Hi,
On 2017-01-26 01:56 AM, Jason McIntyre wrote:
> you still need to s/for kill/to kill/
> jmc
I forgot that one, here a new version.
Regards,
--
Bertrand Provost
Index: pfctl.8
===================================================================
RCS file: /cvs/src/sbin/pfctl/pfctl.8,v
retrieving revision 1.165
diff -u -p -r1.165 pfctl.8
--- pfctl.8 15 Jun 2015 08:48:23 -0000 1.165
+++ pfctl.8 26 Jan 2017 15:38:37 -0000
@@ -47,6 +47,7 @@
.Op Fl S Ar statefile
.Op Fl s Ar modifier Op Fl R Ar id
.Op Fl t Ar table Fl T Ar command Op Ar address ...
+.Op Fl V Ar rdomain
.Op Fl x Ar level
.Ek
.Sh DESCRIPTION
@@ -644,6 +645,10 @@ This flag is set when per-address counte
.El
.It Fl t Ar table
Specify the name of the table.
+.It Fl V Ar rdomain
+Select the routing domain to be used to kill states by host or by label.
+The rdomain of a state is displayed in parentheses before the host by
+.Fl s Cm states .
.It Fl v
Produce more verbose output.
A second use of
Index: pfctl.c
===================================================================
RCS file: /cvs/src/sbin/pfctl/pfctl.c,v
retrieving revision 1.334
diff -u -p -r1.334 pfctl.c
--- pfctl.c 14 Jan 2016 12:05:51 -0000 1.334
+++ pfctl.c 26 Jan 2017 15:38:37 -0000
@@ -69,9 +69,9 @@ int pfctl_clear_src_nodes(int, int);
int pfctl_clear_states(int, const char *, int);
void pfctl_addrprefix(char *, struct pf_addr *);
int pfctl_kill_src_nodes(int, const char *, int);
-int pfctl_net_kill_states(int, const char *, int);
-int pfctl_label_kill_states(int, const char *, int);
-int pfctl_id_kill_states(int, const char *, int);
+int pfctl_net_kill_states(int, const char *, int, int);
+int pfctl_label_kill_states(int, const char *, int, int);
+int pfctl_id_kill_states(int, int);
void pfctl_init_options(struct pfctl *);
int pfctl_load_options(struct pfctl *);
int pfctl_load_limit(struct pfctl *, unsigned int, unsigned int);
@@ -231,7 +231,7 @@ struct pf_qihead qspecs = TAILQ_HEAD_INI
struct pf_qihead rootqs = TAILQ_HEAD_INITIALIZER(rootqs);
-void
+__dead void
usage(void)
{
extern char *__progname;
@@ -243,7 +243,7 @@ usage(void)
fprintf(stderr, "[-L statefile] [-o level] [-p device]\n");
fprintf(stderr, "\t[-S statefile] [-s modifier [-R id]] ");
fprintf(stderr, "[-t table -T command [address ...]]\n");
- fprintf(stderr, "\t[-x level]\n");
+ fprintf(stderr, "\t[-V rdomain] [-x level]\n");
exit(1);
}
@@ -512,7 +512,7 @@ pfctl_kill_src_nodes(int dev, const char
}
int
-pfctl_net_kill_states(int dev, const char *iface, int opts)
+pfctl_net_kill_states(int dev, const char *iface, int opts, int rdomain)
{
struct pfioc_state_kill psk;
struct addrinfo *res[2], *resp[2];
@@ -531,6 +531,8 @@ pfctl_net_kill_states(int dev, const cha
sizeof(psk.psk_ifname)) >= sizeof(psk.psk_ifname))
errx(1, "invalid interface: %s", iface);
+ psk.psk_rdomain = rdomain;
+
pfctl_addrprefix(state_kill[0], &psk.psk_src.addr.v.a.mask);
if ((ret_ga = getaddrinfo(state_kill[0], NULL, NULL, &res[0]))) {
@@ -618,7 +620,7 @@ pfctl_net_kill_states(int dev, const cha
}
int
-pfctl_label_kill_states(int dev, const char *iface, int opts)
+pfctl_label_kill_states(int dev, const char *iface, int opts, int rdomain)
{
struct pfioc_state_kill psk;
@@ -635,6 +637,8 @@ pfctl_label_kill_states(int dev, const c
sizeof(psk.psk_label))
errx(1, "label too long: %s", state_kill[1]);
+ psk.psk_rdomain = rdomain;
+
if (ioctl(dev, DIOCKILLSTATES, &psk))
err(1, "DIOCKILLSTATES");
@@ -645,7 +649,7 @@ pfctl_label_kill_states(int dev, const c
}
int
-pfctl_id_kill_states(int dev, const char *iface, int opts)
+pfctl_id_kill_states(int dev, int opts)
{
struct pfioc_state_kill psk;
@@ -2098,6 +2102,7 @@ main(int argc, char *argv[])
int opts = 0;
int optimize = PF_OPTIMIZE_BASIC;
int level;
+ int rdomain = 0;
char anchorname[PATH_MAX];
int anchor_wildcard = 0;
char *path;
@@ -2109,7 +2114,7 @@ main(int argc, char *argv[])
usage();
while ((ch = getopt(argc, argv,
- "a:dD:eqf:F:ghi:k:K:L:no:Pp:R:rS:s:t:T:vx:z")) != -1) {
+ "a:dD:eqf:F:ghi:k:K:L:no:Pp:R:rS:s:t:T:vV:x:z")) != -1) {
switch (ch) {
case 'a':
anchoropt = optarg;
@@ -2215,6 +2220,13 @@ main(int argc, char *argv[])
opts |= PF_OPT_VERBOSE2;
opts |= PF_OPT_VERBOSE;
break;
+ case 'V':
+ rdomain = strtonum(optarg, 0, RT_TABLEID_MAX, &errstr);
+ if (errstr) {
+ warnx("Invalid rdomain: %s", errstr);
+ usage();
+ }
+ break;
case 'x':
debugopt = pfctl_lookup_option(optarg, debugopt_list);
if (debugopt == NULL) {
@@ -2403,11 +2415,11 @@ main(int argc, char *argv[])
}
if (state_killers) {
if (!strcmp(state_kill[0], "label"))
- pfctl_label_kill_states(dev, ifaceopt, opts);
+ pfctl_label_kill_states(dev, ifaceopt, opts, rdomain);
else if (!strcmp(state_kill[0], "id"))
- pfctl_id_kill_states(dev, ifaceopt, opts);
+ pfctl_id_kill_states(dev, opts);
else
- pfctl_net_kill_states(dev, ifaceopt, opts);
+ pfctl_net_kill_states(dev, ifaceopt, opts, rdomain);
}
if (src_node_killers)
Index: pfctl.8
===================================================================
RCS file: /cvs/src/sbin/pfctl/pfctl.8,v
retrieving revision 1.165
diff -u -p -r1.165 pfctl.8
--- pfctl.8 15 Jun 2015 08:48:23 -0000 1.165
+++ pfctl.8 26 Jan 2017 15:38:49 -0000
@@ -47,6 +47,7 @@
.Op Fl S Ar statefile
.Op Fl s Ar modifier Op Fl R Ar id
.Op Fl t Ar table Fl T Ar command Op Ar address ...
+.Op Fl V Ar rdomain
.Op Fl x Ar level
.Ek
.Sh DESCRIPTION
@@ -644,6 +645,10 @@ This flag is set when per-address counte
.El
.It Fl t Ar table
Specify the name of the table.
+.It Fl V Ar rdomain
+Select the routing domain to be used to kill states by host or by label.
+The rdomain of a state is displayed in parentheses before the host by
+.Fl s Cm states .
.It Fl v
Produce more verbose output.
A second use of
Index: pfctl.c
===================================================================
RCS file: /cvs/src/sbin/pfctl/pfctl.c,v
retrieving revision 1.334
diff -u -p -r1.334 pfctl.c
--- pfctl.c 14 Jan 2016 12:05:51 -0000 1.334
+++ pfctl.c 26 Jan 2017 15:38:49 -0000
@@ -69,9 +69,9 @@ int pfctl_clear_src_nodes(int, int);
int pfctl_clear_states(int, const char *, int);
void pfctl_addrprefix(char *, struct pf_addr *);
int pfctl_kill_src_nodes(int, const char *, int);
-int pfctl_net_kill_states(int, const char *, int);
-int pfctl_label_kill_states(int, const char *, int);
-int pfctl_id_kill_states(int, const char *, int);
+int pfctl_net_kill_states(int, const char *, int, int);
+int pfctl_label_kill_states(int, const char *, int, int);
+int pfctl_id_kill_states(int, int);
void pfctl_init_options(struct pfctl *);
int pfctl_load_options(struct pfctl *);
int pfctl_load_limit(struct pfctl *, unsigned int, unsigned int);
@@ -231,7 +231,7 @@ struct pf_qihead qspecs = TAILQ_HEAD_INI
struct pf_qihead rootqs = TAILQ_HEAD_INITIALIZER(rootqs);
-void
+__dead void
usage(void)
{
extern char *__progname;
@@ -243,7 +243,7 @@ usage(void)
fprintf(stderr, "[-L statefile] [-o level] [-p device]\n");
fprintf(stderr, "\t[-S statefile] [-s modifier [-R id]] ");
fprintf(stderr, "[-t table -T command [address ...]]\n");
- fprintf(stderr, "\t[-x level]\n");
+ fprintf(stderr, "\t[-V rdomain] [-x level]\n");
exit(1);
}
@@ -512,7 +512,7 @@ pfctl_kill_src_nodes(int dev, const char
}
int
-pfctl_net_kill_states(int dev, const char *iface, int opts)
+pfctl_net_kill_states(int dev, const char *iface, int opts, int rdomain)
{
struct pfioc_state_kill psk;
struct addrinfo *res[2], *resp[2];
@@ -531,6 +531,8 @@ pfctl_net_kill_states(int dev, const cha
sizeof(psk.psk_ifname)) >= sizeof(psk.psk_ifname))
errx(1, "invalid interface: %s", iface);
+ psk.psk_rdomain = rdomain;
+
pfctl_addrprefix(state_kill[0], &psk.psk_src.addr.v.a.mask);
if ((ret_ga = getaddrinfo(state_kill[0], NULL, NULL, &res[0]))) {
@@ -618,7 +620,7 @@ pfctl_net_kill_states(int dev, const cha
}
int
-pfctl_label_kill_states(int dev, const char *iface, int opts)
+pfctl_label_kill_states(int dev, const char *iface, int opts, int rdomain)
{
struct pfioc_state_kill psk;
@@ -635,6 +637,8 @@ pfctl_label_kill_states(int dev, const c
sizeof(psk.psk_label))
errx(1, "label too long: %s", state_kill[1]);
+ psk.psk_rdomain = rdomain;
+
if (ioctl(dev, DIOCKILLSTATES, &psk))
err(1, "DIOCKILLSTATES");
@@ -645,7 +649,7 @@ pfctl_label_kill_states(int dev, const c
}
int
-pfctl_id_kill_states(int dev, const char *iface, int opts)
+pfctl_id_kill_states(int dev, int opts)
{
struct pfioc_state_kill psk;
@@ -2098,6 +2102,7 @@ main(int argc, char *argv[])
int opts = 0;
int optimize = PF_OPTIMIZE_BASIC;
int level;
+ int rdomain = 0;
char anchorname[PATH_MAX];
int anchor_wildcard = 0;
char *path;
@@ -2109,7 +2114,7 @@ main(int argc, char *argv[])
usage();
while ((ch = getopt(argc, argv,
- "a:dD:eqf:F:ghi:k:K:L:no:Pp:R:rS:s:t:T:vx:z")) != -1) {
+ "a:dD:eqf:F:ghi:k:K:L:no:Pp:R:rS:s:t:T:vV:x:z")) != -1) {
switch (ch) {
case 'a':
anchoropt = optarg;
@@ -2215,6 +2220,13 @@ main(int argc, char *argv[])
opts |= PF_OPT_VERBOSE2;
opts |= PF_OPT_VERBOSE;
break;
+ case 'V':
+ rdomain = strtonum(optarg, 0, RT_TABLEID_MAX, &errstr);
+ if (errstr) {
+ warnx("Invalid rdomain: %s", errstr);
+ usage();
+ }
+ break;
case 'x':
debugopt = pfctl_lookup_option(optarg, debugopt_list);
if (debugopt == NULL) {
@@ -2403,11 +2415,11 @@ main(int argc, char *argv[])
}
if (state_killers) {
if (!strcmp(state_kill[0], "label"))
- pfctl_label_kill_states(dev, ifaceopt, opts);
+ pfctl_label_kill_states(dev, ifaceopt, opts, rdomain);
else if (!strcmp(state_kill[0], "id"))
- pfctl_id_kill_states(dev, ifaceopt, opts);
+ pfctl_id_kill_states(dev, opts);
else
- pfctl_net_kill_states(dev, ifaceopt, opts);
+ pfctl_net_kill_states(dev, ifaceopt, opts, rdomain);
}
if (src_node_killers)
