search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Expand PMF_FN_* macros.
[netbsd-mini2440.git] / dist / ipf / tools / ipnat.c
bloba01f0c04cf21c31a37dd9b3cff5143ab6f8309bf
1 /* $NetBSD$ */
2
3 /*
4 * Copyright (C) 2001-2006 by Darren Reed.
5 *
6 * See the IPFILTER.LICENCE file for details on licencing.
7 *
8 * Added redirect stuff and a variety of bug fixes. (mcn@EnGarde.com)
9 */
10 #include <stdio.h>
11 #include <string.h>
12 #include <fcntl.h>
13 #include <errno.h>
14 #include <sys/types.h>
15 #if !defined(__SVR4) && !defined(__svr4__)
16 #include <strings.h>
17 #else
18 #include <sys/byteorder.h>
19 #endif
20 #include <sys/time.h>
21 #include <sys/param.h>
22 #include <stdlib.h>
23 #include <unistd.h>
24 #include <stddef.h>
25 #include <sys/file.h>
26 #define _KERNEL
27 #include <sys/uio.h>
28 #undef _KERNEL
29 #include <sys/socket.h>
30 #include <sys/ioctl.h>
31 #if defined(sun) && (defined(__svr4__) || defined(__SVR4))
32 # include <sys/ioccom.h>
33 # include <sys/sysmacros.h>
34 #endif
35 #include <netinet/in.h>
36 #include <netinet/in_systm.h>
37 #include <netinet/ip.h>
38 #include <netinet/tcp.h>
39 #include <net/if.h>
40 #if __FreeBSD_version >= 300000
41 # include <net/if_var.h>
42 #endif
43 #include <netdb.h>
44 #include <arpa/nameser.h>
45 #include <arpa/inet.h>
46 #include <resolv.h>
47 #include <ctype.h>
48 #if defined(linux)
49 # include <linux/a.out.h>
50 #else
51 # include <nlist.h>
52 #endif
53 #include "ipf.h"
54 #include "netinet/ipl.h"
55 #include "kmem.h"
56
57 #ifdef __hpux
58 # define nlist nlist64
59 #endif
60
61 #if defined(sun) && !SOLARIS2
62 # define STRERROR(x) sys_errlist[x]
63 extern char *sys_errlist[];
64 #else
65 # define STRERROR(x) strerror(x)
66 #endif
67
68 #if !defined(lint)
69 static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
70 static const char rcsid[] = "@(#)Id: ipnat.c,v 1.24.2.12 2008/11/06 21:18:20 darrenr Exp";
71 #endif
72
73
74 #if SOLARIS
75 #define bzero(a,b) memset(a,0,b)
76 #endif
77 int use_inet6 = 0;
78 char thishost[MAXHOSTNAMELEN];
79
80 extern char *optarg;
81
82 void dostats __P((int, natstat_t *, int, int));
83 void dotable __P((natstat_t *, int, int));
84 void flushtable __P((int, int));
85 void usage __P((char *));
86 int main __P((int, char*[]));
87 void showhostmap __P((natstat_t *nsp));
88 void natstat_dead __P((natstat_t *, char *));
89 void dostats_live __P((int, natstat_t *, int));
90 void showhostmap_dead __P((natstat_t *));
91 void showhostmap_live __P((int, natstat_t *));
92 void dostats_dead __P((natstat_t *, int));
93 void showtqtable_live __P((int));
94
95 int opts;
96
97 void usage(name)
98 char *name;
99 {
100 fprintf(stderr, "Usage: %s [-CFhlnrRsv] [-f filename]\n", name);
101 exit(1);
102 }
103
104
105 int main(argc, argv)
106 int argc;
107 char *argv[];
108 {
109 char *file, *core, *kernel;
110 natstat_t ns, *nsp;
111 int fd, c, mode;
112 ipfobj_t obj;
113
114 fd = -1;
115 opts = 0;
116 nsp = &ns;
117 file = NULL;
118 core = NULL;
119 kernel = NULL;
120 mode = O_RDWR;
121
122 while ((c = getopt(argc, argv, "CdFf:hlM:N:nrRsv")) != -1)
123 switch (c)
124 {
125 case 'C' :
126 opts |= OPT_CLEAR;
127 break;
128 case 'd' :
129 opts |= OPT_DEBUG;
130 break;
131 case 'f' :
132 file = optarg;
133 break;
134 case 'F' :
135 opts |= OPT_FLUSH;
136 break;
137 case 'h' :
138 opts |=OPT_HITS;
139 break;
140 case 'l' :
141 opts |= OPT_LIST;
142 mode = O_RDONLY;
143 break;
144 case 'M' :
145 core = optarg;
146 break;
147 case 'N' :
148 kernel = optarg;
149 break;
150 case 'n' :
151 opts |= OPT_DONOTHING;
152 mode = O_RDONLY;
153 break;
154 case 'R' :
155 opts |= OPT_NORESOLVE;
156 break;
157 case 'r' :
158 opts |= OPT_REMOVE;
159 break;
160 case 's' :
161 opts |= OPT_STAT;
162 mode = O_RDONLY;
163 break;
164 case 'v' :
165 opts |= OPT_VERBOSE;
166 break;
167 default :
168 usage(argv[0]);
169 }
170
171 initparse();
172
173 if ((kernel != NULL) || (core != NULL)) {
174 (void) setgid(getgid());
175 (void) setuid(getuid());
176 }
177
178 if (!(opts & OPT_DONOTHING)) {
179 if (((fd = open(IPNAT_NAME, mode)) == -1) &&
180 ((fd = open(IPNAT_NAME, O_RDONLY)) == -1)) {
181 (void) fprintf(stderr, "%s: open: %s\n", IPNAT_NAME,
182 STRERROR(errno));
183 exit(1);
184 }
185 }
186
187 bzero((char *)&ns, sizeof(ns));
188
189 if ((opts & OPT_DONOTHING) == 0) {
190 if (checkrev(IPL_NAME) == -1) {
191 fprintf(stderr, "User/kernel version check failed\n");
192 exit(1);
193 }
194 }
195
196 if (!(opts & OPT_DONOTHING) && (kernel == NULL) && (core == NULL)) {
197 bzero((char *)&obj, sizeof(obj));
198 obj.ipfo_rev = IPFILTER_VERSION;
199 obj.ipfo_type = IPFOBJ_NATSTAT;
200 obj.ipfo_size = sizeof(*nsp);
201 obj.ipfo_ptr = (void *)nsp;
202 if (ioctl(fd, SIOCGNATS, &obj) == -1) {
203 perror("ioctl(SIOCGNATS)");
204 exit(1);
205 }
206 (void) setgid(getgid());
207 (void) setuid(getuid());
208 } else if ((kernel != NULL) || (core != NULL)) {
209 if (openkmem(kernel, core) == -1)
210 exit(1);
211
212 natstat_dead(nsp, kernel);
213 if (opts & (OPT_LIST|OPT_STAT))
214 dostats(fd, nsp, opts, 0);
215 exit(0);
216 }
217
218 if (opts & (OPT_FLUSH|OPT_CLEAR))
219 flushtable(fd, opts);
220 if (file) {
221 ipnat_parsefile(fd, ipnat_addrule, ioctl, file);
222 }
223 if (opts & (OPT_LIST|OPT_STAT))
224 dostats(fd, nsp, opts, 1);
225 return 0;
226 }
227
228
229 /*
230 * Read NAT statistic information in using a symbol table and memory file
231 * rather than doing ioctl's.
232 */
233 void natstat_dead(nsp, kernel)
234 natstat_t *nsp;
235 char *kernel;
236 {
237 struct nlist nat_nlist[10] = {
238 { "nat_table" }, /* 0 */
239 { "nat_list" },
240 { "maptable" },
241 { "ipf_nattable_sz" },
242 { "ipf_natrules_sz" },
243 { "ipf_rdrrules_sz" }, /* 5 */
244 { "ipf_hostmap_sz" },
245 { "nat_instances" },
246 { "ap_sess_list" },
247 { NULL }
248 };
249 void *tables[2];
250
251 if (nlist(kernel, nat_nlist) == -1) {
252 fprintf(stderr, "nlist error\n");
253 return;
254 }
255
256 /*
257 * Normally the ioctl copies all of these values into the structure
258 * for us, before returning it to userland, so here we must copy each
259 * one in individually.
260 */
261 kmemcpy((char *)&tables, nat_nlist[0].n_value, sizeof(tables));
262 nsp->ns_table[0] = tables[0];
263 nsp->ns_table[1] = tables[1];
264
265 kmemcpy((char *)&nsp->ns_list, nat_nlist[1].n_value,
266 sizeof(nsp->ns_list));
267 kmemcpy((char *)&nsp->ns_maptable, nat_nlist[2].n_value,
268 sizeof(nsp->ns_maptable));
269 kmemcpy((char *)&nsp->ns_nattab_sz, nat_nlist[3].n_value,
270 sizeof(nsp->ns_nattab_sz));
271 kmemcpy((char *)&nsp->ns_rultab_sz, nat_nlist[4].n_value,
272 sizeof(nsp->ns_rultab_sz));
273 kmemcpy((char *)&nsp->ns_rdrtab_sz, nat_nlist[5].n_value,
274 sizeof(nsp->ns_rdrtab_sz));
275 kmemcpy((char *)&nsp->ns_hostmap_sz, nat_nlist[6].n_value,
276 sizeof(nsp->ns_hostmap_sz));
277 kmemcpy((char *)&nsp->ns_instances, nat_nlist[7].n_value,
278 sizeof(nsp->ns_instances));
279 kmemcpy((char *)&nsp->ns_apslist, nat_nlist[8].n_value,
280 sizeof(nsp->ns_apslist));
281 }
282
283
284 /*
285 * Issue an ioctl to flush either the NAT rules table or the active mapping
286 * table or both.
287 */
288 void flushtable(fd, opts)
289 int fd, opts;
290 {
291 int n = 0;
292
293 if (opts & OPT_FLUSH) {
294 n = 0;
295 if (!(opts & OPT_DONOTHING) && ioctl(fd, SIOCIPFFL, &n) == -1)
296 perror("ioctl(SIOCFLNAT)");
297 else
298 printf("%d entries flushed from NAT table\n", n);
299 }
300
301 if (opts & OPT_CLEAR) {
302 n = 1;
303 if (!(opts & OPT_DONOTHING) && ioctl(fd, SIOCIPFFL, &n) == -1)
304 perror("ioctl(SIOCCNATL)");
305 else
306 printf("%d entries flushed from NAT list\n", n);
307 }
308 }
309
310
311 /*
312 * Display NAT statistics.
313 */
314 void dostats_dead(nsp, opts)
315 natstat_t *nsp;
316 int opts;
317 {
318 nat_t *np, nat;
319 ipnat_t ipn;
320
321 printf("List of active MAP/Redirect filters:\n");
322 while (nsp->ns_list) {
323 if (kmemcpy((char *)&ipn, (long)nsp->ns_list,
324 sizeof(ipn))) {
325 perror("kmemcpy");
326 break;
327 }
328 if (opts & OPT_HITS)
329 printf("%lu ", ipn.in_hits);
330 printnat(&ipn, opts & (OPT_DEBUG|OPT_VERBOSE));
331 nsp->ns_list = ipn.in_next;
332 }
333
334 printf("\nList of active sessions:\n");
335
336 for (np = nsp->ns_instances; np; np = nat.nat_next) {
337 if (kmemcpy((char *)&nat, (long)np, sizeof(nat)))
338 break;
339 printactivenat(&nat, opts, 0, nsp->ns_ticks);
340 if (nat.nat_aps)
341 printaps(nat.nat_aps, opts);
342 }
343
344 if (opts & OPT_VERBOSE)
345 showhostmap_dead(nsp);
346 }
347
348
349 void dostats(fd, nsp, opts, alive)
350 natstat_t *nsp;
351 int fd, opts, alive;
352 {
353 /*
354 * Show statistics ?
355 */
356 if (opts & OPT_STAT) {
357 printf("mapped\tin\t%lu\tout\t%lu\n",
358 nsp->ns_mapped[0], nsp->ns_mapped[1]);
359 printf("added\t%lu\texpired\t%lu\n",
360 nsp->ns_added, nsp->ns_expire);
361 printf("no memory\t%lu\tbad nat\t%lu\n",
362 nsp->ns_memfail, nsp->ns_badnat);
363 printf("inuse\t%lu\norphans\t%u\nrules\t%lu\n",
364 nsp->ns_inuse, nsp->ns_orphans, nsp->ns_rules);
365 printf("in-uncreates succeed\t%lu\tfailed\t%lu\n",
366 nsp->ns_uncreate[0][0], nsp->ns_uncreate[0][1]);
367 printf("out-uncreates succeed\t%lu\tfailed\t%lu\n",
368 nsp->ns_uncreate[1][0], nsp->ns_uncreate[1][1]);
369 printf("wilds\t%u\n", nsp->ns_wilds);
370 dotable(nsp, fd, alive);
371 if (opts & OPT_VERBOSE)
372 printf("table %p list %p\n",
373 nsp->ns_table, nsp->ns_list);
374 if (alive)
375 showtqtable_live(fd);
376 }
377
378 if (opts & OPT_LIST) {
379 if (alive)
380 dostats_live(fd, nsp, opts);
381 else
382 dostats_dead(nsp, opts);
383 }
384 }
385
386
387 void dotable(nsp, fd, alive)
388 natstat_t *nsp;
389 int fd, alive;
390 {
391 int sz, i, used, totallen, maxlen, minlen;
392 ipftable_t table;
393 u_long *buckets;
394 ipfobj_t obj;
395
396 sz = sizeof(*buckets) * nsp->ns_nattab_sz;
397 buckets = (u_long *)malloc(sz);
398
399 obj.ipfo_rev = IPFILTER_VERSION;
400 obj.ipfo_type = IPFOBJ_GTABLE;
401 obj.ipfo_size = sizeof(table);
402 obj.ipfo_ptr = &table;
403
404 table.ita_type = IPFTABLE_BUCKETS_NATIN;
405 table.ita_table = buckets;
406
407 if (alive) {
408 if (ioctl(fd, SIOCGTABL, &obj) != 0) {
409 free(buckets);
410 return;
411 }
412 } else {
413 if (kmemcpy((char *)buckets, (u_long)nsp->ns_nattab_sz, sz)) {
414 free(buckets);
415 return;
416 }
417 }
418
419 totallen = 0;
420 maxlen = 0;
421 minlen = nsp->ns_inuse;
422 used = 0;
423
424 for (i = 0; i < nsp->ns_nattab_sz; i++) {
425 if (buckets[i] > maxlen)
426 maxlen = buckets[i];
427 if (buckets[i] < minlen)
428 minlen = buckets[i];
429 if (buckets[i] != 0)
430 used++;
431 totallen += buckets[i];
432 }
433
434 printf("hash efficiency\t%2.2f%%\n",
435 totallen ? ((float)used / totallen) * 100.0 : 0.0);
436 printf("bucket usage\t%2.2f%%\n",
437 ((float)used / nsp->ns_nattab_sz) * 100.0);
438 printf("minimal length\t%d\n", minlen);
439 printf("maximal length\t%d\n", maxlen);
440 printf("average length\t%.3f\n", used ? (float)totallen / used : 0.0);
441 }
442
443
444 /*
445 * Display NAT statistics.
446 */
447 void dostats_live(fd, nsp, opts)
448 natstat_t *nsp;
449 int fd, opts;
450 {
451 ipfgeniter_t iter;
452 ipfobj_t obj;
453 ipnat_t ipn;
454 nat_t nat;
455
456 bzero((char *)&obj, sizeof(obj));
457 obj.ipfo_rev = IPFILTER_VERSION;
458 obj.ipfo_type = IPFOBJ_GENITER;
459 obj.ipfo_size = sizeof(iter);
460 obj.ipfo_ptr = &iter;
461
462 iter.igi_type = IPFGENITER_IPNAT;
463 iter.igi_nitems = 1;
464 iter.igi_data = &ipn;
465
466 /*
467 * Show list of NAT rules and NAT sessions ?
468 */
469 printf("List of active MAP/Redirect filters:\n");
470 while (nsp->ns_list) {
471 if (ioctl(fd, SIOCGENITER, &obj) == -1)
472 break;
473 if (opts & OPT_HITS)
474 printf("%lu ", ipn.in_hits);
475 printnat(&ipn, opts & (OPT_DEBUG|OPT_VERBOSE));
476 nsp->ns_list = ipn.in_next;
477 }
478
479 printf("\nList of active sessions:\n");
480
481 iter.igi_type = IPFGENITER_NAT;
482 iter.igi_nitems = 1;
483 iter.igi_data = &nat;
484
485 while (nsp->ns_instances != NULL) {
486 if (ioctl(fd, SIOCGENITER, &obj) == -1)
487 break;
488 printactivenat(&nat, opts, 1, nsp->ns_ticks);
489 if (nat.nat_aps)
490 printaps(nat.nat_aps, opts);
491 nsp->ns_instances = nat.nat_next;
492 }
493
494 if (opts & OPT_VERBOSE)
495 showhostmap_live(fd, nsp);
496 }
497
498
499 /*
500 * Display the active host mapping table.
501 */
502 void showhostmap_dead(nsp)
503 natstat_t *nsp;
504 {
505 hostmap_t hm, *hmp, **maptable;
506 u_int hv;
507
508 printf("\nList of active host mappings:\n");
509
510 maptable = (hostmap_t **)malloc(sizeof(hostmap_t *) *
511 nsp->ns_hostmap_sz);
512 if (kmemcpy((char *)maptable, (u_long)nsp->ns_maptable,
513 sizeof(hostmap_t *) * nsp->ns_hostmap_sz)) {
514 perror("kmemcpy (maptable)");
515 return;
516 }
517
518 for (hv = 0; hv < nsp->ns_hostmap_sz; hv++) {
519 hmp = maptable[hv];
520
521 while (hmp) {
522 if (kmemcpy((char *)&hm, (u_long)hmp, sizeof(hm))) {
523 perror("kmemcpy (hostmap)");
524 return;
525 }
526
527 printhostmap(&hm, hv);
528 hmp = hm.hm_next;
529 }
530 }
531 free(maptable);
532 }
533
534
535 /*
536 * Display the active host mapping table.
537 */
538 void showhostmap_live(fd, nsp)
539 int fd;
540 natstat_t *nsp;
541 {
542 ipfgeniter_t iter;
543 hostmap_t hm;
544 ipfobj_t obj;
545
546 bzero((char *)&obj, sizeof(obj));
547 obj.ipfo_rev = IPFILTER_VERSION;
548 obj.ipfo_type = IPFOBJ_GENITER;
549 obj.ipfo_size = sizeof(iter);
550 obj.ipfo_ptr = &iter;
551
552 iter.igi_type = IPFGENITER_HOSTMAP;
553 iter.igi_nitems = 1;
554 iter.igi_data = &hm;
555
556 printf("\nList of active host mappings:\n");
557
558 while (nsp->ns_maplist != NULL) {
559 if (ioctl(fd, SIOCGENITER, &obj) == -1)
560 break;
561 printhostmap(&hm, 0);
562 nsp->ns_maplist = hm.hm_next;
563 }
564 }
565
566
567 void showtqtable_live(fd)
568 int fd;
569 {
570 ipftq_t table[IPF_TCP_NSTATES];
571 ipfobj_t obj;
572
573 bzero((char *)&obj, sizeof(obj));
574 obj.ipfo_rev = IPFILTER_VERSION;
575 obj.ipfo_size = sizeof(table);
576 obj.ipfo_ptr = (void *)table;
577 obj.ipfo_type = IPFOBJ_STATETQTAB;
578
579 if (ioctl(fd, SIOCGTQTAB, &obj) == 0) {
580 printtqtable(table);
581 }
582 }
NetBSD on the FriendlyARM MINI2440