44bc301921
Reported by: jrtc27 Fixes: 2582ae5740181e0d2bab10003d66ae91c9b56329 MFC after: 1 month
579 lines
26 KiB
C
579 lines
26 KiB
C
/*
|
|
* Copyright (C) 2012 by Darren Reed.
|
|
*
|
|
* See the IPFILTER.LICENCE file for details on licencing.
|
|
*
|
|
* $Id: interror.c,v 1.9.2.12 2012/07/22 08:03:39 darren_r Exp $
|
|
*/
|
|
|
|
#include "ipf.h"
|
|
#include <fcntl.h>
|
|
#include <sys/ioctl.h>
|
|
|
|
typedef struct {
|
|
int iee_number;
|
|
char *iee_text;
|
|
} ipf_error_entry_t;
|
|
|
|
static ipf_error_entry_t *find_error(int);
|
|
|
|
#define IPF_NUM_ERRORS 475
|
|
|
|
/*
|
|
* NO REUSE OF NUMBERS!
|
|
*
|
|
* IF YOU WANT TO ADD AN ERROR TO THIS TABLE, _ADD_ A NEW NUMBER.
|
|
* DO _NOT_ USE AN EMPTY NUMBER OR FILL IN A GAP.
|
|
*/
|
|
static ipf_error_entry_t ipf_errors[IPF_NUM_ERRORS] = {
|
|
{ 1, "auth table locked/full" },
|
|
{ 2, "" },
|
|
{ 3, "copyinptr received bad address" },
|
|
{ 4, "copyoutptr received bad address" },
|
|
{ 5, "" },
|
|
{ 6, "cannot load a rule with FR_T_BUILTIN flag set" },
|
|
{ 7, "internal rule without FR_T_BUILDINT flag set" },
|
|
{ 8, "no data provided with filter rule" },
|
|
{ 9, "invalid ioctl for rule" },
|
|
{ 10, "rule protocol is not 4 or 6" },
|
|
{ 11, "cannot find rule function" },
|
|
{ 12, "cannot find rule group" },
|
|
{ 13, "group in/out does not match rule in/out" },
|
|
{ 14, "rule without in/out does not belong to a group" },
|
|
{ 15, "cannot determine where to append rule" },
|
|
{ 16, "malloc for rule data failed" },
|
|
{ 17, "copyin for rule data failed" },
|
|
{ 18, "" },
|
|
{ 19, "zero data size for BPF rule" },
|
|
{ 20, "BPF validation failed" },
|
|
{ 21, "incorrect data size for IPF rule" },
|
|
{ 22, "'keep state' rule included 'with oow'" },
|
|
{ 23, "bad interface index with dynamic source address" },
|
|
{ 24, "bad interface index with dynamic dest. address" },
|
|
{ 25, "match array verif failed for filter rule" },
|
|
{ 26, "bad filter rule type" },
|
|
{ 27, "rule not found for zero'stats" },
|
|
{ 28, "copyout failed for zero'ing stats" },
|
|
{ 29, "rule not found for removing" },
|
|
{ 30, "cannot remove internal rule" },
|
|
{ 31, "rule in use" },
|
|
{ 32, "rule already exists" },
|
|
{ 33, "no memory for another rule" },
|
|
{ 34, "could not find function" },
|
|
{ 35, "copyout failed for resolving function name -> addr" },
|
|
{ 36, "copyout failed for resolving function addr -> name" },
|
|
{ 37, "function name/addr resolving search failed" },
|
|
{ 38, "group map cannot find it's hash table" },
|
|
{ 39, "group map hash-table in/out do not match rule" },
|
|
{ 40, "bcopyout failed for SIOCIPFINTERROR" },
|
|
{ 41, "" },
|
|
{ 42, "ipfilter not enabled for NAT ioctl" },
|
|
{ 43, "ipfilter not enabled for state ioctl" },
|
|
{ 44, "ipfilter not enabled for auth ioctl" },
|
|
{ 45, "ipfilter not enbaled for sync ioctl" },
|
|
{ 46, "ipfilter not enabled for scan ioctl" },
|
|
{ 47, "ipfilter not enabled for lookup ioctl" },
|
|
{ 48, "unrecognised device minor number for ioctl" },
|
|
{ 49, "unrecognised object type for copying in ipfobj" },
|
|
{ 50, "mismatching object type for copying in ipfobj" },
|
|
{ 51, "object size too small for copying in ipfobj" },
|
|
{ 52, "object size mismatch for copying in ipfobj" },
|
|
{ 53, "compat object size too small for copying in ipfobj" },
|
|
{ 54, "compat object size mismatch for copying in ipfobj" },
|
|
{ 55, "error doing copyin of data for in ipfobj" },
|
|
{ 56, "unrecognised object type for size copy in ipfobj" },
|
|
{ 57, "object size too small for size copy in ipfobj" },
|
|
{ 58, "mismatching object type for size copy in ipfobj" },
|
|
{ 59, "object size mismatch for size copy in ipfobj" },
|
|
{ 60, "compat object size mismatch for size copy in ipfobj" },
|
|
{ 61, "error doing size copyin of data for in ipfobj" },
|
|
{ 62, "bad object type for size copy out ipfobj" },
|
|
{ 63, "mismatching object type for size copy out ipfobj" },
|
|
{ 64, "object size mismatch for size copy out ipfobj" },
|
|
{ 65, "compat object size wrong for size copy out ipfobj" },
|
|
{ 66, "error doing size copyout of data for out ipfobj" },
|
|
{ 67, "unrecognised object type for copying out ipfobj" },
|
|
{ 68, "mismatching object type for copying out ipfobj" },
|
|
{ 69, "object size too small for copying out ipfobj" },
|
|
{ 70, "object size mismatch for copying out ipfobj" },
|
|
{ 71, "compat object size too small for copying out ipfobj" },
|
|
{ 72, "compat object size mismatch for copying out ipfobj" },
|
|
{ 73, "error doing copyout of data for out ipfobj" },
|
|
{ 74, "attempt to add existing tunable name" },
|
|
{ 75, "cannot find tunable name to delete" },
|
|
{ 76, "internal data too big for next tunable" },
|
|
{ 77, "could not find tunable" },
|
|
{ 78, "tunable can only be changed when ipfilter disabled" },
|
|
{ 79, "new tunable value outside accepted range" },
|
|
{ 80, "ipftune called for unrecognised ioctl" },
|
|
{ 81, "" },
|
|
{ 82, "could not find token to delete" },
|
|
{ 83, "" },
|
|
{ 84, "attempt to get next rule when no more exist" },
|
|
{ 85, "value for iri_inout outside accepted range" },
|
|
{ 86, "value for iri_active outside accepted range" },
|
|
{ 87, "value for iri_nrules is 0" },
|
|
{ 88, "NULL pointer specified for where to copy rule to" },
|
|
{ 89, "copyout of rule failed" },
|
|
{ 90, "" },
|
|
{ 91, "could not get token for rule iteration" },
|
|
{ 92, "unrecognised generic iterator" },
|
|
{ 93, "could not find token for generic iterator" },
|
|
{ 94, "need write permissions to disable/enable ipfilter" },
|
|
{ 95, "error copying in enable/disable value" },
|
|
{ 96, "need write permissions to set ipf tunable" },
|
|
{ 97, "need write permissions to set ipf flags" },
|
|
{ 98, "error doing copyin of ipf flags" },
|
|
{ 99, "error doing copyout of ipf flags" },
|
|
{ 100, "need write permissions to add another rule" },
|
|
{ 101, "need write permissions to insert another rule" },
|
|
{ 102, "need write permissions to swap active rule set" },
|
|
{ 103, "error copying out current active rule set" },
|
|
{ 104, "need write permissions to zero ipf stats" },
|
|
{ 105, "need write permissions to flush ipf v4 rules" },
|
|
{ 106, "error copying out v4 flush results" },
|
|
{ 107, "error copying in v4 flush command" },
|
|
{ 108, "need write permissions to flush ipf v6 rules" },
|
|
{ 109, "error copying out v6 flush results" },
|
|
{ 110, "error copying in v6 flush command" },
|
|
{ 111, "error copying in new lock state for ipfilter" },
|
|
{ 112, "need write permissions to flush ipf logs" },
|
|
{ 113, "error copying out results of log flush" },
|
|
{ 114, "need write permissions to resync ipf" },
|
|
{ 115, "unrecognised ipf ioctl" },
|
|
{ 116, "error copying in match array" },
|
|
{ 117, "match array type is not IPFOBJ_IPFEXPR" },
|
|
{ 118, "bad size for match array" },
|
|
{ 119, "cannot allocate memory for match aray" },
|
|
{ 120, "error copying in match array" },
|
|
{ 121, "error verifying contents of match array" },
|
|
{ 122, "need write permissions to set ipf lock status" },
|
|
{ 123, "error copying in data for function resolution" },
|
|
{ 124, "error copying in ipfobj structure" },
|
|
{ 125, "error copying in ipfobj structure" },
|
|
{ 126, "error copying in ipfobj structure" },
|
|
{ 127, "error copying in ipfobj structure" },
|
|
{ 128, "no memory for filter rule comment" },
|
|
{ 129, "error copying in filter rule comment" },
|
|
{ 130, "error copying out filter rule comment" },
|
|
{ 131, "no memory for new rule alloc buffer" },
|
|
{ 132, "cannot find source lookup pool" },
|
|
{ 133, "unknown source address type" },
|
|
{ 134, "cannot find destination lookup pool" },
|
|
{ 135, "unknown destination address type" },
|
|
{ 136, "icmp head group name index incorrect" },
|
|
{ 137, "group head name index incorrect" },
|
|
{ 138, "group name index incorrect" },
|
|
{ 139, "to interface name index incorrect" },
|
|
{ 140, "dup-to interface name index incorrect" },
|
|
{ 141, "reply-to interface name index incorrect" },
|
|
{ 142, "could not initialise call now function" },
|
|
{ 143, "could not initialise call function" },
|
|
{ 144, "could not find destination list" },
|
|
{ 145, "auth rules cannot have dup/to/fastroute" },
|
|
{ 146, "incorrect size for object to copy out" },
|
|
{ 147, "object type out of bounds for kernel copyout" },
|
|
{ 148, "object size too small for kernel copyout" },
|
|
{ 149, "object size validation failed for kernel copyout" },
|
|
{ 150, "error copying data out for kernel copyout" },
|
|
{ 151, "version mismatch for kernel copyout" },
|
|
/* -------------------------------------------------------------------------- */
|
|
{ 10001, "could not find token for auth iterator" },
|
|
{ 10002, "write permissions require to add/remove auth rule" },
|
|
{ 10003, "need write permissions to set auth lock" },
|
|
{ 10004, "error copying out results of auth flush" },
|
|
{ 10005, "unknown auth ioctl" },
|
|
{ 10006, "can only append or remove preauth rules" },
|
|
{ 10007, "NULL pointers passed in for preauth remove" },
|
|
{ 10008, "preauth rule not found to remove" },
|
|
{ 10009, "could not malloc memory for preauth entry" },
|
|
{ 10010, "unrecognised preauth rule ioctl command" },
|
|
{ 10011, "iterator data supplied with NULL pointer" },
|
|
{ 10012, "unknown auth iterator type" },
|
|
{ 10013, "iterator error copying out auth data" },
|
|
{ 10014, "sleep waiting for auth packet interrupted" },
|
|
{ 10015, "bad index supplied in auth reply" },
|
|
{ 10016, "error injecting outbound packet back into kernel" },
|
|
{ 10017, "error injecting inbound packet back into kernel" },
|
|
{ 10018, "could not attempt to inject packet back into kernel" },
|
|
{ 10019, "packet id does not match" },
|
|
/* -------------------------------------------------------------------------- */
|
|
{ 20001, "invalid frag token data pointer supplied" },
|
|
{ 20002, "error copying out frag token data" },
|
|
{ 20003, "can only copy one fragment state entry at a time" },
|
|
/* -------------------------------------------------------------------------- */
|
|
{ 30001, "incorrect object size to get hash table stats" },
|
|
{ 30002, "could not malloc memory for new hash table" },
|
|
{ 30003, "error coping in hash table structure" },
|
|
{ 30004, "hash table already exists" },
|
|
{ 30005, "mismach between new hash table and operation unit" },
|
|
{ 30006, "could not malloc memory for hash table base" },
|
|
{ 30007, "could not find hash table" },
|
|
{ 30008, "mismatch between hash table and operation unit" },
|
|
{ 30009, "could not find hash table for iterators next node" },
|
|
{ 30010, "unknown iterator tpe" },
|
|
{ 30011, "iterator error copying out hash table" },
|
|
{ 30012, "iterator error copying out hash table entry" },
|
|
{ 30013, "error copying out hash table statistics" },
|
|
{ 30014, "table node delete structure wrong size" },
|
|
{ 30015, "error copying in node to delete" },
|
|
{ 30016, "table to delete node from does not exist" },
|
|
{ 30017, "could not find table to remove node from" },
|
|
{ 30018, "table node add structure wrong size" },
|
|
{ 30019, "error copying in node to add" },
|
|
{ 30020, "could not find table to add node to" },
|
|
{ 30021, "node already exists in the table" },
|
|
{ 30022, "could not find node to delete in table" },
|
|
{ 30023, "uid mismatch on node to delete" },
|
|
{ 30024, "object size incorrect for hash table" },
|
|
{ 30025, "hash table size must be at least 1"},
|
|
{ 30026, "cannot allocate memory for hash table context" },
|
|
/* -------------------------------------------------------------------------- */
|
|
{ 40001, "invalid minor device numebr for log read" },
|
|
{ 40002, "read size too small" },
|
|
{ 40003, "interrupted waiting for log data to read" },
|
|
{ 40004, "interrupted waiting for log data to read" },
|
|
{ 40005, "read size too large" },
|
|
{ 40006, "uiomove for read operation failed" },
|
|
/* -------------------------------------------------------------------------- */
|
|
{ 50001, "unknown lookup ioctl" },
|
|
{ 50002, "error copying in object data for add node" },
|
|
{ 50003, "invalid unit for lookup add node" },
|
|
{ 50004, "incorrect size for adding a pool node" },
|
|
{ 50005, "error copying in pool node structure" },
|
|
{ 50006, "mismatch in pool node address/mask families" },
|
|
{ 50007, "could not find pool name" },
|
|
{ 50008, "node already exists in pool" },
|
|
{ 50009, "incorrect size for adding a hash node" },
|
|
{ 50010, "error copying in hash node structure" },
|
|
{ 50011, "could not find hash table name" },
|
|
{ 50012, "unrecognised object type for lookup add node" },
|
|
{ 50013, "invalid unit for lookup delete node" },
|
|
{ 50014, "incorrect size for deleting a pool node" },
|
|
{ 50015, "error copying in pool node structure" },
|
|
{ 50016, "could not find pool name" },
|
|
{ 50017, "could not find pool node" },
|
|
{ 50018, "incorrect size for removing a hash node" },
|
|
{ 50019, "error copying in hash node structure" },
|
|
{ 50020, "could not find hash table name" },
|
|
{ 50021, "unrecognised object type for lookup delete node" },
|
|
{ 50022, "error copying in add table data" },
|
|
{ 50023, "invalid unit for lookup add table" },
|
|
{ 50024, "pool name already exists" },
|
|
{ 50025, "hash table name already exists" },
|
|
{ 50026, "unrecognised object type for lookup add table" },
|
|
{ 50027, "error copying table data back out" },
|
|
{ 50028, "error copying in remove table data" },
|
|
{ 50029, "invalid unit for lookup remove table" },
|
|
{ 50030, "unrecognised object type for lookup remove table" },
|
|
{ 50031, "error copying in lookup stats structure" },
|
|
{ 50032, "invalid unit for lookup stats" },
|
|
{ 50033, "unrecognised object type for lookup stats" },
|
|
{ 50034, "error copying in flush lookup data" },
|
|
{ 50035, "invalid unit for lookup flush" },
|
|
{ 50036, "incorrect table type for lookup flush" },
|
|
{ 50037, "error copying out lookup flush results" },
|
|
{ 50038, "invalid unit for lookup iterator" },
|
|
{ 50039, "invalid unit for lookup iterator" },
|
|
{ 50040, "could not find token for lookup iterator" },
|
|
{ 50041, "unrecognised object type for lookup interator" },
|
|
{ 50042, "error copying in lookup delete node operation" },
|
|
/* -------------------------------------------------------------------------- */
|
|
{ 60001, "insufficient privilege for NAT write operation" },
|
|
{ 60002, "need write permissions to flush NAT logs" },
|
|
{ 60003, "need write permissions to turn NAT logging on/off" },
|
|
{ 60004, "error copying out current NAT log setting" },
|
|
{ 60005, "error copying out bytes waiting to be read in NAT \
|
|
log" },
|
|
{ 60006, "need write permissions to add NAT rule" },
|
|
{ 60007, "NAT rule already exists" },
|
|
{ 60008, "could not allocate memory for NAT rule" },
|
|
{ 60009, "need write permissions to remove NAT rule" },
|
|
{ 60010, "NAT rule could not be found" },
|
|
{ 60011, "could not find NAT entry for redirect lookup" },
|
|
{ 60012, "need write permissions to flush NAT table" },
|
|
{ 60013, "error copying in NAT flush command" },
|
|
{ 60014, "need write permissions to do matching NAT flush" },
|
|
{ 60015, "need write permissions to set NAT lock" },
|
|
{ 60016, "need write permissions to add entry to NAT table" },
|
|
{ 60017, "NAT not locked for size retrieval" },
|
|
{ 60018, "NAT not locked for fetching NAT table entry" },
|
|
{ 60019, "error copying in NAT token data for deletion" },
|
|
{ 60020, "unknown NAT ioctl" },
|
|
{ 60021, "" },
|
|
{ 60022, "resolving proxy name in NAT rule failed" },
|
|
{ 60023, "only reply age specified in NAT rule" },
|
|
{ 60024, "error doing copyin to determine NAT entry size" },
|
|
{ 60025, "error copying out NAT size of 0" },
|
|
{ 60026, "NAT entry not found" },
|
|
{ 60027, "error doing copyout of NAT entry size" },
|
|
{ 60028, "invalid data size for getting NAT entry" },
|
|
{ 60029, "could not malloc temporary space for NAT entry" },
|
|
{ 60030, "no NAT table entries present" },
|
|
{ 60031, "NAT entry to get next from not found" },
|
|
{ 60032, "not enough space for proxy structure" },
|
|
{ 60033, "not enough space for private proxy data" },
|
|
{ 60034, "NAT entry size is too large" },
|
|
{ 60035, "could not malloc memory for NAT entry sratch space" },
|
|
{ 60036, "" },
|
|
{ 60037, "could not malloc memory for NAT entry" },
|
|
{ 60038, "could not malloc memory for NAT entry rule" },
|
|
{ 60039, "could not resolve NAT entry rule's proxy" },
|
|
{ 60040, "cannot add outbound duplicate NAT entry" },
|
|
{ 60041, "cannot add inbound duplicate NAT entry" },
|
|
{ 60042, "cannot add NAT entry that is neither IN nor OUT" },
|
|
{ 60043, "could not malloc memory for NAT proxy data" },
|
|
{ 60044, "proxy data size too big" },
|
|
{ 60045, "could not malloc proxy private data for NAT entry" },
|
|
{ 60046, "could not malloc memory for new NAT filter rule" },
|
|
{ 60047, "could not find existing filter rule for NAT entry" },
|
|
{ 60048, "insertion into NAT table failed" },
|
|
{ 60049, "iterator error copying out hostmap data" },
|
|
{ 60050, "iterator error copying out NAT rule data" },
|
|
{ 60051, "iterator error copying out NAT entry data" },
|
|
{ 60052, "iterator data supplied with NULL pointer" },
|
|
{ 60053, "unknown NAT iterator type" },
|
|
{ 60054, "unknwon next address type" },
|
|
{ 60055, "iterator suppled with unknown type for get-next" },
|
|
{ 60056, "unknown lookup group for next address" },
|
|
{ 60057, "error copying out NAT log flush results" },
|
|
{ 60058, "bucket table type is incorrect" },
|
|
{ 60059, "error copying out NAT bucket table" },
|
|
{ 60060, "function not found for lookup" },
|
|
{ 60061, "address family not supported with SIOCSTPUT" },
|
|
{ 60062, "unknown timeout name" },
|
|
{ 60063, "cannot allocate new inbound NAT entry table" },
|
|
{ 60064, "cannot allocate new outbound NAT entry table" },
|
|
{ 60065, "cannot allocate new inbound NAT bucketlen table" },
|
|
{ 60066, "cannot allocate new outbound NAT bucketlen table" },
|
|
{ 60067, "cannot allocate new NAT rules table" },
|
|
{ 60068, "cannot allocate new NAT hostmap table" },
|
|
{ 60069, "new source lookup type is not dstlist" },
|
|
{ 60070, "cannot allocate NAT rule scratch space" },
|
|
{ 60071, "new destination lookup type is not dstlist" },
|
|
{ 60072, "function not found for lookup (ipv6)" },
|
|
{ 60073, "unknown lookup group for next address (ipv6)" },
|
|
{ 60074, "unknown next address type (ipv6)" },
|
|
{ 60075, "one object at a time must be copied" },
|
|
/* -------------------------------------------------------------------------- */
|
|
{ 70001, "incorrect object size to get pool stats" },
|
|
{ 70002, "could not malloc memory for new pool node" },
|
|
{ 70003, "invalid address length for new pool node" },
|
|
{ 70004, "invalid mask length for new pool node" },
|
|
{ 70005, "error adding node to pool" },
|
|
{ 70006, "pool already exists" },
|
|
{ 70007, "could not malloc memory for new pool" },
|
|
{ 70008, "could not allocate radix tree for new pool" },
|
|
{ 70009, "could not find pool" },
|
|
{ 70010, "unknown pool name for iteration" },
|
|
{ 70011, "unknown pool iterator" },
|
|
{ 70012, "error copying out pool head" },
|
|
{ 70013, "error copying out pool node" },
|
|
{ 70014, "add node size incorrect" },
|
|
{ 70015, "error copying in pool node" },
|
|
{ 70016, "" },
|
|
{ 70017, "cannot find pool for node" },
|
|
{ 70018, "node entry already present in pool" },
|
|
{ 70019, "delete node size incorrect" },
|
|
{ 70020, "error copying in node to delete" },
|
|
{ 70021, "cannot find pool to delete node from" },
|
|
{ 70022, "cannot find node to delete in pool" },
|
|
{ 70023, "pool name already exists" },
|
|
{ 70024, "uid mismatch for node removal" },
|
|
{ 70025, "stats device unit is invalid" },
|
|
{ 70026, "error copying out statistics" },
|
|
{ 70027, "could not remove node from radix tree" },
|
|
{ 70028, "incorrect address length in pool node add" },
|
|
{ 70029, "incorrect mask length in pool node add" },
|
|
{ 70030, "incorrect address length in pool node remove" },
|
|
{ 70031, "incorrect mask length in pool node remove" },
|
|
{ 70032, "cannot allocate memory for pool context" },
|
|
{ 70033, "cannot allocate memory for radix tree context" },
|
|
{ 70034, "adding IPv6 node with incorrect address length" },
|
|
{ 70035, "IPv4 address not masked" },
|
|
{ 70036, "IPv6 address not masked" },
|
|
{ 70037, "removing IPv6 node with incorrect address length" },
|
|
/* -------------------------------------------------------------------------- */
|
|
{ 80001, "could not find proxy" },
|
|
{ 80002, "proxy does not support control operations" },
|
|
{ 80003, "could not allocate data to hold proxy operation" },
|
|
{ 80004, "unknown proxy ioctl" },
|
|
{ 80005, "could not copyin proxy control structure" },
|
|
{ 80006, "DNS proxy could not find rule to delete" },
|
|
{ 80007, "DNS proxy found existing matching rule" },
|
|
{ 80008, "DNS proxy could not allocate memory for new rule" },
|
|
{ 80009, "DNS proxy unknown command request" },
|
|
/* -------------------------------------------------------------------------- */
|
|
{ 90001, "could not malloc space for new scan structure" },
|
|
{ 90002, "scan tag already exists" },
|
|
{ 90003, "scan structure in use" },
|
|
{ 90004, "could not find matching scan tag for filter rule" },
|
|
{ 90005, "could not copyout scan statistics" },
|
|
/* -------------------------------------------------------------------------- */
|
|
{ 100001, "cannot find matching state entry to remove" },
|
|
{ 100002, "error copying in v4 state flush command" },
|
|
{ 100003, "error copying out v4 state flush results" },
|
|
{ 100004, "error copying in v6 state flush command" },
|
|
{ 100005, "error copying out v6 state flush results" },
|
|
{ 100006, "" },
|
|
{ 100007, "" },
|
|
{ 100008, "need write permissions to flush state log" },
|
|
{ 100009, "erorr copyout results of flushing state log" },
|
|
{ 100010, "need write permissions to turn state logging on/off" },
|
|
{ 100011, "error copying in new state logging state" },
|
|
{ 100012, "error copying out current state logging state" },
|
|
{ 100013, "error copying out bytes waiting to be read in state \
|
|
log" },
|
|
{ 100014, "need write permissions to set state lock" },
|
|
{ 100015, "need write permissions to add entry to state table" },
|
|
{ 100016, "state not locked for size retrieval" },
|
|
{ 100017, "error copying out hash table bucket lengths" },
|
|
{ 100018, "could not find token for state iterator" },
|
|
{ 100019, "error copying in state token data for deletion" },
|
|
{ 100020, "unknown state ioctl" },
|
|
{ 100021, "no state table entries present" },
|
|
{ 100022, "state entry to get next from not found" },
|
|
{ 100023, "could not malloc memory for state entry" },
|
|
{ 100024, "could not malloc memory for state entry rule" },
|
|
{ 100025, "could not copy back state entry to user space" },
|
|
{ 100026, "iterator data supplied with NULL pointer" },
|
|
{ 100027, "iterator supplied with 0 item count" },
|
|
{ 100028, "iterator type is incorrect" },
|
|
{ 100029, "invalid state token data pointer supplied" },
|
|
{ 100030, "error copying out next state entry" },
|
|
{ 100031, "unrecognised table request" },
|
|
{ 100032, "error copying out bucket length data" },
|
|
{ 100033, "could not find existing filter rule for state entry" },
|
|
{ 100034, "could not find timeout name" },
|
|
{ 100035, "could not allocate new state table" },
|
|
{ 100036, "could not allocate new state bucket length table" },
|
|
/* -------------------------------------------------------------------------- */
|
|
{ 110001, "sync write header magic number is incorrect" },
|
|
{ 110002, "sync write header protocol is incorrect" },
|
|
{ 110003, "sync write header command is incorrect" },
|
|
{ 110004, "sync write header table number is incorrect" },
|
|
{ 110005, "data structure too small for sync write operation" },
|
|
{ 110006, "zero length data with sync write header" },
|
|
{ 110007, "insufficient data for sync write" },
|
|
{ 110008, "bad sync read size" },
|
|
{ 110009, "interrupted sync read (solaris)" },
|
|
{ 110010, "interrupted sync read (hpux)" },
|
|
{ 110011, "interrupted sync read (osf)" },
|
|
{ 110012, "interrupted sync read" },
|
|
{ 110013, "could not malloc memory for sync'd state" },
|
|
{ 110014, "could not malloc memory for sync-state list item" },
|
|
{ 110015, "sync update could not find state" },
|
|
{ 110016, "unrecognised sync state command" },
|
|
{ 110017, "could not malloc memory for new sync'd NAT entry" },
|
|
{ 110018, "could not malloc memory for sync-NAT list item" },
|
|
{ 110019, "sync update could not find NAT entry" },
|
|
{ 110020, "unrecognised sync NAT command" },
|
|
{ 110021, "ioctls are not handled with sync" },
|
|
/* -------------------------------------------------------------------------- */
|
|
{ 120001, "null data pointer for iterator" },
|
|
{ 120002, "unit outside of acceptable range" },
|
|
{ 120003, "unknown iterator subtype" },
|
|
{ 120004, "cannot find dest. list for iteration" },
|
|
{ 120005, "error copying out destination iteration list" },
|
|
{ 120006, "error copying out destination iteration node" },
|
|
{ 120007, "wrong size for frdest_t structure" },
|
|
{ 120008, "cannot allocate memory for new destination node" },
|
|
{ 120009, "error copying in destination node to add" },
|
|
{ 120010, "could not find destination list to add node to" },
|
|
{ 120011, "error copying in destination node to remove" },
|
|
{ 120012, "could not find dest. list to remove node from" },
|
|
{ 120013, "destination list already exists" },
|
|
{ 120014, "could not allocate new destination table" },
|
|
{ 120015, "could not find destination list to remove" },
|
|
{ 120016, "destination list cannot be removed - it is busy" },
|
|
{ 120017, "error copying in names for destination" },
|
|
{ 120018, "destination name is too long/short" },
|
|
{ 120019, "unrecognised address family in destination" },
|
|
{ 120020, "" },
|
|
{ 120021, "error copying in new destination table" },
|
|
{ 120022, "cannot allocate memory for node table" },
|
|
{ 120023, "stats object size is incorrect for dest. lists" },
|
|
{ 120024, "stats device unit is invalid for dest. lists" },
|
|
{ 120025, "error copying out dest. list statistics" },
|
|
{ 120026, "cannot allocate memory for destination node" },
|
|
{ 120027, "error copying in destination node" },
|
|
{ 120028, "cannot allocate memory for destination context " },
|
|
/* -------------------------------------------------------------------------- */
|
|
{ 130001, "ioctl denied by system security level" },
|
|
{ 130002, "ioctl operation on invalid minor device" },
|
|
{ 130003, "ioctl on device denied, ipfitler is disabled" },
|
|
{ 130004, "ioctl command not allowed when disabled" },
|
|
{ 130005, "ioctl denied due to insufficient authorisation" },
|
|
{ 130006, "cannot read while ipfilter is disabled" },
|
|
{ 130007, "read on minor device not supported" },
|
|
{ 130008, "cannot write while ipfilter is disabled" },
|
|
{ 130009, "write on minor device not supported" },
|
|
{ 130010, "poll on minor device is not supported" },
|
|
{ 130011, "error removing IPv4 filter hooks" },
|
|
{ 130012, "error removing IPv6 filter hooks" },
|
|
{ 130013, "attaching IPv4 hook failed" },
|
|
{ 130014, "attaching IPv6 hook failed" },
|
|
{ 130015, "ipf_init_all failed" },
|
|
{ 130016, "finding pfil head failed" },
|
|
{ 130017, "ipfilter is already initialised and running" },
|
|
};
|
|
|
|
|
|
static ipf_error_entry_t *
|
|
find_error(int errnum)
|
|
{
|
|
ipf_error_entry_t *ie;
|
|
|
|
int l = -1, r = IPF_NUM_ERRORS + 1, step;
|
|
step = (r - l) / 2;;
|
|
|
|
while (step != 0) {
|
|
ie = ipf_errors + l + step;
|
|
if (ie->iee_number == errnum)
|
|
return (ie);
|
|
step = l + step;
|
|
if (ie->iee_number > errnum)
|
|
r = step;
|
|
else
|
|
l = step;
|
|
step = (r - l) / 2;;
|
|
}
|
|
|
|
return (NULL);
|
|
}
|
|
|
|
char *
|
|
ipf_geterror(int fd, ioctlfunc_t *func)
|
|
{
|
|
static char text[80];
|
|
ipf_error_entry_t *ie;
|
|
int errnum;
|
|
|
|
if ((*func)(fd, SIOCIPFINTERROR, &errnum) == 0) {
|
|
|
|
ie = find_error(errnum);
|
|
if (ie != NULL)
|
|
return (ie->iee_text);
|
|
snprintf(text, sizeof(text), "unknown error %d", errnum);
|
|
} else {
|
|
snprintf(text, sizeof(text), "retrieving error number failed (%d)", errno);
|
|
}
|
|
return (text);
|
|
}
|
|
|
|
|
|
char *
|
|
ipf_strerror(int errnum)
|
|
{
|
|
static char text[80];
|
|
ipf_error_entry_t *ie;
|
|
|
|
|
|
ie = find_error(errnum);
|
|
if (ie != NULL)
|
|
return (ie->iee_text);
|
|
|
|
snprintf(text, sizeof(text), "unknown error %d", errnum);
|
|
return (text);
|
|
}
|