Historically ipfstat listings and stats only listed IPv4 or IPv6 output.

ipfstat would list IPv4 outputs by default while -6 would produce IPv6 outputs. This commit combines the ipfstat -i and -o outputs into one listing of IPv4 and IPv6 rules. The -4 option lists only IPv4 rules (as the default before) while -6 continues to list only rules that affect IPv6. PR: 247952 Reported by: joeb1@a1poweruser.com MFC after: 1 week
svn path=/head/; revision=363279
2020-07-17 19:07:40 +00:00 · 2020-07-17 19:07:40 +00:00 · 88b86bb0f3 · 2020-12-20 02:59:44 +00:00
commit 88b86bb0f3
parent 5317660176
2 changed files with 42 additions and 18 deletions
--- a/contrib/ipfilter/man/ipfstat.8
+++ b/contrib/ipfilter/man/ipfstat.8
@ -5,7 +5,7 @@ ipfstat \- reports on packet filter statistics and filter list
 .SH SYNOPSIS
 .B ipfstat
 [
-.B \-6aAdfghIilnoRsv
+.B \-46aAdfghIilnoRsv
 ]
 .br
 .B ipfstat -t
@ -35,6 +35,11 @@ is to retrieve and display the accumulated statistics which have been
 accumulated over time as the kernel has put packets through the filter.
 .SH OPTIONS
 .TP
+.B \-4
+Display filter lists and states for IPv4, if available. This is the default
+when displaying states.  \fB-4\fP and \fB-6\fP is the default when
+displaying lists.
+.TP
 .B \-6
 Display filter lists and states for IPv6, if available.
 .TP
@ -190,4 +195,4 @@ more entries is to resize the screen.
 .SH SEE ALSO
 ipf(8)
 .SH BUGS
-none known.
+\fB-4\fP and \fB-6\fP should also be the default when displaying states.
--- a/contrib/ipfilter/tools/ipfstat.c
+++ b/contrib/ipfilter/tools/ipfstat.c
@ -58,6 +58,7 @@ static	wordtab_t	*state_fields = NULL;
 int	nohdrfields = 0;
 int	opts = 0;
 #ifdef	USE_INET6
+int	use_inet4 = 0;
 int	use_inet6 = 0;
 #endif
 int	live_kernel = 1;
@ -165,15 +166,15 @@ static void usage(name)
 	char *name;
 {
 #ifdef  USE_INET6
-	fprintf(stderr, "Usage: %s [-6aAdfghIilnoRsv]\n", name);
+	fprintf(stderr, "Usage: %s [-46aAdfghIilnoRsv]\n", name);
 #else
-	fprintf(stderr, "Usage: %s [-aAdfghIilnoRsv]\n", name);
+	fprintf(stderr, "Usage: %s [-4aAdfghIilnoRsv]\n", name);
 #endif
 	fprintf(stderr, "       %s [-M corefile] [-N symbol-list]\n", name);
 #ifdef	USE_INET6
-	fprintf(stderr, "       %s -t [-6C] ", name);
+	fprintf(stderr, "       %s -t [-46C] ", name);
 #else
-	fprintf(stderr, "       %s -t [-C] ", name);
+	fprintf(stderr, "       %s -t [-4C] ", name);
 #endif
 	fprintf(stderr, "[-D destination address] [-P protocol] [-S source address] [-T refresh time]\n");
 	exit(1);
@ -208,9 +209,9 @@ int main(argc,argv)
 	u_32_t frf;

 #ifdef	USE_INET6
-	options = "6aACdfghIilnostvD:m:M:N:O:P:RS:T:";
+	options = "46aACdfghIilnostvD:m:M:N:O:P:RS:T:";
 #else
-	options = "aACdfghIilnostvD:m:M:N:O:P:RS:T:";
+	options = "4aACdfghIilnostvD:m:M:N:O:P:RS:T:";
 #endif

 	saddr.in4.s_addr = INADDR_ANY; 	/* default any v4 source addr */
@ -285,6 +286,9 @@ int main(argc,argv)
 		switch (c)
 		{
 #ifdef	USE_INET6
+		case '4' :
+			use_inet4 = 1;
+			break;
 		case '6' :
 			use_inet6 = 1;
 			break;
@ -387,6 +391,10 @@ int main(argc,argv)
 			break;
 		}
 	}
+#ifdef	USE_INET6
+	if (use_inet4 == 0 && use_inet6 == 0)
+		use_inet4 = use_inet6 = 1;
+#endif

 	if (live_kernel == 1) {
 		bzero((char *)&fio, sizeof(fio));
@ -413,7 +421,7 @@ int main(argc,argv)
 	else if (opts & OPT_STATETOP)
 		topipstates(saddr, daddr, sport, dport, protocol,
 #ifdef	USE_INET6
-			    use_inet6 ? 6 : 4,
+			    use_inet6 && !use_inet4 ? 6 : 4,
 #else
 			    4,
 #endif
@ -812,15 +820,21 @@ printlivelist(fiop, out, set, fp, group, comment)
 		if (rule.iri_rule == NULL)
 			break;
 #ifdef USE_INET6
-		if (use_inet6 != 0) {
+		if (use_inet6 != 0 && use_inet4 == 0) {
 			if (fp->fr_family != 0 && fp->fr_family != AF_INET6)
 				continue;
-		} else
+		} else if (use_inet4 != 0 && use_inet6 == 0) {
 #endif
-		{
 			if (fp->fr_family != 0 && fp->fr_family != AF_INET)
 				continue;
+#ifdef USE_INET6
+		} else {
+			if (fp->fr_family != 0 &&
+			   fp->fr_family != AF_INET && fp->fr_family != AF_INET6)
+				continue;
 		}
+#endif
+
 		if (fp->fr_data != NULL)
 			fp->fr_data = (char *)fp + fp->fr_size;

@ -912,15 +926,20 @@ static void printdeadlist(fiop, out, set, fp, group, comment)
 		}
 		fp = &fb;
 #ifdef	USE_INET6
-		if (use_inet6 != 0) {
+		if (use_inet6 != 0 && use_inet4 == 0) {
 			if (fp->fr_family != 0 && fp->fr_family != AF_INET6)
 				continue;
-		} else
+		} else if (use_inet4 != 0 && use_inet6 == 0) {
 #endif
-		{
 			if (fp->fr_family != 0 && fp->fr_family != AF_INET)
 				continue;
+#ifdef	USE_INET6
+		} else {
+			if (fp->fr_family != 0 &&
+			   fp->fr_family != AF_INET && fp->fr_family != AF_INET6)
+				continue;
 		}
+#endif

 		data = NULL;
 		type = fb.fr_type & ~FR_T_BUILTIN;
@ -1916,7 +1935,7 @@ static void parse_ipportstr(argument, ip, port)
 		ok = 1;
 #ifdef	USE_INET6
 		ip->in6 = in6addr_any;
-	} else if (use_inet6 && inet_pton(AF_INET6, s, &ip->in6)) {
+	} else if (use_inet6 && !use_inet4 && inet_pton(AF_INET6, s, &ip->in6)) {
 		ok = 1;
 #endif
 	} else if (inet_aton(s, &ip->in4))
@ -2057,7 +2076,7 @@ static int sort_srcip(a, b)
 	register const statetop_t *bp = b;

 #ifdef USE_INET6
-	if (use_inet6) {
+	if (use_inet6 && !use_inet4) {
 		if (IP6_EQ(&ap->st_src, &bp->st_src))
 			return 0;
 		else if (IP6_GT(&ap->st_src, &bp->st_src))
@ -2097,7 +2116,7 @@ static int sort_dstip(a, b)
 	register const statetop_t *bp = b;

 #ifdef USE_INET6
-	if (use_inet6) {
+	if (use_inet6 && !use_inet4) {
 		if (IP6_EQ(&ap->st_dst, &bp->st_dst))
 			return 0;
 		else if (IP6_GT(&ap->st_dst, &bp->st_dst))