SecBSD
/
src
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
src/sbin/ifconfig/brconfig.c

1150 lines
27 KiB
C
Raw Permalink Blame History

/* $OpenBSD: brconfig.c,v 1.32 2023/11/23 03:38:34 dlg Exp $ */
/*
* Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef SMALL
#include <stdio.h>
#include <sys/types.h>
#include <sys/stdint.h>
#include <unistd.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/if_ether.h>
#include <net/if_bridge.h>
#include <netdb.h>
#include <string.h>
#include <err.h>
#include <errno.h>
#include <getopt.h>
#include <limits.h>
#include <arpa/inet.h>
#include "ifconfig.h"
void bridge_ifsetflag(const char *, u_int32_t);
void bridge_ifclrflag(const char *, u_int32_t);
void bridge_list(char *);
void bridge_cfg(const char *);
void bridge_badrule(int, char **, int);
void bridge_showrule(struct ifbrlreq *);
int bridge_arprule(struct ifbrlreq *, int *, char ***);
#define IFBAFBITS "\020\1STATIC"
#define IFBIFBITS \
"\020\1LEARNING\2DISCOVER\3BLOCKNONIP\4STP\5EDGE\6AUTOEDGE\7PTP\10AUTOPTP\11SPAN\15LOCAL"
#define PV2ID(pv, epri, eaddr) do { \
epri = pv >> 48; \
eaddr[0] = pv >> 40; \
eaddr[1] = pv >> 32; \
eaddr[2] = pv >> 24; \
eaddr[3] = pv >> 16; \
eaddr[4] = pv >> 8; \
eaddr[5] = pv >> 0; \
} while (0)
char *stpstates[] = {
"disabled",
"listening",
"learning",
"forwarding",
"blocking",
"discarding"
};
char *stpproto[] = {
"stp",
"(none)",
"rstp",
};
char *stproles[] = {
"disabled",
"root",
"designated",
"alternate",
"backup"
};
void
setdiscover(const char *val, int d)
{
bridge_ifsetflag(val, IFBIF_DISCOVER);
}
void
unsetdiscover(const char *val, int d)
{
bridge_ifclrflag(val, IFBIF_DISCOVER);
}
void
setblocknonip(const char *val, int d)
{
bridge_ifsetflag(val, IFBIF_BLOCKNONIP);
}
void
unsetblocknonip(const char *val, int d)
{
bridge_ifclrflag(val, IFBIF_BLOCKNONIP);
}
void
setlearn(const char *val, int d)
{
bridge_ifsetflag(val, IFBIF_LEARNING);
}
void
unsetlearn(const char *val, int d)
{
bridge_ifclrflag(val, IFBIF_LEARNING);
}
void
setstp(const char *val, int d)
{
bridge_ifsetflag(val, IFBIF_STP);
}
void
unsetstp(const char *val, int d)
{
bridge_ifclrflag(val, IFBIF_STP);
}
void
setedge(const char *val, int d)
{
bridge_ifsetflag(val, IFBIF_BSTP_EDGE);
}
void
unsetedge(const char *val, int d)
{
bridge_ifclrflag(val, IFBIF_BSTP_EDGE);
}
void
setautoedge(const char *val, int d)
{
bridge_ifsetflag(val, IFBIF_BSTP_AUTOEDGE);
}
void
unsetautoedge(const char *val, int d)
{
bridge_ifclrflag(val, IFBIF_BSTP_AUTOEDGE);
}
void
setptp(const char *val, int d)
{
bridge_ifsetflag(val, IFBIF_BSTP_PTP);
}
void
unsetptp(const char *val, int d)
{
bridge_ifclrflag(val, IFBIF_BSTP_PTP);
}
void
setautoptp(const char *val, int d)
{
bridge_ifsetflag(val, IFBIF_BSTP_AUTOPTP);
}
void
unsetautoptp(const char *val, int d)
{
bridge_ifclrflag(val, IFBIF_BSTP_AUTOPTP);
}
void
addlocal(const char *ifsname, int d)
{
struct ifbreq breq;
if (strncmp(ifsname, "vether", (sizeof("vether") - 1)) != 0)
errx(1, "only vether can be local interface");
/* Add local */
strlcpy(breq.ifbr_name, ifname, sizeof(breq.ifbr_name));
strlcpy(breq.ifbr_ifsname, ifsname, sizeof(breq.ifbr_ifsname));
if (ioctl(sock, SIOCBRDGADDL, (caddr_t)&breq) == -1) {
if (errno == EEXIST)
return;
else
err(1, "%s: ioctl SIOCBRDGADDL %s", ifname, ifsname);
}
}
void
bridge_ifsetflag(const char *ifsname, u_int32_t flag)
{
struct ifbreq req;
strlcpy(req.ifbr_name, ifname, sizeof(req.ifbr_name));
strlcpy(req.ifbr_ifsname, ifsname, sizeof(req.ifbr_ifsname));
if (ioctl(sock, SIOCBRDGGIFFLGS, (caddr_t)&req) == -1)
err(1, "%s: ioctl SIOCBRDGGIFFLGS %s", ifname, ifsname);
req.ifbr_ifsflags |= flag & ~IFBIF_RO_MASK;
if (ioctl(sock, SIOCBRDGSIFFLGS, (caddr_t)&req) == -1)
err(1, "%s: ioctl SIOCBRDGSIFFLGS %s", ifname, ifsname);
}
void
bridge_ifclrflag(const char *ifsname, u_int32_t flag)
{
struct ifbreq req;
strlcpy(req.ifbr_name, ifname, sizeof(req.ifbr_name));
strlcpy(req.ifbr_ifsname, ifsname, sizeof(req.ifbr_ifsname));
if (ioctl(sock, SIOCBRDGGIFFLGS, (caddr_t)&req) == -1)
err(1, "%s: ioctl SIOCBRDGGIFFLGS %s", ifname, ifsname);
req.ifbr_ifsflags &= ~(flag | IFBIF_RO_MASK);
if (ioctl(sock, SIOCBRDGSIFFLGS, (caddr_t)&req) == -1)
err(1, "%s: ioctl SIOCBRDGSIFFLGS %s", ifname, ifsname);
}
void
bridge_flushall(const char *val, int p)
{
struct ifbreq req;
strlcpy(req.ifbr_name, ifname, sizeof(req.ifbr_name));
req.ifbr_ifsflags = IFBF_FLUSHALL;
if (ioctl(sock, SIOCBRDGFLUSH, &req) == -1)
err(1, "%s", ifname);
}
void
bridge_flush(const char *val, int p)
{
struct ifbreq req;
strlcpy(req.ifbr_name, ifname, sizeof(req.ifbr_name));
req.ifbr_ifsflags = IFBF_FLUSHDYN;
if (ioctl(sock, SIOCBRDGFLUSH, &req) == -1)
err(1, "%s", ifname);
}
void
bridge_cfg(const char *delim)
{
struct ifbropreq ifbp;
u_int16_t pri;
u_int8_t ht, fd, ma, hc, proto;
u_int8_t lladdr[ETHER_ADDR_LEN];
u_int16_t bprio;
strlcpy(ifbp.ifbop_name, ifname, sizeof(ifbp.ifbop_name));
if (ioctl(sock, SIOCBRDGGPARAM, (caddr_t)&ifbp) == -1) {
if (errno == ENOTTY)
return;
err(1, "%s SIOCBRDGGPARAM", ifname);
}
printf("%s", delim);
pri = ifbp.ifbop_priority;
ht = ifbp.ifbop_hellotime;
fd = ifbp.ifbop_fwddelay;
ma = ifbp.ifbop_maxage;
hc = ifbp.ifbop_holdcount;
proto = ifbp.ifbop_protocol;
printf("priority %u hellotime %u fwddelay %u maxage %u "
"holdcnt %u proto %s\n", pri, ht, fd, ma, hc, stpproto[proto]);
if (aflag)
return;
PV2ID(ifbp.ifbop_desg_bridge, bprio, lladdr);
printf("\tdesignated: id %s priority %u\n",
ether_ntoa((struct ether_addr *)lladdr), bprio);
if (ifbp.ifbop_root_bridge == ifbp.ifbop_desg_bridge)
return;
PV2ID(ifbp.ifbop_root_bridge, bprio, lladdr);
printf("\troot: id %s priority %u ifcost %u port %u\n",
ether_ntoa((struct ether_addr *)lladdr), bprio,
ifbp.ifbop_root_path_cost, ifbp.ifbop_root_port & 0xfff);
}
void
bridge_list(char *delim)
{
struct ifbreq *reqp;
struct ifbifconf bifc;
int i, len = 8192;
char buf[sizeof(reqp->ifbr_ifsname) + 1], *inbuf = NULL, *inb;
while (1) {
bifc.ifbic_len = len;
inb = realloc(inbuf, len);
if (inb == NULL)
err(1, "malloc");
bifc.ifbic_buf = inbuf = inb;
strlcpy(bifc.ifbic_name, ifname, sizeof(bifc.ifbic_name));
if (ioctl(sock, SIOCBRDGIFS, &bifc) == -1) {
if (errno == ENOTTY)
return;
err(1, "%s SIOCBRDGIFS", ifname);
}
if (bifc.ifbic_len + sizeof(*reqp) < len)
break;
len *= 2;
}
for (i = 0; i < bifc.ifbic_len / sizeof(*reqp); i++) {
reqp = bifc.ifbic_req + i;
strlcpy(buf, reqp->ifbr_ifsname, sizeof(buf));
printf("%s%s ", delim, buf);
printb("flags", reqp->ifbr_ifsflags, IFBIFBITS);
printf("\n");
if (reqp->ifbr_ifsflags & IFBIF_SPAN)
continue;
printf("\t\t");
printf("port %u ifpriority %u ifcost %u",
reqp->ifbr_portno, reqp->ifbr_priority,
reqp->ifbr_path_cost);
if (reqp->ifbr_protected) {
int v;
v = ffs(reqp->ifbr_protected);
printf(" protected %u", v);
while (++v < 32) {
if ((1 << (v - 1)) & reqp->ifbr_protected)
printf(",%u", v);
}
}
if (reqp->ifbr_ifsflags & IFBIF_STP)
printf(" %s role %s",
stpstates[reqp->ifbr_state],
stproles[reqp->ifbr_role]);
printf("\n");
bridge_rules(buf, 1);
}
free(bifc.ifbic_buf);
}
void
bridge_add(const char *ifn, int d)
{
struct ifbreq req;
strlcpy(req.ifbr_name, ifname, sizeof(req.ifbr_name));
strlcpy(req.ifbr_ifsname, ifn, sizeof(req.ifbr_ifsname));
if (ioctl(sock, SIOCBRDGADD, &req) == -1) {
if (errno == EEXIST)
return;
err(1, "%s: %s", ifname, ifn);
}
}
void
bridge_delete(const char *ifn, int d)
{
struct ifbreq req;
strlcpy(req.ifbr_name, ifname, sizeof(req.ifbr_name));
strlcpy(req.ifbr_ifsname, ifn, sizeof(req.ifbr_ifsname));
if (ioctl(sock, SIOCBRDGDEL, &req) == -1)
err(1, "%s: %s", ifname, ifn);
}
void
bridge_addspan(const char *ifn, int d)
{
struct ifbreq req;
strlcpy(req.ifbr_name, ifname, sizeof(req.ifbr_name));
strlcpy(req.ifbr_ifsname, ifn, sizeof(req.ifbr_ifsname));
if (ioctl(sock, SIOCBRDGADDS, &req) == -1) {
if (errno == EEXIST)
return;
err(1, "%s: %s", ifname, ifn);
}
}
void
bridge_delspan(const char *ifn, int d)
{
struct ifbreq req;
strlcpy(req.ifbr_name, ifname, sizeof(req.ifbr_name));
strlcpy(req.ifbr_ifsname, ifn, sizeof(req.ifbr_ifsname));
if (ioctl(sock, SIOCBRDGDELS, &req) == -1)
err(1, "%s: %s", ifname, ifn);
}
void
bridge_timeout(const char *arg, int d)
{
struct ifbrparam bp;
const char *errstr;
bp.ifbrp_ctime = strtonum(arg, 0, UINT32_MAX, &errstr);
if (errstr)
err(1, "timeout %s is: %s", arg, errstr);
strlcpy(bp.ifbrp_name, ifname, sizeof(bp.ifbrp_name));
if (ioctl(sock, SIOCBRDGSTO, (caddr_t)&bp) == -1)
err(1, "%s", ifname);
}
void
bridge_maxage(const char *arg, int d)
{
struct ifbrparam bp;
const char *errstr;
bp.ifbrp_maxage = strtonum(arg, 0, UINT8_MAX, &errstr);
if (errstr)
errx(1, "maxage %s is: %s", arg, errstr);
strlcpy(bp.ifbrp_name, ifname, sizeof(bp.ifbrp_name));
if (ioctl(sock, SIOCBRDGSMA, (caddr_t)&bp) == -1)
err(1, "%s", ifname);
}
void
bridge_priority(const char *arg, int d)
{
struct ifbrparam bp;
const char *errstr;
bp.ifbrp_prio = strtonum(arg, 0, UINT16_MAX, &errstr);
if (errstr)
errx(1, "spanpriority %s is: %s", arg, errstr);
strlcpy(bp.ifbrp_name, ifname, sizeof(bp.ifbrp_name));
if (ioctl(sock, SIOCBRDGSPRI, (caddr_t)&bp) == -1)
err(1, "%s", ifname);
}
void
bridge_protect(const char *ifsname, const char *val)
{
struct ifbreq breq;
unsigned long v;
char *optlist, *str;
const char *errstr;
strlcpy(breq.ifbr_name, ifname, sizeof(breq.ifbr_name));
strlcpy(breq.ifbr_ifsname, ifsname, sizeof(breq.ifbr_ifsname));
breq.ifbr_protected = 0;
/* We muck with the string, so copy it. */
optlist = strdup(val);
if (optlist == NULL)
err(1, "strdup");
str = strtok(optlist, ",");
while (str != NULL) {
v = strtonum(str, 1, 31, &errstr);
if (errstr)
err(1, "protected domain %s is: %s", str, errstr);
breq.ifbr_protected |= (1 << (v - 1));
str = strtok(NULL, ",");
}
if (ioctl(sock, SIOCBRDGSIFPROT, (caddr_t)&breq) == -1)
err(1, "%s: %s", ifname, val);
free(optlist);
}
void
bridge_unprotect(const char *ifsname, int d)
{
struct ifbreq breq;
strlcpy(breq.ifbr_name, ifname, sizeof(breq.ifbr_name));
strlcpy(breq.ifbr_ifsname, ifsname, sizeof(breq.ifbr_ifsname));
breq.ifbr_protected = 0;
if (ioctl(sock, SIOCBRDGSIFPROT, (caddr_t)&breq) == -1)
err(1, "%s: %d", ifname, 0);
}
void
bridge_proto(const char *arg, int d)
{
struct ifbrparam bp;
int i, proto = -1;
for (i = 0; i <= BSTP_PROTO_MAX; i++)
if (strcmp(arg, stpproto[i]) == 0) {
proto = i;
break;
}
if (proto == -1)
errx(1, "invalid arg for proto: %s", arg);
strlcpy(bp.ifbrp_name, ifname, sizeof(bp.ifbrp_name));
bp.ifbrp_prio = proto;
if (ioctl(sock, SIOCBRDGSPROTO, (caddr_t)&bp) == -1)
err(1, "%s", ifname);
}
void
bridge_fwddelay(const char *arg, int d)
{
struct ifbrparam bp;
const char *errstr;
bp.ifbrp_fwddelay = strtonum(arg, 0, UINT8_MAX, &errstr);
if (errstr)
errx(1, "fwddelay %s is: %s", arg, errstr);
strlcpy(bp.ifbrp_name, ifname, sizeof(bp.ifbrp_name));
if (ioctl(sock, SIOCBRDGSFD, (caddr_t)&bp) == -1)
err(1, "%s", ifname);
}
void
bridge_hellotime(const char *arg, int d)
{
struct ifbrparam bp;
const char *errstr;
bp.ifbrp_hellotime = strtonum(arg, 0, UINT8_MAX, &errstr);
if (errstr)
errx(1, "hellotime %s is: %s", arg, errstr);
strlcpy(bp.ifbrp_name, ifname, sizeof(bp.ifbrp_name));
if (ioctl(sock, SIOCBRDGSHT, (caddr_t)&bp) == -1)
err(1, "%s", ifname);
}
void
bridge_maxaddr(const char *arg, int d)
{
struct ifbrparam bp;
const char *errstr;
bp.ifbrp_csize = strtonum(arg, 0, UINT32_MAX, &errstr);
if (errstr)
errx(1, "maxaddr %s is: %s", arg, errstr);
strlcpy(bp.ifbrp_name, ifname, sizeof(bp.ifbrp_name));
if (ioctl(sock, SIOCBRDGSCACHE, (caddr_t)&bp) == -1)
err(1, "%s", ifname);
}
void
bridge_deladdr(const char *addr, int d)
{
struct ifbareq ifba;
struct ether_addr *ea;
strlcpy(ifba.ifba_name, ifname, sizeof(ifba.ifba_name));
ea = ether_aton(addr);
if (ea == NULL)
err(1, "Invalid address: %s", addr);
bcopy(ea, &ifba.ifba_dst, sizeof(struct ether_addr));
if (ioctl(sock, SIOCBRDGDADDR, &ifba) == -1)
err(1, "%s: %s", ifname, addr);
}
void
bridge_ifprio(const char *ifsname, const char *val)
{
struct ifbreq breq;
const char *errstr;
breq.ifbr_priority = strtonum(val, 0, UINT8_MAX, &errstr);
if (errstr)
errx(1, "ifpriority %s is: %s", val, errstr);
strlcpy(breq.ifbr_name, ifname, sizeof(breq.ifbr_name));
strlcpy(breq.ifbr_ifsname, ifsname, sizeof(breq.ifbr_ifsname));
if (ioctl(sock, SIOCBRDGSIFPRIO, (caddr_t)&breq) == -1)
err(1, "%s: %s", ifname, val);
}
void
bridge_ifcost(const char *ifsname, const char *val)
{
struct ifbreq breq;
const char *errstr;
breq.ifbr_path_cost = strtonum(val, 0, UINT32_MAX, &errstr);
if (errstr)
errx(1, "ifcost %s is: %s", val, errstr);
strlcpy(breq.ifbr_name, ifname, sizeof(breq.ifbr_name));
strlcpy(breq.ifbr_ifsname, ifsname, sizeof(breq.ifbr_ifsname));
if (ioctl(sock, SIOCBRDGSIFCOST, (caddr_t)&breq) == -1)
err(1, "%s: %s", ifname, val);
}
void
bridge_noifcost(const char *ifsname, int d)
{
struct ifbreq breq;
strlcpy(breq.ifbr_name, ifname, sizeof(breq.ifbr_name));
strlcpy(breq.ifbr_ifsname, ifsname, sizeof(breq.ifbr_ifsname));
breq.ifbr_path_cost = 0;
if (ioctl(sock, SIOCBRDGSIFCOST, (caddr_t)&breq) == -1)
err(1, "%s", ifname);
}
void
bridge_addaddr(const char *ifsname, const char *addr)
{
struct ifbareq ifba;
struct ether_addr *ea;
strlcpy(ifba.ifba_name, ifname, sizeof(ifba.ifba_name));
strlcpy(ifba.ifba_ifsname, ifsname, sizeof(ifba.ifba_ifsname));
ea = ether_aton(addr);
if (ea == NULL)
errx(1, "Invalid address: %s", addr);
bcopy(ea, &ifba.ifba_dst, sizeof(struct ether_addr));
ifba.ifba_flags = IFBAF_STATIC;
if (ioctl(sock, SIOCBRDGSADDR, &ifba) == -1)
err(1, "%s: %s", ifname, addr);
}
void
bridge_addendpoint(const char *endpoint, const char *addr)
{
struct ifbareq ifba;
struct ether_addr *ea;
struct addrinfo *res;
int ecode;
/* should we handle ports? */
ecode = getaddrinfo(endpoint, NULL, NULL, &res);
if (ecode != 0) {
errx(1, "%s endpoint %s: %s", ifname, endpoint,
gai_strerror(ecode));
}
if (res->ai_addrlen > sizeof(ifba.ifba_dstsa))
errx(1, "%s: addrlen > dstsa", __func__);
ea = ether_aton(addr);
if (ea == NULL) {
errx(1, "%s endpoint %s %s: invalid Ethernet address",
ifname, endpoint, addr);
}
memset(&ifba, 0, sizeof(ifba));
strlcpy(ifba.ifba_name, ifname, sizeof(ifba.ifba_name));
strlcpy(ifba.ifba_ifsname, ifname, sizeof(ifba.ifba_ifsname));
memcpy(&ifba.ifba_dst, ea, sizeof(struct ether_addr));
memcpy(&ifba.ifba_dstsa, res->ai_addr, res->ai_addrlen);
ifba.ifba_flags = IFBAF_STATIC;
freeaddrinfo(res);
if (ioctl(sock, SIOCBRDGSADDR, &ifba) == -1)
err(1, "%s endpoint %s %s", ifname, endpoint, addr);
}
void
bridge_addrs(const char *delim, int d)
{
char dstaddr[NI_MAXHOST];
char dstport[NI_MAXSERV];
const int niflag = NI_NUMERICHOST|NI_DGRAM;
struct ifbaconf ifbac;
struct ifbareq *ifba;
char *inbuf = NULL, buf[sizeof(ifba->ifba_ifsname) + 1], *inb;
struct sockaddr *sa;
int i, len = 8192;
/* ifconfig will call us with the argv of the command */
if (strcmp(delim, "addr") == 0)
delim = "";
while (1) {
ifbac.ifbac_len = len;
inb = realloc(inbuf, len);
if (inb == NULL)
err(1, "malloc");
ifbac.ifbac_buf = inbuf = inb;
strlcpy(ifbac.ifbac_name, ifname, sizeof(ifbac.ifbac_name));
if (ioctl(sock, SIOCBRDGRTS, &ifbac) == -1) {
if (errno == ENETDOWN)
return;
err(1, "%s", ifname);
}
if (ifbac.ifbac_len + sizeof(*ifba) < len)
break;
len *= 2;
}
for (i = 0; i < ifbac.ifbac_len / sizeof(*ifba); i++) {
ifba = ifbac.ifbac_req + i;
strlcpy(buf, ifba->ifba_ifsname, sizeof(buf));
printf("%s%s %s %u ", delim, ether_ntoa(&ifba->ifba_dst),
buf, ifba->ifba_age);
sa = (struct sockaddr *)&ifba->ifba_dstsa;
printb("flags", ifba->ifba_flags, IFBAFBITS);
if (sa->sa_family != AF_UNSPEC &&
getnameinfo(sa, sa->sa_len,
dstaddr, sizeof(dstaddr),
dstport, sizeof(dstport), niflag) == 0)
printf(" tunnel %s:%s", dstaddr, dstport);
printf("\n");
}
free(inbuf);
}
void
bridge_holdcnt(const char *value, int d)
{
struct ifbrparam bp;
const char *errstr;
bp.ifbrp_txhc = strtonum(value, 0, UINT8_MAX, &errstr);
if (errstr)
err(1, "holdcnt %s is: %s", value, errstr);
strlcpy(bp.ifbrp_name, ifname, sizeof(bp.ifbrp_name));
if (ioctl(sock, SIOCBRDGSTXHC, (caddr_t)&bp) == -1)
err(1, "%s", ifname);
}
/*
* Check to make sure interface is really a bridge interface.
*/
int
is_bridge()
{
struct ifbaconf ifbac;
ifbac.ifbac_len = 0;
strlcpy(ifbac.ifbac_name, ifname, sizeof(ifbac.ifbac_name));
if (ioctl(sock, SIOCBRDGRTS, (caddr_t)&ifbac) == -1) {
if (errno == ENETDOWN)
return (1);
return (0);
}
return (1);
}
/* no tpmr(4) specific ioctls, name is enough if ifconfig.c:printif() passed */
int
is_tpmr(void)
{
return (strncmp(ifname, "tpmr", sizeof("tpmr") - 1) == 0);
}
void
bridge_status(void)
{
struct ifbrparam bp1, bp2;
if (is_tpmr()) {
bridge_list("\t");
return;
}
if (!is_bridge())
return;
bridge_cfg("\t");
bridge_list("\t");
if (aflag && !ifaliases)
return;
strlcpy(bp1.ifbrp_name, ifname, sizeof(bp1.ifbrp_name));
if (ioctl(sock, SIOCBRDGGCACHE, (caddr_t)&bp1) == -1)
return;
strlcpy(bp2.ifbrp_name, ifname, sizeof(bp2.ifbrp_name));
if (ioctl(sock, SIOCBRDGGTO, (caddr_t)&bp2) == -1)
return;
printf("\tAddresses (max cache: %u, timeout: %u):\n",
bp1.ifbrp_csize, bp2.ifbrp_ctime);
bridge_addrs("\t\t", 0);
}
void
bridge_flushrule(const char *ifsname, int d)
{
struct ifbrlreq req;
strlcpy(req.ifbr_name, ifname, sizeof(req.ifbr_name));
strlcpy(req.ifbr_ifsname, ifsname, sizeof(req.ifbr_ifsname));
if (ioctl(sock, SIOCBRDGFRL, &req) == -1)
err(1, "%s: %s", ifname, ifsname);
}
void
bridge_rules(const char *ifsname, int usetab)
{
char *inbuf = NULL, *inb;
struct ifbrlconf ifc;
struct ifbrlreq *ifrp;
int len = 8192, i;
while (1) {
ifc.ifbrl_len = len;
inb = realloc(inbuf, len);
if (inb == NULL)
err(1, "malloc");
ifc.ifbrl_buf = inbuf = inb;
strlcpy(ifc.ifbrl_name, ifname, sizeof(ifc.ifbrl_name));
strlcpy(ifc.ifbrl_ifsname, ifsname, sizeof(ifc.ifbrl_ifsname));
if (ioctl(sock, SIOCBRDGGRL, &ifc) == -1)
err(1, "ioctl(SIOCBRDGGRL)");
if (ifc.ifbrl_len + sizeof(*ifrp) < len)
break;
len *= 2;
}
ifrp = ifc.ifbrl_req;
for (i = 0; i < ifc.ifbrl_len; i += sizeof(*ifrp)) {
ifrp = (struct ifbrlreq *)((caddr_t)ifc.ifbrl_req + i);
if (usetab)
printf("\t");
bridge_showrule(ifrp);
}
}
void
bridge_showrule(struct ifbrlreq *r)
{
if (r->ifbr_action == BRL_ACTION_BLOCK)
printf("block ");
else if (r->ifbr_action == BRL_ACTION_PASS)
printf("pass ");
else
printf("[neither block nor pass?]\n");
if ((r->ifbr_flags & (BRL_FLAG_IN | BRL_FLAG_OUT)) ==
(BRL_FLAG_IN | BRL_FLAG_OUT))
printf("in/out ");
else if (r->ifbr_flags & BRL_FLAG_IN)
printf("in ");
else if (r->ifbr_flags & BRL_FLAG_OUT)
printf("out ");
else
printf("[neither in nor out?]\n");
printf("on %s", r->ifbr_ifsname);
if (r->ifbr_flags & BRL_FLAG_SRCVALID)
printf(" src %s", ether_ntoa(&r->ifbr_src));
if (r->ifbr_flags & BRL_FLAG_DSTVALID)
printf(" dst %s", ether_ntoa(&r->ifbr_dst));
if (r->ifbr_tagname[0])
printf(" tag %s", r->ifbr_tagname);
if (r->ifbr_arpf.brla_flags & BRLA_ARP)
printf(" arp");
if (r->ifbr_arpf.brla_flags & BRLA_RARP)
printf(" rarp");
if (r->ifbr_arpf.brla_op == ARPOP_REQUEST ||
r->ifbr_arpf.brla_op == ARPOP_REVREQUEST)
printf(" request");
if (r->ifbr_arpf.brla_op == ARPOP_REPLY ||
r->ifbr_arpf.brla_op == ARPOP_REVREPLY)
printf(" reply");
if (r->ifbr_arpf.brla_flags & BRLA_SHA)
printf(" sha %s", ether_ntoa(&r->ifbr_arpf.brla_sha));
if (r->ifbr_arpf.brla_flags & BRLA_THA)
printf(" tha %s", ether_ntoa(&r->ifbr_arpf.brla_tha));
if (r->ifbr_arpf.brla_flags & BRLA_SPA)
printf(" spa %s", inet_ntoa(r->ifbr_arpf.brla_spa));
if (r->ifbr_arpf.brla_flags & BRLA_TPA)
printf(" tpa %s", inet_ntoa(r->ifbr_arpf.brla_tpa));
printf("\n");
}
/*
* Parse a rule definition and send it upwards.
*
* Syntax:
* {block|pass} {in|out|in/out} on {ifs} [src {mac}] [dst {mac}]
*/
int
bridge_rule(int targc, char **targv, int ln)
{
char **argv = targv;
int argc = targc;
struct ifbrlreq rule;
struct ether_addr *ea, *dea;
if (argc == 0) {
warnx("invalid rule");
return (1);
}
bzero(&rule, sizeof(rule));
strlcpy(rule.ifbr_name, ifname, sizeof(rule.ifbr_name));
if (strcmp(argv[0], "block") == 0)
rule.ifbr_action = BRL_ACTION_BLOCK;
else if (strcmp(argv[0], "pass") == 0)
rule.ifbr_action = BRL_ACTION_PASS;
else
goto bad_rule;
argc--; argv++;
if (argc == 0) {
bridge_badrule(targc, targv, ln);
return (1);
}
if (strcmp(argv[0], "in") == 0)
rule.ifbr_flags |= BRL_FLAG_IN;
else if (strcmp(argv[0], "out") == 0)
rule.ifbr_flags |= BRL_FLAG_OUT;
else if (strcmp(argv[0], "in/out") == 0)
rule.ifbr_flags |= BRL_FLAG_IN | BRL_FLAG_OUT;
else if (strcmp(argv[0], "on") == 0) {
rule.ifbr_flags |= BRL_FLAG_IN | BRL_FLAG_OUT;
argc++; argv--;
} else
goto bad_rule;
argc--; argv++;
if (argc == 0 || strcmp(argv[0], "on"))
goto bad_rule;
argc--; argv++;
if (argc == 0)
goto bad_rule;
strlcpy(rule.ifbr_ifsname, argv[0], sizeof(rule.ifbr_ifsname));
argc--; argv++;
while (argc) {
dea = NULL;
if (strcmp(argv[0], "dst") == 0) {
if (rule.ifbr_flags & BRL_FLAG_DSTVALID)
goto bad_rule;
rule.ifbr_flags |= BRL_FLAG_DSTVALID;
dea = &rule.ifbr_dst;
argc--; argv++;
} else if (strcmp(argv[0], "src") == 0) {
if (rule.ifbr_flags & BRL_FLAG_SRCVALID)
goto bad_rule;
rule.ifbr_flags |= BRL_FLAG_SRCVALID;
dea = &rule.ifbr_src;
argc--; argv++;
} else if (strcmp(argv[0], "tag") == 0) {
if (argc < 2) {
warnx("missing tag name");
goto bad_rule;
}
if (rule.ifbr_tagname[0]) {
warnx("tag already defined");
goto bad_rule;
}
argc--; argv++;
if (strlcpy(rule.ifbr_tagname, argv[0],
PF_TAG_NAME_SIZE) > PF_TAG_NAME_SIZE) {
warnx("tag name '%s' too long", argv[0]);
goto bad_rule;
}
argc--; argv++;
} else if (strcmp(argv[0], "arp") == 0) {
rule.ifbr_arpf.brla_flags |= BRLA_ARP;
argc--; argv++;
if (bridge_arprule(&rule, &argc, &argv) == -1)
goto bad_rule;
} else if (strcmp(argv[0], "rarp") == 0) {
rule.ifbr_arpf.brla_flags |= BRLA_RARP;
argc--; argv++;
if (bridge_arprule(&rule, &argc, &argv) == -1)
goto bad_rule;
} else
goto bad_rule;
if (dea != NULL) {
if (argc == 0)
goto bad_rule;
ea = ether_aton(argv[0]);
if (ea == NULL) {
warnx("invalid address: %s", argv[0]);
return (1);
}
bcopy(ea, dea, sizeof(*dea));
argc--; argv++;
}
}
if (ioctl(sock, SIOCBRDGARL, &rule) == -1) {
warn("%s", ifname);
return (1);
}
return (0);
bad_rule:
bridge_badrule(targc, targv, ln);
return (1);
}
int
bridge_arprule(struct ifbrlreq *rule, int *argc, char ***argv)
{
while (*argc) {
struct ether_addr *ea, *dea = NULL;
struct in_addr ia, *dia = NULL;
if (strcmp((*argv)[0], "request") == 0) {
if (rule->ifbr_arpf.brla_flags & BRLA_ARP)
rule->ifbr_arpf.brla_op = ARPOP_REQUEST;
else if (rule->ifbr_arpf.brla_flags & BRLA_RARP)
rule->ifbr_arpf.brla_op = ARPOP_REVREQUEST;
else
errx(1, "bridge_arprule: arp/rarp undefined");
} else if (strcmp((*argv)[0], "reply") == 0) {
if (rule->ifbr_arpf.brla_flags & BRLA_ARP)
rule->ifbr_arpf.brla_op = ARPOP_REPLY;
else if (rule->ifbr_arpf.brla_flags & BRLA_RARP)
rule->ifbr_arpf.brla_op = ARPOP_REVREPLY;
else
errx(1, "bridge_arprule: arp/rarp undefined");
} else if (strcmp((*argv)[0], "sha") == 0) {
rule->ifbr_arpf.brla_flags |= BRLA_SHA;
dea = &rule->ifbr_arpf.brla_sha;
} else if (strcmp((*argv)[0], "tha") == 0) {
rule->ifbr_arpf.brla_flags |= BRLA_THA;
dea = &rule->ifbr_arpf.brla_tha;
} else if (strcmp((*argv)[0], "spa") == 0) {
rule->ifbr_arpf.brla_flags |= BRLA_SPA;
dia = &rule->ifbr_arpf.brla_spa;
} else if (strcmp((*argv)[0], "tpa") == 0) {
rule->ifbr_arpf.brla_flags |= BRLA_TPA;
dia = &rule->ifbr_arpf.brla_tpa;
} else
return (0);
(*argc)--; (*argv)++;
if (dea != NULL) {
if (*argc == 0)
return (-1);
ea = ether_aton((*argv)[0]);
if (ea == NULL) {
warnx("invalid address: %s", (*argv)[0]);
return (-1);
}
bcopy(ea, dea, sizeof(*dea));
(*argc)--; (*argv)++;
}
if (dia != NULL) {
if (*argc == 0)
return (-1);
ia.s_addr = inet_addr((*argv)[0]);
if (ia.s_addr == INADDR_NONE) {
warnx("invalid address: %s", (*argv)[0]);
return (-1);
}
bcopy(&ia, dia, sizeof(*dia));
(*argc)--; (*argv)++;
}
}
return (0);
}
#define MAXRULEWORDS 32
void
bridge_rulefile(const char *fname, int d)
{
FILE *f;
char *str, *argv[MAXRULEWORDS], buf[1024];
int ln = 0, argc = 0;
f = fopen(fname, "r");
if (f == NULL)
err(1, "%s", fname);
while (fgets(buf, sizeof(buf), f) != NULL) {
ln++;
if (buf[0] == '#' || buf[0] == '\n')
continue;
argc = 0;
str = strtok(buf, "\n\t\r ");
while (str != NULL && argc < MAXRULEWORDS) {
argv[argc++] = str;
str = strtok(NULL, "\n\t\r ");
}
/* Rule is too long if there's more. */
if (str != NULL) {
warnx("invalid rule: %d: %s ...", ln, buf);
continue;
}
bridge_rule(argc, argv, ln);
}
fclose(f);
}
void
bridge_badrule(int argc, char *argv[], int ln)
{
extern const char *__progname;
int i;
fprintf(stderr, "%s: invalid rule: ", __progname);
if (ln != -1)
fprintf(stderr, "%d: ", ln);
for (i = 0; i < argc; i++)
fprintf(stderr, "%s ", argv[i]);
fprintf(stderr, "\n");
}
#endif
Reference in New Issue View Git Blame Copy Permalink