search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
add UNLEASHED_OBJ to unleashed.mk
[unleashed/tickless.git] / usr / src / cmd / ipf / tools / ipnat.c
blob28657ebadb64ad563d1bd663cf8156e5016fb41c
1 /*
2 * Copyright (C) 1993-2001 by Darren Reed.
3 *
4 * See the IPFILTER.LICENCE file for details on licencing.
5 *
6 * Added redirect stuff and a variety of bug fixes. (mcn@EnGarde.com)
7 *
8 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
9 * Use is subject to license terms.
10 *
11 * Copyright (c) 2014, Joyent, Inc. All rights reserved.
12 */
13
14 #include <stdio.h>
15 #include <string.h>
16 #include <fcntl.h>
17 #include <errno.h>
18 #include <sys/types.h>
19 #if !defined(__SVR4) && !defined(__svr4__)
20 #include <strings.h>
21 #else
22 #include <sys/byteorder.h>
23 #endif
24 #include <sys/time.h>
25 #include <sys/param.h>
26 #include <stdlib.h>
27 #include <unistd.h>
28 #include <stddef.h>
29 #include <sys/file.h>
30 #define _KERNEL
31 #include <sys/uio.h>
32 #undef _KERNEL
33 #include <sys/socket.h>
34 #include <sys/ioctl.h>
35 #if defined(sun) && (defined(__svr4__) || defined(__SVR4))
36 # include <sys/ioccom.h>
37 # include <sys/sysmacros.h>
38 #endif
39 #include <netinet/in.h>
40 #include <netinet/in_systm.h>
41 #include <netinet/ip.h>
42 #include <netinet/tcp.h>
43 #include <net/if.h>
44 #if __FreeBSD_version >= 300000
45 # include <net/if_var.h>
46 #endif
47 #include <netdb.h>
48 #include <arpa/nameser.h>
49 #include <arpa/inet.h>
50 #include <resolv.h>
51 #include <ctype.h>
52 #if defined(linux)
53 # include <linux/a.out.h>
54 #else
55 # include <nlist.h>
56 #endif
57 #include "ipf.h"
58 #include "netinet/ipl.h"
59 #include "kmem.h"
60 #include "ipfzone.h"
61
62 #ifdef __hpux
63 # define nlist nlist64
64 #endif
65
66 #if defined(sun) && !SOLARIS2
67 # define STRERROR(x) sys_errlist[x]
68 extern char *sys_errlist[];
69 #else
70 # define STRERROR(x) strerror(x)
71 #endif
72
73 static const char sccsid[] ="@(#)ipnat.c 1.9 6/5/96 (C) 1993 Darren Reed";
74 static const char rcsid[] = "@(#)$Id: ipnat.c,v 1.24.2.2 2005/05/10 21:19:30 darrenr Exp $";
75
76
77 #ifdef SOLARIS
78 #define bzero(a,b) memset(a,0,b)
79 #endif
80 int use_inet6 = 0;
81 char thishost[MAXHOSTNAMELEN];
82
83 extern char *optarg;
84
85 void dostats __P((int, natstat_t *, int, int));
86 void flushtable __P((int, int));
87 void usage __P((char *));
88 int main __P((int, char*[]));
89 void showhostmap __P((natstat_t *nsp));
90 void natstat_dead __P((natstat_t *, char *));
91 void dostats_live __P((int, natstat_t *, int));
92 void showhostmap_live __P((int, natstat_t *));
93
94 int opts;
95
96 void usage(name)
97 char *name;
98 {
99 fprintf(stderr, "Usage: %s [-CdFhlnrRsv] [-f filename]", name);
100 fprintf(stderr, " [-G|-z zonename]\n");
101 exit(1);
102 }
103
104
105 int main(argc, argv)
106 int argc;
107 char *argv[];
108 {
109 char *file, *core, *kernel;
110 natstat_t ns, *nsp;
111 int fd, c, mode;
112 ipfobj_t obj;
113
114 fd = -1;
115 opts = 0;
116 nsp = &ns;
117 file = NULL;
118 core = NULL;
119 kernel = NULL;
120 mode = O_RDWR;
121
122 while ((c = getopt(argc, argv, "CdFf:G:hlM:N:nrRsvz:")) != -1)
123 switch (c)
124 {
125 case 'C' :
126 opts |= OPT_CLEAR;
127 break;
128 case 'd' :
129 opts |= OPT_DEBUG;
130 break;
131 case 'f' :
132 file = optarg;
133 break;
134 case 'F' :
135 opts |= OPT_FLUSH;
136 break;
137 case 'G' :
138 setzonename_global(optarg);
139 break;
140 case 'h' :
141 opts |=OPT_HITS;
142 break;
143 case 'l' :
144 opts |= OPT_LIST;
145 mode = O_RDONLY;
146 break;
147 case 'M' :
148 core = optarg;
149 break;
150 case 'N' :
151 kernel = optarg;
152 break;
153 case 'n' :
154 opts |= OPT_DONOTHING;
155 mode = O_RDONLY;
156 break;
157 case 'R' :
158 opts |= OPT_NORESOLVE;
159 break;
160 case 'r' :
161 opts |= OPT_REMOVE;
162 break;
163 case 's' :
164 opts |= OPT_STAT;
165 mode = O_RDONLY;
166 break;
167 case 'v' :
168 opts |= OPT_VERBOSE;
169 break;
170 case 'z' :
171 setzonename(optarg);
172 break;
173 default :
174 usage(argv[0]);
175 }
176
177 initparse();
178
179 if ((kernel != NULL) || (core != NULL)) {
180 (void) setgid(getgid());
181 (void) setreuid(getuid(), getuid());
182 }
183
184 bzero((char *)&ns, sizeof(ns));
185
186 if ((opts & OPT_DONOTHING) == 0) {
187 if (checkrev(IPL_NAME) == -1) {
188 fprintf(stderr, "User/kernel version check failed\n");
189 exit(1);
190 }
191 }
192
193
194 if (!(opts & OPT_DONOTHING) && (kernel == NULL) && (core == NULL)) {
195 #ifdef notdef
196 if (openkmem(kernel, core) == -1)
197 exit(1);
198 #endif
199 if (((fd = open(IPNAT_NAME, mode)) == -1) &&
200 ((fd = open(IPNAT_NAME, O_RDONLY)) == -1)) {
201 (void) fprintf(stderr, "%s: open: %s\n", IPNAT_NAME,
202 STRERROR(errno));
203 exit(1);
204 }
205
206 if (setzone(fd) != 0) {
207 close(fd);
208 exit(1);
209 }
210
211 bzero((char *)&obj, sizeof(obj));
212 obj.ipfo_rev = IPFILTER_VERSION;
213 obj.ipfo_size = sizeof(*nsp);
214 obj.ipfo_type = IPFOBJ_NATSTAT;
215 obj.ipfo_ptr = (void *)nsp;
216 if (ioctl(fd, SIOCGNATS, &obj) == -1) {
217 perror("ioctl(SIOCGNATS)");
218 exit(1);
219 }
220 (void) setgid(getgid());
221 (void) setreuid(getuid(), getuid());
222 } else if ((kernel != NULL) || (core != NULL)) {
223 if (openkmem(kernel, core) == -1)
224 exit(1);
225
226 natstat_dead(nsp, kernel);
227 if (opts & (OPT_LIST|OPT_STAT))
228 dostats(fd, nsp, opts, 0);
229 exit(0);
230 }
231
232 if (opts & (OPT_FLUSH|OPT_CLEAR))
233 flushtable(fd, opts);
234 if (file) {
235 ipnat_parsefile(fd, ipnat_addrule, ioctl, file);
236 }
237 if (opts & (OPT_LIST|OPT_STAT))
238 dostats(fd, nsp, opts, 1);
239 return 0;
240 }
241
242
243 /*
244 * Read NAT statistic information in using a symbol table and memory file
245 * rather than doing ioctl's.
246 */
247 void natstat_dead(nsp, kernel)
248 natstat_t *nsp;
249 char *kernel;
250 {
251 struct nlist nat_nlist[10] = {
252 { "nat_table" }, /* 0 */
253 { "nat_list" },
254 { "maptable" },
255 { "ipf_nattable_sz" },
256 { "ipf_natrules_sz" },
257 { "ipf_rdrrules_sz" }, /* 5 */
258 { "ipf_hostmap_sz" },
259 { "nat_instances" },
260 { "ap_sess_list" },
261 { NULL }
262 };
263 void *tables[2];
264
265 if (nlist(kernel, nat_nlist) == -1) {
266 fprintf(stderr, "nlist error\n");
267 return;
268 }
269
270 /*
271 * Normally the ioctl copies all of these values into the structure
272 * for us, before returning it to userland, so here we must copy each
273 * one in individually.
274 */
275 kmemcpy((char *)&tables, nat_nlist[0].n_value, sizeof(tables));
276 nsp->ns_table[0] = tables[0];
277 nsp->ns_table[1] = tables[1];
278
279 kmemcpy((char *)&nsp->ns_list, nat_nlist[1].n_value,
280 sizeof(nsp->ns_list));
281 kmemcpy((char *)&nsp->ns_maptable, nat_nlist[2].n_value,
282 sizeof(nsp->ns_maptable));
283 kmemcpy((char *)&nsp->ns_nattab_sz, nat_nlist[3].n_value,
284 sizeof(nsp->ns_nattab_sz));
285 kmemcpy((char *)&nsp->ns_rultab_sz, nat_nlist[4].n_value,
286 sizeof(nsp->ns_rultab_sz));
287 kmemcpy((char *)&nsp->ns_rdrtab_sz, nat_nlist[5].n_value,
288 sizeof(nsp->ns_rdrtab_sz));
289 kmemcpy((char *)&nsp->ns_hostmap_sz, nat_nlist[6].n_value,
290 sizeof(nsp->ns_hostmap_sz));
291 kmemcpy((char *)&nsp->ns_instances, nat_nlist[7].n_value,
292 sizeof(nsp->ns_instances));
293 kmemcpy((char *)&nsp->ns_apslist, nat_nlist[8].n_value,
294 sizeof(nsp->ns_apslist));
295 }
296
297
298 /*
299 * Display NAT statistics.
300 */
301 void dostats(fd, nsp, opts, alive)
302 natstat_t *nsp;
303 int fd, opts, alive;
304 {
305 nat_t *np, nat;
306 ipnat_t ipn;
307
308 /*
309 * Show statistics ?
310 */
311 if (opts & OPT_STAT) {
312 printf("mapped\tin\t%lu\tout\t%lu\n",
313 nsp->ns_mapped[0], nsp->ns_mapped[1]);
314 printf("added\t%lu\texpired\t%lu\n",
315 nsp->ns_added, nsp->ns_expire);
316 printf("no memory\t%lu\tbad nat\t%lu\n",
317 nsp->ns_memfail, nsp->ns_badnat);
318 printf("inuse\t%lu\norphans\t%u\nrules\t%lu\n",
319 nsp->ns_inuse, nsp->ns_orphans, nsp->ns_rules);
320 printf("wilds\t%u\n", nsp->ns_wilds);
321 if (opts & OPT_VERBOSE)
322 printf("table %p list %p\n",
323 nsp->ns_table, nsp->ns_list);
324 }
325
326 /*
327 * Show list of NAT rules and NAT sessions ?
328 */
329 if (opts & OPT_LIST) {
330 if (alive) {
331 dostats_live(fd, nsp, opts);
332 return;
333 }
334 printf("List of active MAP/Redirect filters:\n");
335 while (nsp->ns_list) {
336 if (kmemcpy((char *)&ipn, (long)nsp->ns_list,
337 sizeof(ipn))) {
338 perror("kmemcpy");
339 break;
340 }
341 if (opts & OPT_HITS)
342 printf("%lu ", ipn.in_hits);
343 printnat(&ipn, opts & (OPT_DEBUG|OPT_VERBOSE));
344 nsp->ns_list = ipn.in_next;
345 }
346
347 printf("\nList of active sessions:\n");
348
349 for (np = nsp->ns_instances; np; np = nat.nat_next) {
350 if (kmemcpy((char *)&nat, (long)np, sizeof(nat)))
351 break;
352 printactivenat(&nat, opts, 0);
353 if (nat.nat_aps)
354 printaps(nat.nat_aps, opts);
355 }
356
357 if (opts & OPT_VERBOSE)
358 showhostmap(nsp);
359 }
360 }
361
362
363 /*
364 * Display the active host mapping table.
365 */
366 void showhostmap(nsp)
367 natstat_t *nsp;
368 {
369 hostmap_t hm, *hmp, **maptable;
370 u_int hv;
371
372 printf("\nList of active host mappings:\n");
373
374 maptable = (hostmap_t **)malloc(sizeof(hostmap_t *) *
375 nsp->ns_hostmap_sz);
376 if (maptable == NULL) {
377 perror("malloc");
378 exit(1);
379 }
380 if (kmemcpy((char *)maptable, (u_long)nsp->ns_maptable,
381 sizeof(hostmap_t *) * nsp->ns_hostmap_sz)) {
382 perror("kmemcpy (maptable)");
383 return;
384 }
385
386 for (hv = 0; hv < nsp->ns_hostmap_sz; hv++) {
387 hmp = maptable[hv];
388
389 while (hmp) {
390 if (kmemcpy((char *)&hm, (u_long)hmp, sizeof(hm))) {
391 perror("kmemcpy (hostmap)");
392 return;
393 }
394
395 printhostmap(&hm, hv);
396 hmp = hm.hm_next;
397 }
398 }
399 free(maptable);
400 }
401
402
403 /*
404 * Issue an ioctl to flush either the NAT rules table or the active mapping
405 * table or both.
406 */
407 void flushtable(fd, opts)
408 int fd, opts;
409 {
410 int n = 0;
411
412 if (opts & OPT_FLUSH) {
413 n = FLUSH_TABLE_ALL;
414 if (!(opts & OPT_DONOTHING) && ioctl(fd, SIOCIPFFL, &n) == -1)
415 perror("ioctl(SIOCFLNAT)");
416 else
417 printf("%d entries flushed from NAT table\n", n);
418 }
419
420 if (opts & OPT_CLEAR) {
421 n = FLUSH_LIST;
422 if (!(opts & OPT_DONOTHING) && ioctl(fd, SIOCIPFFL, &n) == -1)
423 perror("ioctl(SIOCCNATL)");
424 else
425 printf("%d entries flushed from NAT list\n", n);
426 }
427 }
428
429 /*
430 * Display NAT statistics.
431 */
432 void dostats_live(fd, nsp, opts)
433 natstat_t *nsp;
434 int fd, opts;
435 {
436 ipfgeniter_t iter;
437 ipfobj_t obj;
438 ipnat_t ipn;
439 nat_t nat;
440
441 bzero((char *)&obj, sizeof(obj));
442 obj.ipfo_rev = IPFILTER_VERSION;
443 obj.ipfo_type = IPFOBJ_GENITER;
444 obj.ipfo_size = sizeof(iter);
445 obj.ipfo_ptr = &iter;
446
447 iter.igi_type = IPFGENITER_IPNAT;
448 iter.igi_nitems = 1;
449 iter.igi_data = &ipn;
450
451 /*
452 * Show list of NAT rules and NAT sessions ?
453 */
454 printf("List of active MAP/Redirect filters:\n");
455 while (nsp->ns_list) {
456 if (ioctl(fd, SIOCGENITER, &obj) == -1)
457 break;
458 if (opts & OPT_HITS)
459 printf("%lu ", ipn.in_hits);
460 printnat(&ipn, opts & (OPT_DEBUG|OPT_VERBOSE));
461 nsp->ns_list = ipn.in_next;
462 }
463
464 printf("\nList of active sessions:\n");
465
466 iter.igi_type = IPFGENITER_NAT;
467 iter.igi_nitems = 1;
468 iter.igi_data = &nat;
469
470 while (nsp->ns_instances != NULL) {
471 if (ioctl(fd, SIOCGENITER, &obj) == -1)
472 break;
473 printactivenat(&nat, opts, 1);
474 if (nat.nat_aps)
475 printaps(nat.nat_aps, opts);
476 nsp->ns_instances = nat.nat_next;
477 }
478
479 if (opts & OPT_VERBOSE)
480 showhostmap_live(fd, nsp);
481 }
482
483 /*
484 * Display the active host mapping table.
485 */
486 void showhostmap_live(fd, nsp)
487 int fd;
488 natstat_t *nsp;
489 {
490 hostmap_t hm, *hmp;
491 ipfgeniter_t iter;
492 ipfobj_t obj;
493
494 bzero((char *)&obj, sizeof(obj));
495 obj.ipfo_rev = IPFILTER_VERSION;
496 obj.ipfo_type = IPFOBJ_GENITER;
497 obj.ipfo_size = sizeof(iter);
498 obj.ipfo_ptr = &iter;
499
500 iter.igi_type = IPFGENITER_HOSTMAP;
501 iter.igi_nitems = 1;
502 iter.igi_data = &hm;
503
504 printf("\nList of active host mappings:\n");
505
506 while (nsp->ns_maplist != NULL) {
507 if (ioctl(fd, SIOCGENITER, &obj) == -1)
508 break;
509 printhostmap(&hm, 0);
510 nsp->ns_maplist = hm.hm_next;
511 }
512 }
unleashed repo fork