static void print(const struct arpt_arp *ip, const struct arpt_entry_target *target, int numeric) { struct arpt_mangle *m = (struct arpt_mangle *)(target->data); char buf[100]; if (m->flags & ARPT_MANGLE_SIP) { if (numeric) sprintf(buf, "%s", addr_to_dotted(&(m->u_s.src_ip))); else sprintf(buf, "%s", addr_to_anyname(&(m->u_s.src_ip))); printf("--mangle-ip-s %s ", buf); } if (m->flags & ARPT_MANGLE_SDEV) { printf("--mangle-mac-s "); print_mac((unsigned char *)m->src_devaddr, 6); printf(" "); } if (m->flags & ARPT_MANGLE_TIP) { if (numeric) sprintf(buf, "%s", addr_to_dotted(&(m->u_t.tgt_ip))); else sprintf(buf, "%s", addr_to_anyname(&(m->u_t.tgt_ip))); printf("--mangle-ip-d %s ", buf); } if (m->flags & ARPT_MANGLE_TDEV) { printf("--mangle-mac-d "); print_mac((unsigned char *)m->tgt_devaddr, 6); printf(" "); } if (m->target != NF_ACCEPT) { printf("--mangle-target "); if (m->target == NF_DROP) printf("DROP "); else printf("CONTINUE "); } }
char * addrport_to_anyname(struct in_addr *addr, unsigned int port, unsigned short proto, unsigned int format) { char *buf; if (!(buf = malloc(60))) return NULL; if (format & FMT_NUMERIC) { snprintf(buf, 60, "%s:%u", inet_ntoa(*addr), port); } else { snprintf(buf, 60, "%s:%s", addr_to_anyname(addr), port_to_anyname(port, proto)); } return buf; }
static void print_addr(struct in_addr *addr, struct in_addr *mask, int inv, int numeric) { char buf[BUFSIZ]; if (inv) printf("! "); if (mask->s_addr == 0L && !numeric) printf("%s ", "anywhere"); else { if (numeric) sprintf(buf, "%s", addr_to_dotted(addr)); else sprintf(buf, "%s", addr_to_anyname(addr)); strcat(buf, mask_to_dotted(mask)); printf("%s ", buf); } }
u_char * var_ipfwrules( struct variable *vp, oid *name, int *length, int exact, int *var_len, WriteMethod **write_method) { static char string_value[256]; static char buf[256]; static struct ipfwc_fwrule *rules; static int rules_initialized = 0; static unsigned int num_rules; static struct protoent *protocol; unsigned short flags; __u64 cnt, cntkb, cntmb, cntgb; /* if ( (!rules_initialized) ||( (name[*length-1]==1)&&(name[*length-2]==1)) ){ */ if ( (name[*length-1]==1)&&(name[*length-2]==1) ) { printf("Initialising ruletable...\n"); rules = ipfwc_get_rules(&num_rules,0); if (rules==NULL) return NULL; rules_initialized = 1; } if (!checkmib(vp,name,length,exact,var_len,write_method,num_rules)){ printf("Match failed...\n"); return NULL; } switch (vp->magic){ case IPFWRRULEINDEX: long_return = name[*length-1]; return (u_char *)&long_return; case IPFWRCHAIN: *var_len = strlen(rules[name[*length-1]-1].chain[0].label); return (u_char *) rules[name[*length-1]-1].chain[0].label; case IPFWRPKTS: printf ("case IPFWRPKTS\n"); cnt = rules[name[*length-1]-1].packets; if (cnt > 99999) { cntkb = (cnt + 500) / 1000; if (cntkb > 9999) { cntmb = (cnt + 500000) / 1000000; if (cntmb > 9999) { cntgb = (cntmb + 500) / 1000; sprintf(string_value, "%lluG", cntgb); } else sprintf(string_value, "%lluM", cntmb); } else sprintf(string_value, "%lluK", cntkb); } else sprintf(string_value, "%llu", cnt); *var_len = strlen (string_value); return (u_char *) string_value; case IPFWRBYTES: cnt = rules[name[*length-1]-1].bytes; if (cnt > 99999) { cntkb = (cnt + 500) / 1000; if (cntkb > 9999) { cntmb = (cnt + 500000) / 1000000; if (cntmb > 9999) { cntgb = (cntmb + 500) / 1000; sprintf(string_value, "%lluG", cntgb); } else sprintf(string_value, "%lluM", cntmb); } else sprintf(string_value, "%lluK", cntkb); } else sprintf(string_value, "%llu", cnt); *var_len = strlen (string_value); return (u_char *)string_value; case IPFWRTARGET: *var_len = strlen(rules[name[*length-1]-1].ipfw.label); return (u_char *) rules[name[*length-1]-1].ipfw.label; case IPFWRPROT: protocol = getprotobynumber( (int) rules[name[*length-1]-1].ipfw.ipfw.fw_proto); if (!strcmp(protocol->p_name,"ip" )) strcpy (protocol->p_name,"all"); *var_len = strlen (protocol->p_name); return (u_char *) protocol->p_name; case IPFWRSOURCE: if (rules[name[*length-1]-1].ipfw.ipfw.fw_invflg & IP_FW_INV_SRCIP) sprintf(string_value,"!"); else strcpy(string_value,""); if (rules[name[*length-1]-1].ipfw.ipfw.fw_smsk.s_addr == 0L) strcat(string_value,"anywhere"); else { sprintf(buf, "%s", addr_to_anyname(&(rules[name[*length-1]-1].ipfw.ipfw.fw_src))); strcat(buf, mask_to_dotted(&(rules[name[*length-1]-1].ipfw.ipfw.fw_smsk))); strcat(string_value,buf); } printf("%s\n",string_value); *var_len = strlen(string_value); return (u_char *) string_value; case IPFWRDESTINATION: if (rules[name[*length-1]-1].ipfw.ipfw.fw_invflg & IP_FW_INV_DSTIP) sprintf(string_value,"!"); else strcpy(string_value,""); if (rules[name[*length-1]-1].ipfw.ipfw.fw_dmsk.s_addr == 0L) strcat(string_value,"anywhere"); else { sprintf(buf, "%s", addr_to_anyname(&(rules[name[*length-1]-1].ipfw.ipfw.fw_dst))); strcat(buf, mask_to_dotted(&(rules[name[*length-1]-1].ipfw.ipfw.fw_dmsk))); strcat(string_value,buf); } printf("%s\n",string_value); *var_len = strlen(string_value); return (u_char *) string_value; case IPFWRPORTS: if (rules[name[*length-1]-1].ipfw.ipfw.fw_proto != IPPROTO_TCP && rules[name[*length-1]-1].ipfw.ipfw.fw_proto != IPPROTO_UDP && rules[name[*length-1]-1].ipfw.ipfw.fw_proto != IPPROTO_ICMP) { sprintf(string_value,"n/a"); *var_len = strlen(string_value); return (u_char *) string_value; } /* ICMP handled specially. */ if (rules[name[*length-1]-1].ipfw.ipfw.fw_proto == IPPROTO_ICMP && !(rules[name[*length-1]-1].ipfw.ipfw.fw_invflg & IP_FW_INV_SRCPT) && !(rules[name[*length-1]-1].ipfw.ipfw.fw_invflg & IP_FW_INV_DSTPT)) { unsigned int i; for (i = 0; i < sizeof(icmp_codes)/sizeof(struct icmp_names); i++) { if (icmp_codes[i].type == rules[name[*length-1]-1].ipfw.ipfw.fw_spts[0] && icmp_codes[i].type == rules[name[*length-1]-1].ipfw.ipfw.fw_spts[1] && icmp_codes[i].code_min == rules[name[*length-1]-1].ipfw.ipfw.fw_dpts[0] && icmp_codes[i].code_max == rules[name[*length-1]-1].ipfw.ipfw.fw_dpts[1]) { sprintf(string_value, "%s", icmp_codes[i].name); *var_len = strlen(string_value); return (u_char *) string_value; } } } sprintf(string_value, rules[name[*length-1]-1].ipfw.ipfw.fw_invflg & IP_FW_INV_SRCPT ? "!" : ""); if (rules[name[*length-1]-1].ipfw.ipfw.fw_spts[0] == 0 && rules[name[*length-1]-1].ipfw.ipfw.fw_spts[1] == 0xFFFF) strcat(string_value, "any"); else if (rules[name[*length-1]-1].ipfw.ipfw.fw_spts[0] == rules[name[*length-1]-1].ipfw.ipfw.fw_spts[1]) { strcat(string_value, service_to_string(rules[name[*length-1]-1].ipfw.ipfw.fw_spts[0], rules[name[*length-1]-1].ipfw.ipfw.fw_proto)); } else { strcat(string_value, service_to_string(rules[name[*length-1]-1].ipfw.ipfw.fw_spts[0], rules[name[*length-1]-1].ipfw.ipfw.fw_proto)); strcat(string_value,":"); strcat(string_value, service_to_string(rules[name[*length-1]-1].ipfw.ipfw.fw_spts[1], rules[name[*length-1]-1].ipfw.ipfw.fw_proto)); } strcat (string_value," -> "); strcat(string_value, rules[name[*length-1]-1].ipfw.ipfw.fw_invflg & IP_FW_INV_DSTPT ? "!" : ""); if (rules[name[*length-1]-1].ipfw.ipfw.fw_dpts[0] == 0 && rules[name[*length-1]-1].ipfw.ipfw.fw_dpts[1] == 0xFFFF) strcat(string_value, "any"); else if (rules[name[*length-1]-1].ipfw.ipfw.fw_dpts[0] == rules[name[*length-1]-1].ipfw.ipfw.fw_dpts[1]) { strcat(string_value, service_to_string(rules[name[*length-1]-1].ipfw.ipfw.fw_dpts[0], rules[name[*length-1]-1].ipfw.ipfw.fw_proto)); } else { strcat(string_value, service_to_string(rules[name[*length-1]-1].ipfw.ipfw.fw_dpts[0], rules[name[*length-1]-1].ipfw.ipfw.fw_proto)); strcat(string_value,":"); strcat(string_value, service_to_string(rules[name[*length-1]-1].ipfw.ipfw.fw_dpts[1], rules[name[*length-1]-1].ipfw.ipfw.fw_proto)); } *var_len = strlen(string_value); return (u_char *) string_value; case IPFWROPT: flags = rules[name[*length-1]-1].ipfw.ipfw.fw_flg; sprintf(string_value, (rules[name[*length-1]-1].ipfw.ipfw.fw_invflg & IP_FW_INV_SYN) ? "!" : "-"); strcat(string_value, (flags & IP_FW_F_TCPSYN) ? "y" : "-"); strcat(string_value, (rules[name[*length-1]-1].ipfw.ipfw.fw_invflg & IP_FW_INV_FRAG) ? "!" : "-"); strcat(string_value, (flags & IP_FW_F_FRAG) ? "f" : "-"); strcat(string_value, (flags & IP_FW_F_PRN) ? "l" : "-"); strcat(string_value, (flags & IP_FW_F_NETLINK) ? "o" : "-"); *var_len = strlen(string_value); return (u_char *) string_value; case IPFWRIFNAME: sprintf(string_value, rules[name[*length-1]-1].ipfw.ipfw.fw_invflg & IP_FW_INV_VIA ? "!" : ""); if (rules[name[*length-1]-1].ipfw.ipfw.fw_flg & IP_FW_F_WILDIF && (rules[name[*length-1]-1].ipfw.ipfw.fw_vianame)[0]) { rules[name[*length-1]-1].ipfw.ipfw.fw_vianame[strlen(rules[name[*length-1]-1].ipfw.ipfw.fw_vianame)+1]='\0'; rules[name[*length-1]-1].ipfw.ipfw.fw_vianame[strlen(rules[name[*length-1]-1].ipfw.ipfw.fw_vianame)]='+'; } strcat(string_value, (rules[name[*length-1]-1].ipfw.ipfw.fw_vianame)[0] ? rules[name[*length-1]-1].ipfw.ipfw.fw_vianame : "any"); *var_len = strlen(string_value); return (u_char *) string_value; case IPFWRTOSA: sprintf(string_value, "0x%02hX", (unsigned short) rules[name[*length-1]-1].ipfw.ipfw.fw_tosand); *var_len = strlen(string_value); return (u_char *) string_value; case IPFWRTOSX: sprintf(string_value, "0x%02hX", (unsigned short) rules[name[*length-1]-1].ipfw.ipfw.fw_tosxor); *var_len = strlen(string_value); return (u_char *) string_value; case IPFWRMARK: if (rules[name[*length-1]-1].ipfw.ipfw.fw_flg & IP_FW_F_MARKABS) sprintf(string_value, "0x%x",rules[name[*length-1]-1].ipfw.ipfw.fw_mark); else if (rules[name[*length-1]-1].ipfw.ipfw.fw_mark == 0) strcpy(string_value,""); else sprintf(string_value, "0x%x", (int)rules[name[*length-1]-1].ipfw.ipfw.fw_mark); *var_len = strlen(string_value); return (u_char *) string_value; case IPFWROUTSIZE: if ((rules[name[*length-1]-1].ipfw.ipfw.fw_flg & IP_FW_F_NETLINK) && (rules[name[*length-1]-1].ipfw.ipfw.fw_outputsize != 0xFFFF)) sprintf(string_value, "%hu", rules[name[*length-1]-1].ipfw.ipfw.fw_outputsize); else strcpy(string_value,""); *var_len = strlen(string_value); return (u_char *)string_value; default: ERROR_MSG("Oops...\n"); } return NULL; }