xref: /openbsd/usr.sbin/tcpdump/pf_print_state.c (revision fc61954a) 
1 /*	$OpenBSD: pf_print_state.c,v 1.13 2016/10/28 12:42:39 jsg Exp $	*/
2 
3 /*
4  * Copyright (c) 2001 Daniel Hartmeier
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  *
11  *    - Redistributions of source code must retain the above copyright
12  *      notice, this list of conditions and the following disclaimer.
13  *    - Redistributions in binary form must reproduce the above
14  *      copyright notice, this list of conditions and the following
15  *      disclaimer in the documentation and/or other materials provided
16  *      with the distribution.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
21  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
23  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
24  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
26  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
28  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29  * POSSIBILITY OF SUCH DAMAGE.
30  *
31  */
32 
33 #include <sys/types.h>
34 #include <sys/socket.h>
35 #include <net/if.h>
36 #define TCPSTATES
37 #include <netinet/in.h>
38 #include <netinet/tcp_fsm.h>
39 #include <net/pfvar.h>
40 #include <arpa/inet.h>
41 #include <netdb.h>
42 
43 #include <stdio.h>
44 #include <string.h>
45 #include <vis.h>
46 
47 #include "pfctl_parser.h"
48 #include "pfctl.h"
49 #include "addrtoname.h"
50 
51 void	print_name(struct pf_addr *, sa_family_t);
52 
53 void
54 print_addr(struct pf_addr_wrap *addr, sa_family_t af, int verbose)
55 {
56 	switch (addr->type) {
57 	case PF_ADDR_DYNIFTL:
58 		printf("(%s", addr->v.ifname);
59 		if (addr->iflags & PFI_AFLAG_NETWORK)
60 			printf(":network");
61 		if (addr->iflags & PFI_AFLAG_BROADCAST)
62 			printf(":broadcast");
63 		if (addr->iflags & PFI_AFLAG_PEER)
64 			printf(":peer");
65 		if (addr->iflags & PFI_AFLAG_NOALIAS)
66 			printf(":0");
67 		if (verbose) {
68 			if (addr->p.dyncnt <= 0)
69 				printf(":*");
70 			else
71 				printf(":%d", addr->p.dyncnt);
72 		}
73 		printf(")");
74 		break;
75 	case PF_ADDR_TABLE:
76 		if (verbose)
77 			if (addr->p.tblcnt == -1)
78 				printf("<%s:*>", addr->v.tblname);
79 			else
80 				printf("<%s:%d>", addr->v.tblname,
81 				    addr->p.tblcnt);
82 		else
83 			printf("<%s>", addr->v.tblname);
84 		return;
85 	case PF_ADDR_ADDRMASK:
86 		if (PF_AZERO(&addr->v.a.addr, AF_INET6) &&
87 		    PF_AZERO(&addr->v.a.mask, AF_INET6))
88 			printf("any");
89 		else {
90 			char buf[48];
91 
92 			if (inet_ntop(af, &addr->v.a.addr, buf,
93 			    sizeof(buf)) == NULL)
94 				printf("?");
95 			else
96 				printf("%s", buf);
97 		}
98 		break;
99 	case PF_ADDR_NOROUTE:
100 		printf("no-route");
101 		return;
102 	default:
103 		printf("?");
104 		return;
105 	}
106 	if (! PF_AZERO(&addr->v.a.mask, af)) {
107 		int bits = unmask(&addr->v.a.mask, af);
108 
109 		if (bits != (af == AF_INET ? 32 : 128))
110 			printf("/%d", bits);
111 	}
112 }
113 
114 void
115 print_name(struct pf_addr *addr, sa_family_t af)
116 {
117 	char *host;
118 
119 	switch (af) {
120 	case AF_INET:
121 		host = getname((char *)&addr->v4);
122 		break;
123 	case AF_INET6:
124 		host = getname6((char *)&addr->v6);
125 		break;
126 	default:
127 		host = "?";
128 		break;
129 	}
130 	printf("%s", host);
131 }
132 
133 void
134 print_host(struct pf_addr *addr, u_int16_t port, sa_family_t af, u_int16_t rdom,
135     const char *proto, int opts)
136 {
137 	struct servent	*s = NULL;
138 	char		ps[6];
139 
140 	if (rdom)
141 		printf("(%u) ", ntohs(rdom));
142 
143 	if (opts & PF_OPT_USEDNS)
144 		print_name(addr, af);
145 	else {
146 		struct pf_addr_wrap aw;
147 
148 		memset(&aw, 0, sizeof(aw));
149 		aw.v.a.addr = *addr;
150 		if (af == AF_INET)
151 			aw.v.a.mask.addr32[0] = 0xffffffff;
152 		else {
153 			memset(&aw.v.a.mask, 0xff, sizeof(aw.v.a.mask));
154 			af = AF_INET6;
155 		}
156 		print_addr(&aw, af, opts & PF_OPT_VERBOSE2);
157 	}
158 
159 	if (port) {
160 		snprintf(ps, sizeof(ps), "%u", ntohs(port));
161 		if (opts & PF_OPT_PORTNAMES)
162 			s = getservbyport(port, proto);
163 		if (af == AF_INET)
164 			printf(":%s", s ? s->s_name : ps);
165 		else
166 			printf("[%s]", s ? s->s_name : ps);
167 	}
168 }
169 
170 void
171 print_seq(struct pfsync_state_peer *p)
172 {
173 	if (p->seqdiff)
174 		printf("[%u + %u](+%u)", ntohl(p->seqlo),
175 		    ntohl(p->seqhi) - ntohl(p->seqlo), ntohl(p->seqdiff));
176 	else
177 		printf("[%u + %u]", ntohl(p->seqlo),
178 		    ntohl(p->seqhi) - ntohl(p->seqlo));
179 }
180 
181 void
182 print_state(struct pfsync_state *s, int opts)
183 {
184 	struct pfsync_state_peer *src, *dst;
185 	struct pfsync_state_key *sk, *nk;
186 	char ifname[IFNAMSIZ * 4 + 1];
187 	int min, sec, sidx, didx, i;
188 	char *cp = ifname;
189 
190 	if (s->direction == PF_OUT) {
191 		src = &s->src;
192 		dst = &s->dst;
193 		sk = &s->key[PF_SK_STACK];
194 		nk = &s->key[PF_SK_WIRE];
195 		if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6)
196 			sk->port[0] = nk->port[0];
197 	} else {
198 		src = &s->dst;
199 		dst = &s->src;
200 		sk = &s->key[PF_SK_WIRE];
201 		nk = &s->key[PF_SK_STACK];
202 		if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6)
203 			sk->port[1] = nk->port[1];
204 	}
205 	/* Treat s->ifname as untrusted input. */
206 	for (i = 0; i < IFNAMSIZ && s->ifname[i] != '\0'; i++)
207 		cp = vis(cp, s->ifname[i], VIS_WHITE, 0);
208 	printf("%s ", ifname);
209 	printf("%s ", ipproto_string(s->proto));
210 
211 	if (nk->af != sk->af)
212 		sidx = 1, didx = 0;
213 	else
214 		sidx = 0, didx = 1;
215 
216 	print_host(&nk->addr[didx], nk->port[didx], nk->af, nk->rdomain, NULL, opts);
217 	if (nk->af != sk->af || PF_ANEQ(&nk->addr[1], &sk->addr[1], nk->af) ||
218 	    nk->port[1] != sk->port[1]) {
219 		printf(" (");
220 		print_host(&sk->addr[1], sk->port[1], sk->af, sk->rdomain,
221 		    NULL, opts);
222 		printf(")");
223 	}
224 	if (s->direction == PF_OUT)
225 		printf(" -> ");
226 	else
227 		printf(" <- ");
228 	print_host(&nk->addr[sidx], nk->port[sidx], nk->af, nk->rdomain, NULL,
229 	    opts);
230 	if (nk->af != sk->af || PF_ANEQ(&nk->addr[0], &sk->addr[0], nk->af) ||
231 	    nk->port[0] != sk->port[0]) {
232 		printf(" (");
233 		print_host(&sk->addr[0], sk->port[0], sk->af, sk->rdomain, NULL,
234 		    opts);
235 		printf(")");
236 	}
237 
238 	printf("    ");
239 	if (s->proto == IPPROTO_TCP) {
240 		if (src->state <= TCPS_TIME_WAIT &&
241 		    dst->state <= TCPS_TIME_WAIT)
242 			printf("\n   %s:%s", tcpstates[src->state],
243 			    tcpstates[dst->state]);
244 		else if (src->state == PF_TCPS_PROXY_SRC ||
245 		    dst->state == PF_TCPS_PROXY_SRC)
246 			printf("\n   PROXY:SRC");
247 		else if (src->state == PF_TCPS_PROXY_DST ||
248 		    dst->state == PF_TCPS_PROXY_DST)
249 			printf("\n   PROXY:DST");
250 		else
251 			printf("\n   <BAD STATE LEVELS %u:%u>",
252 			    src->state, dst->state);
253 		if (opts & PF_OPT_VERBOSE) {
254 			printf("\n   ");
255 			print_seq(src);
256 			if (src->wscale && dst->wscale)
257 				printf(" wscale %u",
258 				    src->wscale & PF_WSCALE_MASK);
259 			printf("  ");
260 			print_seq(dst);
261 			if (src->wscale && dst->wscale)
262 				printf(" wscale %u",
263 				    dst->wscale & PF_WSCALE_MASK);
264 		}
265 	} else if (s->proto == IPPROTO_UDP && src->state < PFUDPS_NSTATES &&
266 	    dst->state < PFUDPS_NSTATES) {
267 		const char *states[] = PFUDPS_NAMES;
268 
269 		printf("   %s:%s", states[src->state], states[dst->state]);
270 	} else if (s->proto != IPPROTO_ICMP && src->state < PFOTHERS_NSTATES &&
271 	    dst->state < PFOTHERS_NSTATES) {
272 		/* XXX ICMP doesn't really have state levels */
273 		const char *states[] = PFOTHERS_NAMES;
274 
275 		printf("   %s:%s", states[src->state], states[dst->state]);
276 	} else {
277 		printf("   %u:%u", src->state, dst->state);
278 	}
279 
280 	if (opts & PF_OPT_VERBOSE) {
281 		u_int64_t packets[2];
282 		u_int64_t bytes[2];
283 		u_int32_t creation = ntohl(s->creation);
284 		u_int32_t expire = ntohl(s->expire);
285 
286 		sec = creation % 60;
287 		creation /= 60;
288 		min = creation % 60;
289 		creation /= 60;
290 		printf("\n   age %.2u:%.2u:%.2u", creation, min, sec);
291 		sec = expire % 60;
292 		expire /= 60;
293 		min = expire % 60;
294 		expire /= 60;
295 		printf(", expires in %.2u:%.2u:%.2u", expire, min, sec);
296 
297 		bcopy(s->packets[0], &packets[0], sizeof(u_int64_t));
298 		bcopy(s->packets[1], &packets[1], sizeof(u_int64_t));
299 		bcopy(s->bytes[0], &bytes[0], sizeof(u_int64_t));
300 		bcopy(s->bytes[1], &bytes[1], sizeof(u_int64_t));
301 		printf(", %llu:%llu pkts, %llu:%llu bytes",
302 		    betoh64(packets[0]),
303 		    betoh64(packets[1]),
304 		    betoh64(bytes[0]),
305 		    betoh64(bytes[1]));
306 		if (s->anchor != -1)
307 			printf(", anchor %u", ntohl(s->anchor));
308 		if (s->rule != -1)
309 			printf(", rule %u", ntohl(s->rule));
310 	}
311 	if (opts & PF_OPT_VERBOSE2) {
312 		u_int64_t id;
313 
314 		bcopy(&s->id, &id, sizeof(u_int64_t));
315 		printf("\n   id: %016llx creatorid: %08x",
316 		    betoh64(id), ntohl(s->creatorid));
317 	}
318 }
319 
320 int
321 unmask(struct pf_addr *m, sa_family_t af)
322 {
323 	int i = 31, j = 0, b = 0;
324 	u_int32_t tmp;
325 
326 	while (j < 4 && m->addr32[j] == 0xffffffff) {
327 		b += 32;
328 		j++;
329 	}
330 	if (j < 4) {
331 		tmp = ntohl(m->addr32[j]);
332 		for (i = 31; tmp & (1 << i); --i)
333 			b++;
334 	}
335 	return (b);
336 }
337