2007-04-15 00:17:19 +04:00
|
|
|
/* $NetBSD: ipftest.c,v 1.1.1.5 2007/04/14 20:17:34 martin Exp $ */
|
2004-03-28 12:55:20 +04:00
|
|
|
|
|
|
|
/*
|
2007-04-15 00:17:19 +04:00
|
|
|
* Copyright (C) 2002-2006 by Darren Reed.
|
2004-03-28 12:55:20 +04:00
|
|
|
*
|
|
|
|
* See the IPFILTER.LICENCE file for details on licencing.
|
|
|
|
*/
|
|
|
|
#include "ipf.h"
|
|
|
|
#include "ipt.h"
|
|
|
|
#include <sys/ioctl.h>
|
|
|
|
#include <sys/file.h>
|
|
|
|
|
|
|
|
#if !defined(lint)
|
|
|
|
static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed";
|
2007-04-15 00:17:19 +04:00
|
|
|
static const char rcsid[] = "@(#)Id: ipftest.c,v 1.44.2.13 2006/12/12 16:13:01 darrenr Exp";
|
2004-03-28 12:55:20 +04:00
|
|
|
#endif
|
|
|
|
|
|
|
|
extern char *optarg;
|
|
|
|
extern struct frentry *ipfilter[2][2];
|
|
|
|
extern struct ipread snoop, etherf, tcpd, pcap, iptext, iphex;
|
|
|
|
extern struct ifnet *get_unit __P((char *, int));
|
|
|
|
extern void init_ifp __P((void));
|
|
|
|
extern ipnat_t *natparse __P((char *, int));
|
|
|
|
extern int fr_running;
|
2007-04-15 00:17:19 +04:00
|
|
|
extern hostmap_t **ipf_hm_maptable;
|
|
|
|
extern hostmap_t *ipf_hm_maplist;
|
2004-03-28 12:55:20 +04:00
|
|
|
|
|
|
|
ipfmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_stinsert;
|
|
|
|
ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock;
|
2006-04-04 20:08:18 +04:00
|
|
|
ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ip_poolrw, ipf_frcache;
|
2007-04-15 00:17:19 +04:00
|
|
|
ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth, ipf_tokens;
|
2004-03-28 12:55:20 +04:00
|
|
|
int opts = OPT_DONOTHING;
|
|
|
|
int use_inet6 = 0;
|
2006-04-04 20:08:18 +04:00
|
|
|
int docksum = 0;
|
2004-03-28 12:55:20 +04:00
|
|
|
int pfil_delayed_copy = 0;
|
|
|
|
int main __P((int, char *[]));
|
|
|
|
int loadrules __P((char *, int));
|
|
|
|
int kmemcpy __P((char *, long, int));
|
|
|
|
int kstrncpy __P((char *, long, int n));
|
|
|
|
void dumpnat __P((void));
|
|
|
|
void dumpstate __P((void));
|
|
|
|
void dumplookups __P((void));
|
|
|
|
void dumpgroups __P((void));
|
|
|
|
void drain_log __P((char *));
|
|
|
|
void fixv4sums __P((mb_t *, ip_t *));
|
|
|
|
|
|
|
|
#if defined(__NetBSD__) || defined(__OpenBSD__) || SOLARIS || \
|
|
|
|
(_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000) || \
|
|
|
|
defined(__osf__) || defined(linux)
|
|
|
|
int ipftestioctl __P((int, ioctlcmd_t, ...));
|
|
|
|
int ipnattestioctl __P((int, ioctlcmd_t, ...));
|
|
|
|
int ipstatetestioctl __P((int, ioctlcmd_t, ...));
|
|
|
|
int ipauthtestioctl __P((int, ioctlcmd_t, ...));
|
|
|
|
int ipscantestioctl __P((int, ioctlcmd_t, ...));
|
|
|
|
int ipsynctestioctl __P((int, ioctlcmd_t, ...));
|
|
|
|
int ipooltestioctl __P((int, ioctlcmd_t, ...));
|
|
|
|
#else
|
|
|
|
int ipftestioctl __P((dev_t, ioctlcmd_t, void *));
|
|
|
|
int ipnattestioctl __P((dev_t, ioctlcmd_t, void *));
|
|
|
|
int ipstatetestioctl __P((dev_t, ioctlcmd_t, void *));
|
|
|
|
int ipauthtestioctl __P((dev_t, ioctlcmd_t, void *));
|
|
|
|
int ipsynctestioctl __P((dev_t, ioctlcmd_t, void *));
|
|
|
|
int ipscantestioctl __P((dev_t, ioctlcmd_t, void *));
|
|
|
|
int ipooltestioctl __P((dev_t, ioctlcmd_t, void *));
|
|
|
|
#endif
|
|
|
|
|
|
|
|
static ioctlfunc_t iocfunctions[IPL_LOGSIZE] = { ipftestioctl,
|
|
|
|
ipnattestioctl,
|
|
|
|
ipstatetestioctl,
|
|
|
|
ipauthtestioctl,
|
|
|
|
ipsynctestioctl,
|
|
|
|
ipscantestioctl,
|
|
|
|
ipooltestioctl,
|
|
|
|
NULL };
|
|
|
|
|
|
|
|
|
|
|
|
int main(argc,argv)
|
|
|
|
int argc;
|
|
|
|
char *argv[];
|
|
|
|
{
|
|
|
|
char *datain, *iface, *ifname, *logout;
|
|
|
|
int fd, i, dir, c, loaded, dump, hlen;
|
2006-04-04 20:08:18 +04:00
|
|
|
struct in_addr sip;
|
2004-03-28 12:55:20 +04:00
|
|
|
struct ifnet *ifp;
|
|
|
|
struct ipread *r;
|
|
|
|
mb_t mb, *m;
|
|
|
|
ip_t *ip;
|
|
|
|
|
|
|
|
m = &mb;
|
|
|
|
dir = 0;
|
|
|
|
dump = 0;
|
|
|
|
hlen = 0;
|
|
|
|
loaded = 0;
|
|
|
|
r = &iptext;
|
|
|
|
iface = NULL;
|
|
|
|
logout = NULL;
|
|
|
|
datain = NULL;
|
2006-04-04 20:08:18 +04:00
|
|
|
sip.s_addr = 0;
|
|
|
|
ifname = "anon0";
|
2004-03-28 12:55:20 +04:00
|
|
|
|
|
|
|
MUTEX_INIT(&ipf_rw, "ipf rw mutex");
|
|
|
|
MUTEX_INIT(&ipf_timeoutlock, "ipf timeout lock");
|
|
|
|
RWLOCK_INIT(&ipf_global, "ipf filter load/unload mutex");
|
|
|
|
RWLOCK_INIT(&ipf_mutex, "ipf filter rwlock");
|
|
|
|
RWLOCK_INIT(&ipf_ipidfrag, "ipf IP NAT-Frag rwlock");
|
2006-04-04 20:08:18 +04:00
|
|
|
RWLOCK_INIT(&ipf_frcache, "ipf filter cache");
|
2007-04-15 00:17:19 +04:00
|
|
|
RWLOCK_INIT(&ipf_tokens, "ipf token rwlock");
|
2004-03-28 12:55:20 +04:00
|
|
|
|
|
|
|
initparse();
|
|
|
|
if (fr_initialise() == -1)
|
|
|
|
abort();
|
|
|
|
fr_running = 1;
|
|
|
|
|
2006-04-04 20:08:18 +04:00
|
|
|
while ((c = getopt(argc, argv, "6bCdDF:i:I:l:N:P:or:RS:T:vxX")) != -1)
|
2004-03-28 12:55:20 +04:00
|
|
|
switch (c)
|
|
|
|
{
|
|
|
|
case '6' :
|
|
|
|
#ifdef USE_INET6
|
|
|
|
use_inet6 = 1;
|
|
|
|
#else
|
|
|
|
fprintf(stderr, "IPv6 not supported\n");
|
|
|
|
exit(1);
|
|
|
|
#endif
|
|
|
|
break;
|
|
|
|
case 'b' :
|
|
|
|
opts |= OPT_BRIEF;
|
|
|
|
break;
|
|
|
|
case 'd' :
|
|
|
|
opts |= OPT_DEBUG;
|
|
|
|
break;
|
2006-04-04 20:08:18 +04:00
|
|
|
case 'C' :
|
|
|
|
docksum = 1;
|
|
|
|
break;
|
2004-03-28 12:55:20 +04:00
|
|
|
case 'D' :
|
|
|
|
dump = 1;
|
|
|
|
break;
|
|
|
|
case 'F' :
|
|
|
|
if (strcasecmp(optarg, "pcap") == 0)
|
|
|
|
r = &pcap;
|
|
|
|
else if (strcasecmp(optarg, "etherfind") == 0)
|
|
|
|
r = ðerf;
|
|
|
|
else if (strcasecmp(optarg, "snoop") == 0)
|
|
|
|
r = &snoop;
|
|
|
|
else if (strcasecmp(optarg, "tcpdump") == 0)
|
|
|
|
r = &tcpd;
|
|
|
|
else if (strcasecmp(optarg, "hex") == 0)
|
|
|
|
r = &iphex;
|
|
|
|
else if (strcasecmp(optarg, "text") == 0)
|
|
|
|
r = &iptext;
|
|
|
|
break;
|
|
|
|
case 'i' :
|
|
|
|
datain = optarg;
|
|
|
|
break;
|
|
|
|
case 'I' :
|
|
|
|
ifname = optarg;
|
|
|
|
break;
|
|
|
|
case 'l' :
|
|
|
|
logout = optarg;
|
|
|
|
break;
|
|
|
|
case 'N' :
|
|
|
|
if (ipnat_parsefile(-1, ipnat_addrule, ipnattestioctl,
|
|
|
|
optarg) == -1)
|
|
|
|
return -1;
|
|
|
|
loaded = 1;
|
|
|
|
opts |= OPT_NAT;
|
|
|
|
break;
|
2006-04-04 20:08:18 +04:00
|
|
|
case 'o' :
|
|
|
|
opts |= OPT_SAVEOUT;
|
|
|
|
break;
|
2004-03-28 12:55:20 +04:00
|
|
|
case 'P' :
|
|
|
|
if (ippool_parsefile(-1, optarg, ipooltestioctl) == -1)
|
|
|
|
return -1;
|
|
|
|
loaded = 1;
|
|
|
|
break;
|
2006-04-04 20:08:18 +04:00
|
|
|
case 'r' :
|
|
|
|
if (ipf_parsefile(-1, ipf_addrule, iocfunctions,
|
|
|
|
optarg) == -1)
|
|
|
|
return -1;
|
|
|
|
loaded = 1;
|
|
|
|
break;
|
|
|
|
case 'S' :
|
|
|
|
sip.s_addr = inet_addr(optarg);
|
|
|
|
break;
|
|
|
|
case 'R' :
|
|
|
|
opts |= OPT_NORESOLVE;
|
|
|
|
break;
|
2004-03-28 12:55:20 +04:00
|
|
|
case 'T' :
|
|
|
|
ipf_dotuning(-1, optarg, ipftestioctl);
|
|
|
|
break;
|
2006-04-04 20:08:18 +04:00
|
|
|
case 'v' :
|
|
|
|
opts |= OPT_VERBOSE;
|
|
|
|
break;
|
2004-03-28 12:55:20 +04:00
|
|
|
case 'x' :
|
|
|
|
opts |= OPT_HEX;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (loaded == 0) {
|
|
|
|
(void)fprintf(stderr,"no rules loaded\n");
|
|
|
|
exit(-1);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (opts & OPT_SAVEOUT)
|
|
|
|
init_ifp();
|
|
|
|
|
|
|
|
if (datain)
|
|
|
|
fd = (*r->r_open)(datain);
|
|
|
|
else
|
|
|
|
fd = (*r->r_open)("-");
|
|
|
|
|
|
|
|
if (fd < 0)
|
|
|
|
exit(-1);
|
|
|
|
|
|
|
|
ip = MTOD(m, ip_t *);
|
|
|
|
while ((i = (*r->r_readip)(MTOD(m, char *), sizeof(m->mb_buf),
|
|
|
|
&iface, &dir)) > 0) {
|
2006-04-04 20:08:18 +04:00
|
|
|
if ((iface == NULL) || (*iface == '\0'))
|
2004-03-28 12:55:20 +04:00
|
|
|
iface = ifname;
|
|
|
|
ifp = get_unit(iface, IP_V(ip));
|
|
|
|
if (!use_inet6) {
|
|
|
|
ip->ip_off = ntohs(ip->ip_off);
|
|
|
|
ip->ip_len = ntohs(ip->ip_len);
|
2006-04-04 20:08:18 +04:00
|
|
|
if ((r->r_flags & R_DO_CKSUM) || docksum)
|
2004-03-28 12:55:20 +04:00
|
|
|
fixv4sums(m, ip);
|
|
|
|
hlen = IP_HL(ip) << 2;
|
2006-04-04 20:08:18 +04:00
|
|
|
if (sip.s_addr)
|
|
|
|
dir = !(sip.s_addr == ip->ip_src.s_addr);
|
2004-03-28 12:55:20 +04:00
|
|
|
}
|
|
|
|
#ifdef USE_INET6
|
|
|
|
else
|
|
|
|
hlen = sizeof(ip6_t);
|
|
|
|
#endif
|
|
|
|
/* ipfr_slowtimer(); */
|
|
|
|
m = &mb;
|
|
|
|
m->mb_len = i;
|
|
|
|
i = fr_check(ip, hlen, ifp, dir, &m);
|
|
|
|
if ((opts & OPT_NAT) == 0)
|
|
|
|
switch (i)
|
|
|
|
{
|
|
|
|
case -4 :
|
|
|
|
(void)printf("preauth");
|
|
|
|
break;
|
|
|
|
case -3 :
|
|
|
|
(void)printf("account");
|
|
|
|
break;
|
|
|
|
case -2 :
|
|
|
|
(void)printf("auth");
|
|
|
|
break;
|
|
|
|
case -1 :
|
|
|
|
(void)printf("block");
|
|
|
|
break;
|
|
|
|
case 0 :
|
|
|
|
(void)printf("pass");
|
|
|
|
break;
|
|
|
|
case 1 :
|
2007-04-15 00:17:19 +04:00
|
|
|
if (m == NULL)
|
|
|
|
(void)printf("bad-packet");
|
|
|
|
else
|
|
|
|
(void)printf("nomatch");
|
2004-03-28 12:55:20 +04:00
|
|
|
break;
|
|
|
|
case 3 :
|
|
|
|
(void)printf("block return-rst");
|
|
|
|
break;
|
|
|
|
case 4 :
|
|
|
|
(void)printf("block return-icmp");
|
|
|
|
break;
|
|
|
|
case 5 :
|
|
|
|
(void)printf("block return-icmp-as-dest");
|
|
|
|
break;
|
|
|
|
default :
|
|
|
|
(void)printf("recognised return %#x\n", i);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (!use_inet6) {
|
|
|
|
ip->ip_off = htons(ip->ip_off);
|
|
|
|
ip->ip_len = htons(ip->ip_len);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!(opts & OPT_BRIEF)) {
|
|
|
|
putchar(' ');
|
|
|
|
printpacket(ip);
|
|
|
|
printf("--------------");
|
|
|
|
} else if ((opts & (OPT_BRIEF|OPT_NAT)) == (OPT_NAT|OPT_BRIEF))
|
|
|
|
printpacket(ip);
|
|
|
|
if (dir && (ifp != NULL) && IP_V(ip) && (m != NULL))
|
|
|
|
#if defined(__sgi) && (IRIX < 60500)
|
|
|
|
(*ifp->if_output)(ifp, (void *)m, NULL);
|
|
|
|
#else
|
|
|
|
# if TRU64 >= 1885
|
|
|
|
(*ifp->if_output)(ifp, (void *)m, NULL, 0, 0);
|
|
|
|
# else
|
|
|
|
(*ifp->if_output)(ifp, (void *)m, NULL, 0);
|
|
|
|
# endif
|
|
|
|
#endif
|
|
|
|
if ((opts & (OPT_BRIEF|OPT_NAT)) != (OPT_NAT|OPT_BRIEF))
|
|
|
|
putchar('\n');
|
|
|
|
dir = 0;
|
|
|
|
if (iface != ifname) {
|
|
|
|
free(iface);
|
|
|
|
iface = ifname;
|
|
|
|
}
|
|
|
|
m = &mb;
|
|
|
|
}
|
2006-04-04 20:08:18 +04:00
|
|
|
|
|
|
|
if (i != 0)
|
|
|
|
fprintf(stderr, "readip failed: %d\n", i);
|
2004-03-28 12:55:20 +04:00
|
|
|
(*r->r_close)();
|
|
|
|
|
|
|
|
if (logout != NULL) {
|
|
|
|
drain_log(logout);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (dump == 1) {
|
|
|
|
dumpnat();
|
|
|
|
dumpstate();
|
|
|
|
dumplookups();
|
|
|
|
dumpgroups();
|
|
|
|
}
|
|
|
|
|
|
|
|
fr_deinitialise();
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#if defined(__NetBSD__) || defined(__OpenBSD__) || SOLARIS || \
|
|
|
|
(_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000) || \
|
|
|
|
defined(__osf__) || defined(linux)
|
|
|
|
int ipftestioctl(int dev, ioctlcmd_t cmd, ...)
|
|
|
|
{
|
|
|
|
caddr_t data;
|
|
|
|
va_list ap;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
va_start(ap, cmd);
|
|
|
|
data = va_arg(ap, caddr_t);
|
|
|
|
va_end(ap);
|
|
|
|
|
|
|
|
i = iplioctl(IPL_LOGIPF, cmd, data, FWRITE|FREAD);
|
|
|
|
if (opts & OPT_DEBUG)
|
|
|
|
fprintf(stderr, "iplioctl(IPF,%#x,%p) = %d\n",
|
|
|
|
(u_int)cmd, data, i);
|
|
|
|
if (i != 0) {
|
|
|
|
errno = i;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int ipnattestioctl(int dev, ioctlcmd_t cmd, ...)
|
|
|
|
{
|
|
|
|
caddr_t data;
|
|
|
|
va_list ap;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
va_start(ap, cmd);
|
|
|
|
data = va_arg(ap, caddr_t);
|
|
|
|
va_end(ap);
|
|
|
|
|
|
|
|
i = iplioctl(IPL_LOGNAT, cmd, data, FWRITE|FREAD);
|
|
|
|
if (opts & OPT_DEBUG)
|
|
|
|
fprintf(stderr, "iplioctl(NAT,%#x,%p) = %d\n",
|
|
|
|
(u_int)cmd, data, i);
|
|
|
|
if (i != 0) {
|
|
|
|
errno = i;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int ipstatetestioctl(int dev, ioctlcmd_t cmd, ...)
|
|
|
|
{
|
|
|
|
caddr_t data;
|
|
|
|
va_list ap;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
va_start(ap, cmd);
|
|
|
|
data = va_arg(ap, caddr_t);
|
|
|
|
va_end(ap);
|
|
|
|
|
|
|
|
i = iplioctl(IPL_LOGSTATE, cmd, data, FWRITE|FREAD);
|
|
|
|
if ((opts & OPT_DEBUG) || (i != 0))
|
|
|
|
fprintf(stderr, "iplioctl(STATE,%#x,%p) = %d\n",
|
|
|
|
(u_int)cmd, data, i);
|
|
|
|
if (i != 0) {
|
|
|
|
errno = i;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int ipauthtestioctl(int dev, ioctlcmd_t cmd, ...)
|
|
|
|
{
|
|
|
|
caddr_t data;
|
|
|
|
va_list ap;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
va_start(ap, cmd);
|
|
|
|
data = va_arg(ap, caddr_t);
|
|
|
|
va_end(ap);
|
|
|
|
|
|
|
|
i = iplioctl(IPL_LOGAUTH, cmd, data, FWRITE|FREAD);
|
|
|
|
if ((opts & OPT_DEBUG) || (i != 0))
|
|
|
|
fprintf(stderr, "iplioctl(AUTH,%#x,%p) = %d\n",
|
|
|
|
(u_int)cmd, data, i);
|
|
|
|
if (i != 0) {
|
|
|
|
errno = i;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int ipscantestioctl(int dev, ioctlcmd_t cmd, ...)
|
|
|
|
{
|
|
|
|
caddr_t data;
|
|
|
|
va_list ap;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
va_start(ap, cmd);
|
|
|
|
data = va_arg(ap, caddr_t);
|
|
|
|
va_end(ap);
|
|
|
|
|
|
|
|
i = iplioctl(IPL_LOGSCAN, cmd, data, FWRITE|FREAD);
|
|
|
|
if ((opts & OPT_DEBUG) || (i != 0))
|
|
|
|
fprintf(stderr, "iplioctl(SCAN,%#x,%p) = %d\n",
|
|
|
|
(u_int)cmd, data, i);
|
|
|
|
if (i != 0) {
|
|
|
|
errno = i;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int ipsynctestioctl(int dev, ioctlcmd_t cmd, ...)
|
|
|
|
{
|
|
|
|
caddr_t data;
|
|
|
|
va_list ap;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
va_start(ap, cmd);
|
|
|
|
data = va_arg(ap, caddr_t);
|
|
|
|
va_end(ap);
|
|
|
|
|
|
|
|
i = iplioctl(IPL_LOGSYNC, cmd, data, FWRITE|FREAD);
|
|
|
|
if ((opts & OPT_DEBUG) || (i != 0))
|
|
|
|
fprintf(stderr, "iplioctl(SYNC,%#x,%p) = %d\n",
|
|
|
|
(u_int)cmd, data, i);
|
|
|
|
if (i != 0) {
|
|
|
|
errno = i;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int ipooltestioctl(int dev, ioctlcmd_t cmd, ...)
|
|
|
|
{
|
|
|
|
caddr_t data;
|
|
|
|
va_list ap;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
va_start(ap, cmd);
|
|
|
|
data = va_arg(ap, caddr_t);
|
|
|
|
va_end(ap);
|
|
|
|
|
|
|
|
i = iplioctl(IPL_LOGLOOKUP, cmd, data, FWRITE|FREAD);
|
|
|
|
if ((opts & OPT_DEBUG) || (i != 0))
|
|
|
|
fprintf(stderr, "iplioctl(POOL,%#x,%p) = %d\n",
|
|
|
|
(u_int)cmd, data, i);
|
|
|
|
if (i != 0) {
|
|
|
|
errno = i;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
int ipftestioctl(dev, cmd, data)
|
|
|
|
dev_t dev;
|
|
|
|
ioctlcmd_t cmd;
|
|
|
|
void *data;
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
i = iplioctl(IPL_LOGIPF, cmd, data, FWRITE|FREAD);
|
|
|
|
if ((opts & OPT_DEBUG) || (i != 0))
|
|
|
|
fprintf(stderr, "iplioctl(IPF,%#x,%p) = %d\n", cmd, data, i);
|
|
|
|
if (i != 0) {
|
|
|
|
errno = i;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int ipnattestioctl(dev, cmd, data)
|
|
|
|
dev_t dev;
|
|
|
|
ioctlcmd_t cmd;
|
|
|
|
void *data;
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
i = iplioctl(IPL_LOGNAT, cmd, data, FWRITE|FREAD);
|
|
|
|
if ((opts & OPT_DEBUG) || (i != 0))
|
|
|
|
fprintf(stderr, "iplioctl(NAT,%#x,%p) = %d\n", cmd, data, i);
|
|
|
|
if (i != 0) {
|
|
|
|
errno = i;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int ipstatetestioctl(dev, cmd, data)
|
|
|
|
dev_t dev;
|
|
|
|
ioctlcmd_t cmd;
|
|
|
|
void *data;
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
i = iplioctl(IPL_LOGSTATE, cmd, data, FWRITE|FREAD);
|
|
|
|
if ((opts & OPT_DEBUG) || (i != 0))
|
|
|
|
fprintf(stderr, "iplioctl(STATE,%#x,%p) = %d\n", cmd, data, i);
|
|
|
|
if (i != 0) {
|
|
|
|
errno = i;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int ipauthtestioctl(dev, cmd, data)
|
|
|
|
dev_t dev;
|
|
|
|
ioctlcmd_t cmd;
|
|
|
|
void *data;
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
i = iplioctl(IPL_LOGAUTH, cmd, data, FWRITE|FREAD);
|
|
|
|
if ((opts & OPT_DEBUG) || (i != 0))
|
|
|
|
fprintf(stderr, "iplioctl(AUTH,%#x,%p) = %d\n", cmd, data, i);
|
|
|
|
if (i != 0) {
|
|
|
|
errno = i;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int ipsynctestioctl(dev, cmd, data)
|
|
|
|
dev_t dev;
|
|
|
|
ioctlcmd_t cmd;
|
|
|
|
void *data;
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
i = iplioctl(IPL_LOGSYNC, cmd, data, FWRITE|FREAD);
|
|
|
|
if ((opts & OPT_DEBUG) || (i != 0))
|
|
|
|
fprintf(stderr, "iplioctl(SYNC,%#x,%p) = %d\n", cmd, data, i);
|
|
|
|
if (i != 0) {
|
|
|
|
errno = i;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int ipscantestioctl(dev, cmd, data)
|
|
|
|
dev_t dev;
|
|
|
|
ioctlcmd_t cmd;
|
|
|
|
void *data;
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
i = iplioctl(IPL_LOGSCAN, cmd, data, FWRITE|FREAD);
|
|
|
|
if ((opts & OPT_DEBUG) || (i != 0))
|
|
|
|
fprintf(stderr, "iplioctl(SCAN,%#x,%p) = %d\n", cmd, data, i);
|
|
|
|
if (i != 0) {
|
|
|
|
errno = i;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int ipooltestioctl(dev, cmd, data)
|
|
|
|
dev_t dev;
|
|
|
|
ioctlcmd_t cmd;
|
|
|
|
void *data;
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
i = iplioctl(IPL_LOGLOOKUP, cmd, data, FWRITE|FREAD);
|
|
|
|
if (opts & OPT_DEBUG)
|
|
|
|
fprintf(stderr, "iplioctl(POOL,%#x,%p) = %d\n", cmd, data, i);
|
|
|
|
if (i != 0) {
|
|
|
|
errno = i;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
|
int kmemcpy(addr, offset, size)
|
|
|
|
char *addr;
|
|
|
|
long offset;
|
|
|
|
int size;
|
|
|
|
{
|
|
|
|
bcopy((char *)offset, addr, size);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int kstrncpy(buf, pos, n)
|
|
|
|
char *buf;
|
|
|
|
long pos;
|
|
|
|
int n;
|
|
|
|
{
|
|
|
|
char *ptr;
|
|
|
|
|
|
|
|
ptr = (char *)pos;
|
|
|
|
|
|
|
|
while ((n > 0) && (*buf++ = *ptr++))
|
|
|
|
;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Display the built up NAT table rules and mapping entries.
|
|
|
|
*/
|
|
|
|
void dumpnat()
|
|
|
|
{
|
2006-04-04 20:08:18 +04:00
|
|
|
hostmap_t *hm;
|
2007-04-15 00:17:19 +04:00
|
|
|
ipnat_t *ipn;
|
|
|
|
nat_t *nat;
|
2004-03-28 12:55:20 +04:00
|
|
|
|
|
|
|
printf("List of active MAP/Redirect filters:\n");
|
|
|
|
for (ipn = nat_list; ipn != NULL; ipn = ipn->in_next)
|
|
|
|
printnat(ipn, opts & (OPT_DEBUG|OPT_VERBOSE));
|
|
|
|
printf("\nList of active sessions:\n");
|
2004-07-23 09:33:55 +04:00
|
|
|
for (nat = nat_instances; nat; nat = nat->nat_next) {
|
2007-04-15 00:17:19 +04:00
|
|
|
printactivenat(nat, opts, 0, 0);
|
2004-07-23 09:33:55 +04:00
|
|
|
if (nat->nat_aps)
|
|
|
|
printaps(nat->nat_aps, opts);
|
|
|
|
}
|
2006-04-04 20:08:18 +04:00
|
|
|
|
|
|
|
printf("\nHostmap table:\n");
|
2007-04-15 00:17:19 +04:00
|
|
|
for (hm = ipf_hm_maplist; hm != NULL; hm = hm->hm_next)
|
|
|
|
printhostmap(hm, 0);
|
2004-03-28 12:55:20 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Display the built up state table rules and mapping entries.
|
|
|
|
*/
|
|
|
|
void dumpstate()
|
|
|
|
{
|
|
|
|
ipstate_t *ips;
|
|
|
|
|
|
|
|
printf("List of active state sessions:\n");
|
|
|
|
for (ips = ips_list; ips != NULL; )
|
|
|
|
ips = printstate(ips, opts & (OPT_DEBUG|OPT_VERBOSE),
|
|
|
|
fr_ticks);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void dumplookups()
|
|
|
|
{
|
|
|
|
iphtable_t *iph;
|
|
|
|
ip_pool_t *ipl;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
printf("List of configured pools\n");
|
|
|
|
for (i = 0; i < IPL_LOGSIZE; i++)
|
|
|
|
for (ipl = ip_pool_list[i]; ipl != NULL; ipl = ipl->ipo_next)
|
2005-02-20 00:26:02 +03:00
|
|
|
printpool(ipl, bcopywrap, NULL, opts);
|
2004-03-28 12:55:20 +04:00
|
|
|
|
|
|
|
printf("List of configured hash tables\n");
|
|
|
|
for (i = 0; i < IPL_LOGSIZE; i++)
|
|
|
|
for (iph = ipf_htables[i]; iph != NULL; iph = iph->iph_next)
|
2005-02-20 00:26:02 +03:00
|
|
|
printhash(iph, bcopywrap, NULL, opts);
|
2004-03-28 12:55:20 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void dumpgroups()
|
|
|
|
{
|
|
|
|
frgroup_t *fg;
|
|
|
|
frentry_t *fr;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
printf("List of groups configured (set 0)\n");
|
|
|
|
for (i = 0; i < IPL_LOGSIZE; i++)
|
|
|
|
for (fg = ipfgroups[i][0]; fg != NULL; fg = fg->fg_next) {
|
|
|
|
printf("Dev.%d. Group %s Ref %d Flags %#x\n",
|
|
|
|
i, fg->fg_name, fg->fg_ref, fg->fg_flags);
|
|
|
|
for (fr = fg->fg_start; fr != NULL; fr = fr->fr_next) {
|
|
|
|
#ifdef USE_QUAD_T
|
|
|
|
printf("%qu ",(unsigned long long)fr->fr_hits);
|
|
|
|
#else
|
|
|
|
printf("%ld ", fr->fr_hits);
|
|
|
|
#endif
|
|
|
|
printfr(fr, ipftestioctl);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
printf("List of groups configured (set 1)\n");
|
|
|
|
for (i = 0; i < IPL_LOGSIZE; i++)
|
|
|
|
for (fg = ipfgroups[i][1]; fg != NULL; fg = fg->fg_next) {
|
|
|
|
printf("Dev.%d. Group %s Ref %d Flags %#x\n",
|
|
|
|
i, fg->fg_name, fg->fg_ref, fg->fg_flags);
|
|
|
|
for (fr = fg->fg_start; fr != NULL; fr = fr->fr_next) {
|
|
|
|
#ifdef USE_QUAD_T
|
|
|
|
printf("%qu ",(unsigned long long)fr->fr_hits);
|
|
|
|
#else
|
|
|
|
printf("%ld ", fr->fr_hits);
|
|
|
|
#endif
|
|
|
|
printfr(fr, ipftestioctl);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void drain_log(filename)
|
|
|
|
char *filename;
|
|
|
|
{
|
|
|
|
char buffer[DEFAULT_IPFLOGSIZE];
|
|
|
|
struct iovec iov;
|
|
|
|
struct uio uio;
|
|
|
|
size_t resid;
|
|
|
|
int fd, i;
|
|
|
|
|
|
|
|
fd = open(filename, O_CREAT|O_TRUNC|O_WRONLY, 0644);
|
|
|
|
if (fd == -1) {
|
|
|
|
perror("drain_log:open");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (i = 0; i <= IPL_LOGMAX; i++)
|
|
|
|
while (1) {
|
|
|
|
bzero((char *)&iov, sizeof(iov));
|
|
|
|
iov.iov_base = buffer;
|
|
|
|
iov.iov_len = sizeof(buffer);
|
|
|
|
|
|
|
|
bzero((char *)&uio, sizeof(uio));
|
|
|
|
uio.uio_iov = &iov;
|
|
|
|
uio.uio_iovcnt = 1;
|
|
|
|
uio.uio_resid = iov.iov_len;
|
|
|
|
resid = uio.uio_resid;
|
|
|
|
|
|
|
|
if (ipflog_read(i, &uio) == 0) {
|
|
|
|
/*
|
|
|
|
* If nothing was read then break out.
|
|
|
|
*/
|
|
|
|
if (uio.uio_resid == resid)
|
|
|
|
break;
|
|
|
|
write(fd, buffer, resid - uio.uio_resid);
|
|
|
|
} else
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
close(fd);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void fixv4sums(m, ip)
|
|
|
|
mb_t *m;
|
|
|
|
ip_t *ip;
|
|
|
|
{
|
|
|
|
u_char *csump, *hdr;
|
|
|
|
|
|
|
|
ip->ip_sum = 0;
|
|
|
|
ip->ip_sum = ipf_cksum((u_short *)ip, IP_HL(ip) << 2);
|
|
|
|
|
|
|
|
csump = (u_char *)ip;
|
|
|
|
csump += IP_HL(ip) << 2;
|
|
|
|
|
|
|
|
switch (ip->ip_p)
|
|
|
|
{
|
|
|
|
case IPPROTO_TCP :
|
|
|
|
hdr = csump;
|
|
|
|
csump += offsetof(tcphdr_t, th_sum);
|
|
|
|
break;
|
|
|
|
case IPPROTO_UDP :
|
|
|
|
hdr = csump;
|
|
|
|
csump += offsetof(udphdr_t, uh_sum);
|
|
|
|
break;
|
2006-04-04 20:08:18 +04:00
|
|
|
case IPPROTO_ICMP :
|
|
|
|
hdr = csump;
|
|
|
|
csump += offsetof(icmphdr_t, icmp_cksum);
|
|
|
|
break;
|
2004-03-28 12:55:20 +04:00
|
|
|
default :
|
|
|
|
csump = NULL;
|
|
|
|
hdr = NULL;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (hdr != NULL) {
|
|
|
|
*csump = 0;
|
2006-04-04 20:08:18 +04:00
|
|
|
*(u_short *)csump = fr_cksum(m, ip, ip->ip_p, hdr, ip->ip_len);
|
2004-03-28 12:55:20 +04:00
|
|
|
}
|
|
|
|
}
|