contrib/ipfilter/printstate.c

   1 /*
   2  * Copyright (C) 2002 by Darren Reed.
   3  *
   4  * See the IPFILTER.LICENCE file for details on licencing.
   5  */
   6 #if defined(__sgi) && (IRIX > 602)
   7 # include <sys/ptimers.h>
   8 #endif
   9 #include <sys/types.h>
  10 #include <sys/param.h>
  11 #include <sys/socket.h>
  12 #include <sys/ioctl.h>
  13 #include <netinet/in.h>
  14 #include <arpa/inet.h>
  15 #include <netinet/in_systm.h>
  16 #include <net/if.h>
  17 #include <stdio.h>
  18 #if __FreeBSD_version >= 300000
  19 # include <net/if_var.h>
  20 #endif
  21 #include "kmem.h"
  22 #include "netinet/ip_compat.h"
  23 #include "ipf.h"
  24 #include "netinet/ip_fil.h"
  25 #include "netinet/ip_state.h"
  26
  27 #define PRINTF  (void)printf
  28 #define FPRINTF (void)fprintf
  29
  30 ipstate_t *printstate(sp, opts)
  31 ipstate_t *sp;
  32 int opts;
  33 {
  34         ipstate_t ips;
  35
  36         if (kmemcpy((char *)&ips, (u_long)sp, sizeof(ips)))
  37                 return NULL;
  38
  39         PRINTF("%s -> ", hostname(ips.is_v, &ips.is_src.in4));
  40         PRINTF("%s ttl %ld pass %#x pr %d state %d/%d\n",
  41                 hostname(ips.is_v, &ips.is_dst.in4),
  42                 ips.is_age, ips.is_pass, ips.is_p,
  43                 ips.is_state[0], ips.is_state[1]);
  44 #ifdef  USE_QUAD_T
  45         PRINTF("\tpkts %qu bytes %qu", (unsigned long long) ips.is_pkts,
  46                 (unsigned long long) ips.is_bytes);
  47 #else
  48         PRINTF("\tpkts %ld bytes %ld", ips.is_pkts, ips.is_bytes);
  49 #endif
  50         if (ips.is_p == IPPROTO_TCP) {
  51 #if defined(NetBSD) && (NetBSD >= 199905) && (NetBSD < 1991011) || \
  52 (__FreeBSD_version >= 220000) || defined(__OpenBSD__)
  53                 PRINTF("\t%hu -> %hu %x:%x (max %x:%x)\n",
  54                         ntohs(ips.is_sport), ntohs(ips.is_dport),
  55                         ips.is_send, ips.is_dend,
  56                         ips.is_maxsend, ips.is_maxdend);
  57                 PRINTF("\t%u<<%d:%u<<%d",
  58                         ips.is_maxswin>>ips.is_swscale, ips.is_swscale,
  59                         ips.is_maxdwin>>ips.is_dwscale, ips.is_dwscale);
  60 #else
  61                 PRINTF("\t%hu -> %hu %x:%x (max %x:%x)\n",
  62                         ntohs(ips.is_sport), ntohs(ips.is_dport),
  63                         ips.is_send, ips.is_dend,
  64                         ips.is_maxsend, ips.is_maxdend);
  65                 PRINTF("\t%u<<%d:%u<<%d",
  66                         ips.is_maxswin>>ips.is_swscale, ips.is_swscale,
  67                         ips.is_maxdwin>>ips.is_dwscale, ips.is_dwscale);
  68 #endif
  69         } else if (ips.is_p == IPPROTO_UDP)
  70                 PRINTF(" %hu -> %hu", ntohs(ips.is_sport),
  71                         ntohs(ips.is_dport));
  72         else if (ips.is_p == IPPROTO_ICMP
  73 #ifdef  USE_INET6
  74                  || ips.is_p == IPPROTO_ICMPV6
  75 #endif
  76                 )
  77                 PRINTF(" id %hu seq %hu type %d", ntohs(ips.is_icmp.ics_id),
  78                         ntohs(ips.is_icmp.ics_seq), ips.is_icmp.ics_type);
  79
  80         PRINTF("\n\t");
  81
  82         /*
  83          * Print out bits set in the result code for the state being
  84          * kept as they would for a rule.
  85          */
  86         if (ips.is_pass & FR_PASS) {
  87                 PRINTF("pass");
  88         } else if (ips.is_pass & FR_BLOCK) {
  89                 PRINTF("block");
  90                 switch (ips.is_pass & FR_RETMASK)
  91                 {
  92                 case FR_RETICMP :
  93                         PRINTF(" return-icmp");
  94                         break;
  95                 case FR_FAKEICMP :
  96                         PRINTF(" return-icmp-as-dest");
  97                         break;
  98                 case FR_RETRST :
  99                         PRINTF(" return-rst");
 100                         break;
 101                 default :
 102                         break;
 103                 }
 104         } else if ((ips.is_pass & FR_LOGMASK) == FR_LOG) {
 105                         PRINTF("log");
 106                 if (ips.is_pass & FR_LOGBODY)
 107                         PRINTF(" body");
 108                 if (ips.is_pass & FR_LOGFIRST)
 109                         PRINTF(" first");
 110         } else if (ips.is_pass & FR_ACCOUNT)
 111                 PRINTF("count");
 112
 113         if (ips.is_pass & FR_OUTQUE)
 114                 PRINTF(" out");
 115         else
 116                 PRINTF(" in");
 117
 118         if ((ips.is_pass & FR_LOG) != 0) {
 119                 PRINTF(" log");
 120                 if (ips.is_pass & FR_LOGBODY)
 121                         PRINTF(" body");
 122                 if (ips.is_pass & FR_LOGFIRST)
 123                         PRINTF(" first");
 124                 if (ips.is_pass & FR_LOGORBLOCK)
 125                         PRINTF(" or-block");
 126         }
 127         if (ips.is_pass & FR_QUICK)
 128                 PRINTF(" quick");
 129         if (ips.is_pass & FR_KEEPFRAG)
 130                 PRINTF(" keep frags");
 131         /* a given; no? */
 132         if (ips.is_pass & FR_KEEPSTATE)
 133                 PRINTF(" keep state");
 134         PRINTF("\tIPv%d", ips.is_v);
 135         PRINTF("\n");
 136
 137         PRINTF("\tpkt_flags & %x(%x) = %x,\t",
 138                 ips.is_flags & 0xf, ips.is_flags,
 139                 ips.is_flags >> 4);
 140         PRINTF("\tpkt_options & %x = %x\n", ips.is_optmsk,
 141                 ips.is_opt);
 142         PRINTF("\tpkt_security & %x = %x, pkt_auth & %x = %x\n",
 143                 ips.is_secmsk, ips.is_sec, ips.is_authmsk,
 144                 ips.is_auth);
 145         PRINTF("\tinterfaces: in %s", getifname(ips.is_ifp[0]));
 146         PRINTF(",%s", getifname(ips.is_ifp[1]));
 147         PRINTF(" out %s", getifname(ips.is_ifp[2]));
 148         PRINTF(",%s\n", getifname(ips.is_ifp[3]));
 149
 150         return ips.is_next;
 151 }