Annotation of fwsync/patches/sync.c, revision 1.1
1.1 ! misho 1: /*-
! 2: * Copyright (c) 2022 Michael Pounov <misho@elwix.org>
! 3: *
! 4: *
! 5: * Redistribution and use in source forms, with and without modification,
! 6: * are permitted provided that this entire comment appears intact.
! 7: *
! 8: * Redistribution in binary form may occur without any restrictions.
! 9: * Obviously, it would be nice if you gave credit where credit is due
! 10: * but requiring it would be too onerous.
! 11: *
! 12: * This software is provided ``AS IS'' without any warranties of any kind.
! 13: *
! 14: * command line interface for sync state of IP firewall
! 15: */
! 16: #include <stdio.h>
! 17: #include <stdlib.h>
! 18: #include <string.h>
! 19: #include <unistd.h>
! 20: #include <errno.h>
! 21: #include <sys/socket.h>
! 22: #include <sys/un.h>
! 23: #include <sys/param.h>
! 24: #include <netinet/in.h>
! 25: #include <net/if.h>
! 26: #include <net/if_dl.h>
! 27: #include <arpa/inet.h>
! 28: #include <netinet/ip_fw.h>
! 29: #include <err.h>
! 30: #include <sysexits.h>
! 31:
! 32: #include "ipfw2.h"
! 33:
! 34: typedef union {
! 35: struct sockaddr_storage ss;
! 36: struct sockaddr sa;
! 37: struct sockaddr_un sun;
! 38: struct sockaddr_in sin;
! 39: struct sockaddr_in6 sin6;
! 40: struct sockaddr_dl sdl;
! 41: } sockaddr_t;
! 42: #define E_SOCKADDR_INIT { .ss = { 0 } }
! 43: #define E_SOCKADDR_MAX MIN(sizeof(sockaddr_t), 0xff)
! 44:
! 45: #define SYNC_SHIFT_ARG { ac--; av++; }
! 46: #define DEF_SYNC_PORT 20611
! 47:
! 48: void
! 49: ipfw_config_sync(int ac, char **av)
! 50: {
! 51: u_short port;
! 52: sockaddr_t *sa = NULL;
! 53: int len, j, i = 0;
! 54: char *str, *buf, show[BUFSIZ], host[64];
! 55: void *ptr;
! 56: ipfw_obj_header *oh;
! 57: struct ipfw_sync_cfg *cfg;
! 58:
! 59: SYNC_SHIFT_ARG;
! 60:
! 61: len = sizeof(*oh) + sizeof(*cfg);
! 62: buf = malloc(len);
! 63: if (!buf)
! 64: errx(EX_OSERR, "malloc failed");
! 65: else
! 66: memset(buf, 0, len);
! 67: oh = (ipfw_obj_header*) buf;
! 68: cfg = (struct ipfw_sync_cfg*) (oh + 1);
! 69: oh->ntlv.head.length = sizeof(oh->ntlv);
! 70:
! 71: if (ac && !strcmp(*av, "edge")) {
! 72: SYNC_SHIFT_ARG;
! 73: if (ac && !strcmp(*av, "port"))
! 74: SYNC_SHIFT_ARG;
! 75: if (!ac)
! 76: errx(EX_DATAERR, "missing edge port\n");
! 77:
! 78: strlcpy(host, *av, sizeof host);
! 79: if ((str = strchr(host, ','))) {
! 80: *str++ = 0;
! 81: port = strtol(str, NULL, 10);
! 82: if (!port)
! 83: errx(EX_DATAERR, "incorrect port number\n");
! 84: } else {
! 85: port = strtol(host, NULL, 10);
! 86: if (!port)
! 87: errx(EX_DATAERR, "incorrect port number\n");
! 88: strlcpy(host, "0.0.0.0", sizeof host);
! 89: }
! 90:
! 91: strlcpy(oh->ntlv.name, "edge", sizeof(oh->ntlv.name));
! 92: strlcpy(cfg->name, "edge", sizeof(cfg->name));
! 93: cfg->mode = CFG_SYNC_EDGE;
! 94: cfg->addrs = 1;
! 95: cfg->addr[0].addr.sa_family = strchr(host, ':') ? AF_INET6 : AF_INET;
! 96: if (cfg->addr[0].addr.sa_family == AF_INET) {
! 97: cfg->addr[0].ip4.sin_len = sizeof cfg->addr[0].ip4;
! 98: cfg->addr[0].ip4.sin_port = htons(port);
! 99: if (inet_pton(AF_INET, host, &cfg->addr[0].ip4.sin_addr) != 1)
! 100: errx(EX_DATAERR, "invalid edge IPv4 address\n");
! 101: } else {
! 102: cfg->addr[0].ip6.sin6_len = sizeof cfg->addr[0].ip6;
! 103: cfg->addr[0].ip6.sin6_port = htons(port);
! 104: if (inet_pton(AF_INET6, host, &cfg->addr[0].ip6.sin6_addr) != 1)
! 105: errx(EX_DATAERR, "invalid edge IPv6 address\n");
! 106: }
! 107: } else if (!strcmp(*av, "collector")) {
! 108: SYNC_SHIFT_ARG;
! 109: if (!ac)
! 110: errx(EX_DATAERR, "missing destination(s) address[,port]\n");
! 111: while (ac && *av) {
! 112: ptr = realloc(sa, E_SOCKADDR_MAX * (i + 1));
! 113: if (!ptr) {
! 114: free(sa);
! 115: errx(EX_DATAERR, "not enough memory for collectors\n");
! 116: } else
! 117: sa = ptr;
! 118: memset(sa + i, 0, E_SOCKADDR_MAX);
! 119: if ((str = strchr(*av, ','))) {
! 120: *str++ = 0;
! 121: port = strtol(str, NULL, 10);
! 122: if (!port) {
! 123: free(sa);
! 124: errx(EX_DATAERR, "incorrect port number\n");
! 125: }
! 126: } else
! 127: port = DEF_SYNC_PORT;
! 128: sa[i].sa.sa_family = strchr(*av, ':') ? AF_INET6 : AF_INET;
! 129: if (sa[i].sa.sa_family == AF_INET) {
! 130: sa[i].sa.sa_len = sizeof sa[i].sin;
! 131: sa[i].sin.sin_port = htons(port);
! 132: if (inet_pton(AF_INET, *av, &sa[i].sin.sin_addr) != 1) {
! 133: free(sa);
! 134: errx(EX_DATAERR, "invalid collector address\n");
! 135: }
! 136:
! 137: cfg->addr[1 + i].ip4.sin_len = sizeof cfg->addr[1 + i].ip4;
! 138: cfg->addr[1 + i].ip4.sin_family = AF_INET;
! 139: cfg->addr[1 + i].ip4.sin_port = htons(port);
! 140: memcpy(&cfg->addr[1 + i].ip4.sin_addr, &sa[i].sin.sin_addr,
! 141: sizeof cfg->addr[1 + i].ip4.sin_addr);
! 142: } else {
! 143: sa[i].sa.sa_len = sizeof sa[i].sin6;
! 144: sa[i].sin6.sin6_port = htons(port);
! 145: if (inet_pton(AF_INET6, *av, &sa[i].sin6.sin6_addr) != 1) {
! 146: free(sa);
! 147: errx(EX_DATAERR, "invalid collector address\n");
! 148: }
! 149:
! 150: cfg->addr[1 + i].ip6.sin6_len = sizeof cfg->addr[1 + i].ip6;
! 151: cfg->addr[1 + i].ip6.sin6_family = AF_INET6;
! 152: cfg->addr[1 + i].ip6.sin6_port = htons(port);
! 153: memcpy(&cfg->addr[1 + i].ip6.sin6_addr, &sa[i].sin6.sin6_addr,
! 154: sizeof cfg->addr[1 + i].ip6.sin6_addr);
! 155: }
! 156:
! 157: i++;
! 158: SYNC_SHIFT_ARG;
! 159:
! 160: if (i == 2) /* maximum 2 collectors at same time */
! 161: break;
! 162: }
! 163: free(sa);
! 164:
! 165: strlcpy(oh->ntlv.name, "collector", sizeof(oh->ntlv.name));
! 166: strlcpy(cfg->name, "collector", sizeof(cfg->name));
! 167: cfg->mode = CFG_SYNC_COLLECTOR;
! 168: cfg->addrs = MIN(i, 2);
! 169: } else
! 170: errx(EX_DATAERR, "missing type of service edge or collector\n");
! 171:
! 172: i = do_set3(IP_FW_SYNC_XCONFIG, &oh->opheader, len);
! 173: if (i)
! 174: err(1, "setsockopt(%s)", "IP_FW_SYNC_XCONFIG");
! 175:
! 176: if (!g_co.do_quiet) {
! 177: /* After every modification, we show the resultant rule. */
! 178: if (cfg->mode == CFG_SYNC_EDGE) {
! 179: printf("edge port %hu\n", ntohs(cfg->addr[0].ip4.sin_port));
! 180: } else {
! 181: printf("collector");
! 182: for (j = 1; j < cfg->addrs + 1; j++) {
! 183: if (cfg->addr[j].addr.sa_family == AF_INET)
! 184: printf(" %s,%hu",
! 185: inet_ntop(AF_INET, &cfg->addr[j].ip4.sin_addr,
! 186: show, sizeof show),
! 187: ntohs(cfg->addr[j].ip4.sin_port));
! 188: else
! 189: printf(" %s,%hu",
! 190: inet_ntop(AF_INET6, &cfg->addr[j].ip6.sin6_addr,
! 191: show, sizeof show),
! 192: ntohs(cfg->addr[j].ip6.sin6_port));
! 193: }
! 194: printf("\n");
! 195: }
! 196: }
! 197:
! 198: free(buf);
! 199: }
! 200:
! 201: void
! 202: ipfw_show_sync(int ac, char **av)
! 203: {
! 204: ipfw_obj_header *oh;
! 205: struct ipfw_sync_cfg *cfg;
! 206: size_t sz;
! 207: char show[BUFSIZ];
! 208: int i;
! 209:
! 210: SYNC_SHIFT_ARG;
! 211:
! 212: sz = sizeof *oh + sizeof *cfg;
! 213: while (42) {
! 214: if (!(oh = malloc(sz)))
! 215: return;
! 216: else
! 217: memset(oh, 0, sz);
! 218: cfg = (struct ipfw_sync_cfg*) (oh + 1);
! 219: oh->ntlv.head.length = sizeof(oh->ntlv);
! 220: strlcpy(oh->ntlv.name, ac ? *av : "", sizeof(oh->ntlv.name));
! 221: strlcpy(cfg->name, ac ? *av : "", sizeof(cfg->name));
! 222:
! 223: if (do_get3(IP_FW_SYNC_XGETCONFIG, &oh->opheader, &sz)) {
! 224: free(oh);
! 225: if (errno == ENOMEM)
! 226: continue;
! 227: return;
! 228: }
! 229:
! 230: break;
! 231: }
! 232:
! 233: i = strtol(cfg->name, NULL, 10);
! 234: if (!ac || !strcmp(*av, "edge"))
! 235: printf("ipfw sync %s edge\n", (i & CFG_SYNC_EDGE) ? "start" : "stop");
! 236: if (!ac || !strcmp(*av, "collector"))
! 237: printf("ipfw sync %s collector\n", (i & CFG_SYNC_COLLECTOR) ? "start" : "stop");
! 238: if ((!ac || !strcmp(*av, "edge")) && cfg->mode & CFG_SYNC_EDGE)
! 239: printf("ipfw sync config edge port %hu\n", ntohs(cfg->addr[0].ip4.sin_port));
! 240: if ((!ac || !strcmp(*av, "collector")) && cfg->mode & CFG_SYNC_COLLECTOR) {
! 241: printf("ipfw sync config collector");
! 242: for (i = 1; i < cfg->addrs + 1; i++) {
! 243: if (cfg->addr[i].addr.sa_family == AF_INET)
! 244: printf(" %s,%hu",
! 245: inet_ntop(AF_INET, &cfg->addr[i].ip4.sin_addr,
! 246: show, sizeof show),
! 247: ntohs(cfg->addr[i].ip4.sin_port));
! 248: else
! 249: printf(" %s,%hu",
! 250: inet_ntop(AF_INET6, &cfg->addr[i].ip6.sin6_addr,
! 251: show, sizeof show),
! 252: ntohs(cfg->addr[i].ip6.sin6_port));
! 253: }
! 254: printf("\n");
! 255: }
! 256: }
! 257:
! 258: void
! 259: ipfw_start_sync(int ac, char **av)
! 260: {
! 261: int *n;
! 262: ipfw_obj_header *oh;
! 263: size_t sz;
! 264: char *buf;
! 265:
! 266: SYNC_SHIFT_ARG;
! 267:
! 268: sz = sizeof *oh + sizeof(int);
! 269: buf = malloc(sz);
! 270: if (!buf)
! 271: errx(EX_OSERR, "malloc failed");
! 272: else
! 273: memset(buf, 0, sz);
! 274: oh = (ipfw_obj_header*) buf;
! 275: n = (int*) (oh + 1);
! 276: oh->ntlv.head.length = sizeof(oh->ntlv);
! 277:
! 278: if (!ac || !strcmp(*av, "edge")) {
! 279: *n = CFG_SYNC_EDGE;
! 280: }
! 281: if (!ac || !strcmp(*av, "collector")) {
! 282: *n |= CFG_SYNC_COLLECTOR;
! 283: }
! 284:
! 285: if (do_set3(IP_FW_SYNC_START, &oh->opheader, sz))
! 286: err(1, "setsockopt(%s)", "IP_FW_SYNC_START");
! 287:
! 288: if (!g_co.do_quiet) {
! 289: if (!ac || !strcmp(*av, "edge"))
! 290: printf("ipfw sync start edge\n");
! 291: if (!ac || !strcmp(*av, "collector"))
! 292: printf("ipfw sync start collector\n");
! 293: }
! 294: }
! 295:
! 296: void
! 297: ipfw_stop_sync(int ac, char **av)
! 298: {
! 299: int *n;
! 300: ipfw_obj_header *oh;
! 301: size_t sz;
! 302: char *buf;
! 303:
! 304: SYNC_SHIFT_ARG;
! 305:
! 306: sz = sizeof *oh + sizeof(int);
! 307: buf = malloc(sz);
! 308: if (!buf)
! 309: errx(EX_OSERR, "malloc failed");
! 310: else
! 311: memset(buf, 0, sz);
! 312: oh = (ipfw_obj_header*) buf;
! 313: n = (int*) (oh + 1);
! 314: oh->ntlv.head.length = sizeof(oh->ntlv);
! 315:
! 316: if (!ac || !strcmp(*av, "edge")) {
! 317: *n = CFG_SYNC_EDGE;
! 318: }
! 319: if (!ac || !strcmp(*av, "collector")) {
! 320: *n |= CFG_SYNC_COLLECTOR;
! 321: }
! 322:
! 323: if (do_set3(IP_FW_SYNC_STOP, &oh->opheader, sz))
! 324: err(1, "setsockopt(%s)", "IP_FW_SYNC_STOP");
! 325:
! 326: if (!g_co.do_quiet) {
! 327: if (!ac || !strcmp(*av, "edge"))
! 328: printf("ipfw sync stop edge\n");
! 329: if (!ac || !strcmp(*av, "collector"))
! 330: printf("ipfw sync stop collector\n");
! 331: }
! 332: }
! 333:
! 334: void
! 335: ipfw_flush_sync(int ac, char **av)
! 336: {
! 337: int *n;
! 338: ipfw_obj_header *oh;
! 339: size_t sz;
! 340: char *buf;
! 341:
! 342: SYNC_SHIFT_ARG;
! 343:
! 344: sz = sizeof *oh + sizeof(int);
! 345: buf = malloc(sz);
! 346: if (!buf)
! 347: errx(EX_OSERR, "malloc failed");
! 348: else
! 349: memset(buf, 0, sz);
! 350: oh = (ipfw_obj_header*) buf;
! 351: n = (int*) (oh + 1);
! 352: oh->ntlv.head.length = sizeof(oh->ntlv);
! 353:
! 354: if (!ac || !strcmp(*av, "edge")) {
! 355: *n = CFG_SYNC_EDGE;
! 356: }
! 357: if (!ac || !strcmp(*av, "collector")) {
! 358: *n |= CFG_SYNC_COLLECTOR;
! 359: }
! 360:
! 361: if (do_set3(IP_FW_SYNC_DESTROY, &oh->opheader, sz))
! 362: err(1, "setsockopt(%s)", "IP_FW_SYNC_DESTROY");
! 363:
! 364: if (!g_co.do_quiet) {
! 365: if (!ac || !strcmp(*av, "edge"))
! 366: printf("ipfw sync flush edge\n");
! 367: if (!ac || !strcmp(*av, "collector"))
! 368: printf("ipfw sync flush collector\n");
! 369: }
! 370: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>