Annotation of embedaddon/mpd/src/iface.c, revision 1.1
1.1 ! misho 1:
! 2: /*
! 3: * iface.c
! 4: *
! 5: * Written by Archie Cobbs <archie@freebsd.org>
! 6: * Copyright (c) 1995-1999 Whistle Communications, Inc. All rights reserved.
! 7: * See ``COPYRIGHT.whistle''
! 8: *
! 9: * TCP MSSFIX code copyright (c) 2000 Ruslan Ermilov
! 10: * TCP MSSFIX contributed by Sergey Korolew <dsATbittu.org.ru>
! 11: *
! 12: */
! 13:
! 14: #include "ppp.h"
! 15: #include "iface.h"
! 16: #include "ipcp.h"
! 17: #include "auth.h"
! 18: #include "ngfunc.h"
! 19: #include "netgraph.h"
! 20: #include "util.h"
! 21:
! 22: #include <sys/sockio.h>
! 23: #include <sys/sysctl.h>
! 24: #include <net/if.h>
! 25: #include <net/if_types.h>
! 26: #include <net/if_dl.h>
! 27: #include <net/if_var.h>
! 28: #include <net/route.h>
! 29: #include <netinet/in_systm.h>
! 30: #include <netinet/in.h>
! 31: #include <netinet/in_var.h>
! 32: #include <netinet/if_ether.h>
! 33: #include <netinet6/nd6.h>
! 34: #include <netgraph/ng_message.h>
! 35: #include <netgraph/ng_iface.h>
! 36: #ifdef USE_NG_BPF
! 37: #include <netgraph/ng_bpf.h>
! 38: #endif
! 39: #include <netgraph/ng_tee.h>
! 40: #include <netgraph/ng_ksocket.h>
! 41: #include <netinet/ip_icmp.h>
! 42: #include <netinet/tcp.h>
! 43: #include <netinet/udp.h>
! 44: #ifdef USE_NG_TCPMSS
! 45: #include <netgraph/ng_tcpmss.h>
! 46: #endif
! 47: #ifdef USE_NG_IPACCT
! 48: #include <netgraph/ng_ipacct.h>
! 49: #undef r_ip_p /* XXX:DIRTY CONFLICT! */
! 50: #endif
! 51: #ifdef USE_NG_NETFLOW
! 52: #include <netgraph/netflow/ng_netflow.h>
! 53: #endif
! 54: #ifdef USE_NG_CAR
! 55: #include <netgraph/ng_car.h>
! 56: #endif
! 57:
! 58: #ifdef USE_NG_BPF
! 59: #include <pcap.h>
! 60: #endif
! 61:
! 62: /*
! 63: * DEFINITIONS
! 64: */
! 65:
! 66: /* Set menu options */
! 67:
! 68: enum {
! 69: SET_IDLE,
! 70: SET_SESSION,
! 71: SET_ADDRS,
! 72: SET_ROUTE,
! 73: SET_MTU,
! 74: SET_NAME,
! 75: #ifdef SIOCSIFDESCR
! 76: SET_DESCR,
! 77: #endif
! 78: #ifdef SIOCAIFGROUP
! 79: SET_GROUP,
! 80: #endif
! 81: SET_UP_SCRIPT,
! 82: SET_DOWN_SCRIPT,
! 83: SET_ENABLE,
! 84: SET_DISABLE
! 85: };
! 86:
! 87: /*
! 88: * INTERNAL FUNCTIONS
! 89: */
! 90:
! 91: static int IfaceNgIpInit(Bund b, int ready);
! 92: static void IfaceNgIpShutdown(Bund b);
! 93: static int IfaceNgIpv6Init(Bund b, int ready);
! 94: static void IfaceNgIpv6Shutdown(Bund b);
! 95:
! 96: #ifdef USE_NG_NETFLOW
! 97: static int IfaceInitNetflow(Bund b, char *path, char *hook, char in, char out);
! 98: static int IfaceSetupNetflow(Bund b, char in, char out);
! 99: static void IfaceShutdownNetflow(Bund b, char in, char out);
! 100: #endif
! 101:
! 102: #ifdef USE_NG_IPACCT
! 103: static int IfaceInitIpacct(Bund b, char *path, char *hook);
! 104: static void IfaceShutdownIpacct(Bund b);
! 105: #endif
! 106:
! 107: #ifdef USE_NG_NAT
! 108: static int IfaceInitNAT(Bund b, char *path, char *hook);
! 109: static int IfaceSetupNAT(Bund b);
! 110: static void IfaceShutdownNAT(Bund b);
! 111: #endif
! 112:
! 113: static int IfaceInitTee(Bund b, char *path, char *hook, int v6);
! 114: static void IfaceShutdownTee(Bund b, int v6);
! 115:
! 116: #if defined(USE_NG_TCPMSS) || (!defined(USE_NG_TCPMSS) && defined(USE_NG_BPF))
! 117: static int IfaceInitMSS(Bund b, char *path, char *hook);
! 118: static void IfaceSetupMSS(Bund b, uint16_t maxMSS);
! 119: static void IfaceShutdownMSS(Bund b);
! 120: #endif
! 121:
! 122: #ifdef USE_NG_BPF
! 123: static int IfaceInitLimits(Bund b, char *path, char *hook);
! 124: static void IfaceSetupLimits(Bund b);
! 125: static void IfaceShutdownLimits(Bund b);
! 126: #endif
! 127:
! 128: static int IfaceSetCommand(Context ctx, int ac, char *av[], void *arg);
! 129: static void IfaceSessionTimeout(void *arg);
! 130: static void IfaceIdleTimeout(void *arg);
! 131:
! 132: static void IfaceCacheSend(Bund b);
! 133: static void IfaceCachePkt(Bund b, int proto, Mbuf pkt);
! 134: static int IfaceIsDemand(int proto, Mbuf pkt);
! 135:
! 136: #ifdef USE_IPFW
! 137: static int IfaceAllocACL (struct acl_pool ***ap, int start, char * ifname, int number);
! 138: static int IfaceFindACL (struct acl_pool *ap, char * ifname, int number);
! 139: static char * IFaceParseACL (char * src, char * ifname);
! 140: #endif
! 141:
! 142: static int IfaceSetName(Bund b, const char * ifname);
! 143: #ifdef SIOCSIFDESCR
! 144: static int IfaceSetDescr(Bund b, const char * ifdescr);
! 145: #endif
! 146: #ifdef SIOCAIFGROUP
! 147: static int IfaceAddGroup(Bund b, const char * ifgroup);
! 148: static int IfaceDelGroup(Bund b, const char * ifgroup);
! 149: #endif
! 150: /*
! 151: * GLOBAL VARIABLES
! 152: */
! 153:
! 154: const struct cmdtab IfaceSetCmds[] = {
! 155: { "addrs {self} {peer}", "Set interface addresses",
! 156: IfaceSetCommand, NULL, 2, (void *) SET_ADDRS },
! 157: { "route {dest}[/{width}]", "Add IP route",
! 158: IfaceSetCommand, NULL, 2, (void *) SET_ROUTE },
! 159: { "mtu {size}", "Set max allowed interface MTU",
! 160: IfaceSetCommand, NULL, 2, (void *) SET_MTU },
! 161: { "name [{name}]", "Set interface name",
! 162: IfaceSetCommand, NULL, 2, (void *) SET_NAME },
! 163: #ifdef SIOCSIFDESCR
! 164: { "description [{descr}]", "Set interface description",
! 165: IfaceSetCommand, NULL, 2, (void *) SET_DESCR },
! 166: #endif
! 167: #ifdef SIOCAIFGROUP
! 168: { "group [{group}]", "Set interface group",
! 169: IfaceSetCommand, NULL, 2, (void *) SET_GROUP },
! 170: #endif
! 171: { "up-script [{progname}]", "Interface up script",
! 172: IfaceSetCommand, NULL, 2, (void *) SET_UP_SCRIPT },
! 173: { "down-script [{progname}]", "Interface down script",
! 174: IfaceSetCommand, NULL, 2, (void *) SET_DOWN_SCRIPT },
! 175: #ifdef USE_NG_BPF
! 176: { "idle {seconds}", "Idle timeout",
! 177: IfaceSetCommand, NULL, 2, (void *) SET_IDLE },
! 178: #endif
! 179: { "session {seconds}", "Session timeout",
! 180: IfaceSetCommand, NULL, 2, (void *) SET_SESSION },
! 181: { "enable [opt ...]", "Enable option",
! 182: IfaceSetCommand, NULL, 2, (void *) SET_ENABLE },
! 183: { "disable [opt ...]", "Disable option",
! 184: IfaceSetCommand, NULL, 2, (void *) SET_DISABLE },
! 185: { NULL },
! 186: };
! 187:
! 188: /*
! 189: * INTERNAL VARIABLES
! 190: */
! 191:
! 192: static const struct confinfo gConfList[] = {
! 193: { 0, IFACE_CONF_ONDEMAND, "on-demand" },
! 194: { 0, IFACE_CONF_PROXY, "proxy-arp" },
! 195: #ifdef USE_NG_TCPMSS
! 196: { 0, IFACE_CONF_TCPMSSFIX, "tcpmssfix" },
! 197: #endif
! 198: { 0, IFACE_CONF_TEE, "tee" },
! 199: #ifdef USE_NG_NAT
! 200: { 0, IFACE_CONF_NAT, "nat" },
! 201: #endif
! 202: #ifdef USE_NG_NETFLOW
! 203: { 0, IFACE_CONF_NETFLOW_IN, "netflow-in" },
! 204: { 0, IFACE_CONF_NETFLOW_OUT, "netflow-out" },
! 205: #ifdef NG_NETFLOW_CONF_ONCE
! 206: { 0, IFACE_CONF_NETFLOW_ONCE, "netflow-once" },
! 207: #endif
! 208: #endif
! 209: #ifdef USE_NG_IPACCT
! 210: { 0, IFACE_CONF_IPACCT, "ipacct" },
! 211: #endif
! 212: { 0, 0, NULL },
! 213: };
! 214:
! 215: #ifdef USE_IPFW
! 216: struct acl_pool * rule_pool = NULL; /* Pointer to the first element in the list of rules */
! 217: struct acl_pool * pipe_pool = NULL; /* Pointer to the first element in the list of pipes */
! 218: struct acl_pool * queue_pool = NULL; /* Pointer to the first element in the list of queues */
! 219: struct acl_pool * table_pool = NULL; /* Pointer to the first element in the list of tables */
! 220: int rule_pool_start = 10000; /* Initial number of ipfw rules pool */
! 221: int pipe_pool_start = 10000; /* Initial number of ipfw dummynet pipe pool */
! 222: int queue_pool_start = 10000; /* Initial number of ipfw dummynet queue pool */
! 223: int table_pool_start = 32; /* Initial number of ipfw tables pool */
! 224: #endif
! 225:
! 226: #ifdef USE_NG_BPF
! 227: /* A BPF filter that matches TCP SYN packets */
! 228: static const struct bpf_insn gTCPSYNProg[] = {
! 229: /*00*/ BPF_STMT(BPF_LD+BPF_B+BPF_ABS, 9), /* A <- IP protocol */
! 230: /*01*/ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, IPPROTO_TCP, 0, 6), /* !TCP => 8 */
! 231: /*02*/ BPF_STMT(BPF_LD+BPF_H+BPF_ABS, 6), /* A <- fragmentation offset */
! 232: /*03*/ BPF_JUMP(BPF_JMP+BPF_JSET+BPF_K, 0x1fff, 4, 0), /* fragment => 8 */
! 233: /*04*/ BPF_STMT(BPF_LDX+BPF_B+BPF_MSH, 0), /* X <- header len */
! 234: /*05*/ BPF_STMT(BPF_LD+BPF_B+BPF_IND, 13), /* A <- TCP flags */
! 235: /*06*/ BPF_JUMP(BPF_JMP+BPF_JSET+BPF_K, TH_SYN, 0, 1), /* !TH_SYN => 8 */
! 236: /*07*/ BPF_STMT(BPF_RET+BPF_K, (u_int)-1), /* accept packet */
! 237: /*08*/ BPF_STMT(BPF_RET+BPF_K, 0), /* reject packet */
! 238: };
! 239:
! 240: #define TCPSYN_PROG_LEN (sizeof(gTCPSYNProg) / sizeof(*gTCPSYNProg))
! 241:
! 242: /* A BPF filter that matches nothing */
! 243: static const struct bpf_insn gNoMatchProg[] = {
! 244: BPF_STMT(BPF_RET+BPF_K, 0)
! 245: };
! 246:
! 247: #define NOMATCH_PROG_LEN (sizeof(gNoMatchProg) / sizeof(*gNoMatchProg))
! 248:
! 249: /* A BPF filter that matches everything */
! 250: static const struct bpf_insn gMatchProg[] = {
! 251: BPF_STMT(BPF_RET+BPF_K, (u_int)-1)
! 252: };
! 253:
! 254: #define MATCH_PROG_LEN (sizeof(gMatchProg) / sizeof(*gMatchProg))
! 255: #endif /* USE_NG_BPF */
! 256:
! 257: #define IN6MASK128 {{{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
! 258: 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }}}
! 259: static const struct in6_addr in6mask128 = IN6MASK128;
! 260:
! 261:
! 262: /*
! 263: * IfaceInit()
! 264: */
! 265:
! 266: void
! 267: IfaceInit(Bund b)
! 268: {
! 269: IfaceState const iface = &b->iface;
! 270:
! 271: /* Default configuration */
! 272: iface->mtu = NG_IFACE_MTU_DEFAULT;
! 273: iface->max_mtu = NG_IFACE_MTU_DEFAULT;
! 274: #ifdef SIOCSIFDESCR
! 275: iface->ifdescr = NULL;
! 276: iface->conf.ifdescr = NULL;
! 277: #endif
! 278: Disable(&iface->options, IFACE_CONF_ONDEMAND);
! 279: Disable(&iface->options, IFACE_CONF_PROXY);
! 280: Disable(&iface->options, IFACE_CONF_TCPMSSFIX);
! 281: #ifdef USE_NG_NAT
! 282: NatInit(b);
! 283: #endif
! 284: #ifdef USE_NG_BPF
! 285: SLIST_INIT(&iface->ss[0]);
! 286: SLIST_INIT(&iface->ss[1]);
! 287: #endif
! 288: }
! 289:
! 290: /*
! 291: * IfaceInst()
! 292: */
! 293:
! 294: void
! 295: IfaceInst(Bund b, Bund bt)
! 296: {
! 297: IfaceState const iface = &b->iface;
! 298:
! 299: memcpy(iface, &bt->iface, sizeof(*iface));
! 300:
! 301: /* Copy interface name from template config to current */
! 302: if (bt->iface.conf.ifname[0] != 0 && b->tmpl == 0) {
! 303: snprintf(iface->conf.ifname, sizeof(iface->conf.ifname), "%s%d",
! 304: bt->iface.conf.ifname, b->id);
! 305: Log(LG_IFACE2, ("[%s] IFACE: Set conf.ifname to ", iface->conf.ifname));
! 306: }
! 307: }
! 308:
! 309: /*
! 310: * IfaceDestroy()
! 311: */
! 312:
! 313: void
! 314: IfaceDestroy(Bund b)
! 315: {
! 316: #ifdef SIOCSIFDESCR
! 317: IfaceState const iface = &b->iface;
! 318:
! 319: if (iface->conf.ifdescr != NULL)
! 320: Freee(iface->conf.ifdescr);
! 321: #endif
! 322: }
! 323:
! 324: /*
! 325: * IfaceOpen()
! 326: *
! 327: * Open the interface layer
! 328: */
! 329:
! 330: void
! 331: IfaceOpen(Bund b)
! 332: {
! 333: IfaceState const iface = &b->iface;
! 334:
! 335: Log(LG_IFACE, ("[%s] IFACE: Open event", b->name));
! 336:
! 337: /* Open is useless without on-demand. */
! 338: if (!Enabled(&iface->options, IFACE_CONF_ONDEMAND)) {
! 339: Log(LG_ERR, ("[%s] 'open iface' is useless without on-demand enabled", b->name));
! 340: return;
! 341: }
! 342:
! 343: /* If interface is already open do nothing */
! 344: if (iface->open)
! 345: return;
! 346: iface->open = TRUE;
! 347:
! 348: /* If on-demand, bring up system interface immediately and start
! 349: listening for outgoing packets. The next outgoing packet will
! 350: cause us to open the lower layer(s) */
! 351: BundNcpsJoin(b, NCP_NONE);
! 352: }
! 353:
! 354: /*
! 355: * IfaceClose()
! 356: *
! 357: * Close the interface layer
! 358: */
! 359:
! 360: void
! 361: IfaceClose(Bund b)
! 362: {
! 363: IfaceState const iface = &b->iface;
! 364:
! 365: Log(LG_IFACE, ("[%s] IFACE: Close event", b->name));
! 366:
! 367: /* If interface is already closed do nothing */
! 368: if (!iface->open)
! 369: return;
! 370: iface->open = FALSE;
! 371:
! 372: /* If there was on-demand, tell that it is not needed anymore */
! 373: BundNcpsLeave(b, NCP_NONE);
! 374: }
! 375:
! 376: /*
! 377: * IfaceOpenCmd()
! 378: *
! 379: * Open the interface layer
! 380: */
! 381:
! 382: int
! 383: IfaceOpenCmd(Context ctx)
! 384: {
! 385: if (ctx->bund->tmpl)
! 386: Error("impossible to open template");
! 387: IfaceOpen(ctx->bund);
! 388: return (0);
! 389: }
! 390:
! 391: /*
! 392: * IfaceCloseCmd()
! 393: *
! 394: * Close the interface layer
! 395: */
! 396:
! 397: int
! 398: IfaceCloseCmd(Context ctx)
! 399: {
! 400: if (ctx->bund->tmpl)
! 401: Error("impossible to close template");
! 402: IfaceClose(ctx->bund);
! 403: return (0);
! 404: }
! 405:
! 406: /*
! 407: * IfaceUp()
! 408: *
! 409: * Our underlying PPP bundle is ready for traffic.
! 410: * We may signal that the interface is in DoD with the IFF_LINK0 flag.
! 411: */
! 412:
! 413: void
! 414: IfaceUp(Bund b, int ready)
! 415: {
! 416: IfaceState const iface = &b->iface;
! 417: int session_timeout = 0, idle_timeout = 0;
! 418: #ifdef USE_IPFW
! 419: struct acl *acls, *acl;
! 420: char *buf;
! 421: struct acl_pool **poollast;
! 422: int poollaststart;
! 423: int prev_number;
! 424: int prev_real_number;
! 425: #endif
! 426:
! 427: Log(LG_IFACE, ("[%s] IFACE: Up event", b->name));
! 428: iface->last_up = time(NULL);
! 429:
! 430: if (ready) {
! 431:
! 432: /* Start Session timer */
! 433: if (b->params.session_timeout > 0) {
! 434: session_timeout = b->params.session_timeout;
! 435: } else if (iface->session_timeout > 0) {
! 436: session_timeout = iface->session_timeout;
! 437: }
! 438:
! 439: if (session_timeout > 0) {
! 440: Log(LG_IFACE2, ("[%s] IFACE: session-timeout: %d seconds",
! 441: b->name, session_timeout));
! 442: if (session_timeout > INT_MAX / 1100) {
! 443: session_timeout = INT_MAX / 1100;
! 444: Log(LG_ERR, ("[%s] IFACE: session-timeout limited to %d seconds",
! 445: b->name, session_timeout));
! 446: }
! 447: TimerInit(&iface->sessionTimer, "IfaceSession",
! 448: session_timeout * SECONDS, IfaceSessionTimeout, b);
! 449: TimerStart(&iface->sessionTimer);
! 450: }
! 451:
! 452: /* Start idle timer */
! 453: if (b->params.idle_timeout > 0) {
! 454: idle_timeout = b->params.idle_timeout;
! 455: } else if (iface->idle_timeout > 0) {
! 456: idle_timeout = iface->idle_timeout;
! 457: }
! 458:
! 459: if (idle_timeout > 0) {
! 460: Log(LG_IFACE2, ("[%s] IFACE: idle-timeout: %d seconds",
! 461: b->name, idle_timeout));
! 462: if (idle_timeout > INT_MAX / 1100 * IFACE_IDLE_SPLIT) {
! 463: idle_timeout = INT_MAX / 1100 * IFACE_IDLE_SPLIT;
! 464: Log(LG_ERR, ("[%s] IFACE: idle-timeout limited to %d seconds",
! 465: b->name, idle_timeout));
! 466: }
! 467: TimerInit(&iface->idleTimer, "IfaceIdle",
! 468: idle_timeout * SECONDS / IFACE_IDLE_SPLIT, IfaceIdleTimeout, b);
! 469: TimerStart(&iface->idleTimer);
! 470: iface->traffic[1] = TRUE;
! 471: iface->traffic[0] = FALSE;
! 472:
! 473: /* Reset statistics */
! 474: memset(&iface->idleStats, 0, sizeof(iface->idleStats));
! 475: }
! 476:
! 477: /* Update interface name and description */
! 478: if (b->params.ifname[0] != 0) {
! 479: if (IfaceSetName(b, b->params.ifname) != -1)
! 480: Log(LG_BUND|LG_IFACE, ("[%s] IFACE: Rename interface %s to %s",
! 481: b->name, iface->ngname, b->params.ifname));
! 482: } else if (iface->conf.ifname[0] != 0) {
! 483: if (IfaceSetName(b, iface->conf.ifname) != -1)
! 484: Log(LG_BUND|LG_IFACE, ("[%s] IFACE: Rename interface %s to %s",
! 485: b->name, iface->ngname, iface->conf.ifname));
! 486: }
! 487: #ifdef SIOCSIFDESCR
! 488: if (b->params.ifdescr != NULL) {
! 489: if (IfaceSetDescr(b, b->params.ifdescr) != -1) {
! 490: Log(LG_BUND|LG_IFACE, ("[%s] IFACE: Add description \"%s\"",
! 491: b->name, b->params.ifdescr));
! 492: iface->ifdescr = b->params.ifdescr;
! 493: }
! 494: }
! 495: #endif
! 496: #ifdef SIOCAIFGROUP
! 497: if (iface->conf.ifgroup[0] != 0) {
! 498: if (IfaceAddGroup(b, iface->conf.ifgroup) != -1)
! 499: Log(LG_BUND|LG_IFACE, ("[%s] IFACE: Add group %s to %s",
! 500: b->name, iface->conf.ifgroup, iface->ngname));
! 501: }
! 502: if (b->params.ifgroup[0] != 0) {
! 503: if (IfaceAddGroup(b, b->params.ifgroup) != -1)
! 504: Log(LG_BUND|LG_IFACE, ("[%s] IFACE: Add group %s to %s",
! 505: b->name, b->params.ifgroup, iface->ngname));
! 506: }
! 507: #endif
! 508: #ifdef USE_IPFW
! 509: /* Allocate ACLs */
! 510: acls = b->params.acl_pipe;
! 511: poollast = &pipe_pool;
! 512: poollaststart = pipe_pool_start;
! 513: while (acls != NULL) {
! 514: acls->real_number = IfaceAllocACL(&poollast, poollaststart, iface->ifname, acls->number);
! 515: poollaststart = acls->real_number;
! 516: acls = acls->next;
! 517: };
! 518: acls = b->params.acl_queue;
! 519: poollast = &queue_pool;
! 520: poollaststart = queue_pool_start;
! 521: while (acls != NULL) {
! 522: acls->real_number = IfaceAllocACL(&poollast, poollaststart, iface->ifname, acls->number);
! 523: poollaststart = acls->real_number;
! 524: acls = acls->next;
! 525: };
! 526: prev_number = -1;
! 527: prev_real_number = -1;
! 528: acls = b->params.acl_table;
! 529: poollast = &table_pool;
! 530: poollaststart = table_pool_start;
! 531: while (acls != NULL) {
! 532: if (acls->real_number == 0) {
! 533: if (acls->number == prev_number) { /* ACL list is presorted so we need not allocate if equal */
! 534: acls->real_number = prev_real_number;
! 535: } else {
! 536: acls->real_number = IfaceAllocACL(&poollast, poollaststart, iface->ifname, acls->number);
! 537: poollaststart = acls->real_number;
! 538: prev_number = acls->number;
! 539: prev_real_number = acls->real_number;
! 540: }
! 541: }
! 542: acls = acls->next;
! 543: };
! 544: acls = b->params.acl_rule;
! 545: poollast = &rule_pool;
! 546: poollaststart = rule_pool_start;
! 547: while (acls != NULL) {
! 548: acls->real_number = IfaceAllocACL(&poollast, poollaststart, iface->ifname, acls->number);
! 549: poollaststart = acls->real_number;
! 550: acls = acls->next;
! 551: };
! 552:
! 553: /* Set ACLs */
! 554: acls = b->params.acl_pipe;
! 555: while (acls != NULL) {
! 556: ExecCmd(LG_IFACE2, b->name, "%s pipe %d config %s", PATH_IPFW, acls->real_number, acls->rule);
! 557: acls = acls->next;
! 558: }
! 559: acls = b->params.acl_queue;
! 560: while (acls != NULL) {
! 561: buf = IFaceParseACL(acls->rule,iface->ifname);
! 562: ExecCmd(LG_IFACE2, b->name, "%s queue %d config %s", PATH_IPFW, acls->real_number, buf);
! 563: Freee(buf);
! 564: acls = acls->next;
! 565: }
! 566: acls = b->params.acl_table;
! 567: while (acls != NULL) {
! 568: acl = Mdup(MB_IFACE, acls, sizeof(struct acl) + strlen(acls->rule));
! 569: acl->next = iface->tables;
! 570: iface->tables = acl;
! 571: ExecCmd(LG_IFACE2, b->name, "%s table %d add %s", PATH_IPFW, acls->real_number, acls->rule);
! 572: acls = acls->next;
! 573: };
! 574: acls = b->params.acl_rule;
! 575: while (acls != NULL) {
! 576: buf = IFaceParseACL(acls->rule, iface->ifname);
! 577: ExecCmd(LG_IFACE2, b->name, "%s add %d %s via %s", PATH_IPFW, acls->real_number, buf, iface->ifname);
! 578: Freee(buf);
! 579: acls = acls->next;
! 580: };
! 581: #endif /* USE_IPFW */
! 582:
! 583: };
! 584:
! 585: /* Bring up system interface */
! 586: IfaceChangeFlags(b, 0, IFF_UP | (ready?0:IFF_LINK0));
! 587:
! 588: /* Send any cached packets */
! 589: IfaceCacheSend(b);
! 590:
! 591: }
! 592:
! 593: /*
! 594: * IfaceDown()
! 595: *
! 596: * Our packet transport mechanism is no longer ready for traffic.
! 597: */
! 598:
! 599: void
! 600: IfaceDown(Bund b)
! 601: {
! 602: IfaceState const iface = &b->iface;
! 603: #ifdef USE_IPFW
! 604: struct acl_pool **rp, *rp1;
! 605: char cb[32768];
! 606: struct acl *acl, *aclnext;
! 607: #endif
! 608:
! 609: Log(LG_IFACE, ("[%s] IFACE: Down event", b->name));
! 610:
! 611: /* Bring down system interface */
! 612: IfaceChangeFlags(b, IFF_UP | IFF_LINK0, 0);
! 613:
! 614: TimerStop(&iface->idleTimer);
! 615: TimerStop(&iface->sessionTimer);
! 616:
! 617: #ifdef USE_IPFW
! 618: /* Remove rule ACLs */
! 619: rp = &rule_pool;
! 620: cb[0]=0;
! 621: while (*rp != NULL) {
! 622: if (strncmp((*rp)->ifname, iface->ifname, IFNAMSIZ) == 0) {
! 623: sprintf(cb+strlen(cb), " %d", (*rp)->real_number);
! 624: rp1 = *rp;
! 625: *rp = (*rp)->next;
! 626: Freee(rp1);
! 627: } else {
! 628: rp = &((*rp)->next);
! 629: };
! 630: };
! 631: if (cb[0]!=0)
! 632: ExecCmdNosh(LG_IFACE2, b->name, "%s delete%s",
! 633: PATH_IPFW, cb);
! 634:
! 635: /* Remove table ACLs */
! 636: rp = &table_pool;
! 637: while (*rp != NULL) {
! 638: if (strncmp((*rp)->ifname, iface->ifname, IFNAMSIZ) == 0) {
! 639: rp1 = *rp;
! 640: *rp = (*rp)->next;
! 641: Freee(rp1);
! 642: } else {
! 643: rp = &((*rp)->next);
! 644: };
! 645: };
! 646: acl = iface->tables;
! 647: while (acl != NULL) {
! 648: ExecCmd(LG_IFACE2, b->name, "%s table %d delete %s",
! 649: PATH_IPFW, acl->real_number, acl->rule);
! 650: aclnext = acl->next;
! 651: Freee(acl);
! 652: acl = aclnext;
! 653: };
! 654: iface->tables = NULL;
! 655:
! 656: /* Remove queue ACLs */
! 657: rp = &queue_pool;
! 658: cb[0]=0;
! 659: while (*rp != NULL) {
! 660: if (strncmp((*rp)->ifname, iface->ifname, IFNAMSIZ) == 0) {
! 661: sprintf(cb+strlen(cb), " %d", (*rp)->real_number);
! 662: rp1 = *rp;
! 663: *rp = (*rp)->next;
! 664: Freee(rp1);
! 665: } else {
! 666: rp = &((*rp)->next);
! 667: };
! 668: };
! 669: if (cb[0]!=0)
! 670: ExecCmdNosh(LG_IFACE2, b->name, "%s queue delete%s",
! 671: PATH_IPFW, cb);
! 672:
! 673: /* Remove pipe ACLs */
! 674: rp = &pipe_pool;
! 675: cb[0]=0;
! 676: while (*rp != NULL) {
! 677: if (strncmp((*rp)->ifname, iface->ifname, IFNAMSIZ) == 0) {
! 678: sprintf(cb+strlen(cb), " %d", (*rp)->real_number);
! 679: rp1 = *rp;
! 680: *rp = (*rp)->next;
! 681: Freee(rp1);
! 682: } else {
! 683: rp = &((*rp)->next);
! 684: };
! 685: };
! 686: if (cb[0]!=0)
! 687: ExecCmdNosh(LG_IFACE2, b->name, "%s pipe delete%s",
! 688: PATH_IPFW, cb);
! 689: #endif /* USE_IPFW */
! 690:
! 691: /* Revert interface name and description */
! 692:
! 693: if (strcmp(iface->ngname, iface->ifname) != 0) {
! 694: if (iface->conf.ifname[0] != 0) {
! 695: /* Restore to config defined */
! 696: if (IfaceSetName(b, iface->conf.ifname) != -1)
! 697: Log(LG_BUND|LG_IFACE, ("[%s] IFACE: Rename interface %s to %s",
! 698: b->name, iface->ifname, iface->conf.ifname));
! 699: } else {
! 700: /* Restore to original interface name */
! 701: if (IfaceSetName(b, iface->ngname) != -1)
! 702: Log(LG_BUND|LG_IFACE, ("[%s] IFACE: Rename interface %s to %s",
! 703: b->name, iface->ifname, iface->ngname));
! 704: }
! 705: }
! 706: #ifdef SIOCSIFDESCR
! 707: if (iface->ifdescr != NULL) {
! 708: if (iface->conf.ifdescr != NULL) {
! 709: /* Restore to config defined */
! 710: if (IfaceSetDescr(b, iface->conf.ifdescr) != -1) {
! 711: Log(LG_BUND|LG_IFACE, ("[%s] IFACE: Set description \"%s\"",
! 712: b->name, iface->conf.ifdescr));
! 713: iface->ifdescr = iface->conf.ifdescr;
! 714: } else
! 715: iface->ifdescr = NULL;
! 716: } else {
! 717: /* Restore to original (empty) */
! 718: if (IfaceSetDescr(b, "") != -1) {
! 719: Log(LG_BUND|LG_IFACE, ("[%s] IFACE: Clear description",
! 720: b->name));
! 721: }
! 722: iface->ifdescr = NULL;
! 723: }
! 724: }
! 725: #endif
! 726: #ifdef SIOCAIFGROUP
! 727: if (b->params.ifgroup[0] != 0) {
! 728: if (IfaceDelGroup(b, b->params.ifgroup) != -1)
! 729: Log(LG_BUND|LG_IFACE, ("[%s] IFACE: Remove group %s from %s",
! 730: b->name, b->params.ifgroup, iface->ngname));
! 731: }
! 732: #endif
! 733: }
! 734:
! 735: /*
! 736: * IfaceListenInput()
! 737: *
! 738: * A packet was received on our demand snooping hook. Stimulate a connection.
! 739: */
! 740:
! 741: void
! 742: IfaceListenInput(Bund b, int proto, Mbuf pkt)
! 743: {
! 744: IfaceState const iface = &b->iface;
! 745: int const isDemand = IfaceIsDemand(proto, pkt);
! 746:
! 747: /* Does this count as demand traffic? */
! 748: if (iface->open && isDemand) {
! 749: iface->traffic[0] = TRUE;
! 750: Log(LG_IFACE, ("[%s] IFACE: Outgoing %s packet demands connection", b->name,
! 751: (proto==PROTO_IP)?"IP":"IPv6"));
! 752: RecordLinkUpDownReason(b, NULL, 1, STR_DEMAND, NULL);
! 753: BundOpen(b);
! 754: IfaceCachePkt(b, proto, pkt);
! 755: } else {
! 756: mbfree(pkt);
! 757: }
! 758: }
! 759:
! 760: #ifdef USE_IPFW
! 761: /*
! 762: * IfaceAllocACL ()
! 763: *
! 764: * Allocates unique real number for new ACL and adds it to the list of used ones.
! 765: */
! 766:
! 767: static int
! 768: IfaceAllocACL(struct acl_pool ***ap, int start, char *ifname, int number)
! 769: {
! 770: int i;
! 771: struct acl_pool **rp,*rp1;
! 772:
! 773: rp1 = Malloc(MB_IFACE, sizeof(struct acl_pool));
! 774: strlcpy(rp1->ifname, ifname, sizeof(rp1->ifname));
! 775: rp1->acl_number = number;
! 776:
! 777: rp = *ap;
! 778: i = start;
! 779: while (*rp != NULL && (*rp)->real_number <= i) {
! 780: i = (*rp)->real_number+1;
! 781: rp = &((*rp)->next);
! 782: };
! 783: if (*rp == NULL) {
! 784: rp1->next = NULL;
! 785: } else {
! 786: rp1->next = *rp;
! 787: };
! 788: rp1->real_number = i;
! 789: *rp = rp1;
! 790: *ap = rp;
! 791: return(i);
! 792: }
! 793:
! 794: /*
! 795: * IfaceFindACL ()
! 796: *
! 797: * Finds ACL in the list and gets its real number.
! 798: */
! 799:
! 800: static int
! 801: IfaceFindACL (struct acl_pool *ap, char * ifname, int number)
! 802: {
! 803: int i;
! 804: struct acl_pool *rp;
! 805:
! 806: rp=ap;
! 807: i=-1;
! 808: while (rp != NULL) {
! 809: if ((rp->acl_number == number) && (strncmp(rp->ifname,ifname,IFNAMSIZ) == 0)) {
! 810: i = rp->real_number;
! 811: break;
! 812: };
! 813: rp = rp->next;
! 814: };
! 815: return(i);
! 816: }
! 817:
! 818: /*
! 819: * IFaceParseACL ()
! 820: *
! 821: * Parces ACL and replaces %r, %p and %q macroses
! 822: * by the real numbers of rules, queues and pipes.
! 823: */
! 824:
! 825: static char *
! 826: IFaceParseACL (char * src, char * ifname)
! 827: {
! 828: char *buf,*buf1;
! 829: char *begin,*param,*end;
! 830: char t;
! 831: int num,real_number;
! 832: struct acl_pool *ap;
! 833:
! 834: buf = Malloc(MB_IFACE, ACL_LEN);
! 835: buf1 = Malloc(MB_IFACE, ACL_LEN);
! 836:
! 837: strlcpy(buf, src, ACL_LEN);
! 838: do {
! 839: end = buf;
! 840: begin = strsep(&end, "%");
! 841: param = strsep(&end, " ");
! 842: if (param != NULL) {
! 843: if (sscanf(param,"%c%d", &t, &num) == 2) {
! 844: switch (t) {
! 845: case 'r':
! 846: ap = rule_pool;
! 847: break;
! 848: case 'p':
! 849: ap = pipe_pool;
! 850: break;
! 851: case 'q':
! 852: ap = queue_pool;
! 853: break;
! 854: case 't':
! 855: ap = table_pool;
! 856: break;
! 857: default:
! 858: ap = NULL;
! 859: };
! 860: real_number = IfaceFindACL(ap,ifname,num);
! 861: if (end != NULL) {
! 862: snprintf(buf1, ACL_LEN, "%s%d %s", begin, real_number, end);
! 863: } else {
! 864: snprintf(buf1, ACL_LEN, "%s%d", begin, real_number);
! 865: };
! 866: strlcpy(buf, buf1, ACL_LEN);
! 867: };
! 868: };
! 869: } while (end != NULL);
! 870: Freee(buf1);
! 871: return(buf);
! 872: }
! 873: #endif /* USE_IPFW */
! 874:
! 875: /*
! 876: * IfaceIpIfaceUp()
! 877: *
! 878: * Bring up the IP interface. The "ready" flag means that
! 879: * IPCP is also up and we can deliver packets immediately.
! 880: */
! 881:
! 882: int
! 883: IfaceIpIfaceUp(Bund b, int ready)
! 884: {
! 885: IfaceState const iface = &b->iface;
! 886: struct sockaddr_dl hwa;
! 887: char hisaddr[20];
! 888: IfaceRoute r;
! 889: u_char *ether;
! 890:
! 891: if (ready && !iface->conf.self_addr_force) {
! 892: in_addrtou_range(&b->ipcp.want_addr, 32, &iface->self_addr);
! 893: } else {
! 894: u_rangecopy(&iface->conf.self_addr, &iface->self_addr);
! 895: }
! 896: if (ready && !iface->conf.peer_addr_force) {
! 897: in_addrtou_addr(&b->ipcp.peer_addr, &iface->peer_addr);
! 898: } else {
! 899: u_addrcopy(&iface->conf.peer_addr, &iface->peer_addr);
! 900: }
! 901:
! 902: if (IfaceNgIpInit(b, ready)) {
! 903: Log(LG_ERR, ("[%s] IFACE: IfaceNgIpInit() error, closing IPCP", b->name));
! 904: FsmFailure(&b->ipcp.fsm, FAIL_NEGOT_FAILURE);
! 905: return (-1);
! 906: };
! 907:
! 908: /* Set addresses */
! 909: if (!u_rangeempty(&iface->self_addr) &&
! 910: IfaceChangeAddr(b, 1, &iface->self_addr, &iface->peer_addr)) {
! 911: Log(LG_ERR, ("[%s] IFACE: IfaceChangeAddr() error, closing IPCP", b->name));
! 912: FsmFailure(&b->ipcp.fsm, FAIL_NEGOT_FAILURE);
! 913: return (-1);
! 914: };
! 915:
! 916: /* Proxy ARP for peer if desired and peer's address is known */
! 917: u_addrclear(&iface->proxy_addr);
! 918: if (Enabled(&iface->options, IFACE_CONF_PROXY)) {
! 919: if (u_addrempty(&iface->peer_addr)) {
! 920: Log(LG_IFACE,
! 921: ("[%s] IFACE: Can't proxy arp for %s",
! 922: b->name, u_addrtoa(&iface->peer_addr,hisaddr,sizeof(hisaddr))));
! 923: } else if (GetEther(&iface->peer_addr, &hwa) < 0) {
! 924: Log(LG_IFACE,
! 925: ("[%s] IFACE: No interface to proxy arp on for %s",
! 926: b->name, u_addrtoa(&iface->peer_addr,hisaddr,sizeof(hisaddr))));
! 927: } else {
! 928: ether = (u_char *) LLADDR(&hwa);
! 929: if (ExecCmdNosh(LG_IFACE2, b->name,
! 930: "%s -S %s %x:%x:%x:%x:%x:%x pub",
! 931: PATH_ARP, u_addrtoa(&iface->peer_addr,hisaddr,sizeof(hisaddr)),
! 932: ether[0], ether[1], ether[2],
! 933: ether[3], ether[4], ether[5]) == 0)
! 934: iface->proxy_addr = iface->peer_addr;
! 935: }
! 936: }
! 937:
! 938: /* Add static routes */
! 939: SLIST_FOREACH(r, &iface->routes, next) {
! 940: if (u_rangefamily(&r->dest)==AF_INET) {
! 941: r->ok = (IfaceSetRoute(b, RTM_ADD, &r->dest, &iface->peer_addr) == 0);
! 942: }
! 943: }
! 944: /* Add dynamic routes */
! 945: SLIST_FOREACH(r, &b->params.routes, next) {
! 946: if (u_rangefamily(&r->dest)==AF_INET) {
! 947: r->ok = (IfaceSetRoute(b, RTM_ADD, &r->dest, &iface->peer_addr) == 0);
! 948: }
! 949: }
! 950:
! 951: #ifdef USE_NG_NAT
! 952: /* Set NAT IP */
! 953: if (iface->nat_up)
! 954: IfaceSetupNAT(b);
! 955: #endif
! 956:
! 957: /* Call "up" script */
! 958: if (*iface->up_script) {
! 959: char selfbuf[40],peerbuf[40];
! 960: char ns1buf[21], ns2buf[21];
! 961: int res;
! 962:
! 963: if(b->ipcp.want_dns[0].s_addr != 0)
! 964: snprintf(ns1buf, sizeof(ns1buf), "dns1 %s", inet_ntoa(b->ipcp.want_dns[0]));
! 965: else
! 966: ns1buf[0] = '\0';
! 967: if(b->ipcp.want_dns[1].s_addr != 0)
! 968: snprintf(ns2buf, sizeof(ns2buf), "dns2 %s", inet_ntoa(b->ipcp.want_dns[1]));
! 969: else
! 970: ns2buf[0] = '\0';
! 971:
! 972: res = ExecCmd(LG_IFACE2, b->name, "%s %s inet %s %s '%s' '%s' '%s' '%s'",
! 973: iface->up_script, iface->ifname, u_rangetoa(&iface->self_addr,selfbuf, sizeof(selfbuf)),
! 974: u_addrtoa(&iface->peer_addr, peerbuf, sizeof(peerbuf)),
! 975: *b->params.authname ? b->params.authname : "-",
! 976: ns1buf, ns2buf, *b->params.peeraddr ? b->params.peeraddr : "-");
! 977: if (res != 0) {
! 978: FsmFailure(&b->ipcp.fsm, FAIL_NEGOT_FAILURE);
! 979: return (-1);
! 980: }
! 981: }
! 982: return (0);
! 983: }
! 984:
! 985: /*
! 986: * IfaceIpIfaceDown()
! 987: *
! 988: * Bring down the IP interface. This implies we're no longer ready.
! 989: */
! 990:
! 991: void
! 992: IfaceIpIfaceDown(Bund b)
! 993: {
! 994: IfaceState const iface = &b->iface;
! 995: IfaceRoute r;
! 996: char buf[48];
! 997:
! 998: /* Call "down" script */
! 999: if (*iface->down_script) {
! 1000: char selfbuf[40],peerbuf[40];
! 1001:
! 1002: ExecCmd(LG_IFACE2, b->name, "%s %s inet %s %s '%s' '%s'",
! 1003: iface->down_script, iface->ifname, u_rangetoa(&iface->self_addr,selfbuf, sizeof(selfbuf)),
! 1004: u_addrtoa(&iface->peer_addr, peerbuf, sizeof(peerbuf)),
! 1005: *b->params.authname ? b->params.authname : "-",
! 1006: *b->params.peeraddr ? b->params.peeraddr : "-");
! 1007: }
! 1008:
! 1009: /* Delete dynamic routes */
! 1010: SLIST_FOREACH(r, &b->params.routes, next) {
! 1011: if (u_rangefamily(&r->dest)==AF_INET) {
! 1012: if (!r->ok)
! 1013: continue;
! 1014: IfaceSetRoute(b, RTM_DELETE, &r->dest, &iface->peer_addr);
! 1015: r->ok = 0;
! 1016: }
! 1017: }
! 1018: /* Delete static routes */
! 1019: SLIST_FOREACH(r, &iface->routes, next) {
! 1020: if (u_rangefamily(&r->dest)==AF_INET) {
! 1021: if (!r->ok)
! 1022: continue;
! 1023: IfaceSetRoute(b, RTM_DELETE, &r->dest, &iface->peer_addr);
! 1024: r->ok = 0;
! 1025: }
! 1026: }
! 1027:
! 1028: /* Delete any proxy arp entry */
! 1029: if (!u_addrempty(&iface->proxy_addr))
! 1030: ExecCmdNosh(LG_IFACE2, b->name, "%s -d %s", PATH_ARP, u_addrtoa(&iface->proxy_addr, buf, sizeof(buf)));
! 1031: u_addrclear(&iface->proxy_addr);
! 1032:
! 1033: /* Remove address from interface */
! 1034: if (!u_rangeempty(&iface->self_addr))
! 1035: IfaceChangeAddr(b, 0, &iface->self_addr, &iface->peer_addr);
! 1036:
! 1037: IfaceNgIpShutdown(b);
! 1038: }
! 1039:
! 1040: /*
! 1041: * IfaceIpv6IfaceUp()
! 1042: *
! 1043: * Bring up the IPv6 interface. The "ready" flag means that
! 1044: * IPv6CP is also up and we can deliver packets immediately.
! 1045: */
! 1046:
! 1047: int
! 1048: IfaceIpv6IfaceUp(Bund b, int ready)
! 1049: {
! 1050: IfaceState const iface = &b->iface;
! 1051: IfaceRoute r;
! 1052:
! 1053: if (ready && !iface->conf.self_ipv6_addr_force) {
! 1054: iface->self_ipv6_addr.family = AF_INET6;
! 1055: iface->self_ipv6_addr.u.ip6.__u6_addr.__u6_addr16[0] = 0x80fe; /* Network byte order */
! 1056: iface->self_ipv6_addr.u.ip6.__u6_addr.__u6_addr16[1] = 0x0000;
! 1057: iface->self_ipv6_addr.u.ip6.__u6_addr.__u6_addr16[2] = 0x0000;
! 1058: iface->self_ipv6_addr.u.ip6.__u6_addr.__u6_addr16[3] = 0x0000;
! 1059: iface->self_ipv6_addr.u.ip6.__u6_addr.__u6_addr16[4] = ((u_short*)b->ipv6cp.myintid)[0];
! 1060: iface->self_ipv6_addr.u.ip6.__u6_addr.__u6_addr16[5] = ((u_short*)b->ipv6cp.myintid)[1];
! 1061: iface->self_ipv6_addr.u.ip6.__u6_addr.__u6_addr16[6] = ((u_short*)b->ipv6cp.myintid)[2];
! 1062: iface->self_ipv6_addr.u.ip6.__u6_addr.__u6_addr16[7] = ((u_short*)b->ipv6cp.myintid)[3];
! 1063: } else {
! 1064: u_addrcopy(&iface->conf.self_ipv6_addr, &iface->self_ipv6_addr);
! 1065: }
! 1066: if (ready && !iface->conf.peer_ipv6_addr_force) {
! 1067: iface->peer_ipv6_addr.family = AF_INET6;
! 1068: iface->peer_ipv6_addr.u.ip6.__u6_addr.__u6_addr16[0] = 0x80fe; /* Network byte order */
! 1069: iface->peer_ipv6_addr.u.ip6.__u6_addr.__u6_addr16[1] = 0x0000;
! 1070: iface->peer_ipv6_addr.u.ip6.__u6_addr.__u6_addr16[2] = 0x0000;
! 1071: iface->peer_ipv6_addr.u.ip6.__u6_addr.__u6_addr16[3] = 0x0000;
! 1072: iface->peer_ipv6_addr.u.ip6.__u6_addr.__u6_addr16[4] = ((u_short*)b->ipv6cp.hisintid)[0];
! 1073: iface->peer_ipv6_addr.u.ip6.__u6_addr.__u6_addr16[5] = ((u_short*)b->ipv6cp.hisintid)[1];
! 1074: iface->peer_ipv6_addr.u.ip6.__u6_addr.__u6_addr16[6] = ((u_short*)b->ipv6cp.hisintid)[2];
! 1075: iface->peer_ipv6_addr.u.ip6.__u6_addr.__u6_addr16[7] = ((u_short*)b->ipv6cp.hisintid)[3];
! 1076: } else {
! 1077: u_addrcopy(&iface->conf.peer_ipv6_addr, &iface->peer_ipv6_addr);
! 1078: }
! 1079:
! 1080: if (IfaceNgIpv6Init(b, ready)) {
! 1081: Log(LG_ERR, ("[%s] IFACE: IfaceNgIpv6Init() failed, closing IPv6CP", b->name));
! 1082: FsmFailure(&b->ipv6cp.fsm, FAIL_NEGOT_FAILURE);
! 1083: return (-1);
! 1084: };
! 1085:
! 1086: /* Set addresses */
! 1087: if (!u_addrempty(&iface->self_ipv6_addr)) {
! 1088: struct u_range rng;
! 1089: rng.addr = iface->self_ipv6_addr;
! 1090: rng.width = 64;
! 1091: if (IfaceChangeAddr(b, 1, &rng, &iface->peer_ipv6_addr)) {
! 1092: Log(LG_ERR, ("[%s] IFACE: IfaceChangeAddr() failed, closing IPv6CP", b->name));
! 1093: FsmFailure(&b->ipv6cp.fsm, FAIL_NEGOT_FAILURE);
! 1094: return (-1);
! 1095: }
! 1096: };
! 1097:
! 1098: /* Add static routes */
! 1099: SLIST_FOREACH(r, &iface->routes, next) {
! 1100: if (u_rangefamily(&r->dest)==AF_INET6) {
! 1101: r->ok = (IfaceSetRoute(b, RTM_ADD, &r->dest, &iface->peer_ipv6_addr) == 0);
! 1102: }
! 1103: }
! 1104: /* Add dynamic routes */
! 1105: SLIST_FOREACH(r, &b->params.routes, next) {
! 1106: if (u_rangefamily(&r->dest)==AF_INET6) {
! 1107: r->ok = (IfaceSetRoute(b, RTM_ADD, &r->dest, &iface->peer_ipv6_addr) == 0);
! 1108: }
! 1109: }
! 1110:
! 1111: /* Call "up" script */
! 1112: if (*iface->up_script) {
! 1113: char selfbuf[48],peerbuf[48];
! 1114: int res;
! 1115:
! 1116: res = ExecCmd(LG_IFACE2, b->name, "%s %s inet6 %s%%%s %s%%%s '%s' '%s'",
! 1117: iface->up_script, iface->ifname,
! 1118: u_addrtoa(&iface->self_ipv6_addr, selfbuf, sizeof(selfbuf)), iface->ifname,
! 1119: u_addrtoa(&iface->peer_ipv6_addr, peerbuf, sizeof(peerbuf)), iface->ifname,
! 1120: *b->params.authname ? b->params.authname : "-",
! 1121: *b->params.peeraddr ? b->params.peeraddr : "-");
! 1122: if (res != 0) {
! 1123: FsmFailure(&b->ipv6cp.fsm, FAIL_NEGOT_FAILURE);
! 1124: return (-1);
! 1125: }
! 1126: }
! 1127: return (0);
! 1128:
! 1129: }
! 1130:
! 1131: /*
! 1132: * IfaceIpv6IfaceDown()
! 1133: *
! 1134: * Bring down the IPv6 interface. This implies we're no longer ready.
! 1135: */
! 1136:
! 1137: void
! 1138: IfaceIpv6IfaceDown(Bund b)
! 1139: {
! 1140: IfaceState const iface = &b->iface;
! 1141: IfaceRoute r;
! 1142: struct u_range rng;
! 1143:
! 1144: /* Call "down" script */
! 1145: if (*iface->down_script) {
! 1146: char selfbuf[48],peerbuf[48];
! 1147:
! 1148: ExecCmd(LG_IFACE2, b->name, "%s %s inet6 %s%%%s %s%%%s '%s' '%s'",
! 1149: iface->down_script, iface->ifname,
! 1150: u_addrtoa(&iface->self_ipv6_addr, selfbuf, sizeof(selfbuf)), iface->ifname,
! 1151: u_addrtoa(&iface->peer_ipv6_addr, peerbuf, sizeof(peerbuf)), iface->ifname,
! 1152: *b->params.authname ? b->params.authname : "-",
! 1153: *b->params.peeraddr ? b->params.peeraddr : "-");
! 1154: }
! 1155:
! 1156: /* Delete dynamic routes */
! 1157: SLIST_FOREACH(r, &b->params.routes, next) {
! 1158: if (u_rangefamily(&r->dest)==AF_INET6) {
! 1159: if (!r->ok)
! 1160: continue;
! 1161: IfaceSetRoute(b, RTM_DELETE, &r->dest, &iface->peer_ipv6_addr);
! 1162: r->ok = 0;
! 1163: }
! 1164: }
! 1165: /* Delete static routes */
! 1166: SLIST_FOREACH(r, &iface->routes, next) {
! 1167: if (u_rangefamily(&r->dest)==AF_INET6) {
! 1168: if (!r->ok)
! 1169: continue;
! 1170: IfaceSetRoute(b, RTM_DELETE, &r->dest, &iface->peer_ipv6_addr);
! 1171: r->ok = 0;
! 1172: }
! 1173: }
! 1174:
! 1175: if (!u_addrempty(&iface->self_ipv6_addr)) {
! 1176: /* Remove address from interface */
! 1177: rng.addr = iface->self_ipv6_addr;
! 1178: rng.width = 64;
! 1179: IfaceChangeAddr(b, 0, &rng, &iface->peer_ipv6_addr);
! 1180: }
! 1181:
! 1182: IfaceNgIpv6Shutdown(b);
! 1183: }
! 1184:
! 1185: /*
! 1186: * IfaceIdleTimeout()
! 1187: */
! 1188:
! 1189: static void
! 1190: IfaceIdleTimeout(void *arg)
! 1191: {
! 1192: Bund b = (Bund)arg;
! 1193:
! 1194: IfaceState const iface = &b->iface;
! 1195: int k;
! 1196:
! 1197: /* Get updated bpf node traffic statistics */
! 1198: BundUpdateStats(b);
! 1199:
! 1200: /* Mark current traffic period if there was traffic */
! 1201: if (iface->idleStats.recvFrames + iface->idleStats.xmitFrames <
! 1202: b->stats.recvFrames + b->stats.xmitFrames) {
! 1203: iface->traffic[0] = TRUE;
! 1204: } else { /* no demand traffic for a whole idle timeout period? */
! 1205: for (k = 0; k < IFACE_IDLE_SPLIT && !iface->traffic[k]; k++);
! 1206: if (k == IFACE_IDLE_SPLIT) {
! 1207: Log(LG_BUND, ("[%s] IFACE: Idle timeout", b->name));
! 1208: RecordLinkUpDownReason(b, NULL, 0, STR_IDLE_TIMEOUT, NULL);
! 1209: BundClose(b);
! 1210: return;
! 1211: }
! 1212: }
! 1213:
! 1214: iface->idleStats = b->stats;
! 1215:
! 1216: /* Shift traffic history */
! 1217: memmove(iface->traffic + 1,
! 1218: iface->traffic, (IFACE_IDLE_SPLIT - 1) * sizeof(*iface->traffic));
! 1219: iface->traffic[0] = FALSE;
! 1220:
! 1221: /* Restart timer */
! 1222: TimerStart(&iface->idleTimer);
! 1223: }
! 1224:
! 1225: /*
! 1226: * IfaceSessionTimeout()
! 1227: */
! 1228:
! 1229: static void
! 1230: IfaceSessionTimeout(void *arg)
! 1231: {
! 1232: Bund b = (Bund)arg;
! 1233:
! 1234: Log(LG_BUND, ("[%s] IFACE: Session timeout", b->name));
! 1235:
! 1236: RecordLinkUpDownReason(b, NULL, 0, STR_SESSION_TIMEOUT, NULL);
! 1237:
! 1238: BundClose(b);
! 1239:
! 1240: }
! 1241:
! 1242: /*
! 1243: * IfaceCachePkt()
! 1244: *
! 1245: * A packet caused dial-on-demand; save it for later if possible.
! 1246: * Consumes the mbuf in any case.
! 1247: */
! 1248:
! 1249: static void
! 1250: IfaceCachePkt(Bund b, int proto, Mbuf pkt)
! 1251: {
! 1252: IfaceState const iface = &b->iface;
! 1253:
! 1254: /* Only cache network layer data */
! 1255: if (!PROT_NETWORK_DATA(proto)) {
! 1256: mbfree(pkt);
! 1257: return;
! 1258: }
! 1259:
! 1260: /* Release previously cached packet, if any, and save this one */
! 1261: if (iface->dodCache.pkt)
! 1262: mbfree(iface->dodCache.pkt);
! 1263:
! 1264: iface->dodCache.pkt = pkt;
! 1265: iface->dodCache.proto = proto;
! 1266: iface->dodCache.ts = time(NULL);
! 1267: }
! 1268:
! 1269: /*
! 1270: * IfaceCacheSend()
! 1271: *
! 1272: * Send cached packet
! 1273: */
! 1274:
! 1275: static void
! 1276: IfaceCacheSend(Bund b)
! 1277: {
! 1278: IfaceState const iface = &b->iface;
! 1279:
! 1280: if (iface->dodCache.pkt) {
! 1281: if (iface->dodCache.ts + MAX_DOD_CACHE_DELAY < time(NULL))
! 1282: mbfree(iface->dodCache.pkt);
! 1283: else {
! 1284: if (NgFuncWritePppFrame(b, NG_PPP_BUNDLE_LINKNUM,
! 1285: iface->dodCache.proto, iface->dodCache.pkt) < 0) {
! 1286: Perror("[%s] can't write cached pkt", b->name);
! 1287: }
! 1288: }
! 1289: iface->dodCache.pkt = NULL;
! 1290: }
! 1291: }
! 1292:
! 1293: /*
! 1294: * IfaceIsDemand()
! 1295: *
! 1296: * Determine if this outgoing packet qualifies for dial-on-demand
! 1297: */
! 1298:
! 1299: static int
! 1300: IfaceIsDemand(int proto, Mbuf pkt)
! 1301: {
! 1302: switch (proto) {
! 1303: case PROTO_IP:
! 1304: {
! 1305: struct ip *ip;
! 1306:
! 1307: if (MBLEN(pkt) < sizeof(struct ip))
! 1308: return (0);
! 1309:
! 1310: ip = (struct ip *)MBDATA(pkt);
! 1311: switch (ip->ip_p) {
! 1312: case IPPROTO_IGMP: /* No multicast stuff */
! 1313: return(0);
! 1314: #if (!defined(__FreeBSD__) || __FreeBSD_version >= 600025)
! 1315: case IPPROTO_ICMP:
! 1316: {
! 1317: struct icmphdr *icmp;
! 1318:
! 1319: if (MBLEN(pkt) < (ip->ip_hl * 4 + sizeof(struct icmphdr)))
! 1320: return (0);
! 1321:
! 1322: icmp = (struct icmphdr *) ((u_int32_t *) ip + ip->ip_hl);
! 1323:
! 1324: switch (icmp->icmp_type) /* No ICMP replies */
! 1325: {
! 1326: case ICMP_ECHOREPLY:
! 1327: case ICMP_UNREACH:
! 1328: case ICMP_REDIRECT:
! 1329: return(0);
! 1330: default:
! 1331: break;
! 1332: }
! 1333: }
! 1334: break;
! 1335: #endif
! 1336: case IPPROTO_UDP:
! 1337: {
! 1338: struct udphdr *udp;
! 1339:
! 1340: if (MBLEN(pkt) < (ip->ip_hl * 4 + sizeof(struct udphdr)))
! 1341: return (0);
! 1342:
! 1343: udp = (struct udphdr *) ((u_int32_t *) ip + ip->ip_hl);
! 1344:
! 1345: #define NTP_PORT 123
! 1346: if (ntohs(udp->uh_dport) == NTP_PORT) /* No NTP packets */
! 1347: return(0);
! 1348: }
! 1349: break;
! 1350: case IPPROTO_TCP:
! 1351: {
! 1352: struct tcphdr *tcp;
! 1353:
! 1354: if (MBLEN(pkt) < (ip->ip_hl * 4 + sizeof(struct tcphdr)))
! 1355: return (0);
! 1356:
! 1357: tcp = (struct tcphdr *) ((u_int32_t *) ip + ip->ip_hl);
! 1358:
! 1359: if (tcp->th_flags & TH_RST) /* No TCP reset packets */
! 1360: return(0);
! 1361: }
! 1362: break;
! 1363: default:
! 1364: break;
! 1365: }
! 1366: break;
! 1367: }
! 1368: default:
! 1369: break;
! 1370: }
! 1371: return(1);
! 1372: }
! 1373:
! 1374: /*
! 1375: * IfaceSetCommand()
! 1376: */
! 1377:
! 1378: static int
! 1379: IfaceSetCommand(Context ctx, int ac, char *av[], void *arg)
! 1380: {
! 1381: IfaceState const iface = &ctx->bund->iface;
! 1382: int empty_arg;
! 1383:
! 1384: switch ((intptr_t)arg) {
! 1385: case SET_NAME:
! 1386: #ifdef SIOCSIFDESCR
! 1387: case SET_DESCR:
! 1388: #endif
! 1389: case SET_UP_SCRIPT:
! 1390: case SET_DOWN_SCRIPT:
! 1391: empty_arg = TRUE;
! 1392: break;
! 1393: default:
! 1394: empty_arg = FALSE;
! 1395: break;
! 1396: }
! 1397:
! 1398: if ((ac == 0) && (empty_arg == FALSE))
! 1399: return(-1);
! 1400: switch ((intptr_t)arg) {
! 1401: case SET_IDLE:
! 1402: iface->idle_timeout = atoi(*av);
! 1403: break;
! 1404: case SET_SESSION:
! 1405: iface->session_timeout = atoi(*av);
! 1406: break;
! 1407: case SET_ADDRS:
! 1408: {
! 1409: struct u_range self_addr;
! 1410: struct u_addr peer_addr;
! 1411: int self_addr_force = 0, peer_addr_force = 0;
! 1412: char *arg;
! 1413:
! 1414: /* Parse */
! 1415: if (ac != 2)
! 1416: return(-1);
! 1417: arg = av[0];
! 1418: if (arg[0] == '!') {
! 1419: self_addr_force = 1;
! 1420: arg++;
! 1421: }
! 1422: if (!ParseRange(arg, &self_addr, ALLOW_IPV4|ALLOW_IPV6))
! 1423: Error("Bad IP address \"%s\"", av[0]);
! 1424: arg = av[1];
! 1425: if (arg[0] == '!') {
! 1426: peer_addr_force = 1;
! 1427: arg++;
! 1428: }
! 1429: if (!ParseAddr(arg, &peer_addr, ALLOW_IPV4|ALLOW_IPV6))
! 1430: Error("Bad IP address \"%s\"", av[1]);
! 1431: if (self_addr.addr.family != peer_addr.family)
! 1432: Error("Addresses must be from the same protocol family");
! 1433:
! 1434: /* OK */
! 1435: if (peer_addr.family == AF_INET) {
! 1436: iface->conf.self_addr = self_addr;
! 1437: iface->conf.peer_addr = peer_addr;
! 1438: iface->conf.self_addr_force = self_addr_force;
! 1439: iface->conf.peer_addr_force = peer_addr_force;
! 1440: } else {
! 1441: iface->conf.self_ipv6_addr = self_addr.addr;
! 1442: iface->conf.peer_ipv6_addr = peer_addr;
! 1443: iface->conf.self_ipv6_addr_force = self_addr_force;
! 1444: iface->conf.peer_ipv6_addr_force = peer_addr_force;
! 1445: }
! 1446: }
! 1447: break;
! 1448:
! 1449: case SET_ROUTE:
! 1450: {
! 1451: struct u_range range;
! 1452: IfaceRoute r;
! 1453:
! 1454: /* Check */
! 1455: if (ac != 1)
! 1456: return(-1);
! 1457:
! 1458: /* Get dest address */
! 1459: if (!strcasecmp(av[0], "default")) {
! 1460: u_rangeclear(&range);
! 1461: range.addr.family=AF_INET;
! 1462: }
! 1463: else if (!ParseRange(av[0], &range, ALLOW_IPV4|ALLOW_IPV6))
! 1464: Error("Bad route dest address \"%s\"", av[0]);
! 1465: r = Malloc(MB_IFACE, sizeof(struct ifaceroute));
! 1466: r->dest = range;
! 1467: r->ok = 0;
! 1468: SLIST_INSERT_HEAD(&iface->routes, r, next);
! 1469: }
! 1470: break;
! 1471:
! 1472: case SET_MTU:
! 1473: {
! 1474: int max_mtu;
! 1475:
! 1476: /* Check */
! 1477: if (ac != 1)
! 1478: return(-1);
! 1479:
! 1480: max_mtu = atoi(av[0]);
! 1481: if (max_mtu < IFACE_MIN_MTU || max_mtu > IFACE_MAX_MTU)
! 1482: Error("Invalid interface mtu %d", max_mtu);
! 1483: iface->max_mtu = max_mtu;
! 1484: }
! 1485: break;
! 1486:
! 1487: case SET_NAME:
! 1488: switch (ac) {
! 1489: case 0:
! 1490: /* Restore original interface name */
! 1491: if (strcmp(iface->ifname, iface->ngname) != 0) {
! 1492: iface->conf.ifname[0] = '\0';
! 1493: return IfaceSetName(ctx->bund, iface->ngname);
! 1494: }
! 1495: break;
! 1496: case 1:
! 1497: if (strcmp(iface->ifname, av[0]) != 0) {
! 1498: int ifmaxlen = IF_NAMESIZE - ctx->bund->tmpl * IFNUMLEN;
! 1499: if (strlen(av[0]) >= ifmaxlen)
! 1500: Error("Interface name too long, >%d characters", ifmaxlen-1);
! 1501: if ((strncmp(av[0], "ng", 2) == 0) &&
! 1502: ((ctx->bund->tmpl && av[0][2] == 0) ||
! 1503: (av[0][2] >= '0' && av[0][2] <= '9')))
! 1504: Error("This interface name is reserved");
! 1505: strlcpy(iface->conf.ifname, av[0], sizeof(iface->conf.ifname));
! 1506: return IfaceSetName(ctx->bund, av[0]);
! 1507: }
! 1508: break;
! 1509: default:
! 1510: return(-1);
! 1511: }
! 1512: break;
! 1513: #ifdef SIOCSIFDESCR
! 1514: case SET_DESCR:
! 1515: if (ctx->bund->tmpl)
! 1516: Error("Impossible to apply on template");
! 1517: if (iface->conf.ifdescr != NULL)
! 1518: Freee(iface->conf.ifdescr);
! 1519: iface->conf.ifdescr = NULL;
! 1520: iface->ifdescr = NULL;
! 1521: switch (ac) {
! 1522: case 0:
! 1523: return IfaceSetDescr(ctx->bund, "");
! 1524: break;
! 1525: case 1:
! 1526: iface->conf.ifdescr = Mstrdup(MB_IFACE, av[0]);
! 1527: if (IfaceSetDescr(ctx->bund, av[0]) == 0) {
! 1528: iface->ifdescr = iface->conf.ifdescr;
! 1529: return(0);
! 1530: } else
! 1531: return(-1);
! 1532: break;
! 1533: default:
! 1534: return(-1);
! 1535: }
! 1536: break;
! 1537: #endif
! 1538: #ifdef SIOCAIFGROUP
! 1539: case SET_GROUP:
! 1540: if (ac != 1)
! 1541: return(-1);
! 1542:
! 1543: if (av[0][0] && isdigit(av[0][strlen(av[0]) - 1]))
! 1544: Error("Groupnames may not end in a digit");
! 1545: if (strlen(av[0]) >= IFNAMSIZ)
! 1546: Error("Group name %s too long", av[0]);
! 1547: if (iface->conf.ifgroup[0] != 0)
! 1548: IfaceDelGroup(ctx->bund, iface->conf.ifgroup);
! 1549: strlcpy(iface->conf.ifgroup, av[0], IFNAMSIZ);
! 1550: return IfaceAddGroup(ctx->bund, av[0]);
! 1551: break;
! 1552: #endif
! 1553: case SET_UP_SCRIPT:
! 1554: switch (ac) {
! 1555: case 0:
! 1556: *iface->up_script = 0;
! 1557: break;
! 1558: case 1:
! 1559: strlcpy(iface->up_script, av[0], sizeof(iface->up_script));
! 1560: break;
! 1561: default:
! 1562: return(-1);
! 1563: }
! 1564: break;
! 1565:
! 1566: case SET_DOWN_SCRIPT:
! 1567: switch (ac) {
! 1568: case 0:
! 1569: *iface->down_script = 0;
! 1570: break;
! 1571: case 1:
! 1572: strlcpy(iface->down_script, av[0], sizeof(iface->down_script));
! 1573: break;
! 1574: default:
! 1575: return(-1);
! 1576: }
! 1577: break;
! 1578:
! 1579: case SET_ENABLE:
! 1580: EnableCommand(ac, av, &iface->options, gConfList);
! 1581: break;
! 1582:
! 1583: case SET_DISABLE:
! 1584: DisableCommand(ac, av, &iface->options, gConfList);
! 1585: break;
! 1586:
! 1587: default:
! 1588: assert(0);
! 1589: }
! 1590: return(0);
! 1591: }
! 1592:
! 1593: /*
! 1594: * IfaceStat()
! 1595: */
! 1596:
! 1597: int
! 1598: IfaceStat(Context ctx, int ac, char *av[], void *arg)
! 1599: {
! 1600: Bund const b = ctx->bund;
! 1601: IfaceState const iface = &b->iface;
! 1602: IfaceRoute r;
! 1603: #ifdef USE_NG_BPF
! 1604: int k;
! 1605: #endif
! 1606: char buf[48];
! 1607: #if defined(USE_NG_BPF) || defined(USE_IPFW)
! 1608: struct acl *a;
! 1609: #endif
! 1610:
! 1611: Printf("Interface configuration:\r\n");
! 1612: Printf("\tName : %s\r\n", iface->conf.ifname);
! 1613: #ifdef SIOCSIFDESCR
! 1614: Printf("\tDescription : \"%s\"\r\n",
! 1615: (iface->conf.ifdescr != NULL) ? iface->conf.ifdescr : "<none>");
! 1616: #endif
! 1617: #ifdef SIOCAIFGROUP
! 1618: Printf("\tGroup : %s\r\n", iface->conf.ifgroup);
! 1619: #endif
! 1620: Printf("\tMaximum MTU : %d bytes\r\n", iface->max_mtu);
! 1621: Printf("\tIdle timeout : %d seconds\r\n", iface->idle_timeout);
! 1622: Printf("\tSession timeout : %d seconds\r\n", iface->session_timeout);
! 1623: if (!u_rangeempty(&iface->conf.self_addr)) {
! 1624: Printf("\tIP Addresses : %s%s -> ", iface->conf.self_addr_force?"!":"",
! 1625: u_rangetoa(&iface->conf.self_addr,buf,sizeof(buf)));
! 1626: Printf("%s%s\r\n", iface->conf.peer_addr_force?"!":"",
! 1627: u_addrtoa(&iface->conf.peer_addr,buf,sizeof(buf)));
! 1628: }
! 1629: if (!u_addrempty(&iface->conf.self_ipv6_addr)) {
! 1630: Printf("\tIPv6 Addresses : %s%s%%%s -> ", iface->conf.self_ipv6_addr_force?"!":"",
! 1631: u_addrtoa(&iface->conf.self_ipv6_addr,buf,sizeof(buf)), iface->ifname);
! 1632: Printf("%s%s%%%s\r\n", iface->conf.peer_ipv6_addr_force?"!":"",
! 1633: u_addrtoa(&iface->conf.peer_ipv6_addr,buf,sizeof(buf)), iface->ifname);
! 1634: }
! 1635: Printf("\tEvent scripts\r\n");
! 1636: Printf("\t up-script : \"%s\"\r\n",
! 1637: *iface->up_script ? iface->up_script : "<none>");
! 1638: Printf("\t down-script : \"%s\"\r\n",
! 1639: *iface->down_script ? iface->down_script : "<none>");
! 1640: Printf("Interface options:\r\n");
! 1641: OptStat(ctx, &iface->options, gConfList);
! 1642: if (!SLIST_EMPTY(&iface->routes)) {
! 1643: Printf("Static routes via peer:\r\n");
! 1644: SLIST_FOREACH(r, &iface->routes, next) {
! 1645: Printf("\t%s\r\n", u_rangetoa(&r->dest,buf,sizeof(buf)));
! 1646: }
! 1647: }
! 1648: Printf("Interface status:\r\n");
! 1649: Printf("\tAdmin status : %s\r\n", iface->open ? "OPEN" : "CLOSED");
! 1650: Printf("\tStatus : %s\r\n", iface->up ? (iface->dod?"DoD":"UP") : "DOWN");
! 1651: Printf("\tName : %s\r\n", iface->ifname);
! 1652: #ifdef SIOCSIFDESCR
! 1653: Printf("\tDescription : \"%s\"\r\n",
! 1654: (iface->ifdescr != NULL) ? iface->ifdescr : "<none>");
! 1655: #endif
! 1656: if (iface->up) {
! 1657: Printf("\tSession time : %ld seconds\r\n", (long int)(time(NULL) - iface->last_up));
! 1658: if (b->params.idle_timeout || iface->idle_timeout)
! 1659: Printf("\tIdle timeout : %d seconds\r\n", b->params.idle_timeout?b->params.idle_timeout:iface->idle_timeout);
! 1660: if (b->params.session_timeout || iface->session_timeout)
! 1661: Printf("\tSession timeout : %d seconds\r\n", b->params.session_timeout?b->params.session_timeout:iface->session_timeout);
! 1662: Printf("\tMTU : %d bytes\r\n", iface->mtu);
! 1663: }
! 1664: if (iface->ip_up && !u_rangeempty(&iface->self_addr)) {
! 1665: Printf("\tIP Addresses : %s -> ", u_rangetoa(&iface->self_addr,buf,sizeof(buf)));
! 1666: Printf("%s\r\n", u_addrtoa(&iface->peer_addr,buf,sizeof(buf)));
! 1667: }
! 1668: if (iface->ipv6_up && !u_addrempty(&iface->self_ipv6_addr)) {
! 1669: Printf("\tIPv6 Addresses : %s%%%s -> ",
! 1670: u_addrtoa(&iface->self_ipv6_addr,buf,sizeof(buf)), iface->ifname);
! 1671: Printf("%s%%%s\r\n", u_addrtoa(&iface->peer_ipv6_addr,buf,sizeof(buf)), iface->ifname);
! 1672: }
! 1673: if (iface->up) {
! 1674: Printf("Dynamic routes via peer:\r\n");
! 1675: SLIST_FOREACH(r, &ctx->bund->params.routes, next) {
! 1676: Printf("\t%s\r\n", u_rangetoa(&r->dest,buf,sizeof(buf)));
! 1677: }
! 1678: #ifdef USE_IPFW
! 1679: Printf("IPFW pipes:\r\n");
! 1680: a = ctx->bund->params.acl_pipe;
! 1681: while (a) {
! 1682: Printf("\t%d (%d)\t: '%s'\r\n", a->number, a->real_number, a->rule);
! 1683: a = a->next;
! 1684: }
! 1685: Printf("IPFW queues:\r\n");
! 1686: a = ctx->bund->params.acl_queue;
! 1687: while (a) {
! 1688: Printf("\t%d (%d)\t: '%s'\r\n", a->number, a->real_number, a->rule);
! 1689: a = a->next;
! 1690: }
! 1691: Printf("IPFW tables:\r\n");
! 1692: a = ctx->bund->params.acl_table;
! 1693: while (a) {
! 1694: if (a->number != 0)
! 1695: Printf("\t%d (%d)\t: '%s'\r\n", a->number, a->real_number, a->rule);
! 1696: else
! 1697: Printf("\t(%d)\t: '%s'\r\n", a->real_number, a->rule);
! 1698: a = a->next;
! 1699: }
! 1700: Printf("IPFW rules:\r\n");
! 1701: a = ctx->bund->params.acl_rule;
! 1702: while (a) {
! 1703: Printf("\t%d (%d)\t: '%s'\r\n", a->number, a->real_number, a->rule);
! 1704: a = a->next;
! 1705: }
! 1706: #endif /* USE_IPFW */
! 1707: #ifdef USE_NG_BPF
! 1708: Printf("Traffic filters:\r\n");
! 1709: for (k = 0; k < ACL_FILTERS; k++) {
! 1710: a = ctx->bund->params.acl_filters[k];
! 1711: if (a == NULL)
! 1712: a = acl_filters[k];
! 1713: while (a) {
! 1714: Printf("\t%d#%d\t: '%s'\r\n", (k + 1), a->number, a->rule);
! 1715: a = a->next;
! 1716: }
! 1717: }
! 1718: Printf("Traffic limits:\r\n");
! 1719: for (k = 0; k < 2; k++) {
! 1720: a = ctx->bund->params.acl_limits[k];
! 1721: while (a) {
! 1722: Printf("\t%s#%d%s%s\t: '%s'\r\n", (k?"out":"in"), a->number,
! 1723: ((a->name[0])?"#":""), a->name, a->rule);
! 1724: a = a->next;
! 1725: }
! 1726: }
! 1727: #endif /* USE_NG_BPF */
! 1728: }
! 1729: return(0);
! 1730: }
! 1731:
! 1732: /*
! 1733: * IfaceSetMTU()
! 1734: *
! 1735: * Set MTU and bandwidth on bundle's interface
! 1736: */
! 1737:
! 1738: void
! 1739: IfaceSetMTU(Bund b, int mtu)
! 1740: {
! 1741: IfaceState const iface = &b->iface;
! 1742: struct ifreq ifr;
! 1743: int s;
! 1744:
! 1745: /* Get socket */
! 1746: if ((s = socket(PF_INET, SOCK_DGRAM, 0)) < 0) {
! 1747: Perror("[%s] IFACE: Can't get socket to set MTU", b->name);
! 1748: return;
! 1749: }
! 1750:
! 1751: if ((b->params.mtu > 0) && (mtu > b->params.mtu)) {
! 1752: mtu = b->params.mtu;
! 1753: Log(LG_IFACE2, ("[%s] IFACE: forcing MTU of auth backend: %d bytes",
! 1754: b->name, mtu));
! 1755: }
! 1756:
! 1757: /* Limit MTU to configured maximum */
! 1758: if (mtu > iface->max_mtu)
! 1759: mtu = iface->max_mtu;
! 1760:
! 1761: /* Set MTU on interface */
! 1762: memset(&ifr, 0, sizeof(ifr));
! 1763: strlcpy(ifr.ifr_name, b->iface.ifname, sizeof(ifr.ifr_name));
! 1764: ifr.ifr_mtu = mtu;
! 1765: Log(LG_IFACE2, ("[%s] IFACE: setting %s MTU to %d bytes",
! 1766: b->name, b->iface.ifname, mtu));
! 1767: if (ioctl(s, SIOCSIFMTU, (char *)&ifr) < 0)
! 1768: Perror("[%s] IFACE: ioctl(%s, %s)", b->name, b->iface.ifname, "SIOCSIFMTU");
! 1769: close(s);
! 1770:
! 1771: /* Save MTU */
! 1772: iface->mtu = mtu;
! 1773:
! 1774: #if defined(USE_NG_TCPMSS) || (!defined(USE_NG_TCPMSS) && defined(USE_NG_BPF))
! 1775: /* Update tcpmssfix config */
! 1776: if (iface->mss_up)
! 1777: IfaceSetupMSS(b, MAXMSS(mtu));
! 1778: #endif
! 1779:
! 1780: }
! 1781:
! 1782: void
! 1783: IfaceChangeFlags(Bund b, int clear, int set)
! 1784: {
! 1785: struct ifreq ifrq;
! 1786: int s, new_flags;
! 1787:
! 1788: Log(LG_IFACE2, ("[%s] IFACE: Change interface flags: -%d +%d",
! 1789: b->name, clear, set));
! 1790:
! 1791: if ((s = socket(PF_INET, SOCK_DGRAM, 0)) < 0) {
! 1792: Perror("[%s] IFACE: Can't get socket to change interface flags", b->name);
! 1793: return;
! 1794: }
! 1795:
! 1796: memset(&ifrq, '\0', sizeof(ifrq));
! 1797: strlcpy(ifrq.ifr_name, b->iface.ifname, sizeof(ifrq.ifr_name));
! 1798: ifrq.ifr_name[sizeof(ifrq.ifr_name) - 1] = '\0';
! 1799: if (ioctl(s, SIOCGIFFLAGS, &ifrq) < 0) {
! 1800: Perror("[%s] IFACE: ioctl(%s, %s)", b->name, b->iface.ifname, "SIOCGIFFLAGS");
! 1801: close(s);
! 1802: return;
! 1803: }
! 1804: new_flags = (ifrq.ifr_flags & 0xffff) | (ifrq.ifr_flagshigh << 16);
! 1805:
! 1806: new_flags &= ~clear;
! 1807: new_flags |= set;
! 1808:
! 1809: ifrq.ifr_flags = new_flags & 0xffff;
! 1810: ifrq.ifr_flagshigh = new_flags >> 16;
! 1811:
! 1812: if (ioctl(s, SIOCSIFFLAGS, &ifrq) < 0) {
! 1813: Perror("[%s] IFACE: ioctl(%s, %s)", b->name, b->iface.ifname, "SIOCSIFFLAGS");
! 1814: close(s);
! 1815: return;
! 1816: }
! 1817: close(s);
! 1818: }
! 1819:
! 1820: #if defined(__KAME__) && !defined(NOINET6)
! 1821: static void
! 1822: add_scope(struct sockaddr *sa, int ifindex)
! 1823: {
! 1824: struct sockaddr_in6 *sa6;
! 1825:
! 1826: if (sa->sa_family != AF_INET6)
! 1827: return;
! 1828: sa6 = (struct sockaddr_in6 *)sa;
! 1829: if (!IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr) &&
! 1830: !IN6_IS_ADDR_MC_LINKLOCAL(&sa6->sin6_addr))
! 1831: return;
! 1832: if (*(u_int16_t *)&sa6->sin6_addr.s6_addr[2] != 0)
! 1833: return;
! 1834: *(u_int16_t *)&sa6->sin6_addr.s6_addr[2] = htons(ifindex);
! 1835: }
! 1836: #endif
! 1837:
! 1838: int
! 1839: IfaceChangeAddr(Bund b, int add, struct u_range *self, struct u_addr *peer)
! 1840: {
! 1841: struct ifaliasreq ifra;
! 1842: struct in6_aliasreq ifra6;
! 1843: struct sockaddr_in *me4, *msk4, *peer4;
! 1844: struct sockaddr_storage ssself, sspeer, ssmsk;
! 1845: int res = 0;
! 1846: int s;
! 1847: char buf[48], buf1[48];
! 1848:
! 1849: Log(LG_IFACE2, ("[%s] IFACE: %s address %s->%s %s %s",
! 1850: b->name, add?"Add":"Remove", u_rangetoa(self, buf, sizeof(buf)),
! 1851: ((peer != NULL)?u_addrtoa(peer, buf1, sizeof(buf1)):""),
! 1852: add?"to":"from", b->iface.ifname));
! 1853:
! 1854: u_rangetosockaddrs(self, &ssself, &ssmsk);
! 1855: if (peer)
! 1856: u_addrtosockaddr(peer, 0, &sspeer);
! 1857:
! 1858: if ((s = socket(self->addr.family, SOCK_DGRAM, 0)) < 0) {
! 1859: Perror("[%s] IFACE: Can't get socket to change interface address", b->name);
! 1860: return (s);
! 1861: }
! 1862:
! 1863: switch (self->addr.family) {
! 1864: case AF_INET:
! 1865: memset(&ifra, '\0', sizeof(ifra));
! 1866: strlcpy(ifra.ifra_name, b->iface.ifname, sizeof(ifra.ifra_name));
! 1867:
! 1868: me4 = (struct sockaddr_in *)&ifra.ifra_addr;
! 1869: memcpy(me4, &ssself, sizeof(*me4));
! 1870:
! 1871: msk4 = (struct sockaddr_in *)&ifra.ifra_mask;
! 1872: memcpy(msk4, &ssmsk, sizeof(*msk4));
! 1873:
! 1874: peer4 = (struct sockaddr_in *)&ifra.ifra_broadaddr;
! 1875: if (peer == NULL || peer->family == AF_UNSPEC) {
! 1876: peer4->sin_family = AF_INET;
! 1877: peer4->sin_len = sizeof(*peer4);
! 1878: peer4->sin_addr.s_addr = INADDR_NONE;
! 1879: } else
! 1880: memcpy(peer4, &sspeer, sizeof(*peer4));
! 1881:
! 1882: res = ioctl(s, add?SIOCAIFADDR:SIOCDIFADDR, &ifra);
! 1883: if (res == -1) {
! 1884: Perror("[%s] IFACE: %s IPv4 address %s %s failed",
! 1885: b->name, add?"Adding":"Removing", add?"to":"from", b->iface.ifname);
! 1886: }
! 1887: break;
! 1888:
! 1889: case AF_INET6:
! 1890: memset(&ifra6, '\0', sizeof(ifra6));
! 1891: strlcpy(ifra6.ifra_name, b->iface.ifname, sizeof(ifra6.ifra_name));
! 1892:
! 1893: memcpy(&ifra6.ifra_addr, &ssself, sizeof(ifra6.ifra_addr));
! 1894: memcpy(&ifra6.ifra_prefixmask, &ssmsk, sizeof(ifra6.ifra_prefixmask));
! 1895: if (peer == NULL || peer->family == AF_UNSPEC)
! 1896: ifra6.ifra_dstaddr.sin6_family = AF_UNSPEC;
! 1897: else if (memcmp(&((struct sockaddr_in6 *)&ssmsk)->sin6_addr, &in6mask128,
! 1898: sizeof(in6mask128)) == 0)
! 1899: memcpy(&ifra6.ifra_dstaddr, &sspeer, sizeof(ifra6.ifra_dstaddr));
! 1900: ifra6.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME;
! 1901: ifra6.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME;
! 1902:
! 1903: res = ioctl(s, add?SIOCAIFADDR_IN6:SIOCDIFADDR_IN6, &ifra6);
! 1904: if (res == -1) {
! 1905: Perror("[%s] IFACE: %s IPv6 address %s %s failed",
! 1906: b->name, add?"Adding":"Removing", add?"to":"from", b->iface.ifname);
! 1907: }
! 1908: break;
! 1909:
! 1910: default:
! 1911: res = -1;
! 1912: break;
! 1913: }
! 1914: close(s);
! 1915: return (res);
! 1916: }
! 1917:
! 1918: struct rtmsg {
! 1919: struct rt_msghdr m_rtm;
! 1920: char m_space[256];
! 1921: };
! 1922:
! 1923: static size_t
! 1924: memcpy_roundup(char *cp, const void *data, size_t len)
! 1925: {
! 1926: size_t padlen;
! 1927:
! 1928: #define ROUNDUP(x) ((x) ? (1 + (((x) - 1) | (sizeof(long) - 1))) : sizeof(long))
! 1929: padlen = ROUNDUP(len);
! 1930: memcpy(cp, data, len);
! 1931: if (padlen > len)
! 1932: memset(cp + len, '\0', padlen - len);
! 1933:
! 1934: return padlen;
! 1935: }
! 1936:
! 1937: int
! 1938: IfaceSetRoute(Bund b, int cmd, struct u_range *dst,
! 1939: struct u_addr *gw)
! 1940: {
! 1941: struct rtmsg rtmes;
! 1942: int s, nb, wb;
! 1943: char *cp;
! 1944: const char *cmdstr = (cmd == RTM_ADD ? "Add" : "Delete");
! 1945: struct sockaddr_storage sadst, samask, sagw;
! 1946: char buf[48], buf1[48];
! 1947:
! 1948: s = socket(PF_ROUTE, SOCK_RAW, 0);
! 1949: if (s < 0) {
! 1950: Perror("[%s] IFACE: Can't get route socket", b->name);
! 1951: return (-1);
! 1952: }
! 1953: memset(&rtmes, '\0', sizeof(rtmes));
! 1954: rtmes.m_rtm.rtm_version = RTM_VERSION;
! 1955: rtmes.m_rtm.rtm_type = cmd;
! 1956: rtmes.m_rtm.rtm_addrs = RTA_DST;
! 1957: rtmes.m_rtm.rtm_seq = ++gRouteSeq;
! 1958: rtmes.m_rtm.rtm_pid = gPid;
! 1959: rtmes.m_rtm.rtm_flags = RTF_UP | RTF_GATEWAY | RTF_STATIC;
! 1960:
! 1961: u_rangetosockaddrs(dst, &sadst, &samask);
! 1962: #if defined(__KAME__) && !defined(NOINET6)
! 1963: add_scope((struct sockaddr *)&sadst, b->iface.ifindex);
! 1964: #endif
! 1965:
! 1966: cp = rtmes.m_space;
! 1967: cp += memcpy_roundup(cp, &sadst, sadst.ss_len);
! 1968: if (gw != NULL) {
! 1969: u_addrtosockaddr(gw, 0, &sagw);
! 1970: #if defined(__KAME__) && !defined(NOINET6)
! 1971: add_scope((struct sockaddr *)&sagw, b->iface.ifindex);
! 1972: #endif
! 1973: cp += memcpy_roundup(cp, &sagw, sagw.ss_len);
! 1974: rtmes.m_rtm.rtm_addrs |= RTA_GATEWAY;
! 1975: } else if (cmd == RTM_ADD) {
! 1976: Log(LG_ERR, ("[%s] IfaceSetRoute: gw is not set\n", b->name));
! 1977: close(s);
! 1978: return (-1);
! 1979: }
! 1980:
! 1981: if (u_rangehost(dst)) {
! 1982: rtmes.m_rtm.rtm_flags |= RTF_HOST;
! 1983: } else {
! 1984: cp += memcpy_roundup(cp, &samask, samask.ss_len);
! 1985: rtmes.m_rtm.rtm_addrs |= RTA_NETMASK;
! 1986: }
! 1987:
! 1988: nb = cp - (char *)&rtmes;
! 1989: rtmes.m_rtm.rtm_msglen = nb;
! 1990: wb = write(s, &rtmes, nb);
! 1991: if (wb < 0) {
! 1992: Log(LG_ERR, ("[%s] IFACE: %s route %s %s failed: %s",
! 1993: b->name, cmdstr, u_rangetoa(dst, buf, sizeof(buf)),
! 1994: ((gw != NULL)?u_addrtoa(gw, buf1, sizeof(buf1)):""),
! 1995: (rtmes.m_rtm.rtm_errno != 0)?strerror(rtmes.m_rtm.rtm_errno):strerror(errno)));
! 1996: close(s);
! 1997: return (-1);
! 1998: }
! 1999: close(s);
! 2000: Log(LG_IFACE2, ("[%s] IFACE: %s route %s %s",
! 2001: b->name, cmdstr, u_rangetoa(dst, buf, sizeof(buf)),
! 2002: ((gw != NULL)?u_addrtoa(gw, buf1, sizeof(buf1)):"")));
! 2003: return (0);
! 2004: }
! 2005:
! 2006: #ifndef USE_NG_TCPMSS
! 2007: void
! 2008: IfaceCorrectMSS(Mbuf pkt, uint16_t maxmss)
! 2009: {
! 2010: struct ip *iphdr;
! 2011: struct tcphdr *tc;
! 2012: int pktlen, hlen, olen, optlen, accumulate;
! 2013: uint16_t *mss;
! 2014: u_char *opt;
! 2015:
! 2016: if (pkt == NULL)
! 2017: return;
! 2018:
! 2019: iphdr = (struct ip *)MBDATAU(pkt);
! 2020: hlen = iphdr->ip_hl << 2;
! 2021: pktlen = MBLEN(pkt) - hlen;
! 2022: tc = (struct tcphdr *)(MBDATAU(pkt) + hlen);
! 2023: hlen = tc->th_off << 2;
! 2024:
! 2025: /* Invalid header length or header without options. */
! 2026: if (hlen <= sizeof(struct tcphdr) || hlen > pktlen)
! 2027: return;
! 2028:
! 2029: /* MSS option only allowed within SYN packets. */
! 2030: if (!(tc->th_flags & TH_SYN))
! 2031: return;
! 2032:
! 2033: for (olen = hlen - sizeof(struct tcphdr), opt = (u_char *)(tc + 1);
! 2034: olen > 0; olen -= optlen, opt += optlen) {
! 2035: if (*opt == TCPOPT_EOL)
! 2036: break;
! 2037: else if (*opt == TCPOPT_NOP)
! 2038: optlen = 1;
! 2039: else {
! 2040: optlen = *(opt + 1);
! 2041: if (optlen <= 0 || optlen > olen)
! 2042: break;
! 2043: if (*opt == TCPOPT_MAXSEG) {
! 2044: if (optlen != TCPOLEN_MAXSEG)
! 2045: continue;
! 2046: mss = (u_int16_t *)(opt + 2);
! 2047: if (ntohs(*mss) > maxmss) {
! 2048: accumulate = *mss;
! 2049: *mss = htons(maxmss);
! 2050: accumulate -= *mss;
! 2051: ADJUST_CHECKSUM(accumulate, tc->th_sum);
! 2052: }
! 2053: }
! 2054: }
! 2055: }
! 2056: }
! 2057: #endif
! 2058:
! 2059: static int
! 2060: IfaceNgIpInit(Bund b, int ready)
! 2061: {
! 2062: struct ngm_connect cn;
! 2063: char path[NG_PATHSIZ];
! 2064: char hook[NG_HOOKSIZ];
! 2065:
! 2066: if (!ready) {
! 2067: /* Dial-on-Demand mode */
! 2068: /* Use demand hook of the socket node */
! 2069: snprintf(path, sizeof(path), ".:");
! 2070: snprintf(hook, sizeof(hook), "4%d", b->id);
! 2071:
! 2072: } else {
! 2073:
! 2074: snprintf(path, sizeof(path), "[%x]:", b->nodeID);
! 2075: strcpy(hook, NG_PPP_HOOK_INET);
! 2076:
! 2077: #ifdef USE_NG_NAT
! 2078: /* Add a nat node if configured */
! 2079: if (Enabled(&b->iface.options, IFACE_CONF_NAT)) {
! 2080: if (IfaceInitNAT(b, path, hook))
! 2081: goto fail;
! 2082: b->iface.nat_up = 1;
! 2083: }
! 2084: #endif
! 2085:
! 2086: /* Add a tee node if configured */
! 2087: if (Enabled(&b->iface.options, IFACE_CONF_TEE)) {
! 2088: if (IfaceInitTee(b, path, hook, 0))
! 2089: goto fail;
! 2090: b->iface.tee_up = 1;
! 2091: }
! 2092:
! 2093: #ifdef USE_NG_IPACCT
! 2094: /* Connect a ipacct node if configured */
! 2095: if (Enabled(&b->iface.options, IFACE_CONF_IPACCT)) {
! 2096: if (IfaceInitIpacct(b, path, hook))
! 2097: goto fail;
! 2098: b->iface.ipacct_up = 1;
! 2099: }
! 2100: #endif /* USE_NG_IPACCT */
! 2101:
! 2102: #ifdef USE_NG_NETFLOW
! 2103: #ifdef NG_NETFLOW_CONF_INGRESS
! 2104: /* Connect a netflow node if configured */
! 2105: if (Enabled(&b->iface.options, IFACE_CONF_NETFLOW_IN) ||
! 2106: Enabled(&b->iface.options, IFACE_CONF_NETFLOW_OUT)) {
! 2107: if (IfaceInitNetflow(b, path, hook,
! 2108: Enabled(&b->iface.options, IFACE_CONF_NETFLOW_IN)?1:0,
! 2109: Enabled(&b->iface.options, IFACE_CONF_NETFLOW_OUT)?1:0))
! 2110: goto fail;
! 2111: if (Enabled(&b->iface.options, IFACE_CONF_NETFLOW_IN))
! 2112: b->iface.nfin_up = 1;
! 2113: if (Enabled(&b->iface.options, IFACE_CONF_NETFLOW_OUT))
! 2114: b->iface.nfout_up = 1;
! 2115: }
! 2116: #else /* NG_NETFLOW_CONF_INGRESS */
! 2117: /* Connect a netflow node if configured */
! 2118: if (Enabled(&b->iface.options, IFACE_CONF_NETFLOW_IN)) {
! 2119: if (IfaceInitNetflow(b, path, hook, 1, 0))
! 2120: goto fail;
! 2121: b->iface.nfin_up = 1;
! 2122: }
! 2123:
! 2124: if (Enabled(&b->iface.options, IFACE_CONF_NETFLOW_OUT)) {
! 2125: if (IfaceInitNetflow(b, path, hook, 0, 1))
! 2126: goto fail;
! 2127: b->iface.nfout_up = 1;
! 2128: }
! 2129: #endif /* NG_NETFLOW_CONF_INGRESS */
! 2130: #endif /* USE_NG_NETFLOW */
! 2131:
! 2132: }
! 2133:
! 2134: #if defined(USE_NG_TCPMSS) || (!defined(USE_NG_TCPMSS) && defined(USE_NG_BPF))
! 2135: if (Enabled(&b->iface.options, IFACE_CONF_TCPMSSFIX)) {
! 2136: if (IfaceInitMSS(b, path, hook))
! 2137: goto fail;
! 2138: b->iface.mss_up = 1;
! 2139: }
! 2140: #endif
! 2141:
! 2142: #ifdef USE_NG_BPF
! 2143: if (IfaceInitLimits(b, path, hook))
! 2144: goto fail;
! 2145: #endif
! 2146:
! 2147: /* Connect graph to the iface node. */
! 2148: memset(&cn, 0, sizeof(cn));
! 2149: strcpy(cn.ourhook, hook);
! 2150: snprintf(cn.path, sizeof(cn.path), "%s:", b->iface.ngname);
! 2151: strcpy(cn.peerhook, NG_IFACE_HOOK_INET);
! 2152: if (NgSendMsg(gLinksCsock, path,
! 2153: NGM_GENERIC_COOKIE, NGM_CONNECT, &cn, sizeof(cn)) < 0) {
! 2154: Perror("[%s] can't connect \"%s\"->\"%s\" and \"%s\"->\"%s\"",
! 2155: b->name, path, cn.ourhook, cn.path, cn.peerhook);
! 2156: goto fail;
! 2157: }
! 2158:
! 2159: if (ready) {
! 2160: #ifdef USE_NG_NETFLOW
! 2161: #ifdef NG_NETFLOW_CONF_INGRESS
! 2162: if (b->iface.nfin_up || b->iface.nfout_up)
! 2163: IfaceSetupNetflow(b, b->iface.nfin_up, b->iface.nfout_up);
! 2164: #else /* NG_NETFLOW_CONF_INGRESS */
! 2165: if (b->iface.nfin_up)
! 2166: IfaceSetupNetflow(b, 1, 0);
! 2167:
! 2168: if (b->iface.nfout_up)
! 2169: IfaceSetupNetflow(b, 0, 1);
! 2170: #endif /* NG_NETFLOW_CONF_INGRESS */
! 2171: #endif /* USE_NG_NETFLOW */
! 2172: }
! 2173:
! 2174: #if defined(USE_NG_TCPMSS) || (!defined(USE_NG_TCPMSS) && defined(USE_NG_BPF))
! 2175: if (b->iface.mss_up)
! 2176: IfaceSetupMSS(b, MAXMSS(b->iface.mtu));
! 2177: #endif
! 2178:
! 2179: #ifdef USE_NG_BPF
! 2180: IfaceSetupLimits(b);
! 2181: #endif
! 2182:
! 2183: /* OK */
! 2184: return(0);
! 2185:
! 2186: fail:
! 2187: return(-1);
! 2188: }
! 2189:
! 2190: /*
! 2191: * IfaceNgIpShutdown()
! 2192: */
! 2193:
! 2194: static void
! 2195: IfaceNgIpShutdown(Bund b)
! 2196: {
! 2197: char path[NG_PATHSIZ];
! 2198:
! 2199: #ifdef USE_NG_BPF
! 2200: IfaceShutdownLimits(b); /* Limits must shutdown first to save final stats. */
! 2201: #endif
! 2202: #ifdef USE_NG_NAT
! 2203: if (b->iface.nat_up)
! 2204: IfaceShutdownNAT(b);
! 2205: b->iface.nat_up = 0;
! 2206: #endif
! 2207: if (b->iface.tee_up)
! 2208: IfaceShutdownTee(b, 0);
! 2209: b->iface.tee_up = 0;
! 2210: #ifdef USE_NG_NETFLOW
! 2211: #ifdef NG_NETFLOW_CONF_INGRESS
! 2212: if (b->iface.nfin_up || b->iface.nfout_up)
! 2213: IfaceShutdownNetflow(b, b->iface.nfin_up, b->iface.nfout_up);
! 2214: b->iface.nfin_up = 0;
! 2215: b->iface.nfout_up = 0;
! 2216: #else /* NG_NETFLOW_CONF_INGRESS */
! 2217: if (b->iface.nfin_up)
! 2218: IfaceShutdownNetflow(b, 1, 0);
! 2219: b->iface.nfin_up = 0;
! 2220: if (b->iface.nfout_up)
! 2221: IfaceShutdownNetflow(b, 0, 1);
! 2222: b->iface.nfout_up = 0;
! 2223: #endif /* NG_NETFLOW_CONF_INGRESS */
! 2224: #endif
! 2225: #ifdef USE_NG_IPACCT
! 2226: if (b->iface.ipacct_up)
! 2227: IfaceShutdownIpacct(b);
! 2228: b->iface.ipacct_up = 0;
! 2229: #endif
! 2230: #if defined(USE_NG_TCPMSS) || (!defined(USE_NG_TCPMSS) && defined(USE_NG_BPF))
! 2231: if (b->iface.mss_up)
! 2232: IfaceShutdownMSS(b);
! 2233: #endif
! 2234: b->iface.mss_up = 0;
! 2235:
! 2236: snprintf(path, sizeof(path), "[%x]:", b->nodeID);
! 2237: NgFuncDisconnect(gLinksCsock, b->name, path, NG_PPP_HOOK_INET);
! 2238:
! 2239: snprintf(path, sizeof(path), "%s:", b->iface.ngname);
! 2240: NgFuncDisconnect(gLinksCsock, b->name, path, NG_IFACE_HOOK_INET);
! 2241: }
! 2242:
! 2243: static int
! 2244: IfaceNgIpv6Init(Bund b, int ready)
! 2245: {
! 2246: struct ngm_connect cn;
! 2247: char path[NG_PATHSIZ];
! 2248: char hook[NG_HOOKSIZ];
! 2249:
! 2250: if (!ready) {
! 2251: /* Dial-on-Demand mode */
! 2252: /* Use demand hook of the socket node */
! 2253: snprintf(path, sizeof(path), ".:");
! 2254: snprintf(hook, sizeof(hook), "6%d", b->id);
! 2255: } else {
! 2256: snprintf(path, sizeof(path), "[%x]:", b->nodeID);
! 2257: strcpy(hook, NG_PPP_HOOK_IPV6);
! 2258:
! 2259: /* Add a tee node if configured */
! 2260: if (Enabled(&b->iface.options, IFACE_CONF_TEE)) {
! 2261: if (IfaceInitTee(b, path, hook, 1))
! 2262: goto fail;
! 2263: b->iface.tee6_up = 1;
! 2264: }
! 2265:
! 2266: }
! 2267:
! 2268: /* Connect graph to the iface node. */
! 2269: strcpy(cn.ourhook, hook);
! 2270: snprintf(cn.path, sizeof(cn.path), "%s:", b->iface.ngname);
! 2271: strcpy(cn.peerhook, NG_IFACE_HOOK_INET6);
! 2272: if (NgSendMsg(gLinksCsock, path,
! 2273: NGM_GENERIC_COOKIE, NGM_CONNECT, &cn, sizeof(cn)) < 0) {
! 2274: Perror("[%s] can't connect \"%s\"->\"%s\" and \"%s\"->\"%s\"",
! 2275: b->name, path, cn.ourhook, cn.path, cn.peerhook);
! 2276: goto fail;
! 2277: }
! 2278:
! 2279: /* OK */
! 2280: return(0);
! 2281:
! 2282: fail:
! 2283: return(-1);
! 2284: }
! 2285:
! 2286: /*
! 2287: * IfaceNgIpv6Shutdown()
! 2288: */
! 2289:
! 2290: static void
! 2291: IfaceNgIpv6Shutdown(Bund b)
! 2292: {
! 2293: char path[NG_PATHSIZ];
! 2294:
! 2295: if (b->iface.tee6_up)
! 2296: IfaceShutdownTee(b, 1);
! 2297: b->iface.tee6_up = 0;
! 2298:
! 2299: snprintf(path, sizeof(path), "[%x]:", b->nodeID);
! 2300: NgFuncDisconnect(gLinksCsock, b->name, path, NG_PPP_HOOK_IPV6);
! 2301:
! 2302: snprintf(path, sizeof(path), "%s:", b->iface.ngname);
! 2303: NgFuncDisconnect(gLinksCsock, b->name, path, NG_IFACE_HOOK_INET6);
! 2304: }
! 2305:
! 2306: #ifdef USE_NG_NAT
! 2307: static int
! 2308: IfaceInitNAT(Bund b, char *path, char *hook)
! 2309: {
! 2310: NatState const nat = &b->iface.nat;
! 2311: struct ngm_mkpeer mp;
! 2312: struct ngm_name nm;
! 2313: struct in_addr ip;
! 2314: #ifdef NG_NAT_LOG
! 2315: struct ng_nat_mode mode;
! 2316: #endif
! 2317: Log(LG_IFACE2, ("[%s] IFACE: Connecting NAT", b->name));
! 2318:
! 2319: strcpy(mp.type, NG_NAT_NODE_TYPE);
! 2320: strcpy(mp.ourhook, hook);
! 2321: strcpy(mp.peerhook, NG_NAT_HOOK_IN);
! 2322: if (NgSendMsg(gLinksCsock, path,
! 2323: NGM_GENERIC_COOKIE, NGM_MKPEER, &mp, sizeof(mp)) < 0) {
! 2324: Perror("[%s] can't create %s node at \"%s\"->\"%s\"",
! 2325: b->name, NG_NAT_NODE_TYPE, path, mp.ourhook);
! 2326: return(-1);
! 2327: }
! 2328: strlcat(path, ".", NG_PATHSIZ);
! 2329: strlcat(path, hook, NG_PATHSIZ);
! 2330: snprintf(nm.name, sizeof(nm.name), "mpd%d-%s-nat", gPid, b->name);
! 2331: if (NgSendMsg(gLinksCsock, path,
! 2332: NGM_GENERIC_COOKIE, NGM_NAME, &nm, sizeof(nm)) < 0) {
! 2333: Perror("[%s] can't name %s node", b->name, NG_NAT_NODE_TYPE);
! 2334: return(-1);
! 2335: }
! 2336: strcpy(hook, NG_NAT_HOOK_OUT);
! 2337:
! 2338: /* Set NAT IP */
! 2339: if (u_addrempty(&nat->alias_addr)) {
! 2340: ip.s_addr = 1; // Set something just to make it ready
! 2341: } else {
! 2342: ip = nat->alias_addr.u.ip4;
! 2343: }
! 2344: if (NgSendMsg(gLinksCsock, path,
! 2345: NGM_NAT_COOKIE, NGM_NAT_SET_IPADDR, &ip, sizeof(ip)) < 0)
! 2346: Perror("[%s] can't set NAT ip", b->name);
! 2347:
! 2348: #ifdef NG_NAT_LOG
! 2349: /* Set NAT mode */
! 2350: mode.flags = 0;
! 2351: if (Enabled(&nat->options, NAT_CONF_LOG))
! 2352: mode.flags |= NG_NAT_LOG;
! 2353: if (!Enabled(&nat->options, NAT_CONF_INCOMING))
! 2354: mode.flags |= NG_NAT_DENY_INCOMING;
! 2355: if (Enabled(&nat->options, NAT_CONF_SAME_PORTS))
! 2356: mode.flags |= NG_NAT_SAME_PORTS;
! 2357: if (Enabled(&nat->options, NAT_CONF_UNREG_ONLY))
! 2358: mode.flags |= NG_NAT_UNREGISTERED_ONLY;
! 2359:
! 2360: mode.mask = NG_NAT_LOG | NG_NAT_DENY_INCOMING |
! 2361: NG_NAT_SAME_PORTS | NG_NAT_UNREGISTERED_ONLY;
! 2362: if (NgSendMsg(gLinksCsock, path,
! 2363: NGM_NAT_COOKIE, NGM_NAT_SET_MODE, &mode, sizeof(mode)) < 0)
! 2364: Perror("[%s] can't set NAT mode", b->name);
! 2365:
! 2366: /* Set NAT target IP */
! 2367: if (!u_addrempty(&nat->target_addr)) {
! 2368: ip = nat->target_addr.u.ip4;
! 2369: if (NgSendMsg(gLinksCsock, path,
! 2370: NGM_NAT_COOKIE, NGM_NAT_SET_IPADDR, &ip, sizeof(ip)) < 0) {
! 2371: Perror("[%s] can't set NAT target IP", b->name);
! 2372: }
! 2373: }
! 2374: #endif
! 2375:
! 2376: return(0);
! 2377: }
! 2378:
! 2379: static int
! 2380: IfaceSetupNAT(Bund b)
! 2381: {
! 2382: NatState const nat = &b->iface.nat;
! 2383: char path[NG_PATHSIZ];
! 2384: int k;
! 2385:
! 2386: if (u_addrempty(&nat->alias_addr)) {
! 2387: snprintf(path, sizeof(path), "mpd%d-%s-nat:", gPid, b->name);
! 2388: if (NgSendMsg(gLinksCsock, path,
! 2389: NGM_NAT_COOKIE, NGM_NAT_SET_IPADDR,
! 2390: &b->iface.self_addr.addr.u.ip4,
! 2391: sizeof(b->iface.self_addr.addr.u.ip4)) < 0) {
! 2392: Perror("[%s] can't set NAT ip", b->name);
! 2393: return (-1);
! 2394: }
! 2395: }
! 2396: #ifdef NG_NAT_DESC_LENGTH
! 2397: /* redirect-port */
! 2398: for(k = 0; k < NM_PORT; k++) {
! 2399: if(nat->nrpt_id[k]) {
! 2400: if (NgSendMsg(gLinksCsock, path,
! 2401: NGM_NAT_COOKIE, NGM_NAT_REDIRECT_PORT, &nat->nrpt[k],
! 2402: sizeof(struct ng_nat_redirect_port)) < 0) {
! 2403: Perror("[%s] can't set NAT redirect-port", b->name);
! 2404: }
! 2405: }
! 2406: }
! 2407: /* redirect-addr */
! 2408: for(k = 0; k < NM_ADDR; k++) {
! 2409: if(nat->nrad_id[k]) {
! 2410: if (NgSendMsg(gLinksCsock, path,
! 2411: NGM_NAT_COOKIE, NGM_NAT_REDIRECT_ADDR, &nat->nrad[k],
! 2412: sizeof(struct ng_nat_redirect_addr)) < 0) {
! 2413: Perror("[%s] can't set NAT redirect-addr", b->name);
! 2414: }
! 2415: }
! 2416: }
! 2417: /* redirect-proto */
! 2418: for(k = 0; k < NM_PROTO; k++) {
! 2419: if(nat->nrpr_id[k]) {
! 2420: if (NgSendMsg(gLinksCsock, path,
! 2421: NGM_NAT_COOKIE, NGM_NAT_REDIRECT_PROTO, &nat->nrpr[k],
! 2422: sizeof(struct ng_nat_redirect_proto)) < 0) {
! 2423: Perror("[%s] can't set NAT redirect-proto", b->name);
! 2424: }
! 2425: }
! 2426: }
! 2427: #endif
! 2428: return (0);
! 2429: }
! 2430:
! 2431: static void
! 2432: IfaceShutdownNAT(Bund b)
! 2433: {
! 2434: char path[NG_PATHSIZ];
! 2435:
! 2436: snprintf(path, sizeof(path), "mpd%d-%s-nat:", gPid, b->name);
! 2437: NgFuncShutdownNode(gLinksCsock, b->name, path);
! 2438: }
! 2439: #endif /* USE_NG_NAT */
! 2440:
! 2441: static int
! 2442: IfaceInitTee(Bund b, char *path, char *hook, int v6)
! 2443: {
! 2444: struct ngm_mkpeer mp;
! 2445: struct ngm_name nm;
! 2446:
! 2447: Log(LG_IFACE2, ("[%s] IFACE: Connecting tee%s", b->name, v6?"6":""));
! 2448:
! 2449: strcpy(mp.type, NG_TEE_NODE_TYPE);
! 2450: strcpy(mp.ourhook, hook);
! 2451: strcpy(mp.peerhook, NG_TEE_HOOK_RIGHT);
! 2452: if (NgSendMsg(gLinksCsock, path,
! 2453: NGM_GENERIC_COOKIE, NGM_MKPEER, &mp, sizeof(mp)) < 0) {
! 2454: Perror("[%s] can't create %s node at \"%s\"->\"%s\"",
! 2455: b->name, NG_TEE_NODE_TYPE, path, mp.ourhook);
! 2456: return(-1);
! 2457: }
! 2458: strlcat(path, ".", NG_PATHSIZ);
! 2459: strlcat(path, hook, NG_PATHSIZ);
! 2460: snprintf(nm.name, sizeof(nm.name), "%s-tee%s", b->iface.ifname, v6?"6":"");
! 2461: if (NgSendMsg(gLinksCsock, path,
! 2462: NGM_GENERIC_COOKIE, NGM_NAME, &nm, sizeof(nm)) < 0) {
! 2463: Perror("[%s] can't name %s node", b->name, NG_TEE_NODE_TYPE);
! 2464: return(-1);
! 2465: }
! 2466: strcpy(hook, NG_TEE_HOOK_LEFT);
! 2467:
! 2468: return(0);
! 2469: }
! 2470:
! 2471: static void
! 2472: IfaceShutdownTee(Bund b, int v6)
! 2473: {
! 2474: char path[NG_PATHSIZ];
! 2475:
! 2476: snprintf(path, sizeof(path), "%s-tee%s:", b->iface.ifname, v6?"6":"");
! 2477: NgFuncShutdownNode(gLinksCsock, b->name, path);
! 2478: }
! 2479:
! 2480: #ifdef USE_NG_IPACCT
! 2481: static int
! 2482: IfaceInitIpacct(Bund b, char *path, char *hook)
! 2483: {
! 2484: struct ngm_mkpeer mp;
! 2485: struct ngm_name nm;
! 2486: struct ngm_connect cn;
! 2487: char path1[NG_PATHSIZ];
! 2488: struct {
! 2489: struct ng_ipacct_mesg m;
! 2490: int data;
! 2491: } ipam;
! 2492:
! 2493: Log(LG_IFACE2, ("[%s] IFACE: Connecting ipacct", b->name));
! 2494:
! 2495: strcpy(mp.type, NG_TEE_NODE_TYPE);
! 2496: strcpy(mp.ourhook, hook);
! 2497: strcpy(mp.peerhook, NG_TEE_HOOK_RIGHT);
! 2498: if (NgSendMsg(gLinksCsock, path,
! 2499: NGM_GENERIC_COOKIE, NGM_MKPEER, &mp, sizeof(mp)) < 0) {
! 2500: Perror("[%s] can't create %s node at \"%s\"->\"%s\"",
! 2501: b->name, NG_TEE_NODE_TYPE, path, mp.ourhook);
! 2502: return(-1);
! 2503: }
! 2504: strlcat(path, ".", NG_PATHSIZ);
! 2505: strlcat(path, hook, NG_PATHSIZ);
! 2506: snprintf(nm.name, sizeof(nm.name), "%s_acct_tee", b->iface.ifname);
! 2507: if (NgSendMsg(gLinksCsock, path,
! 2508: NGM_GENERIC_COOKIE, NGM_NAME, &nm, sizeof(nm)) < 0) {
! 2509: Perror("[%s] can't name %s node", b->name, NG_TEE_NODE_TYPE);
! 2510: return(-1);
! 2511: }
! 2512: strcpy(hook, NG_TEE_HOOK_LEFT);
! 2513:
! 2514: strcpy(mp.type, NG_IPACCT_NODE_TYPE);
! 2515: strcpy(mp.ourhook, NG_TEE_HOOK_RIGHT2LEFT);
! 2516: snprintf(mp.peerhook, sizeof(mp.peerhook), "%s_in", b->iface.ifname);
! 2517: if (NgSendMsg(gLinksCsock, path,
! 2518: NGM_GENERIC_COOKIE, NGM_MKPEER, &mp, sizeof(mp)) < 0) {
! 2519: Perror("[%s] can't create %s node at \"%s\"->\"%s\"",
! 2520: b->name, NG_IPACCT_NODE_TYPE, path, mp.ourhook);
! 2521: return(-1);
! 2522: }
! 2523: snprintf(path1, sizeof(path1), "%s.%s", path, NG_TEE_HOOK_RIGHT2LEFT);
! 2524: snprintf(nm.name, sizeof(nm.name), "%s_ip_acct", b->iface.ifname);
! 2525: if (NgSendMsg(gLinksCsock, path1,
! 2526: NGM_GENERIC_COOKIE, NGM_NAME, &nm, sizeof(nm)) < 0) {
! 2527: Perror("[%s] can't name %s node", b->name, NG_IPACCT_NODE_TYPE);
! 2528: return(-1);
! 2529: }
! 2530: strcpy(cn.ourhook, NG_TEE_HOOK_LEFT2RIGHT);
! 2531: strcpy(cn.path, NG_TEE_HOOK_RIGHT2LEFT);
! 2532: snprintf(cn.peerhook, sizeof(cn.peerhook), "%s_out", b->iface.ifname);
! 2533: if (NgSendMsg(gLinksCsock, path, NGM_GENERIC_COOKIE, NGM_CONNECT, &cn,
! 2534: sizeof(cn)) < 0) {
! 2535: Perror("[%s] can't connect \"%s\"->\"%s\" and \"%s\"->\"%s\"",
! 2536: b->name, path, cn.ourhook, cn.path, cn.peerhook);
! 2537: return (-1);
! 2538: }
! 2539:
! 2540: snprintf(ipam.m.hname, sizeof(ipam.m.hname), "%s_in", b->iface.ifname);
! 2541: ipam.data = DLT_RAW;
! 2542: if (NgSendMsg(gLinksCsock, path1, NGM_IPACCT_COOKIE, NGM_IPACCT_SETDLT,
! 2543: &ipam, sizeof(ipam)) < 0) {
! 2544: Perror("[%s] can't set DLT \"%s\"->\"%s\"", b->name, path, ipam.m.hname);
! 2545: return (-1);
! 2546: }
! 2547: ipam.data = 10000;
! 2548: if (NgSendMsg(gLinksCsock, path1, NGM_IPACCT_COOKIE, NGM_IPACCT_STHRS,
! 2549: &ipam, sizeof(ipam)) < 0) {
! 2550: Perror("[%s] can't set DLT \"%s\"->\"%s\"", b->name, path, ipam.m.hname);
! 2551: return (-1);
! 2552: }
! 2553:
! 2554: snprintf(ipam.m.hname, sizeof(ipam.m.hname), "%s_out", b->iface.ifname);
! 2555: ipam.data = DLT_RAW;
! 2556: if (NgSendMsg(gLinksCsock, path1, NGM_IPACCT_COOKIE, NGM_IPACCT_SETDLT,
! 2557: &ipam, sizeof(ipam)) < 0) {
! 2558: Perror("[%s] can't set DLT \"%s\"->\"%s\"", b->name, path, ipam.m.hname);
! 2559: return (-1);
! 2560: }
! 2561: ipam.data = 10000;
! 2562: if (NgSendMsg(gLinksCsock, path1, NGM_IPACCT_COOKIE, NGM_IPACCT_STHRS,
! 2563: &ipam, sizeof(ipam)) < 0) {
! 2564: Perror("[%s] can't set DLT \"%s\"->\"%s\"", b->name, path, ipam.m.hname);
! 2565: return (-1);
! 2566: }
! 2567:
! 2568: return(0);
! 2569: }
! 2570:
! 2571: static void
! 2572: IfaceShutdownIpacct(Bund b)
! 2573: {
! 2574: char path[NG_PATHSIZ];
! 2575:
! 2576: snprintf(path, sizeof(path), "%s_acct_tee:", b->iface.ifname);
! 2577: NgFuncShutdownNode(gLinksCsock, b->name, path);
! 2578: }
! 2579: #endif
! 2580:
! 2581: #ifdef USE_NG_NETFLOW
! 2582: static int
! 2583: IfaceInitNetflow(Bund b, char *path, char *hook, char in, char out)
! 2584: {
! 2585: struct ngm_connect cn;
! 2586: int nif;
! 2587:
! 2588: #ifdef NG_NETFLOW_CONF_INGRESS
! 2589: nif = gNetflowIface + b->id;
! 2590: #else
! 2591: nif = gNetflowIface + b->id*2 + out;
! 2592: #endif
! 2593:
! 2594: Log(LG_IFACE2, ("[%s] IFACE: Connecting netflow (%s)", b->name, out?"out":"in"));
! 2595:
! 2596: /* Create global ng_netflow(4) node if not yet. */
! 2597: if (gNetflowNodeID == 0) {
! 2598: if (NgFuncInitGlobalNetflow())
! 2599: return(-1);
! 2600: }
! 2601:
! 2602: /* Connect ng_netflow(4) node to the ng_bpf(4)/ng_tee(4) node. */
! 2603: strcpy(cn.ourhook, hook);
! 2604: snprintf(cn.path, sizeof(cn.path), "[%x]:", gNetflowNodeID);
! 2605: #ifndef NG_NETFLOW_CONF_INGRESS
! 2606: if (out) {
! 2607: snprintf(cn.peerhook, sizeof(cn.peerhook), "%s%d", NG_NETFLOW_HOOK_OUT,
! 2608: nif);
! 2609: } else {
! 2610: #endif
! 2611: snprintf(cn.peerhook, sizeof(cn.peerhook), "%s%d", NG_NETFLOW_HOOK_DATA,
! 2612: nif);
! 2613: #ifndef NG_NETFLOW_CONF_INGRESS
! 2614: }
! 2615: #endif
! 2616: if (NgSendMsg(gLinksCsock, path, NGM_GENERIC_COOKIE, NGM_CONNECT, &cn,
! 2617: sizeof(cn)) < 0) {
! 2618: Perror("[%s] can't connect \"%s\"->\"%s\" and \"%s\"->\"%s\"",
! 2619: b->name, path, cn.ourhook, cn.path, cn.peerhook);
! 2620: return (-1);
! 2621: }
! 2622: strlcat(path, ".", NG_PATHSIZ);
! 2623: strlcat(path, hook, NG_PATHSIZ);
! 2624: #ifndef NG_NETFLOW_CONF_INGRESS
! 2625: if (out) {
! 2626: snprintf(hook, NG_HOOKSIZ, "%s%d", NG_NETFLOW_HOOK_DATA, nif);
! 2627: } else {
! 2628: #endif
! 2629: snprintf(hook, NG_HOOKSIZ, "%s%d", NG_NETFLOW_HOOK_OUT, nif);
! 2630: #ifndef NG_NETFLOW_CONF_INGRESS
! 2631: }
! 2632: #endif
! 2633: return (0);
! 2634: }
! 2635:
! 2636: static int
! 2637: IfaceSetupNetflow(Bund b, char in, char out)
! 2638: {
! 2639: char path[NG_PATHSIZ];
! 2640: struct ng_netflow_setdlt nf_setdlt;
! 2641: struct ng_netflow_setifindex nf_setidx;
! 2642: #ifdef NG_NETFLOW_CONF_INGRESS
! 2643: struct ng_netflow_setconfig nf_setconf;
! 2644: #endif
! 2645: int nif;
! 2646:
! 2647: #ifdef NG_NETFLOW_CONF_INGRESS
! 2648: nif = gNetflowIface + b->id;
! 2649: #else
! 2650: nif = gNetflowIface + b->id*2 + out;
! 2651: #endif
! 2652:
! 2653: /* Configure data link type and interface index. */
! 2654: snprintf(path, sizeof(path), "[%x]:", gNetflowNodeID);
! 2655: nf_setdlt.iface = nif;
! 2656: nf_setdlt.dlt = DLT_RAW;
! 2657: if (NgSendMsg(gLinksCsock, path, NGM_NETFLOW_COOKIE, NGM_NETFLOW_SETDLT,
! 2658: &nf_setdlt, sizeof(nf_setdlt)) < 0) {
! 2659: Perror("[%s] can't configure data link type on %s", b->name, path);
! 2660: goto fail;
! 2661: }
! 2662: #ifdef NG_NETFLOW_CONF_INGRESS
! 2663: nf_setconf.iface = nif;
! 2664: nf_setconf.conf =
! 2665: (in?NG_NETFLOW_CONF_INGRESS:0) |
! 2666: (out?NG_NETFLOW_CONF_EGRESS:0) |
! 2667: (Enabled(&b->iface.options, IFACE_CONF_NETFLOW_ONCE)?NG_NETFLOW_CONF_ONCE:0);
! 2668: if (NgSendMsg(gLinksCsock, path, NGM_NETFLOW_COOKIE, NGM_NETFLOW_SETCONFIG,
! 2669: &nf_setconf, sizeof(nf_setconf)) < 0) {
! 2670: Perror("[%s] can't set config on %s", b->name, path);
! 2671: goto fail;
! 2672: }
! 2673: #endif
! 2674: #ifndef NG_NETFLOW_CONF_INGRESS
! 2675: if (!out) {
! 2676: #endif
! 2677: nf_setidx.iface = nif;
! 2678: nf_setidx.index = if_nametoindex(b->iface.ifname);
! 2679: if (NgSendMsg(gLinksCsock, path, NGM_NETFLOW_COOKIE, NGM_NETFLOW_SETIFINDEX,
! 2680: &nf_setidx, sizeof(nf_setidx)) < 0) {
! 2681: Perror("[%s] can't configure interface index on %s", b->name, path);
! 2682: goto fail;
! 2683: }
! 2684: #ifndef NG_NETFLOW_CONF_INGRESS
! 2685: }
! 2686: #endif
! 2687:
! 2688: return 0;
! 2689: fail:
! 2690: return -1;
! 2691: }
! 2692:
! 2693: static void
! 2694: IfaceShutdownNetflow(Bund b, char in, char out)
! 2695: {
! 2696: char path[NG_PATHSIZ];
! 2697: char hook[NG_HOOKSIZ];
! 2698: int nif;
! 2699:
! 2700: #ifdef NG_NETFLOW_CONF_INGRESS
! 2701: nif = gNetflowIface + b->id;
! 2702: #else
! 2703: nif = gNetflowIface + b->id*2 + out;
! 2704: #endif
! 2705:
! 2706: snprintf(path, NG_PATHSIZ, "[%x]:", gNetflowNodeID);
! 2707: snprintf(hook, NG_HOOKSIZ, "%s%d", NG_NETFLOW_HOOK_DATA, nif);
! 2708: NgFuncDisconnect(gLinksCsock, b->name, path, hook);
! 2709: snprintf(hook, NG_HOOKSIZ, "%s%d", NG_NETFLOW_HOOK_OUT, nif);
! 2710: NgFuncDisconnect(gLinksCsock, b->name, path, hook);
! 2711: }
! 2712: #endif
! 2713:
! 2714: #if defined(USE_NG_TCPMSS) || (!defined(USE_NG_TCPMSS) && defined(USE_NG_BPF))
! 2715: static int
! 2716: IfaceInitMSS(Bund b, char *path, char *hook)
! 2717: {
! 2718: struct ngm_mkpeer mp;
! 2719: struct ngm_name nm;
! 2720: #ifndef USE_NG_TCPMSS
! 2721: struct ngm_connect cn;
! 2722: #endif
! 2723:
! 2724: Log(LG_IFACE2, ("[%s] IFACE: Connecting tcpmssfix", b->name));
! 2725:
! 2726: #ifdef USE_NG_TCPMSS
! 2727: /* Create ng_tcpmss(4) node. */
! 2728: strcpy(mp.type, NG_TCPMSS_NODE_TYPE);
! 2729: strlcpy(mp.ourhook, hook, sizeof(mp.ourhook));
! 2730: strcpy(mp.peerhook, "in");
! 2731: if (NgSendMsg(gLinksCsock, path,
! 2732: NGM_GENERIC_COOKIE, NGM_MKPEER, &mp, sizeof(mp)) < 0) {
! 2733: Perror("can't create %s node at \"%s\"->\"%s\"",
! 2734: NG_TCPMSS_NODE_TYPE, path, mp.ourhook);
! 2735: goto fail;
! 2736: }
! 2737:
! 2738: strlcat(path, ".", NG_PATHSIZ);
! 2739: strlcat(path, hook, NG_PATHSIZ);
! 2740: snprintf(hook, NG_HOOKSIZ, "out");
! 2741:
! 2742: /* Set the new node's name. */
! 2743: snprintf(nm.name, sizeof(nm.name), "mpd%d-%s-mss", gPid, b->name);
! 2744: if (NgSendMsg(gLinksCsock, path,
! 2745: NGM_GENERIC_COOKIE, NGM_NAME, &nm, sizeof(nm)) < 0) {
! 2746: Perror("can't name %s node", NG_TCPMSS_NODE_TYPE);
! 2747: goto fail;
! 2748: }
! 2749:
! 2750: #else
! 2751: /* Create a bpf node for SYN detection. */
! 2752: strcpy(mp.type, NG_BPF_NODE_TYPE);
! 2753: strlcpy(mp.ourhook, hook, sizeof(mp.ourhook));
! 2754: strcpy(mp.peerhook, "ppp");
! 2755: if (NgSendMsg(gLinksCsock, path,
! 2756: NGM_GENERIC_COOKIE, NGM_MKPEER, &mp, sizeof(mp)) < 0) {
! 2757: Perror("can't create %s node at \"%s\"->\"%s\"",
! 2758: NG_BPF_NODE_TYPE, path, mp.ourhook);
! 2759: goto fail;
! 2760: }
! 2761:
! 2762: strlcat(path, ".", NG_PATHSIZ);
! 2763: strlcat(path, hook, NG_PATHSIZ);
! 2764: strcpy(hook, "iface");
! 2765:
! 2766: /* Set the new node's name. */
! 2767: snprintf(nm.name, sizeof(nm.name), "mpd%d-%s-mss", gPid, b->name);
! 2768: if (NgSendMsg(gLinksCsock, path,
! 2769: NGM_GENERIC_COOKIE, NGM_NAME, &nm, sizeof(nm)) < 0) {
! 2770: Perror("can't name tcpmssfix %s node", NG_BPF_NODE_TYPE);
! 2771: goto fail;
! 2772: }
! 2773:
! 2774: /* Connect to the bundle socket node. */
! 2775: strlcpy(cn.path, path, sizeof(cn.path));
! 2776: snprintf(cn.ourhook, sizeof(cn.ourhook), "i%d", b->id);
! 2777: strcpy(cn.peerhook, MPD_HOOK_TCPMSS_IN);
! 2778: if (NgSendMsg(gLinksCsock, ".:", NGM_GENERIC_COOKIE, NGM_CONNECT, &cn,
! 2779: sizeof(cn)) < 0) {
! 2780: Perror("[%s] can't connect \"%s\"->\"%s\" and \"%s\"->\"%s\"",
! 2781: b->name, path, cn.ourhook, cn.path, cn.peerhook);
! 2782: goto fail;
! 2783: }
! 2784:
! 2785: strlcpy(cn.path, path, sizeof(cn.path));
! 2786: snprintf(cn.ourhook, sizeof(cn.ourhook), "o%d", b->id);
! 2787: strcpy(cn.peerhook, MPD_HOOK_TCPMSS_OUT);
! 2788: if (NgSendMsg(gLinksCsock, ".:", NGM_GENERIC_COOKIE, NGM_CONNECT, &cn,
! 2789: sizeof(cn)) < 0) {
! 2790: Perror("[%s] can't connect \"%s\"->\"%s\" and \"%s\"->\"%s\"",
! 2791: b->name, path, cn.ourhook, cn.path, cn.peerhook);
! 2792: goto fail;
! 2793: }
! 2794: #endif /* USE_NG_TCPMSS */
! 2795:
! 2796: return (0);
! 2797: fail:
! 2798: return (-1);
! 2799: }
! 2800:
! 2801: /*
! 2802: * BundConfigMSS()
! 2803: *
! 2804: * Configure the tcpmss node to reduce MSS to given value.
! 2805: */
! 2806:
! 2807: static void
! 2808: IfaceSetupMSS(Bund b, uint16_t maxMSS)
! 2809: {
! 2810: #ifdef USE_NG_TCPMSS
! 2811: struct ng_tcpmss_config tcpmsscfg;
! 2812: char path[NG_PATHSIZ];
! 2813:
! 2814: snprintf(path, sizeof(path), "mpd%d-%s-mss:", gPid, b->name);
! 2815:
! 2816: /* Send configure message. */
! 2817: memset(&tcpmsscfg, 0, sizeof(tcpmsscfg));
! 2818: tcpmsscfg.maxMSS = maxMSS;
! 2819:
! 2820: snprintf(tcpmsscfg.inHook, sizeof(tcpmsscfg.inHook), "in");
! 2821: snprintf(tcpmsscfg.outHook, sizeof(tcpmsscfg.outHook), "out");
! 2822: if (NgSendMsg(gLinksCsock, path, NGM_TCPMSS_COOKIE, NGM_TCPMSS_CONFIG,
! 2823: &tcpmsscfg, sizeof(tcpmsscfg)) < 0) {
! 2824: Perror("[%s] can't configure %s node program", b->name, NG_TCPMSS_NODE_TYPE);
! 2825: }
! 2826: snprintf(tcpmsscfg.inHook, sizeof(tcpmsscfg.inHook), "out");
! 2827: snprintf(tcpmsscfg.outHook, sizeof(tcpmsscfg.outHook), "in");
! 2828: if (NgSendMsg(gLinksCsock, path, NGM_TCPMSS_COOKIE, NGM_TCPMSS_CONFIG,
! 2829: &tcpmsscfg, sizeof(tcpmsscfg)) < 0) {
! 2830: Perror("[%s] can't configure %s node program", b->name, NG_TCPMSS_NODE_TYPE);
! 2831: }
! 2832: #else
! 2833: union {
! 2834: u_char buf[NG_BPF_HOOKPROG_SIZE(TCPSYN_PROG_LEN)];
! 2835: struct ng_bpf_hookprog hprog;
! 2836: } u;
! 2837: struct ng_bpf_hookprog *const hp = &u.hprog;
! 2838: char hook[NG_HOOKSIZ];
! 2839:
! 2840: /* Setup programs for ng_bpf hooks */
! 2841: snprintf(hook, sizeof(hook), "i%d", b->id);
! 2842:
! 2843: memset(&u, 0, sizeof(u));
! 2844: strcpy(hp->thisHook, "ppp");
! 2845: hp->bpf_prog_len = TCPSYN_PROG_LEN;
! 2846: memcpy(&hp->bpf_prog, &gTCPSYNProg,
! 2847: TCPSYN_PROG_LEN * sizeof(*gTCPSYNProg));
! 2848: strcpy(hp->ifMatch, MPD_HOOK_TCPMSS_IN);
! 2849: strcpy(hp->ifNotMatch, "iface");
! 2850:
! 2851: if (NgSendMsg(gLinksCsock, hook, NGM_BPF_COOKIE,
! 2852: NGM_BPF_SET_PROGRAM, hp, NG_BPF_HOOKPROG_SIZE(hp->bpf_prog_len)) < 0)
! 2853: Perror("[%s] can't set %s node program", b->name, NG_BPF_NODE_TYPE);
! 2854:
! 2855: memset(&u, 0, sizeof(u));
! 2856: strcpy(hp->thisHook, MPD_HOOK_TCPMSS_IN);
! 2857: hp->bpf_prog_len = NOMATCH_PROG_LEN;
! 2858: memcpy(&hp->bpf_prog, &gNoMatchProg,
! 2859: NOMATCH_PROG_LEN * sizeof(*gNoMatchProg));
! 2860: strcpy(hp->ifMatch, "ppp");
! 2861: strcpy(hp->ifNotMatch, "ppp");
! 2862:
! 2863: if (NgSendMsg(gLinksCsock, hook, NGM_BPF_COOKIE,
! 2864: NGM_BPF_SET_PROGRAM, hp, NG_BPF_HOOKPROG_SIZE(hp->bpf_prog_len)) < 0)
! 2865: Perror("[%s] can't set %s node program", b->name, NG_BPF_NODE_TYPE);
! 2866:
! 2867: snprintf(hook, sizeof(hook), "o%d", b->id);
! 2868: memset(&u, 0, sizeof(u));
! 2869: strcpy(hp->thisHook, "iface");
! 2870: hp->bpf_prog_len = TCPSYN_PROG_LEN;
! 2871: memcpy(&hp->bpf_prog, &gTCPSYNProg,
! 2872: TCPSYN_PROG_LEN * sizeof(*gTCPSYNProg));
! 2873: strcpy(hp->ifMatch, MPD_HOOK_TCPMSS_OUT);
! 2874: strcpy(hp->ifNotMatch, "ppp");
! 2875:
! 2876: if (NgSendMsg(gLinksCsock, hook, NGM_BPF_COOKIE,
! 2877: NGM_BPF_SET_PROGRAM, hp, NG_BPF_HOOKPROG_SIZE(hp->bpf_prog_len)) < 0)
! 2878: Perror("[%s] can't set %s node program", b->name, NG_BPF_NODE_TYPE);
! 2879:
! 2880: memset(&u, 0, sizeof(u));
! 2881: strcpy(hp->thisHook, MPD_HOOK_TCPMSS_OUT);
! 2882: hp->bpf_prog_len = NOMATCH_PROG_LEN;
! 2883: memcpy(&hp->bpf_prog, &gNoMatchProg,
! 2884: NOMATCH_PROG_LEN * sizeof(*gNoMatchProg));
! 2885: strcpy(hp->ifMatch, "iface");
! 2886: strcpy(hp->ifNotMatch, "iface");
! 2887:
! 2888: if (NgSendMsg(gLinksCsock, hook, NGM_BPF_COOKIE,
! 2889: NGM_BPF_SET_PROGRAM, hp, NG_BPF_HOOKPROG_SIZE(hp->bpf_prog_len)) < 0)
! 2890: Perror("[%s] can't set %s node program", b->name, NG_BPF_NODE_TYPE);
! 2891:
! 2892: #endif /* USE_NG_TCPMSS */
! 2893: }
! 2894:
! 2895: static void
! 2896: IfaceShutdownMSS(Bund b)
! 2897: {
! 2898: char path[NG_PATHSIZ];
! 2899:
! 2900: #ifdef USE_NG_TCPMSS
! 2901: snprintf(path, sizeof(path), "mpd%d-%s-mss:", gPid, b->name);
! 2902: NgFuncShutdownNode(gLinksCsock, b->name, path);
! 2903: #else
! 2904: snprintf(path, sizeof(path), "i%d", b->id);
! 2905: NgFuncShutdownNode(gLinksCsock, b->name, path);
! 2906: #endif
! 2907: }
! 2908: #endif /* defined(USE_NG_TCPMSS) || (!defined(USE_NG_TCPMSS) && defined(USE_NG_BPF)) */
! 2909:
! 2910: #ifdef USE_NG_BPF
! 2911: static int
! 2912: IfaceInitLimits(Bund b, char *path, char *hook)
! 2913: {
! 2914: struct ngm_mkpeer mp;
! 2915: struct ngm_name nm;
! 2916:
! 2917: if (b->params.acl_limits[0] || b->params.acl_limits[1]) {
! 2918:
! 2919: Log(LG_IFACE2, ("[%s] IFACE: Connecting limits", b->name));
! 2920:
! 2921: /* Create a bpf node for traffic filtering. */
! 2922: strcpy(mp.type, NG_BPF_NODE_TYPE);
! 2923: strlcpy(mp.ourhook, hook, sizeof(mp.ourhook));
! 2924: strcpy(mp.peerhook, "ppp");
! 2925: if (NgSendMsg(gLinksCsock, path,
! 2926: NGM_GENERIC_COOKIE, NGM_MKPEER, &mp, sizeof(mp)) < 0) {
! 2927: Perror("can't create %s node at \"%s\"->\"%s\"",
! 2928: NG_BPF_NODE_TYPE, path, mp.ourhook);
! 2929: goto fail;
! 2930: }
! 2931:
! 2932: strlcat(path, ".", NG_PATHSIZ);
! 2933: strlcat(path, hook, NG_PATHSIZ);
! 2934: strcpy(hook, "iface");
! 2935:
! 2936: b->iface.limitID = NgGetNodeID(gLinksCsock, path);
! 2937: if (b->iface.limitID == 0)
! 2938: Perror("can't get limits %s node ID", NG_BPF_NODE_TYPE);
! 2939:
! 2940: /* Set the new node's name. */
! 2941: snprintf(nm.name, sizeof(nm.name), "mpd%d-%s-lim", gPid, b->name);
! 2942: if (NgSendMsg(gLinksCsock, path,
! 2943: NGM_GENERIC_COOKIE, NGM_NAME, &nm, sizeof(nm)) < 0) {
! 2944: Perror("can't name limits %s node", NG_BPF_NODE_TYPE);
! 2945: goto fail;
! 2946: }
! 2947:
! 2948: }
! 2949:
! 2950: return (0);
! 2951: fail:
! 2952: return (-1);
! 2953: }
! 2954:
! 2955: /*
! 2956: * BundConfigLimits()
! 2957: *
! 2958: * Configure the bpf & car nodes.
! 2959: */
! 2960:
! 2961: static void
! 2962: IfaceSetupLimits(Bund b)
! 2963: {
! 2964: #define ACL_MAX_PROGLEN 65536
! 2965: union {
! 2966: u_char buf[NG_BPF_HOOKPROG_SIZE(ACL_MAX_PROGLEN)];
! 2967: struct ng_bpf_hookprog hprog;
! 2968: } *hpu;
! 2969: struct ng_bpf_hookprog *hp;
! 2970: struct ngm_connect cn;
! 2971: int i;
! 2972:
! 2973: hpu = Malloc(MB_IFACE, sizeof(*hpu));
! 2974: hp = &hpu->hprog;
! 2975:
! 2976: if (b->params.acl_limits[0] || b->params.acl_limits[1]) {
! 2977: char path[NG_PATHSIZ];
! 2978: int num, dir;
! 2979:
! 2980: snprintf(path, sizeof(path), "mpd%d-%s-lim:", gPid, b->name);
! 2981:
! 2982: for (dir = 0; dir < 2; dir++) {
! 2983: char inhook[2][NG_HOOKSIZ];
! 2984: char inhookn[2][NG_HOOKSIZ];
! 2985: char outhook[NG_HOOKSIZ];
! 2986: struct acl *l;
! 2987:
! 2988: if (dir == 0) {
! 2989: strcpy(inhook[0], "ppp");
! 2990: strcpy(outhook, "iface");
! 2991: } else {
! 2992: strcpy(inhook[0], "iface");
! 2993: strcpy(outhook, "ppp");
! 2994: }
! 2995: strcpy(inhook[1], "");
! 2996: num = 0;
! 2997: for (l = b->params.acl_limits[dir]; l; l = l->next) {
! 2998: char str[ACL_LEN];
! 2999: #define ACL_MAX_PARAMS 7 /* one more then max number of arguments */
! 3000: int ac;
! 3001: char *av[ACL_MAX_PARAMS];
! 3002: int p;
! 3003: char stathook[NG_HOOKSIZ];
! 3004: struct svcs *ss = NULL;
! 3005: struct svcssrc *sss = NULL;
! 3006:
! 3007: Log(LG_IFACE2, ("[%s] IFACE: limit %s#%d%s%s: '%s'",
! 3008: b->name, (dir?"out":"in"), l->number,
! 3009: ((l->name[0])?"#":""), l->name, l->rule));
! 3010: strlcpy(str, l->rule, sizeof(str));
! 3011: ac = ParseLine(str, av, ACL_MAX_PARAMS, 0);
! 3012: if (ac < 1 || ac >= ACL_MAX_PARAMS) {
! 3013: Log(LG_ERR, ("[%s] IFACE: incorrect limit: '%s'",
! 3014: b->name, l->rule));
! 3015: continue;
! 3016: }
! 3017:
! 3018: stathook[0] = 0;
! 3019: memset(hpu, 0, sizeof(hpu));
! 3020: /* Prepare filter */
! 3021: if (strcasecmp(av[0], "all") == 0) {
! 3022: hp->bpf_prog_len = MATCH_PROG_LEN;
! 3023: memcpy(&hp->bpf_prog, &gMatchProg,
! 3024: MATCH_PROG_LEN * sizeof(*gMatchProg));
! 3025: } else if (strncasecmp(av[0], "flt", 3) == 0) {
! 3026: struct acl *f;
! 3027: int flt;
! 3028:
! 3029: flt = atoi(av[0] + 3);
! 3030: if (flt <= 0 || flt > ACL_FILTERS) {
! 3031: Log(LG_ERR, ("[%s] IFACE: incorrect filter number: '%s'",
! 3032: b->name, av[0]));
! 3033: } else if ((f = b->params.acl_filters[flt - 1]) == NULL &&
! 3034: (f = acl_filters[flt - 1]) == NULL) {
! 3035: Log(LG_ERR, ("[%s] IFACE: Undefined filter: '%s'",
! 3036: b->name, av[0]));
! 3037: } else {
! 3038: struct bpf_program pr;
! 3039: char *buf;
! 3040: int bufbraces;
! 3041:
! 3042: #define ACL_BUF_SIZE 256*1024
! 3043: buf = Malloc(MB_IFACE, ACL_BUF_SIZE);
! 3044: buf[0] = 0;
! 3045: bufbraces = 0;
! 3046: while (f) {
! 3047: char *b1, *b2, *sbuf;
! 3048: sbuf = Mstrdup(MB_IFACE, f->rule);
! 3049: b2 = sbuf;
! 3050: b1 = strsep(&b2, " ");
! 3051: if (b2 != NULL) {
! 3052: if (strcasecmp(b1, "match") == 0) {
! 3053: strlcat(buf, "( ", ACL_BUF_SIZE);
! 3054: strlcat(buf, b2, ACL_BUF_SIZE);
! 3055: strlcat(buf, " ) ", ACL_BUF_SIZE);
! 3056: if (f->next) {
! 3057: strlcat(buf, "|| ( ", ACL_BUF_SIZE);
! 3058: bufbraces++;
! 3059: }
! 3060: } else if (strcasecmp(b1, "nomatch") == 0) {
! 3061: strlcat(buf, "( not ( ", ACL_BUF_SIZE);
! 3062: strlcat(buf, b2, ACL_BUF_SIZE);
! 3063: strlcat(buf, " ) ) ", ACL_BUF_SIZE);
! 3064: if (f->next) {
! 3065: strlcat(buf, "&& ( ", ACL_BUF_SIZE);
! 3066: bufbraces++;
! 3067: }
! 3068: } else {
! 3069: Log(LG_ERR, ("[%s] IFACE: filter action '%s' is unknown",
! 3070: b->name, b1));
! 3071: }
! 3072: };
! 3073: Freee(sbuf);
! 3074: f = f->next;
! 3075: }
! 3076: for (i = 0; i < bufbraces; i++)
! 3077: strlcat(buf, ") ", ACL_BUF_SIZE);
! 3078: Log(LG_IFACE2, ("[%s] IFACE: flt%d: '%s'",
! 3079: b->name, flt, buf));
! 3080:
! 3081: if (pcap_compile_nopcap((u_int)-1, DLT_RAW, &pr, buf, 1, 0xffffff00)) {
! 3082: Log(LG_ERR, ("[%s] IFACE: filter '%s' compilation error",
! 3083: b->name, av[0]));
! 3084: /* Incorrect matches nothing. */
! 3085: hp->bpf_prog_len = NOMATCH_PROG_LEN;
! 3086: memcpy(&hp->bpf_prog, &gNoMatchProg,
! 3087: NOMATCH_PROG_LEN * sizeof(*gNoMatchProg));
! 3088: } else if (pr.bf_len > ACL_MAX_PROGLEN) {
! 3089: Log(LG_ERR, ("[%s] IFACE: filter '%s' is too long",
! 3090: b->name, av[0]));
! 3091: pcap_freecode(&pr);
! 3092: /* Incorrect matches nothing. */
! 3093: hp->bpf_prog_len = NOMATCH_PROG_LEN;
! 3094: memcpy(&hp->bpf_prog, &gNoMatchProg,
! 3095: NOMATCH_PROG_LEN * sizeof(*gNoMatchProg));
! 3096: } else {
! 3097: hp->bpf_prog_len = pr.bf_len;
! 3098: memcpy(&hp->bpf_prog, pr.bf_insns,
! 3099: pr.bf_len * sizeof(struct bpf_insn));
! 3100: pcap_freecode(&pr);
! 3101: }
! 3102: Freee(buf);
! 3103: }
! 3104: } else {
! 3105: Log(LG_ERR, ("[%s] IFACE: incorrect filter: '%s'",
! 3106: b->name, av[0]));
! 3107: /* Incorrect matches nothing. */
! 3108: hp->bpf_prog_len = NOMATCH_PROG_LEN;
! 3109: memcpy(&hp->bpf_prog, &gNoMatchProg,
! 3110: NOMATCH_PROG_LEN * sizeof(*gNoMatchProg));
! 3111: }
! 3112:
! 3113: /* Prepare action */
! 3114: p = 1;
! 3115: if (ac == 1) {
! 3116: if (!l->next) {
! 3117: strcpy(hp->ifMatch, outhook);
! 3118: strcpy(inhookn[0], "");
! 3119: } else {
! 3120: sprintf(hp->ifMatch, "%d-%d-m", dir, num);
! 3121: sprintf(inhookn[0], "%d-%d-mi", dir, num);
! 3122:
! 3123: /* Connect nomatch hook to bpf itself. */
! 3124: strcpy(cn.ourhook, hp->ifMatch);
! 3125: strcpy(cn.path, path);
! 3126: strcpy(cn.peerhook, inhookn[0]);
! 3127: if (NgSendMsg(gLinksCsock, path,
! 3128: NGM_GENERIC_COOKIE, NGM_CONNECT, &cn, sizeof(cn)) < 0) {
! 3129: Perror("[%s] IFACE: can't connect \"%s\"->\"%s\" and \"%s\"->\"%s\"",
! 3130: b->name, path, cn.ourhook, cn.path, cn.peerhook);
! 3131: }
! 3132: strcpy(stathook, inhookn[0]);
! 3133: }
! 3134: } else if (strcasecmp(av[p], "pass") == 0) {
! 3135: strcpy(hp->ifMatch, outhook);
! 3136: strcpy(inhookn[0], "");
! 3137: } else if (strcasecmp(av[p], "deny") == 0) {
! 3138: strcpy(hp->ifMatch, "deny");
! 3139: strcpy(inhookn[0], "");
! 3140: #ifdef USE_NG_CAR
! 3141: } else if ((strcasecmp(av[p], "shape") == 0) ||
! 3142: (strcasecmp(av[p], "rate-limit") == 0)) {
! 3143: struct ngm_mkpeer mp;
! 3144: struct ng_car_bulkconf car;
! 3145: char tmppath[NG_PATHSIZ];
! 3146:
! 3147: sprintf(hp->ifMatch, "%d-%d-m", dir, num);
! 3148:
! 3149: /* Create a car node for traffic shaping. */
! 3150: strcpy(mp.type, NG_CAR_NODE_TYPE);
! 3151: snprintf(mp.ourhook, sizeof(mp.ourhook), "%d-%d-m", dir, num);
! 3152: strcpy(mp.peerhook, ((dir == 0)?NG_CAR_HOOK_LOWER:NG_CAR_HOOK_UPPER));
! 3153: if (NgSendMsg(gLinksCsock, path,
! 3154: NGM_GENERIC_COOKIE, NGM_MKPEER, &mp, sizeof(mp)) < 0) {
! 3155: Perror("[%s] IFACE: can't create %s node at \"%s\"->\"%s\"",
! 3156: b->name, NG_CAR_NODE_TYPE, path, mp.ourhook);
! 3157: }
! 3158:
! 3159: snprintf(tmppath, sizeof(tmppath), "%s%d-%d-m", path, dir, num);
! 3160:
! 3161: /* Connect car to bpf. */
! 3162: snprintf(cn.ourhook, sizeof(cn.ourhook), "%d-%d-mi", dir, num);
! 3163: strlcpy(cn.path, tmppath, sizeof(cn.path));
! 3164: strcpy(cn.peerhook, ((dir == 0)?NG_CAR_HOOK_UPPER:NG_CAR_HOOK_LOWER));
! 3165: if (NgSendMsg(gLinksCsock, path,
! 3166: NGM_GENERIC_COOKIE, NGM_CONNECT, &cn, sizeof(cn)) < 0) {
! 3167: Perror("[%s] IFACE: can't connect \"%s\"->\"%s\" and \"%s\"->\"%s\"",
! 3168: b->name, path, cn.ourhook, cn.path, cn.peerhook);
! 3169: }
! 3170:
! 3171: bzero(&car, sizeof(car));
! 3172:
! 3173: if (strcasecmp(av[p], "shape") == 0) {
! 3174: car.upstream.mode = NG_CAR_SHAPE;
! 3175: } else {
! 3176: car.upstream.mode = NG_CAR_RED;
! 3177: }
! 3178: p++;
! 3179:
! 3180: if ((ac > p) && (av[p][0] >= '0') && (av[p][0] <= '9')) {
! 3181: car.upstream.cir = atol(av[p]);
! 3182: p++;
! 3183: if ((ac > p) && (av[p][0] >= '0') && (av[p][0] <= '9')) {
! 3184: car.upstream.cbs = atol(av[p]);
! 3185: p++;
! 3186: if ((ac > p) && (av[p][0] >= '0') && (av[p][0] <= '9')) {
! 3187: car.upstream.ebs = atol(av[p]);
! 3188: p++;
! 3189: } else {
! 3190: car.upstream.ebs = car.upstream.cbs * 2;
! 3191: }
! 3192: } else {
! 3193: car.upstream.cbs = car.upstream.cir / 8;
! 3194: car.upstream.ebs = car.upstream.cbs * 2;
! 3195: }
! 3196: } else {
! 3197: car.upstream.cir = 8000;
! 3198: car.upstream.cbs = car.upstream.cir / 8;
! 3199: car.upstream.ebs = car.upstream.cbs * 2;
! 3200: }
! 3201: car.upstream.green_action = NG_CAR_ACTION_FORWARD;
! 3202: car.upstream.yellow_action = NG_CAR_ACTION_FORWARD;
! 3203: car.upstream.red_action = NG_CAR_ACTION_DROP;
! 3204:
! 3205: car.downstream = car.upstream;
! 3206:
! 3207: if (NgSendMsg(gLinksCsock, tmppath,
! 3208: NGM_CAR_COOKIE, NGM_CAR_SET_CONF, &car, sizeof(car)) < 0) {
! 3209: Perror("[%s] IFACE: can't set %s configuration",
! 3210: b->name, NG_CAR_NODE_TYPE);
! 3211: }
! 3212:
! 3213: if (ac > p) {
! 3214: if (strcasecmp(av[p], "pass") == 0) {
! 3215: union {
! 3216: u_char buf[NG_BPF_HOOKPROG_SIZE(MATCH_PROG_LEN)];
! 3217: struct ng_bpf_hookprog hprog;
! 3218: } hpu1;
! 3219: struct ng_bpf_hookprog *const hp1 = &hpu1.hprog;
! 3220:
! 3221: memset(&hpu1, 0, sizeof(hpu1));
! 3222: strcpy(hp1->ifMatch, outhook);
! 3223: strcpy(hp1->ifNotMatch, outhook);
! 3224: hp1->bpf_prog_len = MATCH_PROG_LEN;
! 3225: memcpy(&hp1->bpf_prog, &gMatchProg,
! 3226: MATCH_PROG_LEN * sizeof(*gMatchProg));
! 3227: sprintf(hp1->thisHook, "%d-%d-mi", dir, num);
! 3228: if (NgSendMsg(gLinksCsock, path, NGM_BPF_COOKIE, NGM_BPF_SET_PROGRAM,
! 3229: hp1, NG_BPF_HOOKPROG_SIZE(hp1->bpf_prog_len)) < 0) {
! 3230: Perror("[%s] IFACE: can't set %s node program",
! 3231: b->name, NG_BPF_NODE_TYPE);
! 3232: }
! 3233:
! 3234: strcpy(stathook, hp1->thisHook);
! 3235: strcpy(inhookn[0], "");
! 3236: } else {
! 3237: Log(LG_ERR, ("[%s] IFACE: unknown action: '%s'",
! 3238: b->name, av[p]));
! 3239: strcpy(inhookn[0], "");
! 3240: }
! 3241: } else {
! 3242: sprintf(inhookn[0], "%d-%d-mi", dir, num);
! 3243: strcpy(stathook, inhookn[0]);
! 3244: }
! 3245: #endif /* USE_NG_CAR */
! 3246: } else {
! 3247: Log(LG_ERR, ("[%s] IFACE: unknown action: '%s'",
! 3248: b->name, av[1]));
! 3249: strcpy(inhookn[0], "");
! 3250: }
! 3251:
! 3252: /* Prepare nomatch */
! 3253: if (l->next && strcasecmp(av[0], "all")) {
! 3254: /* If there is next limit and there is possible nomatch,
! 3255: * then pass nomatch there. */
! 3256: sprintf(hp->ifNotMatch, "%d-%d-n", dir, num);
! 3257: sprintf(inhookn[1], "%d-%d-ni", dir, num);
! 3258:
! 3259: /* Connect nomatch hook to bpf itself. */
! 3260: strcpy(cn.ourhook, hp->ifNotMatch);
! 3261: strcpy(cn.path, path);
! 3262: strcpy(cn.peerhook, inhookn[1]);
! 3263: if (NgSendMsg(gLinksCsock, path,
! 3264: NGM_GENERIC_COOKIE, NGM_CONNECT, &cn, sizeof(cn)) < 0) {
! 3265: Perror("[%s] IFACE: can't connect \"%s\"->\"%s\" and \"%s\"->\"%s\"",
! 3266: b->name, path, cn.ourhook, cn.path, cn.peerhook);
! 3267: }
! 3268: } else {
! 3269: /* There is no next limit, pass nomatch. */
! 3270: strcpy(hp->ifNotMatch, outhook);
! 3271: strcpy(inhookn[1], "");
! 3272: }
! 3273:
! 3274: /* Remember how to collect stats for this limit */
! 3275: if (l->name[0]) {
! 3276: SLIST_FOREACH(ss, &b->iface.ss[dir], next) {
! 3277: if (strcmp(ss->name, l->name) == 0)
! 3278: break;
! 3279: }
! 3280: if (ss == NULL) {
! 3281: ss = Malloc(MB_IFACE, sizeof(*ss));
! 3282: strlcpy(ss->name, l->name, sizeof(ss->name));
! 3283: SLIST_INIT(&ss->src);
! 3284: SLIST_INSERT_HEAD(&b->iface.ss[dir], ss, next);
! 3285: }
! 3286: if (stathook[0]) {
! 3287: sss = Malloc(MB_IFACE, sizeof(*sss));
! 3288: strlcpy(sss->hook, stathook, sizeof(sss->hook));
! 3289: sss->type = SSSS_IN;
! 3290: SLIST_INSERT_HEAD(&ss->src, sss, next);
! 3291: }
! 3292: }
! 3293:
! 3294: for (i = 0; i < 2; i++) {
! 3295: if (inhook[i][0] != 0) {
! 3296: if (l->name[0] && !stathook[0]) {
! 3297: sss = Malloc(MB_IFACE, sizeof(*sss));
! 3298: strlcpy(sss->hook, inhook[i], sizeof(sss->hook));
! 3299: sss->type = SSSS_MATCH;
! 3300: SLIST_INSERT_HEAD(&ss->src, sss, next);
! 3301: }
! 3302:
! 3303: strcpy(hp->thisHook, inhook[i]);
! 3304: if (NgSendMsg(gLinksCsock, path, NGM_BPF_COOKIE, NGM_BPF_SET_PROGRAM,
! 3305: hp, NG_BPF_HOOKPROG_SIZE(hp->bpf_prog_len)) < 0) {
! 3306: Perror("[%s] IFACE: can't set %s node program",
! 3307: b->name, NG_BPF_NODE_TYPE);
! 3308: }
! 3309: }
! 3310: strcpy(inhook[i], inhookn[i]);
! 3311: }
! 3312:
! 3313: num++;
! 3314: }
! 3315:
! 3316: /* Connect left hooks to output */
! 3317: for (i = 0; i < 2; i++) {
! 3318: if (inhook[i][0] != 0) {
! 3319: memset(hpu, 0, sizeof(*hpu));
! 3320: strcpy(hp->thisHook, inhook[i]);
! 3321: hp->bpf_prog_len = MATCH_PROG_LEN;
! 3322: memcpy(&hp->bpf_prog, &gMatchProg,
! 3323: MATCH_PROG_LEN * sizeof(*gMatchProg));
! 3324: strcpy(hp->ifMatch, outhook);
! 3325: strcpy(hp->ifNotMatch, outhook);
! 3326: if (NgSendMsg(gLinksCsock, path, NGM_BPF_COOKIE, NGM_BPF_SET_PROGRAM,
! 3327: hp, NG_BPF_HOOKPROG_SIZE(hp->bpf_prog_len)) < 0) {
! 3328: Perror("[%s] IFACE: can't set %s node %s %s program (2)",
! 3329: b->name, NG_BPF_NODE_TYPE, path, hp->thisHook);
! 3330: }
! 3331: }
! 3332: }
! 3333: }
! 3334: }
! 3335: Freee(hpu);
! 3336: }
! 3337:
! 3338: static void
! 3339: IfaceShutdownLimits(Bund b)
! 3340: {
! 3341: char path[NG_PATHSIZ];
! 3342: struct svcs *ss;
! 3343: struct svcssrc *sss;
! 3344: struct svcstat curstats;
! 3345: int i;
! 3346:
! 3347: if (b->n_up > 0) {
! 3348: bzero(&curstats, sizeof(curstats));
! 3349: IfaceGetStats(b, &curstats);
! 3350: IfaceAddStats(&b->iface.prevstats, &curstats);
! 3351: IfaceFreeStats(&curstats);
! 3352: }
! 3353:
! 3354: if (b->params.acl_limits[0] || b->params.acl_limits[1]) {
! 3355: snprintf(path, sizeof(path), "[%x]:", b->iface.limitID);
! 3356: NgFuncShutdownNode(gLinksCsock, b->name, path);
! 3357: }
! 3358:
! 3359: for (i = 0; i < ACL_DIRS; i++) {
! 3360: while ((ss = SLIST_FIRST(&b->iface.ss[i])) != NULL) {
! 3361: while ((sss = SLIST_FIRST(&ss->src)) != NULL) {
! 3362: SLIST_REMOVE_HEAD(&ss->src, next);
! 3363: Freee(sss);
! 3364: }
! 3365: SLIST_REMOVE_HEAD(&b->iface.ss[i], next);
! 3366: Freee(ss);
! 3367: }
! 3368: }
! 3369: }
! 3370:
! 3371: void
! 3372: IfaceGetStats(Bund b, struct svcstat *stat)
! 3373: {
! 3374: char path[NG_PATHSIZ];
! 3375: struct svcs *ss;
! 3376: struct svcssrc *sss;
! 3377: int dir;
! 3378:
! 3379: union {
! 3380: u_char buf[sizeof(struct ng_mesg) + sizeof(struct ng_bpf_hookstat)];
! 3381: struct ng_mesg reply;
! 3382: } u;
! 3383: struct ng_bpf_hookstat *const hs = (struct ng_bpf_hookstat *)(void *)u.reply.data;
! 3384:
! 3385: snprintf(path, sizeof(path), "[%x]:", b->iface.limitID);
! 3386: for (dir = 0; dir < ACL_DIRS; dir++) {
! 3387: SLIST_FOREACH(ss, &b->iface.ss[dir], next) {
! 3388: struct svcstatrec *ssr;
! 3389:
! 3390: SLIST_FOREACH(ssr, &stat->stat[dir], next) {
! 3391: if (strcmp(ssr->name, ss->name) == 0)
! 3392: break;
! 3393: }
! 3394: if (!ssr) {
! 3395: ssr = Malloc(MB_IFACE, sizeof(*ssr));
! 3396: strlcpy(ssr->name, ss->name, sizeof(ssr->name));
! 3397: SLIST_INSERT_HEAD(&stat->stat[dir], ssr, next);
! 3398: }
! 3399:
! 3400: SLIST_FOREACH(sss, &ss->src, next) {
! 3401: if (NgSendMsg(gLinksCsock, path,
! 3402: NGM_BPF_COOKIE, NGM_BPF_GET_STATS, sss->hook, strlen(sss->hook)+1) < 0)
! 3403: continue;
! 3404: if (NgRecvMsg(gLinksCsock, &u.reply, sizeof(u), NULL) < 0)
! 3405: continue;
! 3406:
! 3407: switch(sss->type) {
! 3408: case SSSS_IN:
! 3409: ssr->Packets += hs->recvFrames;
! 3410: ssr->Octets += hs->recvOctets;
! 3411: break;
! 3412: case SSSS_MATCH:
! 3413: ssr->Packets += hs->recvMatchFrames;
! 3414: ssr->Octets += hs->recvMatchOctets;
! 3415: break;
! 3416: case SSSS_NOMATCH:
! 3417: ssr->Packets += hs->recvFrames - hs->recvMatchFrames;
! 3418: ssr->Octets += hs->recvOctets - hs->recvMatchOctets;
! 3419: break;
! 3420: case SSSS_OUT:
! 3421: ssr->Packets += hs->xmitFrames;
! 3422: ssr->Octets += hs->xmitOctets;
! 3423: break;
! 3424: }
! 3425: }
! 3426: }
! 3427: }
! 3428: }
! 3429:
! 3430: void
! 3431: IfaceAddStats(struct svcstat *stat1, struct svcstat *stat2)
! 3432: {
! 3433: struct svcstatrec *ssr1, *ssr2;
! 3434: int dir;
! 3435:
! 3436: for (dir = 0; dir < ACL_DIRS; dir++) {
! 3437: SLIST_FOREACH(ssr2, &stat2->stat[dir], next) {
! 3438: SLIST_FOREACH(ssr1, &stat1->stat[dir], next)
! 3439: if (strcmp(ssr1->name, ssr2->name) == 0) {
! 3440: break;
! 3441: }
! 3442: if (!ssr1) {
! 3443: ssr1 = Malloc(MB_IFACE, sizeof(*ssr1));
! 3444: strlcpy(ssr1->name, ssr2->name, sizeof(ssr1->name));
! 3445: SLIST_INSERT_HEAD(&stat1->stat[dir], ssr1, next);
! 3446: }
! 3447: ssr1->Packets += ssr2->Packets;
! 3448: ssr1->Octets += ssr2->Octets;
! 3449: }
! 3450: }
! 3451: }
! 3452:
! 3453: void
! 3454: IfaceFreeStats(struct svcstat *stat)
! 3455: {
! 3456: struct svcstatrec *ssr;
! 3457: int i;
! 3458:
! 3459: for (i = 0; i < ACL_DIRS; i++) {
! 3460: while ((ssr = SLIST_FIRST(&stat->stat[i])) != NULL) {
! 3461: SLIST_REMOVE_HEAD(&stat->stat[i], next);
! 3462: Freee(ssr);
! 3463: }
! 3464: }
! 3465: }
! 3466: #endif /* USE_NG_BPF */
! 3467:
! 3468: /*
! 3469: * IfaceSetName()
! 3470: */
! 3471:
! 3472: int
! 3473: IfaceSetName(Bund b, const char * ifname)
! 3474: {
! 3475: IfaceState const iface = &b->iface;
! 3476: struct ifreq ifr;
! 3477: int s;
! 3478:
! 3479: /* Do not rename interface on template */
! 3480: if (b->tmpl)
! 3481: return(0);
! 3482:
! 3483: /* Do not wait ioctl error "file already exist" */
! 3484: if (strncmp(iface->ifname, ifname, sizeof(iface->ifname)) == 0)
! 3485: return(0);
! 3486:
! 3487: /* Get socket */
! 3488: if ((s = socket(PF_INET, SOCK_DGRAM, 0)) < 0) {
! 3489: Log(LG_ERR, ("[%s] IFACE: Can't get socket to set name", b->name));
! 3490: return(-1);
! 3491: }
! 3492:
! 3493: /* Set name of interface */
! 3494: memset(&ifr, 0, sizeof(ifr));
! 3495: strlcpy(ifr.ifr_name, iface->ifname, sizeof(ifr.ifr_name));
! 3496: ifr.ifr_data = (caddr_t)ifname;
! 3497: Log(LG_IFACE2, ("[%s] IFACE: setting \"%s\" name to \"%s\"",
! 3498: b->name, iface->ifname, ifname));
! 3499:
! 3500: if (ioctl(s, SIOCSIFNAME, (caddr_t)&ifr) < 0) {
! 3501: Perror("[%s] IFACE: ioctl(%s, SIOCSIFNAME)", b->name, iface->ifname);
! 3502: close(s);
! 3503: return(-1);
! 3504: }
! 3505:
! 3506: close(s);
! 3507: /* Save name */
! 3508: strlcpy(iface->ifname, ifname, sizeof(iface->ifname));
! 3509: return(0);
! 3510: }
! 3511:
! 3512: #ifdef SIOCSIFDESCR
! 3513: /*
! 3514: * IfaceSetDescr()
! 3515: */
! 3516:
! 3517: int
! 3518: IfaceSetDescr(Bund b, const char * ifdescr)
! 3519: {
! 3520: IfaceState const iface = &b->iface;
! 3521: struct ifreq ifr;
! 3522: int s, ifdescr_maxlen;
! 3523: char *newdescr;
! 3524: size_t sz = sizeof(int);
! 3525:
! 3526: if (b->tmpl) {
! 3527: Log(LG_ERR, ("Impossible ioctl(SIOCSIFDESCR) on template"));
! 3528: return(-1);
! 3529: }
! 3530:
! 3531: if (sysctlbyname("net.ifdescr_maxlen", &ifdescr_maxlen, &sz, NULL, 0) < 0) {
! 3532: Perror("[%s] IFACE: sysctl net.ifdescr_maxlen failed", b->name);
! 3533: return(-1);
! 3534: }
! 3535:
! 3536: if (ifdescr_maxlen < strlen(ifdescr) + 1) {
! 3537: Log(LG_ERR, ("[%s] IFACE: Description too long, >%d characters",
! 3538: b->name, ifdescr_maxlen-1));
! 3539: return(-1);
! 3540: }
! 3541:
! 3542: /* Get socket */
! 3543: if ((s = socket(PF_INET, SOCK_DGRAM, 0)) < 0) {
! 3544: Log(LG_ERR, ("[%s] IFACE: Can't get socket to set description", b->name));
! 3545: return(-1);
! 3546: }
! 3547:
! 3548: /* Set description of interface */
! 3549: memset(&ifr, 0, sizeof(ifr));
! 3550: strlcpy(ifr.ifr_name, iface->ifname, sizeof(ifr.ifr_name));
! 3551: ifr.ifr_buffer.length = strlen(ifdescr) + 1;
! 3552: if (ifr.ifr_buffer.length == 1) {
! 3553: ifr.ifr_buffer.buffer = newdescr = NULL;
! 3554: ifr.ifr_buffer.length = 0;
! 3555: Log(LG_IFACE2, ("[%s] IFACE: clearing \"%s\" description",
! 3556: b->name, iface->ifname));
! 3557: } else {
! 3558: newdescr = Mstrdup(MB_IFACE, ifdescr);
! 3559: ifr.ifr_buffer.buffer = newdescr;
! 3560: Log(LG_IFACE2, ("[%s] IFACE: setting \"%s\" description to \"%s\"",
! 3561: b->name, iface->ifname, ifdescr));
! 3562: }
! 3563:
! 3564: if (ioctl(s, SIOCSIFDESCR, (caddr_t)&ifr) < 0) {
! 3565: Perror("[%s] IFACE: ioctl(%s, SIOCSIFDESCR)", b->name, iface->ifname);
! 3566: Freee(newdescr);
! 3567: close(s);
! 3568: return(-1);
! 3569: }
! 3570: Freee(newdescr);
! 3571: close(s);
! 3572: return(0);
! 3573: }
! 3574: #endif /* SIOCSIFDESCR */
! 3575: #ifdef SIOCAIFGROUP
! 3576: /*
! 3577: * IfaceAddGroup()
! 3578: */
! 3579:
! 3580: int
! 3581: IfaceAddGroup(Bund b, const char * ifgroup)
! 3582: {
! 3583: IfaceState const iface = &b->iface;
! 3584: struct ifgroupreq ifgr;
! 3585: int s, i;
! 3586:
! 3587: /* Do not add group on template */
! 3588: if (b->tmpl)
! 3589: return(0);
! 3590:
! 3591: if (ifgroup[0] && isdigit(ifgroup[strlen(ifgroup) - 1])) {
! 3592: Perror("[%s] IFACE: groupnames may not end in a digit", b->name);
! 3593: return(-1);
! 3594: }
! 3595:
! 3596: /* Get socket */
! 3597: if ((s = socket(PF_INET, SOCK_DGRAM, 0)) < 0) {
! 3598: Perror("[%s] IFACE: Can't get socket to add group", b->name);
! 3599: return(-1);
! 3600: }
! 3601:
! 3602: /* Add interface group */
! 3603: memset(&ifgr, 0, sizeof(ifgr));
! 3604: strlcpy(ifgr.ifgr_name, iface->ifname, sizeof(ifgr.ifgr_name));
! 3605: strlcpy(ifgr.ifgr_group, ifgroup, sizeof(ifgr.ifgr_group));
! 3606:
! 3607: Log(LG_IFACE2, ("[%s] IFACE: adding interface %s to group %s",
! 3608: b->name, iface->ifname, ifgroup));
! 3609:
! 3610: i = ioctl(s, SIOCAIFGROUP, (caddr_t)&ifgr);
! 3611: if (i < 0 && i != EEXIST) {
! 3612: Perror("[%s] IFACE: ioctl(%s, SIOCAIFGROUP)", b->name, iface->ifname);
! 3613: close(s);
! 3614: return(-1);
! 3615: }
! 3616:
! 3617: close(s);
! 3618: return(0);
! 3619: }
! 3620:
! 3621: /*
! 3622: * IfaceDelGroup()
! 3623: */
! 3624: int
! 3625: IfaceDelGroup(Bund b, const char * ifgroup)
! 3626: {
! 3627: IfaceState const iface = &b->iface;
! 3628: struct ifgroupreq ifgr;
! 3629: int s;
! 3630:
! 3631: /* Get socket */
! 3632: if ((s = socket(PF_INET, SOCK_DGRAM, 0)) < 0) {
! 3633: Perror("[%s] IFACE: Can't get socket to delete from group", b->name);
! 3634: return(-1);
! 3635: }
! 3636:
! 3637: if (ifgroup[0] && isdigit(ifgroup[strlen(ifgroup) - 1])) {
! 3638: Perror("[%s] IFACE: groupnames may not end in a digit", b->name);
! 3639: return(-1);
! 3640: }
! 3641:
! 3642: /* Set interface group */
! 3643: memset(&ifgr, 0, sizeof(ifgr));
! 3644: strlcpy(ifgr.ifgr_name, iface->ifname, sizeof(ifgr.ifgr_name));
! 3645: strlcpy(ifgr.ifgr_group, ifgroup, sizeof(ifgr.ifgr_group));
! 3646:
! 3647: Log(LG_IFACE2, ("[%s] IFACE: remove interface %s from group %s",
! 3648: b->name, iface->ifname, ifgroup));
! 3649:
! 3650: if (ioctl(s, SIOCDIFGROUP, (caddr_t)&ifgr) == -1) {
! 3651: Perror("[%s] IFACE: ioctl(%s, SIOCDIFGROUP)", b->name, iface->ifname);
! 3652: close(s);
! 3653: return(-1);
! 3654: }
! 3655: close(s);
! 3656: return(0);
! 3657: }
! 3658: #endif
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to iface.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / mpd / src