2 * Copyright (c) 2014 The DragonFly Project. All rights reserved.
4 * This code is derived from software contributed to The DragonFly Project
5 * by Bill Yuan <bycn82@gmail.com>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
46 #include <net/route.h>
48 #include <netinet/in.h>
50 #include "../../../sys/net/ipfw3/ip_fw3.h"
51 #include "../../../sbin/ipfw3/ipfw.h"
52 #include "ipfw3_layer4.h"
55 char_at(char *str
, char c
)
58 for (pos
= 0; str
[pos
] != '\0'; pos
++) {
66 parse_tcpflag(ipfw_insn
**cmd
, int *ac
, char **av
[])
68 (*cmd
)->opcode
= O_LAYER4_TCPFLAG
;
69 (*cmd
)->module
= MODULE_LAYER4_ID
;
70 (*cmd
)->len
= ((*cmd
)->len
&(F_NOT
|F_OR
))|LEN_OF_IPFWINSN
;
71 /* XXX TODO parse the tcpflag value and store in arg1 or arg3 */
76 parse_uid(ipfw_insn
**cmd
, int *ac
, char **av
[])
83 ipfw_insn_u32
*cmd32
= (ipfw_insn_u32
*)(*cmd
);
84 uid
= strtoul(**av
, &end
, 0);
85 pwd
= (*end
== '\0') ? getpwuid(uid
) : getpwnam(**av
);
87 errx(EX_DATAERR
, "uid \"%s\" not exists", **av
);
89 cmd32
->d
[0] = pwd
->pw_uid
;
91 (*cmd
)->opcode
= O_LAYER4_UID
;
92 (*cmd
)->module
= MODULE_LAYER4_ID
;
93 (*cmd
)->len
= F_INSN_SIZE(ipfw_insn_u32
);
98 parse_gid(ipfw_insn
**cmd
, int *ac
, char **av
[])
105 ipfw_insn_u32
*cmd32
= (ipfw_insn_u32
*)(*cmd
);
106 gid
= strtoul(**av
, &end
, 0);
107 grp
= (*end
== '\0') ? getgrgid(gid
) : getgrnam(**av
);
109 errx(EX_DATAERR
, "gid \"%s\" not exists", **av
);
111 cmd32
->d
[0] = grp
->gr_gid
;
113 (*cmd
)->opcode
= O_LAYER4_GID
;
114 (*cmd
)->module
= MODULE_LAYER4_ID
;
115 (*cmd
)->len
= F_INSN_SIZE(ipfw_insn_u32
);
120 parse_established(ipfw_insn
**cmd
, int *ac
, char **av
[])
123 (*cmd
)->opcode
= O_LAYER4_ESTABLISHED
;
124 (*cmd
)->module
= MODULE_LAYER4_ID
;
125 (*cmd
)->len
|= LEN_OF_IPFWINSN
;
129 parse_bpf(ipfw_insn
**cmd
, int *ac
, char **av
[])
131 struct bpf_program program
;
136 (*cmd
)->opcode
= O_LAYER4_BPF
;
137 (*cmd
)->module
= MODULE_LAYER4_ID
;
139 avlen
= strlen(**av
);
141 errx(EX_DATAERR
, "bpf \"%s\" too long (max 256)", **av
);
142 bpf
= (ipfw_insn_bpf
*)(*cmd
);
143 strcpy(bpf
->bf_str
, **av
);
144 if (pcap_compile_nopcap(65535, DLT_RAW
, &program
, **av
, 1,
145 PCAP_NETMASK_UNKNOWN
))
146 errx(EX_DATAERR
, "bpf \"%s\" compilation error", **av
);
147 bpf
->bf_len
= program
.bf_len
;
149 memcpy(&bpf
->bf_insn
, program
.bf_insns
,
150 sizeof(struct bpf_insn
) * program
.bf_len
);
151 (*cmd
)->len
|= (sizeof(ipfw_insn_bpf
) +
152 sizeof(struct bpf_insn
) * (bpf
->bf_len
- 1)) /
155 pcap_freecode(&program
);
160 show_tcpflag(ipfw_insn
*cmd
, int show_or
)
162 printf(" tcpflag %d", cmd
->arg1
);
166 show_uid(ipfw_insn
*cmd
, int show_or
)
168 ipfw_insn_u32
*cmd32
= (ipfw_insn_u32
*)cmd
;
169 struct passwd
*pwd
= getpwuid(cmd32
->d
[0]);
171 printf(" uid %s", pwd
->pw_name
);
173 printf(" uid %u", cmd32
->d
[0]);
178 show_gid(ipfw_insn
*cmd
, int show_or
)
180 ipfw_insn_u32
*cmd32
= (ipfw_insn_u32
*)cmd
;
181 struct group
*grp
= getgrgid(cmd32
->d
[0]);
183 printf(" gid %s", grp
->gr_name
);
185 printf(" gid %u", cmd32
->d
[0]);
190 show_established(ipfw_insn
*cmd
, int show_or
)
192 printf(" established");
196 show_bpf(ipfw_insn
*cmd
, int show_or
)
202 bpf
= (ipfw_insn_bpf
*)cmd
;
203 printf(" %s \"%s\"", word
, bpf
->bf_str
);
207 load_module(register_func function
, register_keyword keyword
)
209 keyword(MODULE_LAYER4_ID
, O_LAYER4_TCPFLAG
, "tcpflag", FILTER
);
210 function(MODULE_LAYER4_ID
, O_LAYER4_TCPFLAG
,
211 (parser_func
)parse_tcpflag
, (shower_func
)show_tcpflag
);
212 keyword(MODULE_LAYER4_ID
, O_LAYER4_UID
, "uid", FILTER
);
213 function(MODULE_LAYER4_ID
, O_LAYER4_UID
,
214 (parser_func
)parse_uid
, (shower_func
)show_uid
);
215 keyword(MODULE_LAYER4_ID
, O_LAYER4_GID
, "gid", FILTER
);
216 function(MODULE_LAYER4_ID
, O_LAYER4_GID
,
217 (parser_func
)parse_gid
, (shower_func
)show_gid
);
218 keyword(MODULE_LAYER4_ID
, O_LAYER4_ESTABLISHED
, "established", FILTER
);
219 function(MODULE_LAYER4_ID
, O_LAYER4_ESTABLISHED
,
220 (parser_func
)parse_established
, (shower_func
)show_established
);
221 keyword(MODULE_LAYER4_ID
, O_LAYER4_BPF
, "bpf", FILTER
);
222 function(MODULE_LAYER4_ID
, O_LAYER4_BPF
,
223 (parser_func
)parse_bpf
, (shower_func
)show_bpf
);