search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Expand PMF_FN_* macros.
[netbsd-mini2440.git] / dist / ipf / tools / ipmon.c
blobc460897667bb6527f0d8d5e09a3b0bd95b73c54c
1 /* $NetBSD$ */
2
3 /*
4 * Copyright (C) 2001-2006 by Darren Reed.
5 *
6 * See the IPFILTER.LICENCE file for details on licencing.
7 */
8 #ifndef SOLARIS
9 #define SOLARIS (defined(__SVR4) || defined(__svr4__)) && defined(sun)
10 #endif
11
12 #include <sys/types.h>
13 #include <sys/stat.h>
14 #include <sys/param.h>
15 #include <sys/file.h>
16 #include <sys/time.h>
17 #define _KERNEL
18 #include <sys/uio.h>
19 #undef _KERNEL
20 #include <sys/socket.h>
21 #include <sys/ioctl.h>
22
23 #include <stdio.h>
24 #include <unistd.h>
25 #include <string.h>
26 #include <fcntl.h>
27 #include <errno.h>
28 #include <time.h>
29 #if !defined(__SVR4) && !defined(__svr4__)
30 # if (__FreeBSD_version >= 300000)
31 # include <sys/dirent.h>
32 # else
33 # include <sys/dir.h>
34 # endif
35 #else
36 # include <sys/filio.h>
37 # include <sys/byteorder.h>
38 #endif
39 #if !defined(__hpux) && (!defined(__SVR4) && !defined(__GNUC__))
40 # include <strings.h>
41 #endif
42 #include <signal.h>
43 #include <stdlib.h>
44 #include <stddef.h>
45 #include <netinet/in.h>
46 #include <netinet/in_systm.h>
47 #include <net/if.h>
48 #include <netinet/ip.h>
49 #if !defined(__hpux) && !defined(linux)
50 # include <netinet/tcp_fsm.h>
51 #endif
52 #include <netdb.h>
53 #include <arpa/inet.h>
54 #include <arpa/nameser.h>
55 #ifdef __hpux
56 # undef NOERROR
57 #endif
58 #include <resolv.h>
59
60 #if !defined(linux)
61 # include <sys/protosw.h>
62 # include <netinet/ip_var.h>
63 #endif
64
65 #include <netinet/tcp.h>
66 #include <netinet/ip_icmp.h>
67
68 #include <ctype.h>
69 #include <syslog.h>
70
71 #include "netinet/ip_compat.h"
72 #include <netinet/tcpip.h>
73 #include "netinet/ip_fil.h"
74 #include "netinet/ip_nat.h"
75 #include "netinet/ip_state.h"
76 #include "netinet/ip_proxy.h"
77 #include "ipmon.h"
78
79 #if !defined(lint)
80 static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed";
81 static const char rcsid[] = "@(#)Id: ipmon.c,v 1.33.2.24 2009/07/21 22:32:53 darrenr Exp";
82 #endif
83
84
85 #if defined(sun) && !defined(SOLARIS2)
86 #define STRERROR(x) sys_errlist[x]
87 extern char *sys_errlist[];
88 #else
89 #define STRERROR(x) strerror(x)
90 #endif
91
92
93 struct flags {
94 int value;
95 char flag;
96 };
97
98
99 typedef struct icmp_subtype {
100 int ist_val;
101 char *ist_name;
102 } icmp_subtype_t;
103
104 typedef struct icmp_type {
105 int it_val;
106 struct icmp_subtype *it_subtable;
107 size_t it_stsize;
108 char *it_name;
109 } icmp_type_t;
110
111
112 #define IST_SZ(x) (sizeof(x)/sizeof(icmp_subtype_t))
113
114
115 struct flags tcpfl[] = {
116 { TH_ACK, 'A' },
117 { TH_RST, 'R' },
118 { TH_SYN, 'S' },
119 { TH_FIN, 'F' },
120 { TH_URG, 'U' },
121 { TH_PUSH,'P' },
122 { TH_ECN, 'E' },
123 { TH_CWR, 'C' },
124 { 0, '\0' }
125 };
126
127 #ifdef MENTAT
128 static char *pidfile = "/etc/opt/ipf/ipmon.pid";
129 #else
130 # if BSD >= 199306
131 static char *pidfile = "/var/run/ipmon.pid";
132 # else
133 static char *pidfile = "/etc/ipmon.pid";
134 # endif
135 #endif
136
137 static char line[2048];
138 static int opts = 0;
139 static char *logfile = NULL;
140 static FILE *binarylog = NULL;
141 static char *binarylogfile = NULL;
142 static int donehup = 0;
143 static void usage __P((char *));
144 static void handlehup __P((int));
145 static void flushlogs __P((char *, FILE *));
146 static void print_log __P((int, FILE *, char *, int));
147 static void print_ipflog __P((FILE *, char *, int));
148 static void print_natlog __P((FILE *, char *, int));
149 static void print_statelog __P((FILE *, char *, int));
150 static int read_log __P((int, int *, char *, int));
151 static void write_pid __P((char *));
152 static char *icmpname __P((u_int, u_int));
153 static char *icmpname6 __P((u_int, u_int));
154 static icmp_type_t *find_icmptype __P((int, icmp_type_t *, size_t));
155 static icmp_subtype_t *find_icmpsubtype __P((int, icmp_subtype_t *, size_t));
156 #ifdef __hpux
157 static struct tm *get_tm __P((u_32_t));
158 #else
159 static struct tm *get_tm __P((time_t));
160 #endif
161
162 char *hostname __P((int, int, u_32_t *));
163 char *portname __P((int, char *, u_int));
164 int main __P((int, char *[]));
165
166 static void logopts __P((int, char *));
167 static void init_tabs __P((void));
168 static char *getproto __P((u_int));
169
170 static char **protocols = NULL;
171 static char **udp_ports = NULL;
172 static char **tcp_ports = NULL;
173 static char *conf_file = NULL;
174
175
176 #define OPT_SYSLOG 0x001
177 #define OPT_RESOLVE 0x002
178 #define OPT_HEXBODY 0x004
179 #define OPT_VERBOSE 0x008
180 #define OPT_HEXHDR 0x010
181 #define OPT_TAIL 0x020
182 #define OPT_NAT 0x080
183 #define OPT_STATE 0x100
184 #define OPT_FILTER 0x200
185 #define OPT_PORTNUM 0x400
186 #define OPT_LOGALL (OPT_NAT|OPT_STATE|OPT_FILTER)
187 #define OPT_LOGBODY 0x800
188
189 #define HOSTNAME_V4(a,b) hostname((a), 4, (u_32_t *)&(b))
190
191 #ifndef LOGFAC
192 #define LOGFAC LOG_LOCAL0
193 #endif
194 int logfac = LOGFAC;
195
196
197 static icmp_subtype_t icmpunreachnames[] = {
198 { ICMP_UNREACH_NET, "net" },
199 { ICMP_UNREACH_HOST, "host" },
200 { ICMP_UNREACH_PROTOCOL, "protocol" },
201 { ICMP_UNREACH_PORT, "port" },
202 { ICMP_UNREACH_NEEDFRAG, "needfrag" },
203 { ICMP_UNREACH_SRCFAIL, "srcfail" },
204 { ICMP_UNREACH_NET_UNKNOWN, "net_unknown" },
205 { ICMP_UNREACH_HOST_UNKNOWN, "host_unknown" },
206 { ICMP_UNREACH_NET, "isolated" },
207 { ICMP_UNREACH_NET_PROHIB, "net_prohib" },
208 { ICMP_UNREACH_NET_PROHIB, "host_prohib" },
209 { ICMP_UNREACH_TOSNET, "tosnet" },
210 { ICMP_UNREACH_TOSHOST, "toshost" },
211 { ICMP_UNREACH_ADMIN_PROHIBIT, "admin_prohibit" },
212 { -2, NULL }
213 };
214
215 static icmp_subtype_t redirectnames[] = {
216 { ICMP_REDIRECT_NET, "net" },
217 { ICMP_REDIRECT_HOST, "host" },
218 { ICMP_REDIRECT_TOSNET, "tosnet" },
219 { ICMP_REDIRECT_TOSHOST, "toshost" },
220 { -2, NULL }
221 };
222
223 static icmp_subtype_t timxceednames[] = {
224 { ICMP_TIMXCEED_INTRANS, "transit" },
225 { ICMP_TIMXCEED_REASS, "reassem" },
226 { -2, NULL }
227 };
228
229 static icmp_subtype_t paramnames[] = {
230 { ICMP_PARAMPROB_ERRATPTR, "errata_pointer" },
231 { ICMP_PARAMPROB_OPTABSENT, "optmissing" },
232 { ICMP_PARAMPROB_LENGTH, "length" },
233 { -2, NULL }
234 };
235
236 static icmp_type_t icmptypes[] = {
237 { ICMP_ECHOREPLY, NULL, 0, "echoreply" },
238 { -1, NULL, 0, NULL },
239 { -1, NULL, 0, NULL },
240 { ICMP_UNREACH, icmpunreachnames,
241 IST_SZ(icmpunreachnames),"unreach" },
242 { ICMP_SOURCEQUENCH, NULL, 0, "sourcequench" },
243 { ICMP_REDIRECT, redirectnames,
244 IST_SZ(redirectnames), "redirect" },
245 { -1, NULL, 0, NULL },
246 { -1, NULL, 0, NULL },
247 { ICMP_ECHO, NULL, 0, "echo" },
248 { ICMP_ROUTERADVERT, NULL, 0, "routeradvert" },
249 { ICMP_ROUTERSOLICIT, NULL, 0, "routersolicit" },
250 { ICMP_TIMXCEED, timxceednames,
251 IST_SZ(timxceednames), "timxceed" },
252 { ICMP_PARAMPROB, paramnames,
253 IST_SZ(paramnames), "paramprob" },
254 { ICMP_TSTAMP, NULL, 0, "timestamp" },
255 { ICMP_TSTAMPREPLY, NULL, 0, "timestampreply" },
256 { ICMP_IREQ, NULL, 0, "inforeq" },
257 { ICMP_IREQREPLY, NULL, 0, "inforeply" },
258 { ICMP_MASKREQ, NULL, 0, "maskreq" },
259 { ICMP_MASKREPLY, NULL, 0, "maskreply" },
260 { -2, NULL, 0, NULL }
261 };
262
263 static icmp_subtype_t icmpredirect6[] = {
264 { ICMP6_DST_UNREACH_NOROUTE, "noroute" },
265 { ICMP6_DST_UNREACH_ADMIN, "admin" },
266 { ICMP6_DST_UNREACH_NOTNEIGHBOR, "neighbour" },
267 { ICMP6_DST_UNREACH_ADDR, "address" },
268 { ICMP6_DST_UNREACH_NOPORT, "noport" },
269 { -2, NULL }
270 };
271
272 static icmp_subtype_t icmptimexceed6[] = {
273 { ICMP6_TIME_EXCEED_TRANSIT, "intransit" },
274 { ICMP6_TIME_EXCEED_REASSEMBLY, "reassem" },
275 { -2, NULL }
276 };
277
278 static icmp_subtype_t icmpparamprob6[] = {
279 { ICMP6_PARAMPROB_HEADER, "header" },
280 { ICMP6_PARAMPROB_NEXTHEADER, "nextheader" },
281 { ICMP6_PARAMPROB_OPTION, "option" },
282 { -2, NULL }
283 };
284
285 static icmp_subtype_t icmpquerysubject6[] = {
286 { ICMP6_NI_SUBJ_IPV6, "ipv6" },
287 { ICMP6_NI_SUBJ_FQDN, "fqdn" },
288 { ICMP6_NI_SUBJ_IPV4, "ipv4" },
289 { -2, NULL },
290 };
291
292 static icmp_subtype_t icmpnodeinfo6[] = {
293 { ICMP6_NI_SUCCESS, "success" },
294 { ICMP6_NI_REFUSED, "refused" },
295 { ICMP6_NI_UNKNOWN, "unknown" },
296 { -2, NULL }
297 };
298
299 static icmp_subtype_t icmprenumber6[] = {
300 { ICMP6_ROUTER_RENUMBERING_COMMAND, "command" },
301 { ICMP6_ROUTER_RENUMBERING_RESULT, "result" },
302 { ICMP6_ROUTER_RENUMBERING_SEQNUM_RESET, "seqnum_reset" },
303 { -2, NULL }
304 };
305
306 static icmp_type_t icmptypes6[] = {
307 { 0, NULL, 0, NULL },
308 { ICMP6_DST_UNREACH, icmpredirect6,
309 IST_SZ(icmpredirect6), "unreach" },
310 { ICMP6_PACKET_TOO_BIG, NULL, 0, "toobig" },
311 { ICMP6_TIME_EXCEEDED, icmptimexceed6,
312 IST_SZ(icmptimexceed6), "timxceed" },
313 { ICMP6_PARAM_PROB, icmpparamprob6,
314 IST_SZ(icmpparamprob6), "paramprob" },
315 { ICMP6_ECHO_REQUEST, NULL, 0, "echo" },
316 { ICMP6_ECHO_REPLY, NULL, 0, "echoreply" },
317 { ICMP6_MEMBERSHIP_QUERY, icmpquerysubject6,
318 IST_SZ(icmpquerysubject6), "groupmemberquery" },
319 { ICMP6_MEMBERSHIP_REPORT,NULL, 0, "groupmemberreport" },
320 { ICMP6_MEMBERSHIP_REDUCTION,NULL, 0, "groupmemberterm" },
321 { ND_ROUTER_SOLICIT, NULL, 0, "routersolicit" },
322 { ND_ROUTER_ADVERT, NULL, 0, "routeradvert" },
323 { ND_NEIGHBOR_SOLICIT, NULL, 0, "neighborsolicit" },
324 { ND_NEIGHBOR_ADVERT, NULL, 0, "neighboradvert" },
325 { ND_REDIRECT, NULL, 0, "redirect" },
326 { ICMP6_ROUTER_RENUMBERING, icmprenumber6,
327 IST_SZ(icmprenumber6), "routerrenumber" },
328 { ICMP6_WRUREQUEST, NULL, 0, "whoareyourequest" },
329 { ICMP6_WRUREPLY, NULL, 0, "whoareyoureply" },
330 { ICMP6_FQDN_QUERY, NULL, 0, "fqdnquery" },
331 { ICMP6_FQDN_REPLY, NULL, 0, "fqdnreply" },
332 { ICMP6_NI_QUERY, icmpnodeinfo6,
333 IST_SZ(icmpnodeinfo6), "nodeinforequest" },
334 { ICMP6_NI_REPLY, NULL, 0, "nodeinforeply" },
335 { MLD6_MTRACE_RESP, NULL, 0, "mtraceresponse" },
336 { MLD6_MTRACE, NULL, 0, "mtracerequest" },
337 { -2, NULL, 0, NULL }
338 };
339
340 static icmp_subtype_t *find_icmpsubtype(type, table, tablesz)
341 int type;
342 icmp_subtype_t *table;
343 size_t tablesz;
344 {
345 icmp_subtype_t *ist;
346 int i;
347
348 if (tablesz < 2)
349 return NULL;
350
351 if ((type < 0) || (type > table[tablesz - 2].ist_val))
352 return NULL;
353
354 i = type;
355 if (table[type].ist_val == type)
356 return table + type;
357
358 for (i = 0, ist = table; ist->ist_val != -2; i++, ist++)
359 if (ist->ist_val == type)
360 return ist;
361 return NULL;
362 }
363
364
365 static icmp_type_t *find_icmptype(type, table, tablesz)
366 int type;
367 icmp_type_t *table;
368 size_t tablesz;
369 {
370 icmp_type_t *it;
371 int i;
372
373 if (tablesz < 2)
374 return NULL;
375
376 if ((type < 0) || (type > table[tablesz - 2].it_val))
377 return NULL;
378
379 i = type;
380 if (table[type].it_val == type)
381 return table + type;
382
383 for (i = 0, it = table; it->it_val != -2; i++, it++)
384 if (it->it_val == type)
385 return it;
386 return NULL;
387 }
388
389
390 static void handlehup(sig)
391 int sig;
392 {
393 signal(SIGHUP, handlehup);
394 donehup = 1;
395 }
396
397
398 static void init_tabs()
399 {
400 struct protoent *p;
401 struct servent *s;
402 char *name, **tab;
403 int port, i;
404
405 if (protocols != NULL) {
406 for (i = 0; i < 256; i++)
407 if (protocols[i] != NULL) {
408 free(protocols[i]);
409 protocols[i] = NULL;
410 }
411 free(protocols);
412 protocols = NULL;
413 }
414 protocols = (char **)malloc(256 * sizeof(*protocols));
415 if (protocols != NULL) {
416 bzero((char *)protocols, 256 * sizeof(*protocols));
417
418 setprotoent(1);
419 while ((p = getprotoent()) != NULL)
420 if (p->p_proto >= 0 && p->p_proto <= 255 &&
421 p->p_name != NULL && protocols[p->p_proto] == NULL)
422 protocols[p->p_proto] = strdup(p->p_name);
423 endprotoent();
424 if (protocols[0])
425 free(protocols[0]);
426 protocols[0] = strdup("ip");
427 #if defined(_AIX51)
428 if (protocols[252])
429 free(protocols[252]);
430 protocols[252] = NULL;
431 #endif
432 }
433
434 if (udp_ports != NULL) {
435 for (i = 0; i < 65536; i++)
436 if (udp_ports[i] != NULL) {
437 free(udp_ports[i]);
438 udp_ports[i] = NULL;
439 }
440 free(udp_ports);
441 udp_ports = NULL;
442 }
443 udp_ports = (char **)malloc(65536 * sizeof(*udp_ports));
444 if (udp_ports != NULL)
445 bzero((char *)udp_ports, 65536 * sizeof(*udp_ports));
446
447 if (tcp_ports != NULL) {
448 for (i = 0; i < 65536; i++)
449 if (tcp_ports[i] != NULL) {
450 free(tcp_ports[i]);
451 tcp_ports[i] = NULL;
452 }
453 free(tcp_ports);
454 tcp_ports = NULL;
455 }
456 tcp_ports = (char **)malloc(65536 * sizeof(*tcp_ports));
457 if (tcp_ports != NULL)
458 bzero((char *)tcp_ports, 65536 * sizeof(*tcp_ports));
459
460 setservent(1);
461 while ((s = getservent()) != NULL) {
462 if (s->s_proto == NULL)
463 continue;
464 else if (!strcmp(s->s_proto, "tcp")) {
465 port = ntohs(s->s_port);
466 name = s->s_name;
467 tab = tcp_ports;
468 } else if (!strcmp(s->s_proto, "udp")) {
469 port = ntohs(s->s_port);
470 name = s->s_name;
471 tab = udp_ports;
472 } else
473 continue;
474 if ((port < 0 || port > 65535) || (name == NULL))
475 continue;
476 if (tab != NULL)
477 tab[port] = strdup(name);
478 }
479 endservent();
480 }
481
482
483 static char *getproto(p)
484 u_int p;
485 {
486 static char pnum[4];
487 char *s;
488
489 p &= 0xff;
490 s = protocols ? protocols[p] : NULL;
491 if (s == NULL) {
492 sprintf(pnum, "%u", p);
493 s = pnum;
494 }
495 return s;
496 }
497
498
499 static int read_log(fd, lenp, buf, bufsize)
500 int fd, bufsize, *lenp;
501 char *buf;
502 {
503 int nr;
504
505 nr = read(fd, buf, bufsize);
506 if (!nr)
507 return 2;
508 if ((nr < 0) && (errno != EINTR))
509 return -1;
510 *lenp = nr;
511 return 0;
512 }
513
514
515 char *hostname(res, v, ip)
516 int res, v;
517 u_32_t *ip;
518 {
519 # define MAX_INETA 16
520 static char hname[MAXHOSTNAMELEN + MAX_INETA + 3];
521 #ifdef USE_INET6
522 static char hostbuf[MAXHOSTNAMELEN+1];
523 #endif
524 struct hostent *hp;
525 struct in_addr ipa;
526
527 if (v == 4) {
528 ipa.s_addr = *ip;
529 if (!res)
530 return inet_ntoa(ipa);
531 hp = gethostbyaddr((char *)ip, sizeof(*ip), AF_INET);
532 if (!hp)
533 return inet_ntoa(ipa);
534 sprintf(hname, "%.*s[%s]", MAXHOSTNAMELEN, hp->h_name,
535 inet_ntoa(ipa));
536 return hname;
537 }
538 #ifdef USE_INET6
539 (void) inet_ntop(AF_INET6, ip, hostbuf, sizeof(hostbuf) - 1);
540 hostbuf[MAXHOSTNAMELEN] = '\0';
541 return hostbuf;
542 #else
543 return "IPv6";
544 #endif
545 }
546
547
548 char *portname(res, proto, port)
549 int res;
550 char *proto;
551 u_int port;
552 {
553 static char pname[8];
554 char *s;
555
556 port = ntohs(port);
557 port &= 0xffff;
558 (void) sprintf(pname, "%u", port);
559 if (!res || (opts & OPT_PORTNUM))
560 return pname;
561 s = NULL;
562 if (!strcmp(proto, "tcp"))
563 s = tcp_ports[port];
564 else if (!strcmp(proto, "udp"))
565 s = udp_ports[port];
566 if (s == NULL)
567 s = pname;
568 return s;
569 }
570
571
572 static char *icmpname(type, code)
573 u_int type;
574 u_int code;
575 {
576 static char name[80];
577 icmp_subtype_t *ist;
578 icmp_type_t *it;
579 char *s;
580
581 s = NULL;
582 it = find_icmptype(type, icmptypes, sizeof(icmptypes) / sizeof(*it));
583 if (it != NULL)
584 s = it->it_name;
585
586 if (s == NULL)
587 sprintf(name, "icmptype(%d)/", type);
588 else
589 sprintf(name, "%s/", s);
590
591 ist = NULL;
592 if (it != NULL && it->it_subtable != NULL)
593 ist = find_icmpsubtype(code, it->it_subtable, it->it_stsize);
594
595 if (ist != NULL && ist->ist_name != NULL)
596 strcat(name, ist->ist_name);
597 else
598 sprintf(name + strlen(name), "%d", code);
599
600 return name;
601 }
602
603 static char *icmpname6(type, code)
604 u_int type;
605 u_int code;
606 {
607 static char name[80];
608 icmp_subtype_t *ist;
609 icmp_type_t *it;
610 char *s;
611
612 s = NULL;
613 it = find_icmptype(type, icmptypes6, sizeof(icmptypes6) / sizeof(*it));
614 if (it != NULL)
615 s = it->it_name;
616
617 if (s == NULL)
618 sprintf(name, "icmpv6type(%d)/", type);
619 else
620 sprintf(name, "%s/", s);
621
622 ist = NULL;
623 if (it != NULL && it->it_subtable != NULL)
624 ist = find_icmpsubtype(code, it->it_subtable, it->it_stsize);
625
626 if (ist != NULL && ist->ist_name != NULL)
627 strcat(name, ist->ist_name);
628 else
629 sprintf(name + strlen(name), "%d", code);
630
631 return name;
632 }
633
634
635 void dumphex(log, dopts, buf, len)
636 FILE *log;
637 int dopts;
638 char *buf;
639 int len;
640 {
641 char hline[80];
642 int i, j, k;
643 u_char *s = (u_char *)buf, *t = (u_char *)hline;
644
645 if (buf == NULL || len == 0)
646 return;
647
648 *hline = '\0';
649
650 for (i = len, j = 0; i; i--, j++, s++) {
651 if (j && !(j & 0xf)) {
652 *t++ = '\n';
653 *t = '\0';
654 if ((dopts & OPT_SYSLOG))
655 syslog(LOG_INFO, "%s", hline);
656 else if (log != NULL)
657 fputs(hline, log);
658 t = (u_char *)hline;
659 *t = '\0';
660 }
661 sprintf((char *)t, "%02x", *s & 0xff);
662 t += 2;
663 if (!((j + 1) & 0xf)) {
664 s -= 15;
665 sprintf((char *)t, " ");
666 t += 8;
667 for (k = 16; k; k--, s++)
668 *t++ = (ISPRINT(*s) ? *s : '.');
669 s--;
670 }
671
672 if ((j + 1) & 0xf)
673 *t++ = ' ';;
674 }
675
676 if (j & 0xf) {
677 for (k = 16 - (j & 0xf); k; k--) {
678 *t++ = ' ';
679 *t++ = ' ';
680 *t++ = ' ';
681 }
682 sprintf((char *)t, " ");
683 t += 7;
684 s -= j & 0xf;
685 for (k = j & 0xf; k; k--, s++)
686 *t++ = (ISPRINT(*s) ? *s : '.');
687 *t++ = '\n';
688 *t = '\0';
689 }
690 if ((dopts & OPT_SYSLOG) != 0)
691 syslog(LOG_INFO, "%s", hline);
692 else if (log != NULL) {
693 fputs(hline, log);
694 fflush(log);
695 }
696 }
697
698
699 static struct tm *get_tm(sec)
700 #ifdef __hpux
701 u_32_t sec;
702 #else
703 time_t sec;
704 #endif
705 {
706 struct tm *tm;
707 time_t t;
708
709 t = sec;
710 tm = localtime(&t);
711 return tm;
712 }
713
714 static void print_natlog(log, buf, blen)
715 FILE *log;
716 char *buf;
717 int blen;
718 {
719 struct natlog *nl;
720 iplog_t *ipl = (iplog_t *)buf;
721 char *t = line;
722 struct tm *tm;
723 int res, i, len;
724 char *proto;
725
726 nl = (struct natlog *)((char *)ipl + sizeof(*ipl));
727 res = (opts & OPT_RESOLVE) ? 1 : 0;
728 tm = get_tm(ipl->ipl_sec);
729 len = sizeof(line);
730 if (!(opts & OPT_SYSLOG)) {
731 (void) strftime(t, len, "%d/%m/%Y ", tm);
732 i = strlen(t);
733 len -= i;
734 t += i;
735 }
736 (void) strftime(t, len, "%T", tm);
737 t += strlen(t);
738 (void) sprintf(t, ".%-.6ld @%hd ", (long)ipl->ipl_usec,
739 nl->nl_rule + 1);
740 t += strlen(t);
741
742 if (nl->nl_type == NL_NEWMAP)
743 strcpy(t, "NAT:MAP ");
744 else if (nl->nl_type == NL_NEWRDR)
745 strcpy(t, "NAT:RDR ");
746 else if (nl->nl_type == NL_FLUSH)
747 strcpy(t, "NAT:FLUSH ");
748 else if (nl->nl_type == NL_EXPIRE)
749 strcpy(t, "NAT:EXPIRE ");
750 else if (nl->nl_type == NL_NEWBIMAP)
751 strcpy(t, "NAT:BIMAP ");
752 else if (nl->nl_type == NL_NEWBLOCK)
753 strcpy(t, "NAT:MAPBLOCK ");
754 else if (nl->nl_type == NL_CLONE)
755 strcpy(t, "NAT:CLONE ");
756 else if (nl->nl_type == NL_DESTROY)
757 strcpy(t, "NAT:DESTROY ");
758 else
759 sprintf(t, "Type: %d ", nl->nl_type);
760 t += strlen(t);
761
762 proto = getproto(nl->nl_p);
763
764 (void) sprintf(t, "%s,%s <- -> ", HOSTNAME_V4(res, nl->nl_inip),
765 portname(res, proto, (u_int)nl->nl_inport));
766 t += strlen(t);
767 (void) sprintf(t, "%s,%s ", HOSTNAME_V4(res, nl->nl_outip),
768 portname(res, proto, (u_int)nl->nl_outport));
769 t += strlen(t);
770 (void) sprintf(t, "[%s,%s PR %s]", HOSTNAME_V4(res, nl->nl_origip),
771 portname(res, proto, (u_int)nl->nl_origport),
772 getproto(nl->nl_p));
773 t += strlen(t);
774 if (nl->nl_type == NL_EXPIRE) {
775 #ifdef USE_QUAD_T
776 (void) sprintf(t, " Pkts %qd/%qd Bytes %qd/%qd",
777 (long long)nl->nl_pkts[0],
778 (long long)nl->nl_pkts[1],
779 (long long)nl->nl_bytes[0],
780 (long long)nl->nl_bytes[1]);
781 #else
782 (void) sprintf(t, " Pkts %ld/%ld Bytes %ld/%ld",
783 nl->nl_pkts[0], nl->nl_pkts[1],
784 nl->nl_bytes[0], nl->nl_bytes[1]);
785 #endif
786 t += strlen(t);
787 }
788
789 *t++ = '\n';
790 *t++ = '\0';
791 if (opts & OPT_SYSLOG)
792 syslog(LOG_INFO, "%s", line);
793 else if (log != NULL)
794 (void) fprintf(log, "%s", line);
795 }
796
797
798 static void print_statelog(log, buf, blen)
799 FILE *log;
800 char *buf;
801 int blen;
802 {
803 struct ipslog *sl;
804 iplog_t *ipl = (iplog_t *)buf;
805 char *t = line, *proto;
806 struct tm *tm;
807 int res, i, len;
808
809 sl = (struct ipslog *)((char *)ipl + sizeof(*ipl));
810 res = (opts & OPT_RESOLVE) ? 1 : 0;
811 tm = get_tm(ipl->ipl_sec);
812 len = sizeof(line);
813 if (!(opts & OPT_SYSLOG)) {
814 (void) strftime(t, len, "%d/%m/%Y ", tm);
815 i = strlen(t);
816 len -= i;
817 t += i;
818 }
819 (void) strftime(t, len, "%T", tm);
820 t += strlen(t);
821 (void) sprintf(t, ".%-.6ld ", (long)ipl->ipl_usec);
822 t += strlen(t);
823
824 switch (sl->isl_type)
825 {
826 case ISL_NEW :
827 strcpy(t, "STATE:NEW ");
828 break;
829
830 case ISL_CLONE :
831 strcpy(t, "STATE:CLONED ");
832 break;
833
834 case ISL_EXPIRE :
835 if ((sl->isl_p == IPPROTO_TCP) &&
836 (sl->isl_state[0] > IPF_TCPS_ESTABLISHED ||
837 sl->isl_state[1] > IPF_TCPS_ESTABLISHED))
838 strcpy(t, "STATE:CLOSE ");
839 else
840 strcpy(t, "STATE:EXPIRE ");
841 break;
842
843 case ISL_FLUSH :
844 strcpy(t, "STATE:FLUSH ");
845 break;
846
847 case ISL_INTERMEDIATE :
848 strcpy(t, "STATE:INTERMEDIATE ");
849 break;
850
851 case ISL_REMOVE :
852 strcpy(t, "STATE:REMOVE ");
853 break;
854
855 case ISL_KILLED :
856 strcpy(t, "STATE:KILLED ");
857 break;
858
859 case ISL_UNLOAD :
860 strcpy(t, "STATE:UNLOAD ");
861 break;
862
863 default :
864 sprintf(t, "Type: %d ", sl->isl_type);
865 break;
866 }
867 t += strlen(t);
868
869 proto = getproto(sl->isl_p);
870
871 if (sl->isl_p == IPPROTO_TCP || sl->isl_p == IPPROTO_UDP) {
872 (void) sprintf(t, "%s,%s -> ",
873 hostname(res, sl->isl_v, (u_32_t *)&sl->isl_src),
874 portname(res, proto, (u_int)sl->isl_sport));
875 t += strlen(t);
876 (void) sprintf(t, "%s,%s PR %s",
877 hostname(res, sl->isl_v, (u_32_t *)&sl->isl_dst),
878 portname(res, proto, (u_int)sl->isl_dport), proto);
879 } else if (sl->isl_p == IPPROTO_ICMP) {
880 (void) sprintf(t, "%s -> ", hostname(res, sl->isl_v,
881 (u_32_t *)&sl->isl_src));
882 t += strlen(t);
883 (void) sprintf(t, "%s PR icmp %d",
884 hostname(res, sl->isl_v, (u_32_t *)&sl->isl_dst),
885 sl->isl_itype);
886 } else if (sl->isl_p == IPPROTO_ICMPV6) {
887 (void) sprintf(t, "%s -> ", hostname(res, sl->isl_v,
888 (u_32_t *)&sl->isl_src));
889 t += strlen(t);
890 (void) sprintf(t, "%s PR icmpv6 %d",
891 hostname(res, sl->isl_v, (u_32_t *)&sl->isl_dst),
892 sl->isl_itype);
893 } else {
894 (void) sprintf(t, "%s -> ",
895 hostname(res, sl->isl_v, (u_32_t *)&sl->isl_src));
896 t += strlen(t);
897 (void) sprintf(t, "%s PR %s",
898 hostname(res, sl->isl_v, (u_32_t *)&sl->isl_dst),
899 proto);
900 }
901 t += strlen(t);
902 if (sl->isl_tag != FR_NOLOGTAG) {
903 (void) sprintf(t, " tag %u", sl->isl_tag);
904 t += strlen(t);
905 }
906 if (sl->isl_type != ISL_NEW) {
907 sprintf(t,
908 #ifdef USE_QUAD_T
909 #ifdef PRId64
910 " Forward: Pkts in %" PRId64 " Bytes in %" PRId64
911 " Pkts out %" PRId64 " Bytes out %" PRId64
912 " Backward: Pkts in %" PRId64 " Bytes in %" PRId64
913 " Pkts out %" PRId64 " Bytes out %" PRId64,
914 #else
915 " Forward: Pkts in %qd Bytes in %qd Pkts out %qd Bytes out %qd Backward: Pkts in %qd Bytes in %qd Pkts out %qd Bytes out %qd",
916 #endif /* PRId64 */
917 #else
918 " Forward: Pkts in %ld Bytes in %ld Pkts out %ld Bytes out %ld Backward: Pkts in %ld Bytes in %ld Pkts out %ld Bytes out %ld",
919 #endif
920 sl->isl_pkts[0], sl->isl_bytes[0],
921 sl->isl_pkts[1], sl->isl_bytes[1],
922 sl->isl_pkts[2], sl->isl_bytes[2],
923 sl->isl_pkts[3], sl->isl_bytes[3]);
924
925 t += strlen(t);
926 }
927
928 *t++ = '\n';
929 *t++ = '\0';
930 if (opts & OPT_SYSLOG)
931 syslog(LOG_INFO, "%s", line);
932 else if (log != NULL)
933 (void) fprintf(log, "%s", line);
934 }
935
936
937 static void print_log(logtype, log, buf, blen)
938 FILE *log;
939 char *buf;
940 int logtype, blen;
941 {
942 iplog_t *ipl;
943 char *bp = NULL, *bpo = NULL;
944 int psize;
945
946 while (blen > 0) {
947 ipl = (iplog_t *)buf;
948 if ((u_long)ipl & (sizeof(long)-1)) {
949 if (bp)
950 bpo = bp;
951 bp = (char *)malloc(blen);
952 bcopy((char *)ipl, bp, blen);
953 if (bpo) {
954 free(bpo);
955 bpo = NULL;
956 }
957 buf = bp;
958 continue;
959 }
960
961 psize = ipl->ipl_dsize;
962 if (psize > blen)
963 break;
964
965 if (binarylog) {
966 fwrite(buf, psize, 1, binarylog);
967 fflush(binarylog);
968 }
969
970 if (logtype == IPL_LOGIPF) {
971 if (ipl->ipl_magic == IPL_MAGIC)
972 print_ipflog(log, buf, psize);
973
974 } else if (logtype == IPL_LOGNAT) {
975 if (ipl->ipl_magic == IPL_MAGIC_NAT)
976 print_natlog(log, buf, psize);
977
978 } else if (logtype == IPL_LOGSTATE) {
979 if (ipl->ipl_magic == IPL_MAGIC_STATE)
980 print_statelog(log, buf, psize);
981 }
982
983 blen -= psize;
984 buf += psize;
985 }
986 if (bp)
987 free(bp);
988 return;
989 }
990
991
992 static void print_ipflog(log, buf, blen)
993 FILE *log;
994 char *buf;
995 int blen;
996 {
997 tcphdr_t *tp;
998 struct icmp *ic;
999 struct icmp *icmp;
1000 struct tm *tm;
1001 char *t, *proto;
1002 int i, v, lvl, res, len, off, plen, ipoff, defaction;
1003 ip_t *ipc, *ip;
1004 u_32_t *s, *d;
1005 u_short hl, p;
1006 ipflog_t *ipf;
1007 iplog_t *ipl;
1008 #ifdef USE_INET6
1009 struct ip6_ext *ehp;
1010 u_short ehl;
1011 ip6_t *ip6;
1012 int go;
1013 #endif
1014
1015 ipl = (iplog_t *)buf;
1016 ipf = (ipflog_t *)((char *)buf + sizeof(*ipl));
1017 ip = (ip_t *)((char *)ipf + sizeof(*ipf));
1018 v = IP_V(ip);
1019 res = (opts & OPT_RESOLVE) ? 1 : 0;
1020 t = line;
1021 *t = '\0';
1022 tm = get_tm(ipl->ipl_sec);
1023
1024 len = sizeof(line);
1025 if (!(opts & OPT_SYSLOG)) {
1026 (void) strftime(t, len, "%d/%m/%Y ", tm);
1027 i = strlen(t);
1028 len -= i;
1029 t += i;
1030 }
1031 (void) strftime(t, len, "%T", tm);
1032 t += strlen(t);
1033 (void) sprintf(t, ".%-.6ld ", (long)ipl->ipl_usec);
1034 t += strlen(t);
1035 if (ipl->ipl_count > 1) {
1036 (void) sprintf(t, "%dx ", ipl->ipl_count);
1037 t += strlen(t);
1038 }
1039 #if (defined(MENTAT) || \
1040 (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199603)) || \
1041 (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) || \
1042 (defined(OpenBSD) && (OpenBSD >= 199603))) || defined(linux)
1043 {
1044 char ifname[sizeof(ipf->fl_ifname) + 1];
1045
1046 strncpy(ifname, ipf->fl_ifname, sizeof(ipf->fl_ifname));
1047 ifname[sizeof(ipf->fl_ifname)] = '\0';
1048 (void) sprintf(t, "%s", ifname);
1049 t += strlen(t);
1050 # if defined(MENTAT) || defined(linux)
1051 # if defined(linux)
1052 /*
1053 * On Linux, the loopback interface is just "lo", not "lo0".
1054 */
1055 if (strcmp(ifname, "lo") != 0)
1056 # endif
1057 if (ISALPHA(*(t - 1))) {
1058 sprintf(t, "%d", ipf->fl_unit);
1059 t += strlen(t);
1060 }
1061 # endif
1062 }
1063 #else
1064 for (len = 0; len < 3; len++)
1065 if (ipf->fl_ifname[len] == '\0')
1066 break;
1067 if (ipf->fl_ifname[len])
1068 len++;
1069 (void) sprintf(t, "%*.*s%u", len, len, ipf->fl_ifname, ipf->fl_unit);
1070 t += strlen(t);
1071 #endif
1072 if ((ipf->fl_group[0] == (char)~0) && (ipf->fl_group[1] == '\0'))
1073 strcat(t, " @-1:");
1074 else if (ipf->fl_group[0] == '\0')
1075 (void) strcpy(t, " @0:");
1076 else
1077 (void) sprintf(t, " @%s:", ipf->fl_group);
1078 t += strlen(t);
1079 if (ipf->fl_rule == 0xffffffff)
1080 strcat(t, "-1 ");
1081 else
1082 (void) sprintf(t, "%u ", ipf->fl_rule + 1);
1083 t += strlen(t);
1084
1085 lvl = LOG_NOTICE;
1086
1087 if (ipf->fl_lflags & FI_SHORT) {
1088 *t++ = 'S';
1089 lvl = LOG_ERR;
1090 }
1091
1092 if (FR_ISPASS(ipf->fl_flags)) {
1093 if (ipf->fl_flags & FR_LOGP)
1094 *t++ = 'p';
1095 else
1096 *t++ = 'P';
1097 } else if (FR_ISBLOCK(ipf->fl_flags)) {
1098 if (ipf->fl_flags & FR_LOGB)
1099 *t++ = 'b';
1100 else
1101 *t++ = 'B';
1102 lvl = LOG_WARNING;
1103 } else if ((ipf->fl_flags & FR_LOGMASK) == FR_LOG) {
1104 *t++ = 'L';
1105 lvl = LOG_INFO;
1106 } else if (ipf->fl_flags & FF_LOGNOMATCH) {
1107 *t++ = 'n';
1108 } else {
1109 *t++ = '?';
1110 lvl = LOG_EMERG;
1111 }
1112 if (ipf->fl_loglevel != 0xffff)
1113 lvl = ipf->fl_loglevel;
1114 *t++ = ' ';
1115 *t = '\0';
1116
1117 if (v == 6) {
1118 #ifdef USE_INET6
1119 off = 0;
1120 ipoff = 0;
1121 hl = sizeof(ip6_t);
1122 ip6 = (ip6_t *)ip;
1123 p = (u_short)ip6->ip6_nxt;
1124 s = (u_32_t *)&ip6->ip6_src;
1125 d = (u_32_t *)&ip6->ip6_dst;
1126 plen = hl + ntohs(ip6->ip6_plen);
1127 go = 1;
1128 ehp = (struct ip6_ext *)((char *)ip6 + hl);
1129 while (go == 1) {
1130 switch (p)
1131 {
1132 case IPPROTO_HOPOPTS :
1133 case IPPROTO_MOBILITY :
1134 case IPPROTO_DSTOPTS :
1135 case IPPROTO_ROUTING :
1136 case IPPROTO_AH :
1137 p = ehp->ip6e_nxt;
1138 ehl = 8 + (ehp->ip6e_len << 3);
1139 hl += ehl;
1140 ehp = (struct ip6_ext *)((char *)ehp + ehl);
1141 break;
1142 case IPPROTO_FRAGMENT :
1143 hl += sizeof(struct ip6_frag);
1144 /* FALLTHROUGH */
1145 default :
1146 go = 0;
1147 break;
1148 }
1149 }
1150 #else
1151 sprintf(t, "ipv6");
1152 goto printipflog;
1153 #endif
1154 } else if (v == 4) {
1155 hl = IP_HL(ip) << 2;
1156 ipoff = ip->ip_off;
1157 off = ipoff & IP_OFFMASK;
1158 p = (u_short)ip->ip_p;
1159 s = (u_32_t *)&ip->ip_src;
1160 d = (u_32_t *)&ip->ip_dst;
1161 plen = ip->ip_len;
1162 } else {
1163 goto printipflog;
1164 }
1165 proto = getproto(p);
1166
1167 if ((p == IPPROTO_TCP || p == IPPROTO_UDP) && !off) {
1168 tp = (tcphdr_t *)((char *)ip + hl);
1169 if (!(ipf->fl_lflags & FI_SHORT)) {
1170 (void) sprintf(t, "%s,%s -> ", hostname(res, v, s),
1171 portname(res, proto, (u_int)tp->th_sport));
1172 t += strlen(t);
1173 (void) sprintf(t, "%s,%s PR %s len %hu %hu",
1174 hostname(res, v, d),
1175 portname(res, proto, (u_int)tp->th_dport),
1176 proto, hl, plen);
1177 t += strlen(t);
1178
1179 if (p == IPPROTO_TCP) {
1180 *t++ = ' ';
1181 *t++ = '-';
1182 for (i = 0; tcpfl[i].value; i++)
1183 if (tp->th_flags & tcpfl[i].value)
1184 *t++ = tcpfl[i].flag;
1185 if (opts & OPT_VERBOSE) {
1186 (void) sprintf(t, " %lu %lu %hu",
1187 (u_long)(ntohl(tp->th_seq)),
1188 (u_long)(ntohl(tp->th_ack)),
1189 ntohs(tp->th_win));
1190 t += strlen(t);
1191 }
1192 }
1193 *t = '\0';
1194 } else {
1195 (void) sprintf(t, "%s -> ", hostname(res, v, s));
1196 t += strlen(t);
1197 (void) sprintf(t, "%s PR %s len %hu %hu",
1198 hostname(res, v, d), proto, hl, plen);
1199 }
1200 } else if ((p == IPPROTO_ICMPV6) && !off && (v == 6)) {
1201 ic = (struct icmp *)((char *)ip + hl);
1202 (void) sprintf(t, "%s -> ", hostname(res, v, s));
1203 t += strlen(t);
1204 (void) sprintf(t, "%s PR icmpv6 len %hu %hu icmpv6 %s",
1205 hostname(res, v, d), hl, plen,
1206 icmpname6(ic->icmp_type, ic->icmp_code));
1207 } else if ((p == IPPROTO_ICMP) && !off && (v == 4)) {
1208 ic = (struct icmp *)((char *)ip + hl);
1209 (void) sprintf(t, "%s -> ", hostname(res, v, s));
1210 t += strlen(t);
1211 (void) sprintf(t, "%s PR icmp len %hu %hu icmp %s",
1212 hostname(res, v, d), hl, plen,
1213 icmpname(ic->icmp_type, ic->icmp_code));
1214 if (ic->icmp_type == ICMP_UNREACH ||
1215 ic->icmp_type == ICMP_SOURCEQUENCH ||
1216 ic->icmp_type == ICMP_PARAMPROB ||
1217 ic->icmp_type == ICMP_REDIRECT ||
1218 ic->icmp_type == ICMP_TIMXCEED) {
1219 ipc = &ic->icmp_ip;
1220 i = ntohs(ipc->ip_len);
1221 /*
1222 * XXX - try to guess endian of ip_len in ICMP
1223 * returned data.
1224 */
1225 if (i > 1500)
1226 i = ipc->ip_len;
1227 ipoff = ntohs(ipc->ip_off);
1228 proto = getproto(ipc->ip_p);
1229
1230 if (!(ipoff & IP_OFFMASK) &&
1231 ((ipc->ip_p == IPPROTO_TCP) ||
1232 (ipc->ip_p == IPPROTO_UDP))) {
1233 tp = (tcphdr_t *)((char *)ipc + hl);
1234 t += strlen(t);
1235 (void) sprintf(t, " for %s,%s -",
1236 HOSTNAME_V4(res, ipc->ip_src),
1237 portname(res, proto,
1238 (u_int)tp->th_sport));
1239 t += strlen(t);
1240 (void) sprintf(t, " %s,%s PR %s len %hu %hu",
1241 HOSTNAME_V4(res, ipc->ip_dst),
1242 portname(res, proto,
1243 (u_int)tp->th_dport),
1244 proto, IP_HL(ipc) << 2, i);
1245 } else if (!(ipoff & IP_OFFMASK) &&
1246 (ipc->ip_p == IPPROTO_ICMP)) {
1247 icmp = (icmphdr_t *)((char *)ipc + hl);
1248
1249 t += strlen(t);
1250 (void) sprintf(t, " for %s -",
1251 HOSTNAME_V4(res, ipc->ip_src));
1252 t += strlen(t);
1253 (void) sprintf(t,
1254 " %s PR icmp len %hu %hu icmp %d/%d",
1255 HOSTNAME_V4(res, ipc->ip_dst),
1256 IP_HL(ipc) << 2, i,
1257 icmp->icmp_type, icmp->icmp_code);
1258 } else {
1259 t += strlen(t);
1260 (void) sprintf(t, " for %s -",
1261 HOSTNAME_V4(res, ipc->ip_src));
1262 t += strlen(t);
1263 (void) sprintf(t, " %s PR %s len %hu (%hu)",
1264 HOSTNAME_V4(res, ipc->ip_dst), proto,
1265 IP_HL(ipc) << 2, i);
1266 t += strlen(t);
1267 if (ipoff & IP_OFFMASK) {
1268 (void) sprintf(t,
1269 "(frag %d:%hu@%hu%s%s)",
1270 ntohs(ipc->ip_id),
1271 i - (IP_HL(ipc) << 2),
1272 (ipoff & IP_OFFMASK) << 3,
1273 ipoff & IP_MF ? "+" : "",
1274 ipoff & IP_DF ? "-" : "");
1275 }
1276 }
1277
1278 }
1279 } else {
1280 (void) sprintf(t, "%s -> ", hostname(res, v, s));
1281 t += strlen(t);
1282 (void) sprintf(t, "%s PR %s len %hu (%hu)",
1283 hostname(res, v, d), proto, hl, plen);
1284 t += strlen(t);
1285 if (off & IP_OFFMASK)
1286 (void) sprintf(t, " (frag %d:%hu@%hu%s%s)",
1287 ntohs(ip->ip_id),
1288 plen - hl, (off & IP_OFFMASK) << 3,
1289 ipoff & IP_MF ? "+" : "",
1290 ipoff & IP_DF ? "-" : "");
1291 }
1292 t += strlen(t);
1293
1294 printipflog:
1295 if (ipf->fl_flags & FR_KEEPSTATE) {
1296 (void) strcpy(t, " K-S");
1297 t += strlen(t);
1298 }
1299
1300 if (ipf->fl_flags & FR_KEEPFRAG) {
1301 (void) strcpy(t, " K-F");
1302 t += strlen(t);
1303 }
1304
1305 if (ipf->fl_dir == 0)
1306 strcpy(t, " IN");
1307 else if (ipf->fl_dir == 1)
1308 strcpy(t, " OUT");
1309 t += strlen(t);
1310 if (ipf->fl_logtag != 0) {
1311 sprintf(t, " log-tag %d", ipf->fl_logtag);
1312 t += strlen(t);
1313 }
1314 if (ipf->fl_nattag.ipt_num[0] != 0) {
1315 strcpy(t, " nat-tag ");
1316 t += strlen(t);
1317 strncpy(t, ipf->fl_nattag.ipt_tag, sizeof(ipf->fl_nattag));
1318 t += strlen(t);
1319 }
1320 if ((ipf->fl_lflags & FI_LOWTTL) != 0) {
1321 strcpy(t, " low-ttl");
1322 t += 8;
1323 }
1324 if ((ipf->fl_lflags & FI_OOW) != 0) {
1325 strcpy(t, " OOW");
1326 t += 4;
1327 }
1328 if ((ipf->fl_lflags & FI_BAD) != 0) {
1329 strcpy(t, " bad");
1330 t += 4;
1331 }
1332 if ((ipf->fl_lflags & FI_NATED) != 0) {
1333 strcpy(t, " NAT");
1334 t += 4;
1335 }
1336 if ((ipf->fl_lflags & FI_BADNAT) != 0) {
1337 strcpy(t, " bad-NAT");
1338 t += 8;
1339 }
1340 if ((ipf->fl_lflags & FI_BADSRC) != 0) {
1341 strcpy(t, " bad-src");
1342 t += 8;
1343 }
1344 if ((ipf->fl_lflags & FI_MULTICAST) != 0) {
1345 strcpy(t, " multicast");
1346 t += 10;
1347 }
1348 if ((ipf->fl_lflags & FI_BROADCAST) != 0) {
1349 strcpy(t, " broadcast");
1350 t += 10;
1351 }
1352 if ((ipf->fl_lflags & (FI_MULTICAST|FI_BROADCAST|FI_MBCAST)) ==
1353 FI_MBCAST) {
1354 strcpy(t, " mbcast");
1355 t += 7;
1356 }
1357 *t++ = '\n';
1358 *t++ = '\0';
1359 defaction = 0;
1360 if (conf_file != NULL)
1361 defaction = check_action(buf, line, opts, lvl);
1362 if (defaction == 0) {
1363 if (opts & OPT_SYSLOG)
1364 syslog(lvl, "%s", line);
1365 else if (log != NULL)
1366 (void) fprintf(log, "%s", line);
1367
1368 if (opts & OPT_HEXHDR)
1369 dumphex(log, opts, buf,
1370 sizeof(iplog_t) + sizeof(*ipf));
1371 if (opts & OPT_HEXBODY)
1372 dumphex(log, opts, (char *)ip,
1373 ipf->fl_plen + ipf->fl_hlen);
1374 else if ((opts & OPT_LOGBODY) && (ipf->fl_flags & FR_LOGBODY))
1375 dumphex(log, opts, (char *)ip + ipf->fl_hlen,
1376 ipf->fl_plen);
1377 }
1378 }
1379
1380
1381 static void usage(prog)
1382 char *prog;
1383 {
1384 fprintf(stderr, "%s: [-NFhstvxX] [-f <logfile>]\n", prog);
1385 exit(1);
1386 }
1387
1388
1389 static void write_pid(file)
1390 char *file;
1391 {
1392 FILE *fp = NULL;
1393 int fd;
1394
1395 if ((fd = open(file, O_CREAT|O_TRUNC|O_WRONLY, 0644)) >= 0) {
1396 fp = fdopen(fd, "w");
1397 if (fp == NULL) {
1398 close(fd);
1399 fprintf(stderr,
1400 "unable to open/create pid file: %s\n", file);
1401 return;
1402 }
1403 fprintf(fp, "%d", getpid());
1404 fclose(fp);
1405 }
1406 }
1407
1408
1409 static void flushlogs(file, log)
1410 char *file;
1411 FILE *log;
1412 {
1413 int fd, flushed = 0;
1414
1415 if ((fd = open(file, O_RDWR)) == -1) {
1416 (void) fprintf(stderr, "%s: open: %s\n",
1417 file, STRERROR(errno));
1418 exit(1);
1419 }
1420
1421 if (ioctl(fd, SIOCIPFFB, &flushed) == 0) {
1422 printf("%d bytes flushed from log buffer\n",
1423 flushed);
1424 fflush(stdout);
1425 } else
1426 perror("SIOCIPFFB");
1427 (void) close(fd);
1428
1429 if (flushed) {
1430 if (opts & OPT_SYSLOG) {
1431 syslog(LOG_INFO, "%d bytes flushed from log\n",
1432 flushed);
1433 } else if ((log != stdout) && (log != NULL)) {
1434 fprintf(log, "%d bytes flushed from log\n", flushed);
1435 }
1436 }
1437 }
1438
1439
1440 static void logopts(turnon, options)
1441 int turnon;
1442 char *options;
1443 {
1444 int flags = 0;
1445 char *s;
1446
1447 for (s = options; *s; s++)
1448 {
1449 switch (*s)
1450 {
1451 case 'N' :
1452 flags |= OPT_NAT;
1453 break;
1454 case 'S' :
1455 flags |= OPT_STATE;
1456 break;
1457 case 'I' :
1458 flags |= OPT_FILTER;
1459 break;
1460 default :
1461 fprintf(stderr, "Unknown log option %c\n", *s);
1462 exit(1);
1463 }
1464 }
1465
1466 if (turnon)
1467 opts |= flags;
1468 else
1469 opts &= ~(flags);
1470 }
1471
1472
1473 int main(argc, argv)
1474 int argc;
1475 char *argv[];
1476 {
1477 struct stat sb;
1478 FILE *log = stdout;
1479 FILE *fp;
1480 int fd[3], doread, n, i;
1481 int tr, nr, regular[3], c;
1482 int fdt[3], devices = 0, make_daemon = 0;
1483 char buf[DEFAULT_IPFLOGSIZE], *iplfile[3], *prog;
1484 extern int optind;
1485 extern char *optarg;
1486
1487 n = 0; /* XXX gcc */
1488
1489 prog = strrchr(argv[0], '/');
1490 if (prog == NULL)
1491 prog = argv[0];
1492 else
1493 prog++;
1494 fd[0] = fd[1] = fd[2] = -1;
1495 fdt[0] = fdt[1] = fdt[2] = -1;
1496 iplfile[0] = IPL_NAME;
1497 iplfile[1] = IPNAT_NAME;
1498 iplfile[2] = IPSTATE_NAME;
1499
1500 while ((c = getopt(argc, argv,
1501 "?abB:C:Df:FhL:nN:o:O:pP:sS:tvxX")) != -1)
1502 switch (c)
1503 {
1504 case 'a' :
1505 opts |= OPT_LOGALL;
1506 fdt[0] = IPL_LOGIPF;
1507 fdt[1] = IPL_LOGNAT;
1508 fdt[2] = IPL_LOGSTATE;
1509 break;
1510 case 'b' :
1511 opts |= OPT_LOGBODY;
1512 break;
1513 case 'B' :
1514 binarylogfile = optarg;
1515 binarylog = fopen(optarg, "a");
1516 break;
1517 case 'C' :
1518 conf_file = optarg;
1519 break;
1520 case 'D' :
1521 make_daemon = 1;
1522 break;
1523 case 'f' : case 'I' :
1524 opts |= OPT_FILTER;
1525 fdt[0] = IPL_LOGIPF;
1526 iplfile[0] = optarg;
1527 break;
1528 case 'F' :
1529 flushlogs(iplfile[0], log);
1530 flushlogs(iplfile[1], log);
1531 flushlogs(iplfile[2], log);
1532 break;
1533 case 'L' :
1534 logfac = fac_findname(optarg);
1535 if (logfac == -1) {
1536 fprintf(stderr,
1537 "Unknown syslog facility '%s'\n",
1538 optarg);
1539 exit(1);
1540 }
1541 break;
1542 case 'n' :
1543 opts |= OPT_RESOLVE;
1544 break;
1545 case 'N' :
1546 opts |= OPT_NAT;
1547 fdt[1] = IPL_LOGNAT;
1548 iplfile[1] = optarg;
1549 break;
1550 case 'o' : case 'O' :
1551 logopts(c == 'o', optarg);
1552 fdt[0] = fdt[1] = fdt[2] = -1;
1553 if (opts & OPT_FILTER)
1554 fdt[0] = IPL_LOGIPF;
1555 if (opts & OPT_NAT)
1556 fdt[1] = IPL_LOGNAT;
1557 if (opts & OPT_STATE)
1558 fdt[2] = IPL_LOGSTATE;
1559 break;
1560 case 'p' :
1561 opts |= OPT_PORTNUM;
1562 break;
1563 case 'P' :
1564 pidfile = optarg;
1565 break;
1566 case 's' :
1567 opts |= OPT_SYSLOG;
1568 log = NULL;
1569 break;
1570 case 'S' :
1571 opts |= OPT_STATE;
1572 fdt[2] = IPL_LOGSTATE;
1573 iplfile[2] = optarg;
1574 break;
1575 case 't' :
1576 opts |= OPT_TAIL;
1577 break;
1578 case 'v' :
1579 opts |= OPT_VERBOSE;
1580 break;
1581 case 'x' :
1582 opts |= OPT_HEXBODY;
1583 break;
1584 case 'X' :
1585 opts |= OPT_HEXHDR;
1586 break;
1587 default :
1588 case 'h' :
1589 case '?' :
1590 usage(argv[0]);
1591 }
1592
1593 if (opts & OPT_SYSLOG)
1594 openlog(prog, LOG_NDELAY|LOG_PID, logfac);
1595
1596 init_tabs();
1597 if (conf_file)
1598 if (load_config(conf_file) == -1)
1599 exit(1);
1600
1601 /*
1602 * Default action is to only open the filter log file.
1603 */
1604 if ((fdt[0] == -1) && (fdt[1] == -1) && (fdt[2] == -1))
1605 fdt[0] = IPL_LOGIPF;
1606
1607 for (i = 0; i < 3; i++) {
1608 if (fdt[i] == -1)
1609 continue;
1610 if (!strcmp(iplfile[i], "-"))
1611 fd[i] = 0;
1612 else {
1613 if ((fd[i] = open(iplfile[i], O_RDONLY)) == -1) {
1614 (void) fprintf(stderr,
1615 "%s: open: %s\n", iplfile[i],
1616 STRERROR(errno));
1617 exit(1);
1618 /* NOTREACHED */
1619 }
1620 if (fstat(fd[i], &sb) == -1) {
1621 (void) fprintf(stderr, "%d: fstat: %s\n",
1622 fd[i], STRERROR(errno));
1623 exit(1);
1624 /* NOTREACHED */
1625 }
1626 if (!(regular[i] = !S_ISCHR(sb.st_mode)))
1627 devices++;
1628 }
1629 }
1630
1631 if (!(opts & OPT_SYSLOG)) {
1632 logfile = argv[optind];
1633 log = logfile ? fopen(logfile, "a") : stdout;
1634 if (log == NULL) {
1635 (void) fprintf(stderr, "%s: fopen: %s\n",
1636 argv[optind], STRERROR(errno));
1637 exit(1);
1638 /* NOTREACHED */
1639 }
1640 setvbuf(log, NULL, _IONBF, 0);
1641 } else
1642 log = NULL;
1643
1644 if (make_daemon && ((log != stdout) || (opts & OPT_SYSLOG))) {
1645 #if BSD >= 199306
1646 daemon(0, !(opts & OPT_SYSLOG));
1647 #else
1648 int pid;
1649 if ((pid = fork()) > 0)
1650 exit(0);
1651 if (pid < 0) {
1652 (void) fprintf(stderr, "%s: fork() failed: %s\n",
1653 argv[0], STRERROR(errno));
1654 exit(1);
1655 /* NOTREACHED */
1656 }
1657 setsid();
1658 if ((opts & OPT_SYSLOG))
1659 close(2);
1660 #endif /* !BSD */
1661 close(0);
1662 close(1);
1663 write_pid(pidfile);
1664 }
1665
1666 signal(SIGHUP, handlehup);
1667
1668 for (doread = 1; doread; ) {
1669 nr = 0;
1670
1671 for (i = 0; i < 3; i++) {
1672 tr = 0;
1673 if (fdt[i] == -1)
1674 continue;
1675 if (!regular[i]) {
1676 if (ioctl(fd[i], FIONREAD, &tr) == -1) {
1677 if (opts & OPT_SYSLOG)
1678 syslog(LOG_CRIT,
1679 "ioctl(FIONREAD): %m");
1680 else
1681 perror("ioctl(FIONREAD)");
1682 exit(1);
1683 /* NOTREACHED */
1684 }
1685 } else {
1686 tr = (lseek(fd[i], 0, SEEK_CUR) < sb.st_size);
1687 if (!tr && !(opts & OPT_TAIL))
1688 doread = 0;
1689 }
1690 if (!tr)
1691 continue;
1692 nr += tr;
1693 n = 0;
1694
1695 tr = read_log(fd[i], &n, buf, sizeof(buf));
1696 if (donehup) {
1697 if (logfile && (fp = fopen(logfile, "a"))) {
1698 fclose(log);
1699 log = fp;
1700 }
1701 if (binarylogfile &&
1702 (fp = fopen(binarylogfile, "a"))) {
1703 fclose(binarylog);
1704 binarylog = fp;
1705 }
1706 init_tabs();
1707 if (conf_file != NULL)
1708 load_config(conf_file);
1709 donehup = 0;
1710 }
1711
1712 switch (tr)
1713 {
1714 case -1 :
1715 if (opts & OPT_SYSLOG)
1716 syslog(LOG_CRIT, "read: %m\n");
1717 else
1718 perror("read");
1719 doread = 0;
1720 break;
1721 case 1 :
1722 if (opts & OPT_SYSLOG)
1723 syslog(LOG_CRIT, "aborting logging\n");
1724 else if (log != NULL)
1725 fprintf(log, "aborting logging\n");
1726 doread = 0;
1727 break;
1728 case 2 :
1729 break;
1730 case 0 :
1731 if (n > 0) {
1732 print_log(fdt[i], log, buf, n);
1733 if (!(opts & OPT_SYSLOG))
1734 fflush(log);
1735 }
1736 break;
1737 }
1738 }
1739 if (!nr && ((opts & OPT_TAIL) || devices))
1740 sleep(1);
1741 }
1742 return(0);
1743 /* NOTREACHED */
1744 }
NetBSD on the FriendlyARM MINI2440