* Brute force printk routines for looking at netfilter structures
@ 2002-12-17 20:16 Ranjeet Shetye
2002-12-17 20:37 ` Patrick Schaaf
0 siblings, 1 reply; 4+ messages in thread
From: Ranjeet Shetye @ 2002-12-17 20:16 UTC (permalink / raw)
To: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 1546 bytes --]
I was trying to understand how the various data values were being
transferred within the connection tracking and the nat modules.
Unfortunately, I dont have the brains of Einstein so I went for the
brute force method.
I slit open Netfilter's guts and printk'd the whole damn thing out. Its
gross, its not kernel-style or systems-style coding, but hey it let me
figure out what was happening inside the netfilter mechanism. I wrote my
own stuff instead of using the builtin print mechanisms cos I want to
see and understand EVERY variable, every pointer, every data value,
EVERYTHING!
Within one day, I have gained more confidence. Now you can too!!!! The
Amazing nf_debug.c method by the Kernel Professor. :D (legal disclaimer:
Results not typical of regular users.)
The kernel works really slowly with all the printks, like its stuck in
molasses. Since I am working with multiple kernel trees, I've put the
original copy in my home directory, and linked to it in the netfilter
dirs of every kernel I am interested in. Modify Makefile to add
nf_debug.o to the list of nat objects, run make dep, make bzimage, and
you should be set to observe a very slow kernel.
The way to use this file is to use it VERY sparingly, and you should
trigger the debug code using a SINGLE packet. YOU HAVE BEEN WARNED!
I am still adding some routines and will post a complete copy once I am
done.
Thanks,
Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
771 Vaqueros Avenue
Sunnyvale CA 94085
USA
Ranjeet.Shetye@Zultys.com
http://www.zultys.com/
[-- Attachment #2: nf_debug.c --]
[-- Type: application/octet-stream, Size: 11599 bytes --]
/* Written by Ranjeet dot Shetye at Zultys dot com */
#include <linux/types.h>
#include <linux/init.h>
#include <linux/netfilter.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/if.h>
#include <linux/netfilter_ipv4/ip_nat.h>
#include <linux/netfilter_ipv4/ip_nat_rule.h>
#include <linux/netfilter_ipv4/ip_nat_protocol.h>
#include "nf_debug.h"
signed int nf_debug_indent = 0;
#define NF_DPF(format, args...) \
{\
/* printk ("%s () at %s:%d ", __FUNCTION__, __FILE__, __LINE__); */\
{\
int i = 0;\
for ( i = 0; i < nf_debug_indent; i++)\
{\
printk ("\t");\
}\
}\
printk (format,##args);\
}
void my_print_ip_nat_manip_type (enum ip_nat_manip_type * maniptype)
{
nf_debug_indent++;
if (maniptype == NULL)
{
NF_DPF ("pointer to enum ip_nat_manip_type:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("enum ip_nat_manip_type:: [TBD]\n");
nf_debug_indent--;
return;
}
void my_print_ip_nat_hash (struct ip_nat_hash * hash)
{
nf_debug_indent++;
if (hash == NULL)
{
NF_DPF ("pointer to ip_nat_hash:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_nat_hash:: [TBD]\n");
nf_debug_indent--;
return;
}
void my_print_ip_nat_helper (struct ip_nat_helper * helper)
{
nf_debug_indent++;
if (helper == NULL)
{
NF_DPF ("pointer to ip_nat_helper:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_nat_helper:: [TBD]\n");
nf_debug_indent--;
return;
}
void my_print_ip_nat_info_manip (struct ip_nat_info_manip * manip)
{
nf_debug_indent++;
if (manip == NULL)
{
NF_DPF ("pointer to ip_nat_info_manip:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_nat_info_manip:: [TBD]\n");
nf_debug_indent--;
return;
}
void my_print_ip_nat_mapping_type (struct ip_nat_mapping_type * mapping_type)
{
nf_debug_indent++;
if (mapping_type == NULL)
{
NF_DPF ("pointer to ip_nat_mapping_type:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_nat_mapping_type:: [TBD]\n");
nf_debug_indent--;
return;
}
void my_print_ip_nat_seq (struct ip_nat_seq * seq)
{
nf_debug_indent++;
if (seq == NULL)
{
NF_DPF ("pointer to ip_nat_seq:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_nat_seq:: [TBD]\n");
nf_debug_indent--;
return;
}
void my_print_ip_ct_tcp (struct ip_ct_tcp * tcp)
{
nf_debug_indent++;
if (tcp == NULL)
{
NF_DPF ("pointer to ip_ct_tcp:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_ct_tcp:: [TBD]\n");
nf_debug_indent--;
return;
}
void my_print_ip_ct_icmp (struct ip_ct_icmp * icmp)
{
nf_debug_indent++;
if (icmp == NULL)
{
NF_DPF ("pointer to ip_ct_icmp:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_ct_icmp:: [TBD]\n");
nf_debug_indent--;
return;
}
void my_print_timer_list (struct timer_list * timerlist)
{
nf_debug_indent++;
if (timerlist == NULL)
{
NF_DPF ("pointer to timer_list:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("timer_list:: [TBD]\n");
nf_debug_indent--;
return;
}
void my_print_ip_conntrack_tuple_hash (struct ip_conntrack_tuple_hash * hash)
{
nf_debug_indent++;
if (hash == NULL)
{
NF_DPF ("pointer to ip_conntrack_tuple_hash:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_conntrack_tuple_hash:: [TBD]\n");
nf_debug_indent--;
return;
}
void my_print_ip_conntrack_manip_proto (union ip_conntrack_manip_proto * manip_proto)
{
nf_debug_indent++;
if (manip_proto == NULL)
{
NF_DPF ("pointer to ip_conntrack_manip_proto:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_conntrack_manip_proto::Union of all, icmp.id, tcp.port, "
"udp.port = %d\n", manip_proto->all);
nf_debug_indent--;
return;
}
void my_print_ip_nat_range (struct ip_nat_range * range)
{
nf_debug_indent++;
if (range == NULL)
{
NF_DPF ("pointer to ip_nat_range:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_nat_range::flags = %d\n", range->flags);
NF_DPF ("ip_nat_range::min_ip = 0x%08X\n", range->min_ip);
NF_DPF ("ip_nat_range::max_ip = 0x%08X\n", range->max_ip);
NF_DPF ("ip_nat_range::Union of min and max, of type ip_conntrack_manip_proto\n");
my_print_ip_conntrack_manip_proto (&(range->max));
nf_debug_indent--;
return;
}
void my_print_nf_conntrack (struct nf_conntrack * nfc_ptr)
{
nf_debug_indent++;
if (nfc_ptr == NULL)
{
NF_DPF ("pointer to nf_conntrack:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("nf_conntrack::use.counter = %d\n", nfc_ptr->use.counter);
NF_DPF ("nf_conntrack::(*destroy) = %p\n", nfc_ptr->destroy);
nf_debug_indent--;
return;
}
void my_print_list_head (struct list_head * list)
{
nf_debug_indent++;
if (list == NULL)
{
NF_DPF ("list_head:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("list_head::next is of type list_head\n");
my_print_list_head (list->next);
NF_DPF ("list_head::prev is of type list_head\n");
my_print_list_head (list->prev);
nf_debug_indent--;
return;
}
void my_print_ip_conntrack_expect (struct ip_conntrack_expect * expect)
{
nf_debug_indent++;
if (expect == NULL)
{
NF_DPF ("pointer to ip_conntrack_expect:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_conntrack_expect::expectant is of type ip_conntrack\n");
my_print_ip_conntrack (expect->expectant);
NF_DPF ("ip_conntrack_expect::list is of type struct list_head\n");
my_print_list_head (&(expect->list));
NF_DPF ("ip_conntrack_expect::mask is of type struct ip_conntrack_tuple\n");
my_print_ip_conntrack_tuple (&(expect->mask));
NF_DPF ("ip_conntrack_expect::tuple is of type struct ip_conntrack_tuple\n");
my_print_ip_conntrack_tuple (&(expect->tuple));
nf_debug_indent--;
return;
}
void my_print_ip_conntrack_helper (struct ip_conntrack_helper * helper)
{
nf_debug_indent++;
if (helper == NULL)
{
NF_DPF ("ip_conntrack_helper:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_conntrack_helper::list is of type struct list_head [TBD]\n");
/* my_print_list_head (helper->list); */
NF_DPF ("ip_conntrack_helper::mask is of type struct ip_conntrack_tuple [TBD]\n");
/* my_print_ip_conntrack_tuple (&(helper->mask)); */
NF_DPF ("ip_conntrack_helper::tuple is of type struct ip_conntrack_tuple [TBD]\n");
/* my_print_ip_conntrack_tuple (&(helper->tuple)); */
nf_debug_indent--;
return;
}
void my_print_nf_ct_info (struct nf_ct_info * info)
{
nf_debug_indent++;
if (info == NULL)
{
NF_DPF ("pointer to nf_nt_info:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("nf_ct_info::master is of type struct nf_conntrack *\n");
my_print_nf_conntrack (info->master);
nf_debug_indent--;
return;
}
void my_print_ip_nat_info (struct ip_nat_info * info)
{
int i = 0;
nf_debug_indent++;
if (info == NULL)
{
NF_DPF ("pointer to ip_nat_info:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_nat_info::byipsproto is of type struct ip_nat_hash\n");
my_print_ip_nat_hash (&(info->byipsproto));
NF_DPF ("ip_nat_info::bysource is of type struct ip_nat_hash\n");
my_print_ip_nat_hash (&(info->bysource));
NF_DPF ("ip_nat_info::helper is of type struct ip_nat_helper *\n");
my_print_ip_nat_helper (info->helper);
NF_DPF ("ip_nat_info::initialized = %d\n", info->initialized);
NF_DPF ("ip_nat_info::manips[IP_NAT_MAX_MANIPS] is an array of type struct ip_nat_info_manip\n");
for (i = 0; i < IP_NAT_MAX_MANIPS; i++)
{
NF_DPF ("ip_nat_info::manips[%d]\n", i);
my_print_ip_nat_info_manip (&(info->manips[i]));
}
NF_DPF ("ip_nat_info::mtype is of type struct ip_nat_mapping_type *\n");
my_print_ip_nat_mapping_type (info->mtype);
NF_DPF ("ip_nat_info::num_manips = %d\n", info->num_manips);
NF_DPF ("ip_nat_info::seq[IP_CT_DIR_MAX] is an array of type struct ip_nat_seq\n");
for (i = 0; i < IP_CT_DIR_MAX; i++)
{
NF_DPF ("ip_nat_info::seq[%d]\n", i);
my_print_ip_nat_seq (&(info->seq[i]));
}
nf_debug_indent--;
return;
}
void my_print_ip_conntrack (struct ip_conntrack *conntrack)
{
int i = 0;
nf_debug_indent++;
if (conntrack == NULL)
{
NF_DPF ("pointer to ip_conntrack:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_conntrack::ct_general is of type nf_conntrack\n");
my_print_nf_conntrack (&(conntrack->ct_general));
NF_DPF ("ip_conntrack::expected is of type ip_conntrack_expect\n");
my_print_ip_conntrack_expect (&(conntrack->expected));
NF_DPF ("ip_conntrack::help.ct_ftp_info is of type ip_ct_ftp [TBD]\n");
NF_DPF ("ip_conntrack::help.ct_irc_info is of type ip_ct_irc [TBD]\n");
NF_DPF ("ip_conntrack::helper is of type ip_conntrack_helper\n");
my_print_ip_conntrack_helper (conntrack->helper);
NF_DPF ("ip_conntrack::infos[IP_CT_NUMBER] is an array of type nf_ct_info\n");
for (i = 0; i < IP_CT_NUMBER; i++)
{
NF_DPF ("ip_conntrack::infos[%d]\n", i);
my_print_nf_ct_info (&(conntrack->infos[i]));
}
NF_DPF ("ip_conntrack::master is of type nf_ct_info\n");
my_print_nf_ct_info (&(conntrack->master));
NF_DPF ("ip_conntrack::nat is of type anonymous\n");
NF_DPF ("ip_conntrack::nat.masq_index=%d\n", conntrack->nat.masq_index);
NF_DPF ("ip_conntrack::nat.info is of type ip_nat_info\n");
my_print_ip_nat_info (&(conntrack->nat.info));
NF_DPF ("ip_conntrack::Union of tcp and icmp, of type anonymous\n");
my_print_ip_ct_tcp (&(conntrack->proto.tcp));
my_print_ip_ct_icmp (&(conntrack->proto.icmp));
NF_DPF ("ip_conntrack::status = %lu\n", conntrack->status);
NF_DPF ("ip_conntrack::timeout is of type struct timer_list\n");
my_print_timer_list (&(conntrack->timeout));
NF_DPF ("ip_conntrack::tuplehash[IP_CT_DIR_MAX] is an array of type struct ip_conntrack_tuple_hash\n");
for (i = 0; i < IP_CT_DIR_MAX; i++)
{
NF_DPF ("ip_conntrack::tuplehash[%d]\n", i);
my_print_ip_conntrack_tuple_hash (&(conntrack->tuplehash[i]));
}
nf_debug_indent--;
return;
}
void my_print_ip_conntrack_tuple (struct ip_conntrack_tuple *tuple)
{
nf_debug_indent++;
if (tuple == NULL)
{
NF_DPF ("pointer to ip_conntrack_tuple:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_conntrack_tuple::dst.ip = 0x%08X\n", tuple->dst.ip);
NF_DPF ("ip_conntrack_tuple::dst.protonum = %d\n", tuple->dst.protonum);
NF_DPF ("ip_conntrack_tuple::Union of dst.u.all, dst.u.icmp.id, dst.u.tcp.port, "
"dst.u.udp.port = %d\n", tuple->dst.u.all);
NF_DPF ("ip_conntrack_tuple::src is of type ip_conntrack_manip\n");
my_print_ip_conntrack_manip (&(tuple->src));
nf_debug_indent--;
return;
}
void my_print_maniptype (enum ip_nat_manip_type maniptype)
{
nf_debug_indent++;
if (maniptype == IP_NAT_MANIP_SRC)
{
NF_DPF ("ip_nat_manip_type::IP_NAT_MANIP_SRC\n");
}
else if (maniptype == IP_NAT_MANIP_DST)
{
NF_DPF ("ip_nat_manip_type::IP_NAT_MANIP_DST\n");
}
else
{
NF_DPF ("ip_nat_manip_type::maniptype=%d (Unknown)\n", maniptype);
}
nf_debug_indent--;
return;
}
void my_print_ip_conntrack_manip (struct ip_conntrack_manip * manip)
{
nf_debug_indent++;
if (manip == NULL)
{
NF_DPF ("pointer to ip_conntrack_manip:: is NULL\n");
nf_debug_indent--;
return;
}
NF_DPF ("ip_conntrack_manip::ip = 0x%08X\n", manip->ip);
NF_DPF ("ip_conntrack_manip::u is of type ip_conntrack_manip_proto\n");
my_print_ip_conntrack_manip_proto (&(manip->u));
nf_debug_indent--;
return;
}
[-- Attachment #3: nf_debug.h --]
[-- Type: application/octet-stream, Size: 1848 bytes --]
#ifndef _NF_DEBUG_H_
#define _NF_DEBUG_H_
/* Written by Ranjeet dot Shetye at Zultys dot com */
#include <linux/types.h>
#include <linux/init.h>
#include <linux/netfilter.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/if.h>
#include <linux/netfilter_ipv4/ip_nat.h>
#include <linux/netfilter_ipv4/ip_nat_rule.h>
#include <linux/netfilter_ipv4/ip_nat_protocol.h>
void my_print_ip_nat_manip_type (enum ip_nat_manip_type * maniptype);
void my_print_ip_nat_hash (struct ip_nat_hash * hash);
void my_print_ip_nat_helper (struct ip_nat_helper * helper);
void my_print_ip_nat_info_manip (struct ip_nat_info_manip * manip);
void my_print_ip_nat_mapping_type (struct ip_nat_mapping_type * mapping_type);
void my_print_ip_nat_seq (struct ip_nat_seq * seq);
void my_print_ip_ct_tcp (struct ip_ct_tcp * tcp);
void my_print_ip_ct_icmp (struct ip_ct_icmp * icmp);
void my_print_timer_list (struct timer_list * timerlist);
void my_print_ip_conntrack_tuple_hash (struct ip_conntrack_tuple_hash * hash);
void my_print_ip_conntrack_manip_proto (union ip_conntrack_manip_proto * manip_proto);
void my_print_ip_nat_range (struct ip_nat_range * range);
void my_print_nf_conntrack (struct nf_conntrack * nfc_ptr);
void my_print_list_head (struct list_head * list);
void my_print_ip_conntrack_expect (struct ip_conntrack_expect * expect);
void my_print_ip_conntrack_helper (struct ip_conntrack_helper * helper);
void my_print_nf_ct_info (struct nf_ct_info * info);
void my_print_ip_nat_info (struct ip_nat_info * info);
void my_print_ip_conntrack (struct ip_conntrack *conntrack);
void my_print_ip_conntrack_tuple (struct ip_conntrack_tuple *tuple);
void my_print_maniptype (enum ip_nat_manip_type maniptype);
void my_print_ip_conntrack_manip (struct ip_conntrack_manip * manip);
#endif /* _NF_DEBUG_H_ */
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: Brute force printk routines for looking at netfilter structures
2002-12-17 20:16 Brute force printk routines for looking at netfilter structures Ranjeet Shetye
@ 2002-12-17 20:37 ` Patrick Schaaf
2002-12-17 23:07 ` Patrick Schaaf
0 siblings, 1 reply; 4+ messages in thread
From: Patrick Schaaf @ 2002-12-17 20:37 UTC (permalink / raw)
To: Ranjeet Shetye; +Cc: netfilter-devel
Hello "Kernel Professor" :-)
some quick and dirty comments, after cursory reading of nf_debug.c:
> signed int nf_debug_indent = 0;
Why signed? Anyway, this will fall on its face on SMP systems.
Cure: use atomic_t.
I bet you can speed up your NF_DPF macro a lot. Try this:
#define NF_DPF(format, args...) \
{ \
printk( \
"%s() at %s:%d " \
"%.*s" \
format , \
__FUNCTION__, __FILE__, __LINE__, \
nf_debug_indent, "\t", \
##args ); \
}
(Lightly tested; note that with that macro 'format' has to be
a string constant)
best regards
Patrick
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: Brute force printk routines for looking at netfilter structures
2002-12-17 20:37 ` Patrick Schaaf
@ 2002-12-17 23:07 ` Patrick Schaaf
2002-12-18 20:49 ` nf_debug.c version 0.2 Ranjeet Shetye
0 siblings, 1 reply; 4+ messages in thread
From: Patrick Schaaf @ 2002-12-17 23:07 UTC (permalink / raw)
To: Patrick Schaaf; +Cc: Ranjeet Shetye, netfilter-devel
> > signed int nf_debug_indent = 0;
>
> Why signed? Anyway, this will fall on its face on SMP systems.
> Cure: use atomic_t.
Ahem. Given the application, a per-cpu nf_debug_indent would be
the proper cure, together with preventing preemption whenever
nf_debug_indent is above 0. You can then also printk the CPU
number along with the rest :-)
best regards
Patrick
^ permalink raw reply [flat|nested] 4+ messages in thread
* nf_debug.c version 0.2
2002-12-17 23:07 ` Patrick Schaaf
@ 2002-12-18 20:49 ` Ranjeet Shetye
0 siblings, 0 replies; 4+ messages in thread
From: Ranjeet Shetye @ 2002-12-18 20:49 UTC (permalink / raw)
To: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 523 bytes --]
This code is more complete and works well enough for me. Let me know if
you run into any problems.
If the interconnection complexity of the various NAT structs intimidates
you, this code should help clear up the internal organization. As
before, use it absolutely SPARINGLY.
Thanks to everyone for pointing out mistakes / corrections /
improvements and helping me.
Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
771 Vaqueros Avenue
Sunnyvale CA 94085
USA
Ranjeet.Shetye@Zultys.com
http://www.zultys.com/
[-- Attachment #2: nf_debug.h --]
[-- Type: application/octet-stream, Size: 2128 bytes --]
#ifndef _NF_DEBUG_H_
#define _NF_DEBUG_H_
/* Written by Ranjeet dot Shetye at Zultys dot com */
#include <linux/types.h>
#include <linux/init.h>
#include <linux/netfilter.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/if.h>
#include <linux/netfilter_ipv4/ip_nat.h>
#include <linux/netfilter_ipv4/ip_nat_rule.h>
#include <linux/netfilter_ipv4/ip_nat_protocol.h>
void my_print_ip_nat_hash (const struct ip_nat_hash * hash);
void my_print_ip_nat_helper (const struct ip_nat_helper * helper);
void my_print_ip_conntrack_dir (const enum ip_conntrack_dir * dir);
void my_print_ip_nat_info_manip (const struct ip_nat_info_manip * manip);
void my_print_ip_nat_seq (const struct ip_nat_seq * seq);
void my_print_tcp_conntrack_state (const enum tcp_conntrack * state);
void my_print_ip_ct_tcp (const struct ip_ct_tcp * tcp);
void my_print_ip_ct_ftp (const struct ip_ct_ftp * ftp);
void my_print_ip_ct_irc (const struct ip_ct_irc * irc);
void my_print_atomic_t (const atomic_t * atom);
void my_print_ip_ct_icmp (const struct ip_ct_icmp * icmp);
void my_print_timer_list (const struct timer_list * timerlist);
void my_print_ip_conntrack_tuple_hash (const struct ip_conntrack_tuple_hash * hash);
void my_print_ip_conntrack_manip_proto (const union ip_conntrack_manip_proto * manip_proto);
void my_print_ip_nat_range (const struct ip_nat_range * range);
void my_print_nf_conntrack (const struct nf_conntrack * nfc_ptr);
void my_print_list_head (const struct list_head * list);
void my_print_ip_conntrack_expect (const struct ip_conntrack_expect * expect);
void my_print_ip_conntrack_helper (const struct ip_conntrack_helper * helper);
void my_print_nf_ct_info (const struct nf_ct_info * info);
void my_print_ip_nat_info (const struct ip_nat_info * info);
void my_print_ip_conntrack (const struct ip_conntrack *conntrack);
void my_print_ip_conntrack_tuple (const struct ip_conntrack_tuple *tuple);
void my_print_ip_nat_manip_type (const enum ip_nat_manip_type * maniptype);
void my_print_ip_conntrack_manip (const struct ip_conntrack_manip * manip);
#endif /* _NF_DEBUG_H_ */
[-- Attachment #3: nf_debug.c --]
[-- Type: application/octet-stream, Size: 17723 bytes --]
/* Written by Ranjeet dot Shetye at Zultys dot com */
#include <linux/types.h>
#include <linux/init.h>
#include <linux/netfilter.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/if.h>
#include <linux/netfilter_ipv4/ip_nat.h>
#include <linux/netfilter_ipv4/ip_nat_rule.h>
#include <linux/netfilter_ipv4/ip_nat_protocol.h>
#include "nf_debug.h"
atomic_t nf_debug_indent = { 0 };
#if 0
/* printk ("%s () at %s:%d ", __FUNCTION__, __FILE__, __LINE__); */\
#endif /* 0 */
unsigned char tabs[] = "\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t";
#define NF_DPF(format, args...) \
{\
printk ("%.*s", nf_debug_indent.counter, tabs);\
printk (format,##args);\
}
void my_print_ip_nat_hash (const struct ip_nat_hash * hash)
{
atomic_inc (&nf_debug_indent);
if (hash == NULL)
{
NF_DPF ("pointer to ip_nat_hash:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
NF_DPF ("ip_nat_hash::list is of type struct list_head\n");
my_print_list_head (&(hash->list));
NF_DPF ("ip_nat_hash::conntrack is of type struct ip_conntrack\n");
my_print_ip_conntrack (hash->conntrack);
atomic_dec (&nf_debug_indent);
return;
}
void my_print_ip_nat_helper (const struct ip_nat_helper * helper)
{
atomic_inc (&nf_debug_indent);
if (helper == NULL)
{
NF_DPF ("pointer to ip_nat_helper:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
NF_DPF ("ip_nat_helper::list is of type struct list_head [helper TBD]\n");
/* my_print_list_head (&(helper->list)); */
NF_DPF ("ip_nat_helper::mask is of type struct ip_conntrack_tuple [helper TBD]\n");
/* my_print_ip_conntrack_tuple (&(helper->mask)); */
NF_DPF ("ip_nat_helper::tuple is of type struct ip_conntrack_tuple [helper TBD]\n");
/* my_print_ip_conntrack_tuple (&(helper->tuple)); */
NF_DPF ("ip_nat_helper::name [helper TBD]\n");
/* NF_DPF ("ip_nat_helper::name = %s\n", helper->name); */
NF_DPF ("ip_nat_helper::(*help) [helper TBD]\n");
/* NF_DPF ("ip_nat_helper::(*help) = %p\n", helper->help); */
atomic_dec (&nf_debug_indent);
return;
}
void my_print_ip_conntrack_dir (const enum ip_conntrack_dir * dir)
{
atomic_inc (&nf_debug_indent);
if (dir == NULL)
{
NF_DPF ("pointer to ip_conntrack_dir:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
switch (*dir)
{
case IP_CT_DIR_MAX:
NF_DPF ("ip_conntrack_dir::IP_CT_DIR_MAX\n");
break;
case IP_CT_DIR_ORIGINAL:
NF_DPF ("ip_conntrack_dir::IP_CT_DIR_ORIGINAL\n");
break;
case IP_CT_DIR_REPLY:
NF_DPF ("ip_conntrack_dir::IP_CT_DIR_REPLY\n");
break;
default:
NF_DPF ("ip_conntrack_dir::%d (Unknown)\n", *dir);
break;
}
atomic_dec (&nf_debug_indent);
return;
}
void my_print_ip_nat_info_manip (const struct ip_nat_info_manip * manip)
{
atomic_inc (&nf_debug_indent);
if (manip == NULL)
{
NF_DPF ("pointer to ip_nat_info_manip:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
NF_DPF ("ip_nat_info_manip::direction is of type u_int8_t\n");
my_print_ip_conntrack_dir ((enum ip_conntrack_dir *) &(manip->direction));
NF_DPF ("ip_nat_info_manip::hooknum = %u\n", manip->hooknum);
NF_DPF ("ip_nat_info_manip::maniptype is of type u_int8_t\n");
my_print_ip_nat_manip_type ((enum ip_nat_manip_type *) &(manip->maniptype));
NF_DPF ("ip_nat_info_manip::manip is of type struct ip_conntrack_manip\n");
my_print_ip_conntrack_manip (&(manip->manip));
atomic_dec (&nf_debug_indent);
return;
}
void my_print_ip_nat_seq (const struct ip_nat_seq * seq)
{
atomic_inc (&nf_debug_indent);
if (seq == NULL)
{
NF_DPF ("pointer to ip_nat_seq:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
NF_DPF ("ip_nat_seq::correction_pos = %u\n", seq->correction_pos);
NF_DPF ("ip_nat_seq::offset_before = %d\n", seq->offset_before);
NF_DPF ("ip_nat_seq::offset_after = %d\n", seq->offset_after);
atomic_dec (&nf_debug_indent);
return;
}
void my_print_tcp_conntrack_state (const enum tcp_conntrack * state)
{
atomic_inc (&nf_debug_indent);
if (state == NULL)
{
NF_DPF ("pointer to enum tcp_conntrack:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
switch (*state)
{
case TCP_CONNTRACK_NONE:
NF_DPF ("tcp_conntrack::TCP_CONNTRACK_NONE\n");
break;
case TCP_CONNTRACK_ESTABLISHED:
NF_DPF ("tcp_conntrack::TCP_CONNTRACK_ESTABLISHED\n");
break;
case TCP_CONNTRACK_SYN_SENT:
NF_DPF ("tcp_conntrack::TCP_CONNTRACK_SYN_SENT\n");
break;
case TCP_CONNTRACK_SYN_RECV:
NF_DPF ("tcp_conntrack::TCP_CONNTRACK_SYN_RECV\n");
break;
case TCP_CONNTRACK_FIN_WAIT:
NF_DPF ("tcp_conntrack::TCP_CONNTRACK_FIN_WAIT\n");
break;
case TCP_CONNTRACK_TIME_WAIT:
NF_DPF ("tcp_conntrack::TCP_CONNTRACK_TIME_WAIT\n");
break;
case TCP_CONNTRACK_CLOSE:
NF_DPF ("tcp_conntrack::TCP_CONNTRACK_CLOSE\n");
break;
case TCP_CONNTRACK_CLOSE_WAIT:
NF_DPF ("tcp_conntrack::TCP_CONNTRACK_CLOSE_WAIT\n");
break;
case TCP_CONNTRACK_LAST_ACK:
NF_DPF ("tcp_conntrack::TCP_CONNTRACK_LAST_ACK\n");
break;
case TCP_CONNTRACK_LISTEN:
NF_DPF ("tcp_conntrack::TCP_CONNTRACK_LISTEN\n");
break;
case TCP_CONNTRACK_MAX:
NF_DPF ("tcp_conntrack::TCP_CONNTRACK_MAX\n");
break;
default:
NF_DPF ("tcp_conntrack::%d (Unknown)\n", *state);
break;
}
atomic_dec (&nf_debug_indent);
return;
}
void my_print_ip_ct_tcp (const struct ip_ct_tcp * tcp)
{
atomic_inc (&nf_debug_indent);
if (tcp == NULL)
{
NF_DPF ("pointer to ip_ct_tcp:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
NF_DPF ("ip_ct_tcp::handshake_ack = %u\n", tcp->handshake_ack);
NF_DPF ("ip_ct_tcp::state is of type enum tcp_conntrack\n");
my_print_tcp_conntrack_state (&(tcp->state));
atomic_dec (&nf_debug_indent);
return;
}
void my_print_ip_ct_ftp (const struct ip_ct_ftp * ftp)
{
atomic_inc (&nf_debug_indent);
if (ftp == NULL)
{
NF_DPF ("pointer to ip_ct_ftp:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
NF_DPF ("ip_ct_ftp:: [TBD]\n");
atomic_dec (&nf_debug_indent);
return;
}
void my_print_ip_ct_irc (const struct ip_ct_irc * irc)
{
atomic_inc (&nf_debug_indent);
if (irc == NULL)
{
NF_DPF ("pointer to ip_ct_irc:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
NF_DPF ("ip_ct_irc:: [TBD]\n");
atomic_dec (&nf_debug_indent);
return;
}
void my_print_atomic_t (const atomic_t * atom)
{
atomic_inc (&nf_debug_indent);
if (atom == NULL)
{
NF_DPF ("pointer to atomic_t:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
NF_DPF ("atomic_t::counter = %d\n", atom->counter);
atomic_dec (&nf_debug_indent);
return;
}
void my_print_ip_ct_icmp (const struct ip_ct_icmp * icmp)
{
atomic_inc (&nf_debug_indent);
if (icmp == NULL)
{
NF_DPF ("pointer to ip_ct_icmp:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
NF_DPF ("ip_ct_icmp::count is of type atomic_t\n");
my_print_atomic_t (&(icmp->count));
atomic_dec (&nf_debug_indent);
return;
}
void my_print_timer_list (const struct timer_list * timerlist)
{
atomic_inc (&nf_debug_indent);
if (timerlist == NULL)
{
NF_DPF ("pointer to timer_list:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
NF_DPF ("timer_list::data = %lu\n", timerlist->data);
NF_DPF ("timer_list::expires = %lu\n", timerlist->expires);
NF_DPF ("timer_list::(*function) = %p\n", timerlist->function);
NF_DPF ("timer_list::list is of type struct list_head\n");
my_print_list_head (&(timerlist->list));
atomic_dec (&nf_debug_indent);
return;
}
void my_print_ip_conntrack_tuple_hash (const struct ip_conntrack_tuple_hash * hash)
{
atomic_inc (&nf_debug_indent);
if (hash == NULL)
{
NF_DPF ("pointer to ip_conntrack_tuple_hash:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
NF_DPF ("ip_conntrack_tuple_hash::list is of type struct list_head\n");
my_print_list_head (&(hash->list));
NF_DPF ("ip_conntrack_tuple_hash::tuple is of type struct ip_conntrack_tuple\n");
my_print_ip_conntrack_tuple (&(hash->tuple));
NF_DPF ("ip_conntrack_tuple_hash::ctrack is of type struct ip_conntrack * (pointer back to parent)\n");
/* my_print_ip_conntrack (hash->ctrack); */
atomic_dec (&nf_debug_indent);
return;
}
void my_print_ip_conntrack_manip_proto (const union ip_conntrack_manip_proto * manip_proto)
{
atomic_inc (&nf_debug_indent);
if (manip_proto == NULL)
{
NF_DPF ("pointer to ip_conntrack_manip_proto:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
NF_DPF ("ip_conntrack_manip_proto::Union of all, icmp.id, tcp.port, "
"udp.port = %d\n", manip_proto->all);
atomic_dec (&nf_debug_indent);
return;
}
void my_print_ip_nat_range (const struct ip_nat_range * range)
{
atomic_inc (&nf_debug_indent);
if (range == NULL)
{
NF_DPF ("pointer to ip_nat_range:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
NF_DPF ("ip_nat_range::flags = %d\n", range->flags);
NF_DPF ("ip_nat_range::min_ip = 0x%08X\n", range->min_ip);
NF_DPF ("ip_nat_range::max_ip = 0x%08X\n", range->max_ip);
NF_DPF ("ip_nat_range::min is of type union ip_conntrack_manip_proto\n");
my_print_ip_conntrack_manip_proto (&(range->min));
NF_DPF ("ip_nat_range::max is of type union ip_conntrack_manip_proto\n");
my_print_ip_conntrack_manip_proto (&(range->max));
atomic_dec (&nf_debug_indent);
return;
}
void my_print_nf_conntrack (const struct nf_conntrack * nfc_ptr)
{
atomic_inc (&nf_debug_indent);
if (nfc_ptr == NULL)
{
NF_DPF ("pointer to nf_conntrack:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
NF_DPF ("nf_conntrack::use.counter = %d\n", nfc_ptr->use.counter);
NF_DPF ("nf_conntrack::(*destroy) = %p\n", nfc_ptr->destroy);
atomic_dec (&nf_debug_indent);
return;
}
void my_print_list_head (const struct list_head * list)
{
atomic_inc (&nf_debug_indent);
if (list == NULL)
{
NF_DPF ("list_head:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
NF_DPF ("list_head::next is of type struct list_head\n");
my_print_list_head (list->next);
NF_DPF ("list_head::prev is of type struct list_head\n");
my_print_list_head (list->prev);
atomic_dec (&nf_debug_indent);
return;
}
void my_print_ip_conntrack_expect (const struct ip_conntrack_expect * expect)
{
atomic_inc (&nf_debug_indent);
if (expect == NULL)
{
NF_DPF ("pointer to ip_conntrack_expect:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
NF_DPF ("ip_conntrack_expect::expectant is of type struct ip_conntrack\n");
my_print_ip_conntrack (expect->expectant);
NF_DPF ("ip_conntrack_expect::list is of type struct list_head\n");
my_print_list_head (&(expect->list));
NF_DPF ("ip_conntrack_expect::mask is of type struct ip_conntrack_tuple\n");
my_print_ip_conntrack_tuple (&(expect->mask));
NF_DPF ("ip_conntrack_expect::tuple is of type struct ip_conntrack_tuple\n");
my_print_ip_conntrack_tuple (&(expect->tuple));
atomic_dec (&nf_debug_indent);
return;
}
void my_print_ip_conntrack_helper (const struct ip_conntrack_helper * helper)
{
atomic_inc (&nf_debug_indent);
if (helper == NULL)
{
NF_DPF ("ip_conntrack_helper:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
NF_DPF ("ip_conntrack_helper::list is of type struct list_head [helper TBD]\n");
/* my_print_list_head (helper->list); */
NF_DPF ("ip_conntrack_helper::mask is of type struct ip_conntrack_tuple [helper TBD]\n");
/* my_print_ip_conntrack_tuple (&(helper->mask)); */
NF_DPF ("ip_conntrack_helper::tuple is of type struct ip_conntrack_tuple [helper TBD]\n");
/* my_print_ip_conntrack_tuple (&(helper->tuple)); */
atomic_dec (&nf_debug_indent);
return;
}
void my_print_nf_ct_info (const struct nf_ct_info * info)
{
atomic_inc (&nf_debug_indent);
if (info == NULL)
{
NF_DPF ("pointer to nf_nt_info:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
NF_DPF ("nf_ct_info::master is of type struct nf_conntrack *\n");
my_print_nf_conntrack (info->master);
atomic_dec (&nf_debug_indent);
return;
}
void my_print_ip_nat_info (const struct ip_nat_info * info)
{
int i = 0;
atomic_inc (&nf_debug_indent);
if (info == NULL)
{
NF_DPF ("pointer to ip_nat_info:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
NF_DPF ("ip_nat_info::byipsproto is of type struct ip_nat_hash\n");
my_print_ip_nat_hash (&(info->byipsproto));
NF_DPF ("ip_nat_info::bysource is of type struct ip_nat_hash\n");
my_print_ip_nat_hash (&(info->bysource));
NF_DPF ("ip_nat_info::helper is of type struct ip_nat_helper *\n");
my_print_ip_nat_helper (info->helper);
NF_DPF ("ip_nat_info::initialized = %d\n", info->initialized);
NF_DPF ("ip_nat_info::manips[IP_NAT_MAX_MANIPS] is an array of type struct ip_nat_info_manip\n");
for (i = 0; i < IP_NAT_MAX_MANIPS; i++)
{
NF_DPF ("ip_nat_info::manips[%d]\n", i);
my_print_ip_nat_info_manip (&(info->manips[i]));
}
NF_DPF ("ip_nat_info::mtype is of type struct ip_nat_mapping_type * (deprecated)\n");
NF_DPF ("ip_nat_info::num_manips = %d\n", info->num_manips);
NF_DPF ("ip_nat_info::seq[IP_CT_DIR_MAX] is an array of type struct ip_nat_seq\n");
for (i = 0; i < IP_CT_DIR_MAX; i++)
{
NF_DPF ("ip_nat_info::seq[%d]\n", i);
my_print_ip_nat_seq (&(info->seq[i]));
}
atomic_dec (&nf_debug_indent);
return;
}
void my_print_ip_conntrack (const struct ip_conntrack *conntrack)
{
int i = 0;
atomic_inc (&nf_debug_indent);
if (conntrack == NULL)
{
NF_DPF ("pointer to ip_conntrack:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
NF_DPF ("ip_conntrack::ct_general is of type struct nf_conntrack\n");
my_print_nf_conntrack (&(conntrack->ct_general));
NF_DPF ("ip_conntrack::expected is of type struct ip_conntrack_expect\n");
my_print_ip_conntrack_expect (&(conntrack->expected));
NF_DPF ("ip_conntrack::help.ct_ftp_info is of type struct ip_ct_ftp\n");
my_print_ip_ct_ftp (&(conntrack->help.ct_ftp_info));
NF_DPF ("ip_conntrack::help.ct_irc_info is of type struct ip_ct_irc\n");
my_print_ip_ct_irc (&(conntrack->help.ct_irc_info));
NF_DPF ("ip_conntrack::helper is of type struct ip_conntrack_helper\n");
my_print_ip_conntrack_helper (conntrack->helper);
NF_DPF ("ip_conntrack::infos[IP_CT_NUMBER] is an array of type nf_ct_info\n");
for (i = 0; i < IP_CT_NUMBER; i++)
{
NF_DPF ("ip_conntrack::infos[%d]\n", i);
my_print_nf_ct_info (&(conntrack->infos[i]));
}
NF_DPF ("ip_conntrack::master is of type struct nf_ct_info\n");
my_print_nf_ct_info (&(conntrack->master));
NF_DPF ("ip_conntrack::nat is of type struct nat (anonymous)\n");
NF_DPF ("ip_conntrack::nat.masq_index=%d\n", conntrack->nat.masq_index);
NF_DPF ("ip_conntrack::nat.info is of type struct ip_nat_info\n");
my_print_ip_nat_info (&(conntrack->nat.info));
NF_DPF ("ip_conntrack::Union of tcp of type struct ip_ct_tcp, and icmp of type struct ip_ct_icmp\n");
my_print_ip_ct_tcp (&(conntrack->proto.tcp));
my_print_ip_ct_icmp (&(conntrack->proto.icmp));
NF_DPF ("ip_conntrack::status = %lu\n", conntrack->status);
NF_DPF ("ip_conntrack::timeout is of type struct timer_list\n");
my_print_timer_list (&(conntrack->timeout));
NF_DPF ("ip_conntrack::tuplehash[IP_CT_DIR_MAX] is an array of type struct ip_conntrack_tuple_hash\n");
for (i = 0; i < IP_CT_DIR_MAX; i++)
{
NF_DPF ("ip_conntrack::tuplehash[%d]\n", i);
my_print_ip_conntrack_tuple_hash (&(conntrack->tuplehash[i]));
}
atomic_dec (&nf_debug_indent);
return;
}
void my_print_ip_conntrack_tuple (const struct ip_conntrack_tuple *tuple)
{
atomic_inc (&nf_debug_indent);
if (tuple == NULL)
{
NF_DPF ("pointer to ip_conntrack_tuple:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
NF_DPF ("ip_conntrack_tuple::dst.ip = 0x%08X\n", tuple->dst.ip);
NF_DPF ("ip_conntrack_tuple::dst.protonum = %d\n", tuple->dst.protonum);
NF_DPF ("ip_conntrack_tuple::Union of dst.u.all, dst.u.icmp.type & dst.u.icmp.port, dst.u.tcp.port, "
"dst.u.udp.port = %d\n", tuple->dst.u.all);
NF_DPF ("ip_conntrack_tuple::src is of type struct ip_conntrack_manip\n");
my_print_ip_conntrack_manip (&(tuple->src));
atomic_dec (&nf_debug_indent);
return;
}
void my_print_ip_nat_manip_type (const enum ip_nat_manip_type * maniptype)
{
atomic_inc (&nf_debug_indent);
if (maniptype == NULL)
{
NF_DPF ("pointer to enum ip_nat_manip_type:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
switch (*maniptype)
{
case IP_NAT_MANIP_SRC:
NF_DPF ("ip_nat_manip_type::IP_NAT_MANIP_SRC\n");
break;
case IP_NAT_MANIP_DST:
NF_DPF ("ip_nat_manip_type::IP_NAT_MANIP_DST\n");
break;
default:
NF_DPF ("ip_nat_manip_type::%d (Unknown)\n", *maniptype);
break;
}
atomic_dec (&nf_debug_indent);
return;
}
void my_print_ip_conntrack_manip (const struct ip_conntrack_manip * manip)
{
atomic_inc (&nf_debug_indent);
if (manip == NULL)
{
NF_DPF ("pointer to ip_conntrack_manip:: is NULL\n");
atomic_dec (&nf_debug_indent);
return;
}
NF_DPF ("ip_conntrack_manip::ip = 0x%08X\n", manip->ip);
NF_DPF ("ip_conntrack_manip::u is of type struct ip_conntrack_manip_proto\n");
my_print_ip_conntrack_manip_proto (&(manip->u));
atomic_dec (&nf_debug_indent);
return;
}
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2002-12-18 20:49 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-12-17 20:16 Brute force printk routines for looking at netfilter structures Ranjeet Shetye
2002-12-17 20:37 ` Patrick Schaaf
2002-12-17 23:07 ` Patrick Schaaf
2002-12-18 20:49 ` nf_debug.c version 0.2 Ranjeet Shetye
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.