2 * Copyright (c) 2014 The DragonFly Project. All rights reserved.
4 * This code is derived from software contributed to The DragonFly Project
5 * by Bill Yuan <bycn82@dragonflybsd.org>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
46 #include <net/route.h>
48 #include <netinet/in.h>
50 #include "../../../sys/net/ipfw3/ip_fw3.h"
51 #include "../../../sbin/ipfw3/ipfw3.h"
52 #include "ipfw3_layer4.h"
55 char_at(char *str
, char c
)
58 for (pos
= 0; str
[pos
] != '\0'; pos
++) {
66 parse_tcpflag(ipfw_insn
**cmd
, int *ac
, char **av
[])
68 (*cmd
)->opcode
= O_LAYER4_TCPFLAG
;
69 (*cmd
)->module
= MODULE_LAYER4_ID
;
70 (*cmd
)->len
|= LEN_OF_IPFWINSN
;
71 /* XXX TODO parse the tcpflag value and store in arg1 or arg3 */
76 parse_uid(ipfw_insn
**cmd
, int *ac
, char **av
[])
83 ipfw_insn_u32
*cmd32
= (ipfw_insn_u32
*)(*cmd
);
84 uid
= strtoul(**av
, &end
, 0);
85 pwd
= (*end
== '\0') ? getpwuid(uid
) : getpwnam(**av
);
87 errx(EX_DATAERR
, "uid \"%s\" not exists", **av
);
89 cmd32
->d
[0] = pwd
->pw_uid
;
91 (*cmd
)->opcode
= O_LAYER4_UID
;
92 (*cmd
)->module
= MODULE_LAYER4_ID
;
93 (*cmd
)->len
|= F_INSN_SIZE(ipfw_insn_u32
);
98 parse_gid(ipfw_insn
**cmd
, int *ac
, char **av
[])
105 ipfw_insn_u32
*cmd32
= (ipfw_insn_u32
*)(*cmd
);
106 gid
= strtoul(**av
, &end
, 0);
107 grp
= (*end
== '\0') ? getgrgid(gid
) : getgrnam(**av
);
109 errx(EX_DATAERR
, "gid \"%s\" not exists", **av
);
111 cmd32
->d
[0] = grp
->gr_gid
;
113 (*cmd
)->opcode
= O_LAYER4_GID
;
114 (*cmd
)->module
= MODULE_LAYER4_ID
;
115 (*cmd
)->len
|= F_INSN_SIZE(ipfw_insn_u32
);
120 parse_established(ipfw_insn
**cmd
, int *ac
, char **av
[])
123 (*cmd
)->opcode
= O_LAYER4_ESTABLISHED
;
124 (*cmd
)->module
= MODULE_LAYER4_ID
;
125 (*cmd
)->len
|= LEN_OF_IPFWINSN
;
129 parse_bpf(ipfw_insn
**cmd
, int *ac
, char **av
[])
131 struct bpf_program program
;
136 (*cmd
)->opcode
= O_LAYER4_BPF
;
137 (*cmd
)->module
= MODULE_LAYER4_ID
;
139 avlen
= strlen(**av
);
141 errx(EX_DATAERR
, "bpf \"%s\" too long (max 256)", **av
);
142 bpf
= (ipfw_insn_bpf
*)(*cmd
);
143 strcpy(bpf
->bf_str
, **av
);
144 if (pcap_compile_nopcap(65535, DLT_RAW
, &program
, **av
, 1,
145 PCAP_NETMASK_UNKNOWN
))
146 errx(EX_DATAERR
, "bpf \"%s\" compilation error", **av
);
147 bpf
->bf_len
= program
.bf_len
;
149 memcpy(&bpf
->bf_insn
, program
.bf_insns
,
150 sizeof(struct bpf_insn
) * program
.bf_len
);
151 (*cmd
)->len
|= (sizeof(ipfw_insn_bpf
) +
152 sizeof(struct bpf_insn
) * (bpf
->bf_len
- 1)) /
155 pcap_freecode(&program
);
160 show_tcpflag(ipfw_insn
*cmd
, int show_or
)
162 char *word
= "tcpflag";
165 printf(" %s %d", word
, cmd
->arg1
);
169 show_uid(ipfw_insn
*cmd
, int show_or
)
171 ipfw_insn_u32
*cmd32
= (ipfw_insn_u32
*)cmd
;
172 struct passwd
*pwd
= getpwuid(cmd32
->d
[0]);
177 printf(" %s %s", word
, pwd
->pw_name
);
179 printf(" %s %u", word
, cmd32
->d
[0]);
184 show_gid(ipfw_insn
*cmd
, int show_or
)
186 ipfw_insn_u32
*cmd32
= (ipfw_insn_u32
*)cmd
;
187 struct group
*grp
= getgrgid(cmd32
->d
[0]);
192 printf(" %s %s", word
, grp
->gr_name
);
194 printf(" %s %u", word
, cmd32
->d
[0]);
199 show_established(ipfw_insn
*cmd
, int show_or
)
201 printf(" established");
205 show_bpf(ipfw_insn
*cmd
, int show_or
)
211 bpf
= (ipfw_insn_bpf
*)cmd
;
212 printf(" %s \"%s\"", word
, bpf
->bf_str
);
216 load_module(register_func function
, register_keyword keyword
)
218 keyword(MODULE_LAYER4_ID
, O_LAYER4_TCPFLAG
, "tcpflag", FILTER
);
219 function(MODULE_LAYER4_ID
, O_LAYER4_TCPFLAG
,
220 (parser_func
)parse_tcpflag
, (shower_func
)show_tcpflag
);
221 keyword(MODULE_LAYER4_ID
, O_LAYER4_UID
, "uid", FILTER
);
222 function(MODULE_LAYER4_ID
, O_LAYER4_UID
,
223 (parser_func
)parse_uid
, (shower_func
)show_uid
);
224 keyword(MODULE_LAYER4_ID
, O_LAYER4_GID
, "gid", FILTER
);
225 function(MODULE_LAYER4_ID
, O_LAYER4_GID
,
226 (parser_func
)parse_gid
, (shower_func
)show_gid
);
227 keyword(MODULE_LAYER4_ID
, O_LAYER4_ESTABLISHED
, "established", FILTER
);
228 function(MODULE_LAYER4_ID
, O_LAYER4_ESTABLISHED
,
229 (parser_func
)parse_established
, (shower_func
)show_established
);
230 keyword(MODULE_LAYER4_ID
, O_LAYER4_BPF
, "bpf", FILTER
);
231 function(MODULE_LAYER4_ID
, O_LAYER4_BPF
,
232 (parser_func
)parse_bpf
, (shower_func
)show_bpf
);