mirror of
https://git.FreeBSD.org/src.git
synced 2024-10-19 02:29:40 +00:00
pfctl: support recursive printing of nat rules
PR: 252617
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D34455
(cherry picked from commit a20773c810
)
This commit is contained in:
parent
eb9784f245
commit
4da31fbe58
@ -98,7 +98,7 @@ int pfctl_get_pool(int, struct pfctl_pool *, u_int32_t, u_int32_t, int,
|
|||||||
char *);
|
char *);
|
||||||
void pfctl_print_rule_counters(struct pfctl_rule *, int);
|
void pfctl_print_rule_counters(struct pfctl_rule *, int);
|
||||||
int pfctl_show_rules(int, char *, int, enum pfctl_show, char *, int);
|
int pfctl_show_rules(int, char *, int, enum pfctl_show, char *, int);
|
||||||
int pfctl_show_nat(int, int, char *);
|
int pfctl_show_nat(int, char *, int, char *, int);
|
||||||
int pfctl_show_src_nodes(int, int);
|
int pfctl_show_src_nodes(int, int);
|
||||||
int pfctl_show_states(int, const char *, int);
|
int pfctl_show_states(int, const char *, int);
|
||||||
int pfctl_show_status(int, int);
|
int pfctl_show_status(int, int);
|
||||||
@ -1191,17 +1191,19 @@ pfctl_show_rules(int dev, char *path, int opts, enum pfctl_show format,
|
|||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
pfctl_show_nat(int dev, int opts, char *anchorname)
|
pfctl_show_nat(int dev, char *path, int opts, char *anchorname, int depth)
|
||||||
{
|
{
|
||||||
struct pfioc_rule pr;
|
struct pfioc_rule pr;
|
||||||
struct pfctl_rule rule;
|
struct pfctl_rule rule;
|
||||||
u_int32_t mnr, nr;
|
u_int32_t mnr, nr;
|
||||||
static int nattype[3] = { PF_NAT, PF_RDR, PF_BINAT };
|
static int nattype[3] = { PF_NAT, PF_RDR, PF_BINAT };
|
||||||
int i, dotitle = opts & PF_OPT_SHOWALL;
|
int i, dotitle = opts & PF_OPT_SHOWALL;
|
||||||
|
int brace;
|
||||||
|
char *p;
|
||||||
|
|
||||||
memset(&pr, 0, sizeof(pr));
|
|
||||||
memcpy(pr.anchor, anchorname, sizeof(pr.anchor));
|
|
||||||
for (i = 0; i < 3; i++) {
|
for (i = 0; i < 3; i++) {
|
||||||
|
memset(&pr, 0, sizeof(pr));
|
||||||
|
memcpy(pr.anchor, anchorname, sizeof(pr.anchor));
|
||||||
pr.rule.action = nattype[i];
|
pr.rule.action = nattype[i];
|
||||||
if (ioctl(dev, DIOCGETRULES, &pr)) {
|
if (ioctl(dev, DIOCGETRULES, &pr)) {
|
||||||
warn("DIOCGETRULES");
|
warn("DIOCGETRULES");
|
||||||
@ -1209,6 +1211,9 @@ pfctl_show_nat(int dev, int opts, char *anchorname)
|
|||||||
}
|
}
|
||||||
mnr = pr.nr;
|
mnr = pr.nr;
|
||||||
for (nr = 0; nr < mnr; ++nr) {
|
for (nr = 0; nr < mnr; ++nr) {
|
||||||
|
brace = 0;
|
||||||
|
INDENT(depth, !(opts & PF_OPT_VERBOSE));
|
||||||
|
|
||||||
pr.nr = nr;
|
pr.nr = nr;
|
||||||
if (pfctl_get_rule(dev, nr, pr.ticket, anchorname,
|
if (pfctl_get_rule(dev, nr, pr.ticket, anchorname,
|
||||||
nattype[i], &rule, pr.anchor_call)) {
|
nattype[i], &rule, pr.anchor_call)) {
|
||||||
@ -1218,15 +1223,37 @@ pfctl_show_nat(int dev, int opts, char *anchorname)
|
|||||||
if (pfctl_get_pool(dev, &rule.rpool, nr,
|
if (pfctl_get_pool(dev, &rule.rpool, nr,
|
||||||
pr.ticket, nattype[i], anchorname) != 0)
|
pr.ticket, nattype[i], anchorname) != 0)
|
||||||
return (-1);
|
return (-1);
|
||||||
|
|
||||||
|
if (pr.anchor_call[0] &&
|
||||||
|
((((p = strrchr(pr.anchor_call, '_')) != NULL) &&
|
||||||
|
(p == pr.anchor_call ||
|
||||||
|
*(--p) == '/')) || (opts & PF_OPT_RECURSE))) {
|
||||||
|
brace++;
|
||||||
|
if ((p = strrchr(pr.anchor_call, '/')) !=
|
||||||
|
NULL)
|
||||||
|
p++;
|
||||||
|
else
|
||||||
|
p = &pr.anchor_call[0];
|
||||||
|
} else
|
||||||
|
p = &pr.anchor_call[0];
|
||||||
|
|
||||||
if (dotitle) {
|
if (dotitle) {
|
||||||
pfctl_print_title("TRANSLATION RULES:");
|
pfctl_print_title("TRANSLATION RULES:");
|
||||||
dotitle = 0;
|
dotitle = 0;
|
||||||
}
|
}
|
||||||
print_rule(&rule, pr.anchor_call,
|
print_rule(&rule, pr.anchor_call,
|
||||||
opts & PF_OPT_VERBOSE2, opts & PF_OPT_NUMERIC);
|
opts & PF_OPT_VERBOSE2, opts & PF_OPT_NUMERIC);
|
||||||
printf("\n");
|
if (brace)
|
||||||
|
printf(" {\n");
|
||||||
|
else
|
||||||
|
printf("\n");
|
||||||
pfctl_print_rule_counters(&rule, opts);
|
pfctl_print_rule_counters(&rule, opts);
|
||||||
pfctl_clear_pool(&rule.rpool);
|
pfctl_clear_pool(&rule.rpool);
|
||||||
|
if (brace) {
|
||||||
|
pfctl_show_nat(dev, path, opts, p, depth + 1);
|
||||||
|
INDENT(depth, !(opts & PF_OPT_VERBOSE));
|
||||||
|
printf("}\n");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return (0);
|
return (0);
|
||||||
@ -2537,7 +2564,7 @@ main(int argc, char *argv[])
|
|||||||
break;
|
break;
|
||||||
case 'n':
|
case 'n':
|
||||||
pfctl_load_fingerprints(dev, opts);
|
pfctl_load_fingerprints(dev, opts);
|
||||||
pfctl_show_nat(dev, opts, anchorname);
|
pfctl_show_nat(dev, path, opts, anchorname, 0);
|
||||||
break;
|
break;
|
||||||
case 'q':
|
case 'q':
|
||||||
pfctl_show_altq(dev, ifaceopt, opts,
|
pfctl_show_altq(dev, ifaceopt, opts,
|
||||||
@ -2565,7 +2592,7 @@ main(int argc, char *argv[])
|
|||||||
opts |= PF_OPT_SHOWALL;
|
opts |= PF_OPT_SHOWALL;
|
||||||
pfctl_load_fingerprints(dev, opts);
|
pfctl_load_fingerprints(dev, opts);
|
||||||
|
|
||||||
pfctl_show_nat(dev, opts, anchorname);
|
pfctl_show_nat(dev, path, opts, anchorname, 0);
|
||||||
pfctl_show_rules(dev, path, opts, 0, anchorname, 0);
|
pfctl_show_rules(dev, path, opts, 0, anchorname, 0);
|
||||||
pfctl_show_altq(dev, ifaceopt, opts, 0);
|
pfctl_show_altq(dev, ifaceopt, opts, 0);
|
||||||
pfctl_show_states(dev, ifaceopt, opts);
|
pfctl_show_states(dev, ifaceopt, opts);
|
||||||
|
Loading…
Reference in New Issue
Block a user