2 * Copyright (C) 1999-2001 by Darren Reed.
4 * See the IPFILTER.LICENCE file for details on licencing.
7 # ifndef __FreeBSD_cc_version
8 # include <osreldate.h>
10 # if __FreeBSD_cc_version < 430000
11 # include <osreldate.h>
20 #if !defined(__SVR4) && !defined(__GNUC__)
23 #include <sys/types.h>
24 #include <sys/param.h>
28 #include <sys/socket.h>
29 #include <sys/ioctl.h>
30 #include <netinet/in.h>
31 #include <netinet/in_systm.h>
34 #if __FreeBSD_version >= 300000
35 # include <net/if_var.h>
37 #include <netinet/ip.h>
39 #include <arpa/nameser.h>
41 #include "ip_compat.h"
48 static const char rcsid[] = "@(#)$Id: ipfs.c,v 2.6.2.12 2002/09/26 12:25:19 darrenr Exp $";
52 # define IPF_SAVEDIR "/var/db/ipf"
55 # define IPF_NATFILE "ipnat.ipf"
58 # define IPF_STATEFILE "ipstate.ipf"
61 #if !defined(__SVR4) && defined(__GNUC__)
62 extern char *index __P((const char *, int));
67 int main __P((int, char *[]));
68 void usage __P((void));
69 int changestateif __P((char *, char *));
70 int changenatif __P((char *, char *));
71 int readstate __P((int, char *));
72 int readnat __P((int, char *));
73 int writestate __P((int, char *));
74 int opendevice __P((char *));
75 void closedevice __P((int));
76 int setlock __P((int, int));
77 int writeall __P((char *));
78 int readall __P((char *));
79 int writenat __P((int, char *));
80 char *concat __P((char *, char *));
88 usage: ipfs [-nv] -l\n\
89 usage: ipfs [-nv] -u\n\
90 usage: ipfs [-nv] [-d <dir>] -R\n\
91 usage: ipfs [-nv] [-d <dir>] -W\n\
92 usage: ipfs [-nv] -N [-f <file> | -d <dir>] -r\n\
93 usage: ipfs [-nv] -S [-f <file> | -d <dir>] -r\n\
94 usage: ipfs [-nv] -N [-f <file> | -d <dir>] -w\n\
95 usage: ipfs [-nv] -S [-f <file> | -d <dir>] -w\n\
96 usage: ipfs [-nv] -N [-f <filename> | -d <dir> ] -i <if1>,<if2>\n\
97 usage: ipfs [-nv] -S [-f <filename> | -d <dir> ] -i <if1>,<if2>\n\
104 * Change interface names in state information saved out to disk.
106 int changestateif(ifs, fname)
109 int fd, olen, nlen, rw;
114 s = strchr(ifs, ',');
120 if (nlen >= sizeof(ips.ips_is.is_ifname) ||
121 olen >= sizeof(ips.ips_is.is_ifname))
124 fd = open(fname, O_RDWR);
130 for (pos = 0; read(fd, &ips, sizeof(ips)) == sizeof(ips); ) {
132 if (!strncmp(ips.ips_is.is_ifname[0], ifs, olen + 1)) {
133 strcpy(ips.ips_is.is_ifname[0], s);
136 if (!strncmp(ips.ips_is.is_ifname[1], ifs, olen + 1)) {
137 strcpy(ips.ips_is.is_ifname[1], s);
141 if (lseek(fd, pos, SEEK_SET) != pos) {
145 if (write(fd, &ips, sizeof(ips)) != sizeof(ips)) {
150 pos = lseek(fd, 0, SEEK_CUR);
159 * Change interface names in NAT information saved out to disk.
161 int changenatif(ifs, fname)
164 int fd, olen, nlen, rw;
170 s = strchr(ifs, ',');
177 if (nlen >= sizeof(nat->nat_ifname) || olen >= sizeof(nat->nat_ifname))
180 fd = open(fname, O_RDWR);
186 for (pos = 0; read(fd, &ipn, sizeof(ipn)) == sizeof(ipn); ) {
188 if (!strncmp(nat->nat_ifname, ifs, olen + 1)) {
189 strcpy(nat->nat_ifname, s);
193 if (lseek(fd, pos, SEEK_SET) != pos) {
197 if (write(fd, &ipn, sizeof(ipn)) != sizeof(ipn)) {
202 pos = lseek(fd, 0, SEEK_CUR);
214 int c, lock = -1, devfd = -1, err = 0, rw = -1, ns = -1, set = 0;
215 char *dirname = NULL, *filename = NULL, *ifs = NULL;
217 while ((c = getopt(argc, argv, "d:f:i:lNnSRruvWw")) != -1)
221 if ((set == 0) && !dirname && !filename)
227 if ((set == 1) && !dirname && !filename && !(rw & 2))
237 if (filename || dirname || set)
243 opts |= OPT_DONOTHING;
246 if ((ns >= 0) || dirname || (rw != -1) || set)
252 if (dirname || (rw != -1) || (ns == -1))
258 if (filename || (ns != -1))
264 if ((ns >= 0) || dirname || (rw != -1) || set)
270 if (filename || dirname || set)
279 if (dirname || (rw != -1) || (ns == -1))
285 if (filename || (ns != -1))
294 if (filename == NULL) {
297 dirname = IPF_SAVEDIR;
298 if (dirname[strlen(dirname) - 1] != '/')
299 dirname = concat(dirname, "/");
300 filename = concat(dirname, IPF_NATFILE);
301 } else if (ns == 1) {
303 dirname = IPF_SAVEDIR;
304 if (dirname[strlen(dirname) - 1] != '/')
305 dirname = concat(dirname, "/");
306 filename = concat(dirname, IPF_STATEFILE);
311 if (!filename || ns < 0)
314 return changenatif(ifs, filename);
316 return changestateif(ifs, filename);
319 if ((ns >= 0) || (lock >= 0)) {
321 devfd = opendevice(NULL);
324 devfd = opendevice(IPL_STATE);
326 devfd = opendevice(IPL_NAT);
333 err = setlock(devfd, lock);
335 if (rw & 1) { /* WRITE */
337 err = writeall(dirname);
340 err = writenat(devfd, filename);
342 err = writestate(devfd, filename);
346 err = readall(dirname);
349 err = readnat(devfd, filename);
351 err = readstate(devfd, filename);
359 char *concat(base, append)
364 str = malloc(strlen(base) + strlen(append) + 1);
373 int opendevice(ipfdev)
378 if (opts & OPT_DONOTHING)
384 if ((fd = open(ipfdev, O_RDWR)) == -1)
385 if ((fd = open(ipfdev, O_RDONLY)) == -1)
386 perror("open device");
398 int setlock(fd, lock)
401 if (opts & OPT_VERBOSE)
402 printf("Turn lock %s\n", lock ? "on" : "off");
403 if (!(opts & OPT_DONOTHING)) {
404 if (ioctl(fd, SIOCSTLCK, &lock) == -1) {
408 if (opts & OPT_VERBOSE)
409 printf("Lock now %s\n", lock ? "on" : "off");
415 int writestate(fd, file)
419 ipstate_save_t ips, *ipsp;
423 file = IPF_STATEFILE;
425 wfd = open(file, O_WRONLY|O_TRUNC|O_CREAT, 0600);
427 fprintf(stderr, "%s ", file);
428 perror("state:open");
433 bzero((char *)ipsp, sizeof(ips));
436 if (opts & OPT_VERBOSE)
437 printf("Getting state from addr %p\n", ips.ips_next);
438 if (ioctl(fd, SIOCSTGET, &ipsp)) {
441 perror("state:SIOCSTGET");
445 if (opts & OPT_VERBOSE)
446 printf("Got state next %p\n", ips.ips_next);
447 if (write(wfd, ipsp, sizeof(ips)) != sizeof(ips)) {
448 perror("state:write");
452 } while (ips.ips_next != NULL);
459 int readstate(fd, file)
463 ipstate_save_t ips, *is, *ipshead = NULL, *is1, *ipstail = NULL;
467 file = IPF_STATEFILE;
469 sfd = open(file, O_RDONLY, 0600);
471 fprintf(stderr, "%s ", file);
476 bzero((char *)&ips, sizeof(ips));
479 * 1. Read all state information in.
482 i = read(sfd, &ips, sizeof(ips));
490 if (i != sizeof(ips)) {
491 fprintf(stderr, "incomplete read: %d != %d\n", i,
496 is = (ipstate_save_t *)malloc(sizeof(*is));
498 fprintf(stderr, "malloc failed\n");
502 bcopy((char *)&ips, (char *)is, sizeof(ips));
505 * Check to see if this is the first state entry that will
506 * reference a particular rule and if so, flag it as such
507 * else just adjust the rule pointer to become a pointer to
508 * the other. We do this so we have a means later for tracking
509 * who is referencing us when we get back the real pointer
510 * in is_rule after doing the ioctl.
512 for (is1 = ipshead; is1 != NULL; is1 = is1->ips_next)
513 if (is1->ips_rule == is->ips_rule)
516 is->ips_is.is_flags |= FI_NEWFR;
518 is->ips_rule = (void *)&is1->ips_rule;
521 * Use a tail-queue type list (add things to the end)..
527 ipstail->ips_next = is;
533 for (is = ipshead; is; is = is->ips_next) {
534 if (opts & OPT_VERBOSE)
535 printf("Loading new state table entry\n");
536 if (is->ips_is.is_flags & FI_NEWFR) {
537 if (opts & OPT_VERBOSE)
538 printf("Loading new filter rule\n");
540 if (!(opts & OPT_DONOTHING))
541 if (ioctl(fd, SIOCSTPUT, &is)) {
546 if (is->ips_is.is_flags & FI_NEWFR) {
547 if (opts & OPT_VERBOSE)
548 printf("Real rule addr %p\n", is->ips_rule);
549 for (is1 = is->ips_next; is1; is1 = is1->ips_next)
550 if (is1->ips_rule == (frentry_t *)&is->ips_rule)
551 is1->ips_rule = is->ips_rule;
559 int readnat(fd, file)
563 nat_save_t ipn, *in, *ipnhead = NULL, *in1, *ipntail = NULL, *ipnp;
570 nfd = open(file, O_RDONLY);
572 fprintf(stderr, "%s ", file);
577 bzero((char *)&ipn, sizeof(ipn));
581 * 1. Read all state information in.
584 i = read(nfd, &ipn, sizeof(ipn));
592 if (i != sizeof(ipn)) {
593 fprintf(stderr, "incomplete read: %d != %d\n", i,
599 if (ipn.ipn_dsize > 0) {
600 char *s = ipnp->ipn_data;
601 int n = ipnp->ipn_dsize;
603 n -= sizeof(ipnp->ipn_data);
604 in = malloc(sizeof(*in) + n);
608 s += sizeof(ipnp->ipn_data);
613 fprintf(stderr, "incomplete read: %d != %d\n",
619 in = (nat_save_t *)malloc(sizeof(*in));
620 bcopy((char *)ipnp, (char *)in, sizeof(ipn));
623 * Check to see if this is the first state entry that will
624 * reference a particular rule and if so, flag it as such
625 * else just adjust the rule pointer to become a pointer to
626 * the other. We do this so we have a means later for tracking
627 * who is referencing us when we get back the real pointer
628 * in is_rule after doing the ioctl.
631 if (nat->nat_fr != NULL) {
632 for (in1 = ipnhead; in1 != NULL; in1 = in1->ipn_next)
633 if (in1->ipn_rule == nat->nat_fr)
636 nat->nat_flags |= FI_NEWFR;
638 nat->nat_fr = &in1->ipn_fr;
642 * Use a tail-queue type list (add things to the end)..
648 ipntail->ipn_next = in;
654 for (in = ipnhead; in; in = in->ipn_next) {
655 if (opts & OPT_VERBOSE)
656 printf("Loading new NAT table entry\n");
658 if (nat->nat_flags & FI_NEWFR) {
659 if (opts & OPT_VERBOSE)
660 printf("Loading new filter rule\n");
662 if (!(opts & OPT_DONOTHING))
663 if (ioctl(fd, SIOCSTPUT, &in)) {
668 if (nat->nat_flags & FI_NEWFR) {
669 if (opts & OPT_VERBOSE)
670 printf("Real rule addr %p\n", nat->nat_fr);
671 for (in1 = in->ipn_next; in1; in1 = in1->ipn_next)
672 if (in1->ipn_rule == &in->ipn_fr)
673 in1->ipn_rule = nat->nat_fr;
681 int writenat(fd, file)
685 nat_save_t *ipnp = NULL, *next = NULL;
692 nfd = open(file, O_WRONLY|O_TRUNC|O_CREAT, 0600);
694 fprintf(stderr, "%s ", file);
701 if (opts & OPT_VERBOSE)
702 printf("Getting nat from addr %p\n", ipnp);
705 if (ioctl(fd, SIOCSTGSZ, &ng)) {
706 perror("nat:SIOCSTGSZ");
711 if (opts & OPT_VERBOSE)
712 printf("NAT size %d from %p\n", ng.ng_sz, ng.ng_ptr);
718 ipnp = malloc(ng.ng_sz);
720 ipnp = realloc((char *)ipnp, ng.ng_sz);
723 "malloc for %d bytes failed\n", ng.ng_sz);
727 bzero((char *)ipnp, ng.ng_sz);
728 ipnp->ipn_next = next;
729 if (ioctl(fd, SIOCSTGET, &ipnp)) {
732 perror("nat:SIOCSTGET");
737 if (opts & OPT_VERBOSE)
738 printf("Got nat next %p\n", ipnp->ipn_next);
739 if (write(nfd, ipnp, ng.ng_sz) != ng.ng_sz) {
744 next = ipnp->ipn_next;
745 } while (ipnp && next);
752 int writeall(dirname)
758 dirname = IPF_SAVEDIR;
760 if (chdir(dirname)) {
761 perror("chdir(IPF_SAVEDIR)");
765 fd = opendevice(NULL);
768 if (setlock(fd, 1)) {
773 devfd = opendevice(IPL_STATE);
776 if (writestate(devfd, NULL))
780 devfd = opendevice(IPL_NAT);
783 if (writenat(devfd, NULL))
787 if (setlock(fd, 0)) {
807 dirname = IPF_SAVEDIR;
809 if (chdir(dirname)) {
810 perror("chdir(IPF_SAVEDIR)");
814 fd = opendevice(NULL);
817 if (setlock(fd, 1)) {
822 devfd = opendevice(IPL_STATE);
825 if (readstate(devfd, NULL))
829 devfd = opendevice(IPL_NAT);
832 if (readnat(devfd, NULL))
836 if (setlock(fd, 0)) {
projects / dragonfly.git / blob