static void print(const struct arpt_arp *ip,
const struct arpt_entry_target *target, int numeric)
{
struct arpt_mangle *m = (struct arpt_mangle *)(target->data);
char buf[100];
if (m->flags & ARPT_MANGLE_SIP) {
if (numeric)
sprintf(buf, "%s", addr_to_dotted(&(m->u_s.src_ip)));
else
sprintf(buf, "%s", addr_to_anyname(&(m->u_s.src_ip)));
printf("--mangle-ip-s %s ", buf);
}
if (m->flags & ARPT_MANGLE_SDEV) {
printf("--mangle-mac-s ");
print_mac((unsigned char *)m->src_devaddr, 6);
printf(" ");
}
if (m->flags & ARPT_MANGLE_TIP) {
if (numeric)
sprintf(buf, "%s", addr_to_dotted(&(m->u_t.tgt_ip)));
else
sprintf(buf, "%s", addr_to_anyname(&(m->u_t.tgt_ip)));
printf("--mangle-ip-d %s ", buf);
}
if (m->flags & ARPT_MANGLE_TDEV) {
printf("--mangle-mac-d ");
print_mac((unsigned char *)m->tgt_devaddr, 6);
printf(" ");
}
if (m->target != NF_ACCEPT) {
printf("--mangle-target ");
if (m->target == NF_DROP)
printf("DROP ");
else
printf("CONTINUE ");
}
}
char *
addrport_to_anyname(struct in_addr *addr, unsigned int port,
unsigned short proto, unsigned int format)
{
char *buf;
if (!(buf = malloc(60)))
return NULL;
if (format & FMT_NUMERIC) {
snprintf(buf, 60, "%s:%u", inet_ntoa(*addr), port);
} else {
snprintf(buf, 60, "%s:%s", addr_to_anyname(addr),
port_to_anyname(port, proto));
}
return buf;
}
static void
print_addr(struct in_addr *addr, struct in_addr *mask, int inv, int numeric)
{
char buf[BUFSIZ];
if (inv)
printf("! ");
if (mask->s_addr == 0L && !numeric)
printf("%s ", "anywhere");
else {
if (numeric)
sprintf(buf, "%s", addr_to_dotted(addr));
else
sprintf(buf, "%s", addr_to_anyname(addr));
strcat(buf, mask_to_dotted(mask));
printf("%s ", buf);
}
}
u_char * var_ipfwrules(
struct variable *vp,
oid *name,
int *length,
int exact,
int *var_len,
WriteMethod **write_method)
{
static char string_value[256];
static char buf[256];
static struct ipfwc_fwrule *rules;
static int rules_initialized = 0;
static unsigned int num_rules;
static struct protoent *protocol;
unsigned short flags;
__u64 cnt, cntkb, cntmb, cntgb;
/* if ( (!rules_initialized) ||( (name[*length-1]==1)&&(name[*length-2]==1)) ){ */
if ( (name[*length-1]==1)&&(name[*length-2]==1) ) {
printf("Initialising ruletable...\n");
rules = ipfwc_get_rules(&num_rules,0);
if (rules==NULL) return NULL;
rules_initialized = 1;
}
if (!checkmib(vp,name,length,exact,var_len,write_method,num_rules)){
printf("Match failed...\n");
return NULL;
}
switch (vp->magic){
case IPFWRRULEINDEX:
long_return = name[*length-1];
return (u_char *)&long_return;
case IPFWRCHAIN:
*var_len = strlen(rules[name[*length-1]-1].chain[0].label);
return (u_char *) rules[name[*length-1]-1].chain[0].label;
case IPFWRPKTS:
printf ("case IPFWRPKTS\n");
cnt = rules[name[*length-1]-1].packets;
if (cnt > 99999) {
cntkb = (cnt + 500) / 1000;
if (cntkb > 9999) {
cntmb = (cnt + 500000) / 1000000;
if (cntmb > 9999) {
cntgb = (cntmb + 500) / 1000;
sprintf(string_value, "%lluG", cntgb);
}
else
sprintf(string_value, "%lluM", cntmb);
} else
sprintf(string_value, "%lluK", cntkb);
} else
sprintf(string_value, "%llu", cnt);
*var_len = strlen (string_value);
return (u_char *) string_value;
case IPFWRBYTES:
cnt = rules[name[*length-1]-1].bytes;
if (cnt > 99999) {
cntkb = (cnt + 500) / 1000;
if (cntkb > 9999) {
cntmb = (cnt + 500000) / 1000000;
if (cntmb > 9999) {
cntgb = (cntmb + 500) / 1000;
sprintf(string_value, "%lluG", cntgb);
}
else
sprintf(string_value, "%lluM", cntmb);
} else
sprintf(string_value, "%lluK", cntkb);
} else
sprintf(string_value, "%llu", cnt);
*var_len = strlen (string_value);
return (u_char *)string_value;
case IPFWRTARGET:
*var_len = strlen(rules[name[*length-1]-1].ipfw.label);
return (u_char *) rules[name[*length-1]-1].ipfw.label;
case IPFWRPROT:
protocol = getprotobynumber( (int) rules[name[*length-1]-1].ipfw.ipfw.fw_proto);
if (!strcmp(protocol->p_name,"ip" )) strcpy (protocol->p_name,"all");
*var_len = strlen (protocol->p_name);
return (u_char *) protocol->p_name;
case IPFWRSOURCE:
if (rules[name[*length-1]-1].ipfw.ipfw.fw_invflg & IP_FW_INV_SRCIP) sprintf(string_value,"!");
else strcpy(string_value,"");
if (rules[name[*length-1]-1].ipfw.ipfw.fw_smsk.s_addr == 0L)
strcat(string_value,"anywhere");
else {
sprintf(buf, "%s", addr_to_anyname(&(rules[name[*length-1]-1].ipfw.ipfw.fw_src)));
strcat(buf, mask_to_dotted(&(rules[name[*length-1]-1].ipfw.ipfw.fw_smsk)));
strcat(string_value,buf);
}
printf("%s\n",string_value);
*var_len = strlen(string_value);
return (u_char *) string_value;
case IPFWRDESTINATION:
if (rules[name[*length-1]-1].ipfw.ipfw.fw_invflg & IP_FW_INV_DSTIP) sprintf(string_value,"!");
else strcpy(string_value,"");
if (rules[name[*length-1]-1].ipfw.ipfw.fw_dmsk.s_addr == 0L)
strcat(string_value,"anywhere");
else {
sprintf(buf, "%s", addr_to_anyname(&(rules[name[*length-1]-1].ipfw.ipfw.fw_dst)));
strcat(buf, mask_to_dotted(&(rules[name[*length-1]-1].ipfw.ipfw.fw_dmsk)));
strcat(string_value,buf);
}
printf("%s\n",string_value);
*var_len = strlen(string_value);
return (u_char *) string_value;
case IPFWRPORTS:
if (rules[name[*length-1]-1].ipfw.ipfw.fw_proto != IPPROTO_TCP
&& rules[name[*length-1]-1].ipfw.ipfw.fw_proto != IPPROTO_UDP
&& rules[name[*length-1]-1].ipfw.ipfw.fw_proto != IPPROTO_ICMP) {
sprintf(string_value,"n/a");
*var_len = strlen(string_value);
return (u_char *) string_value;
}
/* ICMP handled specially. */
if (rules[name[*length-1]-1].ipfw.ipfw.fw_proto == IPPROTO_ICMP
&& !(rules[name[*length-1]-1].ipfw.ipfw.fw_invflg & IP_FW_INV_SRCPT)
&& !(rules[name[*length-1]-1].ipfw.ipfw.fw_invflg & IP_FW_INV_DSTPT)) {
unsigned int i;
for (i = 0; i < sizeof(icmp_codes)/sizeof(struct icmp_names); i++) {
if (icmp_codes[i].type == rules[name[*length-1]-1].ipfw.ipfw.fw_spts[0]
&& icmp_codes[i].type == rules[name[*length-1]-1].ipfw.ipfw.fw_spts[1]
&& icmp_codes[i].code_min == rules[name[*length-1]-1].ipfw.ipfw.fw_dpts[0]
&& icmp_codes[i].code_max == rules[name[*length-1]-1].ipfw.ipfw.fw_dpts[1]) {
sprintf(string_value, "%s", icmp_codes[i].name);
*var_len = strlen(string_value);
return (u_char *) string_value;
}
}
}
sprintf(string_value, rules[name[*length-1]-1].ipfw.ipfw.fw_invflg & IP_FW_INV_SRCPT ? "!" : "");
if (rules[name[*length-1]-1].ipfw.ipfw.fw_spts[0] == 0 && rules[name[*length-1]-1].ipfw.ipfw.fw_spts[1] == 0xFFFF)
strcat(string_value, "any");
else if (rules[name[*length-1]-1].ipfw.ipfw.fw_spts[0] == rules[name[*length-1]-1].ipfw.ipfw.fw_spts[1]) {
strcat(string_value, service_to_string(rules[name[*length-1]-1].ipfw.ipfw.fw_spts[0], rules[name[*length-1]-1].ipfw.ipfw.fw_proto));
}
else {
strcat(string_value, service_to_string(rules[name[*length-1]-1].ipfw.ipfw.fw_spts[0], rules[name[*length-1]-1].ipfw.ipfw.fw_proto));
strcat(string_value,":");
strcat(string_value, service_to_string(rules[name[*length-1]-1].ipfw.ipfw.fw_spts[1], rules[name[*length-1]-1].ipfw.ipfw.fw_proto));
}
strcat (string_value," -> ");
strcat(string_value, rules[name[*length-1]-1].ipfw.ipfw.fw_invflg & IP_FW_INV_DSTPT ? "!" : "");
if (rules[name[*length-1]-1].ipfw.ipfw.fw_dpts[0] == 0 && rules[name[*length-1]-1].ipfw.ipfw.fw_dpts[1] == 0xFFFF)
strcat(string_value, "any");
else if (rules[name[*length-1]-1].ipfw.ipfw.fw_dpts[0] == rules[name[*length-1]-1].ipfw.ipfw.fw_dpts[1]) {
strcat(string_value, service_to_string(rules[name[*length-1]-1].ipfw.ipfw.fw_dpts[0], rules[name[*length-1]-1].ipfw.ipfw.fw_proto));
}
else {
strcat(string_value, service_to_string(rules[name[*length-1]-1].ipfw.ipfw.fw_dpts[0], rules[name[*length-1]-1].ipfw.ipfw.fw_proto));
strcat(string_value,":");
strcat(string_value, service_to_string(rules[name[*length-1]-1].ipfw.ipfw.fw_dpts[1], rules[name[*length-1]-1].ipfw.ipfw.fw_proto));
}
*var_len = strlen(string_value);
return (u_char *) string_value;
case IPFWROPT:
flags = rules[name[*length-1]-1].ipfw.ipfw.fw_flg;
sprintf(string_value, (rules[name[*length-1]-1].ipfw.ipfw.fw_invflg & IP_FW_INV_SYN) ? "!" : "-");
strcat(string_value, (flags & IP_FW_F_TCPSYN) ? "y" : "-");
strcat(string_value, (rules[name[*length-1]-1].ipfw.ipfw.fw_invflg & IP_FW_INV_FRAG) ? "!" : "-");
strcat(string_value, (flags & IP_FW_F_FRAG) ? "f" : "-");
strcat(string_value, (flags & IP_FW_F_PRN) ? "l" : "-");
strcat(string_value, (flags & IP_FW_F_NETLINK) ? "o" : "-");
*var_len = strlen(string_value);
return (u_char *) string_value;
case IPFWRIFNAME:
sprintf(string_value, rules[name[*length-1]-1].ipfw.ipfw.fw_invflg & IP_FW_INV_VIA ? "!" : "");
if (rules[name[*length-1]-1].ipfw.ipfw.fw_flg & IP_FW_F_WILDIF && (rules[name[*length-1]-1].ipfw.ipfw.fw_vianame)[0]) {
rules[name[*length-1]-1].ipfw.ipfw.fw_vianame[strlen(rules[name[*length-1]-1].ipfw.ipfw.fw_vianame)+1]='\0';
rules[name[*length-1]-1].ipfw.ipfw.fw_vianame[strlen(rules[name[*length-1]-1].ipfw.ipfw.fw_vianame)]='+';
}
strcat(string_value, (rules[name[*length-1]-1].ipfw.ipfw.fw_vianame)[0] ? rules[name[*length-1]-1].ipfw.ipfw.fw_vianame : "any");
*var_len = strlen(string_value);
return (u_char *) string_value;
case IPFWRTOSA:
sprintf(string_value, "0x%02hX", (unsigned short) rules[name[*length-1]-1].ipfw.ipfw.fw_tosand);
*var_len = strlen(string_value);
return (u_char *) string_value;
case IPFWRTOSX:
sprintf(string_value, "0x%02hX", (unsigned short) rules[name[*length-1]-1].ipfw.ipfw.fw_tosxor);
*var_len = strlen(string_value);
return (u_char *) string_value;
case IPFWRMARK:
if (rules[name[*length-1]-1].ipfw.ipfw.fw_flg & IP_FW_F_MARKABS)
sprintf(string_value, "0x%x",rules[name[*length-1]-1].ipfw.ipfw.fw_mark);
else if (rules[name[*length-1]-1].ipfw.ipfw.fw_mark == 0)
strcpy(string_value,"");
else
sprintf(string_value, "0x%x", (int)rules[name[*length-1]-1].ipfw.ipfw.fw_mark);
*var_len = strlen(string_value);
return (u_char *) string_value;
case IPFWROUTSIZE:
if ((rules[name[*length-1]-1].ipfw.ipfw.fw_flg & IP_FW_F_NETLINK) && (rules[name[*length-1]-1].ipfw.ipfw.fw_outputsize != 0xFFFF))
sprintf(string_value, "%hu", rules[name[*length-1]-1].ipfw.ipfw.fw_outputsize);
else
strcpy(string_value,"");
*var_len = strlen(string_value);
return (u_char *)string_value;
default:
ERROR_MSG("Oops...\n");
}
return NULL;
}
