search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Sync usage with man page.
[netbsd-mini2440.git] / dist / ipf / lib / printfr.c
blob216b74ad47b3dfb1e2d2a6ab21f312a454aeb4b5
1 /* $NetBSD$ */
2
3 /*
4 * Copyright (C) 2000-2006 by Darren Reed.
5 *
6 * See the IPFILTER.LICENCE file for details on licencing.
7 *
8 * Id: printfr.c,v 1.43.2.20 2008/03/07 21:40:12 darrenr Exp
9 */
10
11 #include "ipf.h"
12
13 static void printaddr(int, int, char *, u_32_t *, u_32_t *);
14
15 static void printaddr(v, type, ifname, addr, mask)
16 int v, type;
17 char *ifname;
18 u_32_t *addr, *mask;
19 {
20 char *suffix;
21
22 switch (type)
23 {
24 case FRI_BROADCAST :
25 suffix = "bcast";
26 break;
27
28 case FRI_DYNAMIC :
29 printf("%s", ifname);
30 printmask(mask);
31 suffix = NULL;
32 break;
33
34 case FRI_NETWORK :
35 suffix = "net";
36 break;
37
38 case FRI_NETMASKED :
39 suffix = "netmasked";
40 break;
41
42 case FRI_PEERADDR :
43 suffix = "peer";
44 break;
45
46 case FRI_LOOKUP :
47 suffix = NULL;
48 printlookup((i6addr_t *)addr, (i6addr_t *)mask);
49 break;
50
51 case FRI_NORMAL :
52 printhostmask(v, addr, mask);
53 suffix = NULL;
54 break;
55 default :
56 printf("<%d>", type);
57 printmask(mask);
58 suffix = NULL;
59 break;
60 }
61
62 if (suffix != NULL) {
63 printf("%s/%s", ifname, suffix);
64 }
65 }
66
67
68 void printlookup(addr, mask)
69 i6addr_t *addr, *mask;
70 {
71 switch (addr->iplookuptype)
72 {
73 case IPLT_POOL :
74 printf("pool/");
75 break;
76 case IPLT_HASH :
77 printf("hash/");
78 break;
79 default :
80 printf("lookup(%x)=", addr->iplookuptype);
81 break;
82 }
83
84 printf("%u", addr->iplookupnum);
85 if (mask->iplookupptr == NULL)
86 printf("(!)");
87 }
88
89
90 /*
91 * print the filter structure in a useful way
92 */
93 void printfr(fp, iocfunc)
94 struct frentry *fp;
95 ioctlfunc_t iocfunc;
96 {
97 struct protoent *p;
98 u_short sec[2];
99 u_32_t type;
100 u_char *t;
101 char *s;
102 int pr;
103
104 pr = -2;
105 type = fp->fr_type & ~FR_T_BUILTIN;
106
107 if ((fp->fr_type & FR_T_BUILTIN) != 0)
108 printf("# Builtin: ");
109
110 if (fp->fr_collect != 0)
111 printf("%u ", fp->fr_collect);
112
113 if (fp->fr_type == FR_T_CALLFUNC) {
114 ;
115 } else if (fp->fr_func != NULL) {
116 printf("call");
117 if ((fp->fr_flags & FR_CALLNOW) != 0)
118 printf(" now");
119 s = kvatoname(fp->fr_func, iocfunc);
120 printf(" %s/%u", s ? s : "?", fp->fr_arg);
121 } else if (FR_ISPASS(fp->fr_flags))
122 printf("pass");
123 else if (FR_ISBLOCK(fp->fr_flags)) {
124 printf("block");
125 } else if ((fp->fr_flags & FR_LOGMASK) == FR_LOG) {
126 printlog(fp);
127 } else if (FR_ISACCOUNT(fp->fr_flags))
128 printf("count");
129 else if (FR_ISAUTH(fp->fr_flags))
130 printf("auth");
131 else if (FR_ISPREAUTH(fp->fr_flags))
132 printf("preauth");
133 else if (FR_ISNOMATCH(fp->fr_flags))
134 printf("nomatch");
135 else if (FR_ISSKIP(fp->fr_flags))
136 printf("skip %u", fp->fr_arg);
137 else {
138 printf("%x", fp->fr_flags);
139 }
140 if (fp->fr_flags & FR_RETICMP) {
141 if ((fp->fr_flags & FR_RETMASK) == FR_FAKEICMP)
142 printf(" return-icmp-as-dest");
143 else if ((fp->fr_flags & FR_RETMASK) == FR_RETICMP)
144 printf(" return-icmp");
145 if (fp->fr_icode) {
146 if (fp->fr_icode <= MAX_ICMPCODE)
147 printf("(%s)",
148 icmpcodes[(int)fp->fr_icode]);
149 else
150 printf("(%d)", fp->fr_icode);
151 }
152 } else if ((fp->fr_flags & FR_RETMASK) == FR_RETRST)
153 printf(" return-rst");
154
155 if (fp->fr_flags & FR_OUTQUE)
156 printf(" out ");
157 else
158 printf(" in ");
159
160 if (((fp->fr_flags & FR_LOGB) == FR_LOGB) ||
161 ((fp->fr_flags & FR_LOGP) == FR_LOGP)) {
162 printlog(fp);
163 putchar(' ');
164 }
165
166 if (fp->fr_flags & FR_QUICK)
167 printf("quick ");
168
169 if (*fp->fr_ifname) {
170 printifname("on ", fp->fr_ifname, fp->fr_ifa);
171 if (*fp->fr_ifnames[1] && strcmp(fp->fr_ifnames[1], "*"))
172 printifname(",", fp->fr_ifnames[1], fp->fr_ifas[1]);
173 putchar(' ');
174 }
175
176 if (*fp->fr_dif.fd_ifname && (fp->fr_flags & FR_DUP))
177 print_toif("dup-to", &fp->fr_dif);
178 if (*fp->fr_tif.fd_ifname)
179 print_toif("to", &fp->fr_tif);
180 if (*fp->fr_rif.fd_ifname)
181 print_toif("reply-to", &fp->fr_rif);
182 if (fp->fr_flags & FR_FASTROUTE)
183 printf("fastroute ");
184
185 if ((*fp->fr_ifnames[2] && strcmp(fp->fr_ifnames[2], "*")) ||
186 (*fp->fr_ifnames[3] && strcmp(fp->fr_ifnames[3], "*"))) {
187 if (fp->fr_flags & FR_OUTQUE)
188 printf("in-via ");
189 else
190 printf("out-via ");
191
192 if (*fp->fr_ifnames[2]) {
193 printifname("", fp->fr_ifnames[2],
194 fp->fr_ifas[2]);
195 if (*fp->fr_ifnames[3]) {
196 printifname(",", fp->fr_ifnames[3],
197 fp->fr_ifas[3]);
198 }
199 putchar(' ');
200 }
201 }
202
203 if (type == FR_T_IPF) {
204 if (fp->fr_mip.fi_tos)
205 printf("tos %#x ", fp->fr_tos);
206 if (fp->fr_mip.fi_ttl)
207 printf("ttl %d ", fp->fr_ttl);
208 if (fp->fr_flx & FI_TCPUDP) {
209 printf("proto tcp/udp ");
210 pr = -1;
211 } else if (fp->fr_mip.fi_p) {
212 pr = fp->fr_ip.fi_p;
213 p = getprotobynumber(pr);
214 printf("proto ");
215 printproto(p, pr, NULL);
216 putchar(' ');
217 }
218 }
219
220 if (type == FR_T_NONE) {
221 printf("all");
222 } else if (type == FR_T_IPF) {
223 printf("from %s", fp->fr_flags & FR_NOTSRCIP ? "!" : "");
224 printaddr(fp->fr_v, fp->fr_satype, fp->fr_ifname,
225 &fp->fr_src.s_addr, &fp->fr_smsk.s_addr);
226 if (fp->fr_scmp)
227 printportcmp(pr, &fp->fr_tuc.ftu_src);
228
229 printf(" to %s", fp->fr_flags & FR_NOTDSTIP ? "!" : "");
230 printaddr(fp->fr_v, fp->fr_datype, fp->fr_ifname,
231 &fp->fr_dst.s_addr, &fp->fr_dmsk.s_addr);
232 if (fp->fr_dcmp)
233 printportcmp(pr, &fp->fr_tuc.ftu_dst);
234
235 if (fp->fr_proto == IPPROTO_ICMP && fp->fr_icmpm) {
236 int type = fp->fr_icmp, code;
237
238 type = ntohs(fp->fr_icmp);
239 code = type & 0xff;
240 type /= 256;
241 if (type < (sizeof(icmptypes) / sizeof(char *) - 1) &&
242 icmptypes[type])
243 printf(" icmp-type %s", icmptypes[type]);
244 else
245 printf(" icmp-type %d", type);
246 if (ntohs(fp->fr_icmpm) & 0xff)
247 printf(" code %d", code);
248 }
249 if ((fp->fr_proto == IPPROTO_TCP) &&
250 (fp->fr_tcpf || fp->fr_tcpfm)) {
251 printf(" flags ");
252 if (fp->fr_tcpf & ~TCPF_ALL)
253 printf("0x%x", fp->fr_tcpf);
254 else
255 for (s = flagset, t = flags; *s; s++, t++)
256 if (fp->fr_tcpf & *t)
257 (void)putchar(*s);
258 if (fp->fr_tcpfm) {
259 (void)putchar('/');
260 if (fp->fr_tcpfm & ~TCPF_ALL)
261 printf("0x%x", fp->fr_tcpfm);
262 else
263 for (s = flagset, t = flags; *s;
264 s++, t++)
265 if (fp->fr_tcpfm & *t)
266 (void)putchar(*s);
267 }
268 }
269 } else if (type == FR_T_BPFOPC) {
270 fakebpf_t *fb;
271 int i;
272
273 printf("bpf-v%d { \"", fp->fr_v);
274 i = fp->fr_dsize / sizeof(*fb);
275
276 for (fb = fp->fr_data, s = ""; i; i--, fb++, s = " ")
277 printf("%s%#x %#x %#x %#x", s, fb->fb_c, fb->fb_t,
278 fb->fb_f, fb->fb_k);
279
280 printf("\" }");
281 } else if (type == FR_T_COMPIPF) {
282 ;
283 } else if (type == FR_T_CALLFUNC) {
284 printf("call function at %p", fp->fr_data);
285 } else {
286 printf("[unknown filter type %#x]", fp->fr_type);
287 }
288
289 if ((type == FR_T_IPF) &&
290 ((fp->fr_flx & FI_WITH) || (fp->fr_mflx & FI_WITH) ||
291 fp->fr_optbits || fp->fr_optmask ||
292 fp->fr_secbits || fp->fr_secmask)) {
293 char *comma = " ";
294
295 printf(" with");
296 if (fp->fr_optbits || fp->fr_optmask ||
297 fp->fr_secbits || fp->fr_secmask) {
298 sec[0] = fp->fr_secmask;
299 sec[1] = fp->fr_secbits;
300 if (fp->fr_v == 4)
301 optprint(sec, fp->fr_optmask, fp->fr_optbits);
302 #ifdef USE_INET6
303 else
304 optprintv6(sec, fp->fr_optmask,
305 fp->fr_optbits);
306 #endif
307 } else if (fp->fr_mflx & FI_OPTIONS) {
308 fputs(comma, stdout);
309 if (!(fp->fr_flx & FI_OPTIONS))
310 printf("not ");
311 printf("ipopts");
312 comma = ",";
313 }
314 if (fp->fr_mflx & FI_SHORT) {
315 fputs(comma, stdout);
316 if (!(fp->fr_flx & FI_SHORT))
317 printf("not ");
318 printf("short");
319 comma = ",";
320 }
321 if (fp->fr_mflx & FI_FRAG) {
322 fputs(comma, stdout);
323 if (!(fp->fr_flx & FI_FRAG))
324 printf("not ");
325 printf("frag");
326 comma = ",";
327 }
328 if (fp->fr_mflx & FI_FRAGBODY) {
329 fputs(comma, stdout);
330 if (!(fp->fr_flx & FI_FRAGBODY))
331 printf("not ");
332 printf("frag-body");
333 comma = ",";
334 }
335 if (fp->fr_mflx & FI_NATED) {
336 fputs(comma, stdout);
337 if (!(fp->fr_flx & FI_NATED))
338 printf("not ");
339 printf("nat");
340 comma = ",";
341 }
342 if (fp->fr_mflx & FI_LOWTTL) {
343 fputs(comma, stdout);
344 if (!(fp->fr_flx & FI_LOWTTL))
345 printf("not ");
346 printf("lowttl");
347 comma = ",";
348 }
349 if (fp->fr_mflx & FI_BAD) {
350 fputs(comma, stdout);
351 if (!(fp->fr_flx & FI_BAD))
352 printf("not ");
353 printf("bad");
354 comma = ",";
355 }
356 if (fp->fr_mflx & FI_BADSRC) {
357 fputs(comma, stdout);
358 if (!(fp->fr_flx & FI_BADSRC))
359 printf("not ");
360 printf("bad-src");
361 comma = ",";
362 }
363 if (fp->fr_mflx & FI_BADNAT) {
364 fputs(comma, stdout);
365 if (!(fp->fr_flx & FI_BADNAT))
366 printf("not ");
367 printf("bad-nat");
368 comma = ",";
369 }
370 if (fp->fr_mflx & FI_OOW) {
371 fputs(comma, stdout);
372 if (!(fp->fr_flx & FI_OOW))
373 printf("not ");
374 printf("oow");
375 comma = ",";
376 }
377 if (fp->fr_mflx & FI_MBCAST) {
378 fputs(comma, stdout);
379 if (!(fp->fr_flx & FI_MBCAST))
380 printf("not ");
381 printf("mbcast");
382 comma = ",";
383 }
384 if (fp->fr_mflx & FI_BROADCAST) {
385 fputs(comma, stdout);
386 if (!(fp->fr_flx & FI_BROADCAST))
387 printf("not ");
388 printf("bcast");
389 comma = ",";
390 }
391 if (fp->fr_mflx & FI_MULTICAST) {
392 fputs(comma, stdout);
393 if (!(fp->fr_flx & FI_MULTICAST))
394 printf("not ");
395 printf("mcast");
396 comma = ",";
397 }
398 if (fp->fr_mflx & FI_STATE) {
399 fputs(comma, stdout);
400 if (!(fp->fr_flx & FI_STATE))
401 printf("not ");
402 printf("state");
403 comma = ",";
404 }
405 }
406
407 if (fp->fr_flags & FR_KEEPSTATE) {
408 printf(" keep state");
409 if ((fp->fr_flags & (FR_STSTRICT|FR_NEWISN|FR_NOICMPERR|FR_STATESYNC)) ||
410 (fp->fr_statemax != 0) || (fp->fr_age[0] != 0)) {
411 char *comma = "";
412 printf(" (");
413 if (fp->fr_statemax != 0) {
414 printf("limit %u", fp->fr_statemax);
415 comma = ",";
416 }
417 if (fp->fr_flags & FR_STSTRICT) {
418 printf("%sstrict", comma);
419 comma = ",";
420 }
421 if (fp->fr_flags & FR_NEWISN) {
422 printf("%snewisn", comma);
423 comma = ",";
424 }
425 if (fp->fr_flags & FR_NOICMPERR) {
426 printf("%sno-icmp-err", comma);
427 comma = ",";
428 }
429 if (fp->fr_flags & FR_STATESYNC) {
430 printf("%ssync", comma);
431 comma = ",";
432 }
433 if (fp->fr_age[0] || fp->fr_age[1])
434 printf("%sage %d/%d", comma, fp->fr_age[0],
435 fp->fr_age[1]);
436 printf(")");
437 }
438 }
439 if (fp->fr_flags & FR_KEEPFRAG) {
440 printf(" keep frags");
441 if (fp->fr_flags & (FR_FRSTRICT)) {
442 printf(" (");
443 if (fp->fr_flags & FR_FRSTRICT)
444 printf("strict");
445 printf(")");
446
447 }
448 }
449 if (fp->fr_isc != (struct ipscan *)-1) {
450 if (fp->fr_isctag[0])
451 printf(" scan %s", fp->fr_isctag);
452 else
453 printf(" scan *");
454 }
455 if (*fp->fr_grhead != '\0')
456 printf(" head %s", fp->fr_grhead);
457 if (*fp->fr_group != '\0')
458 printf(" group %s", fp->fr_group);
459 if (fp->fr_logtag != FR_NOLOGTAG || *fp->fr_nattag.ipt_tag) {
460 char *s = "";
461
462 printf(" set-tag(");
463 if (fp->fr_logtag != FR_NOLOGTAG) {
464 printf("log=%u", fp->fr_logtag);
465 s = ", ";
466 }
467 if (*fp->fr_nattag.ipt_tag) {
468 printf("%snat=%-.*s", s, IPFTAG_LEN,
469 fp->fr_nattag.ipt_tag);
470 }
471 printf(")");
472 }
473
474 if (fp->fr_pps)
475 printf(" pps %d", fp->fr_pps);
476
477 if ((fp->fr_flags & FR_KEEPSTATE) && (opts & OPT_VERBOSE)) {
478 printf(" # count %d", fp->fr_statecnt);
479 }
480 (void)putchar('\n');
481 }
NetBSD on the FriendlyARM MINI2440