On Fri, 1 Feb 2019 11:13:01 +0000
Stuart Henderson <[email protected]> wrote:
> On 2019/02/01 18:09, YASUOKA Masahiko wrote:
>> Hi,
>>
>> I often use "route-to" for DSR or balancing routes. It seems there is
>> no way to know which route is selected for the pf state.
>>
>> The diff following makes "pfctl -ss" show the route address with
>> square brackets if any.
>>
>> example:
>>
>> all tcp 10.0.0.101:8080 [10.0.0.12] <- 10.1.0.100:45482
>> ESTABLISHED:ESTABLISHED
>>
>> all tcp 10.0.0.165:35691 -> 192.168.0.156:22 [10.0.0.2]
>> ESTABLISHED:ESTABLISHED
>>
>> ok? comment?
>
> I'd like to have this information too, but [] are quite heavily used
> in the output format already, making it a bit hard to grep or pipe
> through cut -d'[' to extract certain parts. What do you/anyone else
> think of using { } for this instead?
Using { } is also fine for me.
Index: sbin/pfctl/pf_print_state.c
===================================================================
RCS file: /disk/cvs/openbsd/src/sbin/pfctl/pf_print_state.c,v
retrieving revision 1.68
diff -u -p -r1.68 pf_print_state.c
--- sbin/pfctl/pf_print_state.c 7 Sep 2018 10:29:22 -0000 1.68
+++ sbin/pfctl/pf_print_state.c 2 Feb 2019 10:21:24 -0000
@@ -241,6 +241,11 @@ print_state(struct pfsync_state *s, int
sk->rdomain, pn, opts);
printf(")");
}
+ if (s->direction == PF_IN && !PF_AZERO(&s->rt_addr, sk->af)) {
+ printf(" {");
+ print_addr_str(sk->af, &s->rt_addr);
+ printf("}");
+ }
if (s->direction == PF_OUT || (afto && s->direction == PF_IN))
printf(" -> ");
else
@@ -254,6 +259,11 @@ print_state(struct pfsync_state *s, int
print_host(&sk->addr[idx], sk->port[idx], sk->af,
sk->rdomain, pn, opts);
printf(")");
+ }
+ if (s->direction == PF_OUT && !PF_AZERO(&s->rt_addr, nk->af)) {
+ printf(" {");
+ print_addr_str(nk->af, &s->rt_addr);
+ printf("}");
}
printf(" ");
