2 * Copyright (c) 2014 - 2018 The DragonFly Project. All rights reserved.
4 * This code is derived from software contributed to The DragonFly Project
5 * by Bill Yuan <bycn82@dragonflybsd.org>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #include <sys/param.h>
37 #include <sys/socket.h>
38 #include <sys/sockio.h>
39 #include <sys/sysctl.h>
43 #include <arpa/inet.h>
61 #include <netinet/in.h>
62 #include <netinet/in_systm.h>
63 #include <netinet/ip.h>
64 #include <netinet/ip_icmp.h>
65 #include <netinet/tcp.h>
67 #include <net/if_dl.h>
68 #include <net/route.h>
69 #include <net/ethernet.h>
71 #include <net/ipfw3/ip_fw3.h>
72 #include <net/ipfw3_basic/ip_fw3_basic.h>
73 #include <net/ipfw3_basic/ip_fw3_table.h>
74 #include <net/ipfw3_basic/ip_fw3_state.h>
75 #include <net/ipfw3_basic/ip_fw3_sync.h>
76 #include <net/ipfw3_nat/ip_fw3_nat.h>
77 #include <net/dummynet3/ip_dummynet3.h>
80 #include "ipfw3basic.h"
87 extern int do_compact;
91 state_add(int ac, char *av[])
97 state_delete(int ac, char *av[])
101 if (ac == 1 && isdigit(**av))
103 if (do_set_x(IP_FW_STATE_DEL, &rulenum, sizeof(int)) < 0 )
104 err(EX_UNAVAILABLE, "do_set_x(IP_FW_STATE_DEL)");
108 state_flush(int ac, char *av[])
113 printf("Are you sure? [yn] ");
116 c = toupper(getc(stdin));
117 while (c != '\n' && getc(stdin) != '\n')
119 return; /* and do not flush */
120 } while (c != 'Y' && c != 'N');
121 if (c == 'N') /* user said no */
124 if (do_set_x(IP_FW_STATE_FLUSH, NULL, 0) < 0 )
125 err(EX_UNAVAILABLE, "do_set_x(IP_FW_STATE_FLUSH)");
127 printf("Flushed all states.\n");
131 state_list(int ac, char *av[])
144 rule_id = strtoul(*av, NULL, 10);
147 while (nbytes >= nalloc) {
150 if ((data = realloc(data, nbytes)) == NULL) {
151 err(EX_OSERR, "realloc");
153 memcpy(data, &rule_id, sizeof(int));
154 if (do_get_x(IP_FW_STATE_GET, data, &nbytes) < 0) {
155 err(EX_OSERR, "do_get_x(IP_FW_NAT_GET_RECORD)");
162 struct ipfw3_ioc_state *ioc;
163 ioc =(struct ipfw3_ioc_state *)data;
164 int count = nbytes / LEN_IOC_FW3_STATE;
166 for (i = 0; i < count; i ++) {
167 printf("%05u %d", ioc->rule_id, ioc->cpu_id);
168 if (ioc->proto == IPPROTO_ICMP) {
170 } else if (ioc->proto == IPPROTO_TCP) {
172 } else if (ioc->proto == IPPROTO_UDP) {
175 printf(" %s:%hu",inet_ntoa(ioc->src_addr),
176 htons(ioc->src_port));
177 printf(" %s:%hu",inet_ntoa(ioc->dst_addr),
178 htons(ioc->dst_port));
179 printf(" %c", ioc->direction? 'o' : 'i');
180 printf(" %lld", (long long)ioc->life);
187 state_main(int ac, char **av)
189 if (!strncmp(*av, "add", strlen(*av))) {
191 } else if (!strncmp(*av, "delete", strlen(*av))) {
192 state_delete(ac, av);
193 } else if (!strncmp(*av, "flush", strlen(*av))) {
195 } else if (!strncmp(*av, "list", strlen(*av))) {
197 } else if (!strncmp(*av, "show", strlen(*av))) {
201 errx(EX_USAGE, "bad ipfw3 state command `%s'", *av);