| ipfstat.c (ab25eeb5) | ipfstat.c (f4b3ec61) |
|---|---|
| 1/* 2 * Copyright (C) 1993-2001, 2003 by Darren Reed. 3 * 4 * See the IPFILTER.LICENCE file for details on licencing. 5 * | 1/* 2 * Copyright (C) 1993-2001, 2003 by Darren Reed. 3 * 4 * See the IPFILTER.LICENCE file for details on licencing. 5 * |
| 6 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. | 6 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. |
| 7 * Use is subject to license terms. 8 */ 9 10#pragma ident "%Z%%M% %I% %E% SMI" 11 12#ifdef __FreeBSD__ 13# ifndef __FreeBSD_cc_version 14# include <osreldate.h> --- 123 unchanged lines hidden (view full) --- 138 139static void showstats __P((friostat_t *, u_32_t)); 140static void showfrstates __P((ipfrstat_t *)); 141static void showlist __P((friostat_t *)); 142static void showipstates __P((ips_stat_t *)); 143static void showauthstates __P((fr_authstat_t *)); 144static void showgroups __P((friostat_t *)); 145static void usage __P((char *)); | 7 * Use is subject to license terms. 8 */ 9 10#pragma ident "%Z%%M% %I% %E% SMI" 11 12#ifdef __FreeBSD__ 13# ifndef __FreeBSD_cc_version 14# include <osreldate.h> --- 123 unchanged lines hidden (view full) --- 138 139static void showstats __P((friostat_t *, u_32_t)); 140static void showfrstates __P((ipfrstat_t *)); 141static void showlist __P((friostat_t *)); 142static void showipstates __P((ips_stat_t *)); 143static void showauthstates __P((fr_authstat_t *)); 144static void showgroups __P((friostat_t *)); 145static void usage __P((char *)); |
| 146static void printlivelist __P((int, int, frentry_t *, char *, char *)); 147static void printdeadlist __P((int, int, frentry_t *, char *, char *)); |
|
| 146static void printlist __P((frentry_t *, char *)); 147static void parse_ipportstr __P((const char *, i6addr_t *, int *)); 148static void ipfstate_live __P((char *, friostat_t **, ips_stat_t **, 149 ipfrstat_t **, fr_authstat_t **, u_32_t *)); 150static void ipfstate_dead __P((char *, friostat_t **, ips_stat_t **, 151 ipfrstat_t **, fr_authstat_t **, u_32_t *)); 152#ifdef STATETOP 153static void topipstates __P((i6addr_t, i6addr_t, int, int, int, --- 102 unchanged lines hidden (view full) --- 256 perror(""); 257 exit(-1); 258 } 259 } 260 261 if (kern != NULL || memf != NULL) { 262 (void)setgid(getgid()); 263 (void)setreuid(getuid(), getuid()); | 148static void printlist __P((frentry_t *, char *)); 149static void parse_ipportstr __P((const char *, i6addr_t *, int *)); 150static void ipfstate_live __P((char *, friostat_t **, ips_stat_t **, 151 ipfrstat_t **, fr_authstat_t **, u_32_t *)); 152static void ipfstate_dead __P((char *, friostat_t **, ips_stat_t **, 153 ipfrstat_t **, fr_authstat_t **, u_32_t *)); 154#ifdef STATETOP 155static void topipstates __P((i6addr_t, i6addr_t, int, int, int, --- 102 unchanged lines hidden (view full) --- 258 perror(""); 259 exit(-1); 260 } 261 } 262 263 if (kern != NULL || memf != NULL) { 264 (void)setgid(getgid()); 265 (void)setreuid(getuid(), getuid()); |
| 266 if (openkmem(kern, memf) == -1) 267 exit(-1); |
|
| 264 } 265 266 if (live_kernel == 1) 267 (void) checkrev(device); | 268 } 269 270 if (live_kernel == 1) 271 (void) checkrev(device); |
| 268 if (openkmem(kern, memf) == -1) 269 exit(-1); 270 | |
| 271 (void)setgid(getgid()); 272 (void)setreuid(getuid(), getuid()); 273 274 opterr = 1; 275 276 while ((c = getopt(argc, argv, options)) != -1) 277 { 278 switch (c) --- 494 unchanged lines hidden (view full) --- 773 if (!frf) 774 PRINTF("\tnone\n"); 775} 776 777 778/* 779 * Print out a list of rules from the kernel, starting at the one passed. 780 */ | 272 (void)setgid(getgid()); 273 (void)setreuid(getuid(), getuid()); 274 275 opterr = 1; 276 277 while ((c = getopt(argc, argv, options)) != -1) 278 { 279 switch (c) --- 494 unchanged lines hidden (view full) --- 774 if (!frf) 775 PRINTF("\tnone\n"); 776} 777 778 779/* 780 * Print out a list of rules from the kernel, starting at the one passed. 781 */ |
| 781static void printlist(fp, comment) | 782static void printlivelist(out, set, fp, group, comment) 783int out, set; |
| 782frentry_t *fp; | 784frentry_t *fp; |
| 783char *comment; | 785char *group, *comment; |
| 784{ | 786{ |
| 787 frgroup_t *grtop, *grtail, *g; |
|
| 785 struct frentry fb, *fg; | 788 struct frentry fb, *fg; |
| 786 char *data; 787 u_32_t type; | |
| 788 int n; | 789 int n; |
| 790 ipfruleiter_t rule; 791 ipfobj_t obj; |
|
| 789 | 792 |
| 790 for (n = 1; fp; n++) { 791 if (kmemcpy((char *)&fb, (u_long)fp, sizeof(fb)) == -1) { 792 perror("kmemcpy"); | 793 fb.fr_next = fp; 794 n = 0; 795 796 grtop = NULL; 797 grtail = NULL; 798 rule.iri_ver = use_inet6? AF_INET6 : AF_INET; 799 rule.iri_inout = out; 800 rule.iri_active = set; 801 rule.iri_rule = &fb; 802 if (group != NULL) 803 strncpy(rule.iri_group, group, FR_GROUPLEN); 804 else 805 rule.iri_group[0] = '\0'; 806 807 bzero((char *)&obj, sizeof(obj)); 808 obj.ipfo_rev = IPFILTER_VERSION; 809 obj.ipfo_type = IPFOBJ_IPFITER; 810 obj.ipfo_size = sizeof(rule); 811 obj.ipfo_ptr = &rule; 812 813 do { 814 u_long array[1000]; 815 816 memset(array, 0xff, sizeof(array)); 817 fp = (frentry_t *)array; 818 rule.iri_rule = fp; 819 if (ioctl(ipf_fd, SIOCIPFITER, &obj) == -1) { 820 perror("ioctl(SIOCIPFITER)"); |
| 793 return; 794 } | 821 return; 822 } |
| 795 fp = &fb; | 823 if (fp->fr_data != NULL) 824 fp->fr_data = (char *)fp + sizeof(*fp); 825 826 n++; 827 |
| 796 if (opts & (OPT_HITS|OPT_VERBOSE)) 797#ifdef USE_QUAD_T 798 PRINTF("%qu ", (unsigned long long) fp->fr_hits); 799#else 800 PRINTF("%lu ", fp->fr_hits); 801#endif 802 if (opts & (OPT_ACCNT|OPT_VERBOSE)) 803#ifdef USE_QUAD_T 804 PRINTF("%qu ", (unsigned long long) fp->fr_bytes); 805#else 806 PRINTF("%lu ", fp->fr_bytes); 807#endif 808 if (opts & OPT_SHOWLINENO) 809 PRINTF("@%d ", n); | 828 if (opts & (OPT_HITS|OPT_VERBOSE)) 829#ifdef USE_QUAD_T 830 PRINTF("%qu ", (unsigned long long) fp->fr_hits); 831#else 832 PRINTF("%lu ", fp->fr_hits); 833#endif 834 if (opts & (OPT_ACCNT|OPT_VERBOSE)) 835#ifdef USE_QUAD_T 836 PRINTF("%qu ", (unsigned long long) fp->fr_bytes); 837#else 838 PRINTF("%lu ", fp->fr_bytes); 839#endif 840 if (opts & OPT_SHOWLINENO) 841 PRINTF("@%d ", n); |
| 842 843 printfr(fp, ioctl); 844 if (opts & OPT_DEBUG) { 845 binprint(fp, sizeof(*fp)); 846 if (fp->fr_data != NULL && fp->fr_dsize > 0) 847 binprint(fp->fr_data, fp->fr_dsize); 848 } 849 850 if (fp->fr_grhead[0] != '\0') { 851 g = calloc(1, sizeof(*g)); 852 853 if (g != NULL) { 854 strncpy(g->fg_name, fp->fr_grhead, 855 FR_GROUPLEN); 856 if (grtop == NULL) { 857 grtop = g; 858 grtail = g; 859 } else { 860 grtail->fg_next = g; 861 grtail = g; 862 } 863 } 864 } 865 } while (fp->fr_next != NULL); 866 867 while ((g = grtop) != NULL) { 868 printlivelist(out, set, NULL, g->fg_name, comment); 869 grtop = g->fg_next; 870 free(g); 871 } 872} 873 874 875static void printdeadlist(out, set, fp, group, comment) 876int out, set; 877frentry_t *fp; 878char *group, *comment; 879{ 880 frgroup_t *grtop, *grtail, *g; 881 struct frentry fb, *fg; 882 char *data; 883 u_32_t type; 884 int n; 885 886 fb.fr_next = fp; 887 n = 0; 888 grtop = NULL; 889 grtail = NULL; 890 891 do { 892 fp = fb.fr_next; 893 if (kmemcpy((char *)&fb, (u_long)fb.fr_next, 894 sizeof(fb)) == -1) { 895 perror("kmemcpy"); 896 return; 897 } 898 |
|
| 810 data = NULL; | 899 data = NULL; |
| 811 type = fp->fr_type & ~FR_T_BUILTIN; | 900 type = fb.fr_type & ~FR_T_BUILTIN; |
| 812 if (type == FR_T_IPF || type == FR_T_BPFOPC) { | 901 if (type == FR_T_IPF || type == FR_T_BPFOPC) { |
| 813 if (fp->fr_dsize) { 814 data = malloc(fp->fr_dsize); 815 if (data == NULL) { 816 perror("malloc"); 817 exit(1); 818 } | 902 if (fb.fr_dsize) { 903 data = malloc(fb.fr_dsize); |
| 819 | 904 |
| 820 if (kmemcpy(data, (u_long)fp->fr_data, 821 fp->fr_dsize) == -1) { | 905 if (kmemcpy(data, (u_long)fb.fr_data, 906 fb.fr_dsize) == -1) { |
| 822 perror("kmemcpy"); 823 return; 824 } | 907 perror("kmemcpy"); 908 return; 909 } |
| 825 fp->fr_data = data; | 910 fb.fr_data = data; |
| 826 } 827 } 828 | 911 } 912 } 913 |
| 914 n++; 915 916 if (opts & (OPT_HITS|OPT_VERBOSE)) 917#ifdef USE_QUAD_T 918 PRINTF("%qu ", (unsigned long long) fb.fr_hits); 919#else 920 PRINTF("%lu ", fb.fr_hits); 921#endif 922 if (opts & (OPT_ACCNT|OPT_VERBOSE)) 923#ifdef USE_QUAD_T 924 PRINTF("%qu ", (unsigned long long) fb.fr_bytes); 925#else 926 PRINTF("%lu ", fb.fr_bytes); 927#endif 928 if (opts & OPT_SHOWLINENO) 929 PRINTF("@%d ", n); 930 |
|
| 829 printfr(fp, ioctl); 830 if (opts & OPT_DEBUG) { 831 binprint(fp, sizeof(*fp)); | 931 printfr(fp, ioctl); 932 if (opts & OPT_DEBUG) { 933 binprint(fp, sizeof(*fp)); |
| 832 if (fp->fr_data != NULL && fp->fr_dsize > 0) 833 binprint(fp->fr_data, fp->fr_dsize); | 934 if (fb.fr_data != NULL && fb.fr_dsize > 0) 935 binprint(fb.fr_data, fb.fr_dsize); |
| 834 } 835 if (data != NULL) 836 free(data); | 936 } 937 if (data != NULL) 938 free(data); |
| 837 if (fp->fr_grp != NULL) { 838 if (!kmemcpy((char *)&fg, (u_long)fp->fr_grp, 839 sizeof(fg))) 840 printlist(fg, comment); | 939 if (fb.fr_grhead[0] != '\0') { 940 g = calloc(1, sizeof(*g)); 941 942 if (g != NULL) { 943 strncpy(g->fg_name, fb.fr_grhead, 944 FR_GROUPLEN); 945 if (grtop == NULL) { 946 grtop = g; 947 grtail = g; 948 } else { 949 grtail->fg_next = g; 950 grtail = g; 951 } 952 } |
| 841 } 842 if (type == FR_T_CALLFUNC) { | 953 } 954 if (type == FR_T_CALLFUNC) { |
| 843 printlist(fp->fr_data, "# callfunc: "); | 955 printdeadlist(out, set, fb.fr_data, group, 956 "# callfunc: "); |
| 844 } | 957 } |
| 845 fp = fp->fr_next; | 958 } while (fb.fr_next != NULL); 959 960 while ((g = grtop) != NULL) { 961 printdeadlist(out, set, NULL, g->fg_name, comment); 962 grtop = g->fg_next; 963 free(g); |
| 846 } 847} 848 | 964 } 965} 966 |
| 967 |
|
| 849/* 850 * print out all of the asked for rule sets, using the stats struct as 851 * the base from which to get the pointers. 852 */ 853static void showlist(fiop) 854struct friostat *fiop; 855{ 856 struct frentry *fp = NULL; --- 46 unchanged lines hidden (view full) --- 903 904 if (opts & OPT_VERBOSE) 905 PRINTF("fp %p set %d\n", fp, set); 906 if (!fp) { 907 FPRINTF(stderr, "empty list for %s%s\n", 908 (opts & OPT_INACTIVE) ? "inactive " : "", filters[i]); 909 return; 910 } | 968/* 969 * print out all of the asked for rule sets, using the stats struct as 970 * the base from which to get the pointers. 971 */ 972static void showlist(fiop) 973struct friostat *fiop; 974{ 975 struct frentry *fp = NULL; --- 46 unchanged lines hidden (view full) --- 1022 1023 if (opts & OPT_VERBOSE) 1024 PRINTF("fp %p set %d\n", fp, set); 1025 if (!fp) { 1026 FPRINTF(stderr, "empty list for %s%s\n", 1027 (opts & OPT_INACTIVE) ? "inactive " : "", filters[i]); 1028 return; 1029 } |
| 911 printlist(fp, NULL); | 1030 if (live_kernel == 1) 1031 printlivelist(i, set, fp, NULL, NULL); 1032 else 1033 printdeadlist(i, set, fp, NULL, NULL); |
| 912} 913 914 915/* 916 * Display ipfilter stateful filtering information 917 */ 918static void showipstates(ipsp) 919ips_stat_t *ipsp; --- 895 unchanged lines hidden --- | 1034} 1035 1036 1037/* 1038 * Display ipfilter stateful filtering information 1039 */ 1040static void showipstates(ipsp) 1041ips_stat_t *ipsp; --- 895 unchanged lines hidden --- |