1*0Sstevel@tonic-gate /* 2*0Sstevel@tonic-gate * Copyright (C) 2002 by Darren Reed. 3*0Sstevel@tonic-gate * 4*0Sstevel@tonic-gate * See the IPFILTER.LICENCE file for details on licencing. 5*0Sstevel@tonic-gate */ 6*0Sstevel@tonic-gate 7*0Sstevel@tonic-gate #include "ipf.h" 8*0Sstevel@tonic-gate #include "kmem.h" 9*0Sstevel@tonic-gate 10*0Sstevel@tonic-gate #define PRINTF (void)printf 11*0Sstevel@tonic-gate #define FPRINTF (void)fprintf 12*0Sstevel@tonic-gate 13*0Sstevel@tonic-gate ipstate_t *printstate(sp, opts) 14*0Sstevel@tonic-gate ipstate_t *sp; 15*0Sstevel@tonic-gate int opts; 16*0Sstevel@tonic-gate { 17*0Sstevel@tonic-gate ipstate_t ips; 18*0Sstevel@tonic-gate 19*0Sstevel@tonic-gate if (kmemcpy((char *)&ips, (u_long)sp, sizeof(ips))) 20*0Sstevel@tonic-gate return NULL; 21*0Sstevel@tonic-gate 22*0Sstevel@tonic-gate PRINTF("%s -> ", hostname(ips.is_v, &ips.is_src.in4)); 23*0Sstevel@tonic-gate PRINTF("%s pass %#x pr %d state %d/%d bkt %d\n", 24*0Sstevel@tonic-gate hostname(ips.is_v, &ips.is_dst.in4), ips.is_pass, ips.is_p, 25*0Sstevel@tonic-gate ips.is_state[0], ips.is_state[1], ips.is_hv); 26*0Sstevel@tonic-gate PRINTF("\ttag %u age %lu/%lu", ips.is_tag, ips.is_die, ips.is_touched); 27*0Sstevel@tonic-gate 28*0Sstevel@tonic-gate if (ips.is_p == IPPROTO_TCP) { 29*0Sstevel@tonic-gate PRINTF("\n\t%hu -> %hu %x:%x %hu<<%d:%hu<<%d\n", 30*0Sstevel@tonic-gate ntohs(ips.is_sport), ntohs(ips.is_dport), 31*0Sstevel@tonic-gate ips.is_send, ips.is_dend, 32*0Sstevel@tonic-gate ips.is_maxswin, ips.is_swinscale, 33*0Sstevel@tonic-gate ips.is_maxdwin, ips.is_dwinscale); 34*0Sstevel@tonic-gate PRINTF("\tcmsk %04x smsk %04x isc %p s0 %08x/%08x\n", 35*0Sstevel@tonic-gate ips.is_smsk[0], ips.is_smsk[1], ips.is_isc, 36*0Sstevel@tonic-gate ips.is_s0[0], ips.is_s0[1]); 37*0Sstevel@tonic-gate PRINTF("\tFWD:ISN inc %x sumd %x\n", 38*0Sstevel@tonic-gate ips.is_isninc[0], ips.is_sumd[0]); 39*0Sstevel@tonic-gate PRINTF("\tREV:ISN inc %x sumd %x\n", 40*0Sstevel@tonic-gate ips.is_isninc[1], ips.is_sumd[1]); 41*0Sstevel@tonic-gate #ifdef IPFILTER_SCAN 42*0Sstevel@tonic-gate PRINTF("\tsbuf[0] ["); 43*0Sstevel@tonic-gate printsbuf(ips.is_sbuf[0]); 44*0Sstevel@tonic-gate PRINTF("] sbuf[1] ["); 45*0Sstevel@tonic-gate printsbuf(ips.is_sbuf[1]); 46*0Sstevel@tonic-gate PRINTF("]\n"); 47*0Sstevel@tonic-gate #endif 48*0Sstevel@tonic-gate } else if (ips.is_p == IPPROTO_UDP) 49*0Sstevel@tonic-gate PRINTF(" %hu -> %hu\n", ntohs(ips.is_sport), 50*0Sstevel@tonic-gate ntohs(ips.is_dport)); 51*0Sstevel@tonic-gate else if (ips.is_p == IPPROTO_ICMP 52*0Sstevel@tonic-gate #ifdef USE_INET6 53*0Sstevel@tonic-gate || ips.is_p == IPPROTO_ICMPV6 54*0Sstevel@tonic-gate #endif 55*0Sstevel@tonic-gate ) 56*0Sstevel@tonic-gate PRINTF(" id %hu seq %hu type %d\n", ntohs(ips.is_icmp.ici_id), 57*0Sstevel@tonic-gate ntohs(ips.is_icmp.ici_seq), ips.is_icmp.ici_type); 58*0Sstevel@tonic-gate 59*0Sstevel@tonic-gate #ifdef USE_QUAD_T 60*0Sstevel@tonic-gate PRINTF("\tforward: pkts in %qd bytes in %qd pkts out %qd bytes out %qd\n\tbackward: pkts in %qd bytes in %qd pkts out %qd bytes out %qd", 61*0Sstevel@tonic-gate ips.is_pkts[0], ips.is_bytes[0], 62*0Sstevel@tonic-gate ips.is_pkts[1], ips.is_bytes[1], 63*0Sstevel@tonic-gate ips.is_pkts[2], ips.is_bytes[2], 64*0Sstevel@tonic-gate ips.is_pkts[3], ips.is_bytes[3]); 65*0Sstevel@tonic-gate #else 66*0Sstevel@tonic-gate PRINTF("\tforward: pkts in %ld bytes in %ld pkts out %ld bytes out %ld\n\tbackward: pkts in %ld bytes in %ld pkts out %ld bytes out %ld\n", 67*0Sstevel@tonic-gate ips.is_pkts[0], ips.is_bytes[0], 68*0Sstevel@tonic-gate ips.is_pkts[1], ips.is_bytes[1], 69*0Sstevel@tonic-gate ips.is_pkts[2], ips.is_bytes[2], 70*0Sstevel@tonic-gate ips.is_pkts[3], ips.is_bytes[3]); 71*0Sstevel@tonic-gate #endif 72*0Sstevel@tonic-gate 73*0Sstevel@tonic-gate PRINTF("\t"); 74*0Sstevel@tonic-gate 75*0Sstevel@tonic-gate /* 76*0Sstevel@tonic-gate * Print out bits set in the result code for the state being 77*0Sstevel@tonic-gate * kept as they would for a rule. 78*0Sstevel@tonic-gate */ 79*0Sstevel@tonic-gate if (FR_ISPASS(ips.is_pass)) { 80*0Sstevel@tonic-gate PRINTF("pass"); 81*0Sstevel@tonic-gate } else if (FR_ISBLOCK(ips.is_pass)) { 82*0Sstevel@tonic-gate PRINTF("block"); 83*0Sstevel@tonic-gate switch (ips.is_pass & FR_RETMASK) 84*0Sstevel@tonic-gate { 85*0Sstevel@tonic-gate case FR_RETICMP : 86*0Sstevel@tonic-gate PRINTF(" return-icmp"); 87*0Sstevel@tonic-gate break; 88*0Sstevel@tonic-gate case FR_FAKEICMP : 89*0Sstevel@tonic-gate PRINTF(" return-icmp-as-dest"); 90*0Sstevel@tonic-gate break; 91*0Sstevel@tonic-gate case FR_RETRST : 92*0Sstevel@tonic-gate PRINTF(" return-rst"); 93*0Sstevel@tonic-gate break; 94*0Sstevel@tonic-gate default : 95*0Sstevel@tonic-gate break; 96*0Sstevel@tonic-gate } 97*0Sstevel@tonic-gate } else if ((ips.is_pass & FR_LOGMASK) == FR_LOG) { 98*0Sstevel@tonic-gate PRINTF("log"); 99*0Sstevel@tonic-gate if (ips.is_pass & FR_LOGBODY) 100*0Sstevel@tonic-gate PRINTF(" body"); 101*0Sstevel@tonic-gate if (ips.is_pass & FR_LOGFIRST) 102*0Sstevel@tonic-gate PRINTF(" first"); 103*0Sstevel@tonic-gate } else if (FR_ISACCOUNT(ips.is_pass)) { 104*0Sstevel@tonic-gate PRINTF("count"); 105*0Sstevel@tonic-gate } else if (FR_ISPREAUTH(ips.is_pass)) { 106*0Sstevel@tonic-gate PRINTF("preauth"); 107*0Sstevel@tonic-gate } else if (FR_ISAUTH(ips.is_pass)) 108*0Sstevel@tonic-gate PRINTF("auth"); 109*0Sstevel@tonic-gate 110*0Sstevel@tonic-gate if (ips.is_pass & FR_OUTQUE) 111*0Sstevel@tonic-gate PRINTF(" out"); 112*0Sstevel@tonic-gate else 113*0Sstevel@tonic-gate PRINTF(" in"); 114*0Sstevel@tonic-gate 115*0Sstevel@tonic-gate if ((ips.is_pass & FR_LOG) != 0) { 116*0Sstevel@tonic-gate PRINTF(" log"); 117*0Sstevel@tonic-gate if (ips.is_pass & FR_LOGBODY) 118*0Sstevel@tonic-gate PRINTF(" body"); 119*0Sstevel@tonic-gate if (ips.is_pass & FR_LOGFIRST) 120*0Sstevel@tonic-gate PRINTF(" first"); 121*0Sstevel@tonic-gate if (ips.is_pass & FR_LOGORBLOCK) 122*0Sstevel@tonic-gate PRINTF(" or-block"); 123*0Sstevel@tonic-gate } 124*0Sstevel@tonic-gate if (ips.is_pass & FR_QUICK) 125*0Sstevel@tonic-gate PRINTF(" quick"); 126*0Sstevel@tonic-gate if (ips.is_pass & FR_KEEPFRAG) 127*0Sstevel@tonic-gate PRINTF(" keep frags"); 128*0Sstevel@tonic-gate /* a given; no? */ 129*0Sstevel@tonic-gate if (ips.is_pass & FR_KEEPSTATE) 130*0Sstevel@tonic-gate PRINTF(" keep state"); 131*0Sstevel@tonic-gate PRINTF("\tIPv%d", ips.is_v); 132*0Sstevel@tonic-gate PRINTF("\n"); 133*0Sstevel@tonic-gate 134*0Sstevel@tonic-gate PRINTF("\tpkt_flags & %x(%x) = %x,\t", 135*0Sstevel@tonic-gate ips.is_flags & 0xf, ips.is_flags, 136*0Sstevel@tonic-gate ips.is_flags >> 4); 137*0Sstevel@tonic-gate PRINTF("\tpkt_options & %x = %x\n", ips.is_optmsk, 138*0Sstevel@tonic-gate ips.is_opt); 139*0Sstevel@tonic-gate PRINTF("\tpkt_security & %x = %x, pkt_auth & %x = %x\n", 140*0Sstevel@tonic-gate ips.is_secmsk, ips.is_sec, ips.is_authmsk, 141*0Sstevel@tonic-gate ips.is_auth); 142*0Sstevel@tonic-gate PRINTF("\tis_flx %#x %#x %#x %#x\n", ips.is_flx[0][0], ips.is_flx[0][1], 143*0Sstevel@tonic-gate ips.is_flx[1][0], ips.is_flx[1][1]); 144*0Sstevel@tonic-gate PRINTF("\tinterfaces: in %s[%s", getifname(ips.is_ifp[0]), 145*0Sstevel@tonic-gate ips.is_ifname[0]); 146*0Sstevel@tonic-gate if (opts & OPT_DEBUG) 147*0Sstevel@tonic-gate PRINTF("/%p", ips.is_ifp[0]); 148*0Sstevel@tonic-gate putchar(']'); 149*0Sstevel@tonic-gate PRINTF(",%s[%s", getifname(ips.is_ifp[1]), ips.is_ifname[1]); 150*0Sstevel@tonic-gate if (opts & OPT_DEBUG) 151*0Sstevel@tonic-gate PRINTF("/%p", ips.is_ifp[1]); 152*0Sstevel@tonic-gate putchar(']'); 153*0Sstevel@tonic-gate PRINTF(" out %s[%s", getifname(ips.is_ifp[2]), ips.is_ifname[2]); 154*0Sstevel@tonic-gate if (opts & OPT_DEBUG) 155*0Sstevel@tonic-gate PRINTF("/%p", ips.is_ifp[2]); 156*0Sstevel@tonic-gate putchar(']'); 157*0Sstevel@tonic-gate PRINTF(",%s[%s", getifname(ips.is_ifp[3]), ips.is_ifname[3]); 158*0Sstevel@tonic-gate if (opts & OPT_DEBUG) 159*0Sstevel@tonic-gate PRINTF("/%p", ips.is_ifp[3]); 160*0Sstevel@tonic-gate PRINTF("]\n"); 161*0Sstevel@tonic-gate 162*0Sstevel@tonic-gate return ips.is_next; 163*0Sstevel@tonic-gate } 164