search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
kernel - Fix issue w/ buffer ortation when doing non-blocking read from bpf
[dragonfly.git] / contrib / ipfilter / ipnat.c
blob69e7959260e71f5e94701f2c2565c852ebdfc4ca
1 /*
2 * Copyright (C) 1993-2002 by Darren Reed.
3 *
4 * See the IPFILTER.LICENCE file for details on licencing.
5 *
6 * Added redirect stuff and a variety of bug fixes. (mcn@EnGarde.com)
7 */
8 #if defined(__sgi) && (IRIX > 602)
9 # include <sys/ptimers.h>
10 #endif
11 #include <stdio.h>
12 #include <string.h>
13 #include <fcntl.h>
14 #include <errno.h>
15 #include <sys/types.h>
16 #if !defined(__SVR4) && !defined(__svr4__)
17 #include <strings.h>
18 #else
19 #include <sys/byteorder.h>
20 #endif
21 #include <sys/time.h>
22 #include <sys/param.h>
23 #include <stdlib.h>
24 #include <unistd.h>
25 #include <stddef.h>
26 #include <sys/socket.h>
27 #include <sys/ioctl.h>
28 #if defined(sun) && (defined(__svr4__) || defined(__SVR4))
29 # include <sys/ioccom.h>
30 # include <sys/sysmacros.h>
31 #endif
32 #include <netinet/in.h>
33 #include <netinet/in_systm.h>
34 #include <netinet/ip.h>
35 #include <netinet/tcp.h>
36 #include <net/if.h>
37 #if __FreeBSD_version >= 300000
38 # include <net/if_var.h>
39 #endif
40 #include <netdb.h>
41 #include <arpa/nameser.h>
42 #include <arpa/inet.h>
43 #include <resolv.h>
44 #include <ctype.h>
45 #include <nlist.h>
46 #include "netinet/ip_compat.h"
47 #include "netinet/ip_fil.h"
48 #include "netinet/ip_nat.h"
49 #include "netinet/ip_state.h"
50 #include "netinet/ip_proxy.h"
51 #include "ipf.h"
52 #include "kmem.h"
53
54 #if defined(sun) && !SOLARIS2
55 # define STRERROR(x) sys_errlist[x]
56 extern char *sys_errlist[];
57 #else
58 # define STRERROR(x) strerror(x)
59 #endif
60
61 #if !defined(lint)
62 static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
63 static const char rcsid[] = "@(#)$Id: ipnat.c,v 2.16.2.25 2003/06/05 14:00:28 darrenr Exp $";
64 #endif
65
66
67 #if SOLARIS
68 #define bzero(a,b) memset(a,0,b)
69 #endif
70 int use_inet6 = 0;
71 char thishost[MAXHOSTNAMELEN];
72
73 extern char *optarg;
74 extern int optind;
75 #if 0
76 extern ipnat_t *natparse __P((char *, int));
77 #endif
78 extern void natparsefile __P((int, char *, int));
79 extern void printnat __P((ipnat_t *, int));
80 extern void printactivenat __P((nat_t *, int));
81 extern void printhostmap __P((hostmap_t *, u_int));
82 extern char *getsumd __P((u_32_t));
83
84 static int dostats __P((natstat_t *, int));
85 static int flushtable __P((int, int));
86 void usage __P((char *));
87 int countbits __P((u_32_t));
88 char *getnattype __P((ipnat_t *));
89 int main __P((int, char*[]));
90 void printaps __P((ap_session_t *, int));
91 static int showhostmap __P((natstat_t *nsp));
92 static int natstat_dead __P((natstat_t *, char *));
93
94
95 void usage(name)
96 char *name;
97 {
98 fprintf(stderr, "Usage: %s [-CFhlnrsv] [-f filename]\n", name);
99 exit(1);
100 }
101
102
103 int main(argc, argv)
104 int argc;
105 char *argv[];
106 {
107 natstat_t ns, *nsp = &ns;
108 char *file, *core, *kernel;
109 int fd, opts, c, mode;
110
111 fd = -1;
112 opts = 0;
113 file = NULL;
114 core = NULL;
115 kernel = NULL;
116 mode = O_RDWR;
117
118 while ((c = getopt(argc, argv, "CdFf:hlM:N:nrsv")) != -1)
119 switch (c)
120 {
121 case 'C' :
122 opts |= OPT_CLEAR;
123 break;
124 case 'd' :
125 opts |= OPT_DEBUG;
126 break;
127 case 'f' :
128 file = optarg;
129 break;
130 case 'F' :
131 opts |= OPT_FLUSH;
132 break;
133 case 'h' :
134 opts |=OPT_HITS;
135 break;
136 case 'l' :
137 opts |= OPT_LIST;
138 mode = O_RDONLY;
139 break;
140 case 'M' :
141 core = optarg;
142 break;
143 case 'N' :
144 kernel = optarg;
145 break;
146 case 'n' :
147 opts |= OPT_NODO;
148 mode = O_RDONLY;
149 break;
150 case 'r' :
151 opts |= OPT_REMOVE;
152 break;
153 case 's' :
154 opts |= OPT_STAT;
155 mode = O_RDONLY;
156 break;
157 case 'v' :
158 opts |= OPT_VERBOSE;
159 break;
160 case '?' :
161 default :
162 usage(argv[0]);
163 }
164
165 if (optind < 2)
166 usage(argv[0]);
167
168 if ((kernel != NULL) || (core != NULL)) {
169 (void) setgid(getgid());
170 (void) setuid(getuid());
171 }
172
173 bzero((char *)&ns, sizeof(ns));
174
175 gethostname(thishost, sizeof(thishost));
176 thishost[sizeof(thishost) - 1] = '\0';
177
178 if (!(opts & OPT_NODO) && (kernel == NULL) && (core == NULL)) {
179 if (openkmem(kernel, core) == -1)
180 exit(1);
181
182 if (((fd = open(IPL_NAT, mode)) == -1) &&
183 ((fd = open(IPL_NAT, O_RDONLY)) == -1)) {
184 (void) fprintf(stderr, "%s: open: %s\n", IPL_NAT,
185 STRERROR(errno));
186 if (errno == ENODEV)
187 fprintf(stderr, "IPFilter enabled?\n");
188 exit(1);
189 }
190 if (ioctl(fd, SIOCGNATS, &nsp) == -1) {
191 perror("ioctl(SIOCGNATS)");
192 exit(1);
193 }
194 (void) setgid(getgid());
195 (void) setuid(getuid());
196 } else if ((kernel != NULL) || (core != NULL)) {
197 if (openkmem(kernel, core) == -1)
198 exit(1);
199
200 if (natstat_dead(nsp, kernel))
201 exit(1);
202 if (opts & (OPT_LIST|OPT_STAT)) {
203 if (dostats(nsp, opts))
204 exit(1);
205 }
206 exit(0);
207 }
208
209 if (opts & (OPT_FLUSH|OPT_CLEAR))
210 if (flushtable(fd, opts))
211 exit(1);
212 if (file) {
213 /* NB natparsefile exits with nonzero in case of error */
214 natparsefile(fd, file, opts);
215 }
216 if (opts & (OPT_LIST|OPT_STAT))
217 if (dostats(nsp, opts))
218 exit(1);
219
220 /* TBD why not exit(0)? */
221 return 0;
222 }
223
224
225 /*
226 * Read NAT statistic information in using a symbol table and memory file
227 * rather than doing ioctl's.
228 */
229 static int natstat_dead(nsp, kernel)
230 natstat_t *nsp;
231 char *kernel;
232 {
233 struct nlist nat_nlist[10] = {
234 { "nat_table" }, /* 0 */
235 { "nat_list" },
236 { "maptable" },
237 { "ipf_nattable_sz" },
238 { "ipf_natrules_sz" },
239 { "ipf_rdrrules_sz" }, /* 5 */
240 { "ipf_hostmap_sz" },
241 { "nat_instances" },
242 { "ap_sess_list" },
243 { NULL }
244 };
245 void *tables[2];
246
247 if (nlist(kernel, nat_nlist) == -1) {
248 fprintf(stderr, "nlist error\n");
249 return -1;
250 }
251
252 /*
253 * Normally the ioctl copies all of these values into the structure
254 * for us, before returning it to userland, so here we must copy each
255 * one in individually.
256 */
257 kmemcpy((char *)&tables, nat_nlist[0].n_value, sizeof(tables));
258 nsp->ns_table[0] = tables[0];
259 nsp->ns_table[1] = tables[1];
260
261 kmemcpy((char *)&nsp->ns_list, nat_nlist[1].n_value,
262 sizeof(nsp->ns_list));
263 kmemcpy((char *)&nsp->ns_maptable, nat_nlist[2].n_value,
264 sizeof(nsp->ns_maptable));
265 kmemcpy((char *)&nsp->ns_nattab_sz, nat_nlist[3].n_value,
266 sizeof(nsp->ns_nattab_sz));
267 kmemcpy((char *)&nsp->ns_rultab_sz, nat_nlist[4].n_value,
268 sizeof(nsp->ns_rultab_sz));
269 kmemcpy((char *)&nsp->ns_rdrtab_sz, nat_nlist[5].n_value,
270 sizeof(nsp->ns_rdrtab_sz));
271 kmemcpy((char *)&nsp->ns_hostmap_sz, nat_nlist[6].n_value,
272 sizeof(nsp->ns_hostmap_sz));
273 kmemcpy((char *)&nsp->ns_instances, nat_nlist[7].n_value,
274 sizeof(nsp->ns_instances));
275 kmemcpy((char *)&nsp->ns_apslist, nat_nlist[8].n_value,
276 sizeof(nsp->ns_apslist));
277
278 return 0;
279 }
280
281
282 /*
283 * Display NAT statistics.
284 */
285 static int dostats(nsp, opts)
286 natstat_t *nsp;
287 int opts;
288 {
289 nat_t **nt[2], *np, nat;
290 ipnat_t ipn;
291 int rc = 0;
292
293 /*
294 * Show statistics ?
295 */
296 if (opts & OPT_STAT) {
297 printf("mapped\tin\t%lu\tout\t%lu\n",
298 nsp->ns_mapped[0], nsp->ns_mapped[1]);
299 printf("added\t%lu\texpired\t%lu\n",
300 nsp->ns_added, nsp->ns_expire);
301 printf("no memory\t%lu\tbad nat\t%lu\n",
302 nsp->ns_memfail, nsp->ns_badnat);
303 printf("inuse\t%lu\nrules\t%lu\n",
304 nsp->ns_inuse, nsp->ns_rules);
305 printf("wilds\t%u\n", nsp->ns_wilds);
306 if (opts & OPT_VERBOSE)
307 printf("table %p list %p\n",
308 nsp->ns_table, nsp->ns_list);
309 }
310
311 /*
312 * Show list of NAT rules and NAT sessions ?
313 */
314 if (opts & OPT_LIST) {
315 printf("List of active MAP/Redirect filters:\n");
316 while (nsp->ns_list) {
317 if (kmemcpy((char *)&ipn, (long)nsp->ns_list,
318 sizeof(ipn))) {
319 perror("kmemcpy");
320 rc = -1;
321 break;
322 }
323 if (opts & OPT_HITS)
324 printf("%d ", ipn.in_hits);
325 printnat(&ipn, opts & (OPT_DEBUG|OPT_VERBOSE));
326 nsp->ns_list = ipn.in_next;
327 }
328
329 nt[0] = (nat_t **)malloc(sizeof(*nt) * NAT_SIZE);
330 if (kmemcpy((char *)nt[0], (long)nsp->ns_table[0],
331 sizeof(**nt) * NAT_SIZE)) {
332 perror("kmemcpy");
333 rc = -1;
334 }
335 if (rc) {
336 free(nt[0]);
337 return rc;
338 }
339
340 printf("\nList of active sessions:\n");
341
342 for (np = nsp->ns_instances; np; np = nat.nat_next) {
343 if (kmemcpy((char *)&nat, (long)np, sizeof(nat))) {
344 /* TBD Is this an error? If so, return -1 */
345 break;
346 }
347 printactivenat(&nat, opts);
348 }
349
350 if (opts & OPT_VERBOSE) {
351 if (showhostmap(nsp)) {
352 free(nt[0]);
353 return -1;
354 }
355 }
356
357 free(nt[0]);
358 }
359 return 0;
360 }
361
362
363 /*
364 * Display the active host mapping table.
365 */
366 static int showhostmap(nsp)
367 natstat_t *nsp;
368 {
369 hostmap_t hm, *hmp, **maptable;
370 u_int hv;
371
372 printf("\nList of active host mappings:\n");
373
374 maptable = (hostmap_t **)malloc(sizeof(hostmap_t *) *
375 nsp->ns_hostmap_sz);
376 if (kmemcpy((char *)maptable, (u_long)nsp->ns_maptable,
377 sizeof(hostmap_t *) * nsp->ns_hostmap_sz)) {
378 perror("kmemcpy (maptable)");
379 free(maptable);
380 return -1;
381 }
382
383 for (hv = 0; hv < nsp->ns_hostmap_sz; hv++) {
384 hmp = maptable[hv];
385
386 while (hmp) {
387 if (kmemcpy((char *)&hm, (u_long)hmp, sizeof(hm))) {
388 perror("kmemcpy (hostmap)");
389 free(maptable);
390 return -1;
391 }
392
393 printhostmap(&hm, hv);
394 hmp = hm.hm_next;
395 }
396 }
397 free(maptable);
398 return 0;
399 }
400
401
402 /*
403 * Issue an ioctl to flush either the NAT rules table or the active mapping
404 * table or both.
405 */
406 static int flushtable(fd, opts)
407 int fd, opts;
408 {
409 int n = 0;
410 int rc = 0;
411
412 if (opts & OPT_FLUSH) {
413 n = 0;
414 if (!(opts & OPT_NODO) && ioctl(fd, SIOCIPFFL, &n) == -1) {
415 perror("ioctl(SIOCFLNAT)");
416 rc = -1;
417 } else {
418 printf("%d entries flushed from NAT table\n", n);
419 }
420 }
421
422 if (opts & OPT_CLEAR) {
423 n = 1;
424 if (!(opts & OPT_NODO) && ioctl(fd, SIOCIPFFL, &n) == -1) {
425 perror("ioctl(SIOCCNATL)");
426 rc = -1;
427 } else {
428 printf("%d entries flushed from NAT list\n", n);
429 }
430 }
431
432 return rc;
433 }
DragonFly BSD