4 * Copyright (C) 2000-2006 by Darren Reed.
6 * See the IPFILTER.LICENCE file for details on licencing.
8 * $Id: printfr.c,v 1.43.2.18 2007/05/07 06:55:38 darrenr Exp $
13 static void printaddr(int, int, char *, u_32_t *, u_32_t *);
15 static void printaddr(v, type, ifname, addr, mask)
48 printlookup((i6addr_t *)addr, (i6addr_t *)mask);
52 printhostmask(v, addr, mask);
63 printf("%s/%s", ifname, suffix);
68 void printlookup(addr, mask)
69 i6addr_t *addr, *mask;
71 switch (addr->iplookuptype)
80 printf("lookup(%x)=", addr->iplookuptype);
84 printf("%u", addr->iplookupnum);
85 if (mask->iplookupptr == NULL)
91 * print the filter structure in a useful way
93 void printfr(fp, iocfunc)
105 type = fp->fr_type & ~FR_T_BUILTIN;
107 if ((fp->fr_type & FR_T_BUILTIN) != 0)
108 printf("# Builtin: ");
110 if (fp->fr_collect != 0)
111 printf("%u ", fp->fr_collect);
113 if (fp->fr_type == FR_T_CALLFUNC) {
115 } else if (fp->fr_func != NULL) {
117 if ((fp->fr_flags & FR_CALLNOW) != 0)
119 s = kvatoname(fp->fr_func, iocfunc);
120 printf(" %s/%u", s ? s : "?", fp->fr_arg);
121 } else if (FR_ISPASS(fp->fr_flags))
123 else if (FR_ISBLOCK(fp->fr_flags)) {
125 } else if ((fp->fr_flags & FR_LOGMASK) == FR_LOG) {
127 } else if (FR_ISACCOUNT(fp->fr_flags))
129 else if (FR_ISAUTH(fp->fr_flags))
131 else if (FR_ISPREAUTH(fp->fr_flags))
133 else if (FR_ISNOMATCH(fp->fr_flags))
135 else if (FR_ISSKIP(fp->fr_flags))
136 printf("skip %u", fp->fr_arg);
138 printf("%x", fp->fr_flags);
140 if (fp->fr_flags & FR_RETICMP) {
141 if ((fp->fr_flags & FR_RETMASK) == FR_FAKEICMP)
142 printf(" return-icmp-as-dest");
143 else if ((fp->fr_flags & FR_RETMASK) == FR_RETICMP)
144 printf(" return-icmp");
146 if (fp->fr_icode <= MAX_ICMPCODE)
148 icmpcodes[(int)fp->fr_icode]);
150 printf("(%d)", fp->fr_icode);
152 } else if ((fp->fr_flags & FR_RETMASK) == FR_RETRST)
153 printf(" return-rst");
155 if (fp->fr_flags & FR_OUTQUE)
160 if (((fp->fr_flags & FR_LOGB) == FR_LOGB) ||
161 ((fp->fr_flags & FR_LOGP) == FR_LOGP)) {
166 if (fp->fr_flags & FR_QUICK)
169 if (*fp->fr_ifname) {
170 printifname("on ", fp->fr_ifname, fp->fr_ifa);
171 if (*fp->fr_ifnames[1] && strcmp(fp->fr_ifnames[1], "*"))
172 printifname(",", fp->fr_ifnames[1], fp->fr_ifas[1]);
176 if (*fp->fr_dif.fd_ifname || (fp->fr_flags & FR_DUP))
177 print_toif("dup-to", &fp->fr_dif);
178 if (*fp->fr_tif.fd_ifname)
179 print_toif("to", &fp->fr_tif);
180 if (*fp->fr_rif.fd_ifname)
181 print_toif("reply-to", &fp->fr_rif);
182 if (fp->fr_flags & FR_FASTROUTE)
183 printf("fastroute ");
185 if ((*fp->fr_ifnames[2] && strcmp(fp->fr_ifnames[2], "*")) ||
186 (*fp->fr_ifnames[3] && strcmp(fp->fr_ifnames[3], "*"))) {
187 if (fp->fr_flags & FR_OUTQUE)
192 if (*fp->fr_ifnames[2]) {
193 printifname("", fp->fr_ifnames[2],
195 if (*fp->fr_ifnames[3]) {
196 printifname(",", fp->fr_ifnames[3],
203 if (type == FR_T_IPF) {
204 if (fp->fr_mip.fi_tos)
205 printf("tos %#x ", fp->fr_tos);
206 if (fp->fr_mip.fi_ttl)
207 printf("ttl %d ", fp->fr_ttl);
208 if (fp->fr_flx & FI_TCPUDP) {
209 printf("proto tcp/udp ");
211 } else if (fp->fr_mip.fi_p) {
213 p = getprotobynumber(pr);
215 printproto(p, pr, NULL);
220 if (type == FR_T_NONE) {
222 } else if (type == FR_T_IPF) {
223 printf("from %s", fp->fr_flags & FR_NOTSRCIP ? "!" : "");
224 printaddr(fp->fr_v, fp->fr_satype, fp->fr_ifname,
225 &fp->fr_src.s_addr, &fp->fr_smsk.s_addr);
227 printportcmp(pr, &fp->fr_tuc.ftu_src);
229 printf(" to %s", fp->fr_flags & FR_NOTDSTIP ? "!" : "");
230 printaddr(fp->fr_v, fp->fr_datype, fp->fr_ifname,
231 &fp->fr_dst.s_addr, &fp->fr_dmsk.s_addr);
233 printportcmp(pr, &fp->fr_tuc.ftu_dst);
235 if (fp->fr_proto == IPPROTO_ICMP && fp->fr_icmpm) {
236 int type = fp->fr_icmp, code;
238 type = ntohs(fp->fr_icmp);
241 if (type < (sizeof(icmptypes) / sizeof(char *) - 1) &&
243 printf(" icmp-type %s", icmptypes[type]);
245 printf(" icmp-type %d", type);
246 if (ntohs(fp->fr_icmpm) & 0xff)
247 printf(" code %d", code);
249 if ((fp->fr_proto == IPPROTO_TCP) &&
250 (fp->fr_tcpf || fp->fr_tcpfm)) {
252 if (fp->fr_tcpf & ~TCPF_ALL)
253 printf("0x%x", fp->fr_tcpf);
255 for (s = flagset, t = flags; *s; s++, t++)
256 if (fp->fr_tcpf & *t)
260 if (fp->fr_tcpfm & ~TCPF_ALL)
261 printf("0x%x", fp->fr_tcpfm);
263 for (s = flagset, t = flags; *s;
265 if (fp->fr_tcpfm & *t)
269 } else if (type == FR_T_BPFOPC) {
273 printf("bpf-v%d { \"", fp->fr_v);
274 i = fp->fr_dsize / sizeof(*fb);
276 for (fb = fp->fr_data, s = ""; i; i--, fb++, s = " ")
277 printf("%s%#x %#x %#x %#x", s, fb->fb_c, fb->fb_t,
281 } else if (type == FR_T_COMPIPF) {
283 } else if (type == FR_T_CALLFUNC) {
284 printf("call function at %p", fp->fr_data);
286 printf("[unknown filter type %#x]", fp->fr_type);
289 if ((type == FR_T_IPF) &&
290 ((fp->fr_flx & FI_WITH) || (fp->fr_mflx & FI_WITH) ||
291 fp->fr_optbits || fp->fr_optmask ||
292 fp->fr_secbits || fp->fr_secmask)) {
296 if (fp->fr_optbits || fp->fr_optmask ||
297 fp->fr_secbits || fp->fr_secmask) {
298 sec[0] = fp->fr_secmask;
299 sec[1] = fp->fr_secbits;
301 optprint(sec, fp->fr_optmask, fp->fr_optbits);
304 optprintv6(sec, fp->fr_optmask,
307 } else if (fp->fr_mflx & FI_OPTIONS) {
308 fputs(comma, stdout);
309 if (!(fp->fr_flx & FI_OPTIONS))
314 if (fp->fr_mflx & FI_SHORT) {
315 fputs(comma, stdout);
316 if (!(fp->fr_flx & FI_SHORT))
321 if (fp->fr_mflx & FI_FRAG) {
322 fputs(comma, stdout);
323 if (!(fp->fr_flx & FI_FRAG))
328 if (fp->fr_mflx & FI_FRAGBODY) {
329 fputs(comma, stdout);
330 if (!(fp->fr_flx & FI_FRAGBODY))
335 if (fp->fr_mflx & FI_NATED) {
336 fputs(comma, stdout);
337 if (!(fp->fr_flx & FI_NATED))
342 if (fp->fr_mflx & FI_LOWTTL) {
343 fputs(comma, stdout);
344 if (!(fp->fr_flx & FI_LOWTTL))
349 if (fp->fr_mflx & FI_BAD) {
350 fputs(comma, stdout);
351 if (!(fp->fr_flx & FI_BAD))
356 if (fp->fr_mflx & FI_BADSRC) {
357 fputs(comma, stdout);
358 if (!(fp->fr_flx & FI_BADSRC))
363 if (fp->fr_mflx & FI_BADNAT) {
364 fputs(comma, stdout);
365 if (!(fp->fr_flx & FI_BADNAT))
370 if (fp->fr_mflx & FI_OOW) {
371 fputs(comma, stdout);
372 if (!(fp->fr_flx & FI_OOW))
377 if (fp->fr_mflx & FI_MBCAST) {
378 fputs(comma, stdout);
379 if (!(fp->fr_flx & FI_MBCAST))
384 if (fp->fr_mflx & FI_BROADCAST) {
385 fputs(comma, stdout);
386 if (!(fp->fr_flx & FI_BROADCAST))
391 if (fp->fr_mflx & FI_MULTICAST) {
392 fputs(comma, stdout);
393 if (!(fp->fr_flx & FI_MULTICAST))
398 if (fp->fr_mflx & FI_STATE) {
399 fputs(comma, stdout);
400 if (!(fp->fr_flx & FI_STATE))
407 if (fp->fr_flags & FR_KEEPSTATE) {
408 printf(" keep state");
409 if ((fp->fr_flags & (FR_STSTRICT|FR_NEWISN|FR_NOICMPERR|FR_STATESYNC)) ||
410 (fp->fr_statemax != 0) || (fp->fr_age[0] != 0)) {
413 if (fp->fr_statemax != 0) {
414 printf("limit %u", fp->fr_statemax);
417 if (fp->fr_flags & FR_STSTRICT) {
418 printf("%sstrict", comma);
421 if (fp->fr_flags & FR_NEWISN) {
422 printf("%snewisn", comma);
425 if (fp->fr_flags & FR_NOICMPERR) {
426 printf("%sno-icmp-err", comma);
429 if (fp->fr_flags & FR_STATESYNC) {
430 printf("%ssync", comma);
433 if (fp->fr_age[0] || fp->fr_age[1])
434 printf("%sage %d/%d", comma, fp->fr_age[0],
439 if (fp->fr_flags & FR_KEEPFRAG) {
440 printf(" keep frags");
441 if (fp->fr_flags & (FR_FRSTRICT)) {
443 if (fp->fr_flags & FR_FRSTRICT)
449 if (fp->fr_isc != (struct ipscan *)-1) {
450 if (fp->fr_isctag[0])
451 printf(" scan %s", fp->fr_isctag);
455 if (*fp->fr_grhead != '\0')
456 printf(" head %s", fp->fr_grhead);
457 if (*fp->fr_group != '\0')
458 printf(" group %s", fp->fr_group);
459 if (fp->fr_logtag != FR_NOLOGTAG || *fp->fr_nattag.ipt_tag) {
463 if (fp->fr_logtag != FR_NOLOGTAG) {
464 printf("log=%u", fp->fr_logtag);
467 if (*fp->fr_nattag.ipt_tag) {
468 printf("%snat=%-.*s", s, IPFTAG_LEN,
469 fp->fr_nattag.ipt_tag);
475 printf(" pps %d", fp->fr_pps);
477 if ((fp->fr_flags & FR_KEEPSTATE) && (opts & OPT_VERBOSE)) {
478 printf(" # count %d", fp->fr_statecnt);
projects / FreeBSD / releng / 9.2.git / blob