From nobody Mon Feb 28 20:14:59 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 5375D19E67D5; Mon, 28 Feb 2022 20:15:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4K6s781sf2z4kFk; Mon, 28 Feb 2022 20:15:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1646079300; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=8+3jFiGB3wk3qiwkmH9FPVyf6WPXwtmoPyjg2u5a2TQ=; b=hSvKuehIct84QaPQfW8wgdJF9slHPpv8y2T51dW32KPXEtY4w1sthzKpw2plR8Tgu6F9BO Iw1h9rqpr4/nuwT7ROLZagyMiPZBagCdZNrH/TBcIqwR78asDlvyoTSCenKXov6Y1xZu7q CckqjwOVcA129fkvrWz+LyDTUMUDm1b/ICX+arEEb1QhspSBzlimYPH3jd+9a4R6vrxNOI 77uruai33HXrkBA1JEHQMdfZ8fz+CxMWruRdCTURJ6S+ki0W5s7elK2YJ3w1Es1i1gcFTS f/eGtaLLeEuCmhdEMa10fq/GRRat65JXnwXImx7XlnL8aPzw9hhR4LczbFnCXQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1568021C4A; Mon, 28 Feb 2022 20:15:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 21SKExcK062007; Mon, 28 Feb 2022 20:14:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 21SKEx1r062006; Mon, 28 Feb 2022 20:14:59 GMT (envelope-from git) Date: Mon, 28 Feb 2022 20:14:59 GMT Message-Id: <202202282014.21SKEx1r062006@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Cy Schubert Subject: git: 9291d079d54b - main - ipfilter: Print protocol when listing NAT table mappings List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 9291d079d54b828b43d3714a5f19f0ffe92837b8 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1646079300; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=8+3jFiGB3wk3qiwkmH9FPVyf6WPXwtmoPyjg2u5a2TQ=; b=Z6GcAYUET9NqKv/ecoUJDMcGmoBI4GA31AX0/tDIr+bCG5q8TbgTefZdY1jmX5bCY+jQ/y 86eqjip1ng4dfd9O/K1QsSjQG2Q2Tqn8OGFWaz/SyifoGnEZdY3SBt0XHE8oqnYnuPzkK+ rUWTUFiT0ufLujNCl6CUlolEC/dwFenkEFgfSBBkrRxMJ/ivTT3L6szRBgQeSVrUkdNCrt hJe+9hQoFZz69Z+UdOcKXI8lZc3udf3skaRl75U1/tBtecerqb6RyJHq/Uy0AOzeinLu3X msWxgDMPnTTROQBuauFWMyinbjCHE+Xuwmfmy/wg5FcQjhYKMYrurIUcod4MfQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1646079300; a=rsa-sha256; cv=none; b=cTqMrWCVtrhJTzx3NYKk6n62yEJRhl049u96DXuITEfqnxiMFmqsq6vBFum6vrjGEqdSMu qX8slSeOij+nTgCe4pCJMCaok4RxDwLTSoaEQpmbvwgjZOYLX6f8U8Un+R407/moTbuai9 NrPUTbBtzGDHhaf2CvWh1Sq+F5CDbgAtFlGVONDH94nVTlZFHZnCpqn2Vjb9/G9VTxBHzh KKfZBC7Kb52Y3fd5H9fvOct0jlBkGwwmn3WrAwDdhrXkP13sX8e4NLl91lcw1DguOJSuVD EA7Dxb2LAX/SZjtnixQJDE293ZEiVyA3X84pEQAUms3b4o21ukO0aK8JUhA0ig== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=9291d079d54b828b43d3714a5f19f0ffe92837b8 commit 9291d079d54b828b43d3714a5f19f0ffe92837b8 Author: Cy Schubert AuthorDate: 2022-02-28 19:43:33 +0000 Commit: Cy Schubert CommitDate: 2022-02-28 20:11:39 +0000 ipfilter: Print protocol when listing NAT table mappings NAT table mappings list only the source and destination IP, the source and destinaion port numbers, and their mappings. But the protocol is not listed. Now that Facebook and Google use QUIC, seeing port 443 in in a list of active NAT sessions could mean 443/tcp or 443/udp. This patch adds the protocol to the listing to aid in determining whether HTTPS is TCP or QUIC in a NAT mapping listing. This also helps differentiatinete between other protocols such as ICMP, ESP, and AH in ipnat list of active sessions. MFC after: 1 week --- sbin/ipf/libipf/printactivenat.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/sbin/ipf/libipf/printactivenat.c b/sbin/ipf/libipf/printactivenat.c index fcef19a4efa7..3a6337ab0f7b 100644 --- a/sbin/ipf/libipf/printactivenat.c +++ b/sbin/ipf/libipf/printactivenat.c @@ -15,10 +15,17 @@ static const char rcsid[] = "@(#)$Id$"; #endif +static int proto_opened = 0; void printactivenat(nat_t *nat, int opts, u_long ticks) { + struct protoent *pproto; + + if (proto_opened == 0) { + proto_opened = 1; + setprotoent(1); + } PRINTF("%s", getnattype(nat)); @@ -55,6 +62,9 @@ printactivenat(nat_t *nat, int opts, u_long ticks) if ((nat->nat_flags & IPN_TCPUDP) != 0) PRINTF(" %-5hu", ntohs(nat->nat_ndport)); + pproto = getprotobynumber(nat->nat_pr[0]); + PRINTF(" %s", pproto->p_name); + } else if (nat->nat_dir == NAT_OUTBOUND) { printactiveaddress(nat->nat_v[0], "%-15s", &nat->nat_osrc6, nat->nat_ifnames[0]); @@ -76,6 +86,9 @@ printactivenat(nat_t *nat, int opts, u_long ticks) if ((nat->nat_flags & IPN_TCPUDP) != 0) PRINTF(" %hu", ntohs(nat->nat_odport)); PRINTF("]"); + + pproto = getprotobynumber(nat->nat_pr[1]); + PRINTF(" %s", pproto->p_name); } else { printactiveaddress(nat->nat_v[1], "%-15s", &nat->nat_ndst6, nat->nat_ifnames[0]); @@ -97,8 +110,12 @@ printactivenat(nat_t *nat, int opts, u_long ticks) if ((nat->nat_flags & IPN_TCPUDP) != 0) PRINTF(" %hu", ntohs(nat->nat_osport)); PRINTF("]"); + + pproto = getprotobynumber(nat->nat_pr[0]); + PRINTF(" %s", pproto->p_name); } + if (opts & OPT_VERBOSE) { PRINTF("\n\tttl %lu use %hu sumd %s/", nat->nat_age - ticks, nat->nat_use,