1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2003 Ryan McBride. All rights reserved. 5 * Copyright (c) 2004 Max Laier. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 * 28 * $FreeBSD$ 29 */ 30 31 #include <sys/param.h> 32 #include <sys/errno.h> 33 #include <sys/ioctl.h> 34 #include <sys/nv.h> 35 #include <sys/socket.h> 36 37 #include <net/if.h> 38 #include <netinet/in.h> 39 #include <net/pfvar.h> 40 #include <net/if_pfsync.h> 41 #include <net/route.h> 42 #include <arpa/inet.h> 43 44 #include <err.h> 45 #include <netdb.h> 46 #include <stdio.h> 47 #include <stdlib.h> 48 #include <string.h> 49 #include <unistd.h> 50 51 #include "ifconfig.h" 52 53 static int 54 pfsync_do_ioctl(int s, uint cmd, nvlist_t **nvl) 55 { 56 void *data; 57 size_t nvlen; 58 59 data = nvlist_pack(*nvl, &nvlen); 60 61 ifr.ifr_cap_nv.buffer = malloc(IFR_CAP_NV_MAXBUFSIZE); 62 memcpy(ifr.ifr_cap_nv.buffer, data, nvlen); 63 ifr.ifr_cap_nv.buf_length = IFR_CAP_NV_MAXBUFSIZE; 64 ifr.ifr_cap_nv.length = nvlen; 65 free(data); 66 67 if (ioctl(s, cmd, (caddr_t)&ifr) == -1) { 68 free(ifr.ifr_cap_nv.buffer); 69 return -1; 70 } 71 72 nvlist_destroy(*nvl); 73 *nvl = NULL; 74 75 *nvl = nvlist_unpack(ifr.ifr_cap_nv.buffer, ifr.ifr_cap_nv.length, 0); 76 if (*nvl == NULL) { 77 free(ifr.ifr_cap_nv.buffer); 78 return (EIO); 79 } 80 81 free(ifr.ifr_cap_nv.buffer); 82 return (errno); 83 } 84 85 static nvlist_t * 86 pfsync_sockaddr_to_syncpeer_nvlist(struct sockaddr_storage *sa) 87 { 88 nvlist_t *nvl; 89 90 nvl = nvlist_create(0); 91 if (nvl == NULL) { 92 return (nvl); 93 } 94 95 switch (sa->ss_family) { 96 #ifdef INET 97 case AF_INET: { 98 struct sockaddr_in *in = (struct sockaddr_in *)sa; 99 nvlist_add_number(nvl, "af", in->sin_family); 100 nvlist_add_binary(nvl, "address", in, sizeof(*in)); 101 break; 102 } 103 #endif 104 #ifdef INET6 105 case AF_INET6: { 106 struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)sa; 107 nvlist_add_number(nvl, "af", in6->sin6_family); 108 nvlist_add_binary(nvl, "address", in6, sizeof(*in6)); 109 break; 110 } 111 #endif 112 default: 113 nvlist_add_number(nvl, "af", AF_UNSPEC); 114 nvlist_add_binary(nvl, "address", sa, sizeof(*sa)); 115 break; 116 } 117 118 return (nvl); 119 } 120 121 static int 122 pfsync_syncpeer_nvlist_to_sockaddr(const nvlist_t *nvl, 123 struct sockaddr_storage *sa) 124 { 125 int af; 126 127 if (!nvlist_exists_number(nvl, "af")) 128 return (EINVAL); 129 if (!nvlist_exists_binary(nvl, "address")) 130 return (EINVAL); 131 132 af = nvlist_get_number(nvl, "af"); 133 134 switch (af) { 135 #ifdef INET 136 case AF_INET: { 137 struct sockaddr_in *in = (struct sockaddr_in *)sa; 138 size_t len; 139 const void *addr = nvlist_get_binary(nvl, "address", &len); 140 in->sin_family = af; 141 if (len != sizeof(*in)) 142 return (EINVAL); 143 144 memcpy(in, addr, sizeof(*in)); 145 break; 146 } 147 #endif 148 #ifdef INET6 149 case AF_INET6: { 150 struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)sa; 151 size_t len; 152 const void *addr = nvlist_get_binary(nvl, "address", &len); 153 if (len != sizeof(*in6)) 154 return (EINVAL); 155 156 memcpy(in6, addr, sizeof(*in6)); 157 break; 158 } 159 #endif 160 default: 161 return (EINVAL); 162 } 163 164 return (0); 165 } 166 167 static void 168 setpfsync_syncdev(if_ctx *ctx, const char *val, int dummy __unused) 169 { 170 nvlist_t *nvl = nvlist_create(0); 171 172 if (strlen(val) > IFNAMSIZ) 173 errx(1, "interface name %s is too long", val); 174 175 if (pfsync_do_ioctl(ctx->io_s, SIOCGETPFSYNCNV, &nvl) == -1) 176 err(1, "SIOCGETPFSYNCNV"); 177 178 if (nvlist_exists_string(nvl, "syncdev")) 179 nvlist_free_string(nvl, "syncdev"); 180 181 nvlist_add_string(nvl, "syncdev", val); 182 183 if (pfsync_do_ioctl(ctx->io_s, SIOCSETPFSYNCNV, &nvl) == -1) 184 err(1, "SIOCSETPFSYNCNV"); 185 } 186 187 static void 188 unsetpfsync_syncdev(if_ctx *ctx, const char *val __unused, int dummy __unused) 189 { 190 nvlist_t *nvl = nvlist_create(0); 191 192 if (pfsync_do_ioctl(ctx->io_s, SIOCGETPFSYNCNV, &nvl) == -1) 193 err(1, "SIOCGETPFSYNCNV"); 194 195 if (nvlist_exists_string(nvl, "syncdev")) 196 nvlist_free_string(nvl, "syncdev"); 197 198 nvlist_add_string(nvl, "syncdev", ""); 199 200 if (pfsync_do_ioctl(ctx->io_s, SIOCSETPFSYNCNV, &nvl) == -1) 201 err(1, "SIOCSETPFSYNCNV"); 202 } 203 204 static void 205 setpfsync_syncpeer(if_ctx *ctx, const char *val, int dummy __unused) 206 { 207 struct addrinfo *peerres; 208 struct sockaddr_storage addr; 209 int ecode; 210 211 nvlist_t *nvl = nvlist_create(0); 212 213 if (pfsync_do_ioctl(ctx->io_s, SIOCGETPFSYNCNV, &nvl) == -1) 214 err(1, "SIOCGETPFSYNCNV"); 215 216 if ((ecode = getaddrinfo(val, NULL, NULL, &peerres)) != 0) 217 errx(1, "error in parsing address string: %s", 218 gai_strerror(ecode)); 219 220 switch (peerres->ai_family) { 221 #ifdef INET 222 case AF_INET: { 223 struct sockaddr_in *sin = satosin(peerres->ai_addr); 224 225 if (IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) 226 errx(1, "syncpeer address cannot be multicast"); 227 228 memcpy(&addr, sin, sizeof(*sin)); 229 break; 230 } 231 #endif 232 default: 233 errx(1, "syncpeer address %s not supported", val); 234 } 235 236 if (nvlist_exists_nvlist(nvl, "syncpeer")) 237 nvlist_free_nvlist(nvl, "syncpeer"); 238 239 nvlist_add_nvlist(nvl, "syncpeer", 240 pfsync_sockaddr_to_syncpeer_nvlist(&addr)); 241 242 if (pfsync_do_ioctl(ctx->io_s, SIOCSETPFSYNCNV, &nvl) == -1) 243 err(1, "SIOCSETPFSYNCNV"); 244 245 nvlist_destroy(nvl); 246 freeaddrinfo(peerres); 247 } 248 249 static void 250 unsetpfsync_syncpeer(if_ctx *ctx, const char *val __unused, int dummy __unused) 251 { 252 struct sockaddr_storage addr; 253 memset(&addr, 0, sizeof(addr)); 254 255 nvlist_t *nvl = nvlist_create(0); 256 257 if (pfsync_do_ioctl(ctx->io_s, SIOCGETPFSYNCNV, &nvl) == -1) 258 err(1, "SIOCGETPFSYNCNV"); 259 260 if (nvlist_exists_nvlist(nvl, "syncpeer")) 261 nvlist_free_nvlist(nvl, "syncpeer"); 262 263 nvlist_add_nvlist(nvl, "syncpeer", 264 pfsync_sockaddr_to_syncpeer_nvlist(&addr)); 265 266 if (pfsync_do_ioctl(ctx->io_s, SIOCSETPFSYNCNV, &nvl) == -1) 267 err(1, "SIOCSETPFSYNCNV"); 268 269 nvlist_destroy(nvl); 270 } 271 272 static void 273 setpfsync_maxupd(if_ctx *ctx, const char *val, int dummy __unused) 274 { 275 int maxupdates; 276 nvlist_t *nvl = nvlist_create(0); 277 278 maxupdates = atoi(val); 279 if ((maxupdates < 0) || (maxupdates > 255)) 280 errx(1, "maxupd %s: out of range", val); 281 282 if (pfsync_do_ioctl(ctx->io_s, SIOCGETPFSYNCNV, &nvl) == -1) 283 err(1, "SIOCGETPFSYNCNV"); 284 285 nvlist_free_number(nvl, "maxupdates"); 286 nvlist_add_number(nvl, "maxupdates", maxupdates); 287 288 if (pfsync_do_ioctl(ctx->io_s, SIOCSETPFSYNCNV, &nvl) == -1) 289 err(1, "SIOCSETPFSYNCNV"); 290 291 nvlist_destroy(nvl); 292 } 293 294 static void 295 setpfsync_defer(if_ctx *ctx, const char *val __unused, int d) 296 { 297 nvlist_t *nvl = nvlist_create(0); 298 299 if (pfsync_do_ioctl(ctx->io_s, SIOCGETPFSYNCNV, &nvl) == -1) 300 err(1, "SIOCGETPFSYNCNV"); 301 302 nvlist_free_number(nvl, "flags"); 303 nvlist_add_number(nvl, "flags", d ? PFSYNCF_DEFER : 0); 304 305 if (pfsync_do_ioctl(ctx->io_s, SIOCSETPFSYNCNV, &nvl) == -1) 306 err(1, "SIOCSETPFSYNCNV"); 307 308 nvlist_destroy(nvl); 309 } 310 311 static void 312 setpfsync_version(if_ctx *ctx, const char *val, int dummy __unused) 313 { 314 int version; 315 nvlist_t *nvl = nvlist_create(0); 316 317 /* Don't verify, kernel knows which versions are supported.*/ 318 version = atoi(val); 319 320 if (pfsync_do_ioctl(ctx->io_s, SIOCGETPFSYNCNV, &nvl) == -1) 321 err(1, "SIOCGETPFSYNCNV"); 322 323 nvlist_free_number(nvl, "version"); 324 nvlist_add_number(nvl, "version", version); 325 326 if (pfsync_do_ioctl(ctx->io_s, SIOCSETPFSYNCNV, &nvl) == -1) 327 err(1, "SIOCSETPFSYNCNV"); 328 329 nvlist_destroy(nvl); 330 } 331 332 static void 333 pfsync_status(if_ctx *ctx) 334 { 335 nvlist_t *nvl; 336 char syncdev[IFNAMSIZ]; 337 char syncpeer_str[NI_MAXHOST]; 338 struct sockaddr_storage syncpeer; 339 int maxupdates = 0; 340 int flags = 0; 341 int version; 342 int error; 343 344 nvl = nvlist_create(0); 345 346 if (pfsync_do_ioctl(ctx->io_s, SIOCGETPFSYNCNV, &nvl) == -1) { 347 nvlist_destroy(nvl); 348 return; 349 } 350 351 memset((char *)&syncdev, 0, IFNAMSIZ); 352 if (nvlist_exists_string(nvl, "syncdev")) 353 strlcpy(syncdev, nvlist_get_string(nvl, "syncdev"), 354 IFNAMSIZ); 355 if (nvlist_exists_number(nvl, "maxupdates")) 356 maxupdates = nvlist_get_number(nvl, "maxupdates"); 357 if (nvlist_exists_number(nvl, "version")) 358 version = nvlist_get_number(nvl, "version"); 359 if (nvlist_exists_number(nvl, "flags")) 360 flags = nvlist_get_number(nvl, "flags"); 361 if (nvlist_exists_nvlist(nvl, "syncpeer")) { 362 pfsync_syncpeer_nvlist_to_sockaddr(nvlist_get_nvlist(nvl, 363 "syncpeer"), 364 &syncpeer); 365 } 366 367 nvlist_destroy(nvl); 368 369 if (syncdev[0] != '\0' || syncpeer.ss_family != AF_UNSPEC) 370 printf("\t"); 371 372 if (syncdev[0] != '\0') 373 printf("syncdev: %s ", syncdev); 374 375 if (syncpeer.ss_family == AF_INET && 376 ((struct sockaddr_in *)&syncpeer)->sin_addr.s_addr != 377 htonl(INADDR_PFSYNC_GROUP)) { 378 379 struct sockaddr *syncpeer_sa = 380 (struct sockaddr *)&syncpeer; 381 if ((error = getnameinfo(syncpeer_sa, syncpeer_sa->sa_len, 382 syncpeer_str, sizeof(syncpeer_str), NULL, 0, 383 NI_NUMERICHOST)) != 0) 384 errx(1, "getnameinfo: %s", gai_strerror(error)); 385 printf("syncpeer: %s ", syncpeer_str); 386 } 387 388 printf("maxupd: %d ", maxupdates); 389 printf("defer: %s ", (flags & PFSYNCF_DEFER) ? "on" : "off"); 390 printf("version: %d\n", version); 391 printf("\tsyncok: %d\n", (flags & PFSYNCF_OK) ? 1 : 0); 392 } 393 394 static struct cmd pfsync_cmds[] = { 395 DEF_CMD_ARG("syncdev", setpfsync_syncdev), 396 DEF_CMD("-syncdev", 1, unsetpfsync_syncdev), 397 DEF_CMD_ARG("syncif", setpfsync_syncdev), 398 DEF_CMD("-syncif", 1, unsetpfsync_syncdev), 399 DEF_CMD_ARG("syncpeer", setpfsync_syncpeer), 400 DEF_CMD("-syncpeer", 1, unsetpfsync_syncpeer), 401 DEF_CMD_ARG("maxupd", setpfsync_maxupd), 402 DEF_CMD("defer", 1, setpfsync_defer), 403 DEF_CMD("-defer", 0, setpfsync_defer), 404 DEF_CMD_ARG("version", setpfsync_version), 405 }; 406 static struct afswtch af_pfsync = { 407 .af_name = "af_pfsync", 408 .af_af = AF_UNSPEC, 409 .af_other_status = pfsync_status, 410 }; 411 412 static __constructor void 413 pfsync_ctor(void) 414 { 415 for (size_t i = 0; i < nitems(pfsync_cmds); i++) 416 cmd_register(&pfsync_cmds[i]); 417 af_register(&af_pfsync); 418 } 419