dist/ipf/lib/printnat.c

   1 /*      $NetBSD$        */
   2
   3 /*
   4  * Copyright (C) 2002-2005 by Darren Reed.
   5  *
   6  * See the IPFILTER.LICENCE file for details on licencing.
   7  *
   8  * Added redirect stuff and a variety of bug fixes. (mcn@EnGarde.com)
   9  */
  10
  11 #include "ipf.h"
  12 #include "kmem.h"
  13
  14
  15 #if !defined(lint)
  16 static const char rcsid[] = "@(#)Id: printnat.c,v 1.22.2.15 2008/07/24 09:30:35 darrenr Exp";
  17 #endif
  18
  19 /*
  20  * Print out a NAT rule
  21  */
  22 void printnat(np, opts)
  23 ipnat_t *np;
  24 int opts;
  25 {
  26         struct  protoent        *pr;
  27         int     bits;
  28
  29         pr = getprotobynumber(np->in_p);
  30
  31         switch (np->in_redir)
  32         {
  33         case NAT_REDIRECT :
  34                 printf("rdr");
  35                 break;
  36         case NAT_MAP :
  37                 printf("map");
  38                 break;
  39         case NAT_MAPBLK :
  40                 printf("map-block");
  41                 break;
  42         case NAT_BIMAP :
  43                 printf("bimap");
  44                 break;
  45         default :
  46                 fprintf(stderr, "unknown value for in_redir: %#x\n",
  47                         np->in_redir);
  48                 break;
  49         }
  50
  51         if (!strcmp(np->in_ifnames[0], "-"))
  52                 printf(" \"%s\"", np->in_ifnames[0]);
  53         else
  54                 printf(" %s", np->in_ifnames[0]);
  55         if ((np->in_ifnames[1][0] != '\0') &&
  56             (strncmp(np->in_ifnames[0], np->in_ifnames[1], LIFNAMSIZ) != 0)) {
  57                 if (!strcmp(np->in_ifnames[1], "-"))
  58                         printf(",\"%s\"", np->in_ifnames[1]);
  59                 else
  60                         printf(",%s", np->in_ifnames[1]);
  61         }
  62         putchar(' ');
  63
  64         if (np->in_flags & IPN_FILTER) {
  65                 if (np->in_flags & IPN_NOTSRC)
  66                         printf("! ");
  67                 printf("from ");
  68                 if (np->in_redir == NAT_REDIRECT) {
  69                         printhostmask(4, (u_32_t *)&np->in_srcip,
  70                                       (u_32_t *)&np->in_srcmsk);
  71                 } else {
  72                         printhostmask(4, (u_32_t *)&np->in_inip,
  73                                       (u_32_t *)&np->in_inmsk);
  74                 }
  75                 if (np->in_scmp)
  76                         printportcmp(np->in_p, &np->in_tuc.ftu_src);
  77
  78                 if (np->in_flags & IPN_NOTDST)
  79                         printf(" !");
  80                 printf(" to ");
  81                 if (np->in_redir == NAT_REDIRECT) {
  82                         printhostmask(4, (u_32_t *)&np->in_outip,
  83                                       (u_32_t *)&np->in_outmsk);
  84                 } else {
  85                         printhostmask(4, (u_32_t *)&np->in_srcip,
  86                                       (u_32_t *)&np->in_srcmsk);
  87                 }
  88                 if (np->in_dcmp)
  89                         printportcmp(np->in_p, &np->in_tuc.ftu_dst);
  90         }
  91
  92         if (np->in_redir == NAT_REDIRECT) {
  93                 if (!(np->in_flags & IPN_FILTER)) {
  94                         printf("%s", inet_ntoa(np->in_out[0].in4));
  95                         bits = count4bits(np->in_outmsk);
  96                         if (bits != -1)
  97                                 printf("/%d", bits);
  98                         else
  99                                 printf("/%s", inet_ntoa(np->in_out[1].in4));
 100                         if (np->in_flags & IPN_TCPUDP) {
 101                                 printf(" port %d", ntohs(np->in_pmin));
 102                                 if (np->in_pmax != np->in_pmin)
 103                                         printf("-%d", ntohs(np->in_pmax));
 104                         }
 105                 }
 106                 printf(" -> %s", inet_ntoa(np->in_in[0].in4));
 107                 if (np->in_flags & IPN_SPLIT)
 108                         printf(",%s", inet_ntoa(np->in_in[1].in4));
 109                 else if (np->in_inmsk == 0 && np->in_inip == 0)
 110                         printf("/0");
 111                 if (np->in_flags & IPN_TCPUDP) {
 112                         if ((np->in_flags & IPN_FIXEDDPORT) != 0)
 113                                 printf(" port = %d", ntohs(np->in_pnext));
 114                         else
 115                                 printf(" port %d", ntohs(np->in_pnext));
 116                 }
 117                 putchar(' ');
 118                 printproto(pr, np->in_p, np);
 119                 if (np->in_flags & IPN_ROUNDR)
 120                         printf(" round-robin");
 121                 if (np->in_flags & IPN_FRAG)
 122                         printf(" frag");
 123                 if (np->in_age[0] != 0 || np->in_age[1] != 0) {
 124                         printf(" age %d/%d", np->in_age[0], np->in_age[1]);
 125                 }
 126                 if (np->in_flags & IPN_STICKY)
 127                         printf(" sticky");
 128                 if (np->in_mssclamp != 0)
 129                         printf(" mssclamp %d", np->in_mssclamp);
 130                 if (*np->in_plabel != '\0')
 131                         printf(" proxy %.*s", (int)sizeof(np->in_plabel),
 132                                 np->in_plabel);
 133                 if (np->in_tag.ipt_tag[0] != '\0')
 134                         printf(" tag %-.*s", IPFTAG_LEN, np->in_tag.ipt_tag);
 135                 printf("\n");
 136                 if (opts & OPT_DEBUG)
 137                         printf("\tpmax %u\n", np->in_pmax);
 138         } else {
 139                 int protoprinted = 0;
 140
 141                 if (!(np->in_flags & IPN_FILTER)) {
 142                         printf("%s/", inet_ntoa(np->in_in[0].in4));
 143                         bits = count4bits(np->in_inmsk);
 144                         if (bits != -1)
 145                                 printf("%d", bits);
 146                         else
 147                                 printf("%s", inet_ntoa(np->in_in[1].in4));
 148                 }
 149                 printf(" -> ");
 150                 if (np->in_flags & IPN_IPRANGE) {
 151                         printf("range %s-", inet_ntoa(np->in_out[0].in4));
 152                         printf("%s", inet_ntoa(np->in_out[1].in4));
 153                 } else {
 154                         printf("%s/", inet_ntoa(np->in_out[0].in4));
 155                         bits = count4bits(np->in_outmsk);
 156                         if (bits != -1)
 157                                 printf("%d", bits);
 158                         else
 159                                 printf("%s", inet_ntoa(np->in_out[1].in4));
 160                 }
 161                 if (*np->in_plabel != '\0') {
 162                         printf(" proxy port ");
 163                         if (np->in_dcmp != 0)
 164                                 np->in_dport = htons(np->in_dport);
 165                         if (np->in_dport != 0) {
 166                                 char *s;
 167
 168                                 s = portname(np->in_p, ntohs(np->in_dport));
 169                                 if (s != NULL)
 170                                         fputs(s, stdout);
 171                                 else
 172                                         fputs("???", stdout);
 173                         }
 174                         printf(" %.*s/", (int)sizeof(np->in_plabel),
 175                                 np->in_plabel);
 176                         printproto(pr, np->in_p, NULL);
 177                         protoprinted = 1;
 178                 } else if (np->in_redir == NAT_MAPBLK) {
 179                         if ((np->in_pmin == 0) &&
 180                             (np->in_flags & IPN_AUTOPORTMAP))
 181                                 printf(" ports auto");
 182                         else
 183                                 printf(" ports %d", np->in_pmin);
 184                         if (opts & OPT_DEBUG)
 185                                 printf("\n\tip modulous %d", np->in_pmax);
 186                 } else if (np->in_pmin || np->in_pmax) {
 187                         if (np->in_flags & IPN_ICMPQUERY) {
 188                                 printf(" icmpidmap ");
 189                         } else {
 190                                 printf(" portmap ");
 191                         }
 192                         printproto(pr, np->in_p, np);
 193                         protoprinted = 1;
 194                         if (np->in_flags & IPN_AUTOPORTMAP) {
 195                                 printf(" auto");
 196                                 if (opts & OPT_DEBUG)
 197                                         printf(" [%d:%d %d %d]",
 198                                                ntohs(np->in_pmin),
 199                                                ntohs(np->in_pmax),
 200                                                np->in_ippip, np->in_ppip);
 201                         } else {
 202                                 printf(" %d:%d", ntohs(np->in_pmin),
 203                                        ntohs(np->in_pmax));
 204                         }
 205                 }
 206
 207                 if (np->in_flags & IPN_FRAG)
 208                         printf(" frag");
 209                 if (np->in_age[0] != 0 || np->in_age[1] != 0) {
 210                         printf(" age %d/%d", np->in_age[0], np->in_age[1]);
 211                 }
 212                 if (np->in_mssclamp != 0)
 213                         printf(" mssclamp %d", np->in_mssclamp);
 214                 if (np->in_tag.ipt_tag[0] != '\0')
 215                         printf(" tag %s", np->in_tag.ipt_tag);
 216                 if (!protoprinted && (np->in_flags & IPN_TCPUDP || np->in_p)) {
 217                         putchar(' ');
 218                         printproto(pr, np->in_p, np);
 219                 }
 220                 if (np->in_flags & IPN_SEQUENTIAL)
 221                         printf(" sequential");
 222                 printf("\n");
 223                 if (opts & OPT_DEBUG) {
 224                         struct in_addr nip;
 225
 226                         nip.s_addr = htonl(np->in_nextip.s_addr);
 227
 228                         printf("\tnextip %s pnext %d\n",
 229                                inet_ntoa(nip), np->in_pnext);
 230                 }
 231         }
 232
 233         if (opts & OPT_DEBUG) {
 234                 printf("\tspace %lu use %u hits %lu flags %#x proto %d hv %d\n",
 235                         np->in_space, np->in_use, np->in_hits,
 236                         np->in_flags, np->in_p, np->in_hv);
 237                 printf("\tifp[0] %p ifp[1] %p apr %p\n",
 238                         np->in_ifps[0], np->in_ifps[1], np->in_apr);
 239                 printf("\ttqehead %p/%p comment %p\n",
 240                         np->in_tqehead[0], np->in_tqehead[1], np->in_comment);
 241         }
 242 }