diff --git a/contrib/ipfilter/man/ipfstat.8 b/contrib/ipfilter/man/ipfstat.8 index e93f9d319336..63fb4a9cadb5 100644 --- a/contrib/ipfilter/man/ipfstat.8 +++ b/contrib/ipfilter/man/ipfstat.8 @@ -5,7 +5,7 @@ ipfstat \- reports on packet filter statistics and filter list .SH SYNOPSIS .B ipfstat [ -.B \-6aAdfghIilnoRsv +.B \-46aAdfghIilnoRsv ] .br .B ipfstat -t @@ -35,6 +35,11 @@ is to retrieve and display the accumulated statistics which have been accumulated over time as the kernel has put packets through the filter. .SH OPTIONS .TP +.B \-4 +Display filter lists and states for IPv4, if available. This is the default +when displaying states. \fB-4\fP and \fB-6\fP is the default when +displaying lists. +.TP .B \-6 Display filter lists and states for IPv6, if available. .TP @@ -190,4 +195,4 @@ more entries is to resize the screen. .SH SEE ALSO ipf(8) .SH BUGS -none known. +\fB-4\fP and \fB-6\fP should also be the default when displaying states. diff --git a/contrib/ipfilter/tools/ipfstat.c b/contrib/ipfilter/tools/ipfstat.c index e18eecaabe28..ab4df1a6369f 100644 --- a/contrib/ipfilter/tools/ipfstat.c +++ b/contrib/ipfilter/tools/ipfstat.c @@ -57,7 +57,10 @@ static wordtab_t *state_fields = NULL; int nohdrfields = 0; int opts = 0; +#ifdef USE_INET6 +int use_inet4 = 0; int use_inet6 = 0; +#endif int live_kernel = 1; int state_fd = -1; int ipf_fd = -1; @@ -206,9 +209,9 @@ int main(argc,argv) u_32_t frf; #ifdef USE_INET6 - options = "6aACdfghIilnostvD:m:M:N:O:P:RS:T:"; + options = "46aACdfghIilnostvD:m:M:N:O:P:RS:T:"; #else - options = "aACdfghIilnostvD:m:M:N:O:P:RS:T:"; + options = "4aACdfghIilnostvD:m:M:N:O:P:RS:T:"; #endif saddr.in4.s_addr = INADDR_ANY; /* default any v4 source addr */ @@ -283,6 +286,9 @@ int main(argc,argv) switch (c) { #ifdef USE_INET6 + case '4' : + use_inet4 = 1; + break; case '6' : use_inet6 = 1; break; @@ -385,6 +391,10 @@ int main(argc,argv) break; } } +#ifdef USE_INET6 + if (use_inet4 == 0 && use_inet6 == 0) + use_inet4 = use_inet6 = 1; +#endif if (live_kernel == 1) { bzero((char *)&fio, sizeof(fio)); @@ -410,8 +420,13 @@ int main(argc,argv) #ifdef STATETOP else if (opts & OPT_STATETOP) topipstates(saddr, daddr, sport, dport, protocol, - use_inet6 ? 6 : 4, refreshtime, topclosed, filter); +#ifdef USE_INET6 + use_inet6 ? 6 : 4, +#else + 4, +#endif #endif + refreshtime, topclosed, filter); else if (opts & OPT_AUTHSTATS) showauthstates(frauthstp); else if (opts & OPT_GROUPS) @@ -805,15 +820,21 @@ printlivelist(fiop, out, set, fp, group, comment) if (rule.iri_rule == NULL) break; #ifdef USE_INET6 - if (use_inet6 != 0) { + if (use_inet6 != 0 && use_inet4 == 0) { if (fp->fr_family != 0 && fp->fr_family != AF_INET6) continue; - } else + } else if (use_inet4 != 0 && use_inet6 == 0) { #endif - { if (fp->fr_family != 0 && fp->fr_family != AF_INET) continue; +#ifdef USE_INET6 + } else { + if (fp->fr_family != 0 && + fp->fr_family != AF_INET && fp->fr_family != AF_INET6) + continue; } +#endif + if (fp->fr_data != NULL) fp->fr_data = (char *)fp + fp->fr_size; @@ -904,13 +925,21 @@ static void printdeadlist(fiop, out, set, fp, group, comment) return; } fp = &fb; - if (use_inet6 != 0) { - if (fp->fr_family != 0 && fp->fr_family != 6) +#ifdef USE_INET6 + if (use_inet6 != 0 && use_inet4 == 0) { + if (fp->fr_family != 0 && fp->fr_family != AF_INET6) continue; + } else if (use_inet4 != 0 && use_inet6 == 0) { +#endif + if (fp->fr_family != 0 && fp->fr_family != AF_INET) + continue; +#ifdef USE_INET6 } else { - if (fp->fr_family != 0 && fp->fr_family != 4) + if (fp->fr_family != 0 && + fp->fr_family != AF_INET && fp->fr_family != AF_INET6) continue; } +#endif data = NULL; type = fb.fr_type & ~FR_T_BUILTIN;