printstate.c revision 145510
1145510Sdarrenr/* $NetBSD$ */ 2145510Sdarrenr 3145510Sdarrenr/* 4145510Sdarrenr * Copyright (C) 2002 by Darren Reed. 5145510Sdarrenr * 6145510Sdarrenr * See the IPFILTER.LICENCE file for details on licencing. 7145510Sdarrenr */ 8145510Sdarrenr 9145510Sdarrenr#include "ipf.h" 10145510Sdarrenr#include "kmem.h" 11145510Sdarrenr 12145510Sdarrenr#define PRINTF (void)printf 13145510Sdarrenr#define FPRINTF (void)fprintf 14145510Sdarrenr 15145510Sdarrenripstate_t *printstate(sp, opts, now) 16145510Sdarrenripstate_t *sp; 17145510Sdarrenrint opts; 18145510Sdarrenru_long now; 19145510Sdarrenr{ 20145510Sdarrenr ipstate_t ips; 21145510Sdarrenr synclist_t ipsync; 22145510Sdarrenr 23145510Sdarrenr if (kmemcpy((char *)&ips, (u_long)sp, sizeof(ips))) 24145510Sdarrenr return NULL; 25145510Sdarrenr 26145510Sdarrenr PRINTF("%s -> ", hostname(ips.is_v, &ips.is_src.in4)); 27145510Sdarrenr PRINTF("%s pass %#x pr %d state %d/%d bkt %d\n", 28145510Sdarrenr hostname(ips.is_v, &ips.is_dst.in4), ips.is_pass, ips.is_p, 29145510Sdarrenr ips.is_state[0], ips.is_state[1], ips.is_hv); 30145510Sdarrenr PRINTF("\ttag %u ttl %lu", ips.is_tag, ips.is_die - now); 31145510Sdarrenr 32145510Sdarrenr if (ips.is_p == IPPROTO_TCP) { 33145510Sdarrenr PRINTF("\n\t%hu -> %hu %x:%x %hu<<%d:%hu<<%d\n", 34145510Sdarrenr ntohs(ips.is_sport), ntohs(ips.is_dport), 35145510Sdarrenr ips.is_send, ips.is_dend, 36145510Sdarrenr ips.is_maxswin, ips.is_swinscale, 37145510Sdarrenr ips.is_maxdwin, ips.is_dwinscale); 38145510Sdarrenr PRINTF("\tcmsk %04x smsk %04x isc %p s0 %08x/%08x\n", 39145510Sdarrenr ips.is_smsk[0], ips.is_smsk[1], ips.is_isc, 40145510Sdarrenr ips.is_s0[0], ips.is_s0[1]); 41145510Sdarrenr PRINTF("\tFWD:ISN inc %x sumd %x\n", 42145510Sdarrenr ips.is_isninc[0], ips.is_sumd[0]); 43145510Sdarrenr PRINTF("\tREV:ISN inc %x sumd %x\n", 44145510Sdarrenr ips.is_isninc[1], ips.is_sumd[1]); 45145510Sdarrenr#ifdef IPFILTER_SCAN 46145510Sdarrenr PRINTF("\tsbuf[0] ["); 47145510Sdarrenr printsbuf(ips.is_sbuf[0]); 48145510Sdarrenr PRINTF("] sbuf[1] ["); 49145510Sdarrenr printsbuf(ips.is_sbuf[1]); 50145510Sdarrenr PRINTF("]\n"); 51145510Sdarrenr#endif 52145510Sdarrenr } else if (ips.is_p == IPPROTO_UDP) { 53145510Sdarrenr PRINTF(" %hu -> %hu\n", ntohs(ips.is_sport), 54145510Sdarrenr ntohs(ips.is_dport)); 55145510Sdarrenr } else if (ips.is_p == IPPROTO_GRE) { 56145510Sdarrenr PRINTF(" call %hx/%hx\n", ntohs(ips.is_gre.gs_call[0]), 57145510Sdarrenr ntohs(ips.is_gre.gs_call[1])); 58145510Sdarrenr } else if (ips.is_p == IPPROTO_ICMP 59145510Sdarrenr#ifdef USE_INET6 60145510Sdarrenr || ips.is_p == IPPROTO_ICMPV6 61145510Sdarrenr#endif 62145510Sdarrenr ) 63145510Sdarrenr PRINTF(" id %hu seq %hu type %d\n", ips.is_icmp.ici_id, 64145510Sdarrenr ips.is_icmp.ici_seq, ips.is_icmp.ici_type); 65145510Sdarrenr 66145510Sdarrenr#ifdef USE_QUAD_T 67145510Sdarrenr PRINTF("\tforward: pkts in %qd bytes in %qd pkts out %qd bytes out %qd\n\tbackward: pkts in %qd bytes in %qd pkts out %qd bytes out %qd\n", 68145510Sdarrenr ips.is_pkts[0], ips.is_bytes[0], 69145510Sdarrenr ips.is_pkts[1], ips.is_bytes[1], 70145510Sdarrenr ips.is_pkts[2], ips.is_bytes[2], 71145510Sdarrenr ips.is_pkts[3], ips.is_bytes[3]); 72145510Sdarrenr#else 73145510Sdarrenr PRINTF("\tforward: pkts in %ld bytes in %ld pkts out %ld bytes out %ld\n\tbackward: pkts in %ld bytes in %ld pkts out %ld bytes out %ld\n", 74145510Sdarrenr ips.is_pkts[0], ips.is_bytes[0], 75145510Sdarrenr ips.is_pkts[1], ips.is_bytes[1], 76145510Sdarrenr ips.is_pkts[2], ips.is_bytes[2], 77145510Sdarrenr ips.is_pkts[3], ips.is_bytes[3]); 78145510Sdarrenr#endif 79145510Sdarrenr 80145510Sdarrenr PRINTF("\t"); 81145510Sdarrenr 82145510Sdarrenr /* 83145510Sdarrenr * Print out bits set in the result code for the state being 84145510Sdarrenr * kept as they would for a rule. 85145510Sdarrenr */ 86145510Sdarrenr if (FR_ISPASS(ips.is_pass)) { 87145510Sdarrenr PRINTF("pass"); 88145510Sdarrenr } else if (FR_ISBLOCK(ips.is_pass)) { 89145510Sdarrenr PRINTF("block"); 90145510Sdarrenr switch (ips.is_pass & FR_RETMASK) 91145510Sdarrenr { 92145510Sdarrenr case FR_RETICMP : 93145510Sdarrenr PRINTF(" return-icmp"); 94145510Sdarrenr break; 95145510Sdarrenr case FR_FAKEICMP : 96145510Sdarrenr PRINTF(" return-icmp-as-dest"); 97145510Sdarrenr break; 98145510Sdarrenr case FR_RETRST : 99145510Sdarrenr PRINTF(" return-rst"); 100145510Sdarrenr break; 101145510Sdarrenr default : 102145510Sdarrenr break; 103145510Sdarrenr } 104145510Sdarrenr } else if ((ips.is_pass & FR_LOGMASK) == FR_LOG) { 105145510Sdarrenr PRINTF("log"); 106145510Sdarrenr if (ips.is_pass & FR_LOGBODY) 107145510Sdarrenr PRINTF(" body"); 108145510Sdarrenr if (ips.is_pass & FR_LOGFIRST) 109145510Sdarrenr PRINTF(" first"); 110145510Sdarrenr } else if (FR_ISACCOUNT(ips.is_pass)) { 111145510Sdarrenr PRINTF("count"); 112145510Sdarrenr } else if (FR_ISPREAUTH(ips.is_pass)) { 113145510Sdarrenr PRINTF("preauth"); 114145510Sdarrenr } else if (FR_ISAUTH(ips.is_pass)) 115145510Sdarrenr PRINTF("auth"); 116145510Sdarrenr 117145510Sdarrenr if (ips.is_pass & FR_OUTQUE) 118145510Sdarrenr PRINTF(" out"); 119145510Sdarrenr else 120145510Sdarrenr PRINTF(" in"); 121145510Sdarrenr 122145510Sdarrenr if ((ips.is_pass & FR_LOG) != 0) { 123145510Sdarrenr PRINTF(" log"); 124145510Sdarrenr if (ips.is_pass & FR_LOGBODY) 125145510Sdarrenr PRINTF(" body"); 126145510Sdarrenr if (ips.is_pass & FR_LOGFIRST) 127145510Sdarrenr PRINTF(" first"); 128145510Sdarrenr if (ips.is_pass & FR_LOGORBLOCK) 129145510Sdarrenr PRINTF(" or-block"); 130145510Sdarrenr } 131145510Sdarrenr if (ips.is_pass & FR_QUICK) 132145510Sdarrenr PRINTF(" quick"); 133145510Sdarrenr if (ips.is_pass & FR_KEEPFRAG) 134145510Sdarrenr PRINTF(" keep frags"); 135145510Sdarrenr /* a given; no? */ 136145510Sdarrenr if (ips.is_pass & FR_KEEPSTATE) { 137145510Sdarrenr PRINTF(" keep state"); 138145510Sdarrenr if (ips.is_pass & FR_STATESYNC) 139145510Sdarrenr PRINTF(" ( sync )"); 140145510Sdarrenr } 141145510Sdarrenr PRINTF("\tIPv%d", ips.is_v); 142145510Sdarrenr PRINTF("\n"); 143145510Sdarrenr 144145510Sdarrenr PRINTF("\tpkt_flags & %x(%x) = %x,\t", 145145510Sdarrenr ips.is_flags & 0xf, ips.is_flags, 146145510Sdarrenr ips.is_flags >> 4); 147145510Sdarrenr PRINTF("\tpkt_options & %x = %x\n", ips.is_optmsk, 148145510Sdarrenr ips.is_opt); 149145510Sdarrenr PRINTF("\tpkt_security & %x = %x, pkt_auth & %x = %x\n", 150145510Sdarrenr ips.is_secmsk, ips.is_sec, ips.is_authmsk, 151145510Sdarrenr ips.is_auth); 152145510Sdarrenr PRINTF("\tis_flx %#x %#x %#x %#x\n", ips.is_flx[0][0], ips.is_flx[0][1], 153145510Sdarrenr ips.is_flx[1][0], ips.is_flx[1][1]); 154145510Sdarrenr PRINTF("\tinterfaces: in %s[%s", getifname(ips.is_ifp[0]), 155145510Sdarrenr ips.is_ifname[0]); 156145510Sdarrenr if (opts & OPT_DEBUG) 157145510Sdarrenr PRINTF("/%p", ips.is_ifp[0]); 158145510Sdarrenr putchar(']'); 159145510Sdarrenr PRINTF(",%s[%s", getifname(ips.is_ifp[1]), ips.is_ifname[1]); 160145510Sdarrenr if (opts & OPT_DEBUG) 161145510Sdarrenr PRINTF("/%p", ips.is_ifp[1]); 162145510Sdarrenr putchar(']'); 163145510Sdarrenr PRINTF(" out %s[%s", getifname(ips.is_ifp[2]), ips.is_ifname[2]); 164145510Sdarrenr if (opts & OPT_DEBUG) 165145510Sdarrenr PRINTF("/%p", ips.is_ifp[2]); 166145510Sdarrenr putchar(']'); 167145510Sdarrenr PRINTF(",%s[%s", getifname(ips.is_ifp[3]), ips.is_ifname[3]); 168145510Sdarrenr if (opts & OPT_DEBUG) 169145510Sdarrenr PRINTF("/%p", ips.is_ifp[3]); 170145510Sdarrenr PRINTF("]\n"); 171145510Sdarrenr 172145510Sdarrenr if (ips.is_sync != NULL) { 173145510Sdarrenr 174145510Sdarrenr if (kmemcpy((char *)&ipsync, (u_long)ips.is_sync, sizeof(ipsync))) { 175145510Sdarrenr 176145510Sdarrenr PRINTF("\tSync status: status could not be retrieved\n"); 177145510Sdarrenr return NULL; 178145510Sdarrenr } 179145510Sdarrenr 180145510Sdarrenr PRINTF("\tSync status: idx %d num %d v %d pr %d rev %d\n", 181145510Sdarrenr ipsync.sl_idx, ipsync.sl_num, ipsync.sl_v, 182145510Sdarrenr ipsync.sl_p, ipsync.sl_rev); 183145510Sdarrenr 184145510Sdarrenr } else { 185145510Sdarrenr PRINTF("\tSync status: not synchronized\n"); 186145510Sdarrenr } 187145510Sdarrenr 188145510Sdarrenr return ips.is_next; 189145510Sdarrenr} 190