1ed1f0be2SJan Lentfer /* $OpenBSD: pf_print_state.c,v 1.51 2008/06/29 08:42:15 mcbride Exp $ */ 295cc27f0SJoerg Sonnenberger 395cc27f0SJoerg Sonnenberger /* 495cc27f0SJoerg Sonnenberger * Copyright (c) 2001 Daniel Hartmeier 595cc27f0SJoerg Sonnenberger * All rights reserved. 695cc27f0SJoerg Sonnenberger * 795cc27f0SJoerg Sonnenberger * Redistribution and use in source and binary forms, with or without 895cc27f0SJoerg Sonnenberger * modification, are permitted provided that the following conditions 995cc27f0SJoerg Sonnenberger * are met: 1095cc27f0SJoerg Sonnenberger * 1195cc27f0SJoerg Sonnenberger * - Redistributions of source code must retain the above copyright 1295cc27f0SJoerg Sonnenberger * notice, this list of conditions and the following disclaimer. 1395cc27f0SJoerg Sonnenberger * - Redistributions in binary form must reproduce the above 1495cc27f0SJoerg Sonnenberger * copyright notice, this list of conditions and the following 1595cc27f0SJoerg Sonnenberger * disclaimer in the documentation and/or other materials provided 1695cc27f0SJoerg Sonnenberger * with the distribution. 1795cc27f0SJoerg Sonnenberger * 1895cc27f0SJoerg Sonnenberger * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 1995cc27f0SJoerg Sonnenberger * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 2095cc27f0SJoerg Sonnenberger * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 2195cc27f0SJoerg Sonnenberger * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 2295cc27f0SJoerg Sonnenberger * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 2395cc27f0SJoerg Sonnenberger * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 2495cc27f0SJoerg Sonnenberger * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 2595cc27f0SJoerg Sonnenberger * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 2695cc27f0SJoerg Sonnenberger * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2795cc27f0SJoerg Sonnenberger * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 2895cc27f0SJoerg Sonnenberger * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 2995cc27f0SJoerg Sonnenberger * POSSIBILITY OF SUCH DAMAGE. 3095cc27f0SJoerg Sonnenberger * 3195cc27f0SJoerg Sonnenberger */ 3295cc27f0SJoerg Sonnenberger 33*a798b49fSJoerg Sonnenberger #include <sys/types.h> 3495cc27f0SJoerg Sonnenberger #include <sys/socket.h> 3570224baaSJan Lentfer #include <sys/endian.h> 3695cc27f0SJoerg Sonnenberger #include <net/if.h> 3795cc27f0SJoerg Sonnenberger #define TCPSTATES 3895cc27f0SJoerg Sonnenberger #include <netinet/tcp_fsm.h> 3995cc27f0SJoerg Sonnenberger #include <net/pf/pfvar.h> 4095cc27f0SJoerg Sonnenberger #include <arpa/inet.h> 4195cc27f0SJoerg Sonnenberger #include <netdb.h> 4295cc27f0SJoerg Sonnenberger 4395cc27f0SJoerg Sonnenberger #include <stdio.h> 4495cc27f0SJoerg Sonnenberger #include <string.h> 4595cc27f0SJoerg Sonnenberger 4695cc27f0SJoerg Sonnenberger #include "pfctl_parser.h" 4795cc27f0SJoerg Sonnenberger #include "pfctl.h" 4895cc27f0SJoerg Sonnenberger 4995cc27f0SJoerg Sonnenberger void print_name(struct pf_addr *, sa_family_t); 5095cc27f0SJoerg Sonnenberger 5195cc27f0SJoerg Sonnenberger void 5295cc27f0SJoerg Sonnenberger print_addr(struct pf_addr_wrap *addr, sa_family_t af, int verbose) 5395cc27f0SJoerg Sonnenberger { 5495cc27f0SJoerg Sonnenberger switch (addr->type) { 5595cc27f0SJoerg Sonnenberger case PF_ADDR_DYNIFTL: 5695cc27f0SJoerg Sonnenberger printf("(%s", addr->v.ifname); 5795cc27f0SJoerg Sonnenberger if (addr->iflags & PFI_AFLAG_NETWORK) 5895cc27f0SJoerg Sonnenberger printf(":network"); 5995cc27f0SJoerg Sonnenberger if (addr->iflags & PFI_AFLAG_BROADCAST) 6095cc27f0SJoerg Sonnenberger printf(":broadcast"); 6195cc27f0SJoerg Sonnenberger if (addr->iflags & PFI_AFLAG_PEER) 6295cc27f0SJoerg Sonnenberger printf(":peer"); 6395cc27f0SJoerg Sonnenberger if (addr->iflags & PFI_AFLAG_NOALIAS) 6495cc27f0SJoerg Sonnenberger printf(":0"); 6595cc27f0SJoerg Sonnenberger if (verbose) { 6695cc27f0SJoerg Sonnenberger if (addr->p.dyncnt <= 0) 6795cc27f0SJoerg Sonnenberger printf(":*"); 6895cc27f0SJoerg Sonnenberger else 6995cc27f0SJoerg Sonnenberger printf(":%d", addr->p.dyncnt); 7095cc27f0SJoerg Sonnenberger } 7195cc27f0SJoerg Sonnenberger printf(")"); 7295cc27f0SJoerg Sonnenberger break; 7395cc27f0SJoerg Sonnenberger case PF_ADDR_TABLE: 7495cc27f0SJoerg Sonnenberger if (verbose) 7595cc27f0SJoerg Sonnenberger if (addr->p.tblcnt == -1) 7695cc27f0SJoerg Sonnenberger printf("<%s:*>", addr->v.tblname); 7795cc27f0SJoerg Sonnenberger else 7895cc27f0SJoerg Sonnenberger printf("<%s:%d>", addr->v.tblname, 7995cc27f0SJoerg Sonnenberger addr->p.tblcnt); 8095cc27f0SJoerg Sonnenberger else 8195cc27f0SJoerg Sonnenberger printf("<%s>", addr->v.tblname); 8295cc27f0SJoerg Sonnenberger return; 83ed1f0be2SJan Lentfer case PF_ADDR_RANGE: { 84ed1f0be2SJan Lentfer char buf[48]; 85ed1f0be2SJan Lentfer 86ed1f0be2SJan Lentfer if (inet_ntop(af, &addr->v.a.addr, buf, sizeof(buf)) == NULL) 87ed1f0be2SJan Lentfer printf("?"); 88ed1f0be2SJan Lentfer else 89ed1f0be2SJan Lentfer printf("%s", buf); 90ed1f0be2SJan Lentfer if (inet_ntop(af, &addr->v.a.mask, buf, sizeof(buf)) == NULL) 91ed1f0be2SJan Lentfer printf(" - ?"); 92ed1f0be2SJan Lentfer else 93ed1f0be2SJan Lentfer printf(" - %s", buf); 94ed1f0be2SJan Lentfer break; 95ed1f0be2SJan Lentfer } 9695cc27f0SJoerg Sonnenberger case PF_ADDR_ADDRMASK: 9795cc27f0SJoerg Sonnenberger if (PF_AZERO(&addr->v.a.addr, AF_INET6) && 9895cc27f0SJoerg Sonnenberger PF_AZERO(&addr->v.a.mask, AF_INET6)) 9995cc27f0SJoerg Sonnenberger printf("any"); 10095cc27f0SJoerg Sonnenberger else { 10195cc27f0SJoerg Sonnenberger char buf[48]; 10295cc27f0SJoerg Sonnenberger 10395cc27f0SJoerg Sonnenberger if (inet_ntop(af, &addr->v.a.addr, buf, 10495cc27f0SJoerg Sonnenberger sizeof(buf)) == NULL) 10595cc27f0SJoerg Sonnenberger printf("?"); 10695cc27f0SJoerg Sonnenberger else 10795cc27f0SJoerg Sonnenberger printf("%s", buf); 10895cc27f0SJoerg Sonnenberger } 10995cc27f0SJoerg Sonnenberger break; 11095cc27f0SJoerg Sonnenberger case PF_ADDR_NOROUTE: 11195cc27f0SJoerg Sonnenberger printf("no-route"); 11295cc27f0SJoerg Sonnenberger return; 11370224baaSJan Lentfer case PF_ADDR_URPFFAILED: 11470224baaSJan Lentfer printf("urpf-failed"); 11570224baaSJan Lentfer return; 11670224baaSJan Lentfer case PF_ADDR_RTLABEL: 11770224baaSJan Lentfer printf("route \"%s\"", addr->v.rtlabelname); 11870224baaSJan Lentfer return; 11995cc27f0SJoerg Sonnenberger default: 12095cc27f0SJoerg Sonnenberger printf("?"); 12195cc27f0SJoerg Sonnenberger return; 12295cc27f0SJoerg Sonnenberger } 12395cc27f0SJoerg Sonnenberger 12495cc27f0SJoerg Sonnenberger /* mask if not _both_ address and mask are zero */ 125ed1f0be2SJan Lentfer if (addr->type != PF_ADDR_RANGE && 126ed1f0be2SJan Lentfer !(PF_AZERO(&addr->v.a.addr, AF_INET6) && 12795cc27f0SJoerg Sonnenberger PF_AZERO(&addr->v.a.mask, AF_INET6))) { 12895cc27f0SJoerg Sonnenberger int bits = unmask(&addr->v.a.mask, af); 12995cc27f0SJoerg Sonnenberger 13095cc27f0SJoerg Sonnenberger if (bits != (af == AF_INET ? 32 : 128)) 13195cc27f0SJoerg Sonnenberger printf("/%d", bits); 13295cc27f0SJoerg Sonnenberger } 13395cc27f0SJoerg Sonnenberger } 13495cc27f0SJoerg Sonnenberger 13595cc27f0SJoerg Sonnenberger void 13695cc27f0SJoerg Sonnenberger print_name(struct pf_addr *addr, sa_family_t af) 13795cc27f0SJoerg Sonnenberger { 13870224baaSJan Lentfer char his_host[NI_MAXHOST]; 13995cc27f0SJoerg Sonnenberger 14070224baaSJan Lentfer strlcpy(his_host, "?", sizeof(his_host)); 14195cc27f0SJoerg Sonnenberger switch (af) { 14295cc27f0SJoerg Sonnenberger case AF_INET: { 14370224baaSJan Lentfer struct sockaddr_in sin; 14495cc27f0SJoerg Sonnenberger 14570224baaSJan Lentfer memset(&sin, 0, sizeof(sin)); 14670224baaSJan Lentfer sin.sin_len = sizeof(sin); 14770224baaSJan Lentfer sin.sin_family = AF_INET; 14870224baaSJan Lentfer sin.sin_addr = addr->v4; 14970224baaSJan Lentfer getnameinfo((struct sockaddr *)&sin, sin.sin_len, 15070224baaSJan Lentfer his_host, sizeof(his_host), NULL, 0, NI_NOFQDN); 15195cc27f0SJoerg Sonnenberger break; 15295cc27f0SJoerg Sonnenberger } 15395cc27f0SJoerg Sonnenberger case AF_INET6: { 15495cc27f0SJoerg Sonnenberger struct sockaddr_in6 sin6; 15595cc27f0SJoerg Sonnenberger 15695cc27f0SJoerg Sonnenberger memset(&sin6, 0, sizeof(sin6)); 15795cc27f0SJoerg Sonnenberger sin6.sin6_len = sizeof(sin6); 15895cc27f0SJoerg Sonnenberger sin6.sin6_family = AF_INET6; 15995cc27f0SJoerg Sonnenberger sin6.sin6_addr = addr->v6; 16095cc27f0SJoerg Sonnenberger getnameinfo((struct sockaddr *)&sin6, sin6.sin6_len, 16170224baaSJan Lentfer his_host, sizeof(his_host), NULL, 0, NI_NOFQDN); 16295cc27f0SJoerg Sonnenberger break; 16395cc27f0SJoerg Sonnenberger } 16495cc27f0SJoerg Sonnenberger } 16570224baaSJan Lentfer printf("%s", his_host); 16695cc27f0SJoerg Sonnenberger } 16795cc27f0SJoerg Sonnenberger 16895cc27f0SJoerg Sonnenberger void 169ed1f0be2SJan Lentfer print_host(struct pf_addr *addr, u_int16_t port, sa_family_t af, int opts) 17095cc27f0SJoerg Sonnenberger { 17195cc27f0SJoerg Sonnenberger if (opts & PF_OPT_USEDNS) 172ed1f0be2SJan Lentfer print_name(addr, af); 17395cc27f0SJoerg Sonnenberger else { 17495cc27f0SJoerg Sonnenberger struct pf_addr_wrap aw; 17595cc27f0SJoerg Sonnenberger 17695cc27f0SJoerg Sonnenberger memset(&aw, 0, sizeof(aw)); 177ed1f0be2SJan Lentfer aw.v.a.addr = *addr; 17895cc27f0SJoerg Sonnenberger if (af == AF_INET) 17995cc27f0SJoerg Sonnenberger aw.v.a.mask.addr32[0] = 0xffffffff; 18095cc27f0SJoerg Sonnenberger else { 18195cc27f0SJoerg Sonnenberger memset(&aw.v.a.mask, 0xff, sizeof(aw.v.a.mask)); 18295cc27f0SJoerg Sonnenberger af = AF_INET6; 18395cc27f0SJoerg Sonnenberger } 18495cc27f0SJoerg Sonnenberger print_addr(&aw, af, opts & PF_OPT_VERBOSE2); 18595cc27f0SJoerg Sonnenberger } 18695cc27f0SJoerg Sonnenberger 187ed1f0be2SJan Lentfer if (port) { 18895cc27f0SJoerg Sonnenberger if (af == AF_INET) 189ed1f0be2SJan Lentfer printf(":%u", ntohs(port)); 19095cc27f0SJoerg Sonnenberger else 191ed1f0be2SJan Lentfer printf("[%u]", ntohs(port)); 19295cc27f0SJoerg Sonnenberger } 19395cc27f0SJoerg Sonnenberger } 19495cc27f0SJoerg Sonnenberger 19595cc27f0SJoerg Sonnenberger void 196315a7da3SJan Lentfer print_seq(struct pfsync_state_peer *p) 19795cc27f0SJoerg Sonnenberger { 19895cc27f0SJoerg Sonnenberger if (p->seqdiff) 199ed1f0be2SJan Lentfer printf("[%u + %u](+%u)", ntohl(p->seqlo), 200ed1f0be2SJan Lentfer ntohl(p->seqhi) - ntohl(p->seqlo), ntohl(p->seqdiff)); 20195cc27f0SJoerg Sonnenberger else 202ed1f0be2SJan Lentfer printf("[%u + %u]", ntohl(p->seqlo), 203ed1f0be2SJan Lentfer ntohl(p->seqhi) - ntohl(p->seqlo)); 20495cc27f0SJoerg Sonnenberger } 20595cc27f0SJoerg Sonnenberger 20695cc27f0SJoerg Sonnenberger void 207315a7da3SJan Lentfer print_state(struct pfsync_state *s, int opts) 20895cc27f0SJoerg Sonnenberger { 209315a7da3SJan Lentfer struct pfsync_state_peer *src, *dst; 210ed1f0be2SJan Lentfer struct pfsync_state_key *sk, *nk; 21195cc27f0SJoerg Sonnenberger struct protoent *p; 21295cc27f0SJoerg Sonnenberger int min, sec; 21395cc27f0SJoerg Sonnenberger 21495cc27f0SJoerg Sonnenberger if (s->direction == PF_OUT) { 21595cc27f0SJoerg Sonnenberger src = &s->src; 21695cc27f0SJoerg Sonnenberger dst = &s->dst; 217ed1f0be2SJan Lentfer sk = &s->key[PF_SK_STACK]; 218ed1f0be2SJan Lentfer nk = &s->key[PF_SK_WIRE]; 219ed1f0be2SJan Lentfer if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6) 220ed1f0be2SJan Lentfer sk->port[0] = nk->port[0]; 22195cc27f0SJoerg Sonnenberger } else { 22295cc27f0SJoerg Sonnenberger src = &s->dst; 22395cc27f0SJoerg Sonnenberger dst = &s->src; 224ed1f0be2SJan Lentfer sk = &s->key[PF_SK_WIRE]; 225ed1f0be2SJan Lentfer nk = &s->key[PF_SK_STACK]; 226ed1f0be2SJan Lentfer if (s->proto == IPPROTO_ICMP || s->proto == IPPROTO_ICMPV6) 227ed1f0be2SJan Lentfer sk->port[1] = nk->port[1]; 22895cc27f0SJoerg Sonnenberger } 229315a7da3SJan Lentfer printf("%s ", s->ifname); 23095cc27f0SJoerg Sonnenberger if ((p = getprotobynumber(s->proto)) != NULL) 23195cc27f0SJoerg Sonnenberger printf("%s ", p->p_name); 23295cc27f0SJoerg Sonnenberger else 23395cc27f0SJoerg Sonnenberger printf("%u ", s->proto); 234ed1f0be2SJan Lentfer 235ed1f0be2SJan Lentfer print_host(&nk->addr[1], nk->port[1], s->af, opts); 236ed1f0be2SJan Lentfer if (PF_ANEQ(&nk->addr[1], &sk->addr[1], s->af) || 237ed1f0be2SJan Lentfer nk->port[1] != sk->port[1]) { 238ed1f0be2SJan Lentfer printf(" ("); 239ed1f0be2SJan Lentfer print_host(&sk->addr[1], sk->port[1], s->af, opts); 240ed1f0be2SJan Lentfer printf(")"); 24195cc27f0SJoerg Sonnenberger } 24295cc27f0SJoerg Sonnenberger if (s->direction == PF_OUT) 24395cc27f0SJoerg Sonnenberger printf(" -> "); 24495cc27f0SJoerg Sonnenberger else 24595cc27f0SJoerg Sonnenberger printf(" <- "); 246ed1f0be2SJan Lentfer print_host(&nk->addr[0], nk->port[0], s->af, opts); 247ed1f0be2SJan Lentfer if (PF_ANEQ(&nk->addr[0], &sk->addr[0], s->af) || 248ed1f0be2SJan Lentfer nk->port[0] != sk->port[0]) { 249ed1f0be2SJan Lentfer printf(" ("); 250ed1f0be2SJan Lentfer print_host(&sk->addr[0], sk->port[0], s->af, opts); 251ed1f0be2SJan Lentfer printf(")"); 252ed1f0be2SJan Lentfer } 25395cc27f0SJoerg Sonnenberger 25495cc27f0SJoerg Sonnenberger printf(" "); 25595cc27f0SJoerg Sonnenberger if (s->proto == IPPROTO_TCP) { 25695cc27f0SJoerg Sonnenberger if (src->state <= TCPS_TIME_WAIT && 25795cc27f0SJoerg Sonnenberger dst->state <= TCPS_TIME_WAIT) 25895cc27f0SJoerg Sonnenberger printf(" %s:%s\n", tcpstates[src->state], 25995cc27f0SJoerg Sonnenberger tcpstates[dst->state]); 26095cc27f0SJoerg Sonnenberger else if (src->state == PF_TCPS_PROXY_SRC || 26195cc27f0SJoerg Sonnenberger dst->state == PF_TCPS_PROXY_SRC) 26295cc27f0SJoerg Sonnenberger printf(" PROXY:SRC\n"); 26395cc27f0SJoerg Sonnenberger else if (src->state == PF_TCPS_PROXY_DST || 26495cc27f0SJoerg Sonnenberger dst->state == PF_TCPS_PROXY_DST) 26595cc27f0SJoerg Sonnenberger printf(" PROXY:DST\n"); 26695cc27f0SJoerg Sonnenberger else 26795cc27f0SJoerg Sonnenberger printf(" <BAD STATE LEVELS %u:%u>\n", 26895cc27f0SJoerg Sonnenberger src->state, dst->state); 26995cc27f0SJoerg Sonnenberger if (opts & PF_OPT_VERBOSE) { 27095cc27f0SJoerg Sonnenberger printf(" "); 27195cc27f0SJoerg Sonnenberger print_seq(src); 27295cc27f0SJoerg Sonnenberger if (src->wscale && dst->wscale) 27395cc27f0SJoerg Sonnenberger printf(" wscale %u", 27495cc27f0SJoerg Sonnenberger src->wscale & PF_WSCALE_MASK); 27595cc27f0SJoerg Sonnenberger printf(" "); 27695cc27f0SJoerg Sonnenberger print_seq(dst); 27795cc27f0SJoerg Sonnenberger if (src->wscale && dst->wscale) 27895cc27f0SJoerg Sonnenberger printf(" wscale %u", 27995cc27f0SJoerg Sonnenberger dst->wscale & PF_WSCALE_MASK); 28095cc27f0SJoerg Sonnenberger printf("\n"); 28195cc27f0SJoerg Sonnenberger } 28295cc27f0SJoerg Sonnenberger } else if (s->proto == IPPROTO_UDP && src->state < PFUDPS_NSTATES && 28395cc27f0SJoerg Sonnenberger dst->state < PFUDPS_NSTATES) { 28495cc27f0SJoerg Sonnenberger const char *states[] = PFUDPS_NAMES; 28595cc27f0SJoerg Sonnenberger 28695cc27f0SJoerg Sonnenberger printf(" %s:%s\n", states[src->state], states[dst->state]); 28795cc27f0SJoerg Sonnenberger } else if (s->proto != IPPROTO_ICMP && src->state < PFOTHERS_NSTATES && 28895cc27f0SJoerg Sonnenberger dst->state < PFOTHERS_NSTATES) { 28995cc27f0SJoerg Sonnenberger /* XXX ICMP doesn't really have state levels */ 29095cc27f0SJoerg Sonnenberger const char *states[] = PFOTHERS_NAMES; 29195cc27f0SJoerg Sonnenberger 29295cc27f0SJoerg Sonnenberger printf(" %s:%s\n", states[src->state], states[dst->state]); 29395cc27f0SJoerg Sonnenberger } else { 29495cc27f0SJoerg Sonnenberger printf(" %u:%u\n", src->state, dst->state); 29595cc27f0SJoerg Sonnenberger } 29695cc27f0SJoerg Sonnenberger 29795cc27f0SJoerg Sonnenberger if (opts & PF_OPT_VERBOSE) { 298ed1f0be2SJan Lentfer u_int64_t packets[2]; 299ed1f0be2SJan Lentfer u_int64_t bytes[2]; 300ed1f0be2SJan Lentfer u_int32_t creation = ntohl(s->creation); 301ed1f0be2SJan Lentfer u_int32_t expire = ntohl(s->expire); 302ed1f0be2SJan Lentfer 303ed1f0be2SJan Lentfer sec = creation % 60; 304ed1f0be2SJan Lentfer creation /= 60; 305ed1f0be2SJan Lentfer min = creation % 60; 306ed1f0be2SJan Lentfer creation /= 60; 307ed1f0be2SJan Lentfer printf(" age %.2u:%.2u:%.2u", creation, min, sec); 308ed1f0be2SJan Lentfer sec = expire % 60; 309ed1f0be2SJan Lentfer expire /= 60; 31095cc27f0SJoerg Sonnenberger min = s->expire % 60; 311ed1f0be2SJan Lentfer expire /= 60; 312ed1f0be2SJan Lentfer printf(", expires in %.2u:%.2u:%.2u", expire, min, sec); 313ed1f0be2SJan Lentfer 314ed1f0be2SJan Lentfer bcopy(s->packets[0], &packets[0], sizeof(u_int64_t)); 315ed1f0be2SJan Lentfer bcopy(s->packets[1], &packets[1], sizeof(u_int64_t)); 316ed1f0be2SJan Lentfer bcopy(s->bytes[0], &bytes[0], sizeof(u_int64_t)); 317ed1f0be2SJan Lentfer bcopy(s->bytes[1], &bytes[1], sizeof(u_int64_t)); 318ed1f0be2SJan Lentfer printf(", %llu:%llu pkts, %llu:%llu bytes", 319ed1f0be2SJan Lentfer be64toh(packets[0]), 320ed1f0be2SJan Lentfer be64toh(packets[1]), 321ed1f0be2SJan Lentfer be64toh(bytes[0]), 322ed1f0be2SJan Lentfer be64toh(bytes[1])); 323ed1f0be2SJan Lentfer if (ntohl(s->anchor) != -1) 324ed1f0be2SJan Lentfer printf(", anchor %u", ntohl(s->anchor)); 325ed1f0be2SJan Lentfer if (ntohl(s->rule) != -1) 326ed1f0be2SJan Lentfer printf(", rule %u", ntohl(s->rule)); 327ed1f0be2SJan Lentfer if (s->state_flags & PFSTATE_SLOPPY) 328ed1f0be2SJan Lentfer printf(", sloppy"); 329315a7da3SJan Lentfer if (s->sync_flags & PFSYNC_FLAG_SRCNODE) 33095cc27f0SJoerg Sonnenberger printf(", source-track"); 331315a7da3SJan Lentfer if (s->sync_flags & PFSYNC_FLAG_NATSRCNODE) 33295cc27f0SJoerg Sonnenberger printf(", sticky-address"); 33395cc27f0SJoerg Sonnenberger printf("\n"); 33495cc27f0SJoerg Sonnenberger } 33595cc27f0SJoerg Sonnenberger if (opts & PF_OPT_VERBOSE2) { 336ed1f0be2SJan Lentfer u_int64_t id; 337ed1f0be2SJan Lentfer 338ed1f0be2SJan Lentfer bcopy(&s->id, &id, sizeof(u_int64_t)); 339ed1f0be2SJan Lentfer printf(" id: %016jx creatorid: %08x", 340ed1f0be2SJan Lentfer be64toh(id), ntohl(s->creatorid)); 341ed1f0be2SJan Lentfer printf("\n"); 34295cc27f0SJoerg Sonnenberger } 34395cc27f0SJoerg Sonnenberger } 34495cc27f0SJoerg Sonnenberger 34595cc27f0SJoerg Sonnenberger int 34695cc27f0SJoerg Sonnenberger unmask(struct pf_addr *m, sa_family_t af __unused) 34795cc27f0SJoerg Sonnenberger { 34895cc27f0SJoerg Sonnenberger int i = 31, j = 0, b = 0; 34995cc27f0SJoerg Sonnenberger u_int32_t tmp; 35095cc27f0SJoerg Sonnenberger 35195cc27f0SJoerg Sonnenberger while (j < 4 && m->addr32[j] == 0xffffffff) { 35295cc27f0SJoerg Sonnenberger b += 32; 35395cc27f0SJoerg Sonnenberger j++; 35495cc27f0SJoerg Sonnenberger } 35595cc27f0SJoerg Sonnenberger if (j < 4) { 35695cc27f0SJoerg Sonnenberger tmp = ntohl(m->addr32[j]); 35795cc27f0SJoerg Sonnenberger for (i = 31; tmp & (1 << i); --i) 35895cc27f0SJoerg Sonnenberger b++; 35995cc27f0SJoerg Sonnenberger } 36095cc27f0SJoerg Sonnenberger return (b); 36195cc27f0SJoerg Sonnenberger } 362