search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
hammer2 - Fix corruption on sync (2)
[dragonfly.git] / usr.sbin / pfctl / pfctl_radix.c
blob9a50c18bbbb402673b78d2dc20700a6756ad934e
1 /* $OpenBSD: pfctl_radix.c,v 1.28 2007/12/05 12:01:47 chl Exp $ */
2
3 /*
4 * Copyright (c) 2002 Cedric Berger
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * - Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * - Redistributions in binary form must reproduce the above
14 * copyright notice, this list of conditions and the following
15 * disclaimer in the documentation and/or other materials provided
16 * with the distribution.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
21 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
24 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
26 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
28 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 * POSSIBILITY OF SUCH DAMAGE.
30 *
31 */
32
33 #include <sys/types.h>
34 #include <sys/ioctl.h>
35 #include <sys/socket.h>
36
37 #include <net/if.h>
38 #include <net/pf/pfvar.h>
39
40 #include <errno.h>
41 #include <string.h>
42 #include <ctype.h>
43 #include <stdio.h>
44 #include <stdlib.h>
45 #include <limits.h>
46 #include <err.h>
47
48 #include "pfctl.h"
49
50 #define BUF_SIZE 256
51
52 extern int dev_fd;
53
54 static int pfr_next_token(char buf[], FILE *);
55
56
57 int
58 pfr_clr_tables(struct pfr_table *filter, int *ndel, int flags)
59 {
60 struct pfioc_table io;
61
62 bzero(&io, sizeof io);
63 io.pfrio_flags = flags;
64 if (filter != NULL)
65 io.pfrio_table = *filter;
66 if (ioctl(dev_fd, DIOCRCLRTABLES, &io))
67 return (-1);
68 if (ndel != NULL)
69 *ndel = io.pfrio_ndel;
70 return (0);
71 }
72
73 int
74 pfr_add_tables(struct pfr_table *tbl, int size, int *nadd, int flags)
75 {
76 struct pfioc_table io;
77
78 if (size < 0 || (size && tbl == NULL)) {
79 errno = EINVAL;
80 return (-1);
81 }
82 bzero(&io, sizeof io);
83 io.pfrio_flags = flags;
84 io.pfrio_buffer = tbl;
85 io.pfrio_esize = sizeof(*tbl);
86 io.pfrio_size = size;
87 if (ioctl(dev_fd, DIOCRADDTABLES, &io))
88 return (-1);
89 if (nadd != NULL)
90 *nadd = io.pfrio_nadd;
91 return (0);
92 }
93
94 int
95 pfr_del_tables(struct pfr_table *tbl, int size, int *ndel, int flags)
96 {
97 struct pfioc_table io;
98
99 if (size < 0 || (size && tbl == NULL)) {
100 errno = EINVAL;
101 return (-1);
102 }
103 bzero(&io, sizeof io);
104 io.pfrio_flags = flags;
105 io.pfrio_buffer = tbl;
106 io.pfrio_esize = sizeof(*tbl);
107 io.pfrio_size = size;
108 if (ioctl(dev_fd, DIOCRDELTABLES, &io))
109 return (-1);
110 if (ndel != NULL)
111 *ndel = io.pfrio_ndel;
112 return (0);
113 }
114
115 int
116 pfr_get_tables(struct pfr_table *filter, struct pfr_table *tbl, int *size,
117 int flags)
118 {
119 struct pfioc_table io;
120
121 if (size == NULL || *size < 0 || (*size && tbl == NULL)) {
122 errno = EINVAL;
123 return (-1);
124 }
125 bzero(&io, sizeof io);
126 io.pfrio_flags = flags;
127 if (filter != NULL)
128 io.pfrio_table = *filter;
129 io.pfrio_buffer = tbl;
130 io.pfrio_esize = sizeof(*tbl);
131 io.pfrio_size = *size;
132 if (ioctl(dev_fd, DIOCRGETTABLES, &io))
133 return (-1);
134 *size = io.pfrio_size;
135 return (0);
136 }
137
138 int
139 pfr_get_tstats(struct pfr_table *filter, struct pfr_tstats *tbl, int *size,
140 int flags)
141 {
142 struct pfioc_table io;
143
144 if (size == NULL || *size < 0 || (*size && tbl == NULL)) {
145 errno = EINVAL;
146 return (-1);
147 }
148 bzero(&io, sizeof io);
149 io.pfrio_flags = flags;
150 if (filter != NULL)
151 io.pfrio_table = *filter;
152 io.pfrio_buffer = tbl;
153 io.pfrio_esize = sizeof(*tbl);
154 io.pfrio_size = *size;
155 if (ioctl(dev_fd, DIOCRGETTSTATS, &io))
156 return (-1);
157 *size = io.pfrio_size;
158 return (0);
159 }
160
161 int
162 pfr_clr_addrs(struct pfr_table *tbl, int *ndel, int flags)
163 {
164 struct pfioc_table io;
165
166 if (tbl == NULL) {
167 errno = EINVAL;
168 return (-1);
169 }
170 bzero(&io, sizeof io);
171 io.pfrio_flags = flags;
172 io.pfrio_table = *tbl;
173 if (ioctl(dev_fd, DIOCRCLRADDRS, &io))
174 return (-1);
175 if (ndel != NULL)
176 *ndel = io.pfrio_ndel;
177 return (0);
178 }
179
180 int
181 pfr_add_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
182 int *nadd, int flags)
183 {
184 struct pfioc_table io;
185
186 if (tbl == NULL || size < 0 || (size && addr == NULL)) {
187 errno = EINVAL;
188 return (-1);
189 }
190 bzero(&io, sizeof io);
191 io.pfrio_flags = flags;
192 io.pfrio_table = *tbl;
193 io.pfrio_buffer = addr;
194 io.pfrio_esize = sizeof(*addr);
195 io.pfrio_size = size;
196 if (ioctl(dev_fd, DIOCRADDADDRS, &io))
197 return (-1);
198 if (nadd != NULL)
199 *nadd = io.pfrio_nadd;
200 return (0);
201 }
202
203 int
204 pfr_del_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
205 int *ndel, int flags)
206 {
207 struct pfioc_table io;
208
209 if (tbl == NULL || size < 0 || (size && addr == NULL)) {
210 errno = EINVAL;
211 return (-1);
212 }
213 bzero(&io, sizeof io);
214 io.pfrio_flags = flags;
215 io.pfrio_table = *tbl;
216 io.pfrio_buffer = addr;
217 io.pfrio_esize = sizeof(*addr);
218 io.pfrio_size = size;
219 if (ioctl(dev_fd, DIOCRDELADDRS, &io))
220 return (-1);
221 if (ndel != NULL)
222 *ndel = io.pfrio_ndel;
223 return (0);
224 }
225
226 int
227 pfr_set_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
228 int *size2, int *nadd, int *ndel, int *nchange, int flags)
229 {
230 struct pfioc_table io;
231
232 if (tbl == NULL || size < 0 || (size && addr == NULL)) {
233 errno = EINVAL;
234 return (-1);
235 }
236 bzero(&io, sizeof io);
237 io.pfrio_flags = flags;
238 io.pfrio_table = *tbl;
239 io.pfrio_buffer = addr;
240 io.pfrio_esize = sizeof(*addr);
241 io.pfrio_size = size;
242 io.pfrio_size2 = (size2 != NULL) ? *size2 : 0;
243 if (ioctl(dev_fd, DIOCRSETADDRS, &io))
244 return (-1);
245 if (nadd != NULL)
246 *nadd = io.pfrio_nadd;
247 if (ndel != NULL)
248 *ndel = io.pfrio_ndel;
249 if (nchange != NULL)
250 *nchange = io.pfrio_nchange;
251 if (size2 != NULL)
252 *size2 = io.pfrio_size2;
253 return (0);
254 }
255
256 int
257 pfr_get_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int *size,
258 int flags)
259 {
260 struct pfioc_table io;
261
262 if (tbl == NULL || size == NULL || *size < 0 ||
263 (*size && addr == NULL)) {
264 errno = EINVAL;
265 return (-1);
266 }
267 bzero(&io, sizeof io);
268 io.pfrio_flags = flags;
269 io.pfrio_table = *tbl;
270 io.pfrio_buffer = addr;
271 io.pfrio_esize = sizeof(*addr);
272 io.pfrio_size = *size;
273 if (ioctl(dev_fd, DIOCRGETADDRS, &io))
274 return (-1);
275 *size = io.pfrio_size;
276 return (0);
277 }
278
279 int
280 pfr_get_astats(struct pfr_table *tbl, struct pfr_astats *addr, int *size,
281 int flags)
282 {
283 struct pfioc_table io;
284
285 if (tbl == NULL || size == NULL || *size < 0 ||
286 (*size && addr == NULL)) {
287 errno = EINVAL;
288 return (-1);
289 }
290 bzero(&io, sizeof io);
291 io.pfrio_flags = flags;
292 io.pfrio_table = *tbl;
293 io.pfrio_buffer = addr;
294 io.pfrio_esize = sizeof(*addr);
295 io.pfrio_size = *size;
296 if (ioctl(dev_fd, DIOCRGETASTATS, &io))
297 return (-1);
298 *size = io.pfrio_size;
299 return (0);
300 }
301
302 int
303 pfr_clr_tstats(struct pfr_table *tbl, int size, int *nzero, int flags)
304 {
305 struct pfioc_table io;
306
307 if (size < 0 || (size && !tbl)) {
308 errno = EINVAL;
309 return (-1);
310 }
311 bzero(&io, sizeof io);
312 io.pfrio_flags = flags;
313 io.pfrio_buffer = tbl;
314 io.pfrio_esize = sizeof(*tbl);
315 io.pfrio_size = size;
316 if (ioctl(dev_fd, DIOCRCLRTSTATS, &io))
317 return (-1);
318 if (nzero)
319 *nzero = io.pfrio_nzero;
320 return (0);
321 }
322
323 int
324 pfr_tst_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size,
325 int *nmatch, int flags)
326 {
327 struct pfioc_table io;
328
329 if (tbl == NULL || size < 0 || (size && addr == NULL)) {
330 errno = EINVAL;
331 return (-1);
332 }
333 bzero(&io, sizeof io);
334 io.pfrio_flags = flags;
335 io.pfrio_table = *tbl;
336 io.pfrio_buffer = addr;
337 io.pfrio_esize = sizeof(*addr);
338 io.pfrio_size = size;
339 if (ioctl(dev_fd, DIOCRTSTADDRS, &io))
340 return (-1);
341 if (nmatch)
342 *nmatch = io.pfrio_nmatch;
343 return (0);
344 }
345
346 int
347 pfr_ina_define(struct pfr_table *tbl, struct pfr_addr *addr, int size,
348 int *nadd, int *naddr, int ticket, int flags)
349 {
350 struct pfioc_table io;
351
352 if (tbl == NULL || size < 0 || (size && addr == NULL)) {
353 errno = EINVAL;
354 return (-1);
355 }
356 bzero(&io, sizeof io);
357 io.pfrio_flags = flags;
358 io.pfrio_table = *tbl;
359 io.pfrio_buffer = addr;
360 io.pfrio_esize = sizeof(*addr);
361 io.pfrio_size = size;
362 io.pfrio_ticket = ticket;
363 if (ioctl(dev_fd, DIOCRINADEFINE, &io))
364 return (-1);
365 if (nadd != NULL)
366 *nadd = io.pfrio_nadd;
367 if (naddr != NULL)
368 *naddr = io.pfrio_naddr;
369 return (0);
370 }
371
372 /* interface management code */
373
374 int
375 pfi_get_ifaces(const char *filter, struct pfi_kif *buf, int *size)
376 {
377 struct pfioc_iface io;
378
379 if (size == NULL || *size < 0 || (*size && buf == NULL)) {
380 errno = EINVAL;
381 return (-1);
382 }
383 bzero(&io, sizeof io);
384 if (filter != NULL)
385 if (strlcpy(io.pfiio_name, filter, sizeof(io.pfiio_name)) >=
386 sizeof(io.pfiio_name)) {
387 errno = EINVAL;
388 return (-1);
389 }
390 io.pfiio_buffer = buf;
391 io.pfiio_esize = sizeof(*buf);
392 io.pfiio_size = *size;
393 if (ioctl(dev_fd, DIOCIGETIFACES, &io))
394 return (-1);
395 *size = io.pfiio_size;
396 return (0);
397 }
398
399 /* buffer management code */
400
401 size_t buf_esize[PFRB_MAX] = { 0,
402 sizeof(struct pfr_table), sizeof(struct pfr_tstats),
403 sizeof(struct pfr_addr), sizeof(struct pfr_astats),
404 sizeof(struct pfi_kif), sizeof(struct pfioc_trans_e)
405 };
406
407 /*
408 * add one element to the buffer
409 */
410 int
411 pfr_buf_add(struct pfr_buffer *b, const void *e)
412 {
413 size_t bs;
414
415 if (b == NULL || b->pfrb_type <= 0 || b->pfrb_type >= PFRB_MAX ||
416 e == NULL) {
417 errno = EINVAL;
418 return (-1);
419 }
420 bs = buf_esize[b->pfrb_type];
421 if (b->pfrb_size == b->pfrb_msize)
422 if (pfr_buf_grow(b, 0))
423 return (-1);
424 memcpy(((caddr_t)b->pfrb_caddr) + bs * b->pfrb_size, e, bs);
425 b->pfrb_size++;
426 return (0);
427 }
428
429 /*
430 * return next element of the buffer (or first one if prev is NULL)
431 * see PFRB_FOREACH macro
432 */
433 const void *
434 pfr_buf_next(struct pfr_buffer *b, const void *prev)
435 {
436 size_t bs;
437
438 if (b == NULL || b->pfrb_type <= 0 || b->pfrb_type >= PFRB_MAX)
439 return (NULL);
440 if (b->pfrb_size == 0)
441 return (NULL);
442 if (prev == NULL)
443 return (b->pfrb_caddr);
444 bs = buf_esize[b->pfrb_type];
445 if ((((c_caddr_t)prev)-((c_caddr_t)b->pfrb_caddr)) / bs + 1 >=
446 (size_t)b->pfrb_size)
447 return (NULL);
448 return (((c_caddr_t)prev) + bs);
449 }
450
451 /*
452 * minsize:
453 * 0: make the buffer somewhat bigger
454 * n: make room for "n" entries in the buffer
455 */
456 int
457 pfr_buf_grow(struct pfr_buffer *b, int minsize)
458 {
459 caddr_t p;
460 size_t bs;
461
462 if (b == NULL || b->pfrb_type <= 0 || b->pfrb_type >= PFRB_MAX) {
463 errno = EINVAL;
464 return (-1);
465 }
466 if (minsize != 0 && minsize <= b->pfrb_msize)
467 return (0);
468 bs = buf_esize[b->pfrb_type];
469 if (!b->pfrb_msize) {
470 if (minsize < 64)
471 minsize = 64;
472 b->pfrb_caddr = calloc(bs, minsize);
473 if (b->pfrb_caddr == NULL)
474 return (-1);
475 b->pfrb_msize = minsize;
476 } else {
477 if (minsize == 0)
478 minsize = b->pfrb_msize * 2;
479 if (minsize < 0 || (size_t)minsize >= SIZE_T_MAX / bs) {
480 /* msize overflow */
481 errno = ENOMEM;
482 return (-1);
483 }
484 p = realloc(b->pfrb_caddr, minsize * bs);
485 if (p == NULL)
486 return (-1);
487 bzero(p + b->pfrb_msize * bs, (minsize - b->pfrb_msize) * bs);
488 b->pfrb_caddr = p;
489 b->pfrb_msize = minsize;
490 }
491 return (0);
492 }
493
494 /*
495 * reset buffer and free memory.
496 */
497 void
498 pfr_buf_clear(struct pfr_buffer *b)
499 {
500 if (b == NULL)
501 return;
502 if (b->pfrb_caddr != NULL)
503 free(b->pfrb_caddr);
504 b->pfrb_caddr = NULL;
505 b->pfrb_size = b->pfrb_msize = 0;
506 }
507
508 int
509 pfr_buf_load(struct pfr_buffer *b, char *file, int nonetwork,
510 int (*append_addr)(struct pfr_buffer *, char *, int))
511 {
512 FILE *fp;
513 char buf[BUF_SIZE];
514 int rv;
515
516 if (file == NULL)
517 return (0);
518 if (!strcmp(file, "-"))
519 fp = stdin;
520 else {
521 fp = pfctl_fopen(file, "r");
522 if (fp == NULL)
523 return (-1);
524 }
525 while ((rv = pfr_next_token(buf, fp)) == 1)
526 if (append_addr(b, buf, nonetwork)) {
527 rv = -1;
528 break;
529 }
530 if (fp != stdin)
531 fclose(fp);
532 return (rv);
533 }
534
535 int
536 pfr_next_token(char buf[BUF_SIZE], FILE *fp)
537 {
538 static char next_ch = ' ';
539 int i = 0;
540
541 for (;;) {
542 /* skip spaces */
543 while (isspace(next_ch) && !feof(fp))
544 next_ch = fgetc(fp);
545 /* remove from '#' until end of line */
546 if (next_ch == '#')
547 while (!feof(fp)) {
548 next_ch = fgetc(fp);
549 if (next_ch == '\n')
550 break;
551 }
552 else
553 break;
554 }
555 if (feof(fp)) {
556 next_ch = ' ';
557 return (0);
558 }
559 do {
560 if (i < BUF_SIZE)
561 buf[i++] = next_ch;
562 next_ch = fgetc(fp);
563 } while (!feof(fp) && !isspace(next_ch));
564 if (i >= BUF_SIZE) {
565 errno = EINVAL;
566 return (-1);
567 }
568 buf[i] = '\0';
569 return (1);
570 }
571
572 const char *
573 pfr_strerror(int errnum)
574 {
575 switch (errnum) {
576 case ESRCH:
577 return "Table does not exist";
578 case ENOENT:
579 return "Anchor or Ruleset does not exist";
580 default:
581 return strerror(errnum);
582 }
583 }
DragonFly BSD