int
dump_entry(STRUCT_ENTRY *e, const TC_HANDLE_T handle)
{
size_t i;
STRUCT_ENTRY_TARGET *t;
printf("Entry %u (%lu):\n", entry2index(handle, e),
entry2offset(handle, e));
printf("SRC IP: %u.%u.%u.%u/%u.%u.%u.%u\n",
IP_PARTS(e->ip.src.s_addr),IP_PARTS(e->ip.smsk.s_addr));
printf("DST IP: %u.%u.%u.%u/%u.%u.%u.%u\n",
IP_PARTS(e->ip.dst.s_addr),IP_PARTS(e->ip.dmsk.s_addr));
printf("Interface: `%s'/", e->ip.iniface);
for (i = 0; i < IFNAMSIZ; i++)
printf("%c", e->ip.iniface_mask[i] ? 'X' : '.');
printf("to `%s'/", e->ip.outiface);
for (i = 0; i < IFNAMSIZ; i++)
printf("%c", e->ip.outiface_mask[i] ? 'X' : '.');
printf("\nProtocol: %u\n", e->ip.proto);
printf("Flags: %02X\n", e->ip.flags);
printf("Invflags: %02X\n", e->ip.invflags);
printf("Counters: %llu packets, %llu bytes\n",
e->counters.pcnt, e->counters.bcnt);
printf("Cache: %08X ", e->nfcache);
if (e->nfcache & NFC_ALTERED) printf("ALTERED ");
if (e->nfcache & NFC_UNKNOWN) printf("UNKNOWN ");
if (e->nfcache & NFC_IP_SRC) printf("IP_SRC ");
if (e->nfcache & NFC_IP_DST) printf("IP_DST ");
if (e->nfcache & NFC_IP_IF_IN) printf("IP_IF_IN ");
if (e->nfcache & NFC_IP_IF_OUT) printf("IP_IF_OUT ");
if (e->nfcache & NFC_IP_TOS) printf("IP_TOS ");
if (e->nfcache & NFC_IP_PROTO) printf("IP_PROTO ");
if (e->nfcache & NFC_IP_OPTIONS) printf("IP_OPTIONS ");
if (e->nfcache & NFC_IP_TCPFLAGS) printf("IP_TCPFLAGS ");
if (e->nfcache & NFC_IP_SRC_PT) printf("IP_SRC_PT ");
if (e->nfcache & NFC_IP_DST_PT) printf("IP_DST_PT ");
if (e->nfcache & NFC_IP_PROTO_UNKNOWN) printf("IP_PROTO_UNKNOWN ");
printf("\n");
IPT_MATCH_ITERATE(e, print_match);
t = GET_TARGET(e);
printf("Target name: `%s' [%u]\n", t->u.user.name, t->u.target_size);
if (strcmp(t->u.user.name, STANDARD_TARGET) == 0) {
int pos = *(int *)t->data;
if (pos < 0)
printf("verdict=%s\n",
pos == -NF_ACCEPT-1 ? "NF_ACCEPT"
: pos == -NF_DROP-1 ? "NF_DROP"
: pos == -NF_QUEUE-1 ? "NF_QUEUE"
: pos == RETURN ? "RETURN"
: "UNKNOWN");
else
printf("verdict=%u\n", pos);
} else if (strcmp(t->u.user.name, IPT_ERROR_TARGET) == 0)
printf("error=`%s'\n", t->data);
printf("\n");
return 0;
}
/* print a given ip including mask if neccessary */
static void print_ip(const char *prefix, uint32_t ip,
uint32_t mask, int invert)
{
uint32_t bits, hmask = ntohl(mask);
int i;
if (!mask && !ip && !invert)
return;
ptr += sprintf(ptr,"%s %s %u.%u.%u.%u",
invert ? " !" : "",
prefix,
IP_PARTS(ip));
if (mask == 0xFFFFFFFFU) {
ptr += sprintf(ptr,"/32");
return;
}
i = 32;
bits = 0xFFFFFFFEU;
while (--i >= 0 && hmask != bits)
bits <<= 1;
if (i >= 0)
ptr += sprintf(ptr,"/%u", i);
else
ptr += sprintf(ptr,"/%u.%u.%u.%u", IP_PARTS(mask));
}
/* print a given ip including mask if neccessary */
static void print_ip(char *prefix, u_int32_t ip, u_int32_t mask, int invert)
{
if (!mask && !ip)
return;
printf("%s %s%u.%u.%u.%u",
prefix,
invert ? "! " : "",
IP_PARTS(ip));
if (mask != 0xffffffff)
printf("/%u.%u.%u.%u ", IP_PARTS(mask));
else
printf(" ");
}
static int
dump_entry(struct ipt_entry *e, struct iptc_handle *const handle)
{
size_t i;
STRUCT_ENTRY_TARGET *t;
printf("Entry %u (%lu):\n", iptcb_entry2index(handle, e),
iptcb_entry2offset(handle, e));
printf("SRC IP: %u.%u.%u.%u/%u.%u.%u.%u\n",
IP_PARTS(e->ip.src.s_addr),IP_PARTS(e->ip.smsk.s_addr));
printf("DST IP: %u.%u.%u.%u/%u.%u.%u.%u\n",
IP_PARTS(e->ip.dst.s_addr),IP_PARTS(e->ip.dmsk.s_addr));
printf("Interface: `%s'/", e->ip.iniface);
for (i = 0; i < IFNAMSIZ; i++)
printf("%c", e->ip.iniface_mask[i] ? 'X' : '.');
printf("to `%s'/", e->ip.outiface);
for (i = 0; i < IFNAMSIZ; i++)
printf("%c", e->ip.outiface_mask[i] ? 'X' : '.');
printf("\nProtocol: %u\n", e->ip.proto);
printf("Flags: %02X\n", e->ip.flags);
printf("Invflags: %02X\n", e->ip.invflags);
printf("Counters: %llu packets, %llu bytes\n",
(unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt);
printf("Cache: %08X\n", e->nfcache);
IPT_MATCH_ITERATE(e, print_match);
t = GET_TARGET(e);
printf("Target name: `%s' [%u]\n", t->u.user.name, t->u.target_size);
if (strcmp(t->u.user.name, STANDARD_TARGET) == 0) {
const unsigned char *data = t->data;
int pos = *(const int *)data;
if (pos < 0)
printf("verdict=%s\n",
pos == -NF_ACCEPT-1 ? "NF_ACCEPT"
: pos == -NF_DROP-1 ? "NF_DROP"
: pos == -NF_QUEUE-1 ? "NF_QUEUE"
: pos == RETURN ? "RETURN"
: "UNKNOWN");
else
printf("verdict=%u\n", pos);
} else if (strcmp(t->u.user.name, IPT_ERROR_TARGET) == 0)
printf("error=`%s'\n", t->data);
printf("\n");
return 0;
}
