1 /* $NetBSD: ipftest.c,v 1.5 2022/06/10 06:06:00 martin Exp $ */
2
3 /*
4 * Copyright (C) 2012 by Darren Reed.
5 *
6 * See the IPFILTER.LICENCE file for details on licencing.
7 */
8 #include "ipf.h"
9 #include "ipt.h"
10 #include <sys/ioctl.h>
11 #include <sys/file.h>
12
13 #if !defined(lint)
14 static __attribute__((__used__)) const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed";
15 static __attribute__((__used__)) const char rcsid[] = "@(#)Id: ipftest.c,v 1.1.1.2 2012/07/22 13:44:55 darrenr Exp";
16 #endif
17
18 extern char *optarg;
19 extern struct ipread pcap, iptext, iphex;
20 extern struct ifnet *get_unit __P((char *, int));
21 extern void init_ifp __P((void));
22 extern ipnat_t *natparse __P((char *, int));
23 extern hostmap_t **ipf_hm_maptable;
24 extern hostmap_t *ipf_hm_maplist;
25
26 ipfmutex_t ipl_mutex, ipf_auth_mx, ipf_rw, ipf_stinsert;
27 ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock;
28 ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ip_poolrw, ipf_frcache;
29 ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_authlk;
30 ipfrwlock_t ipf_tokens;
31 int opts = OPT_DONTOPEN;
32 int use_inet6 = 0;
33 int docksum = 0;
34 int pfil_delayed_copy = 0;
35 int main __P((int, char *[]));
36 int loadrules __P((char *, int));
37 int kmemcpy __P((char *, long, int));
38 int kstrncpy __P((char *, long, int n));
39 int blockreason;
40 void dumpnat __P((void *));
41 void dumpgroups __P((ipf_main_softc_t *));
42 void dumprules __P((frentry_t *));
43 void drain_log __P((char *));
44 void fixv4sums __P((mb_t *, ip_t *));
45
46 #if defined(__NetBSD__) || defined(__OpenBSD__) || SOLARIS || \
47 (_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000) || \
48 defined(__osf__) || defined(linux)
49 int ipftestioctl __P((int, ioctlcmd_t, ...));
50 int ipnattestioctl __P((int, ioctlcmd_t, ...));
51 int ipstatetestioctl __P((int, ioctlcmd_t, ...));
52 int ipauthtestioctl __P((int, ioctlcmd_t, ...));
53 int ipscantestioctl __P((int, ioctlcmd_t, ...));
54 int ipsynctestioctl __P((int, ioctlcmd_t, ...));
55 int ipooltestioctl __P((int, ioctlcmd_t, ...));
56 #else
57 int ipftestioctl __P((dev_t, ioctlcmd_t, void *));
58 int ipnattestioctl __P((dev_t, ioctlcmd_t, void *));
59 int ipstatetestioctl __P((dev_t, ioctlcmd_t, void *));
60 int ipauthtestioctl __P((dev_t, ioctlcmd_t, void *));
61 int ipsynctestioctl __P((dev_t, ioctlcmd_t, void *));
62 int ipscantestioctl __P((dev_t, ioctlcmd_t, void *));
63 int ipooltestioctl __P((dev_t, ioctlcmd_t, void *));
64 #endif
65
66 static ioctlfunc_t iocfunctions[IPL_LOGSIZE] = { ipftestioctl,
67 ipnattestioctl,
68 ipstatetestioctl,
69 ipauthtestioctl,
70 ipsynctestioctl,
71 ipscantestioctl,
72 ipooltestioctl,
73 NULL };
74 static ipf_main_softc_t *softc = NULL;
75
76
77 int
main(argc,argv)78 main(argc,argv)
79 int argc;
80 char *argv[];
81 {
82 char *datain, *iface, *ifname, *logout;
83 int fd, i, dir, c, loaded, dump, hlen;
84 struct in_addr sip;
85 struct ifnet *ifp;
86 struct ipread *r;
87 mb_t mb, *m, *n;
88 ip_t *ip;
89
90 m = &mb;
91 memset(m, 0, sizeof(*m));
92 dir = 0;
93 dump = 0;
94 hlen = 0;
95 loaded = 0;
96 r = &iptext;
97 iface = NULL;
98 logout = NULL;
99 datain = NULL;
100 sip.s_addr = 0;
101 ifname = "anon0";
102
103 initparse();
104
105 ipf_load_all();
106
107 softc = ipf_create_all(NULL);
108 if (softc == NULL)
109 exit(1);
110
111 if (ipf_init_all(softc) == -1)
112 exit(1);
113
114 i = 1;
115 if (ipftestioctl(IPL_LOGIPF, SIOCFRENB, &i) != 0)
116 exit(1);
117
118 while ((c = getopt(argc, argv, "6bCdDF:i:I:l:N:P:or:RS:T:vxX")) != -1)
119 switch (c)
120 {
121 case '6' :
122 #ifdef USE_INET6
123 use_inet6 = 1;
124 #else
125 fprintf(stderr, "IPv6 not supported\n");
126 exit(1);
127 #endif
128 break;
129 case 'b' :
130 opts |= OPT_BRIEF;
131 break;
132 case 'd' :
133 opts |= OPT_DEBUG;
134 break;
135 case 'C' :
136 docksum = 1;
137 break;
138 case 'D' :
139 dump = 1;
140 break;
141 case 'F' :
142 if (strcasecmp(optarg, "pcap") == 0)
143 r = &pcap;
144 else if (strcasecmp(optarg, "hex") == 0)
145 r = &iphex;
146 else if (strcasecmp(optarg, "text") == 0)
147 r = &iptext;
148 break;
149 case 'i' :
150 datain = optarg;
151 break;
152 case 'I' :
153 ifname = optarg;
154 break;
155 case 'l' :
156 logout = optarg;
157 break;
158 case 'N' :
159 if (ipnat_parsefile(-1, ipnat_addrule, ipnattestioctl,
160 optarg) == -1)
161 return -1;
162 loaded = 1;
163 opts |= OPT_NAT;
164 break;
165 case 'o' :
166 opts |= OPT_SAVEOUT;
167 break;
168 case 'P' :
169 if (ippool_parsefile(-1, optarg, ipooltestioctl) == -1)
170 return -1;
171 loaded = 1;
172 break;
173 case 'r' :
174 if (ipf_parsefile(-1, ipf_addrule, iocfunctions,
175 optarg) == -1)
176 return -1;
177 loaded = 1;
178 break;
179 case 'S' :
180 sip.s_addr = inet_addr(optarg);
181 break;
182 case 'R' :
183 opts |= OPT_NORESOLVE;
184 break;
185 case 'T' :
186 ipf_dotuning(-1, optarg, ipftestioctl);
187 break;
188 case 'v' :
189 opts |= OPT_VERBOSE;
190 break;
191 case 'x' :
192 opts |= OPT_HEX;
193 break;
194 }
195
196 if (loaded == 0) {
197 (void)fprintf(stderr,"no rules loaded\n");
198 exit(-1);
199 }
200
201 if (opts & OPT_SAVEOUT)
202 init_ifp();
203
204 if (datain)
205 fd = (*r->r_open)(datain);
206 else
207 fd = (*r->r_open)("-");
208
209 if (fd < 0) {
210 perror("error opening input");
211 exit(-1);
212 }
213
214 m->m_data = (char *)m->mb_buf;
215 while ((i = (*r->r_readip)(m, &iface, &dir)) > 0) {
216
217 if ((iface == NULL) || (*iface == '\0'))
218 iface = ifname;
219
220 ip = MTOD(m, ip_t *);
221 ifp = get_unit(iface, IP_V(ip));
222
223 if (IP_V(ip) == 4) {
224 if ((r->r_flags & R_DO_CKSUM) || docksum)
225 fixv4sums(m, ip);
226 hlen = IP_HL(ip) << 2;
227 if (sip.s_addr)
228 dir = !(sip.s_addr == ip->ip_src.s_addr);
229 }
230 #ifdef USE_INET6
231 else
232 hlen = sizeof(ip6_t);
233 #endif
234 /* ipfr_slowtimer(); */
235 blockreason = 0;
236 m = &mb;
237 m->mb_ifp = ifp;
238 m->mb_len = i;
239 i = ipf_check(softc, ip, hlen, ifp, dir, &m);
240 if ((opts & OPT_NAT) == 0)
241 switch (i)
242 {
243 case -4 :
244 (void)printf("preauth");
245 break;
246 case -3 :
247 (void)printf("account");
248 break;
249 case -2 :
250 (void)printf("auth");
251 break;
252 case -1 :
253 (void)printf("block");
254 break;
255 case 0 :
256 (void)printf("pass");
257 break;
258 case 1 :
259 if (m == NULL)
260 (void)printf("bad-packet");
261 else
262 (void)printf("nomatch");
263 break;
264 case 3 :
265 (void)printf("block return-rst");
266 break;
267 case 4 :
268 (void)printf("block return-icmp");
269 break;
270 case 5 :
271 (void)printf("block return-icmp-as-dest");
272 break;
273 default :
274 (void)printf("recognised return %#x\n", i);
275 break;
276 }
277
278 if (!(opts & OPT_BRIEF)) {
279 putchar(' ');
280 if (m != NULL)
281 printpacket(dir, m);
282 else
283 printpacket(dir, &mb);
284 printf("--------------");
285 } else if ((opts & (OPT_BRIEF|OPT_NAT)) ==
286 (OPT_NAT|OPT_BRIEF)) {
287 if (m != NULL)
288 printpacket(dir, m);
289 else
290 PRINTF("%d\n", blockreason);
291 }
292
293 ipf_state_flush(softc, 1, 0);
294
295 if (dir && (ifp != NULL) && IP_V(ip) && (m != NULL))
296 #if defined(__sgi) && (IRIX < 60500)
297 (*ifp->if_output)(ifp, (void *)m, NULL);
298 #else
299 # if TRU64 >= 1885
300 (*ifp->if_output)(ifp, (void *)m, NULL, 0, 0);
301 # else
302 (*ifp->if_output)(ifp, (void *)m, NULL, 0);
303 # endif
304 #endif
305
306 while ((m != NULL) && (m != &mb)) {
307 n = m->mb_next;
308 freembt(m);
309 m = n;
310 }
311
312 if ((opts & (OPT_BRIEF|OPT_NAT)) != (OPT_NAT|OPT_BRIEF))
313 putchar('\n');
314 dir = 0;
315 if (iface != ifname) {
316 free(iface);
317 iface = ifname;
318 }
319 m = &mb;
320 m->mb_data = (char *)m->mb_buf;
321 }
322
323 if (i != 0)
324 fprintf(stderr, "readip failed: %d\n", i);
325 (*r->r_close)();
326
327 if (logout != NULL) {
328 drain_log(logout);
329 }
330
331 if (dump == 1) {
332 dumpnat(softc->ipf_nat_soft);
333 ipf_state_dump(softc, softc->ipf_state_soft);
334 ipf_lookup_dump(softc, softc->ipf_state_soft);
335 dumpgroups(softc);
336 }
337
338 ipf_fini_all(softc);
339
340 ipf_destroy_all(softc);
341
342 ipf_unload_all();
343
344 ipf_mutex_clean();
345 ipf_rwlock_clean();
346
347 if (getenv("FINDLEAKS")) {
348 fflush(stdout);
349 abort();
350 }
351 return 0;
352 }
353
354
355 #if defined(__NetBSD__) || defined(__OpenBSD__) || SOLARIS || \
356 (_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000) || \
357 defined(__osf__) || defined(linux)
ipftestioctl(int dev,ioctlcmd_t cmd,...)358 int ipftestioctl(int dev, ioctlcmd_t cmd, ...)
359 {
360 caddr_t data;
361 va_list ap;
362 int i;
363
364 dev = dev; /* gcc -Wextra */
365 va_start(ap, cmd);
366 data = va_arg(ap, caddr_t);
367 va_end(ap);
368
369 i = ipfioctl(softc, IPL_LOGIPF, cmd, data, FWRITE|FREAD);
370 if (opts & OPT_DEBUG)
371 fprintf(stderr, "ipfioctl(IPF,%#x,%p) = %d (%d)\n",
372 (u_int)cmd, data, i, softc->ipf_interror);
373 if (i != 0) {
374 errno = i;
375 return -1;
376 }
377 return 0;
378 }
379
380
ipnattestioctl(int dev,ioctlcmd_t cmd,...)381 int ipnattestioctl(int dev, ioctlcmd_t cmd, ...)
382 {
383 caddr_t data;
384 va_list ap;
385 int i;
386
387 dev = dev; /* gcc -Wextra */
388 va_start(ap, cmd);
389 data = va_arg(ap, caddr_t);
390 va_end(ap);
391
392 i = ipfioctl(softc, IPL_LOGNAT, cmd, data, FWRITE|FREAD);
393 if (opts & OPT_DEBUG)
394 fprintf(stderr, "ipfioctl(NAT,%#x,%p) = %d\n",
395 (u_int)cmd, data, i);
396 if (i != 0) {
397 errno = i;
398 return -1;
399 }
400 return 0;
401 }
402
403
ipstatetestioctl(int dev,ioctlcmd_t cmd,...)404 int ipstatetestioctl(int dev, ioctlcmd_t cmd, ...)
405 {
406 caddr_t data;
407 va_list ap;
408 int i;
409
410 dev = dev; /* gcc -Wextra */
411 va_start(ap, cmd);
412 data = va_arg(ap, caddr_t);
413 va_end(ap);
414
415 i = ipfioctl(softc, IPL_LOGSTATE, cmd, data, FWRITE|FREAD);
416 if ((opts & OPT_DEBUG) || (i != 0))
417 fprintf(stderr, "ipfioctl(STATE,%#x,%p) = %d\n",
418 (u_int)cmd, data, i);
419 if (i != 0) {
420 errno = i;
421 return -1;
422 }
423 return 0;
424 }
425
426
ipauthtestioctl(int dev,ioctlcmd_t cmd,...)427 int ipauthtestioctl(int dev, ioctlcmd_t cmd, ...)
428 {
429 caddr_t data;
430 va_list ap;
431 int i;
432
433 dev = dev; /* gcc -Wextra */
434 va_start(ap, cmd);
435 data = va_arg(ap, caddr_t);
436 va_end(ap);
437
438 i = ipfioctl(softc, IPL_LOGAUTH, cmd, data, FWRITE|FREAD);
439 if ((opts & OPT_DEBUG) || (i != 0))
440 fprintf(stderr, "ipfioctl(AUTH,%#x,%p) = %d\n",
441 (u_int)cmd, data, i);
442 if (i != 0) {
443 errno = i;
444 return -1;
445 }
446 return 0;
447 }
448
449
ipscantestioctl(int dev,ioctlcmd_t cmd,...)450 int ipscantestioctl(int dev, ioctlcmd_t cmd, ...)
451 {
452 caddr_t data;
453 va_list ap;
454 int i;
455
456 dev = dev; /* gcc -Wextra */
457 va_start(ap, cmd);
458 data = va_arg(ap, caddr_t);
459 va_end(ap);
460
461 i = ipfioctl(softc, IPL_LOGSCAN, cmd, data, FWRITE|FREAD);
462 if ((opts & OPT_DEBUG) || (i != 0))
463 fprintf(stderr, "ipfioctl(SCAN,%#x,%p) = %d\n",
464 (u_int)cmd, data, i);
465 if (i != 0) {
466 errno = i;
467 return -1;
468 }
469 return 0;
470 }
471
472
ipsynctestioctl(int dev,ioctlcmd_t cmd,...)473 int ipsynctestioctl(int dev, ioctlcmd_t cmd, ...)
474 {
475 caddr_t data;
476 va_list ap;
477 int i;
478
479 dev = dev; /* gcc -Wextra */
480 va_start(ap, cmd);
481 data = va_arg(ap, caddr_t);
482 va_end(ap);
483
484 i = ipfioctl(softc, IPL_LOGSYNC, cmd, data, FWRITE|FREAD);
485 if ((opts & OPT_DEBUG) || (i != 0))
486 fprintf(stderr, "ipfioctl(SYNC,%#x,%p) = %d\n",
487 (u_int)cmd, data, i);
488 if (i != 0) {
489 errno = i;
490 return -1;
491 }
492 return 0;
493 }
494
495
ipooltestioctl(int dev,ioctlcmd_t cmd,...)496 int ipooltestioctl(int dev, ioctlcmd_t cmd, ...)
497 {
498 caddr_t data;
499 va_list ap;
500 int i;
501
502 dev = dev; /* gcc -Wextra */
503 va_start(ap, cmd);
504 data = va_arg(ap, caddr_t);
505 va_end(ap);
506
507 i = ipfioctl(softc, IPL_LOGLOOKUP, cmd, data, FWRITE|FREAD);
508 if ((opts & OPT_DEBUG) || (i != 0))
509 fprintf(stderr, "ipfioctl(POOL,%#x,%p) = %d (%d)\n",
510 (u_int)cmd, data, i, softc->ipf_interror);
511 if (i != 0) {
512 errno = i;
513 return -1;
514 }
515 return 0;
516 }
517 #else
ipftestioctl(dev,cmd,data)518 int ipftestioctl(dev, cmd, data)
519 dev_t dev;
520 ioctlcmd_t cmd;
521 void *data;
522 {
523 int i;
524
525 dev = dev; /* gcc -Wextra */
526 i = ipfioctl(softc, IPL_LOGIPF, cmd, data, FWRITE|FREAD);
527 if ((opts & OPT_DEBUG) || (i != 0))
528 fprintf(stderr, "ipfioctl(IPF,%#x,%p) = %d (%d)\n",
529 cmd, data, i, softc->ipf_interror);
530 if (i != 0) {
531 errno = i;
532 return -1;
533 }
534 return 0;
535 }
536
537
ipnattestioctl(dev,cmd,data)538 int ipnattestioctl(dev, cmd, data)
539 dev_t dev;
540 ioctlcmd_t cmd;
541 void *data;
542 {
543 int i;
544
545 dev = dev; /* gcc -Wextra */
546 i = ipfioctl(softc, IPL_LOGNAT, cmd, data, FWRITE|FREAD);
547 if ((opts & OPT_DEBUG) || (i != 0))
548 fprintf(stderr, "ipfioctl(NAT,%#x,%p) = %d\n", cmd, data, i);
549 if (i != 0) {
550 errno = i;
551 return -1;
552 }
553 return 0;
554 }
555
556
ipstatetestioctl(dev,cmd,data)557 int ipstatetestioctl(dev, cmd, data)
558 dev_t dev;
559 ioctlcmd_t cmd;
560 void *data;
561 {
562 int i;
563
564 dev = dev; /* gcc -Wextra */
565 i = ipfioctl(softc, IPL_LOGSTATE, cmd, data, FWRITE|FREAD);
566 if ((opts & OPT_DEBUG) || (i != 0))
567 fprintf(stderr, "ipfioctl(STATE,%#x,%p) = %d\n", cmd, data, i);
568 if (i != 0) {
569 errno = i;
570 return -1;
571 }
572 return 0;
573 }
574
575
ipauthtestioctl(dev,cmd,data)576 int ipauthtestioctl(dev, cmd, data)
577 dev_t dev;
578 ioctlcmd_t cmd;
579 void *data;
580 {
581 int i;
582
583 dev = dev; /* gcc -Wextra */
584 i = ipfioctl(softc, IPL_LOGAUTH, cmd, data, FWRITE|FREAD);
585 if ((opts & OPT_DEBUG) || (i != 0))
586 fprintf(stderr, "ipfioctl(AUTH,%#x,%p) = %d\n", cmd, data, i);
587 if (i != 0) {
588 errno = i;
589 return -1;
590 }
591 return 0;
592 }
593
594
ipsynctestioctl(dev,cmd,data)595 int ipsynctestioctl(dev, cmd, data)
596 dev_t dev;
597 ioctlcmd_t cmd;
598 void *data;
599 {
600 int i;
601
602 dev = dev; /* gcc -Wextra */
603 i = ipfioctl(softc, IPL_LOGSYNC, cmd, data, FWRITE|FREAD);
604 if ((opts & OPT_DEBUG) || (i != 0))
605 fprintf(stderr, "ipfioctl(SYNC,%#x,%p) = %d\n", cmd, data, i);
606 if (i != 0) {
607 errno = i;
608 return -1;
609 }
610 return 0;
611 }
612
613
ipscantestioctl(dev,cmd,data)614 int ipscantestioctl(dev, cmd, data)
615 dev_t dev;
616 ioctlcmd_t cmd;
617 void *data;
618 {
619 int i;
620
621 dev = dev; /* gcc -Wextra */
622 i = ipfioctl(softc, IPL_LOGSCAN, cmd, data, FWRITE|FREAD);
623 if ((opts & OPT_DEBUG) || (i != 0))
624 fprintf(stderr, "ipfioctl(SCAN,%#x,%p) = %d\n", cmd, data, i);
625 if (i != 0) {
626 errno = i;
627 return -1;
628 }
629 return 0;
630 }
631
632
ipooltestioctl(dev,cmd,data)633 int ipooltestioctl(dev, cmd, data)
634 dev_t dev;
635 ioctlcmd_t cmd;
636 void *data;
637 {
638 int i;
639
640 dev = dev; /* gcc -Wextra */
641 i = ipfioctl(softc, IPL_LOGLOOKUP, cmd, data, FWRITE|FREAD);
642 if (opts & OPT_DEBUG)
643 fprintf(stderr, "ipfioctl(POOL,%#x,%p) = %d (%d)\n",
644 cmd, data, i, softc->ipf_interror);
645 if (i != 0) {
646 errno = i;
647 return -1;
648 }
649 return 0;
650 }
651 #endif
652
653
kmemcpy(addr,offset,size)654 int kmemcpy(addr, offset, size)
655 char *addr;
656 long offset;
657 int size;
658 {
659 bcopy((char *)offset, addr, size);
660 return 0;
661 }
662
663
kstrncpy(buf,pos,n)664 int kstrncpy(buf, pos, n)
665 char *buf;
666 long pos;
667 int n;
668 {
669 char *ptr;
670
671 ptr = (char *)pos;
672
673 while ((n > 0) && (*buf++ = *ptr++))
674 ;
675 return 0;
676 }
677
678
679 /*
680 * Display the built up NAT table rules and mapping entries.
681 */
dumpnat(arg)682 void dumpnat(arg)
683 void *arg;
684 {
685 ipf_nat_softc_t *softn = arg;
686 hostmap_t *hm;
687 ipnat_t *ipn;
688 nat_t *nat;
689
690 printf("List of active MAP/Redirect filters:\n");
691 for (ipn = softn->ipf_nat_list; ipn != NULL; ipn = ipn->in_next)
692 printnat(ipn, opts & (OPT_DEBUG|OPT_VERBOSE));
693 printf("\nList of active sessions:\n");
694 for (nat = softn->ipf_nat_instances; nat; nat = nat->nat_next) {
695 printactivenat(nat, opts, 0);
696 if (nat->nat_aps)
697 printf("\tproxy active\n");
698 }
699
700 printf("\nHostmap table:\n");
701 for (hm = softn->ipf_hm_maplist; hm != NULL; hm = hm->hm_next)
702 printhostmap(hm, hm->hm_hv);
703 }
704
705
dumpgroups(softc)706 void dumpgroups(softc)
707 ipf_main_softc_t *softc;
708 {
709 frgroup_t *fg;
710 int i;
711
712 printf("List of groups configured (set 0)\n");
713 for (i = 0; i < IPL_LOGSIZE; i++)
714 for (fg = softc->ipf_groups[i][0]; fg != NULL;
715 fg = fg->fg_next) {
716 printf("Dev.%d. Group %s Ref %d Flags %#x\n",
717 i, fg->fg_name, fg->fg_ref, fg->fg_flags);
718 dumprules(fg->fg_start);
719 }
720
721 printf("List of groups configured (set 1)\n");
722 for (i = 0; i < IPL_LOGSIZE; i++)
723 for (fg = softc->ipf_groups[i][1]; fg != NULL;
724 fg = fg->fg_next) {
725 printf("Dev.%d. Group %s Ref %d Flags %#x\n",
726 i, fg->fg_name, fg->fg_ref, fg->fg_flags);
727 dumprules(fg->fg_start);
728 }
729
730 printf("Rules configured (set 0, in)\n");
731 dumprules(softc->ipf_rules[0][0]);
732 printf("Rules configured (set 0, out)\n");
733 dumprules(softc->ipf_rules[1][0]);
734 printf("Rules configured (set 1, in)\n");
735 dumprules(softc->ipf_rules[0][1]);
736 printf("Rules configured (set 1, out)\n");
737 dumprules(softc->ipf_rules[1][1]);
738
739 printf("Accounting rules configured (set 0, in)\n");
740 dumprules(softc->ipf_acct[0][0]);
741 printf("Accounting rules configured (set 0, out)\n");
742 dumprules(softc->ipf_acct[0][1]);
743 printf("Accounting rules configured (set 1, in)\n");
744 dumprules(softc->ipf_acct[1][0]);
745 printf("Accounting rules configured (set 1, out)\n");
746 dumprules(softc->ipf_acct[1][1]);
747 }
748
dumprules(rulehead)749 void dumprules(rulehead)
750 frentry_t *rulehead;
751 {
752 frentry_t *fr;
753
754 for (fr = rulehead; fr != NULL; fr = fr->fr_next) {
755 #ifdef USE_QUAD_T
756 printf("%llu ",(unsigned long long)fr->fr_hits);
757 #else
758 printf("%ld ", fr->fr_hits);
759 #endif
760 printfr(fr, ipftestioctl);
761 }
762 }
763
764
drain_log(filename)765 void drain_log(filename)
766 char *filename;
767 {
768 char buffer[DEFAULT_IPFLOGSIZE];
769 struct iovec iov;
770 struct uio uio;
771 size_t resid;
772 int fd, i;
773
774 fd = open(filename, O_CREAT|O_TRUNC|O_WRONLY, 0644);
775 if (fd == -1) {
776 perror("drain_log:open");
777 return;
778 }
779
780 for (i = 0; i <= IPL_LOGMAX; i++)
781 while (1) {
782 bzero((char *)&iov, sizeof(iov));
783 iov.iov_base = buffer;
784 iov.iov_len = sizeof(buffer);
785
786 bzero((char *)&uio, sizeof(uio));
787 uio.uio_iov = &iov;
788 uio.uio_iovcnt = 1;
789 uio.uio_resid = iov.iov_len;
790 resid = uio.uio_resid;
791
792 if (ipf_log_read(softc, i, &uio) == 0) {
793 /*
794 * If nothing was read then break out.
795 */
796 if (uio.uio_resid == resid)
797 break;
798 write(fd, buffer, resid - uio.uio_resid);
799 } else
800 break;
801 }
802
803 close(fd);
804 }
805
806
fixv4sums(m,ip)807 void fixv4sums(m, ip)
808 mb_t *m;
809 ip_t *ip;
810 {
811 u_char *csump, *hdr, p;
812 fr_info_t tmp;
813 int len;
814
815 p = 0;
816 len = 0;
817 bzero((char *)&tmp, sizeof(tmp));
818
819 csump = (u_char *)ip;
820 if (IP_V(ip) == 4) {
821 ip->ip_sum = 0;
822 ip->ip_sum = ipf_cksum((u_short *)ip, IP_HL(ip) << 2);
823 tmp.fin_hlen = IP_HL(ip) << 2;
824 csump += IP_HL(ip) << 2;
825 p = ip->ip_p;
826 len = ntohs(ip->ip_len);
827 #ifdef USE_INET6
828 } else if (IP_V(ip) == 6) {
829 tmp.fin_hlen = sizeof(ip6_t);
830 csump += sizeof(ip6_t);
831 p = ((ip6_t *)ip)->ip6_nxt;
832 len = ntohs(((ip6_t *)ip)->ip6_plen);
833 len += sizeof(ip6_t);
834 #endif
835 }
836 tmp.fin_plen = len;
837 tmp.fin_dlen = len - tmp.fin_hlen;
838
839 switch (p)
840 {
841 case IPPROTO_TCP :
842 hdr = csump;
843 csump += offsetof(tcphdr_t, th_sum);
844 break;
845 case IPPROTO_UDP :
846 hdr = csump;
847 csump += offsetof(udphdr_t, uh_sum);
848 break;
849 case IPPROTO_ICMP :
850 hdr = csump;
851 csump += offsetof(icmphdr_t, icmp_cksum);
852 break;
853 default :
854 csump = NULL;
855 hdr = NULL;
856 break;
857 }
858 if (hdr != NULL) {
859 tmp.fin_m = m;
860 tmp.fin_mp = &m;
861 tmp.fin_dp = hdr;
862 tmp.fin_ip = ip;
863 tmp.fin_plen = len;
864 *csump = 0;
865 *(u_short *)csump = fr_cksum(&tmp, ip, p, hdr);
866 }
867 }
868