1 /* 2 * Copyright (c) 2003 Ryan McBride. All rights reserved. 3 * Copyright (c) 2004 Max Laier. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $FreeBSD$ 27 */ 28 29 #include <sys/param.h> 30 #include <sys/ioctl.h> 31 #include <sys/socket.h> 32 33 #include <net/if.h> 34 #include <netinet/in.h> 35 #include <net/pfvar.h> 36 #include <net/if_pfsync.h> 37 #include <net/route.h> 38 #include <arpa/inet.h> 39 40 #include <err.h> 41 #include <netdb.h> 42 #include <stdio.h> 43 #include <stdlib.h> 44 #include <string.h> 45 #include <unistd.h> 46 47 #include "ifconfig.h" 48 49 void setpfsync_syncdev(const char *, int, int, const struct afswtch *); 50 void unsetpfsync_syncdev(const char *, int, int, const struct afswtch *); 51 void setpfsync_syncpeer(const char *, int, int, const struct afswtch *); 52 void unsetpfsync_syncpeer(const char *, int, int, const struct afswtch *); 53 void setpfsync_syncpeer(const char *, int, int, const struct afswtch *); 54 void setpfsync_maxupd(const char *, int, int, const struct afswtch *); 55 void setpfsync_defer(const char *, int, int, const struct afswtch *); 56 void pfsync_status(int); 57 58 void 59 setpfsync_syncdev(const char *val, int d, int s, const struct afswtch *rafp) 60 { 61 struct pfsyncreq preq; 62 63 bzero((char *)&preq, sizeof(struct pfsyncreq)); 64 ifr.ifr_data = (caddr_t)&preq; 65 66 if (ioctl(s, SIOCGETPFSYNC, (caddr_t)&ifr) == -1) 67 err(1, "SIOCGETPFSYNC"); 68 69 strlcpy(preq.pfsyncr_syncdev, val, sizeof(preq.pfsyncr_syncdev)); 70 71 if (ioctl(s, SIOCSETPFSYNC, (caddr_t)&ifr) == -1) 72 err(1, "SIOCSETPFSYNC"); 73 } 74 75 /* ARGSUSED */ 76 void 77 unsetpfsync_syncdev(const char *val, int d, int s, const struct afswtch *rafp) 78 { 79 struct pfsyncreq preq; 80 81 bzero((char *)&preq, sizeof(struct pfsyncreq)); 82 ifr.ifr_data = (caddr_t)&preq; 83 84 if (ioctl(s, SIOCGETPFSYNC, (caddr_t)&ifr) == -1) 85 err(1, "SIOCGETPFSYNC"); 86 87 bzero((char *)&preq.pfsyncr_syncdev, sizeof(preq.pfsyncr_syncdev)); 88 89 if (ioctl(s, SIOCSETPFSYNC, (caddr_t)&ifr) == -1) 90 err(1, "SIOCSETPFSYNC"); 91 } 92 93 /* ARGSUSED */ 94 void 95 setpfsync_syncpeer(const char *val, int d, int s, const struct afswtch *rafp) 96 { 97 struct pfsyncreq preq; 98 struct addrinfo hints, *peerres; 99 int ecode; 100 101 bzero((char *)&preq, sizeof(struct pfsyncreq)); 102 ifr.ifr_data = (caddr_t)&preq; 103 104 if (ioctl(s, SIOCGETPFSYNC, (caddr_t)&ifr) == -1) 105 err(1, "SIOCGETPFSYNC"); 106 107 memset(&hints, 0, sizeof(hints)); 108 hints.ai_family = AF_INET; 109 hints.ai_socktype = SOCK_DGRAM; /*dummy*/ 110 111 if ((ecode = getaddrinfo(val, NULL, &hints, &peerres)) != 0) 112 errx(1, "error in parsing address string: %s", 113 gai_strerror(ecode)); 114 115 if (peerres->ai_addr->sa_family != AF_INET) 116 errx(1, "only IPv4 addresses supported for the syncpeer"); 117 118 preq.pfsyncr_syncpeer.s_addr = ((struct sockaddr_in *) 119 peerres->ai_addr)->sin_addr.s_addr; 120 121 if (ioctl(s, SIOCSETPFSYNC, (caddr_t)&ifr) == -1) 122 err(1, "SIOCSETPFSYNC"); 123 } 124 125 /* ARGSUSED */ 126 void 127 unsetpfsync_syncpeer(const char *val, int d, int s, const struct afswtch *rafp) 128 { 129 struct pfsyncreq preq; 130 131 bzero((char *)&preq, sizeof(struct pfsyncreq)); 132 ifr.ifr_data = (caddr_t)&preq; 133 134 if (ioctl(s, SIOCGETPFSYNC, (caddr_t)&ifr) == -1) 135 err(1, "SIOCGETPFSYNC"); 136 137 preq.pfsyncr_syncpeer.s_addr = 0; 138 139 if (ioctl(s, SIOCSETPFSYNC, (caddr_t)&ifr) == -1) 140 err(1, "SIOCSETPFSYNC"); 141 } 142 143 /* ARGSUSED */ 144 void 145 setpfsync_maxupd(const char *val, int d, int s, const struct afswtch *rafp) 146 { 147 struct pfsyncreq preq; 148 int maxupdates; 149 150 maxupdates = atoi(val); 151 if ((maxupdates < 0) || (maxupdates > 255)) 152 errx(1, "maxupd %s: out of range", val); 153 154 memset((char *)&preq, 0, sizeof(struct pfsyncreq)); 155 ifr.ifr_data = (caddr_t)&preq; 156 157 if (ioctl(s, SIOCGETPFSYNC, (caddr_t)&ifr) == -1) 158 err(1, "SIOCGETPFSYNC"); 159 160 preq.pfsyncr_maxupdates = maxupdates; 161 162 if (ioctl(s, SIOCSETPFSYNC, (caddr_t)&ifr) == -1) 163 err(1, "SIOCSETPFSYNC"); 164 } 165 166 /* ARGSUSED */ 167 void 168 setpfsync_defer(const char *val, int d, int s, const struct afswtch *rafp) 169 { 170 struct pfsyncreq preq; 171 172 memset((char *)&preq, 0, sizeof(struct pfsyncreq)); 173 ifr.ifr_data = (caddr_t)&preq; 174 175 if (ioctl(s, SIOCGETPFSYNC, (caddr_t)&ifr) == -1) 176 err(1, "SIOCGETPFSYNC"); 177 178 preq.pfsyncr_defer = d; 179 if (ioctl(s, SIOCSETPFSYNC, (caddr_t)&ifr) == -1) 180 err(1, "SIOCSETPFSYNC"); 181 } 182 183 void 184 pfsync_status(int s) 185 { 186 struct pfsyncreq preq; 187 188 bzero((char *)&preq, sizeof(struct pfsyncreq)); 189 ifr.ifr_data = (caddr_t)&preq; 190 191 if (ioctl(s, SIOCGETPFSYNC, (caddr_t)&ifr) == -1) 192 return; 193 194 if (preq.pfsyncr_syncdev[0] != '\0' || 195 preq.pfsyncr_syncpeer.s_addr != INADDR_PFSYNC_GROUP) 196 printf("\t"); 197 198 if (preq.pfsyncr_syncdev[0] != '\0') 199 printf("pfsync: syncdev: %s ", preq.pfsyncr_syncdev); 200 if (preq.pfsyncr_syncpeer.s_addr != INADDR_PFSYNC_GROUP) 201 printf("syncpeer: %s ", inet_ntoa(preq.pfsyncr_syncpeer)); 202 203 if (preq.pfsyncr_syncdev[0] != '\0' || 204 preq.pfsyncr_syncpeer.s_addr != INADDR_PFSYNC_GROUP) { 205 printf("maxupd: %d ", preq.pfsyncr_maxupdates); 206 printf("defer: %s\n", preq.pfsyncr_defer ? "on" : "off"); 207 } 208 } 209 210 static struct cmd pfsync_cmds[] = { 211 DEF_CMD_ARG("syncdev", setpfsync_syncdev), 212 DEF_CMD("-syncdev", 1, unsetpfsync_syncdev), 213 DEF_CMD_ARG("syncif", setpfsync_syncdev), 214 DEF_CMD("-syncif", 1, unsetpfsync_syncdev), 215 DEF_CMD_ARG("syncpeer", setpfsync_syncpeer), 216 DEF_CMD("-syncpeer", 1, unsetpfsync_syncpeer), 217 DEF_CMD_ARG("maxupd", setpfsync_maxupd), 218 DEF_CMD("defer", 1, setpfsync_defer), 219 DEF_CMD("-defer", 0, setpfsync_defer), 220 }; 221 static struct afswtch af_pfsync = { 222 .af_name = "af_pfsync", 223 .af_af = AF_UNSPEC, 224 .af_other_status = pfsync_status, 225 }; 226 227 static __constructor void 228 pfsync_ctor(void) 229 { 230 int i; 231 232 for (i = 0; i < nitems(pfsync_cmds); i++) 233 cmd_register(&pfsync_cmds[i]); 234 af_register(&af_pfsync); 235 } 236