search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HAMMER VFS - Do a better job with IO_DIRECT
[dragonfly.git] / contrib / ipfilter / printnat.c
blob5a12b32165bdb59e3c4abdb8c94456b839bec812
1 /*
2 * Copyright (C) 1993-2001 by Darren Reed.
3 *
4 * See the IPFILTER.LICENCE file for details on licencing.
5 *
6 * Added redirect stuff and a variety of bug fixes. (mcn@EnGarde.com)
7 */
8 #if defined(__sgi) && (IRIX > 602)
9 # include <sys/ptimers.h>
10 #endif
11 #include <stdio.h>
12 #include <string.h>
13 #include <fcntl.h>
14 #include <errno.h>
15 #include <sys/types.h>
16 #if !defined(__SVR4) && !defined(__svr4__)
17 #include <strings.h>
18 #else
19 #include <sys/byteorder.h>
20 #endif
21 #include <sys/time.h>
22 #include <sys/param.h>
23 #include <stdlib.h>
24 #include <unistd.h>
25 #include <stddef.h>
26 #include <sys/socket.h>
27 #include <sys/ioctl.h>
28 #if defined(sun) && (defined(__svr4__) || defined(__SVR4))
29 # include <sys/ioccom.h>
30 # include <sys/sysmacros.h>
31 #endif
32 #include <netinet/in.h>
33 #include <netinet/in_systm.h>
34 #include <netinet/ip.h>
35 #include <netinet/tcp.h>
36 #include <net/if.h>
37 #if __FreeBSD_version >= 300000
38 # include <net/if_var.h>
39 #endif
40 #include <netdb.h>
41 #include <arpa/nameser.h>
42 #include <arpa/inet.h>
43 #include <resolv.h>
44 #include <ctype.h>
45 #include "netinet/ip_compat.h"
46 #include "netinet/ip_fil.h"
47 #include "netinet/ip_nat.h"
48 #include "netinet/ip_state.h"
49 #include "netinet/ip_proxy.h"
50 #include "ipf.h"
51 #include "kmem.h"
52
53 #if defined(sun) && !SOLARIS2
54 # define STRERROR(x) sys_errlist[x]
55 extern char *sys_errlist[];
56 #else
57 # define STRERROR(x) strerror(x)
58 #endif
59
60 #if !defined(lint)
61 static const char rcsid[] = "@(#)$Id: printnat.c,v 1.1.2.15 2003/03/22 15:31:49 darrenr Exp $";
62 #endif
63
64
65 #if SOLARIS
66 #define bzero(a,b) memset(a,0,b)
67 #endif
68 #ifdef USE_INET6
69 extern int use_inet6;
70 #endif
71
72 extern char thishost[MAXHOSTNAMELEN];
73
74 extern int countbits __P((u_32_t));
75
76 void printnat __P((ipnat_t *, int));
77 char *getnattype __P((ipnat_t *));
78 void printactivenat __P((nat_t *, int));
79 void printhostmap __P((hostmap_t *, u_int));
80 char *getsumd __P((u_32_t));
81
82 static void printaps __P((ap_session_t *, int));
83
84 static void printaps(aps, opts)
85 ap_session_t *aps;
86 int opts;
87 {
88 ipsec_pxy_t ipsec;
89 ap_session_t ap;
90 ftpinfo_t ftp;
91 aproxy_t apr;
92 raudio_t ra;
93
94 if (kmemcpy((char *)&ap, (long)aps, sizeof(ap)))
95 return;
96 if (kmemcpy((char *)&apr, (long)ap.aps_apr, sizeof(apr)))
97 return;
98 printf("\tproxy %s/%d use %d flags %x\n", apr.apr_label,
99 apr.apr_p, apr.apr_ref, apr.apr_flags);
100 printf("\t\tproto %d flags %#x bytes ", ap.aps_p, ap.aps_flags);
101 #ifdef USE_QUAD_T
102 printf("%qu pkts %qu", (unsigned long long)ap.aps_bytes,
103 (unsigned long long)ap.aps_pkts);
104 #else
105 printf("%lu pkts %lu", ap.aps_bytes, ap.aps_pkts);
106 #endif
107 printf(" data %s size %d\n", ap.aps_data ? "YES" : "NO", ap.aps_psiz);
108 if ((ap.aps_p == IPPROTO_TCP) && (opts & OPT_VERBOSE)) {
109 printf("\t\tstate[%u,%u], sel[%d,%d]\n",
110 ap.aps_state[0], ap.aps_state[1],
111 ap.aps_sel[0], ap.aps_sel[1]);
112 #if (defined(NetBSD) && (NetBSD >= 199905) && (NetBSD < 1991011)) || \
113 (__FreeBSD_version >= 300000) || defined(OpenBSD)
114 printf("\t\tseq: off %hd/%hd min %x/%x\n",
115 ap.aps_seqoff[0], ap.aps_seqoff[1],
116 ap.aps_seqmin[0], ap.aps_seqmin[1]);
117 printf("\t\tack: off %hd/%hd min %x/%x\n",
118 ap.aps_ackoff[0], ap.aps_ackoff[1],
119 ap.aps_ackmin[0], ap.aps_ackmin[1]);
120 #else
121 printf("\t\tseq: off %hd/%hd min %lx/%lx\n",
122 ap.aps_seqoff[0], ap.aps_seqoff[1],
123 ap.aps_seqmin[0], ap.aps_seqmin[1]);
124 printf("\t\tack: off %hd/%hd min %lx/%lx\n",
125 ap.aps_ackoff[0], ap.aps_ackoff[1],
126 ap.aps_ackmin[0], ap.aps_ackmin[1]);
127 #endif
128 }
129
130 if (!strcmp(apr.apr_label, "raudio") && ap.aps_psiz == sizeof(ra)) {
131 if (kmemcpy((char *)&ra, (long)ap.aps_data, sizeof(ra)))
132 return;
133 printf("\tReal Audio Proxy:\n");
134 printf("\t\tSeen PNA: %d\tVersion: %d\tEOS: %d\n",
135 ra.rap_seenpna, ra.rap_version, ra.rap_eos);
136 printf("\t\tMode: %#x\tSBF: %#x\n", ra.rap_mode, ra.rap_sbf);
137 printf("\t\tPorts:pl %hu, pr %hu, sr %hu\n",
138 ra.rap_plport, ra.rap_prport, ra.rap_srport);
139 } else if (!strcmp(apr.apr_label, "ftp") &&
140 (ap.aps_psiz == sizeof(ftp))) {
141 if (kmemcpy((char *)&ftp, (long)ap.aps_data, sizeof(ftp)))
142 return;
143 printf("\tFTP Proxy:\n");
144 printf("\t\tpassok: %d\n", ftp.ftp_passok);
145 ftp.ftp_side[0].ftps_buf[FTP_BUFSZ - 1] = '\0';
146 ftp.ftp_side[1].ftps_buf[FTP_BUFSZ - 1] = '\0';
147 printf("\tClient:\n");
148 printf("\t\tseq %08x%08x len %d junk %d cmds %d\n",
149 ftp.ftp_side[0].ftps_seq[1],
150 ftp.ftp_side[0].ftps_seq[0],
151 ftp.ftp_side[0].ftps_len,
152 ftp.ftp_side[0].ftps_junk, ftp.ftp_side[0].ftps_cmds);
153 printf("\t\tbuf [");
154 printbuf(ftp.ftp_side[0].ftps_buf, FTP_BUFSZ, 1);
155 printf("]\n\tServer:\n");
156 printf("\t\tseq %08x%08x len %d junk %d cmds %d\n",
157 ftp.ftp_side[1].ftps_seq[1],
158 ftp.ftp_side[1].ftps_seq[0],
159 ftp.ftp_side[1].ftps_len,
160 ftp.ftp_side[1].ftps_junk, ftp.ftp_side[1].ftps_cmds);
161 printf("\t\tbuf [");
162 printbuf(ftp.ftp_side[1].ftps_buf, FTP_BUFSZ, 1);
163 printf("]\n");
164 } else if (!strcmp(apr.apr_label, "ipsec") &&
165 (ap.aps_psiz == sizeof(ipsec))) {
166 if (kmemcpy((char *)&ipsec, (long)ap.aps_data, sizeof(ipsec)))
167 return;
168 printf("\tIPSec Proxy:\n");
169 printf("\t\tICookie %08x%08x RCookie %08x%08x %s\n",
170 (u_int)ntohl(ipsec.ipsc_icookie[0]),
171 (u_int)ntohl(ipsec.ipsc_icookie[1]),
172 (u_int)ntohl(ipsec.ipsc_rcookie[0]),
173 (u_int)ntohl(ipsec.ipsc_rcookie[1]),
174 ipsec.ipsc_rckset ? "(Set)" : "(Not set)");
175 }
176 }
177
178
179 /*
180 * Get a nat filter type given its kernel address.
181 */
182 char *getnattype(ipnat)
183 ipnat_t *ipnat;
184 {
185 static char unknownbuf[20];
186 ipnat_t ipnatbuff;
187 char *which;
188
189 if (!ipnat || (ipnat && kmemcpy((char *)&ipnatbuff, (long)ipnat,
190 sizeof(ipnatbuff))))
191 return "???";
192
193 switch (ipnatbuff.in_redir)
194 {
195 case NAT_MAP :
196 which = "MAP";
197 break;
198 case NAT_MAPBLK :
199 which = "MAP-BLOCK";
200 break;
201 case NAT_REDIRECT :
202 which = "RDR";
203 break;
204 case NAT_BIMAP :
205 which = "BIMAP";
206 break;
207 default :
208 sprintf(unknownbuf, "unknown(%04x)",
209 ipnatbuff.in_redir & 0xffffffff);
210 which = unknownbuf;
211 break;
212 }
213 return which;
214 }
215
216
217 void printactivenat(nat, opts)
218 nat_t *nat;
219 int opts;
220 {
221 u_int hv1, hv2;
222
223 printf("%s %-15s", getnattype(nat->nat_ptr), inet_ntoa(nat->nat_inip));
224
225 if ((nat->nat_flags & IPN_TCPUDP) != 0)
226 printf(" %-5hu", ntohs(nat->nat_inport));
227
228 printf(" <- -> %-15s",inet_ntoa(nat->nat_outip));
229
230 if ((nat->nat_flags & IPN_TCPUDP) != 0)
231 printf(" %-5hu", ntohs(nat->nat_outport));
232
233 printf(" [%s", inet_ntoa(nat->nat_oip));
234 if ((nat->nat_flags & IPN_TCPUDP) != 0)
235 printf(" %hu", ntohs(nat->nat_oport));
236 printf("]");
237
238 if (opts & OPT_VERBOSE) {
239 printf("\n\tage %lu use %hu sumd %s/",
240 nat->nat_age, nat->nat_use, getsumd(nat->nat_sumd[0]));
241 hv1 = NAT_HASH_FN(nat->nat_inip.s_addr, nat->nat_inport,
242 0xffffffff),
243 hv1 = NAT_HASH_FN(nat->nat_oip.s_addr, hv1 + nat->nat_oport,
244 NAT_TABLE_SZ),
245 hv2 = NAT_HASH_FN(nat->nat_outip.s_addr, nat->nat_outport,
246 0xffffffff),
247 hv2 = NAT_HASH_FN(nat->nat_oip.s_addr, hv2 + nat->nat_oport,
248 NAT_TABLE_SZ),
249 printf("%s pr %u bkt %d/%d flags %x drop %d/%d\n",
250 getsumd(nat->nat_sumd[1]), nat->nat_p,
251 hv1, hv2, nat->nat_flags,
252 nat->nat_drop[0], nat->nat_drop[1]);
253 printf("\tifp %s ", getifname(nat->nat_ifp));
254 #ifdef USE_QUAD_T
255 printf("bytes %qu pkts %qu",
256 (unsigned long long)nat->nat_bytes,
257 (unsigned long long)nat->nat_pkts);
258 #else
259 printf("bytes %lu pkts %lu", nat->nat_bytes, nat->nat_pkts);
260 #endif
261 #if SOLARIS
262 printf(" %lx", nat->nat_ipsumd);
263 #endif
264 }
265
266 putchar('\n');
267 if (nat->nat_aps)
268 printaps(nat->nat_aps, opts);
269 }
270
271
272 void printhostmap(hmp, hv)
273 hostmap_t *hmp;
274 u_int hv;
275 {
276 printf("%s -> ", inet_ntoa(hmp->hm_realip));
277 printf("%s ", inet_ntoa(hmp->hm_mapip));
278 printf("(use = %d hv = %u)\n", hmp->hm_ref, hv);
279 }
280
281
282 char *getsumd(sum)
283 u_32_t sum;
284 {
285 static char sumdbuf[17];
286
287 if (sum & NAT_HW_CKSUM)
288 sprintf(sumdbuf, "hw(%#0x)", sum & 0xffff);
289 else
290 sprintf(sumdbuf, "%#0x", sum);
291 return sumdbuf;
292 }
293
294
295 /*
296 * Print out a NAT rule
297 */
298 void printnat(np, opts)
299 ipnat_t *np;
300 int opts;
301 {
302 struct protoent *pr;
303 struct servent *sv;
304 int bits;
305
306 pr = getprotobynumber(np->in_p);
307
308 switch (np->in_redir)
309 {
310 case NAT_REDIRECT :
311 printf("rdr");
312 break;
313 case NAT_MAP :
314 printf("map");
315 break;
316 case NAT_MAPBLK :
317 printf("map-block");
318 break;
319 case NAT_BIMAP :
320 printf("bimap");
321 break;
322 default :
323 fprintf(stderr, "unknown value for in_redir: %#x\n",
324 np->in_redir);
325 break;
326 }
327
328 printf(" %s ", np->in_ifname);
329
330 if (np->in_flags & IPN_FILTER) {
331 if (np->in_flags & IPN_NOTSRC)
332 printf("! ");
333 printf("from ");
334 if (np->in_redir == NAT_REDIRECT) {
335 printhostmask(4, (u_32_t *)&np->in_srcip,
336 (u_32_t *)&np->in_srcmsk);
337 } else {
338 printhostmask(4, (u_32_t *)&np->in_inip,
339 (u_32_t *)&np->in_inmsk);
340 }
341 if (np->in_scmp)
342 printportcmp(np->in_p, &np->in_tuc.ftu_src);
343
344 if (np->in_flags & IPN_NOTDST)
345 printf(" !");
346 printf(" to ");
347 if (np->in_redir == NAT_REDIRECT) {
348 printhostmask(4, (u_32_t *)&np->in_outip,
349 (u_32_t *)&np->in_outmsk);
350 } else {
351 printhostmask(4, (u_32_t *)&np->in_srcip,
352 (u_32_t *)&np->in_srcmsk);
353 }
354 if (np->in_dcmp)
355 printportcmp(np->in_p, &np->in_tuc.ftu_dst);
356 }
357
358 if (np->in_redir == NAT_REDIRECT) {
359 if (!(np->in_flags & IPN_FILTER)) {
360 printf("%s", inet_ntoa(np->in_out[0]));
361 bits = countbits(np->in_out[1].s_addr);
362 if (bits != -1)
363 printf("/%d ", bits);
364 else
365 printf("/%s ", inet_ntoa(np->in_out[1]));
366 printf("port %d", ntohs(np->in_pmin));
367 if (np->in_pmax != np->in_pmin)
368 printf("- %d", ntohs(np->in_pmax));
369 }
370 printf(" -> %s", inet_ntoa(np->in_in[0]));
371 if (np->in_flags & IPN_SPLIT)
372 printf(",%s", inet_ntoa(np->in_in[1]));
373 printf(" port %d", ntohs(np->in_pnext));
374 if ((np->in_flags & IPN_TCPUDP) == IPN_TCPUDP)
375 printf(" tcp/udp");
376 else if ((np->in_flags & IPN_TCP) == IPN_TCP)
377 printf(" tcp");
378 else if ((np->in_flags & IPN_UDP) == IPN_UDP)
379 printf(" udp");
380 else if (np->in_p == 0)
381 printf(" ip");
382 else if (np->in_p != 0) {
383 if (pr != NULL)
384 printf(" %s", pr->p_name);
385 else
386 printf(" %d", np->in_p);
387 }
388 if (np->in_flags & IPN_ROUNDR)
389 printf(" round-robin");
390 if (np->in_flags & IPN_FRAG)
391 printf(" frag");
392 if (np->in_age[0])
393 printf(" age %d/%d", np->in_age[0], np->in_age[1]);
394 if (np->in_mssclamp)
395 printf(" mssclamp %u", np->in_mssclamp);
396 printf("\n");
397 if (opts & OPT_DEBUG)
398 printf("\tspc %lu flg %#x max %u use %d\n",
399 np->in_space, np->in_flags,
400 np->in_pmax, np->in_use);
401 } else {
402 if (!(np->in_flags & IPN_FILTER)) {
403 printf("%s/", inet_ntoa(np->in_in[0]));
404 bits = countbits(np->in_in[1].s_addr);
405 if (bits != -1)
406 printf("%d", bits);
407 else
408 printf("%s", inet_ntoa(np->in_in[1]));
409 }
410 printf(" -> ");
411 if (np->in_flags & IPN_IPRANGE) {
412 printf("range %s-", inet_ntoa(np->in_out[0]));
413 printf("%s", inet_ntoa(np->in_out[1]));
414 } else {
415 printf("%s/", inet_ntoa(np->in_out[0]));
416 bits = countbits(np->in_out[1].s_addr);
417 if (bits != -1)
418 printf("%d", bits);
419 else
420 printf("%s", inet_ntoa(np->in_out[1]));
421 }
422 if (*np->in_plabel) {
423 printf(" proxy port");
424 if (np->in_dcmp != 0)
425 np->in_dport = htons(np->in_dport);
426 if (np->in_dport != 0) {
427 if (pr != NULL)
428 sv = getservbyport(np->in_dport,
429 pr->p_name);
430 else
431 sv = getservbyport(np->in_dport, NULL);
432 if (sv != NULL)
433 printf(" %s", sv->s_name);
434 else
435 printf(" %hu", ntohs(np->in_dport));
436 }
437 printf(" %.*s/", (int)sizeof(np->in_plabel),
438 np->in_plabel);
439 if (pr != NULL)
440 fputs(pr->p_name, stdout);
441 else
442 printf("%d", np->in_p);
443 } else if (np->in_redir == NAT_MAPBLK) {
444 if ((np->in_pmin == 0) &&
445 (np->in_flags & IPN_AUTOPORTMAP))
446 printf(" ports auto");
447 else
448 printf(" ports %d", np->in_pmin);
449 if (opts & OPT_DEBUG)
450 printf("\n\tip modulous %d", np->in_pmax);
451 } else if (np->in_pmin || np->in_pmax) {
452 printf(" portmap");
453 if ((np->in_flags & IPN_TCPUDP) == IPN_TCPUDP)
454 printf(" tcp/udp");
455 else if (np->in_flags & IPN_TCP)
456 printf(" tcp");
457 else if (np->in_flags & IPN_UDP)
458 printf(" udp");
459 if (np->in_flags & IPN_AUTOPORTMAP) {
460 printf(" auto");
461 if (opts & OPT_DEBUG)
462 printf(" [%d:%d %d %d]",
463 ntohs(np->in_pmin),
464 ntohs(np->in_pmax),
465 np->in_ippip, np->in_ppip);
466 } else {
467 printf(" %d:%d", ntohs(np->in_pmin),
468 ntohs(np->in_pmax));
469 }
470 }
471 if (np->in_flags & IPN_FRAG)
472 printf(" frag");
473 if (np->in_age[0])
474 printf(" age %d/%d", np->in_age[0], np->in_age[1]);
475 printf("\n");
476 if (opts & OPT_DEBUG) {
477 struct in_addr nip;
478
479 nip.s_addr = htonl(np->in_nextip.s_addr);
480
481 printf("\tspace %lu nextip %s pnext %d", np->in_space,
482 inet_ntoa(nip), np->in_pnext);
483 printf(" flags %x use %u\n",
484 np->in_flags, np->in_use);
485 }
486 }
487 }
DragonFly BSD