_astats(struct pfr_astats *, int);
static void radix_perror(void);
static void xprintf(int, const char *, ...);
-static void print_iface(struct pfi_if *, int);
-static void oprintf(int, int, const char *, int *, int);
+static void print_iface(struct pfi_kif *, int);
static const char *stats_text[PFR_DIR_MAX][PFR_OP_TABLE_MAX] = {
{ "In/Block:", "In/Pass:", "In/XPass:" },
@@ -178,7 +177,7 @@ pfctl_table(int argc, char *argv[], char *tname, const char *command,
break;
}
- if (opts & PF_OPT_SHOWALL && b.pfrb_size > 0)
+ if ((opts & PF_OPT_SHOWALL) && b.pfrb_size > 0)
pfctl_print_title("TABLES:");
PFRB_FOREACH(p, &b)
@@ -257,6 +256,42 @@ pfctl_table(int argc, char *argv[], char *tname, const char *command,
if ((opts & PF_OPT_VERBOSE2) || a->pfra_fback)
print_addrx(a, NULL,
opts & PF_OPT_USEDNS);
+ } else if (!strcmp(command, "expire")) {
+ const char *errstr;
+ u_int lifetime;
+
+ b.pfrb_type = PFRB_ASTATS;
+ b2.pfrb_type = PFRB_ADDRS;
+ if (argc != 1 || file != NULL)
+ usage();
+ lifetime = strtonum(*argv, 0, UINT_MAX, &errstr);
+ if (errstr)
+ errx(1, "expiry time: %s", errstr);
+ for (;;) {
+ pfr_buf_grow(&b, b.pfrb_size);
+ b.pfrb_size = b.pfrb_msize;
+ RVTEST(pfr_get_astats(&table, b.pfrb_caddr,
+ &b.pfrb_size, flags));
+ if (b.pfrb_size <= b.pfrb_msize)
+ break;
+ }
+ PFRB_FOREACH(p, &b)
+ if (time(NULL) - ((struct pfr_astats *)p)->pfras_tzero >
+ lifetime)
+ if (pfr_buf_add(&b2,
+ &((struct pfr_astats *)p)->pfras_a))
+ err(1, "duplicate buffer");
+
+ if (opts & PF_OPT_VERBOSE)
+ flags |= PFR_FLAG_FEEDBACK;
+ RVTEST(pfr_del_addrs(&table, b2.pfrb_caddr, b2.pfrb_size,
+ &ndel, flags));
+ xprintf(opts, "%d/%d addresses expired", ndel, b2.pfrb_size);
+ if (opts & PF_OPT_VERBOSE)
+ PFRB_FOREACH(a, &b2)
+ if ((opts & PF_OPT_VERBOSE2) || a->pfra_fback)
+ print_addrx(a, NULL,
+ opts & PF_OPT_USEDNS);
} else if (!strcmp(command, "show")) {
b.pfrb_type = (opts & PF_OPT_VERBOSE) ?
PFRB_ASTATS : PFRB_ADDRS;
@@ -294,7 +329,7 @@ pfctl_table(int argc, char *argv[], char *tname, const char *command,
RVTEST(pfr_tst_addrs(&table, b.pfrb_caddr, b.pfrb_size,
&nmatch, flags));
xprintf(opts, "%d/%d addresses match", nmatch, b.pfrb_size);
- if (opts & PF_OPT_VERBOSE && !(opts & PF_OPT_VERBOSE2))
+ if ((opts & PF_OPT_VERBOSE) && !(opts & PF_OPT_VERBOSE2))
PFRB_FOREACH(a, &b)
if (a->pfra_fback == PFR_FB_MATCH)
print_addrx(a, NULL,
@@ -542,17 +577,15 @@ int
pfctl_show_ifaces(const char *filter, int opts)
{
struct pfr_buffer b;
- struct pfi_if *p;
- int i = 0, f = PFI_FLAG_GROUP|PFI_FLAG_INSTANCE;
+ struct pfi_kif *p;
+ int i = 0;
- if (filter != NULL && *filter && !isdigit(filter[strlen(filter)-1]))
- f &= ~PFI_FLAG_INSTANCE;
bzero(&b, sizeof(b));
b.pfrb_type = PFRB_IFACES;
for (;;) {
pfr_buf_grow(&b, b.pfrb_size);
b.pfrb_size = b.pfrb_msize;
- if (pfi_get_ifaces(filter, b.pfrb_caddr, &b.pfrb_size, f)) {
+ if (pfi_get_ifaces(filter, b.pfrb_caddr, &b.pfrb_size)) {
radix_perror();
return (1);
}
@@ -568,50 +601,30 @@ pfctl_show_ifaces(const char *filter, int opts)
}
void
-print_iface(struct pfi_if *p, int opts)
+print_iface(struct pfi_kif *p, int opts)
{
- time_t tzero = p->pfif_tzero;
- int flags = (opts & PF_OPT_VERBOSE) ? p->pfif_flags : 0;
- int first = 1;
+ time_t tzero = p->pfik_tzero;
int i, af, dir, act;
- printf("%s", p->pfif_name);
- oprintf(flags, PFI_IFLAG_INSTANCE, "instance", &first, 0);
- oprintf(flags, PFI_IFLAG_GROUP, "group", &first, 0);
- oprintf(flags, PFI_IFLAG_CLONABLE, "clonable", &first, 0);
- oprintf(flags, PFI_IFLAG_DYNAMIC, "dynamic", &first, 0);
- oprintf(flags, PFI_IFLAG_ATTACHED, "attached", &first, 0);
- oprintf(flags, PFI_IFLAG_SKIP, "skipped", &first, 1);
-#ifdef __FreeBSD__
- first = 1;
- oprintf(flags, PFI_IFLAG_PLACEHOLDER, "placeholder", &first, 1);
-#endif
+ printf("%s", p->pfik_name);
+ if (opts & PF_OPT_VERBOSE) {
+ if (p->pfik_flags & PFI_IFLAG_SKIP)
+ printf(" (skip)");
+ }
printf("\n");
if (!(opts & PF_OPT_VERBOSE2))
return;
printf("\tCleared: %s", ctime(&tzero));
printf("\tReferences: [ States: %-18d Rules: %-18d ]\n",
- p->pfif_states, p->pfif_rules);
+ p->pfik_states, p->pfik_rules);
for (i = 0; i < 8; i++) {
af = (i>>2) & 1;
dir = (i>>1) &1;
act = i & 1;
printf("\t%-12s [ Packets: %-18llu Bytes: %-18llu ]\n",
istats_text[af][dir][act],
- (unsigned long long)p->pfif_packets[af][dir][act],
- (unsigned long long)p->pfif_bytes[af][dir][act]);
+ (unsigned long long)p->pfik_packets[af][dir][act],
+ (unsigned long long)p->pfik_bytes[af][dir][act]);
}
}
-
-void
-oprintf(int flags, int flag, const char *s, int *first, int last)
-{
- if (flags & flag) {
- printf(*first ? "\t(%s" : ", %s", s);
- *first = 0;
- }
- if (last && !*first)
- printf(")");
-}
-
OpenPOWER on IntegriCloud