mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2025-01-07 06:56:56 +01:00
74e9ff6519
Obtained from: OpenBSD
238 lines
6.7 KiB
C
238 lines
6.7 KiB
C
/*
|
|
* Copyright (c) 2003 Ryan McBride. All rights reserved.
|
|
* Copyright (c) 2004 Max Laier. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*
|
|
* $FreeBSD$
|
|
*/
|
|
|
|
#include <sys/types.h>
|
|
#include <sys/ioctl.h>
|
|
#include <sys/socket.h>
|
|
|
|
#include <net/if.h>
|
|
#include <netinet/in.h>
|
|
#include <net/pfvar.h>
|
|
#include <net/if_pfsync.h>
|
|
#include <net/route.h>
|
|
#include <arpa/inet.h>
|
|
|
|
#include <err.h>
|
|
#include <netdb.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
|
|
#include "ifconfig.h"
|
|
|
|
void setpfsync_syncdev(const char *, int, int, const struct afswtch *);
|
|
void unsetpfsync_syncdev(const char *, int, int, const struct afswtch *);
|
|
void setpfsync_syncpeer(const char *, int, int, const struct afswtch *);
|
|
void unsetpfsync_syncpeer(const char *, int, int, const struct afswtch *);
|
|
void setpfsync_syncpeer(const char *, int, int, const struct afswtch *);
|
|
void setpfsync_maxupd(const char *, int, int, const struct afswtch *);
|
|
void setpfsync_defer(const char *, int, int, const struct afswtch *);
|
|
void pfsync_status(int);
|
|
|
|
void
|
|
setpfsync_syncdev(const char *val, int d, int s, const struct afswtch *rafp)
|
|
{
|
|
struct pfsyncreq preq;
|
|
|
|
bzero((char *)&preq, sizeof(struct pfsyncreq));
|
|
ifr.ifr_data = (caddr_t)&preq;
|
|
|
|
if (ioctl(s, SIOCGETPFSYNC, (caddr_t)&ifr) == -1)
|
|
err(1, "SIOCGETPFSYNC");
|
|
|
|
strlcpy(preq.pfsyncr_syncdev, val, sizeof(preq.pfsyncr_syncdev));
|
|
|
|
if (ioctl(s, SIOCSETPFSYNC, (caddr_t)&ifr) == -1)
|
|
err(1, "SIOCSETPFSYNC");
|
|
}
|
|
|
|
/* ARGSUSED */
|
|
void
|
|
unsetpfsync_syncdev(const char *val, int d, int s, const struct afswtch *rafp)
|
|
{
|
|
struct pfsyncreq preq;
|
|
|
|
bzero((char *)&preq, sizeof(struct pfsyncreq));
|
|
ifr.ifr_data = (caddr_t)&preq;
|
|
|
|
if (ioctl(s, SIOCGETPFSYNC, (caddr_t)&ifr) == -1)
|
|
err(1, "SIOCGETPFSYNC");
|
|
|
|
bzero((char *)&preq.pfsyncr_syncdev, sizeof(preq.pfsyncr_syncdev));
|
|
|
|
if (ioctl(s, SIOCSETPFSYNC, (caddr_t)&ifr) == -1)
|
|
err(1, "SIOCSETPFSYNC");
|
|
}
|
|
|
|
/* ARGSUSED */
|
|
void
|
|
setpfsync_syncpeer(const char *val, int d, int s, const struct afswtch *rafp)
|
|
{
|
|
struct pfsyncreq preq;
|
|
struct addrinfo hints, *peerres;
|
|
int ecode;
|
|
|
|
bzero((char *)&preq, sizeof(struct pfsyncreq));
|
|
ifr.ifr_data = (caddr_t)&preq;
|
|
|
|
if (ioctl(s, SIOCGETPFSYNC, (caddr_t)&ifr) == -1)
|
|
err(1, "SIOCGETPFSYNC");
|
|
|
|
memset(&hints, 0, sizeof(hints));
|
|
hints.ai_family = AF_INET;
|
|
hints.ai_socktype = SOCK_DGRAM; /*dummy*/
|
|
|
|
if ((ecode = getaddrinfo(val, NULL, &hints, &peerres)) != 0)
|
|
errx(1, "error in parsing address string: %s",
|
|
gai_strerror(ecode));
|
|
|
|
if (peerres->ai_addr->sa_family != AF_INET)
|
|
errx(1, "only IPv4 addresses supported for the syncpeer");
|
|
|
|
preq.pfsyncr_syncpeer.s_addr = ((struct sockaddr_in *)
|
|
peerres->ai_addr)->sin_addr.s_addr;
|
|
|
|
if (ioctl(s, SIOCSETPFSYNC, (caddr_t)&ifr) == -1)
|
|
err(1, "SIOCSETPFSYNC");
|
|
}
|
|
|
|
/* ARGSUSED */
|
|
void
|
|
unsetpfsync_syncpeer(const char *val, int d, int s, const struct afswtch *rafp)
|
|
{
|
|
struct pfsyncreq preq;
|
|
|
|
bzero((char *)&preq, sizeof(struct pfsyncreq));
|
|
ifr.ifr_data = (caddr_t)&preq;
|
|
|
|
if (ioctl(s, SIOCGETPFSYNC, (caddr_t)&ifr) == -1)
|
|
err(1, "SIOCGETPFSYNC");
|
|
|
|
preq.pfsyncr_syncpeer.s_addr = 0;
|
|
|
|
if (ioctl(s, SIOCSETPFSYNC, (caddr_t)&ifr) == -1)
|
|
err(1, "SIOCSETPFSYNC");
|
|
}
|
|
|
|
/* ARGSUSED */
|
|
void
|
|
setpfsync_maxupd(const char *val, int d, int s, const struct afswtch *rafp)
|
|
{
|
|
struct pfsyncreq preq;
|
|
int maxupdates;
|
|
|
|
maxupdates = atoi(val);
|
|
if ((maxupdates < 0) || (maxupdates > 255))
|
|
errx(1, "maxupd %s: out of range", val);
|
|
|
|
memset((char *)&preq, 0, sizeof(struct pfsyncreq));
|
|
ifr.ifr_data = (caddr_t)&preq;
|
|
|
|
if (ioctl(s, SIOCGETPFSYNC, (caddr_t)&ifr) == -1)
|
|
err(1, "SIOCGETPFSYNC");
|
|
|
|
preq.pfsyncr_maxupdates = maxupdates;
|
|
|
|
if (ioctl(s, SIOCSETPFSYNC, (caddr_t)&ifr) == -1)
|
|
err(1, "SIOCSETPFSYNC");
|
|
}
|
|
|
|
/* ARGSUSED */
|
|
void
|
|
setpfsync_defer(const char *val, int d, int s, const struct afswtch *rafp)
|
|
{
|
|
struct pfsyncreq preq;
|
|
|
|
memset((char *)&preq, 0, sizeof(struct pfsyncreq));
|
|
ifr.ifr_data = (caddr_t)&preq;
|
|
|
|
if (ioctl(s, SIOCGETPFSYNC, (caddr_t)&ifr) == -1)
|
|
err(1, "SIOCGETPFSYNC");
|
|
|
|
preq.pfsyncr_defer = d;
|
|
if (ioctl(s, SIOCSETPFSYNC, (caddr_t)&ifr) == -1)
|
|
err(1, "SIOCSETPFSYNC");
|
|
}
|
|
|
|
void
|
|
pfsync_status(int s)
|
|
{
|
|
struct pfsyncreq preq;
|
|
|
|
bzero((char *)&preq, sizeof(struct pfsyncreq));
|
|
ifr.ifr_data = (caddr_t)&preq;
|
|
|
|
if (ioctl(s, SIOCGETPFSYNC, (caddr_t)&ifr) == -1)
|
|
return;
|
|
|
|
if (preq.pfsyncr_syncdev[0] != '\0' ||
|
|
preq.pfsyncr_syncpeer.s_addr != INADDR_PFSYNC_GROUP)
|
|
printf("\t");
|
|
|
|
if (preq.pfsyncr_syncdev[0] != '\0')
|
|
printf("pfsync: syncdev: %s ", preq.pfsyncr_syncdev);
|
|
if (preq.pfsyncr_syncpeer.s_addr != INADDR_PFSYNC_GROUP)
|
|
printf("syncpeer: %s ", inet_ntoa(preq.pfsyncr_syncpeer));
|
|
|
|
if (preq.pfsyncr_syncdev[0] != '\0' ||
|
|
preq.pfsyncr_syncpeer.s_addr != INADDR_PFSYNC_GROUP) {
|
|
printf("maxupd: %d ", preq.pfsyncr_maxupdates);
|
|
printf("defer: %s\n", preq.pfsyncr_defer ? "on" : "off");
|
|
}
|
|
}
|
|
|
|
static struct cmd pfsync_cmds[] = {
|
|
DEF_CMD_ARG("syncdev", setpfsync_syncdev),
|
|
DEF_CMD("-syncdev", 1, unsetpfsync_syncdev),
|
|
DEF_CMD_ARG("syncif", setpfsync_syncdev),
|
|
DEF_CMD("-syncif", 1, unsetpfsync_syncdev),
|
|
DEF_CMD_ARG("syncpeer", setpfsync_syncpeer),
|
|
DEF_CMD("-syncpeer", 1, unsetpfsync_syncpeer),
|
|
DEF_CMD_ARG("maxupd", setpfsync_maxupd),
|
|
DEF_CMD("defer", 1, setpfsync_defer),
|
|
DEF_CMD("-defer", 0, setpfsync_defer),
|
|
};
|
|
static struct afswtch af_pfsync = {
|
|
.af_name = "af_pfsync",
|
|
.af_af = AF_UNSPEC,
|
|
.af_other_status = pfsync_status,
|
|
};
|
|
|
|
static __constructor void
|
|
pfsync_ctor(void)
|
|
{
|
|
#define N(a) (sizeof(a) / sizeof(a[0]))
|
|
int i;
|
|
|
|
for (i = 0; i < N(pfsync_cmds); i++)
|
|
cmd_register(&pfsync_cmds[i]);
|
|
af_register(&af_pfsync);
|
|
#undef N
|
|
}
|