int dump_entry(STRUCT_ENTRY *e, const TC_HANDLE_T handle) { size_t i; STRUCT_ENTRY_TARGET *t; printf("Entry %u (%lu):\n", entry2index(handle, e), entry2offset(handle, e)); printf("SRC IP: %u.%u.%u.%u/%u.%u.%u.%u\n", IP_PARTS(e->ip.src.s_addr),IP_PARTS(e->ip.smsk.s_addr)); printf("DST IP: %u.%u.%u.%u/%u.%u.%u.%u\n", IP_PARTS(e->ip.dst.s_addr),IP_PARTS(e->ip.dmsk.s_addr)); printf("Interface: `%s'/", e->ip.iniface); for (i = 0; i < IFNAMSIZ; i++) printf("%c", e->ip.iniface_mask[i] ? 'X' : '.'); printf("to `%s'/", e->ip.outiface); for (i = 0; i < IFNAMSIZ; i++) printf("%c", e->ip.outiface_mask[i] ? 'X' : '.'); printf("\nProtocol: %u\n", e->ip.proto); printf("Flags: %02X\n", e->ip.flags); printf("Invflags: %02X\n", e->ip.invflags); printf("Counters: %llu packets, %llu bytes\n", e->counters.pcnt, e->counters.bcnt); printf("Cache: %08X ", e->nfcache); if (e->nfcache & NFC_ALTERED) printf("ALTERED "); if (e->nfcache & NFC_UNKNOWN) printf("UNKNOWN "); if (e->nfcache & NFC_IP_SRC) printf("IP_SRC "); if (e->nfcache & NFC_IP_DST) printf("IP_DST "); if (e->nfcache & NFC_IP_IF_IN) printf("IP_IF_IN "); if (e->nfcache & NFC_IP_IF_OUT) printf("IP_IF_OUT "); if (e->nfcache & NFC_IP_TOS) printf("IP_TOS "); if (e->nfcache & NFC_IP_PROTO) printf("IP_PROTO "); if (e->nfcache & NFC_IP_OPTIONS) printf("IP_OPTIONS "); if (e->nfcache & NFC_IP_TCPFLAGS) printf("IP_TCPFLAGS "); if (e->nfcache & NFC_IP_SRC_PT) printf("IP_SRC_PT "); if (e->nfcache & NFC_IP_DST_PT) printf("IP_DST_PT "); if (e->nfcache & NFC_IP_PROTO_UNKNOWN) printf("IP_PROTO_UNKNOWN "); printf("\n"); IPT_MATCH_ITERATE(e, print_match); t = GET_TARGET(e); printf("Target name: `%s' [%u]\n", t->u.user.name, t->u.target_size); if (strcmp(t->u.user.name, STANDARD_TARGET) == 0) { int pos = *(int *)t->data; if (pos < 0) printf("verdict=%s\n", pos == -NF_ACCEPT-1 ? "NF_ACCEPT" : pos == -NF_DROP-1 ? "NF_DROP" : pos == -NF_QUEUE-1 ? "NF_QUEUE" : pos == RETURN ? "RETURN" : "UNKNOWN"); else printf("verdict=%u\n", pos); } else if (strcmp(t->u.user.name, IPT_ERROR_TARGET) == 0) printf("error=`%s'\n", t->data); printf("\n"); return 0; }
/* print a given ip including mask if neccessary */ static void print_ip(const char *prefix, uint32_t ip, uint32_t mask, int invert) { uint32_t bits, hmask = ntohl(mask); int i; if (!mask && !ip && !invert) return; ptr += sprintf(ptr,"%s %s %u.%u.%u.%u", invert ? " !" : "", prefix, IP_PARTS(ip)); if (mask == 0xFFFFFFFFU) { ptr += sprintf(ptr,"/32"); return; } i = 32; bits = 0xFFFFFFFEU; while (--i >= 0 && hmask != bits) bits <<= 1; if (i >= 0) ptr += sprintf(ptr,"/%u", i); else ptr += sprintf(ptr,"/%u.%u.%u.%u", IP_PARTS(mask)); }
/* print a given ip including mask if neccessary */ static void print_ip(char *prefix, u_int32_t ip, u_int32_t mask, int invert) { if (!mask && !ip) return; printf("%s %s%u.%u.%u.%u", prefix, invert ? "! " : "", IP_PARTS(ip)); if (mask != 0xffffffff) printf("/%u.%u.%u.%u ", IP_PARTS(mask)); else printf(" "); }
static int dump_entry(struct ipt_entry *e, struct iptc_handle *const handle) { size_t i; STRUCT_ENTRY_TARGET *t; printf("Entry %u (%lu):\n", iptcb_entry2index(handle, e), iptcb_entry2offset(handle, e)); printf("SRC IP: %u.%u.%u.%u/%u.%u.%u.%u\n", IP_PARTS(e->ip.src.s_addr),IP_PARTS(e->ip.smsk.s_addr)); printf("DST IP: %u.%u.%u.%u/%u.%u.%u.%u\n", IP_PARTS(e->ip.dst.s_addr),IP_PARTS(e->ip.dmsk.s_addr)); printf("Interface: `%s'/", e->ip.iniface); for (i = 0; i < IFNAMSIZ; i++) printf("%c", e->ip.iniface_mask[i] ? 'X' : '.'); printf("to `%s'/", e->ip.outiface); for (i = 0; i < IFNAMSIZ; i++) printf("%c", e->ip.outiface_mask[i] ? 'X' : '.'); printf("\nProtocol: %u\n", e->ip.proto); printf("Flags: %02X\n", e->ip.flags); printf("Invflags: %02X\n", e->ip.invflags); printf("Counters: %llu packets, %llu bytes\n", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt); printf("Cache: %08X\n", e->nfcache); IPT_MATCH_ITERATE(e, print_match); t = GET_TARGET(e); printf("Target name: `%s' [%u]\n", t->u.user.name, t->u.target_size); if (strcmp(t->u.user.name, STANDARD_TARGET) == 0) { const unsigned char *data = t->data; int pos = *(const int *)data; if (pos < 0) printf("verdict=%s\n", pos == -NF_ACCEPT-1 ? "NF_ACCEPT" : pos == -NF_DROP-1 ? "NF_DROP" : pos == -NF_QUEUE-1 ? "NF_QUEUE" : pos == RETURN ? "RETURN" : "UNKNOWN"); else printf("verdict=%u\n", pos); } else if (strcmp(t->u.user.name, IPT_ERROR_TARGET) == 0) printf("error=`%s'\n", t->data); printf("\n"); return 0; }