SecBSD's official ports repository

2023-08-16 22:26:55 +00:00 · 2023-08-16 22:26:55 +00:00 · 2c0afcbbf3
commit 2c0afcbbf3
64331 changed files with 5339189 additions and 0 deletions
--- a/sysutils/pftop/patches/patch-pftop_c
+++ b/sysutils/pftop/patches/patch-pftop_c
@ -0,0 +1,483 @@
+--- pftop.c.orig	Wed Nov  7 07:36:46 2007
+++ pftop.c	Mon Apr 24 03:44:14 2017
+@@ -55,6 +55,7 @@
+ #include <err.h>
+ #include <errno.h>
+ #include <fcntl.h>
+#include <limits.h>
+ #include <netdb.h>
+ #include <signal.h>
+ #include <stdio.h>
+@@ -127,6 +128,13 @@
+ #define PT_NOROUTE(x) (0)
+ #endif
+ 
+#ifdef HAVE_NETWORK_ORDER
+#define PF_TSTAMP(x) ntohl(x)
+#else
+#define PF_TSTAMP(x) (x)
+#endif
+
+
+ /* view management */
+ int select_states(void);
+ int read_states(void);
+@@ -445,11 +453,11 @@ sort_pkt_callback(const void *s1, const void *s2)
+ int
+ sort_age_callback(const void *s1, const void *s2)
+ {
+-	if (state_buf[* (u_int32_t *) s2].creation >
+-	    state_buf[* (u_int32_t *) s1].creation)
+	if (PF_TSTAMP(state_buf[* (u_int32_t *) s2].creation) >
+	    PF_TSTAMP(state_buf[* (u_int32_t *) s1].creation))
+ 		return sortdir;
+-	if (state_buf[* (u_int32_t *) s2].creation <
+-	    state_buf[* (u_int32_t *) s1].creation)
+	if (PF_TSTAMP(state_buf[* (u_int32_t *) s2].creation) <
+	    PF_TSTAMP(state_buf[* (u_int32_t *) s1].creation))
+ 		return -sortdir;
+ 	return 0;
+ }
+@@ -457,11 +465,11 @@ sort_age_callback(const void *s1, const void *s2)
+ int
+ sort_exp_callback(const void *s1, const void *s2)
+ {
+-	if (state_buf[* (u_int32_t *) s2].expire >
+-	    state_buf[* (u_int32_t *) s1].expire)
+	if (PF_TSTAMP(state_buf[* (u_int32_t *) s2].expire) >
+	    PF_TSTAMP(state_buf[* (u_int32_t *) s1].expire))
+ 		return sortdir;
+-	if (state_buf[* (u_int32_t *) s2].expire <
+-	    state_buf[* (u_int32_t *) s1].expire)
+	if (PF_TSTAMP(state_buf[* (u_int32_t *) s2].expire) <
+	    PF_TSTAMP(state_buf[* (u_int32_t *) s1].expire))
+ 		return -sortdir;
+ 	return 0;
+ }
+@@ -535,6 +543,9 @@ compare_addr(int af, const struct pf_addr *a, const st
+ 	return 0;
+ }
+ 
+#ifdef HAVE_PFSYNC_KEY
+
+static
+ #ifdef __GNUC__
+ __inline__
+ #endif
+@@ -542,6 +553,114 @@ int
+ sort_addr_callback(const pf_state_t *s1,
+ 		   const pf_state_t *s2, int dir)
+ {
+	const struct pf_addr *aa, *ab;
+	u_int16_t pa, pb;
+	int af, ret, ii, io;
+
+	af = s1->af;
+
+
+	if (af > s2->af)
+		return sortdir;
+	if (af < s2->af)
+		return -sortdir;
+	
+       	ii = io = 0;
+
+	if (dir == PF_OUT)	/* looking for source addr */
+		io = 1;
+	else			/* looking for dest addr */
+		ii = 1;
+	
+	if (s1->direction == PF_IN) {
+		aa = &s1->key[PF_SK_STACK].addr[ii];
+		pa =  s1->key[PF_SK_STACK].port[ii];
+	} else {
+		aa = &s1->key[PF_SK_WIRE].addr[io];
+		pa =  s1->key[PF_SK_WIRE].port[io];
+	}
+
+	if (s2->direction == PF_IN) {
+		ab = &s2->key[PF_SK_STACK].addr[ii];;
+		pb =  s2->key[PF_SK_STACK].port[ii];
+	} else {
+		ab = &s2->key[PF_SK_WIRE].addr[io];;
+		pb =  s2->key[PF_SK_WIRE].port[io];
+	}
+
+	ret = compare_addr(af, aa, ab);
+	if (ret)
+		return ret * sortdir;
+
+	if (ntohs(pa) > ntohs(pb))
+		return sortdir;
+	return -sortdir;
+}
+
+static
+#ifdef __GNUC__
+__inline__
+#endif
+int
+sort_port_callback(const pf_state_t *s1,
+		   const pf_state_t *s2, int dir)
+{
+	const struct pf_addr *aa, *ab;
+	u_int16_t pa, pb;
+	int af, ret, ii, io;
+
+	af = s1->af;
+
+
+	if (af > s2->af)
+		return sortdir;
+	if (af < s2->af)
+		return -sortdir;
+	
+       	ii = io = 0;
+
+	if (dir == PF_OUT)	/* looking for source addr */
+		io = 1;
+	else			/* looking for dest addr */
+		ii = 1;
+	
+	if (s1->direction == PF_IN) {
+		aa = &s1->key[PF_SK_STACK].addr[ii];
+		pa =  s1->key[PF_SK_STACK].port[ii];
+	} else {
+		aa = &s1->key[PF_SK_WIRE].addr[io];
+		pa =  s1->key[PF_SK_WIRE].port[io];
+	}
+
+	if (s2->direction == PF_IN) {
+		ab = &s2->key[PF_SK_STACK].addr[ii];;
+		pb =  s2->key[PF_SK_STACK].port[ii];
+	} else {
+		ab = &s2->key[PF_SK_WIRE].addr[io];;
+		pb =  s2->key[PF_SK_WIRE].port[io];
+	}
+
+
+	if (ntohs(pa) > ntohs(pb))
+		return sortdir;
+	if (ntohs(pa) < ntohs(pb))
+		return - sortdir;
+
+	ret = compare_addr(af, aa, ab);
+	if (ret)
+		return ret * sortdir;
+	return -sortdir;
+}
+
+#else	/* HAVE_PFSYNC_KEY */
+
+#ifdef __GNUC__
+__inline__
+#endif
+int
+sort_addr_callback(const pf_state_t *s1,
+		   const pf_state_t *s2, int dir)
+{
+ 	const pf_state_host_t *a, *b;
+ 	int af, ret;
+ 
+@@ -573,20 +692,6 @@ sort_addr_callback(const pf_state_t *s1,
+ 	return -sortdir;
+ }
+ 
+-int sort_sa_callback(const void *p1, const void *p2)
+-{
+-	pf_state_t *s1 = state_buf + (* (u_int32_t *) p1);
+-	pf_state_t *s2 = state_buf + (* (u_int32_t *) p2);
+-	return sort_addr_callback(s1, s2, PF_OUT);
+-}
+-
+-int sort_da_callback(const void *p1, const void *p2)
+-{
+-	pf_state_t *s1 = state_buf + (* (u_int32_t *) p1);
+-	pf_state_t *s2 = state_buf + (* (u_int32_t *) p2);
+-	return sort_addr_callback(s1, s2, PF_IN);
+-}
+-
+ #ifdef __GNUC__
+ __inline__
+ #endif
+@@ -625,7 +730,22 @@ sort_port_callback(const pf_state_t *s1,
+ 		return sortdir;
+ 	return -sortdir;
+ }
+#endif	/* HAVE_PFSYNC_KEY */
+ 
+int sort_sa_callback(const void *p1, const void *p2)
+{
+	pf_state_t *s1 = state_buf + (* (u_int32_t *) p1);
+	pf_state_t *s2 = state_buf + (* (u_int32_t *) p2);
+	return sort_addr_callback(s1, s2, PF_OUT);
+}
+
+int sort_da_callback(const void *p1, const void *p2)
+{
+	pf_state_t *s1 = state_buf + (* (u_int32_t *) p1);
+	pf_state_t *s2 = state_buf + (* (u_int32_t *) p2);
+	return sort_addr_callback(s1, s2, PF_IN);
+}
+
+ int
+ sort_sp_callback(const void *p1, const void *p2)
+ {
+@@ -865,7 +985,48 @@ tb_print_addr(struct pf_addr * addr, struct pf_addr * 
+ 			tbprintf("/%u", unmask(mask, af));
+ 	}
+ }
+#ifdef HAVE_PFSYNC_KEY
+void
+print_fld_host2(field_def *fld, struct pfsync_state_key *ks,
+		struct pfsync_state_key *kn, int idx, int af)
+{
+	struct pf_addr *as = &ks->addr[idx];
+	struct pf_addr *an = &kn->addr[idx];
+ 
+	u_int16_t ps = ntohs(ks->port[idx]);
+	u_int16_t pn = ntohs(kn->port[idx]);
+
+	if (fld == NULL)
+		return;
+
+	if (fld->width < 3) {
+		print_fld_str(fld, "*");
+		return;
+	}
+
+	tb_start();
+	tb_print_addr(as, NULL, af);
+
+	if (af == AF_INET)
+		tbprintf(":%u", ps);
+	else
+		tbprintf("[%u]", ps);
+
+	print_fld_tb(fld);
+
+	if (PF_ANEQ(as, an, af) || ps != pn) {
+		tb_start();
+		tb_print_addr(an, NULL, af);
+
+		if (af == AF_INET)
+			tbprintf(":%u", pn);
+		else
+			tbprintf("[%u]", pn);
+		print_fld_tb(FLD_GW);
+	}
+
+}
+#else
+ void
+ print_fld_host(field_def *fld, pf_state_host_t * h, int af)
+ {
+@@ -889,6 +1050,7 @@ print_fld_host(field_def *fld, pf_state_host_t * h, in
+ 
+ 	print_fld_tb(fld);
+ }
+#endif
+ 
+ void
+ print_fld_state(field_def *fld, unsigned int proto,
+@@ -960,7 +1122,20 @@ print_state(pf_state_t * s, struct sc_ent * ent)
+ 	else
+ 		print_fld_uint(FLD_PROTO, s->proto);
+ 
+#ifdef HAVE_PFSYNC_KEY
+ 	if (s->direction == PF_OUT) {
+		print_fld_host2(FLD_SRC, &s->key[PF_SK_WIRE],
+		    &s->key[PF_SK_STACK], 1, s->af);
+		print_fld_host2(FLD_DEST, &s->key[PF_SK_WIRE],
+		    &s->key[PF_SK_STACK], 0, s->af);
+	} else {
+		print_fld_host2(FLD_SRC, &s->key[PF_SK_STACK],
+		    &s->key[PF_SK_WIRE], 0, s->af);
+		print_fld_host2(FLD_DEST, &s->key[PF_SK_STACK],
+		    &s->key[PF_SK_WIRE], 1, s->af);
+	}
+#else
+	if (s->direction == PF_OUT) {
+ 		print_fld_host(FLD_SRC, &s->lan, s->af);
+ 		print_fld_host(FLD_DEST, &s->ext, s->af);
+ 	} else {
+@@ -972,6 +1147,7 @@ print_state(pf_state_t * s, struct sc_ent * ent)
+ 	    (s->lan.port != s->gwy.port)) {
+ 		print_fld_host(FLD_GW, &s->gwy, s->af);
+ 	}
+#endif
+ 
+ 	if (s->direction == PF_OUT)
+ 		print_fld_str(FLD_DIR, "Out");
+@@ -979,8 +1155,8 @@ print_state(pf_state_t * s, struct sc_ent * ent)
+ 		print_fld_str(FLD_DIR, "In");
+ 
+ 	print_fld_state(FLD_STATE, s->proto, src->state, dst->state);
+-	print_fld_age(FLD_AGE, s->creation);
+-	print_fld_age(FLD_EXP, s->expire);
+	print_fld_age(FLD_AGE, PF_TSTAMP(s->creation));
+	print_fld_age(FLD_EXP, PF_TSTAMP(s->expire));
+ #ifdef HAVE_INOUT_COUNT
+ 	{
+ 		u_int64_t sz = COUNTER(s->bytes[0]) + COUNTER(s->bytes[1]);
+@@ -988,18 +1164,18 @@ print_state(pf_state_t * s, struct sc_ent * ent)
+ 		print_fld_size(FLD_PKTS, COUNTER(s->packets[0]) +
+ 			       COUNTER(s->packets[1]));
+ 		print_fld_size(FLD_BYTES, sz);
+-		print_fld_rate(FLD_SA, (s->creation > 0) ?
+-			       ((double)sz/(double)s->creation) : -1);
+		print_fld_rate(FLD_SA, (s->creation) ?
+			       ((double)sz/PF_TSTAMP((double)s->creation)) : -1);
+ 	}
+ #else
+ 	print_fld_size(FLD_PKTS, s->packets);
+ 	print_fld_size(FLD_BYTES, s->bytes);
+-	print_fld_rate(FLD_SA, (s->creation > 0) ?
+-		       ((double)s->bytes/(double)s->creation) : -1);
+	print_fld_rate(FLD_SA, (s->creation) ?
+		       ((double)s->bytes/PF_TSTAMP((double)s->creation)) : -1);
+ 
+ #endif
+ #ifdef HAVE_PFSYNC_STATE
+-	print_fld_uint(FLD_RULE, s->rule);
+	print_fld_uint(FLD_RULE, ntohl(s->rule));
+ #else
+ #ifdef HAVE_RULE_NUMBER
+ 	print_fld_uint(FLD_RULE, s->rule.nr);
+@@ -1112,7 +1288,7 @@ read_anchor_rules(char *anchor)
+ 
+ #ifdef HAVE_RULESETS
+ struct anchor_name {
+-	char name[MAXPATHLEN];
+	char name[PATH_MAX];
+ 	struct anchor_name *next;
+ 	u_int32_t ref;
+ };
+@@ -1458,8 +1634,9 @@ tb_print_flags(u_int8_t f)
+ void
+ print_rule(struct pf_rule *pr)
+ {
+-	static const char *actiontypes[] = { "Pass", "Block", "Scrub", "Nat",
+-	    "no Nat", "Binat", "no Binat", "Rdr", "no Rdr" };
+	static const char *actiontypes[] = { "Pass", "Block", "Scrub",
+	    "no Scrub", "Nat", "no Nat", "Binat", "no Binat", "Rdr",
+	    "no Rdr", "SynProxy Block", "Defer", "Match" };
+ 	int numact = sizeof(actiontypes) / sizeof(char *);
+ 
+ #ifdef HAVE_PF_ROUTE
+@@ -1475,8 +1652,12 @@ print_rule(struct pf_rule *pr)
+ 	print_fld_str(FLD_LABEL, pr->label);
+ #endif
+ #ifdef HAVE_RULE_STATES
+#ifdef HAVE_PFSYNC_KEY
+	print_fld_size(FLD_STATS, pr->states_tot);
+#else
+ 	print_fld_size(FLD_STATS, pr->states);
+ #endif
+#endif
+ 
+ #ifdef HAVE_INOUT_COUNT_RULES
+ 	print_fld_size(FLD_PKTS, pr->packets[0] + pr->packets[1]);
+@@ -1486,7 +1667,13 @@ print_rule(struct pf_rule *pr)
+ 	print_fld_size(FLD_BYTES, pr->bytes);
+ #endif
+ 	print_fld_uint(FLD_RULE, pr->nr);
+-	print_fld_str(FLD_DIR, pr->direction == PF_OUT ? "Out" : "In");
+	if (pr->direction == PF_OUT)
+		print_fld_str(FLD_DIR, "Out");
+	else if (pr->direction == PF_IN)
+		print_fld_str(FLD_DIR, "In");
+	else
+		print_fld_str(FLD_DIR, "Any");
+
+ 	if (pr->quick)
+ 		print_fld_str(FLD_QUICK, "Quick");
+ 
+@@ -1555,7 +1742,9 @@ print_rule(struct pf_rule *pr)
+ #ifdef HAVE_PF_ROUTE
+ 	if (pr->rt > 0 && pr->rt < numroute) {
+ 		tbprintf("%s ", routetypes[pr->rt]);
+#ifdef PF_FASTROUTE
+ 		if (pr->rt != PF_FASTROUTE)
+#endif
+ 			tbprintf("... ");
+ 	}
+ #endif
+@@ -1729,12 +1918,19 @@ pfctl_insert_altq_node(struct pf_altq_node **root,
+ 			prev->next = node;
+ 		}
+ 	}
+-	if (*root != node) {
+-		struct pf_altq_node	*prev_flat = *root;
+-		while (prev_flat->next_flat != NULL) {
+-			prev_flat = prev_flat->next_flat;
+-		}
+-		prev_flat->next_flat = node;
+}
+
+void
+pfctl_set_next_flat(struct pf_altq_node *node, struct pf_altq_node *up)
+{
+	while (node) {
+		struct pf_altq_node *next = node->next ? node->next : up;
+		if (node->children) {
+			node->next_flat = node->children;
+			pfctl_set_next_flat(node->children, next);
+		} else
+			node->next_flat = next;
+		node = node->next;
+ 	}
+ }
+ 
+@@ -1743,10 +1939,11 @@ pfctl_update_qstats(struct pf_altq_node **root, int *i
+ {
+ 	struct pf_altq_node	*node;
+ 	struct pfioc_altq	 pa;
+-	struct pfioc_qstats	 pq;
+	struct pfioc_altqstats	 pq;
+ 	u_int32_t		 nr;
+ 	struct queue_stats	 qstats;
+ 	u_int32_t		 nr_queues;
+	int			 ret = 0;
+ 
+ 	*inserts = 0;
+ 	memset(&pa, 0, sizeof(pa));
+@@ -1757,13 +1954,15 @@ pfctl_update_qstats(struct pf_altq_node **root, int *i
+ 			  strerror(errno));
+ 		return (-1);
+ 	}
+
+ 	num_queues = nr_queues = pa.nr;
+ 	for (nr = 0; nr < nr_queues; ++nr) {
+ 		pa.nr = nr;
+ 		if (ioctl(pf_dev, DIOCGETALTQ, &pa)) {
+ 			msgprintf("Error Reading Queue (DIOCGETALTQ): %s",
+ 				  strerror(errno));
+-			return (-1);
+			ret = -1;
+			break;
+ 		}
+ 		if (pa.altq.qid > 0) {
+ 			pq.nr = nr;
+@@ -1773,7 +1972,8 @@ pfctl_update_qstats(struct pf_altq_node **root, int *i
+ 			if (ioctl(pf_dev, DIOCGETQSTATS, &pq)) {
+ 				msgprintf("Error Reading Queue (DIOCGETQSTATS): %s",
+ 					  strerror(errno));
+-				return (-1);
+				ret = -1;
+				break;
+ 			}
+ 			qstats.valid = 1;
+ 			gettimeofday(&qstats.timestamp, NULL);
+@@ -1794,7 +1994,10 @@ pfctl_update_qstats(struct pf_altq_node **root, int *i
+ 		else
+ 			--num_queues;
+ 	}
+-	return (0);
+
+	pfctl_set_next_flat(*root, NULL);
+
+	return (ret);
+ }
+ 
+ void