On 2019/02/01 18:09, YASUOKA Masahiko wrote:
> Hi,
>
> I often use "route-to" for DSR or balancing routes. It seems there is
> no way to know which route is selected for the pf state.
>
> The diff following makes "pfctl -ss" show the route address with
> square brackets if any.
>
> example:
>
> all tcp 10.0.0.101:8080 [10.0.0.12] <- 10.1.0.100:45482
> ESTABLISHED:ESTABLISHED
>
> all tcp 10.0.0.165:35691 -> 192.168.0.156:22 [10.0.0.2]
> ESTABLISHED:ESTABLISHED
>
> ok? comment?
I'd like to have this information too, but [] are quite heavily used
in the output format already, making it a bit hard to grep or pipe
through cut -d'[' to extract certain parts. What do you/anyone else
think of using { } for this instead?
> Index: sbin/pfctl/pf_print_state.c
> ===================================================================
> RCS file: /var/cvs/openbsd/src/sbin/pfctl/pf_print_state.c,v
> retrieving revision 1.68
> diff -u -p -r1.68 pf_print_state.c
> --- sbin/pfctl/pf_print_state.c 7 Sep 2018 10:29:22 -0000 1.68
> +++ sbin/pfctl/pf_print_state.c 1 Feb 2019 08:53:35 -0000
> @@ -241,6 +241,11 @@ print_state(struct pfsync_state *s, int
> sk->rdomain, pn, opts);
> printf(")");
> }
> + if (s->direction == PF_IN && !PF_AZERO(&s->rt_addr, sk->af)) {
> + printf(" [");
> + print_addr_str(sk->af, &s->rt_addr);
> + printf("]");
> + }
> if (s->direction == PF_OUT || (afto && s->direction == PF_IN))
> printf(" -> ");
> else
> @@ -254,6 +259,11 @@ print_state(struct pfsync_state *s, int
> print_host(&sk->addr[idx], sk->port[idx], sk->af,
> sk->rdomain, pn, opts);
> printf(")");
> + }
> + if (s->direction == PF_OUT && !PF_AZERO(&s->rt_addr, nk->af)) {
> + printf(" [");
> + print_addr_str(nk->af, &s->rt_addr);
> + printf("]");
> }
>
> printf(" ");
>
