1#!/bin/ksh 2# simple script that compare and display interface to address translation 3# done by the userland pfctl tool and by the kernel PF dynamic code. 4 5if2ip_user() { 6 echo "pass in from $1" | pfctl -nvf- 2>/dev/null \ 7 | awk '{print " "(($3=="on")?$7:$5)}' | sort -u 8} 9 10kernel_spec() { 11 set -- `echo $1 | sed "s;/; ;"` 12 if [ "X$2" == "X" ]; then 13 echo "($1)" 14 else 15 echo "($1)/$2" 16 fi 17} 18 19if2ip_kernel() { 20 T=`echo "pass in on tun100 from $1" | pfctl -a regress/if2ip -f- \ 21 -vf- | awk '{ print $6}' | tr -d "()"` 22 pfctl -a _pf -t "$T" -Ts | sort 23 pfctl -a regress/if2ip -qFr 24} 25 26while [ "X$1" != "X" ]; do 27 if [ "$1" == "-q" ]; then 28 QUIET=1 29 shift 30 fi 31 if [ "$1" == "-v" ]; then 32 QUIET=0 33 shift 34 fi 35 36 UIP=`if2ip_user $1` 37 KIF=`kernel_spec $1` 38 KIP=`if2ip_kernel $KIF` 39 40 if [ "$QUIET" == "1" ]; then 41 if [ "$UIP" == "$KIP" ]; then 42 echo "$1 and $KIF match." 43 else 44 echo "$1 and $KIF mismatch." 45 fi 46 else 47 echo "$1:"$UIP 48 echo "$KIF:"$KIP 49 fi 50 51 if [ "$UIP" != "$KIP" ]; then 52 exit 1 53 fi 54 shift 55done 56