4 * Copyright (C) 2012 by Darren Reed.
6 * See the IPFILTER.LICENCE file for details on licencing.
9 # ifndef __FreeBSD_cc_version
10 # include <osreldate.h>
12 # if __FreeBSD_cc_version < 430000
13 # include <osreldate.h>
17 #include <sys/ioctl.h>
21 # include <linux/a.out.h>
26 #if defined(sun) && (defined(__svr4__) || defined(__SVR4))
30 #include "netinet/ipl.h"
32 # if defined(_BSDI_VERSION)
35 # if defined(__FreeBSD__) && \
36 (!defined(__FreeBSD_version) || (__FreeBSD_version < 430000))
39 # if defined(__NetBSD_Version__) && (__NetBSD_Version__ < 105000000)
43 # if defined(__svr4__) || defined(__SVR4)
44 # include <sys/select.h>
46 # undef STATETOP /* NOT supported on SunOS4 */
50 #if defined(STATETOP) && !defined(linux)
51 # include <netinet/ip_var.h>
52 # include <netinet/tcp_fsm.h>
58 # if SOLARIS || defined(__NetBSD__) || defined(_BSDI_VERSION) || \
69 #if defined(__NetBSD__) || (__OpenBSD__)
74 static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed";
75 static const char rcsid[] = "@(#)$Id$";
79 # define nlist nlist64
86 #define PRINTF (void)printf
87 #define FPRINTF (void)fprintf
88 static char *filters[4] = { "ipfilter(in)", "ipfilter(out)",
89 "ipacct(in)", "ipacct(out)" };
90 static int state_logging = -1;
91 static wordtab_t *state_fields = NULL;
101 frgroup_t *grtop = NULL;
102 frgroup_t *grtail = NULL;
104 char *blockreasons[FRB_MAX_VALUE + 1] = {
111 "IP ID update failed",
112 "log-or-block failed",
113 "decapsulate failure",
114 "cannot create new auth entry",
115 "packet queued for auth",
116 "buffer coalesce failure",
117 "buffer pullup failure",
126 #define STGROWSIZE 16
130 #define STSORT_PKTS 1
131 #define STSORT_BYTES 2
133 #define STSORT_SRCIP 4
134 #define STSORT_SRCPT 5
135 #define STSORT_DSTIP 6
136 #define STSORT_DSTPT 7
137 #define STSORT_MAX STSORT_DSTPT
138 #define STSORT_DEFAULT STSORT_BYTES
141 typedef struct statetop {
155 int main __P((int, char *[]));
157 static int fetchfrag __P((int, int, ipfr_t *));
158 static void showstats __P((friostat_t *, u_32_t));
159 static void showfrstates __P((ipfrstat_t *, u_long));
160 static void showlist __P((friostat_t *));
161 static void showstatestats __P((ips_stat_t *));
162 static void showipstates __P((ips_stat_t *, int *));
163 static void showauthstates __P((ipf_authstat_t *));
164 static void showtqtable_live __P((int));
165 static void showgroups __P((friostat_t *));
166 static void usage __P((char *));
167 static int state_matcharray __P((ipstate_t *, int *));
168 static int printlivelist __P((friostat_t *, int, int, frentry_t *,
170 static void printdeadlist __P((friostat_t *, int, int, frentry_t *,
172 static void printside __P((char *, ipf_statistics_t *));
173 static void parse_ipportstr __P((const char *, i6addr_t *, int *));
174 static void ipfstate_live __P((char *, friostat_t **, ips_stat_t **,
175 ipfrstat_t **, ipf_authstat_t **, u_32_t *));
176 static void ipfstate_dead __P((char *, friostat_t **, ips_stat_t **,
177 ipfrstat_t **, ipf_authstat_t **, u_32_t *));
178 static ipstate_t *fetchstate __P((ipstate_t *, ipstate_t *));
180 static void topipstates __P((i6addr_t, i6addr_t, int, int, int,
181 int, int, int, int *));
182 static void sig_break __P((int));
183 static void sig_resize __P((int));
184 static char *getip __P((int, i6addr_t *));
185 static char *ttl_to_string __P((long));
186 static int sort_p __P((const void *, const void *));
187 static int sort_pkts __P((const void *, const void *));
188 static int sort_bytes __P((const void *, const void *));
189 static int sort_ttl __P((const void *, const void *));
190 static int sort_srcip __P((const void *, const void *));
191 static int sort_srcpt __P((const void *, const void *));
192 static int sort_dstip __P((const void *, const void *));
193 static int sort_dstpt __P((const void *, const void *));
197 static void usage(name)
201 fprintf(stderr, "Usage: %s [-6aAdfghIilnoRsv]\n", name);
203 fprintf(stderr, "Usage: %s [-aAdfghIilnoRsv]\n", name);
205 fprintf(stderr, " %s [-M corefile] [-N symbol-list]\n", name);
207 fprintf(stderr, " %s -t [-6C] ", name);
209 fprintf(stderr, " %s -t [-C] ", name);
211 fprintf(stderr, "[-D destination address] [-P protocol] [-S source address] [-T refresh time]\n");
220 ipf_authstat_t frauthst;
221 ipf_authstat_t *frauthstp = &frauthst;
223 friostat_t *fiop = &fio;
225 ips_stat_t *ipsstp = &ipsst;
227 ipfrstat_t *ifrstp = &ifrst;
235 int protocol = -1; /* -1 = wild card for any protocol */
236 int refreshtime = 1; /* default update time */
237 int sport = -1; /* -1 = wild card for any source port */
238 int dport = -1; /* -1 = wild card for any dest port */
239 int topclosed = 0; /* do not show closed tcp sessions */
240 i6addr_t saddr, daddr;
244 options = "6aACdfghIilnostvD:m:M:N:O:P:RS:T:";
246 options = "aACdfghIilnostvD:m:M:N:O:P:RS:T:";
249 saddr.in4.s_addr = INADDR_ANY; /* default any v4 source addr */
250 daddr.in4.s_addr = INADDR_ANY; /* default any v4 dest addr */
252 saddr.in6 = in6addr_any; /* default any v6 source addr */
253 daddr.in6 = in6addr_any; /* default any v6 dest addr */
256 /* Don't warn about invalid flags when we run getopt for the 1st time */
260 * Parse these two arguments now lest there be any buffer overflows
261 * in the parsing of the rest.
264 while ((c = getopt(argc, argv, options)) != -1) {
279 if (live_kernel == 1) {
280 if ((state_fd = open(IPSTATE_NAME, O_RDONLY)) == -1) {
281 perror("open(IPSTATE_NAME)");
284 if ((auth_fd = open(IPAUTH_NAME, O_RDONLY)) == -1) {
285 perror("open(IPAUTH_NAME)");
288 if ((nat_fd = open(IPNAT_NAME, O_RDONLY)) == -1) {
289 perror("open(IPAUTH_NAME)");
292 if ((ipf_fd = open(IPL_NAME, O_RDONLY)) == -1) {
293 fprintf(stderr, "open(%s)", IPL_NAME);
299 if (kern != NULL || memf != NULL) {
300 (void)setgid(getgid());
301 (void)setuid(getuid());
304 if (live_kernel == 1) {
305 (void) checkrev(IPL_NAME);
307 if (openkmem(kern, memf) == -1)
311 (void)setgid(getgid());
312 (void)setuid(getuid());
316 while ((c = getopt(argc, argv, options)) != -1)
326 opts |= OPT_ACCNT|OPT_SHOWLIST;
329 opts |= OPT_AUTHSTATS;
338 parse_ipportstr(optarg, &daddr, &dport);
341 opts |= OPT_FRSTATES;
350 opts |= OPT_INQUE|OPT_SHOWLIST;
353 opts |= OPT_INACTIVE;
356 opts |= OPT_SHOWLIST;
359 filter = parseipfexpr(optarg, NULL);
360 if (filter == NULL) {
361 fprintf(stderr, "Error parseing '%s'\n",
371 opts |= OPT_SHOWLINENO;
374 opts |= OPT_OUTQUE|OPT_SHOWLIST;
377 state_fields = parsefields(statefields, optarg);
380 protocol = getproto(optarg);
381 if (protocol == -1) {
382 fprintf(stderr, "%s: Invalid protocol: %s\n",
388 opts |= OPT_NORESOLVE;
391 opts |= OPT_IPSTATES;
394 parse_ipportstr(optarg, &saddr, &sport);
398 opts |= OPT_STATETOP;
402 "%s: state top facility not compiled in\n",
407 if (!sscanf(optarg, "%d", &refreshtime) ||
408 (refreshtime <= 0)) {
410 "%s: Invalid refreshtime < 1 : %s\n",
424 if (live_kernel == 1) {
425 bzero((char *)&fio, sizeof(fio));
426 bzero((char *)&ipsst, sizeof(ipsst));
427 bzero((char *)&ifrst, sizeof(ifrst));
429 ipfstate_live(IPL_NAME, &fiop, &ipsstp, &ifrstp,
432 ipfstate_dead(kern, &fiop, &ipsstp, &ifrstp, &frauthstp, &frf);
435 if (opts & OPT_IPSTATES) {
436 showipstates(ipsstp, filter);
437 } else if (opts & OPT_SHOWLIST) {
439 if ((opts & OPT_OUTQUE) && (opts & OPT_INQUE)){
443 } else if (opts & OPT_FRSTATES)
444 showfrstates(ifrstp, fiop->f_ticks);
446 else if (opts & OPT_STATETOP)
447 topipstates(saddr, daddr, sport, dport, protocol,
448 use_inet6 ? 6 : 4, refreshtime, topclosed, filter);
450 else if (opts & OPT_AUTHSTATS)
451 showauthstates(frauthstp);
452 else if (opts & OPT_GROUPS)
455 showstats(fiop, frf);
462 * Fill in the stats structures from the live kernel, using a combination
463 * of ioctl's and copying directly from kernel memory.
465 static void ipfstate_live(device, fiopp, ipsstpp, ifrstpp, frauthstpp, frfp)
468 ips_stat_t **ipsstpp;
469 ipfrstat_t **ifrstpp;
470 ipf_authstat_t **frauthstpp;
475 if (checkrev(device) == -1) {
476 fprintf(stderr, "User/kernel version check failed\n");
480 if ((opts & OPT_AUTHSTATS) == 0) {
481 bzero((caddr_t)&ipfo, sizeof(ipfo));
482 ipfo.ipfo_rev = IPFILTER_VERSION;
483 ipfo.ipfo_type = IPFOBJ_IPFSTAT;
484 ipfo.ipfo_size = sizeof(friostat_t);
485 ipfo.ipfo_ptr = (void *)*fiopp;
487 if (ioctl(ipf_fd, SIOCGETFS, &ipfo) == -1) {
488 ipferror(ipf_fd, "ioctl(ipf:SIOCGETFS)");
492 if (ioctl(ipf_fd, SIOCGETFF, frfp) == -1)
493 ipferror(ipf_fd, "ioctl(SIOCGETFF)");
496 if ((opts & OPT_IPSTATES) != 0) {
498 bzero((caddr_t)&ipfo, sizeof(ipfo));
499 ipfo.ipfo_rev = IPFILTER_VERSION;
500 ipfo.ipfo_type = IPFOBJ_STATESTAT;
501 ipfo.ipfo_size = sizeof(ips_stat_t);
502 ipfo.ipfo_ptr = (void *)*ipsstpp;
504 if ((ioctl(state_fd, SIOCGETFS, &ipfo) == -1)) {
505 ipferror(state_fd, "ioctl(state:SIOCGETFS)");
508 if (ioctl(state_fd, SIOCGETLG, &state_logging) == -1) {
509 ipferror(state_fd, "ioctl(state:SIOCGETLG)");
514 if ((opts & OPT_FRSTATES) != 0) {
515 bzero((caddr_t)&ipfo, sizeof(ipfo));
516 ipfo.ipfo_rev = IPFILTER_VERSION;
517 ipfo.ipfo_type = IPFOBJ_FRAGSTAT;
518 ipfo.ipfo_size = sizeof(ipfrstat_t);
519 ipfo.ipfo_ptr = (void *)*ifrstpp;
521 if (ioctl(ipf_fd, SIOCGFRST, &ipfo) == -1) {
522 ipferror(ipf_fd, "ioctl(SIOCGFRST)");
527 if (opts & OPT_DEBUG)
528 PRINTF("opts %#x name %s\n", opts, device);
530 if ((opts & OPT_AUTHSTATS) != 0) {
531 bzero((caddr_t)&ipfo, sizeof(ipfo));
532 ipfo.ipfo_rev = IPFILTER_VERSION;
533 ipfo.ipfo_type = IPFOBJ_AUTHSTAT;
534 ipfo.ipfo_size = sizeof(ipf_authstat_t);
535 ipfo.ipfo_ptr = (void *)*frauthstpp;
537 if (ioctl(auth_fd, SIOCATHST, &ipfo) == -1) {
538 ipferror(auth_fd, "ioctl(SIOCATHST)");
546 * Build up the stats structures from data held in the "core" memory.
547 * This is mainly useful when looking at data in crash dumps and ioctl's
548 * just won't work any more.
550 static void ipfstate_dead(kernel, fiopp, ipsstpp, ifrstpp, frauthstpp, frfp)
553 ips_stat_t **ipsstpp;
554 ipfrstat_t **ifrstpp;
555 ipf_authstat_t **frauthstpp;
558 static ipf_authstat_t frauthst, *frauthstp;
559 static ipftq_t ipstcptab[IPF_TCP_NSTATES];
560 static ips_stat_t ipsst, *ipsstp;
561 static ipfrstat_t ifrst, *ifrstp;
562 static friostat_t fio, *fiop;
566 struct nlist deadlist[44] = {
567 { "ipf_auth_stats", 0, 0, 0, 0 }, /* 0 */
568 { "fae_list", 0, 0, 0, 0 },
569 { "ipauth", 0, 0, 0, 0 },
570 { "ipf_auth_list", 0, 0, 0, 0 },
571 { "ipf_auth_start", 0, 0, 0, 0 },
572 { "ipf_auth_end", 0, 0, 0, 0 }, /* 5 */
573 { "ipf_auth_next", 0, 0, 0, 0 },
574 { "ipf_auth", 0, 0, 0, 0 },
575 { "ipf_auth_used", 0, 0, 0, 0 },
576 { "ipf_auth_size", 0, 0, 0, 0 },
577 { "ipf_auth_defaultage", 0, 0, 0, 0 }, /* 10 */
578 { "ipf_auth_pkts", 0, 0, 0, 0 },
579 { "ipf_auth_lock", 0, 0, 0, 0 },
580 { "frstats", 0, 0, 0, 0 },
581 { "ips_stats", 0, 0, 0, 0 },
582 { "ips_num", 0, 0, 0, 0 }, /* 15 */
583 { "ips_wild", 0, 0, 0, 0 },
584 { "ips_list", 0, 0, 0, 0 },
585 { "ips_table", 0, 0, 0, 0 },
586 { "ipf_state_max", 0, 0, 0, 0 },
587 { "ipf_state_size", 0, 0, 0, 0 }, /* 20 */
588 { "ipf_state_doflush", 0, 0, 0, 0 },
589 { "ipf_state_lock", 0, 0, 0, 0 },
590 { "ipfr_heads", 0, 0, 0, 0 },
591 { "ipfr_nattab", 0, 0, 0, 0 },
592 { "ipfr_stats", 0, 0, 0, 0 }, /* 25 */
593 { "ipfr_inuse", 0, 0, 0, 0 },
594 { "ipf_ipfrttl", 0, 0, 0, 0 },
595 { "ipf_frag_lock", 0, 0, 0, 0 },
596 { "ipfr_timer_id", 0, 0, 0, 0 },
597 { "ipf_nat_lock", 0, 0, 0, 0 }, /* 30 */
598 { "ipf_rules", 0, 0, 0, 0 },
599 { "ipf_acct", 0, 0, 0, 0 },
600 { "ipl_frouteok", 0, 0, 0, 0 },
601 { "ipf_running", 0, 0, 0, 0 },
602 { "ipf_groups", 0, 0, 0, 0 }, /* 35 */
603 { "ipf_active", 0, 0, 0, 0 },
604 { "ipf_pass", 0, 0, 0, 0 },
605 { "ipf_flags", 0, 0, 0, 0 },
606 { "ipf_state_logging", 0, 0, 0, 0 },
607 { "ips_tqtqb", 0, 0, 0, 0 }, /* 40 */
612 frauthstp = &frauthst;
621 *frauthstpp = frauthstp;
623 bzero((char *)fiop, sizeof(*fiop));
624 bzero((char *)ipsstp, sizeof(*ipsstp));
625 bzero((char *)ifrstp, sizeof(*ifrstp));
626 bzero((char *)frauthstp, sizeof(*frauthstp));
628 if (nlist(kernel, deadlist) == -1) {
629 fprintf(stderr, "nlist error\n");
634 * This is for SIOCGETFF.
636 kmemcpy((char *)frfp, (u_long)deadlist[40].n_value, sizeof(*frfp));
639 * f_locks is a combination of the lock variable from each part of
640 * ipfilter (state, auth, nat, fragments).
642 kmemcpy((char *)fiop, (u_long)deadlist[13].n_value, sizeof(*fiop));
643 kmemcpy((char *)&fiop->f_locks[0], (u_long)deadlist[22].n_value,
644 sizeof(fiop->f_locks[0]));
645 kmemcpy((char *)&fiop->f_locks[0], (u_long)deadlist[30].n_value,
646 sizeof(fiop->f_locks[1]));
647 kmemcpy((char *)&fiop->f_locks[2], (u_long)deadlist[28].n_value,
648 sizeof(fiop->f_locks[2]));
649 kmemcpy((char *)&fiop->f_locks[3], (u_long)deadlist[12].n_value,
650 sizeof(fiop->f_locks[3]));
653 * Get pointers to each list of rules (active, inactive, in, out)
655 kmemcpy((char *)&rules, (u_long)deadlist[31].n_value, sizeof(rules));
656 fiop->f_fin[0] = rules[0][0];
657 fiop->f_fin[1] = rules[0][1];
658 fiop->f_fout[0] = rules[1][0];
659 fiop->f_fout[1] = rules[1][1];
662 * Now get accounting rules pointers.
664 kmemcpy((char *)&rules, (u_long)deadlist[33].n_value, sizeof(rules));
665 fiop->f_acctin[0] = rules[0][0];
666 fiop->f_acctin[1] = rules[0][1];
667 fiop->f_acctout[0] = rules[1][0];
668 fiop->f_acctout[1] = rules[1][1];
671 * A collection of "global" variables used inside the kernel which
672 * are all collected in friostat_t via ioctl.
674 kmemcpy((char *)&fiop->f_froute, (u_long)deadlist[33].n_value,
675 sizeof(fiop->f_froute));
676 kmemcpy((char *)&fiop->f_running, (u_long)deadlist[34].n_value,
677 sizeof(fiop->f_running));
678 kmemcpy((char *)&fiop->f_groups, (u_long)deadlist[35].n_value,
679 sizeof(fiop->f_groups));
680 kmemcpy((char *)&fiop->f_active, (u_long)deadlist[36].n_value,
681 sizeof(fiop->f_active));
682 kmemcpy((char *)&fiop->f_defpass, (u_long)deadlist[37].n_value,
683 sizeof(fiop->f_defpass));
686 * Build up the state information stats structure.
688 kmemcpy((char *)ipsstp, (u_long)deadlist[14].n_value, sizeof(*ipsstp));
689 kmemcpy((char *)&temp, (u_long)deadlist[15].n_value, sizeof(temp));
690 kmemcpy((char *)ipstcptab, (u_long)deadlist[40].n_value,
692 ipsstp->iss_active = temp;
693 ipsstp->iss_table = (void *)deadlist[18].n_value;
694 ipsstp->iss_list = (void *)deadlist[17].n_value;
695 ipsstp->iss_tcptab = ipstcptab;
698 * Build up the authentiation information stats structure.
700 kmemcpy((char *)frauthstp, (u_long)deadlist[0].n_value,
702 frauthstp->fas_faelist = (void *)deadlist[1].n_value;
705 * Build up the fragment information stats structure.
707 kmemcpy((char *)ifrstp, (u_long)deadlist[25].n_value,
709 ifrstp->ifs_table = (void *)deadlist[23].n_value;
710 ifrstp->ifs_nattab = (void *)deadlist[24].n_value;
711 kmemcpy((char *)&ifrstp->ifs_inuse, (u_long)deadlist[26].n_value,
712 sizeof(ifrstp->ifs_inuse));
715 * Get logging on/off switches
717 kmemcpy((char *)&state_logging, (u_long)deadlist[41].n_value,
718 sizeof(state_logging));
722 static void printside(side, frs)
724 ipf_statistics_t *frs;
728 PRINTF("%lu\t%s bad packets\n", frs->fr_bad, side);
730 PRINTF("%lu\t%s IPv6 packets\n", frs->fr_ipv6, side);
732 PRINTF("%lu\t%s packets blocked\n", frs->fr_block, side);
733 PRINTF("%lu\t%s packets passed\n", frs->fr_pass, side);
734 PRINTF("%lu\t%s packets not matched\n", frs->fr_nom, side);
735 PRINTF("%lu\t%s packets counted\n", frs->fr_acct, side);
736 PRINTF("%lu\t%s packets short\n", frs->fr_short, side);
737 PRINTF("%lu\t%s packets logged and blocked\n", frs->fr_bpkl, side);
738 PRINTF("%lu\t%s packets logged and passed\n", frs->fr_ppkl, side);
739 PRINTF("%lu\t%s fragment state kept\n", frs->fr_nfr, side);
740 PRINTF("%lu\t%s fragment state lost\n", frs->fr_bnfr, side);
741 PRINTF("%lu\t%s packet state kept\n", frs->fr_ads, side);
742 PRINTF("%lu\t%s packet state lost\n", frs->fr_bads, side);
743 PRINTF("%lu\t%s invalid source\n", frs->fr_v4_badsrc, side);
744 PRINTF("%lu\t%s cache hits\n", frs->fr_chit, side);
745 PRINTF("%lu\t%s cache misses\n", frs->fr_cmiss, side);
746 PRINTF("%lu\t%s bad coalesces\n", frs->fr_badcoalesces, side);
747 PRINTF("%lu\t%s pullups succeeded\n", frs->fr_pull[0], side);
748 PRINTF("%lu\t%s pullups failed\n", frs->fr_pull[1], side);
749 PRINTF("%lu\t%s TCP checksum failures\n", frs->fr_tcpbad, side);
750 for (i = 0; i <= FRB_MAX_VALUE; i++)
751 PRINTF("%lu\t%s block reason %s\n",
752 frs->fr_blocked[i], side, blockreasons[i]);
757 * Display the kernel stats for packets blocked and passed and other
758 * associated running totals which are kept.
760 static void showstats(fp, frf)
764 printside("input", &fp->f_st[0]);
765 printside("output", &fp->f_st[1]);
767 PRINTF("%lu\tpackets logged\n", fp->f_log_ok);
768 PRINTF("%lu\tlog failures\n", fp->f_log_fail);
769 PRINTF("%lu\tred-black no memory\n", fp->f_rb_no_mem);
770 PRINTF("%lu\tred-black node maximum\n", fp->f_rb_node_max);
771 PRINTF("%lu\tICMP replies sent\n", fp->f_st[0].fr_ret);
772 PRINTF("%lu\tTCP RSTs sent\n", fp->f_st[1].fr_ret);
773 PRINTF("%lu\tfastroute successes\n", fp->f_froute[0]);
774 PRINTF("%lu\tfastroute failures\n", fp->f_froute[1]);
775 PRINTF("%u\tIPF Ticks\n", fp->f_ticks);
777 PRINTF("%x\tPacket log flags set:\n", frf);
778 if (frf & FF_LOGPASS)
779 PRINTF("\tpackets passed through filter\n");
780 if (frf & FF_LOGBLOCK)
781 PRINTF("\tpackets blocked by filter\n");
782 if (frf & FF_LOGNOMATCH)
783 PRINTF("\tpackets not matched by filter\n");
790 * Print out a list of rules from the kernel, starting at the one passed.
793 printlivelist(fiop, out, set, fp, group, comment)
794 struct friostat *fiop;
797 char *group, *comment;
809 rule.iri_inout = out;
810 rule.iri_active = set;
814 strncpy(rule.iri_group, group, FR_GROUPLEN);
816 rule.iri_group[0] = '\0';
818 bzero((char *)&zero, sizeof(zero));
820 bzero((char *)&obj, sizeof(obj));
821 obj.ipfo_rev = IPFILTER_VERSION;
822 obj.ipfo_type = IPFOBJ_IPFITER;
823 obj.ipfo_size = sizeof(rule);
824 obj.ipfo_ptr = &rule;
826 while (rule.iri_rule != NULL) {
829 memset(array, 0xff, sizeof(array));
830 fp = (frentry_t *)array;
832 if (ioctl(ipf_fd, SIOCIPFITER, &obj) == -1) {
833 ipferror(ipf_fd, "ioctl(SIOCIPFITER)");
834 num = IPFGENITER_IPF;
835 (void) ioctl(ipf_fd,SIOCIPFDELTOK, &num);
838 if (bcmp(fp, &zero, sizeof(zero)) == 0)
840 if (rule.iri_rule == NULL)
843 if (use_inet6 != 0) {
844 if (fp->fr_family != 0 && fp->fr_family != AF_INET6)
849 if (fp->fr_family != 0 && fp->fr_family != AF_INET)
852 if (fp->fr_data != NULL)
853 fp->fr_data = (char *)fp + fp->fr_size;
857 if (opts & (OPT_HITS|OPT_DEBUG))
859 PRINTF("%"PRIu64" ", (unsigned long long) fp->fr_hits);
861 PRINTF("%lu ", fp->fr_hits);
863 if (opts & (OPT_ACCNT|OPT_DEBUG))
865 PRINTF("%"PRIu64" ", (unsigned long long) fp->fr_bytes);
867 PRINTF("%lu ", fp->fr_bytes);
869 if (opts & OPT_SHOWLINENO)
870 PRINTF("@%d ", rules);
873 fp->fr_die -= fiop->f_ticks;
876 if (opts & OPT_DEBUG) {
877 binprint(fp, fp->fr_size);
878 if (fp->fr_data != NULL && fp->fr_dsize > 0)
879 binprint(fp->fr_data, fp->fr_dsize);
881 if (fp->fr_grhead != -1) {
882 for (g = grtop; g != NULL; g = g->fg_next) {
883 if (!strncmp(fp->fr_names + fp->fr_grhead,
889 g = calloc(1, sizeof(*g));
893 fp->fr_names + fp->fr_grhead,
905 if (fp->fr_type == FR_T_CALLFUNC) {
906 rules += printlivelist(fiop, out, set, fp->fr_data,
907 group, "# callfunc: ");
911 num = IPFGENITER_IPF;
912 (void) ioctl(ipf_fd,SIOCIPFDELTOK, &num);
918 static void printdeadlist(fiop, out, set, fp, group, comment)
922 char *group, *comment;
924 frgroup_t *grtop, *grtail, *g;
935 for (n = 1; fp; fp = fb.fr_next, n++) {
936 if (kmemcpy((char *)&fb, (u_long)fb.fr_next,
942 if (use_inet6 != 0) {
943 if (fp->fr_family != 0 && fp->fr_family != 6)
946 if (fp->fr_family != 0 && fp->fr_family != 4)
951 type = fb.fr_type & ~FR_T_BUILTIN;
952 if (type == FR_T_IPF || type == FR_T_BPFOPC) {
954 data = malloc(fb.fr_dsize);
956 if (kmemcpy(data, (u_long)fb.fr_data,
957 fb.fr_dsize) == -1) {
967 PRINTF("%"PRIu64" ", (unsigned long long) fb.fr_hits);
969 PRINTF("%lu ", fb.fr_hits);
971 if (opts & OPT_ACCNT)
973 PRINTF("%"PRIu64" ", (unsigned long long) fb.fr_bytes);
975 PRINTF("%lu ", fb.fr_bytes);
977 if (opts & OPT_SHOWLINENO)
981 if (opts & OPT_DEBUG) {
982 binprint(fp, fp->fr_size);
983 if (fb.fr_data != NULL && fb.fr_dsize > 0)
984 binprint(fb.fr_data, fb.fr_dsize);
988 if (fb.fr_grhead != -1) {
989 g = calloc(1, sizeof(*g));
992 strncpy(g->fg_name, fb.fr_names + fb.fr_grhead,
1003 if (type == FR_T_CALLFUNC) {
1004 printdeadlist(fiop, out, set, fb.fr_data, group,
1009 while ((g = grtop) != NULL) {
1010 printdeadlist(fiop, out, set, NULL, g->fg_name, comment);
1017 * print out all of the asked for rule sets, using the stats struct as
1018 * the base from which to get the pointers.
1020 static void showlist(fiop)
1021 struct friostat *fiop;
1023 struct frentry *fp = NULL;
1026 set = fiop->f_active;
1027 if (opts & OPT_INACTIVE)
1029 if (opts & OPT_ACCNT) {
1030 if (opts & OPT_OUTQUE) {
1032 fp = (struct frentry *)fiop->f_acctout[set];
1033 } else if (opts & OPT_INQUE) {
1035 fp = (struct frentry *)fiop->f_acctin[set];
1037 FPRINTF(stderr, "No -i or -o given with -a\n");
1041 if (opts & OPT_OUTQUE) {
1043 fp = (struct frentry *)fiop->f_fout[set];
1044 } else if (opts & OPT_INQUE) {
1046 fp = (struct frentry *)fiop->f_fin[set];
1050 if (opts & OPT_DEBUG)
1051 FPRINTF(stderr, "showlist:opts %#x i %d\n", opts, i);
1053 if (opts & OPT_DEBUG)
1054 PRINTF("fp %p set %d\n", fp, set);
1056 if (live_kernel == 1) {
1059 printed = printlivelist(fiop, i, set, fp, NULL, NULL);
1061 FPRINTF(stderr, "# empty list for %s%s\n",
1062 (opts & OPT_INACTIVE) ? "inactive " : "",
1067 FPRINTF(stderr, "# empty list for %s%s\n",
1068 (opts & OPT_INACTIVE) ? "inactive " : "",
1071 printdeadlist(fiop, i, set, fp, NULL, NULL);
1078 * Display ipfilter stateful filtering information
1080 static void showipstates(ipsp, filter)
1088 * If a list of states hasn't been asked for, only print out stats
1090 if (!(opts & OPT_SHOWLIST)) {
1091 showstatestats(ipsp);
1095 if ((state_fields != NULL) && (nohdrfields == 0)) {
1096 for (i = 0; state_fields[i].w_value != 0; i++) {
1097 printfieldhdr(statefields, state_fields + i);
1098 if (state_fields[i + 1].w_value != 0)
1105 * Print out all the state information currently held in the kernel.
1107 for (is = ipsp->iss_list; is != NULL; ) {
1110 is = fetchstate(is, &ips);
1116 if ((filter != NULL) &&
1117 (state_matcharray(&ips, filter) == 0)) {
1120 if (state_fields != NULL) {
1121 for (i = 0; state_fields[i].w_value != 0; i++) {
1122 printstatefield(&ips, state_fields[i].w_value);
1123 if (state_fields[i + 1].w_value != 0)
1128 printstate(&ips, opts, ipsp->iss_ticks);
1134 static void showstatestats(ipsp)
1137 int minlen, maxlen, totallen;
1144 * If a list of states hasn't been asked for, only print out stats
1147 sz = sizeof(*buckets) * ipsp->iss_state_size;
1148 buckets = (u_int *)malloc(sz);
1150 obj.ipfo_rev = IPFILTER_VERSION;
1151 obj.ipfo_type = IPFOBJ_GTABLE;
1152 obj.ipfo_size = sizeof(table);
1153 obj.ipfo_ptr = &table;
1155 table.ita_type = IPFTABLE_BUCKETS;
1156 table.ita_table = buckets;
1158 if (live_kernel == 1) {
1159 if (ioctl(state_fd, SIOCGTABL, &obj) != 0) {
1164 if (kmemcpy((char *)buckets,
1165 (u_long)ipsp->iss_bucketlen, sz)) {
1171 PRINTF("%u\tactive state table entries\n",ipsp->iss_active);
1172 PRINTF("%lu\tadd bad\n", ipsp->iss_add_bad);
1173 PRINTF("%lu\tadd duplicate\n", ipsp->iss_add_dup);
1174 PRINTF("%lu\tadd locked\n", ipsp->iss_add_locked);
1175 PRINTF("%lu\tadd oow\n", ipsp->iss_add_oow);
1176 PRINTF("%lu\tbucket full\n", ipsp->iss_bucket_full);
1177 PRINTF("%lu\tcheck bad\n", ipsp->iss_check_bad);
1178 PRINTF("%lu\tcheck miss\n", ipsp->iss_check_miss);
1179 PRINTF("%lu\tcheck nattag\n", ipsp->iss_check_nattag);
1180 PRINTF("%lu\tclone nomem\n", ipsp->iss_clone_nomem);
1181 PRINTF("%lu\tcheck notag\n", ipsp->iss_check_notag);
1182 PRINTF("%lu\tcheck success\n", ipsp->iss_hits);
1183 PRINTF("%lu\tcloned\n", ipsp->iss_cloned);
1184 PRINTF("%lu\texpired\n", ipsp->iss_expire);
1185 PRINTF("%lu\tflush all\n", ipsp->iss_flush_all);
1186 PRINTF("%lu\tflush closing\n", ipsp->iss_flush_closing);
1187 PRINTF("%lu\tflush queue\n", ipsp->iss_flush_queue);
1188 PRINTF("%lu\tflush state\n", ipsp->iss_flush_state);
1189 PRINTF("%lu\tflush timeout\n", ipsp->iss_flush_timeout);
1190 PRINTF("%u\thash buckets in use\n", ipsp->iss_inuse);
1191 PRINTF("%lu\tICMP bad\n", ipsp->iss_icmp_bad);
1192 PRINTF("%lu\tICMP banned\n", ipsp->iss_icmp_banned);
1193 PRINTF("%lu\tICMP errors\n", ipsp->iss_icmp_icmperr);
1194 PRINTF("%lu\tICMP head block\n", ipsp->iss_icmp_headblock);
1195 PRINTF("%lu\tICMP hits\n", ipsp->iss_icmp_hits);
1196 PRINTF("%lu\tICMP not query\n", ipsp->iss_icmp_notquery);
1197 PRINTF("%lu\tICMP short\n", ipsp->iss_icmp_short);
1198 PRINTF("%lu\tICMP too many\n", ipsp->iss_icmp_toomany);
1199 PRINTF("%lu\tICMPv6 errors\n", ipsp->iss_icmp6_icmperr);
1200 PRINTF("%lu\tICMPv6 miss\n", ipsp->iss_icmp6_miss);
1201 PRINTF("%lu\tICMPv6 not info\n", ipsp->iss_icmp6_notinfo);
1202 PRINTF("%lu\tICMPv6 not query\n", ipsp->iss_icmp6_notquery);
1203 PRINTF("%lu\tlog fail\n", ipsp->iss_log_fail);
1204 PRINTF("%lu\tlog ok\n", ipsp->iss_log_ok);
1205 PRINTF("%lu\tlookup interface mismatch\n", ipsp->iss_lookup_badifp);
1206 PRINTF("%lu\tlookup mask mismatch\n", ipsp->iss_miss_mask);
1207 PRINTF("%lu\tlookup port mismatch\n", ipsp->iss_lookup_badport);
1208 PRINTF("%lu\tlookup miss\n", ipsp->iss_lookup_miss);
1209 PRINTF("%lu\tmaximum rule references\n", ipsp->iss_max_ref);
1210 PRINTF("%lu\tmaximum hosts per rule\n", ipsp->iss_max_track);
1211 PRINTF("%lu\tno memory\n", ipsp->iss_nomem);
1212 PRINTF("%lu\tout of window\n", ipsp->iss_oow);
1213 PRINTF("%lu\torphans\n", ipsp->iss_orphan);
1214 PRINTF("%lu\tscan block\n", ipsp->iss_scan_block);
1215 PRINTF("%lu\tstate table maximum reached\n", ipsp->iss_max);
1216 PRINTF("%lu\tTCP closing\n", ipsp->iss_tcp_closing);
1217 PRINTF("%lu\tTCP OOW\n", ipsp->iss_tcp_oow);
1218 PRINTF("%lu\tTCP RST add\n", ipsp->iss_tcp_rstadd);
1219 PRINTF("%lu\tTCP too small\n", ipsp->iss_tcp_toosmall);
1220 PRINTF("%lu\tTCP bad options\n", ipsp->iss_tcp_badopt);
1221 PRINTF("%lu\tTCP removed\n", ipsp->iss_fin);
1222 PRINTF("%lu\tTCP FSM\n", ipsp->iss_tcp_fsm);
1223 PRINTF("%lu\tTCP strict\n", ipsp->iss_tcp_strict);
1224 PRINTF("%lu\tTCP wild\n", ipsp->iss_wild);
1225 PRINTF("%lu\tMicrosoft Windows SACK\n", ipsp->iss_winsack);
1227 PRINTF("State logging %sabled\n", state_logging ? "en" : "dis");
1229 PRINTF("IP states added:\n");
1230 for (i = 0; i < 256; i++) {
1231 if (ipsp->iss_proto[i] != 0) {
1232 struct protoent *proto;
1234 proto = getprotobynumber(i);
1235 PRINTF("%lu", ipsp->iss_proto[i]);
1237 PRINTF("\t%s\n", proto->p_name);
1239 PRINTF("\t%d\n", i);
1243 PRINTF("\nState table bucket statistics:\n");
1244 PRINTF("%u\tin use\n", ipsp->iss_inuse);
1246 minlen = ipsp->iss_max;
1250 for (i = 0; i < ipsp->iss_state_size; i++) {
1251 if (buckets[i] > maxlen)
1252 maxlen = buckets[i];
1253 if (buckets[i] < minlen)
1254 minlen = buckets[i];
1255 totallen += buckets[i];
1258 PRINTF("%d\thash efficiency\n",
1259 totallen ? ipsp->iss_inuse * 100 / totallen : 0);
1260 PRINTF("%2.2f%%\tbucket usage\n%u\tminimal length\n",
1261 ((float)ipsp->iss_inuse / ipsp->iss_state_size) * 100.0,
1263 PRINTF("%u\tmaximal length\n%.3f\taverage length\n",
1265 ipsp->iss_inuse ? (float) totallen/ ipsp->iss_inuse :
1268 #define ENTRIES_PER_LINE 5
1270 if (opts & OPT_VERBOSE) {
1271 PRINTF("\nCurrent bucket sizes :\n");
1272 for (i = 0; i < ipsp->iss_state_size; i++) {
1273 if ((i % ENTRIES_PER_LINE) == 0)
1275 PRINTF("%4d -> %4u", i, buckets[i]);
1276 if ((i % ENTRIES_PER_LINE) ==
1277 (ENTRIES_PER_LINE - 1))
1288 if (live_kernel == 1) {
1289 showtqtable_live(state_fd);
1291 printtqtable(ipsp->iss_tcptab);
1297 static int handle_resize = 0, handle_break = 0;
1299 static void topipstates(saddr, daddr, sport, dport, protocol, ver,
1300 refreshtime, topclosed, filter)
1311 char str1[STSTRSIZE], str2[STSTRSIZE], str3[STSTRSIZE], str4[STSTRSIZE];
1312 int maxtsentries = 0, reverse = 0, sorting = STSORT_DEFAULT;
1313 int i, j, winy, tsentry, maxx, maxy, redraw = 0, ret = 0;
1314 int len, srclen, dstlen, forward = 1, c = 0;
1315 ips_stat_t ipsst, *ipsstp = &ipsst;
1316 int token_type = IPFGENITER_STATE;
1317 statetop_t *tstable = NULL, *tp;
1318 const char *errstr = "";
1321 struct timeval selecttimeout;
1322 char hostnm[HOSTNMLEN];
1323 struct protoent *proto;
1327 /* install signal handlers */
1328 signal(SIGINT, sig_break);
1329 signal(SIGQUIT, sig_break);
1330 signal(SIGTERM, sig_break);
1331 signal(SIGWINCH, sig_resize);
1333 /* init ncurses stuff */
1339 getmaxyx(stdscr, maxy, maxx);
1342 gethostname(hostnm, sizeof(hostnm) - 1);
1343 hostnm[sizeof(hostnm) - 1] = '\0';
1345 /* init ipfobj_t stuff */
1346 bzero((caddr_t)&ipfo, sizeof(ipfo));
1347 ipfo.ipfo_rev = IPFILTER_VERSION;
1348 ipfo.ipfo_type = IPFOBJ_STATESTAT;
1349 ipfo.ipfo_size = sizeof(*ipsstp);
1350 ipfo.ipfo_ptr = (void *)ipsstp;
1352 /* repeat until user aborts */
1355 /* get state table */
1356 bzero((char *)&ipsst, sizeof(ipsst));
1357 if ((ioctl(state_fd, SIOCGETFS, &ipfo) == -1)) {
1358 errstr = "ioctl(SIOCGETFS)";
1363 /* clear the history */
1366 /* reset max str len */
1367 srclen = dstlen = 0;
1369 /* read the state table and store in tstable */
1370 for (; ipsstp->iss_list; ipsstp->iss_list = ips.is_next) {
1372 ipsstp->iss_list = fetchstate(ipsstp->iss_list, &ips);
1373 if (ipsstp->iss_list == NULL)
1376 if (ips.is_v != ver)
1379 if ((filter != NULL) &&
1380 (state_matcharray(&ips, filter) == 0))
1383 /* check v4 src/dest addresses */
1384 if (ips.is_v == 4) {
1385 if ((saddr.in4.s_addr != INADDR_ANY &&
1386 saddr.in4.s_addr != ips.is_saddr) ||
1387 (daddr.in4.s_addr != INADDR_ANY &&
1388 daddr.in4.s_addr != ips.is_daddr))
1392 /* check v6 src/dest addresses */
1393 if (ips.is_v == 6) {
1394 if ((IP6_NEQ(&saddr, &in6addr_any) &&
1395 IP6_NEQ(&saddr, &ips.is_src)) ||
1396 (IP6_NEQ(&daddr, &in6addr_any) &&
1397 IP6_NEQ(&daddr, &ips.is_dst)))
1401 /* check protocol */
1402 if (protocol > 0 && protocol != ips.is_p)
1405 /* check ports if protocol is TCP or UDP */
1406 if (((ips.is_p == IPPROTO_TCP) ||
1407 (ips.is_p == IPPROTO_UDP)) &&
1408 (((sport > 0) && (htons(sport) != ips.is_sport)) ||
1409 ((dport > 0) && (htons(dport) != ips.is_dport))))
1412 /* show closed TCP sessions ? */
1413 if ((topclosed == 0) && (ips.is_p == IPPROTO_TCP) &&
1414 (ips.is_state[0] >= IPF_TCPS_LAST_ACK) &&
1415 (ips.is_state[1] >= IPF_TCPS_LAST_ACK))
1419 * if necessary make room for this state
1423 if (!maxtsentries || tsentry == maxtsentries) {
1424 maxtsentries += STGROWSIZE;
1425 tstable = realloc(tstable,
1426 maxtsentries * sizeof(statetop_t));
1427 if (tstable == NULL) {
1433 /* get max src/dest address string length */
1434 len = strlen(getip(ips.is_v, &ips.is_src));
1437 len = strlen(getip(ips.is_v, &ips.is_dst));
1441 /* fill structure */
1442 tp = tstable + tsentry;
1443 tp->st_src = ips.is_src;
1444 tp->st_dst = ips.is_dst;
1445 tp->st_p = ips.is_p;
1446 tp->st_v = ips.is_v;
1447 tp->st_state[0] = ips.is_state[0];
1448 tp->st_state[1] = ips.is_state[1];
1450 tp->st_pkts = ips.is_pkts[0]+ips.is_pkts[1];
1451 tp->st_bytes = ips.is_bytes[0]+ips.is_bytes[1];
1453 tp->st_pkts = ips.is_pkts[2]+ips.is_pkts[3];
1454 tp->st_bytes = ips.is_bytes[2]+ips.is_bytes[3];
1456 tp->st_age = ips.is_die - ipsstp->iss_ticks;
1457 if ((ips.is_p == IPPROTO_TCP) ||
1458 (ips.is_p == IPPROTO_UDP)) {
1459 tp->st_sport = ips.is_sport;
1460 tp->st_dport = ips.is_dport;
1464 (void) ioctl(state_fd, SIOCIPFDELTOK, &token_type);
1466 /* sort the array */
1467 if (tsentry != -1) {
1471 qsort(tstable, tsentry + 1,
1472 sizeof(statetop_t), sort_p);
1475 qsort(tstable, tsentry + 1,
1476 sizeof(statetop_t), sort_pkts);
1479 qsort(tstable, tsentry + 1,
1480 sizeof(statetop_t), sort_bytes);
1483 qsort(tstable, tsentry + 1,
1484 sizeof(statetop_t), sort_ttl);
1487 qsort(tstable, tsentry + 1,
1488 sizeof(statetop_t), sort_srcip);
1491 qsort(tstable, tsentry +1,
1492 sizeof(statetop_t), sort_srcpt);
1495 qsort(tstable, tsentry + 1,
1496 sizeof(statetop_t), sort_dstip);
1499 qsort(tstable, tsentry + 1,
1500 sizeof(statetop_t), sort_dstpt);
1507 /* handle window resizes */
1508 if (handle_resize) {
1515 getmaxyx(stdscr, maxy, maxx);
1529 sprintf(str1, "%s - %s - state top", hostnm, IPL_VERSION);
1530 for (j = 0 ; j < (maxx - 8 - strlen(str1)) / 2; j++)
1535 /* just for fun add a clock */
1536 move(winy, maxx - 8);
1538 strftime(str1, 80, "%T", localtime(&t));
1539 printw("%s\n", str1);
1542 * print the display filters, this is placed in the loop,
1543 * because someday I might add code for changing these
1544 * while the programming is running :-)
1547 sprintf(str1, "%s,%d", getip(ver, &saddr), sport);
1549 sprintf(str1, "%s", getip(ver, &saddr));
1552 sprintf(str2, "%s,%d", getip(ver, &daddr), dport);
1554 sprintf(str2, "%s", getip(ver, &daddr));
1557 strcpy(str3, "any");
1558 else if ((proto = getprotobynumber(protocol)) != NULL)
1559 sprintf(str3, "%s", proto->p_name);
1561 sprintf(str3, "%d", protocol);
1566 sprintf(str4, "proto");
1569 sprintf(str4, "# pkts");
1572 sprintf(str4, "# bytes");
1575 sprintf(str4, "ttl");
1578 sprintf(str4, "src ip");
1581 sprintf(str4, "src port");
1584 sprintf(str4, "dest ip");
1587 sprintf(str4, "dest port");
1590 sprintf(str4, "unknown");
1595 strcat(str4, " (reverse)");
1599 printw("Src: %s, Dest: %s, Proto: %s, Sorted by: %s\n\n",
1600 str1, str2, str3, str4);
1603 * For an IPv4 IP address we need at most 15 characters,
1604 * 4 tuples of 3 digits, separated by 3 dots. Enforce this
1605 * length, so the colums do not change positions based
1606 * on the size of the IP address. This length makes the
1607 * output fit in a 80 column terminal.
1608 * We are lacking a good solution for IPv6 addresses (that
1609 * can be longer that 15 characters), so we do not enforce
1610 * a maximum on the IP field size.
1617 /* print column description */
1621 printw("%-*s %-*s %3s %4s %7s %9s %9s\n",
1622 srclen + 6, "Source IP", dstlen + 6, "Destination IP",
1623 "ST", "PR", "#pkts", "#bytes", "ttl");
1626 /* print all the entries */
1631 if (tsentry > maxy - 6)
1633 for (i = 0; i <= tsentry; i++) {
1634 /* print src/dest and port */
1635 if ((tp->st_p == IPPROTO_TCP) ||
1636 (tp->st_p == IPPROTO_UDP)) {
1637 sprintf(str1, "%s,%hu",
1638 getip(tp->st_v, &tp->st_src),
1639 ntohs(tp->st_sport));
1640 sprintf(str2, "%s,%hu",
1641 getip(tp->st_v, &tp->st_dst),
1642 ntohs(tp->st_dport));
1644 sprintf(str1, "%s", getip(tp->st_v,
1646 sprintf(str2, "%s", getip(tp->st_v,
1651 printw("%-*s %-*s", srclen + 6, str1, dstlen + 6, str2);
1654 sprintf(str1, "%X/%X", tp->st_state[0],
1656 printw(" %3s", str1);
1658 /* print protocol */
1659 proto = getprotobynumber(tp->st_p);
1661 strncpy(str1, proto->p_name, 4);
1664 sprintf(str1, "%d", tp->st_p);
1666 /* just print icmp for IPv6-ICMP */
1667 if (tp->st_p == IPPROTO_ICMPV6)
1668 strcpy(str1, "icmp");
1669 printw(" %4s", str1);
1671 /* print #pkt/#bytes */
1673 printw(" %7qu %9qu", (unsigned long long) tp->st_pkts,
1674 (unsigned long long) tp->st_bytes);
1676 printw(" %7lu %9lu", tp->st_pkts, tp->st_bytes);
1678 printw(" %9s", ttl_to_string(tp->st_age));
1686 /* screen data structure is filled, now update the screen */
1690 if (refresh() == ERR)
1697 /* wait for key press or a 1 second time out period */
1698 selecttimeout.tv_sec = refreshtime;
1699 selecttimeout.tv_usec = 0;
1702 select(1, &readfd, NULL, NULL, &selecttimeout);
1704 /* if key pressed, read all waiting keys */
1705 if (FD_ISSET(0, &readfd)) {
1710 if (ISALPHA(c) && ISUPPER(c))
1714 } else if (c == 'q') {
1716 } else if (c == 'r') {
1718 } else if (c == 'b') {
1720 } else if (c == 'f') {
1722 } else if (c == 's') {
1723 if (++sorting > STSORT_MAX)
1732 /* nocbreak(); XXX - endwin() should make this redundant */
1743 * Show fragment cache information that's held in the kernel.
1745 static void showfrstates(ifsp, ticks)
1749 struct ipfr *ipfrtab[IPFT_SIZE], ifr;
1753 * print out the numeric statistics
1755 PRINTF("IP fragment states:\n%lu\tnew\n%lu\texpired\n%lu\thits\n",
1756 ifsp->ifs_new, ifsp->ifs_expire, ifsp->ifs_hits);
1757 PRINTF("%lu\tretrans\n%lu\ttoo short\n",
1758 ifsp->ifs_retrans0, ifsp->ifs_short);
1759 PRINTF("%lu\tno memory\n%lu\talready exist\n",
1760 ifsp->ifs_nomem, ifsp->ifs_exists);
1761 PRINTF("%lu\tinuse\n", ifsp->ifs_inuse);
1764 if (live_kernel == 0) {
1765 if (kmemcpy((char *)ipfrtab, (u_long)ifsp->ifs_table,
1771 * Print out the contents (if any) of the fragment cache table.
1773 if (live_kernel == 1) {
1775 if (fetchfrag(ipf_fd, IPFGENITER_FRAG, &ifr) != 0)
1777 if (ifr.ipfr_ifp == NULL)
1779 ifr.ipfr_ttl -= ticks;
1780 printfraginfo("", &ifr);
1781 } while (ifr.ipfr_next != NULL);
1783 for (i = 0; i < IPFT_SIZE; i++)
1784 while (ipfrtab[i] != NULL) {
1785 if (kmemcpy((char *)&ifr, (u_long)ipfrtab[i],
1788 printfraginfo("", &ifr);
1789 ipfrtab[i] = ifr.ipfr_next;
1793 * Print out the contents (if any) of the NAT fragment cache table.
1796 if (live_kernel == 0) {
1797 if (kmemcpy((char *)ipfrtab, (u_long)ifsp->ifs_nattab,
1802 if (live_kernel == 1) {
1804 if (fetchfrag(nat_fd, IPFGENITER_NATFRAG, &ifr) != 0)
1806 if (ifr.ipfr_ifp == NULL)
1808 ifr.ipfr_ttl -= ticks;
1809 printfraginfo("NAT: ", &ifr);
1810 } while (ifr.ipfr_next != NULL);
1812 for (i = 0; i < IPFT_SIZE; i++)
1813 while (ipfrtab[i] != NULL) {
1814 if (kmemcpy((char *)&ifr, (u_long)ipfrtab[i],
1817 printfraginfo("NAT: ", &ifr);
1818 ipfrtab[i] = ifr.ipfr_next;
1825 * Show stats on how auth within IPFilter has been used
1827 static void showauthstates(asp)
1828 ipf_authstat_t *asp;
1830 frauthent_t *frap, fra;
1834 obj.ipfo_rev = IPFILTER_VERSION;
1835 obj.ipfo_type = IPFOBJ_GENITER;
1836 obj.ipfo_size = sizeof(auth);
1837 obj.ipfo_ptr = &auth;
1839 auth.igi_type = IPFGENITER_AUTH;
1840 auth.igi_nitems = 1;
1841 auth.igi_data = &fra;
1844 printf("Authorisation hits: %"PRIu64"\tmisses %"PRIu64"\n",
1845 (unsigned long long) asp->fas_hits,
1846 (unsigned long long) asp->fas_miss);
1848 printf("Authorisation hits: %ld\tmisses %ld\n", asp->fas_hits,
1851 printf("nospace %ld\nadded %ld\nsendfail %ld\nsendok %ld\n",
1852 asp->fas_nospace, asp->fas_added, asp->fas_sendfail,
1854 printf("queok %ld\nquefail %ld\nexpire %ld\n",
1855 asp->fas_queok, asp->fas_quefail, asp->fas_expire);
1857 frap = asp->fas_faelist;
1859 if (live_kernel == 1) {
1860 if (ioctl(auth_fd, SIOCGENITER, &obj))
1863 if (kmemcpy((char *)&fra, (u_long)frap,
1867 printf("age %ld\t", fra.fae_age);
1868 printfr(&fra.fae_fr, ioctl);
1869 frap = fra.fae_next;
1875 * Display groups used for each of filter rules, accounting rules and
1876 * authentication, separately.
1878 static void showgroups(fiop)
1879 struct friostat *fiop;
1881 static char *gnames[3] = { "Filter", "Accounting", "Authentication" };
1882 static int gnums[3] = { IPL_LOGIPF, IPL_LOGCOUNT, IPL_LOGAUTH };
1886 on = fiop->f_active;
1889 for (i = 0; i < 3; i++) {
1890 printf("%s groups (active):\n", gnames[i]);
1891 for (fp = fiop->f_groups[gnums[i]][on]; fp != NULL;
1893 if (kmemcpy((char *)&grp, (u_long)fp, sizeof(grp)))
1896 printf("%s\n", grp.fg_name);
1897 printf("%s groups (inactive):\n", gnames[i]);
1898 for (fp = fiop->f_groups[gnums[i]][off]; fp != NULL;
1900 if (kmemcpy((char *)&grp, (u_long)fp, sizeof(grp)))
1903 printf("%s\n", grp.fg_name);
1908 static void parse_ipportstr(argument, ip, port)
1909 const char *argument;
1916 /* make working copy of argument, Theoretically you must be able
1917 * to write to optarg, but that seems very ugly to me....
1919 s = strdup(argument);
1924 if ((comma = strchr(s, ',')) != NULL) {
1925 if (!strcasecmp(comma + 1, "any")) {
1927 } else if (!sscanf(comma + 1, "%d", port) ||
1928 (*port < 0) || (*port > 65535)) {
1929 fprintf(stderr, "Invalid port specification in %s\n",
1938 /* get ip address */
1939 if (!strcasecmp(s, "any")) {
1940 ip->in4.s_addr = INADDR_ANY;
1943 ip->in6 = in6addr_any;
1944 } else if (use_inet6 && inet_pton(AF_INET6, s, &ip->in6)) {
1947 } else if (inet_aton(s, &ip->in4))
1951 fprintf(stderr, "Invalid IP address: %s\n", s);
1956 /* free allocated memory */
1962 static void sig_resize(s)
1968 static void sig_break(s)
1974 static char *getip(v, addr)
1979 static char hostbuf[MAXHOSTNAMELEN+1];
1983 return inet_ntoa(addr->in4);
1986 (void) inet_ntop(AF_INET6, &addr->in6, hostbuf, sizeof(hostbuf) - 1);
1987 hostbuf[MAXHOSTNAMELEN] = '\0';
1995 static char *ttl_to_string(ttl)
1998 static char ttlbuf[STSTRSIZE];
1999 int hours, minutes, seconds;
2001 /* ttl is in half seconds */
2010 sprintf(ttlbuf, "%2d:%02d:%02d", hours, minutes, seconds);
2012 sprintf(ttlbuf, "%2d:%02d", minutes, seconds);
2017 static int sort_pkts(a, b)
2022 register const statetop_t *ap = a;
2023 register const statetop_t *bp = b;
2025 if (ap->st_pkts == bp->st_pkts)
2027 else if (ap->st_pkts < bp->st_pkts)
2033 static int sort_bytes(a, b)
2037 register const statetop_t *ap = a;
2038 register const statetop_t *bp = b;
2040 if (ap->st_bytes == bp->st_bytes)
2042 else if (ap->st_bytes < bp->st_bytes)
2048 static int sort_p(a, b)
2052 register const statetop_t *ap = a;
2053 register const statetop_t *bp = b;
2055 if (ap->st_p == bp->st_p)
2057 else if (ap->st_p < bp->st_p)
2063 static int sort_ttl(a, b)
2067 register const statetop_t *ap = a;
2068 register const statetop_t *bp = b;
2070 if (ap->st_age == bp->st_age)
2072 else if (ap->st_age < bp->st_age)
2077 static int sort_srcip(a, b)
2081 register const statetop_t *ap = a;
2082 register const statetop_t *bp = b;
2086 if (IP6_EQ(&ap->st_src, &bp->st_src))
2088 else if (IP6_GT(&ap->st_src, &bp->st_src))
2093 if (ntohl(ap->st_src.in4.s_addr) ==
2094 ntohl(bp->st_src.in4.s_addr))
2096 else if (ntohl(ap->st_src.in4.s_addr) >
2097 ntohl(bp->st_src.in4.s_addr))
2103 static int sort_srcpt(a, b)
2107 register const statetop_t *ap = a;
2108 register const statetop_t *bp = b;
2110 if (htons(ap->st_sport) == htons(bp->st_sport))
2112 else if (htons(ap->st_sport) > htons(bp->st_sport))
2117 static int sort_dstip(a, b)
2121 register const statetop_t *ap = a;
2122 register const statetop_t *bp = b;
2126 if (IP6_EQ(&ap->st_dst, &bp->st_dst))
2128 else if (IP6_GT(&ap->st_dst, &bp->st_dst))
2133 if (ntohl(ap->st_dst.in4.s_addr) ==
2134 ntohl(bp->st_dst.in4.s_addr))
2136 else if (ntohl(ap->st_dst.in4.s_addr) >
2137 ntohl(bp->st_dst.in4.s_addr))
2143 static int sort_dstpt(a, b)
2147 register const statetop_t *ap = a;
2148 register const statetop_t *bp = b;
2150 if (htons(ap->st_dport) == htons(bp->st_dport))
2152 else if (htons(ap->st_dport) > htons(bp->st_dport))
2160 ipstate_t *fetchstate(src, dst)
2161 ipstate_t *src, *dst;
2164 if (live_kernel == 1) {
2168 obj.ipfo_rev = IPFILTER_VERSION;
2169 obj.ipfo_type = IPFOBJ_GENITER;
2170 obj.ipfo_size = sizeof(state);
2171 obj.ipfo_ptr = &state;
2173 state.igi_type = IPFGENITER_STATE;
2174 state.igi_nitems = 1;
2175 state.igi_data = dst;
2177 if (ioctl(state_fd, SIOCGENITER, &obj) != 0)
2179 if (dst->is_next == NULL) {
2180 int n = IPFGENITER_STATE;
2181 (void) ioctl(ipf_fd,SIOCIPFDELTOK, &n);
2184 if (kmemcpy((char *)dst, (u_long)src, sizeof(*dst)))
2191 static int fetchfrag(fd, type, frp)
2198 obj.ipfo_rev = IPFILTER_VERSION;
2199 obj.ipfo_type = IPFOBJ_GENITER;
2200 obj.ipfo_size = sizeof(frag);
2201 obj.ipfo_ptr = &frag;
2203 frag.igi_type = type;
2204 frag.igi_nitems = 1;
2205 frag.igi_data = frp;
2207 if (ioctl(fd, SIOCGENITER, &obj))
2213 static int state_matcharray(stp, array)
2217 int i, n, *x, rv, p;
2222 for (n = array[0], x = array + 1; n > 0; x += e->ipfe_size) {
2224 if (e->ipfe_cmd == IPF_EXP_END)
2230 * The upper 16 bits currently store the protocol value.
2231 * This is currently used with TCP and UDP port compares and
2232 * allows "tcp.port = 80" without requiring an explicit
2233 " "ip.pr = tcp" first.
2235 p = e->ipfe_cmd >> 16;
2236 if ((p != 0) && (p != stp->is_p))
2239 switch (e->ipfe_cmd)
2241 case IPF_EXP_IP_PR :
2242 for (i = 0; !rv && i < e->ipfe_narg; i++) {
2243 rv |= (stp->is_p == e->ipfe_arg0[i]);
2247 case IPF_EXP_IP_SRCADDR :
2250 for (i = 0; !rv && i < e->ipfe_narg; i++) {
2251 rv |= ((stp->is_saddr &
2252 e->ipfe_arg0[i * 2 + 1]) ==
2253 e->ipfe_arg0[i * 2]);
2257 case IPF_EXP_IP_DSTADDR :
2260 for (i = 0; !rv && i < e->ipfe_narg; i++) {
2261 rv |= ((stp->is_daddr &
2262 e->ipfe_arg0[i * 2 + 1]) ==
2263 e->ipfe_arg0[i * 2]);
2267 case IPF_EXP_IP_ADDR :
2270 for (i = 0; !rv && i < e->ipfe_narg; i++) {
2271 rv |= ((stp->is_saddr &
2272 e->ipfe_arg0[i * 2 + 1]) ==
2273 e->ipfe_arg0[i * 2]) ||
2275 e->ipfe_arg0[i * 2 + 1]) ==
2276 e->ipfe_arg0[i * 2]);
2281 case IPF_EXP_IP6_SRCADDR :
2284 for (i = 0; !rv && i < e->ipfe_narg; i++) {
2285 rv |= IP6_MASKEQ(&stp->is_src,
2286 &e->ipfe_arg0[i * 8 + 4],
2287 &e->ipfe_arg0[i * 8]);
2291 case IPF_EXP_IP6_DSTADDR :
2294 for (i = 0; !rv && i < e->ipfe_narg; i++) {
2295 rv |= IP6_MASKEQ(&stp->is_dst,
2296 &e->ipfe_arg0[i * 8 + 4],
2297 &e->ipfe_arg0[i * 8]);
2301 case IPF_EXP_IP6_ADDR :
2304 for (i = 0; !rv && i < e->ipfe_narg; i++) {
2305 rv |= IP6_MASKEQ(&stp->is_src,
2306 &e->ipfe_arg0[i * 8 + 4],
2307 &e->ipfe_arg0[i * 8]) ||
2308 IP6_MASKEQ(&stp->is_dst,
2309 &e->ipfe_arg0[i * 8 + 4],
2310 &e->ipfe_arg0[i * 8]);
2315 case IPF_EXP_UDP_PORT :
2316 case IPF_EXP_TCP_PORT :
2317 for (i = 0; !rv && i < e->ipfe_narg; i++) {
2318 rv |= (stp->is_sport == e->ipfe_arg0[i]) ||
2319 (stp->is_dport == e->ipfe_arg0[i]);
2323 case IPF_EXP_UDP_SPORT :
2324 case IPF_EXP_TCP_SPORT :
2325 for (i = 0; !rv && i < e->ipfe_narg; i++) {
2326 rv |= (stp->is_sport == e->ipfe_arg0[i]);
2330 case IPF_EXP_UDP_DPORT :
2331 case IPF_EXP_TCP_DPORT :
2332 for (i = 0; !rv && i < e->ipfe_narg; i++) {
2333 rv |= (stp->is_dport == e->ipfe_arg0[i]);
2337 case IPF_EXP_IDLE_GT :
2338 for (i = 0; !rv && i < e->ipfe_narg; i++) {
2339 rv |= (stp->is_die < e->ipfe_arg0[i]);
2343 case IPF_EXP_TCP_STATE :
2344 for (i = 0; !rv && i < e->ipfe_narg; i++) {
2345 rv |= (stp->is_state[0] == e->ipfe_arg0[i]) ||
2346 (stp->is_state[1] == e->ipfe_arg0[i]);
2360 static void showtqtable_live(fd)
2363 ipftq_t table[IPF_TCP_NSTATES];
2366 bzero((char *)&obj, sizeof(obj));
2367 obj.ipfo_rev = IPFILTER_VERSION;
2368 obj.ipfo_size = sizeof(table);
2369 obj.ipfo_ptr = (void *)table;
2370 obj.ipfo_type = IPFOBJ_STATETQTAB;
2372 if (ioctl(fd, SIOCGTQTAB, &obj) == 0) {
2373 printtqtable(table);
projects / FreeBSD / releng / 10.0.git / blob