xref: /freebsd/sbin/ifconfig/ifpfsync.c (revision 9f44a47fd07924afc035991af15d84e6585dea4f)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
3  *
4  * Copyright (c) 2003 Ryan McBride. All rights reserved.
5  * Copyright (c) 2004 Max Laier. All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  *
28  * $FreeBSD$
29  */
30 
31 #include <sys/param.h>
32 #include <sys/errno.h>
33 #include <sys/ioctl.h>
34 #include <sys/nv.h>
35 #include <sys/socket.h>
36 
37 #include <net/if.h>
38 #include <netinet/in.h>
39 #include <net/pfvar.h>
40 #include <net/if_pfsync.h>
41 #include <net/route.h>
42 #include <arpa/inet.h>
43 
44 #include <err.h>
45 #include <netdb.h>
46 #include <stdio.h>
47 #include <stdlib.h>
48 #include <string.h>
49 #include <unistd.h>
50 
51 #include "ifconfig.h"
52 
53 static int
54 pfsync_do_ioctl(int s, uint cmd, nvlist_t **nvl)
55 {
56 	void *data;
57 	size_t nvlen;
58 
59 	data = nvlist_pack(*nvl, &nvlen);
60 
61 	ifr.ifr_cap_nv.buffer = malloc(IFR_CAP_NV_MAXBUFSIZE);
62 	memcpy(ifr.ifr_cap_nv.buffer, data, nvlen);
63 	ifr.ifr_cap_nv.buf_length = IFR_CAP_NV_MAXBUFSIZE;
64 	ifr.ifr_cap_nv.length = nvlen;
65 	free(data);
66 
67 	if (ioctl(s, cmd, (caddr_t)&ifr) == -1) {
68 		free(ifr.ifr_cap_nv.buffer);
69 		return -1;
70 	}
71 
72 	nvlist_destroy(*nvl);
73 	*nvl = NULL;
74 
75 	*nvl = nvlist_unpack(ifr.ifr_cap_nv.buffer, ifr.ifr_cap_nv.length, 0);
76 	if (*nvl == NULL) {
77 		free(ifr.ifr_cap_nv.buffer);
78 		return (EIO);
79 	}
80 
81 	free(ifr.ifr_cap_nv.buffer);
82 	return (errno);
83 }
84 
85 static nvlist_t *
86 pfsync_sockaddr_to_syncpeer_nvlist(struct sockaddr_storage *sa)
87 {
88 	nvlist_t *nvl;
89 
90 	nvl = nvlist_create(0);
91 	if (nvl == NULL) {
92 		return (nvl);
93 	}
94 
95 	switch (sa->ss_family) {
96 #ifdef INET
97 	case AF_INET: {
98 		struct sockaddr_in *in = (struct sockaddr_in *)sa;
99 		nvlist_add_number(nvl, "af", in->sin_family);
100 		nvlist_add_binary(nvl, "address", in, sizeof(*in));
101 		break;
102 	}
103 #endif
104 #ifdef INET6
105 	case AF_INET6: {
106 		struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)sa;
107 		nvlist_add_number(nvl, "af", in6->sin6_family);
108 		nvlist_add_binary(nvl, "address", in6, sizeof(*in6));
109 		break;
110 	}
111 #endif
112 	default:
113 		nvlist_add_number(nvl, "af", AF_UNSPEC);
114 		nvlist_add_binary(nvl, "address", sa, sizeof(*sa));
115 		break;
116 	}
117 
118 	return (nvl);
119 }
120 
121 static int
122 pfsync_syncpeer_nvlist_to_sockaddr(const nvlist_t *nvl,
123     struct sockaddr_storage *sa)
124 {
125 	int af;
126 
127 	if (!nvlist_exists_number(nvl, "af"))
128 		return (EINVAL);
129 	if (!nvlist_exists_binary(nvl, "address"))
130 		return (EINVAL);
131 
132 	af = nvlist_get_number(nvl, "af");
133 
134 	switch (af) {
135 #ifdef INET
136 	case AF_INET: {
137 		struct sockaddr_in *in = (struct sockaddr_in *)sa;
138 		size_t len;
139 		const void *addr = nvlist_get_binary(nvl, "address", &len);
140 		in->sin_family = af;
141 		if (len != sizeof(*in))
142 			return (EINVAL);
143 
144 		memcpy(in, addr, sizeof(*in));
145 		break;
146 	}
147 #endif
148 #ifdef INET6
149 	case AF_INET6: {
150 		struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)sa;
151 		size_t len;
152 		const void *addr = nvlist_get_binary(nvl, "address", &len);
153 		if (len != sizeof(*in6))
154 			return (EINVAL);
155 
156 		memcpy(in6, addr, sizeof(*in6));
157 		break;
158 	}
159 #endif
160 	default:
161 		return (EINVAL);
162 	}
163 
164 	return (0);
165 }
166 
167 static void
168 setpfsync_syncdev(if_ctx *ctx, const char *val, int dummy __unused)
169 {
170 	nvlist_t *nvl = nvlist_create(0);
171 
172 	if (strlen(val) > IFNAMSIZ)
173 		errx(1, "interface name %s is too long", val);
174 
175 	if (pfsync_do_ioctl(ctx->io_s, SIOCGETPFSYNCNV, &nvl) == -1)
176 		err(1, "SIOCGETPFSYNCNV");
177 
178 	if (nvlist_exists_string(nvl, "syncdev"))
179 		nvlist_free_string(nvl, "syncdev");
180 
181 	nvlist_add_string(nvl, "syncdev", val);
182 
183 	if (pfsync_do_ioctl(ctx->io_s, SIOCSETPFSYNCNV, &nvl) == -1)
184 		err(1, "SIOCSETPFSYNCNV");
185 }
186 
187 static void
188 unsetpfsync_syncdev(if_ctx *ctx, const char *val __unused, int dummy __unused)
189 {
190 	nvlist_t *nvl = nvlist_create(0);
191 
192 	if (pfsync_do_ioctl(ctx->io_s, SIOCGETPFSYNCNV, &nvl) == -1)
193 		err(1, "SIOCGETPFSYNCNV");
194 
195 	if (nvlist_exists_string(nvl, "syncdev"))
196 		nvlist_free_string(nvl, "syncdev");
197 
198 	nvlist_add_string(nvl, "syncdev", "");
199 
200 	if (pfsync_do_ioctl(ctx->io_s, SIOCSETPFSYNCNV, &nvl) == -1)
201 		err(1, "SIOCSETPFSYNCNV");
202 }
203 
204 static void
205 setpfsync_syncpeer(if_ctx *ctx, const char *val, int dummy __unused)
206 {
207 	struct addrinfo *peerres;
208 	struct sockaddr_storage addr;
209 	int ecode;
210 
211 	nvlist_t *nvl = nvlist_create(0);
212 
213 	if (pfsync_do_ioctl(ctx->io_s, SIOCGETPFSYNCNV, &nvl) == -1)
214 		err(1, "SIOCGETPFSYNCNV");
215 
216 	if ((ecode = getaddrinfo(val, NULL, NULL, &peerres)) != 0)
217 		errx(1, "error in parsing address string: %s",
218 		    gai_strerror(ecode));
219 
220 	switch (peerres->ai_family) {
221 #ifdef INET
222 	case AF_INET: {
223 		struct sockaddr_in *sin = satosin(peerres->ai_addr);
224 
225 		if (IN_MULTICAST(ntohl(sin->sin_addr.s_addr)))
226 			errx(1, "syncpeer address cannot be multicast");
227 
228 		memcpy(&addr, sin, sizeof(*sin));
229 		break;
230 	}
231 #endif
232 	default:
233 		errx(1, "syncpeer address %s not supported", val);
234 	}
235 
236 	if (nvlist_exists_nvlist(nvl, "syncpeer"))
237 		nvlist_free_nvlist(nvl, "syncpeer");
238 
239 	nvlist_add_nvlist(nvl, "syncpeer",
240 	    pfsync_sockaddr_to_syncpeer_nvlist(&addr));
241 
242 	if (pfsync_do_ioctl(ctx->io_s, SIOCSETPFSYNCNV, &nvl) == -1)
243 		err(1, "SIOCSETPFSYNCNV");
244 
245 	nvlist_destroy(nvl);
246 	freeaddrinfo(peerres);
247 }
248 
249 static void
250 unsetpfsync_syncpeer(if_ctx *ctx, const char *val __unused, int dummy __unused)
251 {
252 	struct sockaddr_storage addr;
253 	memset(&addr, 0, sizeof(addr));
254 
255 	nvlist_t *nvl = nvlist_create(0);
256 
257 	if (pfsync_do_ioctl(ctx->io_s, SIOCGETPFSYNCNV, &nvl) == -1)
258 		err(1, "SIOCGETPFSYNCNV");
259 
260 	if (nvlist_exists_nvlist(nvl, "syncpeer"))
261 		nvlist_free_nvlist(nvl, "syncpeer");
262 
263 	nvlist_add_nvlist(nvl, "syncpeer",
264 	    pfsync_sockaddr_to_syncpeer_nvlist(&addr));
265 
266 	if (pfsync_do_ioctl(ctx->io_s, SIOCSETPFSYNCNV, &nvl) == -1)
267 		err(1, "SIOCSETPFSYNCNV");
268 
269 	nvlist_destroy(nvl);
270 }
271 
272 static void
273 setpfsync_maxupd(if_ctx *ctx, const char *val, int dummy __unused)
274 {
275 	int maxupdates;
276 	nvlist_t *nvl = nvlist_create(0);
277 
278 	maxupdates = atoi(val);
279 	if ((maxupdates < 0) || (maxupdates > 255))
280 		errx(1, "maxupd %s: out of range", val);
281 
282 	if (pfsync_do_ioctl(ctx->io_s, SIOCGETPFSYNCNV, &nvl) == -1)
283 		err(1, "SIOCGETPFSYNCNV");
284 
285 	nvlist_free_number(nvl, "maxupdates");
286 	nvlist_add_number(nvl, "maxupdates", maxupdates);
287 
288 	if (pfsync_do_ioctl(ctx->io_s, SIOCSETPFSYNCNV, &nvl) == -1)
289 		err(1, "SIOCSETPFSYNCNV");
290 
291 	nvlist_destroy(nvl);
292 }
293 
294 static void
295 setpfsync_defer(if_ctx *ctx, const char *val __unused, int d)
296 {
297 	nvlist_t *nvl = nvlist_create(0);
298 
299 	if (pfsync_do_ioctl(ctx->io_s, SIOCGETPFSYNCNV, &nvl) == -1)
300 		err(1, "SIOCGETPFSYNCNV");
301 
302 	nvlist_free_number(nvl, "flags");
303 	nvlist_add_number(nvl, "flags", d ? PFSYNCF_DEFER : 0);
304 
305 	if (pfsync_do_ioctl(ctx->io_s, SIOCSETPFSYNCNV, &nvl) == -1)
306 		err(1, "SIOCSETPFSYNCNV");
307 
308 	nvlist_destroy(nvl);
309 }
310 
311 static void
312 setpfsync_version(if_ctx *ctx, const char *val, int dummy __unused)
313 {
314 	int version;
315 	nvlist_t *nvl = nvlist_create(0);
316 
317 	/* Don't verify, kernel knows which versions are supported.*/
318 	version = atoi(val);
319 
320 	if (pfsync_do_ioctl(ctx->io_s, SIOCGETPFSYNCNV, &nvl) == -1)
321 		err(1, "SIOCGETPFSYNCNV");
322 
323 	nvlist_free_number(nvl, "version");
324 	nvlist_add_number(nvl, "version", version);
325 
326 	if (pfsync_do_ioctl(ctx->io_s, SIOCSETPFSYNCNV, &nvl) == -1)
327 		err(1, "SIOCSETPFSYNCNV");
328 
329 	nvlist_destroy(nvl);
330 }
331 
332 static void
333 pfsync_status(if_ctx *ctx)
334 {
335 	nvlist_t *nvl;
336 	char syncdev[IFNAMSIZ];
337 	char syncpeer_str[NI_MAXHOST];
338 	struct sockaddr_storage syncpeer;
339 	int maxupdates = 0;
340 	int flags = 0;
341 	int version;
342 	int error;
343 
344 	nvl = nvlist_create(0);
345 
346 	if (pfsync_do_ioctl(ctx->io_s, SIOCGETPFSYNCNV, &nvl) == -1) {
347 		nvlist_destroy(nvl);
348 		return;
349 	}
350 
351 	memset((char *)&syncdev, 0, IFNAMSIZ);
352 	if (nvlist_exists_string(nvl, "syncdev"))
353 		strlcpy(syncdev, nvlist_get_string(nvl, "syncdev"),
354 		    IFNAMSIZ);
355 	if (nvlist_exists_number(nvl, "maxupdates"))
356 		maxupdates = nvlist_get_number(nvl, "maxupdates");
357 	if (nvlist_exists_number(nvl, "version"))
358 		version = nvlist_get_number(nvl, "version");
359 	if (nvlist_exists_number(nvl, "flags"))
360 		flags = nvlist_get_number(nvl, "flags");
361 	if (nvlist_exists_nvlist(nvl, "syncpeer")) {
362 		pfsync_syncpeer_nvlist_to_sockaddr(nvlist_get_nvlist(nvl,
363 							     "syncpeer"),
364 		    &syncpeer);
365 	}
366 
367 	nvlist_destroy(nvl);
368 
369 	if (syncdev[0] != '\0' || syncpeer.ss_family != AF_UNSPEC)
370 		printf("\t");
371 
372 	if (syncdev[0] != '\0')
373 		printf("syncdev: %s ", syncdev);
374 
375 	if (syncpeer.ss_family == AF_INET &&
376 	    ((struct sockaddr_in *)&syncpeer)->sin_addr.s_addr !=
377 		htonl(INADDR_PFSYNC_GROUP)) {
378 
379 		struct sockaddr *syncpeer_sa =
380 		    (struct sockaddr *)&syncpeer;
381 		if ((error = getnameinfo(syncpeer_sa, syncpeer_sa->sa_len,
382 			 syncpeer_str, sizeof(syncpeer_str), NULL, 0,
383 			 NI_NUMERICHOST)) != 0)
384 			errx(1, "getnameinfo: %s", gai_strerror(error));
385 		printf("syncpeer: %s ", syncpeer_str);
386 	}
387 
388 	printf("maxupd: %d ", maxupdates);
389 	printf("defer: %s ", (flags & PFSYNCF_DEFER) ? "on" : "off");
390 	printf("version: %d\n", version);
391 	printf("\tsyncok: %d\n", (flags & PFSYNCF_OK) ? 1 : 0);
392 }
393 
394 static struct cmd pfsync_cmds[] = {
395 	DEF_CMD_ARG("syncdev",		setpfsync_syncdev),
396 	DEF_CMD("-syncdev",	1,	unsetpfsync_syncdev),
397 	DEF_CMD_ARG("syncif",		setpfsync_syncdev),
398 	DEF_CMD("-syncif",	1,	unsetpfsync_syncdev),
399 	DEF_CMD_ARG("syncpeer",		setpfsync_syncpeer),
400 	DEF_CMD("-syncpeer",	1,	unsetpfsync_syncpeer),
401 	DEF_CMD_ARG("maxupd",		setpfsync_maxupd),
402 	DEF_CMD("defer",	1,	setpfsync_defer),
403 	DEF_CMD("-defer",	0,	setpfsync_defer),
404 	DEF_CMD_ARG("version",		setpfsync_version),
405 };
406 static struct afswtch af_pfsync = {
407 	.af_name	= "af_pfsync",
408 	.af_af		= AF_UNSPEC,
409 	.af_other_status = pfsync_status,
410 };
411 
412 static __constructor void
413 pfsync_ctor(void)
414 {
415 	for (size_t i = 0; i < nitems(pfsync_cmds);  i++)
416 		cmd_register(&pfsync_cmds[i]);
417 	af_register(&af_pfsync);
418 }
419