search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'origin/master'
[unleashed/lotheac.git] / usr / src / cmd / ipf / lib / common / printstate.c
blobb0a58abfd7b9a064192ab3492c09b328054fed70
1 /*
2 * Copyright (C) 2002 by Darren Reed.
3 *
4 * See the IPFILTER.LICENCE file for details on licencing.
5 */
6
7 #include "ipf.h"
8 #include "kmem.h"
9
10 #define PRINTF (void)printf
11 #define FPRINTF (void)fprintf
12
13 ipstate_t *printstate(sp, opts, now)
14 ipstate_t *sp;
15 int opts;
16 u_long now;
17 {
18 ipstate_t ips;
19 #ifdef IPFILTER_SYNC
20 synclist_t ipsync;
21 #endif
22
23 if (kmemcpy((char *)&ips, (u_long)sp, sizeof(ips)))
24 return NULL;
25
26 PRINTF("%s -> ", hostname(ips.is_v, &ips.is_src.in4));
27 PRINTF("%s pass %#x pr %d state %d/%d bkt %d\n",
28 hostname(ips.is_v, &ips.is_dst.in4), ips.is_pass, ips.is_p,
29 ips.is_state[0], ips.is_state[1], ips.is_hv);
30 PRINTF("\ttag %u ttl %lu", ips.is_tag, ips.is_die - now);
31
32 if (ips.is_p == IPPROTO_TCP) {
33 PRINTF("\n\t%hu -> %hu %x:%x %hu<<%d:%hu<<%d\n",
34 ntohs(ips.is_sport), ntohs(ips.is_dport),
35 ips.is_send, ips.is_dend,
36 ips.is_maxswin, ips.is_swinscale,
37 ips.is_maxdwin, ips.is_dwinscale);
38 PRINTF("\tcmsk %04x smsk %04x isc %p s0 %08x/%08x\n",
39 ips.is_smsk[0], ips.is_smsk[1], ips.is_isc,
40 ips.is_s0[0], ips.is_s0[1]);
41 PRINTF("\tFWD:ISN inc %x sumd %x\n",
42 ips.is_isninc[0], ips.is_sumd[0]);
43 PRINTF("\tREV:ISN inc %x sumd %x\n",
44 ips.is_isninc[1], ips.is_sumd[1]);
45 #ifdef IPFILTER_SCAN
46 PRINTF("\tsbuf[0] [");
47 printsbuf(ips.is_sbuf[0]);
48 PRINTF("] sbuf[1] [");
49 printsbuf(ips.is_sbuf[1]);
50 PRINTF("]\n");
51 #endif
52 } else if (ips.is_p == IPPROTO_UDP) {
53 PRINTF(" %hu -> %hu\n", ntohs(ips.is_sport),
54 ntohs(ips.is_dport));
55 } else if (ips.is_p == IPPROTO_GRE) {
56 PRINTF(" call %hx/%hx\n", ntohs(ips.is_gre.gs_call[0]),
57 ntohs(ips.is_gre.gs_call[1]));
58 } else if (ips.is_p == IPPROTO_ICMP
59 #ifdef USE_INET6
60 || ips.is_p == IPPROTO_ICMPV6
61 #endif
62 )
63 PRINTF(" id %hu seq %hu type %d\n", ntohs(ips.is_icmp.ici_id),
64 ntohs(ips.is_icmp.ici_seq), ips.is_icmp.ici_type);
65
66 #ifdef USE_QUAD_T
67 PRINTF("\tforward: pkts in %qd bytes in %qd pkts out %qd bytes out %qd\n\tbackward: pkts in %qd bytes in %qd pkts out %qd bytes out %qd\n",
68 ips.is_pkts[0], ips.is_bytes[0],
69 ips.is_pkts[1], ips.is_bytes[1],
70 ips.is_pkts[2], ips.is_bytes[2],
71 ips.is_pkts[3], ips.is_bytes[3]);
72 #else
73 PRINTF("\tforward: pkts in %ld bytes in %ld pkts out %ld bytes out %ld\n\tbackward: pkts in %ld bytes in %ld pkts out %ld bytes out %ld\n",
74 ips.is_pkts[0], ips.is_bytes[0],
75 ips.is_pkts[1], ips.is_bytes[1],
76 ips.is_pkts[2], ips.is_bytes[2],
77 ips.is_pkts[3], ips.is_bytes[3]);
78 #endif
79
80 PRINTF("\t");
81
82 /*
83 * Print out bits set in the result code for the state being
84 * kept as they would for a rule.
85 */
86 if (FR_ISPASS(ips.is_pass)) {
87 PRINTF("pass");
88 } else if (FR_ISBLOCK(ips.is_pass)) {
89 PRINTF("block");
90 switch (ips.is_pass & FR_RETMASK)
91 {
92 case FR_RETICMP :
93 PRINTF(" return-icmp");
94 break;
95 case FR_FAKEICMP :
96 PRINTF(" return-icmp-as-dest");
97 break;
98 case FR_RETRST :
99 PRINTF(" return-rst");
100 break;
101 default :
102 break;
103 }
104 } else if ((ips.is_pass & FR_LOGMASK) == FR_LOG) {
105 PRINTF("log");
106 if (ips.is_pass & FR_LOGBODY)
107 PRINTF(" body");
108 if (ips.is_pass & FR_LOGFIRST)
109 PRINTF(" first");
110 } else if (FR_ISACCOUNT(ips.is_pass)) {
111 PRINTF("count");
112 } else if (FR_ISPREAUTH(ips.is_pass)) {
113 PRINTF("preauth");
114 } else if (FR_ISAUTH(ips.is_pass))
115 PRINTF("auth");
116
117 if (ips.is_pass & FR_OUTQUE)
118 PRINTF(" out");
119 else
120 PRINTF(" in");
121
122 if ((ips.is_pass & FR_LOG) != 0) {
123 PRINTF(" log");
124 if (ips.is_pass & FR_LOGBODY)
125 PRINTF(" body");
126 if (ips.is_pass & FR_LOGFIRST)
127 PRINTF(" first");
128 if (ips.is_pass & FR_LOGORBLOCK)
129 PRINTF(" or-block");
130 }
131 if (ips.is_pass & FR_QUICK)
132 PRINTF(" quick");
133 if (ips.is_pass & FR_KEEPFRAG)
134 PRINTF(" keep frags");
135 /* a given; no? */
136 if (ips.is_pass & FR_KEEPSTATE) {
137 PRINTF(" keep state");
138 if (ips.is_pass & FR_STATESYNC)
139 PRINTF(" ( sync )");
140 }
141 PRINTF("\tIPv%d", ips.is_v);
142 PRINTF("\n");
143
144 PRINTF("\tpkt_flags & %x(%x) = %x,\t",
145 ips.is_flags & 0xf, ips.is_flags,
146 ips.is_flags >> 4);
147 PRINTF("\tpkt_options & %x = %x, %x = %x \n", ips.is_optmsk[0],
148 ips.is_opt[0], ips.is_optmsk[1], ips.is_opt[1]);
149 PRINTF("\tpkt_security & %x = %x, pkt_auth & %x = %x\n",
150 ips.is_secmsk, ips.is_sec, ips.is_authmsk,
151 ips.is_auth);
152 PRINTF("\tis_flx %#x %#x %#x %#x\n", ips.is_flx[0][0], ips.is_flx[0][1],
153 ips.is_flx[1][0], ips.is_flx[1][1]);
154 PRINTF("\tinterfaces: in %s[%s", getifname(ips.is_ifp[0]),
155 ips.is_ifname[0]);
156 if (opts & OPT_DEBUG)
157 PRINTF("/%p", ips.is_ifp[0]);
158 putchar(']');
159 PRINTF(",%s[%s", getifname(ips.is_ifp[1]), ips.is_ifname[1]);
160 if (opts & OPT_DEBUG)
161 PRINTF("/%p", ips.is_ifp[1]);
162 putchar(']');
163 PRINTF(" out %s[%s", getifname(ips.is_ifp[2]), ips.is_ifname[2]);
164 if (opts & OPT_DEBUG)
165 PRINTF("/%p", ips.is_ifp[2]);
166 putchar(']');
167 PRINTF(",%s[%s", getifname(ips.is_ifp[3]), ips.is_ifname[3]);
168 if (opts & OPT_DEBUG)
169 PRINTF("/%p", ips.is_ifp[3]);
170 PRINTF("]\n");
171
172 #ifdef IPFILTER_SYNC
173 if (ips.is_sync != NULL) {
174
175 if (kmemcpy((char *)&ipsync, (u_long)ips.is_sync, sizeof(ipsync))) {
176
177 PRINTF("\tSync status: status could not be retrieved\n");
178 return NULL;
179 }
180
181 PRINTF("\tSync status: idx %d num %d v %d pr %d rev %d\n",
182 ipsync.sl_idx, ipsync.sl_num, ipsync.sl_v,
183 ipsync.sl_p, ipsync.sl_rev);
184
185 } else {
186 PRINTF("\tSync status: not synchronized\n");
187 }
188 #endif
189
190 return ips.is_next;
191 }