Bug #2121
closed
Todo #2109: pfSense on FreeBSD 10.x
pfctl -ss output has changed on FreeBSD 10
100%
Description
The state parsing code in diag_dump_states.php and elsewhere needs updated since on FreeBSD 9.x the format of the state output has changed.
For example, previously a NAT state looked like so:
all tcp internalip:64123 -> externalip:39329 -> destinationip:80 ESTABLISHED:ESTABLISHED
And now it looks like:
all tcp externalip:37706 (internalip:1051) -> destinaionip:80 ESTABLISHED:ESTABLISHED
Files
Updated by Seth Mos almost 13 years ago
maybe fixup on the state print patches so that the -> is added back?
Updated by Jim Pingle almost 13 years ago
I think I prefer the new output, it's a clearer separation for which is the internal IP rather than guess by counting ->'s
Probably need some more output examples though (say, from 1:1 NAT and port forwards) to really say how hard it might be to adjust.
Updated by Erik Fonnesbeck almost 13 years ago
Looks like the format for the changed part is like this:
NAT on destination (port forward)destination_after_nat (destination_before_nat) <- source
NAT on source (outbound NAT)source_after_nat (source_before_nat) -> destination
Updated by Chris Buechler over 12 years ago
- Affected Version changed from 2.1 to 2.2
Updated by Renato Botelho almost 11 years ago
- Subject changed from pfctl -ss output has changed on FreeBSD 9 to pfctl -ss output has changed on FreeBSD 10
Updated by Jim Pingle almost 11 years ago
The format is slightly different on 10.x than 9.x examples above.
In this sample output, 192.0.2.x is WAN on em0, 192.168.94.x is LAN on em1
em0 icmp 192.0.2.89:32114 -> 192.0.2.1:32114 0:0 em0 icmp 192.0.2.89:44428 (192.168.94.1:26879) -> 74.125.225.114:44428 0:0 lo0 udp 127.0.0.1:43924 -> 127.0.0.1:53 MULTIPLE:SINGLE em0 tcp 192.168.94.99:999 (192.0.2.89:999) <- 192.0.2.31:59269 CLOSED:SYN_SENT em1 tcp 192.0.2.31:59269 -> 192.168.94.99:999 SYN_SENT:CLOSED
The first column for the interface should probably be parsed and printed on the page now that it is meaningful.
Updated by Jim Pingle over 10 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 5344099abc7e490e63c9dacfb311c3fb3cc38de7.
Updated by 
Updated by Jim Pingle about 10 years ago
- Status changed from Feedback to New
Moving this back to New. The states table display is OK now but diag_states_summary.php breaks with the new formatting.
Updated by Jim Pingle about 10 years ago
- Status changed from New to Feedback
Applied in changeset c245a8460ab318d527f1c51cfc53f76494208885.
Updated by Thiago Basilio about 10 years ago
- File diag_dump_states.png diag_dump_states.png added
Latest snapshot seems OK.
(pfctl -ss output)
$ pfctl -ss re1 tcp 192.168.228.18:8530 <- 192.168.1.100:1049 ESTABLISHED:ESTABLISHED re0 icmp 192.168.228.107:6213 -> 192.168.228.1:6213 0:0 lo0 ipv6-icmp ff02::1[16448] <- fe80::1:1[16448] NO_TRAFFIC:NO_TRAFFIC re1 ipv6-icmp fe80::1:1[16448] -> ff02::1[16448] NO_TRAFFIC:NO_TRAFFIC re1 tcp 192.168.1.1:443 <- 192.168.1.100:1195 ESTABLISHED:ESTABLISHED re0 tcp 192.168.228.107:46232 -> 208.123.73.83:443 FIN_WAIT_2:FIN_WAIT_2
For diag_dump_states.php output, there is a image attached.
..
pfSense 2.2-BETA amd64
Firefox ESR 24.8.0 win32
..
Updated by Jim Pingle about 10 years ago
- Status changed from Feedback to Resolved