1 /*
2 * Copyright (C) 2003 by Darren Reed.
3 *
4 * See the IPFILTER.LICENCE file for details on licencing.
5 *
6 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
7 * Use is subject to license terms.
8 *
9 * Copyright (c) 2014, Joyent, Inc. All rights reserved.
10 * Copyright 2017 Gary Mills
11 */
12
13 #include <sys/types.h>
14 #include <sys/time.h>
15 #include <sys/param.h>
16 #include <sys/socket.h>
17 #if defined(BSD) && (BSD >= 199306)
18 # include <sys/cdefs.h>
19 #endif
20 #include <sys/ioctl.h>
21
22 #include <net/if.h>
23 #if __FreeBSD_version >= 300000
24 # include <net/if_var.h>
25 #endif
26 #include <netinet/in.h>
27
28 #include <arpa/inet.h>
29
30 #include <stdio.h>
31 #include <fcntl.h>
32 #include <stdlib.h>
33 #include <string.h>
34 #include <netdb.h>
35 #include <ctype.h>
36 #include <unistd.h>
37 #include <nlist.h>
38
39 #include "ipf.h"
40 #include "netinet/ipl.h"
41 #include "netinet/ip_lookup.h"
42 #include "netinet/ip_pool.h"
43 #include "netinet/ip_htable.h"
44 #include "kmem.h"
45 #include "ipfzone.h"
46
47 extern int ippool_yyparse __P((void));
48 extern int ippool_yydebug;
49 extern FILE *ippool_yyin;
50 extern char *optarg;
51 extern int lineNum;
52
53 void showpools __P((ip_pool_stat_t *));
54 void usage __P((char *));
55 int main __P((int, char **));
56 int poolcommand __P((int, int, char *[]));
57 int poolnodecommand __P((int, int, char *[]));
58 int loadpoolfile __P((int, char *[], char *));
59 int poollist __P((int, char *[]));
60 int poolflush __P((int, char *[]));
61 int poolstats __P((int, char *[]));
62 int gettype __P((char *, u_int *));
63 int getrole __P((char *));
64 void poollist_dead __P((int, char *, int, char *, char *));
65 void showpools_live(int, int, ip_pool_stat_t *, char *, int);
66 void showhashs_live(int, int, iphtstat_t *, char *, int);
67
68 int opts = 0;
69 int fd = -1;
70 int use_inet6 = 0;
71
72
usage(prog)73 void usage(prog)
74 char *prog;
75 {
76 const char *zoneopt = "[-G|-z zonename] ";
77 fprintf(stderr, "Usage:\t%s\n", prog);
78 fprintf(stderr, "\t\t\t-a [-dnv] %s[-m <name>] [-o <role>] -i <ipaddr>[/netmask]\n",
79 zoneopt);
80 fprintf(stderr, "\t\t\t-A [-dnv] %s[-m <name>] [-o <role>] [-S <seed>] [-t <type>]\n",
81 zoneopt);
82 fprintf(stderr, "\t\t\t-f <file> %s[-dnuv]\n", zoneopt);
83 fprintf(stderr, "\t\t\t-F [-dv] %s[-o <role>] [-t <type>]\n", zoneopt);
84 fprintf(stderr, "\t\t\t-l [-dv] %s[-m <name>] [-t <type>]\n", zoneopt);
85 fprintf(stderr, "\t\t\t-r [-dnv] %s[-m <name>] [-o <role>] -i <ipaddr>[/netmask]\n",
86 zoneopt);
87 fprintf(stderr, "\t\t\t-R [-dnv] %s[-m <name>] [-o <role>] [-t <type>]\n",
88 zoneopt);
89 fprintf(stderr, "\t\t\t-s [-dtv] %s[-M <core>] [-N <namelist>]\n",
90 zoneopt);
91 exit(1);
92 }
93
94
main(argc,argv)95 int main(argc, argv)
96 int argc;
97 char *argv[];
98 {
99 int err;
100
101 if (argc < 2)
102 usage(argv[0]);
103
104 switch (getopt(argc, argv, "aAf:FlrRs"))
105 {
106 case 'a' :
107 err = poolnodecommand(0, argc, argv);
108 break;
109 case 'A' :
110 err = poolcommand(0, argc, argv);
111 break;
112 case 'f' :
113 err = loadpoolfile(argc, argv, optarg);
114 break;
115 case 'F' :
116 err = poolflush(argc, argv);
117 break;
118 case 'l' :
119 err = poollist(argc, argv);
120 break;
121 case 'r' :
122 err = poolnodecommand(1, argc, argv);
123 break;
124 case 'R' :
125 err = poolcommand(1, argc, argv);
126 break;
127 case 's' :
128 err = poolstats(argc, argv);
129 break;
130 default :
131 exit(1);
132 }
133
134 return err;
135 }
136
137
poolnodecommand(remove,argc,argv)138 int poolnodecommand(remove, argc, argv)
139 int remove, argc;
140 char *argv[];
141 {
142 char *poolname = NULL, *s;
143 int err, c, ipset, role;
144 ip_pool_node_t node;
145 struct in_addr mask;
146
147 ipset = 0;
148 role = IPL_LOGIPF;
149 bzero((char *)&node, sizeof(node));
150
151 while ((c = getopt(argc, argv, "di:G:m:no:Rvz:")) != -1)
152 switch (c)
153 {
154 case 'd' :
155 opts |= OPT_DEBUG;
156 ippool_yydebug++;
157 break;
158 case 'G' :
159 setzonename_global(optarg);
160 break;
161 case 'i' :
162 s = strchr(optarg, '/');
163 if (s == NULL)
164 mask.s_addr = 0xffffffff;
165 else if (strchr(s, '.') == NULL) {
166 if (ntomask(4, atoi(s + 1), &mask.s_addr) != 0)
167 return -1;
168 } else {
169 mask.s_addr = inet_addr(s + 1);
170 }
171 if (s != NULL)
172 *s = '\0';
173 ipset = 1;
174 node.ipn_addr.adf_len = sizeof(node.ipn_addr);
175 node.ipn_addr.adf_addr.in4.s_addr = inet_addr(optarg);
176 node.ipn_mask.adf_len = sizeof(node.ipn_mask);
177 node.ipn_mask.adf_addr.in4.s_addr = mask.s_addr;
178 break;
179 case 'm' :
180 poolname = optarg;
181 break;
182 case 'n' :
183 opts |= OPT_DONOTHING;
184 break;
185 case 'o' :
186 role = getrole(optarg);
187 if (role == IPL_LOGNONE)
188 return -1;
189 break;
190 case 'R' :
191 opts |= OPT_NORESOLVE;
192 break;
193 case 'v' :
194 opts |= OPT_VERBOSE;
195 break;
196 case 'z' :
197 setzonename(optarg);
198 break;
199 }
200
201 if (opts & OPT_DEBUG)
202 fprintf(stderr, "poolnodecommand: opts = %#x\n", opts);
203
204 if (ipset == 0)
205 return -1;
206 if (poolname == NULL) {
207 fprintf(stderr, "poolname not given with add/remove node\n");
208 return -1;
209 }
210
211 if (remove == 0)
212 err = load_poolnode(0, poolname, &node, ioctl);
213 else
214 err = remove_poolnode(0, poolname, &node, ioctl);
215 return err;
216 }
217
218
poolcommand(remove,argc,argv)219 int poolcommand(remove, argc, argv)
220 int remove, argc;
221 char *argv[];
222 {
223 int type, role, c, err;
224 char *poolname;
225 iphtable_t iph;
226 ip_pool_t pool;
227
228 err = 1;
229 role = 0;
230 type = 0;
231 poolname = NULL;
232 role = IPL_LOGIPF;
233 bzero((char *)&iph, sizeof(iph));
234 bzero((char *)&pool, sizeof(pool));
235
236 while ((c = getopt(argc, argv, "dG:m:no:RS:t:vz:")) != -1)
237 switch (c)
238 {
239 case 'd' :
240 opts |= OPT_DEBUG;
241 ippool_yydebug++;
242 break;
243 case 'G' :
244 setzonename_global(optarg);
245 break;
246 case 'm' :
247 poolname = optarg;
248 break;
249 case 'n' :
250 opts |= OPT_DONOTHING;
251 break;
252 case 'o' :
253 role = getrole(optarg);
254 if (role == IPL_LOGNONE) {
255 fprintf(stderr, "unknown role '%s'\n", optarg);
256 return -1;
257 }
258 break;
259 case 'R' :
260 opts |= OPT_NORESOLVE;
261 break;
262 case 'S' :
263 iph.iph_seed = atoi(optarg);
264 break;
265 case 't' :
266 type = gettype(optarg, &iph.iph_type);
267 if (type == IPLT_NONE) {
268 fprintf(stderr, "unknown type '%s'\n", optarg);
269 return -1;
270 }
271 break;
272 case 'v' :
273 opts |= OPT_VERBOSE;
274 break;
275 case 'z' :
276 setzonename(optarg);
277 break;
278 }
279
280 if (opts & OPT_DEBUG)
281 fprintf(stderr, "poolcommand: opts = %#x\n", opts);
282
283 if (poolname == NULL) {
284 fprintf(stderr, "poolname not given with add/remove pool\n");
285 return -1;
286 }
287
288 if (type == IPLT_HASH) {
289 strncpy(iph.iph_name, poolname, sizeof(iph.iph_name));
290 iph.iph_name[sizeof(iph.iph_name) - 1] = '\0';
291 iph.iph_unit = role;
292 } else if (type == IPLT_POOL) {
293 strncpy(pool.ipo_name, poolname, sizeof(pool.ipo_name));
294 pool.ipo_name[sizeof(pool.ipo_name) - 1] = '\0';
295 pool.ipo_unit = role;
296 }
297
298 if (remove == 0) {
299 switch (type)
300 {
301 case IPLT_HASH :
302 err = load_hash(&iph, NULL, ioctl);
303 break;
304 case IPLT_POOL :
305 err = load_pool(&pool, ioctl);
306 break;
307 }
308 } else {
309 switch (type)
310 {
311 case IPLT_HASH :
312 err = remove_hash(&iph, ioctl);
313 break;
314 case IPLT_POOL :
315 err = remove_pool(&pool, ioctl);
316 break;
317 }
318 }
319 return err;
320 }
321
322
loadpoolfile(argc,argv,infile)323 int loadpoolfile(argc, argv, infile)
324 int argc;
325 char *argv[], *infile;
326 {
327 int c;
328
329 infile = optarg;
330
331 while ((c = getopt(argc, argv, "dG:nRuvz:")) != -1)
332 switch (c)
333 {
334 case 'd' :
335 opts |= OPT_DEBUG;
336 ippool_yydebug++;
337 break;
338 case 'G' :
339 setzonename_global(optarg);
340 break;
341 case 'n' :
342 opts |= OPT_DONOTHING;
343 break;
344 case 'R' :
345 opts |= OPT_NORESOLVE;
346 break;
347 case 'u' :
348 opts |= OPT_REMOVE;
349 break;
350 case 'v' :
351 opts |= OPT_VERBOSE;
352 break;
353 case 'z' :
354 setzonename(optarg);
355 break;
356 }
357
358 if (opts & OPT_DEBUG)
359 fprintf(stderr, "loadpoolfile: opts = %#x\n", opts);
360
361 if (!(opts & OPT_DONOTHING) && (fd == -1)) {
362 fd = open(IPLOOKUP_NAME, O_RDWR);
363 if (fd == -1) {
364 perror("open(IPLOOKUP_NAME)");
365 exit(1);
366 }
367
368 if (setzone(fd) != 0) {
369 close(fd);
370 exit(1);
371 }
372 }
373
374 if (ippool_parsefile(fd, infile, ioctl) != 0)
375 return -1;
376 return 0;
377 }
378
379
poollist(argc,argv)380 int poollist(argc, argv)
381 int argc;
382 char *argv[];
383 {
384 char *kernel, *core, *poolname;
385 int c, role, type, live_kernel;
386 ip_pool_stat_t plstat;
387 iphtstat_t htstat;
388 iphtable_t *hptr;
389 iplookupop_t op;
390 ip_pool_t *ptr;
391
392 core = NULL;
393 kernel = NULL;
394 live_kernel = 1;
395 type = IPLT_ALL;
396 poolname = NULL;
397 role = IPL_LOGALL;
398
399 while ((c = getopt(argc, argv, "dG:m:M:N:o:Rt:vz:")) != -1)
400 switch (c)
401 {
402 case 'd' :
403 opts |= OPT_DEBUG;
404 break;
405 case 'G' :
406 setzonename_global(optarg);
407 break;
408 case 'm' :
409 poolname = optarg;
410 break;
411 case 'M' :
412 live_kernel = 0;
413 core = optarg;
414 break;
415 case 'N' :
416 live_kernel = 0;
417 kernel = optarg;
418 break;
419 case 'o' :
420 role = getrole(optarg);
421 if (role == IPL_LOGNONE) {
422 fprintf(stderr, "unknown role '%s'\n", optarg);
423 return -1;
424 }
425 break;
426 case 'R' :
427 opts |= OPT_NORESOLVE;
428 break;
429 case 't' :
430 type = gettype(optarg, NULL);
431 if (type == IPLT_NONE) {
432 fprintf(stderr, "unknown type '%s'\n", optarg);
433 return -1;
434 }
435 break;
436 case 'v' :
437 opts |= OPT_VERBOSE;
438 break;
439 case 'z' :
440 setzonename(optarg);
441 break;
442 }
443
444 if (opts & OPT_DEBUG)
445 fprintf(stderr, "poollist: opts = %#x\n", opts);
446
447 if (!(opts & OPT_DONOTHING) && (fd == -1)) {
448 fd = open(IPLOOKUP_NAME, O_RDWR);
449 if (fd == -1) {
450 perror("open(IPLOOKUP_NAME)");
451 exit(1);
452 }
453
454 if (setzone(fd) != 0) {
455 close(fd);
456 exit(1);
457 }
458 }
459
460 bzero((char *)&op, sizeof(op));
461 if (poolname != NULL) {
462 strncpy(op.iplo_name, poolname, sizeof(op.iplo_name));
463 op.iplo_name[sizeof(op.iplo_name) - 1] = '\0';
464 }
465 op.iplo_unit = role;
466
467 if (live_kernel == 0) {
468 poollist_dead(role, poolname, type, kernel, core);
469 return (0);
470 }
471
472 if (type == IPLT_ALL || type == IPLT_POOL) {
473 op.iplo_type = IPLT_POOL;
474 op.iplo_size = sizeof(plstat);
475 op.iplo_struct = &plstat;
476 op.iplo_name[0] = '\0';
477 op.iplo_arg = 0;
478
479 if (role != IPL_LOGALL) {
480 op.iplo_unit = role;
481
482 c = ioctl(fd, SIOCLOOKUPSTAT, &op);
483 if (c == -1) {
484 perror("ioctl(SIOCLOOKUPSTAT)");
485 return -1;
486 }
487
488 showpools_live(fd, role, &plstat, poolname, opts);
489 } else {
490 for (role = 0; role <= IPL_LOGMAX; role++) {
491 op.iplo_unit = role;
492
493 c = ioctl(fd, SIOCLOOKUPSTAT, &op);
494 if (c == -1) {
495 perror("ioctl(SIOCLOOKUPSTAT)");
496 return -1;
497 }
498
499 showpools_live(fd, role, &plstat, poolname, opts);
500 }
501
502 role = IPL_LOGALL;
503 }
504 }
505 if (type == IPLT_ALL || type == IPLT_HASH) {
506 op.iplo_type = IPLT_HASH;
507 op.iplo_size = sizeof(htstat);
508 op.iplo_struct = &htstat;
509 op.iplo_name[0] = '\0';
510 op.iplo_arg = 0;
511
512 if (role != IPL_LOGALL) {
513 op.iplo_unit = role;
514
515 c = ioctl(fd, SIOCLOOKUPSTAT, &op);
516 if (c == -1) {
517 perror("ioctl(SIOCLOOKUPSTAT)");
518 return -1;
519 }
520 showhashs_live(fd, role, &htstat, poolname, opts);
521 } else {
522 for (role = 0; role <= IPL_LOGMAX; role++) {
523
524 op.iplo_unit = role;
525 c = ioctl(fd, SIOCLOOKUPSTAT, &op);
526 if (c == -1) {
527 perror("ioctl(SIOCLOOKUPSTAT)");
528 return -1;
529 }
530
531 showhashs_live(fd, role, &htstat, poolname, opts);
532 }
533 }
534 }
535 return 0;
536 }
537
poollist_dead(role,poolname,type,kernel,core)538 void poollist_dead(role, poolname, type, kernel, core)
539 int role, type;
540 char *poolname, *kernel, *core;
541 {
542 iphtable_t *hptr;
543 ip_pool_t *ptr;
544
545 if (openkmem(kernel, core) == -1)
546 exit(-1);
547
548 if (type == IPLT_ALL || type == IPLT_POOL) {
549 ip_pool_t *pools[IPL_LOGSIZE];
550 struct nlist names[2] = { { "ip_pool_list" } , { "" } };
551
552 if (nlist(kernel, names) != 1)
553 return;
554
555 bzero(&pools, sizeof(pools));
556 if (kmemcpy((char *)&pools, names[0].n_value, sizeof(pools)))
557 return;
558
559 if (role != IPL_LOGALL) {
560 ptr = pools[role];
561 while (ptr != NULL) {
562 ptr = printpool(ptr, kmemcpywrap,
563 poolname, opts);
564 }
565 } else {
566 for (role = 0; role <= IPL_LOGMAX; role++) {
567 ptr = pools[role];
568 while (ptr != NULL) {
569 ptr = printpool(ptr, kmemcpywrap,
570 poolname, opts);
571 }
572 }
573 role = IPL_LOGALL;
574 }
575 }
576 if (type == IPLT_ALL || type == IPLT_HASH) {
577 iphtable_t *tables[IPL_LOGSIZE];
578 struct nlist names[2] = { { "ipf_htables" } , { "" } };
579
580 if (nlist(kernel, names) != 1)
581 return;
582
583 bzero(&tables, sizeof(tables));
584 if (kmemcpy((char *)&tables, names[0].n_value, sizeof(tables)))
585 return;
586
587 if (role != IPL_LOGALL) {
588 hptr = tables[role];
589 while (hptr != NULL) {
590 hptr = printhash(hptr, kmemcpywrap,
591 poolname, opts);
592 }
593 } else {
594 for (role = 0; role <= IPL_LOGMAX; role++) {
595 hptr = tables[role];
596 while (hptr != NULL) {
597 hptr = printhash(hptr, kmemcpywrap,
598 poolname, opts);
599 }
600 }
601 }
602 }
603 }
604
605
606 void
showpools_live(fd,role,plstp,poolname,opts)607 showpools_live(fd, role, plstp, poolname, opts)
608 int fd, role;
609 ip_pool_stat_t *plstp;
610 char *poolname;
611 int opts;
612 {
613 ipflookupiter_t iter;
614 ip_pool_t pool;
615 ipfobj_t obj;
616
617 obj.ipfo_rev = IPFILTER_VERSION;
618 obj.ipfo_type = IPFOBJ_LOOKUPITER;
619 obj.ipfo_size = sizeof(iter);
620 obj.ipfo_ptr = &iter;
621
622 iter.ili_type = IPLT_POOL;
623 iter.ili_otype = IPFLOOKUPITER_LIST;
624 iter.ili_ival = IPFGENITER_LOOKUP;
625 iter.ili_data = &pool;
626 iter.ili_unit = role;
627 *iter.ili_name = '\0';
628
629 while (plstp->ipls_list[role] != NULL) {
630 if (ioctl(fd, SIOCLOOKUPITER, &obj)) {
631 perror("ioctl(SIOCLOOKUPITER)");
632 break;
633 }
634 (void) printpool_live(&pool, fd, poolname, opts);
635
636 plstp->ipls_list[role] = pool.ipo_next;
637 }
638 }
639
poolstats(argc,argv)640 int poolstats(argc, argv)
641 int argc;
642 char *argv[];
643 {
644 int c, type, role;
645 ip_pool_stat_t plstat;
646 iphtstat_t htstat;
647 iplookupop_t op;
648
649 type = IPLT_ALL;
650 role = IPL_LOGALL;
651
652 bzero((char *)&op, sizeof(op));
653
654 while ((c = getopt(argc, argv, "dG:M:N:o:t:vz:")) != -1)
655 switch (c)
656 {
657 case 'd' :
658 opts |= OPT_DEBUG;
659 break;
660 case 'G' :
661 setzonename_global(optarg);
662 break;
663 case 'M' :
664 break;
665 case 'N' :
666 break;
667 case 'o' :
668 role = getrole(optarg);
669 if (role == IPL_LOGNONE) {
670 fprintf(stderr, "unknown role '%s'\n", optarg);
671 return -1;
672 }
673 break;
674 case 't' :
675 type = gettype(optarg, NULL);
676 if (type != IPLT_POOL) {
677 fprintf(stderr,
678 "-s not supported for this type yet\n");
679 return -1;
680 }
681 break;
682 case 'v' :
683 opts |= OPT_VERBOSE;
684 break;
685 case 'z' :
686 setzonename(optarg);
687 break;
688 }
689
690 if (opts & OPT_DEBUG)
691 fprintf(stderr, "poolstats: opts = %#x\n", opts);
692
693 if (!(opts & OPT_DONOTHING) && (fd == -1)) {
694 fd = open(IPLOOKUP_NAME, O_RDWR);
695 if (fd == -1) {
696 perror("open(IPLOOKUP_NAME)");
697 exit(1);
698 }
699
700 if (setzone(fd) != 0) {
701 close(fd);
702 exit(1);
703 }
704 }
705
706 if (type == IPLT_ALL || type == IPLT_POOL) {
707 op.iplo_type = IPLT_POOL;
708 op.iplo_struct = &plstat;
709 op.iplo_size = sizeof(plstat);
710 if (!(opts & OPT_DONOTHING)) {
711 c = ioctl(fd, SIOCLOOKUPSTAT, &op);
712 if (c == -1) {
713 perror("ioctl(SIOCLOOKUPSTAT)");
714 return -1;
715 }
716 printf("Pools:\t%lu\n", plstat.ipls_pools);
717 printf("Nodes:\t%lu\n", plstat.ipls_nodes);
718 }
719 }
720
721 if (type == IPLT_ALL || type == IPLT_HASH) {
722 op.iplo_type = IPLT_HASH;
723 op.iplo_struct = &htstat;
724 op.iplo_size = sizeof(htstat);
725 if (!(opts & OPT_DONOTHING)) {
726 c = ioctl(fd, SIOCLOOKUPSTAT, &op);
727 if (c == -1) {
728 perror("ioctl(SIOCLOOKUPSTAT)");
729 return -1;
730 }
731 printf("Hash Tables:\t%lu\n", htstat.iphs_numtables);
732 printf("Nodes:\t%lu\n", htstat.iphs_numnodes);
733 printf("Out of Memory:\t%lu\n", htstat.iphs_nomem);
734 }
735 }
736 return 0;
737 }
738
739
poolflush(argc,argv)740 int poolflush(argc, argv)
741 int argc;
742 char *argv[];
743 {
744 int c, role, type, arg;
745 iplookupflush_t flush;
746
747 arg = IPLT_ALL;
748 type = IPLT_ALL;
749 role = IPL_LOGALL;
750
751 while ((c = getopt(argc, argv, "do:t:vz:")) != -1)
752 switch (c)
753 {
754 case 'd' :
755 opts |= OPT_DEBUG;
756 break;
757 case 'o' :
758 role = getrole(optarg);
759 if (role == IPL_LOGNONE) {
760 fprintf(stderr, "unknown role '%s'\n", optarg);
761 return -1;
762 }
763 break;
764 case 't' :
765 type = gettype(optarg, NULL);
766 if (type == IPLT_NONE) {
767 fprintf(stderr, "unknown type '%s'\n", optarg);
768 return -1;
769 }
770 break;
771 case 'v' :
772 opts |= OPT_VERBOSE;
773 break;
774 case 'z' :
775 setzonename(optarg);
776 break;
777 }
778
779 if (opts & OPT_DEBUG)
780 fprintf(stderr, "poolflush: opts = %#x\n", opts);
781
782 if (!(opts & OPT_DONOTHING) && (fd == -1)) {
783 fd = open(IPLOOKUP_NAME, O_RDWR);
784 if (fd == -1) {
785 perror("open(IPLOOKUP_NAME)");
786 exit(1);
787 }
788
789 if (setzone(fd) != 0) {
790 close(fd);
791 exit(1);
792 }
793 }
794
795 bzero((char *)&flush, sizeof(flush));
796 flush.iplf_type = type;
797 flush.iplf_unit = role;
798 flush.iplf_arg = arg;
799
800 if (!(opts & OPT_DONOTHING)) {
801 if (ioctl(fd, SIOCLOOKUPFLUSH, &flush) == -1) {
802 perror("ioctl(SIOCLOOKUPFLUSH)");
803 exit(1);
804 }
805
806 }
807 printf("%u object%s flushed\n", flush.iplf_count,
808 (flush.iplf_count == 1) ? "" : "s");
809
810 return 0;
811 }
812
813
getrole(rolename)814 int getrole(rolename)
815 char *rolename;
816 {
817 int role;
818
819 if (!strcasecmp(rolename, "ipf")) {
820 role = IPL_LOGIPF;
821 #if 0
822 } else if (!strcasecmp(rolename, "nat")) {
823 role = IPL_LOGNAT;
824 } else if (!strcasecmp(rolename, "state")) {
825 role = IPL_LOGSTATE;
826 } else if (!strcasecmp(rolename, "auth")) {
827 role = IPL_LOGAUTH;
828 } else if (!strcasecmp(rolename, "sync")) {
829 role = IPL_LOGSYNC;
830 } else if (!strcasecmp(rolename, "scan")) {
831 role = IPL_LOGSCAN;
832 } else if (!strcasecmp(rolename, "pool")) {
833 role = IPL_LOGLOOKUP;
834 } else if (!strcasecmp(rolename, "count")) {
835 role = IPL_LOGCOUNT;
836 #endif
837 } else {
838 role = IPL_LOGNONE;
839 }
840
841 return role;
842 }
843
844
gettype(typename,minor)845 int gettype(typename, minor)
846 char *typename;
847 u_int *minor;
848 {
849 int type;
850
851 if (!strcasecmp(optarg, "tree")) {
852 type = IPLT_POOL;
853 } else if (!strcasecmp(optarg, "hash")) {
854 type = IPLT_HASH;
855 if (minor != NULL)
856 *minor = IPHASH_LOOKUP;
857 } else if (!strcasecmp(optarg, "group-map")) {
858 type = IPLT_HASH;
859 if (minor != NULL)
860 *minor = IPHASH_GROUPMAP;
861 } else {
862 type = IPLT_NONE;
863 }
864 return type;
865 }
866
showhashs_live(fd,role,htstp,poolname,opts)867 void showhashs_live(fd, role, htstp, poolname, opts)
868 int fd, role;
869 iphtstat_t *htstp;
870 char *poolname;
871 int opts;
872 {
873 ipflookupiter_t iter;
874 iphtable_t table;
875 ipfobj_t obj;
876
877 obj.ipfo_rev = IPFILTER_VERSION;
878 obj.ipfo_type = IPFOBJ_LOOKUPITER;
879 obj.ipfo_size = sizeof(iter);
880 obj.ipfo_ptr = &iter;
881
882 iter.ili_type = IPLT_HASH;
883 iter.ili_otype = IPFLOOKUPITER_LIST;
884 iter.ili_ival = IPFGENITER_LOOKUP;
885 iter.ili_data = &table;
886 iter.ili_unit = role;
887 *iter.ili_name = '\0';
888
889 while (htstp->iphs_tables != NULL) {
890 if (ioctl(fd, SIOCLOOKUPITER, &obj)) {
891 perror("ioctl(SIOCLOOKUPITER)");
892 break;
893 }
894
895 printhash_live(&table, fd, poolname, opts);
896
897 htstp->iphs_tables = table.iph_next;
898 }
899 }
900