10Sstevel@tonic-gate /*
20Sstevel@tonic-gate * Copyright (C) 1993-2001 by Darren Reed.
30Sstevel@tonic-gate *
40Sstevel@tonic-gate * See the IPFILTER.LICENCE file for details on licencing.
5637Sml37995 *
6*11105SAlexandr.Nedvedicky@Sun.COM * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
7637Sml37995 * Use is subject to license terms.
80Sstevel@tonic-gate */
9637Sml37995
100Sstevel@tonic-gate #include "ipf.h"
110Sstevel@tonic-gate #include "ipt.h"
120Sstevel@tonic-gate #include <sys/ioctl.h>
130Sstevel@tonic-gate #include <sys/file.h>
140Sstevel@tonic-gate
150Sstevel@tonic-gate #if !defined(lint)
160Sstevel@tonic-gate static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed";
172393Syz155240 static const char rcsid[] = "@(#)$Id: ipftest.c,v 1.44.2.4 2005/07/16 06:05:28 darrenr Exp $";
180Sstevel@tonic-gate #endif
190Sstevel@tonic-gate
200Sstevel@tonic-gate extern char *optarg;
210Sstevel@tonic-gate extern struct frentry *ipfilter[2][2];
220Sstevel@tonic-gate extern struct ipread snoop, etherf, tcpd, pcap, iptext, iphex;
233448Sdh155122 extern struct ifnet *get_unit __P((char *, int, ipf_stack_t *));
240Sstevel@tonic-gate extern void init_ifp __P((void));
250Sstevel@tonic-gate
260Sstevel@tonic-gate int opts = OPT_DONOTHING;
270Sstevel@tonic-gate int use_inet6 = 0;
280Sstevel@tonic-gate int pfil_delayed_copy = 0;
290Sstevel@tonic-gate int main __P((int, char *[]));
300Sstevel@tonic-gate int loadrules __P((char *, int));
310Sstevel@tonic-gate int kmemcpy __P((char *, long, int));
320Sstevel@tonic-gate int kstrncpy __P((char *, long, int n));
333448Sdh155122 void dumpnat __P((ipf_stack_t *ifs));
343448Sdh155122 void dumpstate __P((ipf_stack_t *ifs));
353448Sdh155122 void dumplookups __P((ipf_stack_t *ifs));
363448Sdh155122 void dumpgroups __P((ipf_stack_t *ifs));
373448Sdh155122 void drain_log __P((char *, ipf_stack_t *ifs));
380Sstevel@tonic-gate void fixv4sums __P((mb_t *, ip_t *));
393448Sdh155122 ipf_stack_t *get_ifs __P((void));
403448Sdh155122 ipf_stack_t *create_ifs __P((void));
413448Sdh155122
420Sstevel@tonic-gate
430Sstevel@tonic-gate #if defined(__NetBSD__) || defined(__OpenBSD__) || SOLARIS || \
440Sstevel@tonic-gate (_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000) || \
452393Syz155240 defined(__osf__) || defined(linux)
460Sstevel@tonic-gate int ipftestioctl __P((int, ioctlcmd_t, ...));
470Sstevel@tonic-gate int ipnattestioctl __P((int, ioctlcmd_t, ...));
480Sstevel@tonic-gate int ipstatetestioctl __P((int, ioctlcmd_t, ...));
490Sstevel@tonic-gate int ipauthtestioctl __P((int, ioctlcmd_t, ...));
500Sstevel@tonic-gate int ipscantestioctl __P((int, ioctlcmd_t, ...));
510Sstevel@tonic-gate int ipsynctestioctl __P((int, ioctlcmd_t, ...));
520Sstevel@tonic-gate int ipooltestioctl __P((int, ioctlcmd_t, ...));
530Sstevel@tonic-gate #else
540Sstevel@tonic-gate int ipftestioctl __P((dev_t, ioctlcmd_t, void *));
550Sstevel@tonic-gate int ipnattestioctl __P((dev_t, ioctlcmd_t, void *));
560Sstevel@tonic-gate int ipstatetestioctl __P((dev_t, ioctlcmd_t, void *));
570Sstevel@tonic-gate int ipauthtestioctl __P((dev_t, ioctlcmd_t, void *));
580Sstevel@tonic-gate int ipsynctestioctl __P((dev_t, ioctlcmd_t, void *));
590Sstevel@tonic-gate int ipscantestioctl __P((dev_t, ioctlcmd_t, void *));
600Sstevel@tonic-gate int ipooltestioctl __P((dev_t, ioctlcmd_t, void *));
610Sstevel@tonic-gate #endif
620Sstevel@tonic-gate
630Sstevel@tonic-gate static ioctlfunc_t iocfunctions[IPL_LOGSIZE] = { ipftestioctl,
640Sstevel@tonic-gate ipnattestioctl,
650Sstevel@tonic-gate ipstatetestioctl,
660Sstevel@tonic-gate ipauthtestioctl,
670Sstevel@tonic-gate ipsynctestioctl,
680Sstevel@tonic-gate ipscantestioctl,
690Sstevel@tonic-gate ipooltestioctl,
700Sstevel@tonic-gate NULL };
710Sstevel@tonic-gate
720Sstevel@tonic-gate
main(argc,argv)730Sstevel@tonic-gate int main(argc,argv)
740Sstevel@tonic-gate int argc;
750Sstevel@tonic-gate char *argv[];
760Sstevel@tonic-gate {
770Sstevel@tonic-gate char *datain, *iface, *ifname, *logout;
780Sstevel@tonic-gate int fd, i, dir, c, loaded, dump, hlen;
790Sstevel@tonic-gate struct ifnet *ifp;
800Sstevel@tonic-gate struct ipread *r;
810Sstevel@tonic-gate mb_t mb, *m;
820Sstevel@tonic-gate ip_t *ip;
833448Sdh155122 ipf_stack_t *ifs;
840Sstevel@tonic-gate
850Sstevel@tonic-gate m = &mb;
860Sstevel@tonic-gate dir = 0;
870Sstevel@tonic-gate dump = 0;
880Sstevel@tonic-gate hlen = 0;
890Sstevel@tonic-gate loaded = 0;
900Sstevel@tonic-gate r = &iptext;
910Sstevel@tonic-gate iface = NULL;
920Sstevel@tonic-gate logout = NULL;
930Sstevel@tonic-gate ifname = "anon0";
940Sstevel@tonic-gate datain = NULL;
950Sstevel@tonic-gate
963448Sdh155122 initparse();
973448Sdh155122 ifs = create_ifs();
980Sstevel@tonic-gate
993448Sdh155122 #if defined(IPFILTER_DEFAULT_BLOCK)
1003448Sdh155122 ifs->ifs_fr_pass = FR_BLOCK|FR_NOMATCH;
1013448Sdh155122 #else
1023448Sdh155122 ifs->ifs_fr_pass = (IPF_DEFAULT_PASS)|FR_NOMATCH;
1033448Sdh155122 #endif
1043448Sdh155122 ipftuneable_alloc(ifs);
1053448Sdh155122
1063448Sdh155122 MUTEX_INIT(&ifs->ifs_ipf_rw, "ipf rw mutex");
1073448Sdh155122 MUTEX_INIT(&ifs->ifs_ipf_timeoutlock, "ipf timeout lock");
1083448Sdh155122 RWLOCK_INIT(&ifs->ifs_ipf_global, "ipf filter load/unload mutex");
1093448Sdh155122 RWLOCK_INIT(&ifs->ifs_ipf_mutex, "ipf filter rwlock");
1103448Sdh155122 RWLOCK_INIT(&ifs->ifs_ipf_ipidfrag, "ipf IP NAT-Frag rwlock");
111*11105SAlexandr.Nedvedicky@Sun.COM RWLOCK_INIT(&ifs->ifs_ipf_frcache, "ipf rule cache rwlock");
1123448Sdh155122
1133448Sdh155122 fr_loginit(ifs);
1143448Sdh155122 fr_authinit(ifs);
1153448Sdh155122 fr_fraginit(ifs);
1163448Sdh155122 fr_stateinit(ifs);
1173448Sdh155122 fr_natinit(ifs);
1183448Sdh155122 appr_init(ifs);
1193448Sdh155122 ip_lookup_init(ifs);
1203448Sdh155122 ifs->ifs_fr_running = 1;
1210Sstevel@tonic-gate
1222393Syz155240 while ((c = getopt(argc, argv, "6bdDF:i:I:l:N:P:or:RT:vxX")) != -1)
1230Sstevel@tonic-gate switch (c)
1240Sstevel@tonic-gate {
1250Sstevel@tonic-gate case '6' :
1260Sstevel@tonic-gate #ifdef USE_INET6
1270Sstevel@tonic-gate use_inet6 = 1;
1280Sstevel@tonic-gate #else
1290Sstevel@tonic-gate fprintf(stderr, "IPv6 not supported\n");
1300Sstevel@tonic-gate exit(1);
1310Sstevel@tonic-gate #endif
1320Sstevel@tonic-gate break;
1330Sstevel@tonic-gate case 'b' :
1340Sstevel@tonic-gate opts |= OPT_BRIEF;
1350Sstevel@tonic-gate break;
1360Sstevel@tonic-gate case 'd' :
1370Sstevel@tonic-gate opts |= OPT_DEBUG;
1380Sstevel@tonic-gate break;
1390Sstevel@tonic-gate case 'D' :
1400Sstevel@tonic-gate dump = 1;
1410Sstevel@tonic-gate break;
1420Sstevel@tonic-gate case 'F' :
1430Sstevel@tonic-gate if (strcasecmp(optarg, "pcap") == 0)
1440Sstevel@tonic-gate r = &pcap;
1450Sstevel@tonic-gate else if (strcasecmp(optarg, "etherfind") == 0)
1460Sstevel@tonic-gate r = ðerf;
1470Sstevel@tonic-gate else if (strcasecmp(optarg, "snoop") == 0)
1480Sstevel@tonic-gate r = &snoop;
1490Sstevel@tonic-gate else if (strcasecmp(optarg, "tcpdump") == 0)
1500Sstevel@tonic-gate r = &tcpd;
1510Sstevel@tonic-gate else if (strcasecmp(optarg, "hex") == 0)
1520Sstevel@tonic-gate r = &iphex;
1530Sstevel@tonic-gate else if (strcasecmp(optarg, "text") == 0)
1540Sstevel@tonic-gate r = &iptext;
1550Sstevel@tonic-gate break;
1560Sstevel@tonic-gate case 'i' :
1570Sstevel@tonic-gate datain = optarg;
1580Sstevel@tonic-gate break;
1590Sstevel@tonic-gate case 'I' :
1600Sstevel@tonic-gate ifname = optarg;
1610Sstevel@tonic-gate break;
1620Sstevel@tonic-gate case 'l' :
1630Sstevel@tonic-gate logout = optarg;
1640Sstevel@tonic-gate break;
1650Sstevel@tonic-gate case 'o' :
1660Sstevel@tonic-gate opts |= OPT_SAVEOUT;
1670Sstevel@tonic-gate break;
1680Sstevel@tonic-gate case 'r' :
1690Sstevel@tonic-gate if (ipf_parsefile(-1, ipf_addrule, iocfunctions,
1700Sstevel@tonic-gate optarg) == -1)
1710Sstevel@tonic-gate return -1;
1720Sstevel@tonic-gate loaded = 1;
1730Sstevel@tonic-gate break;
1742393Syz155240 case 'R' :
1752393Syz155240 opts |= OPT_NORESOLVE;
1762393Syz155240 break;
1770Sstevel@tonic-gate case 'v' :
1780Sstevel@tonic-gate opts |= OPT_VERBOSE;
1790Sstevel@tonic-gate break;
1800Sstevel@tonic-gate case 'N' :
1810Sstevel@tonic-gate if (ipnat_parsefile(-1, ipnat_addrule, ipnattestioctl,
1820Sstevel@tonic-gate optarg) == -1)
1830Sstevel@tonic-gate return -1;
1840Sstevel@tonic-gate loaded = 1;
1850Sstevel@tonic-gate opts |= OPT_NAT;
1860Sstevel@tonic-gate break;
1870Sstevel@tonic-gate case 'P' :
1880Sstevel@tonic-gate if (ippool_parsefile(-1, optarg, ipooltestioctl) == -1)
1890Sstevel@tonic-gate return -1;
1900Sstevel@tonic-gate loaded = 1;
1910Sstevel@tonic-gate break;
1922393Syz155240 case 'T' :
1932393Syz155240 ipf_dotuning(-1, optarg, ipftestioctl);
1942393Syz155240 break;
1950Sstevel@tonic-gate case 'x' :
1960Sstevel@tonic-gate opts |= OPT_HEX;
1970Sstevel@tonic-gate break;
1980Sstevel@tonic-gate }
1990Sstevel@tonic-gate
2000Sstevel@tonic-gate if (loaded == 0) {
2010Sstevel@tonic-gate (void)fprintf(stderr,"no rules loaded\n");
2020Sstevel@tonic-gate exit(-1);
2030Sstevel@tonic-gate }
2040Sstevel@tonic-gate
2050Sstevel@tonic-gate if (opts & OPT_SAVEOUT)
2060Sstevel@tonic-gate init_ifp();
2070Sstevel@tonic-gate
2080Sstevel@tonic-gate if (datain)
2090Sstevel@tonic-gate fd = (*r->r_open)(datain);
2100Sstevel@tonic-gate else
2110Sstevel@tonic-gate fd = (*r->r_open)("-");
2120Sstevel@tonic-gate
2130Sstevel@tonic-gate if (fd < 0)
2140Sstevel@tonic-gate exit(-1);
2150Sstevel@tonic-gate
2160Sstevel@tonic-gate ip = MTOD(m, ip_t *);
2170Sstevel@tonic-gate while ((i = (*r->r_readip)(MTOD(m, char *), sizeof(m->mb_buf),
2180Sstevel@tonic-gate &iface, &dir)) > 0) {
2190Sstevel@tonic-gate if (iface == NULL || *iface == '\0')
2200Sstevel@tonic-gate iface = ifname;
2213448Sdh155122 ifp = get_unit(iface, IP_V(ip), ifs);
2221448Sschuster if (ifp == NULL) {
2231448Sschuster fprintf(stderr, "out of memory\n");
2241448Sschuster exit(1);
2251448Sschuster }
2260Sstevel@tonic-gate if (!use_inet6) {
2270Sstevel@tonic-gate ip->ip_off = ntohs(ip->ip_off);
2280Sstevel@tonic-gate ip->ip_len = ntohs(ip->ip_len);
2290Sstevel@tonic-gate if (r->r_flags & R_DO_CKSUM)
2300Sstevel@tonic-gate fixv4sums(m, ip);
2310Sstevel@tonic-gate hlen = IP_HL(ip) << 2;
2320Sstevel@tonic-gate }
2330Sstevel@tonic-gate #ifdef USE_INET6
2340Sstevel@tonic-gate else
2350Sstevel@tonic-gate hlen = sizeof(ip6_t);
2360Sstevel@tonic-gate #endif
2370Sstevel@tonic-gate /* ipfr_slowtimer(); */
2380Sstevel@tonic-gate m = &mb;
2390Sstevel@tonic-gate m->mb_len = i;
2403448Sdh155122 i = fr_check(ip, hlen, ifp, dir, &m, ifs);
2410Sstevel@tonic-gate if ((opts & OPT_NAT) == 0)
2420Sstevel@tonic-gate switch (i)
2430Sstevel@tonic-gate {
2440Sstevel@tonic-gate case -4 :
2450Sstevel@tonic-gate (void)printf("preauth");
2460Sstevel@tonic-gate break;
2470Sstevel@tonic-gate case -3 :
2480Sstevel@tonic-gate (void)printf("account");
2490Sstevel@tonic-gate break;
2500Sstevel@tonic-gate case -2 :
2510Sstevel@tonic-gate (void)printf("auth");
2520Sstevel@tonic-gate break;
2530Sstevel@tonic-gate case -1 :
2540Sstevel@tonic-gate (void)printf("block");
2550Sstevel@tonic-gate break;
2560Sstevel@tonic-gate case 0 :
2570Sstevel@tonic-gate (void)printf("pass");
2580Sstevel@tonic-gate break;
2590Sstevel@tonic-gate case 1 :
2600Sstevel@tonic-gate (void)printf("nomatch");
2610Sstevel@tonic-gate break;
2620Sstevel@tonic-gate case 3 :
2630Sstevel@tonic-gate (void)printf("block return-rst");
2640Sstevel@tonic-gate break;
2650Sstevel@tonic-gate case 4 :
2660Sstevel@tonic-gate (void)printf("block return-icmp");
2670Sstevel@tonic-gate break;
2680Sstevel@tonic-gate case 5 :
2690Sstevel@tonic-gate (void)printf("block return-icmp-as-dest");
2700Sstevel@tonic-gate break;
2710Sstevel@tonic-gate default :
2720Sstevel@tonic-gate (void)printf("recognised return %#x\n", i);
2730Sstevel@tonic-gate break;
2740Sstevel@tonic-gate }
2750Sstevel@tonic-gate if (!use_inet6) {
2760Sstevel@tonic-gate ip->ip_off = htons(ip->ip_off);
2770Sstevel@tonic-gate ip->ip_len = htons(ip->ip_len);
2780Sstevel@tonic-gate }
2790Sstevel@tonic-gate
2800Sstevel@tonic-gate if (!(opts & OPT_BRIEF)) {
2810Sstevel@tonic-gate putchar(' ');
2820Sstevel@tonic-gate printpacket(ip);
2830Sstevel@tonic-gate printf("--------------");
2840Sstevel@tonic-gate } else if ((opts & (OPT_BRIEF|OPT_NAT)) == (OPT_NAT|OPT_BRIEF))
2850Sstevel@tonic-gate printpacket(ip);
2860Sstevel@tonic-gate if (dir && (ifp != NULL) && IP_V(ip) && (m != NULL))
2872393Syz155240 #if defined(__sgi) && (IRIX < 60500)
2880Sstevel@tonic-gate (*ifp->if_output)(ifp, (void *)m, NULL);
2890Sstevel@tonic-gate #else
2900Sstevel@tonic-gate # if TRU64 >= 1885
2910Sstevel@tonic-gate (*ifp->if_output)(ifp, (void *)m, NULL, 0, 0);
2920Sstevel@tonic-gate # else
2930Sstevel@tonic-gate (*ifp->if_output)(ifp, (void *)m, NULL, 0);
2940Sstevel@tonic-gate # endif
2950Sstevel@tonic-gate #endif
2960Sstevel@tonic-gate if ((opts & (OPT_BRIEF|OPT_NAT)) != (OPT_NAT|OPT_BRIEF))
2970Sstevel@tonic-gate putchar('\n');
2980Sstevel@tonic-gate dir = 0;
2990Sstevel@tonic-gate if (iface != ifname) {
3000Sstevel@tonic-gate free(iface);
3010Sstevel@tonic-gate iface = ifname;
3020Sstevel@tonic-gate }
3030Sstevel@tonic-gate m = &mb;
3040Sstevel@tonic-gate }
3050Sstevel@tonic-gate (*r->r_close)();
3060Sstevel@tonic-gate
3070Sstevel@tonic-gate if (logout != NULL) {
3083448Sdh155122 drain_log(logout, ifs);
3090Sstevel@tonic-gate }
3100Sstevel@tonic-gate
3110Sstevel@tonic-gate if (dump == 1) {
3123448Sdh155122 dumpnat(ifs);
3133448Sdh155122 dumpstate(ifs);
3143448Sdh155122 dumplookups(ifs);
3153448Sdh155122 dumpgroups(ifs);
3160Sstevel@tonic-gate }
3170Sstevel@tonic-gate
3183448Sdh155122 fr_deinitialise(ifs);
3190Sstevel@tonic-gate
3200Sstevel@tonic-gate return 0;
3210Sstevel@tonic-gate }
3220Sstevel@tonic-gate
3230Sstevel@tonic-gate
3240Sstevel@tonic-gate #if defined(__NetBSD__) || defined(__OpenBSD__) || SOLARIS || \
3250Sstevel@tonic-gate (_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000) || \
3262393Syz155240 defined(__osf__) || defined(linux)
ipftestioctl(int dev,ioctlcmd_t cmd,...)3270Sstevel@tonic-gate int ipftestioctl(int dev, ioctlcmd_t cmd, ...)
3280Sstevel@tonic-gate {
3290Sstevel@tonic-gate caddr_t data;
3300Sstevel@tonic-gate va_list ap;
3310Sstevel@tonic-gate int i;
3320Sstevel@tonic-gate
3330Sstevel@tonic-gate va_start(ap, cmd);
3340Sstevel@tonic-gate data = va_arg(ap, caddr_t);
3350Sstevel@tonic-gate va_end(ap);
3360Sstevel@tonic-gate
3370Sstevel@tonic-gate i = iplioctl(IPL_LOGIPF, cmd, data, FWRITE|FREAD);
3380Sstevel@tonic-gate if (opts & OPT_DEBUG)
3390Sstevel@tonic-gate fprintf(stderr, "iplioctl(IPF,%#x,%p) = %d\n",
3400Sstevel@tonic-gate (u_int)cmd, data, i);
3412393Syz155240 if (i != 0) {
3422393Syz155240 errno = i;
3432393Syz155240 return -1;
3442393Syz155240 }
3452393Syz155240 return 0;
3460Sstevel@tonic-gate }
3470Sstevel@tonic-gate
3480Sstevel@tonic-gate
ipnattestioctl(int dev,ioctlcmd_t cmd,...)3490Sstevel@tonic-gate int ipnattestioctl(int dev, ioctlcmd_t cmd, ...)
3500Sstevel@tonic-gate {
3510Sstevel@tonic-gate caddr_t data;
3520Sstevel@tonic-gate va_list ap;
3530Sstevel@tonic-gate int i;
3540Sstevel@tonic-gate
3550Sstevel@tonic-gate va_start(ap, cmd);
3560Sstevel@tonic-gate data = va_arg(ap, caddr_t);
3570Sstevel@tonic-gate va_end(ap);
3580Sstevel@tonic-gate
3590Sstevel@tonic-gate i = iplioctl(IPL_LOGNAT, cmd, data, FWRITE|FREAD);
3600Sstevel@tonic-gate if (opts & OPT_DEBUG)
3610Sstevel@tonic-gate fprintf(stderr, "iplioctl(NAT,%#x,%p) = %d\n",
3620Sstevel@tonic-gate (u_int)cmd, data, i);
3632393Syz155240 if (i != 0) {
3642393Syz155240 errno = i;
3652393Syz155240 return -1;
3662393Syz155240 }
3672393Syz155240 return 0;
3680Sstevel@tonic-gate }
3690Sstevel@tonic-gate
3700Sstevel@tonic-gate
ipstatetestioctl(int dev,ioctlcmd_t cmd,...)3710Sstevel@tonic-gate int ipstatetestioctl(int dev, ioctlcmd_t cmd, ...)
3720Sstevel@tonic-gate {
3730Sstevel@tonic-gate caddr_t data;
3740Sstevel@tonic-gate va_list ap;
3750Sstevel@tonic-gate int i;
3760Sstevel@tonic-gate
3770Sstevel@tonic-gate va_start(ap, cmd);
3780Sstevel@tonic-gate data = va_arg(ap, caddr_t);
3790Sstevel@tonic-gate va_end(ap);
3800Sstevel@tonic-gate
3810Sstevel@tonic-gate i = iplioctl(IPL_LOGSTATE, cmd, data, FWRITE|FREAD);
3820Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0))
3830Sstevel@tonic-gate fprintf(stderr, "iplioctl(STATE,%#x,%p) = %d\n",
3840Sstevel@tonic-gate (u_int)cmd, data, i);
3852393Syz155240 if (i != 0) {
3862393Syz155240 errno = i;
3872393Syz155240 return -1;
3882393Syz155240 }
3892393Syz155240 return 0;
3900Sstevel@tonic-gate }
3910Sstevel@tonic-gate
3920Sstevel@tonic-gate
ipauthtestioctl(int dev,ioctlcmd_t cmd,...)3930Sstevel@tonic-gate int ipauthtestioctl(int dev, ioctlcmd_t cmd, ...)
3940Sstevel@tonic-gate {
3950Sstevel@tonic-gate caddr_t data;
3960Sstevel@tonic-gate va_list ap;
3970Sstevel@tonic-gate int i;
3980Sstevel@tonic-gate
3990Sstevel@tonic-gate va_start(ap, cmd);
4000Sstevel@tonic-gate data = va_arg(ap, caddr_t);
4010Sstevel@tonic-gate va_end(ap);
4020Sstevel@tonic-gate
4030Sstevel@tonic-gate i = iplioctl(IPL_LOGAUTH, cmd, data, FWRITE|FREAD);
4040Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0))
4050Sstevel@tonic-gate fprintf(stderr, "iplioctl(AUTH,%#x,%p) = %d\n",
4060Sstevel@tonic-gate (u_int)cmd, data, i);
4072393Syz155240 if (i != 0) {
4082393Syz155240 errno = i;
4092393Syz155240 return -1;
4102393Syz155240 }
4112393Syz155240 return 0;
4120Sstevel@tonic-gate }
4130Sstevel@tonic-gate
4140Sstevel@tonic-gate
ipscantestioctl(int dev,ioctlcmd_t cmd,...)4150Sstevel@tonic-gate int ipscantestioctl(int dev, ioctlcmd_t cmd, ...)
4160Sstevel@tonic-gate {
4170Sstevel@tonic-gate caddr_t data;
4180Sstevel@tonic-gate va_list ap;
4190Sstevel@tonic-gate int i;
4200Sstevel@tonic-gate
4210Sstevel@tonic-gate va_start(ap, cmd);
4220Sstevel@tonic-gate data = va_arg(ap, caddr_t);
4230Sstevel@tonic-gate va_end(ap);
4240Sstevel@tonic-gate
4250Sstevel@tonic-gate i = iplioctl(IPL_LOGSCAN, cmd, data, FWRITE|FREAD);
4260Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0))
4270Sstevel@tonic-gate fprintf(stderr, "iplioctl(SCAN,%#x,%p) = %d\n",
4280Sstevel@tonic-gate (u_int)cmd, data, i);
4292393Syz155240 if (i != 0) {
4302393Syz155240 errno = i;
4312393Syz155240 return -1;
4322393Syz155240 }
4332393Syz155240 return 0;
4340Sstevel@tonic-gate }
4350Sstevel@tonic-gate
4360Sstevel@tonic-gate
ipsynctestioctl(int dev,ioctlcmd_t cmd,...)4370Sstevel@tonic-gate int ipsynctestioctl(int dev, ioctlcmd_t cmd, ...)
4380Sstevel@tonic-gate {
4390Sstevel@tonic-gate caddr_t data;
4400Sstevel@tonic-gate va_list ap;
4410Sstevel@tonic-gate int i;
4420Sstevel@tonic-gate
4430Sstevel@tonic-gate va_start(ap, cmd);
4440Sstevel@tonic-gate data = va_arg(ap, caddr_t);
4450Sstevel@tonic-gate va_end(ap);
4460Sstevel@tonic-gate
4470Sstevel@tonic-gate i = iplioctl(IPL_LOGSYNC, cmd, data, FWRITE|FREAD);
4480Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0))
4490Sstevel@tonic-gate fprintf(stderr, "iplioctl(SYNC,%#x,%p) = %d\n",
4500Sstevel@tonic-gate (u_int)cmd, data, i);
4512393Syz155240 if (i != 0) {
4522393Syz155240 errno = i;
4532393Syz155240 return -1;
4542393Syz155240 }
4552393Syz155240 return 0;
4560Sstevel@tonic-gate }
4570Sstevel@tonic-gate
4580Sstevel@tonic-gate
ipooltestioctl(int dev,ioctlcmd_t cmd,...)4590Sstevel@tonic-gate int ipooltestioctl(int dev, ioctlcmd_t cmd, ...)
4600Sstevel@tonic-gate {
4610Sstevel@tonic-gate caddr_t data;
4620Sstevel@tonic-gate va_list ap;
4630Sstevel@tonic-gate int i;
4640Sstevel@tonic-gate
4650Sstevel@tonic-gate va_start(ap, cmd);
4660Sstevel@tonic-gate data = va_arg(ap, caddr_t);
4670Sstevel@tonic-gate va_end(ap);
4680Sstevel@tonic-gate
4690Sstevel@tonic-gate i = iplioctl(IPL_LOGLOOKUP, cmd, data, FWRITE|FREAD);
4700Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0))
4710Sstevel@tonic-gate fprintf(stderr, "iplioctl(POOL,%#x,%p) = %d\n",
4720Sstevel@tonic-gate (u_int)cmd, data, i);
4732393Syz155240 if (i != 0) {
4742393Syz155240 errno = i;
4752393Syz155240 return -1;
4762393Syz155240 }
4772393Syz155240 return 0;
4780Sstevel@tonic-gate }
4790Sstevel@tonic-gate #else
ipftestioctl(dev,cmd,data)4800Sstevel@tonic-gate int ipftestioctl(dev, cmd, data)
4810Sstevel@tonic-gate dev_t dev;
4820Sstevel@tonic-gate ioctlcmd_t cmd;
4830Sstevel@tonic-gate void *data;
4840Sstevel@tonic-gate {
4850Sstevel@tonic-gate int i;
4860Sstevel@tonic-gate
4870Sstevel@tonic-gate i = iplioctl(IPL_LOGIPF, cmd, data, FWRITE|FREAD);
4880Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0))
4890Sstevel@tonic-gate fprintf(stderr, "iplioctl(IPF,%#x,%p) = %d\n", cmd, data, i);
4902393Syz155240 if (i != 0) {
4912393Syz155240 errno = i;
4922393Syz155240 return -1;
4932393Syz155240 }
4942393Syz155240 return 0;
4950Sstevel@tonic-gate }
4960Sstevel@tonic-gate
4970Sstevel@tonic-gate
ipnattestioctl(dev,cmd,data)4980Sstevel@tonic-gate int ipnattestioctl(dev, cmd, data)
4990Sstevel@tonic-gate dev_t dev;
5000Sstevel@tonic-gate ioctlcmd_t cmd;
5010Sstevel@tonic-gate void *data;
5020Sstevel@tonic-gate {
5030Sstevel@tonic-gate int i;
5040Sstevel@tonic-gate
5050Sstevel@tonic-gate i = iplioctl(IPL_LOGNAT, cmd, data, FWRITE|FREAD);
5060Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0))
5070Sstevel@tonic-gate fprintf(stderr, "iplioctl(NAT,%#x,%p) = %d\n", cmd, data, i);
5082393Syz155240 if (i != 0) {
5092393Syz155240 errno = i;
5102393Syz155240 return -1;
5112393Syz155240 }
5122393Syz155240 return 0;
5130Sstevel@tonic-gate }
5140Sstevel@tonic-gate
5150Sstevel@tonic-gate
ipstatetestioctl(dev,cmd,data)5160Sstevel@tonic-gate int ipstatetestioctl(dev, cmd, data)
5170Sstevel@tonic-gate dev_t dev;
5180Sstevel@tonic-gate ioctlcmd_t cmd;
5190Sstevel@tonic-gate void *data;
5200Sstevel@tonic-gate {
5210Sstevel@tonic-gate int i;
5220Sstevel@tonic-gate
5230Sstevel@tonic-gate i = iplioctl(IPL_LOGSTATE, cmd, data, FWRITE|FREAD);
5240Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0))
5250Sstevel@tonic-gate fprintf(stderr, "iplioctl(STATE,%#x,%p) = %d\n", cmd, data, i);
5262393Syz155240 if (i != 0) {
5272393Syz155240 errno = i;
5282393Syz155240 return -1;
5292393Syz155240 }
5302393Syz155240 return 0;
5310Sstevel@tonic-gate }
5320Sstevel@tonic-gate
5330Sstevel@tonic-gate
ipauthtestioctl(dev,cmd,data)5340Sstevel@tonic-gate int ipauthtestioctl(dev, cmd, data)
5350Sstevel@tonic-gate dev_t dev;
5360Sstevel@tonic-gate ioctlcmd_t cmd;
5370Sstevel@tonic-gate void *data;
5380Sstevel@tonic-gate {
5390Sstevel@tonic-gate int i;
5400Sstevel@tonic-gate
5410Sstevel@tonic-gate i = iplioctl(IPL_LOGAUTH, cmd, data, FWRITE|FREAD);
5420Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0))
5430Sstevel@tonic-gate fprintf(stderr, "iplioctl(AUTH,%#x,%p) = %d\n", cmd, data, i);
5442393Syz155240 if (i != 0) {
5452393Syz155240 errno = i;
5462393Syz155240 return -1;
5472393Syz155240 }
5482393Syz155240 return 0;
5490Sstevel@tonic-gate }
5500Sstevel@tonic-gate
5510Sstevel@tonic-gate
ipsynctestioctl(dev,cmd,data)5520Sstevel@tonic-gate int ipsynctestioctl(dev, cmd, data)
5530Sstevel@tonic-gate dev_t dev;
5540Sstevel@tonic-gate ioctlcmd_t cmd;
5550Sstevel@tonic-gate void *data;
5560Sstevel@tonic-gate {
5570Sstevel@tonic-gate int i;
5580Sstevel@tonic-gate
5590Sstevel@tonic-gate i = iplioctl(IPL_LOGSYNC, cmd, data, FWRITE|FREAD);
5600Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0))
5610Sstevel@tonic-gate fprintf(stderr, "iplioctl(SYNC,%#x,%p) = %d\n", cmd, data, i);
5622393Syz155240 if (i != 0) {
5632393Syz155240 errno = i;
5642393Syz155240 return -1;
5652393Syz155240 }
5662393Syz155240 return 0;
5670Sstevel@tonic-gate }
5680Sstevel@tonic-gate
5690Sstevel@tonic-gate
ipscantestioctl(dev,cmd,data)5700Sstevel@tonic-gate int ipscantestioctl(dev, cmd, data)
5710Sstevel@tonic-gate dev_t dev;
5720Sstevel@tonic-gate ioctlcmd_t cmd;
5730Sstevel@tonic-gate void *data;
5740Sstevel@tonic-gate {
5750Sstevel@tonic-gate int i;
5760Sstevel@tonic-gate
5770Sstevel@tonic-gate i = iplioctl(IPL_LOGSCAN, cmd, data, FWRITE|FREAD);
5780Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0))
5790Sstevel@tonic-gate fprintf(stderr, "iplioctl(SCAN,%#x,%p) = %d\n", cmd, data, i);
5802393Syz155240 if (i != 0) {
5812393Syz155240 errno = i;
5822393Syz155240 return -1;
5832393Syz155240 }
5842393Syz155240 return 0;
5850Sstevel@tonic-gate }
5860Sstevel@tonic-gate
5870Sstevel@tonic-gate
ipooltestioctl(dev,cmd,data)5880Sstevel@tonic-gate int ipooltestioctl(dev, cmd, data)
5890Sstevel@tonic-gate dev_t dev;
5900Sstevel@tonic-gate ioctlcmd_t cmd;
5910Sstevel@tonic-gate void *data;
5920Sstevel@tonic-gate {
5930Sstevel@tonic-gate int i;
5940Sstevel@tonic-gate
5950Sstevel@tonic-gate i = iplioctl(IPL_LOGLOOKUP, cmd, data, FWRITE|FREAD);
5960Sstevel@tonic-gate if (opts & OPT_DEBUG)
5970Sstevel@tonic-gate fprintf(stderr, "iplioctl(POOL,%#x,%p) = %d\n", cmd, data, i);
5982393Syz155240 if (i != 0) {
5992393Syz155240 errno = i;
6002393Syz155240 return -1;
6012393Syz155240 }
6022393Syz155240 return 0;
6030Sstevel@tonic-gate }
6040Sstevel@tonic-gate #endif
6050Sstevel@tonic-gate
6060Sstevel@tonic-gate
kmemcpy(addr,offset,size)6070Sstevel@tonic-gate int kmemcpy(addr, offset, size)
6080Sstevel@tonic-gate char *addr;
6090Sstevel@tonic-gate long offset;
6100Sstevel@tonic-gate int size;
6110Sstevel@tonic-gate {
6120Sstevel@tonic-gate bcopy((char *)offset, addr, size);
6130Sstevel@tonic-gate return 0;
6140Sstevel@tonic-gate }
6150Sstevel@tonic-gate
6160Sstevel@tonic-gate
kstrncpy(buf,pos,n)6170Sstevel@tonic-gate int kstrncpy(buf, pos, n)
6180Sstevel@tonic-gate char *buf;
6190Sstevel@tonic-gate long pos;
6200Sstevel@tonic-gate int n;
6210Sstevel@tonic-gate {
6220Sstevel@tonic-gate char *ptr;
6230Sstevel@tonic-gate
6240Sstevel@tonic-gate ptr = (char *)pos;
6250Sstevel@tonic-gate
626637Sml37995 while ((n-- > 0) && (*buf++ = *ptr++))
6270Sstevel@tonic-gate ;
6280Sstevel@tonic-gate return 0;
6290Sstevel@tonic-gate }
6300Sstevel@tonic-gate
6310Sstevel@tonic-gate
6320Sstevel@tonic-gate /*
6330Sstevel@tonic-gate * Display the built up NAT table rules and mapping entries.
6340Sstevel@tonic-gate */
dumpnat(ifs)6353448Sdh155122 void dumpnat(ifs)
6363448Sdh155122 ipf_stack_t *ifs;
6370Sstevel@tonic-gate {
6380Sstevel@tonic-gate ipnat_t *ipn;
6390Sstevel@tonic-gate nat_t *nat;
6400Sstevel@tonic-gate
6410Sstevel@tonic-gate printf("List of active MAP/Redirect filters:\n");
6423448Sdh155122 for (ipn = ifs->ifs_nat_list; ipn != NULL; ipn = ipn->in_next)
6430Sstevel@tonic-gate printnat(ipn, opts & (OPT_DEBUG|OPT_VERBOSE));
6440Sstevel@tonic-gate printf("\nList of active sessions:\n");
6453448Sdh155122 for (nat = ifs->ifs_nat_instances; nat; nat = nat->nat_next) {
6463448Sdh155122 printactivenat(nat, opts, 0);
6472393Syz155240 if (nat->nat_aps)
6482393Syz155240 printaps(nat->nat_aps, opts);
6492393Syz155240 }
6500Sstevel@tonic-gate }
6510Sstevel@tonic-gate
6520Sstevel@tonic-gate
6530Sstevel@tonic-gate /*
6540Sstevel@tonic-gate * Display the built up state table rules and mapping entries.
6550Sstevel@tonic-gate */
dumpstate(ifs)6563448Sdh155122 void dumpstate(ifs)
6573448Sdh155122 ipf_stack_t *ifs;
6580Sstevel@tonic-gate {
6590Sstevel@tonic-gate ipstate_t *ips;
6600Sstevel@tonic-gate
6610Sstevel@tonic-gate printf("List of active state sessions:\n");
6623448Sdh155122 for (ips = ifs->ifs_ips_list; ips != NULL; )
6632393Syz155240 ips = printstate(ips, opts & (OPT_DEBUG|OPT_VERBOSE),
6643448Sdh155122 ifs->ifs_fr_ticks);
6650Sstevel@tonic-gate }
6660Sstevel@tonic-gate
6670Sstevel@tonic-gate
dumplookups(ifs)6683448Sdh155122 void dumplookups(ifs)
6693448Sdh155122 ipf_stack_t *ifs;
6700Sstevel@tonic-gate {
6710Sstevel@tonic-gate iphtable_t *iph;
6720Sstevel@tonic-gate ip_pool_t *ipl;
6730Sstevel@tonic-gate int i;
6740Sstevel@tonic-gate
6750Sstevel@tonic-gate printf("List of configured pools\n");
6760Sstevel@tonic-gate for (i = 0; i < IPL_LOGSIZE; i++)
6773448Sdh155122 for (ipl = ifs->ifs_ip_pool_list[i]; ipl != NULL;
6783448Sdh155122 ipl = ipl->ipo_next)
6792393Syz155240 printpool(ipl, bcopywrap, NULL, opts);
6800Sstevel@tonic-gate
6810Sstevel@tonic-gate printf("List of configured hash tables\n");
6820Sstevel@tonic-gate for (i = 0; i < IPL_LOGSIZE; i++)
6833448Sdh155122 for (iph = ifs->ifs_ipf_htables[i]; iph != NULL;
6843448Sdh155122 iph = iph->iph_next)
6852393Syz155240 printhash(iph, bcopywrap, NULL, opts);
6860Sstevel@tonic-gate }
6870Sstevel@tonic-gate
6880Sstevel@tonic-gate
dumpgroups(ifs)6893448Sdh155122 void dumpgroups(ifs)
6903448Sdh155122 ipf_stack_t *ifs;
6910Sstevel@tonic-gate {
6920Sstevel@tonic-gate frgroup_t *fg;
6930Sstevel@tonic-gate frentry_t *fr;
6940Sstevel@tonic-gate int i;
6950Sstevel@tonic-gate
6960Sstevel@tonic-gate printf("List of groups configured (set 0)\n");
6970Sstevel@tonic-gate for (i = 0; i < IPL_LOGSIZE; i++)
6983448Sdh155122 for (fg = ifs->ifs_ipfgroups[i][0]; fg != NULL;
6993448Sdh155122 fg = fg->fg_next) {
7000Sstevel@tonic-gate printf("Dev.%d. Group %s Ref %d Flags %#x\n",
7010Sstevel@tonic-gate i, fg->fg_name, fg->fg_ref, fg->fg_flags);
7020Sstevel@tonic-gate for (fr = fg->fg_start; fr != NULL; fr = fr->fr_next) {
7030Sstevel@tonic-gate #ifdef USE_QUAD_T
7040Sstevel@tonic-gate printf("%qu ",(unsigned long long)fr->fr_hits);
7050Sstevel@tonic-gate #else
7060Sstevel@tonic-gate printf("%ld ", fr->fr_hits);
7070Sstevel@tonic-gate #endif
7080Sstevel@tonic-gate printfr(fr, ipftestioctl);
7090Sstevel@tonic-gate }
7100Sstevel@tonic-gate }
7110Sstevel@tonic-gate
7120Sstevel@tonic-gate printf("List of groups configured (set 1)\n");
7130Sstevel@tonic-gate for (i = 0; i < IPL_LOGSIZE; i++)
7143448Sdh155122 for (fg = ifs->ifs_ipfgroups[i][1]; fg != NULL;
7153448Sdh155122 fg = fg->fg_next) {
7160Sstevel@tonic-gate printf("Dev.%d. Group %s Ref %d Flags %#x\n",
7170Sstevel@tonic-gate i, fg->fg_name, fg->fg_ref, fg->fg_flags);
7180Sstevel@tonic-gate for (fr = fg->fg_start; fr != NULL; fr = fr->fr_next) {
7190Sstevel@tonic-gate #ifdef USE_QUAD_T
7200Sstevel@tonic-gate printf("%qu ",(unsigned long long)fr->fr_hits);
7210Sstevel@tonic-gate #else
7220Sstevel@tonic-gate printf("%ld ", fr->fr_hits);
7230Sstevel@tonic-gate #endif
7240Sstevel@tonic-gate printfr(fr, ipftestioctl);
7250Sstevel@tonic-gate }
7260Sstevel@tonic-gate }
7270Sstevel@tonic-gate }
7280Sstevel@tonic-gate
7290Sstevel@tonic-gate
drain_log(filename,ifs)7303448Sdh155122 void drain_log(filename, ifs)
7310Sstevel@tonic-gate char *filename;
7323448Sdh155122 ipf_stack_t *ifs;
7330Sstevel@tonic-gate {
7340Sstevel@tonic-gate char buffer[DEFAULT_IPFLOGSIZE];
7350Sstevel@tonic-gate struct iovec iov;
7360Sstevel@tonic-gate struct uio uio;
7370Sstevel@tonic-gate size_t resid;
7382393Syz155240 int fd, i;
7390Sstevel@tonic-gate
7400Sstevel@tonic-gate fd = open(filename, O_CREAT|O_TRUNC|O_WRONLY, 0644);
7410Sstevel@tonic-gate if (fd == -1) {
7420Sstevel@tonic-gate perror("drain_log:open");
7430Sstevel@tonic-gate return;
7440Sstevel@tonic-gate }
7450Sstevel@tonic-gate
7462393Syz155240 for (i = 0; i <= IPL_LOGMAX; i++)
7472393Syz155240 while (1) {
7482393Syz155240 bzero((char *)&iov, sizeof(iov));
7492393Syz155240 iov.iov_base = buffer;
7502393Syz155240 iov.iov_len = sizeof(buffer);
7510Sstevel@tonic-gate
7522393Syz155240 bzero((char *)&uio, sizeof(uio));
7532393Syz155240 uio.uio_iov = &iov;
7542393Syz155240 uio.uio_iovcnt = 1;
7552393Syz155240 uio.uio_resid = iov.iov_len;
7562393Syz155240 resid = uio.uio_resid;
7570Sstevel@tonic-gate
7583448Sdh155122 if (ipflog_read(i, &uio, ifs) == 0) {
7592393Syz155240 /*
7602393Syz155240 * If nothing was read then break out.
7612393Syz155240 */
7622393Syz155240 if (uio.uio_resid == resid)
7632393Syz155240 break;
7642393Syz155240 write(fd, buffer, resid - uio.uio_resid);
7652393Syz155240 } else
7660Sstevel@tonic-gate break;
7670Sstevel@tonic-gate }
7680Sstevel@tonic-gate
7690Sstevel@tonic-gate close(fd);
7700Sstevel@tonic-gate }
7710Sstevel@tonic-gate
7720Sstevel@tonic-gate
fixv4sums(m,ip)7730Sstevel@tonic-gate void fixv4sums(m, ip)
7740Sstevel@tonic-gate mb_t *m;
7750Sstevel@tonic-gate ip_t *ip;
7760Sstevel@tonic-gate {
7770Sstevel@tonic-gate u_char *csump, *hdr;
7780Sstevel@tonic-gate
7790Sstevel@tonic-gate ip->ip_sum = 0;
7800Sstevel@tonic-gate ip->ip_sum = ipf_cksum((u_short *)ip, IP_HL(ip) << 2);
7810Sstevel@tonic-gate
7820Sstevel@tonic-gate csump = (u_char *)ip;
7830Sstevel@tonic-gate csump += IP_HL(ip) << 2;
7840Sstevel@tonic-gate
7850Sstevel@tonic-gate switch (ip->ip_p)
7860Sstevel@tonic-gate {
7870Sstevel@tonic-gate case IPPROTO_TCP :
7880Sstevel@tonic-gate hdr = csump;
7890Sstevel@tonic-gate csump += offsetof(tcphdr_t, th_sum);
7900Sstevel@tonic-gate break;
7910Sstevel@tonic-gate case IPPROTO_UDP :
7920Sstevel@tonic-gate hdr = csump;
7930Sstevel@tonic-gate csump += offsetof(udphdr_t, uh_sum);
7940Sstevel@tonic-gate break;
7950Sstevel@tonic-gate default :
7960Sstevel@tonic-gate csump = NULL;
7970Sstevel@tonic-gate hdr = NULL;
7980Sstevel@tonic-gate break;
7990Sstevel@tonic-gate }
8000Sstevel@tonic-gate if (hdr != NULL) {
8010Sstevel@tonic-gate *csump = 0;
8020Sstevel@tonic-gate *(u_short *)csump = fr_cksum(m, ip, ip->ip_p, hdr);
8030Sstevel@tonic-gate }
8040Sstevel@tonic-gate }
8053448Sdh155122
8063448Sdh155122 ipf_stack_t *gifs;
8073448Sdh155122
8083448Sdh155122 /*
8093448Sdh155122 * Allocate and keep pointer for get_ifs()
8103448Sdh155122 */
8113448Sdh155122 ipf_stack_t *
create_ifs()8123448Sdh155122 create_ifs()
8133448Sdh155122 {
8143448Sdh155122 ipf_stack_t *ifs;
8153448Sdh155122
8163448Sdh155122 KMALLOCS(ifs, ipf_stack_t *, sizeof (*ifs));
8173448Sdh155122 bzero(ifs, sizeof (*ifs));
8183448Sdh155122 gifs = ifs;
8193448Sdh155122 return (ifs);
8203448Sdh155122 }
8213448Sdh155122
8223448Sdh155122 ipf_stack_t *
get_ifs()8233448Sdh155122 get_ifs()
8243448Sdh155122 {
8253448Sdh155122 return (gifs);
8263448Sdh155122 }
827