MFC r363277-r363283

r363277: Only use the use_inet6 variable when INET6 is a build option. This is a prerequisite to upcoming argument processing cleanups which will resolve consistency as was done with ippool previously. PR: 247952 r363278: fr_family (the protocol family) must be AF_INET or AF_INET6, as in the kernel, not an arbitrary 4 or 6. This only affected printing ipfilter stats and rules from a kernel dump. (This is currently undocumented.) PR: 247952 r363279: Historically ipfstat listings and stats only listed IPv4 or IPv6 output. ipfstat would list IPv4 outputs by default while -6 would produce IPv6 outputs. This commit combines the ipfstat -i and -o outputs into one listing of IPv4 and IPv6 rules. The -4 option lists only IPv4 rules (as the default before) while -6 continues to list only rules that affect IPv6. PR: 247952 Reported by: joeb1@a1poweruser.com r363280: ipfstat -t defaults to IPv4 output. Make consistent with ipfstat -i and ipfstat -o where without an argument IPv4 and IPv6 states are shown. Use -4 and -6 to limit the display to IPv4 or IPv6 respectively. PR: 247952 r363281: Make ipfstat -t header generic when IPv4 and IPv6 output are displayed in the same display. PR: 247952 r363282: The output from usage() need not contain usage for -t when STATETOP is not compiled in. PR: 247952
2020-07-25 14:27:12 +00:00 · 2020-07-25 14:27:12 +00:00 · e288a5ef9f
commit e288a5ef9f
parent b985941550
2 changed files with 68 additions and 19 deletions
--- a/contrib/ipfilter/man/ipfstat.8
+++ b/contrib/ipfilter/man/ipfstat.8
@ -5,7 +5,7 @@ ipfstat \- reports on packet filter statistics and filter list
 .SH SYNOPSIS
 .B ipfstat
 [
-.B \-6aAdfghIilnoRsv
+.B \-46aAdfghIilnoRsv
 ]
 .br
 .B ipfstat -t
@ -35,6 +35,11 @@ is to retrieve and display the accumulated statistics which have been
 accumulated over time as the kernel has put packets through the filter.
 .SH OPTIONS
 .TP
+.B \-4
+Display filter lists and states for IPv4, if available. This is the default
+when displaying states.  \fB-4\fP and \fB-6\fP is the default when
+displaying lists.
+.TP
 .B \-6
 Display filter lists and states for IPv6, if available.
 .TP
@ -190,4 +195,5 @@ more entries is to resize the screen.
 .SH SEE ALSO
 ipf(8)
 .SH BUGS
-none known.
+\fB-4\fP and \fB-6\fP are only valid with \fB-i\fP, \fB-o\fP, and \fB-t\fP.
+An error should result when used with other arguments.
--- a/contrib/ipfilter/tools/ipfstat.c
+++ b/contrib/ipfilter/tools/ipfstat.c
@ -57,7 +57,10 @@ static	wordtab_t	*state_fields = NULL;

 int	nohdrfields = 0;
 int	opts = 0;
+#ifdef	USE_INET6
+int	use_inet4 = 0;
 int	use_inet6 = 0;
+#endif
 int	live_kernel = 1;
 int	state_fd = -1;
 int	ipf_fd = -1;
@ -163,15 +166,17 @@ static void usage(name)
 	char *name;
 {
 #ifdef  USE_INET6
-	fprintf(stderr, "Usage: %s [-6aAdfghIilnoRsv]\n", name);
+	fprintf(stderr, "Usage: %s [-46aAdfghIilnoRsv]\n", name);
 #else
-	fprintf(stderr, "Usage: %s [-aAdfghIilnoRsv]\n", name);
+	fprintf(stderr, "Usage: %s [-4aAdfghIilnoRsv]\n", name);
 #endif
 	fprintf(stderr, "       %s [-M corefile] [-N symbol-list]\n", name);
+#ifdef	STATETOP
 #ifdef	USE_INET6
-	fprintf(stderr, "       %s -t [-6C] ", name);
+	fprintf(stderr, "       %s -t [-46C] ", name);
 #else
-	fprintf(stderr, "       %s -t [-C] ", name);
+	fprintf(stderr, "       %s -t [-4C] ", name);
+#endif
 #endif
 	fprintf(stderr, "[-D destination address] [-P protocol] [-S source address] [-T refresh time]\n");
 	exit(1);
@ -206,9 +211,9 @@ int main(argc,argv)
 	u_32_t frf;

 #ifdef	USE_INET6
-	options = "6aACdfghIilnostvD:m:M:N:O:P:RS:T:";
+	options = "46aACdfghIilnostvD:m:M:N:O:P:RS:T:";
 #else
-	options = "aACdfghIilnostvD:m:M:N:O:P:RS:T:";
+	options = "4aACdfghIilnostvD:m:M:N:O:P:RS:T:";
 #endif

 	saddr.in4.s_addr = INADDR_ANY; 	/* default any v4 source addr */
@ -283,6 +288,9 @@ int main(argc,argv)
 		switch (c)
 		{
 #ifdef	USE_INET6
+		case '4' :
+			use_inet4 = 1;
+			break;
 		case '6' :
 			use_inet6 = 1;
 			break;
@ -385,6 +393,19 @@ int main(argc,argv)
 			break;
 		}
 	}
+#ifdef	USE_INET6
+	if ((use_inet4 || use_inet6) &&
+	   !(opts & (OPT_INQUE | OPT_OUTQUE | OPT_STATETOP))) {
+#ifdef	STATETOP
+		FPRINTF(stderr, "No -i, -o, or -t given with -4 or -6\n");
+#else
+		FPRINTF(stderr, "No -i or -o given with -4 or -6\n");
+#endif
+		exit(-2);
+	}
+	if (use_inet4 == 0 && use_inet6 == 0)
+		use_inet4 = use_inet6 = 1;
+#endif

 	if (live_kernel == 1) {
 		bzero((char *)&fio, sizeof(fio));
@ -410,8 +431,13 @@ int main(argc,argv)
 #ifdef STATETOP
 	else if (opts & OPT_STATETOP)
 		topipstates(saddr, daddr, sport, dport, protocol,
-			    use_inet6 ? 6 : 4, refreshtime, topclosed, filter);
+#ifdef	USE_INET6
+		use_inet6 && use_inet4 ? 0 : use_inet6 && !use_inet4 ? 6 : 4,
+#else
+		4,
 #endif
+#endif
+			    refreshtime, topclosed, filter);
 	else if (opts & OPT_AUTHSTATS)
 		showauthstates(frauthstp);
 	else if (opts & OPT_GROUPS)
@ -805,15 +831,21 @@ printlivelist(fiop, out, set, fp, group, comment)
 		if (rule.iri_rule == NULL)
 			break;
 #ifdef USE_INET6
-		if (use_inet6 != 0) {
+		if (use_inet6 != 0 && use_inet4 == 0) {
 			if (fp->fr_family != 0 && fp->fr_family != AF_INET6)
 				continue;
-		} else
+		} else if (use_inet4 != 0 && use_inet6 == 0) {
 #endif
-		{
 			if (fp->fr_family != 0 && fp->fr_family != AF_INET)
 				continue;
+#ifdef USE_INET6
+		} else {
+			if (fp->fr_family != 0 &&
+			   fp->fr_family != AF_INET && fp->fr_family != AF_INET6)
+				continue;
 		}
+#endif
+
 		if (fp->fr_data != NULL)
 			fp->fr_data = (char *)fp + fp->fr_size;

@ -904,13 +936,21 @@ static void printdeadlist(fiop, out, set, fp, group, comment)
 			return;
 		}
 		fp = &fb;
-		if (use_inet6 != 0) {
-			if (fp->fr_family != 0 && fp->fr_family != 6)
+#ifdef	USE_INET6
+		if (use_inet6 != 0 && use_inet4 == 0) {
+			if (fp->fr_family != 0 && fp->fr_family != AF_INET6)
 				continue;
+		} else if (use_inet4 != 0 && use_inet6 == 0) {
+#endif
+			if (fp->fr_family != 0 && fp->fr_family != AF_INET)
+				continue;
+#ifdef	USE_INET6
 		} else {
-			if (fp->fr_family != 0 && fp->fr_family != 4)
+			if (fp->fr_family != 0 &&
+			   fp->fr_family != AF_INET && fp->fr_family != AF_INET6)
 				continue;
 		}
+#endif

 		data = NULL;
 		type = fb.fr_type & ~FR_T_BUILTIN;
@ -1338,7 +1378,7 @@ static void topipstates(saddr, daddr, sport, dport, protocol, ver,
 			if (ipsstp->iss_list == NULL)
 				break;

-			if (ips.is_v != ver)
+			if (ver != 0 && ips.is_v != ver)
 				continue;

 			if ((filter != NULL) &&
@ -1906,7 +1946,7 @@ static void parse_ipportstr(argument, ip, port)
 		ok = 1;
 #ifdef	USE_INET6
 		ip->in6 = in6addr_any;
-	} else if (use_inet6 && inet_pton(AF_INET6, s, &ip->in6)) {
+	} else if (use_inet6 && !use_inet4 && inet_pton(AF_INET6, s, &ip->in6)) {
 		ok = 1;
 #endif
 	} else if (inet_aton(s, &ip->in4))
@ -1944,6 +1984,9 @@ static char *getip(v, addr)
 	static char hostbuf[MAXHOSTNAMELEN+1];
 #endif

+	if (v == 0)
+		return ("any");
+
 	if (v == 4)
 		return inet_ntoa(addr->in4);

@ -2047,7 +2090,7 @@ static int sort_srcip(a, b)
 	register const statetop_t *bp = b;

 #ifdef USE_INET6
-	if (use_inet6) {
+	if (use_inet6 && !use_inet4) {
 		if (IP6_EQ(&ap->st_src, &bp->st_src))
 			return 0;
 		else if (IP6_GT(&ap->st_src, &bp->st_src))
@ -2087,7 +2130,7 @@ static int sort_dstip(a, b)
 	register const statetop_t *bp = b;

 #ifdef USE_INET6
-	if (use_inet6) {
+	if (use_inet6 && !use_inet4) {
 		if (IP6_EQ(&ap->st_dst, &bp->st_dst))
 			return 0;
 		else if (IP6_GT(&ap->st_dst, &bp->st_dst))