216 lines
6.1 KiB
C

/*
* Copyright (c) 2003 Ryan McBride. All rights reserved.
* Copyright (c) 2004 Max Laier. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD$
*/
#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <net/if.h>
#include <netinet/in.h>
#include <net/pfvar.h>
#include <net/if_pfsync.h>
#include <net/route.h>
#include <arpa/inet.h>
#include <err.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "ifconfig.h"
void setpfsync_syncdev(const char *, int, int, const struct afswtch *);
void unsetpfsync_syncdev(const char *, int, int, const struct afswtch *);
void setpfsync_syncpeer(const char *, int, int, const struct afswtch *);
void unsetpfsync_syncpeer(const char *, int, int, const struct afswtch *);
void setpfsync_syncpeer(const char *, int, int, const struct afswtch *);
void setpfsync_maxupd(const char *, int, int, const struct afswtch *);
void pfsync_status(int);
void
setpfsync_syncdev(const char *val, int d, int s, const struct afswtch *rafp)
{
struct pfsyncreq preq;
bzero((char *)&preq, sizeof(struct pfsyncreq));
ifr.ifr_data = (caddr_t)&preq;
if (ioctl(s, SIOCGETPFSYNC, (caddr_t)&ifr) == -1)
err(1, "SIOCGETPFSYNC");
strlcpy(preq.pfsyncr_syncdev, val, sizeof(preq.pfsyncr_syncdev));
if (ioctl(s, SIOCSETPFSYNC, (caddr_t)&ifr) == -1)
err(1, "SIOCSETPFSYNC");
}
/* ARGSUSED */
void
unsetpfsync_syncdev(const char *val, int d, int s, const struct afswtch *rafp)
{
struct pfsyncreq preq;
bzero((char *)&preq, sizeof(struct pfsyncreq));
ifr.ifr_data = (caddr_t)&preq;
if (ioctl(s, SIOCGETPFSYNC, (caddr_t)&ifr) == -1)
err(1, "SIOCGETPFSYNC");
bzero((char *)&preq.pfsyncr_syncdev, sizeof(preq.pfsyncr_syncdev));
if (ioctl(s, SIOCSETPFSYNC, (caddr_t)&ifr) == -1)
err(1, "SIOCSETPFSYNC");
}
/* ARGSUSED */
void
setpfsync_syncpeer(const char *val, int d, int s, const struct afswtch *rafp)
{
struct pfsyncreq preq;
struct addrinfo hints, *peerres;
int ecode;
bzero((char *)&preq, sizeof(struct pfsyncreq));
ifr.ifr_data = (caddr_t)&preq;
if (ioctl(s, SIOCGETPFSYNC, (caddr_t)&ifr) == -1)
err(1, "SIOCGETPFSYNC");
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_DGRAM; /*dummy*/
if ((ecode = getaddrinfo(val, NULL, &hints, &peerres)) != 0)
errx(1, "error in parsing address string: %s",
gai_strerror(ecode));
if (peerres->ai_addr->sa_family != AF_INET)
errx(1, "only IPv4 addresses supported for the syncpeer");
preq.pfsyncr_syncpeer.s_addr = ((struct sockaddr_in *)
peerres->ai_addr)->sin_addr.s_addr;
if (ioctl(s, SIOCSETPFSYNC, (caddr_t)&ifr) == -1)
err(1, "SIOCSETPFSYNC");
}
/* ARGSUSED */
void
unsetpfsync_syncpeer(const char *val, int d, int s, const struct afswtch *rafp)
{
struct pfsyncreq preq;
bzero((char *)&preq, sizeof(struct pfsyncreq));
ifr.ifr_data = (caddr_t)&preq;
if (ioctl(s, SIOCGETPFSYNC, (caddr_t)&ifr) == -1)
err(1, "SIOCGETPFSYNC");
preq.pfsyncr_syncpeer.s_addr = 0;
if (ioctl(s, SIOCSETPFSYNC, (caddr_t)&ifr) == -1)
err(1, "SIOCSETPFSYNC");
}
/* ARGSUSED */
void
setpfsync_maxupd(const char *val, int d, int s, const struct afswtch *rafp)
{
struct pfsyncreq preq;
int maxupdates;
maxupdates = atoi(val);
if ((maxupdates < 0) || (maxupdates > 255))
errx(1, "maxupd %s: out of range", val);
memset((char *)&preq, 0, sizeof(struct pfsyncreq));
ifr.ifr_data = (caddr_t)&preq;
if (ioctl(s, SIOCGETPFSYNC, (caddr_t)&ifr) == -1)
err(1, "SIOCGETPFSYNC");
preq.pfsyncr_maxupdates = maxupdates;
if (ioctl(s, SIOCSETPFSYNC, (caddr_t)&ifr) == -1)
err(1, "SIOCSETPFSYNC");
}
void
pfsync_status(int s)
{
struct pfsyncreq preq;
bzero((char *)&preq, sizeof(struct pfsyncreq));
ifr.ifr_data = (caddr_t)&preq;
if (ioctl(s, SIOCGETPFSYNC, (caddr_t)&ifr) == -1)
return;
if (preq.pfsyncr_syncdev[0] != '\0' ||
preq.pfsyncr_syncpeer.s_addr != INADDR_PFSYNC_GROUP)
printf("\t");
if (preq.pfsyncr_syncdev[0] != '\0')
printf("pfsync: syncdev: %s ", preq.pfsyncr_syncdev);
if (preq.pfsyncr_syncpeer.s_addr != INADDR_PFSYNC_GROUP)
printf("syncpeer: %s ", inet_ntoa(preq.pfsyncr_syncpeer));
if (preq.pfsyncr_syncdev[0] != '\0' ||
preq.pfsyncr_syncpeer.s_addr != INADDR_PFSYNC_GROUP)
printf("maxupd: %d\n", preq.pfsyncr_maxupdates);
}
static struct cmd pfsync_cmds[] = {
DEF_CMD_ARG("syncdev", setpfsync_syncdev),
DEF_CMD("-syncdev", 1, unsetpfsync_syncdev),
DEF_CMD_ARG("syncif", setpfsync_syncdev),
DEF_CMD("-syncif", 1, unsetpfsync_syncdev),
DEF_CMD_ARG("syncpeer", setpfsync_syncpeer),
DEF_CMD("-syncpeer", 1, unsetpfsync_syncpeer),
DEF_CMD_ARG("maxupd", setpfsync_maxupd)
};
static struct afswtch af_pfsync = {
.af_name = "af_pfsync",
.af_af = AF_UNSPEC,
.af_other_status = pfsync_status,
};
static __constructor void
pfsync_ctor(void)
{
#define N(a) (sizeof(a) / sizeof(a[0]))
int i;
for (i = 0; i < N(pfsync_cmds); i++)
cmd_register(&pfsync_cmds[i]);
af_register(&af_pfsync);
#undef N
}