Context Navigation

source: rtems-libbsd/freebsd/contrib/pf/pfctl/pf_print_state.c @ 709fbfa

4.11

Last change on this file since 709fbfa was 4831944, checked in by Christian Mauderer <Christian.Mauderer@…>, on 07/05/16 at 14:31:43
pfctl: Adapt for RTEMS.
Property mode set to `100644`
File size: 9.8 KB

Line
1	#include <machine/rtems-bsd-user-space.h>
2
3	/* $OpenBSD: pf_print_state.c,v 1.52 2008/08/12 16:40:18 david Exp $ */
4
5	/*
6	* Copyright (c) 2001 Daniel Hartmeier
7	* All rights reserved.
8	*
9	* Redistribution and use in source and binary forms, with or without
10	* modification, are permitted provided that the following conditions
11	* are met:
12	*
13	* - Redistributions of source code must retain the above copyright
14	* notice, this list of conditions and the following disclaimer.
15	* - Redistributions in binary form must reproduce the above
16	* copyright notice, this list of conditions and the following
17	* disclaimer in the documentation and/or other materials provided
18	* with the distribution.
19	*
20	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24	* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
25	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
26	* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
27	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
28	* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
30	* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31	* POSSIBILITY OF SUCH DAMAGE.
32	*
33	*/
34
35	#ifdef __rtems__
36	#include <machine/rtems-bsd-program.h>
37	#endif /* __rtems__ */
38	#include <sys/cdefs.h>
39	__FBSDID("$FreeBSD$");
40
41	#include <rtems/bsd/sys/types.h>
42	#include <sys/socket.h>
43	#ifdef __FreeBSD__
44	#include <sys/endian.h>
45	#define betoh64 be64toh
46	#endif
47	#include <net/if.h>
48	#define TCPSTATES
49	#include <netinet/tcp_fsm.h>
50	#include <net/pfvar.h>
51	#include <arpa/inet.h>
52	#include <netdb.h>
53
54	#include <stdio.h>
55	#include <string.h>
56
57	#include "pfctl_parser.h"
58	#include "pfctl.h"
59
60	void print_name(struct pf_addr *, sa_family_t);
61
62	void
63	print_addr(struct pf_addr_wrap *addr, sa_family_t af, int verbose)
64	{
65	switch (addr->type) {
66	case PF_ADDR_DYNIFTL:
67	printf("(%s", addr->v.ifname);
68	if (addr->iflags & PFI_AFLAG_NETWORK)
69	printf(":network");
70	if (addr->iflags & PFI_AFLAG_BROADCAST)
71	printf(":broadcast");
72	if (addr->iflags & PFI_AFLAG_PEER)
73	printf(":peer");
74	if (addr->iflags & PFI_AFLAG_NOALIAS)
75	printf(":0");
76	if (verbose) {
77	if (addr->p.dyncnt <= 0)
78	printf(":*");
79	else
80	printf(":%d", addr->p.dyncnt);
81	}
82	printf(")");
83	break;
84	case PF_ADDR_TABLE:
85	if (verbose)
86	if (addr->p.tblcnt == -1)
87	printf("<%s:*>", addr->v.tblname);
88	else
89	printf("<%s:%d>", addr->v.tblname,
90	addr->p.tblcnt);
91	else
92	printf("<%s>", addr->v.tblname);
93	return;
94	case PF_ADDR_RANGE: {
95	char buf[48];
96
97	if (inet_ntop(af, &addr->v.a.addr, buf, sizeof(buf)) == NULL)
98	printf("?");
99	else
100	printf("%s", buf);
101	if (inet_ntop(af, &addr->v.a.mask, buf, sizeof(buf)) == NULL)
102	printf(" - ?");
103	else
104	printf(" - %s", buf);
105	break;
106	}
107	case PF_ADDR_ADDRMASK:
108	if (PF_AZERO(&addr->v.a.addr, AF_INET6) &&
109	PF_AZERO(&addr->v.a.mask, AF_INET6))
110	printf("any");
111	else {
112	char buf[48];
113
114	if (inet_ntop(af, &addr->v.a.addr, buf,
115	sizeof(buf)) == NULL)
116	printf("?");
117	else
118	printf("%s", buf);
119	}
120	break;
121	case PF_ADDR_NOROUTE:
122	printf("no-route");
123	return;
124	case PF_ADDR_URPFFAILED:
125	printf("urpf-failed");
126	return;
127	case PF_ADDR_RTLABEL:
128	printf("route \"%s\"", addr->v.rtlabelname);
129	return;
130	default:
131	printf("?");
132	return;
133	}
134
135	/* mask if not _both_ address and mask are zero */
136	if (addr->type != PF_ADDR_RANGE &&
137	!(PF_AZERO(&addr->v.a.addr, AF_INET6) &&
138	PF_AZERO(&addr->v.a.mask, AF_INET6))) {
139	int bits = unmask(&addr->v.a.mask, af);
140
141	if (bits != (af == AF_INET ? 32 : 128))
142	printf("/%d", bits);
143	}
144	}
145
146	void
147	print_name(struct pf_addr *addr, sa_family_t af)
148	{
149	char host[NI_MAXHOST];
150
151	strlcpy(host, "?", sizeof(host));
152	switch (af) {
153	case AF_INET: {
154	struct sockaddr_in sin;
155
156	memset(&sin, 0, sizeof(sin));
157	sin.sin_len = sizeof(sin);
158	sin.sin_family = AF_INET;
159	sin.sin_addr = addr->v4;
160	getnameinfo((struct sockaddr *)&sin, sin.sin_len,
161	host, sizeof(host), NULL, 0, NI_NOFQDN);
162	break;
163	}
164	case AF_INET6: {
165	struct sockaddr_in6 sin6;
166
167	memset(&sin6, 0, sizeof(sin6));
168	sin6.sin6_len = sizeof(sin6);
169	sin6.sin6_family = AF_INET6;
170	sin6.sin6_addr = addr->v6;
171	getnameinfo((struct sockaddr *)&sin6, sin6.sin6_len,
172	host, sizeof(host), NULL, 0, NI_NOFQDN);
173	break;
174	}
175	}
176	printf("%s", host);
177	}
178
179	void
180	print_host(struct pf_addr *addr, u_int16_t port, sa_family_t af, int opts)
181	{
182	if (opts & PF_OPT_USEDNS)
183	print_name(addr, af);
184	else {
185	struct pf_addr_wrap aw;
186
187	memset(&aw, 0, sizeof(aw));
188	aw.v.a.addr = *addr;
189	if (af == AF_INET)
190	aw.v.a.mask.addr32[0] = 0xffffffff;
191	else {
192	memset(&aw.v.a.mask, 0xff, sizeof(aw.v.a.mask));
193	af = AF_INET6;
194	}
195	print_addr(&aw, af, opts & PF_OPT_VERBOSE2);
196	}
197
198	if (port) {
199	if (af == AF_INET)
200	printf(":%u", ntohs(port));
201	else
202	printf("[%u]", ntohs(port));
203	}
204	}
205
206	void
207	print_seq(struct pfsync_state_peer *p)
208	{
209	if (p->seqdiff)
210	printf("[%u + %u](+%u)", ntohl(p->seqlo),
211	ntohl(p->seqhi) - ntohl(p->seqlo), ntohl(p->seqdiff));
212	else
213	printf("[%u + %u]", ntohl(p->seqlo),
214	ntohl(p->seqhi) - ntohl(p->seqlo));
215	}
216
217	void
218	print_state(struct pfsync_state *s, int opts)
219	{
220	struct pfsync_state_peer src, dst;
221	struct pfsync_state_key sk, nk;
222	struct protoent *p;
223	int min, sec;
224
225	if (s->direction == PF_OUT) {
226	src = &s->src;
227	dst = &s->dst;
228	sk = &s->key[PF_SK_STACK];
229	nk = &s->key[PF_SK_WIRE];
230	if (s->proto == IPPROTO_ICMP \|\| s->proto == IPPROTO_ICMPV6)
231	sk->port[0] = nk->port[0];
232	} else {
233	src = &s->dst;
234	dst = &s->src;
235	sk = &s->key[PF_SK_WIRE];
236	nk = &s->key[PF_SK_STACK];
237	if (s->proto == IPPROTO_ICMP \|\| s->proto == IPPROTO_ICMPV6)
238	sk->port[1] = nk->port[1];
239	}
240	printf("%s ", s->ifname);
241	if ((p = getprotobynumber(s->proto)) != NULL)
242	printf("%s ", p->p_name);
243	else
244	printf("%u ", s->proto);
245
246	print_host(&nk->addr[1], nk->port[1], s->af, opts);
247	if (PF_ANEQ(&nk->addr[1], &sk->addr[1], s->af) \|\|
248	nk->port[1] != sk->port[1]) {
249	printf(" (");
250	print_host(&sk->addr[1], sk->port[1], s->af, opts);
251	printf(")");
252	}
253	if (s->direction == PF_OUT)
254	printf(" -> ");
255	else
256	printf(" <- ");
257	print_host(&nk->addr[0], nk->port[0], s->af, opts);
258	if (PF_ANEQ(&nk->addr[0], &sk->addr[0], s->af) \|\|
259	nk->port[0] != sk->port[0]) {
260	printf(" (");
261	print_host(&sk->addr[0], sk->port[0], s->af, opts);
262	printf(")");
263	}
264
265	printf(" ");
266	if (s->proto == IPPROTO_TCP) {
267	if (src->state <= TCPS_TIME_WAIT &&
268	dst->state <= TCPS_TIME_WAIT)
269	printf(" %s:%s\n", tcpstates[src->state],
270	tcpstates[dst->state]);
271	else if (src->state == PF_TCPS_PROXY_SRC \|\|
272	dst->state == PF_TCPS_PROXY_SRC)
273	printf(" PROXY:SRC\n");
274	else if (src->state == PF_TCPS_PROXY_DST \|\|
275	dst->state == PF_TCPS_PROXY_DST)
276	printf(" PROXY:DST\n");
277	else
278	printf(" <BAD STATE LEVELS %u:%u>\n",
279	src->state, dst->state);
280	if (opts & PF_OPT_VERBOSE) {
281	printf(" ");
282	print_seq(src);
283	if (src->wscale && dst->wscale)
284	printf(" wscale %u",
285	src->wscale & PF_WSCALE_MASK);
286	printf(" ");
287	print_seq(dst);
288	if (src->wscale && dst->wscale)
289	printf(" wscale %u",
290	dst->wscale & PF_WSCALE_MASK);
291	printf("\n");
292	}
293	} else if (s->proto == IPPROTO_UDP && src->state < PFUDPS_NSTATES &&
294	dst->state < PFUDPS_NSTATES) {
295	const char *states[] = PFUDPS_NAMES;
296
297	printf(" %s:%s\n", states[src->state], states[dst->state]);
298	} else if (s->proto != IPPROTO_ICMP && src->state < PFOTHERS_NSTATES &&
299	dst->state < PFOTHERS_NSTATES) {
300	/* XXX ICMP doesn't really have state levels */
301	const char *states[] = PFOTHERS_NAMES;
302
303	printf(" %s:%s\n", states[src->state], states[dst->state]);
304	} else {
305	printf(" %u:%u\n", src->state, dst->state);
306	}
307
308	if (opts & PF_OPT_VERBOSE) {
309	u_int64_t packets[2];
310	u_int64_t bytes[2];
311	u_int32_t creation = ntohl(s->creation);
312	u_int32_t expire = ntohl(s->expire);
313
314	sec = creation % 60;
315	creation /= 60;
316	min = creation % 60;
317	creation /= 60;
318	printf(" age %.2u:%.2u:%.2u", creation, min, sec);
319	sec = expire % 60;
320	expire /= 60;
321	min = expire % 60;
322	expire /= 60;
323	printf(", expires in %.2u:%.2u:%.2u", expire, min, sec);
324
325	bcopy(s->packets[0], &packets[0], sizeof(u_int64_t));
326	bcopy(s->packets[1], &packets[1], sizeof(u_int64_t));
327	bcopy(s->bytes[0], &bytes[0], sizeof(u_int64_t));
328	bcopy(s->bytes[1], &bytes[1], sizeof(u_int64_t));
329	printf(", %llu:%llu pkts, %llu:%llu bytes",
330	#ifdef __FreeBSD__
331	(unsigned long long)betoh64(packets[0]),
332	(unsigned long long)betoh64(packets[1]),
333	(unsigned long long)betoh64(bytes[0]),
334	(unsigned long long)betoh64(bytes[1]));
335	#else
336	betoh64(packets[0]),
337	betoh64(packets[1]),
338	betoh64(bytes[0]),
339	betoh64(bytes[1]));
340	#endif
341	if (ntohl(s->anchor) != -1)
342	printf(", anchor %u", ntohl(s->anchor));
343	if (ntohl(s->rule) != -1)
344	printf(", rule %u", ntohl(s->rule));
345	if (s->state_flags & PFSTATE_SLOPPY)
346	printf(", sloppy");
347	if (s->state_flags & PFSTATE_PFLOW)
348	printf(", pflow");
349	if (s->sync_flags & PFSYNC_FLAG_SRCNODE)
350	printf(", source-track");
351	if (s->sync_flags & PFSYNC_FLAG_NATSRCNODE)
352	printf(", sticky-address");
353	printf("\n");
354	}
355	if (opts & PF_OPT_VERBOSE2) {
356	u_int64_t id;
357
358	bcopy(&s->id, &id, sizeof(u_int64_t));
359	printf(" id: %016llx creatorid: %08x",
360	#ifdef __FreeBSD__
361	(unsigned long long)betoh64(id), ntohl(s->creatorid));
362	#else
363	betoh64(id), ntohl(s->creatorid));
364	#endif
365	printf("\n");
366	}
367	}
368
369	int
370	unmask(struct pf_addr *m, sa_family_t af)
371	{
372	int i = 31, j = 0, b = 0;
373	u_int32_t tmp;
374
375	while (j < 4 && m->addr32[j] == 0xffffffff) {
376	b += 32;
377	j++;
378	}
379	if (j < 4) {
380	tmp = ntohl(m->addr32[j]);
381	for (i = 31; tmp & (1 << i); --i)
382	b++;
383	}
384	return (b);
385	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: