sbin/ipfw3/ipfw3basic.c

   1 /*
   2  * Copyright (c) 2014 - 2018 The DragonFly Project.  All rights reserved.
   3  *
   4  * This code is derived from software contributed to The DragonFly Project
   5  * by Bill Yuan <bycn82@dragonflybsd.org>
   6  *
   7  * Redistribution and use in source and binary forms, with or without
   8  * modification, are permitted provided that the following conditions
   9  * are met:
  10  *
  11  * 1. Redistributions of source code must retain the above copyright
  12  *    notice, this list of conditions and the following disclaimer.
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in
  15  *    the documentation and/or other materials provided with the
  16  *    distribution.
  17  * 3. Neither the name of The DragonFly Project nor the names of its
  18  *    contributors may be used to endorse or promote products derived
  19  *    from this software without specific, prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  22  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  23  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
  24  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
  25  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
  26  * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
  27  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  28  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
  29  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
  30  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
  31  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  32  * SUCH DAMAGE.
  33  */
  34
  35 #include <sys/param.h>
  36 #include <sys/mbuf.h>
  37 #include <sys/socket.h>
  38 #include <sys/sockio.h>
  39 #include <sys/sysctl.h>
  40 #include <sys/time.h>
  41 #include <sys/wait.h>
  42
  43 #include <arpa/inet.h>
  44 #include <ctype.h>
  45 #include <dlfcn.h>
  46 #include <err.h>
  47 #include <errno.h>
  48 #include <grp.h>
  49 #include <limits.h>
  50 #include <netdb.h>
  51 #include <pwd.h>
  52 #include <sysexits.h>
  53 #include <signal.h>
  54 #include <stdio.h>
  55 #include <stdlib.h>
  56 #include <stdarg.h>
  57 #include <string.h>
  58 #include <timeconv.h>
  59 #include <unistd.h>
  60
  61 #include <netinet/in.h>
  62 #include <netinet/in_systm.h>
  63 #include <netinet/ip.h>
  64 #include <netinet/ip_icmp.h>
  65 #include <netinet/tcp.h>
  66 #include <net/if.h>
  67 #include <net/if_dl.h>
  68 #include <net/route.h>
  69 #include <net/ethernet.h>
  70
  71 #include <net/ipfw3/ip_fw3.h>
  72 #include <net/ipfw3_basic/ip_fw3_table.h>
  73 #include <net/ipfw3_basic/ip_fw3_sync.h>
  74 #include <net/ipfw3_basic/ip_fw3_basic.h>
  75 #include <net/ipfw3_nat/ip_fw3_nat.h>
  76 #include <net/dummynet3/ip_dummynet3.h>
  77
  78 #include "ipfw3.h"
  79 #include "ipfw3basic.h"
  80
  81
  82 void
  83 parse_accept(ipfw_insn **cmd, int *ac, char **av[])
  84 {
  85         (*cmd)->opcode = O_BASIC_ACCEPT;
  86         (*cmd)->module = MODULE_BASIC_ID;
  87         (*cmd)->len = (*cmd)->len|LEN_OF_IPFWINSN;
  88         NEXT_ARG1;
  89         if (!strncmp(**av, "log", strlen(**av))) {
  90                 (*cmd)->arg3 = 1;
  91                 NEXT_ARG1;
  92                 if (isdigit(***av)) {
  93                         (*cmd)->arg1 = strtoul(**av, NULL, 10);
  94                         NEXT_ARG1;
  95                 }
  96         }
  97 }
  98
  99 void
 100 parse_deny(ipfw_insn **cmd, int *ac, char **av[])
 101 {
 102         (*cmd)->opcode = O_BASIC_DENY;
 103         (*cmd)->module = MODULE_BASIC_ID;
 104         (*cmd)->len = (*cmd)->len|LEN_OF_IPFWINSN;
 105         NEXT_ARG1;
 106         if (!strncmp(**av, "log", strlen(**av))) {
 107                 (*cmd)->arg3 = 1;
 108                 NEXT_ARG1;
 109                 if (isdigit(***av)) {
 110                         (*cmd)->arg1 = strtoul(**av, NULL, 10);
 111                         NEXT_ARG1;
 112                 }
 113         }
 114 }
 115
 116 void
 117 show_accept(ipfw_insn *cmd, int show_or)
 118 {
 119         printf(" allow");
 120         if (cmd->arg3) {
 121                 printf(" log %d", cmd->arg1);
 122         }
 123 }
 124
 125 void
 126 show_deny(ipfw_insn *cmd, int show_or)
 127 {
 128         printf(" deny");
 129         if (cmd->arg3) {
 130                 printf(" log %d", cmd->arg1);
 131         }
 132 }
 133
 134 void
 135 prepare_default_funcs(void)
 136 {
 137         /* register allow */
 138         register_ipfw_keyword(MODULE_BASIC_ID, O_BASIC_ACCEPT, "allow", ACTION);
 139         register_ipfw_keyword(MODULE_BASIC_ID, O_BASIC_ACCEPT, "accept", ACTION);
 140         register_ipfw_func(MODULE_BASIC_ID, O_BASIC_ACCEPT,
 141                         (parser_func)parse_accept, (shower_func)show_accept);
 142         /* register deny */
 143         register_ipfw_keyword(MODULE_BASIC_ID, O_BASIC_DENY, "deny", ACTION);
 144         register_ipfw_keyword(MODULE_BASIC_ID, O_BASIC_DENY, "reject", ACTION);
 145         register_ipfw_func(MODULE_BASIC_ID, O_BASIC_DENY,
 146                         (parser_func)parse_deny, (shower_func)show_deny);
 147 }
 148