xref: /titanic_51/usr/src/cmd/ipf/lib/common/printnat.c (revision 8eea8e29cc4374d1ee24c25a07f45af132db3499) 
1 /*
2  * Copyright (C) 1993-2001 by Darren Reed.
3  *
4  * See the IPFILTER.LICENCE file for details on licencing.
5  *
6  * Added redirect stuff and a variety of bug fixes. (mcn@EnGarde.com)
7  */
8 
9 #include "ipf.h"
10 #include "kmem.h"
11 
12 
13 #if !defined(lint)
14 static const char rcsid[] = "@(#)$Id: printnat.c,v 1.14 2003/04/13 06:39:16 darrenr Exp $";
15 #endif
16 
17 
18 void printactivenat(nat, opts)
19 nat_t *nat;
20 int opts;
21 {
22 	u_int hv1, hv2;
23 
24 	printf("%s", getnattype(nat->nat_ptr));
25 
26 	if (nat->nat_flags & SI_CLONE)
27 		printf(" CLONE");
28 
29 	printf(" %-15s", inet_ntoa(nat->nat_inip));
30 
31 	if ((nat->nat_flags & IPN_TCPUDP) != 0)
32 		printf(" %-5hu", ntohs(nat->nat_inport));
33 
34 	printf(" <- -> %-15s",inet_ntoa(nat->nat_outip));
35 
36 	if ((nat->nat_flags & IPN_TCPUDP) != 0)
37 		printf(" %-5hu", ntohs(nat->nat_outport));
38 
39 	printf(" [%s", inet_ntoa(nat->nat_oip));
40 	if ((nat->nat_flags & IPN_TCPUDP) != 0)
41 		printf(" %hu", ntohs(nat->nat_oport));
42 	printf("]");
43 
44 	if (opts & OPT_VERBOSE) {
45 		printf("\n\tage %lu use %hu sumd %s/",
46 			nat->nat_age, nat->nat_use, getsumd(nat->nat_sumd[0]));
47                 if ((nat->nat_flags & SI_WILDP) == 0) {
48                         hv1 = NAT_HASH_FN(nat->nat_inip.s_addr,
49                                         nat->nat_inport, 0xffffffff);
50                         hv1 = NAT_HASH_FN(nat->nat_oip.s_addr,
51                                         hv1 + nat->nat_oport, NAT_TABLE_SZ);
52                         hv2 = NAT_HASH_FN(nat->nat_outip.s_addr,
53                                         nat->nat_outport, 0xffffffff);
54                         hv2 = NAT_HASH_FN(nat->nat_oip.s_addr,
55                                         hv2 + nat->nat_oport, NAT_TABLE_SZ);
56                 } else {
57                         hv1 = NAT_HASH_FN(nat->nat_inip.s_addr, 0,
58                                         0xffffffff);
59                         hv1 = NAT_HASH_FN(nat->nat_oip.s_addr, hv1,
60                                         NAT_TABLE_SZ);
61                         hv2 = NAT_HASH_FN(nat->nat_outip.s_addr, 0,
62                                         0xffffffff);
63                         hv2 = NAT_HASH_FN(nat->nat_oip.s_addr, hv2,
64                                         NAT_TABLE_SZ);
65                 }
66 		printf("%s pr %u bkt %d/%d flags %x\n",
67 			getsumd(nat->nat_sumd[1]), nat->nat_p,
68 			hv1, hv2, nat->nat_flags);
69 		printf("\tifp %s", getifname(nat->nat_ifps[0]));
70 		printf(",%s ", getifname(nat->nat_ifps[1]));
71 #ifdef	USE_QUAD_T
72 		printf("bytes %qu/%qu pkts %qu/%qu",
73 			(unsigned long long)nat->nat_bytes[0],
74 			(unsigned long long)nat->nat_bytes[1],
75 			(unsigned long long)nat->nat_pkts[0],
76 			(unsigned long long)nat->nat_pkts[1]);
77 #else
78 		printf("bytes %lu/%lu pkts %lu/%lu", nat->nat_bytes[0],
79 			nat->nat_bytes[1], nat->nat_pkts[0], nat->nat_pkts[1]);
80 #endif
81 #if SOLARIS
82 		printf(" %lx", nat->nat_ipsumd);
83 #endif
84 	}
85 
86 	putchar('\n');
87 	if (nat->nat_aps)
88 		printaps(nat->nat_aps, opts);
89 }
90 
91 
92 /*
93  * Print out a NAT rule
94  */
95 void printnat(np, opts)
96 ipnat_t *np;
97 int opts;
98 {
99 	struct	protoent	*pr;
100 	struct	servent	*sv;
101 	int	bits;
102 
103 	pr = getprotobynumber(np->in_p);
104 
105 	switch (np->in_redir)
106 	{
107 	case NAT_REDIRECT :
108 		printf("rdr");
109 		break;
110 	case NAT_MAP :
111 		printf("map");
112 		break;
113 	case NAT_MAPBLK :
114 		printf("map-block");
115 		break;
116 	case NAT_BIMAP :
117 		printf("bimap");
118 		break;
119 	default :
120 		fprintf(stderr, "unknown value for in_redir: %#x\n",
121 			np->in_redir);
122 		break;
123 	}
124 
125 	printf(" %s", np->in_ifnames[0]);
126 	if ((np->in_ifnames[1][0] != '\0') &&
127 	    (strncmp(np->in_ifnames[0], np->in_ifnames[1], LIFNAMSIZ) != 0)) {
128 		printf(",%s ", np->in_ifnames[1]);
129 	}
130 	putchar(' ');
131 
132 	if (np->in_flags & IPN_FILTER) {
133 		if (np->in_flags & IPN_NOTSRC)
134 			printf("! ");
135 		printf("from ");
136 		if (np->in_redir == NAT_REDIRECT) {
137 			printhostmask(4, (u_32_t *)&np->in_srcip,
138 				      (u_32_t *)&np->in_srcmsk);
139 		} else {
140 			printhostmask(4, (u_32_t *)&np->in_inip,
141 				      (u_32_t *)&np->in_inmsk);
142 		}
143 		if (np->in_scmp)
144 			printportcmp(np->in_p, &np->in_tuc.ftu_src);
145 
146 		if (np->in_flags & IPN_NOTDST)
147 			printf(" !");
148 		printf(" to ");
149 		if (np->in_redir == NAT_REDIRECT) {
150 			printhostmask(4, (u_32_t *)&np->in_outip,
151 				      (u_32_t *)&np->in_outmsk);
152 		} else {
153 			printhostmask(4, (u_32_t *)&np->in_srcip,
154 				      (u_32_t *)&np->in_srcmsk);
155 		}
156 		if (np->in_dcmp)
157 			printportcmp(np->in_p, &np->in_tuc.ftu_dst);
158 	}
159 
160 	if (np->in_redir == NAT_REDIRECT) {
161 		if (!(np->in_flags & IPN_FILTER)) {
162 			printf("%s", inet_ntoa(np->in_out[0].in4));
163 			bits = count4bits(np->in_outmsk);
164 			if (bits != -1)
165 				printf("/%d ", bits);
166 			else
167 				printf("/%s ", inet_ntoa(np->in_out[1].in4));
168 			printf("port %d", ntohs(np->in_pmin));
169 			if (np->in_pmax != np->in_pmin)
170 				printf("-%d", ntohs(np->in_pmax));
171 		}
172 		printf(" -> %s", inet_ntoa(np->in_in[0].in4));
173 		if (np->in_flags & IPN_SPLIT)
174 			printf(",%s", inet_ntoa(np->in_in[1].in4));
175 		printf(" port %d", ntohs(np->in_pnext));
176 		if ((np->in_flags & IPN_TCPUDP) == IPN_TCPUDP)
177 			printf(" tcp/udp");
178 		else if ((np->in_flags & IPN_TCP) == IPN_TCP)
179 			printf(" tcp");
180 		else if ((np->in_flags & IPN_UDP) == IPN_UDP)
181 			printf(" udp");
182 		else if (np->in_p == 0)
183 			printf(" ip");
184 		else if (pr != NULL)
185 			printf(" %s", pr->p_name);
186 		else
187 			printf(" %d", np->in_p);
188 		if (np->in_flags & IPN_ROUNDR)
189 			printf(" round-robin");
190 		if (np->in_flags & IPN_FRAG)
191 			printf(" frag");
192 		if (np->in_age[0] != 0 || np->in_age[1] != 0) {
193 			printf(" age %d/%d", np->in_age[0], np->in_age[1]);
194 		}
195 		if (np->in_flags & IPN_STICKY)
196 			printf(" sticky");
197 		if (np->in_mssclamp != 0)
198 			printf(" mssclamp %d", np->in_mssclamp);
199 		if (*np->in_plabel != '\0') {
200 			printf(" proxy %.*s/", (int)sizeof(np->in_plabel),
201 				np->in_plabel);
202 			if (pr != NULL)
203 				fputs(pr->p_name, stdout);
204 			else
205 				printf("%d", np->in_p);
206 		}
207 		printf("\n");
208 		if (opts & OPT_DEBUG)
209 			printf("\tspc %lu flg %#x max %u use %d\n",
210 			       np->in_space, np->in_flags,
211 			       np->in_pmax, np->in_use);
212 	} else {
213 		if (!(np->in_flags & IPN_FILTER)) {
214 			printf("%s/", inet_ntoa(np->in_in[0].in4));
215 			bits = count4bits(np->in_inmsk);
216 			if (bits != -1)
217 				printf("%d", bits);
218 			else
219 				printf("%s", inet_ntoa(np->in_in[1].in4));
220 		}
221 		printf(" -> ");
222 		if (np->in_flags & IPN_IPRANGE) {
223 			printf("range %s-", inet_ntoa(np->in_out[0].in4));
224 			printf("%s", inet_ntoa(np->in_out[1].in4));
225 		} else {
226 			printf("%s/", inet_ntoa(np->in_out[0].in4));
227 			bits = count4bits(np->in_outmsk);
228 			if (bits != -1)
229 				printf("%d", bits);
230 			else
231 				printf("%s", inet_ntoa(np->in_out[1].in4));
232 		}
233 		if (*np->in_plabel != '\0') {
234 			printf(" proxy port");
235 			if (np->in_dcmp != 0)
236 				np->in_dport = htons(np->in_dport);
237 			if (np->in_dport != 0) {
238 				if (pr != NULL)
239 					sv = getservbyport(np->in_dport,
240 							   pr->p_name);
241 				else
242 					sv = getservbyport(np->in_dport, NULL);
243 				if (sv != NULL)
244 					printf(" %s", sv->s_name);
245 				else
246 					printf(" %hu", ntohs(np->in_dport));
247 			}
248 			printf(" %.*s/", (int)sizeof(np->in_plabel),
249 				np->in_plabel);
250 			if (pr != NULL)
251 				fputs(pr->p_name, stdout);
252 			else
253 				printf("%d", np->in_p);
254 		} else if (np->in_redir == NAT_MAPBLK) {
255 			if ((np->in_pmin == 0) &&
256 			    (np->in_flags & IPN_AUTOPORTMAP))
257 				printf(" ports auto");
258 			else
259 				printf(" ports %d", np->in_pmin);
260 			if (opts & OPT_DEBUG)
261 				printf("\n\tip modulous %d", np->in_pmax);
262 		} else if (np->in_pmin || np->in_pmax) {
263 			printf(" portmap");
264 			if ((np->in_flags & IPN_TCPUDP) == IPN_TCPUDP)
265 				printf(" tcp/udp");
266 			else if (np->in_flags & IPN_TCP)
267 				printf(" tcp");
268 			else if (np->in_flags & IPN_UDP)
269 				printf(" udp");
270 			if (np->in_flags & IPN_AUTOPORTMAP) {
271 				printf(" auto");
272 				if (opts & OPT_DEBUG)
273 					printf(" [%d:%d %d %d]",
274 					       ntohs(np->in_pmin),
275 					       ntohs(np->in_pmax),
276 					       np->in_ippip, np->in_ppip);
277 			} else {
278 				printf(" %d:%d", ntohs(np->in_pmin),
279 				       ntohs(np->in_pmax));
280 			}
281 		}
282 		if (np->in_flags & IPN_FRAG)
283 			printf(" frag");
284 		if (np->in_age[0] != 0 || np->in_age[1] != 0) {
285 			printf(" age %d/%d", np->in_age[0], np->in_age[1]);
286 		}
287 		if (np->in_mssclamp != 0)
288 			printf(" mssclamp %d", np->in_mssclamp);
289 		printf("\n");
290 		if (opts & OPT_DEBUG) {
291 			struct in_addr nip;
292 
293 			nip.s_addr = htonl(np->in_nextip.s_addr);
294 
295 			printf("\tspace %lu nextip %s pnext %d", np->in_space,
296 			       inet_ntoa(nip), np->in_pnext);
297 			printf(" flags %x use %u\n",
298 			       np->in_flags, np->in_use);
299 		}
300 	}
301 }
302