Changeset View
Changeset View
Standalone View
Standalone View
sbin/ipfw/ipfw2.c
Show First 20 Lines • Show All 2,241 Lines • ▼ Show 20 Lines | |||||
show_dyn_state(struct cmdline_opts *co, struct format_opts *fo, | show_dyn_state(struct cmdline_opts *co, struct format_opts *fo, | ||||
struct buf_pr *bp, ipfw_dyn_rule *d) | struct buf_pr *bp, ipfw_dyn_rule *d) | ||||
{ | { | ||||
struct protoent *pe; | struct protoent *pe; | ||||
struct in_addr a; | struct in_addr a; | ||||
uint16_t rulenum; | uint16_t rulenum; | ||||
char buf[INET6_ADDRSTRLEN]; | char buf[INET6_ADDRSTRLEN]; | ||||
if (!co->do_expired) { | if (d->expire == 0 && d->dyn_type != O_LIMIT_PARENT) | ||||
if (!d->expire && !(d->dyn_type == O_LIMIT_PARENT)) | |||||
return; | return; | ||||
} | |||||
bcopy(&d->rule, &rulenum, sizeof(rulenum)); | bcopy(&d->rule, &rulenum, sizeof(rulenum)); | ||||
bprintf(bp, "%05d", rulenum); | bprintf(bp, "%05d", rulenum); | ||||
if (fo->pcwidth > 0 || fo->bcwidth > 0) { | if (fo->pcwidth > 0 || fo->bcwidth > 0) { | ||||
bprintf(bp, " "); | bprintf(bp, " "); | ||||
pr_u64(bp, &d->pcnt, fo->pcwidth); | pr_u64(bp, &d->pcnt, fo->pcwidth); | ||||
pr_u64(bp, &d->bcnt, fo->bcwidth); | pr_u64(bp, &d->bcnt, fo->bcwidth); | ||||
bprintf(bp, "(%ds)", d->expire); | bprintf(bp, "(%ds)", d->expire); | ||||
} | } | ||||
Show All 25 Lines | bprintf(bp, " %s %d", inet_ntop(AF_INET6, &d->id.src_ip6, buf, | ||||
sizeof(buf)), d->id.src_port); | sizeof(buf)), d->id.src_port); | ||||
bprintf(bp, " <-> %s %d", inet_ntop(AF_INET6, &d->id.dst_ip6, | bprintf(bp, " <-> %s %d", inet_ntop(AF_INET6, &d->id.dst_ip6, | ||||
buf, sizeof(buf)), d->id.dst_port); | buf, sizeof(buf)), d->id.dst_port); | ||||
} else | } else | ||||
bprintf(bp, " UNKNOWN <-> UNKNOWN"); | bprintf(bp, " UNKNOWN <-> UNKNOWN"); | ||||
if (d->kidx != 0) | if (d->kidx != 0) | ||||
bprintf(bp, " :%s", object_search_ctlv(fo->tstate, | bprintf(bp, " :%s", object_search_ctlv(fo->tstate, | ||||
d->kidx, IPFW_TLV_STATE_NAME)); | d->kidx, IPFW_TLV_STATE_NAME)); | ||||
#define BOTH_SYN (TH_SYN | (TH_SYN << 8)) | |||||
#define BOTH_FIN (TH_FIN | (TH_FIN << 8)) | |||||
if (co->verbose) { | |||||
bprintf(bp, " state 0x%08x ", d->state); | |||||
if (d->state & IPFW_DYN_ORPHANED) | |||||
bprintf(bp, "ORPHANED,"); | |||||
if ((d->state & BOTH_SYN) == BOTH_SYN) | |||||
bprintf(bp, "BOTH_SYN,"); | |||||
else { | |||||
if (d->state & TH_SYN) | |||||
bprintf(bp, "F_SYN,"); | |||||
if (d->state & (TH_SYN << 8)) | |||||
bprintf(bp, "R_SYN,"); | |||||
} | } | ||||
if ((d->state & BOTH_FIN) == BOTH_FIN) | |||||
bprintf(bp, "BOTH_FIN,"); | |||||
else { | |||||
if (d->state & TH_FIN) | |||||
bprintf(bp, "F_FIN,"); | |||||
if (d->state & (TH_FIN << 8)) | |||||
bprintf(bp, "R_FIN,"); | |||||
} | |||||
bprintf(bp, " f_ack 0x%x, r_ack 0x%x", d->ack_fwd, | |||||
d->ack_rev); | |||||
} | |||||
} | |||||
static int | static int | ||||
do_range_cmd(int cmd, ipfw_range_tlv *rt) | do_range_cmd(int cmd, ipfw_range_tlv *rt) | ||||
{ | { | ||||
ipfw_range_header rh; | ipfw_range_header rh; | ||||
size_t sz; | size_t sz; | ||||
memset(&rh, 0, sizeof(rh)); | memset(&rh, 0, sizeof(rh)); | ||||
▲ Show 20 Lines • Show All 386 Lines • ▼ Show 20 Lines | for (lac = ac, lav = av; lac != 0; lac--) { | ||||
sfo.last = rnum; | sfo.last = rnum; | ||||
} | } | ||||
} | } | ||||
/* get configuraion from kernel */ | /* get configuraion from kernel */ | ||||
cfg = NULL; | cfg = NULL; | ||||
sfo.show_counters = show_counters; | sfo.show_counters = show_counters; | ||||
sfo.show_time = co.do_time; | sfo.show_time = co.do_time; | ||||
sfo.flags = IPFW_CFG_GET_STATIC; | if (co.do_dynamic != 2) | ||||
sfo.flags |= IPFW_CFG_GET_STATIC; | |||||
if (co.do_dynamic != 0) | if (co.do_dynamic != 0) | ||||
sfo.flags |= IPFW_CFG_GET_STATES; | sfo.flags |= IPFW_CFG_GET_STATES; | ||||
if ((sfo.show_counters | sfo.show_time) != 0) | if ((sfo.show_counters | sfo.show_time) != 0) | ||||
sfo.flags |= IPFW_CFG_GET_COUNTERS; | sfo.flags |= IPFW_CFG_GET_COUNTERS; | ||||
if (ipfw_get_config(&co, &sfo, &cfg, &sz) != 0) | if (ipfw_get_config(&co, &sfo, &cfg, &sz) != 0) | ||||
err(EX_OSERR, "retrieving config failed"); | err(EX_OSERR, "retrieving config failed"); | ||||
error = ipfw_show_config(&co, &sfo, cfg, sz, ac, av); | error = ipfw_show_config(&co, &sfo, cfg, sz, ac, av); | ||||
Show All 28 Lines | ipfw_show_config(struct cmdline_opts *co, struct format_opts *fo, | ||||
dynbase = NULL; | dynbase = NULL; | ||||
dynsz = 0; | dynsz = 0; | ||||
readsz = sizeof(*cfg); | readsz = sizeof(*cfg); | ||||
rcnt = 0; | rcnt = 0; | ||||
fo->set_mask = cfg->set_mask; | fo->set_mask = cfg->set_mask; | ||||
ctlv = (ipfw_obj_ctlv *)(cfg + 1); | ctlv = (ipfw_obj_ctlv *)(cfg + 1); | ||||
if (cfg->flags & IPFW_CFG_GET_STATIC) { | |||||
/* We've requested static rules */ | |||||
if (ctlv->head.type == IPFW_TLV_TBLNAME_LIST) { | if (ctlv->head.type == IPFW_TLV_TBLNAME_LIST) { | ||||
object_sort_ctlv(ctlv); | object_sort_ctlv(ctlv); | ||||
fo->tstate = ctlv; | fo->tstate = ctlv; | ||||
readsz += ctlv->head.length; | readsz += ctlv->head.length; | ||||
ctlv = (ipfw_obj_ctlv *)((caddr_t)ctlv + | ctlv = (ipfw_obj_ctlv *)((caddr_t)ctlv + ctlv->head.length); | ||||
ctlv->head.length); | |||||
} | } | ||||
if (cfg->flags & IPFW_CFG_GET_STATIC) { | |||||
/* We've requested static rules */ | |||||
if (ctlv->head.type == IPFW_TLV_RULE_LIST) { | if (ctlv->head.type == IPFW_TLV_RULE_LIST) { | ||||
rbase = (ipfw_obj_tlv *)(ctlv + 1); | rbase = (ipfw_obj_tlv *)(ctlv + 1); | ||||
rcnt = ctlv->count; | rcnt = ctlv->count; | ||||
readsz += ctlv->head.length; | readsz += ctlv->head.length; | ||||
ctlv = (ipfw_obj_ctlv *)((caddr_t)ctlv + | ctlv = (ipfw_obj_ctlv *)((caddr_t)ctlv + | ||||
ctlv->head.length); | ctlv->head.length); | ||||
} | } | ||||
} | } | ||||
Show All 10 Lines | ipfw_show_config(struct cmdline_opts *co, struct format_opts *fo, | ||||
prepare_format_opts(co, fo, rbase, rcnt, dynbase, dynsz); | prepare_format_opts(co, fo, rbase, rcnt, dynbase, dynsz); | ||||
bp_alloc(&bp, 4096); | bp_alloc(&bp, 4096); | ||||
/* if no rule numbers were specified, list all rules */ | /* if no rule numbers were specified, list all rules */ | ||||
if (ac == 0) { | if (ac == 0) { | ||||
fo->first = 0; | fo->first = 0; | ||||
fo->last = IPFW_DEFAULT_RULE; | fo->last = IPFW_DEFAULT_RULE; | ||||
if (cfg->flags & IPFW_CFG_GET_STATIC) | |||||
list_static_range(co, fo, &bp, rbase, rcnt); | list_static_range(co, fo, &bp, rbase, rcnt); | ||||
if (co->do_dynamic && dynsz > 0) { | if (co->do_dynamic && dynsz > 0) { | ||||
printf("## Dynamic rules (%d %zu):\n", fo->dcnt, dynsz); | printf("## Dynamic rules (%d %zu):\n", fo->dcnt, | ||||
dynsz); | |||||
list_dyn_range(co, fo, &bp, dynbase, dynsz); | list_dyn_range(co, fo, &bp, dynbase, dynsz); | ||||
} | } | ||||
bp_free(&bp); | bp_free(&bp); | ||||
return (EX_OK); | return (EX_OK); | ||||
} | } | ||||
/* display specific rules requested on command line */ | /* display specific rules requested on command line */ | ||||
for (lac = ac, lav = av; lac != 0; lac--) { | for (lac = ac, lav = av; lac != 0; lac--) { | ||||
/* convert command line rule # */ | /* convert command line rule # */ | ||||
fo->last = fo->first = strtoul(*lav++, &endptr, 10); | fo->last = fo->first = strtoul(*lav++, &endptr, 10); | ||||
if (*endptr == '-') | if (*endptr == '-') | ||||
fo->last = strtoul(endptr + 1, &endptr, 10); | fo->last = strtoul(endptr + 1, &endptr, 10); | ||||
if (*endptr) { | if (*endptr) { | ||||
exitval = EX_USAGE; | exitval = EX_USAGE; | ||||
warnx("invalid rule number: %s", *(lav - 1)); | warnx("invalid rule number: %s", *(lav - 1)); | ||||
continue; | continue; | ||||
} | } | ||||
if ((cfg->flags & IPFW_CFG_GET_STATIC) == 0) | |||||
continue; | |||||
if (list_static_range(co, fo, &bp, rbase, rcnt) == 0) { | if (list_static_range(co, fo, &bp, rbase, rcnt) == 0) { | ||||
/* give precedence to other error(s) */ | /* give precedence to other error(s) */ | ||||
if (exitval == EX_OK) | if (exitval == EX_OK) | ||||
exitval = EX_UNAVAILABLE; | exitval = EX_UNAVAILABLE; | ||||
if (fo->first == fo->last) | if (fo->first == fo->last) | ||||
warnx("rule %u does not exist", fo->first); | warnx("rule %u does not exist", fo->first); | ||||
else | else | ||||
warnx("no rules in range %u-%u", | warnx("no rules in range %u-%u", | ||||
▲ Show 20 Lines • Show All 497 Lines • ▼ Show 20 Lines | if (co.do_nat) { | ||||
rt.flags |= IPFW_RCFLAG_ALL; | rt.flags |= IPFW_RCFLAG_ALL; | ||||
else | else | ||||
rt.flags |= IPFW_RCFLAG_RANGE; | rt.flags |= IPFW_RCFLAG_RANGE; | ||||
if (co.use_set != 0) { | if (co.use_set != 0) { | ||||
rt.set = co.use_set - 1; | rt.set = co.use_set - 1; | ||||
rt.flags |= IPFW_RCFLAG_SET; | rt.flags |= IPFW_RCFLAG_SET; | ||||
} | } | ||||
} | } | ||||
if (co.do_dynamic == 2) | |||||
rt.flags |= IPFW_RCFLAG_DYNAMIC; | |||||
i = do_range_cmd(IP_FW_XDEL, &rt); | i = do_range_cmd(IP_FW_XDEL, &rt); | ||||
if (i != 0) { | if (i != 0) { | ||||
exitval = EX_UNAVAILABLE; | exitval = EX_UNAVAILABLE; | ||||
if (co.do_quiet) | if (co.do_quiet) | ||||
continue; | continue; | ||||
warn("rule %u: setsockopt(IP_FW_XDEL)", | warn("rule %u: setsockopt(IP_FW_XDEL)", | ||||
rt.start_rule); | rt.start_rule); | ||||
} else if (rt.new_set == 0 && do_set == 0) { | } else if (rt.new_set == 0 && do_set == 0 && | ||||
co.do_dynamic != 2) { | |||||
exitval = EX_UNAVAILABLE; | exitval = EX_UNAVAILABLE; | ||||
if (co.do_quiet) | if (co.do_quiet) | ||||
continue; | continue; | ||||
if (rt.start_rule != rt.end_rule) | if (rt.start_rule != rt.end_rule) | ||||
warnx("no rules rules in %u-%u range", | warnx("no rules rules in %u-%u range", | ||||
rt.start_rule, rt.end_rule); | rt.start_rule, rt.end_rule); | ||||
else | else | ||||
warnx("rule %u not found", | warnx("rule %u not found", | ||||
▲ Show 20 Lines • Show All 2,220 Lines • Show Last 20 Lines |