4 * Copyright (C) 2002-2006 by Darren Reed.
6 * See the IPFILTER.LICENCE file for details on licencing.
9 # ifndef __FreeBSD_cc_version
10 # include <osreldate.h>
12 # if __FreeBSD_cc_version < 430000
13 # include <osreldate.h>
17 #include <sys/ioctl.h>
20 # include <linux/a.out.h>
25 #if defined(sun) && (defined(__svr4__) || defined(__SVR4))
29 #include "netinet/ipl.h"
31 # if defined(_BSDI_VERSION)
34 # if defined(__FreeBSD__) && \
35 (!defined(__FreeBSD_version) || (__FreeBSD_version < 430000))
38 # if defined(__NetBSD_Version__) && (__NetBSD_Version__ < 105000000)
42 # if defined(__svr4__) || defined(__SVR4)
43 # include <sys/select.h>
45 # undef STATETOP /* NOT supported on SunOS4 */
49 #if defined(STATETOP) && !defined(linux)
50 # include <netinet/ip_var.h>
51 # include <netinet/tcp_fsm.h>
57 # if SOLARIS || defined(__NetBSD__) || defined(_BSDI_VERSION) || \
68 #if defined(__NetBSD__) || (__OpenBSD__)
73 static const char sccsid[] = "@(#)fils.c 1.21 4/20/96 (C) 1993-2000 Darren Reed";
74 static const char rcsid[] = "@(#)$Id: ipfstat.c,v 1.44.2.25 2007/06/30 09:48:50 darrenr Exp $";
78 # define nlist nlist64
85 #define PRINTF (void)printf
86 #define FPRINTF (void)fprintf
87 static char *filters[4] = { "ipfilter(in)", "ipfilter(out)",
88 "ipacct(in)", "ipacct(out)" };
89 static int state_logging = -1;
98 frgroup_t *grtop = NULL;
99 frgroup_t *grtail = NULL;
103 #define STGROWSIZE 16
107 #define STSORT_PKTS 1
108 #define STSORT_BYTES 2
110 #define STSORT_SRCIP 4
111 #define STSORT_SRCPT 5
112 #define STSORT_DSTIP 6
113 #define STSORT_DSTPT 7
114 #define STSORT_MAX STSORT_DSTPT
115 #define STSORT_DEFAULT STSORT_BYTES
118 typedef struct statetop {
132 int main __P((int, char *[]));
134 static int fetchfrag __P((int, int, ipfr_t *));
135 static void showstats __P((friostat_t *, u_32_t));
136 static void showfrstates __P((ipfrstat_t *, u_long));
137 static void showlist __P((friostat_t *));
138 static void showipstates __P((ips_stat_t *));
139 static void showauthstates __P((fr_authstat_t *));
140 static void showgroups __P((friostat_t *));
141 static void usage __P((char *));
142 static void showtqtable_live __P((int));
143 static void printlivelist __P((int, int, frentry_t *, char *, char *));
144 static void printdeadlist __P((int, int, frentry_t *, char *, char *));
145 static void parse_ipportstr __P((const char *, i6addr_t *, int *));
146 static void ipfstate_live __P((char *, friostat_t **, ips_stat_t **,
147 ipfrstat_t **, fr_authstat_t **, u_32_t *));
148 static void ipfstate_dead __P((char *, friostat_t **, ips_stat_t **,
149 ipfrstat_t **, fr_authstat_t **, u_32_t *));
150 static ipstate_t *fetchstate __P((ipstate_t *, ipstate_t *));
152 static void topipstates __P((i6addr_t, i6addr_t, int, int, int,
154 static void sig_break __P((int));
155 static void sig_resize __P((int));
156 static char *getip __P((int, i6addr_t *));
157 static char *ttl_to_string __P((long));
158 static int sort_p __P((const void *, const void *));
159 static int sort_pkts __P((const void *, const void *));
160 static int sort_bytes __P((const void *, const void *));
161 static int sort_ttl __P((const void *, const void *));
162 static int sort_srcip __P((const void *, const void *));
163 static int sort_srcpt __P((const void *, const void *));
164 static int sort_dstip __P((const void *, const void *));
165 static int sort_dstpt __P((const void *, const void *));
169 static void usage(name)
173 fprintf(stderr, "Usage: %s [-6aAdfghIilnoRsv]\n", name);
175 fprintf(stderr, "Usage: %s [-aAdfghIilnoRsv]\n", name);
177 fprintf(stderr, " %s [-M corefile] [-N symbol-list]\n", name);
179 fprintf(stderr, " %s -t [-6C] ", name);
181 fprintf(stderr, " %s -t [-C] ", name);
183 fprintf(stderr, "[-D destination address] [-P protocol] [-S source address] [-T refresh time]\n");
192 fr_authstat_t frauthst;
193 fr_authstat_t *frauthstp = &frauthst;
195 friostat_t *fiop = &fio;
197 ips_stat_t *ipsstp = &ipsst;
199 ipfrstat_t *ifrstp = &ifrst;
201 char *options, *kern = NULL;
204 int protocol = -1; /* -1 = wild card for any protocol */
205 int refreshtime = 1; /* default update time */
206 int sport = -1; /* -1 = wild card for any source port */
207 int dport = -1; /* -1 = wild card for any dest port */
208 int topclosed = 0; /* do not show closed tcp sessions */
209 i6addr_t saddr, daddr;
213 options = "6aACdfghIilnostvD:M:N:P:RS:T:";
215 options = "aACdfghIilnostvD:M:N:P:RS:T:";
218 saddr.in4.s_addr = INADDR_ANY; /* default any v4 source addr */
219 daddr.in4.s_addr = INADDR_ANY; /* default any v4 dest addr */
221 saddr.in6 = in6addr_any; /* default any v6 source addr */
222 daddr.in6 = in6addr_any; /* default any v6 dest addr */
225 /* Don't warn about invalid flags when we run getopt for the 1st time */
229 * Parse these two arguments now lest there be any buffer overflows
230 * in the parsing of the rest.
233 while ((c = getopt(argc, argv, options)) != -1) {
248 if (live_kernel == 1) {
249 if ((state_fd = open(IPSTATE_NAME, O_RDONLY)) == -1) {
250 perror("open(IPSTATE_NAME)");
253 if ((auth_fd = open(IPAUTH_NAME, O_RDONLY)) == -1) {
254 perror("open(IPAUTH_NAME)");
257 if ((nat_fd = open(IPNAT_NAME, O_RDONLY)) == -1) {
258 perror("open(IPAUTH_NAME)");
261 if ((ipf_fd = open(IPL_NAME, O_RDONLY)) == -1) {
262 fprintf(stderr, "open(%s)", IPL_NAME);
268 if (kern != NULL || memf != NULL) {
269 (void)setgid(getgid());
270 (void)setuid(getuid());
273 if (live_kernel == 1) {
274 (void) checkrev(IPL_NAME);
276 if (openkmem(kern, memf) == -1)
280 (void)setgid(getgid());
281 (void)setuid(getuid());
285 while ((c = getopt(argc, argv, options)) != -1)
295 opts |= OPT_ACCNT|OPT_SHOWLIST;
298 opts |= OPT_AUTHSTATS;
307 parse_ipportstr(optarg, &daddr, &dport);
310 opts |= OPT_FRSTATES;
319 opts |= OPT_INQUE|OPT_SHOWLIST;
322 opts |= OPT_INACTIVE;
325 opts |= OPT_SHOWLIST;
332 opts |= OPT_SHOWLINENO;
335 opts |= OPT_OUTQUE|OPT_SHOWLIST;
338 protocol = getproto(optarg);
339 if (protocol == -1) {
340 fprintf(stderr, "%s: Invalid protocol: %s\n",
346 opts |= OPT_NORESOLVE;
349 opts |= OPT_IPSTATES;
352 parse_ipportstr(optarg, &saddr, &sport);
356 opts |= OPT_STATETOP;
360 "%s: state top facility not compiled in\n",
365 if (!sscanf(optarg, "%d", &refreshtime) ||
366 (refreshtime <= 0)) {
368 "%s: Invalid refreshtime < 1 : %s\n",
382 if (live_kernel == 1) {
383 bzero((char *)&fio, sizeof(fio));
384 bzero((char *)&ipsst, sizeof(ipsst));
385 bzero((char *)&ifrst, sizeof(ifrst));
387 ipfstate_live(IPL_NAME, &fiop, &ipsstp, &ifrstp,
390 ipfstate_dead(kern, &fiop, &ipsstp, &ifrstp, &frauthstp, &frf);
392 if (opts & OPT_IPSTATES) {
393 showipstates(ipsstp);
394 } else if (opts & OPT_SHOWLIST) {
396 if ((opts & OPT_OUTQUE) && (opts & OPT_INQUE)){
400 } else if (opts & OPT_FRSTATES)
401 showfrstates(ifrstp, fiop->f_ticks);
403 else if (opts & OPT_STATETOP)
404 topipstates(saddr, daddr, sport, dport, protocol,
405 use_inet6 ? 6 : 4, refreshtime, topclosed);
407 else if (opts & OPT_AUTHSTATS)
408 showauthstates(frauthstp);
409 else if (opts & OPT_GROUPS)
412 showstats(fiop, frf);
419 * Fill in the stats structures from the live kernel, using a combination
420 * of ioctl's and copying directly from kernel memory.
422 static void ipfstate_live(device, fiopp, ipsstpp, ifrstpp, frauthstpp, frfp)
425 ips_stat_t **ipsstpp;
426 ipfrstat_t **ifrstpp;
427 fr_authstat_t **frauthstpp;
432 if (checkrev(device) == -1) {
433 fprintf(stderr, "User/kernel version check failed\n");
437 if ((opts & OPT_AUTHSTATS) == 0) {
438 bzero((caddr_t)&ipfo, sizeof(ipfo));
439 ipfo.ipfo_rev = IPFILTER_VERSION;
440 ipfo.ipfo_type = IPFOBJ_IPFSTAT;
441 ipfo.ipfo_size = sizeof(friostat_t);
442 ipfo.ipfo_ptr = (void *)*fiopp;
444 if (ioctl(ipf_fd, SIOCGETFS, &ipfo) == -1) {
445 perror("ioctl(ipf:SIOCGETFS)");
449 if (ioctl(ipf_fd, SIOCGETFF, frfp) == -1)
450 perror("ioctl(SIOCGETFF)");
453 if ((opts & OPT_IPSTATES) != 0) {
455 bzero((caddr_t)&ipfo, sizeof(ipfo));
456 ipfo.ipfo_rev = IPFILTER_VERSION;
457 ipfo.ipfo_type = IPFOBJ_STATESTAT;
458 ipfo.ipfo_size = sizeof(ips_stat_t);
459 ipfo.ipfo_ptr = (void *)*ipsstpp;
461 if ((ioctl(state_fd, SIOCGETFS, &ipfo) == -1)) {
462 perror("ioctl(state:SIOCGETFS)");
465 if (ioctl(state_fd, SIOCGETLG, &state_logging) == -1) {
466 perror("ioctl(state:SIOCGETLG)");
471 if ((opts & OPT_FRSTATES) != 0) {
472 bzero((caddr_t)&ipfo, sizeof(ipfo));
473 ipfo.ipfo_rev = IPFILTER_VERSION;
474 ipfo.ipfo_type = IPFOBJ_FRAGSTAT;
475 ipfo.ipfo_size = sizeof(ipfrstat_t);
476 ipfo.ipfo_ptr = (void *)*ifrstpp;
478 if (ioctl(ipf_fd, SIOCGFRST, &ipfo) == -1) {
479 perror("ioctl(SIOCGFRST)");
484 if (opts & OPT_DEBUG)
485 PRINTF("opts %#x name %s\n", opts, device);
487 if ((opts & OPT_AUTHSTATS) != 0) {
488 bzero((caddr_t)&ipfo, sizeof(ipfo));
489 ipfo.ipfo_rev = IPFILTER_VERSION;
490 ipfo.ipfo_type = IPFOBJ_AUTHSTAT;
491 ipfo.ipfo_size = sizeof(fr_authstat_t);
492 ipfo.ipfo_ptr = (void *)*frauthstpp;
494 if (ioctl(auth_fd, SIOCATHST, &ipfo) == -1) {
495 perror("ioctl(SIOCATHST)");
503 * Build up the stats structures from data held in the "core" memory.
504 * This is mainly useful when looking at data in crash dumps and ioctl's
505 * just won't work any more.
507 static void ipfstate_dead(kernel, fiopp, ipsstpp, ifrstpp, frauthstpp, frfp)
510 ips_stat_t **ipsstpp;
511 ipfrstat_t **ifrstpp;
512 fr_authstat_t **frauthstpp;
515 static fr_authstat_t frauthst, *frauthstp;
516 static ips_stat_t ipsst, *ipsstp;
517 static ipfrstat_t ifrst, *ifrstp;
518 static friostat_t fio, *fiop;
519 static ipftq_t ipssttab[IPF_TCP_NSTATES];
523 struct nlist deadlist[44] = {
524 { "fr_authstats" }, /* 0 */
529 { "fr_authend" }, /* 5 */
534 { "fr_defaultauthage" }, /* 10 */
539 { "ips_num" }, /* 15 */
544 { "fr_statesize" }, /* 20 */
545 { "fr_state_doflush" },
549 { "ipfr_stats" }, /* 25 */
554 { "fr_nat_lock" }, /* 30 */
559 { "ipl_frouteok" }, /* 35 */
564 { "fr_flags" }, /* 40 */
565 { "ipstate_logging" },
571 frauthstp = &frauthst;
580 *frauthstpp = frauthstp;
582 bzero((char *)fiop, sizeof(*fiop));
583 bzero((char *)ipsstp, sizeof(*ipsstp));
584 bzero((char *)ifrstp, sizeof(*ifrstp));
585 bzero((char *)frauthstp, sizeof(*frauthstp));
587 if (nlist(kernel, deadlist) == -1) {
588 fprintf(stderr, "nlist error\n");
593 * This is for SIOCGETFF.
595 kmemcpy((char *)frfp, (u_long)deadlist[40].n_value, sizeof(*frfp));
598 * f_locks is a combination of the lock variable from each part of
599 * ipfilter (state, auth, nat, fragments).
601 kmemcpy((char *)fiop, (u_long)deadlist[13].n_value, sizeof(*fiop));
602 kmemcpy((char *)&fiop->f_locks[0], (u_long)deadlist[22].n_value,
603 sizeof(fiop->f_locks[0]));
604 kmemcpy((char *)&fiop->f_locks[0], (u_long)deadlist[30].n_value,
605 sizeof(fiop->f_locks[1]));
606 kmemcpy((char *)&fiop->f_locks[2], (u_long)deadlist[28].n_value,
607 sizeof(fiop->f_locks[2]));
608 kmemcpy((char *)&fiop->f_locks[3], (u_long)deadlist[12].n_value,
609 sizeof(fiop->f_locks[3]));
612 * Get pointers to each list of rules (active, inactive, in, out)
614 kmemcpy((char *)&rules, (u_long)deadlist[31].n_value, sizeof(rules));
615 fiop->f_fin[0] = rules[0][0];
616 fiop->f_fin[1] = rules[0][1];
617 fiop->f_fout[0] = rules[1][0];
618 fiop->f_fout[1] = rules[1][1];
621 * Same for IPv6, except make them null if support for it is not
625 kmemcpy((char *)&rules, (u_long)deadlist[32].n_value, sizeof(rules));
626 fiop->f_fin6[0] = rules[0][0];
627 fiop->f_fin6[1] = rules[0][1];
628 fiop->f_fout6[0] = rules[1][0];
629 fiop->f_fout6[1] = rules[1][1];
631 fiop->f_fin6[0] = NULL;
632 fiop->f_fin6[1] = NULL;
633 fiop->f_fout6[0] = NULL;
634 fiop->f_fout6[1] = NULL;
638 * Now get accounting rules pointers.
640 kmemcpy((char *)&rules, (u_long)deadlist[33].n_value, sizeof(rules));
641 fiop->f_acctin[0] = rules[0][0];
642 fiop->f_acctin[1] = rules[0][1];
643 fiop->f_acctout[0] = rules[1][0];
644 fiop->f_acctout[1] = rules[1][1];
647 kmemcpy((char *)&rules, (u_long)deadlist[34].n_value, sizeof(rules));
648 fiop->f_acctin6[0] = rules[0][0];
649 fiop->f_acctin6[1] = rules[0][1];
650 fiop->f_acctout6[0] = rules[1][0];
651 fiop->f_acctout6[1] = rules[1][1];
653 fiop->f_acctin6[0] = NULL;
654 fiop->f_acctin6[1] = NULL;
655 fiop->f_acctout6[0] = NULL;
656 fiop->f_acctout6[1] = NULL;
660 * A collection of "global" variables used inside the kernel which
661 * are all collected in friostat_t via ioctl.
663 kmemcpy((char *)&fiop->f_froute, (u_long)deadlist[35].n_value,
664 sizeof(fiop->f_froute));
665 kmemcpy((char *)&fiop->f_running, (u_long)deadlist[36].n_value,
666 sizeof(fiop->f_running));
667 kmemcpy((char *)&fiop->f_groups, (u_long)deadlist[37].n_value,
668 sizeof(fiop->f_groups));
669 kmemcpy((char *)&fiop->f_active, (u_long)deadlist[38].n_value,
670 sizeof(fiop->f_active));
671 kmemcpy((char *)&fiop->f_defpass, (u_long)deadlist[39].n_value,
672 sizeof(fiop->f_defpass));
675 * Build up the state information stats structure.
677 kmemcpy((char *)ipsstp, (u_long)deadlist[14].n_value, sizeof(*ipsstp));
678 kmemcpy((char *)&temp, (u_long)deadlist[15].n_value, sizeof(temp));
679 kmemcpy((char *)ipssttab, (u_long)deadlist[42].n_value,
681 ipsstp->iss_active = temp;
682 ipsstp->iss_table = (void *)deadlist[18].n_value;
683 ipsstp->iss_list = (void *)deadlist[17].n_value;
684 ipsstp->iss_tcptab = ipssttab;
687 * Build up the authentiation information stats structure.
689 kmemcpy((char *)frauthstp, (u_long)deadlist[0].n_value,
691 frauthstp->fas_faelist = (void *)deadlist[1].n_value;
694 * Build up the fragment information stats structure.
696 kmemcpy((char *)ifrstp, (u_long)deadlist[25].n_value,
698 ifrstp->ifs_table = (void *)deadlist[23].n_value;
699 ifrstp->ifs_nattab = (void *)deadlist[24].n_value;
700 kmemcpy((char *)&ifrstp->ifs_inuse, (u_long)deadlist[26].n_value,
701 sizeof(ifrstp->ifs_inuse));
704 * Get logging on/off switches
706 kmemcpy((char *)&state_logging, (u_long)deadlist[41].n_value,
707 sizeof(state_logging));
712 * Display the kernel stats for packets blocked and passed and other
713 * associated running totals which are kept.
715 static void showstats(fp, frf)
720 PRINTF("bad packets:\t\tin %lu\tout %lu\n",
721 fp->f_st[0].fr_bad, fp->f_st[1].fr_bad);
723 PRINTF(" IPv6 packets:\t\tin %lu out %lu\n",
724 fp->f_st[0].fr_ipv6, fp->f_st[1].fr_ipv6);
726 PRINTF(" input packets:\t\tblocked %lu passed %lu nomatch %lu",
727 fp->f_st[0].fr_block, fp->f_st[0].fr_pass,
729 PRINTF(" counted %lu short %lu\n",
730 fp->f_st[0].fr_acct, fp->f_st[0].fr_short);
731 PRINTF("output packets:\t\tblocked %lu passed %lu nomatch %lu",
732 fp->f_st[1].fr_block, fp->f_st[1].fr_pass,
734 PRINTF(" counted %lu short %lu\n",
735 fp->f_st[1].fr_acct, fp->f_st[1].fr_short);
736 PRINTF(" input packets logged:\tblocked %lu passed %lu\n",
737 fp->f_st[0].fr_bpkl, fp->f_st[0].fr_ppkl);
738 PRINTF("output packets logged:\tblocked %lu passed %lu\n",
739 fp->f_st[1].fr_bpkl, fp->f_st[1].fr_ppkl);
740 PRINTF(" packets logged:\tinput %lu output %lu\n",
741 fp->f_st[0].fr_pkl, fp->f_st[1].fr_pkl);
742 PRINTF(" log failures:\t\tinput %lu output %lu\n",
743 fp->f_st[0].fr_skip, fp->f_st[1].fr_skip);
744 PRINTF("fragment state(in):\tkept %lu\tlost %lu\tnot fragmented %lu\n",
745 fp->f_st[0].fr_nfr, fp->f_st[0].fr_bnfr,
747 PRINTF("fragment state(out):\tkept %lu\tlost %lu\tnot fragmented %lu\n",
748 fp->f_st[1].fr_nfr, fp->f_st[1].fr_bnfr,
750 PRINTF("packet state(in):\tkept %lu\tlost %lu\n",
751 fp->f_st[0].fr_ads, fp->f_st[0].fr_bads);
752 PRINTF("packet state(out):\tkept %lu\tlost %lu\n",
753 fp->f_st[1].fr_ads, fp->f_st[1].fr_bads);
754 PRINTF("ICMP replies:\t%lu\tTCP RSTs sent:\t%lu\n",
755 fp->f_st[0].fr_ret, fp->f_st[1].fr_ret);
756 PRINTF("Invalid source(in):\t%lu\n", fp->f_st[0].fr_badsrc);
757 PRINTF("Result cache hits(in):\t%lu\t(out):\t%lu\n",
758 fp->f_st[0].fr_chit, fp->f_st[1].fr_chit);
759 PRINTF("IN Pullups succeeded:\t%lu\tfailed:\t%lu\n",
760 fp->f_st[0].fr_pull[0], fp->f_st[0].fr_pull[1]);
761 PRINTF("OUT Pullups succeeded:\t%lu\tfailed:\t%lu\n",
762 fp->f_st[1].fr_pull[0], fp->f_st[1].fr_pull[1]);
763 PRINTF("Fastroute successes:\t%lu\tfailures:\t%lu\n",
764 fp->f_froute[0], fp->f_froute[1]);
765 PRINTF("TCP cksum fails(in):\t%lu\t(out):\t%lu\n",
766 fp->f_st[0].fr_tcpbad, fp->f_st[1].fr_tcpbad);
767 PRINTF("IPF Ticks:\t%lu\n", fp->f_ticks);
769 PRINTF("Packet log flags set: (%#x)\n", frf);
770 if (frf & FF_LOGPASS)
771 PRINTF("\tpackets passed through filter\n");
772 if (frf & FF_LOGBLOCK)
773 PRINTF("\tpackets blocked by filter\n");
774 if (frf & FF_LOGNOMATCH)
775 PRINTF("\tpackets not matched by filter\n");
782 * Print out a list of rules from the kernel, starting at the one passed.
784 static void printlivelist(out, set, fp, group, comment)
787 char *group, *comment;
803 rule.iri_inout = out;
804 rule.iri_active = set;
807 rule.iri_v = use_inet6 ? 6 : 4;
809 strncpy(rule.iri_group, group, FR_GROUPLEN);
811 rule.iri_group[0] = '\0';
813 bzero((char *)&zero, sizeof(zero));
815 bzero((char *)&obj, sizeof(obj));
816 obj.ipfo_rev = IPFILTER_VERSION;
817 obj.ipfo_type = IPFOBJ_IPFITER;
818 obj.ipfo_size = sizeof(rule);
819 obj.ipfo_ptr = &rule;
824 memset(array, 0xff, sizeof(array));
825 fp = (frentry_t *)array;
827 if (ioctl(ipf_fd, SIOCIPFITER, &obj) == -1) {
828 perror("ioctl(SIOCIPFITER)");
830 ioctl(ipf_fd, SIOCIPFDELTOK, &n);
833 if (bcmp(fp, &zero, sizeof(zero)) == 0)
835 if (fp->fr_data != NULL)
836 fp->fr_data = (char *)fp + sizeof(*fp);
840 if (opts & (OPT_HITS|OPT_VERBOSE))
842 PRINTF("%qu ", (unsigned long long) fp->fr_hits);
844 PRINTF("%lu ", fp->fr_hits);
846 if (opts & (OPT_ACCNT|OPT_VERBOSE))
848 PRINTF("%qu ", (unsigned long long) fp->fr_bytes);
850 PRINTF("%lu ", fp->fr_bytes);
852 if (opts & OPT_SHOWLINENO)
856 if (opts & OPT_DEBUG) {
857 binprint(fp, sizeof(*fp));
858 if (fp->fr_data != NULL && fp->fr_dsize > 0)
859 binprint(fp->fr_data, fp->fr_dsize);
861 if (fp->fr_grhead[0] != '\0') {
862 for (g = grtop; g != NULL; g = g->fg_next) {
863 if (!strncmp(fp->fr_grhead, g->fg_name,
868 g = calloc(1, sizeof(*g));
871 strncpy(g->fg_name, fp->fr_grhead,
883 if (fp->fr_type == FR_T_CALLFUNC) {
884 printlivelist(out, set, fp->fr_data, group,
887 } while (fp->fr_next != NULL);
890 ioctl(ipf_fd, SIOCIPFDELTOK, &n);
893 while ((g = grtop) != NULL) {
894 printf("# Group %s\n", g->fg_name);
895 printlivelist(out, set, NULL, g->fg_name, comment);
903 static void printdeadlist(out, set, fp, group, comment)
906 char *group, *comment;
908 frgroup_t *grtop, *grtail, *g;
921 if (kmemcpy((char *)&fb, (u_long)fb.fr_next,
928 type = fb.fr_type & ~FR_T_BUILTIN;
929 if (type == FR_T_IPF || type == FR_T_BPFOPC) {
931 data = malloc(fb.fr_dsize);
933 if (kmemcpy(data, (u_long)fb.fr_data,
934 fb.fr_dsize) == -1) {
944 if (opts & (OPT_HITS|OPT_VERBOSE))
946 PRINTF("%qu ", (unsigned long long) fb.fr_hits);
948 PRINTF("%lu ", fb.fr_hits);
950 if (opts & (OPT_ACCNT|OPT_VERBOSE))
952 PRINTF("%qu ", (unsigned long long) fb.fr_bytes);
954 PRINTF("%lu ", fb.fr_bytes);
956 if (opts & OPT_SHOWLINENO)
960 if (opts & OPT_DEBUG) {
961 binprint(fp, sizeof(*fp));
962 if (fb.fr_data != NULL && fb.fr_dsize > 0)
963 binprint(fb.fr_data, fb.fr_dsize);
967 if (fb.fr_grhead[0] != '\0') {
968 g = calloc(1, sizeof(*g));
971 strncpy(g->fg_name, fb.fr_grhead,
982 if (type == FR_T_CALLFUNC) {
983 printdeadlist(out, set, fb.fr_data, group,
986 } while (fb.fr_next != NULL);
988 while ((g = grtop) != NULL) {
989 printdeadlist(out, set, NULL, g->fg_name, comment);
996 * print out all of the asked for rule sets, using the stats struct as
997 * the base from which to get the pointers.
999 static void showlist(fiop)
1000 struct friostat *fiop;
1002 struct frentry *fp = NULL;
1005 set = fiop->f_active;
1006 if (opts & OPT_INACTIVE)
1008 if (opts & OPT_ACCNT) {
1010 if ((use_inet6) && (opts & OPT_OUTQUE)) {
1012 fp = (struct frentry *)fiop->f_acctout6[set];
1013 } else if ((use_inet6) && (opts & OPT_INQUE)) {
1015 fp = (struct frentry *)fiop->f_acctin6[set];
1018 if (opts & OPT_OUTQUE) {
1020 fp = (struct frentry *)fiop->f_acctout[set];
1021 } else if (opts & OPT_INQUE) {
1023 fp = (struct frentry *)fiop->f_acctin[set];
1025 FPRINTF(stderr, "No -i or -o given with -a\n");
1030 if ((use_inet6) && (opts & OPT_OUTQUE)) {
1032 fp = (struct frentry *)fiop->f_fout6[set];
1033 } else if ((use_inet6) && (opts & OPT_INQUE)) {
1035 fp = (struct frentry *)fiop->f_fin6[set];
1038 if (opts & OPT_OUTQUE) {
1040 fp = (struct frentry *)fiop->f_fout[set];
1041 } else if (opts & OPT_INQUE) {
1043 fp = (struct frentry *)fiop->f_fin[set];
1047 if (opts & OPT_DEBUG)
1048 FPRINTF(stderr, "showlist:opts %#x i %d\n", opts, i);
1050 if (opts & OPT_DEBUG)
1051 PRINTF("fp %p set %d\n", fp, set);
1053 FPRINTF(stderr, "empty list for %s%s\n",
1054 (opts & OPT_INACTIVE) ? "inactive " : "", filters[i]);
1057 if (live_kernel == 1)
1058 printlivelist(i, set, fp, NULL, NULL);
1060 printdeadlist(i, set, fp, NULL, NULL);
1065 * Display ipfilter stateful filtering information
1067 static void showipstates(ipsp)
1070 u_long minlen, maxlen, totallen, *buckets;
1076 * If a list of states hasn't been asked for, only print out stats
1078 if (!(opts & OPT_SHOWLIST)) {
1080 sz = sizeof(*buckets) * ipsp->iss_statesize;
1081 buckets = (u_long *)malloc(sz);
1083 obj.ipfo_rev = IPFILTER_VERSION;
1084 obj.ipfo_type = IPFOBJ_GTABLE;
1085 obj.ipfo_size = sizeof(table);
1086 obj.ipfo_ptr = &table;
1088 table.ita_type = IPFTABLE_BUCKETS;
1089 table.ita_table = buckets;
1091 if (live_kernel == 1) {
1092 if (ioctl(state_fd, SIOCGTABL, &obj) != 0) {
1097 if (kmemcpy((char *)buckets,
1098 (u_long)ipsp->iss_bucketlen, sz)) {
1104 PRINTF("IP states added:\n\t%lu TCP\n\t%lu UDP\n\t%lu ICMP\n",
1105 ipsp->iss_tcp, ipsp->iss_udp, ipsp->iss_icmp);
1106 PRINTF("\t%lu hits\n\t%lu misses\n", ipsp->iss_hits,
1108 PRINTF("\t%lu bucket full\n", ipsp->iss_bucketfull);
1109 PRINTF("\t%lu maximum rule references\n", ipsp->iss_maxref);
1110 PRINTF("\t%lu maximum\n\t%lu no memory\n\t%lu bkts in use\n",
1111 ipsp->iss_max, ipsp->iss_nomem, ipsp->iss_inuse);
1112 PRINTF("\t%lu active\n\t%lu expired\n\t%lu closed\n",
1113 ipsp->iss_active, ipsp->iss_expire, ipsp->iss_fin);
1115 PRINTF("State logging %sabled\n",
1116 state_logging ? "en" : "dis");
1118 PRINTF("\nState table bucket statistics:\n");
1119 PRINTF("\t%lu in use\t\n", ipsp->iss_inuse);
1120 PRINTF("\t%u%% hash efficiency\n", ipsp->iss_active ?
1121 (u_int)(ipsp->iss_inuse * 100 / ipsp->iss_active) : 0);
1123 minlen = ipsp->iss_inuse;
1127 for (i = 0; i < ipsp->iss_statesize; i++) {
1128 if (buckets[i] > maxlen)
1129 maxlen = buckets[i];
1130 if (buckets[i] < minlen)
1131 minlen = buckets[i];
1132 totallen += buckets[i];
1135 PRINTF("\t%2.2f%% bucket usage\n\t%lu minimal length\n",
1136 ((float)ipsp->iss_inuse / ipsp->iss_statesize) * 100.0,
1138 PRINTF("\t%lu maximal length\n\t%.3f average length\n",
1140 ipsp->iss_inuse ? (float) totallen/ ipsp->iss_inuse :
1143 #define ENTRIES_PER_LINE 5
1145 if (opts & OPT_VERBOSE) {
1146 PRINTF("\nCurrent bucket sizes :\n");
1147 for (i = 0; i < ipsp->iss_statesize; i++) {
1148 if ((i % ENTRIES_PER_LINE) == 0)
1150 PRINTF("%4d -> %4lu", i, buckets[i]);
1151 if ((i % ENTRIES_PER_LINE) ==
1152 (ENTRIES_PER_LINE - 1))
1163 if (live_kernel == 1) {
1164 showtqtable_live(state_fd);
1166 printtqtable(ipsp->iss_tcptab);
1174 * Print out all the state information currently held in the kernel.
1176 while (ipsp->iss_list != NULL) {
1179 ipsp->iss_list = fetchstate(ipsp->iss_list, &ips);
1181 if (ipsp->iss_list != NULL) {
1182 ipsp->iss_list = ips.is_next;
1183 printstate(&ips, opts, ipsp->iss_ticks);
1190 static int handle_resize = 0, handle_break = 0;
1192 static void topipstates(saddr, daddr, sport, dport, protocol, ver,
1193 refreshtime, topclosed)
1203 char str1[STSTRSIZE], str2[STSTRSIZE], str3[STSTRSIZE], str4[STSTRSIZE];
1204 int maxtsentries = 0, reverse = 0, sorting = STSORT_DEFAULT;
1205 int i, j, winy, tsentry, maxx, maxy, redraw = 0, ret = 0;
1206 int len, srclen, dstlen, forward = 1, c = 0;
1207 ips_stat_t ipsst, *ipsstp = &ipsst;
1208 statetop_t *tstable = NULL, *tp;
1209 const char *errstr = "";
1212 struct timeval selecttimeout;
1213 char hostnm[HOSTNMLEN];
1214 struct protoent *proto;
1218 /* install signal handlers */
1219 signal(SIGINT, sig_break);
1220 signal(SIGQUIT, sig_break);
1221 signal(SIGTERM, sig_break);
1222 signal(SIGWINCH, sig_resize);
1224 /* init ncurses stuff */
1230 getmaxyx(stdscr, maxy, maxx);
1233 gethostname(hostnm, sizeof(hostnm) - 1);
1234 hostnm[sizeof(hostnm) - 1] = '\0';
1236 /* init ipfobj_t stuff */
1237 bzero((caddr_t)&ipfo, sizeof(ipfo));
1238 ipfo.ipfo_rev = IPFILTER_VERSION;
1239 ipfo.ipfo_type = IPFOBJ_STATESTAT;
1240 ipfo.ipfo_size = sizeof(*ipsstp);
1241 ipfo.ipfo_ptr = (void *)ipsstp;
1243 /* repeat until user aborts */
1246 /* get state table */
1247 bzero((char *)&ipsst, sizeof(ipsst));
1248 if ((ioctl(state_fd, SIOCGETFS, &ipfo) == -1)) {
1249 errstr = "ioctl(SIOCGETFS)";
1254 /* clear the history */
1257 /* reset max str len */
1258 srclen = dstlen = 0;
1260 /* read the state table and store in tstable */
1261 for (; ipsstp->iss_list; ipsstp->iss_list = ips.is_next) {
1263 ipsstp->iss_list = fetchstate(ipsstp->iss_list, &ips);
1264 if (ipsstp->iss_list == NULL)
1267 if (ips.is_v != ver)
1270 /* check v4 src/dest addresses */
1271 if (ips.is_v == 4) {
1272 if ((saddr.in4.s_addr != INADDR_ANY &&
1273 saddr.in4.s_addr != ips.is_saddr) ||
1274 (daddr.in4.s_addr != INADDR_ANY &&
1275 daddr.in4.s_addr != ips.is_daddr))
1279 /* check v6 src/dest addresses */
1280 if (ips.is_v == 6) {
1281 if ((IP6_NEQ(&saddr, &in6addr_any) &&
1282 IP6_NEQ(&saddr, &ips.is_src)) ||
1283 (IP6_NEQ(&daddr, &in6addr_any) &&
1284 IP6_NEQ(&daddr, &ips.is_dst)))
1288 /* check protocol */
1289 if (protocol > 0 && protocol != ips.is_p)
1292 /* check ports if protocol is TCP or UDP */
1293 if (((ips.is_p == IPPROTO_TCP) ||
1294 (ips.is_p == IPPROTO_UDP)) &&
1295 (((sport > 0) && (htons(sport) != ips.is_sport)) ||
1296 ((dport > 0) && (htons(dport) != ips.is_dport))))
1299 /* show closed TCP sessions ? */
1300 if ((topclosed == 0) && (ips.is_p == IPPROTO_TCP) &&
1301 (ips.is_state[0] >= IPF_TCPS_LAST_ACK) &&
1302 (ips.is_state[1] >= IPF_TCPS_LAST_ACK))
1306 * if necessary make room for this state
1310 if (!maxtsentries || tsentry == maxtsentries) {
1311 maxtsentries += STGROWSIZE;
1312 tstable = realloc(tstable,
1313 maxtsentries * sizeof(statetop_t));
1314 if (tstable == NULL) {
1320 /* get max src/dest address string length */
1321 len = strlen(getip(ips.is_v, &ips.is_src));
1324 len = strlen(getip(ips.is_v, &ips.is_dst));
1328 /* fill structure */
1329 tp = tstable + tsentry;
1330 tp->st_src = ips.is_src;
1331 tp->st_dst = ips.is_dst;
1332 tp->st_p = ips.is_p;
1333 tp->st_v = ips.is_v;
1334 tp->st_state[0] = ips.is_state[0];
1335 tp->st_state[1] = ips.is_state[1];
1337 tp->st_pkts = ips.is_pkts[0]+ips.is_pkts[1];
1338 tp->st_bytes = ips.is_bytes[0]+ips.is_bytes[1];
1340 tp->st_pkts = ips.is_pkts[2]+ips.is_pkts[3];
1341 tp->st_bytes = ips.is_bytes[2]+ips.is_bytes[3];
1343 tp->st_age = ips.is_die - ipsstp->iss_ticks;
1344 if ((ips.is_p == IPPROTO_TCP) ||
1345 (ips.is_p == IPPROTO_UDP)) {
1346 tp->st_sport = ips.is_sport;
1347 tp->st_dport = ips.is_dport;
1352 /* sort the array */
1353 if (tsentry != -1) {
1357 qsort(tstable, tsentry + 1,
1358 sizeof(statetop_t), sort_p);
1361 qsort(tstable, tsentry + 1,
1362 sizeof(statetop_t), sort_pkts);
1365 qsort(tstable, tsentry + 1,
1366 sizeof(statetop_t), sort_bytes);
1369 qsort(tstable, tsentry + 1,
1370 sizeof(statetop_t), sort_ttl);
1373 qsort(tstable, tsentry + 1,
1374 sizeof(statetop_t), sort_srcip);
1377 qsort(tstable, tsentry +1,
1378 sizeof(statetop_t), sort_srcpt);
1381 qsort(tstable, tsentry + 1,
1382 sizeof(statetop_t), sort_dstip);
1385 qsort(tstable, tsentry + 1,
1386 sizeof(statetop_t), sort_dstpt);
1393 /* handle window resizes */
1394 if (handle_resize) {
1401 getmaxyx(stdscr, maxy, maxx);
1415 sprintf(str1, "%s - %s - state top", hostnm, IPL_VERSION);
1416 for (j = 0 ; j < (maxx - 8 - strlen(str1)) / 2; j++)
1421 /* just for fun add a clock */
1422 move(winy, maxx - 8);
1424 strftime(str1, 80, "%T", localtime(&t));
1425 printw("%s\n", str1);
1428 * print the display filters, this is placed in the loop,
1429 * because someday I might add code for changing these
1430 * while the programming is running :-)
1433 sprintf(str1, "%s,%d", getip(ver, &saddr), sport);
1435 sprintf(str1, "%s", getip(ver, &saddr));
1438 sprintf(str2, "%s,%d", getip(ver, &daddr), dport);
1440 sprintf(str2, "%s", getip(ver, &daddr));
1443 strcpy(str3, "any");
1444 else if ((proto = getprotobynumber(protocol)) != NULL)
1445 sprintf(str3, "%s", proto->p_name);
1447 sprintf(str3, "%d", protocol);
1452 sprintf(str4, "proto");
1455 sprintf(str4, "# pkts");
1458 sprintf(str4, "# bytes");
1461 sprintf(str4, "ttl");
1464 sprintf(str4, "src ip");
1467 sprintf(str4, "src port");
1470 sprintf(str4, "dest ip");
1473 sprintf(str4, "dest port");
1476 sprintf(str4, "unknown");
1481 strcat(str4, " (reverse)");
1485 printw("Src: %s, Dest: %s, Proto: %s, Sorted by: %s\n\n",
1486 str1, str2, str3, str4);
1489 * For an IPv4 IP address we need at most 15 characters,
1490 * 4 tuples of 3 digits, separated by 3 dots. Enforce this
1491 * length, so the colums do not change positions based
1492 * on the size of the IP address. This length makes the
1493 * output fit in a 80 column terminal.
1494 * We are lacking a good solution for IPv6 addresses (that
1495 * can be longer that 15 characters), so we do not enforce
1496 * a maximum on the IP field size.
1503 /* print column description */
1507 printw("%-*s %-*s %3s %4s %7s %9s %9s\n",
1508 srclen + 6, "Source IP", dstlen + 6, "Destination IP",
1509 "ST", "PR", "#pkts", "#bytes", "ttl");
1512 /* print all the entries */
1517 if (tsentry > maxy - 6)
1519 for (i = 0; i <= tsentry; i++) {
1520 /* print src/dest and port */
1521 if ((tp->st_p == IPPROTO_TCP) ||
1522 (tp->st_p == IPPROTO_UDP)) {
1523 sprintf(str1, "%s,%hu",
1524 getip(tp->st_v, &tp->st_src),
1525 ntohs(tp->st_sport));
1526 sprintf(str2, "%s,%hu",
1527 getip(tp->st_v, &tp->st_dst),
1528 ntohs(tp->st_dport));
1530 sprintf(str1, "%s", getip(tp->st_v,
1532 sprintf(str2, "%s", getip(tp->st_v,
1537 printw("%-*s %-*s", srclen + 6, str1, dstlen + 6, str2);
1540 sprintf(str1, "%X/%X", tp->st_state[0],
1542 printw(" %3s", str1);
1544 /* print protocol */
1545 proto = getprotobynumber(tp->st_p);
1547 strncpy(str1, proto->p_name, 4);
1550 sprintf(str1, "%d", tp->st_p);
1552 /* just print icmp for IPv6-ICMP */
1553 if (tp->st_p == IPPROTO_ICMPV6)
1554 strcpy(str1, "icmp");
1555 printw(" %4s", str1);
1557 /* print #pkt/#bytes */
1559 printw(" %7qu %9qu", (unsigned long long) tp->st_pkts,
1560 (unsigned long long) tp->st_bytes);
1562 printw(" %7lu %9lu", tp->st_pkts, tp->st_bytes);
1564 printw(" %9s", ttl_to_string(tp->st_age));
1572 /* screen data structure is filled, now update the screen */
1576 if (refresh() == ERR)
1583 /* wait for key press or a 1 second time out period */
1584 selecttimeout.tv_sec = refreshtime;
1585 selecttimeout.tv_usec = 0;
1588 select(1, &readfd, NULL, NULL, &selecttimeout);
1590 /* if key pressed, read all waiting keys */
1591 if (FD_ISSET(0, &readfd)) {
1596 if (ISALPHA(c) && ISUPPER(c))
1600 } else if (c == 'q') {
1602 } else if (c == 'r') {
1604 } else if (c == 'b') {
1606 } else if (c == 'f') {
1608 } else if (c == 's') {
1609 if (++sorting > STSORT_MAX)
1618 /* nocbreak(); XXX - endwin() should make this redundant */
1629 * Show fragment cache information that's held in the kernel.
1631 static void showfrstates(ifsp, ticks)
1635 struct ipfr *ipfrtab[IPFT_SIZE], ifr;
1639 * print out the numeric statistics
1641 PRINTF("IP fragment states:\n\t%lu new\n\t%lu expired\n\t%lu hits\n",
1642 ifsp->ifs_new, ifsp->ifs_expire, ifsp->ifs_hits);
1643 PRINTF("\t%lu retrans\n\t%lu too short\n",
1644 ifsp->ifs_retrans0, ifsp->ifs_short);
1645 PRINTF("\t%lu no memory\n\t%lu already exist\n",
1646 ifsp->ifs_nomem, ifsp->ifs_exists);
1647 PRINTF("\t%lu inuse\n", ifsp->ifs_inuse);
1650 if (live_kernel == 0) {
1651 if (kmemcpy((char *)ipfrtab, (u_long)ifsp->ifs_table,
1657 * Print out the contents (if any) of the fragment cache table.
1659 if (live_kernel == 1) {
1661 if (fetchfrag(ipf_fd, IPFGENITER_FRAG, &ifr) != 0)
1663 if (ifr.ipfr_ifp == NULL)
1665 ifr.ipfr_ttl -= ticks;
1666 printfraginfo("", &ifr);
1669 for (i = 0; i < IPFT_SIZE; i++)
1670 while (ipfrtab[i] != NULL) {
1671 if (kmemcpy((char *)&ifr, (u_long)ipfrtab[i],
1674 printfraginfo("", &ifr);
1675 ipfrtab[i] = ifr.ipfr_next;
1679 * Print out the contents (if any) of the NAT fragment cache table.
1682 if (live_kernel == 0) {
1683 if (kmemcpy((char *)ipfrtab, (u_long)ifsp->ifs_nattab,
1688 if (live_kernel == 1) {
1690 if (fetchfrag(nat_fd, IPFGENITER_NATFRAG, &ifr) != 0)
1692 if (ifr.ipfr_ifp == NULL)
1694 ifr.ipfr_ttl -= ticks;
1695 printfraginfo("NAT: ", &ifr);
1698 for (i = 0; i < IPFT_SIZE; i++)
1699 while (ipfrtab[i] != NULL) {
1700 if (kmemcpy((char *)&ifr, (u_long)ipfrtab[i],
1703 printfraginfo("NAT: ", &ifr);
1704 ipfrtab[i] = ifr.ipfr_next;
1711 * Show stats on how auth within IPFilter has been used
1713 static void showauthstates(asp)
1716 frauthent_t *frap, fra;
1720 obj.ipfo_rev = IPFILTER_VERSION;
1721 obj.ipfo_type = IPFOBJ_GENITER;
1722 obj.ipfo_size = sizeof(auth);
1723 obj.ipfo_ptr = &auth;
1725 auth.igi_type = IPFGENITER_AUTH;
1726 auth.igi_nitems = 1;
1727 auth.igi_data = &fra;
1730 printf("Authorisation hits: %qu\tmisses %qu\n",
1731 (unsigned long long) asp->fas_hits,
1732 (unsigned long long) asp->fas_miss);
1734 printf("Authorisation hits: %ld\tmisses %ld\n", asp->fas_hits,
1737 printf("nospace %ld\nadded %ld\nsendfail %ld\nsendok %ld\n",
1738 asp->fas_nospace, asp->fas_added, asp->fas_sendfail,
1740 printf("queok %ld\nquefail %ld\nexpire %ld\n",
1741 asp->fas_queok, asp->fas_quefail, asp->fas_expire);
1743 frap = asp->fas_faelist;
1745 if (live_kernel == 1) {
1746 if (ioctl(auth_fd, SIOCGENITER, &obj))
1749 if (kmemcpy((char *)&fra, (u_long)frap,
1753 printf("age %ld\t", fra.fae_age);
1754 printfr(&fra.fae_fr, ioctl);
1755 frap = fra.fae_next;
1761 * Display groups used for each of filter rules, accounting rules and
1762 * authentication, separately.
1764 static void showgroups(fiop)
1765 struct friostat *fiop;
1767 static char *gnames[3] = { "Filter", "Accounting", "Authentication" };
1768 static int gnums[3] = { IPL_LOGIPF, IPL_LOGCOUNT, IPL_LOGAUTH };
1772 on = fiop->f_active;
1775 for (i = 0; i < 3; i++) {
1776 printf("%s groups (active):\n", gnames[i]);
1777 for (fp = fiop->f_groups[gnums[i]][on]; fp != NULL;
1779 if (kmemcpy((char *)&grp, (u_long)fp, sizeof(grp)))
1782 printf("%s\n", grp.fg_name);
1783 printf("%s groups (inactive):\n", gnames[i]);
1784 for (fp = fiop->f_groups[gnums[i]][off]; fp != NULL;
1786 if (kmemcpy((char *)&grp, (u_long)fp, sizeof(grp)))
1789 printf("%s\n", grp.fg_name);
1793 static void parse_ipportstr(argument, ip, port)
1794 const char *argument;
1801 /* make working copy of argument, Theoretically you must be able
1802 * to write to optarg, but that seems very ugly to me....
1804 s = strdup(argument);
1809 if ((comma = strchr(s, ',')) != NULL) {
1810 if (!strcasecmp(comma + 1, "any")) {
1812 } else if (!sscanf(comma + 1, "%d", port) ||
1813 (*port < 0) || (*port > 65535)) {
1814 fprintf(stderr, "Invalid port specification in %s\n",
1823 /* get ip address */
1824 if (!strcasecmp(s, "any")) {
1825 ip->in4.s_addr = INADDR_ANY;
1828 ip->in6 = in6addr_any;
1829 } else if (use_inet6 && inet_pton(AF_INET6, s, &ip->in6)) {
1832 } else if (inet_aton(s, &ip->in4))
1836 fprintf(stderr, "Invalid IP address: %s\n", s);
1841 /* free allocated memory */
1847 static void sig_resize(s)
1853 static void sig_break(s)
1859 static char *getip(v, addr)
1864 static char hostbuf[MAXHOSTNAMELEN+1];
1868 return inet_ntoa(addr->in4);
1871 (void) inet_ntop(AF_INET6, &addr->in6, hostbuf, sizeof(hostbuf) - 1);
1872 hostbuf[MAXHOSTNAMELEN] = '\0';
1880 static char *ttl_to_string(ttl)
1883 static char ttlbuf[STSTRSIZE];
1884 int hours, minutes, seconds;
1886 /* ttl is in half seconds */
1895 sprintf(ttlbuf, "%2d:%02d:%02d", hours, minutes, seconds);
1897 sprintf(ttlbuf, "%2d:%02d", minutes, seconds);
1902 static int sort_pkts(a, b)
1907 register const statetop_t *ap = a;
1908 register const statetop_t *bp = b;
1910 if (ap->st_pkts == bp->st_pkts)
1912 else if (ap->st_pkts < bp->st_pkts)
1918 static int sort_bytes(a, b)
1922 register const statetop_t *ap = a;
1923 register const statetop_t *bp = b;
1925 if (ap->st_bytes == bp->st_bytes)
1927 else if (ap->st_bytes < bp->st_bytes)
1933 static int sort_p(a, b)
1937 register const statetop_t *ap = a;
1938 register const statetop_t *bp = b;
1940 if (ap->st_p == bp->st_p)
1942 else if (ap->st_p < bp->st_p)
1948 static int sort_ttl(a, b)
1952 register const statetop_t *ap = a;
1953 register const statetop_t *bp = b;
1955 if (ap->st_age == bp->st_age)
1957 else if (ap->st_age < bp->st_age)
1962 static int sort_srcip(a, b)
1966 register const statetop_t *ap = a;
1967 register const statetop_t *bp = b;
1971 if (IP6_EQ(&ap->st_src, &bp->st_src))
1973 else if (IP6_GT(&ap->st_src, &bp->st_src))
1978 if (ntohl(ap->st_src.in4.s_addr) ==
1979 ntohl(bp->st_src.in4.s_addr))
1981 else if (ntohl(ap->st_src.in4.s_addr) >
1982 ntohl(bp->st_src.in4.s_addr))
1988 static int sort_srcpt(a, b)
1992 register const statetop_t *ap = a;
1993 register const statetop_t *bp = b;
1995 if (htons(ap->st_sport) == htons(bp->st_sport))
1997 else if (htons(ap->st_sport) > htons(bp->st_sport))
2002 static int sort_dstip(a, b)
2006 register const statetop_t *ap = a;
2007 register const statetop_t *bp = b;
2011 if (IP6_EQ(&ap->st_dst, &bp->st_dst))
2013 else if (IP6_GT(&ap->st_dst, &bp->st_dst))
2018 if (ntohl(ap->st_dst.in4.s_addr) ==
2019 ntohl(bp->st_dst.in4.s_addr))
2021 else if (ntohl(ap->st_dst.in4.s_addr) >
2022 ntohl(bp->st_dst.in4.s_addr))
2028 static int sort_dstpt(a, b)
2032 register const statetop_t *ap = a;
2033 register const statetop_t *bp = b;
2035 if (htons(ap->st_dport) == htons(bp->st_dport))
2037 else if (htons(ap->st_dport) > htons(bp->st_dport))
2045 ipstate_t *fetchstate(src, dst)
2046 ipstate_t *src, *dst;
2050 if (live_kernel == 1) {
2054 obj.ipfo_rev = IPFILTER_VERSION;
2055 obj.ipfo_type = IPFOBJ_GENITER;
2056 obj.ipfo_size = sizeof(state);
2057 obj.ipfo_ptr = &state;
2059 state.igi_type = IPFGENITER_STATE;
2060 state.igi_nitems = 1;
2061 state.igi_data = dst;
2063 if (ioctl(state_fd, SIOCGENITER, &obj) != 0)
2065 if (dst->is_next == NULL) {
2066 i = IPFGENITER_STATE;
2067 ioctl(state_fd, SIOCIPFDELTOK, &i);
2070 if (kmemcpy((char *)dst, (u_long)src, sizeof(*dst)))
2077 static int fetchfrag(fd, type, frp)
2084 obj.ipfo_rev = IPFILTER_VERSION;
2085 obj.ipfo_type = IPFOBJ_GENITER;
2086 obj.ipfo_size = sizeof(frag);
2087 obj.ipfo_ptr = &frag;
2089 frag.igi_type = type;
2090 frag.igi_nitems = 1;
2091 frag.igi_data = frp;
2093 if (ioctl(fd, SIOCGENITER, &obj))
2099 static void showtqtable_live(fd)
2102 ipftq_t table[IPF_TCP_NSTATES];
2105 bzero((char *)&obj, sizeof(obj));
2106 obj.ipfo_rev = IPFILTER_VERSION;
2107 obj.ipfo_size = sizeof(table);
2108 obj.ipfo_ptr = (void *)table;
2109 obj.ipfo_type = IPFOBJ_STATETQTAB;
2111 if (ioctl(fd, SIOCGTQTAB, &obj) == 0) {
2112 printtqtable(table);
projects / FreeBSD / releng / 9.2.git / blob