10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * Copyright (C) 1993-2001 by Darren Reed. 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * See the IPFILTER.LICENCE file for details on licencing. 5637Sml37995 * 6*3448Sdh155122 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 7637Sml37995 * Use is subject to license terms. 80Sstevel@tonic-gate */ 9637Sml37995 10637Sml37995 #pragma ident "%Z%%M% %I% %E% SMI" 11637Sml37995 120Sstevel@tonic-gate #include "ipf.h" 130Sstevel@tonic-gate #include "ipt.h" 140Sstevel@tonic-gate #include <sys/ioctl.h> 150Sstevel@tonic-gate #include <sys/file.h> 160Sstevel@tonic-gate 170Sstevel@tonic-gate #if !defined(lint) 180Sstevel@tonic-gate static const char sccsid[] = "@(#)ipt.c 1.19 6/3/96 (C) 1993-2000 Darren Reed"; 192393Syz155240 static const char rcsid[] = "@(#)$Id: ipftest.c,v 1.44.2.4 2005/07/16 06:05:28 darrenr Exp $"; 200Sstevel@tonic-gate #endif 210Sstevel@tonic-gate 220Sstevel@tonic-gate extern char *optarg; 230Sstevel@tonic-gate extern struct frentry *ipfilter[2][2]; 240Sstevel@tonic-gate extern struct ipread snoop, etherf, tcpd, pcap, iptext, iphex; 25*3448Sdh155122 extern struct ifnet *get_unit __P((char *, int, ipf_stack_t *)); 260Sstevel@tonic-gate extern void init_ifp __P((void)); 270Sstevel@tonic-gate 280Sstevel@tonic-gate int opts = OPT_DONOTHING; 290Sstevel@tonic-gate int use_inet6 = 0; 300Sstevel@tonic-gate int pfil_delayed_copy = 0; 310Sstevel@tonic-gate int main __P((int, char *[])); 320Sstevel@tonic-gate int loadrules __P((char *, int)); 330Sstevel@tonic-gate int kmemcpy __P((char *, long, int)); 340Sstevel@tonic-gate int kstrncpy __P((char *, long, int n)); 35*3448Sdh155122 void dumpnat __P((ipf_stack_t *ifs)); 36*3448Sdh155122 void dumpstate __P((ipf_stack_t *ifs)); 37*3448Sdh155122 void dumplookups __P((ipf_stack_t *ifs)); 38*3448Sdh155122 void dumpgroups __P((ipf_stack_t *ifs)); 39*3448Sdh155122 void drain_log __P((char *, ipf_stack_t *ifs)); 400Sstevel@tonic-gate void fixv4sums __P((mb_t *, ip_t *)); 41*3448Sdh155122 ipf_stack_t *get_ifs __P((void)); 42*3448Sdh155122 ipf_stack_t *create_ifs __P((void)); 43*3448Sdh155122 netstack_t *create_ns __P((void)); 44*3448Sdh155122 450Sstevel@tonic-gate 460Sstevel@tonic-gate #if defined(__NetBSD__) || defined(__OpenBSD__) || SOLARIS || \ 470Sstevel@tonic-gate (_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000) || \ 482393Syz155240 defined(__osf__) || defined(linux) 490Sstevel@tonic-gate int ipftestioctl __P((int, ioctlcmd_t, ...)); 500Sstevel@tonic-gate int ipnattestioctl __P((int, ioctlcmd_t, ...)); 510Sstevel@tonic-gate int ipstatetestioctl __P((int, ioctlcmd_t, ...)); 520Sstevel@tonic-gate int ipauthtestioctl __P((int, ioctlcmd_t, ...)); 530Sstevel@tonic-gate int ipscantestioctl __P((int, ioctlcmd_t, ...)); 540Sstevel@tonic-gate int ipsynctestioctl __P((int, ioctlcmd_t, ...)); 550Sstevel@tonic-gate int ipooltestioctl __P((int, ioctlcmd_t, ...)); 560Sstevel@tonic-gate #else 570Sstevel@tonic-gate int ipftestioctl __P((dev_t, ioctlcmd_t, void *)); 580Sstevel@tonic-gate int ipnattestioctl __P((dev_t, ioctlcmd_t, void *)); 590Sstevel@tonic-gate int ipstatetestioctl __P((dev_t, ioctlcmd_t, void *)); 600Sstevel@tonic-gate int ipauthtestioctl __P((dev_t, ioctlcmd_t, void *)); 610Sstevel@tonic-gate int ipsynctestioctl __P((dev_t, ioctlcmd_t, void *)); 620Sstevel@tonic-gate int ipscantestioctl __P((dev_t, ioctlcmd_t, void *)); 630Sstevel@tonic-gate int ipooltestioctl __P((dev_t, ioctlcmd_t, void *)); 640Sstevel@tonic-gate #endif 650Sstevel@tonic-gate 660Sstevel@tonic-gate static ioctlfunc_t iocfunctions[IPL_LOGSIZE] = { ipftestioctl, 670Sstevel@tonic-gate ipnattestioctl, 680Sstevel@tonic-gate ipstatetestioctl, 690Sstevel@tonic-gate ipauthtestioctl, 700Sstevel@tonic-gate ipsynctestioctl, 710Sstevel@tonic-gate ipscantestioctl, 720Sstevel@tonic-gate ipooltestioctl, 730Sstevel@tonic-gate NULL }; 740Sstevel@tonic-gate 750Sstevel@tonic-gate 760Sstevel@tonic-gate int main(argc,argv) 770Sstevel@tonic-gate int argc; 780Sstevel@tonic-gate char *argv[]; 790Sstevel@tonic-gate { 800Sstevel@tonic-gate char *datain, *iface, *ifname, *logout; 810Sstevel@tonic-gate int fd, i, dir, c, loaded, dump, hlen; 820Sstevel@tonic-gate struct ifnet *ifp; 830Sstevel@tonic-gate struct ipread *r; 840Sstevel@tonic-gate mb_t mb, *m; 850Sstevel@tonic-gate ip_t *ip; 86*3448Sdh155122 ipf_stack_t *ifs; 87*3448Sdh155122 netstack_t *ns; 880Sstevel@tonic-gate 890Sstevel@tonic-gate m = &mb; 900Sstevel@tonic-gate dir = 0; 910Sstevel@tonic-gate dump = 0; 920Sstevel@tonic-gate hlen = 0; 930Sstevel@tonic-gate loaded = 0; 940Sstevel@tonic-gate r = &iptext; 950Sstevel@tonic-gate iface = NULL; 960Sstevel@tonic-gate logout = NULL; 970Sstevel@tonic-gate ifname = "anon0"; 980Sstevel@tonic-gate datain = NULL; 990Sstevel@tonic-gate 100*3448Sdh155122 initparse(); 101*3448Sdh155122 ifs = create_ifs(); 102*3448Sdh155122 ns = create_ns(); 103*3448Sdh155122 ifs->ifs_netstack = ns; 1040Sstevel@tonic-gate 105*3448Sdh155122 #if defined(IPFILTER_DEFAULT_BLOCK) 106*3448Sdh155122 ifs->ifs_fr_pass = FR_BLOCK|FR_NOMATCH; 107*3448Sdh155122 #else 108*3448Sdh155122 ifs->ifs_fr_pass = (IPF_DEFAULT_PASS)|FR_NOMATCH; 109*3448Sdh155122 #endif 110*3448Sdh155122 ipftuneable_alloc(ifs); 111*3448Sdh155122 112*3448Sdh155122 bzero((char *)ifs->ifs_frcache, sizeof(ifs->ifs_frcache)); 113*3448Sdh155122 MUTEX_INIT(&ifs->ifs_ipf_rw, "ipf rw mutex"); 114*3448Sdh155122 MUTEX_INIT(&ifs->ifs_ipf_timeoutlock, "ipf timeout lock"); 115*3448Sdh155122 RWLOCK_INIT(&ifs->ifs_ipf_global, "ipf filter load/unload mutex"); 116*3448Sdh155122 RWLOCK_INIT(&ifs->ifs_ipf_mutex, "ipf filter rwlock"); 117*3448Sdh155122 RWLOCK_INIT(&ifs->ifs_ipf_ipidfrag, "ipf IP NAT-Frag rwlock"); 118*3448Sdh155122 RWLOCK_INIT(&ifs->ifs_ipf_frcache, "ipf cache rwlock"); 119*3448Sdh155122 120*3448Sdh155122 fr_loginit(ifs); 121*3448Sdh155122 fr_authinit(ifs); 122*3448Sdh155122 fr_fraginit(ifs); 123*3448Sdh155122 fr_stateinit(ifs); 124*3448Sdh155122 fr_natinit(ifs); 125*3448Sdh155122 appr_init(ifs); 126*3448Sdh155122 ip_lookup_init(ifs); 127*3448Sdh155122 ifs->ifs_fr_running = 1; 1280Sstevel@tonic-gate 1292393Syz155240 while ((c = getopt(argc, argv, "6bdDF:i:I:l:N:P:or:RT:vxX")) != -1) 1300Sstevel@tonic-gate switch (c) 1310Sstevel@tonic-gate { 1320Sstevel@tonic-gate case '6' : 1330Sstevel@tonic-gate #ifdef USE_INET6 1340Sstevel@tonic-gate use_inet6 = 1; 1350Sstevel@tonic-gate #else 1360Sstevel@tonic-gate fprintf(stderr, "IPv6 not supported\n"); 1370Sstevel@tonic-gate exit(1); 1380Sstevel@tonic-gate #endif 1390Sstevel@tonic-gate break; 1400Sstevel@tonic-gate case 'b' : 1410Sstevel@tonic-gate opts |= OPT_BRIEF; 1420Sstevel@tonic-gate break; 1430Sstevel@tonic-gate case 'd' : 1440Sstevel@tonic-gate opts |= OPT_DEBUG; 1450Sstevel@tonic-gate break; 1460Sstevel@tonic-gate case 'D' : 1470Sstevel@tonic-gate dump = 1; 1480Sstevel@tonic-gate break; 1490Sstevel@tonic-gate case 'F' : 1500Sstevel@tonic-gate if (strcasecmp(optarg, "pcap") == 0) 1510Sstevel@tonic-gate r = &pcap; 1520Sstevel@tonic-gate else if (strcasecmp(optarg, "etherfind") == 0) 1530Sstevel@tonic-gate r = ðerf; 1540Sstevel@tonic-gate else if (strcasecmp(optarg, "snoop") == 0) 1550Sstevel@tonic-gate r = &snoop; 1560Sstevel@tonic-gate else if (strcasecmp(optarg, "tcpdump") == 0) 1570Sstevel@tonic-gate r = &tcpd; 1580Sstevel@tonic-gate else if (strcasecmp(optarg, "hex") == 0) 1590Sstevel@tonic-gate r = &iphex; 1600Sstevel@tonic-gate else if (strcasecmp(optarg, "text") == 0) 1610Sstevel@tonic-gate r = &iptext; 1620Sstevel@tonic-gate break; 1630Sstevel@tonic-gate case 'i' : 1640Sstevel@tonic-gate datain = optarg; 1650Sstevel@tonic-gate break; 1660Sstevel@tonic-gate case 'I' : 1670Sstevel@tonic-gate ifname = optarg; 1680Sstevel@tonic-gate break; 1690Sstevel@tonic-gate case 'l' : 1700Sstevel@tonic-gate logout = optarg; 1710Sstevel@tonic-gate break; 1720Sstevel@tonic-gate case 'o' : 1730Sstevel@tonic-gate opts |= OPT_SAVEOUT; 1740Sstevel@tonic-gate break; 1750Sstevel@tonic-gate case 'r' : 1760Sstevel@tonic-gate if (ipf_parsefile(-1, ipf_addrule, iocfunctions, 1770Sstevel@tonic-gate optarg) == -1) 1780Sstevel@tonic-gate return -1; 1790Sstevel@tonic-gate loaded = 1; 1800Sstevel@tonic-gate break; 1812393Syz155240 case 'R' : 1822393Syz155240 opts |= OPT_NORESOLVE; 1832393Syz155240 break; 1840Sstevel@tonic-gate case 'v' : 1850Sstevel@tonic-gate opts |= OPT_VERBOSE; 1860Sstevel@tonic-gate break; 1870Sstevel@tonic-gate case 'N' : 1880Sstevel@tonic-gate if (ipnat_parsefile(-1, ipnat_addrule, ipnattestioctl, 1890Sstevel@tonic-gate optarg) == -1) 1900Sstevel@tonic-gate return -1; 1910Sstevel@tonic-gate loaded = 1; 1920Sstevel@tonic-gate opts |= OPT_NAT; 1930Sstevel@tonic-gate break; 1940Sstevel@tonic-gate case 'P' : 1950Sstevel@tonic-gate if (ippool_parsefile(-1, optarg, ipooltestioctl) == -1) 1960Sstevel@tonic-gate return -1; 1970Sstevel@tonic-gate loaded = 1; 1980Sstevel@tonic-gate break; 1992393Syz155240 case 'T' : 2002393Syz155240 ipf_dotuning(-1, optarg, ipftestioctl); 2012393Syz155240 break; 2020Sstevel@tonic-gate case 'x' : 2030Sstevel@tonic-gate opts |= OPT_HEX; 2040Sstevel@tonic-gate break; 2050Sstevel@tonic-gate } 2060Sstevel@tonic-gate 2070Sstevel@tonic-gate if (loaded == 0) { 2080Sstevel@tonic-gate (void)fprintf(stderr,"no rules loaded\n"); 2090Sstevel@tonic-gate exit(-1); 2100Sstevel@tonic-gate } 2110Sstevel@tonic-gate 2120Sstevel@tonic-gate if (opts & OPT_SAVEOUT) 2130Sstevel@tonic-gate init_ifp(); 2140Sstevel@tonic-gate 2150Sstevel@tonic-gate if (datain) 2160Sstevel@tonic-gate fd = (*r->r_open)(datain); 2170Sstevel@tonic-gate else 2180Sstevel@tonic-gate fd = (*r->r_open)("-"); 2190Sstevel@tonic-gate 2200Sstevel@tonic-gate if (fd < 0) 2210Sstevel@tonic-gate exit(-1); 2220Sstevel@tonic-gate 2230Sstevel@tonic-gate ip = MTOD(m, ip_t *); 2240Sstevel@tonic-gate while ((i = (*r->r_readip)(MTOD(m, char *), sizeof(m->mb_buf), 2250Sstevel@tonic-gate &iface, &dir)) > 0) { 2260Sstevel@tonic-gate if (iface == NULL || *iface == '\0') 2270Sstevel@tonic-gate iface = ifname; 228*3448Sdh155122 ifp = get_unit(iface, IP_V(ip), ifs); 2291448Sschuster if (ifp == NULL) { 2301448Sschuster fprintf(stderr, "out of memory\n"); 2311448Sschuster exit(1); 2321448Sschuster } 2330Sstevel@tonic-gate if (!use_inet6) { 2340Sstevel@tonic-gate ip->ip_off = ntohs(ip->ip_off); 2350Sstevel@tonic-gate ip->ip_len = ntohs(ip->ip_len); 2360Sstevel@tonic-gate if (r->r_flags & R_DO_CKSUM) 2370Sstevel@tonic-gate fixv4sums(m, ip); 2380Sstevel@tonic-gate hlen = IP_HL(ip) << 2; 2390Sstevel@tonic-gate } 2400Sstevel@tonic-gate #ifdef USE_INET6 2410Sstevel@tonic-gate else 2420Sstevel@tonic-gate hlen = sizeof(ip6_t); 2430Sstevel@tonic-gate #endif 2440Sstevel@tonic-gate /* ipfr_slowtimer(); */ 2450Sstevel@tonic-gate m = &mb; 2460Sstevel@tonic-gate m->mb_len = i; 247*3448Sdh155122 i = fr_check(ip, hlen, ifp, dir, &m, ifs); 2480Sstevel@tonic-gate if ((opts & OPT_NAT) == 0) 2490Sstevel@tonic-gate switch (i) 2500Sstevel@tonic-gate { 2510Sstevel@tonic-gate case -4 : 2520Sstevel@tonic-gate (void)printf("preauth"); 2530Sstevel@tonic-gate break; 2540Sstevel@tonic-gate case -3 : 2550Sstevel@tonic-gate (void)printf("account"); 2560Sstevel@tonic-gate break; 2570Sstevel@tonic-gate case -2 : 2580Sstevel@tonic-gate (void)printf("auth"); 2590Sstevel@tonic-gate break; 2600Sstevel@tonic-gate case -1 : 2610Sstevel@tonic-gate (void)printf("block"); 2620Sstevel@tonic-gate break; 2630Sstevel@tonic-gate case 0 : 2640Sstevel@tonic-gate (void)printf("pass"); 2650Sstevel@tonic-gate break; 2660Sstevel@tonic-gate case 1 : 2670Sstevel@tonic-gate (void)printf("nomatch"); 2680Sstevel@tonic-gate break; 2690Sstevel@tonic-gate case 3 : 2700Sstevel@tonic-gate (void)printf("block return-rst"); 2710Sstevel@tonic-gate break; 2720Sstevel@tonic-gate case 4 : 2730Sstevel@tonic-gate (void)printf("block return-icmp"); 2740Sstevel@tonic-gate break; 2750Sstevel@tonic-gate case 5 : 2760Sstevel@tonic-gate (void)printf("block return-icmp-as-dest"); 2770Sstevel@tonic-gate break; 2780Sstevel@tonic-gate default : 2790Sstevel@tonic-gate (void)printf("recognised return %#x\n", i); 2800Sstevel@tonic-gate break; 2810Sstevel@tonic-gate } 2820Sstevel@tonic-gate if (!use_inet6) { 2830Sstevel@tonic-gate ip->ip_off = htons(ip->ip_off); 2840Sstevel@tonic-gate ip->ip_len = htons(ip->ip_len); 2850Sstevel@tonic-gate } 2860Sstevel@tonic-gate 2870Sstevel@tonic-gate if (!(opts & OPT_BRIEF)) { 2880Sstevel@tonic-gate putchar(' '); 2890Sstevel@tonic-gate printpacket(ip); 2900Sstevel@tonic-gate printf("--------------"); 2910Sstevel@tonic-gate } else if ((opts & (OPT_BRIEF|OPT_NAT)) == (OPT_NAT|OPT_BRIEF)) 2920Sstevel@tonic-gate printpacket(ip); 2930Sstevel@tonic-gate if (dir && (ifp != NULL) && IP_V(ip) && (m != NULL)) 2942393Syz155240 #if defined(__sgi) && (IRIX < 60500) 2950Sstevel@tonic-gate (*ifp->if_output)(ifp, (void *)m, NULL); 2960Sstevel@tonic-gate #else 2970Sstevel@tonic-gate # if TRU64 >= 1885 2980Sstevel@tonic-gate (*ifp->if_output)(ifp, (void *)m, NULL, 0, 0); 2990Sstevel@tonic-gate # else 3000Sstevel@tonic-gate (*ifp->if_output)(ifp, (void *)m, NULL, 0); 3010Sstevel@tonic-gate # endif 3020Sstevel@tonic-gate #endif 3030Sstevel@tonic-gate if ((opts & (OPT_BRIEF|OPT_NAT)) != (OPT_NAT|OPT_BRIEF)) 3040Sstevel@tonic-gate putchar('\n'); 3050Sstevel@tonic-gate dir = 0; 3060Sstevel@tonic-gate if (iface != ifname) { 3070Sstevel@tonic-gate free(iface); 3080Sstevel@tonic-gate iface = ifname; 3090Sstevel@tonic-gate } 3100Sstevel@tonic-gate m = &mb; 3110Sstevel@tonic-gate } 3120Sstevel@tonic-gate (*r->r_close)(); 3130Sstevel@tonic-gate 3140Sstevel@tonic-gate if (logout != NULL) { 315*3448Sdh155122 drain_log(logout, ifs); 3160Sstevel@tonic-gate } 3170Sstevel@tonic-gate 3180Sstevel@tonic-gate if (dump == 1) { 319*3448Sdh155122 dumpnat(ifs); 320*3448Sdh155122 dumpstate(ifs); 321*3448Sdh155122 dumplookups(ifs); 322*3448Sdh155122 dumpgroups(ifs); 3230Sstevel@tonic-gate } 3240Sstevel@tonic-gate 325*3448Sdh155122 fr_deinitialise(ifs); 3260Sstevel@tonic-gate 3270Sstevel@tonic-gate return 0; 3280Sstevel@tonic-gate } 3290Sstevel@tonic-gate 3300Sstevel@tonic-gate 3310Sstevel@tonic-gate #if defined(__NetBSD__) || defined(__OpenBSD__) || SOLARIS || \ 3320Sstevel@tonic-gate (_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000) || \ 3332393Syz155240 defined(__osf__) || defined(linux) 3340Sstevel@tonic-gate int ipftestioctl(int dev, ioctlcmd_t cmd, ...) 3350Sstevel@tonic-gate { 3360Sstevel@tonic-gate caddr_t data; 3370Sstevel@tonic-gate va_list ap; 3380Sstevel@tonic-gate int i; 3390Sstevel@tonic-gate 3400Sstevel@tonic-gate va_start(ap, cmd); 3410Sstevel@tonic-gate data = va_arg(ap, caddr_t); 3420Sstevel@tonic-gate va_end(ap); 3430Sstevel@tonic-gate 3440Sstevel@tonic-gate i = iplioctl(IPL_LOGIPF, cmd, data, FWRITE|FREAD); 3450Sstevel@tonic-gate if (opts & OPT_DEBUG) 3460Sstevel@tonic-gate fprintf(stderr, "iplioctl(IPF,%#x,%p) = %d\n", 3470Sstevel@tonic-gate (u_int)cmd, data, i); 3482393Syz155240 if (i != 0) { 3492393Syz155240 errno = i; 3502393Syz155240 return -1; 3512393Syz155240 } 3522393Syz155240 return 0; 3530Sstevel@tonic-gate } 3540Sstevel@tonic-gate 3550Sstevel@tonic-gate 3560Sstevel@tonic-gate int ipnattestioctl(int dev, ioctlcmd_t cmd, ...) 3570Sstevel@tonic-gate { 3580Sstevel@tonic-gate caddr_t data; 3590Sstevel@tonic-gate va_list ap; 3600Sstevel@tonic-gate int i; 3610Sstevel@tonic-gate 3620Sstevel@tonic-gate va_start(ap, cmd); 3630Sstevel@tonic-gate data = va_arg(ap, caddr_t); 3640Sstevel@tonic-gate va_end(ap); 3650Sstevel@tonic-gate 3660Sstevel@tonic-gate i = iplioctl(IPL_LOGNAT, cmd, data, FWRITE|FREAD); 3670Sstevel@tonic-gate if (opts & OPT_DEBUG) 3680Sstevel@tonic-gate fprintf(stderr, "iplioctl(NAT,%#x,%p) = %d\n", 3690Sstevel@tonic-gate (u_int)cmd, data, i); 3702393Syz155240 if (i != 0) { 3712393Syz155240 errno = i; 3722393Syz155240 return -1; 3732393Syz155240 } 3742393Syz155240 return 0; 3750Sstevel@tonic-gate } 3760Sstevel@tonic-gate 3770Sstevel@tonic-gate 3780Sstevel@tonic-gate int ipstatetestioctl(int dev, ioctlcmd_t cmd, ...) 3790Sstevel@tonic-gate { 3800Sstevel@tonic-gate caddr_t data; 3810Sstevel@tonic-gate va_list ap; 3820Sstevel@tonic-gate int i; 3830Sstevel@tonic-gate 3840Sstevel@tonic-gate va_start(ap, cmd); 3850Sstevel@tonic-gate data = va_arg(ap, caddr_t); 3860Sstevel@tonic-gate va_end(ap); 3870Sstevel@tonic-gate 3880Sstevel@tonic-gate i = iplioctl(IPL_LOGSTATE, cmd, data, FWRITE|FREAD); 3890Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 3900Sstevel@tonic-gate fprintf(stderr, "iplioctl(STATE,%#x,%p) = %d\n", 3910Sstevel@tonic-gate (u_int)cmd, data, i); 3922393Syz155240 if (i != 0) { 3932393Syz155240 errno = i; 3942393Syz155240 return -1; 3952393Syz155240 } 3962393Syz155240 return 0; 3970Sstevel@tonic-gate } 3980Sstevel@tonic-gate 3990Sstevel@tonic-gate 4000Sstevel@tonic-gate int ipauthtestioctl(int dev, ioctlcmd_t cmd, ...) 4010Sstevel@tonic-gate { 4020Sstevel@tonic-gate caddr_t data; 4030Sstevel@tonic-gate va_list ap; 4040Sstevel@tonic-gate int i; 4050Sstevel@tonic-gate 4060Sstevel@tonic-gate va_start(ap, cmd); 4070Sstevel@tonic-gate data = va_arg(ap, caddr_t); 4080Sstevel@tonic-gate va_end(ap); 4090Sstevel@tonic-gate 4100Sstevel@tonic-gate i = iplioctl(IPL_LOGAUTH, cmd, data, FWRITE|FREAD); 4110Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 4120Sstevel@tonic-gate fprintf(stderr, "iplioctl(AUTH,%#x,%p) = %d\n", 4130Sstevel@tonic-gate (u_int)cmd, data, i); 4142393Syz155240 if (i != 0) { 4152393Syz155240 errno = i; 4162393Syz155240 return -1; 4172393Syz155240 } 4182393Syz155240 return 0; 4190Sstevel@tonic-gate } 4200Sstevel@tonic-gate 4210Sstevel@tonic-gate 4220Sstevel@tonic-gate int ipscantestioctl(int dev, ioctlcmd_t cmd, ...) 4230Sstevel@tonic-gate { 4240Sstevel@tonic-gate caddr_t data; 4250Sstevel@tonic-gate va_list ap; 4260Sstevel@tonic-gate int i; 4270Sstevel@tonic-gate 4280Sstevel@tonic-gate va_start(ap, cmd); 4290Sstevel@tonic-gate data = va_arg(ap, caddr_t); 4300Sstevel@tonic-gate va_end(ap); 4310Sstevel@tonic-gate 4320Sstevel@tonic-gate i = iplioctl(IPL_LOGSCAN, cmd, data, FWRITE|FREAD); 4330Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 4340Sstevel@tonic-gate fprintf(stderr, "iplioctl(SCAN,%#x,%p) = %d\n", 4350Sstevel@tonic-gate (u_int)cmd, data, i); 4362393Syz155240 if (i != 0) { 4372393Syz155240 errno = i; 4382393Syz155240 return -1; 4392393Syz155240 } 4402393Syz155240 return 0; 4410Sstevel@tonic-gate } 4420Sstevel@tonic-gate 4430Sstevel@tonic-gate 4440Sstevel@tonic-gate int ipsynctestioctl(int dev, ioctlcmd_t cmd, ...) 4450Sstevel@tonic-gate { 4460Sstevel@tonic-gate caddr_t data; 4470Sstevel@tonic-gate va_list ap; 4480Sstevel@tonic-gate int i; 4490Sstevel@tonic-gate 4500Sstevel@tonic-gate va_start(ap, cmd); 4510Sstevel@tonic-gate data = va_arg(ap, caddr_t); 4520Sstevel@tonic-gate va_end(ap); 4530Sstevel@tonic-gate 4540Sstevel@tonic-gate i = iplioctl(IPL_LOGSYNC, cmd, data, FWRITE|FREAD); 4550Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 4560Sstevel@tonic-gate fprintf(stderr, "iplioctl(SYNC,%#x,%p) = %d\n", 4570Sstevel@tonic-gate (u_int)cmd, data, i); 4582393Syz155240 if (i != 0) { 4592393Syz155240 errno = i; 4602393Syz155240 return -1; 4612393Syz155240 } 4622393Syz155240 return 0; 4630Sstevel@tonic-gate } 4640Sstevel@tonic-gate 4650Sstevel@tonic-gate 4660Sstevel@tonic-gate int ipooltestioctl(int dev, ioctlcmd_t cmd, ...) 4670Sstevel@tonic-gate { 4680Sstevel@tonic-gate caddr_t data; 4690Sstevel@tonic-gate va_list ap; 4700Sstevel@tonic-gate int i; 4710Sstevel@tonic-gate 4720Sstevel@tonic-gate va_start(ap, cmd); 4730Sstevel@tonic-gate data = va_arg(ap, caddr_t); 4740Sstevel@tonic-gate va_end(ap); 4750Sstevel@tonic-gate 4760Sstevel@tonic-gate i = iplioctl(IPL_LOGLOOKUP, cmd, data, FWRITE|FREAD); 4770Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 4780Sstevel@tonic-gate fprintf(stderr, "iplioctl(POOL,%#x,%p) = %d\n", 4790Sstevel@tonic-gate (u_int)cmd, data, i); 4802393Syz155240 if (i != 0) { 4812393Syz155240 errno = i; 4822393Syz155240 return -1; 4832393Syz155240 } 4842393Syz155240 return 0; 4850Sstevel@tonic-gate } 4860Sstevel@tonic-gate #else 4870Sstevel@tonic-gate int ipftestioctl(dev, cmd, data) 4880Sstevel@tonic-gate dev_t dev; 4890Sstevel@tonic-gate ioctlcmd_t cmd; 4900Sstevel@tonic-gate void *data; 4910Sstevel@tonic-gate { 4920Sstevel@tonic-gate int i; 4930Sstevel@tonic-gate 4940Sstevel@tonic-gate i = iplioctl(IPL_LOGIPF, cmd, data, FWRITE|FREAD); 4950Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 4960Sstevel@tonic-gate fprintf(stderr, "iplioctl(IPF,%#x,%p) = %d\n", cmd, data, i); 4972393Syz155240 if (i != 0) { 4982393Syz155240 errno = i; 4992393Syz155240 return -1; 5002393Syz155240 } 5012393Syz155240 return 0; 5020Sstevel@tonic-gate } 5030Sstevel@tonic-gate 5040Sstevel@tonic-gate 5050Sstevel@tonic-gate int ipnattestioctl(dev, cmd, data) 5060Sstevel@tonic-gate dev_t dev; 5070Sstevel@tonic-gate ioctlcmd_t cmd; 5080Sstevel@tonic-gate void *data; 5090Sstevel@tonic-gate { 5100Sstevel@tonic-gate int i; 5110Sstevel@tonic-gate 5120Sstevel@tonic-gate i = iplioctl(IPL_LOGNAT, cmd, data, FWRITE|FREAD); 5130Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 5140Sstevel@tonic-gate fprintf(stderr, "iplioctl(NAT,%#x,%p) = %d\n", cmd, data, i); 5152393Syz155240 if (i != 0) { 5162393Syz155240 errno = i; 5172393Syz155240 return -1; 5182393Syz155240 } 5192393Syz155240 return 0; 5200Sstevel@tonic-gate } 5210Sstevel@tonic-gate 5220Sstevel@tonic-gate 5230Sstevel@tonic-gate int ipstatetestioctl(dev, cmd, data) 5240Sstevel@tonic-gate dev_t dev; 5250Sstevel@tonic-gate ioctlcmd_t cmd; 5260Sstevel@tonic-gate void *data; 5270Sstevel@tonic-gate { 5280Sstevel@tonic-gate int i; 5290Sstevel@tonic-gate 5300Sstevel@tonic-gate i = iplioctl(IPL_LOGSTATE, cmd, data, FWRITE|FREAD); 5310Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 5320Sstevel@tonic-gate fprintf(stderr, "iplioctl(STATE,%#x,%p) = %d\n", cmd, data, i); 5332393Syz155240 if (i != 0) { 5342393Syz155240 errno = i; 5352393Syz155240 return -1; 5362393Syz155240 } 5372393Syz155240 return 0; 5380Sstevel@tonic-gate } 5390Sstevel@tonic-gate 5400Sstevel@tonic-gate 5410Sstevel@tonic-gate int ipauthtestioctl(dev, cmd, data) 5420Sstevel@tonic-gate dev_t dev; 5430Sstevel@tonic-gate ioctlcmd_t cmd; 5440Sstevel@tonic-gate void *data; 5450Sstevel@tonic-gate { 5460Sstevel@tonic-gate int i; 5470Sstevel@tonic-gate 5480Sstevel@tonic-gate i = iplioctl(IPL_LOGAUTH, cmd, data, FWRITE|FREAD); 5490Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 5500Sstevel@tonic-gate fprintf(stderr, "iplioctl(AUTH,%#x,%p) = %d\n", cmd, data, i); 5512393Syz155240 if (i != 0) { 5522393Syz155240 errno = i; 5532393Syz155240 return -1; 5542393Syz155240 } 5552393Syz155240 return 0; 5560Sstevel@tonic-gate } 5570Sstevel@tonic-gate 5580Sstevel@tonic-gate 5590Sstevel@tonic-gate int ipsynctestioctl(dev, cmd, data) 5600Sstevel@tonic-gate dev_t dev; 5610Sstevel@tonic-gate ioctlcmd_t cmd; 5620Sstevel@tonic-gate void *data; 5630Sstevel@tonic-gate { 5640Sstevel@tonic-gate int i; 5650Sstevel@tonic-gate 5660Sstevel@tonic-gate i = iplioctl(IPL_LOGSYNC, cmd, data, FWRITE|FREAD); 5670Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 5680Sstevel@tonic-gate fprintf(stderr, "iplioctl(SYNC,%#x,%p) = %d\n", cmd, data, i); 5692393Syz155240 if (i != 0) { 5702393Syz155240 errno = i; 5712393Syz155240 return -1; 5722393Syz155240 } 5732393Syz155240 return 0; 5740Sstevel@tonic-gate } 5750Sstevel@tonic-gate 5760Sstevel@tonic-gate 5770Sstevel@tonic-gate int ipscantestioctl(dev, cmd, data) 5780Sstevel@tonic-gate dev_t dev; 5790Sstevel@tonic-gate ioctlcmd_t cmd; 5800Sstevel@tonic-gate void *data; 5810Sstevel@tonic-gate { 5820Sstevel@tonic-gate int i; 5830Sstevel@tonic-gate 5840Sstevel@tonic-gate i = iplioctl(IPL_LOGSCAN, cmd, data, FWRITE|FREAD); 5850Sstevel@tonic-gate if ((opts & OPT_DEBUG) || (i != 0)) 5860Sstevel@tonic-gate fprintf(stderr, "iplioctl(SCAN,%#x,%p) = %d\n", cmd, data, i); 5872393Syz155240 if (i != 0) { 5882393Syz155240 errno = i; 5892393Syz155240 return -1; 5902393Syz155240 } 5912393Syz155240 return 0; 5920Sstevel@tonic-gate } 5930Sstevel@tonic-gate 5940Sstevel@tonic-gate 5950Sstevel@tonic-gate int ipooltestioctl(dev, cmd, data) 5960Sstevel@tonic-gate dev_t dev; 5970Sstevel@tonic-gate ioctlcmd_t cmd; 5980Sstevel@tonic-gate void *data; 5990Sstevel@tonic-gate { 6000Sstevel@tonic-gate int i; 6010Sstevel@tonic-gate 6020Sstevel@tonic-gate i = iplioctl(IPL_LOGLOOKUP, cmd, data, FWRITE|FREAD); 6030Sstevel@tonic-gate if (opts & OPT_DEBUG) 6040Sstevel@tonic-gate fprintf(stderr, "iplioctl(POOL,%#x,%p) = %d\n", cmd, data, i); 6052393Syz155240 if (i != 0) { 6062393Syz155240 errno = i; 6072393Syz155240 return -1; 6082393Syz155240 } 6092393Syz155240 return 0; 6100Sstevel@tonic-gate } 6110Sstevel@tonic-gate #endif 6120Sstevel@tonic-gate 6130Sstevel@tonic-gate 6140Sstevel@tonic-gate int kmemcpy(addr, offset, size) 6150Sstevel@tonic-gate char *addr; 6160Sstevel@tonic-gate long offset; 6170Sstevel@tonic-gate int size; 6180Sstevel@tonic-gate { 6190Sstevel@tonic-gate bcopy((char *)offset, addr, size); 6200Sstevel@tonic-gate return 0; 6210Sstevel@tonic-gate } 6220Sstevel@tonic-gate 6230Sstevel@tonic-gate 6240Sstevel@tonic-gate int kstrncpy(buf, pos, n) 6250Sstevel@tonic-gate char *buf; 6260Sstevel@tonic-gate long pos; 6270Sstevel@tonic-gate int n; 6280Sstevel@tonic-gate { 6290Sstevel@tonic-gate char *ptr; 6300Sstevel@tonic-gate 6310Sstevel@tonic-gate ptr = (char *)pos; 6320Sstevel@tonic-gate 633637Sml37995 while ((n-- > 0) && (*buf++ = *ptr++)) 6340Sstevel@tonic-gate ; 6350Sstevel@tonic-gate return 0; 6360Sstevel@tonic-gate } 6370Sstevel@tonic-gate 6380Sstevel@tonic-gate 6390Sstevel@tonic-gate /* 6400Sstevel@tonic-gate * Display the built up NAT table rules and mapping entries. 6410Sstevel@tonic-gate */ 642*3448Sdh155122 void dumpnat(ifs) 643*3448Sdh155122 ipf_stack_t *ifs; 6440Sstevel@tonic-gate { 6450Sstevel@tonic-gate ipnat_t *ipn; 6460Sstevel@tonic-gate nat_t *nat; 6470Sstevel@tonic-gate 6480Sstevel@tonic-gate printf("List of active MAP/Redirect filters:\n"); 649*3448Sdh155122 for (ipn = ifs->ifs_nat_list; ipn != NULL; ipn = ipn->in_next) 6500Sstevel@tonic-gate printnat(ipn, opts & (OPT_DEBUG|OPT_VERBOSE)); 6510Sstevel@tonic-gate printf("\nList of active sessions:\n"); 652*3448Sdh155122 for (nat = ifs->ifs_nat_instances; nat; nat = nat->nat_next) { 653*3448Sdh155122 printactivenat(nat, opts, 0); 6542393Syz155240 if (nat->nat_aps) 6552393Syz155240 printaps(nat->nat_aps, opts); 6562393Syz155240 } 6570Sstevel@tonic-gate } 6580Sstevel@tonic-gate 6590Sstevel@tonic-gate 6600Sstevel@tonic-gate /* 6610Sstevel@tonic-gate * Display the built up state table rules and mapping entries. 6620Sstevel@tonic-gate */ 663*3448Sdh155122 void dumpstate(ifs) 664*3448Sdh155122 ipf_stack_t *ifs; 6650Sstevel@tonic-gate { 6660Sstevel@tonic-gate ipstate_t *ips; 6670Sstevel@tonic-gate 6680Sstevel@tonic-gate printf("List of active state sessions:\n"); 669*3448Sdh155122 for (ips = ifs->ifs_ips_list; ips != NULL; ) 6702393Syz155240 ips = printstate(ips, opts & (OPT_DEBUG|OPT_VERBOSE), 671*3448Sdh155122 ifs->ifs_fr_ticks); 6720Sstevel@tonic-gate } 6730Sstevel@tonic-gate 6740Sstevel@tonic-gate 675*3448Sdh155122 void dumplookups(ifs) 676*3448Sdh155122 ipf_stack_t *ifs; 6770Sstevel@tonic-gate { 6780Sstevel@tonic-gate iphtable_t *iph; 6790Sstevel@tonic-gate ip_pool_t *ipl; 6800Sstevel@tonic-gate int i; 6810Sstevel@tonic-gate 6820Sstevel@tonic-gate printf("List of configured pools\n"); 6830Sstevel@tonic-gate for (i = 0; i < IPL_LOGSIZE; i++) 684*3448Sdh155122 for (ipl = ifs->ifs_ip_pool_list[i]; ipl != NULL; 685*3448Sdh155122 ipl = ipl->ipo_next) 6862393Syz155240 printpool(ipl, bcopywrap, NULL, opts); 6870Sstevel@tonic-gate 6880Sstevel@tonic-gate printf("List of configured hash tables\n"); 6890Sstevel@tonic-gate for (i = 0; i < IPL_LOGSIZE; i++) 690*3448Sdh155122 for (iph = ifs->ifs_ipf_htables[i]; iph != NULL; 691*3448Sdh155122 iph = iph->iph_next) 6922393Syz155240 printhash(iph, bcopywrap, NULL, opts); 6930Sstevel@tonic-gate } 6940Sstevel@tonic-gate 6950Sstevel@tonic-gate 696*3448Sdh155122 void dumpgroups(ifs) 697*3448Sdh155122 ipf_stack_t *ifs; 6980Sstevel@tonic-gate { 6990Sstevel@tonic-gate frgroup_t *fg; 7000Sstevel@tonic-gate frentry_t *fr; 7010Sstevel@tonic-gate int i; 7020Sstevel@tonic-gate 7030Sstevel@tonic-gate printf("List of groups configured (set 0)\n"); 7040Sstevel@tonic-gate for (i = 0; i < IPL_LOGSIZE; i++) 705*3448Sdh155122 for (fg = ifs->ifs_ipfgroups[i][0]; fg != NULL; 706*3448Sdh155122 fg = fg->fg_next) { 7070Sstevel@tonic-gate printf("Dev.%d. Group %s Ref %d Flags %#x\n", 7080Sstevel@tonic-gate i, fg->fg_name, fg->fg_ref, fg->fg_flags); 7090Sstevel@tonic-gate for (fr = fg->fg_start; fr != NULL; fr = fr->fr_next) { 7100Sstevel@tonic-gate #ifdef USE_QUAD_T 7110Sstevel@tonic-gate printf("%qu ",(unsigned long long)fr->fr_hits); 7120Sstevel@tonic-gate #else 7130Sstevel@tonic-gate printf("%ld ", fr->fr_hits); 7140Sstevel@tonic-gate #endif 7150Sstevel@tonic-gate printfr(fr, ipftestioctl); 7160Sstevel@tonic-gate } 7170Sstevel@tonic-gate } 7180Sstevel@tonic-gate 7190Sstevel@tonic-gate printf("List of groups configured (set 1)\n"); 7200Sstevel@tonic-gate for (i = 0; i < IPL_LOGSIZE; i++) 721*3448Sdh155122 for (fg = ifs->ifs_ipfgroups[i][1]; fg != NULL; 722*3448Sdh155122 fg = fg->fg_next) { 7230Sstevel@tonic-gate printf("Dev.%d. Group %s Ref %d Flags %#x\n", 7240Sstevel@tonic-gate i, fg->fg_name, fg->fg_ref, fg->fg_flags); 7250Sstevel@tonic-gate for (fr = fg->fg_start; fr != NULL; fr = fr->fr_next) { 7260Sstevel@tonic-gate #ifdef USE_QUAD_T 7270Sstevel@tonic-gate printf("%qu ",(unsigned long long)fr->fr_hits); 7280Sstevel@tonic-gate #else 7290Sstevel@tonic-gate printf("%ld ", fr->fr_hits); 7300Sstevel@tonic-gate #endif 7310Sstevel@tonic-gate printfr(fr, ipftestioctl); 7320Sstevel@tonic-gate } 7330Sstevel@tonic-gate } 7340Sstevel@tonic-gate } 7350Sstevel@tonic-gate 7360Sstevel@tonic-gate 737*3448Sdh155122 void drain_log(filename, ifs) 7380Sstevel@tonic-gate char *filename; 739*3448Sdh155122 ipf_stack_t *ifs; 7400Sstevel@tonic-gate { 7410Sstevel@tonic-gate char buffer[DEFAULT_IPFLOGSIZE]; 7420Sstevel@tonic-gate struct iovec iov; 7430Sstevel@tonic-gate struct uio uio; 7440Sstevel@tonic-gate size_t resid; 7452393Syz155240 int fd, i; 7460Sstevel@tonic-gate 7470Sstevel@tonic-gate fd = open(filename, O_CREAT|O_TRUNC|O_WRONLY, 0644); 7480Sstevel@tonic-gate if (fd == -1) { 7490Sstevel@tonic-gate perror("drain_log:open"); 7500Sstevel@tonic-gate return; 7510Sstevel@tonic-gate } 7520Sstevel@tonic-gate 7532393Syz155240 for (i = 0; i <= IPL_LOGMAX; i++) 7542393Syz155240 while (1) { 7552393Syz155240 bzero((char *)&iov, sizeof(iov)); 7562393Syz155240 iov.iov_base = buffer; 7572393Syz155240 iov.iov_len = sizeof(buffer); 7580Sstevel@tonic-gate 7592393Syz155240 bzero((char *)&uio, sizeof(uio)); 7602393Syz155240 uio.uio_iov = &iov; 7612393Syz155240 uio.uio_iovcnt = 1; 7622393Syz155240 uio.uio_resid = iov.iov_len; 7632393Syz155240 resid = uio.uio_resid; 7640Sstevel@tonic-gate 765*3448Sdh155122 if (ipflog_read(i, &uio, ifs) == 0) { 7662393Syz155240 /* 7672393Syz155240 * If nothing was read then break out. 7682393Syz155240 */ 7692393Syz155240 if (uio.uio_resid == resid) 7702393Syz155240 break; 7712393Syz155240 write(fd, buffer, resid - uio.uio_resid); 7722393Syz155240 } else 7730Sstevel@tonic-gate break; 7740Sstevel@tonic-gate } 7750Sstevel@tonic-gate 7760Sstevel@tonic-gate close(fd); 7770Sstevel@tonic-gate } 7780Sstevel@tonic-gate 7790Sstevel@tonic-gate 7800Sstevel@tonic-gate void fixv4sums(m, ip) 7810Sstevel@tonic-gate mb_t *m; 7820Sstevel@tonic-gate ip_t *ip; 7830Sstevel@tonic-gate { 7840Sstevel@tonic-gate u_char *csump, *hdr; 7850Sstevel@tonic-gate 7860Sstevel@tonic-gate ip->ip_sum = 0; 7870Sstevel@tonic-gate ip->ip_sum = ipf_cksum((u_short *)ip, IP_HL(ip) << 2); 7880Sstevel@tonic-gate 7890Sstevel@tonic-gate csump = (u_char *)ip; 7900Sstevel@tonic-gate csump += IP_HL(ip) << 2; 7910Sstevel@tonic-gate 7920Sstevel@tonic-gate switch (ip->ip_p) 7930Sstevel@tonic-gate { 7940Sstevel@tonic-gate case IPPROTO_TCP : 7950Sstevel@tonic-gate hdr = csump; 7960Sstevel@tonic-gate csump += offsetof(tcphdr_t, th_sum); 7970Sstevel@tonic-gate break; 7980Sstevel@tonic-gate case IPPROTO_UDP : 7990Sstevel@tonic-gate hdr = csump; 8000Sstevel@tonic-gate csump += offsetof(udphdr_t, uh_sum); 8010Sstevel@tonic-gate break; 8020Sstevel@tonic-gate default : 8030Sstevel@tonic-gate csump = NULL; 8040Sstevel@tonic-gate hdr = NULL; 8050Sstevel@tonic-gate break; 8060Sstevel@tonic-gate } 8070Sstevel@tonic-gate if (hdr != NULL) { 8080Sstevel@tonic-gate *csump = 0; 8090Sstevel@tonic-gate *(u_short *)csump = fr_cksum(m, ip, ip->ip_p, hdr); 8100Sstevel@tonic-gate } 8110Sstevel@tonic-gate } 812*3448Sdh155122 813*3448Sdh155122 ipf_stack_t *gifs; 814*3448Sdh155122 815*3448Sdh155122 /* 816*3448Sdh155122 * Allocate and keep pointer for get_ifs() 817*3448Sdh155122 */ 818*3448Sdh155122 ipf_stack_t * 819*3448Sdh155122 create_ifs() 820*3448Sdh155122 { 821*3448Sdh155122 ipf_stack_t *ifs; 822*3448Sdh155122 823*3448Sdh155122 KMALLOCS(ifs, ipf_stack_t *, sizeof (*ifs)); 824*3448Sdh155122 bzero(ifs, sizeof (*ifs)); 825*3448Sdh155122 gifs = ifs; 826*3448Sdh155122 return (ifs); 827*3448Sdh155122 } 828*3448Sdh155122 829*3448Sdh155122 ipf_stack_t * 830*3448Sdh155122 get_ifs() 831*3448Sdh155122 { 832*3448Sdh155122 return (gifs); 833*3448Sdh155122 } 834*3448Sdh155122 835*3448Sdh155122 netstack_t * 836*3448Sdh155122 create_ns() 837*3448Sdh155122 { 838*3448Sdh155122 netstack_t *ns; 839*3448Sdh155122 840*3448Sdh155122 KMALLOCS(ns, netstack_t *, sizeof (*ns)); 841*3448Sdh155122 bzero(ns, sizeof (*ns)); 842*3448Sdh155122 return (ns); 843*3448Sdh155122 } 844