1#!/bin/ksh 2# simple script that compare and display interface to address translation 3# done by the userland pfctl tool and by the kernel PF dynamic code. 4 5PFCTL="${PFCTL:=/sbin/pfctl}" 6 7if2ip_user() { 8 echo "pass in from $1" | $PFCTL -o none -nvf- 2>/dev/null \ 9 | awk '{print " "(($3=="on")?$7:$5)}' | sort -u 10} 11 12kernel_spec() { 13 set -- `echo $1 | sed "s;/; ;"` 14 if [ "X$2" == "X" ]; then 15 echo "($1)" 16 else 17 echo "($1)/$2" 18 fi 19} 20 21if2ip_kernel() { 22 T=`echo "pass in on tun100 from $1" | $PFCTL -a regress/if2ip -f- \ 23 -vf- | awk '{ print $6}' | tr -d "()"` 24 $PFCTL -a _pf -t "$T" -Ts | sort 25 $PFCTL -a regress/if2ip -qFr 26} 27 28while [ "X$1" != "X" ]; do 29 if [ "$1" == "-q" ]; then 30 QUIET=1 31 shift 32 fi 33 if [ "$1" == "-v" ]; then 34 QUIET=0 35 shift 36 fi 37 38 UIP=`if2ip_user $1` 39 KIF=`kernel_spec $1` 40 KIP=`if2ip_kernel $KIF` 41 42 if [ "$QUIET" == "1" ]; then 43 if [ "$UIP" == "$KIP" ]; then 44 echo "$1 and $KIF match." 45 else 46 echo "$1 and $KIF mismatch." 47 fi 48 else 49 echo "$1:"$UIP 50 echo "$KIF:"$KIP 51 fi 52 53 if [ "$UIP" != "$KIP" ]; then 54 exit 1 55 fi 56 shift 57done 58