10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * Copyright (C) 2002 by Darren Reed. 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * See the IPFILTER.LICENCE file for details on licencing. 50Sstevel@tonic-gate */ 60Sstevel@tonic-gate 70Sstevel@tonic-gate #include "ipf.h" 80Sstevel@tonic-gate #include "kmem.h" 90Sstevel@tonic-gate 100Sstevel@tonic-gate #define PRINTF (void)printf 110Sstevel@tonic-gate #define FPRINTF (void)fprintf 120Sstevel@tonic-gate 13*2393Syz155240 ipstate_t *printstate(sp, opts, now) 140Sstevel@tonic-gate ipstate_t *sp; 150Sstevel@tonic-gate int opts; 16*2393Syz155240 u_long now; 170Sstevel@tonic-gate { 180Sstevel@tonic-gate ipstate_t ips; 19*2393Syz155240 #ifdef IPFILTER_SYNC 20*2393Syz155240 synclist_t ipsync; 21*2393Syz155240 #endif 220Sstevel@tonic-gate 230Sstevel@tonic-gate if (kmemcpy((char *)&ips, (u_long)sp, sizeof(ips))) 240Sstevel@tonic-gate return NULL; 250Sstevel@tonic-gate 260Sstevel@tonic-gate PRINTF("%s -> ", hostname(ips.is_v, &ips.is_src.in4)); 270Sstevel@tonic-gate PRINTF("%s pass %#x pr %d state %d/%d bkt %d\n", 280Sstevel@tonic-gate hostname(ips.is_v, &ips.is_dst.in4), ips.is_pass, ips.is_p, 290Sstevel@tonic-gate ips.is_state[0], ips.is_state[1], ips.is_hv); 30*2393Syz155240 PRINTF("\ttag %u ttl %lu", ips.is_tag, ips.is_die - now); 310Sstevel@tonic-gate 320Sstevel@tonic-gate if (ips.is_p == IPPROTO_TCP) { 330Sstevel@tonic-gate PRINTF("\n\t%hu -> %hu %x:%x %hu<<%d:%hu<<%d\n", 340Sstevel@tonic-gate ntohs(ips.is_sport), ntohs(ips.is_dport), 350Sstevel@tonic-gate ips.is_send, ips.is_dend, 360Sstevel@tonic-gate ips.is_maxswin, ips.is_swinscale, 370Sstevel@tonic-gate ips.is_maxdwin, ips.is_dwinscale); 380Sstevel@tonic-gate PRINTF("\tcmsk %04x smsk %04x isc %p s0 %08x/%08x\n", 390Sstevel@tonic-gate ips.is_smsk[0], ips.is_smsk[1], ips.is_isc, 400Sstevel@tonic-gate ips.is_s0[0], ips.is_s0[1]); 410Sstevel@tonic-gate PRINTF("\tFWD:ISN inc %x sumd %x\n", 420Sstevel@tonic-gate ips.is_isninc[0], ips.is_sumd[0]); 430Sstevel@tonic-gate PRINTF("\tREV:ISN inc %x sumd %x\n", 440Sstevel@tonic-gate ips.is_isninc[1], ips.is_sumd[1]); 450Sstevel@tonic-gate #ifdef IPFILTER_SCAN 460Sstevel@tonic-gate PRINTF("\tsbuf[0] ["); 470Sstevel@tonic-gate printsbuf(ips.is_sbuf[0]); 480Sstevel@tonic-gate PRINTF("] sbuf[1] ["); 490Sstevel@tonic-gate printsbuf(ips.is_sbuf[1]); 500Sstevel@tonic-gate PRINTF("]\n"); 510Sstevel@tonic-gate #endif 52*2393Syz155240 } else if (ips.is_p == IPPROTO_UDP) { 530Sstevel@tonic-gate PRINTF(" %hu -> %hu\n", ntohs(ips.is_sport), 540Sstevel@tonic-gate ntohs(ips.is_dport)); 55*2393Syz155240 } else if (ips.is_p == IPPROTO_GRE) { 56*2393Syz155240 PRINTF(" call %hx/%hx\n", ntohs(ips.is_gre.gs_call[0]), 57*2393Syz155240 ntohs(ips.is_gre.gs_call[1])); 58*2393Syz155240 } else if (ips.is_p == IPPROTO_ICMP 590Sstevel@tonic-gate #ifdef USE_INET6 600Sstevel@tonic-gate || ips.is_p == IPPROTO_ICMPV6 610Sstevel@tonic-gate #endif 620Sstevel@tonic-gate ) 630Sstevel@tonic-gate PRINTF(" id %hu seq %hu type %d\n", ntohs(ips.is_icmp.ici_id), 640Sstevel@tonic-gate ntohs(ips.is_icmp.ici_seq), ips.is_icmp.ici_type); 650Sstevel@tonic-gate 660Sstevel@tonic-gate #ifdef USE_QUAD_T 67*2393Syz155240 PRINTF("\tforward: pkts in %qd bytes in %qd pkts out %qd bytes out %qd\n\tbackward: pkts in %qd bytes in %qd pkts out %qd bytes out %qd\n", 680Sstevel@tonic-gate ips.is_pkts[0], ips.is_bytes[0], 690Sstevel@tonic-gate ips.is_pkts[1], ips.is_bytes[1], 700Sstevel@tonic-gate ips.is_pkts[2], ips.is_bytes[2], 710Sstevel@tonic-gate ips.is_pkts[3], ips.is_bytes[3]); 720Sstevel@tonic-gate #else 730Sstevel@tonic-gate PRINTF("\tforward: pkts in %ld bytes in %ld pkts out %ld bytes out %ld\n\tbackward: pkts in %ld bytes in %ld pkts out %ld bytes out %ld\n", 740Sstevel@tonic-gate ips.is_pkts[0], ips.is_bytes[0], 750Sstevel@tonic-gate ips.is_pkts[1], ips.is_bytes[1], 760Sstevel@tonic-gate ips.is_pkts[2], ips.is_bytes[2], 770Sstevel@tonic-gate ips.is_pkts[3], ips.is_bytes[3]); 780Sstevel@tonic-gate #endif 790Sstevel@tonic-gate 800Sstevel@tonic-gate PRINTF("\t"); 810Sstevel@tonic-gate 820Sstevel@tonic-gate /* 830Sstevel@tonic-gate * Print out bits set in the result code for the state being 840Sstevel@tonic-gate * kept as they would for a rule. 850Sstevel@tonic-gate */ 860Sstevel@tonic-gate if (FR_ISPASS(ips.is_pass)) { 870Sstevel@tonic-gate PRINTF("pass"); 880Sstevel@tonic-gate } else if (FR_ISBLOCK(ips.is_pass)) { 890Sstevel@tonic-gate PRINTF("block"); 900Sstevel@tonic-gate switch (ips.is_pass & FR_RETMASK) 910Sstevel@tonic-gate { 920Sstevel@tonic-gate case FR_RETICMP : 930Sstevel@tonic-gate PRINTF(" return-icmp"); 940Sstevel@tonic-gate break; 950Sstevel@tonic-gate case FR_FAKEICMP : 960Sstevel@tonic-gate PRINTF(" return-icmp-as-dest"); 970Sstevel@tonic-gate break; 980Sstevel@tonic-gate case FR_RETRST : 990Sstevel@tonic-gate PRINTF(" return-rst"); 1000Sstevel@tonic-gate break; 1010Sstevel@tonic-gate default : 1020Sstevel@tonic-gate break; 1030Sstevel@tonic-gate } 1040Sstevel@tonic-gate } else if ((ips.is_pass & FR_LOGMASK) == FR_LOG) { 1050Sstevel@tonic-gate PRINTF("log"); 1060Sstevel@tonic-gate if (ips.is_pass & FR_LOGBODY) 1070Sstevel@tonic-gate PRINTF(" body"); 1080Sstevel@tonic-gate if (ips.is_pass & FR_LOGFIRST) 1090Sstevel@tonic-gate PRINTF(" first"); 1100Sstevel@tonic-gate } else if (FR_ISACCOUNT(ips.is_pass)) { 1110Sstevel@tonic-gate PRINTF("count"); 1120Sstevel@tonic-gate } else if (FR_ISPREAUTH(ips.is_pass)) { 1130Sstevel@tonic-gate PRINTF("preauth"); 1140Sstevel@tonic-gate } else if (FR_ISAUTH(ips.is_pass)) 1150Sstevel@tonic-gate PRINTF("auth"); 1160Sstevel@tonic-gate 1170Sstevel@tonic-gate if (ips.is_pass & FR_OUTQUE) 1180Sstevel@tonic-gate PRINTF(" out"); 1190Sstevel@tonic-gate else 1200Sstevel@tonic-gate PRINTF(" in"); 1210Sstevel@tonic-gate 1220Sstevel@tonic-gate if ((ips.is_pass & FR_LOG) != 0) { 1230Sstevel@tonic-gate PRINTF(" log"); 1240Sstevel@tonic-gate if (ips.is_pass & FR_LOGBODY) 1250Sstevel@tonic-gate PRINTF(" body"); 1260Sstevel@tonic-gate if (ips.is_pass & FR_LOGFIRST) 1270Sstevel@tonic-gate PRINTF(" first"); 1280Sstevel@tonic-gate if (ips.is_pass & FR_LOGORBLOCK) 1290Sstevel@tonic-gate PRINTF(" or-block"); 1300Sstevel@tonic-gate } 1310Sstevel@tonic-gate if (ips.is_pass & FR_QUICK) 1320Sstevel@tonic-gate PRINTF(" quick"); 1330Sstevel@tonic-gate if (ips.is_pass & FR_KEEPFRAG) 1340Sstevel@tonic-gate PRINTF(" keep frags"); 1350Sstevel@tonic-gate /* a given; no? */ 136*2393Syz155240 if (ips.is_pass & FR_KEEPSTATE) { 1370Sstevel@tonic-gate PRINTF(" keep state"); 138*2393Syz155240 if (ips.is_pass & FR_STATESYNC) 139*2393Syz155240 PRINTF(" ( sync )"); 140*2393Syz155240 } 1410Sstevel@tonic-gate PRINTF("\tIPv%d", ips.is_v); 1420Sstevel@tonic-gate PRINTF("\n"); 1430Sstevel@tonic-gate 1440Sstevel@tonic-gate PRINTF("\tpkt_flags & %x(%x) = %x,\t", 1450Sstevel@tonic-gate ips.is_flags & 0xf, ips.is_flags, 1460Sstevel@tonic-gate ips.is_flags >> 4); 147*2393Syz155240 PRINTF("\tpkt_options & %x = %x, %x = %x \n", ips.is_optmsk[0], 148*2393Syz155240 ips.is_opt[0], ips.is_optmsk[1], ips.is_opt[1]); 1490Sstevel@tonic-gate PRINTF("\tpkt_security & %x = %x, pkt_auth & %x = %x\n", 1500Sstevel@tonic-gate ips.is_secmsk, ips.is_sec, ips.is_authmsk, 1510Sstevel@tonic-gate ips.is_auth); 1520Sstevel@tonic-gate PRINTF("\tis_flx %#x %#x %#x %#x\n", ips.is_flx[0][0], ips.is_flx[0][1], 1530Sstevel@tonic-gate ips.is_flx[1][0], ips.is_flx[1][1]); 1540Sstevel@tonic-gate PRINTF("\tinterfaces: in %s[%s", getifname(ips.is_ifp[0]), 1550Sstevel@tonic-gate ips.is_ifname[0]); 1560Sstevel@tonic-gate if (opts & OPT_DEBUG) 1570Sstevel@tonic-gate PRINTF("/%p", ips.is_ifp[0]); 1580Sstevel@tonic-gate putchar(']'); 1590Sstevel@tonic-gate PRINTF(",%s[%s", getifname(ips.is_ifp[1]), ips.is_ifname[1]); 1600Sstevel@tonic-gate if (opts & OPT_DEBUG) 1610Sstevel@tonic-gate PRINTF("/%p", ips.is_ifp[1]); 1620Sstevel@tonic-gate putchar(']'); 1630Sstevel@tonic-gate PRINTF(" out %s[%s", getifname(ips.is_ifp[2]), ips.is_ifname[2]); 1640Sstevel@tonic-gate if (opts & OPT_DEBUG) 1650Sstevel@tonic-gate PRINTF("/%p", ips.is_ifp[2]); 1660Sstevel@tonic-gate putchar(']'); 1670Sstevel@tonic-gate PRINTF(",%s[%s", getifname(ips.is_ifp[3]), ips.is_ifname[3]); 1680Sstevel@tonic-gate if (opts & OPT_DEBUG) 1690Sstevel@tonic-gate PRINTF("/%p", ips.is_ifp[3]); 1700Sstevel@tonic-gate PRINTF("]\n"); 1710Sstevel@tonic-gate 172*2393Syz155240 #ifdef IPFILTER_SYNC 173*2393Syz155240 if (ips.is_sync != NULL) { 174*2393Syz155240 175*2393Syz155240 if (kmemcpy((char *)&ipsync, (u_long)ips.is_sync, sizeof(ipsync))) { 176*2393Syz155240 177*2393Syz155240 PRINTF("\tSync status: status could not be retrieved\n"); 178*2393Syz155240 return NULL; 179*2393Syz155240 } 180*2393Syz155240 181*2393Syz155240 PRINTF("\tSync status: idx %d num %d v %d pr %d rev %d\n", 182*2393Syz155240 ipsync.sl_idx, ipsync.sl_num, ipsync.sl_v, 183*2393Syz155240 ipsync.sl_p, ipsync.sl_rev); 184*2393Syz155240 185*2393Syz155240 } else { 186*2393Syz155240 PRINTF("\tSync status: not synchronized\n"); 187*2393Syz155240 } 188*2393Syz155240 #endif 189*2393Syz155240 1900Sstevel@tonic-gate return ips.is_next; 1910Sstevel@tonic-gate } 192