From nobody Mon Mar 07 13:33:25 2022 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 2FB7519F95D0; Mon, 7 Mar 2022 13:33:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KBztY6WCDz4rcw; Mon, 7 Mar 2022 13:33:25 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1646660006; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=g7FJZsKv96AVSY5fVV5CE5HdK7b/VT55r3IshuiIy2E=; b=ezcEK328e+QZWqJ4rWWAYHqUdGgKm07akF+8I3LkxcY7EwAmKojrZh+kCEQDoS6HuLp4zw brS1mw82zvsF6FOdi6cnzmEv+9QYLQbG+u6twUYcTNLypMcyuhqapRRNfaNFwba2V8OvIR Ikcv18qb0AYJDHiIIbaDMLnQ+lAiaultfjpm1ptZakGNmuvHR87U9Eibwr+Zwt/3fsWpz7 NT4RRSoMKLsfGc1auf2wRkqRZ3PrJoWQdDlZXlR9cA9yHn1wpEgZNxfzsSFTwtzjTAXSy/ y/jL3ELyvEX4rygWPlsWz8CGj/xoQeH2rpwMKT+uxj65wrYLSlgCO1hM8CJAYA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B6EA9129C; Mon, 7 Mar 2022 13:33:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 227DXPcW073109; Mon, 7 Mar 2022 13:33:25 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 227DXP4c073108; Mon, 7 Mar 2022 13:33:25 GMT (envelope-from git) Date: Mon, 7 Mar 2022 13:33:25 GMT Message-Id: <202203071333.227DXP4c073108@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Cy Schubert Subject: git: d1f3afc4a47e - stable/13 - ipfilter: Print protocol when listing NAT table mappings List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: d1f3afc4a47e5ea4c9150987c10dc3915021e72b Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1646660006; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=g7FJZsKv96AVSY5fVV5CE5HdK7b/VT55r3IshuiIy2E=; b=lic5ktQLtUu2PfklUU4lUhiLpJ9suWxG/WIuay1wrWBk9OKWewbUI3ciNzkWtO4t97Xbye 5ODSTF7qpH07T6wEh6D3+xludldxIYbi5DuLF0ZW56jdJRY92dKyPFGIv6xh5Srvn/jFoR S2fAYDFWz6mz6U629kI/8goQmt77qNmn8DwWWHh1y0BgcPMi8Am9OjsL6ZCrYgKVWGxzvt X1SxPC5tB005rgNAsa+0K7pRLrmm9WfpVDP7D4WU6FxdktI6+h5CxLzNlfuznjbnRkPueO HzgKnCXDs0Q49raVl6CUf+Gxw1qca8QsrzjO2yLYgpCqdk30Dhgs1g0nKDnqRA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1646660006; a=rsa-sha256; cv=none; b=IvsBTlpt0Urt8zriWC03/2JgMcmN7pf0MiR1ewCFkkz6pFOq3wJhJiliTcB9wJG4rZnItD N2gwVdOEFt3Ws+pUFi6jZLdYTnGCJO7Vbiw6UvlopX2RiCtM6LWlH9NfZ2wAG/zB6o/TK8 aWKyoJ68PHRN2fi4oOczzSeKHEXG5Dj3Fg1q0lotfJlOOUNpZ5P/9e0BLu4ip8fLAcyDUZ znjW7p16kUrmYMMLA9M7BVQDQ4UjYiFeNoia/OaadUctlomw0PzcP9qn4Ter+zV3zhrlrX jpyaNHo0b/qAlPwHP545M6BwvRsVjXzFtlcXyq0YlJVNvsFL9gPO7fdswRB8Hw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=d1f3afc4a47e5ea4c9150987c10dc3915021e72b commit d1f3afc4a47e5ea4c9150987c10dc3915021e72b Author: Cy Schubert AuthorDate: 2022-02-28 19:43:33 +0000 Commit: Cy Schubert CommitDate: 2022-03-07 13:32:58 +0000 ipfilter: Print protocol when listing NAT table mappings NAT table mappings list only the source and destination IP, the source and destinaion port numbers, and their mappings. But the protocol is not listed. Now that Facebook and Google use QUIC, seeing port 443 in in a list of active NAT sessions could mean 443/tcp or 443/udp. This patch adds the protocol to the listing to aid in determining whether HTTPS is TCP or QUIC in a NAT mapping listing. This also helps differentiatinete between other protocols such as ICMP, ESP, and AH in ipnat list of active sessions. (cherry picked from commit 9291d079d54b828b43d3714a5f19f0ffe92837b8) --- sbin/ipf/libipf/printactivenat.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/sbin/ipf/libipf/printactivenat.c b/sbin/ipf/libipf/printactivenat.c index fcef19a4efa7..3a6337ab0f7b 100644 --- a/sbin/ipf/libipf/printactivenat.c +++ b/sbin/ipf/libipf/printactivenat.c @@ -15,10 +15,17 @@ static const char rcsid[] = "@(#)$Id$"; #endif +static int proto_opened = 0; void printactivenat(nat_t *nat, int opts, u_long ticks) { + struct protoent *pproto; + + if (proto_opened == 0) { + proto_opened = 1; + setprotoent(1); + } PRINTF("%s", getnattype(nat)); @@ -55,6 +62,9 @@ printactivenat(nat_t *nat, int opts, u_long ticks) if ((nat->nat_flags & IPN_TCPUDP) != 0) PRINTF(" %-5hu", ntohs(nat->nat_ndport)); + pproto = getprotobynumber(nat->nat_pr[0]); + PRINTF(" %s", pproto->p_name); + } else if (nat->nat_dir == NAT_OUTBOUND) { printactiveaddress(nat->nat_v[0], "%-15s", &nat->nat_osrc6, nat->nat_ifnames[0]); @@ -76,6 +86,9 @@ printactivenat(nat_t *nat, int opts, u_long ticks) if ((nat->nat_flags & IPN_TCPUDP) != 0) PRINTF(" %hu", ntohs(nat->nat_odport)); PRINTF("]"); + + pproto = getprotobynumber(nat->nat_pr[1]); + PRINTF(" %s", pproto->p_name); } else { printactiveaddress(nat->nat_v[1], "%-15s", &nat->nat_ndst6, nat->nat_ifnames[0]); @@ -97,8 +110,12 @@ printactivenat(nat_t *nat, int opts, u_long ticks) if ((nat->nat_flags & IPN_TCPUDP) != 0) PRINTF(" %hu", ntohs(nat->nat_osport)); PRINTF("]"); + + pproto = getprotobynumber(nat->nat_pr[0]); + PRINTF(" %s", pproto->p_name); } + if (opts & OPT_VERBOSE) { PRINTF("\n\tttl %lu use %hu sumd %s/", nat->nat_age - ticks, nat->nat_use,