10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * Copyright (C) 1993-2001 by Darren Reed. 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * See the IPFILTER.LICENCE file for details on licencing. 5637Sml37995 * 6*2393Syz155240 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 7637Sml37995 * Use is subject to license terms. 80Sstevel@tonic-gate */ 9637Sml37995 10637Sml37995 #pragma ident "%Z%%M% %I% %E% SMI" 11637Sml37995 120Sstevel@tonic-gate #include "ipf.h" 130Sstevel@tonic-gate #include "ipt.h" 140Sstevel@tonic-gate #include <sys/ioctl.h> 150Sstevel@tonic-gate #include <sys/file.h> 160Sstevel@tonic-gate 170Sstevel@tonic-gate #if !defined(lint) 180Sstevel@tonic-gate static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed"; 19*2393Syz155240 static const char rcsid[] = "@(#)$Id: ipftest.c,v 1.44.2.4 2005/07/16 06:05:28 darrenr Exp $"; 200Sstevel@tonic-gate #endif 210Sstevel@tonic-gate 220Sstevel@tonic-gate extern char *optarg; 230Sstevel@tonic-gate extern struct frentry *ipfilter[2][2]; 240Sstevel@tonic-gate extern struct ipread snoop, etherf, tcpd, pcap, iptext, iphex; 250Sstevel@tonic-gate extern struct ifnet *get_unit __P((char *, int)); 260Sstevel@tonic-gate extern void init_ifp __P((void)); 270Sstevel@tonic-gate extern ipnat_t *natparse __P((char *, int)); 280Sstevel@tonic-gate extern int fr_running; 290Sstevel@tonic-gate 300Sstevel@tonic-gate ipfmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_stinsert; 310Sstevel@tonic-gate ipfmutex_t ipf_nat_new, ipf_natio, ipf_timeoutlock; 32*2393Syz155240 ipfrwlock_t ipf_mutex, ipf_global, ipf_ipidfrag, ip_poolrw, ipf_frcache; 330Sstevel@tonic-gate ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; 340Sstevel@tonic-gate int opts = OPT_DONOTHING; 350Sstevel@tonic-gate int use_inet6 = 0; 360Sstevel@tonic-gate int pfil_delayed_copy = 0; 370Sstevel@tonic-gate int main __P((int, char *[])); 380Sstevel@tonic-gate int loadrules __P((char *, int)); 390Sstevel@tonic-gate int kmemcpy __P((char *, long, int)); 400Sstevel@tonic-gate int kstrncpy __P((char *, long, int n)); 410Sstevel@tonic-gate void dumpnat __P((void)); 420Sstevel@tonic-gate void dumpstate __P((void)); 430Sstevel@tonic-gate void dumplookups __P((void)); 440Sstevel@tonic-gate void dumpgroups __P((void)); 450Sstevel@tonic-gate void drain_log __P((char *)); 460Sstevel@tonic-gate void fixv4sums __P((mb_t *, ip_t *)); 470Sstevel@tonic-gate 480Sstevel@tonic-gate #if defined(__NetBSD__) || defined(__OpenBSD__) || SOLARIS || \ 490Sstevel@tonic-gate (_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000) || \ 50*2393Syz155240 defined(__osf__) || defined(linux) 510Sstevel@tonic-gate int ipftestioctl __P((int, ioctlcmd_t, ...)); 520Sstevel@tonic-gate int ipnattestioctl __P((int, ioctlcmd_t, ...)); 530Sstevel@tonic-gate int ipstatetestioctl __P((int, ioctlcmd_t, ...)); 540Sstevel@tonic-gate int ipauthtestioctl __P((int, ioctlcmd_t, ...)); 550Sstevel@tonic-gate int ipscantestioctl __P((int, ioctlcmd_t, ...)); 560Sstevel@tonic-gate int ipsynctestioctl __P((int, ioctlcmd_t, ...)); 570Sstevel@tonic-gate int ipooltestioctl __P((int, ioctlcmd_t, ...)); 580Sstevel@tonic-gate #else 590Sstevel@tonic-gate int ipftestioctl __P((dev_t, ioctlcmd_t, void *)); 600Sstevel@tonic-gate int ipnattestioctl __P((dev_t, ioctlcmd_t, void *)); 610Sstevel@tonic-gate int ipstatetestioctl __P((dev_t, ioctlcmd_t, void *)); 620Sstevel@tonic-gate int ipauthtestioctl __P((dev_t, ioctlcmd_t, void *)); 630Sstevel@tonic-gate int ipsynctestioctl __P((dev_t, ioctlcmd_t, void *)); 640Sstevel@tonic-gate int ipscantestioctl __P((dev_t, ioctlcmd_t, void *)); 650Sstevel@tonic-gate int ipooltestioctl __P((dev_t, ioctlcmd_t, void *)); 660Sstevel@tonic-gate #endif 670Sstevel@tonic-gate 680Sstevel@tonic-gate static ioctlfunc_t iocfunctions[IPL_LOGSIZE] = { ipftestioctl, 690Sstevel@tonic-gate ipnattestioctl, 700Sstevel@tonic-gate ipstatetestioctl, 710Sstevel@tonic-gate ipauthtestioctl, 720Sstevel@tonic-gate ipsynctestioctl, 730Sstevel@tonic-gate ipscantestioctl, 740Sstevel@tonic-gate ipooltestioctl, 750Sstevel@tonic-gate NULL }; 760Sstevel@tonic-gate 770Sstevel@tonic-gate 780Sstevel@tonic-gate int main(argc,argv) 790Sstevel@tonic-gate int argc; 800Sstevel@tonic-gate char *argv[]; 810Sstevel@tonic-gate { 820Sstevel@tonic-gate char *datain, *iface, *ifname, *logout; 830Sstevel@tonic-gate int fd, i, dir, c, loaded, dump, hlen; 840Sstevel@tonic-gate struct ifnet *ifp; 850Sstevel@tonic-gate struct ipread *r; 860Sstevel@tonic-gate mb_t mb, *m; 870Sstevel@tonic-gate ip_t *ip; 880Sstevel@tonic-gate 890Sstevel@tonic-gate m = &mb; 900Sstevel@tonic-gate dir = 0; 910Sstevel@tonic-gate dump = 0; 920Sstevel@tonic-gate hlen = 0; 930Sstevel@tonic-gate loaded = 0; 940Sstevel@tonic-gate r = &iptext; 950Sstevel@tonic-gate iface = NULL; 960Sstevel@tonic-gate logout = NULL; 970Sstevel@tonic-gate ifname = "anon0"; 980Sstevel@tonic-gate datain = NULL; 990Sstevel@tonic-gate 1000Sstevel@tonic-gate MUTEX_INIT(&ipf_rw, "ipf rw mutex"); 1010Sstevel@tonic-gate MUTEX_INIT(&ipf_timeoutlock, "ipf timeout lock"); 1020Sstevel@tonic-gate RWLOCK_INIT(&ipf_global, "ipf filter load/unload mutex"); 1030Sstevel@tonic-gate RWLOCK_INIT(&ipf_mutex, "ipf filter rwlock"); 104*2393Syz155240 RWLOCK_INIT(&ipf_frcache, "ipf cache rwlock"); 1050Sstevel@tonic-gate RWLOCK_INIT(&ipf_ipidfrag, "ipf IP NAT-Frag rwlock"); 1060Sstevel@tonic-gate 1070Sstevel@tonic-gate initparse(); 108*2393Syz155240 if (fr_initialise() == -1) 109*2393Syz155240 abort(); 1100Sstevel@tonic-gate fr_running = 1; 1110Sstevel@tonic-gate 112*2393Syz155240 while ((c = getopt(argc, argv, "6bdDF:i:I:l:N:P:or:RT:vxX")) != -1) 1130Sstevel@tonic-gate switch (c) 1140Sstevel@tonic-gate { 1150Sstevel@tonic-gate case '6' : 1160Sstevel@tonic-gate #ifdef USE_INET6 1170Sstevel@tonic-gate use_inet6 = 1; 1180Sstevel@tonic-gate #else 1190Sstevel@tonic-gate fprintf(stderr, "IPv6 not supported\n"); 1200Sstevel@tonic-gate exit(1); 1210Sstevel@tonic-gate #endif 1220Sstevel@tonic-gate break; 1230Sstevel@tonic-gate case 'b' : 1240Sstevel@tonic-gate opts |= OPT_BRIEF; 1250Sstevel@tonic-gate break; 1260Sstevel@tonic-gate case 'd' : 1270Sstevel@tonic-gate opts |= OPT_DEBUG; 1280Sstevel@tonic-gate break; 1290Sstevel@tonic-gate case 'D' : 1300Sstevel@tonic-gate dump = 1; 1310Sstevel@tonic-gate break; 1320Sstevel@tonic-gate case 'F' : 1330Sstevel@tonic-gate if (strcasecmp(optarg, "pcap") == 0) 1340Sstevel@tonic-gate r = &pcap; 1350Sstevel@tonic-gate else if (strcasecmp(optarg, "etherfind") == 0) 1360Sstevel@tonic-gate r = ðerf; 1370Sstevel@tonic-gate else if (strcasecmp(optarg, "snoop") == 0) 1380Sstevel@tonic-gate r = &snoop; 1390Sstevel@tonic-gate else if (strcasecmp(optarg, "tcpdump") == 0) 1400Sstevel@tonic-gate r = &tcpd; 1410Sstevel@tonic-gate else if (strcasecmp(optarg, "hex") == 0) 1420Sstevel@tonic-gate r = &iphex; 1430Sstevel@tonic-gate else if (strcasecmp(optarg, "text") == 0) 1440Sstevel@tonic-gate r = &iptext; 1450Sstevel@tonic-gate break; 1460Sstevel@tonic-gate case 'i' : 1470Sstevel@tonic-gate datain = optarg; 1480Sstevel@tonic-gate break; 1490Sstevel@tonic-gate case 'I' : 1500Sstevel@tonic-gate ifname = optarg; 1510Sstevel@tonic-gate break; 1520Sstevel@tonic-gate case 'l' : 1530Sstevel@tonic-gate logout = optarg; 1540Sstevel@tonic-gate break; 1550Sstevel@tonic-gate case 'o' : 1560Sstevel@tonic-gate opts |= OPT_SAVEOUT; 1570Sstevel@tonic-gate break; 1580Sstevel@tonic-gate case 'r' : 1590Sstevel@tonic-gate if (ipf_parsefile(-1, ipf_addrule, iocfunctions, 1600Sstevel@tonic-gate optarg) == -1) 1610Sstevel@tonic-gate return -1; 1620Sstevel@tonic-gate loaded = 1; 1630Sstevel@tonic-gate break; 164*2393Syz155240 case 'R' : 165*2393Syz155240 opts |= OPT_NORESOLVE; 166*2393Syz155240 break; 1670Sstevel@tonic-gate case 'v' : 1680Sstevel@tonic-gate opts |= OPT_VERBOSE; 1690Sstevel@tonic-gate break; 1700Sstevel@tonic-gate case 'N' : 1710Sstevel@tonic-gate if (ipnat_parsefile(-1, ipnat_addrule, ipnattestioctl, 1720Sstevel@tonic-gate optarg) == -1) 1730Sstevel@tonic-gate return -1; 1740Sstevel@tonic-gate loaded = 1; 1750Sstevel@tonic-gate opts |= OPT_NAT; 1760Sstevel@tonic-gate break; 1770Sstevel@tonic-gate case 'P' : 1780Sstevel@tonic-gate if (ippool_parsefile(-1, optarg, ipooltestioctl) == -1) 1790Sstevel@tonic-gate return -1; 1800Sstevel@tonic-gate loaded = 1; 1810Sstevel@tonic-gate break; 182*2393Syz155240 case 'T' : 183*2393Syz155240 ipf_dotuning(-1, optarg, ipftestioctl); 184*2393Syz155240 break; 1850Sstevel@tonic-gate case 'x' : 1860Sstevel@tonic-gate opts |= OPT_HEX; 1870Sstevel@tonic-gate break; 1880Sstevel@tonic-gate } 1890Sstevel@tonic-gate 1900Sstevel@tonic-gate if (loaded == 0) { 1910Sstevel@tonic-gate (void)fprintf(stderr,"no rules loaded\n"); 1920Sstevel@tonic-gate exit(-1); 1930Sstevel@tonic-gate } 1940Sstevel@tonic-gate 1950Sstevel@tonic-gate if (opts & OPT_SAVEOUT) 1960Sstevel@tonic-gate init_ifp(); 1970Sstevel@tonic-gate 1980Sstevel@tonic-gate if (datain) 1990Sstevel@tonic-gate fd = (*r->r_open)(datain); 2000Sstevel@tonic-gate else 2010Sstevel@tonic-gate fd = (*r->r_open)("-"); 2020Sstevel@tonic-gate 2030Sstevel@tonic-gate if (fd < 0) 2040Sstevel@tonic-gate exit(-1); 2050Sstevel@tonic-gate 2060Sstevel@tonic-gate ip = MTOD(m, ip_t *); 2070Sstevel@tonic-gate while ((i = (*r->r_readip)(MTOD(m, char *), sizeof(m->mb_buf), 2080Sstevel@tonic-gate &iface, &dir)) > 0) { 2090Sstevel@tonic-gate if (iface == NULL || *iface == '\0') 2100Sstevel@tonic-gate iface = ifname; 2110Sstevel@tonic-gate ifp = get_unit(iface, IP_V(ip)); 2121448Sschuster if (ifp == NULL) { 2131448Sschuster fprintf(stderr, "out of memory\n"); 2141448Sschuster exit(1); 2151448Sschuster } 2160Sstevel@tonic-gate if (!use_inet6) { 2170Sstevel@tonic-gate ip->ip_off = ntohs(ip->ip_off); 2180Sstevel@tonic-gate ip->ip_len = ntohs(ip->ip_len); 2190Sstevel@tonic-gate if (r->r_flags & R_DO_CKSUM) 2200Sstevel@tonic-gate fixv4sums(m, ip); 2210Sstevel@tonic-gate hlen = IP_HL(ip) << 2; 2220Sstevel@tonic-gate } 2230Sstevel@tonic-gate #ifdef USE_INET6 2240Sstevel@tonic-gate else 2250Sstevel@tonic-gate hlen = sizeof(ip6_t); 2260Sstevel@tonic-gate #endif 2270Sstevel@tonic-gate /* ipfr_slowtimer(); */ 2280Sstevel@tonic-gate m = &mb; 2290Sstevel@tonic-gate m->mb_len = i; 2300Sstevel@tonic-gate i = fr_check(ip, hlen, ifp, dir, &m); 2310Sstevel@tonic-gate if ((opts & OPT_NAT) == 0) 2320Sstevel@tonic-gate switch (i) 2330Sstevel@tonic-gate { 2340Sstevel@tonic-gate case -4 : 2350Sstevel@tonic-gate (void)printf("preauth"); 2360Sstevel@tonic-gate break; 2370Sstevel@tonic-gate case -3 : 2380Sstevel@tonic-gate (void)printf("account"); 2390Sstevel@tonic-gate break; 2400Sstevel@tonic-gate case -2 : 2410Sstevel@tonic-gate (void)printf("auth"); 2420Sstevel@tonic-gate break; 2430Sstevel@tonic-gate case -1 : 2440Sstevel@tonic-gate (void)printf("block"); 2450Sstevel@tonic-gate break; 2460Sstevel@tonic-gate case 0 : 2470Sstevel@tonic-gate (void)printf("pass"); 2480Sstevel@tonic-gate break; 2490Sstevel@tonic-gate case 1 : 2500Sstevel@tonic-gate (void)printf("nomatch"); 2510Sstevel@tonic-gate break; 2520Sstevel@tonic-gate case 3 : 2530Sstevel@tonic-gate (void)printf("block return-rst"); 2540Sstevel@tonic-gate break; 2550Sstevel@tonic-gate case 4 : 2560Sstevel@tonic-gate (void)printf("block return-icmp"); 2570Sstevel@tonic-gate break; 2580Sstevel@tonic-gate case 5 : 2590Sstevel@tonic-gate (void)printf("block return-icmp-as-dest"); 2600Sstevel@tonic-gate break; 2610Sstevel@tonic-gate default : 2620Sstevel@tonic-gate (void)printf("recognised return %#x\n", i); 2630Sstevel@tonic-gate break; 2640Sstevel@tonic-gate } 2650Sstevel@tonic-gate if (!use_inet6) { 2660Sstevel@tonic-gate ip->ip_off = htons(ip->ip_off); 2670Sstevel@tonic-gate ip->ip_len = htons(ip->ip_len); 2680Sstevel@tonic-gate } 2690Sstevel@tonic-gate 2700Sstevel@tonic-gate if (!(opts & OPT_BRIEF)) { 2710Sstevel@tonic-gate putchar(' '); 2720Sstevel@tonic-gate printpacket(ip); 2730Sstevel@tonic-gate printf("--------------"); 2740Sstevel@tonic-gate } else if ((opts & (OPT_BRIEF|OPT_NAT)) == (OPT_NAT|OPT_BRIEF)) 2750Sstevel@tonic-gate printpacket(ip); 2760Sstevel@tonic-gate if (dir && (ifp != NULL) && IP_V(ip) && (m != NULL)) 277*2393Syz155240 #if defined(__sgi) && (IRIX < 60500) 2780Sstevel@tonic-gate (*ifp->if_output)(ifp, (void *)m, NULL); 2790Sstevel@tonic-gate #else 2800Sstevel@tonic-gate # if TRU64 >= 1885 2810Sstevel@tonic-gate (*ifp->if_output)(ifp, (void *)m, NULL, 0, 0); 2820Sstevel@tonic-gate # else 2830Sstevel@tonic-gate (*ifp->if_output)(ifp, (void *)m, NULL, 0); 2840Sstevel@tonic-gate # endif 2850Sstevel@tonic-gate #endif 2860Sstevel@tonic-gate if ((opts & (OPT_BRIEF|OPT_NAT)) != (OPT_NAT|OPT_BRIEF)) 2870Sstevel@tonic-gate putchar('\n'); 2880Sstevel@tonic-gate dir = 0; 2890Sstevel@tonic-gate if (iface != ifname) { 2900Sstevel@tonic-gate free(iface); 2910Sstevel@tonic-gate iface = ifname; 2920Sstevel@tonic-gate } 2930Sstevel@tonic-gate m = &mb; 2940Sstevel@tonic-gate } 2950Sstevel@tonic-gate (*r->r_close)(); 2960Sstevel@tonic-gate 2970Sstevel@tonic-gate if (logout != NULL) { 2980Sstevel@tonic-gate drain_log(logout); 2990Sstevel@tonic-gate } 3000Sstevel@tonic-gate 3010Sstevel@tonic-gate if (dump == 1) { 3020Sstevel@tonic-gate dumpnat(); 3030Sstevel@tonic-gate dumpstate(); 3040Sstevel@tonic-gate dumplookups(); 3050Sstevel@tonic-gate dumpgroups(); 3060Sstevel@tonic-gate } 3070Sstevel@tonic-gate 308*2393Syz155240 fr_deinitialise(); 3090Sstevel@tonic-gate 3100Sstevel@tonic-gate return 0; 3110Sstevel@tonic-gate } 3120Sstevel@tonic-gate 3130Sstevel@tonic-gate 3140Sstevel@tonic-gate #if defined(__NetBSD__) || defined(__OpenBSD__) || SOLARIS || \ 3150Sstevel@tonic-gate (_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000) || \ 316*2393Syz155240 defined(__osf__) || defined(linux) 3170Sstevel@tonic-gate int ipftestioctl(int dev, ioctlcmd_t cmd, ...) 3180Sstevel@tonic-gate { 3190Sstevel@tonic-gate caddr_t data; 3200Sstevel@tonic-gate va_list ap; 3210Sstevel@tonic-gate int i; 3220Sstevel@tonic-gate 3230Sstevel@tonic-gate va_start(ap, cmd); 3240Sstevel@tonic-gate data = va_arg(ap, caddr_t); 3250Sstevel@tonic-gate va_end(ap); 3260Sstevel@tonic-gate 3270Sstevel@tonic-gate i = iplioctl(IPL_LOGIPF, cmd, data, FWRITE|FREAD); 3280Sstevel@tonic-gate if (opts & OPT_DEBUG) 3290Sstevel@tonic-gate fprintf(stderr, "iplioctl(IPF,%#x,%p) = %d\n", 3300Sstevel@tonic-gate (u_int)cmd, data, i); 331*2393Syz155240 if (i != 0) { 332*2393Syz155240 errno = i; 333*2393Syz155240 return -1; 334*2393Syz155240 } 335*2393Syz155240 return 0; 3360Sstevel@tonic-gate } 3370Sstevel@tonic-gate 3380Sstevel@tonic-gate 3390Sstevel@tonic-gate int ipnattestioctl(int dev, ioctlcmd_t cmd, ...) 3400Sstevel@tonic-gate { 3410Sstevel@tonic-gate caddr_t data; 3420Sstevel@tonic-gate va_list ap; 3430Sstevel@tonic-gate int i; 3440Sstevel@tonic-gate 3450Sstevel@tonic-gate va_start(ap, cmd); 3460Sstevel@tonic-gate data = va_arg(ap, caddr_t); 3470Sstevel@tonic-gate va_end(ap); 3480Sstevel@tonic-gate 3490Sstevel@tonic-gate i = iplioctl(IPL_LOGNAT, cmd, data, FWRITE|FREAD); 3500Sstevel@tonic-gate if (opts & OPT_DEBUG) 3510Sstevel@tonic-gate fprintf(stderr, "iplioctl(NAT,%#x,%p) = %d\n", 3520Sstevel@tonic-gate (u_int)cmd, data, i); 353*2393Syz155240 if (i != 0) { 354*2393Syz155240 errno = i; 355*2393Syz155240 return -1; 356*2393Syz155240 } 357*2393Syz155240 return 0; 3580Sstevel@tonic-gate } 3590Sstevel@tonic-gate 3600Sstevel@tonic-gate 3610Sstevel@tonic-gate int ipstatetestioctl(int dev, ioctlcmd_t cmd, ...) 3620Sstevel@tonic-gate { 3630Sstevel@tonic-gate caddr_t data; 3640Sstevel@tonic-gate va_list ap; 3650Sstevel@tonic-gate int i; 3660Sstevel@tonic-gate 3670Sstevel@tonic-gate va_start(ap, cmd); 3680Sstevel@tonic-gate data = va_arg(ap, caddr_t); 3690Sstevel@tonic-gate va_end(ap); 3700Sstevel@tonic-gate 3710Sstevel@tonic-gate i = iplioctl(IPL_LOGSTATE, cmd, data, FWRITE|FREAD); 3720Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 3730Sstevel@tonic-gate fprintf(stderr, "iplioctl(STATE,%#x,%p) = %d\n", 3740Sstevel@tonic-gate (u_int)cmd, data, i); 375*2393Syz155240 if (i != 0) { 376*2393Syz155240 errno = i; 377*2393Syz155240 return -1; 378*2393Syz155240 } 379*2393Syz155240 return 0; 3800Sstevel@tonic-gate } 3810Sstevel@tonic-gate 3820Sstevel@tonic-gate 3830Sstevel@tonic-gate int ipauthtestioctl(int dev, ioctlcmd_t cmd, ...) 3840Sstevel@tonic-gate { 3850Sstevel@tonic-gate caddr_t data; 3860Sstevel@tonic-gate va_list ap; 3870Sstevel@tonic-gate int i; 3880Sstevel@tonic-gate 3890Sstevel@tonic-gate va_start(ap, cmd); 3900Sstevel@tonic-gate data = va_arg(ap, caddr_t); 3910Sstevel@tonic-gate va_end(ap); 3920Sstevel@tonic-gate 3930Sstevel@tonic-gate i = iplioctl(IPL_LOGAUTH, cmd, data, FWRITE|FREAD); 3940Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 3950Sstevel@tonic-gate fprintf(stderr, "iplioctl(AUTH,%#x,%p) = %d\n", 3960Sstevel@tonic-gate (u_int)cmd, data, i); 397*2393Syz155240 if (i != 0) { 398*2393Syz155240 errno = i; 399*2393Syz155240 return -1; 400*2393Syz155240 } 401*2393Syz155240 return 0; 4020Sstevel@tonic-gate } 4030Sstevel@tonic-gate 4040Sstevel@tonic-gate 4050Sstevel@tonic-gate int ipscantestioctl(int dev, ioctlcmd_t cmd, ...) 4060Sstevel@tonic-gate { 4070Sstevel@tonic-gate caddr_t data; 4080Sstevel@tonic-gate va_list ap; 4090Sstevel@tonic-gate int i; 4100Sstevel@tonic-gate 4110Sstevel@tonic-gate va_start(ap, cmd); 4120Sstevel@tonic-gate data = va_arg(ap, caddr_t); 4130Sstevel@tonic-gate va_end(ap); 4140Sstevel@tonic-gate 4150Sstevel@tonic-gate i = iplioctl(IPL_LOGSCAN, cmd, data, FWRITE|FREAD); 4160Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 4170Sstevel@tonic-gate fprintf(stderr, "iplioctl(SCAN,%#x,%p) = %d\n", 4180Sstevel@tonic-gate (u_int)cmd, data, i); 419*2393Syz155240 if (i != 0) { 420*2393Syz155240 errno = i; 421*2393Syz155240 return -1; 422*2393Syz155240 } 423*2393Syz155240 return 0; 4240Sstevel@tonic-gate } 4250Sstevel@tonic-gate 4260Sstevel@tonic-gate 4270Sstevel@tonic-gate int ipsynctestioctl(int dev, ioctlcmd_t cmd, ...) 4280Sstevel@tonic-gate { 4290Sstevel@tonic-gate caddr_t data; 4300Sstevel@tonic-gate va_list ap; 4310Sstevel@tonic-gate int i; 4320Sstevel@tonic-gate 4330Sstevel@tonic-gate va_start(ap, cmd); 4340Sstevel@tonic-gate data = va_arg(ap, caddr_t); 4350Sstevel@tonic-gate va_end(ap); 4360Sstevel@tonic-gate 4370Sstevel@tonic-gate i = iplioctl(IPL_LOGSYNC, cmd, data, FWRITE|FREAD); 4380Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 4390Sstevel@tonic-gate fprintf(stderr, "iplioctl(SYNC,%#x,%p) = %d\n", 4400Sstevel@tonic-gate (u_int)cmd, data, i); 441*2393Syz155240 if (i != 0) { 442*2393Syz155240 errno = i; 443*2393Syz155240 return -1; 444*2393Syz155240 } 445*2393Syz155240 return 0; 4460Sstevel@tonic-gate } 4470Sstevel@tonic-gate 4480Sstevel@tonic-gate 4490Sstevel@tonic-gate int ipooltestioctl(int dev, ioctlcmd_t cmd, ...) 4500Sstevel@tonic-gate { 4510Sstevel@tonic-gate caddr_t data; 4520Sstevel@tonic-gate va_list ap; 4530Sstevel@tonic-gate int i; 4540Sstevel@tonic-gate 4550Sstevel@tonic-gate va_start(ap, cmd); 4560Sstevel@tonic-gate data = va_arg(ap, caddr_t); 4570Sstevel@tonic-gate va_end(ap); 4580Sstevel@tonic-gate 4590Sstevel@tonic-gate i = iplioctl(IPL_LOGLOOKUP, cmd, data, FWRITE|FREAD); 4600Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 4610Sstevel@tonic-gate fprintf(stderr, "iplioctl(POOL,%#x,%p) = %d\n", 4620Sstevel@tonic-gate (u_int)cmd, data, i); 463*2393Syz155240 if (i != 0) { 464*2393Syz155240 errno = i; 465*2393Syz155240 return -1; 466*2393Syz155240 } 467*2393Syz155240 return 0; 4680Sstevel@tonic-gate } 4690Sstevel@tonic-gate #else 4700Sstevel@tonic-gate int ipftestioctl(dev, cmd, data) 4710Sstevel@tonic-gate dev_t dev; 4720Sstevel@tonic-gate ioctlcmd_t cmd; 4730Sstevel@tonic-gate void *data; 4740Sstevel@tonic-gate { 4750Sstevel@tonic-gate int i; 4760Sstevel@tonic-gate 4770Sstevel@tonic-gate i = iplioctl(IPL_LOGIPF, cmd, data, FWRITE|FREAD); 4780Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 4790Sstevel@tonic-gate fprintf(stderr, "iplioctl(IPF,%#x,%p) = %d\n", cmd, data, i); 480*2393Syz155240 if (i != 0) { 481*2393Syz155240 errno = i; 482*2393Syz155240 return -1; 483*2393Syz155240 } 484*2393Syz155240 return 0; 4850Sstevel@tonic-gate } 4860Sstevel@tonic-gate 4870Sstevel@tonic-gate 4880Sstevel@tonic-gate int ipnattestioctl(dev, cmd, data) 4890Sstevel@tonic-gate dev_t dev; 4900Sstevel@tonic-gate ioctlcmd_t cmd; 4910Sstevel@tonic-gate void *data; 4920Sstevel@tonic-gate { 4930Sstevel@tonic-gate int i; 4940Sstevel@tonic-gate 4950Sstevel@tonic-gate i = iplioctl(IPL_LOGNAT, cmd, data, FWRITE|FREAD); 4960Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 4970Sstevel@tonic-gate fprintf(stderr, "iplioctl(NAT,%#x,%p) = %d\n", cmd, data, i); 498*2393Syz155240 if (i != 0) { 499*2393Syz155240 errno = i; 500*2393Syz155240 return -1; 501*2393Syz155240 } 502*2393Syz155240 return 0; 5030Sstevel@tonic-gate } 5040Sstevel@tonic-gate 5050Sstevel@tonic-gate 5060Sstevel@tonic-gate int ipstatetestioctl(dev, cmd, data) 5070Sstevel@tonic-gate dev_t dev; 5080Sstevel@tonic-gate ioctlcmd_t cmd; 5090Sstevel@tonic-gate void *data; 5100Sstevel@tonic-gate { 5110Sstevel@tonic-gate int i; 5120Sstevel@tonic-gate 5130Sstevel@tonic-gate i = iplioctl(IPL_LOGSTATE, cmd, data, FWRITE|FREAD); 5140Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 5150Sstevel@tonic-gate fprintf(stderr, "iplioctl(STATE,%#x,%p) = %d\n", cmd, data, i); 516*2393Syz155240 if (i != 0) { 517*2393Syz155240 errno = i; 518*2393Syz155240 return -1; 519*2393Syz155240 } 520*2393Syz155240 return 0; 5210Sstevel@tonic-gate } 5220Sstevel@tonic-gate 5230Sstevel@tonic-gate 5240Sstevel@tonic-gate int ipauthtestioctl(dev, cmd, data) 5250Sstevel@tonic-gate dev_t dev; 5260Sstevel@tonic-gate ioctlcmd_t cmd; 5270Sstevel@tonic-gate void *data; 5280Sstevel@tonic-gate { 5290Sstevel@tonic-gate int i; 5300Sstevel@tonic-gate 5310Sstevel@tonic-gate i = iplioctl(IPL_LOGAUTH, cmd, data, FWRITE|FREAD); 5320Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 5330Sstevel@tonic-gate fprintf(stderr, "iplioctl(AUTH,%#x,%p) = %d\n", cmd, data, i); 534*2393Syz155240 if (i != 0) { 535*2393Syz155240 errno = i; 536*2393Syz155240 return -1; 537*2393Syz155240 } 538*2393Syz155240 return 0; 5390Sstevel@tonic-gate } 5400Sstevel@tonic-gate 5410Sstevel@tonic-gate 5420Sstevel@tonic-gate int ipsynctestioctl(dev, cmd, data) 5430Sstevel@tonic-gate dev_t dev; 5440Sstevel@tonic-gate ioctlcmd_t cmd; 5450Sstevel@tonic-gate void *data; 5460Sstevel@tonic-gate { 5470Sstevel@tonic-gate int i; 5480Sstevel@tonic-gate 5490Sstevel@tonic-gate i = iplioctl(IPL_LOGSYNC, cmd, data, FWRITE|FREAD); 5500Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 5510Sstevel@tonic-gate fprintf(stderr, "iplioctl(SYNC,%#x,%p) = %d\n", cmd, data, i); 552*2393Syz155240 if (i != 0) { 553*2393Syz155240 errno = i; 554*2393Syz155240 return -1; 555*2393Syz155240 } 556*2393Syz155240 return 0; 5570Sstevel@tonic-gate } 5580Sstevel@tonic-gate 5590Sstevel@tonic-gate 5600Sstevel@tonic-gate int ipscantestioctl(dev, cmd, data) 5610Sstevel@tonic-gate dev_t dev; 5620Sstevel@tonic-gate ioctlcmd_t cmd; 5630Sstevel@tonic-gate void *data; 5640Sstevel@tonic-gate { 5650Sstevel@tonic-gate int i; 5660Sstevel@tonic-gate 5670Sstevel@tonic-gate i = iplioctl(IPL_LOGSCAN, cmd, data, FWRITE|FREAD); 5680Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 5690Sstevel@tonic-gate fprintf(stderr, "iplioctl(SCAN,%#x,%p) = %d\n", cmd, data, i); 570*2393Syz155240 if (i != 0) { 571*2393Syz155240 errno = i; 572*2393Syz155240 return -1; 573*2393Syz155240 } 574*2393Syz155240 return 0; 5750Sstevel@tonic-gate } 5760Sstevel@tonic-gate 5770Sstevel@tonic-gate 5780Sstevel@tonic-gate int ipooltestioctl(dev, cmd, data) 5790Sstevel@tonic-gate dev_t dev; 5800Sstevel@tonic-gate ioctlcmd_t cmd; 5810Sstevel@tonic-gate void *data; 5820Sstevel@tonic-gate { 5830Sstevel@tonic-gate int i; 5840Sstevel@tonic-gate 5850Sstevel@tonic-gate i = iplioctl(IPL_LOGLOOKUP, cmd, data, FWRITE|FREAD); 5860Sstevel@tonic-gate if (opts & OPT_DEBUG) 5870Sstevel@tonic-gate fprintf(stderr, "iplioctl(POOL,%#x,%p) = %d\n", cmd, data, i); 588*2393Syz155240 if (i != 0) { 589*2393Syz155240 errno = i; 590*2393Syz155240 return -1; 591*2393Syz155240 } 592*2393Syz155240 return 0; 5930Sstevel@tonic-gate } 5940Sstevel@tonic-gate #endif 5950Sstevel@tonic-gate 5960Sstevel@tonic-gate 5970Sstevel@tonic-gate int kmemcpy(addr, offset, size) 5980Sstevel@tonic-gate char *addr; 5990Sstevel@tonic-gate long offset; 6000Sstevel@tonic-gate int size; 6010Sstevel@tonic-gate { 6020Sstevel@tonic-gate bcopy((char *)offset, addr, size); 6030Sstevel@tonic-gate return 0; 6040Sstevel@tonic-gate } 6050Sstevel@tonic-gate 6060Sstevel@tonic-gate 6070Sstevel@tonic-gate int kstrncpy(buf, pos, n) 6080Sstevel@tonic-gate char *buf; 6090Sstevel@tonic-gate long pos; 6100Sstevel@tonic-gate int n; 6110Sstevel@tonic-gate { 6120Sstevel@tonic-gate char *ptr; 6130Sstevel@tonic-gate 6140Sstevel@tonic-gate ptr = (char *)pos; 6150Sstevel@tonic-gate 616637Sml37995 while ((n-- > 0) && (*buf++ = *ptr++)) 6170Sstevel@tonic-gate ; 6180Sstevel@tonic-gate return 0; 6190Sstevel@tonic-gate } 6200Sstevel@tonic-gate 6210Sstevel@tonic-gate 6220Sstevel@tonic-gate /* 6230Sstevel@tonic-gate * Display the built up NAT table rules and mapping entries. 6240Sstevel@tonic-gate */ 6250Sstevel@tonic-gate void dumpnat() 6260Sstevel@tonic-gate { 6270Sstevel@tonic-gate ipnat_t *ipn; 6280Sstevel@tonic-gate nat_t *nat; 6290Sstevel@tonic-gate 6300Sstevel@tonic-gate printf("List of active MAP/Redirect filters:\n"); 6310Sstevel@tonic-gate for (ipn = nat_list; ipn != NULL; ipn = ipn->in_next) 6320Sstevel@tonic-gate printnat(ipn, opts & (OPT_DEBUG|OPT_VERBOSE)); 6330Sstevel@tonic-gate printf("\nList of active sessions:\n"); 634*2393Syz155240 for (nat = nat_instances; nat; nat = nat->nat_next) { 6350Sstevel@tonic-gate printactivenat(nat, opts); 636*2393Syz155240 if (nat->nat_aps) 637*2393Syz155240 printaps(nat->nat_aps, opts); 638*2393Syz155240 } 6390Sstevel@tonic-gate } 6400Sstevel@tonic-gate 6410Sstevel@tonic-gate 6420Sstevel@tonic-gate /* 6430Sstevel@tonic-gate * Display the built up state table rules and mapping entries. 6440Sstevel@tonic-gate */ 6450Sstevel@tonic-gate void dumpstate() 6460Sstevel@tonic-gate { 6470Sstevel@tonic-gate ipstate_t *ips; 6480Sstevel@tonic-gate 6490Sstevel@tonic-gate printf("List of active state sessions:\n"); 6500Sstevel@tonic-gate for (ips = ips_list; ips != NULL; ) 651*2393Syz155240 ips = printstate(ips, opts & (OPT_DEBUG|OPT_VERBOSE), 652*2393Syz155240 fr_ticks); 6530Sstevel@tonic-gate } 6540Sstevel@tonic-gate 6550Sstevel@tonic-gate 6560Sstevel@tonic-gate void dumplookups() 6570Sstevel@tonic-gate { 6580Sstevel@tonic-gate iphtable_t *iph; 6590Sstevel@tonic-gate ip_pool_t *ipl; 6600Sstevel@tonic-gate int i; 6610Sstevel@tonic-gate 6620Sstevel@tonic-gate printf("List of configured pools\n"); 6630Sstevel@tonic-gate for (i = 0; i < IPL_LOGSIZE; i++) 6640Sstevel@tonic-gate for (ipl = ip_pool_list[i]; ipl != NULL; ipl = ipl->ipo_next) 665*2393Syz155240 printpool(ipl, bcopywrap, NULL, opts); 6660Sstevel@tonic-gate 6670Sstevel@tonic-gate printf("List of configured hash tables\n"); 6680Sstevel@tonic-gate for (i = 0; i < IPL_LOGSIZE; i++) 6690Sstevel@tonic-gate for (iph = ipf_htables[i]; iph != NULL; iph = iph->iph_next) 670*2393Syz155240 printhash(iph, bcopywrap, NULL, opts); 6710Sstevel@tonic-gate } 6720Sstevel@tonic-gate 6730Sstevel@tonic-gate 6740Sstevel@tonic-gate void dumpgroups() 6750Sstevel@tonic-gate { 6760Sstevel@tonic-gate frgroup_t *fg; 6770Sstevel@tonic-gate frentry_t *fr; 6780Sstevel@tonic-gate int i; 6790Sstevel@tonic-gate 6800Sstevel@tonic-gate printf("List of groups configured (set 0)\n"); 6810Sstevel@tonic-gate for (i = 0; i < IPL_LOGSIZE; i++) 6820Sstevel@tonic-gate for (fg = ipfgroups[i][0]; fg != NULL; fg = fg->fg_next) { 6830Sstevel@tonic-gate printf("Dev.%d. Group %s Ref %d Flags %#x\n", 6840Sstevel@tonic-gate i, fg->fg_name, fg->fg_ref, fg->fg_flags); 6850Sstevel@tonic-gate for (fr = fg->fg_start; fr != NULL; fr = fr->fr_next) { 6860Sstevel@tonic-gate #ifdef USE_QUAD_T 6870Sstevel@tonic-gate printf("%qu ",(unsigned long long)fr->fr_hits); 6880Sstevel@tonic-gate #else 6890Sstevel@tonic-gate printf("%ld ", fr->fr_hits); 6900Sstevel@tonic-gate #endif 6910Sstevel@tonic-gate printfr(fr, ipftestioctl); 6920Sstevel@tonic-gate } 6930Sstevel@tonic-gate } 6940Sstevel@tonic-gate 6950Sstevel@tonic-gate printf("List of groups configured (set 1)\n"); 6960Sstevel@tonic-gate for (i = 0; i < IPL_LOGSIZE; i++) 6970Sstevel@tonic-gate for (fg = ipfgroups[i][1]; fg != NULL; fg = fg->fg_next) { 6980Sstevel@tonic-gate printf("Dev.%d. Group %s Ref %d Flags %#x\n", 6990Sstevel@tonic-gate i, fg->fg_name, fg->fg_ref, fg->fg_flags); 7000Sstevel@tonic-gate for (fr = fg->fg_start; fr != NULL; fr = fr->fr_next) { 7010Sstevel@tonic-gate #ifdef USE_QUAD_T 7020Sstevel@tonic-gate printf("%qu ",(unsigned long long)fr->fr_hits); 7030Sstevel@tonic-gate #else 7040Sstevel@tonic-gate printf("%ld ", fr->fr_hits); 7050Sstevel@tonic-gate #endif 7060Sstevel@tonic-gate printfr(fr, ipftestioctl); 7070Sstevel@tonic-gate } 7080Sstevel@tonic-gate } 7090Sstevel@tonic-gate } 7100Sstevel@tonic-gate 7110Sstevel@tonic-gate 7120Sstevel@tonic-gate void drain_log(filename) 7130Sstevel@tonic-gate char *filename; 7140Sstevel@tonic-gate { 7150Sstevel@tonic-gate char buffer[DEFAULT_IPFLOGSIZE]; 7160Sstevel@tonic-gate struct iovec iov; 7170Sstevel@tonic-gate struct uio uio; 7180Sstevel@tonic-gate size_t resid; 719*2393Syz155240 int fd, i; 7200Sstevel@tonic-gate 7210Sstevel@tonic-gate fd = open(filename, O_CREAT|O_TRUNC|O_WRONLY, 0644); 7220Sstevel@tonic-gate if (fd == -1) { 7230Sstevel@tonic-gate perror("drain_log:open"); 7240Sstevel@tonic-gate return; 7250Sstevel@tonic-gate } 7260Sstevel@tonic-gate 727*2393Syz155240 for (i = 0; i <= IPL_LOGMAX; i++) 728*2393Syz155240 while (1) { 729*2393Syz155240 bzero((char *)&iov, sizeof(iov)); 730*2393Syz155240 iov.iov_base = buffer; 731*2393Syz155240 iov.iov_len = sizeof(buffer); 7320Sstevel@tonic-gate 733*2393Syz155240 bzero((char *)&uio, sizeof(uio)); 734*2393Syz155240 uio.uio_iov = &iov; 735*2393Syz155240 uio.uio_iovcnt = 1; 736*2393Syz155240 uio.uio_resid = iov.iov_len; 737*2393Syz155240 resid = uio.uio_resid; 7380Sstevel@tonic-gate 739*2393Syz155240 if (ipflog_read(i, &uio) == 0) { 740*2393Syz155240 /* 741*2393Syz155240 * If nothing was read then break out. 742*2393Syz155240 */ 743*2393Syz155240 if (uio.uio_resid == resid) 744*2393Syz155240 break; 745*2393Syz155240 write(fd, buffer, resid - uio.uio_resid); 746*2393Syz155240 } else 7470Sstevel@tonic-gate break; 7480Sstevel@tonic-gate } 7490Sstevel@tonic-gate 7500Sstevel@tonic-gate close(fd); 7510Sstevel@tonic-gate } 7520Sstevel@tonic-gate 7530Sstevel@tonic-gate 7540Sstevel@tonic-gate void fixv4sums(m, ip) 7550Sstevel@tonic-gate mb_t *m; 7560Sstevel@tonic-gate ip_t *ip; 7570Sstevel@tonic-gate { 7580Sstevel@tonic-gate u_char *csump, *hdr; 7590Sstevel@tonic-gate 7600Sstevel@tonic-gate ip->ip_sum = 0; 7610Sstevel@tonic-gate ip->ip_sum = ipf_cksum((u_short *)ip, IP_HL(ip) << 2); 7620Sstevel@tonic-gate 7630Sstevel@tonic-gate csump = (u_char *)ip; 7640Sstevel@tonic-gate csump += IP_HL(ip) << 2; 7650Sstevel@tonic-gate 7660Sstevel@tonic-gate switch (ip->ip_p) 7670Sstevel@tonic-gate { 7680Sstevel@tonic-gate case IPPROTO_TCP : 7690Sstevel@tonic-gate hdr = csump; 7700Sstevel@tonic-gate csump += offsetof(tcphdr_t, th_sum); 7710Sstevel@tonic-gate break; 7720Sstevel@tonic-gate case IPPROTO_UDP : 7730Sstevel@tonic-gate hdr = csump; 7740Sstevel@tonic-gate csump += offsetof(udphdr_t, uh_sum); 7750Sstevel@tonic-gate break; 7760Sstevel@tonic-gate default : 7770Sstevel@tonic-gate csump = NULL; 7780Sstevel@tonic-gate hdr = NULL; 7790Sstevel@tonic-gate break; 7800Sstevel@tonic-gate } 7810Sstevel@tonic-gate if (hdr != NULL) { 7820Sstevel@tonic-gate *csump = 0; 7830Sstevel@tonic-gate *(u_short *)csump = fr_cksum(m, ip, ip->ip_p, hdr); 7840Sstevel@tonic-gate } 7850Sstevel@tonic-gate } 786