search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'origin/master'
[unleashed/lotheac.git] / usr / src / cmd / ipf / tools / ipmon.c
blobde80c0a7acde4809e546b027b81a518ac8a412a8
1 /*
2 * Copyright (C) 2001-2008 by Darren Reed.
3 *
4 * See the IPFILTER.LICENCE file for details on licencing.
5 *
6 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
7 * Use is subject to license terms.
8 *
9 * Copyright (c) 2014, Joyent, Inc. All rights reserved.
10 */
11
12 #ifdef SOLARIS
13 #undef SOLARIS
14 #endif
15 #if (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
16 #define SOLARIS (1)
17 #else
18 #define SOLARIS (0)
19 #endif
20
21 #include <sys/types.h>
22 #include <sys/stat.h>
23 #include <sys/param.h>
24 #include <sys/file.h>
25 #include <sys/time.h>
26 #define _KERNEL
27 #include <sys/uio.h>
28 #undef _KERNEL
29 #include <sys/socket.h>
30 #include <sys/ioctl.h>
31
32 #include <stdio.h>
33 #include <unistd.h>
34 #include <string.h>
35 #include <fcntl.h>
36 #include <errno.h>
37 #include <time.h>
38 #if !defined(__SVR4) && !defined(__svr4__)
39 # if (__FreeBSD_version >= 300000)
40 # include <sys/dirent.h>
41 # else
42 # include <sys/dir.h>
43 # endif
44 #else
45 # include <sys/filio.h>
46 # include <sys/byteorder.h>
47 #endif
48 #if !defined(__hpux) && (!defined(__SVR4) && !defined(__GNUC__))
49 # include <strings.h>
50 #endif
51 #include <signal.h>
52 #include <stdlib.h>
53 #include <stddef.h>
54 #include <netinet/in.h>
55 #include <netinet/in_systm.h>
56 #include <net/if.h>
57 #include <netinet/ip.h>
58 #if !defined(__hpux) && !defined(linux)
59 # include <netinet/tcp_fsm.h>
60 #endif
61 #include <netdb.h>
62 #include <arpa/inet.h>
63 #include <arpa/nameser.h>
64 #ifdef __hpux
65 # undef NOERROR
66 #endif
67 #include <resolv.h>
68
69 #if !defined(linux)
70 # include <sys/protosw.h>
71 # include <netinet/ip_var.h>
72 #endif
73
74 #include <netinet/tcp.h>
75 #include <netinet/ip_icmp.h>
76
77 #include <ctype.h>
78 #include <syslog.h>
79
80 #include "netinet/ip_compat.h"
81 #include <netinet/tcpip.h>
82 #include "netinet/ip_fil.h"
83 #include "netinet/ip_nat.h"
84 #include "netinet/ip_state.h"
85 #include "netinet/ip_proxy.h"
86 #include "ipmon.h"
87 #include "ipfzone.h"
88
89 static const char sccsid[] = "@(#)ipmon.c 1.21 6/5/96 (C)1993-2000 Darren Reed";
90 static const char rcsid[] = "@(#)$Id: ipmon.c,v 1.33.2.10 2005/06/18 02:41:35 darrenr Exp $";
91
92
93 #if defined(sun) && !defined(SOLARIS2)
94 #define STRERROR(x) sys_errlist[x]
95 extern char *sys_errlist[];
96 #else
97 #define STRERROR(x) strerror(x)
98 #endif
99
100
101 struct flags {
102 int value;
103 char flag;
104 };
105
106
107 typedef struct icmp_subtype {
108 int ist_val;
109 char *ist_name;
110 } icmp_subtype_t;
111
112 typedef struct icmp_type {
113 int it_val;
114 struct icmp_subtype *it_subtable;
115 size_t it_stsize;
116 char *it_name;
117 } icmp_type_t;
118
119
120 #define IST_SZ(x) (sizeof(x)/sizeof(icmp_subtype_t))
121
122
123 struct flags tcpfl[] = {
124 { TH_ACK, 'A' },
125 { TH_RST, 'R' },
126 { TH_SYN, 'S' },
127 { TH_FIN, 'F' },
128 { TH_URG, 'U' },
129 { TH_PUSH,'P' },
130 { TH_ECN, 'E' },
131 { TH_CWR, 'C' },
132 { 0, '\0' }
133 };
134
135 #if defined(__hpux) || (defined(SOLARIS) && (SOLARIS2 < 10))
136 static char *pidfile = "/etc/ipf/ipmon.pid";
137 #else
138 # if (BSD >= 199306) || defined(SOLARIS)
139 static char *pidfile = "/var/run/ipmon.pid";
140 # else
141 static char *pidfile = "/etc/ipmon.pid";
142 # endif
143 #endif
144
145 static char line[2048];
146 static int opts = 0;
147 static char *logfile = NULL;
148 static FILE *binarylog = NULL;
149 static char *binarylogfile = NULL;
150 static int donehup = 0;
151 static void usage __P((char *));
152 static void handlehup __P((int));
153 static void flushlogs __P((char *, FILE *));
154 static void print_log __P((int, FILE *, char *, int));
155 static void print_ipflog __P((FILE *, char *, int));
156 static void print_natlog __P((FILE *, char *, int));
157 static void print_statelog __P((FILE *, char *, int));
158 static int read_log __P((int, int *, char *, int));
159 static void write_pid __P((char *));
160 static char *icmpname __P((u_int, u_int));
161 static char *icmpname6 __P((u_int, u_int));
162 static icmp_type_t *find_icmptype __P((int, icmp_type_t *, size_t));
163 static icmp_subtype_t *find_icmpsubtype __P((int, icmp_subtype_t *, size_t));
164 #ifdef __hpux
165 static struct tm *get_tm __P((u_32_t));
166 #else
167 static struct tm *get_tm __P((time_t));
168 #endif
169
170 char *hostname __P((int, int, u_32_t *));
171 char *portname __P((int, char *, u_int));
172 int main __P((int, char *[]));
173
174 static void logopts __P((int, char *));
175 static void init_tabs __P((void));
176 static char *getproto __P((u_int));
177
178 static char **protocols = NULL;
179 static char **udp_ports = NULL;
180 static char **tcp_ports = NULL;
181 static char *conf_file = NULL;
182
183
184 #define OPT_SYSLOG 0x001
185 #define OPT_RESOLVE 0x002
186 #define OPT_HEXBODY 0x004
187 #define OPT_VERBOSE 0x008
188 #define OPT_HEXHDR 0x010
189 #define OPT_TAIL 0x020
190 #define OPT_NAT 0x080
191 #define OPT_STATE 0x100
192 #define OPT_FILTER 0x200
193 #define OPT_PORTNUM 0x400
194 #define OPT_LOGALL (OPT_NAT|OPT_STATE|OPT_FILTER)
195 #define OPT_LOGBODY 0x800
196
197 #define HOSTNAME_V4(a,b) hostname((a), 4, (u_32_t *)&(b))
198
199 #ifndef LOGFAC
200 #define LOGFAC LOG_LOCAL0
201 #endif
202
203
204 static icmp_subtype_t icmpunreachnames[] = {
205 { ICMP_UNREACH_NET, "net" },
206 { ICMP_UNREACH_HOST, "host" },
207 { ICMP_UNREACH_PROTOCOL, "protocol" },
208 { ICMP_UNREACH_PORT, "port" },
209 { ICMP_UNREACH_NEEDFRAG, "needfrag" },
210 { ICMP_UNREACH_SRCFAIL, "srcfail" },
211 { ICMP_UNREACH_NET_UNKNOWN, "net_unknown" },
212 { ICMP_UNREACH_HOST_UNKNOWN, "host_unknown" },
213 { ICMP_UNREACH_NET, "isolated" },
214 { ICMP_UNREACH_NET_PROHIB, "net_prohib" },
215 { ICMP_UNREACH_NET_PROHIB, "host_prohib" },
216 { ICMP_UNREACH_TOSNET, "tosnet" },
217 { ICMP_UNREACH_TOSHOST, "toshost" },
218 { ICMP_UNREACH_ADMIN_PROHIBIT, "admin_prohibit" },
219 { -2, NULL }
220 };
221
222 static icmp_subtype_t redirectnames[] = {
223 { ICMP_REDIRECT_NET, "net" },
224 { ICMP_REDIRECT_HOST, "host" },
225 { ICMP_REDIRECT_TOSNET, "tosnet" },
226 { ICMP_REDIRECT_TOSHOST, "toshost" },
227 { -2, NULL }
228 };
229
230 static icmp_subtype_t timxceednames[] = {
231 { ICMP_TIMXCEED_INTRANS, "transit" },
232 { ICMP_TIMXCEED_REASS, "reassem" },
233 { -2, NULL }
234 };
235
236 static icmp_subtype_t paramnames[] = {
237 { ICMP_PARAMPROB_ERRATPTR, "errata_pointer" },
238 { ICMP_PARAMPROB_OPTABSENT, "optmissing" },
239 { ICMP_PARAMPROB_LENGTH, "length" },
240 { -2, NULL }
241 };
242
243 static icmp_type_t icmptypes[] = {
244 { ICMP_ECHOREPLY, NULL, 0, "echoreply" },
245 { -1, NULL, 0, NULL },
246 { -1, NULL, 0, NULL },
247 { ICMP_UNREACH, icmpunreachnames,
248 IST_SZ(icmpunreachnames),"unreach" },
249 { ICMP_SOURCEQUENCH, NULL, 0, "sourcequench" },
250 { ICMP_REDIRECT, redirectnames,
251 IST_SZ(redirectnames), "redirect" },
252 { -1, NULL, 0, NULL },
253 { -1, NULL, 0, NULL },
254 { ICMP_ECHO, NULL, 0, "echo" },
255 { ICMP_ROUTERADVERT, NULL, 0, "routeradvert" },
256 { ICMP_ROUTERSOLICIT, NULL, 0, "routersolicit" },
257 { ICMP_TIMXCEED, timxceednames,
258 IST_SZ(timxceednames), "timxceed" },
259 { ICMP_PARAMPROB, paramnames,
260 IST_SZ(paramnames), "paramprob" },
261 { ICMP_TSTAMP, NULL, 0, "timestamp" },
262 { ICMP_TSTAMPREPLY, NULL, 0, "timestampreply" },
263 { ICMP_IREQ, NULL, 0, "inforeq" },
264 { ICMP_IREQREPLY, NULL, 0, "inforeply" },
265 { ICMP_MASKREQ, NULL, 0, "maskreq" },
266 { ICMP_MASKREPLY, NULL, 0, "maskreply" },
267 { -2, NULL, 0, NULL }
268 };
269
270 static icmp_subtype_t icmpredirect6[] = {
271 { ICMP6_DST_UNREACH_NOROUTE, "noroute" },
272 { ICMP6_DST_UNREACH_ADMIN, "admin" },
273 { ICMP6_DST_UNREACH_NOTNEIGHBOR, "neighbour" },
274 { ICMP6_DST_UNREACH_ADDR, "address" },
275 { ICMP6_DST_UNREACH_NOPORT, "noport" },
276 { -2, NULL }
277 };
278
279 static icmp_subtype_t icmptimexceed6[] = {
280 { ICMP6_TIME_EXCEED_TRANSIT, "intransit" },
281 { ICMP6_TIME_EXCEED_REASSEMBLY, "reassem" },
282 { -2, NULL }
283 };
284
285 static icmp_subtype_t icmpparamprob6[] = {
286 { ICMP6_PARAMPROB_HEADER, "header" },
287 { ICMP6_PARAMPROB_NEXTHEADER, "nextheader" },
288 { ICMP6_PARAMPROB_OPTION, "option" },
289 { -2, NULL }
290 };
291
292 static icmp_subtype_t icmpquerysubject6[] = {
293 { ICMP6_NI_SUBJ_IPV6, "ipv6" },
294 { ICMP6_NI_SUBJ_FQDN, "fqdn" },
295 { ICMP6_NI_SUBJ_IPV4, "ipv4" },
296 { -2, NULL },
297 };
298
299 static icmp_subtype_t icmpnodeinfo6[] = {
300 { ICMP6_NI_SUCCESS, "success" },
301 { ICMP6_NI_REFUSED, "refused" },
302 { ICMP6_NI_UNKNOWN, "unknown" },
303 { -2, NULL }
304 };
305
306 static icmp_subtype_t icmprenumber6[] = {
307 { ICMP6_ROUTER_RENUMBERING_COMMAND, "command" },
308 { ICMP6_ROUTER_RENUMBERING_RESULT, "result" },
309 { ICMP6_ROUTER_RENUMBERING_SEQNUM_RESET, "seqnum_reset" },
310 { -2, NULL }
311 };
312
313 static icmp_type_t icmptypes6[] = {
314 { 0, NULL, 0, NULL },
315 { ICMP6_DST_UNREACH, icmpredirect6,
316 IST_SZ(icmpredirect6), "unreach" },
317 { ICMP6_PACKET_TOO_BIG, NULL, 0, "toobig" },
318 { ICMP6_TIME_EXCEEDED, icmptimexceed6,
319 IST_SZ(icmptimexceed6), "timxceed" },
320 { ICMP6_PARAM_PROB, icmpparamprob6,
321 IST_SZ(icmpparamprob6), "paramprob" },
322 { ICMP6_ECHO_REQUEST, NULL, 0, "echo" },
323 { ICMP6_ECHO_REPLY, NULL, 0, "echoreply" },
324 { ICMP6_MEMBERSHIP_QUERY, icmpquerysubject6,
325 IST_SZ(icmpquerysubject6), "groupmemberquery" },
326 { ICMP6_MEMBERSHIP_REPORT,NULL, 0, "groupmemberreport" },
327 { ICMP6_MEMBERSHIP_REDUCTION,NULL, 0, "groupmemberterm" },
328 { ND_ROUTER_SOLICIT, NULL, 0, "routersolicit" },
329 { ND_ROUTER_ADVERT, NULL, 0, "routeradvert" },
330 { ND_NEIGHBOR_SOLICIT, NULL, 0, "neighborsolicit" },
331 { ND_NEIGHBOR_ADVERT, NULL, 0, "neighboradvert" },
332 { ND_REDIRECT, NULL, 0, "redirect" },
333 { ICMP6_ROUTER_RENUMBERING, icmprenumber6,
334 IST_SZ(icmprenumber6), "routerrenumber" },
335 { ICMP6_WRUREQUEST, NULL, 0, "whoareyourequest" },
336 { ICMP6_WRUREPLY, NULL, 0, "whoareyoureply" },
337 { ICMP6_FQDN_QUERY, NULL, 0, "fqdnquery" },
338 { ICMP6_FQDN_REPLY, NULL, 0, "fqdnreply" },
339 { ICMP6_NI_QUERY, icmpnodeinfo6,
340 IST_SZ(icmpnodeinfo6), "nodeinforequest" },
341 { ICMP6_NI_REPLY, NULL, 0, "nodeinforeply" },
342 { MLD6_MTRACE_RESP, NULL, 0, "mtraceresponse" },
343 { MLD6_MTRACE, NULL, 0, "mtracerequest" },
344 { -2, NULL, 0, NULL }
345 };
346
347 static icmp_subtype_t *find_icmpsubtype(type, table, tablesz)
348 int type;
349 icmp_subtype_t *table;
350 size_t tablesz;
351 {
352 icmp_subtype_t *ist;
353 int i;
354
355 if (tablesz < 2)
356 return NULL;
357
358 if ((type < 0) || (type > table[tablesz - 2].ist_val))
359 return NULL;
360
361 i = type;
362 if (table[type].ist_val == type)
363 return table + type;
364
365 for (i = 0, ist = table; ist->ist_val != -2; i++, ist++)
366 if (ist->ist_val == type)
367 return ist;
368 return NULL;
369 }
370
371
372 static icmp_type_t *find_icmptype(type, table, tablesz)
373 int type;
374 icmp_type_t *table;
375 size_t tablesz;
376 {
377 icmp_type_t *it;
378 int i;
379
380 if (tablesz < 2)
381 return NULL;
382
383 if ((type < 0) || (type > table[tablesz - 2].it_val))
384 return NULL;
385
386 i = type;
387 if (table[type].it_val == type)
388 return table + type;
389
390 for (i = 0, it = table; it->it_val != -2; i++, it++)
391 if (it->it_val == type)
392 return it;
393 return NULL;
394 }
395
396
397 static void handlehup(sig)
398 int sig;
399 {
400 signal(SIGHUP, handlehup);
401 donehup = 1;
402 }
403
404
405 static void init_tabs()
406 {
407 struct protoent *p;
408 struct servent *s;
409 char *name, **tab;
410 int port, i;
411
412 if (protocols != NULL) {
413 for (i = 0; i < 256; i++)
414 if (protocols[i] != NULL) {
415 free(protocols[i]);
416 protocols[i] = NULL;
417 }
418 free(protocols);
419 protocols = NULL;
420 }
421 protocols = (char **)malloc(256 * sizeof(*protocols));
422 if (protocols != NULL) {
423 bzero((char *)protocols, 256 * sizeof(*protocols));
424
425 setprotoent(1);
426 while ((p = getprotoent()) != NULL)
427 if (p->p_proto >= 0 && p->p_proto <= 255 &&
428 p->p_name != NULL && protocols[p->p_proto] == NULL)
429 protocols[p->p_proto] = strdup(p->p_name);
430 endprotoent();
431 #if defined(_AIX51)
432 free(protocols[0]);
433 free(protocols[252]);
434 protocols[0] = "ip";
435 protocols[252] = NULL;
436 #endif
437 }
438
439 if (udp_ports != NULL) {
440 for (i = 0; i < 65536; i++)
441 if (udp_ports[i] != NULL) {
442 free(udp_ports[i]);
443 udp_ports[i] = NULL;
444 }
445 free(udp_ports);
446 udp_ports = NULL;
447 }
448 udp_ports = (char **)malloc(65536 * sizeof(*udp_ports));
449 if (udp_ports != NULL)
450 bzero((char *)udp_ports, 65536 * sizeof(*udp_ports));
451
452 if (tcp_ports != NULL) {
453 for (i = 0; i < 65536; i++)
454 if (tcp_ports[i] != NULL) {
455 free(tcp_ports[i]);
456 tcp_ports[i] = NULL;
457 }
458 free(tcp_ports);
459 tcp_ports = NULL;
460 }
461 tcp_ports = (char **)malloc(65536 * sizeof(*tcp_ports));
462 if (tcp_ports != NULL)
463 bzero((char *)tcp_ports, 65536 * sizeof(*tcp_ports));
464
465 setservent(1);
466 while ((s = getservent()) != NULL) {
467 if (s->s_proto == NULL)
468 continue;
469 else if (!strcmp(s->s_proto, "tcp")) {
470 port = ntohs(s->s_port);
471 name = s->s_name;
472 tab = tcp_ports;
473 } else if (!strcmp(s->s_proto, "udp")) {
474 port = ntohs(s->s_port);
475 name = s->s_name;
476 tab = udp_ports;
477 } else
478 continue;
479 if ((port < 0 || port > 65535) || (name == NULL))
480 continue;
481 if (tab != NULL)
482 tab[port] = strdup(name);
483 }
484 endservent();
485 }
486
487
488 static char *getproto(p)
489 u_int p;
490 {
491 static char pnum[4];
492 char *s;
493
494 p &= 0xff;
495 s = protocols ? protocols[p] : NULL;
496 if (s == NULL) {
497 sprintf(pnum, "%u", p);
498 s = pnum;
499 }
500 return s;
501 }
502
503
504 static int read_log(fd, lenp, buf, bufsize)
505 int fd, bufsize, *lenp;
506 char *buf;
507 {
508 int nr;
509
510 nr = read(fd, buf, bufsize);
511 if (!nr)
512 return 2;
513 if ((nr < 0) && (errno != EINTR))
514 return -1;
515 *lenp = nr;
516 return 0;
517 }
518
519
520 char *hostname(res, v, ip)
521 int res, v;
522 u_32_t *ip;
523 {
524 # define MAX_INETA 16
525 static char hname[MAXHOSTNAMELEN + MAX_INETA + 3];
526 #ifdef USE_INET6
527 static char hostbuf[MAXHOSTNAMELEN+1];
528 #endif
529 struct hostent *hp;
530 struct in_addr ipa;
531
532 if (v == 4) {
533 ipa.s_addr = *ip;
534 if (!res)
535 return inet_ntoa(ipa);
536 hp = gethostbyaddr((char *)ip, sizeof(*ip), AF_INET);
537 if (!hp)
538 return inet_ntoa(ipa);
539 sprintf(hname, "%.*s[%s]", MAXHOSTNAMELEN, hp->h_name,
540 inet_ntoa(ipa));
541 return hname;
542 }
543 #ifdef USE_INET6
544 (void) inet_ntop(AF_INET6, ip, hostbuf, sizeof(hostbuf) - 1);
545 hostbuf[MAXHOSTNAMELEN] = '\0';
546 return hostbuf;
547 #else
548 return "IPv6";
549 #endif
550 }
551
552
553 char *portname(res, proto, port)
554 int res;
555 char *proto;
556 u_int port;
557 {
558 static char pname[8];
559 char *s;
560
561 port = ntohs(port);
562 port &= 0xffff;
563 (void) sprintf(pname, "%u", port);
564 if (!res || (opts & OPT_PORTNUM))
565 return pname;
566 s = NULL;
567 if (!strcmp(proto, "tcp"))
568 s = tcp_ports[port];
569 else if (!strcmp(proto, "udp"))
570 s = udp_ports[port];
571 if (s == NULL)
572 s = pname;
573 return s;
574 }
575
576
577 static char *icmpname(type, code)
578 u_int type;
579 u_int code;
580 {
581 static char name[80];
582 icmp_subtype_t *ist;
583 icmp_type_t *it;
584 char *s;
585
586 s = NULL;
587 it = find_icmptype(type, icmptypes, sizeof(icmptypes) / sizeof(*it));
588 if (it != NULL)
589 s = it->it_name;
590
591 if (s == NULL)
592 sprintf(name, "icmptype(%d)/", type);
593 else
594 sprintf(name, "%s/", s);
595
596 ist = NULL;
597 if (it != NULL && it->it_subtable != NULL)
598 ist = find_icmpsubtype(code, it->it_subtable, it->it_stsize);
599
600 if (ist != NULL && ist->ist_name != NULL)
601 strcat(name, ist->ist_name);
602 else
603 sprintf(name + strlen(name), "%d", code);
604
605 return name;
606 }
607
608 static char *icmpname6(type, code)
609 u_int type;
610 u_int code;
611 {
612 static char name[80];
613 icmp_subtype_t *ist;
614 icmp_type_t *it;
615 char *s;
616
617 s = NULL;
618 it = find_icmptype(type, icmptypes6, sizeof(icmptypes6) / sizeof(*it));
619 if (it != NULL)
620 s = it->it_name;
621
622 if (s == NULL)
623 sprintf(name, "icmpv6type(%d)/", type);
624 else
625 sprintf(name, "%s/", s);
626
627 ist = NULL;
628 if (it != NULL && it->it_subtable != NULL)
629 ist = find_icmpsubtype(code, it->it_subtable, it->it_stsize);
630
631 if (ist != NULL && ist->ist_name != NULL)
632 strcat(name, ist->ist_name);
633 else
634 sprintf(name + strlen(name), "%d", code);
635
636 return name;
637 }
638
639
640 void dumphex(log, dopts, buf, len)
641 FILE *log;
642 int dopts;
643 char *buf;
644 int len;
645 {
646 char hline[80];
647 int i, j, k;
648 u_char *s = (u_char *)buf, *t = (u_char *)hline;
649
650 if (buf == NULL || len == 0)
651 return;
652
653 *hline = '\0';
654
655 for (i = len, j = 0; i; i--, j++, s++) {
656 if (j && !(j & 0xf)) {
657 *t++ = '\n';
658 *t = '\0';
659 if (!(dopts & OPT_SYSLOG))
660 fputs(hline, log);
661 else
662 syslog(LOG_INFO, "%s", hline);
663 t = (u_char *)hline;
664 *t = '\0';
665 }
666 sprintf((char *)t, "%02x", *s & 0xff);
667 t += 2;
668 if (!((j + 1) & 0xf)) {
669 s -= 15;
670 sprintf((char *)t, " ");
671 t += 8;
672 for (k = 16; k; k--, s++)
673 *t++ = (ISPRINT(*s) ? *s : '.');
674 s--;
675 }
676
677 if ((j + 1) & 0xf)
678 *t++ = ' ';;
679 }
680
681 if (j & 0xf) {
682 for (k = 16 - (j & 0xf); k; k--) {
683 *t++ = ' ';
684 *t++ = ' ';
685 *t++ = ' ';
686 }
687 sprintf((char *)t, " ");
688 t += 7;
689 s -= j & 0xf;
690 for (k = j & 0xf; k; k--, s++)
691 *t++ = (ISPRINT(*s) ? *s : '.');
692 *t++ = '\n';
693 *t = '\0';
694 }
695 if (!(dopts & OPT_SYSLOG)) {
696 fputs(hline, log);
697 fflush(log);
698 } else
699 syslog(LOG_INFO, "%s", hline);
700 }
701
702
703 static struct tm *get_tm(sec)
704 #ifdef __hpux
705 u_32_t sec;
706 #else
707 time_t sec;
708 #endif
709 {
710 struct tm *tm;
711 time_t t;
712
713 t = sec;
714 tm = localtime(&t);
715 return tm;
716 }
717
718 static void print_natlog(log, buf, blen)
719 FILE *log;
720 char *buf;
721 int blen;
722 {
723 struct natlog *nl;
724 iplog_t *ipl = (iplog_t *)buf;
725 char *t = line;
726 struct tm *tm;
727 int res, i, len;
728 char *proto;
729
730 nl = (struct natlog *)((char *)ipl + sizeof(*ipl));
731 res = (opts & OPT_RESOLVE) ? 1 : 0;
732 tm = get_tm(ipl->ipl_sec);
733 len = sizeof(line);
734 if (!(opts & OPT_SYSLOG)) {
735 (void) strftime(t, len, "%d/%m/%Y ", tm);
736 i = strlen(t);
737 len -= i;
738 t += i;
739 }
740 (void) strftime(t, len, "%T", tm);
741 t += strlen(t);
742 (void) sprintf(t, ".%-.6ld @%hd ", ipl->ipl_usec, nl->nlg_rule + 1);
743 t += strlen(t);
744
745 if (nl->nlg_type == NL_NEWMAP)
746 strcpy(t, "NAT:MAP ");
747 else if (nl->nlg_type == NL_NEWRDR)
748 strcpy(t, "NAT:RDR ");
749 else if (nl->nlg_type == NL_FLUSH)
750 strcpy(t, "NAT:FLUSH ");
751 else if (nl->nlg_type == NL_EXPIRE)
752 strcpy(t, "NAT:EXPIRE ");
753 else if (nl->nlg_type == NL_NEWBIMAP)
754 strcpy(t, "NAT:BIMAP ");
755 else if (nl->nlg_type == NL_NEWBLOCK)
756 strcpy(t, "NAT:MAPBLOCK ");
757 else if (nl->nlg_type == NL_CLONE)
758 strcpy(t, "NAT:CLONE ");
759 else
760 sprintf(t, "Type: %d ", nl->nlg_type);
761 t += strlen(t);
762
763 proto = getproto(nl->nlg_p);
764
765 (void) sprintf(t, "%s,%s <- -> ", hostname(res, nl->nlg_v,
766 (u_32_t *)&nl->nlg_inip),
767 portname(res, proto, (u_int)nl->nlg_inport));
768 t += strlen(t);
769 (void) sprintf(t, "%s,%s ", hostname(res, nl->nlg_v,
770 (u_32_t *)&nl->nlg_outip),
771 portname(res, proto, (u_int)nl->nlg_outport));
772 t += strlen(t);
773 (void) sprintf(t, "[%s,%s]", hostname(res, nl->nlg_v,
774 (u_32_t *)&nl->nlg_origip),
775 portname(res, proto, (u_int)nl->nlg_origport));
776 t += strlen(t);
777 if (nl->nlg_type == NL_EXPIRE) {
778 #ifdef USE_QUAD_T
779 (void) sprintf(t, " Pkts %qd/%qd Bytes %qd/%qd",
780 (long long)nl->nlg_pkts[0],
781 (long long)nl->nlg_pkts[1],
782 (long long)nl->nlg_bytes[0],
783 (long long)nl->nlg_bytes[1]);
784 #else
785 (void) sprintf(t, " Pkts %ld/%ld Bytes %ld/%ld",
786 nl->nlg_pkts[0], nl->nlg_pkts[1],
787 nl->nlg_bytes[0], nl->nlg_bytes[1]);
788 #endif
789 t += strlen(t);
790 }
791
792 *t++ = '\n';
793 *t++ = '\0';
794 if (opts & OPT_SYSLOG)
795 syslog(LOG_INFO, "%s", line);
796 else
797 (void) fprintf(log, "%s", line);
798 }
799
800
801 static void print_statelog(log, buf, blen)
802 FILE *log;
803 char *buf;
804 int blen;
805 {
806 struct ipslog *sl;
807 iplog_t *ipl = (iplog_t *)buf;
808 char *t = line, *proto;
809 struct tm *tm;
810 int res, i, len;
811
812 sl = (struct ipslog *)((char *)ipl + sizeof(*ipl));
813 res = (opts & OPT_RESOLVE) ? 1 : 0;
814 tm = get_tm(ipl->ipl_sec);
815 len = sizeof(line);
816 if (!(opts & OPT_SYSLOG)) {
817 (void) strftime(t, len, "%d/%m/%Y ", tm);
818 i = strlen(t);
819 len -= i;
820 t += i;
821 }
822 (void) strftime(t, len, "%T", tm);
823 t += strlen(t);
824 (void) sprintf(t, ".%-.6ld ", ipl->ipl_usec);
825 t += strlen(t);
826
827 if (sl->isl_type == ISL_NEW)
828 strcpy(t, "STATE:NEW ");
829 else if (sl->isl_type == ISL_CLONE)
830 strcpy(t, "STATE:CLONED ");
831 else if (sl->isl_type == ISL_EXPIRE) {
832 if ((sl->isl_p == IPPROTO_TCP) &&
833 (sl->isl_state[0] > IPF_TCPS_ESTABLISHED ||
834 sl->isl_state[1] > IPF_TCPS_ESTABLISHED))
835 strcpy(t, "STATE:CLOSE ");
836 else
837 strcpy(t, "STATE:EXPIRE ");
838 } else if (sl->isl_type == ISL_FLUSH)
839 strcpy(t, "STATE:FLUSH ");
840 else if (sl->isl_type == ISL_INTERMEDIATE)
841 strcpy(t, "STATE:INTERMEDIATE ");
842 else if (sl->isl_type == ISL_REMOVE)
843 strcpy(t, "STATE:REMOVE ");
844 else if (sl->isl_type == ISL_KILLED)
845 strcpy(t, "STATE:KILLED ");
846 else
847 sprintf(t, "Type: %d ", sl->isl_type);
848 t += strlen(t);
849
850 proto = getproto(sl->isl_p);
851
852 if (sl->isl_p == IPPROTO_TCP || sl->isl_p == IPPROTO_UDP) {
853 (void) sprintf(t, "%s,%s -> ",
854 hostname(res, sl->isl_v, (u_32_t *)&sl->isl_src),
855 portname(res, proto, (u_int)sl->isl_sport));
856 t += strlen(t);
857 (void) sprintf(t, "%s,%s PR %s",
858 hostname(res, sl->isl_v, (u_32_t *)&sl->isl_dst),
859 portname(res, proto, (u_int)sl->isl_dport), proto);
860 } else if (sl->isl_p == IPPROTO_ICMP) {
861 (void) sprintf(t, "%s -> ", hostname(res, sl->isl_v,
862 (u_32_t *)&sl->isl_src));
863 t += strlen(t);
864 (void) sprintf(t, "%s PR icmp %d",
865 hostname(res, sl->isl_v, (u_32_t *)&sl->isl_dst),
866 sl->isl_itype);
867 } else if (sl->isl_p == IPPROTO_ICMPV6) {
868 (void) sprintf(t, "%s -> ", hostname(res, sl->isl_v,
869 (u_32_t *)&sl->isl_src));
870 t += strlen(t);
871 (void) sprintf(t, "%s PR icmpv6 %d",
872 hostname(res, sl->isl_v, (u_32_t *)&sl->isl_dst),
873 sl->isl_itype);
874 } else {
875 (void) sprintf(t, "%s -> ",
876 hostname(res, sl->isl_v, (u_32_t *)&sl->isl_src));
877 t += strlen(t);
878 (void) sprintf(t, "%s PR %s",
879 hostname(res, sl->isl_v, (u_32_t *)&sl->isl_dst),
880 proto);
881 }
882 t += strlen(t);
883 if (sl->isl_tag != FR_NOLOGTAG) {
884 (void) sprintf(t, " tag %u", sl->isl_tag);
885 t += strlen(t);
886 }
887 if (sl->isl_type != ISL_NEW) {
888 sprintf(t,
889 #ifdef USE_QUAD_T
890 #ifdef PRId64
891 " Forward: Pkts in %" PRId64 " Bytes in %" PRId64
892 " Pkts out %" PRId64 " Bytes out %" PRId64
893 " Backward: Pkts in %" PRId64 " Bytes in %" PRId64
894 " Pkts out %" PRId64 " Bytes out %" PRId64,
895 #else
896 " Forward: Pkts in %qd Bytes in %qd Pkts out %qd Bytes out %qd Backward: Pkts in %qd Bytes in %qd Pkts out %qd Bytes out %qd",
897 #endif /* PRId64 */
898 #else
899 " Forward: Pkts in %ld Bytes in %ld Pkts out %ld Bytes out %ld Backward: Pkts in %ld Bytes in %ld Pkts out %ld Bytes out %ld",
900 #endif
901 sl->isl_pkts[0], sl->isl_bytes[0],
902 sl->isl_pkts[1], sl->isl_bytes[1],
903 sl->isl_pkts[2], sl->isl_bytes[2],
904 sl->isl_pkts[3], sl->isl_bytes[3]);
905
906 t += strlen(t);
907 }
908
909 *t++ = '\n';
910 *t++ = '\0';
911 if (opts & OPT_SYSLOG)
912 syslog(LOG_INFO, "%s", line);
913 else
914 (void) fprintf(log, "%s", line);
915 }
916
917
918 static void print_log(logtype, log, buf, blen)
919 FILE *log;
920 char *buf;
921 int logtype, blen;
922 {
923 iplog_t *ipl;
924 char *bp = NULL, *bpo = NULL;
925 int psize;
926
927 while (blen > 0) {
928 ipl = (iplog_t *)buf;
929 if ((u_long)ipl & (sizeof(long)-1)) {
930 if (bp)
931 bpo = bp;
932 bp = (char *)malloc(blen);
933 if (bp == NULL) {
934 perror("malloc");
935 exit(1);
936 }
937 bcopy((char *)ipl, bp, blen);
938 if (bpo) {
939 free(bpo);
940 bpo = NULL;
941 }
942 buf = bp;
943 continue;
944 }
945
946 psize = ipl->ipl_dsize;
947 if (psize > blen)
948 break;
949
950 if (binarylog) {
951 fwrite(buf, psize, 1, binarylog);
952 fflush(binarylog);
953 }
954
955 if (logtype == IPL_LOGIPF) {
956 if (ipl->ipl_magic == IPL_MAGIC)
957 print_ipflog(log, buf, psize);
958
959 } else if (logtype == IPL_LOGNAT) {
960 if (ipl->ipl_magic == IPL_MAGIC_NAT)
961 print_natlog(log, buf, psize);
962
963 } else if (logtype == IPL_LOGSTATE) {
964 if (ipl->ipl_magic == IPL_MAGIC_STATE)
965 print_statelog(log, buf, psize);
966 }
967
968 blen -= psize;
969 buf += psize;
970 }
971 free(bp);
972 return;
973 }
974
975
976 static void print_ipflog(log, buf, blen)
977 FILE *log;
978 char *buf;
979 int blen;
980 {
981 tcphdr_t *tp;
982 struct icmp *ic;
983 struct icmp *icmp;
984 struct tm *tm;
985 char *t, *proto;
986 int i, v, lvl, res, len, off, plen, ipoff, defaction;
987 ip_t *ipc, *ip;
988 u_32_t *s, *d;
989 u_short hl, p;
990 ipflog_t *ipf;
991 iplog_t *ipl;
992 #ifdef USE_INET6
993 ip6_t *ip6;
994 #endif
995
996 ipl = (iplog_t *)buf;
997 ipf = (ipflog_t *)((char *)buf + sizeof(*ipl));
998 ip = (ip_t *)((char *)ipf + sizeof(*ipf));
999 v = IP_V(ip);
1000 res = (opts & OPT_RESOLVE) ? 1 : 0;
1001 t = line;
1002 *t = '\0';
1003 tm = get_tm(ipl->ipl_sec);
1004
1005 len = sizeof(line);
1006 if (!(opts & OPT_SYSLOG)) {
1007 (void) strftime(t, len, "%d/%m/%Y ", tm);
1008 i = strlen(t);
1009 len -= i;
1010 t += i;
1011 }
1012 (void) strftime(t, len, "%T", tm);
1013 t += strlen(t);
1014 (void) sprintf(t, ".%-.6ld ", ipl->ipl_usec);
1015 t += strlen(t);
1016 if (ipl->ipl_count > 1) {
1017 (void) sprintf(t, "%dx ", ipl->ipl_count);
1018 t += strlen(t);
1019 }
1020 #if (defined(MENTAT) || \
1021 (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199603)) || \
1022 (defined(__FreeBSD__) && (__FreeBSD_version >= 501113)) || \
1023 (defined(OpenBSD) && (OpenBSD >= 199603))) || defined(linux)
1024 {
1025 char ifname[sizeof(ipf->fl_ifname) + 1];
1026
1027 strncpy(ifname, ipf->fl_ifname, sizeof(ipf->fl_ifname));
1028 ifname[sizeof(ipf->fl_ifname)] = '\0';
1029 (void) sprintf(t, "%s", ifname);
1030 t += strlen(t);
1031 # if defined(MENTAT) || defined(linux)
1032 if (ISALPHA(*(t - 1))) {
1033 sprintf(t, "%d", ipf->fl_unit);
1034 t += strlen(t);
1035 }
1036 # endif
1037 }
1038 #else
1039 for (len = 0; len < 3; len++)
1040 if (ipf->fl_ifname[len] == '\0')
1041 break;
1042 if (ipf->fl_ifname[len])
1043 len++;
1044 (void) sprintf(t, "%*.*s%u", len, len, ipf->fl_ifname, ipf->fl_unit);
1045 t += strlen(t);
1046 #endif
1047 #if defined(__sgi) || defined(_AIX51) || defined(__powerpc__) || \
1048 defined(__arm__)
1049 if ((ipf->fl_group[0] == 255) && (ipf->fl_group[1] == '\0'))
1050 #else
1051 if ((ipf->fl_group[0] == -1) && (ipf->fl_group[1] == '\0'))
1052 #endif
1053 strcat(t, " @-1:");
1054 else if (ipf->fl_group[0] == '\0')
1055 (void) strcpy(t, " @0:");
1056 else
1057 (void) sprintf(t, " @%s:", ipf->fl_group);
1058 t += strlen(t);
1059 if (ipf->fl_rule == 0xffffffff)
1060 strcat(t, "-1 ");
1061 else
1062 (void) sprintf(t, "%u ", ipf->fl_rule + 1);
1063 t += strlen(t);
1064
1065 lvl = LOG_NOTICE;
1066
1067 if (ipf->fl_lflags & FI_SHORT) {
1068 *t++ = 'S';
1069 lvl = LOG_ERR;
1070 }
1071
1072 if (FR_ISPASS(ipf->fl_flags)) {
1073 if (ipf->fl_flags & FR_LOGP)
1074 *t++ = 'p';
1075 else
1076 *t++ = 'P';
1077 } else if (FR_ISBLOCK(ipf->fl_flags)) {
1078 if (ipf->fl_flags & FR_LOGB)
1079 *t++ = 'b';
1080 else
1081 *t++ = 'B';
1082 lvl = LOG_WARNING;
1083 } else if ((ipf->fl_flags & FR_LOGMASK) == FR_LOG) {
1084 *t++ = 'L';
1085 lvl = LOG_INFO;
1086 } else if (ipf->fl_flags & FF_LOGNOMATCH) {
1087 *t++ = 'n';
1088 } else {
1089 *t++ = '?';
1090 lvl = LOG_EMERG;
1091 }
1092 if (ipf->fl_loglevel != 0xffff)
1093 lvl = ipf->fl_loglevel;
1094 *t++ = ' ';
1095 *t = '\0';
1096
1097 if (v == 6) {
1098 #ifdef USE_INET6
1099 off = 0;
1100 ipoff = 0;
1101 hl = sizeof(ip6_t);
1102 ip6 = (ip6_t *)ip;
1103 p = (u_short)ip6->ip6_nxt;
1104 s = (u_32_t *)&ip6->ip6_src;
1105 d = (u_32_t *)&ip6->ip6_dst;
1106 plen = hl + ntohs(ip6->ip6_plen);
1107 #else
1108 sprintf(t, "ipv6");
1109 goto printipflog;
1110 #endif
1111 } else if (v == 4) {
1112 hl = IP_HL(ip) << 2;
1113 ipoff = ip->ip_off;
1114 off = ipoff & IP_OFFMASK;
1115 p = (u_short)ip->ip_p;
1116 s = (u_32_t *)&ip->ip_src;
1117 d = (u_32_t *)&ip->ip_dst;
1118 plen = ip->ip_len;
1119 } else {
1120 goto printipflog;
1121 }
1122 proto = getproto(p);
1123
1124 if ((p == IPPROTO_TCP || p == IPPROTO_UDP) && !off) {
1125 tp = (tcphdr_t *)((char *)ip + hl);
1126 if (!(ipf->fl_lflags & FI_SHORT)) {
1127 (void) sprintf(t, "%s,%s -> ", hostname(res, v, s),
1128 portname(res, proto, (u_int)tp->th_sport));
1129 t += strlen(t);
1130 (void) sprintf(t, "%s,%s PR %s len %hu %hu",
1131 hostname(res, v, d),
1132 portname(res, proto, (u_int)tp->th_dport),
1133 proto, hl, plen);
1134 t += strlen(t);
1135
1136 if (p == IPPROTO_TCP) {
1137 *t++ = ' ';
1138 *t++ = '-';
1139 for (i = 0; tcpfl[i].value; i++)
1140 if (tp->th_flags & tcpfl[i].value)
1141 *t++ = tcpfl[i].flag;
1142 if (opts & OPT_VERBOSE) {
1143 (void) sprintf(t, " %lu %lu %hu",
1144 (u_long)(ntohl(tp->th_seq)),
1145 (u_long)(ntohl(tp->th_ack)),
1146 ntohs(tp->th_win));
1147 t += strlen(t);
1148 }
1149 }
1150 *t = '\0';
1151 } else {
1152 (void) sprintf(t, "%s -> ", hostname(res, v, s));
1153 t += strlen(t);
1154 (void) sprintf(t, "%s PR %s len %hu %hu",
1155 hostname(res, v, d), proto, hl, plen);
1156 }
1157 } else if ((p == IPPROTO_ICMPV6) && !off && (v == 6)) {
1158 ic = (struct icmp *)((char *)ip + hl);
1159 (void) sprintf(t, "%s -> ", hostname(res, v, s));
1160 t += strlen(t);
1161 (void) sprintf(t, "%s PR icmpv6 len %hu %hu icmpv6 %s",
1162 hostname(res, v, d), hl, plen,
1163 icmpname6(ic->icmp_type, ic->icmp_code));
1164 } else if ((p == IPPROTO_ICMP) && !off && (v == 4)) {
1165 ic = (struct icmp *)((char *)ip + hl);
1166 (void) sprintf(t, "%s -> ", hostname(res, v, s));
1167 t += strlen(t);
1168 (void) sprintf(t, "%s PR icmp len %hu %hu icmp %s",
1169 hostname(res, v, d), hl, plen,
1170 icmpname(ic->icmp_type, ic->icmp_code));
1171 if (ic->icmp_type == ICMP_UNREACH ||
1172 ic->icmp_type == ICMP_SOURCEQUENCH ||
1173 ic->icmp_type == ICMP_PARAMPROB ||
1174 ic->icmp_type == ICMP_REDIRECT ||
1175 ic->icmp_type == ICMP_TIMXCEED) {
1176 ipc = &ic->icmp_ip;
1177 i = ntohs(ipc->ip_len);
1178 /*
1179 * XXX - try to guess endian of ip_len in ICMP
1180 * returned data.
1181 */
1182 if (i > 1500)
1183 i = ipc->ip_len;
1184 ipoff = ntohs(ipc->ip_off);
1185 proto = getproto(ipc->ip_p);
1186
1187 if (!(ipoff & IP_OFFMASK) &&
1188 ((ipc->ip_p == IPPROTO_TCP) ||
1189 (ipc->ip_p == IPPROTO_UDP))) {
1190 tp = (tcphdr_t *)((char *)ipc + hl);
1191 t += strlen(t);
1192 (void) sprintf(t, " for %s,%s -",
1193 HOSTNAME_V4(res, ipc->ip_src),
1194 portname(res, proto,
1195 (u_int)tp->th_sport));
1196 t += strlen(t);
1197 (void) sprintf(t, " %s,%s PR %s len %hu %hu",
1198 HOSTNAME_V4(res, ipc->ip_dst),
1199 portname(res, proto,
1200 (u_int)tp->th_dport),
1201 proto, IP_HL(ipc) << 2, i);
1202 } else if (!(ipoff & IP_OFFMASK) &&
1203 (ipc->ip_p == IPPROTO_ICMP)) {
1204 icmp = (icmphdr_t *)((char *)ipc + hl);
1205
1206 t += strlen(t);
1207 (void) sprintf(t, " for %s -",
1208 HOSTNAME_V4(res, ipc->ip_src));
1209 t += strlen(t);
1210 (void) sprintf(t,
1211 " %s PR icmp len %hu %hu icmp %d/%d",
1212 HOSTNAME_V4(res, ipc->ip_dst),
1213 IP_HL(ipc) << 2, i,
1214 icmp->icmp_type, icmp->icmp_code);
1215 } else {
1216 t += strlen(t);
1217 (void) sprintf(t, " for %s -",
1218 HOSTNAME_V4(res, ipc->ip_src));
1219 t += strlen(t);
1220 (void) sprintf(t, " %s PR %s len %hu (%hu)",
1221 HOSTNAME_V4(res, ipc->ip_dst), proto,
1222 IP_HL(ipc) << 2, i);
1223 t += strlen(t);
1224 if (ipoff & IP_OFFMASK) {
1225 (void) sprintf(t,
1226 "(frag %d:%hu@%hu%s%s)",
1227 ntohs(ipc->ip_id),
1228 i - (IP_HL(ipc) << 2),
1229 (ipoff & IP_OFFMASK) << 3,
1230 ipoff & IP_MF ? "+" : "",
1231 ipoff & IP_DF ? "-" : "");
1232 }
1233 }
1234
1235 }
1236 } else {
1237 (void) sprintf(t, "%s -> ", hostname(res, v, s));
1238 t += strlen(t);
1239 (void) sprintf(t, "%s PR %s len %hu (%hu)",
1240 hostname(res, v, d), proto, hl, plen);
1241 t += strlen(t);
1242 if (off & IP_OFFMASK)
1243 (void) sprintf(t, " (frag %d:%hu@%hu%s%s)",
1244 ntohs(ip->ip_id),
1245 plen - hl, (off & IP_OFFMASK) << 3,
1246 ipoff & IP_MF ? "+" : "",
1247 ipoff & IP_DF ? "-" : "");
1248 }
1249 t += strlen(t);
1250
1251 printipflog:
1252 if (ipf->fl_flags & FR_KEEPSTATE) {
1253 (void) strcpy(t, " K-S");
1254 t += strlen(t);
1255 }
1256
1257 if (ipf->fl_flags & FR_KEEPFRAG) {
1258 (void) strcpy(t, " K-F");
1259 t += strlen(t);
1260 }
1261
1262 if (ipf->fl_dir == 0)
1263 strcpy(t, " IN");
1264 else if (ipf->fl_dir == 1)
1265 strcpy(t, " OUT");
1266 t += strlen(t);
1267 if (ipf->fl_logtag != 0) {
1268 sprintf(t, " log-tag %d", ipf->fl_logtag);
1269 t += strlen(t);
1270 }
1271 if (ipf->fl_nattag.ipt_num[0] != 0) {
1272 strcpy(t, " nat-tag ");
1273 t += strlen(t);
1274 strncpy(t, ipf->fl_nattag.ipt_tag, sizeof(ipf->fl_nattag));
1275 t += strlen(t);
1276 }
1277 if ((ipf->fl_lflags & FI_LOWTTL) != 0) {
1278 strcpy(t, " low-ttl");
1279 t += 8;
1280 }
1281 if ((ipf->fl_lflags & FI_OOW) != 0) {
1282 if (ipf->fl_lflags & FI_NEG_OOW) {
1283 strcpy(t, " NEG_OOW");
1284 t += sizeof (" NEG_OOW") - 1;
1285 } else {
1286 strcpy(t, " OOW");
1287 t += sizeof (" OOW") - 1;
1288 }
1289 }
1290 if ((ipf->fl_lflags & FI_BAD) != 0) {
1291 strcpy(t, " bad");
1292 t += 4;
1293 }
1294 if ((ipf->fl_lflags & FI_NATED) != 0) {
1295 strcpy(t, " NAT");
1296 t += 4;
1297 }
1298 if ((ipf->fl_lflags & FI_BADNAT) != 0) {
1299 strcpy(t, " bad-NAT");
1300 t += 8;
1301 }
1302 if ((ipf->fl_lflags & FI_BADSRC) != 0) {
1303 strcpy(t, " bad-src");
1304 t += 8;
1305 }
1306 if ((ipf->fl_lflags & FI_MULTICAST) != 0) {
1307 strcpy(t, " multicast");
1308 t += 10;
1309 }
1310 if ((ipf->fl_lflags & FI_BROADCAST) != 0) {
1311 strcpy(t, " broadcast");
1312 t += 10;
1313 }
1314 if ((ipf->fl_lflags & (FI_MULTICAST|FI_BROADCAST|FI_MBCAST)) ==
1315 FI_MBCAST) {
1316 strcpy(t, " mbcast");
1317 t += 7;
1318 }
1319 *t++ = '\n';
1320 *t++ = '\0';
1321 defaction = 0;
1322 if (conf_file != NULL)
1323 defaction = check_action(buf, line, opts, lvl);
1324 if (defaction == 0) {
1325 if (opts & OPT_SYSLOG)
1326 syslog(lvl, "%s", line);
1327 else
1328 (void) fprintf(log, "%s", line);
1329 if (opts & OPT_HEXHDR)
1330 dumphex(log, opts, buf,
1331 sizeof(iplog_t) + sizeof(*ipf));
1332 if (opts & OPT_HEXBODY)
1333 dumphex(log, opts, (char *)ip,
1334 ipf->fl_plen + ipf->fl_hlen);
1335 else if ((opts & OPT_LOGBODY) && (ipf->fl_flags & FR_LOGBODY))
1336 dumphex(log, opts, (char *)ip + ipf->fl_hlen,
1337 ipf->fl_plen);
1338 }
1339 }
1340
1341
1342 static void usage(prog)
1343 char *prog;
1344 {
1345 fprintf(stderr, "%s: [-abDFhnpstvxX] %s %s %s %s %s %s %s\n",
1346 prog, "[-G|-z zonename]", "[-N device]",
1347 "[ [-o [NSI]] [-O [NSI]]", "[-P pidfile]", "[-S device]",
1348 "[-f device]", "filename");
1349 exit(1);
1350 }
1351
1352
1353 static void write_pid(file)
1354 char *file;
1355 {
1356 FILE *fp = NULL;
1357 int fd;
1358
1359 if ((fd = open(file, O_CREAT|O_TRUNC|O_WRONLY, 0644)) >= 0) {
1360 fp = fdopen(fd, "w");
1361 if (fp == NULL) {
1362 close(fd);
1363 fprintf(stderr,
1364 "unable to open/create pid file: %s\n", file);
1365 return;
1366 }
1367 fprintf(fp, "%d", getpid());
1368 fclose(fp);
1369 }
1370 }
1371
1372
1373 static void flushlogs(file, log)
1374 char *file;
1375 FILE *log;
1376 {
1377 int fd, flushed = 0;
1378
1379 if ((fd = open(file, O_RDWR)) == -1) {
1380 (void) fprintf(stderr, "%s: open: %s\n",
1381 file, STRERROR(errno));
1382 exit(1);
1383 }
1384
1385 if (setzone(fd) != 0) {
1386 close(fd);
1387 exit(1);
1388 }
1389
1390 if (ioctl(fd, SIOCIPFFB, &flushed) == 0) {
1391 printf("%d bytes flushed from log buffer\n",
1392 flushed);
1393 fflush(stdout);
1394 } else
1395 perror("SIOCIPFFB");
1396 (void) close(fd);
1397
1398 if (flushed) {
1399 if (opts & OPT_SYSLOG)
1400 syslog(LOG_INFO, "%d bytes flushed from log\n",
1401 flushed);
1402 else if (log != stdout)
1403 fprintf(log, "%d bytes flushed from log\n", flushed);
1404 }
1405 }
1406
1407
1408 static void logopts(turnon, options)
1409 int turnon;
1410 char *options;
1411 {
1412 int flags = 0;
1413 char *s;
1414
1415 for (s = options; *s; s++)
1416 {
1417 switch (*s)
1418 {
1419 case 'N' :
1420 flags |= OPT_NAT;
1421 break;
1422 case 'S' :
1423 flags |= OPT_STATE;
1424 break;
1425 case 'I' :
1426 flags |= OPT_FILTER;
1427 break;
1428 default :
1429 fprintf(stderr, "Unknown log option %c\n", *s);
1430 exit(1);
1431 }
1432 }
1433
1434 if (turnon)
1435 opts |= flags;
1436 else
1437 opts &= ~(flags);
1438 }
1439
1440
1441 int main(argc, argv)
1442 int argc;
1443 char *argv[];
1444 {
1445 struct stat sb;
1446 FILE *log = stdout;
1447 FILE *fp;
1448 int fd[3], doread, n, i;
1449 int tr, nr, regular[3], c;
1450 int fdt[3], devices = 0, make_daemon = 0;
1451 char buf[DEFAULT_IPFLOGSIZE], *iplfile[3], *s;
1452 extern int optind;
1453 extern char *optarg;
1454 const char *optstr = "?abB:C:Df:G:FhnN:o:O:pP:sS:tvxXz:";
1455
1456 fd[0] = fd[1] = fd[2] = -1;
1457 fdt[0] = fdt[1] = fdt[2] = -1;
1458 iplfile[0] = IPL_NAME;
1459 iplfile[1] = IPNAT_NAME;
1460 iplfile[2] = IPSTATE_NAME;
1461
1462 /*
1463 * We need to set the zone name before calling openlog in
1464 * the switch statement below
1465 */
1466 getzoneopt(argc, argv, optstr);
1467
1468 while ((c = getopt(argc, argv, optstr)) != -1)
1469 switch (c)
1470 {
1471 case 'a' :
1472 opts |= OPT_LOGALL;
1473 fdt[0] = IPL_LOGIPF;
1474 fdt[1] = IPL_LOGNAT;
1475 fdt[2] = IPL_LOGSTATE;
1476 break;
1477 case 'b' :
1478 opts |= OPT_LOGBODY;
1479 break;
1480 case 'B' :
1481 binarylogfile = optarg;
1482 binarylog = fopen(optarg, "a");
1483 break;
1484 case 'C' :
1485 conf_file = optarg;
1486 break;
1487 case 'D' :
1488 make_daemon = 1;
1489 break;
1490 case 'f' : case 'I' :
1491 opts |= OPT_FILTER;
1492 fdt[0] = IPL_LOGIPF;
1493 iplfile[0] = optarg;
1494 break;
1495 case 'F' :
1496 flushlogs(iplfile[0], log);
1497 flushlogs(iplfile[1], log);
1498 flushlogs(iplfile[2], log);
1499 break;
1500 case 'G' :
1501 /* Already handled by getzoneopt() above */
1502 break;
1503 case 'n' :
1504 opts |= OPT_RESOLVE;
1505 break;
1506 case 'N' :
1507 opts |= OPT_NAT;
1508 fdt[1] = IPL_LOGNAT;
1509 iplfile[1] = optarg;
1510 break;
1511 case 'o' : case 'O' :
1512 logopts(c == 'o', optarg);
1513 fdt[0] = fdt[1] = fdt[2] = -1;
1514 if (opts & OPT_FILTER)
1515 fdt[0] = IPL_LOGIPF;
1516 if (opts & OPT_NAT)
1517 fdt[1] = IPL_LOGNAT;
1518 if (opts & OPT_STATE)
1519 fdt[2] = IPL_LOGSTATE;
1520 break;
1521 case 'p' :
1522 opts |= OPT_PORTNUM;
1523 break;
1524 case 'P' :
1525 pidfile = optarg;
1526 break;
1527 case 's' :
1528 s = strrchr(argv[0], '/');
1529 if (s == NULL)
1530 s = argv[0];
1531 else
1532 s++;
1533 openlog(s, LOG_NDELAY|LOG_PID, LOGFAC);
1534 s = NULL;
1535 opts |= OPT_SYSLOG;
1536 log = NULL;
1537 break;
1538 case 'S' :
1539 opts |= OPT_STATE;
1540 fdt[2] = IPL_LOGSTATE;
1541 iplfile[2] = optarg;
1542 break;
1543 case 't' :
1544 opts |= OPT_TAIL;
1545 break;
1546 case 'v' :
1547 opts |= OPT_VERBOSE;
1548 break;
1549 case 'x' :
1550 opts |= OPT_HEXBODY;
1551 break;
1552 case 'X' :
1553 opts |= OPT_HEXHDR;
1554 break;
1555 case 'z' :
1556 /* Already handled by getzoneopt() above */
1557 break;
1558 default :
1559 case 'h' :
1560 case '?' :
1561 usage(argv[0]);
1562 }
1563
1564 init_tabs();
1565 if (conf_file)
1566 if (load_config(conf_file) == -1)
1567 exit(1);
1568
1569 /*
1570 * Default action is to only open the filter log file.
1571 */
1572 if ((fdt[0] == -1) && (fdt[1] == -1) && (fdt[2] == -1))
1573 fdt[0] = IPL_LOGIPF;
1574
1575 for (i = 0; i < 3; i++) {
1576 if (fdt[i] == -1)
1577 continue;
1578 if (!strcmp(iplfile[i], "-"))
1579 fd[i] = 0;
1580 else {
1581 if ((fd[i] = open(iplfile[i], O_RDONLY)) == -1) {
1582 (void) fprintf(stderr,
1583 "%s: open: %s\n", iplfile[i],
1584 STRERROR(errno));
1585 exit(1);
1586 /* NOTREACHED */
1587 }
1588 if (fstat(fd[i], &sb) == -1) {
1589 (void) fprintf(stderr, "%d: fstat: %s\n",
1590 fd[i], STRERROR(errno));
1591 exit(1);
1592 /* NOTREACHED */
1593 }
1594
1595 if (setzone(fd[i]) != 0) {
1596 close(fd[i]);
1597 exit(1);
1598 }
1599
1600 if (!(regular[i] = !S_ISCHR(sb.st_mode)))
1601 devices++;
1602 }
1603 }
1604
1605 if (!(opts & OPT_SYSLOG)) {
1606 logfile = argv[optind];
1607 log = logfile ? fopen(logfile, "a") : stdout;
1608 if (log == NULL) {
1609 (void) fprintf(stderr, "%s: fopen: %s\n",
1610 argv[optind], STRERROR(errno));
1611 exit(1);
1612 /* NOTREACHED */
1613 }
1614 setvbuf(log, NULL, _IONBF, 0);
1615 } else
1616 log = NULL;
1617
1618 if (make_daemon && ((log != stdout) || (opts & OPT_SYSLOG))) {
1619 #if BSD >= 199306
1620 daemon(0, !(opts & OPT_SYSLOG));
1621 #else
1622 int pid;
1623 if ((pid = fork()) > 0)
1624 exit(0);
1625 if (pid < 0) {
1626 (void) fprintf(stderr, "%s: fork() failed: %s\n",
1627 argv[0], STRERROR(errno));
1628 exit(1);
1629 /* NOTREACHED */
1630 }
1631 setsid();
1632 if ((opts & OPT_SYSLOG))
1633 close(2);
1634 #endif /* !BSD */
1635 close(0);
1636 close(1);
1637 }
1638 write_pid(pidfile);
1639
1640 signal(SIGHUP, handlehup);
1641
1642 for (doread = 1; doread; ) {
1643 nr = 0;
1644
1645 for (i = 0; i < 3; i++) {
1646 tr = 0;
1647 if (fdt[i] == -1)
1648 continue;
1649 if (!regular[i]) {
1650 if (ioctl(fd[i], FIONREAD, &tr) == -1) {
1651 if (opts & OPT_SYSLOG)
1652 syslog(LOG_CRIT,
1653 "ioctl(FIONREAD): %m");
1654 else
1655 perror("ioctl(FIONREAD)");
1656 exit(1);
1657 /* NOTREACHED */
1658 }
1659 } else {
1660 tr = (lseek(fd[i], 0, SEEK_CUR) < sb.st_size);
1661 if (!tr && !(opts & OPT_TAIL))
1662 doread = 0;
1663 }
1664 if (!tr)
1665 continue;
1666 nr += tr;
1667
1668 tr = read_log(fd[i], &n, buf, sizeof(buf));
1669 if (donehup) {
1670 if (logfile && (fp = fopen(logfile, "a"))) {
1671 fclose(log);
1672 log = fp;
1673 }
1674 if (binarylogfile && (fp = fopen(binarylogfile, "a"))) {
1675 fclose(binarylog);
1676 binarylog = fp;
1677 }
1678 init_tabs();
1679 if (conf_file != NULL)
1680 load_config(conf_file);
1681 donehup = 0;
1682 }
1683
1684 switch (tr)
1685 {
1686 case -1 :
1687 if (opts & OPT_SYSLOG)
1688 syslog(LOG_CRIT, "read: %m\n");
1689 else
1690 perror("read");
1691 doread = 0;
1692 break;
1693 case 1 :
1694 if (opts & OPT_SYSLOG)
1695 syslog(LOG_CRIT, "aborting logging\n");
1696 else
1697 fprintf(log, "aborting logging\n");
1698 doread = 0;
1699 break;
1700 case 2 :
1701 break;
1702 case 0 :
1703 if (n > 0) {
1704 print_log(fdt[i], log, buf, n);
1705 if (!(opts & OPT_SYSLOG))
1706 fflush(log);
1707 }
1708 break;
1709 }
1710 }
1711 if (!nr && ((opts & OPT_TAIL) || devices))
1712 sleep(1);
1713 }
1714 return(0);
1715 /* NOTREACHED */
1716 }