git: 9291d079d54b - main - ipfilter: Print protocol when listing NAT table mappings
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 28 Feb 2022 20:14:59 UTC
The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=9291d079d54b828b43d3714a5f19f0ffe92837b8 commit 9291d079d54b828b43d3714a5f19f0ffe92837b8 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2022-02-28 19:43:33 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2022-02-28 20:11:39 +0000 ipfilter: Print protocol when listing NAT table mappings NAT table mappings list only the source and destination IP, the source and destinaion port numbers, and their mappings. But the protocol is not listed. Now that Facebook and Google use QUIC, seeing port 443 in in a list of active NAT sessions could mean 443/tcp or 443/udp. This patch adds the protocol to the listing to aid in determining whether HTTPS is TCP or QUIC in a NAT mapping listing. This also helps differentiatinete between other protocols such as ICMP, ESP, and AH in ipnat list of active sessions. MFC after: 1 week --- sbin/ipf/libipf/printactivenat.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/sbin/ipf/libipf/printactivenat.c b/sbin/ipf/libipf/printactivenat.c index fcef19a4efa7..3a6337ab0f7b 100644 --- a/sbin/ipf/libipf/printactivenat.c +++ b/sbin/ipf/libipf/printactivenat.c @@ -15,10 +15,17 @@ static const char rcsid[] = "@(#)$Id$"; #endif +static int proto_opened = 0; void printactivenat(nat_t *nat, int opts, u_long ticks) { + struct protoent *pproto; + + if (proto_opened == 0) { + proto_opened = 1; + setprotoent(1); + } PRINTF("%s", getnattype(nat)); @@ -55,6 +62,9 @@ printactivenat(nat_t *nat, int opts, u_long ticks) if ((nat->nat_flags & IPN_TCPUDP) != 0) PRINTF(" %-5hu", ntohs(nat->nat_ndport)); + pproto = getprotobynumber(nat->nat_pr[0]); + PRINTF(" %s", pproto->p_name); + } else if (nat->nat_dir == NAT_OUTBOUND) { printactiveaddress(nat->nat_v[0], "%-15s", &nat->nat_osrc6, nat->nat_ifnames[0]); @@ -76,6 +86,9 @@ printactivenat(nat_t *nat, int opts, u_long ticks) if ((nat->nat_flags & IPN_TCPUDP) != 0) PRINTF(" %hu", ntohs(nat->nat_odport)); PRINTF("]"); + + pproto = getprotobynumber(nat->nat_pr[1]); + PRINTF(" %s", pproto->p_name); } else { printactiveaddress(nat->nat_v[1], "%-15s", &nat->nat_ndst6, nat->nat_ifnames[0]); @@ -97,8 +110,12 @@ printactivenat(nat_t *nat, int opts, u_long ticks) if ((nat->nat_flags & IPN_TCPUDP) != 0) PRINTF(" %hu", ntohs(nat->nat_osport)); PRINTF("]"); + + pproto = getprotobynumber(nat->nat_pr[0]); + PRINTF(" %s", pproto->p_name); } + if (opts & OPT_VERBOSE) { PRINTF("\n\tttl %lu use %hu sumd %s/", nat->nat_age - ticks, nat->nat_use,